From cbfed3f8fb9273155d57b32692b7e577c29a6c8a Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 13 Oct 2015 10:39:06 +0200 Subject: first version of EGIZ MOA-ID SSO session-transfer module --- .../modules/moa-id-module-ssoTransfer/pom.xml | 20 + .../ssotransfer/SSOTransferAuthModuleImpl.java | 76 ++++ .../modules/ssotransfer/SSOTransferConstants.java | 52 +++ .../data/SSOTransferAuthenticationData.java | 387 +++++++++++++++++ .../data/SSOTransferOnlineApplication.java | 444 +++++++++++++++++++ .../ssotransfer/servlet/SSOTransferGUIServlet.java | 144 +++++++ .../servlet/SSOTransferSignalServlet.java | 45 ++ .../servlet/TransferToSmartPhoneServlet.java | 100 +++++ .../task/InitializeRestoreSSOSessionTask.java | 98 +++++ .../ssotransfer/task/RestoreSSOSessionTask.java | 193 +++++++++ .../auth/modules/ssotransfer/utils/GUIUtils.java | 151 +++++++ .../ssotransfer/utils/SSOContainerUtils.java | 480 +++++++++++++++++++++ .../ssotransfer/SSOTransfer.authmodule.beans.xml | 14 + .../SSOTransferAuthentication.process.xml | 24 ++ .../src/main/resources/sso_transfer_template.html | 447 +++++++++++++++++++ .../src/test/java/at/gv/egiz/tests/Tests.java | 74 ++++ 16 files changed, 2749 insertions(+) create mode 100644 id/server/modules/moa-id-module-ssoTransfer/pom.xml create mode 100644 id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferAuthModuleImpl.java create mode 100644 id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferConstants.java create mode 100644 id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java create mode 100644 id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java create mode 100644 id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferGUIServlet.java create mode 100644 id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java create mode 100644 id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/TransferToSmartPhoneServlet.java create mode 100644 id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java create mode 100644 id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java create mode 100644 id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java create mode 100644 id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java create mode 100644 id/server/modules/moa-id-module-ssoTransfer/src/main/resources/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransfer.authmodule.beans.xml create mode 100644 id/server/modules/moa-id-module-ssoTransfer/src/main/resources/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferAuthentication.process.xml create mode 100644 id/server/modules/moa-id-module-ssoTransfer/src/main/resources/sso_transfer_template.html create mode 100644 id/server/modules/moa-id-module-ssoTransfer/src/test/java/at/gv/egiz/tests/Tests.java (limited to 'id/server/modules/moa-id-module-ssoTransfer') diff --git a/id/server/modules/moa-id-module-ssoTransfer/pom.xml b/id/server/modules/moa-id-module-ssoTransfer/pom.xml new file mode 100644 index 000000000..61af328d3 --- /dev/null +++ b/id/server/modules/moa-id-module-ssoTransfer/pom.xml @@ -0,0 +1,20 @@ + + 4.0.0 + + MOA.id.server.modules + moa-id-modules + ${moa-id-version} + + moa-id-module-ssoTransfer + MOA-ID_SSO_Transfer_modul + MOA-ID modul to transfer Single Sign-On sessions to other devices + + + + net.glxn + qrgen + 1.4 + + + + \ No newline at end of file diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferAuthModuleImpl.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferAuthModuleImpl.java new file mode 100644 index 000000000..2a2b7bf80 --- /dev/null +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferAuthModuleImpl.java @@ -0,0 +1,76 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.ssotransfer; + +import at.gv.egovernment.moa.id.auth.modules.AuthModule; +import at.gv.egovernment.moa.id.process.api.ExecutionContext; + +/** + * @author tlenz + * + */ +public class SSOTransferAuthModuleImpl implements AuthModule{ + + private int priority = 1; + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getPriority() + */ + @Override + public int getPriority() { + return priority; + } + + /** + * Sets the priority of this module. Default value is {@code 0}. + * @param priority The priority. + */ + public void setPriority(int priority) { + this.priority = priority; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext) + */ + @Override + public String selectProcess(ExecutionContext context) { + Object restoreSSOSessionObj = context.get("restoreSSOSession"); + if (restoreSSOSessionObj != null && restoreSSOSessionObj instanceof String) { + boolean restoreSSOSession = (boolean) Boolean.parseBoolean((String)restoreSSOSessionObj); + if (restoreSSOSession) + return "SSOTransferAuthentication"; + + } + + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getProcessDefinitions() + */ + @Override + public String[] getProcessDefinitions() { + return new String[] { "classpath:at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferAuthentication.process.xml" }; + } + +} diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferConstants.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferConstants.java new file mode 100644 index 000000000..03f3fcdab --- /dev/null +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferConstants.java @@ -0,0 +1,52 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.ssotransfer; + +/** + * @author tlenz + * + */ +public class SSOTransferConstants { + + public static final String SERVLET_SSOTRANSFER_GUI = "/TransferSSOSession"; + public static final String SERVLET_SSOTRANSFER_TO_SMARTPHONE = "/TransmitSSOSession"; + public static final String SERVLET_SSOTRANSFER_FROM_SMARTPHONE = "/SSOTransferSignalEndpoint"; + + public static final String REQ_PARAM_GENERATE_QR = "createQR"; + public static final String REQ_PARAM_TOKEN = "token"; + + public static final String SSOCONTAINER_KEY_TYPE = "type"; + public static final String SSOCONTAINER_VALUE_TYPE_TRANSER = "TRANSFER"; + public static final String SSOCONTAINER_VALUE_TYPE_PERSIST = "PERSIST"; + + public static final String SSOCONTAINER_KEY_URL = "url"; + + public static final String SSOCONTAINER_KEY_VALIDTO = "validTo"; + public static final String SSOCONTAINER_KEY_ENTITYID = "entityID"; + public static final String SSOCONTAINER_KEY_USERID = "userID"; + public static final String SSOCONTAINER_KEY_SESSION = "session"; + public static final String SSOCONTAINER_KEY_RESULTENDPOINT = "resultEndPoint"; + + public static final String FLAG_SSO_SESSION_RESTORED = "ssoRestoredFlag"; + +} diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java new file mode 100644 index 000000000..a93412b11 --- /dev/null +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java @@ -0,0 +1,387 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.ssotransfer.data; + +import java.security.cert.CertificateEncodingException; +import java.util.Date; +import java.util.List; + +import org.w3c.dom.Element; + +import eu.stork.peps.auth.commons.IPersonalAttributeList; +import eu.stork.peps.auth.commons.STORKAuthnRequest; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.data.IdentityLink; +import at.gv.egovernment.moa.id.data.AuthenticationRole; +import at.gv.egovernment.moa.id.data.IAuthData; +import at.gv.egovernment.moa.id.data.MISMandate; +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author tlenz + * + */ +public class SSOTransferAuthenticationData implements IAuthData { + + private AuthenticationSession authSession = null; + + public SSOTransferAuthenticationData(AuthenticationSession authSession) { + this.authSession = authSession; + + } + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IAuthData#getIssueInstant() + */ + @Override + public Date getIssueInstant() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IAuthData#getIssuer() + */ + @Override + public String getIssuer() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IAuthData#isBusinessService() + */ + @Override + public boolean isBusinessService() { + return this.authSession.getBusinessService(); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IAuthData#isSsoSession() + */ + @Override + public boolean isSsoSession() { + return true; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IAuthData#isInterfederatedSSOSession() + */ + @Override + public boolean isInterfederatedSSOSession() { + // TODO Auto-generated method stub + return false; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IAuthData#isUseMandate() + */ + @Override + public boolean isUseMandate() { + return this.authSession.getUseMandate(); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IAuthData#getFamilyName() + */ + @Override + public String getFamilyName() { + return this.authSession.getIdentityLink().getFamilyName(); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IAuthData#getGivenName() + */ + @Override + public String getGivenName() { + return this.authSession.getIdentityLink().getGivenName(); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IAuthData#getDateOfBirth() + */ + @Override + public Date getDateOfBirth() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IAuthData#getFormatedDateOfBirth() + */ + @Override + public String getFormatedDateOfBirth() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IAuthData#getBPK() + */ + @Override + public String getBPK() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IAuthData#getBPKType() + */ + @Override + public String getBPKType() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IAuthData#getSsoSessionValidTo() + */ + @Override + public Date getSsoSessionValidTo() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IAuthData#getInterfederatedIDP() + */ + @Override + public String getInterfederatedIDP() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IAuthData#getIdentificationValue() + */ + @Override + public String getIdentificationValue() { + return this.authSession.getIdentityLink().getIdentificationValue(); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IAuthData#getIdentificationType() + */ + @Override + public String getIdentificationType() { + return this.authSession.getIdentityLink().getIdentificationType(); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IAuthData#getBkuURL() + */ + @Override + public String getBkuURL() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IAuthData#getEncbPKList() + */ + @Override + public List getEncbPKList() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IAuthData#getIdentityLink() + */ + @Override + public IdentityLink getIdentityLink() { + return this.authSession.getIdentityLink(); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IAuthData#getSignerCertificate() + */ + @Override + public byte[] getSignerCertificate() { + try { + return this.authSession.getSignerCertificate().getEncoded(); + + } catch (CertificateEncodingException e) { + Logger.error("SSO-Transfer: SignerCertificate encoding FAILED.", e); + return null; + } + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IAuthData#getAuthBlock() + */ + @Override + public String getAuthBlock() { + return this.authSession.getAuthBlock(); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IAuthData#getPvpAttribute_OU() + */ + @Override + public String getPvpAttribute_OU() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IAuthData#getAuthenticationRoles() + */ + @Override + public List getAuthenticationRoles() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IAuthData#isPublicAuthority() + */ + @Override + public boolean isPublicAuthority() { + // TODO Auto-generated method stub + return false; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IAuthData#getPublicAuthorityCode() + */ + @Override + public String getPublicAuthorityCode() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IAuthData#isQualifiedCertificate() + */ + @Override + public boolean isQualifiedCertificate() { + // TODO Auto-generated method stub + return false; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IAuthData#getMISMandate() + */ + @Override + public MISMandate getMISMandate() { + return this.authSession.getMISMandate(); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IAuthData#getMandate() + */ + @Override + public Element getMandate() { + return this.authSession.getMISMandate().getMandateDOM(); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IAuthData#getMandateReferenceValue() + */ + @Override + public String getMandateReferenceValue() { + return this.authSession.getMandateReferenceValue(); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IAuthData#getQAALevel() + */ + @Override + public String getQAALevel() { + return this.authSession.getQAALevel(); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IAuthData#getSessionIndex() + */ + @Override + public String getSessionIndex() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IAuthData#getNameID() + */ + @Override + public String getNameID() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IAuthData#getNameIDFormat() + */ + @Override + public String getNameIDFormat() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IAuthData#isForeigner() + */ + @Override + public boolean isForeigner() { + return false; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IAuthData#getCcc() + */ + @Override + public String getCcc() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IAuthData#getStorkAuthnRequest() + */ + @Override + public STORKAuthnRequest getStorkAuthnRequest() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IAuthData#getStorkAuthnResponse() + */ + @Override + public String getStorkAuthnResponse() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IAuthData#getStorkAttributes() + */ + @Override + public IPersonalAttributeList getStorkAttributes() { + // TODO Auto-generated method stub + return null; + } + +} diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java new file mode 100644 index 000000000..9b5005a61 --- /dev/null +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java @@ -0,0 +1,444 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.ssotransfer.data; + +import java.security.PrivateKey; +import java.util.Collection; +import java.util.List; +import java.util.Map; + +import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.config.auth.data.SAML1ConfigurationParameters; +import at.gv.egovernment.moa.id.config.stork.CPEPS; +import at.gv.egovernment.moa.id.config.stork.StorkAttribute; +import at.gv.egovernment.moa.id.config.stork.StorkAttributeProviderPlugin; + +/** + * @author tlenz + * + */ +public class SSOTransferOnlineApplication implements IOAAuthParameters { + + public SSOTransferOnlineApplication() { + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBusinessService() + */ + @Override + public boolean getBusinessService() { + return false; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#useSSO() + */ + @Override + public boolean useSSO() { + return true; + } + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBKUURL() + */ + @Override + public List getBKUURL() { + // TODO Auto-generated method stub + return null; + } + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getFullConfiguration() + */ + @Override + public Map getFullConfiguration() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getConfigurationValue(java.lang.String) + */ + @Override + public String getConfigurationValue(String key) { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getFriendlyName() + */ + @Override + public String getFriendlyName() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getPublicURLPrefix() + */ + @Override + public String getPublicURLPrefix() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getOaType() + */ + @Override + public String getOaType() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getTarget() + */ + @Override + public String getTarget() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getTargetFriendlyName() + */ + @Override + public String getTargetFriendlyName() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isInderfederationIDP() + */ + @Override + public boolean isInderfederationIDP() { + // TODO Auto-generated method stub + return false; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isSTORKPVPGateway() + */ + @Override + public boolean isSTORKPVPGateway() { + // TODO Auto-generated method stub + return false; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getIdentityLinkDomainIdentifier() + */ + @Override + public String getIdentityLinkDomainIdentifier() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getKeyBoxIdentifier() + */ + @Override + public String getKeyBoxIdentifier() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getSAML1Parameter() + */ + @Override + public SAML1ConfigurationParameters getSAML1Parameter() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getTemplateURL() + */ + @Override + public List getTemplateURL() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getAditionalAuthBlockText() + */ + @Override + public String getAditionalAuthBlockText() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBKUURL(java.lang.String) + */ + @Override + public String getBKUURL(String bkutype) { + // TODO Auto-generated method stub + return null; + } + + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#useSSOQuestion() + */ + @Override + public boolean useSSOQuestion() { + // TODO Auto-generated method stub + return false; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getMandateProfiles() + */ + @Override + public List getMandateProfiles() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getIdentityLinkDomainIdentifierType() + */ + @Override + public String getIdentityLinkDomainIdentifierType() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isShowMandateCheckBox() + */ + @Override + public boolean isShowMandateCheckBox() { + // TODO Auto-generated method stub + return false; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isOnlyMandateAllowed() + */ + @Override + public boolean isOnlyMandateAllowed() { + // TODO Auto-generated method stub + return false; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isShowStorkLogin() + */ + @Override + public boolean isShowStorkLogin() { + // TODO Auto-generated method stub + return false; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getFormCustomizaten() + */ + @Override + public Map getFormCustomizaten() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getQaaLevel() + */ + @Override + public Integer getQaaLevel() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isRequireConsentForStorkAttributes() + */ + @Override + public boolean isRequireConsentForStorkAttributes() { + // TODO Auto-generated method stub + return false; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getRequestedSTORKAttributes() + */ + @Override + public Collection getRequestedSTORKAttributes() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBKUSelectionTemplate() + */ + @Override + public byte[] getBKUSelectionTemplate() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getSendAssertionTemplate() + */ + @Override + public byte[] getSendAssertionTemplate() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getPepsList() + */ + @Override + public Collection getPepsList() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getIDPAttributQueryServiceURL() + */ + @Override + public String getIDPAttributQueryServiceURL() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isInboundSSOInterfederationAllowed() + */ + @Override + public boolean isInboundSSOInterfederationAllowed() { + // TODO Auto-generated method stub + return false; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isInterfederationSSOStorageAllowed() + */ + @Override + public boolean isInterfederationSSOStorageAllowed() { + // TODO Auto-generated method stub + return false; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isOutboundSSOInterfederationAllowed() + */ + @Override + public boolean isOutboundSSOInterfederationAllowed() { + // TODO Auto-generated method stub + return false; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isTestCredentialEnabled() + */ + @Override + public boolean isTestCredentialEnabled() { + // TODO Auto-generated method stub + return false; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getTestCredentialOIDs() + */ + @Override + public List getTestCredentialOIDs() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isUseIDLTestTrustStore() + */ + @Override + public boolean isUseIDLTestTrustStore() { + // TODO Auto-generated method stub + return false; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isUseAuthBlockTestTestStore() + */ + @Override + public boolean isUseAuthBlockTestTestStore() { + // TODO Auto-generated method stub + return false; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBPKDecBpkDecryptionKey() + */ + @Override + public PrivateKey getBPKDecBpkDecryptionKey() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isPassivRequestUsedForInterfederation() + */ + @Override + public boolean isPassivRequestUsedForInterfederation() { + // TODO Auto-generated method stub + return false; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isPerformLocalAuthenticationOnInterfederationError() + */ + @Override + public boolean isPerformLocalAuthenticationOnInterfederationError() { + // TODO Auto-generated method stub + return false; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getStorkAPs() + */ + @Override + public Collection getStorkAPs() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getReversionsLoggingEventCodes() + */ + @Override + public List getReversionsLoggingEventCodes() { + // TODO Auto-generated method stub + return null; + } + +} diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferGUIServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferGUIServlet.java new file mode 100644 index 000000000..fa7d59beb --- /dev/null +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferGUIServlet.java @@ -0,0 +1,144 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.ssotransfer.servlet; + +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.util.Date; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import net.glxn.qrgen.QRCode; +import net.glxn.qrgen.image.ImageType; + +import org.apache.commons.codec.binary.Base64OutputStream; +import org.apache.velocity.VelocityContext; + +import com.google.gson.JsonObject; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants; +import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.GUIUtils; +import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.SSOContainerUtils; +import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; +import at.gv.egovernment.moa.id.moduls.AuthenticationManager; +import at.gv.egovernment.moa.id.moduls.SSOManager; +import at.gv.egovernment.moa.id.storage.AssertionStorage; +import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; +import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.id.util.Random; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Base64Utils; +import at.gv.egovernment.moa.util.MiscUtil; + + + +/** + * @author tlenz + * + */ +@WebServlet(name = "SSOTransferGUI", value = "/TransferSSOSession") +public class SSOTransferGUIServlet extends AuthServlet { + + private static final long serialVersionUID = 3974201828186450839L; + + public SSOTransferGUIServlet() { + super(); + Logger.debug("Registering servlet " + getClass().getName() + " with mapping '/TransferSSOSession'."); + } + + protected void doGet(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + super.doGet(req, resp); + + //search SSO session + SSOManager ssomanager = SSOManager.getInstance(); + String ssoid = ssomanager.getSSOSessionID(req); + + VelocityContext context = new VelocityContext(); + + try { + if (ssomanager.isValidSSOSession(ssoid, null)) { + Object createQRObj = req.getParameter(SSOTransferConstants.REQ_PARAM_GENERATE_QR); + if (createQRObj != null && createQRObj instanceof Integer) { + + + + } else { + //create first step of SSO Transfer GUI + String moaSessionID = AuthenticationSessionStoreage.getMOASessionSSOID(ssoid); + if (MiscUtil.isNotEmpty(moaSessionID)) { + AuthenticationSession authSession = AuthenticationSessionStoreage + .getSession(moaSessionID); + if(authSession != null) { + Date now = new Date(); + String encodedSSOContainer = SSOContainerUtils.generateSignedAndEncryptedSSOContainer(authSession, now); + + String token = Random.nextRandom(); + AssertionStorage.getInstance().put(token, encodedSSOContainer); + + String containerURL = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix() + + SSOTransferConstants.SERVLET_SSOTRANSFER_TO_SMARTPHONE + + "?"+ SSOTransferConstants.REQ_PARAM_TOKEN + "=" + token; + + JsonObject qrResult = new JsonObject(); + qrResult.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_TYPE, + SSOTransferConstants.SSOCONTAINER_VALUE_TYPE_PERSIST); + qrResult.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_URL, containerURL); + + ByteArrayOutputStream qrStream = + QRCode.from(qrResult.toString()).to(ImageType.GIF).withSize(300, 300).stream(); + String base64EncodedImage = Base64Utils.encode(qrStream.toByteArray()); + context.put("QRImage", base64EncodedImage); + + context.put("successMsg", "Scan the QR-Code with your SSO-Transfer App to start the transfer operation."); + + GUIUtils.printSSOTransferGUI(context, resp); + + } + } + } + + } else { + context.put("errorMsg", + "No active Single Sign-On session found! SSO Session transfer is not possible."); + GUIUtils.printSSOTransferGUI(context, resp); + } + + } catch (MOAIDException | MOADatabaseException e) { + e.printStackTrace(); + resp.sendError(500, e.getMessage()); + + } + + } + + +} diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java new file mode 100644 index 000000000..2f8b8fe2c --- /dev/null +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java @@ -0,0 +1,45 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.ssotransfer.servlet; + +import javax.servlet.annotation.WebServlet; + +import at.gv.egovernment.moa.id.auth.servlet.ProcessEngineSignalServlet; +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author tlenz + * + */ +@WebServlet(urlPatterns = { "/SSOTransferSignalEndpoint" }, loadOnStartup = 1) +public class SSOTransferSignalServlet extends ProcessEngineSignalServlet { + + private static final long serialVersionUID = 8372275858647807149L; + + public SSOTransferSignalServlet() { + super(); + Logger.debug("Registering servlet " + getClass().getName() + " with mappings '/SSOTransferEndpoint'."); + + } + +} diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/TransferToSmartPhoneServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/TransferToSmartPhoneServlet.java new file mode 100644 index 000000000..8ea15f985 --- /dev/null +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/TransferToSmartPhoneServlet.java @@ -0,0 +1,100 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.ssotransfer.servlet; + +import java.io.IOException; +import java.io.PrintWriter; + +import javax.servlet.ServletException; +import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; +import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants; +import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.storage.AssertionStorage; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +@WebServlet(name = "SendSSOSessionEndpoint", value = "/TransmitSSOSession") +public class TransferToSmartPhoneServlet extends AuthServlet { + + private static final long serialVersionUID = 4323605569040872262L; + + private static final long transmisionTimeOut = 90 * 1000; // default 90 secundes + + public TransferToSmartPhoneServlet() { + super(); + Logger.debug("Registering servlet " + getClass().getName() + " with mapping '/TransmitSSOSession'."); + } + + protected void doGet(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + super.doGet(req, resp); + + Object tokenObj = req.getParameter(SSOTransferConstants.REQ_PARAM_TOKEN); + if (tokenObj != null && tokenObj instanceof String) { + String token = (String)tokenObj; + try { + String signedEncSession = AssertionStorage.getInstance().get(token, String.class, transmisionTimeOut); + if (MiscUtil.isNotEmpty(signedEncSession)) { + resp.setContentType("text/html;charset=UTF-8"); + PrintWriter out = new PrintWriter(resp.getOutputStream()); + out.print(signedEncSession); + out.flush(); + + } else { + Logger.info("Servlet " + getClass().getName() + " receive a token:" + + token + ", which references an empty data object."); + resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Empty data object."); + + } + + } catch (MOADatabaseException e) { + Logger.info("Servlet " + getClass().getName() + " receive a token:" + + token + ", which is UNKNOWN."); + resp.sendError(HttpServletResponse.SC_NOT_FOUND, "Transfer token is UNKOWN:"); + + + } catch (AuthenticationException e) { + Logger.info("Servlet " + getClass().getName() + " receive a token:" + + token + ", which has a timeout."); + resp.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Single Sign-On session transfer token is not valid any more."); + + } + + } else { + Logger.info("Servlet " + getClass().getName() + " receive a NOT valid request."); + resp.sendError(HttpServletResponse.SC_NOT_FOUND, "Request not valid."); + + } + + } + +} diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java new file mode 100644 index 000000000..cebf8431b --- /dev/null +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java @@ -0,0 +1,98 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.ssotransfer.task; + +import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_SESSIONID; + +import java.io.ByteArrayOutputStream; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.velocity.VelocityContext; + +import net.glxn.qrgen.QRCode; +import net.glxn.qrgen.image.ImageType; + +import com.google.gson.JsonObject; + +import at.gv.egovernment.moa.id.auth.BaseAuthenticationServer; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; +import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; +import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; +import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants; +import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.GUIUtils; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.moduls.RequestStorage; +import at.gv.egovernment.moa.id.process.api.ExecutionContext; +import at.gv.egovernment.moa.id.util.ParamValidatorUtils; +import at.gv.egovernment.moa.id.util.Random; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Base64Utils; + +/** + * @author tlenz + * + */ +public class InitializeRestoreSSOSessionTask extends AbstractAuthServletTask { + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) + */ + @Override + public void execute(ExecutionContext executionContext, + HttpServletRequest request, HttpServletResponse response) + throws TaskExecutionException { + + try { + String sessionID = (String) executionContext.get(PARAM_SESSIONID); + String pendingRequestID = (String) executionContext.get("pendingRequestID"); + + // check parameter + if (!ParamValidatorUtils.isValidSessionID(sessionID)) { + throw new WrongParametersException("CreateStorkAuthRequestFormTask", PARAM_SESSIONID, "auth.12"); + } + AuthenticationSession moasession = BaseAuthenticationServer.getSession(sessionID); + IRequest pendingReq = RequestStorage.getPendingRequest(pendingRequestID); + + VelocityContext context = GUIUtils.buildSSOTransferGUI(moasession); + GUIUtils.printSSOTransferGUI(context, response); + + + } catch (WrongParametersException | AuthenticationException e) { + throw new TaskExecutionException(e.getMessage(), e); + + } catch (Exception e) { + Logger.error(this.getClass().getName() + " has an interal Error.", e); + throw new TaskExecutionException(this.getClass().getName() + " has an interal Error.", e); + + } + + + } + +} diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java new file mode 100644 index 000000000..884633a1e --- /dev/null +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java @@ -0,0 +1,193 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.ssotransfer.task; + +import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_SESSIONID; + +import java.io.BufferedReader; +import java.io.IOException; +import java.util.Enumeration; +import java.util.List; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.lang3.BooleanUtils; +import org.apache.velocity.VelocityContext; +import org.joda.time.DateTime; +import org.opensaml.saml2.core.Assertion; +import org.opensaml.saml2.core.Response; + +import com.google.gson.JsonObject; +import com.google.gson.JsonParser; + +import at.gv.egovernment.moa.id.auth.BaseAuthenticationServer; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; +import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; +import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants; +import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.GUIUtils; +import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.SSOContainerUtils; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.moduls.RequestStorage; +import at.gv.egovernment.moa.id.process.api.ExecutionContext; +import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; +import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; +import at.gv.egovernment.moa.id.util.ParamValidatorUtils; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class RestoreSSOSessionTask extends AbstractAuthServletTask { + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) + */ + @Override + public void execute(ExecutionContext executionContext, + HttpServletRequest request, HttpServletResponse response) + throws TaskExecutionException { + + Logger.debug("Receive " + this.getClass().getName() + " request"); + + StringBuffer sb = new StringBuffer(); + String receivedPostMessage = null; + AuthenticationSession moasession = null; + IRequest pendingReq = null; + try { + String sessionID = (String) request.getParameter(PARAM_SESSIONID); + String pendingRequestID = (String) executionContext.get("pendingRequestID"); + + // check parameter + if (!ParamValidatorUtils.isValidSessionID(sessionID)) { + throw new WrongParametersException("RestoreSSOSessionTask", PARAM_SESSIONID, "auth.12"); + + } + moasession = BaseAuthenticationServer.getSession(sessionID); + pendingReq = RequestStorage.getPendingRequest(pendingRequestID); + + BufferedReader reader = request.getReader(); + String line = null; + while ((line = reader.readLine()) != null) { + sb.append(line); + } + + receivedPostMessage = sb.toString(); + + } catch (IOException e) { + Logger.warn("Received POST-message produce an ERROR.", e); + + } catch (WrongParametersException | AuthenticationException e) { + throw new TaskExecutionException(e.getMessage(), e); + + } + + if (MiscUtil.isNotEmpty(receivedPostMessage)) { + Logger.debug("Receive POST-Message data. Start data-validation process ... "); + try { + JsonParser parser = new JsonParser(); + JsonObject reveivedData = (JsonObject) parser.parse(sb.toString()); + JsonObject reveivedSession = reveivedData.get("session").getAsJsonObject(); + String validTo = reveivedSession.get("validTo").getAsString(); + String entityID = reveivedSession.get("entityID").getAsString(); + String sessionBlob = reveivedSession.get("sessionBlob").getAsString(); + + Logger.trace("Blob:" + sessionBlob + + " | validTo:" + validTo + + " | entityIS:" + entityID); + + if (PVPConfiguration.getInstance().getIDPPublicPath().equals(entityID)) { + // stored SSO session data is from this IDP - start local session reconstruction + Response ssoInformation = SSOContainerUtils.validateReceivedSSOContainer(sessionBlob); + SSOContainerUtils.parseSSOContainerToMOASessionDataObject(moasession, ssoInformation); + + // store MOASession into database + try { + AuthenticationSessionStoreage.storeSession(moasession); + + } catch (MOADatabaseException e) { + Logger.error("Database Error! MOASession is not stored!"); + throw new MOAIDException("init.04", new Object[] { + moasession.getSessionID()}); + } + + executionContext.put(SSOTransferConstants.FLAG_SSO_SESSION_RESTORED, true); + + } else { + Logger.debug("Received SSO session-data is from IDP: " + entityID + + ". Start inderfederation process to restore SSO session ... "); + //change to inderfederated session reconstruction + + } + + } catch (Exception e) { + Logger.error("Parse reveived JSON data-object " + sb.toString() + " FAILED!", e); + throw new TaskExecutionException("JSON data is not parseable.", e); + + } + + } else { + Logger.debug("Reveive NO POST-message data. Start check-session process ... "); + + boolean isSSOSessionRestored = + BooleanUtils.isTrue((Boolean) executionContext.get(SSOTransferConstants.FLAG_SSO_SESSION_RESTORED)); + + if (isSSOSessionRestored) { + Logger.info("Found restored SSO session. Resume authentication process ..."); + executionContext.remove(SSOTransferConstants.FLAG_SSO_SESSION_RESTORED); + executionContext.put("sessionRestoreFinished", true); + + } else { + DateTime moaSessionCreated = new DateTime(moasession.getSessionCreated().getTime()); + if (moaSessionCreated.plusMinutes(3).isBeforeNow()) { + Logger.warn("No SSO session-container received. Stop authentication process after time-out."); + throw new TaskExecutionException("No SSO container received from smartphone app.", null); + + } else { + Logger.debug("No restored SSO session found --> Wait a few minutes and check again."); + executionContext.put("sessionRestoreFinished", false); + + VelocityContext context; + try { + context = GUIUtils.buildSSOTransferGUI(moasession); + GUIUtils.printSSOTransferGUI(context, response); + + } catch (IOException | MOAIDException e) { + throw new TaskExecutionException(e.getMessage(), e); + + } + + } + } + } + } + +} diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java new file mode 100644 index 000000000..1bbaf1dd9 --- /dev/null +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java @@ -0,0 +1,151 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils; + +import java.io.BufferedReader; +import java.io.ByteArrayOutputStream; +import java.io.File; +import java.io.FileInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.InputStreamReader; +import java.io.StringWriter; +import java.net.URI; + +import javax.servlet.http.HttpServletResponse; + +import net.glxn.qrgen.QRCode; +import net.glxn.qrgen.image.ImageType; + +import org.apache.velocity.VelocityContext; +import org.apache.velocity.app.VelocityEngine; + +import com.google.gson.JsonObject; + +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; +import at.gv.egovernment.moa.id.util.VelocityProvider; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Base64Utils; + +/** + * @author tlenz + * + */ +public class GUIUtils { + private static final String HTMLTEMPLATESDIR = "htmlTemplates/"; + private static final String GUI_HTML_TEMPLATE = "sso_transfer_template.html"; + + public static final int REFESH_TIMEOUT = 5 * 1000; //5 sec + + public static VelocityContext buildSSOTransferGUI(AuthenticationSession moasession) throws ConfigurationException, IOException { + String token = moasession.getSessionID(); + String containerURL = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix() + + SSOTransferConstants.SERVLET_SSOTRANSFER_FROM_SMARTPHONE + + "?" + MOAIDAuthConstants.PARAM_SESSIONID + "=" + token; + + JsonObject qrResult = new JsonObject(); + qrResult.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_TYPE, + SSOTransferConstants.SSOCONTAINER_VALUE_TYPE_TRANSER); + qrResult.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_URL, containerURL); + + ByteArrayOutputStream qrStream = + QRCode.from(qrResult.toString()).to(ImageType.GIF).withSize(300, 300).stream(); + String base64EncodedImage = Base64Utils.encode(qrStream.toByteArray()); + VelocityContext context = new VelocityContext(); + context.put("QRImage", base64EncodedImage); + + context.put("successMsg", "Select the SSO Session in your SSO-Transfer App and scan the QR-Code to start the process."); + + context.put("timeoutURL", containerURL); + context.put("timeout", REFESH_TIMEOUT); + + return context; + + } + + public static void printSSOTransferGUI(VelocityContext context, HttpServletResponse httpResp) throws MOAIDException { + try { + Logger.trace("Initialize VelocityEngine..."); + + InputStream is = null; + String pathLocation = null; + try { + String rootconfigdir = AuthConfigurationProviderFactory.getInstance().getRootConfigFileDir(); + pathLocation = rootconfigdir + HTMLTEMPLATESDIR + GUI_HTML_TEMPLATE; + File file = new File(new URI(pathLocation)); + is = new FileInputStream(file); + evaluateTemplate(context, httpResp, is); + + } catch (Exception e) { + Logger.warn("SLO Template is not found in configuration directory (" + + pathLocation + "). Load template from project library ... "); + + try { + pathLocation = GUI_HTML_TEMPLATE; + is = Thread.currentThread() + .getContextClassLoader() + .getResourceAsStream(pathLocation); + evaluateTemplate(context, httpResp, is); + + } catch (Exception e1) { + Logger.error("Single LogOut form can not created.", e); + throw new MOAIDException("Create Single LogOut information FAILED.", null, e); + } + + } finally { + if (is != null) + is.close(); + + } + + } catch (Exception e) { + Logger.error("Single LogOut form can not created.", e); + throw new MOAIDException("Create Single LogOut information FAILED.", null, e); + } + } + + private static void evaluateTemplate(VelocityContext context, HttpServletResponse httpResp, InputStream is) throws Exception { + + VelocityEngine engine = VelocityProvider.getClassPathVelocityEngine(); + + BufferedReader reader = new BufferedReader(new InputStreamReader(is )); + + //set default elements to velocity context + context.put("contextpath", AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix()); + + StringWriter writer = new StringWriter(); + //velocityEngine.evaluate(context, writer, "SLO_Template", reader); + engine.evaluate(context, writer, "SSO Transfer Template", reader); + + + httpResp.setContentType("text/html;charset=UTF-8"); + httpResp.getOutputStream().write(writer.toString().getBytes("UTF-8")); + + } + +} diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java new file mode 100644 index 000000000..8980d3ea7 --- /dev/null +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java @@ -0,0 +1,480 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils; + +import iaik.x509.X509Certificate; + +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.io.StringWriter; +import java.security.MessageDigest; +import java.security.cert.CertificateException; +import java.util.ArrayList; +import java.util.Collections; +import java.util.Date; +import java.util.HashMap; +import java.util.List; + +import javax.xml.XMLConstants; +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; +import javax.xml.parsers.ParserConfigurationException; +import javax.xml.transform.Transformer; +import javax.xml.transform.TransformerException; +import javax.xml.transform.TransformerFactory; +import javax.xml.transform.TransformerFactoryConfigurationError; +import javax.xml.transform.dom.DOMSource; +import javax.xml.transform.stream.StreamResult; + +import org.joda.time.DateTime; +import org.opensaml.Configuration; +import org.opensaml.saml2.core.Assertion; +import org.opensaml.saml2.core.Attribute; +import org.opensaml.saml2.core.AuthnContextClassRef; +import org.opensaml.saml2.core.EncryptedAssertion; +import org.opensaml.saml2.core.Issuer; +import org.opensaml.saml2.core.NameID; +import org.opensaml.saml2.core.Response; +import org.opensaml.saml2.core.StatusCode; +import org.opensaml.saml2.core.SubjectConfirmationData; +import org.opensaml.saml2.encryption.Encrypter; +import org.opensaml.saml2.encryption.Encrypter.KeyPlacement; +import org.opensaml.security.SAMLSignatureProfileValidator; +import org.opensaml.xml.XMLObject; +import org.opensaml.xml.encryption.EncryptionException; +import org.opensaml.xml.encryption.EncryptionParameters; +import org.opensaml.xml.encryption.KeyEncryptionParameters; +import org.opensaml.xml.io.Marshaller; +import org.opensaml.xml.io.MarshallingException; +import org.opensaml.xml.io.Unmarshaller; +import org.opensaml.xml.io.UnmarshallerFactory; +import org.opensaml.xml.io.UnmarshallingException; +import org.opensaml.xml.parse.BasicParserPool; +import org.opensaml.xml.parse.XMLParserException; +import org.opensaml.xml.security.SecurityException; +import org.opensaml.xml.security.SecurityHelper; +import org.opensaml.xml.security.credential.Credential; +import org.opensaml.xml.security.keyinfo.KeyInfoGeneratorFactory; +import org.opensaml.xml.security.x509.X509Credential; +import org.opensaml.xml.signature.Signature; +import org.opensaml.xml.signature.SignatureException; +import org.opensaml.xml.signature.SignatureValidator; +import org.opensaml.xml.signature.Signer; +import org.opensaml.xml.validation.ValidationException; +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.w3c.dom.NodeList; + +import com.google.gson.JsonObject; + +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.exception.ParseException; +import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants; +import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.SSOTransferAuthenticationData; +import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.SSOTransferOnlineApplication; +import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; +import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.data.IAuthData; +import at.gv.egovernment.moa.id.data.MISMandate; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion.PVP2AssertionBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoCredentialsException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SAMLRequestNotSignedException; +import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider; +import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; +import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngine; +import at.gv.egovernment.moa.id.util.Random; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Base64Utils; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class SSOContainerUtils { + public static final List REQUIRED_ATTRIBUTES; + + static { + List tmp = new ArrayList(); + tmp.add(PVPConstants.EID_AUTH_BLOCK_NAME); + tmp.add(PVPConstants.EID_IDENTITY_LINK_NAME); + tmp.add(PVPConstants.EID_ISSUING_NATION_NAME); + tmp.add(PVPConstants.EID_SIGNER_CERTIFICATE_NAME); + tmp.add(PVPConstants.EID_SOURCE_PIN_NAME); + tmp.add(PVPConstants.EID_SOURCE_PIN_TYPE_NAME); + tmp.add(PVPConstants.MANDATE_REFERENCE_VALUE_NAME); + tmp.add(PVPConstants.MANDATE_FULL_MANDATE_NAME); + tmp.add(PVPConstants.MANDATE_TYPE_NAME); + tmp.add(PVPConstants.MANDATE_PROF_REP_OID_NAME); + tmp.add(PVPConstants.MANDATE_PROF_REP_DESC_NAME); + tmp.add(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME); + + REQUIRED_ATTRIBUTES = Collections.unmodifiableList(tmp); + } + + public static void parseSSOContainerToMOASessionDataObject(AuthenticationSession moasession, Response ssoInformation) throws AssertionAttributeExtractorExeption, ConfigurationException { + AssertionAttributeExtractor attributeExtractor = new AssertionAttributeExtractor(ssoInformation); + + String authServiceURL = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix(); + if (authServiceURL.endsWith("/")) + moasession.setAuthURL(authServiceURL); + else + moasession.setAuthURL(authServiceURL + "/"); + + //TODO: maybe change to correct URL + //set dummy BKU URLx + moasession.setBkuURL("http://egiz.gv.at/sso_session-transfer_app"); + + + String qaaLevel = attributeExtractor.getSingleAttributeValue(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME); + if (MiscUtil.isNotEmpty(qaaLevel)) { + if (qaaLevel.startsWith(PVPConstants.STORK_QAA_PREFIX)) + moasession.setQAALevel(qaaLevel); + else + moasession.setQAALevel(PVPConstants.STORK_QAA_PREFIX + qaaLevel); + + + } else { + Logger.warn("SSO session-container contains NO QAA-level"); + + } + + String authBlock = attributeExtractor.getSingleAttributeValue(PVPConstants.EID_AUTH_BLOCK_NAME); + if (MiscUtil.isNotEmpty(authBlock)) + moasession.setAuthBlock(authBlock); + else + Logger.warn("SSO session-container contains NO AuthBlock"); + + try { + String signerCert = attributeExtractor.getSingleAttributeValue(PVPConstants.EID_SIGNER_CERTIFICATE_NAME); + if (MiscUtil.isNotEmpty(signerCert)) + moasession.setSignerCertificate(new X509Certificate(Base64Utils.decode(signerCert, false))); + else + Logger.warn("SSO session-container contains NO SignerCertificate"); + + } catch (CertificateException | IOException e) { + Logger.error("SignerCertificate is not parseable.", e); + + } + + String idlStr = attributeExtractor.getSingleAttributeValue(PVPConstants.EID_IDENTITY_LINK_NAME); + try { + if (MiscUtil.isNotEmpty(idlStr)) { + IdentityLinkAssertionParser idlParser = new IdentityLinkAssertionParser(Base64Utils.decodeToStream(idlStr, false)); + moasession.setIdentityLink(idlParser.parseIdentityLink()); + + } else { + Logger.warn("SSO session-container contains NO IdentityLink"); + throw new AssertionAttributeExtractorExeption("SSO session-container contains NO IdentityLink"); + + } + + } catch (ParseException e) { + Logger.error("IdentityLink is not parseable.", e); + throw new AssertionAttributeExtractorExeption("IdentityLink is not parseable."); + + } + + + String mandateRefValue = attributeExtractor.getSingleAttributeValue(PVPConstants.MANDATE_REFERENCE_VALUE_NAME); + if (MiscUtil.isNotEmpty(mandateRefValue)) { + moasession.setMandateReferenceValue(mandateRefValue); + moasession.setUseMandate("true"); + Logger.info("Found mandate information in SSO session-container."); + + try { + MISMandate mandate = new MISMandate(); + + String mandateFull = attributeExtractor.getSingleAttributeValue(PVPConstants.MANDATE_FULL_MANDATE_NAME); + if (MiscUtil.isNotEmpty(mandateFull)) { + mandate.setMandate(Base64Utils.decode(mandateFull, false)); + + } else { + Logger.warn("No Full-Mandate information found in SSO session-container."); + + } + + String oid = attributeExtractor.getSingleAttributeValue(PVPConstants.MANDATE_PROF_REP_OID_NAME); + if (MiscUtil.isNotEmpty(oid)) + mandate.setProfRep(oid ); + + NodeList mandateElements = mandate.getMandateDOM().getChildNodes(); + for (int i=0; i features = new HashMap(); + features.put(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE); + ppMgr.setBuilderFeatures(features); + ppMgr.setNamespaceAware(true); + + Document document = ppMgr.parse(new ByteArrayInputStream(base64decodedContainer)); + Element domElement = document.getDocumentElement(); + + UnmarshallerFactory saml2UnmarshallerFactory = Configuration.getUnmarshallerFactory(); + Unmarshaller saml2Unmarshaller = saml2UnmarshallerFactory.getUnmarshaller(domElement); + XMLObject responseXMLObj = saml2Unmarshaller.unmarshall(domElement); + + if (responseXMLObj instanceof Response) { + Response ssoContainer = (Response) responseXMLObj; + + try { + SAMLSignatureProfileValidator sigValidator = new SAMLSignatureProfileValidator(); + sigValidator.validate(ssoContainer.getSignature()); + + } catch (ValidationException e) { + Logger.error("Failed to validate Signature", e); + throw new SAMLRequestNotSignedException(e); + } + + Credential credential = CredentialProvider.getIDPAssertionSigningCredential(); + if (credential == null) { + throw new NoCredentialsException("moaID IDP"); + } + + SignatureValidator sigValidator = new SignatureValidator(credential); + try { + sigValidator.validate(ssoContainer.getSignature()); + + } catch (ValidationException e) { + Logger.error("Failed to verfiy Signature", e); + throw new SAMLRequestNotSignedException(e); + } + + if (ssoContainer.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) { + + //validate PVP 2.1 assertion + SAMLVerificationEngine.validateAssertion(ssoContainer, false); + return ssoContainer; + + } else { + Logger.debug("Receive StatusCode " + ssoContainer.getStatus().getStatusCode().getValue() + + " from interfederated IDP."); + throw new MOAIDException("SSO Container has a not valid Status Code", null); + + } + + } else { + Logger.warn("SSO Container is not of type SAML2 Response"); + throw new MOAIDException("SSO Container is not of type SAML2 Response", null); + + } + } + + + public static String generateSignedAndEncryptedSSOContainer( + AuthenticationSession authSession, Date date) { + try { + String entityID = PVPConfiguration.getInstance().getIDPPublicPath(); + AuthnContextClassRef authnContextClassRef = SAML2Utils + .createSAMLObject(AuthnContextClassRef.class); + authnContextClassRef.setAuthnContextClassRef(authSession.getQAALevel()); + + NameID subjectNameID = SAML2Utils.createSAMLObject(NameID.class); + String random = Random.nextRandom(); + String nameID = subjectNameID.getValue(); + try { + MessageDigest md = MessageDigest.getInstance("SHA-1"); + byte[] hash = md.digest((random).getBytes("ISO-8859-1")); + subjectNameID.setValue(Base64Utils.encode(hash)); + subjectNameID.setNameQualifier(null); + subjectNameID.setFormat(NameID.TRANSIENT); + + } catch (Exception e) { + Logger.warn("PVP2 subjectNameID error", e); + + } + + SubjectConfirmationData subjectConfirmationData = SAML2Utils + .createSAMLObject(SubjectConfirmationData.class); + long maxSSOSessionTime = AuthConfigurationProviderFactory.getInstance().getSSOCreatedTimeOut() * 1000; + Date ssoSessionValidTo = new Date(authSession.getSessionCreated().getTime() + maxSSOSessionTime); + subjectConfirmationData.setNotOnOrAfter(new DateTime(ssoSessionValidTo.getTime())); + + String sessionIndex = SAML2Utils.getSecureIdentifier(); + + IAuthData authData = new SSOTransferAuthenticationData(authSession); + + Assertion assertion = PVP2AssertionBuilder.buildGenericAssertion( + entityID, + new DateTime(date.getTime()), + authnContextClassRef, + buildSSOAttributeForTransfer(authSession, authData), + subjectNameID, + subjectConfirmationData, + sessionIndex, + subjectConfirmationData.getNotOnOrAfter()); + + String ssoDataBlob = buildSSOContainerObject(assertion, new DateTime(date.getTime())); + + JsonObject container = new JsonObject(); + container.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_TYPE, "SSO"); + container.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_VALIDTO, subjectConfirmationData.getNotOnOrAfter().toString()); + container.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_ENTITYID, entityID); + container.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_USERID, authData.getGivenName() + " " + authData.getFamilyName()); + container.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_SESSION, ssoDataBlob); + + //TODO + container.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_RESULTENDPOINT, "https://demo.egiz.gv.at"); + + return container.toString(); + + } catch (ConfigurationException | EncryptionException | CredentialsNotAvailableException | SecurityException | ParserConfigurationException | MarshallingException | SignatureException | TransformerFactoryConfigurationError | TransformerException | IOException e) { + Logger.warn("SSO container generation FAILED.", e); + } + + return null; + } + + private static String buildSSOContainerObject(Assertion assertion, DateTime date) throws ConfigurationException, EncryptionException, CredentialsNotAvailableException, SecurityException, ParserConfigurationException, MarshallingException, SignatureException, TransformerFactoryConfigurationError, TransformerException, IOException { + Response authResponse = SAML2Utils.createSAMLObject(Response.class); + + Issuer nissuer = SAML2Utils.createSAMLObject(Issuer.class); + + //change to entity value from entity name to IDP EntityID (URL) + nissuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath()); + nissuer.setFormat(NameID.ENTITY); + authResponse.setIssuer(nissuer); + + //set responseID + String remoteSessionID = SAML2Utils.getSecureIdentifier(); + authResponse.setID(remoteSessionID); + + + //SAML2 response required IssueInstant + authResponse.setIssueInstant(date); + authResponse.setStatus(SAML2Utils.getSuccessStatus()); + + //encrypt container + X509Credential encryptionCredentials = CredentialProvider.getIDPAssertionEncryptionCredential(); + EncryptionParameters dataEncParams = new EncryptionParameters(); + dataEncParams.setAlgorithm(PVPConstants.DEFAULT_SYM_ENCRYPTION_METHODE); + + List keyEncParamList = new ArrayList(); + KeyEncryptionParameters keyEncParam = new KeyEncryptionParameters(); + + keyEncParam.setEncryptionCredential(encryptionCredentials); + keyEncParam.setAlgorithm(PVPConstants.DEFAULT_ASYM_ENCRYPTION_METHODE); + KeyInfoGeneratorFactory kigf = Configuration.getGlobalSecurityConfiguration() + .getKeyInfoGeneratorManager().getDefaultManager() + .getFactory(encryptionCredentials); + keyEncParam.setKeyInfoGenerator(kigf.newInstance()); + keyEncParamList.add(keyEncParam); + + Encrypter samlEncrypter = new Encrypter(dataEncParams, keyEncParamList); + //samlEncrypter.setKeyPlacement(KeyPlacement.INLINE); + samlEncrypter.setKeyPlacement(KeyPlacement.PEER); + + EncryptedAssertion encryptAssertion = null; + + encryptAssertion = samlEncrypter.encrypt(assertion); + authResponse.getEncryptedAssertions().add(encryptAssertion); + + + //sign container + Credential signingCredential = CredentialProvider.getIDPAssertionSigningCredential(); + Signature signature = CredentialProvider + .getIDPSignature(signingCredential); + SecurityHelper.prepareSignatureParams(signature, signingCredential, null, null); + authResponse.setSignature(signature); + + DocumentBuilder builder; + DocumentBuilderFactory factory = DocumentBuilderFactory + .newInstance(); + + builder = factory.newDocumentBuilder(); + Document document = builder.newDocument(); + Marshaller out = Configuration.getMarshallerFactory() + .getMarshaller(authResponse); + out.marshall(authResponse, document); + + Signer.signObject(signature); + + Transformer transformer = TransformerFactory.newInstance() + .newTransformer(); + + StringWriter sw = new StringWriter(); + StreamResult sr = new StreamResult(sw); + DOMSource source = new DOMSource(document); + transformer.transform(source, sr); + sw.close(); + + return Base64Utils.encode(sw.toString().getBytes()); + + } + + private static List buildSSOAttributeForTransfer(AuthenticationSession authSession, IAuthData authData) { + List attrList = new ArrayList(); + + IOAAuthParameters oaParam = new SSOTransferOnlineApplication(); + + for (String el : REQUIRED_ATTRIBUTES) { + try { + Attribute attr = PVPAttributeBuilder.buildAttribute( + el, oaParam, authData); + if (attr != null) + attrList.add(attr); + else + Logger.info("SSO-Transfer attribute " + el + " is empty!"); + + } catch (Exception e) { + Logger.warn("Build SSO-Transfer attribute " + el + " FAILED.", e); + + } + } + + return attrList; + } + +} diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/resources/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransfer.authmodule.beans.xml b/id/server/modules/moa-id-module-ssoTransfer/src/main/resources/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransfer.authmodule.beans.xml new file mode 100644 index 000000000..1a8709e15 --- /dev/null +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/resources/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransfer.authmodule.beans.xml @@ -0,0 +1,14 @@ + + + + + + + + + + diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/resources/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferAuthentication.process.xml b/id/server/modules/moa-id-module-ssoTransfer/src/main/resources/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferAuthentication.process.xml new file mode 100644 index 000000000..07d746e39 --- /dev/null +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/resources/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferAuthentication.process.xml @@ -0,0 +1,24 @@ + + + + + + + + + + + + + + + + + + + + + + diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/resources/sso_transfer_template.html b/id/server/modules/moa-id-module-ssoTransfer/src/main/resources/sso_transfer_template.html new file mode 100644 index 000000000..962faa58f --- /dev/null +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/resources/sso_transfer_template.html @@ -0,0 +1,447 @@ + + + + + + + + #if($timeoutURL) + + #end + + + Single Sign-On Session Transfer + + +#if($timeoutURL) + +#else + +#end + + +
+
+

MOA-ID Single Sign-On Session Transfer Service

+
+
+ + #if($errorMsg) +
+

$errorMsg

+
+ #end + + #if($successMsg) +
+

$successMsg

+
+ #end + + #if($QRImage) +
+ +
+ #end + +
+
+
+ +
+ + + \ No newline at end of file diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/test/java/at/gv/egiz/tests/Tests.java b/id/server/modules/moa-id-module-ssoTransfer/src/test/java/at/gv/egiz/tests/Tests.java new file mode 100644 index 000000000..d30c1f524 --- /dev/null +++ b/id/server/modules/moa-id-module-ssoTransfer/src/test/java/at/gv/egiz/tests/Tests.java @@ -0,0 +1,74 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the \"Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egiz.tests; + +import java.io.IOException; + +import org.hibernate.mapping.Map; + +import com.fasterxml.jackson.core.JsonParseException; +import com.fasterxml.jackson.databind.JsonMappingException; +import com.fasterxml.jackson.databind.ObjectMapper; +import com.google.gson.JsonElement; +import com.google.gson.JsonObject; +import com.google.gson.JsonParser; + +/** + * @author tlenz + * + */ +public class Tests { + + /** + * @param args + */ + public static void main(String[] args) { + String json = + "{\"data\":{\"session\":{\"validTo\":\"2015-10-09T10:55:34.738Z\",\"entityID\":\"https://demo.egiz.gv.at/demoportal_moaid-2.0\",\"userID\":\"Thomas Georg Lenz\",\"sessionBlob\":\"PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c2FtbDJwOlJl\\u000ac3BvbnNlIHhtbG5zOnNhbWwycD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4w\\u000aOnByb3RvY29sIiBJRD0iXzQ5ZjgzMDIyZjRkZjFjODMyMDNlZGU1NTQxZDY1ODU4\\u000aIiBJc3N1ZUluc3RhbnQ9IjIwMTUtMTAtMDlUMTA6MzU6NTEuMDI0WiIgVmVyc2lv\\u000abj0iMi4wIj48c2FtbDI6SXNzdWVyIHhtbG5zOnNhbWwyPSJ1cm46b2FzaXM6bmFt\\u000aZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIiBGb3JtYXQ9InVybjpvYXNpczpuYW1l\\u000aczp0YzpTQU1MOjIuMDpuYW1laWQtZm9ybWF0OmVudGl0eSI+aHR0cHM6Ly9kZW1v\\u000aLmVnaXouZ3YuYXQvZGVtb3BvcnRhbF9tb2FpZC0yLjA8L3NhbWwyOklzc3Vlcj48\\u000aZHM6U2lnbmF0dXJlIHhtbG5zOmRzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5\\u000aL3htbGRzaWcjIj48ZHM6U2lnbmVkSW5mbz48ZHM6Q2Fub25pY2FsaXphdGlvbk1l\\u000adGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4\\u000aYy1jMTRuIyIvPjxkczpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8v\\u000ad3d3LnczLm9yZy8yMDAxLzA0L3htbGRzaWctbW9yZSNyc2Etc2hhMjU2Ii8+PGRz\\u000aOlJlZmVyZW5jZSBVUkk9IiNfNDlmODMwMjJmNGRmMWM4MzIwM2VkZTU1NDFkNjU4\\u000aNTgiPjxkczpUcmFuc2Zvcm1zPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRw\\u000aOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjZW52ZWxvcGVkLXNpZ25hdHVy\\u000aZSIvPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8y\\u000aMDAxLzEwL3htbC1leGMtYzE0biMiLz48L2RzOlRyYW5zZm9ybXM+PGRzOkRpZ2Vz\\u000adE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1s\\u000aZW5jI3NoYTI1NiIvPjxkczpEaWdlc3RWYWx1ZT44eE9qNmlYVzhIQzk5UGhETEZ0\\u000aOVp0M205VWliaVdrdHMzaWVQTS9CZlFZPTwvZHM6RGlnZXN0VmFsdWU+PC9kczpS\\u000aZWZlcmVuY2U+PC9kczpTaWduZWRJbmZvPjxkczpTaWduYXR1cmVWYWx1ZT5mNjM2\\u000aYjVBeGx6THdUL0I1SmdLdnhNN0haK1lEZGVldUdaRUlxc05KdHdiN05TVFhlbVFC\\u000aTExObDlJTk1aUW1Ybkx3ektCc0pra0tGTXl3MkpsNXVYcWlHWVBzMExTWTNiWTdj\\u000aTTZoeHpDaGdVVHRMWXlPcE9qemxxbE5CN2FKTVpZWU10Q2phcWNqSmxVM0wxTjBv\\u000aYUJ5QlRjaTRHdjd5TUJkdE9nRElHNVVpVEppVmVNOURZcUowZFVaZDNRcG1BK0Zm\\u000aUm10WFVzaVRzU0N0b3lWVHlXYTJWemJweTZxcDMwWkZSTU03LzU0Q0NWZHIvaDZW\\u000aTnZCQ1YydkFEMWdZaUg5VG41aTRSRmRWMFBKNTkrNS9HYXVUMm1HSVRUVmNreVk2\\u000aRlJQSjI2MUV0bmdScE8xK1FYRDZwQVZBM2V6Rm9ZbkkyQ2dYdHQ2K2EyTkV3cnBO\\u000aaHc9PTwvZHM6U2lnbmF0dXJlVmFsdWU+PGRzOktleUluZm8+PGRzOlg1MDlEYXRh\\u000aPjxkczpYNTA5Q2VydGlmaWNhdGU+TUlJREZUQ0NBZjBDQkZVQm5MNHdEUVlKS29a\\u000aSWh2Y05BUUVMQlFBd1R6RUxNQWtHQTFVRUJoTUNRVlF4RFRBTEJnTlZCQWNNQkVk\\u000aeQpZWG94RFRBTEJnTlZCQW9NQkVWSFNWb3hJakFnQmdOVkJBTU1HVTFQUVMxSlJD\\u000aQkpSRkFnS0ZSbGMzUXRWbVZ5YzJsdmJpa3dIaGNOCk1UVXdNekV5TVRRd016UXlX\\u000aaGNOTVRjeE1qQTFNVFF3TXpReVdqQlBNUXN3Q1FZRFZRUUdFd0pCVkRFTk1Bc0dB\\u000aMVVFQnd3RVIzSmgKZWpFTk1Bc0dBMVVFQ2d3RVJVZEpXakVpTUNBR0ExVUVBd3da\\u000aVFU5QkxVbEVJRWxFVUNBb1ZHVnpkQzFXWlhKemFXOXVLVENDQVNJdwpEUVlKS29a\\u000aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBSUp2MHFlOVVkdkZZU0w1STAy\\u000aR29rd0VWZnNJR2M3STdFaFZOT3hZCjltdFVlbm1ocU5yTHNMQkZnMUlpUGJrMElT\\u000aV2hPUndQeVZwL1AzK0d5R1AzMzlxWjY4VUNHVjM2MUUwUW03Y2pQZS9PMytyM0hB\\u000aTTIKWkJOOG9BWm9IbXBock5TNmZLZlk1OGt5Z3RyVWErWnlNellXVFRpUzMyU0NN\\u000aOEg1NWJsdUVGYmVaa3NuYlAwWTk0SWprZkpkZ3Z6bApNeHpybFN5b1YyeW1XQmp2\\u000aUzV3ZWxESGdiQ0t5anNqSWhUUmpKdS9vbEdKeWVuMDEvRXBJVnRTeURYTy8ySVMy\\u000adjJPOVVpRndBb3lCCllBalBubDNIeEsyQTU3N25SNjNNeGxnUDAvcytyODR1QnFP\\u000aQWxiNHFuYnBVN2x1NUd4bENQa1ptcFJvb0NRWVVSaW9DK3dqUzZsTUMKQXdFQUFU\\u000aQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFCcU83a2txL2dSYWhBdnBzUWc1TExa\\u000aUk9HRnI5cElQcnlOOXhtSkdnUG83agpLTmw3cnM3Z05TMGxtdWx1WVdXbkpjd0FQ\\u000aYndGZWI5NTRWTUI5eDlwOVFFdzVSblhhbVVZOXFhMExnY1MvdC9XWDZ2SmtaUE5o\\u000aV3BoCjhiWHdoME12bHNiZnJ2RFRKcjhjakgzcWZ4SVRwN3BhM3hiMXFFN3N1UmZm\\u000aVlVkRFhhd2lYWG5XSi9XSnIrdHdWVkhIRXFuWnoxbEEKclNETHhNOHNDakc4RGVK\\u000adzh2blF5NW1QR3JHVlRCYmE0dXBjOFVUWTFuUFY5VTJHQkpWWXVBa29WUmpiVGxO\\u000adnJMNUpxTnF5cEtjRwpiZWpqV3hncnpaa2VRZVUyaEZjanVubWd3R1ordWcyZnE0\\u000aa0trUWZ0d2NxZUpUenl6Qm9vMitPbzRUbWZic2gvb254UFdBPT08L2RzOlg1MDlD\\u000aZXJ0aWZpY2F0ZT48L2RzOlg1MDlEYXRhPjwvZHM6S2V5SW5mbz48L2RzOlNpZ25h\\u000adHVyZT48c2FtbDJwOlN0YXR1cz48c2FtbDJwOlN0YXR1c0NvZGUgVmFsdWU9InVy\\u000abjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpzdGF0dXM6U3VjY2VzcyIvPjwvc2Ft\\u000abDJwOlN0YXR1cz48c2FtbDI6RW5jcnlwdGVkQXNzZXJ0aW9uIHhtbG5zOnNhbWwy\\u000aPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48eGVuYzpF\\u000abmNyeXB0ZWREYXRhIHhtbG5zOnhlbmM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEv\\u000aMDQveG1sZW5jIyIgSWQ9Il8zZmQzNTg5MmU5YThlYWNiOGUwOGYyODBhODNmY2I3\\u000aNCIgVHlwZT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjRWxlbWVu\\u000adCI+PHhlbmM6RW5jcnlwdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cu\\u000adzMub3JnLzIwMDEvMDQveG1sZW5jI2FlczEyOC1jYmMiIHhtbG5zOnhlbmM9Imh0\\u000adHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jIyIvPjxkczpLZXlJbmZvIHht\\u000abG5zOmRzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj48ZHM6\\u000aUmV0cmlldmFsTWV0aG9kIFR5cGU9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQv\\u000aeG1sZW5jI0VuY3J5cHRlZEtleSIgVVJJPSIjX2E3NDBjZjA5MTViZDE1MmRiNzRk\\u000aMDNjZDQ1NzUyMTM3Ii8+PC9kczpLZXlJbmZvPjx4ZW5jOkNpcGhlckRhdGEgeG1s\\u000abnM6eGVuYz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjIj48eGVu\\u000aYzpDaXBoZXJWYWx1ZT43R0hKY0NYYXlzME1pY2ZvYXc3cnFNeTZ1bUQyd0FEQmtH\\u000aOThKclJ2UUdMczJneTBOSWFvSlM2SWM1Z254RXBNcUZHZ2ZLNHBBWGxRUVh3K1h6\\u000aY0RNaURhY2tqS1c5ckptNTh0b3dxNmFEbWVIU2doTTRDVzhVb1RaQlFlazVvY1dU\\u000aNmRIT3hPVzFFOFUrTXprTEg1NjVXUWxLYkdHamVSSGNzb3V3MXFuNk1XS01EU0V4\\u000aRzQrZERzSVliMk1uaEc3OEh6TDNZK0VMVG40TWd1cXF4bmpTVC9rRkpTK2dSMm93\\u000aL2tHVHN2ZnlLWmdMZUVYTzRpVHlNM2RzRk1Ma05rM0tHSHVHRmhGeUxycUR3Sko2\\u000aTmY5OVZRTmlDZDlrUnpxOE1qWklpNWQ0SjlhSmgvRk93NFI0TXAveCsvaC9hYVhk\\u000acDVyQ09CcUVaZ3FZUXlqT2FIMlAxRHR0VkU5SU5xS2w1OXh5ZTJaR0tDd1p5TTgr\\u000adWdSRnVDbTJ2RFlRSUx1T1RTaVNpbkJsNnBpLzFYRktNL1lVbTRJMXA0N21LNDlE\\u000aeW9Ia0lBaUk0NjQ2ejNJZ0tMZTBnaFlQYUlvTHhNcDE1ZE83RHRDQzhsZnYwb3Qx\\u000aYVdvTy9TcGpXaVJiOEhCaXdleGxTdHV4dVorUGVqZDlzUS9neTNFOFp1MWJXRmsv\\u000aTDVrNTZqUTAxZStIcEdORW5FSml1c1RHWldMRTZBY1lvd1NCeEZidC9RUHhGTlhh\\u000aRFBmcmlGRGZMK1RuMngyc2Rwb1RlMVpZM1JnZXo5b1Y2QUtJQWZZWC8zMllsT0NK\\u000aTlV5Myt4OU5teHljOFdKNTBjQ2RTd3ZuNTRBc1Z2U0xYRi9sbHIwQmh2cWRWQ0dP\\u000aTy82WGQvdEtpblFPWHdmeEJBMDVJZSs5MFZhU1J2NGFrRXJ4dHhrekVIeXB3R01j\\u000aVStieTYybDh5Q2Qya01vMnpQK0hmZ3NkTU9Ba2hrbDUvRXB2NVdiZGMzeElKRUhK\\u000aOVptbitUdGNWR2FiOHNPeSsyblIwQWNwZDJxeVIvNkNUd3dodk5nbXF1TldiLy9P\\u000aaGNxdDMvR1dPZkt0NGhrRnQxeGE2allTSXVoNHVWMHJqcENvK21ISFk4ZFZaTGZ6\\u000aNE9oR3dpNGd4bDBlV3hYUWF3UGpMWlI5RzdpQ1NCT2ZPV0d5bkdydklKSFF2VUJD\\u000aUVUwLzh3eFNxRmkxcVdQVXN2ZWtxV012SFpYTGdMMGZNYUJEa1ZZTm5YT2FlalJU\\u000aVHNZeENZc1AxYlRCNDY5ZytjRkQ1bEd0VDErTi95S3dKOUJTTGhaenhzRVhVWkhG\\u000aQ1NJTk1vTTlnaVF4TzI2L0VLUENMdXp2bnkyN3orNWdxcURkVzhlVUFCUmEyeFpp\\u000aZ204YmFkSllGWE12dkdDUVBjcmhiN3c1c3dSL2I1TXNiZXV4L3F0RFQ4R3VWcUNG\\u000ac3JDL3E4MlZpOUd5b3VCWDdGRk50UWhWRDFFVWtCQWZTYWE2UDhKU2VPdE01TVYr\\u000aV21OcGJrQ0U2M2hZS2g4cHN5MUdMdlRZRVA3Slh3TmNIWXlmS3FtdXk5S1dOVmUv\\u000aT2JPZTM5azhCWE5tWE9DejRJay93ajZqaU1DWEsrblhwdTBZQ1Z2ODJXM1BMeGlR\\u000ab1liRURMMjNHV05sNFFHQzQ1dE45WUpwK29CSGZjRStmUHk4S1FrOFBDK0s4SFFr\\u000aK21HV3NkTVUxUitTaTExY0VYdzBKTTRTczJzTWpZb05tQXd6a2RvRHliVkdnK3B3\\u000aSnUrUmFmaEJrSmpIU0FMeVQ3Y1R3dncrOW56S1BIdUhvWW5wSTRLQSt6U2xrYkUr\\u000aQ0dSbzd1MUxXVFl0cGZTYnFtd1NjYVlxU01WaTZ5QVdkRnoyS001LzlkVHB6alBY\\u000aNGhOZW82ZE96eVRHUkFMVnVUZi9Ma0RqaElqWGJ0Z2J6ZnU0aWdrWXg3Q2d1RnZ0\\u000abVlkTEhNSE4yRnFOTkN1UWk2bTJLUGYyUG5HdmVrSFVwMEJYZ3NEOUhkZFJtNHBF\\u000aYnE1VEsvV05RTzBuS0g0M1owOU9NcWZZbHEybk5mTi84ZnMyTjc1c2h5NmtheElK\\u000aL0FZUlNkOUU5M1VjOWJmV2FIeUwraWNNTE1GelU5MytMZlhpREkyWDVScEVtSnFB\\u000aSUMwVlJ0NWtXdnlVNGVlWnhOdE8zWUtxUnN2YVo0dzhnZ0I3dkxheFFKUWtnMWhs\\u000acVAzQzhDQW5HWnkrdDR5alRVejA1LzlpQi9HRk1DdDNteEpPajUvaVdTOTZRRW54\\u000aVm8wdVYvYzhDRFd6OERHYzYvLzFBQzBWS0VmaGRsSmFGOHg1NzVHNTI2dHoxTVln\\u000aMHBaaitNRzlsRUxkNm12d011cVE3VEVZdEYyN0Y4Vk5iQ29ZWXUraDhJTCs1Y0Vr\\u000acnBjakUzMm9MbWx4ZjBjNnpZaDhwa3FsVTR2RHlQeGJJcm50WkFPcThMUzk5Vktr\\u000aUjdFL0w5OXNoZUxqd3I0bTJtQ21CZ2tGZVZhVG1Ca00vSFd4MUNEYjlIcVM0N25Z\\u000aSWJaQW94ampIK0QzR1EweXlES1R3aG1iSXNHMFQ4Ry96eStRR0pmNkg2MXg0M1ZJ\\u000abkNwRkxmQjNiQUNJay9OanhCeFdheGVwMXRMMTRBSlRMZlROTnA3K3dCT016THhm\\u000aSHBjSUlWT2dOeXJ6UVk2Q0x6eXlDM2hub212a0hadFJ2WmpBYmExMmJSZ3VoTUJX\\u000aOFZiaHNKMmZaekZ3TXp0amxzSEkwREc2OGs1R0JDemFDQVRPZlBBWnFPN2lEQ2JC\\u000aMW1KSEgzTmxvQ2xuL1pTY01rOUVqTERyTndIWHZ4ZEFTRFMwS1RrZVNxS21TZm54\\u000aUWlSQ3lLNjhrSEZNc0trUTRYS3JKZjZGMWRreVYrL3NFdzRsS1FFYW52VkVVSTJx\\u000aUExDSVZnVWVkQVFaeFAxeVp0dDA1V2ptSUdhZnhQMldWNE9PYm8vTGFaamo0YW9H\\u000aNjNxWkdGdGJyWUt4TVc1Ny9RL0ZkbjN5TUpmUlkxVGU0UCtpTTNHUjNRcU1QeVMr\\u000aZWZDMlRDNk9pYithOHZ2SVcxTFI4OGV0V2t4SHJzMEpVcVRpM1ZEY1lXNEcwUHVn\\u000aTFhsZEYwWVVod1RLaTlOUjZmWTNXMXBTQUlNRGYvbk5hcVBIUnNLVWU4Z3pwcll3\\u000aOUdWLytXWjkrNUxEQnYzWmNKVGlLcllOcG1TUHl2MDdvNWx2Mmo2MXJtaEdsQVJ6\\u000aODJzWlhDUzA5K0lyaUpmVUg4bko0NFRFUk8wb1pBd2RxZWhEVmQ2YzZIV044dlJI\\u000aeEVJZWhmeXJhUVZ5Q3FlQkU3d3VPcXZFSmI2R0Urc1czNlBMNGFwT2ZMcCtISU5V\\u000aMkRhbVBrWHJWdVV6Q1dWZWlXaGIzSVBPNk81WkNENVp5RHlQc0liV3RuMnc2bnpI\\u000aU3EyUDhOdmZZRHhTcmM2YlU1aThoQ0FOZFdudTliMWJia0tXTXhUazhjamQ2bk8w\\u000aN1FtZnJFZGJCQ1ptWmh6blJ2cmRYMDdHSXo0YXhtM0Z2UHBtazBvZ1FaUzBieDd1\\u000aSWhFTDhGR2ozQW9lSllpOFB0dFA3NmFKaTRPYndlUmhlWVE2L1p0NHlPcXhabUph\\u000aMEFnTjJieTlpT1kyZ2tLclg2RTY1UWMzM2Q0Wlh6aXdDc1BsNVlGQmY1bG9ndGFE\\u000acXFVU0p1TEQyUEMyZEZNeDAzaGkrcUpSNmxPZ3ozYjJrM3dUTjhGTjJBMnQycHo2\\u000aNjJSS3IyQVRuSklrZkdndHVTcFlicGdab05VL0pheS9qMERWMXRaMkFmODdsUU43\\u000ablphdmF0YjVvbWx1Vi8yU3ZVYk5rbW1HdUhrTmFjQnNuTjIza3FOTEFrMmZvQ0xZ\\u000aT1FZaG5uQm1ZTUdYdS9tOG9haXdmUzhxRlZyYllTc0tKSWpLU1ptaFZBU3hXa01t\\u000aT3lSVUcrYkhlQ3RuT3ljWmlhb25XZElvbFUzT2hJMi9JTkpDSUNzQjJNWGhtNkpa\\u000aOEFtcUlqSGQxR1JvVElRTDlFNlBUbGF1MVB5dDhmbnl0aERac2R5L1dmMGU2SGRy\\u000abXJleXBiaE5PYTh4NUF4ckhaRGxjemttaUJyOHEzU0dYU1JVWUt0YndGUk5DZjFX\\u000aYkVyci9uN3duVmlZOENiS0wxZGJzMzlDNmtaVGlUVE16b1NCaFVKcW0xeUpHZUM3\\u000aT2pLRC9VNUFUK2NmOXV3c2hVNDhKZHNUNDVOWjJnOFNkL21xODlyTFBRVTAxNG9h\\u000aNUhRbzV4bEkvaldPUE1MM0R3MmtFVkkyZ3R0eG5HamExVk9aZVlJSGM1amJWenBx\\u000aSDMxZ2ZNYkZLTTNqNHRyaFVKVmFyM29ZWndZWnR6c1IyNmg5NWxIVlNNQzJ2MGZH\\u000aZ29nRFBMYzROejFtelNUNzQ2OFFTeVJJTzZtOTVTOTV3UWxiWXFoRzhMLzJsZW13\\u000aS1JNMUNUSGVUeVFjQlRNb1lrdU9wNFRZaVlXZzAwMjlXelNyMkhCUlFXZm9zNzc0\\u000abWlBbjBEQWtxcysybzFOdUtjTmU3cVFmY1Vnd2lHNzZJK1FZcEZPbkJSeUh1d1px\\u000acHR1WmpKTWV5amtZWC9wRE5VRkxYMmNWRGgrT0FSRUFaT3NBSVlPbnU1OWZnRHVB\\u000aM2RrOVNHMGVIclNXVkR2dU5yTDJiWm1hUXJxQmZ4bXRaall2Q0lmdDFXcmQvUkFo\\u000aeUs4bEFMNWFJZ1pZajV4WjBtV2hXd2hHTFBKNXBnMXpCeHFmZ2hyNzhRSVBQNGEr\\u000aT3YwU21qTmdwbVNQQzc4d2RPNVh6N3NzeU1mUC9uWkhVZEVJbUNqUGVMM2lJalhn\\u000aVVY1SjRnckc1cWY3WHZJQzBpNGZBdktnZ01LYXFYWGRZclBCZzFWQm5vR3BNVWZm\\u000aUU9Wa29pcjNjL2hYNWxlN1BoQlp3OVlWaEN3UDg2VU1oeGFmclp6blQzbnVUV0lL\\u000aRUMxOWVXNDJSak0wU3V2dWlreFY0L1o1UUhxcUtvNmRPamJZL1NKR1FQU1VWczdx\\u000aU3owNks1bTF4Q3Mybk51QWR2V0lVS25leE1oRUxsRTVGbGJQVkZ0Nkc3d0dLNUxv\\u000aNkV0bVZPWnE3bXpxWS84RHdUMnpUbm1UbW1lZEdIZDlUUWRCM1gxU2orUHlFRDFr\\u000aT01kYUkvVlVOWCt4bFlmUkd4RHF1Rlp2YmdTVSsxaDJHSjQ5M3VsYk9KVmJjeXpP\\u000acFFmTks5UTNNNEp2V1hPRVUzT2NPVkMwbkZGUUVEbDFEZ2h2Wldoeit6dy9sZkg1\\u000ab3UvV0kvOUpmKzB6ajJNNDE2YytTbkpneCtaSVZUd0lTQlhDc1NicW5tbG54ZE9a\\u000aSnhrbElrWXlwMGVNZ0RkTzZscHdTbXlLc21KMFVaM3ZPUFRuQXBxdTROeUxLOXUw\\u000aNzFZRVB5WUhWWnRXOUdITm5LM3RvZm5TVVZpMSsrVEx5bDY4aWRqS0RCa2hFVWNy\\u000aeWU5QkFhak1VR3VSc00zQ0RNZGlrSEd6eDVwM2RoeGIwczJTcGhxREhFLzJMSlBj\\u000aU2kyQkFVWTA1WXNDUytiWDgzb3VESDRXSmozZDM0NFFTcnFwQnk0ek11UHJPdWdT\\u000aRWo1a1Z1MjhMT1RKcnZPL09jbmxoTUYvWndielBRVVI5TmhUV21GOFV4WEE0Vjd0\\u000aK2RQNDVnTFFvYnNnVHY4MXkrUDVuTnZ2alNtL2I3aVpzZXJhV0VaSHlwNGo0bis0\\u000aSWJJTmZrcXVYVG9pcTlyVHFvZFdyemN4TkJCdDBOMTFtRWpwM2ZvYjJiVFU5QkVn\\u000aalZlTHRFSGxqVFJJV1ovK1IvTHpTaXRJL241MlNvTUI4RlVZc2lXQzF3WVBOY2lR\\u000aeEJYdFRNZ2xLY3NiVkUyN0dxSEtueDVkMlVHSE9iQVVIOGpKdmVaZUNRYVExWEZu\\u000aZ1ROdXVNcVBzdERaSFNPQ1pWVXhJajkyQTFUNkVTaFo3cTY1VjhadFEwNmdYb3dB\\u000ab1ZDc2xjaUJEZHZwUEZCL2FlV3hjbHc3cFZBQ2xBQ0ltVmhMRG5YNEtGWUNIUE5n\\u000ac2FLYU9ua05SVVZSc0Vad1pad2x2bklRdXpBRW9KTmtremd3Z2dtdHgyL09EK0NY\\u000aaVlLdE5pT3hHWDlKZEUveVovUk9qbHlSNUo5Q09CL3JNMmdlY0FWZ2dmcXQ4RUc5\\u000aQUJNVHZhN3RpVHF0M2Q4V2NjREV5S1F0aTlySXhoNWZVWGkwbTFrNlJGblNEajZN\\u000aRXZBNjBULzRJY1hPUERtYTJ2WU9EZ0NBS21IMWtnNzY1dDI4MFNtcFNnMFlnQUpV\\u000adkphSXlsdGY4VWhPWE9DdE1RaXdEVlVjSCtDTHBiSXh4a25Pa2Q5K1hYNDU3bm1j\\u000adjc5S0FMbzRjbEp0RWpqS3h1aUIrK1ZwNGxzRVlENkI2RVkzMjJiNmk4ZExkQkJu\\u000aZ0JKdXUwMDFBSjlWUFlIWlJBeDNRNDh4UU11dUp3WWdZNmlEV3hzY3lheDdENkxu\\u000aS2czbnBaYmhmVzRlc1l2NjBqdkhTNDZwem1lSlVKVmNmVUFFeWQ4azFXK3huWHFi\\u000aN1dxRFRGNXhaTHgrZHRlQk90UmR5U1NIR2cvcUhQNEFvZ3VSc2JvVFU5OEJqOWIy\\u000aSysvSEU0ZTIveDk2bkg3VzRlU0tGRGsxaWxoNk9EckE5SE1uQ3h1QWFxZXB5VTFo\\u000aRGNsZjNEVXdGamdRR3Vnb29TNHpITElvbnpxVFVjcTRzcC9SZ0YzRk00TGxpL2NC\\u000aTDdSbTYxMHZBYUprcmZWRG1JZGZ0NHd0SVVTVysyRGtoQ2lyb21LL3RLckZUbC96\\u000aTk5HMGpBTmo3SjllRWhQaE9kdzFVMHRlN3ZlakVwMGRLb09NRkRTSTNaWWJieWNs\\u000aUHJ3bkw2ZW5ocmlrWHBzNXVMVDRqT2p2NFVJSVRQSjJLN2NjWUZmQzJqZlJKMDJt\\u000aRk1wRkc0MGplcEdHblJ3cTNRZzQ5NEVhVGN2dG13SVdjbEtlVmJ5MW04N3ppc3hV\\u000aT1JWQXlnUlljU3ZvVXdxdWMzakx3MGJYVzBmUkFYVTMyaFlWUWZJUTFwY01pSDRW\\u000aRStyL3AvRGpJWS9zYngzVm1Hc1dCTGhNOFIweElVWm5YSnJyejk3S09GQkE3NGdu\\u000abVluSXJQa3lmT2hQUGVFSDQyL2VpRHUybWRWL2U0UGEzS1VLZFhjeUo4cm85MjZC\\u000aSTF3aGk4Q2h4SVVtZzZNaDQrOHg4YjhjS3VpZWtFaWZ2cU52aG1KQ3hlaThTYSty\\u000aUVpQMEx2aHAvekEwRWIxY1d0ek1VTUlFdUhJcDREa1hhY1dNZ2NuV3U0L2d4Q3Vi\\u000aMXhHaE5xWDI5U2p4SUhHeFdJRkNvQU9lVkNkL2xiSlFPS3V4R3BnMmR2RjdDUUhM\\u000adGYxQVRQaEQxRVNsNnR5dTg0dndWcTk3U3lTcktweWJxenZydHdSTFhwb0kyUHA5\\u000aWEd6S3BtaXIrT1Fva1dwSUhZTElzU0hmditDWjJDaW5aaUpEWWdtL3ZyOUZWdFpv\\u000aU0JKN2puYlA2TkpKYTlidGd0QzBFZnRTcGxPSHpicm1nMVR4M3gvNytTRlRGc1Yz\\u000ac29yejcwTWxIZE43M1ZjK3B2a080LzM4ZVF6SEFqdkhlTVgybGFMT1Ntb2Z5Nmpw\\u000aOVBWV1RMWFJmSi9kOTRNbmhaK1lvQ04vSVl2cWsyTzlPcDlzWnY3SGNHdHBMYlFr\\u000aUkh3WG9od1VpSFRxVkhEQVVxbEszUkdHdDk3ZHZJY1owSUdlRFJROGtULytCUTZ4\\u000aVGpxN3pvQmpMaGwxT2M1cUxkYldUM2FLbVNoL09Tb1BPWlR1OG5QYXROdjFIektB\\u000aOUE1UGovaDlRTCtGeldrMXM1MzZYRzJHaXRwckdiMERQaUF6MzVaU3dCdVpGbFBs\\u000acmpZbVhONWdsOEpwSVh5c3R0SFdqNTVDSWlJbHYrSnhGOXBGaSs3M0pHNkNUVkNa\\u000acVEzM2p0SmVWLzVsTnFJcGhUUUQzcS9rbDlGNTNPMGRQa0UwM01lWDJkS3p2VkV3\\u000aYldDbnNQMm5rVEhDMDloVDdkSjhVU3NMaElCZnZ4dFJ3VG1nbnRoSE5seVZrR1pK\\u000aWmxVa21QMXFHZU9tdmU4RjgzYlpSMTBNK1dyZmV1ZEJYbVJZUHgzRW5FVHkvK3B4\\u000ad1d1cVczd21WV2JxM3BsRnJCNFd3eUZuc2NNUkNuSjNuQlJQK3ZCYXprb0hpVXk0\\u000aOEJPVkJvMm0zWFRUVmRVcWRmbksvUlpXc0RhaEZKYnpWQ3cvSTlJM0lySkFRa1N2\\u000aSG1qUkRsMW5aeDdCaHU2WTR2ODZKa2dmSk5UMzRocHlYQkRaUW1YNEh0NXZacnlj\\u000aVTE0cTJ4SWVoUGNVRmMyZmQxMmNkWERvazVrSi94ZWF4Zi9RbDMxRUFzQ0xDR0x6\\u000aWFI1b24zL1VaMGtGNEx2Y3IvTVJ0VjhJWWdjbDUxcHlMbjhnbnh0ZmErVmZpMStD\\u000aQ1kySXFJUkpTeGtmWGgvTlhWam5MeFZaem42d1pGWFZ4UXBBUE03TjR5V1pkT242\\u000aMFlXK3ZCTmRGVExKZkxnTVA2UDBZWFZNRlpUVFRtVE04eWRGd2tFZDF2OUUrcysx\\u000abDRzNU50Z01yaEZVTkwxOVo0VVdSNVE5YTQwSXhhK3hBbVdPTElDQjFuUmxkZHll\\u000aeDdmVmtYSDE2WUV3RnZDVlpTWGRZODdaK3JENmZCbEtKL2lvandRbnZPV1hPS1dj\\u000aTmdEemc2bFoyYnVtREJpM1FlSllkNnU1Vk1ybGIxYk81dGZMa0xvM25ZMXROL2ZO\\u000aWmF2NDY1MnM3K3dRaFh4eVZ5bzMzQmY5d0VxaGxwN2pmcnRmY011MS9zcEhwQ1ls\\u000aOWF0MFdVbTR4UytaN3gybkgxUWtJanh4U3RaUVNmQ21LbzdiN0pGUFloVGg4QktR\\u000aQ2U2VnYzemYrUlloMkVNR0d5RXFMdWIvdG1Od2FnRGdGYXk3L3NEaTNTNnUzSmpy\\u000aQlE2b2R2ZkNrU240cytaYUdqb1I2VkNtUHF3VlorTXZQRXBKQURRUm5HS1ludlhs\\u000aUVU4dUo2MWpZNXpUUE0rUExaYytCNmdpdzZlZmNIenp6ejJJUmRPWEJGNFE0RVFO\\u000aek55ZVFrYTNoUUk5TWtFbnc0SDlZV2ljTkV4NVpKazR2NmJzeVl6T0Y3dVdiMi84\\u000ab09NNnRhWHdOWWFTSWRyQ1JxVGl3MFZOR3hVOFgvNGNwU05lSmNsRGRxVXg4TEli\\u000aazdxaCtXYkkwSnNLdHE4d3c0VDlvN3Q5MExpSTl6RWdjUisrbGVvajhxV2Z1aDZp\\u000aL0tzRGtTNFBHMmw1VFBqUWhWMHJaY1FhdW1hRzU3dXc1eUl0RnM4QVVlbTF6VWxN\\u000adjcydDhSalNnTWdBOWdWdGNCcUNlWjIwZzk4ZThWc1FwQ1Y2SDlpSWRIalZTZkFK\\u000aMG5MbnJud1BucWJPZFdvL2xJYXR4dnFSb2hwWFhyR2loSjBPMEpNNkw4Y0JJQlFl\\u000adkZxSE9qVlRIVGFpSVhxL2dQcThVUzZtcTNIS0U0S2tUR09zMXdzV0ZFRmpKei9m\\u000aeUxmYk5sVklIQ0tRTjhjb1lKdFNlSEZUMTNZdm8reTNBa1VRb2hWTno4RXg1TUJ4\\u000aMkYyeGtoZ1BLdDl2aUlLWXdGRlpOQVU5ZzZDWVRjOVY3WmtHTFRBT1JqQ0IwNTVm\\u000aTnBkSGVvRWpydElMU1lTMjZhV3Q1TmtnVVJsV2dEalpTN0t1UWZuY1dXMjQrOVND\\u000ab0xCV1VzSXhVTWVsZTEwZDhwbGxsZ01YRUR6aWEyc0NEemxvOFdOa2h2M3hZZjFT\\u000aYXBjMk8wTnVmS1p2NEVWMXhzMy8wblIrMHc1b3ZHa1UyY0ZXMnpBVUcwaGU2azhZ\\u000aTjR6QVJRallUem4wajNVa3F3Vkl5dGZuUlRYUzZEODZkTVAxaG9ETWY3N0duMzI1\\u000aRUpKM1lGanpFbEFjaURlRkgvMS93Wm4ybm1ST3hDU0p5SUxXNnJiTUdyV1JDSjc0\\u000acFNyNkZUcXRsVFdNWkExL01ZeEk4a0JlWThHaEQwWGZ4bWdPaTI5NjcxSHI4SFVL\\u000admNLYk8zWUxHemhqaEtCWklEWkNwanlUY3p6VkN0MzVOcXpGUnMzM1Z6Y0VDU0I0\\u000aWmVZSCtxS1RDZEhPK0J6VE9HOVh1am5HazJVb3BkdldldkovdVh0SDlmTGhUQjJn\\u000abUQ4azZSa3FSTnUzUjZlN1NJTlhpejFuc3pqMmo3QTlDNXE1c1VkNThjVTdNRlg3\\u000aMGkzVHJ0NUh0MloyaFNQY1hPNTU3Sk1LRVdVcFZxS1l0WmhQTWN1a2hHb0hVekJJ\\u000aTUV1bDlSYXo5c3M2RndsZHo1QmFvWDZJcW5yd2pGaXRnTjVnWUZpaHJEbmlXUVhx\\u000aaXQyTWtETmFROTIvWUlHRlJGMm5iaUdPWDFUamxqQ0VDMU1DQUwvSWxqRU4vM0ZZ\\u000aOEJLWElpdkU0RTNNRGt0eXJzWC8zOGxUZjN0YXZOVk5aVnFESHMxUmxuRUM4WEZI\\u000aUVFNZXdXWjF1RlZVM3pGOVVlcXYzcTRxZUVQREZ5R2lFN2dEV2tNbW5xYnZURiti\\u000aVysyMVJzTHBpbUphS3dqclRMTWtoaCt4Z3hvK0paWml4c1NxNXgrK0NCdEtOQ3BC\\u000aNkUwTnc1SUlnUnVzL1kwMmxQMWZ5OFVsdjU4eHBNUjVETWRmeHZ1cjlPd05BTTY4\\u000aNi9zeUwrbHVwVDZhNnRhOC82YlNPVWphNGRtMXgxWHBhWkZ1Qy9EMGxkU3ZPdTZv\\u000aQmhVVUtuYXhCalpIeXl1UkNQVlpwY0tFZDFkemE4THdJcjY0Q09CeDl5OVJSZTlV\\u000abmN0L1dIanlQSnZsWWx5OTBLZ3JFOWYzMUdkeEFoK2hHVjZrbWhIUUhpRnB2ckRi\\u000ad05tRWdhNzZlTHRLdHpGNDh2cDdZYWdOaERjZlBCbzVJMW5pOGxZcFFDeW50WVB1\\u000aWnRIZWNyNWFDQS9RSWpGZGdUSkRXaGJkVW5rbzgwa1RGRTZ1czByVUNuLzNrcUhK\\u000aeC9Lc2R3S0VxQ2ZzNUVhWW5LbVhvQW5HZWZYYVdoNkU4Mm96Tk5qVzhBSUpJcENJ\\u000aTTZrbkFjWi9mVGVjL255azZmTisyeXltaWFXWkN1ai9lS0piMWZFK1MybWxpbjEw\\u000aM05oWmtNTkJHUDNqTUF2K0l6dGVuMFFDazdySmJ6cmlTeUFGYml2aFB4bjZqQnlx\\u000aaTJKRU4xd29KOU9MYWwvaURBSXNoRXUwQ0dwQ1JMRnUralI5WE9zdktjNTdGVVo0\\u000aSHo2Z0ZBYjEvNkszWnNWSXRGZElvL2tmbHJ3Ukttc0hTN2VuZ1phOVdYSVFHb3FR\\u000ablVaYXVjb1JRVWEwa0haN0UwK0szNVpZa1lZVFRwUHJuQWhQbTJBaXdmRUpzVmQy\\u000aM0tnWUx6QW9tQ0J4Wm41RkFFd3lMVUZSTFAzOGRZR0hlZnhyR1FiemNzOUtpS3I2\\u000aQUFVRTVSM09yMHdDTUpLV1Jmbk9QZjZQdmtIdlcrSFZhZStBeEV6ZXF4TzFwOVVU\\u000ab1hoVlcra3NoRzZ3QTIvL2NkR3Y0MHJrVEh1RFE1c0Y3Q0ZGckNodlJZb0MwMzJJ\\u000aS01qa1Rzc2FKS3dqSEZlSVMzc0tjbmdEL05WR3pTK2xOcGNwSDg2RkJGQTd5SzNq\\u000aVzBrZHRmblRaLzlSSkNXblV0YXFpM3BFaWFlak0rbEs2cXRuVzdVcHhVV2o2K21x\\u000aZzNtb1FCUjZ2Yk4vS0xrSkpsUjhsUWNnQzVLamJLOUd4YXpGZlErbGprcGhKRHBi\\u000adERUZThEZ3dBSmlraGlZT1YzYjU4aTA5MXo1V0JZSmFtQmxodS80MzF2TWIwNFJw\\u000aVVdOSlphSEdySWdCNXNwdFV2SVNxSDRBYm9xN0ZNMVZjZS9pOXpMcXlGVVhXZEhl\\u000aaDBmTWFKUVp1S3NPNDFmQUtsNHhLWE9icUF6eXo5ampGTnJjZDQ4MlNZVzhrVGlW\\u000aZklEUHN3eFc2aEVhd1psaUxRYUtIa1pSU1JYempUVE4wc1draXhmU0dPTDRYNXNy\\u000adXVuajQxNDJyRW80L0NYRzhwODRWTnBrVmRXYk1USEIwT3JmcDdvQWdiLzFRUlZt\\u000aUmpyaUhMZ0Jzb25sWUJvQmNKaVpjb1ljNFJoVmROSnVGdldUaUg5MWM5dXZkdUsz\\u000aeHhoMDNlUCtTRld3Wm44NDZjZ2lGL1pDZTY0d0tVemNPT0JvbkoyVm1JZlFWYUdq\\u000aTmUyY1ZDZVNhM0IwUi9PZXBBRk1ZQmozTTM4djdabFJRUXJMVnRzVXZXMEtjbnRJ\\u000aaHZWa2NYVkpZM3RRYkFKWm44aVUzWnhiN2VvUnF0MjFGem9raVVWbzV6d0FuNDV6\\u000aZVVWUUEwaFhaN0s2K2RmUnJCSGFaMkRob0RLc3FaYkFjVDhTTExxY3dJTlBsdHha\\u000aWkUrUUdMSGc2SXhHdWZmT1VEaEtmdUtoVUlOQ0dwSisycjJqSEZrZGJRaTl1R0Ux\\u000acWh5WmtrcGhEcDRnZ2Z4RjB6QkNQZWJDOHBXRDAxaEdSUFdDVkNzRjBMdGlQV1Mv\\u000aSnU2Q09MWXZKeWhlWURYeWNFLy8wOUkxYTdYRGFaLzBLSWlhNjY5YWNZQ3pGWnEv\\u000aYkxkZjZoWWg1UHp6RlZYNjI4eUJuRnRvbm9MMGlSdlo3eEkvbXQ1alBFc05CYXgx\\u000abGhhdXZJVXlNVEdvM0xGcHZrYStiN2dYZmFPZXgyajZwb0FDdVVZKzJtZmY5Und2\\u000aWitVQThheFB1N3NydUdCaEpJZ2JyeUx0QlNwL09ZZlIzZ0ZSdjA0a3l2bVdkL2w5\\u000aTGxRanVwQ2JvUm81RjFVb09Lb28vQ2l2dWp4WmVDd09QSmdEYndNVWZ1ZUZLazcr\\u000acjFCcktGdWNzbVlhc1dYYUNua0I2TUxOVDdoeHFqYk1hM3JXcVVFa1JyNXJzWWZq\\u000aSFo3SloxdGZacHVyK1Y4M2c5V01rSkFFclhaQnRibFJMM0UxamNicmdBRXQ5MzZP\\u000aR2U3MndPTUg4akNMU2FSSzVUSHlWZmdiUDluYlcxeWdsNHdIQ0tmQlh6RVZ3bWpa\\u000aSmdKWWxtbHp0SnBNcTZJNWJBc2Y2aWlKNFJyQUJmV1VKbkdGNEhuL1RoYTBVZi9p\\u000aMEQrSi9ZUE1RNWIrTmRvajNuSU15UFk3blJ5WWNNVEpaa1lFSWJ1dzd2MXhxUGJz\\u000aTmlSZkczMmJ3dll3QlBVNTduN2lLZXJFTmpnQll6RFVSZWtmVWVxYWZtUHBPWFU2\\u000aZDBBRDJTcjM4M1BnekhsdW0wWmhEUUlnaThycmkyNVU1eDEvdmEyK1YwZWlCdnhH\\u000aTE40b0dZQjZ4a2ZFa3NNTkV4ZlpYU1dCdzlzVnBMeEVxclVqV1NGdk4xbjV5c2Nk\\u000aTi9JY3EzTDhvWDZ6WmR6bFFqWFN4amZ0L0hMR3FrSTVZTTM2K0V0MStXUFFLcG5t\\u000acEpVVnFWemJ1ei9VK0dpcUhSVGVqRDY2a01lUUJnWHB1djFRY3FBU21Tcmtyd21E\\u000aRmVCbXA0amxHV1NCM0R6djBHb2tvK1VrRWxENmRhSGtjQkJCeTlPWEdCTXhKemt5\\u000admNhQkpOY1E5KzN0SjNnVUI2c2QzR3l6ZGNienhMcWFPcFh0bkkyRVZjYXlLekRL\\u000aZ0E5RGRUNHpva3hTTzhObVFOTVMrdFprQ0hJK2ErQW5iSFRvNlJQZ3JpRVg0TG0y\\u000aTGJsUy9UZjRKbjlHaVh0V2V0UWNpbU12UXJxd0UrbTRmTEpURGgxb0ViRFhXL3Vw\\u000aSDdFTktQV3F5bEhwTFZTV2ZJcjR0QVJMaEl4NlhLeXNwYTJvY1h1UWpzRXkvVmZ3\\u000aQUlyMi9NNVZOR3JDcEdmY2Y5U3U4NTBEWFMzVUg1Ri9KM1ZEWlYwL2tiOXNVT09s\\u000aa3dnZ3VGYXR0T3l2QmZFTnNOeklUd2V2VC9mOXgzMjlyL1MxYlhJbmRvM3NHRmNk\\u000aQnlKWUFROGM4OXFaaDJsSHkrWmRvWlRiTXZESFhKOTdJVERwb2dHOExrYU1EUWhv\\u000aaExjOUhHRFluVnkrRGsxWE56d1RlajJmWS9qZWRXcUxXVDcvNm1kSmlUL1NmZW55\\u000aQ0lzQ01TU0tTZ2pVenY0TmY3SUVyeUpvYXhET1UvRGRpOTBXWjlBZ29MUi9JK0F5\\u000acDZ4ZERMV1BUZGpsa0RYbHRaQlp5MXRmV3N0QWpqM0Y0Sm5xMHBHcDBqTVJNUXg3\\u000aQWtHMGpycVFpamh6NCsvd1lrNFhLUGtsZDlQQXQ3b1lQbHdWRERMSGtIVTBOeXBs\\u000aMTVNa1lvRks5TWhNVWdJZWpoTU1UZER0eHV5Q05PVWkzUHVrdmFFVmN6SWI2RXpM\\u000ad0JyYUpzNjN0VmhPQ3lMdXBuZ2VOajNLNHltSWxhVlpHVUdxWDlrRERzbG5oZmpi\\u000aeU1Gd3lVUERtUFM3VlpJdDFVRjJZTWE1ODBjNXFpZnF2YWxFZktlQmFXdUMvOStX\\u000aREgyM3VvYjRiazMxT1JxUjRvbTNrdzZRSzhkaDZETHllNTRoSFVhdnIwNkZ6SWF5\\u000aNkZNcDZhMUljbnpGT0tremtDeWk2OW8vdFZyWHg0alVnYnNtcDlQaFUweVpKRHFH\\u000aYWFINjJyeEcwZEpkNUh3ZkZkUnpXbnBSV0JEajlFbkFkaE5VYnpLNVRJaWZaZE5h\\u000aNnJ2aXBsUk1ZK2N6ZW9CSTU0VHd5d2FPZ0dCcjJIaUVqRUhCY3pvWXdkSXNrY3Rt\\u000aRjZtZTA1N3U1RS9uMFVkTmMzbENJZXNqZml5SVdDTUxkeFNnQktXalBjSnRDSjRR\\u000aTmFFK2p2bUpCbk13cFI3enhOMU85b2tCWHFZWnozWUFUY1ZtdTgvY3V0NWs1Rk12\\u000aZTkxUlF3MysyL0FTVnRmdU91L1JOMTBYWm40ZldiWEZjcDI3NG02OUs2RkRYOVcz\\u000aNXVSWEhZeHp6OHl1L1k2TitVNzBoOStXL0psRi8zTFh4S3FveVlwZUtXdlVWRG1r\\u000aT1ArMUhhNmxNbm1BQm1Cdy9KYVg2WWN3bk1ibkZuekFVWTJvRE9lT2o0dkt6cWly\\u000aMkZMQXVUSWo1Q0VWZStHa3ZHRU4wTFNkNlZzTzIrNXBVRHc3b0FmU0IrUXd6bzFx\\u000aN2Urbm8vWWtuancwOVdEeEtpVWxoWHRqN2s5K1p1VjVWYWhmczR2bExLaVBPbmhI\\u000aQTFlRHdXRFlVdDdRSDRQUWUrZjhaV2dtcTFaTnhVUzE2Q2d0ZU9MYjFJZXVucERN\\u000aeFZUSFZaVy9sQmlzakFCaEJpY2x6a3cvWTkrcTlEdU1hbGQvU3plVHZVaXpvaUVi\\u000aM1RTVGluVUozUUt6a2lJWityOFJrdnB0WDlnZks4VWdva1BFa0tleGd3bFdmTjRr\\u000aRzMrdDlsaGw4Mm1oZzQ3bTk3Z252Qnc0L1JtOGlaNXJXRzhqOWlEbHJaMkJWVzRz\\u000aMGNmdmZsaUFTVjMzRElNenJveWFFaXBFdlZMTW96a0loTm9OdkZpRXp3NWpUdWgv\\u000aWXB3c0NtaVJ0NDVnUURyUzF2WE9lRzNSdmdPdC9rMXdhUWZIQ0ZjNkFlWVRKdXd4\\u000aWENMOU1laDFhd05qd3BFZThBbU9oK1dkYk92ZklvVXRVcXRXb1pkR0NXdWZoY0d6\\u000aNldESUxpYmUrZ1Rsem1sTitEQml3ZXRNMGt0N2V4eGg5ank5MTA0a2pkdTMydkIz\\u000aa054WWtOaUVsWUNSMnBBSHNhWC9mczE4YjJzdTRUUlRUSG1MWFVrbXdwcmhSUXpG\\u000aMkpVOWlWV3NmbEVqN2d6SlBMNGRyckxsKzkrUUdGUG44VHZFY2U2TTdLRGZUWkNP\\u000aV3o4Y0FjcW9ibVJjNGZDVFRNN0ZKRXVGUklIcXdvaERRYXZlOFJSUG5BZk1XckZy\\u000aTUJOekpUTWllY3lpWWZIcGE2U2NseExoaU9aYm8wbWo4OGpLN2FXVXdqdng2THRJ\\u000aQ3RqbTk1LzZQcjV1L05lUDJORFZ5dXVBK1pCRjl0YXNhOVBLbVY5K25uMUg5bU11\\u000aR2pndlQvUHJmMS9RUGFMUEltUjhOTFlPamdhb3crRUEzWVBZMytIT0RDQzVlRnZF\\u000aOC9PNVg2QmRpTElzVU9uL21ReUZSS0JHNEpySThkSzRyZlJXTmgvYXg3a0h5amFB\\u000aVkNGV2pQdGp4TDJjaFZ5UjBUMDE5eWdGUGwrRVZUcDFML2UxWGo0RjhRTFZzZGYz\\u000aUXNaM2g0ZGpvREVUZ3V0OFZTOTFuSDRnMzJPYjJndnEzOWtQRjNERzRjUU1kRzha\\u000aeFZEaWtIbTJrU0RjMThaTE82RkFqeXpncmp4ZWVaeFhvVzc3QWZGM1YyaWt1Yi94\\u000aamQvOFhJZzFNZHkwVHNEbGorVEpBUVVwOVBOZkN4MmxUNlBuN0dZMVNBUGptSS9a\\u000aUkVJSEdncEx4cUcrSkdBVXlROTR6b1ZnM3ZYOTNkZStXV1JEWWpxaXRXYjlvbU9R\\u000aYXhmVDF5Mk5yeWtib1pXaWNTb3lMWnhZVFU2bktrbTdUb3lMU2F5ZFo2MWhzUlB6\\u000aZXNlcDA3S3NxTU1Zc2lRT0J4VHN5a1EwcHhVenRqczRJeVkxWWtmcUdvaXZPQW9E\\u000aVStxN1dOTEpuRDZnd2x3bklSSUR3aVpuREJrckNZc0JFK3c4QUNoaTBiN3RqR3Qy\\u000aaG4zVmRjd0FabmQzOWo2RlF2Z0JtWGZERzlJRi9SUTBTNWN1OFh4OTNFaGhoOE9B\\u000aK1hTNlkyci9rbTZwTm9NaVA3TERJSk02SmRrVlRGT1h6VWszdzVrS1liQVZwRy9r\\u000aandjRGJnZVlHUkNxVHBmMFBXeG1YTU4zWjZtS2J6MVFaNnd0TGx4L0FNYTA1Tkgx\\u000aYk1zbE14TE1WWlEwdHNsdVVqSWNVamRNdGlTb3BaYzBOOWZDY3pmN3VBMUl4Skc4\\u000adFIwdnltdkVQSGdKVXVSYXhxZ1crSHV5eDd4ZVAvNVJGS2VBZmdNcTBzaS85OHVS\\u000aSFlZZFVORUZSUmQ4WXluR2lqZFlxZ1lZZkNnZnM4bmcyWDlsdnUzaFNIMkdQM2Z0\\u000aVUdMS295L24ybE43ekdjMFdxQWxDYXh0WWdNMFVwMmpQWDd2N2ZySUlTc0sxYmdX\\u000aSnZXN0xEQThJMjVEVDZaVkdOY244WkZ6RWV3VGJSdlBFNk9oeDdSc1ZBL2JwbVBP\\u000aR3prQ3N1V3A5OVhSa2tQQTNaQmluejJ1RXIzQ0NTRU04eitIeTZrV2RRTExSTlpO\\u000aZnQyV3dBWFVwc25tL0YwNmpVZXU4Nk4yWnNMeEN4S28xYnNYYlorKzNCM0NTMFYz\\u000aYXVBYXN5aGwwa1NWczI4eTdYaTFSajFZV1VabHNmQVYvR282SXZyNE5YTklpK1hY\\u000aWVJtaXNRVGI0UzNHUXRvRmhvcXdOZ1p1L3A1dzBmc2lVTDBFK1BDMjRvVkIzNzlj\\u000aUG1pUXUzdTZ5eE0vUVVCVW4vNlQ1U215MEszaUFGdTJEVU5ZRkg5NllEdFNZK0RV\\u000aVDJJVTByK1F2K24rYUJ2SC9xRmVLWXhNZTZMVlF4KzRNTk8xZzh5M0ZvYTNzckZV\\u000aT0R5azM3YlVrQUZWUXNPUWNEV2d4S2l0TU1kbWdpc0JwQXNNeTRXQTAvTnVqVGZy\\u000aUmZWVFRWVjFxWFJZL2dMVVNGbmMxMjNkbW11WEF4UjM1cFVzWERwbk0vallRcHRM\\u000aSmtNcHpPWnZmTEhNVmpVQU05WUtSOUhxSFBxaWVoN1ZZT0t4ZnlTL21ZbnpVWE1T\\u000ad3l1VHdRL0VLaEFkaVo1bHdhYnBhcEYwb1RCWWN3ZkVnejRRZDZjZVgvOWh0S0xx\\u000ab3o3RGpMVVlqRThPK1JxanpVeGJTbThvMnpHWG5yL1B3Mm5COEw4bE1yQlpTaUN4\\u000aUkJuK3lkeHZ0UnRGSm4yMWZMVmlqYzVOVFpDUVZ1bThGUlpTa2FLc2JkQmVERFNJ\\u000aaVJ3NGErY09mc3FPZjNQa2ZScTNraDJ6TUd6Ylk5b1MzWnFxSTJHdGowUmJaMFZ5\\u000ac1VTVWJnVU5uQ0lSR1RtOHE0T3J0Skp6Rk1oYm5Yc0R1MUxJbFY4b3ZTaW9VanZr\\u000aU2I3bnhQUTQxMGljZEt2NkczNmx0VFhVVkhnM0RzMFFrK2Vha3ErUk85clhBYkxD\\u000aYzBxTDhkOUFELys5NFZ0eEZ3a1M4NzltUmhGZDlZQ1FPVU9HYWRXbzJUYnoxM0hs\\u000aRDNUUUVvQ3JkQ0lwdGdhVTZ3WURjZzRtbi9IcW1aK1RuMzFJTERDejlvb2pPM2dl\\u000aYVE2aUR2eTlhVEl2TUdrKy9GR1B1emRHYmhRWmorSFFvbWNDaVMvYWxES3h0c0Nx\\u000aU3RkaWRQTmZwa3ZVSHA5UmNERHorVmlMMUlKRGcwVkg4N1N6VmNjd3Bva0NIaW9B\\u000aZGsyLy9SQ1lwbHFQWGdHbFZSV05jK0w1M3BhVFpPT3IrQXpFNUI5dVNFRDI4c0lw\\u000aVnZIb0lBbGhpZFNDT3M5UzJjdGhqYTk5WlQzREFMbFRYcFd3NDdpZmhkZ09aVkZU\\u000aNFJEYUlpMm9TMVp0SStkNXJSQ21PN1lEa3liNjhkc201UGlLZUVGdHJNYm1mcUNV\\u000adDhSWUNEd0dnNHF1UEI3Z3V3bExhNnhHczNJQTV3VVNJN0FUWC9CME9Jc1NsSFRO\\u000aZU1TYjlVbTdQTGhieUc3T1JKaXNLUjMwWEtkVFVRUjJGMzZWdzErZDVHMTBUWisz\\u000aaE9XSEc2bWlHU2hPZkFJY1hBN205VkFNWXhJM2lSUFBqLzE2STRGeExTdVFDYmFa\\u000aUmptb1hDRGRidHRYNXFqS0NXRDBBTEl3RmZ1VEFMNlVQV0NDYzRKOHpnMnJpc2pm\\u000aZ09tU015RUJ6UHVBRkc1Uk1lZi9DNGJzdHVGd1JDaUc1WkZlNmhyMUE0RkxLODAw\\u000aemw2ZDVjYkQzN3Q3amxXNmIwVHZpaVFrUS81K2dqak5QaXdPTGxPRU8vWHhXN1gv\\u000ac00zWm1EZlovZUhLMDM3VXd0QkRpNTBGaURXSHJON2svNXladnZFL2lUcUh4OHBW\\u000aSjZ4UXF2QWdLRlpFamE1Y0hEcE5MdWFTb0RIMjBzelNNL0NmU3g1SyttZ2c4L2ht\\u000aRHlBbXVPT3RJVnk4N2RQY1phUWcyZ1d0K05vbnN5eXgwR2k0eGNuNWZEZzVPQ0xT\\u000aeC81dm95REJNQnltZFp3aS9QSEtBZlRMWlBlaGlvemRDb21vS01nQ21JQ2tJS0hl\\u000aM2M0TkFTN1B2S1hSWDI3V2gwbk1aNFo5TUQxVzlVeUIvMFVoVjJQUHdLVnpvY09w\\u000aT3NEZk1WWXI0TXdxZjlXTEtFME9BQ0E2T1ppZFJYRnBKN0lUNW8wMFNzNStXZTNh\\u000aa3dER0hRRVhPN1JQc0U5SzloVmJDUDBuUk1YUDU3bFZ4WXBPRG5pRS9lK21MekFT\\u000aVm5rVlYvWUM2N0ovM1E5ZXpQdlE5VzJYcDFRTzlRUjRkVGpnTTEyRVBmUEpyTDV3\\u000aaUxaeW0zeitVNlNpUFFXQTNMSDVOdzVCQlRGMGlGRGxOaEExTVorUlIzRXU5eEQ4\\u000aWkVaV0VMMkIySGR1L1JGcDRkaFI2VE9FZDNTTDhIaDJYcm9pRE1YVnBnWU5FS1lG\\u000abENQMnlDTUNsQkFEcnNuQWVRR1Q0bVh0Rm5aMmVCSGtHNEhTUVRtQkM1NVgzRjMv\\u000aYTAxRmtNcTBtelYwSWVzUGM2UTRVc1lMWHZIQkl4L1lrT2hhTnVMMmprWnRGejdL\\u000aTDFQblRESEt5bWJJcFc1RFZuVDlFU3pHbUlDSG0xZ0lleVRMN0x5MldSTCtBTFdw\\u000aOW1aaHhJS2FxdmdmK29jNWFGaGlQellEaDFjS3ZxVDdHakxBTHk1amJrbDI4QzhO\\u000aSlFXZU9QR0hFVjRsUXJmNy9oejEzK0VrTGRaUHJuM2tJOGVzVStURXVST3pkSXN4\\u000aWUgrU1hpOGhxeGt1ZVByN0Z2aEF6bXk1WWFXYTZJT3JHNkM1RTZNTndCcmhVYXNF\\u000aMlQ5bE5OcG05a0Ywc0o5aTFud2o3WW93S3BnTVR2cWJFWUszTE05SGUzMnhRN3ZI\\u000aN2dncHloVmhBYk85cCtBZHQzT0lsanVrTC9NUGxRM3dnWDNyS1lBM205RWlyaDJ4\\u000adHhQVWR6cTI2NzNabjMwaU9vcWRBQzhVaGZFN1R2RUdMS2dZb0FlSGlqMS8wekRC\\u000aUEJNUVkyaWNwblpyK2dNV2huRlBtN1dXUmNkQ00yOFhsZTVBa3ZoSGtmM25tOU9P\\u000aV0RESStERkRPOHJhQ0N5SzI0QVhMNWxMZWwySTRlTW8zNU5kT1dRaWtidU0vWlNW\\u000aM3Y1WUdSMjB1OHlSajdrZ2Uva2FvSXk5ck8xaFA1MDFxV0xOd2owUFpIZTZ3TDhI\\u000aT1d5WHhnMmZweFRlbjRpUVFRcDJqRmEzR3hJbDk5U042emJvcEVZL3FGa0hjR2t3\\u000aeFk5S3EyOE01Rzc0ek1xK1JaTFYxVFVRV1h0Sk9lOHZWUDFkMDZPRHFSMlZrOUla\\u000aaTRwSGd5Zk9XNlBWT01WcVRGRkpJWU53cW04alJCakV2OUZ3dUluajA3ekpXRUp2\\u000aMC9sdXdaRFQ4R3pEY0RoaHdyWVFFR3BaVkl1ZVlXbkRoZnRxVkloS25zTW5KREFG\\u000aQ04zSEhFTG1VbjdJRVpIdU9Sa3A0alpSc0x6dTliK1RmSDhGYmU1d0pJVHBiSDhB\\u000adzhweUx6VTdqMk5xd28vYU5oZ0FUUmcxL3BERWpOWlArcEJ1T3hIRy9ldVM4YTBz\\u000aeEVETXFTclUxSG5jaWxFSkpMRU9yZ0tURkx2ZDB0eE8wamRGUGFLOGttRWtmWVVn\\u000aSDdJbTNudVQxSjVScDEvRXR1d0E1Mmg3YTVHWEhaTmduR2hzbE9kN1ZRLzBCQ1dL\\u000aNG9OaHBTY0FybUZibEhVMDRLY1V4dlAzV2MwNGZJOEV5ZHdZczFDbm1iLzQ1TXU3\\u000abnRCM1RkUDJOdXVoZlZHQUJyOEF5eS9UTDBSYytZdTcyQUxFZ0w2MkNtekNyOG9R\\u000aaExEVkQ2RnRDM29PQ3lMNXJhbVNKTzVXZ2d4bTA1WlE1UFN0TWx2RmVrNnhnd216\\u000aeUNBSTRzUkc1SUV3NTQvM2N0TjZxUzRYTEFVVWNlRUg0eUQ3N1VyZEdmdWw0dU91\\u000aOGNJZEk3alFkcGZQMW5XSjZRZUgvRDFCUEZOREtwQkhCY3hRbjd3aTBGckZOSTZw\\u000aTFpEeTFZYjhYNHQxaVkvVzE1b0NQUGw1a0hoOGpyeXpUb2tRN3NSbWcvaHh0UEpv\\u000aaHNqM3dSeW9OS2ZWSHMzbzg4dExWTlpQYUNPKzhUWGxlRm5ycGU0N01QZE9ldU5n\\u000ac0luaWk4a0s4bDJ0UUVpMlVpTmtER1pGdGliR2pxdXE5cm9nUWpSMXZMNDF2czBy\\u000aaGdXL1I5OHp4RDgzUzV3c29qQndEWXpPTzBtNDB2WVFFUEVoV0NXV043SlRaWEN4\\u000aMXR2U0hDMmZUSDREa3RjaHkya29CZ28zUDdYTXZPUnYyU0w3ZGkrajlKdkVqVWxx\\u000aVkRFTWRQRDc2b1RYYXh5T3lLUzVVbE4xTDJYbWk3QlRYMmlxL2xueGwyd2VONEx6\\u000aWFBsTmdEaHN0KzRSS1VtYVB4a1QrdlJpdTZ6b3dEV0ZlNGQwUHE2azhRZU1HT1My\\u000aUFFETnhuWHNXUXZoc0UvWGJ1SEl2Y1ptUVlKTjh2bHdGSjBzdnFkV05URWlDNGdJ\\u000aWlJxWHJ1MnUybG03b2RCSVZrdjUwcVVnRENLVG9xS2tkdkYwOVhnKzZsOUNiZjJy\\u000aQWE3d1RjMlU0ZEVtR3VxZ1pyR3VYRnhVZmlKYVR5TFE5KzFLcDNnZFRJQTVFVVRZ\\u000aOUs4cWhnS2lHdjNlQmdIamU1VXhITUMvMGFwWGhiNkFySEM3RW5yOHhEbmN5YU5v\\u000aOXJmSTBjT3RCT1g1QVZsS0xZcVdnWEp1bDZTNmZSWWpvdVVjaVF2UHpBRU1iUERV\\u000aaU95ZVVTQzd6SHpHcTZ4LzlBQXFySEZrbkIxS1lYdFJYWk5zQlNJRCtTV2NNMEZG\\u000aK1B5amxJbVQ0K2pYOFJBVjVGdTNpL09hcjBJNk1NVldSZzhNQ1RsRzVWWDd3cmt4\\u000aQ2pGUW5scGs4U2NrbzlRZkNjb1FsTlhyK1Fuay9rcFROOHJHQktvQ0xZVkpNWS83\\u000aa2RYZlluOXBOWTJXejlYSlJXcXh1dFRoMXU0K0ZZUzcrY2h5b3g0Q3ZHTTZjR1BP\\u000adDFZY1BJMjl3cnlYOTFiMks1MWdOQkNzSThPQlJXTkdkdXhMUzA3aDh3eDFSOHVS\\u000aY2dETm9kWnJQQ0pnQ3ovYjd5R0EyMDFManUySEFqeUR4N0pnOUJzTmJ3dTZnZW1z\\u000ackNnOHpJQjdZOFdsQWZueUhuOWRma1dhNFRZMGx6VEZoUStOZUtEM1RaUklrV21J\\u000aQkpUcitwaW1FWmJUSFIxSk5PeUh4L0M0cFlTem94MXhGYmMxbndMck5rd1lyRElN\\u000aM3YxaDQ4eldub3Zad2hIUmk5d1kxdngzQ3RiVXVOMVYwZnVGU0U4K1pvYmNaYzd4\\u000aZDVNdUJ4RW1rYUFneWJSQ2JSRlZvUFgxdjdGMklkZGd3TFRYM1ozSGNZdG85eWJM\\u000acWowZ0FNbUpadTJGM3pYUkkxUFczc25STFpubTd6TnBCYVUrL1luQzRjSUlYL0Er\\u000aMy9zZ0tYeDR1U2tqTGlwN2lTU2xoTTRmZFQwcFBSaUVoTkRyTG16UzErWmM1UXpN\\u000aaVVFVGM5L3Q4bFJDa0E1UXhYZkdmZmJvTFNGT2VMNTV5NWEzYXhNMUtZK0VzOFBx\\u000aRnk0cGhYY0dLVHZ6dDcrdXRlOEVUdWJKUUR2cStFUnhTeWkwWm9kK2RyTC9zSmty\\u000aa2tMRnU0ZGEzOTlkS3VobGRMekM3MlZxS3VDTUN6eGtOU2NOT3ZRSlRYVHlEblkz\\u000aa3pXRnFKK2l6SXRvTm9ydVRNUEJTNkpOMEJWQmlBOFF2bjhWd1dyOXEySDBzWlJ2\\u000aNWxsUkZZZnM1bEZ5TkI5bkpONnVPZ2JMU0pNSm02ZGc2NHlITDdFOXE4OE5rZDVx\\u000aMXVhY21pd0VUN0VzVGpSUXdLMm5oN05lMC96VGVpSzdiVG1RMW1KUGpwZEEycXp6\\u000aZ3lIRGoxRVlNenhoZFZIb3lHQW4wWlhDak96T21SR0F3U05pY3VhR1I3aERpRzNU\\u000aZllxSkxLWUorUHBnYTh4NlRha0xwcnZyK2F4c01wSWNPWkFpQy9jQUV0REFQV1lN\\u000aQmZaeEI3cFdSR2NqVThPbDhzUnlwTXZ4ZDByWlpoZDR6K2NSQ0p4aEM2RDl4blMv\\u000aVHd5MWVxOFd5TmNLdDYyRkVaU0dMWXFCaWVUSUp6ODRLMnpTWFdYVzBDZnhrcDVu\\u000aZXlnbTc2eFlyWmJLUndPcmxuRVFwaEVUbVl1SzB6RjdtOERKOVBtNlBNeVl3SVVP\\u000aL2t5aVYwU0R3WW5CM05HMFdSNEtFN01jOUZOMWFtM3l2N2IvOFBPRWlNVDBpK2o5\\u000aWm5lajRMT2ZVcnVVTDBqc1UyRkxSLy9RVXpaZUpxL2NaenBKc1VEY2ZvcW1qNERI\\u000abTk1YW5IQXNPdnZJZXBqdDJsQ0dLZVExRm1yb1h1NzQyc1BQMndySmtyMDd1SThM\\u000abnN0R2xucFNPNzZ2ZnRDa2kvYjc4THJOc0VIRm42ZDgzM1JXbzUrWVhaUXllWWUw\\u000aUEovWUpad0c4bFkyRS9YZWFrTjAxSjJpT2tNK0lmVkhnYWsvUG5PRVhhOFFqOXdu\\u000aejBNKzY5eVFGVksyVDJxRW5PUmtEZmtacFJtM2x0WXdqcFhCbDJrdDVKUE5qVStH\\u000ad1A5SjJHdExWR2IyNmJleCs1QmlVNWtxbUQzaGdHUlRsVmp1WXFkS3pYL3Z5bVJP\\u000acm9MZWhHMEZtMjFpYXFvZitQd1I3ZmlOUHh4WitLa1Axb2JGb2xDalo3S2o0OWdj\\u000aR1JNSnE5U3lya3BWcVkwS21YMGw1SnpERE9QUWdiRDhlRlQ1ckhjbFc2SHVCZFdB\\u000aOHAyckhQNG5BaXhiazIrSGRsMG5Rd3QwalNwUHNsSmJrYkpYQWtaZnZJNVVwU0RY\\u000aZGpRQmlXOFNJRWY1QXhPaUFveEdGQksxKzZzS2xJMzMzNCtKYmlSOVZDQlE1akQx\\u000acjM0MnlPcDlzc2VjZEFGVmRNQXZOQk1jQlQ3Nmx1ZmVlRkNCUFRQOC9sZFF4dmxy\\u000ac1Z0SEZoRHBHa2FYSk9hck5TVlV6d25uU0djTTZUMEM3ZTJLV3l3VUpLb1pYdmwv\\u000ac3czdG5KaFhTaDE5SUJxS3BLYjBTV1piTTZFaHlPTmZHc0hqSkhuR28rVHlBQlRu\\u000abWtNY25tTkxPSjcxYzNnMjJKdk8zS0diMGRQZTNYMTEyS09LNmpEdFZPVjRIS1Ax\\u000aK3UzRkRCT2pqYWU2SC8vYjN4RVNXWTB0VmlNSEN2YUVVYkhKL0dyQXpNWElwNTNB\\u000aYVRoSXEzVlVOckJlTDVraFFjbDl3ejcxM3JLRHkzSG0wRWxnQUpYSEt2cHpYS3BC\\u000aUm1pUDFJVHdRQ1F6L3lTREF5ZldpK2pxT0hNdUxaR1oxcW9qT3V1UnhIdWFTeU95\\u000aQWFwU3F3TUtFQTlIeGlZeFB3UUEvcHFySENJS0JDRWtSUnRrNDloQlY2VXdsOVdv\\u000aMnlJQm11cC93UE9rRVVRRW9NckxKL1FMSlZyUzd0N3BaRkNXdmdwV3RoZXcwMjBj\\u000aNTQ4QmkreEl5UjdFeVFmaXB4NmFtM3JzUUNLdDdMTXIwTXkvNVBkL2d4bWVNRjlG\\u000aUmNCdUtEQ3FlWEwzeWZWZmhwMjZQQzZTenFBdmJsbzh2ZG9EWXZKenFkWGVlMXFw\\u000aYzJmeHF6bFBkMXpicEJzeTh5NjRMM2V6M1NqWDBubnMwU2NvaVVuQkozci9hUG1E\\u000aR2tzUU1UaFBlbzVOcWpVTmc2d3FUQXlDMThqc1ByNkd0VXFMQ3lSOU9UZW5RaDdM\\u000aNXVSK0FMTVRscC81N1pMMjJkc2liUUJEdmVhNEtISGhzWjZzbDBGKy9YdmR5a1gr\\u000aZWU1eExVMnFES1RlRVkwNmt3elNQSTVxWkYrTXRtVVJTUWtoYVRuRGJYRy9kd1Ir\\u000aaHdRb1RQcXpBeURLRi9ITmRZVDdzM0lxYS9zQkEyTjJZVXFJbElId3Y1TUFGclE5\\u000abXYwbFhrc0FHbzF6TUpKdVRNUFY4alFmdDh0NFB4aUY1Uml6b0s4cWI4TjBLK3RQ\\u000aTGRJdWJtcnlJRitYSXhkV0t6NDhvMWR5MWYyalFIV0V5eVJNZTNvM2NTSCtDRU5S\\u000aanM2aDdPUjhyekd3ZFJxVmlEeHRtR3FMc3lhYVZYWUoreVZ4Zm5kNmg1RGNTNlI2\\u000aclAzOS96WEtSS0dYU05zd0EyMjBjTy9ER3VsYVdtT0pLand1TkNFRHpFM01sWHc2\\u000aLzB1cllNUktsVUVVTmpDTVVxbEFPSUJ1Y3g5YnhEYmpzU0lHN0wrSDUzSFFXZnI4\\u000abVlaOXhjYnFidXc2Yk1PQi94Z28xK0RyZkQ3VzJ3YVdoOGpKUW03NFN1L1ltQldT\\u000aUjBOVEQyNXd5R21zTVJOYmZvS3VTbUZNM05pVXdOcU40eVNQa1FOaTZod1ErNmVC\\u000aT2lPcmY3aDJqdE1VUU1HVFk2dEYyZzhzUVRRZVRVa0NqRkordExVVXBlR3BRaTE2\\u000aKytHa0UwV1dJWlBzeGtuT2Q0U1lXdHZBUWxBWTV3RXlTejFYQVNLNU45cmx3TldX\\u000aWE4vSjVIaVZacE5tVDUycjkvSTlzRlhpeWN4d3NPL1prd3lMeWFnaUw1cE9hQ1g5\\u000aUzJuNmVDcmk0cjBpcUtSWTE0QlhaZEdrNGlnbHpQR2tPMU1zc3JEU2FsejZIdGJY\\u000aMWgyd1VSMHdTZGlETHpUc3o1QmR6USs1ZlVwOHMxNkFicWlxQU82Y2Y3WlpPRWFs\\u000aOFBVZlI1bzZQZ2llZVFqN1lQUjdqcmVtT1RwUDZqaXZZLzFyQzBJYThLQ2pyNzF1\\u000adVBEa3VVVlZ0MXJiZzNZaCtWVE00aWU5VS95U3lXSFUwejZIbU1icHZCZ3AzUTV5\\u000aaXN2azdtVFFDdE1uNkR5VTlKSWlDRHBhZWVGUGpaVWJiSXRqbytiWFV2SW5ZbUxu\\u000aankwaUVJYW80YmhOcERGSjAzcnltQ3NMeTRSb1ZZczQ4NWxMd3hEcEFLbG4vMWFY\\u000abUFiK0p2VFFlTE1xNmMrRUtqR1FITXJycmU2T3VaamxiKzRDVVlBYkdLclA3b2Mz\\u000aL0tVL0JrTGVpdm9lQjFXaUgvSHBncDZSNVh3VTNvUXBXTUtlc244UkhMU0NsYWUz\\u000aaW5ic2FsNUpGK25KUDFSaXZldnNya0IyMWU0OXcxU2NIbmJVdDgrZEJJc1ZqOGhD\\u000aT1p2SjdqTVR1YUJteDV6UnJGUk9OSHJuTjdOMlFPQklpUmxDVFRmSUJTci8zdkwr\\u000admxObm9GLzlMcTU5c1gxY0JrVk9qQmI5cEFJRm85TnFRMHFLdGw1YXZiSkxXdG02\\u000aa21lei9xcG9HT0FRWnF3VE4xeHpwTWtSRTBpVExPQk50TkcyazM1RUJwUUI4WmQr\\u000aekFJM3d2ZGFPV3FsRk1oSHVQTHVTejliaHhEa1RicTVwSzhMWGxNVldURFVUM29L\\u000aM0g5d1M4bTE4aW9IRnpPUUtSMnVXc0FrZ09yMEt5b0Iyb1pEN0cxejJOYWNLTmgr\\u000aOFlyZXdOanVnZTBSbDJaWmVSVkNLc015UTRqT0diSmV5K1hQWkVyWHRGNWtsMC8w\\u000aZDdMT3BVQjRUcWM2NVp3NmpBOTFRK0c0dURuN0xicXY5LzVoUFllblBHeHM2Snhl\\u000aQVNhTW41OVR4L2JYUlEyQVIrbnpyNDRMTG9xVEN2dzJCRzJ5ZlBzb3pwZlpITlIv\\u000aMWE3cGRRdjdvVzhwdWV2WjYrb1p5R3p1NDhPRmRTZjFjWnNVMUhXdnUxd2J0blgx\\u000aSGdFWU1hNm10MWR4WjlNMktzMWpMc252eDdyTjJBMHlUeXA3WndadTZCQlRTeHVS\\u000aSjJiYjY4THJFZDlSbU9FN0VKZkhpZjB1a0tKWnIwZndJM2o5bkNnWk1hMml2Yzk0\\u000ac0NSMXV5c2pWcGc3d2FoOGUyRkg5cFN4U2VZa3RqVzBnY3ZvVndLNmZiRThiWVp5\\u000aQU1DL1A0Z2JxSlRIWkZzeVA3dVVIaVhQdXoxTEhnNXdOSk5BdXYxSFEvVTlLQlBF\\u000ac1lKd1R3YmxEa0RqK0RCbE4yZEVtVHpaVkpWbGU4SGlINGhzT1NoNDQ1Q2xHREFn\\u000aL2hZTE1kYTBqSDJaS2NneVZSMnhNMVlYd3NMZTR3QnNBNUdLRkJTWERFQjZmMkIv\\u000adDJIU3VZczFmNldpbEFEaDBqaU1JcllTTnM0Z2tOTFJYU3IxbkxpaGxMV1FWNzZk\\u000aU09YOW55MTJONFFwZ2wxTzVSSzUwWjB4SktNNE0xN09xZldHcVVFNnlSYWx5V29D\\u000aakFjZzhSdE5TZzViSjhDUnRQaFJFcnNZeE51VzRVZHJSaEk5dThxU3dERTl5QmNQ\\u000aUWoyUzhodm9FYlRMbXV0SW9zRXdvdFFOeXVvU1NuN2lVQXJwSWpuVzhLc1U2VTAy\\u000aeCtzd2NYSDl4VU92ZE9ZczhCWE1tSC84bXFxV0UzMkpVcGJGNUlaWEw3TUIzMEc1\\u000aTTg2NFZmWG5HK1FUbmkzbFlSWEhyd0Z4R1FPUTY0M2hzVkZDSVVvYVhiczRkM2RE\\u000aajZPUVZhVGxtM0k4R0ttYVNNSSszR0pYNWZFVHNOYkdGcCs0ZStNZEZkak1Yb1hR\\u000abjZjSFVGN3NYd2FIVVRtekphNDZaZDBLSjVVeEdicU1oMUo5cWJLamUvWWJzNjNZ\\u000aTjAzanNWNGljZy9qNngzb1VvRWdnd2lDSW1td3pIbDZVd20zNGNmZ3g2WEFJM3BW\\u000aaTIxMHhBTll3K2M4WDNPbGxnbHlEWjlaOHE1bTZOMnV6UUZMTFRDYzVIUVU2eWkx\\u000aU2g5d2pjOUdkakJSSDErdFZ2cVVDbnUrZXZNanBZL1A4R1hDZXRIdEhGa2xER3dF\\u000aMnNQRUI1WkZVZFkvcm9WeDdRczVSWVpkMVdOVEovRkMxRk1YTkVtTkNqRFNUUk9X\\u000aVUZlaHF2d3RjUmVQVHdkdEdjVWdONmVqSXBOdTlzSWNoUFI3UkVOYWtRRWR2UERF\\u000adWl0dWpQc1g5a2ptV3A3TnB6MU1XQzV3MGlEOXdLVkhHc01jWGF1SlBwVFVCdzUz\\u000aS2M5RTNGc3F3Q0J1cGNscDRZMWpzRk94WkYrbTBweFlnSUxPS2JSTjBjZHFGT2ll\\u000aRzhKcVJidXBpaGovOEpwaVg2RlI4dWxXSXZzZ3RSU21pSVZodlo5L3V5cjVXbkxJ\\u000aNklDV1hWVHRWYVY0clF0QUFSV1VlY0JYY0FXRHcwOEhzL0sydGpNQ0t3WXIxYzg4\\u000aSU4veXdaVnBuT0lveHdxNU9wczg3cnBqS2hvaHlCMk9ORUlNZlBEM0hYZG9OQWRY\\u000aTlF0SysreG4xN05XNHF0WHFxQitFeFRDNWRGQVpvT0I3QnpiVFdKbjV4NGMvUTNw\\u000aeEMxY3Q4L291ZERnQ1drTGZpT0NYWEwxbzlqRjN4SEsvL3hhMEducFh3Nm1IRndw\\u000aNW5XZk5UMFFDSmRJcWRrM05WbklIcTJwRmhSTDFwSUptdHBTOUNuSlFiNWZLVkcr\\u000aNXFTM2pXMkNzdTZTTWFiSkpNQm5vT2l0cWpTRzJxL0pIMENKaElCZk5IeXVxK1NF\\u000aN3FhaEJmZ2dtNlRQUkMzWXFjc2V1R2Zqa1N2RnBXN3hNU3c2QlNvZWljdktVTUNp\\u000aQW1GQVB1MXBNam5MMUp3VkpFUkxHcVZrVFdZanZqanduY0pWZWhJQTFNeHNHWWsv\\u000ab0ZpbnF5TDVsSVUySmNYMi9kcXlKclB1dzR6eWxIU0ZXT0FPSWtsSEN6eVFSN0lr\\u000aeFphbGJDYmpjWGRFVFZFV1YxSnJsZzVaMHhNbG5jYnZjQnUyNWtUMC9oYmh0alNK\\u000aUnJMU0dqOGx0Vm9ONCtCWmt4Y1ZTVUtLVGhSTGtKeENBdlQwV0RkQjM4aDh3eWtD\\u000aODVib0ZmU092UWsvdXFWalczK3ZzY283V2NzRmE2OEVKdWN1Y1Y1QzhiOEJ2dFV4\\u000aRWRiUXZuMlNkcjNUTEFqazlsQ2ZtcUM2Mm05VEpHOXVxdi9Fc1BxNmxtWFNLdHpv\\u000aWmo2Z1Z5ZGd2T2FXajZLMnF2R20xSGZiOTlpWkdhWEV3Y1U1bUZGNVBZYlMrdVVl\\u000aTlRPODgwdTl1dVJlYzJlR2dBMVR4SlZTVHY3N3ZuRTI4cnBzQUZycWl0ZklwTXll\\u000aUW10RzAvQU05bTNMelJmT3dLNTRBeEdDRk5CV2txYmpRUll0bUlaa0hWdDVkQS9Z\\u000aaXF3KytQQjkxaWJIQ0l3WnAwdWYvL1AzdHRzVDRHUy9KNjBoZ2pWNEJwek5FVVJJ\\u000aODNkSEo2SGZHM2dlaXlNeGYwd0ZuNjVpd1loc2s0bng2WjlleDVEN0J6Y0U5K24z\\u000aWFVBVkJmcXV1V3d2Qitxb0RBK1RpMVRDQ1gzTElteVM2RkhJZU50Y0lOQTc0UldO\\u000ac3ZtY01mZTlYUi9IQ1RERzMydXk3QzhiR29RQ3JFcllreTRXTVlhSGZScXN2cjRa\\u000aWGV6TGpENTJkbHkrV3UxQVd0YmtxbzU4am9pNzgrYjhhaEREVG5ib2ZFOXdoeGxW\\u000abTdGYXB0Z2NET3E1TER1WDlNTHdZRmM2WGludDZIUGtHMUhoeE1rMGdIRk1xTzJs\\u000acm1lQ09nb2t2MndwYk1MZ0txRUxZR252amNzR3R3WDZQMzlWNnlFRmcrOCtFZzFP\\u000aR2tRUmkvbzRScTRjSm1QZ0x6ajZKVC9FK1VZV2NjQitLaXc4S29NOEJBVGVsNEsz\\u000aVFlhcHlBeUVyYW13d1NGWldKOGJDdUx6WWNRODVEWkxCRy9UaWtDUHA2RmZzQy9V\\u000aNDBCWGdzZ2IvOERKS3U4SnNQRWZ5WEhFR1I2cEZSVHoyVmE0YXRiL1hCc3NMcmpm\\u000aTUsrTVJ3dXZnTTZmQjBjbUh5eXRkbjVrdVBCUitSa0FnLzgwMVRhR3RJUml5UnlQ\\u000aYmU2aXZSa21tY29idTVGc3F4eFlCa3V0VUxoZm1JaE5Ma3EvQUhvWGZZTzdpZnRW\\u000aMkljTmE2QkZQU0NaajZ1SlY2MDBKN2swRjRnZ292UmVWZmlTMFFoSk5TeEZ2YUQ4\\u000aZVRuUHlVc21SWjY3blMvenp4QVFyN0FrTXN1S2xLVlBReVlVOTAwcFZsaGRlNEVH\\u000aalRTREcxTjYvV0crdWN0SFo3Mm1DM3VYQTdoUUVLZEdxbUs5WER6Qmp2MU1UWDQ1\\u000aakhFR3JWbU5GaytKVHJFSkVsdEdRTmJqRE96UklORklxMVgzalRtN1pZTWQ4MVNv\\u000aOS91Tk14Y2hDcXExUzkybHMrUkl0elJJSVRjZVVDMkp5NVdtQjUzUHNqdDNWYW4x\\u000aSThBaTN1OUxUa2djaGk4N2QyNXVRbEhFd0RGMWZydjgrb3NubUZBQy9GbXQ0YXA3\\u000abjRKenFzVUhDV0RucVU4RjNEVVBTRXBsSEY2UFFNc04wd0JnaEdDNmdpTDFVU2ti\\u000aci81UUlhNlZWV1B1MHE5OFdyVlNCT2dnMUxHVVZvUFVXOHdlaWdRelpXYW1PU1hs\\u000aY0FkL2lrQmVaSW9iVlY5VDlDZytWbUN4Ynk2eGhBL2kvRzZDSmVjc0c4UnpTM1dN\\u000aY1did3RyeFZicy82bVhoWGtRZWhCckhTSDZyUTdvckdMakljQk52WXRyR3FJeFF4\\u000aNDRKQjJIdUdyTUR2QW9rSEJCYXMvWlBsOGdOTVZ0L2ZqQm1ZbFdRSi84WFdBT0Rm\\u000aa0JHMG5HLzRBUldUanpkM1lsb2xKQW10Qnp0YkNGWWkvNTlaWFZvV1hBbVg2b0g3\\u000aNUhvZmcrRHdmQW1nalYzR0VvKzhUR3VnQ1BqMFRJRERvUEUzV0IvR0wvUlAyRHRz\\u000aZVZ3c0pxak1UM0tWYjVTTHZkdjNLWFJXdVF4K2JNaVZCckZQSy9uKzhZNTJENjJi\\u000aT1NPZHVka01jQVVnaHpuRUpNWUJPZGtZNnplUjRLbnljVW5wc2xiTXhVRUtsMGht\\u000aL0JiM0FCUWdzMXVGZmg5QUVEUjJ0ZmJKNEd5RE5lZSswVEVYbDlTRHFRazB1eFAv\\u000aTEFMTUp2Z1ZPdHZqaVg1bjQ5a21icVdQbldWRGo2OUxPNGgxN05IWFNhQU9uNHk4\\u000acnVrSnh0akw4VTZLdTNST0tjMnlEZVpwNUc0V1dUNVVndjJQSUdyencyM2FqMWNj\\u000abE0ycmpqeFF2V1RQS0cvaDl5bm9GWjMzWm5LNkdGSnRYUTJFQ21VTGZ4OVZ3UDZj\\u000adWpzdVNwRVQwUlo5NXk4Tzc1dmNBRnhXNnpubnZSNkkvRlBxbHE3MzM5UnBJRUFH\\u000aTFRuaUQvZkJLSi9hS1RyMXlaM0IveldiVmlsYkdYWlp3UW9uZnptYy9qS1orVTl6\\u000aWXlTMTZ2Yy9TV0k0aytiQmpNM2hoS1pKaWJFeGpGalpIQStVU2lQS2Z1VDV3T0tx\\u000aU2lsbWJLcWJNbWtNLzNKelZCTlJtSnZwNkxHdnRJdDVJMkYyRS9DTXlPMjRHQ3RQ\\u000aajdlYjlYNlA4cUd3SG81VHlmWm9Vb2VPaXNMVFFmZXpISHhXUHFGeVdKY2VmSE9B\\u000aM0VjVTgwWHhPdlhyUWlKR2laUlRWWVB6dnAzU1ovYnJRRk51bHM2Rm5FYW1hRER2\\u000aNDJqSTRyVi9TYVFPZ3dRTHdYMEd0MCtvdGRRbjd4S1diZVNHNWhNbzFXMkdFRC9r\\u000aelpJRGM5ay8vZXdkMXg0UGhGekRFcjMzSDVtQ09mYTcvTi9KR2wvYXpFUnl3Qm1j\\u000aTDZ1enBFQWd0YXRrSjViQytnVy9objM3WDRRZml6cnZzQURXVU5uMTljK3ZzZG9M\\u000aelNwUmVzNDB2azQxUk9SakZ6eFEraUZnRTluVXZLSEx2ZnpwSHVkeGZKRzlRZGQ3\\u000aTk9mU2NRaisvTzBHbnhOZDgySnBXZ1p0SnZHRzBGWkZ6Z29aaXhBcWorLzIrRHJJ\\u000aUjRYeUdQa29aVDJLVGYxU0RNbTR1dEhuRkYyRldtV0hxWVYxSjdwMkwxZ01kYW8z\\u000aeVA5TDFFME8xMWNBSVVNaGIvMWhvSEFIbldBYlF2OEJQUnNVTE9SdUI2dENWTGNj\\u000aenlEY3UrR01nYWU3bUdPWERaTmczM0gyTnNmV1RJMWpCd0JSYUhYaGoxUHhJc0tQ\\u000aOVdnWENNQkxlWHdHV0s0WUpDdmNUTjZoUlIzZWZ6aHd2UzZjM0k5clVDc05HaTBk\\u000aWEdIc0QyRWV5RjdtYm96cm9Zb0tSWDhXL0Ntejh4TnI2eitNS1RwSWZmb3QrZ0NP\\u000aaTN4QkJxQ2pLdmg5eTdLMVQ2MkdEVElqUjdOaXEwUkwxTEU0cVFSbDFmNkNWMGJI\\u000aMzQvMzMraERCWnJmREVmekRSNlpSTGhycmI0c01DU0ZiaUYyaXlqY1QycVJTZkVH\\u000aZENwanlHcVZQZWpWT3VvK0JZUkhoZURqVHZwNHUwV0NBS0cyNHViM0VQWnYwS3Ey\\u000aNHZGOEhQclJIcFBSVkNqdUZHa0dNK3NqWWlkeHh4VnBDa2hsZmxZZnJFUjJSMGtM\\u000aTW9Hamkway9wYnlRdEd1dnk3RDFQZ0V6UEhCUUVHSzZhaTc2U2pWNU9HUUdzMzFz\\u000aYzJKMFlRME14Ky9wNEZtb3hvek02bkxrVkNObUxWMStPSXZHaFV3cEFUd25XZTZP\\u000aUFBHeUVyVFpvalZlZXVqa3Q2ejFzNUtVdEo2YVRpMWZxRlRiY2tmUGpaaGt0K2Ru\\u000aTUdmNHVxdXhza0VDYmJTOEVEUm1DUlM4Z0poM05GQ3VGR0pzWW94OVBvWk5BaHhK\\u000abEYzaDhFNk1UWkxNUFRrWHhHS3B0VndqR3IxTmx0VGRycVNKRVFtSUZTWDQ4cUwx\\u000aeWtudXY3WEV0TWxxUGxVUVBrd1l2THhpeHNqTHJEV1R5UG5MY3RRR3EvVDJ0cFp1\\u000aYjc4cXM3Y0NoSFNMVWV5OEt3ejVxS0ZpS3ZBTjBBOEhvalhzOElZa0F0NDFJdVZm\\u000aYW9oTHVEcER2Nk5wTmtLaUV5ckZyclVuZjY4cFNybHNiTHpSTmgyek9DTitDaXZ0\\u000aOTB5S0JXbjlUeXkrdHhIcy9EL25qMzl3Y3ExWXc2VDhlR0txVDR1OExOUGJ3L05o\\u000aMm1ramxQaE5SR0R1SUZON3MyKzlmYjhlYmJQRG5LL2ozdUtieWRjNEM1QWhDbUFk\\u000aYWpzVXA0Q3dpNTVGTjJreXRZZkZ6TTlyZk95T0VlZ084bzdDOFB6WDVjcENIbHdo\\u000aZmtMWHFwMDBPUktXZ0RQQlZnaVkyT2JFaU1CeUFOZFVOK2k0dVJqUjZJUnBMMXlU\\u000aY1F4Z3JlWmVkK1hWK3BwWEtWb1dVMEowR3o1cE94MDRYY244UUh2Zno3MjdtN1NL\\u000aWDdKaVVwY1dJc1g5UmZjdFlJb1FxSkY1endSN0s0WDJYV252NVBtTk9YLzVGU2Qy\\u000abXcyN240WlFqRjZYdFRUbzZZeTF5d2dzOUpELzdnSmIwTkczMjhQcU5Hd3FFUzBo\\u000aUnBYR2RydHY5S21hbzFjWFNGN2drVHZ5RFRScXRYcHYzeER5bXROSW1pUlNOOXlk\\u000abHV4aFUydG50dXVUVlN1WEUrTkJ1QXovQXdPSU05cnNOL1F6QzZXT2hGWkNjd1lF\\u000aK3pGa0FLVUJLUzBvSG4xbmR5dVQ5d1ZqbnVDL3ZhbWNTVmwwWnhJODlpcTc1Tzd1\\u000aS0V1dGt3Wlhnei9YekdVS01NZmo4Qi9oYW40WlE3MFRidHZDNkszYUpLWXB5RlQ5\\u000aby9OazZkMzQ5MFV4Z3AyclZVQnprV3JucmtZUy8rRkV2VUd1cW51V3BrZzZra2Y2\\u000aWmFtbTVidVk2Rmx3WTJIODVxQkV5a0haWGc4RU5tWVBtc09QOFM1TU10bEZYbXgz\\u000adnJUVUlRY2RtUHV4V1RYNlArSEtvOWZyandLMkxFTmhYUXN0aldZbW5VWW93TUZH\\u000aY3l1NlR2TTdWZDUrb2VOU0tGaldQNGgxbUFMNVYyTHZWU0JSYTYxb29mQ3VPODZI\\u000aWmNQbzRPNEZoVlFXeFkrYzBLT0tFbzVlSjZiemlneTVvclM5WmY3OTlQTXdRbVJy\\u000aZmVjWDF6R3ZYMEZTeE9KdzZEM0FVZ1VhR3dSb3M3d1FlREd3QWdmUGJ3bTJLcFda\\u000aK3pGK204cTJXOHlUbitGR3J5czJ2bXJKczRTZ1YybU4yN28wRFRQV1p0a3h6Y3gx\\u000aU1JoUjM3Z3d1NUdreGVpL3A5NVdTeHNVdEozUUd4Rk91dnQ3T284V09rRjNlN3FK\\u000aSnQ5U2tYSVVpMVNGYzVRblZ6Mno1MmYzVStabzlwdlBVVnN2UlkwelFuSU1xVTFE\\u000aN2FwTEdhWGltMm84MWszQ1gwVmRJQXlaYmlGUHVEcGtZOWdvcE1FcjgrclFIQWRB\\u000aMlRZalpwQlhCV3NyNDg2Z202Um5tc1luVXlRRnFTSkNFcWhCUnhXekhBQk5GdVZS\\u000abEF6ZE5DV1Z2L1RLVXV4WmV2bTVCTWNyL3V4ZmgyTDNpUmh4Zm96cU5HMnh1RXFS\\u000adTFSR1pTRWFkVmUwaUdUVlhWcnQ1WHU5QXMxdXY0QlJGcm1GY0FpbWkxQ1ZqbUJq\\u000ad1pPNTVmeUdrL1haNGgrQklkaXJyK2Vxdm01ZmhZV1JKMmk1YmNUUE9WYTFpeXlm\\u000aZUlaNkppMC8wMk1BTVdlSzB4L0puWW90clJXblA1MGJFOC9XT3hTZ2VMRFNaLy90\\u000ad2pGaUpSTlpEQkdZcCszZGFrZ0R5VHo3Q1hWV1FRTFlGL0NLOGpXRXI4RE9ySUFp\\u000aVjNheFBaNG96YVlqWGVXNHNxQkpkTkdkZ1VzV203bmJnMDRNcCtIL2dDbmQva0py\\u000aOVNmSklaaXdtbnpJR1hXVHV6ZjlTV1ljYU5DK3dzTVBpQURPNjJsUDhoN29xWk5F\\u000ac1dpQmRTTEZ6ak9zdm5rM0Rvak1GeFFxTzlGaHF4ZWtFbmtiS0xoTFQ1d0hhZ1V6\\u000aNE43Vmk5ejNRMFI0VUoxV1pHVGF5dDVkVElYZVppWkpyc0dVc3BiVEFQTElndnM0\\u000aais4aXFwL2pGZWNpclpDRUpuOEo0V3R3UWYxYXROWC8yMlpQWWpZb2lqYXVWTm1l\\u000ac3lTUXRIbzNFYVZmVmljRzUrcHQxYm1ReE5rNlh2ZHUvbVlkVUpMSFZ6VHVpcDVO\\u000aYjdId2VYTFo5WjZwSnZMeEdJSndmR21HZjY5a3Ara2RZODhHN3JvQnN0bk9lMVZU\\u000aUjVuR0lyblhJRDlqcXdQZWF2RlAzV3BjWXRsdzJVQStZdUVVRkJkUkpDRiszdkx0\\u000aQ1pyUm4xNnlYU2tRN1FpSmdHeXV2V0p4QUdZRzYxZGJ4bG41d1ArejlWcUlyMUVr\\u000aY0pXcjZtME9takNJOCswL3lFNXdGbjdEbHlWRWxVRW5ZNzdyOGh6QXFJTUMwSTI5\\u000aNUpnc3BGY2lSaTI1eWRLMzE5c3dLc1dHVFEwZ0xFWlVnNDVxWjAyalBqRWRsM2ZJ\\u000aTm90VGl6TVBVWkdHeTlmK2JpOE9UYld6NlF1K2YxNFk5UkltbWx6N1BmUmltRzVJ\\u000aZ254ZUljRkpxcDBacW9WZ3NpeWtyTVdIaUdDVUMzejZ0d2FnT2lFZlU1bXJ0RGJn\\u000aVkU4NkFROVhWZ3hhZitpRzhYb1JVNmhIVkpNM2dhWk9EVmFYY0tiQkg5L1NaN3p4\\u000aZlI3UjBwVnJyc0U1UHE5cGJ0VUphRmRvK2hpQnpxdGRLdEJrUDdjYkFEVER2eHU4\\u000aYjhkSDdhYVMzUzlxS0dmaHUzMW0xK0hVSjZHYmhTRW9sYnlGcTJySVkyV1p1K3FX\\u000aUHVxU3NtV3NEeVRDSGJ0d2N6RVkvOCtUdEhUa1pFYmpkN0F0RGZ6dmlJRW1aazRh\\u000aRFpCdEdYMTc1NlFIb2hJT21KdGVPTWlqSEtqdk1VNHlYZVh3VkkwcFVwc09JZVhZ\\u000aNStSOWVGQVFFZUJTTG9FOU93ekpOYm1idFJvSHMyQVJWUFlaN0lZMUxOM1oxdnNI\\u000aYVY4czZVbnB6TXZNRjBMdGw1UmEycmxwa0NsOHR0a3p3bDF0T0NVYmRmc0d2UVhu\\u000aZktjVllNN3d3bXFQakFRdWJpK2dEcHZrcnVFZTFxekd1NlA4cFlsY28yN1o3WUFE\\u000aL2dzL0s2ZittSGI0VXlpeXI3cklaampSb2c5UWN4NDR3TXF3RWZvbWQwQXFlbWo0\\u000aQTZ3Q1ZVSjFUN1ZwVmYyc0FSWWVnLzAzbWMvTzZySTZtSTVTQ0tKZ0J2UWhvNEN2\\u000aWVYrNzNNbVg3Z1dNUHRkUExydE9vbk13M1V5aEtxODNuV05nSUFhbDZySlhaV1Bl\\u000aYXVVbjVVdm5jeElNZFMzWjFjRndsRHhVd0ltRytGWnJrTGpqWm1XaDRjdzVGOGNj\\u000aOXhSZk93WW5aaTJJMVRUeExLcTlDOUgrak1sOUxna2hoemtWZDFSZUFkcFpZYUdw\\u000aZnlSUzZsWlBWaDZiNlA3a0lsdlhremplcDhkZUprNm5ycWlQL2ZBdFNTQVNUcTdY\\u000aVVVQUEhnSW0rNTR4UWcrdlQ2MHVHY2ZPaHljN0owd29ia1lYMDJ1Q3p0c2lranRa\\u000aRW03WTEvOWRjekx2c2xodUZ0d1UzTWF5Q0QwakRmRkhKbVJCMmVLWmxRZHZmU1A0\\u000acmJ6SGdwMEpzQUJlNndTMlkzdDd2VTJDdklqM3djTlZRTkZCQnZYbmk5SWNxQVNm\\u000aREVWMGhYc3F4YWtQNFAvRTVDMCtkNVR6eDBIRlF6czk2ajNEcnlHNjl4eTByRzBV\\u000adGZLRDBmK3VMc3NQVERybWNhU1ppVXh0WmJqbGtpR0hDU2R5YVo2RlNSYWhMcXpH\\u000aWVJ3YW9wRENDVHhQNXh6WnZaMGIxWDlveWE5c2JRZWFEVEtJZmdmMnc3RVEyZEZn\\u000aLzdCN25lZUxJSVdWTXZvK1pzMUpsR0RuWWpvVUdRYU9ITWI4ZFlIWUJnbEZ6UjJp\\u000aZUN4SjFhU3haQkFQNGFtalErQWp2RDE0MXk3WWsrVnNMeG9jdHcrbzVCRndHOU5m\\u000aVHJzT3MyQ09IckRoZW43TzYwMFNuNWh6MVNhclJHbzBTQjZBOUxJdnc3OUwxZFJ1\\u000aeUc4aWVjaURhRmVVb0M3OERCTjFGRFJyNEpxYmlHTjdXZ0JLQUpyRmd0L1dZMjNV\\u000aSEJPTFpOSHBGZ2lwNnFmNEtTNENRWFFuL1o1MUx3MXhHQUFRSWc0RUxGbjlDcitz\\u000aME94czZkWXZmeVhMWVhiOXkwa3ZyTnZXZDVZUkFWWHZENkFpVTRtOUJZNmZEWFNa\\u000aWm9ma0w5em1BU3Q4anpVZnRPWU94OWVqNzRJeDRQdmRyYmdVV2MyV3hvOWc0U092\\u000aTy9jVlFjd1RPYmFxNkFuVjZIVkl4dGtpakRkeG96dDhYTEJCdVBncFlZWnRWcHJ4\\u000aTGlVb3g3ZGpDRml3cVVYZEo4Mzg1a1gvcXdVNXlYZWwyMnM2c1BHSU95RlI4REw1\\u000ac2ZacW1Qei95bDA1RGJMaTBoTjlBaU9jQStVQ1ExT1ByVllNZ3ZqUjl3ODIwemZh\\u000aTStmOTgvNC9FNW5mVWoxdXlwU3RpbC9tWTJqeWZxd2hnaUpjcFdhWWNZenFQYkY5\\u000aMDVsUkJpa0hNQTBzSGxyeVJpUVdBc1Baa0lxclN1SHg2aGpHSDNGeGpTSnYxZzhp\\u000aVHllL1V4MDBucGVYV1c2ZFg5cGJHYWlOcmZDeGZlOHQzWDcvc3dPTUJyR0VEdEhr\\u000aZWhoWWNybm16U01yZVY4dTV5dDVFL3dmUzJKejNTeGVoTmp5cHhEQUNFSDk4dTFJ\\u000aUUg2d0ZaanlHYVhSQWNqTnVqTTNPbk12NHFKSThzVTdHcE02VHZFcXdrSG0zUjF5\\u000aY3ZhSTRDd0l3d3FzUFlFdUQ4dkIrNks0WGIzQXJzTnd3Qm45ZjZqZzYzZlFvbERL\\u000aZG1zbEJiUGhkdXY3QzJYM21qVnJBUnl4bWdKZGhKckNmbG1hU05rTTIzTWxCZzRQ\\u000aSVR2ZTNhSGFxVnVFVy9jUHVPMTR3alBGdzNDa2RzSWtuancvWTNkOWJiQzl0UHVC\\u000abG0zcXRMQWhSWVJtT1dvWE9malFCUG93WldlMm1RQnJ1TFV1VzhhRG5WU0NTVUNw\\u000ab2lWWnVNYXhuVWpscTAzZ3V1OUcrOVRPZU8xMnJFQkY4cDhtWVA1STU3aWF2enVP\\u000aUjZQa3BWSU5ERVRrQWxqNjZOMDA3T1Zid0IzUk80bDJYTHV5emQxWDI2b1VFUTVl\\u000aamp4LzY1RUdZd0E5ajZpMFE0YTZkZzkxbDBMTndiaGhVbk4wM3dvM3BTRmoraU9F\\u000acUpMc2RUY3pkalllazFlMFlDYU1wVW9ITDlzVkFlcStld1A3VU9wdisxTlF1SnM3\\u000aTWQzUVJnNW9RSzN1NzhYdXNzaGpTZHFpd3RkQTcvVm5SQzN3Mk01bWJLd0VlVGNT\\u000abjl3Ri9GZXBGcTkwQ29wL0hGc1hxeXNVRU51NWtTY3E5dHpESmhnOGJpSmJkVXN4\\u000acU54NFRYWmExZnA2ZU52ZGFzdjVsOUo1bnBmWDZvbjA2MG9CelZvMk9JNXhRMTBH\\u000ac0J0MW5YNWIrQ2UySjk0ekVObXQrYnFLZ0VoNUlzWlZ0YTlhNnYzcWhtYmQvNGJK\\u000admdhTzVmNmd1Y1BRL3JxcjFVbGtDa2dQdnZyWm1zWWVyUDlzeWE2YWhBbDJHaGo0\\u000aekh6eTBDSytEdkxBU0s4MEhCN0tWZFc0dUpxRDYycGlLYkxKVUU5aUhoVTRRVVpu\\u000aeG14eGtNZmJnQS9pdVR0NG9vdy9LOWtIcDkrUWJVazlFUGc5Rno0TVE3bDNiTUxo\\u000aZzdVMjR1N1hTdlR4TUxuMis4ODB6TDNudUJhRUhkYTRic2VDYzBwaDdOS2s5YUFl\\u000aTWF0cWZycjNTSVpycklDZHVETkNhMmRVZXl1d0x1Lzd1Zi92Wm1oVEpaV3c2MjlG\\u000ad2thdjdhaGJRYU1NZ042NXBhL29BR2IwMXJrc1NYZ1hkRjdhc3JVR3YzSGM5ajhu\\u000aSXh1NThqWHh6TGM1d2l1WmIxRFB0OE9mSmdXYTBGeVJKajZBSEY1SEdicWFGTTlV\\u000aRU15SXU5Q3I4c3BGNHJURTVBNjRrb3hqZTNtWGZIVVNVanBUemtLMlllMkpLaFk2\\u000aY0dYc0t2aE4xbHlBblNQTEZ4Tm9sc2k2cHJDWTFaeUdQdVl2bm8ybDdQbFRGblAx\\u000aM1orMCtRMGxCdG02eHZCQm4rUGl5bWxtOWV2TUpoeHNOeGlaN2NZMzNPQnl3NGJ4\\u000aRlQvN2RmUngyUWxxT09BTHI2a1c2ZXI2WUVuQ21CNWdGWDVsSEZML3UzQTRPUFAz\\u000aZ3k2aUdjQ1pPVnJrOTdUQ0NZZDJ6UTVkZVFKSWlKeFFQQnlGbVlQTzg5eU40QlVI\\u000aOWtRVFNDZUdvbVYveWNIYVpkSGwyQ2JIVFd2aGdCcWFiTWJYSnhWRVdac1MrLzJN\\u000aaGttZE5aSThaV0VnYm5odFlXVHUybjhtOGZBREYwMll4UjFjTG9Fa25FN3p0TkpZ\\u000aZE1MZWUyOEMxRk5kbDNtUzVyRlYvclhXVUdtQXAzZ09Lb1NXUmJMRDNlSi9ybE9U\\u000aL1NwVGJFUDVJNGdsQ3AwOHYxOXBMK2krTDlpSkVhWmp3dHd2M1BXRElBekkrWWlr\\u000aZGJnR01uYitYeWwyUDk0R2c0cVk1RTRQN2ZTcFllaVZiVEJleUpRMG9JUzhuUDlI\\u000aUHpwV2NSRjNFOGkyVmhCSU1aYjdSNWtJSVdxa0lMbXJwNnBrejA2NUNKQlNDay9U\\u000aYkYzaVhadU1kcE9udFhMYk5Wc3VGdVJud2FYZkpwVE5LT3U2K2VTcC9rSDE1cFda\\u000adjVJMlFSN0FGaElXSHFCYXo4Z3k0QzdVcS9uVWVqN2ZHM0V2c2ozTVJ4YlNTUjhG\\u000aSnFGZDB4MSt4SzgxTnM4QmlqYUVPV2xBRDFvMU05WEFGTXFWM3pVNEVuQjIwaUl3\\u000aYW5DclBGemJidWNUcVU4RHMzb2k3Yy83emU5Z3ByRHFtK2hKcXRTYXEyNkIxeXZp\\u000acXl6VTd4UVZEczU5VCt0VGkvdDFwalZkclJIVWNWZVZSQ3h6NFl1N1k5TFVaWDA3\\u000aM2o4eXk1MktLZXk3dk95VzBkNWxKVHpkWEpmZkhlQlNhQ2ltMnVwZWZaeTZKeTla\\u000aZWkydDBOMENIUUtzRnkyQk90bTl0MnNUUXFQREJFR0dDdGVRTFB1Y1BOL1doZS93\\u000aZC9Ma0cyNXFOTit2MTJybUNWTE9CM1JiRFpOYnB2Yldxcks5azR0UFF4MkM3M0d4\\u000aeXNIMjNzNWhJOEtvWVVJSEgrQnUvMWF6SDVZTjVhanVXcTNKV1hZVHk1S1crOE4y\\u000aamdvNk9qTENIVzBzUzU5TXcrQU1MajFCaWl2WG5Uc0xTeHBTSVByb21Dei80c2Ri\\u000aM0N3a296akZSOUxLRUJTS0NNK3RxMXA4ZUtTZ3NqUzVuaCtwU2NNRkpxWjdhekRB\\u000aeEhXYVoyNTQ1bWpEdVJOV0Z2M1lsTEhXczZBM24xSExCdnVOUWs1ek05RnYzT2tm\\u000aTzBqOVlVUWFnWjdCMTlUVjVCNDhwQnAxNGdYNS9TR1VmOTZOaWQwWmdURVhQRU8x\\u000aM1JnRU45cWVsazRPQk1icXJQNlZ0d1FPT3BjNXVEWHgzcEdWQkhTejZrb2JRNDV5\\u000aU2l5SUI2L3BiUGlsbjlDdmhNSWVyNWp2YlZneEtCdkFyajB4RFRWWVpGcVVYZVhz\\u000abHRlSE5WN0czd0E2dG9DWU1ZZ3R5UHRtWjd6MDMxZGVEemtwQnBBV21HOW85OVEw\\u000aSC8yV0EwaXNQdVVhbU8zbjFFUG9BRFZQZHF6UFpUOThPeDRjS3kyQmdBWmJBZVgr\\u000aR3lRTzgyblhudE1hWmUwbVV3cnFPbE13clZZNGhlaXY0aFEwOG1VekdkVXRSY0lL\\u000aTGpITm1OcXZvdTdlY2ZHdVhTcnhvMXVJdkdIbzNuVlVZTWc2ZEFRRlpnWUh2ejdZ\\u000aREFKWTBEWGYzTHVFZTR6bVh1azhlNm4vVU5BbE1ZQUlvdEsxY2Z2TDV0bnQ0akVD\\u000aRFFjb3lZaDRjUlVFei9XUXdudEE4Wm5sQUxRMlJOUDY0NXhjU0JOMEVCYUkyb2tB\\u000aNXI5TEYzK1h2UjdxQTB4b3VoNEMrNWZRTnpHdTdwTjFUck9WblYvQXBsMlNaMmtD\\u000aTEJQN0hjWWt2b3ZBYWFick8zeGtrUmtsdFRCd01rR3RmRC9NTm13WW14NTN3U0RL\\u000aUjE3NG1uckRCRDdOb2d0S3NTNG03Yk5iZUZyTE1hdDYwYmZVWWsweFp0YWxuSDdP\\u000aU0xqcURHdmhYQlBDaVFLNzNNVXppdU1qWFZXMTVUWWJDempuMHV0Q3d4Szk4TVlv\\u000aY1lNV0o1UGQ3WG0zejRva2prNDVFTU9DZVRGRmdZclpVNzlWYmdERVFpbUd4a0Ni\\u000aOGR4ejRMZkh4N1NGUXVhSEpNSjh4SUxZTWFSL3doQ2F4ODUydlNRaElJWG0zZ05n\\u000aWHNyeTZ3M3EzLzQ1WDd4OHVPd0p1T29GUGd1NEtNVDBTUkUwSmZRaFhQUDdpTXVJ\\u000aYnRrd0ZXeWxGQno1SmhVMzhzZ2JGdjlaVnczQzcvbnFZVUVDMXZRWHRnbEs4bGJj\\u000aazlUMzU5YVFpclBkcHF3NjA5OFFGVktyNmliTlMySk0wTHFlM21neTBYQ1RTYXUx\\u000aVE4xeXN2SHBpdU1jSW5BZWFyL3d5b1lsek5BZU1kbUQxUTduaWNBK0pWTWM4elJn\\u000aZ1NKcnRoZDZ0emd4NTFFTUNoQUpFaGR6UkpjRG03Z2c5eE9TTzNPTGpRdW05K29k\\u000adjY0b3NZNVNtbDJHSkgzZ0pzRmdyc2d0TXpTMCt1dnYwdGlZY1BoY0VsL040Vlh6\\u000aV1FTNjByZERQMTlUMFFYREMxc1luSS9rZFREcG40WnNyNFZOUzRkM0cwaEQ2Rnh3\\u000aZzlVdXBzN3k0MjRzcmlOWDgzZS9CWFhZTzNBWlZCS3czUlBVWnl1RFRZY0V4cnFM\\u000ad1RPWnJNQUJrVTBuNnBpYVRqMWZhRDJpZUZxcEFycGxIZzdrTW5ZdVN2MVFDekl3\\u000aL21GR0VEWVFqSWFiWXNRelZMRzd4YjJxbkkvTWdTbUdGUFN1VkhKNDBMNzRPYTh5\\u000aSklyeUxvV29ZSDZYZGo2WkdqZXlpT25YcEJFOUgwT2RlMUJJMkJTTjVwWFFZc0hH\\u000abFUzQ1preHdHdUZ5WnVzamVDRW9kZURPQ2lveUJha2kwSzB0cE4wTWZYS0Zubjd0\\u000aVitWb2FXV0dQSEtBa2c0eGJIcjJnYWltWW43UlN5cVcvcUVkdzFVTEgrR1RMQVds\\u000aS0F0eG1LR0ZnNkhtNzFtY2kzNXBGTW1QakROeER0RktZWm40Y3RMZURIR2ZVSEI3\\u000aZlBEOHRjZ0c0VmxTSktwTWVYR2RRT21qMkJubFQrTFYvN2JLbFQ3aSsxTWk2QnVZ\\u000aUmNBbW1GZnU3ZGF2Z2IyVFRvMVM4aTNPdkNieTgyMW16OXNjZllyVjd1bWhYWTJU\\u000aU2ZIQllyeXFtTzlHOXBuSGpTejlsTko0aEdpdU1hR3hNSWhOYUE1Q0trNTd5OEE2\\u000aSW9hWjFWL01BRmJyNXB6RXNlckx4VzdLbld3cjB5WGE2U2hCSDVwSGFXR3hRRlBS\\u000aNEs2bEJKZXpjUlM1ZUcwdjV1SHBQWTYrR2J3dFBUNHBDcENIdHBKNk56dlNVNlFP\\u000aNGVHYUY4b1NEV3pPRXRJVEJCdlBuUWFxa010L2V3Vi9qZldMNVhJbll1aHV2RGtu\\u000aNnZhbTRzenBONWs2WFRYVjh1QXNWY3VaQ3dLRXBKZldSQ0V4dGZqZVIzZ2E4U28x\\u000aeWg4Qm1QSFNBd2FxOUVHc3pBcmdScm40QllKZ1B3VWZ2WkY2c0pIV0pKSm54YUdI\\u000adUNBK1dHejBrcFRpVlJLYVM0SkUvODBHOUxKZjcvTTlvWEVULzFTbWRUaWEzM3lY\\u000abFVSb0xGdVE2OWZuTzhDUzVNM0IxM01HTHN4Wll4aUdTUkpYYkxHVWQ2bnNsQzJ0\\u000aNlh5SUZNdVFtSFcvQVJSNXVNL0o0VStWSUdUZlFPTlowVnZoQStuNlUxNDRtR3Jk\\u000aU251dWROWEpXRk83N0JzZWp2dHMvRWJXNHFOcHE1NWNQQmY0MzFEQ0NoMVJNdTJ3\\u000aNnZUZUJRNitJcllOMGo3aTllcng1UFEvYXN1NkRvMnNRWFZhNTZHVXFNUmJKVUNs\\u000aaFBNM0F0SDFmZ3VucnAvODU3a290UEhkUURBM05hOURNT2lvTEpSM3puN0tiSWlU\\u000aNEo3THFtbUpET05WcW10LzdpeGwwTVlDTDh3azFHOXlnWUhxR0ZsWGoxUXpxTlVS\\u000acHhUU0pualYyTjZOejZmYy9MVW9NR1E5OE5yb1Q5YjhhclNBcVN1TmhCaGwvbEto\\u000aNDJ4QXp0UVdDNkZEY3Nmd2FrUUpGeGs4OEdWWk9hMHJ3UFNEM29LcUMxc05sc2VW\\u000adzVzMWRjK2dodzJKTGRmeUcwWk1yZ3NaQm5uV3RHanhEdFg1WmUxZ0VKbUo3cnN3\\u000aTGsvWW80S1VuWkZ2REF5d2t5VllMY2hwMVJ2ejJKeTNGcHVpWU5sRXRkMHZKRjlX\\u000aR2dkeUd2L1JpN1pEd2tybzYxS3lMallvMVhaelBmUTlscEVqMGRTKzBCZllZUjcv\\u000ac0crcW1qZEZFb2YybmJLRWVaU1N0K010UTdnR1ZGUy9ENmtvWmZNSlM3c0svSTBh\\u000aekVrdkxRR0hTWDN0QW13YXB6K284VDlEYUZxTDFDYjZSNXluUUNucjZ2Vk1QMG1F\\u000aRm5GbURxWVMzY2c4cldyeEdrQmFUcTFDTDZKblhzb0x4dHMxV2N3QmVmR3NyM2Yy\\u000adEZMcXN2TjFHOG9nYm1pN0JDSWthcFdEK3FzRUI2UmtNeStGRVQxaEhuMEZyNEk4\\u000ad2l2YnE0cVpsd0NncHZ4Ui9tYU9iRTZiTjBjK093a1dxcEpRTUl5aDZJcXZsTUtP\\u000aR1d5YmR2aWEzemJMNk5XY05IUnk5aWl0bERzdjJSNy9QMXNqR1I1ZmI1NGRkbXhO\\u000aMmlFVzZLdEFZRU5Bb2VwSUtrWkVDNUJ3QUNYajZrM1Y5dXBNYzcrZnlOSEFBbmZr\\u000aaTZ5amRVa1BZMzVsbmNhcTJRcDd6Q3BWdk1qbTlTK1dtWHV2ZlNwc3EwZlVxWlN3\\u000aNmluZnpncjhlNy9zZDhIc1hVL1BmSDY3S0ZzWElOQlpMVm41QXF5b01YTVVNY3dV\\u000aVCs3RjhnSGl3NUpRcnhELzhvcVhUL3dvLzIxcFJObXF2ZDQreG5hcGtDZnBpOUlv\\u000adFNjd054ZlpmelkrdDZyRmJyU3VWMXZQVHJaSWNrT2ZXNmt5MHp2UmRCL2hna2Ur\\u000aNVBvVGRnd0diSnp0Ylo5R1pYSGpGZFVLWFFKVWxscmJWRGhUTkNoakhxNGE2QzhH\\u000aWWRMV1hxNzZxWlEwWnhvRjJxdUtkM3NjazEvaUxIY3owMEVuRGExK3BXd2VTMVhU\\u000adUZaR1lFTXNGeUptWSt5QmdRK3Z4aHQ2bFArKzZzSW9pbUF4cUMweWU1SC9McHFM\\u000aaFBTQlVpZHppcnlTblZ2SjZmcjI3TVRQUTBoci9JYUFXRlZnUG1yNEdqd3gxdWh0\\u000ad1J4aVU3K0lwUUxNSVVZYU1nVldnaTZvbU5aM25mcHZyYUdwWWxvaE84Z3ZXK0lL\\u000aWFJNWEJBR0Y4TlQ5UG1ZazNXa3NPVU8rVS9XKzlOL1d2algzc2haZWpGd21GYVg1\\u000aWVhyREE1MS9icDRvQWlIMzd2TmZqTGxzd1piZ2o4NVFsbXBydlhuY1dnS1RZN1pP\\u000aSmMxcmhmQnA5ZUhuUm1nQkVyNHZXOGROdkxibVFSa1dhTmxrTFBSeGd5NHU3d1p3\\u000aN1dmZnYvOG5uWEhsbWoxNDVWQ0NxOHlJR2FiM2tqQ1dvQnFQbnh0Vko5VVFNME9D\\u000aSVFhay9mWjJvdDV6Vk92dGhJeE1pK0MzNVAwRjVkUi80RVBaS3g4a1AyVnZ6RkZy\\u000aN3hFUlBSZFJnbjRqWDlFREVZQTJoWVlwRWRLRUdGai9aZTlKRlJrNmxQZjlVY05Y\\u000aRkgxd0srMW5HZi83WnZzd3dSYnNzalZjRXlMODVQU2F5eVl1ZXQrMUZ5UFpKRk9J\\u000aRnVSRm9vMWhaYUp1cGlTdm5yL1VSSXlGWEhMQ1B2Sld5MnZQVzBibVphR1NRVEJZ\\u000aYlRMcVl0UzBvdTJxOHVBd01vZUYyT25FVDdaTENjMVhTV3lFWWErWFJ0MkduMHBl\\u000aUEkxUW91NGduby8yRGlrN3NxTERydnFRbVpTOFNISlFSQVJaSnh1UUJBWDUrNzgy\\u000aYU9uaWN1aUtTbmwyeHFkM2pYRTRuUS82S2phbmhlVXpzdVRrWHFQcG4xbWlPQi9H\\u000aTFNUQ3VaWHRXcjdlSFpFb3RhZ0pOQm9OSlBYdG5KSElQb1VTdHpGTG9HM01Vc3dY\\u000aeFlCMG0xc2FjaTdaRlJ5cU1sMGtvKytlN1VCSEZOMi9UNS9ybXdsbEhaZ3A3Mm8r\\u000aWjZzWERyVXdxMW8zSVVocnRYNkJPYzJKOWladTVaenVRNkxNNkRhY0Z4bEdtcXRh\\u000aeDB3SlQyZkxpblRRU1ZIeDZDeWRMU3dTcDREOHlPd00zUEc5Zks5VklSRm05S2VY\\u000aaEd3dWxyMXBHVTAwTDU4QUVBb2ZxRmt6eEZneE0vRlRBTVZ1NWxCd29QNDYycSt6\\u000aM3pHQXkyemFTcndJKzdiWnd2OHVTMnpKOEtPajU4MHpKb2JOdU9YdC8vVHlMOGFV\\u000aZ1BtVFB2aTV3eDJGMHRVUGlzL0tUemZoZkR1NTExQXJOS2szZXIva1BrUTVmL1BC\\u000aTVBBSEpPQ3crLzh6NEVDdE9tL3g0UkliR3VIbDExNzdhQkh2WDc1TzloYnBaSkhV\\u000ac1ZlWGJOa3VUQjU2YWVoVkl3T3hHQitDeTR5eGZDb1JJRENXdy9oa1FVNjlZUUhL\\u000aQ1dhUXYydE16eVRkOXFsMFlRc3VBR0h3TDJTWTVKeDJ3RjZ6elMwRUVCMGtCU281\\u000aNlhYZmVwRGZnclVleUlzV2Rwc2hrQUQ2T1NsVDVaQTFHMWtpZHMzRUZiSFlxbmJh\\u000aVzFTZUtoc05QamVBcWErWE4zNnFYQ0NVclIrNlJDK01xTVc5a29XWjFqSzZqMkNq\\u000abHNWVjhkVGI5OXY4alVuSEgrbCtrbituaWo1MllRRzk3eCsrQkVMZ0FZVWQ5Ykxi\\u000aMmI3OWYwSnJYc2s4V1psajZ4Q0l4VXI5ZnZ0c05aa3NEWTI2NXl1VGtoNzE3Smho\\u000aaXFaUHowVi9HcGdVaHJDSmdhbVR1WEo1SmdMdEtJZ1Y4WFVQWXd5QWFUdGpvcGJT\\u000aSmx0MDVJVGtka25LVEZidjNxd28xNWllS1ZBUHhvNVVoZEN6a0xUZ1hyWStjMldo\\u000aOGd1R0JPbFlSVGVRbUlHK1Qram0zRGpyMHVLSEx1U2lmQ3JlMXdyaHp6dUF6MTd4\\u000aaXVkbFczR1I2UGVmbDZOdUt5WG1VU25LL1F6MXJNZVVjT2p1UzBmTkdlWVQ5bHNz\\u000adGt0Mm5TVVdKZnBaQzhZRGlPWDd2TUZSUFZOSXo2Vk9lbHJDS0hHMXlTc3Vkc2JP\\u000aVTRiMEg2KzVPVWphYlJuOSt2YnQ4T1BNbE9BVDBEcDJ1TnMxNlBSYjJPMGp6NWlo\\u000aL3FwYjVZMENnK0VlYWFPMGdxdXN0WGdDUHJPbktYM3JLcU4wUG5lMXpmYkZqVklJ\\u000abWk4NjcvRGUyYmt0RThtdTQrWTJIeUg1K3JUVnBkMlRxWExaOUhEaUFMaWZ5NjJL\\u000aWFVjQ3NEanJEMGhyWTdYZzdTNnVjSW00ejNqSDV0amtOczZxMEFqMnhscG5zbi9D\\u000aejVmd2FPUS93ZEpPSjB5aTVtanRjOFBRdnJ6UFhNQ0tIZU9hUGJmVHZ1SmFwOC9Z\\u000aVmpTNkw2NjNxNVVkaFlGcTJlblp5ek1LYUwvU0RmYVhyZzZrREw4d1podXZuRlJx\\u000aYmthVmp5S0FQYlFFUGhvdmJCYW5DajVwUGh1MHJoeFh4T05rbkhmaDhneGxudWlx\\u000aKzdzTmxoeXBSUXk2N3NNSVluMmdnS3dRL0ZCVlZ4SXBRNG5oMUw0ZldOS29MY0tX\\u000aZFBCSktHUUQxNCtPUXRXcVEydDRKYS9KVlpxZVlQRFJxSUtPNStEeUdLemRPK2Q4\\u000adTJhNUZkaUo5UG9SUmJqekszbnhYa1A1TTgvYytCWkdMK1lURmtVOGREZW83L3I1\\u000aeDVVOWk2TEhpT1FhMDZMWlpGQWttSEdMbjhtNVRPbllWbGhzdUVlZUdWU1hscVVh\\u000aV1dhSFppc3FrWVl6am1Cako5T3JsUU55aEhRR3Q1cXFNM0FTandMQitoQ3dwaXZH\\u000aRXZ0aStHdy9IbDZiQlpFa3FoaDlCUlh0TU0zT2d4Rm9kd25nTmpHSUpDak1xZGhk\\u000aTkFjNWpBQWlsUlJ5dWRQdFFsQ2tObHpCV3gyZjhCMDBDVmZQNkwvd1J6WFRFOEhR\\u000aK2JiL0F6SkhCYnM0YjR4M2o1ZnpOS1doOFJZc0x2VklmVkdBUjJEcjlJTUp5NkpP\\u000aTzIzdlRmbWVPcFBudmpvdlhkbTI3WlcrdzdGSElrdU1peENqckh3NTgvQjkvWUx4\\u000aVGRoSzlFY1dOcXMvclA0TEYvMEJVSS8xdVdsa05pdTBJNjk5UHRkWTdzQThNVUdO\\u000aT3VhTTYveGNZN25DMGRjVXRCcjBXSmoyZmRtYmlTM0Nld0VrT2c2L2tQQkNHVHVi\\u000adVNSdUVLYUNWNXRFZktlZEtERStIaTFuK3g0U3h6U09KanhYZUJTb2hEWTdlNVVu\\u000aN2ZRcHdvVEdiTUVHUjZJc0pOaUNzR0dSbkR6ajd0aDFSOE94ckVLRWx1dXQ0Ym9u\\u000aOEo5ejlxWGRVSUtlQ09va0dQNStrWW5BbHBrNWVQNzltM1gwS2dSUW9kSGN1N1pP\\u000aeTRBdm9GTXpYd0pFVDdzYnNaQVB4Z21VeXZFbDVRdzNBQzhBaXRybmFBWm40Sml6\\u000aZTdKSEtFdXpHczlBa0IyVG9hWXcwRE5zbWdzSncwWElTSzFsSzBUWjVDUTlPQ1VN\\u000aeHFZYWNPRTEwa3VTVUtQTUpoTHo5UHhrRDhnbE0vZEV2OWFLc2VqczFXMkF1VytU\\u000adldzM0crZ0cwRkNHajljeEJBa3VRSDZNb0tOMG96VWExUTBxcU9JRjRiRFZJZFFI\\u000aTHE1ODRvbTluU1IvV0ZIRHY1dWxSeTZteWpIMU0xUFB6azJ6K1drQW84TFhRaXpM\\u000aWjZmblFpTEZ6OFVzZGQvTzVIM2xCcUFUZUpvRzRVdTRCMjVuRjhOK2JabEdoM2d6\\u000aK2xTZG16YVlUR0oxWFZPNTdNR0hla0dyZjJRZndoeU1zZFlsZFpQZXBNQnB5YU5R\\u000aOXpvR3ZNQ0ZnYlR4c0JFRmN4aWM5TmdZUWNDVk5xcTBnS1F6SmtxUHZtV2o3WnpP\\u000aMWZJS3Rnb1FmZ1k4a2JSSFRPMGJIRXlsNm5EcldRR2RXbkQ4d2ErNGNLSnU2bkpH\\u000aWng2QWVGdXI5QzJsZzBWdWZGNGlqVGVrcWlEb3U2Y2x3czkzRHdWa2VPNmxsQzJm\\u000acUpUcm1zQy9DTC9oYzZuckZ0RERsV3Buc0Jkc29ydEtxN2lVTGF1ekRIRnA5MVI3\\u000aaTdCanBuMTNWcXlZMjVUVXlSWUovYlN0NWVGR0FINnpQZHE5RkhqTWhyeGZpTURC\\u000aK3NTRUxqd2FJR2ZxWDBQSG82UmZ1Ky9tOWlpRWwzRWxrSWJpYVMycmdFWHkxZFgr\\u000admdBZkYzOWQzWEFTdmI5aElrNXg0OGltcHRtaDBPaHgwWENOMThtNnpvQndKajNw\\u000acmNnK2ZNWHE0UzZMdlJjQTdtV0MwRzcrdVdXdi9GblkxYUg0a3NPcHRmeWkydU16\\u000aS3kwQTJFbWNad3YyZktYdmljcnQ0Ry9yWU1ZZnlic2loQS8rcXhReTlERmlEek9n\\u000aZXZzZTZ2NnFTUE5TY1lYLzlYRUxKMzh2dmpMTTNjZHlQNEJOMVF3UENtRmFrVm1K\\u000aRTNKRzU0RXhycHRUdGdKTERaNW5FYTY4Mjc4dnRJL3JVR3k2OFFuNTJyMHVXc0ZX\\u000abk5obFRPR2RxYzZzdjdNTGdTYkQ3RUVmNWNiVHNKV3JQZ1ZHbUQ1Q2o5Y3ZmRjlR\\u000aakMvM1RiSXFWVE5QSkhhbXpnbUJsSFJZSGJQN1p0a3ZUZDBnTkF2SXllZGY1MkdY\\u000aUzhESkQwTStrSS8xNmF4dm0zSlB4RC9BVHE1Ri9xdmtIWFRUVStCSEtUTWk2dnk1\\u000aMkNEUmh0YkQ1dVNNa1YyQmROK0c5Y0xnL3hTeTc3TjBnTEc4WDZ6ODM1cllYbE0r\\u000aaGloeGx2UWtiSHR0eE9EN3VBYnpFcExEaC95NFFtZVRSK1FaQU9QeUc3azhGdENG\\u000aam5TM0lLWkFTVldFTVVFODlGTG1hdFhMNERvaHlXWnViSDJPVXlGUHp5ZnNvNWNF\\u000aNEpLVnBIb21NVWZWcjk5bUZnVk1ESUdyUEdFcFRmU2NqZ01wRmlDaEFxU1djUWFH\\u000aU2cwdlBrRkdlWXFIek15SENqMndxc3VDV3BIZWlyU25ncHNXa1RLMjFLRG42TDVx\\u000aaENpRk5wM3JWNUJFMkwwcEhqQnZEVmFrZXdqcnF0a1puZ3FKcHhZalhyV0dxUjVP\\u000aV3IraWhxZ0VJZ011WGhkdUxqR2wrWVZkU1d5ZTlER05OS29DN2FlUGhJMTJQRmg3\\u000aSlJoZjdIYWVlQUNPaGZaTndDWitXMndRb3hCZHpwYzltVCtDVlpxOUo2NkNyTlFI\\u000adTBtaStlaVRTdXNEVHR2b3RmQi9IQ20wMXVaZmgxbE1JQWdMNXozSTFHRVcvREpX\\u000aMk8wdWZBKzVPV2pnWFlzOG9aUlRCMnhYOWhmSW81eDREVXNiTFM1ZzgvbFBUVndF\\u000aamYxQlg2dU9vaTVvV2lJWVJqQmpmSWdVTEVURnhMTGtBUnJQTzJETzU1ekJnMi9Q\\u000adE9mdG00SzFjeWI3V0h2QkdrcmRYanlQUXlYYzRJVXU0SzR0aTlPSlE1eVRmWUN0\\u000aY2o1OWMya05BNHlOWmdwd3kxVnAvSytGdHVlZ0xsd2l4ZTRwakR5ekNJSnBnU0ZD\\u000acmtxREV1K0hqOFZWNXMweFFXc1d5ZWdOUUpldVBheWVSY0RGMzBoMWc2WmZGQjNa\\u000adE9RWWpFQnFyVWVZNkJndk5OWU42TWFrUndnRDBja2NDbEoyMUhZNGpvU2twcE9Z\\u000aZ3NUeTNrR1laNHFUelJNY0lsQ0REaXQ4ZENHZm9Cb3JKQ2t5NTUvNDFiV3FtbTdt\\u000aTElRVzJBTG9kdktQbVVXeFhibzN5WGNnSTRKdnFjZlAzRVVXTytjV3VIZEFSN2VF\\u000aOTc3MytSVUV2TXROdnMzWWxqeERrTmFNNzZ0VjhqanhRcFJZNEc0RWRSaUs0MTN3\\u000aWUkyWTE3UWE2ZEs4K2FhaHRad0JtVWpBSVkvREdZa2VOY2wzWjdxaWpJMTMvUnpn\\u000aNXlWcjl4VUsvSUFGUVlhNDlXQ1RRYTlzVWYzeEgzZUYvTW9HN0ZmMTdrOC8xMURx\\u000aTE5YQzUvSGhOeDJ2S09CTmx1RXJodURjYjNMZmJ5TGlRVllEMkhYeGRyTkc5M1E0\\u000aNGJPajRWb0xZV0hndTI5UG9sL0htRHhUSDFwdHBQVmM5K0U0R2RwN21yVmF1bHU1\\u000acXhDOWliRzlKV3ljUUdkMUJuMG9RMjluSGlMcGd4K25HOFlkZHdPVWRkRzRndkpq\\u000aS21iUTl5aTAwYXdUamhOUE9GZXEvejVuVFJHQ3liSDZsWW9MVGtueE9UQiszMkpy\\u000aQ2pBbDVMRG90amtDZWtBUllwbVVxOWhSY2I3c3l0ME1RY1BBZUg0VlBHNmhFMUpN\\u000aYkxpTXdUWVdKNWtTM3F1elp1SkZQSUl4SFp3UmtJUzFjTnBjL0FtSUpwZm04RCtL\\u000aYUEvVmdoRkJpdnZzZnlUNndoNVRybENBcE9DcHNOTlNWbWRLRHF5QVBFTENuaURj\\u000adTRwcmpZRU5JU2tKdExUTVdBSzVCWWdRZ1ZQOVcrekJyMjNuSGlZVnhLWWhjdm9M\\u000aYTh6dUdLYlJtY2xpL3o0cXpmWnk5RGlJNmoxdWFUT1FMQzEvMzIwT2xBRGtSOVUy\\u000aT3hYZFVuSTFaSzFyY0hRZnllS3BsbUFsRTJDM3MzYkFkR3V5bXRKTDQ2M1dqZm9P\\u000aUkhHWWpvZnZNQTI0cHhnY3hFRnU5YVRFamdFVVBNeHBzN2Y4TVMyaVJvL3dxU3pX\\u000aZ0lwN1EvZHVYY1FQb0dSS2JrR0FySnNJVGdVT3BSQ3hxTFlXbk5UUy8xbmxCeXk3\\u000aQVBjcGRaRmk1WjRqM1IvbGJ0T2Era1ZiYmo4ZC8wazMwTnlDVjJGRVZGV2tPbG9z\\u000aNTFQNUNOUiswNUh6QkhQM3V3N3VyODRZYkRGdHd2UjhNM29UMXNtbXljYUsxMkpE\\u000aZGNBOUQ2YWErY2k5Wmh0UWNhbUw0Z1pjZmVpZllHNEt6NWsyT3lpMlpUNkZKOUV4\\u000aMHQ1T1d5MjZUSjllQmlCcGRaV25XZDB3bzZOMU5ST0xLdFY5L052d3R1WlZSRkxS\\u000aRUg1WGNLMnRMcTFWczFaVkg4MXM4R29UOUQ4VkFEaGFwVDBCU0xsR3A4TkNZdUdK\\u000aeXI1YVVwODdPZEl4RCt3S244NTRteVlKaXlVZnIwWmtGNGhoOEtkTXcvemg3RVQv\\u000aYkxIWlVxUXozdUV3QkcvODRuR1E9PTwveGVuYzpDaXBoZXJWYWx1ZT48L3hlbmM6\\u000aQ2lwaGVyRGF0YT48L3hlbmM6RW5jcnlwdGVkRGF0YT48eGVuYzpFbmNyeXB0ZWRL\\u000aZXkgeG1sbnM6eGVuYz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMj\\u000aIiBJZD0iX2E3NDBjZjA5MTViZDE1MmRiNzRkMDNjZDQ1NzUyMTM3Ij48eGVuYzpF\\u000abmNyeXB0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAw\\u000aMS8wNC94bWxlbmMjcnNhLW9hZXAtbWdmMXAiIHhtbG5zOnhlbmM9Imh0dHA6Ly93\\u000ad3cudzMub3JnLzIwMDEvMDQveG1sZW5jIyI+PGRzOkRpZ2VzdE1ldGhvZCB4bWxu\\u000aczpkcz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyIgQWxnb3Jp\\u000adGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjc2hhMSIvPjwv\\u000aeGVuYzpFbmNyeXB0aW9uTWV0aG9kPjxkczpLZXlJbmZvIHhtbG5zOmRzPSJodHRw\\u000aOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj48ZHM6WDUwOURhdGE+PGRz\\u000aOlg1MDlDZXJ0aWZpY2F0ZT5NSUlERlRDQ0FmMENCRlVCbkw0d0RRWUpLb1pJaHZj\\u000aTkFRRUxCUUF3VHpFTE1Ba0dBMVVFQmhNQ1FWUXhEVEFMQmdOVkJBY01CRWR5CllY\\u000ab3hEVEFMQmdOVkJBb01CRVZIU1ZveElqQWdCZ05WQkFNTUdVMVBRUzFKUkNCSlJG\\u000aQWdLRlJsYzNRdFZtVnljMmx2Ymlrd0hoY04KTVRVd016RXlNVFF3TXpReVdoY05N\\u000aVGN4TWpBMU1UUXdNelF5V2pCUE1Rc3dDUVlEVlFRR0V3SkJWREVOTUFzR0ExVUVC\\u000ad3dFUjNKaAplakVOTUFzR0ExVUVDZ3dFUlVkSldqRWlNQ0FHQTFVRUF3d1pUVTlC\\u000aTFVsRUlFbEVVQ0FvVkdWemRDMVdaWEp6YVc5dUtUQ0NBU0l3CkRRWUpLb1pJaHZj\\u000aTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFJSnYwcWU5VWR2RllTTDVJMDJHb2t3\\u000aRVZmc0lHYzdJN0VoVk5PeFkKOW10VWVubWhxTnJMc0xCRmcxSWlQYmswSVNXaE9S\\u000ad1B5VnAvUDMrR3lHUDMzOXFaNjhVQ0dWMzYxRTBRbTdjalBlL08zK3IzSEFNMgpa\\u000aQk44b0Fab0htcGhyTlM2ZktmWTU4a3lndHJVYStaeU16WVdUVGlTMzJTQ004SDU1\\u000aYmx1RUZiZVprc25iUDBZOTRJamtmSmRndnpsCk14enJsU3lvVjJ5bVdCanZTNXdl\\u000abERIZ2JDS3lqc2pJaFRSakp1L29sR0p5ZW4wMS9FcElWdFN5RFhPLzJJUzJ2Mk85\\u000aVWlGd0FveUIKWUFqUG5sM0h4SzJBNTc3blI2M014bGdQMC9zK3I4NHVCcU9BbGI0\\u000acW5icFU3bHU1R3hsQ1BrWm1wUm9vQ1FZVVJpb0Mrd2pTNmxNQwpBd0VBQVRBTkJn\\u000aa3Foa2lHOXcwQkFRc0ZBQU9DQVFFQUJxTzdra3EvZ1JhaEF2cHNRZzVMTFpST0dG\\u000acjlwSVByeU45eG1KR2dQbzdqCktObDdyczdnTlMwbG11bHVZV1duSmN3QVBid0Zl\\u000aYjk1NFZNQjl4OXA5UUV3NVJuWGFtVVk5cWEwTGdjUy90L1dYNnZKa1pQTmhXcGgK\\u000aOGJYd2gwTXZsc2JmcnZEVEpyOGNqSDNxZnhJVHA3cGEzeGIxcUU3c3VSZmZWVWRE\\u000aWGF3aVhYbldKL1dKcit0d1ZWSEhFcW5aejFsQQpyU0RMeE04c0NqRzhEZUp3OHZu\\u000aUXk1bVBHckdWVEJiYTR1cGM4VVRZMW5QVjlVMkdCSlZZdUFrb1ZSamJUbE52ckw1\\u000aSnFOcXlwS2NHCmJlampXeGdyelprZVFlVTJoRmNqdW5tZ3dHWit1ZzJmcTRrS2tR\\u000aZnR3Y3FlSlR6eXpCb28yK09vNFRtZmJzaC9vbnhQV0E9PTwvZHM6WDUwOUNlcnRp\\u000aZmljYXRlPjwvZHM6WDUwOURhdGE+PC9kczpLZXlJbmZvPjx4ZW5jOkNpcGhlckRh\\u000adGEgeG1sbnM6eGVuYz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMj\\u000aIj48eGVuYzpDaXBoZXJWYWx1ZT5Sb1NHTGFDbDN3ZkRXdDlXMm9JSDNUQ3JPTVN4\\u000aL3Y1S0pQV2hndmhWNml2RmZXSWFJeDB5RnV2NVZTME5VZ2FUVGIwVjhUYnNGN1Vz\\u000aRllzQ0xldkVUa2lWbG5OeWE4dlVoL2lYTDYzT0JmdzR3T3pSNVZheVBuaWFwWFdM\\u000aa0RHTmQ5Y3E2QU8zR1JoTWJaZDdma2NhRWNJVTB2bGtZeUJJNmE0Yms4bHM3Mm0v\\u000aZkxKQS8vaWl5L2piODkzQkZ4dk9EMk5hT1pabXhzSlI4YlFmWWpBMHdXa1pBcW56\\u000aN0EzY3lhcHV3aXVTc01wc1hYSnFjVXp2TS9GS090dE1wTnhSUVprdk1RZlNnMCtM\\u000aUVM5M0IxN0ZUZFE2OHNRL3dZQmhubFBEZXFZK0NnY1VjeVYzOVdjTjAwcUtVYmNQ\\u000aM2kzSWRWUVRkcEJQUTdRS01HR2JmS1Y0RlE9PTwveGVuYzpDaXBoZXJWYWx1ZT48\\u000aL3hlbmM6Q2lwaGVyRGF0YT48eGVuYzpSZWZlcmVuY2VMaXN0Pjx4ZW5jOkRhdGFS\\u000aZWZlcmVuY2UgVVJJPSIjXzNmZDM1ODkyZTlhOGVhY2I4ZTA4ZjI4MGE4M2ZjYjc0\\u000aIi8+PC94ZW5jOlJlZmVyZW5jZUxpc3Q+PC94ZW5jOkVuY3J5cHRlZEtleT48L3Nh\\u000abWwyOkVuY3J5cHRlZEFzc2VydGlvbj48L3NhbWwycDpSZXNwb25zZT4=\",\"dateTimeCreated\":\"2015-10-09T10:36:02.075Z\",\"id\":1}}}"; + + try { + java.util.Map test1 = new ObjectMapper().readValue(json, java.util.Map.class); + + JsonParser parser = new JsonParser(); + JsonObject reveivedSession = null; + reveivedSession = (JsonObject) parser.parse(json); + + + + JsonObject test = reveivedSession.get("data").getAsJsonObject(); + JsonObject test2 = test.get("session").getAsJsonObject(); + JsonElement validTo = test2.get("validTo"); + JsonElement entityID = test2.get("entityID"); + JsonElement sessionBlob = test2.get("sessionBlob"); + + + } catch (IOException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } + + + + } + +} -- cgit v1.2.3 From ef59662475c60c027c698caacd2423b34b3524d3 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 22 Feb 2016 12:57:46 +0100 Subject: update SSO session-transfer to MOA-ID 3.1.x architecture --- id/server/modules/moa-id-module-ssoTransfer/pom.xml | 18 ++++++++++++++++++ .../ssotransfer/servlet/SSOTransferGUIServlet.java | 20 ++++++++++++-------- .../ssotransfer/task/RestoreSSOSessionTask.java | 6 +----- .../ssotransfer/utils/SSOContainerUtils.java | 21 ++++++++++----------- 4 files changed, 41 insertions(+), 24 deletions(-) (limited to 'id/server/modules/moa-id-module-ssoTransfer') diff --git a/id/server/modules/moa-id-module-ssoTransfer/pom.xml b/id/server/modules/moa-id-module-ssoTransfer/pom.xml index 61af328d3..a6399391a 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/pom.xml +++ b/id/server/modules/moa-id-module-ssoTransfer/pom.xml @@ -15,6 +15,24 @@ qrgen 1.4 + + + + com.googlecode.jsontoken + jsontoken + 1.1 + + + javax.servlet + servlet-api + + + google-collections + com.google.collections + + + + \ No newline at end of file diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferGUIServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferGUIServlet.java index fa7d59beb..fae1b6f4d 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferGUIServlet.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferGUIServlet.java @@ -31,10 +31,6 @@ import javax.servlet.annotation.WebServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import net.glxn.qrgen.QRCode; -import net.glxn.qrgen.image.ImageType; - -import org.apache.commons.codec.binary.Base64OutputStream; import org.apache.velocity.VelocityContext; import com.google.gson.JsonObject; @@ -46,17 +42,17 @@ import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.GUIUtils; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.SSOContainerUtils; import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.moduls.AuthenticationManager; import at.gv.egovernment.moa.id.moduls.SSOManager; import at.gv.egovernment.moa.id.storage.AssertionStorage; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.MiscUtil; +import net.glxn.qrgen.QRCode; +import net.glxn.qrgen.image.ImageType; @@ -93,13 +89,21 @@ public class SSOTransferGUIServlet extends AuthServlet { } else { //create first step of SSO Transfer GUI + String authURL = HTTPUtils.extractAuthURLFromRequest(req); + if (!AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix(). + contains(authURL)) { + Logger.warn("Requested URL is not allowed.");; + resp.sendError(500, "Requested URL is not allowed."); + + } + String moaSessionID = AuthenticationSessionStoreage.getMOASessionSSOID(ssoid); if (MiscUtil.isNotEmpty(moaSessionID)) { AuthenticationSession authSession = AuthenticationSessionStoreage .getSession(moaSessionID); if(authSession != null) { Date now = new Date(); - String encodedSSOContainer = SSOContainerUtils.generateSignedAndEncryptedSSOContainer(authSession, now); + String encodedSSOContainer = SSOContainerUtils.generateSignedAndEncryptedSSOContainer(authURL, authSession, now); String token = Random.nextRandom(); AssertionStorage.getInstance().put(token, encodedSSOContainer); diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java index 884633a1e..270264099 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java @@ -26,8 +26,6 @@ import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_SESSIONID; import java.io.BufferedReader; import java.io.IOException; -import java.util.Enumeration; -import java.util.List; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -35,7 +33,6 @@ import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang3.BooleanUtils; import org.apache.velocity.VelocityContext; import org.joda.time.DateTime; -import org.opensaml.saml2.core.Assertion; import org.opensaml.saml2.core.Response; import com.google.gson.JsonObject; @@ -52,7 +49,6 @@ import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.GUIUtils; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.SSOContainerUtils; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.moduls.RequestStorage; import at.gv.egovernment.moa.id.process.api.ExecutionContext; @@ -127,7 +123,7 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask { if (PVPConfiguration.getInstance().getIDPPublicPath().equals(entityID)) { // stored SSO session data is from this IDP - start local session reconstruction Response ssoInformation = SSOContainerUtils.validateReceivedSSOContainer(sessionBlob); - SSOContainerUtils.parseSSOContainerToMOASessionDataObject(moasession, ssoInformation); + SSOContainerUtils.parseSSOContainerToMOASessionDataObject(pendingReq, moasession, ssoInformation); // store MOASession into database try { diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java index 8980d3ea7..861dcbf58 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java @@ -22,8 +22,6 @@ */ package at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils; -import iaik.x509.X509Certificate; - import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.StringWriter; @@ -87,7 +85,6 @@ import org.w3c.dom.NodeList; import com.google.gson.JsonObject; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.ParseException; @@ -100,10 +97,10 @@ import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.MISMandate; +import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion.PVP2AssertionBuilder; -import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoCredentialsException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SAMLRequestNotSignedException; @@ -116,6 +113,7 @@ import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.MiscUtil; +import iaik.x509.X509Certificate; /** * @author tlenz @@ -142,10 +140,10 @@ public class SSOContainerUtils { REQUIRED_ATTRIBUTES = Collections.unmodifiableList(tmp); } - public static void parseSSOContainerToMOASessionDataObject(AuthenticationSession moasession, Response ssoInformation) throws AssertionAttributeExtractorExeption, ConfigurationException { + public static void parseSSOContainerToMOASessionDataObject(IRequest pendingReq, AuthenticationSession moasession, Response ssoInformation) throws AssertionAttributeExtractorExeption, ConfigurationException { AssertionAttributeExtractor attributeExtractor = new AssertionAttributeExtractor(ssoInformation); - String authServiceURL = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix(); + String authServiceURL = pendingReq.getAuthURL(); if (authServiceURL.endsWith("/")) moasession.setAuthURL(authServiceURL); else @@ -313,10 +311,10 @@ public class SSOContainerUtils { } - public static String generateSignedAndEncryptedSSOContainer( + public static String generateSignedAndEncryptedSSOContainer(String authURL, AuthenticationSession authSession, Date date) { try { - String entityID = PVPConfiguration.getInstance().getIDPPublicPath(); + String entityID = authURL; AuthnContextClassRef authnContextClassRef = SAML2Utils .createSAMLObject(AuthnContextClassRef.class); authnContextClassRef.setAuthnContextClassRef(authSession.getQAALevel()); @@ -347,6 +345,7 @@ public class SSOContainerUtils { IAuthData authData = new SSOTransferAuthenticationData(authSession); Assertion assertion = PVP2AssertionBuilder.buildGenericAssertion( + authURL, entityID, new DateTime(date.getTime()), authnContextClassRef, @@ -356,7 +355,7 @@ public class SSOContainerUtils { sessionIndex, subjectConfirmationData.getNotOnOrAfter()); - String ssoDataBlob = buildSSOContainerObject(assertion, new DateTime(date.getTime())); + String ssoDataBlob = buildSSOContainerObject(authURL, assertion, new DateTime(date.getTime())); JsonObject container = new JsonObject(); container.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_TYPE, "SSO"); @@ -377,13 +376,13 @@ public class SSOContainerUtils { return null; } - private static String buildSSOContainerObject(Assertion assertion, DateTime date) throws ConfigurationException, EncryptionException, CredentialsNotAvailableException, SecurityException, ParserConfigurationException, MarshallingException, SignatureException, TransformerFactoryConfigurationError, TransformerException, IOException { + private static String buildSSOContainerObject(String authURL, Assertion assertion, DateTime date) throws ConfigurationException, EncryptionException, CredentialsNotAvailableException, SecurityException, ParserConfigurationException, MarshallingException, SignatureException, TransformerFactoryConfigurationError, TransformerException, IOException { Response authResponse = SAML2Utils.createSAMLObject(Response.class); Issuer nissuer = SAML2Utils.createSAMLObject(Issuer.class); //change to entity value from entity name to IDP EntityID (URL) - nissuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath()); + nissuer.setValue(authURL); nissuer.setFormat(NameID.ENTITY); authResponse.setIssuer(nissuer); -- cgit v1.2.3 From 40fb77ef20069a54bd348149d04adeb246ec2f86 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 22 Feb 2016 14:26:53 +0100 Subject: fix refactoring problems --- .../ssotransfer/servlet/SSOTransferGUIServlet.java | 2 +- .../servlet/SSOTransferSignalServlet.java | 15 ++++++++++++++ .../task/InitializeRestoreSSOSessionTask.java | 23 ++++++++++----------- .../ssotransfer/task/RestoreSSOSessionTask.java | 24 +++++++++++++++++----- .../auth/modules/ssotransfer/utils/GUIUtils.java | 9 ++++---- 5 files changed, 50 insertions(+), 23 deletions(-) (limited to 'id/server/modules/moa-id-module-ssoTransfer') diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferGUIServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferGUIServlet.java index fae1b6f4d..0bc4a4839 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferGUIServlet.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferGUIServlet.java @@ -108,7 +108,7 @@ public class SSOTransferGUIServlet extends AuthServlet { String token = Random.nextRandom(); AssertionStorage.getInstance().put(token, encodedSSOContainer); - String containerURL = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix() + String containerURL = authURL + SSOTransferConstants.SERVLET_SSOTRANSFER_TO_SMARTPHONE + "?"+ SSOTransferConstants.REQ_PARAM_TOKEN + "=" + token; diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java index 2f8b8fe2c..b82417ae6 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java @@ -22,7 +22,12 @@ */ package at.gv.egovernment.moa.id.auth.modules.ssotransfer.servlet; +import java.io.IOException; + +import javax.servlet.ServletException; import javax.servlet.annotation.WebServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; import at.gv.egovernment.moa.id.auth.servlet.ProcessEngineSignalServlet; import at.gv.egovernment.moa.logging.Logger; @@ -42,4 +47,14 @@ public class SSOTransferSignalServlet extends ProcessEngineSignalServlet { } + protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { + Logger.debug("Receive http-POST request."); + super.doPost(req, resp); + + } + + protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { + Logger.debug("Receive http-GET request."); + super.doPost(req, resp); + } } diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java index cebf8431b..67566afe5 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java @@ -24,35 +24,25 @@ package at.gv.egovernment.moa.id.auth.modules.ssotransfer.task; import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_SESSIONID; -import java.io.ByteArrayOutputStream; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.velocity.VelocityContext; -import net.glxn.qrgen.QRCode; -import net.glxn.qrgen.image.ImageType; - -import com.google.gson.JsonObject; - import at.gv.egovernment.moa.id.auth.BaseAuthenticationServer; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; -import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.GUIUtils; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.moduls.RequestStorage; import at.gv.egovernment.moa.id.process.api.ExecutionContext; +import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; -import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.Base64Utils; /** * @author tlenz @@ -69,6 +59,15 @@ public class InitializeRestoreSSOSessionTask extends AbstractAuthServletTask { throws TaskExecutionException { try { + //create first step of SSO Transfer GUI + String authURL = HTTPUtils.extractAuthURLFromRequest(request); + if (!AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix(). + contains(authURL)) { + Logger.warn("Requested URL is not allowed.");; + response.sendError(500, "Requested URL is not allowed."); + + } + String sessionID = (String) executionContext.get(PARAM_SESSIONID); String pendingRequestID = (String) executionContext.get("pendingRequestID"); @@ -79,7 +78,7 @@ public class InitializeRestoreSSOSessionTask extends AbstractAuthServletTask { AuthenticationSession moasession = BaseAuthenticationServer.getSession(sessionID); IRequest pendingReq = RequestStorage.getPendingRequest(pendingRequestID); - VelocityContext context = GUIUtils.buildSSOTransferGUI(moasession); + VelocityContext context = GUIUtils.buildSSOTransferGUI(authURL, moasession); GUIUtils.printSSOTransferGUI(context, response); diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java index 270264099..006b27167 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java @@ -49,11 +49,13 @@ import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.GUIUtils; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.SSOContainerUtils; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.moduls.RequestStorage; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; +import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -73,12 +75,13 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask { throws TaskExecutionException { Logger.debug("Receive " + this.getClass().getName() + " request"); - + StringBuffer sb = new StringBuffer(); String receivedPostMessage = null; AuthenticationSession moasession = null; IRequest pendingReq = null; - try { + String authURL =null; + try { String sessionID = (String) request.getParameter(PARAM_SESSIONID); String pendingRequestID = (String) executionContext.get("pendingRequestID"); @@ -120,7 +123,7 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask { " | validTo:" + validTo + " | entityIS:" + entityID); - if (PVPConfiguration.getInstance().getIDPPublicPath().equals(entityID)) { + if (PVPConfiguration.getInstance().getIDPPublicPath().contains(entityID)) { // stored SSO session data is from this IDP - start local session reconstruction Response ssoInformation = SSOContainerUtils.validateReceivedSSOContainer(sessionBlob); SSOContainerUtils.parseSSOContainerToMOASessionDataObject(pendingReq, moasession, ssoInformation); @@ -138,10 +141,12 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask { executionContext.put(SSOTransferConstants.FLAG_SSO_SESSION_RESTORED, true); } else { - Logger.debug("Received SSO session-data is from IDP: " + entityID + Logger.info("Received SSO session-data is from IDP: " + entityID + ". Start inderfederation process to restore SSO session ... "); //change to inderfederated session reconstruction + Logger.warn("Device Session Transfer with interfederation is not implemented, yet!!!!"); + } } catch (Exception e) { @@ -173,7 +178,16 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask { VelocityContext context; try { - context = GUIUtils.buildSSOTransferGUI(moasession); + //create first step of SSO Transfer GUI + authURL = HTTPUtils.extractAuthURLFromRequest(request); + if (!AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix(). + contains(authURL)) { + Logger.warn("Requested URL is not allowed.");; + response.sendError(500, "Requested URL is not allowed."); + + } + + context = GUIUtils.buildSSOTransferGUI(authURL, moasession); GUIUtils.printSSOTransferGUI(context, response); } catch (IOException | MOAIDException e) { diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java index 1bbaf1dd9..310b8a813 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java @@ -34,9 +34,6 @@ import java.net.URI; import javax.servlet.http.HttpServletResponse; -import net.glxn.qrgen.QRCode; -import net.glxn.qrgen.image.ImageType; - import org.apache.velocity.VelocityContext; import org.apache.velocity.app.VelocityEngine; @@ -51,6 +48,8 @@ import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.util.VelocityProvider; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; +import net.glxn.qrgen.QRCode; +import net.glxn.qrgen.image.ImageType; /** * @author tlenz @@ -62,9 +61,9 @@ public class GUIUtils { public static final int REFESH_TIMEOUT = 5 * 1000; //5 sec - public static VelocityContext buildSSOTransferGUI(AuthenticationSession moasession) throws ConfigurationException, IOException { + public static VelocityContext buildSSOTransferGUI(String authURL, AuthenticationSession moasession) throws ConfigurationException, IOException { String token = moasession.getSessionID(); - String containerURL = AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix() + String containerURL = authURL + SSOTransferConstants.SERVLET_SSOTRANSFER_FROM_SMARTPHONE + "?" + MOAIDAuthConstants.PARAM_SESSIONID + "=" + token; -- cgit v1.2.3 From 0dc260503a5deb581802e645ddae996ae9298968 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 24 Feb 2016 08:07:07 +0100 Subject: Update SSO-transer authentication modul to MOA_ID 3.2.x --- .../modules/moa-id-module-ssoTransfer/pom.xml | 38 ++ .../ssotransfer/SSOTransferAuthModuleImpl.java | 76 ++++ .../modules/ssotransfer/SSOTransferConstants.java | 52 +++ .../data/SSOTransferAuthenticationData.java | 383 ++++++++++++++++ .../data/SSOTransferOnlineApplication.java | 453 +++++++++++++++++++ .../ssotransfer/servlet/SSOTransferServlet.java | 201 +++++++++ .../servlet/SSOTransferSignalServlet.java | 56 +++ .../task/InitializeRestoreSSOSessionTask.java | 82 ++++ .../ssotransfer/task/RestoreSSOSessionTask.java | 187 ++++++++ .../auth/modules/ssotransfer/utils/GUIUtils.java | 148 +++++++ .../ssotransfer/utils/SSOContainerUtils.java | 481 +++++++++++++++++++++ .../ssotransfer/SSOTransfer.authmodule.beans.xml | 28 ++ .../SSOTransferAuthentication.process.xml | 24 + .../src/main/resources/sso_transfer_template.html | 447 +++++++++++++++++++ .../src/test/java/at/gv/egiz/tests/Tests.java | 74 ++++ 15 files changed, 2730 insertions(+) create mode 100644 id/server/modules/moa-id-module-ssoTransfer/pom.xml create mode 100644 id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferAuthModuleImpl.java create mode 100644 id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferConstants.java create mode 100644 id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java create mode 100644 id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java create mode 100644 id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java create mode 100644 id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java create mode 100644 id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java create mode 100644 id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java create mode 100644 id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java create mode 100644 id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java create mode 100644 id/server/modules/moa-id-module-ssoTransfer/src/main/resources/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransfer.authmodule.beans.xml create mode 100644 id/server/modules/moa-id-module-ssoTransfer/src/main/resources/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferAuthentication.process.xml create mode 100644 id/server/modules/moa-id-module-ssoTransfer/src/main/resources/sso_transfer_template.html create mode 100644 id/server/modules/moa-id-module-ssoTransfer/src/test/java/at/gv/egiz/tests/Tests.java (limited to 'id/server/modules/moa-id-module-ssoTransfer') diff --git a/id/server/modules/moa-id-module-ssoTransfer/pom.xml b/id/server/modules/moa-id-module-ssoTransfer/pom.xml new file mode 100644 index 000000000..a6399391a --- /dev/null +++ b/id/server/modules/moa-id-module-ssoTransfer/pom.xml @@ -0,0 +1,38 @@ + + 4.0.0 + + MOA.id.server.modules + moa-id-modules + ${moa-id-version} + + moa-id-module-ssoTransfer + MOA-ID_SSO_Transfer_modul + MOA-ID modul to transfer Single Sign-On sessions to other devices + + + + net.glxn + qrgen + 1.4 + + + + + com.googlecode.jsontoken + jsontoken + 1.1 + + + javax.servlet + servlet-api + + + google-collections + com.google.collections + + + + + + + \ No newline at end of file diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferAuthModuleImpl.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferAuthModuleImpl.java new file mode 100644 index 000000000..2a2b7bf80 --- /dev/null +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferAuthModuleImpl.java @@ -0,0 +1,76 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.ssotransfer; + +import at.gv.egovernment.moa.id.auth.modules.AuthModule; +import at.gv.egovernment.moa.id.process.api.ExecutionContext; + +/** + * @author tlenz + * + */ +public class SSOTransferAuthModuleImpl implements AuthModule{ + + private int priority = 1; + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getPriority() + */ + @Override + public int getPriority() { + return priority; + } + + /** + * Sets the priority of this module. Default value is {@code 0}. + * @param priority The priority. + */ + public void setPriority(int priority) { + this.priority = priority; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext) + */ + @Override + public String selectProcess(ExecutionContext context) { + Object restoreSSOSessionObj = context.get("restoreSSOSession"); + if (restoreSSOSessionObj != null && restoreSSOSessionObj instanceof String) { + boolean restoreSSOSession = (boolean) Boolean.parseBoolean((String)restoreSSOSessionObj); + if (restoreSSOSession) + return "SSOTransferAuthentication"; + + } + + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getProcessDefinitions() + */ + @Override + public String[] getProcessDefinitions() { + return new String[] { "classpath:at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferAuthentication.process.xml" }; + } + +} diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferConstants.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferConstants.java new file mode 100644 index 000000000..03f3fcdab --- /dev/null +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferConstants.java @@ -0,0 +1,52 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.ssotransfer; + +/** + * @author tlenz + * + */ +public class SSOTransferConstants { + + public static final String SERVLET_SSOTRANSFER_GUI = "/TransferSSOSession"; + public static final String SERVLET_SSOTRANSFER_TO_SMARTPHONE = "/TransmitSSOSession"; + public static final String SERVLET_SSOTRANSFER_FROM_SMARTPHONE = "/SSOTransferSignalEndpoint"; + + public static final String REQ_PARAM_GENERATE_QR = "createQR"; + public static final String REQ_PARAM_TOKEN = "token"; + + public static final String SSOCONTAINER_KEY_TYPE = "type"; + public static final String SSOCONTAINER_VALUE_TYPE_TRANSER = "TRANSFER"; + public static final String SSOCONTAINER_VALUE_TYPE_PERSIST = "PERSIST"; + + public static final String SSOCONTAINER_KEY_URL = "url"; + + public static final String SSOCONTAINER_KEY_VALIDTO = "validTo"; + public static final String SSOCONTAINER_KEY_ENTITYID = "entityID"; + public static final String SSOCONTAINER_KEY_USERID = "userID"; + public static final String SSOCONTAINER_KEY_SESSION = "session"; + public static final String SSOCONTAINER_KEY_RESULTENDPOINT = "resultEndPoint"; + + public static final String FLAG_SSO_SESSION_RESTORED = "ssoRestoredFlag"; + +} diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java new file mode 100644 index 000000000..b9ab4f307 --- /dev/null +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java @@ -0,0 +1,383 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.ssotransfer.data; + +import java.security.cert.CertificateEncodingException; +import java.util.Date; +import java.util.List; + +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.data.IdentityLink; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; +import at.gv.egovernment.moa.id.data.AuthenticationRole; +import at.gv.egovernment.moa.id.data.IAuthData; +import at.gv.egovernment.moa.id.data.MISMandate; +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author tlenz + * + */ +public class SSOTransferAuthenticationData implements IAuthData { + + private AuthenticationSession authSession = null; + boolean isIDPPrivateService = true; + + public SSOTransferAuthenticationData(AuthConfiguration authConfig, AuthenticationSession authSession) throws ConfigurationException { + this.authSession = authSession; + String domainIdentifier = authConfig.getSSOTagetIdentifier().trim(); + isIDPPrivateService = domainIdentifier.startsWith(MOAIDAuthConstants.PREFIX_WPBK); + + } + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IAuthData#getIssueInstant() + */ + @Override + public Date getIssueInstant() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IAuthData#getIssuer() + */ + @Override + public String getIssuer() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IAuthData#isBusinessService() + */ + @Override + public boolean isBusinessService() { + return this.isIDPPrivateService; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IAuthData#isSsoSession() + */ + @Override + public boolean isSsoSession() { + return true; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IAuthData#isInterfederatedSSOSession() + */ + @Override + public boolean isInterfederatedSSOSession() { + // TODO Auto-generated method stub + return false; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IAuthData#isUseMandate() + */ + @Override + public boolean isUseMandate() { + return this.authSession.getUseMandate(); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IAuthData#getFamilyName() + */ + @Override + public String getFamilyName() { + return this.authSession.getIdentityLink().getFamilyName(); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IAuthData#getGivenName() + */ + @Override + public String getGivenName() { + return this.authSession.getIdentityLink().getGivenName(); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IAuthData#getDateOfBirth() + */ + @Override + public Date getDateOfBirth() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IAuthData#getFormatedDateOfBirth() + */ + @Override + public String getFormatedDateOfBirth() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IAuthData#getBPK() + */ + @Override + public String getBPK() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IAuthData#getBPKType() + */ + @Override + public String getBPKType() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IAuthData#getSsoSessionValidTo() + */ + @Override + public Date getSsoSessionValidTo() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IAuthData#getInterfederatedIDP() + */ + @Override + public String getInterfederatedIDP() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IAuthData#getIdentificationValue() + */ + @Override + public String getIdentificationValue() { + return this.authSession.getIdentityLink().getIdentificationValue(); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IAuthData#getIdentificationType() + */ + @Override + public String getIdentificationType() { + return this.authSession.getIdentityLink().getIdentificationType(); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IAuthData#getBkuURL() + */ + @Override + public String getBkuURL() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IAuthData#getEncbPKList() + */ + @Override + public List getEncbPKList() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IAuthData#getIdentityLink() + */ + @Override + public IdentityLink getIdentityLink() { + return this.authSession.getIdentityLink(); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IAuthData#getSignerCertificate() + */ + @Override + public byte[] getSignerCertificate() { + try { + return this.authSession.getSignerCertificate().getEncoded(); + + } catch (CertificateEncodingException e) { + Logger.error("SSO-Transfer: SignerCertificate encoding FAILED.", e); + return null; + } + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IAuthData#getAuthBlock() + */ + @Override + public String getAuthBlock() { + return this.authSession.getAuthBlock(); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IAuthData#getPvpAttribute_OU() + */ + @Override + public String getPvpAttribute_OU() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IAuthData#getAuthenticationRoles() + */ + @Override + public List getAuthenticationRoles() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IAuthData#isPublicAuthority() + */ + @Override + public boolean isPublicAuthority() { + // TODO Auto-generated method stub + return false; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IAuthData#getPublicAuthorityCode() + */ + @Override + public String getPublicAuthorityCode() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IAuthData#isQualifiedCertificate() + */ + @Override + public boolean isQualifiedCertificate() { + // TODO Auto-generated method stub + return false; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IAuthData#getMISMandate() + */ + @Override + public MISMandate getMISMandate() { + return this.authSession.getMISMandate(); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IAuthData#getMandate() + */ + @Override + public Element getMandate() { + return this.authSession.getMISMandate().getMandateDOM(); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IAuthData#getMandateReferenceValue() + */ + @Override + public String getMandateReferenceValue() { + return this.authSession.getMandateReferenceValue(); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IAuthData#getQAALevel() + */ + @Override + public String getQAALevel() { + return this.authSession.getQAALevel(); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IAuthData#getSessionIndex() + */ + @Override + public String getSessionIndex() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IAuthData#getNameID() + */ + @Override + public String getNameID() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IAuthData#getNameIDFormat() + */ + @Override + public String getNameIDFormat() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IAuthData#isForeigner() + */ + @Override + public boolean isForeigner() { + return false; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IAuthData#getCcc() + */ + @Override + public String getCcc() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IAuthData#getEIDASQAALevel() + */ + @Override + public String getEIDASQAALevel() { + // TODO Auto-generated method stub + return null; + } + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IAuthData#getGenericData(java.lang.String, java.lang.Class) + */ + @Override + public T getGenericData(String key, Class clazz) { + // TODO Auto-generated method stub + return null; + } + +} diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java new file mode 100644 index 000000000..4ba2e1a01 --- /dev/null +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java @@ -0,0 +1,453 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.ssotransfer.data; + +import java.security.PrivateKey; +import java.util.Collection; +import java.util.List; +import java.util.Map; + +import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.config.auth.data.SAML1ConfigurationParameters; +import at.gv.egovernment.moa.id.config.stork.CPEPS; +import at.gv.egovernment.moa.id.config.stork.StorkAttribute; +import at.gv.egovernment.moa.id.config.stork.StorkAttributeProviderPlugin; + +/** + * @author tlenz + * + */ +public class SSOTransferOnlineApplication implements IOAAuthParameters { + + public SSOTransferOnlineApplication() { + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBusinessService() + */ + @Override + public boolean getBusinessService() { + return false; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#useSSO() + */ + @Override + public boolean useSSO() { + return true; + } + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBKUURL() + */ + @Override + public List getBKUURL() { + // TODO Auto-generated method stub + return null; + } + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getFullConfiguration() + */ + @Override + public Map getFullConfiguration() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getConfigurationValue(java.lang.String) + */ + @Override + public String getConfigurationValue(String key) { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getFriendlyName() + */ + @Override + public String getFriendlyName() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getPublicURLPrefix() + */ + @Override + public String getPublicURLPrefix() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getOaType() + */ + @Override + public String getOaType() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getTarget() + */ + @Override + public String getTarget() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getTargetFriendlyName() + */ + @Override + public String getTargetFriendlyName() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isInderfederationIDP() + */ + @Override + public boolean isInderfederationIDP() { + // TODO Auto-generated method stub + return false; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isSTORKPVPGateway() + */ + @Override + public boolean isSTORKPVPGateway() { + // TODO Auto-generated method stub + return false; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getIdentityLinkDomainIdentifier() + */ + @Override + public String getIdentityLinkDomainIdentifier() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getKeyBoxIdentifier() + */ + @Override + public String getKeyBoxIdentifier() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getSAML1Parameter() + */ + @Override + public SAML1ConfigurationParameters getSAML1Parameter() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getTemplateURL() + */ + @Override + public List getTemplateURL() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getAditionalAuthBlockText() + */ + @Override + public String getAditionalAuthBlockText() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBKUURL(java.lang.String) + */ + @Override + public String getBKUURL(String bkutype) { + // TODO Auto-generated method stub + return null; + } + + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#useSSOQuestion() + */ + @Override + public boolean useSSOQuestion() { + // TODO Auto-generated method stub + return false; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getMandateProfiles() + */ + @Override + public List getMandateProfiles() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getIdentityLinkDomainIdentifierType() + */ + @Override + public String getIdentityLinkDomainIdentifierType() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isShowMandateCheckBox() + */ + @Override + public boolean isShowMandateCheckBox() { + // TODO Auto-generated method stub + return false; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isOnlyMandateAllowed() + */ + @Override + public boolean isOnlyMandateAllowed() { + // TODO Auto-generated method stub + return false; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isShowStorkLogin() + */ + @Override + public boolean isShowStorkLogin() { + // TODO Auto-generated method stub + return false; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getFormCustomizaten() + */ + @Override + public Map getFormCustomizaten() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getQaaLevel() + */ + @Override + public Integer getQaaLevel() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isRequireConsentForStorkAttributes() + */ + @Override + public boolean isRequireConsentForStorkAttributes() { + // TODO Auto-generated method stub + return false; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getRequestedSTORKAttributes() + */ + @Override + public Collection getRequestedSTORKAttributes() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBKUSelectionTemplate() + */ + @Override + public byte[] getBKUSelectionTemplate() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getSendAssertionTemplate() + */ + @Override + public byte[] getSendAssertionTemplate() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getPepsList() + */ + @Override + public Collection getPepsList() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getIDPAttributQueryServiceURL() + */ + @Override + public String getIDPAttributQueryServiceURL() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isInboundSSOInterfederationAllowed() + */ + @Override + public boolean isInboundSSOInterfederationAllowed() { + // TODO Auto-generated method stub + return false; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isInterfederationSSOStorageAllowed() + */ + @Override + public boolean isInterfederationSSOStorageAllowed() { + // TODO Auto-generated method stub + return false; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isOutboundSSOInterfederationAllowed() + */ + @Override + public boolean isOutboundSSOInterfederationAllowed() { + // TODO Auto-generated method stub + return false; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isTestCredentialEnabled() + */ + @Override + public boolean isTestCredentialEnabled() { + // TODO Auto-generated method stub + return false; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getTestCredentialOIDs() + */ + @Override + public List getTestCredentialOIDs() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isUseIDLTestTrustStore() + */ + @Override + public boolean isUseIDLTestTrustStore() { + // TODO Auto-generated method stub + return false; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isUseAuthBlockTestTestStore() + */ + @Override + public boolean isUseAuthBlockTestTestStore() { + // TODO Auto-generated method stub + return false; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBPKDecBpkDecryptionKey() + */ + @Override + public PrivateKey getBPKDecBpkDecryptionKey() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isPassivRequestUsedForInterfederation() + */ + @Override + public boolean isPassivRequestUsedForInterfederation() { + // TODO Auto-generated method stub + return false; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isPerformLocalAuthenticationOnInterfederationError() + */ + @Override + public boolean isPerformLocalAuthenticationOnInterfederationError() { + // TODO Auto-generated method stub + return false; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getStorkAPs() + */ + @Override + public Collection getStorkAPs() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getReversionsLoggingEventCodes() + */ + @Override + public List getReversionsLoggingEventCodes() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isRemovePBKFromAuthBlock() + */ + @Override + public boolean isRemovePBKFromAuthBlock() { + // TODO Auto-generated method stub + return false; + } + +} diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java new file mode 100644 index 000000000..d33b157e0 --- /dev/null +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java @@ -0,0 +1,201 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.ssotransfer.servlet; + +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.PrintWriter; +import java.util.Date; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.velocity.VelocityContext; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; + +import com.google.gson.JsonObject; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants; +import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.GUIUtils; +import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.SSOContainerUtils; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; +import at.gv.egovernment.moa.id.moduls.SSOManager; +import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; +import at.gv.egovernment.moa.id.storage.ITransactionStorage; +import at.gv.egovernment.moa.id.util.HTTPUtils; +import at.gv.egovernment.moa.id.util.Random; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Base64Utils; +import at.gv.egovernment.moa.util.MiscUtil; +import net.glxn.qrgen.QRCode; +import net.glxn.qrgen.image.ImageType; + + + +/** + * @author tlenz + * + */ +//@WebServlet(name = "SSOTransferGUI", value = "/TransferSSOSession") +@Controller +public class SSOTransferServlet{ + + private static final long transmisionTimeOut = 90 * 1000; // default 90 secundes + + @Autowired SSOManager ssomanager; + @Autowired IAuthenticationSessionStoreage authenticationSessionStorage; + @Autowired SSOContainerUtils ssoTransferUtils; + @Autowired ITransactionStorage transactionStorage; + + public SSOTransferServlet() { + super(); + Logger.debug("Registering servlet " + getClass().getName() + + " with mapping {'/TransferSSOSession','/TransmitSSOSession'}."); + } + + @RequestMapping(value = { "/TransmitSSOSession" + }, + method = {RequestMethod.GET}) + public void transferToPhone(HttpServletRequest req, HttpServletResponse resp) throws IOException { + Object tokenObj = req.getParameter(SSOTransferConstants.REQ_PARAM_TOKEN); + if (tokenObj != null && tokenObj instanceof String) { + String token = (String)tokenObj; + try { + String signedEncSession = transactionStorage.get(token, String.class, transmisionTimeOut); + if (MiscUtil.isNotEmpty(signedEncSession)) { + resp.setContentType("text/html;charset=UTF-8"); + PrintWriter out = new PrintWriter(resp.getOutputStream()); + out.print(signedEncSession); + out.flush(); + + } else { + Logger.info("Servlet " + getClass().getName() + " receive a token:" + + token + ", which references an empty data object."); + resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Empty data object."); + + } + + } catch (MOADatabaseException e) { + Logger.info("Servlet " + getClass().getName() + " receive a token:" + + token + ", which is UNKNOWN."); + resp.sendError(HttpServletResponse.SC_NOT_FOUND, "Transfer token is UNKOWN:"); + + + } catch (AuthenticationException e) { + Logger.info("Servlet " + getClass().getName() + " receive a token:" + + token + ", which has a timeout."); + resp.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Single Sign-On session transfer token is not valid any more."); + + } + + } else { + Logger.info("Servlet " + getClass().getName() + " receive a NOT valid request."); + resp.sendError(HttpServletResponse.SC_NOT_FOUND, "Request not valid."); + + } + + + } + + + @RequestMapping(value = { "/TransferSSOSession" + }, + method = {RequestMethod.GET}) + public void transferSSOSessionGUI(HttpServletRequest req, HttpServletResponse resp) throws IOException { + //search SSO session + String ssoid = ssomanager.getSSOSessionID(req); + + VelocityContext context = new VelocityContext(); + + try { + if (ssomanager.isValidSSOSession(ssoid, null)) { + Object createQRObj = req.getParameter(SSOTransferConstants.REQ_PARAM_GENERATE_QR); + if (createQRObj != null && createQRObj instanceof Integer) { + + + + } else { + //create first step of SSO Transfer GUI + String authURL = HTTPUtils.extractAuthURLFromRequest(req); + if (!AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix(). + contains(authURL)) { + Logger.warn("Requested URL is not allowed.");; + resp.sendError(500, "Requested URL is not allowed."); + + } + + String moaSessionID = authenticationSessionStorage.getMOASessionSSOID(ssoid); + if (MiscUtil.isNotEmpty(moaSessionID)) { + AuthenticationSession authSession = authenticationSessionStorage.getSession(moaSessionID); + if(authSession != null) { + Date now = new Date(); + String encodedSSOContainer = ssoTransferUtils.generateSignedAndEncryptedSSOContainer(authURL, authSession, now); + + String token = Random.nextRandom(); + transactionStorage.put(token, encodedSSOContainer); + + String containerURL = authURL + + SSOTransferConstants.SERVLET_SSOTRANSFER_TO_SMARTPHONE + + "?"+ SSOTransferConstants.REQ_PARAM_TOKEN + "=" + token; + + JsonObject qrResult = new JsonObject(); + qrResult.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_TYPE, + SSOTransferConstants.SSOCONTAINER_VALUE_TYPE_PERSIST); + qrResult.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_URL, containerURL); + + ByteArrayOutputStream qrStream = + QRCode.from(qrResult.toString()).to(ImageType.GIF).withSize(300, 300).stream(); + String base64EncodedImage = Base64Utils.encode(qrStream.toByteArray()); + context.put("QRImage", base64EncodedImage); + + context.put("successMsg", "Scan the QR-Code with your SSO-Transfer App to start the transfer operation."); + + GUIUtils.printSSOTransferGUI(context, resp); + + } + } + } + + } else { + context.put("errorMsg", + "No active Single Sign-On session found! SSO Session transfer is not possible."); + GUIUtils.printSSOTransferGUI(context, resp); + } + + } catch (MOAIDException | MOADatabaseException e) { + e.printStackTrace(); + resp.sendError(500, e.getMessage()); + + } + + } + + +} diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java new file mode 100644 index 000000000..b53916338 --- /dev/null +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java @@ -0,0 +1,56 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.ssotransfer.servlet; + +import java.io.IOException; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; + +import at.gv.egovernment.moa.id.auth.servlet.AbstractProcessEngineSignalController; +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author tlenz + * + */ +@Controller +public class SSOTransferSignalServlet extends AbstractProcessEngineSignalController { + public SSOTransferSignalServlet() { + super(); + Logger.debug("Registering servlet " + getClass().getName() + " with mappings '/SSOTransferEndpoint'."); + + } + + @RequestMapping(value = { "/SSOTransferSignalEndpoint" + }, + method = {RequestMethod.POST, RequestMethod.GET}) + public void performSSOTransfer(HttpServletRequest req, HttpServletResponse resp) throws IOException { + signalProcessManagement(req, resp); + + } +} diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java new file mode 100644 index 000000000..e84c60ec5 --- /dev/null +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java @@ -0,0 +1,82 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.ssotransfer.task; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.velocity.VelocityContext; +import org.springframework.stereotype.Component; + +import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; +import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; +import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; +import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.GUIUtils; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; +import at.gv.egovernment.moa.id.process.api.ExecutionContext; +import at.gv.egovernment.moa.id.util.HTTPUtils; +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author tlenz + * + */ +@Component("InitializeRestoreSSOSessionTask") +public class InitializeRestoreSSOSessionTask extends AbstractAuthServletTask { + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) + */ + @Override + public void execute(ExecutionContext executionContext, + HttpServletRequest request, HttpServletResponse response) + throws TaskExecutionException { + + try { + //create first step of SSO Transfer GUI + String authURL = HTTPUtils.extractAuthURLFromRequest(request); + if (!AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix(). + contains(authURL)) { + Logger.warn("Requested URL is not allowed.");; + response.sendError(500, "Requested URL is not allowed."); + + } + + VelocityContext context = GUIUtils.buildSSOTransferGUI(authURL, pendingReq.getRequestID()); + GUIUtils.printSSOTransferGUI(context, response); + + + } catch (WrongParametersException | AuthenticationException e) { + throw new TaskExecutionException(pendingReq, e.getMessage(), e); + + } catch (Exception e) { + Logger.error(this.getClass().getName() + " has an interal Error.", e); + throw new TaskExecutionException(pendingReq, this.getClass().getName() + " has an interal Error.", e); + + } + + + } + +} diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java new file mode 100644 index 000000000..9521f264e --- /dev/null +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java @@ -0,0 +1,187 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.ssotransfer.task; + +import java.io.BufferedReader; +import java.io.IOException; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.lang3.BooleanUtils; +import org.apache.velocity.VelocityContext; +import org.joda.time.DateTime; +import org.opensaml.saml2.core.Response; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; + +import com.google.gson.JsonObject; +import com.google.gson.JsonParser; + +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; +import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants; +import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.GUIUtils; +import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.SSOContainerUtils; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; +import at.gv.egovernment.moa.id.process.api.ExecutionContext; +import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; +import at.gv.egovernment.moa.id.util.HTTPUtils; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +@Component("RestoreSSOSessionTask") +public class RestoreSSOSessionTask extends AbstractAuthServletTask { + + @Autowired SSOContainerUtils ssoTransferUtils; + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) + */ + @Override + public void execute(ExecutionContext executionContext, + HttpServletRequest request, HttpServletResponse response) + throws TaskExecutionException { + + Logger.debug("Receive " + this.getClass().getName() + " request"); + + StringBuffer sb = new StringBuffer(); + String receivedPostMessage = null; + String authURL =null; + try { + BufferedReader reader = request.getReader(); + String line = null; + while ((line = reader.readLine()) != null) { + sb.append(line); + } + + receivedPostMessage = sb.toString(); + + } catch (IOException e) { + Logger.warn("Received POST-message produce an ERROR.", e); + + } + + if (MiscUtil.isNotEmpty(receivedPostMessage)) { + Logger.debug("Receive POST-Message data. Start data-validation process ... "); + try { + JsonParser parser = new JsonParser(); + JsonObject reveivedData = (JsonObject) parser.parse(sb.toString()); + JsonObject reveivedSession = reveivedData.get("session").getAsJsonObject(); + String validTo = reveivedSession.get("validTo").getAsString(); + String entityID = reveivedSession.get("entityID").getAsString(); + String sessionBlob = reveivedSession.get("sessionBlob").getAsString(); + + Logger.trace("Blob:" + sessionBlob + + " | validTo:" + validTo + + " | entityIS:" + entityID); + + if (PVPConfiguration.getInstance().getIDPPublicPath().contains(entityID)) { + // stored SSO session data is from this IDP - start local session reconstruction + Response ssoInformation = ssoTransferUtils.validateReceivedSSOContainer(sessionBlob); + + //session is valid --> load MOASession object + defaultTaskInitialization(request, executionContext); + + //transfer SSO Assertion into MOA-Session + ssoTransferUtils.parseSSOContainerToMOASessionDataObject(pendingReq, moasession, ssoInformation); + + // store MOASession into database + try { + authenticatedSessionStorage.storeSession(moasession); + + } catch (MOADatabaseException e) { + Logger.error("Database Error! MOASession is not stored!"); + throw new MOAIDException("init.04", new Object[] { + moasession.getSessionID()}); + } + + executionContext.put(SSOTransferConstants.FLAG_SSO_SESSION_RESTORED, true); + + } else { + Logger.info("Received SSO session-data is from IDP: " + entityID + + ". Start inderfederation process to restore SSO session ... "); + //change to inderfederated session reconstruction + + Logger.warn("Device Session Transfer with interfederation is not implemented, yet!!!!"); + + } + + } catch (Exception e) { + Logger.error("Parse reveived JSON data-object " + sb.toString() + " FAILED!", e); + throw new TaskExecutionException(pendingReq, "JSON data is not parseable.", e); + + } + + } else { + Logger.debug("Reveive NO POST-message data. Start check-session process ... "); + + boolean isSSOSessionRestored = + BooleanUtils.isTrue((Boolean) executionContext.get(SSOTransferConstants.FLAG_SSO_SESSION_RESTORED)); + + if (isSSOSessionRestored) { + Logger.info("Found restored SSO session. Resume authentication process ..."); + executionContext.remove(SSOTransferConstants.FLAG_SSO_SESSION_RESTORED); + executionContext.put("sessionRestoreFinished", true); + + } else { + DateTime moaSessionCreated = new DateTime(moasession.getSessionCreated().getTime()); + if (moaSessionCreated.plusMinutes(3).isBeforeNow()) { + Logger.warn("No SSO session-container received. Stop authentication process after time-out."); + throw new TaskExecutionException(pendingReq, "No SSO container received from smartphone app.", null); + + } else { + Logger.debug("No restored SSO session found --> Wait a few minutes and check again."); + executionContext.put("sessionRestoreFinished", false); + + VelocityContext context; + try { + //create first step of SSO Transfer GUI + authURL = HTTPUtils.extractAuthURLFromRequest(request); + if (!AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix(). + contains(authURL)) { + Logger.warn("Requested URL is not allowed.");; + response.sendError(500, "Requested URL is not allowed."); + + } + + context = GUIUtils.buildSSOTransferGUI(authURL, pendingReq.getRequestID()); + GUIUtils.printSSOTransferGUI(context, response); + + } catch (IOException | MOAIDException e) { + throw new TaskExecutionException(pendingReq, e.getMessage(), e); + + } + + } + } + } + } + +} diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java new file mode 100644 index 000000000..ee7a397aa --- /dev/null +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java @@ -0,0 +1,148 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils; + +import java.io.BufferedReader; +import java.io.ByteArrayOutputStream; +import java.io.File; +import java.io.FileInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.InputStreamReader; +import java.io.StringWriter; +import java.net.URI; + +import javax.servlet.http.HttpServletResponse; + +import org.apache.velocity.VelocityContext; +import org.apache.velocity.app.VelocityEngine; + +import com.google.gson.JsonObject; + +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; +import at.gv.egovernment.moa.id.util.VelocityProvider; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Base64Utils; +import net.glxn.qrgen.QRCode; +import net.glxn.qrgen.image.ImageType; + +/** + * @author tlenz + * + */ +public class GUIUtils { + private static final String HTMLTEMPLATESDIR = "htmlTemplates/"; + private static final String GUI_HTML_TEMPLATE = "sso_transfer_template.html"; + + public static final int REFESH_TIMEOUT = 5 * 1000; //5 sec + + public static VelocityContext buildSSOTransferGUI(String authURL, String pendingReqID) throws ConfigurationException, IOException { + String containerURL = authURL + + SSOTransferConstants.SERVLET_SSOTRANSFER_FROM_SMARTPHONE + + "?" + MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingReqID; + + JsonObject qrResult = new JsonObject(); + qrResult.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_TYPE, + SSOTransferConstants.SSOCONTAINER_VALUE_TYPE_TRANSER); + qrResult.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_URL, containerURL); + + ByteArrayOutputStream qrStream = + QRCode.from(qrResult.toString()).to(ImageType.GIF).withSize(300, 300).stream(); + String base64EncodedImage = Base64Utils.encode(qrStream.toByteArray()); + VelocityContext context = new VelocityContext(); + context.put("QRImage", base64EncodedImage); + + context.put("successMsg", "Select the SSO Session in your SSO-Transfer App and scan the QR-Code to start the process."); + + context.put("timeoutURL", containerURL); + context.put("timeout", REFESH_TIMEOUT); + + return context; + + } + + public static void printSSOTransferGUI(VelocityContext context, HttpServletResponse httpResp) throws MOAIDException { + try { + Logger.trace("Initialize VelocityEngine..."); + + InputStream is = null; + String pathLocation = null; + try { + String rootconfigdir = AuthConfigurationProviderFactory.getInstance().getRootConfigFileDir(); + pathLocation = rootconfigdir + HTMLTEMPLATESDIR + GUI_HTML_TEMPLATE; + File file = new File(new URI(pathLocation)); + is = new FileInputStream(file); + evaluateTemplate(context, httpResp, is); + + } catch (Exception e) { + Logger.warn("SLO Template is not found in configuration directory (" + + pathLocation + "). Load template from project library ... "); + + try { + pathLocation = GUI_HTML_TEMPLATE; + is = Thread.currentThread() + .getContextClassLoader() + .getResourceAsStream(pathLocation); + evaluateTemplate(context, httpResp, is); + + } catch (Exception e1) { + Logger.error("Single LogOut form can not created.", e); + throw new MOAIDException("Create Single LogOut information FAILED.", null, e); + } + + } finally { + if (is != null) + is.close(); + + } + + } catch (Exception e) { + Logger.error("Single LogOut form can not created.", e); + throw new MOAIDException("Create Single LogOut information FAILED.", null, e); + } + } + + private static void evaluateTemplate(VelocityContext context, HttpServletResponse httpResp, InputStream is) throws Exception { + + VelocityEngine engine = VelocityProvider.getClassPathVelocityEngine(); + + BufferedReader reader = new BufferedReader(new InputStreamReader(is )); + + //set default elements to velocity context + context.put("contextpath", AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix()); + + StringWriter writer = new StringWriter(); + //velocityEngine.evaluate(context, writer, "SLO_Template", reader); + engine.evaluate(context, writer, "SSO Transfer Template", reader); + + + httpResp.setContentType("text/html;charset=UTF-8"); + httpResp.getOutputStream().write(writer.toString().getBytes("UTF-8")); + + } + +} diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java new file mode 100644 index 000000000..7c8a86f73 --- /dev/null +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java @@ -0,0 +1,481 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils; + +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.io.StringWriter; +import java.security.MessageDigest; +import java.security.cert.CertificateException; +import java.util.ArrayList; +import java.util.Collections; +import java.util.Date; +import java.util.HashMap; +import java.util.List; + +import javax.xml.XMLConstants; +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; +import javax.xml.parsers.ParserConfigurationException; +import javax.xml.transform.Transformer; +import javax.xml.transform.TransformerException; +import javax.xml.transform.TransformerFactory; +import javax.xml.transform.TransformerFactoryConfigurationError; +import javax.xml.transform.dom.DOMSource; +import javax.xml.transform.stream.StreamResult; + +import org.joda.time.DateTime; +import org.opensaml.Configuration; +import org.opensaml.saml2.core.Assertion; +import org.opensaml.saml2.core.Attribute; +import org.opensaml.saml2.core.AuthnContextClassRef; +import org.opensaml.saml2.core.EncryptedAssertion; +import org.opensaml.saml2.core.Issuer; +import org.opensaml.saml2.core.NameID; +import org.opensaml.saml2.core.Response; +import org.opensaml.saml2.core.StatusCode; +import org.opensaml.saml2.core.SubjectConfirmationData; +import org.opensaml.saml2.encryption.Encrypter; +import org.opensaml.saml2.encryption.Encrypter.KeyPlacement; +import org.opensaml.security.SAMLSignatureProfileValidator; +import org.opensaml.xml.XMLObject; +import org.opensaml.xml.encryption.EncryptionException; +import org.opensaml.xml.encryption.EncryptionParameters; +import org.opensaml.xml.encryption.KeyEncryptionParameters; +import org.opensaml.xml.io.Marshaller; +import org.opensaml.xml.io.MarshallingException; +import org.opensaml.xml.io.Unmarshaller; +import org.opensaml.xml.io.UnmarshallerFactory; +import org.opensaml.xml.io.UnmarshallingException; +import org.opensaml.xml.parse.BasicParserPool; +import org.opensaml.xml.parse.XMLParserException; +import org.opensaml.xml.security.SecurityException; +import org.opensaml.xml.security.SecurityHelper; +import org.opensaml.xml.security.credential.Credential; +import org.opensaml.xml.security.keyinfo.KeyInfoGeneratorFactory; +import org.opensaml.xml.security.x509.X509Credential; +import org.opensaml.xml.signature.Signature; +import org.opensaml.xml.signature.SignatureException; +import org.opensaml.xml.signature.SignatureValidator; +import org.opensaml.xml.signature.Signer; +import org.opensaml.xml.validation.ValidationException; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.w3c.dom.NodeList; + +import com.google.gson.JsonObject; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.exception.ParseException; +import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants; +import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.SSOTransferAuthenticationData; +import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.SSOTransferOnlineApplication; +import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; +import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.data.IAuthData; +import at.gv.egovernment.moa.id.data.MISMandate; +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion.PVP2AssertionBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoCredentialsException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SAMLRequestNotSignedException; +import at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider; +import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; +import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; +import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngine; +import at.gv.egovernment.moa.id.util.Random; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Base64Utils; +import at.gv.egovernment.moa.util.MiscUtil; +import iaik.x509.X509Certificate; + +/** + * @author tlenz + * + */ +@Service("SSOContainerUtils") +public class SSOContainerUtils { + public static final List REQUIRED_ATTRIBUTES; + static { + List tmp = new ArrayList(); + tmp.add(PVPConstants.EID_AUTH_BLOCK_NAME); + tmp.add(PVPConstants.EID_IDENTITY_LINK_NAME); + tmp.add(PVPConstants.EID_ISSUING_NATION_NAME); + tmp.add(PVPConstants.EID_SIGNER_CERTIFICATE_NAME); + tmp.add(PVPConstants.EID_SOURCE_PIN_NAME); + tmp.add(PVPConstants.EID_SOURCE_PIN_TYPE_NAME); + tmp.add(PVPConstants.MANDATE_REFERENCE_VALUE_NAME); + tmp.add(PVPConstants.MANDATE_FULL_MANDATE_NAME); + tmp.add(PVPConstants.MANDATE_TYPE_NAME); + tmp.add(PVPConstants.MANDATE_PROF_REP_OID_NAME); + tmp.add(PVPConstants.MANDATE_PROF_REP_DESC_NAME); + tmp.add(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME); + + REQUIRED_ATTRIBUTES = Collections.unmodifiableList(tmp); + } + + @Autowired IDPCredentialProvider credentials; + @Autowired SAMLVerificationEngine samlVerificationEngine; + @Autowired AuthConfiguration authConfig; + + public void parseSSOContainerToMOASessionDataObject(IRequest pendingReq, AuthenticationSession moasession, Response ssoInformation) throws AssertionAttributeExtractorExeption, ConfigurationException { + AssertionAttributeExtractor attributeExtractor = new AssertionAttributeExtractor(ssoInformation); + + //TODO: maybe change to correct URL + //set dummy BKU URLx + moasession.setBkuURL("http://egiz.gv.at/sso_session-transfer_app"); + + + String qaaLevel = attributeExtractor.getSingleAttributeValue(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME); + if (MiscUtil.isNotEmpty(qaaLevel)) { + if (qaaLevel.startsWith(PVPConstants.STORK_QAA_PREFIX)) + moasession.setQAALevel(qaaLevel); + else + moasession.setQAALevel(PVPConstants.STORK_QAA_PREFIX + qaaLevel); + + + } else { + Logger.warn("SSO session-container contains NO QAA-level"); + + } + + String authBlock = attributeExtractor.getSingleAttributeValue(PVPConstants.EID_AUTH_BLOCK_NAME); + if (MiscUtil.isNotEmpty(authBlock)) + moasession.setAuthBlock(authBlock); + else + Logger.warn("SSO session-container contains NO AuthBlock"); + + try { + String signerCert = attributeExtractor.getSingleAttributeValue(PVPConstants.EID_SIGNER_CERTIFICATE_NAME); + if (MiscUtil.isNotEmpty(signerCert)) + moasession.setSignerCertificate(new X509Certificate(Base64Utils.decode(signerCert, false))); + else + Logger.warn("SSO session-container contains NO SignerCertificate"); + + } catch (CertificateException | IOException e) { + Logger.error("SignerCertificate is not parseable.", e); + + } + + String idlStr = attributeExtractor.getSingleAttributeValue(PVPConstants.EID_IDENTITY_LINK_NAME); + try { + if (MiscUtil.isNotEmpty(idlStr)) { + IdentityLinkAssertionParser idlParser = new IdentityLinkAssertionParser(Base64Utils.decodeToStream(idlStr, false)); + moasession.setIdentityLink(idlParser.parseIdentityLink()); + + } else { + Logger.warn("SSO session-container contains NO IdentityLink"); + throw new AssertionAttributeExtractorExeption("SSO session-container contains NO IdentityLink"); + + } + + } catch (ParseException e) { + Logger.error("IdentityLink is not parseable.", e); + throw new AssertionAttributeExtractorExeption("IdentityLink is not parseable."); + + } + + + String mandateRefValue = attributeExtractor.getSingleAttributeValue(PVPConstants.MANDATE_REFERENCE_VALUE_NAME); + if (MiscUtil.isNotEmpty(mandateRefValue)) { + moasession.setMandateReferenceValue(mandateRefValue); + moasession.setUseMandate("true"); + Logger.info("Found mandate information in SSO session-container."); + + try { + MISMandate mandate = new MISMandate(); + + String mandateFull = attributeExtractor.getSingleAttributeValue(PVPConstants.MANDATE_FULL_MANDATE_NAME); + if (MiscUtil.isNotEmpty(mandateFull)) { + mandate.setMandate(Base64Utils.decode(mandateFull, false)); + + } else { + Logger.warn("No Full-Mandate information found in SSO session-container."); + + } + + String oid = attributeExtractor.getSingleAttributeValue(PVPConstants.MANDATE_PROF_REP_OID_NAME); + if (MiscUtil.isNotEmpty(oid)) + mandate.setProfRep(oid ); + + NodeList mandateElements = mandate.getMandateDOM().getChildNodes(); + for (int i=0; i features = new HashMap(); + features.put(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE); + ppMgr.setBuilderFeatures(features); + ppMgr.setNamespaceAware(true); + + Document document = ppMgr.parse(new ByteArrayInputStream(base64decodedContainer)); + Element domElement = document.getDocumentElement(); + + UnmarshallerFactory saml2UnmarshallerFactory = Configuration.getUnmarshallerFactory(); + Unmarshaller saml2Unmarshaller = saml2UnmarshallerFactory.getUnmarshaller(domElement); + XMLObject responseXMLObj = saml2Unmarshaller.unmarshall(domElement); + + if (responseXMLObj instanceof Response) { + Response ssoContainer = (Response) responseXMLObj; + + try { + SAMLSignatureProfileValidator sigValidator = new SAMLSignatureProfileValidator(); + sigValidator.validate(ssoContainer.getSignature()); + + } catch (ValidationException e) { + Logger.error("Failed to validate Signature", e); + throw new SAMLRequestNotSignedException(e); + } + + Credential credential = credentials.getIDPAssertionSigningCredential(); + if (credential == null) { + throw new NoCredentialsException("moaID IDP"); + } + + SignatureValidator sigValidator = new SignatureValidator(credential); + try { + sigValidator.validate(ssoContainer.getSignature()); + + } catch (ValidationException e) { + Logger.error("Failed to verfiy Signature", e); + throw new SAMLRequestNotSignedException(e); + } + + if (ssoContainer.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) { + + //validate PVP 2.1 assertion + samlVerificationEngine.validateAssertion(ssoContainer, false, credentials.getIDPAssertionEncryptionCredential()); + return ssoContainer; + + } else { + Logger.debug("Receive StatusCode " + ssoContainer.getStatus().getStatusCode().getValue() + + " from interfederated IDP."); + throw new MOAIDException("SSO Container has a not valid Status Code", null); + + } + + } else { + Logger.warn("SSO Container is not of type SAML2 Response"); + throw new MOAIDException("SSO Container is not of type SAML2 Response", null); + + } + } + + + public String generateSignedAndEncryptedSSOContainer(String authURL, + AuthenticationSession authSession, Date date) { + try { + String entityID = authURL; + AuthnContextClassRef authnContextClassRef = SAML2Utils + .createSAMLObject(AuthnContextClassRef.class); + authnContextClassRef.setAuthnContextClassRef(authSession.getQAALevel()); + + NameID subjectNameID = SAML2Utils.createSAMLObject(NameID.class); + String random = Random.nextRandom(); + String nameID = subjectNameID.getValue(); + try { + MessageDigest md = MessageDigest.getInstance("SHA-1"); + byte[] hash = md.digest((random).getBytes("ISO-8859-1")); + subjectNameID.setValue(Base64Utils.encode(hash)); + subjectNameID.setNameQualifier(null); + subjectNameID.setFormat(NameID.TRANSIENT); + + } catch (Exception e) { + Logger.warn("PVP2 subjectNameID error", e); + + } + + SubjectConfirmationData subjectConfirmationData = SAML2Utils + .createSAMLObject(SubjectConfirmationData.class); + long maxSSOSessionTime = AuthConfigurationProviderFactory.getInstance().getSSOCreatedTimeOut() * 1000; + Date ssoSessionValidTo = new Date(authSession.getSessionCreated().getTime() + maxSSOSessionTime); + subjectConfirmationData.setNotOnOrAfter(new DateTime(ssoSessionValidTo.getTime())); + + String sessionIndex = SAML2Utils.getSecureIdentifier(); + + IAuthData authData = new SSOTransferAuthenticationData(authConfig, authSession); + + Assertion assertion = PVP2AssertionBuilder.buildGenericAssertion( + authURL, + entityID, + new DateTime(date.getTime()), + authnContextClassRef, + buildSSOAttributeForTransfer(authSession, authData), + subjectNameID, + subjectConfirmationData, + sessionIndex, + subjectConfirmationData.getNotOnOrAfter()); + + String ssoDataBlob = buildSSOContainerObject(authURL, assertion, new DateTime(date.getTime())); + + JsonObject container = new JsonObject(); + container.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_TYPE, "SSO"); + container.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_VALIDTO, subjectConfirmationData.getNotOnOrAfter().toString()); + container.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_ENTITYID, entityID); + container.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_USERID, authData.getGivenName() + " " + authData.getFamilyName()); + container.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_SESSION, ssoDataBlob); + + //TODO + container.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_RESULTENDPOINT, "https://demo.egiz.gv.at"); + + return container.toString(); + + } catch (ConfigurationException | EncryptionException | CredentialsNotAvailableException | SecurityException | ParserConfigurationException | MarshallingException | SignatureException | TransformerFactoryConfigurationError | TransformerException | IOException e) { + Logger.warn("SSO container generation FAILED.", e); + } + + return null; + } + + private String buildSSOContainerObject(String authURL, Assertion assertion, DateTime date) throws ConfigurationException, EncryptionException, CredentialsNotAvailableException, SecurityException, ParserConfigurationException, MarshallingException, SignatureException, TransformerFactoryConfigurationError, TransformerException, IOException { + Response authResponse = SAML2Utils.createSAMLObject(Response.class); + + Issuer nissuer = SAML2Utils.createSAMLObject(Issuer.class); + + //change to entity value from entity name to IDP EntityID (URL) + nissuer.setValue(authURL); + nissuer.setFormat(NameID.ENTITY); + authResponse.setIssuer(nissuer); + + //set responseID + String remoteSessionID = SAML2Utils.getSecureIdentifier(); + authResponse.setID(remoteSessionID); + + + //SAML2 response required IssueInstant + authResponse.setIssueInstant(date); + authResponse.setStatus(SAML2Utils.getSuccessStatus()); + + //encrypt container + X509Credential encryptionCredentials = credentials.getIDPAssertionEncryptionCredential(); + EncryptionParameters dataEncParams = new EncryptionParameters(); + dataEncParams.setAlgorithm(PVPConstants.DEFAULT_SYM_ENCRYPTION_METHODE); + + List keyEncParamList = new ArrayList(); + KeyEncryptionParameters keyEncParam = new KeyEncryptionParameters(); + + keyEncParam.setEncryptionCredential(encryptionCredentials); + keyEncParam.setAlgorithm(PVPConstants.DEFAULT_ASYM_ENCRYPTION_METHODE); + KeyInfoGeneratorFactory kigf = Configuration.getGlobalSecurityConfiguration() + .getKeyInfoGeneratorManager().getDefaultManager() + .getFactory(encryptionCredentials); + keyEncParam.setKeyInfoGenerator(kigf.newInstance()); + keyEncParamList.add(keyEncParam); + + Encrypter samlEncrypter = new Encrypter(dataEncParams, keyEncParamList); + //samlEncrypter.setKeyPlacement(KeyPlacement.INLINE); + samlEncrypter.setKeyPlacement(KeyPlacement.PEER); + + EncryptedAssertion encryptAssertion = null; + + encryptAssertion = samlEncrypter.encrypt(assertion); + authResponse.getEncryptedAssertions().add(encryptAssertion); + + + //sign container + Credential signingCredential = credentials.getIDPAssertionSigningCredential(); + Signature signature = AbstractCredentialProvider.getIDPSignature(signingCredential); + + SecurityHelper.prepareSignatureParams(signature, signingCredential, null, null); + authResponse.setSignature(signature); + + DocumentBuilder builder; + DocumentBuilderFactory factory = DocumentBuilderFactory + .newInstance(); + + builder = factory.newDocumentBuilder(); + Document document = builder.newDocument(); + Marshaller out = Configuration.getMarshallerFactory() + .getMarshaller(authResponse); + out.marshall(authResponse, document); + + Signer.signObject(signature); + + Transformer transformer = TransformerFactory.newInstance() + .newTransformer(); + + StringWriter sw = new StringWriter(); + StreamResult sr = new StreamResult(sw); + DOMSource source = new DOMSource(document); + transformer.transform(source, sr); + sw.close(); + + return Base64Utils.encode(sw.toString().getBytes()); + + } + + private static List buildSSOAttributeForTransfer(AuthenticationSession authSession, IAuthData authData) { + List attrList = new ArrayList(); + + IOAAuthParameters oaParam = new SSOTransferOnlineApplication(); + + for (String el : REQUIRED_ATTRIBUTES) { + try { + Attribute attr = PVPAttributeBuilder.buildAttribute( + el, oaParam, authData); + if (attr != null) + attrList.add(attr); + else + Logger.info("SSO-Transfer attribute " + el + " is empty!"); + + } catch (Exception e) { + Logger.warn("Build SSO-Transfer attribute " + el + " FAILED.", e); + + } + } + + return attrList; + } + +} diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/resources/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransfer.authmodule.beans.xml b/id/server/modules/moa-id-module-ssoTransfer/src/main/resources/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransfer.authmodule.beans.xml new file mode 100644 index 000000000..62e9ac8fd --- /dev/null +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/resources/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransfer.authmodule.beans.xml @@ -0,0 +1,28 @@ + + + + + + + + + + + + + + + + + + + diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/resources/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferAuthentication.process.xml b/id/server/modules/moa-id-module-ssoTransfer/src/main/resources/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferAuthentication.process.xml new file mode 100644 index 000000000..e7d98c8c8 --- /dev/null +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/resources/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferAuthentication.process.xml @@ -0,0 +1,24 @@ + + + + + + + + + + + + + + + + + + + + + + diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/resources/sso_transfer_template.html b/id/server/modules/moa-id-module-ssoTransfer/src/main/resources/sso_transfer_template.html new file mode 100644 index 000000000..962faa58f --- /dev/null +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/resources/sso_transfer_template.html @@ -0,0 +1,447 @@ + + + + + + + + #if($timeoutURL) + + #end + + + Single Sign-On Session Transfer + + +#if($timeoutURL) + +#else + +#end + + +
+
+

MOA-ID Single Sign-On Session Transfer Service

+
+
+ + #if($errorMsg) +
+

$errorMsg

+
+ #end + + #if($successMsg) +
+

$successMsg

+
+ #end + + #if($QRImage) +
+ +
+ #end + +
+
+
+ +
+ + + \ No newline at end of file diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/test/java/at/gv/egiz/tests/Tests.java b/id/server/modules/moa-id-module-ssoTransfer/src/test/java/at/gv/egiz/tests/Tests.java new file mode 100644 index 000000000..d30c1f524 --- /dev/null +++ b/id/server/modules/moa-id-module-ssoTransfer/src/test/java/at/gv/egiz/tests/Tests.java @@ -0,0 +1,74 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the \"Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egiz.tests; + +import java.io.IOException; + +import org.hibernate.mapping.Map; + +import com.fasterxml.jackson.core.JsonParseException; +import com.fasterxml.jackson.databind.JsonMappingException; +import com.fasterxml.jackson.databind.ObjectMapper; +import com.google.gson.JsonElement; +import com.google.gson.JsonObject; +import com.google.gson.JsonParser; + +/** + * @author tlenz + * + */ +public class Tests { + + /** + * @param args + */ + public static void main(String[] args) { + String json = + "{\"data\":{\"session\":{\"validTo\":\"2015-10-09T10:55:34.738Z\",\"entityID\":\"https://demo.egiz.gv.at/demoportal_moaid-2.0\",\"userID\":\"Thomas Georg Lenz\",\"sessionBlob\":\"PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c2FtbDJwOlJl\\u000ac3BvbnNlIHhtbG5zOnNhbWwycD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4w\\u000aOnByb3RvY29sIiBJRD0iXzQ5ZjgzMDIyZjRkZjFjODMyMDNlZGU1NTQxZDY1ODU4\\u000aIiBJc3N1ZUluc3RhbnQ9IjIwMTUtMTAtMDlUMTA6MzU6NTEuMDI0WiIgVmVyc2lv\\u000abj0iMi4wIj48c2FtbDI6SXNzdWVyIHhtbG5zOnNhbWwyPSJ1cm46b2FzaXM6bmFt\\u000aZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIiBGb3JtYXQ9InVybjpvYXNpczpuYW1l\\u000aczp0YzpTQU1MOjIuMDpuYW1laWQtZm9ybWF0OmVudGl0eSI+aHR0cHM6Ly9kZW1v\\u000aLmVnaXouZ3YuYXQvZGVtb3BvcnRhbF9tb2FpZC0yLjA8L3NhbWwyOklzc3Vlcj48\\u000aZHM6U2lnbmF0dXJlIHhtbG5zOmRzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5\\u000aL3htbGRzaWcjIj48ZHM6U2lnbmVkSW5mbz48ZHM6Q2Fub25pY2FsaXphdGlvbk1l\\u000adGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4\\u000aYy1jMTRuIyIvPjxkczpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8v\\u000ad3d3LnczLm9yZy8yMDAxLzA0L3htbGRzaWctbW9yZSNyc2Etc2hhMjU2Ii8+PGRz\\u000aOlJlZmVyZW5jZSBVUkk9IiNfNDlmODMwMjJmNGRmMWM4MzIwM2VkZTU1NDFkNjU4\\u000aNTgiPjxkczpUcmFuc2Zvcm1zPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRw\\u000aOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjZW52ZWxvcGVkLXNpZ25hdHVy\\u000aZSIvPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8y\\u000aMDAxLzEwL3htbC1leGMtYzE0biMiLz48L2RzOlRyYW5zZm9ybXM+PGRzOkRpZ2Vz\\u000adE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1s\\u000aZW5jI3NoYTI1NiIvPjxkczpEaWdlc3RWYWx1ZT44eE9qNmlYVzhIQzk5UGhETEZ0\\u000aOVp0M205VWliaVdrdHMzaWVQTS9CZlFZPTwvZHM6RGlnZXN0VmFsdWU+PC9kczpS\\u000aZWZlcmVuY2U+PC9kczpTaWduZWRJbmZvPjxkczpTaWduYXR1cmVWYWx1ZT5mNjM2\\u000aYjVBeGx6THdUL0I1SmdLdnhNN0haK1lEZGVldUdaRUlxc05KdHdiN05TVFhlbVFC\\u000aTExObDlJTk1aUW1Ybkx3ektCc0pra0tGTXl3MkpsNXVYcWlHWVBzMExTWTNiWTdj\\u000aTTZoeHpDaGdVVHRMWXlPcE9qemxxbE5CN2FKTVpZWU10Q2phcWNqSmxVM0wxTjBv\\u000aYUJ5QlRjaTRHdjd5TUJkdE9nRElHNVVpVEppVmVNOURZcUowZFVaZDNRcG1BK0Zm\\u000aUm10WFVzaVRzU0N0b3lWVHlXYTJWemJweTZxcDMwWkZSTU03LzU0Q0NWZHIvaDZW\\u000aTnZCQ1YydkFEMWdZaUg5VG41aTRSRmRWMFBKNTkrNS9HYXVUMm1HSVRUVmNreVk2\\u000aRlJQSjI2MUV0bmdScE8xK1FYRDZwQVZBM2V6Rm9ZbkkyQ2dYdHQ2K2EyTkV3cnBO\\u000aaHc9PTwvZHM6U2lnbmF0dXJlVmFsdWU+PGRzOktleUluZm8+PGRzOlg1MDlEYXRh\\u000aPjxkczpYNTA5Q2VydGlmaWNhdGU+TUlJREZUQ0NBZjBDQkZVQm5MNHdEUVlKS29a\\u000aSWh2Y05BUUVMQlFBd1R6RUxNQWtHQTFVRUJoTUNRVlF4RFRBTEJnTlZCQWNNQkVk\\u000aeQpZWG94RFRBTEJnTlZCQW9NQkVWSFNWb3hJakFnQmdOVkJBTU1HVTFQUVMxSlJD\\u000aQkpSRkFnS0ZSbGMzUXRWbVZ5YzJsdmJpa3dIaGNOCk1UVXdNekV5TVRRd016UXlX\\u000aaGNOTVRjeE1qQTFNVFF3TXpReVdqQlBNUXN3Q1FZRFZRUUdFd0pCVkRFTk1Bc0dB\\u000aMVVFQnd3RVIzSmgKZWpFTk1Bc0dBMVVFQ2d3RVJVZEpXakVpTUNBR0ExVUVBd3da\\u000aVFU5QkxVbEVJRWxFVUNBb1ZHVnpkQzFXWlhKemFXOXVLVENDQVNJdwpEUVlKS29a\\u000aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBSUp2MHFlOVVkdkZZU0w1STAy\\u000aR29rd0VWZnNJR2M3STdFaFZOT3hZCjltdFVlbm1ocU5yTHNMQkZnMUlpUGJrMElT\\u000aV2hPUndQeVZwL1AzK0d5R1AzMzlxWjY4VUNHVjM2MUUwUW03Y2pQZS9PMytyM0hB\\u000aTTIKWkJOOG9BWm9IbXBock5TNmZLZlk1OGt5Z3RyVWErWnlNellXVFRpUzMyU0NN\\u000aOEg1NWJsdUVGYmVaa3NuYlAwWTk0SWprZkpkZ3Z6bApNeHpybFN5b1YyeW1XQmp2\\u000aUzV3ZWxESGdiQ0t5anNqSWhUUmpKdS9vbEdKeWVuMDEvRXBJVnRTeURYTy8ySVMy\\u000adjJPOVVpRndBb3lCCllBalBubDNIeEsyQTU3N25SNjNNeGxnUDAvcytyODR1QnFP\\u000aQWxiNHFuYnBVN2x1NUd4bENQa1ptcFJvb0NRWVVSaW9DK3dqUzZsTUMKQXdFQUFU\\u000aQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFCcU83a2txL2dSYWhBdnBzUWc1TExa\\u000aUk9HRnI5cElQcnlOOXhtSkdnUG83agpLTmw3cnM3Z05TMGxtdWx1WVdXbkpjd0FQ\\u000aYndGZWI5NTRWTUI5eDlwOVFFdzVSblhhbVVZOXFhMExnY1MvdC9XWDZ2SmtaUE5o\\u000aV3BoCjhiWHdoME12bHNiZnJ2RFRKcjhjakgzcWZ4SVRwN3BhM3hiMXFFN3N1UmZm\\u000aVlVkRFhhd2lYWG5XSi9XSnIrdHdWVkhIRXFuWnoxbEEKclNETHhNOHNDakc4RGVK\\u000adzh2blF5NW1QR3JHVlRCYmE0dXBjOFVUWTFuUFY5VTJHQkpWWXVBa29WUmpiVGxO\\u000adnJMNUpxTnF5cEtjRwpiZWpqV3hncnpaa2VRZVUyaEZjanVubWd3R1ordWcyZnE0\\u000aa0trUWZ0d2NxZUpUenl6Qm9vMitPbzRUbWZic2gvb254UFdBPT08L2RzOlg1MDlD\\u000aZXJ0aWZpY2F0ZT48L2RzOlg1MDlEYXRhPjwvZHM6S2V5SW5mbz48L2RzOlNpZ25h\\u000adHVyZT48c2FtbDJwOlN0YXR1cz48c2FtbDJwOlN0YXR1c0NvZGUgVmFsdWU9InVy\\u000abjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpzdGF0dXM6U3VjY2VzcyIvPjwvc2Ft\\u000abDJwOlN0YXR1cz48c2FtbDI6RW5jcnlwdGVkQXNzZXJ0aW9uIHhtbG5zOnNhbWwy\\u000aPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48eGVuYzpF\\u000abmNyeXB0ZWREYXRhIHhtbG5zOnhlbmM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEv\\u000aMDQveG1sZW5jIyIgSWQ9Il8zZmQzNTg5MmU5YThlYWNiOGUwOGYyODBhODNmY2I3\\u000aNCIgVHlwZT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjRWxlbWVu\\u000adCI+PHhlbmM6RW5jcnlwdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cu\\u000adzMub3JnLzIwMDEvMDQveG1sZW5jI2FlczEyOC1jYmMiIHhtbG5zOnhlbmM9Imh0\\u000adHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jIyIvPjxkczpLZXlJbmZvIHht\\u000abG5zOmRzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj48ZHM6\\u000aUmV0cmlldmFsTWV0aG9kIFR5cGU9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQv\\u000aeG1sZW5jI0VuY3J5cHRlZEtleSIgVVJJPSIjX2E3NDBjZjA5MTViZDE1MmRiNzRk\\u000aMDNjZDQ1NzUyMTM3Ii8+PC9kczpLZXlJbmZvPjx4ZW5jOkNpcGhlckRhdGEgeG1s\\u000abnM6eGVuYz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjIj48eGVu\\u000aYzpDaXBoZXJWYWx1ZT43R0hKY0NYYXlzME1pY2ZvYXc3cnFNeTZ1bUQyd0FEQmtH\\u000aOThKclJ2UUdMczJneTBOSWFvSlM2SWM1Z254RXBNcUZHZ2ZLNHBBWGxRUVh3K1h6\\u000aY0RNaURhY2tqS1c5ckptNTh0b3dxNmFEbWVIU2doTTRDVzhVb1RaQlFlazVvY1dU\\u000aNmRIT3hPVzFFOFUrTXprTEg1NjVXUWxLYkdHamVSSGNzb3V3MXFuNk1XS01EU0V4\\u000aRzQrZERzSVliMk1uaEc3OEh6TDNZK0VMVG40TWd1cXF4bmpTVC9rRkpTK2dSMm93\\u000aL2tHVHN2ZnlLWmdMZUVYTzRpVHlNM2RzRk1Ma05rM0tHSHVHRmhGeUxycUR3Sko2\\u000aTmY5OVZRTmlDZDlrUnpxOE1qWklpNWQ0SjlhSmgvRk93NFI0TXAveCsvaC9hYVhk\\u000acDVyQ09CcUVaZ3FZUXlqT2FIMlAxRHR0VkU5SU5xS2w1OXh5ZTJaR0tDd1p5TTgr\\u000adWdSRnVDbTJ2RFlRSUx1T1RTaVNpbkJsNnBpLzFYRktNL1lVbTRJMXA0N21LNDlE\\u000aeW9Ia0lBaUk0NjQ2ejNJZ0tMZTBnaFlQYUlvTHhNcDE1ZE83RHRDQzhsZnYwb3Qx\\u000aYVdvTy9TcGpXaVJiOEhCaXdleGxTdHV4dVorUGVqZDlzUS9neTNFOFp1MWJXRmsv\\u000aTDVrNTZqUTAxZStIcEdORW5FSml1c1RHWldMRTZBY1lvd1NCeEZidC9RUHhGTlhh\\u000aRFBmcmlGRGZMK1RuMngyc2Rwb1RlMVpZM1JnZXo5b1Y2QUtJQWZZWC8zMllsT0NK\\u000aTlV5Myt4OU5teHljOFdKNTBjQ2RTd3ZuNTRBc1Z2U0xYRi9sbHIwQmh2cWRWQ0dP\\u000aTy82WGQvdEtpblFPWHdmeEJBMDVJZSs5MFZhU1J2NGFrRXJ4dHhrekVIeXB3R01j\\u000aVStieTYybDh5Q2Qya01vMnpQK0hmZ3NkTU9Ba2hrbDUvRXB2NVdiZGMzeElKRUhK\\u000aOVptbitUdGNWR2FiOHNPeSsyblIwQWNwZDJxeVIvNkNUd3dodk5nbXF1TldiLy9P\\u000aaGNxdDMvR1dPZkt0NGhrRnQxeGE2allTSXVoNHVWMHJqcENvK21ISFk4ZFZaTGZ6\\u000aNE9oR3dpNGd4bDBlV3hYUWF3UGpMWlI5RzdpQ1NCT2ZPV0d5bkdydklKSFF2VUJD\\u000aUVUwLzh3eFNxRmkxcVdQVXN2ZWtxV012SFpYTGdMMGZNYUJEa1ZZTm5YT2FlalJU\\u000aVHNZeENZc1AxYlRCNDY5ZytjRkQ1bEd0VDErTi95S3dKOUJTTGhaenhzRVhVWkhG\\u000aQ1NJTk1vTTlnaVF4TzI2L0VLUENMdXp2bnkyN3orNWdxcURkVzhlVUFCUmEyeFpp\\u000aZ204YmFkSllGWE12dkdDUVBjcmhiN3c1c3dSL2I1TXNiZXV4L3F0RFQ4R3VWcUNG\\u000ac3JDL3E4MlZpOUd5b3VCWDdGRk50UWhWRDFFVWtCQWZTYWE2UDhKU2VPdE01TVYr\\u000aV21OcGJrQ0U2M2hZS2g4cHN5MUdMdlRZRVA3Slh3TmNIWXlmS3FtdXk5S1dOVmUv\\u000aT2JPZTM5azhCWE5tWE9DejRJay93ajZqaU1DWEsrblhwdTBZQ1Z2ODJXM1BMeGlR\\u000ab1liRURMMjNHV05sNFFHQzQ1dE45WUpwK29CSGZjRStmUHk4S1FrOFBDK0s4SFFr\\u000aK21HV3NkTVUxUitTaTExY0VYdzBKTTRTczJzTWpZb05tQXd6a2RvRHliVkdnK3B3\\u000aSnUrUmFmaEJrSmpIU0FMeVQ3Y1R3dncrOW56S1BIdUhvWW5wSTRLQSt6U2xrYkUr\\u000aQ0dSbzd1MUxXVFl0cGZTYnFtd1NjYVlxU01WaTZ5QVdkRnoyS001LzlkVHB6alBY\\u000aNGhOZW82ZE96eVRHUkFMVnVUZi9Ma0RqaElqWGJ0Z2J6ZnU0aWdrWXg3Q2d1RnZ0\\u000abVlkTEhNSE4yRnFOTkN1UWk2bTJLUGYyUG5HdmVrSFVwMEJYZ3NEOUhkZFJtNHBF\\u000aYnE1VEsvV05RTzBuS0g0M1owOU9NcWZZbHEybk5mTi84ZnMyTjc1c2h5NmtheElK\\u000aL0FZUlNkOUU5M1VjOWJmV2FIeUwraWNNTE1GelU5MytMZlhpREkyWDVScEVtSnFB\\u000aSUMwVlJ0NWtXdnlVNGVlWnhOdE8zWUtxUnN2YVo0dzhnZ0I3dkxheFFKUWtnMWhs\\u000acVAzQzhDQW5HWnkrdDR5alRVejA1LzlpQi9HRk1DdDNteEpPajUvaVdTOTZRRW54\\u000aVm8wdVYvYzhDRFd6OERHYzYvLzFBQzBWS0VmaGRsSmFGOHg1NzVHNTI2dHoxTVln\\u000aMHBaaitNRzlsRUxkNm12d011cVE3VEVZdEYyN0Y4Vk5iQ29ZWXUraDhJTCs1Y0Vr\\u000acnBjakUzMm9MbWx4ZjBjNnpZaDhwa3FsVTR2RHlQeGJJcm50WkFPcThMUzk5Vktr\\u000aUjdFL0w5OXNoZUxqd3I0bTJtQ21CZ2tGZVZhVG1Ca00vSFd4MUNEYjlIcVM0N25Z\\u000aSWJaQW94ampIK0QzR1EweXlES1R3aG1iSXNHMFQ4Ry96eStRR0pmNkg2MXg0M1ZJ\\u000abkNwRkxmQjNiQUNJay9OanhCeFdheGVwMXRMMTRBSlRMZlROTnA3K3dCT016THhm\\u000aSHBjSUlWT2dOeXJ6UVk2Q0x6eXlDM2hub212a0hadFJ2WmpBYmExMmJSZ3VoTUJX\\u000aOFZiaHNKMmZaekZ3TXp0amxzSEkwREc2OGs1R0JDemFDQVRPZlBBWnFPN2lEQ2JC\\u000aMW1KSEgzTmxvQ2xuL1pTY01rOUVqTERyTndIWHZ4ZEFTRFMwS1RrZVNxS21TZm54\\u000aUWlSQ3lLNjhrSEZNc0trUTRYS3JKZjZGMWRreVYrL3NFdzRsS1FFYW52VkVVSTJx\\u000aUExDSVZnVWVkQVFaeFAxeVp0dDA1V2ptSUdhZnhQMldWNE9PYm8vTGFaamo0YW9H\\u000aNjNxWkdGdGJyWUt4TVc1Ny9RL0ZkbjN5TUpmUlkxVGU0UCtpTTNHUjNRcU1QeVMr\\u000aZWZDMlRDNk9pYithOHZ2SVcxTFI4OGV0V2t4SHJzMEpVcVRpM1ZEY1lXNEcwUHVn\\u000aTFhsZEYwWVVod1RLaTlOUjZmWTNXMXBTQUlNRGYvbk5hcVBIUnNLVWU4Z3pwcll3\\u000aOUdWLytXWjkrNUxEQnYzWmNKVGlLcllOcG1TUHl2MDdvNWx2Mmo2MXJtaEdsQVJ6\\u000aODJzWlhDUzA5K0lyaUpmVUg4bko0NFRFUk8wb1pBd2RxZWhEVmQ2YzZIV044dlJI\\u000aeEVJZWhmeXJhUVZ5Q3FlQkU3d3VPcXZFSmI2R0Urc1czNlBMNGFwT2ZMcCtISU5V\\u000aMkRhbVBrWHJWdVV6Q1dWZWlXaGIzSVBPNk81WkNENVp5RHlQc0liV3RuMnc2bnpI\\u000aU3EyUDhOdmZZRHhTcmM2YlU1aThoQ0FOZFdudTliMWJia0tXTXhUazhjamQ2bk8w\\u000aN1FtZnJFZGJCQ1ptWmh6blJ2cmRYMDdHSXo0YXhtM0Z2UHBtazBvZ1FaUzBieDd1\\u000aSWhFTDhGR2ozQW9lSllpOFB0dFA3NmFKaTRPYndlUmhlWVE2L1p0NHlPcXhabUph\\u000aMEFnTjJieTlpT1kyZ2tLclg2RTY1UWMzM2Q0Wlh6aXdDc1BsNVlGQmY1bG9ndGFE\\u000acXFVU0p1TEQyUEMyZEZNeDAzaGkrcUpSNmxPZ3ozYjJrM3dUTjhGTjJBMnQycHo2\\u000aNjJSS3IyQVRuSklrZkdndHVTcFlicGdab05VL0pheS9qMERWMXRaMkFmODdsUU43\\u000ablphdmF0YjVvbWx1Vi8yU3ZVYk5rbW1HdUhrTmFjQnNuTjIza3FOTEFrMmZvQ0xZ\\u000aT1FZaG5uQm1ZTUdYdS9tOG9haXdmUzhxRlZyYllTc0tKSWpLU1ptaFZBU3hXa01t\\u000aT3lSVUcrYkhlQ3RuT3ljWmlhb25XZElvbFUzT2hJMi9JTkpDSUNzQjJNWGhtNkpa\\u000aOEFtcUlqSGQxR1JvVElRTDlFNlBUbGF1MVB5dDhmbnl0aERac2R5L1dmMGU2SGRy\\u000abXJleXBiaE5PYTh4NUF4ckhaRGxjemttaUJyOHEzU0dYU1JVWUt0YndGUk5DZjFX\\u000aYkVyci9uN3duVmlZOENiS0wxZGJzMzlDNmtaVGlUVE16b1NCaFVKcW0xeUpHZUM3\\u000aT2pLRC9VNUFUK2NmOXV3c2hVNDhKZHNUNDVOWjJnOFNkL21xODlyTFBRVTAxNG9h\\u000aNUhRbzV4bEkvaldPUE1MM0R3MmtFVkkyZ3R0eG5HamExVk9aZVlJSGM1amJWenBx\\u000aSDMxZ2ZNYkZLTTNqNHRyaFVKVmFyM29ZWndZWnR6c1IyNmg5NWxIVlNNQzJ2MGZH\\u000aZ29nRFBMYzROejFtelNUNzQ2OFFTeVJJTzZtOTVTOTV3UWxiWXFoRzhMLzJsZW13\\u000aS1JNMUNUSGVUeVFjQlRNb1lrdU9wNFRZaVlXZzAwMjlXelNyMkhCUlFXZm9zNzc0\\u000abWlBbjBEQWtxcysybzFOdUtjTmU3cVFmY1Vnd2lHNzZJK1FZcEZPbkJSeUh1d1px\\u000acHR1WmpKTWV5amtZWC9wRE5VRkxYMmNWRGgrT0FSRUFaT3NBSVlPbnU1OWZnRHVB\\u000aM2RrOVNHMGVIclNXVkR2dU5yTDJiWm1hUXJxQmZ4bXRaall2Q0lmdDFXcmQvUkFo\\u000aeUs4bEFMNWFJZ1pZajV4WjBtV2hXd2hHTFBKNXBnMXpCeHFmZ2hyNzhRSVBQNGEr\\u000aT3YwU21qTmdwbVNQQzc4d2RPNVh6N3NzeU1mUC9uWkhVZEVJbUNqUGVMM2lJalhn\\u000aVVY1SjRnckc1cWY3WHZJQzBpNGZBdktnZ01LYXFYWGRZclBCZzFWQm5vR3BNVWZm\\u000aUU9Wa29pcjNjL2hYNWxlN1BoQlp3OVlWaEN3UDg2VU1oeGFmclp6blQzbnVUV0lL\\u000aRUMxOWVXNDJSak0wU3V2dWlreFY0L1o1UUhxcUtvNmRPamJZL1NKR1FQU1VWczdx\\u000aU3owNks1bTF4Q3Mybk51QWR2V0lVS25leE1oRUxsRTVGbGJQVkZ0Nkc3d0dLNUxv\\u000aNkV0bVZPWnE3bXpxWS84RHdUMnpUbm1UbW1lZEdIZDlUUWRCM1gxU2orUHlFRDFr\\u000aT01kYUkvVlVOWCt4bFlmUkd4RHF1Rlp2YmdTVSsxaDJHSjQ5M3VsYk9KVmJjeXpP\\u000acFFmTks5UTNNNEp2V1hPRVUzT2NPVkMwbkZGUUVEbDFEZ2h2Wldoeit6dy9sZkg1\\u000ab3UvV0kvOUpmKzB6ajJNNDE2YytTbkpneCtaSVZUd0lTQlhDc1NicW5tbG54ZE9a\\u000aSnhrbElrWXlwMGVNZ0RkTzZscHdTbXlLc21KMFVaM3ZPUFRuQXBxdTROeUxLOXUw\\u000aNzFZRVB5WUhWWnRXOUdITm5LM3RvZm5TVVZpMSsrVEx5bDY4aWRqS0RCa2hFVWNy\\u000aeWU5QkFhak1VR3VSc00zQ0RNZGlrSEd6eDVwM2RoeGIwczJTcGhxREhFLzJMSlBj\\u000aU2kyQkFVWTA1WXNDUytiWDgzb3VESDRXSmozZDM0NFFTcnFwQnk0ek11UHJPdWdT\\u000aRWo1a1Z1MjhMT1RKcnZPL09jbmxoTUYvWndielBRVVI5TmhUV21GOFV4WEE0Vjd0\\u000aK2RQNDVnTFFvYnNnVHY4MXkrUDVuTnZ2alNtL2I3aVpzZXJhV0VaSHlwNGo0bis0\\u000aSWJJTmZrcXVYVG9pcTlyVHFvZFdyemN4TkJCdDBOMTFtRWpwM2ZvYjJiVFU5QkVn\\u000aalZlTHRFSGxqVFJJV1ovK1IvTHpTaXRJL241MlNvTUI4RlVZc2lXQzF3WVBOY2lR\\u000aeEJYdFRNZ2xLY3NiVkUyN0dxSEtueDVkMlVHSE9iQVVIOGpKdmVaZUNRYVExWEZu\\u000aZ1ROdXVNcVBzdERaSFNPQ1pWVXhJajkyQTFUNkVTaFo3cTY1VjhadFEwNmdYb3dB\\u000ab1ZDc2xjaUJEZHZwUEZCL2FlV3hjbHc3cFZBQ2xBQ0ltVmhMRG5YNEtGWUNIUE5n\\u000ac2FLYU9ua05SVVZSc0Vad1pad2x2bklRdXpBRW9KTmtremd3Z2dtdHgyL09EK0NY\\u000aaVlLdE5pT3hHWDlKZEUveVovUk9qbHlSNUo5Q09CL3JNMmdlY0FWZ2dmcXQ4RUc5\\u000aQUJNVHZhN3RpVHF0M2Q4V2NjREV5S1F0aTlySXhoNWZVWGkwbTFrNlJGblNEajZN\\u000aRXZBNjBULzRJY1hPUERtYTJ2WU9EZ0NBS21IMWtnNzY1dDI4MFNtcFNnMFlnQUpV\\u000adkphSXlsdGY4VWhPWE9DdE1RaXdEVlVjSCtDTHBiSXh4a25Pa2Q5K1hYNDU3bm1j\\u000adjc5S0FMbzRjbEp0RWpqS3h1aUIrK1ZwNGxzRVlENkI2RVkzMjJiNmk4ZExkQkJu\\u000aZ0JKdXUwMDFBSjlWUFlIWlJBeDNRNDh4UU11dUp3WWdZNmlEV3hzY3lheDdENkxu\\u000aS2czbnBaYmhmVzRlc1l2NjBqdkhTNDZwem1lSlVKVmNmVUFFeWQ4azFXK3huWHFi\\u000aN1dxRFRGNXhaTHgrZHRlQk90UmR5U1NIR2cvcUhQNEFvZ3VSc2JvVFU5OEJqOWIy\\u000aSysvSEU0ZTIveDk2bkg3VzRlU0tGRGsxaWxoNk9EckE5SE1uQ3h1QWFxZXB5VTFo\\u000aRGNsZjNEVXdGamdRR3Vnb29TNHpITElvbnpxVFVjcTRzcC9SZ0YzRk00TGxpL2NC\\u000aTDdSbTYxMHZBYUprcmZWRG1JZGZ0NHd0SVVTVysyRGtoQ2lyb21LL3RLckZUbC96\\u000aTk5HMGpBTmo3SjllRWhQaE9kdzFVMHRlN3ZlakVwMGRLb09NRkRTSTNaWWJieWNs\\u000aUHJ3bkw2ZW5ocmlrWHBzNXVMVDRqT2p2NFVJSVRQSjJLN2NjWUZmQzJqZlJKMDJt\\u000aRk1wRkc0MGplcEdHblJ3cTNRZzQ5NEVhVGN2dG13SVdjbEtlVmJ5MW04N3ppc3hV\\u000aT1JWQXlnUlljU3ZvVXdxdWMzakx3MGJYVzBmUkFYVTMyaFlWUWZJUTFwY01pSDRW\\u000aRStyL3AvRGpJWS9zYngzVm1Hc1dCTGhNOFIweElVWm5YSnJyejk3S09GQkE3NGdu\\u000abVluSXJQa3lmT2hQUGVFSDQyL2VpRHUybWRWL2U0UGEzS1VLZFhjeUo4cm85MjZC\\u000aSTF3aGk4Q2h4SVVtZzZNaDQrOHg4YjhjS3VpZWtFaWZ2cU52aG1KQ3hlaThTYSty\\u000aUVpQMEx2aHAvekEwRWIxY1d0ek1VTUlFdUhJcDREa1hhY1dNZ2NuV3U0L2d4Q3Vi\\u000aMXhHaE5xWDI5U2p4SUhHeFdJRkNvQU9lVkNkL2xiSlFPS3V4R3BnMmR2RjdDUUhM\\u000adGYxQVRQaEQxRVNsNnR5dTg0dndWcTk3U3lTcktweWJxenZydHdSTFhwb0kyUHA5\\u000aWEd6S3BtaXIrT1Fva1dwSUhZTElzU0hmditDWjJDaW5aaUpEWWdtL3ZyOUZWdFpv\\u000aU0JKN2puYlA2TkpKYTlidGd0QzBFZnRTcGxPSHpicm1nMVR4M3gvNytTRlRGc1Yz\\u000ac29yejcwTWxIZE43M1ZjK3B2a080LzM4ZVF6SEFqdkhlTVgybGFMT1Ntb2Z5Nmpw\\u000aOVBWV1RMWFJmSi9kOTRNbmhaK1lvQ04vSVl2cWsyTzlPcDlzWnY3SGNHdHBMYlFr\\u000aUkh3WG9od1VpSFRxVkhEQVVxbEszUkdHdDk3ZHZJY1owSUdlRFJROGtULytCUTZ4\\u000aVGpxN3pvQmpMaGwxT2M1cUxkYldUM2FLbVNoL09Tb1BPWlR1OG5QYXROdjFIektB\\u000aOUE1UGovaDlRTCtGeldrMXM1MzZYRzJHaXRwckdiMERQaUF6MzVaU3dCdVpGbFBs\\u000acmpZbVhONWdsOEpwSVh5c3R0SFdqNTVDSWlJbHYrSnhGOXBGaSs3M0pHNkNUVkNa\\u000acVEzM2p0SmVWLzVsTnFJcGhUUUQzcS9rbDlGNTNPMGRQa0UwM01lWDJkS3p2VkV3\\u000aYldDbnNQMm5rVEhDMDloVDdkSjhVU3NMaElCZnZ4dFJ3VG1nbnRoSE5seVZrR1pK\\u000aWmxVa21QMXFHZU9tdmU4RjgzYlpSMTBNK1dyZmV1ZEJYbVJZUHgzRW5FVHkvK3B4\\u000ad1d1cVczd21WV2JxM3BsRnJCNFd3eUZuc2NNUkNuSjNuQlJQK3ZCYXprb0hpVXk0\\u000aOEJPVkJvMm0zWFRUVmRVcWRmbksvUlpXc0RhaEZKYnpWQ3cvSTlJM0lySkFRa1N2\\u000aSG1qUkRsMW5aeDdCaHU2WTR2ODZKa2dmSk5UMzRocHlYQkRaUW1YNEh0NXZacnlj\\u000aVTE0cTJ4SWVoUGNVRmMyZmQxMmNkWERvazVrSi94ZWF4Zi9RbDMxRUFzQ0xDR0x6\\u000aWFI1b24zL1VaMGtGNEx2Y3IvTVJ0VjhJWWdjbDUxcHlMbjhnbnh0ZmErVmZpMStD\\u000aQ1kySXFJUkpTeGtmWGgvTlhWam5MeFZaem42d1pGWFZ4UXBBUE03TjR5V1pkT242\\u000aMFlXK3ZCTmRGVExKZkxnTVA2UDBZWFZNRlpUVFRtVE04eWRGd2tFZDF2OUUrcysx\\u000abDRzNU50Z01yaEZVTkwxOVo0VVdSNVE5YTQwSXhhK3hBbVdPTElDQjFuUmxkZHll\\u000aeDdmVmtYSDE2WUV3RnZDVlpTWGRZODdaK3JENmZCbEtKL2lvandRbnZPV1hPS1dj\\u000aTmdEemc2bFoyYnVtREJpM1FlSllkNnU1Vk1ybGIxYk81dGZMa0xvM25ZMXROL2ZO\\u000aWmF2NDY1MnM3K3dRaFh4eVZ5bzMzQmY5d0VxaGxwN2pmcnRmY011MS9zcEhwQ1ls\\u000aOWF0MFdVbTR4UytaN3gybkgxUWtJanh4U3RaUVNmQ21LbzdiN0pGUFloVGg4QktR\\u000aQ2U2VnYzemYrUlloMkVNR0d5RXFMdWIvdG1Od2FnRGdGYXk3L3NEaTNTNnUzSmpy\\u000aQlE2b2R2ZkNrU240cytaYUdqb1I2VkNtUHF3VlorTXZQRXBKQURRUm5HS1ludlhs\\u000aUVU4dUo2MWpZNXpUUE0rUExaYytCNmdpdzZlZmNIenp6ejJJUmRPWEJGNFE0RVFO\\u000aek55ZVFrYTNoUUk5TWtFbnc0SDlZV2ljTkV4NVpKazR2NmJzeVl6T0Y3dVdiMi84\\u000ab09NNnRhWHdOWWFTSWRyQ1JxVGl3MFZOR3hVOFgvNGNwU05lSmNsRGRxVXg4TEli\\u000aazdxaCtXYkkwSnNLdHE4d3c0VDlvN3Q5MExpSTl6RWdjUisrbGVvajhxV2Z1aDZp\\u000aL0tzRGtTNFBHMmw1VFBqUWhWMHJaY1FhdW1hRzU3dXc1eUl0RnM4QVVlbTF6VWxN\\u000adjcydDhSalNnTWdBOWdWdGNCcUNlWjIwZzk4ZThWc1FwQ1Y2SDlpSWRIalZTZkFK\\u000aMG5MbnJud1BucWJPZFdvL2xJYXR4dnFSb2hwWFhyR2loSjBPMEpNNkw4Y0JJQlFl\\u000adkZxSE9qVlRIVGFpSVhxL2dQcThVUzZtcTNIS0U0S2tUR09zMXdzV0ZFRmpKei9m\\u000aeUxmYk5sVklIQ0tRTjhjb1lKdFNlSEZUMTNZdm8reTNBa1VRb2hWTno4RXg1TUJ4\\u000aMkYyeGtoZ1BLdDl2aUlLWXdGRlpOQVU5ZzZDWVRjOVY3WmtHTFRBT1JqQ0IwNTVm\\u000aTnBkSGVvRWpydElMU1lTMjZhV3Q1TmtnVVJsV2dEalpTN0t1UWZuY1dXMjQrOVND\\u000ab0xCV1VzSXhVTWVsZTEwZDhwbGxsZ01YRUR6aWEyc0NEemxvOFdOa2h2M3hZZjFT\\u000aYXBjMk8wTnVmS1p2NEVWMXhzMy8wblIrMHc1b3ZHa1UyY0ZXMnpBVUcwaGU2azhZ\\u000aTjR6QVJRallUem4wajNVa3F3Vkl5dGZuUlRYUzZEODZkTVAxaG9ETWY3N0duMzI1\\u000aRUpKM1lGanpFbEFjaURlRkgvMS93Wm4ybm1ST3hDU0p5SUxXNnJiTUdyV1JDSjc0\\u000acFNyNkZUcXRsVFdNWkExL01ZeEk4a0JlWThHaEQwWGZ4bWdPaTI5NjcxSHI4SFVL\\u000admNLYk8zWUxHemhqaEtCWklEWkNwanlUY3p6VkN0MzVOcXpGUnMzM1Z6Y0VDU0I0\\u000aWmVZSCtxS1RDZEhPK0J6VE9HOVh1am5HazJVb3BkdldldkovdVh0SDlmTGhUQjJn\\u000abUQ4azZSa3FSTnUzUjZlN1NJTlhpejFuc3pqMmo3QTlDNXE1c1VkNThjVTdNRlg3\\u000aMGkzVHJ0NUh0MloyaFNQY1hPNTU3Sk1LRVdVcFZxS1l0WmhQTWN1a2hHb0hVekJJ\\u000aTUV1bDlSYXo5c3M2RndsZHo1QmFvWDZJcW5yd2pGaXRnTjVnWUZpaHJEbmlXUVhx\\u000aaXQyTWtETmFROTIvWUlHRlJGMm5iaUdPWDFUamxqQ0VDMU1DQUwvSWxqRU4vM0ZZ\\u000aOEJLWElpdkU0RTNNRGt0eXJzWC8zOGxUZjN0YXZOVk5aVnFESHMxUmxuRUM4WEZI\\u000aUVFNZXdXWjF1RlZVM3pGOVVlcXYzcTRxZUVQREZ5R2lFN2dEV2tNbW5xYnZURiti\\u000aVysyMVJzTHBpbUphS3dqclRMTWtoaCt4Z3hvK0paWml4c1NxNXgrK0NCdEtOQ3BC\\u000aNkUwTnc1SUlnUnVzL1kwMmxQMWZ5OFVsdjU4eHBNUjVETWRmeHZ1cjlPd05BTTY4\\u000aNi9zeUwrbHVwVDZhNnRhOC82YlNPVWphNGRtMXgxWHBhWkZ1Qy9EMGxkU3ZPdTZv\\u000aQmhVVUtuYXhCalpIeXl1UkNQVlpwY0tFZDFkemE4THdJcjY0Q09CeDl5OVJSZTlV\\u000abmN0L1dIanlQSnZsWWx5OTBLZ3JFOWYzMUdkeEFoK2hHVjZrbWhIUUhpRnB2ckRi\\u000ad05tRWdhNzZlTHRLdHpGNDh2cDdZYWdOaERjZlBCbzVJMW5pOGxZcFFDeW50WVB1\\u000aWnRIZWNyNWFDQS9RSWpGZGdUSkRXaGJkVW5rbzgwa1RGRTZ1czByVUNuLzNrcUhK\\u000aeC9Lc2R3S0VxQ2ZzNUVhWW5LbVhvQW5HZWZYYVdoNkU4Mm96Tk5qVzhBSUpJcENJ\\u000aTTZrbkFjWi9mVGVjL255azZmTisyeXltaWFXWkN1ai9lS0piMWZFK1MybWxpbjEw\\u000aM05oWmtNTkJHUDNqTUF2K0l6dGVuMFFDazdySmJ6cmlTeUFGYml2aFB4bjZqQnlx\\u000aaTJKRU4xd29KOU9MYWwvaURBSXNoRXUwQ0dwQ1JMRnUralI5WE9zdktjNTdGVVo0\\u000aSHo2Z0ZBYjEvNkszWnNWSXRGZElvL2tmbHJ3Ukttc0hTN2VuZ1phOVdYSVFHb3FR\\u000ablVaYXVjb1JRVWEwa0haN0UwK0szNVpZa1lZVFRwUHJuQWhQbTJBaXdmRUpzVmQy\\u000aM0tnWUx6QW9tQ0J4Wm41RkFFd3lMVUZSTFAzOGRZR0hlZnhyR1FiemNzOUtpS3I2\\u000aQUFVRTVSM09yMHdDTUpLV1Jmbk9QZjZQdmtIdlcrSFZhZStBeEV6ZXF4TzFwOVVU\\u000ab1hoVlcra3NoRzZ3QTIvL2NkR3Y0MHJrVEh1RFE1c0Y3Q0ZGckNodlJZb0MwMzJJ\\u000aS01qa1Rzc2FKS3dqSEZlSVMzc0tjbmdEL05WR3pTK2xOcGNwSDg2RkJGQTd5SzNq\\u000aVzBrZHRmblRaLzlSSkNXblV0YXFpM3BFaWFlak0rbEs2cXRuVzdVcHhVV2o2K21x\\u000aZzNtb1FCUjZ2Yk4vS0xrSkpsUjhsUWNnQzVLamJLOUd4YXpGZlErbGprcGhKRHBi\\u000adERUZThEZ3dBSmlraGlZT1YzYjU4aTA5MXo1V0JZSmFtQmxodS80MzF2TWIwNFJw\\u000aVVdOSlphSEdySWdCNXNwdFV2SVNxSDRBYm9xN0ZNMVZjZS9pOXpMcXlGVVhXZEhl\\u000aaDBmTWFKUVp1S3NPNDFmQUtsNHhLWE9icUF6eXo5ampGTnJjZDQ4MlNZVzhrVGlW\\u000aZklEUHN3eFc2aEVhd1psaUxRYUtIa1pSU1JYempUVE4wc1draXhmU0dPTDRYNXNy\\u000adXVuajQxNDJyRW80L0NYRzhwODRWTnBrVmRXYk1USEIwT3JmcDdvQWdiLzFRUlZt\\u000aUmpyaUhMZ0Jzb25sWUJvQmNKaVpjb1ljNFJoVmROSnVGdldUaUg5MWM5dXZkdUsz\\u000aeHhoMDNlUCtTRld3Wm44NDZjZ2lGL1pDZTY0d0tVemNPT0JvbkoyVm1JZlFWYUdq\\u000aTmUyY1ZDZVNhM0IwUi9PZXBBRk1ZQmozTTM4djdabFJRUXJMVnRzVXZXMEtjbnRJ\\u000aaHZWa2NYVkpZM3RRYkFKWm44aVUzWnhiN2VvUnF0MjFGem9raVVWbzV6d0FuNDV6\\u000aZVVWUUEwaFhaN0s2K2RmUnJCSGFaMkRob0RLc3FaYkFjVDhTTExxY3dJTlBsdHha\\u000aWkUrUUdMSGc2SXhHdWZmT1VEaEtmdUtoVUlOQ0dwSisycjJqSEZrZGJRaTl1R0Ux\\u000acWh5WmtrcGhEcDRnZ2Z4RjB6QkNQZWJDOHBXRDAxaEdSUFdDVkNzRjBMdGlQV1Mv\\u000aSnU2Q09MWXZKeWhlWURYeWNFLy8wOUkxYTdYRGFaLzBLSWlhNjY5YWNZQ3pGWnEv\\u000aYkxkZjZoWWg1UHp6RlZYNjI4eUJuRnRvbm9MMGlSdlo3eEkvbXQ1alBFc05CYXgx\\u000abGhhdXZJVXlNVEdvM0xGcHZrYStiN2dYZmFPZXgyajZwb0FDdVVZKzJtZmY5Und2\\u000aWitVQThheFB1N3NydUdCaEpJZ2JyeUx0QlNwL09ZZlIzZ0ZSdjA0a3l2bVdkL2w5\\u000aTGxRanVwQ2JvUm81RjFVb09Lb28vQ2l2dWp4WmVDd09QSmdEYndNVWZ1ZUZLazcr\\u000acjFCcktGdWNzbVlhc1dYYUNua0I2TUxOVDdoeHFqYk1hM3JXcVVFa1JyNXJzWWZq\\u000aSFo3SloxdGZacHVyK1Y4M2c5V01rSkFFclhaQnRibFJMM0UxamNicmdBRXQ5MzZP\\u000aR2U3MndPTUg4akNMU2FSSzVUSHlWZmdiUDluYlcxeWdsNHdIQ0tmQlh6RVZ3bWpa\\u000aSmdKWWxtbHp0SnBNcTZJNWJBc2Y2aWlKNFJyQUJmV1VKbkdGNEhuL1RoYTBVZi9p\\u000aMEQrSi9ZUE1RNWIrTmRvajNuSU15UFk3blJ5WWNNVEpaa1lFSWJ1dzd2MXhxUGJz\\u000aTmlSZkczMmJ3dll3QlBVNTduN2lLZXJFTmpnQll6RFVSZWtmVWVxYWZtUHBPWFU2\\u000aZDBBRDJTcjM4M1BnekhsdW0wWmhEUUlnaThycmkyNVU1eDEvdmEyK1YwZWlCdnhH\\u000aTE40b0dZQjZ4a2ZFa3NNTkV4ZlpYU1dCdzlzVnBMeEVxclVqV1NGdk4xbjV5c2Nk\\u000aTi9JY3EzTDhvWDZ6WmR6bFFqWFN4amZ0L0hMR3FrSTVZTTM2K0V0MStXUFFLcG5t\\u000acEpVVnFWemJ1ei9VK0dpcUhSVGVqRDY2a01lUUJnWHB1djFRY3FBU21Tcmtyd21E\\u000aRmVCbXA0amxHV1NCM0R6djBHb2tvK1VrRWxENmRhSGtjQkJCeTlPWEdCTXhKemt5\\u000admNhQkpOY1E5KzN0SjNnVUI2c2QzR3l6ZGNienhMcWFPcFh0bkkyRVZjYXlLekRL\\u000aZ0E5RGRUNHpva3hTTzhObVFOTVMrdFprQ0hJK2ErQW5iSFRvNlJQZ3JpRVg0TG0y\\u000aTGJsUy9UZjRKbjlHaVh0V2V0UWNpbU12UXJxd0UrbTRmTEpURGgxb0ViRFhXL3Vw\\u000aSDdFTktQV3F5bEhwTFZTV2ZJcjR0QVJMaEl4NlhLeXNwYTJvY1h1UWpzRXkvVmZ3\\u000aQUlyMi9NNVZOR3JDcEdmY2Y5U3U4NTBEWFMzVUg1Ri9KM1ZEWlYwL2tiOXNVT09s\\u000aa3dnZ3VGYXR0T3l2QmZFTnNOeklUd2V2VC9mOXgzMjlyL1MxYlhJbmRvM3NHRmNk\\u000aQnlKWUFROGM4OXFaaDJsSHkrWmRvWlRiTXZESFhKOTdJVERwb2dHOExrYU1EUWhv\\u000aaExjOUhHRFluVnkrRGsxWE56d1RlajJmWS9qZWRXcUxXVDcvNm1kSmlUL1NmZW55\\u000aQ0lzQ01TU0tTZ2pVenY0TmY3SUVyeUpvYXhET1UvRGRpOTBXWjlBZ29MUi9JK0F5\\u000acDZ4ZERMV1BUZGpsa0RYbHRaQlp5MXRmV3N0QWpqM0Y0Sm5xMHBHcDBqTVJNUXg3\\u000aQWtHMGpycVFpamh6NCsvd1lrNFhLUGtsZDlQQXQ3b1lQbHdWRERMSGtIVTBOeXBs\\u000aMTVNa1lvRks5TWhNVWdJZWpoTU1UZER0eHV5Q05PVWkzUHVrdmFFVmN6SWI2RXpM\\u000ad0JyYUpzNjN0VmhPQ3lMdXBuZ2VOajNLNHltSWxhVlpHVUdxWDlrRERzbG5oZmpi\\u000aeU1Gd3lVUERtUFM3VlpJdDFVRjJZTWE1ODBjNXFpZnF2YWxFZktlQmFXdUMvOStX\\u000aREgyM3VvYjRiazMxT1JxUjRvbTNrdzZRSzhkaDZETHllNTRoSFVhdnIwNkZ6SWF5\\u000aNkZNcDZhMUljbnpGT0tremtDeWk2OW8vdFZyWHg0alVnYnNtcDlQaFUweVpKRHFH\\u000aYWFINjJyeEcwZEpkNUh3ZkZkUnpXbnBSV0JEajlFbkFkaE5VYnpLNVRJaWZaZE5h\\u000aNnJ2aXBsUk1ZK2N6ZW9CSTU0VHd5d2FPZ0dCcjJIaUVqRUhCY3pvWXdkSXNrY3Rt\\u000aRjZtZTA1N3U1RS9uMFVkTmMzbENJZXNqZml5SVdDTUxkeFNnQktXalBjSnRDSjRR\\u000aTmFFK2p2bUpCbk13cFI3enhOMU85b2tCWHFZWnozWUFUY1ZtdTgvY3V0NWs1Rk12\\u000aZTkxUlF3MysyL0FTVnRmdU91L1JOMTBYWm40ZldiWEZjcDI3NG02OUs2RkRYOVcz\\u000aNXVSWEhZeHp6OHl1L1k2TitVNzBoOStXL0psRi8zTFh4S3FveVlwZUtXdlVWRG1r\\u000aT1ArMUhhNmxNbm1BQm1Cdy9KYVg2WWN3bk1ibkZuekFVWTJvRE9lT2o0dkt6cWly\\u000aMkZMQXVUSWo1Q0VWZStHa3ZHRU4wTFNkNlZzTzIrNXBVRHc3b0FmU0IrUXd6bzFx\\u000aN2Urbm8vWWtuancwOVdEeEtpVWxoWHRqN2s5K1p1VjVWYWhmczR2bExLaVBPbmhI\\u000aQTFlRHdXRFlVdDdRSDRQUWUrZjhaV2dtcTFaTnhVUzE2Q2d0ZU9MYjFJZXVucERN\\u000aeFZUSFZaVy9sQmlzakFCaEJpY2x6a3cvWTkrcTlEdU1hbGQvU3plVHZVaXpvaUVi\\u000aM1RTVGluVUozUUt6a2lJWityOFJrdnB0WDlnZks4VWdva1BFa0tleGd3bFdmTjRr\\u000aRzMrdDlsaGw4Mm1oZzQ3bTk3Z252Qnc0L1JtOGlaNXJXRzhqOWlEbHJaMkJWVzRz\\u000aMGNmdmZsaUFTVjMzRElNenJveWFFaXBFdlZMTW96a0loTm9OdkZpRXp3NWpUdWgv\\u000aWXB3c0NtaVJ0NDVnUURyUzF2WE9lRzNSdmdPdC9rMXdhUWZIQ0ZjNkFlWVRKdXd4\\u000aWENMOU1laDFhd05qd3BFZThBbU9oK1dkYk92ZklvVXRVcXRXb1pkR0NXdWZoY0d6\\u000aNldESUxpYmUrZ1Rsem1sTitEQml3ZXRNMGt0N2V4eGg5ank5MTA0a2pkdTMydkIz\\u000aa054WWtOaUVsWUNSMnBBSHNhWC9mczE4YjJzdTRUUlRUSG1MWFVrbXdwcmhSUXpG\\u000aMkpVOWlWV3NmbEVqN2d6SlBMNGRyckxsKzkrUUdGUG44VHZFY2U2TTdLRGZUWkNP\\u000aV3o4Y0FjcW9ibVJjNGZDVFRNN0ZKRXVGUklIcXdvaERRYXZlOFJSUG5BZk1XckZy\\u000aTUJOekpUTWllY3lpWWZIcGE2U2NseExoaU9aYm8wbWo4OGpLN2FXVXdqdng2THRJ\\u000aQ3RqbTk1LzZQcjV1L05lUDJORFZ5dXVBK1pCRjl0YXNhOVBLbVY5K25uMUg5bU11\\u000aR2pndlQvUHJmMS9RUGFMUEltUjhOTFlPamdhb3crRUEzWVBZMytIT0RDQzVlRnZF\\u000aOC9PNVg2QmRpTElzVU9uL21ReUZSS0JHNEpySThkSzRyZlJXTmgvYXg3a0h5amFB\\u000aVkNGV2pQdGp4TDJjaFZ5UjBUMDE5eWdGUGwrRVZUcDFML2UxWGo0RjhRTFZzZGYz\\u000aUXNaM2g0ZGpvREVUZ3V0OFZTOTFuSDRnMzJPYjJndnEzOWtQRjNERzRjUU1kRzha\\u000aeFZEaWtIbTJrU0RjMThaTE82RkFqeXpncmp4ZWVaeFhvVzc3QWZGM1YyaWt1Yi94\\u000aamQvOFhJZzFNZHkwVHNEbGorVEpBUVVwOVBOZkN4MmxUNlBuN0dZMVNBUGptSS9a\\u000aUkVJSEdncEx4cUcrSkdBVXlROTR6b1ZnM3ZYOTNkZStXV1JEWWpxaXRXYjlvbU9R\\u000aYXhmVDF5Mk5yeWtib1pXaWNTb3lMWnhZVFU2bktrbTdUb3lMU2F5ZFo2MWhzUlB6\\u000aZXNlcDA3S3NxTU1Zc2lRT0J4VHN5a1EwcHhVenRqczRJeVkxWWtmcUdvaXZPQW9E\\u000aVStxN1dOTEpuRDZnd2x3bklSSUR3aVpuREJrckNZc0JFK3c4QUNoaTBiN3RqR3Qy\\u000aaG4zVmRjd0FabmQzOWo2RlF2Z0JtWGZERzlJRi9SUTBTNWN1OFh4OTNFaGhoOE9B\\u000aK1hTNlkyci9rbTZwTm9NaVA3TERJSk02SmRrVlRGT1h6VWszdzVrS1liQVZwRy9r\\u000aandjRGJnZVlHUkNxVHBmMFBXeG1YTU4zWjZtS2J6MVFaNnd0TGx4L0FNYTA1Tkgx\\u000aYk1zbE14TE1WWlEwdHNsdVVqSWNVamRNdGlTb3BaYzBOOWZDY3pmN3VBMUl4Skc4\\u000adFIwdnltdkVQSGdKVXVSYXhxZ1crSHV5eDd4ZVAvNVJGS2VBZmdNcTBzaS85OHVS\\u000aSFlZZFVORUZSUmQ4WXluR2lqZFlxZ1lZZkNnZnM4bmcyWDlsdnUzaFNIMkdQM2Z0\\u000aVUdMS295L24ybE43ekdjMFdxQWxDYXh0WWdNMFVwMmpQWDd2N2ZySUlTc0sxYmdX\\u000aSnZXN0xEQThJMjVEVDZaVkdOY244WkZ6RWV3VGJSdlBFNk9oeDdSc1ZBL2JwbVBP\\u000aR3prQ3N1V3A5OVhSa2tQQTNaQmluejJ1RXIzQ0NTRU04eitIeTZrV2RRTExSTlpO\\u000aZnQyV3dBWFVwc25tL0YwNmpVZXU4Nk4yWnNMeEN4S28xYnNYYlorKzNCM0NTMFYz\\u000aYXVBYXN5aGwwa1NWczI4eTdYaTFSajFZV1VabHNmQVYvR282SXZyNE5YTklpK1hY\\u000aWVJtaXNRVGI0UzNHUXRvRmhvcXdOZ1p1L3A1dzBmc2lVTDBFK1BDMjRvVkIzNzlj\\u000aUG1pUXUzdTZ5eE0vUVVCVW4vNlQ1U215MEszaUFGdTJEVU5ZRkg5NllEdFNZK0RV\\u000aVDJJVTByK1F2K24rYUJ2SC9xRmVLWXhNZTZMVlF4KzRNTk8xZzh5M0ZvYTNzckZV\\u000aT0R5azM3YlVrQUZWUXNPUWNEV2d4S2l0TU1kbWdpc0JwQXNNeTRXQTAvTnVqVGZy\\u000aUmZWVFRWVjFxWFJZL2dMVVNGbmMxMjNkbW11WEF4UjM1cFVzWERwbk0vallRcHRM\\u000aSmtNcHpPWnZmTEhNVmpVQU05WUtSOUhxSFBxaWVoN1ZZT0t4ZnlTL21ZbnpVWE1T\\u000ad3l1VHdRL0VLaEFkaVo1bHdhYnBhcEYwb1RCWWN3ZkVnejRRZDZjZVgvOWh0S0xx\\u000ab3o3RGpMVVlqRThPK1JxanpVeGJTbThvMnpHWG5yL1B3Mm5COEw4bE1yQlpTaUN4\\u000aUkJuK3lkeHZ0UnRGSm4yMWZMVmlqYzVOVFpDUVZ1bThGUlpTa2FLc2JkQmVERFNJ\\u000aaVJ3NGErY09mc3FPZjNQa2ZScTNraDJ6TUd6Ylk5b1MzWnFxSTJHdGowUmJaMFZ5\\u000ac1VTVWJnVU5uQ0lSR1RtOHE0T3J0Skp6Rk1oYm5Yc0R1MUxJbFY4b3ZTaW9VanZr\\u000aU2I3bnhQUTQxMGljZEt2NkczNmx0VFhVVkhnM0RzMFFrK2Vha3ErUk85clhBYkxD\\u000aYzBxTDhkOUFELys5NFZ0eEZ3a1M4NzltUmhGZDlZQ1FPVU9HYWRXbzJUYnoxM0hs\\u000aRDNUUUVvQ3JkQ0lwdGdhVTZ3WURjZzRtbi9IcW1aK1RuMzFJTERDejlvb2pPM2dl\\u000aYVE2aUR2eTlhVEl2TUdrKy9GR1B1emRHYmhRWmorSFFvbWNDaVMvYWxES3h0c0Nx\\u000aU3RkaWRQTmZwa3ZVSHA5UmNERHorVmlMMUlKRGcwVkg4N1N6VmNjd3Bva0NIaW9B\\u000aZGsyLy9SQ1lwbHFQWGdHbFZSV05jK0w1M3BhVFpPT3IrQXpFNUI5dVNFRDI4c0lw\\u000aVnZIb0lBbGhpZFNDT3M5UzJjdGhqYTk5WlQzREFMbFRYcFd3NDdpZmhkZ09aVkZU\\u000aNFJEYUlpMm9TMVp0SStkNXJSQ21PN1lEa3liNjhkc201UGlLZUVGdHJNYm1mcUNV\\u000adDhSWUNEd0dnNHF1UEI3Z3V3bExhNnhHczNJQTV3VVNJN0FUWC9CME9Jc1NsSFRO\\u000aZU1TYjlVbTdQTGhieUc3T1JKaXNLUjMwWEtkVFVRUjJGMzZWdzErZDVHMTBUWisz\\u000aaE9XSEc2bWlHU2hPZkFJY1hBN205VkFNWXhJM2lSUFBqLzE2STRGeExTdVFDYmFa\\u000aUmptb1hDRGRidHRYNXFqS0NXRDBBTEl3RmZ1VEFMNlVQV0NDYzRKOHpnMnJpc2pm\\u000aZ09tU015RUJ6UHVBRkc1Uk1lZi9DNGJzdHVGd1JDaUc1WkZlNmhyMUE0RkxLODAw\\u000aemw2ZDVjYkQzN3Q3amxXNmIwVHZpaVFrUS81K2dqak5QaXdPTGxPRU8vWHhXN1gv\\u000ac00zWm1EZlovZUhLMDM3VXd0QkRpNTBGaURXSHJON2svNXladnZFL2lUcUh4OHBW\\u000aSjZ4UXF2QWdLRlpFamE1Y0hEcE5MdWFTb0RIMjBzelNNL0NmU3g1SyttZ2c4L2ht\\u000aRHlBbXVPT3RJVnk4N2RQY1phUWcyZ1d0K05vbnN5eXgwR2k0eGNuNWZEZzVPQ0xT\\u000aeC81dm95REJNQnltZFp3aS9QSEtBZlRMWlBlaGlvemRDb21vS01nQ21JQ2tJS0hl\\u000aM2M0TkFTN1B2S1hSWDI3V2gwbk1aNFo5TUQxVzlVeUIvMFVoVjJQUHdLVnpvY09w\\u000aT3NEZk1WWXI0TXdxZjlXTEtFME9BQ0E2T1ppZFJYRnBKN0lUNW8wMFNzNStXZTNh\\u000aa3dER0hRRVhPN1JQc0U5SzloVmJDUDBuUk1YUDU3bFZ4WXBPRG5pRS9lK21MekFT\\u000aVm5rVlYvWUM2N0ovM1E5ZXpQdlE5VzJYcDFRTzlRUjRkVGpnTTEyRVBmUEpyTDV3\\u000aaUxaeW0zeitVNlNpUFFXQTNMSDVOdzVCQlRGMGlGRGxOaEExTVorUlIzRXU5eEQ4\\u000aWkVaV0VMMkIySGR1L1JGcDRkaFI2VE9FZDNTTDhIaDJYcm9pRE1YVnBnWU5FS1lG\\u000abENQMnlDTUNsQkFEcnNuQWVRR1Q0bVh0Rm5aMmVCSGtHNEhTUVRtQkM1NVgzRjMv\\u000aYTAxRmtNcTBtelYwSWVzUGM2UTRVc1lMWHZIQkl4L1lrT2hhTnVMMmprWnRGejdL\\u000aTDFQblRESEt5bWJJcFc1RFZuVDlFU3pHbUlDSG0xZ0lleVRMN0x5MldSTCtBTFdw\\u000aOW1aaHhJS2FxdmdmK29jNWFGaGlQellEaDFjS3ZxVDdHakxBTHk1amJrbDI4QzhO\\u000aSlFXZU9QR0hFVjRsUXJmNy9oejEzK0VrTGRaUHJuM2tJOGVzVStURXVST3pkSXN4\\u000aWUgrU1hpOGhxeGt1ZVByN0Z2aEF6bXk1WWFXYTZJT3JHNkM1RTZNTndCcmhVYXNF\\u000aMlQ5bE5OcG05a0Ywc0o5aTFud2o3WW93S3BnTVR2cWJFWUszTE05SGUzMnhRN3ZI\\u000aN2dncHloVmhBYk85cCtBZHQzT0lsanVrTC9NUGxRM3dnWDNyS1lBM205RWlyaDJ4\\u000adHhQVWR6cTI2NzNabjMwaU9vcWRBQzhVaGZFN1R2RUdMS2dZb0FlSGlqMS8wekRC\\u000aUEJNUVkyaWNwblpyK2dNV2huRlBtN1dXUmNkQ00yOFhsZTVBa3ZoSGtmM25tOU9P\\u000aV0RESStERkRPOHJhQ0N5SzI0QVhMNWxMZWwySTRlTW8zNU5kT1dRaWtidU0vWlNW\\u000aM3Y1WUdSMjB1OHlSajdrZ2Uva2FvSXk5ck8xaFA1MDFxV0xOd2owUFpIZTZ3TDhI\\u000aT1d5WHhnMmZweFRlbjRpUVFRcDJqRmEzR3hJbDk5U042emJvcEVZL3FGa0hjR2t3\\u000aeFk5S3EyOE01Rzc0ek1xK1JaTFYxVFVRV1h0Sk9lOHZWUDFkMDZPRHFSMlZrOUla\\u000aaTRwSGd5Zk9XNlBWT01WcVRGRkpJWU53cW04alJCakV2OUZ3dUluajA3ekpXRUp2\\u000aMC9sdXdaRFQ4R3pEY0RoaHdyWVFFR3BaVkl1ZVlXbkRoZnRxVkloS25zTW5KREFG\\u000aQ04zSEhFTG1VbjdJRVpIdU9Sa3A0alpSc0x6dTliK1RmSDhGYmU1d0pJVHBiSDhB\\u000adzhweUx6VTdqMk5xd28vYU5oZ0FUUmcxL3BERWpOWlArcEJ1T3hIRy9ldVM4YTBz\\u000aeEVETXFTclUxSG5jaWxFSkpMRU9yZ0tURkx2ZDB0eE8wamRGUGFLOGttRWtmWVVn\\u000aSDdJbTNudVQxSjVScDEvRXR1d0E1Mmg3YTVHWEhaTmduR2hzbE9kN1ZRLzBCQ1dL\\u000aNG9OaHBTY0FybUZibEhVMDRLY1V4dlAzV2MwNGZJOEV5ZHdZczFDbm1iLzQ1TXU3\\u000abnRCM1RkUDJOdXVoZlZHQUJyOEF5eS9UTDBSYytZdTcyQUxFZ0w2MkNtekNyOG9R\\u000aaExEVkQ2RnRDM29PQ3lMNXJhbVNKTzVXZ2d4bTA1WlE1UFN0TWx2RmVrNnhnd216\\u000aeUNBSTRzUkc1SUV3NTQvM2N0TjZxUzRYTEFVVWNlRUg0eUQ3N1VyZEdmdWw0dU91\\u000aOGNJZEk3alFkcGZQMW5XSjZRZUgvRDFCUEZOREtwQkhCY3hRbjd3aTBGckZOSTZw\\u000aTFpEeTFZYjhYNHQxaVkvVzE1b0NQUGw1a0hoOGpyeXpUb2tRN3NSbWcvaHh0UEpv\\u000aaHNqM3dSeW9OS2ZWSHMzbzg4dExWTlpQYUNPKzhUWGxlRm5ycGU0N01QZE9ldU5n\\u000ac0luaWk4a0s4bDJ0UUVpMlVpTmtER1pGdGliR2pxdXE5cm9nUWpSMXZMNDF2czBy\\u000aaGdXL1I5OHp4RDgzUzV3c29qQndEWXpPTzBtNDB2WVFFUEVoV0NXV043SlRaWEN4\\u000aMXR2U0hDMmZUSDREa3RjaHkya29CZ28zUDdYTXZPUnYyU0w3ZGkrajlKdkVqVWxx\\u000aVkRFTWRQRDc2b1RYYXh5T3lLUzVVbE4xTDJYbWk3QlRYMmlxL2xueGwyd2VONEx6\\u000aWFBsTmdEaHN0KzRSS1VtYVB4a1QrdlJpdTZ6b3dEV0ZlNGQwUHE2azhRZU1HT1My\\u000aUFFETnhuWHNXUXZoc0UvWGJ1SEl2Y1ptUVlKTjh2bHdGSjBzdnFkV05URWlDNGdJ\\u000aWlJxWHJ1MnUybG03b2RCSVZrdjUwcVVnRENLVG9xS2tkdkYwOVhnKzZsOUNiZjJy\\u000aQWE3d1RjMlU0ZEVtR3VxZ1pyR3VYRnhVZmlKYVR5TFE5KzFLcDNnZFRJQTVFVVRZ\\u000aOUs4cWhnS2lHdjNlQmdIamU1VXhITUMvMGFwWGhiNkFySEM3RW5yOHhEbmN5YU5v\\u000aOXJmSTBjT3RCT1g1QVZsS0xZcVdnWEp1bDZTNmZSWWpvdVVjaVF2UHpBRU1iUERV\\u000aaU95ZVVTQzd6SHpHcTZ4LzlBQXFySEZrbkIxS1lYdFJYWk5zQlNJRCtTV2NNMEZG\\u000aK1B5amxJbVQ0K2pYOFJBVjVGdTNpL09hcjBJNk1NVldSZzhNQ1RsRzVWWDd3cmt4\\u000aQ2pGUW5scGs4U2NrbzlRZkNjb1FsTlhyK1Fuay9rcFROOHJHQktvQ0xZVkpNWS83\\u000aa2RYZlluOXBOWTJXejlYSlJXcXh1dFRoMXU0K0ZZUzcrY2h5b3g0Q3ZHTTZjR1BP\\u000adDFZY1BJMjl3cnlYOTFiMks1MWdOQkNzSThPQlJXTkdkdXhMUzA3aDh3eDFSOHVS\\u000aY2dETm9kWnJQQ0pnQ3ovYjd5R0EyMDFManUySEFqeUR4N0pnOUJzTmJ3dTZnZW1z\\u000ackNnOHpJQjdZOFdsQWZueUhuOWRma1dhNFRZMGx6VEZoUStOZUtEM1RaUklrV21J\\u000aQkpUcitwaW1FWmJUSFIxSk5PeUh4L0M0cFlTem94MXhGYmMxbndMck5rd1lyRElN\\u000aM3YxaDQ4eldub3Zad2hIUmk5d1kxdngzQ3RiVXVOMVYwZnVGU0U4K1pvYmNaYzd4\\u000aZDVNdUJ4RW1rYUFneWJSQ2JSRlZvUFgxdjdGMklkZGd3TFRYM1ozSGNZdG85eWJM\\u000acWowZ0FNbUpadTJGM3pYUkkxUFczc25STFpubTd6TnBCYVUrL1luQzRjSUlYL0Er\\u000aMy9zZ0tYeDR1U2tqTGlwN2lTU2xoTTRmZFQwcFBSaUVoTkRyTG16UzErWmM1UXpN\\u000aaVVFVGM5L3Q4bFJDa0E1UXhYZkdmZmJvTFNGT2VMNTV5NWEzYXhNMUtZK0VzOFBx\\u000aRnk0cGhYY0dLVHZ6dDcrdXRlOEVUdWJKUUR2cStFUnhTeWkwWm9kK2RyTC9zSmty\\u000aa2tMRnU0ZGEzOTlkS3VobGRMekM3MlZxS3VDTUN6eGtOU2NOT3ZRSlRYVHlEblkz\\u000aa3pXRnFKK2l6SXRvTm9ydVRNUEJTNkpOMEJWQmlBOFF2bjhWd1dyOXEySDBzWlJ2\\u000aNWxsUkZZZnM1bEZ5TkI5bkpONnVPZ2JMU0pNSm02ZGc2NHlITDdFOXE4OE5rZDVx\\u000aMXVhY21pd0VUN0VzVGpSUXdLMm5oN05lMC96VGVpSzdiVG1RMW1KUGpwZEEycXp6\\u000aZ3lIRGoxRVlNenhoZFZIb3lHQW4wWlhDak96T21SR0F3U05pY3VhR1I3aERpRzNU\\u000aZllxSkxLWUorUHBnYTh4NlRha0xwcnZyK2F4c01wSWNPWkFpQy9jQUV0REFQV1lN\\u000aQmZaeEI3cFdSR2NqVThPbDhzUnlwTXZ4ZDByWlpoZDR6K2NSQ0p4aEM2RDl4blMv\\u000aVHd5MWVxOFd5TmNLdDYyRkVaU0dMWXFCaWVUSUp6ODRLMnpTWFdYVzBDZnhrcDVu\\u000aZXlnbTc2eFlyWmJLUndPcmxuRVFwaEVUbVl1SzB6RjdtOERKOVBtNlBNeVl3SVVP\\u000aL2t5aVYwU0R3WW5CM05HMFdSNEtFN01jOUZOMWFtM3l2N2IvOFBPRWlNVDBpK2o5\\u000aWm5lajRMT2ZVcnVVTDBqc1UyRkxSLy9RVXpaZUpxL2NaenBKc1VEY2ZvcW1qNERI\\u000abTk1YW5IQXNPdnZJZXBqdDJsQ0dLZVExRm1yb1h1NzQyc1BQMndySmtyMDd1SThM\\u000abnN0R2xucFNPNzZ2ZnRDa2kvYjc4THJOc0VIRm42ZDgzM1JXbzUrWVhaUXllWWUw\\u000aUEovWUpad0c4bFkyRS9YZWFrTjAxSjJpT2tNK0lmVkhnYWsvUG5PRVhhOFFqOXdu\\u000aejBNKzY5eVFGVksyVDJxRW5PUmtEZmtacFJtM2x0WXdqcFhCbDJrdDVKUE5qVStH\\u000ad1A5SjJHdExWR2IyNmJleCs1QmlVNWtxbUQzaGdHUlRsVmp1WXFkS3pYL3Z5bVJP\\u000acm9MZWhHMEZtMjFpYXFvZitQd1I3ZmlOUHh4WitLa1Axb2JGb2xDalo3S2o0OWdj\\u000aR1JNSnE5U3lya3BWcVkwS21YMGw1SnpERE9QUWdiRDhlRlQ1ckhjbFc2SHVCZFdB\\u000aOHAyckhQNG5BaXhiazIrSGRsMG5Rd3QwalNwUHNsSmJrYkpYQWtaZnZJNVVwU0RY\\u000aZGpRQmlXOFNJRWY1QXhPaUFveEdGQksxKzZzS2xJMzMzNCtKYmlSOVZDQlE1akQx\\u000acjM0MnlPcDlzc2VjZEFGVmRNQXZOQk1jQlQ3Nmx1ZmVlRkNCUFRQOC9sZFF4dmxy\\u000ac1Z0SEZoRHBHa2FYSk9hck5TVlV6d25uU0djTTZUMEM3ZTJLV3l3VUpLb1pYdmwv\\u000ac3czdG5KaFhTaDE5SUJxS3BLYjBTV1piTTZFaHlPTmZHc0hqSkhuR28rVHlBQlRu\\u000abWtNY25tTkxPSjcxYzNnMjJKdk8zS0diMGRQZTNYMTEyS09LNmpEdFZPVjRIS1Ax\\u000aK3UzRkRCT2pqYWU2SC8vYjN4RVNXWTB0VmlNSEN2YUVVYkhKL0dyQXpNWElwNTNB\\u000aYVRoSXEzVlVOckJlTDVraFFjbDl3ejcxM3JLRHkzSG0wRWxnQUpYSEt2cHpYS3BC\\u000aUm1pUDFJVHdRQ1F6L3lTREF5ZldpK2pxT0hNdUxaR1oxcW9qT3V1UnhIdWFTeU95\\u000aQWFwU3F3TUtFQTlIeGlZeFB3UUEvcHFySENJS0JDRWtSUnRrNDloQlY2VXdsOVdv\\u000aMnlJQm11cC93UE9rRVVRRW9NckxKL1FMSlZyUzd0N3BaRkNXdmdwV3RoZXcwMjBj\\u000aNTQ4QmkreEl5UjdFeVFmaXB4NmFtM3JzUUNLdDdMTXIwTXkvNVBkL2d4bWVNRjlG\\u000aUmNCdUtEQ3FlWEwzeWZWZmhwMjZQQzZTenFBdmJsbzh2ZG9EWXZKenFkWGVlMXFw\\u000aYzJmeHF6bFBkMXpicEJzeTh5NjRMM2V6M1NqWDBubnMwU2NvaVVuQkozci9hUG1E\\u000aR2tzUU1UaFBlbzVOcWpVTmc2d3FUQXlDMThqc1ByNkd0VXFMQ3lSOU9UZW5RaDdM\\u000aNXVSK0FMTVRscC81N1pMMjJkc2liUUJEdmVhNEtISGhzWjZzbDBGKy9YdmR5a1gr\\u000aZWU1eExVMnFES1RlRVkwNmt3elNQSTVxWkYrTXRtVVJTUWtoYVRuRGJYRy9kd1Ir\\u000aaHdRb1RQcXpBeURLRi9ITmRZVDdzM0lxYS9zQkEyTjJZVXFJbElId3Y1TUFGclE5\\u000abXYwbFhrc0FHbzF6TUpKdVRNUFY4alFmdDh0NFB4aUY1Uml6b0s4cWI4TjBLK3RQ\\u000aTGRJdWJtcnlJRitYSXhkV0t6NDhvMWR5MWYyalFIV0V5eVJNZTNvM2NTSCtDRU5S\\u000aanM2aDdPUjhyekd3ZFJxVmlEeHRtR3FMc3lhYVZYWUoreVZ4Zm5kNmg1RGNTNlI2\\u000aclAzOS96WEtSS0dYU05zd0EyMjBjTy9ER3VsYVdtT0pLand1TkNFRHpFM01sWHc2\\u000aLzB1cllNUktsVUVVTmpDTVVxbEFPSUJ1Y3g5YnhEYmpzU0lHN0wrSDUzSFFXZnI4\\u000abVlaOXhjYnFidXc2Yk1PQi94Z28xK0RyZkQ3VzJ3YVdoOGpKUW03NFN1L1ltQldT\\u000aUjBOVEQyNXd5R21zTVJOYmZvS3VTbUZNM05pVXdOcU40eVNQa1FOaTZod1ErNmVC\\u000aT2lPcmY3aDJqdE1VUU1HVFk2dEYyZzhzUVRRZVRVa0NqRkordExVVXBlR3BRaTE2\\u000aKytHa0UwV1dJWlBzeGtuT2Q0U1lXdHZBUWxBWTV3RXlTejFYQVNLNU45cmx3TldX\\u000aWE4vSjVIaVZacE5tVDUycjkvSTlzRlhpeWN4d3NPL1prd3lMeWFnaUw1cE9hQ1g5\\u000aUzJuNmVDcmk0cjBpcUtSWTE0QlhaZEdrNGlnbHpQR2tPMU1zc3JEU2FsejZIdGJY\\u000aMWgyd1VSMHdTZGlETHpUc3o1QmR6USs1ZlVwOHMxNkFicWlxQU82Y2Y3WlpPRWFs\\u000aOFBVZlI1bzZQZ2llZVFqN1lQUjdqcmVtT1RwUDZqaXZZLzFyQzBJYThLQ2pyNzF1\\u000adVBEa3VVVlZ0MXJiZzNZaCtWVE00aWU5VS95U3lXSFUwejZIbU1icHZCZ3AzUTV5\\u000aaXN2azdtVFFDdE1uNkR5VTlKSWlDRHBhZWVGUGpaVWJiSXRqbytiWFV2SW5ZbUxu\\u000aankwaUVJYW80YmhOcERGSjAzcnltQ3NMeTRSb1ZZczQ4NWxMd3hEcEFLbG4vMWFY\\u000abUFiK0p2VFFlTE1xNmMrRUtqR1FITXJycmU2T3VaamxiKzRDVVlBYkdLclA3b2Mz\\u000aL0tVL0JrTGVpdm9lQjFXaUgvSHBncDZSNVh3VTNvUXBXTUtlc244UkhMU0NsYWUz\\u000aaW5ic2FsNUpGK25KUDFSaXZldnNya0IyMWU0OXcxU2NIbmJVdDgrZEJJc1ZqOGhD\\u000aT1p2SjdqTVR1YUJteDV6UnJGUk9OSHJuTjdOMlFPQklpUmxDVFRmSUJTci8zdkwr\\u000admxObm9GLzlMcTU5c1gxY0JrVk9qQmI5cEFJRm85TnFRMHFLdGw1YXZiSkxXdG02\\u000aa21lei9xcG9HT0FRWnF3VE4xeHpwTWtSRTBpVExPQk50TkcyazM1RUJwUUI4WmQr\\u000aekFJM3d2ZGFPV3FsRk1oSHVQTHVTejliaHhEa1RicTVwSzhMWGxNVldURFVUM29L\\u000aM0g5d1M4bTE4aW9IRnpPUUtSMnVXc0FrZ09yMEt5b0Iyb1pEN0cxejJOYWNLTmgr\\u000aOFlyZXdOanVnZTBSbDJaWmVSVkNLc015UTRqT0diSmV5K1hQWkVyWHRGNWtsMC8w\\u000aZDdMT3BVQjRUcWM2NVp3NmpBOTFRK0c0dURuN0xicXY5LzVoUFllblBHeHM2Snhl\\u000aQVNhTW41OVR4L2JYUlEyQVIrbnpyNDRMTG9xVEN2dzJCRzJ5ZlBzb3pwZlpITlIv\\u000aMWE3cGRRdjdvVzhwdWV2WjYrb1p5R3p1NDhPRmRTZjFjWnNVMUhXdnUxd2J0blgx\\u000aSGdFWU1hNm10MWR4WjlNMktzMWpMc252eDdyTjJBMHlUeXA3WndadTZCQlRTeHVS\\u000aSjJiYjY4THJFZDlSbU9FN0VKZkhpZjB1a0tKWnIwZndJM2o5bkNnWk1hMml2Yzk0\\u000ac0NSMXV5c2pWcGc3d2FoOGUyRkg5cFN4U2VZa3RqVzBnY3ZvVndLNmZiRThiWVp5\\u000aQU1DL1A0Z2JxSlRIWkZzeVA3dVVIaVhQdXoxTEhnNXdOSk5BdXYxSFEvVTlLQlBF\\u000ac1lKd1R3YmxEa0RqK0RCbE4yZEVtVHpaVkpWbGU4SGlINGhzT1NoNDQ1Q2xHREFn\\u000aL2hZTE1kYTBqSDJaS2NneVZSMnhNMVlYd3NMZTR3QnNBNUdLRkJTWERFQjZmMkIv\\u000adDJIU3VZczFmNldpbEFEaDBqaU1JcllTTnM0Z2tOTFJYU3IxbkxpaGxMV1FWNzZk\\u000aU09YOW55MTJONFFwZ2wxTzVSSzUwWjB4SktNNE0xN09xZldHcVVFNnlSYWx5V29D\\u000aakFjZzhSdE5TZzViSjhDUnRQaFJFcnNZeE51VzRVZHJSaEk5dThxU3dERTl5QmNQ\\u000aUWoyUzhodm9FYlRMbXV0SW9zRXdvdFFOeXVvU1NuN2lVQXJwSWpuVzhLc1U2VTAy\\u000aeCtzd2NYSDl4VU92ZE9ZczhCWE1tSC84bXFxV0UzMkpVcGJGNUlaWEw3TUIzMEc1\\u000aTTg2NFZmWG5HK1FUbmkzbFlSWEhyd0Z4R1FPUTY0M2hzVkZDSVVvYVhiczRkM2RE\\u000aajZPUVZhVGxtM0k4R0ttYVNNSSszR0pYNWZFVHNOYkdGcCs0ZStNZEZkak1Yb1hR\\u000abjZjSFVGN3NYd2FIVVRtekphNDZaZDBLSjVVeEdicU1oMUo5cWJLamUvWWJzNjNZ\\u000aTjAzanNWNGljZy9qNngzb1VvRWdnd2lDSW1td3pIbDZVd20zNGNmZ3g2WEFJM3BW\\u000aaTIxMHhBTll3K2M4WDNPbGxnbHlEWjlaOHE1bTZOMnV6UUZMTFRDYzVIUVU2eWkx\\u000aU2g5d2pjOUdkakJSSDErdFZ2cVVDbnUrZXZNanBZL1A4R1hDZXRIdEhGa2xER3dF\\u000aMnNQRUI1WkZVZFkvcm9WeDdRczVSWVpkMVdOVEovRkMxRk1YTkVtTkNqRFNUUk9X\\u000aVUZlaHF2d3RjUmVQVHdkdEdjVWdONmVqSXBOdTlzSWNoUFI3UkVOYWtRRWR2UERF\\u000adWl0dWpQc1g5a2ptV3A3TnB6MU1XQzV3MGlEOXdLVkhHc01jWGF1SlBwVFVCdzUz\\u000aS2M5RTNGc3F3Q0J1cGNscDRZMWpzRk94WkYrbTBweFlnSUxPS2JSTjBjZHFGT2ll\\u000aRzhKcVJidXBpaGovOEpwaVg2RlI4dWxXSXZzZ3RSU21pSVZodlo5L3V5cjVXbkxJ\\u000aNklDV1hWVHRWYVY0clF0QUFSV1VlY0JYY0FXRHcwOEhzL0sydGpNQ0t3WXIxYzg4\\u000aSU4veXdaVnBuT0lveHdxNU9wczg3cnBqS2hvaHlCMk9ORUlNZlBEM0hYZG9OQWRY\\u000aTlF0SysreG4xN05XNHF0WHFxQitFeFRDNWRGQVpvT0I3QnpiVFdKbjV4NGMvUTNw\\u000aeEMxY3Q4L291ZERnQ1drTGZpT0NYWEwxbzlqRjN4SEsvL3hhMEducFh3Nm1IRndw\\u000aNW5XZk5UMFFDSmRJcWRrM05WbklIcTJwRmhSTDFwSUptdHBTOUNuSlFiNWZLVkcr\\u000aNXFTM2pXMkNzdTZTTWFiSkpNQm5vT2l0cWpTRzJxL0pIMENKaElCZk5IeXVxK1NF\\u000aN3FhaEJmZ2dtNlRQUkMzWXFjc2V1R2Zqa1N2RnBXN3hNU3c2QlNvZWljdktVTUNp\\u000aQW1GQVB1MXBNam5MMUp3VkpFUkxHcVZrVFdZanZqanduY0pWZWhJQTFNeHNHWWsv\\u000ab0ZpbnF5TDVsSVUySmNYMi9kcXlKclB1dzR6eWxIU0ZXT0FPSWtsSEN6eVFSN0lr\\u000aeFphbGJDYmpjWGRFVFZFV1YxSnJsZzVaMHhNbG5jYnZjQnUyNWtUMC9oYmh0alNK\\u000aUnJMU0dqOGx0Vm9ONCtCWmt4Y1ZTVUtLVGhSTGtKeENBdlQwV0RkQjM4aDh3eWtD\\u000aODVib0ZmU092UWsvdXFWalczK3ZzY283V2NzRmE2OEVKdWN1Y1Y1QzhiOEJ2dFV4\\u000aRWRiUXZuMlNkcjNUTEFqazlsQ2ZtcUM2Mm05VEpHOXVxdi9Fc1BxNmxtWFNLdHpv\\u000aWmo2Z1Z5ZGd2T2FXajZLMnF2R20xSGZiOTlpWkdhWEV3Y1U1bUZGNVBZYlMrdVVl\\u000aTlRPODgwdTl1dVJlYzJlR2dBMVR4SlZTVHY3N3ZuRTI4cnBzQUZycWl0ZklwTXll\\u000aUW10RzAvQU05bTNMelJmT3dLNTRBeEdDRk5CV2txYmpRUll0bUlaa0hWdDVkQS9Z\\u000aaXF3KytQQjkxaWJIQ0l3WnAwdWYvL1AzdHRzVDRHUy9KNjBoZ2pWNEJwek5FVVJJ\\u000aODNkSEo2SGZHM2dlaXlNeGYwd0ZuNjVpd1loc2s0bng2WjlleDVEN0J6Y0U5K24z\\u000aWFVBVkJmcXV1V3d2Qitxb0RBK1RpMVRDQ1gzTElteVM2RkhJZU50Y0lOQTc0UldO\\u000ac3ZtY01mZTlYUi9IQ1RERzMydXk3QzhiR29RQ3JFcllreTRXTVlhSGZScXN2cjRa\\u000aWGV6TGpENTJkbHkrV3UxQVd0YmtxbzU4am9pNzgrYjhhaEREVG5ib2ZFOXdoeGxW\\u000abTdGYXB0Z2NET3E1TER1WDlNTHdZRmM2WGludDZIUGtHMUhoeE1rMGdIRk1xTzJs\\u000acm1lQ09nb2t2MndwYk1MZ0txRUxZR252amNzR3R3WDZQMzlWNnlFRmcrOCtFZzFP\\u000aR2tRUmkvbzRScTRjSm1QZ0x6ajZKVC9FK1VZV2NjQitLaXc4S29NOEJBVGVsNEsz\\u000aVFlhcHlBeUVyYW13d1NGWldKOGJDdUx6WWNRODVEWkxCRy9UaWtDUHA2RmZzQy9V\\u000aNDBCWGdzZ2IvOERKS3U4SnNQRWZ5WEhFR1I2cEZSVHoyVmE0YXRiL1hCc3NMcmpm\\u000aTUsrTVJ3dXZnTTZmQjBjbUh5eXRkbjVrdVBCUitSa0FnLzgwMVRhR3RJUml5UnlQ\\u000aYmU2aXZSa21tY29idTVGc3F4eFlCa3V0VUxoZm1JaE5Ma3EvQUhvWGZZTzdpZnRW\\u000aMkljTmE2QkZQU0NaajZ1SlY2MDBKN2swRjRnZ292UmVWZmlTMFFoSk5TeEZ2YUQ4\\u000aZVRuUHlVc21SWjY3blMvenp4QVFyN0FrTXN1S2xLVlBReVlVOTAwcFZsaGRlNEVH\\u000aalRTREcxTjYvV0crdWN0SFo3Mm1DM3VYQTdoUUVLZEdxbUs5WER6Qmp2MU1UWDQ1\\u000aakhFR3JWbU5GaytKVHJFSkVsdEdRTmJqRE96UklORklxMVgzalRtN1pZTWQ4MVNv\\u000aOS91Tk14Y2hDcXExUzkybHMrUkl0elJJSVRjZVVDMkp5NVdtQjUzUHNqdDNWYW4x\\u000aSThBaTN1OUxUa2djaGk4N2QyNXVRbEhFd0RGMWZydjgrb3NubUZBQy9GbXQ0YXA3\\u000abjRKenFzVUhDV0RucVU4RjNEVVBTRXBsSEY2UFFNc04wd0JnaEdDNmdpTDFVU2ti\\u000aci81UUlhNlZWV1B1MHE5OFdyVlNCT2dnMUxHVVZvUFVXOHdlaWdRelpXYW1PU1hs\\u000aY0FkL2lrQmVaSW9iVlY5VDlDZytWbUN4Ynk2eGhBL2kvRzZDSmVjc0c4UnpTM1dN\\u000aY1did3RyeFZicy82bVhoWGtRZWhCckhTSDZyUTdvckdMakljQk52WXRyR3FJeFF4\\u000aNDRKQjJIdUdyTUR2QW9rSEJCYXMvWlBsOGdOTVZ0L2ZqQm1ZbFdRSi84WFdBT0Rm\\u000aa0JHMG5HLzRBUldUanpkM1lsb2xKQW10Qnp0YkNGWWkvNTlaWFZvV1hBbVg2b0g3\\u000aNUhvZmcrRHdmQW1nalYzR0VvKzhUR3VnQ1BqMFRJRERvUEUzV0IvR0wvUlAyRHRz\\u000aZVZ3c0pxak1UM0tWYjVTTHZkdjNLWFJXdVF4K2JNaVZCckZQSy9uKzhZNTJENjJi\\u000aT1NPZHVka01jQVVnaHpuRUpNWUJPZGtZNnplUjRLbnljVW5wc2xiTXhVRUtsMGht\\u000aL0JiM0FCUWdzMXVGZmg5QUVEUjJ0ZmJKNEd5RE5lZSswVEVYbDlTRHFRazB1eFAv\\u000aTEFMTUp2Z1ZPdHZqaVg1bjQ5a21icVdQbldWRGo2OUxPNGgxN05IWFNhQU9uNHk4\\u000acnVrSnh0akw4VTZLdTNST0tjMnlEZVpwNUc0V1dUNVVndjJQSUdyencyM2FqMWNj\\u000abE0ycmpqeFF2V1RQS0cvaDl5bm9GWjMzWm5LNkdGSnRYUTJFQ21VTGZ4OVZ3UDZj\\u000adWpzdVNwRVQwUlo5NXk4Tzc1dmNBRnhXNnpubnZSNkkvRlBxbHE3MzM5UnBJRUFH\\u000aTFRuaUQvZkJLSi9hS1RyMXlaM0IveldiVmlsYkdYWlp3UW9uZnptYy9qS1orVTl6\\u000aWXlTMTZ2Yy9TV0k0aytiQmpNM2hoS1pKaWJFeGpGalpIQStVU2lQS2Z1VDV3T0tx\\u000aU2lsbWJLcWJNbWtNLzNKelZCTlJtSnZwNkxHdnRJdDVJMkYyRS9DTXlPMjRHQ3RQ\\u000aajdlYjlYNlA4cUd3SG81VHlmWm9Vb2VPaXNMVFFmZXpISHhXUHFGeVdKY2VmSE9B\\u000aM0VjVTgwWHhPdlhyUWlKR2laUlRWWVB6dnAzU1ovYnJRRk51bHM2Rm5FYW1hRER2\\u000aNDJqSTRyVi9TYVFPZ3dRTHdYMEd0MCtvdGRRbjd4S1diZVNHNWhNbzFXMkdFRC9r\\u000aelpJRGM5ay8vZXdkMXg0UGhGekRFcjMzSDVtQ09mYTcvTi9KR2wvYXpFUnl3Qm1j\\u000aTDZ1enBFQWd0YXRrSjViQytnVy9objM3WDRRZml6cnZzQURXVU5uMTljK3ZzZG9M\\u000aelNwUmVzNDB2azQxUk9SakZ6eFEraUZnRTluVXZLSEx2ZnpwSHVkeGZKRzlRZGQ3\\u000aTk9mU2NRaisvTzBHbnhOZDgySnBXZ1p0SnZHRzBGWkZ6Z29aaXhBcWorLzIrRHJJ\\u000aUjRYeUdQa29aVDJLVGYxU0RNbTR1dEhuRkYyRldtV0hxWVYxSjdwMkwxZ01kYW8z\\u000aeVA5TDFFME8xMWNBSVVNaGIvMWhvSEFIbldBYlF2OEJQUnNVTE9SdUI2dENWTGNj\\u000aenlEY3UrR01nYWU3bUdPWERaTmczM0gyTnNmV1RJMWpCd0JSYUhYaGoxUHhJc0tQ\\u000aOVdnWENNQkxlWHdHV0s0WUpDdmNUTjZoUlIzZWZ6aHd2UzZjM0k5clVDc05HaTBk\\u000aWEdIc0QyRWV5RjdtYm96cm9Zb0tSWDhXL0Ntejh4TnI2eitNS1RwSWZmb3QrZ0NP\\u000aaTN4QkJxQ2pLdmg5eTdLMVQ2MkdEVElqUjdOaXEwUkwxTEU0cVFSbDFmNkNWMGJI\\u000aMzQvMzMraERCWnJmREVmekRSNlpSTGhycmI0c01DU0ZiaUYyaXlqY1QycVJTZkVH\\u000aZENwanlHcVZQZWpWT3VvK0JZUkhoZURqVHZwNHUwV0NBS0cyNHViM0VQWnYwS3Ey\\u000aNHZGOEhQclJIcFBSVkNqdUZHa0dNK3NqWWlkeHh4VnBDa2hsZmxZZnJFUjJSMGtM\\u000aTW9Hamkway9wYnlRdEd1dnk3RDFQZ0V6UEhCUUVHSzZhaTc2U2pWNU9HUUdzMzFz\\u000aYzJKMFlRME14Ky9wNEZtb3hvek02bkxrVkNObUxWMStPSXZHaFV3cEFUd25XZTZP\\u000aUFBHeUVyVFpvalZlZXVqa3Q2ejFzNUtVdEo2YVRpMWZxRlRiY2tmUGpaaGt0K2Ru\\u000aTUdmNHVxdXhza0VDYmJTOEVEUm1DUlM4Z0poM05GQ3VGR0pzWW94OVBvWk5BaHhK\\u000abEYzaDhFNk1UWkxNUFRrWHhHS3B0VndqR3IxTmx0VGRycVNKRVFtSUZTWDQ4cUwx\\u000aeWtudXY3WEV0TWxxUGxVUVBrd1l2THhpeHNqTHJEV1R5UG5MY3RRR3EvVDJ0cFp1\\u000aYjc4cXM3Y0NoSFNMVWV5OEt3ejVxS0ZpS3ZBTjBBOEhvalhzOElZa0F0NDFJdVZm\\u000aYW9oTHVEcER2Nk5wTmtLaUV5ckZyclVuZjY4cFNybHNiTHpSTmgyek9DTitDaXZ0\\u000aOTB5S0JXbjlUeXkrdHhIcy9EL25qMzl3Y3ExWXc2VDhlR0txVDR1OExOUGJ3L05o\\u000aMm1ramxQaE5SR0R1SUZON3MyKzlmYjhlYmJQRG5LL2ozdUtieWRjNEM1QWhDbUFk\\u000aYWpzVXA0Q3dpNTVGTjJreXRZZkZ6TTlyZk95T0VlZ084bzdDOFB6WDVjcENIbHdo\\u000aZmtMWHFwMDBPUktXZ0RQQlZnaVkyT2JFaU1CeUFOZFVOK2k0dVJqUjZJUnBMMXlU\\u000aY1F4Z3JlWmVkK1hWK3BwWEtWb1dVMEowR3o1cE94MDRYY244UUh2Zno3MjdtN1NL\\u000aWDdKaVVwY1dJc1g5UmZjdFlJb1FxSkY1endSN0s0WDJYV252NVBtTk9YLzVGU2Qy\\u000abXcyN240WlFqRjZYdFRUbzZZeTF5d2dzOUpELzdnSmIwTkczMjhQcU5Hd3FFUzBo\\u000aUnBYR2RydHY5S21hbzFjWFNGN2drVHZ5RFRScXRYcHYzeER5bXROSW1pUlNOOXlk\\u000abHV4aFUydG50dXVUVlN1WEUrTkJ1QXovQXdPSU05cnNOL1F6QzZXT2hGWkNjd1lF\\u000aK3pGa0FLVUJLUzBvSG4xbmR5dVQ5d1ZqbnVDL3ZhbWNTVmwwWnhJODlpcTc1Tzd1\\u000aS0V1dGt3Wlhnei9YekdVS01NZmo4Qi9oYW40WlE3MFRidHZDNkszYUpLWXB5RlQ5\\u000aby9OazZkMzQ5MFV4Z3AyclZVQnprV3JucmtZUy8rRkV2VUd1cW51V3BrZzZra2Y2\\u000aWmFtbTVidVk2Rmx3WTJIODVxQkV5a0haWGc4RU5tWVBtc09QOFM1TU10bEZYbXgz\\u000adnJUVUlRY2RtUHV4V1RYNlArSEtvOWZyandLMkxFTmhYUXN0aldZbW5VWW93TUZH\\u000aY3l1NlR2TTdWZDUrb2VOU0tGaldQNGgxbUFMNVYyTHZWU0JSYTYxb29mQ3VPODZI\\u000aWmNQbzRPNEZoVlFXeFkrYzBLT0tFbzVlSjZiemlneTVvclM5WmY3OTlQTXdRbVJy\\u000aZmVjWDF6R3ZYMEZTeE9KdzZEM0FVZ1VhR3dSb3M3d1FlREd3QWdmUGJ3bTJLcFda\\u000aK3pGK204cTJXOHlUbitGR3J5czJ2bXJKczRTZ1YybU4yN28wRFRQV1p0a3h6Y3gx\\u000aU1JoUjM3Z3d1NUdreGVpL3A5NVdTeHNVdEozUUd4Rk91dnQ3T284V09rRjNlN3FK\\u000aSnQ5U2tYSVVpMVNGYzVRblZ6Mno1MmYzVStabzlwdlBVVnN2UlkwelFuSU1xVTFE\\u000aN2FwTEdhWGltMm84MWszQ1gwVmRJQXlaYmlGUHVEcGtZOWdvcE1FcjgrclFIQWRB\\u000aMlRZalpwQlhCV3NyNDg2Z202Um5tc1luVXlRRnFTSkNFcWhCUnhXekhBQk5GdVZS\\u000abEF6ZE5DV1Z2L1RLVXV4WmV2bTVCTWNyL3V4ZmgyTDNpUmh4Zm96cU5HMnh1RXFS\\u000adTFSR1pTRWFkVmUwaUdUVlhWcnQ1WHU5QXMxdXY0QlJGcm1GY0FpbWkxQ1ZqbUJq\\u000ad1pPNTVmeUdrL1haNGgrQklkaXJyK2Vxdm01ZmhZV1JKMmk1YmNUUE9WYTFpeXlm\\u000aZUlaNkppMC8wMk1BTVdlSzB4L0puWW90clJXblA1MGJFOC9XT3hTZ2VMRFNaLy90\\u000ad2pGaUpSTlpEQkdZcCszZGFrZ0R5VHo3Q1hWV1FRTFlGL0NLOGpXRXI4RE9ySUFp\\u000aVjNheFBaNG96YVlqWGVXNHNxQkpkTkdkZ1VzV203bmJnMDRNcCtIL2dDbmQva0py\\u000aOVNmSklaaXdtbnpJR1hXVHV6ZjlTV1ljYU5DK3dzTVBpQURPNjJsUDhoN29xWk5F\\u000ac1dpQmRTTEZ6ak9zdm5rM0Rvak1GeFFxTzlGaHF4ZWtFbmtiS0xoTFQ1d0hhZ1V6\\u000aNE43Vmk5ejNRMFI0VUoxV1pHVGF5dDVkVElYZVppWkpyc0dVc3BiVEFQTElndnM0\\u000aais4aXFwL2pGZWNpclpDRUpuOEo0V3R3UWYxYXROWC8yMlpQWWpZb2lqYXVWTm1l\\u000ac3lTUXRIbzNFYVZmVmljRzUrcHQxYm1ReE5rNlh2ZHUvbVlkVUpMSFZ6VHVpcDVO\\u000aYjdId2VYTFo5WjZwSnZMeEdJSndmR21HZjY5a3Ara2RZODhHN3JvQnN0bk9lMVZU\\u000aUjVuR0lyblhJRDlqcXdQZWF2RlAzV3BjWXRsdzJVQStZdUVVRkJkUkpDRiszdkx0\\u000aQ1pyUm4xNnlYU2tRN1FpSmdHeXV2V0p4QUdZRzYxZGJ4bG41d1ArejlWcUlyMUVr\\u000aY0pXcjZtME9takNJOCswL3lFNXdGbjdEbHlWRWxVRW5ZNzdyOGh6QXFJTUMwSTI5\\u000aNUpnc3BGY2lSaTI1eWRLMzE5c3dLc1dHVFEwZ0xFWlVnNDVxWjAyalBqRWRsM2ZJ\\u000aTm90VGl6TVBVWkdHeTlmK2JpOE9UYld6NlF1K2YxNFk5UkltbWx6N1BmUmltRzVJ\\u000aZ254ZUljRkpxcDBacW9WZ3NpeWtyTVdIaUdDVUMzejZ0d2FnT2lFZlU1bXJ0RGJn\\u000aVkU4NkFROVhWZ3hhZitpRzhYb1JVNmhIVkpNM2dhWk9EVmFYY0tiQkg5L1NaN3p4\\u000aZlI3UjBwVnJyc0U1UHE5cGJ0VUphRmRvK2hpQnpxdGRLdEJrUDdjYkFEVER2eHU4\\u000aYjhkSDdhYVMzUzlxS0dmaHUzMW0xK0hVSjZHYmhTRW9sYnlGcTJySVkyV1p1K3FX\\u000aUHVxU3NtV3NEeVRDSGJ0d2N6RVkvOCtUdEhUa1pFYmpkN0F0RGZ6dmlJRW1aazRh\\u000aRFpCdEdYMTc1NlFIb2hJT21KdGVPTWlqSEtqdk1VNHlYZVh3VkkwcFVwc09JZVhZ\\u000aNStSOWVGQVFFZUJTTG9FOU93ekpOYm1idFJvSHMyQVJWUFlaN0lZMUxOM1oxdnNI\\u000aYVY4czZVbnB6TXZNRjBMdGw1UmEycmxwa0NsOHR0a3p3bDF0T0NVYmRmc0d2UVhu\\u000aZktjVllNN3d3bXFQakFRdWJpK2dEcHZrcnVFZTFxekd1NlA4cFlsY28yN1o3WUFE\\u000aL2dzL0s2ZittSGI0VXlpeXI3cklaampSb2c5UWN4NDR3TXF3RWZvbWQwQXFlbWo0\\u000aQTZ3Q1ZVSjFUN1ZwVmYyc0FSWWVnLzAzbWMvTzZySTZtSTVTQ0tKZ0J2UWhvNEN2\\u000aWVYrNzNNbVg3Z1dNUHRkUExydE9vbk13M1V5aEtxODNuV05nSUFhbDZySlhaV1Bl\\u000aYXVVbjVVdm5jeElNZFMzWjFjRndsRHhVd0ltRytGWnJrTGpqWm1XaDRjdzVGOGNj\\u000aOXhSZk93WW5aaTJJMVRUeExLcTlDOUgrak1sOUxna2hoemtWZDFSZUFkcFpZYUdw\\u000aZnlSUzZsWlBWaDZiNlA3a0lsdlhremplcDhkZUprNm5ycWlQL2ZBdFNTQVNUcTdY\\u000aVVVQUEhnSW0rNTR4UWcrdlQ2MHVHY2ZPaHljN0owd29ia1lYMDJ1Q3p0c2lranRa\\u000aRW03WTEvOWRjekx2c2xodUZ0d1UzTWF5Q0QwakRmRkhKbVJCMmVLWmxRZHZmU1A0\\u000acmJ6SGdwMEpzQUJlNndTMlkzdDd2VTJDdklqM3djTlZRTkZCQnZYbmk5SWNxQVNm\\u000aREVWMGhYc3F4YWtQNFAvRTVDMCtkNVR6eDBIRlF6czk2ajNEcnlHNjl4eTByRzBV\\u000adGZLRDBmK3VMc3NQVERybWNhU1ppVXh0WmJqbGtpR0hDU2R5YVo2RlNSYWhMcXpH\\u000aWVJ3YW9wRENDVHhQNXh6WnZaMGIxWDlveWE5c2JRZWFEVEtJZmdmMnc3RVEyZEZn\\u000aLzdCN25lZUxJSVdWTXZvK1pzMUpsR0RuWWpvVUdRYU9ITWI4ZFlIWUJnbEZ6UjJp\\u000aZUN4SjFhU3haQkFQNGFtalErQWp2RDE0MXk3WWsrVnNMeG9jdHcrbzVCRndHOU5m\\u000aVHJzT3MyQ09IckRoZW43TzYwMFNuNWh6MVNhclJHbzBTQjZBOUxJdnc3OUwxZFJ1\\u000aeUc4aWVjaURhRmVVb0M3OERCTjFGRFJyNEpxYmlHTjdXZ0JLQUpyRmd0L1dZMjNV\\u000aSEJPTFpOSHBGZ2lwNnFmNEtTNENRWFFuL1o1MUx3MXhHQUFRSWc0RUxGbjlDcitz\\u000aME94czZkWXZmeVhMWVhiOXkwa3ZyTnZXZDVZUkFWWHZENkFpVTRtOUJZNmZEWFNa\\u000aWm9ma0w5em1BU3Q4anpVZnRPWU94OWVqNzRJeDRQdmRyYmdVV2MyV3hvOWc0U092\\u000aTy9jVlFjd1RPYmFxNkFuVjZIVkl4dGtpakRkeG96dDhYTEJCdVBncFlZWnRWcHJ4\\u000aTGlVb3g3ZGpDRml3cVVYZEo4Mzg1a1gvcXdVNXlYZWwyMnM2c1BHSU95RlI4REw1\\u000ac2ZacW1Qei95bDA1RGJMaTBoTjlBaU9jQStVQ1ExT1ByVllNZ3ZqUjl3ODIwemZh\\u000aTStmOTgvNC9FNW5mVWoxdXlwU3RpbC9tWTJqeWZxd2hnaUpjcFdhWWNZenFQYkY5\\u000aMDVsUkJpa0hNQTBzSGxyeVJpUVdBc1Baa0lxclN1SHg2aGpHSDNGeGpTSnYxZzhp\\u000aVHllL1V4MDBucGVYV1c2ZFg5cGJHYWlOcmZDeGZlOHQzWDcvc3dPTUJyR0VEdEhr\\u000aZWhoWWNybm16U01yZVY4dTV5dDVFL3dmUzJKejNTeGVoTmp5cHhEQUNFSDk4dTFJ\\u000aUUg2d0ZaanlHYVhSQWNqTnVqTTNPbk12NHFKSThzVTdHcE02VHZFcXdrSG0zUjF5\\u000aY3ZhSTRDd0l3d3FzUFlFdUQ4dkIrNks0WGIzQXJzTnd3Qm45ZjZqZzYzZlFvbERL\\u000aZG1zbEJiUGhkdXY3QzJYM21qVnJBUnl4bWdKZGhKckNmbG1hU05rTTIzTWxCZzRQ\\u000aSVR2ZTNhSGFxVnVFVy9jUHVPMTR3alBGdzNDa2RzSWtuancvWTNkOWJiQzl0UHVC\\u000abG0zcXRMQWhSWVJtT1dvWE9malFCUG93WldlMm1RQnJ1TFV1VzhhRG5WU0NTVUNw\\u000ab2lWWnVNYXhuVWpscTAzZ3V1OUcrOVRPZU8xMnJFQkY4cDhtWVA1STU3aWF2enVP\\u000aUjZQa3BWSU5ERVRrQWxqNjZOMDA3T1Zid0IzUk80bDJYTHV5emQxWDI2b1VFUTVl\\u000aamp4LzY1RUdZd0E5ajZpMFE0YTZkZzkxbDBMTndiaGhVbk4wM3dvM3BTRmoraU9F\\u000acUpMc2RUY3pkalllazFlMFlDYU1wVW9ITDlzVkFlcStld1A3VU9wdisxTlF1SnM3\\u000aTWQzUVJnNW9RSzN1NzhYdXNzaGpTZHFpd3RkQTcvVm5SQzN3Mk01bWJLd0VlVGNT\\u000abjl3Ri9GZXBGcTkwQ29wL0hGc1hxeXNVRU51NWtTY3E5dHpESmhnOGJpSmJkVXN4\\u000acU54NFRYWmExZnA2ZU52ZGFzdjVsOUo1bnBmWDZvbjA2MG9CelZvMk9JNXhRMTBH\\u000ac0J0MW5YNWIrQ2UySjk0ekVObXQrYnFLZ0VoNUlzWlZ0YTlhNnYzcWhtYmQvNGJK\\u000admdhTzVmNmd1Y1BRL3JxcjFVbGtDa2dQdnZyWm1zWWVyUDlzeWE2YWhBbDJHaGo0\\u000aekh6eTBDSytEdkxBU0s4MEhCN0tWZFc0dUpxRDYycGlLYkxKVUU5aUhoVTRRVVpu\\u000aeG14eGtNZmJnQS9pdVR0NG9vdy9LOWtIcDkrUWJVazlFUGc5Rno0TVE3bDNiTUxo\\u000aZzdVMjR1N1hTdlR4TUxuMis4ODB6TDNudUJhRUhkYTRic2VDYzBwaDdOS2s5YUFl\\u000aTWF0cWZycjNTSVpycklDZHVETkNhMmRVZXl1d0x1Lzd1Zi92Wm1oVEpaV3c2MjlG\\u000ad2thdjdhaGJRYU1NZ042NXBhL29BR2IwMXJrc1NYZ1hkRjdhc3JVR3YzSGM5ajhu\\u000aSXh1NThqWHh6TGM1d2l1WmIxRFB0OE9mSmdXYTBGeVJKajZBSEY1SEdicWFGTTlV\\u000aRU15SXU5Q3I4c3BGNHJURTVBNjRrb3hqZTNtWGZIVVNVanBUemtLMlllMkpLaFk2\\u000aY0dYc0t2aE4xbHlBblNQTEZ4Tm9sc2k2cHJDWTFaeUdQdVl2bm8ybDdQbFRGblAx\\u000aM1orMCtRMGxCdG02eHZCQm4rUGl5bWxtOWV2TUpoeHNOeGlaN2NZMzNPQnl3NGJ4\\u000aRlQvN2RmUngyUWxxT09BTHI2a1c2ZXI2WUVuQ21CNWdGWDVsSEZML3UzQTRPUFAz\\u000aZ3k2aUdjQ1pPVnJrOTdUQ0NZZDJ6UTVkZVFKSWlKeFFQQnlGbVlQTzg5eU40QlVI\\u000aOWtRVFNDZUdvbVYveWNIYVpkSGwyQ2JIVFd2aGdCcWFiTWJYSnhWRVdac1MrLzJN\\u000aaGttZE5aSThaV0VnYm5odFlXVHUybjhtOGZBREYwMll4UjFjTG9Fa25FN3p0TkpZ\\u000aZE1MZWUyOEMxRk5kbDNtUzVyRlYvclhXVUdtQXAzZ09Lb1NXUmJMRDNlSi9ybE9U\\u000aL1NwVGJFUDVJNGdsQ3AwOHYxOXBMK2krTDlpSkVhWmp3dHd2M1BXRElBekkrWWlr\\u000aZGJnR01uYitYeWwyUDk0R2c0cVk1RTRQN2ZTcFllaVZiVEJleUpRMG9JUzhuUDlI\\u000aUHpwV2NSRjNFOGkyVmhCSU1aYjdSNWtJSVdxa0lMbXJwNnBrejA2NUNKQlNDay9U\\u000aYkYzaVhadU1kcE9udFhMYk5Wc3VGdVJud2FYZkpwVE5LT3U2K2VTcC9rSDE1cFda\\u000adjVJMlFSN0FGaElXSHFCYXo4Z3k0QzdVcS9uVWVqN2ZHM0V2c2ozTVJ4YlNTUjhG\\u000aSnFGZDB4MSt4SzgxTnM4QmlqYUVPV2xBRDFvMU05WEFGTXFWM3pVNEVuQjIwaUl3\\u000aYW5DclBGemJidWNUcVU4RHMzb2k3Yy83emU5Z3ByRHFtK2hKcXRTYXEyNkIxeXZp\\u000acXl6VTd4UVZEczU5VCt0VGkvdDFwalZkclJIVWNWZVZSQ3h6NFl1N1k5TFVaWDA3\\u000aM2o4eXk1MktLZXk3dk95VzBkNWxKVHpkWEpmZkhlQlNhQ2ltMnVwZWZaeTZKeTla\\u000aZWkydDBOMENIUUtzRnkyQk90bTl0MnNUUXFQREJFR0dDdGVRTFB1Y1BOL1doZS93\\u000aZC9Ma0cyNXFOTit2MTJybUNWTE9CM1JiRFpOYnB2Yldxcks5azR0UFF4MkM3M0d4\\u000aeXNIMjNzNWhJOEtvWVVJSEgrQnUvMWF6SDVZTjVhanVXcTNKV1hZVHk1S1crOE4y\\u000aamdvNk9qTENIVzBzUzU5TXcrQU1MajFCaWl2WG5Uc0xTeHBTSVByb21Dei80c2Ri\\u000aM0N3a296akZSOUxLRUJTS0NNK3RxMXA4ZUtTZ3NqUzVuaCtwU2NNRkpxWjdhekRB\\u000aeEhXYVoyNTQ1bWpEdVJOV0Z2M1lsTEhXczZBM24xSExCdnVOUWs1ek05RnYzT2tm\\u000aTzBqOVlVUWFnWjdCMTlUVjVCNDhwQnAxNGdYNS9TR1VmOTZOaWQwWmdURVhQRU8x\\u000aM1JnRU45cWVsazRPQk1icXJQNlZ0d1FPT3BjNXVEWHgzcEdWQkhTejZrb2JRNDV5\\u000aU2l5SUI2L3BiUGlsbjlDdmhNSWVyNWp2YlZneEtCdkFyajB4RFRWWVpGcVVYZVhz\\u000abHRlSE5WN0czd0E2dG9DWU1ZZ3R5UHRtWjd6MDMxZGVEemtwQnBBV21HOW85OVEw\\u000aSC8yV0EwaXNQdVVhbU8zbjFFUG9BRFZQZHF6UFpUOThPeDRjS3kyQmdBWmJBZVgr\\u000aR3lRTzgyblhudE1hWmUwbVV3cnFPbE13clZZNGhlaXY0aFEwOG1VekdkVXRSY0lL\\u000aTGpITm1OcXZvdTdlY2ZHdVhTcnhvMXVJdkdIbzNuVlVZTWc2ZEFRRlpnWUh2ejdZ\\u000aREFKWTBEWGYzTHVFZTR6bVh1azhlNm4vVU5BbE1ZQUlvdEsxY2Z2TDV0bnQ0akVD\\u000aRFFjb3lZaDRjUlVFei9XUXdudEE4Wm5sQUxRMlJOUDY0NXhjU0JOMEVCYUkyb2tB\\u000aNXI5TEYzK1h2UjdxQTB4b3VoNEMrNWZRTnpHdTdwTjFUck9WblYvQXBsMlNaMmtD\\u000aTEJQN0hjWWt2b3ZBYWFick8zeGtrUmtsdFRCd01rR3RmRC9NTm13WW14NTN3U0RL\\u000aUjE3NG1uckRCRDdOb2d0S3NTNG03Yk5iZUZyTE1hdDYwYmZVWWsweFp0YWxuSDdP\\u000aU0xqcURHdmhYQlBDaVFLNzNNVXppdU1qWFZXMTVUWWJDempuMHV0Q3d4Szk4TVlv\\u000aY1lNV0o1UGQ3WG0zejRva2prNDVFTU9DZVRGRmdZclpVNzlWYmdERVFpbUd4a0Ni\\u000aOGR4ejRMZkh4N1NGUXVhSEpNSjh4SUxZTWFSL3doQ2F4ODUydlNRaElJWG0zZ05n\\u000aWHNyeTZ3M3EzLzQ1WDd4OHVPd0p1T29GUGd1NEtNVDBTUkUwSmZRaFhQUDdpTXVJ\\u000aYnRrd0ZXeWxGQno1SmhVMzhzZ2JGdjlaVnczQzcvbnFZVUVDMXZRWHRnbEs4bGJj\\u000aazlUMzU5YVFpclBkcHF3NjA5OFFGVktyNmliTlMySk0wTHFlM21neTBYQ1RTYXUx\\u000aVE4xeXN2SHBpdU1jSW5BZWFyL3d5b1lsek5BZU1kbUQxUTduaWNBK0pWTWM4elJn\\u000aZ1NKcnRoZDZ0emd4NTFFTUNoQUpFaGR6UkpjRG03Z2c5eE9TTzNPTGpRdW05K29k\\u000adjY0b3NZNVNtbDJHSkgzZ0pzRmdyc2d0TXpTMCt1dnYwdGlZY1BoY0VsL040Vlh6\\u000aV1FTNjByZERQMTlUMFFYREMxc1luSS9rZFREcG40WnNyNFZOUzRkM0cwaEQ2Rnh3\\u000aZzlVdXBzN3k0MjRzcmlOWDgzZS9CWFhZTzNBWlZCS3czUlBVWnl1RFRZY0V4cnFM\\u000ad1RPWnJNQUJrVTBuNnBpYVRqMWZhRDJpZUZxcEFycGxIZzdrTW5ZdVN2MVFDekl3\\u000aL21GR0VEWVFqSWFiWXNRelZMRzd4YjJxbkkvTWdTbUdGUFN1VkhKNDBMNzRPYTh5\\u000aSklyeUxvV29ZSDZYZGo2WkdqZXlpT25YcEJFOUgwT2RlMUJJMkJTTjVwWFFZc0hH\\u000abFUzQ1preHdHdUZ5WnVzamVDRW9kZURPQ2lveUJha2kwSzB0cE4wTWZYS0Zubjd0\\u000aVitWb2FXV0dQSEtBa2c0eGJIcjJnYWltWW43UlN5cVcvcUVkdzFVTEgrR1RMQVds\\u000aS0F0eG1LR0ZnNkhtNzFtY2kzNXBGTW1QakROeER0RktZWm40Y3RMZURIR2ZVSEI3\\u000aZlBEOHRjZ0c0VmxTSktwTWVYR2RRT21qMkJubFQrTFYvN2JLbFQ3aSsxTWk2QnVZ\\u000aUmNBbW1GZnU3ZGF2Z2IyVFRvMVM4aTNPdkNieTgyMW16OXNjZllyVjd1bWhYWTJU\\u000aU2ZIQllyeXFtTzlHOXBuSGpTejlsTko0aEdpdU1hR3hNSWhOYUE1Q0trNTd5OEE2\\u000aSW9hWjFWL01BRmJyNXB6RXNlckx4VzdLbld3cjB5WGE2U2hCSDVwSGFXR3hRRlBS\\u000aNEs2bEJKZXpjUlM1ZUcwdjV1SHBQWTYrR2J3dFBUNHBDcENIdHBKNk56dlNVNlFP\\u000aNGVHYUY4b1NEV3pPRXRJVEJCdlBuUWFxa010L2V3Vi9qZldMNVhJbll1aHV2RGtu\\u000aNnZhbTRzenBONWs2WFRYVjh1QXNWY3VaQ3dLRXBKZldSQ0V4dGZqZVIzZ2E4U28x\\u000aeWg4Qm1QSFNBd2FxOUVHc3pBcmdScm40QllKZ1B3VWZ2WkY2c0pIV0pKSm54YUdI\\u000adUNBK1dHejBrcFRpVlJLYVM0SkUvODBHOUxKZjcvTTlvWEVULzFTbWRUaWEzM3lY\\u000abFVSb0xGdVE2OWZuTzhDUzVNM0IxM01HTHN4Wll4aUdTUkpYYkxHVWQ2bnNsQzJ0\\u000aNlh5SUZNdVFtSFcvQVJSNXVNL0o0VStWSUdUZlFPTlowVnZoQStuNlUxNDRtR3Jk\\u000aU251dWROWEpXRk83N0JzZWp2dHMvRWJXNHFOcHE1NWNQQmY0MzFEQ0NoMVJNdTJ3\\u000aNnZUZUJRNitJcllOMGo3aTllcng1UFEvYXN1NkRvMnNRWFZhNTZHVXFNUmJKVUNs\\u000aaFBNM0F0SDFmZ3VucnAvODU3a290UEhkUURBM05hOURNT2lvTEpSM3puN0tiSWlU\\u000aNEo3THFtbUpET05WcW10LzdpeGwwTVlDTDh3azFHOXlnWUhxR0ZsWGoxUXpxTlVS\\u000acHhUU0pualYyTjZOejZmYy9MVW9NR1E5OE5yb1Q5YjhhclNBcVN1TmhCaGwvbEto\\u000aNDJ4QXp0UVdDNkZEY3Nmd2FrUUpGeGs4OEdWWk9hMHJ3UFNEM29LcUMxc05sc2VW\\u000adzVzMWRjK2dodzJKTGRmeUcwWk1yZ3NaQm5uV3RHanhEdFg1WmUxZ0VKbUo3cnN3\\u000aTGsvWW80S1VuWkZ2REF5d2t5VllMY2hwMVJ2ejJKeTNGcHVpWU5sRXRkMHZKRjlX\\u000aR2dkeUd2L1JpN1pEd2tybzYxS3lMallvMVhaelBmUTlscEVqMGRTKzBCZllZUjcv\\u000ac0crcW1qZEZFb2YybmJLRWVaU1N0K010UTdnR1ZGUy9ENmtvWmZNSlM3c0svSTBh\\u000aekVrdkxRR0hTWDN0QW13YXB6K284VDlEYUZxTDFDYjZSNXluUUNucjZ2Vk1QMG1F\\u000aRm5GbURxWVMzY2c4cldyeEdrQmFUcTFDTDZKblhzb0x4dHMxV2N3QmVmR3NyM2Yy\\u000adEZMcXN2TjFHOG9nYm1pN0JDSWthcFdEK3FzRUI2UmtNeStGRVQxaEhuMEZyNEk4\\u000ad2l2YnE0cVpsd0NncHZ4Ui9tYU9iRTZiTjBjK093a1dxcEpRTUl5aDZJcXZsTUtP\\u000aR1d5YmR2aWEzemJMNk5XY05IUnk5aWl0bERzdjJSNy9QMXNqR1I1ZmI1NGRkbXhO\\u000aMmlFVzZLdEFZRU5Bb2VwSUtrWkVDNUJ3QUNYajZrM1Y5dXBNYzcrZnlOSEFBbmZr\\u000aaTZ5amRVa1BZMzVsbmNhcTJRcDd6Q3BWdk1qbTlTK1dtWHV2ZlNwc3EwZlVxWlN3\\u000aNmluZnpncjhlNy9zZDhIc1hVL1BmSDY3S0ZzWElOQlpMVm41QXF5b01YTVVNY3dV\\u000aVCs3RjhnSGl3NUpRcnhELzhvcVhUL3dvLzIxcFJObXF2ZDQreG5hcGtDZnBpOUlv\\u000adFNjd054ZlpmelkrdDZyRmJyU3VWMXZQVHJaSWNrT2ZXNmt5MHp2UmRCL2hna2Ur\\u000aNVBvVGRnd0diSnp0Ylo5R1pYSGpGZFVLWFFKVWxscmJWRGhUTkNoakhxNGE2QzhH\\u000aWWRMV1hxNzZxWlEwWnhvRjJxdUtkM3NjazEvaUxIY3owMEVuRGExK3BXd2VTMVhU\\u000adUZaR1lFTXNGeUptWSt5QmdRK3Z4aHQ2bFArKzZzSW9pbUF4cUMweWU1SC9McHFM\\u000aaFBTQlVpZHppcnlTblZ2SjZmcjI3TVRQUTBoci9JYUFXRlZnUG1yNEdqd3gxdWh0\\u000ad1J4aVU3K0lwUUxNSVVZYU1nVldnaTZvbU5aM25mcHZyYUdwWWxvaE84Z3ZXK0lL\\u000aWFJNWEJBR0Y4TlQ5UG1ZazNXa3NPVU8rVS9XKzlOL1d2algzc2haZWpGd21GYVg1\\u000aWVhyREE1MS9icDRvQWlIMzd2TmZqTGxzd1piZ2o4NVFsbXBydlhuY1dnS1RZN1pP\\u000aSmMxcmhmQnA5ZUhuUm1nQkVyNHZXOGROdkxibVFSa1dhTmxrTFBSeGd5NHU3d1p3\\u000aN1dmZnYvOG5uWEhsbWoxNDVWQ0NxOHlJR2FiM2tqQ1dvQnFQbnh0Vko5VVFNME9D\\u000aSVFhay9mWjJvdDV6Vk92dGhJeE1pK0MzNVAwRjVkUi80RVBaS3g4a1AyVnZ6RkZy\\u000aN3hFUlBSZFJnbjRqWDlFREVZQTJoWVlwRWRLRUdGai9aZTlKRlJrNmxQZjlVY05Y\\u000aRkgxd0srMW5HZi83WnZzd3dSYnNzalZjRXlMODVQU2F5eVl1ZXQrMUZ5UFpKRk9J\\u000aRnVSRm9vMWhaYUp1cGlTdm5yL1VSSXlGWEhMQ1B2Sld5MnZQVzBibVphR1NRVEJZ\\u000aYlRMcVl0UzBvdTJxOHVBd01vZUYyT25FVDdaTENjMVhTV3lFWWErWFJ0MkduMHBl\\u000aUEkxUW91NGduby8yRGlrN3NxTERydnFRbVpTOFNISlFSQVJaSnh1UUJBWDUrNzgy\\u000aYU9uaWN1aUtTbmwyeHFkM2pYRTRuUS82S2phbmhlVXpzdVRrWHFQcG4xbWlPQi9H\\u000aTFNUQ3VaWHRXcjdlSFpFb3RhZ0pOQm9OSlBYdG5KSElQb1VTdHpGTG9HM01Vc3dY\\u000aeFlCMG0xc2FjaTdaRlJ5cU1sMGtvKytlN1VCSEZOMi9UNS9ybXdsbEhaZ3A3Mm8r\\u000aWjZzWERyVXdxMW8zSVVocnRYNkJPYzJKOWladTVaenVRNkxNNkRhY0Z4bEdtcXRh\\u000aeDB3SlQyZkxpblRRU1ZIeDZDeWRMU3dTcDREOHlPd00zUEc5Zks5VklSRm05S2VY\\u000aaEd3dWxyMXBHVTAwTDU4QUVBb2ZxRmt6eEZneE0vRlRBTVZ1NWxCd29QNDYycSt6\\u000aM3pHQXkyemFTcndJKzdiWnd2OHVTMnpKOEtPajU4MHpKb2JOdU9YdC8vVHlMOGFV\\u000aZ1BtVFB2aTV3eDJGMHRVUGlzL0tUemZoZkR1NTExQXJOS2szZXIva1BrUTVmL1BC\\u000aTVBBSEpPQ3crLzh6NEVDdE9tL3g0UkliR3VIbDExNzdhQkh2WDc1TzloYnBaSkhV\\u000ac1ZlWGJOa3VUQjU2YWVoVkl3T3hHQitDeTR5eGZDb1JJRENXdy9oa1FVNjlZUUhL\\u000aQ1dhUXYydE16eVRkOXFsMFlRc3VBR0h3TDJTWTVKeDJ3RjZ6elMwRUVCMGtCU281\\u000aNlhYZmVwRGZnclVleUlzV2Rwc2hrQUQ2T1NsVDVaQTFHMWtpZHMzRUZiSFlxbmJh\\u000aVzFTZUtoc05QamVBcWErWE4zNnFYQ0NVclIrNlJDK01xTVc5a29XWjFqSzZqMkNq\\u000abHNWVjhkVGI5OXY4alVuSEgrbCtrbituaWo1MllRRzk3eCsrQkVMZ0FZVWQ5Ykxi\\u000aMmI3OWYwSnJYc2s4V1psajZ4Q0l4VXI5ZnZ0c05aa3NEWTI2NXl1VGtoNzE3Smho\\u000aaXFaUHowVi9HcGdVaHJDSmdhbVR1WEo1SmdMdEtJZ1Y4WFVQWXd5QWFUdGpvcGJT\\u000aSmx0MDVJVGtka25LVEZidjNxd28xNWllS1ZBUHhvNVVoZEN6a0xUZ1hyWStjMldo\\u000aOGd1R0JPbFlSVGVRbUlHK1Qram0zRGpyMHVLSEx1U2lmQ3JlMXdyaHp6dUF6MTd4\\u000aaXVkbFczR1I2UGVmbDZOdUt5WG1VU25LL1F6MXJNZVVjT2p1UzBmTkdlWVQ5bHNz\\u000adGt0Mm5TVVdKZnBaQzhZRGlPWDd2TUZSUFZOSXo2Vk9lbHJDS0hHMXlTc3Vkc2JP\\u000aVTRiMEg2KzVPVWphYlJuOSt2YnQ4T1BNbE9BVDBEcDJ1TnMxNlBSYjJPMGp6NWlo\\u000aL3FwYjVZMENnK0VlYWFPMGdxdXN0WGdDUHJPbktYM3JLcU4wUG5lMXpmYkZqVklJ\\u000abWk4NjcvRGUyYmt0RThtdTQrWTJIeUg1K3JUVnBkMlRxWExaOUhEaUFMaWZ5NjJL\\u000aWFVjQ3NEanJEMGhyWTdYZzdTNnVjSW00ejNqSDV0amtOczZxMEFqMnhscG5zbi9D\\u000aejVmd2FPUS93ZEpPSjB5aTVtanRjOFBRdnJ6UFhNQ0tIZU9hUGJmVHZ1SmFwOC9Z\\u000aVmpTNkw2NjNxNVVkaFlGcTJlblp5ek1LYUwvU0RmYVhyZzZrREw4d1podXZuRlJx\\u000aYmthVmp5S0FQYlFFUGhvdmJCYW5DajVwUGh1MHJoeFh4T05rbkhmaDhneGxudWlx\\u000aKzdzTmxoeXBSUXk2N3NNSVluMmdnS3dRL0ZCVlZ4SXBRNG5oMUw0ZldOS29MY0tX\\u000aZFBCSktHUUQxNCtPUXRXcVEydDRKYS9KVlpxZVlQRFJxSUtPNStEeUdLemRPK2Q4\\u000adTJhNUZkaUo5UG9SUmJqekszbnhYa1A1TTgvYytCWkdMK1lURmtVOGREZW83L3I1\\u000aeDVVOWk2TEhpT1FhMDZMWlpGQWttSEdMbjhtNVRPbllWbGhzdUVlZUdWU1hscVVh\\u000aV1dhSFppc3FrWVl6am1Cako5T3JsUU55aEhRR3Q1cXFNM0FTandMQitoQ3dwaXZH\\u000aRXZ0aStHdy9IbDZiQlpFa3FoaDlCUlh0TU0zT2d4Rm9kd25nTmpHSUpDak1xZGhk\\u000aTkFjNWpBQWlsUlJ5dWRQdFFsQ2tObHpCV3gyZjhCMDBDVmZQNkwvd1J6WFRFOEhR\\u000aK2JiL0F6SkhCYnM0YjR4M2o1ZnpOS1doOFJZc0x2VklmVkdBUjJEcjlJTUp5NkpP\\u000aTzIzdlRmbWVPcFBudmpvdlhkbTI3WlcrdzdGSElrdU1peENqckh3NTgvQjkvWUx4\\u000aVGRoSzlFY1dOcXMvclA0TEYvMEJVSS8xdVdsa05pdTBJNjk5UHRkWTdzQThNVUdO\\u000aT3VhTTYveGNZN25DMGRjVXRCcjBXSmoyZmRtYmlTM0Nld0VrT2c2L2tQQkNHVHVi\\u000adVNSdUVLYUNWNXRFZktlZEtERStIaTFuK3g0U3h6U09KanhYZUJTb2hEWTdlNVVu\\u000aN2ZRcHdvVEdiTUVHUjZJc0pOaUNzR0dSbkR6ajd0aDFSOE94ckVLRWx1dXQ0Ym9u\\u000aOEo5ejlxWGRVSUtlQ09va0dQNStrWW5BbHBrNWVQNzltM1gwS2dSUW9kSGN1N1pP\\u000aeTRBdm9GTXpYd0pFVDdzYnNaQVB4Z21VeXZFbDVRdzNBQzhBaXRybmFBWm40Sml6\\u000aZTdKSEtFdXpHczlBa0IyVG9hWXcwRE5zbWdzSncwWElTSzFsSzBUWjVDUTlPQ1VN\\u000aeHFZYWNPRTEwa3VTVUtQTUpoTHo5UHhrRDhnbE0vZEV2OWFLc2VqczFXMkF1VytU\\u000adldzM0crZ0cwRkNHajljeEJBa3VRSDZNb0tOMG96VWExUTBxcU9JRjRiRFZJZFFI\\u000aTHE1ODRvbTluU1IvV0ZIRHY1dWxSeTZteWpIMU0xUFB6azJ6K1drQW84TFhRaXpM\\u000aWjZmblFpTEZ6OFVzZGQvTzVIM2xCcUFUZUpvRzRVdTRCMjVuRjhOK2JabEdoM2d6\\u000aK2xTZG16YVlUR0oxWFZPNTdNR0hla0dyZjJRZndoeU1zZFlsZFpQZXBNQnB5YU5R\\u000aOXpvR3ZNQ0ZnYlR4c0JFRmN4aWM5TmdZUWNDVk5xcTBnS1F6SmtxUHZtV2o3WnpP\\u000aMWZJS3Rnb1FmZ1k4a2JSSFRPMGJIRXlsNm5EcldRR2RXbkQ4d2ErNGNLSnU2bkpH\\u000aWng2QWVGdXI5QzJsZzBWdWZGNGlqVGVrcWlEb3U2Y2x3czkzRHdWa2VPNmxsQzJm\\u000acUpUcm1zQy9DTC9oYzZuckZ0RERsV3Buc0Jkc29ydEtxN2lVTGF1ekRIRnA5MVI3\\u000aaTdCanBuMTNWcXlZMjVUVXlSWUovYlN0NWVGR0FINnpQZHE5RkhqTWhyeGZpTURC\\u000aK3NTRUxqd2FJR2ZxWDBQSG82UmZ1Ky9tOWlpRWwzRWxrSWJpYVMycmdFWHkxZFgr\\u000admdBZkYzOWQzWEFTdmI5aElrNXg0OGltcHRtaDBPaHgwWENOMThtNnpvQndKajNw\\u000acmNnK2ZNWHE0UzZMdlJjQTdtV0MwRzcrdVdXdi9GblkxYUg0a3NPcHRmeWkydU16\\u000aS3kwQTJFbWNad3YyZktYdmljcnQ0Ry9yWU1ZZnlic2loQS8rcXhReTlERmlEek9n\\u000aZXZzZTZ2NnFTUE5TY1lYLzlYRUxKMzh2dmpMTTNjZHlQNEJOMVF3UENtRmFrVm1K\\u000aRTNKRzU0RXhycHRUdGdKTERaNW5FYTY4Mjc4dnRJL3JVR3k2OFFuNTJyMHVXc0ZX\\u000abk5obFRPR2RxYzZzdjdNTGdTYkQ3RUVmNWNiVHNKV3JQZ1ZHbUQ1Q2o5Y3ZmRjlR\\u000aakMvM1RiSXFWVE5QSkhhbXpnbUJsSFJZSGJQN1p0a3ZUZDBnTkF2SXllZGY1MkdY\\u000aUzhESkQwTStrSS8xNmF4dm0zSlB4RC9BVHE1Ri9xdmtIWFRUVStCSEtUTWk2dnk1\\u000aMkNEUmh0YkQ1dVNNa1YyQmROK0c5Y0xnL3hTeTc3TjBnTEc4WDZ6ODM1cllYbE0r\\u000aaGloeGx2UWtiSHR0eE9EN3VBYnpFcExEaC95NFFtZVRSK1FaQU9QeUc3azhGdENG\\u000aam5TM0lLWkFTVldFTVVFODlGTG1hdFhMNERvaHlXWnViSDJPVXlGUHp5ZnNvNWNF\\u000aNEpLVnBIb21NVWZWcjk5bUZnVk1ESUdyUEdFcFRmU2NqZ01wRmlDaEFxU1djUWFH\\u000aU2cwdlBrRkdlWXFIek15SENqMndxc3VDV3BIZWlyU25ncHNXa1RLMjFLRG42TDVx\\u000aaENpRk5wM3JWNUJFMkwwcEhqQnZEVmFrZXdqcnF0a1puZ3FKcHhZalhyV0dxUjVP\\u000aV3IraWhxZ0VJZ011WGhkdUxqR2wrWVZkU1d5ZTlER05OS29DN2FlUGhJMTJQRmg3\\u000aSlJoZjdIYWVlQUNPaGZaTndDWitXMndRb3hCZHpwYzltVCtDVlpxOUo2NkNyTlFI\\u000adTBtaStlaVRTdXNEVHR2b3RmQi9IQ20wMXVaZmgxbE1JQWdMNXozSTFHRVcvREpX\\u000aMk8wdWZBKzVPV2pnWFlzOG9aUlRCMnhYOWhmSW81eDREVXNiTFM1ZzgvbFBUVndF\\u000aamYxQlg2dU9vaTVvV2lJWVJqQmpmSWdVTEVURnhMTGtBUnJQTzJETzU1ekJnMi9Q\\u000adE9mdG00SzFjeWI3V0h2QkdrcmRYanlQUXlYYzRJVXU0SzR0aTlPSlE1eVRmWUN0\\u000aY2o1OWMya05BNHlOWmdwd3kxVnAvSytGdHVlZ0xsd2l4ZTRwakR5ekNJSnBnU0ZD\\u000acmtxREV1K0hqOFZWNXMweFFXc1d5ZWdOUUpldVBheWVSY0RGMzBoMWc2WmZGQjNa\\u000adE9RWWpFQnFyVWVZNkJndk5OWU42TWFrUndnRDBja2NDbEoyMUhZNGpvU2twcE9Z\\u000aZ3NUeTNrR1laNHFUelJNY0lsQ0REaXQ4ZENHZm9Cb3JKQ2t5NTUvNDFiV3FtbTdt\\u000aTElRVzJBTG9kdktQbVVXeFhibzN5WGNnSTRKdnFjZlAzRVVXTytjV3VIZEFSN2VF\\u000aOTc3MytSVUV2TXROdnMzWWxqeERrTmFNNzZ0VjhqanhRcFJZNEc0RWRSaUs0MTN3\\u000aWUkyWTE3UWE2ZEs4K2FhaHRad0JtVWpBSVkvREdZa2VOY2wzWjdxaWpJMTMvUnpn\\u000aNXlWcjl4VUsvSUFGUVlhNDlXQ1RRYTlzVWYzeEgzZUYvTW9HN0ZmMTdrOC8xMURx\\u000aTE5YQzUvSGhOeDJ2S09CTmx1RXJodURjYjNMZmJ5TGlRVllEMkhYeGRyTkc5M1E0\\u000aNGJPajRWb0xZV0hndTI5UG9sL0htRHhUSDFwdHBQVmM5K0U0R2RwN21yVmF1bHU1\\u000acXhDOWliRzlKV3ljUUdkMUJuMG9RMjluSGlMcGd4K25HOFlkZHdPVWRkRzRndkpq\\u000aS21iUTl5aTAwYXdUamhOUE9GZXEvejVuVFJHQ3liSDZsWW9MVGtueE9UQiszMkpy\\u000aQ2pBbDVMRG90amtDZWtBUllwbVVxOWhSY2I3c3l0ME1RY1BBZUg0VlBHNmhFMUpN\\u000aYkxpTXdUWVdKNWtTM3F1elp1SkZQSUl4SFp3UmtJUzFjTnBjL0FtSUpwZm04RCtL\\u000aYUEvVmdoRkJpdnZzZnlUNndoNVRybENBcE9DcHNOTlNWbWRLRHF5QVBFTENuaURj\\u000adTRwcmpZRU5JU2tKdExUTVdBSzVCWWdRZ1ZQOVcrekJyMjNuSGlZVnhLWWhjdm9M\\u000aYTh6dUdLYlJtY2xpL3o0cXpmWnk5RGlJNmoxdWFUT1FMQzEvMzIwT2xBRGtSOVUy\\u000aT3hYZFVuSTFaSzFyY0hRZnllS3BsbUFsRTJDM3MzYkFkR3V5bXRKTDQ2M1dqZm9P\\u000aUkhHWWpvZnZNQTI0cHhnY3hFRnU5YVRFamdFVVBNeHBzN2Y4TVMyaVJvL3dxU3pX\\u000aZ0lwN1EvZHVYY1FQb0dSS2JrR0FySnNJVGdVT3BSQ3hxTFlXbk5UUy8xbmxCeXk3\\u000aQVBjcGRaRmk1WjRqM1IvbGJ0T2Era1ZiYmo4ZC8wazMwTnlDVjJGRVZGV2tPbG9z\\u000aNTFQNUNOUiswNUh6QkhQM3V3N3VyODRZYkRGdHd2UjhNM29UMXNtbXljYUsxMkpE\\u000aZGNBOUQ2YWErY2k5Wmh0UWNhbUw0Z1pjZmVpZllHNEt6NWsyT3lpMlpUNkZKOUV4\\u000aMHQ1T1d5MjZUSjllQmlCcGRaV25XZDB3bzZOMU5ST0xLdFY5L052d3R1WlZSRkxS\\u000aRUg1WGNLMnRMcTFWczFaVkg4MXM4R29UOUQ4VkFEaGFwVDBCU0xsR3A4TkNZdUdK\\u000aeXI1YVVwODdPZEl4RCt3S244NTRteVlKaXlVZnIwWmtGNGhoOEtkTXcvemg3RVQv\\u000aYkxIWlVxUXozdUV3QkcvODRuR1E9PTwveGVuYzpDaXBoZXJWYWx1ZT48L3hlbmM6\\u000aQ2lwaGVyRGF0YT48L3hlbmM6RW5jcnlwdGVkRGF0YT48eGVuYzpFbmNyeXB0ZWRL\\u000aZXkgeG1sbnM6eGVuYz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMj\\u000aIiBJZD0iX2E3NDBjZjA5MTViZDE1MmRiNzRkMDNjZDQ1NzUyMTM3Ij48eGVuYzpF\\u000abmNyeXB0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAw\\u000aMS8wNC94bWxlbmMjcnNhLW9hZXAtbWdmMXAiIHhtbG5zOnhlbmM9Imh0dHA6Ly93\\u000ad3cudzMub3JnLzIwMDEvMDQveG1sZW5jIyI+PGRzOkRpZ2VzdE1ldGhvZCB4bWxu\\u000aczpkcz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyIgQWxnb3Jp\\u000adGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjc2hhMSIvPjwv\\u000aeGVuYzpFbmNyeXB0aW9uTWV0aG9kPjxkczpLZXlJbmZvIHhtbG5zOmRzPSJodHRw\\u000aOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj48ZHM6WDUwOURhdGE+PGRz\\u000aOlg1MDlDZXJ0aWZpY2F0ZT5NSUlERlRDQ0FmMENCRlVCbkw0d0RRWUpLb1pJaHZj\\u000aTkFRRUxCUUF3VHpFTE1Ba0dBMVVFQmhNQ1FWUXhEVEFMQmdOVkJBY01CRWR5CllY\\u000ab3hEVEFMQmdOVkJBb01CRVZIU1ZveElqQWdCZ05WQkFNTUdVMVBRUzFKUkNCSlJG\\u000aQWdLRlJsYzNRdFZtVnljMmx2Ymlrd0hoY04KTVRVd016RXlNVFF3TXpReVdoY05N\\u000aVGN4TWpBMU1UUXdNelF5V2pCUE1Rc3dDUVlEVlFRR0V3SkJWREVOTUFzR0ExVUVC\\u000ad3dFUjNKaAplakVOTUFzR0ExVUVDZ3dFUlVkSldqRWlNQ0FHQTFVRUF3d1pUVTlC\\u000aTFVsRUlFbEVVQ0FvVkdWemRDMVdaWEp6YVc5dUtUQ0NBU0l3CkRRWUpLb1pJaHZj\\u000aTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFJSnYwcWU5VWR2RllTTDVJMDJHb2t3\\u000aRVZmc0lHYzdJN0VoVk5PeFkKOW10VWVubWhxTnJMc0xCRmcxSWlQYmswSVNXaE9S\\u000ad1B5VnAvUDMrR3lHUDMzOXFaNjhVQ0dWMzYxRTBRbTdjalBlL08zK3IzSEFNMgpa\\u000aQk44b0Fab0htcGhyTlM2ZktmWTU4a3lndHJVYStaeU16WVdUVGlTMzJTQ004SDU1\\u000aYmx1RUZiZVprc25iUDBZOTRJamtmSmRndnpsCk14enJsU3lvVjJ5bVdCanZTNXdl\\u000abERIZ2JDS3lqc2pJaFRSakp1L29sR0p5ZW4wMS9FcElWdFN5RFhPLzJJUzJ2Mk85\\u000aVWlGd0FveUIKWUFqUG5sM0h4SzJBNTc3blI2M014bGdQMC9zK3I4NHVCcU9BbGI0\\u000acW5icFU3bHU1R3hsQ1BrWm1wUm9vQ1FZVVJpb0Mrd2pTNmxNQwpBd0VBQVRBTkJn\\u000aa3Foa2lHOXcwQkFRc0ZBQU9DQVFFQUJxTzdra3EvZ1JhaEF2cHNRZzVMTFpST0dG\\u000acjlwSVByeU45eG1KR2dQbzdqCktObDdyczdnTlMwbG11bHVZV1duSmN3QVBid0Zl\\u000aYjk1NFZNQjl4OXA5UUV3NVJuWGFtVVk5cWEwTGdjUy90L1dYNnZKa1pQTmhXcGgK\\u000aOGJYd2gwTXZsc2JmcnZEVEpyOGNqSDNxZnhJVHA3cGEzeGIxcUU3c3VSZmZWVWRE\\u000aWGF3aVhYbldKL1dKcit0d1ZWSEhFcW5aejFsQQpyU0RMeE04c0NqRzhEZUp3OHZu\\u000aUXk1bVBHckdWVEJiYTR1cGM4VVRZMW5QVjlVMkdCSlZZdUFrb1ZSamJUbE52ckw1\\u000aSnFOcXlwS2NHCmJlampXeGdyelprZVFlVTJoRmNqdW5tZ3dHWit1ZzJmcTRrS2tR\\u000aZnR3Y3FlSlR6eXpCb28yK09vNFRtZmJzaC9vbnhQV0E9PTwvZHM6WDUwOUNlcnRp\\u000aZmljYXRlPjwvZHM6WDUwOURhdGE+PC9kczpLZXlJbmZvPjx4ZW5jOkNpcGhlckRh\\u000adGEgeG1sbnM6eGVuYz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMj\\u000aIj48eGVuYzpDaXBoZXJWYWx1ZT5Sb1NHTGFDbDN3ZkRXdDlXMm9JSDNUQ3JPTVN4\\u000aL3Y1S0pQV2hndmhWNml2RmZXSWFJeDB5RnV2NVZTME5VZ2FUVGIwVjhUYnNGN1Vz\\u000aRllzQ0xldkVUa2lWbG5OeWE4dlVoL2lYTDYzT0JmdzR3T3pSNVZheVBuaWFwWFdM\\u000aa0RHTmQ5Y3E2QU8zR1JoTWJaZDdma2NhRWNJVTB2bGtZeUJJNmE0Yms4bHM3Mm0v\\u000aZkxKQS8vaWl5L2piODkzQkZ4dk9EMk5hT1pabXhzSlI4YlFmWWpBMHdXa1pBcW56\\u000aN0EzY3lhcHV3aXVTc01wc1hYSnFjVXp2TS9GS090dE1wTnhSUVprdk1RZlNnMCtM\\u000aUVM5M0IxN0ZUZFE2OHNRL3dZQmhubFBEZXFZK0NnY1VjeVYzOVdjTjAwcUtVYmNQ\\u000aM2kzSWRWUVRkcEJQUTdRS01HR2JmS1Y0RlE9PTwveGVuYzpDaXBoZXJWYWx1ZT48\\u000aL3hlbmM6Q2lwaGVyRGF0YT48eGVuYzpSZWZlcmVuY2VMaXN0Pjx4ZW5jOkRhdGFS\\u000aZWZlcmVuY2UgVVJJPSIjXzNmZDM1ODkyZTlhOGVhY2I4ZTA4ZjI4MGE4M2ZjYjc0\\u000aIi8+PC94ZW5jOlJlZmVyZW5jZUxpc3Q+PC94ZW5jOkVuY3J5cHRlZEtleT48L3Nh\\u000abWwyOkVuY3J5cHRlZEFzc2VydGlvbj48L3NhbWwycDpSZXNwb25zZT4=\",\"dateTimeCreated\":\"2015-10-09T10:36:02.075Z\",\"id\":1}}}"; + + try { + java.util.Map test1 = new ObjectMapper().readValue(json, java.util.Map.class); + + JsonParser parser = new JsonParser(); + JsonObject reveivedSession = null; + reveivedSession = (JsonObject) parser.parse(json); + + + + JsonObject test = reveivedSession.get("data").getAsJsonObject(); + JsonObject test2 = test.get("session").getAsJsonObject(); + JsonElement validTo = test2.get("validTo"); + JsonElement entityID = test2.get("entityID"); + JsonElement sessionBlob = test2.get("sessionBlob"); + + + } catch (IOException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } + + + + } + +} -- cgit v1.2.3 From 8f3e8cb7c0e3bd34d64e1d7310c2eecb9cfefa9a Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 24 Feb 2016 16:30:58 +0100 Subject: fix bugs in SSO session-transfer modul --- .../modules/ssotransfer/task/RestoreSSOSessionTask.java | 16 ++++++++++++---- .../modules/ssotransfer/SSOTransfer.authmodule.beans.xml | 9 +++++++++ 2 files changed, 21 insertions(+), 4 deletions(-) (limited to 'id/server/modules/moa-id-module-ssoTransfer') diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java index 9521f264e..6ba29fe3a 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java @@ -88,6 +88,17 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask { } + //session is valid --> load MOASession object + try { + defaultTaskInitialization(request, executionContext); + + } catch (MOAIDException | MOADatabaseException e1) { + Logger.error("Database Error! MOASession is not stored!"); + throw new TaskExecutionException(pendingReq, "Load MOASession FAILED.", e1); + + } + + if (MiscUtil.isNotEmpty(receivedPostMessage)) { Logger.debug("Receive POST-Message data. Start data-validation process ... "); try { @@ -105,10 +116,7 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask { if (PVPConfiguration.getInstance().getIDPPublicPath().contains(entityID)) { // stored SSO session data is from this IDP - start local session reconstruction Response ssoInformation = ssoTransferUtils.validateReceivedSSOContainer(sessionBlob); - - //session is valid --> load MOASession object - defaultTaskInitialization(request, executionContext); - + //transfer SSO Assertion into MOA-Session ssoTransferUtils.parseSSOContainerToMOASessionDataObject(pendingReq, moasession, ssoInformation); diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/resources/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransfer.authmodule.beans.xml b/id/server/modules/moa-id-module-ssoTransfer/src/main/resources/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransfer.authmodule.beans.xml index 62e9ac8fd..349b3afb0 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/resources/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransfer.authmodule.beans.xml +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/resources/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransfer.authmodule.beans.xml @@ -14,6 +14,15 @@ + + + + + + + Date: Wed, 24 Feb 2016 17:25:47 +0100 Subject: update SSO session-transfer modul --- .../ssotransfer/servlet/SSOTransferGUIServlet.java | 148 --------------------- .../servlet/SSOTransferSignalServlet.java | 45 +++++++ .../servlet/TransferToSmartPhoneServlet.java | 100 -------------- .../ssotransfer/task/RestoreSSOSessionTask.java | 1 + 4 files changed, 46 insertions(+), 248 deletions(-) delete mode 100644 id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferGUIServlet.java delete mode 100644 id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/TransferToSmartPhoneServlet.java (limited to 'id/server/modules/moa-id-module-ssoTransfer') diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferGUIServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferGUIServlet.java deleted file mode 100644 index 0bc4a4839..000000000 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferGUIServlet.java +++ /dev/null @@ -1,148 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.auth.modules.ssotransfer.servlet; - -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.util.Date; - -import javax.servlet.ServletException; -import javax.servlet.annotation.WebServlet; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.apache.velocity.VelocityContext; - -import com.google.gson.JsonObject; - -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants; -import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.GUIUtils; -import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.SSOContainerUtils; -import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; -import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.moduls.SSOManager; -import at.gv.egovernment.moa.id.storage.AssertionStorage; -import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; -import at.gv.egovernment.moa.id.util.HTTPUtils; -import at.gv.egovernment.moa.id.util.Random; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.Base64Utils; -import at.gv.egovernment.moa.util.MiscUtil; -import net.glxn.qrgen.QRCode; -import net.glxn.qrgen.image.ImageType; - - - -/** - * @author tlenz - * - */ -@WebServlet(name = "SSOTransferGUI", value = "/TransferSSOSession") -public class SSOTransferGUIServlet extends AuthServlet { - - private static final long serialVersionUID = 3974201828186450839L; - - public SSOTransferGUIServlet() { - super(); - Logger.debug("Registering servlet " + getClass().getName() + " with mapping '/TransferSSOSession'."); - } - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { - super.doGet(req, resp); - - //search SSO session - SSOManager ssomanager = SSOManager.getInstance(); - String ssoid = ssomanager.getSSOSessionID(req); - - VelocityContext context = new VelocityContext(); - - try { - if (ssomanager.isValidSSOSession(ssoid, null)) { - Object createQRObj = req.getParameter(SSOTransferConstants.REQ_PARAM_GENERATE_QR); - if (createQRObj != null && createQRObj instanceof Integer) { - - - - } else { - //create first step of SSO Transfer GUI - String authURL = HTTPUtils.extractAuthURLFromRequest(req); - if (!AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix(). - contains(authURL)) { - Logger.warn("Requested URL is not allowed.");; - resp.sendError(500, "Requested URL is not allowed."); - - } - - String moaSessionID = AuthenticationSessionStoreage.getMOASessionSSOID(ssoid); - if (MiscUtil.isNotEmpty(moaSessionID)) { - AuthenticationSession authSession = AuthenticationSessionStoreage - .getSession(moaSessionID); - if(authSession != null) { - Date now = new Date(); - String encodedSSOContainer = SSOContainerUtils.generateSignedAndEncryptedSSOContainer(authURL, authSession, now); - - String token = Random.nextRandom(); - AssertionStorage.getInstance().put(token, encodedSSOContainer); - - String containerURL = authURL - + SSOTransferConstants.SERVLET_SSOTRANSFER_TO_SMARTPHONE - + "?"+ SSOTransferConstants.REQ_PARAM_TOKEN + "=" + token; - - JsonObject qrResult = new JsonObject(); - qrResult.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_TYPE, - SSOTransferConstants.SSOCONTAINER_VALUE_TYPE_PERSIST); - qrResult.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_URL, containerURL); - - ByteArrayOutputStream qrStream = - QRCode.from(qrResult.toString()).to(ImageType.GIF).withSize(300, 300).stream(); - String base64EncodedImage = Base64Utils.encode(qrStream.toByteArray()); - context.put("QRImage", base64EncodedImage); - - context.put("successMsg", "Scan the QR-Code with your SSO-Transfer App to start the transfer operation."); - - GUIUtils.printSSOTransferGUI(context, resp); - - } - } - } - - } else { - context.put("errorMsg", - "No active Single Sign-On session found! SSO Session transfer is not possible."); - GUIUtils.printSSOTransferGUI(context, resp); - } - - } catch (MOAIDException | MOADatabaseException e) { - e.printStackTrace(); - resp.sendError(500, e.getMessage()); - - } - - } - - -} diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java index b53916338..0b3bd892a 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java @@ -27,11 +27,15 @@ import java.io.IOException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.apache.commons.lang.StringEscapeUtils; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; +import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils; +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.servlet.AbstractProcessEngineSignalController; +import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.logging.Logger; /** @@ -53,4 +57,45 @@ public class SSOTransferSignalServlet extends AbstractProcessEngineSignalControl signalProcessManagement(req, resp); } + + @Override + protected void signalProcessManagement(HttpServletRequest req, HttpServletResponse resp) throws IOException { + String pendingRequestID = StringEscapeUtils.escapeHtml(getPendingRequestId(req)); + + try { + if (pendingRequestID == null) { + throw new IllegalStateException("Unable to determine MOA pending-request id."); + } + + IRequest pendingReq = requestStorage.getPendingRequest(pendingRequestID); + if (pendingReq == null) { + Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure."); + throw new MOAIDException("auth.28", new Object[]{pendingRequestID}); + + } + + //add transactionID and unique sessionID to Logger + TransactionIDUtils.setSessionId(pendingReq.getUniqueSessionIdentifier()); + TransactionIDUtils.setTransactionId(pendingReq.getUniqueTransactionIdentifier()); + + // process instance is mandatory + if (pendingReq.getProcessInstanceId() == null) { + throw new IllegalStateException("MOA session does not provide process instance id."); + } + + // wake up next task + processEngine.signal(pendingReq); + + } catch (Exception ex) { + handleError(null, ex, req, resp, pendingRequestID); + + } finally { + //MOASessionDBUtils.closeSession(); + TransactionIDUtils.removeTransactionId(); + TransactionIDUtils.removeSessionId(); + + } + + + } } diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/TransferToSmartPhoneServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/TransferToSmartPhoneServlet.java deleted file mode 100644 index 8ea15f985..000000000 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/TransferToSmartPhoneServlet.java +++ /dev/null @@ -1,100 +0,0 @@ -/* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ -package at.gv.egovernment.moa.id.auth.modules.ssotransfer.servlet; - -import java.io.IOException; -import java.io.PrintWriter; - -import javax.servlet.ServletException; -import javax.servlet.annotation.WebServlet; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants; -import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; -import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.storage.AssertionStorage; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.MiscUtil; - -/** - * @author tlenz - * - */ -@WebServlet(name = "SendSSOSessionEndpoint", value = "/TransmitSSOSession") -public class TransferToSmartPhoneServlet extends AuthServlet { - - private static final long serialVersionUID = 4323605569040872262L; - - private static final long transmisionTimeOut = 90 * 1000; // default 90 secundes - - public TransferToSmartPhoneServlet() { - super(); - Logger.debug("Registering servlet " + getClass().getName() + " with mapping '/TransmitSSOSession'."); - } - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { - super.doGet(req, resp); - - Object tokenObj = req.getParameter(SSOTransferConstants.REQ_PARAM_TOKEN); - if (tokenObj != null && tokenObj instanceof String) { - String token = (String)tokenObj; - try { - String signedEncSession = AssertionStorage.getInstance().get(token, String.class, transmisionTimeOut); - if (MiscUtil.isNotEmpty(signedEncSession)) { - resp.setContentType("text/html;charset=UTF-8"); - PrintWriter out = new PrintWriter(resp.getOutputStream()); - out.print(signedEncSession); - out.flush(); - - } else { - Logger.info("Servlet " + getClass().getName() + " receive a token:" + - token + ", which references an empty data object."); - resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Empty data object."); - - } - - } catch (MOADatabaseException e) { - Logger.info("Servlet " + getClass().getName() + " receive a token:" + - token + ", which is UNKNOWN."); - resp.sendError(HttpServletResponse.SC_NOT_FOUND, "Transfer token is UNKOWN:"); - - - } catch (AuthenticationException e) { - Logger.info("Servlet " + getClass().getName() + " receive a token:" + - token + ", which has a timeout."); - resp.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Single Sign-On session transfer token is not valid any more."); - - } - - } else { - Logger.info("Servlet " + getClass().getName() + " receive a NOT valid request."); - resp.sendError(HttpServletResponse.SC_NOT_FOUND, "Request not valid."); - - } - - } - -} diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java index 6ba29fe3a..1d37b916c 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java @@ -131,6 +131,7 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask { } executionContext.put(SSOTransferConstants.FLAG_SSO_SESSION_RESTORED, true); + executionContext.put("sessionRestoreFinished", false); } else { Logger.info("Received SSO session-data is from IDP: " + entityID -- cgit v1.2.3 From 116263de6a4043fd217ea12f73f0b08db90f1935 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 25 Feb 2016 17:29:18 +0100 Subject: add Spring Ressource Provider to SSO-Transfer app --- .../SSOTransferSpringResourceProvider.java | 62 ++++++++++++++++++++++ ...iz.components.spring.api.SpringResourceProvider | 1 + .../ssotransfer/SSOTransfer.authmodule.beans.xml | 23 -------- .../resources/moaid_ssotransfer_auth.beans.xml | 34 ++++++++++++ 4 files changed, 97 insertions(+), 23 deletions(-) create mode 100644 id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferSpringResourceProvider.java create mode 100644 id/server/modules/moa-id-module-ssoTransfer/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider create mode 100644 id/server/modules/moa-id-module-ssoTransfer/src/main/resources/moaid_ssotransfer_auth.beans.xml (limited to 'id/server/modules/moa-id-module-ssoTransfer') diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferSpringResourceProvider.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferSpringResourceProvider.java new file mode 100644 index 000000000..1c7a9f124 --- /dev/null +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferSpringResourceProvider.java @@ -0,0 +1,62 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.ssotransfer; + +import org.springframework.core.io.ClassPathResource; +import org.springframework.core.io.Resource; + +import at.gv.egiz.components.spring.api.SpringResourceProvider; + +/** + * @author tlenz + * + */ +public class SSOTransferSpringResourceProvider implements SpringResourceProvider { + + /* (non-Javadoc) + * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getResourcesToLoad() + */ + @Override + public Resource[] getResourcesToLoad() { + ClassPathResource ssoTransferAuthConfig = new ClassPathResource("/moaid_ssotransfer_auth.beans.xml", SSOTransferSpringResourceProvider.class); + return new Resource[] {ssoTransferAuthConfig}; + } + + /* (non-Javadoc) + * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getPackagesToScan() + */ + @Override + public String[] getPackagesToScan() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getName() + */ + @Override + public String getName() { + return "SSO Transfer Module"; + } + +} diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider b/id/server/modules/moa-id-module-ssoTransfer/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider new file mode 100644 index 000000000..b0744b49b --- /dev/null +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider @@ -0,0 +1 @@ +at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferSpringResourceProvider \ No newline at end of file diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/resources/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransfer.authmodule.beans.xml b/id/server/modules/moa-id-module-ssoTransfer/src/main/resources/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransfer.authmodule.beans.xml index 349b3afb0..1a8709e15 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/resources/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransfer.authmodule.beans.xml +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/resources/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransfer.authmodule.beans.xml @@ -11,27 +11,4 @@ - - - - - - - - - - - - - - - - diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/resources/moaid_ssotransfer_auth.beans.xml b/id/server/modules/moa-id-module-ssoTransfer/src/main/resources/moaid_ssotransfer_auth.beans.xml new file mode 100644 index 000000000..4a4af4ac5 --- /dev/null +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/resources/moaid_ssotransfer_auth.beans.xml @@ -0,0 +1,34 @@ + + + + + + + + + + + + + + + + + + + \ No newline at end of file -- cgit v1.2.3 From e9d885d2dbcfa2234bfa3b1db701c3956278624d Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 1 Mar 2016 10:13:50 +0100 Subject: update SSO-transfer-modul for new mobile app --- .../modules/moa-id-module-ssoTransfer/pom.xml | 13 + .../modules/ssotransfer/SSOTransferConstants.java | 12 + .../moa/id/auth/modules/ssotransfer/data/Pair.java | 21 + .../data/SSOTransferAuthenticationData.java | 5 +- .../ssotransfer/data/SSOTransferContainer.java | 107 ++++ .../ssotransfer/servlet/SSOTransferServlet.java | 537 ++++++++++++++++++--- .../ssotransfer/utils/SSOContainerUtils.java | 60 ++- .../src/test/java/at/gv/egiz/tests/Tests.java | 37 +- 8 files changed, 684 insertions(+), 108 deletions(-) create mode 100644 id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/Pair.java create mode 100644 id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferContainer.java (limited to 'id/server/modules/moa-id-module-ssoTransfer') diff --git a/id/server/modules/moa-id-module-ssoTransfer/pom.xml b/id/server/modules/moa-id-module-ssoTransfer/pom.xml index a6399391a..8207fc502 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/pom.xml +++ b/id/server/modules/moa-id-module-ssoTransfer/pom.xml @@ -33,6 +33,19 @@ + + org.bouncycastle + bcprov-jdk15on + 1.52 + + + + + org.bouncycastle + bcpkix-jdk15on + 1.52 + + \ No newline at end of file diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferConstants.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferConstants.java index 03f3fcdab..cc60bbd20 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferConstants.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferConstants.java @@ -28,6 +28,11 @@ package at.gv.egovernment.moa.id.auth.modules.ssotransfer; */ public class SSOTransferConstants { + public static final String MOASESSION_DATA_HOLDEROFKEY_CERTIFICATE = "holderofkey_cert"; + + public static final String DH_PRIME_BASE64 = "AO672PgS9gv0vLTDDISxnZ61aroRrvj53F4CX1ffNNdU+PYPv6ff3pkmuaw3av41tpD/Y0ypcCEPLh39GemNDUnehwBfi6PocHdDGPhTvhan5kYgDoWPWebA9P3Qy3eUdslwU+Eusr0SBhN+Cssw7XZ0nue5IiOjBxdzdijJiojH"; + public static final String DH_GENERATOR_BASE64 = "NuuDqMxQa7T3XP4H6OFR30imozmM0Eho0na9gXak+Qs+J9uE/3xgHspz9PYO/6Lk2wgeOk42Pk4MHamKVPCLdqztlmEFgKPwHiAwNdNr4PklonLWk5zPSEYDVUt/8IFmK+cu0cPomACo0AfSCSZqdexq0FnFey/5mBjOGPimOJQ="; + public static final String SERVLET_SSOTRANSFER_GUI = "/TransferSSOSession"; public static final String SERVLET_SSOTRANSFER_TO_SMARTPHONE = "/TransmitSSOSession"; public static final String SERVLET_SSOTRANSFER_FROM_SMARTPHONE = "/SSOTransferSignalEndpoint"; @@ -41,6 +46,12 @@ public class SSOTransferConstants { public static final String SSOCONTAINER_KEY_URL = "url"; + public static final String SSOCONTAINER_KEY_DH_PUBKEY = "pubKey"; + public static final String SSOCONTAINER_KEY_DH_PRIME = "prime"; + public static final String SSOCONTAINER_KEY_DH_GENERATOR = "generator"; + + public static final String SSOCONTAINER_KEY_CSR = "csr"; + public static final String SSOCONTAINER_KEY_VALIDTO = "validTo"; public static final String SSOCONTAINER_KEY_ENTITYID = "entityID"; public static final String SSOCONTAINER_KEY_USERID = "userID"; @@ -48,5 +59,6 @@ public class SSOTransferConstants { public static final String SSOCONTAINER_KEY_RESULTENDPOINT = "resultEndPoint"; public static final String FLAG_SSO_SESSION_RESTORED = "ssoRestoredFlag"; + public static final long CERT_VALIDITY = 700; //2 years } diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/Pair.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/Pair.java new file mode 100644 index 000000000..47351b2bd --- /dev/null +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/Pair.java @@ -0,0 +1,21 @@ +package at.gv.egovernment.moa.id.auth.modules.ssotransfer.data; + +import java.io.Serializable; + +public class Pair implements Serializable { + /** + * + */ + private static final long serialVersionUID = -1677989418252218345L; + + private F l; + private S r; + public Pair(F l, S r){ + this.l = l; + this.r = r; + } + public F getF(){ return l; } + public S getS(){ return r; } + public void setF(F l){ this.l = l; } + public void setS(S r){ this.r = r; } +} diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java index b9ab4f307..17e88e381 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java @@ -375,9 +375,8 @@ public class SSOTransferAuthenticationData implements IAuthData { * @see at.gv.egovernment.moa.id.data.IAuthData#getGenericData(java.lang.String, java.lang.Class) */ @Override - public T getGenericData(String key, Class clazz) { - // TODO Auto-generated method stub - return null; + public T getGenericData(String key, Class clazz) { + return this.authSession.getGenericDataFromSession(key, clazz); } } diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferContainer.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferContainer.java new file mode 100644 index 000000000..eecf03b71 --- /dev/null +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferContainer.java @@ -0,0 +1,107 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.ssotransfer.data; + +import java.io.Serializable; +import java.math.BigInteger; +import java.security.PrivateKey; + +import javax.crypto.spec.DHPublicKeySpec; + +/** + * @author tlenz + * + */ +public class SSOTransferContainer implements Serializable { + + private static final long serialVersionUID = 3762458954168085854L; + + private String authURL = null; + private String tokkenID = null; + private String moaSessionID = null; + + //DH parameters + private PrivateKey dh_privKey; + private BigInteger dh_pubKey; + private BigInteger dh_prime; + private BigInteger dh_generator; + + + /** + * @return the authURL + */ + public String getAuthURL() { + return authURL; + } + /** + * @param authURL the authURL to set + */ + public void setAuthURL(String authURL) { + this.authURL = authURL; + } + /** + * @return the tokkenID + */ + public String getTokkenID() { + return tokkenID; + } + /** + * @param tokkenID the tokkenID to set + */ + public void setTokkenID(String tokkenID) { + this.tokkenID = tokkenID; + } + /** + * @return the moaSessionID + */ + public String getMoaSessionID() { + return moaSessionID; + } + /** + * @param moaSessionID the moaSessionID to set + */ + public void setMoaSessionID(String moaSessionID) { + this.moaSessionID = moaSessionID; + } + /** + * @return the dhParams + */ + public Pair getDhParams() { + return new Pair(new DHPublicKeySpec(this.dh_pubKey, + this.dh_prime, + this.dh_generator), this.dh_privKey); + } + /** + * @param dhParams the dhParams to set + */ + public void setDhParams(Pair dhParams) { + this.dh_privKey = dhParams.getS(); + + this.dh_pubKey = dhParams.getF().getY(); + this.dh_prime = dhParams.getF().getP(); + this.dh_generator = dhParams.getF().getG(); + } + + + +} diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java index d33b157e0..80c2663fb 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java @@ -22,37 +22,80 @@ */ package at.gv.egovernment.moa.id.auth.modules.ssotransfer.servlet; +import java.io.BufferedReader; import java.io.ByteArrayOutputStream; import java.io.IOException; +import java.io.InputStream; import java.io.PrintWriter; +import java.math.BigInteger; +import java.net.URL; +import java.security.InvalidKeyException; +import java.security.KeyFactory; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.NoSuchAlgorithmException; +import java.security.PrivateKey; +import java.security.PublicKey; +import java.security.SecureRandom; +import java.security.Security; +import java.security.spec.InvalidKeySpecException; +import java.security.spec.InvalidParameterSpecException; import java.util.Date; +import javax.crypto.KeyAgreement; +import javax.crypto.spec.DHParameterSpec; +import javax.crypto.spec.DHPublicKeySpec; +import javax.security.cert.CertificateException; +import javax.security.cert.X509Certificate; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.velocity.VelocityContext; +import org.bouncycastle.asn1.x500.X500Name; +import org.bouncycastle.asn1.x509.BasicConstraints; +import org.bouncycastle.asn1.x509.Extension; +import org.bouncycastle.cert.X509CertificateHolder; +import org.bouncycastle.cert.X509v3CertificateBuilder; +import org.bouncycastle.jce.provider.BouncyCastleProvider; +import org.bouncycastle.operator.ContentSigner; +import org.bouncycastle.operator.ContentVerifierProvider; +import org.bouncycastle.operator.OperatorCreationException; +import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; +import org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder; +import org.bouncycastle.pkcs.PKCS10CertificationRequest; +import org.bouncycastle.pkcs.PKCSException; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import com.google.gson.JsonObject; +import com.google.gson.JsonParser; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.exception.ParseException; +import at.gv.egovernment.moa.id.auth.exception.SessionDataStorageException; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants; +import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.Pair; +import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.SSOTransferContainer; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.GUIUtils; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.SSOContainerUtils; +import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.moduls.SSOManager; +import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; +import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider; import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; import at.gv.egovernment.moa.id.storage.ITransactionStorage; import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; +import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.MiscUtil; import net.glxn.qrgen.QRCode; import net.glxn.qrgen.image.ImageType; @@ -73,28 +116,181 @@ public class SSOTransferServlet{ @Autowired IAuthenticationSessionStoreage authenticationSessionStorage; @Autowired SSOContainerUtils ssoTransferUtils; @Autowired ITransactionStorage transactionStorage; + @Autowired IDPCredentialProvider idpCredentials; + @Autowired AuthConfiguration authConfig; public SSOTransferServlet() { super(); Logger.debug("Registering servlet " + getClass().getName() - + " with mapping {'/TransferSSOSession','/TransmitSSOSession'}."); + + " with mapping {'/TransferSSOSession','/TransmitSSOSession'}" + + " Development-EndPoints: {'/TestTransferSSOSession','/TestTransmitSSOSession'}."); } + /** + * Only for development and debugging + * This methode create template QR and for the template service + * + * @param req + * @param resp + * @throws IOException + */ + @RequestMapping(value = { "/TestTransferSSOSession" + }, + method = {RequestMethod.GET}) + public void testTransferSSOSessionGUIWithoutAuthentication(HttpServletRequest req, HttpServletResponse resp) throws IOException { + try { + VelocityContext context = new VelocityContext(); + + //create first step of SSO Transfer GUI + String authURL = HTTPUtils.extractAuthURLFromRequest(req); + if (!AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix().contains(authURL)) { + Logger.warn("Requested URL is not allowed.");; + resp.sendError(500, "Requested URL is not allowed."); + + } + + internalCreateQRCodeForTransfer(resp, authURL, + "123456", "/TestTransmitSSOSession", context); + + } catch (MOAIDException | MOADatabaseException e) { + e.printStackTrace(); + resp.sendError(500, e.getMessage()); + + } catch (NoSuchAlgorithmException | InvalidParameterSpecException e) { + e.printStackTrace(); + resp.sendError(500, e.getMessage()); + + } catch (Exception e) { + e.printStackTrace(); + resp.sendError(500, e.getMessage()); + } + } + + /** + * Only for development and debugging + * This methode transfer personal information to smartphone + * + * @param req + * @param resp + * @throws IOException + */ + @RequestMapping(value = { "/TestTransmitSSOSession" + }, + method = {RequestMethod.GET, RequestMethod.POST}) + public void testTransferToPhone(HttpServletRequest req, HttpServletResponse resp) throws IOException { + Logger.debug("Receive " + this.getClass().getName() + " request"); + Object tokenObj = req.getParameter(SSOTransferConstants.REQ_PARAM_TOKEN); + if (tokenObj != null && tokenObj instanceof String) { + String token = (String)tokenObj; + try { + SSOTransferContainer container = transactionStorage.get(token, SSOTransferContainer.class, transmisionTimeOut * 1000); + if (container != null) { + AuthenticationSession moaSession = new AuthenticationSession("123456", new Date()); + + URL idlURL = new URL(FileUtils.makeAbsoluteURL( + authConfig.getMonitoringTestIdentityLinkURL(), + authConfig.getRootConfigFileDir())); + InputStream idlstream = idlURL.openStream(); + moaSession.setIdentityLink(new IdentityLinkAssertionParser(idlstream).parseIdentityLink()); + internalTransferPersonalInformation(req, resp, container, moaSession, true); + + } else { + Logger.info("Servlet " + getClass().getName() + " receive a token:" + + token + ", which references an empty data object."); + resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "Empty data object."); + + } + + } catch (MOADatabaseException e) { + Logger.info("Servlet " + getClass().getName() + " receive a token:" + + token + ", which is UNKNOWN."); + resp.sendError(HttpServletResponse.SC_NOT_FOUND, "Transfer token is UNKOWN:"); + + + } catch (AuthenticationException e) { + Logger.info("Servlet " + getClass().getName() + " receive a token:" + + token + ", which has a timeout."); + resp.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Single Sign-On session transfer token is not valid any more."); + + } catch (OperatorCreationException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage()); + + } catch (CredentialsNotAvailableException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage()); + + } catch (PKCSException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage()); + + } catch (CertificateException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage()); + + } catch (InvalidKeyException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage()); + + } catch (NoSuchAlgorithmException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage()); + + } catch (InvalidKeySpecException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage()); + + } catch (SessionDataStorageException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage()); + } catch (ParseException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } + + + + } else { + Logger.info("Servlet " + getClass().getName() + " receive a NOT valid request."); + resp.sendError(HttpServletResponse.SC_NOT_FOUND, "Request not valid."); + + } + + } + + @RequestMapping(value = { "/TransmitSSOSession" }, method = {RequestMethod.GET}) public void transferToPhone(HttpServletRequest req, HttpServletResponse resp) throws IOException { + Logger.debug("Receive " + this.getClass().getName() + " request"); + Object tokenObj = req.getParameter(SSOTransferConstants.REQ_PARAM_TOKEN); if (tokenObj != null && tokenObj instanceof String) { String token = (String)tokenObj; - try { - String signedEncSession = transactionStorage.get(token, String.class, transmisionTimeOut); - if (MiscUtil.isNotEmpty(signedEncSession)) { - resp.setContentType("text/html;charset=UTF-8"); - PrintWriter out = new PrintWriter(resp.getOutputStream()); - out.print(signedEncSession); - out.flush(); - + try { + SSOTransferContainer container = transactionStorage.get(token, SSOTransferContainer.class, transmisionTimeOut); + if (container != null) { + AuthenticationSession moaSession = authenticationSessionStorage.getSession(container.getMoaSessionID()); + if (moaSession != null) { + internalTransferPersonalInformation(req, resp, container, moaSession, false); + + + } else { + Logger.info("Servlet " + getClass().getName() + " receive a token:" + + token + ", but the corresponding MOASession is empty"); + resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "No MOASession."); + + } + } else { Logger.info("Servlet " + getClass().getName() + " receive a token:" + token + ", which references an empty data object."); @@ -113,7 +309,47 @@ public class SSOTransferServlet{ token + ", which has a timeout."); resp.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Single Sign-On session transfer token is not valid any more."); + } catch (OperatorCreationException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage()); + + } catch (CredentialsNotAvailableException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage()); + + } catch (PKCSException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage()); + + } catch (CertificateException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage()); + + } catch (InvalidKeyException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage()); + + } catch (NoSuchAlgorithmException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage()); + + } catch (InvalidKeySpecException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage()); + + } catch (SessionDataStorageException e) { + // TODO Auto-generated catch block + e.printStackTrace(); } + + } else { Logger.info("Servlet " + getClass().getName() + " receive a NOT valid request."); @@ -127,7 +363,7 @@ public class SSOTransferServlet{ @RequestMapping(value = { "/TransferSSOSession" }, - method = {RequestMethod.GET}) + method = {RequestMethod.GET, RequestMethod.POST}) public void transferSSOSessionGUI(HttpServletRequest req, HttpServletResponse resp) throws IOException { //search SSO session String ssoid = ssomanager.getSSOSessionID(req); @@ -136,65 +372,254 @@ public class SSOTransferServlet{ try { if (ssomanager.isValidSSOSession(ssoid, null)) { - Object createQRObj = req.getParameter(SSOTransferConstants.REQ_PARAM_GENERATE_QR); - if (createQRObj != null && createQRObj instanceof Integer) { - - + //Object createQRObj = req.getParameter(SSOTransferConstants.REQ_PARAM_GENERATE_QR); + + //create first step of SSO Transfer GUI + String authURL = HTTPUtils.extractAuthURLFromRequest(req); + if (!AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix(). + contains(authURL)) { + Logger.warn("Requested URL is not allowed.");; + resp.sendError(500, "Requested URL is not allowed."); - } else { - //create first step of SSO Transfer GUI - String authURL = HTTPUtils.extractAuthURLFromRequest(req); - if (!AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix(). - contains(authURL)) { - Logger.warn("Requested URL is not allowed.");; - resp.sendError(500, "Requested URL is not allowed."); + } + + String moaSessionID = authenticationSessionStorage.getMOASessionSSOID(ssoid); + if (MiscUtil.isNotEmpty(moaSessionID)) { + AuthenticationSession authSession = authenticationSessionStorage.getSession(moaSessionID); + if(authSession != null) { + internalCreateQRCodeForTransfer(resp, authURL, + authSession.getSessionID(), + SSOTransferConstants.SERVLET_SSOTRANSFER_TO_SMARTPHONE, context); - } - - String moaSessionID = authenticationSessionStorage.getMOASessionSSOID(ssoid); - if (MiscUtil.isNotEmpty(moaSessionID)) { - AuthenticationSession authSession = authenticationSessionStorage.getSession(moaSessionID); - if(authSession != null) { - Date now = new Date(); - String encodedSSOContainer = ssoTransferUtils.generateSignedAndEncryptedSSOContainer(authURL, authSession, now); - - String token = Random.nextRandom(); - transactionStorage.put(token, encodedSSOContainer); - - String containerURL = authURL - + SSOTransferConstants.SERVLET_SSOTRANSFER_TO_SMARTPHONE - + "?"+ SSOTransferConstants.REQ_PARAM_TOKEN + "=" + token; - - JsonObject qrResult = new JsonObject(); - qrResult.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_TYPE, - SSOTransferConstants.SSOCONTAINER_VALUE_TYPE_PERSIST); - qrResult.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_URL, containerURL); - - ByteArrayOutputStream qrStream = - QRCode.from(qrResult.toString()).to(ImageType.GIF).withSize(300, 300).stream(); - String base64EncodedImage = Base64Utils.encode(qrStream.toByteArray()); - context.put("QRImage", base64EncodedImage); - - context.put("successMsg", "Scan the QR-Code with your SSO-Transfer App to start the transfer operation."); - - GUIUtils.printSSOTransferGUI(context, resp); - - } + return; } } - } else { - context.put("errorMsg", - "No active Single Sign-On session found! SSO Session transfer is not possible."); - GUIUtils.printSSOTransferGUI(context, resp); } + context.put("errorMsg", + "No active Single Sign-On session found! SSO Session transfer is not possible."); + GUIUtils.printSSOTransferGUI(context, resp); + } catch (MOAIDException | MOADatabaseException e) { e.printStackTrace(); resp.sendError(500, e.getMessage()); + } catch (NoSuchAlgorithmException | InvalidParameterSpecException e) { + e.printStackTrace(); + resp.sendError(500, e.getMessage()); + + } catch (Exception e) { + e.printStackTrace(); + resp.sendError(500, e.getMessage()); + } + } + + private void internalTransferPersonalInformation(HttpServletRequest req, HttpServletResponse resp, + SSOTransferContainer container, AuthenticationSession moaSession, boolean developmentMode) throws IOException, InvalidKeyException, NoSuchAlgorithmException, InvalidKeySpecException, OperatorCreationException, CredentialsNotAvailableException, PKCSException, CertificateException, SessionDataStorageException { + JsonObject receivedData = getJSONObjectFromPostMessage(req, developmentMode); + + if (receivedData == null) { + Logger.warn("No data received"); + throw new IOException("No data received"); + } + + //TODO: check if needed + //JsonObject reveivedSession = receivedData.get("session").getAsJsonObject(); + + String mobilePubKeyBase64 = receivedData.get( + SSOTransferConstants.SSOCONTAINER_KEY_DH_PUBKEY).getAsString(); + String mobileCSRBase64 = receivedData.get( + SSOTransferConstants.SSOCONTAINER_KEY_CSR).getAsString(); + + Logger.trace("Receive PubKey:" +mobilePubKeyBase64 + + " | CSR:" + mobileCSRBase64); + + //finish DH key agreement + BigInteger mobilePubKey = new BigInteger(Base64Utils.decode(mobilePubKeyBase64, false)); + DHPublicKeySpec mobilePubKeySpec = new DHPublicKeySpec(mobilePubKey, + container.getDhParams().getF().getP(), + container.getDhParams().getF().getG()); + byte[] sharedSecret = getSecret(mobilePubKeySpec, container.getDhParams().getS()); + + Logger.debug("Finished Diffie-Hellman key exchange. --> Starting CSR decryption ..."); + //TODO decrypt CSR + byte[] decryptedCSR = Base64Utils.decode(mobileCSRBase64, true); + + + //generate certificate from CSR + X509Certificate mobileCert = signCSRWithMOAKey(decryptedCSR); + + moaSession.setGenericDataToSession( + SSOTransferConstants.MOASESSION_DATA_HOLDEROFKEY_CERTIFICATE, + mobileCert.getEncoded()); + + //generate assertion + Date now = new Date(); + String personInformationToTransfer = + ssoTransferUtils.generateSignedAndEncryptedSSOContainer( + container.getAuthURL(), moaSession, now); + + resp.setContentType("text/html;charset=UTF-8"); + PrintWriter out = new PrintWriter(resp.getOutputStream()); + out.print(personInformationToTransfer); + out.flush(); + return; + + } + + private void internalCreateQRCodeForTransfer(HttpServletResponse resp, String authURL, + String moaSessionID, String servletEndPoint, VelocityContext context) throws Exception { + SSOTransferContainer container = new SSOTransferContainer(); + String token = Random.nextRandom(); + + container.setAuthURL(authURL); + container.setTokkenID(token); + container.setMoaSessionID(moaSessionID); + + //build Diffie-Hellman parameter for Data transfer + Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); + + //TODO: implement worker-thread to generate new parameters every day + //generate new DH parameters + //SecureRandom secureRandom = SecureRandom.getInstance("SHA1PRNG-SP80090", "IAIK"); + //AlgorithmParameterGenerator paramGen = AlgorithmParameterGenerator.getInstance("DiffieHellman", "BC"); + //paramGen.init(1024, secureRandom ); // number of bits + //AlgorithmParameters params = paramGen.generateParameters(); + //DHParameterSpec dhSpec = (DHParameterSpec)params.getParameterSpec(DHParameterSpec.class); + //DHParameterSpec dhSpec = (DHParameterSpec)params.getParameterSpec(DHParameterSpec.class); + + //use predefined parameters + BigInteger prime = new BigInteger(Base64Utils.decode(SSOTransferConstants.DH_PRIME_BASE64, false)); + BigInteger generator = new BigInteger(Base64Utils.decode(SSOTransferConstants.DH_GENERATOR_BASE64, false)); + DHParameterSpec dhSpec = new DHParameterSpec(prime, generator, 1024); + Pair dhKeyIDP = createSpecificKey(dhSpec.getP(), dhSpec.getG()); + container.setDhParams(dhKeyIDP); + + //store container + transactionStorage.put(token, container); + + //build QR code + String containerURL = authURL + + servletEndPoint + + "?"+ SSOTransferConstants.REQ_PARAM_TOKEN + "=" + token; + + JsonObject qrResult = new JsonObject(); + qrResult.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_TYPE, + SSOTransferConstants.SSOCONTAINER_VALUE_TYPE_PERSIST); + qrResult.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_URL, + containerURL); + + //add DH parameters + qrResult.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_DH_PUBKEY, + Base64Utils.encode(dhKeyIDP.getF().getY().toByteArray())); + qrResult.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_DH_PRIME, + Base64Utils.encode(dhKeyIDP.getF().getP().toByteArray())); + qrResult.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_DH_GENERATOR, + Base64Utils.encode(dhKeyIDP.getF().getG().toByteArray())); + + ByteArrayOutputStream qrStream = + QRCode.from(qrResult.toString()).to(ImageType.GIF).withSize(350, 350).stream(); + String base64EncodedImage = Base64Utils.encode(qrStream.toByteArray()); + context.put("QRImage", base64EncodedImage); + + context.put("successMsg", "Scan the QR-Code with your SSO-Transfer App to start the transfer operation."); + + GUIUtils.printSSOTransferGUI(context, resp); + + + } + + private X509Certificate signCSRWithMOAKey(byte[] inputCSR) throws IOException, OperatorCreationException, PKCSException, CredentialsNotAvailableException, CertificateException { + PKCS10CertificationRequest csr = new PKCS10CertificationRequest(inputCSR); + + //validate CSR request + ContentVerifierProvider verifier = new JcaContentVerifierProviderBuilder().setProvider( + new BouncyCastleProvider()).build(csr.getSubjectPublicKeyInfo()); + csr.isSignatureValid(verifier); + + //build certificate with CSR + X500Name issuer = new X500Name("CN=IDP"); + BigInteger serial = new BigInteger(32, new SecureRandom()); + Date from = new Date(); + Date to = new Date(System.currentTimeMillis() + (SSOTransferConstants.CERT_VALIDITY * 86400000L)); + X509v3CertificateBuilder certgen = new X509v3CertificateBuilder(issuer, serial, from, to, csr.getSubject(), csr.getSubjectPublicKeyInfo()); + certgen.addExtension(Extension.basicConstraints, false, new BasicConstraints(false)); + //certgen.addExtension(Extension.subjectKeyIdentifier, false, SubjectKeyIdentifier.getInstance(csr.getSubjectPublicKeyInfo())); + + //build signer + ContentSigner sigGen = new JcaContentSignerBuilder("SHA1withRSA").build(idpCredentials.getIDPAssertionSigningCredential().getPrivateKey()); + + //sign certificate + X509CertificateHolder x509CertificateHolder = certgen.build(sigGen); + + return X509Certificate.getInstance(x509CertificateHolder.getEncoded()); + + + } + + private static byte[] getSecret(DHPublicKeySpec kspectrans, PrivateKey privateKey) throws NoSuchAlgorithmException, InvalidKeySpecException, InvalidKeyException { + KeyAgreement aKeyAgree = KeyAgreement.getInstance("DiffieHellman"); + aKeyAgree.init(privateKey); + + KeyFactory kfactory = KeyFactory.getInstance("DiffieHellman"); + PublicKey pub = kfactory.generatePublic(kspectrans); + aKeyAgree.doPhase(pub, true); + + byte[] secretKey = aKeyAgree.generateSecret(); + return secretKey; + + } + + private JsonObject getJSONObjectFromPostMessage(HttpServletRequest req, boolean developmentMode) { + //read POST request + StringBuffer sb = new StringBuffer(); + String receivedPostMessage = null; + + try { + BufferedReader reader = req.getReader(); + String line = null; + while ((line = reader.readLine()) != null) { + sb.append(line); + } + + receivedPostMessage = sb.toString(); + + } catch (IOException e) { + Logger.warn("Received POST-message produce an ERROR.", e); + Logger.info("Msg: " + receivedPostMessage); + + } + + JsonParser parser = new JsonParser(); + JsonObject receivedData = null; + if (MiscUtil.isNotEmpty(receivedPostMessage)) + receivedData = (JsonObject) parser.parse(sb.toString()); + + else if (developmentMode && MiscUtil.isNotEmpty(req.getParameter("blob"))) { + receivedData = (JsonObject) parser.parse(req.getParameter("blob")); + + } + + return receivedData; + + } + + private Pair createSpecificKey(BigInteger p, BigInteger g) throws Exception { + KeyPairGenerator kpg = KeyPairGenerator.getInstance("DiffieHellman"); + + DHParameterSpec param = new DHParameterSpec(p, g); + kpg.initialize(param); + KeyPair kp = kpg.generateKeyPair(); + + KeyFactory kfactory = KeyFactory.getInstance("DiffieHellman"); + + Pair pair = new Pair( + (DHPublicKeySpec) kfactory.getKeySpec(kp.getPublic(), DHPublicKeySpec.class), kp.getPrivate()); + return pair; + } diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java index 7c8a86f73..4d41ff652 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java @@ -49,19 +49,14 @@ import org.opensaml.Configuration; import org.opensaml.saml2.core.Assertion; import org.opensaml.saml2.core.Attribute; import org.opensaml.saml2.core.AuthnContextClassRef; -import org.opensaml.saml2.core.EncryptedAssertion; import org.opensaml.saml2.core.Issuer; import org.opensaml.saml2.core.NameID; import org.opensaml.saml2.core.Response; import org.opensaml.saml2.core.StatusCode; import org.opensaml.saml2.core.SubjectConfirmationData; -import org.opensaml.saml2.encryption.Encrypter; -import org.opensaml.saml2.encryption.Encrypter.KeyPlacement; import org.opensaml.security.SAMLSignatureProfileValidator; import org.opensaml.xml.XMLObject; import org.opensaml.xml.encryption.EncryptionException; -import org.opensaml.xml.encryption.EncryptionParameters; -import org.opensaml.xml.encryption.KeyEncryptionParameters; import org.opensaml.xml.io.Marshaller; import org.opensaml.xml.io.MarshallingException; import org.opensaml.xml.io.Unmarshaller; @@ -72,8 +67,6 @@ import org.opensaml.xml.parse.XMLParserException; import org.opensaml.xml.security.SecurityException; import org.opensaml.xml.security.SecurityHelper; import org.opensaml.xml.security.credential.Credential; -import org.opensaml.xml.security.keyinfo.KeyInfoGeneratorFactory; -import org.opensaml.xml.security.x509.X509Credential; import org.opensaml.xml.signature.Signature; import org.opensaml.xml.signature.SignatureException; import org.opensaml.xml.signature.SignatureValidator; @@ -140,6 +133,7 @@ public class SSOContainerUtils { tmp.add(PVPConstants.MANDATE_PROF_REP_OID_NAME); tmp.add(PVPConstants.MANDATE_PROF_REP_DESC_NAME); tmp.add(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME); + tmp.add(PVPConstants.PVP_HOLDEROFKEY_NAME); REQUIRED_ATTRIBUTES = Collections.unmodifiableList(tmp); } @@ -398,31 +392,33 @@ public class SSOContainerUtils { authResponse.setStatus(SAML2Utils.getSuccessStatus()); //encrypt container - X509Credential encryptionCredentials = credentials.getIDPAssertionEncryptionCredential(); - EncryptionParameters dataEncParams = new EncryptionParameters(); - dataEncParams.setAlgorithm(PVPConstants.DEFAULT_SYM_ENCRYPTION_METHODE); - - List keyEncParamList = new ArrayList(); - KeyEncryptionParameters keyEncParam = new KeyEncryptionParameters(); - - keyEncParam.setEncryptionCredential(encryptionCredentials); - keyEncParam.setAlgorithm(PVPConstants.DEFAULT_ASYM_ENCRYPTION_METHODE); - KeyInfoGeneratorFactory kigf = Configuration.getGlobalSecurityConfiguration() - .getKeyInfoGeneratorManager().getDefaultManager() - .getFactory(encryptionCredentials); - keyEncParam.setKeyInfoGenerator(kigf.newInstance()); - keyEncParamList.add(keyEncParam); - - Encrypter samlEncrypter = new Encrypter(dataEncParams, keyEncParamList); - //samlEncrypter.setKeyPlacement(KeyPlacement.INLINE); - samlEncrypter.setKeyPlacement(KeyPlacement.PEER); - - EncryptedAssertion encryptAssertion = null; - - encryptAssertion = samlEncrypter.encrypt(assertion); - authResponse.getEncryptedAssertions().add(encryptAssertion); - - +// X509Credential encryptionCredentials = credentials.getIDPAssertionEncryptionCredential(); +// EncryptionParameters dataEncParams = new EncryptionParameters(); +// dataEncParams.setAlgorithm(PVPConstants.DEFAULT_SYM_ENCRYPTION_METHODE); +// +// List keyEncParamList = new ArrayList(); +// KeyEncryptionParameters keyEncParam = new KeyEncryptionParameters(); +// +// keyEncParam.setEncryptionCredential(encryptionCredentials); +// keyEncParam.setAlgorithm(PVPConstants.DEFAULT_ASYM_ENCRYPTION_METHODE); +// KeyInfoGeneratorFactory kigf = Configuration.getGlobalSecurityConfiguration() +// .getKeyInfoGeneratorManager().getDefaultManager() +// .getFactory(encryptionCredentials); +// keyEncParam.setKeyInfoGenerator(kigf.newInstance()); +// keyEncParamList.add(keyEncParam); +// +// Encrypter samlEncrypter = new Encrypter(dataEncParams, keyEncParamList); +// //samlEncrypter.setKeyPlacement(KeyPlacement.INLINE); +// samlEncrypter.setKeyPlacement(KeyPlacement.PEER); +// +// EncryptedAssertion encryptAssertion = null; +// +// encryptAssertion = samlEncrypter.encrypt(assertion); +// authResponse.getEncryptedAssertions().add(encryptAssertion); + + //add unencrypted assertion + authResponse.getAssertions().add(assertion); + //sign container Credential signingCredential = credentials.getIDPAssertionSigningCredential(); Signature signature = AbstractCredentialProvider.getIDPSignature(signingCredential); diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/test/java/at/gv/egiz/tests/Tests.java b/id/server/modules/moa-id-module-ssoTransfer/src/test/java/at/gv/egiz/tests/Tests.java index d30c1f524..1beab574a 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/test/java/at/gv/egiz/tests/Tests.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/test/java/at/gv/egiz/tests/Tests.java @@ -43,24 +43,27 @@ public class Tests { * @param args */ public static void main(String[] args) { - String json = - "{\"data\":{\"session\":{\"validTo\":\"2015-10-09T10:55:34.738Z\",\"entityID\":\"https://demo.egiz.gv.at/demoportal_moaid-2.0\",\"userID\":\"Thomas Georg Lenz\",\"sessionBlob\":\"PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c2FtbDJwOlJl\\u000ac3BvbnNlIHhtbG5zOnNhbWwycD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4w\\u000aOnByb3RvY29sIiBJRD0iXzQ5ZjgzMDIyZjRkZjFjODMyMDNlZGU1NTQxZDY1ODU4\\u000aIiBJc3N1ZUluc3RhbnQ9IjIwMTUtMTAtMDlUMTA6MzU6NTEuMDI0WiIgVmVyc2lv\\u000abj0iMi4wIj48c2FtbDI6SXNzdWVyIHhtbG5zOnNhbWwyPSJ1cm46b2FzaXM6bmFt\\u000aZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIiBGb3JtYXQ9InVybjpvYXNpczpuYW1l\\u000aczp0YzpTQU1MOjIuMDpuYW1laWQtZm9ybWF0OmVudGl0eSI+aHR0cHM6Ly9kZW1v\\u000aLmVnaXouZ3YuYXQvZGVtb3BvcnRhbF9tb2FpZC0yLjA8L3NhbWwyOklzc3Vlcj48\\u000aZHM6U2lnbmF0dXJlIHhtbG5zOmRzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5\\u000aL3htbGRzaWcjIj48ZHM6U2lnbmVkSW5mbz48ZHM6Q2Fub25pY2FsaXphdGlvbk1l\\u000adGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4\\u000aYy1jMTRuIyIvPjxkczpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8v\\u000ad3d3LnczLm9yZy8yMDAxLzA0L3htbGRzaWctbW9yZSNyc2Etc2hhMjU2Ii8+PGRz\\u000aOlJlZmVyZW5jZSBVUkk9IiNfNDlmODMwMjJmNGRmMWM4MzIwM2VkZTU1NDFkNjU4\\u000aNTgiPjxkczpUcmFuc2Zvcm1zPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRw\\u000aOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjZW52ZWxvcGVkLXNpZ25hdHVy\\u000aZSIvPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8y\\u000aMDAxLzEwL3htbC1leGMtYzE0biMiLz48L2RzOlRyYW5zZm9ybXM+PGRzOkRpZ2Vz\\u000adE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1s\\u000aZW5jI3NoYTI1NiIvPjxkczpEaWdlc3RWYWx1ZT44eE9qNmlYVzhIQzk5UGhETEZ0\\u000aOVp0M205VWliaVdrdHMzaWVQTS9CZlFZPTwvZHM6RGlnZXN0VmFsdWU+PC9kczpS\\u000aZWZlcmVuY2U+PC9kczpTaWduZWRJbmZvPjxkczpTaWduYXR1cmVWYWx1ZT5mNjM2\\u000aYjVBeGx6THdUL0I1SmdLdnhNN0haK1lEZGVldUdaRUlxc05KdHdiN05TVFhlbVFC\\u000aTExObDlJTk1aUW1Ybkx3ektCc0pra0tGTXl3MkpsNXVYcWlHWVBzMExTWTNiWTdj\\u000aTTZoeHpDaGdVVHRMWXlPcE9qemxxbE5CN2FKTVpZWU10Q2phcWNqSmxVM0wxTjBv\\u000aYUJ5QlRjaTRHdjd5TUJkdE9nRElHNVVpVEppVmVNOURZcUowZFVaZDNRcG1BK0Zm\\u000aUm10WFVzaVRzU0N0b3lWVHlXYTJWemJweTZxcDMwWkZSTU03LzU0Q0NWZHIvaDZW\\u000aTnZCQ1YydkFEMWdZaUg5VG41aTRSRmRWMFBKNTkrNS9HYXVUMm1HSVRUVmNreVk2\\u000aRlJQSjI2MUV0bmdScE8xK1FYRDZwQVZBM2V6Rm9ZbkkyQ2dYdHQ2K2EyTkV3cnBO\\u000aaHc9PTwvZHM6U2lnbmF0dXJlVmFsdWU+PGRzOktleUluZm8+PGRzOlg1MDlEYXRh\\u000aPjxkczpYNTA5Q2VydGlmaWNhdGU+TUlJREZUQ0NBZjBDQkZVQm5MNHdEUVlKS29a\\u000aSWh2Y05BUUVMQlFBd1R6RUxNQWtHQTFVRUJoTUNRVlF4RFRBTEJnTlZCQWNNQkVk\\u000aeQpZWG94RFRBTEJnTlZCQW9NQkVWSFNWb3hJakFnQmdOVkJBTU1HVTFQUVMxSlJD\\u000aQkpSRkFnS0ZSbGMzUXRWbVZ5YzJsdmJpa3dIaGNOCk1UVXdNekV5TVRRd016UXlX\\u000aaGNOTVRjeE1qQTFNVFF3TXpReVdqQlBNUXN3Q1FZRFZRUUdFd0pCVkRFTk1Bc0dB\\u000aMVVFQnd3RVIzSmgKZWpFTk1Bc0dBMVVFQ2d3RVJVZEpXakVpTUNBR0ExVUVBd3da\\u000aVFU5QkxVbEVJRWxFVUNBb1ZHVnpkQzFXWlhKemFXOXVLVENDQVNJdwpEUVlKS29a\\u000aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBSUp2MHFlOVVkdkZZU0w1STAy\\u000aR29rd0VWZnNJR2M3STdFaFZOT3hZCjltdFVlbm1ocU5yTHNMQkZnMUlpUGJrMElT\\u000aV2hPUndQeVZwL1AzK0d5R1AzMzlxWjY4VUNHVjM2MUUwUW03Y2pQZS9PMytyM0hB\\u000aTTIKWkJOOG9BWm9IbXBock5TNmZLZlk1OGt5Z3RyVWErWnlNellXVFRpUzMyU0NN\\u000aOEg1NWJsdUVGYmVaa3NuYlAwWTk0SWprZkpkZ3Z6bApNeHpybFN5b1YyeW1XQmp2\\u000aUzV3ZWxESGdiQ0t5anNqSWhUUmpKdS9vbEdKeWVuMDEvRXBJVnRTeURYTy8ySVMy\\u000adjJPOVVpRndBb3lCCllBalBubDNIeEsyQTU3N25SNjNNeGxnUDAvcytyODR1QnFP\\u000aQWxiNHFuYnBVN2x1NUd4bENQa1ptcFJvb0NRWVVSaW9DK3dqUzZsTUMKQXdFQUFU\\u000aQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFCcU83a2txL2dSYWhBdnBzUWc1TExa\\u000aUk9HRnI5cElQcnlOOXhtSkdnUG83agpLTmw3cnM3Z05TMGxtdWx1WVdXbkpjd0FQ\\u000aYndGZWI5NTRWTUI5eDlwOVFFdzVSblhhbVVZOXFhMExnY1MvdC9XWDZ2SmtaUE5o\\u000aV3BoCjhiWHdoME12bHNiZnJ2RFRKcjhjakgzcWZ4SVRwN3BhM3hiMXFFN3N1UmZm\\u000aVlVkRFhhd2lYWG5XSi9XSnIrdHdWVkhIRXFuWnoxbEEKclNETHhNOHNDakc4RGVK\\u000adzh2blF5NW1QR3JHVlRCYmE0dXBjOFVUWTFuUFY5VTJHQkpWWXVBa29WUmpiVGxO\\u000adnJMNUpxTnF5cEtjRwpiZWpqV3hncnpaa2VRZVUyaEZjanVubWd3R1ordWcyZnE0\\u000aa0trUWZ0d2NxZUpUenl6Qm9vMitPbzRUbWZic2gvb254UFdBPT08L2RzOlg1MDlD\\u000aZXJ0aWZpY2F0ZT48L2RzOlg1MDlEYXRhPjwvZHM6S2V5SW5mbz48L2RzOlNpZ25h\\u000adHVyZT48c2FtbDJwOlN0YXR1cz48c2FtbDJwOlN0YXR1c0NvZGUgVmFsdWU9InVy\\u000abjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpzdGF0dXM6U3VjY2VzcyIvPjwvc2Ft\\u000abDJwOlN0YXR1cz48c2FtbDI6RW5jcnlwdGVkQXNzZXJ0aW9uIHhtbG5zOnNhbWwy\\u000aPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48eGVuYzpF\\u000abmNyeXB0ZWREYXRhIHhtbG5zOnhlbmM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEv\\u000aMDQveG1sZW5jIyIgSWQ9Il8zZmQzNTg5MmU5YThlYWNiOGUwOGYyODBhODNmY2I3\\u000aNCIgVHlwZT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjRWxlbWVu\\u000adCI+PHhlbmM6RW5jcnlwdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cu\\u000adzMub3JnLzIwMDEvMDQveG1sZW5jI2FlczEyOC1jYmMiIHhtbG5zOnhlbmM9Imh0\\u000adHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jIyIvPjxkczpLZXlJbmZvIHht\\u000abG5zOmRzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj48ZHM6\\u000aUmV0cmlldmFsTWV0aG9kIFR5cGU9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQv\\u000aeG1sZW5jI0VuY3J5cHRlZEtleSIgVVJJPSIjX2E3NDBjZjA5MTViZDE1MmRiNzRk\\u000aMDNjZDQ1NzUyMTM3Ii8+PC9kczpLZXlJbmZvPjx4ZW5jOkNpcGhlckRhdGEgeG1s\\u000abnM6eGVuYz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjIj48eGVu\\u000aYzpDaXBoZXJWYWx1ZT43R0hKY0NYYXlzME1pY2ZvYXc3cnFNeTZ1bUQyd0FEQmtH\\u000aOThKclJ2UUdMczJneTBOSWFvSlM2SWM1Z254RXBNcUZHZ2ZLNHBBWGxRUVh3K1h6\\u000aY0RNaURhY2tqS1c5ckptNTh0b3dxNmFEbWVIU2doTTRDVzhVb1RaQlFlazVvY1dU\\u000aNmRIT3hPVzFFOFUrTXprTEg1NjVXUWxLYkdHamVSSGNzb3V3MXFuNk1XS01EU0V4\\u000aRzQrZERzSVliMk1uaEc3OEh6TDNZK0VMVG40TWd1cXF4bmpTVC9rRkpTK2dSMm93\\u000aL2tHVHN2ZnlLWmdMZUVYTzRpVHlNM2RzRk1Ma05rM0tHSHVHRmhGeUxycUR3Sko2\\u000aTmY5OVZRTmlDZDlrUnpxOE1qWklpNWQ0SjlhSmgvRk93NFI0TXAveCsvaC9hYVhk\\u000acDVyQ09CcUVaZ3FZUXlqT2FIMlAxRHR0VkU5SU5xS2w1OXh5ZTJaR0tDd1p5TTgr\\u000adWdSRnVDbTJ2RFlRSUx1T1RTaVNpbkJsNnBpLzFYRktNL1lVbTRJMXA0N21LNDlE\\u000aeW9Ia0lBaUk0NjQ2ejNJZ0tMZTBnaFlQYUlvTHhNcDE1ZE83RHRDQzhsZnYwb3Qx\\u000aYVdvTy9TcGpXaVJiOEhCaXdleGxTdHV4dVorUGVqZDlzUS9neTNFOFp1MWJXRmsv\\u000aTDVrNTZqUTAxZStIcEdORW5FSml1c1RHWldMRTZBY1lvd1NCeEZidC9RUHhGTlhh\\u000aRFBmcmlGRGZMK1RuMngyc2Rwb1RlMVpZM1JnZXo5b1Y2QUtJQWZZWC8zMllsT0NK\\u000aTlV5Myt4OU5teHljOFdKNTBjQ2RTd3ZuNTRBc1Z2U0xYRi9sbHIwQmh2cWRWQ0dP\\u000aTy82WGQvdEtpblFPWHdmeEJBMDVJZSs5MFZhU1J2NGFrRXJ4dHhrekVIeXB3R01j\\u000aVStieTYybDh5Q2Qya01vMnpQK0hmZ3NkTU9Ba2hrbDUvRXB2NVdiZGMzeElKRUhK\\u000aOVptbitUdGNWR2FiOHNPeSsyblIwQWNwZDJxeVIvNkNUd3dodk5nbXF1TldiLy9P\\u000aaGNxdDMvR1dPZkt0NGhrRnQxeGE2allTSXVoNHVWMHJqcENvK21ISFk4ZFZaTGZ6\\u000aNE9oR3dpNGd4bDBlV3hYUWF3UGpMWlI5RzdpQ1NCT2ZPV0d5bkdydklKSFF2VUJD\\u000aUVUwLzh3eFNxRmkxcVdQVXN2ZWtxV012SFpYTGdMMGZNYUJEa1ZZTm5YT2FlalJU\\u000aVHNZeENZc1AxYlRCNDY5ZytjRkQ1bEd0VDErTi95S3dKOUJTTGhaenhzRVhVWkhG\\u000aQ1NJTk1vTTlnaVF4TzI2L0VLUENMdXp2bnkyN3orNWdxcURkVzhlVUFCUmEyeFpp\\u000aZ204YmFkSllGWE12dkdDUVBjcmhiN3c1c3dSL2I1TXNiZXV4L3F0RFQ4R3VWcUNG\\u000ac3JDL3E4MlZpOUd5b3VCWDdGRk50UWhWRDFFVWtCQWZTYWE2UDhKU2VPdE01TVYr\\u000aV21OcGJrQ0U2M2hZS2g4cHN5MUdMdlRZRVA3Slh3TmNIWXlmS3FtdXk5S1dOVmUv\\u000aT2JPZTM5azhCWE5tWE9DejRJay93ajZqaU1DWEsrblhwdTBZQ1Z2ODJXM1BMeGlR\\u000ab1liRURMMjNHV05sNFFHQzQ1dE45WUpwK29CSGZjRStmUHk4S1FrOFBDK0s4SFFr\\u000aK21HV3NkTVUxUitTaTExY0VYdzBKTTRTczJzTWpZb05tQXd6a2RvRHliVkdnK3B3\\u000aSnUrUmFmaEJrSmpIU0FMeVQ3Y1R3dncrOW56S1BIdUhvWW5wSTRLQSt6U2xrYkUr\\u000aQ0dSbzd1MUxXVFl0cGZTYnFtd1NjYVlxU01WaTZ5QVdkRnoyS001LzlkVHB6alBY\\u000aNGhOZW82ZE96eVRHUkFMVnVUZi9Ma0RqaElqWGJ0Z2J6ZnU0aWdrWXg3Q2d1RnZ0\\u000abVlkTEhNSE4yRnFOTkN1UWk2bTJLUGYyUG5HdmVrSFVwMEJYZ3NEOUhkZFJtNHBF\\u000aYnE1VEsvV05RTzBuS0g0M1owOU9NcWZZbHEybk5mTi84ZnMyTjc1c2h5NmtheElK\\u000aL0FZUlNkOUU5M1VjOWJmV2FIeUwraWNNTE1GelU5MytMZlhpREkyWDVScEVtSnFB\\u000aSUMwVlJ0NWtXdnlVNGVlWnhOdE8zWUtxUnN2YVo0dzhnZ0I3dkxheFFKUWtnMWhs\\u000acVAzQzhDQW5HWnkrdDR5alRVejA1LzlpQi9HRk1DdDNteEpPajUvaVdTOTZRRW54\\u000aVm8wdVYvYzhDRFd6OERHYzYvLzFBQzBWS0VmaGRsSmFGOHg1NzVHNTI2dHoxTVln\\u000aMHBaaitNRzlsRUxkNm12d011cVE3VEVZdEYyN0Y4Vk5iQ29ZWXUraDhJTCs1Y0Vr\\u000acnBjakUzMm9MbWx4ZjBjNnpZaDhwa3FsVTR2RHlQeGJJcm50WkFPcThMUzk5Vktr\\u000aUjdFL0w5OXNoZUxqd3I0bTJtQ21CZ2tGZVZhVG1Ca00vSFd4MUNEYjlIcVM0N25Z\\u000aSWJaQW94ampIK0QzR1EweXlES1R3aG1iSXNHMFQ4Ry96eStRR0pmNkg2MXg0M1ZJ\\u000abkNwRkxmQjNiQUNJay9OanhCeFdheGVwMXRMMTRBSlRMZlROTnA3K3dCT016THhm\\u000aSHBjSUlWT2dOeXJ6UVk2Q0x6eXlDM2hub212a0hadFJ2WmpBYmExMmJSZ3VoTUJX\\u000aOFZiaHNKMmZaekZ3TXp0amxzSEkwREc2OGs1R0JDemFDQVRPZlBBWnFPN2lEQ2JC\\u000aMW1KSEgzTmxvQ2xuL1pTY01rOUVqTERyTndIWHZ4ZEFTRFMwS1RrZVNxS21TZm54\\u000aUWlSQ3lLNjhrSEZNc0trUTRYS3JKZjZGMWRreVYrL3NFdzRsS1FFYW52VkVVSTJx\\u000aUExDSVZnVWVkQVFaeFAxeVp0dDA1V2ptSUdhZnhQMldWNE9PYm8vTGFaamo0YW9H\\u000aNjNxWkdGdGJyWUt4TVc1Ny9RL0ZkbjN5TUpmUlkxVGU0UCtpTTNHUjNRcU1QeVMr\\u000aZWZDMlRDNk9pYithOHZ2SVcxTFI4OGV0V2t4SHJzMEpVcVRpM1ZEY1lXNEcwUHVn\\u000aTFhsZEYwWVVod1RLaTlOUjZmWTNXMXBTQUlNRGYvbk5hcVBIUnNLVWU4Z3pwcll3\\u000aOUdWLytXWjkrNUxEQnYzWmNKVGlLcllOcG1TUHl2MDdvNWx2Mmo2MXJtaEdsQVJ6\\u000aODJzWlhDUzA5K0lyaUpmVUg4bko0NFRFUk8wb1pBd2RxZWhEVmQ2YzZIV044dlJI\\u000aeEVJZWhmeXJhUVZ5Q3FlQkU3d3VPcXZFSmI2R0Urc1czNlBMNGFwT2ZMcCtISU5V\\u000aMkRhbVBrWHJWdVV6Q1dWZWlXaGIzSVBPNk81WkNENVp5RHlQc0liV3RuMnc2bnpI\\u000aU3EyUDhOdmZZRHhTcmM2YlU1aThoQ0FOZFdudTliMWJia0tXTXhUazhjamQ2bk8w\\u000aN1FtZnJFZGJCQ1ptWmh6blJ2cmRYMDdHSXo0YXhtM0Z2UHBtazBvZ1FaUzBieDd1\\u000aSWhFTDhGR2ozQW9lSllpOFB0dFA3NmFKaTRPYndlUmhlWVE2L1p0NHlPcXhabUph\\u000aMEFnTjJieTlpT1kyZ2tLclg2RTY1UWMzM2Q0Wlh6aXdDc1BsNVlGQmY1bG9ndGFE\\u000acXFVU0p1TEQyUEMyZEZNeDAzaGkrcUpSNmxPZ3ozYjJrM3dUTjhGTjJBMnQycHo2\\u000aNjJSS3IyQVRuSklrZkdndHVTcFlicGdab05VL0pheS9qMERWMXRaMkFmODdsUU43\\u000ablphdmF0YjVvbWx1Vi8yU3ZVYk5rbW1HdUhrTmFjQnNuTjIza3FOTEFrMmZvQ0xZ\\u000aT1FZaG5uQm1ZTUdYdS9tOG9haXdmUzhxRlZyYllTc0tKSWpLU1ptaFZBU3hXa01t\\u000aT3lSVUcrYkhlQ3RuT3ljWmlhb25XZElvbFUzT2hJMi9JTkpDSUNzQjJNWGhtNkpa\\u000aOEFtcUlqSGQxR1JvVElRTDlFNlBUbGF1MVB5dDhmbnl0aERac2R5L1dmMGU2SGRy\\u000abXJleXBiaE5PYTh4NUF4ckhaRGxjemttaUJyOHEzU0dYU1JVWUt0YndGUk5DZjFX\\u000aYkVyci9uN3duVmlZOENiS0wxZGJzMzlDNmtaVGlUVE16b1NCaFVKcW0xeUpHZUM3\\u000aT2pLRC9VNUFUK2NmOXV3c2hVNDhKZHNUNDVOWjJnOFNkL21xODlyTFBRVTAxNG9h\\u000aNUhRbzV4bEkvaldPUE1MM0R3MmtFVkkyZ3R0eG5HamExVk9aZVlJSGM1amJWenBx\\u000aSDMxZ2ZNYkZLTTNqNHRyaFVKVmFyM29ZWndZWnR6c1IyNmg5NWxIVlNNQzJ2MGZH\\u000aZ29nRFBMYzROejFtelNUNzQ2OFFTeVJJTzZtOTVTOTV3UWxiWXFoRzhMLzJsZW13\\u000aS1JNMUNUSGVUeVFjQlRNb1lrdU9wNFRZaVlXZzAwMjlXelNyMkhCUlFXZm9zNzc0\\u000abWlBbjBEQWtxcysybzFOdUtjTmU3cVFmY1Vnd2lHNzZJK1FZcEZPbkJSeUh1d1px\\u000acHR1WmpKTWV5amtZWC9wRE5VRkxYMmNWRGgrT0FSRUFaT3NBSVlPbnU1OWZnRHVB\\u000aM2RrOVNHMGVIclNXVkR2dU5yTDJiWm1hUXJxQmZ4bXRaall2Q0lmdDFXcmQvUkFo\\u000aeUs4bEFMNWFJZ1pZajV4WjBtV2hXd2hHTFBKNXBnMXpCeHFmZ2hyNzhRSVBQNGEr\\u000aT3YwU21qTmdwbVNQQzc4d2RPNVh6N3NzeU1mUC9uWkhVZEVJbUNqUGVMM2lJalhn\\u000aVVY1SjRnckc1cWY3WHZJQzBpNGZBdktnZ01LYXFYWGRZclBCZzFWQm5vR3BNVWZm\\u000aUU9Wa29pcjNjL2hYNWxlN1BoQlp3OVlWaEN3UDg2VU1oeGFmclp6blQzbnVUV0lL\\u000aRUMxOWVXNDJSak0wU3V2dWlreFY0L1o1UUhxcUtvNmRPamJZL1NKR1FQU1VWczdx\\u000aU3owNks1bTF4Q3Mybk51QWR2V0lVS25leE1oRUxsRTVGbGJQVkZ0Nkc3d0dLNUxv\\u000aNkV0bVZPWnE3bXpxWS84RHdUMnpUbm1UbW1lZEdIZDlUUWRCM1gxU2orUHlFRDFr\\u000aT01kYUkvVlVOWCt4bFlmUkd4RHF1Rlp2YmdTVSsxaDJHSjQ5M3VsYk9KVmJjeXpP\\u000acFFmTks5UTNNNEp2V1hPRVUzT2NPVkMwbkZGUUVEbDFEZ2h2Wldoeit6dy9sZkg1\\u000ab3UvV0kvOUpmKzB6ajJNNDE2YytTbkpneCtaSVZUd0lTQlhDc1NicW5tbG54ZE9a\\u000aSnhrbElrWXlwMGVNZ0RkTzZscHdTbXlLc21KMFVaM3ZPUFRuQXBxdTROeUxLOXUw\\u000aNzFZRVB5WUhWWnRXOUdITm5LM3RvZm5TVVZpMSsrVEx5bDY4aWRqS0RCa2hFVWNy\\u000aeWU5QkFhak1VR3VSc00zQ0RNZGlrSEd6eDVwM2RoeGIwczJTcGhxREhFLzJMSlBj\\u000aU2kyQkFVWTA1WXNDUytiWDgzb3VESDRXSmozZDM0NFFTcnFwQnk0ek11UHJPdWdT\\u000aRWo1a1Z1MjhMT1RKcnZPL09jbmxoTUYvWndielBRVVI5TmhUV21GOFV4WEE0Vjd0\\u000aK2RQNDVnTFFvYnNnVHY4MXkrUDVuTnZ2alNtL2I3aVpzZXJhV0VaSHlwNGo0bis0\\u000aSWJJTmZrcXVYVG9pcTlyVHFvZFdyemN4TkJCdDBOMTFtRWpwM2ZvYjJiVFU5QkVn\\u000aalZlTHRFSGxqVFJJV1ovK1IvTHpTaXRJL241MlNvTUI4RlVZc2lXQzF3WVBOY2lR\\u000aeEJYdFRNZ2xLY3NiVkUyN0dxSEtueDVkMlVHSE9iQVVIOGpKdmVaZUNRYVExWEZu\\u000aZ1ROdXVNcVBzdERaSFNPQ1pWVXhJajkyQTFUNkVTaFo3cTY1VjhadFEwNmdYb3dB\\u000ab1ZDc2xjaUJEZHZwUEZCL2FlV3hjbHc3cFZBQ2xBQ0ltVmhMRG5YNEtGWUNIUE5n\\u000ac2FLYU9ua05SVVZSc0Vad1pad2x2bklRdXpBRW9KTmtremd3Z2dtdHgyL09EK0NY\\u000aaVlLdE5pT3hHWDlKZEUveVovUk9qbHlSNUo5Q09CL3JNMmdlY0FWZ2dmcXQ4RUc5\\u000aQUJNVHZhN3RpVHF0M2Q4V2NjREV5S1F0aTlySXhoNWZVWGkwbTFrNlJGblNEajZN\\u000aRXZBNjBULzRJY1hPUERtYTJ2WU9EZ0NBS21IMWtnNzY1dDI4MFNtcFNnMFlnQUpV\\u000adkphSXlsdGY4VWhPWE9DdE1RaXdEVlVjSCtDTHBiSXh4a25Pa2Q5K1hYNDU3bm1j\\u000adjc5S0FMbzRjbEp0RWpqS3h1aUIrK1ZwNGxzRVlENkI2RVkzMjJiNmk4ZExkQkJu\\u000aZ0JKdXUwMDFBSjlWUFlIWlJBeDNRNDh4UU11dUp3WWdZNmlEV3hzY3lheDdENkxu\\u000aS2czbnBaYmhmVzRlc1l2NjBqdkhTNDZwem1lSlVKVmNmVUFFeWQ4azFXK3huWHFi\\u000aN1dxRFRGNXhaTHgrZHRlQk90UmR5U1NIR2cvcUhQNEFvZ3VSc2JvVFU5OEJqOWIy\\u000aSysvSEU0ZTIveDk2bkg3VzRlU0tGRGsxaWxoNk9EckE5SE1uQ3h1QWFxZXB5VTFo\\u000aRGNsZjNEVXdGamdRR3Vnb29TNHpITElvbnpxVFVjcTRzcC9SZ0YzRk00TGxpL2NC\\u000aTDdSbTYxMHZBYUprcmZWRG1JZGZ0NHd0SVVTVysyRGtoQ2lyb21LL3RLckZUbC96\\u000aTk5HMGpBTmo3SjllRWhQaE9kdzFVMHRlN3ZlakVwMGRLb09NRkRTSTNaWWJieWNs\\u000aUHJ3bkw2ZW5ocmlrWHBzNXVMVDRqT2p2NFVJSVRQSjJLN2NjWUZmQzJqZlJKMDJt\\u000aRk1wRkc0MGplcEdHblJ3cTNRZzQ5NEVhVGN2dG13SVdjbEtlVmJ5MW04N3ppc3hV\\u000aT1JWQXlnUlljU3ZvVXdxdWMzakx3MGJYVzBmUkFYVTMyaFlWUWZJUTFwY01pSDRW\\u000aRStyL3AvRGpJWS9zYngzVm1Hc1dCTGhNOFIweElVWm5YSnJyejk3S09GQkE3NGdu\\u000abVluSXJQa3lmT2hQUGVFSDQyL2VpRHUybWRWL2U0UGEzS1VLZFhjeUo4cm85MjZC\\u000aSTF3aGk4Q2h4SVVtZzZNaDQrOHg4YjhjS3VpZWtFaWZ2cU52aG1KQ3hlaThTYSty\\u000aUVpQMEx2aHAvekEwRWIxY1d0ek1VTUlFdUhJcDREa1hhY1dNZ2NuV3U0L2d4Q3Vi\\u000aMXhHaE5xWDI5U2p4SUhHeFdJRkNvQU9lVkNkL2xiSlFPS3V4R3BnMmR2RjdDUUhM\\u000adGYxQVRQaEQxRVNsNnR5dTg0dndWcTk3U3lTcktweWJxenZydHdSTFhwb0kyUHA5\\u000aWEd6S3BtaXIrT1Fva1dwSUhZTElzU0hmditDWjJDaW5aaUpEWWdtL3ZyOUZWdFpv\\u000aU0JKN2puYlA2TkpKYTlidGd0QzBFZnRTcGxPSHpicm1nMVR4M3gvNytTRlRGc1Yz\\u000ac29yejcwTWxIZE43M1ZjK3B2a080LzM4ZVF6SEFqdkhlTVgybGFMT1Ntb2Z5Nmpw\\u000aOVBWV1RMWFJmSi9kOTRNbmhaK1lvQ04vSVl2cWsyTzlPcDlzWnY3SGNHdHBMYlFr\\u000aUkh3WG9od1VpSFRxVkhEQVVxbEszUkdHdDk3ZHZJY1owSUdlRFJROGtULytCUTZ4\\u000aVGpxN3pvQmpMaGwxT2M1cUxkYldUM2FLbVNoL09Tb1BPWlR1OG5QYXROdjFIektB\\u000aOUE1UGovaDlRTCtGeldrMXM1MzZYRzJHaXRwckdiMERQaUF6MzVaU3dCdVpGbFBs\\u000acmpZbVhONWdsOEpwSVh5c3R0SFdqNTVDSWlJbHYrSnhGOXBGaSs3M0pHNkNUVkNa\\u000acVEzM2p0SmVWLzVsTnFJcGhUUUQzcS9rbDlGNTNPMGRQa0UwM01lWDJkS3p2VkV3\\u000aYldDbnNQMm5rVEhDMDloVDdkSjhVU3NMaElCZnZ4dFJ3VG1nbnRoSE5seVZrR1pK\\u000aWmxVa21QMXFHZU9tdmU4RjgzYlpSMTBNK1dyZmV1ZEJYbVJZUHgzRW5FVHkvK3B4\\u000ad1d1cVczd21WV2JxM3BsRnJCNFd3eUZuc2NNUkNuSjNuQlJQK3ZCYXprb0hpVXk0\\u000aOEJPVkJvMm0zWFRUVmRVcWRmbksvUlpXc0RhaEZKYnpWQ3cvSTlJM0lySkFRa1N2\\u000aSG1qUkRsMW5aeDdCaHU2WTR2ODZKa2dmSk5UMzRocHlYQkRaUW1YNEh0NXZacnlj\\u000aVTE0cTJ4SWVoUGNVRmMyZmQxMmNkWERvazVrSi94ZWF4Zi9RbDMxRUFzQ0xDR0x6\\u000aWFI1b24zL1VaMGtGNEx2Y3IvTVJ0VjhJWWdjbDUxcHlMbjhnbnh0ZmErVmZpMStD\\u000aQ1kySXFJUkpTeGtmWGgvTlhWam5MeFZaem42d1pGWFZ4UXBBUE03TjR5V1pkT242\\u000aMFlXK3ZCTmRGVExKZkxnTVA2UDBZWFZNRlpUVFRtVE04eWRGd2tFZDF2OUUrcysx\\u000abDRzNU50Z01yaEZVTkwxOVo0VVdSNVE5YTQwSXhhK3hBbVdPTElDQjFuUmxkZHll\\u000aeDdmVmtYSDE2WUV3RnZDVlpTWGRZODdaK3JENmZCbEtKL2lvandRbnZPV1hPS1dj\\u000aTmdEemc2bFoyYnVtREJpM1FlSllkNnU1Vk1ybGIxYk81dGZMa0xvM25ZMXROL2ZO\\u000aWmF2NDY1MnM3K3dRaFh4eVZ5bzMzQmY5d0VxaGxwN2pmcnRmY011MS9zcEhwQ1ls\\u000aOWF0MFdVbTR4UytaN3gybkgxUWtJanh4U3RaUVNmQ21LbzdiN0pGUFloVGg4QktR\\u000aQ2U2VnYzemYrUlloMkVNR0d5RXFMdWIvdG1Od2FnRGdGYXk3L3NEaTNTNnUzSmpy\\u000aQlE2b2R2ZkNrU240cytaYUdqb1I2VkNtUHF3VlorTXZQRXBKQURRUm5HS1ludlhs\\u000aUVU4dUo2MWpZNXpUUE0rUExaYytCNmdpdzZlZmNIenp6ejJJUmRPWEJGNFE0RVFO\\u000aek55ZVFrYTNoUUk5TWtFbnc0SDlZV2ljTkV4NVpKazR2NmJzeVl6T0Y3dVdiMi84\\u000ab09NNnRhWHdOWWFTSWRyQ1JxVGl3MFZOR3hVOFgvNGNwU05lSmNsRGRxVXg4TEli\\u000aazdxaCtXYkkwSnNLdHE4d3c0VDlvN3Q5MExpSTl6RWdjUisrbGVvajhxV2Z1aDZp\\u000aL0tzRGtTNFBHMmw1VFBqUWhWMHJaY1FhdW1hRzU3dXc1eUl0RnM4QVVlbTF6VWxN\\u000adjcydDhSalNnTWdBOWdWdGNCcUNlWjIwZzk4ZThWc1FwQ1Y2SDlpSWRIalZTZkFK\\u000aMG5MbnJud1BucWJPZFdvL2xJYXR4dnFSb2hwWFhyR2loSjBPMEpNNkw4Y0JJQlFl\\u000adkZxSE9qVlRIVGFpSVhxL2dQcThVUzZtcTNIS0U0S2tUR09zMXdzV0ZFRmpKei9m\\u000aeUxmYk5sVklIQ0tRTjhjb1lKdFNlSEZUMTNZdm8reTNBa1VRb2hWTno4RXg1TUJ4\\u000aMkYyeGtoZ1BLdDl2aUlLWXdGRlpOQVU5ZzZDWVRjOVY3WmtHTFRBT1JqQ0IwNTVm\\u000aTnBkSGVvRWpydElMU1lTMjZhV3Q1TmtnVVJsV2dEalpTN0t1UWZuY1dXMjQrOVND\\u000ab0xCV1VzSXhVTWVsZTEwZDhwbGxsZ01YRUR6aWEyc0NEemxvOFdOa2h2M3hZZjFT\\u000aYXBjMk8wTnVmS1p2NEVWMXhzMy8wblIrMHc1b3ZHa1UyY0ZXMnpBVUcwaGU2azhZ\\u000aTjR6QVJRallUem4wajNVa3F3Vkl5dGZuUlRYUzZEODZkTVAxaG9ETWY3N0duMzI1\\u000aRUpKM1lGanpFbEFjaURlRkgvMS93Wm4ybm1ST3hDU0p5SUxXNnJiTUdyV1JDSjc0\\u000acFNyNkZUcXRsVFdNWkExL01ZeEk4a0JlWThHaEQwWGZ4bWdPaTI5NjcxSHI4SFVL\\u000admNLYk8zWUxHemhqaEtCWklEWkNwanlUY3p6VkN0MzVOcXpGUnMzM1Z6Y0VDU0I0\\u000aWmVZSCtxS1RDZEhPK0J6VE9HOVh1am5HazJVb3BkdldldkovdVh0SDlmTGhUQjJn\\u000abUQ4azZSa3FSTnUzUjZlN1NJTlhpejFuc3pqMmo3QTlDNXE1c1VkNThjVTdNRlg3\\u000aMGkzVHJ0NUh0MloyaFNQY1hPNTU3Sk1LRVdVcFZxS1l0WmhQTWN1a2hHb0hVekJJ\\u000aTUV1bDlSYXo5c3M2RndsZHo1QmFvWDZJcW5yd2pGaXRnTjVnWUZpaHJEbmlXUVhx\\u000aaXQyTWtETmFROTIvWUlHRlJGMm5iaUdPWDFUamxqQ0VDMU1DQUwvSWxqRU4vM0ZZ\\u000aOEJLWElpdkU0RTNNRGt0eXJzWC8zOGxUZjN0YXZOVk5aVnFESHMxUmxuRUM4WEZI\\u000aUVFNZXdXWjF1RlZVM3pGOVVlcXYzcTRxZUVQREZ5R2lFN2dEV2tNbW5xYnZURiti\\u000aVysyMVJzTHBpbUphS3dqclRMTWtoaCt4Z3hvK0paWml4c1NxNXgrK0NCdEtOQ3BC\\u000aNkUwTnc1SUlnUnVzL1kwMmxQMWZ5OFVsdjU4eHBNUjVETWRmeHZ1cjlPd05BTTY4\\u000aNi9zeUwrbHVwVDZhNnRhOC82YlNPVWphNGRtMXgxWHBhWkZ1Qy9EMGxkU3ZPdTZv\\u000aQmhVVUtuYXhCalpIeXl1UkNQVlpwY0tFZDFkemE4THdJcjY0Q09CeDl5OVJSZTlV\\u000abmN0L1dIanlQSnZsWWx5OTBLZ3JFOWYzMUdkeEFoK2hHVjZrbWhIUUhpRnB2ckRi\\u000ad05tRWdhNzZlTHRLdHpGNDh2cDdZYWdOaERjZlBCbzVJMW5pOGxZcFFDeW50WVB1\\u000aWnRIZWNyNWFDQS9RSWpGZGdUSkRXaGJkVW5rbzgwa1RGRTZ1czByVUNuLzNrcUhK\\u000aeC9Lc2R3S0VxQ2ZzNUVhWW5LbVhvQW5HZWZYYVdoNkU4Mm96Tk5qVzhBSUpJcENJ\\u000aTTZrbkFjWi9mVGVjL255azZmTisyeXltaWFXWkN1ai9lS0piMWZFK1MybWxpbjEw\\u000aM05oWmtNTkJHUDNqTUF2K0l6dGVuMFFDazdySmJ6cmlTeUFGYml2aFB4bjZqQnlx\\u000aaTJKRU4xd29KOU9MYWwvaURBSXNoRXUwQ0dwQ1JMRnUralI5WE9zdktjNTdGVVo0\\u000aSHo2Z0ZBYjEvNkszWnNWSXRGZElvL2tmbHJ3Ukttc0hTN2VuZ1phOVdYSVFHb3FR\\u000ablVaYXVjb1JRVWEwa0haN0UwK0szNVpZa1lZVFRwUHJuQWhQbTJBaXdmRUpzVmQy\\u000aM0tnWUx6QW9tQ0J4Wm41RkFFd3lMVUZSTFAzOGRZR0hlZnhyR1FiemNzOUtpS3I2\\u000aQUFVRTVSM09yMHdDTUpLV1Jmbk9QZjZQdmtIdlcrSFZhZStBeEV6ZXF4TzFwOVVU\\u000ab1hoVlcra3NoRzZ3QTIvL2NkR3Y0MHJrVEh1RFE1c0Y3Q0ZGckNodlJZb0MwMzJJ\\u000aS01qa1Rzc2FKS3dqSEZlSVMzc0tjbmdEL05WR3pTK2xOcGNwSDg2RkJGQTd5SzNq\\u000aVzBrZHRmblRaLzlSSkNXblV0YXFpM3BFaWFlak0rbEs2cXRuVzdVcHhVV2o2K21x\\u000aZzNtb1FCUjZ2Yk4vS0xrSkpsUjhsUWNnQzVLamJLOUd4YXpGZlErbGprcGhKRHBi\\u000adERUZThEZ3dBSmlraGlZT1YzYjU4aTA5MXo1V0JZSmFtQmxodS80MzF2TWIwNFJw\\u000aVVdOSlphSEdySWdCNXNwdFV2SVNxSDRBYm9xN0ZNMVZjZS9pOXpMcXlGVVhXZEhl\\u000aaDBmTWFKUVp1S3NPNDFmQUtsNHhLWE9icUF6eXo5ampGTnJjZDQ4MlNZVzhrVGlW\\u000aZklEUHN3eFc2aEVhd1psaUxRYUtIa1pSU1JYempUVE4wc1draXhmU0dPTDRYNXNy\\u000adXVuajQxNDJyRW80L0NYRzhwODRWTnBrVmRXYk1USEIwT3JmcDdvQWdiLzFRUlZt\\u000aUmpyaUhMZ0Jzb25sWUJvQmNKaVpjb1ljNFJoVmROSnVGdldUaUg5MWM5dXZkdUsz\\u000aeHhoMDNlUCtTRld3Wm44NDZjZ2lGL1pDZTY0d0tVemNPT0JvbkoyVm1JZlFWYUdq\\u000aTmUyY1ZDZVNhM0IwUi9PZXBBRk1ZQmozTTM4djdabFJRUXJMVnRzVXZXMEtjbnRJ\\u000aaHZWa2NYVkpZM3RRYkFKWm44aVUzWnhiN2VvUnF0MjFGem9raVVWbzV6d0FuNDV6\\u000aZVVWUUEwaFhaN0s2K2RmUnJCSGFaMkRob0RLc3FaYkFjVDhTTExxY3dJTlBsdHha\\u000aWkUrUUdMSGc2SXhHdWZmT1VEaEtmdUtoVUlOQ0dwSisycjJqSEZrZGJRaTl1R0Ux\\u000acWh5WmtrcGhEcDRnZ2Z4RjB6QkNQZWJDOHBXRDAxaEdSUFdDVkNzRjBMdGlQV1Mv\\u000aSnU2Q09MWXZKeWhlWURYeWNFLy8wOUkxYTdYRGFaLzBLSWlhNjY5YWNZQ3pGWnEv\\u000aYkxkZjZoWWg1UHp6RlZYNjI4eUJuRnRvbm9MMGlSdlo3eEkvbXQ1alBFc05CYXgx\\u000abGhhdXZJVXlNVEdvM0xGcHZrYStiN2dYZmFPZXgyajZwb0FDdVVZKzJtZmY5Und2\\u000aWitVQThheFB1N3NydUdCaEpJZ2JyeUx0QlNwL09ZZlIzZ0ZSdjA0a3l2bVdkL2w5\\u000aTGxRanVwQ2JvUm81RjFVb09Lb28vQ2l2dWp4WmVDd09QSmdEYndNVWZ1ZUZLazcr\\u000acjFCcktGdWNzbVlhc1dYYUNua0I2TUxOVDdoeHFqYk1hM3JXcVVFa1JyNXJzWWZq\\u000aSFo3SloxdGZacHVyK1Y4M2c5V01rSkFFclhaQnRibFJMM0UxamNicmdBRXQ5MzZP\\u000aR2U3MndPTUg4akNMU2FSSzVUSHlWZmdiUDluYlcxeWdsNHdIQ0tmQlh6RVZ3bWpa\\u000aSmdKWWxtbHp0SnBNcTZJNWJBc2Y2aWlKNFJyQUJmV1VKbkdGNEhuL1RoYTBVZi9p\\u000aMEQrSi9ZUE1RNWIrTmRvajNuSU15UFk3blJ5WWNNVEpaa1lFSWJ1dzd2MXhxUGJz\\u000aTmlSZkczMmJ3dll3QlBVNTduN2lLZXJFTmpnQll6RFVSZWtmVWVxYWZtUHBPWFU2\\u000aZDBBRDJTcjM4M1BnekhsdW0wWmhEUUlnaThycmkyNVU1eDEvdmEyK1YwZWlCdnhH\\u000aTE40b0dZQjZ4a2ZFa3NNTkV4ZlpYU1dCdzlzVnBMeEVxclVqV1NGdk4xbjV5c2Nk\\u000aTi9JY3EzTDhvWDZ6WmR6bFFqWFN4amZ0L0hMR3FrSTVZTTM2K0V0MStXUFFLcG5t\\u000acEpVVnFWemJ1ei9VK0dpcUhSVGVqRDY2a01lUUJnWHB1djFRY3FBU21Tcmtyd21E\\u000aRmVCbXA0amxHV1NCM0R6djBHb2tvK1VrRWxENmRhSGtjQkJCeTlPWEdCTXhKemt5\\u000admNhQkpOY1E5KzN0SjNnVUI2c2QzR3l6ZGNienhMcWFPcFh0bkkyRVZjYXlLekRL\\u000aZ0E5RGRUNHpva3hTTzhObVFOTVMrdFprQ0hJK2ErQW5iSFRvNlJQZ3JpRVg0TG0y\\u000aTGJsUy9UZjRKbjlHaVh0V2V0UWNpbU12UXJxd0UrbTRmTEpURGgxb0ViRFhXL3Vw\\u000aSDdFTktQV3F5bEhwTFZTV2ZJcjR0QVJMaEl4NlhLeXNwYTJvY1h1UWpzRXkvVmZ3\\u000aQUlyMi9NNVZOR3JDcEdmY2Y5U3U4NTBEWFMzVUg1Ri9KM1ZEWlYwL2tiOXNVT09s\\u000aa3dnZ3VGYXR0T3l2QmZFTnNOeklUd2V2VC9mOXgzMjlyL1MxYlhJbmRvM3NHRmNk\\u000aQnlKWUFROGM4OXFaaDJsSHkrWmRvWlRiTXZESFhKOTdJVERwb2dHOExrYU1EUWhv\\u000aaExjOUhHRFluVnkrRGsxWE56d1RlajJmWS9qZWRXcUxXVDcvNm1kSmlUL1NmZW55\\u000aQ0lzQ01TU0tTZ2pVenY0TmY3SUVyeUpvYXhET1UvRGRpOTBXWjlBZ29MUi9JK0F5\\u000acDZ4ZERMV1BUZGpsa0RYbHRaQlp5MXRmV3N0QWpqM0Y0Sm5xMHBHcDBqTVJNUXg3\\u000aQWtHMGpycVFpamh6NCsvd1lrNFhLUGtsZDlQQXQ3b1lQbHdWRERMSGtIVTBOeXBs\\u000aMTVNa1lvRks5TWhNVWdJZWpoTU1UZER0eHV5Q05PVWkzUHVrdmFFVmN6SWI2RXpM\\u000ad0JyYUpzNjN0VmhPQ3lMdXBuZ2VOajNLNHltSWxhVlpHVUdxWDlrRERzbG5oZmpi\\u000aeU1Gd3lVUERtUFM3VlpJdDFVRjJZTWE1ODBjNXFpZnF2YWxFZktlQmFXdUMvOStX\\u000aREgyM3VvYjRiazMxT1JxUjRvbTNrdzZRSzhkaDZETHllNTRoSFVhdnIwNkZ6SWF5\\u000aNkZNcDZhMUljbnpGT0tremtDeWk2OW8vdFZyWHg0alVnYnNtcDlQaFUweVpKRHFH\\u000aYWFINjJyeEcwZEpkNUh3ZkZkUnpXbnBSV0JEajlFbkFkaE5VYnpLNVRJaWZaZE5h\\u000aNnJ2aXBsUk1ZK2N6ZW9CSTU0VHd5d2FPZ0dCcjJIaUVqRUhCY3pvWXdkSXNrY3Rt\\u000aRjZtZTA1N3U1RS9uMFVkTmMzbENJZXNqZml5SVdDTUxkeFNnQktXalBjSnRDSjRR\\u000aTmFFK2p2bUpCbk13cFI3enhOMU85b2tCWHFZWnozWUFUY1ZtdTgvY3V0NWs1Rk12\\u000aZTkxUlF3MysyL0FTVnRmdU91L1JOMTBYWm40ZldiWEZjcDI3NG02OUs2RkRYOVcz\\u000aNXVSWEhZeHp6OHl1L1k2TitVNzBoOStXL0psRi8zTFh4S3FveVlwZUtXdlVWRG1r\\u000aT1ArMUhhNmxNbm1BQm1Cdy9KYVg2WWN3bk1ibkZuekFVWTJvRE9lT2o0dkt6cWly\\u000aMkZMQXVUSWo1Q0VWZStHa3ZHRU4wTFNkNlZzTzIrNXBVRHc3b0FmU0IrUXd6bzFx\\u000aN2Urbm8vWWtuancwOVdEeEtpVWxoWHRqN2s5K1p1VjVWYWhmczR2bExLaVBPbmhI\\u000aQTFlRHdXRFlVdDdRSDRQUWUrZjhaV2dtcTFaTnhVUzE2Q2d0ZU9MYjFJZXVucERN\\u000aeFZUSFZaVy9sQmlzakFCaEJpY2x6a3cvWTkrcTlEdU1hbGQvU3plVHZVaXpvaUVi\\u000aM1RTVGluVUozUUt6a2lJWityOFJrdnB0WDlnZks4VWdva1BFa0tleGd3bFdmTjRr\\u000aRzMrdDlsaGw4Mm1oZzQ3bTk3Z252Qnc0L1JtOGlaNXJXRzhqOWlEbHJaMkJWVzRz\\u000aMGNmdmZsaUFTVjMzRElNenJveWFFaXBFdlZMTW96a0loTm9OdkZpRXp3NWpUdWgv\\u000aWXB3c0NtaVJ0NDVnUURyUzF2WE9lRzNSdmdPdC9rMXdhUWZIQ0ZjNkFlWVRKdXd4\\u000aWENMOU1laDFhd05qd3BFZThBbU9oK1dkYk92ZklvVXRVcXRXb1pkR0NXdWZoY0d6\\u000aNldESUxpYmUrZ1Rsem1sTitEQml3ZXRNMGt0N2V4eGg5ank5MTA0a2pkdTMydkIz\\u000aa054WWtOaUVsWUNSMnBBSHNhWC9mczE4YjJzdTRUUlRUSG1MWFVrbXdwcmhSUXpG\\u000aMkpVOWlWV3NmbEVqN2d6SlBMNGRyckxsKzkrUUdGUG44VHZFY2U2TTdLRGZUWkNP\\u000aV3o4Y0FjcW9ibVJjNGZDVFRNN0ZKRXVGUklIcXdvaERRYXZlOFJSUG5BZk1XckZy\\u000aTUJOekpUTWllY3lpWWZIcGE2U2NseExoaU9aYm8wbWo4OGpLN2FXVXdqdng2THRJ\\u000aQ3RqbTk1LzZQcjV1L05lUDJORFZ5dXVBK1pCRjl0YXNhOVBLbVY5K25uMUg5bU11\\u000aR2pndlQvUHJmMS9RUGFMUEltUjhOTFlPamdhb3crRUEzWVBZMytIT0RDQzVlRnZF\\u000aOC9PNVg2QmRpTElzVU9uL21ReUZSS0JHNEpySThkSzRyZlJXTmgvYXg3a0h5amFB\\u000aVkNGV2pQdGp4TDJjaFZ5UjBUMDE5eWdGUGwrRVZUcDFML2UxWGo0RjhRTFZzZGYz\\u000aUXNaM2g0ZGpvREVUZ3V0OFZTOTFuSDRnMzJPYjJndnEzOWtQRjNERzRjUU1kRzha\\u000aeFZEaWtIbTJrU0RjMThaTE82RkFqeXpncmp4ZWVaeFhvVzc3QWZGM1YyaWt1Yi94\\u000aamQvOFhJZzFNZHkwVHNEbGorVEpBUVVwOVBOZkN4MmxUNlBuN0dZMVNBUGptSS9a\\u000aUkVJSEdncEx4cUcrSkdBVXlROTR6b1ZnM3ZYOTNkZStXV1JEWWpxaXRXYjlvbU9R\\u000aYXhmVDF5Mk5yeWtib1pXaWNTb3lMWnhZVFU2bktrbTdUb3lMU2F5ZFo2MWhzUlB6\\u000aZXNlcDA3S3NxTU1Zc2lRT0J4VHN5a1EwcHhVenRqczRJeVkxWWtmcUdvaXZPQW9E\\u000aVStxN1dOTEpuRDZnd2x3bklSSUR3aVpuREJrckNZc0JFK3c4QUNoaTBiN3RqR3Qy\\u000aaG4zVmRjd0FabmQzOWo2RlF2Z0JtWGZERzlJRi9SUTBTNWN1OFh4OTNFaGhoOE9B\\u000aK1hTNlkyci9rbTZwTm9NaVA3TERJSk02SmRrVlRGT1h6VWszdzVrS1liQVZwRy9r\\u000aandjRGJnZVlHUkNxVHBmMFBXeG1YTU4zWjZtS2J6MVFaNnd0TGx4L0FNYTA1Tkgx\\u000aYk1zbE14TE1WWlEwdHNsdVVqSWNVamRNdGlTb3BaYzBOOWZDY3pmN3VBMUl4Skc4\\u000adFIwdnltdkVQSGdKVXVSYXhxZ1crSHV5eDd4ZVAvNVJGS2VBZmdNcTBzaS85OHVS\\u000aSFlZZFVORUZSUmQ4WXluR2lqZFlxZ1lZZkNnZnM4bmcyWDlsdnUzaFNIMkdQM2Z0\\u000aVUdMS295L24ybE43ekdjMFdxQWxDYXh0WWdNMFVwMmpQWDd2N2ZySUlTc0sxYmdX\\u000aSnZXN0xEQThJMjVEVDZaVkdOY244WkZ6RWV3VGJSdlBFNk9oeDdSc1ZBL2JwbVBP\\u000aR3prQ3N1V3A5OVhSa2tQQTNaQmluejJ1RXIzQ0NTRU04eitIeTZrV2RRTExSTlpO\\u000aZnQyV3dBWFVwc25tL0YwNmpVZXU4Nk4yWnNMeEN4S28xYnNYYlorKzNCM0NTMFYz\\u000aYXVBYXN5aGwwa1NWczI4eTdYaTFSajFZV1VabHNmQVYvR282SXZyNE5YTklpK1hY\\u000aWVJtaXNRVGI0UzNHUXRvRmhvcXdOZ1p1L3A1dzBmc2lVTDBFK1BDMjRvVkIzNzlj\\u000aUG1pUXUzdTZ5eE0vUVVCVW4vNlQ1U215MEszaUFGdTJEVU5ZRkg5NllEdFNZK0RV\\u000aVDJJVTByK1F2K24rYUJ2SC9xRmVLWXhNZTZMVlF4KzRNTk8xZzh5M0ZvYTNzckZV\\u000aT0R5azM3YlVrQUZWUXNPUWNEV2d4S2l0TU1kbWdpc0JwQXNNeTRXQTAvTnVqVGZy\\u000aUmZWVFRWVjFxWFJZL2dMVVNGbmMxMjNkbW11WEF4UjM1cFVzWERwbk0vallRcHRM\\u000aSmtNcHpPWnZmTEhNVmpVQU05WUtSOUhxSFBxaWVoN1ZZT0t4ZnlTL21ZbnpVWE1T\\u000ad3l1VHdRL0VLaEFkaVo1bHdhYnBhcEYwb1RCWWN3ZkVnejRRZDZjZVgvOWh0S0xx\\u000ab3o3RGpMVVlqRThPK1JxanpVeGJTbThvMnpHWG5yL1B3Mm5COEw4bE1yQlpTaUN4\\u000aUkJuK3lkeHZ0UnRGSm4yMWZMVmlqYzVOVFpDUVZ1bThGUlpTa2FLc2JkQmVERFNJ\\u000aaVJ3NGErY09mc3FPZjNQa2ZScTNraDJ6TUd6Ylk5b1MzWnFxSTJHdGowUmJaMFZ5\\u000ac1VTVWJnVU5uQ0lSR1RtOHE0T3J0Skp6Rk1oYm5Yc0R1MUxJbFY4b3ZTaW9VanZr\\u000aU2I3bnhQUTQxMGljZEt2NkczNmx0VFhVVkhnM0RzMFFrK2Vha3ErUk85clhBYkxD\\u000aYzBxTDhkOUFELys5NFZ0eEZ3a1M4NzltUmhGZDlZQ1FPVU9HYWRXbzJUYnoxM0hs\\u000aRDNUUUVvQ3JkQ0lwdGdhVTZ3WURjZzRtbi9IcW1aK1RuMzFJTERDejlvb2pPM2dl\\u000aYVE2aUR2eTlhVEl2TUdrKy9GR1B1emRHYmhRWmorSFFvbWNDaVMvYWxES3h0c0Nx\\u000aU3RkaWRQTmZwa3ZVSHA5UmNERHorVmlMMUlKRGcwVkg4N1N6VmNjd3Bva0NIaW9B\\u000aZGsyLy9SQ1lwbHFQWGdHbFZSV05jK0w1M3BhVFpPT3IrQXpFNUI5dVNFRDI4c0lw\\u000aVnZIb0lBbGhpZFNDT3M5UzJjdGhqYTk5WlQzREFMbFRYcFd3NDdpZmhkZ09aVkZU\\u000aNFJEYUlpMm9TMVp0SStkNXJSQ21PN1lEa3liNjhkc201UGlLZUVGdHJNYm1mcUNV\\u000adDhSWUNEd0dnNHF1UEI3Z3V3bExhNnhHczNJQTV3VVNJN0FUWC9CME9Jc1NsSFRO\\u000aZU1TYjlVbTdQTGhieUc3T1JKaXNLUjMwWEtkVFVRUjJGMzZWdzErZDVHMTBUWisz\\u000aaE9XSEc2bWlHU2hPZkFJY1hBN205VkFNWXhJM2lSUFBqLzE2STRGeExTdVFDYmFa\\u000aUmptb1hDRGRidHRYNXFqS0NXRDBBTEl3RmZ1VEFMNlVQV0NDYzRKOHpnMnJpc2pm\\u000aZ09tU015RUJ6UHVBRkc1Uk1lZi9DNGJzdHVGd1JDaUc1WkZlNmhyMUE0RkxLODAw\\u000aemw2ZDVjYkQzN3Q3amxXNmIwVHZpaVFrUS81K2dqak5QaXdPTGxPRU8vWHhXN1gv\\u000ac00zWm1EZlovZUhLMDM3VXd0QkRpNTBGaURXSHJON2svNXladnZFL2lUcUh4OHBW\\u000aSjZ4UXF2QWdLRlpFamE1Y0hEcE5MdWFTb0RIMjBzelNNL0NmU3g1SyttZ2c4L2ht\\u000aRHlBbXVPT3RJVnk4N2RQY1phUWcyZ1d0K05vbnN5eXgwR2k0eGNuNWZEZzVPQ0xT\\u000aeC81dm95REJNQnltZFp3aS9QSEtBZlRMWlBlaGlvemRDb21vS01nQ21JQ2tJS0hl\\u000aM2M0TkFTN1B2S1hSWDI3V2gwbk1aNFo5TUQxVzlVeUIvMFVoVjJQUHdLVnpvY09w\\u000aT3NEZk1WWXI0TXdxZjlXTEtFME9BQ0E2T1ppZFJYRnBKN0lUNW8wMFNzNStXZTNh\\u000aa3dER0hRRVhPN1JQc0U5SzloVmJDUDBuUk1YUDU3bFZ4WXBPRG5pRS9lK21MekFT\\u000aVm5rVlYvWUM2N0ovM1E5ZXpQdlE5VzJYcDFRTzlRUjRkVGpnTTEyRVBmUEpyTDV3\\u000aaUxaeW0zeitVNlNpUFFXQTNMSDVOdzVCQlRGMGlGRGxOaEExTVorUlIzRXU5eEQ4\\u000aWkVaV0VMMkIySGR1L1JGcDRkaFI2VE9FZDNTTDhIaDJYcm9pRE1YVnBnWU5FS1lG\\u000abENQMnlDTUNsQkFEcnNuQWVRR1Q0bVh0Rm5aMmVCSGtHNEhTUVRtQkM1NVgzRjMv\\u000aYTAxRmtNcTBtelYwSWVzUGM2UTRVc1lMWHZIQkl4L1lrT2hhTnVMMmprWnRGejdL\\u000aTDFQblRESEt5bWJJcFc1RFZuVDlFU3pHbUlDSG0xZ0lleVRMN0x5MldSTCtBTFdw\\u000aOW1aaHhJS2FxdmdmK29jNWFGaGlQellEaDFjS3ZxVDdHakxBTHk1amJrbDI4QzhO\\u000aSlFXZU9QR0hFVjRsUXJmNy9oejEzK0VrTGRaUHJuM2tJOGVzVStURXVST3pkSXN4\\u000aWUgrU1hpOGhxeGt1ZVByN0Z2aEF6bXk1WWFXYTZJT3JHNkM1RTZNTndCcmhVYXNF\\u000aMlQ5bE5OcG05a0Ywc0o5aTFud2o3WW93S3BnTVR2cWJFWUszTE05SGUzMnhRN3ZI\\u000aN2dncHloVmhBYk85cCtBZHQzT0lsanVrTC9NUGxRM3dnWDNyS1lBM205RWlyaDJ4\\u000adHhQVWR6cTI2NzNabjMwaU9vcWRBQzhVaGZFN1R2RUdMS2dZb0FlSGlqMS8wekRC\\u000aUEJNUVkyaWNwblpyK2dNV2huRlBtN1dXUmNkQ00yOFhsZTVBa3ZoSGtmM25tOU9P\\u000aV0RESStERkRPOHJhQ0N5SzI0QVhMNWxMZWwySTRlTW8zNU5kT1dRaWtidU0vWlNW\\u000aM3Y1WUdSMjB1OHlSajdrZ2Uva2FvSXk5ck8xaFA1MDFxV0xOd2owUFpIZTZ3TDhI\\u000aT1d5WHhnMmZweFRlbjRpUVFRcDJqRmEzR3hJbDk5U042emJvcEVZL3FGa0hjR2t3\\u000aeFk5S3EyOE01Rzc0ek1xK1JaTFYxVFVRV1h0Sk9lOHZWUDFkMDZPRHFSMlZrOUla\\u000aaTRwSGd5Zk9XNlBWT01WcVRGRkpJWU53cW04alJCakV2OUZ3dUluajA3ekpXRUp2\\u000aMC9sdXdaRFQ4R3pEY0RoaHdyWVFFR3BaVkl1ZVlXbkRoZnRxVkloS25zTW5KREFG\\u000aQ04zSEhFTG1VbjdJRVpIdU9Sa3A0alpSc0x6dTliK1RmSDhGYmU1d0pJVHBiSDhB\\u000adzhweUx6VTdqMk5xd28vYU5oZ0FUUmcxL3BERWpOWlArcEJ1T3hIRy9ldVM4YTBz\\u000aeEVETXFTclUxSG5jaWxFSkpMRU9yZ0tURkx2ZDB0eE8wamRGUGFLOGttRWtmWVVn\\u000aSDdJbTNudVQxSjVScDEvRXR1d0E1Mmg3YTVHWEhaTmduR2hzbE9kN1ZRLzBCQ1dL\\u000aNG9OaHBTY0FybUZibEhVMDRLY1V4dlAzV2MwNGZJOEV5ZHdZczFDbm1iLzQ1TXU3\\u000abnRCM1RkUDJOdXVoZlZHQUJyOEF5eS9UTDBSYytZdTcyQUxFZ0w2MkNtekNyOG9R\\u000aaExEVkQ2RnRDM29PQ3lMNXJhbVNKTzVXZ2d4bTA1WlE1UFN0TWx2RmVrNnhnd216\\u000aeUNBSTRzUkc1SUV3NTQvM2N0TjZxUzRYTEFVVWNlRUg0eUQ3N1VyZEdmdWw0dU91\\u000aOGNJZEk3alFkcGZQMW5XSjZRZUgvRDFCUEZOREtwQkhCY3hRbjd3aTBGckZOSTZw\\u000aTFpEeTFZYjhYNHQxaVkvVzE1b0NQUGw1a0hoOGpyeXpUb2tRN3NSbWcvaHh0UEpv\\u000aaHNqM3dSeW9OS2ZWSHMzbzg4dExWTlpQYUNPKzhUWGxlRm5ycGU0N01QZE9ldU5n\\u000ac0luaWk4a0s4bDJ0UUVpMlVpTmtER1pGdGliR2pxdXE5cm9nUWpSMXZMNDF2czBy\\u000aaGdXL1I5OHp4RDgzUzV3c29qQndEWXpPTzBtNDB2WVFFUEVoV0NXV043SlRaWEN4\\u000aMXR2U0hDMmZUSDREa3RjaHkya29CZ28zUDdYTXZPUnYyU0w3ZGkrajlKdkVqVWxx\\u000aVkRFTWRQRDc2b1RYYXh5T3lLUzVVbE4xTDJYbWk3QlRYMmlxL2xueGwyd2VONEx6\\u000aWFBsTmdEaHN0KzRSS1VtYVB4a1QrdlJpdTZ6b3dEV0ZlNGQwUHE2azhRZU1HT1My\\u000aUFFETnhuWHNXUXZoc0UvWGJ1SEl2Y1ptUVlKTjh2bHdGSjBzdnFkV05URWlDNGdJ\\u000aWlJxWHJ1MnUybG03b2RCSVZrdjUwcVVnRENLVG9xS2tkdkYwOVhnKzZsOUNiZjJy\\u000aQWE3d1RjMlU0ZEVtR3VxZ1pyR3VYRnhVZmlKYVR5TFE5KzFLcDNnZFRJQTVFVVRZ\\u000aOUs4cWhnS2lHdjNlQmdIamU1VXhITUMvMGFwWGhiNkFySEM3RW5yOHhEbmN5YU5v\\u000aOXJmSTBjT3RCT1g1QVZsS0xZcVdnWEp1bDZTNmZSWWpvdVVjaVF2UHpBRU1iUERV\\u000aaU95ZVVTQzd6SHpHcTZ4LzlBQXFySEZrbkIxS1lYdFJYWk5zQlNJRCtTV2NNMEZG\\u000aK1B5amxJbVQ0K2pYOFJBVjVGdTNpL09hcjBJNk1NVldSZzhNQ1RsRzVWWDd3cmt4\\u000aQ2pGUW5scGs4U2NrbzlRZkNjb1FsTlhyK1Fuay9rcFROOHJHQktvQ0xZVkpNWS83\\u000aa2RYZlluOXBOWTJXejlYSlJXcXh1dFRoMXU0K0ZZUzcrY2h5b3g0Q3ZHTTZjR1BP\\u000adDFZY1BJMjl3cnlYOTFiMks1MWdOQkNzSThPQlJXTkdkdXhMUzA3aDh3eDFSOHVS\\u000aY2dETm9kWnJQQ0pnQ3ovYjd5R0EyMDFManUySEFqeUR4N0pnOUJzTmJ3dTZnZW1z\\u000ackNnOHpJQjdZOFdsQWZueUhuOWRma1dhNFRZMGx6VEZoUStOZUtEM1RaUklrV21J\\u000aQkpUcitwaW1FWmJUSFIxSk5PeUh4L0M0cFlTem94MXhGYmMxbndMck5rd1lyRElN\\u000aM3YxaDQ4eldub3Zad2hIUmk5d1kxdngzQ3RiVXVOMVYwZnVGU0U4K1pvYmNaYzd4\\u000aZDVNdUJ4RW1rYUFneWJSQ2JSRlZvUFgxdjdGMklkZGd3TFRYM1ozSGNZdG85eWJM\\u000acWowZ0FNbUpadTJGM3pYUkkxUFczc25STFpubTd6TnBCYVUrL1luQzRjSUlYL0Er\\u000aMy9zZ0tYeDR1U2tqTGlwN2lTU2xoTTRmZFQwcFBSaUVoTkRyTG16UzErWmM1UXpN\\u000aaVVFVGM5L3Q4bFJDa0E1UXhYZkdmZmJvTFNGT2VMNTV5NWEzYXhNMUtZK0VzOFBx\\u000aRnk0cGhYY0dLVHZ6dDcrdXRlOEVUdWJKUUR2cStFUnhTeWkwWm9kK2RyTC9zSmty\\u000aa2tMRnU0ZGEzOTlkS3VobGRMekM3MlZxS3VDTUN6eGtOU2NOT3ZRSlRYVHlEblkz\\u000aa3pXRnFKK2l6SXRvTm9ydVRNUEJTNkpOMEJWQmlBOFF2bjhWd1dyOXEySDBzWlJ2\\u000aNWxsUkZZZnM1bEZ5TkI5bkpONnVPZ2JMU0pNSm02ZGc2NHlITDdFOXE4OE5rZDVx\\u000aMXVhY21pd0VUN0VzVGpSUXdLMm5oN05lMC96VGVpSzdiVG1RMW1KUGpwZEEycXp6\\u000aZ3lIRGoxRVlNenhoZFZIb3lHQW4wWlhDak96T21SR0F3U05pY3VhR1I3aERpRzNU\\u000aZllxSkxLWUorUHBnYTh4NlRha0xwcnZyK2F4c01wSWNPWkFpQy9jQUV0REFQV1lN\\u000aQmZaeEI3cFdSR2NqVThPbDhzUnlwTXZ4ZDByWlpoZDR6K2NSQ0p4aEM2RDl4blMv\\u000aVHd5MWVxOFd5TmNLdDYyRkVaU0dMWXFCaWVUSUp6ODRLMnpTWFdYVzBDZnhrcDVu\\u000aZXlnbTc2eFlyWmJLUndPcmxuRVFwaEVUbVl1SzB6RjdtOERKOVBtNlBNeVl3SVVP\\u000aL2t5aVYwU0R3WW5CM05HMFdSNEtFN01jOUZOMWFtM3l2N2IvOFBPRWlNVDBpK2o5\\u000aWm5lajRMT2ZVcnVVTDBqc1UyRkxSLy9RVXpaZUpxL2NaenBKc1VEY2ZvcW1qNERI\\u000abTk1YW5IQXNPdnZJZXBqdDJsQ0dLZVExRm1yb1h1NzQyc1BQMndySmtyMDd1SThM\\u000abnN0R2xucFNPNzZ2ZnRDa2kvYjc4THJOc0VIRm42ZDgzM1JXbzUrWVhaUXllWWUw\\u000aUEovWUpad0c4bFkyRS9YZWFrTjAxSjJpT2tNK0lmVkhnYWsvUG5PRVhhOFFqOXdu\\u000aejBNKzY5eVFGVksyVDJxRW5PUmtEZmtacFJtM2x0WXdqcFhCbDJrdDVKUE5qVStH\\u000ad1A5SjJHdExWR2IyNmJleCs1QmlVNWtxbUQzaGdHUlRsVmp1WXFkS3pYL3Z5bVJP\\u000acm9MZWhHMEZtMjFpYXFvZitQd1I3ZmlOUHh4WitLa1Axb2JGb2xDalo3S2o0OWdj\\u000aR1JNSnE5U3lya3BWcVkwS21YMGw1SnpERE9QUWdiRDhlRlQ1ckhjbFc2SHVCZFdB\\u000aOHAyckhQNG5BaXhiazIrSGRsMG5Rd3QwalNwUHNsSmJrYkpYQWtaZnZJNVVwU0RY\\u000aZGpRQmlXOFNJRWY1QXhPaUFveEdGQksxKzZzS2xJMzMzNCtKYmlSOVZDQlE1akQx\\u000acjM0MnlPcDlzc2VjZEFGVmRNQXZOQk1jQlQ3Nmx1ZmVlRkNCUFRQOC9sZFF4dmxy\\u000ac1Z0SEZoRHBHa2FYSk9hck5TVlV6d25uU0djTTZUMEM3ZTJLV3l3VUpLb1pYdmwv\\u000ac3czdG5KaFhTaDE5SUJxS3BLYjBTV1piTTZFaHlPTmZHc0hqSkhuR28rVHlBQlRu\\u000abWtNY25tTkxPSjcxYzNnMjJKdk8zS0diMGRQZTNYMTEyS09LNmpEdFZPVjRIS1Ax\\u000aK3UzRkRCT2pqYWU2SC8vYjN4RVNXWTB0VmlNSEN2YUVVYkhKL0dyQXpNWElwNTNB\\u000aYVRoSXEzVlVOckJlTDVraFFjbDl3ejcxM3JLRHkzSG0wRWxnQUpYSEt2cHpYS3BC\\u000aUm1pUDFJVHdRQ1F6L3lTREF5ZldpK2pxT0hNdUxaR1oxcW9qT3V1UnhIdWFTeU95\\u000aQWFwU3F3TUtFQTlIeGlZeFB3UUEvcHFySENJS0JDRWtSUnRrNDloQlY2VXdsOVdv\\u000aMnlJQm11cC93UE9rRVVRRW9NckxKL1FMSlZyUzd0N3BaRkNXdmdwV3RoZXcwMjBj\\u000aNTQ4QmkreEl5UjdFeVFmaXB4NmFtM3JzUUNLdDdMTXIwTXkvNVBkL2d4bWVNRjlG\\u000aUmNCdUtEQ3FlWEwzeWZWZmhwMjZQQzZTenFBdmJsbzh2ZG9EWXZKenFkWGVlMXFw\\u000aYzJmeHF6bFBkMXpicEJzeTh5NjRMM2V6M1NqWDBubnMwU2NvaVVuQkozci9hUG1E\\u000aR2tzUU1UaFBlbzVOcWpVTmc2d3FUQXlDMThqc1ByNkd0VXFMQ3lSOU9UZW5RaDdM\\u000aNXVSK0FMTVRscC81N1pMMjJkc2liUUJEdmVhNEtISGhzWjZzbDBGKy9YdmR5a1gr\\u000aZWU1eExVMnFES1RlRVkwNmt3elNQSTVxWkYrTXRtVVJTUWtoYVRuRGJYRy9kd1Ir\\u000aaHdRb1RQcXpBeURLRi9ITmRZVDdzM0lxYS9zQkEyTjJZVXFJbElId3Y1TUFGclE5\\u000abXYwbFhrc0FHbzF6TUpKdVRNUFY4alFmdDh0NFB4aUY1Uml6b0s4cWI4TjBLK3RQ\\u000aTGRJdWJtcnlJRitYSXhkV0t6NDhvMWR5MWYyalFIV0V5eVJNZTNvM2NTSCtDRU5S\\u000aanM2aDdPUjhyekd3ZFJxVmlEeHRtR3FMc3lhYVZYWUoreVZ4Zm5kNmg1RGNTNlI2\\u000aclAzOS96WEtSS0dYU05zd0EyMjBjTy9ER3VsYVdtT0pLand1TkNFRHpFM01sWHc2\\u000aLzB1cllNUktsVUVVTmpDTVVxbEFPSUJ1Y3g5YnhEYmpzU0lHN0wrSDUzSFFXZnI4\\u000abVlaOXhjYnFidXc2Yk1PQi94Z28xK0RyZkQ3VzJ3YVdoOGpKUW03NFN1L1ltQldT\\u000aUjBOVEQyNXd5R21zTVJOYmZvS3VTbUZNM05pVXdOcU40eVNQa1FOaTZod1ErNmVC\\u000aT2lPcmY3aDJqdE1VUU1HVFk2dEYyZzhzUVRRZVRVa0NqRkordExVVXBlR3BRaTE2\\u000aKytHa0UwV1dJWlBzeGtuT2Q0U1lXdHZBUWxBWTV3RXlTejFYQVNLNU45cmx3TldX\\u000aWE4vSjVIaVZacE5tVDUycjkvSTlzRlhpeWN4d3NPL1prd3lMeWFnaUw1cE9hQ1g5\\u000aUzJuNmVDcmk0cjBpcUtSWTE0QlhaZEdrNGlnbHpQR2tPMU1zc3JEU2FsejZIdGJY\\u000aMWgyd1VSMHdTZGlETHpUc3o1QmR6USs1ZlVwOHMxNkFicWlxQU82Y2Y3WlpPRWFs\\u000aOFBVZlI1bzZQZ2llZVFqN1lQUjdqcmVtT1RwUDZqaXZZLzFyQzBJYThLQ2pyNzF1\\u000adVBEa3VVVlZ0MXJiZzNZaCtWVE00aWU5VS95U3lXSFUwejZIbU1icHZCZ3AzUTV5\\u000aaXN2azdtVFFDdE1uNkR5VTlKSWlDRHBhZWVGUGpaVWJiSXRqbytiWFV2SW5ZbUxu\\u000aankwaUVJYW80YmhOcERGSjAzcnltQ3NMeTRSb1ZZczQ4NWxMd3hEcEFLbG4vMWFY\\u000abUFiK0p2VFFlTE1xNmMrRUtqR1FITXJycmU2T3VaamxiKzRDVVlBYkdLclA3b2Mz\\u000aL0tVL0JrTGVpdm9lQjFXaUgvSHBncDZSNVh3VTNvUXBXTUtlc244UkhMU0NsYWUz\\u000aaW5ic2FsNUpGK25KUDFSaXZldnNya0IyMWU0OXcxU2NIbmJVdDgrZEJJc1ZqOGhD\\u000aT1p2SjdqTVR1YUJteDV6UnJGUk9OSHJuTjdOMlFPQklpUmxDVFRmSUJTci8zdkwr\\u000admxObm9GLzlMcTU5c1gxY0JrVk9qQmI5cEFJRm85TnFRMHFLdGw1YXZiSkxXdG02\\u000aa21lei9xcG9HT0FRWnF3VE4xeHpwTWtSRTBpVExPQk50TkcyazM1RUJwUUI4WmQr\\u000aekFJM3d2ZGFPV3FsRk1oSHVQTHVTejliaHhEa1RicTVwSzhMWGxNVldURFVUM29L\\u000aM0g5d1M4bTE4aW9IRnpPUUtSMnVXc0FrZ09yMEt5b0Iyb1pEN0cxejJOYWNLTmgr\\u000aOFlyZXdOanVnZTBSbDJaWmVSVkNLc015UTRqT0diSmV5K1hQWkVyWHRGNWtsMC8w\\u000aZDdMT3BVQjRUcWM2NVp3NmpBOTFRK0c0dURuN0xicXY5LzVoUFllblBHeHM2Snhl\\u000aQVNhTW41OVR4L2JYUlEyQVIrbnpyNDRMTG9xVEN2dzJCRzJ5ZlBzb3pwZlpITlIv\\u000aMWE3cGRRdjdvVzhwdWV2WjYrb1p5R3p1NDhPRmRTZjFjWnNVMUhXdnUxd2J0blgx\\u000aSGdFWU1hNm10MWR4WjlNMktzMWpMc252eDdyTjJBMHlUeXA3WndadTZCQlRTeHVS\\u000aSjJiYjY4THJFZDlSbU9FN0VKZkhpZjB1a0tKWnIwZndJM2o5bkNnWk1hMml2Yzk0\\u000ac0NSMXV5c2pWcGc3d2FoOGUyRkg5cFN4U2VZa3RqVzBnY3ZvVndLNmZiRThiWVp5\\u000aQU1DL1A0Z2JxSlRIWkZzeVA3dVVIaVhQdXoxTEhnNXdOSk5BdXYxSFEvVTlLQlBF\\u000ac1lKd1R3YmxEa0RqK0RCbE4yZEVtVHpaVkpWbGU4SGlINGhzT1NoNDQ1Q2xHREFn\\u000aL2hZTE1kYTBqSDJaS2NneVZSMnhNMVlYd3NMZTR3QnNBNUdLRkJTWERFQjZmMkIv\\u000adDJIU3VZczFmNldpbEFEaDBqaU1JcllTTnM0Z2tOTFJYU3IxbkxpaGxMV1FWNzZk\\u000aU09YOW55MTJONFFwZ2wxTzVSSzUwWjB4SktNNE0xN09xZldHcVVFNnlSYWx5V29D\\u000aakFjZzhSdE5TZzViSjhDUnRQaFJFcnNZeE51VzRVZHJSaEk5dThxU3dERTl5QmNQ\\u000aUWoyUzhodm9FYlRMbXV0SW9zRXdvdFFOeXVvU1NuN2lVQXJwSWpuVzhLc1U2VTAy\\u000aeCtzd2NYSDl4VU92ZE9ZczhCWE1tSC84bXFxV0UzMkpVcGJGNUlaWEw3TUIzMEc1\\u000aTTg2NFZmWG5HK1FUbmkzbFlSWEhyd0Z4R1FPUTY0M2hzVkZDSVVvYVhiczRkM2RE\\u000aajZPUVZhVGxtM0k4R0ttYVNNSSszR0pYNWZFVHNOYkdGcCs0ZStNZEZkak1Yb1hR\\u000abjZjSFVGN3NYd2FIVVRtekphNDZaZDBLSjVVeEdicU1oMUo5cWJLamUvWWJzNjNZ\\u000aTjAzanNWNGljZy9qNngzb1VvRWdnd2lDSW1td3pIbDZVd20zNGNmZ3g2WEFJM3BW\\u000aaTIxMHhBTll3K2M4WDNPbGxnbHlEWjlaOHE1bTZOMnV6UUZMTFRDYzVIUVU2eWkx\\u000aU2g5d2pjOUdkakJSSDErdFZ2cVVDbnUrZXZNanBZL1A4R1hDZXRIdEhGa2xER3dF\\u000aMnNQRUI1WkZVZFkvcm9WeDdRczVSWVpkMVdOVEovRkMxRk1YTkVtTkNqRFNUUk9X\\u000aVUZlaHF2d3RjUmVQVHdkdEdjVWdONmVqSXBOdTlzSWNoUFI3UkVOYWtRRWR2UERF\\u000adWl0dWpQc1g5a2ptV3A3TnB6MU1XQzV3MGlEOXdLVkhHc01jWGF1SlBwVFVCdzUz\\u000aS2M5RTNGc3F3Q0J1cGNscDRZMWpzRk94WkYrbTBweFlnSUxPS2JSTjBjZHFGT2ll\\u000aRzhKcVJidXBpaGovOEpwaVg2RlI4dWxXSXZzZ3RSU21pSVZodlo5L3V5cjVXbkxJ\\u000aNklDV1hWVHRWYVY0clF0QUFSV1VlY0JYY0FXRHcwOEhzL0sydGpNQ0t3WXIxYzg4\\u000aSU4veXdaVnBuT0lveHdxNU9wczg3cnBqS2hvaHlCMk9ORUlNZlBEM0hYZG9OQWRY\\u000aTlF0SysreG4xN05XNHF0WHFxQitFeFRDNWRGQVpvT0I3QnpiVFdKbjV4NGMvUTNw\\u000aeEMxY3Q4L291ZERnQ1drTGZpT0NYWEwxbzlqRjN4SEsvL3hhMEducFh3Nm1IRndw\\u000aNW5XZk5UMFFDSmRJcWRrM05WbklIcTJwRmhSTDFwSUptdHBTOUNuSlFiNWZLVkcr\\u000aNXFTM2pXMkNzdTZTTWFiSkpNQm5vT2l0cWpTRzJxL0pIMENKaElCZk5IeXVxK1NF\\u000aN3FhaEJmZ2dtNlRQUkMzWXFjc2V1R2Zqa1N2RnBXN3hNU3c2QlNvZWljdktVTUNp\\u000aQW1GQVB1MXBNam5MMUp3VkpFUkxHcVZrVFdZanZqanduY0pWZWhJQTFNeHNHWWsv\\u000ab0ZpbnF5TDVsSVUySmNYMi9kcXlKclB1dzR6eWxIU0ZXT0FPSWtsSEN6eVFSN0lr\\u000aeFphbGJDYmpjWGRFVFZFV1YxSnJsZzVaMHhNbG5jYnZjQnUyNWtUMC9oYmh0alNK\\u000aUnJMU0dqOGx0Vm9ONCtCWmt4Y1ZTVUtLVGhSTGtKeENBdlQwV0RkQjM4aDh3eWtD\\u000aODVib0ZmU092UWsvdXFWalczK3ZzY283V2NzRmE2OEVKdWN1Y1Y1QzhiOEJ2dFV4\\u000aRWRiUXZuMlNkcjNUTEFqazlsQ2ZtcUM2Mm05VEpHOXVxdi9Fc1BxNmxtWFNLdHpv\\u000aWmo2Z1Z5ZGd2T2FXajZLMnF2R20xSGZiOTlpWkdhWEV3Y1U1bUZGNVBZYlMrdVVl\\u000aTlRPODgwdTl1dVJlYzJlR2dBMVR4SlZTVHY3N3ZuRTI4cnBzQUZycWl0ZklwTXll\\u000aUW10RzAvQU05bTNMelJmT3dLNTRBeEdDRk5CV2txYmpRUll0bUlaa0hWdDVkQS9Z\\u000aaXF3KytQQjkxaWJIQ0l3WnAwdWYvL1AzdHRzVDRHUy9KNjBoZ2pWNEJwek5FVVJJ\\u000aODNkSEo2SGZHM2dlaXlNeGYwd0ZuNjVpd1loc2s0bng2WjlleDVEN0J6Y0U5K24z\\u000aWFVBVkJmcXV1V3d2Qitxb0RBK1RpMVRDQ1gzTElteVM2RkhJZU50Y0lOQTc0UldO\\u000ac3ZtY01mZTlYUi9IQ1RERzMydXk3QzhiR29RQ3JFcllreTRXTVlhSGZScXN2cjRa\\u000aWGV6TGpENTJkbHkrV3UxQVd0YmtxbzU4am9pNzgrYjhhaEREVG5ib2ZFOXdoeGxW\\u000abTdGYXB0Z2NET3E1TER1WDlNTHdZRmM2WGludDZIUGtHMUhoeE1rMGdIRk1xTzJs\\u000acm1lQ09nb2t2MndwYk1MZ0txRUxZR252amNzR3R3WDZQMzlWNnlFRmcrOCtFZzFP\\u000aR2tRUmkvbzRScTRjSm1QZ0x6ajZKVC9FK1VZV2NjQitLaXc4S29NOEJBVGVsNEsz\\u000aVFlhcHlBeUVyYW13d1NGWldKOGJDdUx6WWNRODVEWkxCRy9UaWtDUHA2RmZzQy9V\\u000aNDBCWGdzZ2IvOERKS3U4SnNQRWZ5WEhFR1I2cEZSVHoyVmE0YXRiL1hCc3NMcmpm\\u000aTUsrTVJ3dXZnTTZmQjBjbUh5eXRkbjVrdVBCUitSa0FnLzgwMVRhR3RJUml5UnlQ\\u000aYmU2aXZSa21tY29idTVGc3F4eFlCa3V0VUxoZm1JaE5Ma3EvQUhvWGZZTzdpZnRW\\u000aMkljTmE2QkZQU0NaajZ1SlY2MDBKN2swRjRnZ292UmVWZmlTMFFoSk5TeEZ2YUQ4\\u000aZVRuUHlVc21SWjY3blMvenp4QVFyN0FrTXN1S2xLVlBReVlVOTAwcFZsaGRlNEVH\\u000aalRTREcxTjYvV0crdWN0SFo3Mm1DM3VYQTdoUUVLZEdxbUs5WER6Qmp2MU1UWDQ1\\u000aakhFR3JWbU5GaytKVHJFSkVsdEdRTmJqRE96UklORklxMVgzalRtN1pZTWQ4MVNv\\u000aOS91Tk14Y2hDcXExUzkybHMrUkl0elJJSVRjZVVDMkp5NVdtQjUzUHNqdDNWYW4x\\u000aSThBaTN1OUxUa2djaGk4N2QyNXVRbEhFd0RGMWZydjgrb3NubUZBQy9GbXQ0YXA3\\u000abjRKenFzVUhDV0RucVU4RjNEVVBTRXBsSEY2UFFNc04wd0JnaEdDNmdpTDFVU2ti\\u000aci81UUlhNlZWV1B1MHE5OFdyVlNCT2dnMUxHVVZvUFVXOHdlaWdRelpXYW1PU1hs\\u000aY0FkL2lrQmVaSW9iVlY5VDlDZytWbUN4Ynk2eGhBL2kvRzZDSmVjc0c4UnpTM1dN\\u000aY1did3RyeFZicy82bVhoWGtRZWhCckhTSDZyUTdvckdMakljQk52WXRyR3FJeFF4\\u000aNDRKQjJIdUdyTUR2QW9rSEJCYXMvWlBsOGdOTVZ0L2ZqQm1ZbFdRSi84WFdBT0Rm\\u000aa0JHMG5HLzRBUldUanpkM1lsb2xKQW10Qnp0YkNGWWkvNTlaWFZvV1hBbVg2b0g3\\u000aNUhvZmcrRHdmQW1nalYzR0VvKzhUR3VnQ1BqMFRJRERvUEUzV0IvR0wvUlAyRHRz\\u000aZVZ3c0pxak1UM0tWYjVTTHZkdjNLWFJXdVF4K2JNaVZCckZQSy9uKzhZNTJENjJi\\u000aT1NPZHVka01jQVVnaHpuRUpNWUJPZGtZNnplUjRLbnljVW5wc2xiTXhVRUtsMGht\\u000aL0JiM0FCUWdzMXVGZmg5QUVEUjJ0ZmJKNEd5RE5lZSswVEVYbDlTRHFRazB1eFAv\\u000aTEFMTUp2Z1ZPdHZqaVg1bjQ5a21icVdQbldWRGo2OUxPNGgxN05IWFNhQU9uNHk4\\u000acnVrSnh0akw4VTZLdTNST0tjMnlEZVpwNUc0V1dUNVVndjJQSUdyencyM2FqMWNj\\u000abE0ycmpqeFF2V1RQS0cvaDl5bm9GWjMzWm5LNkdGSnRYUTJFQ21VTGZ4OVZ3UDZj\\u000adWpzdVNwRVQwUlo5NXk4Tzc1dmNBRnhXNnpubnZSNkkvRlBxbHE3MzM5UnBJRUFH\\u000aTFRuaUQvZkJLSi9hS1RyMXlaM0IveldiVmlsYkdYWlp3UW9uZnptYy9qS1orVTl6\\u000aWXlTMTZ2Yy9TV0k0aytiQmpNM2hoS1pKaWJFeGpGalpIQStVU2lQS2Z1VDV3T0tx\\u000aU2lsbWJLcWJNbWtNLzNKelZCTlJtSnZwNkxHdnRJdDVJMkYyRS9DTXlPMjRHQ3RQ\\u000aajdlYjlYNlA4cUd3SG81VHlmWm9Vb2VPaXNMVFFmZXpISHhXUHFGeVdKY2VmSE9B\\u000aM0VjVTgwWHhPdlhyUWlKR2laUlRWWVB6dnAzU1ovYnJRRk51bHM2Rm5FYW1hRER2\\u000aNDJqSTRyVi9TYVFPZ3dRTHdYMEd0MCtvdGRRbjd4S1diZVNHNWhNbzFXMkdFRC9r\\u000aelpJRGM5ay8vZXdkMXg0UGhGekRFcjMzSDVtQ09mYTcvTi9KR2wvYXpFUnl3Qm1j\\u000aTDZ1enBFQWd0YXRrSjViQytnVy9objM3WDRRZml6cnZzQURXVU5uMTljK3ZzZG9M\\u000aelNwUmVzNDB2azQxUk9SakZ6eFEraUZnRTluVXZLSEx2ZnpwSHVkeGZKRzlRZGQ3\\u000aTk9mU2NRaisvTzBHbnhOZDgySnBXZ1p0SnZHRzBGWkZ6Z29aaXhBcWorLzIrRHJJ\\u000aUjRYeUdQa29aVDJLVGYxU0RNbTR1dEhuRkYyRldtV0hxWVYxSjdwMkwxZ01kYW8z\\u000aeVA5TDFFME8xMWNBSVVNaGIvMWhvSEFIbldBYlF2OEJQUnNVTE9SdUI2dENWTGNj\\u000aenlEY3UrR01nYWU3bUdPWERaTmczM0gyTnNmV1RJMWpCd0JSYUhYaGoxUHhJc0tQ\\u000aOVdnWENNQkxlWHdHV0s0WUpDdmNUTjZoUlIzZWZ6aHd2UzZjM0k5clVDc05HaTBk\\u000aWEdIc0QyRWV5RjdtYm96cm9Zb0tSWDhXL0Ntejh4TnI2eitNS1RwSWZmb3QrZ0NP\\u000aaTN4QkJxQ2pLdmg5eTdLMVQ2MkdEVElqUjdOaXEwUkwxTEU0cVFSbDFmNkNWMGJI\\u000aMzQvMzMraERCWnJmREVmekRSNlpSTGhycmI0c01DU0ZiaUYyaXlqY1QycVJTZkVH\\u000aZENwanlHcVZQZWpWT3VvK0JZUkhoZURqVHZwNHUwV0NBS0cyNHViM0VQWnYwS3Ey\\u000aNHZGOEhQclJIcFBSVkNqdUZHa0dNK3NqWWlkeHh4VnBDa2hsZmxZZnJFUjJSMGtM\\u000aTW9Hamkway9wYnlRdEd1dnk3RDFQZ0V6UEhCUUVHSzZhaTc2U2pWNU9HUUdzMzFz\\u000aYzJKMFlRME14Ky9wNEZtb3hvek02bkxrVkNObUxWMStPSXZHaFV3cEFUd25XZTZP\\u000aUFBHeUVyVFpvalZlZXVqa3Q2ejFzNUtVdEo2YVRpMWZxRlRiY2tmUGpaaGt0K2Ru\\u000aTUdmNHVxdXhza0VDYmJTOEVEUm1DUlM4Z0poM05GQ3VGR0pzWW94OVBvWk5BaHhK\\u000abEYzaDhFNk1UWkxNUFRrWHhHS3B0VndqR3IxTmx0VGRycVNKRVFtSUZTWDQ4cUwx\\u000aeWtudXY3WEV0TWxxUGxVUVBrd1l2THhpeHNqTHJEV1R5UG5MY3RRR3EvVDJ0cFp1\\u000aYjc4cXM3Y0NoSFNMVWV5OEt3ejVxS0ZpS3ZBTjBBOEhvalhzOElZa0F0NDFJdVZm\\u000aYW9oTHVEcER2Nk5wTmtLaUV5ckZyclVuZjY4cFNybHNiTHpSTmgyek9DTitDaXZ0\\u000aOTB5S0JXbjlUeXkrdHhIcy9EL25qMzl3Y3ExWXc2VDhlR0txVDR1OExOUGJ3L05o\\u000aMm1ramxQaE5SR0R1SUZON3MyKzlmYjhlYmJQRG5LL2ozdUtieWRjNEM1QWhDbUFk\\u000aYWpzVXA0Q3dpNTVGTjJreXRZZkZ6TTlyZk95T0VlZ084bzdDOFB6WDVjcENIbHdo\\u000aZmtMWHFwMDBPUktXZ0RQQlZnaVkyT2JFaU1CeUFOZFVOK2k0dVJqUjZJUnBMMXlU\\u000aY1F4Z3JlWmVkK1hWK3BwWEtWb1dVMEowR3o1cE94MDRYY244UUh2Zno3MjdtN1NL\\u000aWDdKaVVwY1dJc1g5UmZjdFlJb1FxSkY1endSN0s0WDJYV252NVBtTk9YLzVGU2Qy\\u000abXcyN240WlFqRjZYdFRUbzZZeTF5d2dzOUpELzdnSmIwTkczMjhQcU5Hd3FFUzBo\\u000aUnBYR2RydHY5S21hbzFjWFNGN2drVHZ5RFRScXRYcHYzeER5bXROSW1pUlNOOXlk\\u000abHV4aFUydG50dXVUVlN1WEUrTkJ1QXovQXdPSU05cnNOL1F6QzZXT2hGWkNjd1lF\\u000aK3pGa0FLVUJLUzBvSG4xbmR5dVQ5d1ZqbnVDL3ZhbWNTVmwwWnhJODlpcTc1Tzd1\\u000aS0V1dGt3Wlhnei9YekdVS01NZmo4Qi9oYW40WlE3MFRidHZDNkszYUpLWXB5RlQ5\\u000aby9OazZkMzQ5MFV4Z3AyclZVQnprV3JucmtZUy8rRkV2VUd1cW51V3BrZzZra2Y2\\u000aWmFtbTVidVk2Rmx3WTJIODVxQkV5a0haWGc4RU5tWVBtc09QOFM1TU10bEZYbXgz\\u000adnJUVUlRY2RtUHV4V1RYNlArSEtvOWZyandLMkxFTmhYUXN0aldZbW5VWW93TUZH\\u000aY3l1NlR2TTdWZDUrb2VOU0tGaldQNGgxbUFMNVYyTHZWU0JSYTYxb29mQ3VPODZI\\u000aWmNQbzRPNEZoVlFXeFkrYzBLT0tFbzVlSjZiemlneTVvclM5WmY3OTlQTXdRbVJy\\u000aZmVjWDF6R3ZYMEZTeE9KdzZEM0FVZ1VhR3dSb3M3d1FlREd3QWdmUGJ3bTJLcFda\\u000aK3pGK204cTJXOHlUbitGR3J5czJ2bXJKczRTZ1YybU4yN28wRFRQV1p0a3h6Y3gx\\u000aU1JoUjM3Z3d1NUdreGVpL3A5NVdTeHNVdEozUUd4Rk91dnQ3T284V09rRjNlN3FK\\u000aSnQ5U2tYSVVpMVNGYzVRblZ6Mno1MmYzVStabzlwdlBVVnN2UlkwelFuSU1xVTFE\\u000aN2FwTEdhWGltMm84MWszQ1gwVmRJQXlaYmlGUHVEcGtZOWdvcE1FcjgrclFIQWRB\\u000aMlRZalpwQlhCV3NyNDg2Z202Um5tc1luVXlRRnFTSkNFcWhCUnhXekhBQk5GdVZS\\u000abEF6ZE5DV1Z2L1RLVXV4WmV2bTVCTWNyL3V4ZmgyTDNpUmh4Zm96cU5HMnh1RXFS\\u000adTFSR1pTRWFkVmUwaUdUVlhWcnQ1WHU5QXMxdXY0QlJGcm1GY0FpbWkxQ1ZqbUJq\\u000ad1pPNTVmeUdrL1haNGgrQklkaXJyK2Vxdm01ZmhZV1JKMmk1YmNUUE9WYTFpeXlm\\u000aZUlaNkppMC8wMk1BTVdlSzB4L0puWW90clJXblA1MGJFOC9XT3hTZ2VMRFNaLy90\\u000ad2pGaUpSTlpEQkdZcCszZGFrZ0R5VHo3Q1hWV1FRTFlGL0NLOGpXRXI4RE9ySUFp\\u000aVjNheFBaNG96YVlqWGVXNHNxQkpkTkdkZ1VzV203bmJnMDRNcCtIL2dDbmQva0py\\u000aOVNmSklaaXdtbnpJR1hXVHV6ZjlTV1ljYU5DK3dzTVBpQURPNjJsUDhoN29xWk5F\\u000ac1dpQmRTTEZ6ak9zdm5rM0Rvak1GeFFxTzlGaHF4ZWtFbmtiS0xoTFQ1d0hhZ1V6\\u000aNE43Vmk5ejNRMFI0VUoxV1pHVGF5dDVkVElYZVppWkpyc0dVc3BiVEFQTElndnM0\\u000aais4aXFwL2pGZWNpclpDRUpuOEo0V3R3UWYxYXROWC8yMlpQWWpZb2lqYXVWTm1l\\u000ac3lTUXRIbzNFYVZmVmljRzUrcHQxYm1ReE5rNlh2ZHUvbVlkVUpMSFZ6VHVpcDVO\\u000aYjdId2VYTFo5WjZwSnZMeEdJSndmR21HZjY5a3Ara2RZODhHN3JvQnN0bk9lMVZU\\u000aUjVuR0lyblhJRDlqcXdQZWF2RlAzV3BjWXRsdzJVQStZdUVVRkJkUkpDRiszdkx0\\u000aQ1pyUm4xNnlYU2tRN1FpSmdHeXV2V0p4QUdZRzYxZGJ4bG41d1ArejlWcUlyMUVr\\u000aY0pXcjZtME9takNJOCswL3lFNXdGbjdEbHlWRWxVRW5ZNzdyOGh6QXFJTUMwSTI5\\u000aNUpnc3BGY2lSaTI1eWRLMzE5c3dLc1dHVFEwZ0xFWlVnNDVxWjAyalBqRWRsM2ZJ\\u000aTm90VGl6TVBVWkdHeTlmK2JpOE9UYld6NlF1K2YxNFk5UkltbWx6N1BmUmltRzVJ\\u000aZ254ZUljRkpxcDBacW9WZ3NpeWtyTVdIaUdDVUMzejZ0d2FnT2lFZlU1bXJ0RGJn\\u000aVkU4NkFROVhWZ3hhZitpRzhYb1JVNmhIVkpNM2dhWk9EVmFYY0tiQkg5L1NaN3p4\\u000aZlI3UjBwVnJyc0U1UHE5cGJ0VUphRmRvK2hpQnpxdGRLdEJrUDdjYkFEVER2eHU4\\u000aYjhkSDdhYVMzUzlxS0dmaHUzMW0xK0hVSjZHYmhTRW9sYnlGcTJySVkyV1p1K3FX\\u000aUHVxU3NtV3NEeVRDSGJ0d2N6RVkvOCtUdEhUa1pFYmpkN0F0RGZ6dmlJRW1aazRh\\u000aRFpCdEdYMTc1NlFIb2hJT21KdGVPTWlqSEtqdk1VNHlYZVh3VkkwcFVwc09JZVhZ\\u000aNStSOWVGQVFFZUJTTG9FOU93ekpOYm1idFJvSHMyQVJWUFlaN0lZMUxOM1oxdnNI\\u000aYVY4czZVbnB6TXZNRjBMdGw1UmEycmxwa0NsOHR0a3p3bDF0T0NVYmRmc0d2UVhu\\u000aZktjVllNN3d3bXFQakFRdWJpK2dEcHZrcnVFZTFxekd1NlA4cFlsY28yN1o3WUFE\\u000aL2dzL0s2ZittSGI0VXlpeXI3cklaampSb2c5UWN4NDR3TXF3RWZvbWQwQXFlbWo0\\u000aQTZ3Q1ZVSjFUN1ZwVmYyc0FSWWVnLzAzbWMvTzZySTZtSTVTQ0tKZ0J2UWhvNEN2\\u000aWVYrNzNNbVg3Z1dNUHRkUExydE9vbk13M1V5aEtxODNuV05nSUFhbDZySlhaV1Bl\\u000aYXVVbjVVdm5jeElNZFMzWjFjRndsRHhVd0ltRytGWnJrTGpqWm1XaDRjdzVGOGNj\\u000aOXhSZk93WW5aaTJJMVRUeExLcTlDOUgrak1sOUxna2hoemtWZDFSZUFkcFpZYUdw\\u000aZnlSUzZsWlBWaDZiNlA3a0lsdlhremplcDhkZUprNm5ycWlQL2ZBdFNTQVNUcTdY\\u000aVVVQUEhnSW0rNTR4UWcrdlQ2MHVHY2ZPaHljN0owd29ia1lYMDJ1Q3p0c2lranRa\\u000aRW03WTEvOWRjekx2c2xodUZ0d1UzTWF5Q0QwakRmRkhKbVJCMmVLWmxRZHZmU1A0\\u000acmJ6SGdwMEpzQUJlNndTMlkzdDd2VTJDdklqM3djTlZRTkZCQnZYbmk5SWNxQVNm\\u000aREVWMGhYc3F4YWtQNFAvRTVDMCtkNVR6eDBIRlF6czk2ajNEcnlHNjl4eTByRzBV\\u000adGZLRDBmK3VMc3NQVERybWNhU1ppVXh0WmJqbGtpR0hDU2R5YVo2RlNSYWhMcXpH\\u000aWVJ3YW9wRENDVHhQNXh6WnZaMGIxWDlveWE5c2JRZWFEVEtJZmdmMnc3RVEyZEZn\\u000aLzdCN25lZUxJSVdWTXZvK1pzMUpsR0RuWWpvVUdRYU9ITWI4ZFlIWUJnbEZ6UjJp\\u000aZUN4SjFhU3haQkFQNGFtalErQWp2RDE0MXk3WWsrVnNMeG9jdHcrbzVCRndHOU5m\\u000aVHJzT3MyQ09IckRoZW43TzYwMFNuNWh6MVNhclJHbzBTQjZBOUxJdnc3OUwxZFJ1\\u000aeUc4aWVjaURhRmVVb0M3OERCTjFGRFJyNEpxYmlHTjdXZ0JLQUpyRmd0L1dZMjNV\\u000aSEJPTFpOSHBGZ2lwNnFmNEtTNENRWFFuL1o1MUx3MXhHQUFRSWc0RUxGbjlDcitz\\u000aME94czZkWXZmeVhMWVhiOXkwa3ZyTnZXZDVZUkFWWHZENkFpVTRtOUJZNmZEWFNa\\u000aWm9ma0w5em1BU3Q4anpVZnRPWU94OWVqNzRJeDRQdmRyYmdVV2MyV3hvOWc0U092\\u000aTy9jVlFjd1RPYmFxNkFuVjZIVkl4dGtpakRkeG96dDhYTEJCdVBncFlZWnRWcHJ4\\u000aTGlVb3g3ZGpDRml3cVVYZEo4Mzg1a1gvcXdVNXlYZWwyMnM2c1BHSU95RlI4REw1\\u000ac2ZacW1Qei95bDA1RGJMaTBoTjlBaU9jQStVQ1ExT1ByVllNZ3ZqUjl3ODIwemZh\\u000aTStmOTgvNC9FNW5mVWoxdXlwU3RpbC9tWTJqeWZxd2hnaUpjcFdhWWNZenFQYkY5\\u000aMDVsUkJpa0hNQTBzSGxyeVJpUVdBc1Baa0lxclN1SHg2aGpHSDNGeGpTSnYxZzhp\\u000aVHllL1V4MDBucGVYV1c2ZFg5cGJHYWlOcmZDeGZlOHQzWDcvc3dPTUJyR0VEdEhr\\u000aZWhoWWNybm16U01yZVY4dTV5dDVFL3dmUzJKejNTeGVoTmp5cHhEQUNFSDk4dTFJ\\u000aUUg2d0ZaanlHYVhSQWNqTnVqTTNPbk12NHFKSThzVTdHcE02VHZFcXdrSG0zUjF5\\u000aY3ZhSTRDd0l3d3FzUFlFdUQ4dkIrNks0WGIzQXJzTnd3Qm45ZjZqZzYzZlFvbERL\\u000aZG1zbEJiUGhkdXY3QzJYM21qVnJBUnl4bWdKZGhKckNmbG1hU05rTTIzTWxCZzRQ\\u000aSVR2ZTNhSGFxVnVFVy9jUHVPMTR3alBGdzNDa2RzSWtuancvWTNkOWJiQzl0UHVC\\u000abG0zcXRMQWhSWVJtT1dvWE9malFCUG93WldlMm1RQnJ1TFV1VzhhRG5WU0NTVUNw\\u000ab2lWWnVNYXhuVWpscTAzZ3V1OUcrOVRPZU8xMnJFQkY4cDhtWVA1STU3aWF2enVP\\u000aUjZQa3BWSU5ERVRrQWxqNjZOMDA3T1Zid0IzUk80bDJYTHV5emQxWDI2b1VFUTVl\\u000aamp4LzY1RUdZd0E5ajZpMFE0YTZkZzkxbDBMTndiaGhVbk4wM3dvM3BTRmoraU9F\\u000acUpMc2RUY3pkalllazFlMFlDYU1wVW9ITDlzVkFlcStld1A3VU9wdisxTlF1SnM3\\u000aTWQzUVJnNW9RSzN1NzhYdXNzaGpTZHFpd3RkQTcvVm5SQzN3Mk01bWJLd0VlVGNT\\u000abjl3Ri9GZXBGcTkwQ29wL0hGc1hxeXNVRU51NWtTY3E5dHpESmhnOGJpSmJkVXN4\\u000acU54NFRYWmExZnA2ZU52ZGFzdjVsOUo1bnBmWDZvbjA2MG9CelZvMk9JNXhRMTBH\\u000ac0J0MW5YNWIrQ2UySjk0ekVObXQrYnFLZ0VoNUlzWlZ0YTlhNnYzcWhtYmQvNGJK\\u000admdhTzVmNmd1Y1BRL3JxcjFVbGtDa2dQdnZyWm1zWWVyUDlzeWE2YWhBbDJHaGo0\\u000aekh6eTBDSytEdkxBU0s4MEhCN0tWZFc0dUpxRDYycGlLYkxKVUU5aUhoVTRRVVpu\\u000aeG14eGtNZmJnQS9pdVR0NG9vdy9LOWtIcDkrUWJVazlFUGc5Rno0TVE3bDNiTUxo\\u000aZzdVMjR1N1hTdlR4TUxuMis4ODB6TDNudUJhRUhkYTRic2VDYzBwaDdOS2s5YUFl\\u000aTWF0cWZycjNTSVpycklDZHVETkNhMmRVZXl1d0x1Lzd1Zi92Wm1oVEpaV3c2MjlG\\u000ad2thdjdhaGJRYU1NZ042NXBhL29BR2IwMXJrc1NYZ1hkRjdhc3JVR3YzSGM5ajhu\\u000aSXh1NThqWHh6TGM1d2l1WmIxRFB0OE9mSmdXYTBGeVJKajZBSEY1SEdicWFGTTlV\\u000aRU15SXU5Q3I4c3BGNHJURTVBNjRrb3hqZTNtWGZIVVNVanBUemtLMlllMkpLaFk2\\u000aY0dYc0t2aE4xbHlBblNQTEZ4Tm9sc2k2cHJDWTFaeUdQdVl2bm8ybDdQbFRGblAx\\u000aM1orMCtRMGxCdG02eHZCQm4rUGl5bWxtOWV2TUpoeHNOeGlaN2NZMzNPQnl3NGJ4\\u000aRlQvN2RmUngyUWxxT09BTHI2a1c2ZXI2WUVuQ21CNWdGWDVsSEZML3UzQTRPUFAz\\u000aZ3k2aUdjQ1pPVnJrOTdUQ0NZZDJ6UTVkZVFKSWlKeFFQQnlGbVlQTzg5eU40QlVI\\u000aOWtRVFNDZUdvbVYveWNIYVpkSGwyQ2JIVFd2aGdCcWFiTWJYSnhWRVdac1MrLzJN\\u000aaGttZE5aSThaV0VnYm5odFlXVHUybjhtOGZBREYwMll4UjFjTG9Fa25FN3p0TkpZ\\u000aZE1MZWUyOEMxRk5kbDNtUzVyRlYvclhXVUdtQXAzZ09Lb1NXUmJMRDNlSi9ybE9U\\u000aL1NwVGJFUDVJNGdsQ3AwOHYxOXBMK2krTDlpSkVhWmp3dHd2M1BXRElBekkrWWlr\\u000aZGJnR01uYitYeWwyUDk0R2c0cVk1RTRQN2ZTcFllaVZiVEJleUpRMG9JUzhuUDlI\\u000aUHpwV2NSRjNFOGkyVmhCSU1aYjdSNWtJSVdxa0lMbXJwNnBrejA2NUNKQlNDay9U\\u000aYkYzaVhadU1kcE9udFhMYk5Wc3VGdVJud2FYZkpwVE5LT3U2K2VTcC9rSDE1cFda\\u000adjVJMlFSN0FGaElXSHFCYXo4Z3k0QzdVcS9uVWVqN2ZHM0V2c2ozTVJ4YlNTUjhG\\u000aSnFGZDB4MSt4SzgxTnM4QmlqYUVPV2xBRDFvMU05WEFGTXFWM3pVNEVuQjIwaUl3\\u000aYW5DclBGemJidWNUcVU4RHMzb2k3Yy83emU5Z3ByRHFtK2hKcXRTYXEyNkIxeXZp\\u000acXl6VTd4UVZEczU5VCt0VGkvdDFwalZkclJIVWNWZVZSQ3h6NFl1N1k5TFVaWDA3\\u000aM2o4eXk1MktLZXk3dk95VzBkNWxKVHpkWEpmZkhlQlNhQ2ltMnVwZWZaeTZKeTla\\u000aZWkydDBOMENIUUtzRnkyQk90bTl0MnNUUXFQREJFR0dDdGVRTFB1Y1BOL1doZS93\\u000aZC9Ma0cyNXFOTit2MTJybUNWTE9CM1JiRFpOYnB2Yldxcks5azR0UFF4MkM3M0d4\\u000aeXNIMjNzNWhJOEtvWVVJSEgrQnUvMWF6SDVZTjVhanVXcTNKV1hZVHk1S1crOE4y\\u000aamdvNk9qTENIVzBzUzU5TXcrQU1MajFCaWl2WG5Uc0xTeHBTSVByb21Dei80c2Ri\\u000aM0N3a296akZSOUxLRUJTS0NNK3RxMXA4ZUtTZ3NqUzVuaCtwU2NNRkpxWjdhekRB\\u000aeEhXYVoyNTQ1bWpEdVJOV0Z2M1lsTEhXczZBM24xSExCdnVOUWs1ek05RnYzT2tm\\u000aTzBqOVlVUWFnWjdCMTlUVjVCNDhwQnAxNGdYNS9TR1VmOTZOaWQwWmdURVhQRU8x\\u000aM1JnRU45cWVsazRPQk1icXJQNlZ0d1FPT3BjNXVEWHgzcEdWQkhTejZrb2JRNDV5\\u000aU2l5SUI2L3BiUGlsbjlDdmhNSWVyNWp2YlZneEtCdkFyajB4RFRWWVpGcVVYZVhz\\u000abHRlSE5WN0czd0E2dG9DWU1ZZ3R5UHRtWjd6MDMxZGVEemtwQnBBV21HOW85OVEw\\u000aSC8yV0EwaXNQdVVhbU8zbjFFUG9BRFZQZHF6UFpUOThPeDRjS3kyQmdBWmJBZVgr\\u000aR3lRTzgyblhudE1hWmUwbVV3cnFPbE13clZZNGhlaXY0aFEwOG1VekdkVXRSY0lL\\u000aTGpITm1OcXZvdTdlY2ZHdVhTcnhvMXVJdkdIbzNuVlVZTWc2ZEFRRlpnWUh2ejdZ\\u000aREFKWTBEWGYzTHVFZTR6bVh1azhlNm4vVU5BbE1ZQUlvdEsxY2Z2TDV0bnQ0akVD\\u000aRFFjb3lZaDRjUlVFei9XUXdudEE4Wm5sQUxRMlJOUDY0NXhjU0JOMEVCYUkyb2tB\\u000aNXI5TEYzK1h2UjdxQTB4b3VoNEMrNWZRTnpHdTdwTjFUck9WblYvQXBsMlNaMmtD\\u000aTEJQN0hjWWt2b3ZBYWFick8zeGtrUmtsdFRCd01rR3RmRC9NTm13WW14NTN3U0RL\\u000aUjE3NG1uckRCRDdOb2d0S3NTNG03Yk5iZUZyTE1hdDYwYmZVWWsweFp0YWxuSDdP\\u000aU0xqcURHdmhYQlBDaVFLNzNNVXppdU1qWFZXMTVUWWJDempuMHV0Q3d4Szk4TVlv\\u000aY1lNV0o1UGQ3WG0zejRva2prNDVFTU9DZVRGRmdZclpVNzlWYmdERVFpbUd4a0Ni\\u000aOGR4ejRMZkh4N1NGUXVhSEpNSjh4SUxZTWFSL3doQ2F4ODUydlNRaElJWG0zZ05n\\u000aWHNyeTZ3M3EzLzQ1WDd4OHVPd0p1T29GUGd1NEtNVDBTUkUwSmZRaFhQUDdpTXVJ\\u000aYnRrd0ZXeWxGQno1SmhVMzhzZ2JGdjlaVnczQzcvbnFZVUVDMXZRWHRnbEs4bGJj\\u000aazlUMzU5YVFpclBkcHF3NjA5OFFGVktyNmliTlMySk0wTHFlM21neTBYQ1RTYXUx\\u000aVE4xeXN2SHBpdU1jSW5BZWFyL3d5b1lsek5BZU1kbUQxUTduaWNBK0pWTWM4elJn\\u000aZ1NKcnRoZDZ0emd4NTFFTUNoQUpFaGR6UkpjRG03Z2c5eE9TTzNPTGpRdW05K29k\\u000adjY0b3NZNVNtbDJHSkgzZ0pzRmdyc2d0TXpTMCt1dnYwdGlZY1BoY0VsL040Vlh6\\u000aV1FTNjByZERQMTlUMFFYREMxc1luSS9rZFREcG40WnNyNFZOUzRkM0cwaEQ2Rnh3\\u000aZzlVdXBzN3k0MjRzcmlOWDgzZS9CWFhZTzNBWlZCS3czUlBVWnl1RFRZY0V4cnFM\\u000ad1RPWnJNQUJrVTBuNnBpYVRqMWZhRDJpZUZxcEFycGxIZzdrTW5ZdVN2MVFDekl3\\u000aL21GR0VEWVFqSWFiWXNRelZMRzd4YjJxbkkvTWdTbUdGUFN1VkhKNDBMNzRPYTh5\\u000aSklyeUxvV29ZSDZYZGo2WkdqZXlpT25YcEJFOUgwT2RlMUJJMkJTTjVwWFFZc0hH\\u000abFUzQ1preHdHdUZ5WnVzamVDRW9kZURPQ2lveUJha2kwSzB0cE4wTWZYS0Zubjd0\\u000aVitWb2FXV0dQSEtBa2c0eGJIcjJnYWltWW43UlN5cVcvcUVkdzFVTEgrR1RMQVds\\u000aS0F0eG1LR0ZnNkhtNzFtY2kzNXBGTW1QakROeER0RktZWm40Y3RMZURIR2ZVSEI3\\u000aZlBEOHRjZ0c0VmxTSktwTWVYR2RRT21qMkJubFQrTFYvN2JLbFQ3aSsxTWk2QnVZ\\u000aUmNBbW1GZnU3ZGF2Z2IyVFRvMVM4aTNPdkNieTgyMW16OXNjZllyVjd1bWhYWTJU\\u000aU2ZIQllyeXFtTzlHOXBuSGpTejlsTko0aEdpdU1hR3hNSWhOYUE1Q0trNTd5OEE2\\u000aSW9hWjFWL01BRmJyNXB6RXNlckx4VzdLbld3cjB5WGE2U2hCSDVwSGFXR3hRRlBS\\u000aNEs2bEJKZXpjUlM1ZUcwdjV1SHBQWTYrR2J3dFBUNHBDcENIdHBKNk56dlNVNlFP\\u000aNGVHYUY4b1NEV3pPRXRJVEJCdlBuUWFxa010L2V3Vi9qZldMNVhJbll1aHV2RGtu\\u000aNnZhbTRzenBONWs2WFRYVjh1QXNWY3VaQ3dLRXBKZldSQ0V4dGZqZVIzZ2E4U28x\\u000aeWg4Qm1QSFNBd2FxOUVHc3pBcmdScm40QllKZ1B3VWZ2WkY2c0pIV0pKSm54YUdI\\u000adUNBK1dHejBrcFRpVlJLYVM0SkUvODBHOUxKZjcvTTlvWEVULzFTbWRUaWEzM3lY\\u000abFVSb0xGdVE2OWZuTzhDUzVNM0IxM01HTHN4Wll4aUdTUkpYYkxHVWQ2bnNsQzJ0\\u000aNlh5SUZNdVFtSFcvQVJSNXVNL0o0VStWSUdUZlFPTlowVnZoQStuNlUxNDRtR3Jk\\u000aU251dWROWEpXRk83N0JzZWp2dHMvRWJXNHFOcHE1NWNQQmY0MzFEQ0NoMVJNdTJ3\\u000aNnZUZUJRNitJcllOMGo3aTllcng1UFEvYXN1NkRvMnNRWFZhNTZHVXFNUmJKVUNs\\u000aaFBNM0F0SDFmZ3VucnAvODU3a290UEhkUURBM05hOURNT2lvTEpSM3puN0tiSWlU\\u000aNEo3THFtbUpET05WcW10LzdpeGwwTVlDTDh3azFHOXlnWUhxR0ZsWGoxUXpxTlVS\\u000acHhUU0pualYyTjZOejZmYy9MVW9NR1E5OE5yb1Q5YjhhclNBcVN1TmhCaGwvbEto\\u000aNDJ4QXp0UVdDNkZEY3Nmd2FrUUpGeGs4OEdWWk9hMHJ3UFNEM29LcUMxc05sc2VW\\u000adzVzMWRjK2dodzJKTGRmeUcwWk1yZ3NaQm5uV3RHanhEdFg1WmUxZ0VKbUo3cnN3\\u000aTGsvWW80S1VuWkZ2REF5d2t5VllMY2hwMVJ2ejJKeTNGcHVpWU5sRXRkMHZKRjlX\\u000aR2dkeUd2L1JpN1pEd2tybzYxS3lMallvMVhaelBmUTlscEVqMGRTKzBCZllZUjcv\\u000ac0crcW1qZEZFb2YybmJLRWVaU1N0K010UTdnR1ZGUy9ENmtvWmZNSlM3c0svSTBh\\u000aekVrdkxRR0hTWDN0QW13YXB6K284VDlEYUZxTDFDYjZSNXluUUNucjZ2Vk1QMG1F\\u000aRm5GbURxWVMzY2c4cldyeEdrQmFUcTFDTDZKblhzb0x4dHMxV2N3QmVmR3NyM2Yy\\u000adEZMcXN2TjFHOG9nYm1pN0JDSWthcFdEK3FzRUI2UmtNeStGRVQxaEhuMEZyNEk4\\u000ad2l2YnE0cVpsd0NncHZ4Ui9tYU9iRTZiTjBjK093a1dxcEpRTUl5aDZJcXZsTUtP\\u000aR1d5YmR2aWEzemJMNk5XY05IUnk5aWl0bERzdjJSNy9QMXNqR1I1ZmI1NGRkbXhO\\u000aMmlFVzZLdEFZRU5Bb2VwSUtrWkVDNUJ3QUNYajZrM1Y5dXBNYzcrZnlOSEFBbmZr\\u000aaTZ5amRVa1BZMzVsbmNhcTJRcDd6Q3BWdk1qbTlTK1dtWHV2ZlNwc3EwZlVxWlN3\\u000aNmluZnpncjhlNy9zZDhIc1hVL1BmSDY3S0ZzWElOQlpMVm41QXF5b01YTVVNY3dV\\u000aVCs3RjhnSGl3NUpRcnhELzhvcVhUL3dvLzIxcFJObXF2ZDQreG5hcGtDZnBpOUlv\\u000adFNjd054ZlpmelkrdDZyRmJyU3VWMXZQVHJaSWNrT2ZXNmt5MHp2UmRCL2hna2Ur\\u000aNVBvVGRnd0diSnp0Ylo5R1pYSGpGZFVLWFFKVWxscmJWRGhUTkNoakhxNGE2QzhH\\u000aWWRMV1hxNzZxWlEwWnhvRjJxdUtkM3NjazEvaUxIY3owMEVuRGExK3BXd2VTMVhU\\u000adUZaR1lFTXNGeUptWSt5QmdRK3Z4aHQ2bFArKzZzSW9pbUF4cUMweWU1SC9McHFM\\u000aaFBTQlVpZHppcnlTblZ2SjZmcjI3TVRQUTBoci9JYUFXRlZnUG1yNEdqd3gxdWh0\\u000ad1J4aVU3K0lwUUxNSVVZYU1nVldnaTZvbU5aM25mcHZyYUdwWWxvaE84Z3ZXK0lL\\u000aWFJNWEJBR0Y4TlQ5UG1ZazNXa3NPVU8rVS9XKzlOL1d2algzc2haZWpGd21GYVg1\\u000aWVhyREE1MS9icDRvQWlIMzd2TmZqTGxzd1piZ2o4NVFsbXBydlhuY1dnS1RZN1pP\\u000aSmMxcmhmQnA5ZUhuUm1nQkVyNHZXOGROdkxibVFSa1dhTmxrTFBSeGd5NHU3d1p3\\u000aN1dmZnYvOG5uWEhsbWoxNDVWQ0NxOHlJR2FiM2tqQ1dvQnFQbnh0Vko5VVFNME9D\\u000aSVFhay9mWjJvdDV6Vk92dGhJeE1pK0MzNVAwRjVkUi80RVBaS3g4a1AyVnZ6RkZy\\u000aN3hFUlBSZFJnbjRqWDlFREVZQTJoWVlwRWRLRUdGai9aZTlKRlJrNmxQZjlVY05Y\\u000aRkgxd0srMW5HZi83WnZzd3dSYnNzalZjRXlMODVQU2F5eVl1ZXQrMUZ5UFpKRk9J\\u000aRnVSRm9vMWhaYUp1cGlTdm5yL1VSSXlGWEhMQ1B2Sld5MnZQVzBibVphR1NRVEJZ\\u000aYlRMcVl0UzBvdTJxOHVBd01vZUYyT25FVDdaTENjMVhTV3lFWWErWFJ0MkduMHBl\\u000aUEkxUW91NGduby8yRGlrN3NxTERydnFRbVpTOFNISlFSQVJaSnh1UUJBWDUrNzgy\\u000aYU9uaWN1aUtTbmwyeHFkM2pYRTRuUS82S2phbmhlVXpzdVRrWHFQcG4xbWlPQi9H\\u000aTFNUQ3VaWHRXcjdlSFpFb3RhZ0pOQm9OSlBYdG5KSElQb1VTdHpGTG9HM01Vc3dY\\u000aeFlCMG0xc2FjaTdaRlJ5cU1sMGtvKytlN1VCSEZOMi9UNS9ybXdsbEhaZ3A3Mm8r\\u000aWjZzWERyVXdxMW8zSVVocnRYNkJPYzJKOWladTVaenVRNkxNNkRhY0Z4bEdtcXRh\\u000aeDB3SlQyZkxpblRRU1ZIeDZDeWRMU3dTcDREOHlPd00zUEc5Zks5VklSRm05S2VY\\u000aaEd3dWxyMXBHVTAwTDU4QUVBb2ZxRmt6eEZneE0vRlRBTVZ1NWxCd29QNDYycSt6\\u000aM3pHQXkyemFTcndJKzdiWnd2OHVTMnpKOEtPajU4MHpKb2JOdU9YdC8vVHlMOGFV\\u000aZ1BtVFB2aTV3eDJGMHRVUGlzL0tUemZoZkR1NTExQXJOS2szZXIva1BrUTVmL1BC\\u000aTVBBSEpPQ3crLzh6NEVDdE9tL3g0UkliR3VIbDExNzdhQkh2WDc1TzloYnBaSkhV\\u000ac1ZlWGJOa3VUQjU2YWVoVkl3T3hHQitDeTR5eGZDb1JJRENXdy9oa1FVNjlZUUhL\\u000aQ1dhUXYydE16eVRkOXFsMFlRc3VBR0h3TDJTWTVKeDJ3RjZ6elMwRUVCMGtCU281\\u000aNlhYZmVwRGZnclVleUlzV2Rwc2hrQUQ2T1NsVDVaQTFHMWtpZHMzRUZiSFlxbmJh\\u000aVzFTZUtoc05QamVBcWErWE4zNnFYQ0NVclIrNlJDK01xTVc5a29XWjFqSzZqMkNq\\u000abHNWVjhkVGI5OXY4alVuSEgrbCtrbituaWo1MllRRzk3eCsrQkVMZ0FZVWQ5Ykxi\\u000aMmI3OWYwSnJYc2s4V1psajZ4Q0l4VXI5ZnZ0c05aa3NEWTI2NXl1VGtoNzE3Smho\\u000aaXFaUHowVi9HcGdVaHJDSmdhbVR1WEo1SmdMdEtJZ1Y4WFVQWXd5QWFUdGpvcGJT\\u000aSmx0MDVJVGtka25LVEZidjNxd28xNWllS1ZBUHhvNVVoZEN6a0xUZ1hyWStjMldo\\u000aOGd1R0JPbFlSVGVRbUlHK1Qram0zRGpyMHVLSEx1U2lmQ3JlMXdyaHp6dUF6MTd4\\u000aaXVkbFczR1I2UGVmbDZOdUt5WG1VU25LL1F6MXJNZVVjT2p1UzBmTkdlWVQ5bHNz\\u000adGt0Mm5TVVdKZnBaQzhZRGlPWDd2TUZSUFZOSXo2Vk9lbHJDS0hHMXlTc3Vkc2JP\\u000aVTRiMEg2KzVPVWphYlJuOSt2YnQ4T1BNbE9BVDBEcDJ1TnMxNlBSYjJPMGp6NWlo\\u000aL3FwYjVZMENnK0VlYWFPMGdxdXN0WGdDUHJPbktYM3JLcU4wUG5lMXpmYkZqVklJ\\u000abWk4NjcvRGUyYmt0RThtdTQrWTJIeUg1K3JUVnBkMlRxWExaOUhEaUFMaWZ5NjJL\\u000aWFVjQ3NEanJEMGhyWTdYZzdTNnVjSW00ejNqSDV0amtOczZxMEFqMnhscG5zbi9D\\u000aejVmd2FPUS93ZEpPSjB5aTVtanRjOFBRdnJ6UFhNQ0tIZU9hUGJmVHZ1SmFwOC9Z\\u000aVmpTNkw2NjNxNVVkaFlGcTJlblp5ek1LYUwvU0RmYVhyZzZrREw4d1podXZuRlJx\\u000aYmthVmp5S0FQYlFFUGhvdmJCYW5DajVwUGh1MHJoeFh4T05rbkhmaDhneGxudWlx\\u000aKzdzTmxoeXBSUXk2N3NNSVluMmdnS3dRL0ZCVlZ4SXBRNG5oMUw0ZldOS29MY0tX\\u000aZFBCSktHUUQxNCtPUXRXcVEydDRKYS9KVlpxZVlQRFJxSUtPNStEeUdLemRPK2Q4\\u000adTJhNUZkaUo5UG9SUmJqekszbnhYa1A1TTgvYytCWkdMK1lURmtVOGREZW83L3I1\\u000aeDVVOWk2TEhpT1FhMDZMWlpGQWttSEdMbjhtNVRPbllWbGhzdUVlZUdWU1hscVVh\\u000aV1dhSFppc3FrWVl6am1Cako5T3JsUU55aEhRR3Q1cXFNM0FTandMQitoQ3dwaXZH\\u000aRXZ0aStHdy9IbDZiQlpFa3FoaDlCUlh0TU0zT2d4Rm9kd25nTmpHSUpDak1xZGhk\\u000aTkFjNWpBQWlsUlJ5dWRQdFFsQ2tObHpCV3gyZjhCMDBDVmZQNkwvd1J6WFRFOEhR\\u000aK2JiL0F6SkhCYnM0YjR4M2o1ZnpOS1doOFJZc0x2VklmVkdBUjJEcjlJTUp5NkpP\\u000aTzIzdlRmbWVPcFBudmpvdlhkbTI3WlcrdzdGSElrdU1peENqckh3NTgvQjkvWUx4\\u000aVGRoSzlFY1dOcXMvclA0TEYvMEJVSS8xdVdsa05pdTBJNjk5UHRkWTdzQThNVUdO\\u000aT3VhTTYveGNZN25DMGRjVXRCcjBXSmoyZmRtYmlTM0Nld0VrT2c2L2tQQkNHVHVi\\u000adVNSdUVLYUNWNXRFZktlZEtERStIaTFuK3g0U3h6U09KanhYZUJTb2hEWTdlNVVu\\u000aN2ZRcHdvVEdiTUVHUjZJc0pOaUNzR0dSbkR6ajd0aDFSOE94ckVLRWx1dXQ0Ym9u\\u000aOEo5ejlxWGRVSUtlQ09va0dQNStrWW5BbHBrNWVQNzltM1gwS2dSUW9kSGN1N1pP\\u000aeTRBdm9GTXpYd0pFVDdzYnNaQVB4Z21VeXZFbDVRdzNBQzhBaXRybmFBWm40Sml6\\u000aZTdKSEtFdXpHczlBa0IyVG9hWXcwRE5zbWdzSncwWElTSzFsSzBUWjVDUTlPQ1VN\\u000aeHFZYWNPRTEwa3VTVUtQTUpoTHo5UHhrRDhnbE0vZEV2OWFLc2VqczFXMkF1VytU\\u000adldzM0crZ0cwRkNHajljeEJBa3VRSDZNb0tOMG96VWExUTBxcU9JRjRiRFZJZFFI\\u000aTHE1ODRvbTluU1IvV0ZIRHY1dWxSeTZteWpIMU0xUFB6azJ6K1drQW84TFhRaXpM\\u000aWjZmblFpTEZ6OFVzZGQvTzVIM2xCcUFUZUpvRzRVdTRCMjVuRjhOK2JabEdoM2d6\\u000aK2xTZG16YVlUR0oxWFZPNTdNR0hla0dyZjJRZndoeU1zZFlsZFpQZXBNQnB5YU5R\\u000aOXpvR3ZNQ0ZnYlR4c0JFRmN4aWM5TmdZUWNDVk5xcTBnS1F6SmtxUHZtV2o3WnpP\\u000aMWZJS3Rnb1FmZ1k4a2JSSFRPMGJIRXlsNm5EcldRR2RXbkQ4d2ErNGNLSnU2bkpH\\u000aWng2QWVGdXI5QzJsZzBWdWZGNGlqVGVrcWlEb3U2Y2x3czkzRHdWa2VPNmxsQzJm\\u000acUpUcm1zQy9DTC9oYzZuckZ0RERsV3Buc0Jkc29ydEtxN2lVTGF1ekRIRnA5MVI3\\u000aaTdCanBuMTNWcXlZMjVUVXlSWUovYlN0NWVGR0FINnpQZHE5RkhqTWhyeGZpTURC\\u000aK3NTRUxqd2FJR2ZxWDBQSG82UmZ1Ky9tOWlpRWwzRWxrSWJpYVMycmdFWHkxZFgr\\u000admdBZkYzOWQzWEFTdmI5aElrNXg0OGltcHRtaDBPaHgwWENOMThtNnpvQndKajNw\\u000acmNnK2ZNWHE0UzZMdlJjQTdtV0MwRzcrdVdXdi9GblkxYUg0a3NPcHRmeWkydU16\\u000aS3kwQTJFbWNad3YyZktYdmljcnQ0Ry9yWU1ZZnlic2loQS8rcXhReTlERmlEek9n\\u000aZXZzZTZ2NnFTUE5TY1lYLzlYRUxKMzh2dmpMTTNjZHlQNEJOMVF3UENtRmFrVm1K\\u000aRTNKRzU0RXhycHRUdGdKTERaNW5FYTY4Mjc4dnRJL3JVR3k2OFFuNTJyMHVXc0ZX\\u000abk5obFRPR2RxYzZzdjdNTGdTYkQ3RUVmNWNiVHNKV3JQZ1ZHbUQ1Q2o5Y3ZmRjlR\\u000aakMvM1RiSXFWVE5QSkhhbXpnbUJsSFJZSGJQN1p0a3ZUZDBnTkF2SXllZGY1MkdY\\u000aUzhESkQwTStrSS8xNmF4dm0zSlB4RC9BVHE1Ri9xdmtIWFRUVStCSEtUTWk2dnk1\\u000aMkNEUmh0YkQ1dVNNa1YyQmROK0c5Y0xnL3hTeTc3TjBnTEc4WDZ6ODM1cllYbE0r\\u000aaGloeGx2UWtiSHR0eE9EN3VBYnpFcExEaC95NFFtZVRSK1FaQU9QeUc3azhGdENG\\u000aam5TM0lLWkFTVldFTVVFODlGTG1hdFhMNERvaHlXWnViSDJPVXlGUHp5ZnNvNWNF\\u000aNEpLVnBIb21NVWZWcjk5bUZnVk1ESUdyUEdFcFRmU2NqZ01wRmlDaEFxU1djUWFH\\u000aU2cwdlBrRkdlWXFIek15SENqMndxc3VDV3BIZWlyU25ncHNXa1RLMjFLRG42TDVx\\u000aaENpRk5wM3JWNUJFMkwwcEhqQnZEVmFrZXdqcnF0a1puZ3FKcHhZalhyV0dxUjVP\\u000aV3IraWhxZ0VJZ011WGhkdUxqR2wrWVZkU1d5ZTlER05OS29DN2FlUGhJMTJQRmg3\\u000aSlJoZjdIYWVlQUNPaGZaTndDWitXMndRb3hCZHpwYzltVCtDVlpxOUo2NkNyTlFI\\u000adTBtaStlaVRTdXNEVHR2b3RmQi9IQ20wMXVaZmgxbE1JQWdMNXozSTFHRVcvREpX\\u000aMk8wdWZBKzVPV2pnWFlzOG9aUlRCMnhYOWhmSW81eDREVXNiTFM1ZzgvbFBUVndF\\u000aamYxQlg2dU9vaTVvV2lJWVJqQmpmSWdVTEVURnhMTGtBUnJQTzJETzU1ekJnMi9Q\\u000adE9mdG00SzFjeWI3V0h2QkdrcmRYanlQUXlYYzRJVXU0SzR0aTlPSlE1eVRmWUN0\\u000aY2o1OWMya05BNHlOWmdwd3kxVnAvSytGdHVlZ0xsd2l4ZTRwakR5ekNJSnBnU0ZD\\u000acmtxREV1K0hqOFZWNXMweFFXc1d5ZWdOUUpldVBheWVSY0RGMzBoMWc2WmZGQjNa\\u000adE9RWWpFQnFyVWVZNkJndk5OWU42TWFrUndnRDBja2NDbEoyMUhZNGpvU2twcE9Z\\u000aZ3NUeTNrR1laNHFUelJNY0lsQ0REaXQ4ZENHZm9Cb3JKQ2t5NTUvNDFiV3FtbTdt\\u000aTElRVzJBTG9kdktQbVVXeFhibzN5WGNnSTRKdnFjZlAzRVVXTytjV3VIZEFSN2VF\\u000aOTc3MytSVUV2TXROdnMzWWxqeERrTmFNNzZ0VjhqanhRcFJZNEc0RWRSaUs0MTN3\\u000aWUkyWTE3UWE2ZEs4K2FhaHRad0JtVWpBSVkvREdZa2VOY2wzWjdxaWpJMTMvUnpn\\u000aNXlWcjl4VUsvSUFGUVlhNDlXQ1RRYTlzVWYzeEgzZUYvTW9HN0ZmMTdrOC8xMURx\\u000aTE5YQzUvSGhOeDJ2S09CTmx1RXJodURjYjNMZmJ5TGlRVllEMkhYeGRyTkc5M1E0\\u000aNGJPajRWb0xZV0hndTI5UG9sL0htRHhUSDFwdHBQVmM5K0U0R2RwN21yVmF1bHU1\\u000acXhDOWliRzlKV3ljUUdkMUJuMG9RMjluSGlMcGd4K25HOFlkZHdPVWRkRzRndkpq\\u000aS21iUTl5aTAwYXdUamhOUE9GZXEvejVuVFJHQ3liSDZsWW9MVGtueE9UQiszMkpy\\u000aQ2pBbDVMRG90amtDZWtBUllwbVVxOWhSY2I3c3l0ME1RY1BBZUg0VlBHNmhFMUpN\\u000aYkxpTXdUWVdKNWtTM3F1elp1SkZQSUl4SFp3UmtJUzFjTnBjL0FtSUpwZm04RCtL\\u000aYUEvVmdoRkJpdnZzZnlUNndoNVRybENBcE9DcHNOTlNWbWRLRHF5QVBFTENuaURj\\u000adTRwcmpZRU5JU2tKdExUTVdBSzVCWWdRZ1ZQOVcrekJyMjNuSGlZVnhLWWhjdm9M\\u000aYTh6dUdLYlJtY2xpL3o0cXpmWnk5RGlJNmoxdWFUT1FMQzEvMzIwT2xBRGtSOVUy\\u000aT3hYZFVuSTFaSzFyY0hRZnllS3BsbUFsRTJDM3MzYkFkR3V5bXRKTDQ2M1dqZm9P\\u000aUkhHWWpvZnZNQTI0cHhnY3hFRnU5YVRFamdFVVBNeHBzN2Y4TVMyaVJvL3dxU3pX\\u000aZ0lwN1EvZHVYY1FQb0dSS2JrR0FySnNJVGdVT3BSQ3hxTFlXbk5UUy8xbmxCeXk3\\u000aQVBjcGRaRmk1WjRqM1IvbGJ0T2Era1ZiYmo4ZC8wazMwTnlDVjJGRVZGV2tPbG9z\\u000aNTFQNUNOUiswNUh6QkhQM3V3N3VyODRZYkRGdHd2UjhNM29UMXNtbXljYUsxMkpE\\u000aZGNBOUQ2YWErY2k5Wmh0UWNhbUw0Z1pjZmVpZllHNEt6NWsyT3lpMlpUNkZKOUV4\\u000aMHQ1T1d5MjZUSjllQmlCcGRaV25XZDB3bzZOMU5ST0xLdFY5L052d3R1WlZSRkxS\\u000aRUg1WGNLMnRMcTFWczFaVkg4MXM4R29UOUQ4VkFEaGFwVDBCU0xsR3A4TkNZdUdK\\u000aeXI1YVVwODdPZEl4RCt3S244NTRteVlKaXlVZnIwWmtGNGhoOEtkTXcvemg3RVQv\\u000aYkxIWlVxUXozdUV3QkcvODRuR1E9PTwveGVuYzpDaXBoZXJWYWx1ZT48L3hlbmM6\\u000aQ2lwaGVyRGF0YT48L3hlbmM6RW5jcnlwdGVkRGF0YT48eGVuYzpFbmNyeXB0ZWRL\\u000aZXkgeG1sbnM6eGVuYz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMj\\u000aIiBJZD0iX2E3NDBjZjA5MTViZDE1MmRiNzRkMDNjZDQ1NzUyMTM3Ij48eGVuYzpF\\u000abmNyeXB0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAw\\u000aMS8wNC94bWxlbmMjcnNhLW9hZXAtbWdmMXAiIHhtbG5zOnhlbmM9Imh0dHA6Ly93\\u000ad3cudzMub3JnLzIwMDEvMDQveG1sZW5jIyI+PGRzOkRpZ2VzdE1ldGhvZCB4bWxu\\u000aczpkcz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyIgQWxnb3Jp\\u000adGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjc2hhMSIvPjwv\\u000aeGVuYzpFbmNyeXB0aW9uTWV0aG9kPjxkczpLZXlJbmZvIHhtbG5zOmRzPSJodHRw\\u000aOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj48ZHM6WDUwOURhdGE+PGRz\\u000aOlg1MDlDZXJ0aWZpY2F0ZT5NSUlERlRDQ0FmMENCRlVCbkw0d0RRWUpLb1pJaHZj\\u000aTkFRRUxCUUF3VHpFTE1Ba0dBMVVFQmhNQ1FWUXhEVEFMQmdOVkJBY01CRWR5CllY\\u000ab3hEVEFMQmdOVkJBb01CRVZIU1ZveElqQWdCZ05WQkFNTUdVMVBRUzFKUkNCSlJG\\u000aQWdLRlJsYzNRdFZtVnljMmx2Ymlrd0hoY04KTVRVd016RXlNVFF3TXpReVdoY05N\\u000aVGN4TWpBMU1UUXdNelF5V2pCUE1Rc3dDUVlEVlFRR0V3SkJWREVOTUFzR0ExVUVC\\u000ad3dFUjNKaAplakVOTUFzR0ExVUVDZ3dFUlVkSldqRWlNQ0FHQTFVRUF3d1pUVTlC\\u000aTFVsRUlFbEVVQ0FvVkdWemRDMVdaWEp6YVc5dUtUQ0NBU0l3CkRRWUpLb1pJaHZj\\u000aTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFJSnYwcWU5VWR2RllTTDVJMDJHb2t3\\u000aRVZmc0lHYzdJN0VoVk5PeFkKOW10VWVubWhxTnJMc0xCRmcxSWlQYmswSVNXaE9S\\u000ad1B5VnAvUDMrR3lHUDMzOXFaNjhVQ0dWMzYxRTBRbTdjalBlL08zK3IzSEFNMgpa\\u000aQk44b0Fab0htcGhyTlM2ZktmWTU4a3lndHJVYStaeU16WVdUVGlTMzJTQ004SDU1\\u000aYmx1RUZiZVprc25iUDBZOTRJamtmSmRndnpsCk14enJsU3lvVjJ5bVdCanZTNXdl\\u000abERIZ2JDS3lqc2pJaFRSakp1L29sR0p5ZW4wMS9FcElWdFN5RFhPLzJJUzJ2Mk85\\u000aVWlGd0FveUIKWUFqUG5sM0h4SzJBNTc3blI2M014bGdQMC9zK3I4NHVCcU9BbGI0\\u000acW5icFU3bHU1R3hsQ1BrWm1wUm9vQ1FZVVJpb0Mrd2pTNmxNQwpBd0VBQVRBTkJn\\u000aa3Foa2lHOXcwQkFRc0ZBQU9DQVFFQUJxTzdra3EvZ1JhaEF2cHNRZzVMTFpST0dG\\u000acjlwSVByeU45eG1KR2dQbzdqCktObDdyczdnTlMwbG11bHVZV1duSmN3QVBid0Zl\\u000aYjk1NFZNQjl4OXA5UUV3NVJuWGFtVVk5cWEwTGdjUy90L1dYNnZKa1pQTmhXcGgK\\u000aOGJYd2gwTXZsc2JmcnZEVEpyOGNqSDNxZnhJVHA3cGEzeGIxcUU3c3VSZmZWVWRE\\u000aWGF3aVhYbldKL1dKcit0d1ZWSEhFcW5aejFsQQpyU0RMeE04c0NqRzhEZUp3OHZu\\u000aUXk1bVBHckdWVEJiYTR1cGM4VVRZMW5QVjlVMkdCSlZZdUFrb1ZSamJUbE52ckw1\\u000aSnFOcXlwS2NHCmJlampXeGdyelprZVFlVTJoRmNqdW5tZ3dHWit1ZzJmcTRrS2tR\\u000aZnR3Y3FlSlR6eXpCb28yK09vNFRtZmJzaC9vbnhQV0E9PTwvZHM6WDUwOUNlcnRp\\u000aZmljYXRlPjwvZHM6WDUwOURhdGE+PC9kczpLZXlJbmZvPjx4ZW5jOkNpcGhlckRh\\u000adGEgeG1sbnM6eGVuYz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMj\\u000aIj48eGVuYzpDaXBoZXJWYWx1ZT5Sb1NHTGFDbDN3ZkRXdDlXMm9JSDNUQ3JPTVN4\\u000aL3Y1S0pQV2hndmhWNml2RmZXSWFJeDB5RnV2NVZTME5VZ2FUVGIwVjhUYnNGN1Vz\\u000aRllzQ0xldkVUa2lWbG5OeWE4dlVoL2lYTDYzT0JmdzR3T3pSNVZheVBuaWFwWFdM\\u000aa0RHTmQ5Y3E2QU8zR1JoTWJaZDdma2NhRWNJVTB2bGtZeUJJNmE0Yms4bHM3Mm0v\\u000aZkxKQS8vaWl5L2piODkzQkZ4dk9EMk5hT1pabXhzSlI4YlFmWWpBMHdXa1pBcW56\\u000aN0EzY3lhcHV3aXVTc01wc1hYSnFjVXp2TS9GS090dE1wTnhSUVprdk1RZlNnMCtM\\u000aUVM5M0IxN0ZUZFE2OHNRL3dZQmhubFBEZXFZK0NnY1VjeVYzOVdjTjAwcUtVYmNQ\\u000aM2kzSWRWUVRkcEJQUTdRS01HR2JmS1Y0RlE9PTwveGVuYzpDaXBoZXJWYWx1ZT48\\u000aL3hlbmM6Q2lwaGVyRGF0YT48eGVuYzpSZWZlcmVuY2VMaXN0Pjx4ZW5jOkRhdGFS\\u000aZWZlcmVuY2UgVVJJPSIjXzNmZDM1ODkyZTlhOGVhY2I4ZTA4ZjI4MGE4M2ZjYjc0\\u000aIi8+PC94ZW5jOlJlZmVyZW5jZUxpc3Q+PC94ZW5jOkVuY3J5cHRlZEtleT48L3Nh\\u000abWwyOkVuY3J5cHRlZEFzc2VydGlvbj48L3NhbWwycDpSZXNwb25zZT4=\",\"dateTimeCreated\":\"2015-10-09T10:36:02.075Z\",\"id\":1}}}"; - - try { - java.util.Map test1 = new ObjectMapper().readValue(json, java.util.Map.class); - - JsonParser parser = new JsonParser(); - JsonObject reveivedSession = null; - reveivedSession = (JsonObject) parser.parse(json); +// String json = +// "{\"data\":{\"session\":{\"validTo\":\"2015-10-09T10:55:34.738Z\",\"entityID\":\"https://demo.egiz.gv.at/demoportal_moaid-2.0\",\"userID\":\"Thomas Georg Lenz\",\"sessionBlob\":\"PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c2FtbDJwOlJl\\u000ac3BvbnNlIHhtbG5zOnNhbWwycD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4w\\u000aOnByb3RvY29sIiBJRD0iXzQ5ZjgzMDIyZjRkZjFjODMyMDNlZGU1NTQxZDY1ODU4\\u000aIiBJc3N1ZUluc3RhbnQ9IjIwMTUtMTAtMDlUMTA6MzU6NTEuMDI0WiIgVmVyc2lv\\u000abj0iMi4wIj48c2FtbDI6SXNzdWVyIHhtbG5zOnNhbWwyPSJ1cm46b2FzaXM6bmFt\\u000aZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIiBGb3JtYXQ9InVybjpvYXNpczpuYW1l\\u000aczp0YzpTQU1MOjIuMDpuYW1laWQtZm9ybWF0OmVudGl0eSI+aHR0cHM6Ly9kZW1v\\u000aLmVnaXouZ3YuYXQvZGVtb3BvcnRhbF9tb2FpZC0yLjA8L3NhbWwyOklzc3Vlcj48\\u000aZHM6U2lnbmF0dXJlIHhtbG5zOmRzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5\\u000aL3htbGRzaWcjIj48ZHM6U2lnbmVkSW5mbz48ZHM6Q2Fub25pY2FsaXphdGlvbk1l\\u000adGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4\\u000aYy1jMTRuIyIvPjxkczpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8v\\u000ad3d3LnczLm9yZy8yMDAxLzA0L3htbGRzaWctbW9yZSNyc2Etc2hhMjU2Ii8+PGRz\\u000aOlJlZmVyZW5jZSBVUkk9IiNfNDlmODMwMjJmNGRmMWM4MzIwM2VkZTU1NDFkNjU4\\u000aNTgiPjxkczpUcmFuc2Zvcm1zPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRw\\u000aOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjZW52ZWxvcGVkLXNpZ25hdHVy\\u000aZSIvPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8y\\u000aMDAxLzEwL3htbC1leGMtYzE0biMiLz48L2RzOlRyYW5zZm9ybXM+PGRzOkRpZ2Vz\\u000adE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1s\\u000aZW5jI3NoYTI1NiIvPjxkczpEaWdlc3RWYWx1ZT44eE9qNmlYVzhIQzk5UGhETEZ0\\u000aOVp0M205VWliaVdrdHMzaWVQTS9CZlFZPTwvZHM6RGlnZXN0VmFsdWU+PC9kczpS\\u000aZWZlcmVuY2U+PC9kczpTaWduZWRJbmZvPjxkczpTaWduYXR1cmVWYWx1ZT5mNjM2\\u000aYjVBeGx6THdUL0I1SmdLdnhNN0haK1lEZGVldUdaRUlxc05KdHdiN05TVFhlbVFC\\u000aTExObDlJTk1aUW1Ybkx3ektCc0pra0tGTXl3MkpsNXVYcWlHWVBzMExTWTNiWTdj\\u000aTTZoeHpDaGdVVHRMWXlPcE9qemxxbE5CN2FKTVpZWU10Q2phcWNqSmxVM0wxTjBv\\u000aYUJ5QlRjaTRHdjd5TUJkdE9nRElHNVVpVEppVmVNOURZcUowZFVaZDNRcG1BK0Zm\\u000aUm10WFVzaVRzU0N0b3lWVHlXYTJWemJweTZxcDMwWkZSTU03LzU0Q0NWZHIvaDZW\\u000aTnZCQ1YydkFEMWdZaUg5VG41aTRSRmRWMFBKNTkrNS9HYXVUMm1HSVRUVmNreVk2\\u000aRlJQSjI2MUV0bmdScE8xK1FYRDZwQVZBM2V6Rm9ZbkkyQ2dYdHQ2K2EyTkV3cnBO\\u000aaHc9PTwvZHM6U2lnbmF0dXJlVmFsdWU+PGRzOktleUluZm8+PGRzOlg1MDlEYXRh\\u000aPjxkczpYNTA5Q2VydGlmaWNhdGU+TUlJREZUQ0NBZjBDQkZVQm5MNHdEUVlKS29a\\u000aSWh2Y05BUUVMQlFBd1R6RUxNQWtHQTFVRUJoTUNRVlF4RFRBTEJnTlZCQWNNQkVk\\u000aeQpZWG94RFRBTEJnTlZCQW9NQkVWSFNWb3hJakFnQmdOVkJBTU1HVTFQUVMxSlJD\\u000aQkpSRkFnS0ZSbGMzUXRWbVZ5YzJsdmJpa3dIaGNOCk1UVXdNekV5TVRRd016UXlX\\u000aaGNOTVRjeE1qQTFNVFF3TXpReVdqQlBNUXN3Q1FZRFZRUUdFd0pCVkRFTk1Bc0dB\\u000aMVVFQnd3RVIzSmgKZWpFTk1Bc0dBMVVFQ2d3RVJVZEpXakVpTUNBR0ExVUVBd3da\\u000aVFU5QkxVbEVJRWxFVUNBb1ZHVnpkQzFXWlhKemFXOXVLVENDQVNJdwpEUVlKS29a\\u000aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBSUp2MHFlOVVkdkZZU0w1STAy\\u000aR29rd0VWZnNJR2M3STdFaFZOT3hZCjltdFVlbm1ocU5yTHNMQkZnMUlpUGJrMElT\\u000aV2hPUndQeVZwL1AzK0d5R1AzMzlxWjY4VUNHVjM2MUUwUW03Y2pQZS9PMytyM0hB\\u000aTTIKWkJOOG9BWm9IbXBock5TNmZLZlk1OGt5Z3RyVWErWnlNellXVFRpUzMyU0NN\\u000aOEg1NWJsdUVGYmVaa3NuYlAwWTk0SWprZkpkZ3Z6bApNeHpybFN5b1YyeW1XQmp2\\u000aUzV3ZWxESGdiQ0t5anNqSWhUUmpKdS9vbEdKeWVuMDEvRXBJVnRTeURYTy8ySVMy\\u000adjJPOVVpRndBb3lCCllBalBubDNIeEsyQTU3N25SNjNNeGxnUDAvcytyODR1QnFP\\u000aQWxiNHFuYnBVN2x1NUd4bENQa1ptcFJvb0NRWVVSaW9DK3dqUzZsTUMKQXdFQUFU\\u000aQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFCcU83a2txL2dSYWhBdnBzUWc1TExa\\u000aUk9HRnI5cElQcnlOOXhtSkdnUG83agpLTmw3cnM3Z05TMGxtdWx1WVdXbkpjd0FQ\\u000aYndGZWI5NTRWTUI5eDlwOVFFdzVSblhhbVVZOXFhMExnY1MvdC9XWDZ2SmtaUE5o\\u000aV3BoCjhiWHdoME12bHNiZnJ2RFRKcjhjakgzcWZ4SVRwN3BhM3hiMXFFN3N1UmZm\\u000aVlVkRFhhd2lYWG5XSi9XSnIrdHdWVkhIRXFuWnoxbEEKclNETHhNOHNDakc4RGVK\\u000adzh2blF5NW1QR3JHVlRCYmE0dXBjOFVUWTFuUFY5VTJHQkpWWXVBa29WUmpiVGxO\\u000adnJMNUpxTnF5cEtjRwpiZWpqV3hncnpaa2VRZVUyaEZjanVubWd3R1ordWcyZnE0\\u000aa0trUWZ0d2NxZUpUenl6Qm9vMitPbzRUbWZic2gvb254UFdBPT08L2RzOlg1MDlD\\u000aZXJ0aWZpY2F0ZT48L2RzOlg1MDlEYXRhPjwvZHM6S2V5SW5mbz48L2RzOlNpZ25h\\u000adHVyZT48c2FtbDJwOlN0YXR1cz48c2FtbDJwOlN0YXR1c0NvZGUgVmFsdWU9InVy\\u000abjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpzdGF0dXM6U3VjY2VzcyIvPjwvc2Ft\\u000abDJwOlN0YXR1cz48c2FtbDI6RW5jcnlwdGVkQXNzZXJ0aW9uIHhtbG5zOnNhbWwy\\u000aPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48eGVuYzpF\\u000abmNyeXB0ZWREYXRhIHhtbG5zOnhlbmM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEv\\u000aMDQveG1sZW5jIyIgSWQ9Il8zZmQzNTg5MmU5YThlYWNiOGUwOGYyODBhODNmY2I3\\u000aNCIgVHlwZT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjRWxlbWVu\\u000adCI+PHhlbmM6RW5jcnlwdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cu\\u000adzMub3JnLzIwMDEvMDQveG1sZW5jI2FlczEyOC1jYmMiIHhtbG5zOnhlbmM9Imh0\\u000adHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jIyIvPjxkczpLZXlJbmZvIHht\\u000abG5zOmRzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj48ZHM6\\u000aUmV0cmlldmFsTWV0aG9kIFR5cGU9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQv\\u000aeG1sZW5jI0VuY3J5cHRlZEtleSIgVVJJPSIjX2E3NDBjZjA5MTViZDE1MmRiNzRk\\u000aMDNjZDQ1NzUyMTM3Ii8+PC9kczpLZXlJbmZvPjx4ZW5jOkNpcGhlckRhdGEgeG1s\\u000abnM6eGVuYz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjIj48eGVu\\u000aYzpDaXBoZXJWYWx1ZT43R0hKY0NYYXlzME1pY2ZvYXc3cnFNeTZ1bUQyd0FEQmtH\\u000aOThKclJ2UUdMczJneTBOSWFvSlM2SWM1Z254RXBNcUZHZ2ZLNHBBWGxRUVh3K1h6\\u000aY0RNaURhY2tqS1c5ckptNTh0b3dxNmFEbWVIU2doTTRDVzhVb1RaQlFlazVvY1dU\\u000aNmRIT3hPVzFFOFUrTXprTEg1NjVXUWxLYkdHamVSSGNzb3V3MXFuNk1XS01EU0V4\\u000aRzQrZERzSVliMk1uaEc3OEh6TDNZK0VMVG40TWd1cXF4bmpTVC9rRkpTK2dSMm93\\u000aL2tHVHN2ZnlLWmdMZUVYTzRpVHlNM2RzRk1Ma05rM0tHSHVHRmhGeUxycUR3Sko2\\u000aTmY5OVZRTmlDZDlrUnpxOE1qWklpNWQ0SjlhSmgvRk93NFI0TXAveCsvaC9hYVhk\\u000acDVyQ09CcUVaZ3FZUXlqT2FIMlAxRHR0VkU5SU5xS2w1OXh5ZTJaR0tDd1p5TTgr\\u000adWdSRnVDbTJ2RFlRSUx1T1RTaVNpbkJsNnBpLzFYRktNL1lVbTRJMXA0N21LNDlE\\u000aeW9Ia0lBaUk0NjQ2ejNJZ0tMZTBnaFlQYUlvTHhNcDE1ZE83RHRDQzhsZnYwb3Qx\\u000aYVdvTy9TcGpXaVJiOEhCaXdleGxTdHV4dVorUGVqZDlzUS9neTNFOFp1MWJXRmsv\\u000aTDVrNTZqUTAxZStIcEdORW5FSml1c1RHWldMRTZBY1lvd1NCeEZidC9RUHhGTlhh\\u000aRFBmcmlGRGZMK1RuMngyc2Rwb1RlMVpZM1JnZXo5b1Y2QUtJQWZZWC8zMllsT0NK\\u000aTlV5Myt4OU5teHljOFdKNTBjQ2RTd3ZuNTRBc1Z2U0xYRi9sbHIwQmh2cWRWQ0dP\\u000aTy82WGQvdEtpblFPWHdmeEJBMDVJZSs5MFZhU1J2NGFrRXJ4dHhrekVIeXB3R01j\\u000aVStieTYybDh5Q2Qya01vMnpQK0hmZ3NkTU9Ba2hrbDUvRXB2NVdiZGMzeElKRUhK\\u000aOVptbitUdGNWR2FiOHNPeSsyblIwQWNwZDJxeVIvNkNUd3dodk5nbXF1TldiLy9P\\u000aaGNxdDMvR1dPZkt0NGhrRnQxeGE2allTSXVoNHVWMHJqcENvK21ISFk4ZFZaTGZ6\\u000aNE9oR3dpNGd4bDBlV3hYUWF3UGpMWlI5RzdpQ1NCT2ZPV0d5bkdydklKSFF2VUJD\\u000aUVUwLzh3eFNxRmkxcVdQVXN2ZWtxV012SFpYTGdMMGZNYUJEa1ZZTm5YT2FlalJU\\u000aVHNZeENZc1AxYlRCNDY5ZytjRkQ1bEd0VDErTi95S3dKOUJTTGhaenhzRVhVWkhG\\u000aQ1NJTk1vTTlnaVF4TzI2L0VLUENMdXp2bnkyN3orNWdxcURkVzhlVUFCUmEyeFpp\\u000aZ204YmFkSllGWE12dkdDUVBjcmhiN3c1c3dSL2I1TXNiZXV4L3F0RFQ4R3VWcUNG\\u000ac3JDL3E4MlZpOUd5b3VCWDdGRk50UWhWRDFFVWtCQWZTYWE2UDhKU2VPdE01TVYr\\u000aV21OcGJrQ0U2M2hZS2g4cHN5MUdMdlRZRVA3Slh3TmNIWXlmS3FtdXk5S1dOVmUv\\u000aT2JPZTM5azhCWE5tWE9DejRJay93ajZqaU1DWEsrblhwdTBZQ1Z2ODJXM1BMeGlR\\u000ab1liRURMMjNHV05sNFFHQzQ1dE45WUpwK29CSGZjRStmUHk4S1FrOFBDK0s4SFFr\\u000aK21HV3NkTVUxUitTaTExY0VYdzBKTTRTczJzTWpZb05tQXd6a2RvRHliVkdnK3B3\\u000aSnUrUmFmaEJrSmpIU0FMeVQ3Y1R3dncrOW56S1BIdUhvWW5wSTRLQSt6U2xrYkUr\\u000aQ0dSbzd1MUxXVFl0cGZTYnFtd1NjYVlxU01WaTZ5QVdkRnoyS001LzlkVHB6alBY\\u000aNGhOZW82ZE96eVRHUkFMVnVUZi9Ma0RqaElqWGJ0Z2J6ZnU0aWdrWXg3Q2d1RnZ0\\u000abVlkTEhNSE4yRnFOTkN1UWk2bTJLUGYyUG5HdmVrSFVwMEJYZ3NEOUhkZFJtNHBF\\u000aYnE1VEsvV05RTzBuS0g0M1owOU9NcWZZbHEybk5mTi84ZnMyTjc1c2h5NmtheElK\\u000aL0FZUlNkOUU5M1VjOWJmV2FIeUwraWNNTE1GelU5MytMZlhpREkyWDVScEVtSnFB\\u000aSUMwVlJ0NWtXdnlVNGVlWnhOdE8zWUtxUnN2YVo0dzhnZ0I3dkxheFFKUWtnMWhs\\u000acVAzQzhDQW5HWnkrdDR5alRVejA1LzlpQi9HRk1DdDNteEpPajUvaVdTOTZRRW54\\u000aVm8wdVYvYzhDRFd6OERHYzYvLzFBQzBWS0VmaGRsSmFGOHg1NzVHNTI2dHoxTVln\\u000aMHBaaitNRzlsRUxkNm12d011cVE3VEVZdEYyN0Y4Vk5iQ29ZWXUraDhJTCs1Y0Vr\\u000acnBjakUzMm9MbWx4ZjBjNnpZaDhwa3FsVTR2RHlQeGJJcm50WkFPcThMUzk5Vktr\\u000aUjdFL0w5OXNoZUxqd3I0bTJtQ21CZ2tGZVZhVG1Ca00vSFd4MUNEYjlIcVM0N25Z\\u000aSWJaQW94ampIK0QzR1EweXlES1R3aG1iSXNHMFQ4Ry96eStRR0pmNkg2MXg0M1ZJ\\u000abkNwRkxmQjNiQUNJay9OanhCeFdheGVwMXRMMTRBSlRMZlROTnA3K3dCT016THhm\\u000aSHBjSUlWT2dOeXJ6UVk2Q0x6eXlDM2hub212a0hadFJ2WmpBYmExMmJSZ3VoTUJX\\u000aOFZiaHNKMmZaekZ3TXp0amxzSEkwREc2OGs1R0JDemFDQVRPZlBBWnFPN2lEQ2JC\\u000aMW1KSEgzTmxvQ2xuL1pTY01rOUVqTERyTndIWHZ4ZEFTRFMwS1RrZVNxS21TZm54\\u000aUWlSQ3lLNjhrSEZNc0trUTRYS3JKZjZGMWRreVYrL3NFdzRsS1FFYW52VkVVSTJx\\u000aUExDSVZnVWVkQVFaeFAxeVp0dDA1V2ptSUdhZnhQMldWNE9PYm8vTGFaamo0YW9H\\u000aNjNxWkdGdGJyWUt4TVc1Ny9RL0ZkbjN5TUpmUlkxVGU0UCtpTTNHUjNRcU1QeVMr\\u000aZWZDMlRDNk9pYithOHZ2SVcxTFI4OGV0V2t4SHJzMEpVcVRpM1ZEY1lXNEcwUHVn\\u000aTFhsZEYwWVVod1RLaTlOUjZmWTNXMXBTQUlNRGYvbk5hcVBIUnNLVWU4Z3pwcll3\\u000aOUdWLytXWjkrNUxEQnYzWmNKVGlLcllOcG1TUHl2MDdvNWx2Mmo2MXJtaEdsQVJ6\\u000aODJzWlhDUzA5K0lyaUpmVUg4bko0NFRFUk8wb1pBd2RxZWhEVmQ2YzZIV044dlJI\\u000aeEVJZWhmeXJhUVZ5Q3FlQkU3d3VPcXZFSmI2R0Urc1czNlBMNGFwT2ZMcCtISU5V\\u000aMkRhbVBrWHJWdVV6Q1dWZWlXaGIzSVBPNk81WkNENVp5RHlQc0liV3RuMnc2bnpI\\u000aU3EyUDhOdmZZRHhTcmM2YlU1aThoQ0FOZFdudTliMWJia0tXTXhUazhjamQ2bk8w\\u000aN1FtZnJFZGJCQ1ptWmh6blJ2cmRYMDdHSXo0YXhtM0Z2UHBtazBvZ1FaUzBieDd1\\u000aSWhFTDhGR2ozQW9lSllpOFB0dFA3NmFKaTRPYndlUmhlWVE2L1p0NHlPcXhabUph\\u000aMEFnTjJieTlpT1kyZ2tLclg2RTY1UWMzM2Q0Wlh6aXdDc1BsNVlGQmY1bG9ndGFE\\u000acXFVU0p1TEQyUEMyZEZNeDAzaGkrcUpSNmxPZ3ozYjJrM3dUTjhGTjJBMnQycHo2\\u000aNjJSS3IyQVRuSklrZkdndHVTcFlicGdab05VL0pheS9qMERWMXRaMkFmODdsUU43\\u000ablphdmF0YjVvbWx1Vi8yU3ZVYk5rbW1HdUhrTmFjQnNuTjIza3FOTEFrMmZvQ0xZ\\u000aT1FZaG5uQm1ZTUdYdS9tOG9haXdmUzhxRlZyYllTc0tKSWpLU1ptaFZBU3hXa01t\\u000aT3lSVUcrYkhlQ3RuT3ljWmlhb25XZElvbFUzT2hJMi9JTkpDSUNzQjJNWGhtNkpa\\u000aOEFtcUlqSGQxR1JvVElRTDlFNlBUbGF1MVB5dDhmbnl0aERac2R5L1dmMGU2SGRy\\u000abXJleXBiaE5PYTh4NUF4ckhaRGxjemttaUJyOHEzU0dYU1JVWUt0YndGUk5DZjFX\\u000aYkVyci9uN3duVmlZOENiS0wxZGJzMzlDNmtaVGlUVE16b1NCaFVKcW0xeUpHZUM3\\u000aT2pLRC9VNUFUK2NmOXV3c2hVNDhKZHNUNDVOWjJnOFNkL21xODlyTFBRVTAxNG9h\\u000aNUhRbzV4bEkvaldPUE1MM0R3MmtFVkkyZ3R0eG5HamExVk9aZVlJSGM1amJWenBx\\u000aSDMxZ2ZNYkZLTTNqNHRyaFVKVmFyM29ZWndZWnR6c1IyNmg5NWxIVlNNQzJ2MGZH\\u000aZ29nRFBMYzROejFtelNUNzQ2OFFTeVJJTzZtOTVTOTV3UWxiWXFoRzhMLzJsZW13\\u000aS1JNMUNUSGVUeVFjQlRNb1lrdU9wNFRZaVlXZzAwMjlXelNyMkhCUlFXZm9zNzc0\\u000abWlBbjBEQWtxcysybzFOdUtjTmU3cVFmY1Vnd2lHNzZJK1FZcEZPbkJSeUh1d1px\\u000acHR1WmpKTWV5amtZWC9wRE5VRkxYMmNWRGgrT0FSRUFaT3NBSVlPbnU1OWZnRHVB\\u000aM2RrOVNHMGVIclNXVkR2dU5yTDJiWm1hUXJxQmZ4bXRaall2Q0lmdDFXcmQvUkFo\\u000aeUs4bEFMNWFJZ1pZajV4WjBtV2hXd2hHTFBKNXBnMXpCeHFmZ2hyNzhRSVBQNGEr\\u000aT3YwU21qTmdwbVNQQzc4d2RPNVh6N3NzeU1mUC9uWkhVZEVJbUNqUGVMM2lJalhn\\u000aVVY1SjRnckc1cWY3WHZJQzBpNGZBdktnZ01LYXFYWGRZclBCZzFWQm5vR3BNVWZm\\u000aUU9Wa29pcjNjL2hYNWxlN1BoQlp3OVlWaEN3UDg2VU1oeGFmclp6blQzbnVUV0lL\\u000aRUMxOWVXNDJSak0wU3V2dWlreFY0L1o1UUhxcUtvNmRPamJZL1NKR1FQU1VWczdx\\u000aU3owNks1bTF4Q3Mybk51QWR2V0lVS25leE1oRUxsRTVGbGJQVkZ0Nkc3d0dLNUxv\\u000aNkV0bVZPWnE3bXpxWS84RHdUMnpUbm1UbW1lZEdIZDlUUWRCM1gxU2orUHlFRDFr\\u000aT01kYUkvVlVOWCt4bFlmUkd4RHF1Rlp2YmdTVSsxaDJHSjQ5M3VsYk9KVmJjeXpP\\u000acFFmTks5UTNNNEp2V1hPRVUzT2NPVkMwbkZGUUVEbDFEZ2h2Wldoeit6dy9sZkg1\\u000ab3UvV0kvOUpmKzB6ajJNNDE2YytTbkpneCtaSVZUd0lTQlhDc1NicW5tbG54ZE9a\\u000aSnhrbElrWXlwMGVNZ0RkTzZscHdTbXlLc21KMFVaM3ZPUFRuQXBxdTROeUxLOXUw\\u000aNzFZRVB5WUhWWnRXOUdITm5LM3RvZm5TVVZpMSsrVEx5bDY4aWRqS0RCa2hFVWNy\\u000aeWU5QkFhak1VR3VSc00zQ0RNZGlrSEd6eDVwM2RoeGIwczJTcGhxREhFLzJMSlBj\\u000aU2kyQkFVWTA1WXNDUytiWDgzb3VESDRXSmozZDM0NFFTcnFwQnk0ek11UHJPdWdT\\u000aRWo1a1Z1MjhMT1RKcnZPL09jbmxoTUYvWndielBRVVI5TmhUV21GOFV4WEE0Vjd0\\u000aK2RQNDVnTFFvYnNnVHY4MXkrUDVuTnZ2alNtL2I3aVpzZXJhV0VaSHlwNGo0bis0\\u000aSWJJTmZrcXVYVG9pcTlyVHFvZFdyemN4TkJCdDBOMTFtRWpwM2ZvYjJiVFU5QkVn\\u000aalZlTHRFSGxqVFJJV1ovK1IvTHpTaXRJL241MlNvTUI4RlVZc2lXQzF3WVBOY2lR\\u000aeEJYdFRNZ2xLY3NiVkUyN0dxSEtueDVkMlVHSE9iQVVIOGpKdmVaZUNRYVExWEZu\\u000aZ1ROdXVNcVBzdERaSFNPQ1pWVXhJajkyQTFUNkVTaFo3cTY1VjhadFEwNmdYb3dB\\u000ab1ZDc2xjaUJEZHZwUEZCL2FlV3hjbHc3cFZBQ2xBQ0ltVmhMRG5YNEtGWUNIUE5n\\u000ac2FLYU9ua05SVVZSc0Vad1pad2x2bklRdXpBRW9KTmtremd3Z2dtdHgyL09EK0NY\\u000aaVlLdE5pT3hHWDlKZEUveVovUk9qbHlSNUo5Q09CL3JNMmdlY0FWZ2dmcXQ4RUc5\\u000aQUJNVHZhN3RpVHF0M2Q4V2NjREV5S1F0aTlySXhoNWZVWGkwbTFrNlJGblNEajZN\\u000aRXZBNjBULzRJY1hPUERtYTJ2WU9EZ0NBS21IMWtnNzY1dDI4MFNtcFNnMFlnQUpV\\u000adkphSXlsdGY4VWhPWE9DdE1RaXdEVlVjSCtDTHBiSXh4a25Pa2Q5K1hYNDU3bm1j\\u000adjc5S0FMbzRjbEp0RWpqS3h1aUIrK1ZwNGxzRVlENkI2RVkzMjJiNmk4ZExkQkJu\\u000aZ0JKdXUwMDFBSjlWUFlIWlJBeDNRNDh4UU11dUp3WWdZNmlEV3hzY3lheDdENkxu\\u000aS2czbnBaYmhmVzRlc1l2NjBqdkhTNDZwem1lSlVKVmNmVUFFeWQ4azFXK3huWHFi\\u000aN1dxRFRGNXhaTHgrZHRlQk90UmR5U1NIR2cvcUhQNEFvZ3VSc2JvVFU5OEJqOWIy\\u000aSysvSEU0ZTIveDk2bkg3VzRlU0tGRGsxaWxoNk9EckE5SE1uQ3h1QWFxZXB5VTFo\\u000aRGNsZjNEVXdGamdRR3Vnb29TNHpITElvbnpxVFVjcTRzcC9SZ0YzRk00TGxpL2NC\\u000aTDdSbTYxMHZBYUprcmZWRG1JZGZ0NHd0SVVTVysyRGtoQ2lyb21LL3RLckZUbC96\\u000aTk5HMGpBTmo3SjllRWhQaE9kdzFVMHRlN3ZlakVwMGRLb09NRkRTSTNaWWJieWNs\\u000aUHJ3bkw2ZW5ocmlrWHBzNXVMVDRqT2p2NFVJSVRQSjJLN2NjWUZmQzJqZlJKMDJt\\u000aRk1wRkc0MGplcEdHblJ3cTNRZzQ5NEVhVGN2dG13SVdjbEtlVmJ5MW04N3ppc3hV\\u000aT1JWQXlnUlljU3ZvVXdxdWMzakx3MGJYVzBmUkFYVTMyaFlWUWZJUTFwY01pSDRW\\u000aRStyL3AvRGpJWS9zYngzVm1Hc1dCTGhNOFIweElVWm5YSnJyejk3S09GQkE3NGdu\\u000abVluSXJQa3lmT2hQUGVFSDQyL2VpRHUybWRWL2U0UGEzS1VLZFhjeUo4cm85MjZC\\u000aSTF3aGk4Q2h4SVVtZzZNaDQrOHg4YjhjS3VpZWtFaWZ2cU52aG1KQ3hlaThTYSty\\u000aUVpQMEx2aHAvekEwRWIxY1d0ek1VTUlFdUhJcDREa1hhY1dNZ2NuV3U0L2d4Q3Vi\\u000aMXhHaE5xWDI5U2p4SUhHeFdJRkNvQU9lVkNkL2xiSlFPS3V4R3BnMmR2RjdDUUhM\\u000adGYxQVRQaEQxRVNsNnR5dTg0dndWcTk3U3lTcktweWJxenZydHdSTFhwb0kyUHA5\\u000aWEd6S3BtaXIrT1Fva1dwSUhZTElzU0hmditDWjJDaW5aaUpEWWdtL3ZyOUZWdFpv\\u000aU0JKN2puYlA2TkpKYTlidGd0QzBFZnRTcGxPSHpicm1nMVR4M3gvNytTRlRGc1Yz\\u000ac29yejcwTWxIZE43M1ZjK3B2a080LzM4ZVF6SEFqdkhlTVgybGFMT1Ntb2Z5Nmpw\\u000aOVBWV1RMWFJmSi9kOTRNbmhaK1lvQ04vSVl2cWsyTzlPcDlzWnY3SGNHdHBMYlFr\\u000aUkh3WG9od1VpSFRxVkhEQVVxbEszUkdHdDk3ZHZJY1owSUdlRFJROGtULytCUTZ4\\u000aVGpxN3pvQmpMaGwxT2M1cUxkYldUM2FLbVNoL09Tb1BPWlR1OG5QYXROdjFIektB\\u000aOUE1UGovaDlRTCtGeldrMXM1MzZYRzJHaXRwckdiMERQaUF6MzVaU3dCdVpGbFBs\\u000acmpZbVhONWdsOEpwSVh5c3R0SFdqNTVDSWlJbHYrSnhGOXBGaSs3M0pHNkNUVkNa\\u000acVEzM2p0SmVWLzVsTnFJcGhUUUQzcS9rbDlGNTNPMGRQa0UwM01lWDJkS3p2VkV3\\u000aYldDbnNQMm5rVEhDMDloVDdkSjhVU3NMaElCZnZ4dFJ3VG1nbnRoSE5seVZrR1pK\\u000aWmxVa21QMXFHZU9tdmU4RjgzYlpSMTBNK1dyZmV1ZEJYbVJZUHgzRW5FVHkvK3B4\\u000ad1d1cVczd21WV2JxM3BsRnJCNFd3eUZuc2NNUkNuSjNuQlJQK3ZCYXprb0hpVXk0\\u000aOEJPVkJvMm0zWFRUVmRVcWRmbksvUlpXc0RhaEZKYnpWQ3cvSTlJM0lySkFRa1N2\\u000aSG1qUkRsMW5aeDdCaHU2WTR2ODZKa2dmSk5UMzRocHlYQkRaUW1YNEh0NXZacnlj\\u000aVTE0cTJ4SWVoUGNVRmMyZmQxMmNkWERvazVrSi94ZWF4Zi9RbDMxRUFzQ0xDR0x6\\u000aWFI1b24zL1VaMGtGNEx2Y3IvTVJ0VjhJWWdjbDUxcHlMbjhnbnh0ZmErVmZpMStD\\u000aQ1kySXFJUkpTeGtmWGgvTlhWam5MeFZaem42d1pGWFZ4UXBBUE03TjR5V1pkT242\\u000aMFlXK3ZCTmRGVExKZkxnTVA2UDBZWFZNRlpUVFRtVE04eWRGd2tFZDF2OUUrcysx\\u000abDRzNU50Z01yaEZVTkwxOVo0VVdSNVE5YTQwSXhhK3hBbVdPTElDQjFuUmxkZHll\\u000aeDdmVmtYSDE2WUV3RnZDVlpTWGRZODdaK3JENmZCbEtKL2lvandRbnZPV1hPS1dj\\u000aTmdEemc2bFoyYnVtREJpM1FlSllkNnU1Vk1ybGIxYk81dGZMa0xvM25ZMXROL2ZO\\u000aWmF2NDY1MnM3K3dRaFh4eVZ5bzMzQmY5d0VxaGxwN2pmcnRmY011MS9zcEhwQ1ls\\u000aOWF0MFdVbTR4UytaN3gybkgxUWtJanh4U3RaUVNmQ21LbzdiN0pGUFloVGg4QktR\\u000aQ2U2VnYzemYrUlloMkVNR0d5RXFMdWIvdG1Od2FnRGdGYXk3L3NEaTNTNnUzSmpy\\u000aQlE2b2R2ZkNrU240cytaYUdqb1I2VkNtUHF3VlorTXZQRXBKQURRUm5HS1ludlhs\\u000aUVU4dUo2MWpZNXpUUE0rUExaYytCNmdpdzZlZmNIenp6ejJJUmRPWEJGNFE0RVFO\\u000aek55ZVFrYTNoUUk5TWtFbnc0SDlZV2ljTkV4NVpKazR2NmJzeVl6T0Y3dVdiMi84\\u000ab09NNnRhWHdOWWFTSWRyQ1JxVGl3MFZOR3hVOFgvNGNwU05lSmNsRGRxVXg4TEli\\u000aazdxaCtXYkkwSnNLdHE4d3c0VDlvN3Q5MExpSTl6RWdjUisrbGVvajhxV2Z1aDZp\\u000aL0tzRGtTNFBHMmw1VFBqUWhWMHJaY1FhdW1hRzU3dXc1eUl0RnM4QVVlbTF6VWxN\\u000adjcydDhSalNnTWdBOWdWdGNCcUNlWjIwZzk4ZThWc1FwQ1Y2SDlpSWRIalZTZkFK\\u000aMG5MbnJud1BucWJPZFdvL2xJYXR4dnFSb2hwWFhyR2loSjBPMEpNNkw4Y0JJQlFl\\u000adkZxSE9qVlRIVGFpSVhxL2dQcThVUzZtcTNIS0U0S2tUR09zMXdzV0ZFRmpKei9m\\u000aeUxmYk5sVklIQ0tRTjhjb1lKdFNlSEZUMTNZdm8reTNBa1VRb2hWTno4RXg1TUJ4\\u000aMkYyeGtoZ1BLdDl2aUlLWXdGRlpOQVU5ZzZDWVRjOVY3WmtHTFRBT1JqQ0IwNTVm\\u000aTnBkSGVvRWpydElMU1lTMjZhV3Q1TmtnVVJsV2dEalpTN0t1UWZuY1dXMjQrOVND\\u000ab0xCV1VzSXhVTWVsZTEwZDhwbGxsZ01YRUR6aWEyc0NEemxvOFdOa2h2M3hZZjFT\\u000aYXBjMk8wTnVmS1p2NEVWMXhzMy8wblIrMHc1b3ZHa1UyY0ZXMnpBVUcwaGU2azhZ\\u000aTjR6QVJRallUem4wajNVa3F3Vkl5dGZuUlRYUzZEODZkTVAxaG9ETWY3N0duMzI1\\u000aRUpKM1lGanpFbEFjaURlRkgvMS93Wm4ybm1ST3hDU0p5SUxXNnJiTUdyV1JDSjc0\\u000acFNyNkZUcXRsVFdNWkExL01ZeEk4a0JlWThHaEQwWGZ4bWdPaTI5NjcxSHI4SFVL\\u000admNLYk8zWUxHemhqaEtCWklEWkNwanlUY3p6VkN0MzVOcXpGUnMzM1Z6Y0VDU0I0\\u000aWmVZSCtxS1RDZEhPK0J6VE9HOVh1am5HazJVb3BkdldldkovdVh0SDlmTGhUQjJn\\u000abUQ4azZSa3FSTnUzUjZlN1NJTlhpejFuc3pqMmo3QTlDNXE1c1VkNThjVTdNRlg3\\u000aMGkzVHJ0NUh0MloyaFNQY1hPNTU3Sk1LRVdVcFZxS1l0WmhQTWN1a2hHb0hVekJJ\\u000aTUV1bDlSYXo5c3M2RndsZHo1QmFvWDZJcW5yd2pGaXRnTjVnWUZpaHJEbmlXUVhx\\u000aaXQyTWtETmFROTIvWUlHRlJGMm5iaUdPWDFUamxqQ0VDMU1DQUwvSWxqRU4vM0ZZ\\u000aOEJLWElpdkU0RTNNRGt0eXJzWC8zOGxUZjN0YXZOVk5aVnFESHMxUmxuRUM4WEZI\\u000aUVFNZXdXWjF1RlZVM3pGOVVlcXYzcTRxZUVQREZ5R2lFN2dEV2tNbW5xYnZURiti\\u000aVysyMVJzTHBpbUphS3dqclRMTWtoaCt4Z3hvK0paWml4c1NxNXgrK0NCdEtOQ3BC\\u000aNkUwTnc1SUlnUnVzL1kwMmxQMWZ5OFVsdjU4eHBNUjVETWRmeHZ1cjlPd05BTTY4\\u000aNi9zeUwrbHVwVDZhNnRhOC82YlNPVWphNGRtMXgxWHBhWkZ1Qy9EMGxkU3ZPdTZv\\u000aQmhVVUtuYXhCalpIeXl1UkNQVlpwY0tFZDFkemE4THdJcjY0Q09CeDl5OVJSZTlV\\u000abmN0L1dIanlQSnZsWWx5OTBLZ3JFOWYzMUdkeEFoK2hHVjZrbWhIUUhpRnB2ckRi\\u000ad05tRWdhNzZlTHRLdHpGNDh2cDdZYWdOaERjZlBCbzVJMW5pOGxZcFFDeW50WVB1\\u000aWnRIZWNyNWFDQS9RSWpGZGdUSkRXaGJkVW5rbzgwa1RGRTZ1czByVUNuLzNrcUhK\\u000aeC9Lc2R3S0VxQ2ZzNUVhWW5LbVhvQW5HZWZYYVdoNkU4Mm96Tk5qVzhBSUpJcENJ\\u000aTTZrbkFjWi9mVGVjL255azZmTisyeXltaWFXWkN1ai9lS0piMWZFK1MybWxpbjEw\\u000aM05oWmtNTkJHUDNqTUF2K0l6dGVuMFFDazdySmJ6cmlTeUFGYml2aFB4bjZqQnlx\\u000aaTJKRU4xd29KOU9MYWwvaURBSXNoRXUwQ0dwQ1JMRnUralI5WE9zdktjNTdGVVo0\\u000aSHo2Z0ZBYjEvNkszWnNWSXRGZElvL2tmbHJ3Ukttc0hTN2VuZ1phOVdYSVFHb3FR\\u000ablVaYXVjb1JRVWEwa0haN0UwK0szNVpZa1lZVFRwUHJuQWhQbTJBaXdmRUpzVmQy\\u000aM0tnWUx6QW9tQ0J4Wm41RkFFd3lMVUZSTFAzOGRZR0hlZnhyR1FiemNzOUtpS3I2\\u000aQUFVRTVSM09yMHdDTUpLV1Jmbk9QZjZQdmtIdlcrSFZhZStBeEV6ZXF4TzFwOVVU\\u000ab1hoVlcra3NoRzZ3QTIvL2NkR3Y0MHJrVEh1RFE1c0Y3Q0ZGckNodlJZb0MwMzJJ\\u000aS01qa1Rzc2FKS3dqSEZlSVMzc0tjbmdEL05WR3pTK2xOcGNwSDg2RkJGQTd5SzNq\\u000aVzBrZHRmblRaLzlSSkNXblV0YXFpM3BFaWFlak0rbEs2cXRuVzdVcHhVV2o2K21x\\u000aZzNtb1FCUjZ2Yk4vS0xrSkpsUjhsUWNnQzVLamJLOUd4YXpGZlErbGprcGhKRHBi\\u000adERUZThEZ3dBSmlraGlZT1YzYjU4aTA5MXo1V0JZSmFtQmxodS80MzF2TWIwNFJw\\u000aVVdOSlphSEdySWdCNXNwdFV2SVNxSDRBYm9xN0ZNMVZjZS9pOXpMcXlGVVhXZEhl\\u000aaDBmTWFKUVp1S3NPNDFmQUtsNHhLWE9icUF6eXo5ampGTnJjZDQ4MlNZVzhrVGlW\\u000aZklEUHN3eFc2aEVhd1psaUxRYUtIa1pSU1JYempUVE4wc1draXhmU0dPTDRYNXNy\\u000adXVuajQxNDJyRW80L0NYRzhwODRWTnBrVmRXYk1USEIwT3JmcDdvQWdiLzFRUlZt\\u000aUmpyaUhMZ0Jzb25sWUJvQmNKaVpjb1ljNFJoVmROSnVGdldUaUg5MWM5dXZkdUsz\\u000aeHhoMDNlUCtTRld3Wm44NDZjZ2lGL1pDZTY0d0tVemNPT0JvbkoyVm1JZlFWYUdq\\u000aTmUyY1ZDZVNhM0IwUi9PZXBBRk1ZQmozTTM4djdabFJRUXJMVnRzVXZXMEtjbnRJ\\u000aaHZWa2NYVkpZM3RRYkFKWm44aVUzWnhiN2VvUnF0MjFGem9raVVWbzV6d0FuNDV6\\u000aZVVWUUEwaFhaN0s2K2RmUnJCSGFaMkRob0RLc3FaYkFjVDhTTExxY3dJTlBsdHha\\u000aWkUrUUdMSGc2SXhHdWZmT1VEaEtmdUtoVUlOQ0dwSisycjJqSEZrZGJRaTl1R0Ux\\u000acWh5WmtrcGhEcDRnZ2Z4RjB6QkNQZWJDOHBXRDAxaEdSUFdDVkNzRjBMdGlQV1Mv\\u000aSnU2Q09MWXZKeWhlWURYeWNFLy8wOUkxYTdYRGFaLzBLSWlhNjY5YWNZQ3pGWnEv\\u000aYkxkZjZoWWg1UHp6RlZYNjI4eUJuRnRvbm9MMGlSdlo3eEkvbXQ1alBFc05CYXgx\\u000abGhhdXZJVXlNVEdvM0xGcHZrYStiN2dYZmFPZXgyajZwb0FDdVVZKzJtZmY5Und2\\u000aWitVQThheFB1N3NydUdCaEpJZ2JyeUx0QlNwL09ZZlIzZ0ZSdjA0a3l2bVdkL2w5\\u000aTGxRanVwQ2JvUm81RjFVb09Lb28vQ2l2dWp4WmVDd09QSmdEYndNVWZ1ZUZLazcr\\u000acjFCcktGdWNzbVlhc1dYYUNua0I2TUxOVDdoeHFqYk1hM3JXcVVFa1JyNXJzWWZq\\u000aSFo3SloxdGZacHVyK1Y4M2c5V01rSkFFclhaQnRibFJMM0UxamNicmdBRXQ5MzZP\\u000aR2U3MndPTUg4akNMU2FSSzVUSHlWZmdiUDluYlcxeWdsNHdIQ0tmQlh6RVZ3bWpa\\u000aSmdKWWxtbHp0SnBNcTZJNWJBc2Y2aWlKNFJyQUJmV1VKbkdGNEhuL1RoYTBVZi9p\\u000aMEQrSi9ZUE1RNWIrTmRvajNuSU15UFk3blJ5WWNNVEpaa1lFSWJ1dzd2MXhxUGJz\\u000aTmlSZkczMmJ3dll3QlBVNTduN2lLZXJFTmpnQll6RFVSZWtmVWVxYWZtUHBPWFU2\\u000aZDBBRDJTcjM4M1BnekhsdW0wWmhEUUlnaThycmkyNVU1eDEvdmEyK1YwZWlCdnhH\\u000aTE40b0dZQjZ4a2ZFa3NNTkV4ZlpYU1dCdzlzVnBMeEVxclVqV1NGdk4xbjV5c2Nk\\u000aTi9JY3EzTDhvWDZ6WmR6bFFqWFN4amZ0L0hMR3FrSTVZTTM2K0V0MStXUFFLcG5t\\u000acEpVVnFWemJ1ei9VK0dpcUhSVGVqRDY2a01lUUJnWHB1djFRY3FBU21Tcmtyd21E\\u000aRmVCbXA0amxHV1NCM0R6djBHb2tvK1VrRWxENmRhSGtjQkJCeTlPWEdCTXhKemt5\\u000admNhQkpOY1E5KzN0SjNnVUI2c2QzR3l6ZGNienhMcWFPcFh0bkkyRVZjYXlLekRL\\u000aZ0E5RGRUNHpva3hTTzhObVFOTVMrdFprQ0hJK2ErQW5iSFRvNlJQZ3JpRVg0TG0y\\u000aTGJsUy9UZjRKbjlHaVh0V2V0UWNpbU12UXJxd0UrbTRmTEpURGgxb0ViRFhXL3Vw\\u000aSDdFTktQV3F5bEhwTFZTV2ZJcjR0QVJMaEl4NlhLeXNwYTJvY1h1UWpzRXkvVmZ3\\u000aQUlyMi9NNVZOR3JDcEdmY2Y5U3U4NTBEWFMzVUg1Ri9KM1ZEWlYwL2tiOXNVT09s\\u000aa3dnZ3VGYXR0T3l2QmZFTnNOeklUd2V2VC9mOXgzMjlyL1MxYlhJbmRvM3NHRmNk\\u000aQnlKWUFROGM4OXFaaDJsSHkrWmRvWlRiTXZESFhKOTdJVERwb2dHOExrYU1EUWhv\\u000aaExjOUhHRFluVnkrRGsxWE56d1RlajJmWS9qZWRXcUxXVDcvNm1kSmlUL1NmZW55\\u000aQ0lzQ01TU0tTZ2pVenY0TmY3SUVyeUpvYXhET1UvRGRpOTBXWjlBZ29MUi9JK0F5\\u000acDZ4ZERMV1BUZGpsa0RYbHRaQlp5MXRmV3N0QWpqM0Y0Sm5xMHBHcDBqTVJNUXg3\\u000aQWtHMGpycVFpamh6NCsvd1lrNFhLUGtsZDlQQXQ3b1lQbHdWRERMSGtIVTBOeXBs\\u000aMTVNa1lvRks5TWhNVWdJZWpoTU1UZER0eHV5Q05PVWkzUHVrdmFFVmN6SWI2RXpM\\u000ad0JyYUpzNjN0VmhPQ3lMdXBuZ2VOajNLNHltSWxhVlpHVUdxWDlrRERzbG5oZmpi\\u000aeU1Gd3lVUERtUFM3VlpJdDFVRjJZTWE1ODBjNXFpZnF2YWxFZktlQmFXdUMvOStX\\u000aREgyM3VvYjRiazMxT1JxUjRvbTNrdzZRSzhkaDZETHllNTRoSFVhdnIwNkZ6SWF5\\u000aNkZNcDZhMUljbnpGT0tremtDeWk2OW8vdFZyWHg0alVnYnNtcDlQaFUweVpKRHFH\\u000aYWFINjJyeEcwZEpkNUh3ZkZkUnpXbnBSV0JEajlFbkFkaE5VYnpLNVRJaWZaZE5h\\u000aNnJ2aXBsUk1ZK2N6ZW9CSTU0VHd5d2FPZ0dCcjJIaUVqRUhCY3pvWXdkSXNrY3Rt\\u000aRjZtZTA1N3U1RS9uMFVkTmMzbENJZXNqZml5SVdDTUxkeFNnQktXalBjSnRDSjRR\\u000aTmFFK2p2bUpCbk13cFI3enhOMU85b2tCWHFZWnozWUFUY1ZtdTgvY3V0NWs1Rk12\\u000aZTkxUlF3MysyL0FTVnRmdU91L1JOMTBYWm40ZldiWEZjcDI3NG02OUs2RkRYOVcz\\u000aNXVSWEhZeHp6OHl1L1k2TitVNzBoOStXL0psRi8zTFh4S3FveVlwZUtXdlVWRG1r\\u000aT1ArMUhhNmxNbm1BQm1Cdy9KYVg2WWN3bk1ibkZuekFVWTJvRE9lT2o0dkt6cWly\\u000aMkZMQXVUSWo1Q0VWZStHa3ZHRU4wTFNkNlZzTzIrNXBVRHc3b0FmU0IrUXd6bzFx\\u000aN2Urbm8vWWtuancwOVdEeEtpVWxoWHRqN2s5K1p1VjVWYWhmczR2bExLaVBPbmhI\\u000aQTFlRHdXRFlVdDdRSDRQUWUrZjhaV2dtcTFaTnhVUzE2Q2d0ZU9MYjFJZXVucERN\\u000aeFZUSFZaVy9sQmlzakFCaEJpY2x6a3cvWTkrcTlEdU1hbGQvU3plVHZVaXpvaUVi\\u000aM1RTVGluVUozUUt6a2lJWityOFJrdnB0WDlnZks4VWdva1BFa0tleGd3bFdmTjRr\\u000aRzMrdDlsaGw4Mm1oZzQ3bTk3Z252Qnc0L1JtOGlaNXJXRzhqOWlEbHJaMkJWVzRz\\u000aMGNmdmZsaUFTVjMzRElNenJveWFFaXBFdlZMTW96a0loTm9OdkZpRXp3NWpUdWgv\\u000aWXB3c0NtaVJ0NDVnUURyUzF2WE9lRzNSdmdPdC9rMXdhUWZIQ0ZjNkFlWVRKdXd4\\u000aWENMOU1laDFhd05qd3BFZThBbU9oK1dkYk92ZklvVXRVcXRXb1pkR0NXdWZoY0d6\\u000aNldESUxpYmUrZ1Rsem1sTitEQml3ZXRNMGt0N2V4eGg5ank5MTA0a2pkdTMydkIz\\u000aa054WWtOaUVsWUNSMnBBSHNhWC9mczE4YjJzdTRUUlRUSG1MWFVrbXdwcmhSUXpG\\u000aMkpVOWlWV3NmbEVqN2d6SlBMNGRyckxsKzkrUUdGUG44VHZFY2U2TTdLRGZUWkNP\\u000aV3o4Y0FjcW9ibVJjNGZDVFRNN0ZKRXVGUklIcXdvaERRYXZlOFJSUG5BZk1XckZy\\u000aTUJOekpUTWllY3lpWWZIcGE2U2NseExoaU9aYm8wbWo4OGpLN2FXVXdqdng2THRJ\\u000aQ3RqbTk1LzZQcjV1L05lUDJORFZ5dXVBK1pCRjl0YXNhOVBLbVY5K25uMUg5bU11\\u000aR2pndlQvUHJmMS9RUGFMUEltUjhOTFlPamdhb3crRUEzWVBZMytIT0RDQzVlRnZF\\u000aOC9PNVg2QmRpTElzVU9uL21ReUZSS0JHNEpySThkSzRyZlJXTmgvYXg3a0h5amFB\\u000aVkNGV2pQdGp4TDJjaFZ5UjBUMDE5eWdGUGwrRVZUcDFML2UxWGo0RjhRTFZzZGYz\\u000aUXNaM2g0ZGpvREVUZ3V0OFZTOTFuSDRnMzJPYjJndnEzOWtQRjNERzRjUU1kRzha\\u000aeFZEaWtIbTJrU0RjMThaTE82RkFqeXpncmp4ZWVaeFhvVzc3QWZGM1YyaWt1Yi94\\u000aamQvOFhJZzFNZHkwVHNEbGorVEpBUVVwOVBOZkN4MmxUNlBuN0dZMVNBUGptSS9a\\u000aUkVJSEdncEx4cUcrSkdBVXlROTR6b1ZnM3ZYOTNkZStXV1JEWWpxaXRXYjlvbU9R\\u000aYXhmVDF5Mk5yeWtib1pXaWNTb3lMWnhZVFU2bktrbTdUb3lMU2F5ZFo2MWhzUlB6\\u000aZXNlcDA3S3NxTU1Zc2lRT0J4VHN5a1EwcHhVenRqczRJeVkxWWtmcUdvaXZPQW9E\\u000aVStxN1dOTEpuRDZnd2x3bklSSUR3aVpuREJrckNZc0JFK3c4QUNoaTBiN3RqR3Qy\\u000aaG4zVmRjd0FabmQzOWo2RlF2Z0JtWGZERzlJRi9SUTBTNWN1OFh4OTNFaGhoOE9B\\u000aK1hTNlkyci9rbTZwTm9NaVA3TERJSk02SmRrVlRGT1h6VWszdzVrS1liQVZwRy9r\\u000aandjRGJnZVlHUkNxVHBmMFBXeG1YTU4zWjZtS2J6MVFaNnd0TGx4L0FNYTA1Tkgx\\u000aYk1zbE14TE1WWlEwdHNsdVVqSWNVamRNdGlTb3BaYzBOOWZDY3pmN3VBMUl4Skc4\\u000adFIwdnltdkVQSGdKVXVSYXhxZ1crSHV5eDd4ZVAvNVJGS2VBZmdNcTBzaS85OHVS\\u000aSFlZZFVORUZSUmQ4WXluR2lqZFlxZ1lZZkNnZnM4bmcyWDlsdnUzaFNIMkdQM2Z0\\u000aVUdMS295L24ybE43ekdjMFdxQWxDYXh0WWdNMFVwMmpQWDd2N2ZySUlTc0sxYmdX\\u000aSnZXN0xEQThJMjVEVDZaVkdOY244WkZ6RWV3VGJSdlBFNk9oeDdSc1ZBL2JwbVBP\\u000aR3prQ3N1V3A5OVhSa2tQQTNaQmluejJ1RXIzQ0NTRU04eitIeTZrV2RRTExSTlpO\\u000aZnQyV3dBWFVwc25tL0YwNmpVZXU4Nk4yWnNMeEN4S28xYnNYYlorKzNCM0NTMFYz\\u000aYXVBYXN5aGwwa1NWczI4eTdYaTFSajFZV1VabHNmQVYvR282SXZyNE5YTklpK1hY\\u000aWVJtaXNRVGI0UzNHUXRvRmhvcXdOZ1p1L3A1dzBmc2lVTDBFK1BDMjRvVkIzNzlj\\u000aUG1pUXUzdTZ5eE0vUVVCVW4vNlQ1U215MEszaUFGdTJEVU5ZRkg5NllEdFNZK0RV\\u000aVDJJVTByK1F2K24rYUJ2SC9xRmVLWXhNZTZMVlF4KzRNTk8xZzh5M0ZvYTNzckZV\\u000aT0R5azM3YlVrQUZWUXNPUWNEV2d4S2l0TU1kbWdpc0JwQXNNeTRXQTAvTnVqVGZy\\u000aUmZWVFRWVjFxWFJZL2dMVVNGbmMxMjNkbW11WEF4UjM1cFVzWERwbk0vallRcHRM\\u000aSmtNcHpPWnZmTEhNVmpVQU05WUtSOUhxSFBxaWVoN1ZZT0t4ZnlTL21ZbnpVWE1T\\u000ad3l1VHdRL0VLaEFkaVo1bHdhYnBhcEYwb1RCWWN3ZkVnejRRZDZjZVgvOWh0S0xx\\u000ab3o3RGpMVVlqRThPK1JxanpVeGJTbThvMnpHWG5yL1B3Mm5COEw4bE1yQlpTaUN4\\u000aUkJuK3lkeHZ0UnRGSm4yMWZMVmlqYzVOVFpDUVZ1bThGUlpTa2FLc2JkQmVERFNJ\\u000aaVJ3NGErY09mc3FPZjNQa2ZScTNraDJ6TUd6Ylk5b1MzWnFxSTJHdGowUmJaMFZ5\\u000ac1VTVWJnVU5uQ0lSR1RtOHE0T3J0Skp6Rk1oYm5Yc0R1MUxJbFY4b3ZTaW9VanZr\\u000aU2I3bnhQUTQxMGljZEt2NkczNmx0VFhVVkhnM0RzMFFrK2Vha3ErUk85clhBYkxD\\u000aYzBxTDhkOUFELys5NFZ0eEZ3a1M4NzltUmhGZDlZQ1FPVU9HYWRXbzJUYnoxM0hs\\u000aRDNUUUVvQ3JkQ0lwdGdhVTZ3WURjZzRtbi9IcW1aK1RuMzFJTERDejlvb2pPM2dl\\u000aYVE2aUR2eTlhVEl2TUdrKy9GR1B1emRHYmhRWmorSFFvbWNDaVMvYWxES3h0c0Nx\\u000aU3RkaWRQTmZwa3ZVSHA5UmNERHorVmlMMUlKRGcwVkg4N1N6VmNjd3Bva0NIaW9B\\u000aZGsyLy9SQ1lwbHFQWGdHbFZSV05jK0w1M3BhVFpPT3IrQXpFNUI5dVNFRDI4c0lw\\u000aVnZIb0lBbGhpZFNDT3M5UzJjdGhqYTk5WlQzREFMbFRYcFd3NDdpZmhkZ09aVkZU\\u000aNFJEYUlpMm9TMVp0SStkNXJSQ21PN1lEa3liNjhkc201UGlLZUVGdHJNYm1mcUNV\\u000adDhSWUNEd0dnNHF1UEI3Z3V3bExhNnhHczNJQTV3VVNJN0FUWC9CME9Jc1NsSFRO\\u000aZU1TYjlVbTdQTGhieUc3T1JKaXNLUjMwWEtkVFVRUjJGMzZWdzErZDVHMTBUWisz\\u000aaE9XSEc2bWlHU2hPZkFJY1hBN205VkFNWXhJM2lSUFBqLzE2STRGeExTdVFDYmFa\\u000aUmptb1hDRGRidHRYNXFqS0NXRDBBTEl3RmZ1VEFMNlVQV0NDYzRKOHpnMnJpc2pm\\u000aZ09tU015RUJ6UHVBRkc1Uk1lZi9DNGJzdHVGd1JDaUc1WkZlNmhyMUE0RkxLODAw\\u000aemw2ZDVjYkQzN3Q3amxXNmIwVHZpaVFrUS81K2dqak5QaXdPTGxPRU8vWHhXN1gv\\u000ac00zWm1EZlovZUhLMDM3VXd0QkRpNTBGaURXSHJON2svNXladnZFL2lUcUh4OHBW\\u000aSjZ4UXF2QWdLRlpFamE1Y0hEcE5MdWFTb0RIMjBzelNNL0NmU3g1SyttZ2c4L2ht\\u000aRHlBbXVPT3RJVnk4N2RQY1phUWcyZ1d0K05vbnN5eXgwR2k0eGNuNWZEZzVPQ0xT\\u000aeC81dm95REJNQnltZFp3aS9QSEtBZlRMWlBlaGlvemRDb21vS01nQ21JQ2tJS0hl\\u000aM2M0TkFTN1B2S1hSWDI3V2gwbk1aNFo5TUQxVzlVeUIvMFVoVjJQUHdLVnpvY09w\\u000aT3NEZk1WWXI0TXdxZjlXTEtFME9BQ0E2T1ppZFJYRnBKN0lUNW8wMFNzNStXZTNh\\u000aa3dER0hRRVhPN1JQc0U5SzloVmJDUDBuUk1YUDU3bFZ4WXBPRG5pRS9lK21MekFT\\u000aVm5rVlYvWUM2N0ovM1E5ZXpQdlE5VzJYcDFRTzlRUjRkVGpnTTEyRVBmUEpyTDV3\\u000aaUxaeW0zeitVNlNpUFFXQTNMSDVOdzVCQlRGMGlGRGxOaEExTVorUlIzRXU5eEQ4\\u000aWkVaV0VMMkIySGR1L1JGcDRkaFI2VE9FZDNTTDhIaDJYcm9pRE1YVnBnWU5FS1lG\\u000abENQMnlDTUNsQkFEcnNuQWVRR1Q0bVh0Rm5aMmVCSGtHNEhTUVRtQkM1NVgzRjMv\\u000aYTAxRmtNcTBtelYwSWVzUGM2UTRVc1lMWHZIQkl4L1lrT2hhTnVMMmprWnRGejdL\\u000aTDFQblRESEt5bWJJcFc1RFZuVDlFU3pHbUlDSG0xZ0lleVRMN0x5MldSTCtBTFdw\\u000aOW1aaHhJS2FxdmdmK29jNWFGaGlQellEaDFjS3ZxVDdHakxBTHk1amJrbDI4QzhO\\u000aSlFXZU9QR0hFVjRsUXJmNy9oejEzK0VrTGRaUHJuM2tJOGVzVStURXVST3pkSXN4\\u000aWUgrU1hpOGhxeGt1ZVByN0Z2aEF6bXk1WWFXYTZJT3JHNkM1RTZNTndCcmhVYXNF\\u000aMlQ5bE5OcG05a0Ywc0o5aTFud2o3WW93S3BnTVR2cWJFWUszTE05SGUzMnhRN3ZI\\u000aN2dncHloVmhBYk85cCtBZHQzT0lsanVrTC9NUGxRM3dnWDNyS1lBM205RWlyaDJ4\\u000adHhQVWR6cTI2NzNabjMwaU9vcWRBQzhVaGZFN1R2RUdMS2dZb0FlSGlqMS8wekRC\\u000aUEJNUVkyaWNwblpyK2dNV2huRlBtN1dXUmNkQ00yOFhsZTVBa3ZoSGtmM25tOU9P\\u000aV0RESStERkRPOHJhQ0N5SzI0QVhMNWxMZWwySTRlTW8zNU5kT1dRaWtidU0vWlNW\\u000aM3Y1WUdSMjB1OHlSajdrZ2Uva2FvSXk5ck8xaFA1MDFxV0xOd2owUFpIZTZ3TDhI\\u000aT1d5WHhnMmZweFRlbjRpUVFRcDJqRmEzR3hJbDk5U042emJvcEVZL3FGa0hjR2t3\\u000aeFk5S3EyOE01Rzc0ek1xK1JaTFYxVFVRV1h0Sk9lOHZWUDFkMDZPRHFSMlZrOUla\\u000aaTRwSGd5Zk9XNlBWT01WcVRGRkpJWU53cW04alJCakV2OUZ3dUluajA3ekpXRUp2\\u000aMC9sdXdaRFQ4R3pEY0RoaHdyWVFFR3BaVkl1ZVlXbkRoZnRxVkloS25zTW5KREFG\\u000aQ04zSEhFTG1VbjdJRVpIdU9Sa3A0alpSc0x6dTliK1RmSDhGYmU1d0pJVHBiSDhB\\u000adzhweUx6VTdqMk5xd28vYU5oZ0FUUmcxL3BERWpOWlArcEJ1T3hIRy9ldVM4YTBz\\u000aeEVETXFTclUxSG5jaWxFSkpMRU9yZ0tURkx2ZDB0eE8wamRGUGFLOGttRWtmWVVn\\u000aSDdJbTNudVQxSjVScDEvRXR1d0E1Mmg3YTVHWEhaTmduR2hzbE9kN1ZRLzBCQ1dL\\u000aNG9OaHBTY0FybUZibEhVMDRLY1V4dlAzV2MwNGZJOEV5ZHdZczFDbm1iLzQ1TXU3\\u000abnRCM1RkUDJOdXVoZlZHQUJyOEF5eS9UTDBSYytZdTcyQUxFZ0w2MkNtekNyOG9R\\u000aaExEVkQ2RnRDM29PQ3lMNXJhbVNKTzVXZ2d4bTA1WlE1UFN0TWx2RmVrNnhnd216\\u000aeUNBSTRzUkc1SUV3NTQvM2N0TjZxUzRYTEFVVWNlRUg0eUQ3N1VyZEdmdWw0dU91\\u000aOGNJZEk3alFkcGZQMW5XSjZRZUgvRDFCUEZOREtwQkhCY3hRbjd3aTBGckZOSTZw\\u000aTFpEeTFZYjhYNHQxaVkvVzE1b0NQUGw1a0hoOGpyeXpUb2tRN3NSbWcvaHh0UEpv\\u000aaHNqM3dSeW9OS2ZWSHMzbzg4dExWTlpQYUNPKzhUWGxlRm5ycGU0N01QZE9ldU5n\\u000ac0luaWk4a0s4bDJ0UUVpMlVpTmtER1pGdGliR2pxdXE5cm9nUWpSMXZMNDF2czBy\\u000aaGdXL1I5OHp4RDgzUzV3c29qQndEWXpPTzBtNDB2WVFFUEVoV0NXV043SlRaWEN4\\u000aMXR2U0hDMmZUSDREa3RjaHkya29CZ28zUDdYTXZPUnYyU0w3ZGkrajlKdkVqVWxx\\u000aVkRFTWRQRDc2b1RYYXh5T3lLUzVVbE4xTDJYbWk3QlRYMmlxL2xueGwyd2VONEx6\\u000aWFBsTmdEaHN0KzRSS1VtYVB4a1QrdlJpdTZ6b3dEV0ZlNGQwUHE2azhRZU1HT1My\\u000aUFFETnhuWHNXUXZoc0UvWGJ1SEl2Y1ptUVlKTjh2bHdGSjBzdnFkV05URWlDNGdJ\\u000aWlJxWHJ1MnUybG03b2RCSVZrdjUwcVVnRENLVG9xS2tkdkYwOVhnKzZsOUNiZjJy\\u000aQWE3d1RjMlU0ZEVtR3VxZ1pyR3VYRnhVZmlKYVR5TFE5KzFLcDNnZFRJQTVFVVRZ\\u000aOUs4cWhnS2lHdjNlQmdIamU1VXhITUMvMGFwWGhiNkFySEM3RW5yOHhEbmN5YU5v\\u000aOXJmSTBjT3RCT1g1QVZsS0xZcVdnWEp1bDZTNmZSWWpvdVVjaVF2UHpBRU1iUERV\\u000aaU95ZVVTQzd6SHpHcTZ4LzlBQXFySEZrbkIxS1lYdFJYWk5zQlNJRCtTV2NNMEZG\\u000aK1B5amxJbVQ0K2pYOFJBVjVGdTNpL09hcjBJNk1NVldSZzhNQ1RsRzVWWDd3cmt4\\u000aQ2pGUW5scGs4U2NrbzlRZkNjb1FsTlhyK1Fuay9rcFROOHJHQktvQ0xZVkpNWS83\\u000aa2RYZlluOXBOWTJXejlYSlJXcXh1dFRoMXU0K0ZZUzcrY2h5b3g0Q3ZHTTZjR1BP\\u000adDFZY1BJMjl3cnlYOTFiMks1MWdOQkNzSThPQlJXTkdkdXhMUzA3aDh3eDFSOHVS\\u000aY2dETm9kWnJQQ0pnQ3ovYjd5R0EyMDFManUySEFqeUR4N0pnOUJzTmJ3dTZnZW1z\\u000ackNnOHpJQjdZOFdsQWZueUhuOWRma1dhNFRZMGx6VEZoUStOZUtEM1RaUklrV21J\\u000aQkpUcitwaW1FWmJUSFIxSk5PeUh4L0M0cFlTem94MXhGYmMxbndMck5rd1lyRElN\\u000aM3YxaDQ4eldub3Zad2hIUmk5d1kxdngzQ3RiVXVOMVYwZnVGU0U4K1pvYmNaYzd4\\u000aZDVNdUJ4RW1rYUFneWJSQ2JSRlZvUFgxdjdGMklkZGd3TFRYM1ozSGNZdG85eWJM\\u000acWowZ0FNbUpadTJGM3pYUkkxUFczc25STFpubTd6TnBCYVUrL1luQzRjSUlYL0Er\\u000aMy9zZ0tYeDR1U2tqTGlwN2lTU2xoTTRmZFQwcFBSaUVoTkRyTG16UzErWmM1UXpN\\u000aaVVFVGM5L3Q4bFJDa0E1UXhYZkdmZmJvTFNGT2VMNTV5NWEzYXhNMUtZK0VzOFBx\\u000aRnk0cGhYY0dLVHZ6dDcrdXRlOEVUdWJKUUR2cStFUnhTeWkwWm9kK2RyTC9zSmty\\u000aa2tMRnU0ZGEzOTlkS3VobGRMekM3MlZxS3VDTUN6eGtOU2NOT3ZRSlRYVHlEblkz\\u000aa3pXRnFKK2l6SXRvTm9ydVRNUEJTNkpOMEJWQmlBOFF2bjhWd1dyOXEySDBzWlJ2\\u000aNWxsUkZZZnM1bEZ5TkI5bkpONnVPZ2JMU0pNSm02ZGc2NHlITDdFOXE4OE5rZDVx\\u000aMXVhY21pd0VUN0VzVGpSUXdLMm5oN05lMC96VGVpSzdiVG1RMW1KUGpwZEEycXp6\\u000aZ3lIRGoxRVlNenhoZFZIb3lHQW4wWlhDak96T21SR0F3U05pY3VhR1I3aERpRzNU\\u000aZllxSkxLWUorUHBnYTh4NlRha0xwcnZyK2F4c01wSWNPWkFpQy9jQUV0REFQV1lN\\u000aQmZaeEI3cFdSR2NqVThPbDhzUnlwTXZ4ZDByWlpoZDR6K2NSQ0p4aEM2RDl4blMv\\u000aVHd5MWVxOFd5TmNLdDYyRkVaU0dMWXFCaWVUSUp6ODRLMnpTWFdYVzBDZnhrcDVu\\u000aZXlnbTc2eFlyWmJLUndPcmxuRVFwaEVUbVl1SzB6RjdtOERKOVBtNlBNeVl3SVVP\\u000aL2t5aVYwU0R3WW5CM05HMFdSNEtFN01jOUZOMWFtM3l2N2IvOFBPRWlNVDBpK2o5\\u000aWm5lajRMT2ZVcnVVTDBqc1UyRkxSLy9RVXpaZUpxL2NaenBKc1VEY2ZvcW1qNERI\\u000abTk1YW5IQXNPdnZJZXBqdDJsQ0dLZVExRm1yb1h1NzQyc1BQMndySmtyMDd1SThM\\u000abnN0R2xucFNPNzZ2ZnRDa2kvYjc4THJOc0VIRm42ZDgzM1JXbzUrWVhaUXllWWUw\\u000aUEovWUpad0c4bFkyRS9YZWFrTjAxSjJpT2tNK0lmVkhnYWsvUG5PRVhhOFFqOXdu\\u000aejBNKzY5eVFGVksyVDJxRW5PUmtEZmtacFJtM2x0WXdqcFhCbDJrdDVKUE5qVStH\\u000ad1A5SjJHdExWR2IyNmJleCs1QmlVNWtxbUQzaGdHUlRsVmp1WXFkS3pYL3Z5bVJP\\u000acm9MZWhHMEZtMjFpYXFvZitQd1I3ZmlOUHh4WitLa1Axb2JGb2xDalo3S2o0OWdj\\u000aR1JNSnE5U3lya3BWcVkwS21YMGw1SnpERE9QUWdiRDhlRlQ1ckhjbFc2SHVCZFdB\\u000aOHAyckhQNG5BaXhiazIrSGRsMG5Rd3QwalNwUHNsSmJrYkpYQWtaZnZJNVVwU0RY\\u000aZGpRQmlXOFNJRWY1QXhPaUFveEdGQksxKzZzS2xJMzMzNCtKYmlSOVZDQlE1akQx\\u000acjM0MnlPcDlzc2VjZEFGVmRNQXZOQk1jQlQ3Nmx1ZmVlRkNCUFRQOC9sZFF4dmxy\\u000ac1Z0SEZoRHBHa2FYSk9hck5TVlV6d25uU0djTTZUMEM3ZTJLV3l3VUpLb1pYdmwv\\u000ac3czdG5KaFhTaDE5SUJxS3BLYjBTV1piTTZFaHlPTmZHc0hqSkhuR28rVHlBQlRu\\u000abWtNY25tTkxPSjcxYzNnMjJKdk8zS0diMGRQZTNYMTEyS09LNmpEdFZPVjRIS1Ax\\u000aK3UzRkRCT2pqYWU2SC8vYjN4RVNXWTB0VmlNSEN2YUVVYkhKL0dyQXpNWElwNTNB\\u000aYVRoSXEzVlVOckJlTDVraFFjbDl3ejcxM3JLRHkzSG0wRWxnQUpYSEt2cHpYS3BC\\u000aUm1pUDFJVHdRQ1F6L3lTREF5ZldpK2pxT0hNdUxaR1oxcW9qT3V1UnhIdWFTeU95\\u000aQWFwU3F3TUtFQTlIeGlZeFB3UUEvcHFySENJS0JDRWtSUnRrNDloQlY2VXdsOVdv\\u000aMnlJQm11cC93UE9rRVVRRW9NckxKL1FMSlZyUzd0N3BaRkNXdmdwV3RoZXcwMjBj\\u000aNTQ4QmkreEl5UjdFeVFmaXB4NmFtM3JzUUNLdDdMTXIwTXkvNVBkL2d4bWVNRjlG\\u000aUmNCdUtEQ3FlWEwzeWZWZmhwMjZQQzZTenFBdmJsbzh2ZG9EWXZKenFkWGVlMXFw\\u000aYzJmeHF6bFBkMXpicEJzeTh5NjRMM2V6M1NqWDBubnMwU2NvaVVuQkozci9hUG1E\\u000aR2tzUU1UaFBlbzVOcWpVTmc2d3FUQXlDMThqc1ByNkd0VXFMQ3lSOU9UZW5RaDdM\\u000aNXVSK0FMTVRscC81N1pMMjJkc2liUUJEdmVhNEtISGhzWjZzbDBGKy9YdmR5a1gr\\u000aZWU1eExVMnFES1RlRVkwNmt3elNQSTVxWkYrTXRtVVJTUWtoYVRuRGJYRy9kd1Ir\\u000aaHdRb1RQcXpBeURLRi9ITmRZVDdzM0lxYS9zQkEyTjJZVXFJbElId3Y1TUFGclE5\\u000abXYwbFhrc0FHbzF6TUpKdVRNUFY4alFmdDh0NFB4aUY1Uml6b0s4cWI4TjBLK3RQ\\u000aTGRJdWJtcnlJRitYSXhkV0t6NDhvMWR5MWYyalFIV0V5eVJNZTNvM2NTSCtDRU5S\\u000aanM2aDdPUjhyekd3ZFJxVmlEeHRtR3FMc3lhYVZYWUoreVZ4Zm5kNmg1RGNTNlI2\\u000aclAzOS96WEtSS0dYU05zd0EyMjBjTy9ER3VsYVdtT0pLand1TkNFRHpFM01sWHc2\\u000aLzB1cllNUktsVUVVTmpDTVVxbEFPSUJ1Y3g5YnhEYmpzU0lHN0wrSDUzSFFXZnI4\\u000abVlaOXhjYnFidXc2Yk1PQi94Z28xK0RyZkQ3VzJ3YVdoOGpKUW03NFN1L1ltQldT\\u000aUjBOVEQyNXd5R21zTVJOYmZvS3VTbUZNM05pVXdOcU40eVNQa1FOaTZod1ErNmVC\\u000aT2lPcmY3aDJqdE1VUU1HVFk2dEYyZzhzUVRRZVRVa0NqRkordExVVXBlR3BRaTE2\\u000aKytHa0UwV1dJWlBzeGtuT2Q0U1lXdHZBUWxBWTV3RXlTejFYQVNLNU45cmx3TldX\\u000aWE4vSjVIaVZacE5tVDUycjkvSTlzRlhpeWN4d3NPL1prd3lMeWFnaUw1cE9hQ1g5\\u000aUzJuNmVDcmk0cjBpcUtSWTE0QlhaZEdrNGlnbHpQR2tPMU1zc3JEU2FsejZIdGJY\\u000aMWgyd1VSMHdTZGlETHpUc3o1QmR6USs1ZlVwOHMxNkFicWlxQU82Y2Y3WlpPRWFs\\u000aOFBVZlI1bzZQZ2llZVFqN1lQUjdqcmVtT1RwUDZqaXZZLzFyQzBJYThLQ2pyNzF1\\u000adVBEa3VVVlZ0MXJiZzNZaCtWVE00aWU5VS95U3lXSFUwejZIbU1icHZCZ3AzUTV5\\u000aaXN2azdtVFFDdE1uNkR5VTlKSWlDRHBhZWVGUGpaVWJiSXRqbytiWFV2SW5ZbUxu\\u000aankwaUVJYW80YmhOcERGSjAzcnltQ3NMeTRSb1ZZczQ4NWxMd3hEcEFLbG4vMWFY\\u000abUFiK0p2VFFlTE1xNmMrRUtqR1FITXJycmU2T3VaamxiKzRDVVlBYkdLclA3b2Mz\\u000aL0tVL0JrTGVpdm9lQjFXaUgvSHBncDZSNVh3VTNvUXBXTUtlc244UkhMU0NsYWUz\\u000aaW5ic2FsNUpGK25KUDFSaXZldnNya0IyMWU0OXcxU2NIbmJVdDgrZEJJc1ZqOGhD\\u000aT1p2SjdqTVR1YUJteDV6UnJGUk9OSHJuTjdOMlFPQklpUmxDVFRmSUJTci8zdkwr\\u000admxObm9GLzlMcTU5c1gxY0JrVk9qQmI5cEFJRm85TnFRMHFLdGw1YXZiSkxXdG02\\u000aa21lei9xcG9HT0FRWnF3VE4xeHpwTWtSRTBpVExPQk50TkcyazM1RUJwUUI4WmQr\\u000aekFJM3d2ZGFPV3FsRk1oSHVQTHVTejliaHhEa1RicTVwSzhMWGxNVldURFVUM29L\\u000aM0g5d1M4bTE4aW9IRnpPUUtSMnVXc0FrZ09yMEt5b0Iyb1pEN0cxejJOYWNLTmgr\\u000aOFlyZXdOanVnZTBSbDJaWmVSVkNLc015UTRqT0diSmV5K1hQWkVyWHRGNWtsMC8w\\u000aZDdMT3BVQjRUcWM2NVp3NmpBOTFRK0c0dURuN0xicXY5LzVoUFllblBHeHM2Snhl\\u000aQVNhTW41OVR4L2JYUlEyQVIrbnpyNDRMTG9xVEN2dzJCRzJ5ZlBzb3pwZlpITlIv\\u000aMWE3cGRRdjdvVzhwdWV2WjYrb1p5R3p1NDhPRmRTZjFjWnNVMUhXdnUxd2J0blgx\\u000aSGdFWU1hNm10MWR4WjlNMktzMWpMc252eDdyTjJBMHlUeXA3WndadTZCQlRTeHVS\\u000aSjJiYjY4THJFZDlSbU9FN0VKZkhpZjB1a0tKWnIwZndJM2o5bkNnWk1hMml2Yzk0\\u000ac0NSMXV5c2pWcGc3d2FoOGUyRkg5cFN4U2VZa3RqVzBnY3ZvVndLNmZiRThiWVp5\\u000aQU1DL1A0Z2JxSlRIWkZzeVA3dVVIaVhQdXoxTEhnNXdOSk5BdXYxSFEvVTlLQlBF\\u000ac1lKd1R3YmxEa0RqK0RCbE4yZEVtVHpaVkpWbGU4SGlINGhzT1NoNDQ1Q2xHREFn\\u000aL2hZTE1kYTBqSDJaS2NneVZSMnhNMVlYd3NMZTR3QnNBNUdLRkJTWERFQjZmMkIv\\u000adDJIU3VZczFmNldpbEFEaDBqaU1JcllTTnM0Z2tOTFJYU3IxbkxpaGxMV1FWNzZk\\u000aU09YOW55MTJONFFwZ2wxTzVSSzUwWjB4SktNNE0xN09xZldHcVVFNnlSYWx5V29D\\u000aakFjZzhSdE5TZzViSjhDUnRQaFJFcnNZeE51VzRVZHJSaEk5dThxU3dERTl5QmNQ\\u000aUWoyUzhodm9FYlRMbXV0SW9zRXdvdFFOeXVvU1NuN2lVQXJwSWpuVzhLc1U2VTAy\\u000aeCtzd2NYSDl4VU92ZE9ZczhCWE1tSC84bXFxV0UzMkpVcGJGNUlaWEw3TUIzMEc1\\u000aTTg2NFZmWG5HK1FUbmkzbFlSWEhyd0Z4R1FPUTY0M2hzVkZDSVVvYVhiczRkM2RE\\u000aajZPUVZhVGxtM0k4R0ttYVNNSSszR0pYNWZFVHNOYkdGcCs0ZStNZEZkak1Yb1hR\\u000abjZjSFVGN3NYd2FIVVRtekphNDZaZDBLSjVVeEdicU1oMUo5cWJLamUvWWJzNjNZ\\u000aTjAzanNWNGljZy9qNngzb1VvRWdnd2lDSW1td3pIbDZVd20zNGNmZ3g2WEFJM3BW\\u000aaTIxMHhBTll3K2M4WDNPbGxnbHlEWjlaOHE1bTZOMnV6UUZMTFRDYzVIUVU2eWkx\\u000aU2g5d2pjOUdkakJSSDErdFZ2cVVDbnUrZXZNanBZL1A4R1hDZXRIdEhGa2xER3dF\\u000aMnNQRUI1WkZVZFkvcm9WeDdRczVSWVpkMVdOVEovRkMxRk1YTkVtTkNqRFNUUk9X\\u000aVUZlaHF2d3RjUmVQVHdkdEdjVWdONmVqSXBOdTlzSWNoUFI3UkVOYWtRRWR2UERF\\u000adWl0dWpQc1g5a2ptV3A3TnB6MU1XQzV3MGlEOXdLVkhHc01jWGF1SlBwVFVCdzUz\\u000aS2M5RTNGc3F3Q0J1cGNscDRZMWpzRk94WkYrbTBweFlnSUxPS2JSTjBjZHFGT2ll\\u000aRzhKcVJidXBpaGovOEpwaVg2RlI4dWxXSXZzZ3RSU21pSVZodlo5L3V5cjVXbkxJ\\u000aNklDV1hWVHRWYVY0clF0QUFSV1VlY0JYY0FXRHcwOEhzL0sydGpNQ0t3WXIxYzg4\\u000aSU4veXdaVnBuT0lveHdxNU9wczg3cnBqS2hvaHlCMk9ORUlNZlBEM0hYZG9OQWRY\\u000aTlF0SysreG4xN05XNHF0WHFxQitFeFRDNWRGQVpvT0I3QnpiVFdKbjV4NGMvUTNw\\u000aeEMxY3Q4L291ZERnQ1drTGZpT0NYWEwxbzlqRjN4SEsvL3hhMEducFh3Nm1IRndw\\u000aNW5XZk5UMFFDSmRJcWRrM05WbklIcTJwRmhSTDFwSUptdHBTOUNuSlFiNWZLVkcr\\u000aNXFTM2pXMkNzdTZTTWFiSkpNQm5vT2l0cWpTRzJxL0pIMENKaElCZk5IeXVxK1NF\\u000aN3FhaEJmZ2dtNlRQUkMzWXFjc2V1R2Zqa1N2RnBXN3hNU3c2QlNvZWljdktVTUNp\\u000aQW1GQVB1MXBNam5MMUp3VkpFUkxHcVZrVFdZanZqanduY0pWZWhJQTFNeHNHWWsv\\u000ab0ZpbnF5TDVsSVUySmNYMi9kcXlKclB1dzR6eWxIU0ZXT0FPSWtsSEN6eVFSN0lr\\u000aeFphbGJDYmpjWGRFVFZFV1YxSnJsZzVaMHhNbG5jYnZjQnUyNWtUMC9oYmh0alNK\\u000aUnJMU0dqOGx0Vm9ONCtCWmt4Y1ZTVUtLVGhSTGtKeENBdlQwV0RkQjM4aDh3eWtD\\u000aODVib0ZmU092UWsvdXFWalczK3ZzY283V2NzRmE2OEVKdWN1Y1Y1QzhiOEJ2dFV4\\u000aRWRiUXZuMlNkcjNUTEFqazlsQ2ZtcUM2Mm05VEpHOXVxdi9Fc1BxNmxtWFNLdHpv\\u000aWmo2Z1Z5ZGd2T2FXajZLMnF2R20xSGZiOTlpWkdhWEV3Y1U1bUZGNVBZYlMrdVVl\\u000aTlRPODgwdTl1dVJlYzJlR2dBMVR4SlZTVHY3N3ZuRTI4cnBzQUZycWl0ZklwTXll\\u000aUW10RzAvQU05bTNMelJmT3dLNTRBeEdDRk5CV2txYmpRUll0bUlaa0hWdDVkQS9Z\\u000aaXF3KytQQjkxaWJIQ0l3WnAwdWYvL1AzdHRzVDRHUy9KNjBoZ2pWNEJwek5FVVJJ\\u000aODNkSEo2SGZHM2dlaXlNeGYwd0ZuNjVpd1loc2s0bng2WjlleDVEN0J6Y0U5K24z\\u000aWFVBVkJmcXV1V3d2Qitxb0RBK1RpMVRDQ1gzTElteVM2RkhJZU50Y0lOQTc0UldO\\u000ac3ZtY01mZTlYUi9IQ1RERzMydXk3QzhiR29RQ3JFcllreTRXTVlhSGZScXN2cjRa\\u000aWGV6TGpENTJkbHkrV3UxQVd0YmtxbzU4am9pNzgrYjhhaEREVG5ib2ZFOXdoeGxW\\u000abTdGYXB0Z2NET3E1TER1WDlNTHdZRmM2WGludDZIUGtHMUhoeE1rMGdIRk1xTzJs\\u000acm1lQ09nb2t2MndwYk1MZ0txRUxZR252amNzR3R3WDZQMzlWNnlFRmcrOCtFZzFP\\u000aR2tRUmkvbzRScTRjSm1QZ0x6ajZKVC9FK1VZV2NjQitLaXc4S29NOEJBVGVsNEsz\\u000aVFlhcHlBeUVyYW13d1NGWldKOGJDdUx6WWNRODVEWkxCRy9UaWtDUHA2RmZzQy9V\\u000aNDBCWGdzZ2IvOERKS3U4SnNQRWZ5WEhFR1I2cEZSVHoyVmE0YXRiL1hCc3NMcmpm\\u000aTUsrTVJ3dXZnTTZmQjBjbUh5eXRkbjVrdVBCUitSa0FnLzgwMVRhR3RJUml5UnlQ\\u000aYmU2aXZSa21tY29idTVGc3F4eFlCa3V0VUxoZm1JaE5Ma3EvQUhvWGZZTzdpZnRW\\u000aMkljTmE2QkZQU0NaajZ1SlY2MDBKN2swRjRnZ292UmVWZmlTMFFoSk5TeEZ2YUQ4\\u000aZVRuUHlVc21SWjY3blMvenp4QVFyN0FrTXN1S2xLVlBReVlVOTAwcFZsaGRlNEVH\\u000aalRTREcxTjYvV0crdWN0SFo3Mm1DM3VYQTdoUUVLZEdxbUs5WER6Qmp2MU1UWDQ1\\u000aakhFR3JWbU5GaytKVHJFSkVsdEdRTmJqRE96UklORklxMVgzalRtN1pZTWQ4MVNv\\u000aOS91Tk14Y2hDcXExUzkybHMrUkl0elJJSVRjZVVDMkp5NVdtQjUzUHNqdDNWYW4x\\u000aSThBaTN1OUxUa2djaGk4N2QyNXVRbEhFd0RGMWZydjgrb3NubUZBQy9GbXQ0YXA3\\u000abjRKenFzVUhDV0RucVU4RjNEVVBTRXBsSEY2UFFNc04wd0JnaEdDNmdpTDFVU2ti\\u000aci81UUlhNlZWV1B1MHE5OFdyVlNCT2dnMUxHVVZvUFVXOHdlaWdRelpXYW1PU1hs\\u000aY0FkL2lrQmVaSW9iVlY5VDlDZytWbUN4Ynk2eGhBL2kvRzZDSmVjc0c4UnpTM1dN\\u000aY1did3RyeFZicy82bVhoWGtRZWhCckhTSDZyUTdvckdMakljQk52WXRyR3FJeFF4\\u000aNDRKQjJIdUdyTUR2QW9rSEJCYXMvWlBsOGdOTVZ0L2ZqQm1ZbFdRSi84WFdBT0Rm\\u000aa0JHMG5HLzRBUldUanpkM1lsb2xKQW10Qnp0YkNGWWkvNTlaWFZvV1hBbVg2b0g3\\u000aNUhvZmcrRHdmQW1nalYzR0VvKzhUR3VnQ1BqMFRJRERvUEUzV0IvR0wvUlAyRHRz\\u000aZVZ3c0pxak1UM0tWYjVTTHZkdjNLWFJXdVF4K2JNaVZCckZQSy9uKzhZNTJENjJi\\u000aT1NPZHVka01jQVVnaHpuRUpNWUJPZGtZNnplUjRLbnljVW5wc2xiTXhVRUtsMGht\\u000aL0JiM0FCUWdzMXVGZmg5QUVEUjJ0ZmJKNEd5RE5lZSswVEVYbDlTRHFRazB1eFAv\\u000aTEFMTUp2Z1ZPdHZqaVg1bjQ5a21icVdQbldWRGo2OUxPNGgxN05IWFNhQU9uNHk4\\u000acnVrSnh0akw4VTZLdTNST0tjMnlEZVpwNUc0V1dUNVVndjJQSUdyencyM2FqMWNj\\u000abE0ycmpqeFF2V1RQS0cvaDl5bm9GWjMzWm5LNkdGSnRYUTJFQ21VTGZ4OVZ3UDZj\\u000adWpzdVNwRVQwUlo5NXk4Tzc1dmNBRnhXNnpubnZSNkkvRlBxbHE3MzM5UnBJRUFH\\u000aTFRuaUQvZkJLSi9hS1RyMXlaM0IveldiVmlsYkdYWlp3UW9uZnptYy9qS1orVTl6\\u000aWXlTMTZ2Yy9TV0k0aytiQmpNM2hoS1pKaWJFeGpGalpIQStVU2lQS2Z1VDV3T0tx\\u000aU2lsbWJLcWJNbWtNLzNKelZCTlJtSnZwNkxHdnRJdDVJMkYyRS9DTXlPMjRHQ3RQ\\u000aajdlYjlYNlA4cUd3SG81VHlmWm9Vb2VPaXNMVFFmZXpISHhXUHFGeVdKY2VmSE9B\\u000aM0VjVTgwWHhPdlhyUWlKR2laUlRWWVB6dnAzU1ovYnJRRk51bHM2Rm5FYW1hRER2\\u000aNDJqSTRyVi9TYVFPZ3dRTHdYMEd0MCtvdGRRbjd4S1diZVNHNWhNbzFXMkdFRC9r\\u000aelpJRGM5ay8vZXdkMXg0UGhGekRFcjMzSDVtQ09mYTcvTi9KR2wvYXpFUnl3Qm1j\\u000aTDZ1enBFQWd0YXRrSjViQytnVy9objM3WDRRZml6cnZzQURXVU5uMTljK3ZzZG9M\\u000aelNwUmVzNDB2azQxUk9SakZ6eFEraUZnRTluVXZLSEx2ZnpwSHVkeGZKRzlRZGQ3\\u000aTk9mU2NRaisvTzBHbnhOZDgySnBXZ1p0SnZHRzBGWkZ6Z29aaXhBcWorLzIrRHJJ\\u000aUjRYeUdQa29aVDJLVGYxU0RNbTR1dEhuRkYyRldtV0hxWVYxSjdwMkwxZ01kYW8z\\u000aeVA5TDFFME8xMWNBSVVNaGIvMWhvSEFIbldBYlF2OEJQUnNVTE9SdUI2dENWTGNj\\u000aenlEY3UrR01nYWU3bUdPWERaTmczM0gyTnNmV1RJMWpCd0JSYUhYaGoxUHhJc0tQ\\u000aOVdnWENNQkxlWHdHV0s0WUpDdmNUTjZoUlIzZWZ6aHd2UzZjM0k5clVDc05HaTBk\\u000aWEdIc0QyRWV5RjdtYm96cm9Zb0tSWDhXL0Ntejh4TnI2eitNS1RwSWZmb3QrZ0NP\\u000aaTN4QkJxQ2pLdmg5eTdLMVQ2MkdEVElqUjdOaXEwUkwxTEU0cVFSbDFmNkNWMGJI\\u000aMzQvMzMraERCWnJmREVmekRSNlpSTGhycmI0c01DU0ZiaUYyaXlqY1QycVJTZkVH\\u000aZENwanlHcVZQZWpWT3VvK0JZUkhoZURqVHZwNHUwV0NBS0cyNHViM0VQWnYwS3Ey\\u000aNHZGOEhQclJIcFBSVkNqdUZHa0dNK3NqWWlkeHh4VnBDa2hsZmxZZnJFUjJSMGtM\\u000aTW9Hamkway9wYnlRdEd1dnk3RDFQZ0V6UEhCUUVHSzZhaTc2U2pWNU9HUUdzMzFz\\u000aYzJKMFlRME14Ky9wNEZtb3hvek02bkxrVkNObUxWMStPSXZHaFV3cEFUd25XZTZP\\u000aUFBHeUVyVFpvalZlZXVqa3Q2ejFzNUtVdEo2YVRpMWZxRlRiY2tmUGpaaGt0K2Ru\\u000aTUdmNHVxdXhza0VDYmJTOEVEUm1DUlM4Z0poM05GQ3VGR0pzWW94OVBvWk5BaHhK\\u000abEYzaDhFNk1UWkxNUFRrWHhHS3B0VndqR3IxTmx0VGRycVNKRVFtSUZTWDQ4cUwx\\u000aeWtudXY3WEV0TWxxUGxVUVBrd1l2THhpeHNqTHJEV1R5UG5MY3RRR3EvVDJ0cFp1\\u000aYjc4cXM3Y0NoSFNMVWV5OEt3ejVxS0ZpS3ZBTjBBOEhvalhzOElZa0F0NDFJdVZm\\u000aYW9oTHVEcER2Nk5wTmtLaUV5ckZyclVuZjY4cFNybHNiTHpSTmgyek9DTitDaXZ0\\u000aOTB5S0JXbjlUeXkrdHhIcy9EL25qMzl3Y3ExWXc2VDhlR0txVDR1OExOUGJ3L05o\\u000aMm1ramxQaE5SR0R1SUZON3MyKzlmYjhlYmJQRG5LL2ozdUtieWRjNEM1QWhDbUFk\\u000aYWpzVXA0Q3dpNTVGTjJreXRZZkZ6TTlyZk95T0VlZ084bzdDOFB6WDVjcENIbHdo\\u000aZmtMWHFwMDBPUktXZ0RQQlZnaVkyT2JFaU1CeUFOZFVOK2k0dVJqUjZJUnBMMXlU\\u000aY1F4Z3JlWmVkK1hWK3BwWEtWb1dVMEowR3o1cE94MDRYY244UUh2Zno3MjdtN1NL\\u000aWDdKaVVwY1dJc1g5UmZjdFlJb1FxSkY1endSN0s0WDJYV252NVBtTk9YLzVGU2Qy\\u000abXcyN240WlFqRjZYdFRUbzZZeTF5d2dzOUpELzdnSmIwTkczMjhQcU5Hd3FFUzBo\\u000aUnBYR2RydHY5S21hbzFjWFNGN2drVHZ5RFRScXRYcHYzeER5bXROSW1pUlNOOXlk\\u000abHV4aFUydG50dXVUVlN1WEUrTkJ1QXovQXdPSU05cnNOL1F6QzZXT2hGWkNjd1lF\\u000aK3pGa0FLVUJLUzBvSG4xbmR5dVQ5d1ZqbnVDL3ZhbWNTVmwwWnhJODlpcTc1Tzd1\\u000aS0V1dGt3Wlhnei9YekdVS01NZmo4Qi9oYW40WlE3MFRidHZDNkszYUpLWXB5RlQ5\\u000aby9OazZkMzQ5MFV4Z3AyclZVQnprV3JucmtZUy8rRkV2VUd1cW51V3BrZzZra2Y2\\u000aWmFtbTVidVk2Rmx3WTJIODVxQkV5a0haWGc4RU5tWVBtc09QOFM1TU10bEZYbXgz\\u000adnJUVUlRY2RtUHV4V1RYNlArSEtvOWZyandLMkxFTmhYUXN0aldZbW5VWW93TUZH\\u000aY3l1NlR2TTdWZDUrb2VOU0tGaldQNGgxbUFMNVYyTHZWU0JSYTYxb29mQ3VPODZI\\u000aWmNQbzRPNEZoVlFXeFkrYzBLT0tFbzVlSjZiemlneTVvclM5WmY3OTlQTXdRbVJy\\u000aZmVjWDF6R3ZYMEZTeE9KdzZEM0FVZ1VhR3dSb3M3d1FlREd3QWdmUGJ3bTJLcFda\\u000aK3pGK204cTJXOHlUbitGR3J5czJ2bXJKczRTZ1YybU4yN28wRFRQV1p0a3h6Y3gx\\u000aU1JoUjM3Z3d1NUdreGVpL3A5NVdTeHNVdEozUUd4Rk91dnQ3T284V09rRjNlN3FK\\u000aSnQ5U2tYSVVpMVNGYzVRblZ6Mno1MmYzVStabzlwdlBVVnN2UlkwelFuSU1xVTFE\\u000aN2FwTEdhWGltMm84MWszQ1gwVmRJQXlaYmlGUHVEcGtZOWdvcE1FcjgrclFIQWRB\\u000aMlRZalpwQlhCV3NyNDg2Z202Um5tc1luVXlRRnFTSkNFcWhCUnhXekhBQk5GdVZS\\u000abEF6ZE5DV1Z2L1RLVXV4WmV2bTVCTWNyL3V4ZmgyTDNpUmh4Zm96cU5HMnh1RXFS\\u000adTFSR1pTRWFkVmUwaUdUVlhWcnQ1WHU5QXMxdXY0QlJGcm1GY0FpbWkxQ1ZqbUJq\\u000ad1pPNTVmeUdrL1haNGgrQklkaXJyK2Vxdm01ZmhZV1JKMmk1YmNUUE9WYTFpeXlm\\u000aZUlaNkppMC8wMk1BTVdlSzB4L0puWW90clJXblA1MGJFOC9XT3hTZ2VMRFNaLy90\\u000ad2pGaUpSTlpEQkdZcCszZGFrZ0R5VHo3Q1hWV1FRTFlGL0NLOGpXRXI4RE9ySUFp\\u000aVjNheFBaNG96YVlqWGVXNHNxQkpkTkdkZ1VzV203bmJnMDRNcCtIL2dDbmQva0py\\u000aOVNmSklaaXdtbnpJR1hXVHV6ZjlTV1ljYU5DK3dzTVBpQURPNjJsUDhoN29xWk5F\\u000ac1dpQmRTTEZ6ak9zdm5rM0Rvak1GeFFxTzlGaHF4ZWtFbmtiS0xoTFQ1d0hhZ1V6\\u000aNE43Vmk5ejNRMFI0VUoxV1pHVGF5dDVkVElYZVppWkpyc0dVc3BiVEFQTElndnM0\\u000aais4aXFwL2pGZWNpclpDRUpuOEo0V3R3UWYxYXROWC8yMlpQWWpZb2lqYXVWTm1l\\u000ac3lTUXRIbzNFYVZmVmljRzUrcHQxYm1ReE5rNlh2ZHUvbVlkVUpMSFZ6VHVpcDVO\\u000aYjdId2VYTFo5WjZwSnZMeEdJSndmR21HZjY5a3Ara2RZODhHN3JvQnN0bk9lMVZU\\u000aUjVuR0lyblhJRDlqcXdQZWF2RlAzV3BjWXRsdzJVQStZdUVVRkJkUkpDRiszdkx0\\u000aQ1pyUm4xNnlYU2tRN1FpSmdHeXV2V0p4QUdZRzYxZGJ4bG41d1ArejlWcUlyMUVr\\u000aY0pXcjZtME9takNJOCswL3lFNXdGbjdEbHlWRWxVRW5ZNzdyOGh6QXFJTUMwSTI5\\u000aNUpnc3BGY2lSaTI1eWRLMzE5c3dLc1dHVFEwZ0xFWlVnNDVxWjAyalBqRWRsM2ZJ\\u000aTm90VGl6TVBVWkdHeTlmK2JpOE9UYld6NlF1K2YxNFk5UkltbWx6N1BmUmltRzVJ\\u000aZ254ZUljRkpxcDBacW9WZ3NpeWtyTVdIaUdDVUMzejZ0d2FnT2lFZlU1bXJ0RGJn\\u000aVkU4NkFROVhWZ3hhZitpRzhYb1JVNmhIVkpNM2dhWk9EVmFYY0tiQkg5L1NaN3p4\\u000aZlI3UjBwVnJyc0U1UHE5cGJ0VUphRmRvK2hpQnpxdGRLdEJrUDdjYkFEVER2eHU4\\u000aYjhkSDdhYVMzUzlxS0dmaHUzMW0xK0hVSjZHYmhTRW9sYnlGcTJySVkyV1p1K3FX\\u000aUHVxU3NtV3NEeVRDSGJ0d2N6RVkvOCtUdEhUa1pFYmpkN0F0RGZ6dmlJRW1aazRh\\u000aRFpCdEdYMTc1NlFIb2hJT21KdGVPTWlqSEtqdk1VNHlYZVh3VkkwcFVwc09JZVhZ\\u000aNStSOWVGQVFFZUJTTG9FOU93ekpOYm1idFJvSHMyQVJWUFlaN0lZMUxOM1oxdnNI\\u000aYVY4czZVbnB6TXZNRjBMdGw1UmEycmxwa0NsOHR0a3p3bDF0T0NVYmRmc0d2UVhu\\u000aZktjVllNN3d3bXFQakFRdWJpK2dEcHZrcnVFZTFxekd1NlA4cFlsY28yN1o3WUFE\\u000aL2dzL0s2ZittSGI0VXlpeXI3cklaampSb2c5UWN4NDR3TXF3RWZvbWQwQXFlbWo0\\u000aQTZ3Q1ZVSjFUN1ZwVmYyc0FSWWVnLzAzbWMvTzZySTZtSTVTQ0tKZ0J2UWhvNEN2\\u000aWVYrNzNNbVg3Z1dNUHRkUExydE9vbk13M1V5aEtxODNuV05nSUFhbDZySlhaV1Bl\\u000aYXVVbjVVdm5jeElNZFMzWjFjRndsRHhVd0ltRytGWnJrTGpqWm1XaDRjdzVGOGNj\\u000aOXhSZk93WW5aaTJJMVRUeExLcTlDOUgrak1sOUxna2hoemtWZDFSZUFkcFpZYUdw\\u000aZnlSUzZsWlBWaDZiNlA3a0lsdlhremplcDhkZUprNm5ycWlQL2ZBdFNTQVNUcTdY\\u000aVVVQUEhnSW0rNTR4UWcrdlQ2MHVHY2ZPaHljN0owd29ia1lYMDJ1Q3p0c2lranRa\\u000aRW03WTEvOWRjekx2c2xodUZ0d1UzTWF5Q0QwakRmRkhKbVJCMmVLWmxRZHZmU1A0\\u000acmJ6SGdwMEpzQUJlNndTMlkzdDd2VTJDdklqM3djTlZRTkZCQnZYbmk5SWNxQVNm\\u000aREVWMGhYc3F4YWtQNFAvRTVDMCtkNVR6eDBIRlF6czk2ajNEcnlHNjl4eTByRzBV\\u000adGZLRDBmK3VMc3NQVERybWNhU1ppVXh0WmJqbGtpR0hDU2R5YVo2RlNSYWhMcXpH\\u000aWVJ3YW9wRENDVHhQNXh6WnZaMGIxWDlveWE5c2JRZWFEVEtJZmdmMnc3RVEyZEZn\\u000aLzdCN25lZUxJSVdWTXZvK1pzMUpsR0RuWWpvVUdRYU9ITWI4ZFlIWUJnbEZ6UjJp\\u000aZUN4SjFhU3haQkFQNGFtalErQWp2RDE0MXk3WWsrVnNMeG9jdHcrbzVCRndHOU5m\\u000aVHJzT3MyQ09IckRoZW43TzYwMFNuNWh6MVNhclJHbzBTQjZBOUxJdnc3OUwxZFJ1\\u000aeUc4aWVjaURhRmVVb0M3OERCTjFGRFJyNEpxYmlHTjdXZ0JLQUpyRmd0L1dZMjNV\\u000aSEJPTFpOSHBGZ2lwNnFmNEtTNENRWFFuL1o1MUx3MXhHQUFRSWc0RUxGbjlDcitz\\u000aME94czZkWXZmeVhMWVhiOXkwa3ZyTnZXZDVZUkFWWHZENkFpVTRtOUJZNmZEWFNa\\u000aWm9ma0w5em1BU3Q4anpVZnRPWU94OWVqNzRJeDRQdmRyYmdVV2MyV3hvOWc0U092\\u000aTy9jVlFjd1RPYmFxNkFuVjZIVkl4dGtpakRkeG96dDhYTEJCdVBncFlZWnRWcHJ4\\u000aTGlVb3g3ZGpDRml3cVVYZEo4Mzg1a1gvcXdVNXlYZWwyMnM2c1BHSU95RlI4REw1\\u000ac2ZacW1Qei95bDA1RGJMaTBoTjlBaU9jQStVQ1ExT1ByVllNZ3ZqUjl3ODIwemZh\\u000aTStmOTgvNC9FNW5mVWoxdXlwU3RpbC9tWTJqeWZxd2hnaUpjcFdhWWNZenFQYkY5\\u000aMDVsUkJpa0hNQTBzSGxyeVJpUVdBc1Baa0lxclN1SHg2aGpHSDNGeGpTSnYxZzhp\\u000aVHllL1V4MDBucGVYV1c2ZFg5cGJHYWlOcmZDeGZlOHQzWDcvc3dPTUJyR0VEdEhr\\u000aZWhoWWNybm16U01yZVY4dTV5dDVFL3dmUzJKejNTeGVoTmp5cHhEQUNFSDk4dTFJ\\u000aUUg2d0ZaanlHYVhSQWNqTnVqTTNPbk12NHFKSThzVTdHcE02VHZFcXdrSG0zUjF5\\u000aY3ZhSTRDd0l3d3FzUFlFdUQ4dkIrNks0WGIzQXJzTnd3Qm45ZjZqZzYzZlFvbERL\\u000aZG1zbEJiUGhkdXY3QzJYM21qVnJBUnl4bWdKZGhKckNmbG1hU05rTTIzTWxCZzRQ\\u000aSVR2ZTNhSGFxVnVFVy9jUHVPMTR3alBGdzNDa2RzSWtuancvWTNkOWJiQzl0UHVC\\u000abG0zcXRMQWhSWVJtT1dvWE9malFCUG93WldlMm1RQnJ1TFV1VzhhRG5WU0NTVUNw\\u000ab2lWWnVNYXhuVWpscTAzZ3V1OUcrOVRPZU8xMnJFQkY4cDhtWVA1STU3aWF2enVP\\u000aUjZQa3BWSU5ERVRrQWxqNjZOMDA3T1Zid0IzUk80bDJYTHV5emQxWDI2b1VFUTVl\\u000aamp4LzY1RUdZd0E5ajZpMFE0YTZkZzkxbDBMTndiaGhVbk4wM3dvM3BTRmoraU9F\\u000acUpMc2RUY3pkalllazFlMFlDYU1wVW9ITDlzVkFlcStld1A3VU9wdisxTlF1SnM3\\u000aTWQzUVJnNW9RSzN1NzhYdXNzaGpTZHFpd3RkQTcvVm5SQzN3Mk01bWJLd0VlVGNT\\u000abjl3Ri9GZXBGcTkwQ29wL0hGc1hxeXNVRU51NWtTY3E5dHpESmhnOGJpSmJkVXN4\\u000acU54NFRYWmExZnA2ZU52ZGFzdjVsOUo1bnBmWDZvbjA2MG9CelZvMk9JNXhRMTBH\\u000ac0J0MW5YNWIrQ2UySjk0ekVObXQrYnFLZ0VoNUlzWlZ0YTlhNnYzcWhtYmQvNGJK\\u000admdhTzVmNmd1Y1BRL3JxcjFVbGtDa2dQdnZyWm1zWWVyUDlzeWE2YWhBbDJHaGo0\\u000aekh6eTBDSytEdkxBU0s4MEhCN0tWZFc0dUpxRDYycGlLYkxKVUU5aUhoVTRRVVpu\\u000aeG14eGtNZmJnQS9pdVR0NG9vdy9LOWtIcDkrUWJVazlFUGc5Rno0TVE3bDNiTUxo\\u000aZzdVMjR1N1hTdlR4TUxuMis4ODB6TDNudUJhRUhkYTRic2VDYzBwaDdOS2s5YUFl\\u000aTWF0cWZycjNTSVpycklDZHVETkNhMmRVZXl1d0x1Lzd1Zi92Wm1oVEpaV3c2MjlG\\u000ad2thdjdhaGJRYU1NZ042NXBhL29BR2IwMXJrc1NYZ1hkRjdhc3JVR3YzSGM5ajhu\\u000aSXh1NThqWHh6TGM1d2l1WmIxRFB0OE9mSmdXYTBGeVJKajZBSEY1SEdicWFGTTlV\\u000aRU15SXU5Q3I4c3BGNHJURTVBNjRrb3hqZTNtWGZIVVNVanBUemtLMlllMkpLaFk2\\u000aY0dYc0t2aE4xbHlBblNQTEZ4Tm9sc2k2cHJDWTFaeUdQdVl2bm8ybDdQbFRGblAx\\u000aM1orMCtRMGxCdG02eHZCQm4rUGl5bWxtOWV2TUpoeHNOeGlaN2NZMzNPQnl3NGJ4\\u000aRlQvN2RmUngyUWxxT09BTHI2a1c2ZXI2WUVuQ21CNWdGWDVsSEZML3UzQTRPUFAz\\u000aZ3k2aUdjQ1pPVnJrOTdUQ0NZZDJ6UTVkZVFKSWlKeFFQQnlGbVlQTzg5eU40QlVI\\u000aOWtRVFNDZUdvbVYveWNIYVpkSGwyQ2JIVFd2aGdCcWFiTWJYSnhWRVdac1MrLzJN\\u000aaGttZE5aSThaV0VnYm5odFlXVHUybjhtOGZBREYwMll4UjFjTG9Fa25FN3p0TkpZ\\u000aZE1MZWUyOEMxRk5kbDNtUzVyRlYvclhXVUdtQXAzZ09Lb1NXUmJMRDNlSi9ybE9U\\u000aL1NwVGJFUDVJNGdsQ3AwOHYxOXBMK2krTDlpSkVhWmp3dHd2M1BXRElBekkrWWlr\\u000aZGJnR01uYitYeWwyUDk0R2c0cVk1RTRQN2ZTcFllaVZiVEJleUpRMG9JUzhuUDlI\\u000aUHpwV2NSRjNFOGkyVmhCSU1aYjdSNWtJSVdxa0lMbXJwNnBrejA2NUNKQlNDay9U\\u000aYkYzaVhadU1kcE9udFhMYk5Wc3VGdVJud2FYZkpwVE5LT3U2K2VTcC9rSDE1cFda\\u000adjVJMlFSN0FGaElXSHFCYXo4Z3k0QzdVcS9uVWVqN2ZHM0V2c2ozTVJ4YlNTUjhG\\u000aSnFGZDB4MSt4SzgxTnM4QmlqYUVPV2xBRDFvMU05WEFGTXFWM3pVNEVuQjIwaUl3\\u000aYW5DclBGemJidWNUcVU4RHMzb2k3Yy83emU5Z3ByRHFtK2hKcXRTYXEyNkIxeXZp\\u000acXl6VTd4UVZEczU5VCt0VGkvdDFwalZkclJIVWNWZVZSQ3h6NFl1N1k5TFVaWDA3\\u000aM2o4eXk1MktLZXk3dk95VzBkNWxKVHpkWEpmZkhlQlNhQ2ltMnVwZWZaeTZKeTla\\u000aZWkydDBOMENIUUtzRnkyQk90bTl0MnNUUXFQREJFR0dDdGVRTFB1Y1BOL1doZS93\\u000aZC9Ma0cyNXFOTit2MTJybUNWTE9CM1JiRFpOYnB2Yldxcks5azR0UFF4MkM3M0d4\\u000aeXNIMjNzNWhJOEtvWVVJSEgrQnUvMWF6SDVZTjVhanVXcTNKV1hZVHk1S1crOE4y\\u000aamdvNk9qTENIVzBzUzU5TXcrQU1MajFCaWl2WG5Uc0xTeHBTSVByb21Dei80c2Ri\\u000aM0N3a296akZSOUxLRUJTS0NNK3RxMXA4ZUtTZ3NqUzVuaCtwU2NNRkpxWjdhekRB\\u000aeEhXYVoyNTQ1bWpEdVJOV0Z2M1lsTEhXczZBM24xSExCdnVOUWs1ek05RnYzT2tm\\u000aTzBqOVlVUWFnWjdCMTlUVjVCNDhwQnAxNGdYNS9TR1VmOTZOaWQwWmdURVhQRU8x\\u000aM1JnRU45cWVsazRPQk1icXJQNlZ0d1FPT3BjNXVEWHgzcEdWQkhTejZrb2JRNDV5\\u000aU2l5SUI2L3BiUGlsbjlDdmhNSWVyNWp2YlZneEtCdkFyajB4RFRWWVpGcVVYZVhz\\u000abHRlSE5WN0czd0E2dG9DWU1ZZ3R5UHRtWjd6MDMxZGVEemtwQnBBV21HOW85OVEw\\u000aSC8yV0EwaXNQdVVhbU8zbjFFUG9BRFZQZHF6UFpUOThPeDRjS3kyQmdBWmJBZVgr\\u000aR3lRTzgyblhudE1hWmUwbVV3cnFPbE13clZZNGhlaXY0aFEwOG1VekdkVXRSY0lL\\u000aTGpITm1OcXZvdTdlY2ZHdVhTcnhvMXVJdkdIbzNuVlVZTWc2ZEFRRlpnWUh2ejdZ\\u000aREFKWTBEWGYzTHVFZTR6bVh1azhlNm4vVU5BbE1ZQUlvdEsxY2Z2TDV0bnQ0akVD\\u000aRFFjb3lZaDRjUlVFei9XUXdudEE4Wm5sQUxRMlJOUDY0NXhjU0JOMEVCYUkyb2tB\\u000aNXI5TEYzK1h2UjdxQTB4b3VoNEMrNWZRTnpHdTdwTjFUck9WblYvQXBsMlNaMmtD\\u000aTEJQN0hjWWt2b3ZBYWFick8zeGtrUmtsdFRCd01rR3RmRC9NTm13WW14NTN3U0RL\\u000aUjE3NG1uckRCRDdOb2d0S3NTNG03Yk5iZUZyTE1hdDYwYmZVWWsweFp0YWxuSDdP\\u000aU0xqcURHdmhYQlBDaVFLNzNNVXppdU1qWFZXMTVUWWJDempuMHV0Q3d4Szk4TVlv\\u000aY1lNV0o1UGQ3WG0zejRva2prNDVFTU9DZVRGRmdZclpVNzlWYmdERVFpbUd4a0Ni\\u000aOGR4ejRMZkh4N1NGUXVhSEpNSjh4SUxZTWFSL3doQ2F4ODUydlNRaElJWG0zZ05n\\u000aWHNyeTZ3M3EzLzQ1WDd4OHVPd0p1T29GUGd1NEtNVDBTUkUwSmZRaFhQUDdpTXVJ\\u000aYnRrd0ZXeWxGQno1SmhVMzhzZ2JGdjlaVnczQzcvbnFZVUVDMXZRWHRnbEs4bGJj\\u000aazlUMzU5YVFpclBkcHF3NjA5OFFGVktyNmliTlMySk0wTHFlM21neTBYQ1RTYXUx\\u000aVE4xeXN2SHBpdU1jSW5BZWFyL3d5b1lsek5BZU1kbUQxUTduaWNBK0pWTWM4elJn\\u000aZ1NKcnRoZDZ0emd4NTFFTUNoQUpFaGR6UkpjRG03Z2c5eE9TTzNPTGpRdW05K29k\\u000adjY0b3NZNVNtbDJHSkgzZ0pzRmdyc2d0TXpTMCt1dnYwdGlZY1BoY0VsL040Vlh6\\u000aV1FTNjByZERQMTlUMFFYREMxc1luSS9rZFREcG40WnNyNFZOUzRkM0cwaEQ2Rnh3\\u000aZzlVdXBzN3k0MjRzcmlOWDgzZS9CWFhZTzNBWlZCS3czUlBVWnl1RFRZY0V4cnFM\\u000ad1RPWnJNQUJrVTBuNnBpYVRqMWZhRDJpZUZxcEFycGxIZzdrTW5ZdVN2MVFDekl3\\u000aL21GR0VEWVFqSWFiWXNRelZMRzd4YjJxbkkvTWdTbUdGUFN1VkhKNDBMNzRPYTh5\\u000aSklyeUxvV29ZSDZYZGo2WkdqZXlpT25YcEJFOUgwT2RlMUJJMkJTTjVwWFFZc0hH\\u000abFUzQ1preHdHdUZ5WnVzamVDRW9kZURPQ2lveUJha2kwSzB0cE4wTWZYS0Zubjd0\\u000aVitWb2FXV0dQSEtBa2c0eGJIcjJnYWltWW43UlN5cVcvcUVkdzFVTEgrR1RMQVds\\u000aS0F0eG1LR0ZnNkhtNzFtY2kzNXBGTW1QakROeER0RktZWm40Y3RMZURIR2ZVSEI3\\u000aZlBEOHRjZ0c0VmxTSktwTWVYR2RRT21qMkJubFQrTFYvN2JLbFQ3aSsxTWk2QnVZ\\u000aUmNBbW1GZnU3ZGF2Z2IyVFRvMVM4aTNPdkNieTgyMW16OXNjZllyVjd1bWhYWTJU\\u000aU2ZIQllyeXFtTzlHOXBuSGpTejlsTko0aEdpdU1hR3hNSWhOYUE1Q0trNTd5OEE2\\u000aSW9hWjFWL01BRmJyNXB6RXNlckx4VzdLbld3cjB5WGE2U2hCSDVwSGFXR3hRRlBS\\u000aNEs2bEJKZXpjUlM1ZUcwdjV1SHBQWTYrR2J3dFBUNHBDcENIdHBKNk56dlNVNlFP\\u000aNGVHYUY4b1NEV3pPRXRJVEJCdlBuUWFxa010L2V3Vi9qZldMNVhJbll1aHV2RGtu\\u000aNnZhbTRzenBONWs2WFRYVjh1QXNWY3VaQ3dLRXBKZldSQ0V4dGZqZVIzZ2E4U28x\\u000aeWg4Qm1QSFNBd2FxOUVHc3pBcmdScm40QllKZ1B3VWZ2WkY2c0pIV0pKSm54YUdI\\u000adUNBK1dHejBrcFRpVlJLYVM0SkUvODBHOUxKZjcvTTlvWEVULzFTbWRUaWEzM3lY\\u000abFVSb0xGdVE2OWZuTzhDUzVNM0IxM01HTHN4Wll4aUdTUkpYYkxHVWQ2bnNsQzJ0\\u000aNlh5SUZNdVFtSFcvQVJSNXVNL0o0VStWSUdUZlFPTlowVnZoQStuNlUxNDRtR3Jk\\u000aU251dWROWEpXRk83N0JzZWp2dHMvRWJXNHFOcHE1NWNQQmY0MzFEQ0NoMVJNdTJ3\\u000aNnZUZUJRNitJcllOMGo3aTllcng1UFEvYXN1NkRvMnNRWFZhNTZHVXFNUmJKVUNs\\u000aaFBNM0F0SDFmZ3VucnAvODU3a290UEhkUURBM05hOURNT2lvTEpSM3puN0tiSWlU\\u000aNEo3THFtbUpET05WcW10LzdpeGwwTVlDTDh3azFHOXlnWUhxR0ZsWGoxUXpxTlVS\\u000acHhUU0pualYyTjZOejZmYy9MVW9NR1E5OE5yb1Q5YjhhclNBcVN1TmhCaGwvbEto\\u000aNDJ4QXp0UVdDNkZEY3Nmd2FrUUpGeGs4OEdWWk9hMHJ3UFNEM29LcUMxc05sc2VW\\u000adzVzMWRjK2dodzJKTGRmeUcwWk1yZ3NaQm5uV3RHanhEdFg1WmUxZ0VKbUo3cnN3\\u000aTGsvWW80S1VuWkZ2REF5d2t5VllMY2hwMVJ2ejJKeTNGcHVpWU5sRXRkMHZKRjlX\\u000aR2dkeUd2L1JpN1pEd2tybzYxS3lMallvMVhaelBmUTlscEVqMGRTKzBCZllZUjcv\\u000ac0crcW1qZEZFb2YybmJLRWVaU1N0K010UTdnR1ZGUy9ENmtvWmZNSlM3c0svSTBh\\u000aekVrdkxRR0hTWDN0QW13YXB6K284VDlEYUZxTDFDYjZSNXluUUNucjZ2Vk1QMG1F\\u000aRm5GbURxWVMzY2c4cldyeEdrQmFUcTFDTDZKblhzb0x4dHMxV2N3QmVmR3NyM2Yy\\u000adEZMcXN2TjFHOG9nYm1pN0JDSWthcFdEK3FzRUI2UmtNeStGRVQxaEhuMEZyNEk4\\u000ad2l2YnE0cVpsd0NncHZ4Ui9tYU9iRTZiTjBjK093a1dxcEpRTUl5aDZJcXZsTUtP\\u000aR1d5YmR2aWEzemJMNk5XY05IUnk5aWl0bERzdjJSNy9QMXNqR1I1ZmI1NGRkbXhO\\u000aMmlFVzZLdEFZRU5Bb2VwSUtrWkVDNUJ3QUNYajZrM1Y5dXBNYzcrZnlOSEFBbmZr\\u000aaTZ5amRVa1BZMzVsbmNhcTJRcDd6Q3BWdk1qbTlTK1dtWHV2ZlNwc3EwZlVxWlN3\\u000aNmluZnpncjhlNy9zZDhIc1hVL1BmSDY3S0ZzWElOQlpMVm41QXF5b01YTVVNY3dV\\u000aVCs3RjhnSGl3NUpRcnhELzhvcVhUL3dvLzIxcFJObXF2ZDQreG5hcGtDZnBpOUlv\\u000adFNjd054ZlpmelkrdDZyRmJyU3VWMXZQVHJaSWNrT2ZXNmt5MHp2UmRCL2hna2Ur\\u000aNVBvVGRnd0diSnp0Ylo5R1pYSGpGZFVLWFFKVWxscmJWRGhUTkNoakhxNGE2QzhH\\u000aWWRMV1hxNzZxWlEwWnhvRjJxdUtkM3NjazEvaUxIY3owMEVuRGExK3BXd2VTMVhU\\u000adUZaR1lFTXNGeUptWSt5QmdRK3Z4aHQ2bFArKzZzSW9pbUF4cUMweWU1SC9McHFM\\u000aaFBTQlVpZHppcnlTblZ2SjZmcjI3TVRQUTBoci9JYUFXRlZnUG1yNEdqd3gxdWh0\\u000ad1J4aVU3K0lwUUxNSVVZYU1nVldnaTZvbU5aM25mcHZyYUdwWWxvaE84Z3ZXK0lL\\u000aWFJNWEJBR0Y4TlQ5UG1ZazNXa3NPVU8rVS9XKzlOL1d2algzc2haZWpGd21GYVg1\\u000aWVhyREE1MS9icDRvQWlIMzd2TmZqTGxzd1piZ2o4NVFsbXBydlhuY1dnS1RZN1pP\\u000aSmMxcmhmQnA5ZUhuUm1nQkVyNHZXOGROdkxibVFSa1dhTmxrTFBSeGd5NHU3d1p3\\u000aN1dmZnYvOG5uWEhsbWoxNDVWQ0NxOHlJR2FiM2tqQ1dvQnFQbnh0Vko5VVFNME9D\\u000aSVFhay9mWjJvdDV6Vk92dGhJeE1pK0MzNVAwRjVkUi80RVBaS3g4a1AyVnZ6RkZy\\u000aN3hFUlBSZFJnbjRqWDlFREVZQTJoWVlwRWRLRUdGai9aZTlKRlJrNmxQZjlVY05Y\\u000aRkgxd0srMW5HZi83WnZzd3dSYnNzalZjRXlMODVQU2F5eVl1ZXQrMUZ5UFpKRk9J\\u000aRnVSRm9vMWhaYUp1cGlTdm5yL1VSSXlGWEhMQ1B2Sld5MnZQVzBibVphR1NRVEJZ\\u000aYlRMcVl0UzBvdTJxOHVBd01vZUYyT25FVDdaTENjMVhTV3lFWWErWFJ0MkduMHBl\\u000aUEkxUW91NGduby8yRGlrN3NxTERydnFRbVpTOFNISlFSQVJaSnh1UUJBWDUrNzgy\\u000aYU9uaWN1aUtTbmwyeHFkM2pYRTRuUS82S2phbmhlVXpzdVRrWHFQcG4xbWlPQi9H\\u000aTFNUQ3VaWHRXcjdlSFpFb3RhZ0pOQm9OSlBYdG5KSElQb1VTdHpGTG9HM01Vc3dY\\u000aeFlCMG0xc2FjaTdaRlJ5cU1sMGtvKytlN1VCSEZOMi9UNS9ybXdsbEhaZ3A3Mm8r\\u000aWjZzWERyVXdxMW8zSVVocnRYNkJPYzJKOWladTVaenVRNkxNNkRhY0Z4bEdtcXRh\\u000aeDB3SlQyZkxpblRRU1ZIeDZDeWRMU3dTcDREOHlPd00zUEc5Zks5VklSRm05S2VY\\u000aaEd3dWxyMXBHVTAwTDU4QUVBb2ZxRmt6eEZneE0vRlRBTVZ1NWxCd29QNDYycSt6\\u000aM3pHQXkyemFTcndJKzdiWnd2OHVTMnpKOEtPajU4MHpKb2JOdU9YdC8vVHlMOGFV\\u000aZ1BtVFB2aTV3eDJGMHRVUGlzL0tUemZoZkR1NTExQXJOS2szZXIva1BrUTVmL1BC\\u000aTVBBSEpPQ3crLzh6NEVDdE9tL3g0UkliR3VIbDExNzdhQkh2WDc1TzloYnBaSkhV\\u000ac1ZlWGJOa3VUQjU2YWVoVkl3T3hHQitDeTR5eGZDb1JJRENXdy9oa1FVNjlZUUhL\\u000aQ1dhUXYydE16eVRkOXFsMFlRc3VBR0h3TDJTWTVKeDJ3RjZ6elMwRUVCMGtCU281\\u000aNlhYZmVwRGZnclVleUlzV2Rwc2hrQUQ2T1NsVDVaQTFHMWtpZHMzRUZiSFlxbmJh\\u000aVzFTZUtoc05QamVBcWErWE4zNnFYQ0NVclIrNlJDK01xTVc5a29XWjFqSzZqMkNq\\u000abHNWVjhkVGI5OXY4alVuSEgrbCtrbituaWo1MllRRzk3eCsrQkVMZ0FZVWQ5Ykxi\\u000aMmI3OWYwSnJYc2s4V1psajZ4Q0l4VXI5ZnZ0c05aa3NEWTI2NXl1VGtoNzE3Smho\\u000aaXFaUHowVi9HcGdVaHJDSmdhbVR1WEo1SmdMdEtJZ1Y4WFVQWXd5QWFUdGpvcGJT\\u000aSmx0MDVJVGtka25LVEZidjNxd28xNWllS1ZBUHhvNVVoZEN6a0xUZ1hyWStjMldo\\u000aOGd1R0JPbFlSVGVRbUlHK1Qram0zRGpyMHVLSEx1U2lmQ3JlMXdyaHp6dUF6MTd4\\u000aaXVkbFczR1I2UGVmbDZOdUt5WG1VU25LL1F6MXJNZVVjT2p1UzBmTkdlWVQ5bHNz\\u000adGt0Mm5TVVdKZnBaQzhZRGlPWDd2TUZSUFZOSXo2Vk9lbHJDS0hHMXlTc3Vkc2JP\\u000aVTRiMEg2KzVPVWphYlJuOSt2YnQ4T1BNbE9BVDBEcDJ1TnMxNlBSYjJPMGp6NWlo\\u000aL3FwYjVZMENnK0VlYWFPMGdxdXN0WGdDUHJPbktYM3JLcU4wUG5lMXpmYkZqVklJ\\u000abWk4NjcvRGUyYmt0RThtdTQrWTJIeUg1K3JUVnBkMlRxWExaOUhEaUFMaWZ5NjJL\\u000aWFVjQ3NEanJEMGhyWTdYZzdTNnVjSW00ejNqSDV0amtOczZxMEFqMnhscG5zbi9D\\u000aejVmd2FPUS93ZEpPSjB5aTVtanRjOFBRdnJ6UFhNQ0tIZU9hUGJmVHZ1SmFwOC9Z\\u000aVmpTNkw2NjNxNVVkaFlGcTJlblp5ek1LYUwvU0RmYVhyZzZrREw4d1podXZuRlJx\\u000aYmthVmp5S0FQYlFFUGhvdmJCYW5DajVwUGh1MHJoeFh4T05rbkhmaDhneGxudWlx\\u000aKzdzTmxoeXBSUXk2N3NNSVluMmdnS3dRL0ZCVlZ4SXBRNG5oMUw0ZldOS29MY0tX\\u000aZFBCSktHUUQxNCtPUXRXcVEydDRKYS9KVlpxZVlQRFJxSUtPNStEeUdLemRPK2Q4\\u000adTJhNUZkaUo5UG9SUmJqekszbnhYa1A1TTgvYytCWkdMK1lURmtVOGREZW83L3I1\\u000aeDVVOWk2TEhpT1FhMDZMWlpGQWttSEdMbjhtNVRPbllWbGhzdUVlZUdWU1hscVVh\\u000aV1dhSFppc3FrWVl6am1Cako5T3JsUU55aEhRR3Q1cXFNM0FTandMQitoQ3dwaXZH\\u000aRXZ0aStHdy9IbDZiQlpFa3FoaDlCUlh0TU0zT2d4Rm9kd25nTmpHSUpDak1xZGhk\\u000aTkFjNWpBQWlsUlJ5dWRQdFFsQ2tObHpCV3gyZjhCMDBDVmZQNkwvd1J6WFRFOEhR\\u000aK2JiL0F6SkhCYnM0YjR4M2o1ZnpOS1doOFJZc0x2VklmVkdBUjJEcjlJTUp5NkpP\\u000aTzIzdlRmbWVPcFBudmpvdlhkbTI3WlcrdzdGSElrdU1peENqckh3NTgvQjkvWUx4\\u000aVGRoSzlFY1dOcXMvclA0TEYvMEJVSS8xdVdsa05pdTBJNjk5UHRkWTdzQThNVUdO\\u000aT3VhTTYveGNZN25DMGRjVXRCcjBXSmoyZmRtYmlTM0Nld0VrT2c2L2tQQkNHVHVi\\u000adVNSdUVLYUNWNXRFZktlZEtERStIaTFuK3g0U3h6U09KanhYZUJTb2hEWTdlNVVu\\u000aN2ZRcHdvVEdiTUVHUjZJc0pOaUNzR0dSbkR6ajd0aDFSOE94ckVLRWx1dXQ0Ym9u\\u000aOEo5ejlxWGRVSUtlQ09va0dQNStrWW5BbHBrNWVQNzltM1gwS2dSUW9kSGN1N1pP\\u000aeTRBdm9GTXpYd0pFVDdzYnNaQVB4Z21VeXZFbDVRdzNBQzhBaXRybmFBWm40Sml6\\u000aZTdKSEtFdXpHczlBa0IyVG9hWXcwRE5zbWdzSncwWElTSzFsSzBUWjVDUTlPQ1VN\\u000aeHFZYWNPRTEwa3VTVUtQTUpoTHo5UHhrRDhnbE0vZEV2OWFLc2VqczFXMkF1VytU\\u000adldzM0crZ0cwRkNHajljeEJBa3VRSDZNb0tOMG96VWExUTBxcU9JRjRiRFZJZFFI\\u000aTHE1ODRvbTluU1IvV0ZIRHY1dWxSeTZteWpIMU0xUFB6azJ6K1drQW84TFhRaXpM\\u000aWjZmblFpTEZ6OFVzZGQvTzVIM2xCcUFUZUpvRzRVdTRCMjVuRjhOK2JabEdoM2d6\\u000aK2xTZG16YVlUR0oxWFZPNTdNR0hla0dyZjJRZndoeU1zZFlsZFpQZXBNQnB5YU5R\\u000aOXpvR3ZNQ0ZnYlR4c0JFRmN4aWM5TmdZUWNDVk5xcTBnS1F6SmtxUHZtV2o3WnpP\\u000aMWZJS3Rnb1FmZ1k4a2JSSFRPMGJIRXlsNm5EcldRR2RXbkQ4d2ErNGNLSnU2bkpH\\u000aWng2QWVGdXI5QzJsZzBWdWZGNGlqVGVrcWlEb3U2Y2x3czkzRHdWa2VPNmxsQzJm\\u000acUpUcm1zQy9DTC9oYzZuckZ0RERsV3Buc0Jkc29ydEtxN2lVTGF1ekRIRnA5MVI3\\u000aaTdCanBuMTNWcXlZMjVUVXlSWUovYlN0NWVGR0FINnpQZHE5RkhqTWhyeGZpTURC\\u000aK3NTRUxqd2FJR2ZxWDBQSG82UmZ1Ky9tOWlpRWwzRWxrSWJpYVMycmdFWHkxZFgr\\u000admdBZkYzOWQzWEFTdmI5aElrNXg0OGltcHRtaDBPaHgwWENOMThtNnpvQndKajNw\\u000acmNnK2ZNWHE0UzZMdlJjQTdtV0MwRzcrdVdXdi9GblkxYUg0a3NPcHRmeWkydU16\\u000aS3kwQTJFbWNad3YyZktYdmljcnQ0Ry9yWU1ZZnlic2loQS8rcXhReTlERmlEek9n\\u000aZXZzZTZ2NnFTUE5TY1lYLzlYRUxKMzh2dmpMTTNjZHlQNEJOMVF3UENtRmFrVm1K\\u000aRTNKRzU0RXhycHRUdGdKTERaNW5FYTY4Mjc4dnRJL3JVR3k2OFFuNTJyMHVXc0ZX\\u000abk5obFRPR2RxYzZzdjdNTGdTYkQ3RUVmNWNiVHNKV3JQZ1ZHbUQ1Q2o5Y3ZmRjlR\\u000aakMvM1RiSXFWVE5QSkhhbXpnbUJsSFJZSGJQN1p0a3ZUZDBnTkF2SXllZGY1MkdY\\u000aUzhESkQwTStrSS8xNmF4dm0zSlB4RC9BVHE1Ri9xdmtIWFRUVStCSEtUTWk2dnk1\\u000aMkNEUmh0YkQ1dVNNa1YyQmROK0c5Y0xnL3hTeTc3TjBnTEc4WDZ6ODM1cllYbE0r\\u000aaGloeGx2UWtiSHR0eE9EN3VBYnpFcExEaC95NFFtZVRSK1FaQU9QeUc3azhGdENG\\u000aam5TM0lLWkFTVldFTVVFODlGTG1hdFhMNERvaHlXWnViSDJPVXlGUHp5ZnNvNWNF\\u000aNEpLVnBIb21NVWZWcjk5bUZnVk1ESUdyUEdFcFRmU2NqZ01wRmlDaEFxU1djUWFH\\u000aU2cwdlBrRkdlWXFIek15SENqMndxc3VDV3BIZWlyU25ncHNXa1RLMjFLRG42TDVx\\u000aaENpRk5wM3JWNUJFMkwwcEhqQnZEVmFrZXdqcnF0a1puZ3FKcHhZalhyV0dxUjVP\\u000aV3IraWhxZ0VJZ011WGhkdUxqR2wrWVZkU1d5ZTlER05OS29DN2FlUGhJMTJQRmg3\\u000aSlJoZjdIYWVlQUNPaGZaTndDWitXMndRb3hCZHpwYzltVCtDVlpxOUo2NkNyTlFI\\u000adTBtaStlaVRTdXNEVHR2b3RmQi9IQ20wMXVaZmgxbE1JQWdMNXozSTFHRVcvREpX\\u000aMk8wdWZBKzVPV2pnWFlzOG9aUlRCMnhYOWhmSW81eDREVXNiTFM1ZzgvbFBUVndF\\u000aamYxQlg2dU9vaTVvV2lJWVJqQmpmSWdVTEVURnhMTGtBUnJQTzJETzU1ekJnMi9Q\\u000adE9mdG00SzFjeWI3V0h2QkdrcmRYanlQUXlYYzRJVXU0SzR0aTlPSlE1eVRmWUN0\\u000aY2o1OWMya05BNHlOWmdwd3kxVnAvSytGdHVlZ0xsd2l4ZTRwakR5ekNJSnBnU0ZD\\u000acmtxREV1K0hqOFZWNXMweFFXc1d5ZWdOUUpldVBheWVSY0RGMzBoMWc2WmZGQjNa\\u000adE9RWWpFQnFyVWVZNkJndk5OWU42TWFrUndnRDBja2NDbEoyMUhZNGpvU2twcE9Z\\u000aZ3NUeTNrR1laNHFUelJNY0lsQ0REaXQ4ZENHZm9Cb3JKQ2t5NTUvNDFiV3FtbTdt\\u000aTElRVzJBTG9kdktQbVVXeFhibzN5WGNnSTRKdnFjZlAzRVVXTytjV3VIZEFSN2VF\\u000aOTc3MytSVUV2TXROdnMzWWxqeERrTmFNNzZ0VjhqanhRcFJZNEc0RWRSaUs0MTN3\\u000aWUkyWTE3UWE2ZEs4K2FhaHRad0JtVWpBSVkvREdZa2VOY2wzWjdxaWpJMTMvUnpn\\u000aNXlWcjl4VUsvSUFGUVlhNDlXQ1RRYTlzVWYzeEgzZUYvTW9HN0ZmMTdrOC8xMURx\\u000aTE5YQzUvSGhOeDJ2S09CTmx1RXJodURjYjNMZmJ5TGlRVllEMkhYeGRyTkc5M1E0\\u000aNGJPajRWb0xZV0hndTI5UG9sL0htRHhUSDFwdHBQVmM5K0U0R2RwN21yVmF1bHU1\\u000acXhDOWliRzlKV3ljUUdkMUJuMG9RMjluSGlMcGd4K25HOFlkZHdPVWRkRzRndkpq\\u000aS21iUTl5aTAwYXdUamhOUE9GZXEvejVuVFJHQ3liSDZsWW9MVGtueE9UQiszMkpy\\u000aQ2pBbDVMRG90amtDZWtBUllwbVVxOWhSY2I3c3l0ME1RY1BBZUg0VlBHNmhFMUpN\\u000aYkxpTXdUWVdKNWtTM3F1elp1SkZQSUl4SFp3UmtJUzFjTnBjL0FtSUpwZm04RCtL\\u000aYUEvVmdoRkJpdnZzZnlUNndoNVRybENBcE9DcHNOTlNWbWRLRHF5QVBFTENuaURj\\u000adTRwcmpZRU5JU2tKdExUTVdBSzVCWWdRZ1ZQOVcrekJyMjNuSGlZVnhLWWhjdm9M\\u000aYTh6dUdLYlJtY2xpL3o0cXpmWnk5RGlJNmoxdWFUT1FMQzEvMzIwT2xBRGtSOVUy\\u000aT3hYZFVuSTFaSzFyY0hRZnllS3BsbUFsRTJDM3MzYkFkR3V5bXRKTDQ2M1dqZm9P\\u000aUkhHWWpvZnZNQTI0cHhnY3hFRnU5YVRFamdFVVBNeHBzN2Y4TVMyaVJvL3dxU3pX\\u000aZ0lwN1EvZHVYY1FQb0dSS2JrR0FySnNJVGdVT3BSQ3hxTFlXbk5UUy8xbmxCeXk3\\u000aQVBjcGRaRmk1WjRqM1IvbGJ0T2Era1ZiYmo4ZC8wazMwTnlDVjJGRVZGV2tPbG9z\\u000aNTFQNUNOUiswNUh6QkhQM3V3N3VyODRZYkRGdHd2UjhNM29UMXNtbXljYUsxMkpE\\u000aZGNBOUQ2YWErY2k5Wmh0UWNhbUw0Z1pjZmVpZllHNEt6NWsyT3lpMlpUNkZKOUV4\\u000aMHQ1T1d5MjZUSjllQmlCcGRaV25XZDB3bzZOMU5ST0xLdFY5L052d3R1WlZSRkxS\\u000aRUg1WGNLMnRMcTFWczFaVkg4MXM4R29UOUQ4VkFEaGFwVDBCU0xsR3A4TkNZdUdK\\u000aeXI1YVVwODdPZEl4RCt3S244NTRteVlKaXlVZnIwWmtGNGhoOEtkTXcvemg3RVQv\\u000aYkxIWlVxUXozdUV3QkcvODRuR1E9PTwveGVuYzpDaXBoZXJWYWx1ZT48L3hlbmM6\\u000aQ2lwaGVyRGF0YT48L3hlbmM6RW5jcnlwdGVkRGF0YT48eGVuYzpFbmNyeXB0ZWRL\\u000aZXkgeG1sbnM6eGVuYz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMj\\u000aIiBJZD0iX2E3NDBjZjA5MTViZDE1MmRiNzRkMDNjZDQ1NzUyMTM3Ij48eGVuYzpF\\u000abmNyeXB0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAw\\u000aMS8wNC94bWxlbmMjcnNhLW9hZXAtbWdmMXAiIHhtbG5zOnhlbmM9Imh0dHA6Ly93\\u000ad3cudzMub3JnLzIwMDEvMDQveG1sZW5jIyI+PGRzOkRpZ2VzdE1ldGhvZCB4bWxu\\u000aczpkcz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyIgQWxnb3Jp\\u000adGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjc2hhMSIvPjwv\\u000aeGVuYzpFbmNyeXB0aW9uTWV0aG9kPjxkczpLZXlJbmZvIHhtbG5zOmRzPSJodHRw\\u000aOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj48ZHM6WDUwOURhdGE+PGRz\\u000aOlg1MDlDZXJ0aWZpY2F0ZT5NSUlERlRDQ0FmMENCRlVCbkw0d0RRWUpLb1pJaHZj\\u000aTkFRRUxCUUF3VHpFTE1Ba0dBMVVFQmhNQ1FWUXhEVEFMQmdOVkJBY01CRWR5CllY\\u000ab3hEVEFMQmdOVkJBb01CRVZIU1ZveElqQWdCZ05WQkFNTUdVMVBRUzFKUkNCSlJG\\u000aQWdLRlJsYzNRdFZtVnljMmx2Ymlrd0hoY04KTVRVd016RXlNVFF3TXpReVdoY05N\\u000aVGN4TWpBMU1UUXdNelF5V2pCUE1Rc3dDUVlEVlFRR0V3SkJWREVOTUFzR0ExVUVC\\u000ad3dFUjNKaAplakVOTUFzR0ExVUVDZ3dFUlVkSldqRWlNQ0FHQTFVRUF3d1pUVTlC\\u000aTFVsRUlFbEVVQ0FvVkdWemRDMVdaWEp6YVc5dUtUQ0NBU0l3CkRRWUpLb1pJaHZj\\u000aTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFJSnYwcWU5VWR2RllTTDVJMDJHb2t3\\u000aRVZmc0lHYzdJN0VoVk5PeFkKOW10VWVubWhxTnJMc0xCRmcxSWlQYmswSVNXaE9S\\u000ad1B5VnAvUDMrR3lHUDMzOXFaNjhVQ0dWMzYxRTBRbTdjalBlL08zK3IzSEFNMgpa\\u000aQk44b0Fab0htcGhyTlM2ZktmWTU4a3lndHJVYStaeU16WVdUVGlTMzJTQ004SDU1\\u000aYmx1RUZiZVprc25iUDBZOTRJamtmSmRndnpsCk14enJsU3lvVjJ5bVdCanZTNXdl\\u000abERIZ2JDS3lqc2pJaFRSakp1L29sR0p5ZW4wMS9FcElWdFN5RFhPLzJJUzJ2Mk85\\u000aVWlGd0FveUIKWUFqUG5sM0h4SzJBNTc3blI2M014bGdQMC9zK3I4NHVCcU9BbGI0\\u000acW5icFU3bHU1R3hsQ1BrWm1wUm9vQ1FZVVJpb0Mrd2pTNmxNQwpBd0VBQVRBTkJn\\u000aa3Foa2lHOXcwQkFRc0ZBQU9DQVFFQUJxTzdra3EvZ1JhaEF2cHNRZzVMTFpST0dG\\u000acjlwSVByeU45eG1KR2dQbzdqCktObDdyczdnTlMwbG11bHVZV1duSmN3QVBid0Zl\\u000aYjk1NFZNQjl4OXA5UUV3NVJuWGFtVVk5cWEwTGdjUy90L1dYNnZKa1pQTmhXcGgK\\u000aOGJYd2gwTXZsc2JmcnZEVEpyOGNqSDNxZnhJVHA3cGEzeGIxcUU3c3VSZmZWVWRE\\u000aWGF3aVhYbldKL1dKcit0d1ZWSEhFcW5aejFsQQpyU0RMeE04c0NqRzhEZUp3OHZu\\u000aUXk1bVBHckdWVEJiYTR1cGM4VVRZMW5QVjlVMkdCSlZZdUFrb1ZSamJUbE52ckw1\\u000aSnFOcXlwS2NHCmJlampXeGdyelprZVFlVTJoRmNqdW5tZ3dHWit1ZzJmcTRrS2tR\\u000aZnR3Y3FlSlR6eXpCb28yK09vNFRtZmJzaC9vbnhQV0E9PTwvZHM6WDUwOUNlcnRp\\u000aZmljYXRlPjwvZHM6WDUwOURhdGE+PC9kczpLZXlJbmZvPjx4ZW5jOkNpcGhlckRh\\u000adGEgeG1sbnM6eGVuYz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMj\\u000aIj48eGVuYzpDaXBoZXJWYWx1ZT5Sb1NHTGFDbDN3ZkRXdDlXMm9JSDNUQ3JPTVN4\\u000aL3Y1S0pQV2hndmhWNml2RmZXSWFJeDB5RnV2NVZTME5VZ2FUVGIwVjhUYnNGN1Vz\\u000aRllzQ0xldkVUa2lWbG5OeWE4dlVoL2lYTDYzT0JmdzR3T3pSNVZheVBuaWFwWFdM\\u000aa0RHTmQ5Y3E2QU8zR1JoTWJaZDdma2NhRWNJVTB2bGtZeUJJNmE0Yms4bHM3Mm0v\\u000aZkxKQS8vaWl5L2piODkzQkZ4dk9EMk5hT1pabXhzSlI4YlFmWWpBMHdXa1pBcW56\\u000aN0EzY3lhcHV3aXVTc01wc1hYSnFjVXp2TS9GS090dE1wTnhSUVprdk1RZlNnMCtM\\u000aUVM5M0IxN0ZUZFE2OHNRL3dZQmhubFBEZXFZK0NnY1VjeVYzOVdjTjAwcUtVYmNQ\\u000aM2kzSWRWUVRkcEJQUTdRS01HR2JmS1Y0RlE9PTwveGVuYzpDaXBoZXJWYWx1ZT48\\u000aL3hlbmM6Q2lwaGVyRGF0YT48eGVuYzpSZWZlcmVuY2VMaXN0Pjx4ZW5jOkRhdGFS\\u000aZWZlcmVuY2UgVVJJPSIjXzNmZDM1ODkyZTlhOGVhY2I4ZTA4ZjI4MGE4M2ZjYjc0\\u000aIi8+PC94ZW5jOlJlZmVyZW5jZUxpc3Q+PC94ZW5jOkVuY3J5cHRlZEtleT48L3Nh\\u000abWwyOkVuY3J5cHRlZEFzc2VydGlvbj48L3NhbWwycDpSZXNwb25zZT4=\",\"dateTimeCreated\":\"2015-10-09T10:36:02.075Z\",\"id\":1}}}"; +// +// try { +// java.util.Map test1 = new ObjectMapper().readValue(json, java.util.Map.class); +// +// JsonParser parser = new JsonParser(); +// JsonObject reveivedSession = null; +// reveivedSession = (JsonObject) parser.parse(json); +// +// +// +// JsonObject test = reveivedSession.get("data").getAsJsonObject(); +// JsonObject test2 = test.get("session").getAsJsonObject(); +// JsonElement validTo = test2.get("validTo"); +// JsonElement entityID = test2.get("entityID"); +// JsonElement sessionBlob = test2.get("sessionBlob"); - - - JsonObject test = reveivedSession.get("data").getAsJsonObject(); - JsonObject test2 = test.get("session").getAsJsonObject(); - JsonElement validTo = test2.get("validTo"); - JsonElement entityID = test2.get("entityID"); - JsonElement sessionBlob = test2.get("sessionBlob"); - + + + } catch (IOException e) { // TODO Auto-generated catch block -- cgit v1.2.3 From 4487db6d1df29f52362c905e6ab3976320abf249 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 1 Mar 2016 10:30:31 +0100 Subject: fix some problems in SSO-transfer-modul --- .../ssotransfer/servlet/SSOTransferServlet.java | 7 ++++--- .../ssotransfer/utils/SSOContainerUtils.java | 8 +++++++- .../src/test/java/at/gv/egiz/tests/Tests.java | 21 +++++---------------- 3 files changed, 16 insertions(+), 20 deletions(-) (limited to 'id/server/modules/moa-id-module-ssoTransfer') diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java index 80c2663fb..56bbeed5c 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java @@ -443,10 +443,11 @@ public class SSOTransferServlet{ container.getDhParams().getF().getG()); byte[] sharedSecret = getSecret(mobilePubKeySpec, container.getDhParams().getS()); - Logger.debug("Finished Diffie-Hellman key exchange. --> Starting CSR decryption ..."); - //TODO decrypt CSR - byte[] decryptedCSR = Base64Utils.decode(mobileCSRBase64, true); + Logger.debug("Finished Diffie-Hellman key exchange. --> Starting CSR decryption ..."); + byte[] encryptedCSR = Base64Utils.decode(mobileCSRBase64, true); + //TODO decrypt CSR + byte[] decryptedCSR = encryptedCSR; //generate certificate from CSR X509Certificate mobileCert = signCSRWithMOAKey(decryptedCSR); diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java index 4d41ff652..cc6b34cf5 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java @@ -118,6 +118,10 @@ import iaik.x509.X509Certificate; */ @Service("SSOContainerUtils") public class SSOContainerUtils { + + private static final String PVP_HOLDEROFKEY_NAME = PVPConstants.URN_OID_PREFIX + + "1.2.40.0.10.2.1.1.261.xx.xx"; + public static final List REQUIRED_ATTRIBUTES; static { List tmp = new ArrayList(); @@ -133,7 +137,9 @@ public class SSOContainerUtils { tmp.add(PVPConstants.MANDATE_PROF_REP_OID_NAME); tmp.add(PVPConstants.MANDATE_PROF_REP_DESC_NAME); tmp.add(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME); - tmp.add(PVPConstants.PVP_HOLDEROFKEY_NAME); + + //TODO: change to final definition + tmp.add(PVP_HOLDEROFKEY_NAME); REQUIRED_ATTRIBUTES = Collections.unmodifiableList(tmp); } diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/test/java/at/gv/egiz/tests/Tests.java b/id/server/modules/moa-id-module-ssoTransfer/src/test/java/at/gv/egiz/tests/Tests.java index 1beab574a..f40770c7f 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/test/java/at/gv/egiz/tests/Tests.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/test/java/at/gv/egiz/tests/Tests.java @@ -22,17 +22,6 @@ */ package at.gv.egiz.tests; -import java.io.IOException; - -import org.hibernate.mapping.Map; - -import com.fasterxml.jackson.core.JsonParseException; -import com.fasterxml.jackson.databind.JsonMappingException; -import com.fasterxml.jackson.databind.ObjectMapper; -import com.google.gson.JsonElement; -import com.google.gson.JsonObject; -import com.google.gson.JsonParser; - /** * @author tlenz * @@ -64,11 +53,11 @@ public class Tests { - - } catch (IOException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } +// +// } catch (IOException e) { +// // TODO Auto-generated catch block +// e.printStackTrace(); +// } -- cgit v1.2.3 From b40bfa06fb709386d21553a73700134cf013301d Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 1 Mar 2016 15:14:50 +0100 Subject: some more SSO transfer module updates --- .../modules/ssotransfer/SSOTransferConstants.java | 3 +- .../ssotransfer/servlet/SSOTransferServlet.java | 129 ++++++++++++++------- .../ssotransfer/utils/SSOContainerUtils.java | 2 +- 3 files changed, 90 insertions(+), 44 deletions(-) (limited to 'id/server/modules/moa-id-module-ssoTransfer') diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferConstants.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferConstants.java index cc60bbd20..ce3a7856b 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferConstants.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferConstants.java @@ -43,6 +43,7 @@ public class SSOTransferConstants { public static final String SSOCONTAINER_KEY_TYPE = "type"; public static final String SSOCONTAINER_VALUE_TYPE_TRANSER = "TRANSFER"; public static final String SSOCONTAINER_VALUE_TYPE_PERSIST = "PERSIST"; + public static final String SSOCONTAINER_VALUE_TYPE_SSO = "SSO"; public static final String SSOCONTAINER_KEY_URL = "url"; @@ -50,7 +51,7 @@ public class SSOTransferConstants { public static final String SSOCONTAINER_KEY_DH_PRIME = "prime"; public static final String SSOCONTAINER_KEY_DH_GENERATOR = "generator"; - public static final String SSOCONTAINER_KEY_CSR = "csr"; + public static final String SSOCONTAINER_KEY_CSR = "certificate"; public static final String SSOCONTAINER_KEY_VALIDTO = "validTo"; public static final String SSOCONTAINER_KEY_ENTITYID = "entityID"; diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java index 56bbeed5c..48ef5b526 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java @@ -33,6 +33,7 @@ import java.security.InvalidKeyException; import java.security.KeyFactory; import java.security.KeyPair; import java.security.KeyPairGenerator; +import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.security.PrivateKey; import java.security.PublicKey; @@ -42,9 +43,14 @@ import java.security.spec.InvalidKeySpecException; import java.security.spec.InvalidParameterSpecException; import java.util.Date; +import javax.crypto.BadPaddingException; +import javax.crypto.Cipher; +import javax.crypto.IllegalBlockSizeException; import javax.crypto.KeyAgreement; +import javax.crypto.NoSuchPaddingException; import javax.crypto.spec.DHParameterSpec; import javax.crypto.spec.DHPublicKeySpec; +import javax.crypto.spec.SecretKeySpec; import javax.security.cert.CertificateException; import javax.security.cert.X509Certificate; import javax.servlet.http.HttpServletRequest; @@ -182,7 +188,8 @@ public class SSOTransferServlet{ Object tokenObj = req.getParameter(SSOTransferConstants.REQ_PARAM_TOKEN); if (tokenObj != null && tokenObj instanceof String) { String token = (String)tokenObj; - try { + try { + Logger.debug("Load token:" + token + " from storage."); SSOTransferContainer container = transactionStorage.get(token, SSOTransferContainer.class, transmisionTimeOut * 1000); if (container != null) { AuthenticationSession moaSession = new AuthenticationSession("123456", new Date()); @@ -213,51 +220,55 @@ public class SSOTransferServlet{ resp.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Single Sign-On session transfer token is not valid any more."); } catch (OperatorCreationException e) { - // TODO Auto-generated catch block - e.printStackTrace(); + Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e); resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage()); } catch (CredentialsNotAvailableException e) { - // TODO Auto-generated catch block - e.printStackTrace(); + Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e); resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage()); } catch (PKCSException e) { - // TODO Auto-generated catch block - e.printStackTrace(); + Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e); resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage()); } catch (CertificateException e) { - // TODO Auto-generated catch block - e.printStackTrace(); + Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e); resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage()); } catch (InvalidKeyException e) { - // TODO Auto-generated catch block - e.printStackTrace(); + Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e); resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage()); } catch (NoSuchAlgorithmException e) { - // TODO Auto-generated catch block - e.printStackTrace(); + Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e); resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage()); } catch (InvalidKeySpecException e) { - // TODO Auto-generated catch block - e.printStackTrace(); + Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e); resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage()); } catch (SessionDataStorageException e) { - // TODO Auto-generated catch block - e.printStackTrace(); + Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e); resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage()); + } catch (ParseException e) { - // TODO Auto-generated catch block - e.printStackTrace(); + Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e); + resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage()); + + } catch (IllegalBlockSizeException e) { + Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e); + resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage()); + + } catch (BadPaddingException e) { + Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e); + resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage()); + + } catch (NoSuchPaddingException e) { + Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e); + resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage()); + } - - - + } else { Logger.info("Servlet " + getClass().getName() + " receive a NOT valid request."); resp.sendError(HttpServletResponse.SC_NOT_FOUND, "Request not valid."); @@ -345,8 +356,17 @@ public class SSOTransferServlet{ resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage()); } catch (SessionDataStorageException e) { - // TODO Auto-generated catch block e.printStackTrace(); + resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage()); + } catch (IllegalBlockSizeException e) { + e.printStackTrace(); + resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage()); + } catch (BadPaddingException e) { + e.printStackTrace(); + resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage()); + } catch (NoSuchPaddingException e) { + e.printStackTrace(); + resp.sendError(HttpServletResponse.SC_BAD_REQUEST, e.getMessage()); } @@ -416,7 +436,8 @@ public class SSOTransferServlet{ } private void internalTransferPersonalInformation(HttpServletRequest req, HttpServletResponse resp, - SSOTransferContainer container, AuthenticationSession moaSession, boolean developmentMode) throws IOException, InvalidKeyException, NoSuchAlgorithmException, InvalidKeySpecException, OperatorCreationException, CredentialsNotAvailableException, PKCSException, CertificateException, SessionDataStorageException { + SSOTransferContainer container, AuthenticationSession moaSession, boolean developmentMode) throws IOException, InvalidKeyException, NoSuchAlgorithmException, InvalidKeySpecException, OperatorCreationException, CredentialsNotAvailableException, PKCSException, CertificateException, SessionDataStorageException, IllegalBlockSizeException, BadPaddingException, NoSuchPaddingException { + Logger.debug(""); JsonObject receivedData = getJSONObjectFromPostMessage(req, developmentMode); if (receivedData == null) { @@ -424,34 +445,40 @@ public class SSOTransferServlet{ throw new IOException("No data received"); } - - //TODO: check if needed - //JsonObject reveivedSession = receivedData.get("session").getAsJsonObject(); - + String mobilePubKeyBase64 = receivedData.get( SSOTransferConstants.SSOCONTAINER_KEY_DH_PUBKEY).getAsString(); String mobileCSRBase64 = receivedData.get( SSOTransferConstants.SSOCONTAINER_KEY_CSR).getAsString(); - Logger.trace("Receive PubKey:" +mobilePubKeyBase64 + - " | CSR:" + mobileCSRBase64); + Logger.debug("Receive PubKey:" +mobilePubKeyBase64 + " | CSR:" + mobileCSRBase64); //finish DH key agreement - BigInteger mobilePubKey = new BigInteger(Base64Utils.decode(mobilePubKeyBase64, false)); + BigInteger mobilePubKey = new BigInteger(Base64Utils.decode(mobilePubKeyBase64, true)); DHPublicKeySpec mobilePubKeySpec = new DHPublicKeySpec(mobilePubKey, container.getDhParams().getF().getP(), container.getDhParams().getF().getG()); byte[] sharedSecret = getSecret(mobilePubKeySpec, container.getDhParams().getS()); + //build ASE256 key + MessageDigest digest = MessageDigest.getInstance("SHA-256"); + digest.reset(); + byte[] hashedSecret = digest.digest(sharedSecret); + + //decrypt CSR Logger.debug("Finished Diffie-Hellman key exchange. --> Starting CSR decryption ..."); - byte[] encryptedCSR = Base64Utils.decode(mobileCSRBase64, true); - - //TODO decrypt CSR - byte[] decryptedCSR = encryptedCSR; + byte[] encryptedCSR = Base64Utils.decode(mobileCSRBase64, true); + Logger.debug("EncCSR:" + Base64Utils.encode(encryptedCSR) + " | Key:" + Base64Utils.encode(hashedSecret)); + byte[] decryptedCSR = enOrDeCryptCSR(encryptedCSR, hashedSecret, Cipher.DECRYPT_MODE); + Logger.debug("DecCSR:" + Base64Utils.encode(decryptedCSR)); + Logger.debug("CSR decryption finished. --> Starting CSR validation and signing ..."); + //generate certificate from CSR X509Certificate mobileCert = signCSRWithMOAKey(decryptedCSR); + Logger.debug("CSR validation finished. --> Starting personData generation ... "); + moaSession.setGenericDataToSession( SSOTransferConstants.MOASESSION_DATA_HOLDEROFKEY_CERTIFICATE, mobileCert.getEncoded()); @@ -461,10 +488,17 @@ public class SSOTransferServlet{ String personInformationToTransfer = ssoTransferUtils.generateSignedAndEncryptedSSOContainer( container.getAuthURL(), moaSession, now); - + Logger.debug("PersonData:" + personInformationToTransfer); + + //encrypt personal information + Logger.debug("PersonData generation finished. --> Starting personData encryption ... "); + byte[] encPersonData = enOrDeCryptCSR(personInformationToTransfer.getBytes(), hashedSecret, Cipher.ENCRYPT_MODE); + String encAndEncodedPersonalData = Base64Utils.encode(encPersonData); + + Logger.debug("Encrypt personData finished. --> Send token to device."); resp.setContentType("text/html;charset=UTF-8"); PrintWriter out = new PrintWriter(resp.getOutputStream()); - out.print(personInformationToTransfer); + out.print(encAndEncodedPersonalData); out.flush(); return; @@ -533,9 +567,19 @@ public class SSOTransferServlet{ } - private X509Certificate signCSRWithMOAKey(byte[] inputCSR) throws IOException, OperatorCreationException, PKCSException, CredentialsNotAvailableException, CertificateException { + public byte[] enOrDeCryptCSR(byte[] binBlob, byte[] binSecret, int mode) throws IllegalBlockSizeException, BadPaddingException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException { + byte[] decrypted = null; + SecretKeySpec skeySpec = new SecretKeySpec(binSecret, "AES"); + Cipher cipher = Cipher.getInstance("AES"); + cipher.init(mode, skeySpec); + decrypted = cipher.doFinal(binBlob); + + return decrypted; + } + + private X509Certificate signCSRWithMOAKey(byte[] inputCSR) throws IOException, OperatorCreationException, PKCSException, CredentialsNotAvailableException, CertificateException { PKCS10CertificationRequest csr = new PKCS10CertificationRequest(inputCSR); - + //validate CSR request ContentVerifierProvider verifier = new JcaContentVerifierProviderBuilder().setProvider( new BouncyCastleProvider()).build(csr.getSubjectPublicKeyInfo()); @@ -595,11 +639,12 @@ public class SSOTransferServlet{ } JsonParser parser = new JsonParser(); - JsonObject receivedData = null; - if (MiscUtil.isNotEmpty(receivedPostMessage)) + JsonObject receivedData = null; + Logger.debug("JSON POST msg: " + sb.toString()); + if (MiscUtil.isNotEmpty(receivedPostMessage)) { receivedData = (JsonObject) parser.parse(sb.toString()); - else if (developmentMode && MiscUtil.isNotEmpty(req.getParameter("blob"))) { + } else if (developmentMode && MiscUtil.isNotEmpty(req.getParameter("blob"))) { receivedData = (JsonObject) parser.parse(req.getParameter("blob")); } diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java index cc6b34cf5..0d96afc6a 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java @@ -360,7 +360,7 @@ public class SSOContainerUtils { String ssoDataBlob = buildSSOContainerObject(authURL, assertion, new DateTime(date.getTime())); JsonObject container = new JsonObject(); - container.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_TYPE, "SSO"); + container.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_TYPE, SSOTransferConstants.SSOCONTAINER_VALUE_TYPE_SSO); container.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_VALIDTO, subjectConfirmationData.getNotOnOrAfter().toString()); container.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_ENTITYID, entityID); container.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_USERID, authData.getGivenName() + " " + authData.getFamilyName()); -- cgit v1.2.3 From b9937af42fdab6b85aa1121148bda474c70f5e75 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 8 Mar 2016 11:10:19 +0100 Subject: finish first beta-version of ELGA mandate-service client-module --- .../data/SSOTransferAuthenticationData.java | 20 +------------------- .../modules/ssotransfer/utils/SSOContainerUtils.java | 4 ++-- .../src/test/java/at/gv/egiz/tests/Tests.java | 19 ++++--------------- 3 files changed, 7 insertions(+), 36 deletions(-) (limited to 'id/server/modules/moa-id-module-ssoTransfer') diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java index 17e88e381..103a03063 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java @@ -89,21 +89,12 @@ public class SSOTransferAuthenticationData implements IAuthData { return true; } - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.data.IAuthData#isInterfederatedSSOSession() - */ - @Override - public boolean isInterfederatedSSOSession() { - // TODO Auto-generated method stub - return false; - } - /* (non-Javadoc) * @see at.gv.egovernment.moa.id.data.IAuthData#isUseMandate() */ @Override public boolean isUseMandate() { - return this.authSession.getUseMandate(); + return this.authSession.isMandateUsed(); } /* (non-Javadoc) @@ -167,15 +158,6 @@ public class SSOTransferAuthenticationData implements IAuthData { return null; } - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.data.IAuthData#getInterfederatedIDP() - */ - @Override - public String getInterfederatedIDP() { - // TODO Auto-generated method stub - return null; - } - /* (non-Javadoc) * @see at.gv.egovernment.moa.id.data.IAuthData#getIdentificationValue() */ diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java index 4d41ff652..dea538f75 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java @@ -105,7 +105,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableEx import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; -import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngine; +import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP; import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; @@ -139,7 +139,7 @@ public class SSOContainerUtils { } @Autowired IDPCredentialProvider credentials; - @Autowired SAMLVerificationEngine samlVerificationEngine; + @Autowired SAMLVerificationEngineSP samlVerificationEngine; @Autowired AuthConfiguration authConfig; public void parseSSOContainerToMOASessionDataObject(IRequest pendingReq, AuthenticationSession moasession, Response ssoInformation) throws AssertionAttributeExtractorExeption, ConfigurationException { diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/test/java/at/gv/egiz/tests/Tests.java b/id/server/modules/moa-id-module-ssoTransfer/src/test/java/at/gv/egiz/tests/Tests.java index 1beab574a..57f4d11ad 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/test/java/at/gv/egiz/tests/Tests.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/test/java/at/gv/egiz/tests/Tests.java @@ -22,17 +22,6 @@ */ package at.gv.egiz.tests; -import java.io.IOException; - -import org.hibernate.mapping.Map; - -import com.fasterxml.jackson.core.JsonParseException; -import com.fasterxml.jackson.databind.JsonMappingException; -import com.fasterxml.jackson.databind.ObjectMapper; -import com.google.gson.JsonElement; -import com.google.gson.JsonObject; -import com.google.gson.JsonParser; - /** * @author tlenz * @@ -65,10 +54,10 @@ public class Tests { - } catch (IOException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } +// } catch (IOException e) { +// // TODO Auto-generated catch block +// e.printStackTrace(); +// } -- cgit v1.2.3 From e8773689b175e5617fe116ac0e3d9978351ac4a8 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 10 Mar 2016 15:28:15 +0100 Subject: update SessionTransfer module --- .../id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java | 2 +- .../moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java | 8 ++++++-- 2 files changed, 7 insertions(+), 3 deletions(-) (limited to 'id/server/modules/moa-id-module-ssoTransfer') diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java index 1d37b916c..d52e03c09 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java @@ -115,7 +115,7 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask { if (PVPConfiguration.getInstance().getIDPPublicPath().contains(entityID)) { // stored SSO session data is from this IDP - start local session reconstruction - Response ssoInformation = ssoTransferUtils.validateReceivedSSOContainer(sessionBlob); + Response ssoInformation = ssoTransferUtils.validateReceivedSSOContainer(sessionBlob, entityID); //transfer SSO Assertion into MOA-Session ssoTransferUtils.parseSSOContainerToMOASessionDataObject(pendingReq, moasession, ssoInformation); diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java index ddfd0958f..b2ab8b119 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java @@ -250,7 +250,7 @@ public class SSOContainerUtils { } - public Response validateReceivedSSOContainer(String signedEncryptedContainer) throws IOException, XMLParserException, UnmarshallingException, MOAIDException { + public Response validateReceivedSSOContainer(String signedEncryptedContainer, String entityID) throws IOException, XMLParserException, UnmarshallingException, MOAIDException { byte[] base64decodedContainer = Base64Utils.decode(signedEncryptedContainer, false); final BasicParserPool ppMgr = new BasicParserPool(); @@ -295,7 +295,11 @@ public class SSOContainerUtils { if (ssoContainer.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) { //validate PVP 2.1 assertion - samlVerificationEngine.validateAssertion(ssoContainer, false, credentials.getIDPAssertionEncryptionCredential()); + samlVerificationEngine.validateAssertion(ssoContainer, false, + credentials.getIDPAssertionEncryptionCredential(), + entityID, + "SSO-Session Transfer module" + ); return ssoContainer; } else { -- cgit v1.2.3 From f67427831d1f8c49ce6c474691b880d90a42b584 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 14 Mar 2016 09:17:57 +0100 Subject: refactor the GUI generation for user interaction --- .../modules/moa-id-module-ssoTransfer/pom.xml | 5 + .../data/SSOTransferAuthenticationData.java | 6 +- .../data/SSOTransferOnlineApplication.java | 19 +-- .../ssotransfer/servlet/SSOTransferServlet.java | 61 +++++---- .../servlet/SSOTransferSignalServlet.java | 4 +- .../task/InitializeRestoreSSOSessionTask.java | 13 +- .../ssotransfer/task/RestoreSSOSessionTask.java | 8 +- .../auth/modules/ssotransfer/utils/GUIUtils.java | 136 ++++++--------------- .../ssotransfer/utils/SSOContainerUtils.java | 10 +- 9 files changed, 104 insertions(+), 158 deletions(-) (limited to 'id/server/modules/moa-id-module-ssoTransfer') diff --git a/id/server/modules/moa-id-module-ssoTransfer/pom.xml b/id/server/modules/moa-id-module-ssoTransfer/pom.xml index 8207fc502..b15d7dc85 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/pom.xml +++ b/id/server/modules/moa-id-module-ssoTransfer/pom.xml @@ -46,6 +46,11 @@ 1.52 + + MOA.id.server + moa-id-frontend-resources + + \ No newline at end of file diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java index 103a03063..f9cb4c636 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java @@ -28,11 +28,11 @@ import java.util.List; import org.w3c.dom.Element; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.data.IdentityLink; -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.data.AuthenticationRole; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.MISMandate; diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java index 4ba2e1a01..af180ff10 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java @@ -27,11 +27,11 @@ import java.util.Collection; import java.util.List; import java.util.Map; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.data.SAML1ConfigurationParameters; -import at.gv.egovernment.moa.id.config.stork.CPEPS; -import at.gv.egovernment.moa.id.config.stork.StorkAttribute; -import at.gv.egovernment.moa.id.config.stork.StorkAttributeProviderPlugin; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.data.CPEPS; +import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters; +import at.gv.egovernment.moa.id.commons.api.data.StorkAttribute; +import at.gv.egovernment.moa.id.commons.api.data.StorkAttributeProviderPlugin; /** * @author tlenz @@ -261,15 +261,6 @@ public class SSOTransferOnlineApplication implements IOAAuthParameters { return false; } - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getFormCustomizaten() - */ - @Override - public Map getFormCustomizaten() { - // TODO Auto-generated method stub - return null; - } - /* (non-Javadoc) * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getQaaLevel() */ diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java index 48ef5b526..2bb31f700 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java @@ -56,7 +56,6 @@ import javax.security.cert.X509Certificate; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import org.apache.velocity.VelocityContext; import org.bouncycastle.asn1.x500.X500Name; import org.bouncycastle.asn1.x509.BasicConstraints; import org.bouncycastle.asn1.x509.Extension; @@ -80,17 +79,18 @@ import com.google.gson.JsonParser; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.ParseException; -import at.gv.egovernment.moa.id.auth.exception.SessionDataStorageException; +import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration; +import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.Pair; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.SSOTransferContainer; -import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.GUIUtils; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.SSOContainerUtils; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; +import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.moduls.SSOManager; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; @@ -124,6 +124,7 @@ public class SSOTransferServlet{ @Autowired ITransactionStorage transactionStorage; @Autowired IDPCredentialProvider idpCredentials; @Autowired AuthConfiguration authConfig; + @Autowired IGUIFormBuilder guiBuilder; public SSOTransferServlet() { super(); @@ -145,8 +146,6 @@ public class SSOTransferServlet{ method = {RequestMethod.GET}) public void testTransferSSOSessionGUIWithoutAuthentication(HttpServletRequest req, HttpServletResponse resp) throws IOException { try { - VelocityContext context = new VelocityContext(); - //create first step of SSO Transfer GUI String authURL = HTTPUtils.extractAuthURLFromRequest(req); if (!AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix().contains(authURL)) { @@ -155,8 +154,13 @@ public class SSOTransferServlet{ } + DefaultGUIFormBuilderConfiguration config = new DefaultGUIFormBuilderConfiguration( + authURL, + DefaultGUIFormBuilderConfiguration.VIEW_SSO_SESSION_TRANSFER, + null); + internalCreateQRCodeForTransfer(resp, authURL, - "123456", "/TestTransmitSSOSession", context); + "123456", "/TestTransmitSSOSession", config); } catch (MOAIDException | MOADatabaseException e) { e.printStackTrace(); @@ -388,28 +392,32 @@ public class SSOTransferServlet{ //search SSO session String ssoid = ssomanager.getSSOSessionID(req); - VelocityContext context = new VelocityContext(); - try { + String authURL = HTTPUtils.extractAuthURLFromRequest(req); + if (!AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix(). + contains(authURL)) { + Logger.warn("Requested URL is not allowed.");; + resp.sendError(500, "Requested URL is not allowed."); + + } + + DefaultGUIFormBuilderConfiguration config = new DefaultGUIFormBuilderConfiguration( + authURL, + DefaultGUIFormBuilderConfiguration.VIEW_SSO_SESSION_TRANSFER, + null); + if (ssomanager.isValidSSOSession(ssoid, null)) { //Object createQRObj = req.getParameter(SSOTransferConstants.REQ_PARAM_GENERATE_QR); //create first step of SSO Transfer GUI - String authURL = HTTPUtils.extractAuthURLFromRequest(req); - if (!AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix(). - contains(authURL)) { - Logger.warn("Requested URL is not allowed.");; - resp.sendError(500, "Requested URL is not allowed."); - - } - + String moaSessionID = authenticationSessionStorage.getMOASessionSSOID(ssoid); if (MiscUtil.isNotEmpty(moaSessionID)) { AuthenticationSession authSession = authenticationSessionStorage.getSession(moaSessionID); if(authSession != null) { internalCreateQRCodeForTransfer(resp, authURL, authSession.getSessionID(), - SSOTransferConstants.SERVLET_SSOTRANSFER_TO_SMARTPHONE, context); + SSOTransferConstants.SERVLET_SSOTRANSFER_TO_SMARTPHONE, config); return; } @@ -417,9 +425,10 @@ public class SSOTransferServlet{ } - context.put("errorMsg", + config.putCustomParameter("errorMsg", "No active Single Sign-On session found! SSO Session transfer is not possible."); - GUIUtils.printSSOTransferGUI(context, resp); + + guiBuilder.build(resp, config, "SSO-Transfer-Module"); } catch (MOAIDException | MOADatabaseException e) { e.printStackTrace(); @@ -505,7 +514,7 @@ public class SSOTransferServlet{ } private void internalCreateQRCodeForTransfer(HttpServletResponse resp, String authURL, - String moaSessionID, String servletEndPoint, VelocityContext context) throws Exception { + String moaSessionID, String servletEndPoint, DefaultGUIFormBuilderConfiguration config) throws Exception { SSOTransferContainer container = new SSOTransferContainer(); String token = Random.nextRandom(); @@ -558,12 +567,12 @@ public class SSOTransferServlet{ ByteArrayOutputStream qrStream = QRCode.from(qrResult.toString()).to(ImageType.GIF).withSize(350, 350).stream(); String base64EncodedImage = Base64Utils.encode(qrStream.toByteArray()); - context.put("QRImage", base64EncodedImage); + config.putCustomParameter("QRImage", base64EncodedImage); - context.put("successMsg", "Scan the QR-Code with your SSO-Transfer App to start the transfer operation."); + config.putCustomParameter("successMsg", "Scan the QR-Code with your SSO-Transfer App to start the transfer operation."); - GUIUtils.printSSOTransferGUI(context, resp); - + + guiBuilder.build(resp, config, "SSO-Session Transfer-Module"); } diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java index 0b3bd892a..cd18afb71 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java @@ -33,9 +33,9 @@ import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.servlet.AbstractProcessEngineSignalController; -import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.logging.Logger; /** diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java index e84c60ec5..e3c8efb50 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java @@ -25,14 +25,14 @@ package at.gv.egovernment.moa.id.auth.modules.ssotransfer.task; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import org.apache.velocity.VelocityContext; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; -import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; +import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.GUIUtils; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.util.HTTPUtils; @@ -45,6 +45,8 @@ import at.gv.egovernment.moa.logging.Logger; @Component("InitializeRestoreSSOSessionTask") public class InitializeRestoreSSOSessionTask extends AbstractAuthServletTask { + @Autowired IGUIFormBuilder guiBuilder; + /* (non-Javadoc) * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) */ @@ -63,11 +65,10 @@ public class InitializeRestoreSSOSessionTask extends AbstractAuthServletTask { } - VelocityContext context = GUIUtils.buildSSOTransferGUI(authURL, pendingReq.getRequestID()); - GUIUtils.printSSOTransferGUI(context, response); + GUIUtils.buildSSOTransferGUI(guiBuilder, response, authURL, pendingReq.getRequestID()); - } catch (WrongParametersException | AuthenticationException e) { + } catch (MOAIDException e) { throw new TaskExecutionException(pendingReq, e.getMessage(), e); } catch (Exception e) { diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java index d52e03c09..526f45be3 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java @@ -38,12 +38,13 @@ import org.springframework.stereotype.Component; import com.google.gson.JsonObject; import com.google.gson.JsonParser; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.GUIUtils; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.SSOContainerUtils; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.process.api.ExecutionContext; @@ -60,6 +61,7 @@ import at.gv.egovernment.moa.util.MiscUtil; public class RestoreSSOSessionTask extends AbstractAuthServletTask { @Autowired SSOContainerUtils ssoTransferUtils; + @Autowired IGUIFormBuilder guiBuilder; /* (non-Javadoc) * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) @@ -180,8 +182,8 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask { } - context = GUIUtils.buildSSOTransferGUI(authURL, pendingReq.getRequestID()); - GUIUtils.printSSOTransferGUI(context, response); + GUIUtils.buildSSOTransferGUI(guiBuilder, response, + authURL, pendingReq.getRequestID()); } catch (IOException | MOAIDException e) { throw new TaskExecutionException(pendingReq, e.getMessage(), e); diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java index ee7a397aa..b1446c4d2 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java @@ -22,29 +22,19 @@ */ package at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils; -import java.io.BufferedReader; import java.io.ByteArrayOutputStream; -import java.io.File; -import java.io.FileInputStream; import java.io.IOException; -import java.io.InputStream; -import java.io.InputStreamReader; -import java.io.StringWriter; -import java.net.URI; import javax.servlet.http.HttpServletResponse; -import org.apache.velocity.VelocityContext; -import org.apache.velocity.app.VelocityEngine; - import com.google.gson.JsonObject; -import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration; +import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder; +import at.gv.egovernment.moa.id.auth.frontend.exception.GUIBuildException; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants; -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.util.VelocityProvider; +import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; import net.glxn.qrgen.QRCode; @@ -54,95 +44,43 @@ import net.glxn.qrgen.image.ImageType; * @author tlenz * */ -public class GUIUtils { - private static final String HTMLTEMPLATESDIR = "htmlTemplates/"; - private static final String GUI_HTML_TEMPLATE = "sso_transfer_template.html"; - +public class GUIUtils { public static final int REFESH_TIMEOUT = 5 * 1000; //5 sec - public static VelocityContext buildSSOTransferGUI(String authURL, String pendingReqID) throws ConfigurationException, IOException { - String containerURL = authURL - + SSOTransferConstants.SERVLET_SSOTRANSFER_FROM_SMARTPHONE - + "?" + MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingReqID; + public static void buildSSOTransferGUI( + IGUIFormBuilder guiBuilder, HttpServletResponse httpResp, + String authURL, String pendingReqID) throws ConfigurationException, IOException { + try { + String containerURL = authURL + + SSOTransferConstants.SERVLET_SSOTRANSFER_FROM_SMARTPHONE + + "?" + MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingReqID; - JsonObject qrResult = new JsonObject(); - qrResult.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_TYPE, - SSOTransferConstants.SSOCONTAINER_VALUE_TYPE_TRANSER); - qrResult.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_URL, containerURL); + JsonObject qrResult = new JsonObject(); + qrResult.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_TYPE, + SSOTransferConstants.SSOCONTAINER_VALUE_TYPE_TRANSER); + qrResult.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_URL, containerURL); - ByteArrayOutputStream qrStream = - QRCode.from(qrResult.toString()).to(ImageType.GIF).withSize(300, 300).stream(); - String base64EncodedImage = Base64Utils.encode(qrStream.toByteArray()); - VelocityContext context = new VelocityContext(); - context.put("QRImage", base64EncodedImage); - - context.put("successMsg", "Select the SSO Session in your SSO-Transfer App and scan the QR-Code to start the process."); - - context.put("timeoutURL", containerURL); - context.put("timeout", REFESH_TIMEOUT); - - return context; - - } - - public static void printSSOTransferGUI(VelocityContext context, HttpServletResponse httpResp) throws MOAIDException { - try { - Logger.trace("Initialize VelocityEngine..."); - - InputStream is = null; - String pathLocation = null; - try { - String rootconfigdir = AuthConfigurationProviderFactory.getInstance().getRootConfigFileDir(); - pathLocation = rootconfigdir + HTMLTEMPLATESDIR + GUI_HTML_TEMPLATE; - File file = new File(new URI(pathLocation)); - is = new FileInputStream(file); - evaluateTemplate(context, httpResp, is); - - } catch (Exception e) { - Logger.warn("SLO Template is not found in configuration directory (" + - pathLocation + "). Load template from project library ... "); - - try { - pathLocation = GUI_HTML_TEMPLATE; - is = Thread.currentThread() - .getContextClassLoader() - .getResourceAsStream(pathLocation); - evaluateTemplate(context, httpResp, is); + ByteArrayOutputStream qrStream = + QRCode.from(qrResult.toString()).to(ImageType.GIF).withSize(300, 300).stream(); + String base64EncodedImage = Base64Utils.encode(qrStream.toByteArray()); - } catch (Exception e1) { - Logger.error("Single LogOut form can not created.", e); - throw new MOAIDException("Create Single LogOut information FAILED.", null, e); - } - - } finally { - if (is != null) - is.close(); + DefaultGUIFormBuilderConfiguration config = new DefaultGUIFormBuilderConfiguration( + authURL, + DefaultGUIFormBuilderConfiguration.VIEW_SSO_SESSION_TRANSFER, + null); + + config.putCustomParameter("QRImage", base64EncodedImage); + config.putCustomParameter("successMsg", "Select the SSO Session in your SSO-Transfer App and scan the QR-Code to start the process."); + config.putCustomParameter("timeoutURL", containerURL); + config.putCustomParameter("timeout", REFESH_TIMEOUT); - } + guiBuilder.build(httpResp, config, "SSO-Transfer-Module"); - } catch (Exception e) { - Logger.error("Single LogOut form can not created.", e); - throw new MOAIDException("Create Single LogOut information FAILED.", null, e); - } - } - - private static void evaluateTemplate(VelocityContext context, HttpServletResponse httpResp, InputStream is) throws Exception { - - VelocityEngine engine = VelocityProvider.getClassPathVelocityEngine(); - - BufferedReader reader = new BufferedReader(new InputStreamReader(is )); - - //set default elements to velocity context - context.put("contextpath", AuthConfigurationProviderFactory.getInstance().getPublicURLPrefix()); - - StringWriter writer = new StringWriter(); - //velocityEngine.evaluate(context, writer, "SLO_Template", reader); - engine.evaluate(context, writer, "SSO Transfer Template", reader); - - - httpResp.setContentType("text/html;charset=UTF-8"); - httpResp.getOutputStream().write(writer.toString().getBytes("UTF-8")); - - } - + } catch (GUIBuildException e) { + Logger.warn("Can not build GUI:'BKU-Selection'. Msg:" + e.getMessage(), e); + throw new ConfigurationException("builder.09", new Object[]{e.getMessage()}, e); + + } + + } } diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java index b2ab8b119..5f2642cf8 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java @@ -81,19 +81,19 @@ import org.w3c.dom.NodeList; import com.google.gson.JsonObject; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.SSOTransferAuthenticationData; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.SSOTransferOnlineApplication; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.MISMandate; -import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion.PVP2AssertionBuilder; -- cgit v1.2.3 From e03689468de9aaa0bd2b3234b8e6842988a29684 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 15 Mar 2016 10:43:39 +0100 Subject: change PVP EntityID to metadata-URL (SAML2 'well-known-location' method) --- .../moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'id/server/modules/moa-id-module-ssoTransfer') diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java index 5f2642cf8..9683d5cb7 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java @@ -97,6 +97,7 @@ import at.gv.egovernment.moa.id.data.MISMandate; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion.PVP2AssertionBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoCredentialsException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SAMLRequestNotSignedException; @@ -320,14 +321,13 @@ public class SSOContainerUtils { public String generateSignedAndEncryptedSSOContainer(String authURL, AuthenticationSession authSession, Date date) { try { - String entityID = authURL; + String entityID = PVPConfiguration.getInstance().getIDPSSOMetadataService(authURL); AuthnContextClassRef authnContextClassRef = SAML2Utils .createSAMLObject(AuthnContextClassRef.class); authnContextClassRef.setAuthnContextClassRef(authSession.getQAALevel()); NameID subjectNameID = SAML2Utils.createSAMLObject(NameID.class); - String random = Random.nextRandom(); - String nameID = subjectNameID.getValue(); + String random = Random.nextLongRandom(); try { MessageDigest md = MessageDigest.getInstance("SHA-1"); byte[] hash = md.digest((random).getBytes("ISO-8859-1")); -- cgit v1.2.3 From 99e249a0f292bda3def5e5fbb4cc641c6dbbe26f Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 22 Mar 2016 14:42:33 +0100 Subject: update SSO transfer module --- .../modules/ssotransfer/SSOTransferConstants.java | 4 + .../ssotransfer/servlet/SSOTransferServlet.java | 61 ++-------- .../task/InitializeRestoreSSOSessionTask.java | 36 +++++- .../ssotransfer/task/RestoreSSOSessionTask.java | 125 +++++++++++++++------ .../auth/modules/ssotransfer/utils/GUIUtils.java | 42 ++++++- .../ssotransfer/utils/SSOContainerUtils.java | 75 +++++++++++-- 6 files changed, 241 insertions(+), 102 deletions(-) (limited to 'id/server/modules/moa-id-module-ssoTransfer') diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferConstants.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferConstants.java index ce3a7856b..1ee715afa 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferConstants.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferConstants.java @@ -58,8 +58,12 @@ public class SSOTransferConstants { public static final String SSOCONTAINER_KEY_USERID = "userID"; public static final String SSOCONTAINER_KEY_SESSION = "session"; public static final String SSOCONTAINER_KEY_RESULTENDPOINT = "resultEndPoint"; + public static final String SSOCONTAINER_KEY_NONCE = "nonce"; public static final String FLAG_SSO_SESSION_RESTORED = "ssoRestoredFlag"; public static final long CERT_VALIDITY = 700; //2 years + + public static final String PENDINGREQ_DH = "dhparams"; + public static final String PENDINGREQ_NONCE = "nonce"; } diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java index 2bb31f700..7cf7c914a 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java @@ -30,13 +30,9 @@ import java.io.PrintWriter; import java.math.BigInteger; import java.net.URL; import java.security.InvalidKeyException; -import java.security.KeyFactory; -import java.security.KeyPair; -import java.security.KeyPairGenerator; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.security.PrivateKey; -import java.security.PublicKey; import java.security.SecureRandom; import java.security.Security; import java.security.spec.InvalidKeySpecException; @@ -46,11 +42,9 @@ import java.util.Date; import javax.crypto.BadPaddingException; import javax.crypto.Cipher; import javax.crypto.IllegalBlockSizeException; -import javax.crypto.KeyAgreement; import javax.crypto.NoSuchPaddingException; import javax.crypto.spec.DHParameterSpec; import javax.crypto.spec.DHPublicKeySpec; -import javax.crypto.spec.SecretKeySpec; import javax.security.cert.CertificateException; import javax.security.cert.X509Certificate; import javax.servlet.http.HttpServletRequest; @@ -467,7 +461,7 @@ public class SSOTransferServlet{ DHPublicKeySpec mobilePubKeySpec = new DHPublicKeySpec(mobilePubKey, container.getDhParams().getF().getP(), container.getDhParams().getF().getG()); - byte[] sharedSecret = getSecret(mobilePubKeySpec, container.getDhParams().getS()); + byte[] sharedSecret = ssoTransferUtils.getSecret(mobilePubKeySpec, container.getDhParams().getS()); //build ASE256 key MessageDigest digest = MessageDigest.getInstance("SHA-256"); @@ -479,7 +473,7 @@ public class SSOTransferServlet{ byte[] encryptedCSR = Base64Utils.decode(mobileCSRBase64, true); Logger.debug("EncCSR:" + Base64Utils.encode(encryptedCSR) + " | Key:" + Base64Utils.encode(hashedSecret)); - byte[] decryptedCSR = enOrDeCryptCSR(encryptedCSR, hashedSecret, Cipher.DECRYPT_MODE); + byte[] decryptedCSR = ssoTransferUtils.enOrDeCryptCSR(encryptedCSR, hashedSecret, Cipher.DECRYPT_MODE); Logger.debug("DecCSR:" + Base64Utils.encode(decryptedCSR)); Logger.debug("CSR decryption finished. --> Starting CSR validation and signing ..."); @@ -496,18 +490,16 @@ public class SSOTransferServlet{ Date now = new Date(); String personInformationToTransfer = ssoTransferUtils.generateSignedAndEncryptedSSOContainer( - container.getAuthURL(), moaSession, now); + container.getAuthURL(), moaSession, now, hashedSecret); Logger.debug("PersonData:" + personInformationToTransfer); //encrypt personal information Logger.debug("PersonData generation finished. --> Starting personData encryption ... "); - byte[] encPersonData = enOrDeCryptCSR(personInformationToTransfer.getBytes(), hashedSecret, Cipher.ENCRYPT_MODE); - String encAndEncodedPersonalData = Base64Utils.encode(encPersonData); Logger.debug("Encrypt personData finished. --> Send token to device."); resp.setContentType("text/html;charset=UTF-8"); PrintWriter out = new PrintWriter(resp.getOutputStream()); - out.print(encAndEncodedPersonalData); + out.print(personInformationToTransfer); out.flush(); return; @@ -539,7 +531,7 @@ public class SSOTransferServlet{ BigInteger generator = new BigInteger(Base64Utils.decode(SSOTransferConstants.DH_GENERATOR_BASE64, false)); DHParameterSpec dhSpec = new DHParameterSpec(prime, generator, 1024); - Pair dhKeyIDP = createSpecificKey(dhSpec.getP(), dhSpec.getG()); + Pair dhKeyIDP = ssoTransferUtils.createSpecificKey(dhSpec.getP(), dhSpec.getG()); container.setDhParams(dhKeyIDP); //store container @@ -575,17 +567,7 @@ public class SSOTransferServlet{ guiBuilder.build(resp, config, "SSO-Session Transfer-Module"); } - - public byte[] enOrDeCryptCSR(byte[] binBlob, byte[] binSecret, int mode) throws IllegalBlockSizeException, BadPaddingException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException { - byte[] decrypted = null; - SecretKeySpec skeySpec = new SecretKeySpec(binSecret, "AES"); - Cipher cipher = Cipher.getInstance("AES"); - cipher.init(mode, skeySpec); - decrypted = cipher.doFinal(binBlob); - - return decrypted; - } - + private X509Certificate signCSRWithMOAKey(byte[] inputCSR) throws IOException, OperatorCreationException, PKCSException, CredentialsNotAvailableException, CertificateException { PKCS10CertificationRequest csr = new PKCS10CertificationRequest(inputCSR); @@ -613,20 +595,7 @@ public class SSOTransferServlet{ } - - private static byte[] getSecret(DHPublicKeySpec kspectrans, PrivateKey privateKey) throws NoSuchAlgorithmException, InvalidKeySpecException, InvalidKeyException { - KeyAgreement aKeyAgree = KeyAgreement.getInstance("DiffieHellman"); - aKeyAgree.init(privateKey); - - KeyFactory kfactory = KeyFactory.getInstance("DiffieHellman"); - PublicKey pub = kfactory.generatePublic(kspectrans); - aKeyAgree.doPhase(pub, true); - - byte[] secretKey = aKeyAgree.generateSecret(); - return secretKey; - - } - + private JsonObject getJSONObjectFromPostMessage(HttpServletRequest req, boolean developmentMode) { //read POST request StringBuffer sb = new StringBuffer(); @@ -662,20 +631,4 @@ public class SSOTransferServlet{ } - private Pair createSpecificKey(BigInteger p, BigInteger g) throws Exception { - KeyPairGenerator kpg = KeyPairGenerator.getInstance("DiffieHellman"); - - DHParameterSpec param = new DHParameterSpec(p, g); - kpg.initialize(param); - KeyPair kp = kpg.generateKeyPair(); - - KeyFactory kfactory = KeyFactory.getInstance("DiffieHellman"); - - Pair pair = new Pair( - (DHPublicKeySpec) kfactory.getKeySpec(kp.getPublic(), DHPublicKeySpec.class), kp.getPrivate()); - return pair; - - } - - } diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java index e3c8efb50..be27de9a1 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java @@ -22,6 +22,11 @@ */ package at.gv.egovernment.moa.id.auth.modules.ssotransfer.task; +import java.math.BigInteger; +import java.security.PrivateKey; + +import javax.crypto.spec.DHParameterSpec; +import javax.crypto.spec.DHPublicKeySpec; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -31,12 +36,18 @@ import org.springframework.stereotype.Component; import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants; +import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.Pair; +import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.SSOTransferContainer; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.GUIUtils; +import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.SSOContainerUtils; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.util.HTTPUtils; +import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Base64Utils; /** * @author tlenz @@ -46,6 +57,7 @@ import at.gv.egovernment.moa.logging.Logger; public class InitializeRestoreSSOSessionTask extends AbstractAuthServletTask { @Autowired IGUIFormBuilder guiBuilder; + @Autowired SSOContainerUtils ssoTransferUtils; /* (non-Javadoc) * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) @@ -64,10 +76,30 @@ public class InitializeRestoreSSOSessionTask extends AbstractAuthServletTask { response.sendError(500, "Requested URL is not allowed."); } - - GUIUtils.buildSSOTransferGUI(guiBuilder, response, authURL, pendingReq.getRequestID()); + + //use predefined parameters + BigInteger prime = new BigInteger(Base64Utils.decode(SSOTransferConstants.DH_PRIME_BASE64, false)); + BigInteger generator = new BigInteger(Base64Utils.decode(SSOTransferConstants.DH_GENERATOR_BASE64, false)); + DHParameterSpec dhSpec = new DHParameterSpec(prime, generator, 1024); + + Pair dhKeyIDP = ssoTransferUtils.createSpecificKey(dhSpec.getP(), dhSpec.getG()); + String nonce = Random.nextLongRandom(); + GUIUtils.buildSSOTransferGUI(guiBuilder, response, authURL, + pendingReq.getRequestID(), nonce, dhKeyIDP.getF()); + //store DH params and nonce to pending-request + SSOTransferContainer container = new SSOTransferContainer(); + container.setDhParams(dhKeyIDP); + pendingReq.setGenericDataToSession(SSOTransferConstants.PENDINGREQ_DH, container); + pendingReq.setGenericDataToSession(SSOTransferConstants.PENDINGREQ_NONCE, nonce); + + //store pending-request + requestStoreage.storePendingRequest(pendingReq); + + //set flag + executionContext.put("sessionRestoreFinished", false); + } catch (MOAIDException e) { throw new TaskExecutionException(pendingReq, e.getMessage(), e); diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java index 526f45be3..6d9b43e5b 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java @@ -24,12 +24,15 @@ package at.gv.egovernment.moa.id.auth.modules.ssotransfer.task; import java.io.BufferedReader; import java.io.IOException; +import java.math.BigInteger; +import java.security.MessageDigest; +import javax.crypto.Cipher; +import javax.crypto.spec.DHPublicKeySpec; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang3.BooleanUtils; -import org.apache.velocity.VelocityContext; import org.joda.time.DateTime; import org.opensaml.saml2.core.Response; import org.springframework.beans.factory.annotation.Autowired; @@ -42,16 +45,20 @@ import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants; +import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.SSOTransferContainer; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.GUIUtils; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.SSOContainerUtils; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.process.api.ExecutionContext; -import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor; import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.MiscUtil; +import iaik.x509.X509Certificate; /** * @author tlenz @@ -100,6 +107,14 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask { } + String nonce = pendingReq.getGenericData(SSOTransferConstants.PENDINGREQ_NONCE, String.class); + SSOTransferContainer container = pendingReq.getGenericData( + SSOTransferConstants.PENDINGREQ_DH, SSOTransferContainer.class); + if (container == null) { + throw new TaskExecutionException(pendingReq, "NO DH-Params in pending-request", null); + + } + if (MiscUtil.isNotEmpty(receivedPostMessage)) { Logger.debug("Receive POST-Message data. Start data-validation process ... "); @@ -109,40 +124,81 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask { JsonObject reveivedSession = reveivedData.get("session").getAsJsonObject(); String validTo = reveivedSession.get("validTo").getAsString(); String entityID = reveivedSession.get("entityID").getAsString(); - String sessionBlob = reveivedSession.get("sessionBlob").getAsString(); + //String sessionBlob = reveivedSession.get("sessionBlob").getAsString(); + +// Logger.trace("Blob:" + sessionBlob + +// " | validTo:" + validTo + +// " | entityIS:" + entityID); + + + //TODO!!!! + String mobilePubKeyBase64 = reveivedSession.get( + SSOTransferConstants.SSOCONTAINER_KEY_DH_PUBKEY).getAsString(); + String encSessionBlobBase64 = new String(); - Logger.trace("Blob:" + sessionBlob + - " | validTo:" + validTo + - " | entityIS:" + entityID); + Logger.debug("Receive PubKey:" +mobilePubKeyBase64 + " | SessionBlob:" + encSessionBlobBase64); + + //finish DH key agreement + BigInteger mobilePubKey = new BigInteger(Base64Utils.decode(mobilePubKeyBase64, true)); + DHPublicKeySpec mobilePubKeySpec = new DHPublicKeySpec(mobilePubKey, + container.getDhParams().getF().getP(), + container.getDhParams().getF().getG()); + byte[] sharedSecret = ssoTransferUtils.getSecret(mobilePubKeySpec, container.getDhParams().getS()); + + //build ASE256 key + MessageDigest digest = MessageDigest.getInstance("SHA-256"); + digest.reset(); + byte[] hashedSecret = digest.digest(sharedSecret); + + //decrypt CSR + Logger.debug("Finished Diffie-Hellman key exchange. --> Starting SessionBlob decryption ..."); + byte[] encryptedSessionBlob = Base64Utils.decode(encSessionBlobBase64, true); + Logger.debug("EncSessionBlob:" + Base64Utils.encode(encryptedSessionBlob) + " | Key:" + Base64Utils.encode(hashedSecret)); + + byte[] sessionBlobArray = ssoTransferUtils.enOrDeCryptCSR(encryptedSessionBlob, hashedSecret, Cipher.DECRYPT_MODE); + String sessionBlob = new String(sessionBlobArray, "UTF-8"); + Logger.debug("DecSessionBlob:" + sessionBlob); - if (PVPConfiguration.getInstance().getIDPPublicPath().contains(entityID)) { - // stored SSO session data is from this IDP - start local session reconstruction - Response ssoInformation = ssoTransferUtils.validateReceivedSSOContainer(sessionBlob, entityID); - - //transfer SSO Assertion into MOA-Session - ssoTransferUtils.parseSSOContainerToMOASessionDataObject(pendingReq, moasession, ssoInformation); - - // store MOASession into database - try { - authenticatedSessionStorage.storeSession(moasession); - - } catch (MOADatabaseException e) { - Logger.error("Database Error! MOASession is not stored!"); - throw new MOAIDException("init.04", new Object[] { - moasession.getSessionID()}); - } - - executionContext.put(SSOTransferConstants.FLAG_SSO_SESSION_RESTORED, true); - executionContext.put("sessionRestoreFinished", false); - - } else { - Logger.info("Received SSO session-data is from IDP: " + entityID - + ". Start inderfederation process to restore SSO session ... "); - //change to inderfederated session reconstruction - - Logger.warn("Device Session Transfer with interfederation is not implemented, yet!!!!"); + //parse SAML2 assertion + Response ssoInformation = ssoTransferUtils.validateReceivedSSOContainer(sessionBlob); + + //validate signature + AssertionAttributeExtractor attributeExtractor = new AssertionAttributeExtractor(ssoInformation); + String holderOfKeyCertBase64 = attributeExtractor.getSingleAttributeValue(PVPConstants.PVP_HOLDEROFKEY_NAME); + byte[] holderOfKeyCertEncoded = Base64Utils.decode(holderOfKeyCertBase64, false); + X509Certificate holderOfKeyCert = new X509Certificate(holderOfKeyCertEncoded); + Logger.debug("Found HolderOfKey Certificate:" + holderOfKeyCert.getSubjectDN().toString()); + + + //TODO: implement Signature validation + + Logger.debug("MobileDevice is valid. --> Starting session reconstruction ..."); + + + //transfer SSO Assertion into MOA-Session + ssoTransferUtils.parseSSOContainerToMOASessionDataObject(pendingReq, moasession, attributeExtractor); + + // store MOASession into database + try { + authenticatedSessionStorage.storeSession(moasession); + + } catch (MOADatabaseException e) { + Logger.error("Database Error! MOASession is not stored!"); + throw new MOAIDException("init.04", new Object[] { + moasession.getSessionID()}); + } + + executionContext.put(SSOTransferConstants.FLAG_SSO_SESSION_RESTORED, true); + executionContext.put("sessionRestoreFinished", false); + + +// Logger.info("Received SSO session-data is from IDP: " + entityID +// + ". Start inderfederation process to restore SSO session ... "); +// //change to inderfederated session reconstruction +// +// Logger.warn("Device Session Transfer with interfederation is not implemented, yet!!!!"); - } + } catch (Exception e) { Logger.error("Parse reveived JSON data-object " + sb.toString() + " FAILED!", e); @@ -171,7 +227,6 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask { Logger.debug("No restored SSO session found --> Wait a few minutes and check again."); executionContext.put("sessionRestoreFinished", false); - VelocityContext context; try { //create first step of SSO Transfer GUI authURL = HTTPUtils.extractAuthURLFromRequest(request); @@ -183,7 +238,7 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask { } GUIUtils.buildSSOTransferGUI(guiBuilder, response, - authURL, pendingReq.getRequestID()); + authURL, pendingReq.getRequestID(), nonce, container.getDhParams().getF()); } catch (IOException | MOAIDException e) { throw new TaskExecutionException(pendingReq, e.getMessage(), e); diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java index b1446c4d2..13a278d1d 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java @@ -25,6 +25,7 @@ package at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils; import java.io.ByteArrayOutputStream; import java.io.IOException; +import javax.crypto.spec.DHPublicKeySpec; import javax.servlet.http.HttpServletResponse; import com.google.gson.JsonObject; @@ -37,6 +38,7 @@ import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; +import at.gv.egovernment.moa.util.MiscUtil; import net.glxn.qrgen.QRCode; import net.glxn.qrgen.image.ImageType; @@ -50,18 +52,50 @@ public class GUIUtils { public static void buildSSOTransferGUI( IGUIFormBuilder guiBuilder, HttpServletResponse httpResp, String authURL, String pendingReqID) throws ConfigurationException, IOException { + buildSSOTransferGUI(guiBuilder, httpResp, authURL, pendingReqID, null, null); + + } + + /** + * @param guiBuilder + * @param response + * @param authURL + * @param requestID + * @param nonce + * @param dhKeyIDP + * @throws ConfigurationException + * @throws IOException + */ + public static void buildSSOTransferGUI(IGUIFormBuilder guiBuilder, HttpServletResponse response, String authURL, + String requestID, String nonce, DHPublicKeySpec dhKeyIDP) throws ConfigurationException, IOException { try { String containerURL = authURL + SSOTransferConstants.SERVLET_SSOTRANSFER_FROM_SMARTPHONE - + "?" + MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingReqID; + + "?" + MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID + "=" + requestID; + + + JsonObject qrResult = new JsonObject(); qrResult.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_TYPE, SSOTransferConstants.SSOCONTAINER_VALUE_TYPE_TRANSER); qrResult.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_URL, containerURL); + + if (MiscUtil.isNotEmpty(nonce)) + qrResult.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_NONCE, nonce); + if (dhKeyIDP != null) { + qrResult.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_DH_PUBKEY, + Base64Utils.encode(dhKeyIDP.getY().toByteArray())); + qrResult.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_DH_PRIME, + Base64Utils.encode(dhKeyIDP.getP().toByteArray())); + qrResult.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_DH_GENERATOR, + Base64Utils.encode(dhKeyIDP.getG().toByteArray())); + + } + ByteArrayOutputStream qrStream = - QRCode.from(qrResult.toString()).to(ImageType.GIF).withSize(300, 300).stream(); + QRCode.from(qrResult.toString()).to(ImageType.GIF).withSize(350, 350).stream(); String base64EncodedImage = Base64Utils.encode(qrStream.toByteArray()); DefaultGUIFormBuilderConfiguration config = new DefaultGUIFormBuilderConfiguration( @@ -74,13 +108,13 @@ public class GUIUtils { config.putCustomParameter("timeoutURL", containerURL); config.putCustomParameter("timeout", REFESH_TIMEOUT); - guiBuilder.build(httpResp, config, "SSO-Transfer-Module"); + guiBuilder.build(response, config, "SSO-Transfer-Module"); } catch (GUIBuildException e) { Logger.warn("Can not build GUI:'BKU-Selection'. Msg:" + e.getMessage(), e); throw new ConfigurationException("builder.09", new Object[]{e.getMessage()}, e); } - + } } diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java index 9683d5cb7..ab0aba6a7 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java @@ -25,14 +25,31 @@ package at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils; import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.StringWriter; +import java.math.BigInteger; +import java.security.InvalidKeyException; +import java.security.KeyFactory; +import java.security.KeyPair; +import java.security.KeyPairGenerator; import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; +import java.security.PrivateKey; +import java.security.PublicKey; import java.security.cert.CertificateException; +import java.security.spec.InvalidKeySpecException; import java.util.ArrayList; import java.util.Collections; import java.util.Date; import java.util.HashMap; import java.util.List; +import javax.crypto.BadPaddingException; +import javax.crypto.Cipher; +import javax.crypto.IllegalBlockSizeException; +import javax.crypto.KeyAgreement; +import javax.crypto.NoSuchPaddingException; +import javax.crypto.spec.DHParameterSpec; +import javax.crypto.spec.DHPublicKeySpec; +import javax.crypto.spec.SecretKeySpec; import javax.xml.XMLConstants; import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; @@ -83,6 +100,7 @@ import com.google.gson.JsonObject; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants; +import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.Pair; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.SSOTransferAuthenticationData; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.SSOTransferOnlineApplication; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; @@ -149,8 +167,8 @@ public class SSOContainerUtils { @Autowired SAMLVerificationEngineSP samlVerificationEngine; @Autowired AuthConfiguration authConfig; - public void parseSSOContainerToMOASessionDataObject(IRequest pendingReq, AuthenticationSession moasession, Response ssoInformation) throws AssertionAttributeExtractorExeption, ConfigurationException { - AssertionAttributeExtractor attributeExtractor = new AssertionAttributeExtractor(ssoInformation); + public void parseSSOContainerToMOASessionDataObject(IRequest pendingReq, AuthenticationSession moasession, AssertionAttributeExtractor attributeExtractor) throws AssertionAttributeExtractorExeption, ConfigurationException { +// AssertionAttributeExtractor attributeExtractor = new AssertionAttributeExtractor(ssoInformation); //TODO: maybe change to correct URL //set dummy BKU URLx @@ -251,7 +269,7 @@ public class SSOContainerUtils { } - public Response validateReceivedSSOContainer(String signedEncryptedContainer, String entityID) throws IOException, XMLParserException, UnmarshallingException, MOAIDException { + public Response validateReceivedSSOContainer(String signedEncryptedContainer) throws IOException, XMLParserException, UnmarshallingException, MOAIDException { byte[] base64decodedContainer = Base64Utils.decode(signedEncryptedContainer, false); final BasicParserPool ppMgr = new BasicParserPool(); @@ -298,7 +316,7 @@ public class SSOContainerUtils { //validate PVP 2.1 assertion samlVerificationEngine.validateAssertion(ssoContainer, false, credentials.getIDPAssertionEncryptionCredential(), - entityID, + ssoContainer.getIssuer().getValue(), "SSO-Session Transfer module" ); return ssoContainer; @@ -319,7 +337,7 @@ public class SSOContainerUtils { public String generateSignedAndEncryptedSSOContainer(String authURL, - AuthenticationSession authSession, Date date) { + AuthenticationSession authSession, Date date, byte[] hashedSecret) { try { String entityID = PVPConfiguration.getInstance().getIDPSSOMetadataService(authURL); AuthnContextClassRef authnContextClassRef = SAML2Utils @@ -363,25 +381,68 @@ public class SSOContainerUtils { String ssoDataBlob = buildSSOContainerObject(authURL, assertion, new DateTime(date.getTime())); + byte[] encPersonData = enOrDeCryptCSR(ssoDataBlob.getBytes(), hashedSecret, Cipher.ENCRYPT_MODE); + String encAndEncodedPersonalData = Base64Utils.encode(encPersonData); + + JsonObject container = new JsonObject(); container.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_TYPE, SSOTransferConstants.SSOCONTAINER_VALUE_TYPE_SSO); container.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_VALIDTO, subjectConfirmationData.getNotOnOrAfter().toString()); container.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_ENTITYID, entityID); container.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_USERID, authData.getGivenName() + " " + authData.getFamilyName()); - container.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_SESSION, ssoDataBlob); + + container.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_SESSION, encAndEncodedPersonalData); //TODO container.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_RESULTENDPOINT, "https://demo.egiz.gv.at"); return container.toString(); - } catch (ConfigurationException | EncryptionException | CredentialsNotAvailableException | SecurityException | ParserConfigurationException | MarshallingException | SignatureException | TransformerFactoryConfigurationError | TransformerException | IOException e) { + } catch (ConfigurationException | EncryptionException | CredentialsNotAvailableException | SecurityException | ParserConfigurationException | MarshallingException | SignatureException | TransformerFactoryConfigurationError | TransformerException | IOException | InvalidKeyException | IllegalBlockSizeException | BadPaddingException | NoSuchAlgorithmException | NoSuchPaddingException e) { Logger.warn("SSO container generation FAILED.", e); } return null; } + public byte[] enOrDeCryptCSR(byte[] binBlob, byte[] binSecret, int mode) throws IllegalBlockSizeException, BadPaddingException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException { + byte[] decrypted = null; + SecretKeySpec skeySpec = new SecretKeySpec(binSecret, "AES"); + Cipher cipher = Cipher.getInstance("AES"); + cipher.init(mode, skeySpec); + decrypted = cipher.doFinal(binBlob); + + return decrypted; + } + + public Pair createSpecificKey(BigInteger p, BigInteger g) throws Exception { + KeyPairGenerator kpg = KeyPairGenerator.getInstance("DiffieHellman"); + + DHParameterSpec param = new DHParameterSpec(p, g); + kpg.initialize(param); + KeyPair kp = kpg.generateKeyPair(); + + KeyFactory kfactory = KeyFactory.getInstance("DiffieHellman"); + + Pair pair = new Pair( + (DHPublicKeySpec) kfactory.getKeySpec(kp.getPublic(), DHPublicKeySpec.class), kp.getPrivate()); + return pair; + + } + + public byte[] getSecret(DHPublicKeySpec kspectrans, PrivateKey privateKey) throws NoSuchAlgorithmException, InvalidKeySpecException, InvalidKeyException { + KeyAgreement aKeyAgree = KeyAgreement.getInstance("DiffieHellman"); + aKeyAgree.init(privateKey); + + KeyFactory kfactory = KeyFactory.getInstance("DiffieHellman"); + PublicKey pub = kfactory.generatePublic(kspectrans); + aKeyAgree.doPhase(pub, true); + + byte[] secretKey = aKeyAgree.generateSecret(); + return secretKey; + + } + private String buildSSOContainerObject(String authURL, Assertion assertion, DateTime date) throws ConfigurationException, EncryptionException, CredentialsNotAvailableException, SecurityException, ParserConfigurationException, MarshallingException, SignatureException, TransformerFactoryConfigurationError, TransformerException, IOException { Response authResponse = SAML2Utils.createSAMLObject(Response.class); -- cgit v1.2.3 From b107abdc2655e62c5d11219f2b90a8e0a85bda91 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 23 Mar 2016 09:48:23 +0100 Subject: update Session-Transfer-Module --- .../moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'id/server/modules/moa-id-module-ssoTransfer') diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java index ab0aba6a7..bf1c7f773 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java @@ -518,7 +518,7 @@ public class SSOContainerUtils { transformer.transform(source, sr); sw.close(); - return Base64Utils.encode(sw.toString().getBytes()); + return sw.toString(); } -- cgit v1.2.3 From 2360a1be1c26b360af0ef66e0c2d0b126b26719b Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 24 Mar 2016 09:02:56 +0100 Subject: add log messages to SSO transfer modul --- .../moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'id/server/modules/moa-id-module-ssoTransfer') diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java index bf1c7f773..753da96de 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java @@ -379,12 +379,16 @@ public class SSOContainerUtils { sessionIndex, subjectConfirmationData.getNotOnOrAfter()); - String ssoDataBlob = buildSSOContainerObject(authURL, assertion, new DateTime(date.getTime())); + //build blob with signed session information + String ssoDataBlob = buildSSOContainerObject(authURL, assertion, new DateTime(date.getTime())); + Logger.debug("Unencrypted SessionBlob:" + ssoDataBlob); + //encrypt session information with ephemeral key byte[] encPersonData = enOrDeCryptCSR(ssoDataBlob.getBytes(), hashedSecret, Cipher.ENCRYPT_MODE); String encAndEncodedPersonalData = Base64Utils.encode(encPersonData); - + Logger.debug("Encrypted SessionBlob:" + encAndEncodedPersonalData); + //build JSON response JsonObject container = new JsonObject(); container.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_TYPE, SSOTransferConstants.SSOCONTAINER_VALUE_TYPE_SSO); container.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_VALIDTO, subjectConfirmationData.getNotOnOrAfter().toString()); -- cgit v1.2.3 From 5848cd0057ad9f607e8c117c18481f5caebfd357 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 24 Mar 2016 17:03:22 +0100 Subject: update Session-Transfer-Module to restore session --- .../modules/ssotransfer/SSOTransferConstants.java | 7 ++ .../ssotransfer/servlet/SSOTransferServlet.java | 2 +- .../ssotransfer/task/RestoreSSOSessionTask.java | 117 +++++++++++++++------ .../ssotransfer/utils/SSOContainerUtils.java | 25 ++--- .../src/test/java/at/gv/egiz/tests/Tests.java | 17 +++ 5 files changed, 123 insertions(+), 45 deletions(-) (limited to 'id/server/modules/moa-id-module-ssoTransfer') diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferConstants.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferConstants.java index 1ee715afa..1a4356653 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferConstants.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferConstants.java @@ -59,11 +59,18 @@ public class SSOTransferConstants { public static final String SSOCONTAINER_KEY_SESSION = "session"; public static final String SSOCONTAINER_KEY_RESULTENDPOINT = "resultEndPoint"; public static final String SSOCONTAINER_KEY_NONCE = "nonce"; + public static final String SSOCONTAINER_KEY_BLOB = "blob"; + public static final String SSOCONTAINER_KEY_SIGNATURE = "signature"; + public static final String SSOCONTAINER_KEY_UNIQUEUSERID = "bPK"; + + public static final String SSOCONTAINER_KEY_STATUS = "status"; public static final String FLAG_SSO_SESSION_RESTORED = "ssoRestoredFlag"; public static final long CERT_VALIDITY = 700; //2 years public static final String PENDINGREQ_DH = "dhparams"; public static final String PENDINGREQ_NONCE = "nonce"; + + } diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java index 7cf7c914a..b18425839 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java @@ -278,7 +278,7 @@ public class SSOTransferServlet{ @RequestMapping(value = { "/TransmitSSOSession" }, - method = {RequestMethod.GET}) + method = {RequestMethod.GET, RequestMethod.POST}) public void transferToPhone(HttpServletRequest req, HttpServletResponse resp) throws IOException { Logger.debug("Receive " + this.getClass().getName() + " request"); diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java index 6d9b43e5b..dd133e4fb 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java @@ -24,6 +24,7 @@ package at.gv.egovernment.moa.id.auth.modules.ssotransfer.task; import java.io.BufferedReader; import java.io.IOException; +import java.io.PrintWriter; import java.math.BigInteger; import java.security.MessageDigest; @@ -96,48 +97,57 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask { Logger.warn("Received POST-message produce an ERROR.", e); } - - //session is valid --> load MOASession object - try { - defaultTaskInitialization(request, executionContext); - - } catch (MOAIDException | MOADatabaseException e1) { - Logger.error("Database Error! MOASession is not stored!"); - throw new TaskExecutionException(pendingReq, "Load MOASession FAILED.", e1); - - } - + String nonce = pendingReq.getGenericData(SSOTransferConstants.PENDINGREQ_NONCE, String.class); SSOTransferContainer container = pendingReq.getGenericData( SSOTransferConstants.PENDINGREQ_DH, SSOTransferContainer.class); if (container == null) { - throw new TaskExecutionException(pendingReq, "NO DH-Params in pending-request", null); + throw new TaskExecutionException(pendingReq, "NO DH-Params in pending-request", + new MOAIDException("NO DH-Params in pending-request", null)); } if (MiscUtil.isNotEmpty(receivedPostMessage)) { Logger.debug("Receive POST-Message data. Start data-validation process ... "); + JsonObject responseMsg = new JsonObject(); try { + Logger.debug("Unformated Msg:" + receivedPostMessage); + JsonParser parser = new JsonParser(); - JsonObject reveivedData = (JsonObject) parser.parse(sb.toString()); - JsonObject reveivedSession = reveivedData.get("session").getAsJsonObject(); - String validTo = reveivedSession.get("validTo").getAsString(); - String entityID = reveivedSession.get("entityID").getAsString(); - //String sessionBlob = reveivedSession.get("sessionBlob").getAsString(); - -// Logger.trace("Blob:" + sessionBlob + -// " | validTo:" + validTo + -// " | entityIS:" + entityID); - - - //TODO!!!! - String mobilePubKeyBase64 = reveivedSession.get( + JsonObject receivedData = (JsonObject) parser.parse(sb.toString()); + + JsonObject receivedSession = receivedData.get( + SSOTransferConstants.SSOCONTAINER_KEY_SESSION).getAsJsonObject(); + + Logger.debug("Received Session-Object:"+ receivedSession.toString()); + + String signature = receivedData.get( + SSOTransferConstants.SSOCONTAINER_KEY_SIGNATURE).getAsString(); + String mobilePubKeyBase64 = receivedData.get( SSOTransferConstants.SSOCONTAINER_KEY_DH_PUBKEY).getAsString(); - String encSessionBlobBase64 = new String(); + + String respNonce = receivedSession.get( + SSOTransferConstants.PENDINGREQ_NONCE).getAsString(); + String encSessionBlobBase64 = receivedSession.get( + SSOTransferConstants.SSOCONTAINER_KEY_BLOB).getAsString(); - Logger.debug("Receive PubKey:" +mobilePubKeyBase64 + " | SessionBlob:" + encSessionBlobBase64); + Logger.debug("Receive PubKey:" +mobilePubKeyBase64 + + " | SessionBlob:" + encSessionBlobBase64 + + " | Nonce:" + respNonce + + " | Signature:" + signature + + " | SignedData:" + receivedSession.toString()); + if (MiscUtil.isEmpty(respNonce) || !respNonce.equals(nonce)) { + Logger.warn("Received 'nonce':" + respNonce + + " does not match to stored 'nonce':" + nonce); + throw new TaskExecutionException(pendingReq, "Received 'nonce':" + respNonce + + " does not match to stored 'nonce':" + nonce, + new MOAIDException("Received 'nonce':" + respNonce + " does not match to stored 'nonce':" + nonce, null)); + + } + + //finish DH key agreement BigInteger mobilePubKey = new BigInteger(Base64Utils.decode(mobilePubKeyBase64, true)); DHPublicKeySpec mobilePubKeySpec = new DHPublicKeySpec(mobilePubKey, @@ -175,6 +185,16 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask { Logger.debug("MobileDevice is valid. --> Starting session reconstruction ..."); + //session is valid --> load MOASession object + try { + defaultTaskInitialization(request, executionContext); + + } catch (MOAIDException | MOADatabaseException e1) { + Logger.error("Database Error! MOASession is not stored!"); + throw new TaskExecutionException(pendingReq, "Load MOASession FAILED.", e1); + + } + //transfer SSO Assertion into MOA-Session ssoTransferUtils.parseSSOContainerToMOASessionDataObject(pendingReq, moasession, attributeExtractor); @@ -190,8 +210,18 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask { executionContext.put(SSOTransferConstants.FLAG_SSO_SESSION_RESTORED, true); executionContext.put("sessionRestoreFinished", false); - + + + responseMsg.addProperty( + SSOTransferConstants.SSOCONTAINER_KEY_STATUS, + "OK"); + response.setStatus(HttpServletResponse.SC_OK); + response.setContentType("text/html;charset=UTF-8"); + PrintWriter out = new PrintWriter(response.getOutputStream()); + out.print(responseMsg.toString()); + out.flush(); + // Logger.info("Received SSO session-data is from IDP: " + entityID // + ". Start inderfederation process to restore SSO session ... "); // //change to inderfederated session reconstruction @@ -202,8 +232,20 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask { } catch (Exception e) { Logger.error("Parse reveived JSON data-object " + sb.toString() + " FAILED!", e); - throw new TaskExecutionException(pendingReq, "JSON data is not parseable.", e); - + //throw new TaskExecutionException(pendingReq, "JSON data is not parseable.", e); + try { + responseMsg.addProperty( + SSOTransferConstants.SSOCONTAINER_KEY_STATUS, + "FAILED"); + response.setStatus(HttpServletResponse.SC_OK); + response.setContentType("text/html;charset=UTF-8"); + PrintWriter out = new PrintWriter(response.getOutputStream()); + out.print(responseMsg.toString()); + out.flush(); + } catch (IOException e1) { + e1.printStackTrace(); + + } } } else { @@ -218,10 +260,21 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask { executionContext.put("sessionRestoreFinished", true); } else { + //session is valid --> load MOASession object + try { + defaultTaskInitialization(request, executionContext); + + } catch (MOAIDException | MOADatabaseException e1) { + Logger.error("Database Error! MOASession is not stored!"); + throw new TaskExecutionException(pendingReq, "Load MOASession FAILED.", e1); + + } + DateTime moaSessionCreated = new DateTime(moasession.getSessionCreated().getTime()); - if (moaSessionCreated.plusMinutes(3).isBeforeNow()) { + if (moaSessionCreated.plusMinutes(1).isBeforeNow()) { Logger.warn("No SSO session-container received. Stop authentication process after time-out."); - throw new TaskExecutionException(pendingReq, "No SSO container received from smartphone app.", null); + throw new TaskExecutionException(pendingReq, "No SSO container received from smartphone app.", + new MOAIDException("No SSO container received from smartphone app.", null)); } else { Logger.debug("No restored SSO session found --> Wait a few minutes and check again."); diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java index 753da96de..0785f767b 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java @@ -129,6 +129,7 @@ import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.MiscUtil; +import at.gv.util.BpkUtil; import iaik.x509.X509Certificate; /** @@ -269,16 +270,14 @@ public class SSOContainerUtils { } - public Response validateReceivedSSOContainer(String signedEncryptedContainer) throws IOException, XMLParserException, UnmarshallingException, MOAIDException { - byte[] base64decodedContainer = Base64Utils.decode(signedEncryptedContainer, false); - + public Response validateReceivedSSOContainer(String signedEncryptedContainer) throws IOException, XMLParserException, UnmarshallingException, MOAIDException { final BasicParserPool ppMgr = new BasicParserPool(); final HashMap features = new HashMap(); features.put(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE); ppMgr.setBuilderFeatures(features); ppMgr.setNamespaceAware(true); - Document document = ppMgr.parse(new ByteArrayInputStream(base64decodedContainer)); + Document document = ppMgr.parse(new ByteArrayInputStream(signedEncryptedContainer.getBytes())); Element domElement = document.getDocumentElement(); UnmarshallerFactory saml2UnmarshallerFactory = Configuration.getUnmarshallerFactory(); @@ -317,8 +316,8 @@ public class SSOContainerUtils { samlVerificationEngine.validateAssertion(ssoContainer, false, credentials.getIDPAssertionEncryptionCredential(), ssoContainer.getIssuer().getValue(), - "SSO-Session Transfer module" - ); + "SSO-Session Transfer module", + false); return ssoContainer; } else { @@ -369,7 +368,7 @@ public class SSOContainerUtils { IAuthData authData = new SSOTransferAuthenticationData(authConfig, authSession); Assertion assertion = PVP2AssertionBuilder.buildGenericAssertion( - authURL, + entityID, entityID, new DateTime(date.getTime()), authnContextClassRef, @@ -380,7 +379,7 @@ public class SSOContainerUtils { subjectConfirmationData.getNotOnOrAfter()); //build blob with signed session information - String ssoDataBlob = buildSSOContainerObject(authURL, assertion, new DateTime(date.getTime())); + String ssoDataBlob = buildSSOContainerObject(entityID, assertion, new DateTime(date.getTime())); Logger.debug("Unencrypted SessionBlob:" + ssoDataBlob); //encrypt session information with ephemeral key @@ -394,8 +393,10 @@ public class SSOContainerUtils { container.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_VALIDTO, subjectConfirmationData.getNotOnOrAfter().toString()); container.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_ENTITYID, entityID); container.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_USERID, authData.getGivenName() + " " + authData.getFamilyName()); - + container.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_SESSION, encAndEncodedPersonalData); + container.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_UNIQUEUSERID, + BpkUtil.calcBPK(authData.getIdentificationValue(), "AB")); //TODO container.addProperty(SSOTransferConstants.SSOCONTAINER_KEY_RESULTENDPOINT, "https://demo.egiz.gv.at"); @@ -447,13 +448,13 @@ public class SSOContainerUtils { } - private String buildSSOContainerObject(String authURL, Assertion assertion, DateTime date) throws ConfigurationException, EncryptionException, CredentialsNotAvailableException, SecurityException, ParserConfigurationException, MarshallingException, SignatureException, TransformerFactoryConfigurationError, TransformerException, IOException { + private String buildSSOContainerObject(String entityID, Assertion assertion, DateTime date) throws ConfigurationException, EncryptionException, CredentialsNotAvailableException, SecurityException, ParserConfigurationException, MarshallingException, SignatureException, TransformerFactoryConfigurationError, TransformerException, IOException { Response authResponse = SAML2Utils.createSAMLObject(Response.class); Issuer nissuer = SAML2Utils.createSAMLObject(Issuer.class); //change to entity value from entity name to IDP EntityID (URL) - nissuer.setValue(authURL); + nissuer.setValue(entityID); nissuer.setFormat(NameID.ENTITY); authResponse.setIssuer(nissuer); @@ -541,7 +542,7 @@ public class SSOContainerUtils { Logger.info("SSO-Transfer attribute " + el + " is empty!"); } catch (Exception e) { - Logger.warn("Build SSO-Transfer attribute " + el + " FAILED.", e); + Logger.info("Build SSO-Transfer attribute " + el + " FAILED:" + e.getMessage()); } } diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/test/java/at/gv/egiz/tests/Tests.java b/id/server/modules/moa-id-module-ssoTransfer/src/test/java/at/gv/egiz/tests/Tests.java index 57f4d11ad..0eb71ec92 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/test/java/at/gv/egiz/tests/Tests.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/test/java/at/gv/egiz/tests/Tests.java @@ -22,6 +22,10 @@ */ package at.gv.egiz.tests; +import com.google.gson.JsonObject; + +import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants; + /** * @author tlenz * @@ -53,6 +57,19 @@ public class Tests { + JsonObject responseMsg = new JsonObject(); + responseMsg.addProperty( + SSOTransferConstants.SSOCONTAINER_KEY_STATUS, + "OK"); + + + JsonObject levelTwo = new JsonObject(); + levelTwo.addProperty("test", "12345"); + + responseMsg.add("levelTwo", levelTwo ); + + + System.out.println(responseMsg.toString()); // } catch (IOException e) { // // TODO Auto-generated catch block -- cgit v1.2.3 From ab67fbdf5d661a33b67436c70db0dcb8b840cf57 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 31 Mar 2016 08:03:28 +0200 Subject: if database cleanUP process found some unhandled exception, write error messages to technical log --- .../auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'id/server/modules/moa-id-module-ssoTransfer') diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java index cd18afb71..e92925dfb 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java @@ -61,13 +61,13 @@ public class SSOTransferSignalServlet extends AbstractProcessEngineSignalControl @Override protected void signalProcessManagement(HttpServletRequest req, HttpServletResponse resp) throws IOException { String pendingRequestID = StringEscapeUtils.escapeHtml(getPendingRequestId(req)); - + IRequest pendingReq = null; try { if (pendingRequestID == null) { throw new IllegalStateException("Unable to determine MOA pending-request id."); } - IRequest pendingReq = requestStorage.getPendingRequest(pendingRequestID); + pendingReq = requestStorage.getPendingRequest(pendingRequestID); if (pendingReq == null) { Logger.info("No PendingRequest with Id: " + pendingRequestID + " Maybe, a transaction timeout occure."); throw new MOAIDException("auth.28", new Object[]{pendingRequestID}); @@ -87,7 +87,7 @@ public class SSOTransferSignalServlet extends AbstractProcessEngineSignalControl processEngine.signal(pendingReq); } catch (Exception ex) { - handleError(null, ex, req, resp, pendingRequestID); + handleError(null, ex, req, resp, pendingReq); } finally { //MOASessionDBUtils.closeSession(); -- cgit v1.2.3 From 4b932484d66ef161bb547a419fdc32f04677fe57 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 7 Apr 2016 10:44:11 +0200 Subject: fix some possible problems with STORK configuration in config-GUI --- .../auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'id/server/modules/moa-id-module-ssoTransfer') diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java index f9cb4c636..78cbd788d 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java @@ -49,8 +49,9 @@ public class SSOTransferAuthenticationData implements IAuthData { public SSOTransferAuthenticationData(AuthConfiguration authConfig, AuthenticationSession authSession) throws ConfigurationException { this.authSession = authSession; - String domainIdentifier = authConfig.getSSOTagetIdentifier().trim(); - isIDPPrivateService = domainIdentifier.startsWith(MOAIDAuthConstants.PREFIX_WPBK); + String domainIdentifier = authConfig.getSSOTagetIdentifier(); + if (domainIdentifier != null) + isIDPPrivateService = domainIdentifier.startsWith(MOAIDAuthConstants.PREFIX_WPBK); } -- cgit v1.2.3