From 01ce257683d98c372f201ca00955591281a0e384 Mon Sep 17 00:00:00 2001
From: Anatoly Karlov <a.karlov@rbkmoney.com>
Date: Tue, 30 Mar 2021 15:28:59 +0700
Subject: [PATCH] actualize compose, add pseudo schedulator for init
 preparation flow (#15)

use latest tag for images
actualize README
---
 .gitignore                    |   3 ---
 README.md                     |   9 +++++----
 docker-compose.yml            |  33 +++++++++++++++++++--------------
 three-ds-server/cert/test.p12 | Bin 0 -> 7733 bytes
 4 files changed, 24 insertions(+), 21 deletions(-)
 create mode 100644 three-ds-server/cert/test.p12

diff --git a/.gitignore b/.gitignore
index b12b654..fb08ff7 100644
--- a/.gitignore
+++ b/.gitignore
@@ -76,6 +76,3 @@ fabric.properties
 # virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml
 hs_err_pid*
 env.list
-
-three-ds-server/cert/
-
diff --git a/README.md b/README.md
index 87f34cc..363390b 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
 # three-ds-server-compose
 
-Проект с файлом `docker-compose.yml` для использования `RBK.money 3D Secure Server` (сервис `rbkmoney/three-ds-server`) в `Docker`
+Описание файла `docker-compose.yml` для использования [RBK.money 3D Secure Server](https://github.com/rbkmoney/three-ds-server) в [Docker](https://hub.docker.com/r/rbkmoney/three-ds-server)
 
 1. [`3DSS`](#3dss)
 2. [Предварительное конфигурирование окружения перед использованием `docker-compose.yml`](#предварительное-конфигурирование-окружения-перед-использованием-docker-composeyml)
@@ -21,7 +21,7 @@ Directory Server=DS
 
 ![alt text](./readme-resources/flow.jpg "3D Secure Processing Flow - Browser-based")
 
-### Ручки для запросов
+### Endpoints
 
 #### 3DS Versioning
 
@@ -110,7 +110,8 @@ Directory Server=DS
 
 Отдельно примеры запросов находятся по пути `/three-ds-server-compose/samples/`
 
-Актуальная модель запроса находятся по пути https://github.com/rbkmoney/three-ds-server-domain-lib/blob/master/src/main/java/com/rbkmoney/threeds/server/domain/root/rbkmoney/RBKMoneyAuthenticationRequest.java
+Актуальная модель запроса описывается файлом [RBKMoneyAuthenticationRequest.java](https://raw.githubusercontent.com/rbkmoney/three-ds-server-domain-lib/master/src/main/java/com/rbkmoney/threeds/server/domain/root/rbkmoney/RBKMoneyAuthenticationRequest.java)
+
 
 Запрос:
 
@@ -119,7 +120,7 @@ Directory Server=DS
   "messageType": "RBKMONEY_AUTHENTICATION_REQUEST",
   "messageVersion": "2.1.0",
   "threeDSCompInd": "Y",
-.
+...
 }
 ```
 
diff --git a/docker-compose.yml b/docker-compose.yml
index 4516706..b7802e1 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -15,14 +15,16 @@ services:
       POSTGRES_PASSWORD: postgres
       POSTGRES_DB: three_ds_server_storage
   three-ds-server-storage:
-    image: index.docker.io/rbkmoney/three-ds-server-storage:41e14d6d4ee1f675fa63263f22c3cf261d656a23
+    image: rbkmoney/three-ds-server-storage
     depends_on:
       postgresql:
         condition: service_healthy
     container_name: three-ds-server-storage
     hostname: three-ds-server-storage
+    ports:
+      - "8022:8022"
     healthcheck:
-      test: ["CMD-SHELL", "curl -f http://three-ds-server-storage:8022/actuator/health || exit 1"]
+      test: ["CMD-SHELL", "curl -f http://three-ds-server-storage:8023/actuator/health || exit 1"]
       interval: 20s
       timeout: 5s
       retries: 5
@@ -37,8 +39,9 @@ services:
       spring.flyway.schemas: three_ds_server_storage
       client.three-ds-server.url: http://three-ds-server:8080/sdk
       client.three-ds-server.read-timeout: 5000
+      rest-endpoint.enabled: "true"
   three-ds-server:
-    image: rbkmoney/three-ds-server:3014c12050a20e3f32aaec80b956594da9080785
+    image: rbkmoney/three-ds-server
     depends_on:
       three-ds-server-storage:
         condition: service_healthy
@@ -47,7 +50,7 @@ services:
     ports:
       - "8080:8080"
     healthcheck:
-      test: ["CMD-SHELL", "curl -f http://three-ds-server:8080/actuator/health || exit 1"]
+      test: ["CMD-SHELL", "curl -f http://three-ds-server:8023/actuator/health || exit 1"]
       interval: 20s
       timeout: 5s
       retries: 5
@@ -55,24 +58,19 @@ services:
       - ./three-ds-server/cert:/opt/three-ds-server/cert/:ro
     environment:
       SERVICE_NAME: three-ds-server
-      client.ds.ssl.visa.trust-store: file:/opt/three-ds-server/cert/visa.p12
+      client.ds.ssl.visa.trust-store: file:/opt/three-ds-server/cert/test.p12
       client.ds.ssl.visa.trust-store-password: 76UetirwSjugZh6t
-      client.ds.ssl.mastercard.trust-store: file:/opt/three-ds-server/cert/mastercard.p12
+      client.ds.ssl.mastercard.trust-store: file:/opt/three-ds-server/cert/test.p12
       client.ds.ssl.mastercard.trust-store-password: 76UetirwSjugZh6t
+      client.ds.ssl.mir.trust-store: file:/opt/three-ds-server/cert/test.p12
+      client.ds.ssl.mir.trust-store-password: 76UetirwSjugZh6t
       client.three-ds-server-storage.card-ranges.url: http://three-ds-server-storage:8022/three-ds-server-storage/card-ranges
       client.three-ds-server-storage.card-ranges.timeout: 5000
       client.three-ds-server-storage.challenge-flow-transaction-info.url: http://three-ds-server-storage:8022/three-ds-server-storage/challenge-flow-transaction-info
       client.three-ds-server-storage.challenge-flow-transaction-info.timeout: 5000
       storage.challenge-flow-transaction-info.size: 1000
       platform.mode: RBK_MONEY_PLATFORM
-      rbkmoney-preparation-flow.scheduler.enabled: "true"
-      rbkmoney-preparation-flow.scheduler.schedule.executor-url: http://three-ds-server-storage:8022/three-ds-server-storage/preparation-flow
-      rbkmoney-preparation-flow.scheduler.schedule.cron: "0 0 * * * ?"
-      rbkmoney-preparation-flow.scheduler.schedule.timeout: 5000
-      rbkmoney-preparation-flow.scheduler.ds-provider.mastercard.enabled: "true"
-      rbkmoney-preparation-flow.scheduler.ds-provider.mastercard.message-version: 2.1.0
-      rbkmoney-preparation-flow.scheduler.ds-provider.visa.enabled: "true"
-      rbkmoney-preparation-flow.scheduler.ds-provider.visa.message-version: 2.1.0
+      rbkmoney-preparation-flow.scheduler.enabled: "false"
       environment.message.message-version: 2.2.0
       environment.message.valid-message-versions[0]: 2.1.0
       environment.message.valid-message-versions[1]: 2.2.0
@@ -90,3 +88,10 @@ services:
       environment.mastercard.three-ds-server-ref-number: mastercard
       environment.mastercard.three-ds-server-operator-id: mastercard
       environment.mastercard.three-ds-server-read-timeout: 10000
+      environment.mir.ds-url: http://host.docker.internal:8081/nspk/DS2/authenticate
+      environment.mir.three-ds-requestor-url: https://rbk.money/
+      environment.mir.three-ds-requestor-prefix: nspk
+      environment.mir.three-ds-server-url: https://nspk.3ds.rbk.money/ds
+      environment.mir.three-ds-server-ref-number: nspk
+      environment.mir.three-ds-server-operator-id: nspk
+      environment.mir.three-ds-server-read-timeout: 10000
diff --git a/three-ds-server/cert/test.p12 b/three-ds-server/cert/test.p12
new file mode 100644
index 0000000000000000000000000000000000000000..6026781bb69cb2230fd75aeca5857fc04e8406fe
GIT binary patch
literal 7733
zcmY+IRZtv&(xq{C4ess`+}&kx4L(>1J|qwr7~I|683+!+U4pv=mk`|D`E#rO-MjnH
zFXvSEQ+M^Lj~hbC0|yJw4WYP4LS+qA3cbgKMTX6XP#hpYD0ctJTig%=;{RGm`49q>
ze-Z*5EDSdU|MkBPEH^n4+W$_#fJNfQLO`)i!(#2nqWB93hXNA-!Jj5Ck+M*U2XsOJ
zst`H=1s}~^*a;o3YMY$+rOV~_CRJ91F*or>fD#dOV`0j8;2|!FfY?jCsQ2uP1*Q~1
zx+QyE_PF>wqE=eHPDq5J$3g34l$^VYQa0N98^=KuIqh#FP5N8-R(oU#!D=HdOTp@5
z+fBG^Xy$D16&&&KLDX|;WLTQ0^AY-1ln`nTAA<h#w|r(lEVXgESK$KT#g(62s>O4!
z+-+ot3|};t+<gwXz{Vxw8J3}9PPhiHxWUPre<6p3uIT)f$aArf@FU3xU*Xc23MUxb
zBD)&4mZk<!>uCq8$kx<GTm7OB5g<3;u0xE1)(LBvi_$U6|A2aak=x9nh9PylEI>bA
zk@o|&e=2d3?Mb;MnU1bUK^bO6Zt?*SRl$_RZ{!iA^vBM9+3X^bD$wWEr_dmAwQqvO
zl1w@uThCqYLu=TL9J&+zm>(A2_`t`ElGDGR$nLYV5<c8EY^GH2!;I9ke7V=9L25WZ
z1^U#`NOGSqo4>N&=$F+-*Xz$Xk0JYg3w^?$6cZF8@_Lzkkc&JEQhwF@?f{Z;u-O^p
zJ|qI3BjELEO7;%(5>5|a<=YC14+~&l)8|DN{z|+9?pua0@|kf-pVIK?cATn!Nb6{L
z<pOi3j&Xj4v+qFM3NO!CHEpjmciG8^YR+@K7EH;fDwoS2OiHroFG7g6SXq7tdUE;_
zLW+4^D41ip6d{SQsYbpCW|1(fF1fRta*L*h?&;~ObGcc(?t@4GUSa7UcZ!MFnIv(J
z9hk=tJL^e}r|yx%5jZSr@Y-&Vf@aBEb;<YOHRiA&g(1*Nj%fzM3VLCIjh7mScM2!v
zde_!>4(oDn4qeRDqaagVKI6V3`oj`U6LrC??+c2&F~w17-4Wi8P8#Q@_C~ZxXd^)v
zICTA&B=Lx7Mq9h8MbLGM#?H40tg7v2>`<)B^HQ1?R&cgXrq~O^7pZVbX*Hy_>#z%*
z$y}0d6TJil>Z!xFMSBx{P>_Q;R`mM^!x_#*e23PQ7mX!;Lay;G^&3IiXXce74EvIC
z23Fo1=x4q8sswj40M~(9HmnEVr7Um;n&&1*h8rzzp7-!oK#+mEjr~PGy;L$Mq4(LB
zK)n~6dT@GAv@pN?@EKwI$|4cke^{^N8T%p7EQWD|D^;k0Y?;`Fln}v7FzAET<*iD3
z4qZ#oJzsWfXApkavOrURc*@)ZpU=Ap#BI{8B8Q#4xoC*y=XW{!Xg4e&x~S0UlH(LS
zOC~swCVA6L1uXUNmBE<=t>l$o7B8}YCfzN>o<cEZ^vdS0(c=150Hyd@YR`3=euvp^
zFR85(Cu9fWlvZyeC^k=RB0iPj2EHAT-xeWHhIo8~T``tiooPehiz{rnx9)c{9olw`
zQDSW>Q=13uC+1pGU^)pSags~15z&6_8ACZ^ctJ>GCbK?8(DtDAXjEVM>ernhYJyQ5
zFfH9?`UL%rYJhRKByl)LC1%zM?(OZJ;~Mjrxt67Gv!oE71c=f~WtFh7J^Dan`rv1$
z8qv-e&CQU-<SFZ%B&}?8Zxw3fj#Qa!mEVfR7a`G;{#{-n?4#LWMm*-FXONMN1skT7
zi_sG5W8hbZ!H+&{3KM<YsTV2FBVqLj$s-41@a%C+w_rs06K}IbM@TGCA3xYu6uBRb
zTVIcyZ_3r(Vv248pHMUhc5o4uo}$xcIw|$dvoqrU)IbFPtvgaoJ|hzS#U~^F1&1(L
z(%DR>oZzJ{%JVMzGa7^5t5mK?m`xOXi!c9|T)Pf`*m?eCEf=G}SCt?Fr%pjHXhI*I
z0KT<KPRTp``tEV_(!qNBeZ6qRsHOvJWPGaR#b})3k5`=bc$t_$9vhEGEat>^3C;1O
zuU!jtC?4^{DE+D0h3g~bS$9kny&L2g;e@yZGed|o%}5g>37%}Z&%z`Q8A9iKQ5EOz
zq|S)^lzm+eWgDWx<3S~yOo>KwET|hf2khOKG_94xo*LvEs)aEOyl#5$GfzYQ)!MEv
z@1chFwv?=l*3O)0lJH=>ga|F9lZDTG7t)cX%>~1ukidq%Bo||KY|-ioQf|yI*n`TH
zGaFisSY;*L!5ql)4mZEXi--rTv8&sIML%bnBPX;QwXxnticAzmZmby4uPCL<YBGLz
zGCM67@z5w;8E`i3klQ;tmZq)dVd`<kXE+g`((`q@FOTuz++))tzX+Bh?aty@6<y}Q
ze&gbvRz_3!<#X^3K$HdD6);nQOcg#oE@$+M{)sO0>Kb6q6sVjVF}tDGF~0i9S<R;A
zMibn}B2*sh|LKAL*F<Kp5m2HF{M#H}4$9$HZ<#|kp8%Y29HPA5$%^s#DmBSCV<{@g
z;>ok!aRn+3NFUYf@y8suJGGP&5dBh@Q6G90WWgDr^Y@diQA@!3!-}E-6C+8hnu<iO
zpDkTzoa&@gQT`~JVJ!hjc!J5dT&IX_errzK|LqSjiIM$T09KuHuTrv72iYagrKp><
z6mpw9kK2!+e7<s1WG6siM-Gwj4aJ7z?!@N}Bi>iO7_6sE0UzL-4>p152F6<HV{=T}
zVCkft3TGEWqR2i!py<YIL#k`nkp3#fA~2^1=nmMF%EK6#-{s*X$2lWl$YT%Yd_K(Q
z3e`iYbvzEac;JF}UWyP-A-k$kPn***9U&kBrn1+?1XZHMyoY{kBnhj8R#*pWtC75O
z?Rq}QOl;RI#*T))4uB>(w0Q)9S;G<~XO$AX7tFreWX4|3za(7k5%}=L9kvw_&G71W
z>D$k>VG-j!&Pk7E=3(HH3ZJ`x`>X7VQy_H_0>;a^YOUDHD)uq}$j`7w==ioOd-5^W
z8h;;)Yo~O20Y}4AL`zjKRGH){v(P#|-66uH_iu?qBVgHf;IuA=KOgi<`c`N|q-&Xc
zl(6@Gv!ICtb9QO4W{YoXtLq}^rQEH6k44Fdh$9A#F+D+#LAr2MxnH{+4gZ5aflvC%
zdpn2z)+#FkwX^CkKBm@%HF8Sj@&WqzS-C42J!}9qTIJAKnH_qt#nqk$DXysCV#%Or
zqo|E7^`FsUYF&1A#m}_iG1f#2p`j6oO>feqo`R$MQR&?#U8)7*jX`#zEtJ-|RL*e(
zT45|#TZjOGS4G*Dr@LqBw0e7P47nIu>C)*b<}co_b4i?k%%cW3#}R;+bil0Y4HrQ*
zQUSHsetsoZE3vj<+oEuCY}`8EuG%7GXZLS4Y=m|IOrZG3PIO)PLJfG9^W(>dUe?&s
zVeg{};|VNrH<?Q@r`T>g;rtDh+jXp9R7$PaA*MVh<pB+_b%nv!YZb#7(<ZN;EI*e9
zDU&^$$<+?r{nI<VqEX&)!>snmrvNCyTMH=luJ~R(LwsxX>QpM1-+0P`$&nNZS2ujo
zP!{UJS8?l5UrNk3g)>ZjR!s*Ff6jVRKE~q41JeF_0S;)BO^FBtzNS~HS?BTXtT0=o
z3g6Iy;g~Q1zlT*ox<%q~K)t0R82jVAT(|2_Jw#wvlW*!Wc$L_4C!U|(<NQUwy#HME
z;QHGy3G0T_#GfBU3g5K(S7z7p(@$_NEUOEjiZ--O;KR<{oa~U!kLf)8%r@CpA{cDE
z$oY*1+<j-_mnv}6d?xNlmWU1r5_B0vMy+zVLv+gbe4>qM8Clb!NO)B)LCJp#*CQ3C
z2s|Z-e+5rOJAQK9lyFX@;t@f(;j+YqZ(90#yQlS2LxJYc77>FiH$_l9a(_5kxTE+?
zz?hMl+ctFz1R#9WtH1v(hp%`V+6YPw@y65+$Q-jU(cf!4-P9lYhH5`5P*SVaQKj{b
z+-X|uY`Np}IVk+6fL$Cdd%~tSxfHxBPSWX92rO<578z5?{aoQW0tZ2n?g7!xysv?`
z7stvhBLVg1Q#Y5jyMW<0=m0~Ui~oxRUGv7<UU>mxb&A!3veSy->9h9wdMK2tydTI2
z%RF98wTuTLRE0M?rZKoX#{IEqM!A3b6UP9Jk*~L)K36zEUmq*ei#+5zCCiPGcJ)Cn
z<;1FGX`{ix)#}CBkjLE{PQd=(WE9^cx_h%y<@q13Ip(Xw2&5>N+PR2Gy`^(~p8Tz=
zke9QK_{{eNz0GR&mm(9DC=$Ps73^V!E84J2sEa+0n?iWv`4sKJ2kFk~%Q?c&B6%$M
zj?2_bMGGZ@xF4TmZfNyag$D70PZsmpGk39wz?S7O_HO%(dF$cE?TK&c=zHJ0Rf<z|
z^<Q-qIx+Yz2HH}zTa7c6Sv6$SNg>A|>6oMpxp9ZfAA_YUXW~pnhwK8R{!q&yKuOQ!
z*hKf_y<)C*wHnF%tfK2X@(V`lN0a=3AI+Cw3@WON<uy;)(^rqW2{3}1i13(r4Vd|k
zqaB!ge;{;hskKg4BYodJ{KEDOK>-dAl+9u9o}KGOaAujv6a@Pp*$RN+ZkZt^s$NKt
z9U2jWm|jsn9dK=!c>~yjJ5w|S4W{`0S>k45{6UQK$^@OM(%3?1_QI*zFKrrA*4QO0
zUx2gy)GJ|9q2_|f-5*dhZj{0joaMhJu^R24yIEp<5U;A$llkEpVdD280z~bJQzp9B
zx$EZ3F?AQkQ{`cZU_<c~yg4mIAz@s^>#G=IO7lz1fQnD=UMr7Z7^f*1);Vq1nRaAK
zCOICDulPuoc#UntpHT}JBIxu>W|1P-5ciRwbFU8geiwGUvRDmQzrap7#vwWuLUV}V
zp0UGdBr3DJ&6-M0lRks{IomNO8sC)Ku}I^>IP;~pSVL)-6XQX#Otq#S#lMm0Yi7TK
zl61qp=FRUNe8Y|wLm3`|#k1A&Ur~%m%u3QVY{6-~4kK`4uHlIzx2*1c`<w(^yzjBL
zk$XvuEG*h%a1tMhlc2r0s)5+C+NZ6^!8V?FOYz_D{=E;BQkjs1bl`!%Z=kk3k)XlH
z#SoK2>U8SuLmQHhr`}%$vIcvoI5KQw(J>W>YpwYA)+6ytG=;K(`6rs~Olz^a4?XLx
zusH?}wXUq!LiqgfODK<a<bm-DQU&3|*;a+~?X&*WmJoWZg{}3BGQZqkv|l(E4%3sB
z1w7}xv&b(F!>ll+;!g7HG*7h4-X;y>SD@aLXzrG4X;nI8A=8;vQC(VMl5A%Lr0?(8
za_2U4I|>RT2XsYvDRnA>0cBx_=XD0AR`=HaUXzj$R<E)Rme_oE=xZyZ8Z@lV7ujv@
z_V=~Ti`DWYb!)8E7H{)|Vu^%S$oA~>a%yAPxty05=};C1oNM@!`J@x-?1gyo_3bhr
z+1<T|8Dnw3R_mBn-jZ6q2$$IH3`Fp(uT=U2?6nl?x%kQe=$;xDD%?h)mW5d-P_J{O
zgmAMB93FfRrSkBkX~LLOpz2uDtAc6f#G7D=w{=JaAqL@^=DC!#Wkh`w72=;Ku%eFg
z&K5^Z!t-<DIJ^jf3>(N|#1`}m8N?eWb4usg*}k$ot#%4l0Dyx-0xrs9q2#?Z47}ou
zAfybe`_G>4XQ8s4(W`8SiKIiN1SnV8is0rU12c&YXWOHlWQY<odHu+EbU_Q-pyzb+
z*ez2ie7n*h+fz1H%yAbqCNS}}8TU=%$ND)O!cO^eQ?mDX;eEfXy(q8vU5{;W#agFD
zyhtC;*tdgWeTB6jX9!xBO6~BgOVtVo@;*?J&?|CEWTUX<K~M{-RDo*Kq;@jco59Cf
z$~2bmar5Pm`Gui02pz5YSHi?dxh!iNffxzy-L%O53G~D`QqI7n=fqtP^V5)uJgwUr
z&Eq)(yQM|<0;@|;h`PA@(?_n73YX4W<V8Ri%`BV|o$M;e5U;nD`NN-1xwkTj{!}be
z=ael}4eip@aEb378UT|dO#gEAxxH(s#DhrNumq~5K)Tx5#||#q2hGA1YsB3QsP-ZJ
zzC--xUuz-f?T7L?na1&{9AtT%15rT5N=G9NNd&qdpnKk~yA!u+w{1!c9XF(TOMj@L
zkWhHm?XI<(1J+UHsJ9weVHD)>0}|;h5Lm5HBD_OIz7-S|Wq&Ghf)zfr^+w*=S#D5B
z4pXgd7pV6h^EHmh&Nag;MnZ_Ny#&n|;}6hHg*36{B-DK(ho))&nwEiEzdC-UHh!A<
zo7A%WFJY@>B9*Fj>q(I#got#(0siCp6Dap5W$6(k<&{QV`$C1BgxK?b!PoK+{#=e)
zzL$f2%~Kj)arJ-r4vT^%8jyw23sgQRjXbAJB8S&^gLF#Q1U9LrC<3(e6QJhx3aa2Q
zqKPwlX`w8JaaDqMC&N1yW!z*#*QrMatj+(h)p>QaNKDHVBJpU{6G6t1?-@syBgPy|
zb~s%wdIoWB(LnWu=J3t|gvNqJ1y9Q^f!Cq2wkEUAH1$HiL3N_SbS;Xr9jz~$Q;V*t
zZ$5osftb6bClDMB<ZOF?@M@PL6c!i9N96kY;gO+Cm6Eg{>EW!}_z#TX;+NwLfQFV&
zd(lCos<t~5G)QYYOP;{gTN6hn1)%{W5odwW;eh&CxuVXXtmk#GXmqjs_AAUYeAoK)
z49S<4&^$qDV60b=`fZz^WM<_8CwH7*Bb>3E%Z}N+$H3b(ahP|4=gOTfzP6da&QIpJ
z$p#FAM?t0c9#=%|^~r2|s*iZua$@Ug!+gXaYLN|@mFKEoyFP>)LTSE2WEO3=rpGK(
z_yX}zxca*W{~q-#(h`-obT5JsRQg{76g-+)S6){{<V=2B+avm)AnTaZ?Obw6g;!pU
zNV}*{^K&$?C@}x@|8Xv=$PGd5{eJ*pJ_NNM0fJinPp<e^rAX-i2M40T!u>P9{1YAj
zKS~JyA4*uk86F?t{gM7Zl<;4>QpsO_<;7OYS*C5G;P2)4fV*OSAAPM+H{$h#&KOd^
zusM~6P{pfX%s}=(i%j^UU@(@F6-zF_$yQE?hxzTVo|l;XcBs~vs2aezK^a^Z8%=n>
za-@F><Jdsm^E+D!{efVM5uF(hAWZ!`pr@mi=-<V^$hZt*c@efm5)bS!pLj(zWMYw5
z8K0EAUb_K_<<5mPX(D*#(`SB~oHtW0ulD0C9J?d*i{@GZ6GI59*0_A;x=xup;nJOg
zoKrCk5{?642G3Gl`=Seuu{uyIz@w8_44SkUxip<u7xWX%GKS7Z)TVSOccuVR^we-@
zq_gr#bHY;QRY3;O+oo5{$ed12f!F#zjx5JMwXcGRO-;TMiceO)roqq2;^@tO<5slb
z?VrXKOraja!`zoAa5z%C5S4;pxe{vyy#+_@&Kx^Ap(lxutydqNXG^%@58Q889m+}q
zu2<jcD*2;{!JbS>K$R8F-4`J)tD3K+Tf=H3RvYoRp|0kD*)MMcXf4u|0sdWcDpnly
zwoE|i=T#w78Y7#`p$^Rl54_AnJI-f)<(*nM2E`(t^{+nM*$3r-uQgRAFYD4ZweO=h
zdnT4CcE*zLDvV4VFXh&_rTPLl?tILQo%j7xysr0TvZRNF7VU%0OvxWR^<o9j9RGwS
zx*!hOcc6T({v{RBFCV!_FtF)_x@8##jh&QK@8S)x4M<vx^f@bHbudJ3*B0Da<<Q-8
zG(Mr2B;oWX+FNe-ke)FTQw*jLlnJN3PM)ue<e==e5E%&zN|vCK6E$l9o;F3!Rrjbf
zekzy2e3?iX<&p1eU@43->yl4+9a_q%$}O6+#ZvLfqqU0t5K^OWwjE5b&(RJ};H-4a
z6?dNEP~F*hq9}G7l=rBYfRFMO6FO+RhPeCmcd^F9S`%9zV5t8kj_nfLVz$(bPrKt+
zll=XGrj%i<%r@g=5t9c=8ryXY*1P+vg+3|pj4QQX?oodB)cc1@4Ax=~*_Pc-=FL|P
zeJ&UFAuRp{#DK><nO68p1Jh8KzU`(zA9PfAPCuCjGh+EFiXcY+P8=1G7~QwKAN9}l
zaj1MP#hl>|UVV43a`7!3;J2R(aJ{;@Y;_mR|1wl4L~O#E!rj6cb(>Ze6-Lh`Cx4e}
z)rS6jyz%|%XUSLqtBwP@oOY9$4e>n@bs|`jF-^qm){u=)0@2JL`b2=~)O#v^X%jJ^
zpUeVOu9aKV2ytHdIRDH(@V0_u^%{i6(-m26STp9(k-e-GaWkg!sQpI{dIWok_~cN+
zmzB!U?ke*G6C~FZ+u~)WtWSkiX<$Pg+wzH%^mvjzw9VwWm)7q{FS@wulhvqL?EHSb
zS@ORn-<YoQRZ)sy!*HYhV>VRvdCOj63@U#3X^rk?5xK?l#E_-{mi5OjVxdX;dkMIN
zE1;ic@g%RH%PMj@L+!w}$!fhsZRd((jFUTn=N!p!%%-c-p}1L^R}jkQH@eaO8gJ4O
z3HuEKudYo#Vnv~8!Le>Ad*sEi2>}sOySXU>zvt3#czsGXZa}J8qCE0OD=m$$4mE!0
z*)|q6ijcP2Gj^55S*?{u{Axy)D|+d-j&%{u-5_em6rlqC&CXA~CiAW&Mma~z7MK5h
z^N_FsX=p`i?Lfe*YJ?K7@blq?uI!@|S@ffm57G*~E-0e1AoZtpV~45^8I`z^9jJBA
z1Z6Jp9<-;8VS%iA@)sBouhnQZSZqAk@n#1S4{$t*M*M>>)^avQ*=`gj9UM2+7Lr5$
z8&<3yDrg{_KUn1Fs*YD`*|2zX8no3qu-v)1EKfyxO}6!jo{9qBJt(y>P$I}Kx7HcR
zoheq>8Q7b%RF#3_(fQYWeqlEpSN`?ZEv;pbWNirZH49-XU_$^bT2>SC$_d?)Yw*RM
z_W+oGoUM7_pkU0NTraYr7Cupu()2SqIalh4wI|$1*4X*^vll7)du!N__zc2?$?%<X
zx;vO1LKt=qR_$L|`t+@FJ8KF~@mM}5Sh%V`2^<`=@jdolWoNt~s}0{NMzOW(OzQ1h
zn56WO*$%IK;48`&G>)$ef%@_xzt?DA%8EbRmVS4uu<Y(WnTMEv{~dVha+#e{^3tWg
z--9cp9ALa5-zv=*-62BlNp$+z)SHcTv^bW~(`IKq;z#k~Uo%u+d|V)Z{lGhR(;KJx
zzS7?F-ExOqjhZa)plZg$Ge=k8hcTh~PGA$DcafKhAT!A8Xk(2Ckv$lOD`RQOFd3+R
z$ztmw!zL0Sa)t1C*pPtqHV$7cpoJu+ReIDwlX)Y$j!UyN&WrS}W}!y)#VlgG1<M$8
zBY>Z>W{(*|H&-iJN$j9y1nYAxZ=+RB1OGSd56$r+^%>tKc?hk2c5SM45|Q#!l`5=o
zB!mg{J05N!ZP>$e6Ta}Pm_oXOfE^tgKm6*&_nn`)C*cSMX2KSY_g;@da?hWVw%}32
z;UD2nJwnVm=BHd${s4T5flGRBN3vLg^r0jfxO!=aYI<{~{Q`XF>p!|p+%1>5-^yW-
z!<3ALMzWS|35MXZ+vI0u)RC0Nd?+<t(<=8FRgu71&59+<aC>dNZarFYTA76w=(BU8
zOF2<5xM5V!c)s&3Gj2g0S01y^#H`yWhv_Sx=fo99_doM?XNTu2uo@|`Q{3;`4{e8M
z$BvmlhZ}o(knHUPoccA|p@dSV(q~6SWF(~Jh-=irs=_d4O!0QcbQ<Bt(UDXZ+TpWw
z<399G6;ZzVa=XG4lNphugm593lZ&{f$Ubpn3=A}eF<oLpRuQx~^eU&+xO(iRAI;CK
zJ;mM0IUM<;yf>LhX!Y5{%5Q^S)GgT6Z;itan6Cr=^gq@fF_ZZU>s@jp$p@(jBfnEl
z1f8ou?&7rk73@S>f+zDgc^d(h2e<mh5^AnAHhOyj0;j{1u1Tz)8sM0x$4T?d?Zmq<
zIRDa#bV&x4*Aj)|yBPtP=*iqf`ZMG#i#KLZu?CiMVyBUA65R1ICg1|=^>%=+fKeVR
z*L%uc=lvJ4K}^o?56LErYy;Kh=?U|oBx4%6aPGfGydmPP?K7%FGrW%kpNux<1jNOs
zn)gbXKli!1bRsHq1O}UDnN8~=fNZ;UA0N@*I3YltU()U)24CFJfAzhCZP)nXhcdoV
zEiWR<^&IjraMS(YbcRaELxez3u+G;eLYK5K4Zv<`)0%1zv_^j9=HaH{Mnyto!-9t+
qMT9{hxJd3su^f2*l@rJi3;MB>=(S2Hhk)Y7X|;My6pHenl=eTCdB-6D

literal 0
HcmV?d00001