diff --git a/verifiers/internal/gha/provenance.go b/verifiers/internal/gha/provenance.go index b3fcc03..8233fc7 100644 --- a/verifiers/internal/gha/provenance.go +++ b/verifiers/internal/gha/provenance.go @@ -3,7 +3,6 @@ package gha import ( "context" "crypto/x509" - "encoding/base64" "encoding/json" "fmt" "os" @@ -11,7 +10,6 @@ import ( "golang.org/x/mod/semver" - intoto "github.com/in-toto/in-toto-golang/in_toto" dsselib "github.com/secure-systems-lab/go-securesystemslib/dsse" "github.com/sigstore/rekor/pkg/generated/client" "github.com/sigstore/rekor/pkg/generated/models" @@ -19,6 +17,10 @@ import ( "github.com/slsa-framework/slsa-github-generator/signing/envelope" serrors "github.com/slsa-framework/slsa-verifier/v2/errors" "github.com/slsa-framework/slsa-verifier/v2/options" + "github.com/slsa-framework/slsa-verifier/v2/verifiers/internal/gha/slsaprovenance" + + // Load provenance types. + _ "github.com/slsa-framework/slsa-verifier/v2/verifiers/internal/gha/slsaprovenance/v0.2" ) // SignedAttestation contains a signed DSSE envelope @@ -38,29 +40,17 @@ func EnvelopeFromBytes(payload []byte) (env *dsselib.Envelope, err error) { return } -func provenanceFromEnv(env *dsselib.Envelope) (prov *intoto.ProvenanceStatement, err error) { - if env.PayloadType != "application/vnd.in-toto+json" { - return nil, fmt.Errorf("%w: expected payload type 'application/vnd.in-toto+json', got '%s'", - serrors.ErrorInvalidDssePayload, env.PayloadType) - } - pyld, err := base64.StdEncoding.DecodeString(env.Payload) - if err != nil { - return nil, fmt.Errorf("%w: %s", serrors.ErrorInvalidDssePayload, err.Error()) - } - prov = &intoto.ProvenanceStatement{} - if err := json.Unmarshal(pyld, prov); err != nil { - return nil, fmt.Errorf("%w: %s", serrors.ErrorInvalidDssePayload, err.Error()) - } - return -} - // Verify Builder ID in provenance statement. // This function does an exact comparison, and expects certBuilderID to be the full // `name@refs/tags/`. -func verifyBuilderIDExactMatch(prov *intoto.ProvenanceStatement, certBuilderID string) error { - if certBuilderID != prov.Predicate.Builder.ID { +func verifyBuilderIDExactMatch(prov slsaprovenance.Provenance, certBuilderID string) error { + builderID, err := prov.BuilderID() + if err != nil { + return err + } + if certBuilderID != builderID { return fmt.Errorf("%w: expected '%s' in builder.id, got '%s'", serrors.ErrorMismatchBuilderID, - certBuilderID, prov.Predicate.Builder.ID) + certBuilderID, builderID) } return nil @@ -80,7 +70,7 @@ func asURI(s string) string { } // Verify source URI in provenance statement. -func verifySourceURI(prov *intoto.ProvenanceStatement, expectedSourceURI string) error { +func verifySourceURI(prov slsaprovenance.Provenance, expectedSourceURI string) error { source := asURI(expectedSourceURI) // We expect github.com URIs only. @@ -90,34 +80,39 @@ func verifySourceURI(prov *intoto.ProvenanceStatement, expectedSourceURI string) } // Verify source from ConfigSource field. - configURI, err := sourceFromURI(prov.Predicate.Invocation.ConfigSource.URI, false) + fullConfigURI, err := prov.ConfigURI() + if err != nil { + return err + } + configURI, err := sourceFromURI(fullConfigURI, false) if err != nil { return err } if configURI != source { return fmt.Errorf("%w: expected source '%s' in configSource.uri, got '%s'", serrors.ErrorMismatchSource, - source, prov.Predicate.Invocation.ConfigSource.URI) + source, fullConfigURI) } // Verify source from material section. - if len(prov.Predicate.Materials) == 0 { - return fmt.Errorf("%w: %s", serrors.ErrorInvalidDssePayload, "no material") + materialSourceURI, err := prov.SourceURI() + if err != nil { + return err } - materialURI, err := sourceFromURI(prov.Predicate.Materials[0].URI, false) + materialURI, err := sourceFromURI(materialSourceURI, false) if err != nil { return err } if materialURI != source { return fmt.Errorf("%w: expected source '%s' in material section, got '%s'", serrors.ErrorMismatchSource, - source, prov.Predicate.Materials[0].URI) + source, materialSourceURI) } // Last, verify that both fields match. // We use the full URI to match on the tag as well. - if prov.Predicate.Invocation.ConfigSource.URI != prov.Predicate.Materials[0].URI { + if fullConfigURI != materialSourceURI { return fmt.Errorf("%w: material and config URIs do not match: '%s' != '%s'", serrors.ErrorInvalidDssePayload, - prov.Predicate.Invocation.ConfigSource.URI, prov.Predicate.Materials[0].URI) + fullConfigURI, materialSourceURI) } return nil @@ -141,12 +136,13 @@ func sourceFromURI(uri string, allowNotTag bool) (string, error) { } // Verify SHA256 Subject Digest from the provenance statement. -func verifySha256Digest(prov *intoto.ProvenanceStatement, expectedHash string) error { - if len(prov.Subject) == 0 { - return fmt.Errorf("%w: %s", serrors.ErrorInvalidDssePayload, "no subjects") +func verifySha256Digest(prov slsaprovenance.Provenance, expectedHash string) error { + subjects, err := prov.Subjects() + if err != nil { + return err } - for _, subject := range prov.Subject { + for _, subject := range subjects { digestSet := subject.Digest hash, exists := digestSet["sha256"] if !exists { @@ -185,16 +181,12 @@ func VerifyProvenanceSignature(ctx context.Context, trustedRoot *TrustedRoot, fmt.Fprintf(os.Stderr, "No certificate provided, trying Redis search index to find entries by subject digest\n") // Verify the provenance and return the signing certificate. - signedAttestation, err := SearchValidSignedAttestation(ctx, artifactHash, provenance, rClient, trustedRoot) - if err != nil { - return nil, err - } - - return signedAttestation, nil + return SearchValidSignedAttestation(ctx, artifactHash, + provenance, rClient, trustedRoot) } func VerifyProvenance(env *dsselib.Envelope, provenanceOpts *options.ProvenanceOpts) error { - prov, err := provenanceFromEnv(env) + prov, err := slsaprovenance.ProvenanceFromEnvelope(env) if err != nil { return err } @@ -247,14 +239,9 @@ func VerifyProvenance(env *dsselib.Envelope, provenanceOpts *options.ProvenanceO return nil } -func VerifyWorkflowInputs(prov *intoto.ProvenanceStatement, inputs map[string]string) error { - environment, ok := prov.Predicate.Invocation.Environment.(map[string]interface{}) - if !ok { - return fmt.Errorf("%w: %s", serrors.ErrorInvalidDssePayload, "parameters type") - } - +func VerifyWorkflowInputs(prov slsaprovenance.Provenance, inputs map[string]string) error { // Verify it's a workflow_dispatch trigger. - triggerName, err := getAsString(environment, "github_event_name") + triggerName, err := prov.GetStringFromEnvironment("github_event_name") if err != nil { return err } @@ -264,21 +251,11 @@ func VerifyWorkflowInputs(prov *intoto.ProvenanceStatement, inputs map[string]st } // Assume no nested level. - payload, err := getEventPayload(environment) + pyldInputs, err := prov.GetInputs() if err != nil { return err } - payloadInputs, err := getAsAny(payload, "inputs") - if err != nil { - return fmt.Errorf("%w: error retrieving 'inputs': %v", serrors.ErrorInvalidDssePayload, err) - } - - pyldInputs, ok := payloadInputs.(map[string]interface{}) - if !ok { - return fmt.Errorf("%w: %s", serrors.ErrorInvalidDssePayload, "parameters type inputs") - } - // Verify all inputs. for k, v := range inputs { value, err := getAsString(pyldInputs, k) @@ -295,7 +272,7 @@ func VerifyWorkflowInputs(prov *intoto.ProvenanceStatement, inputs map[string]st return nil } -func VerifyBranch(prov *intoto.ProvenanceStatement, expectedBranch string) error { +func VerifyBranch(prov slsaprovenance.Provenance, expectedBranch string) error { branch, err := getBranch(prov) if err != nil { return err @@ -309,7 +286,7 @@ func VerifyBranch(prov *intoto.ProvenanceStatement, expectedBranch string) error return nil } -func VerifyTag(prov *intoto.ProvenanceStatement, expectedTag string) error { +func VerifyTag(prov slsaprovenance.Provenance, expectedTag string) error { tag, err := getTag(prov) if err != nil { return err @@ -323,7 +300,7 @@ func VerifyTag(prov *intoto.ProvenanceStatement, expectedTag string) error { return nil } -func VerifyVersionedTag(prov *intoto.ProvenanceStatement, expectedTag string) error { +func VerifyVersionedTag(prov slsaprovenance.Provenance, expectedTag string) error { // Validate and canonicalize the provenance tag. if !semver.IsValid(expectedTag) { return fmt.Errorf("%s: %w", expectedTag, serrors.ErrorInvalidSemver) @@ -402,8 +379,17 @@ func extractFromVersion(v string, i int) (string, error) { return parts[i], nil } -func getAsString(environment map[string]interface{}, field string) (string, error) { - value, ok := environment[field] +func getAsAny(payload map[string]any, field string) (any, error) { + value, ok := payload[field] + if !ok { + return "", fmt.Errorf("%w: %s", serrors.ErrorInvalidDssePayload, + fmt.Sprintf("payload type for %s", field)) + } + return value, nil +} + +func getAsString(pyld map[string]interface{}, field string) (string, error) { + value, ok := pyld[field] if !ok { return "", fmt.Errorf("%w: %s", serrors.ErrorInvalidDssePayload, fmt.Sprintf("environment type for %s", field)) @@ -416,19 +402,10 @@ func getAsString(environment map[string]interface{}, field string) (string, erro return i, nil } -func getAsAny(environment map[string]any, field string) (any, error) { - value, ok := environment[field] - if !ok { - return "", fmt.Errorf("%w: %s", serrors.ErrorInvalidDssePayload, - fmt.Sprintf("environment type for %s", field)) - } - return value, nil -} - -func getEventPayload(environment map[string]interface{}) (map[string]interface{}, error) { - eventPayload, ok := environment["github_event_payload"] - if !ok { - return nil, fmt.Errorf("%w: %s", serrors.ErrorInvalidDssePayload, "parameters type event payload") +func getEventPayload(prov slsaprovenance.Provenance) (map[string]interface{}, error) { + eventPayload, err := prov.GetAnyFromEnvironment("github_event_payload") + if err != nil { + return nil, err } payload, ok := eventPayload.(map[string]interface{}) @@ -439,8 +416,8 @@ func getEventPayload(environment map[string]interface{}) (map[string]interface{} return payload, nil } -func getBaseRef(environment map[string]interface{}) (string, error) { - baseRef, err := getAsString(environment, "github_base_ref") +func getBaseRef(prov slsaprovenance.Provenance) (string, error) { + baseRef, err := prov.GetStringFromEnvironment("github_base_ref") if err != nil { return "", err } @@ -453,7 +430,7 @@ func getBaseRef(environment map[string]interface{}) (string, error) { // Look at the event payload instead. // We don't do that for all triggers because the payload // is event-specific; and only the `push` event seems to have a `base_ref`. - eventName, err := getAsString(environment, "github_event_name") + eventName, err := prov.GetStringFromEnvironment("github_event_name") if err != nil { return "", err } @@ -462,7 +439,7 @@ func getBaseRef(environment map[string]interface{}) (string, error) { return "", nil } - payload, err := getEventPayload(environment) + payload, err := getEventPayload(prov) if err != nil { return "", err } @@ -481,8 +458,8 @@ func getBaseRef(environment map[string]interface{}) (string, error) { return v, nil } -func getTargetCommittish(environment map[string]interface{}) (string, error) { - eventName, err := getAsString(environment, "github_event_name") +func getTargetCommittish(prov slsaprovenance.Provenance) (string, error) { + eventName, err := prov.GetStringFromEnvironment("github_event_name") if err != nil { return "", err } @@ -491,7 +468,7 @@ func getTargetCommittish(environment map[string]interface{}) (string, error) { return "", nil } - payload, err := getEventPayload(environment) + payload, err := getEventPayload(prov) if err != nil { return "", err } @@ -515,25 +492,20 @@ func getTargetCommittish(environment map[string]interface{}) (string, error) { return "refs/heads/" + branch, nil } -func getBranchForTag(environment map[string]interface{}) (string, error) { +func getBranchForTag(prov slsaprovenance.Provenance) (string, error) { // First try the base_ref. - branch, err := getBaseRef(environment) + branch, err := getBaseRef(prov) if branch != "" || err != nil { return branch, err } // Second try the target comittish. - return getTargetCommittish(environment) + return getTargetCommittish(prov) } // Get tag from the provenance invocation parameters. -func getTag(prov *intoto.ProvenanceStatement) (string, error) { - environment, ok := prov.Predicate.Invocation.Environment.(map[string]interface{}) - if !ok { - return "", fmt.Errorf("%w: %s", serrors.ErrorInvalidDssePayload, "parameters type") - } - - refType, err := getAsString(environment, "github_ref_type") +func getTag(prov slsaprovenance.Provenance) (string, error) { + refType, err := prov.GetStringFromEnvironment("github_ref_type") if err != nil { return "", err } @@ -542,7 +514,7 @@ func getTag(prov *intoto.ProvenanceStatement) (string, error) { case "branch": return "", nil case "tag": - return getAsString(environment, "github_ref") + return prov.GetStringFromEnvironment("github_ref") default: return "", fmt.Errorf("%w: %s %s", serrors.ErrorInvalidDssePayload, "unknown ref type", refType) @@ -550,22 +522,17 @@ func getTag(prov *intoto.ProvenanceStatement) (string, error) { } // Get branch from the provenance invocation parameters. -func getBranch(prov *intoto.ProvenanceStatement) (string, error) { - environment, ok := prov.Predicate.Invocation.Environment.(map[string]interface{}) - if !ok { - return "", fmt.Errorf("%w: %s", serrors.ErrorInvalidDssePayload, "parameters type") - } - - refType, err := getAsString(environment, "github_ref_type") +func getBranch(prov slsaprovenance.Provenance) (string, error) { + refType, err := prov.GetStringFromEnvironment("github_ref_type") if err != nil { return "", err } switch refType { case "branch": - return getAsString(environment, "github_ref") + return prov.GetStringFromEnvironment("github_ref") case "tag": - return getBranchForTag(environment) + return getBranchForTag(prov) default: return "", fmt.Errorf("%w: %s %s", serrors.ErrorInvalidDssePayload, "unknown ref type", refType) diff --git a/verifiers/internal/gha/provenance_test.go b/verifiers/internal/gha/provenance_test.go index 680da5b..e785529 100644 --- a/verifiers/internal/gha/provenance_test.go +++ b/verifiers/internal/gha/provenance_test.go @@ -11,14 +11,16 @@ import ( slsa02 "github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/v0.2" serrors "github.com/slsa-framework/slsa-verifier/v2/errors" + "github.com/slsa-framework/slsa-verifier/v2/verifiers/internal/gha/slsaprovenance" + v02 "github.com/slsa-framework/slsa-verifier/v2/verifiers/internal/gha/slsaprovenance/v0.2" ) -func provenanceFromBytes(payload []byte) (*intoto.ProvenanceStatement, error) { +func provenanceFromBytes(payload []byte) (slsaprovenance.Provenance, error) { env, err := EnvelopeFromBytes(payload) if err != nil { return nil, err } - return provenanceFromEnv(env) + return slsaprovenance.ProvenanceFromEnvelope(env) } func Test_VerifySha256Subject(t *testing.T) { @@ -347,7 +349,11 @@ func Test_verifySourceURI(t *testing.T) { t.Run(tt.name, func(t *testing.T) { t.Parallel() - err := verifySourceURI(tt.prov, tt.sourceURI) + prov := &v02.ProvenanceV02{ + ProvenanceStatement: tt.prov, + } + + err := verifySourceURI(prov, tt.sourceURI) if !errCmp(err, tt.expected) { t.Errorf(cmp.Diff(err, tt.expected)) } @@ -434,7 +440,11 @@ func Test_verifyBuilderIDExactMatch(t *testing.T) { t.Run(tt.name, func(t *testing.T) { t.Parallel() - err := verifyBuilderIDExactMatch(tt.prov, tt.id) + prov := &v02.ProvenanceV02{ + ProvenanceStatement: tt.prov, + } + + err := verifyBuilderIDExactMatch(prov, tt.id) if !errCmp(err, tt.expected) { t.Errorf(cmp.Diff(err, tt.expected)) } @@ -564,7 +574,7 @@ func Test_VerifyWorkflowInputs(t *testing.T) { "some_bool": "true", "some_integer": "123", }, - expected: serrors.ErrorInvalidDssePayload, + expected: serrors.ErrorMismatchWorkflowInputs, }, } for _, tt := range tests { diff --git a/verifiers/internal/gha/slsaprovenance/slsaprovenance.go b/verifiers/internal/gha/slsaprovenance/slsaprovenance.go new file mode 100644 index 0000000..953a13e --- /dev/null +++ b/verifiers/internal/gha/slsaprovenance/slsaprovenance.go @@ -0,0 +1,73 @@ +package slsaprovenance + +import ( + "encoding/base64" + "encoding/json" + "fmt" + "sync" + + intoto "github.com/in-toto/in-toto-golang/in_toto" + dsselib "github.com/secure-systems-lab/go-securesystemslib/dsse" + serrors "github.com/slsa-framework/slsa-verifier/v2/errors" +) + +type Provenance interface { + // BuilderID returns the builder id in the predicate. + BuilderID() (string, error) + + // SourceURI is the full URI (including tag) of the source material. + SourceURI() (string, error) + + // ConfigURI is the full URI (including tag) of the configuration material. + ConfigURI() (string, error) + + // Subject is the list of intoto subjects in the provenance. + Subjects() ([]intoto.Subject, error) + + // GetStringFromEnvironment retrieves a string parameter from the environment + // attested to in the provenance. + GetStringFromEnvironment(name string) (string, error) + + // GetAnyFromEnvironment retrieves an object parameter from the environment + // attested to in the provenance. + GetAnyFromEnvironment(name string) (interface{}, error) + + // GetInputs retrieves the inputs from the provenance. Only succeeds for event + // relevant event types (workflow_inputs). + GetInputs() (map[string]interface{}, error) +} + +// ProvenanceMap stores the different provenance version types. +var ProvenanceMap sync.Map + +// Provenance interface that each type may implement. +func ProvenanceFromEnvelope(env *dsselib.Envelope) (Provenance, error) { + if env.PayloadType != "application/vnd.in-toto+json" { + return nil, fmt.Errorf("%w: expected payload type 'application/vnd.in-toto+json', got '%s'", + serrors.ErrorInvalidDssePayload, env.PayloadType) + } + pyld, err := base64.StdEncoding.DecodeString(env.Payload) + if err != nil { + return nil, fmt.Errorf("%w: %s", serrors.ErrorInvalidDssePayload, err.Error()) + } + + // Get the predicateType, a required field. + pred := struct { + PredicateType string `json:"predicateType"` + }{} + if err := json.Unmarshal(pyld, &pred); err != nil { + return nil, fmt.Errorf("%w: %s", serrors.ErrorInvalidDssePayload, err.Error()) + } + + // Load the appropriate structure and unmarshal. + ptype, ok := ProvenanceMap.Load(pred.PredicateType) + if !ok { + return nil, fmt.Errorf("%w: %s %s", serrors.ErrorInvalidDssePayload, "unexpected predicate type ", pred.PredicateType) + } + prov := ptype.(func() Provenance)() + + if err := json.Unmarshal(pyld, prov); err != nil { + return nil, fmt.Errorf("%w: %s", serrors.ErrorInvalidDssePayload, err.Error()) + } + return prov, nil +} diff --git a/verifiers/internal/gha/slsaprovenance/v0.2/provenance.go b/verifiers/internal/gha/slsaprovenance/v0.2/provenance.go new file mode 100644 index 0000000..ced6e32 --- /dev/null +++ b/verifiers/internal/gha/slsaprovenance/v0.2/provenance.go @@ -0,0 +1,103 @@ +package v02 + +import ( + "fmt" + + intoto "github.com/in-toto/in-toto-golang/in_toto" + serrors "github.com/slsa-framework/slsa-verifier/v2/errors" + "github.com/slsa-framework/slsa-verifier/v2/verifiers/internal/gha/slsaprovenance" +) + +// TODO(asraa): Use a static mapping. +// +//nolint:gochecknoinits +func init() { + slsaprovenance.ProvenanceMap.Store( + "https://slsa.dev/provenance/v0.2", + New) +} + +type ProvenanceV02 struct { + *intoto.ProvenanceStatement +} + +// This returns a new, empty instance of the v0.2 provenance. +func New() slsaprovenance.Provenance { + return &ProvenanceV02{} +} + +func (prov *ProvenanceV02) BuilderID() (string, error) { + return prov.Predicate.Builder.ID, nil +} + +func (prov *ProvenanceV02) SourceURI() (string, error) { + if len(prov.Predicate.Materials) == 0 { + return "", fmt.Errorf("%w: %s", serrors.ErrorInvalidDssePayload, "no material") + } + return prov.Predicate.Materials[0].URI, nil +} + +func (prov *ProvenanceV02) ConfigURI() (string, error) { + return prov.Predicate.Invocation.ConfigSource.URI, nil +} + +func (prov *ProvenanceV02) Subjects() ([]intoto.Subject, error) { + subj := prov.Subject + if len(subj) == 0 { + return nil, fmt.Errorf("%w: %s", serrors.ErrorInvalidDssePayload, "no subjects") + } + return subj, nil +} + +func (prov *ProvenanceV02) GetStringFromEnvironment(name string) (string, error) { + environment, ok := prov.Predicate.Invocation.Environment.(map[string]interface{}) + if !ok { + return "", fmt.Errorf("%w: %s", serrors.ErrorInvalidDssePayload, "parameters type") + } + val, ok := environment[name] + if !ok { + return "", fmt.Errorf("%w: %s", serrors.ErrorInvalidDssePayload, + fmt.Sprintf("environment type for %s", name)) + } + i, ok := val.(string) + if !ok { + return "", fmt.Errorf("%w: %s '%s'", serrors.ErrorInvalidDssePayload, "environment type string", name) + } + return i, nil +} + +func (prov *ProvenanceV02) GetAnyFromEnvironment(name string) (interface{}, error) { + environment, ok := prov.Predicate.Invocation.Environment.(map[string]interface{}) + if !ok { + return "", fmt.Errorf("%w: %s", serrors.ErrorInvalidDssePayload, "parameters type") + } + val, ok := environment[name] + if !ok { + return "", fmt.Errorf("%w: %s", serrors.ErrorInvalidDssePayload, + fmt.Sprintf("environment type for %s", name)) + } + return val, nil +} + +func (prov *ProvenanceV02) GetInputs() (map[string]interface{}, error) { + eventPayload, err := prov.GetAnyFromEnvironment("github_event_payload") + if err != nil { + return nil, err + } + + payload, ok := eventPayload.(map[string]interface{}) + if !ok { + return nil, fmt.Errorf("%w: %s", serrors.ErrorInvalidDssePayload, "parameters type payload") + } + + payloadInputs, ok := payload["inputs"] + if !ok { + return nil, fmt.Errorf("%w: error retrieving 'inputs': %v", serrors.ErrorInvalidDssePayload, err) + } + + pyldInputs, ok := payloadInputs.(map[string]interface{}) + if !ok { + return nil, fmt.Errorf("%w: %s", serrors.ErrorInvalidDssePayload, "parameters type inputs") + } + return pyldInputs, nil +} diff --git a/verifiers/internal/gha/testdata/dsse-workflow-inputs-wrong-trigger.intoto.jsonl b/verifiers/internal/gha/testdata/dsse-workflow-inputs-wrong-trigger.intoto.jsonl index 30034ff..9d6749d 100644 --- a/verifiers/internal/gha/testdata/dsse-workflow-inputs-wrong-trigger.intoto.jsonl +++ b/verifiers/internal/gha/testdata/dsse-workflow-inputs-wrong-trigger.intoto.jsonl @@ -1 +1 @@ -{"payloadType":"application/vnd.in-toto+json","payload":"eyJwYXlsb2FkVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5pbi10b3RvK2pzb24iLCJwYXlsb2FkIjoiZXlKZmRIbHdaU0k2SW1oMGRIQnpPaTh2YVc0dGRHOTBieTVwYnk5VGRHRjBaVzFsYm5RdmRqQXVNU0lzSW5CeVpXUnBZMkYwWlZSNWNHVWlPaUpvZEhSd2N6b3ZMM05zYzJFdVpHVjJMM0J5YjNabGJtRnVZMlV2ZGpBdU1pSXNJbk4xWW1wbFkzUWlPbHQ3SW01aGJXVWlPaUpoY25ScFptRmpkREVpTENKa2FXZGxjM1FpT25zaWMyaGhNalUySWpvaU5EZ3lZMlU0WXpobU4yVTROamRrWVROaE0yTXdOV0U1WVdWbE5qTTNOekF6WlRFM05EY3daV1F4WTJZNE9ESmhPV1UxWWpRd05XVTRaamd5TmpFNVpDSjlmU3g3SW01aGJXVWlPaUpoY25ScFptRmpkRElpTENKa2FXZGxjM1FpT25zaWMyaGhNalUySWpvaU9EbGpabU0yT1RVMFpUZzRZakptT1RKaE4yTXlPRGM1WkRsbFlqQTROV00wTW1Zell6Y3dOalZrTURFeVlUVXdOalptTkRVd1pHSmxOVGxpTW1Nd01DSjlmVjBzSW5CeVpXUnBZMkYwWlNJNmV5SmlkV2xzWkdWeUlqcDdJbWxrSWpvaWFIUjBjSE02THk5bmFYUm9kV0l1WTI5dEwzTnNjMkV0Wm5KaGJXVjNiM0pyTDNOc2MyRXRaMmwwYUhWaUxXZGxibVZ5WVhSdmNpOHVaMmwwYUhWaUwzZHZjbXRtYkc5M2N5OW5aVzVsY21GMGIzSmZaMlZ1WlhKcFkxOXpiSE5oTXk1NWJXeEFjbVZtY3k5MFlXZHpMM1l4TGpJdU1DSjlMQ0ppZFdsc1pGUjVjR1VpT2lKb2RIUndjem92TDJkcGRHaDFZaTVqYjIwdmMyeHpZUzFtY21GdFpYZHZjbXN2YzJ4ellTMW5hWFJvZFdJdFoyVnVaWEpoZEc5eVFIWXhJaXdpYVc1MmIyTmhkR2x2YmlJNmV5SmpiMjVtYVdkVGIzVnlZMlVpT25zaWRYSnBJam9pWjJsMEsyaDBkSEJ6T2k4dloybDBhSFZpTG1OdmJTOXNZWFZ5Wlc1MGMybHRiMjR2YzJ4ellTMXZiaTFuYVhSb2RXSXRkR1Z6ZEVCeVpXWnpMMmhsWVdSekwyMWhhVzRpTENKa2FXZGxjM1FpT25zaWMyaGhNU0k2SWpRMk5tTXhNVE5sWkROa05XRmpOelUyT0RFM05HUTBZalpoWkRaaVlqWmhPREJsTVRVellqSWlmU3dpWlc1MGNubFFiMmx1ZENJNklpNW5hWFJvZFdJdmQyOXlhMlpzYjNkekwzTnNjMkV0WjJWdVpYSnBZeTU1Yld3aWZTd2ljR0Z5WVcxbGRHVnljeUk2ZXlKbGRtVnVkRjlwYm5CMWRITWlPbnNpY21Wc1pXRnpaVjkyWlhKemFXOXVJam9pZGpFdU1pNHpJaXdpYzI5dFpWOWliMjlzSWpvaWRISjFaU0lzSW5OdmJXVmZhVzUwWldkbGNpSTZJakV5TXlKOWZTd2laVzUyYVhKdmJtMWxiblFpT25zaVoybDBhSFZpWDJGamRHOXlJam9pYkdGMWNtVnVkSE5wYlc5dUlpd2laMmwwYUhWaVgyRmpkRzl5WDJsa0lqb2lOalExTURVd09Ua2lMQ0puYVhSb2RXSmZZbUZ6WlY5eVpXWWlPaUlpTENKbmFYUm9kV0pmWlhabGJuUmZibUZ0WlNJNkluZHZjbXRtYkc5M1gyUnBjM0JoZEdOb0lpd2laMmwwYUhWaVgyVjJaVzUwWDNCaGVXeHZZV1FpT25zaWFXNXdkWFJ6SWpwN0luSmxiR1ZoYzJWZmRtVnljMmx2YmlJNkluWXhMakl1TXlJc0luTnZiV1ZmWW05dmJDSTZJblJ5ZFdVaUxDSnpiMjFsWDJsdWRHVm5aWElpT2lJeE1qTWlmU3dpY21WbUlqb2ljbVZtY3k5b1pXRmtjeTl0WVdsdUlpd2ljbVZ3YjNOcGRHOXllU0k2ZXlKaGJHeHZkMTltYjNKcmFXNW5JanAwY25WbExDSmhjbU5vYVhabFgzVnliQ0k2SW1oMGRIQnpPaTh2WVhCcExtZHBkR2gxWWk1amIyMHZjbVZ3YjNNdmJHRjFjbVZ1ZEhOcGJXOXVMM05zYzJFdGIyNHRaMmwwYUhWaUxYUmxjM1F2ZTJGeVkyaHBkbVZmWm05eWJXRjBmWHN2Y21WbWZTSXNJbUZ5WTJocGRtVmtJanBtWVd4elpTd2lZWE56YVdkdVpXVnpYM1Z5YkNJNkltaDBkSEJ6T2k4dllYQnBMbWRwZEdoMVlpNWpiMjB2Y21Wd2IzTXZiR0YxY21WdWRITnBiVzl1TDNOc2MyRXRiMjR0WjJsMGFIVmlMWFJsYzNRdllYTnphV2R1WldWemV5OTFjMlZ5ZlNJc0ltSnNiMkp6WDNWeWJDSTZJbWgwZEhCek9pOHZZWEJwTG1kcGRHaDFZaTVqYjIwdmNtVndiM012YkdGMWNtVnVkSE5wYlc5dUwzTnNjMkV0YjI0dFoybDBhSFZpTFhSbGMzUXZaMmwwTDJKc2IySnpleTl6YUdGOUlpd2lZbkpoYm1Ob1pYTmZkWEpzSWpvaWFIUjBjSE02THk5aGNHa3VaMmwwYUhWaUxtTnZiUzl5WlhCdmN5OXNZWFZ5Wlc1MGMybHRiMjR2YzJ4ellTMXZiaTFuYVhSb2RXSXRkR1Z6ZEM5aWNtRnVZMmhsYzNzdlluSmhibU5vZlNJc0ltTnNiMjVsWDNWeWJDSTZJbWgwZEhCek9pOHZaMmwwYUhWaUxtTnZiUzlzWVhWeVpXNTBjMmx0YjI0dmMyeHpZUzF2YmkxbmFYUm9kV0l0ZEdWemRDNW5hWFFpTENKamIyeHNZV0p2Y21GMGIzSnpYM1Z5YkNJNkltaDBkSEJ6T2k4dllYQnBMbWRwZEdoMVlpNWpiMjB2Y21Wd2IzTXZiR0YxY21WdWRITnBiVzl1TDNOc2MyRXRiMjR0WjJsMGFIVmlMWFJsYzNRdlkyOXNiR0ZpYjNKaGRHOXljM3N2WTI5c2JHRmliM0poZEc5eWZTSXNJbU52YlcxbGJuUnpYM1Z5YkNJNkltaDBkSEJ6T2k4dllYQnBMbWRwZEdoMVlpNWpiMjB2Y21Wd2IzTXZiR0YxY21WdWRITnBiVzl1TDNOc2MyRXRiMjR0WjJsMGFIVmlMWFJsYzNRdlkyOXRiV1Z1ZEhON0wyNTFiV0psY24waUxDSmpiMjF0YVhSelgzVnliQ0k2SW1oMGRIQnpPaTh2WVhCcExtZHBkR2gxWWk1amIyMHZjbVZ3YjNNdmJHRjFjbVZ1ZEhOcGJXOXVMM05zYzJFdGIyNHRaMmwwYUhWaUxYUmxjM1F2WTI5dGJXbDBjM3N2YzJoaGZTSXNJbU52YlhCaGNtVmZkWEpzSWpvaWFIUjBjSE02THk5aGNHa3VaMmwwYUhWaUxtTnZiUzl5WlhCdmN5OXNZWFZ5Wlc1MGMybHRiMjR2YzJ4ellTMXZiaTFuYVhSb2RXSXRkR1Z6ZEM5amIyMXdZWEpsTDN0aVlYTmxmUzR1TG50b1pXRmtmU0lzSW1OdmJuUmxiblJ6WDNWeWJDSTZJbWgwZEhCek9pOHZZWEJwTG1kcGRHaDFZaTVqYjIwdmNtVndiM012YkdGMWNtVnVkSE5wYlc5dUwzTnNjMkV0YjI0dFoybDBhSFZpTFhSbGMzUXZZMjl1ZEdWdWRITXZleXR3WVhSb2ZTSXNJbU52Ym5SeWFXSjFkRzl5YzE5MWNtd2lPaUpvZEhSd2N6b3ZMMkZ3YVM1bmFYUm9kV0l1WTI5dEwzSmxjRzl6TDJ4aGRYSmxiblJ6YVcxdmJpOXpiSE5oTFc5dUxXZHBkR2gxWWkxMFpYTjBMMk52Ym5SeWFXSjFkRzl5Y3lJc0ltTnlaV0YwWldSZllYUWlPaUl5TURJeUxUQXlMVEExVkRBeE9qRXdPalEyV2lJc0ltUmxabUYxYkhSZlluSmhibU5vSWpvaWJXRnBiaUlzSW1SbGNHeHZlVzFsYm5SelgzVnliQ0k2SW1oMGRIQnpPaTh2WVhCcExtZHBkR2gxWWk1amIyMHZjbVZ3YjNNdmJHRjFjbVZ1ZEhOcGJXOXVMM05zYzJFdGIyNHRaMmwwYUhWaUxYUmxjM1F2WkdWd2JHOTViV1Z1ZEhNaUxDSmtaWE5qY21sd2RHbHZiaUk2SWxSbGMzUWdabTl5SUZOTVUwRWlMQ0prYVhOaFlteGxaQ0k2Wm1Gc2MyVXNJbVJ2ZDI1c2IyRmtjMTkxY213aU9pSm9kSFJ3Y3pvdkwyRndhUzVuYVhSb2RXSXVZMjl0TDNKbGNHOXpMMnhoZFhKbGJuUnphVzF2Ymk5emJITmhMVzl1TFdkcGRHaDFZaTEwWlhOMEwyUnZkMjVzYjJGa2N5SXNJbVYyWlc1MGMxOTFjbXdpT2lKb2RIUndjem92TDJGd2FTNW5hWFJvZFdJdVkyOXRMM0psY0c5ekwyeGhkWEpsYm5SemFXMXZiaTl6YkhOaExXOXVMV2RwZEdoMVlpMTBaWE4wTDJWMlpXNTBjeUlzSW1admNtc2lPbVpoYkhObExDSm1iM0pyY3lJNk1Td2labTl5YTNOZlkyOTFiblFpT2pFc0ltWnZjbXR6WDNWeWJDSTZJbWgwZEhCek9pOHZZWEJwTG1kcGRHaDFZaTVqYjIwdmNtVndiM012YkdGMWNtVnVkSE5wYlc5dUwzTnNjMkV0YjI0dFoybDBhSFZpTFhSbGMzUXZabTl5YTNNaUxDSm1kV3hzWDI1aGJXVWlPaUpzWVhWeVpXNTBjMmx0YjI0dmMyeHpZUzF2YmkxbmFYUm9kV0l0ZEdWemRDSXNJbWRwZEY5amIyMXRhWFJ6WDNWeWJDSTZJbWgwZEhCek9pOHZZWEJwTG1kcGRHaDFZaTVqYjIwdmNtVndiM012YkdGMWNtVnVkSE5wYlc5dUwzTnNjMkV0YjI0dFoybDBhSFZpTFhSbGMzUXZaMmwwTDJOdmJXMXBkSE43TDNOb1lYMGlMQ0puYVhSZmNtVm1jMTkxY213aU9pSm9kSFJ3Y3pvdkwyRndhUzVuYVhSb2RXSXVZMjl0TDNKbGNHOXpMMnhoZFhKbGJuUnphVzF2Ymk5emJITmhMVzl1TFdkcGRHaDFZaTEwWlhOMEwyZHBkQzl5WldaemV5OXphR0Y5SWl3aVoybDBYM1JoWjNOZmRYSnNJam9pYUhSMGNITTZMeTloY0drdVoybDBhSFZpTG1OdmJTOXlaWEJ2Y3k5c1lYVnlaVzUwYzJsdGIyNHZjMnh6WVMxdmJpMW5hWFJvZFdJdGRHVnpkQzluYVhRdmRHRm5jM3N2YzJoaGZTSXNJbWRwZEY5MWNtd2lPaUpuYVhRNkx5OW5hWFJvZFdJdVkyOXRMMnhoZFhKbGJuUnphVzF2Ymk5emJITmhMVzl1TFdkcGRHaDFZaTEwWlhOMExtZHBkQ0lzSW1oaGMxOWtiM2R1Ykc5aFpITWlPblJ5ZFdVc0ltaGhjMTlwYzNOMVpYTWlPblJ5ZFdVc0ltaGhjMTl3WVdkbGN5STZabUZzYzJVc0ltaGhjMTl3Y205cVpXTjBjeUk2ZEhKMVpTd2lhR0Z6WDNkcGEya2lPblJ5ZFdVc0ltaHZiV1Z3WVdkbElqcHVkV3hzTENKb2IyOXJjMTkxY213aU9pSm9kSFJ3Y3pvdkwyRndhUzVuYVhSb2RXSXVZMjl0TDNKbGNHOXpMMnhoZFhKbGJuUnphVzF2Ymk5emJITmhMVzl1TFdkcGRHaDFZaTEwWlhOMEwyaHZiMnR6SWl3aWFIUnRiRjkxY213aU9pSm9kSFJ3Y3pvdkwyZHBkR2gxWWk1amIyMHZiR0YxY21WdWRITnBiVzl1TDNOc2MyRXRiMjR0WjJsMGFIVmlMWFJsYzNRaUxDSnBaQ0k2TkRVMU56UXpNemsyTENKcGMxOTBaVzF3YkdGMFpTSTZabUZzYzJVc0ltbHpjM1ZsWDJOdmJXMWxiblJmZFhKc0lqb2lhSFIwY0hNNkx5OWhjR2t1WjJsMGFIVmlMbU52YlM5eVpYQnZjeTlzWVhWeVpXNTBjMmx0YjI0dmMyeHpZUzF2YmkxbmFYUm9kV0l0ZEdWemRDOXBjM04xWlhNdlkyOXRiV1Z1ZEhON0wyNTFiV0psY24waUxDSnBjM04xWlY5bGRtVnVkSE5mZFhKc0lqb2lhSFIwY0hNNkx5OWhjR2t1WjJsMGFIVmlMbU52YlM5eVpYQnZjeTlzWVhWeVpXNTBjMmx0YjI0dmMyeHpZUzF2YmkxbmFYUm9kV0l0ZEdWemRDOXBjM04xWlhNdlpYWmxiblJ6ZXk5dWRXMWlaWEo5SWl3aWFYTnpkV1Z6WDNWeWJDSTZJbWgwZEhCek9pOHZZWEJwTG1kcGRHaDFZaTVqYjIwdmNtVndiM012YkdGMWNtVnVkSE5wYlc5dUwzTnNjMkV0YjI0dFoybDBhSFZpTFhSbGMzUXZhWE56ZFdWemV5OXVkVzFpWlhKOUlpd2lhMlY1YzE5MWNtd2lPaUpvZEhSd2N6b3ZMMkZ3YVM1bmFYUm9kV0l1WTI5dEwzSmxjRzl6TDJ4aGRYSmxiblJ6YVcxdmJpOXpiSE5oTFc5dUxXZHBkR2gxWWkxMFpYTjBMMnRsZVhON0wydGxlVjlwWkgwaUxDSnNZV0psYkhOZmRYSnNJam9pYUhSMGNITTZMeTloY0drdVoybDBhSFZpTG1OdmJTOXlaWEJ2Y3k5c1lYVnlaVzUwYzJsdGIyNHZjMnh6WVMxdmJpMW5hWFJvZFdJdGRHVnpkQzlzWVdKbGJITjdMMjVoYldWOUlpd2liR0Z1WjNWaFoyVWlPaUpUYUdWc2JDSXNJbXhoYm1kMVlXZGxjMTkxY213aU9pSm9kSFJ3Y3pvdkwyRndhUzVuYVhSb2RXSXVZMjl0TDNKbGNHOXpMMnhoZFhKbGJuUnphVzF2Ymk5emJITmhMVzl1TFdkcGRHaDFZaTEwWlhOMEwyeGhibWQxWVdkbGN5SXNJbXhwWTJWdWMyVWlPbnNpYTJWNUlqb2lZWEJoWTJobExUSXVNQ0lzSW01aGJXVWlPaUpCY0dGamFHVWdUR2xqWlc1elpTQXlMakFpTENKdWIyUmxYMmxrSWpvaVRVUmpObFJIYkdwYVZ6VjZXbFJKUFNJc0luTndaSGhmYVdRaU9pSkJjR0ZqYUdVdE1pNHdJaXdpZFhKc0lqb2lhSFIwY0hNNkx5OWhjR2t1WjJsMGFIVmlMbU52YlM5c2FXTmxibk5sY3k5aGNHRmphR1V0TWk0d0luMHNJbTFsY21kbGMxOTFjbXdpT2lKb2RIUndjem92TDJGd2FTNW5hWFJvZFdJdVkyOXRMM0psY0c5ekwyeGhkWEpsYm5SemFXMXZiaTl6YkhOaExXOXVMV2RwZEdoMVlpMTBaWE4wTDIxbGNtZGxjeUlzSW0xcGJHVnpkRzl1WlhOZmRYSnNJam9pYUhSMGNITTZMeTloY0drdVoybDBhSFZpTG1OdmJTOXlaWEJ2Y3k5c1lYVnlaVzUwYzJsdGIyNHZjMnh6WVMxdmJpMW5hWFJvZFdJdGRHVnpkQzl0YVd4bGMzUnZibVZ6ZXk5dWRXMWlaWEo5SWl3aWJXbHljbTl5WDNWeWJDSTZiblZzYkN3aWJtRnRaU0k2SW5Oc2MyRXRiMjR0WjJsMGFIVmlMWFJsYzNRaUxDSnViMlJsWDJsa0lqb2lVbDlyWjBSUFIzbHZXSEJCSWl3aWJtOTBhV1pwWTJGMGFXOXVjMTkxY213aU9pSm9kSFJ3Y3pvdkwyRndhUzVuYVhSb2RXSXVZMjl0TDNKbGNHOXpMMnhoZFhKbGJuUnphVzF2Ymk5emJITmhMVzl1TFdkcGRHaDFZaTEwWlhOMEwyNXZkR2xtYVdOaGRHbHZibk43UDNOcGJtTmxMR0ZzYkN4d1lYSjBhV05wY0dGMGFXNW5mU0lzSW05d1pXNWZhWE56ZFdWeklqb3lOQ3dpYjNCbGJsOXBjM04xWlhOZlkyOTFiblFpT2pJMExDSnZkMjVsY2lJNmV5SmhkbUYwWVhKZmRYSnNJam9pYUhSMGNITTZMeTloZG1GMFlYSnpMbWRwZEdoMVluVnpaWEpqYjI1MFpXNTBMbU52YlM5MUx6WTBOVEExTURrNVAzWTlOQ0lzSW1WMlpXNTBjMTkxY213aU9pSm9kSFJ3Y3pvdkwyRndhUzVuYVhSb2RXSXVZMjl0TDNWelpYSnpMMnhoZFhKbGJuUnphVzF2Ymk5bGRtVnVkSE43TDNCeWFYWmhZM2w5SWl3aVptOXNiRzkzWlhKelgzVnliQ0k2SW1oMGRIQnpPaTh2WVhCcExtZHBkR2gxWWk1amIyMHZkWE5sY25NdmJHRjFjbVZ1ZEhOcGJXOXVMMlp2Ykd4dmQyVnljeUlzSW1admJHeHZkMmx1WjE5MWNtd2lPaUpvZEhSd2N6b3ZMMkZ3YVM1bmFYUm9kV0l1WTI5dEwzVnpaWEp6TDJ4aGRYSmxiblJ6YVcxdmJpOW1iMnhzYjNkcGJtZDdMMjkwYUdWeVgzVnpaWEo5SWl3aVoybHpkSE5mZFhKc0lqb2lhSFIwY0hNNkx5OWhjR2t1WjJsMGFIVmlMbU52YlM5MWMyVnljeTlzWVhWeVpXNTBjMmx0YjI0dloybHpkSE43TDJkcGMzUmZhV1I5SWl3aVozSmhkbUYwWVhKZmFXUWlPaUlpTENKb2RHMXNYM1Z5YkNJNkltaDBkSEJ6T2k4dloybDBhSFZpTG1OdmJTOXNZWFZ5Wlc1MGMybHRiMjRpTENKcFpDSTZOalExTURVd09Ua3NJbXh2WjJsdUlqb2liR0YxY21WdWRITnBiVzl1SWl3aWJtOWtaVjlwWkNJNklrMUVVVFpXV0U1c1kycFpNRTVVUVRGTlJHczFJaXdpYjNKbllXNXBlbUYwYVc5dWMxOTFjbXdpT2lKb2RIUndjem92TDJGd2FTNW5hWFJvZFdJdVkyOXRMM1Z6WlhKekwyeGhkWEpsYm5SemFXMXZiaTl2Y21keklpd2ljbVZqWldsMlpXUmZaWFpsYm5SelgzVnliQ0k2SW1oMGRIQnpPaTh2WVhCcExtZHBkR2gxWWk1amIyMHZkWE5sY25NdmJHRjFjbVZ1ZEhOcGJXOXVMM0psWTJWcGRtVmtYMlYyWlc1MGN5SXNJbkpsY0c5elgzVnliQ0k2SW1oMGRIQnpPaTh2WVhCcExtZHBkR2gxWWk1amIyMHZkWE5sY25NdmJHRjFjbVZ1ZEhOcGJXOXVMM0psY0c5eklpd2ljMmwwWlY5aFpHMXBiaUk2Wm1Gc2MyVXNJbk4wWVhKeVpXUmZkWEpzSWpvaWFIUjBjSE02THk5aGNHa3VaMmwwYUhWaUxtTnZiUzkxYzJWeWN5OXNZWFZ5Wlc1MGMybHRiMjR2YzNSaGNuSmxaSHN2YjNkdVpYSjlleTl5WlhCdmZTSXNJbk4xWW5OamNtbHdkR2x2Ym5OZmRYSnNJam9pYUhSMGNITTZMeTloY0drdVoybDBhSFZpTG1OdmJTOTFjMlZ5Y3k5c1lYVnlaVzUwYzJsdGIyNHZjM1ZpYzJOeWFYQjBhVzl1Y3lJc0luUjVjR1VpT2lKVmMyVnlJaXdpZFhKc0lqb2lhSFIwY0hNNkx5OWhjR2t1WjJsMGFIVmlMbU52YlM5MWMyVnljeTlzWVhWeVpXNTBjMmx0YjI0aWZTd2ljSEpwZG1GMFpTSTZabUZzYzJVc0luQjFiR3h6WDNWeWJDSTZJbWgwZEhCek9pOHZZWEJwTG1kcGRHaDFZaTVqYjIwdmNtVndiM012YkdGMWNtVnVkSE5wYlc5dUwzTnNjMkV0YjI0dFoybDBhSFZpTFhSbGMzUXZjSFZzYkhON0wyNTFiV0psY24waUxDSndkWE5vWldSZllYUWlPaUl5TURJeUxUQTRMVEUxVkRFM09qQXlPakE0V2lJc0luSmxiR1ZoYzJWelgzVnliQ0k2SW1oMGRIQnpPaTh2WVhCcExtZHBkR2gxWWk1amIyMHZjbVZ3YjNNdmJHRjFjbVZ1ZEhOcGJXOXVMM05zYzJFdGIyNHRaMmwwYUhWaUxYUmxjM1F2Y21Wc1pXRnpaWE43TDJsa2ZTSXNJbk5wZW1VaU9qWTJOaXdpYzNOb1gzVnliQ0k2SW1kcGRFQm5hWFJvZFdJdVkyOXRPbXhoZFhKbGJuUnphVzF2Ymk5emJITmhMVzl1TFdkcGRHaDFZaTEwWlhOMExtZHBkQ0lzSW5OMFlYSm5ZWHBsY25OZlkyOTFiblFpT2pFc0luTjBZWEpuWVhwbGNuTmZkWEpzSWpvaWFIUjBjSE02THk5aGNHa3VaMmwwYUhWaUxtTnZiUzl5WlhCdmN5OXNZWFZ5Wlc1MGMybHRiMjR2YzJ4ellTMXZiaTFuYVhSb2RXSXRkR1Z6ZEM5emRHRnlaMkY2WlhKeklpd2ljM1JoZEhWelpYTmZkWEpzSWpvaWFIUjBjSE02THk5aGNHa3VaMmwwYUhWaUxtTnZiUzl5WlhCdmN5OXNZWFZ5Wlc1MGMybHRiMjR2YzJ4ellTMXZiaTFuYVhSb2RXSXRkR1Z6ZEM5emRHRjBkWE5sY3k5N2MyaGhmU0lzSW5OMVluTmpjbWxpWlhKelgzVnliQ0k2SW1oMGRIQnpPaTh2WVhCcExtZHBkR2gxWWk1amIyMHZjbVZ3YjNNdmJHRjFjbVZ1ZEhOcGJXOXVMM05zYzJFdGIyNHRaMmwwYUhWaUxYUmxjM1F2YzNWaWMyTnlhV0psY25NaUxDSnpkV0p6WTNKcGNIUnBiMjVmZFhKc0lqb2lhSFIwY0hNNkx5OWhjR2t1WjJsMGFIVmlMbU52YlM5eVpYQnZjeTlzWVhWeVpXNTBjMmx0YjI0dmMyeHpZUzF2YmkxbmFYUm9kV0l0ZEdWemRDOXpkV0p6WTNKcGNIUnBiMjRpTENKemRtNWZkWEpzSWpvaWFIUjBjSE02THk5bmFYUm9kV0l1WTI5dEwyeGhkWEpsYm5SemFXMXZiaTl6YkhOaExXOXVMV2RwZEdoMVlpMTBaWE4wSWl3aWRHRm5jMTkxY213aU9pSm9kSFJ3Y3pvdkwyRndhUzVuYVhSb2RXSXVZMjl0TDNKbGNHOXpMMnhoZFhKbGJuUnphVzF2Ymk5emJITmhMVzl1TFdkcGRHaDFZaTEwWlhOMEwzUmhaM01pTENKMFpXRnRjMTkxY213aU9pSm9kSFJ3Y3pvdkwyRndhUzVuYVhSb2RXSXVZMjl0TDNKbGNHOXpMMnhoZFhKbGJuUnphVzF2Ymk5emJITmhMVzl1TFdkcGRHaDFZaTEwWlhOMEwzUmxZVzF6SWl3aWRHOXdhV056SWpwYlhTd2lkSEpsWlhOZmRYSnNJam9pYUhSMGNITTZMeTloY0drdVoybDBhSFZpTG1OdmJTOXlaWEJ2Y3k5c1lYVnlaVzUwYzJsdGIyNHZjMnh6WVMxdmJpMW5hWFJvZFdJdGRHVnpkQzluYVhRdmRISmxaWE43TDNOb1lYMGlMQ0oxY0dSaGRHVmtYMkYwSWpvaU1qQXlNaTB3TmkweE0xUXlNRG95T1Rvek0xb2lMQ0oxY213aU9pSm9kSFJ3Y3pvdkwyRndhUzVuYVhSb2RXSXVZMjl0TDNKbGNHOXpMMnhoZFhKbGJuUnphVzF2Ymk5emJITmhMVzl1TFdkcGRHaDFZaTEwWlhOMElpd2lkbWx6YVdKcGJHbDBlU0k2SW5CMVlteHBZeUlzSW5kaGRHTm9aWEp6SWpveExDSjNZWFJqYUdWeWMxOWpiM1Z1ZENJNk1Td2lkMlZpWDJOdmJXMXBkRjl6YVdkdWIyWm1YM0psY1hWcGNtVmtJanBtWVd4elpYMHNJbk5sYm1SbGNpSTZleUpoZG1GMFlYSmZkWEpzSWpvaWFIUjBjSE02THk5aGRtRjBZWEp6TG1kcGRHaDFZblZ6WlhKamIyNTBaVzUwTG1OdmJTOTFMelkwTlRBMU1EazVQM1k5TkNJc0ltVjJaVzUwYzE5MWNtd2lPaUpvZEhSd2N6b3ZMMkZ3YVM1bmFYUm9kV0l1WTI5dEwzVnpaWEp6TDJ4aGRYSmxiblJ6YVcxdmJpOWxkbVZ1ZEhON0wzQnlhWFpoWTNsOUlpd2labTlzYkc5M1pYSnpYM1Z5YkNJNkltaDBkSEJ6T2k4dllYQnBMbWRwZEdoMVlpNWpiMjB2ZFhObGNuTXZiR0YxY21WdWRITnBiVzl1TDJadmJHeHZkMlZ5Y3lJc0ltWnZiR3h2ZDJsdVoxOTFjbXdpT2lKb2RIUndjem92TDJGd2FTNW5hWFJvZFdJdVkyOXRMM1Z6WlhKekwyeGhkWEpsYm5SemFXMXZiaTltYjJ4c2IzZHBibWQ3TDI5MGFHVnlYM1Z6WlhKOUlpd2laMmx6ZEhOZmRYSnNJam9pYUhSMGNITTZMeTloY0drdVoybDBhSFZpTG1OdmJTOTFjMlZ5Y3k5c1lYVnlaVzUwYzJsdGIyNHZaMmx6ZEhON0wyZHBjM1JmYVdSOUlpd2laM0poZG1GMFlYSmZhV1FpT2lJaUxDSm9kRzFzWDNWeWJDSTZJbWgwZEhCek9pOHZaMmwwYUhWaUxtTnZiUzlzWVhWeVpXNTBjMmx0YjI0aUxDSnBaQ0k2TmpRMU1EVXdPVGtzSW14dloybHVJam9pYkdGMWNtVnVkSE5wYlc5dUlpd2libTlrWlY5cFpDSTZJazFFVVRaV1dFNXNZMnBaTUU1VVFURk5SR3MxSWl3aWIzSm5ZVzVwZW1GMGFXOXVjMTkxY213aU9pSm9kSFJ3Y3pvdkwyRndhUzVuYVhSb2RXSXVZMjl0TDNWelpYSnpMMnhoZFhKbGJuUnphVzF2Ymk5dmNtZHpJaXdpY21WalpXbDJaV1JmWlhabGJuUnpYM1Z5YkNJNkltaDBkSEJ6T2k4dllYQnBMbWRwZEdoMVlpNWpiMjB2ZFhObGNuTXZiR0YxY21WdWRITnBiVzl1TDNKbFkyVnBkbVZrWDJWMlpXNTBjeUlzSW5KbGNHOXpYM1Z5YkNJNkltaDBkSEJ6T2k4dllYQnBMbWRwZEdoMVlpNWpiMjB2ZFhObGNuTXZiR0YxY21WdWRITnBiVzl1TDNKbGNHOXpJaXdpYzJsMFpWOWhaRzFwYmlJNlptRnNjMlVzSW5OMFlYSnlaV1JmZFhKc0lqb2lhSFIwY0hNNkx5OWhjR2t1WjJsMGFIVmlMbU52YlM5MWMyVnljeTlzWVhWeVpXNTBjMmx0YjI0dmMzUmhjbkpsWkhzdmIzZHVaWEo5ZXk5eVpYQnZmU0lzSW5OMVluTmpjbWx3ZEdsdmJuTmZkWEpzSWpvaWFIUjBjSE02THk5aGNHa3VaMmwwYUhWaUxtTnZiUzkxYzJWeWN5OXNZWFZ5Wlc1MGMybHRiMjR2YzNWaWMyTnlhWEIwYVc5dWN5SXNJblI1Y0dVaU9pSlZjMlZ5SWl3aWRYSnNJam9pYUhSMGNITTZMeTloY0drdVoybDBhSFZpTG1OdmJTOTFjMlZ5Y3k5c1lYVnlaVzUwYzJsdGIyNGlmU3dpZDI5eWEyWnNiM2NpT2lJdVoybDBhSFZpTDNkdmNtdG1iRzkzY3k5emJITmhMV2RsYm1WeWFXTXVlVzFzSW4wc0ltZHBkR2gxWWw5b1pXRmtYM0psWmlJNklpSXNJbWRwZEdoMVlsOXlaV1lpT2lKeVpXWnpMMmhsWVdSekwyMWhhVzRpTENKbmFYUm9kV0pmY21WbVgzUjVjR1VpT2lKaWNtRnVZMmdpTENKbmFYUm9kV0pmY21Wd2IzTnBkRzl5ZVY5cFpDSTZJalExTlRjME16TTVOaUlzSW1kcGRHaDFZbDl5WlhCdmMybDBiM0o1WDI5M2JtVnlJam9pYkdGMWNtVnVkSE5wYlc5dUlpd2laMmwwYUhWaVgzSmxjRzl6YVhSdmNubGZiM2R1WlhKZmFXUWlPaUkyTkRVd05UQTVPU0lzSW1kcGRHaDFZbDl5ZFc1ZllYUjBaVzF3ZENJNklqRWlMQ0puYVhSb2RXSmZjblZ1WDJsa0lqb2lNamcyTWpFM01UQXdNeUlzSW1kcGRHaDFZbDl5ZFc1ZmJuVnRZbVZ5SWpvaU9DSXNJbWRwZEdoMVlsOXphR0V4SWpvaU5EWTJZekV4TTJWa00yUTFZV00zTlRZNE1UYzBaRFJpTm1Ga05tSmlObUU0TUdVeE5UTmlNaUo5ZlN3aWJXVjBZV1JoZEdFaU9uc2lZblZwYkdSSmJuWnZZMkYwYVc5dVNVUWlPaUl5T0RZeU1UY3hNREF6TFRFaUxDSmpiMjF3YkdWMFpXNWxjM01pT25zaWNHRnlZVzFsZEdWeWN5STZkSEoxWlN3aVpXNTJhWEp2Ym0xbGJuUWlPbVpoYkhObExDSnRZWFJsY21saGJITWlPbVpoYkhObGZTd2ljbVZ3Y205a2RXTnBZbXhsSWpwbVlXeHpaWDBzSW0xaGRHVnlhV0ZzY3lJNlczc2lkWEpwSWpvaVoybDBLMmgwZEhCek9pOHZaMmwwYUhWaUxtTnZiUzlzWVhWeVpXNTBjMmx0YjI0dmMyeHpZUzF2YmkxbmFYUm9kV0l0ZEdWemRFQnlaV1p6TDJobFlXUnpMMjFoYVc0aUxDSmthV2RsYzNRaU9uc2ljMmhoTVNJNklqUTJObU14TVRObFpETmtOV0ZqTnpVMk9ERTNOR1EwWWpaaFpEWmlZalpoT0RCbE1UVXpZaklpZlgxZGZYMD0iLCJzaWduYXR1cmVzIjpbeyJrZXlpZCI6IiIsInNpZyI6Ik1FVUNJSEJ0YkxlVjVXTXN5THBQclpjeEZVMXd1RVlIRlVySm56aXpzZzE3ZEw0aEFpRUFrb1RMYTQ5VnJmL2c1bVNhV1k2T2FiOTlZTnZxQnlOZ1I3NzNpa0pYUTVJPSIsImNlcnQiOiItLS0tLUJFR0lOIENFUlRJRklDQVRFLS0tLS1cbk1JSURWRENDQXRxZ0F3SUJBZ0lUTENrMUUyL3dIMi9tQ2pDWUFvdk1lVFRIbkRBS0JnZ3Foa2pPUFFRREF6QXFcbk1SVXdFd1lEVlFRS0V3eHphV2R6ZEc5eVpTNWtaWFl4RVRBUEJnTlZCQU1UQ0hOcFozTjBiM0psTUI0WERUSXlcbk1EZ3hOVEUzTURReE1sb1hEVEl5TURneE5URTNNVFF4TVZvd0FEQlpNQk1HQnlxR1NNNDlBZ0VHQ0NxR1NNNDlcbkF3RUhBMElBQkN3NlZPNWxrc2Z4Y2p0KzRjRWJnQm5MdVBCMndEZ2ozSTlVUVpoNDV4VzRLUllLTTcvb1NMZkRcblA4UUdMZmdOa3YzWkR3QlpVRExiQmswaE5vTXEwYmVqZ2dJSE1JSUNBekFPQmdOVkhROEJBZjhFQkFNQ0I0QXdcbkV3WURWUjBsQkF3d0NnWUlLd1lCQlFVSEF3TXdEQVlEVlIwVEFRSC9CQUl3QURBZEJnTlZIUTRFRmdRVXl4ZnFcbnoyUHIyVlIrSzlGZGlMYk9TeHFJWWdRd0h3WURWUjBqQkJnd0ZvQVVXTUFlWDVGRnBXYXBlc3lRb1pNaTBDckZcbnhmb3dnWVFHQTFVZEVRRUIvd1I2TUhpR2RtaDBkSEJ6T2k4dloybDBhSFZpTG1OdmJTOXpiSE5oTFdaeVlXMWxcbmQyOXlheTl6YkhOaExXZHBkR2gxWWkxblpXNWxjbUYwYjNJdkxtZHBkR2gxWWk5M2IzSnJabXh2ZDNNdloyVnVcblpYSmhkRzl5WDJkbGJtVnlhV05mYzJ4ellUTXVlVzFzUUhKbFpuTXZkR0ZuY3k5Mk1TNHlMakF3SHdZS0t3WUJcbkJBR0R2ekFCQWdRUmQyOXlhMlpzYjNkZlpHbHpjR0YwWTJnd0xnWUtLd1lCQkFHRHZ6QUJCUVFnYkdGMWNtVnVcbmRITnBiVzl1TDNOc2MyRXRiMjR0WjJsMGFIVmlMWFJsYzNRd0pBWUtLd1lCQkFHRHZ6QUJCQVFXVTB4VFFTQm5cblpXNWxjbWxqSUdkbGJtVnlZWFJ2Y2pBZEJnb3JCZ0VFQVlPL01BRUdCQTl5WldaekwyaGxZV1J6TDIxaGFXNHdcbk9RWUtLd1lCQkFHRHZ6QUJBUVFyYUhSMGNITTZMeTkwYjJ0bGJpNWhZM1JwYjI1ekxtZHBkR2gxWW5WelpYSmpcbmIyNTBaVzUwTG1OdmJUQTJCZ29yQmdFRUFZTy9NQUVEQkNnME5qWmpNVEV6WldRelpEVmhZemMxTmpneE56Umtcbk5HSTJZV1EyWW1JMllUZ3daVEUxTTJJeU1Bb0dDQ3FHU000OUJBTURBMmdBTUdVQ01RQ3g0K2lNcEZCdm5GVjlcblg2Z29HalFmZGdsaVBjTmE0Y2RkMkswbm1ybjc5Y09wc2x5emNKTEFsTC9xU1lzR2xvY0NNQy9QL2dMMkIxNmlcbk1wNllRWlVpU013elVvaHJyN1YzbkpzTVBjTGdFVEd5aVpvUjNVaWpaRzc0Rm9iWi8rM3BDdz09XG4tLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tXG4ifV19","signatures":[{"keyid":"","sig":"MEUCIHBtbLeV5WMsyLpPrZcxFU1wuEYHFUrJnzizsg17dL4hAiEAkoTLa49Vrf/g5mSaWY6Oab99YNvqByNgR773ikJXQ5I=","cert":"-----BEGIN CERTIFICATE-----\nMIIDVDCCAtqgAwIBAgITLCk1E2/wH2/mCjCYAovMeTTHnDAKBggqhkjOPQQDAzAq\nMRUwEwYDVQQKEwxzaWdzdG9yZS5kZXYxETAPBgNVBAMTCHNpZ3N0b3JlMB4XDTIy\nMDgxNTE3MDQxMloXDTIyMDgxNTE3MTQxMVowADBZMBMGByqGSM49AgEGCCqGSM49\nAwEHA0IABCw6VO5lksfxcjt+4cEbgBnLuPB2wDgj3I9UQZh45xW4KRYKM7/oSLfD\nP8QGLfgNkv3ZDwBZUDLbBk0hNoMq0bejggIHMIICAzAOBgNVHQ8BAf8EBAMCB4Aw\nEwYDVR0lBAwwCgYIKwYBBQUHAwMwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUyxfq\nz2Pr2VR+K9FdiLbOSxqIYgQwHwYDVR0jBBgwFoAUWMAeX5FFpWapesyQoZMi0CrF\nxfowgYQGA1UdEQEB/wR6MHiGdmh0dHBzOi8vZ2l0aHViLmNvbS9zbHNhLWZyYW1l\nd29yay9zbHNhLWdpdGh1Yi1nZW5lcmF0b3IvLmdpdGh1Yi93b3JrZmxvd3MvZ2Vu\nZXJhdG9yX2dlbmVyaWNfc2xzYTMueW1sQHJlZnMvdGFncy92MS4yLjAwHwYKKwYB\nBAGDvzABAgQRd29ya2Zsb3dfZGlzcGF0Y2gwLgYKKwYBBAGDvzABBQQgbGF1cmVu\ndHNpbW9uL3Nsc2Etb24tZ2l0aHViLXRlc3QwJAYKKwYBBAGDvzABBAQWU0xTQSBn\nZW5lcmljIGdlbmVyYXRvcjAdBgorBgEEAYO/MAEGBA9yZWZzL2hlYWRzL21haW4w\nOQYKKwYBBAGDvzABAQQraHR0cHM6Ly90b2tlbi5hY3Rpb25zLmdpdGh1YnVzZXJj\nb250ZW50LmNvbTA2BgorBgEEAYO/MAEDBCg0NjZjMTEzZWQzZDVhYzc1NjgxNzRk\nNGI2YWQ2YmI2YTgwZTE1M2IyMAoGCCqGSM49BAMDA2gAMGUCMQCx4+iMpFBvnFV9\nX6goGjQfdgliPcNa4cdd2K0nmrn79cOpslyzcJLAlL/qSYsGlocCMC/P/gL2B16i\nMp6YQZUiSMwzUohrr7V3nJsMPcLgETGyiZoR3UijZG74FobZ/+3pCw==\n-----END CERTIFICATE-----\n"}]} \ No newline at end of file +{"payloadType":"application/vnd.in-toto+json","payload":"eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInByZWRpY2F0ZVR5cGUiOiJodHRwczovL3Nsc2EuZGV2L3Byb3ZlbmFuY2UvdjAuMiIsInN1YmplY3QiOlt7Im5hbWUiOiJiaW5hcnktbGludXgtYW1kNjQiLCJkaWdlc3QiOnsic2hhMjU2IjoiNmRiOTM3ZjA3YzE0ZDMwOWQ0MDNlNTYxZTJiNDAyOTcyZTJhNmVkYjMyZjQ1MjZlMWI2YjliYTg1NWZkODU3NCJ9fV0sInByZWRpY2F0ZSI6eyJidWlsZGVyIjp7ImlkIjoiaHR0cHM6Ly9naXRodWIuY29tL3Nsc2EtZnJhbWV3b3JrL3Nsc2EtZ2l0aHViLWdlbmVyYXRvci1nby8uZ2l0aHViL3dvcmtmbG93cy9zbHNhM19idWlsZGVyLnltbEByZWZzL2hlYWRzL21haW4ifSwiYnVpbGRUeXBlIjoiaHR0cHM6Ly9naXRodWIuY29tL3Nsc2EtZnJhbWV3b3JrL3Nsc2EtZ2l0aHViLWdlbmVyYXRvci1nb0B2MSIsImludm9jYXRpb24iOnsiY29uZmlnU291cmNlIjp7InVyaSI6ImdpdCtodHRwczovL2dpdGh1Yi5jb20vYXNyYWEvc2xzYS1vbi1naXRodWItdGVzdEByZWZzL3RhZ3MvdjEiLCJkaWdlc3QiOnsic2hhMSI6ImE1ZjQ4ZmRiNDMzODg0YTNiNDNjYmZjNjUyMThmZmU0NTU5ZjBiMTcifSwiZW50cnlQb2ludCI6IlRlc3QgU0xTQSJ9LCJwYXJhbWV0ZXJzIjp7fSwiZW52aXJvbm1lbnQiOnsiYXJjaCI6Ilg2NCIsImdpdGh1Yl9hY3RvciI6ImFzcmFhIiwiZ2l0aHViX2Jhc2VfcmVmIjoiIiwiZ2l0aHViX2V2ZW50X25hbWUiOiJwdXNoIiwiZ2l0aHViX2V2ZW50X3BheWxvYWQiOnsiYWZ0ZXIiOiJhNWY0OGZkYjQzMzg4NGEzYjQzY2JmYzY1MjE4ZmZlNDU1OWYwYjE3IiwiYmFzZV9yZWYiOiJyZWZzL2hlYWRzL21haW4iLCJiZWZvcmUiOiIwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwIiwiY29tbWl0cyI6W10sImNvbXBhcmUiOiJodHRwczovL2dpdGh1Yi5jb20vYXNyYWEvc2xzYS1vbi1naXRodWItdGVzdC9jb21wYXJlL3YxIiwiY3JlYXRlZCI6dHJ1ZSwiZGVsZXRlZCI6ZmFsc2UsImZvcmNlZCI6ZmFsc2UsImhlYWRfY29tbWl0Ijp7ImF1dGhvciI6eyJlbWFpbCI6ImFzcmFhQGdvb2dsZS5jb20iLCJuYW1lIjoiQXNyYSBBbGkiLCJ1c2VybmFtZSI6ImFzcmFhIn0sImNvbW1pdHRlciI6eyJlbWFpbCI6ImFzcmFhQGdvb2dsZS5jb20iLCJuYW1lIjoiQXNyYSBBbGkiLCJ1c2VybmFtZSI6ImFzcmFhIn0sImRpc3RpbmN0Ijp0cnVlLCJpZCI6ImE1ZjQ4ZmRiNDMzODg0YTNiNDNjYmZjNjUyMThmZmU0NTU5ZjBiMTciLCJtZXNzYWdlIjoidXBkYXRlXG5cblNpZ25lZC1vZmYtYnk6IEFzcmEgQWxpIFx1MDAzY2FzcmFhQGdvb2dsZS5jb21cdTAwM2UiLCJ0aW1lc3RhbXAiOiIyMDIyLTA1LTAzVDE0OjI3OjM1LTA1OjAwIiwidHJlZV9pZCI6IjJkM2E3ODk0YzkzMGFmZDZiZjBlMzY3Yzk2OGVjYmE0MmY3NDQ4MWYiLCJ1cmwiOiJodHRwczovL2dpdGh1Yi5jb20vYXNyYWEvc2xzYS1vbi1naXRodWItdGVzdC9jb21taXQvYTVmNDhmZGI0MzM4ODRhM2I0M2NiZmM2NTIxOGZmZTQ1NTlmMGIxNyJ9LCJwdXNoZXIiOnsiZW1haWwiOiJhc3JhYUBnb29nbGUuY29tIiwibmFtZSI6ImFzcmFhIn0sInJlZiI6InJlZnMvdGFncy92MSIsInJlcG9zaXRvcnkiOnsiYWxsb3dfZm9ya2luZyI6dHJ1ZSwiYXJjaGl2ZV91cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2FzcmFhL3Nsc2Etb24tZ2l0aHViLXRlc3Qve2FyY2hpdmVfZm9ybWF0fXsvcmVmfSIsImFyY2hpdmVkIjpmYWxzZSwiYXNzaWduZWVzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvYXNyYWEvc2xzYS1vbi1naXRodWItdGVzdC9hc3NpZ25lZXN7L3VzZXJ9IiwiYmxvYnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9hc3JhYS9zbHNhLW9uLWdpdGh1Yi10ZXN0L2dpdC9ibG9ic3svc2hhfSIsImJyYW5jaGVzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvYXNyYWEvc2xzYS1vbi1naXRodWItdGVzdC9icmFuY2hlc3svYnJhbmNofSIsImNsb25lX3VybCI6Imh0dHBzOi8vZ2l0aHViLmNvbS9hc3JhYS9zbHNhLW9uLWdpdGh1Yi10ZXN0LmdpdCIsImNvbGxhYm9yYXRvcnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9hc3JhYS9zbHNhLW9uLWdpdGh1Yi10ZXN0L2NvbGxhYm9yYXRvcnN7L2NvbGxhYm9yYXRvcn0iLCJjb21tZW50c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2FzcmFhL3Nsc2Etb24tZ2l0aHViLXRlc3QvY29tbWVudHN7L251bWJlcn0iLCJjb21taXRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvYXNyYWEvc2xzYS1vbi1naXRodWItdGVzdC9jb21taXRzey9zaGF9IiwiY29tcGFyZV91cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2FzcmFhL3Nsc2Etb24tZ2l0aHViLXRlc3QvY29tcGFyZS97YmFzZX0uLi57aGVhZH0iLCJjb250ZW50c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2FzcmFhL3Nsc2Etb24tZ2l0aHViLXRlc3QvY29udGVudHMveytwYXRofSIsImNvbnRyaWJ1dG9yc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2FzcmFhL3Nsc2Etb24tZ2l0aHViLXRlc3QvY29udHJpYnV0b3JzIiwiY3JlYXRlZF9hdCI6MTY0NDkzOTIyOSwiZGVmYXVsdF9icmFuY2giOiJtYWluIiwiZGVwbG95bWVudHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9hc3JhYS9zbHNhLW9uLWdpdGh1Yi10ZXN0L2RlcGxveW1lbnRzIiwiZGVzY3JpcHRpb24iOiJUZXN0IGZvciBTTFNBIiwiZGlzYWJsZWQiOmZhbHNlLCJkb3dubG9hZHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9hc3JhYS9zbHNhLW9uLWdpdGh1Yi10ZXN0L2Rvd25sb2FkcyIsImV2ZW50c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2FzcmFhL3Nsc2Etb24tZ2l0aHViLXRlc3QvZXZlbnRzIiwiZm9yayI6dHJ1ZSwiZm9ya3MiOjAsImZvcmtzX2NvdW50IjowLCJmb3Jrc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2FzcmFhL3Nsc2Etb24tZ2l0aHViLXRlc3QvZm9ya3MiLCJmdWxsX25hbWUiOiJhc3JhYS9zbHNhLW9uLWdpdGh1Yi10ZXN0IiwiZ2l0X2NvbW1pdHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9hc3JhYS9zbHNhLW9uLWdpdGh1Yi10ZXN0L2dpdC9jb21taXRzey9zaGF9IiwiZ2l0X3JlZnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9hc3JhYS9zbHNhLW9uLWdpdGh1Yi10ZXN0L2dpdC9yZWZzey9zaGF9IiwiZ2l0X3RhZ3NfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9hc3JhYS9zbHNhLW9uLWdpdGh1Yi10ZXN0L2dpdC90YWdzey9zaGF9IiwiZ2l0X3VybCI6ImdpdDovL2dpdGh1Yi5jb20vYXNyYWEvc2xzYS1vbi1naXRodWItdGVzdC5naXQiLCJoYXNfZG93bmxvYWRzIjp0cnVlLCJoYXNfaXNzdWVzIjpmYWxzZSwiaGFzX3BhZ2VzIjpmYWxzZSwiaGFzX3Byb2plY3RzIjp0cnVlLCJoYXNfd2lraSI6dHJ1ZSwiaG9tZXBhZ2UiOm51bGwsImhvb2tzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvYXNyYWEvc2xzYS1vbi1naXRodWItdGVzdC9ob29rcyIsImh0bWxfdXJsIjoiaHR0cHM6Ly9naXRodWIuY29tL2FzcmFhL3Nsc2Etb24tZ2l0aHViLXRlc3QiLCJpZCI6NDU5NjM5MTUwLCJpc190ZW1wbGF0ZSI6ZmFsc2UsImlzc3VlX2NvbW1lbnRfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9hc3JhYS9zbHNhLW9uLWdpdGh1Yi10ZXN0L2lzc3Vlcy9jb21tZW50c3svbnVtYmVyfSIsImlzc3VlX2V2ZW50c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2FzcmFhL3Nsc2Etb24tZ2l0aHViLXRlc3QvaXNzdWVzL2V2ZW50c3svbnVtYmVyfSIsImlzc3Vlc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2FzcmFhL3Nsc2Etb24tZ2l0aHViLXRlc3QvaXNzdWVzey9udW1iZXJ9Iiwia2V5c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2FzcmFhL3Nsc2Etb24tZ2l0aHViLXRlc3Qva2V5c3sva2V5X2lkfSIsImxhYmVsc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2FzcmFhL3Nsc2Etb24tZ2l0aHViLXRlc3QvbGFiZWxzey9uYW1lfSIsImxhbmd1YWdlIjoiR28iLCJsYW5ndWFnZXNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9hc3JhYS9zbHNhLW9uLWdpdGh1Yi10ZXN0L2xhbmd1YWdlcyIsImxpY2Vuc2UiOnsia2V5IjoiYXBhY2hlLTIuMCIsIm5hbWUiOiJBcGFjaGUgTGljZW5zZSAyLjAiLCJub2RlX2lkIjoiTURjNlRHbGpaVzV6WlRJPSIsInNwZHhfaWQiOiJBcGFjaGUtMi4wIiwidXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9saWNlbnNlcy9hcGFjaGUtMi4wIn0sIm1hc3Rlcl9icmFuY2giOiJtYWluIiwibWVyZ2VzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvYXNyYWEvc2xzYS1vbi1naXRodWItdGVzdC9tZXJnZXMiLCJtaWxlc3RvbmVzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvYXNyYWEvc2xzYS1vbi1naXRodWItdGVzdC9taWxlc3RvbmVzey9udW1iZXJ9IiwibWlycm9yX3VybCI6bnVsbCwibmFtZSI6InNsc2Etb24tZ2l0aHViLXRlc3QiLCJub2RlX2lkIjoiUl9rZ0RPRzJXSmJnIiwibm90aWZpY2F0aW9uc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2FzcmFhL3Nsc2Etb24tZ2l0aHViLXRlc3Qvbm90aWZpY2F0aW9uc3s/c2luY2UsYWxsLHBhcnRpY2lwYXRpbmd9Iiwib3Blbl9pc3N1ZXMiOjAsIm9wZW5faXNzdWVzX2NvdW50IjowLCJvd25lciI6eyJhdmF0YXJfdXJsIjoiaHR0cHM6Ly9hdmF0YXJzLmdpdGh1YnVzZXJjb250ZW50LmNvbS91LzUxOTQ1Njk/dj00IiwiZW1haWwiOiJhc3JhYUBnb29nbGUuY29tIiwiZXZlbnRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvYXNyYWEvZXZlbnRzey9wcml2YWN5fSIsImZvbGxvd2Vyc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2FzcmFhL2ZvbGxvd2VycyIsImZvbGxvd2luZ191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2FzcmFhL2ZvbGxvd2luZ3svb3RoZXJfdXNlcn0iLCJnaXN0c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2FzcmFhL2dpc3Rzey9naXN0X2lkfSIsImdyYXZhdGFyX2lkIjoiIiwiaHRtbF91cmwiOiJodHRwczovL2dpdGh1Yi5jb20vYXNyYWEiLCJpZCI6NTE5NDU2OSwibG9naW4iOiJhc3JhYSIsIm5hbWUiOiJhc3JhYSIsIm5vZGVfaWQiOiJNRFE2VlhObGNqVXhPVFExTmprPSIsIm9yZ2FuaXphdGlvbnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9hc3JhYS9vcmdzIiwicmVjZWl2ZWRfZXZlbnRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvYXNyYWEvcmVjZWl2ZWRfZXZlbnRzIiwicmVwb3NfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9hc3JhYS9yZXBvcyIsInNpdGVfYWRtaW4iOmZhbHNlLCJzdGFycmVkX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvYXNyYWEvc3RhcnJlZHsvb3duZXJ9ey9yZXBvfSIsInN1YnNjcmlwdGlvbnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9hc3JhYS9zdWJzY3JpcHRpb25zIiwidHlwZSI6IlVzZXIiLCJ1cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2FzcmFhIn0sInByaXZhdGUiOmZhbHNlLCJwdWxsc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2FzcmFhL3Nsc2Etb24tZ2l0aHViLXRlc3QvcHVsbHN7L251bWJlcn0iLCJwdXNoZWRfYXQiOjE2NTE2MDYzNDEsInJlbGVhc2VzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvYXNyYWEvc2xzYS1vbi1naXRodWItdGVzdC9yZWxlYXNlc3svaWR9Iiwic2l6ZSI6MTIxNSwic3NoX3VybCI6ImdpdEBnaXRodWIuY29tOmFzcmFhL3Nsc2Etb24tZ2l0aHViLXRlc3QuZ2l0Iiwic3RhcmdhemVycyI6MCwic3RhcmdhemVyc19jb3VudCI6MCwic3RhcmdhemVyc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2FzcmFhL3Nsc2Etb24tZ2l0aHViLXRlc3Qvc3RhcmdhemVycyIsInN0YXR1c2VzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvYXNyYWEvc2xzYS1vbi1naXRodWItdGVzdC9zdGF0dXNlcy97c2hhfSIsInN1YnNjcmliZXJzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvYXNyYWEvc2xzYS1vbi1naXRodWItdGVzdC9zdWJzY3JpYmVycyIsInN1YnNjcmlwdGlvbl91cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2FzcmFhL3Nsc2Etb24tZ2l0aHViLXRlc3Qvc3Vic2NyaXB0aW9uIiwic3ZuX3VybCI6Imh0dHBzOi8vZ2l0aHViLmNvbS9hc3JhYS9zbHNhLW9uLWdpdGh1Yi10ZXN0IiwidGFnc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2FzcmFhL3Nsc2Etb24tZ2l0aHViLXRlc3QvdGFncyIsInRlYW1zX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvYXNyYWEvc2xzYS1vbi1naXRodWItdGVzdC90ZWFtcyIsInRvcGljcyI6W10sInRyZWVzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvYXNyYWEvc2xzYS1vbi1naXRodWItdGVzdC9naXQvdHJlZXN7L3NoYX0iLCJ1cGRhdGVkX2F0IjoiMjAyMi0wMi0xNVQxNTozNjo0MVoiLCJ1cmwiOiJodHRwczovL2dpdGh1Yi5jb20vYXNyYWEvc2xzYS1vbi1naXRodWItdGVzdCIsInZpc2liaWxpdHkiOiJwdWJsaWMiLCJ3YXRjaGVycyI6MCwid2F0Y2hlcnNfY291bnQiOjB9LCJzZW5kZXIiOnsiYXZhdGFyX3VybCI6Imh0dHBzOi8vYXZhdGFycy5naXRodWJ1c2VyY29udGVudC5jb20vdS81MTk0NTY5P3Y9NCIsImV2ZW50c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2FzcmFhL2V2ZW50c3svcHJpdmFjeX0iLCJmb2xsb3dlcnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9hc3JhYS9mb2xsb3dlcnMiLCJmb2xsb3dpbmdfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9hc3JhYS9mb2xsb3dpbmd7L290aGVyX3VzZXJ9IiwiZ2lzdHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9hc3JhYS9naXN0c3svZ2lzdF9pZH0iLCJncmF2YXRhcl9pZCI6IiIsImh0bWxfdXJsIjoiaHR0cHM6Ly9naXRodWIuY29tL2FzcmFhIiwiaWQiOjUxOTQ1NjksImxvZ2luIjoiYXNyYWEiLCJub2RlX2lkIjoiTURRNlZYTmxjalV4T1RRMU5qaz0iLCJvcmdhbml6YXRpb25zX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvYXNyYWEvb3JncyIsInJlY2VpdmVkX2V2ZW50c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2FzcmFhL3JlY2VpdmVkX2V2ZW50cyIsInJlcG9zX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvYXNyYWEvcmVwb3MiLCJzaXRlX2FkbWluIjpmYWxzZSwic3RhcnJlZF91cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2FzcmFhL3N0YXJyZWR7L293bmVyfXsvcmVwb30iLCJzdWJzY3JpcHRpb25zX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvYXNyYWEvc3Vic2NyaXB0aW9ucyIsInR5cGUiOiJVc2VyIiwidXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9hc3JhYSJ9fSwiZ2l0aHViX2hlYWRfcmVmIjoiIiwiZ2l0aHViX3JlZiI6InJlZnMvdGFncy92MSIsImdpdGh1Yl9yZWZfdHlwZSI6InRhZyIsImdpdGh1Yl9ydW5fYXR0ZW1wdCI6IjEiLCJnaXRodWJfcnVuX2lkIjoiMjI2NTkzMzgzNSIsImdpdGh1Yl9ydW5fbnVtYmVyIjoiMyIsImdpdGh1Yl9zaGExIjoiYTVmNDhmZGI0MzM4ODRhM2I0M2NiZmM2NTIxOGZmZTQ1NTlmMGIxNyIsIm9zIjoidWJ1bnR1MjAifX0sImJ1aWxkQ29uZmlnIjp7InZlcnNpb24iOjEsInN0ZXBzIjpbeyJjb21tYW5kIjpbIi9vcHQvaG9zdGVkdG9vbGNhY2hlL2dvLzEuMTcuOS94NjQvYmluL2dvIiwiYnVpbGQiLCItbW9kPXZlbmRvciIsIi10cmltcGF0aCIsIi10YWdzPW5ldGdvIiwiLW8iLCJiaW5hcnktbGludXgtYW1kNjQiXSwiZW52IjpbIkdPT1M9bGludXgiLCJHT0FSQ0g9YW1kNjQiLCJHTzExMU1PRFVMRT1vbiIsIkNHT19FTkFCTEVEPTAiXX1dfSwibWV0YWRhdGEiOnsiY29tcGxldGVuZXNzIjp7InBhcmFtZXRlcnMiOnRydWUsImVudmlyb25tZW50IjpmYWxzZSwibWF0ZXJpYWxzIjpmYWxzZX0sInJlcHJvZHVjaWJsZSI6ZmFsc2V9LCJtYXRlcmlhbHMiOlt7InVyaSI6ImdpdCtodHRwczovL2dpdGh1Yi5jb20vYXNyYWEvc2xzYS1vbi1naXRodWItdGVzdEByZWZzL3RhZ3MvdjEiLCJkaWdlc3QiOnsic2hhMSI6ImE1ZjQ4ZmRiNDMzODg0YTNiNDNjYmZjNjUyMThmZmU0NTU5ZjBiMTcifX0seyJ1cmkiOiJodHRwczovL2dpdGh1Yi5jb20vYWN0aW9ucy92aXJ0dWFsLWVudmlyb25tZW50cy9yZWxlYXNlcy90YWcvdWJ1bnR1MjAvMjAyMjA0MjUuMSJ9XX19","signatures":[{"keyid":"","sig":"MEUCIQDOJ6RZ0bdsfNebunBpm/t3iGvoB9QzxdgTqczV3UwvSAIgGNV8KjAOxlT5r4uFFd05b3aGPKRE/mgmMsfI3CPsTw4="}]} \ No newline at end of file