From 3bbb96a8e0b41aa5431ce86c3a90b5cb1bf174c7 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 13 Dec 2023 14:26:58 -0700
Subject: [PATCH 001/346] todos for individual certificate generation

---
 scripts/automation/Radius/Config.ps1          |   2 +-
 .../Radius/Functions/Private/Test-User.ps1    |  41 ++++
 .../Functions/Public/Generate-UserCerts.ps1   | 215 ++++++++++++++----
 3 files changed, 209 insertions(+), 49 deletions(-)
 create mode 100644 scripts/automation/Radius/Functions/Private/Test-User.ps1

diff --git a/scripts/automation/Radius/Config.ps1 b/scripts/automation/Radius/Config.ps1
index a99a2aaaa..d965e7c67 100644
--- a/scripts/automation/Radius/Config.ps1
+++ b/scripts/automation/Radius/Config.ps1
@@ -37,7 +37,7 @@ $CertType = "UsernameCn"
 # Do not modify below
 ################################################################################
 
-$UserAgent_ModuleVersion = '1.0.7'
+$UserAgent_ModuleVersion = '1.1.0'
 $UserAgent_ModuleName = 'PasswordlessRadiusConfig'
 #Build the UserAgent string
 $UserAgent_ModuleName = "JumpCloud_$($UserAgent_ModuleName).PowerShellModule"
diff --git a/scripts/automation/Radius/Functions/Private/Test-User.ps1 b/scripts/automation/Radius/Functions/Private/Test-User.ps1
new file mode 100644
index 000000000..5bc57524d
--- /dev/null
+++ b/scripts/automation/Radius/Functions/Private/Test-User.ps1
@@ -0,0 +1,41 @@
+function Test-User {
+    [CmdletBinding()]
+    param (
+        # Parameter help description
+        [Parameter(ParameterSetName = 'username')]
+        [System.String]
+        $username,
+        # Parameter help description
+        [Parameter(ParameterSetName = 'userid')]
+        [System.String]
+        $userID
+    )
+    begin {
+        # Get User Group membership
+        # TODO: update if data is older than 30 mins
+        if ( -not $GLOBAL:RadiusUserMembership ) {
+            $GLOBAL:RadiusUserMembership = Get-JCUserGroupMember -ByID $JCUSERGROUP
+        }
+    }
+    process {
+        switch ($PSCmdlet.ParameterSetName) {
+            'userid' {
+                $matchedUser = $Global:RadiusUserMembership | Where-Object { $userID -in $_.UserId }
+                $inputText = $userID
+            }
+            'username' {
+                $matchedUser = $Global:RadiusUserMembership | Where-Object { $username -in $_.Username }
+                $inputText = $username
+            }
+        }
+        if ($matchedUser) {
+            Write-Debug "Matched Username Found: $($matchedUser.username)"
+        } else {
+            Write-Warning "User specified $inputText was not found within the Radius Server Membership Lists"
+            return $null
+        }
+    }
+    end {
+        return $matchedUser
+    }
+}
\ No newline at end of file
diff --git a/scripts/automation/Radius/Functions/Public/Generate-UserCerts.ps1 b/scripts/automation/Radius/Functions/Public/Generate-UserCerts.ps1
index e83a06068..be6252fd9 100644
--- a/scripts/automation/Radius/Functions/Public/Generate-UserCerts.ps1
+++ b/scripts/automation/Radius/Functions/Public/Generate-UserCerts.ps1
@@ -5,7 +5,6 @@ Connect-JCOnline $JCAPIKEY -force
 ################################################################################
 # Do not modify below
 ################################################################################
-
 # Check if CA-Key is saved in env
 if ($env:certKeyPassword) {
     Write-Host "Found CA-Key password in env"
@@ -27,8 +26,7 @@ if ($env:certKeyPassword) {
 # Import the functions
 Import-Module "$JCScriptRoot/Functions/JCRadiusCertDeployment.psm1" -DisableNameChecking -Force
 
-$SystemHash = Get-JCSystem -returnProperties displayName, os
-
+# Import User.Json/ create list if it does not exist
 if (Test-Path -Path "$JCScriptRoot/users.json" -PathType Leaf) {
     Write-Host "[status] Found user.json file"
     $userArray = Get-Content -Raw -Path "$JCScriptRoot/users.json" | ConvertFrom-Json -Depth 6
@@ -45,11 +43,22 @@ if (Test-Path -Path "$JCScriptRoot/users.json" -PathType Leaf) {
 }
 
 # Get user membership of group
-$groupMembers = Get-GroupMembership -groupID $JCUSERGROUP
+# TODO: update group membership if last date is -gt 30 mins
+if ( -not $GLOBAL:RadiusUserMembership ) {
+    $GLOBAL:RadiusUserMembership = Get-JCUserGroupMember -ByID $JCUSERGROUP
+    $groupMembers = $GLOBAL:RadiusUserMembership
+} else {
+    $groupMembers = $GLOBAL:RadiusUserMembership
+}
 if ($groupMembers) {
     Write-Host "[status] Found $($groupmembers.count) users in Radius User Group"
 }
 
+# Get SystemHash
+# TODO: update group membership if last date is -gt 30 mins
+# TODO: global variable and track time last updated
+$SystemHash = Get-JCSystem -returnProperties displayName, os
+
 # Create UserCerts dir
 if (Test-Path "$JCScriptRoot/UserCerts") {
     Write-Host "[status] User Cert Directory Exists"
@@ -58,56 +67,166 @@ if (Test-Path "$JCScriptRoot/UserCerts") {
     New-Item -ItemType Directory -Path "$JCScriptRoot/UserCerts"
 }
 
-# if user from group is on the system, continue with script:
-foreach ($user in $groupMembers) {
-    # Create the User Certs
-    $MatchedUser = get-webjcuser -userID $user.id
-    Write-Host "Generating Cert for user: $($MatchedUser.username)"
-
-    if ($MatchedUser.id -in $userArray.userId) {
-        if (Test-Path -Path "$JCScriptRoot/UserCerts/$($MatchedUser.username)-client-signed.pfx") {
-            Write-Host "[status] $($MatchedUser.username) already has certs generated... skipping"
-        } else {
-            Generate-UserCert -CertType $CertType -user $MatchedUser.username -rootCAKey "$JCScriptRoot/Cert/radius_ca_key.pem" -rootCA "$JCScriptRoot/Cert/radius_ca_cert.pem"
-        }
-    } else {
-        Write-Host "[status] $($MatchedUser.username) not found in users.json"
-
-        # Find user system associations
-        $SystemUserAssociations = @()
-        $SystemUserAssociations += (Get-JCAssociation -Type user -Id $MatchedUser.id -TargetType system | Select-Object @{N = 'SystemID'; E = { $_.targetId } })
-
-        $systemAssociations = @()
-        foreach ($system in $SystemUserAssociations) {
-            $systemInfo = $SystemHash | Where-Object _id -EQ $system.SystemID
-            $systemTable = @{
-                systemId    = $systemInfo._id
-                displayName = $systemInfo.displayName
-                osFamily    = $systemInfo.os
+function Show-GenerationMenu {
+    $title = 'JumpCloud Radius Cert Deployment'
+    Clear-Host
+    Write-Host "================ $Title ================"
+    Write-Host "1: Press '1' to generate new certificates for NEW RADIUS users. $([char]0x1b)[96mNOTE: This will only generate certificates for users who have not yet had a certificate generated."
+    Write-Host "2: Press '2' to generate new certificates for ONE Specific RADIUS user. $([char]0x1b)[96mNOTE: you will be prompted to overwrite any previously generated certificates"
+    Write-Host "3: Press '3' to re-generate new certificates for ALL users. $([char]0x1b)[96mNOTE: This will overwrite any previously generated certificates"
+    Write-Host "4: Press '4' to re-generate new certificates for users who's cert is set to expire shortly. $([char]0x1b)[96mNOTE: This will overwrite any previously generated certificates"
+    Write-Host "E: Press 'E' to exit."
+}
+Do {
+    Show-GenerationMenu
+    $confirmation = Read-Host "Please make a selection"
+    switch ($confirmation) {
+        '1' {
+            # process all users, generate certificates for uses who do not yet have a certificate
+            foreach ($user in $groupMembers) {
+                # Get the user details:
+                $MatchedUser = get-webjcuser -userID $user.id
+                Write-Host "Generating Cert for user: $($MatchedUser.username)"
+                if ($matchedUser.id -in $userArray.userid) {
+                    if (Test-Path -Path "$JCScriptRoot/UserCerts/$($MatchedUser.username)-client-signed.pfx") {
+                        Write-Host "[status] $($MatchedUser.username) already has certs generated... skipping"
+                    } else {
+                        # Generate a new cert for this user:
+                        Generate-UserCert -CertType $CertType -user $MatchedUser -rootCAKey "$JCScriptRoot/Cert/radius_ca_key.pem" -rootCA "$JCScriptRoot/Cert/radius_ca_cert.pem" | Out-Null
+                    }
+                } else {
+                    Write-Host "[status] $($MatchedUser.username) not found in users.json"
+
+                    # Find user system associations
+                    $SystemUserAssociations = @()
+                    $SystemUserAssociations += (Get-JCAssociation -Type user -Id $MatchedUser.id -TargetType system | Select-Object @{N = 'SystemID'; E = { $_.targetId } })
+
+                    $systemAssociations = @()
+                    foreach ($system in $SystemUserAssociations) {
+                        $systemInfo = $SystemHash | Where-Object _id -EQ $system.SystemID
+                        $systemTable = @{
+                            systemId    = $systemInfo._id
+                            displayName = $systemInfo.displayName
+                            osFamily    = $systemInfo.os
+                        }
+                        $systemAssociations += $systemTable
+                    }
+
+                    $userTable = @{
+                        userId              = $MatchedUser.id
+                        userName            = $MatchedUser.username
+                        localUsername       = $(If ($MatchedUser.hasLocalUsername) {
+                                $matchedUser.localUsername
+                            } else {
+                                $matchedUser.username
+                            })
+                        systemAssociations  = $systemAssociations
+                        commandAssociations = @()
+                    }
+
+                    if (Test-Path -Path "$JCScriptRoot/UserCerts/$($MatchedUser.username)-client-signed.pfx") {
+                        Write-Host "[status] $($MatchedUser.username) has certs generated... adding to users.json"
+                    } else {
+                        Generate-UserCert -CertType $CertType -user $MatchedUser -rootCAKey "$JCScriptRoot/Cert/radius_ca_key.pem" -rootCA "$JCScriptRoot/Cert/radius_ca_cert.pem" | Out-Null
+                    }
+                    $userArray += $userTable
+                }
             }
-            $systemAssociations += $systemTable
+            # Update UserArray
+            $userArray | ConvertTo-Json -Depth 6 | Out-File "$JCScriptRoot\users.json"
+            Break
         }
-
-        $userTable = @{
-            userId              = $MatchedUser.id
-            userName            = $MatchedUser.username
-            localUsername       = $(If ($MatchedUser.hasLocalUsername) {
-                    $matchedUser.localUsername
+        '2' {
+            # process individual users, generate certificates for users who have not been added to users.json
+            # if users have been added to users.json, prompt to re-generate
+            Clear-Variable "ConfirmUser"
+            while (-not $confirmUser) {
+                $confirmationUser = Read-Host "Enter the Username or UserID of the user"
+                $confirmUser = Test-User -username $confirmationUser -debug
+            }
+            # get data about the user
+            $MatchedUser = get-webjcuser -userID $confirmUser.UserID
+            # Generate a new cert for this user:
+            if ($matchedUser.id -in $userArray.userid) {
+                if (Test-Path -Path "$JCScriptRoot/UserCerts/$($MatchedUser.username)-client-signed.pfx") {
+                    Do {
+                        $overwrite = Read-Host "do you want to overwrite yn?"
+                        switch ($overwrite) {
+                            'y' {
+                                Generate-UserCert -CertType $CertType -user $MatchedUser -rootCAKey "$JCScriptRoot/Cert/radius_ca_key.pem" -rootCA "$JCScriptRoot/Cert/radius_ca_cert.pem" | Out-Null
+                                Break
+
+                            }
+                            'n' {
+                                Write-Host "[status] $($MatchedUser.username) already has certs generated... skipping"
+                                Break
+
+                            }
+                        }
+                    } until (($overwrite -eq "y") -or ($overwrite -eq "n"))
                 } else {
-                    $matchedUser.username
-                })
-            systemAssociations  = $systemAssociations
-            commandAssociations = @()
+                    # Generate a new cert for this user:
+                    Generate-UserCert -CertType $CertType -user $MatchedUser -rootCAKey "$JCScriptRoot/Cert/radius_ca_key.pem" -rootCA "$JCScriptRoot/Cert/radius_ca_cert.pem" | Out-Null
+                }
+            } else {
+                Write-Host "[status] $($MatchedUser.username) not found in users.json"
+
+                # Find user system associations
+                $SystemUserAssociations = @()
+                $SystemUserAssociations += (Get-JCAssociation -Type user -Id $MatchedUser.id -TargetType system | Select-Object @{N = 'SystemID'; E = { $_.targetId } })
+
+                $systemAssociations = @()
+                foreach ($system in $SystemUserAssociations) {
+                    $systemInfo = $SystemHash | Where-Object _id -EQ $system.SystemID
+                    $systemTable = @{
+                        systemId    = $systemInfo._id
+                        displayName = $systemInfo.displayName
+                        osFamily    = $systemInfo.os
+                    }
+                    $systemAssociations += $systemTable
+                }
+
+                $userTable = @{
+                    userId              = $MatchedUser.id
+                    userName            = $MatchedUser.username
+                    localUsername       = $(If ($MatchedUser.hasLocalUsername) {
+                            $matchedUser.localUsername
+                        } else {
+                            $matchedUser.username
+                        })
+                    systemAssociations  = $systemAssociations
+                    commandAssociations = @()
+                }
+
+                if (Test-Path -Path "$JCScriptRoot/UserCerts/$($MatchedUser.username)-client-signed.pfx") {
+                    Write-Host "[status] $($MatchedUser.username) has certs generated... adding to users.json"
+                } else {
+                    Generate-UserCert -CertType $CertType -user $MatchedUser -rootCAKey "$JCScriptRoot/Cert/radius_ca_key.pem" -rootCA "$JCScriptRoot/Cert/radius_ca_cert.pem" | Out-Null
+                }
+                $userArray += $userTable
+            }
+            # Update UserArray
+            $userArray | ConvertTo-Json -Depth 6 | Out-File "$JCScriptRoot\users.json"
+            Break
         }
+        '3' {
+            # process new users, re-generate certificates for users who have not been added to users.json
+            # TODO: implement
+            Break
+        }
+        '4' {
+            #TODO: overwrite soon to expire certificates
 
-        if (Test-Path -Path "$JCScriptRoot/UserCerts/$($MatchedUser.username)-client-signed.pfx") {
-            Write-Host "[status] $($MatchedUser.username) has certs generated... adding to users.json"
-        } else {
-            Generate-UserCert -CertType $CertType -user $MatchedUser -rootCAKey "$JCScriptRoot/Cert/radius_ca_key.pem" -rootCA "$JCScriptRoot/Cert/radius_ca_cert.pem"
         }
-        $userArray += $userTable
+        'E' {
+            Write-Host "Returning to main menu"
+        }
+        default {
+            Write-Host "Invalid Choice. Please try again"
+            Break
+        }
     }
-}
+} while ($confirmation -ne 'E')
+
 
-$userArray | ConvertTo-Json -Depth 6 | Out-File "$JCScriptRoot\users.json"
 

From bf1dc0965c03d90cb6f12793412418a083787a4e Mon Sep 17 00:00:00 2001
From: Geoffrey Wein <geoffrey.wein@jumpcloud.com>
Date: Wed, 13 Dec 2023 14:59:29 -0700
Subject: [PATCH 002/346] update cert filter

---
 .../automation/Radius/Functions/Public/Distribute-UserCerts.ps1 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/automation/Radius/Functions/Public/Distribute-UserCerts.ps1 b/scripts/automation/Radius/Functions/Public/Distribute-UserCerts.ps1
index 1cd42ee19..d1ea163b0 100644
--- a/scripts/automation/Radius/Functions/Public/Distribute-UserCerts.ps1
+++ b/scripts/automation/Radius/Functions/Public/Distribute-UserCerts.ps1
@@ -52,7 +52,7 @@ if ($RadiusCertCommands.Count -ge 1) {
 # Create commands for each user
 foreach ($user in $userArray) {
     # Get certificate and zip to upload to Commands
-    $userCertFiles = Get-ChildItem -Path "$JCScriptRoot/UserCerts" -Filter "$($user.userName)*"
+    $userCertFiles = Get-ChildItem -Path "$JCScriptRoot/UserCerts" -Filter "$($user.userName)-*"
     # set crt and pfx filepaths
     $userCrt = ($userCertFiles | Where-Object { $_.Name -match "crt" }).FullName
     $userPfx = ($userCertFiles | Where-Object { $_.Name -match "pfx" }).FullName

From 85e9fed2829dbac1a302f837a97ab63486f9839c Mon Sep 17 00:00:00 2001
From: Geoffrey Wein <geoffrey.wein@jumpcloud.com>
Date: Wed, 13 Dec 2023 15:01:41 -0700
Subject: [PATCH 003/346] update changelog and config

---
 scripts/automation/Radius/Changelog.md | 14 ++++++++++++++
 scripts/automation/Radius/Config.ps1   |  2 +-
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/scripts/automation/Radius/Changelog.md b/scripts/automation/Radius/Changelog.md
index 2560f009e..99182cdb4 100644
--- a/scripts/automation/Radius/Changelog.md
+++ b/scripts/automation/Radius/Changelog.md
@@ -1,3 +1,17 @@
+## 1.1.0
+
+Release Date: December 13, 2023
+
+#### RELEASE NOTES
+
+```
+Fixed an issue where similar usernames were having incorrect certificates deployed
+```
+
+#### Bug Fixes:
+
+- Addressed a bug where similar usernames were having incorrect certificates deployed. Ex: john.smith and john
+
 ## 1.0.7
 
 Release Date: December 1, 2023
diff --git a/scripts/automation/Radius/Config.ps1 b/scripts/automation/Radius/Config.ps1
index a99a2aaaa..d965e7c67 100644
--- a/scripts/automation/Radius/Config.ps1
+++ b/scripts/automation/Radius/Config.ps1
@@ -37,7 +37,7 @@ $CertType = "UsernameCn"
 # Do not modify below
 ################################################################################
 
-$UserAgent_ModuleVersion = '1.0.7'
+$UserAgent_ModuleVersion = '1.1.0'
 $UserAgent_ModuleName = 'PasswordlessRadiusConfig'
 #Build the UserAgent string
 $UserAgent_ModuleName = "JumpCloud_$($UserAgent_ModuleName).PowerShellModule"

From 86b4e4dc794783d0b3c064b701dbb653f9edb346 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Thu, 14 Dec 2023 13:08:04 -0700
Subject: [PATCH 004/346] gather sha1 data for local certs

---
 scripts/automation/Radius/Functions/Private/Get-CertInfo.ps1 | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/scripts/automation/Radius/Functions/Private/Get-CertInfo.ps1 b/scripts/automation/Radius/Functions/Private/Get-CertInfo.ps1
index d1275d71a..16bbba7fd 100644
--- a/scripts/automation/Radius/Functions/Private/Get-CertInfo.ps1
+++ b/scripts/automation/Radius/Functions/Private/Get-CertInfo.ps1
@@ -64,7 +64,7 @@ function Get-CertInfo {
                     $certHash = @{}
                     # Use openssl to gather serial, subject, issuer and enddate information
                     $certInfo = Invoke-Expression "$opensslBinary x509 -in $($cert.Path) -enddate -serial -subject -issuer -noout"
-
+                    $certSHA1 = Get-FileHash -Path $($cert.Path) -Algorithm SHA1
                     # Convert string data into a key/value pair
                     $certInfo | ForEach-Object {
                         $property = $_ | ConvertFrom-StringData
@@ -79,6 +79,7 @@ function Get-CertInfo {
 
                         $certHash += $property
                     }
+                    $certHash.Add('sha1', $certSHA1.Hash)
 
                     # Add hash to certObj array
                     $certObj += $certHash

From 3dc3a56aa4fc948fe18537dc540f203273e018cb Mon Sep 17 00:00:00 2001
From: Geoffrey Wein <geoffrey.wein@jumpcloud.com>
Date: Fri, 15 Dec 2023 13:20:15 -0700
Subject: [PATCH 005/346] formatting function for gui

---
 .../automation/Radius/Functions/Private/PadCenter.ps1  | 10 ++++++++++
 1 file changed, 10 insertions(+)
 create mode 100644 scripts/automation/Radius/Functions/Private/PadCenter.ps1

diff --git a/scripts/automation/Radius/Functions/Private/PadCenter.ps1 b/scripts/automation/Radius/Functions/Private/PadCenter.ps1
new file mode 100644
index 000000000..2f7ae3ddb
--- /dev/null
+++ b/scripts/automation/Radius/Functions/Private/PadCenter.ps1
@@ -0,0 +1,10 @@
+function PadCenter {
+    param (
+        [string]$string,
+        [char]$char
+    )
+    $length = $host.ui.rawui.windowsize.width
+    $spaces = $length - $string.Length
+    $padLeft = $spaces / 2 + $string.Length
+    return $string.PadLeft($padLeft, $char).PadRight($length, $char)
+}
\ No newline at end of file

From 3c86a21b0a224ce09446a9dbbfb6153bba7a3a76 Mon Sep 17 00:00:00 2001
From: Geoffrey Wein <geoffrey.wein@jumpcloud.com>
Date: Fri, 15 Dec 2023 13:20:22 -0700
Subject: [PATCH 006/346] main menu updates

---
 .../Functions/Private/Show-RadiusMainMenu.ps1 | 43 ++++++++++++++++---
 1 file changed, 36 insertions(+), 7 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Private/Show-RadiusMainMenu.ps1 b/scripts/automation/Radius/Functions/Private/Show-RadiusMainMenu.ps1
index fba4f9122..1c41b3896 100644
--- a/scripts/automation/Radius/Functions/Private/Show-RadiusMainMenu.ps1
+++ b/scripts/automation/Radius/Functions/Private/Show-RadiusMainMenu.ps1
@@ -1,6 +1,6 @@
 function Show-RadiusMainMenu {
     param (
-        [string]$Title = 'JumpCloud Radius Cert Deployment'
+        [string]$Title = ' JumpCloud Radius Cert Deployment '
     )
     # Get cert information
     $rootCAInfo = Get-CertInfo -rootCa
@@ -12,20 +12,49 @@ function Show-RadiusMainMenu {
     # Find all certs that will expire between current date and cut off date
     $expiringCerts = Get-ExpiringCertInfo -certInfo $userCertInfo -cutoffDate $cutoffDate
 
+    # Get UserGroup information from Config.ps1
+    $radiusUserGroup = Get-JcSdkUserGroup -Id $JCUSERGROUP | Select-Object Name
+    $radiusUserGroupMemberCount = (Get-JcSdkUserGroupMember -GroupId $JCUSERGROUP).Count
+
+    # Get SSID information from Config.ps1
+    $radiusSSID = $NETWORKSSID.Split(';').Trim()
+
     # Output for Users
     Clear-Host
-    Write-Host "================ $Title ================"
-    Write-Host "$([char]0x1b)[33mEdit the variables in Config.ps1 before continuing this script `n"
+
+    # ==== TITLE ====
+    Write-Host $(PadCenter -string $Title -char '=')
+    Write-Host $(PadCenter -string "Edit the variables in Config.ps1 before continuing this script `n" -char ' ') -ForegroundColor Yellow
+    # /==== TITLE ====
+
+    # ==== ROOT CA ====
+    Write-Host $(PadCenter -string ' Root CA ' -char '-')
     if ($rootCAInfo -eq $null) {
-        Write-Host "$([char]0x1b)[33mNo Root CA detected`n"
+        Write-Host $(PadCenter -string "No Root CA detected`n" -char ' ') -ForegroundColor Yellow
     } else {
-        Write-Host "$([char]0x1b)[32mRoot CA Serial Number: $($rootCAInfo.serial)"
-        Write-Host "$([char]0x1b)[32mRoot CA Expiration: $($rootCAInfo.notAfter)`n"
+        Write-Host $(PadCenter -string "Root CA Serial Number: $($rootCAInfo.serial)" -char ' ') -ForegroundColor Green
+        Write-Host $(PadCenter -string "Root CA Expiration: $($rootCAInfo.notAfter)`n" -char ' ') -ForegroundColor Green
     }
     if ($expiringCerts) {
-        Write-Host "$([char]0x1b)[91m$($($expiringCerts.subject).Count) user certs will expire in 15 days `n"
+        Write-Host $(PadCenter -string "$($($expiringCerts.subject).Count) user certs will expire in 15 days `n" -char ' ') -ForegroundColor Red
     }
+    Write-Host $(PadCenter -string "-" -char '-')
+    # /==== ROOT CA ====
 
+    # ==== GROUP/SSID ====
+    Write-Host $(PadCenter -string "Radius User Group: $($radiusUserGroup.Name)" -char " ") -ForegroundColor Green
+    Write-Host $(PadCenter -string "Radius Users: $($radiusUserGroupMemberCount)" -char " ") -ForegroundColor Green
+    if ($radiusSSID.count -gt 1) {
+        Write-Host $(PadCenter -string "Radius SSIDs:" -char " ") -ForegroundColor Green
+        $radiusSSID | ForEach-Object {
+            Write-Host $(PadCenter -string $_ -char " ") -ForegroundColor Green
+        }
+    } else {
+        Write-Host $(PadCenter -string "Radius SSID: $radiusSSID" -char " ") -ForegroundColor Green
+        Write-Host "`n"
+    }
+    # /==== GROUP/SSID ====
+    Write-Host $(PadCenter -string "-" -char '-')
     Write-Host "1: Press '1' to generate your Root Certificate."
     Write-Host "2: Press '2' to generate/update your User Certificate(s)."
     Write-Host "3: Press '3' to distribute your User Certificate(s)."

From 2dd51d7429e76a0afafe88b19bdfae7c33200396 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Fri, 29 Dec 2023 16:26:19 -0700
Subject: [PATCH 007/346] generate cert by user with cache data

---
 .gitignore                                    |   2 +
 scripts/automation/Radius/Config.ps1          |  10 +-
 .../Functions/JCRadiusCertDeployment.psm1     |  12 +-
 .../Radius/Functions/Private/Get-CertInfo.ps1 |  59 ++--
 .../HashFunctions/Convert-FromHashtable.ps1   |  21 ++
 .../Private/HashFunctions/Get-DynamicHash.ps1 |  66 +++++
 .../HashFunctions/Test-UserFromHash.ps1       |  56 ++++
 .../Radius/Functions/Private/PadCenter.ps1    |   4 +
 .../Functions/Private/Show-RadiusMainMenu.ps1 |  39 +--
 .../Private/SystemTable/New-SystemTable.ps1   |  30 ++
 .../Private/UserTable/Get-UserFromTable.ps1   |  53 ++++
 .../Private/UserTable/New-UserTable.ps1       |  40 +++
 .../Private/UserTable/Set-UserTable.ps1       |  79 ++++++
 .../Private/settings/Get-JCRSettingsFile.ps1  |  45 +++
 .../Private/settings/New-JCRSettingsFile.ps1  |  41 +++
 .../Private/settings/Set-JCRSettingsFile.ps1  | 100 +++++++
 .../Private/settings/Update-JCRGlobalVars.ps1 | 163 +++++++++++
 .../Functions/Public/Generate-UserCerts.ps1   | 265 +++++++++---------
 .../Radius/Start-RadiusDeployment.ps1         |   2 +
 19 files changed, 909 insertions(+), 178 deletions(-)
 create mode 100644 scripts/automation/Radius/Functions/Private/HashFunctions/Convert-FromHashtable.ps1
 create mode 100644 scripts/automation/Radius/Functions/Private/HashFunctions/Get-DynamicHash.ps1
 create mode 100644 scripts/automation/Radius/Functions/Private/HashFunctions/Test-UserFromHash.ps1
 create mode 100644 scripts/automation/Radius/Functions/Private/SystemTable/New-SystemTable.ps1
 create mode 100644 scripts/automation/Radius/Functions/Private/UserTable/Get-UserFromTable.ps1
 create mode 100644 scripts/automation/Radius/Functions/Private/UserTable/New-UserTable.ps1
 create mode 100644 scripts/automation/Radius/Functions/Private/UserTable/Set-UserTable.ps1
 create mode 100644 scripts/automation/Radius/Functions/Private/settings/Get-JCRSettingsFile.ps1
 create mode 100644 scripts/automation/Radius/Functions/Private/settings/New-JCRSettingsFile.ps1
 create mode 100644 scripts/automation/Radius/Functions/Private/settings/Set-JCRSettingsFile.ps1
 create mode 100644 scripts/automation/Radius/Functions/Private/settings/Update-JCRGlobalVars.ps1

diff --git a/.gitignore b/.gitignore
index 2835b809e..01806df1c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -16,6 +16,8 @@
 /scripts/automation/Radius/*/*.srl
 /scripts/automation/Radius/Config.ps1
 /scripts/automation/Radius/users.json
+/scripts/automation/Radius/settings.json
+/scripts/automation/Radius/data/*
 __pycache__/
 *.pyc
 # Ignore PWSH CSV Import/Update Files:
diff --git a/scripts/automation/Radius/Config.ps1 b/scripts/automation/Radius/Config.ps1
index d965e7c67..4697de9cc 100644
--- a/scripts/automation/Radius/Config.ps1
+++ b/scripts/automation/Radius/Config.ps1
@@ -1,9 +1,5 @@
-# READ/ WRITE API KEY
-$JCAPIKEY = 'YOURAPIKEY'
-# JUMPCLOUD ORGID
-$JCORGID = 'YOURORGID'
 # JUMPCLOUD USER GROUP ID
-$JCUSERGROUP = 'YOURJCUSERGROUP'
+$Global:JCUSERGROUP = 'YOURJCUSERGROUP'
 # USER CERT PASSWORD (this password is sent to the devices via JumpCloud Commands)
 $JCUSERCERTPASS = 'secret1234!'
 # USER CERT Validity Length (days)
@@ -11,7 +7,7 @@ $JCUSERCERTVALIDITY = 90
 # List Of Radius Network SSID(s)
 # For Multiple SSIDs enter as a single string seperated by a semicolon  ex:
 # "CorpNetwork_Denver;CorpNetwork_Boulder;CorpNetwork_Boulder 5G;Guest Network"
-$NETWORKSSID = "YOUR_SSID"
+$Global:NETWORKSSID = "YOUR_SSID"
 # OpenSSLBinary by default this is (openssl)
 # NOTE: If openssl does not work, try using the full path to the openssl file
 # MacOS HomeBrew Example: '/usr/local/Cellar/openssl@3/3.1.1/bin/openssl'
@@ -108,6 +104,6 @@ if (($JCAPIKEY).Length -ne 40) {
 if (($JCORGID).Length -ne 24) {
     throw "The entered JumpCloud Organization ID is not the expected length"
 }
-if (($JCUSERGROUP).Length -ne 24) {
+if (($Global:JCUSERGROUP).Length -ne 24) {
     throw "The entered JumpCloud UserGroup ID is not the expected length"
 }
diff --git a/scripts/automation/Radius/Functions/JCRadiusCertDeployment.psm1 b/scripts/automation/Radius/Functions/JCRadiusCertDeployment.psm1
index 797c55c9c..a3d816d39 100644
--- a/scripts/automation/Radius/Functions/JCRadiusCertDeployment.psm1
+++ b/scripts/automation/Radius/Functions/JCRadiusCertDeployment.psm1
@@ -1,4 +1,6 @@
 # Load all functions from public and private folders
+#TODO: why define both?
+$Private = @( Get-ChildItem -Path "$JCScriptRoot/Functions/Private/*.ps1" -Recurse)
 $Private = @( Get-ChildItem -Path "$PSScriptRoot/Private/*.ps1" -Recurse)
 Foreach ($Import in $Private) {
     Try {
@@ -6,4 +8,12 @@ Foreach ($Import in $Private) {
     } Catch {
         Write-Error -Message "Failed to import function $($Import.FullName): $_"
     }
-}
\ No newline at end of file
+}
+
+$global:JCRConfig = Get-JCRSettingsFile
+
+Update-JCRGlobalVars
+
+# if ($global:JCConfig.globalVars.lastupdate - ) {
+
+# }
\ No newline at end of file
diff --git a/scripts/automation/Radius/Functions/Private/Get-CertInfo.ps1 b/scripts/automation/Radius/Functions/Private/Get-CertInfo.ps1
index 16bbba7fd..774729630 100644
--- a/scripts/automation/Radius/Functions/Private/Get-CertInfo.ps1
+++ b/scripts/automation/Radius/Functions/Private/Get-CertInfo.ps1
@@ -1,7 +1,15 @@
 function Get-CertInfo {
+    [CmdletBinding()]
     param (
-        [switch]$RootCA,
-        [switch]$UserCerts
+        [Parameter(ParameterSetName = 'CA', Mandatory = $true)]
+        [switch]
+        $RootCA,
+        [Parameter(ParameterSetName = 'User', Mandatory = $true)]
+        [switch]
+        $UserCerts,
+        [Parameter(ParameterSetName = 'User', Mandatory = $false)]
+        [system.string]
+        $username
     )
     begin {
         # Import the Config.ps1 variables
@@ -14,10 +22,15 @@ function Get-CertInfo {
 
         if ($UserCerts) {
             # Find all userCert paths
-            $foundCerts = Resolve-Path -Path "$JCScriptRoot/UserCerts/*.crt" -ErrorAction SilentlyContinue
+            if ($username) {
+                $foundCerts = Resolve-Path -Path "$JCScriptRoot/UserCerts/$username-*.crt" -ErrorAction SilentlyContinue
+
+            } else {
+                $foundCerts = Resolve-Path -Path "$JCScriptRoot/UserCerts/*.crt" -ErrorAction SilentlyContinue
+            }
         }
 
-        $certObj = @()
+        $certObj = New-Object System.Collections.ArrayList
     }
     process {
         # If no cert is found, return null
@@ -37,6 +50,7 @@ function Get-CertInfo {
                 }
 
                 # Create hashtable to contain cert info
+                # TODO: pscustomobject insted of hash
                 $certHash = @{}
                 # Use openssl to gather serial, subject, issuer, and enddate information
                 $certInfo = Invoke-Expression "$opensslBinary x509 -in $($foundCerts.Path) -enddate -serial -subject -issuer -noout"
@@ -61,28 +75,35 @@ function Get-CertInfo {
             } elseif ($UserCerts) {
                 foreach ($cert in $foundCerts) {
                     # Create hashtable to contain cert info
-                    $certHash = @{}
+                    $certHash = [PSCustomObject]@{}
                     # Use openssl to gather serial, subject, issuer and enddate information
-                    $certInfo = Invoke-Expression "$opensslBinary x509 -in $($cert.Path) -enddate -serial -subject -issuer -noout"
-                    $certSHA1 = Get-FileHash -Path $($cert.Path) -Algorithm SHA1
+                    $certInfo = Invoke-Expression "$opensslBinary x509 -in $($cert.Path) -enddate -serial -subject -issuer -fingerprint -sha1 -noout"
                     # Convert string data into a key/value pair
                     $certInfo | ForEach-Object {
                         $property = $_ | ConvertFrom-StringData
-
-                        # Convert notAfter property into datetime format
-                        if ($property.notAfter) {
-                            $date = $property.notAfter
-                            $date = $date.replace('GMT', '').Trim()
-                            $date = $date -replace '\s+', ' '
-                            $property.notAfter = [datetime]::ParseExact($date , "MMM d HH:mm:ss yyyy", $null)
+                        switch ($($property.keys)) {
+                            'notAfter' {
+                                $date = $property.notAfter
+                                $date = $date.replace('GMT', '').Trim()
+                                $date = $date -replace '\s+', ' '
+                                $property.notAfter = [datetime]::ParseExact($date , "MMM d HH:mm:ss yyyy", $null)
+                            }
+                            'sha1 Fingerprint' {
+                                $property.Values = ($($property.Values)).ToLower().Replace(":", "")
+                                $property.keys = 'sha1'
+                            }
+                            Default {
+                            }
                         }
-
-                        $certHash += $property
+                        $certHash | Add-Member -Name $property.keys -Type NoteProperty -Value "$($property.Values)"
                     }
-                    $certHash.Add('sha1', $certSHA1.Hash)
-
+                    # lastly add the username of the certificate to the hash:
+                    $certFile = Get-Item $($cert.Path)
+                    $username = $certFile.name.split('-')[0]
+                    $certHash | Add-Member -Name 'username' -Type NoteProperty -Value $username
+                    $certHash | Add-Member -Name 'generated' -Type NoteProperty -Value ($certFile.LastWriteTime.ToString('MM/dd/yyyy HH:mm:ss'))
                     # Add hash to certObj array
-                    $certObj += $certHash
+                    $certObj.add( $certHash) | Out-Null
                 }
             }
         }
diff --git a/scripts/automation/Radius/Functions/Private/HashFunctions/Convert-FromHashtable.ps1 b/scripts/automation/Radius/Functions/Private/HashFunctions/Convert-FromHashtable.ps1
new file mode 100644
index 000000000..cb146c64e
--- /dev/null
+++ b/scripts/automation/Radius/Functions/Private/HashFunctions/Convert-FromHashtable.ps1
@@ -0,0 +1,21 @@
+function ConvertFrom-HashTable {
+    # attribute function from https://stackoverflow.com/questions/73894087/how-do-i-convert-a-powershell-hashtable-to-an-object
+    # inspired from mklement0's answer
+    param(
+        [Parameter(Mandatory, ValueFromPipeline)]
+        [System.Collections.IDictionary] $HashTable
+    )
+    process {
+        $dict = New-Object System.Collections.Specialized.OrderedDictionary
+        foreach ($item in $HashTable.GetEnumerator()) {
+            if ($item.Value -is [System.Collections.IDictionary]) {
+                # Nested dictionary? Recurse.
+                $dict[[object] $item.Key] = ConvertFrom-HashTable -HashTable $item.Value # NOTE: Casting to [object] prevents problems with *numeric* hashtable keys.
+            } else {
+                # Copy value as-is.
+                $dict[[object] $item.Key] = $item.Value
+            }
+        }
+        [pscustomobject] $dict # Convert to [pscustomobject] and output.
+    }
+}
\ No newline at end of file
diff --git a/scripts/automation/Radius/Functions/Private/HashFunctions/Get-DynamicHash.ps1 b/scripts/automation/Radius/Functions/Private/HashFunctions/Get-DynamicHash.ps1
new file mode 100644
index 000000000..58261db9c
--- /dev/null
+++ b/scripts/automation/Radius/Functions/Private/HashFunctions/Get-DynamicHash.ps1
@@ -0,0 +1,66 @@
+Function Get-DynamicHash () {
+    [CmdletBinding()]
+    param (
+        [Parameter(Position = 0, Mandatory = $true)][ValidateSet('System', 'User', 'Command', 'Group')][string]$Object,
+        [Parameter(Position = 1, Mandatory = $true)][ValidateNotNullOrEmpty()][string[]]$returnProperties
+    )
+    DynamicParam {
+        if ($Object -eq 'Group') {
+            $paramDictionary = New-Object -Type System.Management.Automation.RuntimeDefinedParameterDictionary
+            $paramAttributesCollect = New-Object -Type System.Collections.ObjectModel.Collection[System.Attribute]
+
+            $paramAttributes = New-Object -Type System.Management.Automation.ParameterAttribute
+            $paramAttributes.Mandatory = $true
+            $paramAttributesCollect.Add($paramAttributes)
+            $paramAttributesCollect.Add((New-Object -Type System.Management.Automation.ValidateSetAttribute('System', 'User')))
+
+            $dynParam1 = New-Object -Type System.Management.Automation.RuntimeDefinedParameter("GroupType", [string], $paramAttributesCollect)
+
+            $paramDictionary.Add("GroupType", $dynParam1)
+            return $paramDictionary
+        }
+    }
+    begin {
+        $GroupType = $PSBoundParameters['GroupType']
+        $DynamicHash = New-Object System.Collections.Hashtable
+    }
+    process {
+        switch ($Object) {
+            System {
+                Write-Debug "Generating ResultsHash"
+                $ResultsHash = Get-JCSystem -returnProperties $returnProperties
+            }
+            User {
+                Write-Debug "Generating ResultsHash"
+                $ResultsHash = Get-JCUser -returnProperties $returnProperties
+            }
+            Command {
+                Write-Debug "Generating ResultsHash"
+                $ResultsHash = Get-JCCommand -returnProperties $returnProperties
+            }
+            Group {
+                Write-Debug "Generating ResultsHash"
+                $returnProperties += "id"
+                switch ($GroupType) {
+                    System {
+                        $ResultsHash = Get-JCGroup -Type System | Select-Object -Property $returnProperties
+                    }
+                    User {
+                        $ResultsHash = Get-JCGroup -Type User | Select-Object -Property $returnProperties
+                    }
+                }
+            }
+        }
+        Write-Debug "Adding results to hashtable"
+        foreach ($Result in $ResultsHash) {
+            if ($Result.id) {
+                $DynamicHash.Add($Result.id, @($Result))# | Select-Object -ExcludeProperty 'id'))
+            } else {
+                $DynamicHash.Add($Result._id, @($Result | Select-Object -Property *, @{Name = 'id'; Expression = { $_._id } } -ExcludeProperty '_id') )
+            }
+        }
+    }
+    end {
+        return $DynamicHash
+    }
+}
diff --git a/scripts/automation/Radius/Functions/Private/HashFunctions/Test-UserFromHash.ps1 b/scripts/automation/Radius/Functions/Private/HashFunctions/Test-UserFromHash.ps1
new file mode 100644
index 000000000..417183eef
--- /dev/null
+++ b/scripts/automation/Radius/Functions/Private/HashFunctions/Test-UserFromHash.ps1
@@ -0,0 +1,56 @@
+function Test-UserFromHash {
+    [CmdletBinding()]
+    param (
+        # Parameter help description
+        [Parameter(ParameterSetName = 'username')]
+        [System.String]
+        $username,
+        # Parameter help description
+        [Parameter(ParameterSetName = 'userid')]
+        [System.String]
+        $userID
+    )
+    begin {
+        # Get User Group membership
+        if ( -not $Global:JCRUsers ) {
+            $Global:JCRUsers = Get-Content -path "$JCScriptRoot/data/userHash.json" | ConvertFrom-Json -AsHashtable
+        }
+    }
+    process {
+        switch ($PSCmdlet.ParameterSetName) {
+            'userid' {
+                # validate that the userID is in the radiusMembership hash:
+                if ($Global:JCRRadiusMembers[$userID]) {
+                    # finally return the $matchedUser object
+                    $matchedUser = $Global:JCRUsers[$userID]
+                } else {
+                    $matchedUser = $null
+                }
+                $inputText = $userID
+            }
+            'username' {
+                # Get the index of the user within the hashtable
+                $matchedIndex = $Global:JCRUsers.values.username.ToLower().IndexOf($username.ToLower())
+                # Get the UserID from the keys
+                $matchedUserID = $Global:JCRUsers.keys[$matchedIndex]
+                # validate that the userID is in the radiusMembership hash:
+                if ($Global:JCRRadiusMembers[$matchedUserID]) {
+                    # finally return the $matchedUser object
+                    $matchedUser = $Global:JCRUsers[$matchedUserID]
+                } else {
+                    $matchedUser = $null
+                }
+                $inputText = $username
+            }
+        }
+        if ($matchedUser) {
+            Write-Debug "Matched Username Found: $($matchedUser.username)"
+        } else {
+            Write-Warning "User specified $inputText was not found within the Radius Server Membership Lists"
+            return $null
+        }
+    }
+    end {
+        return $matchedUser
+    }
+}
diff --git a/scripts/automation/Radius/Functions/Private/PadCenter.ps1 b/scripts/automation/Radius/Functions/Private/PadCenter.ps1
index 2f7ae3ddb..256dbb0d5 100644
--- a/scripts/automation/Radius/Functions/Private/PadCenter.ps1
+++ b/scripts/automation/Radius/Functions/Private/PadCenter.ps1
@@ -3,7 +3,11 @@ function PadCenter {
         [string]$string,
         [char]$char
     )
+    $maxlength = 120
     $length = $host.ui.rawui.windowsize.width
+    if ($length -gt $maxlength) {
+        $length = $maxlength
+    }
     $spaces = $length - $string.Length
     $padLeft = $spaces / 2 + $string.Length
     return $string.PadLeft($padLeft, $char).PadRight($length, $char)
diff --git a/scripts/automation/Radius/Functions/Private/Show-RadiusMainMenu.ps1 b/scripts/automation/Radius/Functions/Private/Show-RadiusMainMenu.ps1
index 1c41b3896..ee573c568 100644
--- a/scripts/automation/Radius/Functions/Private/Show-RadiusMainMenu.ps1
+++ b/scripts/automation/Radius/Functions/Private/Show-RadiusMainMenu.ps1
@@ -10,14 +10,14 @@ function Show-RadiusMainMenu {
     $cutoffDate = (Get-Date).AddDays(15).Date
 
     # Find all certs that will expire between current date and cut off date
-    $expiringCerts = Get-ExpiringCertInfo -certInfo $userCertInfo -cutoffDate $cutoffDate
+    $Global:expiringCerts = Get-ExpiringCertInfo -certInfo $userCertInfo -cutoffDate $cutoffDate
 
     # Get UserGroup information from Config.ps1
-    $radiusUserGroup = Get-JcSdkUserGroup -Id $JCUSERGROUP | Select-Object Name
-    $radiusUserGroupMemberCount = (Get-JcSdkUserGroupMember -GroupId $JCUSERGROUP).Count
+    $radiusUserGroup = Get-JcSdkUserGroup -Id $global:JCUSERGROUP | Select-Object Name
+    $radiusUserGroupMemberCount = (Get-JcSdkUserGroupMember -GroupId $global:JCUSERGROUP).Count
 
     # Get SSID information from Config.ps1
-    $radiusSSID = $NETWORKSSID.Split(';').Trim()
+    $radiusSSID = $Global:NETWORKSSID.replace(';', ' ')
 
     # Output for Users
     Clear-Host
@@ -35,29 +35,34 @@ function Show-RadiusMainMenu {
         Write-Host $(PadCenter -string "Root CA Serial Number: $($rootCAInfo.serial)" -char ' ') -ForegroundColor Green
         Write-Host $(PadCenter -string "Root CA Expiration: $($rootCAInfo.notAfter)`n" -char ' ') -ForegroundColor Green
     }
-    if ($expiringCerts) {
-        Write-Host $(PadCenter -string "$($($expiringCerts.subject).Count) user certs will expire in 15 days `n" -char ' ') -ForegroundColor Red
+    if ($Global:expiringCerts) {
+        Write-Host $(PadCenter -string "$($($Global:expiringCerts.subject).Count) user certs will expire in 15 days `n" -char ' ') -ForegroundColor Red
     }
-    Write-Host $(PadCenter -string "-" -char '-')
+    Write-Host $(PadCenter -string " Details " -char '-')
     # /==== ROOT CA ====
 
-    # ==== GROUP/SSID ====
+    # ==== GROUP/SSID/Global Variables  ====
     Write-Host $(PadCenter -string "Radius User Group: $($radiusUserGroup.Name)" -char " ") -ForegroundColor Green
     Write-Host $(PadCenter -string "Radius Users: $($radiusUserGroupMemberCount)" -char " ") -ForegroundColor Green
-    if ($radiusSSID.count -gt 1) {
-        Write-Host $(PadCenter -string "Radius SSIDs:" -char " ") -ForegroundColor Green
-        $radiusSSID | ForEach-Object {
-            Write-Host $(PadCenter -string $_ -char " ") -ForegroundColor Green
-        }
-    } else {
-        Write-Host $(PadCenter -string "Radius SSID: $radiusSSID" -char " ") -ForegroundColor Green
-        Write-Host "`n"
-    }
+    Write-Host $(PadCenter -string "Radius SSID(s): $radiusSSID" -char " ") -ForegroundColor Green
+    Write-Host $(PadCenter -string "Last Updated User/System Data: $($Global:JCRConfig.globalVars.lastupdate)" -char " ") -ForegroundColor Green
+    # Write-Host "`n"
+    # if ($radiusSSID.count -gt 1) {
+    #     Write-Host $(PadCenter -string "Radius SSIDs:" -char " ") -ForegroundColor Green
+    #     $radiusSSID | ForEach-Object {
+    #         Write-Host $(PadCenter -string $_ -char " ") -ForegroundColor Green
+    #     }
+    # } else {
+    #     Write-Host $(PadCenter -string "Radius SSID: $radiusSSID" -char " ") -ForegroundColor Green
+    #     Write-Host "`n"
+    # }
     # /==== GROUP/SSID ====
+
     Write-Host $(PadCenter -string "-" -char '-')
     Write-Host "1: Press '1' to generate your Root Certificate."
     Write-Host "2: Press '2' to generate/update your User Certificate(s)."
     Write-Host "3: Press '3' to distribute your User Certificate(s)."
     Write-Host "4: Press '4' to monitor your User Certification Distribution."
+    Write-Host "4: Press '5' to update User/System Data"
     Write-Host "Q: Press 'Q' to quit."
 }
\ No newline at end of file
diff --git a/scripts/automation/Radius/Functions/Private/SystemTable/New-SystemTable.ps1 b/scripts/automation/Radius/Functions/Private/SystemTable/New-SystemTable.ps1
new file mode 100644
index 000000000..27a4363c5
--- /dev/null
+++ b/scripts/automation/Radius/Functions/Private/SystemTable/New-SystemTable.ps1
@@ -0,0 +1,30 @@
+function New-SystemTable {
+    [CmdletBinding()]
+    param (
+        [Parameter()]
+        [System.String]
+        $userID
+    )
+    begin {
+        # Create new lists:
+        $systemAssociations = @()
+    }
+    process {
+        # Get User to System Associations:
+        $AssociationTable = $Global:JCRAssociations[$userID]
+        # $SystemUserAssociations += (Get-JCAssociation -Type user -Id $userID -TargetType system | Select-Object @{N = 'SystemID'; E = { $_.targetId } })
+        foreach ($system in $AssociationTable.systemAssociations) {
+            # $systemInfo = $GLOBAL:SystemHash[$system.resource_object_id]
+            $systemTable = @{
+                systemId    = $system.resource_object_id
+                displayName = $system.hostname
+                osFamily    = $system.device_os
+            }
+            $systemAssociations += $systemTable
+        }
+
+    }
+    end {
+        return $systemAssociations
+    }
+}
\ No newline at end of file
diff --git a/scripts/automation/Radius/Functions/Private/UserTable/Get-UserFromTable.ps1 b/scripts/automation/Radius/Functions/Private/UserTable/Get-UserFromTable.ps1
new file mode 100644
index 000000000..da890f362
--- /dev/null
+++ b/scripts/automation/Radius/Functions/Private/UserTable/Get-UserFromTable.ps1
@@ -0,0 +1,53 @@
+function Get-UserFromTable {
+    [CmdletBinding()]
+    param (
+        [Parameter()]
+        [System.String]
+        $jsonFilePath,
+        [Parameter()]
+        [System.String]
+        $userid
+    )
+    begin {
+        # Import User.Json/ create list if it does not exist
+        if (Test-Path -Path $jsonFilePath -PathType Leaf) {
+            $userArray = Get-Content -Raw -Path $jsonFilePath | ConvertFrom-Json -Depth 6
+            # If the json is a single item, explicitly make it a list so we can add to it
+            If ($userArray.count -eq 1) {
+                $array = New-Object System.Collections.ArrayList
+                $array.add($userArray)
+                $userArray = $array
+            }
+
+        } else {
+            New-Item -Path $jsonFilePath
+            $userArray = @()
+        }
+        # Get the user from the jsonData
+        $userObject = $Global:JCRUsers[$userid]
+
+    }
+    process {
+        try {
+            $userIndex = $userArray.userid.IndexOf($userid)
+            if ($userIndex -ge 0) {
+                $userArrayObject = $userArray[$userIndex]
+                Write-Host "[status] $($userObject.username) found in users.json at index: $userIndex "
+            } else {
+                throw
+            }
+        } catch {
+            # otherwise plan to append
+            $userIndex = $null
+            Write-Host "[status] $($userObject.username) not found in users.json"
+        }
+    }
+    end {
+        if ($userArrayObject) {
+            return $userArrayObject, $userIndex
+        } else {
+            return $null, $null
+        }
+    }
+}
+Get-userFromTable -jsonFilePath "$JCScriptRoot/users.json" -userId "5ef5fee5c421153422df086c"
\ No newline at end of file
diff --git a/scripts/automation/Radius/Functions/Private/UserTable/New-UserTable.ps1 b/scripts/automation/Radius/Functions/Private/UserTable/New-UserTable.ps1
new file mode 100644
index 000000000..26d763c89
--- /dev/null
+++ b/scripts/automation/Radius/Functions/Private/UserTable/New-UserTable.ps1
@@ -0,0 +1,40 @@
+function New-UserTable {
+    [CmdletBinding()]
+    param (
+        [Parameter()]
+        [System.String]
+        $id,
+        [Parameter()]
+        [System.String]
+        $username,
+        [Parameter()]
+        [System.String]
+        $localUsername
+    )
+    begin {
+        $userArray = Get-Content -Raw -Path "$JCScriptRoot/users.json" | ConvertFrom-Json -Depth 6
+        $systemAssociations = New-SystemTable -userID $id
+        # for new users, just set the commandAssociation to $null as they have
+        # not yet been issued a command
+        $commandAssociations = $null
+        if (-not $localUsername) {
+            $localUsername = $username
+        }
+        $certInfo = Get-CertInfo -UserCerts -username $username
+    }
+    process {
+        $userTable = [PSCustomObject]@{
+            userId              = $id
+            userName            = $username
+            localUsername       = $localUsername
+            systemAssociations  = $systemAssociations
+            commandAssociations = $commandAssociations
+            certInfo            = $certInfo
+        }
+        $userArray += $userTable
+
+    }
+    end {
+        $userArray | ConvertTo-Json -Depth 6 | Set-Content -Path "$JCScriptRoot/users.json"
+    }
+}
diff --git a/scripts/automation/Radius/Functions/Private/UserTable/Set-UserTable.ps1 b/scripts/automation/Radius/Functions/Private/UserTable/Set-UserTable.ps1
new file mode 100644
index 000000000..7d56ef56a
--- /dev/null
+++ b/scripts/automation/Radius/Functions/Private/UserTable/Set-UserTable.ps1
@@ -0,0 +1,79 @@
+function Set-UserTable {
+    [CmdletBinding(DefaultParameterSetName = 'lookup')]
+    param (
+        [Parameter(mandatory, ParameterSetName = 'index')]
+        [System.String]
+        $index,
+        [Parameter(mandatory, ParameterSetName = 'lookup')]
+        [System.String]
+        $id,
+        [Parameter()]
+        [System.String]
+        $username,
+        [Parameter()]
+        [System.String]
+        $localUsername,
+        [Parameter()]
+        [System.Object]
+        $systemAssociationsObject,
+        [Parameter()]
+        [System.Object]
+        $commandAssociationsObject,
+        [Parameter()]
+        [System.Object]
+        $certInfoObject
+    )
+    begin {
+        # Get User Array:
+        $userArray = Get-Content -Raw -Path "$JCScriptRoot/users.json" | ConvertFrom-Json -Depth 6
+        if ($PSBoundParameters.ContainsKey('index')) {
+            $userIndex = $index
+            $userObject = $userArray[$index]
+            Write-Warning "this is the old object"
+            $userObject
+        }
+        if (($PSBoundParameters.ContainsKey('lookup'))) {
+            # Get User From Table
+            $userObject, $userIndex = Get-UserFromTable -jsonFilePath "$JCScriptRoot/users.json" -userID $id
+        }
+
+        # determine if there's data to update from parameter input, else just
+        # use the existing data
+        if ($systemAssociationsObject) {
+            $systemAssociationsInfo = $systemAssociationsObject
+        } else {
+            $systemAssociationsInfo = $userObject.systemAssociations
+        }
+        if ($commandAssociationsObject) {
+            commandAssociationsInfo = $commandAssociationsObject
+        } else {
+            $commandAssociationsInfo = $userObject.commandAssociations
+        }
+        if ($certInfoObject) {
+            $certInfo = $certInfoObject
+        } else {
+            $certInfo = $userObject.certInfo
+        }
+    }
+    process {
+        # build the userTable object
+        $userTable = [PSCustomObject]@{
+            userId              = $userObject.userId
+            userName            = $userObject.username
+            localUsername       = $userObject.localUsername
+            systemAssociations  = $systemAssociationsInfo
+            commandAssociations = $commandAssociationsInfo
+            certInfo            = $certInfo
+        }
+        Write-Warning "this is the new object"
+        $userTable
+
+        # set the user table to new object
+        $userArray[$userIndex] = $userTable
+
+    }
+    end {
+        # update the userTable
+        $userArray | ConvertTo-Json -Depth 6 | Set-Content -Path "$JCScriptRoot/users.json"
+    }
+}
diff --git a/scripts/automation/Radius/Functions/Private/settings/Get-JCRSettingsFile.ps1 b/scripts/automation/Radius/Functions/Private/settings/Get-JCRSettingsFile.ps1
new file mode 100644
index 000000000..4dc3c78e0
--- /dev/null
+++ b/scripts/automation/Radius/Functions/Private/settings/Get-JCRSettingsFile.ps1
@@ -0,0 +1,45 @@
+function Get-JCRSettingsFile {
+    [CmdletBinding()]
+    param (
+        [Parameter(
+            DontShow,
+            HelpMessage = 'Returns Config.json with value, copy, write properties'
+        )]
+        [switch]
+        $raw
+    )
+
+    begin {
+        # Config should be in /PowerShell/JumpCloudModule/Config.json
+        $ModuleRoot = (Get-Item -Path:($global:JCScriptRoot))
+        $configFilePath = join-path -path $ModuleRoot -childpath 'settings.json'
+
+        if (-Not (test-path -path $configFilePath)) {
+            write-host "write new settings file $configFilePath"
+            # Create new file with default settings
+            New-JCRSettingsFile
+        }
+    }
+
+    process {
+        if (-Not $raw) {
+            $rawConfig = Get-Content -Path $configFilePath | ConvertFrom-Json
+            $config = @{}
+            foreach ($item in $rawConfig.psobject.Properties) {
+                # $config.$item
+                $config.Add($item.Name, @{})
+                foreach ($setting in $item.value.psobject.Properties) {
+                    # $setting
+                    $config.$($Item.Name).Add($setting.Name, $setting.value.value)
+                }
+            }
+        } else {
+            # Get Contents
+            $config = Get-Content -Path $configFilePath | ConvertFrom-Json
+        }
+    }
+
+    end {
+        return $config
+    }
+}
diff --git a/scripts/automation/Radius/Functions/Private/settings/New-JCRSettingsFile.ps1 b/scripts/automation/Radius/Functions/Private/settings/New-JCRSettingsFile.ps1
new file mode 100644
index 000000000..246970b8b
--- /dev/null
+++ b/scripts/automation/Radius/Functions/Private/settings/New-JCRSettingsFile.ps1
@@ -0,0 +1,41 @@
+function New-JCRSettingsFile {
+    [CmdletBinding()]
+    param (
+        [Parameter(
+            HelpMessage = 'To Force Re-Creation of the Config file, set the $force parameter to $true'
+        )]
+        [switch]
+        $force
+    )
+
+    begin {
+        # Config should be in /PowerShell/JumpCloudModule/Config.json
+        $ModuleRoot = (Get-Item -Path:($global:JCScriptRoot))
+        $configFilePath = join-path -path $ModuleRoot -childpath 'settings.json'
+
+        # Define Default Settings for the Config file
+        $date = Get-Date
+        $config = @{
+            'globalVars' = @{
+                'lastUpdate' = @{value = $date; write = $true; copy = $true ;
+                }
+            }
+        }
+    }
+
+    process {
+        # if creating the settings file for the first time, update global vars; lastupdate date
+        write-host "update vars"
+        Update-JCRGlobalVars -force
+    }
+
+    end {
+        write-host "endblock"
+        if ((test-path -Path $configFilePath) -And ($force)) {
+            $config | ConvertTo-Json | Out-File -FilePath $configFilePath
+        } else {
+            write-host "create new settings file:"
+            $config | ConvertTo-Json | Out-File -FilePath $configFilePath
+        }
+    }
+}
diff --git a/scripts/automation/Radius/Functions/Private/settings/Set-JCRSettingsFile.ps1 b/scripts/automation/Radius/Functions/Private/settings/Set-JCRSettingsFile.ps1
new file mode 100644
index 000000000..2a28a3889
--- /dev/null
+++ b/scripts/automation/Radius/Functions/Private/settings/Set-JCRSettingsFile.ps1
@@ -0,0 +1,100 @@
+function Set-JCRSettingsFile {
+    [CmdletBinding()]
+    param (
+    )
+    DynamicParam {
+        $ModuleRoot = (Get-Item -Path:($JCScriptRoot))
+        $configFilePath = join-path -path $ModuleRoot -childpath 'settings.json'
+
+
+        if (test-path -path $configFilePath) {
+            $config = Get-Content -Path $configFilePath | ConvertFrom-Json
+            # Create the dictionary
+            $RuntimeParameterDictionary = New-Object System.Management.Automation.RuntimeDefinedParameterDictionary
+            # Foreach key in the supplied config file:
+            foreach ($key in $config.PSObject.Properties) {
+                foreach ($item in $config.($key.Name).PSObject.Properties) {
+                    # Skip create dynamic params for these not-writable properties:
+                    if (($config.($key.Name).($item.Name).Write -eq $false)) {
+                        continue
+                    }
+                    # Set the dynamic parameters' name
+                    # write-host "adding dynamic param: $key$($item) $($config[$key][$item]['value'].getType().Name)"
+                    $ParamName_Filter = "$($key.Name)$($item.Name)"
+                    # Create the collection of attributes
+                    $AttributeCollection = New-Object System.Collections.ObjectModel.Collection[System.Attribute]
+                    # If ValidateSet is specified in the config file, set the value here:
+                    if ($config.($key.Name).($item.Name).validateSet) {
+                        $arrSet = @($($config.($key.Name).($item.Name).'validateSet').split())
+                        $ValidateSetAttribute = New-Object System.Management.Automation.ValidateSetAttribute($arrSet)
+                        $AttributeCollection.Add($ValidateSetAttribute)
+                    }
+                    # If the type of value is a bool, create a custom validateSet attribute here:
+                    $paramType = $($config.($key.Name).($item.Name)).getType().Name
+                    if ($paramType -eq 'boolean') {
+                        $arrSet = @("true", "false")
+                        $ValidateSetAttribute = New-Object System.Management.Automation.ValidateSetAttribute($arrSet)
+                        $AttributeCollection.Add($ValidateSetAttribute)
+                    }
+                    # Create and set the parameters' attributes
+                    $ParameterAttribute = New-Object System.Management.Automation.ParameterAttribute
+                    $ParameterAttribute.Mandatory = $false
+                    $ParameterAttribute.HelpMessage = "sets the $($item) settings for the $($key) feature"
+                    # Add the attributes to the attributes collection
+                    $AttributeCollection.Add($ParameterAttribute)
+                    # Add the param
+                    $RuntimeParameter = New-Object System.Management.Automation.RuntimeDefinedParameter($ParamName_Filter, $paramType, $AttributeCollection)
+                    $RuntimeParameterDictionary.Add($ParamName_Filter, $RuntimeParameter)
+                }
+            }
+            # Returns the dictionary
+            return $RuntimeParameterDictionary
+        }
+    }
+    begin {
+        if ($JCAPIKEY.length -ne 40) {
+            Connect-JCOnline -Force | Out-Null
+        }
+
+        # Config should be in /PowerShell/JumpCloudModule/Config.json
+        $ModuleRoot = (Get-Item -Path:($JCScriptRoot))
+        $configFilePath = join-path -path $ModuleRoot -childpath 'settings.json'
+
+        if (test-path -path $configFilePath) {
+            $config = Get-Content -Path $configFilePath | ConvertFrom-Json
+        } else {
+            New-JCSettingsFile
+            $config = Get-Content -Path $configFilePath | ConvertFrom-Json
+        }
+    }
+
+    process {
+        $params = $PSBoundParameters
+        # update config settings
+        foreach ($param in $params.Keys) {
+            foreach ($key in $config.PSObject.Properties) {
+                if ($param -match $key.Name) {
+                    # Split the name
+                    $ParamKey = $param -split $key.Name
+                    # assign the first group
+                    $config.($($key.Name)).($paramKey[1]).value = $params[$param]
+                }
+            }
+        }
+        # # Re-Calculate Parallel Settings:
+        # if (($config.'parallel'.'Override' -eq $true) -And (($config.'parallel'.'Eligible' -eq $true))) {
+        #     $config.'parallel'.'Calculated' = $false
+        # } elseif (($config.'parallel'.'Override'.'value' -eq $false) -And (($config.'parallel'.'Eligible'.'value' -eq $true))) {
+        #     $config.'parallel'.'Calculated'.'value' = $true
+        # } else {
+        #     $config.'parallel'.'Calculated'.'value' = $false
+        # }
+    }
+
+    end {
+        # Write out the new settings
+        $config | ConvertTo-Json | Out-File -FilePath $configFilePath
+        # Update Global Variable
+        $global:JCRConfig = Get-JCRSettingsFile
+    }
+}
\ No newline at end of file
diff --git a/scripts/automation/Radius/Functions/Private/settings/Update-JCRGlobalVars.ps1 b/scripts/automation/Radius/Functions/Private/settings/Update-JCRGlobalVars.ps1
new file mode 100644
index 000000000..b46abcd1b
--- /dev/null
+++ b/scripts/automation/Radius/Functions/Private/settings/Update-JCRGlobalVars.ps1
@@ -0,0 +1,163 @@
+function Update-JCRGlobalVars {
+    [CmdletBinding()]
+    param (
+        [Parameter()]
+        [switch]
+        $force
+    )
+    begin {
+        # ensure the data directory exists to cache the json files:
+        if (Test-Path "$JCScriptRoot/data") {
+            Write-Host "[status] Data Directory Exists"
+        } else {
+            Write-Host "[status] Creating Data Directory"
+            New-Item -ItemType Directory -Path "$JCScriptRoot/data"
+        }
+
+        # get settings file
+        $lastUpdateTimespan = New-TimeSpan -Start $global:JCRConfig.globalvars.lastupdate -end (Get-Date)
+        if ($lastUpdateTimespan.TotalHours -gt 24) {
+            $update = $true
+        } else {
+            $update = $false
+        }
+        if ($force) {
+            $update = $true
+        }
+    }
+    process {
+        switch ($update) {
+            $true {
+                # update the global variables
+                $systems = Get-DynamicHash -Object System -returnProperties hostname, os, osFamily, version, fde, lastContact
+                $users = Get-DynamicHash -Object User -returnProperties email, employeeIdentifier, department, suspended, location, Addresses, manager, sudo, Displayname, username, systemUsername
+                $users | ForEach-Object { $_ | Add-Member -name "userId" -value $_ -Type NoteProperty -force }
+                # Get Radius membership list:
+                $radiusMembers = Get-JcSdkUserGroupMember -GroupId $Global:JCUSERGROUP
+                # Get Report Hash:
+                $headers = @{
+                    "accept"    = "application/json";
+                    "x-api-key" = $Env:JCApiKey;
+                    "x-org-id"  = $Env:JCOrgId
+                }
+                # request new user to device report:
+                $reportRequest = Invoke-RestMethod -Uri 'https://api.jumpcloud.com/insights/directory/v1/reports/users-to-devices' -Method POST -Headers $headers
+                # now fetch available reports:
+                do {
+                    $reportList = Invoke-RestMethod -Uri 'https://api.jumpcloud.com/insights/directory/v1/reports?sort=CREATED_AT' -Method GET -Headers $headers
+                    $lastReport = $reportList | Where-Object { $_.id -eq $reportRequest.id }
+                    if ($lastReport.status -eq 'PENDING') {
+                        Write-Warning "[status] waiting 20s for jumpcloud report to complete"
+                        start-sleep -Seconds 20
+                    }
+                } until ($lastReport.status -eq 'COMPLETED')
+                # download json
+                $artifactID = ($lastReport.artifacts | Where-Object { $_.format -eq 'json' }).id
+                $reportID = $lastReport.id
+                $reportContent = Invoke-RestMethod -Uri "https://api.jumpcloud.com/insights/directory/v1/reports/$reportID/artifacts/$artifactID/content" -Method GET -Headers $headers
+                # create the hashtable:
+                $userAssociationList = New-Object System.Collections.Hashtable
+                foreach ($item in $reportContent) {
+                    if ($item.user_object_id -And $item.resource_object_id) {
+                        if (-not $userAssociationList[$item.user_object_id]) {
+                            $userAssociationList.add(
+                                $item.user_object_id, @{
+                                    'systemAssociations' = @($item | Select-Object -Property @{Name = 'systemId'; Expression = { $_.resource_object_id } }, hostname, device_os);
+                                    'userData'           = @($item | Select-Object -Property email, username)
+                                })
+                        } else {
+                            $userAssociationList[$item.user_object_id].systemAssociations += @($item | Select-Object -Property @{Name = 'systemId'; Expression = { $_.resource_object_id } }, hostname, device_os)
+                        }
+                    }
+                }
+            }
+            $false {
+                Write-Warning "It's been $($lastUpdateTimespan.hours) hours since we last pulled user, system and association data, no need to update"
+                $userAssociationList = Get-Content -Raw -Path "$JCScriptRoot/data/associationHash.json" | ConvertFrom-Json -Depth 6 -AsHashtable
+            }
+        }
+
+        # # validate that the system association data is correct in users.json:
+        $userArray = Get-Content -Raw -Path "$JCScriptRoot/users.json" | ConvertFrom-Json -Depth 6
+        foreach ($userid in $Global:JCRRadiusMembers.keys) {
+            $MatchedUser = $GLOBAL:JCRUsers[$userid]
+            Write-Host "checking out $($MatchedUser.username) userid: $userid"
+            $userArrayObject, $userIndex = Get-UserFromTable -userID $userid -jsonFilePath "$JCScriptRoot/users.json"
+
+            if ($userIndex -ge 0) {
+                # $userArrayObject
+                $currentSystemObject = $userArrayObject.systemAssociations
+                $incomingSystemObject = $userAssociationList[$userid].systemAssociations
+                # determine if there's some difference that needs to be recorded:
+                try {
+                    $difference = Compare-Object -ReferenceObject $currentSystemObject.systemId -DifferenceObject $incomingSystemObject.systemId
+                    if ($difference) {
+
+                        Set-UserTable -index $userIndex -username $MatchedUser.username -localUsername $MatchedUser.systemUsername -systemAssociationsObject ($incomingSystemObject | ConvertFrom-HashTable)
+                    }
+                } catch {
+                    <#Do this if a terminating exception happens#>
+                    $difference = $null
+                }
+                # if ($difference) {
+                #     # if there's a difference in systemIDS, update table with the incomingSystemObject
+                #     # $userTable = New-UserTable -id $userid -username $MatchedUser.username -localUsername $matchedUser.systemUsername
+                #     # Update-JsonData -jsonFilePath "$JCScriptRoot/users.json" -userID $userID -updatedUserTable $userTable
+                # }
+            } else {
+                # case for new user
+                New-UserTable -id $userid -username $MatchedUser.username -localUsername $matchedUser.systemUsername
+            }
+
+        }
+        # lastly validate users that should no longer be recorded:
+        $userArray = Get-Content -Raw -Path "$JCScriptRoot/users.json" | ConvertFrom-Json -Depth 6
+        foreach ($user in $userArray) {
+            # If userID from users.json is no longer in RadiusMembers.keys, then:
+            If ( -Not ($user.userId -in $Global:JCRRadiusMembers.keys) ) {
+                # Get User From Table
+                $userObject, $userIndex = Get-UserFromTable -jsonFilePath "$JCScriptRoot/users.json" -userID $user.userId
+                $userArray = $userArray | Where-Object { $_.userID -ne $user.userId }
+                # "removing $($user.userid)"
+            }
+            # Remove the User From Table
+        }
+        $userArray | ConvertTo-Json -Depth 6 | Set-Content -Path "$JCScriptRoot/users.json"
+    }
+    end {
+        switch ($update) {
+            $true {
+                # write hash cache
+                $users | ConvertTo-Json -Depth 10 |  Out-File "$JCScriptRoot/data/userHash.json"
+                $systems | ConvertTo-Json -Depth 10 |  Out-File "$JCScriptRoot/data/systemHash.json"
+                $userAssociationList | ConvertTo-Json -Depth 10 |  Out-File "$JCScriptRoot/data/associationHash.json"
+                # add the username to the membership hash
+                $radiusMemberList = New-Object System.Collections.Hashtable
+                foreach ($member in $radiusMembers) {
+                    $radiusMemberList.Add(
+                        $member.toID, @{
+                            'userID'   = $member.toID
+                            'username' = $users[$member.toID].username
+                        })
+                }
+                # $radiusMemberList = ($radiusMembers | select @{name = 'userID'; expression = { $_.toID } }, @{name = 'username'; expression = { $users[$_.toID].username } })
+                $radiusMemberList | ConvertTo-Json |  Out-File "$JCScriptRoot/data/radiusMembers.json"
+                # set global vars
+                $Global:JCRUsers = $users
+                $Global:JCRSystems = $systems
+                $Global:JCRAssociations = $userAssociationList
+                $Global:JCRRadiusMembers = $radiusMemberList
+                # update the settings date
+                Set-JCRSettingsFile -globalVarslastUpdate (Get-Date)
+            }
+            $false {
+                Write-Warning "pulling saved data from data file:"
+                # set global vars from local cache
+                $Global:JCRUsers = Get-Content -path "$JCScriptRoot/data/userHash.json" | ConvertFrom-Json -AsHashtable
+                $Global:JCRSystems = Get-Content -path "$JCScriptRoot/data/systemHash.json" | ConvertFrom-Json -AsHashtable
+                $Global:JCRAssociations = Get-Content -path "$JCScriptRoot/data/associationHash.json" | ConvertFrom-Json -AsHashtable
+                $Global:JCRRadiusMembers = Get-Content -path "$JCScriptRoot/data/radiusMembers.json" | ConvertFrom-Json -AsHashtable
+            }
+        }
+    }
+}
\ No newline at end of file
diff --git a/scripts/automation/Radius/Functions/Public/Generate-UserCerts.ps1 b/scripts/automation/Radius/Functions/Public/Generate-UserCerts.ps1
index be6252fd9..59367737f 100644
--- a/scripts/automation/Radius/Functions/Public/Generate-UserCerts.ps1
+++ b/scripts/automation/Radius/Functions/Public/Generate-UserCerts.ps1
@@ -1,3 +1,5 @@
+# TODO: param for testing
+
 # Import Global Config:
 . "$JCScriptRoot/config.ps1"
 Connect-JCOnline $JCAPIKEY -force
@@ -24,7 +26,7 @@ if ($env:certKeyPassword) {
 }
 
 # Import the functions
-Import-Module "$JCScriptRoot/Functions/JCRadiusCertDeployment.psm1" -DisableNameChecking -Force
+# Import-Module "$JCScriptRoot/Functions/JCRadiusCertDeployment.psm1" -DisableNameChecking -Force
 
 # Import User.Json/ create list if it does not exist
 if (Test-Path -Path "$JCScriptRoot/users.json" -PathType Leaf) {
@@ -42,23 +44,6 @@ if (Test-Path -Path "$JCScriptRoot/users.json" -PathType Leaf) {
     $userArray = @()
 }
 
-# Get user membership of group
-# TODO: update group membership if last date is -gt 30 mins
-if ( -not $GLOBAL:RadiusUserMembership ) {
-    $GLOBAL:RadiusUserMembership = Get-JCUserGroupMember -ByID $JCUSERGROUP
-    $groupMembers = $GLOBAL:RadiusUserMembership
-} else {
-    $groupMembers = $GLOBAL:RadiusUserMembership
-}
-if ($groupMembers) {
-    Write-Host "[status] Found $($groupmembers.count) users in Radius User Group"
-}
-
-# Get SystemHash
-# TODO: update group membership if last date is -gt 30 mins
-# TODO: global variable and track time last updated
-$SystemHash = Get-JCSystem -returnProperties displayName, os
-
 # Create UserCerts dir
 if (Test-Path "$JCScriptRoot/UserCerts") {
     Write-Host "[status] User Cert Directory Exists"
@@ -68,155 +53,167 @@ if (Test-Path "$JCScriptRoot/UserCerts") {
 }
 
 function Show-GenerationMenu {
-    $title = 'JumpCloud Radius Cert Deployment'
+    $title = ' JumpCloud Radius Cert Deployment '
     Clear-Host
-    Write-Host "================ $Title ================"
-    Write-Host "1: Press '1' to generate new certificates for NEW RADIUS users. $([char]0x1b)[96mNOTE: This will only generate certificates for users who have not yet had a certificate generated."
-    Write-Host "2: Press '2' to generate new certificates for ONE Specific RADIUS user. $([char]0x1b)[96mNOTE: you will be prompted to overwrite any previously generated certificates"
-    Write-Host "3: Press '3' to re-generate new certificates for ALL users. $([char]0x1b)[96mNOTE: This will overwrite any previously generated certificates"
-    Write-Host "4: Press '4' to re-generate new certificates for users who's cert is set to expire shortly. $([char]0x1b)[96mNOTE: This will overwrite any previously generated certificates"
+    Write-Host $(PadCenter -string $Title -char '=')
+    Write-Host $(PadCenter -string "Select an option below to generate/regenerate user certificates`n" -char ' ') -ForegroundColor Yellow
+    # ==== instructions ====
+    # TODO: move notes from below into a more legible location
+    # Write-Host $(PadCenter -string ' User Certificate Options ' -char '-')
+    # Write-Host $(PadCenter -string "$([char]0x1b)[96m[]: This will only generate certificates for users who do not have a certificate file yet.`n" -char ' ')
+
+    if ($Global:expiringCerts) {
+        Write-Host $(PadCenter -string ' Certs Expiring Soon ' -char '-')
+        $Global:expiringCerts | Format-Table -Property username, @{name = 'Remaining Days'; expression = { (New-TimeSpan -Start (Get-Date) -End ("$($_.notAfter)")).Days } }, @{name = "Expires On"; expression = { $_.notAfter } }
+    }
+
+    Write-Host $(PadCenter -string "-" -char '-')
+    Write-Host "1: Press '1' to generate new certificates for NEW RADIUS users. `n`t$([char]0x1b)[96mNOTE: This will only generate certificates for users who do not have a certificate file yet."
+    Write-Host "2: Press '2' to generate new certificates for ONE RADIUS user. `n`t$([char]0x1b)[96mNOTE: you will be prompted to overwrite any previously generated certificates"
+    Write-Host "3: Press '3' to re-generate new certificates for ALL users. `n`t$([char]0x1b)[96mNOTE: This will overwrite any local generated certificates"
+    Write-Host "4: Press '4' to re-generate new certificates for users who's cert is set to expire shortly. `n`t$([char]0x1b)[96mNOTE: This will overwrite any local generated certificates"
     Write-Host "E: Press 'E' to exit."
 }
 Do {
     Show-GenerationMenu
     $confirmation = Read-Host "Please make a selection"
+
     switch ($confirmation) {
         '1' {
             # process all users, generate certificates for uses who do not yet have a certificate
-            foreach ($user in $groupMembers) {
+            # Get List of files, figure out userList of users who've not had a cert generated:
+            $userCertFiles = Get-ChildItem -Path "$JCScriptRoot/UserCerts/" -Filter "*-client-signed.pfx"
+            $certFileList = New-Object System.Collections.ArrayList
+            foreach ($file in $userCertFiles) {
+                $userFromFile = $file.BaseName.Replace("-client-signed", "")
+                $certFileList.add($userFromFile) | Out-Null
+            }
+            # Get each RadiusMember User:
+            foreach ($user in $Global:JCRRadiusMembers.keys) {
                 # Get the user details:
-                $MatchedUser = get-webjcuser -userID $user.id
-                Write-Host "Generating Cert for user: $($MatchedUser.username)"
-                if ($matchedUser.id -in $userArray.userid) {
-                    if (Test-Path -Path "$JCScriptRoot/UserCerts/$($MatchedUser.username)-client-signed.pfx") {
-                        Write-Host "[status] $($MatchedUser.username) already has certs generated... skipping"
-                    } else {
-                        # Generate a new cert for this user:
-                        Generate-UserCert -CertType $CertType -user $MatchedUser -rootCAKey "$JCScriptRoot/Cert/radius_ca_key.pem" -rootCA "$JCScriptRoot/Cert/radius_ca_cert.pem" | Out-Null
-                    }
+                $MatchedUser = $GLOBAL:JCRUsers[$user]
+                # If the user has a certificate continue
+                if ($MatchedUser.username -in $certFileList) {
+                    #if the cert already exists, break
+                    Write-Host "[status] $($MatchedUser.username) has a certificate already. skipping..."
                 } else {
-                    Write-Host "[status] $($MatchedUser.username) not found in users.json"
-
-                    # Find user system associations
-                    $SystemUserAssociations = @()
-                    $SystemUserAssociations += (Get-JCAssociation -Type user -Id $MatchedUser.id -TargetType system | Select-Object @{N = 'SystemID'; E = { $_.targetId } })
-
-                    $systemAssociations = @()
-                    foreach ($system in $SystemUserAssociations) {
-                        $systemInfo = $SystemHash | Where-Object _id -EQ $system.SystemID
-                        $systemTable = @{
-                            systemId    = $systemInfo._id
-                            displayName = $systemInfo.displayName
-                            osFamily    = $systemInfo.os
-                        }
-                        $systemAssociations += $systemTable
-                    }
-
-                    $userTable = @{
-                        userId              = $MatchedUser.id
-                        userName            = $MatchedUser.username
-                        localUsername       = $(If ($MatchedUser.hasLocalUsername) {
-                                $matchedUser.localUsername
-                            } else {
-                                $matchedUser.username
-                            })
-                        systemAssociations  = $systemAssociations
-                        commandAssociations = @()
-                    }
-
-                    if (Test-Path -Path "$JCScriptRoot/UserCerts/$($MatchedUser.username)-client-signed.pfx") {
-                        Write-Host "[status] $($MatchedUser.username) has certs generated... adding to users.json"
+                    # if the user does not have a certificate, generate
+                    Generate-UserCert -CertType $CertType -user $MatchedUser -rootCAKey "$JCScriptRoot/Cert/radius_ca_key.pem" -rootCA "$JCScriptRoot/Cert/radius_ca_cert.pem" | Out-Null
+                    # Get the user from the users.json file
+                    $userObject, $userIndex = Get-UserFromTable -jsonFilePath "$JCScriptRoot/users.json" -userID $MatchedUser.id
+                    # set user table:
+                    if ($userIndex -ge 0) {
+                        # update the new certificate info & set commandAssociation to $null
+                        # TODO: commandAssociation not being set to null
+                        $certInfo = Get-CertInfo -UserCerts -username $MatchedUser.username
+                        Set-UserTable -index $userIndex -certInfoObject $certInfo -commandAssociationsObject $null
                     } else {
-                        Generate-UserCert -CertType $CertType -user $MatchedUser -rootCAKey "$JCScriptRoot/Cert/radius_ca_key.pem" -rootCA "$JCScriptRoot/Cert/radius_ca_cert.pem" | Out-Null
+                        # Create a new table entry
+                        New-UserTable -id $MatchedUser.id -username $MatchedUser.username -localUsername $MatchedUser.systemUsername
                     }
-                    $userArray += $userTable
                 }
             }
-            # Update UserArray
-            $userArray | ConvertTo-Json -Depth 6 | Out-File "$JCScriptRoot\users.json"
             Break
         }
         '2' {
-            # process individual users, generate certificates for users who have not been added to users.json
-            # if users have been added to users.json, prompt to re-generate
-            Clear-Variable "ConfirmUser"
-            while (-not $confirmUser) {
+            while (-not $confirmUser.id) {
                 $confirmationUser = Read-Host "Enter the Username or UserID of the user"
-                $confirmUser = Test-User -username $confirmationUser -debug
+                $confirmUser = Test-UserFromHash -username $confirmationUser -debug
             }
-            # get data about the user
-            $MatchedUser = get-webjcuser -userID $confirmUser.UserID
             # Generate a new cert for this user:
-            if ($matchedUser.id -in $userArray.userid) {
-                if (Test-Path -Path "$JCScriptRoot/UserCerts/$($MatchedUser.username)-client-signed.pfx") {
-                    Do {
-                        $overwrite = Read-Host "do you want to overwrite yn?"
-                        switch ($overwrite) {
-                            'y' {
-                                Generate-UserCert -CertType $CertType -user $MatchedUser -rootCAKey "$JCScriptRoot/Cert/radius_ca_key.pem" -rootCA "$JCScriptRoot/Cert/radius_ca_cert.pem" | Out-Null
-                                Break
+            if (Test-Path -Path "$JCScriptRoot/UserCerts/$($confirmUser.username)-client-signed.pfx") {
+                Do {
+                    $overwrite = Read-Host "do you want to overwrite y/n?"
+                    switch ($overwrite) {
+                        'y' {
+                            Generate-UserCert -CertType $CertType -user $confirmUser -rootCAKey "$JCScriptRoot/Cert/radius_ca_key.pem" -rootCA "$JCScriptRoot/Cert/radius_ca_cert.pem" | Out-Null
+                            Break
 
-                            }
-                            'n' {
-                                Write-Host "[status] $($MatchedUser.username) already has certs generated... skipping"
-                                Break
+                        }
+                        'n' {
+                            Write-Host "[status] $($confirmUser.username) already has certs generated... skipping"
+                            Break
 
-                            }
                         }
-                    } until (($overwrite -eq "y") -or ($overwrite -eq "n"))
-                } else {
-                    # Generate a new cert for this user:
-                    Generate-UserCert -CertType $CertType -user $MatchedUser -rootCAKey "$JCScriptRoot/Cert/radius_ca_key.pem" -rootCA "$JCScriptRoot/Cert/radius_ca_cert.pem" | Out-Null
-                }
-            } else {
-                Write-Host "[status] $($MatchedUser.username) not found in users.json"
-
-                # Find user system associations
-                $SystemUserAssociations = @()
-                $SystemUserAssociations += (Get-JCAssociation -Type user -Id $MatchedUser.id -TargetType system | Select-Object @{N = 'SystemID'; E = { $_.targetId } })
-
-                $systemAssociations = @()
-                foreach ($system in $SystemUserAssociations) {
-                    $systemInfo = $SystemHash | Where-Object _id -EQ $system.SystemID
-                    $systemTable = @{
-                        systemId    = $systemInfo._id
-                        displayName = $systemInfo.displayName
-                        osFamily    = $systemInfo.os
                     }
-                    $systemAssociations += $systemTable
-                }
-
-                $userTable = @{
-                    userId              = $MatchedUser.id
-                    userName            = $MatchedUser.username
-                    localUsername       = $(If ($MatchedUser.hasLocalUsername) {
-                            $matchedUser.localUsername
-                        } else {
-                            $matchedUser.username
-                        })
-                    systemAssociations  = $systemAssociations
-                    commandAssociations = @()
-                }
-
-                if (Test-Path -Path "$JCScriptRoot/UserCerts/$($MatchedUser.username)-client-signed.pfx") {
-                    Write-Host "[status] $($MatchedUser.username) has certs generated... adding to users.json"
-                } else {
-                    Generate-UserCert -CertType $CertType -user $MatchedUser -rootCAKey "$JCScriptRoot/Cert/radius_ca_key.pem" -rootCA "$JCScriptRoot/Cert/radius_ca_cert.pem" | Out-Null
-                }
-                $userArray += $userTable
+                } until (($overwrite -eq "y") -or ($overwrite -eq "n"))
+            } else {
+                # Generate a new cert for this user:
+                Generate-UserCert -CertType $CertType -user $confirmUser -rootCAKey "$JCScriptRoot/Cert/radius_ca_key.pem" -rootCA "$JCScriptRoot/Cert/radius_ca_cert.pem" | Out-Null
             }
-            # Update UserArray
-            $userArray | ConvertTo-Json -Depth 6 | Out-File "$JCScriptRoot\users.json"
+            # Get the user from the users.json file
+            $userObject, $userIndex = Get-UserFromTable -jsonFilePath "$JCScriptRoot/users.json" -userID $confirmUser.id
+            # set user table:
+            if ($userIndex -ge 0) {
+                Write-Warning "setting existing table for user $($confirmUser.username)"
+                # update the new certificate info & set commandAssociation to $null
+                # TODO: commandAssociation not being set to null
+                $certInfo = Get-CertInfo -UserCerts -username $confirmUser.username
+                Set-UserTable -index $userIndex -certInfoObject $certInfo -commandAssociationsObject $null
+            } else {
+                Write-Warning "setting new table for user $($confirmUser.username)"
+                # Create a new table entry
+                New-UserTable -id $confirmUser.id -username $confirmUser.username -localUsername $confirmUser.systemUsername
+            }
+            # clear the user variable:
+            Clear-Variable "ConfirmUser"
             Break
         }
         '3' {
-            # process new users, re-generate certificates for users who have not been added to users.json
-            # TODO: implement
+            # re-generate new certificates for ALL users
+            foreach ($user in $Global:JCRRadiusMembers.keys) {
+                # Get the user details:
+                $MatchedUser = $GLOBAL:JCRUsers[$user]
+                # Regenerate
+                Generate-UserCert -CertType $CertType -user $MatchedUser -rootCAKey "$JCScriptRoot/Cert/radius_ca_key.pem" -rootCA "$JCScriptRoot/Cert/radius_ca_cert.pem" | Out-Null
+                # Get the user from the users.json file
+                $userObject, $userIndex = Get-UserFromTable -jsonFilePath "$JCScriptRoot/users.json" -userID $MatchedUser.id
+                # set user table:
+                if ($userIndex -ge 0) {
+                    # update the new certificate info & set commandAssociation to $null
+                    # TODO: commandAssociation not being set to null
+                    $certInfo = Get-CertInfo -UserCerts -username $MatchedUser.username
+                    Set-UserTable -index $userIndex -certInfoObject $certInfo -commandAssociationsObject $null
+                } else {
+                    # Create a new table entry
+                    New-UserTable -id $MatchedUser.id -username $MatchedUser.username -localUsername $MatchedUser.systemUsername
+                }
+            }
             Break
         }
         '4' {
-            #TODO: overwrite soon to expire certificates
 
+            do {
+                $overwrite = Read-Host "do you want to overwrite yn?"
+                switch ($overwrite) {
+                    'y' {
+                        foreach ($userCert in $Global:expiringCerts) {
+                            $userArrayIndex = $userArray.username.IndexOf($userCert.username)
+                            $IdentifiedUser = $userArray[$userArrayIndex]
+                            $MatchedUser = $GLOBAL:JCRUsers[$IdentifiedUser.userid]
+                            Generate-UserCert -CertType $CertType -user $MatchedUser -rootCAKey "$JCScriptRoot/Cert/radius_ca_key.pem" -rootCA "$JCScriptRoot/Cert/radius_ca_cert.pem" | Out-Null
+                            # Get the user from the users.json file
+                            $userObject, $userIndex = Get-UserFromTable -jsonFilePath "$JCScriptRoot/users.json" -userID $MatchedUser.id
+                            # set user table:
+                            if ($userIndex -ge 0) {
+                                # update the new certificate info & set commandAssociation to $null
+                                # TODO: commandAssociation not being set to null
+                                $certInfo = Get-CertInfo -UserCerts -username $MatchedUser.username
+                                Set-UserTable -index $userIndex -certInfoObject $certInfo -commandAssociationsObject $null
+                            } else {
+                                # Create a new table entry
+                                New-UserTable -id $MatchedUser.id -username $MatchedUser.username -localUsername $MatchedUser.systemUsername
+                            }
+                        }
+                        Break
+                    }
+                    'n' {
+                        Write-Host "[status] $($MatchedUser.username) already has certs generated... skipping"
+                        Break
+
+                    }
+                }
+            } until (($overwrite -eq "y") -or ($overwrite -eq "n"))
         }
         'E' {
             Write-Host "Returning to main menu"
diff --git a/scripts/automation/Radius/Start-RadiusDeployment.ps1 b/scripts/automation/Radius/Start-RadiusDeployment.ps1
index 28aa5d585..21dcc1764 100644
--- a/scripts/automation/Radius/Start-RadiusDeployment.ps1
+++ b/scripts/automation/Radius/Start-RadiusDeployment.ps1
@@ -25,6 +25,8 @@ do {
             . "$JCScriptRoot/Functions/Public/Distribute-UserCerts.ps1"
         } '4' {
             . "$JCScriptRoot/Functions/Public/Monitor-CertDeployment.ps1"
+        } '5' {
+            . "$JCScriptRoot/Functions/Public/Update-JCRData.ps1"
         }
     }
     Pause

From 7b737ee48cc27e6b8697a669abf1698fc375ca27 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Tue, 2 Jan 2024 10:57:37 -0700
Subject: [PATCH 008/346] fix for global variables setup

---
 .../Functions/JCRadiusCertDeployment.psm1     |  9 +-
 .../Private/UserTable/Get-UserFromTable.ps1   |  1 -
 ...CRGlobalVars.ps1 => Get-JCRGlobalVars.ps1} | 94 ++++++-------------
 .../Private/settings/New-JCRSettingsFile.ps1  |  2 +-
 .../Private/settings/Update-JCRUsersJson.ps1  | 61 ++++++++++++
 .../Radius/Start-RadiusDeployment.ps1         |  5 +-
 6 files changed, 100 insertions(+), 72 deletions(-)
 rename scripts/automation/Radius/Functions/Private/settings/{Update-JCRGlobalVars.ps1 => Get-JCRGlobalVars.ps1} (65%)
 create mode 100644 scripts/automation/Radius/Functions/Private/settings/Update-JCRUsersJson.ps1

diff --git a/scripts/automation/Radius/Functions/JCRadiusCertDeployment.psm1 b/scripts/automation/Radius/Functions/JCRadiusCertDeployment.psm1
index a3d816d39..33583af7c 100644
--- a/scripts/automation/Radius/Functions/JCRadiusCertDeployment.psm1
+++ b/scripts/automation/Radius/Functions/JCRadiusCertDeployment.psm1
@@ -12,8 +12,7 @@ Foreach ($Import in $Private) {
 
 $global:JCRConfig = Get-JCRSettingsFile
 
-Update-JCRGlobalVars
-
-# if ($global:JCConfig.globalVars.lastupdate - ) {
-
-# }
\ No newline at end of file
+# Get global variables or update if necessary
+Get-JCRGlobalVars
+# Update Users Json if there's a change
+Update-JCRUsersJson
diff --git a/scripts/automation/Radius/Functions/Private/UserTable/Get-UserFromTable.ps1 b/scripts/automation/Radius/Functions/Private/UserTable/Get-UserFromTable.ps1
index da890f362..0b6f5f433 100644
--- a/scripts/automation/Radius/Functions/Private/UserTable/Get-UserFromTable.ps1
+++ b/scripts/automation/Radius/Functions/Private/UserTable/Get-UserFromTable.ps1
@@ -50,4 +50,3 @@ function Get-UserFromTable {
         }
     }
 }
-Get-userFromTable -jsonFilePath "$JCScriptRoot/users.json" -userId "5ef5fee5c421153422df086c"
\ No newline at end of file
diff --git a/scripts/automation/Radius/Functions/Private/settings/Update-JCRGlobalVars.ps1 b/scripts/automation/Radius/Functions/Private/settings/Get-JCRGlobalVars.ps1
similarity index 65%
rename from scripts/automation/Radius/Functions/Private/settings/Update-JCRGlobalVars.ps1
rename to scripts/automation/Radius/Functions/Private/settings/Get-JCRGlobalVars.ps1
index b46abcd1b..354de3dda 100644
--- a/scripts/automation/Radius/Functions/Private/settings/Update-JCRGlobalVars.ps1
+++ b/scripts/automation/Radius/Functions/Private/settings/Get-JCRGlobalVars.ps1
@@ -1,4 +1,4 @@
-function Update-JCRGlobalVars {
+function Get-JCRGlobalVars {
     [CmdletBinding()]
     param (
         [Parameter()]
@@ -24,6 +24,17 @@ function Update-JCRGlobalVars {
         if ($force) {
             $update = $true
         }
+
+        # also validate that the data files are non-null, if they are, force update]
+        $requiredHashFiles = @('associationHash.json', 'radiusMembers.json', 'systemHash.json', 'userHash.json')
+        foreach ($file in $requiredHashFiles) {
+            $fileContents = Get-Content "$JCScriptRoot/data/$file"
+            if ([string]::IsNullOrEmpty($file)) {
+                Write-Host "[status] $JCScriptRoot/data/$file file is null, updating global variables"
+                $update = $true
+                break
+            }
+        }
     }
     process {
         switch ($update) {
@@ -31,9 +42,18 @@ function Update-JCRGlobalVars {
                 # update the global variables
                 $systems = Get-DynamicHash -Object System -returnProperties hostname, os, osFamily, version, fde, lastContact
                 $users = Get-DynamicHash -Object User -returnProperties email, employeeIdentifier, department, suspended, location, Addresses, manager, sudo, Displayname, username, systemUsername
-                $users | ForEach-Object { $_ | Add-Member -name "userId" -value $_ -Type NoteProperty -force }
+                # $users | ForEach-Object { $_ | Add-Member -name "userId" -value $_ -Type NoteProperty -force }
                 # Get Radius membership list:
                 $radiusMembers = Get-JcSdkUserGroupMember -GroupId $Global:JCUSERGROUP
+                # add the username to the membership hash
+                $radiusMemberList = New-Object System.Collections.Hashtable
+                foreach ($member in $radiusMembers) {
+                    $radiusMemberList.Add(
+                        $member.toID, @{
+                            'userID'   = $member.toID
+                            'username' = $users[$member.toID].username
+                        })
+                }
                 # Get Report Hash:
                 $headers = @{
                     "accept"    = "application/json";
@@ -70,78 +90,24 @@ function Update-JCRGlobalVars {
                         }
                     }
                 }
+
+                # finally write out the data to file:
+                Write-host "writing files"
+                $users | ConvertTo-Json -Depth 100 -Compress |  Out-File "$JCScriptRoot/data/userHash.json"
+                $systems | ConvertTo-Json -Depth 10 |  Out-File "$JCScriptRoot/data/systemHash.json"
+                $userAssociationList | ConvertTo-Json -Depth 10 |  Out-File "$JCScriptRoot/data/associationHash.json"
+                $radiusMemberList | ConvertTo-Json |  Out-File "$JCScriptRoot/data/radiusMembers.json"
             }
             $false {
                 Write-Warning "It's been $($lastUpdateTimespan.hours) hours since we last pulled user, system and association data, no need to update"
                 $userAssociationList = Get-Content -Raw -Path "$JCScriptRoot/data/associationHash.json" | ConvertFrom-Json -Depth 6 -AsHashtable
             }
         }
-
-        # # validate that the system association data is correct in users.json:
-        $userArray = Get-Content -Raw -Path "$JCScriptRoot/users.json" | ConvertFrom-Json -Depth 6
-        foreach ($userid in $Global:JCRRadiusMembers.keys) {
-            $MatchedUser = $GLOBAL:JCRUsers[$userid]
-            Write-Host "checking out $($MatchedUser.username) userid: $userid"
-            $userArrayObject, $userIndex = Get-UserFromTable -userID $userid -jsonFilePath "$JCScriptRoot/users.json"
-
-            if ($userIndex -ge 0) {
-                # $userArrayObject
-                $currentSystemObject = $userArrayObject.systemAssociations
-                $incomingSystemObject = $userAssociationList[$userid].systemAssociations
-                # determine if there's some difference that needs to be recorded:
-                try {
-                    $difference = Compare-Object -ReferenceObject $currentSystemObject.systemId -DifferenceObject $incomingSystemObject.systemId
-                    if ($difference) {
-
-                        Set-UserTable -index $userIndex -username $MatchedUser.username -localUsername $MatchedUser.systemUsername -systemAssociationsObject ($incomingSystemObject | ConvertFrom-HashTable)
-                    }
-                } catch {
-                    <#Do this if a terminating exception happens#>
-                    $difference = $null
-                }
-                # if ($difference) {
-                #     # if there's a difference in systemIDS, update table with the incomingSystemObject
-                #     # $userTable = New-UserTable -id $userid -username $MatchedUser.username -localUsername $matchedUser.systemUsername
-                #     # Update-JsonData -jsonFilePath "$JCScriptRoot/users.json" -userID $userID -updatedUserTable $userTable
-                # }
-            } else {
-                # case for new user
-                New-UserTable -id $userid -username $MatchedUser.username -localUsername $matchedUser.systemUsername
-            }
-
-        }
-        # lastly validate users that should no longer be recorded:
-        $userArray = Get-Content -Raw -Path "$JCScriptRoot/users.json" | ConvertFrom-Json -Depth 6
-        foreach ($user in $userArray) {
-            # If userID from users.json is no longer in RadiusMembers.keys, then:
-            If ( -Not ($user.userId -in $Global:JCRRadiusMembers.keys) ) {
-                # Get User From Table
-                $userObject, $userIndex = Get-UserFromTable -jsonFilePath "$JCScriptRoot/users.json" -userID $user.userId
-                $userArray = $userArray | Where-Object { $_.userID -ne $user.userId }
-                # "removing $($user.userid)"
-            }
-            # Remove the User From Table
-        }
-        $userArray | ConvertTo-Json -Depth 6 | Set-Content -Path "$JCScriptRoot/users.json"
     }
     end {
         switch ($update) {
             $true {
-                # write hash cache
-                $users | ConvertTo-Json -Depth 10 |  Out-File "$JCScriptRoot/data/userHash.json"
-                $systems | ConvertTo-Json -Depth 10 |  Out-File "$JCScriptRoot/data/systemHash.json"
-                $userAssociationList | ConvertTo-Json -Depth 10 |  Out-File "$JCScriptRoot/data/associationHash.json"
-                # add the username to the membership hash
-                $radiusMemberList = New-Object System.Collections.Hashtable
-                foreach ($member in $radiusMembers) {
-                    $radiusMemberList.Add(
-                        $member.toID, @{
-                            'userID'   = $member.toID
-                            'username' = $users[$member.toID].username
-                        })
-                }
-                # $radiusMemberList = ($radiusMembers | select @{name = 'userID'; expression = { $_.toID } }, @{name = 'username'; expression = { $users[$_.toID].username } })
-                $radiusMemberList | ConvertTo-Json |  Out-File "$JCScriptRoot/data/radiusMembers.json"
+
                 # set global vars
                 $Global:JCRUsers = $users
                 $Global:JCRSystems = $systems
diff --git a/scripts/automation/Radius/Functions/Private/settings/New-JCRSettingsFile.ps1 b/scripts/automation/Radius/Functions/Private/settings/New-JCRSettingsFile.ps1
index 246970b8b..6c105376b 100644
--- a/scripts/automation/Radius/Functions/Private/settings/New-JCRSettingsFile.ps1
+++ b/scripts/automation/Radius/Functions/Private/settings/New-JCRSettingsFile.ps1
@@ -26,7 +26,7 @@ function New-JCRSettingsFile {
     process {
         # if creating the settings file for the first time, update global vars; lastupdate date
         write-host "update vars"
-        Update-JCRGlobalVars -force
+        Get-JCRGlobalVars -force
     }
 
     end {
diff --git a/scripts/automation/Radius/Functions/Private/settings/Update-JCRUsersJson.ps1 b/scripts/automation/Radius/Functions/Private/settings/Update-JCRUsersJson.ps1
new file mode 100644
index 000000000..ccb79c2b8
--- /dev/null
+++ b/scripts/automation/Radius/Functions/Private/settings/Update-JCRUsersJson.ps1
@@ -0,0 +1,61 @@
+function Update-JCRUsersJson {
+    [CmdletBinding()]
+    param (
+        [Parameter()]
+        [switch]
+        $force
+    )
+    begin {
+
+    }
+    process {
+        # validate that the system association data is correct in users.json:
+        $userArray = Get-Content -Raw -Path "$JCScriptRoot/users.json" | ConvertFrom-Json -Depth 6
+        foreach ($userid in $Global:JCRRadiusMembers.keys) {
+            $MatchedUser = $GLOBAL:JCRUsers[$userid]
+            Write-Host "checking out $($MatchedUser.username) userid: $userid"
+            $userArrayObject, $userIndex = Get-UserFromTable -userID $userid -jsonFilePath "$JCScriptRoot/users.json"
+
+            if ($userIndex -ge 0) {
+                # $userArrayObject
+                $currentSystemObject = $userArrayObject.systemAssociations
+                $incomingSystemObject = $Global:JCRAssociations[$userid].systemAssociations
+                # determine if there's some difference that needs to be recorded:
+                try {
+                    $difference = Compare-Object -ReferenceObject $currentSystemObject.systemId -DifferenceObject $incomingSystemObject.systemId
+                    if ($difference) {
+
+                        Set-UserTable -index $userIndex -username $MatchedUser.username -localUsername $MatchedUser.systemUsername -systemAssociationsObject ($incomingSystemObject | ConvertFrom-HashTable)
+                    }
+                } catch {
+                    <#Do this if a terminating exception happens#>
+                    $difference = $null
+                }
+                # if ($difference) {
+                #     # if there's a difference in systemIDS, update table with the incomingSystemObject
+                #     # $userTable = New-UserTable -id $userid -username $MatchedUser.username -localUsername $matchedUser.systemUsername
+                #     # Update-JsonData -jsonFilePath "$JCScriptRoot/users.json" -userID $userID -updatedUserTable $userTable
+                # }
+            } else {
+                # case for new user
+                New-UserTable -id $userid -username $MatchedUser.username -localUsername $matchedUser.systemUsername
+            }
+
+        }
+        # lastly validate users that should no longer be recorded:
+        $userArray = Get-Content -Raw -Path "$JCScriptRoot/users.json" | ConvertFrom-Json -Depth 6
+        foreach ($user in $userArray) {
+            # If userID from users.json is no longer in RadiusMembers.keys, then:
+            If ( -Not ($user.userId -in $Global:JCRRadiusMembers.keys) ) {
+                # Get User From Table
+                $userObject, $userIndex = Get-UserFromTable -jsonFilePath "$JCScriptRoot/users.json" -userID $user.userId
+                $userArray = $userArray | Where-Object { $_.userID -ne $user.userId }
+                # "removing $($user.userid)"
+            }
+            # Remove the User From Table
+        }
+    }
+    end {
+        $userArray | ConvertTo-Json -Depth 6 | Set-Content -Path "$JCScriptRoot/users.json"
+    }
+}
\ No newline at end of file
diff --git a/scripts/automation/Radius/Start-RadiusDeployment.ps1 b/scripts/automation/Radius/Start-RadiusDeployment.ps1
index 21dcc1764..5d3425b7e 100644
--- a/scripts/automation/Radius/Start-RadiusDeployment.ps1
+++ b/scripts/automation/Radius/Start-RadiusDeployment.ps1
@@ -1,6 +1,9 @@
 # Import Global Config:
+Write-Verbose 'Verifying JCAPI Key'
+if ($JCAPIKEY.length -ne 40) {
+    Connect-JCOnline -force
+}
 . "$psscriptroot/config.ps1"
-Connect-JCOnline $JCAPIKEY -force
 
 ################################################################################
 # Do not modify below

From bba10cbf973028b7ac150cb00e710d002db9db5d Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Tue, 2 Jan 2024 14:56:45 -0700
Subject: [PATCH 009/346] distribute by username, more TODOs

---
 .../Private/Deploy-UserCertificate.ps1        | 446 +++++++++
 .../Private/UserTable/Set-UserTable.ps1       |   2 +-
 .../commands/get-commandByUsername.ps1        |  27 +
 .../commands/get-queuedCommandByUser.ps1      |  34 +
 .../commands/invoke-commandByUserId.ps1       |  51 +
 .../Functions/Public/Distribute-UserCerts.ps1 | 913 ++++++++++--------
 6 files changed, 1065 insertions(+), 408 deletions(-)
 create mode 100644 scripts/automation/Radius/Functions/Private/Deploy-UserCertificate.ps1
 create mode 100644 scripts/automation/Radius/Functions/Private/commands/get-commandByUsername.ps1
 create mode 100644 scripts/automation/Radius/Functions/Private/commands/get-queuedCommandByUser.ps1
 create mode 100644 scripts/automation/Radius/Functions/Private/commands/invoke-commandByUserId.ps1

diff --git a/scripts/automation/Radius/Functions/Private/Deploy-UserCertificate.ps1 b/scripts/automation/Radius/Functions/Private/Deploy-UserCertificate.ps1
new file mode 100644
index 000000000..4207fc17a
--- /dev/null
+++ b/scripts/automation/Radius/Functions/Private/Deploy-UserCertificate.ps1
@@ -0,0 +1,446 @@
+function Deploy-UserCertificate {
+    [CmdletBinding()]
+    param (
+        # Parameter help description
+        [Parameter(Mandatory)]
+        [System.Object[]]
+        $userObject,
+        # Parameter help description
+        [Parameter()]
+        [switch]
+        $force
+    )
+
+    begin {
+        # $userArray = Get-Content -Raw -Path "$JCScriptRoot/users.json" | ConvertFrom-Json -Depth 10
+
+        # take stock of the user object
+
+    }
+
+    process {
+        foreach ($user in $userObject) {
+
+            #### Begin removal of queued commands + existing command:
+            # TODO: get existing command for the user + remove
+            Write-Warning "clearing existing commands for $($user.username)"
+            $radiusCommandsByUser = Get-CommandByUsername -username $user.username
+            foreach ($command in $radiusCommandsByUser) {
+                Remove-JcSdkCommand -Id $command.id | Out-Null
+            }
+            Write-Warning "clearing queued commands for $($user.username)"
+            # TODO: get queued command for the user + remove
+            $queuedRadiusCommandsByUser = Get-queuedCommandByUser -username $user.username
+            foreach ($queuedCommand in $queuedRadiusCommandsByUser) {
+                Clear-JCQueuedCommand -workflowId $queuedCommand.id | Out-Null
+            }
+            # now clear out the user command associations from users.json
+            $User.commandAssociations = @()
+            #### End removal of queued commands + existing command
+            Write-Warning "PROCESSING:"
+            $user
+            Write-Warning "..."
+            # Get certificate and zip to upload to Commands
+            $userCertFiles = Get-ChildItem -Path "$JCScriptRoot/UserCerts" -Filter "$($user.userName)-*"
+            # set crt and pfx filepaths
+            $userCrt = ($userCertFiles | Where-Object { $_.Name -match "crt" }).FullName
+            $userPfx = ($userCertFiles | Where-Object { $_.Name -match "pfx" }).FullName
+            # define .zip name
+            $userPfxZip = "$JCScriptRoot/UserCerts/$($user.userName)-client-signed.zip"
+            # get certInfo for commands:
+            $certInfo = Get-CertInfo -UserCerts -username $user.username
+
+            # $certInfo = Invoke-Expression "$opensslBinary x509 -in $($userCrt) -enddate -serial -subject -issuer -noout"
+            # $certHash = @{}
+            # $certInfo | ForEach-Object {
+            #     $property = $_ | ConvertFrom-StringData
+            #     $certHash += $property
+            # }
+            switch ($certType) {
+                'EmailSAN' {
+                    # set cert identifier to SAN email of cert
+                    $sanID = Invoke-Expression "$opensslBinary x509 -in $($userCrt) -ext subjectAltName -noout"
+                    $regex = 'email:(.*?)$'
+                    $subjMatch = Select-String -InputObject "$($sanID)" -Pattern $regex
+                    $certIdentifier = $subjMatch.matches.Groups[1].value
+                    # in macOS search user certs by email
+                    $macCertSearch = 'e'
+                }
+                'EmailDN' {
+                    # Else set cert identifier to email of cert subject
+                    $regex = 'emailAddress = (.*?)$'
+                    $subjMatch = Select-String -InputObject "$($certHash.Subject)" -Pattern $regex
+                    $certIdentifier = $subjMatch.matches.Groups[1].value
+                    # in macOS search user certs by email
+                    $macCertSearch = 'e'
+                }
+                'UsernameCn' {
+                    # if username just set cert identifier to username
+                    $certIdentifier = $($user.userName)
+                    # in macOS search user certs by common name (username)
+                    $macCertSearch = 'c'
+                }
+            }
+            # Create the zip
+            Compress-Archive -Path $userPfx -DestinationPath $userPfxZip -CompressionLevel NoCompression -Force
+            # Find OS of System
+            switch ($user.systemAssociations.device_os) {
+                'macOS' {
+                    # Get the macOS system ids
+                    $systemIds = $user.systemAssociations | Where-Object { $_.osFamily -eq 'macOS' } | Select-Object systemId
+
+                    # Check to see if previous commands exist
+                    $Command = Get-JCCommand -name "RadiusCert-Install:$($user.userName):MacOSX"
+
+                    if ($Command.Count -ge 1) {
+                        $confirmation = Write-Host "[status] RadiusCert-Install:$($user.userName):MacOSX command already exists, skipping..."
+                        continue
+                    }
+
+                    # Create new Command and upload the signed pfx
+                    try {
+                        $CommandBody = @{
+                            Name              = "RadiusCert-Install:$($user.userName):MacOSX"
+                            Command           = @"
+unzip -o /tmp/$($user.userName)-client-signed.zip -d /tmp
+chmod 755 /tmp/$($user.userName)-client-signed.pfx
+currentUser=`$(/usr/bin/stat -f%Su /dev/console)
+currentUserUID=`$(id -u "`$currentUser")
+currentCertSN="$($certHash.serial)"
+networkSsid="$($NETWORKSSID)"
+# store orig case match value
+caseMatchOrigValue=`$(shopt -p nocasematch; true)
+# set to case-insensitive
+shopt -s nocasematch
+userCompare="$($user.localUsername)"
+if [[ "`$currentUser" ==  "`$userCompare" ]]; then
+    # restore case match type
+    `$caseMatchOrigValue
+    certs=`$(security find-certificate -a -$($macCertSearch) "$($certIdentifier)" -Z /Users/$($user.localUsername)/Library/Keychains/login.keychain)
+    regexSHA='SHA-1 hash: ([0-9A-F]{5,40})'
+    regexSN='"snbr"<blob>=0x([0-9A-F]{5,40})'
+    global_rematch() {
+        # Set local variables
+        local s=`$1 regex=`$2
+        # While string matches regex expression
+        while [[ `$s =~ `$regex ]]; do
+            # Echo out the match
+            echo "`${BASH_REMATCH[1]}"
+            # Remove the string
+            s=`${s#*"`${BASH_REMATCH[1]}"}
+        done
+    }
+    # Save results
+    # Get Text Results
+    textSHA=`$(global_rematch "`$certs" "`$regexSHA")
+    # Set as array for SHA results
+    arraySHA=(`$textSHA)
+    # Get Text Results
+    textSN=`$(global_rematch "`$certs" "`$regexSN")
+    # Set as array for SN results
+    arraySN=(`$textSN)
+    # set import var
+    import=true
+    if [[ `${#arraySN[@]} == `${#arraySHA[@]} ]]; then
+        len=`${#arraySN[@]}
+        for (( i=0; i<`$len; i++ )); do
+            if [[ `$currentCertSN == `${arraySN[`$i]} ]]; then
+                echo "Found Cert: SN: `${arraySN[`$i]} SHA: `${arraySHA[`$i]}"
+                installedCertSN=`${arraySN[`$i]}
+                installedCertSHA=`${arraySHA[`$i]}
+                # if cert is installed, no need to update
+                import=false
+            else
+                echo "Removing previously installed radius cert:"
+                echo "SN: `${arraySN[`$i]} SHA: `${arraySHA[`$i]}"
+                security delete-certificate -Z "`${arraySHA[`$i]}" /Users/$($user.localUsername)/Library/Keychains/login.keychain
+            fi
+        done
+
+    else
+        echo "array length mismatch, will not delete old certs"
+    fi
+
+    if [[ `$import == true ]]; then
+        /bin/launchctl asuser "`$currentUserUID" sudo -iu "`$currentUser" /usr/bin/security import /tmp/$($user.userName)-client-signed.pfx -x -k /Users/$($user.localUsername)/Library/Keychains/login.keychain -P $JCUSERCERTPASS -T "/System/Library/SystemConfiguration/EAPOLController.bundle/Contents/Resources/eapolclient"
+        if [[ `$? -eq 0 ]]; then
+            echo "Import Success"
+            # get the SHA hash of the newly imported cert
+            installedCertSN=`$(/bin/launchctl asuser "`$currentUserUID" sudo -iu "`$currentUser" /usr/bin/security find-certificate -$($macCertSearch) "$($certIdentifier)" -Z /Users/$($user.localUsername)/Library/Keychains/login.keychain | grep snbr | awk '{print `$1}' | sed 's/"snbr"<blob>=0x//g')
+            if [[ `$installedCertSN == `$currentCertSN ]]; then
+                installedCertSHA=`$(/bin/launchctl asuser "`$currentUserUID" sudo -iu "`$currentUser" /usr/bin/security find-certificate -$($macCertSearch) "$($certIdentifier)" -Z /Users/$($user.localUsername)/Library/Keychains/login.keychain | grep SHA-1 | awk '{print `$3}')
+            fi
+
+        else
+            echo "import failed"
+            exit 4
+        fi
+    else
+        echo "cert already imported"
+    fi
+
+    # check if the cert secruity preference is set:
+    IFS=';' read -ra network <<< "`$networkSsid"
+    for i in "`${network[@]}"; do
+        echo "begin setting network SSID: `$i"
+        if /bin/launchctl asuser "`$currentUserUID" sudo -iu "`$currentUser" /usr/bin/security get-identity-preference -s "com.apple.network.eap.user.identity.wlan.ssid.`$i" -Z "`$installedCertSHA"; then
+            echo "it was already set"
+        else
+            echo "certificate not linked from SSID: `$i to certSN: `$currentCertSN, setting now"
+            /bin/launchctl asuser "`$currentUserUID" sudo -iu "`$currentUser" /usr/bin/security set-identity-preference -s "com.apple.network.eap.user.identity.wlan.ssid.`$i" -Z "`$installedCertSHA"
+            if [[ `$? -eq 0 ]]; then
+            echo "SSID: `$i and certificate linked"
+            else
+                echo "Could not associate SSID: `$i and certifiacte"
+            fi
+        fi
+    done
+
+    # print results
+    echo "################## Cert Install Results ##################"
+    echo "Installed Cert SN: `$installedCertSN"
+    echo "Installed Cert SHA1: `$installedCertSHA"
+    echo "##########################################################"
+
+    # Finally clean up files
+    if [[ -f "/tmp/$($user.userName)-client-signed.zip" ]]; then
+        echo "Removing Temp Zip"
+        rm "/tmp/$($user.userName)-client-signed.zip"
+    fi
+    if [[ -f "/tmp/$($user.userName)-client-signed.pfx" ]]; then
+        echo "Removing Temp Pfx"
+        rm "/tmp/$($user.userName)-client-signed.pfx"
+    fi
+else
+    # restore case match type
+    `$caseMatchOrigValue
+    echo "Current logged in user, `$currentUser, does not match expected certificate user. Please ensure $($user.localUsername) is signed in and retry"
+    # Finally clean up files
+    if [[ -f "/tmp/$($user.userName)-client-signed.zip" ]]; then
+        echo "Removing Temp Zip"
+        rm "/tmp/$($user.userName)-client-signed.zip"
+    fi
+    if [[ -f "/tmp/$($user.userName)-client-signed.pfx" ]]; then
+        echo "Removing Temp Pfx"
+        rm "/tmp/$($user.userName)-client-signed.pfx"
+    fi
+    exit 4
+fi
+
+"@
+                            launchType        = "trigger"
+                            User              = "000000000000000000000000"
+                            trigger           = "RadiusCertInstall"
+                            commandType       = "mac"
+                            timeout           = 600
+                            TimeToLiveSeconds = 864000
+                            files             = (New-JCCommandFile -certFilePath $userPfxZip -FileName "$($user.userName)-client-signed.zip" -FileDestination "/tmp/$($user.userName)-client-signed.zip")
+                        }
+                        $NewCommand = New-JcSdkCommand @CommandBody
+
+                        # Find newly created command and add system as target
+                        # TODO: Condition for duplicate commands
+                        $Command = Get-JCCommand -name "RadiusCert-Install:$($user.userName):MacOSX"
+                        $systemIds | ForEach-Object { Set-JcSdkCommandAssociation -CommandId:("$($Command._id)") -Op 'add' -Type:('system') -Id:("$($_.systemId)") | Out-Null }
+                    } catch {
+                        throw $_
+                    }
+
+                    $CommandTable = [PSCustomObject]@{
+                        commandId            = $command._id
+                        commandName          = $command.name
+                        commandPreviouslyRun = $false
+                        commandQueued        = $false
+                        systems              = $systemIds
+                    }
+
+                    $user.commandAssociations += $CommandTable
+
+                    Write-Host "[status] Successfully created $($Command.name): User - $($user.userName); OS - Mac OS X"
+
+                }
+                'Windows' {
+                    # Get the Windows system ids
+                    $systemIds = $user.systemAssociations | Where-Object { $_.osFamily -eq 'Windows' } | Select-Object systemId
+
+                    # Check to see if previous commands exist
+                    $Command = Get-JCCommand -name "RadiusCert-Install:$($user.userName):Windows"
+
+                    if ($Command.Count -ge 1) {
+                        $confirmation = Write-Host "[status] RadiusCert-Install:$($user.userName):Windows command already exists, skipping..."
+                        continue
+                    }
+
+                    # Create new Command and upload the signed pfx
+                    try {
+                        $CommandBody = @{
+                            Name              = "RadiusCert-Install:$($user.userName):Windows"
+                            Command           = @"
+`$ErrorActionPreference = "Stop"
+[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
+`$PkgProvider = Get-PackageProvider
+If ("Nuget" -notin `$PkgProvider.Name){
+    Install-PackageProvider -Name NuGet -Force
+}
+`$CurrentUser = (Get-WMIObject -ClassName Win32_ComputerSystem).Username
+if ( -Not [string]::isNullOrEmpty(`$CurrentUser) ){
+    `$CurrentUser = `$CurrentUser.Split('\')[1]
+} else {
+    `$CurrentUser = `$null
+}
+if (`$CurrentUser -eq "$($user.localUsername)") {
+    if (-not(Get-InstalledModule -Name RunAsUser -errorAction "SilentlyContinue")) {
+        Write-Host "RunAsUser Module not installed, Installing..."
+        Install-Module RunAsUser -Force
+        Import-Module RunAsUser -Force
+    } else {
+        Write-Host "RunAsUser Module installed, importing into session..."
+        Import-Module RunAsUser -Force
+    }
+    # create temp new radius directory
+    If (Test-Path "C:\RadiusCert"){
+        Write-Host "Radius Temp Cert Directory Exists"
+    } else {
+        New-Item "C:\RadiusCert" -itemType Directory
+    }
+    # expand archive as root and copy to temp location
+    Expand-Archive -LiteralPath C:\Windows\Temp\$($user.userName)-client-signed.zip -DestinationPath C:\RadiusCert -Force
+    `$password = ConvertTo-SecureString -String $JCUSERCERTPASS -AsPlainText -Force
+    `$ScriptBlockInstall = { `$password = ConvertTo-SecureString -String $JCUSERCERTPASS -AsPlainText -Force
+    Import-PfxCertificate -Password `$password -FilePath "C:\RadiusCert\$($user.userName)-client-signed.pfx" -CertStoreLocation Cert:\CurrentUser\My
+    }
+    `$imported = Get-PfxData -Password `$password -FilePath "C:\RadiusCert\$($user.userName)-client-signed.pfx"
+    # Get Current Certs As User
+    `$ScriptBlockCleanup = {
+        `$certs = Get-ChildItem Cert:\CurrentUser\My\
+
+        foreach (`$cert in `$certs){
+            if (`$cert.subject -match "$($certIdentifier)") {
+                if (`$(`$cert.serialNumber) -eq "$($certHash.serial)"){
+                    write-host "Found Cert:``nCert SN: `$(`$cert.serialNumber)"
+                } else {
+                    write-host "Removing Cert:``nCert SN: `$(`$cert.serialNumber)"
+                    Get-ChildItem "Cert:\CurrentUser\My\`$(`$cert.thumbprint)" | remove-item
+                }
+            }
+        }
+    }
+    `$scriptBlockValidate = {
+        if (Get-ChildItem Cert:\CurrentUser\My\`$(`$imported.thumbrprint)){
+            return `$true
+        } else {
+            return `$false
+        }
+    }
+    Write-Host "Importing Pfx Certificate for $($user.userName)"
+    `$certInstall = Invoke-AsCurrentUser -ScriptBlock `$ScriptBlockInstall -CaptureOutput
+    `$certInstall
+    Write-Host "Cleaning Up Previously Installed Certs for $($user.userName)"
+    `$certCleanup = Invoke-AsCurrentUser -ScriptBlock `$ScriptBlockCleanup -CaptureOutput
+    `$certCleanup
+    Write-Host "Validating Installed Certs for $($user.userName)"
+    `$certValidate = Invoke-AsCurrentUser -ScriptBlock `$scriptBlockValidate -CaptureOutput
+    write-host `$certValidate
+
+    # finally clean up temp files:
+    If (Test-Path "C:\Windows\Temp\$($user.userName)-client-signed.zip"){
+        Remove-Item "C:\Windows\Temp\$($user.userName)-client-signed.zip"
+    }
+    If (Test-Path "C:\RadiusCert\$($user.userName)-client-signed.pfx"){
+        Remove-Item "C:\RadiusCert\$($user.userName)-client-signed.pfx"
+    }
+
+    # Lastly validate if the cert was installed
+    if (`$certValidate.Trim() -eq "True"){
+        Write-Host "Cert was installed"
+    } else {
+        Throw "Cert was not installed"
+    }
+} else {
+    if (`$CurrentUser -eq `$null){
+        Write-Host "No users are signed into the system. Please ensure $($user.userName) is signed in and retry."
+    } else {
+        Write-Host "Current logged in user, `$CurrentUser, does not match expected certificate user. Please ensure $($user.localUsername) is signed in and retry."
+    }
+    # finally clean up temp files:
+    If (Test-Path "C:\Windows\Temp\$($user.userName)-client-signed.zip"){
+        Remove-Item "C:\Windows\Temp\$($user.userName)-client-signed.zip"
+    }
+    If (Test-Path "C:\RadiusCert\$($user.userName)-client-signed.pfx"){
+        Remove-Item "C:\RadiusCert\$($user.userName)-client-signed.pfx"
+    }
+    exit 4
+}
+"@
+                            launchType        = "trigger"
+                            trigger           = "RadiusCertInstall"
+                            commandType       = "windows"
+                            shell             = "powershell"
+                            timeout           = 600
+                            TimeToLiveSeconds = 864000
+                            files             = (New-JCCommandFile -certFilePath $userPfxZip -FileName "$($user.userName)-client-signed.zip" -FileDestination "C:\Windows\Temp\$($user.userName)-client-signed.zip")
+                        }
+                        $NewCommand = New-JcSdkCommand @CommandBody
+
+                        # Find newly created command and add system as target
+                        $Command = Get-JCCommand -name "RadiusCert-Install:$($user.userName):Windows"
+                        $systemIds | ForEach-Object { Set-JcSdkCommandAssociation -CommandId:("$($Command._id)") -Op 'add' -Type:('system') -Id:("$($_.systemId)") | Out-Null }
+                    } catch {
+                        throw $_
+                    }
+
+                    $CommandTable = [PSCustomObject]@{
+                        commandId            = $command._id
+                        commandName          = $command.name
+                        commandPreviouslyRun = $false
+                        commandQueued        = $false
+                        systems              = $systemIds
+                    }
+
+                    $user.commandAssociations += $CommandTable
+                    Write-Host "[status] Successfully created $($Command.name): User - $($user.userName); OS - Windows"
+
+                }
+                $null {
+                    Write-Warning "$($user.username) is not associated with any systems, skipping command generation"
+
+
+                }
+            }
+            # Update the user table with the information from the generated commands:
+            $userObjectFromTable, $userIndex = Get-UserFromTable -jsonFilePath "$JCScriptRoot\users.json" -userid $user.userid
+            Set-UserTable -index $userIndex -commandAssociationsObject $user.commandAssociations
+            # Invoke Commands
+            #TODO:: skip if this is not per user basis
+            $confirmation = Read-Host "Would you like to invoke commands? [y/n]"
+            # $UserArray | ConvertTo-Json -Depth 6 | Out-File "$JCScriptRoot\users.json"
+
+            while ($confirmation -ne 'y') {
+                if ($confirmation -eq 'n') {
+                    Write-Host "[status] To invoke the commands at a later time, select option '4' to monitor your User Certification Distribution"
+                    Write-Host "[status] Returning to main menu"
+                    exit
+                }
+                $confirmation = Read-Host "Would you like to invoke commands? [y/n]"
+            }
+
+            # TODO: for individual users, invoke command retry by username
+            # else invoke for all?
+
+            $invokeCommands = invoke-commandByUserId -userID $user.userid
+            # $invokeCommands = Invoke-CommandsRetry -jsonFile "$JCScriptRoot\users.json"
+            Write-Host "[status] Commands Invoked"
+
+            # TODO: Set-JCUserTable -Commands to update the user array.
+            # Set commandPreviouslyRun property to true
+            $user.commandAssociations | ForEach-Object { $_.commandPreviouslyRun = $true }
+
+            # $UserArray | ConvertTo-Json -Depth 6 | Out-File "$JCScriptRoot\users.json"
+
+        }
+    }
+
+    end {
+
+    }
+}
\ No newline at end of file
diff --git a/scripts/automation/Radius/Functions/Private/UserTable/Set-UserTable.ps1 b/scripts/automation/Radius/Functions/Private/UserTable/Set-UserTable.ps1
index 7d56ef56a..ef87799a3 100644
--- a/scripts/automation/Radius/Functions/Private/UserTable/Set-UserTable.ps1
+++ b/scripts/automation/Radius/Functions/Private/UserTable/Set-UserTable.ps1
@@ -45,7 +45,7 @@ function Set-UserTable {
             $systemAssociationsInfo = $userObject.systemAssociations
         }
         if ($commandAssociationsObject) {
-            commandAssociationsInfo = $commandAssociationsObject
+            $commandAssociationsInfo = $commandAssociationsObject
         } else {
             $commandAssociationsInfo = $userObject.commandAssociations
         }
diff --git a/scripts/automation/Radius/Functions/Private/commands/get-commandByUsername.ps1 b/scripts/automation/Radius/Functions/Private/commands/get-commandByUsername.ps1
new file mode 100644
index 000000000..fba5ba520
--- /dev/null
+++ b/scripts/automation/Radius/Functions/Private/commands/get-commandByUsername.ps1
@@ -0,0 +1,27 @@
+function get-CommandByUsername {
+    [CmdletBinding()]
+    param (
+        # Parameter help description
+        [Parameter()]
+        [system.string]
+        $username
+    )
+
+    begin {
+        # define searchFilter
+        $SearchFilter = @{
+            searchTerm = "RadiusCert-Install:${username}:"
+            fields     = @('name')
+        }
+
+    }
+
+    process {
+        # Get command Results
+        $commandResults = Search-JcSdkCommand -SearchFilter $SearchFilter -Fields name
+    }
+
+    end {
+        return $commandResults
+    }
+}
diff --git a/scripts/automation/Radius/Functions/Private/commands/get-queuedCommandByUser.ps1 b/scripts/automation/Radius/Functions/Private/commands/get-queuedCommandByUser.ps1
new file mode 100644
index 000000000..eaa0576f3
--- /dev/null
+++ b/scripts/automation/Radius/Functions/Private/commands/get-queuedCommandByUser.ps1
@@ -0,0 +1,34 @@
+function get-queuedCommandByUser {
+    [CmdletBinding()]
+    param (
+        # Parameter help description
+        [Parameter()]
+        [system.string]
+        $username
+    )
+
+    begin {
+        $headers = @{
+            "x-api-key" = $Env:JCApiKey
+            "x-org-id"  = $Env:JCOrgId
+
+        }
+        $limit = [int]100
+        $skip = [int]0
+        $resultsArray = @()
+        $SearchFilter = @{
+            searchTerm = "RadiusCert-Install:${username}:"
+            fields     = @('name')
+        }
+
+    }
+
+    process {
+        $response = Invoke-RestMethod -Uri "https://console.jumpcloud.com/api/v2/queuedcommand/workflows?&skip=$skip&limit=$limit&search[fields][0]=name&search[searchTerm]=RadiusCert-Install:${username}:" -Method GET -Headers $headers
+    }
+
+    end {
+        return $response.results
+    }
+}
+get-queuedCommandByUser -username "Farmer_100"
\ No newline at end of file
diff --git a/scripts/automation/Radius/Functions/Private/commands/invoke-commandByUserId.ps1 b/scripts/automation/Radius/Functions/Private/commands/invoke-commandByUserId.ps1
new file mode 100644
index 000000000..f89e9051f
--- /dev/null
+++ b/scripts/automation/Radius/Functions/Private/commands/invoke-commandByUserId.ps1
@@ -0,0 +1,51 @@
+function invoke-commandByUserid {
+    [CmdletBinding(DefaultParameterSetName = 'all')]
+    param (
+        # The userID to of which to invoke the command
+        [Parameter(ParameterSetName = 'user')]
+        [system.string]
+        $userID
+
+    )
+
+    begin {
+        # get the command id
+        $userObject, $userIndex = Get-UserFromTable -jsonFilePath "$JCScriptRoot\users.json" -userid $userID
+
+        # get macOS Command
+        $macOS_commandId = ($userObject.commandAssociations | Where-Object { $_.commandName -match "MacOSX" }).commandId
+        # get Windows Command
+        $windows_commandId = ($userObject.commandAssociations | Where-Object { $_.commandName -match "Windows" }).commandId
+        # get list of macOS systems
+        $macOS_systemIds = $userObject.systemAssociations | Where-Object { $_.device_os -eq "macOS" }
+        # get list of Windows systems
+        $windows_systemIds = $userObject.systemAssociations | Where-Object { $_.device_os -eq "Windows" }
+    }
+
+    process {
+        # explicitly create arrays for windows/ mac system IDs
+        $windowsArray = New-Object System.Collections.ArrayList
+        foreach ($system in $windows_systemIds) {
+            $windowsArray.add($system.systemId) | Out-Null
+        }
+        $macOSArray = New-Object System.Collections.ArrayList
+        foreach ($system in $macOS_systemIds) {
+            $macOSArray.add($system.systemId) | Out-Null
+        }
+        # invoke commands
+        If ($macOS_commandId) {
+            Write-Warning "running command: Start-JCSDKCommand -id $($macOS_commandId) -SystemIDs $macOSArray"
+            $macInvokedCommands = Start-JcSdkCommand -Id $macOS_commandId -SystemIds $macOSArray
+        }
+
+        if ($windows_commandId) {
+            Write-Warning "running command: Start-JCSDKCommand -id $($windows_commandId) -SystemIDs $windowsArray"
+            $windowsInvokedCommands = Start-JcSdkCommand -Id $windows_commandId -SystemIds $windowsArray
+        }
+    }
+
+    end {
+        return $true
+    }
+
+}
\ No newline at end of file
diff --git a/scripts/automation/Radius/Functions/Public/Distribute-UserCerts.ps1 b/scripts/automation/Radius/Functions/Public/Distribute-UserCerts.ps1
index 1cd42ee19..082066452 100644
--- a/scripts/automation/Radius/Functions/Public/Distribute-UserCerts.ps1
+++ b/scripts/automation/Radius/Functions/Public/Distribute-UserCerts.ps1
@@ -7,428 +7,527 @@ Connect-JCOnline $JCAPIKEY -force
 ################################################################################
 
 # Import the functions
-Import-Module "$JCScriptRoot/Functions/JCRadiusCertDeployment.psm1" -DisableNameChecking -Force
+# Import-Module "$JCScriptRoot/Functions/JCRadiusCertDeployment.psm1" -DisableNameChecking -Force
 
 # Import the users.json file and convert to PSObject
-$userArray = Get-Content -Raw -Path "$JCScriptRoot/users.json" | ConvertFrom-Json -Depth 6
+$userArray = Get-Content -Raw -Path "$JCScriptRoot/users.json" | ConvertFrom-Json -Depth 10
+
+# TODO: surface this information
 # Check to see if previous commands exist
-$RadiusCertCommands = Get-JCCommand | Where-Object { $_.Name -like 'RadiusCert-Install*' }
+$SearchFilter = @{
+    searchTerm = "RadiusCert-Install:"
+    fields     = @('name')
+}
+$RadiusCertCommands = Search-JcSdkCommand -SearchFilter $SearchFilter -Fields name
+# $RadiusCertCommands = Get-JCCommand -returnProperties name | Where-Object { $_.Name -like 'RadiusCert-Install*' }
+# Split out the username from the commands so we can tell which users do not have a command already
+$RadiusCertCommandList = New-Object System.Collections.ArrayList
+foreach ($command in $RadiusCertCommands) {
+    $commandSplit = $command.name.split(':')
+    $RadiusCertCommandList.Add([PSCustomObject]@{
+            CommandName = $command.name
+            Username    = $commandSplit[1]
+            CommandID   = $command._id
+        }) | Out-Null
+}
+$existingCommandUsers = $RadiusCertCommandList.Username | Get-Unique
+$newRadiusUsers = (Compare-Object $userarray.username $existingCommandUsers).InputObject
 
+# TODO: revamp with menu screen
+# TODO: generate new commands for a single user
+# TODO: why this if statement here:
 if ($RadiusCertCommands.Count -ge 1) {
     Write-Host "[status] $([char]0x1b)[96mRadiusCert commands detected, please make a selection."
     Write-Host "1: Press '1' to generate new commands for ALL users. $([char]0x1b)[96mNOTE: This will remove any previously generated Radius User Certificate Commands titled 'RadiusCert-Install:*'"
     Write-Host "2: Press '2' to generate new commands for NEW RADIUS users. $([char]0x1b)[96mNOTE: This will only generate commands for users who did not have a cert previously"
+    Write-Host "3: Press '3' to generate new commands for ONE Specific RADIUS user."
     Write-Host "E: Press 'E' to exit."
-    $confirmation = Read-Host "Please make a selection"
-    while ($confirmation -ne 'E') {
-        if ($confirmation -eq '1') {
-            # Get queued commands
-            $queuedCommands = Get-JCQueuedCommands
-            # Clear any queued commands for old RadiusCert commands
-            foreach ($command in $RadiusCertCommands) {
-                if ($command._id -in $queuedCommands.command) {
-                    $queuedCommandInfo = $queuedCommands | Where-Object command -EQ $command._id
-                    Clear-JCQueuedCommand -workflowId $queuedCommandInfo.id
+    do {
+        $confirmation = Read-Host "Please make a selection"
+
+        switch ($confirmation) {
+            '1' {
+                # Get queued commands
+                $queuedCommands = Get-JCQueuedCommands
+                # Clear any queued commands for old RadiusCert commands
+                foreach ($command in $RadiusCertCommands) {
+                    if ($command._id -in $queuedCommands.command) {
+                        $queuedCommandInfo = $queuedCommands | Where-Object command -EQ $command._id
+                        Clear-JCQueuedCommand -workflowId $queuedCommandInfo.id
+                    }
                 }
+                Write-Host "[status] Removing $($RadiusCertCommands.Count) commands"
+                # Delete previous commands
+                $RadiusCertCommands | Remove-JCCommand -force | Out-Null
+                # Clean up users.json array
+                $userArray | ForEach-Object { $_.commandAssociations = @() }
+                $confirmation = 'E'
             }
-            Write-Host "[status] Removing $($RadiusCertCommands.Count) commands"
-            # Delete previous commands
-            $RadiusCertCommands | Remove-JCCommand -force | Out-Null
-            # Clean up users.json array
-            $userArray | ForEach-Object { $_.commandAssociations = @() }
-            break
-        } elseif ($confirmation -eq '2') {
-            Write-Host "[status] Proceeding with execution"
-            break
-        }
-    }
-
-    # Break out of the scriptblock and return to main menu
-    if ($confirmation -eq 'E') {
-        break
-    }
-}
-
-# Create commands for each user
-foreach ($user in $userArray) {
-    # Get certificate and zip to upload to Commands
-    $userCertFiles = Get-ChildItem -Path "$JCScriptRoot/UserCerts" -Filter "$($user.userName)*"
-    # set crt and pfx filepaths
-    $userCrt = ($userCertFiles | Where-Object { $_.Name -match "crt" }).FullName
-    $userPfx = ($userCertFiles | Where-Object { $_.Name -match "pfx" }).FullName
-    # define .zip name
-    $userPfxZip = "$JCScriptRoot/UserCerts/$($user.userName)-client-signed.zip"
-    # get certInfo for commands:
-    $certInfo = Invoke-Expression "$opensslBinary x509 -in $($userCrt) -enddate -serial -subject -issuer -noout"
-    $certHash = @{}
-    $certInfo | ForEach-Object {
-        $property = $_ | ConvertFrom-StringData
-        $certHash += $property
-    }
-    switch ($certType) {
-        'EmailSAN' {
-            # set cert identifier to SAN email of cert
-            $sanID = Invoke-Expression "$opensslBinary x509 -in $($userCrt) -ext subjectAltName -noout"
-            $regex = 'email:(.*?)$'
-            $subjMatch = Select-String -InputObject "$($sanID)" -Pattern $regex
-            $certIdentifier = $subjMatch.matches.Groups[1].value
-            # in macOS search user certs by email
-            $macCertSearch = 'e'
-        }
-        'EmailDN' {
-            # Else set cert identifier to email of cert subject
-            $regex = 'emailAddress = (.*?)$'
-            $subjMatch = Select-String -InputObject "$($certHash.Subject)" -Pattern $regex
-            $certIdentifier = $subjMatch.matches.Groups[1].value
-            # in macOS search user certs by email
-            $macCertSearch = 'e'
-        }
-        'UsernameCn' {
-            # if username just set cert identifier to username
-            $certIdentifier = $($user.userName)
-            # in macOS search user certs by common name (username)
-            $macCertSearch = 'c'
-        }
-    }
-    # Create the zip
-    Compress-Archive -Path $userPfx -DestinationPath $userPfxZip -CompressionLevel NoCompression -Force
-    # Find OS of System
-    if ($user.systemAssociations.osFamily -contains 'Mac OS X') {
-        # Get the macOS system ids
-        $systemIds = $user.systemAssociations | Where-Object { $_.osFamily -eq 'Mac OS X' } | Select-Object systemId
-
-        # Check to see if previous commands exist
-        $Command = Get-JCCommand -name "RadiusCert-Install:$($user.userName):MacOSX"
-
-        if ($Command.Count -ge 1) {
-            $confirmation = Write-Host "[status] RadiusCert-Install:$($user.userName):MacOSX command already exists, skipping..."
-            continue
-        }
-
-        # Create new Command and upload the signed pfx
-        try {
-            $CommandBody = @{
-                Name              = "RadiusCert-Install:$($user.userName):MacOSX"
-                Command           = @"
-unzip -o /tmp/$($user.userName)-client-signed.zip -d /tmp
-chmod 755 /tmp/$($user.userName)-client-signed.pfx
-currentUser=`$(/usr/bin/stat -f%Su /dev/console)
-currentUserUID=`$(id -u "`$currentUser")
-currentCertSN="$($certHash.serial)"
-networkSsid="$($NETWORKSSID)"
-# store orig case match value
-caseMatchOrigValue=`$(shopt -p nocasematch; true)
-# set to case-insensitive
-shopt -s nocasematch
-userCompare="$($user.localUsername)"
-if [[ "`$currentUser" ==  "`$userCompare" ]]; then
-    # restore case match type
-    `$caseMatchOrigValue
-    certs=`$(security find-certificate -a -$($macCertSearch) "$($certIdentifier)" -Z /Users/$($user.localUsername)/Library/Keychains/login.keychain)
-    regexSHA='SHA-1 hash: ([0-9A-F]{5,40})'
-    regexSN='"snbr"<blob>=0x([0-9A-F]{5,40})'
-    global_rematch() {
-        # Set local variables
-        local s=`$1 regex=`$2
-        # While string matches regex expression
-        while [[ `$s =~ `$regex ]]; do
-            # Echo out the match
-            echo "`${BASH_REMATCH[1]}"
-            # Remove the string
-            s=`${s#*"`${BASH_REMATCH[1]}"}
-        done
-    }
-    # Save results
-    # Get Text Results
-    textSHA=`$(global_rematch "`$certs" "`$regexSHA")
-    # Set as array for SHA results
-    arraySHA=(`$textSHA)
-    # Get Text Results
-    textSN=`$(global_rematch "`$certs" "`$regexSN")
-    # Set as array for SN results
-    arraySN=(`$textSN)
-    # set import var
-    import=true
-    if [[ `${#arraySN[@]} == `${#arraySHA[@]} ]]; then
-        len=`${#arraySN[@]}
-        for (( i=0; i<`$len; i++ )); do
-            if [[ `$currentCertSN == `${arraySN[`$i]} ]]; then
-                echo "Found Cert: SN: `${arraySN[`$i]} SHA: `${arraySHA[`$i]}"
-                installedCertSN=`${arraySN[`$i]}
-                installedCertSHA=`${arraySHA[`$i]}
-                # if cert is installed, no need to update
-                import=false
-            else
-                echo "Removing previously installed radius cert:"
-                echo "SN: `${arraySN[`$i]} SHA: `${arraySHA[`$i]}"
-                security delete-certificate -Z "`${arraySHA[`$i]}" /Users/$($user.localUsername)/Library/Keychains/login.keychain
-            fi
-        done
-
-    else
-        echo "array length mismatch, will not delete old certs"
-    fi
-
-    if [[ `$import == true ]]; then
-        /bin/launchctl asuser "`$currentUserUID" sudo -iu "`$currentUser" /usr/bin/security import /tmp/$($user.userName)-client-signed.pfx -x -k /Users/$($user.localUsername)/Library/Keychains/login.keychain -P $JCUSERCERTPASS -T "/System/Library/SystemConfiguration/EAPOLController.bundle/Contents/Resources/eapolclient"
-        if [[ `$? -eq 0 ]]; then
-            echo "Import Success"
-            # get the SHA hash of the newly imported cert
-            installedCertSN=`$(/bin/launchctl asuser "`$currentUserUID" sudo -iu "`$currentUser" /usr/bin/security find-certificate -$($macCertSearch) "$($certIdentifier)" -Z /Users/$($user.localUsername)/Library/Keychains/login.keychain | grep snbr | awk '{print `$1}' | sed 's/"snbr"<blob>=0x//g')
-            if [[ `$installedCertSN == `$currentCertSN ]]; then
-                installedCertSHA=`$(/bin/launchctl asuser "`$currentUserUID" sudo -iu "`$currentUser" /usr/bin/security find-certificate -$($macCertSearch) "$($certIdentifier)" -Z /Users/$($user.localUsername)/Library/Keychains/login.keychain | grep SHA-1 | awk '{print `$3}')
-            fi
-
-        else
-            echo "import failed"
-            exit 4
-        fi
-    else
-        echo "cert already imported"
-    fi
-
-    # check if the cert secruity preference is set:
-    IFS=';' read -ra network <<< "`$networkSsid"
-    for i in "`${network[@]}"; do
-        echo "begin setting network SSID: `$i"
-        if /bin/launchctl asuser "`$currentUserUID" sudo -iu "`$currentUser" /usr/bin/security get-identity-preference -s "com.apple.network.eap.user.identity.wlan.ssid.`$i" -Z "`$installedCertSHA"; then
-            echo "it was already set"
-        else
-            echo "certificate not linked from SSID: `$i to certSN: `$currentCertSN, setting now"
-            /bin/launchctl asuser "`$currentUserUID" sudo -iu "`$currentUser" /usr/bin/security set-identity-preference -s "com.apple.network.eap.user.identity.wlan.ssid.`$i" -Z "`$installedCertSHA"
-            if [[ `$? -eq 0 ]]; then
-            echo "SSID: `$i and certificate linked"
-            else
-                echo "Could not associate SSID: `$i and certifiacte"
-            fi
-        fi
-    done
-
-    # print results
-    echo "################## Cert Install Results ##################"
-    echo "Installed Cert SN: `$installedCertSN"
-    echo "Installed Cert SHA1: `$installedCertSHA"
-    echo "##########################################################"
-
-    # Finally clean up files
-    if [[ -f "/tmp/$($user.userName)-client-signed.zip" ]]; then
-        echo "Removing Temp Zip"
-        rm "/tmp/$($user.userName)-client-signed.zip"
-    fi
-    if [[ -f "/tmp/$($user.userName)-client-signed.pfx" ]]; then
-        echo "Removing Temp Pfx"
-        rm "/tmp/$($user.userName)-client-signed.pfx"
-    fi
-else
-    # restore case match type
-    `$caseMatchOrigValue
-    echo "Current logged in user, `$currentUser, does not match expected certificate user. Please ensure $($user.localUsername) is signed in and retry"
-    # Finally clean up files
-    if [[ -f "/tmp/$($user.userName)-client-signed.zip" ]]; then
-        echo "Removing Temp Zip"
-        rm "/tmp/$($user.userName)-client-signed.zip"
-    fi
-    if [[ -f "/tmp/$($user.userName)-client-signed.pfx" ]]; then
-        echo "Removing Temp Pfx"
-        rm "/tmp/$($user.userName)-client-signed.pfx"
-    fi
-    exit 4
-fi
-
-"@
-                launchType        = "trigger"
-                User              = "000000000000000000000000"
-                trigger           = "RadiusCertInstall"
-                commandType       = "mac"
-                timeout           = 600
-                TimeToLiveSeconds = 864000
-                files             = (New-JCCommandFile -certFilePath $userPfxZip -FileName "$($user.userName)-client-signed.zip" -FileDestination "/tmp/$($user.userName)-client-signed.zip")
-            }
-            $NewCommand = New-JcSdkCommand @CommandBody
-
-            # Find newly created command and add system as target
-            # TODO: Condition for duplicate commands
-            $Command = Get-JCCommand -name "RadiusCert-Install:$($user.userName):MacOSX"
-            $systemIds | ForEach-Object { Set-JcSdkCommandAssociation -CommandId:("$($Command._id)") -Op 'add' -Type:('system') -Id:("$($_.systemId)") | Out-Null }
-        } catch {
-            throw $_
-        }
-
-        $CommandTable = [PSCustomObject]@{
-            commandId            = $command._id
-            commandName          = $command.name
-            commandPreviouslyRun = $false
-            commandQueued        = $false
-            systems              = $systemIds
-        }
-
-        $user.commandAssociations += $CommandTable
-
-        Write-Host "[status] Successfully created $($Command.name): User - $($user.userName); OS - Mac OS X"
-    }
-    if ($user.systemAssociations.osFamily -contains 'Windows') {
-        # Get the Windows system ids
-        $systemIds = $user.systemAssociations | Where-Object { $_.osFamily -eq 'Windows' } | Select-Object systemId
-
-        # Check to see if previous commands exist
-        $Command = Get-JCCommand -name "RadiusCert-Install:$($user.userName):Windows"
-
-        if ($Command.Count -ge 1) {
-            $confirmation = Write-Host "[status] RadiusCert-Install:$($user.userName):Windows command already exists, skipping..."
-            continue
-        }
-
-        # Create new Command and upload the signed pfx
-        try {
-            $CommandBody = @{
-                Name              = "RadiusCert-Install:$($user.userName):Windows"
-                Command           = @"
-`$ErrorActionPreference = "Stop"
-[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
-`$PkgProvider = Get-PackageProvider
-If ("Nuget" -notin `$PkgProvider.Name){
-    Install-PackageProvider -Name NuGet -Force
-}
-`$CurrentUser = (Get-WMIObject -ClassName Win32_ComputerSystem).Username
-if ( -Not [string]::isNullOrEmpty(`$CurrentUser) ){
-    `$CurrentUser = `$CurrentUser.Split('\')[1]
-} else {
-    `$CurrentUser = `$null
-}
-if (`$CurrentUser -eq "$($user.localUsername)") {
-    if (-not(Get-InstalledModule -Name RunAsUser -errorAction "SilentlyContinue")) {
-        Write-Host "RunAsUser Module not installed, Installing..."
-        Install-Module RunAsUser -Force
-        Import-Module RunAsUser -Force
-    } else {
-        Write-Host "RunAsUser Module installed, importing into session..."
-        Import-Module RunAsUser -Force
-    }
-    # create temp new radius directory
-    If (Test-Path "C:\RadiusCert"){
-        Write-Host "Radius Temp Cert Directory Exists"
-    } else {
-        New-Item "C:\RadiusCert" -itemType Directory
-    }
-    # expand archive as root and copy to temp location
-    Expand-Archive -LiteralPath C:\Windows\Temp\$($user.userName)-client-signed.zip -DestinationPath C:\RadiusCert -Force
-    `$password = ConvertTo-SecureString -String $JCUSERCERTPASS -AsPlainText -Force
-    `$ScriptBlockInstall = { `$password = ConvertTo-SecureString -String $JCUSERCERTPASS -AsPlainText -Force
-    Import-PfxCertificate -Password `$password -FilePath "C:\RadiusCert\$($user.userName)-client-signed.pfx" -CertStoreLocation Cert:\CurrentUser\My
-    }
-    `$imported = Get-PfxData -Password `$password -FilePath "C:\RadiusCert\$($user.userName)-client-signed.pfx"
-    # Get Current Certs As User
-    `$ScriptBlockCleanup = {
-        `$certs = Get-ChildItem Cert:\CurrentUser\My\
-
-        foreach (`$cert in `$certs){
-            if (`$cert.subject -match "$($certIdentifier)") {
-                if (`$(`$cert.serialNumber) -eq "$($certHash.serial)"){
-                    write-host "Found Cert:``nCert SN: `$(`$cert.serialNumber)"
-                } else {
-                    write-host "Removing Cert:``nCert SN: `$(`$cert.serialNumber)"
-                    Get-ChildItem "Cert:\CurrentUser\My\`$(`$cert.thumbprint)" | remove-item
+            '2' {
+                If ($newRadiusUsers) {
+                    $UserSelectionArray = foreach ($user in $newRadiusUsers) {
+                        $userArray | where-Object { $_.username -eq $user }
+                    }
                 }
+                # $userArray
+                Write-Host "[status] Proceeding with execution"
+                $confirmation = 'E'
             }
-        }
-    }
-    `$scriptBlockValidate = {
-        if (Get-ChildItem Cert:\CurrentUser\My\`$(`$imported.thumbrprint)){
-            return `$true
-        } else {
-            return `$false
-        }
-    }
-    Write-Host "Importing Pfx Certificate for $($user.userName)"
-    `$certInstall = Invoke-AsCurrentUser -ScriptBlock `$ScriptBlockInstall -CaptureOutput
-    `$certInstall
-    Write-Host "Cleaning Up Previously Installed Certs for $($user.userName)"
-    `$certCleanup = Invoke-AsCurrentUser -ScriptBlock `$ScriptBlockCleanup -CaptureOutput
-    `$certCleanup
-    Write-Host "Validating Installed Certs for $($user.userName)"
-    `$certValidate = Invoke-AsCurrentUser -ScriptBlock `$scriptBlockValidate -CaptureOutput
-    write-host `$certValidate
-
-    # finally clean up temp files:
-    If (Test-Path "C:\Windows\Temp\$($user.userName)-client-signed.zip"){
-        Remove-Item "C:\Windows\Temp\$($user.userName)-client-signed.zip"
-    }
-    If (Test-Path "C:\RadiusCert\$($user.userName)-client-signed.pfx"){
-        Remove-Item "C:\RadiusCert\$($user.userName)-client-signed.pfx"
-    }
-
-    # Lastly validate if the cert was installed
-    if (`$certValidate.Trim() -eq "True"){
-        Write-Host "Cert was installed"
-    } else {
-        Throw "Cert was not installed"
-    }
-} else {
-    if (`$CurrentUser -eq `$null){
-        Write-Host "No users are signed into the system. Please ensure $($user.userName) is signed in and retry."
-    } else {
-        Write-Host "Current logged in user, `$CurrentUser, does not match expected certificate user. Please ensure $($user.localUsername) is signed in and retry."
-    }
-    # finally clean up temp files:
-    If (Test-Path "C:\Windows\Temp\$($user.userName)-client-signed.zip"){
-        Remove-Item "C:\Windows\Temp\$($user.userName)-client-signed.zip"
-    }
-    If (Test-Path "C:\RadiusCert\$($user.userName)-client-signed.pfx"){
-        Remove-Item "C:\RadiusCert\$($user.userName)-client-signed.pfx"
-    }
-    exit 4
-}
-"@
-                launchType        = "trigger"
-                trigger           = "RadiusCertInstall"
-                commandType       = "windows"
-                shell             = "powershell"
-                timeout           = 600
-                TimeToLiveSeconds = 864000
-                files             = (New-JCCommandFile -certFilePath $userPfxZip -FileName "$($user.userName)-client-signed.zip" -FileDestination "C:\Windows\Temp\$($user.userName)-client-signed.zip")
-            }
-            $NewCommand = New-JcSdkCommand @CommandBody
-
-            # Find newly created command and add system as target
-            $Command = Get-JCCommand -name "RadiusCert-Install:$($user.userName):Windows"
-            $systemIds | ForEach-Object { Set-JcSdkCommandAssociation -CommandId:("$($Command._id)") -Op 'add' -Type:('system') -Id:("$($_.systemId)") | Out-Null }
-        } catch {
-            throw $_
-        }
+            '3' {
+                try {
+                    Clear-Variable -Name "ConfirmUser" -ErrorAction Ignore
+                } catch {
+                    New-Variable -Name "ConfirmUser" -Value $null
+                }
+                while (-not $confirmUser) {
+                    # TODO: Offer option to go back a step and exit the while loop
+                    $confirmationUser = Read-Host "Enter the Username or UserID of the user"
+                    $confirmUser = Test-UserFromHash -username $confirmationUser -debug
+                }
 
-        $CommandTable = [PSCustomObject]@{
-            commandId            = $command._id
-            commandName          = $command.name
-            commandPreviouslyRun = $false
-            commandQueued        = $false
-            systems              = $systemIds
+                # Get the userobject + index from users.json
+                $userObject, $userIndex = Get-UserFromTable -jsonFilePath "$JCScriptRoot/users.json" -userID $confirmUser.id
+                # $userArrayIndex = $userArray.username.IndexOf($confirmUser.username)
+                $UserSelectionArray = $userArray[$userIndex]
+                # # $UserSelectionArray = $userArray | where-Object { $_.username -eq $confirmUser.username }
+                # # Get queued commands
+                # $queuedCommands = Get-JCQueuedCommands | Where-Object { $_.name -match $confirmUser.username }
+                # # Clear any queued commands for old RadiusCert commands
+                # foreach ($command in $RadiusCertCommands) {
+                #     if ($command._id -in $queuedCommands.command) {
+                #         $queuedCommandInfo = $queuedCommands | Where-Object command -EQ $command._id
+                #         Clear-JCQueuedCommand -workflowId $queuedCommandInfo.id
+                #     }
+                # }
+                # $RadiusCertCommands = $RadiusCertCommands | Where-Object { $_.name -match $confirmUser.username }
+                # Write-Host "[status] Removing $($RadiusCertCommands.Count) commands"
+                # # Delete previous commands
+                # $RadiusCertCommands | Remove-JCCommand -force | Out-Null
+                # # Clean up users.json array
+                # $UserSelectionArray | ForEach-Object { $_.commandAssociations = @() }
+                Deploy-UserCertificate -userObject $UserSelectionArray
+            }
         }
-
-        $user.commandAssociations += $CommandTable
-        Write-Host "[status] Successfully created $($Command.name): User - $($user.userName); OS - Windows"
-    }
-}
-
-# Invoke Commands
-$confirmation = Read-Host "Would you like to invoke commands? [y/n]"
-$UserArray | ConvertTo-Json -Depth 6 | Out-File "$JCScriptRoot\users.json"
-
-while ($confirmation -ne 'y') {
-    if ($confirmation -eq 'n') {
-        Write-Host "[status] To invoke the commands at a later time, select option '4' to monitor your User Certification Distribution"
-        Write-Host "[status] Returning to main menu"
-        exit
-    }
-    $confirmation = Read-Host "Would you like to invoke commands? [y/n]"
+    } while ($confirmation -ne 'E')
 }
 
-$invokeCommands = Invoke-CommandsRetry -jsonFile "$JCScriptRoot\users.json"
-Write-Host "[status] Commands Invoked"
-
-# Set commandPreviouslyRun property to true
-$userArray.commandAssociations | ForEach-Object { $_.commandPreviouslyRun = $true }
-
-$UserArray | ConvertTo-Json -Depth 6 | Out-File "$JCScriptRoot\users.json"
-
+# Create commands for each user
+# foreach ($user in $UserSelectionArray) {
+
+#     #### Begin removal of queued commands + existing command:
+#     # TODO: get existing command for the user + remove
+#     Write-Warning "clearing existing commands for $($user.username)"
+#     $radiusCommandsByUser = Get-CommandByUsername -username $user.username
+#     foreach ($command in $radiusCommandsByUser) {
+#         Remove-JcSdkCommand -Id $command.id | Out-Null
+#     }
+#     Write-Warning "clearing queued commands for $($user.username)"
+#     # TODO: get queued command for the user + remove
+#     $queuedRadiusCommandsByUser = Get-queuedCommandByUser -username $user.username
+#     foreach ($queuedCommand in $queuedRadiusCommandsByUser) {
+#         Clear-JCQueuedCommand -workflowId $queuedCommand.id | Out-Null
+#     }
+#     # now clear out the user command associations from users.json
+#     $User.commandAssociations = @()
+#     #### End removal of queued commands + existing command
+#     Write-Warning "PROCESSING:"
+#     $user
+#     Write-Warning "..."
+#     # Get certificate and zip to upload to Commands
+#     $userCertFiles = Get-ChildItem -Path "$JCScriptRoot/UserCerts" -Filter "$($user.userName)-*"
+#     # set crt and pfx filepaths
+#     $userCrt = ($userCertFiles | Where-Object { $_.Name -match "crt" }).FullName
+#     $userPfx = ($userCertFiles | Where-Object { $_.Name -match "pfx" }).FullName
+#     # define .zip name
+#     $userPfxZip = "$JCScriptRoot/UserCerts/$($user.userName)-client-signed.zip"
+#     # get certInfo for commands:
+#     $certInfo = Get-CertInfo -UserCerts -username $user.username
+
+#     # $certInfo = Invoke-Expression "$opensslBinary x509 -in $($userCrt) -enddate -serial -subject -issuer -noout"
+#     # $certHash = @{}
+#     # $certInfo | ForEach-Object {
+#     #     $property = $_ | ConvertFrom-StringData
+#     #     $certHash += $property
+#     # }
+#     switch ($certType) {
+#         'EmailSAN' {
+#             # set cert identifier to SAN email of cert
+#             $sanID = Invoke-Expression "$opensslBinary x509 -in $($userCrt) -ext subjectAltName -noout"
+#             $regex = 'email:(.*?)$'
+#             $subjMatch = Select-String -InputObject "$($sanID)" -Pattern $regex
+#             $certIdentifier = $subjMatch.matches.Groups[1].value
+#             # in macOS search user certs by email
+#             $macCertSearch = 'e'
+#         }
+#         'EmailDN' {
+#             # Else set cert identifier to email of cert subject
+#             $regex = 'emailAddress = (.*?)$'
+#             $subjMatch = Select-String -InputObject "$($certHash.Subject)" -Pattern $regex
+#             $certIdentifier = $subjMatch.matches.Groups[1].value
+#             # in macOS search user certs by email
+#             $macCertSearch = 'e'
+#         }
+#         'UsernameCn' {
+#             # if username just set cert identifier to username
+#             $certIdentifier = $($user.userName)
+#             # in macOS search user certs by common name (username)
+#             $macCertSearch = 'c'
+#         }
+#     }
+#     # Create the zip
+#     Compress-Archive -Path $userPfx -DestinationPath $userPfxZip -CompressionLevel NoCompression -Force
+#     # Find OS of System
+#     switch ($user.systemAssociations.device_os) {
+#         'macOS' {
+#             # Get the macOS system ids
+#             $systemIds = $user.systemAssociations | Where-Object { $_.osFamily -eq 'macOS' } | Select-Object systemId
+
+#             # Check to see if previous commands exist
+#             $Command = Get-JCCommand -name "RadiusCert-Install:$($user.userName):MacOSX"
+
+#             if ($Command.Count -ge 1) {
+#                 $confirmation = Write-Host "[status] RadiusCert-Install:$($user.userName):MacOSX command already exists, skipping..."
+#                 continue
+#             }
+
+#             # Create new Command and upload the signed pfx
+#             try {
+#                 $CommandBody = @{
+#                     Name              = "RadiusCert-Install:$($user.userName):MacOSX"
+#                     Command           = @"
+# unzip -o /tmp/$($user.userName)-client-signed.zip -d /tmp
+# chmod 755 /tmp/$($user.userName)-client-signed.pfx
+# currentUser=`$(/usr/bin/stat -f%Su /dev/console)
+# currentUserUID=`$(id -u "`$currentUser")
+# currentCertSN="$($certHash.serial)"
+# networkSsid="$($NETWORKSSID)"
+# # store orig case match value
+# caseMatchOrigValue=`$(shopt -p nocasematch; true)
+# # set to case-insensitive
+# shopt -s nocasematch
+# userCompare="$($user.localUsername)"
+# if [[ "`$currentUser" ==  "`$userCompare" ]]; then
+#     # restore case match type
+#     `$caseMatchOrigValue
+#     certs=`$(security find-certificate -a -$($macCertSearch) "$($certIdentifier)" -Z /Users/$($user.localUsername)/Library/Keychains/login.keychain)
+#     regexSHA='SHA-1 hash: ([0-9A-F]{5,40})'
+#     regexSN='"snbr"<blob>=0x([0-9A-F]{5,40})'
+#     global_rematch() {
+#         # Set local variables
+#         local s=`$1 regex=`$2
+#         # While string matches regex expression
+#         while [[ `$s =~ `$regex ]]; do
+#             # Echo out the match
+#             echo "`${BASH_REMATCH[1]}"
+#             # Remove the string
+#             s=`${s#*"`${BASH_REMATCH[1]}"}
+#         done
+#     }
+#     # Save results
+#     # Get Text Results
+#     textSHA=`$(global_rematch "`$certs" "`$regexSHA")
+#     # Set as array for SHA results
+#     arraySHA=(`$textSHA)
+#     # Get Text Results
+#     textSN=`$(global_rematch "`$certs" "`$regexSN")
+#     # Set as array for SN results
+#     arraySN=(`$textSN)
+#     # set import var
+#     import=true
+#     if [[ `${#arraySN[@]} == `${#arraySHA[@]} ]]; then
+#         len=`${#arraySN[@]}
+#         for (( i=0; i<`$len; i++ )); do
+#             if [[ `$currentCertSN == `${arraySN[`$i]} ]]; then
+#                 echo "Found Cert: SN: `${arraySN[`$i]} SHA: `${arraySHA[`$i]}"
+#                 installedCertSN=`${arraySN[`$i]}
+#                 installedCertSHA=`${arraySHA[`$i]}
+#                 # if cert is installed, no need to update
+#                 import=false
+#             else
+#                 echo "Removing previously installed radius cert:"
+#                 echo "SN: `${arraySN[`$i]} SHA: `${arraySHA[`$i]}"
+#                 security delete-certificate -Z "`${arraySHA[`$i]}" /Users/$($user.localUsername)/Library/Keychains/login.keychain
+#             fi
+#         done
+
+#     else
+#         echo "array length mismatch, will not delete old certs"
+#     fi
+
+#     if [[ `$import == true ]]; then
+#         /bin/launchctl asuser "`$currentUserUID" sudo -iu "`$currentUser" /usr/bin/security import /tmp/$($user.userName)-client-signed.pfx -x -k /Users/$($user.localUsername)/Library/Keychains/login.keychain -P $JCUSERCERTPASS -T "/System/Library/SystemConfiguration/EAPOLController.bundle/Contents/Resources/eapolclient"
+#         if [[ `$? -eq 0 ]]; then
+#             echo "Import Success"
+#             # get the SHA hash of the newly imported cert
+#             installedCertSN=`$(/bin/launchctl asuser "`$currentUserUID" sudo -iu "`$currentUser" /usr/bin/security find-certificate -$($macCertSearch) "$($certIdentifier)" -Z /Users/$($user.localUsername)/Library/Keychains/login.keychain | grep snbr | awk '{print `$1}' | sed 's/"snbr"<blob>=0x//g')
+#             if [[ `$installedCertSN == `$currentCertSN ]]; then
+#                 installedCertSHA=`$(/bin/launchctl asuser "`$currentUserUID" sudo -iu "`$currentUser" /usr/bin/security find-certificate -$($macCertSearch) "$($certIdentifier)" -Z /Users/$($user.localUsername)/Library/Keychains/login.keychain | grep SHA-1 | awk '{print `$3}')
+#             fi
+
+#         else
+#             echo "import failed"
+#             exit 4
+#         fi
+#     else
+#         echo "cert already imported"
+#     fi
+
+#     # check if the cert secruity preference is set:
+#     IFS=';' read -ra network <<< "`$networkSsid"
+#     for i in "`${network[@]}"; do
+#         echo "begin setting network SSID: `$i"
+#         if /bin/launchctl asuser "`$currentUserUID" sudo -iu "`$currentUser" /usr/bin/security get-identity-preference -s "com.apple.network.eap.user.identity.wlan.ssid.`$i" -Z "`$installedCertSHA"; then
+#             echo "it was already set"
+#         else
+#             echo "certificate not linked from SSID: `$i to certSN: `$currentCertSN, setting now"
+#             /bin/launchctl asuser "`$currentUserUID" sudo -iu "`$currentUser" /usr/bin/security set-identity-preference -s "com.apple.network.eap.user.identity.wlan.ssid.`$i" -Z "`$installedCertSHA"
+#             if [[ `$? -eq 0 ]]; then
+#             echo "SSID: `$i and certificate linked"
+#             else
+#                 echo "Could not associate SSID: `$i and certifiacte"
+#             fi
+#         fi
+#     done
+
+#     # print results
+#     echo "################## Cert Install Results ##################"
+#     echo "Installed Cert SN: `$installedCertSN"
+#     echo "Installed Cert SHA1: `$installedCertSHA"
+#     echo "##########################################################"
+
+#     # Finally clean up files
+#     if [[ -f "/tmp/$($user.userName)-client-signed.zip" ]]; then
+#         echo "Removing Temp Zip"
+#         rm "/tmp/$($user.userName)-client-signed.zip"
+#     fi
+#     if [[ -f "/tmp/$($user.userName)-client-signed.pfx" ]]; then
+#         echo "Removing Temp Pfx"
+#         rm "/tmp/$($user.userName)-client-signed.pfx"
+#     fi
+# else
+#     # restore case match type
+#     `$caseMatchOrigValue
+#     echo "Current logged in user, `$currentUser, does not match expected certificate user. Please ensure $($user.localUsername) is signed in and retry"
+#     # Finally clean up files
+#     if [[ -f "/tmp/$($user.userName)-client-signed.zip" ]]; then
+#         echo "Removing Temp Zip"
+#         rm "/tmp/$($user.userName)-client-signed.zip"
+#     fi
+#     if [[ -f "/tmp/$($user.userName)-client-signed.pfx" ]]; then
+#         echo "Removing Temp Pfx"
+#         rm "/tmp/$($user.userName)-client-signed.pfx"
+#     fi
+#     exit 4
+# fi
+
+# "@
+#                     launchType        = "trigger"
+#                     User              = "000000000000000000000000"
+#                     trigger           = "RadiusCertInstall"
+#                     commandType       = "mac"
+#                     timeout           = 600
+#                     TimeToLiveSeconds = 864000
+#                     files             = (New-JCCommandFile -certFilePath $userPfxZip -FileName "$($user.userName)-client-signed.zip" -FileDestination "/tmp/$($user.userName)-client-signed.zip")
+#                 }
+#                 $NewCommand = New-JcSdkCommand @CommandBody
+
+#                 # Find newly created command and add system as target
+#                 # TODO: Condition for duplicate commands
+#                 $Command = Get-JCCommand -name "RadiusCert-Install:$($user.userName):MacOSX"
+#                 $systemIds | ForEach-Object { Set-JcSdkCommandAssociation -CommandId:("$($Command._id)") -Op 'add' -Type:('system') -Id:("$($_.systemId)") | Out-Null }
+#             } catch {
+#                 throw $_
+#             }
+
+#             $CommandTable = [PSCustomObject]@{
+#                 commandId            = $command._id
+#                 commandName          = $command.name
+#                 commandPreviouslyRun = $false
+#                 commandQueued        = $false
+#                 systems              = $systemIds
+#             }
+
+#             $user.commandAssociations += $CommandTable
+
+#             Write-Host "[status] Successfully created $($Command.name): User - $($user.userName); OS - Mac OS X"
+
+#         }
+#         'Windows' {
+#             # Get the Windows system ids
+#             $systemIds = $user.systemAssociations | Where-Object { $_.osFamily -eq 'Windows' } | Select-Object systemId
+
+#             # Check to see if previous commands exist
+#             $Command = Get-JCCommand -name "RadiusCert-Install:$($user.userName):Windows"
+
+#             if ($Command.Count -ge 1) {
+#                 $confirmation = Write-Host "[status] RadiusCert-Install:$($user.userName):Windows command already exists, skipping..."
+#                 continue
+#             }
+
+#             # Create new Command and upload the signed pfx
+#             try {
+#                 $CommandBody = @{
+#                     Name              = "RadiusCert-Install:$($user.userName):Windows"
+#                     Command           = @"
+# `$ErrorActionPreference = "Stop"
+# [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
+# `$PkgProvider = Get-PackageProvider
+# If ("Nuget" -notin `$PkgProvider.Name){
+#     Install-PackageProvider -Name NuGet -Force
+# }
+# `$CurrentUser = (Get-WMIObject -ClassName Win32_ComputerSystem).Username
+# if ( -Not [string]::isNullOrEmpty(`$CurrentUser) ){
+#     `$CurrentUser = `$CurrentUser.Split('\')[1]
+# } else {
+#     `$CurrentUser = `$null
+# }
+# if (`$CurrentUser -eq "$($user.localUsername)") {
+#     if (-not(Get-InstalledModule -Name RunAsUser -errorAction "SilentlyContinue")) {
+#         Write-Host "RunAsUser Module not installed, Installing..."
+#         Install-Module RunAsUser -Force
+#         Import-Module RunAsUser -Force
+#     } else {
+#         Write-Host "RunAsUser Module installed, importing into session..."
+#         Import-Module RunAsUser -Force
+#     }
+#     # create temp new radius directory
+#     If (Test-Path "C:\RadiusCert"){
+#         Write-Host "Radius Temp Cert Directory Exists"
+#     } else {
+#         New-Item "C:\RadiusCert" -itemType Directory
+#     }
+#     # expand archive as root and copy to temp location
+#     Expand-Archive -LiteralPath C:\Windows\Temp\$($user.userName)-client-signed.zip -DestinationPath C:\RadiusCert -Force
+#     `$password = ConvertTo-SecureString -String $JCUSERCERTPASS -AsPlainText -Force
+#     `$ScriptBlockInstall = { `$password = ConvertTo-SecureString -String $JCUSERCERTPASS -AsPlainText -Force
+#     Import-PfxCertificate -Password `$password -FilePath "C:\RadiusCert\$($user.userName)-client-signed.pfx" -CertStoreLocation Cert:\CurrentUser\My
+#     }
+#     `$imported = Get-PfxData -Password `$password -FilePath "C:\RadiusCert\$($user.userName)-client-signed.pfx"
+#     # Get Current Certs As User
+#     `$ScriptBlockCleanup = {
+#         `$certs = Get-ChildItem Cert:\CurrentUser\My\
+
+#         foreach (`$cert in `$certs){
+#             if (`$cert.subject -match "$($certIdentifier)") {
+#                 if (`$(`$cert.serialNumber) -eq "$($certHash.serial)"){
+#                     write-host "Found Cert:``nCert SN: `$(`$cert.serialNumber)"
+#                 } else {
+#                     write-host "Removing Cert:``nCert SN: `$(`$cert.serialNumber)"
+#                     Get-ChildItem "Cert:\CurrentUser\My\`$(`$cert.thumbprint)" | remove-item
+#                 }
+#             }
+#         }
+#     }
+#     `$scriptBlockValidate = {
+#         if (Get-ChildItem Cert:\CurrentUser\My\`$(`$imported.thumbrprint)){
+#             return `$true
+#         } else {
+#             return `$false
+#         }
+#     }
+#     Write-Host "Importing Pfx Certificate for $($user.userName)"
+#     `$certInstall = Invoke-AsCurrentUser -ScriptBlock `$ScriptBlockInstall -CaptureOutput
+#     `$certInstall
+#     Write-Host "Cleaning Up Previously Installed Certs for $($user.userName)"
+#     `$certCleanup = Invoke-AsCurrentUser -ScriptBlock `$ScriptBlockCleanup -CaptureOutput
+#     `$certCleanup
+#     Write-Host "Validating Installed Certs for $($user.userName)"
+#     `$certValidate = Invoke-AsCurrentUser -ScriptBlock `$scriptBlockValidate -CaptureOutput
+#     write-host `$certValidate
+
+#     # finally clean up temp files:
+#     If (Test-Path "C:\Windows\Temp\$($user.userName)-client-signed.zip"){
+#         Remove-Item "C:\Windows\Temp\$($user.userName)-client-signed.zip"
+#     }
+#     If (Test-Path "C:\RadiusCert\$($user.userName)-client-signed.pfx"){
+#         Remove-Item "C:\RadiusCert\$($user.userName)-client-signed.pfx"
+#     }
+
+#     # Lastly validate if the cert was installed
+#     if (`$certValidate.Trim() -eq "True"){
+#         Write-Host "Cert was installed"
+#     } else {
+#         Throw "Cert was not installed"
+#     }
+# } else {
+#     if (`$CurrentUser -eq `$null){
+#         Write-Host "No users are signed into the system. Please ensure $($user.userName) is signed in and retry."
+#     } else {
+#         Write-Host "Current logged in user, `$CurrentUser, does not match expected certificate user. Please ensure $($user.localUsername) is signed in and retry."
+#     }
+#     # finally clean up temp files:
+#     If (Test-Path "C:\Windows\Temp\$($user.userName)-client-signed.zip"){
+#         Remove-Item "C:\Windows\Temp\$($user.userName)-client-signed.zip"
+#     }
+#     If (Test-Path "C:\RadiusCert\$($user.userName)-client-signed.pfx"){
+#         Remove-Item "C:\RadiusCert\$($user.userName)-client-signed.pfx"
+#     }
+#     exit 4
+# }
+# "@
+#                     launchType        = "trigger"
+#                     trigger           = "RadiusCertInstall"
+#                     commandType       = "windows"
+#                     shell             = "powershell"
+#                     timeout           = 600
+#                     TimeToLiveSeconds = 864000
+#                     files             = (New-JCCommandFile -certFilePath $userPfxZip -FileName "$($user.userName)-client-signed.zip" -FileDestination "C:\Windows\Temp\$($user.userName)-client-signed.zip")
+#                 }
+#                 $NewCommand = New-JcSdkCommand @CommandBody
+
+#                 # Find newly created command and add system as target
+#                 $Command = Get-JCCommand -name "RadiusCert-Install:$($user.userName):Windows"
+#                 $systemIds | ForEach-Object { Set-JcSdkCommandAssociation -CommandId:("$($Command._id)") -Op 'add' -Type:('system') -Id:("$($_.systemId)") | Out-Null }
+#             } catch {
+#                 throw $_
+#             }
+
+#             $CommandTable = [PSCustomObject]@{
+#                 commandId            = $command._id
+#                 commandName          = $command.name
+#                 commandPreviouslyRun = $false
+#                 commandQueued        = $false
+#                 systems              = $systemIds
+#             }
+
+#             $user.commandAssociations += $CommandTable
+#             Write-Host "[status] Successfully created $($Command.name): User - $($user.userName); OS - Windows"
+
+#         }
+#         $null {
+#             Write-Warning "$($user.username) is not associated with any systems, skipping command generation"
+
+
+#         }
+#     }
+
+#     # Invoke Commands
+#     #TODO:: skip if this is not per user basis
+#     $confirmation = Read-Host "Would you like to invoke commands? [y/n]"
+#     # TODO: replace this with set-JCUserTable earlier after we create a command(s) for the user
+#     $UserArray | ConvertTo-Json -Depth 6 | Out-File "$JCScriptRoot\users.json"
+
+#     while ($confirmation -ne 'y') {
+#         if ($confirmation -eq 'n') {
+#             Write-Host "[status] To invoke the commands at a later time, select option '4' to monitor your User Certification Distribution"
+#             Write-Host "[status] Returning to main menu"
+#             exit
+#         }
+#         $confirmation = Read-Host "Would you like to invoke commands? [y/n]"
+#     }
+
+#     # TODO: for individual users, invoke command retry by username
+#     # else invoke for all?
+#     $invokeCommands = invoke-commandByUsername -userID $user.userid
+#     # $invokeCommands = Invoke-CommandsRetry -jsonFile "$JCScriptRoot\users.json"
+#     Write-Host "[status] Commands Invoked"
+
+#     # TODO: Set-JCUserTable -Commands to update the user array.
+#     # Set commandPreviouslyRun property to true
+#     $user.commandAssociations | ForEach-Object { $_.commandPreviouslyRun = $true }
+
+#     $UserArray | ConvertTo-Json -Depth 6 | Out-File "$JCScriptRoot\users.json"
+
+# }
 Write-Host "[status] Select option '4' to monitor your User Certification Distribution"
-Write-Host "[status] Returning to main menu"
\ No newline at end of file
+Write-Host "[status] Returning to main menu"

From 44d4553790970f21f67d411b1b1ed4c05bc5da57 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Tue, 2 Jan 2024 17:20:10 -0700
Subject: [PATCH 010/346] TODOs and distribute changes

---
 .../Private/Deploy-UserCertificate.ps1        |  88 +--
 .../Private/UserTable/Get-UserFromTable.ps1   |   4 +-
 .../Private/UserTable/Set-UserTable.ps1       |   5 -
 .../commands/invoke-commandByUserId.ps1       |   2 -
 .../Private/menus/Show-DistributionMenu.ps1   |  41 ++
 .../Private/menus/Show-GenerationMenu.ps1     |  24 +
 .../Private/menus/Show-ProgressBarText.ps1    |  13 +
 .../Private/menus/Show-StatusMessage.ps1      |  12 +
 .../Private/settings/Update-JCRUsersJson.ps1  |   6 +-
 .../Functions/Public/Distribute-UserCerts.ps1 | 569 ++----------------
 .../Functions/Public/Generate-UserCerts.ps1   |  36 +-
 .../Radius/Start-RadiusDeployment.ps1         |   1 +
 12 files changed, 222 insertions(+), 579 deletions(-)
 create mode 100644 scripts/automation/Radius/Functions/Private/menus/Show-DistributionMenu.ps1
 create mode 100644 scripts/automation/Radius/Functions/Private/menus/Show-GenerationMenu.ps1
 create mode 100644 scripts/automation/Radius/Functions/Private/menus/Show-ProgressBarText.ps1
 create mode 100644 scripts/automation/Radius/Functions/Private/menus/Show-StatusMessage.ps1

diff --git a/scripts/automation/Radius/Functions/Private/Deploy-UserCertificate.ps1 b/scripts/automation/Radius/Functions/Private/Deploy-UserCertificate.ps1
index 4207fc17a..596b2ce15 100644
--- a/scripts/automation/Radius/Functions/Private/Deploy-UserCertificate.ps1
+++ b/scripts/automation/Radius/Functions/Private/Deploy-UserCertificate.ps1
@@ -22,14 +22,12 @@ function Deploy-UserCertificate {
         foreach ($user in $userObject) {
 
             #### Begin removal of queued commands + existing command:
-            # TODO: get existing command for the user + remove
-            Write-Warning "clearing existing commands for $($user.username)"
+            # remove commands
             $radiusCommandsByUser = Get-CommandByUsername -username $user.username
             foreach ($command in $radiusCommandsByUser) {
                 Remove-JcSdkCommand -Id $command.id | Out-Null
             }
-            Write-Warning "clearing queued commands for $($user.username)"
-            # TODO: get queued command for the user + remove
+            # remove queued commands
             $queuedRadiusCommandsByUser = Get-queuedCommandByUser -username $user.username
             foreach ($queuedCommand in $queuedRadiusCommandsByUser) {
                 Clear-JCQueuedCommand -workflowId $queuedCommand.id | Out-Null
@@ -37,9 +35,6 @@ function Deploy-UserCertificate {
             # now clear out the user command associations from users.json
             $User.commandAssociations = @()
             #### End removal of queued commands + existing command
-            Write-Warning "PROCESSING:"
-            $user
-            Write-Warning "..."
             # Get certificate and zip to upload to Commands
             $userCertFiles = Get-ChildItem -Path "$JCScriptRoot/UserCerts" -Filter "$($user.userName)-*"
             # set crt and pfx filepaths
@@ -49,13 +44,7 @@ function Deploy-UserCertificate {
             $userPfxZip = "$JCScriptRoot/UserCerts/$($user.userName)-client-signed.zip"
             # get certInfo for commands:
             $certInfo = Get-CertInfo -UserCerts -username $user.username
-
-            # $certInfo = Invoke-Expression "$opensslBinary x509 -in $($userCrt) -enddate -serial -subject -issuer -noout"
-            # $certHash = @{}
-            # $certInfo | ForEach-Object {
-            #     $property = $_ | ConvertFrom-StringData
-            #     $certHash += $property
-            # }
+            # determine certType
             switch ($certType) {
                 'EmailSAN' {
                     # set cert identifier to SAN email of cert
@@ -93,7 +82,7 @@ function Deploy-UserCertificate {
                     $Command = Get-JCCommand -name "RadiusCert-Install:$($user.userName):MacOSX"
 
                     if ($Command.Count -ge 1) {
-                        $confirmation = Write-Host "[status] RadiusCert-Install:$($user.userName):MacOSX command already exists, skipping..."
+                        # $confirmation = Write-Host "[status] RadiusCert-Install:$($user.userName):MacOSX command already exists, skipping..."
                         continue
                     }
 
@@ -256,7 +245,7 @@ fi
 
                     $user.commandAssociations += $CommandTable
 
-                    Write-Host "[status] Successfully created $($Command.name): User - $($user.userName); OS - Mac OS X"
+                    # Write-Host "[status] Successfully created $($Command.name): User - $($user.userName); OS - Mac OS X"
 
                 }
                 'Windows' {
@@ -267,7 +256,7 @@ fi
                     $Command = Get-JCCommand -name "RadiusCert-Install:$($user.userName):Windows"
 
                     if ($Command.Count -ge 1) {
-                        $confirmation = Write-Host "[status] RadiusCert-Install:$($user.userName):Windows command already exists, skipping..."
+                        # $confirmation = Write-Host "[status] RadiusCert-Install:$($user.userName):Windows command already exists, skipping..."
                         continue
                     }
 
@@ -398,45 +387,72 @@ if (`$CurrentUser -eq "$($user.localUsername)") {
                     }
 
                     $user.commandAssociations += $CommandTable
-                    Write-Host "[status] Successfully created $($Command.name): User - $($user.userName); OS - Windows"
+                    # Write-Host "[status] Successfully created $($Command.name): User - $($user.userName); OS - Windows"
 
                 }
                 $null {
-                    Write-Warning "$($user.username) is not associated with any systems, skipping command generation"
+                    # Write-host "$($user.username) is not associated with any systems, skipping command generation"
 
 
                 }
             }
             # Update the user table with the information from the generated commands:
             $userObjectFromTable, $userIndex = Get-UserFromTable -jsonFilePath "$JCScriptRoot\users.json" -userid $user.userid
+
             Set-UserTable -index $userIndex -commandAssociationsObject $user.commandAssociations
             # Invoke Commands
             #TODO:: skip if this is not per user basis
-            $confirmation = Read-Host "Would you like to invoke commands? [y/n]"
-            # $UserArray | ConvertTo-Json -Depth 6 | Out-File "$JCScriptRoot\users.json"
-
-            while ($confirmation -ne 'y') {
-                if ($confirmation -eq 'n') {
-                    Write-Host "[status] To invoke the commands at a later time, select option '4' to monitor your User Certification Distribution"
-                    Write-Host "[status] Returning to main menu"
-                    exit
+            switch ($force) {
+                $true {
+                    # nothing do to
+                }
+                $false {
+                    $confirmation = Read-Host "Would you like to invoke commands? [y/n]"
+                    # $UserArray | ConvertTo-Json -Depth 6 | Out-File "$JCScriptRoot\users.json"
+
+                    while ($confirmation -ne 'y') {
+                        if ($confirmation -eq 'n') {
+                            Write-Host "[status] To invoke the commands at a later time, select option '4' to monitor your User Certification Distribution"
+                            Write-Host "[status] Returning to main menu"
+                            exit
+                        }
+                        $confirmation = Read-Host "Would you like to invoke commands? [y/n]"
+                    }
                 }
-                $confirmation = Read-Host "Would you like to invoke commands? [y/n]"
             }
 
             # TODO: for individual users, invoke command retry by username
             # else invoke for all?
+            # finally update the user table to note that the command has been run, the cert has been deployed
+            # get the object once more:
+            $userObjectFromTable, $userIndex = Get-UserFromTable -jsonFilePath "$JCScriptRoot\users.json" -userid $user.userid
+            # Set commandPreviouslyRun property to true if there are command associations to set
+            if ($userObjectFromTable.commandAssociations) {
+                $userObjectFromTable.commandAssociations | ForEach-Object { $_.commandPreviouslyRun = $true }
+                # set the deployed status to true, set the date
+                if (Get-Member -inputObject $userObjectFromTable.certInfo -name "deployed" -MemberType Properties) {
+                    # if ($userObjectFromTable.certInfo.deployed) {
+                    $userObjectFromTable.certInfo.deployed = $true
+                } else {
+                    $userObjectFromTable.certInfo | Add-Member -Name 'deployed' -Type NoteProperty -Value $false
 
-            $invokeCommands = invoke-commandByUserId -userID $user.userid
-            # $invokeCommands = Invoke-CommandsRetry -jsonFile "$JCScriptRoot\users.json"
-            Write-Host "[status] Commands Invoked"
-
-            # TODO: Set-JCUserTable -Commands to update the user array.
-            # Set commandPreviouslyRun property to true
-            $user.commandAssociations | ForEach-Object { $_.commandPreviouslyRun = $true }
+                }
+                if (Get-Member -inputObject $userObjectFromTable.certInfo -name "deploymentDate" -MemberType Properties) {
+                    # if ($userObjectFromTable.certInfo.deploymentDate) {
+                    $userObjectFromTable.certInfo.deploymentDate = (Get-Date)
 
-            # $UserArray | ConvertTo-Json -Depth 6 | Out-File "$JCScriptRoot\users.json"
+                } else {
 
+                    $userObjectFromTable.certInfo | Add-Member -Name 'deploymentDate' -Type NoteProperty -Value (Get-Date)
+                }
+                Set-UserTable -index $userIndex -commandAssociationsObject $userObjectFromTable.commandAssociations -certInfoObject $userObjectFromTable.certInfo
+                $invokeCommands = invoke-commandByUserId -userID $user.userid
+                # Write-Host "[status] Commands Invoked"
+            }
+            # if ($userObjectFromTable.certInfo.deployed)
+            # $userObjectFromTable.certInfo.deployed = $true
+            # $userObjectFromTable.certInfo.deploymentDate = (Get-Date)
+            # invoke the command
         }
     }
 
diff --git a/scripts/automation/Radius/Functions/Private/UserTable/Get-UserFromTable.ps1 b/scripts/automation/Radius/Functions/Private/UserTable/Get-UserFromTable.ps1
index 0b6f5f433..a2c43bb67 100644
--- a/scripts/automation/Radius/Functions/Private/UserTable/Get-UserFromTable.ps1
+++ b/scripts/automation/Radius/Functions/Private/UserTable/Get-UserFromTable.ps1
@@ -32,14 +32,14 @@ function Get-UserFromTable {
             $userIndex = $userArray.userid.IndexOf($userid)
             if ($userIndex -ge 0) {
                 $userArrayObject = $userArray[$userIndex]
-                Write-Host "[status] $($userObject.username) found in users.json at index: $userIndex "
+                # Write-Host "[status] $($userObject.username) found in users.json at index: $userIndex "
             } else {
                 throw
             }
         } catch {
             # otherwise plan to append
             $userIndex = $null
-            Write-Host "[status] $($userObject.username) not found in users.json"
+            # Write-Host "[status] $($userObject.username) not found in users.json"
         }
     }
     end {
diff --git a/scripts/automation/Radius/Functions/Private/UserTable/Set-UserTable.ps1 b/scripts/automation/Radius/Functions/Private/UserTable/Set-UserTable.ps1
index ef87799a3..973164c73 100644
--- a/scripts/automation/Radius/Functions/Private/UserTable/Set-UserTable.ps1
+++ b/scripts/automation/Radius/Functions/Private/UserTable/Set-UserTable.ps1
@@ -29,8 +29,6 @@ function Set-UserTable {
         if ($PSBoundParameters.ContainsKey('index')) {
             $userIndex = $index
             $userObject = $userArray[$index]
-            Write-Warning "this is the old object"
-            $userObject
         }
         if (($PSBoundParameters.ContainsKey('lookup'))) {
             # Get User From Table
@@ -65,9 +63,6 @@ function Set-UserTable {
             commandAssociations = $commandAssociationsInfo
             certInfo            = $certInfo
         }
-        Write-Warning "this is the new object"
-        $userTable
-
         # set the user table to new object
         $userArray[$userIndex] = $userTable
 
diff --git a/scripts/automation/Radius/Functions/Private/commands/invoke-commandByUserId.ps1 b/scripts/automation/Radius/Functions/Private/commands/invoke-commandByUserId.ps1
index f89e9051f..cde84b1e3 100644
--- a/scripts/automation/Radius/Functions/Private/commands/invoke-commandByUserId.ps1
+++ b/scripts/automation/Radius/Functions/Private/commands/invoke-commandByUserId.ps1
@@ -34,12 +34,10 @@ function invoke-commandByUserid {
         }
         # invoke commands
         If ($macOS_commandId) {
-            Write-Warning "running command: Start-JCSDKCommand -id $($macOS_commandId) -SystemIDs $macOSArray"
             $macInvokedCommands = Start-JcSdkCommand -Id $macOS_commandId -SystemIds $macOSArray
         }
 
         if ($windows_commandId) {
-            Write-Warning "running command: Start-JCSDKCommand -id $($windows_commandId) -SystemIDs $windowsArray"
             $windowsInvokedCommands = Start-JcSdkCommand -Id $windows_commandId -SystemIds $windowsArray
         }
     }
diff --git a/scripts/automation/Radius/Functions/Private/menus/Show-DistributionMenu.ps1 b/scripts/automation/Radius/Functions/Private/menus/Show-DistributionMenu.ps1
new file mode 100644
index 000000000..00d94352b
--- /dev/null
+++ b/scripts/automation/Radius/Functions/Private/menus/Show-DistributionMenu.ps1
@@ -0,0 +1,41 @@
+function Show-DistributionMenu {
+    [CmdletBinding()]
+    param (
+        [Parameter()]
+        [System.Object]
+        $certObjectArray
+    )
+    begin {
+        # $userCertInfo = (Get-Content -Raw -Path "$JCScriptRoot/users.json" | ConvertFrom-Json -Depth 10).certInfo
+    }
+    process {
+
+
+        $title = ' JumpCloud Radius Cert Deployment '
+        Clear-Host
+        Write-Host $(PadCenter -string $Title -char '=')
+        Write-Host $(PadCenter -string "Select an option below to deploy user certificates to systems`n" -char ' ') -ForegroundColor Yellow
+        # deployment progress of newly generated certs
+        if ($userCertInfo) {
+
+            Write-Host $(PadCenter -string ' Certificate Information ' -char '-')
+            Write-Host "Total # of local user certificates:" $userCertInfo.count
+            Write-Host "Total # of already distributed certificates:" ($userCertInfo | Where-Object { $_.deployed -eq $true }).count
+            Write-Host "Total # of un-deployed certificates:" ($userCertInfo | Where-Object { ( $_.deployed -eq $false) -or (-not $_.deployed) }).count
+
+        }
+        # ==== instructions ====
+        # TODO: move notes from below into a more legible location
+        Write-Host $(PadCenter -string ' User Certificate Deployment Options ' -char '-')
+        # List options:
+        Write-Host "1: Press '1' to generate new commands for ALL users. `n`t$([char]0x1b)[96mNOTE: This will remove any previously generated Radius User Certificate Commands titled 'RadiusCert-Install:*'`n`tand re-deploy their certificate file"
+        Write-Host "2: Press '2' to generate new commands for NEW RADIUS users. `n`t$([char]0x1b)[96mNOTE: This will only generate commands for users whos certificate has not been deployed."
+        Write-Host "3: Press '3' to generate new commands for ONE Specific RADIUS user."
+        Write-Host "E: Press 'E' to exit."
+
+        Write-Host $(PadCenter -string "-" -char '-')
+    }
+    end {
+
+    }
+}
\ No newline at end of file
diff --git a/scripts/automation/Radius/Functions/Private/menus/Show-GenerationMenu.ps1 b/scripts/automation/Radius/Functions/Private/menus/Show-GenerationMenu.ps1
new file mode 100644
index 000000000..7df846486
--- /dev/null
+++ b/scripts/automation/Radius/Functions/Private/menus/Show-GenerationMenu.ps1
@@ -0,0 +1,24 @@
+function Show-GenerationMenu {
+    $title = ' JumpCloud Radius Cert Deployment '
+    Clear-Host
+    Write-Host $(PadCenter -string $Title -char '=')
+    Write-Host $(PadCenter -string "Select an option below to generate/regenerate user certificates`n" -char ' ') -ForegroundColor Yellow
+    # ==== instructions ====
+    # TODO: move notes from below into a more legible location
+    # Write-Host $(PadCenter -string "$([char]0x1b)[96m[]: This will only generate certificates for users who do not have a certificate file yet.`n" -char ' ')
+
+    if ($Global:expiringCerts) {
+        Write-Host $(PadCenter -string ' Certs Expiring Soon ' -char '-')
+        $Global:expiringCerts | Format-Table -Property username, @{name = 'Remaining Days'; expression = { (New-TimeSpan -Start (Get-Date) -End ("$($_.notAfter)")).Days } }, @{name = "Expires On"; expression = { $_.notAfter } }
+    }
+
+    Write-Host $(PadCenter -string ' User Certificate Generation Options ' -char '-')
+    # List Options
+    Write-Host "1: Press '1' to generate new certificates for NEW RADIUS users. `n`t$([char]0x1b)[96mNOTE: This will only generate certificates for users who do not have a certificate file yet."
+    Write-Host "2: Press '2' to generate new certificates for ONE RADIUS user. `n`t$([char]0x1b)[96mNOTE: you will be prompted to overwrite any previously generated certificates"
+    Write-Host "3: Press '3' to re-generate new certificates for ALL users. `n`t$([char]0x1b)[96mNOTE: This will overwrite any local generated certificates"
+    Write-Host "4: Press '4' to re-generate new certificates for users who's cert is set to expire shortly. `n`t$([char]0x1b)[96mNOTE: This will overwrite any local generated certificates"
+    Write-Host "E: Press 'E' to exit."
+
+    Write-Host $(PadCenter -string "-" -char '-')
+}
\ No newline at end of file
diff --git a/scripts/automation/Radius/Functions/Private/menus/Show-ProgressBarText.ps1 b/scripts/automation/Radius/Functions/Private/menus/Show-ProgressBarText.ps1
new file mode 100644
index 000000000..fe4708e4b
--- /dev/null
+++ b/scripts/automation/Radius/Functions/Private/menus/Show-ProgressBarText.ps1
@@ -0,0 +1,13 @@
+Function Show-ProgressBarText {
+    param(
+        [int]$completedItems,
+        [int]$totalItems,
+        [string]$actionText
+    )
+    $pComplete = ($completedItems / $totalItems) * 100
+    $barLength = [math]::Ceiling((($pComplete / 100)) * 30)
+
+    $pbar = "[" + ('▯' * $barLength) + (' ' * (30 - $barLength)) + "]"
+    $pmessage = "${actionText}: $completedItems out of $TotalItems ($pComplete%) $pbar"
+    Write-Host $pmessage -NoNewline
+}
\ No newline at end of file
diff --git a/scripts/automation/Radius/Functions/Private/menus/Show-StatusMessage.ps1 b/scripts/automation/Radius/Functions/Private/menus/Show-StatusMessage.ps1
new file mode 100644
index 000000000..797d7b7cc
--- /dev/null
+++ b/scripts/automation/Radius/Functions/Private/menus/Show-StatusMessage.ps1
@@ -0,0 +1,12 @@
+function Show-StatusMessage {
+    [CmdletBinding()]
+    param (
+        # Parameter help description
+        [Parameter()]
+        [System.String]
+        $message
+    )
+    Write-Host "`r"
+    write-host "[status] - $message"
+    start-sleep 1
+}
\ No newline at end of file
diff --git a/scripts/automation/Radius/Functions/Private/settings/Update-JCRUsersJson.ps1 b/scripts/automation/Radius/Functions/Private/settings/Update-JCRUsersJson.ps1
index ccb79c2b8..c81477311 100644
--- a/scripts/automation/Radius/Functions/Private/settings/Update-JCRUsersJson.ps1
+++ b/scripts/automation/Radius/Functions/Private/settings/Update-JCRUsersJson.ps1
@@ -12,8 +12,9 @@ function Update-JCRUsersJson {
         # validate that the system association data is correct in users.json:
         $userArray = Get-Content -Raw -Path "$JCScriptRoot/users.json" | ConvertFrom-Json -Depth 6
         foreach ($userid in $Global:JCRRadiusMembers.keys) {
+
             $MatchedUser = $GLOBAL:JCRUsers[$userid]
-            Write-Host "checking out $($MatchedUser.username) userid: $userid"
+            Show-ProgressBarText -completedItems $Global:JCRRadiusMembers.keys.IndexOf($userid) -totalItems ($Global:JCRRadiusMembers.keys).count -ActionText "Updating latest Radius group membership"
             $userArrayObject, $userIndex = Get-UserFromTable -userID $userid -jsonFilePath "$JCScriptRoot/users.json"
 
             if ($userIndex -ge 0) {
@@ -36,6 +37,8 @@ function Update-JCRUsersJson {
                 #     # $userTable = New-UserTable -id $userid -username $MatchedUser.username -localUsername $matchedUser.systemUsername
                 #     # Update-JsonData -jsonFilePath "$JCScriptRoot/users.json" -userID $userID -updatedUserTable $userTable
                 # }
+                Write-Host "`r" -NoNewline
+
             } else {
                 # case for new user
                 New-UserTable -id $userid -username $MatchedUser.username -localUsername $matchedUser.systemUsername
@@ -54,6 +57,7 @@ function Update-JCRUsersJson {
             }
             # Remove the User From Table
         }
+        Show-StatusMessage -message "Finished pulling radius group membership updates"
     }
     end {
         $userArray | ConvertTo-Json -Depth 6 | Set-Content -Path "$JCScriptRoot/users.json"
diff --git a/scripts/automation/Radius/Functions/Public/Distribute-UserCerts.ps1 b/scripts/automation/Radius/Functions/Public/Distribute-UserCerts.ps1
index 082066452..58c02817d 100644
--- a/scripts/automation/Radius/Functions/Public/Distribute-UserCerts.ps1
+++ b/scripts/automation/Radius/Functions/Public/Distribute-UserCerts.ps1
@@ -1,533 +1,84 @@
 # Import Global Config:
-. "$JCScriptRoot/config.ps1"
-Connect-JCOnline $JCAPIKEY -force
+# . "$JCScriptRoot/config.ps1"
+# Connect-JCOnline $JCAPIKEY -force
 
 ################################################################################
 # Do not modify below
 ################################################################################
 
-# Import the functions
-# Import-Module "$JCScriptRoot/Functions/JCRadiusCertDeployment.psm1" -DisableNameChecking -Force
-
 # Import the users.json file and convert to PSObject
 $userArray = Get-Content -Raw -Path "$JCScriptRoot/users.json" | ConvertFrom-Json -Depth 10
 
 # TODO: surface this information
 # Check to see if previous commands exist
-$SearchFilter = @{
-    searchTerm = "RadiusCert-Install:"
-    fields     = @('name')
-}
-$RadiusCertCommands = Search-JcSdkCommand -SearchFilter $SearchFilter -Fields name
-# $RadiusCertCommands = Get-JCCommand -returnProperties name | Where-Object { $_.Name -like 'RadiusCert-Install*' }
-# Split out the username from the commands so we can tell which users do not have a command already
-$RadiusCertCommandList = New-Object System.Collections.ArrayList
-foreach ($command in $RadiusCertCommands) {
-    $commandSplit = $command.name.split(':')
-    $RadiusCertCommandList.Add([PSCustomObject]@{
-            CommandName = $command.name
-            Username    = $commandSplit[1]
-            CommandID   = $command._id
-        }) | Out-Null
-}
-$existingCommandUsers = $RadiusCertCommandList.Username | Get-Unique
-$newRadiusUsers = (Compare-Object $userarray.username $existingCommandUsers).InputObject
+# $SearchFilter = @{
+#     searchTerm = "RadiusCert-Install:"
+#     fields     = @('name')
+# }
+# $RadiusCertCommands = Search-JcSdkCommand -SearchFilter $SearchFilter -Fields name
+
+# $RadiusCertCommandList = New-Object System.Collections.ArrayList
+# foreach ($command in $RadiusCertCommands) {
+#     $commandSplit = $command.name.split(':')
+#     $RadiusCertCommandList.Add([PSCustomObject]@{
+#             CommandName = $command.name
+#             Username    = $commandSplit[1]
+#             CommandID   = $command._id
+#         }) | Out-Null
+# }
+# $existingCommandUsers = $RadiusCertCommandList.Username | Get-Unique
+# $newRadiusUsers = (Compare-Object $userarray.username $existingCommandUsers).InputObject
 
 # TODO: revamp with menu screen
 # TODO: generate new commands for a single user
 # TODO: why this if statement here:
-if ($RadiusCertCommands.Count -ge 1) {
-    Write-Host "[status] $([char]0x1b)[96mRadiusCert commands detected, please make a selection."
-    Write-Host "1: Press '1' to generate new commands for ALL users. $([char]0x1b)[96mNOTE: This will remove any previously generated Radius User Certificate Commands titled 'RadiusCert-Install:*'"
-    Write-Host "2: Press '2' to generate new commands for NEW RADIUS users. $([char]0x1b)[96mNOTE: This will only generate commands for users who did not have a cert previously"
-    Write-Host "3: Press '3' to generate new commands for ONE Specific RADIUS user."
-    Write-Host "E: Press 'E' to exit."
-    do {
-        $confirmation = Read-Host "Please make a selection"
-
-        switch ($confirmation) {
-            '1' {
-                # Get queued commands
-                $queuedCommands = Get-JCQueuedCommands
-                # Clear any queued commands for old RadiusCert commands
-                foreach ($command in $RadiusCertCommands) {
-                    if ($command._id -in $queuedCommands.command) {
-                        $queuedCommandInfo = $queuedCommands | Where-Object command -EQ $command._id
-                        Clear-JCQueuedCommand -workflowId $queuedCommandInfo.id
-                    }
-                }
-                Write-Host "[status] Removing $($RadiusCertCommands.Count) commands"
-                # Delete previous commands
-                $RadiusCertCommands | Remove-JCCommand -force | Out-Null
-                # Clean up users.json array
-                $userArray | ForEach-Object { $_.commandAssociations = @() }
-                $confirmation = 'E'
+do {
+    Show-DistributionMenu -CertObjectArray $userArray.certInfo
+    $confirmation = Read-Host "Please make a selection"
+
+    switch ($confirmation) {
+        '1' {
+            for ($i = 0; $i -lt $userArray.Count; $i++) {
+                <# Action that will repeat until the condition is met #>
+                Show-ProgressBarText -completedItems $i -totalItems $userArray.Count -ActionText "Distributing Radius Certificates"
+                $var = Deploy-UserCertificate -userObject $userArray[$i] -force | Out-Null
+                Write-Host "`r" -NoNewline
             }
-            '2' {
-                If ($newRadiusUsers) {
-                    $UserSelectionArray = foreach ($user in $newRadiusUsers) {
-                        $userArray | where-Object { $_.username -eq $user }
-                    }
-                }
-                # $userArray
-                Write-Host "[status] Proceeding with execution"
-                $confirmation = 'E'
+            Show-StatusMessage -Message "Finished Distributing Certificates"
+        }
+        '2' {
+            $usersWithoutLatestCert = $userArray | Where-Object { ( $_.deployed -eq $false) -or (-not $_.deployed) }
+
+            for ($i = 0; $i -lt $usersWithoutLatestCert.Count; $i++) {
+                <# Action that will repeat until the condition is met #>
+                Show-ProgressBarText -completedItems $i -totalItems $usersWithoutLatestCert.Count -ActionText "Distributing Radius Certificates"
+                $var = Deploy-UserCertificate -userObject $usersWithoutLatestCert[$i] -force | Out-Null
+                Write-Host "`r" -NoNewline
             }
-            '3' {
-                try {
-                    Clear-Variable -Name "ConfirmUser" -ErrorAction Ignore
-                } catch {
-                    New-Variable -Name "ConfirmUser" -Value $null
-                }
-                while (-not $confirmUser) {
-                    # TODO: Offer option to go back a step and exit the while loop
-                    $confirmationUser = Read-Host "Enter the Username or UserID of the user"
-                    $confirmUser = Test-UserFromHash -username $confirmationUser -debug
-                }
+            Show-StatusMessage -Message "Finished Distributing Certificates"
 
-                # Get the userobject + index from users.json
-                $userObject, $userIndex = Get-UserFromTable -jsonFilePath "$JCScriptRoot/users.json" -userID $confirmUser.id
-                # $userArrayIndex = $userArray.username.IndexOf($confirmUser.username)
-                $UserSelectionArray = $userArray[$userIndex]
-                # # $UserSelectionArray = $userArray | where-Object { $_.username -eq $confirmUser.username }
-                # # Get queued commands
-                # $queuedCommands = Get-JCQueuedCommands | Where-Object { $_.name -match $confirmUser.username }
-                # # Clear any queued commands for old RadiusCert commands
-                # foreach ($command in $RadiusCertCommands) {
-                #     if ($command._id -in $queuedCommands.command) {
-                #         $queuedCommandInfo = $queuedCommands | Where-Object command -EQ $command._id
-                #         Clear-JCQueuedCommand -workflowId $queuedCommandInfo.id
-                #     }
-                # }
-                # $RadiusCertCommands = $RadiusCertCommands | Where-Object { $_.name -match $confirmUser.username }
-                # Write-Host "[status] Removing $($RadiusCertCommands.Count) commands"
-                # # Delete previous commands
-                # $RadiusCertCommands | Remove-JCCommand -force | Out-Null
-                # # Clean up users.json array
-                # $UserSelectionArray | ForEach-Object { $_.commandAssociations = @() }
-                Deploy-UserCertificate -userObject $UserSelectionArray
+        }
+        '3' {
+            try {
+                Clear-Variable -Name "ConfirmUser" -ErrorAction Ignore
+            } catch {
+                New-Variable -Name "ConfirmUser" -Value $null
             }
+            while (-not $confirmUser) {
+                # TODO: Offer option to go back a step and exit the while loop
+                $confirmationUser = Read-Host "Enter the Username or UserID of the user"
+                $confirmUser = Test-UserFromHash -username $confirmationUser -debug
+            }
+            # Get the userobject + index from users.json
+            $userObject, $userIndex = Get-UserFromTable -jsonFilePath "$JCScriptRoot/users.json" -userID $confirmUser.id
+            # Add user to a list for processing
+            $UserSelectionArray = $userArray[$userIndex]
+            # Process existing commands/ Generate new commands/ Deploy new Certificate
+            Deploy-UserCertificate -userObject $UserSelectionArray
         }
-    } while ($confirmation -ne 'E')
-}
-
-# Create commands for each user
-# foreach ($user in $UserSelectionArray) {
-
-#     #### Begin removal of queued commands + existing command:
-#     # TODO: get existing command for the user + remove
-#     Write-Warning "clearing existing commands for $($user.username)"
-#     $radiusCommandsByUser = Get-CommandByUsername -username $user.username
-#     foreach ($command in $radiusCommandsByUser) {
-#         Remove-JcSdkCommand -Id $command.id | Out-Null
-#     }
-#     Write-Warning "clearing queued commands for $($user.username)"
-#     # TODO: get queued command for the user + remove
-#     $queuedRadiusCommandsByUser = Get-queuedCommandByUser -username $user.username
-#     foreach ($queuedCommand in $queuedRadiusCommandsByUser) {
-#         Clear-JCQueuedCommand -workflowId $queuedCommand.id | Out-Null
-#     }
-#     # now clear out the user command associations from users.json
-#     $User.commandAssociations = @()
-#     #### End removal of queued commands + existing command
-#     Write-Warning "PROCESSING:"
-#     $user
-#     Write-Warning "..."
-#     # Get certificate and zip to upload to Commands
-#     $userCertFiles = Get-ChildItem -Path "$JCScriptRoot/UserCerts" -Filter "$($user.userName)-*"
-#     # set crt and pfx filepaths
-#     $userCrt = ($userCertFiles | Where-Object { $_.Name -match "crt" }).FullName
-#     $userPfx = ($userCertFiles | Where-Object { $_.Name -match "pfx" }).FullName
-#     # define .zip name
-#     $userPfxZip = "$JCScriptRoot/UserCerts/$($user.userName)-client-signed.zip"
-#     # get certInfo for commands:
-#     $certInfo = Get-CertInfo -UserCerts -username $user.username
-
-#     # $certInfo = Invoke-Expression "$opensslBinary x509 -in $($userCrt) -enddate -serial -subject -issuer -noout"
-#     # $certHash = @{}
-#     # $certInfo | ForEach-Object {
-#     #     $property = $_ | ConvertFrom-StringData
-#     #     $certHash += $property
-#     # }
-#     switch ($certType) {
-#         'EmailSAN' {
-#             # set cert identifier to SAN email of cert
-#             $sanID = Invoke-Expression "$opensslBinary x509 -in $($userCrt) -ext subjectAltName -noout"
-#             $regex = 'email:(.*?)$'
-#             $subjMatch = Select-String -InputObject "$($sanID)" -Pattern $regex
-#             $certIdentifier = $subjMatch.matches.Groups[1].value
-#             # in macOS search user certs by email
-#             $macCertSearch = 'e'
-#         }
-#         'EmailDN' {
-#             # Else set cert identifier to email of cert subject
-#             $regex = 'emailAddress = (.*?)$'
-#             $subjMatch = Select-String -InputObject "$($certHash.Subject)" -Pattern $regex
-#             $certIdentifier = $subjMatch.matches.Groups[1].value
-#             # in macOS search user certs by email
-#             $macCertSearch = 'e'
-#         }
-#         'UsernameCn' {
-#             # if username just set cert identifier to username
-#             $certIdentifier = $($user.userName)
-#             # in macOS search user certs by common name (username)
-#             $macCertSearch = 'c'
-#         }
-#     }
-#     # Create the zip
-#     Compress-Archive -Path $userPfx -DestinationPath $userPfxZip -CompressionLevel NoCompression -Force
-#     # Find OS of System
-#     switch ($user.systemAssociations.device_os) {
-#         'macOS' {
-#             # Get the macOS system ids
-#             $systemIds = $user.systemAssociations | Where-Object { $_.osFamily -eq 'macOS' } | Select-Object systemId
-
-#             # Check to see if previous commands exist
-#             $Command = Get-JCCommand -name "RadiusCert-Install:$($user.userName):MacOSX"
-
-#             if ($Command.Count -ge 1) {
-#                 $confirmation = Write-Host "[status] RadiusCert-Install:$($user.userName):MacOSX command already exists, skipping..."
-#                 continue
-#             }
-
-#             # Create new Command and upload the signed pfx
-#             try {
-#                 $CommandBody = @{
-#                     Name              = "RadiusCert-Install:$($user.userName):MacOSX"
-#                     Command           = @"
-# unzip -o /tmp/$($user.userName)-client-signed.zip -d /tmp
-# chmod 755 /tmp/$($user.userName)-client-signed.pfx
-# currentUser=`$(/usr/bin/stat -f%Su /dev/console)
-# currentUserUID=`$(id -u "`$currentUser")
-# currentCertSN="$($certHash.serial)"
-# networkSsid="$($NETWORKSSID)"
-# # store orig case match value
-# caseMatchOrigValue=`$(shopt -p nocasematch; true)
-# # set to case-insensitive
-# shopt -s nocasematch
-# userCompare="$($user.localUsername)"
-# if [[ "`$currentUser" ==  "`$userCompare" ]]; then
-#     # restore case match type
-#     `$caseMatchOrigValue
-#     certs=`$(security find-certificate -a -$($macCertSearch) "$($certIdentifier)" -Z /Users/$($user.localUsername)/Library/Keychains/login.keychain)
-#     regexSHA='SHA-1 hash: ([0-9A-F]{5,40})'
-#     regexSN='"snbr"<blob>=0x([0-9A-F]{5,40})'
-#     global_rematch() {
-#         # Set local variables
-#         local s=`$1 regex=`$2
-#         # While string matches regex expression
-#         while [[ `$s =~ `$regex ]]; do
-#             # Echo out the match
-#             echo "`${BASH_REMATCH[1]}"
-#             # Remove the string
-#             s=`${s#*"`${BASH_REMATCH[1]}"}
-#         done
-#     }
-#     # Save results
-#     # Get Text Results
-#     textSHA=`$(global_rematch "`$certs" "`$regexSHA")
-#     # Set as array for SHA results
-#     arraySHA=(`$textSHA)
-#     # Get Text Results
-#     textSN=`$(global_rematch "`$certs" "`$regexSN")
-#     # Set as array for SN results
-#     arraySN=(`$textSN)
-#     # set import var
-#     import=true
-#     if [[ `${#arraySN[@]} == `${#arraySHA[@]} ]]; then
-#         len=`${#arraySN[@]}
-#         for (( i=0; i<`$len; i++ )); do
-#             if [[ `$currentCertSN == `${arraySN[`$i]} ]]; then
-#                 echo "Found Cert: SN: `${arraySN[`$i]} SHA: `${arraySHA[`$i]}"
-#                 installedCertSN=`${arraySN[`$i]}
-#                 installedCertSHA=`${arraySHA[`$i]}
-#                 # if cert is installed, no need to update
-#                 import=false
-#             else
-#                 echo "Removing previously installed radius cert:"
-#                 echo "SN: `${arraySN[`$i]} SHA: `${arraySHA[`$i]}"
-#                 security delete-certificate -Z "`${arraySHA[`$i]}" /Users/$($user.localUsername)/Library/Keychains/login.keychain
-#             fi
-#         done
-
-#     else
-#         echo "array length mismatch, will not delete old certs"
-#     fi
-
-#     if [[ `$import == true ]]; then
-#         /bin/launchctl asuser "`$currentUserUID" sudo -iu "`$currentUser" /usr/bin/security import /tmp/$($user.userName)-client-signed.pfx -x -k /Users/$($user.localUsername)/Library/Keychains/login.keychain -P $JCUSERCERTPASS -T "/System/Library/SystemConfiguration/EAPOLController.bundle/Contents/Resources/eapolclient"
-#         if [[ `$? -eq 0 ]]; then
-#             echo "Import Success"
-#             # get the SHA hash of the newly imported cert
-#             installedCertSN=`$(/bin/launchctl asuser "`$currentUserUID" sudo -iu "`$currentUser" /usr/bin/security find-certificate -$($macCertSearch) "$($certIdentifier)" -Z /Users/$($user.localUsername)/Library/Keychains/login.keychain | grep snbr | awk '{print `$1}' | sed 's/"snbr"<blob>=0x//g')
-#             if [[ `$installedCertSN == `$currentCertSN ]]; then
-#                 installedCertSHA=`$(/bin/launchctl asuser "`$currentUserUID" sudo -iu "`$currentUser" /usr/bin/security find-certificate -$($macCertSearch) "$($certIdentifier)" -Z /Users/$($user.localUsername)/Library/Keychains/login.keychain | grep SHA-1 | awk '{print `$3}')
-#             fi
-
-#         else
-#             echo "import failed"
-#             exit 4
-#         fi
-#     else
-#         echo "cert already imported"
-#     fi
-
-#     # check if the cert secruity preference is set:
-#     IFS=';' read -ra network <<< "`$networkSsid"
-#     for i in "`${network[@]}"; do
-#         echo "begin setting network SSID: `$i"
-#         if /bin/launchctl asuser "`$currentUserUID" sudo -iu "`$currentUser" /usr/bin/security get-identity-preference -s "com.apple.network.eap.user.identity.wlan.ssid.`$i" -Z "`$installedCertSHA"; then
-#             echo "it was already set"
-#         else
-#             echo "certificate not linked from SSID: `$i to certSN: `$currentCertSN, setting now"
-#             /bin/launchctl asuser "`$currentUserUID" sudo -iu "`$currentUser" /usr/bin/security set-identity-preference -s "com.apple.network.eap.user.identity.wlan.ssid.`$i" -Z "`$installedCertSHA"
-#             if [[ `$? -eq 0 ]]; then
-#             echo "SSID: `$i and certificate linked"
-#             else
-#                 echo "Could not associate SSID: `$i and certifiacte"
-#             fi
-#         fi
-#     done
-
-#     # print results
-#     echo "################## Cert Install Results ##################"
-#     echo "Installed Cert SN: `$installedCertSN"
-#     echo "Installed Cert SHA1: `$installedCertSHA"
-#     echo "##########################################################"
-
-#     # Finally clean up files
-#     if [[ -f "/tmp/$($user.userName)-client-signed.zip" ]]; then
-#         echo "Removing Temp Zip"
-#         rm "/tmp/$($user.userName)-client-signed.zip"
-#     fi
-#     if [[ -f "/tmp/$($user.userName)-client-signed.pfx" ]]; then
-#         echo "Removing Temp Pfx"
-#         rm "/tmp/$($user.userName)-client-signed.pfx"
-#     fi
-# else
-#     # restore case match type
-#     `$caseMatchOrigValue
-#     echo "Current logged in user, `$currentUser, does not match expected certificate user. Please ensure $($user.localUsername) is signed in and retry"
-#     # Finally clean up files
-#     if [[ -f "/tmp/$($user.userName)-client-signed.zip" ]]; then
-#         echo "Removing Temp Zip"
-#         rm "/tmp/$($user.userName)-client-signed.zip"
-#     fi
-#     if [[ -f "/tmp/$($user.userName)-client-signed.pfx" ]]; then
-#         echo "Removing Temp Pfx"
-#         rm "/tmp/$($user.userName)-client-signed.pfx"
-#     fi
-#     exit 4
-# fi
-
-# "@
-#                     launchType        = "trigger"
-#                     User              = "000000000000000000000000"
-#                     trigger           = "RadiusCertInstall"
-#                     commandType       = "mac"
-#                     timeout           = 600
-#                     TimeToLiveSeconds = 864000
-#                     files             = (New-JCCommandFile -certFilePath $userPfxZip -FileName "$($user.userName)-client-signed.zip" -FileDestination "/tmp/$($user.userName)-client-signed.zip")
-#                 }
-#                 $NewCommand = New-JcSdkCommand @CommandBody
-
-#                 # Find newly created command and add system as target
-#                 # TODO: Condition for duplicate commands
-#                 $Command = Get-JCCommand -name "RadiusCert-Install:$($user.userName):MacOSX"
-#                 $systemIds | ForEach-Object { Set-JcSdkCommandAssociation -CommandId:("$($Command._id)") -Op 'add' -Type:('system') -Id:("$($_.systemId)") | Out-Null }
-#             } catch {
-#                 throw $_
-#             }
-
-#             $CommandTable = [PSCustomObject]@{
-#                 commandId            = $command._id
-#                 commandName          = $command.name
-#                 commandPreviouslyRun = $false
-#                 commandQueued        = $false
-#                 systems              = $systemIds
-#             }
-
-#             $user.commandAssociations += $CommandTable
+    }
+} while ($confirmation -ne 'E')
 
-#             Write-Host "[status] Successfully created $($Command.name): User - $($user.userName); OS - Mac OS X"
 
-#         }
-#         'Windows' {
-#             # Get the Windows system ids
-#             $systemIds = $user.systemAssociations | Where-Object { $_.osFamily -eq 'Windows' } | Select-Object systemId
-
-#             # Check to see if previous commands exist
-#             $Command = Get-JCCommand -name "RadiusCert-Install:$($user.userName):Windows"
-
-#             if ($Command.Count -ge 1) {
-#                 $confirmation = Write-Host "[status] RadiusCert-Install:$($user.userName):Windows command already exists, skipping..."
-#                 continue
-#             }
-
-#             # Create new Command and upload the signed pfx
-#             try {
-#                 $CommandBody = @{
-#                     Name              = "RadiusCert-Install:$($user.userName):Windows"
-#                     Command           = @"
-# `$ErrorActionPreference = "Stop"
-# [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
-# `$PkgProvider = Get-PackageProvider
-# If ("Nuget" -notin `$PkgProvider.Name){
-#     Install-PackageProvider -Name NuGet -Force
-# }
-# `$CurrentUser = (Get-WMIObject -ClassName Win32_ComputerSystem).Username
-# if ( -Not [string]::isNullOrEmpty(`$CurrentUser) ){
-#     `$CurrentUser = `$CurrentUser.Split('\')[1]
-# } else {
-#     `$CurrentUser = `$null
-# }
-# if (`$CurrentUser -eq "$($user.localUsername)") {
-#     if (-not(Get-InstalledModule -Name RunAsUser -errorAction "SilentlyContinue")) {
-#         Write-Host "RunAsUser Module not installed, Installing..."
-#         Install-Module RunAsUser -Force
-#         Import-Module RunAsUser -Force
-#     } else {
-#         Write-Host "RunAsUser Module installed, importing into session..."
-#         Import-Module RunAsUser -Force
-#     }
-#     # create temp new radius directory
-#     If (Test-Path "C:\RadiusCert"){
-#         Write-Host "Radius Temp Cert Directory Exists"
-#     } else {
-#         New-Item "C:\RadiusCert" -itemType Directory
-#     }
-#     # expand archive as root and copy to temp location
-#     Expand-Archive -LiteralPath C:\Windows\Temp\$($user.userName)-client-signed.zip -DestinationPath C:\RadiusCert -Force
-#     `$password = ConvertTo-SecureString -String $JCUSERCERTPASS -AsPlainText -Force
-#     `$ScriptBlockInstall = { `$password = ConvertTo-SecureString -String $JCUSERCERTPASS -AsPlainText -Force
-#     Import-PfxCertificate -Password `$password -FilePath "C:\RadiusCert\$($user.userName)-client-signed.pfx" -CertStoreLocation Cert:\CurrentUser\My
-#     }
-#     `$imported = Get-PfxData -Password `$password -FilePath "C:\RadiusCert\$($user.userName)-client-signed.pfx"
-#     # Get Current Certs As User
-#     `$ScriptBlockCleanup = {
-#         `$certs = Get-ChildItem Cert:\CurrentUser\My\
-
-#         foreach (`$cert in `$certs){
-#             if (`$cert.subject -match "$($certIdentifier)") {
-#                 if (`$(`$cert.serialNumber) -eq "$($certHash.serial)"){
-#                     write-host "Found Cert:``nCert SN: `$(`$cert.serialNumber)"
-#                 } else {
-#                     write-host "Removing Cert:``nCert SN: `$(`$cert.serialNumber)"
-#                     Get-ChildItem "Cert:\CurrentUser\My\`$(`$cert.thumbprint)" | remove-item
-#                 }
-#             }
-#         }
-#     }
-#     `$scriptBlockValidate = {
-#         if (Get-ChildItem Cert:\CurrentUser\My\`$(`$imported.thumbrprint)){
-#             return `$true
-#         } else {
-#             return `$false
-#         }
-#     }
-#     Write-Host "Importing Pfx Certificate for $($user.userName)"
-#     `$certInstall = Invoke-AsCurrentUser -ScriptBlock `$ScriptBlockInstall -CaptureOutput
-#     `$certInstall
-#     Write-Host "Cleaning Up Previously Installed Certs for $($user.userName)"
-#     `$certCleanup = Invoke-AsCurrentUser -ScriptBlock `$ScriptBlockCleanup -CaptureOutput
-#     `$certCleanup
-#     Write-Host "Validating Installed Certs for $($user.userName)"
-#     `$certValidate = Invoke-AsCurrentUser -ScriptBlock `$scriptBlockValidate -CaptureOutput
-#     write-host `$certValidate
-
-#     # finally clean up temp files:
-#     If (Test-Path "C:\Windows\Temp\$($user.userName)-client-signed.zip"){
-#         Remove-Item "C:\Windows\Temp\$($user.userName)-client-signed.zip"
-#     }
-#     If (Test-Path "C:\RadiusCert\$($user.userName)-client-signed.pfx"){
-#         Remove-Item "C:\RadiusCert\$($user.userName)-client-signed.pfx"
-#     }
-
-#     # Lastly validate if the cert was installed
-#     if (`$certValidate.Trim() -eq "True"){
-#         Write-Host "Cert was installed"
-#     } else {
-#         Throw "Cert was not installed"
-#     }
-# } else {
-#     if (`$CurrentUser -eq `$null){
-#         Write-Host "No users are signed into the system. Please ensure $($user.userName) is signed in and retry."
-#     } else {
-#         Write-Host "Current logged in user, `$CurrentUser, does not match expected certificate user. Please ensure $($user.localUsername) is signed in and retry."
-#     }
-#     # finally clean up temp files:
-#     If (Test-Path "C:\Windows\Temp\$($user.userName)-client-signed.zip"){
-#         Remove-Item "C:\Windows\Temp\$($user.userName)-client-signed.zip"
-#     }
-#     If (Test-Path "C:\RadiusCert\$($user.userName)-client-signed.pfx"){
-#         Remove-Item "C:\RadiusCert\$($user.userName)-client-signed.pfx"
-#     }
-#     exit 4
-# }
-# "@
-#                     launchType        = "trigger"
-#                     trigger           = "RadiusCertInstall"
-#                     commandType       = "windows"
-#                     shell             = "powershell"
-#                     timeout           = 600
-#                     TimeToLiveSeconds = 864000
-#                     files             = (New-JCCommandFile -certFilePath $userPfxZip -FileName "$($user.userName)-client-signed.zip" -FileDestination "C:\Windows\Temp\$($user.userName)-client-signed.zip")
-#                 }
-#                 $NewCommand = New-JcSdkCommand @CommandBody
-
-#                 # Find newly created command and add system as target
-#                 $Command = Get-JCCommand -name "RadiusCert-Install:$($user.userName):Windows"
-#                 $systemIds | ForEach-Object { Set-JcSdkCommandAssociation -CommandId:("$($Command._id)") -Op 'add' -Type:('system') -Id:("$($_.systemId)") | Out-Null }
-#             } catch {
-#                 throw $_
-#             }
-
-#             $CommandTable = [PSCustomObject]@{
-#                 commandId            = $command._id
-#                 commandName          = $command.name
-#                 commandPreviouslyRun = $false
-#                 commandQueued        = $false
-#                 systems              = $systemIds
-#             }
-
-#             $user.commandAssociations += $CommandTable
-#             Write-Host "[status] Successfully created $($Command.name): User - $($user.userName); OS - Windows"
-
-#         }
-#         $null {
-#             Write-Warning "$($user.username) is not associated with any systems, skipping command generation"
-
-
-#         }
-#     }
-
-#     # Invoke Commands
-#     #TODO:: skip if this is not per user basis
-#     $confirmation = Read-Host "Would you like to invoke commands? [y/n]"
-#     # TODO: replace this with set-JCUserTable earlier after we create a command(s) for the user
-#     $UserArray | ConvertTo-Json -Depth 6 | Out-File "$JCScriptRoot\users.json"
-
-#     while ($confirmation -ne 'y') {
-#         if ($confirmation -eq 'n') {
-#             Write-Host "[status] To invoke the commands at a later time, select option '4' to monitor your User Certification Distribution"
-#             Write-Host "[status] Returning to main menu"
-#             exit
-#         }
-#         $confirmation = Read-Host "Would you like to invoke commands? [y/n]"
-#     }
-
-#     # TODO: for individual users, invoke command retry by username
-#     # else invoke for all?
-#     $invokeCommands = invoke-commandByUsername -userID $user.userid
-#     # $invokeCommands = Invoke-CommandsRetry -jsonFile "$JCScriptRoot\users.json"
-#     Write-Host "[status] Commands Invoked"
-
-#     # TODO: Set-JCUserTable -Commands to update the user array.
-#     # Set commandPreviouslyRun property to true
-#     $user.commandAssociations | ForEach-Object { $_.commandPreviouslyRun = $true }
-
-#     $UserArray | ConvertTo-Json -Depth 6 | Out-File "$JCScriptRoot\users.json"
-
-# }
 Write-Host "[status] Select option '4' to monitor your User Certification Distribution"
 Write-Host "[status] Returning to main menu"
diff --git a/scripts/automation/Radius/Functions/Public/Generate-UserCerts.ps1 b/scripts/automation/Radius/Functions/Public/Generate-UserCerts.ps1
index 59367737f..9981471fe 100644
--- a/scripts/automation/Radius/Functions/Public/Generate-UserCerts.ps1
+++ b/scripts/automation/Radius/Functions/Public/Generate-UserCerts.ps1
@@ -1,8 +1,8 @@
 # TODO: param for testing
 
 # Import Global Config:
-. "$JCScriptRoot/config.ps1"
-Connect-JCOnline $JCAPIKEY -force
+# . "$JCScriptRoot/config.ps1"
+# Connect-JCOnline $JCAPIKEY -force
 
 ################################################################################
 # Do not modify below
@@ -52,28 +52,6 @@ if (Test-Path "$JCScriptRoot/UserCerts") {
     New-Item -ItemType Directory -Path "$JCScriptRoot/UserCerts"
 }
 
-function Show-GenerationMenu {
-    $title = ' JumpCloud Radius Cert Deployment '
-    Clear-Host
-    Write-Host $(PadCenter -string $Title -char '=')
-    Write-Host $(PadCenter -string "Select an option below to generate/regenerate user certificates`n" -char ' ') -ForegroundColor Yellow
-    # ==== instructions ====
-    # TODO: move notes from below into a more legible location
-    # Write-Host $(PadCenter -string ' User Certificate Options ' -char '-')
-    # Write-Host $(PadCenter -string "$([char]0x1b)[96m[]: This will only generate certificates for users who do not have a certificate file yet.`n" -char ' ')
-
-    if ($Global:expiringCerts) {
-        Write-Host $(PadCenter -string ' Certs Expiring Soon ' -char '-')
-        $Global:expiringCerts | Format-Table -Property username, @{name = 'Remaining Days'; expression = { (New-TimeSpan -Start (Get-Date) -End ("$($_.notAfter)")).Days } }, @{name = "Expires On"; expression = { $_.notAfter } }
-    }
-
-    Write-Host $(PadCenter -string "-" -char '-')
-    Write-Host "1: Press '1' to generate new certificates for NEW RADIUS users. `n`t$([char]0x1b)[96mNOTE: This will only generate certificates for users who do not have a certificate file yet."
-    Write-Host "2: Press '2' to generate new certificates for ONE RADIUS user. `n`t$([char]0x1b)[96mNOTE: you will be prompted to overwrite any previously generated certificates"
-    Write-Host "3: Press '3' to re-generate new certificates for ALL users. `n`t$([char]0x1b)[96mNOTE: This will overwrite any local generated certificates"
-    Write-Host "4: Press '4' to re-generate new certificates for users who's cert is set to expire shortly. `n`t$([char]0x1b)[96mNOTE: This will overwrite any local generated certificates"
-    Write-Host "E: Press 'E' to exit."
-}
 Do {
     Show-GenerationMenu
     $confirmation = Read-Host "Please make a selection"
@@ -106,6 +84,9 @@ Do {
                         # update the new certificate info & set commandAssociation to $null
                         # TODO: commandAssociation not being set to null
                         $certInfo = Get-CertInfo -UserCerts -username $MatchedUser.username
+                        # Add the cert info tracking to the object
+                        $certInfo | Add-Member -Name 'deployed' -Type NoteProperty -Value $false
+                        $certInfo | Add-Member -Name 'deploymentDate' -Type NoteProperty -Value $null
                         Set-UserTable -index $userIndex -certInfoObject $certInfo -commandAssociationsObject $null
                     } else {
                         # Create a new table entry
@@ -149,6 +130,9 @@ Do {
                 # update the new certificate info & set commandAssociation to $null
                 # TODO: commandAssociation not being set to null
                 $certInfo = Get-CertInfo -UserCerts -username $confirmUser.username
+                # Add the cert info tracking to the object
+                $certInfo | Add-Member -Name 'deployed' -Type NoteProperty -Value $false
+                $certInfo | Add-Member -Name 'deploymentDate' -Type NoteProperty -Value $null
                 Set-UserTable -index $userIndex -certInfoObject $certInfo -commandAssociationsObject $null
             } else {
                 Write-Warning "setting new table for user $($confirmUser.username)"
@@ -173,6 +157,8 @@ Do {
                     # update the new certificate info & set commandAssociation to $null
                     # TODO: commandAssociation not being set to null
                     $certInfo = Get-CertInfo -UserCerts -username $MatchedUser.username
+                    $certInfo | Add-Member -Name 'deployed' -Type NoteProperty -Value $false
+                    $certInfo | Add-Member -Name 'deploymentDate' -Type NoteProperty -Value $null
                     Set-UserTable -index $userIndex -certInfoObject $certInfo -commandAssociationsObject $null
                 } else {
                     # Create a new table entry
@@ -199,6 +185,8 @@ Do {
                                 # update the new certificate info & set commandAssociation to $null
                                 # TODO: commandAssociation not being set to null
                                 $certInfo = Get-CertInfo -UserCerts -username $MatchedUser.username
+                                $certInfo | Add-Member -Name 'deployed' -Type NoteProperty -Value $false
+                                $certInfo | Add-Member -Name 'deploymentDate' -Type NoteProperty -Value $null
                                 Set-UserTable -index $userIndex -certInfoObject $certInfo -commandAssociationsObject $null
                             } else {
                                 # Create a new table entry
diff --git a/scripts/automation/Radius/Start-RadiusDeployment.ps1 b/scripts/automation/Radius/Start-RadiusDeployment.ps1
index 5d3425b7e..9c1883dd4 100644
--- a/scripts/automation/Radius/Start-RadiusDeployment.ps1
+++ b/scripts/automation/Radius/Start-RadiusDeployment.ps1
@@ -9,6 +9,7 @@ if ($JCAPIKEY.length -ne 40) {
 # Do not modify below
 ################################################################################
 # set script root
+#TODO: move to global functions
 $global:JCScriptRoot = $PSScriptRoot
 
 # Import the functions

From b97ceb2c6d22d662e09b0a8b763920ea642384d1 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 3 Jan 2024 15:50:47 -0700
Subject: [PATCH 011/346] show progress of user cert distribution

---
 .../Private/Deploy-UserCertificate.ps1        | 116 ++++++++-------
 .../Private/menus/Show-DistributionMenu.ps1   |  11 +-
 .../Private/menus/Show-GenerationMenu.ps1     |   2 +-
 .../Private/menus/Show-ProgressBarText.ps1    |  13 --
 .../Private/menus/Show-RadiusProgress.ps1     |  30 ++++
 .../Private/menus/Show-StatusMessage.ps1      |   2 +-
 .../Private/settings/Update-JCRUsersJson.ps1  |   8 -
 .../Functions/Public/Distribute-UserCerts.ps1 | 140 +++++++++++-------
 .../Functions/Public/Generate-UserCerts.ps1   |  18 ++-
 9 files changed, 204 insertions(+), 136 deletions(-)
 delete mode 100644 scripts/automation/Radius/Functions/Private/menus/Show-ProgressBarText.ps1
 create mode 100644 scripts/automation/Radius/Functions/Private/menus/Show-RadiusProgress.ps1

diff --git a/scripts/automation/Radius/Functions/Private/Deploy-UserCertificate.ps1 b/scripts/automation/Radius/Functions/Private/Deploy-UserCertificate.ps1
index 596b2ce15..12eba5c3c 100644
--- a/scripts/automation/Radius/Functions/Private/Deploy-UserCertificate.ps1
+++ b/scripts/automation/Radius/Functions/Private/Deploy-UserCertificate.ps1
@@ -7,15 +7,13 @@ function Deploy-UserCertificate {
         $userObject,
         # Parameter help description
         [Parameter()]
-        [switch]
-        $force
+        [bool]
+        $invokeCommands
     )
 
     begin {
         # $userArray = Get-Content -Raw -Path "$JCScriptRoot/users.json" | ConvertFrom-Json -Depth 10
-
-        # take stock of the user object
-
+        #TODO: validate user object, if missing commandAssociations, or certInfo, return false
     }
 
     process {
@@ -83,6 +81,7 @@ function Deploy-UserCertificate {
 
                     if ($Command.Count -ge 1) {
                         # $confirmation = Write-Host "[status] RadiusCert-Install:$($user.userName):MacOSX command already exists, skipping..."
+                        $status_commandGenerated = $false
                         continue
                     }
 
@@ -246,6 +245,7 @@ fi
                     $user.commandAssociations += $CommandTable
 
                     # Write-Host "[status] Successfully created $($Command.name): User - $($user.userName); OS - Mac OS X"
+                    $status_commandGenerated = $true
 
                 }
                 'Windows' {
@@ -257,6 +257,7 @@ fi
 
                     if ($Command.Count -ge 1) {
                         # $confirmation = Write-Host "[status] RadiusCert-Install:$($user.userName):Windows command already exists, skipping..."
+                        $status_commandGenerated = $false
                         continue
                     }
 
@@ -388,12 +389,13 @@ if (`$CurrentUser -eq "$($user.localUsername)") {
 
                     $user.commandAssociations += $CommandTable
                     # Write-Host "[status] Successfully created $($Command.name): User - $($user.userName); OS - Windows"
+                    $status_commandGenerated = $true
 
                 }
                 $null {
                     # Write-host "$($user.username) is not associated with any systems, skipping command generation"
-
-
+                    $status_commandGenerated = $false
+                    $result_deployed = $false
                 }
             }
             # Update the user table with the information from the generated commands:
@@ -402,61 +404,73 @@ if (`$CurrentUser -eq "$($user.localUsername)") {
             Set-UserTable -index $userIndex -commandAssociationsObject $user.commandAssociations
             # Invoke Commands
             #TODO:: skip if this is not per user basis
-            switch ($force) {
+            # switch ($force) {
+            #     $true {
+            #         # nothing do to
+            #         $action_invoke = $true
+            #     }
+            #     $false {
+            #         $confirmation = Read-Host "Would you like to invoke commands? [y/n]"
+            #         # $UserArray | ConvertTo-Json -Depth 6 | Out-File "$JCScriptRoot\users.json"
+
+            #         while ($confirmation -ne 'y') {
+            #             if ($confirmation -eq 'n') {
+            #                 $action_invoke = $false
+            #                 break
+            #             }
+            #             $confirmation = Read-Host "Would you like to invoke commands? [y/n]"
+            #         }
+            #     }
+            # }
+            switch ($invokeCommands) {
                 $true {
-                    # nothing do to
-                }
-                $false {
-                    $confirmation = Read-Host "Would you like to invoke commands? [y/n]"
-                    # $UserArray | ConvertTo-Json -Depth 6 | Out-File "$JCScriptRoot\users.json"
-
-                    while ($confirmation -ne 'y') {
-                        if ($confirmation -eq 'n') {
-                            Write-Host "[status] To invoke the commands at a later time, select option '4' to monitor your User Certification Distribution"
-                            Write-Host "[status] Returning to main menu"
-                            exit
+                    # finally update the user table to note that the command has been run, the cert has been deployed
+                    # get the object once more:
+                    $userObjectFromTable, $userIndex = Get-UserFromTable -jsonFilePath "$JCScriptRoot\users.json" -userid $user.userid
+                    # Set commandPreviouslyRun property to true if there are command associations to set
+                    if ($userObjectFromTable.commandAssociations) {
+                        $userObjectFromTable.commandAssociations | ForEach-Object { $_.commandPreviouslyRun = $true }
+                        # set the deployed status to true, set the date
+                        if (Get-Member -inputObject $userObjectFromTable.certInfo -name "deployed" -MemberType Properties) {
+                            # if ($userObjectFromTable.certInfo.deployed) {
+                            $userObjectFromTable.certInfo.deployed = $true
+                        } else {
+                            $userObjectFromTable.certInfo | Add-Member -Name 'deployed' -Type NoteProperty -Value $false
+
                         }
-                        $confirmation = Read-Host "Would you like to invoke commands? [y/n]"
-                    }
-                }
-            }
+                        if (Get-Member -inputObject $userObjectFromTable.certInfo -name "deploymentDate" -MemberType Properties) {
+                            # if ($userObjectFromTable.certInfo.deploymentDate) {
+                            $userObjectFromTable.certInfo.deploymentDate = (Get-Date)
 
-            # TODO: for individual users, invoke command retry by username
-            # else invoke for all?
-            # finally update the user table to note that the command has been run, the cert has been deployed
-            # get the object once more:
-            $userObjectFromTable, $userIndex = Get-UserFromTable -jsonFilePath "$JCScriptRoot\users.json" -userid $user.userid
-            # Set commandPreviouslyRun property to true if there are command associations to set
-            if ($userObjectFromTable.commandAssociations) {
-                $userObjectFromTable.commandAssociations | ForEach-Object { $_.commandPreviouslyRun = $true }
-                # set the deployed status to true, set the date
-                if (Get-Member -inputObject $userObjectFromTable.certInfo -name "deployed" -MemberType Properties) {
-                    # if ($userObjectFromTable.certInfo.deployed) {
-                    $userObjectFromTable.certInfo.deployed = $true
-                } else {
-                    $userObjectFromTable.certInfo | Add-Member -Name 'deployed' -Type NoteProperty -Value $false
+                        } else {
 
+                            $userObjectFromTable.certInfo | Add-Member -Name 'deploymentDate' -Type NoteProperty -Value (Get-Date)
+                        }
+                        Set-UserTable -index $userIndex -commandAssociationsObject $userObjectFromTable.commandAssociations -certInfoObject $userObjectFromTable.certInfo
+                        $invokeCommands = invoke-commandByUserId -userID $user.userid
+                        $result_deployed = $true
+                    }
                 }
-                if (Get-Member -inputObject $userObjectFromTable.certInfo -name "deploymentDate" -MemberType Properties) {
-                    # if ($userObjectFromTable.certInfo.deploymentDate) {
-                    $userObjectFromTable.certInfo.deploymentDate = (Get-Date)
-
-                } else {
-
-                    $userObjectFromTable.certInfo | Add-Member -Name 'deploymentDate' -Type NoteProperty -Value (Get-Date)
+                $false {
+                    $result_deployed = $false
+                }
+                Default {
                 }
-                Set-UserTable -index $userIndex -commandAssociationsObject $userObjectFromTable.commandAssociations -certInfoObject $userObjectFromTable.certInfo
-                $invokeCommands = invoke-commandByUserId -userID $user.userid
-                # Write-Host "[status] Commands Invoked"
             }
-            # if ($userObjectFromTable.certInfo.deployed)
-            # $userObjectFromTable.certInfo.deployed = $true
-            # $userObjectFromTable.certInfo.deploymentDate = (Get-Date)
-            # invoke the command
+
+
         }
     }
 
+
     end {
+        #TODO: eventually add message if we fail to generate a command
+        $resultTable = [ordered]@{
+            'Username'          = $user.username;
+            'Command Generated' = $status_commandGenerated;
+            'Command Deployed'  = $result_deployed
+        }
 
+        return $resultTable
     }
 }
\ No newline at end of file
diff --git a/scripts/automation/Radius/Functions/Private/menus/Show-DistributionMenu.ps1 b/scripts/automation/Radius/Functions/Private/menus/Show-DistributionMenu.ps1
index 00d94352b..75463005e 100644
--- a/scripts/automation/Radius/Functions/Private/menus/Show-DistributionMenu.ps1
+++ b/scripts/automation/Radius/Functions/Private/menus/Show-DistributionMenu.ps1
@@ -16,22 +16,21 @@ function Show-DistributionMenu {
         Write-Host $(PadCenter -string $Title -char '=')
         Write-Host $(PadCenter -string "Select an option below to deploy user certificates to systems`n" -char ' ') -ForegroundColor Yellow
         # deployment progress of newly generated certs
-        if ($userCertInfo) {
+        if ($certObjectArray) {
 
             Write-Host $(PadCenter -string ' Certificate Information ' -char '-')
-            Write-Host "Total # of local user certificates:" $userCertInfo.count
-            Write-Host "Total # of already distributed certificates:" ($userCertInfo | Where-Object { $_.deployed -eq $true }).count
-            Write-Host "Total # of un-deployed certificates:" ($userCertInfo | Where-Object { ( $_.deployed -eq $false) -or (-not $_.deployed) }).count
+            Write-Host "Total # of local user certificates:" $certObjectArray.count
+            Write-Host "Total # of already distributed certificates:" ($certObjectArray | Where-Object { $_.deployed -eq $true }).count
+            Write-Host "Total # of un-deployed certificates:" ($certObjectArray | Where-Object { ( $_.deployed -eq $false) -or (-not $_.deployed) }).count
 
         }
         # ==== instructions ====
-        # TODO: move notes from below into a more legible location
         Write-Host $(PadCenter -string ' User Certificate Deployment Options ' -char '-')
         # List options:
         Write-Host "1: Press '1' to generate new commands for ALL users. `n`t$([char]0x1b)[96mNOTE: This will remove any previously generated Radius User Certificate Commands titled 'RadiusCert-Install:*'`n`tand re-deploy their certificate file"
         Write-Host "2: Press '2' to generate new commands for NEW RADIUS users. `n`t$([char]0x1b)[96mNOTE: This will only generate commands for users whos certificate has not been deployed."
         Write-Host "3: Press '3' to generate new commands for ONE Specific RADIUS user."
-        Write-Host "E: Press 'E' to exit."
+        Write-Host "E: Press 'E' to return to main menu."
 
         Write-Host $(PadCenter -string "-" -char '-')
     }
diff --git a/scripts/automation/Radius/Functions/Private/menus/Show-GenerationMenu.ps1 b/scripts/automation/Radius/Functions/Private/menus/Show-GenerationMenu.ps1
index 7df846486..817d6bd27 100644
--- a/scripts/automation/Radius/Functions/Private/menus/Show-GenerationMenu.ps1
+++ b/scripts/automation/Radius/Functions/Private/menus/Show-GenerationMenu.ps1
@@ -18,7 +18,7 @@ function Show-GenerationMenu {
     Write-Host "2: Press '2' to generate new certificates for ONE RADIUS user. `n`t$([char]0x1b)[96mNOTE: you will be prompted to overwrite any previously generated certificates"
     Write-Host "3: Press '3' to re-generate new certificates for ALL users. `n`t$([char]0x1b)[96mNOTE: This will overwrite any local generated certificates"
     Write-Host "4: Press '4' to re-generate new certificates for users who's cert is set to expire shortly. `n`t$([char]0x1b)[96mNOTE: This will overwrite any local generated certificates"
-    Write-Host "E: Press 'E' to exit."
+    Write-Host "E: Press 'E' to return to main menu."
 
     Write-Host $(PadCenter -string "-" -char '-')
 }
\ No newline at end of file
diff --git a/scripts/automation/Radius/Functions/Private/menus/Show-ProgressBarText.ps1 b/scripts/automation/Radius/Functions/Private/menus/Show-ProgressBarText.ps1
deleted file mode 100644
index fe4708e4b..000000000
--- a/scripts/automation/Radius/Functions/Private/menus/Show-ProgressBarText.ps1
+++ /dev/null
@@ -1,13 +0,0 @@
-Function Show-ProgressBarText {
-    param(
-        [int]$completedItems,
-        [int]$totalItems,
-        [string]$actionText
-    )
-    $pComplete = ($completedItems / $totalItems) * 100
-    $barLength = [math]::Ceiling((($pComplete / 100)) * 30)
-
-    $pbar = "[" + ('▯' * $barLength) + (' ' * (30 - $barLength)) + "]"
-    $pmessage = "${actionText}: $completedItems out of $TotalItems ($pComplete%) $pbar"
-    Write-Host $pmessage -NoNewline
-}
\ No newline at end of file
diff --git a/scripts/automation/Radius/Functions/Private/menus/Show-RadiusProgress.ps1 b/scripts/automation/Radius/Functions/Private/menus/Show-RadiusProgress.ps1
new file mode 100644
index 000000000..a9de709d6
--- /dev/null
+++ b/scripts/automation/Radius/Functions/Private/menus/Show-RadiusProgress.ps1
@@ -0,0 +1,30 @@
+Function Show-RadiusProgress {
+    param(
+        [int]$completedItems,
+        [int]$totalItems,
+        [string]$actionText,
+        [System.Object]$previousOperationResult
+    )
+
+    $propertyNames = @($previousOperationResult.keys)
+    $propertyNames += "Items Processed"
+    $headerString = "{0,-$($($propertyNames[0]).length)}"
+
+    for ($i = 1; $i -lt $propertyNames.Count; $i++) {
+        <# Action that will repeat until the condition is met #>
+        $headerString += " | {$i,-$($($propertyNames[$i]).length)}"
+    }
+    if ($completedItems -eq 1) {
+        write-host ($headerString -f $propertyNames)
+        $propertyvalues = @($previousOperationResult.Values)
+        $propertyvalues += "$($completedItems) / $($TotalItems)"
+
+    } else {
+        $propertyvalues = @($previousOperationResult.Values)
+        $propertyvalues += "$($completedItems) / $($TotalItems)"
+
+    }
+
+    write-host ($headerString -f $propertyValues)
+
+}
diff --git a/scripts/automation/Radius/Functions/Private/menus/Show-StatusMessage.ps1 b/scripts/automation/Radius/Functions/Private/menus/Show-StatusMessage.ps1
index 797d7b7cc..25f008834 100644
--- a/scripts/automation/Radius/Functions/Private/menus/Show-StatusMessage.ps1
+++ b/scripts/automation/Radius/Functions/Private/menus/Show-StatusMessage.ps1
@@ -8,5 +8,5 @@ function Show-StatusMessage {
     )
     Write-Host "`r"
     write-host "[status] - $message"
-    start-sleep 1
+    start-sleep 3
 }
\ No newline at end of file
diff --git a/scripts/automation/Radius/Functions/Private/settings/Update-JCRUsersJson.ps1 b/scripts/automation/Radius/Functions/Private/settings/Update-JCRUsersJson.ps1
index c81477311..e49ca46c7 100644
--- a/scripts/automation/Radius/Functions/Private/settings/Update-JCRUsersJson.ps1
+++ b/scripts/automation/Radius/Functions/Private/settings/Update-JCRUsersJson.ps1
@@ -14,7 +14,6 @@ function Update-JCRUsersJson {
         foreach ($userid in $Global:JCRRadiusMembers.keys) {
 
             $MatchedUser = $GLOBAL:JCRUsers[$userid]
-            Show-ProgressBarText -completedItems $Global:JCRRadiusMembers.keys.IndexOf($userid) -totalItems ($Global:JCRRadiusMembers.keys).count -ActionText "Updating latest Radius group membership"
             $userArrayObject, $userIndex = Get-UserFromTable -userID $userid -jsonFilePath "$JCScriptRoot/users.json"
 
             if ($userIndex -ge 0) {
@@ -32,12 +31,6 @@ function Update-JCRUsersJson {
                     <#Do this if a terminating exception happens#>
                     $difference = $null
                 }
-                # if ($difference) {
-                #     # if there's a difference in systemIDS, update table with the incomingSystemObject
-                #     # $userTable = New-UserTable -id $userid -username $MatchedUser.username -localUsername $matchedUser.systemUsername
-                #     # Update-JsonData -jsonFilePath "$JCScriptRoot/users.json" -userID $userID -updatedUserTable $userTable
-                # }
-                Write-Host "`r" -NoNewline
 
             } else {
                 # case for new user
@@ -57,7 +50,6 @@ function Update-JCRUsersJson {
             }
             # Remove the User From Table
         }
-        Show-StatusMessage -message "Finished pulling radius group membership updates"
     }
     end {
         $userArray | ConvertTo-Json -Depth 6 | Set-Content -Path "$JCScriptRoot/users.json"
diff --git a/scripts/automation/Radius/Functions/Public/Distribute-UserCerts.ps1 b/scripts/automation/Radius/Functions/Public/Distribute-UserCerts.ps1
index 58c02817d..9adb74732 100644
--- a/scripts/automation/Radius/Functions/Public/Distribute-UserCerts.ps1
+++ b/scripts/automation/Radius/Functions/Public/Distribute-UserCerts.ps1
@@ -1,84 +1,118 @@
 # Import Global Config:
 # . "$JCScriptRoot/config.ps1"
 # Connect-JCOnline $JCAPIKEY -force
+[CmdletBinding(DefaultParameterSetName = 'gui')]
+param (
+    [Parameter(ParameterSetName = 'cli')]
+    [ValidateSet("All", "New", "ByUsername")]
+    [system.String]
+    $generateType,
+    # Parameter help description
+    [Parameter(ParameterSetName = 'cli')]
+    [System.String]
+    $username
+)
 
 ################################################################################
 # Do not modify below
 ################################################################################
+# TODO: move into function file & rename
+function pfi {
+    $promptForInvokeInput = $true
+    while ($promptForInvokeInput) {
+        $invokeCommands = Read-Host "Would you like to invoke commands after generating them y/n? (or 'E' to return to menu)"
+        switch ($invokeCommands) {
+            'e' {
+                $promptForInvokeInput = $false
+                break
+            }
+            'n' {
+                return $false
+            }
+            'y' {
+                return $true
+            }
+            default {
+                write-host "invalid input please type 'y' or 'n' (or 'E' to return to menu)"
+            }
+        }
+    }
+}
 
 # Import the users.json file and convert to PSObject
 $userArray = Get-Content -Raw -Path "$JCScriptRoot/users.json" | ConvertFrom-Json -Depth 10
 
-# TODO: surface this information
-# Check to see if previous commands exist
-# $SearchFilter = @{
-#     searchTerm = "RadiusCert-Install:"
-#     fields     = @('name')
-# }
-# $RadiusCertCommands = Search-JcSdkCommand -SearchFilter $SearchFilter -Fields name
-
-# $RadiusCertCommandList = New-Object System.Collections.ArrayList
-# foreach ($command in $RadiusCertCommands) {
-#     $commandSplit = $command.name.split(':')
-#     $RadiusCertCommandList.Add([PSCustomObject]@{
-#             CommandName = $command.name
-#             Username    = $commandSplit[1]
-#             CommandID   = $command._id
-#         }) | Out-Null
-# }
-# $existingCommandUsers = $RadiusCertCommandList.Username | Get-Unique
-# $newRadiusUsers = (Compare-Object $userarray.username $existingCommandUsers).InputObject
-
-# TODO: revamp with menu screen
-# TODO: generate new commands for a single user
-# TODO: why this if statement here:
 do {
-    Show-DistributionMenu -CertObjectArray $userArray.certInfo
-    $confirmation = Read-Host "Please make a selection"
+    switch ($PSCmdlet.ParameterSetName) {
+        'gui' {
+            Show-DistributionMenu -CertObjectArray $userArray.certInfo
+            $confirmation = Read-Host "Please make a selection"
+            $invokeCommands = pfi
+        }
+        'cli' {
+            $confirmationMap = @{
+                'All'        = '1';
+                'New'        = '2';
+                "ByUsername" = '3';
+            }
+            $confirmation = $confirmationMap[$generateType]
+        }
+    }
 
     switch ($confirmation) {
         '1' {
             for ($i = 0; $i -lt $userArray.Count; $i++) {
-                <# Action that will repeat until the condition is met #>
-                Show-ProgressBarText -completedItems $i -totalItems $userArray.Count -ActionText "Distributing Radius Certificates"
-                $var = Deploy-UserCertificate -userObject $userArray[$i] -force | Out-Null
-                Write-Host "`r" -NoNewline
+                $result = Deploy-UserCertificate -userObject $userArray[$i] -invokeCommands $invokeCommands
+                Show-RadiusProgress -completedItems ($i + 1) -totalItems $userArray.Count -ActionText "Distributing Radius Certificates" -previousOperationResult $result
+                # Write-Host "`r" -NoNewline
             }
             Show-StatusMessage -Message "Finished Distributing Certificates"
         }
         '2' {
-            $usersWithoutLatestCert = $userArray | Where-Object { ( $_.deployed -eq $false) -or (-not $_.deployed) }
-
+            # TODO: prompt to invoke after creating commands
+            $usersWithoutLatestCert = $userArray | Where-Object { ( $_.certinfo.deployed -eq $false) -or (-not $_.certinfo.deployed) }
             for ($i = 0; $i -lt $usersWithoutLatestCert.Count; $i++) {
-                <# Action that will repeat until the condition is met #>
-                Show-ProgressBarText -completedItems $i -totalItems $usersWithoutLatestCert.Count -ActionText "Distributing Radius Certificates"
-                $var = Deploy-UserCertificate -userObject $usersWithoutLatestCert[$i] -force | Out-Null
-                Write-Host "`r" -NoNewline
+                $result = Deploy-UserCertificate -userObject $usersWithoutLatestCert[$i] -invokeCommands $invokeCommands
+                Show-RadiusProgress -completedItems ($i + 1) -totalItems $usersWithoutLatestCert.Count -ActionText "Distributing Radius Certificates" -previousOperationResult $result
+                # Write-Host "`r" -NoNewline
             }
             Show-StatusMessage -Message "Finished Distributing Certificates"
 
         }
         '3' {
-            try {
-                Clear-Variable -Name "ConfirmUser" -ErrorAction Ignore
-            } catch {
-                New-Variable -Name "ConfirmUser" -Value $null
+            switch ($PSCmdlet.ParameterSetName) {
+                'gui' {
+                    try {
+                        Clear-Variable -Name "ConfirmUser" -ErrorAction Ignore
+                    } catch {
+                        New-Variable -Name "ConfirmUser" -Value $null
+                    }
+                    while (-not $confirmUser) {
+                        $confirmationUser = Read-Host "Enter the Username of the user (or '@exit' to return to menu)"
+                        if ($confirmationUser -eq '@exit') {
+                            break
+                        }
+                        try {
+                            $confirmUser = Test-UserFromHash -username $confirmationUser -debug
+                        } catch {
+                            Write-Warning "User specified $confirmationUser was not found within the Radius Server Membership Lists"
+                        }
+                    }
+                }
+                'cli' {
+                    $confirmUser = Test-UserFromHash -username $username -debug
+                }
             }
-            while (-not $confirmUser) {
-                # TODO: Offer option to go back a step and exit the while loop
-                $confirmationUser = Read-Host "Enter the Username or UserID of the user"
-                $confirmUser = Test-UserFromHash -username $confirmationUser -debug
+            if ($confirmUser) {
+                # Get the userobject + index from users.json
+                $userObject, $userIndex = Get-UserFromTable -jsonFilePath "$JCScriptRoot/users.json" -userID $confirmUser.id
+                # Add user to a list for processing
+                $UserSelectionArray = $userArray[$userIndex]
+                # Process existing commands/ Generate new commands/ Deploy new Certificate
+                $result = Deploy-UserCertificate -userObject $UserSelectionArray -invokeCommands $invokeCommands
+                Show-RadiusProgress -completedItems $UserSelectionArray.count -totalItems $UserSelectionArray.Count -ActionText "Distributing Radius Certificates" -previousOperationResult $result
+                Show-StatusMessage -Message "Finished Distributing Certificates"
             }
-            # Get the userobject + index from users.json
-            $userObject, $userIndex = Get-UserFromTable -jsonFilePath "$JCScriptRoot/users.json" -userID $confirmUser.id
-            # Add user to a list for processing
-            $UserSelectionArray = $userArray[$userIndex]
-            # Process existing commands/ Generate new commands/ Deploy new Certificate
-            Deploy-UserCertificate -userObject $UserSelectionArray
         }
     }
 } while ($confirmation -ne 'E')
-
-
-Write-Host "[status] Select option '4' to monitor your User Certification Distribution"
-Write-Host "[status] Returning to main menu"
diff --git a/scripts/automation/Radius/Functions/Public/Generate-UserCerts.ps1 b/scripts/automation/Radius/Functions/Public/Generate-UserCerts.ps1
index 9981471fe..517fc3b91 100644
--- a/scripts/automation/Radius/Functions/Public/Generate-UserCerts.ps1
+++ b/scripts/automation/Radius/Functions/Public/Generate-UserCerts.ps1
@@ -97,9 +97,21 @@ Do {
             Break
         }
         '2' {
-            while (-not $confirmUser.id) {
-                $confirmationUser = Read-Host "Enter the Username or UserID of the user"
-                $confirmUser = Test-UserFromHash -username $confirmationUser -debug
+            try {
+                Clear-Variable -Name "ConfirmUser" -ErrorAction Ignore
+            } catch {
+                New-Variable -Name "ConfirmUser" -Value $null
+            }
+            while (-not $confirmUser) {
+                $confirmationUser = Read-Host "Enter the Username of the user (or '@exit' to return to menu)"
+                if ($confirmationUser -eq '@exit') {
+                    break
+                }
+                try {
+                    $confirmUser = Test-UserFromHash -username $confirmationUser -debug
+                } catch {
+                    Write-Warning "User specified $confirmationUser was not found within the Radius Server Membership Lists"
+                }
             }
             # Generate a new cert for this user:
             if (Test-Path -Path "$JCScriptRoot/UserCerts/$($confirmUser.username)-client-signed.pfx") {

From 28ce92c0283bf4e2cd63a1e08d36654ef31bb511 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Fri, 5 Jan 2024 11:59:12 -0700
Subject: [PATCH 012/346] every file as functions, cleanup

---
 .../Functions/JCRadiusCertDeployment.psm1     |  22 +-
 .../Private/Deploy-UserCertificate.ps1        |  35 +-
 .../Functions/Private/Get-CertKeyPass.ps1     |   1 -
 .../Private/Get-CommandObjectTable.ps1        |   4 +-
 .../HashFunctions/Test-UserFromHash.ps1       |   4 +-
 .../Private/Invoke-CommandsRetry.ps1          |  48 ++-
 .../Private/Invoke-UserCertProcess.ps1        | 114 ++++++
 .../Private/Show-CertDeploymentMenu.ps1       |  12 -
 .../Private/SystemTable/New-SystemTable.ps1   |   4 +-
 .../Radius/Functions/Private/Test-User.ps1    |  41 --
 .../Private/UserJson/Get-UserJsonData.ps1     |  31 ++
 .../Private/UserJson/Set-UserJsonData.ps1     |  16 +
 .../Private/UserTable/Get-UserFromTable.ps1   |  19 +-
 .../Private/UserTable/New-UserTable.ps1       |  12 +-
 .../Private/UserTable/Set-UserTable.ps1       |   9 +-
 .../commands/get-queuedCommandByUser.ps1      |   1 -
 .../commands/invoke-commandByUserId.ps1       |   4 +-
 .../Private/menus/Get-ResponsePrompt.ps1      |  29 ++
 .../Private/menus/Show-CertDeploymentMenu.ps1 |  17 +
 .../{ => menus}/Show-RadiusMainMenu.ps1       |   4 +-
 .../Private/menus/Show-RadiusProgress.ps1     |   5 +-
 .../Private/settings/Get-JCRGlobalVars.ps1    |  11 +-
 .../Private/settings/Update-JCRUsersJson.ps1  |  17 +-
 .../Public/Cert-GenerateOrImport.ps1          |  12 -
 .../Functions/Public/Distribute-UserCerts.ps1 | 222 ++++++-----
 .../Functions/Public/Generate-RootCert.ps1    | 130 ++++---
 .../Functions/Public/Generate-UserCerts.ps1   | 363 ++++++++----------
 .../Public/Monitor-CertDeployment.ps1         |  59 ++-
 .../Radius/Start-RadiusDeployment.ps1         |  10 +-
 .../automation/Radius/Tests/Invoke-Pester.ps1 | 124 ++++++
 .../Public/Distribute-UserCerts.Tests.ps1     |   9 +
 scripts/automation/Radius/readme.md           |   4 +-
 32 files changed, 857 insertions(+), 536 deletions(-)
 create mode 100644 scripts/automation/Radius/Functions/Private/Invoke-UserCertProcess.ps1
 delete mode 100644 scripts/automation/Radius/Functions/Private/Show-CertDeploymentMenu.ps1
 delete mode 100644 scripts/automation/Radius/Functions/Private/Test-User.ps1
 create mode 100644 scripts/automation/Radius/Functions/Private/UserJson/Get-UserJsonData.ps1
 create mode 100644 scripts/automation/Radius/Functions/Private/UserJson/Set-UserJsonData.ps1
 create mode 100644 scripts/automation/Radius/Functions/Private/menus/Get-ResponsePrompt.ps1
 create mode 100644 scripts/automation/Radius/Functions/Private/menus/Show-CertDeploymentMenu.ps1
 rename scripts/automation/Radius/Functions/Private/{ => menus}/Show-RadiusMainMenu.ps1 (94%)
 delete mode 100644 scripts/automation/Radius/Functions/Public/Cert-GenerateOrImport.ps1
 create mode 100644 scripts/automation/Radius/Tests/Invoke-Pester.ps1
 create mode 100644 scripts/automation/Radius/Tests/Public/Distribute-UserCerts.Tests.ps1

diff --git a/scripts/automation/Radius/Functions/JCRadiusCertDeployment.psm1 b/scripts/automation/Radius/Functions/JCRadiusCertDeployment.psm1
index 33583af7c..8432ab694 100644
--- a/scripts/automation/Radius/Functions/JCRadiusCertDeployment.psm1
+++ b/scripts/automation/Radius/Functions/JCRadiusCertDeployment.psm1
@@ -1,6 +1,4 @@
-# Load all functions from public and private folders
-#TODO: why define both?
-$Private = @( Get-ChildItem -Path "$JCScriptRoot/Functions/Private/*.ps1" -Recurse)
+# Load all functions from private folders
 $Private = @( Get-ChildItem -Path "$PSScriptRoot/Private/*.ps1" -Recurse)
 Foreach ($Import in $Private) {
     Try {
@@ -10,6 +8,24 @@ Foreach ($Import in $Private) {
     }
 }
 
+# Load all public functions:
+$Private = @( Get-ChildItem -Path "$PSScriptRoot/Public/*.ps1" -Recurse)
+Foreach ($Import in $Private) {
+    Try {
+        . $Import.FullName
+    } Catch {
+        Write-Error -Message "Failed to import function $($Import.FullName): $_"
+    }
+}
+
+# setup:
+# build required users.json file:
+# set script root:
+$global:JCScriptRoot = "$PSScriptRoot/../"
+
+# import config:
+. "$JCScriptRoot/config.ps1"
+# try to get the settings file, create new one if it does not exist:
 $global:JCRConfig = Get-JCRSettingsFile
 
 # Get global variables or update if necessary
diff --git a/scripts/automation/Radius/Functions/Private/Deploy-UserCertificate.ps1 b/scripts/automation/Radius/Functions/Private/Deploy-UserCertificate.ps1
index 12eba5c3c..14ebb7924 100644
--- a/scripts/automation/Radius/Functions/Private/Deploy-UserCertificate.ps1
+++ b/scripts/automation/Radius/Functions/Private/Deploy-UserCertificate.ps1
@@ -8,12 +8,37 @@ function Deploy-UserCertificate {
         # Parameter help description
         [Parameter()]
         [bool]
-        $invokeCommands
+        $forceInvokeCommands,
+        # prompt replace existing certificate
+        [Parameter()]
+        [switch]
+        $prompt
     )
 
     begin {
-        # $userArray = Get-Content -Raw -Path "$JCScriptRoot/users.json" | ConvertFrom-Json -Depth 10
         #TODO: validate user object, if missing commandAssociations, or certInfo, return false
+
+        switch ($forceInvokeCommands) {
+            $true {
+                $invokeCommands = $true
+            }
+            $false {
+                $invokeCommands = $false
+            }
+        }
+        switch ($prompt) {
+            $true {
+                $invokeCommandsChoice = Get-ResponsePrompt -message "Would you like to invoke commands after they've been generated?"
+                switch ($invokeCommandsChoice) {
+                    $true {
+                        $invokeCommands = $true
+                    }
+                    $false {
+                        $invokeCommands = $false
+                    }
+                }
+            }
+        }
     }
 
     process {
@@ -71,7 +96,7 @@ function Deploy-UserCertificate {
             # Create the zip
             Compress-Archive -Path $userPfx -DestinationPath $userPfxZip -CompressionLevel NoCompression -Force
             # Find OS of System
-            switch ($user.systemAssociations.device_os) {
+            switch ($user.systemAssociations.osFamily) {
                 'macOS' {
                     # Get the macOS system ids
                     $systemIds = $user.systemAssociations | Where-Object { $_.osFamily -eq 'macOS' } | Select-Object systemId
@@ -388,12 +413,12 @@ if (`$CurrentUser -eq "$($user.localUsername)") {
                     }
 
                     $user.commandAssociations += $CommandTable
-                    # Write-Host "[status] Successfully created $($Command.name): User - $($user.userName); OS - Windows"
+                    Write-Host "[status] Successfully created $($Command.name): User - $($user.userName); OS - Windows"
                     $status_commandGenerated = $true
 
                 }
                 $null {
-                    # Write-host "$($user.username) is not associated with any systems, skipping command generation"
+                    Write-host "$($user.username) is not associated with any systems, skipping command generation"
                     $status_commandGenerated = $false
                     $result_deployed = $false
                 }
diff --git a/scripts/automation/Radius/Functions/Private/Get-CertKeyPass.ps1 b/scripts/automation/Radius/Functions/Private/Get-CertKeyPass.ps1
index e4f295c55..164584ffe 100644
--- a/scripts/automation/Radius/Functions/Private/Get-CertKeyPass.ps1
+++ b/scripts/automation/Radius/Functions/Private/Get-CertKeyPass.ps1
@@ -16,7 +16,6 @@ function Get-CertKeyPass {
                     $secureCertKeyPass = Read-Host -Prompt "Enter a password for the certificate key" -AsSecureString
                     $certKeyPass = ConvertFrom-SecureString $secureCertKeyPass -AsPlainText
                     $checkKey = openssl rsa -in $foundKeyPem -check -passin pass:$($certKeyPass) 2>&1
-                    $checkKey
                     if ($checkKey -match "RSA key ok") {
                         # Save password to ENV variable
                         Write-Host "Saving password as Environment Variable"
diff --git a/scripts/automation/Radius/Functions/Private/Get-CommandObjectTable.ps1 b/scripts/automation/Radius/Functions/Private/Get-CommandObjectTable.ps1
index 2ab94b4c7..28dff5b77 100644
--- a/scripts/automation/Radius/Functions/Private/Get-CommandObjectTable.ps1
+++ b/scripts/automation/Radius/Functions/Private/Get-CommandObjectTable.ps1
@@ -97,7 +97,7 @@ Function Get-CommandObjectTable {
                 # Iterate through all the associated commands
                 foreach ($command in $commandsObject.commandAssociations) {
                     # Check to see if the current command is pending/queued
-                    if ($command.commandId -in $QueuedCommands.command) {
+                    if (($command.commandId -in $QueuedCommands.command) -And ($command -ne $null)) {
                         # Get the queued command info for all workflows
                         $queuedCommandInfo = $QueuedCommands | Where-Object command -EQ $command.commandId
                         # Get the individual workflow information
@@ -137,7 +137,7 @@ Function Get-CommandObjectTable {
                         }
                     }
 
-                    if ($CommandObjectTable.commandName -notcontains $command.commandName) {
+                    if (($CommandObjectTable.commandName -notcontains $command.commandName) -And ($command -ne $null)) {
                         if (!(Get-JcSdkCommandAssociation -CommandId $command.commandId -Targets system)) {
                             $CommandTable = @{
                                 commandName       = $command.commandName
diff --git a/scripts/automation/Radius/Functions/Private/HashFunctions/Test-UserFromHash.ps1 b/scripts/automation/Radius/Functions/Private/HashFunctions/Test-UserFromHash.ps1
index 417183eef..17e56c615 100644
--- a/scripts/automation/Radius/Functions/Private/HashFunctions/Test-UserFromHash.ps1
+++ b/scripts/automation/Radius/Functions/Private/HashFunctions/Test-UserFromHash.ps1
@@ -20,7 +20,7 @@ function Test-UserFromHash {
         switch ($PSCmdlet.ParameterSetName) {
             'userid' {
                 # validate that the userID is in the radiusMembership hash:
-                if ($Global:JCRRadiusMembers[$userID]) {
+                if ($Global:JCRRadiusMembers.userID.IndexOf($userID)) {
                     # finally return the $matchedUser object
                     $matchedUser = $Global:JCRUsers[$userID]
                 } else {
@@ -34,7 +34,7 @@ function Test-UserFromHash {
                 # Get the UserID from the keys
                 $matchedUserID = $Global:JCRUsers.keys[$matchedIndex]
                 # validate that the userID is in the radiusMembership hash:
-                if ($Global:JCRRadiusMembers[$matchedUserID]) {
+                if ($Global:JCRRadiusMembers.username.IndexOf($username)) {
                     # finally return the $matchedUser object
                     $matchedUser = $Global:JCRUsers[$matchedUserID]
                 } else {
diff --git a/scripts/automation/Radius/Functions/Private/Invoke-CommandsRetry.ps1 b/scripts/automation/Radius/Functions/Private/Invoke-CommandsRetry.ps1
index c2a96a504..940f4ebfe 100644
--- a/scripts/automation/Radius/Functions/Private/Invoke-CommandsRetry.ps1
+++ b/scripts/automation/Radius/Functions/Private/Invoke-CommandsRetry.ps1
@@ -7,7 +7,8 @@ Function Invoke-CommandsRetry {
     )
     begin {
         $RetryCommands = @()
-        $commandsObject = Get-Content -Raw -Path $jsonFile | ConvertFrom-Json -Depth 6
+        $userArray = Get-UserJsonData
+        # $commandsObject = Get-Content -Raw -Path $jsonFile | ConvertFrom-Json -Depth 6
         $queuedCommands = Get-JCQueuedCommands
         $SearchFilter = @{
             searchTerm = 'RadiusCert-Install'
@@ -19,34 +20,41 @@ Function Invoke-CommandsRetry {
     }
     process {
         # Prompt to rerun commands that have failed or expired
-        Foreach ($command in $commandsObject.commandAssociations) {
+        Foreach ($user in ($userArray) | Where-Object { $_.commandAssociations -ne $null }) {
+            $userIndex = $userArray.userId.IndexOf($user.userID)
             $failedCommands = $mostRecentCommandResults | Where-Object DataExitCode -NE 0
-
-            if ($queuedCommands.command -contains $command.commandId) {
-                Write-Host "[status] $($command.commandName) is currently $([char]0x1b)[93mPENDING"
-                continue
-            } else {
-                if (($failedCommands.workflowId -contains $command.commandId) -or ($command.commandPreviouslyRun -eq $false) -or ($QueuedCommands.command -notcontains $command.commandId -and $finishedCommands.workflowId -notcontains $command.commandId)) {
-                    try {
-                        if (!(Get-JcSdkCommandAssociation -CommandId $command.commandId -Targets system)) {
-                            continue
-                        } else {
-                            Invoke-CommandRun -commandID $command.commandId
-                            Write-Host "[status] $([char]0x1b)[92mInvoking $($command.commandName)"
-                            # set command to queued
-                            $command.commandQueued = $true
+            $commands = $user.commandAssociations
+            # foreach command in the command object
+            foreach ($command in $commands) {
+                if ($queuedCommands.command -contains $command.commandId) {
+                    Write-Host "[status] $($command.commandName) is currently $([char]0x1b)[93mPENDING"
+                    continue
+                } else {
+                    if (($failedCommands.workflowId -contains $command.commandId) -or ($command.commandPreviouslyRun -eq $false) -or ($QueuedCommands.command -notcontains $command.commandId -and $finishedCommands.workflowId -notcontains $command.commandId)) {
+                        try {
+                            # invoke each user's command on their set systems:
+                            invoke-commandByUserid -userID $user.userId
+                            # update user table info per command
+                            (($user.commandAssociations) | Where-Object { $_.commandId -eq $command.commandId }).commandPreviouslyRun = $true
+                            (($user.commandAssociations) | Where-Object { $_.commandId -eq $command.commandId }).commandQueued = $true
+                            $user.certInfo.deployed = $true
+                            $user.certInfo.deploymentDate = (get-date)
+                            Set-UserTable -index $userIndex -certInfoObject $user.certInfo -commandAssociationsObject $user.commandAssociations
+                            # track retried commands
                             $RetryCommands += $command.commandId
+                        } catch {
+                            Write-Error "$($command.commandName) could not be invoked"
                         }
-                    } catch {
-                        Write-Error "$($command.commandId) could not be invoked"
                     }
                 }
             }
         }
     }
     end {
-        # write out/ update jsonFile
-        $commandsObject | ConvertTo-Json -Depth 6 | Out-File $jsonFile
+        # TODO: validate no need to write this out since it's done in Set-UserTable
+        # # write out/ update jsonFile
+        # Set-UserJsonData -userArray $userArray
+        # $commandsObject | ConvertTo-Json -Depth 6 | Out-File $jsonFile
         return $RetryCommands
     }
 }
\ No newline at end of file
diff --git a/scripts/automation/Radius/Functions/Private/Invoke-UserCertProcess.ps1 b/scripts/automation/Radius/Functions/Private/Invoke-UserCertProcess.ps1
new file mode 100644
index 000000000..f5c3c3a81
--- /dev/null
+++ b/scripts/automation/Radius/Functions/Private/Invoke-UserCertProcess.ps1
@@ -0,0 +1,114 @@
+Function Invoke-UserCertProcess {
+    [CmdletBinding()]
+    param (
+        [Parameter(ParameterSetName = 'radiusMember')]
+        [System.object]
+        $radiusMember,
+        [Parameter(ParameterSetName = 'selectedUserObject')]
+        [System.String]
+        $selectedUserObject,
+        [Parameter(Mandatory)]
+        [ValidateSet('EmailSAN', 'EmailDN', 'UsernameCN')]
+        [System.String]
+        $certType,
+        # force replace existing certificate
+        [Parameter()]
+        [switch]
+        $forceReplaceCert,
+        # prompt replace existing certificate
+        [Parameter()]
+        [switch]
+        $prompt
+    )
+    begin {
+
+        switch ($PSCmdlet.ParameterSetName) {
+            'radiusMember' {
+                try {
+
+                    $MatchedUser = $GLOBAL:JCRUsers[$radiusMember.userID]
+                } catch {
+                    exit
+                }
+            }
+            'userObject' {
+                $MatchedUser = $GLOBAL:JCRUsers[$selectedUserObject.userid]
+            }
+        }
+
+        # get the user from user.json
+        $userObject, $userIndex = Get-UserFromTable -jsonFilePath "$JCScriptRoot/users.json" -userID $MatchedUser.id
+        # Test if the file exists:
+        switch (Test-Path "$JCScriptRoot/UserCerts/$($matchedUser.username)-client-signed.pfx") {
+            $true {
+                switch ($forceReplaceCert) {
+                    $true {
+                        $writeCert = $true
+                        $cert_action = "Overwritten"
+                    }
+                    $false {
+                        $writeCert = $false
+                        $cert_action = "Skip Generation"
+
+                    }
+                }
+                if ($prompt) {
+
+                    $writeCert = Get-ResponsePrompt -message "A certifcate already exists for user: $($matchedUser.username) do you want to re-generate this certificate?"
+                    switch ($writeCert) {
+                        $true {
+                            $cert_action = "Overwritten"
+
+                        }
+                        $false {
+                            $cert_action = "Skip Generation"
+                        }
+                    }
+
+                }
+            }
+            $false {
+                $writeCert = $true
+                $cert_action = "New Cert Generated"
+            }
+            Default {
+                $writeCert = $false
+                $cert_action = "Unknown Action"
+            }
+        }
+
+    }
+    process {
+        # if writeCert, generate the cert
+        if ($writeCert) {
+            Generate-UserCert -CertType $CertType -user $MatchedUser -rootCAKey "$JCScriptRoot/Cert/radius_ca_key.pem" -rootCA "$JCScriptRoot/Cert/radius_ca_cert.pem" *> /dev/null
+            # validate that the cert was written correctly:
+            #TODO: validate and return as variable
+        }
+
+        # generate the cert depending if -force or if new
+        if ($userIndex -ge 0) {
+            # update the new certificate info & set commandAssociation to $null
+            # TODO: commandAssociation not being set to null
+            $certInfo = Get-CertInfo -UserCerts -username $MatchedUser.username
+            # Add the cert info tracking to the object
+            $certInfo | Add-Member -Name 'deployed' -Type NoteProperty -Value $false
+            $certInfo | Add-Member -Name 'deploymentDate' -Type NoteProperty -Value $null
+            Set-UserTable -index $userIndex -certInfoObject $certInfo -commandAssociationsObject $null
+        } else {
+            # Create a new table entry
+            New-UserTable -id $MatchedUser.id -username $MatchedUser.username -localUsername $MatchedUser.systemUsername
+        }
+
+    }
+    end {
+        #TODO: eventually add message if we fail to generate a command
+        $resultTable = [ordered]@{
+            'Username'       = $MatchedUser.username;
+            'Cert Action'    = $cert_action;
+            'Generated Date' = $certInfo.generated;
+        }
+
+        return $resultTable
+    }
+}
\ No newline at end of file
diff --git a/scripts/automation/Radius/Functions/Private/Show-CertDeploymentMenu.ps1 b/scripts/automation/Radius/Functions/Private/Show-CertDeploymentMenu.ps1
deleted file mode 100644
index ddde39384..000000000
--- a/scripts/automation/Radius/Functions/Private/Show-CertDeploymentMenu.ps1
+++ /dev/null
@@ -1,12 +0,0 @@
-function Show-CertDeploymentMenu {
-    param (
-        [string]$Title = 'Radius Cert Deployment Status'
-    )
-    Clear-Host
-    Write-Host "================ $Title ================"
-
-    Write-Host "1: Press '1' to view results."
-    Write-Host "2: Press '2' to view failed command runs"
-    Write-Host "3: Press '3' to invoke/retry commands"
-    Write-Host "E: Press 'E' to exit."
-}
\ No newline at end of file
diff --git a/scripts/automation/Radius/Functions/Private/SystemTable/New-SystemTable.ps1 b/scripts/automation/Radius/Functions/Private/SystemTable/New-SystemTable.ps1
index 27a4363c5..f23a24181 100644
--- a/scripts/automation/Radius/Functions/Private/SystemTable/New-SystemTable.ps1
+++ b/scripts/automation/Radius/Functions/Private/SystemTable/New-SystemTable.ps1
@@ -16,9 +16,9 @@ function New-SystemTable {
         foreach ($system in $AssociationTable.systemAssociations) {
             # $systemInfo = $GLOBAL:SystemHash[$system.resource_object_id]
             $systemTable = @{
-                systemId    = $system.resource_object_id
+                systemId    = $system.systemId
                 displayName = $system.hostname
-                osFamily    = $system.device_os
+                osFamily    = $system.osFamily
             }
             $systemAssociations += $systemTable
         }
diff --git a/scripts/automation/Radius/Functions/Private/Test-User.ps1 b/scripts/automation/Radius/Functions/Private/Test-User.ps1
deleted file mode 100644
index 5bc57524d..000000000
--- a/scripts/automation/Radius/Functions/Private/Test-User.ps1
+++ /dev/null
@@ -1,41 +0,0 @@
-function Test-User {
-    [CmdletBinding()]
-    param (
-        # Parameter help description
-        [Parameter(ParameterSetName = 'username')]
-        [System.String]
-        $username,
-        # Parameter help description
-        [Parameter(ParameterSetName = 'userid')]
-        [System.String]
-        $userID
-    )
-    begin {
-        # Get User Group membership
-        # TODO: update if data is older than 30 mins
-        if ( -not $GLOBAL:RadiusUserMembership ) {
-            $GLOBAL:RadiusUserMembership = Get-JCUserGroupMember -ByID $JCUSERGROUP
-        }
-    }
-    process {
-        switch ($PSCmdlet.ParameterSetName) {
-            'userid' {
-                $matchedUser = $Global:RadiusUserMembership | Where-Object { $userID -in $_.UserId }
-                $inputText = $userID
-            }
-            'username' {
-                $matchedUser = $Global:RadiusUserMembership | Where-Object { $username -in $_.Username }
-                $inputText = $username
-            }
-        }
-        if ($matchedUser) {
-            Write-Debug "Matched Username Found: $($matchedUser.username)"
-        } else {
-            Write-Warning "User specified $inputText was not found within the Radius Server Membership Lists"
-            return $null
-        }
-    }
-    end {
-        return $matchedUser
-    }
-}
\ No newline at end of file
diff --git a/scripts/automation/Radius/Functions/Private/UserJson/Get-UserJsonData.ps1 b/scripts/automation/Radius/Functions/Private/UserJson/Get-UserJsonData.ps1
new file mode 100644
index 000000000..cf4b60152
--- /dev/null
+++ b/scripts/automation/Radius/Functions/Private/UserJson/Get-UserJsonData.ps1
@@ -0,0 +1,31 @@
+function Get-UserJsonData {
+    [OutputType([System.Collections.ArrayList])]
+    [CmdletBinding()]
+    param (
+
+    )
+    begin {
+        if (Test-Path -Path "$JCScriptRoot/users.json" -PathType Leaf) {
+            $content = (Get-Content -Raw -Path "$JCScriptRoot/users.json")
+            if ([string]::isNullOrEmpty($content)) {
+                $userArray = New-Object System.Collections.ArrayList
+            } else {
+                $userArray = $content | ConvertFrom-Json -Depth 6
+
+            }
+        } else {
+            $userArray = New-Object System.Collections.ArrayList
+        }
+    }
+    process {
+        # If the json is a single item, explicitly make it a list so we can add to it
+        If ($userArray.count -eq 1) {
+            $array = New-Object System.Collections.ArrayList
+            $array.add($userArray) | Out-Null
+            $userArray = $array
+        }
+    }
+    end {
+        return [System.Collections.ArrayList]$userArray
+    }
+}
\ No newline at end of file
diff --git a/scripts/automation/Radius/Functions/Private/UserJson/Set-UserJsonData.ps1 b/scripts/automation/Radius/Functions/Private/UserJson/Set-UserJsonData.ps1
new file mode 100644
index 000000000..4d3aba071
--- /dev/null
+++ b/scripts/automation/Radius/Functions/Private/UserJson/Set-UserJsonData.ps1
@@ -0,0 +1,16 @@
+function Set-UserJsonData {
+    [CmdletBinding()]
+    param (
+        [Parameter(Mandatory)]
+        [System.Object]
+        $userArray
+    )
+    # If the json is a single item, explicitly make it a list so we can add to it
+    If ($userArray.count -eq 1) {
+        $array = New-Object System.Collections.ArrayList
+        $array.add($userArray)
+        $userArray = $array
+    }
+    $userArray | ConvertTo-Json -Depth 6 | Set-Content -Path "$JCScriptRoot/users.json"
+
+}
\ No newline at end of file
diff --git a/scripts/automation/Radius/Functions/Private/UserTable/Get-UserFromTable.ps1 b/scripts/automation/Radius/Functions/Private/UserTable/Get-UserFromTable.ps1
index a2c43bb67..c2b5f9ba5 100644
--- a/scripts/automation/Radius/Functions/Private/UserTable/Get-UserFromTable.ps1
+++ b/scripts/automation/Radius/Functions/Private/UserTable/Get-UserFromTable.ps1
@@ -4,25 +4,12 @@ function Get-UserFromTable {
         [Parameter()]
         [System.String]
         $jsonFilePath,
-        [Parameter()]
+        [Parameter(Mandatory)]
         [System.String]
-        $userid
+        $userId
     )
     begin {
-        # Import User.Json/ create list if it does not exist
-        if (Test-Path -Path $jsonFilePath -PathType Leaf) {
-            $userArray = Get-Content -Raw -Path $jsonFilePath | ConvertFrom-Json -Depth 6
-            # If the json is a single item, explicitly make it a list so we can add to it
-            If ($userArray.count -eq 1) {
-                $array = New-Object System.Collections.ArrayList
-                $array.add($userArray)
-                $userArray = $array
-            }
-
-        } else {
-            New-Item -Path $jsonFilePath
-            $userArray = @()
-        }
+        $userArray = Get-UserJsonData
         # Get the user from the jsonData
         $userObject = $Global:JCRUsers[$userid]
 
diff --git a/scripts/automation/Radius/Functions/Private/UserTable/New-UserTable.ps1 b/scripts/automation/Radius/Functions/Private/UserTable/New-UserTable.ps1
index 26d763c89..dfac6949f 100644
--- a/scripts/automation/Radius/Functions/Private/UserTable/New-UserTable.ps1
+++ b/scripts/automation/Radius/Functions/Private/UserTable/New-UserTable.ps1
@@ -12,7 +12,13 @@ function New-UserTable {
         $localUsername
     )
     begin {
-        $userArray = Get-Content -Raw -Path "$JCScriptRoot/users.json" | ConvertFrom-Json -Depth 6
+        $userArray = Get-UserJsonData
+        If ($userArray.count -eq 1) {
+            $array = New-Object System.Collections.ArrayList
+            $array.add($userArray) | Out-Null
+            $userArray = $array
+        }
+
         $systemAssociations = New-SystemTable -userID $id
         # for new users, just set the commandAssociation to $null as they have
         # not yet been issued a command
@@ -31,10 +37,10 @@ function New-UserTable {
             commandAssociations = $commandAssociations
             certInfo            = $certInfo
         }
-        $userArray += $userTable
+        $userArray += ($userTable)
 
     }
     end {
-        $userArray | ConvertTo-Json -Depth 6 | Set-Content -Path "$JCScriptRoot/users.json"
+        Set-UserJsonData -userArray $userArray
     }
 }
diff --git a/scripts/automation/Radius/Functions/Private/UserTable/Set-UserTable.ps1 b/scripts/automation/Radius/Functions/Private/UserTable/Set-UserTable.ps1
index 973164c73..ddcf49b07 100644
--- a/scripts/automation/Radius/Functions/Private/UserTable/Set-UserTable.ps1
+++ b/scripts/automation/Radius/Functions/Private/UserTable/Set-UserTable.ps1
@@ -25,7 +25,7 @@ function Set-UserTable {
     )
     begin {
         # Get User Array:
-        $userArray = Get-Content -Raw -Path "$JCScriptRoot/users.json" | ConvertFrom-Json -Depth 6
+        $userArray = Get-UserJsonData
         if ($PSBoundParameters.ContainsKey('index')) {
             $userIndex = $index
             $userObject = $userArray[$index]
@@ -35,6 +35,11 @@ function Set-UserTable {
             $userObject, $userIndex = Get-UserFromTable -jsonFilePath "$JCScriptRoot/users.json" -userID $id
         }
 
+        # TODO: if index is not correct make a stink about it
+        if ($userIndex -lt 0) {
+            throw "user not in user table exiting"
+        }
+
         # determine if there's data to update from parameter input, else just
         # use the existing data
         if ($systemAssociationsObject) {
@@ -69,6 +74,6 @@ function Set-UserTable {
     }
     end {
         # update the userTable
-        $userArray | ConvertTo-Json -Depth 6 | Set-Content -Path "$JCScriptRoot/users.json"
+        Set-UserJsonData -userArray $userArray
     }
 }
diff --git a/scripts/automation/Radius/Functions/Private/commands/get-queuedCommandByUser.ps1 b/scripts/automation/Radius/Functions/Private/commands/get-queuedCommandByUser.ps1
index eaa0576f3..a4c73cd8a 100644
--- a/scripts/automation/Radius/Functions/Private/commands/get-queuedCommandByUser.ps1
+++ b/scripts/automation/Radius/Functions/Private/commands/get-queuedCommandByUser.ps1
@@ -31,4 +31,3 @@ function get-queuedCommandByUser {
         return $response.results
     }
 }
-get-queuedCommandByUser -username "Farmer_100"
\ No newline at end of file
diff --git a/scripts/automation/Radius/Functions/Private/commands/invoke-commandByUserId.ps1 b/scripts/automation/Radius/Functions/Private/commands/invoke-commandByUserId.ps1
index cde84b1e3..ba892ef00 100644
--- a/scripts/automation/Radius/Functions/Private/commands/invoke-commandByUserId.ps1
+++ b/scripts/automation/Radius/Functions/Private/commands/invoke-commandByUserId.ps1
@@ -17,9 +17,9 @@ function invoke-commandByUserid {
         # get Windows Command
         $windows_commandId = ($userObject.commandAssociations | Where-Object { $_.commandName -match "Windows" }).commandId
         # get list of macOS systems
-        $macOS_systemIds = $userObject.systemAssociations | Where-Object { $_.device_os -eq "macOS" }
+        $macOS_systemIds = $userObject.systemAssociations | Where-Object { $_.osFamily -eq "macOS" }
         # get list of Windows systems
-        $windows_systemIds = $userObject.systemAssociations | Where-Object { $_.device_os -eq "Windows" }
+        $windows_systemIds = $userObject.systemAssociations | Where-Object { $_.osFamily -eq "Windows" }
     }
 
     process {
diff --git a/scripts/automation/Radius/Functions/Private/menus/Get-ResponsePrompt.ps1 b/scripts/automation/Radius/Functions/Private/menus/Get-ResponsePrompt.ps1
new file mode 100644
index 000000000..49f2302ce
--- /dev/null
+++ b/scripts/automation/Radius/Functions/Private/menus/Get-ResponsePrompt.ps1
@@ -0,0 +1,29 @@
+function Get-ResponsePrompt {
+    [CmdletBinding()]
+    param (
+        [Parameter(Mandatory)]
+        [System.String]
+        $message
+    )
+
+
+    $promptForInvokeInput = $true
+    while ($promptForInvokeInput) {
+        $invokeCommands = Read-Host "$message`nPlease type: 'y'/'n' (or 'E' to return to menu)"
+        switch ($invokeCommands) {
+            'e' {
+                $promptForInvokeInput = $false
+                break
+            }
+            'n' {
+                return $false
+            }
+            'y' {
+                return $true
+            }
+            default {
+                write-host "Invalid input`nPlease type 'y'/ 'n' (or 'E' to return to menu)"
+            }
+        }
+    }
+}
\ No newline at end of file
diff --git a/scripts/automation/Radius/Functions/Private/menus/Show-CertDeploymentMenu.ps1 b/scripts/automation/Radius/Functions/Private/menus/Show-CertDeploymentMenu.ps1
new file mode 100644
index 000000000..cbbf8c914
--- /dev/null
+++ b/scripts/automation/Radius/Functions/Private/menus/Show-CertDeploymentMenu.ps1
@@ -0,0 +1,17 @@
+function Show-CertDeploymentMenu {
+    $title = ' JumpCloud Radius Cert Deployment '
+    Clear-Host
+    Write-Host $(PadCenter -string $Title -char '=')
+    Write-Host $(PadCenter -string "Select an option below to view certificate deployment status`n" -char ' ') -ForegroundColor Yellow
+
+    # ==== instructions ====
+    Write-Host $(PadCenter -string ' Certificate Deployment Result Options ' -char '-')
+    # List options:
+    Write-Host "1: Press '1' to view results."
+    Write-Host "2: Press '2' to view failed command runs"
+    Write-Host "3: Press '3' to invoke/retry commands"
+    Write-Host "E: Press 'E' to exit."
+
+    Write-Host $(PadCenter -string "-" -char '-')
+
+}
\ No newline at end of file
diff --git a/scripts/automation/Radius/Functions/Private/Show-RadiusMainMenu.ps1 b/scripts/automation/Radius/Functions/Private/menus/Show-RadiusMainMenu.ps1
similarity index 94%
rename from scripts/automation/Radius/Functions/Private/Show-RadiusMainMenu.ps1
rename to scripts/automation/Radius/Functions/Private/menus/Show-RadiusMainMenu.ps1
index ee573c568..c7baca4a8 100644
--- a/scripts/automation/Radius/Functions/Private/Show-RadiusMainMenu.ps1
+++ b/scripts/automation/Radius/Functions/Private/menus/Show-RadiusMainMenu.ps1
@@ -7,7 +7,7 @@ function Show-RadiusMainMenu {
     $userCertInfo = Get-CertInfo -UserCerts
 
     # Determine cut off date for expiring certs
-    $cutoffDate = (Get-Date).AddDays(15).Date
+    $global:cutoffDate = (Get-Date).AddDays(15).Date
 
     # Find all certs that will expire between current date and cut off date
     $Global:expiringCerts = Get-ExpiringCertInfo -certInfo $userCertInfo -cutoffDate $cutoffDate
@@ -43,7 +43,7 @@ function Show-RadiusMainMenu {
 
     # ==== GROUP/SSID/Global Variables  ====
     Write-Host $(PadCenter -string "Radius User Group: $($radiusUserGroup.Name)" -char " ") -ForegroundColor Green
-    Write-Host $(PadCenter -string "Radius Users: $($radiusUserGroupMemberCount)" -char " ") -ForegroundColor Green
+    Write-Host $(PadCenter -string "Total Radius Users: $($radiusUserGroupMemberCount)" -char " ") -ForegroundColor Green
     Write-Host $(PadCenter -string "Radius SSID(s): $radiusSSID" -char " ") -ForegroundColor Green
     Write-Host $(PadCenter -string "Last Updated User/System Data: $($Global:JCRConfig.globalVars.lastupdate)" -char " ") -ForegroundColor Green
     # Write-Host "`n"
diff --git a/scripts/automation/Radius/Functions/Private/menus/Show-RadiusProgress.ps1 b/scripts/automation/Radius/Functions/Private/menus/Show-RadiusProgress.ps1
index a9de709d6..e0abe6287 100644
--- a/scripts/automation/Radius/Functions/Private/menus/Show-RadiusProgress.ps1
+++ b/scripts/automation/Radius/Functions/Private/menus/Show-RadiusProgress.ps1
@@ -11,10 +11,10 @@ Function Show-RadiusProgress {
     $headerString = "{0,-$($($propertyNames[0]).length)}"
 
     for ($i = 1; $i -lt $propertyNames.Count; $i++) {
-        <# Action that will repeat until the condition is met #>
         $headerString += " | {$i,-$($($propertyNames[$i]).length)}"
     }
     if ($completedItems -eq 1) {
+        Write-Host $(PadCenter -string " results " -char '-')
         write-host ($headerString -f $propertyNames)
         $propertyvalues = @($previousOperationResult.Values)
         $propertyvalues += "$($completedItems) / $($TotalItems)"
@@ -26,5 +26,8 @@ Function Show-RadiusProgress {
     }
 
     write-host ($headerString -f $propertyValues)
+    if ($completedItems -eq $totalItems) {
+        Write-Host $(PadCenter -string "" -char '-')
+    }
 
 }
diff --git a/scripts/automation/Radius/Functions/Private/settings/Get-JCRGlobalVars.ps1 b/scripts/automation/Radius/Functions/Private/settings/Get-JCRGlobalVars.ps1
index 354de3dda..384606b74 100644
--- a/scripts/automation/Radius/Functions/Private/settings/Get-JCRGlobalVars.ps1
+++ b/scripts/automation/Radius/Functions/Private/settings/Get-JCRGlobalVars.ps1
@@ -46,13 +46,14 @@ function Get-JCRGlobalVars {
                 # Get Radius membership list:
                 $radiusMembers = Get-JcSdkUserGroupMember -GroupId $Global:JCUSERGROUP
                 # add the username to the membership hash
-                $radiusMemberList = New-Object System.Collections.Hashtable
+                $radiusMemberList = New-Object System.Collections.ArrayList
                 foreach ($member in $radiusMembers) {
                     $radiusMemberList.Add(
-                        $member.toID, @{
+                        [PSCustomObject]@{
                             'userID'   = $member.toID
                             'username' = $users[$member.toID].username
-                        })
+                        }
+                    )
                 }
                 # Get Report Hash:
                 $headers = @{
@@ -82,11 +83,11 @@ function Get-JCRGlobalVars {
                         if (-not $userAssociationList[$item.user_object_id]) {
                             $userAssociationList.add(
                                 $item.user_object_id, @{
-                                    'systemAssociations' = @($item | Select-Object -Property @{Name = 'systemId'; Expression = { $_.resource_object_id } }, hostname, device_os);
+                                    'systemAssociations' = @($item | Select-Object -Property @{Name = 'systemId'; Expression = { $_.resource_object_id } }, hostname, @{Name = 'osFamily'; Expression = { $_.device_os } });
                                     'userData'           = @($item | Select-Object -Property email, username)
                                 })
                         } else {
-                            $userAssociationList[$item.user_object_id].systemAssociations += @($item | Select-Object -Property @{Name = 'systemId'; Expression = { $_.resource_object_id } }, hostname, device_os)
+                            $userAssociationList[$item.user_object_id].systemAssociations += @($item | Select-Object -Property @{Name = 'systemId'; Expression = { $_.resource_object_id } }, hostname, @{Name = 'osFamily'; Expression = { $_.device_os } })
                         }
                     }
                 }
diff --git a/scripts/automation/Radius/Functions/Private/settings/Update-JCRUsersJson.ps1 b/scripts/automation/Radius/Functions/Private/settings/Update-JCRUsersJson.ps1
index e49ca46c7..9123a6b74 100644
--- a/scripts/automation/Radius/Functions/Private/settings/Update-JCRUsersJson.ps1
+++ b/scripts/automation/Radius/Functions/Private/settings/Update-JCRUsersJson.ps1
@@ -10,16 +10,17 @@ function Update-JCRUsersJson {
     }
     process {
         # validate that the system association data is correct in users.json:
-        $userArray = Get-Content -Raw -Path "$JCScriptRoot/users.json" | ConvertFrom-Json -Depth 6
-        foreach ($userid in $Global:JCRRadiusMembers.keys) {
+        # $userArray = Get-UserJsonData
+        foreach ($user in $Global:JCRRadiusMembers) {
 
-            $MatchedUser = $GLOBAL:JCRUsers[$userid]
-            $userArrayObject, $userIndex = Get-UserFromTable -userID $userid -jsonFilePath "$JCScriptRoot/users.json"
+            $MatchedUser = $GLOBAL:JCRUsers[$user.userID]
+            $userArrayObject, $userIndex = Get-UserFromTable -userID $user.userID -jsonFilePath "$JCScriptRoot/users.json"
 
             if ($userIndex -ge 0) {
                 # $userArrayObject
                 $currentSystemObject = $userArrayObject.systemAssociations
-                $incomingSystemObject = $Global:JCRAssociations[$userid].systemAssociations
+                $incomingSystemObject = $Global:JCRAssociations[$user.userID].systemAssociations
+
                 # determine if there's some difference that needs to be recorded:
                 try {
                     $difference = Compare-Object -ReferenceObject $currentSystemObject.systemId -DifferenceObject $incomingSystemObject.systemId
@@ -34,15 +35,15 @@ function Update-JCRUsersJson {
 
             } else {
                 # case for new user
-                New-UserTable -id $userid -username $MatchedUser.username -localUsername $matchedUser.systemUsername
+                New-UserTable -id $user.userID -username $MatchedUser.username -localUsername $matchedUser.systemUsername
             }
 
         }
         # lastly validate users that should no longer be recorded:
-        $userArray = Get-Content -Raw -Path "$JCScriptRoot/users.json" | ConvertFrom-Json -Depth 6
+        $userArray = Get-UserJsonData
         foreach ($user in $userArray) {
             # If userID from users.json is no longer in RadiusMembers.keys, then:
-            If ( -Not ($user.userId -in $Global:JCRRadiusMembers.keys) ) {
+            If ( -Not ($user.userid -in $Global:JCRRadiusMembers.userid) ) {
                 # Get User From Table
                 $userObject, $userIndex = Get-UserFromTable -jsonFilePath "$JCScriptRoot/users.json" -userID $user.userId
                 $userArray = $userArray | Where-Object { $_.userID -ne $user.userId }
diff --git a/scripts/automation/Radius/Functions/Public/Cert-GenerateOrImport.ps1 b/scripts/automation/Radius/Functions/Public/Cert-GenerateOrImport.ps1
deleted file mode 100644
index 7f31e54c4..000000000
--- a/scripts/automation/Radius/Functions/Public/Cert-GenerateOrImport.ps1
+++ /dev/null
@@ -1,12 +0,0 @@
-
-do {
-    Show-GenerateOrImportCertMenu
-    $option = Read-Host "Please make a selection"
-    switch ($option) {
-        '1' {
-            . "$JCScriptRoot/Functions/Public/Generate-RootCert.ps1"
-        } '2' {
-            Get-CertKeyPass
-        }
-    }
-} until ($option.ToUpper() -eq 'E')
\ No newline at end of file
diff --git a/scripts/automation/Radius/Functions/Public/Distribute-UserCerts.ps1 b/scripts/automation/Radius/Functions/Public/Distribute-UserCerts.ps1
index 9adb74732..c8db039bd 100644
--- a/scripts/automation/Radius/Functions/Public/Distribute-UserCerts.ps1
+++ b/scripts/automation/Radius/Functions/Public/Distribute-UserCerts.ps1
@@ -1,118 +1,136 @@
-# Import Global Config:
-# . "$JCScriptRoot/config.ps1"
-# Connect-JCOnline $JCAPIKEY -force
-[CmdletBinding(DefaultParameterSetName = 'gui')]
-param (
-    [Parameter(ParameterSetName = 'cli')]
-    [ValidateSet("All", "New", "ByUsername")]
-    [system.String]
-    $generateType,
-    # Parameter help description
-    [Parameter(ParameterSetName = 'cli')]
-    [System.String]
-    $username
-)
 
-################################################################################
-# Do not modify below
-################################################################################
-# TODO: move into function file & rename
-function pfi {
-    $promptForInvokeInput = $true
-    while ($promptForInvokeInput) {
-        $invokeCommands = Read-Host "Would you like to invoke commands after generating them y/n? (or 'E' to return to menu)"
-        switch ($invokeCommands) {
-            'e' {
-                $promptForInvokeInput = $false
-                break
-            }
-            'n' {
-                return $false
-            }
-            'y' {
-                return $true
-            }
-            default {
-                write-host "invalid input please type 'y' or 'n' (or 'E' to return to menu)"
-            }
-        }
-    }
-}
+function Distribute-UserCerts {
+    [CmdletBinding(DefaultParameterSetName = 'gui')]
+    param (
+        # Type of certs to distribute, All, New or byUsername
+        [Parameter(ParameterSetName = 'cli', Mandatory)]
+        [ValidateSet("All", "New", "ByUsername")]
+        [system.String]
+        $type,
+        # username
+        [Parameter(ParameterSetName = 'cli')]
+        [System.String]
+        $username,
+        # Force invoke commands after generation
+        [Parameter(ParameterSetName = 'cli')]
+        [switch]
+        $forceInvokeCommands
+    )
 
-# Import the users.json file and convert to PSObject
-$userArray = Get-Content -Raw -Path "$JCScriptRoot/users.json" | ConvertFrom-Json -Depth 10
+    # Import the users.json file and convert to PSObject
+    $userArray = Get-UserJsonData
 
-do {
-    switch ($PSCmdlet.ParameterSetName) {
-        'gui' {
-            Show-DistributionMenu -CertObjectArray $userArray.certInfo
-            $confirmation = Read-Host "Please make a selection"
-            $invokeCommands = pfi
-        }
-        'cli' {
-            $confirmationMap = @{
-                'All'        = '1';
-                'New'        = '2';
-                "ByUsername" = '3';
-            }
-            $confirmation = $confirmationMap[$generateType]
-        }
-    }
+    do {
+        switch ($PSCmdlet.ParameterSetName) {
+            'gui' {
+                Show-DistributionMenu -CertObjectArray $userArray.certInfo
+                $confirmation = Read-Host "Please make a selection"
 
-    switch ($confirmation) {
-        '1' {
-            for ($i = 0; $i -lt $userArray.Count; $i++) {
-                $result = Deploy-UserCertificate -userObject $userArray[$i] -invokeCommands $invokeCommands
-                Show-RadiusProgress -completedItems ($i + 1) -totalItems $userArray.Count -ActionText "Distributing Radius Certificates" -previousOperationResult $result
-                # Write-Host "`r" -NoNewline
             }
-            Show-StatusMessage -Message "Finished Distributing Certificates"
-        }
-        '2' {
-            # TODO: prompt to invoke after creating commands
-            $usersWithoutLatestCert = $userArray | Where-Object { ( $_.certinfo.deployed -eq $false) -or (-not $_.certinfo.deployed) }
-            for ($i = 0; $i -lt $usersWithoutLatestCert.Count; $i++) {
-                $result = Deploy-UserCertificate -userObject $usersWithoutLatestCert[$i] -invokeCommands $invokeCommands
-                Show-RadiusProgress -completedItems ($i + 1) -totalItems $usersWithoutLatestCert.Count -ActionText "Distributing Radius Certificates" -previousOperationResult $result
-                # Write-Host "`r" -NoNewline
+            'cli' {
+                $confirmationMap = @{
+                    'All'        = '1';
+                    'New'        = '2';
+                    "ByUsername" = '3';
+                }
+                $confirmation = $confirmationMap[$type]
+                # if force invoke is set, invoke the commands after generation:
+                switch ($forceInvokeCommands) {
+                    $true {
+                        $invokeCommands = $true
+                    }
+                    $false {
+                        $invokeCommands = $false
+                    }
+                }
             }
-            Show-StatusMessage -Message "Finished Distributing Certificates"
-
         }
-        '3' {
-            switch ($PSCmdlet.ParameterSetName) {
-                'gui' {
-                    try {
-                        Clear-Variable -Name "ConfirmUser" -ErrorAction Ignore
-                    } catch {
-                        New-Variable -Name "ConfirmUser" -Value $null
+
+        switch ($confirmation) {
+            '1' {
+                # case for all users
+                for ($i = 0; $i -lt $userArray.Count; $i++) {
+                    $result = Deploy-UserCertificate -userObject $userArray[$i] -forceInvokeCommands $invokeCommands
+                    Show-RadiusProgress -completedItems ($i + 1) -totalItems $userArray.Count -ActionText "Distributing Radius Certificates" -previousOperationResult $result
+                }
+                # return after an action if cli, else stay in function
+                switch ($PSCmdlet.ParameterSetName) {
+                    'gui' {
+                        Show-StatusMessage -Message "Finished Distributing Certificates"
                     }
-                    while (-not $confirmUser) {
-                        $confirmationUser = Read-Host "Enter the Username of the user (or '@exit' to return to menu)"
-                        if ($confirmationUser -eq '@exit') {
-                            break
-                        }
+                    'cli' {
+                        return
+                    }
+                }
+            }
+            '2' {
+                # case for new users; users that do not have certinfo marked as already deployed (i.e. users with new certs or un-deployed certs)
+                $usersWithoutLatestCert = $userArray | Where-Object { ( $_.certinfo.deployed -eq $false) -or (-not $_.certinfo.deployed) }
+                for ($i = 0; $i -lt $usersWithoutLatestCert.Count; $i++) {
+                    $result = Deploy-UserCertificate -userObject $usersWithoutLatestCert[$i] -forceInvokeCommands $invokeCommands
+                    Show-RadiusProgress -completedItems ($i + 1) -totalItems $usersWithoutLatestCert.Count -ActionText "Distributing Radius Certificates" -previousOperationResult $result
+                }
+                # return after an action if cli, else stay in function
+                switch ($PSCmdlet.ParameterSetName) {
+                    'gui' {
+                        Show-StatusMessage -Message "Finished Distributing Certificates"
+                    }
+                    'cli' {
+                        return
+                    }
+                }
+            }
+            '3' {
+                # case for users by username
+                switch ($PSCmdlet.ParameterSetName) {
+                    'gui' {
                         try {
-                            $confirmUser = Test-UserFromHash -username $confirmationUser -debug
+                            Clear-Variable -Name "ConfirmUser" -ErrorAction Ignore
                         } catch {
-                            Write-Warning "User specified $confirmationUser was not found within the Radius Server Membership Lists"
+                            New-Variable -Name "ConfirmUser" -Value $null
+                        }
+                        while (-not $confirmUser) {
+                            $confirmationUser = Read-Host "Enter the Username of the user (or '@exit' to return to menu)"
+                            if ($confirmationUser -eq '@exit') {
+                                break
+                            }
+                            try {
+                                $confirmUser = Test-UserFromHash -username $confirmationUser -debug
+                            } catch {
+                                Write-Warning "User specified $confirmationUser was not found within the Radius Server Membership Lists"
+                            }
                         }
                     }
+                    'cli' {
+                        $confirmUser = Test-UserFromHash -username $username -debug
+                    }
+                }
+                if ($confirmUser) {
+                    # Get the userobject + index from users.json
+                    $userObject, $userIndex = Get-UserFromTable -jsonFilePath "$JCScriptRoot/users.json" -userID $confirmUser.id
+                    # Add user to a list for processing
+                    $UserSelectionArray = $userArray[$userIndex]
+                    # Process existing commands/ Generate new commands/ Deploy new Certificate
+                    switch ($PSCmdlet.ParameterSetName) {
+                        'gui' {
+                            $result = Deploy-UserCertificate -userObject $UserSelectionArray -prompt
+                        }
+                        'cli' {
+                            $result = Deploy-UserCertificate -userObject $UserSelectionArray -forceInvokeCommands $invokeCommands
+                        }
+                    }
+                    Show-RadiusProgress -completedItems $UserSelectionArray.count -totalItems $UserSelectionArray.Count -ActionText "Distributing Radius Certificates" -previousOperationResult $result
                 }
-                'cli' {
-                    $confirmUser = Test-UserFromHash -username $username -debug
+                # return after an action if cli, else stay in function
+                switch ($PSCmdlet.ParameterSetName) {
+                    'gui' {
+                        Show-StatusMessage -Message "Finished Distributing Certificates"
+                    }
+                    'cli' {
+                        return
+                    }
                 }
             }
-            if ($confirmUser) {
-                # Get the userobject + index from users.json
-                $userObject, $userIndex = Get-UserFromTable -jsonFilePath "$JCScriptRoot/users.json" -userID $confirmUser.id
-                # Add user to a list for processing
-                $UserSelectionArray = $userArray[$userIndex]
-                # Process existing commands/ Generate new commands/ Deploy new Certificate
-                $result = Deploy-UserCertificate -userObject $UserSelectionArray -invokeCommands $invokeCommands
-                Show-RadiusProgress -completedItems $UserSelectionArray.count -totalItems $UserSelectionArray.Count -ActionText "Distributing Radius Certificates" -previousOperationResult $result
-                Show-StatusMessage -Message "Finished Distributing Certificates"
-            }
         }
-    }
-} while ($confirmation -ne 'E')
+    } while ($confirmation -ne 'E')
+}
\ No newline at end of file
diff --git a/scripts/automation/Radius/Functions/Public/Generate-RootCert.ps1 b/scripts/automation/Radius/Functions/Public/Generate-RootCert.ps1
index ae41962b1..fd3570667 100644
--- a/scripts/automation/Radius/Functions/Public/Generate-RootCert.ps1
+++ b/scripts/automation/Radius/Functions/Public/Generate-RootCert.ps1
@@ -1,64 +1,82 @@
-# this script will generate a Self Signed CA (root cert) to be imported on the
-# Radius CBA-BYO Authentication UI
+Function Generate-RootCert {
+    [CmdletBinding(DefaultParameterSetName = 'gui')]
+    param (
+        # Force invoke commands after generation
+        [Parameter(ParameterSetName = 'cli')]
+        [switch]
+        $forceReplcaeCert
+    )
+    # this script will generate a Self Signed CA (root cert) to be imported on the
+    # Radius CBA-BYO Authentication UI
 
-# Edit the variables in Config.ps1 before running this script
-. "$JCScriptRoot/Config.ps1"
+    # Edit the variables in Config.ps1 before running this script
+    . "$JCScriptRoot/Config.ps1"
 
-if ( ([System.String]::IsNullOrEmpty($JCORGID)) -Or ($JCORGID.Length -ne 24) ) {
-    throw "OrganizationID not specified, please update config.ps1"
-}
+    if ( ([System.String]::IsNullOrEmpty($JCORGID)) -Or ($JCORGID.Length -ne 24) ) {
+        throw "OrganizationID not specified, please update config.ps1"
+    }
 
-################################################################################
-# Do Not Edit Below:
-################################################################################
-Set-Location $JCScriptRoot
+    ################################################################################
+    # Do Not Edit Below:
+    ################################################################################
+    Set-Location $JCScriptRoot
 
-# REM Generate Root Server Private Key and server certificate (self signed as CA)
-Write-Host "Generating Self Signed Root CA Certificate"
-if (Test-Path -Path "$JCScriptRoot/Cert") {
-    Write-Host "Cert Path Exists"
-} else {
-    Write-Host "Creating Cert Path"
-    New-Item -ItemType Directory -Path "$JCScriptRoot/Cert"
-}
-# Check if cert exists, prompt user to overwrite with a while loop
-if (Test-Path -Path "$JCScriptRoot/Cert/radius_ca_cert.pem") {
-    Write-Host "CA Cert already exists"
-    $overwrite = Read-Host "Do you want to overwrite the existing CA Cert? (y/n)"
-    if ($overwrite -eq "y") {
-        Write-Host "Overwriting CA Cert..."
+    # REM Generate Root Server Private Key and server certificate (self signed as CA)
+    Write-Host "Generating Self Signed Root CA Certificate"
+    if (Test-Path -Path "$JCScriptRoot/Cert") {
+        Write-Host "Cert Path Exists"
     } else {
-        Write-Host "Exiting "
-        break
+        Write-Host "Creating Cert Path"
+        New-Item -ItemType Directory -Path "$JCScriptRoot/Cert"
     }
-}
-$CertPath = Resolve-Path "$JCScriptRoot/Cert"
-$outKey = "$CertPath/radius_ca_key.pem"
-$outCA = "$CertPath/radius_ca_cert.pem"
-# Ask the user to enter a pass phrase for the CA key:
-# Clear the pass phrase from the env:
-$env:certKeyPassword = ""
-$secureCertKeyPass = Read-Host -Prompt "Enter a password for the certificate key" -AsSecureString
-$certKeyPass = ConvertFrom-SecureString $secureCertKeyPass -AsPlainText
-# Save the pass phrase in the env:
-$env:certKeyPassword = $certKeyPass
-Invoke-Expression "$opensslBinary req -x509 -newkey rsa:2048 -days 365 -keyout $outKey -out $outCA -passout pass:$($env:certKeyPassword) -subj /C=$($Subj.countryCode)/ST=$($Subj.stateCode)/L=$($Subj.Locality)/O=$($Subj.Organization)/OU=$($Subj.OrganizationUnit)/CN=$($Subj.CommonName)"
-# REM PEM pass phrase: myorgpass
-Invoke-Expression "$opensslBinary x509 -in $outCA -noout -text"
-# openssl x509 -in ca-cert.pem -noout -text
-# Update Extensions Distinguished Names:
-$exts = Get-ChildItem -Path "$JCScriptRoot/Extensions"
-foreach ($ext in $exts) {
-    Write-Host "Updating Subject Headers for $($ext.Name)"
-    $extContent = Get-Content -Path $ext.FullName -Raw
-    $reqDistinguishedName = "[req_distinguished_name]
-C = $($subj.countryCode)
-ST = $($subj.stateCode)
-L = $($subj.Locality)
-O = $($subj.Organization)
-OU = $($subj.OrganizationUnit)
-CN = $($subj.CommonName)
+    # Check if cert exists, prompt user to overwrite with a while loop
+    if (Test-Path -Path "$JCScriptRoot/Cert/radius_ca_cert.pem") {
+        Write-Host "CA Cert already exists"
+        switch ($PSCmdlet.ParameterSetName) {
+            'gui' {
+                $overwrite = Get-ResponsePrompt -message "Do you want to overwrite the existing CA Cert?"
+                switch ($overwrite) {
+                    $true {
+                        continue
+                    }
+                    $false {
+                        return
+                    }
+                }
+            }
+            'cli' {
 
-"
-    $extContent -Replace ("\[req_distinguished_name\][\s\S]*(?=\[v3_req\])", $reqDistinguishedName) | Set-Content -Path $ext.FullName -NoNewline -Force
+            }
+        }
+    }
+    $CertPath = Resolve-Path "$JCScriptRoot/Cert"
+    $outKey = "$CertPath/radius_ca_key.pem"
+    $outCA = "$CertPath/radius_ca_cert.pem"
+    # Ask the user to enter a pass phrase for the CA key:
+    # Clear the pass phrase from the env:
+    $env:certKeyPassword = ""
+    $secureCertKeyPass = Read-Host -Prompt "Enter a password for the certificate key" -AsSecureString
+    $certKeyPass = ConvertFrom-SecureString $secureCertKeyPass -AsPlainText
+    # Save the pass phrase in the env:
+    $env:certKeyPassword = $certKeyPass
+    Invoke-Expression "$opensslBinary req -x509 -newkey rsa:2048 -days 365 -keyout $outKey -out $outCA -passout pass:$($env:certKeyPassword) -subj /C=$($Subj.countryCode)/ST=$($Subj.stateCode)/L=$($Subj.Locality)/O=$($Subj.Organization)/OU=$($Subj.OrganizationUnit)/CN=$($Subj.CommonName)"
+    # REM PEM pass phrase: myorgpass
+    Invoke-Expression "$opensslBinary x509 -in $outCA -noout -text"
+    # openssl x509 -in ca-cert.pem -noout -text
+    # Update Extensions Distinguished Names:
+    $exts = Get-ChildItem -Path "$JCScriptRoot/Extensions"
+    foreach ($ext in $exts) {
+        Write-Host "Updating Subject Headers for $($ext.Name)"
+        $extContent = Get-Content -Path $ext.FullName -Raw
+        $reqDistinguishedName = "[req_distinguished_name]
+    C = $($subj.countryCode)
+    ST = $($subj.stateCode)
+    L = $($subj.Locality)
+    O = $($subj.Organization)
+    OU = $($subj.OrganizationUnit)
+    CN = $($subj.CommonName)
+
+    "
+        $extContent -Replace ("\[req_distinguished_name\][\s\S]*(?=\[v3_req\])", $reqDistinguishedName) | Set-Content -Path $ext.FullName -NoNewline -Force
+    }
 }
diff --git a/scripts/automation/Radius/Functions/Public/Generate-UserCerts.ps1 b/scripts/automation/Radius/Functions/Public/Generate-UserCerts.ps1
index 517fc3b91..642c3625d 100644
--- a/scripts/automation/Radius/Functions/Public/Generate-UserCerts.ps1
+++ b/scripts/automation/Radius/Functions/Public/Generate-UserCerts.ps1
@@ -1,229 +1,196 @@
-# TODO: param for testing
-
-# Import Global Config:
-# . "$JCScriptRoot/config.ps1"
-# Connect-JCOnline $JCAPIKEY -force
-
-################################################################################
-# Do not modify below
-################################################################################
-# Check if CA-Key is saved in env
-if ($env:certKeyPassword) {
-    Write-Host "Found CA-Key password in env"
-    # Check if the key.pem works with the password
-    $foundKeyPem = Resolve-Path -Path "$JCScriptRoot/Cert/*key.pem"
-    $checkKey = openssl rsa -in $foundKeyPem -check -passin pass:$($env:certKeyPassword) 2>&1
-    if ($checkKey -match "RSA key ok") {
-        Write-Debug "ENV CA-Key password is works with the current key"
+# todo: rename to be PS-ApprovedVerb "New-UserCert"
+function Generate-UserCerts {
+    [CmdletBinding(DefaultParameterSetName = 'gui')]
+    param (
+        # Type of certs to distribute, All, New or byUsername
+        [Parameter(ParameterSetName = 'cli', Mandatory)]
+        [ValidateSet("All", "New", "ByUsername", "ExpiringSoon")]
+        [system.String]
+        $type,
+        # username
+        [Parameter(ParameterSetName = 'cli')]
+        [System.String]
+        $username,
+        # Force invoke commands after generation
+        [Parameter(ParameterSetName = 'cli')]
+        [switch]
+        $forceReplaceCerts
+    )
+    #### begin function setup:
+    # Check if CA-Key is saved in env
+    if ($env:certKeyPassword) {
+        Write-Host "Found CA-Key password in env"
+        # Check if the key.pem works with the password
+        $foundKeyPem = Resolve-Path -Path "$JCScriptRoot/Cert/*key.pem"
+        $checkKey = openssl rsa -in $foundKeyPem -check -passin pass:$($env:certKeyPassword) 2>&1
+        if ($checkKey -match "RSA key ok") {
+            Write-Debug "ENV CA-Key password is works with the current key"
+        } else {
+            Write-Host "CA-Key password is incorrect"
+            Get-CertKeyPass
+        }
     } else {
-        Write-Host "CA-Key password is incorrect"
+        # Get CA-Key password
+        Write-Host "CA-Key password not found in the ENV"
         Get-CertKeyPass
     }
-} else {
-    # Get CA-Key password
-    Write-Host "CA-Key password not found in the ENV"
-    Get-CertKeyPass
-}
 
-# Import the functions
-# Import-Module "$JCScriptRoot/Functions/JCRadiusCertDeployment.psm1" -DisableNameChecking -Force
+    # get userArray or initialize
+    $userArray = Get-UserJsonData
 
-# Import User.Json/ create list if it does not exist
-if (Test-Path -Path "$JCScriptRoot/users.json" -PathType Leaf) {
-    Write-Host "[status] Found user.json file"
-    $userArray = Get-Content -Raw -Path "$JCScriptRoot/users.json" | ConvertFrom-Json -Depth 6
-    # If the json is a single item, explicitly make it a list so we can add to it
-    If ($userArray.count -eq 1) {
-        $array = New-Object System.Collections.ArrayList
-        $array.add($userArray)
-        $userArray = $array
+    # Create UserCerts dir
+    if (Test-Path "$JCScriptRoot/UserCerts") {
+        Write-Host "[status] User Cert Directory Exists"
+    } else {
+        Write-Host "[status] Creating User Cert Directory"
+        New-Item -ItemType Directory -Path "$JCScriptRoot/UserCerts"
     }
+    #### end function setup
 
-} else {
-    Write-Host "[status] users.json file not found"
-    $userArray = @()
-}
-
-# Create UserCerts dir
-if (Test-Path "$JCScriptRoot/UserCerts") {
-    Write-Host "[status] User Cert Directory Exists"
-} else {
-    Write-Host "[status] Creating User Cert Directory"
-    New-Item -ItemType Directory -Path "$JCScriptRoot/UserCerts"
-}
-
-Do {
-    Show-GenerationMenu
-    $confirmation = Read-Host "Please make a selection"
-
-    switch ($confirmation) {
-        '1' {
-            # process all users, generate certificates for uses who do not yet have a certificate
-            # Get List of files, figure out userList of users who've not had a cert generated:
-            $userCertFiles = Get-ChildItem -Path "$JCScriptRoot/UserCerts/" -Filter "*-client-signed.pfx"
-            $certFileList = New-Object System.Collections.ArrayList
-            foreach ($file in $userCertFiles) {
-                $userFromFile = $file.BaseName.Replace("-client-signed", "")
-                $certFileList.add($userFromFile) | Out-Null
+    Do {
+        switch ($PSCmdlet.ParameterSetName) {
+            'gui' {
+                Show-GenerationMenu
+                $confirmation = Read-Host "Please make a selection"
             }
-            # Get each RadiusMember User:
-            foreach ($user in $Global:JCRRadiusMembers.keys) {
-                # Get the user details:
-                $MatchedUser = $GLOBAL:JCRUsers[$user]
-                # If the user has a certificate continue
-                if ($MatchedUser.username -in $certFileList) {
-                    #if the cert already exists, break
-                    Write-Host "[status] $($MatchedUser.username) has a certificate already. skipping..."
-                } else {
-                    # if the user does not have a certificate, generate
-                    Generate-UserCert -CertType $CertType -user $MatchedUser -rootCAKey "$JCScriptRoot/Cert/radius_ca_key.pem" -rootCA "$JCScriptRoot/Cert/radius_ca_cert.pem" | Out-Null
-                    # Get the user from the users.json file
-                    $userObject, $userIndex = Get-UserFromTable -jsonFilePath "$JCScriptRoot/users.json" -userID $MatchedUser.id
-                    # set user table:
-                    if ($userIndex -ge 0) {
-                        # update the new certificate info & set commandAssociation to $null
-                        # TODO: commandAssociation not being set to null
-                        $certInfo = Get-CertInfo -UserCerts -username $MatchedUser.username
-                        # Add the cert info tracking to the object
-                        $certInfo | Add-Member -Name 'deployed' -Type NoteProperty -Value $false
-                        $certInfo | Add-Member -Name 'deploymentDate' -Type NoteProperty -Value $null
-                        Set-UserTable -index $userIndex -certInfoObject $certInfo -commandAssociationsObject $null
-                    } else {
-                        # Create a new table entry
-                        New-UserTable -id $MatchedUser.id -username $MatchedUser.username -localUsername $MatchedUser.systemUsername
+            'cli' {
+                $confirmationMap = @{
+                    'New'          = '1';
+                    "ByUsername"   = '2';
+                    'All'          = '3';
+                    "ExpiringSoon" = '4';
+                }
+                $confirmation = $confirmationMap[$type]
+                # if force invoke is set, invoke the commands after generation:
+                switch ($forceReplaceCerts) {
+                    $true {
+                        $replcaeCerts = $true
+                    }
+                    $false {
+                        $replcaeCerts = $false
                     }
                 }
             }
-            Break
         }
-        '2' {
-            try {
-                Clear-Variable -Name "ConfirmUser" -ErrorAction Ignore
-            } catch {
-                New-Variable -Name "ConfirmUser" -Value $null
-            }
-            while (-not $confirmUser) {
-                $confirmationUser = Read-Host "Enter the Username of the user (or '@exit' to return to menu)"
-                if ($confirmationUser -eq '@exit') {
-                    break
+
+        switch ($confirmation) {
+            '1' {
+                # process all users, generate certificates for uses who do not yet have a certificate
+                # Get each RadiusMember User:
+                for ($i = 0; $i -lt $JCRRadiusMembers.count; $i++) {
+                    $result = Invoke-UserCertProcess -radiusMember $JCRRadiusMembers[$i] -certType $CertType
+                    Show-RadiusProgress -completedItems ($i + 1) -totalItems $JCRRadiusMembers.count -ActionText "Generating Radius Certificates" -previousOperationResult $result
                 }
-                try {
-                    $confirmUser = Test-UserFromHash -username $confirmationUser -debug
-                } catch {
-                    Write-Warning "User specified $confirmationUser was not found within the Radius Server Membership Lists"
+                switch ($PSCmdlet.ParameterSetName) {
+                    'gui' {
+                        Show-StatusMessage -Message "Finished Generating Certificates"
+                    }
+                    'cli' {
+                        return
+                    }
                 }
             }
-            # Generate a new cert for this user:
-            if (Test-Path -Path "$JCScriptRoot/UserCerts/$($confirmUser.username)-client-signed.pfx") {
-                Do {
-                    $overwrite = Read-Host "do you want to overwrite y/n?"
-                    switch ($overwrite) {
-                        'y' {
-                            Generate-UserCert -CertType $CertType -user $confirmUser -rootCAKey "$JCScriptRoot/Cert/radius_ca_key.pem" -rootCA "$JCScriptRoot/Cert/radius_ca_cert.pem" | Out-Null
-                            Break
-
+            '2' {
+                switch ($PSCmdlet.ParameterSetName) {
+                    'gui' {
+                        try {
+                            Clear-Variable -Name "ConfirmUser" -ErrorAction Ignore
+                        } catch {
+                            New-Variable -Name "ConfirmUser" -Value $null
                         }
-                        'n' {
-                            Write-Host "[status] $($confirmUser.username) already has certs generated... skipping"
-                            Break
-
+                        while (-not $confirmUser) {
+                            $confirmationUser = Read-Host "Enter the Username of the user (or '@exit' to return to menu)"
+                            if ($confirmationUser -eq '@exit') {
+                                break
+                            }
+                            try {
+                                $confirmUser = Test-UserFromHash -username $confirmationUser -debug
+                            } catch {
+                                Write-Warning "User specified $confirmationUser was not found within the Radius Server Membership Lists"
+                            }
                         }
                     }
-                } until (($overwrite -eq "y") -or ($overwrite -eq "n"))
-            } else {
-                # Generate a new cert for this user:
-                Generate-UserCert -CertType $CertType -user $confirmUser -rootCAKey "$JCScriptRoot/Cert/radius_ca_key.pem" -rootCA "$JCScriptRoot/Cert/radius_ca_cert.pem" | Out-Null
-            }
-            # Get the user from the users.json file
-            $userObject, $userIndex = Get-UserFromTable -jsonFilePath "$JCScriptRoot/users.json" -userID $confirmUser.id
-            # set user table:
-            if ($userIndex -ge 0) {
-                Write-Warning "setting existing table for user $($confirmUser.username)"
-                # update the new certificate info & set commandAssociation to $null
-                # TODO: commandAssociation not being set to null
-                $certInfo = Get-CertInfo -UserCerts -username $confirmUser.username
-                # Add the cert info tracking to the object
-                $certInfo | Add-Member -Name 'deployed' -Type NoteProperty -Value $false
-                $certInfo | Add-Member -Name 'deploymentDate' -Type NoteProperty -Value $null
-                Set-UserTable -index $userIndex -certInfoObject $certInfo -commandAssociationsObject $null
-            } else {
-                Write-Warning "setting new table for user $($confirmUser.username)"
-                # Create a new table entry
-                New-UserTable -id $confirmUser.id -username $confirmUser.username -localUsername $confirmUser.systemUsername
-            }
-            # clear the user variable:
-            Clear-Variable "ConfirmUser"
-            Break
-        }
-        '3' {
-            # re-generate new certificates for ALL users
-            foreach ($user in $Global:JCRRadiusMembers.keys) {
-                # Get the user details:
-                $MatchedUser = $GLOBAL:JCRUsers[$user]
-                # Regenerate
-                Generate-UserCert -CertType $CertType -user $MatchedUser -rootCAKey "$JCScriptRoot/Cert/radius_ca_key.pem" -rootCA "$JCScriptRoot/Cert/radius_ca_cert.pem" | Out-Null
-                # Get the user from the users.json file
-                $userObject, $userIndex = Get-UserFromTable -jsonFilePath "$JCScriptRoot/users.json" -userID $MatchedUser.id
-                # set user table:
-                if ($userIndex -ge 0) {
-                    # update the new certificate info & set commandAssociation to $null
-                    # TODO: commandAssociation not being set to null
-                    $certInfo = Get-CertInfo -UserCerts -username $MatchedUser.username
-                    $certInfo | Add-Member -Name 'deployed' -Type NoteProperty -Value $false
-                    $certInfo | Add-Member -Name 'deploymentDate' -Type NoteProperty -Value $null
-                    Set-UserTable -index $userIndex -certInfoObject $certInfo -commandAssociationsObject $null
-                } else {
-                    # Create a new table entry
-                    New-UserTable -id $MatchedUser.id -username $MatchedUser.username -localUsername $MatchedUser.systemUsername
+                    'cli' {
+                        $confirmUser = Test-UserFromHash -username $username -debug
+                    }
+                }
+                if ($confirmUser) {
+                    # Get the userobject + index from users.json
+                    $userObject, $userIndex = Get-UserFromTable -jsonFilePath "$JCScriptRoot/users.json" -userID $confirmUser.id
+                    $result = Invoke-UserCertProcess -radiusMember $userObject -certType $CertType -prompt
+                    Show-RadiusProgress -completedItems $userObject.count  -totalItems $userObject.count -ActionText "Generating Radius Certificates" -previousOperationResult $result
+                }
+                switch ($PSCmdlet.ParameterSetName) {
+                    'gui' {
+                        Show-StatusMessage -Message "Finished Generating Certificates"
+                    }
+                    'cli' {
+                        return
+                    }
                 }
             }
-            Break
-        }
-        '4' {
 
-            do {
-                $overwrite = Read-Host "do you want to overwrite yn?"
-                switch ($overwrite) {
-                    'y' {
-                        foreach ($userCert in $Global:expiringCerts) {
-                            $userArrayIndex = $userArray.username.IndexOf($userCert.username)
-                            $IdentifiedUser = $userArray[$userArrayIndex]
-                            $MatchedUser = $GLOBAL:JCRUsers[$IdentifiedUser.userid]
-                            Generate-UserCert -CertType $CertType -user $MatchedUser -rootCAKey "$JCScriptRoot/Cert/radius_ca_key.pem" -rootCA "$JCScriptRoot/Cert/radius_ca_cert.pem" | Out-Null
-                            # Get the user from the users.json file
-                            $userObject, $userIndex = Get-UserFromTable -jsonFilePath "$JCScriptRoot/users.json" -userID $MatchedUser.id
-                            # set user table:
-                            if ($userIndex -ge 0) {
-                                # update the new certificate info & set commandAssociation to $null
-                                # TODO: commandAssociation not being set to null
-                                $certInfo = Get-CertInfo -UserCerts -username $MatchedUser.username
-                                $certInfo | Add-Member -Name 'deployed' -Type NoteProperty -Value $false
-                                $certInfo | Add-Member -Name 'deploymentDate' -Type NoteProperty -Value $null
-                                Set-UserTable -index $userIndex -certInfoObject $certInfo -commandAssociationsObject $null
-                            } else {
-                                # Create a new table entry
-                                New-UserTable -id $MatchedUser.id -username $MatchedUser.username -localUsername $MatchedUser.systemUsername
+            '3' {
+                # re-generate new certificates for ALL users; will force rewrite all certs
+                switch ($PSCmdlet.ParameterSetName) {
+                    'gui' {
+                        $overwriteExistingCerts = Get-ResponsePrompt -message "Are you confident you want to replace all locally generated user certificates?"
+                        switch ($overwriteExistingCerts) {
+                            $true {
+                                continue
+                            }
+                            $false {
+                                return
                             }
                         }
-                        Break
                     }
-                    'n' {
-                        Write-Host "[status] $($MatchedUser.username) already has certs generated... skipping"
-                        Break
+                }
+                # Get each RadiusMember User:
+                for ($i = 0; $i -lt $JCRRadiusMembers.count; $i++) {
+                    $result = Invoke-UserCertProcess -radiusMember $JCRRadiusMembers[$i] -certType $CertType -forceReplaceCert
+                    Show-RadiusProgress -completedItems ($i + 1) -totalItems $JCRRadiusMembers.count -ActionText "Generating Radius Certificates" -previousOperationResult $result
+                }
+                switch ($PSCmdlet.ParameterSetName) {
+                    'gui' {
+                        Show-StatusMessage -Message "Finished Generating Certificates"
+                    }
+                    'cli' {
+                        return
+                    }
+                }
+            }
+            '4' {
+                # TODO: if there are no certs set to expire in 'x' days inform when pressing this option
+                for ($i = 0; $i -lt $ExpiringCerts.Count; $i++) {
+                    $userCert = $ExpiringCerts[$i]
+                    <# Action that will repeat until the condition is met #>
+                    $userArrayIndex = $userArray.username.IndexOf($userCert.username)
+                    $IdentifiedUser = $userArray[$userArrayIndex]
+                    $result = Invoke-UserCertProcess -radiusMember $IdentifiedUser -certType $CertType -forceReplaceCert
+                    Show-RadiusProgress -completedItems ($i + 1) -totalItems $ExpiringCerts.count -ActionText "Generating Radius Certificates" -previousOperationResult $result
 
+                    # recalculate expiring certs:
+                    $Global:expiringCerts = Get-ExpiringCertInfo -certInfo $userCertInfo -cutoffDate $cutoffDate
+                }
+                switch ($PSCmdlet.ParameterSetName) {
+                    'gui' {
+                        Show-StatusMessage -Message "Finished Generating Certificates"
+                    }
+                    'cli' {
+                        return
                     }
                 }
-            } until (($overwrite -eq "y") -or ($overwrite -eq "n"))
-        }
-        'E' {
-            Write-Host "Returning to main menu"
-        }
-        default {
-            Write-Host "Invalid Choice. Please try again"
-            Break
+            }
+            'E' {
+                Write-Host "Returning to main menu"
+            }
+            default {
+                Write-Host "Invalid Choice. Please try again"
+            }
         }
-    }
-} while ($confirmation -ne 'E')
+
+    } while ($confirmation -ne 'E')
+}
 
 
 
diff --git a/scripts/automation/Radius/Functions/Public/Monitor-CertDeployment.ps1 b/scripts/automation/Radius/Functions/Public/Monitor-CertDeployment.ps1
index 4405a427f..8ab95cec8 100644
--- a/scripts/automation/Radius/Functions/Public/Monitor-CertDeployment.ps1
+++ b/scripts/automation/Radius/Functions/Public/Monitor-CertDeployment.ps1
@@ -1,36 +1,29 @@
-# Import Global Config:
-. "$JCScriptRoot/config.ps1"
-Connect-JCOnline $JCAPIKEY -force
+Function Monitor-CertDeployment {
 
-################################################################################
-# Do not modify below
-################################################################################
-# Import the functions
-Import-Module "$JCScriptRoot/Functions/JCRadiusCertDeployment.psm1" -DisableNameChecking -Force
-# Define jsonData file
-$jsonFile = "$JCScriptRoot/users.json"
 
-# Show user selection
-do {
-    Show-CertDeploymentMenu
-    $option = Read-Host "Please make a selection"
-    switch ($option) {
-        '1' {
-            Get-CommandObjectTable -Detailed -jsonFile $jsonFile
-            Pause
-        } '2' {
-            Get-CommandObjectTable -Failed -jsonFile $jsonFile
-            Pause
-        } '3' {
-            $retryCommands = Invoke-CommandsRetry -jsonFile $jsonFile
-            Pause
-        }
-    }
-} until ($option.ToUpper() -eq 'E')
+    ################################################################################
+    # Do not modify below
+    ################################################################################
+    # Import the functions
+    Import-Module "$JCScriptRoot/Functions/JCRadiusCertDeployment.psm1" -DisableNameChecking -Force
+    # Define jsonData file
+    $jsonFile = "$JCScriptRoot/users.json"
 
-################################################################################
-# If needed you can clear out your command queue with the following commands.
-# Copy and Paste these into a powershell terminal window to clear all queued
-# commands in your org.
-# . "scripts/automation/Radius/RadiusCertFunctions.ps1"
-# Get-JCQueuedCommands | Foreach-Object { Clear-JCQueuedCommand -workflowId $_.id }
+    # Show user selection
+    do {
+        Show-CertDeploymentMenu
+        $option = Read-Host "Please make a selection"
+        switch ($option) {
+            '1' {
+                Get-CommandObjectTable -Detailed -jsonFile $jsonFile
+                Pause
+            } '2' {
+                Get-CommandObjectTable -Failed -jsonFile $jsonFile
+                Pause
+            } '3' {
+                $retryCommands = Invoke-CommandsRetry -jsonFile $jsonFile
+                Pause
+            }
+        }
+    } until ($option.ToUpper() -eq 'E')
+}
diff --git a/scripts/automation/Radius/Start-RadiusDeployment.ps1 b/scripts/automation/Radius/Start-RadiusDeployment.ps1
index 9c1883dd4..a27ee8821 100644
--- a/scripts/automation/Radius/Start-RadiusDeployment.ps1
+++ b/scripts/automation/Radius/Start-RadiusDeployment.ps1
@@ -22,15 +22,15 @@ do {
     $selection = Read-Host "Please make a selection"
     switch ($selection) {
         '1' {
-            . "$JCScriptRoot/Functions/Public/Generate-RootCert.ps1"
+            Generate-RootCert
         } '2' {
-            . "$JCScriptRoot/Functions/Public/Generate-UserCerts.ps1"
+            Generate-UserCerts
         } '3' {
-            . "$JCScriptRoot/Functions/Public/Distribute-UserCerts.ps1"
+            Distribute-UserCerts
         } '4' {
-            . "$JCScriptRoot/Functions/Public/Monitor-CertDeployment.ps1"
+            Monitor-CertDeployment
         } '5' {
-            . "$JCScriptRoot/Functions/Public/Update-JCRData.ps1"
+            Get-JCRGlobalVars -force
         }
     }
     Pause
diff --git a/scripts/automation/Radius/Tests/Invoke-Pester.ps1 b/scripts/automation/Radius/Tests/Invoke-Pester.ps1
new file mode 100644
index 000000000..eefc23f2a
--- /dev/null
+++ b/scripts/automation/Radius/Tests/Invoke-Pester.ps1
@@ -0,0 +1,124 @@
+# InvokePester.ps1 is intended to be called directly as a file-function
+# There are two parameter sets
+
+Param(
+    [Parameter(ParameterSetName = 'SingleOrgTests', Mandatory = $true, ValueFromPipelineByPropertyName = $true, Position = 0)][ValidateNotNullOrEmpty()][System.String]$JumpCloudApiKey
+    , [Parameter(ParameterSetName = 'SingleOrgTests', Mandatory = $false, ValueFromPipelineByPropertyName = $true, Position = 2)][System.String[]]$ExcludeTagList
+    , [Parameter(ParameterSetName = 'SingleOrgTests', Mandatory = $false, ValueFromPipelineByPropertyName = $true, Position = 3)][System.String[]]$IncludeTagList
+)
+
+# Get list of tags and validate that tags have been applied
+$PesterTests = Get-ChildItem -Path:($PSScriptRoot + '/*.Tests.ps1') -Recurse
+$Tags = ForEach ($PesterTest In $PesterTests) {
+    $PesterTestFullName = $PesterTest.FullName
+    $FileContent = Get-Content -Path:($PesterTestFullName)
+    $DescribeLines = $FileContent | Select-String -Pattern:([RegEx]'(Describe)')#.Matches.Value
+    ForEach ($DescribeLine In $DescribeLines) {
+        If ($DescribeLine.Line -match 'Tag') {
+            $TagParameterValue = ($DescribeLine.Line | Select-String -Pattern:([RegEx]'(?<=-Tag)(.*?)(?=\s)')).Matches.Value
+            @(":", "(", ")", "'") | ForEach-Object { If ($TagParameterValue -like ('*' + $_ + '*')) {
+                    $TagParameterValue = $TagParameterValue.Replace($_, '')
+                } }
+            $TagParameterValue
+        } Else {
+            Write-Error ('Tag missing in "' + $PesterTestFullName + '" on line number "' + $DescribeLine.LineNumber + '" value "' + ($DescribeLine.Line).Trim() + '"')
+        }
+    }
+}
+# Filters on tags
+$IncludeTags = If ($IncludeTagList) {
+    $IncludeTagList
+} Else {
+    $Tags | Where-Object { $_ -notin $ExcludeTags } | Select-Object -Unique
+}
+# locally, clear pester run paths if it exists before run:
+If ($PesterRunPaths) {
+    Clear-Variable -Name PesterRunPaths
+}
+# Determine the parameter set path
+
+if ($env:CI) {
+    If ($env:job_group) {
+        # split tests by job group:
+        $PesterTestsPaths = Get-ChildItem -Path $PSScriptRoot -Filter *.Tests.ps1 -Recurse | Where-Object size -GT 0 | Sort-Object -Property Name
+        Write-Host "[Status] $($PesterTestsPaths.count) tests found"
+        $CIindex = @()
+        $numItems = $($PesterTestsPaths.count)
+        $numBuckets = 3
+        $itemsPerBucket = [math]::Floor(($numItems / $numBuckets))
+        $remainder = ($numItems % $numBuckets)
+        $extra = 0
+        for ($i = 0; $i -lt $numBuckets; $i++) {
+            <# Action that will repeat until the condition is met #>
+            if ($i -eq ($numBuckets - 1)) {
+                $extra = $remainder
+            }
+            $indexList = ($itemsPerBucket + $extra)
+            # Write-Host "Container $i contains $indexList items:"
+            $CIIndexList = @()
+            $CIIndexList += for ($k = 0; $k -lt $indexList; $k++) {
+                <# Action that will repeat until the condition is met #>
+                $bucketIndex = $i * $itemsPerBucket
+                # write-host "`$tags[$($bucketIndex + $k)] ="$tags[($bucketIndex + $k)]
+                $PesterTestsPaths[$bucketIndex + $k]
+            }
+            # add to ciIndex Array
+            $CIindex += , ($CIIndexList)
+        }
+        $PesterRunPaths = $CIindex[[int]$($env:job_group)]
+        Write-Host "[status] The following $($($CIindex[[int]$($env:job_group)]).count) tests will be run:"
+        $($CIindex[[int]$($env:job_group)]) | ForEach-Object { Write-Host "$_" }
+    }
+} else {
+    # run setup org locally and set variables
+}
+$env:JCAPIKEY = $JumpCloudApiKey
+Connect-JCOnline -JumpCloudApiKey:($env:JCAPIKEY) -force
+
+if (-Not $PesterRunPaths) {
+    $PesterRunPaths = @(
+        "$PSScriptRoot"
+    )
+}
+# Load private functions
+Write-Host ('[status]Load private functions: ' + "$PSScriptRoot/../Functions/Private/*.ps1")
+Write-Host ('[status]Load public functions: ' + "$PSScriptRoot/../Functions/Public/*.ps1")
+Get-ChildItem -Path:("$PSScriptRoot/../Functions/Private/*.ps1") -Recurse | ForEach-Object { . $_.FullName }
+
+
+# Set the test result directory:
+$PesterResultsFileXmldir = "$PSScriptRoot/test_results/"
+# create the directory if it does not exist:
+if (-not (Test-Path $PesterResultsFileXmldir)) {
+    New-Item -Path $PesterResultsFileXmldir -ItemType Directory
+}
+
+# define pester configuration
+$configuration = New-PesterConfiguration
+$configuration.Run.Path = $PesterRunPaths
+$configuration.Should.ErrorAction = 'Continue'
+$configuration.CodeCoverage.Enabled = $true
+$configuration.testresult.Enabled = $true
+$configuration.testresult.OutputFormat = 'JUnitXml'
+$configuration.Filter.Tag = $IncludeTags
+$configuration.Filter.ExcludeTag = $ExcludeTagList
+$configuration.CodeCoverage.OutputPath = ($PesterResultsFileXmldir + 'coverage.xml')
+$configuration.testresult.OutputPath = ($PesterResultsFileXmldir + 'results.xml')
+
+Write-Host ("[RUN COMMAND] Invoke-Pester -Path:('$PesterRunPaths') -TagFilter:('$($IncludeTags -join "','")') -ExcludeTagFilter:('$($ExcludeTagList -join "','")') -PassThru") -BackgroundColor:('Black') -ForegroundColor:('Magenta')
+# Run Pester tests
+Invoke-Pester -Configuration $configuration
+
+$PesterTestResultPath = (Get-ChildItem -Path:("$($PesterResultsFileXmldir)")).FullName | Where-Object { $_ -match "results.xml" }
+If (Test-Path -Path:($PesterTestResultPath)) {
+    [xml]$PesterResults = Get-Content -Path:($PesterTestResultPath)
+    If ($PesterResults.ChildNodes.failures -gt 0) {
+        Write-Error ("Test Failures: $($PesterResults.ChildNodes.failures)")
+    }
+    If ($PesterResults.ChildNodes.errors -gt 0) {
+        Write-Error ("Test Errors: $($PesterResults.ChildNodes.errors)")
+    }
+} Else {
+    Write-Error ("Unable to find file path: $PesterTestResultPath")
+}
+Write-Host -ForegroundColor Green '-------------Done-------------'
\ No newline at end of file
diff --git a/scripts/automation/Radius/Tests/Public/Distribute-UserCerts.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Distribute-UserCerts.Tests.ps1
new file mode 100644
index 000000000..4b87b2b6e
--- /dev/null
+++ b/scripts/automation/Radius/Tests/Public/Distribute-UserCerts.Tests.ps1
@@ -0,0 +1,9 @@
+Describe 'distribute tests' {
+    context 'certs for all users are generated' {
+        it 'generates certs for all users' {
+            . "/Users/jworkman/Documents/GitHub/support/scripts/automation/Radius/Functions/Public/Distribute-UserCerts.ps1"
+            Distribute-UserCerts -generateType all
+            # validate that the commands were created for valid users
+        }
+    }
+}
\ No newline at end of file
diff --git a/scripts/automation/Radius/readme.md b/scripts/automation/Radius/readme.md
index daa41fd0c..9ae179a61 100644
--- a/scripts/automation/Radius/readme.md
+++ b/scripts/automation/Radius/readme.md
@@ -77,7 +77,7 @@ Change the variable `$JCORGID` to the [organization ID value](https://support.ju
 
 #### Set Your User Group ID
 
-Change the variable `$JCUSERGROUP` to the ID of the JumpCloud user group with access to the Radius server. To get the ID of a user group, navigate to the user group within the JumpCloud Administrator Console.
+Change the variable `$global:JCUSERGROUP` to the ID of the JumpCloud user group with access to the Radius server. To get the ID of a user group, navigate to the user group within the JumpCloud Administrator Console.
 
 After selecting the User Group, view the url for the user group it should look similar to this url:
 `https://console.jumpcloud.com/#/groups/user/5f808a1bb544064831f7c9fb/details`
@@ -182,7 +182,7 @@ After successful import or generation of a self signed CA, the CA's serial numbe
 
 ### User Cert Generation
 
-With the certificate authority generated/ imported, individual user certs can then be generated. The ID of the user group stored as the variable: `$JCUSERGROUP` is used to store JumpCloud users destined for passwordless Radius access. For each user in the group, a `.pfx` certificate will be generated in the `/projectDirectory/Radius/UserCerts/` directory. The user certificates are stored locally and monitored for expiration.
+With the certificate authority generated/ imported, individual user certs can then be generated. The ID of the user group stored as the variable: `$global:JCUSERGROUP` is used to store JumpCloud users destined for passwordless Radius access. For each user in the group, a `.pfx` certificate will be generated in the `/projectDirectory/Radius/UserCerts/` directory. The user certificates are stored locally and monitored for expiration.
 
 If local user certificates are set to expire within 15 days, a notification is displayed on the main menu:
 

From afa5673a787aca94a5de21c0b514810179915a49 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Fri, 5 Jan 2024 14:27:35 -0700
Subject: [PATCH 013/346] move private functions/ create module

---
 .../Deploy-UserCertificate.ps1                |   0
 .../{ => CertDeployment}/Get-CertInfo.ps1     |   0
 .../{ => CertDeployment}/Get-CertKeyPass.ps1  |   0
 .../Get-ExpiringCertInfo.ps1                  |   0
 .../Generate-UserCert.ps1                     |   0
 .../Invoke-UserCertProcess.ps1                |   0
 .../Get-CommandObjectTable.ps1                |   0
 .../Functions/Private/Get-GroupMembership.ps1 |  31 ----
 .../Functions/Private/Get-WebJCUser.ps1       |  33 -----
 .../Functions/Private/Invoke-CommandRun.ps1   |  31 ----
 .../{ => commands}/Clear-JCQueuedCommand.ps1  |   0
 .../{ => commands}/Get-JCQueuedCommands.ps1   |   0
 .../{ => commands}/Invoke-CommandsRetry.ps1   |   0
 .../{ => commands}/New-JCCommandFile.ps1      |   0
 .../Private/{ => menus}/PadCenter.ps1         |   0
 ...serCerts.ps1 => Start-DeployUserCerts.ps1} |   2 +-
 ...ootCert.ps1 => Start-GenerateRootCert.ps1} |   2 +-
 ...rCerts.ps1 => Start-GenerateUserCerts.ps1} |   2 +-
 ...nt.ps1 => Start-MonitorCertDeployment.ps1} |   4 +-
 .../automation/Radius/JumpCloud-Radius.psd1   | 133 ++++++++++++++++++
 ...tDeployment.psm1 => JumpCloud-Radius.psm1} |   6 +-
 .../Radius/Start-RadiusDeployment.ps1         |  10 +-
 .../automation/Radius/Tests/Invoke-Pester.ps1 |   1 -
 .../Public/Distribute-UserCerts.Tests.ps1     |  25 +++-
 .../Tests/Public/Generate-UserCerts.Tests.ps1 |  32 +++++
 .../Radius/Tests/Setup-JCRadiusOrg.ps1        |   0
 26 files changed, 196 insertions(+), 116 deletions(-)
 rename scripts/automation/Radius/Functions/Private/{ => CertDeployment}/Deploy-UserCertificate.ps1 (100%)
 rename scripts/automation/Radius/Functions/Private/{ => CertDeployment}/Get-CertInfo.ps1 (100%)
 rename scripts/automation/Radius/Functions/Private/{ => CertDeployment}/Get-CertKeyPass.ps1 (100%)
 rename scripts/automation/Radius/Functions/Private/{ => CertDeployment}/Get-ExpiringCertInfo.ps1 (100%)
 rename scripts/automation/Radius/Functions/Private/{ => CertGeneration}/Generate-UserCert.ps1 (100%)
 rename scripts/automation/Radius/Functions/Private/{ => CertGeneration}/Invoke-UserCertProcess.ps1 (100%)
 rename scripts/automation/Radius/Functions/Private/{ => CertResults}/Get-CommandObjectTable.ps1 (100%)
 delete mode 100644 scripts/automation/Radius/Functions/Private/Get-GroupMembership.ps1
 delete mode 100644 scripts/automation/Radius/Functions/Private/Get-WebJCUser.ps1
 delete mode 100644 scripts/automation/Radius/Functions/Private/Invoke-CommandRun.ps1
 rename scripts/automation/Radius/Functions/Private/{ => commands}/Clear-JCQueuedCommand.ps1 (100%)
 rename scripts/automation/Radius/Functions/Private/{ => commands}/Get-JCQueuedCommands.ps1 (100%)
 rename scripts/automation/Radius/Functions/Private/{ => commands}/Invoke-CommandsRetry.ps1 (100%)
 rename scripts/automation/Radius/Functions/Private/{ => commands}/New-JCCommandFile.ps1 (100%)
 rename scripts/automation/Radius/Functions/Private/{ => menus}/PadCenter.ps1 (100%)
 rename scripts/automation/Radius/Functions/Public/{Distribute-UserCerts.ps1 => Start-DeployUserCerts.ps1} (99%)
 rename scripts/automation/Radius/Functions/Public/{Generate-RootCert.ps1 => Start-GenerateRootCert.ps1} (99%)
 rename scripts/automation/Radius/Functions/Public/{Generate-UserCerts.ps1 => Start-GenerateUserCerts.ps1} (99%)
 rename scripts/automation/Radius/Functions/Public/{Monitor-CertDeployment.ps1 => Start-MonitorCertDeployment.ps1} (85%)
 create mode 100644 scripts/automation/Radius/JumpCloud-Radius.psd1
 rename scripts/automation/Radius/{Functions/JCRadiusCertDeployment.psm1 => JumpCloud-Radius.psm1} (78%)
 create mode 100644 scripts/automation/Radius/Tests/Public/Generate-UserCerts.Tests.ps1
 create mode 100644 scripts/automation/Radius/Tests/Setup-JCRadiusOrg.ps1

diff --git a/scripts/automation/Radius/Functions/Private/Deploy-UserCertificate.ps1 b/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
similarity index 100%
rename from scripts/automation/Radius/Functions/Private/Deploy-UserCertificate.ps1
rename to scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
diff --git a/scripts/automation/Radius/Functions/Private/Get-CertInfo.ps1 b/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1
similarity index 100%
rename from scripts/automation/Radius/Functions/Private/Get-CertInfo.ps1
rename to scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1
diff --git a/scripts/automation/Radius/Functions/Private/Get-CertKeyPass.ps1 b/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertKeyPass.ps1
similarity index 100%
rename from scripts/automation/Radius/Functions/Private/Get-CertKeyPass.ps1
rename to scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertKeyPass.ps1
diff --git a/scripts/automation/Radius/Functions/Private/Get-ExpiringCertInfo.ps1 b/scripts/automation/Radius/Functions/Private/CertDeployment/Get-ExpiringCertInfo.ps1
similarity index 100%
rename from scripts/automation/Radius/Functions/Private/Get-ExpiringCertInfo.ps1
rename to scripts/automation/Radius/Functions/Private/CertDeployment/Get-ExpiringCertInfo.ps1
diff --git a/scripts/automation/Radius/Functions/Private/Generate-UserCert.ps1 b/scripts/automation/Radius/Functions/Private/CertGeneration/Generate-UserCert.ps1
similarity index 100%
rename from scripts/automation/Radius/Functions/Private/Generate-UserCert.ps1
rename to scripts/automation/Radius/Functions/Private/CertGeneration/Generate-UserCert.ps1
diff --git a/scripts/automation/Radius/Functions/Private/Invoke-UserCertProcess.ps1 b/scripts/automation/Radius/Functions/Private/CertGeneration/Invoke-UserCertProcess.ps1
similarity index 100%
rename from scripts/automation/Radius/Functions/Private/Invoke-UserCertProcess.ps1
rename to scripts/automation/Radius/Functions/Private/CertGeneration/Invoke-UserCertProcess.ps1
diff --git a/scripts/automation/Radius/Functions/Private/Get-CommandObjectTable.ps1 b/scripts/automation/Radius/Functions/Private/CertResults/Get-CommandObjectTable.ps1
similarity index 100%
rename from scripts/automation/Radius/Functions/Private/Get-CommandObjectTable.ps1
rename to scripts/automation/Radius/Functions/Private/CertResults/Get-CommandObjectTable.ps1
diff --git a/scripts/automation/Radius/Functions/Private/Get-GroupMembership.ps1 b/scripts/automation/Radius/Functions/Private/Get-GroupMembership.ps1
deleted file mode 100644
index 64ef1cdb0..000000000
--- a/scripts/automation/Radius/Functions/Private/Get-GroupMembership.ps1
+++ /dev/null
@@ -1,31 +0,0 @@
-function get-GroupMembership {
-    [CmdletBinding()]
-    param (
-        [Parameter(Mandatory = $true)]
-        [system.string]
-        $groupID
-    )
-    begin {
-        $skip = 0
-        $limit = 100
-        $headers = @{
-            "x-api-key" = $JCAPIKEY
-            "x-org-id"  = $JCORGID
-        }
-        $paginate = $true
-        $list = @()
-    }
-    process {
-        while ($paginate) {
-            $response = Invoke-RestMethod -Uri "https://console.jumpcloud.com/api/v2/usergroups/$groupID/membership?limit=$limit&skip=$skip" -Method GET -Headers $headers
-            $list += $response
-            $skip += $limit
-            if ($response.count -lt $limit) {
-                $paginate = $false
-            }
-        }
-    }
-    end {
-        return $list
-    }
-}
\ No newline at end of file
diff --git a/scripts/automation/Radius/Functions/Private/Get-WebJCUser.ps1 b/scripts/automation/Radius/Functions/Private/Get-WebJCUser.ps1
deleted file mode 100644
index 06928e950..000000000
--- a/scripts/automation/Radius/Functions/Private/Get-WebJCUser.ps1
+++ /dev/null
@@ -1,33 +0,0 @@
-function get-webjcuser {
-    [CmdletBinding()]
-    param (
-        [Parameter(Mandatory = $true)]
-        [system.string]
-        $userID
-    )
-    begin {
-        $headers = @{
-            "x-api-key" = $JCAPIKEY
-            "x-org-id"  = $JCORGID
-        }
-    }
-    process {
-        $response = Invoke-RestMethod -Uri "https://console.jumpcloud.com/api/systemusers/$userID" -Method GET -Headers $headers
-        $userObj = [PSCustomObject]@{
-            # If the localUserAccount field is set, use that for username, otherwise use JC username
-            hasLocalUsername = $(if ([string]::IsNullOrEmpty($response.systemUsername)) {
-                    $false
-                } else {
-                    $true
-                })
-            username         = $response.username
-            localUsername    = $response.systemUsername
-
-            id               = $response._id
-            email            = $response.email
-        }
-    }
-    end {
-        return $userObj
-    }
-}
\ No newline at end of file
diff --git a/scripts/automation/Radius/Functions/Private/Invoke-CommandRun.ps1 b/scripts/automation/Radius/Functions/Private/Invoke-CommandRun.ps1
deleted file mode 100644
index 4bfe0ae96..000000000
--- a/scripts/automation/Radius/Functions/Private/Invoke-CommandRun.ps1
+++ /dev/null
@@ -1,31 +0,0 @@
-function Invoke-CommandRun {
-    [CmdletBinding()]
-    param (
-        [Parameter(Mandatory = $true)]
-        [System.String]
-        $commandID
-    )
-    begin {
-        if ($commandID.length -ne 24) {
-            throw "Supplied CommandID is not of the correct length"
-        }
-    }
-    process {
-        $headers = @{
-            'x-api-key'    = $Env:JCApiKey
-            'x-org-id'     = $Env:JCOrgId
-            "content-type" = "application/json"
-        }
-        $body = @{
-            _id = $commandID
-        } | ConvertTo-Json
-        $response = Invoke-RestMethod -Uri 'https://console.jumpcloud.com/api/runCommand' -Method POST -Headers $headers -ContentType 'application/json' -Body $body -UserAgent $UserAgent
-    }
-    end {
-        if (!$response.queueIds) {
-            Throw "Command with ID: $commandID could not be triggered"
-        }
-
-    }
-
-}
\ No newline at end of file
diff --git a/scripts/automation/Radius/Functions/Private/Clear-JCQueuedCommand.ps1 b/scripts/automation/Radius/Functions/Private/commands/Clear-JCQueuedCommand.ps1
similarity index 100%
rename from scripts/automation/Radius/Functions/Private/Clear-JCQueuedCommand.ps1
rename to scripts/automation/Radius/Functions/Private/commands/Clear-JCQueuedCommand.ps1
diff --git a/scripts/automation/Radius/Functions/Private/Get-JCQueuedCommands.ps1 b/scripts/automation/Radius/Functions/Private/commands/Get-JCQueuedCommands.ps1
similarity index 100%
rename from scripts/automation/Radius/Functions/Private/Get-JCQueuedCommands.ps1
rename to scripts/automation/Radius/Functions/Private/commands/Get-JCQueuedCommands.ps1
diff --git a/scripts/automation/Radius/Functions/Private/Invoke-CommandsRetry.ps1 b/scripts/automation/Radius/Functions/Private/commands/Invoke-CommandsRetry.ps1
similarity index 100%
rename from scripts/automation/Radius/Functions/Private/Invoke-CommandsRetry.ps1
rename to scripts/automation/Radius/Functions/Private/commands/Invoke-CommandsRetry.ps1
diff --git a/scripts/automation/Radius/Functions/Private/New-JCCommandFile.ps1 b/scripts/automation/Radius/Functions/Private/commands/New-JCCommandFile.ps1
similarity index 100%
rename from scripts/automation/Radius/Functions/Private/New-JCCommandFile.ps1
rename to scripts/automation/Radius/Functions/Private/commands/New-JCCommandFile.ps1
diff --git a/scripts/automation/Radius/Functions/Private/PadCenter.ps1 b/scripts/automation/Radius/Functions/Private/menus/PadCenter.ps1
similarity index 100%
rename from scripts/automation/Radius/Functions/Private/PadCenter.ps1
rename to scripts/automation/Radius/Functions/Private/menus/PadCenter.ps1
diff --git a/scripts/automation/Radius/Functions/Public/Distribute-UserCerts.ps1 b/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1
similarity index 99%
rename from scripts/automation/Radius/Functions/Public/Distribute-UserCerts.ps1
rename to scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1
index c8db039bd..27da419a7 100644
--- a/scripts/automation/Radius/Functions/Public/Distribute-UserCerts.ps1
+++ b/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1
@@ -1,5 +1,5 @@
 
-function Distribute-UserCerts {
+function Start-DeployUserCerts {
     [CmdletBinding(DefaultParameterSetName = 'gui')]
     param (
         # Type of certs to distribute, All, New or byUsername
diff --git a/scripts/automation/Radius/Functions/Public/Generate-RootCert.ps1 b/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1
similarity index 99%
rename from scripts/automation/Radius/Functions/Public/Generate-RootCert.ps1
rename to scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1
index fd3570667..49e6e4bc4 100644
--- a/scripts/automation/Radius/Functions/Public/Generate-RootCert.ps1
+++ b/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1
@@ -1,4 +1,4 @@
-Function Generate-RootCert {
+Function Start-GenerateRootCert {
     [CmdletBinding(DefaultParameterSetName = 'gui')]
     param (
         # Force invoke commands after generation
diff --git a/scripts/automation/Radius/Functions/Public/Generate-UserCerts.ps1 b/scripts/automation/Radius/Functions/Public/Start-GenerateUserCerts.ps1
similarity index 99%
rename from scripts/automation/Radius/Functions/Public/Generate-UserCerts.ps1
rename to scripts/automation/Radius/Functions/Public/Start-GenerateUserCerts.ps1
index 642c3625d..59d1ee490 100644
--- a/scripts/automation/Radius/Functions/Public/Generate-UserCerts.ps1
+++ b/scripts/automation/Radius/Functions/Public/Start-GenerateUserCerts.ps1
@@ -1,5 +1,5 @@
 # todo: rename to be PS-ApprovedVerb "New-UserCert"
-function Generate-UserCerts {
+function Start-GenerateUserCerts {
     [CmdletBinding(DefaultParameterSetName = 'gui')]
     param (
         # Type of certs to distribute, All, New or byUsername
diff --git a/scripts/automation/Radius/Functions/Public/Monitor-CertDeployment.ps1 b/scripts/automation/Radius/Functions/Public/Start-MonitorCertDeployment.ps1
similarity index 85%
rename from scripts/automation/Radius/Functions/Public/Monitor-CertDeployment.ps1
rename to scripts/automation/Radius/Functions/Public/Start-MonitorCertDeployment.ps1
index 8ab95cec8..5a666d413 100644
--- a/scripts/automation/Radius/Functions/Public/Monitor-CertDeployment.ps1
+++ b/scripts/automation/Radius/Functions/Public/Start-MonitorCertDeployment.ps1
@@ -1,11 +1,11 @@
-Function Monitor-CertDeployment {
+Function Start-CertDeploymentMonitoring {
 
 
     ################################################################################
     # Do not modify below
     ################################################################################
     # Import the functions
-    Import-Module "$JCScriptRoot/Functions/JCRadiusCertDeployment.psm1" -DisableNameChecking -Force
+    # Import-Module "$JCScriptRoot/Functions/JCRadiusCertDeployment.psm1" -DisableNameChecking -Force
     # Define jsonData file
     $jsonFile = "$JCScriptRoot/users.json"
 
diff --git a/scripts/automation/Radius/JumpCloud-Radius.psd1 b/scripts/automation/Radius/JumpCloud-Radius.psd1
new file mode 100644
index 000000000..70274b1bd
--- /dev/null
+++ b/scripts/automation/Radius/JumpCloud-Radius.psd1
@@ -0,0 +1,133 @@
+#
+# Module manifest for module 'JumpCloud-Radius'
+#
+# Generated by: jworkman
+#
+# Generated on: 1/5/2024
+#
+
+@{
+
+# Script module or binary module file associated with this manifest.
+# RootModule = ''
+
+# Version number of this module.
+ModuleVersion = '0.0.1'
+
+# Supported PSEditions
+# CompatiblePSEditions = @()
+
+# ID used to uniquely identify this module
+GUID = '71bfaf58-3326-4512-9a7f-a2d9dc19d6b5'
+
+# Author of this module
+Author = 'jworkman'
+
+# Company or vendor of this module
+CompanyName = 'Unknown'
+
+# Copyright statement for this module
+Copyright = '(c) jworkman. All rights reserved.'
+
+# Description of the functionality provided by this module
+# Description = ''
+
+# Minimum version of the PowerShell engine required by this module
+# PowerShellVersion = ''
+
+# Name of the PowerShell host required by this module
+# PowerShellHostName = ''
+
+# Minimum version of the PowerShell host required by this module
+# PowerShellHostVersion = ''
+
+# Minimum version of Microsoft .NET Framework required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
+# DotNetFrameworkVersion = ''
+
+# Minimum version of the common language runtime (CLR) required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
+# ClrVersion = ''
+
+# Processor architecture (None, X86, Amd64) required by this module
+# ProcessorArchitecture = ''
+
+# Modules that must be imported into the global environment prior to importing this module
+# RequiredModules = @()
+
+# Assemblies that must be loaded prior to importing this module
+# RequiredAssemblies = @()
+
+# Script files (.ps1) that are run in the caller's environment prior to importing this module.
+# ScriptsToProcess = @()
+
+# Type files (.ps1xml) to be loaded when importing this module
+# TypesToProcess = @()
+
+# Format files (.ps1xml) to be loaded when importing this module
+# FormatsToProcess = @()
+
+# Modules to import as nested modules of the module specified in RootModule/ModuleToProcess
+# NestedModules = @()
+
+# Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export.
+FunctionsToExport = 'Start-DeployUserCerts', 'Start-GenerateRootCert', 
+               'Start-GenerateUserCerts', 'Start-MonitorCertDeployment'
+
+# Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export.
+CmdletsToExport = @()
+
+# Variables to export from this module
+VariablesToExport = '*'
+
+# Aliases to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no aliases to export.
+AliasesToExport = @()
+
+# DSC resources to export from this module
+# DscResourcesToExport = @()
+
+# List of all modules packaged with this module
+# ModuleList = @()
+
+# List of all files packaged with this module
+# FileList = @()
+
+# Private data to pass to the module specified in RootModule/ModuleToProcess. This may also contain a PSData hashtable with additional module metadata used by PowerShell.
+PrivateData = @{
+
+    PSData = @{
+
+        # Tags applied to this module. These help with module discovery in online galleries.
+        # Tags = @()
+
+        # A URL to the license for this module.
+        # LicenseUri = ''
+
+        # A URL to the main website for this project.
+        # ProjectUri = ''
+
+        # A URL to an icon representing this module.
+        # IconUri = ''
+
+        # ReleaseNotes of this module
+        # ReleaseNotes = ''
+
+        # Prerelease string of this module
+        # Prerelease = ''
+
+        # Flag to indicate whether the module requires explicit user acceptance for install/update/save
+        # RequireLicenseAcceptance = $false
+
+        # External dependent modules of this module
+        # ExternalModuleDependencies = @()
+
+    } # End of PSData hashtable
+
+} # End of PrivateData hashtable
+
+# HelpInfo URI of this module
+# HelpInfoURI = ''
+
+# Default prefix for commands exported from this module. Override the default prefix using Import-Module -Prefix.
+# DefaultCommandPrefix = ''
+
+}
+
diff --git a/scripts/automation/Radius/Functions/JCRadiusCertDeployment.psm1 b/scripts/automation/Radius/JumpCloud-Radius.psm1
similarity index 78%
rename from scripts/automation/Radius/Functions/JCRadiusCertDeployment.psm1
rename to scripts/automation/Radius/JumpCloud-Radius.psm1
index 8432ab694..c5207aa47 100644
--- a/scripts/automation/Radius/Functions/JCRadiusCertDeployment.psm1
+++ b/scripts/automation/Radius/JumpCloud-Radius.psm1
@@ -1,5 +1,5 @@
 # Load all functions from private folders
-$Private = @( Get-ChildItem -Path "$PSScriptRoot/Private/*.ps1" -Recurse)
+$Private = @( Get-ChildItem -Path "$PSScriptRoot/Functions/Private/*.ps1" -Recurse)
 Foreach ($Import in $Private) {
     Try {
         . $Import.FullName
@@ -9,7 +9,7 @@ Foreach ($Import in $Private) {
 }
 
 # Load all public functions:
-$Private = @( Get-ChildItem -Path "$PSScriptRoot/Public/*.ps1" -Recurse)
+$Private = @( Get-ChildItem -Path "$PSScriptRoot/Functions/Public/*.ps1" -Recurse)
 Foreach ($Import in $Private) {
     Try {
         . $Import.FullName
@@ -21,7 +21,7 @@ Foreach ($Import in $Private) {
 # setup:
 # build required users.json file:
 # set script root:
-$global:JCScriptRoot = "$PSScriptRoot/../"
+$global:JCScriptRoot = "$PSScriptRoot"
 
 # import config:
 . "$JCScriptRoot/config.ps1"
diff --git a/scripts/automation/Radius/Start-RadiusDeployment.ps1 b/scripts/automation/Radius/Start-RadiusDeployment.ps1
index a27ee8821..55b2626d1 100644
--- a/scripts/automation/Radius/Start-RadiusDeployment.ps1
+++ b/scripts/automation/Radius/Start-RadiusDeployment.ps1
@@ -13,7 +13,7 @@ if ($JCAPIKEY.length -ne 40) {
 $global:JCScriptRoot = $PSScriptRoot
 
 # Import the functions
-Import-Module "$JCScriptRoot/Functions/JCRadiusCertDeployment.psm1" -DisableNameChecking -Force
+Import-Module "$JCScriptRoot/JumpCloud-Radius.psm1" -DisableNameChecking -Force
 
 # Show user selection
 do {
@@ -22,13 +22,13 @@ do {
     $selection = Read-Host "Please make a selection"
     switch ($selection) {
         '1' {
-            Generate-RootCert
+            Start-GenerateRootCert
         } '2' {
-            Generate-UserCerts
+            Start-GenerateUserCerts
         } '3' {
-            Distribute-UserCerts
+            Start-DeployUserCerts
         } '4' {
-            Monitor-CertDeployment
+            Start-MonitorCertDeployment
         } '5' {
             Get-JCRGlobalVars -force
         }
diff --git a/scripts/automation/Radius/Tests/Invoke-Pester.ps1 b/scripts/automation/Radius/Tests/Invoke-Pester.ps1
index eefc23f2a..41b6036f5 100644
--- a/scripts/automation/Radius/Tests/Invoke-Pester.ps1
+++ b/scripts/automation/Radius/Tests/Invoke-Pester.ps1
@@ -1,6 +1,5 @@
 # InvokePester.ps1 is intended to be called directly as a file-function
 # There are two parameter sets
-
 Param(
     [Parameter(ParameterSetName = 'SingleOrgTests', Mandatory = $true, ValueFromPipelineByPropertyName = $true, Position = 0)][ValidateNotNullOrEmpty()][System.String]$JumpCloudApiKey
     , [Parameter(ParameterSetName = 'SingleOrgTests', Mandatory = $false, ValueFromPipelineByPropertyName = $true, Position = 2)][System.String[]]$ExcludeTagList
diff --git a/scripts/automation/Radius/Tests/Public/Distribute-UserCerts.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Distribute-UserCerts.Tests.ps1
index 4b87b2b6e..ad6c1ba55 100644
--- a/scripts/automation/Radius/Tests/Public/Distribute-UserCerts.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Distribute-UserCerts.Tests.ps1
@@ -1,9 +1,20 @@
-Describe 'distribute tests' {
-    context 'certs for all users are generated' {
-        it 'generates certs for all users' {
-            . "/Users/jworkman/Documents/GitHub/support/scripts/automation/Radius/Functions/Public/Distribute-UserCerts.ps1"
-            Distribute-UserCerts -generateType all
-            # validate that the commands were created for valid users
-        }
+Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
+    Context 'Distribute all certificates for all users forcibly' {
+
+    }
+    Context 'Distribute all certificates for all users without invoking' {
+
+    }
+    Context 'Distribute new certificates for new users forcibly' {
+
+    }
+    Context 'Distribute new certificates for new users without invoking' {
+
+    }
+    Context 'Distribute new certificates for a single user forcibly' {
+
+    }
+    Context 'Distribute new certificates for a single user without invoking' {
+
     }
 }
\ No newline at end of file
diff --git a/scripts/automation/Radius/Tests/Public/Generate-UserCerts.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Generate-UserCerts.Tests.ps1
new file mode 100644
index 000000000..8a3d6231b
--- /dev/null
+++ b/scripts/automation/Radius/Tests/Public/Generate-UserCerts.Tests.ps1
@@ -0,0 +1,32 @@
+Describe 'Generate User Cert Tests' -Tag "Generate" {
+    Context 'Certs forcibly re-generated for all users' {
+        It 'Certs re-generated have actually been re-written for all users' {
+            . "/Users/jworkman/Documents/GitHub/support/scripts/automation/Radius/Functions/Public/Distribute-UserCerts.ps1"
+            $timeBefore = (Get-Date).ToString('MM/dd/yyyy HH:mm:ss')
+            $certsBefore = Get-CertInfo -UserCerts
+            # wait one second.
+            Start-Sleep 1
+            Generate-UserCerts -type All -forceReplaceCerts
+            # validate that the commands were created for valid users
+            # Get Certs
+            $certs = Get-CertInfo -UserCerts
+            foreach ($cert in $certs) {
+                $matchingBeforeCert = $certsBefore | Where-Object { $username -eq $cert.username }
+                # Each cert should have a generated date -gt the $timeBefore
+                $cert.generated | should -BeGreaterThan $timeBefore
+                $cert.generated | should -BeGreaterThan $matchingBeforeCert.generated
+                $cert.serial | should -Not -Be $matchingBeforeCert.serial
+                $cert.sha1 | should -Not -Be $matchingBeforeCert.sha1
+            }
+        }
+    }
+    Context 'Certs generated for newly added users' {
+
+    }
+    Context 'Certs generated for users whos cert is set to exipre soon' {
+
+    }
+    Context 'Certs generated by username' {
+
+    }
+}
\ No newline at end of file
diff --git a/scripts/automation/Radius/Tests/Setup-JCRadiusOrg.ps1 b/scripts/automation/Radius/Tests/Setup-JCRadiusOrg.ps1
new file mode 100644
index 000000000..e69de29bb

From ecf489ddb545d76e8b71d0432116d428d4dfb6d3 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Mon, 8 Jan 2024 11:11:30 -0700
Subject: [PATCH 014/346] cleanup module

---
 scripts/automation/Radius/Changelog.md        |  17 ++
 .../CertGeneration/Invoke-UserCertProcess.ps1 |   1 -
 .../Public/Start-GenerateUserCerts.ps1        |   9 +-
 .../Public/Start-MonitorCertDeployment.ps1    |   2 +-
 .../automation/Radius/JumpCloud-Radius.psd1   | 160 +++++++++---------
 .../automation/Radius/JumpCloud-Radius.psm1   |   5 +-
 .../Radius/Start-RadiusDeployment.ps1         |   3 +-
 ...ts.ps1 => Start-DeployUserCerts.Tests.ps1} |   0
 ....ps1 => Start-GenerateUserCerts.Tests.ps1} |   1 +
 9 files changed, 112 insertions(+), 86 deletions(-)
 rename scripts/automation/Radius/Tests/Public/{Distribute-UserCerts.Tests.ps1 => Start-DeployUserCerts.Tests.ps1} (100%)
 rename scripts/automation/Radius/Tests/Public/{Generate-UserCerts.Tests.ps1 => Start-GenerateUserCerts.Tests.ps1} (98%)

diff --git a/scripts/automation/Radius/Changelog.md b/scripts/automation/Radius/Changelog.md
index 99182cdb4..1447b7e98 100644
--- a/scripts/automation/Radius/Changelog.md
+++ b/scripts/automation/Radius/Changelog.md
@@ -1,3 +1,20 @@
+## 2.0.0
+
+Release Date: January 5, 2024
+
+#### RELEASE NOTES
+
+```
+This release offers a significant overhaul for the Radius Cert Deployment tool, many new underlying functions have been introducted to reduce the number of required API calls. Most notably, the tool will cache data from an organization on load.
+```
+
+#### Features:
+
+- Added an option to both generate and deploy radius certificates by username
+- Association data is cached up front rather than gathered throughout the script, offering performance improvements for organizations with a large number of radius users
+- Added ability to run each public function headless in order to automate cert generation and distribution
+- Added an table to keep track of generated/ deployed certificates when using the tool
+
 ## 1.1.0
 
 Release Date: December 13, 2023
diff --git a/scripts/automation/Radius/Functions/Private/CertGeneration/Invoke-UserCertProcess.ps1 b/scripts/automation/Radius/Functions/Private/CertGeneration/Invoke-UserCertProcess.ps1
index f5c3c3a81..f40465976 100644
--- a/scripts/automation/Radius/Functions/Private/CertGeneration/Invoke-UserCertProcess.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertGeneration/Invoke-UserCertProcess.ps1
@@ -53,7 +53,6 @@ Function Invoke-UserCertProcess {
                     }
                 }
                 if ($prompt) {
-
                     $writeCert = Get-ResponsePrompt -message "A certifcate already exists for user: $($matchedUser.username) do you want to re-generate this certificate?"
                     switch ($writeCert) {
                         $true {
diff --git a/scripts/automation/Radius/Functions/Public/Start-GenerateUserCerts.ps1 b/scripts/automation/Radius/Functions/Public/Start-GenerateUserCerts.ps1
index 59d1ee490..3b7eeb6ac 100644
--- a/scripts/automation/Radius/Functions/Public/Start-GenerateUserCerts.ps1
+++ b/scripts/automation/Radius/Functions/Public/Start-GenerateUserCerts.ps1
@@ -117,7 +117,14 @@ function Start-GenerateUserCerts {
                 if ($confirmUser) {
                     # Get the userobject + index from users.json
                     $userObject, $userIndex = Get-UserFromTable -jsonFilePath "$JCScriptRoot/users.json" -userID $confirmUser.id
-                    $result = Invoke-UserCertProcess -radiusMember $userObject -certType $CertType -prompt
+                    switch ($forceReplaceCerts) {
+                        $true {
+                            $result = Invoke-UserCertProcess -radiusMember $userObject -certType $CertType -forceReplaceCert
+                        }
+                        $false {
+                            $result = Invoke-UserCertProcess -radiusMember $userObject -certType $CertType
+                        }
+                    }
                     Show-RadiusProgress -completedItems $userObject.count  -totalItems $userObject.count -ActionText "Generating Radius Certificates" -previousOperationResult $result
                 }
                 switch ($PSCmdlet.ParameterSetName) {
diff --git a/scripts/automation/Radius/Functions/Public/Start-MonitorCertDeployment.ps1 b/scripts/automation/Radius/Functions/Public/Start-MonitorCertDeployment.ps1
index 5a666d413..bdd0cc1f8 100644
--- a/scripts/automation/Radius/Functions/Public/Start-MonitorCertDeployment.ps1
+++ b/scripts/automation/Radius/Functions/Public/Start-MonitorCertDeployment.ps1
@@ -1,4 +1,4 @@
-Function Start-CertDeploymentMonitoring {
+Function Start-MonitorCertDeployment {
 
 
     ################################################################################
diff --git a/scripts/automation/Radius/JumpCloud-Radius.psd1 b/scripts/automation/Radius/JumpCloud-Radius.psd1
index 70274b1bd..991a773ee 100644
--- a/scripts/automation/Radius/JumpCloud-Radius.psd1
+++ b/scripts/automation/Radius/JumpCloud-Radius.psd1
@@ -8,126 +8,126 @@
 
 @{
 
-# Script module or binary module file associated with this manifest.
-# RootModule = ''
+    # Script module or binary module file associated with this manifest.
+    RootModule        = 'JumpCloud-Radius.psm1'
 
-# Version number of this module.
-ModuleVersion = '0.0.1'
+    # Version number of this module.
+    ModuleVersion     = '2.0.0'
 
-# Supported PSEditions
-# CompatiblePSEditions = @()
+    # Supported PSEditions
+    # CompatiblePSEditions = @()
 
-# ID used to uniquely identify this module
-GUID = '71bfaf58-3326-4512-9a7f-a2d9dc19d6b5'
+    # ID used to uniquely identify this module
+    GUID              = '71bfaf58-3326-4512-9a7f-a2d9dc19d6b5'
 
-# Author of this module
-Author = 'jworkman'
+    # Author of this module
+    Author            = 'jworkman'
 
-# Company or vendor of this module
-CompanyName = 'Unknown'
+    # Company or vendor of this module
+    CompanyName       = 'Unknown'
 
-# Copyright statement for this module
-Copyright = '(c) jworkman. All rights reserved.'
+    # Copyright statement for this module
+    Copyright         = '(c) jworkman. All rights reserved.'
 
-# Description of the functionality provided by this module
-# Description = ''
+    # Description of the functionality provided by this module
+    # Description = ''
 
-# Minimum version of the PowerShell engine required by this module
-# PowerShellVersion = ''
+    # Minimum version of the PowerShell engine required by this module
+    PowerShellVersion = '7.0.0'
 
-# Name of the PowerShell host required by this module
-# PowerShellHostName = ''
+    # Name of the PowerShell host required by this module
+    # PowerShellHostName = ''
 
-# Minimum version of the PowerShell host required by this module
-# PowerShellHostVersion = ''
+    # Minimum version of the PowerShell host required by this module
+    # PowerShellHostVersion = ''
 
-# Minimum version of Microsoft .NET Framework required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
-# DotNetFrameworkVersion = ''
+    # Minimum version of Microsoft .NET Framework required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
+    # DotNetFrameworkVersion = ''
 
-# Minimum version of the common language runtime (CLR) required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
-# ClrVersion = ''
+    # Minimum version of the common language runtime (CLR) required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
+    # ClrVersion = ''
 
-# Processor architecture (None, X86, Amd64) required by this module
-# ProcessorArchitecture = ''
+    # Processor architecture (None, X86, Amd64) required by this module
+    # ProcessorArchitecture = ''
 
-# Modules that must be imported into the global environment prior to importing this module
-# RequiredModules = @()
+    # Modules that must be imported into the global environment prior to importing this module
+    RequiredModules   = @('JumpCloud')
 
-# Assemblies that must be loaded prior to importing this module
-# RequiredAssemblies = @()
+    # Assemblies that must be loaded prior to importing this module
+    # RequiredAssemblies = @()
 
-# Script files (.ps1) that are run in the caller's environment prior to importing this module.
-# ScriptsToProcess = @()
+    # Script files (.ps1) that are run in the caller's environment prior to importing this module.
+    # ScriptsToProcess = @()
 
-# Type files (.ps1xml) to be loaded when importing this module
-# TypesToProcess = @()
+    # Type files (.ps1xml) to be loaded when importing this module
+    # TypesToProcess = @()
 
-# Format files (.ps1xml) to be loaded when importing this module
-# FormatsToProcess = @()
+    # Format files (.ps1xml) to be loaded when importing this module
+    # FormatsToProcess = @()
 
-# Modules to import as nested modules of the module specified in RootModule/ModuleToProcess
-# NestedModules = @()
+    # Modules to import as nested modules of the module specified in RootModule/ModuleToProcess
+    # NestedModules = @()
 
-# Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export.
-FunctionsToExport = 'Start-DeployUserCerts', 'Start-GenerateRootCert', 
-               'Start-GenerateUserCerts', 'Start-MonitorCertDeployment'
+    # Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export.
+    FunctionsToExport = 'Start-DeployUserCerts', 'Start-GenerateRootCert',
+    'Start-GenerateUserCerts', 'Start-MonitorCertDeployment'
 
-# Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export.
-CmdletsToExport = @()
+    # Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export.
+    CmdletsToExport   = @()
 
-# Variables to export from this module
-VariablesToExport = '*'
+    # Variables to export from this module
+    VariablesToExport = '*'
 
-# Aliases to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no aliases to export.
-AliasesToExport = @()
+    # Aliases to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no aliases to export.
+    AliasesToExport   = @()
 
-# DSC resources to export from this module
-# DscResourcesToExport = @()
+    # DSC resources to export from this module
+    # DscResourcesToExport = @()
 
-# List of all modules packaged with this module
-# ModuleList = @()
+    # List of all modules packaged with this module
+    # ModuleList = @()
 
-# List of all files packaged with this module
-# FileList = @()
+    # List of all files packaged with this module
+    # FileList = @()
 
-# Private data to pass to the module specified in RootModule/ModuleToProcess. This may also contain a PSData hashtable with additional module metadata used by PowerShell.
-PrivateData = @{
+    # Private data to pass to the module specified in RootModule/ModuleToProcess. This may also contain a PSData hashtable with additional module metadata used by PowerShell.
+    PrivateData       = @{
 
-    PSData = @{
+        PSData = @{
 
-        # Tags applied to this module. These help with module discovery in online galleries.
-        # Tags = @()
+            # Tags applied to this module. These help with module discovery in online galleries.
+            # Tags = @()
 
-        # A URL to the license for this module.
-        # LicenseUri = ''
+            # A URL to the license for this module.
+            # LicenseUri = ''
 
-        # A URL to the main website for this project.
-        # ProjectUri = ''
+            # A URL to the main website for this project.
+            # ProjectUri = ''
 
-        # A URL to an icon representing this module.
-        # IconUri = ''
+            # A URL to an icon representing this module.
+            # IconUri = ''
 
-        # ReleaseNotes of this module
-        # ReleaseNotes = ''
+            # ReleaseNotes of this module
+            # ReleaseNotes = ''
 
-        # Prerelease string of this module
-        # Prerelease = ''
+            # Prerelease string of this module
+            # Prerelease = ''
 
-        # Flag to indicate whether the module requires explicit user acceptance for install/update/save
-        # RequireLicenseAcceptance = $false
+            # Flag to indicate whether the module requires explicit user acceptance for install/update/save
+            # RequireLicenseAcceptance = $false
 
-        # External dependent modules of this module
-        # ExternalModuleDependencies = @()
+            # External dependent modules of this module
+            # ExternalModuleDependencies = @()
 
-    } # End of PSData hashtable
+        } # End of PSData hashtable
 
-} # End of PrivateData hashtable
+    } # End of PrivateData hashtable
 
-# HelpInfo URI of this module
-# HelpInfoURI = ''
+    # HelpInfo URI of this module
+    # HelpInfoURI = ''
 
-# Default prefix for commands exported from this module. Override the default prefix using Import-Module -Prefix.
-# DefaultCommandPrefix = ''
+    # Default prefix for commands exported from this module. Override the default prefix using Import-Module -Prefix.
+    # DefaultCommandPrefix = ''
 
 }
 
diff --git a/scripts/automation/Radius/JumpCloud-Radius.psm1 b/scripts/automation/Radius/JumpCloud-Radius.psm1
index c5207aa47..d85a128fe 100644
--- a/scripts/automation/Radius/JumpCloud-Radius.psm1
+++ b/scripts/automation/Radius/JumpCloud-Radius.psm1
@@ -9,9 +9,10 @@ Foreach ($Import in $Private) {
 }
 
 # Load all public functions:
-$Private = @( Get-ChildItem -Path "$PSScriptRoot/Functions/Public/*.ps1" -Recurse)
-Foreach ($Import in $Private) {
+$Public = @( Get-ChildItem -Path "$PSScriptRoot/Functions/Public/*.ps1" -Recurse)
+Foreach ($Import in $Public) {
     Try {
+        write-host "import function $($Import.FullName): $_"
         . $Import.FullName
     } Catch {
         Write-Error -Message "Failed to import function $($Import.FullName): $_"
diff --git a/scripts/automation/Radius/Start-RadiusDeployment.ps1 b/scripts/automation/Radius/Start-RadiusDeployment.ps1
index 55b2626d1..861d3e1d3 100644
--- a/scripts/automation/Radius/Start-RadiusDeployment.ps1
+++ b/scripts/automation/Radius/Start-RadiusDeployment.ps1
@@ -13,7 +13,7 @@ if ($JCAPIKEY.length -ne 40) {
 $global:JCScriptRoot = $PSScriptRoot
 
 # Import the functions
-Import-Module "$JCScriptRoot/JumpCloud-Radius.psm1" -DisableNameChecking -Force
+Import-Module "$JCScriptRoot/JumpCloud-Radius.psd1" -DisableNameChecking -Force
 
 # Show user selection
 do {
@@ -30,6 +30,7 @@ do {
         } '4' {
             Start-MonitorCertDeployment
         } '5' {
+            #TODO: move as a public function
             Get-JCRGlobalVars -force
         }
     }
diff --git a/scripts/automation/Radius/Tests/Public/Distribute-UserCerts.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
similarity index 100%
rename from scripts/automation/Radius/Tests/Public/Distribute-UserCerts.Tests.ps1
rename to scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
diff --git a/scripts/automation/Radius/Tests/Public/Generate-UserCerts.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1
similarity index 98%
rename from scripts/automation/Radius/Tests/Public/Generate-UserCerts.Tests.ps1
rename to scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1
index 8a3d6231b..e82d301b8 100644
--- a/scripts/automation/Radius/Tests/Public/Generate-UserCerts.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1
@@ -24,6 +24,7 @@ Describe 'Generate User Cert Tests' -Tag "Generate" {
 
     }
     Context 'Certs generated for users whos cert is set to exipre soon' {
+        # Set config
 
     }
     Context 'Certs generated by username' {

From 26e1111c20ac469e9ff49ccad044caa374b792f6 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Tue, 9 Jan 2024 14:06:29 -0700
Subject: [PATCH 015/346] global var + root ca tests

---
 scripts/automation/Radius/Config.ps1          |  10 +-
 .../settings => Public}/Get-JCRGlobalVars.ps1 |   9 +-
 .../Public/Start-GenerateRootCert.ps1         |  35 +++--
 .../automation/Radius/JumpCloud-Radius.psd1   |   2 +-
 .../Radius/Start-RadiusDeployment.ps1         |   3 +-
 .../Tests/Public/Get-JCRGlobalVars.Tests.ps1  | 129 ++++++++++++++++++
 .../Public/Start-GenerateRootCert.Tests.ps1   |  60 ++++++++
 7 files changed, 228 insertions(+), 20 deletions(-)
 rename scripts/automation/Radius/Functions/{Private/settings => Public}/Get-JCRGlobalVars.ps1 (94%)
 create mode 100644 scripts/automation/Radius/Tests/Public/Get-JCRGlobalVars.Tests.ps1
 create mode 100644 scripts/automation/Radius/Tests/Public/Start-GenerateRootCert.Tests.ps1

diff --git a/scripts/automation/Radius/Config.ps1 b/scripts/automation/Radius/Config.ps1
index 4697de9cc..c5b7994d7 100644
--- a/scripts/automation/Radius/Config.ps1
+++ b/scripts/automation/Radius/Config.ps1
@@ -1,9 +1,9 @@
 # JUMPCLOUD USER GROUP ID
 $Global:JCUSERGROUP = 'YOURJCUSERGROUP'
 # USER CERT PASSWORD (this password is sent to the devices via JumpCloud Commands)
-$JCUSERCERTPASS = 'secret1234!'
+$Global:JCUSERCERTPASS = 'secret1234!'
 # USER CERT Validity Length (days)
-$JCUSERCERTVALIDITY = 90
+$Global:JCUSERCERTVALIDITY = 90
 # List Of Radius Network SSID(s)
 # For Multiple SSIDs enter as a single string seperated by a semicolon  ex:
 # "CorpNetwork_Denver;CorpNetwork_Boulder;CorpNetwork_Boulder 5G;Guest Network"
@@ -11,9 +11,9 @@ $Global:NETWORKSSID = "YOUR_SSID"
 # OpenSSLBinary by default this is (openssl)
 # NOTE: If openssl does not work, try using the full path to the openssl file
 # MacOS HomeBrew Example: '/usr/local/Cellar/openssl@3/3.1.1/bin/openssl'
-$opensslBinary = 'openssl'
+$Global:opensslBinary = 'openssl'
 # Enter Cert Subject Headers (do not enter strings with spaces)
-$Subj = [PSCustomObject]@{
+$Global:Subj = [PSCustomObject]@{
     countryCode      = "US"
     stateCode        = "CO"
     Locality         = "Boulder"
@@ -27,7 +27,7 @@ $Subj = [PSCustomObject]@{
 # EmailSAN
 # EmailDN
 # UsernameCn (Default)
-$CertType = "UsernameCn"
+$Global:CertType = "UsernameCn"
 
 ################################################################################
 # Do not modify below
diff --git a/scripts/automation/Radius/Functions/Private/settings/Get-JCRGlobalVars.ps1 b/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
similarity index 94%
rename from scripts/automation/Radius/Functions/Private/settings/Get-JCRGlobalVars.ps1
rename to scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
index 384606b74..0142c2da0 100644
--- a/scripts/automation/Radius/Functions/Private/settings/Get-JCRGlobalVars.ps1
+++ b/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
@@ -28,7 +28,14 @@ function Get-JCRGlobalVars {
         # also validate that the data files are non-null, if they are, force update]
         $requiredHashFiles = @('associationHash.json', 'radiusMembers.json', 'systemHash.json', 'userHash.json')
         foreach ($file in $requiredHashFiles) {
-            $fileContents = Get-Content "$JCScriptRoot/data/$file"
+            if (Test-Path -Path "$JCScriptRoot/data/$file") {
+                $fileContents = Get-Content "$JCScriptRoot/data/$file"
+            } else {
+                Write-Host "[status] $JCScriptRoot/data/$file file does not exist, updating global variables"
+                $update = $true
+                break
+            }
+            # if the file is null force update
             if ([string]::IsNullOrEmpty($file)) {
                 Write-Host "[status] $JCScriptRoot/data/$file file is null, updating global variables"
                 $update = $true
diff --git a/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1 b/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1
index 49e6e4bc4..e6b3ad580 100644
--- a/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1
+++ b/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1
@@ -1,6 +1,11 @@
 Function Start-GenerateRootCert {
     [CmdletBinding(DefaultParameterSetName = 'gui')]
     param (
+        # Cert Key Password
+        # Parameter help description
+        [Parameter(ParameterSetName = 'cli')]
+        [string]
+        $certKeyPassword,
         # Force invoke commands after generation
         [Parameter(ParameterSetName = 'cli')]
         [switch]
@@ -54,9 +59,16 @@ Function Start-GenerateRootCert {
     $outCA = "$CertPath/radius_ca_cert.pem"
     # Ask the user to enter a pass phrase for the CA key:
     # Clear the pass phrase from the env:
-    $env:certKeyPassword = ""
-    $secureCertKeyPass = Read-Host -Prompt "Enter a password for the certificate key" -AsSecureString
-    $certKeyPass = ConvertFrom-SecureString $secureCertKeyPass -AsPlainText
+    switch ($PSCmdlet.ParameterSetName) {
+        'gui' {
+            $env:certKeyPassword = ""
+            $secureCertKeyPass = Read-Host -Prompt "Enter a password for the certificate key" -AsSecureString
+            $certKeyPass = ConvertFrom-SecureString $secureCertKeyPass -AsPlainText
+        }
+        'cli' {
+            $certKeyPass = $certKeyPassword
+        }
+    }
     # Save the pass phrase in the env:
     $env:certKeyPassword = $certKeyPass
     Invoke-Expression "$opensslBinary req -x509 -newkey rsa:2048 -days 365 -keyout $outKey -out $outCA -passout pass:$($env:certKeyPassword) -subj /C=$($Subj.countryCode)/ST=$($Subj.stateCode)/L=$($Subj.Locality)/O=$($Subj.Organization)/OU=$($Subj.OrganizationUnit)/CN=$($Subj.CommonName)"
@@ -68,15 +80,16 @@ Function Start-GenerateRootCert {
     foreach ($ext in $exts) {
         Write-Host "Updating Subject Headers for $($ext.Name)"
         $extContent = Get-Content -Path $ext.FullName -Raw
-        $reqDistinguishedName = "[req_distinguished_name]
-    C = $($subj.countryCode)
-    ST = $($subj.stateCode)
-    L = $($subj.Locality)
-    O = $($subj.Organization)
-    OU = $($subj.OrganizationUnit)
-    CN = $($subj.CommonName)
+        $reqDistinguishedName = @"
+[req_distinguished_name]
+C = $($subj.countryCode)
+ST = $($subj.stateCode)
+L = $($subj.Locality)
+O = $($subj.Organization)
+OU = $($subj.OrganizationUnit)
+CN = $($subj.CommonName)
 
-    "
+"@
         $extContent -Replace ("\[req_distinguished_name\][\s\S]*(?=\[v3_req\])", $reqDistinguishedName) | Set-Content -Path $ext.FullName -NoNewline -Force
     }
 }
diff --git a/scripts/automation/Radius/JumpCloud-Radius.psd1 b/scripts/automation/Radius/JumpCloud-Radius.psd1
index 991a773ee..04f150a17 100644
--- a/scripts/automation/Radius/JumpCloud-Radius.psd1
+++ b/scripts/automation/Radius/JumpCloud-Radius.psd1
@@ -70,7 +70,7 @@
 
     # Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export.
     FunctionsToExport = 'Start-DeployUserCerts', 'Start-GenerateRootCert',
-    'Start-GenerateUserCerts', 'Start-MonitorCertDeployment'
+    'Start-GenerateUserCerts', 'Start-MonitorCertDeployment', 'Get-JCRGlobalVars'
 
     # Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export.
     CmdletsToExport   = @()
diff --git a/scripts/automation/Radius/Start-RadiusDeployment.ps1 b/scripts/automation/Radius/Start-RadiusDeployment.ps1
index 861d3e1d3..55b2626d1 100644
--- a/scripts/automation/Radius/Start-RadiusDeployment.ps1
+++ b/scripts/automation/Radius/Start-RadiusDeployment.ps1
@@ -13,7 +13,7 @@ if ($JCAPIKEY.length -ne 40) {
 $global:JCScriptRoot = $PSScriptRoot
 
 # Import the functions
-Import-Module "$JCScriptRoot/JumpCloud-Radius.psd1" -DisableNameChecking -Force
+Import-Module "$JCScriptRoot/JumpCloud-Radius.psm1" -DisableNameChecking -Force
 
 # Show user selection
 do {
@@ -30,7 +30,6 @@ do {
         } '4' {
             Start-MonitorCertDeployment
         } '5' {
-            #TODO: move as a public function
             Get-JCRGlobalVars -force
         }
     }
diff --git a/scripts/automation/Radius/Tests/Public/Get-JCRGlobalVars.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Get-JCRGlobalVars.Tests.ps1
new file mode 100644
index 000000000..58c0cf6b4
--- /dev/null
+++ b/scripts/automation/Radius/Tests/Public/Get-JCRGlobalVars.Tests.ps1
@@ -0,0 +1,129 @@
+Describe "Get Global Variable Data Tests" {
+    BeforeAll {
+        $dataPath = "$JCScriptRoot/data/"
+        $requiredFiles = @(
+            'associationHash.json',
+            'radiusMembers.json',
+            'systemHash.json',
+            'userHash.json'
+        )
+
+    }
+    Context "When no 'data' directory exists" {
+        BeforeAll {
+            if (Test-Path -Path ($dataPath)) {
+                Remove-Item -Path $dataPath -Recurse
+            }
+        }
+        It "The tool is able to generate a 'data' directory and populate the global variables" {
+            # Get the latest data for the org:
+            Get-JCRGlobalVars
+            foreach ($file in $requiredFiles) {
+                # each json hash should have been generated and exist
+                "$dataPath/$file" | Should -Exist
+                # each file should be non-null
+                $fileContent = Get-Content -Path "$dataPath/$file"
+                $fileContent | Should -Not -BeNullOrEmpty
+            }
+        }
+    }
+    Context "When the 'data' directory already exists" {
+        BeforeAll {
+            # if the data directory does not exist, generate the global vars + directory
+            if (-not (Test-Path -Path ($dataPath))) {
+                Get-JCRGlobalVars
+            }
+            # explicitly import the settings file functions for these tests:
+            $Private = @( Get-ChildItem -Path "$JCScriptRoot/Functions/Private/settings/*.ps1" -Recurse)
+            Foreach ($Import in $Private) {
+                Try {
+                    . $Import.FullName
+                } Catch {
+                    Write-Error -Message "Failed to import function $($Import.FullName): $_"
+                }
+            }
+        }
+        It "Data should not be refreshed when running Get-JCRGlobalVars if it's been less than 24 hours since last update" {
+            # Get the settings data
+            $settingsData = Get-JCRSettingsFile
+            $timespan = New-TimeSpan -Start (Get-Date).AddHours(-24) -End $settingsData.globalVars.lastupdate
+            # Write-Host "Time between 24 hrs and settings file: $($timespan.TotalHours)"
+            # get files before
+            $filesBefore = Get-ChildItem -Path $dataPath
+            # check the settings time the files were last written
+            if ($timespan.TotalHours -lt 24) {
+                # continue with test
+            } else {
+                # set the settings file to a mocked value of now
+                Set-JCRSettingsFile -globalVarslastUpdate (Get-Date)
+
+            }
+            # run Get-JCRGlobalVars
+            Get-JCRGlobalVars
+
+            # check the files:
+            $filesAfter = Get-ChildItem -Path $dataPath
+
+            # test each file write date
+            foreach ($file in $requiredFiles) {
+                # write-host "validating write times for $file"
+                $beforeWriteTime = (($filesBefore | Where-Object { $_.Name -eq $file })).LastWriteTime
+                $afterWriteTime = (($filesAfter | Where-Object { $_.Name -eq $file })).LastWriteTime
+                # Write-Host "before: $beforeWriteTime should be after: $afterWriteTime"
+                # The file write time before running Get-JCRGlobalVars should be the same after running the function
+                $beforeWriteTime | should -be $afterWriteTime
+            }
+        }
+        It "Data should refresh when running Get-JCRGlobalVars if it's been more than 24 hours since last update" {
+            # Get the settings data
+            $settingsData = Get-JCRSettingsFile
+            $timespan = New-TimeSpan -Start (Get-Date).AddHours(-24) -End $settingsData.globalVars.lastupdate
+            # Write-Host "Time between 24 hrs and settings file: $($timespan.TotalHours)"
+            # get files before
+            $filesBefore = Get-ChildItem -Path $dataPath
+            # check the settings time the files were last written
+            if ($timespan.TotalHours -gt 24) {
+                # continue with test
+            } else {
+                # set the settings file to a mocked value of now
+                Set-JCRSettingsFile -globalVarslastUpdate (Get-Date).AddHours(-25)
+                Start-Sleep 1
+                $settingsData = Get-JCRSettingsFile
+                $timespan = New-TimeSpan -Start (Get-Date).AddHours(-24) -End $settingsData.globalVars.lastupdate
+                # Write-Host "Time between 24 hrs and settings file: $($timespan.TotalHours)"
+            }
+            # run Get-JCRGlobalVars
+            Get-JCRGlobalVars
+
+            # check the files:
+            $filesAfter = Get-ChildItem -Path $dataPath
+            # test each file write date
+            foreach ($file in $requiredFiles) {
+                # write-host "validating write times for $file"
+                $beforeWriteTime = (($filesBefore | Where-Object { $_.Name -eq $file })).LastWriteTime.Ticks
+                $afterWriteTime = (($filesAfter | Where-Object { $_.Name -eq $file })).LastWriteTime.Ticks
+                # Write-Host "before: $beforeWriteTime should not be after: $afterWriteTime"
+                # The file write time before running Get-JCRGlobalVars should not be the same after running the function
+                $beforeWriteTime | should -Not -Be $afterWriteTime
+            }
+        }
+        It "Data should be re-written when the -Force parameter is used; regardless of setings write date" {
+            # check the files before
+            $filesBefore = Get-ChildItem -Path $dataPath
+            # run Get-JCRGlobalVars with force param
+            Get-JCRGlobalVars -Force
+
+            # check the files after:
+            $filesAfter = Get-ChildItem -Path $dataPath
+            # test each file write date
+            foreach ($file in $requiredFiles) {
+                # write-host "validating write times for $file"
+                $beforeWriteTime = (($filesBefore | Where-Object { $_.Name -eq $file })).LastWriteTime.Ticks
+                $afterWriteTime = (($filesAfter | Where-Object { $_.Name -eq $file })).LastWriteTime.Ticks
+                # Write-Host "before: $beforeWriteTime should not be after: $afterWriteTime"
+                # The file write time before running Get-JCRGlobalVars should not be the same after running the function
+                $beforeWriteTime | should -Not -Be $afterWriteTime
+            }
+        }
+    }
+}
diff --git a/scripts/automation/Radius/Tests/Public/Start-GenerateRootCert.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Start-GenerateRootCert.Tests.ps1
new file mode 100644
index 000000000..e758514bd
--- /dev/null
+++ b/scripts/automation/Radius/Tests/Public/Start-GenerateRootCert.Tests.ps1
@@ -0,0 +1,60 @@
+Describe "Generate Root Certifcate Tests" {
+    Context "A new certificate can be generated" -skip {
+        # If the /Cert/ folder is not empty, clear the directory
+        $items = Get-ChildItem $JCScriptRoot/Cert
+        if ($items) {
+            foreach ($item in $items) {
+                write-host "removing $($item.FullName)"
+                Remove-Item -Path $item.FullName
+            }
+        }
+        Start-GenerateRootCert -certKeyPassword "Test123"
+
+        # both the key and the cert should be generated
+        $itemsAfter = Get-ChildItem $JCScriptRoot/Cert
+        $itemsAfter.BaseName | Should -Contain "radius_ca_cert"
+        $itemsAfter.BaseName | Should -Contain "radius_ca_key"
+
+        #validate the subject matches what's defined in config:
+        $CA_subject = Invoke-Expression "$opensslBinary x509 -noout -in $JCScriptRoot/Cert/radius_ca_cert.pem -subject"
+        $CA_subject = $CA_subject.split("subject=").split(",")
+        ($CA_subject | Where-Object { $_ -match "C = " }) | Should -Match $Global:Subj.countryCode
+        ($CA_subject | Where-Object { $_ -match "ST = " }) | Should -Match $Global:Subj.stateCode
+        ($CA_subject | Where-Object { $_ -match "L = " }) | Should -Match $Global:Subj.Locality
+        ($CA_subject | Where-Object { $_ -match "O = " }) | Should -Match $Global:Subj.Organization
+        ($CA_subject | Where-Object { $_ -match "OU = " }) | Should -Match $Global:Subj.OrganizationUnit
+        ($CA_subject | Where-Object { $_ -match "CN = " }) | Should -Match $Global:Subj.CommonName
+    }
+    Context "An existing certificate can be replaced" {
+        # get existing cert serial:
+        $origSN = Invoke-Expression "$opensslBinary x509 -noout -in $JCScriptRoot/Cert/radius_ca_cert.pem -serial"
+        # force generate new CA
+        Start-GenerateRootCert -forceReplcaeCert -certKeyPassword "newTest1234"
+        # get new SN
+        $newSN = Invoke-Expression "$opensslBinary x509 -noout -in $JCScriptRoot/Cert/radius_ca_cert.pem -serial"
+        # the serial numbers of the cert should not be the same, i.e. a new cert has replaced the existing one
+        $origSN | Should -Not -Be $newSN
+        # both the key and the cert should be generated
+        $itemsAfter = Get-ChildItem $JCScriptRoot/Cert
+        $itemsAfter.BaseName | Should -Contain "radius_ca_cert"
+        $itemsAfter.BaseName | Should -Contain "radius_ca_key"
+
+        #validate the subject matches what's defined in config:
+        $CA_subject = Invoke-Expression "$opensslBinary x509 -noout -in $JCScriptRoot/Cert/radius_ca_cert.pem -subject"
+        $CA_subject = $CA_subject.split("subject=").split(",")
+        ($CA_subject | Where-Object { $_ -match "C = " }) | Should -Match $Global:Subj.countryCode
+        ($CA_subject | Where-Object { $_ -match "ST = " }) | Should -Match $Global:Subj.stateCode
+        ($CA_subject | Where-Object { $_ -match "L = " }) | Should -Match $Global:Subj.Locality
+        ($CA_subject | Where-Object { $_ -match "O = " }) | Should -Match $Global:Subj.Organization
+        ($CA_subject | Where-Object { $_ -match "OU = " }) | Should -Match $Global:Subj.OrganizationUnit
+        ($CA_subject | Where-Object { $_ -match "CN = " }) | Should -Match $Global:Subj.CommonName
+
+    }
+    Context "An existing certificate can be renewed" {
+        # TODO: implement
+        # openssl req -new -key radius_ca_key.key -out newcsr.csr
+        # openssl x509 -req -days 365 -in newcsr.csr -signkey radius_ca_key.key -out radius_ca_cert.pem
+        # rm newcsr.csr
+
+    }
+}
\ No newline at end of file

From 1b20110b33d9860bc8893588fb204a51ee530cfb Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Tue, 9 Jan 2024 14:56:29 -0700
Subject: [PATCH 016/346] add ability to skip associationData in globalVars

---
 .../Functions/Public/Get-JCRGlobalVars.ps1    | 121 ++++++++++++------
 .../Tests/Public/Get-JCRGlobalVars.Tests.ps1  |  28 ++++
 2 files changed, 109 insertions(+), 40 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1 b/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
index 0142c2da0..11e07f95c 100644
--- a/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
+++ b/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
@@ -3,7 +3,10 @@ function Get-JCRGlobalVars {
     param (
         [Parameter()]
         [switch]
-        $force
+        $force,
+        [Parameter()]
+        [switch]
+        $skipAssociation
     )
     begin {
         # ensure the data directory exists to cache the json files:
@@ -23,23 +26,59 @@ function Get-JCRGlobalVars {
         }
         if ($force) {
             $update = $true
+            switch ($skipAssociation) {
+                $true {
+                    $updateAssociation = $false
+                }
+                $false {
+                    $updateAssociation = $true
+                }
+            }
         }
 
         # also validate that the data files are non-null, if they are, force update]
-        $requiredHashFiles = @('associationHash.json', 'radiusMembers.json', 'systemHash.json', 'userHash.json')
+        $requiredHashFiles = @('radiusMembers.json', 'systemHash.json', 'userHash.json')
         foreach ($file in $requiredHashFiles) {
             if (Test-Path -Path "$JCScriptRoot/data/$file") {
                 $fileContents = Get-Content "$JCScriptRoot/data/$file"
             } else {
                 Write-Host "[status] $JCScriptRoot/data/$file file does not exist, updating global variables"
                 $update = $true
-                break
             }
             # if the file is null force update
-            if ([string]::IsNullOrEmpty($file)) {
+            if ([string]::IsNullOrEmpty($fileContents)) {
+                Write-Host "[status] $JCScriptRoot/data/$file file is null, updating global variables"
+                $update = $true
+            }
+        }
+
+        $requiredAssociationHashFiles = @('associationHash.json')
+        foreach ($file in $requiredAssociationHashFiles) {
+            if (Test-Path -Path "$JCScriptRoot/data/$file") {
+                $fileContents = Get-Content "$JCScriptRoot/data/$file"
+                switch ($skipAssociation) {
+                    $true {
+                        Write-Host "[status] $JCScriptRoot/data/$file will be skipped"
+                        $updateAssociation = $false
+                    }
+                }
+            } else {
+                Write-Host "[status] $JCScriptRoot/data/$file file does not exist, updating global variables"
+                $update = $true
+                $updateAssociation = $true
+            }
+            # if the file is null force update
+            if ([string]::IsNullOrEmpty($fileContents)) {
                 Write-Host "[status] $JCScriptRoot/data/$file file is null, updating global variables"
                 $update = $true
-                break
+                $updateAssociation = $true
+            } else {
+                switch ($skipAssociation) {
+                    $true {
+                        Write-Host "[status] $JCScriptRoot/data/$file will be skipped"
+                        $updateAssociation = $false
+                    }
+                }
             }
         }
     }
@@ -60,50 +99,52 @@ function Get-JCRGlobalVars {
                             'userID'   = $member.toID
                             'username' = $users[$member.toID].username
                         }
-                    )
-                }
-                # Get Report Hash:
-                $headers = @{
-                    "accept"    = "application/json";
-                    "x-api-key" = $Env:JCApiKey;
-                    "x-org-id"  = $Env:JCOrgId
+                    ) | Out-Null
                 }
-                # request new user to device report:
-                $reportRequest = Invoke-RestMethod -Uri 'https://api.jumpcloud.com/insights/directory/v1/reports/users-to-devices' -Method POST -Headers $headers
-                # now fetch available reports:
-                do {
-                    $reportList = Invoke-RestMethod -Uri 'https://api.jumpcloud.com/insights/directory/v1/reports?sort=CREATED_AT' -Method GET -Headers $headers
-                    $lastReport = $reportList | Where-Object { $_.id -eq $reportRequest.id }
-                    if ($lastReport.status -eq 'PENDING') {
-                        Write-Warning "[status] waiting 20s for jumpcloud report to complete"
-                        start-sleep -Seconds 20
+                if ($updateAssociation) {
+                    # Get Report Hash:
+                    $headers = @{
+                        "accept"    = "application/json";
+                        "x-api-key" = $Env:JCApiKey;
+                        "x-org-id"  = $Env:JCOrgId
                     }
-                } until ($lastReport.status -eq 'COMPLETED')
-                # download json
-                $artifactID = ($lastReport.artifacts | Where-Object { $_.format -eq 'json' }).id
-                $reportID = $lastReport.id
-                $reportContent = Invoke-RestMethod -Uri "https://api.jumpcloud.com/insights/directory/v1/reports/$reportID/artifacts/$artifactID/content" -Method GET -Headers $headers
-                # create the hashtable:
-                $userAssociationList = New-Object System.Collections.Hashtable
-                foreach ($item in $reportContent) {
-                    if ($item.user_object_id -And $item.resource_object_id) {
-                        if (-not $userAssociationList[$item.user_object_id]) {
-                            $userAssociationList.add(
-                                $item.user_object_id, @{
-                                    'systemAssociations' = @($item | Select-Object -Property @{Name = 'systemId'; Expression = { $_.resource_object_id } }, hostname, @{Name = 'osFamily'; Expression = { $_.device_os } });
-                                    'userData'           = @($item | Select-Object -Property email, username)
-                                })
-                        } else {
-                            $userAssociationList[$item.user_object_id].systemAssociations += @($item | Select-Object -Property @{Name = 'systemId'; Expression = { $_.resource_object_id } }, hostname, @{Name = 'osFamily'; Expression = { $_.device_os } })
+                    # request new user to device report:
+                    $reportRequest = Invoke-RestMethod -Uri 'https://api.jumpcloud.com/insights/directory/v1/reports/users-to-devices' -Method POST -Headers $headers
+                    # now fetch available reports:
+                    do {
+                        $reportList = Invoke-RestMethod -Uri 'https://api.jumpcloud.com/insights/directory/v1/reports?sort=CREATED_AT' -Method GET -Headers $headers
+                        $lastReport = $reportList | Where-Object { $_.id -eq $reportRequest.id }
+                        if ($lastReport.status -eq 'PENDING') {
+                            Write-Warning "[status] waiting 20s for jumpcloud report to complete"
+                            start-sleep -Seconds 20
+                        }
+                    } until ($lastReport.status -eq 'COMPLETED')
+                    # download json
+                    $artifactID = ($lastReport.artifacts | Where-Object { $_.format -eq 'json' }).id
+                    $reportID = $lastReport.id
+                    $reportContent = Invoke-RestMethod -Uri "https://api.jumpcloud.com/insights/directory/v1/reports/$reportID/artifacts/$artifactID/content" -Method GET -Headers $headers
+                    # create the hashtable:
+                    $userAssociationList = New-Object System.Collections.Hashtable
+                    foreach ($item in $reportContent) {
+                        if ($item.user_object_id -And $item.resource_object_id) {
+                            if (-not $userAssociationList[$item.user_object_id]) {
+                                $userAssociationList.add(
+                                    $item.user_object_id, @{
+                                        'systemAssociations' = @($item | Select-Object -Property @{Name = 'systemId'; Expression = { $_.resource_object_id } }, hostname, @{Name = 'osFamily'; Expression = { $_.device_os } });
+                                        'userData'           = @($item | Select-Object -Property email, username)
+                                    }) | Out-Null
+                            } else {
+                                $userAssociationList[$item.user_object_id].systemAssociations += @($item | Select-Object -Property @{Name = 'systemId'; Expression = { $_.resource_object_id } }, hostname, @{Name = 'osFamily'; Expression = { $_.device_os } })
+                            }
                         }
                     }
+                    # write out the association hash
+                    $userAssociationList | ConvertTo-Json -Depth 10 |  Out-File "$JCScriptRoot/data/associationHash.json"
                 }
 
                 # finally write out the data to file:
-                Write-host "writing files"
                 $users | ConvertTo-Json -Depth 100 -Compress |  Out-File "$JCScriptRoot/data/userHash.json"
                 $systems | ConvertTo-Json -Depth 10 |  Out-File "$JCScriptRoot/data/systemHash.json"
-                $userAssociationList | ConvertTo-Json -Depth 10 |  Out-File "$JCScriptRoot/data/associationHash.json"
                 $radiusMemberList | ConvertTo-Json |  Out-File "$JCScriptRoot/data/radiusMembers.json"
             }
             $false {
diff --git a/scripts/automation/Radius/Tests/Public/Get-JCRGlobalVars.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Get-JCRGlobalVars.Tests.ps1
index 58c0cf6b4..f4e7ebfb1 100644
--- a/scripts/automation/Radius/Tests/Public/Get-JCRGlobalVars.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Get-JCRGlobalVars.Tests.ps1
@@ -125,5 +125,33 @@ Describe "Get Global Variable Data Tests" {
                 $beforeWriteTime | should -Not -Be $afterWriteTime
             }
         }
+        It "Data should be re-written when the -Force parameter is used and Association data should be skipped with -SkipAssociation; regardless of setings write date" {
+            # check the files before
+            $filesBefore = Get-ChildItem -Path $dataPath
+            # run Get-JCRGlobalVars with force param
+            Get-JCRGlobalVars -Force -SkipAssociation
+
+            # check the files after:
+            $filesAfter = Get-ChildItem -Path $dataPath
+            # test each file write date
+            foreach ($file in $requiredFiles) {
+                # write-host "validating write times for $file"
+                if ($file -ne "associationHash.json") {
+                    $beforeWriteTime = (($filesBefore | Where-Object { $_.Name -eq $file })).LastWriteTime.Ticks
+                    $afterWriteTime = (($filesAfter | Where-Object { $_.Name -eq $file })).LastWriteTime.Ticks
+                    # Write-Host "before: $beforeWriteTime should not be after: $afterWriteTime"
+                    # The file write time before running Get-JCRGlobalVars should not be the same after running the function
+                    $beforeWriteTime | should -Not -Be $afterWriteTime
+
+                } else {
+                    $beforeWriteTime = (($filesBefore | Where-Object { $_.Name -eq $file })).LastWriteTime.Ticks
+                    $afterWriteTime = (($filesAfter | Where-Object { $_.Name -eq $file })).LastWriteTime.Ticks
+                    # Write-Host "before: $beforeWriteTime should not be after: $afterWriteTime"
+                    # The file write time before running Get-JCRGlobalVars should not be the same after running the function
+                    $beforeWriteTime | should -Be $afterWriteTime
+
+                }
+            }
+        }
     }
 }

From f79ccc4f08de1a57c0688c84bd8aa379b2263e6a Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 10 Jan 2024 08:26:57 -0700
Subject: [PATCH 017/346] individual user tests

---
 .../HashFunctions/Test-UserFromHash.ps1       |  2 +-
 .../Functions/Public/Get-JCRGlobalVars.ps1    |  7 ++-
 .../Public/Start-GenerateUserCerts.Tests.ps1  | 45 ++++++++++++++++++-
 3 files changed, 49 insertions(+), 5 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Private/HashFunctions/Test-UserFromHash.ps1 b/scripts/automation/Radius/Functions/Private/HashFunctions/Test-UserFromHash.ps1
index 17e56c615..c8e28d5a3 100644
--- a/scripts/automation/Radius/Functions/Private/HashFunctions/Test-UserFromHash.ps1
+++ b/scripts/automation/Radius/Functions/Private/HashFunctions/Test-UserFromHash.ps1
@@ -32,7 +32,7 @@ function Test-UserFromHash {
                 # Get the index of the user within the hashtable
                 $matchedIndex = $Global:JCRUsers.values.username.ToLower().IndexOf($username.ToLower())
                 # Get the UserID from the keys
-                $matchedUserID = $Global:JCRUsers.keys[$matchedIndex]
+                $matchedUserID = $Global:JCRUsers.keys | Select-Object -Index $matchedIndex
                 # validate that the userID is in the radiusMembership hash:
                 if ($Global:JCRRadiusMembers.username.IndexOf($username)) {
                     # finally return the $matchedUser object
diff --git a/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1 b/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
index 11e07f95c..23bdaa731 100644
--- a/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
+++ b/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
@@ -140,6 +140,9 @@ function Get-JCRGlobalVars {
                     }
                     # write out the association hash
                     $userAssociationList | ConvertTo-Json -Depth 10 |  Out-File "$JCScriptRoot/data/associationHash.json"
+                } else {
+                    $userAssociationList = Get-Content -Raw -Path "$JCScriptRoot/data/associationHash.json" | ConvertFrom-Json -Depth 6 -AsHashtable
+
                 }
 
                 # finally write out the data to file:
@@ -148,7 +151,7 @@ function Get-JCRGlobalVars {
                 $radiusMemberList | ConvertTo-Json |  Out-File "$JCScriptRoot/data/radiusMembers.json"
             }
             $false {
-                Write-Warning "It's been $($lastUpdateTimespan.hours) hours since we last pulled user, system and association data, no need to update"
+                # write-host "It's been $($lastUpdateTimespan.hours) hours since we last pulled user, system and association data, no need to update"
                 $userAssociationList = Get-Content -Raw -Path "$JCScriptRoot/data/associationHash.json" | ConvertFrom-Json -Depth 6 -AsHashtable
             }
         }
@@ -166,7 +169,7 @@ function Get-JCRGlobalVars {
                 Set-JCRSettingsFile -globalVarslastUpdate (Get-Date)
             }
             $false {
-                Write-Warning "pulling saved data from data file:"
+                # write-host "pulling saved data from data file:"
                 # set global vars from local cache
                 $Global:JCRUsers = Get-Content -path "$JCScriptRoot/data/userHash.json" | ConvertFrom-Json -AsHashtable
                 $Global:JCRSystems = Get-Content -path "$JCScriptRoot/data/systemHash.json" | ConvertFrom-Json -AsHashtable
diff --git a/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1
index e82d301b8..0c8b6d304 100644
--- a/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1
@@ -1,12 +1,12 @@
 Describe 'Generate User Cert Tests' -Tag "Generate" {
-    Context 'Certs forcibly re-generated for all users' {
+    Context 'Certs forcibly re-generated for all users' -skip {
         It 'Certs re-generated have actually been re-written for all users' {
             . "/Users/jworkman/Documents/GitHub/support/scripts/automation/Radius/Functions/Public/Distribute-UserCerts.ps1"
             $timeBefore = (Get-Date).ToString('MM/dd/yyyy HH:mm:ss')
             $certsBefore = Get-CertInfo -UserCerts
             # wait one second.
             Start-Sleep 1
-            Generate-UserCerts -type All -forceReplaceCerts
+            Start-GenerateUserCerts -type All -forceReplaceCerts
             # validate that the commands were created for valid users
             # Get Certs
             $certs = Get-CertInfo -UserCerts
@@ -21,6 +21,47 @@ Describe 'Generate User Cert Tests' -Tag "Generate" {
         }
     }
     Context 'Certs generated for newly added users' {
+        beforeall {
+            # Select a user TODO: create a pester user
+            $user = Get-JCuser -username "chet.atkins"
+            $certs = Get-ChildItem -Path "$JCScriptRoot/UserCerts" -filter "$($user.username)*"
+            foreach ($cert in $certs) {
+                remove-item $cert.fullname
+            }
+
+        }
+        It 'When a new user is added to the radius group, the tool will generate a new cert' {
+            # Get the certs before
+            $certsBefore = Get-ChildItem -Path "$JCScriptRoot/UserCerts"
+            # add the new user to the radius group
+            Add-JCUserGroupMember -GroupID $Global:JCUSERGROUP -UserID $user.id
+            # update the cache
+            Get-JCRGlobalVars -force -skipAssociation
+            # wait just one moment before testing membership since we are writing a file
+            Start-Sleep 1
+            # the new user should be in the membership list:
+            $global:JCRRadiusMembers.username | Should -Contain $user.username
+            # Generate the user cert:
+            Start-GenerateUserCerts -type ByUsername -username $($user.username) -forceReplaceCerts
+            # Get the certs after
+            $certsAfter = Get-ChildItem -Path "$JCScriptRoot/UserCerts"
+            # filter by username
+            $UserCerts = $certsAfter | Where-Object { $_.Name -match "$($user.username)" }
+            # the files and each type of expected cert file should exist
+            $UserCerts.Name | Should -Match $user.username
+            $UserCerts.fullname | where-object { $_ -match ".csr" } | Should -exist
+            $UserCerts.fullname | where-object { $_ -match ".pfx" } | Should -exist
+            $UserCerts.fullname | where-object { $_ -match ".crt" } | Should -exist
+            $UserCerts.fullname | where-object { $_ -match ".key" } | Should -exist
+            # cleanup
+            Remove-JCUserGroupMember -GroupID $Global:JCUSERGROUP -UserID $user.id
+            # update cache
+            Get-JCRGlobalVars -force -skipAssociation
+            # wait just one moment before testing membership since we are writing a file
+            Start-Sleep 1
+            # the global variables should be cleaned up
+            $global:JCRRadiusMembers.username | Should -Not -Contain $user.username
+        }
 
     }
     Context 'Certs generated for users whos cert is set to exipre soon' {

From 8c9ab9703cabba1d70d079cf3b9cb81b3e716a2f Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 10 Jan 2024 11:11:14 -0700
Subject: [PATCH 018/346] test for users who's cert is about to expire

---
 .../Public/Start-GenerateUserCerts.ps1        |  6 ++
 .../Public/Start-GenerateUserCerts.Tests.ps1  | 68 ++++++++++++++++++-
 2 files changed, 72 insertions(+), 2 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Public/Start-GenerateUserCerts.ps1 b/scripts/automation/Radius/Functions/Public/Start-GenerateUserCerts.ps1
index 3b7eeb6ac..40b72d173 100644
--- a/scripts/automation/Radius/Functions/Public/Start-GenerateUserCerts.ps1
+++ b/scripts/automation/Radius/Functions/Public/Start-GenerateUserCerts.ps1
@@ -168,6 +168,10 @@ function Start-GenerateUserCerts {
             }
             '4' {
                 # TODO: if there are no certs set to expire in 'x' days inform when pressing this option
+                # recalculate expiring certs:
+                $userCertInfo = Get-CertInfo -UserCerts
+                $global:cutoffDate = (Get-Date).AddDays(15).Date
+                $Global:expiringCerts = Get-ExpiringCertInfo -certInfo $userCertInfo -cutoffDate $cutoffDate
                 for ($i = 0; $i -lt $ExpiringCerts.Count; $i++) {
                     $userCert = $ExpiringCerts[$i]
                     <# Action that will repeat until the condition is met #>
@@ -177,6 +181,8 @@ function Start-GenerateUserCerts {
                     Show-RadiusProgress -completedItems ($i + 1) -totalItems $ExpiringCerts.count -ActionText "Generating Radius Certificates" -previousOperationResult $result
 
                     # recalculate expiring certs:
+                    $userCertInfo = Get-CertInfo -UserCerts
+                    $global:cutoffDate = (Get-Date).AddDays(15).Date
                     $Global:expiringCerts = Get-ExpiringCertInfo -certInfo $userCertInfo -cutoffDate $cutoffDate
                 }
                 switch ($PSCmdlet.ParameterSetName) {
diff --git a/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1
index 0c8b6d304..fd1bbb7a3 100644
--- a/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1
@@ -1,5 +1,5 @@
 Describe 'Generate User Cert Tests' -Tag "Generate" {
-    Context 'Certs forcibly re-generated for all users' -skip {
+    Context 'Certs forcibly re-generated for all users' {
         It 'Certs re-generated have actually been re-written for all users' {
             . "/Users/jworkman/Documents/GitHub/support/scripts/automation/Radius/Functions/Public/Distribute-UserCerts.ps1"
             $timeBefore = (Get-Date).ToString('MM/dd/yyyy HH:mm:ss')
@@ -65,7 +65,71 @@ Describe 'Generate User Cert Tests' -Tag "Generate" {
 
     }
     Context 'Certs generated for users whos cert is set to exipre soon' {
-        # Set config
+        BeforeAll {
+            # import necessary functions:
+            . "$JCScriptRoot/Functions/Private/CertDeployment/Get-CertInfo.ps1"
+            . "$JCScriptRoot/Functions/Private/CertDeployment/Get-ExpiringCertInfo.ps1"
+            # Set config
+            $configPath = "$JCScriptRoot/config.ps1"
+            $content = Get-Content -path $configPath
+            # set the user cert validity to just 10 days
+            $content -replace ('\$Global:JCUSERCERTVALIDITY = *.+', '$Global:JCUSERCERTVALIDITY = 10') | Set-Content -Path $configPath
+
+            # get user from membership list
+            $RandomUsername = $global:JCRRadiusMembers.username | Get-Random -count 1
+
+            # regenerate user cert
+            Start-GenerateUserCerts -type ByUsername -username $($RandomUsername) -forceReplaceCerts
+
+            # Update Global Expiring list:
+            $userCertInfo = Get-CertInfo -UserCerts
+            # Determine cut off date for expiring certs
+            $global:cutoffDate = (Get-Date).AddDays(15).Date
+            # Find all certs that will expire between current date and cut off date
+            $Global:expiringCerts = Get-ExpiringCertInfo -certInfo $userCertInfo -cutoffDate $cutoffDate
+
+        }
+        It 'Certs that are set to expire soon can be updated' {
+            # at this point expiring certs should be populated from beforeAll block
+            $Global:expiringCerts | Should -not -BeNullOrEmpty
+            # reset the validity counter
+            $content = Get-Content -path $configPath
+            # set the user cert validity to 90 days
+            $content -replace ('\$Global:JCUSERCERTVALIDITY = *.+', '$Global:JCUSERCERTVALIDITY = 90') | Set-Content -Path $configPath
+            # Get the certs before generation minus the .zip if it exists
+            $certsBefore = Get-ChildItem -Path "$JCScriptRoot/UserCerts" -Filter "$($RandomUsername)*" -Exclude "*.zip"
+            # get the date before
+            $dateBefore = (Get-Date).ToString('MM/dd/yyyy HH:mm:ss')
+            Start-Sleep 1
+            # Generate certs for expired users, this should replace any expiring certs
+            Start-GenerateUserCerts -type ExpiringSoon -forceReplaceCerts
+            # Update Global Expiring list:
+            $userCertInfo = Get-CertInfo -UserCerts
+            $Global:expiringCerts = Get-ExpiringCertInfo -certInfo $userCertInfo -cutoffDate $cutoffDate
+            # there should be no more certs left in the expiring cert var
+            $Global:expiringCerts | Should -BeNullOrEmpty
+            # Get the certs after generation minus the .zip if it exists
+            $certsAfter = Get-ChildItem -Path "$JCScriptRoot/UserCerts" -Filter "$($RandomUsername)*" -Exclude "*.zip"
+            # test each file, it should have been written
+            foreach ($cert in $certsAfter) {
+                Write-Host "$($cert.Name)"
+                $beforeWriteTime = (($certsBefore | Where-Object { $_.Name -eq $cert.Name })).LastWriteTime.Ticks
+                $afterWriteTime = (($certsAfter | Where-Object { $_.Name -eq $cert.Name })).LastWriteTime.Ticks
+                # the time written on the cert should be updated
+                $beforeWriteTime | should -Not -Be $afterWriteTime
+            }
+            # the user cert table should have been updated too
+            $certInfo = Get-CertInfo -UserCerts -username $RandomUsername
+            $certInfo.count | should -be 1
+            $certInfo.generated | Should -BeGreaterThan $dateBefore
+        }
+        AfterAll {
+            # reset the validity counter
+            $content = Get-Content -path $configPath
+            # set the user cert validity to 90 days
+            $content -replace ('\$Global:JCUSERCERTVALIDITY = *.+', '$Global:JCUSERCERTVALIDITY = 90') | Set-Content -Path $configPath
+        }
+
 
     }
     Context 'Certs generated by username' {

From 3cb728590c8401fccd29a34c1dc476608e3469c1 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 10 Jan 2024 15:25:58 -0700
Subject: [PATCH 019/346] first pass at deploy tests

---
 .../CertDeployment/Deploy-UserCertificate.ps1 | 10 ++-
 .../CertGeneration/Invoke-UserCertProcess.ps1 |  2 +-
 .../HashFunctions/Test-UserFromHash.ps1       |  3 +
 .../commands/invoke-commandByUserId.ps1       |  2 +-
 .../Private/settings/Update-JCRUsersJson.ps1  |  9 +-
 .../Functions/Public/Get-JCRGlobalVars.ps1    |  3 +-
 .../automation/Radius/JumpCloud-Radius.psm1   |  2 -
 .../Public/Start-DeployUserCerts.Tests.ps1    | 86 +++++++++++++++++++
 .../Public/Start-GenerateUserCerts.Tests.ps1  |  1 -
 9 files changed, 102 insertions(+), 16 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1 b/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
index 14ebb7924..530d076f8 100644
--- a/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
@@ -97,7 +97,7 @@ function Deploy-UserCertificate {
             Compress-Archive -Path $userPfx -DestinationPath $userPfxZip -CompressionLevel NoCompression -Force
             # Find OS of System
             switch ($user.systemAssociations.osFamily) {
-                'macOS' {
+                'Mac OS X' {
                     # Get the macOS system ids
                     $systemIds = $user.systemAssociations | Where-Object { $_.osFamily -eq 'macOS' } | Select-Object systemId
 
@@ -256,7 +256,8 @@ fi
                         $Command = Get-JCCommand -name "RadiusCert-Install:$($user.userName):MacOSX"
                         $systemIds | ForEach-Object { Set-JcSdkCommandAssociation -CommandId:("$($Command._id)") -Op 'add' -Type:('system') -Id:("$($_.systemId)") | Out-Null }
                     } catch {
-                        throw $_
+                        status_commandGenerated = $false
+                        # throw $_
                     }
 
                     $CommandTable = [PSCustomObject]@{
@@ -401,7 +402,8 @@ if (`$CurrentUser -eq "$($user.localUsername)") {
                         $Command = Get-JCCommand -name "RadiusCert-Install:$($user.userName):Windows"
                         $systemIds | ForEach-Object { Set-JcSdkCommandAssociation -CommandId:("$($Command._id)") -Op 'add' -Type:('system') -Id:("$($_.systemId)") | Out-Null }
                     } catch {
-                        throw $_
+                        status_commandGenerated = $false
+                        # throw $_
                     }
 
                     $CommandTable = [PSCustomObject]@{
@@ -472,7 +474,7 @@ if (`$CurrentUser -eq "$($user.localUsername)") {
                             $userObjectFromTable.certInfo | Add-Member -Name 'deploymentDate' -Type NoteProperty -Value (Get-Date)
                         }
                         Set-UserTable -index $userIndex -commandAssociationsObject $userObjectFromTable.commandAssociations -certInfoObject $userObjectFromTable.certInfo
-                        $invokeCommands = invoke-commandByUserId -userID $user.userid
+                        $invokeCommands = invoke-commandByUserId -userID $user.userId
                         $result_deployed = $true
                     }
                 }
diff --git a/scripts/automation/Radius/Functions/Private/CertGeneration/Invoke-UserCertProcess.ps1 b/scripts/automation/Radius/Functions/Private/CertGeneration/Invoke-UserCertProcess.ps1
index f40465976..7f2970c7a 100644
--- a/scripts/automation/Radius/Functions/Private/CertGeneration/Invoke-UserCertProcess.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertGeneration/Invoke-UserCertProcess.ps1
@@ -28,7 +28,7 @@ Function Invoke-UserCertProcess {
 
                     $MatchedUser = $GLOBAL:JCRUsers[$radiusMember.userID]
                 } catch {
-                    exit
+                    Write-Warning "could not identify user by userobject: $radiusMember"
                 }
             }
             'userObject' {
diff --git a/scripts/automation/Radius/Functions/Private/HashFunctions/Test-UserFromHash.ps1 b/scripts/automation/Radius/Functions/Private/HashFunctions/Test-UserFromHash.ps1
index c8e28d5a3..3241f003e 100644
--- a/scripts/automation/Radius/Functions/Private/HashFunctions/Test-UserFromHash.ps1
+++ b/scripts/automation/Radius/Functions/Private/HashFunctions/Test-UserFromHash.ps1
@@ -31,6 +31,9 @@ function Test-UserFromHash {
             'username' {
                 # Get the index of the user within the hashtable
                 $matchedIndex = $Global:JCRUsers.values.username.ToLower().IndexOf($username.ToLower())
+                if ($matchedIndex -lt 0) {
+                    throw "could not find user in cached data: $username"
+                }
                 # Get the UserID from the keys
                 $matchedUserID = $Global:JCRUsers.keys | Select-Object -Index $matchedIndex
                 # validate that the userID is in the radiusMembership hash:
diff --git a/scripts/automation/Radius/Functions/Private/commands/invoke-commandByUserId.ps1 b/scripts/automation/Radius/Functions/Private/commands/invoke-commandByUserId.ps1
index ba892ef00..8565a8e72 100644
--- a/scripts/automation/Radius/Functions/Private/commands/invoke-commandByUserId.ps1
+++ b/scripts/automation/Radius/Functions/Private/commands/invoke-commandByUserId.ps1
@@ -17,7 +17,7 @@ function invoke-commandByUserid {
         # get Windows Command
         $windows_commandId = ($userObject.commandAssociations | Where-Object { $_.commandName -match "Windows" }).commandId
         # get list of macOS systems
-        $macOS_systemIds = $userObject.systemAssociations | Where-Object { $_.osFamily -eq "macOS" }
+        $macOS_systemIds = $userObject.systemAssociations | Where-Object { $_.osFamily -eq "Mac OS X" }
         # get list of Windows systems
         $windows_systemIds = $userObject.systemAssociations | Where-Object { $_.osFamily -eq "Windows" }
     }
diff --git a/scripts/automation/Radius/Functions/Private/settings/Update-JCRUsersJson.ps1 b/scripts/automation/Radius/Functions/Private/settings/Update-JCRUsersJson.ps1
index 9123a6b74..129ab4e8b 100644
--- a/scripts/automation/Radius/Functions/Private/settings/Update-JCRUsersJson.ps1
+++ b/scripts/automation/Radius/Functions/Private/settings/Update-JCRUsersJson.ps1
@@ -6,13 +6,11 @@ function Update-JCRUsersJson {
         $force
     )
     begin {
-
     }
     process {
         # validate that the system association data is correct in users.json:
         # $userArray = Get-UserJsonData
         foreach ($user in $Global:JCRRadiusMembers) {
-
             $MatchedUser = $GLOBAL:JCRUsers[$user.userID]
             $userArrayObject, $userIndex = Get-UserFromTable -userID $user.userID -jsonFilePath "$JCScriptRoot/users.json"
 
@@ -43,16 +41,15 @@ function Update-JCRUsersJson {
         $userArray = Get-UserJsonData
         foreach ($user in $userArray) {
             # If userID from users.json is no longer in RadiusMembers.keys, then:
-            If ( -Not ($user.userid -in $Global:JCRRadiusMembers.userid) ) {
+            If (($user.userId -notin $Global:JCRRadiusMembers.userID) ) {
                 # Get User From Table
                 $userObject, $userIndex = Get-UserFromTable -jsonFilePath "$JCScriptRoot/users.json" -userID $user.userId
+                # Remove the User From Table
                 $userArray = $userArray | Where-Object { $_.userID -ne $user.userId }
-                # "removing $($user.userid)"
             }
-            # Remove the User From Table
         }
     }
     end {
-        $userArray | ConvertTo-Json -Depth 6 | Set-Content -Path "$JCScriptRoot/users.json"
+        Set-UserJsonData -userArray $userArray
     }
 }
\ No newline at end of file
diff --git a/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1 b/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
index 23bdaa731..b4026882b 100644
--- a/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
+++ b/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
@@ -167,14 +167,15 @@ function Get-JCRGlobalVars {
                 $Global:JCRRadiusMembers = $radiusMemberList
                 # update the settings date
                 Set-JCRSettingsFile -globalVarslastUpdate (Get-Date)
+                Update-JCRUsersJson
             }
             $false {
-                # write-host "pulling saved data from data file:"
                 # set global vars from local cache
                 $Global:JCRUsers = Get-Content -path "$JCScriptRoot/data/userHash.json" | ConvertFrom-Json -AsHashtable
                 $Global:JCRSystems = Get-Content -path "$JCScriptRoot/data/systemHash.json" | ConvertFrom-Json -AsHashtable
                 $Global:JCRAssociations = Get-Content -path "$JCScriptRoot/data/associationHash.json" | ConvertFrom-Json -AsHashtable
                 $Global:JCRRadiusMembers = Get-Content -path "$JCScriptRoot/data/radiusMembers.json" | ConvertFrom-Json -AsHashtable
+                Update-JCRUsersJson
             }
         }
     }
diff --git a/scripts/automation/Radius/JumpCloud-Radius.psm1 b/scripts/automation/Radius/JumpCloud-Radius.psm1
index d85a128fe..1266ae69e 100644
--- a/scripts/automation/Radius/JumpCloud-Radius.psm1
+++ b/scripts/automation/Radius/JumpCloud-Radius.psm1
@@ -31,5 +31,3 @@ $global:JCRConfig = Get-JCRSettingsFile
 
 # Get global variables or update if necessary
 Get-JCRGlobalVars
-# Update Users Json if there's a change
-Update-JCRUsersJson
diff --git a/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
index ad6c1ba55..a4421a62e 100644
--- a/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
@@ -1,20 +1,106 @@
 Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
     Context 'Distribute all certificates for all users forcibly' {
+        BeforeAll {
+            # get required functions
+            . "$JCScriptRoot/Functions/Private/UserJson/Get-UserJsonData.ps1"
+            . "$JCScriptRoot/Functions/Private/CertDeployment/Get-CertInfo.ps1"
+            . "$JCScriptRoot/Functions/Private/UserTable/Get-UserFromTable.ps1"
+
+            # clear certs:
+            $certs = Get-ChildItem -Path "$JCScriptRoot/UserCerts"
+            foreach ($cert in $certs) {
+                Remove-Item -Path $cert.FullName
+            }
+            #remove existing users
+            $usersToRemove = Get-JCuser -email "*pesterRadius*" | Remove-JCUser -force
+            Get-JCRGlobalVars -force -skipAssociation
+        }
+        it 'users with system associations will have deployed certs' {
+
+            # generate all new certs
+            Start-GenerateUserCerts -type All -forceReplaceCerts
+            $userArray = Get-UserJsonData
+            foreach ($user in $userArray) {
+                # cert should not be deployed
+                $user.certinfo.deployed | Should -Be $false
+            }
+            start-deployUserCerts -type All -forceInvokeCommands
+            Start-Sleep 1
+            $userArray = Get-UserJsonData
+            foreach ($user in $userArray) {
+                # cert should be deployed
+                if ($user.systemAssociations) {
+                    $user.certinfo.deployed | Should -Be $true
+                }
+                $user.commandAssociations | ForEach-Object {
+                    $command = Get-JcSdkCommand -Id $_.commandId -Fields name
+                    $command | should -Not -BeNullOrEmpty
+                }
+            }
+        }
+        it 'users without system associations should not have a deployed cert, even if the force option is specified' {
+            $user = New-RandomUser -Domain "pesterRadius" | New-JCUser
+            $dateBefore = (Get-Date).ToString('MM/dd/yyyy HH:mm:ss')
+
+            Add-JCUserGroupMember -GroupID $Global:JCUSERGROUP -UserID $user.id
+
+            # update membership
+            Get-JCRGlobalVars -skipAssociation -force
+            Start-GenerateUserCerts -type ByUsername -username $user.username -forceReplaceCerts
+
+            start-deployUserCerts -type ByUsername -username $user.username -forceInvokeCommands
+            $obj, $index = Get-UserFromTable -userid $user.id
+            $obj.certInfo.generated | Should -BeGreaterThan $dateBefore
+            $obj.certInfo.deployed | Should -Be $false
+            $obj.commandAssociations | should -be $null
+            $obj.systemAssociations | should -be $null
+            # user should not have a command nor should their certinfo show that the cert was deployed
+        }
 
     }
     Context 'Distribute all certificates for all users without invoking' {
+        It 'users with system associations will have new commands generated; command will not be invoked' {
+
+        }
+        It 'users with out system associations will not have new commands generated' {
+
+        }
 
     }
     Context 'Distribute new certificates for new users forcibly' {
+        it 'a new user with a system association will get a new command and it will be invoked' {
+
+        }
+        it 'a new user without a system association will not get a new command and it will not be invoked' {
+
+        }
 
     }
     Context 'Distribute new certificates for new users without invoking' {
+        it 'a new user with a system association will get a new command and it will not be invoked' {
+
+        }
+        it 'a new user without a system association will not get a new command and it will not be invoked' {
+
+        }
 
     }
     Context 'Distribute new certificates for a single user forcibly' {
+        it 'a user with system associations receeives a new command is created and deployed' {
+
+        }
+        it 'a user without system associations receeives a new command is not created and not deployed' {
+
+        }
 
     }
     Context 'Distribute new certificates for a single user without invoking' {
+        it 'a user with system associations receeives a new command is created and is not deployed' {
+
+        }
+        it 'a user without system associations receeives a new command is not created and not deployed' {
+
+        }
 
     }
 }
\ No newline at end of file
diff --git a/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1
index fd1bbb7a3..d3163d74d 100644
--- a/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1
@@ -1,7 +1,6 @@
 Describe 'Generate User Cert Tests' -Tag "Generate" {
     Context 'Certs forcibly re-generated for all users' {
         It 'Certs re-generated have actually been re-written for all users' {
-            . "/Users/jworkman/Documents/GitHub/support/scripts/automation/Radius/Functions/Public/Distribute-UserCerts.ps1"
             $timeBefore = (Get-Date).ToString('MM/dd/yyyy HH:mm:ss')
             $certsBefore = Get-CertInfo -UserCerts
             # wait one second.

From eae8dc1878e4fdecc0b9ab8b5b79849bdbd3bcbc Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 10 Jan 2024 15:40:43 -0700
Subject: [PATCH 020/346] remove verbose messaging in Get-JCRGlobalVars

---
 .../Radius/Functions/Public/Get-JCRGlobalVars.ps1    | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1 b/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
index b4026882b..39ad35b1c 100644
--- a/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
+++ b/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
@@ -10,9 +10,7 @@ function Get-JCRGlobalVars {
     )
     begin {
         # ensure the data directory exists to cache the json files:
-        if (Test-Path "$JCScriptRoot/data") {
-            Write-Host "[status] Data Directory Exists"
-        } else {
+        if (-not (Test-Path "$JCScriptRoot/data")) {
             Write-Host "[status] Creating Data Directory"
             New-Item -ItemType Directory -Path "$JCScriptRoot/data"
         }
@@ -58,7 +56,7 @@ function Get-JCRGlobalVars {
                 $fileContents = Get-Content "$JCScriptRoot/data/$file"
                 switch ($skipAssociation) {
                     $true {
-                        Write-Host "[status] $JCScriptRoot/data/$file will be skipped"
+                        # Write-Host "[status] $JCScriptRoot/data/$file will be skipped"
                         $updateAssociation = $false
                     }
                 }
@@ -75,7 +73,7 @@ function Get-JCRGlobalVars {
             } else {
                 switch ($skipAssociation) {
                     $true {
-                        Write-Host "[status] $JCScriptRoot/data/$file will be skipped"
+                        # Write-Host "[status] $JCScriptRoot/data/$file will be skipped"
                         $updateAssociation = $false
                     }
                 }
@@ -144,7 +142,6 @@ function Get-JCRGlobalVars {
                     $userAssociationList = Get-Content -Raw -Path "$JCScriptRoot/data/associationHash.json" | ConvertFrom-Json -Depth 6 -AsHashtable
 
                 }
-
                 # finally write out the data to file:
                 $users | ConvertTo-Json -Depth 100 -Compress |  Out-File "$JCScriptRoot/data/userHash.json"
                 $systems | ConvertTo-Json -Depth 10 |  Out-File "$JCScriptRoot/data/systemHash.json"
@@ -159,7 +156,6 @@ function Get-JCRGlobalVars {
     end {
         switch ($update) {
             $true {
-
                 # set global vars
                 $Global:JCRUsers = $users
                 $Global:JCRSystems = $systems
@@ -167,6 +163,7 @@ function Get-JCRGlobalVars {
                 $Global:JCRRadiusMembers = $radiusMemberList
                 # update the settings date
                 Set-JCRSettingsFile -globalVarslastUpdate (Get-Date)
+                # update users.json
                 Update-JCRUsersJson
             }
             $false {
@@ -175,6 +172,7 @@ function Get-JCRGlobalVars {
                 $Global:JCRSystems = Get-Content -path "$JCScriptRoot/data/systemHash.json" | ConvertFrom-Json -AsHashtable
                 $Global:JCRAssociations = Get-Content -path "$JCScriptRoot/data/associationHash.json" | ConvertFrom-Json -AsHashtable
                 $Global:JCRRadiusMembers = Get-Content -path "$JCScriptRoot/data/radiusMembers.json" | ConvertFrom-Json -AsHashtable
+                # update users.json
                 Update-JCRUsersJson
             }
         }

From 9e54d062c97b13d2974793dc8b348cee03df69b4 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 10 Jan 2024 16:26:52 -0700
Subject: [PATCH 021/346] test that new user /system associations can be
 written and distributed

---
 .../settings/Set-JCRAssociationHash.ps1       | 45 +++++++++++
 .../Private/settings/Update-JCRUsersJson.ps1  |  7 +-
 .../Public/Start-DeployUserCerts.Tests.ps1    | 80 +++++++++++++++++--
 3 files changed, 124 insertions(+), 8 deletions(-)
 create mode 100644 scripts/automation/Radius/Functions/Private/settings/Set-JCRAssociationHash.ps1

diff --git a/scripts/automation/Radius/Functions/Private/settings/Set-JCRAssociationHash.ps1 b/scripts/automation/Radius/Functions/Private/settings/Set-JCRAssociationHash.ps1
new file mode 100644
index 000000000..728df5017
--- /dev/null
+++ b/scripts/automation/Radius/Functions/Private/settings/Set-JCRAssociationHash.ps1
@@ -0,0 +1,45 @@
+function Set-JCRAssociationHash {
+    [CmdletBinding()]
+    param (
+        [Parameter()]
+        [system.string]
+        $userId
+    )
+    begin {
+        # get the data
+        $associationFile = "$JCScriptRoot/data/associationHash.json"
+        $associationContent = Get-Content -Path $associationFile | ConvertFrom-Json -depth 6 -AsHashtable
+    }
+    process {
+        $systemMembership = Get-JcSdkUserTraverseSystem -UserId $userId
+        $systemList = New-Object System.Collections.ArrayList
+        foreach ($systemMember in $systemMembership) {
+            $systemDetails = Get-JCsdksystem -id $systemMember.id -fields 'osFamily hostname'
+            $systemList.Add(
+                [PSCustomObject]@{
+                    systemId = $systemDetails.id
+                    osFamily = $systemDetails.osFamily
+                    hostname = $systemDetails.hostname
+                }
+            ) | Out-Null
+        }
+        $matchedUser = $JCRUsers[$userid]
+        # if the userID is not there add it
+        if ($userID -notin $associationContent.keys) {
+            # add the content)
+            $associationContent.add(
+                $userId, @{
+                    'systemAssociations' = $systemList
+                    'userData'           = @($matchedUser | Select-Object -Property email, username)
+                }) | Out-Null
+        } else {
+            $associationContent[$userid].systemAssociations = $systemList
+        }
+    }
+    end {
+        # write out the file
+        $associationContent | ConvertTo-Json -Depth 6 | Set-Content -Path "$associationFile"
+        $Global:JCRAssociations = Get-Content -path "$associationFile" | ConvertFrom-Json -AsHashtable
+
+    }
+}
\ No newline at end of file
diff --git a/scripts/automation/Radius/Functions/Private/settings/Update-JCRUsersJson.ps1 b/scripts/automation/Radius/Functions/Private/settings/Update-JCRUsersJson.ps1
index 129ab4e8b..b693b09d1 100644
--- a/scripts/automation/Radius/Functions/Private/settings/Update-JCRUsersJson.ps1
+++ b/scripts/automation/Radius/Functions/Private/settings/Update-JCRUsersJson.ps1
@@ -21,9 +21,12 @@ function Update-JCRUsersJson {
 
                 # determine if there's some difference that needs to be recorded:
                 try {
-                    $difference = Compare-Object -ReferenceObject $currentSystemObject.systemId -DifferenceObject $incomingSystemObject.systemId
+                    if ($currentSystemObject -eq $null) {
+                        $difference = $incomingSystemObject
+                    } else {
+                        $difference = Compare-Object -ReferenceObject $currentSystemObject.systemId -DifferenceObject $incomingSystemObject.systemId
+                    }
                     if ($difference) {
-
                         Set-UserTable -index $userIndex -username $MatchedUser.username -localUsername $MatchedUser.systemUsername -systemAssociationsObject ($incomingSystemObject | ConvertFrom-HashTable)
                     }
                 } catch {
diff --git a/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
index a4421a62e..a2512104f 100644
--- a/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
@@ -1,11 +1,17 @@
 Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
+    BeforeAll {
+        # Load all functions from private folders
+        $Private = @( Get-ChildItem -Path "$JCScriptRoot/Functions/Private/*.ps1" -Recurse)
+        Foreach ($Import in $Private) {
+            Try {
+                . $Import.FullName
+            } Catch {
+                Write-Error -Message "Failed to import function $($Import.FullName): $_"
+            }
+        }
+    }
     Context 'Distribute all certificates for all users forcibly' {
         BeforeAll {
-            # get required functions
-            . "$JCScriptRoot/Functions/Private/UserJson/Get-UserJsonData.ps1"
-            . "$JCScriptRoot/Functions/Private/CertDeployment/Get-CertInfo.ps1"
-            . "$JCScriptRoot/Functions/Private/UserTable/Get-UserFromTable.ps1"
-
             # clear certs:
             $certs = Get-ChildItem -Path "$JCScriptRoot/UserCerts"
             foreach ($cert in $certs) {
@@ -59,8 +65,37 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
 
     }
     Context 'Distribute all certificates for all users without invoking' {
+        BeforeAll {
+            # clear certs:
+            $certs = Get-ChildItem -Path "$JCScriptRoot/UserCerts"
+            foreach ($cert in $certs) {
+                Remove-Item -Path $cert.FullName
+            }
+            #remove existing users
+            $usersToRemove = Get-JCuser -email "*pesterRadius*" | Remove-JCUser -force
+            Get-JCRGlobalVars -force -skipAssociation
+        }
         It 'users with system associations will have new commands generated; command will not be invoked' {
-
+            # generate all new certs
+            Start-GenerateUserCerts -type All -forceReplaceCerts
+            $userArray = Get-UserJsonData
+            foreach ($user in $userArray) {
+                # cert should not be deployed
+                $user.certinfo.deployed | Should -Be $false
+            }
+            start-deployUserCerts -type All -forceInvokeCommands
+            Start-Sleep 1
+            $userArray = Get-UserJsonData
+            foreach ($user in $userArray) {
+                # cert should be deployed
+                if ($user.systemAssociations) {
+                    $user.certinfo.deployed | Should -Be $false
+                }
+                $user.commandAssociations | ForEach-Object {
+                    $command = Get-JcSdkCommand -Id $_.commandId -Fields name
+                    $command | should -Not -BeNullOrEmpty
+                }
+            }
         }
         It 'users with out system associations will not have new commands generated' {
 
@@ -68,7 +103,40 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
 
     }
     Context 'Distribute new certificates for new users forcibly' {
+        BeforeAll {
+            # clear certs:
+            $certs = Get-ChildItem -Path "$JCScriptRoot/UserCerts"
+            foreach ($cert in $certs) {
+                Remove-Item -Path $cert.FullName
+            }
+            #remove existing users
+            $usersToRemove = Get-JCuser -email "*pesterRadius*" | Remove-JCUser -force
+            Get-JCRGlobalVars -force -skipAssociation
+        }
         it 'a new user with a system association will get a new command and it will be invoked' {
+            $user = New-RandomUser -Domain "pesterRadius" | New-JCUser
+            $dateBefore = (Get-Date).ToString('MM/dd/yyyy HH:mm:ss')
+            # add user to membership group
+            Add-JCUserGroupMember -GroupID $Global:JCUSERGROUP -UserID $user.id
+            # get random system
+            $system = Get-JCSystem -os windows | Get-Random -Count 1
+            Add-JCSystemUser -UserID $user.id -SystemID $system.id
+
+            # update membership
+            Get-JCRGlobalVars -skipAssociation -force
+            # todo: manually update association table to account for new membership
+            Set-JCRAssociationHash -userId $user.id
+            Update-JCRUsersJson
+            # now generate the user certs
+            Start-GenerateUserCerts -type ByUsername -username $user.username -forceReplaceCerts
+            start-deployUserCerts -type ByUsername -username $user.username -forceInvokeCommands
+
+            $obj, $index = Get-UserFromTable -userid $user.id
+            $obj.certInfo.generated | Should -BeGreaterThan $dateBefore
+            $obj.certInfo.deployed | Should -Be $true
+            $obj.commandAssociations | should -Not -BeNullOrEmpty
+            $obj.systemAssociations | should -Not -BeNullOrEmpty
+
 
         }
         it 'a new user without a system association will not get a new command and it will not be invoked' {

From 0fe11a64dfdcc0f7a7837700beda3cd60445347b Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Fri, 12 Jan 2024 16:03:59 -0700
Subject: [PATCH 022/346] passing tests

---
 .../CertDeployment/Deploy-UserCertificate.ps1 |  8 +--
 .../Private/SystemTable/New-SystemTable.ps1   |  6 +-
 .../commands/invoke-commandByUserId.ps1       |  4 +-
 .../settings/Set-JCRAssociationHash.ps1       |  6 +-
 .../Private/settings/Update-JCRUsersJson.ps1  | 28 ++++++--
 .../Functions/Public/Get-JCRGlobalVars.ps1    |  2 +
 .../automation/Radius/Tests/Invoke-Pester.ps1 |  3 +
 .../Tests/Public/Get-JCRGlobalVars.Tests.ps1  | 33 +++++-----
 .../Public/Start-DeployUserCerts.Tests.ps1    | 38 ++++++++---
 .../Public/Start-GenerateRootCert.Tests.ps1   |  4 +-
 .../Public/Start-GenerateUserCerts.Tests.ps1  | 18 ++++-
 .../Radius/Tests/Setup-JCRadiusOrg.ps1        |  0
 .../Radius/Tests/SetupRadiusOrg.ps1           | 66 +++++++++++++++++++
 13 files changed, 171 insertions(+), 45 deletions(-)
 delete mode 100644 scripts/automation/Radius/Tests/Setup-JCRadiusOrg.ps1
 create mode 100644 scripts/automation/Radius/Tests/SetupRadiusOrg.ps1

diff --git a/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1 b/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
index 530d076f8..a89cd0e4b 100644
--- a/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
@@ -97,7 +97,7 @@ function Deploy-UserCertificate {
             Compress-Archive -Path $userPfx -DestinationPath $userPfxZip -CompressionLevel NoCompression -Force
             # Find OS of System
             switch ($user.systemAssociations.osFamily) {
-                'Mac OS X' {
+                'macOS' {
                     # Get the macOS system ids
                     $systemIds = $user.systemAssociations | Where-Object { $_.osFamily -eq 'macOS' } | Select-Object systemId
 
@@ -274,9 +274,9 @@ fi
                     $status_commandGenerated = $true
 
                 }
-                'Windows' {
+                'windows' {
                     # Get the Windows system ids
-                    $systemIds = $user.systemAssociations | Where-Object { $_.osFamily -eq 'Windows' } | Select-Object systemId
+                    $systemIds = $user.systemAssociations | Where-Object { $_.osFamily -eq 'windows' } | Select-Object systemId
 
                     # Check to see if previous commands exist
                     $Command = Get-JCCommand -name "RadiusCert-Install:$($user.userName):Windows"
@@ -415,7 +415,7 @@ if (`$CurrentUser -eq "$($user.localUsername)") {
                     }
 
                     $user.commandAssociations += $CommandTable
-                    Write-Host "[status] Successfully created $($Command.name): User - $($user.userName); OS - Windows"
+                    # Write-Host "[status] Successfully created $($Command.name): User - $($user.userName); OS - Windows"
                     $status_commandGenerated = $true
 
                 }
diff --git a/scripts/automation/Radius/Functions/Private/SystemTable/New-SystemTable.ps1 b/scripts/automation/Radius/Functions/Private/SystemTable/New-SystemTable.ps1
index f23a24181..3c1695032 100644
--- a/scripts/automation/Radius/Functions/Private/SystemTable/New-SystemTable.ps1
+++ b/scripts/automation/Radius/Functions/Private/SystemTable/New-SystemTable.ps1
@@ -18,7 +18,11 @@ function New-SystemTable {
             $systemTable = @{
                 systemId    = $system.systemId
                 displayName = $system.hostname
-                osFamily    = $system.osFamily
+                osFamily    = if ($system.osFamily -eq "darwin") {
+                    "macOS"
+                } elseif ($system.osFamily -eq "windows") {
+                    "windows"
+                }
             }
             $systemAssociations += $systemTable
         }
diff --git a/scripts/automation/Radius/Functions/Private/commands/invoke-commandByUserId.ps1 b/scripts/automation/Radius/Functions/Private/commands/invoke-commandByUserId.ps1
index 8565a8e72..6ccc79d01 100644
--- a/scripts/automation/Radius/Functions/Private/commands/invoke-commandByUserId.ps1
+++ b/scripts/automation/Radius/Functions/Private/commands/invoke-commandByUserId.ps1
@@ -17,9 +17,9 @@ function invoke-commandByUserid {
         # get Windows Command
         $windows_commandId = ($userObject.commandAssociations | Where-Object { $_.commandName -match "Windows" }).commandId
         # get list of macOS systems
-        $macOS_systemIds = $userObject.systemAssociations | Where-Object { $_.osFamily -eq "Mac OS X" }
+        $macOS_systemIds = $userObject.systemAssociations | Where-Object { $_.osFamily -eq "macOS" }
         # get list of Windows systems
-        $windows_systemIds = $userObject.systemAssociations | Where-Object { $_.osFamily -eq "Windows" }
+        $windows_systemIds = $userObject.systemAssociations | Where-Object { $_.osFamily -eq "windows" }
     }
 
     process {
diff --git a/scripts/automation/Radius/Functions/Private/settings/Set-JCRAssociationHash.ps1 b/scripts/automation/Radius/Functions/Private/settings/Set-JCRAssociationHash.ps1
index 728df5017..e91d4dc2e 100644
--- a/scripts/automation/Radius/Functions/Private/settings/Set-JCRAssociationHash.ps1
+++ b/scripts/automation/Radius/Functions/Private/settings/Set-JCRAssociationHash.ps1
@@ -18,7 +18,11 @@ function Set-JCRAssociationHash {
             $systemList.Add(
                 [PSCustomObject]@{
                     systemId = $systemDetails.id
-                    osFamily = $systemDetails.osFamily
+                    osFamily = if ($systemDetails.osFamily -eq "darwin") {
+                        "macOS"
+                    } elseif ($systemDetails.osFamily -eq "windows") {
+                        "windows"
+                    }
                     hostname = $systemDetails.hostname
                 }
             ) | Out-Null
diff --git a/scripts/automation/Radius/Functions/Private/settings/Update-JCRUsersJson.ps1 b/scripts/automation/Radius/Functions/Private/settings/Update-JCRUsersJson.ps1
index b693b09d1..424ff6e90 100644
--- a/scripts/automation/Radius/Functions/Private/settings/Update-JCRUsersJson.ps1
+++ b/scripts/automation/Radius/Functions/Private/settings/Update-JCRUsersJson.ps1
@@ -16,18 +16,32 @@ function Update-JCRUsersJson {
 
             if ($userIndex -ge 0) {
                 # $userArrayObject
-                $currentSystemObject = $userArrayObject.systemAssociations
-                $incomingSystemObject = $Global:JCRAssociations[$user.userID].systemAssociations
+                # write-host "$($userArrayObject.username) | $($userArrayObject.userId)"
+                $currentSystemObject = $userArrayObject.systemAssociations | Select-Object systemId, hostname, osFamily
+                $incomingSystemObject = $Global:JCRAssociations[$userArrayObject.userId].systemAssociations
+                $incomingList = New-Object System.Collections.ArrayList
+                foreach ($system in $Global:JCRAssociations[$userArrayObject.userId].systemAssociations) {
+                    $incomingList.Add(
+                        [pscustomobject]@{
+                            systemId = $system.systemId
+                            hostname = $system.hostname
+                            osFamily = $system.osFamily
+                        }) | Out-Null
+                }
 
                 # determine if there's some difference that needs to be recorded:
                 try {
                     if ($currentSystemObject -eq $null) {
-                        $difference = $incomingSystemObject
+                        $difference = $incomingList
+                        Set-UserTable -index $userIndex -username $MatchedUser.username -localUsername $MatchedUser.systemUsername -systemAssociationsObject ($incomingList)
                     } else {
-                        $difference = Compare-Object -ReferenceObject $currentSystemObject.systemId -DifferenceObject $incomingSystemObject.systemId
-                    }
-                    if ($difference) {
-                        Set-UserTable -index $userIndex -username $MatchedUser.username -localUsername $MatchedUser.systemUsername -systemAssociationsObject ($incomingSystemObject | ConvertFrom-HashTable)
+                        # write-host "test for differences"
+                        if ($currentSystemObject -eq $incomingList) {
+                            # write-host "nothing to do"
+                        } else {
+                            # write-host "writing user to do"
+                            Set-UserTable -index $userIndex -username $MatchedUser.username -localUsername $MatchedUser.systemUsername -systemAssociationsObject ($incomingList)
+                        }
                     }
                 } catch {
                     <#Do this if a terminating exception happens#>
diff --git a/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1 b/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
index 39ad35b1c..468162095 100644
--- a/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
+++ b/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
@@ -19,8 +19,10 @@ function Get-JCRGlobalVars {
         $lastUpdateTimespan = New-TimeSpan -Start $global:JCRConfig.globalvars.lastupdate -end (Get-Date)
         if ($lastUpdateTimespan.TotalHours -gt 24) {
             $update = $true
+            $updateAssociation = $true
         } else {
             $update = $false
+            $updateAssociation = $false
         }
         if ($force) {
             $update = $true
diff --git a/scripts/automation/Radius/Tests/Invoke-Pester.ps1 b/scripts/automation/Radius/Tests/Invoke-Pester.ps1
index 41b6036f5..9bf0bc4c3 100644
--- a/scripts/automation/Radius/Tests/Invoke-Pester.ps1
+++ b/scripts/automation/Radius/Tests/Invoke-Pester.ps1
@@ -104,6 +104,9 @@ $configuration.Filter.ExcludeTag = $ExcludeTagList
 $configuration.CodeCoverage.OutputPath = ($PesterResultsFileXmldir + 'coverage.xml')
 $configuration.testresult.OutputPath = ($PesterResultsFileXmldir + 'results.xml')
 
+Write-Host "Begin Org Setup Before Tests:"
+. "$PSScriptRoot/SetupRadiusOrg.ps1"
+
 Write-Host ("[RUN COMMAND] Invoke-Pester -Path:('$PesterRunPaths') -TagFilter:('$($IncludeTags -join "','")') -ExcludeTagFilter:('$($ExcludeTagList -join "','")') -PassThru") -BackgroundColor:('Black') -ForegroundColor:('Magenta')
 # Run Pester tests
 Invoke-Pester -Configuration $configuration
diff --git a/scripts/automation/Radius/Tests/Public/Get-JCRGlobalVars.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Get-JCRGlobalVars.Tests.ps1
index f4e7ebfb1..6d4768edc 100644
--- a/scripts/automation/Radius/Tests/Public/Get-JCRGlobalVars.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Get-JCRGlobalVars.Tests.ps1
@@ -1,4 +1,4 @@
-Describe "Get Global Variable Data Tests" {
+Describe "Get Global Variable Data Tests" -Tag "Cache" {
     BeforeAll {
         $dataPath = "$JCScriptRoot/data/"
         $requiredFiles = @(
@@ -7,7 +7,15 @@ Describe "Get Global Variable Data Tests" {
             'systemHash.json',
             'userHash.json'
         )
-
+        # explicitly import the settings file functions for these tests:
+        $Private = @( Get-ChildItem -Path "$JCScriptRoot/Functions/Private/settings/*.ps1" -Recurse)
+        Foreach ($Import in $Private) {
+            Try {
+                . $Import.FullName
+            } Catch {
+                Write-Error -Message "Failed to import function $($Import.FullName): $_"
+            }
+        }
     }
     Context "When no 'data' directory exists" {
         BeforeAll {
@@ -31,17 +39,10 @@ Describe "Get Global Variable Data Tests" {
         BeforeAll {
             # if the data directory does not exist, generate the global vars + directory
             if (-not (Test-Path -Path ($dataPath))) {
+                Write-Host "Generating data:"
                 Get-JCRGlobalVars
             }
-            # explicitly import the settings file functions for these tests:
-            $Private = @( Get-ChildItem -Path "$JCScriptRoot/Functions/Private/settings/*.ps1" -Recurse)
-            Foreach ($Import in $Private) {
-                Try {
-                    . $Import.FullName
-                } Catch {
-                    Write-Error -Message "Failed to import function $($Import.FullName): $_"
-                }
-            }
+
         }
         It "Data should not be refreshed when running Get-JCRGlobalVars if it's been less than 24 hours since last update" {
             # Get the settings data
@@ -87,10 +88,10 @@ Describe "Get Global Variable Data Tests" {
             } else {
                 # set the settings file to a mocked value of now
                 Set-JCRSettingsFile -globalVarslastUpdate (Get-Date).AddHours(-25)
-                Start-Sleep 1
+                Start-Sleep 2
                 $settingsData = Get-JCRSettingsFile
-                $timespan = New-TimeSpan -Start (Get-Date).AddHours(-24) -End $settingsData.globalVars.lastupdate
-                # Write-Host "Time between 24 hrs and settings file: $($timespan.TotalHours)"
+                $timespan = New-TimeSpan -Start  $settingsData.globalVars.lastupdate -End (Get-Date).AddHours(-24)
+                Write-Host "Time between 24 hrs and settings file: $($timespan.TotalHours)"
             }
             # run Get-JCRGlobalVars
             Get-JCRGlobalVars
@@ -99,10 +100,10 @@ Describe "Get Global Variable Data Tests" {
             $filesAfter = Get-ChildItem -Path $dataPath
             # test each file write date
             foreach ($file in $requiredFiles) {
-                # write-host "validating write times for $file"
+                write-host "validating write times for $file"
                 $beforeWriteTime = (($filesBefore | Where-Object { $_.Name -eq $file })).LastWriteTime.Ticks
                 $afterWriteTime = (($filesAfter | Where-Object { $_.Name -eq $file })).LastWriteTime.Ticks
-                # Write-Host "before: $beforeWriteTime should not be after: $afterWriteTime"
+                Write-Host "before: $beforeWriteTime should not be after: $afterWriteTime"
                 # The file write time before running Get-JCRGlobalVars should not be the same after running the function
                 $beforeWriteTime | should -Not -Be $afterWriteTime
             }
diff --git a/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
index a2512104f..5b9c6c724 100644
--- a/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
@@ -9,6 +9,13 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
                 Write-Error -Message "Failed to import function $($Import.FullName): $_"
             }
         }
+        # import helper functions:
+        . "$PSScriptRoot/../../../../../PowerShell/JumpCloud Module/Tests/HelperFunctions.ps1"
+        # Manually update user associations for radius members, cache won't pick them up before:
+        foreach ($user in $global:JCRRadiusMembers) {
+            Set-JCRAssociationHash -UserID $user.userID
+        }
+
     }
     Context 'Distribute all certificates for all users forcibly' {
         BeforeAll {
@@ -83,7 +90,7 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
                 # cert should not be deployed
                 $user.certinfo.deployed | Should -Be $false
             }
-            start-deployUserCerts -type All -forceInvokeCommands
+            start-deployUserCerts -type All
             Start-Sleep 1
             $userArray = Get-UserJsonData
             foreach ($user in $userArray) {
@@ -136,19 +143,32 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
             $obj.certInfo.deployed | Should -Be $true
             $obj.commandAssociations | should -Not -BeNullOrEmpty
             $obj.systemAssociations | should -Not -BeNullOrEmpty
-
-
-        }
-        it 'a new user without a system association will not get a new command and it will not be invoked' {
-
         }
-
     }
     Context 'Distribute new certificates for new users without invoking' {
         it 'a new user with a system association will get a new command and it will not be invoked' {
+            $user = New-RandomUser -Domain "pesterRadius" | New-JCUser
+            $dateBefore = (Get-Date).ToString('MM/dd/yyyy HH:mm:ss')
+            # add user to membership group
+            Add-JCUserGroupMember -GroupID $Global:JCUSERGROUP -UserID $user.id
+            # get random system
+            $system = Get-JCSystem -os windows | Get-Random -Count 1
+            Add-JCSystemUser -UserID $user.id -SystemID $system.id
 
-        }
-        it 'a new user without a system association will not get a new command and it will not be invoked' {
+            # update membership
+            Get-JCRGlobalVars -skipAssociation -force
+            # todo: manually update association table to account for new membership
+            Set-JCRAssociationHash -userId $user.id
+            Update-JCRUsersJson
+            # now generate the user certs
+            Start-GenerateUserCerts -type ByUsername -username $user.username -forceReplaceCerts
+            start-deployUserCerts -type ByUsername -username $user.username
+
+            $obj, $index = Get-UserFromTable -userid $user.id
+            $obj.certInfo.generated | Should -BeGreaterThan $dateBefore
+            $obj.certInfo.deployed | Should -Be $false
+            $obj.commandAssociations | should -Not -BeNullOrEmpty
+            $obj.systemAssociations | should -Not -BeNullOrEmpty
 
         }
 
diff --git a/scripts/automation/Radius/Tests/Public/Start-GenerateRootCert.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Start-GenerateRootCert.Tests.ps1
index e758514bd..7b1612fd3 100644
--- a/scripts/automation/Radius/Tests/Public/Start-GenerateRootCert.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Start-GenerateRootCert.Tests.ps1
@@ -1,5 +1,5 @@
-Describe "Generate Root Certifcate Tests" {
-    Context "A new certificate can be generated" -skip {
+Describe "Generate Root Certifcate Tests" -Tag "GenerateRootCert" {
+    Context "A new certificate can be generated" {
         # If the /Cert/ folder is not empty, clear the directory
         $items = Get-ChildItem $JCScriptRoot/Cert
         if ($items) {
diff --git a/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1
index d3163d74d..c3960d7bc 100644
--- a/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1
@@ -1,4 +1,15 @@
-Describe 'Generate User Cert Tests' -Tag "Generate" {
+Describe 'Generate User Cert Tests' -Tag "GenerateUserCerts" {
+    BeforeAll {
+        # Load all functions from private folders
+        $Private = @( Get-ChildItem -Path "$JCScriptRoot/Functions/Private/*.ps1" -Recurse)
+        Foreach ($Import in $Private) {
+            Try {
+                . $Import.FullName
+            } Catch {
+                Write-Error -Message "Failed to import function $($Import.FullName): $_"
+            }
+        }
+    }
     Context 'Certs forcibly re-generated for all users' {
         It 'Certs re-generated have actually been re-written for all users' {
             $timeBefore = (Get-Date).ToString('MM/dd/yyyy HH:mm:ss')
@@ -21,9 +32,10 @@ Describe 'Generate User Cert Tests' -Tag "Generate" {
     }
     Context 'Certs generated for newly added users' {
         beforeall {
-            # Select a user TODO: create a pester user
-            $user = Get-JCuser -username "chet.atkins"
+            $user = New-RandomUser -Domain "pesterRadius" | New-JCUser
+            Add-JCUserGroupMember -GroupID $Global:JCUSERGROUP -UserID $user.id
             $certs = Get-ChildItem -Path "$JCScriptRoot/UserCerts" -filter "$($user.username)*"
+            # if user cert exists, for random user, remove:
             foreach ($cert in $certs) {
                 remove-item $cert.fullname
             }
diff --git a/scripts/automation/Radius/Tests/Setup-JCRadiusOrg.ps1 b/scripts/automation/Radius/Tests/Setup-JCRadiusOrg.ps1
deleted file mode 100644
index e69de29bb..000000000
diff --git a/scripts/automation/Radius/Tests/SetupRadiusOrg.ps1 b/scripts/automation/Radius/Tests/SetupRadiusOrg.ps1
new file mode 100644
index 000000000..5429018b6
--- /dev/null
+++ b/scripts/automation/Radius/Tests/SetupRadiusOrg.ps1
@@ -0,0 +1,66 @@
+# import helper functions:
+. "$PSScriptRoot/../../../../PowerShell/JumpCloud Module/Tests/HelperFunctions.ps1"
+# beforeAll, remove PesterRadiusGroup + users
+Write-Warning "Removing Pester Radius User Groups with name: PesterRadiusGroup*"
+$pesterRadiusGroups = Get-JcSdkUserGroup -filter "name:search:PesterRadiusGroup"
+foreach ($pesterRadiusGroup in $pesterRadiusGroups) {
+    Remove-JcSdkUserGroup -Id $pesterRadiusGroup.Id | Out-Null
+}
+
+Write-Warning "Removing Pester Radius Users with emailDomain: *pesterradtest.com"
+$pesterRadiusUsers = Get-JCUser -email "*pesterradtest.com"
+foreach ($user in $pesterRadiusUsers) {
+    Remove-JcSdkUser -Id $user.id | Out-Null
+}
+# remove existing users created in test:
+Write-Warning "Removing Pester Radius Users with emailDomain: *pesterRadius*"
+$usersToRemove = Get-JCuser -email "*pesterRadius*" | Remove-JCUser -force
+
+# Create users
+
+Write-Warning "Creating New Pester Radius Users"
+# user bound to mac
+$macUser = New-RandomUser -Domain "PesterRadTest" | New-JCUser
+$macOSSystem = Get-JCSystem -os "Mac OS X" | Get-Random -Count 1
+Set-JcSdkSystemAssociation -SystemId $macOSSystem.id -id $macUser.id -Type 'user' -Op "add"
+# user bound to windows
+
+$windowsUser = New-RandomUser -Domain "PesterRadTest" | New-JCUser
+$windowsSystem = Get-JCSystem -os "Windows" | Get-Random -Count 1
+Set-JcSdkSystemAssociation -SystemId $macOSSystem.id -id $windowsUser.id -Type 'user' -Op "add"
+# user bound to both macOS and windows
+$bothUser = New-RandomUser -Domain "PesterRadTest" | New-JCUser
+Set-JcSdkSystemAssociation -SystemId $macOSSystem.id -id $bothUser.id -Type 'user' -Op "add"
+Set-JcSdkSystemAssociation -SystemId $windowsSystem.id -id $bothUser.id -Type 'user' -Op "add"
+
+# create user group + Add membership
+Write-Warning "Creating New Pester Radius Group"
+$randomNum = (Get-Random -Minimum 900 -Maximum 999)
+$radiusUserGroup = New-JCUserGroup -GroupName "PesterRadiusGroup-$randomNum"
+Set-JcSdkUserGroupMember -GroupId $radiusUserGroup.Id -Id $macUser.id -Op "add"
+Set-JcSdkUserGroupMember -GroupId $radiusUserGroup.Id -Id $windowsUser.id -Op "add"
+Set-JcSdkUserGroupMember -GroupId $radiusUserGroup.Id -Id $bothUser.id -Op "add"
+
+# update config:
+Write-Warning "Updating Config File"
+
+$configPath = "$PSScriptRoot/../config.ps1"
+$configContent = Get-Content -path $configPath
+# Update the userGroupID:
+$configContent -replace ('\$Global:JCUSERGROUP = *.+', "`$Global:JCUSERGROUP = `"$($radiusUserGroup.id)`"") | Set-Content -Path $configPath
+# update the openSSL path:
+if ($IsMacOS) {
+    $brewList = brew list openssl@3
+    if (-Not ($brewList)) {
+        throw "OpenSSL v3 is not installed on this system"
+    }
+    $brewListBinary = $brewList | Where-Object { $_ -match "/bin/openssl" }
+    $regmatch = $brewListBinary | Select-String -pattern "\/([0-9].[0-9].[0-9])\/"
+    $opensslVersion = $regmatch.matches.groups[1].value
+
+    Write-Warning "OpenSSL Version: $opensslVersion is installed via homebrew on this system; updating config:"
+    $configContent = Get-Content -path $configPath
+    $configContent -replace ('\$Global:opensslBinary = *.+', "`$Global:opensslBinary = `"$($brewListBinary)`"") | Set-Content -Path $configPath
+}
+
+Import-Module "$psscriptRoot/../JumpCloud-Radius.psd1" -Force
\ No newline at end of file

From a407c8c808bbfab40ae115232d8d77108f97527d Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Fri, 12 Jan 2024 16:04:46 -0700
Subject: [PATCH 023/346] config update

---
 scripts/automation/Radius/Config.ps1 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/automation/Radius/Config.ps1 b/scripts/automation/Radius/Config.ps1
index c5b7994d7..27d63c5a5 100644
--- a/scripts/automation/Radius/Config.ps1
+++ b/scripts/automation/Radius/Config.ps1
@@ -5,7 +5,7 @@ $Global:JCUSERCERTPASS = 'secret1234!'
 # USER CERT Validity Length (days)
 $Global:JCUSERCERTVALIDITY = 90
 # List Of Radius Network SSID(s)
-# For Multiple SSIDs enter as a single string seperated by a semicolon  ex:
+# For Multiple SSIDs enter as a single string separated by a semicolon  ex:
 # "CorpNetwork_Denver;CorpNetwork_Boulder;CorpNetwork_Boulder 5G;Guest Network"
 $Global:NETWORKSSID = "YOUR_SSID"
 # OpenSSLBinary by default this is (openssl)

From 62e511e1113f2acb13e3c38692b2f3927b1ad622 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Tue, 16 Jan 2024 20:39:03 -0700
Subject: [PATCH 024/346] documentation + param descriptions

---
 .../CertDeployment/Deploy-UserCertificate.ps1 |  10 ++--
 .../Private/CertDeployment/Get-CertInfo.ps1   |   6 +--
 .../CertDeployment/Get-CertKeyPass.ps1        |   1 +
 .../CertGeneration/Generate-UserCert.ps1      |   2 +-
 .../CertGeneration/Invoke-UserCertProcess.ps1 |  10 ++--
 .../Functions/Public/Get-JCRGlobalVars.ps1    |   4 +-
 .../Public/Start-DeployUserCerts.ps1          |   6 +--
 .../Public/Start-GenerateRootCert.ps1         |   9 +---
 .../Public/Start-GenerateUserCerts.ps1        |  24 ++++++++--
 .../automation/Radius/images/deployMenu.png   | Bin 0 -> 74289 bytes
 .../automation/Radius/images/expireCert.png   | Bin 51048 -> 80177 bytes
 .../Radius/images/expireCertFromWindow.png    | Bin 0 -> 81227 bytes
 scripts/automation/Radius/images/mainMenu.png | Bin 47336 -> 75877 bytes
 .../automation/Radius/images/mainMenuNoCA.png | Bin 39367 -> 66356 bytes
 scripts/automation/Radius/readme.md           |  44 +++++++++---------
 15 files changed, 63 insertions(+), 53 deletions(-)
 create mode 100644 scripts/automation/Radius/images/deployMenu.png
 create mode 100644 scripts/automation/Radius/images/expireCertFromWindow.png

diff --git a/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1 b/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
index a89cd0e4b..cff78ccf5 100644
--- a/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
@@ -1,16 +1,16 @@
 function Deploy-UserCertificate {
     [CmdletBinding()]
     param (
-        # Parameter help description
-        [Parameter(Mandatory)]
+        # Input from users.json
+        [Parameter(HelpMessage = 'An individual or array of user objects from users.json', Mandatory)]
         [System.Object[]]
         $userObject,
-        # Parameter help description
-        [Parameter()]
+        # when specified will force newly generated commands to be invoked on systems
+        [Parameter(HelpMessage = 'When specified, this parameter will invoke commands on systems associated to the user from the "userObject" parameter')]
         [bool]
         $forceInvokeCommands,
         # prompt replace existing certificate
-        [Parameter()]
+        [Parameter(HelpMessage = 'When specified, this parameter will prompt for user imput and ask if generated commands should be invoked on associated systems')]
         [switch]
         $prompt
     )
diff --git a/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1 b/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1
index 774729630..4b4884b9f 100644
--- a/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1
@@ -1,13 +1,13 @@
 function Get-CertInfo {
     [CmdletBinding()]
     param (
-        [Parameter(ParameterSetName = 'CA', Mandatory = $true)]
+        [Parameter(HelpMessage = 'When specified this function will return certificate information for the root CA located in /Cert', ParameterSetName = 'CA', Mandatory = $true)]
         [switch]
         $RootCA,
-        [Parameter(ParameterSetName = 'User', Mandatory = $true)]
+        [Parameter(HelpMessage = 'When specified this function will return all user certificate information for user certs located in /UserCerts', ParameterSetName = 'User', Mandatory = $true)]
         [switch]
         $UserCerts,
-        [Parameter(ParameterSetName = 'User', Mandatory = $false)]
+        [Parameter(HelpMessage = 'When specified this function will return a single users certificate infomration for a cert located in /UserCerts', ParameterSetName = 'User', Mandatory = $false)]
         [system.string]
         $username
     )
diff --git a/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertKeyPass.ps1 b/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertKeyPass.ps1
index 164584ffe..252708842 100644
--- a/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertKeyPass.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertKeyPass.ps1
@@ -1,4 +1,5 @@
 function Get-CertKeyPass {
+    #TODO: params required to test if a CA password is correct
     $foundKeyPem = Resolve-Path -Path "$JCScriptRoot/Cert/*key.pem"
     Write-Host "Found key: $($foundKeyPem)"
 
diff --git a/scripts/automation/Radius/Functions/Private/CertGeneration/Generate-UserCert.ps1 b/scripts/automation/Radius/Functions/Private/CertGeneration/Generate-UserCert.ps1
index 66c796bb4..8669f5aaf 100644
--- a/scripts/automation/Radius/Functions/Private/CertGeneration/Generate-UserCert.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertGeneration/Generate-UserCert.ps1
@@ -1,7 +1,7 @@
 function Generate-UserCert {
     [CmdletBinding()]
     param (
-        [Parameter(Mandatory = $true)]
+        [Parameter(HelpMessage = 'The type of certificate to generate, either: "EmailSAN", "EmailDN" or "UsernameCN"', Mandatory = $true)]
         [ValidateSet("EmailSAN", "EmailDn", "UsernameCN")]
         [system.String]
         $CertType,
diff --git a/scripts/automation/Radius/Functions/Private/CertGeneration/Invoke-UserCertProcess.ps1 b/scripts/automation/Radius/Functions/Private/CertGeneration/Invoke-UserCertProcess.ps1
index 7f2970c7a..56d88b1a3 100644
--- a/scripts/automation/Radius/Functions/Private/CertGeneration/Invoke-UserCertProcess.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertGeneration/Invoke-UserCertProcess.ps1
@@ -1,31 +1,29 @@
 Function Invoke-UserCertProcess {
     [CmdletBinding()]
     param (
-        [Parameter(ParameterSetName = 'radiusMember')]
+        [Parameter(HelpMessage = 'The user object from users.json', ParameterSetName = 'radiusMember')]
         [System.object]
         $radiusMember,
         [Parameter(ParameterSetName = 'selectedUserObject')]
         [System.String]
         $selectedUserObject,
-        [Parameter(Mandatory)]
+        [Parameter(HelpMessage = 'The type of certificate to generate, either: "EmailSAN", "EmailDN" or "UsernameCN"', Mandatory)]
         [ValidateSet('EmailSAN', 'EmailDN', 'UsernameCN')]
         [System.String]
         $certType,
         # force replace existing certificate
-        [Parameter()]
+        [Parameter(HelpMessage = 'When specified, existing certificates will be replaced')]
         [switch]
         $forceReplaceCert,
         # prompt replace existing certificate
-        [Parameter()]
+        [Parameter(HelpMessage = 'When specified, this parameter will prompt for user imput and ask if existing certificates should be replaced' )]
         [switch]
         $prompt
     )
     begin {
-
         switch ($PSCmdlet.ParameterSetName) {
             'radiusMember' {
                 try {
-
                     $MatchedUser = $GLOBAL:JCRUsers[$radiusMember.userID]
                 } catch {
                     Write-Warning "could not identify user by userobject: $radiusMember"
diff --git a/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1 b/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
index 468162095..2606662e6 100644
--- a/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
+++ b/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
@@ -1,10 +1,10 @@
 function Get-JCRGlobalVars {
     [CmdletBinding()]
     param (
-        [Parameter()]
+        [Parameter(HelpMessage = "Force update all cached users, systems, associations, radius group members")]
         [switch]
         $force,
-        [Parameter()]
+        [Parameter(HelpMessage = "Skips the user to system association cache, which may take a long time on larger organizations")]
         [switch]
         $skipAssociation
     )
diff --git a/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1 b/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1
index 27da419a7..26cd22615 100644
--- a/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1
+++ b/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1
@@ -3,16 +3,16 @@ function Start-DeployUserCerts {
     [CmdletBinding(DefaultParameterSetName = 'gui')]
     param (
         # Type of certs to distribute, All, New or byUsername
-        [Parameter(ParameterSetName = 'cli', Mandatory)]
+        [Parameter(HelpMessage = 'Type of cert deployment to initiate', ParameterSetName = 'cli', Mandatory)]
         [ValidateSet("All", "New", "ByUsername")]
         [system.String]
         $type,
         # username
-        [Parameter(ParameterSetName = 'cli')]
+        [Parameter(HelpMessage = 'The JumpCloud username of a user to deploy a certificate', ParameterSetName = 'cli')]
         [System.String]
         $username,
         # Force invoke commands after generation
-        [Parameter(ParameterSetName = 'cli')]
+        [Parameter(HelpMessage = 'Switch to force invoke generated commands on systems', ParameterSetName = 'cli')]
         [switch]
         $forceInvokeCommands
     )
diff --git a/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1 b/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1
index e6b3ad580..a531da5f4 100644
--- a/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1
+++ b/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1
@@ -2,14 +2,9 @@ Function Start-GenerateRootCert {
     [CmdletBinding(DefaultParameterSetName = 'gui')]
     param (
         # Cert Key Password
-        # Parameter help description
-        [Parameter(ParameterSetName = 'cli')]
+        [Parameter(HelpMessage = 'The root certificate key password', ParameterSetName = 'cli')]
         [string]
-        $certKeyPassword,
-        # Force invoke commands after generation
-        [Parameter(ParameterSetName = 'cli')]
-        [switch]
-        $forceReplcaeCert
+        $certKeyPassword
     )
     # this script will generate a Self Signed CA (root cert) to be imported on the
     # Radius CBA-BYO Authentication UI
diff --git a/scripts/automation/Radius/Functions/Public/Start-GenerateUserCerts.ps1 b/scripts/automation/Radius/Functions/Public/Start-GenerateUserCerts.ps1
index 40b72d173..db836ca60 100644
--- a/scripts/automation/Radius/Functions/Public/Start-GenerateUserCerts.ps1
+++ b/scripts/automation/Radius/Functions/Public/Start-GenerateUserCerts.ps1
@@ -3,16 +3,16 @@ function Start-GenerateUserCerts {
     [CmdletBinding(DefaultParameterSetName = 'gui')]
     param (
         # Type of certs to distribute, All, New or byUsername
-        [Parameter(ParameterSetName = 'cli', Mandatory)]
+        [Parameter(HelpMessage = 'Type of certificate to initialize. To generate all new certificates for existing users, specify "all", To generate certificates for users who have not yet had certificates generated, specify "new". To generate certificates by an individual, speficy "ByUsername" and populate the "username" parameter. To generate certificates for users who have certificates expiring in 15 days or less, specify "ExpiringSoon".', ParameterSetName = 'cli', Mandatory)]
         [ValidateSet("All", "New", "ByUsername", "ExpiringSoon")]
         [system.String]
         $type,
         # username
-        [Parameter(ParameterSetName = 'cli')]
+        [Parameter(HelpMessage = 'The JumpCloud username of an individual user', ParameterSetName = 'cli')]
         [System.String]
         $username,
         # Force invoke commands after generation
-        [Parameter(ParameterSetName = 'cli')]
+        [Parameter(HelpMessage = 'When specified, this parameter will replace certificates if they already exist on the current filesystem', ParameterSetName = 'cli')]
         [switch]
         $forceReplaceCerts
     )
@@ -119,10 +119,24 @@ function Start-GenerateUserCerts {
                     $userObject, $userIndex = Get-UserFromTable -jsonFilePath "$JCScriptRoot/users.json" -userID $confirmUser.id
                     switch ($forceReplaceCerts) {
                         $true {
-                            $result = Invoke-UserCertProcess -radiusMember $userObject -certType $CertType -forceReplaceCert
+                            switch ($PSCmdlet.ParameterSetName) {
+                                'gui' {
+                                    $result = Invoke-UserCertProcess -radiusMember $userObject -certType $CertType -forceReplaceCert
+                                }
+                                'cli' {
+                                    $result = Invoke-UserCertProcess -radiusMember $userObject -certType $CertType -forceReplaceCert
+                                }
+                            }
                         }
                         $false {
-                            $result = Invoke-UserCertProcess -radiusMember $userObject -certType $CertType
+                            switch ($PSCmdlet.ParameterSetName) {
+                                'gui' {
+                                    $result = Invoke-UserCertProcess -radiusMember $userObject -certType $CertType -Prompt
+                                }
+                                'cli' {
+                                    $result = Invoke-UserCertProcess -radiusMember $userObject -certType $CertType
+                                }
+                            }
                         }
                     }
                     Show-RadiusProgress -completedItems $userObject.count  -totalItems $userObject.count -ActionText "Generating Radius Certificates" -previousOperationResult $result
diff --git a/scripts/automation/Radius/images/deployMenu.png b/scripts/automation/Radius/images/deployMenu.png
new file mode 100644
index 0000000000000000000000000000000000000000..f09ad2f8b81fc6acf397ad52daea81d94b9882ee
GIT binary patch
literal 74289
zcmeFZ1zQ|T*DeeRNsuHYKp+qZ4nYTZ4estTNN@|zzyN`S;F7@L?rwuS!GgO73GS}L
zz?@-czvtP{yU!o^uIuBXo9e2ruCA)CRqI~sUIZ&EN<G6Q!bCwqc_t$*u8M;4up0#h
zRR#SqGN;C_3Kw~yV<jf0EF&gHrtIWkZe?qRg7WU0T@<TahcaG(QkCjARr;XM>RThC
z*&*4lQoiVlq6Lo7=j)visgWzB0baT~<94>b_;^IiQ}8+KGtWD`+efY+aYNEM7dfnT
z&ws4@5DzsTe)LNX>Z>P2Rjwvh(N9(?DRIcoREmlc5&rs3Jz?-Pq*5LqJbYk1)vMqt
z{QIy^peORVgTqc-sV4u&Hy1!(t!FW=Nu%Jrw-)+5pEx9o_xOHo3a*fgW&}lgb3G6`
z*1@_e-q)eS4=M}BEzXP$CJkcO4YYUpIQh#MNC-b;UC?D34O634d5_PA&k|}SKWcY(
zxiPo+z<PNmunqsI`Z8I7039)n%L=u&QM~w9?OZ!Hr@L_9CFTihOqNqo;9vle+(UwA
zMl6KZR^gdpC|d6NuXctda?Cpy2l`NZ&_*tIK!7ZfGh$1OVJ~OFGFQwqp|SaWr3oGr
z2k=(^EOM+h&9r6A6%<hDk!f@k)Ici~G-L`Dc@QBF<g|SMit+^c7YBKWr$6|g(udvY
z5C12Ps&ap$sG69J4Dzp<sgs$Ry|bl*3$I@jvKH!;mAbZzwt_sLse>J}@dpPJGiDFF
zkM~tj1U&eVNjozaV=@mrTYG0d4?&8*?%+eF@3R3EWPjb_Vk1bQt)NUM=HO&T#>LFS
z%t9fANk&E{;Pk<qPgPv<@9M}aK?+M3mydh^fV;apvpYMpgOde-m6w+nz`_P#V`D<z
z!Q>3GcQN*0vUjHZ^N{~}j<}h#sgu=57b^#Qvis*6n>e_-2vShoH}rph{=BD|ht+>t
zvUmQwTgVOq?n?ly%q)Qa`)p)Yf%{xOWh)OeTODyLJLK>n+Yn-B=N9<u{(qJHr^SEN
z)c#LRUM{YG*8E4w|E{UwZ0029V25ndMd&{>^LOQc7XDpP0C3;)e~iSRVg4%@InF|u
z0)YQJXF{08+kGGu6cH2|aZz;-)V-7^U_6cKKx~;$c(PkjBjh4m5}p9rmwp6jXrd}s
zfOP--^sAF#|8(@R&`+4}@?ElDV^EN#lSz1%;pl!EAwTEev^Sr9#&5=r@dCaCce8NY
znA%)S7)WqFsNW8WEr}69CqsGgzkiPa)XS#;JMP41e-$m$paOwFOmy_}99ik~ey!5F
zgwI~1%}ryDpoFcdk|aD*#L?1kB1jsm*yE7!(44wDk4vI}nYXweGpoa^Ar$23pHR?0
zi6l~?wDTyqy`e`w^(Y(1qXwi_sNK@k3<`{VoAW3%cE&gFLUF2CXFK3xSZ#JJV{La+
zDo-&b^N@f!GfOIR)TXRS-oS9nvh4ltCjVHMT-;u(nrEI{iSF5KP~`Uh<=2tiLA|HY
z;S_%E^JSRTZ+KT|6{tVWWov{y#DaV=I$g^rmQm;3US1BzVNU>u;|ZQp<poc;3c@3~
zK<qtG7)bw0)juLlKxVoO=+0x>^oAHuexbol^V`9%dbzxz<Xk)7{q%8*q1Uu7t9u=9
zeeKl;oz#`Cb(v9KilU&2pr8rRptR4Jx=5qnj~bm)x=Vqw^+dYR_0^T~<0)DD8=D(3
z+%So{WG+X6_5P&5Qb~!?@Lle$*^R+1)ipEf*8rUw{mIR1u95=#lsWP3u^a)EK;q`+
zrU^h<XGurF6F29LpQ2299C=@^JQ|!gpI<}G8@+1dwtrTvPBgodhD1d8kcH2pHlN^X
zk3>WSXYkw!3>Zxb)2YObe5bbRy8>8t=4DxR6;8%N2U7U+Ru1FIn7LxRl~QG~@bd;j
zQvwC=i08kn-lU!=6r6m+{%h7g38Bub1>S*@QBhx@puX@3LX-4mjUeK7kYSpuI?q=J
z;A?iRsr%Q~*5Z^Jn5_-ZEoWyq_dJ(<XV`eaZ9SVy;<^W8JNL37+h1q}N`wdTNa@wy
zO3-SD+Tt}eH>=M|I))9&+;)Y{Mzi?-HnBdjW!M?rbZz*lyBcL8Q6PD4t*8@BSk>e*
zf@QwGROk44hucb4ttB}lF5tJLl^)F?)dEZIsSNbaF^uHJ^5NC^dP~?Vt<^TO51~(5
z69walxNI`ec3qMYN!|!KUgr%DvTB`M{mEV9FyW%<NS#}=u-@~)KMNqr4PC@E*$sxt
z`3UvJRUGbX);+{lcX$%V&M9k%xODIf&%+W_4!bF>7&<kSXIs;8Ykt2X0~VQl?Q@*g
z`&4OseTjzVTFW_qb6h}GV#vKcsqtbN^uCtrx5!54D&<WYx8?_4O)=>ygY}8S35DD3
zeVV*)6#FOGE&9YCJ~_*Sxmp)+Y%=So5BDgflknSuUQYtike{B@Xdr3RaPHdr77<pO
z#T~Cry=_lW=IBDB18D%F#*fe4BlYCTlcI4uo$-YV13mgE;drW{_KrZSu_}PoW@+mr
z2znwB|5g~Lc4A`Jf@a*{vCUQu0GjXP`gtAkJE(QQTs4G$wRk7Rmgp<s(kRqyX4F!?
zkJUj)-+DG(U{-%%@+C{^1UBHws96lC-xjUkZ0vd$h*y|Y8IPNLR)~4^LHG$sguq|A
zl~N>cZ_YB>+KTC|mlg#J#PsI-6O1XP##pDC^q#rT#^_cJc3tIkVhz`3Z73v-{W{zz
zaI{bt&N{ZrvCTTB#eXi?;F?voF_5vuWm{#z4e!Xni{S<g0?VTox5np>V63bB)>l%t
z;@=|5GCT^^iXL}Woc|aovly>EZOt3Y$l&l;)}#9|Z3x=C7dR;B+3!$k+w0`=2=cet
z74-36kiL;>EnN~(AmZ)>5umj_S$#PD<N#apvgg1XrXtU#;2<Uk$;>a(+ILSEN!=wP
z(hYI?Fs#US$Z0W@TxGH3Lmw~P%I3OQ?Zq8{$0V7e&4Wi?s@{te!^9FLPIlwnPpS^x
zQR6tfZLjj)WQOFS+fz^(HWQfvI#N<Dm%Ias%17J};EzI@zzKa2It5(qC|kse9C%NF
za1z)@ID>drs9y1aM9?Q0X9Y*y)4k6<j6rvnA^@{cEDzLDg!VGR9-45jkFWk9L9D~m
z)#`-6G=EiYVQV14SH3?k?y>LTf|O2zYmz3@c3Zm`J#fFj*qa1&;5JSZzEwuTAAf33
zubqyfQL3ycXJ0qip1Wdx%f7W=n=dhLvBhX}!R?5cD$-CpKSWKn@IJ{_=m*v*lNah2
zWWvOg`K5}ka-?tPs<#&x8mk;n&FKdQI%9wvF^3y9vL7u<D@-Y;%9ircRv!cdXa;sH
zID{l_9Pq=s)6g%-$-zwJ8eeE$6EN!s5pmn58&a5U+Wg#uu@?CTN4+p}bo{(&?y$yt
z%vq?BWeCqSAy4`)We_Th4-`oIjR+k@5D54hfsMc(%xQc=X}lQSE5>JQGV>3`$9zRj
zHcn3<{XE!0GJ#)V;m3Zv4=<mr-ee7Ud%rgB%vUN9Yjm5aQDA^ABZM-iZ{Ts(8f81`
zE@eIrBP#fKYoyyfVhAaXBK6GZyrFy^0-gRXnV+#t${1alIeR1ZSYEafS<ET?Docif
z`4Z4vj@_i$ud^XsrE_W;me^RP&GkMj%r+-=6|%})^6_hH<BSvQ*nLv3`XE`wI?$10
zTw1I7ntl2yFVd$ujf^NEp9q%^rKWWln1(uKPx}L~2$&ON0d|SqL^C4xMd;lJUzL4W
z$&LHY5*XD<)o(J5t8ko-<*+e4Z*e>A@H4cDfij5huAb4tv<|$EP2H;WV6|MnSL~OK
z*M&?g@wQYpZKfchqn6tzcn&YaI(|$yaQ4j5opzFH;Q&|G2BVXH6{Hm%*E_k!7g6l>
z6o&~{Wajspp9g4P3A^r8c`Kf+nDt912g-~z`ur;Jb>~_o$TKZ#nt*s#8ZiRO)&j=E
z%33bs0ja}bhh<lYheA<6vesDyInSQ<Hzne<;bb&Z*1YIQ743>0i>z^YB;IB?iXV3O
zlkPwvKiXT^hy$oEr5?1)wNM9AGxOLTvTJa?iDfI9lCAUJ#U~N=d4G#XuKwP2%9h0Z
zS;m*M?UXyFd{fPqla1b@%zYzN5j1Ix#9*h7AERJ)XBv`CM$onfo8i<O^Iyfi_|Gc&
z+an(>!fol9-dB7nGat_I3XZ5PR4)~OXn5H3URfxQk==Yinogrdty{*Yc<G9NvP>_~
zTs~FA3!7N|w3+|_9MVMDAcAeZPC8|2zN1qw|3p6+*(_V8-PBgFwqr}kGP;eP<QEt?
z&l{?oOw``fqi5!IXvm>clD2rofg4s5)+%9p!R&wRJY18$&2FyJZ$9{rjqQ64yaJNy
za6_u0)x6tdeJcSi0j&sm%$Tc0QA%BWSnWC`{C$lxJpFZgH2Mzy=_02Tp8kwEk2bxg
zL{H@*7nAd=HBpOGQrpBX8m-a?L!XhuS&IFO^z1P5um#~a)>q%)+rYQ6Z`UZ;udmHS
zMb#Niz+W@w@2z0GkK(XCXaUZ2<MZ3(v%b-d;c1Dp=_lwC@5%3Aqt)Ta#p!ICu>Pp-
zX8ktV6z367FD2hpZ0p9CpZRwy0eb#fk0)`*PuJl`@8sUS0vLw1q;ds3enu=Z?>;Nv
z75EI4#yN_?0fIf{`?y6mS*jDtSM89uag!^4Ex8|Ea|`b$GBa5`+on;^Ggp|hj>~Z?
z(NinB*jJbq<Ju)n>pZ5&9hHkKi(1+H&DBcg_;e-XMti0IWzQ;IGikErd+%6<nvy9c
z2XI4SQse3&_SEZ82{DG$&)#c4RnAY=`gMTpUh|>EbYh3F3SC5h++o>1Nx#|%RraM!
zSxxWtk5j_C))hq29YRaMcLgRrbpHDayg~IkZ<SYPu0wR}O`Slo2MDwZUg>yq#e>^+
z)pqW8^ZEF8^g0A|r1eqxMOXQTVv<}!;Ghz<{%^DBDzbi>U|xGqw{+_Frjvb;YPHzf
z1dva0d_YLx()S$O+-6_<g~E+*eZLl0BtliYFke|tFL4E`vuSZZv{CQM_>P}hYM|Bl
z$b%V5Q*O0O$Y0v7A3^e5hR6M&X^v>p7n{F7WSuM6^c_>sDT~tQfp53pNl4GPXHyIh
zPBL|$@O~nRVKQt;Zb{(=n$72~J74UnWrDLVWJFKCi^VQ|kHqF5C%U}0pwiuoS|N9d
z+C+WxC}GoPLfB$xju_HQd?M&|$!E5HRVk|2d5neI{37M5k_sEJ07)iG+$F%BZdz;y
z&=lVfH{Vp(_%ZE+BML*OV)sieNHq6Lf2~rksrQ!ax+SgnK!;sAq(mlM0v;otfXP~U
zf?Y23UZf5WrVa0xd(aw;RzePnD2a!SNbfaak>!k+FM8xp+FD$?WE<S}i8y^>R`fqN
zDuD9I^1{se**l}B)morM69U~~L)XJf6v~KXD)3qFyLE7pZ>!K5BLGTeo`F-=K0cUF
z>NRIKexg&@-;Y(ITcgdpgp()NYIl{gc_)<BM9|vS&z8dH{nZ)@%^jACP(D@PygkZt
zQlG4Hq?{W_tl4I_D5zYMtLi(o@KyL88DEzg9;7_foU4$SUX^b0-g~bTW1U22APcy&
zsAjblwgbq`#O)5tEfg5`Sb#l~4T`BR#aSdd5uUrcp{Xvrq&D=mP)L$L_0iAg=*Cfs
zh3hmdd!4NExp<e*db67nd7Zb2_Rr$FRAfrT=s-Jh0l%;a0Gv#%XkMrQm8LqUmdV4`
z<_YlDI)j#@!7ANe+(%Eyw8GRbsa2YXNQ7C2OHXMEUOY8J?};2CyLoyIz@=vGXrS1a
z!^aC$dX!k*deUzTu)c6H#RS$a-mxuX;de8{Fv*2`$WUvEzGd$4(JdSpmN;e1?QXT7
zF|s~jqB*R*t0;cMlnaAgyO-+oS`kDB2;DBJ-dbr2Lyrq4r;(GsZML0nhUKGd%XNE9
z+bp;x2r1F`HNRJn2@otm-X1T=^k6KRsm|EX^8y96)0ncp7r;M|u|T%%d^bRy2`Az6
zUkVo$^~bdt)@r<HMu)6NppU>7r<{xEfML$Qq>tXIClqhLcQH6w7JM(Ziclf?F#0Jt
z3uBa~r{Y3KJ~zwM<l2<oYKpBdkrxZgY#%bawdb%&m!UmmH`f%f_y$Jae52{>Su!t2
z-;jOl*o(tdFc%VN`jUqKXiQ4ba9{F?M@z9s^IiO-Pf8v#bT7ZJQPMP~MGzK!F_E!U
z_vICKgvD{x9HAQy<)^}_5*&7hcW-rB3nGG{gVEtK$x6jz&?h^GKHBMqJVCX4!D@M<
zMFzl3E#N`nmF=ckwz%n=jxeft$WpfG!yT9j?JKR854{Z6LG`e&OWa8{O0jd+U2-N?
z0FDS^UP<STK`0fT90;jjxm=+WaTuXs!K(`xhi79yLYSUY3`yjBUx(DYM{=IlT=!jk
ze$LOfr0wXrO-;SlU(jLeX3K@G%l;<THS6=~x|xN2p7h3<&*d$)?7LWS@r2UKcDNER
zZ98(>tSD!9Os1C_Cta&-ua%sn9}$}VHE97hRUKeEJN@4Cf=5c%*4q_GJcER8(t;00
zUgy2lTYGvBPwihGt<W*ddd$AoiN3-d)|g1Pq#hKP&nT<x0UnF&DZU8*RWP1c07Urh
zeWI7PdT4e{p(V;;)6(LD2inG2Ff;B;i4xS~q8>@L2(R1->St|MxeX9)0bi@n3mVY;
ztSHXDSrm}c6L<k!=8Wac(~odey_Z|pmBEff#Jt<j`6U{`>vv;%5w7Kx4imzeIl~>h
zxJxT$^`%GFxW~tlamMk6x4#I}B*VhGfg+!TnT!WZ!}>M%`RX_ifedP8cXJ@yKd5_*
z2Gufb+`Kho3fV0sGStx{!;N#_byK_#J|CU@2dXCoHh0!36FHSWGmd95O|H^oXTh)@
zvJNVike%9u&!yt5zo}N*utuB?3-{Wmsvv%TS2rO-)IEm6bdb&4jlb~~H1rN2f`WWD
z1`<Hq*$x6YAvyX`*qg~`oA;s)1??^H!R11dP>ZYh;GYcDPoH@DLc*F3Ik_KIisO?-
znV_k9fw^pzBgZVHm9X%cGI*DK;!MsZCI2iVrN^l8s=|b~L7IPX%RkQ^(kMix*zM$m
zf5Gv;R@vXhZPB7A{>Rayk(Q7CRrV<mjqJ4-`t#mDFZ9oI>eB}=!qUQg#2NmX`zI|x
z^=Um(04?wXSrk6TmHAmNBWg{5s#aHqoYsO~8W&T|waVly_h*8xPHJUh-?y4am*+G(
zl@|xiJdq*r+Hh=#G8eq%!;anCZdHBE;`1Aa)y+{dFL@lDdZ8R)_Uy~ddG{5Mg;kHd
zL_L|q7!=_@t-kd_ewo4-2467!+q@r~uv}OtWu8rz?^N098zc%<CBpXiQx1HnJ~wmo
z$E7nt(=^kBHv|+w&M>0Ri@g|9EDI$_ucBYVxL0huX=<PBP4@l`es#L&!h2F{8=q9w
zw3h3-h8{Dauw!FQUIy^sNx5f>akW5|vyWQgrMi8Q%+poD=kTWtR{$O>GkCl~8g=N0
zj0956tX5y!!fvVQO-%l8>~e>AvxB6XJBQ}6_7c7m>x~*Z1mDIzZw)vw0+GFVOM!~s
zjs21<<bmHB&g)BiGolk+t3m_TCpnkLnThL_MN1$jZQPHodafacuvTF@@a`iGh|AQP
zRc)a`sW{m!OCdgI!MEWO7c1&Y$VKo8D<4+`XZMh9?u307w|hReji}%=Y*TRj<RB&x
zDo~tyDGSGbm$({(9{I2}#!^amsH5+SwNYqk5AXf6qP5)Fex<SbRkzUwyPBJv?k>h=
z{Nd;l2+Zqy*(66~1GwmXA~bGlw``i3_zBXc!-Hldd;5_m3-5(Am)|c&xR8M$z#ybS
zO6k&2irc<R^-~&l^Odb}gB#_BADq1+cuRrnrR!6Kex1Tefd=yvPGh?Sm5-1`))w@Q
z%z}#v+iBLa?3+wN0<}XgR+zt;lRP2kv&L@;(DG*2o&?~S=gw`55Bt~m2&nF1)d~%5
zc%PEu4V6OyV!yE>Bnz%cq<>yEd2Ad296M1xad+w`z@2^lxq{l&wX3J%S!uUa;_n{7
z1Nd#zq+n--Ld1>veq5a)oI;YrB~_o+{4#QaacK|67!UY#SMQM|lu*6&GT3{Gv00qM
zIt_A@)Xb7XLMe2T*;DN6T3PMFQ$G!K+Ku~lHYP3T!<Nf_gdn|crP+@m2$w-%=ZIg&
zicsR9e`*t>MQOjvpp^0>TPE~_gWwuJm>Mbfv8zr*VCz4!E}pWVfa~rIWXDbwFqJPD
z3AcVg_&Gc;$aPP4g)ev{`8CJlEW(cvo-r9G<T|}Q^Pv}{t%``GhQLSVXhe&(0_#7m
z*)!fwl;AZdTl({S+*9NOpL|sr-AP8j{+?^8jMC-k;}vO;r2-_)w)0{xI#m<)2obNP
zePCvazh`E+RR;>R>drLH1<8FG5NP$B@$DZS=d=SnqF`RkK_u10-Cgmk=A?De?EDZB
zg2<Vv0my}JVV_pCGCrhR-B2w|+xG26Th6uY)uO}f*JU8J-~>q8uL~JMiTH)fw8_lE
zjM?pzb4wU_NEF7pSCy=~FFSNKQiP}&=Z*m(B5j67ex)hqS5}n~`w?y@MHY_#IASmM
za~8_$`d0F)#dF=}b~8S$$UA|L#oUOxa47dq>)LFrz_~U#Ga=kJ>-cxfw;`lR<}Uaa
z*NNw~av8WCH@LaaD^IMR;D0@Lcr>)}WTSqLlKMcNSU;e2AtVEv=0H<QmS9k};|7w&
zy7V?vfuH$X(~GOM^OK1tH^aW=jt5MwJl8^dPrcck(?T4ke1bW?l--WmS~qPBV@+f!
zyiASwop*qm^4K9a3Ez-vdqLQZq{-R}yaN$lDe|@zRO>#vGj;RsJC75t6%N23%JhJ9
zWTeh1ZhGy7JbPK_BRO3w&Sjl8dOO&6#l1@kz0(LEy{=Sk8NHh9o!Tx}xh)R!B~5c_
zSe=%=4Zq?ni;ldThCaQl;C^(}pLz~%{)zZB0QbLMIQAVsSsF?-6jluH!hV6`$037~
zJ7HBhue|L`>DNJ9I=-;QW8L|{IMS`_9Z&7j!`EL=#T<rfy0q1Z#X_}T55>0!3Xv**
z3n3Ud6VcatGB745ge5txiv84=G&qw`E<$BPUP!&-16Kp_s}lLDTGAj@9nxi3NN){T
z->S+0f^az(C|(cC+GgBhHuQ=OS?d=+m6}NZ(T+;rAP^Ng)g*bHOb>jS`s5@O1+-j=
zBiXFtr#p?E%b-6kMr*Hp3{SAUD7R+xn9+`9NQDfJJ1h78NU+)m641RFeueLI?R2ec
zou;kmu;dGQp3)$rA#0}fzR<LJpijyECcC(8fH2=>lo79GpTcaN0G09vlIMSI3(y#V
zO;?nbUYzd$o)?F#W2akK3s?q_`TJMx+E=w)0Q)N0e9ro&VZ$0JB$3`Tjf|7;lElu3
zulwB#a3b}3jJkU)!8{vTwGQgO^@d;6E)jUuv~jy75-DWVowTlZA0pSvDFH=P*i0W*
z<J4che?Z6GnjCe6c|#j@j39^{1zZJuN3WgiH=oXo*14fJk@k~U|6KMB;R;X~h5K6{
zH~8j@7z&@58UJ8>y&z0w=hWBg#l3iT|GC)T-Bk9i(zLSFxdJrz`)_xj>di{C$T>_2
zW!)q}jvcy@B1ePLrKLE=fy2kO(v{CvU6^5Y>0L7f_U5=hx+C)B!)Xq#g#$endPP1T
zY*^u3_>!~5p6WH^a6%b=ufRdk(peRu27w`ndGsJIb2yxm5j{4&eQ!cWNbeGuAyaHT
zSH=EaJnL7DvCp~4v}2TI9FFDa96N`DxPmppMU<$(6hGgw>U+!dY1eGkK&Vi1OXNmr
zxfP<@+dY2p@i-mRg~yb<21D9s-H9Qo{%NU^ADmnYIhtQ*Yc7LYV=$7?8%%caT`6@j
zV6U|6_&^seZim<IT%#C1mfJV)(VNdrWax+Iew8%Z>6$gOIei!u8MIzk(>?1J^i`Xy
zP5qTB3W&?B3CA4iybj!#nQv`Oc(l1YQEB)h+&7PHvN$RfAKE=$>`l=WX8g>~jk(Bq
z-2Vdpp(o`;&??Q;7|_%hQ0+0DPj}gYH$^d35R=5!36!6@Vkty8pZi<g_!aF01jmyK
z4X>6E*_Z{&&y_^TEYzH8b7Go&we6hFhiBhz77~x*PnO0+yOo<)QeHYdKzQHCC{VwX
z12e1w`?VavmYW84B@+nlDOJw=<j|0cBhcP}g4s1Wh*y`Su5W&a^<^@3SgLoF8);2*
z+Zg<5-MCM$>0D+O$JY{-mFxAG_-8$xM6Fj*9FmujG4Fh*Gm5@ml4k9y?d0k3a}*`S
zHF*&Cd$>F`-wvOny?(v06kEb?!*f@1#JU6QajTnC+TT^`<0xFxX}KHhZdLJw!jg{p
z2|!xLAopKOXR1XM6V)JcPtyrEq5&a6q9d>~6jp?O^#J*4oFdh|ylZChhj$8SowlA`
zU!fDp)zS*ujk+Z+Zi%NV&#W&GXr`Xe$;UrrgS{&okI>)I?317*!LFN$3v|Sg+?JzG
zeErofqI{Fgx#A#qq)>^IVJ$mDP*$zIiR)Q~W)Q%prTWE7kQ7GOiPzz%%}#ml%kh=E
zxyKd3*<YBvN@o;QYiSZK31lbo`#_`kBr+T~_~f$h1@Se-Sriq^bzAcG$9HHFOU3d^
zi_-Y9XTFTW_FS(ShZACqCR*wJhvIZ@YmY*Mb&GoeD(~3Ot$^|g+04dvnI7+2yPZoT
zq3LnSMw%@;i?7~8zX?ZX+1-@BGge$dw7Vj$e`v_bTLJM26;B}axEcxC>u$#%S?>K3
zn@G(Q*RS)8n{sG<Cqc^}6nw#M>sawgVc)&d2+rTCoK(9*Wl)cASAVNZ9b0KtfZl~u
zj68<7?o<*K5Y*ZvX{j+~n9^MUq`9R+^T5G#63QkN4$}evi+W1JfY2tSp_}V&aO@4l
zp<5}}Px^&T(Hn59>J6Mt*HAjts`|@XOc`4n0aAT1Ra(9q-!KJgsJ}oH5kVK%ZxVyz
zld7dnJ^O66rw5Vda7%JGQ2o?d<+!+`rdWQKyqY~eAwjH{L|_vm<h}B1HhV}q8T0fg
z&{C)MwYCaxC@h9k*DFF&r6ccT#HJ)PzgoQ7mSoy+YCulH)C`{^kTnAPcr^HVe3kQe
zDO+3rTR((h=5?7cf2FMbNFNKs()fkdd1y2&bYB0t?oIYm@mX1HV2vv=srmU*Z2rrG
znW`w95b8+t;)+sj3I?z9W=o60_5FjXVlWh5Rk6#mmV(At1pY-xdT<mCb1*{HhCc`j
z2pm`-fL>KBk+8XpZOqtjyE#714v@balFMaU_v(<quhQfGsT5wcp?NyeSoKc4x-p=U
zQ|O?pa~Am4%1me0+IxBD&KS}fvubs%xf7qvBe@Ut^c`nd!X(YQ<8(U9)5={vUNiLl
zj{H;xx?6QTdtfvR+^brlCH_=F^-VRopa($Z<LA30w0ZFC^L7X1e%cc)a*}rOcGxXL
zlkBMTWz>^s@ZOfBe0S9g$X2-S#t-X=FO?R9()_c<ldL?L51rtBuJdn>f9&PUpxI$)
zj*%Ld0Hxap)Z?mk8D`XV{nwaM1*!vsx4gKb`@r_4-}FN^CCxXUT-P&B*gWqtls1Vd
z#ymUP6|hO94hk;Ar>}H=g@Mp7Pl>*5li!Bulzfck&B5WauWfdT@>ZI+s0Pzf@{(ie
zJrC+OfI*)Q10dy&o78f*MUY)<q@wQ&80L)(kIXA&v<&`wrFYQNvL9N+h?udll`MfU
z=n1x%uk&yGw)TAj#63}^h}i_%WU%S!TekOI#nqXwimiD3P#Oz9VsoFg@=V$s^lexC
z(V4M8!Oi%JS-)Ox9W-EW1a$<_Q4q=YkYO4oxRH}OCezv&_9w%XTP})gfG42};Nz9}
zT8MYnjg%~;jN7Mp0#NT5HfM2um#gK=01ks`K}%U}vJ9_#oA0ubco?b7LC;jb8r}|G
zS@~D2We^m{l*QrqAVK=rV<b4T%1Tp~dy(GMq(6?lbxX?)lbR--&7#8fmP}$p311*0
zwMC}&Fho5!9;;^}H%<HFt9_N-$L&=om(Fg+YB<G9K7Nb7oH3H+rnwR}h>USY@!)9%
z=oxf&wS0i|?LzB=V9-UxXO)SN&EI!T>rLK1i$WJvOpEr7HH`8r5@$cwz0OW^(alP&
zCc@b^Rgy!4ALbS9Db(Zfx8XpCV=y;C&u6)~nD8A2m%@u>0+kk)>&ve-E{c3w9f+8p
zY*coX0qYd(-pmd;$WC<k^JZN@=wcy{%8HA(p;kK|?5hT9Uqz3v3j~f>U#luQ{n-0G
zNf$O~j)>MqEa|W)1|J)%Bl!0?>@I)XSSudu8eY0SI~_+`-M4MA<=i@U%|qxzsL!K!
zv+cX|IkubWcgUMrlj3dKNrWU<#ZJZ>Tf(la&R>Xnw1rYjPh}hS06t_dXny`h@Btj@
zmG|ArjV7Xo__Ie{gz@hirBuZzCOOZGmgEF`sh+WVIrlBLB()?1L<9&_>EMQt4n8^W
zj*JgYGDu5&6k<3(F!rX}0prH2+{t&ms1<T-HPPy6C+n$S21hP7)d&cTFx;16`+Nr}
z<DjK7eI3WOkQ0(sQ>2-fZ2#paqvQ+NQ_j0MoTz%m6QhN4S!U~)D-i&;6Eya1UO?+i
zvi`Fx@DuM}dBmJ%o2(GonW~J+55ozkmn2#kLLliEPjnY_U*)1UiHCW_<G0T+-U1ny
zn|jTj?rOxQI_Qgde^4x%5XH)b+^iKnJnP2lDgXw)aMdOj?fqP!62%!O<<#J_r@R{;
zL2mu_2tV~9BT>ngc#jaPElu&hoZ(zYSQe;Kh43(JK|*cOOLmX}QlDe;o%ciETfR2)
zq6krrqlH=A0?WNzMjqLo+0i)su(|0>d!e0$p<HUnRpqZhaHp5s73pSgF?_8?$&~VR
zuo@N`ot@Q`{2dLc^?$pPbGTor>;P(-eS`kRh|5zf973-a!se}I8H*NO-qIRL@L-=i
zByE*d$CF{Lqi`ZQrCcWJ`bPrTdvEn8J!#f4`L$=C(wN}~huL}UPXxomONc!I>i0u$
z9@T%fDL-w@<vgX^zqL<|P;T)^U-%#pGA(p?C6BtEpnEbq{Cp$#_zLM7^oLx861vET
z4XOjFomTtz?!F;yTH&P7-BXxCQgvw6DE~o=Ov98o^b9FeoqVI6!jQ9x)JCh_UfUtT
z_rbYEj*sN(lB{PIQWM3MW2j&1flh|5kt6iFSl&<ZPahO%_HmnpIwOr$k-~m168)Md
zd&0j~m$)WgpruMbKowZxqy@B6=t_fvK5_z;n)sfqpQuHMF$0?|xSeY-I~kkfl{Sr^
z)i^wM$gy+Mcv56W9ZpNL`sno02(KHySxu+XSe2%4|6D_*P)@uuzjbhp&*f7RQ}Vk0
z8$ETBFJ(yAUXfXSNS;<pQC%uA?$<{ru<;y*OZ};(V&B0&`F&WP`L)Rfpr3zX`P`?v
z09~ekd^K8iwIe9a!*q$IsDe$a^wz1)AYVaODr;%Q@3ODj%X%A{eGH%ZrkuLhva|T2
z_wuopXxVM)il@^6a`@)fy;LpS$6i+hs1F<@!N~2A-_G&Xv?aVD<j`ZF*vEVoX;3iL
z@w}0QpN(1eAU!fnfO~7?TVbSWjkHxrH2mHq^b%F!XuGrDfc%q)>VpD7p~bcOE~cHe
ztd;hJ3BHbK;@B5*x&-jYezf5z-H7O^EK6+kY{3T`rTXKBNy?`8CflPR5wzjzrk~Hl
zUWl~4@|$=|%H}Kl&`TR(-X)WGv8tk_(Z>41!vw<!E?i*{`qfV)ksKx5F>#w-9q%tM
z%wN{YKQ=ZIGR}K?3z7Oa+J6}f@2j=*47$9c$NY=$^-n@r6w$qA`B-BO<KIQ*=prnN
z>;?fL{{J*f{$XC+i~Iu7SD^n#5g~Gr#^tp#GXEGq|9LJzS~MN4l_gUDnfWJe^%Vte
zm1A5Z|J}de-}(ho5dHsM`_G{Le{j}BD$zd-MENx}ha)7ek?#5gb_*I(hr=g*mEZ6D
z#Fb`HDTN}v)JA<Hy|6QU?t6N)_VQ>bmVYTw$q+h1alc$pP?gX>3?@PvT=(BEG&D)u
z%~$1OBB@!O*QYM)eHu!YUS#2AX#fb5L8ARqz1Zc!g4c2r@z3wnSS1F{{@`1<)ozU)
zb|;--@w;b)aOP*AOFPd3Ig19zReU6SZRzbWW3yo96Mm!-ShR+|mjU3KW0Ay}<LPS6
z?;Y`$Uy<8ku`0QQkhGsL=e;-sTosB?&5-$t^T!{GLB4$YrRw3}U$6N>n#S)}z4Lfg
z@G2c}QNV?hKEz(XRdkrkK{Ad4Fg}{q^F5)F31r#(ox==Hz_BtuT4ge69S5SJqEdE|
zf7*52qp`KPZ-yky@D1KLl9TYe#a!$)0`TO((6iE$D$fDg+ma0khvB)k2HlqcA75Wz
zS9&DV??6Io+@D%*o47T(oM_-mdytlMMdx>1;%yv}-TS|n9MTnm-mN4locZd0jH7HH
zr0}~bzdxRHZ5<skCRG!_%GW4Vr&tPW!CpfW?v!fn7krlMR#D4bwtr4fYgq-7L?-S3
z&C@G<!}N|P{!tg!J=HSK5ow;HASER|ulKq<cnAt2ba+4-Zk{nQZWN$2*5q~RB}PJY
ze#}w`EMu<To(ZP7&iPVA<{B0rn#FTR^~@Y>OS7}BpX)l%uYu^TcxwBD`B&5I7Xu*~
zUh23s9fVFn>r2ueE|WjrXB0G!2lwn&Dg@%?AMtnBg(lvH0X)YwlTJ(3t+7$kDw7lx
zp?rvCDro2xpj(O08>LW+G<s(ju$zzVlmqu1m%z;c$UDt2F55YIfSaXKz0+o9M_}a0
zRl#_^Z<-L^>v#x~_9vq<T{@Z*`i*{}{2QgtsaG-;;y6o~8i21${iOsW4@puj@V+ME
zgi~VnB}Kk}A5vf{6){sa<GeAPbyU48KQ5O!qMBogGF{<P@O^D?U3vk@t~5+A3ElSS
zakDEBxiiXf74o=ZQAoU?-v4#Z4SD`7r~Tm)TS+S+sfJ@TK!L?4;-+1NCH5lEw4FnU
zIdx~EP}K4GnB#PJ_G}-1s1acfX8Q-f@ajMOLbo}a>}g+NMqPQt{xMN-+xF(Bl-}Jh
z+4Y$LAzYi<K<EV!Mo)c3c;2dm)aYm41e5$(VlO_5w#`6;L(zE9{@M|c%kbwn%D}OM
zyJm|rxeRSxfqPC_KNblj*JFLyxL9ULL~Myv9?5sAd`PFC|3afw{Tu9ZSB%xMqADa{
zV>z9yp@#@bv*d=(o(jFvl83I>f=hv|r4e1wi_^pAo2{#3T=f=PLL_(XlOS+*cIZKJ
zXDgC4v`}x_ujC^oJ~I$DI3_1(p_m}O&U5Jf1bft77%rVK1JX)h%hBL<1=*Jkc&GOJ
zZ(!O3{ovPsvF1el;EX?|5~h&YGVgKyb(XkvP@<Q9j_RY*e*BO~rF0|>?R~PX49n{2
zUE`rLl0P>ie@8^}o8YBHT^Y?$Xb>25I%ktP?Q3F~#%`g=2ihP-(wUxP6h-GL9t#{>
z?o9j!L4@kz1F+%ZJ9F?}c<1xK_pCay<qxt<ids&az55i2`^sxMaxv^$%*oT_C_=AE
z>x4e~j?@c|WVHwr^LwgesCu6FcfF7N5?cJo?Uld(iAreh@H@XMf+YAo5sV)HEp6l*
zx#4O{QQSOvS6MD36^tXiy4NH^@H;28LICKtboWrbz~s?A2RR_1%-blUBL1;lVw<hs
zM6QNh9(=9Gze{eS;<2sy-u}7-dkbuiE<y)Zn!^8$z^1z=EKLMSUC^+y@Hu~$qcox1
zdfBdQM!~qTgnH-WlA_SCE+Mi#qKbDRS4Xc@c6V^%SXh@N+;9m>QB30%TPZH0#p=$`
z7ap~KbKKi4|7N1Bs0vQP=dNNtV-PQO&!~IE4^KQFw9V6{+HZA3SY-`GzCNdOwVaNq
z?kL&%jJOFhJUj&!YBU$}#S!~__ftXCtN98F6@KRfdfc@m9N>s<ghR@F2PFb=o1aFS
zdUisR7MYB;isVie_*Qy8G(}BPt+rriZ~k<;{P_<va2oCH`E7;wX6f1REVPuNM=HzI
z_S9-T&mC546bZ~vSMb{HG0f3oG&B-s=ASGQlE6)gC?|CBsKW_aFGuf+6ho)8W^XsF
z^~q}HW7E=1GSkm-qUM4g^bj3@FHS3?Syd=^U08at-LI)+?5{VwLJ1(sj2O?~3T2P2
z|NOSV;k_upRdVzkKV1R^LiVHT%knZ=wJUsVw>3$i3@(`&xToiC552fT(&A#PdVg<f
z*A#gdonOXar}`ej{Wl2&TI(7ve^yA{BHpa$9o+UFU;o_3u+-3gz0dzq#6f>#7P`50
z$>h7-^c?l5{SU2aX#e-OCE?*yuxi%F-#;W==SCUlSX&}%_m=|VB>@I4KaTN|Ncs7H
z<5<Y|%n-vIu@<-Oc1dgisKmRpx;w^Vixzo$|7Lm_@OQgbA3i75+Aew92)+&xw6-l)
zXj3?hUi6W7kmA_GF~I?T`sw3RJh)ps0C0aQc^lVunz(vRNseTr+1&K5Z)&&vr)!8e
zh}L7o{A9CK#P937-WFjVAyOpE^Ta4yka+uf1iE+lXCeWfvOq-=VJx9#QxTNahnEDO
ze~b2#kV=C31(vdUBGryFB??ReFspVQlDJ0u`!@ov<TGn{^^C~&XB(&K7#z{pU$1Bz
zjbV+Bav3vX1D>6icl1W*<y-##q5e5eLKpY0h~99Ac{0xJ$p=g$3t<2DJm_??o{K5X
zD?P;X+&yskVS><?hXf${m@gsg{qu4RJ<q$SlKCx?vPx1|c7&M}$LyT0sRseu4(>Z?
z93_w?kGtQ2z5;2lpT9b4M_6Q``X7I*=?R>wRrIfLd!hH2AocSl^|N9(AKj#s8ktd&
z8WV7nr;f-^<gyn}ntgbDmH@S!2hJCmpIdX7?tIXNUTB?|FnxgLy-~YrICnE13!BU6
z2;9EdpPx7oE}2vn{`T$L+3we8cwL6&axv%`I9;J?Q;a(5Tr0c{W}zE<<a~yM$CL7(
z&ih#8T8&0=I9snjw|~xusVNnlN2dM0xUDg!<j24=l~TQ&sn=jyXKmCTrBH9RPk9nD
zR@92V(7S&6!0ULZ!$+v|Va*qzX3sHBA7fTT;3F!UAH5h9+99UZn0qq1Q{RN#R=%7t
zGlNQR_iNWal#IRQ@nF$`7oYiBPYKVWM4|pA2t^W+{#2epcXFb?paz|o5v~`XkHc2r
z*@52ecC|gAKt9XVWUGgoD^E)-Ffv{A;p6f)?WDfg8Vm=mtju>S`d^wKurlg*^TqGZ
zDN!B#1g{1+xr`S9nmdQG8uGIOBZ)Qq9ityV%ij%6*^}w?sseZFyLTKW$xPKk$Z}g2
z4Tm;boqjRimM%0}ZS{0mEx&OXfi|thfIAz{;g7Il^6WIqN&%xq0QVf8(mW4PEC|ZV
zdbuh6W)it&6yzC3#XY5#iz!dDzZ)30M#OR2K#Ummvq&~<Y|cYuID)5ec8;&FqE*g%
z%MohNM>>P!J8xVDwE2F(tJ9}_Sp}YVhUvxzefR!N88L};f`+}+8Rz?ZyU@J0wClqE
z8@&-@7?GGt5zQc-^hmu?8O>=UW<3cW!#&i<xX1VScrH0`nzp4Yafv~z^tETBoBU<n
zUg&j|$M2yw#cFX}h6kDW$QX;6YfTm<h6a&K;s~3~5?fMtp;@RICE^nbpYK8P!pk^_
zn@(^v4t$_bW)PMH2|xXVB9xf#^+5ZjOtU}N|2*TP&-_x?4GMbq&&<EmM^reUjNnuk
z^mBjIgMVU4qXZN*)BgMyFaHHjmt~N#L02++8dVtoDr;jyzDcYKImN$lUt6^FJppE>
z$P)KoWuMF*2*sKTWd~K>nWB`H<-dRbz+i)ujdXLlf7d8?ILhzf$TPLV(J@!Udt%>f
zVm;}Br$5DqHOH542;>|cj~hzZh=euAcFn_Z|5qntF?cY#o4s7}h-abOG<OGqq}yw~
zY7Lv!xGg>{>h#%YB*LKY_X-S2O_ldPB(4Cd3hg`U2`_zPHf;ESuyf7xtS($bDqF23
zOCtBdJZgEvBdN_^B{baOT20z2Fo)r{>RCH#YwP<8tF#I^hXjl)3UR9Y>`c<MKeCvC
zdAe3R<&fhPYB_w&8!Nhd{a+zjVBPN`0cr6$!~U?<jmmKDPT8m)I@h$#u3m5Q2<AKw
z#Jk&VP-l2T_=l$VH-YF=w2^+J<};*fs-<##d8svDH>2G^KvHs{RfbVZ^*S(?QAVxX
zSCmqSM1euG#4YsXyIH>#QYvl#Cq$_pVi+or4g@xMp40Eo)Q5h3>KWLQdTJMf*}c%%
zEMIM{uH`>mVJc-c+;Xcs`gK0WI?b5;F)gX<^<xb=_PpY-L$n&Vpub|3>M+e$dl;LG
z1WMjQReg&<Ihsw&=|)7bJ0pm<i_25A)rkk;;6IeFKRP|$eQ?Jv!@|DyS6`kOWN3ki
z9lvWvC;?zD(uRL=kxh`7Bq=yC3EResxYmRwvF%AFZh-y1zIZ3^cO{7ID?6kt{t;ec
zIgj~@Ub?lihNnth2I4d<bXnD9zK@0ZJlA;>P&e_INMq9aW}q*Q4GacPY#uB$V&f$w
zf=S;EbfE&uT-FXZmAD-ioE)dz-jTJX*)KGdco`~s9EZMSMYMQtMi>id(S~11!zUOK
z-QjQ4TV>R=CRKX|x+8Twdpq;JJ#WkO$O&k}uC%v-1UkBWF%dW5k+!?o6$&Kl<R3<r
zY&2wFXJo%7u$yK2J%p*<@>Q#!ITJ9CY_8IbM3C?oxLCe>_Vx<@(PMLsP1wbO49Q%L
z#!ZK0M7C*9gqq$In!D|EEan<E&1eXT063mT;pV&B0c>9O_^YEVa<}kl_EgR7<n6Q5
zt<I(iC(7sWzVg7}I!qP3)awuko1?{$dWHz9-noAFMWKLtAc41|CPg^%$285-ukm6q
z9b=U`9np~|kbdxeD>qh8AU0{nC@?Iq`Q|c@9!TfaS&qnh!)-s7Kiu<E3DbDvu$l8y
z?jS6rrn0vPz2fr{D2ZsQOpb6YFK=Gp(sQ<NlEZlH!z<y3tuMBZ=NKj`LF||Vi4f-h
zV6zF(wP*CaW~MglT)7o{^Gt@|dS8lM^>M4ibLHz<%ALK}$1;l7t9go9ciynq5e~h+
z@GYg@&>M;Ouk~~o4I2gw)u6|wv4(7HNDjxj**c74)pV*=wRNQ{bTrC+>6<|f(REnF
ziR+=F<yalLhIb(*G6E?GNpjy*RPFr3rTl~9QBWh%>-HfqZ=Yqmx$Kt);SG{fSAMn9
z8Sgp#9{GW7{YhMzLb&V~2h6)})XgH^3g-Isv)Ywb#7l)<I2^zat-6Md8Ob*DdVygX
z4<4O(O`!CMv)Vd=5(e{-(IN5}$H&(8nQOiQk-Z()C3@T>S&hHAt<$Jxh5#tpg0(uh
zo|{7kUN;mJLyZH&3!lx`?;~u??{QFHYz7hteH*wLis5C4(5dOZf+T`-P+s=QmM>=o
zh)fLyevMtJ-=3Y!h}cilS~a~)735ega<E*@Wm2zy&&$O3%=3ncGf<zSi=iIj&2Fwt
z107>#!rNfgNML&W7kJxivVMg%*e)u%wwa_7n%T&?8l8M{SYf_s3+{nF>RR%;96es8
z%@?>-X@Br2dB>W|XJ9O;dN?0ZqMv3C9)M{PB?a`D7JR3kkSgZ>g^|F!|7rTBpa6qG
ztC9OzM~c%6g8$kFh%xGNSchVnqKL|Al&iq^K*BJ-(d9tg+v_|Xe=u>Z*ufmia>l7)
z6381)G?7<+RE<5r>T~!xgDST*6NGtmnYC-{L_bs`3;pQ2F(4e_>g<I;<G&%|g5xHh
zPRfU@*Qc0jhr;AnC97a@oE%nt9OLlfDu?zJYWlRt=R4nP<KnE#th(_jwdq<JPVp^(
zrrk>E0ikh)$rhC;i9#x3NSRQ=K^gOi0z)l#IQ!uf>_TtWaL5b1m`L4nF=|l8NYT<8
zJOWawB5j^j0eeQl>C8t8$!r>3<1HIL+-bQLT)e4FSdvaRCZLu^9hQ}7ob|(b-?oq7
zPz$F5XEGpzNktS#{Jn%n##mH_!Gw{_@s8c`d*A5f91$*VQK|4X)9L304DXqYlqTD4
z#1PrJQ-4ZT5Y~U0ZBubR%CQV3(U#F$JV_F?k;Ap38EJ19jond3LYbVGnC9fYtRL3Q
zBERE)7|OB?yuE!GlW@wH3j9?rDtKb@n=_<(zTSDA?c6>EXJ1b7O>qpV>O^jd!965;
z2O3QuWK(2nx%eUPHst_M*_kd8W2aF{Z+`Ne{&c6SKTd68@*TbUNUq?yY1ujhKEKyd
z>Cj>`Eln>!qkuj}m(xs$GUIXBRSc8Ocp=iFuNpY<6xms)=y8N5tS2Aotq8rmY<PTH
zRP7;CYt|p50>F*Etx`=GB4ASGvBHBt{!2;vdu95mlP|{_F%qd_u(EOiCM!uvY{t<+
zQ2cSmAbh)-sLR=H%?AppLZ6=#^GR3ROsSrtn+X*bMdjPNxb|%$RbL59W}A@ek#Zlw
z)J<KbTfA_$@w_+DS<b9XsjFP|`_2RXJ1wR+#W9B|i`~3)8Q4{os?lYdlJDOO*c2b?
zEzeIUD~27h+iX%I11%R7@)ZXY)id;UtdUV!)z(X?;3m5c1^KKvW?+U{K~3!;4-$gq
z*&-p>?1E9}rg6-nz4t=6!-S9$Y^ef#?`oa4Y&P$4I=d*+EGSk)eme<?ro>TOgsqd%
zK_u`wIWwu%I{&`H^Iv-gRp=)@|B9N_k6kD0`vI}0fqFPYDUHHCn(S!<(fqZ7se5<;
z-Ixb#kILCI*U$Ewu6Oj4VuyLVMt#H$pe4SHy31GuZ_h$Xy2fj0l~Qu2Jufv*Rl9yc
zl@NX$j(e7TpdCDKF1Mzf>n_dtJV-)vNzsK49dPO!bDwj*%@N<A%@1D<jTdTWFU!@U
z%ciE}zQxI0<!%xXvf7p!R#z&-j}C>3aq8I12?@a~Km6KEqhm6cK7PUHd{G<{%fxcz
zmjmT+wqYVw3SguZLdI?_UQO+!ChBEf=<NG8!}NZePP9J3CQ(%Y^scV1BA%(-kb*h%
zt$a&ZW(QMO379Jsu%oW(oz~J}0%pG-C@svuH`6pLMTq}4V*U9{j)FeT`yVfPUC=Y7
z7psBqV?hkGWesoU9WF45`M}yBZ2QZ!DXPS^pFgExt{sm#H_sNEz0@NGb)^g%CA&iK
zRm^KIzC7pGyAr($7i!*ac7Ht9H)-s`Me!bV<r=h7#gJQbgH4=H%v(9m>;}hs=@{E7
z;I+EJv{R?{A%&D8Ue_v3(W&<NZuM|692o(he?3q7^sV@0nx`x;-FMIg5vl3u|NJk2
zR=b&>iiJPkRbN?$N4sW7V8M?^u(z0pNnc6XMu^5<BLnaANE+Qv^hb-;lbhv23oZjf
z2|Nt8-%+zn7aN9~%cscOOx+dAFC<lP34<3rZ~Ae1;J+5QS13=tB#e~ouRT}w2D-Y~
zJ%d-e=xj2_>5hpPD<zyS+TJR$^=Kver%yBg<v*N5c%Bnv%!fs)Agt|h6de4-^Gp*1
zJ@%7F-EJ;Ys7RTD=&I4XkwH<CNNd>ibJPD8Ky-?2{CWpq(uO{brg{8L>fjdB!%=tQ
zsVE3<*Q@@xtjfJdI>hE((96x?p76Xuy}NP?%AV4tx}gW^yoClukCWu4)6WHHHNVWi
z;dZEuTai^SGIynKJN-`Gnhw6UL_$32w=>mbr~YLIt=)1s5LKE{kVnK(<tv8japu~}
zgF>D|of;F!iTSTgE49Syb6Y;&JOBQx(&xyT$o5kFl5&NnTM4JtnvH)uZj+{Sy$J#p
zk0X+e73^NECp0LQBsPJS$!@ExUjYJLDKxHSvnT*ks?yTv8W!QMDuxU&GQcYcgM}i#
z?er)z0JOjwLceFUYgMS#$aSct`FxT_A!!IeYa3BlV>>T-efsFQURE6{>6&vL8%N8Q
zc7=vzjza{+03Yb{LN=XT+rj~qLV2_Gda^NP+%4-}vORA5`AfcDDx9h8Orpg!JIB@P
zd74Zx<KHGX4GW$~?fDiN?(}^DA$iVyuhNWd=z~jSZ>ShIZI1mzT}LKmqRZqH*i~+7
z5XOKdFUUt*9Fn|$YSbcarhnPZW0qxh_GT-;36~Lo?|$*BF=>y%n?VuQAC*~>q=D&P
z0&!=KPkXI^vQ<6BU{*nVKaPhsU4Y7Ea%ZRNBbKX>C#ywGPh&me6^X#J^_utb9z*+j
zF4ujN*?E%=$Fiw^!PZ@3V7*fSu-t>=slf)*lklsb*AvXZKIuWDiI$ixUrHfO7&qs9
zMALu0AXyHE2jlBJ7l|m+{}Oh8lw|=-WFQ8XaLAYn&Ht;^<lZ~$_$1xqzl6ZODDab#
zLn6tn^~kaRYVA*S2P+bPM%F!47WmgQ+p?&UuyyoAYWshIMC4^;Jknn&^$Ydg+yByJ
z?xD-_D9#b6s_Xyob=GlJZSC5Y5&;EiX;3-@X%JYnASqq4K$Px|MVEAUH%NE4bl0N0
zySu)rd++ykpL2fSKN1RSIp!Q=j^}#r`yL>bx`Gt^mfbh`p`k6iOPUT$qdL|<V<yq1
zQ^??or=4c^&l5khty&m0$0&0jgh*QNLI<$GMk+IAk*=Z}_<t3uMY35p@08bXkMRe1
z=(i8%5hu;0&yj1XTfV0RY=umaDMKQZhPQ6Y!ubqbuKtSi_@^W<dS<WJmvkt!FMLQm
zpSL|0l&6_A^A>OpCTHd58mU>&7c!!teUpgEp0zs|Zgje|UajRG$?q~^-C5Nhuhl`^
zxf4XZF<7Uq>k!PTPXnr2EV%~GBpw@owJLpSJeHeLfPl^qh;q0be-Sb0Ua~Xjt~VQ#
z_{=>PL{P1N_;6o$T$n7DccIQOL=U`hrNLkU<9170yEU*s(;b=TD~@pm;yU#Acd&sV
z5E=Dq6DzvKwLnlIY2yiQe}aTfT#vtEer2wynS8p7TAJfs#c9YFqbz4fNaaoZXRz*e
zC4^^MEw7pCI$I&WuF~k!rE>joV;vGUjYcdgF^}-O(o&iz-jly#Eq>nvt`sm-@;ft?
zhO!w?&nG^3iC?q2ZW!E_?oF4gdtj-RkxM0UN+V51V{i(ql^Jt2USHH#9A8RRWo(af
zB~~`Q2g=}`sS6M}+OW{mMj^I*<?`ey!Ty7J&1^NcA7hsR(ZgMDK8$38s#L_j5mRK%
zm}!PrzFN?%B3p^7sf_M*q;I^#RAC?>!W6Q&v)~}tyEFK<9d(#A7*ILKPN}A0S55N?
zR4B>oGIRZ*v~rY>w@J-;pop>jOpPzuxNv+i0wVufYSrh(R=JFie1@Y<p5gk(vz@-r
z276mFG)cafJ(0PXCx35`e%<m^?rsq@Hj~PAv$L!~(gHb}Hc&oW<Qbe_;4G68CDe9K
zkJXgF(G4{Y`#3T(BHaVj8DWqg3O~ebRIT>KUuxILrg@z0-n_t4`;poEWvHpq^xHRR
zQ|giyx7`CQfFwE!A(h=U6E2J{q&TNWBZE{gU|=4MVfWQ$i<Fz9eb?}a_LHl?5=P&Q
zq920@IC5Pgvg=g+kV-*D5oQZ@Sp;3ZNW3n(>k<nOE-u!-Qa?n*B!aZYU3KpY#=E+@
zeAhDca7-1NqMM09`wa`wz~briZ_%2)Y=$Y*SCjeGs}{hnfsK!-FXA2-yp@aEczr-R
zQ?5r+2tH*|q*jjpc-+?w?9wTNf*1dsyEwn-j?(DY!AQTSs9Q4UyW?^rL!WE-Q$iB>
z-`nnG{v9#_bpI5Sc4zCUZ1iW9_R$Eq!hs@O`d7a>cz;ID{jT+6D(8ROcGXcUFIFR|
z(FN}v&od?ctRiPC48^7J*<=lFj*c<NDD*Gp%wC)_0i_+`Kb^v<NVT@aI2PmC>r-mT
zK2Up}MPcl_o}M=;{JZQ8KqcW5d~~*Y(orV<Eo4$NEqWl~lNPkVdRq>-UEf70`QE4h
z_@?A?pi#Tkj<%2k;Oh}K9O<DuE9e5D!>5r9b&eauLBbo8cF|i42R{rTZsUCKwr-op
zDC3Tz{rO$nS01C51{JM{msOOBIE<gOFV-dC+gcABq+aY!W<B2?8#7@q2Ul6LNyV~G
zk6uOa^k3mcF>a%549Sd9O3A|ZOyp9>cS2%{RVZ@w0TQ4CNSc2Is_fW33+cIBz~>*+
zbrt~{=gf_KnfIdidYv-Zh9}r+Kd@dby;Fz><2$hE;l0mjepQ?e8ym%_x_e9jvcW$;
z9P2u|;n)S2@AlC*jt}KJ1L~#T`@X=Ck*ml$aca$mS2C^kANE78&RDp6FGc9c)T{W<
z(+}Zg(59Q5so2bJ0(s+9iuswUR$Kn*%mELO8mShOgyG9;_acJ`QR}Epe3E6vIv{>y
z1Rm$>NvRgrU&Xwn)5X3#HkadB><vTL??$DcImOICEs#Kh4e~8@OH843edmLW)qQBY
z9zprtFF37FxmZp+*)HZKiHxi1t;G88f<A{clo<smZz^W55!@;^*^Ouq=W312z`{Qr
z$_pm0BlTUibv5JIcJ6P_(_Yz1SNeM|0IkxK(*ZHh1($%j5+!k<IFBnf>wNwzZ=^pn
zH0uQM!qt;jv4FozIyqAU_f4Kg+~|dEPe4#;=$CQ7O;;m<6YM?@>VriU6eyhNwM6o9
zV%I-)I%Jwzp@bi%kh*ez>cN5S!S--k2xtiUu$#^ZM$tveZvuf4e)>O$3LxSsY(_Y=
zt*4W&n`Pxk0qK`2vS_Ht(efXu=~_KPaA2n$$yh6})|U*PDedS%f!SJNd0sUNX33Gv
zwCuMf8IrmOh$)TyM!y1OY05xv4CMT3UT42{`rNE@5=aXAZI{?(q__cW9EQ%}-VQOe
zs)Eix>pBcW-;rxy9yA*IcPBXCPDO0=#*H<F{L_>Ey{ujSf&@50B5=@gKb$h5&9@(4
z?u^!Ap6^e1s<9e<EN_Y%XzQK)SQ1{_tG#SQVlH>KfG8BTovp6~xXHG-jVMGy=?2<_
zER)_RX=$5I9m(hqDznf;Z)OK;Gfc4r5sd7Bp~IOpW0Kn{28%%JRDth>eQ-+uVdO;}
zrd-**RdYgdMbxoz@B45z*IHGpIgd)Q*Cm%bmrpx>cWZ<H=+;tXoG@zCh)pE_5Oh*u
z+8@~N;8z*-Po*bYnd6!{*;HZ!t4mJEByksRr1jNy^c@)4tXJog&aeZMGU(Z4y8DZ@
zQcC>COtMG><X^m@!l=9AI_isu8T$j_sYI_##Xd%0@8syE<Ej*QTRimX`R+(}2w&!o
zVm_1S?Tigj!$J#O1O%?1-<sX@t7hL3_E}XfMinbFnwjCVxWF=KG$@F~^)S8~J-vEI
z2ks2fG4C(~n#n$s&8m;TpRIs>!G;6>QM=iTAeaOwP&;!v-%?U4&8Mu{u{QUY<CjsY
ztq21plC$H5ETg`tGhg)6)4q~DNF(W=RMTF%g`t(xEV<!FCXw+)fdL{L<`&Qtm8i^Z
zL)CfOun@v#e4V(W_ZN?lPSH>K7mrw{7UwYtK-vK`7S993{4VftTBzj9?zNYf$puT{
z(RYxsD-4vsiKk%);O4H*D4+k384-TaR&a?MP3u)~z%|mTgj65SeZvi;C>Ak>(g*h^
zJ5?b_rMwGJV>c27+G!Q*A%$w6>eT73cPXWLN?leDfqocK{5uEOeO~iWUZqEofEdP{
z-26|v;v}3Yk&AHX)~MY9zN=lqdF3Y<0)hiO6RJ#_MHjsH%)8Bt({ciu)OhD1s?%g5
zCNq0ByN3yFeS|uykRQgX2{vvcR~G$?@-D#+nP*L(ZZqjKj?I*C%OApa`+BeD%Iz2@
z*kVD&${{tc5<rL+;VKRKpVaCg-uRCg;ChnXtPYDmceFaNrbwOfh;y;Ax2WamIwtsN
zW>CR6gb`R&f)hTY*O>YzXLt?p!va4(m*dzNE=mvJ+C(KgOQ<4?1Yo7r7SKQig`jIa
zA3XFczTwe+*!-f#(`8~gyBQmke;;Yw%*pV+bE7l3wQCld^hJ#UZ6J90B5C#`iqTJS
zBDVN2Ye^YNd%RuO5u#CG$Cp&>A#Fa(wcJrPXRci%3F)bVwL_KY{QDHuTM~!sGPNJs
z02wh%Hmipg<|*D@m=@aY`KRQcXb=VHoSt9V&!Qj&g~&J()O&f^L%SDJ(zL)4vx=hP
z!Exu{3*%`8<ctUL@O3y)<JfG`n7*%(O2Aj8CLEb6pnD!G^YM_NawuYVsMJO2Ds%kG
znqGM}hK3A7n7YaO7~@tqwo_geIbSC%EM@}d?=*wIHUi1$03(C476IjGb&OIlk?F6j
zjt4^Z0UjoqgSiX)vNvefFmbR`aif+uwhIuOBB{R3#1(x|deQU-c>s=zBxImXoPF21
z&<@OYsML>ldqyIL*%hp``^xnnT%xCh+jvSd{ZLbLh3Fq<lTGmz<@r}DeLcpx*OGo!
z{okAWU*KX|TkK_d0}>;{dP6$RZroDcir=vuZ{zwJEzgIfEzVq2dccf@wi-PAX17N5
zH&;h}u@)(=*)!O3JYJ~8+?nayK_CXS>AICo`vrZFe72;a^d+cYeZ&9bmDMiT(8&)0
z3(s|X`d#d^0Yy4xr7oi8vtLWLp7R^Y+pbbV<y$J5<n(kN#O9~Pr;U_%%Ge^EJ`HZn
zbc^pmZ(JPrtt3;_Zhx6H?zew+Md?<{$wNXy9yx@`u9h;Ed#~fLiOW#yRp`Epy7vF{
z>kZ+TvaO?7-tt@hpBRP+))b}F^>8}B!unUcsY^Ohb|Hk~u(J7HmvLoyxxH82y#BF*
za)dk}Z@-v;J(nvDQ0}ds2N{*VNjFj`&`1A<V<fXxQocR}+6E}hbm<5`PD9(4v9Q;P
z?B2@`17%6SOA=0gF3YdV+1cpmdgA@%9HtBD!S6+&*JK{0Q5W0f9K7_JI`aAVay8Eo
zUbFh=od)Jb7!1sSqi7shpwYg?>M|1c#3i4u?XJ_DHW%yj@Do0}ww>y(lQl~Z;G<O-
zt?x{XpH7(49uBBi$HnIw;Q^P1Cm=v4zrau0@26E+K@LN_N*vq`846bEot)O+As^U!
zWSWxhj2aE8*g}r0L;kgus@G~{t6hOg$+Za_&T2$6H<Rp@^R3yNWst!xAy8^PkE;UV
z1jP%-bCz9@L)_Oa*YN1gE2q|U3i8uO&?}zrKS1YL?|Wy9H<klpEaDc8SY0Y&RD-W;
zXC{qOjyP70bTN#h7jm8R+uELYHA8U#j<!v5JZ#F&2X}WrJ)LSY<GCRKrkmAwiaAVL
zVc|c>H&L(rf@t_{8{y)Jaq^72sp)S$-CrFz9;#HjS6$@Xul*(F3`HP!J=8Z|F`4MT
zk|*d9y)s>ain^6*gy?cqC!-9-O=lR5CvvzpS4;`>2Y{N=wqaM|S9v0Sg2Pym-h<`K
z8Z1C8*dZW`=yJ5%DmVp`EJG`C`3gZ*nH8MOQ*o9PrBEZLjjafeZ3pPx#a%{C%^0mt
zExO7&<SSOf`!BkVJk1MG<W*>lwvNzQ^;@2}EXyYJo+N4`m1WBQtbLZH%}nRIa>i(2
zyo_$kVtw4SKhy^{pllCMi8VR+0;9&G!>IlcL0CrEe_}S83S;A38o>)XPNq)*ERkkc
z&gE*zd5V2Fw(h6hVLGgO3p{l@OkFBwcYxIe9aMgjfm!TJ51^IJ;QgpeD+@szkFI>L
z5;h~On47&sDIRJPPJ1ziQp^a>b^euC6F?t?yburMr-Nm?zaS+9B9?|*wD(N@W@Uf<
z9mnzkb~e$v{Di{njf*94v2-EdoWCGBPR6J@0`Rl(;g@*-L-Y<aNlI01+vwob)a~ub
zEWKnh-)AoIh#2q*?Cw)1Pm(i`=Ig!e+Ainv28%xk#KQpmC^mz754-B96f*PTC;05s
zy}T*Oz6e$$vt&=2zFCbWw$Q^;w`)$HwThtvUbKw+l}s8mr@W?)-8;=%%MLy&r5#<R
zCfwPHjlLKeUSp#^W3DQ3O@8`o?WUbeAfJO;p!>LCx=HmxciVY7l2tD_(R%ZOp$^i)
zemF`m^)Urk;@PnrBo2(xeWD}onONUzB`C6WM*iv?Y<Vs2{1c)Uebv*Vg#9I*&LdZc
ziFWbb!fG9W!po1%vZO>I#GO}>-;x1IW52x0>%HKUf^h<izwX7q{?x!cQem=9A`0f)
zhIecLvK)2gHB^hlq392W7l~AjJ^KFx8?|6cx9lRBk;KQe!GA?6IKvx_=wDAf-M6Dj
zd|w9lXGh^z$?Plh1b@|ch>+rctJ--)0duZPAUB-ie~H3BKW={oXy`$Z4eI|x`0(yE
zK#<<;JXb*Y-<W6_6Od9I#bpTp`E>vNxqH`lw;>$`Tt#eE5>~g#4@zWY?vr_qCpC&A
zd3;R`sKz(X@$9AMXHAPY_aZ;h-XEQO?BZb=0h)+OQ09w@nyx}uxjN@$%VYA-qQo4f
z7NuCYxWx%``Vdv|;)Hk7e{Rx%&!_&7JWR__&R_p6dJsng9nDS-#eDRROkJgt89m>f
zB;ho(UaC~q%zn#gUGc%-9`XT*n+(6No=Do6_z|9xLULc_0#|7~k|>?TC**W-P#HhR
zstNF+?Pgvl*`OaXVKLPlK`E?JP2iFi*7^2e*?NF)8vpD%yKoZHAKPH)dCQk|Lp6;p
z-cOn}8-sCP#{5wJwMS4J#E|6xdYkDNk;5ZfFnz@=@yPFEN?0Q2%25VvCkGPvgrew_
zQb9oU=yG$BM5SfuyFXxFON2~|I8zaTml4(n^40ba4~wfTN=vO7xz+ZIH8D-anNS&2
z!?Ob)Jwzeg@k#}1`#2pGebHl8%~fNkCTjBY+?9T#Sypt7I1c>HP1ff-iZi8FxG(U|
zP@Q=<XR)vY>+PK43@37n;1hs${AjZCZDl%1eqnXYfZ76`MZ#Qfmck=>HL==Fq-jdD
znPrtyrz@<wkZ{*eAY(-Xq5Sw;^nzltQV5`No@kJx(*!8&3uo7oUOsN_r+{0+U9{=H
z1mlR2Y>E7popV-w<8(WS@M91Gdumlu-7tXS_PZ*H%*@bhMoaPZ6K%T-3uE0W&HcB8
z)6^vh(Jg}4<g?^N60{1E%ysByDg?ceM~e#>P#F~EvgXQ%cuh)GZ#_Ibx96@=-c~xB
zDoil_7*JpzeAD^mgpkO2hzXDrxw4lw6%ur%upI!~Y71_&O4t4?u5Uk1+jCu%W^y75
z?@K~L(0YC;C@yq@-;1sr9XDKc1dUVBPyzhr;%{|C<JedBCO|3PDY`#a|6onGw&I0O
z^3LM&@-!!*+O$?Iu0d!!_Bz%5J|YH5?%!e-xL*>9<(dQ24aqqDCASBKW@!fO%{gzB
zv+Ek93Y{)#S|a?9o`_8%?(V7+wM~sqa=uk26AyrHdwU89(2ZtmC7P|wg1z<>uh2w9
zBgqyYYsyTje}FQK?f79(2<C!|lOt&?f-Ql3%{=jpr?d_ve3~8u^?F11P^R~QMY!!#
zJLpTHBOkK1ydjd6?qG?@<}Z==#zx{BpL>$|8jA>^4ie2mS>|rOgg%L9-=&-BrA!NN
z=DF%RZ5ZP&XblMn$%z9GWt(lf7Ox~YuMb8A@ZBvr0~yJLpLLdZ`$2k1;a`_<F@7u7
z0jq$!YWZlEL>Q}0r=%LuMSwrY-?_8l_P+!GbTP%FncHLgn@P-8$AA?|<;mF=G^i<_
z#n)xFWF%Qlv+aA9;80UBUAc9}O<d(ra$c*nex4lb62O?^!SVLxT9B(Fbo~1c`<Z&z
zX2a@F*WvpKiB<p3eU0hWxf=%@gEA!T$BY_XArFxaH5y3T#@?lWhs>@5fM!j5oG)W{
zsQ286-DQoUb;)ia+vj}uhlO>*<^rR7Z9Ju9JiVfPn*H$?*0p)N@rUm+po|O%*qn;h
zU@r6rpQ85$ql$3SOtlpi&C0(PUN;F?Q>QGK6cYUeb^~GMjG_^AmsAG1+?P^Ii1!fs
zDdEon>A!^Ks>ghaQ-G;r+>9%GfDLC^tis4jby)q_>J>`&e+1!g>9z)2U$N&k^lyv-
zV)blz9O`ceX@99NsyS2t4QtwfT;Bh{8V7W>k0n~EfUd&yx2|Fy&{bfNktu}WDds7-
zpDv^m>YjfQP)cM{MS{C+7KpN6STBvB+8*r?qgBqXkS`N3YtGs*56HHsIK3Q*6^P5k
zd8;ATL8n*-ub8Ld=a0=G*lc#~S*ANsFt|CGG)qI$NFsW-)*&V)_HJjq)RVV1k}ewQ
z6AvzLbRimGNr&<|b#lL#Tj;03j2dn}Tp|m1IE`c0%VzdV1Y}IcD5tT-{WvfF;!4St
z{$N^oM1&DuC{IGrqrK_sKSYS9*`69u+{;T1bOIZX@(aAru1ZB<7Cxd`Q1Jm;{pDU7
z9@trkfWsuM7rU3M@*T=)v;`$e>47=b*NqAwcQYsZZGp!A0_zLAUIC3io?q^+xG>eM
zozrCqa&S<1zv$9moF;Vpe{dSKb}(IQ!6(lfES#nbcdpJuXC{TXB7a?)mc@{wawYjh
zlPKNgBOv%TT;vfR#k1YVRnV#_Uc8jY&g!`lOp3wWccsTNA4;h>-T3OL3kH=2;q|dp
z&ClW2g`*4O&*pC%q;rN6)08!LKJuzE;VfTY`9(y&4{369+&DA%(HURCOK*REaOuOW
zn8IUPu!EMTBP+{i*oqn;oO;-?xw^8dkB!oWv0015puZBCcah!g;1EYTQyb#@5b{GQ
zPnb^GcY3IPrnJqhFGc;AgtvG6emrli_g(y2rTsMX*o{;QS6_*9(N5%<iZXHW3cX4H
z6;g%yv7C(~C5rjBs^=~$i8$w9a{m2e<7=kyv91%yo%1c)t6*332MQ@tu*8><UwROL
z{{Pm46g8KC+g=od=^%otQ&CLcZX~(Qk5XrFQJ!_Z{3Q;N;iCLY9I~9$Ai48P9CGr%
z#UYOHa~OfAK;r7jbgS;riQ8KN7I#!sRJrDXCSd{^{1h#mQ9>cn0Q^r~tiiX;IiD)p
zA0A+O`yGge7)_^AiT%d%sG+6-NJVjWyOH`SI!Qe9F<kSnu_OQz9y+tp9hNkZ(MLz7
zN@RX~K0@_o0y6ozpb%4As?FAxj}reYk~i{9MTE;98>Hil9@@;rbp3@ec0eS%25UTq
zaCfw9qZ*rh>l8AOw8~EZe<rQ|P%KRE9nD`nEXa$&rFGnw_mgT8^an!9ccEq#U6EX!
zcGt?&W$gQPn%DRw4B9I8HA&^aRQ&*VA7|v6Oo=)!|2N~2l|oZ#fN+U?4k}wkKRmK|
zv7tQshH{!lJv-1bu4FGKs@J+vKdeps%hJCsmG+_l)>1irLWrqzD#suq+BL(<w@~2C
zf|5=_z`o`T{Yp8!w#~BDlIE#UugkzDBfC*qhb$f`Rg|8q^B)A$esgZ0tiyXQ&pIQO
zVk#Lt*im60JiAsk^p3Id{ud5WS*X^kE}q^CT{>C6HR9;%oYCY5GEj#o>$NKmTVQ-+
z2kX_Eg7NEKAr^P>EmR%gj4fvMDRWW)s>CMDw-&kCNYF3IZv~>8EU^i1yO5hfDmwHy
zh=umSr(thCOe?%c`9*BjwE(y4boq2N2G9-9zoFpWNLpZ*&LHY6!2vqI49UhF26Lr9
zV-SP8NX`Ln#ZwCe$m@6y4H+k)J6tn^&HktIWx@Ra(y?&;e|0Rcerc8f9+O@>F34qD
zL$N$pduwIPcG}G&zLACVw}hoU?YD%5_A?-1$uk)(&NZq!4-r9uEVp@TmPT}fdUR`x
z&kyo9oc+1<QXb$8R;EU*PsV9(jQ8v%P6G<77!9Tm?wYV1;xb*fuSMLR6)Mur5?>Uq
zkr4)}bl;SJ5quk*Rv{aVfXR@^Wn}d;>bF28pU``t-}ncuZuyFP-B+3fgS`~>YQyQ=
z!u*HQHW{x2kp^<*!-Ha4Ds5(5$ofu-VzTb}`&|O<DZU)!ox4z*nt&6+GyI0Z^Y|mM
zBE3QVvnwFeK^L!UaOBKm;c7A<CA=#L$XmDpeEHaXE3z`t>JcGm&GZC7-s?vRqTiIK
zOcfNlcKmq!=##7KdNg95bzj-0#o-hUuKB6^@b=hhz5Doa?=vC<TLhCtj+8v|Ng4$y
z+u4HCp<<l^j7S!>qR6t4$V>E6SrLACY+)<}>`ZY)K*j=#gajjqzkRKHu}*xcxiG&#
zmo~T-V`rzXYxh{MtgB~>gTET?Bb%r{U2c|wj+5wvt_A-JM%3+}4<&wX^B%{gm{i_4
z-!EvItk?aIOeGVmjc0Y=F3nw^@-OJu+iXA26sMG*cD37kX@m-Bct&a!c&*26z?}B4
z%O%t+a6#6K_!mzbE-zHH+niW9RqT%{qoUioBhOh4<$Km*B~3g%&0yp7BH-wdIRwe4
z@C;JWHPsCC!QV#Hop}si|4d_#CXB1~Uoqc53e)KtA+LQ3VZIhxKCc&;=hnR-XANr+
z%<f0o9P*Y@f56V(Fp*7Ya@e&!{fh7{_P%3ti^~zWh{%lMM4pe$;5-EVuG?VL$P>}O
z>~asJ#cshN2Wq^?+s(0Q+NoZ2hc?R)KE53<`Xt0@k#4iKMv(x$#P9eJ0P;2pa%HBX
z9NNzM810p4Af40AV(V*bQd%tM2EC${z^b_FJK3!ap+^mzb5%R%7zM3q^B_^ZKqcYz
zFmksN6i>_~lRqCWk+q5t8&l^T*p6KhSRl-^vfLU*Pj&U~j*N$2b>{Th7zC%npN9Q2
z_<vuD5&{^hR?c@O17FJ~W_m(E*I0b548HpFwD%F>+h=j$XXPqc));bnt57yi#OM5*
zpYDZ^99R>w_RWRuA7PlT)*tvAdQcb(oydK84AVo*EknmKt8MW;1jq3-ipA7tx6t?V
z)tFpeuHYs~aTt^o$SDNIiJ3?FRzB?8+C?OUsK+#Fk5Mj<#PV(Rv>)M}1xh+GP-Vwu
zQl<Hsc_3RM;8HBar<|YfAuP7xisZx(boV$_ahQU$VijcKnXwm$c=0FQp}xrLk~0rZ
z=;$vAF^pSj^)3j9bCl7Rm-M$o`j%(TNdxQ)AKrO@ISmIw(x1pACruXIk9iaqxRhO}
zGL>6coLyPOo*iSox`nC_6A#pGrzD0Is(e$kVxUV=p<G!*J&(XK2y(>;RA)7Sy}!L+
z*UMrk-2x%7ZN9hNZ!K&{7fys;g|AN<kvP2OuzcK}0Q;bsh(Pm%-k*96d85Q=O`oir
z%T#u%s1ozPP)tb>cxRu^lM%U2__W-D`M<N__XQy(f{pW6&NVz4jePqN<OX#LZ?T~x
z7yhwcwy_p$WDIu)H%!loweqP2g3%LqfoFggN4wZ=k|{=Q#a5g4*}T;QfsB@Wra>y&
z25;>rE$E<`z%%~7-tN%fB#nBYjxGPwvnJFx!&pgGq_0gtCdJ<vx0gR)zG^PkAnTOM
zG3E8HT8wX2x~EPGyHGtXZ=yWiZg6o4#VbVap2kB;Hyot{Cmo3M0+^8Q0K^OF&Rk>+
zA>sKR<o@37kT>t8MdP2d``7=61r`;hQx_F-B1x9|tW#)_Fp6v+pV|H;>j(Lb*CLuP
zZ|7X9tyO&@+a>Y-SQq}jHJSX~5=Oid53c#$5}mw#L1+H^J4$0XYRPfD?$EZkx5re<
z<$5lGPu{dVV}kwj!&J}{qriQiK$d@h`|q!KB%YOYUa9U#nWFr!p9KDi+x)W<En|+a
ziSGYnru=?aOR9oy2&;N|9JLI8zT$sg$o5T(N9la1#nb<BU4O56?s`ZtA$oc5=5YS{
zTlX9|cK`>jYHo;!CMKq<YBSF1&0&u5w%kJ_!Xp?)@p{a{mbq$D?>n3!5J?6psSf9#
zET+Ehn@^<YDNnA(ynWyN9yWVgbn~I8;w4|1Zv(ZXzuy;+z_YcUBm&W9E?DLaQoHpX
z#ZN5Y#YCo!!fH|@Xo30mNfZ@eezV%}a=*WAZE<l<13XY^mL141A-gzpjZQ-p=cm0p
z2*5D~o>Pcuq<nk}ltYAEmMzieuI|c8W>c<9{B^7p5?H=StBdYPhk>3j_c#0s3eOXH
zoM#fHqZbp0-7(*s+qp5oUm>=rw=cMfzSt20dR?uH&7?nn{%pJN7W*(Y-G6!$s=PE7
z0`dU7VuC3#j%_Kf#h$Mc73|}?Rqx(cnV|?hec?eoUndC24VT+GP>z-a61ATNMy7<V
z4w;K^k^OZ6-TKhA<PBqldY=QsvE(33YL`66PqGfQE7&<wykwE{H7otO_AHXu`eM+c
zA-6A(JDt<ukyE(JzIk4l%<`X7N@*w+mSst_-%W#&U}OUfXbo8~F)+#S9!*B_;lMtC
zcfWn8X7RdfjL&=ialcZGvd=7RY7phkd38jVSTbV@iM9Tu(%t126rnQ+AE~by{G7MW
z*1{`kfTy`w73ED=BiwttefAE$-mfh45rkXMAMS6?d@dIq2n?aQPZ7)uE_W8Nar%=y
zF_|=d5{xtN0tsDx=z5X<o)a3uPZH$n3FUOVf8FP9e6XgbaV-RuStIY>#UnXG8oWh6
zvA~Gdq%8?;lxHTf31*7ZtB`_>r|Vu&I-kAEOm$OhbW}X*4c9d9{(ch0Eh-`+u!>U{
z)o1+y;4#l?v60I+2PJSnz?9uZcDA<*-F0<jP2z;(8PjHqi;1OXqK2VEjNd(&ZlfKw
z`(qCSib#92xmT~aAk@b5rEqQShbrVT$CsjX@VhQ(sHiYEIexJ|xpC0fc6RZYLteUj
z(Hq-p+Y`&I8_XGg@0WKD4&FYPEK}z<_h4~Nr*Y@*W+cidI9~3d(oAJ5`=I*L>8Bk}
zY^J1zY7p%}ixAYS_hrNVGZ^mZF}5_iJ5$gh=QCz&*QxTn!C(H`Oqjof!3iXS4=#WA
zYZ1_5geCtO?CM0wYBKkd*~w9mKEAf-+KIP6o<+IjHOn4Z@pBK<+>Ub*lhgg#W#BZS
z*DB508MV1#W~jb$6dzlH=bcgkZ&fG<Sd-KB0roi&m)a2vRRuR0S+<q0t)O}A^*KEm
zmVCI7Z*Z(UxBSE8X|wyMb|09y5X={@t881-mHC{H`ZKIG*4t%FERT+z*5*QKQTpxK
z10^>hY%7T_d`ZlBcPLn1{NuWq4C)ob)*7XR>}J!n12TSn(KMcv`|W9fBx5Of{Utj~
z)16xEmxyh9M%GdW4eBRiyLK0M4zZ^L)#htk@2Hil=mSaKi>kS*K7L1*a9J6yxGc8W
z^@cuV9n7bi>_U&)W%@*J&#qjLr*po{$$}IMWQh+JY7wn)=u2LaIEv_fKyfe4_#m+Q
z^jx?sbXfN4E??CgpgCk>Xn342o7AhGSM5(3=(4Q0i%(G@Xm$Jmd(&_tSy!-X9X8#|
zq7NLEJ2<sRZnFr3dppt2%_y-7<jp@jcskmUa#0}QFsLGfims+#K5TrP=A;R}6b8ga
zOH0e`UkW~jM>QAXcvv*fRC;R__@<0JOcFFZUdcJ1&Bz>=ZNg<~|9xe<IpOtZV*UPF
zhnLVvhx0$!>CdO*5rQmWaa=BW_vRXLe<&8|zrFrEPI}>#7c-3Yct7-Xd`;I!{4m5f
zT_hlO42wYy{zsaq`S^G3(C>r!(6nK~r9(8;#<JM4Dej&Ks*tNAz>G>hSC6Yrhr}uG
z!ejW-?qC{@N;(Onfl;%8yoiRL*@TF};50ai2O;KDf-(|9JuWhCRc;p<)-bg*z2T_A
zXX>OeSMwu=FzM(Nb2V18s+agONxX=l!aIbrZ$qf-eKDBV;sGDkpd_*{Z&8jJfOv!c
zdrL~Jw;Io0AAI;;cD7>%PZID{{B4yP2U4o{Cn0I_RdBX7O|E7kZBY`#)B1}CL@p~`
z+*MD>wV;=Acw<-fxE3UDmxM*$5lWPsr>B!5H?dlvzfys9%usX}^wK-cmLi3{W#lMI
zyF5Mh%opG=pFe>k69YHezL*4peWV!H!zP*)v{IQ$i#02mzck{?$;mC-BtCmhWh8o}
zyz^~07Sa1lI&g+rd<NsvEAo@R1ZBeWBNn+P<Gbx;3G87bP)A=fTBOh4SB7-;Wy$cX
zF~=InbtSlDx!NoN%vAN`=W$@j2~6AS8(vt5E6@C8S5^RShcDzNnT=Qu2Z12n0R^Wu
zt~?vfel!(5j3pa5{sYPV=p5ZFjhz7xns&r~na`N2Q*X=Uv;YZ{zP?`0!9IFn7|}!M
zh;Jww5gr~%ozT@lJ^s==4QB?YHvJCpNAge5My07nbe3qJ;-q0K#)u?m<qbB~LY6zE
ziN-&zKqht;J4(efe3lM2d?FAf=tsLxF1y&WO>^-8^IdWN<4XtJWq2>Wc%Pd_zX&g+
zlB0#aB<$BCnF*Ayd!rcO2-r<=)(s{WH6ir0MHUv93%uy^PZsMhj&hDI&=IC_1`^u3
zA|8AP8-BDc?sDiyenB4ej^z-LKqwR3n$Af%I*~H6^lj#Y2Q;iN0-C|J6)j(FH8Q(V
z%=c$(N{Qnwi#5wdIngps^HQXJljrNwR;#3$jy-#hHcHZDi*2RqcOG|2IF=n{Up~hl
zCeajXt)X9$QFGccW4OyR=IveIrAyC9CwVI)+rL$wp5+r?aTEdM@jV1C0nupr_l`q|
z6vfc6=EdZLOB7cU^T*@Mas${gD9hW7L$veDByX*`N-L`4@G?ajWOZ*{@wM$w0i4Ol
z%g3#kUFA2Bt&tqi9B?R4zC#<UG7B@qm)pV5!!_D)Dx7vWiNXWW2RKCS^O?$*?)Y=B
z8DlGQR7XAygY%VDO91uA)BdVw0xW9-2?HC$%xSS@l;rWyF-J!=o{IqumO6-)0G>UD
zN`u!@6PpyK1THxtO@5&G?8oGGICBg^DOFh=nm10zVaFNvXlQm}ffYrf*AeVVtOvqW
zvbWL-K;I`%OM}!EChUR<Ikgw6Odg1V0Dl#*YNijB_OR%>*w<=p>ljXxBG9-cM0I+c
zMVlW>^b*OS+Rxq6598Yqpf?QB@iM3!x$*V(MoNo)mB{NVebnO_yqlQyGgG+LBl<aY
zrX;sR_Oj%1@Ji0nI5&Q4%*jqA`0zSau?S;u(d_QNV-b9JpT&b#5JI1_4I&v|w8H_5
z?XnxY$?FZOtQs^mIj{)Fn#I8tNCN{(cFM=Fa@@MQYCud<ZO)rbOp)!NGUydtiDlXM
zRjp9ah{o?>x(2E3aLye#1diXc&Za|2e4g9RN1E5s&9{ErLNa^AwcuVtn=H7L+AY^F
zk!ZU9US3~6Rx6FYPwBLO>ty2FxAEHg9C2znN|^EW(CC{Cq{ED{LWS6REwV%|I~>4p
zg$NjvF?Vez3`~+{Jwpobs@h;jC3DSuyj~r+TE>bf!3z5!QEG=m?`G0jb>PuO@a@xo
zRv=+;%amYHKDOJmXMQ^HGMWRVY2UMFxRz!+B<KmhX0515ixUjx)hMZOargtLE23R0
zNq=PKdOSHh%G}`;>9y5yp(UHe-IcLc2f|~B@AmRS(II{*nz!f4XpXnenBWJO)yv(n
zJD2rCA>!r`tGge~hxG6|H|BDD$y)+O0j5ulj3lXfyIA<DI)gAeS3SFYnQ@GXQqGRG
z^9Mhwz#86vzcXhj7Ob^Qfbxodh+{QgJNk9P*~%guoBA4COhv3a1soZ*6oC|F8kKai
zg39-d^lLfTZzMe*xzEF(*P0CwypJmjMT+JUc^O@jGlC~>5}H1r6<q}5OQIK->XdDW
zl6adP&+!326c!MmgOtGjNH>LUOHL|R?_74BT3%dvw0eU5`k(`qXbd|~(beflylY(a
ziR#lc5f;<*_75TWouKyzFjBgcYtD7nco7B<P4~A9AHUa-&=eWGs63HIYtNDuR-{$L
z_;8c=9kuJbprE8tjkx~Zi)x7D>O||&vT&j>Kg`wP`QvxiG7{zG4DaRw2=hSp4Kz;`
zllNPF8dC~vrQ!I?>G23L<~u@$#b-@r>|4AfgUKugla=;Imjte^eA|aIMI^3|2E5JG
zcNQUNS*AE1r5N2G{w`N;Up{+*;!S$TY37BRydXN%%;Dj=OfmN%YHJBSVpH$rD8Y+l
z4>*VuW|5F9jofjRLLS^Jfm$l2Pbm-eKHY4~W_a`<Fub0rFh&I$aU3XC7ZbhA=N$UP
zx7QVUM;&JdC4@xsVQ+pw2NGI|$Fbh3R7_E<r@VL7wC_5AW|dF%`bt_ncI<!e2DF8F
z{M3qN<ZHsq!QXj4j4d?f<<WczD*m!!q`K>?Ty~dlzNn+N$YXI=FH7K^j+rAZL}yIm
zph_8}27&Ng$naX9S%W!CUYFY%js5^3%@=KvSUwRQ9R0DZw%6crzeF9+GS<}YFZ(s~
zQP1_5tI7bk=!Gf851Dhhu?6Q_FU0N31!6kM0<#qra<rv2`$C{JVmjPqTpo?0YrExI
zpDi;<;JRJhooxSwdrGVI9$_>hOfhl?kXWTPyhCsvSY6J(SJkKAK)ddXb6n2I5{1mx
z;BGE(+D__R+10*Iw96Djrmt8$ibX^U-kv3+DT!Z)|FzK}g?p*h$_dB+EgIO)9^H}g
z6Wap!D=f*QS-QET@H6r>2R4V4?8=|QpK`elywoYf^t93eBXDckdf$L%I+au$@?kJ>
z&~E6ikhdkJ$wK4zXU|ZPaJILp(7o%)qqqvV+FE){&*1MCGSQZk-eoLBxx)zu!xyYF
zHYX%%)}}+$4tWTwP4RiOo^UJgQ1x<#=+=@?Rp^hx-(-}ezck?ze*79-uQN$p3VPQO
zmRD0h+g_Re(NXmQh*)XQ49RJks$TH8&_|VgT$^|7_@US~R-LQ-7byx2JSS(I$}E+U
zglyGF7C(p{ecCZ}R_OOJp!?zGf#Al&Jr=)^;-YDwnPM90I=IJ`DpO1>xTSuxYFT5;
z+nvsdA=d+=DszU!4DUV1Qj?qnzxo?kU2nlHFZm~Gpbw7exsdf|V?QO=BIdQ#u;&Ap
zU&v6rdiN1)eWdIOH`QHt=6jgZjCaE1`JkX#_^1d@1iNp}Ovl6RDJ$pt$lOnFjeEPk
z5P_r|haFcgL5Yddm}$N#n%8B=RPD-8m+4c1;(fxdzi7h}&tIfQtzeCZapO0FXt4@;
z5_b^JLZ)_!=hG*@^65%80ylp6X8qU`ajRl$@N<On7aN|Wh{?6P8j!{F11reo!RMSt
zZS~U}BM@k&iH0t;x{DL5YT}H#S2<>L$7%=eq)iGSP<!9u`MtaQ*;_zQqymM;&V#~5
zZTs~h6<5XT<@nx9yG&okRnlxIO?V9M_bFx$Cuh45O_yhMjTjn3LOAZ4EWMu{ju+;P
z&(;=}RqmM4nTUFY`ED5VO_Q!Em2@<&(%yZwfwn70Pj;UQbb7A-U3L-*xv_NyFL&1d
zhB_sFPvU-tL!|;%WIY{LJ6{y)qf2j0K-Ku?pQ8%zK#$QQ5BZ~B=%w)uGs9$8=2Q?*
z;Pq}jgdOKpwhUIdSNX|R`OB>`eLW)856<42wm8%)vnJiodqbYz{Dx=0$BIO1eH$E*
z*dY^8j8WuWj8SaIdIA~l8?yMDvIM`;vXtMpcNy&YFY5_;0%KW%Mf@<FU!EUe3|Q;!
zbuWGv;<@^M13j!6UW6opMOQDU2)eQV=1JzrFzi{j$b5tS|NR|*|N37ut>R4!{%TGm
zV(r6!zxfAQk|qPlj{K2@?*B=4a)^K;6iAU?yJ7hkiuxN2ae6;N>6C8miu-$P|INvg
zZQ%hqQVF6#is%g8$cxK9Yp=wCL$SC-Uv&G?m*!S|<W)XtI-;St2Rah!L-sZGdhkvg
ze+<O0cOOW)luQS1MJt?LSzUcGuL(h)sW3!}o0}u07IPhv+P!m}tdRMlzBZdH;H)oO
zTy&-1NJNZ!e0=OUom^Anx4P(!M%9D}EbX45>eci+dhnpeJDh%F4f}8B9zZ&xz@8_f
z43Q~&{OSp5XV-eD?yGh{FWz3(vDg-8wfXrbkw!J0Q}Wd#s-(Rh;q$FY#PswpOKaO>
zcu-WMP94!Eqycl#)X{r83#TM=E9;P=&#6|v7bTBNWT}k`h2l77Ny)|k9vTf#H($1d
z<oWtmBhRNEGVCPi*fB4Eb(AZmH;!!bHwIE=)1G{<aV4?*+V?c+=*>F{3Is~2WLWho
zQ>)m+jKNqMsrD?wsFR?ToHhC2k1lVzegU3_;%2YBF})V>E|j3>L?cTZlAL^C+vUgc
zy1F7G-|%6lB_<7UnU&ndfR{(J0?b#&Gcf%FaOsfAmoO+ODS(1SuY>D;_^Vc7Je$@a
z$D*L1pa+)*S6Bz#_SJ7X^B)+wqy|44Cs(Zx#VY&S^Zdgn%=k}Om_%@ZdCL7_-m#?@
ztQ-)s(#nWdqDmM?>!dee$P&z2t|puvHw}?&Yb<0fvsZTr^x{Rn3mk8spMNoz#6&_-
znBU)^i01l3C%Qk*W|y>2hNt2t#a^$|Rj*s@+VSr52p{i587CSV8fgSXJ#+HWD=$2x
z^E+E`nLX{$vj@j3S-`#9H+?$>B7MTZC8&Kd=TLHx60}`0;&_#NJdW?W!wTIz-+{6r
zvYAe`EU)9}QsS9^fd{|2^u^&5z0%_^kEQsNn4-Q3mDai2Ty$;sl@CV7+&pZ)@1$G}
zr;teXTbX@rx^p(Pw35}wKGp;K=0K!n<uFFD_~3Jz*s|aX95V$QwrCR<;m0UynD@4a
z?oGT-{0k6=<-2PXChIkQF~Jx8p~_DM0O?H&?&Q@%6A|hu?pu#@0(SqEEl;Pr+0|5o
zRiDu5G0ZPII@$w^yV}siTA!6~HqjjftumcLbWIx5WlS!6ua3?KXu_ZW$z{d^Kl|+E
zdXv0&#9}p-mGScR@@d-y4|o8fjrygP&xR5v(I{mSpG46qdVTK}<Fvk_UK6_08%RRS
z8ODn8qUOB=0sMwJZ7C`|(PO5RJ2VjbBp{mJn?(7JzBg<=N7(URX5+rG&c?e<-zL;w
zXMOMbRPfdop2{+CNhcG6!e8)~&;&3^ATIX}Ww)p7LR)`KG^?8rB+=nQ*j8Dtc2iuJ
zV!*ED-^*=2RY~H#3c3`lWzK3P^46*2&;{yiCT!^LqplP|`xbh;w`>A7Rl>!=EE+bQ
zlAH0u0uw?Z8b$<$%_@iS%=6FSy#hbbgrbj3Q-gyAQroR8Lf7Oykc(SqF_!LEc02jH
zGzf)uv6)}snXtTJ`nLd__+Yx|_6-L07xN^Jt0Bo$%mAGvBd4Hj1ASKp+EHn&YWBI6
zon?1}KV|N>;8+Pld}Kf=G*j@=$X=J7fj(w9u86Epzg^+ig3gY}c1apHi&;!o8~$8O
zzmmglvv#_szr-UXOjp-MwbqpfILC3yn-8e-6=mHGE)K%sxv{Urq$D&d#L#n<Dv<;6
z-#y2Oh|nTJZiIPw2%VrqX?Sn?{LCp2_ZLN8d^CQ-IBqKA=*ok|peDR_Fp=@T!gS<$
za0(|3O7ktT?ZE=d1g$cwvJj4$G&NVP3-7bRG+7)xyl-Kn&s-t}=$a8&@&mr#qL)|=
z5woK3Qha&)7xKaIR!P6KX!DqHWnAIY;1{TU^@Yo*)B2az<$KJ1AORc34~4wvF~ypm
z>bVw1BLzqbKV*q5HwP)odXE^fUr|Ftl#A8ycB^m)*5m=Q(oISwCJf+J(c(vfl^JU_
z^?Nwv8CUH`+_wtPHe9$ckyn5EqeB8CWo(9Df0&J-lQE^1%Vc6TQ~?p~mVN8v*U~}~
z+U+n%WQ^w^p#74P$nAvcqIQk)wf(jfa&75RtogWk-iPAi;$rR$$xr+z3jo{s>Cc~h
zPuhTb)kwt@_UvGq=<Bh98}S1cW4qp7ZgnbcaIu7Paoc{0d2XzdS+B&}-o3*!Dz`0{
z?;V>xo`@D3w{JM7))4v8NaSCfb)|%h?#5Ed5T`znFT$zY?P2wF^W1zwmx_;U^ONv~
z9A8VG_W+3z&%&3D)*goILErA89FPBOH@Z{3aJR<Sd4nw}DT#rP{xKmmRG&OR1YfOr
zuJ}@7=@9%fp3RhgCAwIHg4J!u3v^cj+azGZWDu5<rW?o_v#(Z-LDEnhVvkZ8)}v2Z
z3$x*Jj$my(iK;u4fcEW^7FB$;R+y@U5Wb}M*W-`e(_yUhXNS~W;VG2#I4;$~&v4eJ
z^nlwN$0*Qh{luFxmxhYLaft7p6e;QUY<G;n=PxwFP{<h91noQz0i-|fWI`Xl`}wP~
z=<x^bObD~&HGjRLvv1(uld2)cg7<uS<~u3NlpS(9T*B0T?H6M67*W~cgh?f!p^-QY
zxwhBy78~at6&B}OYt~-X{S4X5YaT@{%xK&<nk}Os1UX<Jw4SszB(nM`(kgoZ2Lk&u
z(QX0~BejmW_FEm-y0q(4;L!5cUtnrEz#O(46Tp^_A2LeBSkK3{hs)JD#vg1w{758y
zIDB7tJ60O`bE-BFKNwOuR~>QL+&mxu@rg(}kq5zS>0Sa;+xjp(wIH<oGABLA%tK9G
zty%IiK#&<yaHyxgDzltrQ=ncS{e7nX@Co627eWTA@DAR*B44G259md{#f_J~43M)c
zkpG1R-k-CX)89?V;~43##cV3QGUJ;+<m=N!e_gw^Fvs=cgk=u8Q@M{7+NZi?SYupB
zA|jg9k~yK+lg$s6j!~S-E@G((LAZcr99C_z+Wdf?(_y24iA1B(mLYVSJ&azH-0`C;
z@*0PMx4629;5+oVSD3%BPR4?a!?>WXz`%jPc-_cX_z?@NFIcTp&mJPFo+D^s`1=he
zgQ$WXWOa7D@m*gxK42n^x)j`|c;qYR`|JLEGwhL?%AJ>6E#el0l5t)gHu1W9<icd3
z4%<)xI3zv**E8n!T!g{JMWxx|O?;s;|LG)kjn9la9s&-B0US`y8oZ(5mBRYD99H2i
ztak5;Dpll{J~H!~mRl{ci|4z@zQyy4o_3o%$79i>$+jFwZP^#WRcbXW>eb!hunYir
zi!P*GERa-nraY0_%(3u%`ud`6J%AHt1xC5(voFTfBDr-hy@mBu9sNf%u+t%$`qkF4
zo$8xd^gkcEcy7R;mzJNCvUEigal_;VMxuQ+N?t2H9|gj4T8XdH#D%jb07BIF`YjIV
z=r>HN7ORCTRIhS-x&@!ZT$Hv4t!1&^8G)<*ARgAK&g9(t77MM}&kwC}o^q+~(`zR}
zi>#iX+iGU;uD#ZX)w!RjX?n<0ogD2~G|NsN<WHt|T*2etU0Ii%3EA_Q>{<oqRyOI!
zi`CH_FSjV65p)if!55Lm9iDAOCL|03q&ss>jW7MT8&oqoznB2ID31mUD3Q`+b~1Jr
z@u@pHRvPhoda93OURZ?)6dyaB1i6&2^g9STz?dZChM0K_oER1iMe$!Ri@6IMH!tRX
z4PF6H{864_zK<CDCdwE-m;%kATZ#4Vqlze@yuAEy`qDBo9tj<ym*drpm8<@8MpsI5
zv+&wf2(%4zzR^jUC#D18@jva_Upwbl=;mTfZ-X{^fePCr_d<A1*DvvLN{HNkWJaD>
zjxT-Oz{512@O<s$T*OLJqFjDmCxMWesD)Q>dl61by7}ggCGFdDdc0?PLrIt$GmghQ
zC&}Yh9S~mECJ2t=^Ll4>4dpzA9zsoYB3pECuUM!`{2SxMM8SQgeJUw6fwqW}0yi~2
z@4%(v%u1UIs^-E6M%9LzDN*Bd5~Jm=bvj{mM%%5}B5DT69u0^{9u9{20f3^?*_HEk
z);RbpizP&Gx0l$7Xhgh*sqk+3H5c{vBk8g^N>Wo5*WfVU8-FDf&e_K@<X0Ww0JOp&
zsvLzi6&W(ihb+qJ`+RAm!&=^}DSX$mldUE)U)TD_SzqUJ5%Qt+1QgNWSIAQM>=1H~
z<Nc%eU%33Jpq`XOhUwlO@n=U-L0~qLU#r5{X^g&Bvy1+_kq?PzLcad~iUH4-NdBym
zh%sTe;a68W`~{sfiV56wlZ7+4yCZvE3@(2d=&T6gB{}<|UQ^OjplT*T-rC{~BF74q
zmDs()8B9S*sJf%8ax@$(<1${T`}|Boo-ff$_a}|Mv?DykYRxPB3SBxoJ54(+owCec
zFW(3rq}NB9170JFfu|pZ_s!tCX?}0}taa;Ekvs(h*S-~GyBB-8F`@Stys4P7A0Lg_
zRI@CpuwJg_cT&kudV|*rE`F(Z8leZqm?KE*GMPb4kW}a~UI19SMHOV%vY<HV2;{wS
zzs4Cr7_mQ9IZOXaz8Nn~vH2dgq6xBcWtV0fg#X1=bA|vy!0niRUg>xbF8ql7MnpgR
zoqscqC#SWK&DxYjX~-c}1PBY0@x>0bR4h5{k_xHQ@k&MEr+WaPcn;8LzCT9Xo3EEi
z9Lp3*(d6~2wZ9;w41n=}_3q4OSy-C9jYN%>8Awl9m%}%c*0-^IB{jDF@Mu3O+~A7o
z{f5s5gBNnRY>7F2syNUGttEC<-;P3(Qnw)N{G;q`$q*(@($aX=cy}RyR*4*@taGzi
zVi2Ipq|~oN6Lh1|lVL|brrFV;O!xUUGDw_VQiSF{lSY1dek9`)=?^og?n1zKx1~_6
z*5E4I?eVmvYtN%LZ;2A)Ys=ISzSpV^VrxGEHB_P&W7+73v%TxZmL(Xt;aWuyy6r=o
zNNMoRstljEjCmi9r9Oa@PB@)6aLr*>gN8T3LpZv@QTp$R&a9o`s>f&)sGkfFNl}h4
z-{mc0l(-;=Ww5`VLH;floieI_4sv*nyMF+B^0ax5B)pXHL{KuGJBzTl*f%8X#LpLp
zYnD%~S<2)1?O7rObrL)_b>6!|Q8hD4D^KKtMZ_(2V~-r@yvv{;q8>d0asX?V_Ev0Y
z7C-hJ<Hm^tGLuXx@;iMRA=rygu$uC*nhof8->&*Kj~F1ItZ7Yipkk~6(TesNwTw|x
zYd>xyIveW~diFG!q;E&sKZxhBJw)0U>QwedA!K(26LV0Jz1WeSvkfLpiV_Xk?`<5(
zbAE4y&rK$E(_q#V)rkq>1wslVj<yzGC5439wBem;XyR0#%N>C5nnVxKcp+c!@(w<J
z-kMvuL|p%;JNlbykiL1@t<WH-c+XfENIikT)7a2J3UbT~78sx@l$TG?9m8jD=5aZC
zl7u{8>%{okpzO*TFS+f>3_%QhusRu;?gtIg__SDArzJ;O3?Go-fP9~>RN5n*kXx0n
zoEVxbMbN@X+}%Nq4>N$C1T8{zM=jqA4n~?~HUw_S+(%9hp)qHavs&7Uc%;S??z^&~
z6<X;X+qKu>(yPdFK9R4&laD#4J{Su8`C&e~%SL*z3Gj7LQA!o;YQcl`I*ZXCpf)Q;
z|5_|KU}Xxm?rPkfl=^Z^D%9A_Q0p%aux}M61<V$eN7}6)1&ZS<JBJKsYd`<F7x}%S
zA3<J+4o2Qwd%3F@lA2>mjrP<ZxbZPA&+OSxl|TMJy3RVTtz~=rg$h=zSaEkNE-eIi
zr$F&iGzE$mcPI|U-QC@-Kyi01?(QT&k~cl~oO{pt-TVH@hwLPK_GD((de-w@Pdvak
zB>16tKL00D|DEF*CqXRZ@Y-#OBmVifAIZOi`Hz^0n0#$@^aO>b|0rPmGqLpXSq3&d
zgX1M77?axdzph_@jmYx)?Kk4RKZWgoU-w5I$VCdC@C6Yb$b5P6_nrQ)+w(C-uG0G4
zZ|nZq!Bi@0x)_uQqA*x`5yg^BNy~_$7NedA<f8H|zZ9x9L#VV8F4$C4r({~O&-|?I
zAvF{0Dx8kIKx9bx>lIlhVMG<JH(#T|cfw2plt~VJ_g}gNLru)>m*oAR;id#(_q2%X
zs6s7#+wo(RkZMc{0mendXVhR;&hx-w?1@&Go<S0xxb*$n>=}~uvhvOONX&CG2`SOf
zawQtWdd|gK0O@lF{n4aY)@LSL>i9Nch15obLc;LIR!4X(D5+6yc$^zSGZ*!#6rdSb
z>{!-Dc5at;_Gg*=X#KDys_v4G1tK|~ax`sEhfggIRpu9R!5t2mDIEe>H9Ldli{tKz
z5Y(MzZeJ4c<5Yfg+Z|TgQk9T?lMsT`(AmvR5SBaptAv-Y^M?gXZN9#4Jt0`Q>p80e
z?l!i-hexgSQOf4pzlGhIk3gW*$vgNZI-lY2<|qnyyID%a(!-RS;hpdf^7OX8Zw>9n
z?T+O+1(jTeD81yzT)~O0QrYuiUGi=)>4T#h;x@x~0;0~zwX|Jm`J1LD2S7kt^ZI#z
zwk9~r_|f!k__^XY%m8^%g+RMqkVPS1M^8!=$xE$Ua^Kja#^hxvzjB+WgUE@Oepja$
zZ~!hapX#+^Ja|1m6&pAFDq9~O&aMsH#$<V+h~4<gsZ^BCnQ!3{ECxF3pWVG5yiCOr
zwEdI^#i-&jAGCNJeJ<pOQ~ofXoD;ELIS+FK>qES3>mVmEK2)YUOGE$$A*L24368B0
z^LT$a*_s=Knb;ZK@aSm=^!XI+a`QTUFfxiF!KsW7*G+7MvUc0#J$|`1p&U;!8nL;D
zF;`gm1&}M--xp5OLXh^)H#>{m9I6DNfka%i(jGuN--y};e=NRh4)~~NqoQoVYmY_K
z+u!5=FsV{xPl#;w0SzC%ZAEq<6o{rT(w7co`qd7|UZ89~{%rBi7F(wKUTP~U6YNUS
z9hbS_j;(~&_a0Ll{Dtfbh-y3!x70OHyL&r8LPkkpN+C8HTW5zHx?|IHxu#llp@zgT
z+k_!PH{39=$yGBp@^B#f`w2Rtxp)j=vwi5`zBasOe7xyOv~?Vna($7Go4le>8W@+W
zq&9Gxh{V*n@ahSx>Zb7)1)6XVar-1e_n4vY*?mL+jR)D1yj=5;>L852FB4N~N%M3H
z^%c%5GSt3i`{1gXnK*hec(iwxm^k8-_WVkGr2PTQ8Gy><^ch9f$XTE6H8G)K4HU>-
zM;>RTBCbFZl>NhN3#6TI*{hncMpd0oAa!U%FYj<E?c3R0C2gCt;yg5oCrJc9bHHvc
zTkj!Rb-DsX)&R!f;2Cg6;NDj5>)%hTr;}f)Ziiiiq--b1A5iI({P9=;^84piIqy|z
zwc341$H8XsQKeWNt@firY|G~(72PfMsK$0Xme<Q7Wfr4ySU$D0e99TM!A?EN8%vND
z5vCM;?|EnL&)gManXc;DAJR)ya=g$%_<_cOEuOc+an`d~yN<7)MK^w7?%I4!PKw4w
z<XDUB&>J{;8DAqKpAqWkZeNp+^18QQQmUs;Cp|9jAhP>e-!k#$gaik*OzERLpA7;;
zogAfWp~P0ZO~d|x_Lom`d)vAAqCJ&A=TrnqkS9<vE~tvu!O7X#Ia{>~T2xRShXS)Q
zvKduA(kb;Qzdp1rAxC*KcT=O3%OgB<Kq55mw?v`aR00<8>lEyqYn}tCO}$+P=-dUB
z_7|!d9#Jb^Pj2gnMiQo3J;D{wqIcR}a=EkKQhnq*^VIE^gELG5)?#W=LFN2YN?-0j
zQQ}s-$8S;a#=MMYqRTkjYdGbhPn<Q>gcrCZqfPNo5*ZQ=o?!5H8)ACri<CpPHp`=&
zUO3{2T_i`mHM#)-#ncVUzG`qE{oISkGnD|#Vb?$hHHs)!q|qZ2c;Z<A@mr?{2w%uf
zc@udC`x4cZ+jFr!%C6v1%^8@%9X7aGtR%Ih46IvKu6Y<A05$aWWmr-}Y{D{y&XC%n
z@%3w(i&8xqyL-8l7m6SDH%dR6o?R&p7CPw(TBHRZUi8AU9BbX)6#g2<BK+EKX5W5s
zb_|+pf&H=Q)=~m}S^L`&0!tJ80jsc)wD5!yZbA;M&mA+^yLIFiMx>vW;t=RrUR(O;
zz-A53hl>XBtHBc<L-bMXdcVA1cC#5^+aV=XV*A+*zNlXx+11BCAZ^bg%#9?E#9xFx
zuA?Ehe`Fd~^_l~>IqdqJW-3c`)$n@p)A!th0bQ$SS|KK6O$H_7kIE`Z4g~XsbJl_W
zosU2>QOp&LSSiuu-J9MerYR3{u;){&dk<fMh;p2i3s>MNF8^)6)I#T{2+3ERT4zGu
zC2x!Xb%!>;E?GIvCL~K6*L)uH!@9ubFwqkPeM)IB0J4xfN<#Z(!$cMzneY=P=PxKG
z-(Ck|mY3HiAY1y`vl5F9JFh;88cC)MYb4NHalm3l9r8<z!c+ldh_JNRJcumcNs9ov
zd+9@wQT)9NMteA%a2dQIT84h3hHPTxAZ%=9%+-!Hg`TKF{tp6|;@c-EIy+%6V={?^
z-inP1r&B0LKe?DB^w_0(e3<>z^!2=HU~y|$RtzOGCNAcSN1W6&{#4wtUKPn0v~^kU
zl_KKK%K=PzL$cT}>FENhOR_d3PwVKS-cVVFS?EzK?Jy7HG9+_>;OT1{kE0vR+4ALZ
zluuLpXHlI6@(d~k&*~o5bgQh#IJ0)JB3H?O4&#A#2NIDC(s;=XiZsbSQBiFyLASn>
z_MhSFVc0!Q^dIPpGJvU*nt~Z43}6~oYhn(M&)+lnf9OD2ZMJ_!Y{BdHrr?BSY+eDR
z_s+p|XS#g}9P6AVQ;&+}4tRBHfQAh|fp*E}W*HZ5j1;7+w0aW^K*W4LQnq@V?5IO-
z`V6Ha*{NR-^i{s}W)iQ2ZI!d+&p74C{`{=J91O=u38$O$8g|x<U$f-Zjm32ygh@`=
zA7dSWrjE#403ML5u)$X)<KN>Q4xYGoJV<`<7`#uMn#yyR_vi;DV&eL7wCm1!a}v~#
znTyzXG;cz)F6#&23dXqf;zLx~xXGDx`>lGr={Wr&gr0a!XF;V&^|8J$D*DlFM;*Qb
z3@@>7+3-UdJ%ot}*El^;$jkRqqxZs$Ja}FW^>wa-csZdacbQW4$Eb5LHr*;?jLR*Q
zFLiG5X!?3l%E6_~yCNB%0@s(aam1pHwM3O@%qnLz*MEtLQtl5h8m(nC{zSvCUYtlv
zVfc_Q+Y#Sz%J|mnJ5fGM5wHv<#~$YGq^<2>7KFGX7YZwDS{<6*)-8I1D@qK#TE0Vx
zP*cafwlMp~z(f1oFEYdLJWMOwHooS2YtezfO0oD!hko|E6n`XAA@t=v2!ji5v4LpF
z+`GP<#b(1vu}{_wPE<Pb37w91xX@R5JGy(L!Iqt$0<&cz<UkjfM0xAOkIyPt?<CQE
z=|4v<D-$u!@%Kyjc3%Mawno0<?{k}yd<T1e)q9&EWb;K2$NA}|N{<53$@#G8_u!P$
zB}i*%$yd<Fx*zN>6!&b>TM^%D!Z(N?1d2$E<QppW^12SSs2WU2l9n3ZUhDNJ<!N;Y
z#E!`p(>YD3Dv%s&*Pupj=-jWcgT!HhnK@Z{GTTfl1x>FX8v3LeQsUGgpK~>(DL?aR
zOHJsgSnhGj5#2=h@c<vL;#m+0z8?1v29h8GIPKI1R39VO;ZM~KB7SpKiG>WtrVg~Q
z|Jmumc+I-b>_^fLV5nt2x4wefx*(kOFB4Q|OEJG3+6eo0YMfbTo(Nz6ZveBZ@c3~5
zCUX^(yF+uW&|-J|vbt-qh<P)mdy|S<GO6s5_YB>iYL;1SA+Qt+&rMpPBRCx6aiZ*P
zgiTJXmfug+N@$$O@9n^J8}thO`{N(;{L}9<R`0`l?ex<%@%ak~jsst}nVR{Ka`&L*
zA}Ho&oF@&Jo{VOlKJOy;C^)s?#=GW`JL3f#L@azbm43X(d)UjLWwBONq?a?N9j?UT
z-32MCOe4b2Zg(DW?J#(59vwcd+m69Bt?;!xb!dW$8gz8i8U3hZ%Dho?!EV{vE&a94
zfBfw|zL!sIsm^ts5P3wn4Pi$>;M~>dz?CGLd@lTTa0qNfIA9TCUYFr^P`91x34mZY
zEOopzZ#?EqjfquhdyGIi?_oasU@;aEuG}s-u=&B*>M7+^@D13E310UAOAvA_%C_L#
z%pps`oE~|BJvy@>zRe)7sM^@Qahrcc#UQ|;ifrO2dgQ_7C(}yc#e-~7?Y(6Lx$y6N
z`58S5Wy9>~_^gXQk^TJ%R7FJnPzB4pIYdVOGcQl0&R%Jr26?ffD5y(bM=YhebfuZc
z>qlZxCm`cFLXie7s^C{OosJZ9smwF*7d)%<S_uobf#Zm@0*&JdJr68a;&&KAUkkGm
z+_|pByK3YTd9mWnIAQZahU;!OV=C?D?jT6IauzsgK7g?R^K;*DT@icT$dzCR)lx~B
zb|IX4Gtt#;{g}o6t1j}qP0{QSZ;20QlqTXcn_g#y7S!yi(v)UII*Y=cMVpzZy33`Y
z?AVA*Q>(+tH$t`Y3p?N)rIozXg*|eAqIo=lZpgbJE#W$*H(Zkf+Jd%aRRIiZEgUJO
zkwKs8OOQqN(|Zjbiy>|xY@1iB^?i-eP}TYIx#rwEq>E7Gj^|_R^1I4)QX#@kozi=5
z{Kc4_llQqF(wTBfZo|oSA><(ixwqkfBPex5^eTv&{N?f<YmaR4kV=E;Q~r9d(q1BC
zcrWx(1H|5=_u^gmEG(qlQgxlMoC7hHhFL8gBksxAQd<Ou_w|S_TQoZ-Ve=bmDRXL-
zP!k<yW<xlSW>%W?bOfY!H7Pj1#on`a4>m4^)eq&Llej9z4s&N4h3TmZYb#nrursO8
z0YdB5lg(~?M?!#YC9(;f(DjT@z|n8OtBoH+^;Adjecz`w=s;b;#zVl}`@>yS%c>(=
zkKwIH9_=RyoihM7W5~Q^=P|_b3IsfWz$2pgdm!nc!uvC@1o--XO~$LdhEb0fs(<sC
zTeGhl0JWZ+zW0cWfY0l>yD0d|y?PZG_vG_)AD)KoQW2YjSi$!4J1)=8qX--7t?_+G
zVMSQ`p3WuuAc+%_6G5!;=Zw)+A{q~rXvqvQw=H$qt&!;G#>D&jeNkEK(*zT$np{Ro
zr8KG}s?GVygzEg|IJEXx*SONu028lwwRV_cd4naa(K5sjvWl_PZ^9(lT7o4g(*i!_
z=q@NxNp8`yIeLv*FS3sK!0Q$1R(?i>54%VGFyi*6LoW&+Xr%-Kt`b;KZ-TCIEeDkz
zA?y{*3{i+W+~2cqXeMPJRp{x7Bxdfo)nz1(_@uwocmU&mIPFSLDx@)xJzr`nvX~aQ
zb@EUsds9B9{U#H+_3L?ni|<tL4L6RN{eYCjI~jGwg1PPdw6ywP(!Qy6Aljo@EMVQx
z8q22}@6g#Yzehs?jP)5tyf6gRX=3sql_zvvO>&8I3?JD7<<fOUXHHse?e0W*-u`l!
zY6#G8VVe35rcgz(A_i8?ny^D>yo4TS+N{%w56E@FGe%=8<UjifJ<v4R;HSlkZ0!!t
zFDQnRZxSL5O&=|8yv^9B1(kER##>-;ux1~5eywE9y`jh`DUie;BlAsTCbvhPXhYBd
z4rj7btcpV2)pF(t2JX!vxz8MF1%qK_#aMXd`xM6L?_}PD&>@g&Xw@uCF0DLw^UQ~i
z(ppt2(WX>ED`?W5C8rj4%2`Wih#P{%UUAcxDB#~0(hmAi8@<8qF1#w}AX_!#24mbg
z=p_br&Rq=-{A-2@6-#TwS`NYVmaxBO)0psD$=xwUoQe)8re^z#N|k1vfS%=}I-+@h
zWAwwg9yXFPe6@^>l|}=9-0Q~k<0?mjxq@I>v!LvzM+;PsWzQs6lv005;xV%abQAsu
zt`sZ)#n(|7w%ZsKndqhK;EGId8#A$6iKfgXmGoLi?lak_YhN+0u&A({vlSkK@)_|X
z<DY47PPX|`YwFnQ#2yM%YE-Q$XJX78HIKZeAd!O-=|!j&)YO%^5~eA9Se6xRr-C1$
zNqE>Vyg6m-W@}u^KMmL^FZ7n;PYwkjCu@>Jozf-sJg%QIXfEd^Q}0<_E64d291Jzb
z7+OF79+2Wl)yN&ub%4H{)tf}gVA~+EA^2k8*lP{5^f|AbSNY|0>U8py=-it`ZYUJu
zh7z!zCnI}pV$ix4wvW8K@iTH2)D(dDro5Cc0#F`7y<zmwMt*EhC6%#+*QIFpeLKXm
zW_BB{y%}Nxc)WG@P&?cpu_<Y&Uw|2rA=3EdHfWk~wQFu`8V~dtMMUnwWJ|gf7O_h&
zVs(=_d0~!FbSS3j#d~c`fvlK?C)ek>a6)_OFQOE0!8*eX@I<$!??9QyAR(~2J|%Z{
z%%d3yxzrcxn6WNQcB85<)V?$l$vf77H=H*Gp-BM&4flqmHb;+M7D>pO?96I~!+#b+
zUuI|sPtER_Ttl+i;K^{+$D53(pIS$d!nk5Qn>vWjI6d_p{FtD5ijbe7+^q`n`X1q}
zB?L1$@zTkRlIm|fhRA^UFFkVeo%!JT_<+O)ByKUCt;|b7u8xRR??b_o{z5@Lfkb%y
z&%TTozS<=A8v)|dUyWhGIUx|*ChBM9QJRl}#aAXX0%(0i0|pD8B39GU<mpEYj)@A2
zsznqLgvqLt{&5O>!4`_Cr9~eXMfNWbTK#^Voq3^BnzOfr)?ay4K@wqaS)d1!GsKEK
zz)=g|DcXPp{YoFK72*_w&^ibnFnF;3t$+YE6>Eu5UYX}$gi@XbYd+85X8E+PA$_ih
zrK0nc*;SkBk34O5G%*By>~Pj@4T9+G#$LQ~1dSpU$yh?yXDLAJXnD6K^SA~?N_wCK
z{Uneey38Y5W{;j+5SLo?0c*3ve2|^WbhhGPbjRrfGD6ZNA0dYb@}eVvq}D+`y-c7M
zrS=Wy3F8Mg6<lXR#k#-Gjc@lz^gkY}$GD?K{G=x92C=vR{&zuhAR6|a$W8aB>5|d(
zhdCB_6z__R^yBKo-UH10qlCcLzb8s!xHUx$@7vgTayu>w7STb&!ws&~y8XykC#kLI
z^fIaKJSzOXtyK=0rx0;atTLkcP?Y^7sAhIIkAJ$sck#Cu<|EZocgR57I~nuGp>u-p
zDKD#=PQleV0Wf1$dG!Dq2(4(RQwc-sy9FyX*xptHtg|(&nXX4FHJopeZWq!ryRi*e
zRye-+C3=NJ=;=MMMAfr4aHXpG&7f`a*7D+wBkUmDrsfs5*jOYvHQ2hH++=HQb{s&6
zue^12VJB?3|8{n+vE-$B>n3`*P5A{J1!QjNQF2sFP)WO1R86UU)O`zkCa;#mkPvvt
z$$6Rf+!)=ln9HKvt}z*BgwcY|pF1_r^yr&G`k(+pIU&`?`m?bYgtV`e25QscHp#K*
zwfQiLP<r1e1~fMguekSB3bGp?W$o^FqTE9@MIE%K#G-*KVVP}VIEaH{{xNuWKk}lI
zXjYuVM?6g>#^fv@)a6_qO~&MD%PsvZuaQWF8Eb}zw76FYs>oBKT=ABaJ<t?w`NV%l
zeB8LvF7{_JkToCYc)WDlU`?Tu8gL*3(#t-mW$UZ25I7b(3b~kAG}#_Y6>LEWyuTe8
zRc;XdO2|R26ABUQSDm1Nb6h{FRvV~sR7S^FBDbQF9~mPHMo@PZ<E8-nbJQa|1`IDE
zt<yEn?m<ft6D}6sdd!KkE0{BE?!{+*KwJFA&f=NLx^MSG(4Y+SdKW_LPJFMQTD%<t
zC8CwyG7d5q`gZ!<C(25Z`!f<`EfFj5LZ)d|k7D7($y5OWPvXlflI!E7j~gCC3|@z~
zMdRtCHja;z5)`a_#gV$)-)SYeg`EetI-@TK-AylAGy>;6-OQfzmgIl&`?VKj3ma&8
z+M3(AerpSA>~uOKck37&N{j$#MX>9lM@U2*|FYx@bP&3PHxHnG*6!8G5HrO|K-GRB
zkFUPXYIp>ucZUWe(g2osSpqX^g#!|I6~1}yuTdkUzn-#>32Vj3=?ps4SL>Jq<?M*m
zKvh=(I-}or06uRyC+@+KvHc<!ZcSv+eQk!d3XT+!Q&IECRLA~AwE|5D{5DZB%X43P
zx9?F4lsSG27bdS8dILA2N7%4-%x&m^h)Dr%;P{%lRm_?P<=aP9Q0pNG9y^$B>3*xk
zUJ1Xh#LpDm&*PEy_1M2Etdp6-ou3yL>92=D&UIU?4XrQUaCX!m!l!K^k8r#oe4~xF
zVE{k?Y@fRL(OvJ8Xt^5l0)h&h;aRkAZ?(Q4J8y&@OlQV+1dtheQanR_#bnXGonn`n
zr%RlbRGzPse95>0XYV&qstRVjyJqsMu1QGVoY|App_a~1bKEh0uu2wV+<|8ykq^<m
znxM%6AMWX`#;li_8%ijp)k8(F+)g=<wcFID!-|~rfx1+i&R)yj{MEJy@J3?<WYvQj
zZ==f|O=h@pCZ(SUyeSUh=OvrN^iw5PT&85C3DcTd6r`i2qmaVv_Z1u^Kl6NHO&>0T
zbMA(vGI)KS!#g2O2aEy61dJ382B>oo7IdiejW5AQe@5M+eELOQ?nx7ycB8(V74&)f
zo`vbCy8<HiCQETuc0fJW0DS1!Fa{joVdWwahs?X>PS>yIcxkClP)Br5!Dha+Ux<1D
z{r2ypak?Guq74;e1saB?(Q-o)1)I<@HtLD{que~3b3x2I2OIRn@I<me2u5}&g+X0E
zg*M=Of-m;~s#l$Ne)NO5jfbE=yESAdo|V`whYhoOe-Lb-68u3~iB3+U=7RdjTic6C
zyc8B54j5AY@C9to!Tp1ygvB)b!C&~D>5ffTd8gZG220usHoKd!dDnxCE16mnJ}rH+
zLPYE<g%k}r=?AM=A1VA-b;sggVFQ27aBG@=HWS}#Djn*{O9HAX+v!upP-C1$Q2d7S
zyZZagO%q2ldIfLdw|GkmBnaq+XVfv%SHTUEH1?A4qEq=fz|aFdVZRKjPK0(W3(P6)
z3Do$}(IRkln%U_yBUCnPIm-B0b%lKHroJO#10E0K&JhZp0WQL4LincOb@#GgVS{~*
zJY)?O>3_`S%inYPkBE3JdaL&QU*SSP>M__X&%6Gdo>m?%<BU#jAIAj8sYMrg#6);g
zZ|RnL<;BOhuf>G|Bb2Ex-gk%{I?x`=@|!UkWPd)4Rf#Sv$JjO+Lu=H=+GPe}q+~Sk
z^6MDdcf^tk1;?lt@7GxeknG&l?NV2c3D}vj`@TW$v|LEdnle~w6_Dp8-w63o5U6rl
z6g3v7Jp9C-0ON;HoOs}z`sn<CfVBs_myTLCVft)IrZxk2jPvzerd<sqvKJ92*>hfR
zy-E_c08DDvSzsElGbL)Sxy*aOpB6Z=pF5Y5)(%MP(&ET2s1N6^XxYr@+galF3ls|4
z`l^yRs^NqWFu#2J7FvYuwlm$LZ3shTu#gC|{y7rybuy$3TEPII?k9+dCTZe{F`p~5
zIKW9bCH!dec(`#!m1IZY^X^kvn~aAPO^!xP3YjGM@KVo9$y4M+9LH`FspJ>E$=0xp
zzMgLs8MJ0EH(Ky>zFh<4kBs$P$#U$giuul(TXRQZ6UbiZee))`h_B=3eAMDGZ3mu?
zPPoaey>TbHto``Nef?@a8rww-%i^8YlQ_#ol@F@l3qs!AE{TVJY_mFFzBO_GG9?&h
z^UGH#;DAv(YvTUol|=<%<byH$vG5EV5^x-SeMRN(BJmU!-0n|?3KvK}zDCd?mtGop
z$~@PdapuLFrY!p!&z?BPW=)+9Y!T>F3yP5iSQo0=s9<KBQfDF)19X3gRpX6${JnbK
zhX*eHHb@2hp9=IpYxFaipG~<(xm2W#NBmFm*JTwOuHL$mBdmD+{X713wZm^=cns+Y
zU*><~Bz*V&a1GpH|2Q%KZ(Vs^K-#BW&HVg{ZI2KS*Opg3T(bRo=9Jo{fpe^{4}h;q
zXv@qDJa{?XnJkz;>-u$>ptQnOD+JTnWkNM3-{SIUR>t{yqmPw6$f!@Qu7?m$lZ7Zb
zZhaT{w0<#AgJ%yie>%7?-{nQY=&_9}aQ-emD<i^3WNh64+3Gz~-^qvPw8S$*>oFw8
zXNUJZZn@;)E7!3H-dFYm(QD(?p#sri0c&s{woh5d;<O#%<?y@x#*c0-w(d`Z??9fG
zS>PhAlhONy>7$L@_eygekG{R@`2yrUZ(Fs(F7&VR$K*8a;&vKkto8z<@0SNT_3fpX
z?`Xndju9JA{yCtGa1mXe(w<F}jt}SO(4@eZit+Lpc>zJ)?hQlew;gf%Ztw{#`Ge`u
zHj8}g6#<JO(F+g0r*eE1sce<0LBuBZ&K*j{jK$y6z9SEY$Q}&2Og+7ZJCN8c4Rf<0
zwl#$>jtx6rKp)o>nyMT+V>C!i!K|;AU5)afUuzT+S0-<TP__X2#{B=r7yY5)i-f}A
z43;7iW?4Q3KV%smEwJ-t73IEdZ*M!w4&-qP2vh1ewId`C;4TlNZBD+QO=+uf71wht
zbE?X=q`ry07~f3i(QiNf)%N__u+EGYE^S7d>94G)iu3|>;pTgLy8r{2s;b*bR9N^o
zV7;KMW!}7Z&B$p6+4}BA1@N|93lP|tyED9$SgIo0ME(jj)y%6D*AzaYg+JX+xa?ut
zxE5R8$iloeAr#Wf=8li*lw&i>rK==k|EN>=qd-A-Lo?T0x@fTwXPfcWle`;LVFzp|
z<THofTNk~&<BJ^{3R(*}HB?ludb?k?oK~4IoMVVrd@%j=##m<CQ^|=qzFRMvm3I73
z8h(#8v&%Lj(5c?_$2nNmtxrWaiNN(S?T6c;WijzZ7toWUm1bI(huwgps<%~6bFcWJ
z^Y{YB3Y4XpNEHOLaJ=9tZgs&7wSyVM`{tJtTST9_`z^o*i=J6057b$X>ao0hR5UN4
z$-I~qrvTLa)S2f~GbevaEh`ycGTSi)o?iA$CHCj(_J39iphv(P5^06C|CT;N*UfT~
zj15y1JmAs?$#1o5V^zRG<ZhgP=@_8>z}WFyxjH&#b4k}}#KVAI7Q$;)ukYD~=^)R7
zVw445yk|gXwR`z5k>Un&ue{qGv1Klz3E0fmfEKXhiw;+dJ6=TBNA-19dV39Ml_V9N
z!ex$LyK(2vAI0d)k`NQne!cP;lxwO}>Kq$y4rC|!!2KcYqxn%`f9lpheL*DBK8nTV
zRm`(_7=o`t{e|Q;yQ<;U6L)CP3Ga<U1_pvxjA(I;82Ktb%xblqDQIUn81*SRS#nBl
z!Aos?FGJr~A{!A@h`rw@rF<8P{MPF+6z>}q4^y`7HBnwx@hJ+fo2RPyUP#K;ZLE~o
zuf$eykM}GjFb6IdlR?Dvg7BxEo9wTdL^T0~Fu0h3YHiyQBe~uk31LXv!`j(n_&%=!
zCKY~-zO&5ho8*pdd$fX=)o`24_uK<*H)!HY%T_FlU+IM-*HzBfc(|raCLwWv+8alS
z@2Zx$!v9rj8&k+#QcwMZo=IMEp-nbo3WVO$`?DPCGg6`F8w8bN8%(B@&XZ5L40j|d
zVR76#(x1<M<QoRtIb3bKf@~ITzSFw%A{Tv-GKrpzdIgNnyrxhJjVkk;za__cC-XyD
zW=k3*wek}0CUz(BZ{s}+vTN`pvKs9gn;RbqR{rOB>xII(LFMauJYQ?x=+mliv8=A1
zQ*g>5=RkMlyV5QBMv7(K3E}B(qK-KvBFrO9Xi<5a>mxUAr8@fa+S)3|iPtqhzd^$a
z&_oy0CL?2o*2?|L9TJd7d6Lt22lkNg-f|Nl4%T#S1<b+2o6!l(=XXr{OFuGt0sa|2
zZhMF5zwUQX8M21GYlp199{i}ra@#<Sv-$P9MS&c%_p=5z4vO38)!+%5sm=_6&Z#S@
zA-3O_c2S}1#R1XZ`u{@pI(<{!16Ev-p+5W&uH~0C6juIhxQCgwzNTS_l56hdDq$l}
z%#>ld1|dzS6ECu2(So^nLRk0CkS68D(T4nqveY!VytWf5Q?Em%-d#7fEnegZ%2h+w
z4A1x$MSS%~pWf~9jkkPWdUECc#2FK_s?eJuxBSv3jlVPuKJ*V-W!O$k(`CZn1>S9x
z(`kFP-(r)uKb*k}KAaxr4LoLUG{@4dGrRleCh=}+dlP&9Ir?eRKF^JrUxvZ+m?=y1
zlv*2p_#B~9Nr==ofoR!DV>am>B1i)X{RD_i@lP>lNZ^4gWq>v+JvuJ%J85<-1M+tP
zK5P_?JQNzL%C>E=wj%A}dr4ONI;^SLjl-*Y9JBp7<vwo*BCaX?Z}8M-#XwtPkwiO@
zS{J{0mj~5Jy+8fP(%KP_?htkLKZ#SHe<V($=kWkKki<o_`FLvJMrqxe1!>vCxJ-w~
z{z>xwacAquAkeZ{A~>i!emLY!?u|p9heI}@W6r!V(-b@{slk)GrN!(m6$CiA8Q#C;
z^8WkomSF-vCurVa01<$mwoD~%u;2N(tO?y3Bi5o{XOfP%+dw5k&%Fw88n=l=-lUVX
zw5;ERQG(cD(|9?xL}Y9Cgr1h-7vPc3VBP(B<<X2P7CGd}rtzos-4F--jYBl&nRAq>
zqRjBlZszC9R`?6kB;l@Z?u?W8{R&K#GpOE|yJaeBIR`7~JUJ4HDo+ZWrsLl>zR=M<
zO6Pj}8O7VSIF_v(s(x4)SgB@CEv*YNry-A^rqWefJ1)-5-61Z{<pN$WnO{SvnbycW
z>Rg%xSLQ&@y&!uhp=9#EpDf1T!Z-0!DG^~um-y#GLgd}7LANYm$)E2}N^IClha%}_
z3VT!5AM@ps{L%7(;1Pru$}x7Vr98h-Q1L}q8GgW(QENg)L<ZFByUFBu{OE${ITp)V
z<sm?X-CWvYfHr$F8vzRegBW`*N?i(>MAF>#t`xnQTsoDwO&AUP`^t|>Iz^wf?Z|xF
zf(PVzHr7mjKH-oRwH7Qe!eHfG0Ley15oEiW?eNz4PTnpLS(2KS!pf!>S~@%rT0XEF
z<a}}B2aofrzdF`U8Lleya@%<u8dZM3L|ia0oO_q42|4NNUv*nfU7Z7Y#~hm5xbqAB
z<K_i_-@F_D_O^hGSau1nn?j^y7n|Wn)!I7~4bD+@dnw102^0o{#*%Y4g_OM?QuW-^
z%f#4TU_m|bS@0Vkvbtkt{&pkc31|=A5>MbXv2#kGD{Dv1{bEn&@ASymBZH!u>STt~
zAt*I|ufc-TlYb|0%Kk{;@cWXb`A4Stb!!ZZ!+JBjPSECU(e31;&tA?MW^Y;YiEU*=
zdcArGqLtxUoL8p%ukCNCXtJ7}ZxRJ_w9GMsrO>aFM_U7W*o9t5EgAk!G*PfH3zAY_
z_6x<9W;OHO@FcS_<3DrT+3zL&!P8bJ+_JUJq0&ZHp#^ZmA8NFGxz})vpaVNpfHChJ
zZfsdSn1FAVoFB&(znucg?}-lp&!0+1)!Z^dDtVy#lirbY=~sV1o&IgZwfK!!LnU6q
zaTy-zRe{y7?!PbP6Ks_GR*Dpf#y%3dmA4&0Q)P-;_7fiGhW!!eDqvgcM5Xr9Ggn}H
zSqPUgP3;2JJ|QL;EkApRx)b(qz>yMx7p2%LIsl^qyQ`kK?;@<xXiGCyp){}O4%Q?s
zik;aFP=3pwG<n~j7N>Z=-D=tM!tyw5!wR2=+R!NxDPSE{08e<5A1g9Bk%ZnGa+*g;
zh~EB=^SR)0{(NdrM23nXyf7LbhYMT1*`|$-0L9W<X~PDW3>!44i};#?nwjcM@gRkC
zh2728?v#Xgd~-(t2dRkIqafvO@~uK~=Ibv8#p?1G$~Z(1iRJhLCO5efHJ3N%98<zf
z)B=<UYPi!Ls4~>Q7hJ+-SkdeDd*UwX;?mX0$y-$z4jf&mHLF~C`j>J2&%yi%_>(kv
zYT~_W&Wq%_JgU$Cgla<GPHl-u$DJq@<;1`ff+nKpShrv{kkKYJ9W#HN_WUy2j2r*%
zRR?oJ1ZT>;45SVewR+FBB1#D=q}-YmO$JmTVFZCbfLGh*oQA)VmDHMC`3A4+9@Lc?
zSd0n7qhJ})+C%N~dlb<DL2oHT%X&cWFwd3r)d30k(ue*_zY|RJLkmxTRJ+%1sGv*E
zw6OUZpky*Oay-@mfaD(kFUZ%Qw{Si~^~3K%ec36haPwcWB%zvbU(XAX<^*&~<!Z5g
z$0O+laC!dS$xFt#WX}I<%>LmJA(E21xkvQ$OB*S&MBvJ|{pGvk0V6{-9YgtyFwC+K
zVGrj}D?>A-(SID4|M+yDr*Mkk0>T9U|AYwssP%^*B{I`HwiEvDHTm~E=J$d7!7+UL
zwEwvU{`pr1>F=QN>wS!F_kVxz6YBLRzpII#5SbhOchKmA?eY~~O}x<6aeaB|mnPug
zM||3Uh%Au07R@PuNqwG2x&F=F%X~b8bUz7uJMcjS#~ai6F8t&8yMNlR;RVg_W=?FK
zo&5_Uh{fSv@9gj1qHvBxAnS5N7o1zN(dEzYq!u(D^pflu`0_sFk&%(n_8Nq;aJ44f
z<PGcSc}FhYcd^wcc9bw`1S;aN1r4aGK6gK_jbF2P+g9Tyn*2k}7JR4?93IY{a?&i@
z4|*r0uit4P1hP8pe{<T7Qsq8wkf_mS60-T`x}H*{&<q{UQ3D+bTy5-Wl<M`ZrKrM9
z&_<w%dApnubSTvPX_|n$Ce0w+NBh#t^+}qb!;3ka1?0oM%#?oF@Jf{i7Ls=!&v>nt
z$|C*VH9PbWiyQd1gGivxM_<GEZzMZBz#j*)5=TWFySqP*uX@^^t_aA;D)IzP4<<$1
zh-s#+=(g`FJLtptn;$>IgsDh{&MKel2f<rI_S|GqIIN03z4!O-Lfp07*>24Th=_?H
zwm}b>tKfv?g&L>S;LDp)lpX_j^kt{lykAxk1Jn}<-ilivC+fX+ez+y&cf4jOySL_{
zp{Hj){zq~84{GTjVsFMWsF6G#yI>S}&*zpmHdG4UGg`ncr+Q7cC<cUrFJIx{q*r|W
z%MmXk$}inuHBl_?PJ!S$wavI2#aM{u`s^iVKCmf{8V`u+B`3UNp&UP)z=nR+0ew}V
zl!@S7u4|(_w@1agb#?7n3->Wt^s=7pm!xzGo|_hF74ovccC_F;JE}B(rzMRt>&uIw
z6g)S_6ROQnd{+dia5CmGhrK~`xF6};O0xq>*9TW<Z(pCzIh-CCfN`=U#+zvcHvn}9
zqJ=e8EpN2=Rl_^=z(=r?{GH2_RbgQfe!V6~LIY3ZBrLt+3Aj%v<tQa7&ICXFYUc_E
zJc}pa2ddl~3(_d{Cg`fSoDC33b3DJj#h=F|k3zgCS%dk!$L)ZlBAJI&pBdMbWWx(}
zaVcLb_ua`;r@1J?*QKHQBbD;crWPulY*xQINX5i^W+bl!{=P3q;Ub`^9|knJfSi}V
z?hDzzaXh_vRd=>T`X%t27~Ffy5Fu7m%0MUhV(IH4;z{d`Pkd*E6qg)dwnlYtrb2xC
zMeZ~{7?dPDX4M-FG~<1IGXr<PXbQKVO9y5ekjC*(8MMAN5|-1^N_H(JgTBX{!Z?@}
zO~`bCJ6JBp!eL|Iqc3kjtvQ}<kEV8HWMm?A;0BpW7>YVA`AyXSbnlCO3G6;@zWVqJ
zKupQ7|LwT~+`y0XIRf7F^5_cQK}Bql)3nTgbpHC$a<##~7q(~U$y#QQia%nbRG79s
zo~V^((0QTaQ2KLGu;PdL=dj!Kj{{YFlrQW1Xa?qr^@r2y41TrjUiG09=jmdIEv*$;
zFNK6OD)4JcVUVMG!A;s3d{S++hwYyIN_LP>m8+ZgaNoXJh7SEt|A5U_=Tp(6NOrMK
z(Mpm23Zajuet}qcg!%EK*|yYM{R5E7S(p^)?R&eizd0?U&=Jrg>{vb%(s`UmH*;cR
z-vu%n%oDs7^?d}dZx^dmRhSIEdb5$<*bAOH$n27wk>MA^zN7khaVMXxbyuO1XG?kE
zD@Er`y+(qOFBj)S+IlClmLWvJ?)7>qXdZ69q(tGt6*nM!M!M91U^pYSBE>rN7#J47
z`|VJKd}V8mEQoFcowBx&{=1pkpEQA-&>9!%rR;5v(9D?CRbv6}dJ@3bm)~8fCeQf{
z{4?}hL$9I=6vamuOa~%$K!0HrU67TmJfO2I{NZ#dQVi@V&B_`42uxZf$k-MIp8Myj
z13{p1vGU2{>B2y){2*ANI^9!Gg+iJ_k>Aur!g{U0Py(U!lnU$s+NmQLZ@G?G<rn?z
zH#(%>za7G90&n(GZ8iobjXypkr`|c**tU4MCFe&r^x`Fj>NSp)d8!XlIxJV3dA#t3
zTwy+59@)rM?M4SwOu9tHF{=};sPY%M8}}s|_Q)QSw?l2_>Nvv5IP{R~we4zvzp;+h
zpPmnVTk2%A@cf<>S46B#*P%c8QWMR)r0Qj+hwD{$5YAc<6Mx64w4~@nL@NG?<1IAr
z5`u<{+fBh?&|s0h-f7iqztCn{$|fu)dEJ*;U!XN;>`AiF$=>#M!+WkPWu7|$-gO-V
zp(!9RxNZb|wMVc;2}qH_dH!7c6D=Z-S1`FyC7;bQf~VWpATfT`ER|X*bV^1JY-ksh
zhSdpJC!(s*8P9EJA*VRUK&w*ZRqW1ZvE0J*cs^}UyOf>lE$SV8wmwOXMT$c`c90B)
zBe}kT72&*s;Ly-Ncm<b#=M^|c4Z_PtAK)eUgDtXWkWWpNY2W{or_JDh#=_k<SD(9R
zfB%N6C6wG6bw|XU*HkX?6-;2_afxs!wIC$88<W-)Pj8Y+a^hzNoLAtxyF4gcg)zVT
z9Q3f2(!_Fp+Qcz&mTv&>u)sWb>1sOoGIo_5Q!)%6dv^c-hbvJ12d<zv_h6zs>I3nh
zjeg+2Sp__bDtc`$vU=)CHFF@(w5qJzwH{e?&TN)%AI4HRNKx@+I#r~FYW`vYuuY@@
z^rQa8EeJnKtn6Z)X^Lj_%tze`WMt?aKK~6Zs1uu=l(46-AXJo<4V<^5@=v2698?Bg
z-)GKsPWNA9GFZR@Ed|gBn4URwrlADded<LPuDK7BJAC9{>d>=L)6J7HvY4sz5<E2>
zPQcbAgu`VHHp`w`{C}_oRK<T_3&K(WfTqx;>7)gu?!+Inmh*7fFoIj|IZaq0;`Mo<
z3!$*Fbo+A+I}iQtn~TPt?(9!G?TqZvwRd}zX-{$<DDgAt>y#444gmb1gmt*}PsRt}
zwxuka>y&5S4M)rO3aOM?sHP5j)PR5Zba=8r8Bg$z(d==h64-idJsn}I?4tEd8d)L;
zvG@Y~Gz)Zqa*?Ue_~Nx+a*mn|k{B>kbf;b3hU3WUPS<sy9}3M-gh`ZSo-8Y-Y;-eq
z>EKz<AHX|{+LrZ-KjpSN3$j*UGR4G6!DR}>sYL~EJ_Id^A612z{ITxM!#JUG?SJ3j
zmB|tDiHwg9oux<hOlKHQr1n1KMZ9O=;E=T-*-x44Ta>>xk|CFZ7LfwKjdcY73ykpD
z;Qs?g$dxs;m*Y&4{o>PX=!pRDQslpQwJWZTyAZO=`oUz*@B0gNO6|57rLQ!Ke2}AP
ze6P5E886G#t}aT3V|Hvm$y&Myqo;zks+AmL@xufuSp{iz`$7-b{xo|1^Oedruc7x?
z7V`!5bsZ-6a!Phexzt(z#3N`F{l+6WdEt%n4+1d-j$BXTMK`y2a7P8<ML)uG5al_<
zGsU!Lc6N4RT-#f4vZm^h3=Zwi`Ibvh-)IYHLESr_R7cu<dA`9^p5N<|2GwsT&{Y6<
zSn|H&*|hlxuF?B3JKQ3Z8S;nNG}+NdH~hzzd(3DLY^5izn-Iz)Z%KK+{|!b+37ZR>
z?=iHlutLlHjR`F$n%($0s4ha+%#AH|$A&V53a?vavNTG~(u|v9pN8aoe@TAyus8=&
zcR3&p!TiMsXTJCCEwS^)VtAftgq>HNFBfs}Cd<v2Y5!{bmPjXJp~fsINHpNrk6i!L
z{HcI)nO-%O+t@flVx?Z-QzVR#GN);UlDpHlPx>Rt2`oJilC%3{_4|Ig-~FW3ekmZI
zXKi>5;dFVLiDYsj29vJFFlq5z&nosBOUUN)I&Ozq-*l3Bn;(sV|8qoNzo5!ue9Z@3
zL6+KBs#*W8`{p?yZ;)F#8wcdORwZe<GnGy4iOZ<ep$Tmv^pbZt%`t0$qZn%WG+u><
zwyAuOFz>yo^e%6>ej|_g%PRa=hXcVxOLL%udDkG9d7$erI5EU`q#?xQf+`x#>-yXQ
z!9A7bUpNM0iNA0RNh7a&1N)R+ACbrXQuHswOI@mkBE`a~UK4j^ewc2N>Ww{FyxNlh
z{x^;R2-)4|lTK1piobquLr7TO86K5;vfSpxJX55J9!kLeg8l9&3{m+%9EJ%vhk;1^
z4-Ug{LjmxT;SUUhs`h-zENpLLJB5L$oHa*ff-2M%D{N`&^>J*_5$I+UURWKd47NAz
z4d_#?+g0hCr@Y>;zz^rTgx1|bt9YQ#EMhYKgD|%8Rs`x+EHL0Of2G8fXFumi1$6_a
zWBdygi9)J0M^nP61zzS3#*UC>bgRZozDN%%<2RDPz>sC2yZ>^)xj_*&M$Bg+g4ARS
zrc#=4LGGZneHSxf5%%ugisTz@ya5?V<b<5O*>q}ymG7=%s#wpx(_~&pOp-*_&BTxz
zX?dGe_f20^`yJf)Kfh&@=k@n485w%dtWf*lNG9LneWB~IU#;hKZdw`va#}q8BP6<C
z_n+l)stJEDcb%RiPh>N!M!x-lDL}<p4mCb8#J8&k`6^$J_bFm|?O}Y$pFt$biY1(K
zaXwlh6ujB@UG~kB*<wu+bcvn>0X5_=&Qp^>=hVCi^AWEO1iET=3sas}2Xp!XOq(3`
zDg+GGVq`_`enz?Hf*EVep?8uIAZeJ**}L^zhD>4M03`+lF?8f9_p^3?pDYRrWCjNO
zAAb9m;_p+kau5-j7Vw~<6jV9fqAFMiif(6E6pk{Udv|&n#%K1rY|h!HbeSusC)1td
zr>kSaS0h(Tr5;N(3_(K6U#$x7osLxR*wSY`?47ge-a_MSVgd!zR&I?@5%b`1U^&J<
zuUe^y*_HixW*A31K9;il(lwhT?b1a5=^HZ2z=a!tfs9cF4UKOlN_!>7dXj9DI<&yU
z<vsDIy7l0V<_f9mR<8&<$gjJ-`*SC#04pZy=6f<8GB_OSW`lrYHRi`O+I1MS@j^B=
zn>sLjoy_P6tIEZ0qLwLilJjR$-#j$UwUfEf`26`rZ-4B5ewY7DjLbafxm>vp&-<9D
zRq~@~T(Y+Iv&LYoXbUmV?FEh~P)Emp2e;c&|D^^N15{_-(`^aXp#>|~t<T~Er+jPt
zLLbV}rW;gcEXtZ~fPr5=M($nVT?=g-BJX7XuJE{t?*O4R2l2fp*FxGBM@B}Vq<9wK
zgVkh;LZcd9P167N_y--+;X9$55ehO6B{-5lWi&ph6Pg0Yf*P2ijCns|GZ-Yff2Qpq
zqr)Jz6UZDS#P8cp$}lUuHzLN&e>2?UEyybXId6BKVK5$iMGJgexd$ZpqCrn@qy!Qe
z>}QJPHJn#+bzF%pR4UdF@3tr&z-XoDciCQ3YPj5gv-{-Jd#ra|C5Ta%K)Y_k{+s$6
z`u0jFyK33%u9x0(#{yr1gzoA)`D9hiJRTVVvIQ6z3p<(7(j(Oh=p@WW0WNfnPnA+A
zJ`B%>9Pc%+^|}auChbrnV7nKm6*V+!5XpkrXmzMV&A=bOyh{`As?NaYhjGfu8Dv7w
zFPxx+N5DoHrZQl$-I+c9)1Hdb&WD^&;UG)bUxrDmmXl_4_pPz49#|ejk!Sa{i@Yqj
z-|0zSefm5imhlZ?kT4-OgA|0z16+6$^6BMpWROb=qDi{{6_=phd%|HU;Nal!dr>xn
zrUCXnu{d!K1(eAgPihl$=}@KZ_uD`oeLA7Wr=c#24L{z5&Vr4dJ&CS3j=W1BFCGwG
z^URfZe~F*mnFmELeU>Kuj`^==hJ`4$o<O^v{kn(x!aY}tLAeoWL0f)L>8_c%!{y@D
z&J8}2*kTy#++4s1){s1^XBSW95O57fVpBO?sZzHg*$IDuF<5mj3)K>&+63aHjW@xf
z@D?7X<D#@6N|J&CI5kv-ry312uSE&`T<yhFcNgXeNA^b}8vdC1G^p_+Xa4K13rwlO
z>ah!Wv&p!-FL~N+j*Pqsem623i+C6b9VwTL`Vk$w8zh4$-ld3$ikRcgDl5d*{nlmv
z=r}4#qwZmZnIgk?Z2b?dv5$>4u7KT$ZjMDx-rCtvj{DJ&kt8sVkr()TqG8Sw&*!2W
zSB|BII8sI<uW}7oPqaG4W?ZK>;kjd**A`t#?=+bdy1RP23-HGrqm=C65l(0|9=Wj)
z;;$gu5%YJMx7J?@8`pO*-jNfVk{gyf?2b{790Vp_qNnms3uh3&MEaznf=MQ96@KbM
zuKwQ5=}ZdK@mOS|Sr7GSWU&^wGo-<U+4lZmvOJ8_95ekuXBA@}kVdMx)x6eJXuW>$
zdKgEsn|xaX@$$mM*u^L4+I!PZuz&Ta&>JBB%NVoT5P@azn##Qo;Bn31UiZ~?)Ueh|
zXfHm<ObMpMxN95pO<>JBrFEol{;f)z>Z%}bdq2b)G(qX%9jY4n!cH%27VMBvIK2Sz
z+V>b~&;&oo<r*&BqsAJGiTwE!{!uRZL!4vmyYSQeExrq^kq53ZNRK!m!Qa>7>cg2Q
zp2Zcyw1M@iB|gu$_{<OF1v$Y0$DcB8zzGV?;KNpFu5l^Ji-CsWm)P>IjuvZkkRNrH
z^JMpKOWfV!*gx6yB;|I4)V&5rR?}ZzmD4LglkRU%N5{(DO19vQDKzQMdZZ%?RNL}G
zP60{JA_*UaPd07oFISsThF(^^N|@e2TJ32|Q_2>@w!+xw3~AVk@(SC%2m0pnA}1jF
zE#ym+)Ix*k?PpI7+FgGg8Q}KstRoOpue6ZlHEwR@d2Ace`8Hr)HD<qt^=8C4pFdir
zwI*|#UD|#z*W``t(Vm>xptd;Y8drI1Q1cR|l2I^jJKEfM=*<uHOXeQY;aGa%rLvyW
z9F+rp8>t=mcEhIMyqi9A>OoTa(*ASAdoGT0Dzwy|94ncs3gxsrptzpd9@ExOOlD!h
zj74x^kEgW}%9B_}>vA9d;RN<Q*Da()VzB<{*8OS_?f39Yg48K-jy_NPP>x-KtrT(Z
zEy?w02}?p_qBBpI^Pr!$%k@9}ADqkTgux#Szm{p~-+=qjQyr_^1gg^#d;O^!#GX^l
z*p<1Hs8RsBjKL#|fN5u|+wf>LWCJmx`MS<R4S6RIID>qs@d-;XoG~V`6ZGT*@<*p9
zZMMS+LaA;Xs!`>nhqVX1&-T{q$i4Cmy&xK%jSoqkw%Iz>SsZV*o;r-|uni9<96W^m
z0&i{K!w07IQPo?Y;F#E(`9fdfKYM@^N*<$Tc1gYB6|0VOnO1UC`+LL9X!VgT&J;7_
zNG+FB+m>#nK&4DOR}CKC9=4U&cVB<?_we9GZdsw8SqkTBx7MLJ31(o1B3(7Qm=u`S
z7R($?dOe#~VAXtdA}O_|I53JKRDI*8l*YgDmB~aSp|VP3=q^6<t~zdv91=(WE{(Hl
znuEX9kIEu$`?iw<vlb!(HYTh^e2&V1^l>R}?!#O}ldyVBR5fd{9r+$z+DTXTvTTO(
zOL^Q}lZ~xr7gt(_<-&!f-iH;QKAz>E+N#=jEs=?0tDD=8DBJgrF`dro+pSpeb@Pv3
zjqMRmlQrI!F8Rrcwm3`fZ0IO4Os83`TwOnC)Znhx)ud85s#!Y1W;{W*JkaOgm;JF{
zVj*^*xFo4PL{dqs<M>ir#Y753w7b6>aHy@E4E5HUM%og7mCw(U{%lI~-;4DhANqX=
zc_7%1>BtsX@qgbD{;gbIHFZ$r?b(6pes9WuebGNZQH(+Z3#*r3!?BiI?cWdWKd%`<
z4*p~%B^8PG=a&AT{{)DXP*8;0mF$}V^Zx5iMUa!Qu_|ZGOim}Z2p6^-5n;W0&1TEp
zj)Yt)9#$;9{k_Y5iXq4yL&})~)TTp3hfI<4qU~4*%}Vw9E^;%|NqeJgYaa*}J0U0m
z0eRUkJvyWf+qSDU-K%sGgw>_wQYnRc^*Y4ts_nXlcxQLF#vwOKLEA^rlV4_~SL3p7
zXOCZQ?`BqEjk*v1p5E=VUNHY(9jTt4vS6`wso(b-&FK}83b=cnzkxKV=zu>pS^ic-
zW=_v&W<4Zme}DI+4tV;>sqE0Ry!iceOPl};Qvb3jv+zR(TZXW_Vy0I>&F+}#k_~ew
zG<v8JD7JX@jXtE-c}HhS5H?QJ4-r_;d;GGsnm24dK26Y`Svw-=@PU`8?HWnvW>mS(
z_P8*?PMvC^>`_YjHm?N}u+C=hab(~KmB@Q&)o*(H3H4;<_)@*-|8e)1aZ$EgA26&a
zBBG86NHZ!RC8cyD3P^VfgLHS-h>9RJA|MUY4blw)0us`l(l7%IHN@m|y7#{JyZ3eP
z_sjF~`N$7AbDhVr)<4!Vl>K!Nq<%5*<*Rl8Xe6PKO!gN>ZJ^XLM{HuFE9<1|sms`q
zRmt0_mOxfye*W-j-l|uLW=hS2n(bDOli~X6w_l+4zY3Q@aSV$P7aJ+Ha!56%-noA9
z!Y0vlD=w`p4$Z~}$!(-SOW%=F$DVMcOM8EAgC9S0Ctn)z>}YFWvTrAJI4|GYW8hG^
zzQ971O~dxK7Y4MsJ1cfs>E6$F!L;U{%5`~YMmz7>1?;CO@t02*a0v#~fx1nb<@JY5
za-Ss(X!L!kwN;wN+tc5Rh2#y~NilR<^P_xpYE(0~EP(_SyQ)+48#Y{e0cpyP0p_CF
z<PhmaX@Z)M<i<h|-nr75l<o*UkP2DNwqWOZG$o*>bS){NeLoChw=7Lx*z<0$NM}v#
zxt+wkId#ToFZm_mW^BAOgztz~qfG#nB9^k*c6iz8+)tLTs>R}1kzzGvFT1|O-ZrPe
zU+d#F!HLL<IPtTw71jB730}oRy*oIRH=vP23pPU$-t*~D?;S6xzFDy%sQb~26!9#=
zm6f;;P}unUTveVn`V6&YeU#A1jRoK-HJSL++hSN+?<n57`keoCbl`=9UUvA6yq%w4
z7@4vjNK|PxZ{gy<=XYmH3xq4QoNB{fGVkn*=@$9o=uSAedX2=|k2wK3(kChV<**^J
zbRMW=uQoDqXYpFPWDN0I<oJ=7Aq}g#S+^t)PZ8<H<T3Tmo)M$x1dFj%b{s32i510g
z{GIBfVJ1<va|JL*_e_avvunk6K4f$nOM#4wR$GsReCwaKN^&}UNWyEgdO`dl*|I+Z
z-{^Qxr48;9<(SCi_WE_~1MNpmJ^2mtvP(bm_bajPtc|O=fh8^D`Rcu(V!I$U`fqSZ
z4JoSE^IeVIcrm%Ih4^l#CL7yc{VFJ~rQrv)ecK$(HY%}N<Fc5~?)xIaa3EI-8bmMC
zu!&;S=C;<cd?lH2*f?z$3%U|~?HYX)+Ay6^XmcMMwRckM;!T)x+Z&Q@KKa>O9Hdq*
zZ9-jLMj>Tw=eAHx*n?9?;p;h<_p#OXiR0g*44;hGa_LVZ-&6>A2kv#2&25!PtnoKv
zxK`&9D(1FO&08mD(lppI_*QO^JX00#)%V}MfcS;jtW@d~DxFWdJh~)eHmr`jMiySz
z5SF7o-Or?`>ip-1mH2r^zut2)K1o!-t_Sz&7t<_aHt#236NQ%wD4Jhcu?kBgJq_J0
z3rLpeJ0q-|^h#H^hx?XC`+02&ZFhXzUc>rw3}{_jQHx?OfNOt++UH)wN*x%@kYHyD
z`K9{f=NUS4bG-9R%B}aXHjZ0@O;W_|s#99)8+<yxT7fdD#3xfiEBRYR`eBLH1rw?E
zZ{>W)EYIPRD@6jS{c_nek9W`N+1xT+G?tqK`E+h+_4f8))(ajc2gW;VCGu%iVdLy-
zaIp5p%7eSC3eTm`@Rcp6EkB?aY3hCe#;U2r$ghdgE8{k{`D4`vSwXksesIz++$c1f
z<RrhJ(OB!A5USnvNPwG`5E?-D#ss%FmNQmn8u<Arp)J*$=OWDhZ2$ReBbH+RY-AeN
zrbsnk`!z*UOk@8c`FqXGoO$nYFgRGAWXf?hQPrw&523F8B~4UkKJ^xSz)idumk9|_
zH_=w>*C%}}b)Z$kI$ddY@mYyqeleI{FjnD3eXK6wi^J?EBm8pQAm0_M!OtJPD-62s
zJ+R`?wq;)tdyjgrdv4vPXYbiMU4tvEVuXI%6@e29f%Xud7Ylx39>0?ml;Z+$J1QE%
z1|5O%^%IM5jdmnk@m|C*RO23(UZ5wF9uE3z;I4eZ==>0}O<u!4m{CfNu^*Bzl1VW<
zG6rjVq{3F|kQsN}RU8Ze#T@>GXE~+&6+n#5Rfrlnl?@SO&bb4joV5%K!>8z4H13-?
zK|{La#I{}+Q(E3m??tGDLrc(EP9dl5i@0t$)}xcet0wN%3+C+=-ld#Q-3wv(uBee1
zo-0`XT$Qz2oUq%uH)o?S+>9wPxmdiQy(UF_K!4exBXW1`YP*YnO1jB~9yVP9Y_>iP
zKU*vh@<zqE0(<|=k-~l7yCOrNqp&HLJgw3n>m0#}3TApj1s@m$qgcQ;PoFCa=^3Oc
z$usqp5Nw5EPz%Fk56c|vhEgG6@bzrEHA2MHAPcLLYi%`mvBfF4IulRDAtD>Xa`0{~
z>y|Nx`&lsOtGvf63PbF*VEFTmSqALL2g3I7%jIGTK*4Diwdz55lA0by&7Hex9iYJe
zGeV_ptlRfJ&s<#~vZe#SgpZaj4oaM<!JWqhQ3m_GuDd}a`<nQuDElapBY)`D(_lT6
zXr)J{z0KazbQ!T(9cX}Pu-0o8TllNw$~Mntkp0<ZrbF?U8%Dx9ILZ`X=Q?_HY0A5x
zy-usSlYxg!wLcXZ<y&OfNzC=3z>0B2C1RrRNB`Cu<#7M1bw&WVhxyZv-+F^ioY?Nq
z9nP|I^J`A)jp)XGPQ}*zDC-xEcZOS|w6+FTqUS%|;u^<H_@ssD4`=H4ro~r0ObPs&
z4huxJ`P%}s_}FmAD3$&sZmt(Pk8`vPP%c6lm`rYU9<f#epUFn-B?Fe{`;yQ3CESgh
z_1W5b%DOb)=wis7d)t3;;ffSd5uWbT!A-8KHTEQ9b}#o)1>@k~iT=ND5eua#czlBq
z3Ypn-D1n*)RDz#&8>}Pdiq8!Uyk*xhkotB*xzgnWpV!awAhjV-33_&;0<qER1w^D+
z38sW`d3{QKdU_uVdJl12y)gH}&EbM){%l!5IC<d~!!a-ug7GBC?#dpt83R;$Tkl~~
z!=-hG=NGKt_Jg_ZvxLDwq|;f?(|DlcRl*NoVI`|~$kc7UW9<X2<<86;Ff02~|D1fT
zb{7(Sk!FHxvmVauEw`m|?q2RY4l%*)&TSQbzWefet~=2ab0Ap1hnvD+3U@at2*)U|
zFaiHu1UwY6*~PCvs}oM_;*TR2>3`B6x)$qcKP>A7?B((t4CinC+BhE2qyzI~!|9}!
z-qD>QUl98VAit+XD~TFESy8_6i&kD2+`#s7l-QT@_FGNG`l7~ZiDj0L=a=R@!>Jy&
zScUr8Z^V=tc5n?dE39$6RoJ*6Cgfbn4SAuG1=C<^<QdOyqq9o)MCKIp_^bKl-R8EP
zWm|4k7Fyei`E9`l-*%fjJ~I+(t|*Tm_!$&d*dJ7;Gw8Jp0VkZr>M*|DG2r+9ay1mG
z?48l`rT^p(Y=7CLAmYYw-!b6(aw(_GsKB&+XX*y>nP761Wp_<K&dD~m<6}w%I@4y{
zs9;C)cf_#G$Y)ra26Gpm!;f%yR7Y1l>67xXC`Wtf29`LlQ0}6G0VB;8^h?RhiW5-4
zI^mo?_A*#N;T3edYdOKo<^3mq`1v?H)R~7)lr$Su&Tc%9xf$P0N%C_+c-aPeg|Wzg
z+WTaj5S_g_EM1<jR49|`T5_5x<!WG)ReA*&EWn(K&oTEZ9t9$O*6-JGF*HDxF^AGB
zov(2^Q>~&*uwS4=oo`DHYFoKxAwh`k(I+5UJ~!9eXSQ#JRiF(wTy$*;&UmxSIq4zO
z`Yht9)y?fJ^}$X1dRtJw^A67LUGxja1NUM0Sr@R_eO@XKQgr!8_<`V;4krocLAAx;
zeGsr3mUu32h>H?R_lLz?*ybx{FQ(k;COGC>E_*RyQkp7O^1>#O1Au#^@@72-M+D*O
zu>CfPo6JP4l_*@}Qf@mcqaVjvnC3S-=xXx5E$jDjht~Q_eJfcWBZU~$4HrA#1&W)$
z_V}gwW_w9SoC~#hzkUAT3$Hic&#6A!T1TxVh20>1nQ7{j9{3&W>$t|lq`7ue`Qd8;
zZynV{W<HprEZRLI!Brw&F2+Orf&UNrpvv=^%5xVhYwSUy#m;qUmOYckjH$|tr}74S
zmIQdTPK};bzjikJByu{z{eXRU6GG5<q_02IayMf2S3CppQSmCMbheb~;9%o^>Lt0~
ze5%U#u~St<H@h49ab*{mkGP5_Dyd9FygqmnTIFqAnz(fu)95ZseYalZ)Bf;X!hoxX
zhU1+X{;-;?g6mL3FKw%XxAS(SA?~T=s$a)r?;Twh{7h#=d3jiy(0;jLsKV#WgWsX&
za}Q+;P_<r0P>3ChU&ZH*BVi3)b8V0+Cd<Lz^6qPETtMJF)75do3}Gm$^To6jq-2`M
zL@$35{zkPS?lkofR`>%q@P$5X%E{ZK`#Qb+r`oITxE+bXI<;YF`VtT!-`1UhlnZ&W
zQWC6pF+VxGgBvJ?T9h|zuB4_z*`+_BAGA(hK$4K)Pcr2$2_34~Z}#Bg4PXjMNn86?
zqM?*E4w)Mqaw^@=$F<ydVKemz8q;-m!*cbcq6=FE(n@2*brf9wv5OV|K5U}5;th<Y
ztLzS2#7)`}y5=_5GjPQ$Sp2hy>5|taG~$izMv~y)c_Kfe!1CLB!O}X{jvfGYF6(8@
zsGyaVtcLbSP-PRgmKV3slG`zEJ5kCP1N|ArwcDEOkp*f9xw`qQL(3m$OP%EVqFfJ8
zXnmASKvCzSv8ts%%}rH9y;X~z=gcV;b^n|@pOSQ%7XR>3ELW*O=nuwE8=Mm*YSBzE
z+S9w{x={3;EI(l;lztpe&D5ibHelNM@ctk?=N|OjFR?w0%4`tR9WJ`r*15Y2Y@!BY
z7h@Z6?jbNF8vz>M^pYMr4tL+nMr1LN{DLC|B#+)$6vj25Sxj?(d-5G?FoA@*K}Pt4
zceLJ0=1uSWfyMhPp>FHy7yHjzy-)lcJ-_7TY-9J()I+EPP)C|hYsE1?na^DCQ@q`*
zX3|}6d>(7eG`X<S{pn18Fa)D^alfnrf0j^iR{6f+>W!BtHPPRqvJ54%4Qkb=hxf7a
zAFNT;{mag+-oU3{jh{r-ixG&5z;k=+z;*-fZ%8(ulq#6cG{kukL{==mki?{-+T+l~
za|FE&#HnFARBz9n?n8n|jke+%vVdnf%0=z8`Z7P+^hWC8<chWNpIis$*=C!G33bhW
z_v2(Yt}~GaO7Oz#VaqZ=p8ijz3}<1HcO#cU@8v3cUfEp#LR;I6ED8tSs}^|(LLF07
zII5P?gg{Pu-t~CqS044{DPQP%Sa8&N$4zo!%A`#hJ~loBt*?$Ro1iDkoXwf0bgI2|
z$lH2TAzNL0%a~y?6bziQ@7NzHDtw_#t)H{2N6fHRo0X+wcEJ^O$HMN4i0C^r%5HFD
zXH3EU#+kl94YVUo8hio+rJ<c0k_;ZcwUou%PmW{E)o1YGh8G8y+P=&$TAI1!Jzou+
z+ji~C?xH7XXB0*r6_y@d>ajyD7*6b+WaSh`7#hfiPKJcdw8+T3f{yi8c5ZX~%|4*s
z9L@>iYCD%D*58YtV33Y!wUcYvvbxZ2>;K+MlFw|$WPaE*X*YmWHsNpB^VPd<O+d4!
zq}46!8!^Zc%!j<&w5E}w-|ilKx>PO=3k(cA41)phH`eO29Q8S|d51geWaQl>HtMpy
zlxx3ZY)7S_L!fcA;W~)x0T<~Bek0uF5=w3nNN&F#tUVblhj4j!+^DwC97hb7;_(MB
z)dCnMdB5Z9ixYE>VNdziEE4MZZz}2YoQk>u<?xMo?!33BWv^^77$SwQpVslgML+I=
zz0dRuaG9bCdT$M%N@!634xqK<RgZlVQLzkV`}3A};nZI1NjM~leihyV#7Ph;L<+-N
zOY=u)5j>b@_iHKcbkD5c{7x@BDA<Fg;okDg1u>`65F-Xn(^m?~JTks6I9e+xs1f&H
zktm=e9*VEol7BC^^3GBvu-Yan^)rUJKVIW@cFlOj+m=m7DxtG(_WLRnNP5)W_B-J@
zS4xC6H`8VleCB6Lrnl3kKkKx?uTyXh!n!5a76<f3V_3NsA`Y{>jCJldAEB<F@$82I
zyQ}=(2Z^pnDv|8)1I>)CrXMDy09KRzdJFqeal`l4l0ZPv>FxA6uQywl>UH?*xDA}c
z?b;mx`;{nJ;UPdF@Ho<WNoBoadyD#ZhOagi4TYbz!`L_NYr;J8f3}kNMFT@_x>YkP
zq;m<Iyc-+w&kCQ-=bwP5AzUTaR>UcI8u7fYyIOfOIcHYEZn5>2n)N;|7RkP&?{=<E
zf?M>Xe?Zm|H<%W$aD%N%tzlb9?SaT|TSW$v85Pa1#S>iSlT>x|*<H42P)`vM5lXV>
zK=_p2d<7<%a^Cb?*G-uAedWPQKY0{>8?@QiikEnDbjX^t)ehU8e6S$=y`5rspzGqM
zLa=<LJ@~OVk!ZVSj4mGN4?gGPPB=<X1ABA|e?n(5G#^WA1haSTqPsom3eH^C*OYh1
zjB8!SdC6SRxL*C#6MnX{Fc}Oaal-+zj+GND!J`r?Dl8<Wn7YRe^$yZjtT}y$r5zX-
zm*2Ssql-Z?vx^Yi1<r3fuHFvwIYDQ~R3CGSLp-@MZIz0{8{_cXHP*u<YH*t~OxD1N
zF$r?OOK0{*h>n~L<=T((o~}oOSo55URGxi<BjNNVpCtEXlb@|j2wpkquRP$kET;3y
zT+n7J7Td{=@}BUWG84G^`M1@LBG|P5&svpewJV@7BmSvlL2~PbX}5GoFVUC%Tc;OK
zHb(z+0tknrTBQiIN{{g!*1cm1_C-`8?qi@DHt*d$s>~quxxs~UXM@x07kjVJpmu|q
zye}T#vD%VsedSmYCc6*66^L$sv47Irg9{kbWQrEz?D1Z)Mx`C24fK>uwU5R4>nR>3
zw@06cOX@UlX7<b;j9(Zfz^EUSOuOi1q)!vhQ`J^&BlB{eSpDkHC>$8KI$aMu9pM+u
z6n@~w4WF%OkvnS<`lLF6(0raZ#;N`|ncQopb{F=iq-XA$NwSp+D~GT(tr|S_JDeFV
z#IG&R78(0^<Ea!dhJflOM5_G`H6~K}Jc`bhK~nc};Gx-GZlFm<#hz?%#}mv3|3pNq
zxITPD3%3@sz5JZbUk_IzZ(~RsdLf{aRNKc;&YEOhB4qGh+^(IG(A{#PP*2(wANQyR
zbe0&EmE7n!jk~JMNbHWYvvwODr5x7dT{7=h=oLgj8J%kvJ8w@%99(EL8A@77zST5}
zx{o;S`galJqU-a1cCmdIJsson6$KQ~S2jql=}lLRW9nxCU=v6{0qCe1Exz(jV(>>X
zA$@{(1OSe}UUlMxJH5qFa%Wcb>_hF-Qk{Znoc+ipwSyW9P4PDG74N<3V*1Wqpw{0&
zVEJ9Y&YuZO6MQiW{1}{1=Q8}_dwH<;o*WL<Iu!t^SFQWAL@8>QKGR*MxTh^nn|j)%
z3Vmc6A(LFeBKEB6rF-vHix{OkiN*x&hl84p6vPf(HiL9Z2P|a@MeinuR2<3q%$D@+
z*IfcjGMJ=w>a2cK@p9QDIfVIptqMjD)Y?7QZo2)I;-hld1CVd%P^>gBY|wO5bj4=D
zqs{SHJ?f64zsl2}x*~6<-$-T26Q_T%i=tM%-~?~J7t9<#cGumC$@FZW8MDf@BwU-r
z3pk!J>hVdNwEAjtujL_1>xEa*$}gpCNmR%WpWNc*Zs~rBArh5NTSuA{m_h4T>EqF}
zX@rmiGNDMz4V%$6nF{F%Hr9)oNnUoG%autuw)!QUorX)@j8yvEw6RBd*)Nh2((H=F
zVlSM1pf60VH$X;5(oBy<pD&{Vk|B!Jme2>WQu8+YU@p8`251l-=AK?NTpoOv=c?9I
zAWzfwKq}9>h=c&&f;M21NT4E`3NghO6`a{N-<S-_B@0k?$)3{qfz4la<YDMT?5p|x
z=4fZ|olRg~`6uZDa2Y`EZ^VypLPk!5uDS7!Y`wd$_oC`9QPGz-Nm>PS<%u7bZxSUD
zB1V@c$F~l|z7dX_Z}5E_`o#LQqH-~Giw2_Y5l`K6{E@voI4=I`Uq?-&0J_Fd!rm67
zCA|7NOfqErkRRY|_?YiA_gGu5H~bIUBliZ;%hrnA2y12L|I6+Ghiw4(l*cx2|JQ%o
z0{~?Kd_S@0e{d~t*n8Y>|0S#VFAnArz`;Ceme$T!i3jFY-RNkl>iZ-!&X%M2^5Ioy
zQKAPe)-H99v)AY2KdH3D@E@u7BJ3j;42Wo-T7Io*$*)Z?K*8cp^!${Q{^OFc4?bBo
z=7%xu%2N#_=Ct@7j~!C5+3r+r)Es5%dakU#fF21(&sVsB`%~Foh4%LLj(<>1wIkkw
z0{(<?fqL`r1H3o$r?^wc-)v<Rcp-!vO19%O4gG!O?};ZrvB`eIsyw=c!|Y%$j_>hn
z+k84`3_`aCxB8z9{aiWe<f<55=F+=Xw#phoom0SsRPeH&`g%t%qBlq&882)hKXO#x
zzrEyrrjdib#jap*8|^ahjoxfVZm)JL3;Zr(JAYwx9f!sQ&ea7q_dnDhN}D)aS*r1x
z7eYJXiJmNhqpeDfsz2Q0HZ_-6_W<{=<IcQt=N9(UUg3+h3+(nj+!C<ZETwPC)j!>x
zwZrpP+s%Qb$KHR8`#dpO4&5DN>l^8~jLk<Oj=za-9>%fRb@%JmSoGeGP*-#X_YNHo
zOQ|MbY;2WgLfy`EpLbmM&(#M}A^Q_bJb#bK8ns$8GD>*<Os`W%n(BO$2|n{_J-*Oi
z*6{QckUX5psj)}d8?{&#-MFzP1t*-Z)mSfz8GW<mU*yCUAh?bHBK?X!%G~Wf@9RYu
zhrMU+jnTyUdllKO$tzt(%p+em^+@lAC;`TcLXE8J5#}#M0;WnQvVz3lzLoHtxqjC5
z?5ov6_=(+Jg@zNo#GUv|wSs!F);Ooxu{^u629WJ~l8@bf%W@jaOI^43!+Yb40CUY8
z@!;dU*(A17fhphL%bu&-aX4eK#t#AQ=%0I%nIYLU{)P=bTI(=<o;OL1`doQ=S%E}C
zIK0WT36jTcw9Z2(V*71wI6<7+tF4`Rqd!5LqX&)my*RRhxep!T#y*-$>_$%)X}&{K
zf~gfSw;6Knb-A?Pp}p+-GNEH1DcB^BRQh;HOKs(Qe`qieFn62rmC8si^=6BeMh|UF
z-I)dvVd+()duY}B4|m~}4#TGYyM1^iw--#^`#kXdlB5}fdh;}4mj)%5$80fOy{c&{
zPpxsex2MZ><CKn+lOG#a6(X<qA~&NlttsZ-CqB~nRBL{-gqcBEF<d|5uxt$4Bh=sa
zukRyd;@SNobL`;#xoQ_)lMUfj8b6HV5ew?8M)q^kIW)wTiHG-ayHApFzu;Ti>l4M{
zjETJvHT#L@(vN9Yx^!r*dlN5YdyJpSRgdH;XMjG5-Bx*8Z8`Len%873Orp+vg(((y
zezbn;_g1bL4@Hka9~0}dWrgFepum<b#fVBrE_`^{D9j*O2DS!;m?tvX4Whw*Io7^E
zRmw#;mN}7THN%|H=5L-mW90Y>)7BK0VqL;JyK6%H@=Y}oDG^X+g=SaE&G+q8;8)|L
zqtl-!jKSAW(2r@zWqV^X4@8YVJ}Eul7Bh43#?!8C2d&SxBCaTL1f3LJu5m$1p#ce2
zp>;GI4(Tm1E#pk!*6t~D-C6UG#8^anpTR3)>Q`186SM+1PYmHxCG|~bR()y7VvA6)
zi5csn@tsXXTk+bg30QAyIh2gL&@FOGtc1n*&)bCEEbCX-`nvM{1Z*>^5cf#?!hOSb
zJ+*@CMV;E7QH|pTgi{X~U$|IFFYG9TY$as%hCh*qwkJ!a8wofmRkR#PNQ(dFFsgE-
zeIcKb&qgAZGZw>yzbEKC@o671Wy09o0Stg_I7Zd3xezY;yLR~5rV~vFIgg>`paQQr
z-@n#-=X)V65tW)3q3$gf(>!@JTR&qLO?vOLMvOZU&a%-`?t|hrsml#)3fV*Qqc)J>
zJj%6)p=3p1!=xHOlYEI&w?%{-6F@9EQA@Vbmm221zwkm`Qas%J;#Oe00!9N9FsDJ&
z?j-HS`T3E0a<ROz28o1gJ9d>!Vr=o#lU#Lm8o!H+>1A820);NsUT56+Z3{X!Y}6rc
zmRG;-ajV3+-`fjD%kOb8?P<023B0jOyJ|oKxayD{`&)KcbL|>x;?TnJHeo4j&2F&?
z1#ezdU=s2G3#|(lzbbn8qB8k(&WnDgR0<TmrAc1HeT6Gm532y9k+(BAjDSTJTtmS%
z7+^yxxK%E+H=3X`>b*nWS4^0%vHvsbJ-gG<>kWC*p19AL0vM`<5O!o?3rvf5>1J=-
z!}y@+(7)69PX=22_D5MwZV%c?2c9veU@*v&F4$Al>v8V*V%flG!0M4QR%IULu(k;5
z8NIg;F8PPm;})HW3`cFUA%{^T98zphNo2J#T1M^|bccf8f>sK;@(}*Ry2%==`C44c
z?|3~+IIKlU_Z%zM+drPwr64g!yN&vIM7GKMHJ;HDi<;ozBvcfrYcrPvbkB>@A!%gn
ztMqI0=7Gb{Af1ozO+Q=@5PGc_;f8|4oAJK6({d+c4i$(B+1Y!KH8eJ=t-Jis$Yj~u
zmeo@ChX^<y`4Y^-@^=wb{S@)rFsX|lK?G0tAcJ(MqV)bEKV|0@>(#Bn(pl-|fqDcO
z;30k%2l~hgi8uH-&Ne07<2I3(Jhzg65FDGGN6S@HDKUl<pJrqp%$t3tklKb2Id^(r
ztLDbU7<>>i<f)FBa(p7KO2X!V$R+GPVY-;2_gv|GL5Ev1psKYj`h3!V{BC<~Sc+}o
z-EKKA8!mGJ(N(?=q)`9Vbo{oaIM|^j2Knfg=;SYfP+zSbm2Sl~sHO@vBT~}SXX80c
zlyDY22KPUQDTv;u_O;Z9sovw(dart^WW?hNMqB08<6moyKIFt?M`;yNCwJSkkbTEr
z`L&`N{Q*_f*Q|;*6~G;$dEtpTx>V~t8YSekq@pcF`22;?`ng!Qys-1&HT8asZMDb2
z?+0@oO0<Klt=%!;RpY#~A$2HBjQYiZeyLgYNEv)&e=%Ufhhf|!8nQus&z3M-=+XcD
zz}Z?f1FS=~t}cdD-EvrHJ6NdJ3B?2>@mD<46c&sG9G)edU#82?xFe3wQ~IKlqc=JG
z-a~YlwmbZo0{ifans-{R0s|0EKdrNUX9ypt_8J!mp=4CqAHh+1omlg3QgAc6M9C<S
zr9Mb>*0N49wsWHJHIAh*k=yu#LR<vb@jOe2DT!-_db)rthoEsi@+-295CYhl4Ki><
zGNou~bzi0%AW#7=?Dlxxfd2KzXJC=<8}cQwYR#_eF5Tc2@4#!)XHiY{yR+??YUxor
z`8|pStRn~y?)FQaDA!~pTM|h`5Ed-y|BC8$x59J>96Rn7=;U!6MDf<I+sOM+@CNB{
zg0hp_@JxeWWRv_pkC6`JG5-25y5jxT1_B&f-Oy75%o*0)(zqh@06B}3?a!3X<Tuz`
zYl|jFtak6`x9j1%ZeOh~!mw>FKie$_H6Mc>Ezs9H=Cw)~#bA0&Ldi-3QDG*8nY?-~
zNaC7hq~>_@Y$>Drr!6u$_v%K$@?I}&wo_l#2AoD^<=6VKw29jddP;}t2JhbVlS~sP
zUptKm$SViZwPl+cHlNiC8=s(Al=PA6J}L{r^6%87o->4nxu?)JEMUI!$@sL%7I{u@
zgTj4RzDJMrS~YuvJw0y<1(Pyi4}R-?GrO$ULSIrd-j<mqe<_+a=y=f+ouu%NKLRTR
zlQCPbazg0AL(WKr3?n09Iew)Ks@Q{|rg|sil<%8vRu>(hCp&RP`}J6wjtO(>^0iqf
z{;_CaOY8;Nm5yQhDS!c2l0E%+YNblssa*bFHa6TnqCKLs0<EO5cniu_2Utdbl;N<S
z<9vRtU67X_Ur^|H24RL=qrKo-F*Vg%Z=14UvA(wE2*exfWeP(<jYRW8o~HDI_i~tq
z)V@{I7wp8sd<b1ezY`wFC6MyTOFgT$%s-ZZhf}j|oUgdx-@f<~h%IV&4x61?K3yEI
zVs)CU3Z?2e>i48&)&yp2X7eLsbbB?19_c0R=IX=t`;#YT+}3t_4Xbreim*iNk`S;r
zuA+b{Y8}z&ur(xso)7uZ!XK5fPoSJEF&Q_h(QTk2$d$S}9Cq6vp!0?IQmI_5yGb7v
z_>zBcpypkvx#}MTZ_H5jod6vty0rrQ&RUQpMvUNT+Eypp)j6?3=6Iv*MQY<(;N)9(
zR}++fp}6WAHGSK9Q7`ydB=E@*<=$E%sovYs-6BY^s`?S?n!{bJ%S_EjGjy~6FC$oP
z1GICj;KgyiK;Sk)r`liFsNF4Y4`t_t&$^_N{#}xO+;Sf=vXr9|SP2Kep9i82>^JjL
zxy|R^YJlNJ1l2{ijQ3o#i*%Xk-l}$@YViXu{j&V%!P^mH`$av+Ka&W+RO`uU?8PhI
zdr`0P`<QVkezR=N*aU)K0^?exJQ*#y{#yF<SbuBt<E{29>~*UA6N*nRiGK*W*#8in
zy7O~1r<gJI;&OXdH<q6*x?7Gu?Q2>@R4x+w>iJWO^hBERAxO<n$$By+&DiEwIiO@e
zJYvBxgULE;MD_O%=#d2fAX(}YHwmYeSo$Q`uau`@W_7nJ$@F81u;13G%}(?Cj<-Cb
zZ&=h^0VUl@qLF*}@Rju!cx0b~AJa<TPv&L^--%ni%=c3bK8{9IQs5OmK2w?P6?tKX
z7)5?C^Eb{!4GY>kPC_}|SHpY=Ykcy}*CZuBabLedlT+*;z;JNbZHEhDL5ajKoN^mg
zy|>pXk?;1c*<Z;39kK^Yp`AL2gp4b`Z^EdzFTs}PUiO)nkA7wS$gCR<+CXr+@Ecv_
zM-Uht-ETGioVqtRfX(Ad^gB7f+fic_soOw-w+`%2<SJ1S75*j|Ce=PwrQnlep7wdV
zpnW>5;#mFZQEe!P*j10Z+U-R5a?xMqISy0hYl+_CGgUdF+!%xl<78{-+li(ig)^UB
zGo`l_A+sl)-H}D2!%!!KcAnHyeJv$l>0nLb@z>Yo$N96#I+SlH?itl8a{1{^7ffCh
zJW*PKnZ;)&Lkc@C=VmaST<AlZ8I^^cM`UWvrk55MU_0?wo<^0+*`2WNj5VU^^r*dw
zj-ABa#-QGQ2BH5Bgi<)`>wo8O#6(h5YvVRUck$EZCKXIg{Qjfi3BPt8<<R4Wu7a$&
z=Y8(qq}?I01Uw=)ZPi!1Qg18wf;jIa=?!N*)d%a%4`APbE`mCqMMwmtBx>2q-kSNS
zWR)Q|+i0NxAIT#V4~eM1rJsEDJa!B_SX>~9?fLNvsu+2C_|5r?DOfll*rOBdmnIb?
zZ`1A3X>!9K?YZN}ZHU2-lLn!r<+GOj_jIM4?%J-hY1_`n?CG>SOTw4(s#AoE##5Yd
z9LtYE4C>ApKH|$`l_uhOlosv4cv5@k6D1)B!RCLuNXkhLZRNntU3VqL=l{4!Iw&Om
z=_2{V_w+BvgJAY@HC5p_nvDF{l+B1~n(5^rAjgGlWt#ZeoM(`dZY9bXb^1QP>n?WK
z&2XA^Uv)!s4X_Dof`esOxk)8(GVL=*w>^#+mkJ7S$N<!GlP;NmTm`Lf^Hc<X+RBax
z_oLBO5?=YVS3nY<8P`Ni$40X;oP5^o-hT~33kj6?Xi6uc$Zh8p4dI(C)|Jye%sK1z
z*P&t>YK6k?Ja{<zo~}e>=A+bfG#9zq1yA^4H?SiaCR{;IJ@`<YBR6|or&;<Zxv4m=
zYLa?#80j#$5eBr2kjL%AJ*%jQ{`sC=xhNE~X)J2GwqMX>a6CYV-Nxk2zVbUqRJ>07
zaPUOg6~6|PIjlPJj%xY(!+!v9$tXzj8U84&)ja7EViJ2T6i)D5xaS+%&947XGl@Q6
zCK-GRXw=SG*&r5lPHh>yZl+&vi~GUj=epTrzeMbQBXi$Pa)`;3+IMJ9P=I|Kyy+Xl
zW}y39Q;J*d9MRBLhtEBmB(O$MF(<7Ir%3khX>7Nho;~8|kAg{Wu=P!JTyDlbJqj09
zd0Hs}k`K3W7ytd9^lhzm`p@7Dj7ij1{?v-q>wEv(Q9}2B9VI&sV7<G(ML_=v)eRJ#
z-$e0>R?X@0*h|#iU!Jk2VAJNHv!zy@h;(LRWj@YyUWk<7#<Q)WAQ0dT2{o!ZY|)N-
zV{R|M^Q63ptptxt+#Q1C0u<lw{!SBCrmo{LSc*={s`m}<qMP@z$W+z1fQTbD6=VHC
zT{~p`=D^G0+kp`&0**<~`FnnfO_ha}dbr}`*<v^?X4$z#DT0JwS%w*^VblQ%TCzK%
z@-<I-#{A_MEsu-~X}aNP_c4MPZwcZGm#V}<by&n)CZn}|32VAu-M_zKT_UCke#&AW
z`P(_fk%=R2r`E4B5{mr~9uHa%dIaMp7e8p6nj4FZ7Afgf2#@V6a(sIi_K>|LiA2ci
z=(!Lr_T4wUUFw%#cB7xA6RHGOe`QI`-5myTA~+rg+~({6t?&s-x*feQjy3VUKk41i
z`{~K2d$$A4oJonvB79j=a|j&+p}#x8F+qGvF<voeyYmGtKFq&X^OP$qDNE}~$2~+0
z(DwZWo`UF<Fb@`h%(`)1KvJUXnVZWGruxd;LMjZeg^=9VfkfQP%?wDS+R<|VChp+c
z&0foanJ7K3o^4^aCl;IP?=LpwOoKn#SC54P78JUMct+ya_<UW0eu-B1OY(fTv?Jkx
zOBsRuu-bd-0W^ZUs;JdG*+ns?QSBr2%@g!NVIhpypxmary`)GA#uF2WP;FE5sXQ*-
zS28sHamMK@J@uA+e%M#)V1BT}_~3{n0~%cgtJo0r*rElo&JK4mwcGr0iFmuZhl)-*
zr3mXEP6co{Q!GJY!^!Q1PN{mF3}=%-Cz07D2q4O2M*|HEzA}^s%Ka8KDPtUDPCmG7
zCVba9aj85|w-5|Y>Krc#5cdCSLE`;sQ_H|+C_|M?zg(;Fcb+!P*(AOZx~($3&9x76
zy=EA_)zcM8xRy~~B{9l^mo<Iy06Z-GAuLdlz{XVIvAYOGpFN#$8F>)w_tq;PvYv3|
z_VGk6iC@vPpD8GWDDM`o;O@n_L9aH2D*-I!d40LvBA!{^LZAeJcx)^<gKMKZcCV^{
z7>Ix5a{Ei|zTgOi)M2+W_0A2hSdE4nGfRhsA20jmDy8y&SsX4lRCJZq@$F4+wpt&W
z8(e%uz2=NKms5z!O}uu?JhZSaK;YO>hmuj!TgNIak5jD11rdCIrq%%zB<V!Aq5uYx
z&xfqXT^#L})=0Gv7gH3EpejKDXZcdC0sl0z92bVc=u~rj`)&`;|BzN$>WK=<^mc2Y
z@N-$XYQ?BQI<RwaW%0GCS^)sq)l-EqLQjkZrq#(9YGqHb%FQR7<u3_c6pi-66{B-!
zE2i+!Ta=fgToLY{mLgzrN3mhaSLdV#mp_<esRNXjI*u#c_O1Jq`dV9HhK*>EG>%)0
zQg5$GAK$E9V;wjEAqN1{vW8|U8XVKkmrYu&8ue%;l$x@}cAwcdqnE$Ll?}Uhu5!Mv
z?cctwXsT8gTg;oUYq^r>z)pX+6hW~SG<PR)wy|I2uqy%<W8*~_1w?DEI_E>-E5LP`
z&V3E4XcLX9$m#00G%<d9A6K<8;AeUvd#V?lIR7!LP1v0De$MxIHR<MoA0b~>y0P|f
z(o2_^z%QT6>L^OqJ$mDQTNbR2Sy4cDADC10dRPvWQ%aqj=`X8kEAhw7n}EHyAd!z$
z<F)zMi8~r&ph*Z`j6-Nu{CBr%07P=pmpT%nD0RK`am7Q9Okx4rtAvPyp{#n}O;S}v
z(+lmGp^mIYdFih!c!l10Ubx2U_c1@5=z^4K(dI}?XSs4#Oy2x~?@Qw*9gbQUEWp=K
z^yk~q$OI&@fx#_kP<TJ6_qA-uB*nqAC&s6aF&L0tP#-pwY%=1ufgJ4=N78`l7l_(6
zreYCgHBDe2-$##FJt%J<CQ)R5_*bH8P5y^7nq*;;<xAuv84hc4N6`%zM4i}81y*yG
z4umF72kz$4f!-zcS_-UnF%%putayf|-+0|tQ9lzJ(0g`<Df<pmmX}=-8S+@(mA8x9
z8-Fyh<159k0$*N@4g2ydMXN#qL#_g<H8`AhE3FI34eNUifY4$cdbemc)MBn`wZ$E2
zi9t`aGY(w)zYmT5-n|j=LG$xGp+{oy^vVXf(~DQ*>l^n=`Km$DR(U6=k5yWqK}W+K
z`2&V>)nk=w3X=P(*Ol%1I*&s=4v!=>rhYGs_&N__{O)mekl6k9csE(dR;v1y!5?r1
zIr!lHwy1ZJfF@sN?p;$C?SoCP%=L@kOJ{r~cn>2Um5t#H$r95PzXCURpp<O)$v86k
z%XgM8^S!`4kWD~k?vn(OfqV&7Dg<Bao@Z3hbUU?m-{!d8G>FLqM#si$^O6<dettdr
zO0`yy5xj4$|DvDzUunW0Qi%J-_pW&Km*Qld&HOteosV{0ImerO-$@8#Qc|8?bTq)8
zbF^`^J_x-L^84<a-nE}U5vFVJQk&QR!zmLopZF$<X1OhhP4GXC{Fjd=<o+F3?rfU(
zQ7mMCq4R%jWdB%w>X`w4%ca*ePV9fMIx-^w8^j<G|2g(Q$d`XFS}}l?pp7v=75?~N
z;q#X(@6Wkqng8%Un&#;WrMeM<hH=ax`RZ!PpEpk*e&UzA)|t}r@V_nt_#yXk2+M#V
z3Nascv`MP21uqtKupM1xeHnuZ_?`p}43u!1sY%wuR!0n_i*LE;2@B%?&f*}<9Wyca
zk-o=Im0eUU>M}njYIAB=QSL3aXAWgbyWHE$XG}yB$4CX7?g|hRX9f1cz;>NKUWVAP
zi~gOuGE=($(R`uU?<uDa`&%AJ+ivXkW3KWJjVLd?W*X$Q)UZen<9(IbZ~Gg0jc=b8
z?1{?;uidj(%-#Mah~jyhUiE@;<MgGzI>((c0lNhf0r$aX0iPuowa*J9B3kX=-Pl-I
zG(1&qb|1Ef|NYT&C<CXCTIDfmdConzm}<_-Ob8HLP=77jwH=!wSu}qoy%5>e8pPSd
zr~6^{aDz+#^8}lK0GUbCdeL`;;)Bu#>%O#59@C~=ke}mTr{qJ-1#8}gXi?0-RpDFR
z-QA)eo$1&bv8qo`o_;S5Orq;`#}GN?RB#e^g1m-4@iUvW`X{JnjTaNPw{2nO8fRCf
zR)bzCG`X%22|AA&K~asW&Y1KG5V4U7<hr`^g(BBqi^sp-zB4OO;#f4__`<H4W{PR2
z)~$)PSjt)qIGtlXq-F9Fijcw_aploabG%agH66VbTV<2UB$F2b%!r0od<|>z&XVvu
z9vMn+-Y&8s(R6ftj0&g$)wUPh3O!_4)-HHxcNAZAGLI!LzR5ny+kQ?Y=(O+$nXZs;
zgW^%bbcE683M*1v{*eri|Ak23AREZC7x>-RTjWrnW=|-qU(T0Y0L}VR1|NLgDs+42
z4?hR`oou&)ddHi*5RCN?8?osVF6+iFBLD?pcM@Qs8>IAw^JRsEbhs3L*8>ee$zFrS
z*gtq9fJ;aHg-aXL|Ak9C&Tj$Q!2<`NN6<fj<EZ4PHu(u9_`C=zE{&<jhPGE>`@@ii
zaIwYd*e0+2=b^KlS8_V%efD!<QuuhF{aPVBGlXi>4H=X5$+KLU!p`~^es-~Ll=%Z|
zGfoX2c2ri*+kBLMQqjy`#r)r2o-;X-lqBZ8^{qSrU_Cf*Z?@I+NvO6NkOzA2Xc3ag
zXv5b@hs!=ge#e?beU**4$MI~kSTAeq+G#;jgF#BKlFRdsxACId^8P!aTSZ&%7AF)B
zE82$(RA`^xiO<V^5m{KX*d!rSW-O4SnkqaVKir<X0j<cjPv9!%3!DjUW}e$+knj!n
z{-))D$A+@-@0~vg(M7Y+K4J?0C%*dimvMbDbF&XpbJ<O0STHyNV(=AblQT5RqZf~~
z{<3B`%K1sU-LURu3|k@~*aPUB4@!rTRNSuv@$mo->b}*V2QoZ`7JX*@L&oW}+FLne
zl!Us}zXGJ{%STLEwG?b9viFdT0|`ndCN&I*F<&{cLPM^63x9=Vd#=_NzJ$80E6MN<
z)g@f|b9m#p-Zkr)z~Q?}og~Oj*;T)*foosNYJ8AV#X4CMi@FWp#LA_K?0^fIHGz0<
zi0?oa@6F!0{GZEch;itfo$y0#nDnM*Z(MAFEm%C@?T;Tnv>aC#dbe!}TQbkwb^$Du
z)8N}BL5Br{4beRet^HNipqJS5&E}mGe%Lh&$_pnZ*?|G(UMJ)FY#=Eeqqvf}GTJGU
z(%awt1GHQaFkhEP3NTKFdNU8=q>`29>s<6PG_U^yQ+!&v8YbYq6SNU<vdyn|+Wxgz
zms1<)OJj%6?q>3c@~E=&r(ojfW%r+El1xZ;8)jOx`%Zxaa_FfqD3q?L`?>Mtus*F`
zZ_7Yf?VB&XXaM8~F=hkl;pkc^ja=hYPPtgj*{S>?y{P|9uf2t2g)s4vPr@HY$8nk2
z{<RLp@Rlc*g-<F!SjpLb8T8Ch%|Fa8V3;P{;hNyP)hi0KyLRSfi(I^VcD7yvVG}9=
zmn$?Ql()zgFT_Cq<9Vug)5PQ$)g!kx6_QHrXIreu1Z$EBg=;BJudk(j_sjST9kap3
zv%s-0BIC89F0sFOvF{$8VP#!0=wb8gARN+ceJka=0{#`ATF`msO}+|)x^bP8{$^wK
z=HP=QC%N5D-P}vkyXVA7t#(HMgqPEan0ZWn<KA<wNOE#w)$wFvmauk1(>~FCleVF?
z^}aYjPJ0GWONCvH9uTnG)FF29TIBMJjI&@sY@qx9!>#DFT8(t+PEKU%-mrgdL%^bL
z%eQzf$jrOwNwZB;!|&K$G%@}gCII&TKRadpjmw!4ZbYdC_T8MUoc_tb@{Q||GT+jB
zY`^h_XlF}0s@cbT+L=s-+M#wuJ)&hDGvMx>D9qbXN<Xv!Z{EaPx`{I71iu)Ytr*54
zxkR4bT#k(0PRS>#n~Cw8HhN_>4|oR7ladfI8QB&l%xG7l4H!#ey9q5R=^>@LL8`ET
zz=X|R$Oa<3Ks|G`8Qb{-MRY%?>15xcZ;|w#bjv|VftMmtriVW`=etYmDQD&>slZ_z
zM~zdjcQK@%$qPAV_$$oE2>I`uwAF2k!*{!zCJo#Y_1KJR;+dqr_zy+MpIa9G_(r{Z
zrkv+rs7R5moNqF#NY9bNS27Fd!UUO*s4sE~F@<sf417IjN`7>6%+<CAz;scWF$o=@
z<p71~v4qE(pX-n_S%bA@ozZ?v#hAH3Nyt(Qldc2+il9yNv{=s${|SrCxSjE{iT7>5
zT7JR9zG=r6Bs2#2dq>^t+B_F5(d}AcSuMe`#D4bsUK-r7zExuX2P9EpP7(~b9VG75
z6yXlR#2@4LOK$7+roDpb?T~NgLRUWGS284Z^l-CT8FlvG28=uZTT3IOM1D|2v$n#R
z5fWYHvMiPI)F(rXvftF3j7^NV-~P#}jS77!4u=7;ht@mq83_QmfKkIa=*EiXm=K^!
z$!3LeT3P%^mGi3+&zN#DP=7t^p+S1;9Bt*HmL`!^{F<66s%h?!tmdW&?ro#@7Dl`{
z@6E$m1{}<4;CjSj&oAQ%cF`%(rLLfB$i+`Uqpf16`(U+mW@t6KBQ0nVeXBUQE9`bw
ziG(y`Os8{A(j;%*#p@vqppTgGGmz{QTk4KnEE~i}@9}n<HYq2t%ZlDjpGyF^(YgB8
zFv#|gaV&9Ul;*oOWDT_J#%VniMaEqs!K(7#?(AHFKUB3)YY@O4GFcI7kHGcjrN8va
zI~tI&-`B~G0JG=wEE-@2^R3PAJ-+|0X0xSq*|+F!NzzljP=GP&j((%m2s?FJyaB+a
z0ow?>@omRd28(7_3&XzIX{YMd#I(R@JHBQA&UILk3vy{Uu(;sHT%$vMih^X|ge_gS
z^1}{UYW(ZZ64twzn#itnrTbXT54yNb-dBYZF~ZIh8h&O=bwMNvRvWyJM%U?g%KCf#
z$emm}i4|NqqaU=2nH|2?ZI?NJeU$;ISz$1oNI6^njprVWITzwn3wpSz65)#ZMdi?n
z4XYYHq(Oboi?~M<h^+nnIep9FiSsbg)2ep8Ld3(yz4{XHjoRk6-E(m`L=JKhKyZB*
z%lMyL$>j%ko)g(c=oZ>LjWhh{e49+wg5I>?olNvyr#z;N&Yw-{qR9|XEB`j01K`Jx
zIHq_cUcQ|_kSR|S<sgG?f~CD5zu1g4KJ<A@#`Nh=;UW<w{t=q9mdny!Bhf3CZFV*N
zw_tw7VPvGS=Kcx3l`2^|{jXI1AK9-nQ^>p?f1BUWT+9Eyu79jk4RO~S7HF1Va(}M-
zd#?PC-yggKBw)ecKNtQztq1<vb&LE?_xTV)+wOnW5$CcplorxvFLnOcS&xANBybB=
zRHOLc(e;mOzykjMO7J(9;=iZRz%?xR{i#ll(K<#f|D7ZK<DP>7i~S79;I8ifIO@Ix
zpmSUH3*zLyOZ0zlMjE)FU6RKiIseB|eVBk+3fUr+aF6uz|GgRTALsRzFVFu%iU0A~
z{<$!Qh{I&WEaKePf6DqDZwN9S&A=qQB07)P4@Io84_7)BhCq!{QD;}z+7`g;`1@xh
zjnXto(w?A3>7O{+eULkpZ;2ub;|~3VkyBa%pYATH9v+gy<Bv6>#JzT9VA6BFzC8ZB
z!%3o%O`iMfZiDA9IzwS;VE3T^KSz1@=QL(5Y&2&Zz}dp$TckaAMk8;7MYGi!1-dzP
zyo!Ee1;Ma;)Qt$9wZ`pA==x9oh;a7b|8I_5YTO=TZecOWv6V$bul{WIf7Gy-AAF*_
z9)4UlF)}bF|9>Cs9X?hd4mjvY|F+Bgd3hldGJw+h|MUNNKfOJAFrI@V^uvdy&#WvX
zJ5Oz}zgFvFGNpq2`{RM4uEF=P&N&Ql%jMyJB|W&(-P5i0>Q#%O*T(<Vh~76NdP%t!
z9E8zWl33wfJ3sfG`)2pF?A(SbUED{FF`#C+YvQ=WdH=1r)JU{ihS&x^xBz+6_lOjJ
zD#O-P??D|AB@xsscqV`1l0TSSsM4oZ<3k7*gW_A%Kg?F!6kN0q=G#eQ6)7I69nk`c
z(EszPyp_HGk;ChcKrm=Npima)KY`B>5;&Pmv|HLuo@lY7&|OlO9?r6XoJ$+wr<co*
z#&b#KC7n|xo;`cDcZ>98!2HB)X2eoBp4+%dKsDpwfuOy{a*aKyV>Hm+RL%{{`?rb}
zSP>Lo0{3h|>Akbc+Embmn}|_((N1u?7yACa#&TFdi9ds+e-z%N^#jm#+RV6OWaM$a
zo7tn(5W=skH*EEss+{ijaYEx*;I7xXj`?Um<f^7l*+}lf3+~PXdXC_qLL*0U1H1;f
zNTFQi#Gzlb%eYuFY95WXdu4WG1=@j+lv9PCqtb`J|9EE>j;A6g`unP5K(1)6<P^p5
zuj1KC>=n?t_w6&<VP-!)BCGo4oS+F?4}%y6Pq+??YQ~d<;M8^*R)i-+0Y248LB&HU
zOGCBL=D`+pa#&Ck+$B$SI~27+4fzVRDA&4{F&qHs9MONNx*AOIdS3r7UDN+wy8Zyf
zm-x;Xmip32tg(QDQft7;S4qs-s4=rV2kU$>ZfU2r9b??)gN|Pht4cfIHO{|z%isUf
zpWI=r%Du&7i^u=$of~|?&+p)v^4=FY-GKiVi=FQ3Ucdr;Zic#wT}N9^?Pg9&NmW_>
zQhG-ssSr&+q1_vkE+UHz63Lh<Gp=ZZG4V%@{g&A9>$?S?%o54C&4-Gt*q+}ZXs?{J
zYi5hIo<ezxk<7g<a?Ope$p5}@Xz^aoWbTn?@ayy_si5XDdFYTZlK{`7&d~Sx#B0)|
z(vFwPWYo3N*qr&JD<Y?>y4VH4mTh`HolSS&m1m*0t0Wdhd|XSPoK2X%PI0G<=Ko5y
z>)(Qm9kuIg)%H{A(n#$d`6!%J#<59&Lc_ww@p551V;fxWn|8Nikq*<@MFG<!Iyaip
zwAFhPl~-;B-~{`BI;CNEbf_p5ai2n@H|P=BXWE~^{ofqGXg_!^sZQlHzqzI$lAtpj
zC|=N5h!fJr@FG1jdxJ}FWV6gz*UJaFl+(7Bl;OYt=v4n9tqC~OWF1;7?+o=CpE%Xk
zvvmtjixyL8HppsiRwSnzj_?FpMeF(k1$DwlZ&Y!DC^CT(oGGJz5J@MZGX6Oop`Gu^
zfr2#-KKy%3<~kEeDMZOtf6yA<2WfS@B`!2v>xmetLE03On{vGhU#|1wYI5J;l;l64
zWh#pV<S|&azvMA|c28QLSh531lWy|N2kSnSty#-^LoNLY+;U+Cuek?qkXeqgY1_@8
z?%9Kx-`rulC<zw=Gb_Nd%G1S<w_Qo-j(Yg~n+V!E72c`|{pG=8h+d4;vpwJ2r*%&A
zb|cCa>|2%{g_%H863Lc&j=tfS7=P5Z+5^Wn3GW48wA+-UZfg<tEwd!-Qdis=fMWb-
zz5EBIV^R&b>OQxq<GVgUEB~i<CI1o!6MU^qWbnXqZ!}I)uUAu@$K_uobbpg9n{O#$
z-1A`M0erlfT5>4D%}}bnM)#SD%H!@wLnbjXUqlB}k{$n6BG~`Ygj~Cs)cEKdExhQb
zVunpixb+aa@5?`g9s$X-h=T>dnzlM!ZusueK`hXpyefH5Cc=z$j-8f5;pD$cTZ5e+
z|IcckMHW93IJ0Z+ll(K6bN(y!r@ekUO)qxmnZ?Jab1b_mu>03bn}s6IY3Jv@{&qvQ
z=a;2!{Pn}tvnTzTvt@nC#z(8Xy#K|#TPGFQ5>s05{m<`T&APycr8#B%OC=Ufz1z{z
z^sdK$p3TZBNisL~6}MZ>vo6;w|M5&WdWGWocrnZps{z=*`(ZTOcYDtL#suqJ^W_$W
z2H_WdreB+S*Jhr-P4&4L{zKCv8INi_h+e<<)J?SuNBoyv*d}{>W!>GXD|@}uP3KE+
z*2Qm_pyWRvxK2Mhpm|s6N~80P@9u0=E`4#S_06a68W$dMi`413vU)z)xuWX6=iicT
ztFNyC9?X3DaxpXerCnd8Uw)XV%y|9$d~hl_`0Tm=|3!M4mv_&Jbv^D<9j^P}edbM0
z8I@xb%1hQ{AG!V_<@J}Bud}m{AKNAJ;>*iR>@oXNkXmSrpwi>OTu<PrKhOWD8M8B0
z1E0sdKA+V00l54-^osKu8K<JQRzbI?Jxs+JJ#B}4s)5HgetEm)rPdGNJiF9l&Ei~*
zxj+1mtL>EE_r1?6e3OgkrqlP87pK%{2CkWr3v_+Kwa}eGtn-p>TJFhx6#H6T<Z$5Y
z=jAoA{O@&TX0bNM7yS}1y}AECgQ#}Ylvh_)d2);YUAU@!UwhNq^P0K)=IH0gy?+&5
zcl~v0_{xxzvg?y>Zp!+9W8>p@$z|5SZg#!JdERy&Ni!!)_RZc%yHcRj1b23_)My>^
zo3*>>s#evq|C7I*>TZ5{{r<Dd6BoNrWlz*dEd`cWnv>Np9XeXSV(GkFTXOumr~UD?
z|NF<-de^RF=O(_|sJyH=WY3Mer*dvZ-0LuJ-!wDFX6@|_^A2r#zCh?`_iD?Nz;hKB
zY|in^ow`44Tkp@GoBJ)#mVGsT#(s2t+SXSk`Maw#E*LYvd|Q5;EyTY5wD~pH_w3yu
zU;jxz^T+e7yxgZx-XXi)c+0kYl~2rlv-I?|%RMf|e`Kx8wela&egA&NwBW9k;=lIO
zbc3ILTIw}*Nsy{nK%dL<hz~ivrCWuC9%TYoylpA`ESBnO034Cul78Rr>0g=L_&p^n
z-4b^5rs_Xw6`oslQ<pPs_DmP_mgIwN>JwZH+cH;~`ESjVbz^&&uu@xp@0EVpz=NEk
z(}0(*CaLT-$q>-q^L3?@<@JnvH&<v_RlU(T82q*6q<rvw-~oTJPvS(xrM<H&XUg`d
z999&1a;UW%xa%SMX{E&d^0&8~<NaqZo03!mJh1d(n9yOq=?QMVsx=$>KP76(olSNB
zT(180^4A`3lZUnShghE4?gY+0>`}RTr~!C>P|fOZiaHU0CSBgIQGa-uuSv-d4yiw9
zj89ogK1(_*dHajx_2+Yr8<m&JeF2_bxUot}^6j0i(VE9}XPGRF<1Y<A{(<rRwIA&}
ze*=4}7d`|o&b$(xufZNy@JLiv);IaszVpvd=1o<bc6QBT%X-~i`;&xzb06PYx%K-#
zKV|r$N?7F(B;E+>9&Ft<(@%|m&GOm$`Eq4Br8CdXv3zW{*tIP4a@&T_YdOpg+Bsg2
z*!Xdp&zn8kHsuzviOVCFpP%!UFYNx>Pv2)A=x;9jT0ALK;Vbu+Khg)!ud6kff9|k%
za%#fztb#UHR<jwCwA1}g2}yY!@0TsMe#DjbZ_;%19^lG$hc3-yE7=!r3Bl6E%S&g{
zGvB|xn0v`PnA1_Z!b}PiQu+!RDm{Y~3*3bxwx%?u{?0PbO_kJZL|1=j7Rx_*&)Y6i
TrJ~oTG5~?6tDnm{r-UW|WvDh_

literal 0
HcmV?d00001

diff --git a/scripts/automation/Radius/images/expireCert.png b/scripts/automation/Radius/images/expireCert.png
index 8a10099df9ab18d83e0d296fe267e731f4841234..5ba786f8b44d9275f6b02caabecc7c06c3ec6838 100644
GIT binary patch
literal 80177
zcmeFZg<F(e_dkjlfT(ncq=HCGH$!(wmw<GKbj=J3h=7Eo<j@U6Bdv6IBOu*1<P5{i
z8K39*zTfwEo^$?yb6tmPV$a_9&U@{(KI^mBP52vig~t!69%5l(Jyueb)xyHM+mD5H
zrvdi?CMPU_;tuAAp}maE8zmVT`Zw;bHug@|SXi&VI>&OWbiN@C)u`3_s>S*_SZ8NU
zDla0BEF;87>R#9wYmqUGN}E9q!bRleLDJPu=yt*^R2-ZeEcA->_P&=JNkkU^GM|Id
zMaL$HdZhW-?L+40fySqI-qcZRzD?ICFL%w$(TI(e1bq6clQMi3QLRcIIC|tT)34?Q
zSUnyP>y3Hh>bjR)p(pD0?9vRZ|2V-bZ9K4$*7mJX5TAV6fyl3I@ihji?9VYk0c?p=
zL;UNqLqitw&(Ls^vYe!Fy3f2uVJ@C-)4$Bko+8h=my9^Zzi2aSN|W=DzmBw59d|}u
zZ7nQgJN%vt`$7Il=Qn+*7z_1F&ow54ci&_`85B74xTB)LE1Xjf4_}{2nGJ_hsobS_
z{O<Kr2m7d;FIf6MZ^`yX<??O1mWKxJ^xhl0+VkVel{}}m!y66o5Qlm_JeQbQJk*#H
zvTzOD8Jx$gwVt(sl8u@g7Aq!=i*+Z=9_t<^g;{<qD$E;mTjD-p;b6XrF>l!{?Efjf
z+n;s!f6{jv{#+=fEu*A_`PQ~{x3+fiuyge!LNd`}nwqiKG4M1{Qx&mvb>=j;a<#DL
z^mTUoQw2-RR|J!Ew)Qlq_jPu1@euJ9fBx4MBAE1_Y_8|@e_i6~DE{0)?G3$*tGhM5
z0OxDY*Uu#$($mw6xm($YXvxa|Qyue5{JEW{r<({DmyeGRrw=cutGg{1x3I7<*J~aw
z9v%+N6&xOZE}rJT94;O&{%+)d+L5*PuynU~^R#z$q5spaxrM8jr}*>de>(cl-{0f3
z_O<`to?JZsnHFY(Tz^WqxH(^Q{ikhARk1(0B5&+{t(^>I?VT~pgXu$pk5^diuj~I+
z^1nU)S51Tettl+<f7JZ1lK*>6T@Pz_8CPdam!1;;duRUX_P-1NsVK(vXXgL45`QoA
zU%8ldmUt+}^`Cnt@i4A@AQ%fv5=%)|O2_xkK?Y7B=`?v5fl?4DJznb-R`%6$0M6HF
z`kbuite;!OfflQVb{`E0$>j2shzRpkj$5ymWw`8HJdSLV=7-hiN$EGhaBClL7xYnv
z`AE9QsG9b7&(P)&ENuFJza%Bz{W}wr^PB!R4&gu7ze^5kZwK7Je_uFmrB#K3%cMGu
zUurinaKa7vbf+h3pY&M(`Y~i^PXoe9BiAddt*Ywu5%EcNndJM*+2{@Va~#|tEZm?U
zxsq7Yu-w-XJ9jZZUdUzXM%w7KIT_kQE@^}$wF_={kr}^me*XM9Ri~}MYQmF_yo<fF
zGoH(5zsD!y_M2Y(b}If{c9wJGW$pf4=tu_O7@0AJQ|B;~hXx{vS`jm%weHgnlWR4$
zqw2s$pplTr5p}syYtrS>l1df(7&9Z~G=xR_Whx-xfm*s)qI?u>d~6O$daqL;@!KNK
zTyPK|5tmIqESfsIR3Ex$F+^~-F(T6%;H@9-vecxe5JQ)H@l0U6YQ1-u*Pke$eH%id
zR+GV(9q6nd6!P~%g}=mN5FW?X#7q_omyzQ`98*WJ`K|xP_O`;VfpH_Kv*+d|V`P@F
z_Z03xA}@~I+cwqN3e#LYj?_swK1E_Ia(l?IM4V=^Ay=f%ktkm&zBa>$ZFsh~inWjV
zXpv)K({_g4u*hqW+*42>2{S0U4`rvIf~)vi^lt|Ltwt2-)2F*}%OeE2h~w%pnx|xP
z+(;il@bopKoN-4aMIrZ#PvgBZfWr2zks1@L%L79)F!0m29Xl#+#IsZ$aeGtPuVZ-O
zv5FQAbAqeZbd0+s);-Lt4DX#<HUEn|tUH8QA8wR?pP6?SYevpYRRhEBP49PpEd7?R
zd~$K2`?0?8BetQ+0d14dZrQyJIh7=>{mU5b<V=l;ApHlE(I(A06WWF9lT8=Tc3wLs
z4}XM0V@ej;qYTq)%~Uf;h(QpM45|hP72r*~;<iB=wO-z9U8vr4{wwapBnm?LpCu^A
z*$U0po?*KopOt51=KiLLBq?5FLA6~fdwvPTl$6v51cWxmy23XVhn8ef48A@}QY3Yj
zq}-?8x!I2FI7{GnO!93kU)U}-xw1sfw}Q$RxI9!V0QU(0np%PaR_aEApp6|jZjdDF
z%ahYEbT+2PNn5kP;#VPL__+<HPh~B8Zxx^N+#Aoj!xbx*j#G)%;(sW@s$IZmjr%B%
zp^PjYJt~dZ14A^MYV8w)3<^A1nmoBbwxKSKQw6~v{IgtVo0z(Ly2g@U$cv~Y2)g`o
zO7rb`^wjPo>w^x|TP<<>e7@$q`{Zk_eSGetn#;(O3~^%t#P6ks`Cl!MOw6UuufyZ(
z_h*<%)sCYxMD156Hm6!W6b90mV<L`zP@Qnb_+$n8oyF$O*SOLF#V<t{TC7VW8cNLW
z?Gr%=nCNC;Due}-wnI9-F!N~uQQJ!3p{~OlXf#z=nxN~%know^#%ykeH6_jGAJ+U5
z6K!o80J(C*8@djgv+Yr{EY~))R1{S2XppN-vO9t_dy`FHGiD^?mGPxht?LSi>U7wE
zYOWm+8gj2Rk4tPeM#RUhr3ij9sj*A%xN-Pt(aD9wXy-ZdV~%5QZ?RmB4c}@*xWjTv
z-KZ02p?J{=6}~C6vfR4cYX-{BA4GeR3vL8ovG|OnpWh@DpKGDFRiSijZIH)su4npr
ztB$Xd9A?YZxt*p@I<FzSvn$M+{U>hz9w%%{9kcVk)PHmiW*g#v@Rf#<EH!D>6hw*Z
zkw2r6iA?4w?1`eHU%q?i<R|jS#fO{V`P<VJ)ZJICU$+`pnUu#iKjUuGyb77^`4pC%
z#h$_&Ulu={%FpJ!(ijQb9xffqZg5(ZHxG?`BS=mvm&K;pLK*rgBo^0}O%Iw)rOP^b
z<JzwDOwd)+I)acH+fug6+LmUSy5$z(r~|qGW72kHA~cesShYBgFD`UIUEKe)k=JSl
zRBU_lBe_T#?(X?}jG^h7hyLbO0SIU`K10qLYnCC>vv0}tIm<I%t%|vFjJSiEYN}i&
zHw>s`;(t-F-m76S!^K5de>A7`bEpZpI8z%iYN}gtX+GV~*)r2?xc;fueDdX1OB8H-
zP=RbPalASWWNYr>UV7@cKCNG5T~pv0$B$z33*4V6%kJ?Jgbqr$cV*vl8DwGUmc22(
z%@6^mZo%;5{OcUXGZq_mS9D8@=y^#zz=pwXQ8%nV)9U&W>g>jsP~y0=?$*3Y2gp2<
zv=poKod8<4j{tw&@k2QiA4B82pV(7HQosvo7G5(Mz1bMuo5;{m7L_lKElD?KrZQ%&
z4!ZtHW=5*k9%qC4oXininWHD@$ayrEFX{*K2U78S;NC8rJu{X)Q#pqEy_o8Ev@N5n
zESG81XWx_e5UM@FEu0F1UvxvqG1YpPppY2AGvy3AaJopXtI9EIyZzh(y<Kcm$I7V-
z5dF<0@<TcpS%?_FIo3>6Cfn&7UuPW_o{@OT81m`Ut2>6Z$r;UnpP3NLo$#Zjolx5w
zt--BfyI&fBG;%hhrjkUqac}aW%=OFg((>`nb}i`|d-;aGm+ZechchAv5?N$^{!G~!
zTYXUrx|L7dEB9F`Tx5R~QTddVQc~a0m?OGR85a2oW2y{ixPVlHsq=(KrMUgepWHx7
z4CX@(fXbj&1)9jMarM3)E=fkpC=HjR8r;4$K9wH9mja)*P~v9XPLtJ4QB-G9D*Pm%
z8<PvU^i<$L>ZzS6pv7a>rQ0}U17lPC>R!(0pM0lFUNha<82XygVh<^V3)?OSYUm1$
z&ZmGaOf-Ylj`2?-gK`yOglFGqK!oGFPQTsD-S17i1aual)+!H*O~s4p@cUuURZJy-
z==JM+XWeHh@LMu8I*4F{qR({%P3Vc^y+NWeYI_=D#oZVWs5zPa)jpg92k3UC-NB|C
zA{ZjD#EwB+nEyJ<i);j~zcgtEnUMLe&!{!MKl{YfKI8D+Z~Xy{h^N6V=?5KY{u$px
z%i-*hTKo0e*{l&`AZFy+O!HkGLAde6e7sv?e(t3!Hgx%2X#)6A<9gS2+r42bmvQz0
z5^RI(;lZt`=kzMqr`u*b>gkge%4BR~Srj;xk_m(PedoKA+FH}cT9u12*64~Xe=mp0
zt6YVN=%s)u#L;ezO_f(r-IfH;z^d<%UEsrw(Lx9OcgIs;HOQKl2Y)>!<)-^5wQdSd
zPj~V=!onXR5Gd>ANQPqdqC_s-o{4cW1w1*&XBx60P;NBQuo9CyGn_UVicev8k?J*7
z)oEE$E<YQybQ#%We74hS3+bGoS4kQQ?}^;z?Koq~gsMSv6>i~oZdFX-KY{Mu0mOS_
z6&%yHXS^CxwElYK=4TuNgD_G;0*P;Q-zD6@uiF3^v(l_=yuFLs-A#u=*U32?ZR^~w
zT-f22+Uy)cSL`$DCk-t`QBjjdE1Pv+7pjsNKOJu_Bq?fs)!eHsGbdLoxyLP4_v~Ex
z%`l0lPWo$RYgu{Gfmv$GlsdB(Kb0{@JravdiAXv|YvY0(xyZ5WD$AXypTTzP<YB__
zu;Z3ts=a1D#Nx62)v~xwsl3|W%<lU-2_cp}!F|a2;qiU+E8cS(H7e~xDt?1SlT=#Q
z+2{rDJ*&o*>gnt2?qLdUNGA6_SMkVG7uX;%kWga<XWcYmXO#KkeWnoae!SC+a|2NR
zY*Kr%B?Ihe5YL|U#My875_O9+6`63{6J>iDoh+giHhy8*a7)3pyeKM`np~`;xSy;C
zWZt?vYI}_)L$_0*(GlAkZ|TAtCB(!b-6V07Csdq=Qa^8PI0-l<B-%d51jOE@)5rd2
zQQHAcrrf9C&HjwE9E04#^46iBFH49yPxVxdV#~jESqXB8t`Og;R_=~4N;o|J(vqpC
zs?e?Nc1rx@Y^830rr4{nn*6)nYKKnSTj7Q3>D3|Snacu8wNfF=i4KgloHmy*y(z<U
zT>$kX#4`sgYo6m3YCtqsYz|jOqU&=SHP&>L@z;FWv!!OHK)vemh^v54nSnWB3%0_a
zGt$%`+>xM+>t@z^;J(1fT6_+u2Bjni>yW8Gj{^X_yZDij=&yDSoe`hLX-x&4$gNB&
z=dY;&yKe3;9Y-3D=T@~6P~E|@T_=Mixr9%z));YIagx5#QytR24{&f@OD6SRwB-X_
zI4kWSNz8qzTrDqu@d6Wqg@`_H5An{b+g&U;w<j&{h-L?#2HJqY-Dtq?yKtsVgF+V>
zUx@~g#Fb~e`X5&#fc2pUi`$bw;8F5-8zEt#I_yMZ9V+a(IY8zxo`<(-OR`{|D?hnW
zJgM^xA-)tgD=Z;3I464SOm5SKmk@#m!BX6R@w-Wa9lDJL!*`4FN>}oPAHR!fJv45}
z5oxg=|CKVCxX$^0uGSO&(3I_$j-S-gfU!7@xOcikRc;}d#H~TOW5#u_)#gTtVeY5e
z2!6K})NA!=Cb}GF)a~{u<L2k52mRWG36_;rW-&Son%p%KzSotoYW9~?t(m)pd_FdZ
z6dn^_%|Pn9z9z6Z>%l}x7Dr2_7Su?<`Ef+z-rSB%3r@^4(bSjfnI(Mvaq9I%sod7Y
z_uZcPODx5J5FqvdoObz|xm?e$9ia)kHF+ei%i4vbm1XUe0VG^{wMCfe{f664BX$iv
zw%m;^?NJ{?r^2qR1*qtDA--DCHg~)xlZHv-SiV`Q6k@cNW?03Nv#?4H6<yTI6H{a4
zXihiMVlgaL&|Vflncbs}lCtNcU*kl6F@x*m21{S?7IL09A-u^hubbNM6t<c4a@B&I
z>xONxZOUTA>?_!IFe$PA<n0dNgp5B^@31BnViZ6kf@W-YQsDO(po<tD;CI}e7F^cq
z9=Ndex;3Z+Bk0=Mdi{aEW-fR<$xJbCAq!gdAu!$hYj^+WE}tL=R@-!<l>c@b&hK5)
zi51oR#Bq4k(i5E4Yz>Wrs_79iFy*%~$=#m|txqecO>=}CvvLz`4EZeA@}z5rxXTjB
zYxeqz>`)%x#2xS7w;k%jHe$9mLYzTK5`);^v+0)?G%TZoOu^Rl;!DlR%A9`8Xn0|g
zE-<ptiilnG%v%|Fb6&92(x%s93-0Rp!Q7&jh^q=?wrQ1VM=Im>#f_KU5(D-Yk9SHx
z(w&hjd2KTHBc>#mHRht{y>z}<nmFtHLRcn3#0}Axy`&c~sTP+Qgbn+}?tCOdY+n0x
zzRy@Y{H0*TQ>Dt1_V>4lsTu{rL_G<sXB=>n_{&W;J;O_l`eTQ|MJIbM!OLTSV!LX(
zor+`<qO528mVs{aS@46Z6SGL=Gb&d+BByY-y>k{Xb~;U;qspG;s<wGQEg$;*c(Ov%
z)`TBinm2QN^A1b3Hb(3>THF1J@iaeam<;bC7xMrKLF}7z_K-Z@R0uIML-v^l%=De(
z7Y^fw;(fcVvUzvq`ze-xfvZr*JQrYt0CWQ}B`pnifS*48ivfs5-pf)_2lW))`E&1_
zNKRI*IkH>Gq7M85!)FB?o_zm>Pw26Wdr8fn`K1*vr&!egfbub=(6<czO+6#&dE$O;
z!l<-%FqVlBIMb!(-KJU}HC0K-B5#@fOuFyxSz4VL<;Fmw%7u8gF~RP>JK%DYe`&4%
zn*DgSO!$1FP$>d2jMyHv=`*ac$~QiEbGVitu;{nD_-=d7DNr^55_|<{`)Ld`Su<g?
zu%zS6<<7nI;{^;;rVO`dWl199`P+E77A2PF*#LKpGUN|u*ZyZ()p(Ne>D9di<v4c;
zeY<c!Z(Th<=3)oiNX?KizwBF39li_I6wZ0CVi#Kut~~^cC7REG%;~ol`^l`tD-2iu
zQm6e3M<mSZj7<SH>n|4HhQpDaRAmdcwxHCDVLQ~t;Tb8v1qtfQQ(l<2Du78*GRePu
z!F5KU>%(8Zh8XhRQKKU8dNG3h<KNClT#(RwliO<M)sifE*a3ZP-o3a0kU)`H@<f4(
z3WoAfYDXfB<LYTb|7k$v-aD7uoi9xO*#F{cVimE+7@3LbtAqb)`fu;%?@uw2d-RL|
z5zFw*|IYn8%@~IjvLTBt>;0FLi*e!q^ZK9=hAC38WgjQ`uiU?jKgbdX#ilC;^*zBR
zNDYE&Pz@w7aP&6>oM>#zw6&d%HW#W4tb9PVZ9tX<St0}9Su=$|bkU(|mqWYLX7yv|
z1ZA#T@1+q}lFtsZ-B(%8R${Isya{5Y(Z6o2_}hO?8s7@6+a_LV#%LVD<9}^3TLreH
zm=RdswC;K+yS57g<%}>xI>x*HWHWm4;c7k>qh;tDaa)kG@BPcnO&#8f7Y;(eB4!Id
z=SD3K&vXZsz)?ji#sqJ(Uog80t;_Hf<d?@AzsYK+yKRQIoV8HjtE4w>^L@3{LZjC3
z!qQ~z0Qq{b{dXE-D#x2MwdMEfQtq@m-SBnFrrEj4U5749!3(<4Te@GR_kd^K*8W>n
z&-YwmfZiR%uwBjbcqY#5+nUL5W2*MW;AD&Qz`~rVT-`e*Iy}4?LOzk4vcIb0m-JHC
zLV3o=K5XtxCJ$(#)y+LO<w>3ANmhr_(r-QV;(i1_`T!crr>}F3O`bRz<hb>6)Xkel
zRu4eCjZY^h#3NR0uDHtE`^CX=&4J}~nQg-e*DKU5{o--4#&V{L>do-A-{O<JKa%c?
zcP-wcCNn5W??r5<&m~CK_f%HUAZR*FCHciJbhGfhaH>ip9eda$o;o1;6_3cL9E&yl
zpVkqfW5;x}S%UH|mgYwWEj;Dw-!`vS!$1(eEByfH>E)2Fv{PQT(d3(>ZK+b|CfxZ*
z)2QkK`@({u`295XdDa`ITCfq|OPh!FS)meSI<IB^?(W*OVpAYToQS}Hf-Tolws=?t
zmGv0{Ik?nOB$a=_=hDNl0Nh}8p26$WGH|~b-T%~N?OW~4KsA+1Y5hpG)WT&Yyntzc
zq$!^VWzXOK#iOam;M7Cy*6x<48Eh}E_Lr<U-kzL0&w!h+j&bHe8bH|PTZ;wPp3y~b
zdT|V`*r|fy7&}D;><n37x*gh(CLZ&wBm{j^l9%hI2&z-nhbm}ZTb|WI2sVs|=5s8L
zv>u`T9_DDOaB`GP0h3ExEjtt!7_nRJ9=QB+2eO!VkE+9^?tqkyxemuV!fOPTP!37`
zIU!buErqVU5-=^s*FTagmfV~h3f;vrYW5%-Ra5|tO^Kzp&&09Y6+&`cXjfkRQlDaZ
zc-h;eQoOeMM?dUb45lFfeL}}V*9qozZ$F0zh8G$=VsYiKEH><gKS=e=0+;RNo<?b;
zH8qk&)`@ay)oB^lZr~v<`P$F#rwr4vfxLSZ_IR2=j3Z^B@P>!>x734jn3W4po>IRd
z<^k75lx@Z21;lPLcO$0}4w%IPut~_DtrT%yoq5C3h6&2WFz(7UsNdBa=(xH541>|e
znXnk(<21(S2SiM<yrlr3@ONy$JKKWKj+&n5=i(%eyY7fu2|iS=LyP=m_HahyIq9vy
z_U9bU3SZpEe%b8Sc;0qZ%R43?Go7^GbU#Kp@E(d1ucRBx^#JFF=~7u}qClm@{1$4(
zxD1`lN4dv^G&=c;HxH_n{Ca!fuXqbZ19r)Qs54W9$0;6Amo}#ROEY-;HR8P2q}E~Z
zexf|>M-Z)6l*@8>zAd_0J*7$+@^Je}4kh`RH+73NBx*%wzroBi39i1Pr4u*og*FUG
zLez7~3fDXs<D7B#4)7q8lk25|#bbA=&Xgdf-(KaRr}J1>QxXL(BF!$xHsF_hmwJI4
zn|;h&N%`b;?ph)M@}v2+cN56<^L_%+j9XsO*J*Td$7w!n@k7)^rs7c$!};gmJ?%4N
zax5)(gR4X_CV5xCH!6|Z_7N<X0Kz4s=CBb9@!b36j36j9>0I!_)4Nb<u`BMxx6#_Q
zjVUW_YtQhPG&C}};8Gw5Q(YR}FBy3GJNX)6*m{V)x#qYRPv<?E)Os~kr<+YH(E~J4
zGqKdt=qAqgM8RmNL_iH5D5I!Rx|T=gzh{O?hXxsJ9+$3XKiJo{IU9698JuE(qJ75n
zMf}*l@xGs7y{BIcbiCU9r$c$;+q7d~jY-O+F@|(Q%{77zhv{ly`M0^tWqGRT6`DFV
zuR^QUcT_xCkAU!fQ=`V+mfc%J9)m>4H@IUVdg4LpO~W{vD{j^Sr9xHnj=6mv8CzYx
zRcLrKT;bY`972Q%VOZh>8Tz)u_=HLCTGD&8hS(MnaBArG6q;-pqIq!@ysfN#F=1$T
zJihO_wdP#%!!hzgs;pG-DB{g&qO#RXzpR-KIe~f8zJiQrK4yA_-gIpxput8q_SXjY
zo8f2MxOsclH6_(@Z)k?3tHh9slpWZn?N8(kf~n;u4PL85Mq=71buuHiM&Id*)2#8&
zKL6!ypR|%vAL#pPdZP)Wp7pj<bq0SfEK(wpLSeg+>RQ=vpU%~`h>#6=#K;)5J<`eG
zZ#)*)j(cuMnclW>Z*%aeB&y7WZ=IQJjs?JIDZ*+fM8feF9R1Po71C4EZ~($KHg8jN
zmrX*Wj!X4$Z!`O`SWoBmW-u;dTG>{BZGvf}1l-Yp2lWu70wj0*0)3XLmZa6NU+iZ4
z>QWUAfwbzV*O?^|9Eb--MQjaA0>B1|unpWdcx8KLbr(6Q`m^xOACCoelN#B;y@sM(
zKTE)L5@tsBZdWwT>db~1YSY^#ZlAGKjoHCE;(_+#Own$9n>@K^Bbu-9n|Z+9LvKG$
zU#l9rsTvX&b>Sgjr<v)U^+rIZuNC8mE9goQ<xT8YA6Ou>I$ZSiNA0RBXunt<n-gsb
zQbwrm&Cpg%#!d1xlAFzJf%#)=-njIu_E>fba_M;)YIOv$G00*Int@Vj9zI&pJ8Vcr
zQ&Hr)mLm1eWCr-tAbN*_&25J;-o0ld7|@c(jsY-*Wv9}P+C(2_=YGaZe3lGMuj{E}
zwaQm(K~)d#m+o+)Z!Y4gl<j6F<j=H!B$qV~QKv^Y?T09ZQ}C`3m5mn}3E<b2B}UqC
zh;B}&TDih}0-c#?B;IG3?oi1?&tIuq8%6^64mkFHj6}$O--Y$CMqpg2g`9Q1ud@n1
z4sj3({?{4Pi2CGEMC(CInf(Q|@(Y%No<ph)&GFQih{hPf*l)HGZ#cIyt6%Dcz}(9+
z+<jvCycg~u;_Bush}jDQa^#ZUb!n^}B&}RrOqXS}Ne_QJqnzQKu87TenJMvHj`C9r
z(*0*dj97@uHF8_L))}&H9VWP+I=mIuW}eyOx>O&q;0rW56jHDW%VP7G*6!=@sP-Fv
zJK&$C*`6<ks+xjYYWlDD6HjHEOHf_hNZ1PGBAACH$|m@rU*iJ}JUGq_>4p%@Te)7W
zR=FHEFN!AL^<JEvDNGmZHI^ZsJJI;8?Q3jVItoB&PmSbCG&!HCnfboOQ__-@?(Nmv
zOz)dS8qo%fxTC(Ep4kNEWgN}M*a??!L3PoYoABSg(c}`>-pp#(gWNNn;KklqTdMjX
zB_y({35_v5z{RMoLW!ut^{#~WsN<XPl=kpe@Zg2(G^%SEQufET_$(itO^)1}uyyVr
z>Qezmpuj(OJ`kHQP8&s;gA+r4hdaA`&g+B9sKs1J-9yJpS?vbUHd7(XJ{8D~Xc*Q>
zs&4W<|DKio<de%L4k<pCJMZ_kf+udq_aJFSXA5CsNMOnBYk206X|CK|_T~2N>K8TM
z?0M;8;CO+mOD*Zg<i5+t#&NKkGhX0{t;>;l&qTa>^upbQ0II7M?}6lGtbiDibRFkq
zpc0uTln1}xBj!8BHmn)f@jKJEQ^U%=NBq`m$D{(=%R|zzh+zty#^gtQ4V+|iNOL}r
z-u$tw@Jw{UI>nPrX%~U`q)PuAri)6B-u<<q-}pOxhj`^?1HAZ~^GK5!d8oN_Z42es
z%CGkcTtltKEskT1Q|Y<N7^lj22;+`>uPKMQ#=oe%P6M!h_!+izI$qsu2Jqg3Ce7|N
z%ceiQMe1IqlMbjr7Y`^~A30hvi50<f>x3J(3U%R1{NOtOFKr}~?Oh|_Ql!mUXDa}+
z>f*~g4f7Yy2{_wQSodhfu}>jXbgdFO3iPpSxLq(2Q$NdN+KHZW-WkUyhYx*@teLit
z&zj0XwV=-hddAEgTf-#VG+y=}zusj`mPJ~Qz~av@Cszk7tL@^t`GCK^bSm!<9l|Sr
zZYFkCWS7}5fqwJw7o`Vhy6AtNIHl485`Iu8@jTxijy_DHBLOB`Jz|pW5q>h+Gt!FW
zYx-H+Y5Sl?w6|dMaBn+bUbni`YgD6_U9!%fi_bH5%d~LXHTSe;zz2ckNR%C-5x+k?
z9|sz72&@(APaZ>vPh$wqL@4L`hy<3tDi<_1RM^{xlbmDy8MD<&_@XpNY=*DWce-^;
zzV?G5It{T}j|EDDsF=Jf&s)ZN5Q~1Zx|r~<n#Hz_On}Yi;4k7rZKFQI?e4cX&fAM+
zf&H%h;KM2Nq@EH`O-pzNS`YqbubO0HBz^f{?f@Y$_?Jyni2UO%If{*^DWv}>SRxu=
z6iT0McF2A%N)Ho|t&V5ITdRD<z>p2+XSPfUo}9Efij>%~lDpmY?S)}Aq|^NFy9BJg
zlkZ@k!Bu(n)A5d+UFHw$YoCKYC24)Zcn_~QKn}@Co_#|gQKf7=$1Mk0;jQ~hDPlsm
zm+ItWiw%<Wn1TK06S}X%dexT(C}bdThuM4LrK446<8kVYDcL2K1m{`PrFfY+$IpGQ
z(i4&03sGt#Pa>*`s^YV!^{->!Bxa1*XN!rp$GLq}JB=50GA~CR_EFXg^ySnq6DN`R
zJ`D;W+;+R2XATN+IWBwY!+RF{$X-cxy*p5M=C$&*Pp%~w?1meIBnL;3no<1MCpLj%
zCV=pAv(!5Dwbw&SG`^PsFPef2=PUiygZE?GYBxIa!7(Ar?T;cngn^e6&a8tT(xwCb
z`1Dm`N+s`nP)5_q>9-mO$c6z|0l<0Yp7^i^8>dmr`~`=7Ts&mv!5`Hj=8I7sbV$mq
z`}Bk{LAd^F+1hlMbj<}~j8N;Jx$1DIbN+ysB%BC&r=C)R{D^znLIFCD&BLULtvFm1
zOpn=8p@u5ztdB3$FR$5OE{PjcFak{XeJ<B%5CNMk)sEF^V@RAi!-<ENo^K&^L4_d0
zNSia6O58UXG0hfcQy0B&3<QhOXsp*ko-<N##eNm2QLs2%eLJ%gLCENs^ujmBlxU`l
zZ$9l^k1Mz6=W2|T`73j@U_6F@sI<haYMucTYhqY`%HF!foGxKgXgW!rk!8vLCbH7C
z+ji<1*>t^;<GhtHpSIB@Ed8sCynK8?_w;}uLSP><6w~#I>*YZ<-Eyh)x<rvO0O|L+
zK`|ox^1#lizsKX844P;*`mx0K7IipDRU0##?Blfd`-QPQlU(H<<RtO7*cRgv`}kIT
z7j5%!?G(?*avZwn{h;C9#Zyz2Lp$^UNAzhO736hhO~zbJz_O5n_2ZI_H`u?uO_N>+
zqySNwTlyAIC@+NzvqK=UaXTR@Wi~ysJ!BLoNqgT_@UT(U*-xo^Wyoko8{=hgH~)c=
zvxbD|WOndZxOlpF(TWY*-S^dn1mP@Z183f-z5SW!VFWav8&U6ouGAl7-a}boc*S9Y
zTyMwi@&#x<Z&MqS1UIr4_J_<lIUxy(MV`bE8GReT?OQG<M$~d_On98;u`S~Ed-Iyp
z>12~1U@3hpgADvW-sanPHe{v{zxpnN|MIk2EeaW)yc_B`a)PR=Qhs*ZAJe>>Um<6Y
z<v7gvIi96iy84?X)n<%^_Eet`j)7K%je2Q{+Y^KZ32>_Y5x-@x3R#43?Pm(ZEOAhe
z7aLo@BWY6QtQ`?7`1^`BN_bWEWdJ95;FjvgNQdbjae*mr*%m)E$9}p&NmV#E=lXGQ
z*t;I6`_=uVO~;FSH3IObm$Ja*#>l%Vcad>2bh255+p?{T<ats{kzajbWDN5Wqt*i4
z#}j;zv(*3!(HJVx&7f>SdtipU(+nVmPH%nNH1p<|3Hdx5ZToDRvi(=xw}|L3(b*6i
z(VnY1X#Lo?2G&xq^Xeqiq30`4Ycjmg1OUVbGhCKC&q&Nd>h@M}EF0JgT@&ZAW%yPU
z{FceymABWk{}}%iphA-;p83(YZl=fQ(HWpieUH%~N<(US1#X{7VMKVm3=<5#ZzU>S
zjo~CPX1rA%S=OTfOEUp@@6Rr*qFO)Pa<mLxeI|f#lqczUIwfcbBc2Ja$0|EaONgHJ
z9-yrG!DR!<j^9N@<(>3iBriO4e#QlVWy~kL<dJ_joMUAK>1DfzS}a5B-PSm?Pa}O?
zBX9lzj=X<><LrW^Cs3v3DS!jehB0Sa5+C?NRrF7g_hMl;pJ*}RLn@N01lEJ;j)FN;
z!64;>B45Zz21iiEN<=}VlXSUYqKXsP>d*p2F0Wqm;>CCyqgSPNTV8)MZ|sO!Q|H2z
z9Tc-=6=sIE`VOFTCS&F3%ceN1k=Tq@8XTBVWP{`TwmbsExv$3ZmlB*dGyZpUAuola
zyFK;UUt2}BOo@IG*KR0|Pcv$5Nx$sE+q1c-xG86$vHEZw-k@J9>>YixCDC?e8CbTJ
zJdfnwhma@Fohmuq@~E$I7*m&rCx+lkAY$h(cL$ZDExCK!JvXBlqB&UxF}hG~pq?@@
zaSravj9HY|4r$YVqO%RUPe1=5diZc96+wJGM6G{wc$HFF$Ln%M9BDr|O~FaZHJ_lg
zuEpN5S1T^U?+nFoOfn-TX>*!S$!&1y-P-XOy-~}@mj$&5H(+5ckxYOTJskJPFA?}$
zj@4i6--oa-KTdfCSzi4}PG%&{HZEH-?Re54fp7`qxMSGl9#NONJts_pjVp$W9iGun
zkTc9utp0X|#lCh-k5JL{4>ieUmhj}?tmQ}C?=IA-AE}}X{-#9#4~9}w3$xMFr(`v0
z|B4X%Z(>t20>eoNcR!(_`hRG23d46Y^J^yH{JTF3JV{0MDw(iP|E5V9`S0NNE2)ug
z{!O<2_ek;#{vgzYvFz1<hsY_ZVM)7dk;wV|yND$Tg9%7QJ?(`4J^ufHYX7&m!r1?B
z+_e*xJ?#I;W1cMbe2r~kn}+zV6C%Z9+irTVuGZ(+G@><N)=#1e2XzOf^Sq3bM#Md&
z!nAeI>;3<0_+nN~nZ7CLD>m}h9x*hJ3D2S3_WLJ92_uLGn0??hjLY)(;hEN*4`qhc
zZ}yWoc3hm;mzumHv4cPEq%3Pppn}78QnnG=R#sMVZ*aLx(|f*9%F_|trlV3tM@xC+
zV(CO3?rjdF1V86AD{$0@YL=1@?;=AZ)fpPyvOi80V}cNV746vJ_L~yPTl~ZN(|>H_
zx4H9=0Po-;CA>uVU8a)|m*B4>RRY3gismJz<t3c=ze1q|Xn0flB)T$Uw(w%>dqDDt
zvZQIP6-%89TF7e`&iL5Z`t{*l-JqfBFcp7#@5SEKO9-ERdi(qTNWwcctW+yUdBr<_
zA4Cn{{<1#XqY?F)=*S-|4%m)P5Y(WRqqqF@h|hOSvP8eR00BfC7$PjL6&GslYpetR
z3GgB%CN7(3J9!J(`;{Fmg8DnatZeur?&hIUL*CpsN`!ltVj<pjPgHbMUCZPBne3gS
zSBM)(s4}l<I{)nJ#+jYp7~b=r@J7k_|5|#6J9H2}ogzul^qFOEO!0Ap88|AH-=(i$
zL_guFcQ*EYyNzub!{)R}9uzEb@cg($w>Bfx6|ee}0ca4CQP*!cNBs*j`_y%*E%^C!
z&QhLV07f+oMZZvM&BkGff<{!BoMqa~i;IK)qo2B%2{q!`pGZ}2_t65Zf2H7Wk8002
z%@evxVg<eixB-8o-nj+P|DvNkxLy7I;V$Vj$HSmfrCa|5K_5<5{enmLacpyB!eYh{
z7tdJu_(Jw(OJ)AV>WwTxvg~GdB*t5xwVpVcIn1{_741*8rve-mLUwQHdbLAgn?($>
z+~C#c&>2SC!Bkzfa*wy|nngsm<Zb?k{tHdcX%iwUY5At5L1;AH0kZ4%4)PQkw2hN{
z!*@i`9{@f%4<yu3Ji<h&Tm&Fka=CL@CJVF+dug`JGl>~!{~Eh*lVG3lFFH4{Z|qf=
z`cl9|csz4dLE%}T<U6d*;WP!jK6h9z1e`5;P+RJ@+QAxSXD=t2RGAXPw9y}*=Dy`-
z7az5z+aVh$D=$nPmaq2gxZTCJ_`+dUulI(4<~RQ&$n$!Kn^o&O;igSCda8JG#542B
z2^vr_isJ`dL*onqh5%v!e?+^|2-DT=&&e~X)Q)_%?=5<xKaDo9;WS&;nN<F;4SNt}
z-zJN4hK$(tJJ4^$>n5q+sGyt9;1+<>LQ81Q{9=t}EPv;EPjo?eeBngVxMh*u_;Wtc
z0cDfdjewU8j-j8&X2Eeg+{hl>&07~zX<>doc(pR|Q7+Q{p(v6k5<LnID-z35Qvd9;
zubRR$jyav5n$Z-`JjflG0N*>A(E^WVD(y}bOhfc~t3Ubeoj*Mt+1L1u2ET<6zz|(%
zf^Xn&U|-M_8j=T4Ke`Dn+z$4Yu5ObOdhpM2-IVkX6U8LZ)xmfMCS*kZPzHIE*U#s%
zN9VcLrL;GdTiEe@VRqK^sUiR^^0i>}8%7K+Z|HO~wU|^U2-uy_uTi$dBu=g!A*X;h
znlp9)^aMR7dL_F%scv$2qOfoP6GXKQ2~=g9Ez1YbB^XQFDZXkI`|Y>T7v25f5!Hd3
zt|I<FrnopMsA^cRMDAnsKLQ>U{G)aktTpOlQuG49^EqSWWSP6QGMn1T&(5%7{$ovc
z^YMv%&uF0cw{B5o#)W2Ax}_Gscv^5-#)AA_M<{-+FWkM!>Gv0vLFN_9b~**KKm<3C
z|6Ds26W-C(e<LjDI2Ef`ZlaLF8&;AxX)}~HT{>H`&ew9QeZ`qEC9?A+g{K6VsC!T1
z@9mEHeDu$`qB;BXfAZ)P331IC&Z_F26^AMWoEGx@X}Y)OC0gnm91;gSFBbTz&}a8p
z&FUW|a_Yt@S5xfH%^6^xF1d#ZFPG0x<{z**jZ=iZZS~d_eo(4gBQjm0nUTbCqmMUV
zLKq)|3C@hg-JUMdD@dI#)#P{4mlx>FY<PF4&Tb;)Blg|hNT_^ltucNzFtOHa=~I;F
zUM;-Iii6+}?EN!5dVZ3iMlT0i;5p6TzoqW+gniO__l7XTJX_miEuX88)f6I--D_Ag
zko4xxfFt5i)Q8yU5$r!G=Q~kQ?7@S3fPWhNyV<`!wYcs;rWU=<ssGW1|5+kT;w=V9
zd2fC&`#0(-{)Rz4I%3y5BL6}?L2MX^RUvkQ|E~t=$^JmS2pl>S43z!fL+HQKZWyRH
zpNIqc&xrp6&GIa;LB-#X|L*A<v0|D8N4Knkw$qTwq$i@!6Sdn1kO^8RwQcr4jgUZm
zperO$)bKf8&hK0NO3=b#_g{cg?8~1s@-Mj`1wI7b`7lPEJ=NmMX6w|Ig1b=XjzhB&
z@a3pyfnp>5J|%S?zM=v=V!MzxOk*;NP4JP{Q^=EtcsU4@XPPLj`-&meH3}mWFhJ5+
z|1EQRib%^u$^=e9ZsMf=Se1!F`gZvfS-0}(>?dSUD)pz*ykm)H`a3@gfak{>`J^Ny
zj)_a&fp6RhAHxG)aohs&hN*>zz1y}%YjYlmQwdLk=Z?gi0y#V2i#w8t>8;S-zFy|X
z<!Lpaq7NlX;%o-ezouT=D=GNUW?!7mP+2zsQ5WII6NxoMe6U8S({|$uo(I`Td5@6m
zX`q8Dfs2HsM|*~xM4Nrl+u#VDCKus>R8f2rF<^K-=dx_T%t4N5!;w&$eS#UKk8eIn
z^7`wXh$b4j8^NR8*8Quo!~KR=j>~0Jc|IPxBbdXOonKWowXU6}B0lG3HBQ2>S<N7Q
zPN3up?Ic!#a#heSa_9W#WbMW*c;|9>F@Z^++yUW<59A(MH(~Rcm|;pQUL{d`rSOw_
z<jkFZcGiMZ248+tB`^}?{E9K4GHD9l>T^iDa6bCrViE8vsHCn~Y93~jyHx5kK9abY
zv0JuB(Zl4JR8V~}sExY<^+q*E)pIOLQ>eeCXG3X)8-l{2b9p>uP(A4<CLM6gZM#)2
z{64@KgzC~sIdqV$fX{wnZ1phAZdK!q%q;m4GFLg$L8n%Waul*u>$fUThB+q{JxrD^
zI|AFRTTX*YQJ6p$uQyk##b{#ZDGAY8vrgKmV#$;a($p6roEeR>i^)#;CZ#@O<&F(H
z!+K|<tjkWIxkixZQj8!<Z?;{xCBeC8<p??6K-7!bLj=*7O@q@*%O4yxdymKZadt_0
z37c9L?tPf#^cT7k4H_Y(&P-H#&Wqeu&PnZ0*sJ%8&^yWY6TR)@3+;LV$`-!r_uzL{
z9_0)*@=RWQ-uFCPP;>F%Z}MM_&{ia8$W<?FD*3WgL<tSq$fUc-=J6VM<K)DiAs#3%
zzL8X7l6wC$2kB1&YbCNHclbp8+zur);;k@H_|T*w%)zH@kRZ+aT58GE+mAb&yI=Da
zP87&IZ{QoZ%Ij(WmM7MIaokEFR%YaU{0!r!gGa6<NG5zOG}KIoOTWUTsb`&9CUihR
zQ`-Gq5B=W7xV8hzOc<O3`?Q_=Fp90nj~}_q<=c|e&)#kaFKs9<7GdN9WAol;t<TX#
zul0|<Vsxx*YC9K?-lX8-l~*kU7qaUX4iC)2QihKoMzLx^8Gv&l3`x(AWwlb8tXaw|
zD5LyAl=%8ji{5rVG~(VfHsw+J?z{JVoH)mwJ#b)<`Bvpar!j$Ws8tQD`(u_xyz-uP
zkVJa|SbXghaooPQ%a4zqY%l^?^5n0cR}>8MC8(FJ#wU@V3QB;2*9ceMEOGvT0;XH&
zO|SAB{&lX86^5wDLM|;LoBX2>NUb;5_NzM;xyp(lSbSlzY@J(g-7^xI&_Rmq%7Jcs
zp%uD(v=QNl!kZiMX$?Qa9K3#;+nQ9s1gP`|bK+)Dw^D+(Ih;jsuE^gCIzlq`p_?Ag
z*Qu>4$-ZUE)2z8$`%l|6z!y_*BGwwM_|au+7%DnrU%~QsF*<u*Mhyxs^<`Q7(w>1i
z3m{neBUPDyqzdrB?hdZ6+PnF@d_Ko1Pu4e0gyO;*ECVKd1flv|a*N5XUP(-@x0{f!
z-qWnhhOx;w7tMlt*svtIwB6(@unyIcg>HoQg6D2JQ(~FnfZy8!Q{hwuoY6S-<hK)p
zvLyNHZagPicLCt1NuRoDtnVr^IQ2yKh4;-Tnc(aU543t`>f$+ScileKrFv_<u8FIe
z*#|{l9wg@3-2RQwTprcIN}(-X%^OUCBgaOr-H|Cs<qbTYD6HL`V2yV$n@KHL1zdS6
z`<pX&#F_ezCC5{O5biC)E)&fum@tY!UKKp?oX10kuaa4%5%gR#Tfi#{M~%@p56D?@
zqQJqhkj?xSCfFp=3{~pp>;gk-rz=jBp0s;&vPcomIz|G=S2=KW;_k0+Pv+pA6-(zT
zPr=Jwrcj$tYMpn<>y5rUl?K+pmwt!$lsqX$kIe+1!>d<yKG$W!ue%ezT%|q6aU9lJ
zxqEG$h%28;$jr=Db-!OBrgb|`{l;9kEw354F3>uCt;-QP*nrEz(?H-XTy#%0x$irj
z{6(Zqi~4rc-u)TO_0Y06O>Iju_W7OHw3Wb=b(B??S?#I~oNL5r(`jV8Rl=GB$+GP#
z+&7TwN)*dg75Y;j_(@AuhyCIP=10*Mr@p1rJKNl!-TQ6|z)_`nLxB{E`Ab)Mob5d}
zK1}xZ-D{tbD7{R(SSbT;U#HeIq2$E{)79xjl)g4RS29IDMyz@b7z#0?=@OI6&7YLM
zOdSR&y(4wyZ=X3qR(jliyD-}mY(g=qf7ERGMaO7xDwqZ+!3xCKVlmP`wv)6oNIod&
z>Yi*RQTDsR91fj!<GU9@uP}#okFuhn-q!I`JSAhe0_7Q~ZaOD{CXHKxNUk>}gkJu+
zkvx`3UCyR<qXgv_I&I<Tj4ZyHy|ABQxK`7PGj9m`C)?8xNCU6RSN7v_*&PQh3}l+$
zqx_k&KHE3gm>$H99fp0IRGMpl-%cF6X)vTiv8$@KDOJLhmJm^|G(-!1`(4$eXUKcJ
zLqeeP1-_o&b$*9{H5Et4RX>n<XMa0Pn-3}l0(C_u^z@p?u{o0-R+2k-6{&bNPZc`B
zt65fIT}SJD0Yi@j;LA`ZrMTlBc6QV?qTzI4@3x;;Srh=D3}@wZtqPpl9d_aKIdFRT
zyKXGz@tz`R_ckGmrJy==?tB~&3{azju{r;4Q|udX2HPL7Df<#SqtmNu6lq^GF(yI2
zgyEK(EbnFy+yw87_a{B^{#dq2UK&*6wA^C%u`|$M3%)D!#9VOzwR=dHE@#pnh~aYG
z?~d0-J~$pSKSPdud5<Fq?~eH9KKQnuGIgBEh!)lzA#Ezz@2l@(ny80@L+x*BvA=9J
zOnr?B_1lHKC9yav33UU#-#}@}hDZ>_#y9~~bMk8+E+-uqw@ix>JVDxW-M4y}^K;$o
zDxvEH^8f+Vf0dETwAPxc@QF~5`sC+*-sZC_f%Z0b;gPZ>x;a@?k998(5w~V?GGX_1
zeqxWl>1R^gY~XwzlMdAJ?v;fTI(h|k_D9cAZzaDZzBH~~@xJ?*nCfDs1lTcpfDrA_
zgQwE7>kjgJTC8w0F%Gs0RsCFqn|t0;UYM;&Xw0Ikgc!^w{36Ww%s;f@4q9HpEmQ8`
zVX)}YA6R)sCdhjCLmm_TzJA?B__p6|UPy&2;OG9GK^EtMx=4M)#kaAUG!j7)N7oGP
zt8I2v7=_Pz__j(r(Xc|wkK9H5<Sv3p_vrDAyFsX`Qw8fw>*v02BfoEPH|F)zWtx@W
zB`XiXeU<MURY1dFI5g1RRc%!s=WsZi6q=?3IVbZ1)rjKL>F##)<JUS)KjCct!c!{N
zw*3lU(^hBVprt@NgaF>$Wwe69Wh^!N<AJg!;dwHPPc+}S(NEjyM@AnD7jT)j1`;y7
zJB8vWzN~pvbA-N7Ik%sUal+%_4E4KyZ*lyd_)LSFWz=vkTWXq_gh3@lhT|S=!G1M`
zMdfAw)8Pbu5}Kv=vUnX9N5Ic&?>#7n)h?R&Js<X0FN^q8iHXgKzG{(I+Jou&)KwVI
zM7>Oc;8t7oq{qyXsKj2*KW3Q!n3#0@5?^REidxdo;Kp-x!_Nq|_`HsGwv~GPTO=Wy
z)Xd|>VMyycbx_sRXDix-&5PmZpCb$Av}4cq@)c1|^#g)wD?IYVvcc?@W6}ImMz~vT
z&0!AZjz!v~wiTY?1L?d8pN5_(H_RzZn<fn3UUJn<{cwR>C@+22*G}f~DVtNbeUed7
zS3|?40;`U7BK@+Lyf2+Zl~6>h9_4#j`!?A9vC>?fe_@T#3zYYniqu6D-)~3sGAyDz
zQs8S#UOZvvAY&~(*E*xsnl(N#Hk>J^MKR7%b_Nwd92bQseE6Fn_tJO?UDng9ep4ra
z(TFX9U*FAO9+NPx(<n8*@oq=eo~<cJQIcW8>Z_6H&+Nuug`xLr;LP?zYllNz<+K{J
zF^1^6K!oe<1(YJLjt}8`nEn*3WXT7vMP6gPZC{~3B)m}1opP)@P~1L|A@-Jn3b*-=
zJ@cEPY+mIZQneu5z8vw}yfd7#@+e(`(sDC91zjWkLfy%vw4PD4`IEHj5j{snImKl@
zaIn5(ob_<+JzfRf)oGOyzGnSHt(O_q^#%*<7e@Dqevl(y$5<^HKRb#?h7$^bf4!X<
zI?QH27*e`t<u^xr@#}S6rtj^qI_1yhGX*b2f2SU4b+6&!??S716MGhCNA>L+n0}_a
z+OXa+2>5{s<Uns-4SX>)ebCpLZg;m!Q~yKU{dif$q$boBN^DfxA~#dbZnvu&vFA*K
zmaxKxx>i8>$^h-W(F<*JnX=l&1ZFjc8{xp-c_O|0d&B!e-9!sZb0$h18nhAotBeDY
zUa$q3COecYiSH-=zEEGa;#$|K8cZBicPozbu1ZGqMPicMY)Qtz0K=Dz*GjJkz?Vhq
zOyOc(^#Qxwm?(PL?}Xd>!Vj%{GAEzZCW|u&^ORB$xi1$5+GCz2d}5*CL7eAWj%d)H
zJ=z$3c^VmBamqK(LuY+k(L%b=!xdjkI4lkMCOsHQ{Qeyi)lm+z+SaZirauj4EWV=0
zrUf(;_A$ik=VTT~zAiPZ7=8MpU_5Plg{g7d&irQ#xYSX`^pWE0HLmwIa3)jyH3L<;
zkuyr#Z3<Ol<rz*nL(s4^&lR6D@J)KYq+@+FQTbLwaE}m&$@%8D3k?<9Db!eciY{^P
zAKjM@cyGEX=-58<K;t&q&uIqql<xl!ziD{4VkD@%4stGP9RJx;3|N^8mOu60{_`Bu
z3>bK`pD+{hKmQA$))FIz8I$1V-n7$M*wbM;4%)v^9}Y$x67&jXk<tGq``~#nq#!ox
zK#+kCN-s^%`P@m5hcicQc+bjf$jAiG@XU(gkYVJNDU)iKf~r-*z+vycdDO=;sU$bV
zZzb5pndV4?J6V7Ey|<XqpjVc^{J6`PyE5$t1xdMjtrIDXiC!t3-zcX%Q{mx0M7mw}
zax!83+LaeapWyrH1OusWw&VIcV=9%qi*K`fQ*8B;4FIOSDLPU^9CE=X#r9+iRe{a3
z-OFqIg)rvT%VA^2%+!mm3K;R~)K3yt(-yQcE>u(5kgo5&1)Rpl{B&A`OGVT4zVpa{
z!K2;t5B`-&$<Ityjw)KD_Cu|Rjur_HemJ)&wuAYk?1Rf;qc<q7=}d7)pUErem+T>=
zR=)qD(Vlfkne}o{LF18>su+`O%_Ku9EFWldW<2ROkZL`C6#2=Qt3gisktoJ%e@bw=
z+~zW3lzaipy*V3%2x(keP@yM$f)i)jtjZ@GhHDcr5bq0GRLyKs-!>qPw+7KIdZ`V$
z(6y{Wj3#;}mMgIeLZ#I*9eS?vTE(`h3ufh!g{Q=iYmhfyDpYMd7b#6)b{S*eoQx{J
zZYwkS`yj%M5)jeRU-CY-oJ*PphAYAGmWd>r&GtxAFI<mBdJUe|fy+JmKW+znn7%f9
z$1q=Zi}1!+(6ZYcKf(QW-JA1^fF@L}uVK@Bt6p=EpLV+0)bv)e<kEHb$Q^4#di%01
zh+)eTe03L5#fvhctNo+M{*j=DQ~(c}2xCrZY5xROWL8P4Nd6G`P**cs<Q#5wxSd63
zmK*KrscSrc-6cM@f4`0L@|x{u?`#a3ngA((TL0`_?Ca+)rMc8j4%;lBPju61_7#0W
z8<Ct!9e#`7$h4Ci(|HjLre(>hZ;Mc}@iXgy)}rT7-h@Mc#?SEcy{Bv@)hp&45fY!1
z`u{KP-a0C(wrv|11qBgFK|oTF7NtwNyJ1L0I;9&F>6VmkkQicM=uo<m?(XgwV1{p_
z-uH7q@BRM%|9#(DEY=KrfW5Cg&f_@F^O`-3;GY{V;|g|LYN3h6IvC$bFyCgH+!L4O
zfDaMP$nVxxjj7SDHF@8>iof(aOt!<z385_3vBJ$siFWKfylb)E##@CvNhDiwdP$xd
zyWgHNv=(5hx1u0ycQ{=2WBBlt3m3jz7s1W0FvT;3HHI)3LT=XEDczfDvtaXY_-L`V
z?sSaH%Z;BQ-P>d2p6<URTWGk;Lh5ID=))kSx1bpdz~Z(kAs-;;cEx1u8=-ujp~ir&
zlI@g4*co(mv6j1dZk7F=B4zAzRy{lN++EN`PMGF>$x?d#HQyHpg^%<+zK${rn}pxx
zHYKwuWcN!sl;Y}Qc27lIgXjmeIa7GJdX%D(Zq&SsU-bbSjgkEJ^b+mYjVerU<>{qW
zW{@DrLuZwmhD2|(b8Q2g>M=64>ia?>P;_!C$+*<Fx#Aa3^1n}Akc#MZJFFMt^aKc9
z-5AR}LlZw2klQxp;5XjY@aymdVAVit1AHk&&`0T}qY2&+48)vNuWAvh#t5vnBbx2K
z=Qgu11|RlRTFH3pXGdxF31qnx!gA8cQUPP=VH#qUOp73S{&IUBNKINGwP~ME=zEI*
zXhEE2q}!n2QR)_HaAgKI5QyR<8_qAf&i7@E!KWdwMw9)-J47TG?Zi^JjpQK6gVkon
zAH@&pDZEAJY*EK3Y}Y<dxfa^kjy(@|TcIeF^vg82f~<Uj4riKS6sm^$N$Kk`)JJnL
zf7t1wH;!C-Qw;!vIAMs(%44H)jfQrRJr>opw+`3h2WzV4B2(5=A-=>dk)otEc`_4+
z<RpFRz@XD^vm2fiKQ)_eEaREuKoLf?$s;3$pJS?Zt{8cxy()|)GJ_Ci2R*&djKVdR
zu2ixO7?heJiqwgP^*d~GKBgT}!D%jud$9RD)f(J6;*tudt$?-;BMw+>JOOvein98B
z%Ffl!G?CS)(^DL2RR$>q%-uZMIHPH*Nqk9kry~n9s7+aWWX+c!pWjnpyAhXGIiWq!
zJSeB1H}~ps(;tkIssW;&0=^Op<Ac1V<Y+0~C11vRe;2dH4M?2IQa1PqM-1Js`-xHj
z3-ikAmy{!DJsOOoP#-XMte?ook~z;BtvD8>`lNabAJxUv33s=nY>%c@Ks&A)RB<Lv
z`216jz+c@4(DYw8O=wi=fpFIS?HZ(BZKp{uoMqTFjlu`|FTO(O!R8SHeN*1B8R}ug
zG_cX0(qKe6j$V>HX(dea6^v%zqyH3!S$7PWIlr7<sV|q<_+OotL`1(=I5fVVJ?^oA
zUmxN{*#8&3B^ZUJ*|i-?d}diRmKGez=$_l1*oE}|KE0fo+E}9GME8qsN~)wb3k)0;
zQP+v$K5d2|?#b9=><Y(2<Gglxne|QWdPafcw(^nqDm~EI6%I5-BF8uuM&UqUhS^PN
z7_7pCcBD9%E+Im%%rDFB5yjppPC=z@?B+ZbAl*4PFjvcJ+%FoNsHWW2R#(BbHq|qQ
zZY$1y5TFsenTa|ET%fQ$$~pJ3QVl>2TY_nk>QM!%FxuXE?$ZU(jH5(Kuk#yz?Dn=b
zC-2yA)9rxDRlx4M&AI;DF1jaT_>%1VL#ab`X}DIwmUPdzZBG}!uffedjG9beBjFDZ
z`69nony+*y)EcITotL%bWG~Pdp&W$x?$~M--Z?9>;_OVG?tM|W)C;~DzX#L@ff}*L
z>aHn#IKyJEGE6hE9Z}1B|Hfo6$<-rbhs!WgUnV)JqpA-*;;<IMs2al_h|@Y;hA%x%
z*SB_)FiJY}qrP8n?9Tp$b5i0x<6YciZ#3~^?Mn5jSI#N5>J|_}bD=Xj#S$4$_B?>^
z%~n%Ts~)h^ElPk+)jSiVY>RendIxvavr(MOYRj%roD}YU<~}f`Yu@FTa<nQI;o>s>
z;E?>KF(eaQ*nO-kJ4hW<q$UkrMYixYnq~raLVBTgMZHKz?-H7(@71DH7vRLkW>5;Y
z_v?<z=y_0Nz-RxRSB&n69rG|(CB3Ydx$8^iLKmIvIp-D3o=+%TnQhQGwzmbCVCJKQ
zQ2nL8J?|y4IdhNRsghBf6DxKB!xFc0giMX`F2H0M!erBKPL~PNiDOlucXJ-ngUdCG
ziw3#VSd+Ym?q|773itM3zpC}h-ZzHF!@H@U>fVUC>LmfWR2m7e7E6Sw*}<)^Yyr?T
zybj)f#Q*rw>TaT0ktr6GykE1mMy1C@yZnPv*bA={baeHBZx7U5HJ|j&#AHNoAX}tR
zYqrS{z3xb5KT-e)ZTm4r-ui{q8Rwz6NJgI(1)GSh@Dj(2T+c)q+wQu}qpqHB9$CTl
zXRp=43M$yw6wT}5M$@qi<aY~<qYB!#n~Xfcs4z-o3->{3R~gV#ectJJdhqS5Wmn=t
z>w1m~#x9XW<iV{i=zxL$H%@Mipe26#55%iEpYb2Y(Y0C-qUS%@aZYNIFP{{xG)u!D
zi5Uk;&pzPTU4}Zh>F{ky>tS={d2)-nid!ROWzOb2dsQXlAS)DlQ@MV-J(aY1$_CB!
zcguXkyh~JkQut;<x^jwi@gv5E$ZWq-^S!^Q@5MGr@X$+QWg(*ih#f=B0Sq-a+qX_@
z2WF1^W!KqQR#sV8Wd+}tmIoGxCF_xUysG?QMiH+-7d-;z5xTa$xe2~KGjRe;s5aP9
zeMfmFi;CU258h#<nPz_tBHYu$7biflr0IvRsI&!jSPoXC87)d9>m3>vo7wbr$1@H4
z))Y03_*`A5zH#%%5j1*CP@*hswSJ1r`?;>|%FZIg5`MJxVR?QVs<NeBNdsU3w}{@Q
z9jVH593)8}HP{p%R>bUOX>`>P4h5*P?+epv1-ZQf!jOUO(8)&arh2?_^^9HBqSL6T
zHDRQFf4y{kd)BZ`zjE|-53^NpP*RilcnPX`q6))1?@0Yrc=I_jq4PO8AGN6w=<o^n
z+vN2ZNbjCEjtx6MklSzz$8x+pKkPTPCP0}3p+Ahr(_Fm6SK_H4)Jgc(dUaB)60**F
z!f$VhT<}`Jh=l{()M}`4_KJ*Ty#rWNtHL>(_;-8Bz*fIP%LC*gyqCHZ2mo$1>H>`J
zM?p%oPL5}rpYKi>9^Vx}t}T{|%>*yuf*QJCUSWn1m=3;`XhU<AQYscGq3$JLOS;DL
zNEmn8LXiP`<ZJZqS<lzE03ML)BKDCXsuS&sVbC#8@3&}({#=CwvN$$EtUM}`-1tiZ
z2&>*{u^{9<Ex2f9C2#cI853sA560f$@(kZs@|IrZl~OteJp?i+ljS;kb1pawK+s-8
zkjxY_KAf9J%!iob(KtUrW14Sx1~}}u<1JKWEsdsYe0^J22=+$_g;}CpcH-g#=aB2*
z<tn+8@BvE?Qvb6g=s>|fWJc^rVlG^jm#MX#3jW^MU@buH3Kusm=9uR7uAm-}NYr{O
z8oB`GSpKCaE?`qE90#7<oBbbJ;_cf{qPM?h>P!0%sq>Gtxu8S=q`D~)N}c>pT>s}M
z$Omt2WkeJY|NSRjRByw6RdF2nzpqKM0nu2Hc;MYX|KcBilJv<f(2o5gDsX#^+z<O!
z!0c+w#H8ojxFl0;Qeyr~LH)>$Byeondh3xB+@iord>)f{Zne7e;lK3BImc9m9iiHf
z4lyMzUOe^}Y_rvNE!#^z!am=;#>HcrRFR~~B2)WGxn+88G=*u-(>}zFF2?r9@V_Df
zCpY?p@A541**N~p)F*z}Mf!|+at`WlIxIlEl%lW^l)gYtbabw$b$Nx8$Ze-39CG+|
z;PL!Q(fs?YdM;3{Jg8uzf(4dyoHhJFVK_?vCS#h@hF9hQ^I^KVmAPVN{iNynmTrap
zs*_3bl~8|k%{QTQ@e0Q-eD-+iIeI`0Ykcep0|duxI}Cc|&DvF3i#<k%!xQSMS{K}1
zP<hDSOzm>7@rZ!yJA>G!zhpwlis0IffwAEe%h>s>*H36wz6#s>{>)*GH@%7iS6G}r
zu65jvQ#<T;$wHW+)h`yV4tgi8#uEtqM<pEihf4U9;M4ox$}>99D@=DNh=49R#p;Y<
z_bsR_kOyRAHOy1QC&b9kCceYgcPXN?lXW~2!W61k4}A&J5n1}VQe-#c7B^bEY6+B`
zm>0%aM*Xn~#S%JsN#oXbNri)>=o-nwcE!y#`L|-+%x^I+SdLz4tRAH6OGLNf)*43j
z1mKt3qbis<c-jjQ(^8fJHg;n+d12ya^lSx^4gMz?6JIrh>v5%ww&HS1gWs`j!QPqc
zjqT2S)H<<f^C@nkr#zC6$&Z}Lc1ACl$fg9R?0z*-hk=)7r@_nuuij&wUT)Bh_A{(A
ztIQpEsAkxrurmh;z)>Qc*%D3%<Pmm^*Ihjn4L?0ywkfoQAt^`N{Nw%xFu#eMVS;>B
zFbmab3b%)UqnkOc*lUZzw_^e|B`!VV4g7`IETnR7oN6A{2k?x(k7px032`S)dt}El
zAt8Hhi=4m4@kb<JCftAf;a9`rXmXg*0Y0#lhcPcj6&||=+Y$7M05sR&*{XJmq9_CP
zje+LZL%gD;H>+j##a`#_(t>jkQ&#v9B0{=Fw@BJnI_YH!t9w^sPI8CQR%}*&n!=GZ
zQ0b`M%B}FQu%89TjhvbAgh<hon-j!(t~DEfn#V_)cPJ&Y2_NoYkYF>Wbf7wE^HYO6
zwJS`K3pWlvJD8vdiN;7ZEmHR2HDx22a*O2G=SY4S%ODFVJ;9pDoidN|&ws{!R;~8H
z9v*_MbrtxIWbuZ7gHV;Jc@?^N`t7auxP-L3%{hCQIh{W;LhTa#+}<SQ+I*xuhXdQ}
zJQFb-YqC%7pl=%S4r1ctciVa6sbWdeqf<ujJ!0Rod6E&0=gJV(O8M?5W{FCFGdGMh
zGCq8d&k_W1j`bu03b6@c5t^hUn>z7+*P3g`jS%I{OD9YtN38bqz>sovS9+ZF-)jsX
z7U1YWdMJNunD~hL_DHeGXb`_(9*kt6QBFsTM0oGpa-r^Ic17qVi7kguuJ_@C-RaT+
zmPWyR;gQX-moXG<pQWeQ{LZcwwG~JduJ@61%G3oO@q2iBesh~9+M;l|jE_$7*>5~`
z*R_kW()?tg=`zjb-7pjyVs>6OE1^3?wIcCj$S;3+J7ser_uk3+L4HA?k7eT2A+(>d
zf+TZOUoO{6|I~z{KjL~QH^;~5;UH9I-1Kam)f8S2rElQt6cAVvlU`o_5JX`G$j~)1
z_N2rUUr-A9u9Xdl**69QeaiiQ{w3e!tf}Q&$6v-U>2pw1rA>Gy8%HDv0g#7=*8{v&
zMKsSZas?Di6mf>FO6E`HfCR%cU;@4NgNDJ16RRnt1q$AeV6pNLYM+$I*KE&M-@iNB
z87!xIuazUlZc_Qd>ySct%pBk0A99FuyF1Ufc`!C7I|lrC*u$jaw)ahhJQnmC>#<<B
z`ixYuexrPyYmG3tW4jb)N2|;CZdRcDS|SwOo#L2Cq6t;#9!GDcq)nS}mPPA=v<jh%
zFDI!ko2WL9*l_SSHa2egMVU@Qjh^K_PFC)VGa^I<LMY(t4DGvZyr;S(+FkO<Zq$oX
zd=>2*7sLc;^y-(=A;v(bvOau$CoxO#v76Jy9e{2RF}gktEUd6^lgDq2_*OxKnXK5f
zIulknW)aP5gpmt4WF&iKO2l+jjH<mQ6R#Ixn?SrGZSmp|&^Zb@g=Afc&&{`vXe<;W
z_IPCD2Xxhi%}3SQV{%K+X*_AQ5jz!bYY)}@P+bAtHcLm$zMSyjaTK&^c78wKmr9D<
zxIdth!~l0pMfIB{MR))8jEIw-y_T<B=rpEBvcUwEJG|a8#t)jAIT;;~ONq>gaHIgI
zmB&HW2E^e_UQ*B>kM)84({>HyueW}MLFsoD@7tVCGc#Aq!Ld#n+Y)bc1@-Jx72qg#
zH@p6_AeQ{>Od)*hUA?`9UZUi_GI@{P9W{r;80e&BZZBcJ)^wuuLL56(tF+q&NRN51
z+KA6QZ-7Fs{uHObY{4eao8ERNz}<`KrG3955sM9N1MBI%t-~}uyhPS={MFGaCD>3^
zCg05p5$$w(y%s+C`%ILqL+G#ouSZyS{AJ%!k7JqhEU8iOeBiisyoKT?^NPZp#0HB~
zc`)o2zX8agR0y!Q5=TZN13QZ&cBEqr$VJzB5#kqHYPa^2aH`G=Gbs0)CEU(owb|(M
zw?shg`qT<8%v&&2%L7iVoMH1qVA@aMIaX@D*9s?V<m{VY0P<WxtW1kXHK;8}XeD~e
zZM%9<nS_<#&72C**6E81w??qc5d-71G;W8)7hV^v7>G@|u|Q{|^6^}}UaQ0dgu>3-
z?u@b_mawh!*r9ZFOXUPNL=~r>+DrNEwIZe7H4j!5w27&E^>H0=_d{R5lktfJX{^)J
zW3{QnLmMxJFIAIxar*dyue^`9<Z`TDDniJuF5FY7^$A(CZac4C0sZ-<S3Yu6uBVnF
zy3?6@sjAS_z?3B#WK4?<hLc&Z*+GhD^6ta(5r+9_Q%a(Hv_O(*%KT2jS}Og|HHlq$
z49%o{nGns8<QVz&imlxk{k->{M)Zvqqw+@7*y=T3yRECd_h8iaZ1zu7><5(zO4NPm
z%Z)yvR*2MjJ{zFYw<sK}$~&UAa>QrUKC#&CJ>%8BH`C}fU>iSp@nZCXFm~TEvg=1E
z_V7mE)_#F|RGcNi_zwdPp^CKs^qVjQLsAl`x)NE7n*DxQ^za$u6d&3zM*ZxTJ$k^g
zr_r3sGv^_g(vwINqLO8VSAz3m>G=y5>D4ot__0zv&}YWQlONG5+v_4Glbedglr?lA
zF2t1?pJM7WzqsXXTG(woDtrBSe-0AoJVQJ`Xn{MIxnp_6_&8&xK`#WfoiFk@1NJJZ
z2uKcWt^-N|`eGc9bEELdZ9FPeO`gJZOE!E{#D8(fGuwJ!?ztJe*HM%(TNY0EK7Vc_
ztFf)A+iJ(6)q_odKrcL=^9UT%@hPGk=u5m9Wz`s(gVv35zuvASZoMiil6$fa0-}?O
zq&_De-qjHNa`^Yh-AH5mWO9nRhjS+bDqdy_8;F*e_e|XQ!?5^9;v%*)YKz!#PE6`B
zCBX7ERPrwR>^bk_@&nyuxi*VqnP6+iuVm@yG$f>%VeR8d2tue#KXI&0oJ5HGR(WIa
z>6U=TkXj{2{!INtcGm*J`SLR!{UuYgKUI6)%HCNUYq!L@2Q<AjT2V@azrPciu>Q%V
ztQj&dWK1;~3wDqwfR^|@H+=Ga2{M_!K#xo8D{L}sTcVX`DE4lQVq+xuCHTclsbsLs
zDFZ+nLtCt83Y{fSlo+hux-kr^#21DHm<O0Qlzz?G{_J8rRuP~0mN|E54tel<two;E
zqtuH7snesSl0nwZq<HZ`h?I<KnU@*vP5-#L2lPz8!DV1XHwis+Q{M8Y?1q>iK9V!Q
z2UD#b;}oaX8Pr{DSsF9RSBT=4KnI+RiP6B_1fQS;y!CbM$?f&8l+8SIH0$83-ONUT
z>t;-}5<2Ld`Dq5>Hk@B$nT>QBT-3m5X;-_9b6yq{O_oP$(^{Zdn<{VhRVp?;y``=r
z%reuj&Hb0HNAG|D++5eqwQ@u7cLY+Za7P&O_g2x_*mB&MB=U*yo~w53nmp@z^J*}U
z6dtXvB1uo&>qNo|rTRF!qi~VZ$A@-IIb6%w5`5g~tJ#!K_Mk$(s@TFU^iNb?R2s}(
zPCpPRYy!lwLh~N>52jzC96;d6He|rhq^+<!T^+&Rx>%HNzNnmh5aob#6i1uhcwS^{
zDmscuOjbt9mRIBYru3_3NWvxM9Dzo%w%Ln~OG@1C@x6=9?IQ=q)a3cZYqHb$_>|m9
z4D5R564OI!*&93h*+$zCed`$ICicGi%Xdc<Q=|Sn6x!__)4Of5!H(jfSp7^bDYwLw
zq#!A%rFPD|Q>Xk*?~%;&R_p|RJo@#61JBj^hImx<)ew6=&w~N1bg%o6EH<X6VL)X9
zGo!DbzXszHODi|QahQE@-cZM3cjtD|tq=ly?chpY7dl@#Qc&MQ*le!546Z4*EvaF#
z0dv&21ax^I2=&0n*Y{#`%jrwR;!0!tw8T1b^0dScwbm7O-sJjbOp$Cwx@0%l@%sQA
z+s;U}*(RUo010nWDr^a~b+vk2v2#w%C^?%e-A6yXH(Dp@j-|)Ft3L(pUM!OG4F*h~
z%3qG&Q9b@-h*6@3C8WwHyWL{Ok%q4@vNQ`?Y9eM6=YBxUw#N>QKT+aPn8h_AVuW2r
zxCH^$$E}l}^=ab{GFTZ(d>R(HJ4=Q|TH8e3q7KiKG(yg%XrE03Whb3qCB@7yc&*S!
z$?QJgNu3KVxkbbS4gBZxNWBsOsfTR%VaH@AwSCxTGQhcI#?icZ)R1-Fr~XBwUi@Xj
zfHnayTW%&(QFlE{M}sdds4xcSnZgdYI59!ddX1u5-{+=|KKq9=m$gMl+HFa(WXW$t
z`{c;*+1j2p$alE)7jTxhpLd3f<ig9l$@+RQE-|(hlJG4R=aO11VwC&mTkE|6%CWyT
z^f8bwxQgb97?0p!p6J}(WiG2a@uAW(DGSwX$=%m_MKquNR3N|Qn@12UG1)tEX3z?X
z*7>>H5qhwUD!`(4i5KRUD9&H}nH&<p<ai@5i2^Jt4^dlN6XYd2JZ0inkvsr_n~F5F
zu(CiLSK!jm&HE_S4J$T4={0&Pivv!|TW~pYp^Mb>7p3Lm2r0QV>wcoGT)W^ZE*>)(
z$+;RkUYl~(@G9LcVYw?d4cE58fj?~D)+fC&1#_X^Y-h&lVq|7)tn)UsLaq9%sxjwD
zV=1y$6~|XeppYtq*UPgF?G!QBC;ePbE2sC9gwAtsD!ir>#Ois*_s0~`n$W#r60V@Q
z&WAJNuAAv7lP{zZt$gke_C=U1Qrkkuq7zC@)lJILAY47>-P?>}F5IPNX-BzW@Pk;p
zz6-5U8+NZHE_(6xP=*&%@1CUFl*ni=jS*VFp_jk-w2wfWXD_Kq(}o==>=f<b+kYX~
z{?Zj^sD*W`1&bzlnnYlwNSa_IUz}VkE3<TD6{qiOS?*GJGz{sgGj@78?msuR_^2cd
z@JtqY3l)Lcd%Rt)grJXW^v2!c0^Un}at0k*8qAs&QQ#@(&~u@1LkgA3q9GsC6%z=1
zdk*V4UvN@b3FszUmbI~2-v<O!hjlcZF^z6dMZP)EP-isaEpwe8cvmt$2eSL-zwnEo
zQGWd^@w2+>JI#~Ng5$Rq_V2`ZA#$>APLU3qCnyn93WY8<TP)HHR}VtsO$OhF;BUV}
zCF_HS_LtGjzGi-8g1I=kL7()aJH$Wx5nzPYoamG{m`l`wH<B%zw2QLsLQKlJw1>x>
zlXBv#SsZ)l<(leW!2k$WxT4oVV+2FnOk>k*=jYO<&B2sa;G`_(9p`qRC5(OqIn$k@
z(Hm)tZdj}6r;@4v=6lAhCxpgFVKLMus>3`(Q%Y-i@0N^Gl>+hy3!XVS0AcYR<fwp;
zFQ_8i_6k?>@8l5SM0&c}L%7enJUe2!A@7=z#i^WOXqNbpKUR3bs9W=Y)N`><w*f+=
z8(QE4>pJ-uW#*if%^DY@xTckdUAkU&P~z1;*_9uwfZBd%aZiW-PA~e~OV0;E);Z^K
zF{}#;|F_Zp<Hy_N$g$AKyZ>U^faC~(O_RP)G>iNT<o=TZD+MavPbOk3|NT$?evyrH
zn^D;%n3eQ9wE5@vF@R^&W)*(;Kl1>9wh{)~ik{Ha0ry|G@jda5?|)Lq{>~`7Z5C;O
zoRg=%7iRtM6x07stoyy>|NgFw20U=SVfvulzitD`0=RcDAqC1`?A+gZ1cLMceaIdA
zh^-a~(f)Z4z-u74P57@m`TyNelGMNh=S6)I=lpjHMiC%MR2uu@{m;L4=Wf35ZJGtk
z&y5%Vx{d$4JL@7R$}97)VX+|meSSP3(_mk@ceV~l40x$hTd`G@{Kk7boK^mD(ULBX
zzyew7rL#cNN&2=zaN}jJl!%ZSd_!EdqK8i^7@~ClSL^(z@Eaje1x`eo{GI@tGkr|J
zLqpVTBa@dyQ7Y@CLvj4ceGd;#bCeTU2R{{#Zyu$5doa`)d17WJlH`A~{OS2gS6o9s
zN4+Xf=%wEi2So83XTp>k*J;=^{anHU64}$!eJ^$f?rqLG#AO_<s2?kGjl=QJQ{oeN
zYRk*@9fWBlFK-xFDfO~=Ds+41C0q8d`7iMi=tqgSSc53QVsIsquAzzKmZOT@y|Dh1
z1CiEn{4pYP3UMJt;U|bA`3a9F16g>#K}sSryct&%TSzSCysBZnJe@x+)_l231&={e
z0t-(ln{yLOc>fcd<a4we;M9+?J_s+XSp{5|e=?y4?zO*DYSLe`o@=ze&|%Mi*ny1l
zbH+(-bJEJ)Y;I5m#;D6S3HsElwPM*FgPZh<^Nb2C;2nfehf+E|#-!jxm=K2!Ssl-H
z+nX%cfjsGp&%zqLXIpxd;1Hyk#8@MetuYxX6#S@JP&A_uTlXL4qF4kN{M)_k;t%hV
zD<UIbiu!+vsC!@)u8?jFlp0JI?@;TEIEqRojcGPc?e{SqDc;DI;f8(L?|IRxQ4UE_
zTV`wYtxLjrJOmT_n5CG!n?%@@#h(x+(_b$RT`#GnxXLfgr}AbJ=}|U$*yVhQf#N{f
zdoWBV@8#jmm84;^TwbEEkD!&k>8&W~Et?#9GrcF~=SgN&(&us0pPj2zXJla&vU;V%
z`ovjXacK2a+CO^VzuZpC!*+gNi<j&7x`7u8bd-;+2pzB>5KtfNmZ`AW9veM8ILr1+
z(OOGt9>K?;<=!TOzu(qV<ERZ4kh6X&x4##XbGp7XnmEpx*s2&2h(-USx!Sa~k=rRz
z&Ij|`_1yKc$K51k%mO@lqx$*{4>z8M2AVkh52Q@>6Y2P34=#oWOa_Kqlw$MiOE7n3
zWHYY3r!8q!Wk^mnanB<zp_<Rv2ZSMY^j8BUSEl1RqV%#?Haq;1%&jBY<YXcEh?=jo
zZlzjcqq|bt&chUYS*T=g%j4~)-j5DXb8jlGW#`ER<m?}l4Maa%S(YoGX3Hhx0&sjZ
zTb&hdq49^ouJRMLogh9~$gyyQK0IB}Eo|RU?l6AybOvVq-L}MTW=sa{WGftgqE8wy
zvbee@AI8PR|NJwe;i}XTLEUHS;db5uO@7vLB@+>$bVXKa{;lE|#Q4k^4gCeT{G@kl
zMQ&B;yg);vj20}4|HOLOZG<uV5w)@LP+3d`pBU*kJ*C-lHR&s*{?lhu(UHy9n1gX4
z@%b{M+-?vj_Czo8aP?Fk6DFE@m}If@L89DB7c=;wowqha3)=5lFGq1_e~c4_l?Vw5
zt6CfN`up0COfyDPtRJjXO%+fVLK|l482?gons=&w-3~T>M-}Y+LHrYBG6HEel6{{M
zLz)WKsuJJ?xvt(!SjRvlC%Vi&TfWTbU1`vEkzOqx`#Kry=9`900`5&Gj6Uv&f^3YB
z2ql00D!eb|PUW#3i>KSgQ&@R>Ek%-~46W>ySy7*!=iXhb<ua*>co#8U866x8C+eqR
z`bKsK6sv`>`0V0$8JyX{Kgmcm6GflDl&`HU`|cVzF2ZR{Q7*k1#ks=VkNU=|j+thV
z+X;`Oz>RuKpE_z~?&~0gUu~7&%kw0AOZ`!ksu{L&ocSRi+>RqvKPE=;m`r_0BPWS4
zZ4RC>F2Jf2Iu-A_(QLfKBn&uY`^CE7dG4?dj*j+Vvz{iw5Pqy7Oy^G7`n6R#&WWSX
zYdDDYtg*n2ybq$4H!RKlPaDU(ofoedV)vILFiCP;I|h`EQj=<Sla2->&W>eB3Fl4q
zqB2lm{HLLe5@;UY#%1mG>E~7IWZ}QJFwTHGY+alItXe>q+(A-7-a^sx9jrQkmMH)-
zjY<dmhn_G<otNF`X6Fs@hp1~-d^py;gDB9&CDP&cnVUI{zei7Zj(rp99RUsHPA+NX
z;9TtjEuA(`5UItST|5~x><@yP8s_bA%TjBKfbe!hIBE%#SV9)awREo7yMV#J?fe4$
z`!whR|J~f@zSak-;n{1Jk8hSL-!L9%f3-GQ)I^STPLKkTF%z}>Z1g=czL1+bqG8&Y
ziPE#t43QuGCcEn4VcNVl>+n^dcEVrCf@4?+zuQd>HH)rqTPfrx`Q;bzvm;jitE;T!
z5}U?7=4piKy76>8f=sSadO53bP!vCE`w%^(kKm=nDBi`_uEY<ZhqehM%}@r7xJ$K1
zD#A7qvD+A6T2b`5S{=fv{__pRy?IB(oX2Ei0)2_&MwvimVLX$;p<=MUB9&fUuAbH?
z1F>Ytgz{pQ{ozQX$1And^DHjXc|nAp^acGnwS>^V4cPP9Z)9Qp7yvc@Xngh3ydC$6
ztYTApXC3L>dFJ-vnddZ{c5W{$q?z>GW!zkb$QpQ7@=L5tUo}X%`mOlU^aDp<uym_S
z7z_8^35j!W+idC;6T8RY9cITq)i&8UcM*2k^r<h#h{+a%w8iDj?%5BbR<Z;k+&yO;
zbXLlWneMm72t%g*2@GCSP`rB4>RHzQM5q^C#19S~Bi!p2Df|rA2j~tsQ}N}fU6ruV
z{@r~{Ryb?Hu<Yezg#$IY%-kEat^&!xs<x<RS=R<Wpaz}6Y=M;ToDDBqUTu-5jXu9`
z+>s1n1Nqus<Mr%RGqcJ{Ta<6uVf+zl7gG<)u)y}HVNYm1J}M=f%tcfmOiYrrmHF-5
zdb|vTammB&KD=Ga9?h?&Ne$&stXNG4fU|kLUQ>Xyy@Sk%41rZuf%9gRQ(ehg&_T4d
zodN|{5dTu#l1WP(ofLl!upl`8T0GTKi%F<AZ+*(u5C2COhhgcuvHNb8Rc*OF^H{U=
zhn2_;<BAeauW5KF$*Ffw8}gGkzE$fuNFZV7F-^|5xaa!)dXR_w^gmVta@(BaW@%?D
zlR;jK^<HY|kW`&Lg6XoJ+IMn+Jqz||)Vq7n!S&@?SywHVH_4-B9CJ?lW@Y}7<Z%zh
zur0Z}-qeTcp9MzhlvR{<IR?$_#}glq`Rw*km+`wafpm=(PRJ@xCi?Drb(CVc1@<i)
zO@8);uD_%gK%#sWLiSOR`DF{@KHIt>&?Hd)MbuxYR`DA72*JaEIQx0`cA2ea`-EP<
z#+GYoc4UwtDC;YBY(^|<i1k44Xua$1_RU0BOpy?{Pv9it(5nQe`$%h)#8TOu7;y=*
z34%Vsw>&0HAv3VDaJ*3-5ofchA(GA4t|uo@yGp!6s&^#5n=yBBzLJ>6OZ++8q?|Qp
zvEDP<G`z_GJXf8lrsibpADb2#`6VCHlc;hSXGs=1w0qnGCG;|gf(w;DU1c*DNYbo&
zk8${ZP|fUe?)ezK*g=#BgoEE-|Bj@lGyhzo^;+v7{9UfM@m6E3>xv#Ua5heltsm;e
zm1dlv(9meL9?uB69?GZ;8~7-0baV7TF@y=vaGP@wA1J)Mf27D8?TPJA4Nushb!##U
z-Rj{Z&T|8r>hv<4?N`|FDHF(Dt}%7Z<N&~3U9un^?-C(ZqO^WUjZvN*#meAE7x;&V
zOl7Pgj=l!Z(JkbB?tz}GrHP``%GX+cc4>aHJ0*S=r#)8ZYxgsz-6C=TlI|2FSM1&N
zK`O!CYd#-^$@p05FpfcMJ*VjPuvhi;Sp57kbNDljZNGUl962kHVDxE%@{NK?KSRl&
z*dU_OmueO2j*MQO*}&KFII6W?TekbO-G(i$V#ji-t-rl>`<Qv>U}t@pphy_PwH>7x
z;Mc9S1Jiz{Cl$$_c~A2v_U^(GZr*63UXXqZGhM2Q!pu^qIe!OPQ<QiJ=yM55mIG7T
z?jdTD<o4l}PlKKJM8PMVR#L5|l<^I{OxTW)r||ApMfCY4Jmo6ekJ*Lfa)6Hp4th`b
z4vr#|IC*GxIzbwCX|jf3F`ut&@JZhGyjfB%{%K-Gbf|T1zeCFq&2!+al3X4X+qPe{
z$o|mo#&RWI!ERo`V)ElSRWxMnXLnG<M~D9BJrvmpEk@a%8qcrJJCEd6xT6VV?9!5D
z<f@G6df`@JWSZZ*QJXvvP?kLxzX!Z^#zi_bxKcdr9;4{uk%wu!EEUmFxMHIZG5Pc;
zR|P8OoZ>~x9cp@nLA!B8@A3Giz)hRWzgl`Z9DKuxq=s+yc^}0II;z6_cc7qVqcOMC
z>dSFV+d;)1eW7OcvD~1nZyH1+*`F9ccBOGW1Yp{0HC?3&<`+dJ<;O)d78)6cHHmYc
zL0!_497IinUk!C3s9l91+Nlmpzp#irUXr)rIBueGG`8}&C|wNR295QJe)1q(Mj>Qz
zTfH-K8`v=(Iv*wZ<ijrUO)dDD#2c@O1D>s^A~0TnmWBOzY506aG`^#CMnw-(d{LRY
zMqCv+F^L+;j9!56sfn(Ql`(+T0`zW*!nTv2LQAINIB{x(>J*??`XSCvBUcC#NojTM
z_d&37{BT{V9FwX&in4`QxQLc%ZZW8Jt9EIu%B0x$v-c`awx}=Mqk5dQBaS_<M8W1;
zR}9SMtwSQL?(xC|nzVB`Y2U_Jyx&(bW|p2;CA=ob`~}nm7tyNKz|#jMH{gf*Wahsq
zgjYg>y++K(q*aiVP|t(YgLJ$4m!}VJ1S6b}mi3;Y_+7#5QY~v+U7sZkOpPa{S-jSc
z<-ho#FB$?)khE~bGr2NuFF9S7e}f-0zs66pDcP+?)aVpqM@oHnQtiRH;=3BW3U5EF
zs?t>>xD&Tthc3kTL6B6vrv3_N;C(KiCT+UwX8JD;hSLwsvM7@l(;5<UpG{5X#V;`p
zdu>n3gGH<x9QrWik98Iil_owGx6{3P7+@M2hm9Y>QGP}EA3%2#Bl$wBXoaicsIuR*
zQ{2R3^2{x5DX)^Ji>aI7ZXu+<sTQv1ifnsSDWl;ozg7+4mp@TH|KQKwK`?Q}-MlN6
zZsOvK!#tUGJcWoj>zGYV5iR-6Qal3AG_VXrCHyCI@%y!oAAqxpS%#m|{A%I9DT-T5
z00n>o`~xHZ?V9?o20VaMY(hKNznKW&UrBO^`ab$M6HyGXGLXVvw)X#p^pFHDQBWHG
zlN9>>`opdFN!KX%wftX?{2x+81h|BOO#z$(`On+Fz4O9bX9GQJnC-u*oTtE%1pl8+
z;cKXoU>5qnutt#pYa}At`9HWC;OzoEu<zG(%f3(k_XGO_mxw8a@BjPGH30r+Qq7oX
z`QKdFD=Od;7B<WOd?sK6eF*f&|ASq1;1K)C;IHQUK!bg7c9dDP!`R*5U*<I3(GhTc
zea$#NUNW516Aw1y`V|k{wkRzT(ETC)&&_}Tq`C!7)K}tXC-!-vQg%+x@L@EKY0ucM
z!_rEZM_6yic!0UsXnOVg4qD*!S$!jDF9Lz6FgU!Mcr}a3X4NjslqeqI7U_>kV$iV1
z`vFzA+GWr!?C%pTJ~abYKphwV-)Ef&F1#eiA|jG)a6jv0joK+<Ok`OWx%5IrxGtT(
z1P&9FV$G{pC}}$7U;<U@Fc%J2Y!^}Y*E@wlU;`Z2)gQ3Y_ohwXHZ_h^%2`lya!wm2
z|IM=EAt4n>y}TRv?KgkAut#w)xo-dM{duZ%r{jAHhvth8S}v{)f22!TY&}K4rSDf|
z_rtXE$fzjc-8zS?gfx#tnw|t!6SLzuu*1p4A>ZK{!QP&=sx)g)r9vzFUlZlyOC-}M
z$3t@LU-anrCurH_HBi$}g=&S;A`c#?lg`!-CYP+y|2X?HnDxy$Vh`^rmLLIu`UBGX
zGlBDIlpS`bPG(pYRNlV*D9i!WFCv<0YU1%;?c?0+{KB<0K(s({?^4CD6BWnm@RLY@
z>7_*4&+wEwRetQ`ym~l(jk^}YUGMOiKC$U-#wJ}Pd(Qye6UWhVKCWImCVgZ?Rjb;8
zTP}sa#et;rH<G+_w^$yqL})bKd*$_eGUXwAU0J0_7h+*&gb&EOX@Sui-PmK}5EVWi
z^$i<21gTlwu?$KE%9P-%Wz4At=aOz>Vs}wpndC|ikZiWf@Q`W$`20_tm--YeQO5N*
zFV((b<#(?bnhY1eai@E^M>|@m9YC-CEq$ra>k%PaWUb?-sQ2EST$<OJfL4{)J@x{!
z_my1#sg3jM6ERyC(zP*Ph0Zq>uEQO2DlRJIO?lLhn0uHW0tX%+j$Fw3$gFpd7bPtj
zS66hLIo>>8W~QO~c5!rlW8mWQ^mJz|wl#k|D?&hOl6$fu6lIo>tX{&??JV1jRlx9v
z0|&dMVj7R5sRDyKxbdCb(eaH-(9rO(lxzOWO_?rBb*Av@OpEc%Xc~nw&TY%fK=$EJ
zMtAe)8yZN?q?jR2eMI!GYaQjLH=pip>BzSCAz$BkTkI?Fk$op?B0ISHF<DMD5U}LQ
z&vohf;dA6n(|!Y+zg$<c-~M`Eo{%N|8Y4N0#|Q6)t555n-`{oNpPO1=PQQ})nLnII
zq7WXfsi1%v8};RjR4lz#MQ!6wgIm}2{&9@yTm_n35AO0srfrr#+hI@#oezrj^uq40
zl{;wRczz5nzdK!-p<p7L^X3Zk+iA}+0aIqHuV@R;;mr-WLEzBij`y`!^FECUra2#3
z@HuQ@<NTBMXf4KZy*hJ;O%H=w(S~LC#>r+m9`=`W0q5yn$p>UJWEWl&{J53_haTUL
z7uEU6D)%R(Ks(?m5Ee$MOAdaAZYFjd`P$%(E1doEEC5zvb>(z9KpbsGSR$ZTYATg#
zt~{(fn)p6wWUK7lnrUj0tT9<+95%nM?<seMNt!;!q&-+FbZ=vpPGvIyhF;_-J-3R!
zR_G+~m1CBuB!!P-?cL?{y>peOA0nIAFmx?8-a4nO7h%LoRqnNlNpVbc<loa?>Px4)
zKfvfNpNBv{_MsteI?j*Py#x+#?(GT8cwfLxkM)&PhnKwm^hR=?MD<_$A^}A@T2*2s
zBhm8tJOXnxB41_zl2EY|e|@@MZq}09cXD#`CO#k-HE$_UMmS}|H1TxNA(8#c{&N3@
zziJJ4(Q(Rszw~*r*a=X!>)XXR;uObmbA)1E_^6cP^JbUr`^}&{n!z!vX|UBqs*9V;
z&j<V00iy12%zNKEEG!89bEV><`0%*~8toDI+p=^ADW05sYB})WgL!M>YGmZwsjk$#
zad@L1+7F0?EpX)J#xSPI&w)a33g95{EiVNVt<!Crlhv7$CuyH|%CzdGF{?|MT}#u6
z$jB6$igXLdP)!UC73(;_6I~iOYK2;23F6bjV5R55=Bg#~NC*TyPp!Hf)cN>yo4dkb
zl^$vg!nrND<-4+egLuTG+vp>o#x1gh=6=+}Y@7OQs?q)d%H;#aQ}fXgqK#vM{%MZS
z_J8lnBzH-Tgj@8+q$F_uERfa6pCT8qwuTEIpu{qXEWTUa?44v~i-0!TG@SGEUUw@!
z;;@_){_<{dq{3Fjd@_?8YC5Kh)(p(e%&ZPZcLJHYl^DY@!4Ac3b*72zT9lx8OKd}x
zVx4z3!x;H$J!`5IlsZ;$JW_md3lJ*7qFd)jq?3#H5z4H3%ZwR1rnKmz;C#74_3jfM
zR#ufZninsWl<jcD#tYh}-$1kMb`<RwqjF|S+IMtzNX^G<+0!_c`@iRUpS<2(KJEI$
zqyuPV4XDgI^^9ia?jOX&fOIIY`;yJK7}9=mwAuqZO59ys>`&Z6)syi^WwG<qvuG3h
zu+(C_^h4-JOq^TnOWjJB^_M>8N`DDh)sFxG@{)D*DeYey$=|r^BQ}zA)+5P(7v;Kx
z^#4b!(~nwRSEtl9)JP?9rPy4DT;o3T)FuscoO~hl&K|RgAr|Iu1|u1nuiMwZK_?j_
z-TK#f`854mFu~4fqcP|nU9Rq%Qvy)dU87th<)c-@%x#qI_p_C!rb7e+!$3{1&805%
zG3o2O*BgCm`;k>8%p@}v^F;c|GzcLihxy@q`Mw%xw<WO53sm3IZQb;e?*(9{ys^vW
zO5)UY7Cl9+H8I58;wj)|-<*r-_J1%uIWg?Ow4AufW8D$zd<A#pWsykxjp2g>KAIe=
zhG_jE?>O%weta4!(m=2Eg7X+<8$~Kek!^9*K1g|ov<n}!QBgNmZ>-x{vwkfJ8Gouj
z(3MeSF&Psbo3hV?uJygi(#(9Wj@rn`a4>vyT8-U{kxFLfG<mziYBkPBUDt5coDD37
z*~A)$;;K;Vv4-Ocscdk|B8qX@W3keLWOPo|Jb5y^dp-_+8_e<NelUPhQ{~UAbsOw_
z(iUH+vKjlCX?C2iJWGGFu%d+5pV&9WwDofjT36(Wqhf}gn}XJ_$FG;XrgNN-7$xp)
z!}&u?-%FvjcPzy3;)KBr#$-<4lyK>J?Lh}G@Vc^|QLrJikyeo7v>fm23%iutC_!F<
z?ZXAP8}&t$8#|tRZkR7U30O@TWoD*c(RXqRZ?Q9`T%`_5@Jh<>;lSKu)+XZmJ#edW
zf#9VP*961!c2)Z%jDv-AF|o%rRpUnE_;l=x&vOygFz{7XmXipNqNE=dU?VnQ-D+bc
zP~16dp?~wL;t_^7OsHTgohau;j`DSWh^yOD7tv5hF5i#lG_jU?t2TTs0dFw-Kqn_@
z?nsR4<z8P6y}WGWgEyR^ah?@lA6w5UP<mjxB9IEk%aB~-4it&@!_aTiQB>AI+qAtw
zO7NkZ)c2RPVRicHWYldmLqiE6W<5u8W5)aL=Hz0cVh1vQ0{P4LQs~I3B7urMV#8!t
zf*Kn|UUwcv{8bA;v5?YF4c(*<P6)81ewmAUXNQy)vv!#pO~mLO_h>M3YIhA(6MT=+
z*ltp6Hh+$ZY)u93e?4zkLbFjY*7l+AP|b+xp{sDY^x<0$2@KArVCGNXx^g;-cSvNy
zI3m_LMRYUMto&)tH-Hg&e3zSf<H_xUfyaw9m>XB9BM-GdY;|?STa=M4^M=_yu>#cw
z`7rqZtlm^mmTXguo%0@gTQFA2Q?ma?CWru6lUNtjW<h3POmc4WtOSi;L~Tng<EM1o
zCDZ{MPYiWfSW2%>r_4zVsKuqBv>V`*DXvRwPa?6A2kJ4!M9&=3Q$oqQd?4W5gyS)+
z`MKU`@&!I^!v-Q=ToFdU3f4t6G9D!oQ)<e)ugH-UV*_eT@S*hS>KX4z>=+C>qcj*V
z;eAG}y?nAocG>))ZC$$giC%|?fA{No2?3Yn?l?^4)vycc+ON(5YM6OIwY$h7lK8_e
zHv^`a6K1I==IV;xECMJP#V+1YVxDyWj^bzZ0CPoS!`i)u+sNgU0nN`+8Igy<k8%r6
z3+O2}b!NDEs#ianJD=I7DI2@x4sBdsz!c5x3UG)R#58h|^*FW5&E&=e$#U}F&#Uw|
zwhw%blnCtW@6N~}dr4*cbrfQ=?Gcf47rhrJu3tx#=8QyT-5^&-Rj34!en4(Mm6hNo
z^~!4J%KQx!wfiV4-8D_U;=|T8-|U4^KfTt`pl}Yx*}+M=<>%A!Pc=TKLw=%a5%rAU
zChIGC2*R$@ES$E+^dSyX1>+fwL)J~NFO00219&i-0^B0@W#rte(w~&at<jY@zqaai
zmlm1XNPWS!H2MW^H2Z~>UaiuTFVK}K&Eh9-Q)(IJ_1${E-2b)Eepm+rc8~SmCvJf7
zd*`m0@b{kaB;kpAt%^V#b+5|aEf9Bst=tx;?H!bI;}MR)&-wKA{-EC2Wv4c}ABsbm
z<%CX3=5Ed<lR11g3KuJ8JdNvLapuMcv}H7sizcDFS%eQ}-A)74A*LY>2?Gov`c>dW
zbB@B;b*-0`#S@mR>1eT>hLE72W6mLhOc@WGvNu}p7W+=@23TW7?QS!xG!{|sSGGtC
zs;@e=7E~{whP(jjKK1D2Sz)!sSD2TWT+tH-;}5D+z-TQFX`oCOZbx;e2$t``e~O~l
z1p<<Aohi#}yxUFWmB`!SrLdwWDS5rAG+t-UL>D`XJoSB$T*nIr%mQeqj4@+&^aBM&
zhr-$sFH;G<mMtl3QvAh!^|B=Ja(&M`eHW&RuZ!kCs$xo<3c|I$r+O2IsG#i14%@Y=
zIbLe!vrSA59{cDq(O~BLCc5P=>y@K?A<GPC-1TP~K6>!P1NyaLV*DZv7&PJ$Z--9i
zyT1K6<@f<T<x#WT?WXdBn~sR>joH)T3gaRPiPO6EqpByJ<@Oyrdta{RYmoHK$OBS5
zyR=NvrmhJSf(v_J2<(kr^{gCx!T1$T0<rN&_AciiR0hA0h$7bAJj}Gr)ig%x*UJqi
zhRzR7j`d%c%{3Y@fDuO~JQb_tU6uS=T$MEP35)*Yfj=|9u~>*4<3_!Fp;SZvPI@EG
zPASY{h3@6!w8v$e=QHDLKbzbHfRZvft`>QLv>}8}sl84F<3lC+Uxz4=#_%TbrG<Ii
zr{mH!ysznc_y-K=Urwn`3%GycqT#*K)=ru5);Y8oY9NHIG(N*x)V(w$dp4TpLLp>S
zsMS=<URU`-2lqQLp@kA`UNgmGfeNE|NGGcGNtkS(Y{K>tIS5J%BKs=*3f`LOJ?6T_
zMVvp+{Nj$>kuG1&Q=;32?kP5w%9{N1TE%T7E0FsouaU8#vh3BRL+m(ZfEv0=?tm6a
zf>{Dy&sqb!Ysvf<8~&m(s_}PLC01A&(tH9Ixid>KGP^3hJ_{Ti3gNT1nq~nK^=DZ7
zCLVI!84#wMg_S|+Vb`yH5i(`mE}BqOs5sBzwb8WY;{jY|om_MpW@Xvwr)PKG_%11Q
zl;hWb?shlb7IGXZ6riT?>#M_5-i;eP87Y#g@Lc7H0>=?KTS)V2SZOdne#T+R!jizg
zvfX$S))3^JiI&DEl7w%gm~6>D@1_<M=@BD0D^`cN=*^3HQAc=dW3?FNaAaF5WI61p
zHd7c%Yua66pXgH?S)5_tv|H?9mKL6@tKnf@%?d|>S10Y2_^=3a|3*=~5x|7twdw!)
zE0vBG3#pGygH<L@+R$?=v8G9JK*GJyDjr`!TTqv5OGsD3QKh+{DE5g>=TaM}8E5V#
z?apk+H?M&ETUy;cUUgG$)BY*MbQ#*zM*)_sRNe-2bphw^=GxarMv29h8qQ89ka+^+
zNx6iUY(cCP@^w+tOcPRZF4b}5Q=Oyw*Rqt~iBJZ+`(f*rtAWzKUTDfCE?sfEIaE(a
zZ&qc>&3*#ahs1>56sYDw=%1%%GpCe&m6q`hRogD<j*N(CWA&o44IQ=q;J$UW;#rVw
z`bonRQ4Ym#xLj{ML+RpBfIQYgv@%{@RW)X)^h)_)>w~cmwV0Y~P0KW1&mVU%&Gk|1
zCRtqBgNw?SXT7|+i8+^k<EB0SyVh#k9QA|!+k3<`;>f=i%C}J;O%*;r7m4NEwkX<#
zVnX^kX&D1i`q^p|9Y*;lN1$J?f)D7X<t871$cVoi&p{q@!IUAMkVUAeG5qtrkvQ3)
z`iN5a)7}y0$K8h7*(W29q-$afb%!k{s=FRFS6gbn3UcC4*dDOKVzsjo(69C2NJTkI
zCJyFZzM6t~5BuQ~n66!5PPDk9QkTQ(>Nlzr7Ui3otY0ux04`a85B*?q%WbpI4ATFJ
z5oR22$!)pH1L41dSga3{cf#wQ83<AR^$|~G92ebkuJeC<<d*MQw~YMv0k#VU!0zc(
zhSu@n-`sODz|!p`V<`VGG&f+%F(gR(@QC2og#G2&{`0Bt+yFl9pCm{5_mwtOm)Z%J
z*E)X&?bnYx`a3G!<19Ygs_Ae1L+md0>P;#l(lB%M<(l3xuj0&6yI?Lec6Y6XQ~pig
z&b+=AhF`1rh2L_~-@(*Bx62w=$W*7yXuRO&Pf~c@`ps(N7FM^#0JN}DZ?b7Vq{cKg
zQg+qS@C|@+U|0RkD+TEltFT^Qmep>>a|t(4`HN(kbWfnNZr5j;4LA88$df!)1{)bw
z?LUj8$cE=m>%fjzC>Mjksk)i$`Zv<(dHv<>1nWWGig!+*O(#7D05h+;jfPz8Lq@TN
zj`N%r?Z<<avD(4qup~X_VbZ>Qw`E!$@?~A<Zf;e?{Xc_I4<K9j=W5zIZ(A*05>2$K
zKtu>zs6gIE-^Q`Gt3SgcVSEHunZ}WX6U8uEEV^tgn{K0b6U@Oh8Ck+#oYoZg7$_rb
zb-yyJ*6Mv{U!RBV&4Qr$SRsmTlUEAM5KCuXHl`!-?C1X0)ZBB4COJ?7XpNz#Z*$EW
z1YOztQuTb?-i~%#i(}Q$XuYoA2mgRsJ2COxS_(u6Qm2@V@G}gGj=$p^9r^4Tq3n4R
zn{Y;LoEL_$osbPt%&mP6>2}ZwLqr$@e>3i-GzVvaoJC5Q@}zPYJe=8G_Yh)e>oy}R
z!9QtlAfUjPl2|H6*v7jk<1!{Mzg&y4=Vt(>t`Yb&r-kWY1xz*H`ia|zBie^0q(V^b
zk&IajXHcR2SYw<}Z)3Tg{$o?y%8rp3woCUqv`Qry4*{z+Gyc+WN%m@C@?@{^*7@PF
z5vv{iY_>XWj(;vDH8C~MjP-P#E;0h0(~Fhm;KqM73mNi9yAVVGGpe7AdF40L@{?jg
zdn*3EJdw2HblW!_O2Gl|b#0!CQ!KRt6~Fs$czvZ~>2iiHL-!@D9#m<p+v}%fvDN-}
z&@$y6g+HJpST>EhU6FW0h5bEZH#{q)&{;X)9SI#5i>R8xh}T<FLL$V`XH}>WyR@8i
z&V>rWG27nes#JuWs}CE-ape<j$%=Wcr?B>xn8YaQ`37zcF|o04f}c}~#e4X*dWnwU
zRL$p+>tyL}B*c*>XqY*NbJYi!TCZ|UWh=wB;t}W1h9%5q;CJD)bo^fcoGPmwXEWq4
zc>abxk}{JLsJ)riee!>}d+VsE+O}<6P*gxbkWf;k%Mt08?(Q7A8|e}ek(O?d?(PQZ
zZbn+VYiNcUzK!1Z{XEb6yx;f7@6X>_tXaTbvuDq~_H|w7aUREcoV@>nF&`nuo6pbr
zU(-c?X}bJaa5&co9ygy}+oWdM8;`eOE0$>WI-##7n`Pn`iTHbpOJjd@u~drxhWdMA
zw>|Mq2R+FJz`;b!XZjCp=TBk^mBUEkzwGI>_`a@2njao|XmIf66mXGvNa{$<1Nx6y
zBkYnc-0L`y+E{FM5>1`K<Ip4og}?F>)(OuR=+~M`?RAHO!LDbUQ)78>MASp2>Mv8<
zdl8k<u1vnwV=*UHv?kN`KHcRrS1$?_OVRwHm)1i5ns^#*AyuL=Yt;jImTGI&iwL?B
z_^50Ucs}j_g<0s9_p=8R2h?b7_XTN~3#Vy<u6bEMR?K914nT*jzK}^*OwZ?e=VxX4
zNa#lC3c&j=Po7CarQ%^!m|3eHVPhNFL?=qPZhx(rZ7cu*Ad@L5`g>(V;ziCLh|X~*
z*`eQGCGrECj0|&5x?S@2+bd5jGMaT2Wmnxqb>Vg)t9ngG+knf@zOeRHrop1$O)$rZ
zsx*n_QsvU67b|`+Zg5@sq<fMxLFjBQF3^-yZP8pnfmt)$m6GYFg_#F+-=|J)EMkf8
zasG{6$PK{YRX6ME;-~b6y4TBsH~|`ruo|`nYDPm8{CG-+l=`o-d)zt0T}^d)K-?;@
zEHGIm#(WlOF#Gdj%H0AxdYw|_gs=D~(#*esm+HltjtRd_?xfQl2-<+Abszn*CLhH2
z!esaUn4J%gy@_v1u{pf$5A$*FLGqoceaMr)wp^&lcj>DNI-k9}SU)!SCrLTo8xF{F
zT*K(qR}1Z^YZ>DA?L`Sy7^zL7^?9ENxJl6UPb{#%Q5M};z0esb;~<-`Y(*>8$9G(>
z)3H}Y+JBqmJBQZizrT9G+DHSWixQ9eCM31!e!#BXEVm_B@Hz^HE;pwO`KuyDv>0S(
zbTw|=Q_uesmo&SdS>h2JGhSuYT!Bk<ICBczkIVGO$UX$|Mh2*0Kngnl{whJyKuq<z
zE3p4=g>G{~t@CirYqvy>(l!EDx`sGkyhR*}R+V;u-Q<f!bl(}K&nD6~sOVH5Ojdr5
zf})I8*l0E>SPxK`j6CCqabtKo(~vAWi=XL~dezP!&#)x`&_hba?6%!9y=zbly=69a
zq#j#qM#xps6Xz~Nm7xX6raLQC+(lS#uX}*s&f9X*$5j_^Xb@XU^!6>RNS1n!J(PNS
zvW<a0UFf(^-Z9J+XZCS~lrxi3E8P8zz`1pcunAK`(6L7H8*3lXF;QADxTW|~L<G0_
ztj)+N6zk8E`jmzNiMo{wO^dPr4{26Mh-BTmQg8<FH6_I}&7S9xtZ$-fX(FG-7rIU3
z{LnDNd$tRBsgCV{d{oC653DmOHv#v0Q`A>@f)az@(Q#zS__{Whr1CH7JhoFK7TnTS
zc^mf0=APvae(taoR!;)(&D<5L1VI!{q)dUx7C|~&fqf`XS6BMaSJR{eX#u(1p(#)f
z6<cLL2$LEB+rl>cEPY;Sy^^3I!O@e6v`(kUs;sp}bwBG#tB9{07(g34pM9v+uC?M=
zL1Js2t=2kyE3O;IyE3IvaLsv}TwL{|#+s9xK+LlB_9*Tdi;wej)lx6sbsewUFU`Y2
zuSow2QlNL;q*@}<|0G~Pk|V#SATw4n8uRAkJE6@sx9Zm9M{QKKuEfVy(y$+%`ofw;
zT9hJV@JPMUd#2seE?mh(l&Y($bR?`vk+w)P{vB@(eibKYnLX&t3(80MBQ>4<q+v#C
z&)A*bBXZdGKj2KG4Gcgp{hm!G6Phg0p@6BxH7+0&#fV_-Vp97&6|I%*kna_wak<dF
z(O1rmNzX^F>+$u1xg{t0!%S>kakbImcE=o+0xjDktU~<sX*23nc5m!&uFLOqINTx(
zTyM90qrS-BY`aeXaFL%Pn{}5bIopww5MQpId6e%wVCHTyO)=ZzK-8zI8`{X4ol;n%
z1=jv~4nb&_dNY=SS|6htAFktgN@-NJYbGupKfRDaRK47o2JX*%T^hd3twM13-!lg7
z?k1*VXCVKM4|tIiUsQ7xRA4xQVV{hW$Te~S`AjSfuC+8uJ3R}OWt9`iz#|&M4u%Qm
zOX#jo(<dkrXS*iw<skv?@(_iE=(6VnKQhb|yMimMIb2SOhdeGks&$kv0)TckaOx-i
zM#UqE8Woe&Fjz?f4E@Zrs&>}7FAq*RK_LILF<b$TiJ|P0)r6G<w*b14?9Gd#E@*=3
zdz4>YH4bkKd$^KqSX;^Jq{#S*)J5$_{)RKhn#>Avf5Vx_aW7{N{)RJ5`S?S7U)99u
z(!o%v<`qh<nz%?k<=Z&W(1vxxm*e0d_a<XCV-?Y=^9uHAe4yaZr<!BmOu2QfGDT|6
zu^6+mr-&g~<Wpr!eDR~JzvJZ8k9X|b(B*X*DB!n_<u0m{d_U;f4ENlI&bZ>|LD9x#
z(buWIp1<Q5HxMo6oP0;86um9FKfty0z3e4E$HbOJr15USO${hDOXLzaw886JaWwL$
z`x4Vg)L_XPIkqPJ3A5W@_o^wCULPu1kBmygSH2fX*T1{LdF7}0hEfB<Lc})wVsO$n
zhji^PA%L%z$UQ-5@#}Es|HcD0+{g#DI^m<Q{#rc#K_I{{bs~3h`RgMy{Qrvkf1Q&9
z?mp*9&rToz_c456$M6hp%hdR<bNbHRq1riH*-`TUKBgrMTqPrNxXJ%=mHa?#ZQIHz
z5Po;3e}%pJHSF;)j$vQQp$dz#N$T4k=Uzd2N7*pTHGg>IUSV?DD12F$Wsj`mMCrlb
z8~VKmLEk=_Vo&=Q{2479LuBLrnDm42(~9%A%i75MTCD&C<`IB6mT0Y>I4b7KJmEc^
zexAs>Z3y@Y)K=$#Ka$BHwiz`~&Psu7AdjV|ecD&O#Rea(f|(+=7&@h(yM)Z%xlq+X
zBWrX@ije5`9W)2_WcCk^T}A6_2iu|-A$uj`?@CNY{hw_DnPa~X%a>O~&^Q2P@RII}
zl+PKQ46$+3CncU)2x!IG=5)+qF37tGkY9)Fig_E~xbkf%X-XzmC$in2Rq&t1Gas4<
zZ&}U1uvpB+>#8agd-r7(7B;a1Qk92h8$kiXpj1PTiS|&KdC$&%LDSkcZwrWI(c$Zg
za~J+K;$0$H=4nPEKRt2sA0SpoaYtQo?muS%)Isz(M_8E3KOkqj5L$9ZKTpYP`Pwnw
zE$KaTcc0U_=$M2UTLzm0d_M}0(BrdY;{JwM8BT_yg~7Kg)d4g))=$>$V4LBonLDAG
zd9q0jRlAUsXuE@VFR~#9%Un&O58Pnxg*KaIdR~ktgvBs##;a>LdheRmh*Kbs?|4l(
zXJ)}%#_Q(hF?M}rdD59w|Fh`>`Pr|y7doO&AjMZ2vo-+#LfMl$S`ki=U-G~oWz6f@
zBf9jfo{LR|&E*T4barO)s8vOPKIz9@XuxddUBQ5Yv@~Nz`g<$T`tJCe6lf$R;)7@U
zAt>{TNfK0W#mp?%3slD6!Sf41{^WTv%qaRh@rsFhb3R0<$zsii{$6FPy)Tod$^F5U
zjY5EP>4NbPh>-gqGRAo*aS1^Y!y0o($MDUbR>#|Vls`@LUI&HdDlC8e_MY-(uC{DC
z`<JGI{{G;5V+^^JxseJDll)G59t8;sx1>U6vye=+Lyy4fF~A4EKp~o|B)R#M>WGE_
z1~+?7`v_L1_p|E>Aib=4;^x|*1WPBO1&~2?2~7C~46FHA!lMy_kT~O-%q=TemTa^H
zx4eY#SBlnMH8bYJ%P>!2SeDVwbwuc^2c!p8YaRa438}LChlfSFZ>8NXb*2t7$#`U0
zlcuxGTKHGwbXcZ}5?})gBBCdT(QlmayKXplh*tj09BrUMvk@fGHstrZfQy9v@qeJB
zuG)j8uvv`l_do~{{ms+jRzj1<5h;m*Om*8g-Pr7M084S|;S>!k?b*ZjzKMY-(j@4E
z(vE7g_}b#1kzz?)(9i(d7}n@J$TW3FA7Z%MJZFTNF_FwSr3qh>LT~OXmm1!OGAyUF
zED{kQ+GjNlqpZh*BsrS)%T(%Q<z#ZFz=)!ib>ok^4U#NZ5ecypNwHS)py!{}q7H`C
z?R4`c<1o;v$oR=j8g&v}=Tyy|Jq;d$1RaExI{`#2tW1I7c8sL5UmMk$HDQISN7aiS
z05Au@5MX4#!E(;!$1hs-X3qw?6OC?U^Tb+2C@0EHVwDHhsuPH-U+fc7Qb0_sE0U8i
zh7Ul^(At5U?K5oiyJrhf=?DOc9c{x@Cds=6u+I0R8S{Y3o7@!;^jZ@YfU7j^r~eJ6
zRJP&N7&#Ugg_U|vu{a<q8b|GzZ?IRtq0?A>rfHsJGaasGpJHolu3&Kx!=;EtoN^@O
zjoR8-8A9L>c$&<!G%Q(t3}>-?v9BLmP-RN>Rgc=_$5?S@{<9>EIL0&=>vDyL1h&1C
zuMaf@A3KhJ>fTuiMAwWyGjsM#oMx+Xh_5bkRvd4oP|4E}fTOnFd>)cQ{Ho^^D}Gd^
zVA;1YKX2Clh+kgz+=*^zV-iOe%4Niu9LSq33*^+QXePwOF5-0c?<O0ha84sJ^U5)n
z;P|gwA_OF|APJTsxOZC#uJ0EeLPdF_w<^VIF`ezx^>vOP>;{lx*kJW?Gka`G<{w0e
z68la1NyxUOV>0LqS(^>qJ*+Mif;H%2*M$6rf~2p2B{ZNq20dmXH`YsQGpUZ_TV&aX
zjn`b|hw)ql0>jczi;pFp%cdNy$aXr0v(`X1YQ)8thwr#LSD7W*C%$;4Mt{b|!vkzD
zS!uIAt@{h!<hxoXI~zEA#tmyLid4lt*L36T*R-`ipu7W45y2-FC}e|~<x1U3kF~J&
zG-{Jl!ZnipV(1L9frjon=nf$9qx15jvFVkwFn8cCaQ@%!!asF=_mG1=5^!hZAl;d4
z(DQ4FLf)0+pX7D3<}Y<3;SysPl~iNN>1JyCL*540mpx8RWZ&zs`eLm*Q8<<DGT&?x
z2QA`Rj>_G>Of{5r1@qf7>PR$Ys0}7k<xI_~S!X^>AuLyIB2_5{$B-snbI80nNqq-m
zm#kGaf_8Rv2(1tHuTv9198jb*Al77qVRD1hltwwGKh*@pGzR$ct=l0U!5TnbGmluw
z-}~Aqu-aSZ$oZlwM1pdyCGF@JM<rt9>;PnGC@UMX(L=K!Q7xNEGL$wkDE=q5uzP|0
zw$?czzx(~&KHnyI$Ml>|!=tuSTH#ve6p#40mCe14xzm<QdGbDQQZnO@2gu20F11{#
z-~lsU!loWMz1V<VtH&))Xt4=jbI`8(msY<Tw@Objzx9T5Zd8#mrm@n|0oFy<Eo`UD
zbHA2Bx5y`@F({|}SxKqxmEhD|o|K^_x9IkC2$k$74RVmc#7+MdU{bTD$Eu)4P)}yk
zLqM$0w8Tf`(Ou&jkwRVR$c(BMS)#csU7uVu%sSyxPlG2f*+r=%X@F7F1*<PM0ngp%
z>M=oQGQEf^=<N&`yLq0SWcDMmYwSkjnf;&q?5~PD5$xWi;jg<zK=#+^vJ#Ln$W{hu
z!s=UFj#51QXS@6KHFTzG0X4)FGi;LRJ?EXY>6$g-<ATO)GsAM<yn+W*Pz`gn@ny`F
zR|(yMf;*_0LQ`S0#Mf$vn^UAc6{>8n`whMT*Sp|vC1l*%b3CQ}O1_5fon&p{@R4Fo
z;Et;gK@4cxgx^p`9CN@4*F-B~<~XL*LL=Cd?V!lo-ifqtw;}EJ0K5aL$YF{jqO-%X
z_l3wy-C9(Ct!atQYu7RWY8SR3<BZb}vxN|vX$*6M65_QpE*c_70dRPB7dJQIP`E-v
zrF%*jcM`wp74{#A$S<x3dN%u9j-e61)4LcCI-~0+zP{P(&1bY$KWcRF#G7d0(^+@Q
z*Pr?ky<Mp)&coGn@YUG1r`l{S2`lR7(zLmbnv|*-_G~A4rAa@dZ2cr(1B0ivR(Zkz
zSq_~QG9zpuD6oQKy8;8qRSwB!Icy!B3l(*puJQ@zv5p6Bg62#dT}huS#v+&w@n$c2
zbh!q1t)u`OyY2;svtSpS%n$ih9c8l0Umyf(1%}vs9^s8@ZpXSOXBL)8PIJ@7`b|Z%
zew-h{uRHg7epq_kR^<enUt-&ozBwFW5X{P{j(K9zO+7mk3)iFv{StE_DW5J(xr7FX
z$OA2{0SYo4UuP@RinrRQgD=QNB|x<0_;CuCYa~~Aofzt{R;=~+PV_jS*-5ZPQZaz*
z^1LGEu=c;t@>ZRF?>M(UECp|tY;fTaZ$ydTts8M%K?aB{(g%OSXULr^K=meBCZHy;
zdxbnxzfqAmQ}je9`Bm{h0LuKh3T5&vopjPknVqtzyP{09SplQp#8d$%RvP?X|Bz4g
zjGILsqNscRdiq?+=4X8bPJ_y8pWX(wt0>mNzfo1Qe)Oy#M*y#W8jszl&eiG~Qnr0b
zy6UZoemb6DHit6;{-_N-i9*O26EACM7}R}xmN7HtJGGneFW^3wR+%5WL-i*Boqyj_
zot9FN(a4zQx8fAQt=<Knn=<O9mITUi;{M6rkrm)$Mv>Yka^I4uQ{yLxv&A&DrKaCL
zKGwv<lQnTNL;jqq<+MY@!n>+sRv`(!zJ?bvK16KXk~P9vkJ(oB4qW-r=hTN(1tezR
zDpNanxC!#^*7DLw{x$?~SA@qq;%AB?{k=_r1P&UT40CQ0cFsPmyHm-k!w89W`%`=F
zp|niIE6m@Jrp@W`T_wfa!`r<QX6HYf)B83gBqmFYuqP^uMXUk3H8a8!v>vlL$1RPC
zoR!uM364y`Es=I2*6hY<O9PN#VWFgUWKAgL0G9@g#~t#zDh`KP4<GrN26qAKk>(4a
z#0RV&F6Vs{GHZKH$wmYrPLW6vT_rj@WKzzQz;MrA;xC5r64ZdM7!L`ydNeJ-4THKh
z)(|2o-U=#>n$MB;6sdA$TwW8FLI(-&(tX_SxkR(GUKQZ<hu$r`3JYKV<n{0Q-rN~W
zkZJb*-8+;Dwb#3wk5Xfl$8=`6&xpx5V`y=RhLf+)Dq@ZgOi}9Mvk|=c0am}U3pQJx
zylQa!_P5HI-46h8Ndhmd|6*@GqCY!g+#kr<!=G?6eJ*>zFVJ&A>J%IDclkw~`5lI2
znKb)faH2EyN5=0q7cT^F|HPI5{%S)Apb>TqR>HrfdH=$TbqjYAqy^K*@V~y^Z}Q^L
z=JNmkH~_Lbr@cDGx`U8ZzlLEQu|^{;4o!H=s<l4!-64OevF<M8``f={ZSiRGzoT5J
z(D(iCn3EN@^jvjr{Od-WYq@#bO}Z_*%JnvQ{n7*9Enh&S<4yq31xqCrr)-iO1>!Q5
zdPU#tyjy0!-Z@AB;1+Ax@P_e!>fbc04$8m7U4T7r78G{Oy`$v4(yxY*$+rs2_Yk>^
zIeH_o|Ip>TO{NDxJ*4Ex?mmZNotw7wY+s-4Uggi4FJ`PAR$)IvZI5W5yy!#VPLz;N
znQ2D>0v%dj)|3(|9j9+|Zj;48$1?Kz%?AGQU_uvL$@Ri76SRx7w7Z(IvC@3rEtBr=
zxh-a!U)0yv?|OswHo<gEbY$Ju&YQ5z-8|CCDm8Spu*c~D8r7Vu<t;D11w>Vo-yIEq
z%kOU96BLY9)$}L2^7&R&Rup$7hmI_C3@N)6XXNlE-hmXxktB|R6H%!NZo*J7ebUl(
z=(TNhNp+#iUZ*zq5jgh|m(mb^bzet^9}b8@UUdU}5y0Hye)jseSRyF#qp5=0*Xz4M
zc_02hrN${ANU8zis&F^&=i4!Twwl?qF=q22sHa1_;ISM^B58t)fAL;bhG)(y!*|qI
zW2$3HP4T<|FanuLja_<T-g=1`DEqCM*C!L+_906OY0ziX$Woaegkw2fv2Mi2vqHEN
zY+oE49JX%89F?2xai`3c;+)|PQ8>do!*WxyC-{^;xuG25G|x1@B$msY60M1hf1*7x
zU%0Te%5)k5Jg~Es0N9q%D&sBQJlQ+gtBmZUoJo^-{u8!CDcaahlHU`r%dmBw$7BSR
zDr(+!;U)=(-w?%=KG#X;mht%nws2GGU&n2ctH_sZ_As022_~-5*YfEb_dczKh~|4!
z=}2ew&f?|i$9?&5eMEb$cgig}3L#2MfND~&`S-#>q4IHn=3^{OWv+^1A#?1q`Ugt>
zQr_)5Q&G>V^Ar+~u>B54hm<#I%~`s3Q-`A;!Q!cz7oyGCx@J4aj0JIe!`EMaPvWw>
zp0TkHhk<C#h6p)>DVj{AhVbFsaNvt_H3>4w)<_c~FQpN$EU)QPPBcK2IPbElX_a}*
zSunvT%Obh0MiRc1=LKtkdRTvH)xE7cpLZo~_G%(=cw!<`@R+vef;h8IM~vnrg*<BS
z>zgK~H5Jy2caH!zF1u<?xmZ$3j2X^e&^vQ!ByAA-Eg`ip@tupqD!=JPc_y3cu&zMi
zW|5w6B@>3X_w%!)(KLj1Wt6bpgrNRm+K*VswZ6|DM^kXnwd=|gR#V&Cb0n2~a17m1
zaN#pp*fDx|cR%4vn@wy$j+p3m%mX<;0R@V#AHJB8LG6{|*A^~pQSVE%V5b99GRQU0
z`g_40Kz#$TfKDg<q-QunJwiGe&HzXX6^)96K3KUBZ-*Wt$1%}?tfkT(B9`736J2o;
zhPJ*v8{jQ~+&WrGWX8Sm4Ea%2PBuDIH(|9NC1G&<)_(f7yjs8wAW0>Fb#rQ+{sQZF
zCGb4MUBV0Byb8!k=movsMeOG-e8a?5d?k$9m-|!N?RXFcw-H`O2l}z}Zwz9;Uepet
zhSam3;{mi7Xc+F!kAb|D<T@VnLXF>C;Yoeza5{5&uFRPLXaW!{9*29%*)%>-3Cqu@
zQUN+|erFtD&o}Tb!XO4{P04%Wf03HXx$Jz*@QYJu)^BBH=D(DcGPP;B%qVrEtDvbD
zXL8W_i^=!+Jg?0zX8H5UlXQZPJg!G+6A?cjxqV*8?BJsJUD>=X{$_xSi=P!1P)kzN
zLL3o?TiAM|(G{HFPzxl1`$xPL1+#<J!XHtG=Ts~Uus98JuPtwD<iW&jJu$dgGXScN
zLav2hII129rV4PBVmu|UM%e+BUQ9oz_4@16SE^5!r^qKS(ovJBN>eK%!H+p^z2obB
zPWvsJglUMOEBAMxS_c>AQA<hV#*#`X_*5fg{Bm~@H`B$G;J&I;^tUE}Il_gN`mOCA
zij52+_!(!G$Gj1gQMztviY@&G?`OfhJq~ic!8MikVQ~^aA)t%#Titl${ehTH`YInd
zDI12Z)LmXtDmSDjR}G<F@}o&VuG>mRDasqRp=NAjZ9Uo<xOiE;0)$;j;LPLTr&cDO
z!vNhI__7G4zDJIPEB&*PTWmtTPgTWlyOj6#&pxh}tWbqq12Yhy-)tJ6Q(hvV>vXdf
zAD*G8J<&huqo&O=$ScSNIMO?q9|Sx33+D?IYIf|<?Mn*2+lPCBEIq^WcPGkoC#ySk
zWQLa-WL13qu&|K}*b4;or#fb&KVV&<T+&ubTwyb&-)6NJ@SBDwXLkmp0!+R!Ua8ks
z=!o>~Z;>d&-y+eU&C0O#!e})apw9Iy^Sc-?LNQn2mO{>K-9b52#twEzzm^(Ter(k!
zZp9ml#E;&-XfBR!tG4YR#bX3<c7A4WaAI*H^u~%|w8c)WerJlArmD%0?OpX!oA85;
zxSGbVzTtlT^enrJ@Wo4HLFCEnt>7L|*%$tloeGV*$5s_@T6jy-03iZK#pkC8QgNC+
zc&3^zYa1CQTuRYD5pNPK(b78f@b;xoj7k*(+PpPDXvg@N2sH`+Rsg{A;~6QWBtxwV
zSMP0vs;cq>)y(%Md(5HG+O2$zs66kUFYHyTMc#8E2G}n_v=rLE+*p|TnxT<YvNvlY
zLF!^wx(#D&jroq`-X=Tj+^y%UwTIs;KV)9}dpRKxE>~J=XBEuBX-EzuYjLGsK6XG`
z3_!LiaW8Q#BP*~0*w4^p^Z@-T9ka@qdOu;EGFv8|wIQXhrR#Ag3fo*!-mE&8W5l?0
zpa0F<*q8h*aXuCCMi@q3(=4{&a#pZqqzWY!e@>{IocT|}g^ACiO<a)~iIZ9T{I)8D
z8HSDF<CEow*yUvT$4zXS&sMT6nvbpF=9M<Le(FTCcN{T}KEM&v2Be?{erEt-CtjF~
zNbzeL{cP!5<{ZlDS<3SPG%+JehagAQvB+@zg0n@^R8qHO^6D3p3L0odCX5wDkK$e?
zmc&%XMip7^F}IXn2hZV&(IXl|SmPdT;gmY!?pp&gI^_}vH{*A6MK1Iz=iyholM1D`
zq8H&~m!0iVpG&DnUfIi26ZVdPZ$Jw$VSXGL3jsk%!5}((Ao;?Dzk!HAJMAC1koxqP
zF)_2ik_|IPIb%2gT!PZ0g0JWix?A{Q{SX1iXytfOQ1zKh#8%va<rWaB29JJbU^)am
zs0=Y2@YuFVue!|=&$obNK%#1=G~D`;vwY494DqwDNFKOj@?Aq=BP~t12Sd}08LV*E
z73p2C;<J33u-}6kc5OQ+X1XnUR=YKq2+6*vQ9WbTqVKIp$Y}B@idp^bWPt|AW*m^(
z)1Lz!1&*J7H7IR?Q(@|bSGBtl9<8zV<2VDF+himeKy#ZN%Gvv43}Ch;q{-2V7&7AR
z8DAHr^sz4UBsOA}ss@`$>b;Wr?14Sc(thwZDG(sWMOP;*d4F@?IZdSu-n??ti9;4+
zElVy$HEFru7W@;AcaPb3(sUfHyqjkFC7$(DgcqGzbJwM4`ZX>Lr$@xAN+rj$L5xp!
z3K*X9c58Of-i!+l3IMX-Tws+kFAD(^vH<ueay3fBb+IrJvfJu)yH^_8oy$oeWyn}@
zBOxv)lNnO@qW@;Lg^wAs0#_4MEr~n-G0(3Uo&Xh_ku+4CLyhDG3lt$!2%n()+SOG3
zEVJVU>Nvn%#-_LHB$^^yo?An$vP{ObFSi{)GNh*!I8AGO&#!;Lt-QuN=_r!&!Br#h
z)SXgdX)pLJarG%V|Ei;M%e$n-S|cO{=^Qx{9)T7AMjF4F>!HEYOvK!|3TPn@5z2!w
z^a!h9tEXxex99*Vd{LMmRyS68ZH;@5DBq{Pi&ox${|;aef@tD9Q8_Lrl6^GuP0XVy
ztns^?k_6(_i-m#`&Du?kAJ94+Ys)*5etF**An8>SN$uxPq0OK&F&$=u)Ds)axk<A`
z^FCTCf1FP8Lj2CvGO7orn_QbXO8T|hzEo=E#TAy@4*DjZnnYn?8P+i`H~Ika@JJM;
zAIgPd6P5C(%JUOkJ3D=o8}}Q)lVL8)j3&i8f9lgvQCHwNG(1+FHL=FHEBLI`Q7xZe
zqY&2CiVzKTP04-S2bdwN>{caRm<s^iJe6k$*VEo)@6GRbpI+O3xP2Z9DkvA3=w(M=
zB8%N0TI0i(n@7P|$yWblR*&v+i(At)_MD}-7HF(y1oVGFQO(upBZv$M(wYd}SV|l_
zSd%Q7hEv#bW^<lSB=e%g)-nWqdo6l4;J9uZC8p4yjho2nU2ukyJaf!R5B7t+k}_Lt
z^sl%)+VId8L|?=y)$E{g-}UX=Y4}biqS9K4u!O&pgg`mDslbv{S5Z#83Fh0AyX78N
z{%T&c7Xii^BKn79ru(md)ALZk#LU6l>=n?J<9#{KW77Zu0|Um{_d_p~f<5Ne%$10b
zznT}{03^r6PulQ8)*sjkc-w2ft8}(hw#yW+%9^@_RdnJnzZI)fL=Wrm({5IH%L=;p
zgLSi{V&6y@xYK`<GAfp&gSU0Vi%0^M1a(|72Dn5e^0Z3}B;&A{SED?KugQG+4KV3{
zgqc}d`8__T^pxDHu}xYUtN&|8StoJIvIMU@FMQ@9E-NF^+^(!!Ge*~8((^+HeU|h`
zg-YB5>@ScJSc*H}Y!a#7Ba87RARn#?%ZK=6!g|a+RbOfBYQG9MU>ZF}yeWwNX&r#(
zbsOJ&+ZlBNkk0wen>UU%<L-$sf|{D1in)&;0?O&{cRk8B64(6|c->EImD!F3U-u2f
zL8pF9Rtijik1JG{#go!cm;R&xuTB)3*sATOakQSPk(9oy)&ndj*4HVA5BZCx3dnt&
z)ztt&grpv`*U)%-qWZ^Ym1ny{rMkD-Qli_DVx`{4=OxW$kxeUBGJ+D$YbIYx`$K+f
zN9s`Tu=;~uGoZBkmniZD-&oo^Mdl(@gV*&A=W_i_N`OLp&x}3>D6uYaWvIbe$yaBo
z52z)}P~0P?DboC`*^%sus9;Tsf7c&=##RJ~e5NRzzgO?Zk*J1#W6fNUSn(eKTH%UR
z4~@1-2+<%u@K}~}=V=GjkPb$9%vVuwk1RQB@LrOdr0X<QcLOOvMg>N~tBno|83&SS
zN%Q5-ment-QBA|wAXp%&(SC4IJzjwDoSF?eHZjrP5^em`S;+PBp4r`86PW<|oS0f$
z9s??f%<&t8mE7AmYL0nb159tT7~qDB^hNfwQUSH3E1n3R^KQD}4Y>B3&R2@zV(zr`
z_cSt-UE2ZMtnt%p&^8WQKX{^3%YydORA*6&hXzOp-sgJB@l8e{d^FX`C(?{`YO#ZB
z39A{A)O_oCC89#(5f}GsAhmwzp}l;K(~L<qej{GeSU-Bkxe!+#-{G}!V}Yo2NYZi3
z>Wa0t;D=qV{@k|w`_z+sYwjnYtI+;Kz1DjbkW--Eht^bn$ek_Dz@oT;_-qI3F-BIv
zl3R4E(m}t1+MMrx_E$9SOBf}n{j}RuS(hajnv3!x7+5&2Q087QvM)-%B?RigQie(u
zZl7IVnRSYF|0+UQU=&OU-M$dwzN~jj0Ou(eC~0Wi?>q4%PufVT_ZfUENP3rSp+UPd
z5BT(Y2l)N1%=<Y|jayo*TmRQ@O|IR@nuAn{{|L|R7|=UbWHhy~;+-jDG>^E1j_nwi
z?-JbC!D$lA{?Q!ymSdA-`MX;OA4YmhaJsafq_E*ec4cX@m;yz($!{dSHFO4_w-3cu
z$IwOcckbFgI#*{%>{FR<ab=1v`&{dX=5fJPu$1oG5PLRYz{Ri{%NrWnP3?breWyNm
zODfdI?cgt27t8rfkE&KQtI~X~Vv+((bM_V6Nq%!(_1@?EevfZfj#aCCcYQ90_%w<S
zdHZ*p*C~CAw4z_~mq9$?^d2&Zfg5dUFXPZm*U=hwDfXS#Ney{K#!xKmRnkzQh~D%d
zv@0Uw1rk><YZ^{xro+?HK7KM6Sq+u1xi0y&Wf$R(-Et0E=c~KM3HCjxH%&fy28i5?
z<&2CIF~C0JckYghwG6~2e(_@|DQvo+UxiK#S{qv1Gh6OncyJ^2su?<`YLiaJAKydT
zeP4Z5L#tSgz|rN(`(T4WQ}jX&Rd+l+VKSHuNehe&{Umuj@gj}PQYf@v>(MZ^h6a8x
zf!GqtoM+9Z=xXiIE)cSER`aqGwz@8{GxN=HS&wu*;EMw5T8yY}7tWKR=MI{t&t#Od
zH~3if1pKb?rIG!uqrb6C*Rikp-0+*1p+LG~A|ifKFnB23s7Gc5FE#sVL{d^@O~3Op
zX8<asHH#hIRpaGqJ=404?17ZZiMWrpLUz+f5Cz@ar}v6*8m!2*CA_7X9Q3t@nX&NA
zH4P7U3B+4*#|+P2MoUS!O-mD19~Q|n>e}8!_B`=vMwsvaB<r&H^@`0&2ex2)x(ZvG
zqt+^2&laL(@-uB`ia;^g?+T6;AZCW2^r-!WxnP#6_#8j<otM6?Zb&9Uf5&I)w9ejA
zb|I%fkhEQDg|t2}M-ph>RO7vrmppUDULZE!6~g|pHVY>-`y9^Le+|5Y8Sd=QQ=u(<
zX`Ew9cZ(F}iS)6QejfEX`Q!P;yQOgP#BULZ9p+6Qu)K0hv^xGQpY^~9Jq>F0$vu(8
zhSR-XFQ=T;@LC=&ixKUt$Z*fdgXS~0-+P6@)<yB)M(^gDziYQlu|L+IrLcmx7y*4d
zBh|OIU9Bi}j}ZCO2P~zv{`o))VJ0G-p4lyxv|Hu)0wBr#j3(#`vg=?EDTT0&|H+FU
zFd&aoENPthFaD)^{-?4Sh;GP{E)0r@RQ_?v_(xm+v5n+T{6oU3v&HaNEy2Hzy|)LX
z4%*2d6#jG-`nMDQ|Ke>&Ri!*HUw#xE@ShdaDqRKXX8rp1bhjFgI^O>1;!z9P`3TBB
z;m9K%vLnC=LBNCbC)u4P0@B@o_R`R2SyQoG`EWP?Hl%>qusbygh#xFn=n^u!E2m1=
z5G;)($@x7ztqtvW4Eu1@4);A2OAYumgmU-BUsoSD{f5Y2jnMx6m(V}QfRpNv!pXNL
zw<p+Kh$DVGHhdjgR}a?CH|XL?umZ`Z@kwE0>(?l_4M$+|)$t#}dr#!c>i@d9BhNB7
ziZ#xzKbLys`OmR{6;D2^rShnXiVCX(jz@wHsmj{_8ts3E_ai#?$JI9kiB?bW{!6^|
zJ`K=zc=3t<v0eI;RR8k|@JoQrkXZ$j^1o8?e;@Y(4xL@S{O{AX`QO<frT2Bq-z_Tt
z`Ev@S@uxTa{+H7cyarN^{!~Ol|9uss)c0O#q+u!k_vy5O3PPj*PhSe1X@-xF5BKTQ
z_XjpMC<WPN>*$j-Xu!l*M|JgZiwFon7>@SLB}vA;kx3;bopzWF1d^<}e;GmkH94RB
zaY%5URN-%pWcd!}-&s5(b#Qda1^h-h`&GZ!iIEbD@YXFlTWcyMsWMJsjRqedM@K{`
ze809)N%!HoU}(Mx-!z8}>wGw$ujg5K+aXu#nc7dReR+8;zp!N{DI?XmTF3cZHbShP
zE^TyF-hJoTey5Rgsg#g4gNB#a?+v&?7!v%=LI0|MAUlHm%S7)omi(=^SH8Ej4p+xg
z`as;XpsYBP>&?SMxxzTmE3&1?Dz|}HqS<2IV!Gzb`P;GJTlPQ%+l{xRM7^ZP`F`aF
zGo9@a5Ir)(LGP<+{=Ljd@6*TJOddbL2Zt$BG!jh9ACsJ#AOIK?{-Uw;U1@MW5RQnz
zj*gEOMr2ElH8*=G$jV|ipY9lG!gmvqr`+h#>g%;wdS?}O{WQEaIrsBo*d2>>DyfE&
zp?uAV>A5PS83$$&ZMyJ6C@Lme#v-rBs1t%O`xres(%bv=sQ1zKQ3Qv(>mEn{;2=XJ
z?E70!k#DzVv$$yV;4mDVXS9@@{_ba6vIMIj1*^S?r0LdONU73BwPo~>PuM3r%c%^`
zA^5=~E(eNO=R>&E``8=NbrQhtvE;4iP>rwWA5qGm*DzF$D(1cMd~!Drk1^TlZ}@6;
z?(1}Cbr*a)ta?wqU>%+grq*XdScoBgM*|?C1cB%$npvfwxZoQ|m4Exi@I0HF-W1n|
z`SQh?0I>Z`cK8P7B~(O;RcZVX2W=h4Ip8}^5)CO=bA|Rx@tK~0oIH-f`kxZc(KUVa
zuPpbuh+1P0wk}zHavM$?;z(ayJkY7L^UYAFpUrTq<k0}IWOQn7g{SsBzfl>^w{?H@
zL+|@$y<Z<~ALpj^WoAzmFf;R`ER&z*W@X94-Yl4HP^Vc8t#f`66E5@bbxUM3q+*1b
zuVYNJh^}Y9larH+G{y`2vG0A$wZr_E)a&l)Zo_-bF-ZZ^ZHU%QZBj}QxIK&tCw9ow
zZ6-{5h0w_cM$CsMmQ@7>H4ruMbm`VhR_Nh*t|Z>;nD@~ggsG@<A-RN81!J>kKBM>j
z9w~^MJtpD$5Ko%)HUe0tw(jhcfL__iGgc=nU9Q(h6B<>XU6NBMR|?njOVkQI=hl6N
z!l;rmGTHu8aTAl<%+lEeM#MG7gGZG^X=x{0v(?-6rl~n?ZTD2HZhkVc)cN>0A^MYS
zE4t~!BrBZ}34wA7Ft%dlo0*f%?G&t>@$-FdX;wTO9O+WTsz?DC^aUp>%6#rT1-Jhu
zclh$#c}2a@6PxFMdjaG>&T+rF<-JmISS29hoZ+;RUHVj^QOId|zInP1S;{*H29B!v
zDvt7=(8JSQG^@~;vrYE{Fvm{A`O-;l6nmbKG4FHVpNf@<Cwsve$p>3O*Q|6-VVzrx
z17{pT*Ubknse9wVTU*CI@ED)+kIw!G_;6!^CvK83|Lv*p^;T<I`OKjzUM{<LecI3i
z{YukAUCn9}#sz-Ymm(FT)a_e{Q7QHgwNhK?c#iF1s;8~dM59tpq$h;ZYVI7;Y;NM6
ze4GGX7CW7+vu{|!%J=D?vyI?JFT+v2X$sl^spk!^3mq&SLG^dKK56?f4ZIfiIX=_Y
ztiD!ry4{V5dshw2mcW}Q!6hnDJar^)&dqQH?%C`2g9ElxaC$GHzt{h}9buIEmwZ%H
zJW4;a>F`eMsi_!SwZ*i&PX$})+gB7E;&^iP?o$mm6%N^wlX?30t6QL&&iIUmNF1+u
zl0Chewr3>dCXUjDwsxkJHLoYop!&rZQXn3&7<x6uv;UjF)P9CS18Zh`U*I$9?U(3g
zeO7NQhz5_MZif2-)rL=Me6;v3;?hrs|Du3`NiN3nO3K7n^#}S5RIoekTYT1_RpHx#
zd<NXl<xfqiq}?r$S<U3rR>DYf9g8G($Mf&s8C><pGG+!59hYL`Wlwjq*{G+%s(od)
zOD8gK6orUiO1z~5xt(r+AE;;q^9J}IQ1aa3y(TyBh8-%Rc=s862~RlB#tQq?^!aO0
zfoO+1Q2|Q*A(zYEcU>Bz@*~qu@Pj<Un@9<C-y3+oP9r{Gq*Exe9k!I%*BPjetemf`
zu+C!-{meypCI?!00&ccJDd((f>YT0iz@j`te<#*Hc*D`i|89H&qm}IS_ruxBxRsT#
z0$78AKbl)Zc_^5w?}9caP0ZXp_ImAl@I~+vQYO@ae=w0V)Zmi4@}f=PdS~u150@Xb
zI~l0DKi>~yA9-(&gnT=)=yq@VgAdkC?^_)52=%}h28SBVOhUqW8lN+=i&ZiiCE+wd
z_^cM;vH1KxF)OAlc-fP><rcOWuO4F?-Hu$fxPX_ME?Oc4M$AtRu1jE7-iIf{yqg{^
z(jQUZB2l$Hh`;yjtyEhP<&2eNW>jAv?YE4Sfw<^ss}Cwy-!`}d&O9G^dIkvuf4mo=
zzwjmW$Gf~VSWoq?KB{J5-wF!}<2$3VCzuxG-c8<bKX7Q$Dvja2L&hIYxli)RPrp5*
zOCB}GB~nC6t<67}po>p~jZ&fEO}5f(BuX;E3Qr3<F%Z07*b<<b*ID!U$;Yp~3lAM5
zd3kwXK4si8(m7nDe<E&<zB~2oi|5;?pXMIY*2HPQCz>oo_tB}lcb}h-PFHg<4UREc
ztfVzhbry%?6W9aW+VOx5lWZ;3Vm%S0Ou%h_{sFF%l-AF5-~)aAoL&F*!%TO|XhxS>
zo}(uVCfnH(#ti%`wc;9l(^cRGEV%V)vxnVQuY%dvl7Vdbt0t%2n)v(D=09q!kUXw-
zAtJDigC&m8`qgO;wje|BRGumZdD&*bF1yW-azkp|IkAiHEZ%F~Y4tT*Y4mIRjF@D<
zE?KCj&%-(SHg6mBj<3FRZ6|y`#KrPd<?{a$&thnJ30l$CtIYWoGVy-P`%Hw^hs<*^
zdDK8Q7Mj+<9$Z9!WSmks?T`|)s&>ogn)c6#=^;zE@gOC|tW|Cf3n(Rzn1+8Ve2elt
zqj#FfJM6Q}ELrZgv8b@<j`lkV0Xh{$!?QlW6XRNc+etaP=tdORjc~Y+;QI-xGS6jC
z4wvN&JAI6$2E5+tB;oA_@zX?aT*i!Ye5Fq7YbH5Cn_h~R7Cr;|3k8&7aQ*0t2XV1^
zB>motss;(k3POZ3-;f_AO2XR8x|G50y2?{Ltx#5tl3QVe{Q&#hiEXZG%XIo(`BMg(
zoHXUCxnG|X?pN=#N2$12JZsp9jGRyRddr~Gf+ILv<F8KK5r9dCQjrn$vmdM$=-e|8
zC(31VNqz(-mAB(j{3fAVtb0H3dDXzkh#aw&MOyQ!819>si0C3z;*A{(L}AY?qC6&C
z`q_TV+F|Z7&d-w`Zyk+O#m$&=n!=va5{0IYyJsD^bH5*az1WXe-~y8<u5*g|cQu%(
zT~EuuD|Lrheiv_oj8ZCswUb$8s4jMgv}(7(f&|(_+CyNUIh69cH5tGpYcxw=sJux!
zE{x<=l@_~rms^D-1Ov@$2(uR|5?Q1oYQ|41Vz^yP^_76|U?_+X5q&(C+0$@COG{|H
zFx7<zNmM!Dr_HQKQ133S9jC39Ndy4<X@|cQLArg1=xC)D0n@E^zoogQ3_P}<BP7<S
zVlrSQ`I26(1Wn|_O#h+1RW{lH`Fhl9T59T-SWy{%1x*+9_VvL9{%kdJEteZQWLbs1
zkB4y#pO`Ymegx*xbe(fr+^Aa^N)O(*57dqv3S@;FVv#vIaqlEo7FN<oy1)7kwlN6>
zqcw;*4oHyldo#3LoX)kw{%wuWLykrLSwx}sK5l~+96~@T*9KIWz71s+lzcv<67x*a
zEOdQ%$tPF|h{@kiTX{uj7trdBm9J8FrlB|R4yT+|m+@W4odg8Oy+Mt$so%XeHi3Bc
zbu~YJlbZ>`BIUykU@cUGq?CMVZxKIOVAdYch<k6l$)g!+-fU6fj4fxNQC&gBPpQ-a
zF6D^Qv4ke=-a43}QmVm^hP0M*opwd8QUtl;Ck+F`S<jMi3wQ<kk8&8bmOCyU{o<O*
zE6Zf>JWpv2DzvzqP!wB(9tH`lN80xbHqR2OIj>$1F0|ScW*a6}wmk96!5}^5YYMi+
zDZM?s4P=Pz4oEy#LW;els}9&00yle;<dIoU=OHQNvg%^8xNuRszg3^$ckr~bPE&+U
zX}1PCUcn{fzSQnO{B$B(gBea4#zMje30vVmew4L(1U5V}EEDQW5|)8+V*K+cwmm@X
zKNzIz^EQ?g@<?9V4c?899Mw$cbl_;GRDSEz!C6KDK%wU}606q?wS$r3du>?PNRnu8
z>KosHo1QxFBXk(ZrfQs|zRsTn$S2c`+o93@q|TJ}6+<A)V`dsfH5v~3Js-o#-aThi
z!{GPW{r*uOcfAfs$aKAvTRVWkTD;y%Vxou?C=?f{i(Soz61_&_n5y+S)a|n9ql|ma
zpk$XmH4ukX9HApaWcT%5;W9`qu=&b7jFa|w=&b{Laiz|5X^34hd&vY2na6J2&P<CV
z^%KHTxsYZ*v2fIb4>B0HQMnnyx6%n5NLN(BFD(`8UzBH?KLOk#KbDXP`A0Ia^G#Nz
z&6)+4vSbS!@Wp-)zAoCH&>J4yF2nTGRCrqRQkxt8QgbV=L_Pn~b0CIMC(07+7DA=l
zqRmP39fLz0JFjbY+-y0QbAOx#C7)rnSP>DL<c)odOcg?MA7f`4Z<l^z_6QflOH5ce
zCmg)Jo__3g#Pn|i5dYB)*(7Fd<vC+~Y)HiC4DtzZXUPH=rG`U#Hp?|kk+hz%{#No$
zTkJSx=IiK;&38p<HY=0nZ%x+3mBR>ki<0G5R$gA~R*8!a?0#N($Bet2u+|@AS!S}p
zrNg3=z56<fgv{b{Mxm)!@}!dBmjnC#>+`NQb^Voj;}393O5=Vt=3n&MCSN~!jFHu6
z4=3}A)jcfCcbRTN`JqzD^#<t-m(j=N5W%=n8;KGl9LRsBg;OJkg9a6iEOLUW_JhVX
zw|s)k-W)W_fwk2dv9b(!aYN%7mK1rT!C~Qv*ZEI414S(DfPnoqGAy?EmRY=@livXH
zCIWQtzK}xJ8ae@JIZ^=cgJ<5``eR%9gfS$MPt+3Kd~u(nN2`h0&<0%W8eeuDr%!s*
zsfCp)muBxHg}CzBtWaE9O+I!l1%o3PP#Je_FM_G`ViOSxE98(CRbSuHTo*Z=6B;yD
zcy_v2TMIu{&{@>>YhLzYSwe`pj={V_Kbh0U6Y1o4c%oQjnEPXtX$Tt0^XpI|5n;sO
z^Vac7(fyipn8qz2_V~Ar?^YC<^QK@r^1^MnTiJ{@;q~)<E+obRmP6SkucVDNHxIXt
z0Rq&ct>b4=jq(jPk;|++3ZoOx=IvT`y+V46j7TP0dHaTDfgZP!20SkqQ;W4&0{9Lw
z9ylz;2#2*si`rPqd7CCr?C!3jGu1t0(P*{C_SgYTApO8>MFiSHjUNakGwq3@FO?`Z
zspV21qx5swnh?`h%WXH1&u)bdw5|`QJTe%&zk=8De2l>3TC6p>Xf}8AYld4C5hqFo
zdA3$$5oxO;x9h-v>_(Ems#POpYy(CBl?mg}RF1LK<;m!)a?EqBvz;F@A<7H6w=h9-
zXJL|3#~1e>od(3#b>c80iR{`bt(oEfiQ@j=+1ef~K0!8FC|(NDT5T+gX<OQ=k(FXO
z+dsn`UYC84=m^_yI#d^!Mz$vX`9#~X0eOg5=VU@ti^-Aif1an}6;cg_X@~4G71Ljl
z;=ev4{{8e*yZ%Irde#5=uHT#NO!z(ezL`?FI+6d_L;n2nP2_>P#PI7QZN`6}f`9GJ
zM*PS{6sE0w%lQA>hvH-FQO;l<RfSplBBQjSLWHVC_J(YwQj)1**me&6NLSGH`?D2q
zk;HI%W0<K&69*k4i6Hhl$D1pAR*}*&-ciyCt{JA`2S;aBw5mRjS|PVO&-phdq^)Sx
zy8aoECfNtcyyyf;Sxb7?0#g-kFPrA5pIo2rA)W0^`hU0qZ3sNc%F5cJu69eCPOygL
zu(DW=KTl+_pz;3B8xrc@*(sbfFc=i_tUJtC;#qflU*3e>A;N3yf#qewK<PQ3!zzx9
z3ccDF0uZ>xd46&+lXsiAFIRed{Oy{b@3+L*hb{+;)wvobCv4{P&!>yD9}>LL`NHio
z8FSbRW1h>iavv|$6L`*PMYATne%L*flo3NpilR4pv|MMUL0abw7p*blZ06YwSW1Wg
za2MK?B}o^pE_fQcgdI-CZ!Zp;JoQ1`T<Kp7TYuvYCnDx`9?V*FFox^h{2bA{F-?2F
zRHplsEbZPV;#w+BmbUdxItCy|EmdYXg8_^3FNEKtr{(mDwDs+0J5vP$AmuW-6vSrZ
z+)E^~zu|-)@~s6j71bBd%MOcvpO%l)c{Cm#ZUBVHc?%zqDErWkZ0F?U^tgzPQR}_9
z9k<zd9roucOY~>_Wa!*%wmALuLUg@Zf(~YkKI5?k)nC%0<z_V}_9XG>+E!2;yMiBD
zLg8BDT#<6EE&2vcR6KIMPd$fa6MIG_8da16$q(gZyk;n61WG@Rrh9ScsbqdBk;wWs
zUe8r+u`_JEF1!50e;H;hB`<M+VXS~Xl*SIK>N%{B_4UQH1lBGf?-G!;W+dLl?+Ep7
zbx9x7!uZu%w|Eh~&HSrvS?FP3G?a*<2KrtG78A4wb*Aq1S3QzRs->Z1t#9$#lojuY
z(}f?;nCSl%WdiW(BNGzA>NAN_oaKvVpSB8>rH*2)THnR#2`oOJ+Y0$~Pd5%1M3X&!
zQkcZD8NoH1tE>C>YRV_>ANHTzU))D;yx3!<4WCcwV@)W^>0UWFc!-J$3XuyobO1XE
z(f6M`IOz`^cdGQKOCDtKMjLt>$7&PH`I41YMaChD#b{qbaMxQ?v!Rc5`!lhRq|iYk
zt$J%V8_jy|JBBm<7#T(>Ny!W&wm?OA3m@N#|JcllPy2SIX>myhMsd<cHzS^~As205
z#f7lReA*OyR$TkyF(saHzEAdUjm;F#k|bQtNo$U;LLQ%9Q`j?3CYc9iTwbGCDHnfj
zIA(55^<9Q{e&pq)>ti!K3X()CFHf(r`&19{8MKWYLS=!AV0rWA&C20aq1p$tmoGTI
z`&gSyAtgsg`V7RJ78aDbUwY4ctoF!%*52NGup*_``YwC<Iy5QT-~ZpXgHIm=Bc=Jb
zdTvcCFy*x8l{j3t9ydJsA~^Qi-$~M;-obcGMvghxa(1wEd8c}}foFQJlQ+;WhQA13
z(jgzGs|!o<TH)%r?3H|rmBvq(UoTG&7BSH9-aLo{fqldINNML=9<@Ng>gl|rLBjme
z_#iM6H@WvSl_)6F`GnkePQ<<b!0AH*kZxP-KDR!?1zkm_HV58qJ_ThS&ONUK@+)th
zPic;!pP)~!?4Eu&oYyc)<MHCs?(psnh%Fo=7kmFcN_6F>IsSP(s|#N;kDDYhy%#Rs
z8U|SQITmYynqQsi$gj>m8k&%sO_27J%`uWFZJqVYk@#!MwKf7G^L+Cy+1pq<CEa7V
z#icpiM`TL!iZ(*~wpK(9PO8Ht6u8pze!3($4%Fcy728hx!9%S>Oa_jVnaXkQ@ZI0#
zOwKY}>8&-?N8Z;Jli6elfAeMl)={TGuHV<MvNi2ayy3|!6vADQt2sq?bUF6y(q>z6
z;gUf+?`gxf4<>8Gp^~!E!8}|`jcxy%hmFZXnn0K9C~ofiCwmYq)nbkN9vAx%om4LK
z*O$1AXntRwJhK^cSd|LI!lQ$<o;J;rOOCWAB5JF>hVz=7o}hM@r=eAD4iTWeTNns@
zcFW^&KFM!;jPsnywQTQ1ZhZu1LdB7eEG1adyX-!#>dxmCgn!?s$|0&qqg=aErxo+H
z%OUnit+ux$z}$#@@E}8up;x_US`^Td)OzKdY6lq(Io7IDXR;gF#caGdV0A;voxEK!
zIbLmB?huqX2dRa{7@?xsCj0{u1=>0nX5-N{6nc%nt!?bjH4I!ajY@T)t#^?P=~RlL
zxp@Tc9h)7;SjA>b#eACG;^Q>f(gOr4z9f0~qEtX~2ik8pq7<H<%VOyZEFvr)Xqq{o
z#qE!0O9eW(f7nG6DAsIyQFX%zKD)oiZ}->&l9ywdG47-z=$|rId)P*)JetZITpK@*
z!{7g%s@1;TUT#(Iw%yN8)pD%W{Vb6q$8khHo$`tptUC(lZzmvDlQ)0k$FR8?zG0BJ
zmKPx>>iLA#a{A*gyKTEy6-%`R_Twpq8G7|mB_p*J@Zu7<&KHuea(~WQT>bwr_LpH*
zZSDU)EJ#R+Al==i(zQsD?oKJ`Sd=u<-JwW_fHcw_($d{6CEc-D|B3Fc?(gq@j^la7
z3l<ZYF~+#gael6u1!_$qz#<D4qX*^2?0PG$Z<&0J%6GKwxMNjp<Yu~c=8SJmVzRi*
zFG!zN02Wic8SM^hlg!+XTWqPABFG}H9+Ffch>=jK1P0iFB<jq~EV(@`g~?LX+mI_{
ztRC7f+Pan4aFS<47UWBo+<E6Kej52|xfR^3p2m|9$+K<SZE6(P2n8W3$*sC9Zurx7
z|3=vOt|UxS2K5r}TsP|l27x7u>!rza*A*;mrBS(b0Yv#j_za%%ygRYVX$ApkPDZ+*
z3rUH73whdHEVUFK`x;y`Q}%Pc<%_-kq~zl*ZeFdY>caG(h#>4RoM2p`O;$bMD#APT
z<JA^K)yg&Q7hSfJ9+Q$bA3t=IjzclS8)lP~bEOjF<&F~nJJwLoyq8w5oK_tE@GvOq
z5o4~S01pqmQl-N}Z0xro*SOK-xmawnqD{W#HD%OI0mNXcT}~^kL}AD&s6-cCdRR(k
za%0=9oGi@LPJ!@fZQn1mV?^o$GM|E?7Pre|$48F?;lpr5sa2F-;V|pM;Iimp-5Afr
z15_qn&RiPD?mF(N^etUf@@<!igv63)C)7RDxat=;E3@vF(|s=Qs85S4Qc>b^fK3yh
zT&5==zFe?eEgZT>joXU=tR(euSz2480z;E<PTqJwblM%qaZ>Q6KT0Avxm$jHNqPQw
z@Mia+pMoTf_;UomANd3F8+aEW_$WdEoJG6S(o^o+xGv*s8U2TwwODS}1c<*Kn04X}
z%W$-{sAd=J?Z^VUhO?Qh;^M)T;`|Vi)`iqNEi*AZBVBcJqZczuiZ_*fzI&H*eOfbe
zvEP<SDUtcw?^@xrisZ8m-&MqDf7=<@^GH@mz1flulpwGCTx0*L`V-XJT%X+5c4Qv$
z^7g}1iE;0{QWTtY@6U01#=|Z&vL@SD1csyG5i2dh4(|q%VF!Zp4xV}{_AMc{$p06q
z<=i7R{Iwcm`-oL<uGwJ}KLW}r==Fu9QL4Wl1+aSjy`&XN_bG}c!W%|?iF)-Y>tG?M
z;DspxUD=zVRKHKpPZmxY%PZwe+PCre11Pj@FL^LI&Al79^P+;o$LZ;E$PyR|uI%Fx
zH~Vc+mh#h8=v+_^zmeWR{e3>k8eFws+3mNBufP&EJ26IEa)pdK#q_|Cf^Ufw8fPd%
zaYi)4=vO%*)70c##+ds0q~!@W`Mx+t$bk+-#j>Y{zU!zAj<K;tfuIdnpFTGF9x7lp
ziK)$sS|3j+0P|}7TApgy3%GWvG>pvR+~?u}y88JGQd!jycJ)e$q?(b@8->~oh6GEG
z)FMaYUP|(S_c_9l>s3vP4MF54BC2LuIdOct-VgTPS;9DibWbqpdx>WeJ4QDc$#bl=
zgFD}x4zFYj>A_M}N3yOl44jqP1Mdd~m#SmdZE9OXrJXe9nsbZ?Zr`e_pXe9k>$Z&V
zhtFT%m^ad$-<IpEqcv5!<qGtLAKfr0K24`kmm7PdR|0iH>mmkA)4G13tI{DlM*OQZ
zXuW0Sfg8(T(Pl%-)&aTQ;sr(!6)Uq5cZSCYPm*T}ePWl?WMlaV`y8Kjdv&$Q{CS<e
z?PC1^S$|kka$R`KT{Vg!seo_BWO0UMM<CFTGuKGs(cUE5W@+xbQ71nUYyKWHuf$|(
zaVfdUJB>U?NqPcl&_I$3W1=Gl$8ABRL=?&HXDP`My4@0%l3JWXFjNwM;0&bMO%nwr
z3X<hz(y1p(lC6IfLCEQwwow15urz*ZRLvTaNlw1}eV^q!J|U}T;ytOW^fqOvHR3hO
z6fzmDm78?a8pagI+6oq1`U3cgF~XZKcJK08q``R1z3U-QLNPv+>ePkquU@?dkYDG#
zJja?e8tLab9jKN?oTHv$E-A($eb6UXvk;bFXI+`68hGv2cNi0Rup}ofaMJ5|i9H8r
zR8Isbnw|`^g1&Se417#30I_$rYph?VH$$mo^aw_=9vWq41Ypg*TYq*(n4dnx%}n~@
z_x*260`o-*?00>(Y>B#$iF<)6NFaz=tWQwG4w)<UVHr?v#$%O}y##-LG@s?IYn~p@
zR+rx!zch~?$LDQ1zsoPcKP=)hm_Z<UL}od54+BZXg;V)<Enj<{vTmZ|vg%^u*w^hM
z1kBoH1g4{P5*Wwm%!iq6)=A-#@_W!ZTdI|^r21Om{Rmqpaf74lb**$8b(=6oqe%N&
zVPPWc)mIqUqC-5n&NT(yxV;r?P5T!Hs@}su74r}Pee||tO=brL?-w5Qv8WzDp<IiV
zrezL!DW!eS{v5Y?t<CA#z{S)Tm&n*0`%sBU5^RTF^JG}~+_)UAs?Vb=#$AwYhA(BJ
z$anwn#NY=;>wD#%o23+0$w#??=-8$u-puThF1+-LMg_SW+f+y6g9+Y|ZR4-j)4Vw#
ztO=IVH*_qm6Tt2PX!5Jc=PWy7J<QO`l&1p3M5-;hN6b|Mlr>z>)ZUSn5Z~e4@s%?k
zyC`CNsxL!7aC+G;j?neqU3wZYfg$os(AdiadP?WgrAG49QET(g02li`v)DE~CZ*%9
z5$a{)-^12&1dTx!m9p`groJpThP3SpdJIb{-}Zwai%k+@thrDB#fd3X;ncE8y={D_
z4<oR2z=*odZ^;LbZi&5pc!lRCnaROJq$2iNuNvvio^j(lA@d*O`hfGJqxlT(fg%9_
z6xlVILGC*ljaY2qSr1%X8z`d#-p{}G26kUwg=A(3vqyQ1G}^BGLW&!iugauigD2fX
zhh^Ga)L8WqN@Fq6V5JKHo*49pC%Vj!<xz0s)J+nGQ43n^ptqN+4EH~!qu_$)e4ZG$
zMI!5wCzImi5i1_ezQ*p@XfVhW{sck`S7S}dGFIyuu#w8^iLkTQcu?A$LWNaNvsFbd
z2^23XN%M)5F~sZ{>2IqalL*jsVdtv9XdXX~DO?)ma0@)hAoPAgl%8$~chN91a`>2q
zR04b(PvcuTe<Isf8Q%<InkYWM#dK6m=kO%>_JN0Z^0fjZ@^f5&%MMa86v!wxBe4>2
zEoGIZ`iv^ij`7Otd^j^G#4|p*ZWset@@AABRr(@3-kY+dQ0C~#KUA_47vwEW*a!*@
zY^J23=t!5h;98)K_(Bsw5c<G9DxH61AyNk_9YU93m=}G%Dn7kE_9l1Cv}Uwl{R{3D
z)$j4~@FgajVyr{`cR1Y2=okeya)^&ejzLNXwa+UmT&*=vd&L#Md2ec518K=PMGUDC
z2mDESF8dvJycb}qK|Y(JFJQrtFwroVdw6-`Z>VAzdME?l=;P4%Vw1`;TLjEYy<O;4
zw^mGgNfA0e0K8=T7hc|)I7Z}>MkzNZ!|1O(7gvJD%x!&}aq!<QDtYiBRr3Vrk$T5Y
zr5J`*7ag+I(Q0%1LShB|QJ$A{`?;iu@Zzi3Dw`##D{(Cph`gm?*v<YJ?$pHo!vYO-
z@m=cv8Wr@7q%}%)P%&h#MxAxVqQU$N4IM^89xFzJb4brF4Bllh1&n^}Tco6~1sM$>
zdh2%{SDETjHinCko%G2z=I}td3WM$E@0HyMSQIB^h{nbrg7;_&9bYb`=PPs~7E=-i
z^zn<oU#d9sM&JQfn*@U3p&DV6mx$}0B591u&F{$)bF=%6KjhJ!pMrzLwyzR*y%isL
zP0tGUc`q-M<8j$zdT?66HBOb5(mh9-yYy}`gEi&J@~S&pU|@T4eY#J-lZ&nu7=AZ8
zOlh!`ju>G0YIEDYZANm9SGGHrZX=4<0f9#D19El{deHe+ti1Q>b8|>n#0Oq4b%S9s
zH;ife%7;Z-O)o8)4WY{I^?3ZHR9!V1jaC6OPTz757^DiJw#39={w!8(1>X^Qsaj^P
zo$S(MJt%nevO!KLjA4Lq%w_2lkIACm;^DD4>|o(tcOTh8!Kf4c!fs<Ob@;2R`l$V5
zsYy!6P5gY3`5jZ;qTI_c^Ie>Q%pv!O?-EmDe^XH<Q%_G1a)c=#n%x>^!xFEG3~vEz
zWQ16hpgNT1IOfFpg7ggd{^{99BWZ4iuQji?f=3Kzo>v^laVYBd#HylBxkY&2>C`wT
z-JONkgCM-?=k#_ntb~(c_D^SX8{Tdkr0AJ@Xs#ORL^5}?zodUcG;reObK(=x?UTF-
zOnY;qICcDswT-&_^R8q#0{nU_VWghD;Xw4-;Z*PpM*M_^3yeH2Ayq^5fx|0_MTcxs
z8hv|Q9QUEmY{oeB#V47-dT!Y)<qMZ(p5`3GzX^@tyD2Tn$rg-77a|y~<U-m0#M-U{
z^78Ko+FJx3Pjz)}PQCTt$U5s-&lFOzrYvb8Y%;{E>S?*m&f-W(9ZPh))cDAuokPl<
z0jd;p(b9qqWvaYZtG5~vvVnU#jM<X}N`HSXx?87BdFo4xC^zQn4@08)_g19LeVxe-
zLkhilbQ@u_TPdczq<65avoDsxQ?N96vmc=zU69wi+nTcZjw9QLf~dRe?&-o@a^noS
z^+~Jga`G6q+5UEN`lM+PjXmLeA5GY!q1AVHMc5FYZ<F6QPJa{F){pW&%)Pc=q$kAB
zf6wv1zw09fE5|Tq|NQqX@<$LbfVJg^QHx!=Wcf~L{0D9QE|jYPo~tGuI`%(^Z7ZR?
zPr^D^bJ!KapThe0uMlDe4m%P1JT7vQhgl)x!Eka-b#T*_b-`F7znmNonSQf}khW3p
zPn4UlN&S5%uV?;iVgQmcJB-8HQ0?G+Z6uojh-GlFD@o`N+%;UVvus&g+=a4)lb)E<
zRL2(@{`sSQ)*f-Y<FIh{*48c_ocb(YuI1y}5RR7yNkzZle|z{OHa0dqZq`v|x2)Q7
zj3AlA995Qp0}Dh(+SMguXqY9tVWRp8$*8+E2Wf5Dc-*|!1=?JKZ*isBSIYRxl$MLZ
z_aC%t%3TAzN2?<_p?|qOx8H7aP*=C`cykE7!NtaJ-gSO?tK6vm#KM_q#7p|jR_B6}
zy_3^+u3TAG`P(OZv72u=DFgCu*i4TogU|v}E|1slId9d!oR>-C7w4^g=*BZqDvx)H
zvWu3==j0ElT_Ws)eo^*FtP;ThSYZcBtp0>Ezat}%-%+|JtY?Rtu!je1%FQn8_H(+8
zDeB7C689uC*Xw>>oA*9^K;bOTK+RRF*QCX<6#xxP;kCY8FpCaG|Lb;*mPLBc0poRf
z_rUB@?V*YnSky?xkk<PdNg`7UYY|CgZPfn;yS|A74~Z2$J|)D6T52X#D|K32NnYg?
z$LkMND+M5zy=~Ju$`Y1!b06jAGY<@jb7o9PNK1Px+1nc(>OC1sIcr<swMisrcE-t9
zsme8mv8Sx7$tk5VTuA0<w)EIyB0tj-n?A>}M6Niw-a)fYxz_IWrPmCmO02u6ri$3f
z<^amxk$aAbK}JV%?k6a71gHSx;KCi3VC7=V+rDX=e(X)_yN;k7X~V+!C9?7a#Czs#
zoK(Xn%u?xVJKHEuU(kED$LAuVrA2UhKxhh%kpDCE%8)fYwR<+ziXIf@Z^>2CQJ7Tf
zpVbIHqBvw!CIDXShq!shME?Ewvp~`zKg?`EGa3-zG($u7BhlsS@Nv0m-xqL~4JA_t
zfzzoA3(A34Jqe4nqpXdszMuD781B2`CvW?-Yx<&q`vd;13cKhoLh3^$W#tJfE=kdE
zaj{I=7i(*4<Qb~bl7id*nBMfMqmxQd#tHe2`pmPFjY4%HWXYGo^Os+01S1F=_8_zq
zwjt?`3zNmkcd8xTv*$4Z6&fQHs||*$>-5oqp4xeG%sr|7<DG((J4tWpBS573`loCm
z@8D5zB{fm20lZiq78Z8t9$+-B(WCnDWt9MlVB%%8<=deW-IbLN4Q}vwV^XjVw7W~t
z*YgHl$UsQ>$hP~8kSpTjQ1|b_=E2jR>ia$K>rgiOzN8Wz43HxLib@+|fR#rUVW#Qe
zOyvjtjtR>tr>UZu5O+*OMsE$~_;n@f(6Fnf)9j12*P<C7GZkeAt-@OiO@vqsI*(ZN
zn_)>k`7xE0lnj>LApzL44~un9MQx6bvCCepaw&4qyBL8WaLH@vl_@19hpU|^(-oey
z-=H>`pLZuKmvpo^Zoh3PJCyvxY{}GL#gdag_T5kA3xo8I<#llU2=Xw~BoqL{!LgfD
z4K9U+ywh~p?C6cl`&vFKu_6*M9C7QAuh~SvFD`yLxX^-D5zV;YXlv^G^v;KtT>YD!
zfMpz!H^*My^Mq^t60bh}insO}#|s`Sfj3kvj}w<Kr|Yc|b$!j_pnfH#L$AAvW>%+L
z8bRTN9GHnkI`BhB8xffL_1<+yw8&M5BUpKOe?!*X<o`le2<_Bec6Vgh^Nq`q6N9Lp
zGuDK{z^LNA>;h6^QD1U2{o8M8T>5l9Dw_ak4YzjRNw0Z}6pqKQaek#l08Ex%A)cD3
zw<CSB6{elw0cQwr@O+cRp&~&`0)v`Z%>}taogutk*JgP0P4iE*N^^1i4{l!F80zd#
zT4|u}U&fNVQ8@7^0J2AaLD$|-e?!;qq{1R9X_dcrLmMB%F<s~2oSyn?aaam1EjDF{
z3%yuTbN~KLb3tIETZkQ-F&@{Oy=IVvetnO+qC2}&z2YK)MHSg1+kG=Q(~q2o1Kv3U
z_Q&qpLs#&o@3Zu9U$zuhS)BE~mX{gu^m%qOEV}jaba@grB~Qjb!>91L<0O_|!<>_H
z!&O<TjBzM#*Ry1{5AMymEMwjYd7d*ZQsn{!mMm#0M`$mkHqX8cx-87?e%HwDaJIu?
zFSD5@;7&8>8Oh4Jb(j8CAb>HSJxMt6M6rN5Q0hGazJOuv){P}M?b$!fQ<zgpK`xyS
zeX4ZHXGgVAs27tOwWR+@b<B%FrUaU>lXrV6lE;6?4Sjl(HgDg(BK=gKRKFfB$0xo!
zi9h!3@@26~0mZO~4#%D{fwxlK_v%y3j-?i+dv<CzKdR!#{i6lTxNzJXyf>9Ve{%cE
z+-ji@xcCKuQ997Rs{a0d>9+|fg6@ygmQgqz4CNsqX634G&GB7JNFMm&CXKBJUy?3k
zW6rl(0b*Js^bau=;_#>*)Nh2d<hmtY?>v}enB9!ltBh73h}wms%pKm8!Zkn9y4<s(
zd&i1T%;6<%s7Y0GX87b)5pbtVxv1ZOi&c7KN9h;;T6HW}kr_<J$}pqv4U-7Iwe{Jj
z`84?6e7QO$B?Xp#wk}^%a&kzLno(S1$fdPA507C5CM(T}kTbcq^RCvpsSGyO$(2`2
z1vy)shdV#w^608<cm>!xMdmvUT5Yd$$Pl$-W74R^W5_&~t1#O}uC+VLnjXr;eW$fu
z-;=TG$FzL<MlSwRk)-bSdtZ*j$jF7l5mb+^oEi2Z83njT*oWaKNtO7Aq?Q0A^>q*8
zL-Jbd=+1MgvzUYeuLWK^oP=fc7}lmrvg*@zF-)cPp6Ajf$EhNsIb-$3MEbesyT~K^
z0E2VIi0+vv9Y7{Uh2oWDz_UEjKbC=lG1>Fg5!-9<v^sMuN7V{E+4T~-(p3`cek+L6
z8G`W)s+cwl^~~Qlm1hr`wObeOUI3B}Xw7kwsQ;|A%A?5oClDP+<Zd1aq1*vMr{Kee
za3>1b@3;b?6v;T#MfAfSUT%87#6rE)|A>X@g_90O^Zp@1`%}gvPA>fqhlc0;^a#|t
za0M`0#QVHJ`5Vd=wck6Z7R<&r#Y>=P2XS4zNKH9Le=VI`cg0$>VsBfl=K`uK<OZ~c
z&-NnQ;W>6rH81&iwdR**95yowzImu{Jn2#8CiZJkFy2K2Nwm}KMM*;%F=AqPlcbcQ
zr4q((-)5V5Rp0xGp;8LE8a{9CrlGWO?AEaT&!(sAP;j3eAKO3rqbM4024RBufW46>
zGmMC;_Y^i`QTCYN4yvQGGYsvzD24>a5Yi<@vw%F@r&Pa4CirSQnevL@qD5(8)Tv@w
zx5ZhOD7IaG6nHnPidapkr#5Ij9F$u@|NoNCWq@=l0J|l|HC52?-Ri{j<hnU9#FClR
zaxN*pD5UJ*-aTZ@-sSrK5u^Lgi-0vq!25PBQeNta(b~kxVhR(Z$MYy4qFEuDnOd=b
zQ#Fg`PP8QDlS$uMix=dyJ!0J?Ya9$IY#jQnAF#dqAq^l;S*rs|9jSmjvl3E>(2d#f
z%`htV(An1Y<|A_TuRpP;lqCKOmL%9wJXW5y|BF2n{}1*w)U)_US4`1QLb%rztB%OB
zuQV+Zu|jw?3uP4QbFd<E)4w|~Ai*P3jMOyJS_&Y<A4^RUcTNEm!immWc|;t<EStS9
zz2`E*ptikjZdP#f=F_`|h6W}3`dy2zbe8gf)DAOA8fkC3m&VQDjn8&y`qjto&n}c@
zp#|10%(ql(*BDc&Y+Brs49&w7F}wPfm(!!o@82V4p^c6s+h<(FjGXPNCcJJKEJ@x}
zxt9_#Ty14YpgdmIpE`g=w7q6^*l_J@%B`8=u;7-A^vU^VEkQ2ZMVy)5fVrPcQy*ZO
zeIxfwGvO(nGi>i#cU0#^g*}0w>7N2XNDYInkSgvu08l?rWW>G#S(vrJ*0amE<z~L3
z@!(N~OT<8A0QJ10r+=1Mu?1a@9i6|@Uc1}eUU|pTwwW_#$Vl&OjK=4D>wlR|SM2b{
z6X*kS^bgKtSpeUk*%cu)5Md}s4@F%qZrg_4=|)>e&}y0K*-rh~1lu%jZ<9N;XrrjX
ztWwk=wKpQo_miYjv6ia2`h;2t2-~m#a*h3d*Bi16zHvQ5<Q{n461EobeK3xQ$4$qI
z)NoxFjPKN$VUvS3S*WX>G6gLg7vxxzZy|EHIkmDD3FBnOehD+$^U?5TP+we$1CsX%
zqVk^kHWrg3QOh>vhB4%guzdLqkzZ;|&siylhm|?$Ktqcggg5@=#4ov4Mir~1Ls}#z
z(IJa^Lh(#{$6HYo!F#^Z73KEcYqX2FzV{kuw;Cc$!-qY`R1*GSuANnK<is*s#sv_I
ztNF%k#aKwWpb@Z_c<q(&wNwVb+#T{AZ9CpZnvnpID<$Gky9~l(Yr<Gy4*p(6qaeMf
z>&?;e6xfr#w7wvzjZ%y$%<!GaAJL8uEg96Vv7O?WSQtQi*lDJdexmg{WDMJ2?J>lM
z3O;FGHHlU4QG+v-W%8@_Ts^he{*~yhUCygEdb5!~=<+azga5m5c)sd(eT3}OnepQ<
zd5`;~VLIrf>~S3fXmeBMoqn>*-mHw5917*S><8L9eY=6duyU?+O2x4X>?g{3LqeX8
zy3n0|NfC03(L-iGtBq#_j#uD~3?EJdLh<EXr_$bbNe2qrmHwwZcPj65&!t(85U>e|
z=_XjI)46U4F@)=N6)f#{w(JL#IB7>bQ!eklNWB#gH)OCWQ{rr%=`DVe$^QFav=XlY
zF^c3V<mLAGX?pVc$3o=+9=DhK^L3PyOLth5IZK_}*ayqUR#e^c<`l2`1wdFb(%V-m
zV~^|DrH93VCSc}lZ@xQf1f?-!ePzfuLE#R@xz1%&<IVAshRCleo8L-~5iu?J0lH*u
z$@5Oa_iWCn?D^Wbc}=(QmDT*>qDvSUFd-o!)1U~pS5wM#yXr4xn4gvO1FCDJe!V=w
z8=y3XLl(Kb?0u?>4Ti8%XPGqd22^&_9Us{d<ZbtaoPw2E(DaS|diYH5VP!fkKkjZ{
z>@hVGWcWjk9mae&2Z&lya^#y!t`Wp@yM8|L7qHxpJqj`iP3tf7st-}lYkMC<dDQ*d
zC_mJ}Ow#N_`j-2MVS3^PQm2U_)yC#;-BKraH|q%@2)MZAZ*@77)0-Y772*%qumV*Z
z&7l6vDcx&(zKufsLu?iYv9{{1sClh7gK3mH?oRMMKbSP?QNPEh1xlN7JT2(qSVYtJ
ze^pXj4Er!s{vfR$lMa~`a2drN0h-r&ECs%$&(^uwuGayIt@IqU{REJ{-qu9+$FgxH
zpM1hg-vBB=vBcmJc<_)>F=qt@Pq-G7;ks9=#!-rL3JB0iTqXEV#zeFyVPLg+_D@3b
zsnmBs9D7M?Z|((5SC{BFJ@KqGLYs2j#IOPUD0EVdm5uSEC)q!j@#jR`Zy$BZrog2~
z5WpOq?Mml~okE~D;!oN7G0ytWT1GFk52QzEJoZykW%9WH2W({T_5xrdMOMq({hQNH
zr;VH7q$DiakNhTd@3W}Dd+HrQeVXrtk+#LP^M)UnS)36Rn5hoA=%U`KW3EXs=~cJ?
zxIPaYngu}<w-{Fb>^%4&8I%9SkmfWt1RTEKo3UF>B=nl4{3W6ct-%ZI45KSSSPNDE
z!b!`YaMJb{ob-LKZLL!`>a=z`N%98K%NT}Y<6Q9N2h|E2{3TLN-_RAUf}^4I-NeM_
za+EG9BOV(&i6t=ssaaQoA_4J55nUovX&C|GSWmRYY;NfjB$V;IX3F$VrOlG|Md-N(
zv&X&9tCwm8Ax0JZuCCZvmYkqg*Vd5y!|kx-yQ-ilFJ17>;$kJ03Q4dydZ_xPp{)M%
zY%j<)QIou<&`4u%#BG}&;;KoKO3;hJf;{R0!{NE^TH73UDQymq#CzIk^mu!`lg!y)
z2|D!tIsVQnd!XFH(lZTg;R0EY)W0l(nRh<o)I5Cbk#m5lDF*w~=G>B#mKKT$P+O9^
zpjl*H8rzj7)4%hm{TBc69d1l=LnbaikKI+F1Rn62zm8N&2=mlscWMuzwn=8$iE@~~
z48QifBYd)Z{r9}8QtgwvCMd=KFBS+C;1;k}l7l-W%h&${%#qCjb|)wEO5k6^^B*4A
zV|edq+9TSX{Z-Ka>xM>qJ}Qe%@x1ocZvV5S`HdSjWdIz=wEv(a?XQ32-=kEZ12}MR
z3q|WqrO-QAAxq>riu3O^xr09vY1Ic)ge;pY*xrScWte(wbU6i|tRx?@)Rt72=l9yC
zbjNgS>b8tF89Uv4n@FdXx6$F_t5F&w1~2G99@D=^`LkxNi1+#OX2mdWU2B*nAMJE&
z79YHV-U~!{`lwYsBPK)s>vIbJ@;N6=jD!6DkI(r<Hg+wKre#Lt$k^tVT%!tX^7iO>
z!?IhpKJWJGq+>sI?ojV1<{LFH_k6lPv>Zs}xU5=67EZ*81zznBAmp+QRTAJwZp~lm
zAeT?$x7)i$L!2<ye|CDDub<Agg*!>e>$3BR<Fjgjna4{YlwqjfHal<86*PaDW!U$>
zsh;jl{P8a4Y}s1y`J6(rAr4SG;t5`g9xdpU$`KzP(cjC1%YfiV<GQz!{rygsft~kt
z!Cl0zm;Wb#RaO)8MS$}`Dr17uXN9E!%74nWnFOCAq$n>o*;@}Lf4CYyEe;FrA0)Gt
zR^)wFzw}MUo#}Gdr<GPDTV=e@vona~2v902IZBj6?)6QA%_P1Ol}uPBJvQ~*_X*NT
zsinDjd7?_-=Q*qC<&8)eZ#?89xmmVUpYT?4d5}nw=Q=o9OgM^RJ0~grFOJ7!i;rjK
zGNT0Z>ui7*4=z~P-3noDai<E?o_it?aeKUC(6dVT>1wuO?A26AsrI7ap5rVHoTe@n
z_s<>n21mVKKxfR<-mH;5p6iepfP7Rjb8J_F4DzJ3_DY_ob7sfNpifi|DM3Ev9^wB6
z*1%)7Y*^67GaT^t+ZIM5%bcg+iYsg-iYFmIzrgS;7ERH_Z)@`-U~PIv{<1b{n25VJ
zx2KU3G`K321m$0`xo95M&&V*yo3evA28L^&ZTgIlt8nz9jXpU^*%CP1nP7Aba>ntN
zl$1m;ACH&c4+g}|I?k`%-J(K;WPZ<!c@&gE3A9{ZMFm6L#k1EDC-|gqRBqzCKvkmq
zS245Z);B=v`f+C{4#v>&*Is2ZH2uKw0%a8N=5wca1Hsq1&WsVP_hj$E|3mh&H@|9_
z{m5IBT-)s8PR%vSy`BgM)ol(bH92}s?2xW>pY3L<o_uH9k5fE6ijFcEYW93Wc=IYr
zw!jl80!r9E5KFJg7kDv@qBSw<87@VO?3yWl22tL0k6g5G{MjK0gkxgpE!N@;a&y{k
z1+>nLH#IDQb%*&nbroBmE(^GU{_#_GXR}Um>=ttWQ8oiaL_wcHB%E-4Nz5oWkBR&j
z7aD{!+XI%5Hy95`x+%%2so@d+bvDldnUqPd8P@sbEzM`D0Jk4`=|U$ypQ6Vmu=N_>
z!f00?_+KqCt2pV(HYAMF9Vz$OZo6$rB^dnJQWRpTrV<q-f?MEo!MTaclMk|-M!y;c
zbGfZQdSo{GDy0SY>BBGI2ZMl~0wG3qQ8)t+4c3Rrg+L{}o)^P0*$Qa7CMWfEZQ~!7
zgua%%>O6iU1Hs&)7S^&Ls2^*AFEBSRTfLb$9J_{we(qI$yU6vT4G9|+li`KO2~PPz
z{!JVqh@FH<QaJ^dtxO-JQDutuW1&Vr$!aGjWLdeA4wc}!j9ttcAK-2dJ6-U6d(WZ0
ze!+TxzV<T0pPErUQ~S!^esJ=9n}F&|Hv3&j%lwI`_}r|ZTjuC9D!dy(Y}28StXRej
z2VX<HyV3;ChO`^uUZRpP@!f57;Z_B7<;jm2E=Q@^#BwkuT2}8)39s)9v?nZ#USc5~
zWh-@tZk-FlF{l?k803!JZrJ{4yNTpt4Q4$U$$b$|x6c^=<+pK~l9*}g!C0lgeWm7h
zm*cK5+w68FRm&8|)yk*aAk>gSc4@!ID-JmE@&gd%hV?E|PblM=eD7-K>t2_WfRE6)
zT5b(rsG!wCwdj1s{0U$?E;4wwm?qsR?tq#He@`&ea;-)31n}jVu2FA>pzw1p$>~!G
zq+=>Y3VOFA^GxnJ(KSguBvCl}+n(OrO1T-F^-+;{ym+z7$_9uGt$_R-P3yvf=a(2!
z=Hm7U<@j8ma#$omxz;L)MOP|*EL&Usk;Mcokjp{oSBE^fK_~K^<@mgvobRZcr0{wZ
zNU_@?c|QQT<Jd+kp@I4g=v#zezeN1U*PQ0s>`W+BFAXu`y^!IvJ#_GJ6~2H{?bGWB
z=hmTCq(n)XKT|o5&xv*+KRiDV{OGbT(jJy1B((-)5A7BmFi(Fhsv4^^v^2J~*gY&&
zE<~u_dy<oz+ktqg<OfR?6AkNhJ?~oU1wl|L)q<Bwq$3|33(DS?x4GS7c=1J)75^5}
zFCt$VC?&EM`U&<cxqd|`;{u3YVdIE8mWt%kL*=syhM8bFRduy|A8U;&!IIPvdV;m(
zO=DxD|5W$(m(69Q<_9lm&&Sh))r518Sh<?>1!xaVFcOYnTWs~RC|=#1;u05!FlNN3
zcXfn{qht_7E}Y=9w#}kJ5nYdN%A^wdR-Ly$ke4Qr9_0=L9W5B%A<wnjz7a+8K*|Sh
zjfqnByZAJagC~W{eiVqEHB2gFBUP-x^Vc0g416g7Sb2t!mj{A_5CY7D2OOl5V!|r@
zZRwW_^80sdhq?5!-sCavf)kbU1$W=}N$r(y+kW2{-0?n|(#Olf58ruBM_oFi=44|J
zr%=)6357bdm@6q&)KOJz&Y#qa0+><E;5`lu48>kO8lmj`s+UfKo(4=$JwGusXTV4n
zQFz<et?oTU(V*;v=h)86=pz9Rn?ga$1{!5%&s0P<QjJGOvF%n?#mnUrWhLWFq_^X%
zjbZXYMv5I##~OXMI%#+Ij;8`Dw=F^USUarsL2&TA^^=UQrwdaLM||Zb&-R<z{grSh
z3u#fW49MVW(4NofL5_1F<}XY|E?9Kgwv^~(E{BrXtPUlH^MwV<KHXj*qWjIc><dAg
zJq?~P^ybjTaztRsR{V%A^voN6QXp0CbPB<bBCQbVl>}1F?QV-@!k%=hpQ+~SowUD=
z<nXU(S8F&y!Dp|gimZW2+J=#<nf^%}P+;g+SM4$SvueB|S-yNh8<`Ki)yHLu^!}`D
z<1umu=#|3=upc?#-=s814aGInZ5;Rw#XZ&f)~j^qaA_Lj1m7I)FyZzx{3Dy9j51l+
z=LT((w}E5GTe*5BM9_P%DA=O%UI!BS_U`mRb>MD|R$i<kOB^|@Sm%cB-TbApTeCR4
z8);%!dhP*wQ_*4DVblt;*5$*8$!({sw8DOFPKWq++Mtl$=H&C<1#h*}s9xDaq~G&%
zs|_rT6nKI`)qk~O!+S0OB~$;ys3{|l`#uqSm60Glwp2-bj=%D645<!5rlg>BV)>Y}
z9M4ct&O7>?bgrFihqjYc*y%M)+LaMB{mF185|chR>7Z^cosLdNjSW1YkpMAv%$du~
z#Po<xMpGdCV8r|>c<$6F(jQCtr>&`aazsQq+XeDwiKS`uc&D}jw_;jUeT#@r@(BI|
za_!rzSh{W$Ke-u33m`E0j0805TDM2z2%({_6TLCesP~}uue1(xcxJS6?^&wxV!B^R
zodHP;4hP1KuA1ac2@68&VrzY+3e&~<!optlFgnic-6>o5mwPvWWeIm~#$2R=J|LNB
zN<CGeEB$u$auo&1GZP#32X@ukQp`|#SlAacPS?16jJhLW3F}2**_|Grq?e_4k44kO
zOR-}E(FihP8&!Y28JAEym4CT_lJsw0ZFxzibv?<diMI+q>T#QOXNs{)N|+R8=!gT5
zi+$X5gZ8BR+$*}!Xg6Ac3~Et<`SB_8TcgIDh_El8de^<0Tz5JBtXLI3P+pzY=svmG
z!hox?ftMxV#5x(Rcl_}vbD{qAg97$WKnm1yjn=$n;s|3hqUzN$2{?~aVo&r+X8o+T
zwIQB78Ae9@LGs3;-}`i{yySB{Rz$`A&gy5rH@lIu*99I9YZ9_eLG~n^nyaGEC{7X>
z)dP0FS0pTjEgM<v02v=q={3*`{P~520X0C+i>+EDyv7(wWlLs78i3Hm5JD}|NEIJ>
z{eqJee05YG<HAdpbW$S)H-CI~jm*J?z21m(`Ffw-p3?g1f3oQO^gl7}iRlD=o3c!A
z6^SD~?mVh&CcU$h0tjLVy-y*9YF7B(N;3uA;z6HWqhAe$hn;su%x)?(^d}c*Uk4>-
zWYuj_0U0eEsEy{>W4V7%xDV2_M5~yjpu-)}?QK|BKy)aJzXR&SVdiHD34wkRky{pp
z|EQRev;e-;NOi(h{SmFl1PLyWpPxtne6M0|04k<W(abePol0EQ-t^Ja)ggH7j=C?+
z2o?L6|A}R5HIyc%S8WjFB>^htGMMlBczH$CUgL|K)57*o6LV4E#FA$h^Ye7?)^RQk
z_v+oZ2+{(NI%e_JMSq+;^d(ZCU4!g)zrM};z%`S_K9v0B1DYgdb(PR9M7O5dWL)_!
zr`geFs$z~I!gOg#eiXORh0P;^{+9Vmbzr}0V|G+98Q1&l+KFy+Gl+G<LTKDP0{5Xf
z?<ceE$j?iom(jCnF>@ceY~Sf`j~=Q)+{%9Wk{83_kLzudr7)Xa8E-3XnrbKMbNnP7
ztgKs-kKQPKAg1jx%HygJjY|m+RZ@+e2k?kKCdY+s|79G(dt7Xp(AW03(58%Od@6}Z
z3*YYruJ_Z)XKC-<{JTtS(#6iI21x{?GO1p|S1l}yZ+`Qv=aKjEBSo__%8}~?dSHW^
zQX;CYy;ItWnH<Fd$+|VS5r@g7{_ErUOw#<E<ygKS$DJszr}mdRliyow*ZB7ccn6by
z!V2MrXT|{%+bi=szY^Pg#{VX^+139Dmh6CFnXQo)GXKuIn_6p2f&g9?$ZRt(C0{V>
zG}w!Z!Q}A+v6kEj-PPdZexu6GV?33-2ZQdknUC5kSr|3nnhny_g}j-7NZQdEEM&ky
zzE1N78|hyk6@I^yPYcDo1-!}!rFPAN@QM!c!+6bpCygIp+vUqY^SuIEUWN0|Yhro-
zaw0E38E8ojMKxLL`m*eN`6Tbh^CGW<7u7;sxX9Pe`qa-XQ@`FYS9GU_UC>M_Ao+;e
zB}(dwYqh=)3*Df7`q^-XjV{J=^rTmw*%luK1zV3U#ko8s>gX9(-*p0pGAMlaOCALO
z%0qfDXW1ync(Q965on?!iX}HQ4c&yX*9;k=@^EFifJg`QEVPUxNNeX_=X#u&dQ)EK
z{35GIMuvsoui`D!l^~J(q}v;%j{1!zf38^?aLufAOe#2sW7aDeb(3_=wl%!<>se}Y
zE5iF<$fbva*p*Lp0?$h2Q+Uz3!ihpaf`p<IeFTj3%qJM0tXfpr8!jUD_ym$Xb>Izx
zBF!2(Tx<31dN1AceeKmZwsq_vcNmtS7a6wtsNvW&p$*|BZ8=mjR~85!0sT)D?O3lV
zYdSxC*?cthI@hiDSTa!=ypRh~DGHijiDOgH#w3ZOOOS^o<`8qmr};L96i@Cos2Y%+
zZZ9aOWTS^-%6PAjHXRK4)p{s3YJBfcyDt>#Lrt8`1g7)H-iZ01F>6ELL@RCIQ9AEo
zUiCcmqgc^vebke1C@xfSepkSzJtwh<yI%KfBMgZmpCCaT=9Dh9;hrpBs=0anFelv*
z@WB}9{+ld*oxW<(XNUPhq<H^~zGxQvcvxrW{5;h+BObK#4gWp22}3xEAkl2Lv>;@J
zXc|yGLW6G%=g+rMfKr$;jWqO=Y#P(3gOJnQm{;ym-s!C(BvI^|C2ynLBMcimX3sqG
zZWd}Y46mxP3Y04OHgz|7yWpW9CCI3Y{GEsEz0<jR6AtUM(283`WsxRdcTPWX5PUZR
zEs4GsV^0J9c9Y)8kVkivS}>nH^?i}+cEgalRW8mp>jbN%V!oKze8V}geSCf#n1pAy
zGh!s`s0NvhFWJrW)V)A)bMqzCx;j|X5up!GqCB9^?pL?4d^vdlq%B*lG+1i`oVQuL
z#tCaA3cNzsZ{a8(#=&lwk?&%{i)2?7kuLKui>X|miVs{Sx_h1WSG-vwOmgW@<wO6P
z71Y7#ag@vYL9xZlGjcIcFvDzd{iWQyiY=3PszGkr)I_4tHjciCo0n2X2WsZGGuq7p
zS3tGx-lrayWXLxB;_{LH+ZZmta^v+ANhg!dyJx0te;gVg@_TQQvk_a+5H^yW%}&VM
zEM&j35)Mn#Oubld?Y(au*6(%EKkTkT04C3BNyLWiX^%1Nz{8L4EalWQ>hdhTv_AG$
zIXL~x;r>0N#?<!#aB9zzkN*qSVc&nVaDTb$e=tHJHB19)9>#5lh5vg@;KR|y_k^&x
z-jDD<Em?l{A~Jy0lmrN2QO=OlpB%#PV+d7Kv`SSFF9`28;?OBPNU>{D(f+!4TRr{(
z+chNxEY$3A<x|b{`{Vx#itm2Nw9b67E0+YLS>cW&+-GZnN7wf^^vnDk`eEe<m6u1q
zf1h6;{v+BB7_ZpO+qr=~B!c~gmQqV4pi;;Xy>VW>+alR61+)gc@AEvm1heIUH5L;9
zn0;Vis7P1=6quPb?YORp*8_bfb}OSMwGNvl0esK-Qxz{Z|Am0xzaeqiEMg_Ny~XlT
z><AJ~<9A)2JtGW6>-Eomo-5rEjgBB<p+zuX=Z*`0Jy-9vje2nAj_c-pfDA-U;8<B%
z0j&WuCohjLM;yOXy}-U%u$j#R5FkF}tLHtwyu|YJ_s2avoq3U4gfR8xGXx=G`QhI;
z#5=B7pCalHUc+*KQ9V?lkBQ7;A7lx*e50MM#fgDL_D^w7O~Mo_UeppF5cg6C9wvw0
zSYqHk7}Zamt;*@IF9sOj4om)Y!9R?Tj*ubtjXCBU+5t9)QJV>Nn(Y1340YinSW$2O
zIIagx<N3;kpOQcE@XP+pa8vQiKQZyXN@rbOBPSJx@K&{Tc4AvheI}1=YHA`<b9s5B
zYGJU_zPPHl&6lg4RI?I?LE2GIswPr1Xv=8AQJbc^$7KfhSN<Hh0UBfAbeI-YA3Kth
zym0f+?RQS64am^lnp<Akh5?$f_*c2LHh8|iNNb`oiQ{`wM-w+Ot^uqE{i*vd`HAD)
zOSMV3-lk<J3Wkr->2k^04je(=<GpQgm$$6o<}d#8f<BK22w6|8m`K9|mL1UeW!P!w
zOAb~4B8>4f>IO3<rC61e3GKSOntHZuRDe<@UvG4kmPVmhb|s141B$$%G<YTd-jn5{
zY}(;$dHrY3A@-YqY<T<SZ8lCH>1Xp652Oc)`%(M!v~Ed_ZfD3Tsi~dm9FSUzv#7(h
z>$Bm{t`2w?y>v&I|MIsfD)(+6M&X3^pWPU?ciz}AVN&42#DPq`1>Q2RHJba~bEJ5{
zvunQ`62#uj8@MGX(QB}YeK`<POKV?t95f*!$)cK7`+n(TAWJSOIw9;ve`0_q;$xA6
z{e=vL6%o6uW9-YVwV3GGSlEY4yR1dSBxdj)muxt{)6ubDP9Poa!&J|stGm(}hFfNG
zBljM<Afh@oQOQ?0s#2nY)D=krzfK|Ze7!?>xXIy7Imq?eu{IDA&1$QM_gk?O4e*?t
zzp^`Cr?)RUeFmT|GQqo_sEg|C59(?gG3tIjIQ0Tf9jsZRRu!tS)vR5w(%oX0DY6xK
z$1`4}hnCjWosDv|grMrYKaSy+!DkP|qT4+$S2y|(7h+B9kQXK==1C_Qr=SQ4Gj>1=
zukmqKE-!O_snMt1&W|h0O7F~zxi^%*NmxZmq>eVtXC^%X6>GB&asid9L5o+J#Q?!{
zgKdins!S?7hDRt)fUs!bJCsOQ>9r-jX69tX)}BmJe`)TzJW^gT)@Rj1WY>jxgPm`-
zWQOWFC9+a{rFzZ2)_l$)GZkKka#JkBEOd_m{P6e(F)8>eVfO3PfA?p6G+iu_E5uGX
zd+V!!mIGhnkByQ;vHQYWfL(`=vf1ax<i&*M{8}El_(?!4S%hmWneDGw@&xmJEE$1W
z{`JA>lb=$Y(7p~&K)>_$Xs%d-K)q8yh8puSs@C`aNO2N>NpTEshrVfChT_n}^3~kI
zf=cyKo_0t1QHUddjHgLjqAEWZn;+wz_C6##A8@t*zB6ID`hHMgY;gDXS5P^`9r>T2
zviFOpp_!PuFBw#e9sx8en2KZ?&<j=Jl82;4AaeU_CXl|?^q|K^hZP>a-Yf0N?nDBH
z+~c1$AC|17ECrz(W@;t$DJdFChmz2Hfl8pPRvmYYf8xqi7W?uAP&9@wD?;WT`33qm
zw^FhUTiZy)BEBnK#oBg{cw%*$oMpc~vprUOm{GSU9)=SW8^+uOcXYvuBH->gm6~TS
zuZ+D~22~!m6e@w7A2YA(J}O>Vw0pXlNZa@pX*`Lm91;>DX?RyzqNw)c_9*D(4C~4+
zBY1{SaQ#?&gh{UNH--Wxy+c-NKzQSSJ1j)jY4$bGh>X||=|kN5I@T*mIh>@}SaxlP
zZKhO*p<R~v2gvhd6l6kF+BL7UB@MDjr%HmT&8TU1j~#Jw>B4a~3{Yv#F^d&QQHdkl
zB9&evGH9V}4!(Qb)>dXPVwmqQMbw*>%g8o80>G&KwOBgcq)~e7URXKru2_GatYHR%
zi&OmZQgsP9`a(Y`qahc>M}^h#i%MSG^>x<27!|G*-GEDE@H}&oy^<DS!l8?y@M=yq
zTp&M{Qr0L<qhM39n<M+OmvF4rKz+9^ETo61OyhOm9mQ9-;X=ssREXPspWh>RYC9M4
z42^yu_8tb+ZpU^`E-<6>i(0;DI?WFcef!lmrs6_kO}qe_>jqeg5$Kk?TqG^)@Z^%}
zDM8X{k1dDYq}D$A7ky*&(s)Rkl?UgFG^{`V;f2tCZ+B$6&zAdz|5^1vx#8OTPJL_A
zt{pX2nGruO)d@gS7Z*U~s@PqL|02^piN)*;EdU96g&Bx;_lSTapSDEv<_ORhVsi7(
z#bX85{E%b&OF8XQsxDf$|MR#l68!^|GL+38SzRqTuPpvh|5Q2CAP^Rl{IMGOxx4J1
zq|$>|NO}MC-dkyTZya$S0Dh8V5YM0~lGE!qk_xomV}G@jq4yuP4R<ie0ha|Ccjd5H
z`<+e$Kn=shoIOy5lMXA{BSu9_>ZDsfvKEy_5ODguQlWUE^lvCw6I-$;;=|V|^|e06
z$3Jf0zEgt&>?c_16*-N$LW>}S{Y9tFI$h<ebm&ruvLb@ibIr_N<u+VwJ<rTXJ5pJn
zpc{P(Pl>f`JT$ahjxG~sUpjcY8!UegLMKTMM*<fwR=IO&1$`79>p~l`ZsNV~u!u^;
zk2;u%*!F2a+b4eg@t)u7?c;<eqt(oV8xaAbK~bTr8?&qvw&sP7-cZpCv)E0%7~Z=p
zhw}8pV|cBEr(%wF_U(P>xVUd({E9}X&co3q)^Q`2(f_j;@n(j3N?k|ta-4em$-LS(
zN$2jmK&s5WIpG0<iA<LknAPb;bfpTdAb;2o1VF>AS{Y<G<3_5ezpxS$>tQ!<Z)wY(
z@3ce|S-umanQ#B*cq>nwF0Zryu+0Knuxj$^ecqQl8q2s(>Y~j3fK){Cli3PBvl7+z
zx^YB1`D}Dn`KhuGHAie(8iE|fRuWAW;I~O~A|ue8X;)0f`Fzi>&!|clTLPySopEQJ
zVC7pMUk;VejlEtO-Kb?67uQ+Mk9mI~r>07+I0glqys{pNqT7!beX;A4Xh0D|2$~$X
z1qLE(6f`6lu63!C#<Sx7(KEn+E8A}&{Hm|;QH>4hgQCh?rC9VeeuHDIN1Z)~>Lohj
zE*H0DRvQ=f53Ip^c}J|YQWxqq)!%R4>DlC(yXG2w7;V;>Ni4atSSW(NWUOmi>sY)^
zobB2C&z*cH04Ec_{$g{eZK%a+5`)fv_X`5MCGxY&?AzrS%K8)R;at}~+_lalf7U$Y
z!Y}(-p~S~56Y4YrCeJSX?gp2V$rOO*ep{oKwfki`?_;W>b(FXNp-4EB^ic4f-BGM*
zv1Z-w_gTXM9*dyn&We{4pDEmbWNTQ4#>g@PF5JlA!$eH!{W4?E_#6U+8;ZIhH9Za>
zl#3eIU(U!-oTD;1#_;mm^(2!|u<m>8jZHu(!Noa%R6^@U*8}B+r>HVp<zfL(?IE}d
zeW_6uH~h2mE5z*z8_Vsx@za))ColLUwJdYFA}#;HN_a)#fD59b+){TW4FEe~jVKa4
zBId<b)wB{tv11DE^we4@iUE$HDB+z~TkxH~6Tap-Wj0G!h4DH-Uj9zfYJ-u!x4!Sk
zJb6^~;+BOx_&EbIFgIJA%*|L0{@H@MAL9|80(O&p3eduW7O74<F4kjx>zPLF+X6>|
z&Di?a8PpNG4tg&VU+Rh=9so+6G+oQOO})pFh@&)wILQs{TV1RzvYrO=Ulot>QXZ~%
z!lZ<AUuS)=q3}98*TRtGYw#qUZcSb<7Lwb3IR2BPn}fsCZDlimnD?KJ;LIvgNCm;)
z(z4Kwm0H=7TV^-*A`P#I!8O34hsmk0PG=n2-I~o7YwY&A&@kXro*yhWOl6=-Bhrot
zBo`eh)5!U#n^AuvGx%=YmZFLG`bz$h&D=|!Pq^q<<(EL`IBwhq7LT(Hs?0JD^UFjQ
zz5xt*8JVvpkpwF#dwCR>xOH8GVYxTTW6&;>ZPGD3px%kpFx^%Tf8fQ%OF+qJndL_c
z%Ei9`udN}~{}}V^ivU5czwIHeXfSVWATc)UGk>4l&7=2^Y2$ibRs%HGXhjNtDd+HQ
zuG)$|HbsP52@^S=%S;IL>>Pdd3w;w&<}P?I>3FVBz2d9%#&mt|vKCfwDd(Unt4fdd
zx0NLT6xns~>;OYe)ms0g^M8Arz2i#1M?fC^y|Y51l3Gc++ip^QAj^ZD1L>)aYL!HL
z*RJh2#h9N_*%rY+QCU<~M$4icpw*w9pw)d^7B|3f+(5Ff;THvZ{Hl%o*S0{6uawE4
zP6<N4=>kx?eHyq#AQ8BJgQh_kHf2JIy8s`S)aujhnd!a6W`Fm*esQ#MmtKFsr_>Ig
z7CBMed;Ofx;hbnCxsXxFl=j{r(@fEe%*mWM2DqX^fg$`WPJ)N<#~VR<0`(!T8-?Cl
zh&61pT)n=z{RVQ|=CyF@FYIMlAN5qd$0~wL>1UXYuzZ02wgx?C)ie6}s}lu!yc8<%
z1<?6M3IBWbdXrEZ`hC>ZS5A?j!b2I$QEM?&?0&rjkXCAG`z5_5v2?51+o<lqd^`~5
zVJBkKx|vD~340eV6V+F<1t<g+I@hdAG=^AAOBBFLNe6oiv=<yp%_Gh|S0>QDa>F`&
z0+B7*9#0?V1UJaHH)s1eNl|#JU#?ZiH+P1H_Dr*PyD`@%#=$Qw9@+1gwx~p~<~koc
z{dZ<y{VUi?TnD&gG@YwQYuyO@b9EyTV{`q4dWJ%o5>e^z=QBo~;!xF6$i#c*<_PDH
zYeT3bs5a(9DTrd@6Y(fEP6Y?g;(gz0DznuogW7sJuq1W#ovn~00xmgGiJxg{JnRjX
zmFC?Jds?4@%cv#;=Mp;~a8~-1GC7;r56Ez2VcLfEoV6&qu45i-s4BpHbn`j!j+g^{
zq-iCPrb0^^C;Y>SfR1_iB~7bOgo6hx!O}J{tFPYeZHWgpD=e4ZcMyaS09n`GMpKTx
zDb}I+X6B1GB}CeTz>@L4jon8c^xv^=fQGbw6uxf@xD?Lv7P2p*6bmBYTs^b&z^R!=
z*#srgD<kym*zRw<Oa6{VG)$_sdaQrXep&(clTAaI_s4kpMRSDUVZ>c5u}$n^z42i}
z8;J;SF7=(KBI|UIE!Z|^3}m<e!9mlt+qfD)LqN+4u-4y~;ojiFdQ?WO3G+n%FPr)|
zV(~_Y8GtQ^rrm7t{b8;Df+S#UG>8E@0^*Du!vEic0-w380owXqElsX@wEREp=KqhM
zoQWjKb23K3qI*zDQ^ss)>!rQ(?FWAy_&c1|7a%MO{PKU$(yxOb@;<RUXVS5XtqXJp
zqJs$M2j~m+j)4_kUUnNh*l(|n6Y6r*(zBiP=Bmum29ntWfkeItK$ezYTQO15&}iwZ
zshQrJvNFkRkL6yb2D)Dy5VDJ-f$DA%0zUBcq|$P!6zkyYHF|uouG<(&Cv`rUN2oig
zy{}VI_g9_FT7><s{<w6%w7GZQ@GxI?se;aSkVFOX=;BM?46WYRHzFU<2oFgb!9H2@
zpG;8b^yYC_(*y%<T~9>JUb(-Lmi7zLmkU^MKX2w-cHlN=>KRqDsMYdP5;SMrQ2$bV
zk7Iz{0hy0iXjb>x(nJ~gxZjz|u4CTHrP=|H|F5p=j;H$j|DjDr=oX@6WtQ1BBHVCg
zM95CrGwa%yh_XZ6vSnOcBb#g7LS<fLUOVe%bIoi1-m1sv+j#u$<Nk5(ALo6~z2|+-
z`}KOA=V<#qOZjovseNdqiZgiP1r(aBa&lHi735MiE0~`yY@b=#xPI~+V~^X#sOR`I
zo&4)|mSdTWw%cGPfVT4pD5$i@sV%kHdl25#&MYmNZ%QV)$g+zTR#&(8^O?V{0?zYH
z<5R2U?HpmSzRUX6avpZB>`3&)5B4H8uU`4^U@lnd_Z9Ht?z*CU`pv`W{g${u|K#MS
zds9l4utl_GPmszt^+Nm0mOZH?3%F{vL_i*yH|%ghv*-tMNGqXlu=?ds;@~+cG%N_9
z4w7f`p5uG<qoPs7_x~e@SY!vwPEaM%?){D(LRQuNU=N-W4*ZurI2r)=EZbXOdst#z
zrNMqt!jsP3osJq8<bCTj+HHw<lT$5)e}|Vv53dl(L_(s%5WKea`0=A(r422u`v*lS
z5f?_uI%v<2bJek}Ue~6mGhVyKblZt8OXYxy`@;`5;5*4f!odyu9>s^nPV{IkmKTY)
zs638fL(LGO8i2PeyFJ6lnjgQ3vS#D_jqm(xftnrz!fPBky=gRt-=Ig!ZF)|mXxT9P
z)sg``QNf@{*2D3hv)W>m?5Gi|mn668?4Ums!F>X79H8?(l4zoQ;77(F79?5a{BfM>
zg&d$>wJov3%yi4;V*Iz7nc$SjKyn2C$M%GZ)StY%K=pMsNYXPvi%Vvaq1Q#_0lGjr
z`@Qq-=H*HkqTnlKG@CW?zNa%W(}~w^GWqjIKvpu%B`3O*^~SM+$76|LHzPLR&4srE
zaDZ1wx_aVc?e0zBusG@|A|(=PQ!(nJGNYP+vgq6;lg9zWYj7?-Sz$K<W#b7G;8r}U
zCpfAlzx3Hz`EXDO(B<6edAYDrpn5A?O%lnm>%zzR4Qeu!QCa)w#y>^De{2&#Wt;<A
zjC}FJQdSZzr%afO<#>e1INn7(%GJBDA}Ub9BxmmFvQk$-N6tiQjD*Ey(w>I;N_76v
zdm2k-RNY=BOp5mo&rMwfGTkhiPDJC?^_K$xazxHrk9%QT<PUj#B~*=o9-5S1IJ`JT
zPJp!RtLy&G^yX2rzVj}QW%?$<7{lwl+qM1p5ixf;O}m{zHYywdj@;nHb$82gHT@LH
z*HAZ!ol!gmU`DJ8tHc?^Y`N$bm`!}H(y#f7ctmq`8|XRXvsLGWsBFovH}Aabf$x|8
zPB;3sJvP}MWx7rwcfa+fv~pj6bLLEk>!QRFaN-j&Yx8u~S>%%s{2{ir-|&h9bO)hI
zjsSm4_D&Z0l(}K9>6s`Fs=IEZ7wWpM_y8D<zo8RpkVFGN06GDgw@6ehbOFkUJX8Qc
zzxZKqbLfTZ++Q^s?KHHNRKML028yHuEk1MtMob~}e55o{81m8Ao7*`t+Si+%rq@LN
z+{uCYl7Ssb-AKdp9Md;8zgA*3CZ*0=4(B+GpeNsZc|0rV&6ksXwufql+NuJ~{-g5x
zNyPuO-7gt<tr7xn9ROH_`u1C=N1i97YLx<Nshz(hqWIFSQh$zCFf=989Q@>%aP-s^
zn_)DYkicyhP&kZGX+@SXyP@=WLfY&;VSQcr=~w;T0Yi>k@%LAAsjPyz;u%#4+pABy
z9CC%6W&atyU-(f@2B3IO&o2Q=zb2-poN0+Yh59;lzH6Iyh9dvvWXBEA!T#2|*D?Y!
zGvDe&WI8FPiNs0x9`dP1=?m$WY(R?LV_HQaQ(4lWuue(0zJ7HijBn+LmE<^D4BS+L
z`6D{59fMBc-OBt+kh37s%JrjjeS@QOed14rCG1V@==uJF;Ow61mYvyX?XDSws$`fC
zo57&rO)fn_^l(2wH$rE4+T`qO9F@?=N8TGvJiT$!CMNIOSJ&UUoxdJ#f=Ak%Ord8x
zNx~itXMEGY_{shJ$t*OfkJlDmNcU}*CvlAcnFsnvhWC7xSzN|?#Gu9_ehs)4ICnY}
zR9`THIrR0iU<R30eOkR%`6MJ*kKZbU%RfH$t$t+|t8B2cXKVpX#hIu0Ym0JD<*Tab
z$Fp{rhfy~CX_od@<&|Dq)CiOn*XfrFLsIxlqgII$j189lm^ETsP3ziiJh)>k$rme$
zPgJmD=|$>Lg%C|ZK9{OOWXH~ZQ=cRici*N4#pd2wGGNyy<kA*!a0%s=AsV&yiLs^>
zvpgpnGOXRkOGvB}kn)teV?|zK!7<)b1CC{${JUIVQY4VMe#$9;T0qOkcTFs`yYQX2
zo<bd4=It5tOz)UGF=Ko_l+5CJ>m3wt@9HK-@<YB-d<sArdR11V>J6PRW}!1v_#vHq
z83l*%`zGTv3;nVa=QgZ-;TK06z<>M34O5aH;@MiSl*|O(AIMXW?FaII*3jDz?`oLo
z#nea|)}ag-lWi8`BF-P60*@tl@ry|$kOzz~%%G$g&x?m<9Y0m#lhjn5X&);LW)EDf
z&SQ>R4Bp%K-oWY`7)bgsUs7s@fSdaU%N!S^2J1VFM)ahcJ18R`s;2w<Tbg!0b(IiZ
z3TvrO27B>?hCCJMx1vdn&zCcc`jUKdtmY#$gMg|=-)K*!Gv`Jnoh45P>T|rj!%$Xk
z#I9s7WD&{Ni;}|8^bv}@V2jXe+mZAtdLCX;-e+$edT)*T%u#`qH<hJT5Q(6zEq0$P
zzuQ3_wI5MEb5f}piVydQt99R9_l!46UOCUcsx6!TMWxh={Hhm45i)Y&g#iL(h+GTF
zoyunja!^)9>GO%Tv?(Gp-bvat+{`Ouylt~gG;UYhtS)FF*88rcFzV3==;J4*9z>A)
z^dcAXYzt(JB3a{jGr%<hgrH^7SuI5~g6Zg4D0jG=%%47LGO4`OH>#rZRCw9hW9vdf
zChXz}O+&4rf`US2S=AF<S9?J2g^x9(KSc~>DkJWR<aqTBw!?VuHW;@ri%YyG6e&zm
zy$A)l?lmfjvKJ@O{xG%v{X1IDlZ2`ki*{xA+9=(o-aY*q1}9j^>*>X}JS&ep<_Q?3
z{b4dEGkfLH&0)05JreDIoeKT@o}9h~zI(3pk1jv2AT!H(jI(MTBiHuV4+K7bxO04*
zP2x0L&%ga%!%3e;D<4WUQv5#XpKT`j4_R}4pPw`zH1gLR7DU&}j=tDNuU<3TLCXf7
zeE@_`&}xs8d)PI5&m*0IDXHW&E@@2az2eUqe_d>epOhnMsw@4jM$({t%U6GYQgQF~
zi;KIn$1=0Ba=iq?ypw~Z#pI=9{GI_OMrAfT^TlvM_`*d7!KcSIsF>t|vb~u-+HGQA
zyFlZup72^~3BIE{oKftaV4hK}IK;Oif)zuIt4Ht)5h?8d{@?troq0o10Y@vi5!M!!
z0o@fgOq~zcRDMpW$B6Y@S3Zit3!rkW6KothlWV2t0BLb-l<3F?Ix*2@&DF`NZr-l!
z%Lj>7xKx4|^5qI-{Q+LpT!nXvD==}`paoC$&x|h}Cy7xlrbvVfCGG4;EAP9Pt<O93
zzlw>W4fnjQh;sps<93J$<JsXra&0>o#~ka;OJ_3kn^>G#v6doyc|&b-aq9`Q@9ZUt
zo(PzHV#Q*y9E<PGQ|4@^Ta9+*?UcS$AX3st3)|AXi3CrqlOdCmvhuZ*<XS770?$2|
zGYqD&j5U4IrDDRh4Eo)84p@K3NXw~jT(Y+txCz+29c;{6aMx7cZ#c<@H6tlp(LL|z
zt$?|qkuO`_mwl(dfL)_8B({{@6E!C~{`MHd`CEPrqS<Q2dhXn!akn2H&|DVxmM;rk
z6W`eA&rVPS<u(y9mo8l@g?C@jBYf28wO7Hg524-G(#FqB#**n}Lg@#6$1SXTTM}}$
z@}X%aYh0fC6uKoH4}Ck9Mz|~oZiGntMr6IfYExEZ5*fF|>iCzoKkqwmN?&TdaFEQW
zr@qp-+EWa1b~0B0i;70f@EPR6B{VrP(1HSy*SN_qb&3I}DAe)Y__nm|?GotWgonvg
z<G%b<5`g$IN^0%*0esY^#&w#I&I+!}P+8JijOCfjlJ1Iz9p{qnOi#JBc(f%++*Tqc
z3ce@AbbN2sGR}b!o!lIt4wzLmI+=cxIq93@)qi$07(0$y#jZkcPLNM3iMRR-+DOyL
zOKX}JiL~g<T28NO(t^+zk5oEd+mHcK7PU9EWe5yd;hGlDF$$+<lH)byVD*q73I@em
zFBlR~0O<;el+KirUP3Aim1@`#%v3N3cW61wMyz8J5*U*(?!jM$1eI*T9Xt~_99Y<8
zMW(kQ-Y3ZV)bZ`^FyA_rSoa7Tmiz}Q>_uvHbQa!n`lV|_&1#?Di%NTR@E`&;c^m}9
zfdbk7?z}_xpwCtmLPr^@q>?7JyV+Gl%lW#>0^5kPsX|V3fTr->QInkC7jVu!@vf3R
z@6$v@T)jh+^oc%f$P5i8i3%z)YkB2?9Qew!QxB>YO3b;#c8kjG9&W+8xwtZJ?jghJ
z^t&^}hq~WYz1UG)68dMEJom%Jnj)<Eg}uK!KPVgx=o$H<&=s;L4$a@wljZE#-Gs*r
z3YA#4Jy)s;L8v9*XpGR7BpX{BnE;r5eWsMUrKLr~q>^6?)p?E*6)XFQPfEWN0yC1r
zdC=%?euIj8%)J&z#NMINUq_wF_im48yc<A9=FvNll2t1dz!BjUEMD$_^wcd;)7+oP
z#%M}oako7PbSKn2H0ed1pZk<Y6yi+0Ym)YC-;TXBk!uc?O9WJiWycD1k!||TzOV=5
zu_igE>n0}EvKOz}Wqawcghb#}0g_mi*;$VTHUWGSS$}-NdKeHq*ohF0bRurN`u_Z5
zLy+_Iyf*`OGMq&y-g|dl`#zQ43*WE=#lu?nsJkb_Q$aYT&8acOh5T0u2?`#NDl8b>
z<k9!$+v%gl``>#@oTNmx*e^<bK$cRgHttQ6NAt~6&vrdj4TDsM{syYPH&m=37(Gqg
zTx3Q*ty>#Nw*%9;k@i}=7*yw`&tG2z{LZ}5E?M--h)zeC4Ev!+d(b(yw6XH<Vm($%
zdmM#MHu|?REzDPPoy3*4%U+7?3MWlm3C$a-yl+e#qS?fW*O|XqU4;=!%-}%9MT=wq
zy-nn(Fj13D+1Ko_natG{_30E?*qF(brhPTv7?W(Y3aG}%2JniheoEHfvgt(|kHHtV
z9p~zaSZeCujqrf>4Yo&pO4#wvIV1Q1+iGv0)2q-69<ieYtaxk!_|P42H4A#;_|i2<
z?{eb7rhZ=et2lV2ziRSrNRqfqMp^)=)<KcWHhf+bdJp<;wANDtPkA}}9G>FT$>XmM
zQ}39n9P*LrRZ`=P%PY=bpBmO$G|(2v$02j}0ZYQ8C%@6#8_$4fPZj|`tZm$+xA1PK
zoJ>zA(&P6-_^|XYfyGWv&S5G%t7Sr<SG3I{ok=lB{WGGxow2Xi@uMRi9^w{gS>joC
zW|p&mJp@}sk0z~WCfYz%IXXIbXiVEFg!X(vu7W^uI+sRwZ>(t<R-MgMPg{xowO2d(
z+`8Emckf=9v2Vkd2Z|N9QVG{POsYdiebqK>W=6yEW-*Yc%b+Ed_=ja`nmmDZgQc4@
ziBnd>oG#+w%o26~4V_NT`M9*#XyJg<!QKh$ua!5Yi1HGH7fR&baxNPs+AWG@2Hxt=
z*ZeZz9ojz#AC4@w&-X2eMIyy9PSaHTQZ}6J;0#|5e01o&1e)Blp}O+{us>()S+UxO
zycpZoo-LMJG5~}sQ_MK!UP8Hi_cB5N1#O&2b+tS^p8xV8bf|n;eMn(rwm0B0d;nt8
zUx;Vb#Th)zxdw8CW@f1{Yp3-FO$OF6)~A)8a9LTo>XdI3Fq|N&1#UZ|L(BD6u7Gd0
zpUFYa=MxygWNEW`X^xij{YZM`eZZ*oy8GAT@j?#p;02zg?Vxf?e8hxB$1eTBeN=z0
z_oS63QhoOe3!c^R@G8#B3%?{qr$txnD=w<7#Yg2WDr496y6Nh^1Z-LR>IO4&dsD+m
zk~JNDPxM(_v4fk52?@j@Jnh<-2-J6fvrv%6UX^oh2)fN@7n{UDic$a-n2)~CzVfEb
z?sFb@1KEFT^k>5?$WMt=w_c}=T3cBtmR{~UR`^YYGebKhFT*d^wx9M_NWV4|T%$jy
zO^nvm_)dszWuq@_xE9x)O>?JanQ*$LqcwfZeV$p@B<?Yk)yhh&d8|W6>qgvsWu^O$
zq@V`4$;nO$Q>q_rz~9G~)>q8;DzSC@ylQg86Z}dU-=-C81{6r-KTV~h^=5y6XH`^Z
z2x^+bH>n?=QVI@9ky_UIEbYC{71&0R*&M@>Q*Rz!%@;VV4cUL2p8RFFclip}OLCiY
z2zxq4x4YnGscKjzjW1*FQZwQ~b6n)}M&Mj3(j1$tT!O@;hxjUyyiZJII-7v;^X0U7
zkRnO>32U++Z@J7<@!hA{hwu2%w!wVBwLfFt54B3E2DHoNaZhrUKR`C;^YxLUpieES
zfb;CUoE;>yq=Xi<l-pr4c;<DxYDCe4nR;XUvSF?ma%*-&HBo!*ejr|2P!CJ!TPT5O
zDJ}5KZoB!Xlo6F)y4sD}qgX+vF|v9SZQ>eBg}O1h=*mtOor3S7?qCgRm%pO#VXx!%
zs2K0%Z;fI9S|me-NDOnvze<t~Q2uWt{%^J^S&wnz?p#Sb`L|KCOzJwVUyQ-d*j4l2
hHt=8l#;=eblKBOF<XF9PS@;<6Qi7<;7sx*H|3Cg!WM2RP

literal 51048
zcmafaWmH^C7B0aZ5-h>p-Q5%1-7UDg(>MWw1$PVX?rs5s1WoY9-JO=ly)$=a)_Xr*
zuXR?{soGL|m+tRWN2@B!V4xDB!oa{_$jM5p!@$52!oa*CLq>cpLCSGPhJitCvXzoj
zm6MVpS9No?vURY8fsu_)O-EAIIKm&B={cgH5Ql|Tmvj#GfR#lN2@dtZPECYIrWqDj
zZJ>%}YR8wBuCG3<{1R&a=5vj1ebMiFwjY#5wXq09j2Ey{E)P@w&KsFe`!9RD0Z{i|
zp@*M2XyVpaC3A|J2;>Uim|~G{&BjLP>g9TZ;ouj<33LM_;!}u7Nl`Q6&H!x>-u1da
zo%FHn!7otgqGm)9@f(<T@ve>RGKmpaW)62~-y02K)|7ubbMxs4{v=?x8n1`t2;%=)
zQM@MhbDZkySi-RM$4B#O6!Frlr$$YfERKEa0~B=*k}R^()^~-vp&a)_!cC2h5$`R0
z2Z&>n%!R9G<RHp)cg|Vks7j(@S_8%2A2=HG`DL=k^PvFIc&MXZ=5+&c>F=VF@leWo
zk}9;0>?D#RQ@QKrdJcRvnQa+<B~o0G(NN;ea1Q)yuq3WES6M{7YYcyI+3fh<$G8Ui
zF)_EVmVe&H7&360oWH-Z-0|J}@Cy}?^`&ffMkO|eWJlQbXEVq2_!smK30GQ=me<H1
z!IW|ZGd>$IBkN6Wy<K$~W&GLM_;}yjg#g__N#R1ZnK)(TO7zz^WC_vQ!wT+!xE<d!
zfiXU6Rt1Ck$pjVr*|9x|JJv&ZGwiu!#G<3vs3HB4HVz4)$Xk-km;G2E_m4M`n`)O+
zY18S^8uM;{467%l9rC12xuPAN?Jr>1*P4p!hF8BN8B233e|>3eAl>dBd;YxM&enlm
z(15HE2w1c3#tT+Mo}HykoV@-NICKUNUjPfITY%ta3cqiPaleIrzJ&q7MmN*#xnf6y
zPejxs59_GMPLp_>(y#v;Cbb^JtDp2Y7E<Bc_yJpftaPB@S|rjeipVAGGf)Jb5?NC6
z5E<u}<n3FWVblg0{x5Xf3E`A)Wre?mf2VvW9nUPCMnxmbpdRfYW0z=>RQ$tsmvSzC
zO{z0dbQk0L!$=`_O2lzd>EY*;Ft=aW+^D(HrA6+u0nOM(aoPoohoa4IMB<D;ITz<1
zqItj|@zdlWPQzHo?Q8|Onzh3lqAEukd}SI<-Kli-Y_~FGI;XA0d3g7LqB6{N<<QNu
zK|&UuFp75Rei?gJb(#7o@`wo111SX%^pZj2#OV&PtC5}HNh#tJ<uerMDN}H~-o|53
zzjea#L%xWXE<*hE^-vO>aujDi8tqHf7lSW%!y3b0=6tTf(v-GI)v~1D+27@-C@@kw
zQl3%eQm>QWC5nDa{qg+S-wj3}gqeaMadO;$obCtTkDgtL7}SyQ?N2Dh$P70O_Vhvw
zQz`Z-q!Z*?sdk_43O=dLS4@`UEeIY997`P=(9qCG(dd*M$(xsy$m7W)rLfX_G6WV?
z{9?B4ZI;f;Y0YZQ_KNXJxKC3q%bx2wLb)}3w)4XPqk}oX#he;{K4q3MYZ@0BmaG*7
zNIl_&4YHfLd}w<A^wn*YVw7i80WT(|BBl=2#Iiv?bwVu_Gxd#DX=ScmhF#h*<6=)G
zfmVJ+(t_e5XffO_!cJ&my4;h?RgtQcO{3p%dTm^I?9}Y7o)t4GQ?AzF%8Z@GT~$?u
zP~}+pj7FWhSnWnd$UOVvmhES|>R<fjt};6}@argRC`BktbPG!D9Kf)BX(eZ+B&!Ci
zo_)uu8GQ#9Kn;40r+%D%Li5#1+RA*(ft~ZBXc^dz(!S_LdSG}v8i{UWS;CXqlhOnK
z@N~ALh^wHgjHsMxas9jhr-zcf$h<b=PUFlClpfK*(%!OO-9AO=cZhqdVD{wnXPx?)
z#up3^^icF&#8r$HbVQ6P^kNJ&^b-uS4{CAzpBO$_eq#9q9(^9wh$A3eCfwvJ%y3bh
zQ{>HR&I(}X;fmuiGF!2E{;4?s)jG{t+x~tw$LZWsbgX*?l!ovt)FR2OVPw0L#_s5I
zrj?$h?-Xi_TkAUm#|FE6>5N@LInD|{^(daHEc;w*Bl~sBVlx~&4byp>8@tA<-SF`f
z+BRi~)yd~<+phWhklZYzdZQ4drgb8J1^<x1R4@xtr&RFJyC~YI<#_FQ%CVYw@7xS!
zja+U17XCm_FV{4IWr2r|_g&N-4qiuF_58pbtsJykcpb83n%Xf#u?~T*y-pI3m&x@N
zk)go4mnH@)4QUN8<)eG{+bw^Ghr`>?{<OZ3(?3U+TO$vZ_kP=syDYaGd+U=eTcz#~
zt|m{vpMM0zKL%WS-WcurPhcGo9O|4d@7L{<otYd#`TN<)c?x(7#AX>>B(^HZB~@i-
zI}0%LSXKI~fOkk;@NB4}M3QLH=oRR`@9aJ>qB-WpC}ZSx1|1LC(#})Q6AqDoC1@2r
zRcqIK%(>hw#VLzYsmp?J53-t@N!wF%xq0nw{CH3kRkJT5mClx#EH*HI&k@bR!$D>a
zHdn9^+Myj|iRmJ)BVmhomM5nfraqN_p8*uJ82XwgT{c`aEW|ZsHJ$D2ns#6PQ*X?g
z%j(9OOrDZ@g!WA7c@S$y=LYGU?|63d3qo&bTquF0vsq@n$}R;X-d(BB_mom$g*#cJ
z{FU_mRPDTb^;4!=+&*P2`OP#41r@V}_o%9sgH<5D029MWxwO(Z3W4mJbP={LBRd+F
zZ(h@`*-d83eazCWOi1IIne!==gOSBdZthQ5*R{ek-Id)5?iTx`S!IGMoEH-TlTS<s
z5Bo^F&_<X(@%jSG!hu0cv@U#C0!Ndt%*w`Vjl(u_z;AgaAqo%7#jKOMUM>Bt1<hOQ
z*T46sB03`!(7FJ~pu$$!4q5GmhQYv*R<bLx7=VMpQN7#zg!9PYwgOEn%^r=3Hj1{<
z^Z0pLOn#(xS+$eFPPf&G{<i-3iqJ{-(iwvm%M{z0v6yF|)Q7I>_S5yqKSZo)LTS#c
zvg`DlzxCeg|7srhnO{*dVVq}l)_KxgbYA+??RFEzGRVT$>gQauTH00fdG#QFL~L`N
zw7sWrrMWWz$yH_}zD&r%s}(Z%RAQBWU;E9-#9P73`#k!$d+TUPsa4(d22YDkO?Rua
z$#(C_3;3RIQE%C?Zn>OI00wCnDG!=;dy*SQfn<Q`in&O_E71Lfd?V`$H^<&r*vC=R
z(8SPN0k*mPm1gy@Pu2Ga)cTS!&``N^Jhq%ukVh}f;lT;r?PoZuNH5b+@oxL+<m*Cv
z{<EfOex@}SO~4x%(Er3$v$m8>Ak0eKb?9|<NHbkBIys$ARLgH9;I?>loWy(38fnkE
zoK@Rp?Cg|37qlI@95>GgcFOA;>GFKKZ(cp~F1lDdlRZ7`X6k-9HQw)8ez-Zu64iZ9
zysUprnkc>=6HKTAv_1Cp&Uf7Sq?;_K(j}>odZ2ZhfRb*;((?w(Zp-$1o_ly^PV-4l
z&<?vG0i!p01akyoY_Skcu=@?ujZPHw8ge2JFa*rl|2Zk-tJ<*ZSqD#F8BK~m_U}CC
zT_B0!0v4Xz4{#1NP7Z$0^n|(hCH86tv^=hWSaw&33abk#7)(aVJ|MXKmef#(**HZk
z7=vT4gHyHsI=w&@`85dXD>jIZG`CCU=Lb_6B=H5<;MppeY{rHp{CR6?*l;fPKA{3k
z%orYCX#CIPq0*>8CTig~HXAP9t^?|iQE}5(n~UHXl1MEQVE#)VO#ME}bqU<1{Oc)J
z+frA~N=XTZ@imVO^Crp`2L3ho=Jk0!>AwEpzD2?yy{7M8AL#<ve`;X~3*i3AzajgJ
zP(njWPVP0;uyC`qbaJ<G_ULOKzj_t5WUHy`p{t}QXyNS0YWCUL+>+JD(d91|7-1j5
z*Q}$ZhZ(t#ql1&XppOXU-xPwc`M-+UD9QgO@vs-6)KyX?mvVNqB<E#iXJw}pMI|RE
z7k2w>C8#d_>EG<HZz7a79v&`&Y;4}%-mKnStj=!MY#agt0&MJ@Y@D1duM{lqzD^!y
zJ}ge|RR0q4j~r=BcMCUL7Y|!!C-T4KnwdL$dWcX`{-x+YzkjvU(#Q6{nw;GKZPu%S
zY=70Taj>$p{YUmItMFf?f~vMYmJWK-wvMmvdDS7x$<HVJH~s%p^Iwhs!>RjUP984)
z|K<Fjn*W<q%iYpV%GvQ%rHAN$d*<KF|6BQQMq#$UEdL)*{L9UMm%jR06jhk*KYb>O
zdXR>Q4+A3(BPT7P>GS5)2q_15WUemOr9Vl)ZCZdX>FXDAQ&<G)pTOiY(HpK4u2_`2
zOdQ&uF_baLUy#2^f7=b%%>i!fKsU}Toia1?l#txCK<$~i)6m+Z+S<zVXd%Gwy$*#m
zRw@b!acpdO_&0wiMRDQ*&0Hy<f4}~n%py~d9tm}z!j`>-Wnf^?6y{l6E?P5OX|<41
zG$0@&tD9H_Y{Bg9?hZFIcl}(SU^6VowzRTT^YUsnQuoD&gTKy(n$N<It7Cs5gpKY{
zo0R8dv_Upx-!in@XqGGZ!=zJJh&2|3|44F@Jy#<Ct0W!0H1h654LBHKYvCst2i|6S
z_W$G72|Q*xD!M_0uXOoU|F+rpWU2qcX7l!NC4#i$Ld;{6D&g0zNm+-LNrm~x&hv@4
zA^g~(LHQi9_$+#o0?fD(Qp$VjjC$Wj0Z$BpJm>y|ciRfU&m>-iZ4eY84TV9<kLu-e
zLy_>kt4-c@G{fN5Pc3#HBbSAYb4gS(ws1F7)dDv*cPlODC{oB%&JeUhyS(Da*t!E)
zYV!~Y@`nCqO+rFXc*3PR73;iTN$+sp(K9eaPo%PBJBK3Do<K#!V&*1NO9EdW<_E%}
z%5@%`n%$S3Xlw$mrrNlzH}c`l$^%z<rCl2q*J<iM!NE_3Mynn)`FWHX;xopRipcAN
zjs31n^}B-LjC_Y=1-(u)7-De-b0=gz$Y&1_#(}6cpwh*xQ-pk_2YCTs^GLv`flp`r
zGkV(e`K6a_w85sA&#M=|qVhk<s7^aWnp$b}AAs9LHP<xx^GI)Q%6*=jwe;Uv!jt;%
z>mC1bCeIZ*{8sN4e=ts#%uLV0k%Zb1vl$<Q$Kp4*1FRnJ4+pP)&0M$$9pJWk-1B(p
zd6?hsORsDv;w`PJza!$yOI&&;4~d{oAz>|q7>A>Ef%+g$!gt32(YWq2W&A`hwW;I9
za)mOkYw3tTLns8&+^K!uo1({lUSfWbRGpjMle;M1ai6%loy=#Mu^}FwmW;cyGZCMW
zcq|7h|A5CUYZG?J0fPih{7v6^<s^!vEPLj$wN4#qORVl9p#rkiAiEJ_+P&LGj{Q~q
zk;=hE`Pu-xp8WE*7>kKzh)PAYCXd%?A@RKX$>etFg-o@<{NvH6eO>A2rO^Ie4rhqT
zLcK&F<6!cAIe|&3tC(Uz`X`Z+X6i5V!AeyA59h^v8-e+~PeI*;xGy=28c&kKH-idq
z+=sr3SsB=E1sN3ixOSc_8I)THEqSp!ZgwOa`|R;#2~4I(8GtF)G%Hm@NIM^#?AGev
zknsB?@;al;FvG<S<pWp>Z2M+3SJD|%nJS*qKX_0;&s9<xwN<kcwCtB=tDJi#86h2v
zYnr0r$>|@4eDJ@ECzmRgsE9(<*LM;s0<lfc`%W;A7aBxp8pyrEdDz4tAT*Ji!9#IU
zWxkANMR3@22$J8!X>EXk*V%@YGnaD#fM@;bBD>scD(m)ztjT897p_7vbFSIyOwey{
zs?C<VjAc3yxpO~e64$F8dNE&Y^XD3`{Z2Xxi%e}Laizs>*7xAP*nQ?m%DIQ{6N<Of
zo%@ao8$#C=8MnKRp<v2rfN)ySv!xq(R~h65TT51<c%~1MR@?WCy8JK}e$k{NJR#r9
zKQTUC=;f$i;e8aQB3jZm79h)##Zw~mXcULo8!|De6!NKGd$#?!QK7>6p|-U@n4=6V
z8rJD4pfTu(%};XKaSerh{P5ueZ_N#)+&EXTIYDPWOFore!t-RIl(R(P1}06uev{3h
z;TvNU3VbPsLqn}zk03^;X~8@0<AvIf@4s>kOj+T`p5RZR;9#9gyq7KP38p0{9;EjB
z6y?<%IHtVPV~xdAu9Kd(9};kgw>&$ll>MUyLVs~@0Qsn->!aUh2Di7rTX_pyfU_;&
zDK~D3k?$R-3prY72(x=RFab!>yzf#bS($ei7C`UY_v87KH8Ep0HZ$^-f!KWJXgyZD
z+Ay`uuk;>+%#FkIWGxz>*;o;cfTgf9l}V$CHtu>CcuQ4dC}06y^FBCRXfhyJ>2&Nm
zp2u|5uYwpgI((=xY|*zgs<G3uTWL>v?sI(cdbT{~#z$Xm>^MT6$`OgG<gl{lRJLEP
z(E)`?Yv;LF=C9vW%$G7r6wA}(7g$&369Jqy8b@ls2+yoNVg+h7eexs>06x8ufV)t(
z=GBm-XEW+dxdL-6lED&lha&08=J9xwwmAI>{e(^=IeWbo_yyi1Qw;SUWWxvejY_C%
z<gnJxFcVt{_}nA|u3hh<0dbGg@#T9d2~U@%$Fg+?Ki?fGJ&1tl*Fk_~jcjce?y8ED
z9|ji%CEb!AbNnyb;{=->YXUxCx4T>WNPhamX_=DvMwHCs2zhVFW$_Cz{7oZZQ}kBM
zn4{}$curdP@zBK6F_AN6yK}GTvoDQLdkGrm$%NHA8)ia2n}VN6s%=nF_p}(Vu^z11
z*VR15mO7P390`+HbGioGiPv$%oS7`>0~_RmrvxFm;4R}~oq-IEZ(IvK8a|8mgYFyu
z!fV?-P3|&CNH7e=4*g5fn#-hPN^0&$9J^)O>PDn{k*H5`K>{iq`GC7PJ2YZTAX-Xh
zrrZqyv$?TNF?^hyMi9oh43)}0glr1|n|4$6*m^AArQ4H=4TKZ|n=A&OrFD8L82t1O
zK2F85kA3$R60Qy<a_TS=7%&Db;(7d;RY-AvAgku_f4buv8r9iP2o(`qnIem>P8R{@
z!f+XAWzb1)A(;fd<gV}ZbD==3cW@4Wyx$-;MVbza!mN0QNh~NE6;G^PifcqoyRuh(
z2Lo<#N$PCfNxg7`9t(4fYb$GCtwF?NVfCARqTg}4VBH|VV<>`XLlfVaS-iE^yk&j6
zfF&tTugPCh&#1CGTgW)Ji#9kBxa+x`v&B^qkz<o`p}oBMJ0(o88+1C4>Z}-$-{56Q
zAhen#Yd@6pT!vq_ByoxH_?(P&{W)r!CxaFw%n-~K{#94iyl7@PywkrX9|w>HkMZge
zD2XXY{ieX}oV~O91*u3%DRB9S%jR$^78hRmB4PPiim2Rsh1mee#Wx^~$1o0}xUpcz
zqFM3X!Rk1aJYK7?a520i^1q_El1#Oic?X#pJ6M9Qm1)O$f$bldIR^NEL!06nPEMFF
zNW>33tadxI(KocWnK<kMNB+4;K5{C%A3pS=Ac~T#kijzX)qOVlO80n@n&}xZH*u+A
z>Vk>Tv1lSRt*7${R16kV%BpV7;WdY*EE@;JJALqlo66!-Nd?TDwKbMf>-_nd&T2A!
zVSpsq2N1JNPx$oYbS8z+O9Bn!RJc1|3|nb)QYyCq+?yPV`Fyz&#?*k?1cfkA`$)JS
zUYacifsxt=hw<$z^+(1O3|gIbj5I}qco%1)#m<fi8KDEh7*qX!MEvU+Y~$v9B(SF%
zPf6YU0NqP~nY<l?(5A)!>uPEm+CN%i->o?TxTjCQoFMf^??y+)1pFv0Tq2b8u)GF{
z>4DIIfY2B2NAEj3Ej{e<ZIn&x*d=|KQ<vFriAL6{z~toQ)IJ%a?9|Hm6Au>c>I`*@
zq3^TpYH)ZM2HLJxumMyqq_Et?O@BtwVNLK^4Zmz{mDyhOf{*cC&D>xH*kBgE|8mU_
zvx4}O>}x~C2$)sjg3hvd65}ZOyCN0%A1u&?wv7Y=GUh7#146mbN1^;`0<x5wA%QQ5
zjsJ3(1U6yW3`hzb#dWAq{l{kMdxKk$(T^;0KF+(D=Ub1|?$6QN69@fS=~_NR?iqHu
zhZ&m*ve|Yy+nIR;Eb8H`9fz=ZXEO+B<M!a3$9a9@_SZ?b-Gw4Hw|C0t`rz1B4tdWP
z6v|^i=3jT`{j;A8o3-~}{)(@2P(h54!iIFc6;4@~9fbaQY`=3{<`QD4^C@q3jr>^W
zw65uKGJ)e2SRI=0a~LEzx`ND)A1TEq3J$+EI9x2wmap|T>b~1Rx;=z@m`hF&mNg0D
zipOlqETJRILa_eztFD)n9#sgxw#OWPJ?KW3M@{l~e=WY^dHE(0TTj0z*@+&{x=~3c
zw`FB#=OS4sI<cAouk)uF;rlOH@GC7&c=TL3*$v%PpDz&(esu&+m)4EN=?v<P-HYC!
z5W|^`&hC~3WVjwL*GyuzR4{%BU}Yud7q_+ReF4hsc>|ZkeghMy^h=-62-M}gCL)Si
zrypilP>l%6swx1ccA>Ug>&wP!NI4R+rz4n$8h{rOazlZ=n*3s{EoSsSLYty398T8>
zT$O#2-CqrXLM{H~3}~vBzX#k<4x%7YiF++U%Aksq_pDF~F#i(cfHUl>?m^?x#7T&|
zOX;0Hz(}RbzWs3mB%wKb&}SO-Em<P$ZPMl^c$arO15#0`>Ams72QyE;#MiWnAU%OJ
zGxn$$0^0&$a0l$M3;MpQ$c}MUK_N{DPI0PwY{?t~+)LGCe$W$7jee6h!p`kfRK9GH
zfm3&0q>-?!h}245@8rpsD2azuzKx=rr!Cgg@BPlmgwVj_4}Pa1FDWJnw3Z8S)5*_p
zVNQ24X1~p!aM1)-!plkck`kglh-zGcRo4h;in;^$hf8{ndm|La^<!{kHg5~mU_Oy+
zJXv4ik4rGO+YI8Hfub1fuIu`eDgyao&Kx!*s}ZD6Py6AwJ<}5^0Ox>P*XNlU=>B*w
z3!1d2CJ#lk9m@yO&yAy$lL#tX52HdCS4Z^(IIVDDX?2FSxZK<j{x<jnD~Hb*liojZ
zE`lB#wz+n9N`k%|4Cf=mMN9%@(as3N$xgeUoItLQh%1hM0L8nRL4O<H<>sSVJ7shN
zlLaGL?0QOUIuqxXL5c_CxBZM&#LgDsR6Cd(lreIH@mn%)kOoaxyNnD^novvt%17C}
zRYoX_zS&f*e0F1M_QGoxjr|>127h|v@to+x=M`ORW&EB?h2iR^hiV}G1&nRZPzW3a
zNl48NuTg{iLuLRkQjT<uZIN29!Ha1x!^{CMu{j0uYVZ(E8$_Z{%L>WxmSqC@ejcUm
zr%j1_r3pRgNSlBUGSqdqCu5OPAYgi_N`v0DXGyTH3FvCSR>b~-2iq!2*ubcGEfR>`
zKk+_U>~%_lm?$ZJSGHJpYlyDY4Kl2qJz<KLqd{|DPiFn5;K(>-IjSH`rAUL-;=kKb
z6hcd-?sh_E6WW}{IOk@bw4o`+_NthT4l)!^mGdrEL#8mY&8~0l8V!?cQH;MAgb!~X
z(tqXnrs0RtH7@+1v?<c+s`twbFESUJ94+!NdWh}~ofnwq>fVt*c>B9Lg~V3=*We6g
z$aoK(C&54Qw6ZI_bg^rUccP}sKSA~*9Tj=#s949t_w&$Ta&ly3*wB84co?!N8tT9D
z|1J`D!2Ti@WaHt0nrMjduh{%G7%$kO#O9et5hYV&<cVj_Z$mD~`lcA*X0m17yN0Vk
z!Klt}5)<P~0o<~-6RWS#q*Vsj{a8+x12$iLURtg_O_3CZw7pEP9?kY{@n%0V@%J9J
z5e1btm-+itKhZ5cMa_#9UM^SYLRD8lDs_G7t+d<@OWPD(?(pZtS+WEkas^GRd*FP1
z>iD!;F*U5YHYwOZh%9G~>`aMPc6?Mi1F4Mr2D4&`9&+Zh&c+2k?%sH<(U6bePitlp
zf&G$B-<|dn=+Pg^g*FS=K*2u`4F%l{P=UU+OLzN`?*yp7^c>q&N`JRO&&}j+*M3lU
zf^wwqpxK*^wt$Tby$(yVmU@@fgA!Ovh2dXQVegJ2Z{8ivZJ;dlstG#+*(RM=-E+ix
zc6ad0Y-@b{o+GLKb}OknTLF|LJ7E$BtYXs#4G#GRJ>B7WY=km8w|fuW_OLWpW60GP
zH4Ht`eTqk(?I>a-7arZ6aVDKT4g2}J2X(7v-k$b-%U3U-mo{sa3PoeTL!2HX^b>T)
zyoKwlu+ZM8PLAY~!<-5PGv@O9UX`KZBG_}g`6!N6jAzo(7HZ$^9MuRVA0<6-9u?<1
zQa(0%fKJj#?*vGQRbQ=!kA$1O-|DR&g}RvIgL~<-BXd(_t$AbHUcS`v`29Q|a?G!g
z)SBNu9C}HvkUZjF@n=uJzga$f@%&mw;_q$?Jl+WnW+2me>|<5@9v`=Jlq~nB*+B|(
zstNgnEK${c=CLJepO-kLkr;atyKYFl6*icE@<qsIo6V$lzmFF5Qvl>{(f(?!*8kU9
zTyE7%iY4ym&Iz!rb@^7p75SdDKjyA_^4oJ?{*t&Q_wrKm!^ghx0LfO}KWAdNJzBLb
zFe!049En|T5zmVp&IPc)Yq0|lXrK#}(nwEXr2&bS!Anl#G@y&${OJgB{T8c4d;#P?
zaV=PuMe}|RQE0p*mQ_GcCwd}V(6Bjap_x*AqUnXSASafmliG3LDQWg2U^I?%#zYi*
zuctSw$Zai{Pg(J7NE&Nn>mofu>2TAu_gALCol3sfmFAZ|WXN(Qv7OpjpZsjJWcSKd
zIu9Bjgadd`0#Hqxe+gr6yMF6b^m&va=?Ok-+4Ney&*f1k-C~<;SSa&JCJf+dkX!3?
z#s%CNhALYkh&_DUh!gX8-QR30#pb$tHU*&?;A2LccCB7itomXnMfEUT+M`<%U%IS8
z;elR&vzw_Fc<3jw-vQDlQsD~kmolU}*&_9k0GhP`HA;-5y{d`zI_tS@p7Y|`<y)GV
zkzXfmbX9mlh}V3hmcJ%Vo{oc`*Ey)8pYz|Ud}&M8>11>L{oCYcRp*T$-R$B4?Oc-u
zm+eG=iP3<pt^^rSZl{ut>rh@>4(ljYTvt!Z&S<)7-CAs_=m;&L?F`72TpqN@pE`Eg
zgi~%f&aXdST2_c<t@=s3mMTbmN&!Mov|nx2va?u8>ImJUbAL(fLm@-XP%+AvUN?|D
zJLd`v<Pymy^&1Ns{FtZhwu3e7pUh)~4KwRJ+YbMb&r`SMuZRjaqo`_2y88?RnAHTB
z0DGw)o&a^q-&v;ur=?bPb$w356rUHJH@H$0Tpn8&Do$|>djT=I+!-5|q|obShlqR}
zC>1HKZbogE`{wD+gZ0L>p*+*a+uJccZvP`!QVByLKWN_PL74QPzxm8=rq00~x7!3`
zPs<BpCQ6f5aoV)0pOg20BRyFnhpjzM4vW!(Ug3}9tc`q^O=pacL`&_EgE?tCT@mA_
z4B&eBJs#NNH3)|KeCVSL6f^E&$&8pW?7Y$1d_gw5E@Z;7<-S1<zmUC22nX~ulLeX*
z_N{NQ;XqGBy*mBmE=I|IEDz^9-Ff@>^=uz3v?gDzc{0G+;z<VI0g4HGsj(UgW*eP^
zYyRXYtUkQssm<hLQbb4dX=%;^^O#1}sQuz2FHRDA*qduc0DYX`>HT0zGdAE1iVC-;
ztUCgp{;mun29G8S(GvYW26`a+U3XGjwnZ)NM~O8uWRB^xBO>DA6e@XE4gV@QAKT;p
z4K=vwZ_ZvtJl<e5&dg<RfU<LCBVgudA|G)tR^rOAoQ%xZ5YREkO~Tj8lr*|dL@#29
z)je6z=(O1hE19H7RWP`EY+A}`u8MIS3-TK&J@%6odauG;Mh3$~_1aH4Udfl<FIv2*
zcE9l%gSayx!NMS_XUMh+Jz9v%N`lR_^?DehDs{dT>o_ZE>+Cu*0+u!fDyJs;zC<WY
z^%1o`J#Q}bMm>QCwy<jEme!?3492P+;0H?y>{N4ov#)B61o99fi5Uk1F(4zmSg&XN
zD4Zs(KgJVoF*~Csw69av`j~8C{0z*Ida*zYCf@1Kc=?u!{qXQiY`GE<MmZ{+SP|p|
z+OY(2UL_bn%1w$1U1OqLu^5eV7JjE`PmGZz?USKE{cOdKPkDo~kDa#xyBD8IZ)qXo
z8&0p&xo`F53{R}>e$V^;Ov*XV3p5uH!1-~n^?dp>FtnUS$W`)&{V)VQb%?H;agL2*
zdw^}{3afE}k%SP2$;@SB0s}`bL3`Ye5_3d`D&=;Fbi4qM$bIp15XoxEYCSJapg(Kw
z&~(+TC^@lJYNW7>1s-R+KdcBS?<L0VZ5t7+HbJe}cc%;t#7k7da4nI;PPGs6i>Tx6
z{EBF&R4`G}rp=rpb=qd=XjCefc7%hfZtAp_kEyWAj}hOXdkL2Gcl^f>=t3;!2z`FZ
zDpkddb~k0TXc4pl&8APp_O{J8RDhogTpd?YJUCsD7sn8P=%Ep}vLqs+L55nv$no8U
zMT`!RiTyfMns9+7<WrnTe1gW4bKphne6benKpuKf>o<d!0#v85(4);0x5L4gfD5c<
zGhK=Z`603?^2?ow)7huT7CHGBI6#u@%b2~$=_3;z-Rcjq*G+RytlawYMI$r969<~L
z;=LXWUlJF%pUgbxNy39q_?>@A_~W!#>D5depxV=WTg9HZ>qYiDf08g)_K|Pyis+)R
z0+Mvy$IwFrfZrkcnQuJmof|d(;<!zg3(@Sjw%-vJGNqGUwZ9>xHJglNBw`wUVseMG
zJL;HpyGAA~lZ4~=CH@13<=$Rp&SxZJyKUa0Kc91@Zu?TF9Zu-pm*R9Tn07no{wm!6
zbb7!kGBY+XnVj~v%jW=-8&@0FX(0R-n^QasC9p3C>Nidnx=_^8`)uk0Q+Tlf9uP1I
zU#Qt0>c_}8*|%hput(1xOS=qz8v91fvo-XGQ-5~>Pzq|efeX*Y_4=*@zR`X}WF8(s
z_1{InokiZ#Yu}@)Au>yh1PrfPj%||JKqc|G3zYP>FE#~0kdSGIV|T@=1c>W)ol+22
zB@wh8xYGjgARV|!Ab>2|=GJ<GE?}CIvVtGXjI|})Q3Uls#V0sS5bixP7RcfrzY&$K
z$#;;m{OdY3aE7u!v*l8@>2%Sik)?6xYwY<^m4)L;!VSHYx-WFFGqfd^AcwUNaADrn
zQd;e>DFQ+<9YPw=<lwb=ValQHnQh-}I!YUe_8_%K-TH#WH9ywvj+h|<j$5S3VFMC`
z;92wCTfU#;3gN-`r4vKO_iMaVXWjOh%J1V;7U+GFaqN=TU-xcr`_{tNvlZqz^d9-y
zTV6HUplK!A<E=g1G_mhjRVVHr6;MTADGP*3OO9o|`Tha4&wF|-TLT>`8tr>0x25*A
z64}Ukp;!pWm}LX)Rvb;XZ?uFym*HNI%>3mgHa5^sWZW`Dg4F9m<@+9$2{@1V4z0$g
z^c4UwpAvI=3S)b>#lKI-?+_*L^hEW#jz{Vny98)F4P4dqQSAXV{P-aCOGEKuH9)6_
zS4SCiYH<A2nsupU*9Ocw^edNF_`c6O@pD<IbjnR%wr@Ww?1Tdbb5sx4e9m>LnF+gS
zJDt#~GIekae}ab}$6NSrmGe$`3-@s@T~yAoek5P&<2CeZQfx_P)W7a&sMIhUEbbyI
zc_Y{>IDKhv=s~eUhj`Tt2q6d{mma7<hf;J)G`-1x!_Nm9&k9YJdtb060|&sZz62J-
z4#K~Qo7>Org|uZoZ!y8mnH|e~h5X!qK+-43xaxQAe;1@U5Y8q3>GrCpNJlJJVt|$^
zW7l+F63}w_f_Vt}drZB03ujIH#CaXb_<8Ic9NiqSV2NRY+ShpQU_RuJE@@(Rj#(1K
zSU8mLGR78ldMzBOS1-YnzmML%6w+ezi?R-6&&ZZ`mXHEfI$D2(gAin$K59f|);eAA
z&5gbj(^!|pP`SnExF4@C3JuFl)o$1!CMG_p`z%EAV%t61B{<8F>m%Ow4iSZ)`Up?Y
zqL<7|J5)a;kb}pdhPI&vb3aq!lpsXwN2`eR=FAUmYZBcXw@xfRu)5cIXypg1Z*`;!
z`!{fI3)JCKW3<x(ulPo4RlZbxaKW20G8>xP5Sbh8-OA|i_OU*L1J<g0gZWgrZbQ!7
z#GBH4G|;wl`BDaE^xHiyYVm<&Jg=!W;V*}8yp$cZ*s^)+d10agGA~1Pgqo$@e^bMS
zV05w7D{=WeBxz)?uOLCbq<m@$e%Mx$yX6$}2^zMJ>^~v^$2LjjJ+dnZ#F+C<|Bm{W
zs_J(BK~!thXM+R}gR=#zec<cedUAx1Rvyu1g$v^<9c|wG=V`z<TgC^rY2-KH*4e1s
z3IJh~2H%E|<4Tw~BGSdk&#}TS=P{F{UXv{f{_Dt9v7|ICV%KSO&=@<!%wb4(zAX?|
zDJ#7=fS0m@>>8;f?sb#A+S>vV1ZnhNlo)*TWuDNApIQ2yw2PIjR}QjgG1%;CF&T61
z%sLi(-v2R5H~(U>jaBA%a!~qw;-h@QH%K+0a*%JLBNG>?&15oo9K`e*nJA+W7XOwz
zPBm!g`Nh{ikOw~|QxiH`k&}Lvrlj;cGzzMEWM)1lPw1KtWsViu#aTd!_!5h<T9v!W
zB63`}8XVx+bK3;yOOZ=3&Xvxn<~R(khchcSIjbdo4-uyy*!r5wte+i1{rmi7`#`T7
zfj6Y~IK5nRLwC<&B*C#NOSMdK(iu#w;|+@caI<_iELSU~*B{1?Tt@9PYk(5QNxV^y
zM-asi<b%h+5w)QrR%~#G3$FoOe4X)F+cRUqc{o42c~U;)B@c3e0yBw#mlZ<BG@af)
zMJq91+kaf_$cch3{8*CN-vc9@^_J7ca-4xog*$!>WOt!lHtd-zQSN;8BE-pWFmb|6
z;9Al3XKw1#oO{~RBGzd;0h>^c*fzD773<^tEN0^386LA`r8`uV+j)m;YMaAn{;Tw8
zfJcY&W9Bo`(fS5i-QI~Gyh%gyK^`CH(YaYP^Ds?0G{bcBz#I8<CE4Y#_Y|VXsHj2v
z+>p%2u@tdUsz;D%z!0kchntUKcCI1UR8yO1&}aQq5J3ii%jSZp23QGnVaR0i<u!;E
zON=D~WF6O?9NY$-fO0SAk5p3a*ARwSXN<Z%^mOk+2;Ux$1R_OO-#6ED3du#26AwJ0
z2jTN83{>97G|SgN3{f{EwF#Ri#_;-%lVwqsFPrUn3oeY;7&|?R??m8nTz`a=F&4&`
zGigr@$gHOykid_`zN=ZyB6=TwQ%th*IkbtLy}UO-;oaRf)lNg~<m7lslQEn0NyoI5
z?=mj89s3@_gLBYrLUiBS;~3g>(*5fSU7TMZix7*#EE$Tm5!)PO%>IQMb0d&>t@}C8
zmxW0ka;L9MeMPwkU^`L*y>$ZjbZ-Lp13BkLa%VzEzp*34C99b+XuN(2#O~K#5v`8N
zpDx8b9Ul{5zDzpuKWGrv$0%z(4zalm<482kMNK^j4JHebebNc`klFI^?;}y7J7<?I
zf5l;>Lt(VXKKi5v{P`0do{PcthvDfLM`m6)dP-Lu*3(J{+c!d4eF^dac*?!aO9j^V
z3@U982Hb=QVa_F~|DZPgauWTcacAEbq)_qxfq>vc=CR+r<yIb2PNhZp2j3|}g{8E~
zVHBab`_I)2WhwaW#W!eWW<%fQ{*f0<?sEP1GB+gP`h<e#Ka_t<<jBp5%w<%1_m3K7
zJb32K2O+IW>i>#-B}52$)OgrBoJTOXjrteZ6ilw_@)mnuZs5${w&R~7Y<GC+*)Iaa
z>i>qH{zW8FymjBxZ1@jy^+n*d(Zj^%4F9<>Lf?-3r9jQ)#aN&9AM9$F_|;f*%m&=Q
zk*&YP;Tpp4632zEKFqoObJc`=ANhv>AxD%h>VJ$vWrZ~tWM~g$WBCtwW*#4m{QnS9
z+TgDBrl+C(<4Fz~arn3lDQ1NKU}p#fuPs1z+EkeQ2RIAKc!k_P{iH~P{pVgwNN6k!
z8sT-}W9TaQf11^bd>LZo+Q1^=_Mb+;hrq^)n};|)F)Un$OUk7rrz&;)5y-PoP5h=P
zR}lfeaz8q}hs&Gaml+<W98Z~?XgsC*@T8WLLh&z;xWrJJGTD6BWR`2GJ0>o_{&n_Z
zd+>9y+4+h#Pq@h1PHt<wTzW{}!{yFv;<rD)YTk18uKLG{=fr!>?jQtt`W)#fzVlKH
zlb<Ev$yWGA8y^EQd0DxlTjzuMjgLnm2c<-c5G|yZ!nvAC4fQMBiQj==?wQwQPsXN;
z)|f9~Ln?B1zkMvf(V=1pTno^L49=7uhFl6RdlWJrw4j3WI8HqU8!b(?+U7A<w46Vy
zP%c?IKDnyFBuiSxs?{(FGM(}UKBQ~7&CCdOd*hL;`X=s!Hj(n?cdduB(sK)au+AbA
zTX!B(n=PK@C)NPes&UfzyOroR5)7&GziR*3+q~3GYUvtE3TyFKy-gJ=X2oMQ$(g?>
zJDb;@Ri36gaY4kZP|vb6+F(dbxU)K_=4rk=pxM>#O~3uY)#Btk0$0&8*^ro};7?FC
zKcQ2m`s>)TeE*V5vq6vfkYuAh%4^0*0crWPUOQrKgRJd2B#LltB|8|7o{lQkYi3it
z3!<x(i4<RH?OAv6DPp3u(*Gpi$bFfiw@RQ02d_qdg-|-`5p47Vxd^caZeNrHg-AY@
zx<T<ZD}A+AM&7@=!j=37iV4X;MUbGON!ShF-36q?!0^d>b+@Dz6y=5!i+_EkyE9Qq
z_``kbWuD<=i^GV;vxSJPXWM#kEUr)0=jj~d5g-+#qFf+#;x)H|Wu?AEVFF%zRN?Dq
z>4^`sXNN4Ycim@iIDh8@+P?;)W`kqHCbXcQ?Xb?_taoR_k&=7r6#)s66M<AOHi#+<
z<C@@a_Z~K2)~rDAONu))6XPA@pYNP4K5p17WFpaXeNSB9g(=Wmg3OQ$Ycq&1VGF0n
zbjfE!5e19X`>Yr@bAF!oe?KlMD8<T`v0PdFzLsMsnA4jr?_#9TRw3atp5U-?LW8E_
zO5V=k`02~w<Y*mqH^h}h>%;GF6U{Z_mcCpe67BODxWJI04JEP)KXdhR4`q$eEgTGq
zu<hUU-lzb%vi%Zk`ogEfR<LHLBL?GY1MiKGP*&j7OG+SfvK{)7I8US}`4++i&{}^M
z=2P7HY1Kx8MHiNO!-}nDt%ebg?sRVuIu`lI^3xBVnu1`YQ1-(g+WG8<e~k*7Z0$mP
z6)Z|cRC!rz(VC@#ns?mfpz;SDg6ZY8Q`Y9^v(1!(uVbYTV>Ln8YfL$dx_fyep&!i~
z1~nU0G<aBlKJ{^UxST1=pQz`f>d;I4k>S!32Gdz=zNN8Au?V;f(jQ9p4XIxu<9G+^
zSx{L<lGF<WJZOtiu-i%uVVFpJRpn0;>2!gV!2T(|!*KvbP?Q(<%f*vs<wqW#R&2CF
z8bYn2Z_J8Qz2`l_26^+3hX`UgqO_1oA1@p`4;_<|k&l6s%~c<1vb9PC_^t=T>1bX*
zeZ1Jp*S+*(0!a23AU0dC!{9F#PT&O|S=`6!x>iCABb#UM?uno)>$LkSwH^N%EjA29
zO~ux%h04eS{xYpz2EzlKW4tVM<PSpD)kP5xfEwDkMiM)XfWjT6LDNzcGgsj!-(NpW
z3nCLk-hdL`I#*~BQvbFiXem@Ar4K{-Mu%v~C;2C%xp}yDhw?SZ&R-N$X*Z`F-vbN`
zk~H%@nsi!v_7%8Fs_(!d`<eb$<rY~|{8j3cCvHX>t?*TcX>H4oQnY?j@Fx?VPz65l
z?Ur?o3jM>)#be5S-P)%=)gj`2&Hi_sp<7zr5(q0zrc@=KHDgRQ(kl-SRy?u>H>11l
z?)!}T;AxMNI0aUtl$9Q@4|p|d+9T^X%ZOPk55D&A>~7}R83(E+9s58vdD#<uC3UX0
zGBls7!KR2czTTbRxHL{uW;FIAXRPM4IJnBqFKFds5m@$G85B?kQ;)!|Rb=?Y<jprT
z24jpsTzyVtzCC~5qA+JA4Pd|5aR*zuf0x*p7iqy!m`Mv-3^JfPUZV6_f_GW+lM9XF
zW9O9&Ia?Iys<-2g4W6gX1qW(*D)2r0tA!Be<)F*gcf9(dJYRgfC{rEWK!JR52~Llh
zmmF6Fqw3hB=dUJcJfO7gSG*#OKrnZSPNvXS-QZ(_#!GQT9T7D9l`tIzpz>%#ehtj}
z5eQTk76=9w=+|-<(BM@V%8x_|6b?9AYv`p(OUPta=yYGBotZDP|6n2hW*=rSt?r85
zwuEQRh{tmd4LU|z=?h?TB0)*k|7ffxv08un6#WKhMpxxjqnQ>#i7dWa#-bBO-u%v(
zR%`uJMocr~d)Pt3SbYLmrS+4}iV(csckDIfYn2%N<l5ER0+wEtZb3|pnxz@~XH#8I
zRH2b2i%sd5yQe21jv8sdB4_sDD@`0-3?lfbO^{{S*=qLR1S}Kx?4wD?9hQ#P$KNim
z=jSKN+>EiR>KD<deAO}2eY@CK!dK(#EJ%aLB<<OLb|n`*@i`&{HcXe&zBjFhKZ!TN
zq<pU6+!4xW7$I>2-@?z$Q6PI2hKOd#+uf5e;e5m;#<@w%mst_T3Sif@9SnwPf`yNx
zUeXTcZ9)xv==O|}p`g}9>8{_}sDn+IedyBb3fBq*qK?4L++k>IVRQB`XGn{eUVG{r
zhRug<PBd4@$?%@3feW{<{r!Rw%1k9!3s{)7o2u0*bOg&j)PNHsu!dfC^u_uL3MWIw
zd%ev%{l@AEzaoAN?ZfBx5Xm{#iGD$|c)OujzRcr0uv`-)NLB{&Z0|*Us0*sC^8z}7
zkTAHB1Ca~i;G4)d2y86x-XD4fppVXkC)fsz@*}fs0dGaZIaXst@WabrhlsCS0&n)E
zw_V>6_&$d1*i?o#AaOLVPw~-zWUSVy!OzNG5QP<;(Zx|^gpqLJ@VpnkG<X5sO1VZS
zBumWi4cK*LH6~<j@GTjyGy18e(2^SC0a$^rDxgrGM-AvUvM3#~xZhxe<XB9g%%oi5
zIfpys1a*ucgrD@R#PJz-z<DA&H)+uNldI5Ht6WdxoO|0wxKLwTaL=?^6QWOI{w?GQ
zHWXpS)pXGd5ASRUJ`7sF<DA{8h+<{BkW(C`wKlwfYwXIqFE^O}DgBKDg`P9Wj+7=<
zR;@BHBh$(VtZdpi=Q`A3Zhlw6Y|n`2<wB}UV(>y)A^kRjF5~@I%$MyqqbP&$E0{#=
zh{Kf!ZJ5Y}vzoYjD435ac6xEg;3|SMh<gv`z{eOecnstw>|ODGdd*P4r-rP(6g~7(
zoQ(Q=7qIwBN>ne`TW+CQt6<EUo0|I?TgE&4+90RQ`XA33f$wuB+diQyW5p3^?_h@-
z^s#HEVt5LHlDD8{GM5ws!FlQ()V{ue#3&7Lv-77U#uD9;b+w)`%M6pk21$Xe0)|1#
zLHUf!W^s6TqjYCyb$yx)A)THl`+nvR7@+lIq@a*`bkYsb(4cT~E<u3Oo%`fw4AObn
z3*W+}DMYF-q*{NUxX%`Ug)cGv>KDr2`@>wX(0e9|jHQmw*h(D8Vdsf|*8`5I26@}<
z>sg@L1aA;9I6z>V`$%R%fUoa#lTHN4ynKkMb214sOj!NkARm@VT_P#xm9?|Ts6vR%
zxrG}uj)+5{?Zy?^Q;2w|FHB*fJ{p6PTx`IPn37tjq_vNNOsG3$Z|Yd-I#@htD@w=3
zPb8Ss>N<#mnM~A7<`e0r1pi4FI?f#Ghk7;$Q2cH$mQ$g*k4;YgxnG<AVm~1@*A-3S
zkR`8M7K4zTPY=bXI>54VPH~uyhTaizQ0J1%6h(q6quxA34pvf*(jL1JlT<4n@VYz3
z#}tHIZv`MseT*w4u>qGgg;kk?zz_2{DX2J1Pam-WQl8MdGPk@I+8n@Y*>OauQr{Ke
znZbbhnUe5Pg6TVw2C`D2dTK~b3R$EwlC@#Yz}!r?A+Rrear@l&L}j+Jpzl{-`R3BN
zXjAm`yuy>$QF5lWI6cmtNVgdQo^_esRyL5_=Ooq9jF->vwUhf^J9!BfPQQjJK`725
z!p~+MlNuw@OMVfno;{=>Bxpz+O^F}?Wv+8c2bK(<(FZD7XbMW!qetvmtUJdL(KS^r
zM0g0O7)7-Ar48W7%lN?pu-ET`V9*e|hOL_1%6>>i2uRrS$x2R=!}DvLAxRz`oqRkD
zH&Mf%mQV(jdCv&M&0MOzDZDt@m^GSWnT=fTYOoeB{^CLhVFFV0pa9s;WJtt;TPF(R
zy|h7P4qzfs9l?q6<6*n94h~>&7mX8mk^*4P>p~^W*i~mtRs9+~xEu(I$}-eAd2$%=
z|I-|-MUK3WhfMf-B(H?}?BmAQ%hIokRSeTTb#I(q&)v6$Re7rl`;QG3Hrcdr+TE21
zt+3_>A#(k|Hzv_G&E^U(-DY+$Q;$?4Wb%9ctBhb=k1?H^PW4)t?c^}cn;T4888&#b
zq|Rk;oi4)as~S=Ir32vF1;`?mb3EllJ;AHKPN6&;MdBsr^R>vr?aI+xUkU7atNNZG
z4TNSg-M}!)5ofGy2igbHl55lhEU)KNgGM=91I9bYQqcSUu_&MIdwJ{vyPFtvAstAN
z8we$ces8+Eikt1y9yL$AC&fA47)_^ry89M`#=#Ux9h~jQps{gplAfy?SQGJM{0A-D
z1s11EB^e?+c6}D$rR+GjGQbI~($CC(<7hTIE&f?8LW+vdvERn?^{D&#<q>e+CyK6k
zxpmZ9hpw|y;by(0F<m6sdvqN6I#db@!!MD}u)<0B5%kBy>*QvGw|3L|TA2Up@U>d-
zWnl<DUyZxSG5@}uy_fvf2wdBh+Do<oFe-xLM>Lc-@M5)PpIh{Vqn<k(T7WR}Sgv@^
zY-4kp)Q1Djobw;ptN|}QQ5XiO0q7u6!H8~yG6<cZU+)Egb%FFskDa)0@5pr|EKa`D
z*iF&|+j9A35Pm5{Tn^K&HTfZ4<8eUs6PMJMDgL?5RkF!chJUE=b8IDJ`O^-;el#rN
z&FjW>{*HeY2(Z)!4AGSc*P%E2k(4GXZL<7G2Jq&PvcMY_<Y7b<?AdsX2~2pu3&O~#
zE?kK^CSoEtxbE=#jVK`cS&OfkTZxRg{JWRE@MDCocbs_DJH-wG0Xu^dzv;ZQM@Jfm
zj)j@#Q3-*##smy{?MJ<nEw6+{1jvx`SBW=O3EcRd!O;YRjKs7BUwfh!!tJd`=k2bh
zx>NZxy8r4)dpgYe&G@B$(?NJ!$B!<0&qf2a1oJP&^MZ@c^ABUbq$>=H4!;HU?n0O3
z6)NU&qK+bDw=$uKN8AG;K1eEG*~9RF5ivT~p?yZ+Eq9pE9XmNM50zab?gG>vLME<*
zqNqNtKB)m6noDR18T=0hXy&PD?RYJ~^L?!o(CN(Nr(<yGTLWm*2NRq86T?-lOc$k{
zowR&>q)O8$GVW$_x&TE`$rFJj;>HIXE_FRB^g&iurPpap@KO0l>2apR>}%Oy{pShJ
zecTLJA@3QA8=XM`ker7nNVReVo-*1Telrt`;Dz(gz9O@h3*I6xms@R2aM}s^3JuE{
z^d#(&dUL#{iVTN<$OnT`8hQygIQ+#3`!^$Aenx@jpVd-UEi=`JrQS-kfj2*>ZNybW
ztwtID9BUDSU~g|ex89g*<wk|l28jIHkG6Px6ZiJipZ`EosNk5TVnB}T;R#X6^zC%(
zDv5&zQkn~X^E*UZeg_E*B#Of3xYAL=&2v&X!e-eYeeL-=Tc#gaK>hA<7e{3=#@D|e
z>^$vsu)3_VeQqaUfYBcVLU9$tjggst(LUVi9Lw2s6mX!?KGvD)U^kQa|E@NtVcQcb
ziTZ>L>+s921TWu$QwAC~>pT!1G;4gQTavXwW>ea|Fr%;RHeNL048M=868^B;UR_A*
z^SudY>Gb+0w2vpZCCKGE(j<}=`QCD6S=};BOlm~upt!CS<SASRxqIhiCk7AStk#m;
z;Pl)tp30)wUwZZH)xVv(S6o1gZMLr(vtE+L9WhFOW(!izwpKM=eq1o0jRHz<k-bk$
zG+sEwq(kdQe;(NlB3<MYWnS_DchbD82Zd1x=>vui+*9muMc-p{lLyc%jZLOE8hMp*
za*%Im=Wq=WBDJ{;!<pelrc%?Y{U65OGAfR(YugRpxDy~~2(Ah44#8c5OK=VDjcb4q
z9D=*M1!)|DI|O%^#+^Q${XBc`_j|uH#yLN$MpgA%t5;R6dCz-Z#YSMOsr=|cWLy0R
z!}#U+wGza<Lv^XBW(^(@#ZG*+cgY!U%<8GOOQl9)OO}Bo<3wTsvUdJlmY7}Z-i0V@
zG9X><BI<oV!NTLcsS`;X=T;S)eWI3JM@pf1PikaV7y?)HbWS2hNMacu`AEZ6>@W+X
zCm@nNma_c*Ze#s55Ao(sHC1`PF>Mv_^3za%g~10%C1&eg*LZe|KNj+1M`Cr<D`>IK
zIBq~Gsr7<mai3aHq9H0qEX+w-I~T(pC97?EpHao>Jrh!u`cGH%K7M7^9+}r=LV)sW
z=Azik65ngG$Ak-N^+sj!xxEZkBu!g2Az{L1%5Sg^<=dR16<>dmz&oS;;A&FTBVo(f
zXi2_Unc7lj0~0mIH~M{{14*aP2u^9cQzu#(rn`3~Y%@nEA}jiPtW~$;Z{NI#L`S<1
zqmysLbOZ-EpnzEE;DUqBIYhNFR)r#KV2OX4AM?a;8F_R2AV<zu75jW&heM2n2eu#e
zmiT#CfDLhnx?4jf;l{3DQo*ie<TSi$FLXT-!dQq-C<Aw&H-%GbYP>PT1l{I3Ye;V$
z`|Y-Y^BMipC)y{$S+8H5x2h5$=_6ZDA6)H~3Y^o+-V-hA><sjpGfzJT@b)kZ5`@^_
zad+(Lg;c3MMqM_OAa^i0zd#K@3!YGEr`Hhb7U-6qXBDoB5P;28&g6>N)`4bAqm(S5
zH}$6y2j@m<h=_s*TX%2-MBBKl1sjKb5HE)3V~}{TH8_=U7O|m^YKLxDa-wrXX2I*z
zSwETj^QIdEv!+}6!f9rInSwmA;}|LyH!i<^0$<!S^OZjVplSKDvo0mwhPrZFHpSXI
z4nt%AwJ6AAhJ!aN=B^P67U9!iQu`qpaH3;*q-__TG+d^ePt>@!2dYvm`RNyqS$4vx
z&LTFcnf0t81bJ375Q~kM&KIffz%b8JirrN-B_Gz7Yt_S<W!tAYHi|RPsTY7d^RpZ_
ze${-gW3YbJe+XEz$=MKTE`{4do(7!4d0w<vX3Y_FZU>6@ReOaDU3Zq+l`ecd7pF;6
z3Odt(VF9i)2H@jk&`ra?7(DORcb>jYA+FBQ#T5XblZ!z^Osub>X%JU|J9kS_asD56
zjm5dx<8t@mdkJL5jy$2@SKb^?VG~7fK->DX%gF^gcOC>f7#_u@fxmm>*Z8<#teFFs
z9!*QheG-((;2)sDf@&J&j|iBoLQYdZ>1$XYqm`fGd)fg1<Q)3CP~$JP$1UWE>tP;o
z>zD?dvzTU<Q$G2g<l`$~$!6W>@-nO5hGFQ|!#uM<Kn?pjdGI>)l|lJtb`LD6b2Z2l
zg4&PWbdG)2@@K(r{}jSd@!44h#Q|Z!1ih#>aF0NkPcb@&=7qgLx;ZiMoV!6daeOKQ
z-Y}tJK$J0di}#K^Fcg^_7rJbB?|FSa=n(ne0?f>Pf!&6;3o*g*FtODGEr|1Jb9naA
zZ%zdf)p#n!3gE3+bb|5g7VZ1ux3Rg9tkhyTfjexvHNj4i!3x;%PW6DGkPi{I7bV1b
zi4Ju4{u?#%Fl8x@09K|(sUDwfQt68OUL0W?UbkE2RMYDu-*;*Xj)Xp!@wqBOG`=Ky
zMKcA)7ah}&xX};18_26tEgl0#r{}fJjzf$|<9PuNOh<c3+>P1dgdy~A;@z1BQH2zr
zLLNl4`}jRPdhDr}wU72gAj?y_myvzG^<dYY0d)u57g}6$n-wYoj`GxB?SCg2{$v9*
z;T1QkRJ6<JZ~x72fR!XDguEhOfF_p(WB=~Pl7sglv#Vhey&(8I!SP3khvowi8jlJ#
z{ytFT7#mBJ>V{Ab`JX)jlF)nr?9%m=<3GuU8)%XO+xu%Y^*Wuw4@Sq@{m;q3+C}Ca
zl>g)qddXmxs0P23JD-&CA;}KBALWt3rG2~E+iZy)W69i=)zmNJXD=PdpBM(GR(e^I
z%cFv8h~9@B{-z_PO!0cgig<M{4D(V}RhsHdKcSNRO%>0>n=BcOLj5Owe4n6qI>B%n
zd_YcB-x91W`dAvzF7Biq=|ut(U4ss9aUsbMqNL8T<BLb)An+(D7z0DS$JmJ9&#)v$
zYi=zcndMDU(<b~UlCo&Edl9Hxfn-gv<U=+B@U}34PeZdvT$}CF<-q%K{4wiZ!@=@0
zjDqgRAY4gzC(;U}EZ)Q_Mc1ou2J<jQn42zrP}%!~0~v%O3B&zo+F}^jhW69U;?4|x
z^?#*x9y9lD=b{_Rw-|@2zJqIJFdGuaJ}JxzK?Oe!W0msef40RBao>$A3K@_Z+Tla<
zP61Ei6mi0Rj<6f~q9k$ATak6K7e%1^nbE`KdM)ySKl*ed?dQyI5n)I?D2;vbK{K}q
zP<eV<JaS8g;*UTb&WDd3kBUe)b5EG{A$+Sxl#uRvV9>G6kuFe5C;8ziBOHhJ2S-}h
znt6C(HcXcS>DFl0Qw-OCMsO-K(t=yXP^!-=<FJ+Wsp7Ryo$**SIbBD&=K+!IzTi(g
z(1RvohkX>)l7-=A2cLmJv#n1mKDq3oK-cYiX0;d2P?v1t9=_r;e2OX(q1t7IiRxX<
zjf%+(Uk$-?PFa!zy%^!$FbBtx4!^I~vAXvLQ%5%&+uF~9*z4OG6KoAtpQjmSHV;G(
zd$g>vJ84%nZ6@aGvNz_0zB1lPVaF(G6(L`$-0%#wzeAO)tMXRbC|ufeaV-NnmAnnu
zYIpTwk`TG`s`v)ILAF_8BkUg{Twdsi#?)E+vQ+JT&RPz6Y|&C4yl;z3RqyNSb3u04
zdcJBNjy_eOoL~MT_0IhaIv$XD>nZxB9In3Ce3kiKv>Tk1Oe`!c@1oH<a=EXUU%L<(
z8`gMDGoG)@gH=kPqAt3hPq)JiDRJbwkI~I~Y)u&RQ|i#|6tGxakqdbFF0%Xk%Oc%_
z8#nN{^f6d>R(e&It0Wh`|K8n4_EF1TjeHu8<;0*}-WQn511vHc4~+H%_q_hx)dXD?
zp!-1j6M#DNUWeW!cUVL;qTDEB<j?I;QTMu?*z(8`&82moMU9+N+~AHNQuiL3vSBOK
zy56`|L?yDnu0v&Sz+B@H16A&v<&{Il+y@>#Ytl7t-{T8Zzuh?@CNzrA>w|vO9_QRn
zP@$Dh34*xy`e~`+MO#_^<k2Vdot*)3VFy;!*#iKYVHJ6K>*%BD#*j>njrLVpVT(%b
z?kxo%OU}V@>9=~4R$6wRfMxkQ=Fa+XEJc%Jx%?Y&G8;CM`cWi%VkGe`Q209N;V0E;
z24HQx*hACwT0hQgTnP<;ImdcK$t;8%`^(|6en)mmC6JRY$CC5M&;Z3JNTC4(YXauf
z_zm-KdAY3TI2}Rn_kGmVsy?cLA5M%k!eP9p-8-s+#3-z<kExl8?_Ff?4)>t)={7x1
z{Kp!dorK?|D8M!p3kdo4INdl@X}va+zCwb^SF%Q8y3cd4xAj4Pvj8}*uN7JE(uUlR
zgw<>N;$NQ|5-dA86{7)v<ITHfjpR0*JqneE@Z3Gv^ejEDCnX78Qr(s*P3My}KZ)|^
zAn=T=jf-aK2+P9<VEbC)(@<cUIQ6@K`mUXhB|i(E6bvQ0hV%RdWKX96!@OJfml=u<
zybNP&{v)Q!fSF@gY@K?Lo>4Bt^4k*5k_;^LA}+-ZgNn)t4;-7ybRWUb@K*<M3f?nX
zG#Wwz7$inrW3r0RHn!yHMxy&YUj;kH7kie2pTPL~&oO*EvGveeo94vqYx*u4VjoU|
zv)KRM4VeO1TX)$`K7^?7!T{yG*2hw%FjH42%V))Fv*F#R0}G#xDZH321VhzXTuk+$
zyJ!fTLQ1h?%ciU|3~t2qKnh9`e$fn{Redr@2hb`|tXH%}jG;yZ7?33r`*tln^4{Ci
zU!sL@`P@vkTswVvKFjW&ntp}#qfu_~0c_BZv}zA<=z6xWjbb^=D#(T1v`N?Z?Hjip
zqwd}anA)3J{h4`!CIx*d`WMVW<L*ABZLp-eWr{M_h;pBGl15MywxRfa;R~~79SQJf
z2TfB=B#u4B@eE0SnGq<G*skjxx+pT_x~M2<$?{hBvHul$3ihGnBWFqM@;z|9Lw+f(
z6lla3K<qc3b>yn<DoJuDCt~@#%MXWw^}Z*e$Wx!%>CQA6=s3eOC$$m3^e3(8$*`6t
z?dTN@GtM{fs-}~+UKOG<&9~CpfJyEdXq4o+PM1y_rV3RmbD`md5y_jqUt=Xeg*)qw
z#Zs8zbDJJ8i<Q$5`G)=V{K0jDDroo6Z8&)UUh|-BhXMN9Hiy^aBv$4wQm6Z+=#HOg
zN`h#>6JpXA7=gjqK-9CU4ChmUol#5!sd7<d=e%zTsq(ti(z#z$=Tu2N(GIIl!|apJ
zb4(kTxm*|viea9~GFlzQaBB6u=+e?SN81S%t8UjtJ~SvlCJ=teAoe-BusAG3w=WBh
zE`WN-;Xs@(SrD=^c!qNGH!GeoX@t}FYBwo(T5TUb8GovAUxistBfG_-(R9+2-<|l@
zxdzX;dQ2q*A@Ye7JX%-TY1YbBF<a#D3&1vPx=?tIdYR@pONve8g6UR<s*f{8JMN<f
zWq~S6f~lRrPR6c&j6f{i+tAa<+id1CchhkJ;wT0<U3y`Z4Avi3?|F4f7PA}ivQj!1
zbAQ8(CeJ@r-1Dp~?U0kaeo@fQID>+?&c%M;G-%+dJ-P^W9h|p8^+7s%&Jcp-%Ysci
zQf}h;&we1$Vs@|qREh*fcHnTnC<$Lv8@4G?6uoe6lp!=v+1Y@*^En>NKdXjh9^>{W
z=xsJj4bcPfC%4GkSUo_UKwa9X-@R0}I0{(d46v1fp%20C1vu8((j`YiFXFt51#_3b
zt#4~l)Onr15RNcnaa7m#1HY*?qkLUgY6MP2DmiHmT0*}5rT96J3PLl#Msi_EBA70P
z3?im%cAfhIlj~8h0v&pCkw7_($8TOS_sz)w>++0O@p0i{?hyQMSg!8TML5w!sqhv*
ze33Ew-n)(($dz+?y)s*gXk(yBj(>EieA<3PUeCw&$seOyhd4oRky~cN5A#t|{!|d9
zi89XK)Jk(roGSQ+F`fjKSjSN`wDSwOO}T7Cd7-?_wbYHek4HGI6qXycx=>Tgl#t!M
zRgG7uu)!tfJICfPLu<sOI<El63q+T<@mq;`rgS??1!1We@w9GAoni1gjh5g03FlLj
zJ92{2kA(tSs(r?#WF4hFp^qW!wVdnLgrxWX(dP~YG@4NI74P?CjP78Nj4Y+HuTjmU
zqbPNep-avHEG$QSjz&ctF>PuSvuX1ywr&v&-8v_%Z80ZLjY=6z765z55yyr>to^xX
zjJRcWo&=X?f~|@M0w?gPTR?@vzZ~M?mT3_qtc{wBK;OzE+jorVk3vdAW2wloQ|k$<
z1NcTJQZvhi2V1G5J$aD*<&Wm(xT+<DT`kz-@=6Uu(=qP*{LAoyGmmnDrmu9Kk6lw3
zv>F?6@vAzQWI%P4IBvb%9i}h_AY?+Qz_mpBk3OHPZdOMSZ1yzw6!EI+{>bS^rQ-e3
zot6GkSq3|iH|FHik}!J8eOuC50$Dc$Al^^LZAS6xQa!{VI<drVH@r#RqZ#P(3>DyF
z=deVxVXW+ObyxY?bs@}tce*=uffWb82Wk`C>c<-NKT#~5CAkh7FWT1fM(R$9R|dbs
zf=A(j9b<q&Wdn!!bBUk%3jZACp44qW-;jGHmO`&*k<kN(R?K!rh8(i49if3eQ|UD!
z=_P*!E~D$gC{<1t*FYbTe=>Z&;n095k;oIpa;gr&E_=sQWt{kF*y#o^<S!$RDo)G@
zu+G8y!4!l{OkMAc#NSeByeB7LuesD1L(bA+@Tio$<$|E}<9xE=5M&Qh(>uDPO20*H
zEUq+B(;_H48+I!$$R)YpzwDx1kd2T;Dao4n;Gg}w#7WeqLC#{j$&>S=!G%_8^V64M
z@?X{8L)S1ysDP_{npQI|ZU#f{a<P}T>&XFjb8P6=l&{2yo&w$$<h3E-1%86cT(jQ6
zPZS*fMl7@2Ga!RSqyQ2-fA;GkEn3DftL>;u4i4U(svZR`OJcdE^2&M{Zx1G{Kdb2Y
zpjS2=F;$%_rPUjkyz1B8b3;g`&kLUp%TWprJnmIpg+vex^aC1eBQF3pBose*LXMo+
zL`<k7>sZ*nbnd}2D59m%=v=P4SU;?bG>{8Fr{7zro9Z+nT4#sAQCi|UjQ5GkL@u;c
z9Nt%W_G!uR5_<7cpv8NFZ$x=2yCtTM<1S}EgTOGWe!sfKbyqvIx4vW4L(Z73!(ytG
zbCbr=H2s(l^>F-}ZN_x)gCn>b3=lMr9%!U|d2sHLjJOpdKgiVF7t25D*a{sKlAu%S
zA;iDwD7<LDGIaFp0#T+|@6Gp`bhsf7)I6eRE^v7gUFxWn_7-AZ5!G`Jjg8TiPF2_x
zcZ9{WYIbVli?8>lzB$<PY4uuXgcs5t=T|5X`<x@7_7a{qZX`o*2rJABNmI{qmnGG%
zQBe41f4}vVScr+Ho+c>&Q{&V6Bs}n43en1<g)C+l4umtOavdRsI4L$WpS;yT;bf_6
zA<#k>#FK!Ks?g!=$|F4r8eA>`wy&eIGrCoGeT~RqFVNM}x?S+i{Y4K9PCtz0Nqpc^
zQ>@UXWx=o{IM@3Kb;4b|h7qccvRJ2>qKVT33BL-gF=Kr`5=MSJV!XB+yV)f#Mpn8?
zsRolXQt)se;z!Vvc)lGyY=Tw-i7(>*I23WLzj|xA4$g<B!!3}y$PRm@^ZT~jB2I3s
z+R}RS;i9GdwKKaF(Rj=VEcT$J!=G`P`$0|UCVhY^uX6BuehE^4U+mYsKdA|fERcRZ
z%{NyZrRs%LSWo+{WM?=bbi&>WTr3*7r?3*UrK(}NFkcaWCHvh7V)Syb7KmM+R9VB$
zk$+YbK)$e(dlZe*ykWzzHUp%SzKp11%5p<7v#t%*J#%eda-~j}Q}tl9q&JA$oRPDP
z`J-=G0UWb@zapp;NN@xQYk_zb?0y9w6!G!z=d!#Zbmn&&CO^-K=)N&lSWpOoVCij~
zZ6pE3oN{q~#A$-a`N;2LMJ5~>$zi|GE$|e~-*1%GG?+M`H?_LkkaM8(2qWoyusj5J
z__KC_beZ>*_nj(SC(K$JFuzPl<9po`(0XvM+th`xQQBFfjZNzibjx2$lbm36{NBt8
z+7pAu|KC7>UVXOXi{(DK<Pd!ZAKYpk!R{rbiufO66L^(dl1?F2@V4j5_a>aK49dw4
zFMaW=25G|<2A#<GwAzT|jrdlA@3qC(MR`*^OhxY}f%ez^`B4==!nlve*pVsGeKfHC
z$R}1@6ncSBYrbvG!6QQbaZA<=dl9s#fWH8l8dxN7b?G=XZ*{p9$<FD>miZwp_}m`a
zgDfn6HaN8m9_w9c2U()P&R?PwCZb#0>W?$58mPpFgU4#1pG6wz@855t;akqPr3{MM
z`IKK`HVEMu{_$Q0s1d=;Qw=KZL}nej27w}6!+J{$)}~ARytrk{7x9jsOf?*SY5jF%
ze1QMa&0M@n&UC@ZCoPcoPY%h&{~8e~0Kw6(8~}eJ_kZe%DYyW=bv;dgmfio@C*O-w
zoRvtwrx*M1KP;?)k$<F@hP{H7e}onx3aF=2$e&5_pED8g{}?Z=$K_i8F<$zJK-CzZ
zSDzyP^?5SDp8Hffi`uo;>;7#l#ez5aDk9MLONRJ;zjp0E)=LzoKbFvHeOB~;cA3Qb
z|3D-5{#pS4x4M(v`Idq<h+v^IIrJY-XpOXpJZ;T@w(P&Z$^^Bp;{ES~;G-8znW+D5
zKf#~&+s@1N{L}u0KgQAH_enT^kJ<mb2=&dG!z8vQ;h#~&)Ba<5{l8SGgLnTwrK<n4
zdx25`Ctg;~fB#8X-tai4hQSGrwb&nJK4yRYK{7NpimqPp(F8V8UQrcv?lQcQ7r?fh
z(tRl*^h@}7F*!?v@Ar;$UIp@(FX}(;je%0;WI_>AtKY+*m&CJ$w?#ll<AbwN&m~Ko
zE_Ry4<3xUL{=%rRTAzVoZjNu;D`x3C*(+hK(g@GI<n8Z9ItrjPyUI<X{~^ylb|jir
zz9@n@`pp0B+-~$}y1=yz!SD9zR7+Oa<sEnlk1X8dyTgygWW(7=v-_00u(=Z1*+~2x
zD_u97RZ#`1^qHKr63J^NSAFkwtoAl&WrT$R@Tx>7Ad^3jcjf8P&~xZK&0zB{-}HJg
z)UrFE)xxK0mH8vna!oztn8)esVX}NdCX-9~vimodA3Q-ZW_$a^POhTa8ZF<iH0Qal
z2HQXfd5LfIO!`^q!dkiG8;DYyYbL@N=cdne-KVPgX7@)T&FEu7<QP-CE50c0wyQl}
zlquFQKo&zA_8<Bi0No7xbRcI<C=1CnPqpvhqo!MS399=U>T;MD?%5fT=|k{eb0eGv
zHsXuRW~WmE600SvfnL38MgK4Xi-cjuO59-*ofPv>LjI>Ecj*cY!i7j`>M0@3-+XbJ
z2Yex0yof`&wirBEq5agnLYX-C`?WnuqDwlOOvATRem44I?Q70VL1{i*=fR(~pErR6
z7iJ0B*d$$eWF%`RO|PGpr;0uRd9KUU9s@6(w_-mY?m?j+njf5<=@>sQpjPHxb911D
zY~t=$>3h%eTcA(hF2#@(u&gQ03itf%me_4{6j`CnB^woDnFv-@F2Cnb`1w%}dUNsc
z0v6H~*^1Y|OIZQLCjwqy3msM@U(c17%hLzEN>10}Z&Ho#$pA8`*HB~&%oJiro6oWY
z6QVgPxmrrCFec``%iOQ|@Mykbu6f3)a*lfW%3V6@VFu(S$<W2{d1ixJk>72$U!(-H
z$*R1bS&hq~Xv4KkttCNB_UOY^@~5FWlJI@U=|VmF2c==enQvO5gjhK>0XN26sH$-Z
zkdeS07o>C=S^SH8k>%xj7IfoLnElgFQI_wk1Qbr(i$7>Esiv%cX8y%}#5JiaH@_R9
zDOAALzEXi6ZAvmw-M{%vW~b4Lbr6QGyPsipbkQ5TgUS80SddtVq{E%-$$v8u^zvdq
zK7P7q0X$ijyB+-`f9CEW_Y3(Pp0Zlz0H;13fd<g=6A}k1@wI=7>mr851-5LMGC)Qv
zD?SCss=Z)XXwsEcIxy*P{jNWsU38h_Im!J#B5vyK>R2YLZLG2Ij<3|znd>A`{Y>_u
zYs;Mdvxiv_aim3A?QfbeU+<*4`?KE&j2<KlGS8(N`EQ8l3+EvQ;%gOaBy{9w0(Z_6
z<3KP!>E44M63(w^=xzMt2H>&i8aQjTve}16Saw5x1&=cG^I97&7kQUZe&31-&A-x4
zJ<3aqUJ2FxgbJ;*TC{0bRB1Zi_GbWQ7bSrgn~X_!S8sp-$1H<Ef{s&~Zu;yNzA1~s
zLUkeoK65$E7t(=)NT2>I%OaW@(Cx8SA-bjJH*&h~7nB?dOSR$+=$@kf(5mGD6vEHe
zpvcdcNVxXbGjC_|R2PwRiuvmmwSBwKone#~%UVEb7ZUnZgPB0FO*&!69tRdw!lmEu
z+>sy2(RPGF`_W!tz>;^L8^(KQvOj;Z)@a0=HSg#NMm5HLj*Y<FE`W~rhNdv9a>`JZ
z*4sqBI+;@Z+g}a>ynEFK>!DH&^dShgtXGuji`g1ZRDh&9)_obZ2ls;4{0+)?EqzU)
zg1y>-hI4GdY*ylAp%(*61NU84@HrAw_2x6&sY4AG>WfbI8EPffp%&)nh+AYK{R#PQ
z_17#wqz?&i{@fOJSRaFRW+b$@i)BWK60(Vw+$P@=pyi52Kg0GoqiSK%kbUFY?EH1|
z!y11dpp??1%@0GFOQ|HFO^s2h5kh8O5tLZ%1vGj2&~Onb5=crw^E1Y7eZoZGa^A_y
zCRK@@Es_&kTM`=YSxT}^8iD&nNRRV2=KPv|ijPJMbuy6eX6BUB2bk}&%q1A9!oet^
z-NdrfOkDiX%B$5)Qo+0oT(e_;UCn!n_A`uAR%@;*Cpg;MoVAd;^>(jh9Q>=!3fsm%
zTfzHBh>|7J`U0`+W8gg;##jzmD--1&=)nvmoChM<z)_$X4s>%q9C8zsQc)*h)(x$i
zro!7{$unb(JSe2t&+Ll6ndYiUm?{^2{5E_xPg~A8DaLi^wo>molmHlgBQN*(p*CTC
z?fdYZ?X}cH&_E!Dt(#5fi>{*^S??LOB~w^H_l`rN_6zjg+i4ZzUvbd8*bUS6xIMRf
zJu`-zBH9L^nY&WF1y$eY%k??QmihnMi9Kme_(?uiq|F>)M4tH}JN@T8kgXX3cLbn(
z7T5+L3fCGiL=1kV0G{lGxb4W6N!Ktz-84Ui6z6%FKGyFdmwhS0aluCoz}MD)W=@yO
zMhyFn3J3Z1j`bO7bPQBDUc~C{u3lzVybjWf&n#NpM=j43wPfEPL4iJQbNoD>a7V}u
z4)@;M%v(<2K`V*7^bloDPZT&T2lGG4mIbv@@c6iCBAH1EL?JA(&f7aN!-^qJjaWn{
z`#J2ME@VhgbhdiFPG@1PQ8q8=W(p4yGRCD@?dxhNn^FTZtI>>QwACH%UD+`R;Jj!O
z4U+$7su@`*Tkxf8$tb@!wb|WK+r<igRRx~`%Ym3?lvF)cB%o|e5sHbZSu&BL*ISm$
z4odB2bX_w-R0}ttJgDzlvZ2(5uL^Y4Yhtt=r0}>zQu9kVoAW#JeBI^RbH-cF+>)s^
z@Or*7HyBMo+^|cJGiVge>!Q=S%B8L7SS_WyqNHt8D|J*aZE6ASm0wMxVAP{#lO#V=
z;hnqjzDr>lDbS-Li{3%)j^&1NDq-h!aQqW)gCE)HY$UF{S;~41e>p??tUP=c-8a{w
zI9Dy4dZXAThwd~CRUzsLI#*M*AuKLeQBy!#y;b@}diP_i%b8!nwf}gin@4moNCW0V
z8oEAId;?FSK-<0m-1KZr@7d)GoCO`B-E103xYc4!W~(#cZwBDUOH|XqJ|OXgYziZG
zygzOR%sM!`5zjVS@u-PO+7zrKkMphTY^9#g9}DL{5&Seo*f*4+a=6QrDDx5I?G|N8
zSzd(fDXtv~@<hKxC(<qYQlgqq7-hdC*WJV9YrPzXg$XZO<a0f?+VXhZ1>+ThadE(K
ztan{)fy^^J6evPW%8<3G@=7P38BZ~@SdT%>y*Ph!TlCRmqXFoYDLQg2HRvi6BF(G{
zoiGoeXiK-8Yh00~sD4o1XrG=5M$oh^3o(bsSfH?EDTfc(bl&B^%Me&h3c<k$mXTC@
z_f&EDt?bVeo(!<9!G5;{|K=vjqF$MC<QfTM8tgR-S3x>nh<Hby0`P;KP;Hwjp(fo*
zq$d%sfX8$#zo_P8)u2l~tez&<G(QN#DC=^<D08Cx(HR4wvf-*;JQ?<TgX_6dh$L*|
zm$M3Nc51)K@<?&-b}?}kaO1x+bMPvksZOUN-l0<BnL#hr(6F*<JU>WZWA~dtYk^iD
zCW(LgRG*-L0-jD8yYVy1ML;j^6s>L&?@{@{`{_A!)Q6DYz$9$vwE(m(4l}LR6UkU>
z1n!t*A#(IJ7MGBr?{cs)idHK8v*^k)I7n$^I77Gem+iZBrRw;NvQ>)-&SP%4k!-j5
zD~vOt)FII0`4AEOfb6&Vo036MDCp|4+pzE=C=%_S_Q3|rrknx)Je4K;x~H<D&(>V8
zFYtGnzRsl5o2JRtuV@9>!9A?<3Y|j|>sj}$H&||vwz-0ai^)#@Y%8)`nBeV7TcMWt
zQCc?6t^^$UtoK=+^T^%z@&;Jim_AX#prGNnHE84m9{<B4^(TOh38g?QzN<oRC2Ru_
zS4Z`nS1>vl_LbuJ!8wu)U!^nLSeQ@wA11=W0yG=W!0`E6pCOqwA{7bW4EU3}&h7Hd
z-jFrY9X`1{w;4ba_G4l0mm-lTUU!&#)3;jXYM&(Xe2P!9_Lx)Wxyog<?l>{Py#Cq7
z)}Rv72|baC&N&15vCcwelQyRx5;_2d<WKMty?wxxw~pZWId!9{5b<Ly0x`#rcz(JF
z=xWVsf-B(GxF#vF>frdo#)CD1E!Kx0&uB)aN4>l33e?|mXUFi$zpWW|DB9IYq$J-!
z@esPtF2C)y)b6pi%Xa}Y2-}H<HnpKL4iQp(#~h`ZIts|I7pM_%5#@=}*nX{zKeh4h
z(|MAT`H)`Eqj-gc_}a1}iGB>&qJ`QuXl$uF((Va_L_B~wW<mYf8);n5si+I@iME0g
zEwISwfkz*<|0Ee8KJc4k<Zhm)-wTFK=5UHT+^Z}27MfrY!~~;Gij^S_u7nit?~H9o
zH$|w7icn(nFR+TTySf_10q?tzaQkX~SWjZ}?TW+}9naHU{giZoV5|-K1RbUX+YK3X
z0W3R|Ccnu_>Ee6Q9;A+tGu*M1Nmwtsdl6ifAOyk`>64g2X`+Tt={0c;X;|Gs$b}WZ
z+8VghXFq3vGQLX#M3)0Q*Sb;$9sWF(v0-$h`y(d1fw?CeZoDEPs0yKPj0-|~0!<{f
z>2)<ax^{a1v<9<sT=>L2|E}w`$k}qZ<PuedA=BYDwGv?2O^DNA>X2u`zDw&@gmNhE
z4O>ZPENW5XCJ9Mdq4=H_)}3yXMkRE%t$+0&4_W5b6N8F`fv;lb``u)6)Nlg~5{DUS
z?RorT4DeRNmK8^nWGbK$2*o0xH$&J(;`F=Oa9&2$HtoL=ec-FUOLMOP(SO5j_<$4&
zio*DmPKMO~njoMr;#XK;2NQg@za!m0B0;zi?D>K#<^KUDW5R+Kk1{DI3j7@;Ll2~+
z2n=Nl{5wFUfYQ<a6oDdEd}jK$6>lv8nE!;@fg&SVQ0IpEglzxcf&#QuG%ytWPyOj%
z7vYuu--qn|Ussuy8Ocuk`ac>2kG}Dbzya+7(VwDKG@W1C|8`$u0*mY)X#hGF(B@11
ze_e#haxiSuG_>;HF5x-C-*r|t!(s$*{3X-;=SNLKpb$8dkn(NDf4lw;IywRW$LR0|
z3jD9W6aVj4UtG@tauj4_a-d9f6(2nh#fG@T*y@MxdRTN|03M5aI1Ubu-j|Q`dMUC=
zbfPj55wyLR-(P|yE<~{CL;&wNEax_JNcr6txp+An2+{wrQQh4fWMyS@8;<6e`cd~b
z29GLp{CvICZdoi;=h?@zRjK8sZb<nL1}F12KD$p%2{@er_cQtJ3#jFiRUQgQJr6e!
zgqyBBKh)i;<bOnIu$}vgLCz~C4KZ&1%|Uw@i^3oTrB&xIIgpjCGPfB<6VDZWHBGHI
z9f&EmH;=_L1nkf2y$@soxzOpmtcqB#<nr1rbp*K`FXQ7IfK`RR^5YKp76gYA)tP50
z+xI+N?+3J=Ww+Y5r?RwvW;6Tzc`8sc3hrF~01msS`CJvkR-5<^T8~5JnCo#`)eWY6
zJsqAS4j94UOZxJa2EsQ=PJCbBojj&qBj&jX<<sLc>LiSv&c@q=b_}oXrpKo+ae*;y
z{ysyLV^z3QTKeT$PcD4Evj^>Z>74fR<AV2ug8UEo4;M>c48G$P^B~}7)jOFTl#{K{
zb8~AUXHTT*LwW25bhg=y4umoTF{Du_<Pw3b!8w0O@5=N4i}McU*I)RQk+ThrKtuf(
z2WhQXLPa~BhWx62U!}77@*ISy<n0J^*(_S8aN)OI+`YN)eo|nm!ISuMPypW1(oTK{
zCHI%ZLb2O9LVNlWaI8d9Ykp9Qtgs%}70%LyQJTMqiSz^skBX0v0KSrfD+-NTv#FT4
zh~K(JaUe>lEYGCW$`Lj5rpN@ml>K(7@RVr7u_lt5*Y?H?WUv(r5*yr>KyLpMw^=pp
zY7N3@YV~_w@i?4?_z-(8We5bE<)+P+sU#~}Y)4p^X3+~MnNvOyjxE9fh(Mz$GS4i8
z@<E}7icM?Y!px0C4sBOTJa^eYy>CzQDlKmF_6$8|8*lI#)RoibR9HJCI-N%sT|GBb
zr>H*EcVXQe@2l?_w(<?Li&Ch=lW-CXKXJsFk3YuC;;|}L#rmystx2IDPOmgQ>xKxv
zKjhW<=@VinFx{iy7U}t%acjBW;#=ZW5NWOYYa_8g1JV&;Jzp*Zf&v*3YpfffDDy)}
zC~$m<j-5T;zU{{PaHXyl=iOiMa}Wf^_ww08gT&zY@$6?1pQ~-vaVgucr@Kqms}a;Z
z!I1PrTa??tEPBi$Fu`cr6e%|(D$;q)zp`cX!%w5mmctj2Qf#i-GUk30bc%-XHQMB5
zI#^sTpjNd>vD?k`Fo;c%Tc#V$S<O@jOz|=6)dvqHF^jW;UT8)QtCbZ_?eByid-L!H
zx{VdxFdA&8Bb}U__W#R2FP05-Tu&m4TYdmRcrBdMAJqyX@n?p7@vFEDeUJ3hI4xK_
zy9VU$MZdxOne6x?lsyjo7qq^9uLkiAXUH#@oaJ8ah1J2<ddl*<GH!?jZvQIMc<7HN
zp2}D*a(ItvdV$c=09o$}Vu(4w)LaI>H24=j3#pxdOdLv7$H4_Qhj>Fv*$lAw{s8XJ
zd)ZmrBs}It*<X0<e}bok74O<Ec9%H54<I((!rg-e4(TIrAI;^{J|qg=KMjjCbb<Ee
z02bM?tA678e<1Y4kS&Qmi2VU}i{~_r%O(1}$_igYA|@a>Vb8!T<YoKTVlW$3i5OBE
z3JrWH$gv&uO8w49c^0eRuQV_aem$HiEqUotVZdR?(p01tcDZxxjM4iK?i^bm3dsJ0
z;s(iQNZ}797rmtqIq2YbuxLGf6{z`nYR0ex%f^rmyk3CV<uX~}Osm<$qK3O%{@c0a
zQ@j+zh@1yS?uNPP1C36*8}rFhldzIJ>m6l)+JitU!t(-@`~C-?j=-N4>3Q<=`j9*G
zWDB1dAV#nVa)7`Te5lfC`5-uoOIc~KAERskR^D$N=5Ea8bSBQIibd^by{vsVIjl)o
zqaEIE-R_uL{I76hae$&Lg_>9Imm`QGDL)-B6AHu+_1l$!Exp_Ga4OcQL;UNXEe;~B
z&~Ayeo-0-iVigd^LhCs4k&>oP5XE=s20<D3OcL{eeAd1*%!`S;x1ANw0l{SU*>R;%
z@_b~A@s^Y;=j=H1GHQqYtSqCJqQVSYoXE6^G!*cIoRudXOSl&M<JeYb#82aB;Rk$2
zrDk7PY~}D1h@ey;rV|pOpy1I222SrXGepu0K3pX3W#%CMxQ)~(OSGz^v-zA3_CVxI
zeJW$10Ky0ONOY>?Z4_V-m1_)MEOEt}efE&~PKz;fp{4Ieud%IRwHHIGK}cg+-d%om
zueCN21@Tr;&{P&TX;^_`>^Wa8cP^p>DF4E!iy{68qn--I73bA@L~FGydZIGgDik`B
zj=MaQS7m~Q^-yR9X@HglY;jq?a8L8;LA&RZbh?FT8Iw7rqQmU_Q`kd@zW7UN0j`h^
z->=spd`%jc<^m#>xr|lhCGf%v(=}pn8e1~M!Jz)FP+fbiK*C_jl)i5RyA`^EMbbiD
z&zN>|q_;vMDe&1Xvdo$Z7$iK!@Z&U0B++k#yYRD=p&%RMcKeS?MV^<C+&N}l<&4D!
z%h^Lt4*xF*qIm@LFLSky4)ZVTJZ_-Y+EjSrtbTN2tP#xh^fimI4|8YierxhiTm3*c
z*BYVesK^Wq#jKp0SW+P<C*H|NSot*|h)^w?TCm8S)#iHUIV{Vsu+jrWQJmAR`Jn)0
zJ4ns2!syT@N$&g5BKrX1Ud#DR1`?r-2WlW}$5MQY1-!c`Cv*EkXxm!t%Z}3x59l(P
zKV9Ltf3)J5%k7xCSG@C76={!@DI}<(5lz7Yy==pgD(Jtz3-UA7_%h&Tcd%oTRk+gz
zE2%HMHOo4}VbHCS58TfhYWs=AY%;)!7EVz-PHAbh`Cdit=0!<Su@FSSg0dc?&#5y3
z4ip~hw8mc~o2bPXsv}0c=?+0Hv9NzGdV2?fzZE9SbEt7H5xeKGQCE5)HaN<n-O47f
zo)4Nwyx|Ws@H$aAT*(WY%75bX4NY6X7SwwRihSF8g9ObN>!)x6_Z?2QUa4Vf?p+_v
zX-sAuzNUvP%=SGn^?>MP<ZBK0f)|B1Hcczk>d#!?R0Ag9y9gnowCO<C3}{%fjRYHE
z`*A$h$#%F?&V9}w^$xDKB><V3=Pi7c8KdT|=Z}>2H`zwAlR`v%u=1?g4g-*EnxCuf
zUdoSi7055|o}pj1ct*m^vDHjZ>vr{n^xB98j=xPxO(ZH7s#l`mx%H%`C7MBfp)(!N
zY!Aq-t*xE)RW-r!REULld&V^0$y{<UQ;@5?xc5gcQ47Ox@q_pU;G1R}rKc+oHOW+x
zDLndyP7!9T)FDAX;UJ~3n=+WQaTy5w51hV9PpraT+U=w%%HsC8NG2Xx@$35Y|KQAz
zYYVepH!+SM)s5;lmKIOwEvV2v<01>WnMogg63aak?6Ge*8e)A3=_lN^!y3sVybXrN
z5dr?s-@8o})`id4fv4&<<X%toy0KrH%Gu(&WG13(?Yigd4vE!kCB77tR2R<gVq3}-
z{(-M6$;#&^Yu8Pd%a~e^j76h*7C4|Z?Ru83+Bhd_N*;OHuQckfa9O!5(-x#c48jhY
z-RAGhpF2x&6@i_&+FdafzffQJDpxoYuH2s2{I#|TB{mX}kc=ieJA9SshLE$AhlDBB
zAaDS@HHEu477I{(t3#`#F?>AwN7Lg_;Sn9z-^Z|{*wyx1^S$?Vn0m*H<bW#=IK%Mw
z$Kl>PU}M>`>kV3=I)An2wi$9s{tcVbxy*KNtCdi6^*kL;H#~cVy5C_)@VE%|`Z-sz
zZ-h4H#?^tW8*FM_XK;ndXS7fG-`DlKAy1oYHZ0_#uOFYo?b{y>9)d^<LjH`INN&6k
zoDkac@3ov<L(XWJ4Y!*}!?8sKv}y`l?hsrux`vcX0yTWfNT6n|GycqjvOef>k@3(6
z6HT@Kr+YyO=(&=H{P@-2E-B{aYnJ@)OtbUl2KpJ~*;;Ca;E!cT2%wL{oth%Yg#l{_
z9Qf6qN<ThG-isJHb;;gDCmSduRa~D=>f>`;4XK;fC|8+U$avqt+=DCTXM?A*GnH0i
zdJVwtjPItdP?MQd;+_A4e`n8$#Gs+|dCP2=%pTKV4(9Kg8)~sl3pzsvXyLwq--tm3
z&L^I~IutrB&))ZMqQq~nqmJb{KmJg_;#h{}kY0-Oa61+S4(4K-Rv-PzeAf-UF5-|5
z<Zgz$bDRZR-BkEjq(Bcp&!63fb;DX_F*^j<C==;UmmXqnue$@_w2ek`pt$n)Mou%H
z2!;v=pt}cM>d&1eKUW}4?$lr|jWwWI<p`eG?pwd1Z<La|^x_|euW-*9Q;X14-im+E
z`L=H;n`*&8#7^_Ud`N&g?prG4q0;--b=A}2XODOLfI-%HyT!uv;#&JSuXk0$je#Tz
zyJl-23o^q>OB6w$7eoV>%~|lOL5hM4>*HsO9GEEkhR--(jT&J67&V^>2`%ZKg}bBo
zn%$_vucLE)%kJhq3*CEIFSx^QNqNG(Tu&wL7S^d@y8DG`6(7pGYhaYk48+0`UsIHi
z+*vPv^-pZoZGMNcHIC|M{FzmTk}H$#fPJ;5I)Ev;XH@X<CW3T`Up#cO_4xtIApDM!
z<?EV}%|=M5FHb09+wY)@8u)$aGt%W^=FB9xthdVkZtdI6_3yB3fr6hZcBe^XR?rC^
znuSXP$+8ujZT8d0Mi!Svh?u=TavyT(hOYe9yCT>w2ZY$a9gp71v8(%VKfS&zbgA~F
z|J0W9@%pAll>QwF3i-CF7EmK}MMW^G7?c~8%z}+pK^ah@(vH${zDE$_lL6M)StPBw
zU-R#ZDA}^HE0GEE!a?^LPXmdJwbw)M62&JCrbmI<t$^gW<rrO<a(2lTdd!bD6ll*}
zlu9Ne+eu`)aA=#<kP|~YsyA`QG8~BDY4cHno}Gn#kjlgNHO*l?Oy3IZaCG=n?;4q?
zB?Dohnl9yPGox8ib1sjbC_Jx^c?^h~*Jy17FW-enel+Pe^ZNO;`O*1$$&QtMh&lhD
zcMWr)idpcXiven@LB!mrO&2td1&oB^LknUzc}RO?FzGRR&jyr!d`oUt<8?FMNWi2T
zPBrvnfy+p{elr|4uNU*?rCQA&UgS4H>h!=>1N1{T8_@C}#CFRtHGve)Rti9o@7pfj
zX3urrp<cO*_*z-Ol=@a>Im8Wu-ek|$F4f5hd+wLL(U8k$;0Q1Zk>w>Y6R&zCJVRDa
z(aI&+!t{!VG$J!uVXzFeGID9Q86_*&`iDdh3T5&foR(%+MoWoMWn+h9!5R|<NrfY2
zD3D03^OR+Or<SAfdM?wdia_s1$`hUnLIdg=!`1b+3E(1T;|f0tU^Hf%%RtYZ0Q926
z*Go{@*9Yy2{k3fg&jIUB4Le!!<8;XSP}T~%NemP15B(jm14T9xF$D4Or~F^rf6iW}
z0=%nUlHMXK0aX_M)s_jspDVl%7lCc{<uIw1&uI7`yKe!oI<7e8;-(qEMGmXa?t{v;
zDBQku(60%7!Gt-sO;6MB+bWi!!jgesZ<`n$n0#*QMtjCQB_7$PZs%37HE8l^dG8Be
zZ50ItLFNnb(f3!_xjwa949liet*bplc${faUhOB$GHB#OxNO7}ptV&e8BsFQeW85)
zD~NgTP%dB}vDB+nBZiXvl7<8x(F$ZTbhws3I4t0PZmc1DK3Q$wAGOag8yGbmQ2Kb^
zwQiBPYC~PUp`8<mVD`An*oNOySPYQB$r^ClE972mz&6AW!yu2)QHHM^5{6ci#*j)P
zc_1wXg<*ORz5jlFscu9Pk+6{y2GI2u?hNudE=G|}=0d;TpHb1HJYE3_D>_CZe>_SW
zMJDh5*<hoBy&AQ9I}My5KW3o7*)DiKH+Z&RWg?O&U#WhtQv)`hsj}ccoNR$RW7ErO
zk^(6%kQv75df~Gs<h_1bxsYtdJY9=@FDM?>p?gRmDC?0!o3(AXXETTxe7HhN9oP|0
z2%9urG*hCca(1f!S^TX4Q-LhO>pd%QIt;CHTy||iR$k;W5blM;@p$zBJ&oJ96wUE%
z9ME>>OV-+uB&mu$+g*vvAtBlt!sT93oH){OzfM<vtJbCzPF9k_8#&>2k8_i+okfi;
z7*e^|zaIKN7MRdYUmZ-V6kM3~9b_@QMF$l*R)N(JW-EZ#0CMGcAu@6Fqq&^p-(>h8
z<%LiZ(8svsn=o;SV}Q@JIqHR08h1f%2x`siV@VF%Z91KHdwsl{<tgb1lI;*^hih#+
z?>5spykEqciYL1_$^g1!+%{8eIw>94pWt(cfAK)dv??R#)s6>1Sr%x7oSQiTmkf8K
z3nQz7RHBe4=hV`fN;${$C)v6}^`j8$&3tR@#{f255-mY+CtU4pGcTI1Xb&U=f1?k5
z&jDBm!eDelZIaz`V{HUGZ^3PRt2BD^*_Mh7#dz*Z$YanK8+T_R#XBk%i7M^|$p%tP
z`-8YJ{YNT?1tOv*H>oG1!HOr_So1{D+tc>P{i0Fbz+XC>xe((hAI8ALk%-%c;w*ea
zgR_t&kUFp1Nm;kJpqFRI$|AWL(y*ag5{AH&vKKUjB!$L^B0`qq33UDAVzrhU5fK*}
zl)wyOB{K#st>noVB6f2;nF}zcv@~iDdec=n95+IQ_Ks63=~gN|%_HlKfUETkg@+j8
znCAA(3s|GxuSY4^EdW$5__!JRZlsj#{5f++1dg@u)OQtS1|7ZS%e1+QtI?XDBv|No
zog8fo$p}WU-%6bp0)lIBRoMA42^w7VNbKkDVZ>AlA9<a221RY=9J0Nbyn6k&JG;bZ
z8ckoTY_!eo;-~iI%g2fFz0nID|Fr(*_a?$>lQef+f3~<7b=~$O`R5so-R16}Qh)kd
ztta_k0*2kb-rP6&>EGL@0(F{f2^{@z$0jzQ)NxAuu<QNhxLE^9>M<(<<`@$Gn7L2k
zO4NY|tZMye@C{?Q$Li=o^>$0{IOg9?`+;vW_2Vy)R*@mMNSFyQW6U?%y5*L}M8!sB
zr%J+EZ>d`fq~8_YRH-z4m~TP!#vG$#S-d6Z>0I(xDnxHH`}x|ZEuo6SN)?njV>UD|
zbbHt=?6UqU(6pmz?G3}^#pSCu{-$3Nr$HVE(PTmr2Awi@)Mys^z-LzjlCF}MdjM$t
zvCfZ2c*{GW;N4JJHA9_Bd$LJ|U#YxnZ+R<q)T1!u(B|PL%<Pb>YwL^D4Jka3oA8SN
znw8t<TZ!6ZC?l_vcSn0Yu=r^sPd9{=&%{y4cH5HZb9RT#{F;h>u-eN4^ow@$_bYo>
zPgIci%SgCj2{`zwQMKPeRc{5dEQd*$>|lKF58!$IIDHYB^)5)E{r${?a6ECUG1S9?
z!nWSq>e;(rQ=cj*JRk)b{Z7q(+w*wusr$wbXKU_7_0x-PlL|V=#eP62EHz?GQYo%8
zFX5<o8q9~o*z@<p8SG(CMj!Do%slQWWia+st*Oxjvb)*Mmo%9@rF???v}+<iT!`!i
zJjSbJo$7x&`xH-s|LLa*HMPQbZ3DgitL(yP;_$sW{Z{uV)=2a>+%@jwwD10sOoo4{
zxM|)jbp^S+JgqgpKLLxwvL1{QWeK_~l6^D0z59{g#m-Dd_%wEjh8QeLATXZ^d4z5H
zjeXw6pCF6}?mP;~h8q~T9Go=$u+^2cG_hAGm#+D}bt4wW1X(i*<`O;KFDcp1`Gy1~
zkNul2R4%cGK-KBN^)C;{yjOxC3CdEkF4plMytVOvW&kGHx;mPHe=M2sSZ0*gRuYyi
z7j&whwyr}smLZe3ctS1CJ9rMYzwab5lrmEqHhU0+MD_U_UmvV*<Vp9H=&TN04EkQb
z*1cBSA&T|(G!NTrf01KFw9m627gSS4%)shv{p&BUQF}y0!8q?dxxbxy$+@^?Tl%&x
zj=mRU@lxM704RE5)M9BBf;4FdHU|lE_GALaPx3z1N{BiQvo5{E{7AX3q1i4Rlf^@S
zzC4vD{FU^*JmRGHEkufaZ!8b#larSJ+I%*2<>Xil=;oi1w?C=cBo}m(SEOv1!E**w
zONjf<ouFEEn}~d5rQqU{WnLHi6wy;vD|c&zoTtKbHq=`;wI`dDu<dAu-ku#-IG#qu
zGDf-MpMp_$axtEqgp^Mz$IS-#^n>xWae_gajs~%iwS1@R6Hn$2!xl|379Rclh1&*0
z=F&M;rvCb#gxeiubn?}1+xdCeXBhGei~FEfmwQ>y35~X^gQ*A}tnbBMtlY0j?HK3!
zV2_ArOPeoHzgTS0qT+l#d|A42J)k7_Wz#cfqk|)pUIA;h)gLWrAes;|aoH>@U+{c6
zOxU{`99Vu~`*=FnniX#S-dUz=)hdUtrxUkS@Q(aTH!a~yj%k?0ahVl6EW4TpH|xMW
zzk9p|V(55#tLp|AqZlgaIWyV=LiL^YBhtjuK<tBvhn8o*=CitI{}#62{Y%@<YX;SQ
z`fh*Z!|AkT2a#`s!Aqd8W*f_;zN23P+ugi6f~+9QcWUv4>|9b=adg1pxs%3mVUK<z
za8GQ11YWas0m|fh`o$<mOV};a46290*X^W^PkEu=?T>>au6DSmsSl*H<llY-i_}a4
zXV;O($VQ<L?f&K=0LL38YtB9r*of0SesaSy69z3hRvZLvIdOSg68Lp9^+i#LMPk-H
znUMeB<#?Ti)$c%!s|L}wqD__;KdW`>*jRZ*kP8BN?{77b^5k}SGL_|Znrk_iM_PZI
zu)2iFx-0RxUrymU4oloy@LsSXd~MUn+dAM}oA1Dwzm3PjtWh?MM$j94lOqp8?dMuM
z?^m}O0{nr+c-siT-X2?wDYA*vcA*C18N*)-W?X|M&+h^u<I6A2(T#mW)Xjw4&?mF~
zb|Ua2rF9)2rms0RCPpCj2*K^~3hgg{>SFE5x4AShSxfHE#GS7<2;b31Mn9C)mdCJF
z_SC7Dd1(*}p5m6OSN`}Isrk~Jbg?(eC?j@axO-8)I8QR*VdsNHboOREBNJG4Qgwlv
z1hRRN(aP-=h^@;`VOh%^3|~`q?R+PV{m@!F9UlGSy>p09&u8_0f4oiYk<ssqeA-M?
zv*?Z)+VozWc;|x*crP}Q(%0Liz!~@~N&52|%_pBqLx9h$FU?iE*ohz9&AAsHfbbRk
zHGwWC)~;AJVN5qf{2DfGn4s@&LZehUCh|4?Tbxv4jWXrvhv<EpDEyUf4ZjT%Q(|HM
zRUDcttKQ1BX0mYD16;sQ^{U=c6Bz@rbhq=~3rard%U0nJTE*T_Q?f-R>UwJ+n&#^9
zVk$LEQ{OHeL%u4t>_il2DU!K5L;LKc%{}XEDSe|re31{n-KSfq(5wydmA(Yj)TB;~
zQ-r`7|E2(teaY!TBBHh}F3Mdf&0-ioY_=ZNsqrq=>mWH<0*a^$SO4~hpO%AM1Y!;~
zSQ|3>eZ5sT<f@#J{eS8@>#(RAu3yvL9nv7}&?PAy(kUGR(nw1;NH>yFQqocqLpRb&
zr!+`6%$$vnKJWW|=N$gzx)}Dg_ss0I?sfmxcFL_{cc?W)7}&kJoQDiB5<rsMFzJc4
z38psnQ%HBcQSon<>2#_LV^ZDhE{sc}CG_enWBY<N?lzh=lV_^bg*q-7EQ5L|wqQR_
z`DY~@g$c&CUxo!7iWj(+TJ0Q)w(U56KWRLg%%)c6#Xn$N-kULWxT4|-aX-djC+T`V
z`-T_(R2_t6-X8wYTBw|&F4fw{adF!BdAr|je-nA)$~x7KfGyrQ`l#VVX@z|;-HK`3
z=op>B*qp4WQa%3_A(E|)Y9QmU*+PQz+;R@WAA3!qMO5i2oh5jlaI8CCgkGJ-z4by!
zNy}vqXIq1GGA10af?+vIwCimq-q&^m-Eh3Xw0}**XQB@xjuKy5^HPVpZ4l-B0<_e?
z^rIx4UZ+3vErZHfq4=WA9V&KJHD3GLHzwrv!Y0@SOniIAL$%M%#5w&>@N7EWc|}@W
zlSN@t2;?qkiXoebR6k$Ov^O0|>CPakUvj+t7OXPPz&DO4D6(QSZ_Kp@R=w`-IRG9h
zia-u0SIt)&gNMR`CU-`w)out)?J@%%rAk(YUSdSV2GLgNZh-^O?t#G+LiC$kLpg@A
zePYFz{ddM{-=55Eo(G75+^G7$vu9|)gR|AQbK2gBkZ0JUVFpTRCuz@$V;ua@w*-&-
z&y;ICkH4FI&Dv8&!e4EtLfTlgnr34+A<8EjR6?4+G`P_>S({S+lcrL&0i!~<O-59-
zIvza8O4(qyAXDn4nL($|rzcZlN$#+=Hr>nWx0W3Eg=E&07xUm5b!mX|b<5^3DjyDq
zRInlDrD!0mW6|5!MNLJ+Is+5C*nOt@vu~exXDNLU$T@z&4eSEzTw#VfO*t+!Yl!{=
zilu2r4ug=A?@I31p3GF`ud1nr2#nt37h3e)n_j{DAYUB~UmFm2>zg+TLF2Ck_39kp
zwV1A27rV+xNH~HUU)UjYA1pO)7U+JKGffFGEAR{KdZJuC26JFzGSV8U6}O{94SE=6
z6~*dZK%x-yN}N$)?3ICa2Q^h{oFPVHi%KYu@zZBJ9AOXAM}s4CeQA!yua^CyENhqM
z#L_?-H(W)%9G=tt8+7Wx)d?%ZwrT4363=0IjaG_iM?{?$T=)i(&j6cJW=Oa+IhHP>
zgG9<fCcCm!W7{}uDDj%pV<Ml#U$m2dui1C|8R<x;^+MB0p~hXgP=T>dm4W<I{7k;P
z+ZZ%%su_guKE}r0k{#;#fqEHuNBP~PZv8+TiiyEv!cjQjS@}zlg62E_`^$=TqiyU(
z%wV}WlH#KdiRp3|#;$%DQb-o`&e02&hBB4XtR6<&D1h2BSR%I;&I3J7iU#7<3+g$5
zAEf@C{Ro^Ussh;<B|CC_?|#DiSPgKzYc!^M^ZX0ddY1r31Cf#SY`D2~N2Umqv8a)s
z*BV^*PeW7A0Ch82{(DEcyX9Rfg~f{bMRpO-FSh<9er9oLY2?$zeHZ&^D(OYyW^NC+
z*<9Jj&MZ{H4Kf#dXqGD@S+7xlm@V%k^06{R5#yIWaW4r8k(^OsP)HC)oLO5!=Ip+;
z+_D44?H>_LBiC^tC@Cyz29<d-A*QUJvAeg-%Zst`1_wW3ap}{}h;Iu?Sz`2o@3T0=
zyE3kW*!Z9qLATmfl(j!8PpAVsPv6w%1}&T&PD9ETRc|EUDfuB`C@WDI+bX^!n@(ao
ziOu3&VWfzXx>0^;F`L^iP{OI{ArmV(O?`w^<^jyYX*P8NrjyX^R7%!Tq?1&nM@*F&
z4`8aNOaP{eoq;^Ri2}Vra1_ImJdR^jM$_!9c)-PFHLuQwJFTAI?z?6~zVk)r$X7uK
zyxZe><4ivMah-K-GwTE9lL@ttvfO26AI*n5Y<q!N_K2G+I)8s$+z*mn#%(Rqeos_g
z4(urP4<;$tM(e@I=SeTis}<lT@uZcn%LSDCohHr2VNTASQ@^e;5Tog(#HBr*4s-Ep
z?4hCZ*-2+VKTg;CP(&GJrNXHD#axSkZQftZS7?41gS+f=7VFGPJPeEwfxMK2Cgq-d
z#KI_n#sznpxd*2C>~Heb{7Am22cG<>@Sj^V|HhbXd#+Z3SySAPYLxos7rar9WBDa^
zC~+|lhpvpE)0&BU4G#I{^AjQml6e?!R)*IpIEB4^quXZXP`}#=YtFY-M#X*|Pth*k
z+5$~lTX#|@R5iQrr9HnZ1~FCka(IU?=v2IWpG_y&{fIh%kY!VM8olkOd8=hRN0n3{
zS;e6L!a&D{gACkrp{=#eNfK2(OqkYbLrk7m;N?!ma{*#x)^{dW$qZ+7w9Fjeh&G<o
zW#oC2!IlW*_30>TwFL!Aa2;53ppFyNq3D(=n>EN~d;5sPymR~<Uov(ns8eNxPw@aC
zw6FWfq}JqeeaGnGs{;FM<k5XPT}bwkUS3Zz#2NiAy?iRdw(cm!VOoBz6SI-p3kAI_
z-#`uzNVP@?Pm8SpNZBJ513;QM4$9&j3U!2(P}zTRF)~;X3eaQ`C%ZoR7p++%ym%pw
z&GRDYCFA7ZzYdV;K!-#13<Rfn3dR2S-v@rgmFw{CL&}z8Yzl_?-dX%INyc5J)#b;X
zUej({8iA1#8@%FZ<+w8sepZ3$=sj3kdsA${n-xa?C0Ss)Oh*~?!*FY^j?>yr;By3S
zFL_60{LCNhMh;3;$Ded(uNX*fjWe}*K6;FqB<?hMFvFpq5&D#YXSi~qeD+<>mA`Kr
z9_|hQ3iTwZUY>2DQ4~lw$rd%RN@IUuOYyoSRY(%5XJh7Zw8mE^tx3527qh+G5OS!x
zo-4ZQdd^qKtXcih&e12dkv2}A1?oeZA>d9xu}Yy`Q`AiRWx?aja!}FrFf3-Tq1c@M
zx{=ktFL|uVI3?dJD*u=DZX~CFq1-XCl9w}sLs&Q^tsVOV4EA*O1~Zf4JkNB2hHOxI
zVB6hQKdLrohvQPM;F_dvqdPlGmv>voFi$FxY*6bLupv}qvs+dboU>FSyNz`!8tNiq
zH&!{o-u9k&XaXJTaFf3T++-LRyg|1PrTXVgYoR$liH#yvG<OpuD=})cyHVb7fe7yA
zn!>Hp=)`!8;!YUT<+hAuVz=<lhZLw5t8-sy?^XiDFrTz|ybIoXnX3SR%4n&}n$+-9
z>eARUld4C)Rx;@=NHmh0D^m-?wEIjrRoKAHr^r)X&*%Q6Z4hk2jCa3~g6)`NX#~ZD
z1hI2J>ru%SrO;wA*3Q~v_M1GGrMN;9(^6f!)rmW<;o05boUV4D7|J<Ro2y2B{&k(0
z`E*k3@HTgSEoJNFrif6u#|H|&w*(bNjmn6F6YRdp0}@7_Yb)%-NYNkzmXRFrIJ?ak
zr|Y54)a}s>o@k;^j*I#zx<Xp;2ozth@W7-_Frf)2g>iimj6*&La%fnMv=Rd?3Wr}2
z8oR1^Y!&K_N}eib5!Fzka!c5SSA<nu7WQio9%GwIU(cHSXadg}hZ8o3>KC271@Rr9
zbs=k#%|0brhzNh7DkdOb0}=Ai8PcqD$aE__uDA7XJnbZzr_vAED5AvwISuV%2Q6M|
zY%Z)7Kf<y%#-MA2M^x5ehOBeVw>#q);4_}XtQO7qVlZEe;pvc0XwwBanw0x}q5E}s
zfmR}uEWpPw_+gGk5d8%#g9=I8=66YXi#d%K*5G+nvdMT+ay(P8NnKtQUxrs@U6A|H
zenG!iJDeltr#Iaa+SyN+rT*GAZv4raBM`O|0*`F*5muyt*0btht|-X>%M$rH_}5%{
zP>@iUPLHQMR#+fX*5YbWZ~{l+ljgTSKl1MLtBMfCn2En#U8S)ZhS065?$q;D4Y0Ak
zeot`9(ee5^3$Z<cUo;+QKFs?Cd!<2WDI<wT{_%Q<=`QHlWpG3ZZL3xZBU9{6jz{0~
zM2ak`zI^=7o{8A1)6VTGaJc0z*J~;w<Y7_u2_R*=+*Z~<XPv)%D|iR=t`e744>o=R
zS}mSx_at&M5V0mTDsCSXhT{dx4%UO|U2b@_tmBI=F|N0^{>7&WqTFNe@_tE(g?6{e
z=c?rG9=PH001(W%_3F}Fa+AzqzJ>b}elvDnyTf%pMEOC5tNx}NfLn?ff8kc3?y<m!
z1mClcTnwZc<-_eB@GX<Tnn%Ju36@|z==35;<qzL_+Eq1ColpP|VgFtUF8GRG>?6?X
z4LspTc`QvI>hFIn{^tJzTG^``-~HFVR7tkzFk`pCbOhiZwc{4_zt<R+xiDI{Y7e`<
z?tmdX+6L~wPd$+@Pkp>P85L7UxCRZ{-0i<azSqA~e0}4%B*QyCP=HK^mh62@vQ#?;
z19uq|Zd2eEWx0+=LVKF~;E;}sNmaKf=rS-S0K;jqc0=$jL7eOCy!c&mwpyo)1wg!Z
z`$oynyWeXiCs14qJNa|%O|_MK9&}S%@4in-=8-qM;aJN<;I*F?7jFDD-=^=wYd6~z
z+2$>}HZ~_Bj5D$Mlj%9@-QlW)kU!+ensW&tUd87VT<0qS-oLVhJHWqA1o?xlUI~w1
zXIr7dqXe^gR*H;awO~<-zR=^g`jmH1(>;Oib~tM!45k!)r<oN-y3|AWP?5=x`t2Ia
zd3jt?EQ3KY*)IF|3b?Q?Ho%7|fs(r(AY4;@FU6uX3#Rs=_>6Wa-fSKYls%UHrK)6<
z;sr;AikYdc$G`*bHQTlO+l1?aZSQVDZ6qi%bC2YT-qG{h;`~^oe@ZF7AB%E{Z1JUZ
zj?pn{3OIZ&41r4FI$v!$ee~ilxiWTmaQus^4ql4n_Rrmr53q~ecF*E=_iXGfKY%Aj
zn$LD5Qb!0^uV_$mWI4SuM7^<m$AW!I5@n88ksd_UABeHgB|K$63|2g7-52!74!&uS
ztt->N^~46Af-(U^<Yv<*K1$Ay)&X~ttA+?m+^s<GpJMnGSy6Sc!%OGsW&5qcU}B<A
zUzXQ|)Z&!YC@%4K{9Ey86pzi#To5}pN2|FRPHlR&i7AoVe<3W&P1X(8|B0|3R;{ER
z0EDISu3Xsp2mp;dmiLUBLCAq)r|4F@rzxkj>L*jhij3<D5yJaziw1T~uWBkubbpj+
z_of=BP=Zcgu<-_3Ak^7LSU$2PBuW-6(J-gy*vuL;3WU>#9TTX={1EsL*D522*l&mi
zN`3s*ZC2{Tn}n(i@`PImkG|pM6z>9^A<OLPP9K$U;@1nY;phkcxZ`1B_)FT*oczV+
zx08N+O`iu3;ew=|Enc1x;|t8L5l7&3MFN;HN~QX~RDO_@ykJZ&8T@+RePJ8jsrdrR
zyrP7!dE)b;Ens^_&S5u`*M@1gPdWYZx$=gIe&>Vq3SCEHs*TGJQYmnQFW&#ee!oXj
zIf-6vfdzS!wTx|aqLzd#puv-*aYw$vLZ|A<@!j=^c2!_JUBnUAex*68qB%DaTeJVi
z{KOd8uBcl!7R}64FV%f~%sY^fN<0Dr5%x|^W!IH9Chs|7d00P6L+UBG9{Bka;1{=p
ze|Z)EBd<DDBRzwt;?4#Bcq4opp3$e+B!zZ1h6(1VYkY~70&9I2n+^NpIJ0?)W85<Y
z+07wD0tt!yH&uE_vtKB{;8{F%>Rw@Q<6K;X^l=osjL>uH!Ug)Po)kxoPm_9R3cuwZ
z5Cc7ou`81N$gBEZW|SfmcNfBv!pg`!ks?-EbnkVhaH_g6X5e0Z?N#&I*=EJ$1oby>
zdP(bkYbniX*sk><p}lx7Kt6<4PBu9k328*P8JYN8rpskthQ+b?it)7R?ZtbG6dw6=
z;q3VpUBAgf`Jd{);nNis+;^2SFk~o-!8KP`bS^Qi)vSKNN~8Tf$_r0xmhYb>XL&Ft
z(OA1W%&wMw)q?OC&TBBW-q#MQ;(mMwJNi1xDng4@i%GUOiU3!{H>OOhMCL)pHK`Zk
zu*L#*isg*SrEo;WzvVIe;dpHci9p`P9~kx{9uEwT#-nDCj)%eaPw4tl_8>w4QXBs^
zz7Y&Z#pu7}u+rXp$>6~gj-%+!@OWmbv~0h>H&oj^-LzhTz~^rTjv~>A7|oBdLi1LO
zZ{IsJ5NMwSINYAN0_Wx!H581`sDcVg|Ddm?l;)^qS$M>tl&o6Y`tH!?%V!#CpE_Hs
zRG#HeDs#V3Sf>BtEqclcJW>bGUSt+M)$gA_V3zt8D<8&fE30XP6$l@(k`(!#2hMUz
zpX*lBt&ks`$@B4!ewk8f)m~&OA90)aZs+e!#9*CyN}wNUz64u!bmH_8?Ma%XDYwl=
zuZ2In15cN#%hZrcJh^c0`F!vjDDCe~u+1^)QiDnO9X39+>o?W3s(x!*C01zf<54gy
zk{V>e_`duRPUZT%Spc*nreoS<C7apkkkT-gLg!757R?Y$1G=6+ab)W+dx%+6-k$x!
z`g}jkv;Z!FYo|E3aRAq*NceL@$D|0xi}$w-rg%Hhx{WbKDEF4RTdb8WWSwC;U!IPy
z<QLNeF0Es{4PEi&S(n%;8X~w{$A^l4ww$S}AJcVrok38j-jU-vq-&)a48gk~wnM2t
zr{oi$E@1+O{|X5#E0qsL)g+MMTde;=M3~@KuhWQxr_l<gFxX{U6&X)r{N3-pd$$`U
z!|7WL=IY4nQh*(e{dZdbe{581^YuBdoNK?$nlfS(A+r+v-Nh%u@*e|F4R0v@vvQuj
z(v``o+XkUX_0&p`&;&-q$BT!M2+j5Pso{i5o(p>|>b`1to6>5*lFUvgys;LH2p!FA
zv>tA-PtK4X6|8-o#9(5>_mhYcYv1Suy%?jgw*w2ww7Mmr5Kd_SC>2zUU#uLN_e5J?
zi9|%5Z?>$*J0&3XnK6xQu^7oL?a>PrqC(T7c6KU>=|Q<`C$Vp!R!wG&0s9?0<1($J
zjph8CsMPU}##@2)I4Spg){E2{;j?D_8x}~!719J5rBmv5JM1gyl*-$XC9Gr8MKH*)
z&D{{gilO7!sy{akVl~irNpOe3V>|NI6XI!SHbXg&2~6r+j~(@^6+2Fn7`;*^<ZIM+
zmMYNKzABFr(-U4J2#Scs(|;AoO_V3`2i%Jn%W6k$4@9FDEtUSyfP7hN?nqxQ|5Qm_
zzigpT%cU&Tb>F|b(}}k6oZHil0Eu)~0CQ|P)(~)yP*|b>_h@jn$-+7J79p%xwJ3cs
z*1zh3_#$NQNw6SE13ACDtBrpz@~zv&P>O|O(92BU2bs_haW+BL?NwDrSO{!a6CJ0b
zJB`LAuLM;U4~#h-*6G#zL{K<HmHN)aX~XgVk(EjSS;^~v$V#5G$)<Rz9P5avUkA9W
zhFTG@SV7`A@P54ZG93y_>;`zD*V}|(oH}g!;90M(!ZFYOPNa}chmZe5RT@CY1@ZQT
zp8QlcVqOoe?r}r`_b8??J)6ke3R)vQh5c;<m22pKJ4s8^$yr4voCR2;;fX96BZOfw
z?_p_3=Ydm@d<XzRsGRV@6Etks5>Z}NL~K-Sk6O}9HT+ZhCw-#3J-PbOq!$Jd>gL%&
zcp*8YZP2+qw<ccW<yj9H-mmOQIbC6NylVSQdHBI{lt6rk59dW@haZ~5SRAoWR*oZU
zd-N4YGYN+Pr<+d&`;n1>O3?UL-93JuT=LO0#Nh!OfIlC@)H9a`F`>Eo?=aE<_5=Gb
z`&l0RttgG5CPCwjwhS}Le^jyJi_76s*R=UPe1qwa^aouB%nTa)$kTb=Ig@1gjU4$)
zI~>M&>XHT@qQ!^LKxEZ&c+&zuu;@^2Fv4B6%@+3Bx5Q!h6zN`Gjcu~h&P7BC@%Y?x
z)dkWCah?0fXkoYpka`*iDMC10@S8(3H;}z4h>yFK5U3W+Tcuw5`m}wA=T7|m85x?H
zHt@oLf~}XQ-RL?H4gKr=R57&LXO0GgoB#E~27`+ElVXTfw3S=zW+ONF-awQ9Xi~5+
z)}x)5=0OIKnAac1IEO=CVR^sHT7CWDdYp7n@h&Vlu7<7Hg+wYpOQYD27&VvE!7ka6
z4K%rJ9jw$^D8^hKLLI~FFoMYZbXvCGODm$;zV&nsF;_*5j9upE%>Hzond0_$$PxCt
zaO5*+o={Atj9$e~3O~isFNqH4kIq+`8b74ya2jzs-Um(=<>aw_pu&|8bZ#JN6qs3D
z+(#)?&Q`e0<5Z|?GYNX+IIDDuQ*AK;6`VV5m{FB&GSrs1o|T&N%lJ<d4!k%{>c-3)
zII>%0s4);AxBJ3t|B{*&Ljb?@EzRV7<vT$LL>h&Vs|d{4**qefz+;?a_E>BXcJ`}(
z{isJFiUIE3M^n_O_R{}iJM=iKfngW1SqTFM+j;-_eMei2INY-BuVoqWA4dOqkw6kj
z@p9#^5TgC@sZa8BEziRewVHM%nYk;A0$mtEqPpv3D;c@hfdOd{H~(6T<cuqfpcc4)
z;LPB@e~VA!*ZYNgy%g*#c+bW@B)t?W^3A?tF1#()Yfb2s)i;4tgS*hZ+B14G#}&u+
zY(ffrPm~@}xS4WIGe-L{^$%9Lc|4^W!(sZf>d!?d7TUZgGM9vgV>8|NN3xI45|^>C
z?b0<$OeE&~NR^M)>GGDqnf!`Ir?&id(dwZsd46gv1bI;y*dp}$8e$zF^#kkw*iEpH
zcGC-n&@@b>)e3#SVj>X#RyKoe4e<`6mrAIZC+ogg_wa1)ydu<T&v@V|)sf}GU$?1R
zKezF+U3qrd@E^AcfIZkn28}$k2%o3+4}UHhtncR6u2C%F>Dtc|V~HB=9rcwP-f(~N
z>03!r=W$e<rtnxg<qq>+8>{p&7X^Z-IL&(2AE(@o&XKe%j7e2$?vCYfTRUjS))y0;
zrAW^{sTA3yu*j4}=nl$yHEGJa<T*TI7;EJtS3?eeKQcjAjudk$?30vgUIBNuwl_71
zCrhf}bnCQ#%qF$mex7@^{<ba^!stla;BWY%@lSn)!^pl@NY2%Xu#k(IlH1?YN*mpV
zYe3<ss(2g~05)U>8jrG`9Z>u7Zs{x2L32?Yp5Q=~+%c6!LQcMUu~uu+Nx5EISyKVj
z?p}B9bTLap;M%hk+$?-nZ+LUe7d_h5MFYB@OQBM3_AsB{dHX_=z2<=(35HXegh8j&
zFs)kaigh$Yy@I$bGO1MhAiPUy7K>b;M*r|bTtybhpvhX9_Q#H$6XfzL6rCni|LLhG
z_otJyE+kF7)$X0hABsXfuv_wag&1OtvqR)wq>bV-Pe3=4Up#{iW%W;Ba&Z9JNLHIB
zA?-AwMgxjkYT{2@wb_z_t8w3a;eWh&e$Uh%yjjJph)n6n)OIcNh+^yvACw}^lG)yH
zrMzAx!QU(&0RUBBG^uo=(0%s=i+pl{{yQn<EP)zfDo^E+koLI2tea-e{<;=-))hsl
z%R9)yP_OTGSjKrTLD{RCd^rIl`<bBBN?qLJXVC%<_g=gH1N|`vx4HT^1H?!EO(Y#3
zsV9GG`zbZ36z=0C-RQk@)Ixkw56j$laD%?vOEw{fbnN#iG)0Q0Q@}iYwW?Aeo5pQ_
z+E?eofx)vHf}D-^t(jwBFoh1eLJu6cSF=M1p9qhPt+o(r*aPaZwKq!8GZ-RZMscWH
zt9Sbr6spd5?(&<|i1tb!{UtT%v`wMNTCkY|4%c(^E^RS<yZ-~!*#0k26D!StHEmAU
zA6ww|^dbZy15&14Cf>n^3KmZ~5#O-7oc$2DK$d^IMiq<eT&NFxXHqi3XXzhEG?I8j
zLb1sNHgC_*nAKmY`@zPMiiY4FuOcE;)oK)vC7;R7jFmzSEcyf8L-afpiLU%1Ge6D`
zv4`O%R%^KE?!I|#*7IA8?}r?X2g3K%EG`^jrkvl*)fjp>)I~1J>Qr5fW=L*=I^w${
z^`S@*<uUA9tQ0W}g>p?ckUbzI?F9Ho*Y6*d^mQ>)VL^?yA-mJi>|5f!Fi2#>NarNc
zcv`M<{D#hy70zN+%cFm^x&P=NB|T5WXgYBq<9x?vzx?&3=BS&^cN{93>yAS)r-1Cl
zm!B{X(3TXT?yO>q+bS&kYuHJhA6&N8DzoNLSyqY5v}q13_WN=*pl9m-)mzihRgQ1J
z9`edkJ`~yD_s8OaMxB}jBUePG=2)KrgX<6trN*mr{Ri`MUrob}+X-zqxNfG_2=}8U
z*)w8L&1d9}kw=>eN9;+^+0*!F;RjNY4Bm22V60ijFc#rBj?JpACgaX=-tjP4qH<Na
zu7-o%HA%?I{3fwylJjIdID^lII!E8*aG9N|>9@($&3G@^5{^v!HS5W1tJh!(VY%%w
zC<VhO;`{iHXTHfJO2k%U*#&Oo{_BBDl&FDLuM9RkmXCPx{(zl{|A3vmo{5;%0+`zi
z^8>kkuIJOi@6df-_#0L!v&;WV6+?;`KZ5)1GsV3;dm4ix<MC0SZEdzQ#{!$vaXbm2
zK2eMP#)W&^)BbRwdRf2(G<Wq~%cFkuVxlU?`%|G@-^V@Ya;SN;%NezxH?>F>K5d-q
zn<=DUp+m;h@ZtE4kfY0c>V4H4?{s^)W7_3<Z<P-H+7B~ML*TcYwYE@?J>%8af3Z%y
z5+IT_j|Bq)5_^9v$y3UxHCz&^4P>t^18VRQ1^if1`l3><NO=3U1dk?A0XZdc%et#P
zEL8Y3LbfmO<r#vn^=tNIBeORXWPk4bzPhJA1vtf!ZEev>Np+-F{?j{T^%&(Us7ls2
z&B*S}c^B}RuUQf;(J*+bKO=wFV2_d*1Y|2F>~msX;Tll0I$vwK%Tus*&VJIWOJm0O
zHukNwke3%V|JG_v`>g3IEXqYrkowa|GADeBfBTnK>iHU1_~7{7=C^}vMcVacJU-Lu
z0sGg^!cnSyhN?77>Xn;^U0TA88?wSJU1Lf{$C6|%=UeyDKV)Mm3ph8#60mRT?qBGC
z^(kuI(aZu&CfuIs_|s|c=H^-PFJ^{3)s<=$?-{@>6(<7Lvv<?0MM7p@7OXnN_m060
zpU3>(2MvM^`zyI{x=m{IHo~~j4aVw(d_GTnidUBiGAoq(F}CQ>LH;%$_?CzyD3;4B
zX5w#&T^U14<0a+Cp||XuUMYP-NW|vPl07w1>fgOlzHnwf@>~}(UAPt<GhszPv{LKV
zVh=?=Qhq>R(`f$?1`iB;JgLT#5*8=<ZKqWyW3o9C+V3sD(m(7Z$<reCATDQ;^q5%Y
z(%uB;&xe*@z_HC`G&<F6oJE~0Zz4}Y4|2qkaWU2m;ev!Pe)dpxW#8s5oW-2W)b9Jc
zA7Pu%UmALke=`KDZ=!APRv0bmb=~n$2)*qgVVG|whGgwQ9lxl2QRt~5Plb=^vZIJi
z6Vt?e-jtwO%z1{D@NSpme18BNz(PdOzgXz5ce}5a$REr@?bj<y%Q(g-F)s2g=Qfm+
zWo-lIRhwnDYZ>Pec9Dp%Bx2Q+r#mcfOqx?9!FsOF{fm)hUQ(&BkB86QhtOfSGyUgS
z;A3PxRku@~8MG2qM>ad{(i(ofk1J7c-SXcW6MG#Wc<O$1Q98p>jgr=yS~bLZMdh}#
zi{eIetIp0BM*c@b8j;fZt08sw>ZDMy`5U>8DnG0YpA~p^bLv7WZx|^e@$}n`ghjw>
z$&O0o8rx`+7^j4$CV2-u#}eH`LL}N`sEIjFgSODPpJ!=IYA;On>nrprvVgnUD;Lk|
z2bH4mLNptTanM4;aLx6UwDlfF?t5*Ao{kmpgea$KOoZi|o2N|Lh1CRbtd~IhORyyD
zpjoLJ3+c}93}b&K9fB&HOlbRkZB*V783}JInzK6Kwofh+?{+qfMS9Mn#Hqwc+=ciV
zUX4A&R<maUZGLfi=WQ?91^L8FqJ@^w^7|KpeMElltqe*#bq(!)8{bAKCK+*}lUnf(
zSdQU4zrV=#9)&J8gW;r?nw&Mh;WH{cX(HZ>{BfE9)`Fg>|0?6Pm8R8f_7R+Kga$;I
zn%2Rh=A@lEKEfnMkI&0A+Ku^uCTIV~pcH}Cd;F!px8Q{%Xe@4>mjI%iCCo5L(_Ebo
zxLai-ax02E&|{-EcivauNtD2I_1xrv%S4&<B?3SbN#pKN?Twb!dJeoF2e(1x#`Ru6
z`Xy)9W6$3c`mRXzHg|}8v&18njJneg<>$qXrWc}1wC0`oI`$dD_^#Nu0S{IZ(RFo$
z;lRFz?B@luuM4f(-VUz!UU&PZ@<Cb!JH(JEaAX5-vB_vB<HSFP<5L<V2n89sUaa$k
zQCUv#F}al`)0T3CF<+oq`ifQRgTOtD%`$Zs1tx*_$zsMv^L^aDjZWq{ojKmUpjn^M
zla#Ltk!4!fr7J4KZ~n_p;!iFZqWg5JBP^Zor~M$idF0v?0M{VTK3iF6l@>c`Onr*v
zRVpSm>ZN;_NH34qVBahw{g4RkJjpxuxOjiGVfp1sH8Ee2Efnt0Y2+q=RIkAGOzF-W
zezwM)NT3t@4<YhrS~fpLIT1Q||M8t(^|d}T+7adb>DFL(U)NQX8Z*YUL_Gja3Qj<p
zkhXI%bHTM7b0|HV22$tv47%WjSgXH;(H@loRO3GI=pfFLkes*Vv$)tpt8}bUjtb~r
z-trSzu3lxIXjISbunvEJv5sG2^NI1`+mEpOP6eR?nv5jY;tw$8Hqso`feH9b(x*T7
z+@q<kYEB5HOmXa0DEU(X*Mb35gZ6rO{QZor#RaN1%HmJG>s0#%Cf+zS7mMMiiX+o@
z!|cLY3ZA{7EUtJW8+MYc&R=keXgfV%{q`*7EFp$4PhCPD({nk$ajd!>@MnTX*Bdm!
zuruPw`;%1w5B&u25DM##`J+I`9Rtvzh@tJ3vfM69O2u9ioggjM%%-D)WopnxxFOCl
z6##_5s#Q^@l|%fC8vyRvMSz;vEwtzpce!O}faDrhfypG8M%}~Pk3NY5^3?AV5%b_j
z=Cb!4d&Z!<4z&8bR`}>DD01iz?Sa5vl%zp6HANm_&jlP3>5@>pM7+tb*?Rp0qmNwa
zE!GJb&wz@pRK-LWL+kyAt~IK#2F?o~R?(Ah{`BTDx7aG<)ih7+D5meaF>?bQFPwd#
z`548wtds|_4x8n!bj##Yww_&jIbh6>7h(_evY@eIe1C^c*{{CS2(QxP!u=z!M}H0R
zVHk_csI?x=d#w1x+Va0J+PWWkQ+cLz9A^B}5o`as6VAonVkEM-3bLJCbqFfRWL!FD
zPHT(7UDpe?YY5{rdcPvkPa;4UJ+}%sZkm()40thCtp%p=ddlJVmj?@s?o3A*q%udB
z`*a`!VS)(sjneGa$?g~&Vs5+$O6O;^a_#MY4`CQE@yqN`^2v6O+i<+Aa=t3vOE05N
z_2(T5Mn+yiR2Y7b`LO-7?h2slLnSzH3i^O*R2jcGYE0r5F41@k+G;bYzQ+aGMmW|4
zGtxgPgD~-FLgK0DBOEXGXu`e@pyQFSQE4k$E!{RQoZ(~n%SClU|0|o;#Ncc7{T}fx
zW#no0ZFm|4QDz*3Ut8F#<gm+WLe`^ry8xb-;iKtJw4Oy!%H-7t`XeQX*xYKF^TXHE
zdlMq;NR}KL>9ymd@6g2@vEJYrwYIA2b7H=yvU)+nxgN7w!kesKAnF)$Q2-)&3CtLG
zQ7l7&t0Y8kCAlb6Z-cVJ!P1LH6JNZYbQiXCH&byh_eCYyBNR%`Hqze>zB96$TyIE=
zQ!%I@|NNC3;6Hq)L6nNSKRZA@X{3~X>CYZLA*X*lA>Fd~;fEw36)kLI`hDD~o0b!@
zq)l_L#SxHL8n*Q4ZOmq`^;Um{&n&Y^ScP5q$ZmIY9~-g_x1EJYP}=KtNh@G&-NNn-
z=N92NK~Zg{ZG!!)(Pv0z1@}&#9*R+X13ikrerMU#H~I|XxnB6X-uFaW+i#>+{cr**
zIo{m#i0vY1uT*oNuxV1D)$#eR7+lz4-*LK+sG72Y0~H+>r!VCZG8rdk{5R;b6bvhp
zLfX5qS_?lZdPFLfELTUkJllVynJy{n&g^W4t`T|0A1I5`D8f2r^ha}va+ks#$`KiV
zvT4*j2zbr<)*-1i%0;*lV<<e<mn+vJ?OTSwVM`AwLcYF4FX?w4x<5&_-?=vrgmZDa
z_QsD}#{VK2XA)SE@rdr20==of#*Mg-EFj^md!ySxc>f0BaKdrN;bS<+k?&wSiiF(b
zFhaXtQYn0>$wvBi6m(L9w{X9E`uE7TaH<!B3<!}M`(`cq864Nztd2yNNq;HM5h#X+
zyYz@6Vi&0}>X{@}Q~;5cCwkc;+b*(Cl$UEhG&o*Wp8M=tl`2+=esL&p^afTx5#MJ`
zmirvU&f*k{xBJxY)88xhNCR>WFMHMv=4eJ^K$yRP5L(npAe0GXAN`L>ghB?p;LEex
z-sW=mW2ZC-ny@r#)215J=X)J^&_L?SOoR%g;bK{8p)u<RRj~cPvX?)4O%<!xD-Z&?
z{3ZRN;7>v<%5Ce#lcfa;N1M9;VIp|WDb*>0?(_f?33c#U6{}n?yZOgdIzbFX(7v-4
zA9=t#!p4@D1lr~jq89CNd|+Ew^b#JO^xybZJsDqKGdfY^Ev)kA&nRW60?u``c7*n_
z$0Q%PLdTrbw4O9NmGd}UnW2mEi{fAzCEHqnPDY*M`84ZsPH*?`y;wAwg?u?K&0W6V
z{>5{@U=i4~7@ZtagtS=ZznUW-F4yUpq<2!1&@2TIcQLF$sjpT=s;$zL-vZ4)#=~A5
zIh(^VB4<u^u!K$GO@h*?X|N0Xe}$RqZE+1usRTUbki?t@&R%8el&Ig-a>WNM7&lqu
z)S2WFU@wHXi+oipP3%Q=SYI=T^}!|=9MbTtcH`)~dY{Yrl4ILC+<{^~N&$WMG0Swk
zd;?^eCM`>Kmu3oFWF4yV6EFS>8V=nuD$+E*Kt8WTpyehkH<tZ?Qi$%(_4>ZN>dj`H
zt@Ta^?0WjI!>cd_zneK{eUGg-w2iP&ycu4%M00kBtHM$41gu^-@11{m`zzExvIP3~
zZMaNlA~-IW%U7X^;ZFMA{cdck=xk1FRa8`_*<~x9i6lKl(g_Q(OZKI_9_46;matWq
z_tsId$`sJ|4*rwixl^X-VdoaM>q;_1g;1NB)Vf?b1d-qTj__z>q&Cz%$bKLBFz3CF
z4@<Pv1&?c}99vsgyMjeoc(x72>N$T;g{NDDZDHX8_nc@pxPu1A&U*EOwqW1$F+2nu
zBt0O~_LPq|BKN9BnCCnjGTrprR_NV*)5~uj4$!KXtb=zR?lK6)uBvW<l$VWDK)33W
z?fZJokIVro-0V{G{EhKSb8n8ZM|H8TT+$;r0oDV_@&J^qyy>>&4~ab?haC<?!nhVE
zo}KxcKb!^{E=B7`G+^r%;oV_rImb*j!I&+Z8%~aFs}j|zEu;_siSW*suConfkR>^k
zAmD5^l*}27!L?dZOHuCbu-GaQ<+7O%<jM+P&6G_ZtC_=9ZuGy*8VURKoc_7zE6sDy
zoW-{`#FgvK6k@kOHM+*+(CGN@<NH|JI6>uSbh2?1=_k3Ws11&t;^u%bz~l0(Rebtf
zn52gqUOneA`$CR78x8XqeUaMWj~{nZZ?#q<Eu41zu0HQM+tJ9NB1zD%G5h-CD0OI;
zc(<IxJ^99-%b(AD#0rWo77vgucvjE#OkR^}*I#%2<IXlaSoO_!aJb|(jG4*F_FUZ;
zyH1wdd5{tRR`c~;5!XP6NQu&0%dw}Ox_pA(d&GSunuX&UZ`<CD3MKeOd-*dRuFdgy
zX7hQ+HXX<yG#)d3K=N861XI^tJP~pEq=e`3XXgHIYb7H{vJy_Epu(zMh1w*u(&}cb
z3Xj>y<=XT|U0fu8Jj`#WN+ik8>@#4{-b`H=KEb(=eNW9$s#}M3B1gv&&jBPXLe&>a
zs-;kU?Ict3?YJ~aG(jJm(TOKMh(QY#2#3^8Xr)mu>3Pev^T_OG-zD|lK2Et+V{1bH
znQ}MCs=-tC1fQc?JP{tki~=K5dUklEEl5uQOQ#sL8y#27?xLPAR0~_1my}P2zYXa@
z-xGXn3FKNr6XTQ%{=9pjlyE?k3PgLOlJl(dUYweCg*W$1si3EY$5CQBp)W)>zH>|4
zhXjX>#~Ol>x>~bVpNFNeE4xn7-XGVPC({4ZAAHhDB$ku+GiWsO<3OSqO^gXbJk@~s
zc)cMXJ74OG@j~+cMF=)I<L%ekV|l%j-(}he$8y|5k(nF>aUuM){))mB#wX#Bi+WBq
zBrqf4W9ncMD<gw^Vn}7p{O1zmM2qMRcZYtk!jG@gE;h%LQE%s(tsH@I=2ODLxIgzk
z92H<l(U+}PzD`P2kjv+oXC{p{yaz|3vmP23H+Gs*uEnG0a2sK)luO(EfHx%`gpwUV
z#nu>_VR712^TlqHrHg9@D99t4sLEBss@FFD9o|~?0>j&aa=R(#^`FdZUF^b7wA<E+
zl}Y8I0x7hoI)I}5J+~F4@XrW$qH@Vw>OD75mv?m(;~i<ib?ssEcXhm-8q>F+tHoXh
zHmg0j<&<f%Q8ADn7;#*a0G0Q`_HVyG1g;fr^F-K7mv&A66-H)yn$65l*k$$%uytgK
z>%nzD3q5x!Y~f9N`}cot;(<*u;`w(wv4MpNGajCE>#BS(J#V$|#eqUYN%npc!JvCp
zCE>(i$wlbJXGelV{ob~3+?(Wn31Gq2KiWKt-u-UC+V%|?x)s<XANei;Q;+qm|Kw&{
zVUSnb(udbRtVF}9`*8|-vW*Dls7)(WWqp}`PTICu4a-}0mAJT2=a@U2*UD`{(zZ~A
zt;l;ii0y2eRjOUwlp+%85jYB!GMZDxbT&P=U5qn7@mQHkf--kp0|xwb`wCV>h-Cen
z-r6yZHlcd>UXwwPAIFYiU$E9e)mo1jURkTpw#V%&Y7O7~Kkrm$%D+B2&LN6B8A!AA
zMOA}MC-(xl<d8gDggx%dFlh3s##qLZ&ne^!;yWK;NrDgr16z!3m>bvfX`_?Ny=o=Y
z{+?1HHz$$NKR&j`{$+Krgj{5;m3MNbLHi56T8mE!l1PJn`nrgPD2jG8fvOFhd+nmX
z=Vgz(0$@;d=dDTd0-r&k?HLOEj!Oi0VNI73ffBobC>g_s{H^AUiJsK`Cy_(iv-CSC
zpP&D+jNx_Y3z9FU!8|xfWZEG`Wq)fsaXOQ5@%$YkvhQleJ|d$+;wu*+;y(RHXbVB&
zHWmiU2c_#miGROOrcjy`cz(Tcb=`zVF)31JV3Yn{_;(H$NR3l{u}mgK`M=C-MFh6C
z##epQ{QuT>kL4jkWJh)dMX*vyf$e`bAbiAik_4*3MV!gC|EeTIqQwXLKF)&So^^zJ
z;(uC!Uej4TT{nMW*X9e1?LuC5{gQdFc!<93H4BgMJk{op%pG_g3PhkbE_C##BzLFe
z?W=RUz8^k+Gm}y8dYLu0_Nqk(qUdJ(17o_uA!)1j!fmzB&~I|L-u*GFu37A?ak?%>
z-`<H!ei(&0h4yn;c2<iZvr|tkW4iRs+K8j|_f|w6V6>vGb}sVwp3sdlTc-R^t>+)T
zu0ot*ex>X<-ny$%`l{%?dN!%cmU>+K!<*o@u5P&(+FQ;|zf5b~bN$<tgAh==hZrlL
z#>QN-r;CZjJP}GCN@2D~htFDx<ms+nYO}YXcsys1in}vbAcE6`gY2we9iRbgmYd>d
zw3y&BtaeJ(^<gpyxrYGaB?W0)^ZaHKZD?CJZ$xj>=~!$vrn|VbIX>`IoJ{(+<QIYO
zVGzV9wSAgS7$XfKFE+8~!u0)0uBFR-)xvus@sXYS+&F->&%hiitzxWVvhzdM1ag$t
z6O$dHewOU^;y;J7Mi(C;EJwRKY$p8tD5#A3jP8R)2kf@4a!A}IFv7`G*c=`bht+rP
zF5k;SL}wt)3YaO?3#K#`V@R+6CFUfa)xeC3iUb49bqdrOqVN}6yA^i<1^1&Vovi%3
z#`|o~@>iun$EhJ=0fV#O)*o-KqL)&)FlmDK-JCp*6K2lpTRpjg(7hB^wT)Z1M_F&$
zyF;Axi@?lE*0RrGSe#({jnLB*Nj;<E@Tq#NL!%;~l!^4vv$GO4JJ)so42%%H6$Xvm
zB!CI(M*DG478o#lJ70>N{<d{j0})V+tcsO$nYXVMd*67w{u;o7z8`9vY8|~DsM)Yy
z3X6IB09g%OtUoHyKj>`Ko#<MJ-;OF>886ONNpQOFyt5m7mi_bH@iFc>Yg+j~%RsCV
zXrlru_IeDI!osN%^^e`wg?o;R4gi&P)=8YD*0onbA%mV%;vpywt3-1UkIOUtx1dRd
z+muPwNfi$0q;%=OM<F`EDCFg}_@m>BM&$XT>v%iWpE|!6^+`<8%cQW_YytVSIa88p
zN!hvGSzdP!qsM8+T3;^bf{dGSK7WhbQ<8|-?Bh~|&~7R&lutf%pgm#WOaYJblzbis
z1e=8$el0=CN3)*CQTiN9u*5@AYtHl<PZ%N9N4V~5aY#QNEm@=;B67bjV5d^IEEAQt
zuP=`xQF9f910~dI`OM$=WAGD3+pUquV)Lz3mVw|~Ra6I^^AC^7@Xp6cN>6~!W?-kn
zuPnizX+S68rcd?f`++(Lr8?8oJE+E}+!CbmG*w6#C>Eu%IIVKzs1G!7I}5CCwiTyR
z%7IC2|1;N(EzDPsk?2&te|%C5xBaC!vC}l^!W@99yRLOflcsl62wJwsZ4a_bM`sFr
zz*O@X5VR}-p2nysl?ImRUM@xg&E)NAv8Yj{zHq%Z)@ONj%`Cs!mpk;;zMM!i@8Il9
zoY<%AcbBPg*7VnBuiDqUeWK;>Tc@jlFfl^?=qxJ!?y%!0bZ;tOu1IR>E`{vJIYnSc
zo$#swFsHzfigpVyL|U9LR!mE!4&+k5b=}?hfY*znUi-TUjny8_R4}ekt3dNTk94dK
z=Q$K|FM2HN8!BGCpT|~Dz3^+vxBXEyg$X|FpRxTBExq$^6^a8_sXTKG7jCohpBS=_
zeZS<lgE@MXuP1=d8G%<JN3#;%YEe^+%Bs(0=_#NfAhq>z#`b%S?)@7w!0?=}a|D<0
zf2ui$w*jWmvV+rG>s`Hy>r5D(#Lo;171N-&T4<F^*OE_gkVrowDz;;O9*9KnHyTds
zVuzUF0V~WjoH-(ZYKg&bP2DopFR-BwN{AsR{+s_}maG$G-<+wCTCBdiGRl3008cEf
z`XR;g4*TWbYRLs<_L-w}!Znj-2pv16b<>;$$x9JHw|spExZbdt7+Q!WM#r`OfV`;P
zxk!{PD790hko=L@Rx^zhwEoSoDdIS<L^JORAxK^7eD`;WdO@C`4=H17q)R<qM-F;s
zobA1)viUIFaF|bN{o^a4{d}u*&-L0VvC_?Z>@&{EYs9JcRR+`ikgmxYTb<F*p}yH1
zc`6$o4}BNnM)Ar4CQr(C7Mq_dS~@NsA9f}PsF@Ld{<qdcM-jl{@$|vH286`ZA6_eA
zT60vs$+2~#@H;?J`c^5MrAUtUXBQOtqMy4r3U`_dJ<W#^DIeug4dl#_Qv(Xsoa125
zoqr;>xu@I1`x*Yp(Jz_?G8yAo{aF?QC0B|8^&vTMs^#HMz1;n<dkd6)N=UUuSE!oM
z0ZP6^1nJhpwV;*AJcd+fB^ROsKlwWqPZJJ7`VEj<Z0jB6AK~}G?`Uqzm%clwsdvI-
zC9VH}jG0H#;>U}$|L@xg1}+vJ6LeDrjO6FP*eM%6Z+!+2i@{fI1JCVSBL6gwTya>t
z63^E+wDz@iFR(Vz{<|GtYpcxf=%}FX44hVALRhuw%F9$PySauK^|}e8Si89$mIa?I
z0WSr53gsJfH${Oj_S?!jkm#EY$yZ-gY4l9tgMYvVhYNjQi2<7o^PlE_qYE`=I*hs<
z{T<<a<h8x;3AW;{9cmT=6|9E%r$S!(%+_R}xD&=pWeJ`!`ZoGBm-L&Ip9x@Js~4Rg
zilS#G{jOMd9xGPV!}&JZLIZr6I1A=UQ$S{H52zOEWo5A1&?KP=R;O<?4m#u&qfq&S
zsPZ2L*8tslri|E}X%A$Xc#doDnl1ENb%Y-z*605$7NZYFeVvX%*8$kJ@7K0N2BESb
z{t}Sli<<g#zVD5aW&o{J+4f5~WMt7{1F@p3;%Ps9tY9&?oDP%4y0UkKqUJa^WSa&0
zam#3uF|)-mG?uPg*0#^WjD5she}<o~l>-JkJH+9Q?!6cDN~s@86oFsf7tqkk^_e9=
zNo5`>>4C1vFx-X-1{Wdh9cruH?PeIJg&^mzqq#;EBr-xlKcJG;(o|E~+?-*wE`H6b
zGxc|w84~?94TvP}*UuCd>Mv2XD;@Rf6(o0GI2S!*um4tr)LbZwS7u2>jWff7TzWF2
zh<Ab(mhf%B0<sC9Ym-vzH6hy9XwHg{Q=Lwx-vbOKF{QNoH=}D!?n5gqejHbe*Jp`3
z0{5Z%qSG3H39bL|k!3KM2A<(%s%D{Dyn=LMwWgq8)hnUC;iL-_n#6&<*54FG+yW=!
zBv8g;cDngbmhW*X77i8evG+kl+-KXI|EeD&_EG4MYlp22szSE@UOV7L0-GWOw%G?Z
zp5A4!{;A3ytEP1>z$L>?)0aK_^l!2185=-p-E)RCeeiGnN&Sot*uUl6?8f8xZ}l0m
z4Tx(p!j9sj?f=FB|KBeMgUxde_rr5JEW`KTf8C>p;MrYyx6bC0!TIkmf#czS+|mVJ
jP;sgH_jm+iI-u~hr<|F>Bp2i`z>mDNvQ*^@lc4_tKyDyT

diff --git a/scripts/automation/Radius/images/expireCertFromWindow.png b/scripts/automation/Radius/images/expireCertFromWindow.png
new file mode 100644
index 0000000000000000000000000000000000000000..e4fcca051cd39424579804042c351bb57c4c86e8
GIT binary patch
literal 81227
zcmeFZg<F){7dA|)h>EmGO7|!!-5@R9gVGJs4Uz&9QX@HpbhqS)(lyczN_P!C!8@FD
zes#|G2YlCiy<E@C>?d}uwfEX<-TQusdab7L@cz^L7#J826<^6}VqjqRVPIh9-MfRn
zB9eDVjy^H4m63U^C?iAn+SS?0*1-}3gY}bR!VBdeuSvqy>oq@VvVREG-ufx^CHf0#
zR+ym_PUKJaVxyC%TF+F$074Hp;x5Qzmm`*!C87DDFIh>DxE?OV(K-A}e0GLs-`4}F
zMp_SD-e-RpXr{n?-9V*boT*+>;rt~}Jt09-BI1*F+Au7-R)x$TdSExzuj(Q3`*1+C
zH~x{c^A4y|SHy+#+%!n<VX{ZYsDBZSweibfKKb%J;e}1Hm1k19AL0W9u*8oI@Gr~v
z4cN#&R7DY&=cPu`e&98XbaHo@TzG3rfjE7!Xvj7CQHw=Gnv93+d5o>fs3YoPV{Qq{
z?$=D@H?jxXzv#k6*{GP^SD5tQe3p&SFLdN_Ma2d!b5Gdae-4u}9S(o0j7|RV&2tJn
z+t|F17<yjDq&rZ#0;{g2p#jWZoSzpvK7f45Qz{!gsGplymB;;4@v-@R^@*2e&i-42
zvuIiCTIwrWsj6bIqto{=Fe7a-aL_4C^yex1gH}so1jb$TFA@49n}hYQyV!j>*#Amn
z=G{Ihr6r@Ni2l_wceS*1a<g%EmzB6#L>Dz>tF7;@uc{(!?(E3@*23A$lH1$S<u(h3
zsJAdW>1gTxmd@MJ!O2b7Ta5mXCxp@I+sgoYx<4Lqw-=+=SA9(<<LqilC&2xj`#HV%
zeL6ZiQCABqVNF^2zp|sx#OQ6@-CcwM052~uZZBSLXIE>$3n3vPz;hk|4-Xgm2`)Du
zC-=ABTuyEbe-`qua%3&t%w26=+-;qm=x)n>Yv%0XE=Es(ThYJ&{%ohEx9xvwa&r5t
zTj&k~ZtnnIa6bq9yKHn;(c7!SuWh|89Sme`9ns=J*CEdL;-%;x&;R4je`@@%ocjOC
zDJ1YeIsfa<-*f7?S-Q$NJEE&}7yplD{;KxBZ~m206mZ+~|B}R?V*cYQTF&D4MFIcT
znfU!>=X(qo7?K!@vQpaKn0r}w-;n4K_eL^GN-NWyF8LkmNJ>7o9g~uLU5&y10arr<
z2ZuBnh@<hkQ~eXO9FDA{r0|&EAtTPcuv35D!`e-z=J~}16FPDf!GWi<=}r6M@W@D;
z&vvw4Ihn#eIt;A8A4i{wk9>#V@du$8_k#a+1k?Y*e)Ly{Hxa>ARRGJ8%-KXf?zj-=
zMV_SLZ9X7y`)dcM`wdDgIyT_4N6q)ldMM$2o_QV{GxO9o>Y4e;J<&ZFz^6jS?lA`D
zV~qFp(im8-h7^jY*f^4Os*k-lwo|nmTrKTQ)iQ<UAc&TUYmovk1QJ=|2O80?@fSKd
zgXP0Eq2uZ?K?PbxYU44;>>}V|t3k%k4mZJ;cd){<rdF?~6IJTqcxqMW_6u>x#YU5+
z%Y|mQaSSIgS>@tasrkmkoYmfVElzyc2#&&;^<Zl36sqwf8LI7bp&IzN%Bb4rC?#zX
zenbD(?xwP(a!MiZ=E&$`tCyqMsTcklKr+DZLOY5^^j;B+9PqPp(Qo^Ecg!_K5+S@A
z3bEiDcGtANO0UGglfuA}#K19T#=xAl3}gM{WI-Xvf7bQXBB^I>bybE!U%A=-B0G|q
zE+#?9e#c?}BuEgx(4m^^C9|DYWHdUQ^M;8IVA3JoP~;YQK2iJ@JI{T4Vfvj2laHT)
z6{b(O^FCt@%>c!dSB{1fs_$xQPJeY`4|Js;paQ@}Nk!1tH+pw8EiAt9SIkl?ob}dx
zqoyF0dx7xz+-c*#Fq-OWIq>sizv<`<v?C{_Z2B`dkJmwFG{iCD^OjAzXaF;^wo44)
zO>=%_Jx}hnFETi7a+Xi^ht@F7u|9`74BcZx_fPUyF5%@$nc~FWw!lP-j6%`QsadX$
ziUyOnpC8Awd7xC9zDVZF)4eGjyk1HHl$@imd!AD}xTw?lQND~qT=5sZO5=j8R?l&R
zDfV4lXJ>#;6Yy#KOIyfiK@nmyE}--<*j54iPKUgpevEOc?7LE<BF~V#E>T0E_{;n9
zXOR&RnyVXJwms8sRHV6n#@DHGygJjWY0t-O{2jEcM>6}*ixvZf^w9IjlQ={4r8DYc
zqF%?I=}pn<$?}s^_Vpo(&x}nP@V$oJx0yj!RkZo%gF?*Hv{-)({@_i*;5)Oho(Eia
zFduuX;C-Y%BMgsN%0DJ%X2&W}0_9ySQ7P4Rq$wEGS`_An-u)!{8D4YL8qlj&s$D{F
z*`FNMQ!U`K-*R@kzPZXKbA77xvRu0cYw`Z0T-!S9@$`nE;>fFWM?)<Kl?SSsqTP0>
zZPrln@%lQee(4_(k8*n+?v{z_RhbsyB^CZ$YER`kodbk;9T+!ntrEyrNBJ<d{E*)2
zRtBj~J7&D*Ym0nDTX+`aSeR`hqSc9otL?5Z<?ppS@##J(r)1*BOcXJn<J5G$^9_W3
zsW_0ZlqKkx!l%a5G~~HStwZx12#}A8`Xz?gZz{H3mA9k%{{6enRVhE8<(#`cMVzPX
z49`<q+vQ+#xCZ6a_1)?c#BhcbpWBEre}`eSbDO{iB@nArMw3(iW{YR8akJZK6fukK
z$&dk`#V^VG_m1=w@3x;1dF<QxDDv7Zyc8Zz_pW=Esah@vHx4mXb3a^&%66Jf?6`TC
zD|~o5SL79#USf2JAdZQ|41kZd;o@&q4I7nr$6k3eu0u0GWXRgjK-$abgER9kFT`i{
znPPfsQ<<8H>Ohm|xAqau%Ogd!WJuZd!Ib>pKbG9_P3>1}u>Y`i3G_Hb_xjp>-HTGy
z`J0S19NZrun{9ddou^2SJ?{k*j1U;pewEl-q=geusc3MgucdMrr8-51=^sjBijp@P
zH`kJUX1LqmHj^pjHrDw=q1dG}WB|wa<~_D{sW;wEr*z&uH_O4~!aYn(#*o?N`I}td
z2D`C7!XLKK4rHkc;V)VJ2YAhn6%0Zm3`;&4>D5PGXLBC+?>{P3A{`hfA!BV7osNt*
zVQ4>B7W)y=rZ!osn~NUDuZ>kQ2f&%vj^oj(jryOy@BGBgCg6|?`|?}>g388C#n||H
z8YRz%EQ^|`P&aMyK2Cg#JURKbEECxeHt@2Uj)<cXsT`Q>_;@`XyXo2FfMVQVY6S_=
z=6nyouW`nnQoq+SFDdX$@G019**D3s$v>LAt}uur{*d@=x8zuC09Fmns<T1Hkg-Wm
zmg(q#IrOT=>;i?xzDi+7-y<mEns3z5uwrIL@oXY6E_9?_H|Xa*&BhD4lq9)HZbH5n
z2l#Fl>0>{^ZHKAjAT$du4c~C!sY-Gi*5Bi|pObA@8R(o&7(FweK#dhBvEhGwo!#0V
zzBx2qVUhvdASa8N?LwSq&2t}j!zfT4TgZS;*xeC=OxlsbqVsGhTAwSQP8Wm*LuFSa
zWKWp+E_I);bg~?m<OZ%HzMZ{?hoX=g8$IG5pL-&#CmOU^c4l&^1CB;nPUpVql>}xP
z;*|#a9PPSC<KDRn74}_=)Gm|f7xqHsDY=C<#EpdQ&0;6Ja2gI)iuu(<Za&$Wth@Wr
z*9W7)X)>|n%BjPtCNHbZr0x#2MeZJ{6Zq?7y7;y-)AL;`6_VMI@Yawkm_~|HO5d^s
zWtNa%oag>rzGnMH=d1hHQm=7_htd#R-1a5i+xk9%{VvGshd-_h)a&#aD8B`eVhT0q
zQbBSOo|~T=lU2r-1dP5+$7{Y^kHk?}O#;I?zt_C%OFWK^ip`ybROvjJZ*)@CvK~@-
zJ$xa-tr<Xg*J@Rtfo2#MPCzSE>Kzl@=82537?x6d?Tv^xItI9%Z1k)4+k)F+Zj<Q^
z=cUy&yl$u{9XT<9Cct+9<_H+_CX2V-;>wkX#hi%BM55m|C`jOteA5DXeOd_8mrMoe
zpRCx9v^i&O#BA~+;T$MbFu@vmpYxQ&JpmD`HDW)gH6D(|i@KzEpnmhUSGx@=G}>EC
z@>eJfdo$7;%NBX<vfy^nz0gW4pL=mof^{fyFCYH)BBj4US7rtYci$K?IMWK#!1K@_
z_Xy#SAQ~%DKeCph=7psQssmFT0Qgw+uathOfbdEBsseWdbRJjDa(+FK@II1&IZZjl
z$O{Q|#^WxBI7oASuL<*kk-wI03$1)QSvLA}`cB>RWPsEs3SKKluSsyuFIfoz$E%E|
zf_AUm3e|IE6yi&+7L;|%-;`mP#|Bs=clUqJKW5YXnov3%-~PJF_(VA*eYd*c+XRln
zjHo}-m&2McPK*BX(!0!zfu6qK0Zx?#mdC11gB|J#M3Q4R@AFpJo@Y82tCs1KkdVmE
z-^?mziHMiY?QC7Ym=7Fvx6f{k&#Kmcf^%oXg#wTby$1z(cTBa%ja|dAuR*mZGAl_O
zok_2I&-aV*GBRiJPrlXd(+bR*X>s~t9^cAy`tAWi++qCT$4g1u?Y%{beQMZw<3hG&
zWjWc(idlaQ^&8vH7Umky;3o9!5C9rc_qsi62;fqDusqmc8J|a=Kk+uLj`OKDo|&he
zzzn+te>_y<I3zQfkiwD8)J^xxbl~wESEp|N&PT=T`+*;l3qVS#oKnjp=~9P}D3$!q
zja2#++9g8x$KUY<oKp$=BA)OU>w$gUx4&#)x8?`7qZF3|Z_KlJ#GGgIg!s$#;u{u7
zOSItU6P3#3KhBb4dwN+={)9=}mK?fD9#fBd07?#_-lyW!H;G;6Ut2HmyE1f5t+br#
z_TAhA=j@GKp^zZ`P)@Q(``&Tq{Yga=%E?ubtJGN|;MObZxJuf(eS$|QXU8L(>~!X5
z?drY_9_#o}>q~evq$=*FW95o?I+9~LvVF4-2g_AByRJZtk+I{`piB%1B)GClyYh|Y
z8D=K!S8<o1pAZS=HnT(&dxC_7Tn)2&hJ9M(uqM;O%6e)&-5^&~nv<_*J=1sdik-;@
z*75mr(IDL+xo!rRv|6&HWoi+xQlCPeizbWX73~Hk(z%<e?sq9e>%-rk>b`6H5<c&B
zP`W5BI&DC_P=A)-IPFr|6&J;5-0rLDcs3W5kYy+52JU*FOxD%^xlU^1XW;Oo#5)}m
z;OxV*OhW}BUJ)LnS_fQYwaX{=MwyJpsg*?y2=L|$z0d5kLC^l)$Sfz-^dq4t-B#^>
zP4|zRc)Pf1cgqFE$pJ=G>HSo&(8xzjtOMr-p|V{^F~kbbcu)n3G{BR=6uR`i&6Vk)
zr9lAeP$P8o%66X28Y)2;7PMY40NlO_alOOx{iu}x+7Pb-ShqhtCNd{HNDj5WzR*J;
zF=_h%c(TH~T=$@xJ<v^EeF2f%NaGyr`<)r9_0PzGAU^n|OXA%NOAfu!ED^7*Z8EOn
z=NZF+{2s!{woARq1Q5{w{U-l;p6Xt>U?wibyGzF3N$R~EEG9B{2)<Z*`!K&CPjOc@
ztk3J*OKXzJur4M9DA)U55v_kw&g4ZlTsdb`B9c!$7qUQZ!a=|3`QH?&5%<LE!1T#c
zht}&qOD*eIY$@%Rte{BwNhZ@gOCaBkQKD<t>DfsN#{k|;xvf^RuC_{<I#{f%jV)%@
z9gG67#byEF-C^znU4UXTsLaw=+d3j<OYZV8uce!WMnt>LzQ{EZpmTXBT@617SkBj%
zsFr%)@O)5xt=Dl2xuSf!m}#(wE1IlZy}3oy9mD2kt;hmwB?lN-=?B@KKLxf}D6W68
zKPm&1U5#<*R%|r(jLk_*jpMf+)aD<5LPhni*^sGS94sqf&LR|39S1(Y!1mZ%8c#Oo
z%Re5yq+V(6+7&?b0~*?kbz-dQ16P@MmETwCvsP)=(2Mmezd&1zgy!=m%K=UkzEQIf
z#OB6ugw-#z`+!}R!Ip8e@1|Knn*%9H=dkAIE`1qxqOo(<?tymu9_NT8MD5zdi7BdR
z#sO)4xBcwEuT;Mo^|2D|CIhaP>DOfsae-b&A(?}T3YF@P*XecsI`1#B(19J=U1r7E
zgE)D!>f{ss88pOx>mM(gBvPy8j3Zma4D2q|nNuf|o@P7z5$nVL(Oa7gFt9$5`gYhY
zd5kqiUWH2YgQrkL!>E}OI&2xHjVY<qO$eHD;LP;U*!Thq(k~7(kD70B6loVcG56gZ
zes*fMEY9A%hV<Fi<SLtsR<IysZ#_v=#0G9DEBJ_4c=yu`hkPq)BT2cZd_t(T1Z55^
z2{Z36o(_xx3&ZWNYq#`)cee4a6nSX*iL1yRdM1R~dwAjn*aJIi2B0)$L5O9*PIsvH
zbhfY?S^Ljcg7zbS=Wc5PfCSUi1y(D@&SKPtYWnNLP2b}B6DDQLeubeK!JGEs>Y!R#
zJrSUivR}=+lQmnzYL{HL-}*bePr;wed&XL2B5Qvw2eY4KI^jKYc<-{lL)ri^)gUA+
zFKHUGZltN7{dCnAtpyfWngJCPJH$EgsT=aLq<R$LuMG~WEsrD(T_KN)ZqOwTycic(
z+}uJWzr-8K4oVdKQ1Sfy#!u2jVNegj9I2h)HiTYm>>w_&^=Z(GEIro%yH0}+!$5~W
zqg2go48A@#=o9|ikUy9W3n-exBmxj*uz$L|()=;KuA(cgTUIzs3@4^{WesQaXBNce
z{T%{|p19Hzj{O`?KMTNz!r|%Z_z<V1FD_)IiNvlJ&`O+n`|`I_RGzaN)Ao?(eINjM
zr?qYne|9RxdpTp%1zpr`n|$3y+n_+K$j<aG7?44;`Cv$qV8+MrsNyDduhua%Euj6F
zup)p4xO^!N*z}0eEBX+tY7$`<HwVguX~ln9x&jHgF&hq~1BC$d9y{rr5DdetxVfrs
zbNoNN{a>><Ia23)$1=O<evUoH9KE~)yY4(0#pel{NuhIl!LQyLH$bSGQ74spF`9Z=
zqZa{$hrj>qP^6u3)#MxCrGWHBCN(dBxJ_J}{d`v$lntW#{p}vg@AJ9^?wk#eUJ3pR
z51jZod|qcYJfO@Su!(jQ&z?4zRylsa{$m!rLgJv@BGa$uqsc=4KvTX-N>bV3;vzRK
zr^E9SNO2a_=nA0FLe=b?Q;M;10ED{$R|2thex5J+7eFF~!8~PaPBn`E=Pdf~Z*n}z
z&^>xdi@SeRb&IF`>v%<pLq}H>`%V^c8>0X3Va$j|B;<no9{mIRNf5XvDXB)e`T_WN
z<Ok#4*H;*WqRsan&q~qp6CMq3sm}5kaoYpABAp@_osn}B6QGGDvgHRr5>jFXG{&I+
zEU8McKe6#Q;R`jLDA*4+hdvxEx?fgURtI2L$UwqU%y*iuqn61UJi|B4K_L$=F>hPb
zPxmWJ%&Q|l=@X42T49<A!HChr@x~|ZQ~7-DKXYI5S7d=)t)Z{(sx2`SddGgR7PqwB
z_>ewvGfT7sgSFth132ecjcQkr`mf3inMK0G6|}r9zDK57kR~e;XKb5FPMw|}Le;gH
zO=;(94>x3X`y;9{H0xS?Y>$OEr@jU}*^DH7!0R77@M`e*U`?ymMc22;REUgwWosb?
zZcCA|-O-#>wXH;(A7*v=bWviEWKbUbuta(lSfzs9nw%$ck#BQT^O!>}A2AiCw)fc<
zLflP{kDgGGguzh_kq@7wXEfre_!bGb-<bK>z2;9CgL`YVD+x^;ioWkC6h^J?z$P~H
zsp|tbJyOI?gtcZ9Q;IdWF|L;{uP54^IxN;<$z4|0EQSkxTTiCwBo@eVmPB*Jfg=Pv
zKVC|F?3sOFn$I)l+9q=KU`IExg^xov*C|kOqaU%@Kb<7>MSFhuh`%MMV>F+Hzv5HI
zM%7CNXVp1%N-qOcwymSUKvjX8m3<*{BsoSDt%__p^tj9B2iiD3WlqQl|3&6;GB!L<
zII)rvOX4e$&I7;t=>{b!5Xse0^vz~UQYYF!D%gF?2)<6iD)HGDRXmxYsRk_z0CC)%
z58c%=U~{P{-llx(d4%yFTshygm`Stjr{-9rI2{fpT+~_vFMuQ|ex9l;P6k04CCe!&
zMY*xS(G`(e&T7F9D<}c)ev_vFuBUN@X}#nphsDPX>SK>W#KapF(XJyaBze6X!1skK
z3d+m732`*q+ozl~Wp!q@n`f2S7om~%d$e4u7xv>^(X9QXbDCRi{BHXdlOD5#vq!vF
zvSK_WwRiNYpnKOb_TZ4s05XcKbLkjz-<E$8a6L@eYVv#lkal_v8k+{E9XHIspu)j?
z{EGi}cBSV^%FuXW;leC5?={lis}+CQA9^+&qi!&2v38{|<C~H@GK{Yg=RmP_U2*rc
z8?jn{3RRxs^A)i=(X)DZ9Er{TdR-H>wz@B;FtSiUU`=Bo#TnQ0pj72OYFmf&@SIB-
z+Qe0Q9vRRaua=2FS!UQBRSoco-h`^WFkZ?X_p(7W_1a8#z9E%>g{Cv+RorVF*8fJ1
zX+8Fxm~V4>Ji<~rq+ImIccLt%SWawk@I8m%_w9Ux$SrVCs5Z)3e)8E{I`EEVT^WcF
z9N?#YT&BtVtvV?2aDLR|bBr8@DQcSZ`rV|EPNP4?<e}ZompHSbgCgjzR)wn&>!lN;
zs=mv|K%k#go;Ji-NP?>2<~00udhcGK)%d|-kVx6iSO*q1&zKi@BDZ@NP}{@uHZxVe
z(dtsT)Ra<U{$y`Irl4ETSucNX-R&n=U<u>2W=Cen>Gnc?Js4LmAGU1c|M5gQV`<aA
zNHpU^<@~#>JMOIVK5o|~_QkzNjuWW<kVnuUUjLzqs&_u0iVVJ(V+LG9Zx$s!&XJQ+
zm-z)@n#NWl_a}byCkq|j)gmayS&xB_f9_1NSt01P-CfFHbhDEPsNfM>qytzU{U&EY
zgzOeIkY6E0%f~V(Oxt0**-_+yaR-NH-}jV|=9|=3_C@zwf@r_^x5JB!gK*uf^IYZX
z*k~ZCKGKfXu;p(l8CAvS+v}h%U*tF(z8bd+wei=nKEg%YJVKl|X8VLc!sNvt;izS{
z54!o9Zz+;Jxa-a?h3g7u+CG00_|><>9B+zBVYG^q#CqtL3~_{RL1K6vqoVy`utp%;
zCJ3;@@%z{``$E)u+jbzmTVYt}Q3rL2O49{ZdquSPz&@##)78wl%X}F`E=#oh>|^dM
z=Mnd;OIq~$pma>nR6!mtPuUv1{s*#lr}fNIW5T@1V|+}Xqvymu5McP6Ah%@G*NR?f
zgl2z;feos7PMa=1+_E4M<<Lm;$}-xj;9;xtYtL+DPQ=Oj2@@}pIA%voL3-=*%1=Ar
z;Sp2$T;pJIpdOsX1J`0$ay`a6|E$$1K?3sliQrcr(h+N)W;4EyM#qMx!(wFGtYNNf
z=g_J4;ul@K6G?U?PkOvlL{<KE!*SiT)x3E=u;P^mJI+`X{>2uLea;-;P*o2b3v?Cq
zrmOdlF+p8$-!iwwKQ3SfA}V(hlg&g4(8z5ITpLWcXooF7pyfSNrd%tKYbv@wR-$}i
zLkwnVl&T7lUk|O~>i+^i(bO1u#$~YyiqcWSeeFa;fQOu^3R?hs!o=1%0*_e$8avuU
zxlDqh5=^;Emj?K*)%jjQAWr#JfGyP|Ee(zR<wfTfs(F9;jZTkP;5!!ydc*y}Wl)R*
zDN`paMB_&D`kMEt=_H>2dyISDIG8pGVrHLz_VvCGZbO3Gwixll3T(ZXU3cnWeO&41
z<9Kr|fDf`i7HVvz&VK#eUvwNe9;u?_9{XN%R;(QJop0p5P<qdZ3JN3wS`(@So*wW0
zI7KSO2)K;Jv&<NCWsTXXTdBU<A9z2}A|-BEvwdGArq+hLLHJ{1)yKsOl}5Q=q{JQb
zxu2ANRehJ9Y9721BHTfo>k1DNT!glO@&v&gGARbFt*~IZ!M)-*$(sigrGerFI?m@~
zrUSd%$_rpGFhH3a%qgoyo>gtNe=;IKmUF0?!E!Rb)>Nj|&faW;XD=Ch&62InQrjbN
zcY3nU@~yp3ZBpiS);8GDa&dWf#IRpvBC+@F9s7!>x`V12=FVT;1GgF=`^305(9y?d
zE3!ji5!jV(D;6{!>?ui|)VTlKO$YG7r-{b2{hBx)-0s`uP^-~kTz_M6&x4{dcI9#z
zG3rqwm6FNcoCY)Hm|nUxZbs1=_*)}=qnT?x6gVMkgl_7iBRg3)gMz@R^`y-6i?<vP
zM_-R1){{$3cR~9C@8Gf`<z7KoJ8<(~_V_=e0tj=M{9oKWp?>++XSDb#>ea}l5=B(6
z`UoID$14c!1DX}&UR+2WqSzd#%e4$A2bF>T;7{;y$L9l8(-Lef1yvI5#|`^;&u?88
z3Cw$aB|#s5e((Jd{8_7N!9OkAYFN*0sxi7`D@1)qv&gHlw(+OgT&7Syfg^aC9+Q;t
zK@Zc*#8U;lDF?-$gQfyY^^W_E98*{pin%U=6=XW`;VGZ62ef{-k;T^NMgi=<H@Glu
zy(fxWzsS|{ns}><onKJXGz=~DA!?*;vos;Hux{J-{N(+xtSiQI#iC8<a>*N7tghX3
zuaD@^;kgl{4mm!@l%BG>c~}aD#~Fr=_3*oK#FkJ^P?}ae@H5Ikcito?IWwp;ZF!}8
z&S@l_Ce3ZRZ=*_<e0Y?($4h=V%Q1EOBL6z}e(3=7W(P&vY^L}OJITTC<4GI~^!hvT
z+r}U9)dA1yiW|OL+d!RuWVV6OOPRUinGf_io@g?8(b6+L$}XVnK|<67Ek?vTyu<8>
zvq=|0^)}j{k{I<NzH2d_*90R3A(zHquc;PWh!y1##LLU*(U3;AwYXdcJ7efffz7K>
zYVyRQ5s#(h4%BInAQL>c7Oj8<^<R)8%?nU05&9&P&Skv^``W7C_RMy<9wXq&il6A=
zQX?{TJ*>;Z?RPp1Pf2YL=T%Iy&<Dex8^b&6>a-F~x=^1~U7%}Io(IxSUuRu=hj%K6
zO4K7GeQHPs&<H4;YMB_QGifz2f@|`*$V<8HeZgZ$6z5sO`%K2to0q>@9-=IZ;L%B&
z`JGZGRraGe&>CLU0Fa-fJ@i-F1%J#)JDwc)+1R)lsR8%uw*S!Dz?m0j&X!MVUtN}Z
zZVjjtELUl$O={&YU3Tz^L%61`uiE$zZGb%GWxMrFzuW8!_@V5#iJgb10INyiAli&e
z<hz0fHRCu$<Ft7GiQA>oP#CRO$GNv%Z&>V0n=$EBl~hpr+@YoaVFw|R+I|Mf7pn$W
z4hgJwL-O1^0n;qI*A0S!hSa`B?eNyo%lXt@2V|q=m#z-r4NcEkkzj}KBL=My+yS)T
z;}RRZs~%oC8NYyb5RcJ&&3(O(0=h_a@S9fK^#+Y+VR~H5eJ43B@xvyLp|MoukCt2P
zk9|#&sfDAyadoPolFD&8yX}hv%wl(x1aed9EMuCqhZ$Tf!n%{yGijMvlGmGk46fcE
z`;i^+_nI#fr?IgVwRPFbnKMhN1U0-)p?;_MwQHls@LpdcFs%&VIxUIw?O^uJ6pv?P
zkk#(=-0wXBN+Y5VcYr;0SWxF=I{O#swY);j?^e_V$C;;FGx|Hj1gCi~Q15%+y#^(g
z_60rK&d{?z8<-+A&A)aWtZssU8@72OA;1(#kC9qSULEsse=f$z_|#s{j7-F+=a*M?
zn-B(Zs~vKdSJ=X2daHGp1ij<5dkyG;{BiqG;@sa6de;v=?HsOU*->Qi>s<m!FR!Nl
zp{v?}JH^!p?5@L^-{4DG*4_(w22|tv4B8j+R)G6nczI18ZXrA-n7wGGcb9*BMGt7b
zx(HY6APus6!IA@n!NHlX4jMf77-J-X+1Oug50Xw<GI&rwHp+Qe>H<~~r5~v|gEP%~
zWr7X~@|Zc>xU*-11I;mY>q*i2&d~`nZMdJ6_;x&dmv1H9l`ob0C9>r=k;$94cDNb-
zPuIavnrO?wV{)0&;;RV1_{Bm`QT2<9{poVpk4JTzw#OZFt*RO)znlA~Lm9R%D)f@m
za)6PRBU$&JuWYe}wF5ww3I=9QTa_+cteKuQ35-iwK~#EZr<Gv6xfWOFxa>yF#_n27
z<PJO(KJlsjzVgh|sw_}IJ4%Q3xBB`FuOkMeI)Tou$Wpv=h}Wdk?bYy96;JCCe~=2b
z;owF(w5RFDnJi)P9eUxo!4%OGaaoB=cWZk;&1BMx;KQ69<&i#b+4|t@+5-hPuP~~N
zI2$ZEbg!|nhCmzaEI9$M7z11{XE>H85mwM31+>e!92Y>cW)}H+<;o=UHxtWewwrgG
z_FY;B^R72(UD*@s{v?scjc<2aCw=x$U(R)oOV(N|LzmL)H1#d`Oxmx4LuQBOwond6
zsl0G`wB{zznj__P&4(9Ry;v)DmcKf?Zc0Xae7=IO79*`H3EGc6CRnJ@G5V{l+puBe
zom3f(4A#mQWt`+fe%H|?(IV{-(dYhkdk<{qa&n2!$F|<56f=puDAAoeIRYpnjoZ$_
zp&b1zK||f6y33w&wl>f)Mw${iNr3@K#<X%k=<bs<SGk>q@`UTYOg-CBvaYbpaUX^4
zvjZkumubzN>X#oA@6xrq065co-gR{DdGDS%6=*Lv!l>Sk=E(Mle2y}My>&Dl7*qM+
zIGlR6;|(7~@~yU~Yd4wYTz_Eu1?PP<rU5J+5cnY9A>o&tQcz}9&5+N#_gDqr7iqu9
zO4~lxpU0naTC1Jx-!*@J9aQ;A16g^lZq5K3Z8(pq%hqapkc5+etP^!PIC}MV0_E7|
zka+5a?YAuU9iX(f02|(t>m6ZQE1NWTF6*5x4)j}}rGa}-Ni|I9s%EzWrpPz1T3El&
zdG2@4e~2Hwe6kK|>^luBX4NHSzHc=W)SuU@P!(7s>65Y<F(`C{4Yl_mp=wYc+f4x+
z$Mc$QLo^cn985gTW@>@rmX7a&i#};{Q@r8#fDGHud-;_n=(vb~kHfM)Mk<7v<H;kK
zVwWxz+knqoAh$agu<0$7&qa2(u;TR=H4I$RGR2aQ@I@+b@2bz)@O2nURO6x*i^Lft
zt<vY(Ha(eGcB+4jGsgLTNR(E9#s0l4hY!O`W3k6f2j$-HN5F&evc-=cMOCLuu&8Zr
zHE9ICC?l(CTuD}_r#$(#Qb|W}5)QL0ENgoZKRPBkGQ~EyU}0%3XJ%M|r=U4CLJQ6t
z=X`MSw8o@C>QXozvhT2%2t~^}*)~J(3E4nKl+#jl^?YFdaRb-jQlL`PGBB&LH?zWY
z#Hhm|dD@2JqH0FQXI}nlJ55kv{6z+cvGU{{6GUVr$nQ+BDg$H%F-_`NZz%2^swpqC
zALJ8)pAUc#@x04xN5t_zn+{}WCRgCcuBJY&m!*DQkC$8baTO5z1s)rpN0DL$yIzIE
z{r&mVkmMFr{dpRNDHm5GdYLEzVc@JyhzQtFpmC54JR2-m0w6Q~vwgyZvmf&{2D@Mf
zEZ`@8uh_EnFXL_g`n#POtQ8{tpBl2ee|)t$=U>J>p!waKR@G{dC;BHKHld6LCQ7^<
ze)6Et1&P0YpF5)5dv*7jBhgoHu8%x$pE?SEJl}7FNsbnq_W2O;<c)B13e{10;jvdO
z_Vu*Z9S3F~T>pf`(9W7og4WHG+;DV5|8@|(4?bSWBgiEz#`-&ehR#gGk9PCoeQ{n(
z{DUMVSxSe2DWvlN`{^H$*8dcHRE#Gn892cZe2sQa{szlw;@*0WW>0?J`wxuw7oPWC
zK@|h*B%cOzg5dAXq)TAG#q3Cb1k3*uvlF$$dYnLeb}uLJpG9g*p@~<ePww#jvwOcZ
zh=YR>#R?c_|KxyuxsNVVtNVEl;s12(5AnsPqgAaShE+`a_r6Ke={!a+VeAo@vHylB
z|DEujK$}I09YRUuKZ`60K^Lk0;(-m$Kji!^AI+?~(ul{{`Tu}FNpCG}^jk@WzX|#O
zM%Dd#N1yOQ=FZ8vCrZ7#?249UYK!A9X)#6ytGg00aQ$_<MR;^^QFMSt7Q0W@`=+7s
zBVY-22`*HMT9$AHXxKfo3Jgf$(n%l56jAUxT;k7ys(i-;oaQeyyD}@bm|r*<Lf)Du
zu8z?3rE*bLARQ^V5I!$dv&0!@yT7JO%#!w4Kh8zWKH4u)t4L24`v!JedQd0^zqm!U
zb3cE6VjUwV{?|Z!rE{yG(%+Kiw+i~^hPO77m0_itrE+z$k()5z#CGb$Dh6}sXrUn4
z6ToaXPUGP-KhfhmuLIbu@9;Z?pJ~^zl)UN0A|WG7%~?ng@mgS~>+SB=u+S#yKI%>T
zWfy3@lPn7MKYb=PT8-IV``rH=fm;f!xX<tKI$pqOPIkI#*`-l`?N5*%<Gr@r?QD4Z
zi0{tr&=mzqLY+)fT-x5Qn)10$*hE`ORm;cPt!0b~Di-lrkH}sevXICUvz#b_;`{>w
z*!DU@yEIxL?QLTk%n%j#LsY<``#JsLa;rL;yk-wzH|XW5IbYCdm64Gtc?V04SQpxX
zq#^S5W38m7vaR&$k3JC+l2B4w&)ngX8p(XG^s<ALN_x@vLc^gTo*KNL0}Qj-wy=Le
zt!~}q#Cx15Uxg%!|ChmHyKTABC%NX^$#e9C@aX)!5X~s#*k9@D*Fx_`EH2ksgHxpM
zkj>p`n~9&R))fj?t#Mv@keBARF@`3f>5sP^&(X1)<l#6jwZvxc&V{?KkI1p8Wq#@B
zwH{4)kIfdW>c{lJcb#cxt|otumfwjgOFTdxZ~Vt{U`)DzlPtwpkzV?*^|Gm-$+qJ<
z!g?L-sQ~rEHlgHmL@StCy&+kzMjF@Gdh79A&=E#}kPmyn)s?qS)oGn(_kG6iYxT2r
z709I3B*^8*Hh<0_-|0#tb>&np^`D#y$e^>>ToP*Pii{vM#fz01qWvK@svzQQS5w7-
za~SC<j;!8d(NW+QpuJfOy(m#yS8~r79>3UIRBui@Oy1_*KKjIfH}~mM0p))+nY#$T
zFfbME!w;q<<E~{MPG`b@XigJLIi=TI352K-Gppvd`*CdsYqV*=D@fno{mX=*w;*6N
z(wfy8tWW>A@~!S3&Ye5#m}kqOk*thsjf*`H_*BM3nV(>R5bz9cIK^q5^NArsYcx-;
zd>hS{`d-+oW83%ZJ$hS2wambq`<6%$7CD~kIKTDl_Yd}pA=}jDlhF-&uhnKKSB8Y*
z-A6QEgkT-{Tt-b=Xj)deWyWlOCKK<OPo;H;dQG0(cHd~eyVw@9$1P#bb{I<>e+L|Q
z{oy`2_p8AmqmpQDqe8yPVqmNi2|zx``6d#9tSd!DZ8zh*P(@w*d@Jm>!Kq_~+2WEb
zz4LV+l#ha6S@8{-wrH~ztXFgvLX8?7^`5SPuEN8ddp?#%H$}8b>6GdIzM9|Mo@>~h
zK=d=0QVY3SG&zPWBDIRtwQ%gSD5ol9Zs~Mw4)WlaAH6pnyCv4nsfGIioYBYnYQM>`
z&{JARF?J<(4*XRdf#y-(8vggmbP1B7oFh7}n>C1MO?n1Dhcl9S^|<{scAl(s-rc-g
zNuVHjZ-G`6j&ix4U^7WtFc#t(sc@>+odNcNC1@L*u1LhZAFBZf0<#)2Ueu?DuWcuF
zd}*vO8lRxxCANU0dgb_H8V1b@#p3uY^Tfpb*I0GTF%SEhV{P}ZA1ZFpfy^;=zJHu`
z+uo`%w=?A{?SEL+F(Dz9O3C>IY+3XM{E=E=c{r_ruYcO_oNlx)j!G;-t?rvW<(Hr$
zeMyI<a<*8St7nsDyf7X6DfT4mZ7s=jjGdpAv5u*X@bhax)X>_Y1bVy0<(U3#cRT}V
zhBji&weDfFQEps>r+3?gKX-lgy`>Xa#qKEXG<r#HSVECbnC;)!qt1ciXzpQ-4-8Ud
z(t7dQ^FWJuY9U5Payq+R+tlwxz7&8UXR5+*EOC9%V-<oXpfwo!?JqaonA*3sQ;R~p
z&yl!6w9f;*1G`}P?S8FP%G>bJ_RS15*9A==nxNHEcu1n2Vj^syGPhSCC3^V_O_6(h
zxJ1|M5_Gf&mjPwBZ;!1H#zla#)Z|LPo^BH(3~CAinlpJ^XRB9L93X_57`F)hS5;M)
zFntW5Gygc*?-`Yu`gLc!h2m$!Y2x9JsKw+(y!H#3ICOtH-hJxmXBka5Q>zNc(J(9J
zl-fXbz)+E=KiZnLKQutlWQRhJ-5ZqzfsdPFF%kOTrKZS~i?v!Ci4rCWl1xWVO`|*B
ztws>VS>DV<t=8s#`$nbxo_~tMAgL{5IBUHiGz@z|ybi1O3%T2l2c^L4x<b_wLXpi<
z!{%C|+Pl?~mBSuOgCXTZ0jW874Y>E$irRcQ4J{Oo*|CF!>>y-^HZhyz&<@D2L+l;`
zXuNlzyL*uOU*b~dDVwe=_<``8)%favRmwvt(-we*CR@o2u~Xw_(!P`sy+VBLfhnGa
zY;?~|8P5r{$2YA*V?V0^jNZOboLc!o!{|OmN<on(%TZP^Igdj13g5CkQ@PT$e)ygh
zD-}dflmz(MO&8$fyO2H813<dEYgXA+ztw?sH}>qF2^wif$vii*)}v>&!?Mx-(yiP;
zD^jPV=F)hhso-+NWv??jN+!jRW;gBDc+bvUi!_VyjNk`dgRkrTON9ausCz_*%R$xh
zrqbGo7^2zukBz6M8%2I-;<&p|H0YG*<D9c%$|)rj@D<{Ff+U6BeHru)CEl`W?FSV^
z)Ap`@6p5`dB4Or2u2<3K4@164ieA1H_HqgQb^Q(5S$9a_JKZ>hE$*@LAcYf{S*lwi
z4Zmsl+!c+H_MRU^zS;nt#m3UF^JSINh#Jm03!Clp&gE4{v;pTsEUp+{T%^Pk;9Dj!
z`&Vw@fY=S9<EWc#v>eA-yiA9>6oQU0{Tw@#duP|$oc0YTn!KC^c!6)Y*g2}+ac)-{
zH!E2V7^-x5?Jd~G3fARM2k~C*7YGf_nWf2ax_t?6s!nVu9lmp{lEtD<GYQ~|7q}3i
zREM^7YE?6S&^5qM888@t_@1S|ZA<N)<;pfay1)%G6@?$-_YkZWdEKaQ!x-Kz;^C}y
zeY$-3m$Pk!H<S*0sQN@OwFBWm#f4ag+NI^EmYXaznzIaN!()kzcPC3!-K^BCwH74|
z;5%{^hJ5*Fl!8o05#@Tz$HXkjUOQ^g#?AGxHa1q)52%GUgEWnJG?Upr$lMm-XZWaZ
zL!D`s((|RrMN6QJDcsS>)XH;=Df^4#kJ&ow?RXDL8^q^P#$%af3N`p_viCtb#RSBe
zR$x<HTEy$1(JJkF9p~B}wk&#a&gP+l<B3<G49Xj0Qcje>A0-+9amk=x4;cP#$60|i
zZ?D`i9HU$Z@x@8w*spi5wGmdCiw2EMlh9B|rLZS^C5!eS8<%t4c#Ou^pMk0OkiOt_
zw}nyz-V~>06jBL;?5<;81IVLPotO7mm;3Dx(;$kTvar7xKWH~f677tzKf&R{yj?8E
zu-;ef30<{+qOBt?dv;2XA4f!=pSQJHpgf7{dttu4m@DIx?Sfr)&a-yz*y4H?9Sy2t
zopP0*|GaI;u;OJQexeOL*$x*En8DKlc$}jB870X_58D;?y-V1REx3NK^^e!T`7Ip@
zY|x?401Pwgi|WkZc@Z#}!b_gQu94a0GbO=!r2M2aAWOna0FZTx*|0q`o8B#9FR(LP
zfuCXDJBFYo8@s|M*D;1Ms}^6liIs0#u(4isxwZ@kIcvFPo?Sa9n|_s>8=8)bt{qy8
zix%|A{-&(auc@5klU5{Bjtg<$<{{<O|0WzXGxuCX<if|P@!q#H1N)_5F$3ifzguqK
zDG4-cP(somx4qYAji^fc6;!$<GA^0of3RsC%kS%j|HA*5r}0^`WreiNpv~ipiySM>
zA6I`JKTF^(;)J8^mU=|pPkYK+Z<7GJPMW(rRbhm;aWq%xX0;5;3SPhE&3r%5I;wbV
z9ql3v-C0-Gf6^ft8u>s=Su4uZXzIQimlSWs`P-^rJbJzpeFVkbNvb6mG1#wChk1y3
zj{SG2gj`vP_cInG2t$Y?sb=f63Ww6R=O)WM8&>3xqXvIC|K+)Re?~KE0zcPlklzLs
zqRcoUAtBV~+C$m=6{SC9)#SrqJes$38J;G;+NdM8LC%84BdRJXBuR$cO?!YyfBLY;
ztl#A<Y;${W)~zsu9V_T_oS+-qmhP($*Du*8SeG=!Z?UpJoP<bpjC%4T=cDj#kboXf
zqL}YUNJ&n?<l7TdzXu%#xCb51wr8_8trUJXX0>jW^^dEh=@&J2<cR$hNhWBb_g=F!
zEi}0Q5k3Yh5LR=lY-y;<oBuNwm;8oA$0w~|HYGIb{qI2a&%}`=Isz7R`T5i0?{_dT
zFVKPWUSJ_B;a@uav)#Af->}h<|M@p5nWTT#wxEuIRSQqcll^Cb1h-rr?7I(D|MHvu
zt2HjSJ52}H(YN~?|EcGXv}ghbjs*b~A0Nfv@BF`x{Y}RIKhv1HZLO)U#L4-wXG?SC
zhF6Q3g*MJNT9!ZGM*8z@yl<=W-!|Xvx)>fff4bjYJlzX5YV{Vp<let@q}&JAg_@bK
zmiN;3sEvd)Zy`;^^9EVCN5eLISz49!U@WcDBd=R@DRxfO2vYcYL=&BWEm9)74n_I%
z1R`3-(Q7^d=g$Yy8SE2l;}2gd#jqd%{qL*^MDL@l=C2nN0*Y0#PLewX#c)j@71AmU
z7jYDEXAH-={||2S>vr%(+K2+^osa#K>)xnE$JE{XQES?!^lk^C=Jj;;TI@dL=2xx<
zJ2$g#14Bg92#y|1M9UhLh)W{D<%~+aDsf$9cXxqFU3*@l_jD9mxQsih#|G@p%lQjk
z!s+KKjT+-aAZZa0QQOBU6<TUpM&BiSY-YR;#}pjpf40wG43WI&`&*NO$FXXgn#e5&
zx7D9b%TSRWfJK527QXI32hz8pqxRIj*)6A|EXM7wE?#!}=sbq}{hsccJxleiBpzg~
zWgfigFiHIm?TI3I$w`=ZUs<!}F4b4p6CTw)IK|}d&jjK2$?!4WP_h7{QRi_GvrT(G
zD&sec`RWIVHjzL7=cV!+!;ovDo1c`XdN6CeK4}8!AAJ;<$i4S<e20s(69;E;+I2cy
zrKhq??D~z*O@uu==Wz2;M#RE1FWitX`%1%P7#ibF=4hZ~Th13PNqkn9%EIlt)1y~R
zSDD+8&%2-!9o@5_PB?7qTOpF~`U1+THKnqH01DgIkT^c{-30Lydj5}%_!c2agn6~P
z-1E9Cl=bPfN3xRcYKh^5rMK5y^&9F6_<`2|RYKYl!t<pilvr|mtU!yP%xvjpZhZI0
zDZx70hnXm0Qcj(Ov6`Hxl$6S?y8Ag`apb7s{`@jTVHUQLGY(hNxVl4n`D{Lho`K%h
zVN>ID3h|rWgen8a`eFU&M4IJyAFT+oD&sDY^%6P`+EH!#k|4UmYWohLTt?t^Qa1Hm
z_)||O+3ia(0@91+N_I137X&|XJRP)-=~IDgchaDk<{BK8n_eRyJuH^o4q=?L#PdZ8
z{!ovH=%N$`6*x9djCu}Q3EeF9!qs(SwTu*2IriO{f^uu+Y<|^Gvzixvlr4V+A_q|L
z!pBb7l()g_Myp0|+Xx-kzN?eHey@qEuWS%J_rO7+4hWX_MLLUAWApD_<2V|f2u?S3
z8Acgvja3nVY1AkXJX=7CDHXN73H#*);RpM#q{yAe$lJLxcO~XO%t4MhaZT^%LHz=h
z%%}Y2f#SfO>;5g!CsWt1(Gi^+{VH_^)EH;`uHcE(mxD8B_nV))o|7zPWqwLeAeS?c
zcVMNKvuTLI%fRSE22w>Fi+q@Jm46qSUGg8aSCWXu#K0h97tEWHqH^9gt4Q+&8+NzU
zJfNrTmC)r(s2@RcFr_P3m@Dasqw39h$Zzdpm1j&Zms^O+!zP6tcQv{rQp#-+Znz1i
zWD-nU(T^Fn$E;te=ba4>VO0#(B&*xF6c1<>su>J)J$;MER0hiXy!E8TdkqWM<k5=H
z2a00kF0^*m(r4fkAW~;0)wRwFDoyyCkll2+$iAc^?Ytz+_Lp+KJ7#lTS+=o|Pk;4|
z)#dgv=)PHA{`PgVy}RHR_m$O2fpIuWM38aG#@}RE;>`*N=f`VJckKsqa`K-t?Mta~
zT@}yzAMxBZkbcvVX;(IV!!S>v5%H0t*a?2kUg6*Ga|q@Q&SS_+;SWQ<MmAhr#{eh<
zrkxmus28xX!~9_tBot&NIM+0^r-ci0CtXI5zZ5NRR_ZbhcrZ?98w*}Y&oHK$GWMUb
z!KRs>9E13Lr>jQK)|GDDdX}w2xEGSGid`-bL+v=`%<$wlK}unO|5-;|B<Z5=%t{IG
z{`T+YOz$Ht|1@7SMlafj-5RFJ*|zaU%CH_}+I|#H^m<^r>eW7QSCR|fR48*yP-pm-
zJPw%CkA%E_^hLIgd5(o^$j3g_HIC2wno>JtumY)Ka&12f=BtFW47eNeY0!JS-{gRZ
z`ZxqD@+=E*Y5fN`YM`1lWRDBmd7^-qdrVW_*6N<{a$MgTHSuf^TRNZ5Z#qMNLb4mg
zyR5f2&b=8wL{?ayoL<t-zmvs#pLDIBBPs_QJCdV)$+&6b-~DB27U3#x^$A2zKyM=p
zYq}I=d|EeU7P4FY><*zIz#yzf1(iz9=Zn1YLD26u8{|qc3Adf)2p<+i?;p?Ex9|4m
zu;JwmR?EDYfBc<!|E?fyjv^pXieW~`uwtsAM1C-RCwz3uwCU%2$oV|8-gF;I;zDz?
zsYN4HEw&g{_izjGyRNWT{l2n4l8jBS>*(66;AYlmAR?^V@2wq&>BXV`2DM+2`WDyX
z=#}O02kQS(L$wUuEY``Vipb=ilKBtW4kNQs+_Vr`h(9W6>}hH-&`{?Y7OeW}khz#!
zz3q*opUaOBiSnfs$8hr(gHxh+!DhS;gb8jv_8632_VUBNf=%iA_UlpdD)?TZ2d`h+
ze`Q)|_A$cS$zxM?g4dsjI&vV8-oV0py+n-wWX9&I`13soGaXvImTA8M+ovH*mpkj@
zD^%-M)0OXe;E=$L^s}~>z;j{JGKbMPyQ`!+(!o1;FGk6%&E=8HjSgizSC0HS{6_kj
z7R37@cIlmSK0(UTf&cnn0Avp<m(I)^O-`_O77Lx3UsVo|gPMOV2VHWB-E7AUq=D{T
zMztF$qp*VvRFb`_77K7Jj(=q>BwSwey9G3l1y#fY1(YLg0h{#|r=6o$pB7Nh#Qw{Q
zd|OrcRvBE5ryIiHCi$Jo5+&&L4EI>ZtNr}pgy;&<q|#WcM2EVwAWa^XnIg@LG!(4&
ztk(YFMR(>nvp&rjv0X#G%_zOyv-DvLrVn*oqe=on9pTpjA3+U5&2Su@pwb8;>9IQ7
zGBPtWvxx<ztBP}T{gghbfrK}O0qnVvfl*1^28Jbuu%{F7q>hQ|LE`$9O$N#{NY8kK
zPCWH7@8I&ijQnH%fue58^>|{quV6SmX>@6#v`;@LFY;z}esZE*-OWR-F<{@|EOBLM
zNlRD3&38Iph59+A0|nzqQv9Zhy%d#xR7n7qwdF?zqjL^=PGcrg1<!uG^GZ{+Ssg%+
zv`&B1PYJO_?`@=be>VkmS`GG`qjJ|f$^OTUrXqYrPZv|indZg`6ZmoUyV)3df_E|y
zdh9!e7+?wLIpwokFS1iJ_wd~CIQT}9BEYb@*kYj^;@|i*8;7v}Qlm!0GA7~(;gK%Z
zwNk$uRT--aN*LScT}+5fc3Hj_(=IX*Tfb_8ZUxp`oh#|op<nUAu}~OxOM&FOE_(RG
zqbnw?Ui+;lsEh~->A^?_SKW_iy=nZBY7cc#<~LO9La?4qu#HgnPOf|G*nm`e{oC%-
z^(lcZ6Ny&c8*|moy*L#&o6)KQU#Zhz&{?8TbCp^^R^h`;3ocDyuwqM+pL*iUjzpJ@
z<#Dtv@ftEVtvtP1TOzhoaU&fms9!yi&Q%i`^gpEYl#ck<Cd8lKRwWTyFs32_Dbc#@
z@`p%K&0!N#G?PL~^rT0&cXT#LT_crhHkpo#pq)HEtH|EEGST~U%2ns;P39{W{U02I
z-;zrW(nt0r97*jQ2bD)q2Mr?IX?pXut3}4A*L!d6h7I3sSPJw}Z6!N^XFWxS-0>9x
z)OoC~l-7z`o1{J9RcY12c3=t=ztLpjSi@lH6;xC0&3nlmp;`ibhno7!m>VJXIp2j8
zgqb{d_F%Wr{ADb0N&+juFOl+oDwixR_f;6yj8?0+J^_SQjl-HV-=P_yniT|5HIjE8
z@iS^4`c%-vO(kUQ7=oUNsutA@-yz<KjSuzIO>&t`k<!>5PrvLS1D2l7oxtR2;OZsb
zlSHT55Z%+>CWukpha|wUIDq*Vktf3HnB`5^vaX0d7iVDa(CsQ?na1^-4K^fUC?4Td
z&HHu5p_Bdsyu4`$L@_!M2ma44tfcEb#$&VggVqKmw@j|*8HNLjsTzqnc<O|EOnRx_
zrK7cE_RNE?wY5o*?cOm&aZHQJpbl-CkCtjKO#g?xw~C5uX~QsMXaWQe?!kfu*TyBd
zJA~lcxI+gB5S##k;2zvHXcF9mL*wr5);*ge|H+v%b2AsS)~s2J3%c2K*RHBv_0?1F
z_m)9q!6TN|n6v?Ia7ru1FazC*0+L4gaXBLylX#G>Tyd_iw(8aQuaM8?Hi?=H7`@B#
zy8i89k}}7Iclj1IWL@jy%ZZv#&7gU?XVtdOO_rV<7y3^t`#)KrO5|Jd=cn#pzBpoE
zW^v)#hJLWBC~*DeiP!fSQ)$huWWt4xs8wm0$k1&SzP>m8CgbzBwq<1<c3r$GhwKa#
zNTpr1J2+v1)|D(T3L2@j$2AHm5PQOlSx93MxjTjdd)?q$?HpMP&83i4oc8S<qnBdw
zJ+IU`(Md5cNo@@MxgRuK*S3+LrE><6WMa$x%&4>KziVr-zMc;9j*PV7&&dk!RK(iS
zZ<U-(D7wR!ujes}#W!9~7XJA)9hQaN7+K^43;{Gh|9~3*3$1v_qf6a8tl%=)Tp{gG
zRGB8*bh_F_nyB#U^goJ%=hSub+mDWQtGgw7@r_H?^c#9*pV54IY{??_I?|&mHf^M)
zcjTLxdE7~XiAl{%`JQuaMwt%&($fW!TUFEuGaV*_;q1$`-fq)kl=a+Fyz&(WHeNR=
z*6mi1moChLpbTL^bK-El4a?m;;d($1v~Q8u{JLe9Po2r<rS<ECLggUl^!l8M(AtEF
z&p-xT0{=COQ`8zwr={=J%Ai*mqmQJ)@3Z3&?V^(K`E6+?QWTY6!gPDRdkxmD$~tQD
z;s&L5nv8%_YnOka8N#O+z4p^qrEfo1+xpN`*S~ewIzdz`4XRA7A02xQ%)d@X*!tH>
zVzGiEy1o6nVvCnA=_ShSTO_;r`FXW^QA`@*zLas^HZuX7C9U_N_ODL%%MMc(r^T2e
zS5>e#>CREfFu}0YBxqpm|LXhx7hx;%2WXB~FA%E#V2J<zu20zS5wAXBJS6=0z;i$R
zL=)cYAkebkbN%b%{s@!>9Pf1ySI;vZ{%cwI$A=X7-Ro0WQ7s<-HW~i4(x##X6bAoa
z_&T9lrfzjQZd_)~_H!lwJ6T$0l^-L4Sj1I#OIt@b+`GW;yVeY|#~5ry$k+1jw(YXP
z6@GNOGm~v6Y4Pfx`*x@E19pk(mIU*~&s5MG9nVg2do?K`Nf8)mD7nBx!n<o|73DtL
zH8eV;n0<n=vID*A`UtjaZ5jT1U;od&J=$ntVFTVBZU*)2>NcGrGCna020X>8qm6n<
z8Zqg`(aGt_=;oiLU|ZhlnG}Nlo{P3f`sfdPqK&jHCDeZk_rGR!XMV`Dbv#=k*7slX
zH7gCEG$Nxcy5D>LpT7^$04U9=3!Uk|auItf0HxV|2+8_aZ~GIa0rDl2Ark&-;(x^e
z_ZNPTxMzfzFGK&#cl{j`9_rmQLbu&tj{hwOHx|GMCBM+2{`Ui&?iu0#gBx3njgcSv
zLh)FlOI%e>uDH$Wo@oH~37fDxFF;qY!J67g36SG&E&cJ!%gc0^6D3b1h&pCoa*cv!
zPN)7`AJWZFROEyQ|1I)pqwqrnwlX)2rABoRniX~HY~8*L>SMB;d!>209GEec`fS)a
zudK`OfV171GN)mdTNOUu$R>j+A<$aiAXL0=MIhl_&e4F|N-15311t&X2J%MD2S=j9
ze6z}tFytP;?ggv0+DdeU;^n5zHT>!v(6vCStFc_^ymvlg_yQu+|K^#>b$gb;2U`@W
z=hQuVCsAO0bFS9lOz(SzD}QrNmQmK4XdY2F=kV2A>h9$H{Pnm{2`o=nNMgK5Ba;O1
z7`g^=TLqKYMf7rqx@p;GAxqtj#t?K^Z-v)}+#Hmi6OD(t|I=WHCXeV}l6O_Oa=m5<
zeRr9S-_-m{W8UCMx4C-%qi%yY!XC6an9t3k?8(D73CtoDl1Do40B!w<@s0cQP3Sl5
z=CON!talYE$Wh_a<mBAe&<~y70x`g{m!6W+|K4nZvrscz)6gqmHRUy`<W<DBqMq-9
zQ1fPinc_(Ac&n<0Zvp3ZHU>R2SG*k}g7Wl8ZoyTo{3fvNak^aem_D>@&C#@P<W$Bm
zCOw_y-c#ty)QduuiYzg}IAm?-Y)I~=8iw0#_+B#dMX9f(q+}vibVP3g8|QNN_<=>y
zB!~c#?Jl+UQpm0hE_oMwB=JuV_UlT0zeH@pf=AANbv3<4ox~tT!NCzn$PJcZZ%H%e
z4*Bvr%%i4C<k)OjE;m-W`!l1aC9QSbU>XR_ouJ$l-;)o~;giy38yfsh)=X~M)ZBa)
zL(cpe(*kCqdY`<$w*W7jix<QPHy?KLAB>EW@D*^VGpOfOn)Xh~r(b3$``)Xu83D0G
z&0D{_#U-lKgC7An1f(JmSWSrMsgEDjZA)Ruc~@?-)G$va_l*((UOdg|&Rq&tq`9wP
z!V14bgWcFpAgs1S=OUHfunb}brTv_@;x*CO7Nj*}<l2?*o$bzkwt1#_Ow^HF(54KZ
z8}?;CqeA;<xN(2|u<_9`Q5l+wPL`cM-)LnzBnz#zEbGe2O!cc=Vw@89=6HhTKxl5Y
z@7Wujic51WRUxL2zqp+MnUdGF+SyijlFm#tzb13ik0VH_woFkxQ)U|1`e5xA@m|>5
zyQ5&TU!5S|JeML!Hk#hxP5_d2Y!u)wg$A+ya^^<Q^*EK=8gaZ-eblr6Gf6W{aJrg}
z=?j0b)kMBsiKqdq+?~}UpQ9};7diLagPW^rhdnE3w_a-^XKG;uK|Wq*)YS(eBL1XK
zpVy&RI@gm$Qf^FyGinNpb?Qa=y6G((mYx07Oap0x?>Wm&$NCZlz0T=vGvo7p=lGzd
zZ6%4fo@cbo^-`0}agj{i>+r+uP%QR?3lO2i#*m>>D|n$r3@}ksy74$!)nLgXoG8m%
zZZ)izCc!V+NUYiz^Ia}mjR%i`vd=BgxWN-~R^!DYVZK-D{3ce`YAwo58ZtdGG@CPJ
z<^_s9SRFNOCcvfcCFD|T)<==o;MzMK-l;!xrSFIQ?<>;4x>T=P8WWIjF`yCjn|&7O
zvOj}@q^m`ITL`x1>gLs)+z%EovejG5XbdOfL+FhG@eNMv)R!06e=A-}wfs==8RFgp
z6r+sM@9^}Slk<t>bM-<cA(5tG3{0pl7bFI~ywiHH>A<3IVo$C44UIJy+e4-SjC>vB
zw^hTAYrQIOBZ;9D3ALVgjrL1fBegZ)(M}yH2`*5Hb~E1`Y6Z{Z*sIjzjBCLme*K<X
zz;R1@v^7aO5EWO=<4ppCgra>C;dtRMytG)R$UXz#3Noib3npy-f`sqjqKRlNim9hi
zUiZcC6fwNJ;Aeyu^6`x33Og;?B<xpb+jUIbQs=v4wer?9#oz^4lx>`gp}~IKNBqM<
z{d!?ur!}=lXM2rqmVlgOOtzAjJx?{ZQ&H>0f`2d${1u{eRVhC!#2e3PtwDGVeVdDG
zSYsAJ?8pZw;%ix@j;8C;0J|y;G6Hj^7iU9s28><GS6JyOFn+664UBsM?_WQMJXqz7
z<ksYXLl>sY)^M04gfC5}1`_|e^1PPQI;_KJs4u`U&$7yF^zai|(W<R(oyLp>UbOi@
zqHNU$jSG|tIteYF=IwrTdcyK7V*{zF9o=^~Im^mcx{0X^BMr-}KTY;zoh2ixD?Hbi
zr8$X5JM?a1XQ5!!JZ?0XmXNbN2~uY>ELUSX0ClmtnMb1f)?D_h?x}A^*@mxJpJs`M
zsFVlZvaJ~0uWT6Ej4_Fi%ypewRLI{P`w-($lce5f10BuV^1;=OIpE&bqSobD?mA6Z
zpR`bWJ4lkQuJ9A@wm$kDNx#qjYynls)x`wF^_Qhkol|?ONsMt;M_j_&wJT5Ji=Hku
z0Hv@L<dB;8D%!!Z>J+zeOOI7-e&+O8G1m|~aoyMIE2$%8<zbwG6OT2jlk}Rme{^qR
zsWn+|$7>)3Qb+LL-CKB4W)ga~Q-U!xysMTkZ4}0(MSNNem<&BKaGCnxVdYOH15u+h
zjBFS81X)9Bf{z7n&S_cM6p|R1KFRCCG$JF`<<doiBS}?HLK2F#MC!!sXyq<H`rg%g
zMvOFtMK{5QTJue-%&bWBEShLOioG1R$9>E4qn08&BIvR+g2;JkSpwH*x80!z?U{2F
z;%u$LE=cbYn=)JBPhi4V=~?cuoDTiGefv4!c)0_pGDAi~ZzSiP(^tCovpHu(yIyX1
zC5O=>WtFr$)*NQH=DmJeHr2Til$SkWRbCedsx#(kUoj7wN{D?dH|nd_X!9WF(0ffF
zpq4^og4^Pz@;JnV;xiVy@J{P`t<B(N;X@98QCPLZ@Uf7xVZijf#>)WWy#qWX{?8rK
zo{n5fQj)<op9zNyEbGYjEk4+5=J`2!|GnoQ8JVoF17$XXSDLDi_Jg4$ny@#HVUzT=
z`chXHpb2Fqd)6A8;S|D&qC5`0RQH}lSN(>3X9tIh)sDU&7C#!+D_qHkC%)2$yn6+T
zSjINjX<btE^jTy)l><ziJP%rq&6+k7I<^CaA6TQ@dmjObiKo*}o0~_*V;KfM+rzoB
zBkPu?2uSccE+^+ErI>lzX1s`!V61vvtSlYopB2b?qh<qH?<7JCjYUL$1T{NywrYs*
zr#*@eA(<Um&P`nH&|Fq(HP9#Qn=dwvIGhYZuWIo|{bp+kA6}sabe&g`hq4SP9>?p-
zx>t_1-c@%_V=X#IPH?~lEO(vU+$<fXQ1Df|W{FB-n(>CQnSb_iO%o8IG_>p9*C{PC
z%MrNh&aL(?Waocd`@sA!9rlD6wYyfdVB#n&fu(2;aIv#_=_AcwTw5y&_D4=8L&6}_
zFbmF=z2%mw$4a(-iSFZdmbKw^rWTCU!p7l8P|Jf5W16(O(ngv_D}SkH3D{@8lIV&g
z+gP*om+3Dbt<tVUUZ`=0l{MSn4C=dRtv@hq^`(-*%D$u~SjPCMbTl-mPpyz}d&l&$
z#(J_uvx4$Pj|!V?d`Sk`aw@Tl#pr~xGEZ73@<-G6a*EHNhKH!;#q_U~;UA>zj7_r#
zHM?-Os*#Tpd%EmME(iM1=<-veyI4(T4NWW0?#;MujZX$wB3`v#ja3@dH}Nnk7w0#e
zi|^?3%oncWwN}S0s$9Li+^jkHz9d%dzV&(>{i+xDg>*!^h4>^Gak!QQK(!OnNc^5_
zvUu6<GO9rbplp!0q3c$FVkez#?JiM7x^hz-#Si5xvup6zyLg?$za>P#AR0ycF!)iW
zAo0dvs;0kXGhdBN%1N=YZ9%c&Z0N>x=|a5>icjvewewaCO%G_ESKi|sI`j2x)Fz8S
z)*7y*cmos65O@RWJ;9Thvh9X4G)HS4#&eov8^5yz^u_{{ztZ1SmXnZ@Dold)G&^=p
zV{H?ucs*B<a0XA{?U@P9<*8&}Bt~!MXWA?PyEkXx#zvlK%N)?n=R+ttim&h7Xvh=j
z4CHv9HsHYDE!~SE_hx7bCukFc8ICH^nMI)#<Yvu7hu*i3jtJE~lw+7v@kurkxFN+0
z!bQ_;x_Ra^s$H&o`B?n+JA)_Qrh=;x-ghqo?G?=97V>=)vD2wo`2opp3)Y0~PJf3&
z{Y!7Ypr+}OmD`S|V+F=Y)~ASE9YW5lAGZVahE!?gb0E{xQ|u+LNO$WFrV2(HbbxHc
za42oskF{(BBZ^1I=)OjrKI=An<!vR(SCim*)>W#&u=NI|CMVIE+|BS#U?Q`w&pwX0
z2Eq^m!zcd)_3pDMQ@GLDmm&gu3?t0RpLTI}02z{YxwSB^heE{%Kzgn{>MXIx4IcU6
z37Qn!>(it;H(^Sjn$m*aUT`J-<rHK^cyI+M7TH3-<&_k;sGUM0Z8@-wOTPd5<z@48
z8p?2)Cg72T_exKi;>al)P&DTW*!KlgxTgqt?$+z*bk)ky%YL{EiOo~e#8X0S`jrq_
zS&(1ye)qmHvJzu+9RTaiu}UpQTY;_6PW$bC?NiYMq0^ry&GbP7x`4hpk7IG!UCQ4+
zs+!GfJd)O~^-Xx0np6h4F7@dybQ)UvZWq%)$a>ON>F3(%bQL{l2$YZ@S9z*M=k>w&
zqAhBQ7@o!%H6N+$+kDM!Gb`=md9J3jXqa%9XF0yz7cCUvh)mmRy2UoL*0t*S{Grux
zHNoxxAO84St!9ayw*Dkwz9hX&^gTI`tNy-S+Nr8}ibt)}L&M>rp{<dWw)?cTM<Evx
z*DM#j>}NCcRW=v7Ld~$mkOYoeQ|P{Iimmi4BpW6oT$>y0^LNYmb$$Lr{?x%c>fuoP
znbwWDVaPwDA3J{SV?Uy{0kvU^_ZzzUzDJ^t0sYE@1YcrFKg?}-#Ke1i3h8@JLH%LF
zJ5<Kn>M5l(4zS>nZ!A-Nl3YwF;QK^;sxOI#QGX3zHmR*)RmuKk>npZ%-m;3j)(%;V
zkul4j0%jSV;qcHEp2RfrBt?|{R||<S8cP!fq5En3Qf-!#1MQ!Mx<JyskU;8!FapW1
zD_Zz%<gQw=78{?#F%Iv^yIy4NHwj=h(DJ{q#CLT71?ba!y!|JX`a7nw^nb6Jw28p?
z-#noQkC^W%0p<T|);^Ca!ybGh`R7Le0wLtK_h~y^otVx4tPTH`AlZKc$O!&JO8$S=
zOn)I7Vd#AZlx;Yb=YQ{PkrF^H%#Xxf|8DrdKMt^hzRyU4zK}ZoZ${F0iTg@?@^Sb7
zq7nlDepk&Fxry+fa=Z__2Q>GVMgLJqjUWQW_`i2m5_ZKTulyHw|APqTpaI1g?c~YA
z|8F_||IuK6tJvKDX!7vdfukG`eEC#qHt<GheqM%wH5MfElGxqi$;kC(&KXRw8XE!k
zUZo(+K>eqsld4hUFY5b7Kcsu)$LshDFyT~1#Je3#<IjVVK3`M>x4`(WuC9i+*v(ZX
zAoq^n-~)rPx=E+83Nf!jl>$orZ>|w`bEpooH{N&N1@Eqoan2VXN{EY3F|q5`+Eg12
zyg5GW69<InZ(_chge;%J4&65I+~%`{nmtu4HhuVj$%Qjj+1FZ>*0sNSA>>_&b`IF*
z<}}OK$5XWrZ-5>cVVt-72|~j^R)3Wl;5WO>S-pHwVR_R(%8_9R+8!yO`b=k#qL9WX
zgF*U%$h4|6?;NI06#C~5v>y&t2K-v6qfp|<eb<PtMP5bj7df^!D0zcx-6j6wvoU9(
zdJU;p9RD|`jj!O=w2nu|PHO%LH8$Fnzt|P)vdrX@>PxiOdgC$^RcVK@(TI3nu`@GA
z0(x1xAkeueyk$uBuEAw9&oE(R(_zID(3W6Rv-hTxJG_Q`v4p%1tA1IgUWMqxZjI=&
zb@>Y6_)4W(+Gu;>z{6^`Jd;!2YJshdmZnQ8O0g_W(4w6mtXh&ZPS29QGsowaGd-Gj
z6!yZf*#>1<#R-nZfdl&U@mC3duNe9{-2czVXBX@6_>EMemX{|GZ!{h`vO2BHIm3Ow
zw7G{I{+S2$xmJVQ$lC-+ouW6K7pVRxd8+1*<SDj-2cNLctZkp6q2&T_&k7W4bAnGN
ztXZa?2dwg_Lt-CGUeQEEMMYhI2&Nq;4fU`g&I<{5Hn6r1imDcSy5(Lx|AIqF`-L}<
zLv&YZQb5=W19H=5-0ZA-igmM(b1{b5*l^m&yZ|GXRR?ESeJ@}b^Xlu_7ICdU)NBkS
zV@#COPYO6=zdCV08W(YnXX1J(f0+`vMyOV%U<<tj+-Fw3@2(PC?66E$$>`@m>=(i9
zwm<*Uy<Pw*_`5>!bSU>@q%+D#R{p<yvg0UxJW-!M&Hg(9N{DTU^za?Xs!eC^!GzF4
z6M;DUMt?4+HM~6jrqeng-#G-U+GB^yv(y^D_cK5K{o=>K$2gy1D2a7Al6z>ycHwIc
z7WqqsG{6)>rV?-iw|=9!oi5;nhep5?-CnHsGegrLtCWPl@J@N9b9f6_9^3O=g$;Fw
z1!|%I0dpQrUwo0z6(MLHyEmPi?DM<5+7Ad$8(Ottcq7+nL}(|n%K$X2EVv<OFsyy%
z;UxHTJ*?~{BepFY{Xyr~x<FJs@?l3(eh2@r1J_CCd+>zb1V*X0;AYDyAgx##t@cDc
zo^yvL6km0HjFMP38Xw0H!akG){n&blDZ<b7G9G|IvTPL<92YZJr)^p3Y6L)=0xo@{
z+XZ;cC&NSw#WoeJHk;2UzD#QFHGAIi$$#MpJm0TL36Q)~O(gcl-LR$vSVy(jfq_e@
zOeOrTK^&#~Y-ddQ(Q!h0l;&irec?a;=|wwzyO((;@bG;M^oGc`KgVRdmk+S5xgSe7
z+`nA>C|t*!T3~uYyY>A?0EhX!TeazqYoS4I4ChrNxLKyT!A&)31pr5;19phlAg{@X
zWD-YrWSKM{u&l@*7Gz!k=PgJG7iMMnBb49nee~B?6Bb60P+CHwqhvt+0Q|8TK@=@j
z4R*kvz<bU-!|W#IL`r7oW}fGpXR^@rx^3P&6&06ZGh8+Qtw>=%!;DxOnfOr%3P)7p
z#$h=tDr)~`c(z+CySV~|?L3f7px+Ru@-Bp9K8~y}28vsxIU1?oD1L;5L5ekm+~~L#
ziX7k!o*C44{*vppmMG$pBm5AP8N$Vu{o#^Zs}j9Yd3FV&Hb$Vk<u{shWQ=f9WqlxY
zZQ3c<+po~l8%NJHGHF}`o|1&OKU*^l2m9S#S<WV8=L`GYiiU<&_HToc$fofwtYNoC
zlom%Zru$_nLmF53Q6HZd?f`7|t=@!^%80FJ5VzW5|1*=%qz?U^QFWJEXDnmsY%rD%
zy|0g(j8wjK9lw}o?MdKfDU{UM!~XQl*YUN}GibAU8GGkL(tr%W7e34yfPVMMdhfE|
zttHjOG3ny5wZ8RyK;NPcziIT**a@)saIK6?_XOt=>cdv5MM{yNX1%mu0zrXkAh*G*
zU`du3&oY29QCfNDhzk!yA$j={^SLXrQqy})_)62mgpnfPu2_51JD1VH;?HsL;-hrx
zESO)knWsTM<pzWRbzkpb=p(YHQ}?xEh4!QS@kXBE*HP|Q`aw9yRPk{ysj0g)8zzC2
z*O0@iSDz=S4C7j@FG%mZ9jD#Y`*kVitk(6r6%`ycf8~wnU5c>^AKe5u_vn~$ATd!H
z`u@SZ_?KO*E(Ra6S`oCjGQ8BQt%GS)BMQqAA5VL*cDUzBC6&Gf<uLQ8KG!!=2ir);
zF{{U{vwXx^BN$&$_10q;#K`<c0?{2xbz3wn)>1CiE=l_6dOSuC9a`zLgI|!HJ|Y1*
zi1J)}CK0Tv=)pIu%x&|eGCfzih`giowBaTjLg4Ns>|ddq6IFE|pC&JDq!9?0=+<T&
zKvMi)J=v<kQ1NB&CB>pNFl=_6BakngL~?*wqnzxJvv0~Lb7Wz*&1YKKm>ph#PULUM
zw(jPHs?J1oA<bTAcjs^6KFSM7h48V9Dq|{Du+PcG?XQ~_CnF&L)<W^p*jl_wOCKeT
zB0{=Z^D_S^bG@srLCAS;I{16{3rscF5(@w$0dPb=iO25Qo{7vPFdkW+&wj&c!<zGt
z;>jrx*;U#so37HUEL1LGh;TtMI$Q0Q&P%GsbqddMI70WDIo;Ba_c1SpF)wIGlYuEi
zad5w}XxIMKM*Tu<8Tf3ALLege#Oy=->zA@`YmD|U(w0}!NELbj`6_Q@vHyjAer5nU
zFWj{AnFDwnZk~vV2=vTGNP7LxCC#^$h<@sxpWZ`GJEOQSyS*byJ;X><mIwMb{fD2(
zeB~CHrO=o9qI`2W7`}{6eEBm@IA+%SO?o)*&&<>ZXo$biC(IrIX_xw}-OCi8K`j>P
z)7Nj+na=LMwzQ62BwWK@>(Jsr%vyvteHOlX(+?zr(p~qajX$uY^0_2s#G8n3H~*B1
zz~BUtPMj@0n~_aY_I~|1E{Mcl232~c{GDG3-R1(q)2-XUr_1i?4K-FFRPhbYo5FjI
zu4`4kBz<gZUpM;iWX&i_x$PSGcKn^_6{8|TBZU}`M+&X2pB}kgK`U=v(z%)gcw>?u
zLLJF#d=E;vr+FuB2`~1<p;cg(@dEW^Pv<?#U6mS#vwguIQY?2{qj?hcez%bk(F?xt
z0KmSRxkRT@`oqis{AXa;;4U^6ak$yF^Hwt{XnuL6IPM1;$0OmR9wN^As8J)U2x#!7
z8FdtWUq>=RjA*4PZr#S9VYJ9kwingR!bcA1UkSU)J!Jo=r|53i4YQn<g+J;^Wx-I=
z`or>2|0GiL0Y5$>0h!V<RqyjvI%5>nkrb7Khz#r{R5DKAe#DQ2WEU5gtULT3k+#gW
zXP@H)gWH&oq2tz+$SUh-MBE|pEv*p*md0qP1Ws56cF%}qe(3(xH&vjLRIpw?E)j}1
z71+ad{muifdy$T&`zb05+Axq=i5m5dK+Au-=y)Y2F;b~^r)kFdbd!xiCI9(&u|Wi$
zBr{&eV}6T@?71I_0n_wTde<IM=c7{N8CUv33pI%1q0A?Gq+PS*%_sBXmg89j@@cQt
z-C2Xtj`mguu)!x6)XnpkM|fn-T-I%al_7ZfKo~o?=(zg=&H4J2z+B4;Os<X;ucR9+
zWnEq2IbKM~zh|a`Clo-meXOjUS0FAE+|$-@wv*aHc-G49|09A0YF;a}JGb!*kCo2A
zyRqP)?&jto`1+>wy2}DasTUFD#V<5_(-|n@3Moj#1;*3B_oClP9}SylZ#{wJtlTbW
zPOBdD<kNYE4;dlY&MqI0@H<|zYOu&>4d~V>Nl)0Qg$o{tBD}C%;(6N79+{KKV?@lP
zSN-LY*7iiDHg>2<mqJWIl_t@h)`Hw^nh<>R@%3_Slm#Jwxqn+Bo;=~`w#&}ejLgDK
z&aKbQ#Zxd;pU>s3Bn?xldGbt0U&2#PfGAVtyH~u6i%7(IE+AiLI~OYWh8BhBZGmTz
zp%-9Z_Q@A7J^9(qMx7xf!iv?Y+IZ5=YH;s<_m!VLS+Sy`Vir_0O)+Y^l#jB#zi*-j
zVO^L%9YUBO{?g+*EZFFl3!eToWq1P1E#4J=C0}VWK6BeFkCE&SKJ-g`uMYn%Laf%;
z6$OhyC*h@Rs(B2TkWFZC3+Ni!(0<e8d52iowqXuAoVSP8!5^IMjf=4koWS%KV-}`Z
zgf`eJVr<is!|YFssIy_MM0@PIWF~iG>J%Bzm4MmnHtPMm=)0&21`*(mOAPV{mWwk7
zQ8@qzmrv!d#b*j?e?DJmWc{q6H)i$Rdkjn9${(GWM_e^e-pTVbDcA91PuoqUTGdi9
zQ(68T>x6gj=(e5XK1QXxn;m0uSQQT9bJ=NBY^-nxq2<B7ERhAz#0@_^s;yv$xDoTO
zh8-JW2*yWwdsc!CT`9+P<0^nV{Xx!cI~9G+I!cKmwYLbtl7+>W=`jr^bnxd#=b_ab
z%QCF!<}Nh&@S_p2#TfV=Nm#W>nJ$5vj1<#3W!(|+&$dSs(!856XdDHNZl0p}df$>D
znVX%}1w<7W&ASMY(LYhY-EVR@Ud}L=h@*>7Q;?6h&|Qo2jT+@Kjy;P%uhZC4&KSP@
zkvKEIY&;I461x2&<b9yO)QvXy>(@|v__hDW4-vmW^&4^O*z`|i5YhBVVv60{imQiS
zE8M}Y>7uV=nPfF8lplti#HHsA1Cw{kx1_Vy)*15}As)s8yZd<IzJHe?=g_Ov#?+V-
z07Tui^pDmcC4G`H@-$DT+*+W|jIpBsi3NRhs{LATVwl~0y#hY7!AOhad|RI*T{_r1
zbx5Yg{U~d4zABZ#+Rkz9XN983lY{8GFIy8Mb99EfX=Mk)NQY3gaR(lsM^rCSw(FLR
zmWpEtQ?tM(#6?AQml^0+mrWbVuYR<CzuQrmUq6udG+bPnC%rIF(M+M|`7&6pU;BCD
zy_XLE(BWnZFAsaF5cb+@xAi-=<iw?w)7$8Tj$w;mcJJ{5%X*T}r?ttv^$kC#iwghI
zv+5}`UYKYKjK%)-`aVv=pm-D`LVEc#I=I}WQ09+X5T;mUd_rtT<MTPWSL&}W`9}qP
z_xboBMJpAQuJR5-rlGDb^Vc8uDIUG?_s004DZ%(h<OS5^pI`WAAQt%jF5rC(`2xr%
z(<<waD*dav|GDVm`NIzK1+hc*;lE1o=Y#OS>+Ip=8823E@>ta5|M%X%E?Fc6?rqfz
zxrIUJ_Y(h8kbSZzH~}fWE#G-#d92yq56#G-c_a&Qnig`PJ~aHp1m$O9ff-Ks#xJv;
zn81--`DDtZ)Khva!M6|1_8{MrvI>iSFZv?LPnfS+0};tQ%e7=i33kY;Q{^jIqSGwN
zq66%G2~0;FuMX0TyriKSp4j8J0FLQ#zB*o0TXQSJYKHapjb&+Ld)jr&R(temBv?)T
z7<$z#YsQD+C*r5}I*W%y$TJQ|R?fm+X(h=yJSv6nEhYe4uu1R@;v}vUO+tP<@6bnK
zxJ;st(@BLni_~);m_<rK1pQ##*759V>YnE9YO_-X5QfS#x)Ajn!QOsJ6B{l8?n8q4
z@~0WC@Ki;w^L^X`z-C=RQD{B^h$h6~{f5HOGtJ~Z1z*EjHF{{h$I}7B7X>~NyiThb
z=12lGFuYd=mHlg}=M;)*0vs6&D}x#A=0hXfoI4f^Ek1G1H?{1<+$?Cme*W&U4(DVL
zz8ykRJO#zmE&AoTCXcYlR2~H)F1xQQv<f_<=Q}gOKaba3g!+=nzTS#EI5?cj!SgKU
zg3zihdQ^@WsHut2Jg+V7Ce3u7fBX1eH7}ARA2F(L_jZ5w+tX^x9gU>38Jjn9a&glI
zMZa}4xX}|8*6umdJyFFAFMoe_q^DYT9Ua$kB7m<v+u9JB0$cxc^MRB^Xq~Ot+qmFn
z(8!hY3Hhm1(u3etEd$fky=B_bo+3H$hEAb43L)rP_IfdPXtT@%J|%OU9-0lbL*w3}
zTQWgf{iXYxRlpn>9@16dIzZ^}C*-_IzBg4fLzATLnb1utG*!?VtnEoWS9nKiZt;nn
zmF{DM>pt~6T!u?zLC~qGLpqf?Isk<puXTR{qCUsFX27OEHqyc2Xsp(Sv6nc77a>3|
zL-^s*{_eLElTPxD-bB^*#(|xyfn;uaReRQl!H<K{RpI7HD2RB0c=USR+LM<bp3nxQ
z&?+*2GSICM_XT;*K1t%dal_Qh_T&s*97vE$d>vxm6lL1!K5^iLY+R_HtdT|BLoU{b
zWK;*HMM1o}b6d!~cG*$FVsDd*B+2Xj%%C*KS7XsrY5IZP5tsh=$6ES+GMN4N+N@t#
z7dWyj6qoT5A#-Q4RJG_lm5$mAS#Y?K+XYfx746s^MQEF;WE8}Aj0RhDq?NWRGjzNA
z73=Wmi{AiFTu7;YD|3Kesm6gmrPrZ7_hFSPN$|FHlA5dpd0<#r#M;19&7P=Q8}?gF
zjFF@#u;-jH{aU$Fq>^`0P0H-j5h}8-z1)2>_<Ml9e_Ox7c?%g1o@>Y@8dtapKO7%W
z!gfE~R=4_99r&{SjO&#^ib8tG#Ajxzuj-!dY}V<mHw!aoKML<$H_WZB^MEC#TA_&y
z?F!1Pnh$4nmdUPA@;7ZeHbsBHJ*5PDfe-6FOg|&jo2Yu^F=en>?<S{D&n{8azB*f8
zzrE!5&n(f-=3_FfP-!pJFN$Y(4e)f?I$>#X{KP6ocsqK!HCC-m<+<`X!Q#;Av1QNk
znltPc!SnnIUjiB>)g*<sJ((Rj=k?M4iKIA=(|VCxETg8v4`Rb6`;dl<Ek+oZ$#O*C
zU@G6pIHTrSOb%cF;N_8-FSG|V{#g^{uh>kO;*d;=93kL#V*vu_D0Bno7NZt?vY#qe
zypz}}fqSVp-7Ll`Zjs9(tBA2ByxY7X%R@%|_SWy#pTM7Cei1({ds!lE<XF9^K(nqi
zE*bRe`~W2U7zrcyN&Jgv?uBGEw&O9PT734AxrEp+6|hDy#~${d?v%BNMi7o=Kie9`
zrltYVD@MeXXG(t7_{~_gSaK)2FZ42PHo*+Hd(zN1B!dgtbALLoKzCzs8P*&nlqEKc
zp{>OLKmJ8AmSJa$>C4BLBm}p5W@|Ps!ylJCzOVqfVJcK=A?_%@KL0wPOOLSv3d-ea
zbUpa`tp7{W68xz9qNB@I<sH^|iGD1Wb`po>G0wHeHC+5iV+*sV7_Q3&mYi#J{`#mm
z@IlD%{N2sg4j8b<Y05N4BI936UW$XBmn@WjYPmhdzIK`y$m5WUf6O^mCUg@AyS^|?
zy4nH1o;pNbH>Vr=1Xv;{>6k^caSPoza_m(PgSy9%7lyH0GARNO6C+s`xv#4f>E8Dt
zh>*CQr-0f8ecvl;&3pUP|2!F!!FI?j7|l~&&7ygC`z2ROuj<^z>`V)C-deX4pnkL0
zub2({alOHOg<#-$DxPj|3e`Q>Y#u>t)8li!<p~U4!#<#JK}SQwU15t;&l3Ucm9RAV
zLEYeuQhl6n&b(*4=XA+CANXTA%{saKI5A*r6^{#CP$oWpVpw`T!lY3V<SM5ej|b}1
zkuTAy&Pex7d})}sO&HH2moroE66UmmLsSM*Ot#~1#hCX>;C3q=?n;lsvZM@^`bETo
zmJ4oy`>}SFbVj9~brr)iZB5TF23*C|#DAOPpJ7Tb8Eq(<z0A&1AbR;dta#Ts51{DF
zARCnC%-N<Q3?NQ5pf7r*R!&~jqMk!BgpqaG{v@fZ)@jMe$fhd(lYw!F=s{P*(;haP
zy+_(m!QFw$0;NoU%JhAGvRpiQqS12_e!zSkG!m+Ao$navxJ=?(JkL+1GfNEe^*?8G
za_x{mev1S$v5lKAp8C?qR{ieGN<(vwCW}PCU0Q%j4ocbDLxgVu&;8OTT2sMl%o{|I
z<n5sf-P`(n)*Jmp)M@c>*w{IU=Dj=-ch0eCA2P0ddmWIVA^stHM9pZt1J|Yz9p#k0
zDf6MZgzE@Zq&9rg_)OY+4A%ba!f+Oj0AL^o!^o^hO+VftkriEsy-B*wsr8xG9<Kpx
z#?)F3QgOZ|FsR4m8cNW|)0}I3a1gS*)ne%Ksr(;gJE@RM9HA^oJttTq>Wi@`Izkv9
zv*mXiUTTv9#P%P?!8O$(-0z~h(9(v=sX7E<QWB|{!^I=IHA4$`2Yc6V$9?%vM)M)%
zFm23<99w?ZP+qNiC5pLC*7U8JqP#vxyP)GPpzs{%FB}e-@@-O#>dJTQ2#w<|6DuTk
z;d{dk$`+R9eOlGPy~#6!9pG3=$klmcHvdbf(mN2jNcSdET>FWIZ#<JzJAH;xIcJ$*
zgP{9n^cQ0n?Xy<yI{DhZSh;c!)fDcJG=YZ;plT#w^ej4B8MqaP>#niv<d*&x)a8)+
z;b58YYj<?fBBMN5{^>fP`V)yzNa?4R&M<Hw;3scrxV9)|{=m+kWQ`<9?TRX1OC)AG
zY5c*_(%rKnD9uZn5dpK9PM<Rbeq3vLW9^bM9QOT;qXh-WH#8YSbUoY6;pQ%Zt3+^B
z*#eoUh_Dcl+}Ah7*Yov8kCTQJ%&WP&r?pL+DP#vJ)DHmAr3Buet3ndI=zm}}R~cyP
zlUa+p!Pz)%H1ytYC=4x(En6tNP@N&nEUUHnFv0zl?9|`B^l=`aB6~o1RJVmI)R<fF
z*x>+Tfzfny&YG!0{Njc5k3|1X)S~NmZ8;npAc#l~y-?biVQt&yw&jfur?n&?X3hal
zP%Yoss1|k9s1WtIUaeB5e70s|-q{&?Z4ddmHJ(3gyg51TBz`K>gc+B%5uCR-+U7R7
zFBr7)G*HBp)Cp@HlVqk&URmFg5gMKQ!SeAVafk(#b}qLy+3}GZ+^bROOU=UQRly`k
z=T*dhMeW=9^R4lKuSbZXq-fp^t+I!Ji-wl}u2N>HMoH*sCq5C|lwPCj9%0Af*JKi_
zPHR<P14f28#;!D2)yNW+lx16xJf$U*Mh#+#cAa0X?E<rnUxk^G{%Ces0&~b>Qzkln
ztpRbPQFM#qwF84--wtLq_z=Q4`H*3bh>LIAoSP-v-E5@`|77$PB%80m{<qOXK#W}d
z*)cloSDE=ch(#XiC66C_f)j8|Z@3}VR-Fm$D`@oz6;*1j<=aS9q2*`|gbJTs!>R-K
zb_qgOSL3UO@V(i$lUxq7FQDJd%apv51>KlMQi)8?48%Q!A;&>{IqlJd?=c^WoV~yq
zB<(55e+GGGZX&}XF#V>iYDQa!j=+TfGCRDgA6a(jUUG)rv2KE5^|ta!e=)q;#rXiz
z6yUS=3qQ@R(7*RGzYcf0q*Yz0z}9dzhUWgTVFr~PR>Ap3e0I{z(;<I^;z0wAsZ~;A
zlr&rk90%#Lcxu^+=VV;nb(cD|#bTkmXe}CRH#g1NH%hfY0Fu5FkawaAzMc62S@}B9
z#9JT5DU<Z;_;Zm8^~3C`EL)@m`!Av#R$7K1IKi{xdP`bp$vgxjx%lWMdRSiso*Z@J
z60`a9BHpo@7TV_o-XOZ{EQ=zcldVQ%Ia4lV36Omk*j8?Ewv@29DXuAdnD3&CIaYwr
ztRpTz)$+|CRR=f|*`p$n^*#4#2G%}PVg#AuBv~_zyKiBpq3HCtN0#TgG;Y8yle<!@
z%|xxBh&Vj~+l9cA_tx_w2P=9Kh>~B1qoDb|Ayl*2b;o|<?7%<J8TJ!F$iIMo+|-;E
zxA$`{GYOy4O{xC0wi=dpvs=&UL$CMk=s0AM4dd6$KPZ-h$3~b5e9WOg$V~O>?T5A1
zMEwJl6^F>CT}P=Z4B%o`SM$2y<MMCvD=n$gUgvwcd^J|8QKkAHn!i;k1rRCra(9b9
z$*c8Ym45)Jyd+t>>cM)ge&wkKRc0kidcp!SmZSXFYzm`Y$EmcybELWM#8PIq*GP1C
zFm(1K_G(KW{vNRWQCU?cgGk@GQ+1}=RZR!X3Xit%JM?CXqJ`|!PiQ>ED?=xFm1V)H
zUTt~0zcF~D$zvW+7TU8Ao;PVg$`GmIj|u_eO^KMY))#9rIHW^!lV0M;iW((CF3{Os
zB!`vhQi2>of(Km&e&r9zQRWNt?!ZBp3t1kjgoD<oO<prb(MxFj!cOOItVP+@JvO(O
z?|hTiqFTWj!t=sGCH$Mq9bwA{Y3@p(-&$r$6nJ(VQ8bK6j|O$K-q&5ZzvMwV{_y>M
zqKA~E!EsbG*8+APvBJB`;1ADprgUPg#x8k2G!Vn`jK3Zh4S{e~@;<)9tWFqOsrD=z
zIPq;xu-Y5(h%DZicG_rX%At(utuSW!wKa-Pq(o5aHrFxoZt92V8zccg_34qw(~n>z
zNVB);7uv0}>sGB#l*^YD(@yJrBs<PFGYV!0O@vD;GFOBB0`(QWAS&5kMgdQeqz{*G
ziRvB?#tHL;jiZy8&Ky$Ou;|1_HEO^3rbR7c_#^atp|>r}^Ro9s^0Maw)|6CpV0YRI
znnY4u2lgkXen6PgnIMOUMht@rIlCiUCWr(_+(+Mju%bj$kC&}gr80U`dv~E<BUbQn
zbG(eEC8jN1ZeTJwd9HLGy~}ZV<u_Jt(2Vo!H3x-f#nlsws)#Ghgjc4W4yrMgCr26?
z*1K9y)7qBY<#vq4uI;*e(aH9H@t)_Pac-Q>qO-1!Yf*{I{ymD_`aE7T`Pk)kfpZZs
zRgpYKiS=;%cUU5OzZjK3#n0lh86ryC{er-MW9g3XO9nsEkG@sL?l)Ijwvl^I+%U`Z
zvy1(O;Z%iu3TveL8lLI{S$SP9Ytc`#@hD#{R}YO|k;p7#6f)t&a1!AfgQt{4B7}&T
z3N6p(XKDd%F!OrxBa&6j+iG$Gp&_g7u&Wn1-tXH)Fml#;Xs>>KqWU?*-K$&eTwq$k
zqllBHwS){Py$_Jh-zLbq!alUS9&$6b&zv4QKSgX2^4jd=g(?kv;A`e5SX!~Y+Fz>&
z&GbO<i|*P=vC;eEtFDVoqKCn*78Bssr#B~mP*t@OhC%$GQ)_yD0sp(A@!N9MAWUCY
z)dy|rO<HWdor595hdF49?a{?Q5cL#a7ch-70At_!K>EQ2>|*13aqo6)*}?^5Amw0s
z{yh64IPW7W+4IA=;#{gGjs81p(jV*i2IF;h3nEfet}kGu-}6a99x6n0=Yn$P*Qc8b
zQLYw>-yC^fOfIbVXL4Fkgb0*>8?ExvG`b+YO<n<`Opx)I7WcQ{Evl1Ap_fW);6lO`
zIgw4hOx%lsQ+U@c8~W$Z^QthO79RmY^>g%I15-s9ZFbhw<Jz`9cqfxCPucA0%&Fm%
z0CaP!auo1%PDr<T7#bomCO3GRVPX>4?pi-%GvE=&A)tnTiAa|ffHbA1n_XG&P#mmv
zR(NY@{x;1OV*=~u4fC?^Jn>>!P2?-^+rY4tXO(Kn62yDWa>lNKy=7`QoT2zba!US@
zsPxMiL{|@+xt!_PC0$ZR24vaTs0E9ckt5G-b@@Shf6-nl@09n&^I_5kw?Iz_+m%q6
zGLBlK@<`jANw_}SWBPec#zVJTEaiPUC}mmlw-*4LPq);k@1O8tV(KTc%7(ul`htUn
z$OJX=H$HC|ryVYN9Iw(FDbfwSuKh`Nhu3u$`y|*d<I+SOTy#oVDgs~Ww;r|=YCG-e
zx>2G`2*A*nZZhSS1_wo@9)AkP^q3KvatjbK=t)bxsPN(Hw0qkr>>!??oCvk&!6oE+
zN8Nn895xmd#n%R5Wg9ggz#87I9<uSJz-GTq;<BMj0rl`@GF?WknBU`N>J|53hXk(g
zndr<b%T}M~i+$X(;XXA&FKQMBZ>zV-n9`0(lTbDv)89#59^*1@PF1Yz3f^Iw*XwyX
zILE|mREC0HnAjY@7YVv!TNk)~OcawBQ{z@`IeXx+{D3a)#sEuT5dO1&r|K@<1ca&H
zo-$YK(&)`pt)_A4;0u8EyxXgv67EmP_HfczSV&BhZx=3+D-5+r2xC;AbBW2~xbeJe
zcPd&Ru+K!ey+CPsm@&+;oLVR0i`?a)!ZYxI2%=qShDr3XM*AiU9enFw9we81#kk}y
z#Lod)5_S0bXz(rKdifc1N3yu1PZc3(eo(RKb{J6`f7a{zg1{2zf6!&IHBvZ<(v*?6
zMSzr*da;8iu35*>T!vw{xSC<6{6{a~SvS|@kjkv*>@G6SHMHH#wIARa6*VjOY7W#^
z>!qP0XiJo9<-&I!8ji7gp`|iX>_7#a7WcrvH;0=2)|9xah<huOfdJrj!`_|jIr9Y+
z;NCjbwAK?T(AwbVu-D~IuUQe_c2}<+9M_m$tpM!++lMz+2<5o?UO(OmW>O3%;X!zY
zikekr1Kw?sG+90*_I`!^#f~S$Ii272@V#n<>?_-@^*H`%0?>TFBL7w6q>SKir1&kF
zA5y$X?SeS&DE1TkTMZ`-e!XvI5j-0WW;KP*apQP5r#mb!%oLAR9R9~TeuKZ?13n0&
z;_e_792b_hNG*<S(HS{S)omEtG?K^`O@cF6q#z|<j2Fa89M%3(2K@F|?z2CMdvYbT
z^IV<ew|9SI%=O&JJm?`!+@?h;|5smr518#2{(#e88Pz0y`^Wo@oWEW!8vFsLLs}Sg
z|8L+l5df#X7n}nNKmG<Zf1BuMfde1#cf3Mif^__k(=mOL;T;R%HLnEqJD<hHMGMP>
z$izF`VTzR9o{A9AvpSV$^9XgFZhK5Rm6pukWT!y|4qUFF4f!`-VejWJUCNZNzlX<h
ziFt;$I>cgOW9b{r$Q;BhKJ;d_hCiN4@dC!d2{%JEE^=}-)5SBMeW=TuHw}AXuMR9p
z-H2Mfpi^FY^{HnAHa_LCFjDT}N_WMXycU*M6zZ5bkA%d8*}8j_-c{JX&H?2vfi7n@
zm~-;=Z#t6uc}4U0*_-LCx(uMONlHwO0^_F)^Z9rPfhH^NHx_3X?3>U)*|E()S~{me
z;-J(jv+Xjqucl(XNwk`wJi(JTS^6glxyTpP-xaRrq%iV`5=wuqwus49p`-SQvaqDe
z?D$@%;zeE$a+HD$2tOObr{~pnj-*m0A}xo5OU2XOgmjzTBu_^Nnwb|A2aYXkFOdgy
z3ty!2dxzU~>YZ86yHT<8pK%kmR{CaQ1{Mr2(iT{h^v1okeIVg0^l1Vnpxd%u(*Zdd
zQn*XSJsOQrzqwP}6-(cHpSWUMa?tXKGRs$f`+A%;>1x>?+UlKJR(Zxi2JXC=>l`Wy
zn$HW_TLjm%XqRAUY&H9JD%>^qkXfqEv>+|rEZZ$^Fu@p_MZcpz3Kdb1M2T(CiE>@0
z*Zd^4x$&?p<YrNiH{a@_wwl}A^#}Rn{$vCp#=aCvMTPUpF=ww~Cbh&^kpgxj8rEd=
zVH2f(&?32m{JR1rQJa+d1vW6-XWQ}UO8jmqhe>cK>y^`rO8Dfn*V{(wzQPR;VC0Ha
zVVq6#W|qS5^aN-+X<u|6Z9L6B<{r9Djx3&gqfTZm+d(u&{bmJ<S9Ad@W<PG3TmzIg
zE!`l)M65CMk*?FpM#GT_5Z)zaUt>~m>NQb>q4x0gV=vW;2K5favFW?ut=049<InXv
zxo#o5O983ZUSD#%hD)Fa4nYil!r%9=_ZjO)p70b`ua0Y8dB#R@uiV(JY{>H;Ojf%d
z*6A!1PaqYY&c8LzgUzo-RTtPU1RVM}a37xFK|UK$yhQ@`jdn8B@^w5=S#<ps_GUMZ
zx!%(Va(cRD%@jM{ij`%)ddUAqunQs_XswZz<x)7})=w?FeY};dR_Gyk-Czr9a9mG$
zhBrB7&AnOGps)AS`{-?*w>DnRdR?NQqMWn(Ui*!%X6dlh_)K3ueW_>-v+B!+jzSk0
zdG;|N!4SKQ62f{`sk@|cFqcInlvOr*2okh0p%lFJR&ROLwi${>Vl(okfD_S75<bh?
z>wmgk7GVPjpfVjkQLsk8)0WVZ?M~K05c1>J{*!0(+g>~4L^GFU^7^IT0*5JUFwYZ2
z7$!1%!MvTXoU1ckgVa4&jVFX4D+hbGbylsZS4huPW<b)`lCIE=fy;{6R_(jpCidh7
z*CS2_q{6h29->xHho%8CkLxO!r;95FJLAH_NnbPb{!k0ug3X<<$9y>W;<^E(TLK33
zQ|g{^<`Y7Oi{?mV7p{F9W3@xE2T#G<v^$orXKpYv(;_!izeYb`dm2rtbhMR!fcUtj
zZ$_XPk06EpLuBcKq&WsD<^h-7jTmcp$F@eE;3r1?<-Bu>YIjU4Ztr|)*hZtF(&<Af
z?Sg?JLH(~b+FQdz3ucH_i0oP+)iys_s@J=;DRua2gLiqC#NuD);SM#fGi64w!=26i
zFtTggf|Pn*x_sE9re4zZO;>yhf=>`g9lVq+-94SE|5R-|_(%tIhmk<1WPHH3^f(jR
zVmYz!b*+*5v`y@7{9CKD^%FIJ^-U4ByrGd+vWN|#1%|XnUtT%nl31)5=c9Yc*&B{x
z8rMioZ~lmLW`nixz=1fMrA&^sqXd<yOg<`_1(Si;SU%rVK0%dl&-A0diFQqZ^Im0s
zv%oC+k#55N;M6c+<60#UeSi)-`GKCGmtTB%;w}e9d10%%r&{(^(U6Ko$j@p>k51um
z9lPn;arOmiR)J#kn>8p$u9e`7>Y)G92Ypz+Ad=;g=E7)2#Ei#i0d<Y<210L~V6uh$
zN~WUYEc!Ams!j;ssaN5O(ys@Dt1iibq^(yR8Ii!{W~0sFRqmW|2u3BR)xuAfm&#QM
zNLmvMHn0cq=yIiA)uwWbAMXiP+Fi~t*aHzm#&5+;s?OE-CI-tc^ITzJlE+c%Hzn(2
z$86hV;jLQS1H{^;O|DnFOcfqS7axZy>A*c%0xu17at#$}zI@ZF85+FgC^A%0i7}j1
z<mk2WsS7A;e{&G}ZGNc@p6&m+ZzQ5mb91?3lzF&mV8P1gb>G6^^|Fd~022Fc|GMUu
z*;&2<yo>I*Po{XST4FU4EyZBLyFJ;t&Z2X1sdj=az$)Zz)$zcH<w9Z!8PH8@gshY&
zTI+P+yT$NpUVhQN({yD|{sr1!IBeG~hvT>Gh3Tl8$g{S<TxreSK6Hq57sAw-&%@6C
zElg<nn2WtgJ0OcAW{tg=6s7lPc$j`~cT6*%qKn&A851L&E?%#0!<S1koS1RD+S--C
z)gf7gBK3^Bz6lf*6DqU(#aEA<lR=9LHgggi7^Jz6aAlPvMVFYbCN{?td&`q9LrNMg
zr!UhbND+$STtc!h>;uM!op5_uZ0hC~g4x8db+V8l;_ce;2Wb<NL$(Vf3{baJ_4%P)
ze$j8J_-~o~KH<c$sNsCBGr?rz3O{5oQapuGWu<an&kvKn=L2z|y$##h&yis%iw6ry
zMX}CrpaYa?RhwZhD{V7xakXOFZ0fC1Hi_36qAi>~CYP0<;I3N}dF_4iHuy8C$AegZ
z^*(m&YYv(UR2X{g0ESVBg=ai9K3FT3L}4y#Jl1@et9EVZNczQD;w2k<|J5|tYsv70
z*qL*3BD2D%kLKZRz#s@Hm)F8RB7!V7uvJ^0f5pgi-OsC0g=B|ozgBhs7E^n|ZDsff
zvYJ&2C_9osUG7e39`8Se$qr%+vE^k+-2KU`?>k!Gex+3_(D{TU?*fj@C5%j|=;AiY
zsck3&KhqDkP>G61tKaN~D^^`=1NeB&x2DmTGIjde4$1JMvSx^B;e|L*$Jtd#kt5@q
zPv50kE_fxkj$fO^x2B#+=xSzr-S@7^z--!%Yl8w+M)QfQzJ#x$<BY#t&Xpfkviqil
zxY+ggPKKmWc3a(*tAetRN+!B+?DLSzb>PJla2$dLgsCl19rd6T(6`L4ZmeLuj5&Zr
z<l@Cc8j*>u2hx|Gz9$cV%)9T6@kcu4tnN&V^ILTs)!Bs*lY1O~SX7dg)f`I6a|(_O
z%V@uJ|KYy)(DgfvT$*u+Oi<)3ZC?fr@hp?||6uK{!=mcfK3+v6q@<exq+42QL>iHj
zMnDBY8l-E6Mx?tz3F+<_Qb1a|q`Mmim^g!bKhJ*NectPwbDeYk9OhbUSnJpK{kgy2
z#6#NohF5%+FMAM*9kVh8V>xb!Ujt(6riC<Eno20g*fiRT@M1{zE7s(v{zI+?iK@EW
zzx*j7{O4DnpOP4Vi~sETeqMFpwASP1Mk<+kmN{*TP;>g^Ad|=?MtEyuUL<d039-sG
zh6S`h&qzxy5ODrD$)eL+&M0*{0(d4(DlSa^RAi*#N#3*)hyPbHoxlt+zmwaTjFL(W
zfs6N+;FVO;?%RDEq;Z)oafkaWpHtGy=b1k=uN8NPaILykx!E<>Y+jWkboDl-?L0{u
zZbI~H*7y2eXyUpE&lHb%Ui*9-3%`zz(LS~}ZseeF<zuMmFcAiE2uza}XjM1W>}4_Y
z2>(Qd#Rc`Y@`vLV0>@GIGq1kl32c6$7+`_PT8`&EQ9GNq2IQX0UnsnrS?5awYI<dx
zt%;!vX)S+aE<QIukdZ?40Bg@o>PAc8nS;Rf{AplS`h@Y&+*a6$X=0mx#z9$@?1HSY
z=h>}<cz1Pk>(1oEu|h^6&NGZr<J7Su=1RnQ%6aJ9WWuF!#5ku+a9$n4d@pQpeptKQ
z8|G7!YO>|N_Ek0~bv5^4G9bZrT#p13Gb=L^0P##s0I$p_L6~^nneT<<UyP@Lkrx-E
z4{b6qt1k#fOQ*mYTp7}tmstYuP9r9-LNj1KLdf5H-%%jl722OI3&?$e?8}^wFRhgj
znN=?T7iT@v=n_!4!%U$++E_k0D#NG#l5X;A@yiL>Ar0l|VUXU?3f~}eY!qD?p8)<Q
zg>&#cb}SLe$=lOv`%#W>AQ&_%XPZO-2enWBHdI1}7g|h8yHN3J|N9n?&gWg+ZTVR}
zj^?$aZmqAHl;*i*gcLnqO0%aMgx!Go1{v75&MrqCJdBRYR3`i5`5)nY6zg9y4EUZ1
z1@*gqRMj0Z$_*$M?%&5Nzvhf5BU&*nImEm8@OUDaIUqd4=kb0VCT~mE;FA)z`96i!
z;JyL`CEBcAavule^ADhS%1XjTv{Q~l?H4Y6P|ri&A4yb?_)8Zj?cf(<{d~#NzLz|$
zriZ>yhE~}VAMt_c?dMqe8$y7n=B<TAw27Q8JrZs{Q`^iDL993bY1|#?L~)irLdT`9
z8ALU71Wm&S-q+bn(~#`cr%H_!icqy#TuHx*{w$r1ds>4G??2InNAx=ph;RT-N;ao;
zgc<zJ@l>20I3A{dGByV={p#n?X)a>xKfGBp<`v)A%Nq?wEjLy^6O0L`i{sZ>{FumK
zXg0`viFGC&(?b9R5A*FeVpujr9ob4kSi?4TRG}$N5k677`0j(0Yd3P3#K|d=hA(3^
zH>|gKe$o%@*$yv7ij{tlFAR4$=#;Zi)+bQBcks*A{A2maY}bc*!R+@J)>xZ$%Jss6
z-{tHF&SJkc;TO#`=Dm${G^tWDdiUDHVFP1JfxPoTlL}|2cGAoC*{3xb&RVs%eIjhW
z%+awD9U~B!%pg`54+W9)Opp0{mzxi3V15@2mVpG_aDZg&MM(eIrpZ>LY$(LFH#AWL
ze(+tP$KjXL<+4T+|5ulLx3UxVC)<6_sUjv{DlIOkAmUYBBzt&FYW;5PdS@sdn@lG@
zwbN<qtnbNQuGUkn&3=E{MQ|3Vb4GBTTL-pdUHtBAHZt&&)zpFIO}g2Xls>TdI%qI_
z*CMfP(&Nl^TCMon7Sn{4J~gdo|5)|${G_t7N`q6s-w)Q>>j4S4HaMkia<af%{LK0a
zmN#*pcfaLiHvFq4hEtIXaEJ^%&m`sA6J<<$5MQ38N^M>Ta@V|@x4HL>f2Y-s7{Vkv
zw(M$+Zhcn5Zc==*pp4*UGz{ui^yi{<lU57Fgp*M(mg(pnwu+H-Bp@KU$J<E^F`P6F
z*Hy+HMy+J%8i43|fx`RuG8?$)X<Q~6t(t@rJ8RRju5E3XPcs(1e(CCaWf9aPkLQL~
zfl|qy6<>HIl()Dwv=kSH9*GWFyzF`)8ad?ugF=C<ostSm6HjfMMZ5rQ<E@2yMYjuU
z@zvqUi8u32I#zH*c`j^&W_Ri7{<C>vehz?frHErQwbYU>UmS(nybYa;^QU>cmByyW
zFD--e`BXV=tu^X#ShHnG1)k<S;zlR0no)fIMs19>s<cUb<6W;2lwS5$M=g`xSa&yF
z^A#`#VjoboImBId+8cNJf$EBLkmRj}ZjBD<-1U)WueF_c>yBifNx4rISI*7AzvAm<
z%SYX?`p)jSYl|tM`No@#h{1|6!uMSmRs%s+qJzZgmMU{waVMs+z?#ItpYs>v#NHRX
zeixWhm@mSXuG6qe$&?m1dC#6U%?&M?oQ)5|n)=gvLuO{FBOL;&d4H+8I%A)j!9Jtg
z0bTpuUdFDD+Q5%<LFQ*8CeZwk;i|s+xBIIWclh&YVX9idc`L8C2C({wxcQoTh4sGg
z6LIMBefR{@<=q_X5(@WP2E9PV7ce0ACpBgm-6$^-1$symVbWvRg?i+dXm}yU6+8Fi
zssm^lXPNm3kDZH{MUCc8Z-I<hM;%Z<ewL$}(2(ZixN@_nD<5UWFmcudtU0Tw_;UT#
zDfgi()-6w?6?=tk^1tru2Z<~O8dkoD7%cL1P)5JipJ4#JX^p(();}<dR<l`Tk2Or-
zWnRQ=0Hn4|WX-j}8N~y><R-^y*sSeBA4|*Y99`^sGT*c~{K7~$l3D^QZ{gFJQm>dZ
z?q)vZJddRaPDyC<IYhJKtB4YfqFTe=m}5xK_eqB2thyK9N8YBc+IKgK_B{hb8;&!-
z;H86Jw=pUTEW1?M?8(=p?eV7Q<W#l10;gt7uWT2tmKeJSi13}tl6>-fFr65R2S}#W
z@+irO9yD3=ct~)(m>9(`ToK|tBU0~$WaiLJJ7BIq%;PVm{?#g19CYREp7e@astQm3
zA|%Cc;e_+-Q=0)QkGymVB)_2ryT4I8fVtTh-&XT(WqB>0Qtpv$x^1Z$Ta>H@%1B+~
z>sDV%2mGABTW{;=Jg;1*)F96MgNEK3h{{*uGXyV~9Uq|~SY#*4d8*0xC~|+d>H#xS
ztnBtthZ2xg)fsf^@TM+9L;@8X-@G8WoFk7D;ei+}?I+q#@l{_uxU5`^w2!w9Ms4p{
zkge3U9e4SI!=9UuTK3H=ItOu33Lg__HZr_bZ9mea8sXO4(bEd?BDyGf++dBxhVhKj
z%KKaz&ckpR*+0|DT)f>G6Bl3Y0NU~>1LNPuHi0h6pvNH@ge{|plm3ulpnugCea5|o
zse-R7`oX$K8={LC@4h}5m=>orvm6O^IFQUdh~;9HyZ$XDNh+$ZTDW;pcp2xmpVKk8
z3apr|ca9Kce2Aa5+($(MIpQltfH0IUoCrUj2CT(KFCp@*Jpxwl&GVR$T^3rzMO9UC
z0ArX(=((mGerQEF+VB;K$W=NU4A2`wM2c2_yUCyQE*W-~;n%sSGv8XQPw$W3L@UOA
z^vfEYF7dXhp;@Yuara+5EjE2E`@Onp^=D!GV9KnM3uRMBW)^RTDEGdPJ!{qn$*l;r
z!b!uC>RnIUN4zF4%rL`ERmCDrEALLEX338My{6m45-~14DFb2hK58zRhaJO9o)vKw
zvSR(X*n+t0&=+rh^WL0#6%9D%Vm~;37+{(2t)IDgA!=VU=m96T8eViAsJCZ9taX8W
zs;VW$uc>R*5-oJV&1)i0c_L%=aJn-}#?nw}yyd7f1xO0A3L<|{p9)sAp9EInLiSW$
zado46O+$NXgM@K%>!R5PPAn&-?0ciMQNfC-VExi8owIrT*16N)N8~3lwhO(jyy-qG
zv<SopT>SSi8t@V7U`c)<l9qLN;0PAxTsnk_ReXZX+#76f@YSD+%{a-4D2LP=whBkw
zLS}FL8eDfRgph-Gai#Sox15VV{RuVy=zztc4W?yR>2sG#-r;}ELE_hGE0|oz#<7>i
z!GGo+Y5G?&RVX_f-UN^6-I&lQlSk`orteiV$P}0*6<x0C$|@N8V#Qg(Gz*V~nHD$Q
zfZuy(2Pp+Gi6zAQjSNjD1)_z}Gt)%m6jyr$j}A^TyQ*+)8mrbZ>U0WpEu@GWod<3N
zE9ad^GQ8I*PJPLDY&_16L#VDsufyn~H0;N^VDt)p4pK5=28uge^SQ(wX{U0o;l#t?
zsw2H`jHH~V8atT7PQ}0}qmZW5nvo^wQpEMq$aM%$fP#+A?z^)e8K`Va+KDME_)6^h
zW|rF9vCdvm&$!9uAXPL|wcKuTy*w$)E4l5=jaTh<|L8i8`{mIh`9_zlLTS|1@ll*{
z?+xEz+C|^+RjA1IZAA(PXOOQ6p*n7r$%=LgC;A)0k9-BZ33fVaADNeFc1V{RJ=0tx
zGENJph>e0Qv_8_ToA&8y=sb}c*|JylcK)gm*{Zo&^5P#cb7(o^^1)Rfm{er)FogJi
z-g~&iWwF(y&zF1qrVQ`}J|CW}wHsiRHMaH+Zi+uN{IJX>fQHj%mE8NL^nIkHye9KM
zqVCV{?iD(yU_^>W@Bjs<!}!j#tpfh{__}+<b7kJA#ukPA|GdFJgZ1qJA*iSqphfDn
zkj{T1`~M->AKeF{vH)g4-=eDjCCz|(Mn6mf)W#p^?(^NM<ewz@e{KPKj#}CZ(S`W<
zqN_d($ln)D5++@@z0o2mjAcXj{_?yBmy(S;%fm+A&l}${kxQS=Xs(7mdsZonar6P%
z+bINQ342k~KavJ)=m=u02AZ?Ls0DdEDs@Pc3maHZ>WdidtFT0#JeR%c@u9SOZ?vDj
zthXAOzZ+$Zm6VifTyF6VAg;7Vt=_Y&*Gr`;#^8+)R-+}@k|OKOb1ff=*`|nL=VSAw
zUT@Xu6T;b4L!#*NICaZrUR`E|=A#(t;{UI#de_f`xti=7mtD=eXqy_Z5#yVkB$I8F
zgW&n^b_;hIUS9;lP3mB_S$944iI=PA=}Bvi^$6XK1p;lXY-H~JwC!)jn6Si;0h+(J
z`r<+`&b@w9f;RW{4It*U2lMq&v35(Y!E2j&9lYv~?fHihYibroon4(fp;D4^5-`X!
z*Huy5nTC|eEYTH}`Eq-}qk*L9Yc6|G@+on5clW3OJS!Vz7WXTg`DJ(U<DR#_#?{7q
zhSDsh*BLv%tNgE|x{FpS`fF4t{CCTsDBboT>ETWQ<jJB>h@HTi=ON64L%&5-$o6;i
zU1C=ak4E<7<ixmZvPH?XKMR=tKAB-S^_f7e{d{mc8-W)%_bjJp@5SK@3`;bcSW^$V
zn9Suna-CJ1M>`um0sv?BIqtJKpKbw5DBWazE=Dy<+P}bcQDXukys1EhnuKbt_0(hB
z^KUYkmc3;QJPB3GM?|w-nBo^#d@rMN3~QIxaBW$(|Bc0ci9oT~)x}z6Dwait&1ClL
zczI<R;-POIk$MMa0&c1rMq&goU3Mn?KCS=cp)hNdT553Y%KP!M#n|xa&&E%ich-ub
zZ2%Gb#axw+4s;rP8Zi}k7A+Hno|!?e1A~RpDlt(y?x#$NMp;kWj!+orya8L#`tpde
zLH@#uq$7<th5rN5h&x~){G?=Q>v0c>FlIa3OAJZ_DXeB6aV5T=M`ug*H!b(m<C7Kt
z3tlIo_0ch`Y0~}Ah+PJL@x=+CapO!R<290Bg7c+Bp7cI&T|&)?cyh8Nc|?O;N55+a
zSow@BEam^3Xn%i4v@`rowC67`t2o1(_CnIbiQ92)zJFD5KDcqAT>n(-iF%!zT??Hf
zsxCA|<(8V<q<$nkk-)0B*f-3;xvHUK1qnrKBB+dD4010<+cWp+E_gj6b;VS))-2z<
zy2WQysv1_hi1K2KJVs7&`yAkl9|&|#7ws48mTLxl=f=$m3JMwD5g2V6`@mGC93^Ug
zaP|lK)2l_Tfakg3Xp1Pjs7ISeg?=NWF<lDVDA*^@O1t<ovYkXL?-MhJc2#cNQ<uQS
z>+YN1HLse*@6#>5Lb?e1NP^H3*o{)9C=iivKUz-}s1E3skUT?aNe-l#{{M}%qY}n<
zNW1o;$}ux4GmJ>jYPAXLfBE;MixfhCLt)1E%^q@_NgR-jVt3`roO&<gMFgYbq<M5o
z*dQ0+@-OZH?^AYKGi+%qwoOf3ALJTI2R%7gv<aV#dN(z!(@Cr4qlQ7NmC(iRRKlmN
zzE`(bfUkZ5A)06}aWNz&qvq<Ylo+^ZMcoc1UL}hvDFW3o`NqrJZXOkXnf@2m&hTGU
z`}fMQtnj0qTIWK|^P2(Q&<LDdpMO*BjA>U=H=pqxfoAUtVFNND>H$r)a?qXak2kR5
zr!^jDWG6NkasSV_c6K~_D<)=^%Jm`^<|^0r+`iY_TRTW%Im0{!rfP)!Yzw8!(OAl(
z3Nkb%c@(vnU*2{dS!c5#?|NMMx|LEMl_o<~Nbd}&0lxvahMbhU%$}(`!FQ|GcFMuX
zyp%QsO8{Q^Tf5*>8g`>9^t=xklum2ayb9y0)bIe6h+|sG6>2K}kI_3&G*AxkHW01h
z%`aF`jG)&rV3iKo&dOyk)j_i2v6~y(@M~gcJP>`1Lvl5>wp^gN_of;NF#?p#*;|09
zE(oT8Zhbt*v08!CD&fop#HQT$hTcxT>!8;yWXuWOBlhtewYG<>5p51&4!*J}kmoT{
zl}xc58KGv0r4lerYfr^Qp3eCFXhgUEp_pJ#xkXm2CnNry?PVCis|KgmYSdr5JHKzb
zuqk*0hj>TWZejJeXm=|7tY)X~>~<OA=HawO<paBBi($!jM~9q@so!kg0<fHZTft`Z
z!J6~PI_htX9DgP0pEJDu;#(L(tH^uohbHC;YY@o!zXjQ=4cy+N4Vlh2pcEPE^am8n
zD`mf3nJxsaQ`9;8Q40L35HZPr5%lPbcaxh>yn&#t%DmhD*H9o#5#?R_t)H|%)D2qc
zc@+N9(Fq2{p6eZ?oS=yKi3R*oAGavE^f$=vqIgO`C&83S$YL9_v>t&|gCw%Id;UK_
z_QtKKE!|+;@2Fy&3ZJv5VqK_s#!M2gp?tyHRR}4f`w3%U{P#!2JY{+idBv|;D|mRK
zoK<ls9fljg<q5O^9!h!G)_}xWA5mLtrICB+9?*?1rE@`^Ab720ds|h_Vcp^XumA)R
zWB<gfU6lK4%-5iV^j*3d6)>^iF>8OWISQ2WG>-qwo2#p+hW>7@5=mqp)mg(SDx7yc
z%<kgKKvC={$%!Nm`_%}Fb;p1$fqg~CD5Qplg{(yJxz2xPuVI+rE}#T#9v_!t`glK*
znRZzSEuK>W-?2Nj*0xvmsR9l;2UF*7Fsi)k^^&oq5rVqgMXlH;n534k*eM{gTJk9y
zYw<hN7W+-SQsx2O&wK^G)T31&B1Inx;?`-rDLxJe!N;CFYbv=}YVI|S7qKtUjwLy&
z{0F?wYQf*Cv(}q-Z8?doQr#{3$6n11t3fe(q1rQ^+2xLE)!vtVsm%14RZ2=)@ty;K
zoIEN_A&`L2`)gq3lZu{w5?n#s9xevL3G?%D-tiskM0}Yd7~#tj`aYY5>_+G@C|LV|
zD2~XIPC#j`^~Qg$*6zPpcKXqH6vo_B-Spx#0%>j*2pF4DI?8m@ny@s#VSUYP{+3$A
z=K0y|PWTkYGx6dQ5wpH$xw{LVmt?y`V=R>}17wL8L314G)BENjk`FMXc!jxo!f(P+
zeydzX{)nnhlc`4JSMoq7TG2_5R7x{%S^4U5y5^mjC@-Xp*K$OC2zJ71d;9Z8!z8l0
zdXwbTEP2n6*Eo!?PEK+WRkZTDYV*@5bI-X}C)WAE#CIbjmO<+!?}JXy`z&%~Df(xJ
z!^22X4vR9P5Go;0T)3E5<Y%c+5&y9>*l~@IC-iU*((B;;jjv$PRJBtg+w``My@=CR
zj=CzI&-S_RHi0eEza#vIVEbvz>Ps&%;KhwXSl+GAW%Of0=LGFsW~B?SL2@NMFTV2I
z^WBcULlw&XPqa{HaMD)w7HZkcQ84NZr%OGVLuZXbHJ7OxQXl2&om2C!i-izER%{S3
zRWkp4zRsR}cUiBxqHJfh`(=_WpI~wev*HpfTr?qb;{t0=1lpFccQ4@(kDB)4tPZ#O
zWG(D^#}=;T`43vCgpkiHnp(I(O=jkjbN8H*>iUG0XK?Q?q}`}QMp94gLE4Em6FhN0
zP%h0CWR^QFj5ny!p+GZML|+#Lx4xu}YEXR8W5;EZRGC4&KgSYDEhDZUi&k5YLUD;E
z8l`oP<d^`k<dv;}eV6K=)Vt9{GGY(p(a|SO)!iFpAnFnnu=sbOZ{-uu?abKeg_)oK
zg|<H#(l-yx+nR;kUNL-TR(Pfd|HW`$U=K+6?7A0%B*eY#`^GCVLiO;vMneu_gyu}Q
zKV`yN_)^_!p1jcvTf6j4$`=xLm8h%3ZcVuQjYS8Vjs-8L&8H|@@lDOhMHyMbkaH`g
zDl<ICcJzf+>)9%N_9_wRZi0tM*Wg@;C$t#}Z<KOJwOvn}zR3?(QDM%?`%jeY@WpI0
zX}?j6*lrGW`IK0W1)_LA<{Yu|w@ijL2g}|)cq+{Mnvd<@bPzsCHvL8L`uigVg9dx`
zdLAC<<zwkZHf2_t52PE{_ck@6#`2tMn1!e2rteKOm16Bq;E;1?v)C-XDOcq#(ray*
z;i71#_G~?_d?yT&Fak>)fQ##jul{jLnvr>)Bwc1y%;M9&D8>7xMUl6n{&nA*xq&e;
zvI*X_T3fZp8p`s6lBDUpwC{yfx%1WtI38=2-HB%0ewnnR9d1GxRYVV)G_))53FS5I
z<6;mU{}=Brm_UH&87VM`p7C2<JMvcP+3^;n&P!U6UrKR3R-hy2c@wW+In;n+-m`cl
zvx2M_!2I9-ud#O(Yv+qx?;MH8nRAyNg7+uBy`t`*S!;EKV|2QD4yD!xJKaBF%6oP6
zmSR=Vhil1WOiI%GgVfcj6)JW=ibT8tNTg&H?qr3L(~eEOX`y6hXG&3mM7KzPcHoPR
z)B7T^yGBq5u%Bocw{;z46`A?HH0zNmeq^$ej@Qb;0v5<L_VOqYRmSFkO&05t>U+bx
z*^)|@Pk#GA6atUUCU;Tx?#(}@y*^tsn@3-o-J`L7IK~e>){#5_3;aNm4W*4a7{6YI
z%;N{(+Rxlit!@jLeO;f3(gZ5sw4k?t+?7b{9D|f!J4$8z$0+j-dHx845~a)4AL;u3
zec7*e@{lU@XB#0(f8p<B_Gc$54n*tNe)k2=BEwtG5!+d!F3Kbiv|lJz)-o|OL!kkG
z*mtEzEe$VrNi?|pFHb$vb&hI1zHct#g9`g})8va#8p(}024Y@^>F$AAvYO9a_aBN4
zrQXx23CruQ2zY4RPOO)}eV`bHf|EozyW-A0;U*=Dg#Mn0{bx=YkuG9&wn^EFPrN1A
zfpXu4(MnE7exgz`%d2{{?v99v`TG`1^y%GJA(2(K?u2!;rG014@7CYPp!+=JL@Pe6
zz1~~lTtdaYmu}Dg*;3|k(?DR2@YjUb)doU|!x*21YCN?uWjy26m<uvW7Q@f2XKgl@
zSGu&)GgPj_mY=MMyZ#dSJX!ngX=P|eNQWb%iYr-_2Ns)`qAL{)_S{OZ+!*yLQy)WS
zywPfAdtjemCi1T}uq(}8Lpgp4xt2Usc_AY+ONSU<65MHK;1u_+k=dGw6P_p-cM@-p
z)-{cId{-@EGNhIcJ9a<H%$||nZ+K;eZMpaD@b6>p*T;&IXgs+55)@#>isB086@|F=
z&RAoPz?NKCA{K8W7S^T!8xE8BR^NVIz@f@=2(`CFz)2A8{15CkJ#D+E4=W~WK2)=i
zG@7NnO_j$7^o&I@A->MNV9>ADczU`2h;(ARdNdmqXNMHl8NpiEA6Tw@#I%ZjTk}=b
zBXgw0c(C{D@&g)tcY2}TXMG`&G=z(-G3KLVc@4=#!^A<#Vl)h|QlPX8U&2VY3i@ST
zkCPlP$`-$e<QwuGU(Cvg437p|u}thN^kD()2i$mj;j^lUX1xOde%*4r&9mZqWeiHV
zd5Aguvbh2XzP*?(zz_h6nox|D=j|V3U6$*db*WOyL#5-;akWq0ce5E*IZ3&Xky$LE
zW=i2@omhpt#Vt()+`9Cq3aI{Uyy(aQcWn29x&Z&BDbU?sw44}oW>kluLr~$=0NZ{n
z_G{yr<op`w9N|E@-twOKQD%ItbKrDrBY0>WW40+|M<t7HVP_QoU{)hJz!7dcOk+@O
zo}m~ul##j6{HXbAd5LCBuLS7Oub1M({r1&Dzd0jktab-r?KR$uSvpF(J?Vf<k5r!O
zdiaijd8iNq-JWPUeNA^Z4vCU@x%6Go|1sb20cR^A4U~omd;4oe1y6W|J57-AsD9>c
zJE7xQV(EJy+NUVnB*0pbjBJebY1AyV@y8je;_J0x=5LCr;6kr|jO7-YyAVjU)PuaW
z49CYb(kpFD-mo<a%4n@Lmo{=<ZqV0L&Ph;2c8>sY{MVcpU!Yy`py%aywEf{4wE50w
znku+2n{s4bMg4Pp=BI`Uk{)2<k4{*QV*yy{i?0|pIl%j?N&Wj7eQ%>sN+#<bC?%8K
z>H2!CCGhfB^&r5>O7A%XK#uX2peXfDIt2gNOZ@zLyYhukxdh-WkYFT^RSnzgg-2o~
zDPp@`v@DBB)cJwZt>XV%0G^!HUH-!p8r7iS2nr?MHYj85O3v^xU@<!%r7RvhYne3*
zd%<E36|$XC7j+{FIw6?zM=EhOzG?kb8y&tz+ha86D_&Q@->U6deYp^UxSG6qJ8@U<
zSp;TE^wfohL7msJDjfrdo+MYdJcIdU_Oi+Wln(CY8nwO;5<P0A_exD%`DEKOs%&7;
z$8t{xmtU3UUboZIOaI<$lVlH{I%M2FYxbAqYLxtUQh88f|0Ahk0tM{N5ptf+C(!l4
zV{eZgw)u5rkHTko=kBlQLH`O$gY1Sb!Y7%ACzbYJAL5W>FJb=rNOdwi&j<`$6J<{~
z_l;=d(y#uE_hYWa$L|&T<Edy%0dO7=i7=Efgb$iDsHa!>3M7BSLo+<oY*AvG7D1JZ
zhF!A{yfCT-hn4P@E&dY^C-4)L>(}|@?J*MuUi#s$JEeYU<&(i&SkX0BWYZ<jsXP3}
z`K-sKF2{9d!;;hP!kGF>8q(`gkfPTF4%S{T&GnoUR-W8--Y2D0Iq~9Rx14GqyzsEP
zC;dS)mJ-1qIXjtluAYEPfRn$y{W1RxP+fJt=<&MM7<Bj!F${pmql`HE+f^r*1#xjx
z5@ANIbzI=Pr1KISEHV``F|5|CXJMMKGT4!_bDqMMR6A;SgZYfE2R|JR<Ke?m{W_6g
z^YBD|M|XUwL~NC-XH%_?S>kgI@>dQVt~+DQmCrWldWWGNzqazd(k83_4o}mupwsDL
zT)*25ye;Gw1r<LlrY(C@EuZdWRBfOw)^8Q&b8|tCdj{9i)h7SP$oe~&zWfsXjaG?I
zN@f3EhwL&*aZ%SZ)uqg+$^+Mu3QO3h^XV_oKzz-wC;u0@l;e9S&gt?V7wKPmM1SA(
zU(`LFF*;3%tW?XvYwp+o39S7mj(xYe;zrRCHaIM#e@Vpr_bpse-@_`dDy;s}ruiF|
z|JQwH?$W$<Z#857>%xD3Tz;qU+@lgS;{}znGieH^WMgOWizSLnuT=rW$Dj#dif3M@
zj}>njja1fo9u59nW_jSX-8zI^weO+&q27^6|M+oqFuw!1+o&0lC2l`WoUTc%YY)n0
z0VJ@vVEx8{p;C~V(_=`xB1{i>m4MVZrg?4+<=AUjL|S}u^!C`O>sT|BI>Db^<T5Z2
zl^BQ<rv`JS;_j$fLIc3Jzk^6>t=rt=o+)5W`g|vsJD7Pnk2GNF<Z!W(?xvp1{u*sV
zV-L7X5E?Z*gi=9{(LW5QbU8pvQf@dCEN7#uHv1A7hgXEsK2F0vuy+Ece7{C>ou7`S
z)Ewq7S*{cur4N-LZS0FKpgF@^Pq}Y?C2XG!TNGanf5t$O+Xz~tXFiGF&%L_od%6JO
zul!r`zKk|@^=_LFYL`>dXtc4oz^y2Tyd6akOj?I^j9a;ubo>b3GUZ(ReP@HgmcE%o
zZ>yc{r$xY12cW+Bq&1+>UQ(N5#kf@Q2_=<AG8G;u_RCa}iscxF`uY~J<-tgGhIYO3
zQF!tfYViv-xjK%}Ki#;Y7>kW`&#a-cKzDC6vdGo`WkiU?#(p3QXP4DG39gmZI{+;d
z3>`CQHJHowC-RDDAI<vFAsyqPA0rBMGn9pjIT5<sGvUW=Z{~Z3D+bebXLa!88p2u2
zJzkQzBwm{|G-f!b5v{GVKb7jpYfQ61yc)-7eRZ2u>Jpf*v^MIM^izz$QnXF*zNO0|
z%+3EafnC}M3=LNnbO^V!H^^jZuMGTIoYCT~-<oks_d`_v?18NY^tw%9==jQFM`te!
zH~>;Vz1)B%?IpG>5>U)oW=%p%fE6O7#fAw}YPSIhZwnGyy~@QrOPw8*h6(g-K7!7?
zF#FHk<<}gE(mdLGZu~#dbhr1`=ZCWO`pnP}V;Oxkw|LJ;q;CpJeWXTJ`=)H3-U7yx
z)vA=2I-OHKf0@H+G5oB{k=W}1!$+q+?B&b?=(%CCcJ2>Z-P+=2?Wliq>G^DjV}$~N
z$nAhtJS$I_lpI=|Z+MD7+vO%Vqt3=u4k|IcO?IVirL;a$WNVHd5rpgKN3usYQUZ>~
zpdwHwR!b8ujeg8@Y#ty!%f2KTaXDK8SAX~_JYrn_Y6q2XKOkAR^^AWv1=2@(YQ!Ct
zmdWo#Y=&rq=B`{(G<!Lu7uwnKi&~eTZuPf$?JIC8gKJMYA*din<e<KDY5s&+%S+&$
zPb1F?iEi=52y+!V!OUaT&k;gGVHKStMaa^zoEv$#g#}DsXsN{8q{PH>JU_?R*%EKa
zWw1ZVMZ~Jj+upgBDhpMxo->f2V^mXJ<DvgYMdP{|9KIP+hqr6|CuR&KM&;M2zZ&L)
z-BO>e`y|zS=-IN1T42!{wM7imNiZ(jF4G$P-(cxF*9mXgMg9SR<C{wwy0g9VfH5nN
z0OU&-y)%_7zKF5~Pevf&A0_H7i`@@TXAJ{^ncyf2?o5VRJNR%|&G{ZGi|6p9KbBKm
zQrM2kHm%xsN)6e?Of@m#r2>6kP-dTcA##y^%pl-`&wg0u@$%!^Akb*__Lf26n}etK
z>DC>j*96+(=cW}1s)He-*o0~4t%cmnc(u2Gh4WWFf=^bHf9y-{Q@!vkZn}7j`}Qn>
zM+W1r6vW7sdbiue=P0)IzhQH{A-Pd6g3*b5;|+qIdtC_jg%UcU+cpciMM{B(V;z&!
zjp3Rk6f`Ontl|_et53TI64zV3{rEqOu%wQ<Z^vmx2+=<Ww_G$*jO!dI7>RpB!CDoc
z^qU;79~nuw8syfWndZaVxjKRm>R$)zdoJtdBTY%JH<-k#T*H3i0}3Fm*Pnr(>_@{p
zx+o3z5Yu~YXP8j}z!X_SbELHxVj9jLay~YI2$2sOg;fM(W!$8#=+zpE(-9xATXZ=1
z$Fp0FNIwNd+5YB<b%B4PkS=_}&JZe6VZ|4aporo{Us!|E<y@x#ZsLkpP00}^l+%xZ
zIoH<p$cSTwYx6anqtYogK6Bd;yl=6uc0ao?9^Sk%_Szip9BGsL^!oH+tNz(~E{f|^
zjndkz<=uQlYuJ`ib)0Ve!<>h8HvFd*EcpV+fdZ*f0n_p~Y2Sm_M#$He(k^gZFyEcE
zP?oQ}`@o1E5Z-t@60)|veko~O3tl0QE0`U4z%^}AeG-bm#>UB$=*9_a!cTsx`bHPY
z_d40(8+h<ez{AGpSPtnf0F;$ML27r4-!UPYa`znGPXU;;`}+YNe`S}$?5Kv8p>%;}
z_sB8D#F2d<S7+66NXQ+(-uJ)r>m(2)mVmKb@=nu}jA89{LWaKJQg$iT`Bw3G6svx9
z@$#v&`4VBjcEi1w9SWL?t?C-8db3!Mxb=VNvn2nh;P0NT6Z=8=-OXtYRbiyf)>bj(
z3I_B5ND6deL!yXn)ofxzx6$hWg~I3En&{>icCT4_MB*ut4+c=?IEjN3n+xRZ3VwVV
z5yD*<IMmxS#UdYXvtqakhZGMKT3@t};(uGBhY!Clp{Lbr%}m)ZVf2}5Y0T*J^XMqr
zxPG!{sr)|pBj$Wv$Z;eXMX9G<sFBqfjl_y$8i{(w+ExCbB)U8cQB#+A`N{fxhwD^?
z6Nzzk4YE7yv-Ohwy$w<LA<$`O)X3ObGPiUZA+1%R{7lSinawDom0tLMI$m`HDn+7y
z%UwlYJ~Z|~B)m&G!{AwUze%egX_2vCSvA3Z6n##pP>!rxACh~PTo`DN<~9}y&N;6_
z4sC|e!uBVYAfUOeRXpn|nJmK^&r`0so>q!a5=8PoETBPLClDbwZ#kYGHI7a(eUB=U
zz-WZK4EC_^ehDh^cYZk3QyyL(()MGd1nzpXgbR+h7j8XXw1St67FX+m)od1C4fG(n
z__*})xMB@rd5>+cH=WM0lH3lLpC<BU=8bXhhPsG~UfZWpf(pLsBiA5za#njlltE_L
z$<fda^X@PhGc)-#Nbd?&45enBkC3OlwpT>a`R)hWx5Vyo!&W|ZR9U_5XLKGvPJ3Ry
z`2=#0d`8N>Ymq<)-Wr_SIzph7r9NX60sd?%m!F`@BlR&A72kUO2YKhtT|c-(-W^Zs
z_2iPU#j`RW(|B6$?53PKAO3PAjHdwbQm{(2t4{ND%VvC&DHg75aw9z<{Dk<4T{KhK
zsMzY!lSMKZ`#bj49#-Kt)Kv{Tn9|lpq5+U#zZ9Pcz71Q**8Cxpp~koNu#kNM#OeI8
z1MvQX9+6~lr+z=SSfy<~n^WHmfL+uJOWX4tKPQ$^28gNhfz`;ueXC6?u4&@KgrQch
z`G<~{B<p!uZ#@+hyUxHoFC`M|DG;Du`TFIT2~pzeqQ!VtW3pHzKR1<nzM64<=OpK&
zV3{<#3xev8ebaG4x%j&_ez0#Jrhw{0m~bH&PF>Q`bM2<uZ%fD{8LQK=@fY1DY4sY{
z13hXVHe38F!j>*Zh~{p3(JZR=S3G9T7aQO&dsWFqGk(`4Wu!xx1jlbxZe;lehgDSU
zzDil?wAQbUtKK*b&Ln-*dhM<p;%PlA93dC6;yY3VKZGAGf}=qO5nyhK!<{_IR@9u>
zIWm4@y~lWD0fDuuQ+9hM#%TNAq4mPy6-urs7M=3d$DDMar~j_xLL3$DZddp_C9yik
zw4IwZ6`Qr5k1(sarZvp15c4&1xWyFmCw1CqdFVW)$=uD(!j@^_6D$LERbo03AdctG
zWAoZp>b$rW^)T*E)wK2*_>9}<<Ti+28YV*Ud1g4^<CDfKB&p6$Eh>fZQ1=Sa1r?zN
zi*IrZ8v#ppQEEg%V$&W~X?&I`$Win;K2sily?|9#<uslQ1t>#?@hwBQh(T6NkB#>#
zWMYwHwgJBb_ugJ<;vFSMa1E^n^8q0#fH~Kqe+3MdxluKdQ_{!BP2424xA(*+thgrL
zejvHNPaR!Chr;Dg{>J5tssF;|6{2~(^-41ayqXEpk_j;a-c-KELHtU4u^}#)U%bUL
z)}c)uG(mDr^M`!zhM$;C_U%7BT^Z#RYkHR!-Lvs8V!lUp@P%dXQdkhj*(;rSj4lxH
zvFp?bOL1w|?^Z*tLN;+hzacWLOOF8ZCOa~c4?;JJCsQ|=%~uu#w4{XJTroKenynsT
zc(8(xr6WiKD-*a)=p0d&LKc@aL`SA6mCY^}scV@7Um&1>l$7Tu;eh51abl*W=T#5*
zt$<92J9?V#@6YfpAPkkhva{r7lb~Y${oJK~mV42^yMEj=URx17;=jf6)scC6_#|56
zcHwpjf|Q^|9`2ORSzIg@p{fnalT22uNGY={e)>rI2I`HGE)G6$LJv)Ag#D!jAl9|V
zq-d3#Tnc2&jsP^TP16F!4@CCB#YMA}CORJbhBeCJlA^8>-GjeYgbY6lq-8wM>BaX5
zutz+~3z8pvDx4p)hd;&IM?c>|;3Bw-#PzeOAC8~94ybYM0j%!CXv2LfK^=pSYTQm}
zoj9QWpY!!N+M)g}mTf<m=@7}a1e2#0$hSVHuAtvC+gf+ppY1ZisMFMiSbWBKN&2yX
z3-vACB<*psK+i>3WE6#aP9jrY|Maj?v~=S1d^*te6I?nZnJ{>Pi>aX^!e8v9>I8_b
zAQoFWt(-@!cZ&09nbzUg!H;>8==~Im5y}98mG@y^Q~!qRW0`9zX2lvl1)SyJuDD_w
z=MVkdg&5B<_0Sc4qqn_fmQwdvgzZTr<yKDHHA$pN(u1$>bI|JNP4iVKh8<U9Mm3o|
z84%e6F!{!b!Z4XD`<q(G?_*VKw4&;E`cEU~vQiEPA671u<;qI+&gn7@)LXS_c({%o
zWwynqwhH=+M5dmwbh-F9b~R<0haqBjBIe4ub<2?wlt|B=+Uxwy#kiZj4T4hqnIuym
z0|`(54D-!;3a`!b(dH-O`;FE2-S5f?J~c*4KR`39Lx>XV|DK_2^MuY?w&^1cwZfP`
z;kRL%uZ>&5e-Bd!AHP(ud-a4vr!9C!B9P^0G8x2ZI3UTz(PYWnkM~A5%IvnJr%eMn
z|0=5L;%4L!I$kW^S<-*ieZ$<_n0Y3KicVilS+`xnAx$E8>WP@Pm(HNyoatJPcdgcS
zr&x@418pzDb0!mpq^>3Lyy%Vw^3Z<^y3r&OU{@b{*ugTc8(*%4?s5Yaidi@+_fg5e
zqN~XelIXWv&55N#A@JV&*{$=jlOM}v#ak@9FkWdQKH*<%QRsjl8hwxlmN*AO>4WE-
zzfs{|h*K`@d!~*=VpIp`RM9`}iD7nd#qigfAa3fzH+x>O7g(AujuIM*D)$M_$)K@0
z^E#0w+2GWE(;`-7E?~55q0VAXLf`GifFo~2Ey8AK{>=_EVa7Y0d7H1e)tWtq($KAH
z9C&DXo>|(jW_DCdUuq<nSvm)B+O1KC6L1@oj6Rg+*kGqjII_Jx$ZhK%>|<~h4tb)^
z|G{bI>d0)%oWA(ddcJTPoEZ*=oX^3A4kM1wauJ@_Tkm=uXZYH0Dm_nC2=g>8Mh58z
zrvMQCi_VfB-m&c!i+s2_yj+*uHo5fVLoMjk)7$;P`~=AD_584dWB6D<x?Wb}TP@Ro
zfWcBr$JKh>LZ_1p!xYiu%&7*RF;}vUxem1{wWD1nPY9w~9HA+WxEp@Bk6fGNthK*o
zAbDKc+riWo7Tc)4{ayYb?g;K7bk~*&H3OTlV^$0f`#+2Ry}Q^AA3pv4KyLp1*UU!m
z`nZ_BMHe|=!)*O!cxU!~u@^e<Gxmw3Uaa)Je(8|PD9OGiNg<;yZ@wv!ci=>>9^mIQ
zqr(wVaD)m=Fyg#n*zmvFL^1IFm+rkY@{K9(^%fnE93|`CHM=jR9GDa9^<#$^yJ8m&
zRM-d5Zgy;-BxPeKRWYuAY-TW~c{7J$D=3X!>rrI&8OBVuGfevS=f*42zD-a2H+Wyn
zqM$k0$F`EEKh=FF{pNgdJrq*HQg4v{IzlvL%I<xLZf}sAsg3V>+6}4n9D4cK2SbtU
zh43gds_@f^;H#U<Cv(kacnS7f6^@csiz`C<)V=V<BJlFe08dIn6drlOwJwUL|3%Z#
zvqnWXb5Mhv`A%!os~1YQaS|mJR$#JVmymuE-j5pH0uKVHn|JEZf(a?se-j4Hyqh(y
z)bQszs9E~@k<i8hmX_BmE`HX91+?EovHJw8+W=9j<_>Bt4+_A}!D7+k+?D)ZlyKxE
zWELu<Y+VmWNu7F^9$&e_e}tkbwS<Pc2(x+Vtk{aK=#;3RP1g<B_`Kw9)f*wGzH$}4
zqCRdbXGiFy>lJ@!bUleXStwupUN4Slp+qj0nNULmgEfbCHJh(YvKebR$NNgX3RU(n
zN~l^4W{{oYt@U7F_#CE?cku~364Z1R;a#U}Kh=5w=BYvHtxPTrLo39AW?uhRD2L*p
zPTH(b!lK9udYOMLXizTHn~@rcev17>Hhd&Oa6a<RM02`)krWUKbq|F629$em!+s{x
zKHTBlu1kAVgj>Ei;MfuwP7u`_E1g(3?4A!vax5)-yB=jf%OJsQe|-T++ICu^>>eC4
z?6f1P%Td3$`2)buy<2LEqZJ`F3zfeE#sw+rW}?~VOEDwE&;nY(I|hr-Md>3o{NdR(
z*W8mWQj?(5NVpJ6hq7X+-WiX%YMn9=_}w8;Gs4m8U$8w@FNIQ-C+}LLNuH<K+o?gV
zYBko%#`_lRW72c!B2sxe_L3t-E4Az`-q<lT3ew%_HQ;nYqIVCTZ?^5;Qu16*W1l$g
zdmjvoj!%u2fCFn1Q#1>-Woq?{vfryT7Q;}Tr}fSG2C~|X?pVkOd=D8)`u+!9Whmq-
z5~5&D_APJHZ)$t&bXuoYzEE3BBad6VG+Ulf$m)pul8oUq(~C>wl{oKJ<IzUh)u9(Z
zEOKOk)&kMG^?NPT3$*1%CcP$dtC#dx9X^heoCz~@94K0>?!_^EuVrV2Oo3Fry{)Km
zYvi)pGPt(xD^JXXwZ=fnU1=W!u=w9KT2?T*d7i%3E4>-FMtYt^NB|6A;qfLs<*@Wi
z*rJ#%p<t)$C^~qewQTiyq`7F`R@PkUIj+80<wWzk+EvXBzyoBkWpJPy)<$?;yK55F
zW_&xg2eibI<cG5QxZ_H>QKAe#=((3-l0RP9n?uJEL7B5v-!^uYABQIH0T!`{_J)X$
zk-$%$u=8CLUa5_5I$-%ZK)1*^V(8Lj`b6evcQo!Bp21o9TwX17G^FxDXph9uPqnI;
z@mRHTA7v!CM@~UT!m4pr90D~sm5jQ1dgDDa&^@i<i_LdmmsnA^=o8+?L#47|_J}-%
z`K##3ci-v~8Zw3QK5vH#{E`vjA`~F4o`V{i*lld&Ktcs9&WI8<5?aOL<kUSabC9s{
z>?behYlLu1X`?#1<MwIwPlojQfcUwLjzh~2_EJCGI$TaasfPyxwC&o<0~FT6EZ)5#
zpvz8f^^v%>hTK#V@ESF9fVr<NkKP`2K3uVsMgMjA?$BYlpEse~#+&;(PeSu_ROQ<8
zTJbPjszJfC;uoW%mg*CDltJo94!mgN;HMAdGH((bOPIfZeTuc_Nf<gG_AIuZvNhI9
zs8lEq)JA<6`liz8wcamlHoI|`Sp!^wgAk&p#7j1};{!{~aPlJU@yszwN9uM3w?mfe
z=a%vyYi6dc&|vSwGC=i+!l(CZEh+bi6~)orF=qRkm`G)B@&va;%<gH~ETC5{<FX%A
zvuDl5BnhEmww=FrssRaeiyI8EF4grI>r|;&_3R4g@#^2ys?GnbHHL5Jy%WBB*y|1%
zOpA$&e(NK99Z>a2?Rq`0wQ`H_Yfx3`vdz5E9CG`qlf~`i!2IXC{;~_)$ytN%)rXtK
zF@@{5;u#+>aMj245X~yEMObxCj0C-DGLK72xs<_92}L=gD!ur)aTJTd5%Tz`6p}jL
zZ^EtmrKy}Dt9h??@GK^q;?uii)bmWDyZfdW74urISo)9*;nTcnCA-pxaa-PNUDH8Z
zk-l=!x%p;z_Dfl!@obud`Zmu8&HNT%*EVPSgUiH#BbMEo?4xJ}YngN;kuZm_S_-f0
zvtPq0KBzbK77f+6T13(Hx^KD*trO!>{fwm@9rcrczWDP&5R0jH^($dA<bVA2uMfG}
zXcEs=i-iV0J^epjnd~cr`oH%d^WYEu&s+Yv*fQZBLG-xQP}Q41-TQz3?DFILboAnZ
zd-`wH)YN{a2(Y>@gZzd?t4}ie;@0^5CS>WIzN<vjU9C@k%4{I8yxgB<cyMTKdldeo
zJ}Pdmtae?^w#vcduLnduM>G*u?npx0udP%6bFVy+^SuR}o7GC=1u>|9D&65C1aowB
z^z^N276F~$<GFfEJd|dxe-9q@=cIWr28PF^q#MqueT0tt+fgfLm09gEro9Z?!_|@j
z5vQ-i>}APDxH8on-^+dWK4qG86ks$_Cg_3<O-2)fo_$*PEv26Jvq&s)SYGa6qD*8r
zdejq+!0PcnzmI!-gtM{|wK9<+Fy-KRQhGl_^r<F@HP(ggOC}7Tc~f>-qiZRMYzRib
zj(C98fiV0e*$lxo5_buF5Q5KXN1MCFo7biAj~B;8?#DDPVBhu>i)x}gg!g;qFD%Ro
z6PP`&H_(FYmrXe5o3upkudhQce>G^xY)`b(hTl31+UUVqYit$=N&A5Hf@2<f=8<_h
z@s%1NO^F@0ZjnzV>SZ*8X_7MDW_(1MT@8u%&P000vDyLy(LYCq`ia8W8%2!0NU7cf
zFXpqr9ZAHj9fv+%w*EWa_1OE%K{2P|$+=w}7wc}K(wL0#9QtS<zrKXKZ$%#1z8_N<
z;Sqg494>IHtU6-Cj=yAj*BSrS0o%`*qC2Fj>zAmplgi!%=c{FYkv`4#aPl+$jPmVz
zkpDqI@bZMF5kzxBG3Vw%+2Z8UWsN}mYE}@TIN!ZD(`4%vYo-{KG7)20H?ip9@gb-;
z>dAq9m^A@SyLtC){^wqlu$ykU+4APuvc*@5(4xW}5(~%hA4#2}114X}U2_TeMhk=<
z1G2u7q1WstF^(#v%`}K=Q(mmTrm{NKnA74HNF|m(&F3$8ru#ELu`cG8lHcs!jik?w
z*3$;U>j@|a3tKZK9UVTXbgut!CX?*)M0zOVZL*|AS*gNmg0c6b@64znZc+}`BvE#K
ztp*CSYC@bHslWwoezhAAwXsCJ+pQO%rvrY>WwHn?Pq{=vcJV&~20H&9M-;5lX1-hi
z^l|#@-$6L<ebWUj@U4qJ^vBCj_7HSm=*H!@qrksXP-J?b6mF0lkel$qI!X!sbH^jd
zM?A0_TRgWBmFwZ+1Gwi!p!fAz$MqTca>mLN24P_`j5aCtK`E~_s%5XM7jGB+gDM=y
z&0~b{zAJ#C_XV%4(Ng%$1AqQh)T;(P8N9KJWB@Dlmy=9k0rTAD54B6w@5{FVAGJW7
zzAVcufrwGQ(=5Yn$)bcj?<CDe67d!R&(L60A}D=H|A2S9;rb5iKQ*4{f95lX?tO^m
zH8G|Dy5edT8$5i`)wz5eV;T+EbDK){Sbd<vLX&JYd6bL2#y|@a3`Ieyr0|=^<NyL3
za$Y}^L?lbqRG6Ay&AN5SE)vr07LYCH?Q72PU?eN#s1<oXGMfWJh>$;>e!pJgjfqd^
zzw?@<Yl&L8y<ZzVYZimbg(sg3k?38G0FQ40;5jI}5z1elPJUHDuhRROV$=gO&&$>n
zsn-R3)G=xiM}r<qU7s0b1m}74fM;oa%YN6f^EJ%(bV`j)xmixw-&8z?W`7ZC%)=qq
ziyTOjZlALKN}h#g-8X%ZS7uiVh9H!%a!wS~Ku<>64B+ZWWq4ku^=J+DkJUj0P)|fK
z><zw<!7v8KuAEaSQrE;gc=w!;&vI8VCevQu1Zp;+2nCHs6?_3JdaF$CB8O^BR*9qF
z5jr<Kgt5f${vJcI3D1d0tvT=@>eB_rco^q<INY$*N7}u_tf~e$sShGn<9T&;U>{4f
zD3f^Y=?EohEIjj`eJ1J-lNq9#eD|Y*;W05e4z<Ja-s=WFvy(ww0GRI)%+W`1h^8EA
zLF{fm%rsH+GM<fRYzI|PQ)4@crkXB+jRS&VBjzFGRyxJ+xwA9dguV{<UF?Z0)8J>K
z9Gv3<C)N}QYgSp6_)g@vbJU^sBXpu3H#H4TC#%ekudX^BDwGai!yKeffw(^C<PPm`
zi1dd$?<;)se;Cvj14MO^JY>h`6?NMAsg2_4W&GiLbylOeMLK2ZjVPW}<6^hIq`X|6
zyIebms=rlt@OfJhK;@?%;WG%7ME+$fOM`G`4JoMS{*{=GiCh?o-?Q<2X$_dKX<%Cn
ztPs~~SpWLdMju{x7<th5S5(YOO)r8@m-h_ketEihMv@I@;AvN=s$ymanCQarXOBI~
zwF<Kpr$2jJdFME=7?i_%a^%}jUgxizZg6HBk#HJJ$Y*vzzlDr_{()G<2DRrn-7K`)
zRzCPjZlWgTHr+Oh_)iBY+B#kDdoYpt^Rlxp0~xxUD-3U;@%hab2KdOl6@f&mqtq*h
zx$SmNgvLRkQN}l#jnJQe&jh)~XiDbMO7T1y;+=-&1XapH@5aoiwKtNJ^_~Vizn`6x
zFpXvKgfrd!!x<V<s{Hv%XOP3aL)I5uhLxIwGkpO_*xn~7okfVHjtAo~+o+0ZNS*DE
zuoJ_s#je>d(HY-><Yxk{LBq6S?I_=luW0zc`-U>weu))J3q;0_pCxtf&{}S$fs|FF
z0NtZs%HvrUP}NIVnDDUfUL5}DYWBCBCG!=dR1)MxB_drZPN~{QlhY;zfZMBs2Qo`k
zxU_S%+T7(r_nV0ou6g08DkI+LC7uL}B$4Bs7br*gmBHC+K4`|f)qtNRmP^kM420z9
ztq43XIP)%hqTN<*BB=Qso`c<qF@K)N(s*B$tw7@=A>O$e$9*%7FY;!_$BA32%>DSZ
zF7gQYNuR=Br9BY57S{wR;n(KmoYvYeP^qSiJw$mq5(Qs;G%xq8E#mt>*gNZ}sQT~U
z69R$)f^-NH(jeU}-7O<BbfctniGb4GDIg8fAYFoVH_}p4Lk<ix_u%t=>ic`{y=&dI
z?tjl(vsf+;p81?}K4*XSXYbd3Z)lqJ+M`Y9wGF1)pQRVqre4PqUEUKG!*9iP%ZM(B
z*FrvpU%~{Lv+$QEEQgEh!2RLcKXy_IHi<c0cg)z5Txf<O`MdN7Pai${C`KnPwA(Wi
z8@1Nd1ndCBK@j097|Rqc=cp6*?iAs7uM4VoK<k+7CvxfA&V^t_Ox3UomiY?ZD<(-_
zcGN#yFr!TWH6-Yv>s}A5dD$*+cJIK;AkZPu>}hp+e}Seq?vm#FGgF`J7?T)J2bAKH
z7_>b?zdP+&Z)|enzkc#Z+MDMiYbM~ZNKxs3yQeo(2C|OB#%{J)&!9x?qkxF(k+8!u
zgvc2u4|L03-pd<S0oLL>Tu`~FtZy4Sxx}nSDfFM_D9IS3X{U^w#KeMn#$v=HAyMz&
zKM2&R73oXHCp{E=SM5KZ+VfE01tWHJ#3V<)4>3k3kH8aRcX+zMj}B7pk#5qbW#^Ak
z7~qvjQLg~L9(5`#B<HKtV-IzmTxp1e>;OkpuFFBGH}XQA<bEn|j&@P(QL&%+BpD+T
zIsa=}*Yp0uL^7P2@|Rlu!#^@#GY$M)tfNevlZ52)_SIlD0{vTAt4Le<Qs}#a61}x4
zfY(d-no2IqFaNwkkKQ+eJdB!{9o&t}NxITsyQfaJK#nc8gKFp`%+?wymZj)jGp_b(
zPSEcUPpX~w4gp5r1(nF1D@rkM?PiL$lON=TU*<>>bHC)XP!!449ZaHGVQG*t&J`$q
zjbYD8&0jQcC+2d>b87M27iuIf?g32?-&A|tdnM{bHDC7%En+NLxt2L0$7`m1G~ZH<
z=LZ3<C!FttkjLsPUz?tfq`Xd?oFjD`p^>$NM-y*eMhaM7P9Q;fhH>@;wePCC$O1md
z_uevdI%0BL=!0lZY1zeldTl=P$MGAv`U4zay+en%kbew<kt|2hq;k=*bJRu-OhlUq
z^!B&q;WpNzK9-xg`M4Wj-uz@l?{)e9u_)`gaEsfa*py{Nrvkf=tdj7D#M;N-M)08V
zmx?=dTN+BOTN;RipMDe`@Qfm=tEZavuk1B^mVIpXQCX+x^$C)AaPqtk1fI}!=LUCG
zCrBC^8uHCq9lOe0Pbp@>{T|Dq-?e5FXapLyzDKxqqaprWmNd}<=upkb<a_9c#bWQ6
z?Zl;@Qi)|GN%Q{TaJ*)4GVN7+AnV;7)FI9zF<xb;{7s&N976Yc@e4h>vxgVzkjX$s
zo~%l60?yi_^wR<Vs=;I-nL#XQ;&D*B^VU1E`ouO770cm>Bj+bCJt!2)S|og5xc+Fm
zIQU>RRRZYzSG)~w=|e*kT_~B`EplAD?`J|q;jPE3Q*~eY`sD;G<rHyHg~6DnSg2W^
zug*iar>(Kx=86d@nh0>MCmXEFuCZ@7Uo|7ntmx~q9W>6&%uSl(W>6qdmAPU`V=vGm
z9Pv!haBo>H&*^fOvuQG(qhf9TNRwVs!e<fHN2$Gy=D`$UndayKIP)Vu_!~GPYvXV@
zH_>|}7k+ldz+EK_f!R()fk?L->AOOjF7|utDs}D*Y-ZdG#`VHT<+X+wp!Z!!9fX<l
zkXBM~S}~U5*eLg95P|h-z-6a92x6xi?yiyse*VVCR<lauYk2&ZxPMrY=rzpQ`_a}$
zyqhJ*pMiGE4S~~9EUPQUkM*%+&wkYI&AbRY?oTC*Akv@AsGjrbs7H6|!faU_UrC(q
zU`yu5sI$8v7IB!adAXPP;In-Q$)xh7H$^dVZ!TU+?n(wNL%gKzY#t4nH~;f^`H^Mi
z$_NN|97YfQx{;ZEBDxe0HLfJ@nV;Li9ZyNI$USB2Y43x<orae)gvR@6Yj#Vm891NP
z@!%lRXF0k^`l<BN@=8Q7B(>aJ2cJ?I`=qrLm1R5cs%|CJ%THFwBBx`tIYNrNSLdn`
zZF8{wlgc)}Sh%%;t^|5rpa0zO%ce3^GaF*rMa4zE<mvh-${Wtfl9%L3pmgN<CU0Rf
zvyW#Lo+DW?B9oV6T<@!_5*k=vF(q-2T~g_fe>$7wahA7j&(BA-fo=oF`*qhRl~)yh
zZs+0$zVI|28@kVkMo-?KOHJVPiQYIsmLt@4bI$oW4@sZttnlkOyCFFxvmb+L9BU-U
z_2@Oif=;K&+smyK{6yDLB*xL|kDi4cO51@g763C3agyH}4|%bZ8uiD%N1~s>h+87k
zodQ|S;i&>D$G0)%N##Y`cvc)GRZZJ`TWI4(g)3bGSYcm}&EP(crU{|82otOU6Wq~D
zE4L=JE;~Kf8<LabAlz3amRg6jGhP&U*0a+Yr1aTkjw?Hf*2xo26CLLl4squ4u;uZb
zOOJT*<38C_qzG+j*!32N0l{8r8_W~mJK{x7G@;W~4D;rO^>QcLDgW-^(aeD9?%<ph
zc@FcdlheCwua}!W?u8N@SK6>`PjS?SS;d2$%$`OXD1T&bH1x*P&G(5hcj>4_AT1^}
zwOu}arW<JeL%Ba>&Gwi-Ry;rF$6&wQUX!(d^F21<tgf@UQ#*HybAlKCMVm}*e)q9C
zBCefKnh}6VQKgUYF|F;`fF5WX26*2kH|mBU7|?G7{pR|tlIVk34wZdHwe!p)PHxrA
z$?^#=x|e)_kM+xdmGAmZZtz23ds9(_txF0+HdEc)j<8wG65OFec*w%Bt5?yzc<Fm5
z<JEKdrWm#)LOJ$1KY-S*<>L7Tn|$_jG;aisq-pK**c|zeC|)h-3}3<aj(Hb+&&CU?
zlzi|qgs%{^J;uF%xMFl10WSH>Gx88wDcfVGHP5dMYPk-gX74|KafT3)&v@h{tfE*=
zU2zWQjSF!!_Vbk?52P`0h<xy7oz`4P(ivG6YtEfv3ZSy*O(3+qIJ|?lGyFx6nJQ>z
zts)^a50rsiMia-3AQpHy`9;Qg8*ycnZC^sSWp`EnKI_qpz!kx{r0cO!w*G6&^f}1h
z=FY)sQ6>cFH<mJ5NJfgCi=499DD3B9cpxwnJF;|kcmNM^Z@h-O$z=${J|RW(x;)C6
z9cvfM#A~&fuZTI_AL#xq@OZl{O6)$)7LZUC?b(V2>OX2)^ngHu@yz!Y6RQ0yD<2p$
zDDOc02z!s!$tLc@z`!3j<hRYd#5}c8u1N;pGZQ9Fu7DSXSZdP_7^gmHGr@8lnWz}X
zSA&P{4(YKh5d&ZU{yz;Lpoj#*-fHuNef#@?Ujd}~JDK*3MU;_$#Ib(+w*SPg@~m$I
zQxj7Io&OY=(f|(fDTa3a!!e1}C+(;kJTF^VDgH2?e}=?J=-YKmBVrY4SGjV~cJ9E4
zPv{i&KHg8^mh`q`?e6W_3wD)5%7<}Ve7m1H*UUOcPbcBtC!JP$2D3*gIKD^kYi(dA
ze{iLC0Gj~ac)I5WDql9s$%)j>?TPXBS#LlGwo^#QE&K0s#;8%V^9{?g(jME>9HIR&
zk`?^h%j%Zrpk<S5M&3CJ`q@3t=5T%Lu^Pu#&(GsqLbWJHdY56^p76q^d6KA~?=_Ns
zv$IKq^JmL3toIFw2dQn>WM%_#FKSKB*>6ypYi-d5AzLc=KOo<`96To?=`JW6jp-2I
zxy3{JLX1DVx8EJgt9G{xxu{3rT>HWA)hS;~a+eB=OhH~>)rs@C*M{&8=-XdQKX-V4
z1{zr=dm52dcuZTlL#xn%Wxn!#)AoptM?@v&w@cQNGXGNL1LZ5j6}1cxTwcDW7(QIg
z!tdrjg;|OE(LF<6jve*Bq-I>oev+qjh>Wa7+};Y-)!&>5dyT!_{efk#_rp&?tpD7L
z00K3CjJ^*#&p5DMuUv@qJd_9n!RUUh!!3{>!SgM`l17;ZCjN^KMjTe0-qhW)G97Vp
zc<Ol|k0X0cVxm(rn#k{BXfn;phWg!{k1WwlazFM!zhNV!HqVEs^~R(g++2QWV7U3<
zO=9Eeue>=ruuL0>(Hfl}SEVERq?<v)z~z2-Pj_*!V?hWAF6Rrz)jOvQoUd?sTjhI(
zJU-X|aqDoHt01pt>QaOBo(?m{4YBH5*DRF~Q(L}*Jd-qbC8rrbr>)my+4t}r%&!%<
zjP=pzC||0JOem1VsO>>>QFwfMsrq@!*~BEii~5ni%Dh{{lw|0g){bLH!qgV1;N<YT
zyJ{T@1X2l$tDj{QuV^(=EDE^}f1N>XJDoZ4BgI$WyzKR*bwod4KFzo$j4uVFD)JX&
zi?2}YJ1rG>V-e2t1RM%szxynFk+-l$LWqaC%yaO{d4!Ny_9O}NQUBx)MSE}0T=97f
zV&e1N<mdHa1U%m~3dJmju+%ip#wb<U5FzykNH>L%-AHrn&Z2%zE5%9LGdo9F_~cXa
zZysgNy;sXydbyx9{=9Ev2UDZaWG7rJtm5lPj0ljJVH34^;m>?jc^M-!WL+y>E8uw%
zG2Iq(rIN*o>TV`q(Lf=oB9;r?`zA^CbDP#c#J5n>+4C&7R}aXoluWlyZs@U;jQf<q
z6m&${kGno<8qi+U>_)BGZgS*TJZamgcr)n*zismv_4ch!t@G)cRx1e7*yOvogeY;`
zy#9UB&BOp=%_ZuuPGw(T`gFUKFT)Cnwi0^D%O45gxN#Wb`C=rM0nszAh`r7^|CfBL
z87++Jbp$SO@4WZ$3(IAxBQzz$;ZK%S9Ja$0qo%vhDU7DOh>rwjIS=(_uO}4oSW(ME
z_Jj{@)6G>m%GF-aqKEh*7E<rDG`u0>N9nJ(qnjQcQ@$K)<LgK)Iw>=bSFPF_LaP`|
zLF(0e9Sq2H&E9#;doFg;ieJ1RqE|jMxcuZJIlD-;m*llth@_x)4g)cn3o$%JfOro^
za+~KMYdOZcqYQpuJu4R^-Xd{v?Ms96F|#vtH4F9lgj@)z*wr3eUjt1XcHlG1XIrTw
znnhC!J+fz1FQ-diuEX8M-bNS1+6amcn{gB&#g)^$$^B-Ds3;*^$G|Xrn_uC_XaSqr
z9Vu|~*gk4=du&^t{_!W9EY4dYpQg|gUeiyZeD--Tnz#K~^DRQAsV}M39I3MPKQCBv
zbhdF5b<|2TJPXg9=>4F8xSYMD+pjRFMmMq8Z-Wj{A1yCUQ*4`Rsb-;k-k8!*n6?I?
zl8THKgPAa|1g6RM3LWUdoDxs!$lEdltGz8H)x?;vEu#SI6_E5KGT4NdrDJ{cX~Ub9
zJ7&G-m4r!xi{0jrfZ5WM)SpM3)yY_^R^+3zGpktZ`*N&xTYvlNOisPo!u-8A0Xl9u
znnnzT6X?uR7S6WJ{%-mZciP8yGE*G??QU<A19Bg@E-%{pC{%E*VXJpJ2pum$jYSM?
zIu<C=|MJl{eIF4N4GZ~C<XVFHF|b1HGw<TGjxGy$lJ&0*c(#rM>9OjZRNlsgs+3LP
z!bfuK!mYDpt|^Wdm1BD?_P&tjs*OP$G?qlXHrDTg;ZJM@(%oX-syD0h3bdKFCFj^g
zq6%>lNwYr|d-RGzI0Ch<M7_ont?y-L?~^6Zn=g{|+7H_tf8PI@d>tmA>t5E+XB^K?
zqd_V9`U8#0eqD>7F-0^1qaGGU%Gej^La*zYYr%*t7W7eW|8<759yK6;T}b~Fx%nQU
z|Fz!hP^W44#unZM8XXp?4_~HMILjp&W*iqCDrJS3MetQ&lt`ppmci@~#gG7>g(6?S
z`Hc?6yB5sj!cJfOnL103WMZfF?AYnL1z|xdh*s!f1h*!s;}cK`Ts|Ue7xv@0nkH<e
zon<ZcKotAl!wbL)+|h<=)#>~22%Hj}vl?RdI<om4m;~h@-YN(fvD26ku!0puUMTK!
zT*3%D>c9J2&J%V=@Nim{)wJNzCeT=YpDqT6%0pY~HeOV^tW6i4e15%?6)ot+cT}Wl
zm{-D(W$^=DWWh&>AawP_<#3HR-59vg1wOoy96gieTs?7+H<Q<GfUv~J`rBdX`P4z&
zWA$cT!UnHZ=64u?3Y&yE*Y4@=NI0zW5>NRMI_3$N54OE@Oc;OPi5oWdVQ0*ByUghE
zM?-H>=;BN9;d2B4JN)5S$YTPTNc|ilEA*1X3ovpS|M&XSlvM)jAN$sq+_h`T1!^)_
zr{+s|a_F@i>@d~4i%l*s7em87;Gr^n$#!i&aNr>)b~;1n@u=pw#NNRTa(r_<pR;cA
zpvwMSZ6#rV+~(As??HUO`d!PZzOm9m9kiual%EN7ed$tOt+a<v+ZFWA?by6rSd+-c
zFGV;JU22z5zx^)YtH|%?ky<Wx(V6lSQbzVcf4MOOOl%%Aovyb(j`e03L3pql=GFM)
zEQsD-lcQp>GKdkK)L|fKZ=}S<hRM)73Fiul&A)fO)E((^9jWqaV4u2ucy=z6O0To-
zkSHugS2O8nAoovC?+vbn-lXZUk}0Yp#6fZs0mjx;w$$EN2hVlBG~T|*M6e;zj`!yE
zdXOTQC~k@d8baZD!=;gWgQk9i-~J~8<w10o+BT&o+;yiQkV!O=(<ZvMUs1$+XR{t|
zHgsDWoJ^9UW!XSa%v^=EC&Ph(EYqPBZw9Xc2kNs+g6yXAXDb?kqMk&lTos<D2+WA>
zoM53-Y5U07vyyv$a=UUnP#oz5L+<^!`J_acnQ4de^}LuDXM8dEq4>(3&e(w5cQ9bp
zCPKBy6{+1F!SjvJ8b6V#zO)&^?a7G}uo<C(D$R3mzTiR8JYg_&DgZVeVv4;PXVN!G
z)i-ShvSOD1iN!~cV;&*t=LEAKieuG}7)S(y*xr$q5<DaGcc&|+n(zS?C=Sz_$~y8u
zLMCGipl3ChWDE<6A1o}}%1t>*EFSjB5E~1S6m(!V3Ntb^+7$}D>dsjB@}iKc?P`Lj
zA&4U^>EclkZ6T2gce&@mZpXSw9WT(vV${lkqwhm?6~heTo{X(_XMpydQGZ6km%~y}
zne!Q(3<8cXE{>uayvg@VVuXX4*LY5pm}kvg)5FU}J9&Tb>=}MCw#N&ej>1`nln5lj
z<G;G@B9F_g9TVU%%44Tc)UwGzXM5F@r*}|?C}O!mzWL#b(?yZq-|>UDH{h|sC`%JI
zej$$3%BUN=9Q8c`U-1j)Yq8%gdm$0KQN=QBO*Y0{<(m_1pdgmahXU)Kg#|D=+CLMs
zeTJbHs$Ig!gHxU()Hca3U-p8Gn!JpPw>3q?@uh%J?peuX>tJ7n9{ip_Tq-iJ{woSW
z>x3)|18dp2!inOxk9|q$q|k`Ou9vGd8@VD&`r?y*DLaUzo_7=G|9KoMHh>GQOB1Ta
z-}K`KrNzPzIRc~21pD|h!2CfnHrop&)l{9x1~>4Rd@tqp)0a8y#c45${_n4GOT{z=
zt<Wdl3kRUi-(B=-aO(Y`{>fUDv!QINgm%zouc8UeRa72V^1UpBgkr)2ni$cO`X#Ih
z2Luk?Y1K$lwLAxnfHR{`SEa>lslvFIH$?C)AB@<|<CMu_e+_tHORa*UnY4^JVb*xV
zBvzzM1vL#6v3?)=nYU90{r!Pqv(3Y=cw&mj_V~_goiPv=dNmM6jc@$?MH@G<^aEdS
zrohChJ!soI^q@>1iE$ghBnN8cy*h<1|LGQso=tS&AMl?wl{_9dN)YR*ic<<kQetlA
ztn>&GKd4Wc^IE}19%QeUgSS<7UF*Bz{s1X-(`kD%3wxj7ZphvhJ#onOXW_M)T{R9r
z4>3i^z)jqqffA6%!2M?T38BVrk<Rh^7DWz|gq%<?)rRb@pYercgOV-HKvJFJiNE%<
z<IMz%26<8TN0vSc^wAV$Db5Kj+8xA(nWvTV2Nh8alIklmdi3^Ul<^2iEA3j+BR1H%
zB%yj0<IB$m)|`9g36c*E*i?wxtru8RIX|&E_K}bYrq;T4i%O!(Zdfg`mrd2UdBV?E
zcZ66kGaFQFCFu3?LS=4*38vz{1+Di6C^cB}+K)+n9q!AJlD615SZ-j8)OXC52O;qd
zzoMoJv2EGUp!JSlTPP@aLm4t1^KFwcdF07^+Rge8$?h>!*imB`fnColyoeC&2h-b$
z+A3hCa+j#mU@e$M7yA1SKGD~`8MC2^MQ|Vn&gPu$nwd{N`Bn>IS5I(nFY>EhWM4si
z8(r@F@sDHfPA6B)^dREILG?G*``kU8FT^9e^=!bhn{IVJLEo|Pm6WjJeWtg@OTW;n
zmcR!Az(!g{?AvmN9NX<8BgOvkrcJofVg7d))<6N+3NiC2^u$clxMlHuC8N1-S!eYr
z&Z6f_E}<3Iwv27(Ha(n<%#3T->VagU$!26YgyP0Fw?PKZb3~g&TE;A{rdQ}qYRss>
zg`-PyF<2I9Q_fQ&!<@w7bHnLN@;=ZOLro&lK=2*!^lX8K)X?*abhG&2X}xiwg)rfZ
zu10&WQq&D{In@u_o=_$3@5G-Ufg(Log(7`$BP7uzwucrRxE!+;F?XOW3B0TV&q%Cj
z6As~FpH@8AZ5z<*YVUf!Iq{ojWN>JgMcwdjrSJCqhVcP)J$hg!$kq1BpUYwAe)gQj
zd|Rzk$PWkfb)`UATd6k;vX`?m3QpGVsC*nA^CCbME=1hxc(di-P@3i-7&*s6^QrIe
zN64&Ugv0ves?am@vdQ>WOPB8Z9-b0kyH1?Qo~;#XmH4IR&lE2QS{Y|dTe>|G$5Q0&
zKKtB@lB0<suFbX-C_7U}lBmY!$0lgib~<21nNi0<4qI@0aKbbHRX$<vij#cV>L%41
zJcE<f?K;c*F2QHl**k4|N-D8itpsj$!=az$b`Fi_(u#{pOd;`r=efj3dIAg)_q^Ct
z|LZ)TXc-U7Yd?Aq=%e4awej+|+uB+w#12FESZmpc_SLZc0`^74;yV%gu;&-fH(rY_
z+k)%d$7^aF2(t*6Aq;RJk9;h1O1Nf>(q}Ea_=A~!%Q-_iEI;Ed<UJ&P(4Mj{#F?oy
zCO2L!7N#LaPpHL|g=L>A)g?JHEjMA5=-d5c@w~;v&x}hzCb9GzT2|A2FQPIeg&Tv#
z$xG=4dJWI5`ok{V`@|0W5L#o&>sM>Kx}MP9)j@7S&lFl|Mc3%u<p+KZ5!DkA<f_az
z5Z(;@HCbzV6yDw=>wVfH(5v(#N>EL!S%j1E3^Hf?;6?(P)n`_>67dw2{oec1Q^&z8
zTD9p%G^En6#TLq+@I4{hThSMe>z!GbHm+SGUzKxhalN9kf>}`Q;iJSx86HK%gAEO#
zg8R^B*LfPNcRPF?U=cFbFQHVL@?8=(V7hwU>)g|A>B+NPhM@ezTtFR^?Ar;aQ@Jj}
z^URA<e6sYBDCvAQ?`H8!P#Bd@gMk0ntMERC1Qj;FZ{U6T7oi>&1Hp+UERu8}B0qOp
z`O+;_`Na~03g6Sq-JSxcqFRnzNSZbHg`?8vUudF-HqkDad)@iTnWc-`fb|qr4>xUF
zd_|(SY^Jy(1G^B}n#R3v-*<pm@}b8h?*0g1Fzb_&Dt?EP@}8mWDC(5wG_SDHC-R{s
zFtNO9+xW21cDJ_unY0p9q5CT~EYikrnH;#S&9YL@*3M;L4Lv2rFK9^t_`bKJ3vTHk
z4prTBXQII<RBJN=h=g51!hI8gjQkYH1SD`##>WA7$0*$~;!VT-%tA>{mo9uxE#8ud
zHdlvz2PrZ<mp$UCVr#Xv@CKEcTw%8|sy;@AYKS$#Kru+gRz=~($G;$XcNktV$sG?(
z0xB5g(cltTO?`vg>f1|68Y#QO{BKG_TDgF!sz}^)Zuv#9ZOLpSvTR>ES^Q?EqSx*o
zAqn>AU=qK_Y;L#%3%>6kS_UYsW6xV&w^7-Z1r)e)VH@r-vF66fD&&N=s*_DMOFJO;
z(L}#H&a3N#EWbkj60U1c0HC$`1Rg;)AP%C8mwnd8<K^i91ucf0^J`h>f9=Z)%>uZ$
z#lV)|xHnvYdm9N{pM0KTVDWq8M44I#e}!~ITi@Qm>W|<3jvygDbl?rh)0HyFKrQ$)
z#QT>RBQ@cJ6=WyoLOOPu-`BpsoTMQOh{`ODBs>2}(*4fNJq^&70N(MU?AV6)zgzG>
zjv+r;@df;oH?frk1q>U5DGx;)#1(;n?&a{tH^*cN8=7cAttawPUd*<FYKsK|Ugtlf
zANyR<b%b}T;WH&HjmC;6e2Aq9O+&kIFKC@BU58Vy$hgA?>*6-Tv+(zNbw;wP4R#ub
z;uxYflZ5N5zd48igC0jh9;zQXw_j*ajuL;T%a+=tJlPS59?HYCq$cJ~#fVF0^@)%F
zD)3@8tJY8QY<EgKth{GL-n;gl=rMh{=TvbttsG7*wfAzwo#Zyb2H8uEh3~DKR3wn|
zh0qj0dK2rDO6J`c{N;f|d(#q8ua@jO|A7ySq`nJ-t<xln`lMQuSzNhIq@*dg6Yei$
zjASVsx0iZbtf#THv8)wLUO7&k6!gfKzzwM`nM+^Pjzg~ZaQm`2vUD|n0#8bU>`Ate
z#5vPX)O9gR><por5VEOBjDW~0>xrr$`D(}9;L#!<;h5gwDL<)!A43!>%=%pgC!Yr?
zl;o~Ew~yo26y&ZiK{J53TA)X@rNqS7h?=*RS!s8l`Z*g#94X1m`)?<cyzk12^;)mh
z%Q3$3Jo>+pZ@`tgySqzxGSt4^xSQ|$QmFq%^Qw_$zFs&>yc#yxZ^_p>2Wg`5RV<^@
z6ZHdy*X$lv@Y)(*Vo-JXHNANe>mUiv)*(6v_&DlK{Jw1M8kbonZy5Y8Jx9`_*Z%>5
zJ5>M>I76B&5rws_%>=?n;*rWuS+Cqzkoas9OCKCxR%*dRWA1-<;TNav`CRzvQ(!}b
z0Bwg(7XZQWc09wq3MHo`L_0plES9VV63{WB&sqBmp5z*OD+11lVwxfmC8bJ7x)VTE
zDb5l?tn(|jk{(N=XD?3_s1XK|0iaZc$=j;5)z#INnc}jak^9!hR8)7rJiK4MHCTHl
z-#i|s)={(J>~^zvrWPvo?bYtL*QZdoI$tvx4G~_Ntdw(8I-j1mf(}}HQ0{&`HetPZ
zaLJ8ktHot;!os#s%hpIKOm>YtX1P!#GMIZoj8VLL6HuNBTl0FDU#2Hc5S*@yF#6;z
zyE{TSlBEk}!=Hz@0A$LxUWu%$Rp-M8bq<%In9WAFnf@{mUx-kxZ3iU5Pbw>ODUO;+
z>l05nbX(dHQSwb|Wi5X|p_8N$@9HT5(M`>>`_W;<Y&1ga?&*SL@B?+m7hiaOF1BD?
zo$X>mAzOhbTO94eU2;-(cC7b(eX^5%&Sj^5{*|Po|38p)w42lSa(mS{T2uXcun3J#
zuXEcM7Cy#`o$mAJ=zX-=A%4ivNnaZBbFQl6npVyqydF%GlD%S-EM!VVA?T#dHb-|c
zbfgxWycFRLg>+t4nr4Hhm>-Z4p@&3K1j3%TRsR?a1h^H6KVZ55F$o}RA-x`a_LyDl
z5fQr~N*gOeWdn$qp;&*LDOa)GUTPsHU|T~yO%OeTd0ZY`Q>|=Qt{dGlQ~S}g20|>$
zfbOi(Rs6T3i(u@}PE%k$>mS1j_bj}*(WY-saAEM?EIwaFV#5BUkeJK+x~yQF@pYt>
z%$C=mM&4<m?}m(PtqVJUzj$iW_h9H;31;ETO)Byf?37k_r@eT}wp;M#u~^VOA{4N8
z<&%1sRg?ioDA(QDFDf-uWtRlcm0DkMxVqZj&LAn02ysscxd(h|H{?ohm!o#^mYn05
z0m!*x8SJ_GQVwq}8#?c{ZMkf|LWZoEE$I^P<I85-vqKy6k-$Anpjd!FoZ-CUVXt4#
zY#YgHi7xt=ie5RE@{NKi-=QO3h_|A-y6~=Oo5ki#SOtAs4E%)(`<K^rt#ju&I`Do%
zmQK0LQc5x3`xe7>%_G|7+L&UUh{LE15#;6JbnIo-6uR$Tj2X-cEFFQ@xT{Ujld?lO
z&ogN!8&N;cLofk&U<Ys<c&}ka2>|T=3HfAY#xRg7i9Kjv7*QQ6xO(Dv>8B~_?!4W!
z7T7Wss0OST02Llv_&ly7E#?p>Fs@*v9iX8Ig9ZYO`;%B$d}|VW!UvN0quxJ?<Zc-^
zF!`|7lk>#4gPhauZg+Q2Cprb}ih%vTz6f_$FI6}SLeDcSW&I3chcYsl@-Fqw2mBrx
zp%$-m|GF|z`-eCN<BlkCz!qId4cX|F%1oZrqfZJp`re?YcXenzf8L-XPYYvw3-V6u
z{>d&y71ZhHb#AnjP9#RmVTeED!f_uXZ9}XFmzWOGH7e(Tj4?<bv&l-~K+uV^SjgQ4
z=7_?Ty-&PX#{q6ZcXL4htP^ITPKcl#$q-I@U#!<=?&A|=<55O7r4D$h=vQnoBdM>U
zeLFn`PeG6|zqfg1N8C6KGsf3I67ud~2k!@&W7No7*7KImwcH#?VBja<FeFIjQz(7|
z&XMvsI%C7u5HPLS+7<)}xYfBg3Q@Y__`W<AHtX7I(aaB}DZT}GWmlDJ46h^PBK+42
zRJ%3@^qw^_>edvh#Ne)nJW`~^zYb$iW8E1$+h1^dCeU)}3FH-S5wAaIpr~A6b=75n
zw$t}ngx2*(WJW<z=wJ;MbJi`s_cO}4FvjQ<%4ksdV3?Zef<yLF6R4JNs@_c67_)7&
zxFqus%XccIJj)cXhU@{J<FY)W><RG_KmM}SwfcZu3CwahGiW8+>qs%`V6;+N_&Dd-
z7G|VV`W)~1$%Rl1T}#pwKv^j!F=IBJA4p%b&-Gkuz+up!Hp3fr>N2=wi8l>uhPdaM
z+}MzqpUo!!LaQ~(TR7GJL{pNEqUR%P4{D#E4EB6)0QV%1@|G_QX%-~e&bRCip^`@N
zEz<*VrOF57ruyV0l=gzmL0U~)2}Ac_*UczF_lVyT`TEk#RuQuFglC8hkF>Fe96G*9
zwn$)D3&$Vgc_Wc)cxnQh{(RwZ{uGCAh1y~`{B@3V2+mWl1Cc_1gk*G@u;1f!?E3^;
zJnO(s^J7Z?9%IqEV|f^Ulq+C!ygv~Kj@uo1OGPY=&2xYHV+xfW)-2W@pUCz5n0q?Y
zX{&>RL&X=ndmKV`h*lq??H7SL(oJ=tn+XN4{SFur`EBfhFf>*K-a>)Q%zq%m0C+AH
zZ20N1q}g=M>+CmWsWbw$7%f)`<36T+O%69-u}K87#hX6>5U>JntJjQ!w_>lM*p(3c
z7h{;*>f&WSgmP-4LS@Ema+Su1VFhu^gT+$V$jNQmE`Q-o7jVTYUI~}-tl3tsLoL=T
z!HR23d2*m3#-N(1IWX+mCSFI38!m4DgZ0vM%Er;}v9DGC`;n|%2-C5s&yP}@>-@oO
zdO*ew<a?}{q&n@Sz%c&Pz50_1wP-nU{+8sy>6+~~xt)f;5{6Of`P^GTs_Wy8Repue
zcM=$)AFy{j&?e9Q)K$1nnV(x7EY=RRKSSt!mZ??*4E5J)3ObJHt2jdxq$-d5xFHa>
zd9d}i)VtzrmxhCM7^YwqGX3?|bfl!Cz>kY#*Lc?FF?@iE5*)+TW~v=CO6AK<i3s*J
zyrb_rNu+hWQTOIsSDFu;k?k5XfjG37zu3>Fo^3)P@f7M2i`Nkb+Rl`RAuO3HbZj%N
z1;==W0WVZj961e{t7vajX(zR9=3Z^TCcP4)qB}mgJI$&TS3BIyEp9T<8p)S~?v5@D
z56N%7C`j{21sU1IK^X`q65b+?AIp&X#<Lg4+HLv1&mJ$cAK8wR5DliF6%3<e)wb!_
z&Y%=I$4#6N2c*MH<Fn$v?a8t{Z|73-zB3h&Uy+hWraatR@cEVZHPY{h<F!kkE!U@b
zQcF+VRaR=BQ))L9%X|6ARY34kzzv9Q2AVnrY>j*{eUvVFrksvEVM9gZutwzt-RAT0
zVZg?sq9`4pOn5Ou%GPEmG~7@8*`9o|T>qis>d%f6_>H=4Hj>?9GwIYEOBk=^%n=%R
z1e#bii1TXUIE$CDO!AXXUjoYui<qIK+9#>X3?PU`%;L*mSe_3&VZLq7W-NAOY)iVx
z8?>{RaC0<f8k~t+yLGsu6^0(10-sWbDu|Vxr;%l<RYPoh+-iJwYKi4;D1G2RC-^me
zLBg=HWJCvtIQz4*Pai+Oxj~=BKdMmC%zG(KCa|HphN#%sohoBN?_29!p}O80k%ykf
zP8W+am6v3SUqh63(gfij27Iji7aL76lG}{%Tx@1=q>d=x9JZob#BMg+S`G;mKGY4N
z58NIZ8a^S@)WCbf9J-jFYtC1^Y#V4mgW|eUChUrwDix2ec#aw8NOxWFk#zh;s1ox`
z$qYz4G|xRojn#GwKG%#Ub+8-)^jnZzN5{?vCG?NB*y?SMS2K_~hhhL0Lew&HBrFRw
zXC)h9pghQ3BcObRgd`}a@Jv#>OLMF;k<>R;$E91aD+|4^!12xV5&Fo8xI5gMZ3H{;
z8;t3O%1WZzPvN9oYlaP1`_iF>bW}qiU(O#|c8Qozfd(7`UhEIZc&!+xS0_B*h;GTl
zLDqsSRBS%fGqt92oC2Rth*WO6=NnrJUlp8}Y6yJGAF;A#7^~u=g9_4Q;e(knHbiW`
zU5M;1XWT>q#DDc!T=at|GV~GMAMPF=bJ_)o-sM)}pdBql`6kexgQ@xK_92eowc2bx
z)$&!;D!KXcwgS}n(sj8M20EsUS=NE{O>i!Vg(qfNIMK^3Jc#LFX{=P@0x_MPaeg54
z)gLuVqE#*OdkPXO^9BO8p1|4$V@d#*7})r7ZA#;rQ4Lea1sf7C25fc)g%x&YqWV6s
znf<C>$e_A13UYA*MA;u4W~{wM09)PY;=2GesFp5<<_9y^D4}D5tOoD+7WR{bQ+8(F
zT$jB~xaBqx{IUj7l;V<ud@n??(?^jMzUQ#W#0V)hE=Rnm?>1+D{Tjw)Q^L+%q!DMF
z4=9y~fzc@lhW{tHDK0k>0deMed3_WM@(Sp7m5D_xd0lif?Z>b-GF#1t8K_5_M|^St
zA8!B7ZCY0;D(o3qCr0jub?TK{F;U5IX|@%A5GDaDv~uMuA{QYlKrKYR`gI0oXPO1W
z3RT+cuj^n6TvbguNxl~8k_EgLOW*_M|2?;P^ToB4`=Pep>BsD(HW3;6*4Q>O@!#UG
znR2&or-hl@26U#Fs*G##UL!|hrCB$wY+juK1~1Wus*;!<;HI7y`OP?4jx7(KtlkCJ
zIwdoS=NC=+zU)YXIBcC*>-v^m%5L(rWP!Y^_q*hw3fR{Jm8Op=W|}jb+%--oD$WjZ
z#o6^0br=lZ7|_VA%F{O+cnri=-(XOrt!e}PjN{dq1LrkL;HQ~jxl85*FmoK}Mgi_}
z-^Z+SM~Y8=<B;d{cvWo?Yj>X?y<^Mt*i^_yvV8e6N~Cx;Wm5;yy7v76k2j<B@!XxY
zd$%@N1hB!7)h@XJ-&hu%s&^#RhvE(oZh^)nBJP2_@6zmPOZVUMMw6><Z~CLx=dD#4
zeW#eMIs?Nzcair&_3!-cg}bwZS+TyZDR;)0$~m&Rsxk&ne^!v;xqS7RF($Ju#e{s*
z@(FIJ($|i@c~<OqRu;+H-teWyhuh-O>kY&47DHRZ={P{u7v6L$(=dRz?-=!yu2v*S
z64;<c=fB{3S7X+Jd&DDzHPfqGBg>iAI(J!Pk%4}sGKS*5oh#QlidnR`Aj}K5IH@1$
zh0n`h6*%f6>vPbfS_nIG$XWX<?{~g`@!=Y4;_AFIS3KCW*7lyMPmP<P{(j!yu~5QB
zyA-bIhhRuw481)_O@%wD2HgN8l${u52-Ldr+0Ad9U%6Q#)(^I_lBpzl&3D1Km}k~9
ziSYw<Lt>zQxBCiU1#8BWlB9QFO!MVWPrMu6R-{1UltKF!9wJ$a2AdbBnQbG-U0<dV
zBaoW-;o3`5dobuGN;C8PVsb6bp33tEs75N6Vu6E0qZ(+%$*_AJpp%`4Tb<+;*zKEU
zmMiT6($gP@;cuAF=bA>(<;fkRGKHN0=wYgDH$m;Hkd;dlnycf-tWjD&1WCZxED^UR
zeH641_E72&+k;#TdgPOn>brMtUzv*njX9p@$7p%-UG!q5i8DcINZ}#B4ct2m^Jzf5
zQoDt}9e9w$-~ymfClX-vwYpytvy|W<ImH1n(d#2l0r?L)>c@Ew>rcGVsG=x7?1hu-
zTT)R42Y2pgFVK+Azs*xBz?mklzemj8F>XHK4?m$R*y2EG+>Rm>ul_dS`E#zpd^j5!
zbyPl~P5wZn_*xwUu{jgx&-x<vF~?O*@fbj%V!2Z1LQ_{Ol6tilL*GtD6|eEBMIEtR
z0^Odn<?*OWLSqeYG@IV5+9kyklZHR+eWv5oa!FIFc>Phd7HtNO>Ht1~KL~+FPZ^~i
zCqi;AL9mDoHS0pbYRK5tD>CXsse$1w2OmCB^2`*`9wH+fkN!g{VMi$v9}h&!MK*15
z%ve<T8XMSJ|K#;EU|E&+us*h(DkVKVoaqJ8#RmD-w2TbD^y(fI@X%~hJ&bXg^S_-Y
zfR$(}Mrgz>_nlPeiR)fsF{IVm;R)Z5w!j<unu#qEvS5)AnB2XkrY2UsFUR2%M6<9s
z?j?4bDNgHc&sEd(^o4KPxsra$rjoUlXx2u>CUE3-OTbUlMhcaGQ+8>w5TXmc&N0@S
z{~j5x7E{d8sMhO)qeL{^TlTP5s^FDqx9C+Iw-?U#LQ_HVssUtxt05Sj>)XzZnt;_A
zE@<;1={9VvL|jkA542gZW<8aq?R`Ze5zOqhniv)6_|%(7Tx23Ka6?Kx?8of!!;e%3
z)#tC7LeCh_f?T@BE=+A{yn&)biK^d<)5B`>%s4_#(WqIv&>Yx?P16<fT^~6m*n?1G
z`PB^F@u4IK;_k_G#-a#1Jk3??`D;Fw;e%z#fiMs_D1%TXtW7sH*2WdRCRBM>5xk<T
zy+<^ZgV+lUs4I(2uigP7WS$15J6f|CIwfxdELt)gEe0x*3YsPgJo}UQIn1Qi&CGa$
z(9N8-4q%%ejqAS>l!%jUzr`C^9M)D>2yRdB!|N-~|HPKAxf-wL?}LAZm10XRF2AHE
z_;^}u^5cs)Zt_ov4Nfix^OiU~^`;Dta0lB(D9oGJ*yogFkhaS1s#P>wKzH*iHV=WY
z8XQz<(5&aW^IhqFLv3d@6%Y(Aijyd&q%KfhG_aZfUZOIP*dVuVSQ+)kr$)?|kWKS~
z>N41sD23_IaCRhKG<x4*vv6nSdy4r70YL0kO3C2uvjq{h_I=z<+cs?a_JG?hKkpqL
zol>m`0)tU)=@p{l&IvwA)T`FFwq3dY(?`l#P)giLEfs7h$={L-)b#k&ftrsWkG%1a
z|6r~>WN!1ll*w!`USk&J`PD#0kv;*tFfdx7TSf)rffx7xtl(}BlU$h#PUHw~W~Kj!
zAoo*bncG}?cPIbv*^Ix$$5&)%0g#rs?5n=vU*h7w|A9JPJF1xst9RT#l$;y#pxE_X
zp_LpfTS*EbBYH$Wj3<al|4@EFMSkzt@%W4J5}pJT0_e{kXvxQ+^ad02!6TEVk=o2Q
z;r<lO3GKBc&4JxwCwjLV1~+*5TC(Q&@sT`6%8^G@q`O`9jE^Eymabs9h##pax3p(X
zDEUL^oi&qnyI5}g<tHfM-v?-f!u}W-|FiH@u5qVs@@O1zACNsnsaMM)7MpYOl3uUB
z>e!D9a4=cYb*%WRWS?Vqf*#!?%n&S$0i@4vd4U{gQ-x%mNTUvm#o@SkwkFUvfY$Fj
zoiY2N==}ozeR-$l7;;(2q3DV8dv6l-Fbu21xa1yT;pVm*w^_sq__O&uZX`h$z42dI
z+o*q8+kaWxe_7jqS=)bE+uN#?e_7jqS=)bE+kaWxe_7jqS=)bE+kaWxe_7jqS=)bE
z+kaWxe_7jqS=;}FEB~KaTTSAC!4xh@&qb|d%Kr|1j)X|W+GnEUlHG-#Y^uaw!=*#0
zjrQt*;`x@xYT{yIk0LV!Ful(AL*$|!38rdS1ykL0T#wedDv=185Kstu4uXgpy{FUM
zO-9t%T16t~8!d^{7!O|%v4dN%jE#+LI%4<5l14<X0H&|~Q=48_)iT0=&iO~GTC~=G
z<HQn460yimx4Mo%66Ae&c+Cgc1B}n*B-BbfAts)JRpx>08A2%7@x2jQNH6N`>%Vc+
zgY$l)U5iR%y**)h?&BJvuQ#6O7zic{I}3U9Ldl=k8|TI_j_}?G#&GcNccsV5zvwgm
z5?NS*K9J{<_+&>VClahnDcn?cC*Jp(og>hV{k8khGL`4WHhQ2TC7>JegwR4$E)o#O
zRPbnSuIgOxtwZ%-ipIb(s<!xsg%?GoRBsmv$RPz#Hapy+sFj63{)VDTVu;p27zj6>
z$B&eTE6Q+nMfImMIa|12oiY{67ZA4r{q5513V&j{_rhBV7)3-VV4&IrcEYG(puoaA
zK4<zw20r{l&2jF}aQiKF9S|=s;pktgH_BzM*p(b5M$plkDuTvt_@$IsW=#Cln346$
z`U43yF$d^b=~hH<O7-d?PEb|8QrGa3S2nmJGn&IsOu!G0(#-8m*ZuWt=gJI*RKfXv
zJNXRKauYGi2@&hNh%~-15v!-7S6#T-jo^oU@tnEInBYHT6MNo%icTYB(e@uZj6!*R
znEvtE{}4><)rVflMIyC*#qPQJlk=SXOfU@L*KDn5y}aMqMQb!ZY5h^8)!b(_PJ?#!
zT1LDRKr*{U%V51eLS*BsNIYWfkI48-aUBbNK06%aUz$T-e}RxPWs&-_rCxXR8B6!H
zb1EgWes)737i#8nnGK{8K3TCtd}2c$1q2I6o4oiLLqTLbN)+yJ5$}r|T!+(HM-8~L
zfI}v9$n2=k$b*Mz7+^I^t5i~-ez%53#79A9JX=qJ5w__XU%vZ$fIsgkN+^+kbCpMj
zzpszIFTGOyXChI#^PlRi2KvXjwXqfkt<4_KP94&B@&Q#W`cUGKRNmsQ_r}uHPuPk0
zR#s*T9E|(cQb@(%Mg*5_<1Yq(mm|ExW5ulTvEltflO?XzLNQvpfCoMi?D8S3-iu?h
zR9EJ5j7rqcRw5&AZ{~HoAjRUlpdbd!qTVPPs~)vjqqT@pxtycrOi>5OskP(QT8|P?
zp{!sVBmO_JMMCE1>bIb6#wIYmZn;(f^OFHEKVN2TMqCf4t;AQ>(|-D3u+@A6-ej=`
zw)t|{E)?^K$oJ`SH|Yye%RFz3%guo_T*!~1dwQ=I-}T0*Wn(6u?AF=>I<we5o@Wnw
za=r4fkGXNS0jiPhmTF89!wy};pm91Dp!J1KS~qw@v9!w!FhdF1m=Bcv2K#`4c#b3)
z!ew{$VuSuv6Z-X*Qs?8TXGr>P4e{Icd-88QGLXzw-!L&TdCcc%Z{||7ZcAs4w6nZL
z$Y{{;pyuf0p*8!hFks<_ux@d2#21Rz-Z|q`oy_;#Hc-bWjnWHzM;qU?+-+yQ1iVNv
z$Q`0NEx*=}HcDe8i@H71ZVwP{Y&;?EoNJeGRQ;Pipp9x6pbr>U5r441AStj7zRz2%
z7YIn(8fmrb0;Rx>>gFw^!|4;Ho)xWdshioh*Hk1|(?;8)<z*Hg2@vPtHeF~uWb}(=
zmbf*p{6WOy!_G5uexntC_|X%bXzOUUp-x5PpHU-W%X)E7q$>`V9P1kHh2PkTGz)J~
zT0O6bWE^HN?Zuq39d|kEPetogPe>KJ)b55Xw+HYRg=?i1Y+~H%_i?;En<s_l_t|Xb
zZfP7sW5=JywZ)@T{XMxQp-6jc(@?eSg<WfzSc<9?4>pRlMxR;w<PqrZ%kOqzCjV%O
ze(?NQ4hhz{TR|tuk9OyM2dBsAN})UFfE|daX07?vlw#V^+3sZUoV#VOUsHR9g6Z?8
zmPF~dLVR!Z{&zxrVsCf9@Ql(hV3YZHW0ic>I&lbY1A&GY>qo$f>jz6s00=j8OQS7#
zKt$345<3MwT?pIm8W2-G!h2lh2cyHcjH5y=GKeeDsYVa?b|bNQMu0yvo;8SW(VqX=
zVpER=z@o$YjrjZ&aKyO&mJAGtmj#Svy1z}yIMM(mTI4g=-RX=kNITjSKR?IPuFE8;
z4{0B8<<%1;X_xC&ykxkLs?`arEcfGk9T0te;dt+p?r4J~YGJUgM3dV-)=SUxXQryh
z*;}vU3gd_meiZ1Io<1UqfF>tfqUU@xW#fjKvG(I_vHG=$;N!1#NY~X@Bqb%85ah%1
z{Vxv1qg9W)K5R-$e7#Rvc9AaXNGN`FB%L_-jov6NZrED)GK@3Jq*~2i@PxR1&N*PT
zP*Qq(qPpoh$LpHKKQ6K`0ni!Aw{N#9<Nu{nx20)tMD_PHW%S@}ZGfjabBN6#82&o^
zE+0|7B@HSlQh@B?#JmQZT%f*}+xj${BTG^}|0rwSqJqt&+2!_1PS;uzGDZ;hCsn-a
zH?8L0kB=4wbH0{sa;S0VXDZq3qd~UnnbvN}CfBoKowAFPY-0{5NlCZTi|}-Tfvj;|
z7Aoix0258FaDPOuCDER!(5im2q`DRlQN!>1MsBm|OfR1QF@Z@3%L?c$Hf6h-WIiAh
zog~ya0&3PItvMj|Xsua`%Zj<8A2_SHx*$}*mhAG1O$;=g|2gt^8Kp%P;GrsW9GfXT
zKPWe7M6sQ*e^B2%%KUol*}CMMwgu9r<4afHvt3@!BYX7<cGiE8fpfW)fgASi?E+Yz
z4q>@ptdDh5#!6GiM-oqXIb+Eq@oJA~$ETX>2XH67${_W-#YKoFXNFOv!^>}4Ce!KX
z3a#&4Wv5%e*)O%eq!@y6c4m$1u}~E?QVDu0#~%(jnyxaHgBb!%Miz<^MwVb!D&E@K
z1Z1SPcWZFncQomHoRAt}=3~Wfb6n=smLHFsLN^B_3vl+2yHrK&<|(LgcOlL|(Re~-
z?iq{E?6_jw&0k8bfE+^m3C*pNa?wWXcy5yl>6`r}OG;`bn=%3k-&YSMH{XsYLDVr(
zI0fFnPbk71=!!@?BJ>t<qQhY&liUnVoE!V4wzge&SN6qS*PY1@p`$MjtN5%h>+U~#
zQZ6}tlC-rs*hrT~ByKsL(3^8MTfOCj8;E{if>sCKxd#ghGs!qh0;|2PaAcw9+K>^~
z)X5atf6?F%m(3uB#{*=?tqK`y{57vV4J%(3wg?8H!vm7ILM+weT1degJT~rW8T9pM
z6#Cwd((6&W(7~fzQb$ejr?V@UM<JVe^moRdf3<4<B-$j?az^EU?R!BC4{-#RlqA+~
zW5xR1+shSEwWm6xvAj3(DqdUVqHB!~y1p$CjZeU8^2ks6jHQG{?i!bcMC?!f#$R{u
z6?JsE_9of<m*H1^lY|Pfge!mOn#tbknmG>M>Y7Qe%L5vk%CQ-lezA9pj${uE8mVu2
z4@@kl0Z%73xU54=&qfF?6;{}WY^V6)(}RtqM>9s(1m^)pi@8Er;zoJTlBW0g>AAMJ
z{^q*Ti3ey4OQ`y~7@++9jr}FlC9iac)go#l_8IHF|90Dd727cYRfuz#Run;h_e*}I
z{l^~xQa}YQLgpX-K1qHpr0tlub$KXca{qNRemRphazI6&b%m-v%|8su;Vn=LnBo6b
z;~&mSy^jY}5zd!rCBFZM0i{#7qna^fI}-fES>?TMy8@i=#?zbpA^QC17ySRaOzJ>`
zymUclDL4vrv)*o4`d}%r848(Oj01lbKUqER7zt@si_UUJwBMj!;4X^yUEhHU-u}Y@
z_)XyNhXRGKLzIX)q`bY~Hh&8kLTY?5!+!K*57i!}k3$#Uh~@d_@JXAw^DulcWC25*
ziZA2s&$rhY2UHDyD{#qa`q^}+-_Jkmf>m|z_JD&WVzm0TUxUY9VrdU@9*a(6uxp<I
zl4VpFF^k1R317!O-3OPK1hLCif|h<iy7mLJaMM&J-*o&oOa}z@9=@GwBXItJ+b^;c
zLYqUo9d<*tpMcXT3E<%OgVL9f=Dvn-{CSW6@=%&3?##;1+|!<8W&Vd*SNL!Rxk`xq
z{GVnH@q1u$fV2B8H2&^p{F-wT8Nk7*xzB&<c>bE>zqM_U0G>Y#MTak}|L<n~*8q2c
zgQdg4KL0S<6*QV#FsHCeU;8gt@H_XS&Hzj~SH7QJ|8P={+qMjC5(z^e|Kc93Aoepn
zyd(6;di|;%e0&yUqrik|QdVY@_Ppf1RgWe*rBGs}ik7{#t&0^%CtqHAA(@?<GDDZ#
zIR2B1H0jHqvfYW1x@7qHG4Imshn-)2U)cN7_&RZ*7b2WB(sHQ({Um+Md*o)TaZ7OI
zF)}_i@CjJM9F<_t#C{>~f9JnGuO6cq=4X^dMd5n;_>?VS-HUm1Zf7mCIC|*i<<(W7
zNpEJ@;2=GcE3jEna8{;WNdtkLL}!83)4!B5{C4s`f7atQbV@uDf5mDu1DQc3ARsUr
zX}y_+XJz#D^^LklMfecpJ|cakWi%SSD&X@Yyv)1W@{@Av`&DUlQ=?1uyicE&TqatG
z_V%>qFjNA`*4;JnhqJ^F<Be-=rXC;;1xl~BO`pkdxLx6}DE!xTv}fEYcc}Eu)>C_T
zei%~zQi!%@IWYO;C#&82>pLx;E;H-p`b{`~z7T7>rSmeKC@jLoq7he)fvzqgFfQ)M
zp5aUtqdVI)e}lrq()XaZ%dY#HrJ+In!X2?`VcuuPG=E;>Z}-zyas>-jAARUcbdawx
zuBrb#{ms$(bD(AwFvO-cVg;)7>rID#?H{syxu!;D>J=*w-(TCwoH4O~cnq3y*ku1f
zuLlX+`B)+vufb8?9V;R#nz3vADeJ%vqN98B%+8~igGJn}tYWZZU|`^@et*6~N=nMz
zoh9Od<xt1@p@|9Uij0Y`9~F%m_XeJ!&`JF5L;u(zD6H0};M95Na-r$aI%(|+`HVW)
zJYas#IiY)-5;6O{<@%>yi_mboLQiON!Ym1*@qq6#N0Q``7zy&(uGAaMhxiYVugG5;
zUu3p?d3k?E|9^FL<<U@ZZ@5Xe&?X`zQCVUl%ZEWimTbk0G#HJ{mxM1rGYn&_k*wK^
zG1>RAWf^1ZQ!{1FHeqI>tQkvoWBpD4^||N$<K92+J?EbHKJWXSd+z&OE1jqdQVi?6
zxXtdK9`dM_27H9s*T^t$QDFFQ@aTUSlpEbDb0Dgq=66phLhEi0$%9W3ouz(gctpI$
z#;pWw&W9+o<yP<a^LE8zOvPw~>80VZDu>Z!i5-{)Rs~|Z#jWA-@`antmohg&KY3|Q
z<z*h>mO9%56r$VjC>A?ZJ8E;qqOJ0M7!td<%lZp7-;mnME^hQI!X`elfKO28nlKDV
ztvtdI6qi82AsxNVjypM4^OH~u)TuP-ne5PA%OT<v0k>q_qIIQm1-JQYpZlPHVMRz}
zn5S1~FIlOzVO&TYJfZUH2yeol7Ca#FDBxP{uKOGu0TFh{AXA-g;4!!GcY8WI$c6Zi
zrNI!P+6+_}*ZMjiBN^&}vOKY$&7ZnnqVv{C$FQ}I2hedOO%*eHYHfibxU;cj+(lc0
zGwZc~-)%9jzz{1QK&{V%D;1nUK|wOOT~YfH%~OtvgO*$QcZ6d^)D1VU5A-_CkLy27
z-%OjaHtl})5vqW+L9Yn{@<qp-&PfNUu|A6+R+ErUM9^_Xs4C@sc>C5&q-6G-M}0PW
z6=BkALSa7%uR0jlFJJ7-rTEy-#ngP_WU+<=#xKT6>V-he$P560Jh--M?>gMEG~wXS
z6(`%ik+r>EWiC4COD)c&iE(qfeO*9#JWv?Xwzjr@5jA&GjJFJt_rwg(*8OM3XCe`Y
z0RoU3_u(F?F9F_;^*iRvKwkBa2!DL9RM(;07vuOaX>(^YkX>(bPWjoKPi;V2yg&y}
zoKv+3$Ihnl;EE7i*H+x2$?q=d+cu;)X0;;)5{gyh^L&}q@s9u`B06u%i|`>k{1`4x
zLf`cAs|uJZ%YS)_Q$+Xz0TtbTeTRikS7%wx(yPK2T?_D1{{J@UIR|Uy2F_X^y@b%s
z4NE5)v?j)R&3@l%db4Y$(%L6&+-5*j13qZvm!y#0)*&T&T1`W7m4^Fq=pBi7#CkP<
z)Jgr_X<#L`o!nWFP{=>2kxU7J3Fv{&3j5nb1;Ae&(ZVn6{;hnKYa7nQ#N3;(c>ULf
zJ<0jfW{H>+L75<d18wvf7fKBInCnIE(y_Gf`3V^rkxe-@-NJmme~EQ%$^02#LZG-{
z8xH%oFLvCsy{&YT-jwu6d6BPHxtrS$wbB}CcJ@YcPLibU>P>Cb<9J!{0Kr3S3ac%I
zOi}j0%L^_13amkj-D*S{nXjpcTaybjed8SKPyASPJj2>hiSC41lW1f$3wzCxCmNc3
zKfDz`o9h`Ah)@!LP%G+<wosAS%MxQ>+LzI4tdvJseE~7Il$LEosf8NLU^1uNcEcQ}
zT}JvqO4e>+&*9Il_hgWshFalu%VS-NO-w*#Om}J%gW7V?2Jo?&$#{Jz-I%mxu{Wm)
zCE9HA3WROhX5ciHM(IN;&7krh>P4&MXG|(BK9^onvrZVN&t!q&e5dyi{3j$VZ>Cw|
zl;MvXbiJ-g=<Z+y?+x^Sskid-Ss3Ik9}@lkOF!(Cx{qwvBuxEnbg0O__w$szTS&;z
zr%potYiz{uQqb0E#Wxz137bOr*Tv>7RvN6M9Og#WSo;Ulm;rO6+W9Q6)p32So_rt<
zR`4CM;fzj7cE3tX{F?!&J4sGS-Jmh(Xf(uNl-5b2PuTn!BiQ}6Zi}|!kZaExCg%%E
zld~Q+w?cYO73O79E3#~F=j5HoViO#-c4R#JtF`49X;sgdzxGQ``m7pcb1c9HJn3*u
z2jvcNP6@p(!~n`(=RvFh1#Kg4Ik!g?Y>UD#7uhi(ii4t)Bk7Ww=O(UN$kk)n=x6&#
zE~J<KzTz5Fp;6}YUU-DS`SJZ7E$4x0V6A`k2K=#Dt6Y0ID{iz_V#wECeUa8u4_2TB
zD29b0bv0RbP@H{1l=noCK29P{HNYwF#3ckZa^X-i(a-}Fa(SB;G`q}Ln&Uydy&yFX
zyk`srSZMk4MLRqbIp-${hZwpHoP*6N<Xo5^;LB*;=5nVJz<?^H;)`ZDa9aVt>Jz_s
zRAHSYaHZmZ$vaO0sD%-M)+a-!hl^h6)?|8Xan2-X)GDwd`aFOYs%XvCrv><Ckn$1j
zcOH=;9NSXxZQCwbLy^OF3JMe87}G@BN^uQ*elTZ6on8G{^LMu)Wn%$+lW=frk-G2S
z2`N+Z9?;87FUn1d)B~Bo+LKG@TdnkJBT}D+r+7FyB&5jcEa=Xqhn>yz=g&D`9AIv2
zEb6^&KAs8;6rfmUe(CFXU4&uwYD3!AewOB>a-ZcqP$8Lh*^0n^Q>j0!!Hvh^;l=3A
zlJ9kMPg1LGWJA&;iWM@*rNQ7cWoCrQ*Mh7|h}(v;?e%;QRBIL&ad)gJ#gjG(pQv{g
zzO^;<xePXU<i5hEMM@5>gQ{z;g(S(iBAjmCe;g!He80muPP~20uDqXImF)OA4P_^1
z$B8(z`GmM_yrR<5kN_PV76vOtVI#6wMug_*+#H{GQ<Yx;bMmDYQ~eb(6Qnozcf@Fz
zJ=KmpR^uf(-E=BSbfA!V5#bGihSmjEZr9)ViGE4imxvL~4SgJ&=xGA-wiWxt{t1XO
zI~M;1xpKL$a!T6s7qrfU!Ut@QNt@QK;0QFW1V(=h<%||C9s7Kjan*_lgC=97MVTqk
zcTV@b8XUE!V|6i!{{;vA%`th^r+wsFAX1e0DX__RkdS}W*>z%mq(*)7!ReWwKeI!9
zhQNdoxrRJ`amr+FD2DZQ%{cCORtjn()1^j<l(_WHKu*4UO(CjiW!CQ7as{Ve4J!(Y
zR7B=OjD#>2p@=9cW{*!m?D?V}%xG9rk_Ui9m%~>diank>NA0?AwyaxwlMkJ8_E19w
z;C_Ex49zu&J4}(;%g}EIb5)C7ym#!s?BF-@W39#y_NzCF{P)J3kFcAmk)<KwmUHO;
E0aO9$ApigX

literal 0
HcmV?d00001

diff --git a/scripts/automation/Radius/images/mainMenu.png b/scripts/automation/Radius/images/mainMenu.png
index 956dc0e58185af7d4e59e1757770a0c5df867697..4d5e43a275a9fcd987d1f67ab458c538c15c1641 100644
GIT binary patch
literal 75877
zcmeFZ2U}B17dDK50wU4`1ZgTrCra<3iuB%vi1Zqz*MuShB1NjyNUs4QRH;gn-g{Mg
z??OTn-spMGd7k$@zu>#Bk83BH*|TS6&ziN@thv{{iPY9qCcDXS6AurMOy!xPE*>61
zA0FPdMB*E`Gx)Wi^Kcmx2L%Of6$J%WZ8xy3gR>1D9_I&_xF>4u+IPaVs&zl;az}*f
zZw|}lz00G?d}As{7(UEhWOmG;cV7brp!9U7?r5cWb;u!B9GV*{#(4*G-SZXoyHCQ4
zLXM_q-_{_EgN+BTg0mue8|bfT*D&fl&(MOy!Ff4aadEQ1w;%LV2TtBqsnZ4w?K@8P
zXm|pD9P~<c$KD2mw^PauC12h91%eupC3>ch1QascJr@fSdRn$CF~1@G^S)emL~Ni4
zzRZyc=|$O|2^VcdMI?1uPI4qmgrI4-tH-N}c}oyI`t-?yDc{I@Jq{gtS^?U}Q4Z=O
zF4*(+*+qQE<>~M?+FSa|tYK1IjE_8ivKznnsQA{nz(v3f8x39JA9uX@_(Tpg5XPWJ
zKu7lCF}<Thbk2J`Bk$)l+e1qEwjGQ8z1O-4htIct0lBiLjP@i${_fHho;OcrM(6gl
z#>HNO12+3+aI!YEF;=nF(7@xyrHS#bg*)I8;!@Xe9|qh9H!bmR@rZE0RJf1gC;Y!l
z3Hm+}{GGm*`1?XRJp~mN+^?RMn~jaDyFJ+Bex<l0uBk}}ePa(}4Rr}CunWJXHTb0s
zzmLnS-&OFWd?av57aI>tRv#B<S9b{?=?8zVkieyXp9VZ&{d0+jlk@{)4Q*Bhu$v95
z2>)aL#}8y~va+&Dxmnvv=qf(_Pjy^Q`hmTN$14c{z}wrK-&>F$>}CgeA}%ftcq{-A
z5a7dI!RPMl>S5`_=j#6OuSWiEN72UJ%FW@GhXdG^^>@3LFTtK3(hnZ|?&zPtzwXn<
z$Kk&{xw`*nShxWKewP5A@IMCp(>AWE)bFzr+73Q8&L)ZuE;#Yv`j8QNEF|^k`hS)D
zx5xjfY5d=s;-XLfx90zp{J%8~+-=+xz%IBhJ!JknGykdlzlHy)C<XXE^8b;<Ut<1q
z7AI$!n^J&(=1k`1{^+ZCJUm%E6-7CHpKH6BL;-guXv4`>g6^=AG@s*TpD+4TQ*04G
z&`{E+@b^b`d_xQq>d5Ke`S3_dHjcj;S4^6nBD5&(E!by0!<CNDh6F)oGBf8|{p~&q
zZp^!n-QhR?!F)dmkNDq*7>SQ~>?=Hc)_)(Lh-Hnt6!ET6{Oh2@m*H<cq9&BZ`+eLZ
zxj><GWo3gNVi%=vHU`W*c6q7j<D35jB``dYF3S06{YM3ZKq)Zri^m-rCZ&;)Cy^rt
ziI$;l?O9Nfv^Q*jb<On=@6FmBsrpR@;vm^$w&4;bL2giO8RCfOHdBs+Al3t`xgFZp
zCc8aaNsz=(ui65Ec%Uy{rwIh!V3P3oh?2UzCB2Z3K#;gddK8e-0VJRtzvSR)!dp;S
zfO<tUh97Q$n5@3ook8dUU179?=Jm2pljVh&%X7V3q`!_xo}StDCPvZ@W-28VY8H-I
zb#)bP`fNP82lJsT>D%1dP-B;WH}b)%dvmtN>C4@dcBzIF?F!}v{hYbFgW;nD4*Qh?
zK98TPDktxmJ7ji|8**dL9MJ&K91ZLJKVp~7p$z(*Vb7^U@jJ_QJ2;+QzSt7ux4N>T
zux0Gu@Oo@L{1I<do4D)gv)&{@qA*Z{{8WW`p&?(|Sf`q$sxj967vn_M?Y&vu%-NcV
z(L9w5&3lPI_tuR0R%tF>;?y$-)7VLCTxUY|J3EH==IVN2!pnjF(h5Z6EZHqX<ewrU
zh!MN4EAO{kyT5rWTC*vgEVbV<TuHd=Lc(W}(G|m}3A=R}f=z2}^ZGD@urolP(dXpm
z*sp#BJIwZX_|BYs-hj0LB0U*FEs+Mm-fMsK;<FZ>Q}P}{UiG(<_;3=o+?5GosIk}J
zo2!X63bf#Dd)H7x2nK`MUp4Z4ht+hIXPa$ks%l$QIg8i0p5O7@Ke|O0;7PnUi%@2l
zc3<apnXZqFsj8jf_3`&F{xUH7u~X%;lTbqD$N83E@#|8Nad4ZOM{rHweWjavXO0Fd
zci10|A3ylUX*>bNpgc>a>gl5~Sfbnq>O*Qv0`}{>1zamnO`~IFJY|Dgv4wM1sXY7Z
z!E+rVTG)#dHpk(ne5%^9SICN{3w)b_w6)-Q!#($@^6)2DyB0vhy%h0BQ!My@&E7FP
z-hkUNlVmj`p)4y6)x~P=)$rMl=;jHaRkxX(i&h@oD)F&P<KlyWHSwpf1RyrwXXjRO
zK6@xK{Q`A|-sJ-=1rxRULs;kO*_BM8hr<}RT&4P!u7@~pMhkLZ()9DI4}PD)b6?my
z6_v+~9x97#q=<qS9n(F!ZqeI+UzXFa@X|=y*hQY4u0`ln+eGEwLi~!N$dWb_K^-=G
zPv2_3Wo{FEx>`I|yEDmgXW*cGq0!;!IB6WNN7S3n5&O<{h~a2ZtEMo(_arWF#(Nnr
zP;lRW_KQp7ySfq(;qC{}t%ra~lo~~WpxuCB_p#*!kn-D-A4b?wyCQ}m+^o)ZWY?F}
zeq7Wl!{#ni#IlXB%xDWFFe`u3nT(=i{ge)1kpqU_t>`l1IZsNl$a|^uZn$^CsmQ-D
zCXvryMB>#lYc$%6k&NMSP)G>A!6+T<Kr3@r(qcN`bjHr(qwuL$JCjH|E!=|=qBD};
zt~Z`zBA9kMXDxitKWirf+#7chx$2<G0aaL>t^itxkCUz>qVA!75G6|5X`%vWJ^Xyz
zP70=CX_kh<u_@7fqldzG6l$Cd3+-#&?gEeOP-o{{`T|0Uiwwt(IftGi%tU_~9TnB(
zYnI5Za`PgSu`XAh=*V{k`8<ZYD^JNN4&LHjynrmD+Av>tvD4mdvhUPC&A8e}QhBgT
z&HEDF{8@v@&SvLSTkmJvu}9brs7iVtWTSmgxCOUdB)zns{dh2*bp0viuIe4Y)30)J
zZ1S@uH9JL5lX_3TN`gn$;dA<_5BejQ?=nL=O~N^d4w{Z6ChX)6cN<PTxOm_9CUUFf
z8rSbmH*>%wm2LM@{NCR3OXW@kD2K-|X8Vtv>qE4*rwVEIT(a?z6UEd`5W^5+^}1<A
ze=1UdTz|IQf`pLmh0%C}9YDhOIMD`k{J`?EeBsXbvbh=u4gd2!qcuksL(ERU)7Nxi
z*JtUq&X$9coY0m4{mSR`e2rV)v?79a3@}lUf0C()lWO4%{tMw)@IspK_{IL3=UjJ;
zc-gg^w4AauJc&k7yTPn{BswS00&ePYKFEaf9$?`9-fvAGRHn1^H85$pXVxZ=!?5ha
zh@=ns5@cvxGvo|;mlS01I34<6H~h_EP1_`O+UMt=UtDt>|J34FnV4E}zjUX&1k))m
zpJ>zNX|aO=R8&@2)No680{{gGdQ?)W5mg7>kln>q=k67q6!Zn;1*8KcBkV8ZFKbLY
zRDiobX71-#dhw!pmMQHN<TB-Y3Yac*+gb2sC=#PHIV$u1uxF#aXiQH_=hDk%v-t|0
zV!?2TKT&4Lt~oJ87La<o@{ska0fPQ|sh_WVUBU~Ur|KSD^Wli(>sL8dZCV%GLRT$B
z;ikRc7c(QjqXx)$m9Jph;n+|?=ex;r$2HaJgzMEC4S_%7o%$mxk`A5IM%b%JNd0`>
zH*(x;dbMA?cqHL=de>#X-X!1evYCAIHfh)cj~f@4Bf^swQSDXn=x;yJNYdmpHCR_=
zfk?z9_qVFT`-vdKXLm0bd}yoBi>*c!XGvx*lp+Xok9r0IY2{2ZoO&*vb}NpdTj{vp
zYE?U{<aR^u6{e}QV#-ku28U#<G<@$=02Z6=Dt_{PJO0+GCS{6XEIgcMNwEU$uJ(V(
zlyZPIBE`X9<-HBWhGtTsFI{v(HI7LSNrP9qwZx{3hccwoJLFOcb9cHEex0we<Nci8
zoyn3e0+RL}%d1()V-8n3d`>z~Qjr*%tE(XLRl4us!7B<6BCl0y#0G-sjm?wJ1R&yY
z3f(%8g9I9Nq+i2l=_l_ex5DSbpdRo0{_LEu_l+uFs?WaJ<a<fG(B!F?YU3n4|HU^U
zhEco(^6mw9HiJ{!?az;N<Y%kN(NmuW%>r?EuE##}O+J`7iAv~XUCP(3bjg+_zvEJb
zv~tdCzX^;#$N(M@@~1)@6A$*;PCnpNyExhaZMv4ZSE$nP3@@kLsCtpeqxoTLtgx`7
z1gQCyA83efe78MOtO0yauhjT!UvH<?ZZNfd5`Quc9q}wYR3P_=D-H-N8HjB*xe|6a
z%}6V)y#94l%x?Nkz|l(%JIcg_2NxGUr7sT_qgfmG1k+%K->Nc^qM;h=O2&{J12xos
zILY`IU-vH_TU2oKx?qWFsBX=~CaQ7{G7{v(+;-0N%9z=@Ctm!k&r!frpO%i3nk~=7
zQ5ef`YhDt|`$tm*T8evfwb>}=<aPe<?L%pv&Xb+%ru+CmzY?7gOcCvqcb#{OF8XRY
z9Lz5O7cx(NdClk8xWH-m7ozS1yt4AIZ)A1Pl3<fX^PW_i?)o=*=}Jz<E1onzpHt-$
zc%Yk^EIgQFlEhk2>=kOkRpJ{H^PXlq?|lTPGBPdqA#UY42b1_|I0f`iZX6QiJ8$S$
z+f$~Ax$-uPTR(PLTz@QhwYlJJY!w*W6>v_lx6m5vI8mfxE-8~gNzU;UV~a^>!8C8O
z*kmo1saTbm=iYE?RU6ZDnbS>=Vd6V?s%2n-O(P%JP9WCN>=WYcd=Q5m@}KnRSG%Ot
z7-WacAhi=DFm0fDuXe~D^2I5=@C3}{l-zloO;)ib<8v72mwk+R6WPCb<fgp+_zPsW
z7RbAcU0l&=3eb=@g;j4$-e>WVX}_wtxSF`QGLnM+L_Pa{X89}N7tTR@JLTg*eyd#6
z(>Lho`1onSE&<a;2YV1Qc!%Je=;YFBo@f0l$k%P7;MwG%gOi~9=dF@AeNABrwAQ2?
zPu4X0G`}dumFZUI(Ar!|KCGytNzgswectq@o!1BRmdw$-q>P5&wEl4tz$m8H#apa7
zzNU4{_=H<Cz53PKwy@{N*r}&Z@)@;DRgl<Cf!*<E-)0aS<8>yN-c<_aocjr4u+b1P
z&M0u4aNQEZJ^vc!a#T>u+vrk==reV7Dq?-OA^~dDS?h#(gShA@S}KF;erURggSV{?
zg)@0YUmQc(X7}TA?pMc7(WGBD5p@=k;n0%I$nHry&204Q<WjxDmw%9hWPhg<5fK<1
zA6iGL_Kbqe`+Qouq3*En<{wQ))pmGeBekVM>wx|(VDQ>AO~Msl(*7D6(`K)^ihNO2
z3;-krOI-pTU6EhNLVRV*^y=<Q!OVcLdkYn70cqdzdFG8wKISVj{^eN3Q&DVa9a8{z
zDttZ8whbId@<`U~#%6!yb`Otl3F<FkE>G7z<Fv+Z{#y4B4`X;u%l@Mk1}SF@AY%{<
zGCfMxda293wJqwPNifq6Zk&V{-3EIKL4T>QEvqp~@_`!OO;L#&SR^za(&}_;W#pOe
zQf&7P$>{7@a9lkx5N~&!EV>W3jGp&i;VAmDs!%=DdL{KCkMT*Ybm01XH&&7TbRAVQ
z?)9ngSY`u@)XwTJc1u{*1iMMd6G5i42|E3-DL#N%r7lTwm6zeSdj~CASLLSgm}r@f
zxx+WFt?ZA-w^R|lTh^D^CSwJ0EOpt+Fzo3V`O0+qg=bnjb5YbC{yg;@_Dr9vEE)G?
z8%*c)rB7v!Qc`F|FhHts(r74E6gJ18KuX6~u-H_A7`b?M)p6o>hqT13)+PUwdN7-r
zT)q}8X4ZSlwy!vC;=&&7bu_yIP3B#ro3|KmQh8|F<Q#T#{p%~*;l3n(4KiPU4sSVT
zF}lIbeDx_M1wPweHKX!sAsRY&-x-+6uNqpxt9NKgv)Z!i=#6hdaup><)sC<U^!V((
zB_s#Z=3eQ{7*^Zau)<8Mq8VAsZCDQcvrr3OU6_k6?+je}sl_$$`mUnJlj}QED!3_F
z{_?ZPlY%adD9CF_if;YcG|Cb)N(C6Zkg}WY*~>AnZ}g`ZVyuHtS=Ku1nE@%3L;XLa
z#j6!xPd-!T)<D?zcBF>cXXcuy@vTo%e$YX0JPx0{d9(jx<n@}E-qq6$5C@N($xp)y
z6E!gO@P6~rHtY6SX`w2=Zy^?0m~0RjWoJYASn^0j9piVN)7*qLY;uA2%YQ9wYEB~7
zJmy$$X>UQ9lJv%plwqiVsK$e>oe<dJq^jo{M-R#Xx)?hhBkpBgZMEQHy^FF=f=Pp}
zesv3-QOP%X#A3Y|&-O<W{D5N$M>G9qrjfRy@$@R6OIlxJP~*A&MoES;)|Y%pYQ6KM
z(n;fATD2I*_BnS4fcR}@DfL$MEN3<CWK>z#Mrbx{I6ai;L@mfvKW!>Vjo7a5jiB97
zkrgtc$v;K-BIaypFyRY<No$$d*={i*G*Y7NQJ>*XiEx6|%#?&ydB*PJeX$;fA4>)3
zY(g8ZZp}-!%n@{=7|Bs4H2$2*%+7hPMZsJdvC*HT$NilV@dZ*g3wZv}W2d#omwl>`
z_Gh0_Uo7~~PCqzY882-uyqiHd7zY>xv0npN>{IodO@GhoN%7swT`%er&i$wpjwrM|
z3fNVl7+5%>=CEJ>bboi1yKa=B*HCpo#C|y-5VJYj8RZdvomWeKefb6ZYL?XiVtrQ)
zwp51s#%fglyyW0$q3RhZWv5cK0!cg6z2Qr4KX8;Hqw#VaJP8DeXyLZAJPWqnPL?SL
zV1fd0Xr>k7h|&dedl86y1g7*#^=^oW^lf_o{r&7l4_e5|TI32JAHAhDiPzWUe4@`0
zizc@BWT*i}b&LLGXnI+3JGkDv%BT3a9b6a%g~qG92U@&PTe-=59BkibH3qCIbi{Ll
zamJM|wAv+fKFM+tV##W|ph9EaTyC;NoeM!=du9*x3N_j5{cTqs&RIp8U{)B)X6@`C
zX=elW*s~oBukgz;?0b5_V-ZbYCvIx};IrUKk&fSj#O?W6@XyUl9>GL%^Z$A(j@VcS
z>-o*U9Kc1hI$7@#vylYnWx>d{r}C?}Mn|jZp`(CSY%*J*Z1#U3l5o8K&w7K#IUIlG
z|Mxpm5jSay_>nLF!esvUTle-g;yx}r-Vy45AvwW{5AZC-Kgj0X{dZBK0^T>bUV61t
z!atAfAE@U)&9Z*LK|`8sahx{@nQ5+pD})lc6inm6Q_JatQBBP(QU_`LPoS5VehFZ|
zgAU%~4@opE5JL=|$c$j25p*VG3|Q5o(s{JC^w8yVdT&@^Ka^!raz;4s4YuJ|k0Yd^
zpbq8IHN*{8jn&#lCXBCj+XYCaf?};MrMKMOz^xpCN~RQe!57qrw+FL!+Ar*sHF4RF
zM~A&*om)L`eT!e8WxU1)jQNfQuS~HNmFv`GoKAiJQjHllknlnk2+D9;na;}8Tt{A_
zhFi@55<`8#ETq+IQAA^KNgWT42ahx}GFfbqbb)3t)A2ziJv!+Y|EAfkTzVh^t=0mT
zjrQ3sxLRqsQt(Uu1YRmu4}|gNU<<JBA+Gc91b75ge*T;TN=B0mCMMtT;C~A6;8k5P
zqxq!DE;v?9TDPTpVJ<o2lFwzqNlkW7KSsvCftPIauDlWW>1b`>kHIFD8K52ek<|C)
zgZAe)bsKN^a*?&Jj)Lk8l}rZ!rD)S88X%v!Dq5rw>VVPsBOWKrt8<r0Xyf^T@(jc~
z@c8t({4BU@Xv~XMnmDL!MXPP&2>ig57{545cFwP%SauNaOHW9d%<~p1IVfBz7nmQ@
z{F278JZ<fxzapj1$Q^pjr^n9=j43c!6*52f@!Pc9no`;Y6C?<<1^VzHY5j*I0zQkw
z#RMU?YrgJFf%Epr8mZO+pk`?;C?|`TSGYVal$oaF;+NJ=_=tD8bBoa0Nm`<4BQVT7
z>J!h@!y<*;01xc3`K<S9nvO{9Q0u7h8wUMeO=?@F?B?$B5yQ++ykYDHS5mG;YH#gk
z@8o=4h|+m_Rn5IVxWH*z`=d#Xdj)2A(kEs&f0qaHTCcDSWP1*P7ph1@<G%#JS@v57
zP~dYchI8(qTq`R}?b+qPh41X`JR%%Ig(i_ThM>EN`P9P*%a`8e9cR*|{d(Td@$ezb
zoi{b=Q?81-n+c@Vu-H|z{`m*F2RcGm4Wv1iYTWRW@xa*9W~Xn@X4yiT?Qgm+#$396
zdk4!rCO`)y{<4_O4%6EJe?U+0CMc2g&H8#T*#@kxMYO_1&0Fc~7WR8zdk>aC<GUTv
z^GS1s=9KK5Lm<z$7RV(-TGIoa=wp+Hvibt#>@i+$gQWo!`}|rNyhRD7IlWR&Z#@B|
zKOwFyiAXM7_qjn2n)1!1u@REd8Xtfgmn|_polvzIiSOQ-TR@M}S&Kl+E@tRiiu*QE
zAH)zS_C@Zzv)8;28{9=v!FgV@bTDM8fweG{Z6TKz_+-6e(kK^<z?vLANxORL*^pJ2
zu;dJ}U!xz;D*dGfLF}0Euq@%M3>OTC%_ai7HZ5;Hj1w#c1PbTj1MTe!4tG9ypmzhu
zoVFZM)fPfWD~?TX$FdhPo6)y0A_pIHw99=c$O0>QZAd)qYZiA6Lb7~wKE1nld}b)|
zYFADWOhbQZDGGg6;32fWr#c=XT=?Mq`;P%ZkdLp8lOF8d>nK=fV%W&-&)7$=&7F1*
zU2YBK7oHk4NYkF|U(1x=M6jF>r@5r)Gx**``PvJA@f3ZVb$M{ZW|2FPJ3}%k$3%P1
z^MX52<~57UJpDTF$pR$5h%NmHi@-{qIT=N`*`DP}m!0jRCK=wnfA?gS<9Y<L%m5iy
zzt445s$w87$g{Vd(z=^lOuFZA2*3EQ7Ow^3R^xMA%kz-oT}52~mKesdHFngPi4l~1
zoX!$|Fn7+K(9cNuav>UKGV`F#!!;{5=jF@I_ScPxpLn;Xx?++T?QR`r$69bIXgIFM
z!93Q#F`>u{&AVs4NDR-^n(W~Uq_(<S8!;uNEv@O0XC@ZLX8>hd5ChildP#4=j}#=z
zq;Z96?WfcB*pa`(9QM+7zC>G;g<7Vhp!`X3;mgPuUwqd1$<phm#G&x64RVXD$M%<o
zH&<<_+}}>U)(bu3LLhB~aT;P09a}xPjfy-tgP%3=nzb|yP1(=H$=1-Cmk*q`E)@6g
z!f~)0ba%eBY(3TlIf@+t8|bRxFWzfb@GP|cA<H1~`BvcB4#c#1EoTd3B4C^Zi$gjU
zUX9);y{sF#0>n=_V$~QBFF0Cf&~a7p^+J=&fpTyox*ruThO^bH%FA-GoIMrf_D_iO
z#PDC{Af+nK$FFDxU^-_f?Hg)(XQL+eS4a0e_;+s`EZ20SSPiGr&)<|@sIm(rNEtib
zf3ML%hv?Z@Z#Eh)ZdR@+UUJ*#CcSO=)fI~tM;H6el$AJB8i#*=#Y-+n^|tEMRBIsR
zB&YJ|E!w!T!jo(OQA%MBQqb5yOW8-Gmbf7^ea*XokA*>9xS?F_hxd5HqY1aqBBE(6
zRzCvP<Hz(ljc$mDS7=^8nctv@2M`$84eVbAs_7Dvh6$!*<^+gizNgeg+oJRECD({-
z)Royu?Q%Nr0km03!(n8+YDjma<eanDi_VQ1udrg5W~u7PZXdDMHx$9Grd$2CN?nnN
zZP=m9x1HtaE`X*bKd|F<DloRNns3+fjau2t#s(loZ!g8>`em#|VUDlh@DPhZzLYpx
zAHNhe<xH-3vVEhKt-j|`zkv7J0h`kfyYbmUE}be*^nNh4=%$cUf!WlchFhj}&6YD<
zeMGk8t9zl(*Z0-dW7lumW*e<ne1xfeW`H?FX>#`ACy8aT*q-z`VvUaw3@i>+GiO!?
ztp+J;GLQG7(zca4euWxsh6Bm<x^Btzc89FiIKpPomF`znX+YaGwM)ge6d_aMb-IK#
z`4CS3xb{?#e4o~Lbj=vlp>75<SAsD-0j<0|bxB%sggk4oJsB&(*iO}%L!Jh<`~Fr6
z6`TjND(-6U$<2BwAsI4CMEPE;inhTptgJe0%FYX7MYga4ZH1UBkPMm5azYp`-U+9s
z5{&7HW@>XCy~Ik!3o{z@*=8r#xQ%4c*x|sfT@~!@ii(2VLf7FabNS7Q{mx=ur<$RR
zR*k)x;t#~)nM=<Vba;yfjosoOouIa2G>*sYZak_nUHXN1)e6hZ5Qb+dIB<3nHn@aJ
zahr~*1Fw1>Q6V%a2Rm=+PxiliWf4<jP#%-mH6W%4sx&lH59`d+s_vzFf1#4GaNO8b
znOrkrR7~&A+&5b=OH(zris;TGZjVa=2^b%J2!BliLN~>FF}`X#J+xjx%%F!w`xh=;
zreA|3E3`_PHoost_}G+xAvN*Q6sbs6GocpRZq4WhzD0R+s)A+oLS{w#m2;uM<$hcJ
ztGotfgS2&Fw|F|IDjS)dP?M{UvTDsR=jy!|VxEjY>md+qy~G4}iUH^id?h9T(-Yu4
zU_0>;RPju>*CsbLN{ic4<z~de#dJvqbwfIc$BN&0kVO!Z^**+G><mQ-FPuQvY%jS>
zu>?$0wudk66{tYPyZk!9L>DOacG@Q-FreW%5P{4EH;$mk3txL@#2tGd1_JM&h-ROI
z8?f+M*zje70R(~k(L3h}nQdrwvbk%%WO$<dXU`G*kEh9Yoswc~_MJIx=a!C8daa>l
zbh7=v$bQSN&};K<^2a$2kc@AsYIRAUcwJ^YExxcv*meTE793^$SWGY7sXZ+&<HFm9
zs#zW_>CN<2+rQ~Fy9n^|nM@8#8lwY`&`#Q_7JUsFBEqQZLcHP&$Xogcg!@e)vpqWg
zac&wbs5wpKvA~O~*WrStaDPDQgKYy_OJD4hsh>a5{NEVBB(?#xaB*b~lM~74fu_2u
z&rOay><0Tb1RAaxH=VJM8Gxm`-Vd3a)W(jYh`jHMrfaDgH=b1aZ6>dfRjwah_eeXx
zm;|h)h8;W80-Oq`D!oiC;+{?S<3|*JtFo^l@8UO!qcft~HuNCwBex28zn)^>%l>hI
zC8=$>egDFK#=L?>^2Dgm>D2teWE12^+U4M_wY4cGuRM#l!qrsF6X=oI41L@~h3-ge
zHI;t4M6v~v-)Q|K^;woF<Q4<?bZ!?V(i?j6dqq!a3)PC{s;k(fCuX~c|D<WqXmPpm
zZFS{N+*z7pqkNW=i3;*E$2E!-&XUtGF{u+ZbFzB9dqwE$cOBgfMYPpo@7Sp(Onc4J
zM5ym&m5k-24m&zRB=92cxVLiZ@nqA!lt&nY{-9joENzZQQ<pxA;^#3!W{fYws&P$O
zdEp_w0tsd1?XK!dcRpaW>*Kw{)XrW0&pp0#DBoh8q+Lhz(=k3$ZMa1g8B=k?q{G>q
zJ-X~Tv)RXtol@|bx14)#9t>xq_%x3@>mc5qUnK3;#?&%6Y;L|P+iC4^iZ{=UQ|h_s
zx;f`<RcCQxX9uEU?z*@;0FXTCW+LCq5V>Kv@^EXx97qBO^-h#id&eMmYXQX@xV288
zu0uSDR-nUAdI~a!6yX6Kn+<>@JwN7GmMrmt|0B_Ca7rVxI960rq_Jh-`2KC&j?#t-
zhaL)a(=@AQ6V~pM85MlXZelhhrJ2$BP<THi(^7?^`{@zM(Ljax!#>83S+#DUQ#lU7
zZ7m>fk#ggi(TQ=s#};GH)^ABx`G%^=Q2Wh>3U35-=r)Ya<Mk6IBM#(4Zf30vuRc0C
zHKDoDCEd!|$5YMa0FZkbCE&YL@6aK02i5K&CB2KVQ^ML%_goa@rJZZlTam=ea)%=W
z%h=_Wn-%^`-3(JyO<8p}D{>d>`?3w_e%xnDmxWnH5s(<nh-cFFA`*B>3a1r;#qA=K
z$4ikBwmYG`j(z-=Cc!C0^*3HW5Df~v@oW>dZ|WutB=3z&?y$D#H?@h*eFGJh{3QUr
zyJ98Oy4%k(VH`@X)z!UlmN1OUHzCqm{6z6<NIP8k40<F$N#X{kP=;hxYuN~0L>yrH
zKGlmA4uM(}Y<xAp_lf&bvL$my((Dd`N>TAuS0tHNhRA{S@I^#(BhsN$DN3}lg<V7U
zcx*NZ2Ui4lhvPicZady#DvDQB6v0|je%tL|si%^Z*Uor@#<^h8EtcT1;};_l1O8{(
z`X6L(+K`vY?fN_mDVx}9+X+^p7O|Ug$gf-+V9x0rZ&cn1S#5W^HWa>)-)aQA-&oLe
zGysjr<c7Z-`hJF#^FbNa*z*H#MX^rQLYUL)w#)R|CeFJTj&51p<NoG$gir6l<NtV)
zdDMoif>@!dKs@98f+kx-Jz1K>7M)!6kgIVmDttf8SpZ|*-c*7zFk||bIGIe7J~SrT
ztguDxg%!5y;ga|oQbUX}40zgVqT|wClckXwDwuCmF-*T@sCdW0)Epl0+hgxRKeNAZ
z8<k<Wg3zQLS{g81ZBQ<na;42yDpc8|1BR!Xk|7UC%YL$>>xLYMuUSABvm--eorRO`
zel3B1Gx}ARC0ND3u-5Q%n{}v$?A#NFRX(a5t5<RwIx=-qzBB^6zpt3McypMs_dRR*
zq)S4`Nt->KiqQMmEv$iO_rzPYmC7$Lv(bY?ZUr~RVTVIakId0r0Z)oDOks^SOEiw{
zYJ6DR$*M((C+o2@7@SMdk$IgQ8*lSOpjG*E_nD-#C+pzF>HYg_YQ9;6pumOMN|UP^
zp{GlRdn{N}B;f+AtemA3X*uq?*JN;6<MDK=u7l$Z%uuF94v#RN90zFh*p&^B>dVXi
zf+P($YGjK^(+)LOVd9+isE;ja9KXiIvwcUE+-i~0bYDvLbQ?L*60d$q1(=)r4)e*k
zXxe8y0N%^39)n@)Q!Ms%6K_<}YJ`a8R`Kvgr55O5pNZ&1M|dW(uQ}S*ra5dZ1L}sm
z33{~!y@vI(KPr^o?F!lJaerOc7T@&LlHNa+))E+WDZK~N8?>&nJF%Ou2;SA-T^qc=
z-PvYpLCuq96qw%8At(^PBvg;n1a5CLYm*j3Emo(L%c_lS|9*4E0mh#xOeofnFtI1w
z69uef`-bm3PAZ7|3<JtPZ~1N%AT!8+_)qtY*E@vYYS!A>NwoT{0-qUxQ^(JtfEBu%
z1TsryT^C9Go%$Y%`a&3?sV6NJ(B|l_7IPCgBBkcnOMc}3bY^u*9Z~#?ItabO!6uQC
zNhvl^%(c+%woxjdfFd;{W5fJfE&gyaso3l*D9M}ZZgUF2^z2294OV$NHIuOPi0k{M
z!ub#1?CVE2_@M}6?b?UDW;jd&nLFXsG2|G)){65N>mYEZ@}=}?mUf<i*o)1EQO9DX
z@TbT`g*FmIOi`ZU9zqb>zYj7z=`IOqcw34f=(H7fE9M*bI@FD;QVJcHHj;=NKHlpG
z85NYb;`Z?qz|vo41JJ43dTebkSQwZmg+Mw?K;Y89H6s0J?0DrK&iJlTJkzW9xPGpM
z&s7+^N%Ch?5zlG1_q>(9nE4{Xim21fbKe=_vEp?ntkR)o@eO}A=0i<1(u7mI?{=)>
zy@ctnn#lM^AWi5OA0)q%QLdD02tA95Uiw2s#Y=CMI+^(u)p#)luU|2{Lo2+Cm7OXH
zGS-&iVEP%ehL50~>jr^od1AB)7M0)Qgim!3Uj4GhC}z%&Zzm;H0}Nk?mU_2?HMSm;
zc4@UD3<oMn=S8QE0&%udxV0a*y}GKde-oo6zmxKs>R|R~oJQFrMZD4QH?>+ILtVzG
zRP0)*_k@U7qzOcR1N^eKv#9LNAXE|wUk}%rD;u0^Xo2_2O5r$Dy}zM6n`jO{f<I)g
z7xJH$^puLo(!2N<e6my#T@}pWPOp#W2d?6;ItgN$=4o=J)xFo?Llm;hmekKS(Sg%@
z8m?zQP@1j}-~I}b9i<MU_Zk&^O7<7Z7)uhIu;Ho`1QP`qaLU)2%r(Dfat}mf_{~D9
zJbv7A5(j*y<{+f-xkE@L0cBB2PteP(Z%G)l&xW%ez9N=IpkImQ(*7G{v{q!@@5=2d
z`eD!g2c`YLDQavqxCdQDiFPgI|33d4Of|!&NKV)r&i?VgDCl2l6(t;Usrx~x;on6)
z$+-2xTGGQ_>|fo<>i#BZ>09gY|GTJ)9VgqF+e{3%|3#FG(<fx*<)AT1B>i`hGY)Oi
ztW^kq8~X42|Nn>f|IE(+M`jI{$9?y2eUx>35GU>LwSB%TIQR(G_$qj^%v|g8{Gjlo
z|9Qp+wcqmpO&esUqq}?enYo15r%`r=o~fbO7#5(WUct~Oh49;weST+2Dc^^tQfvpa
z)NlkH_pI(~e=A~8AWqr;X4&Bd-%)3EO6DE^Vnh0cj#{A(y!7ZQ2yc6ChhD<xg7_>D
zf~TaY$fkOr5Jgv5`7nHpqrK%*>pI}DNS$)CJDORg!EOE1A&=1}s%B@rM9KY&4_7}I
zFCD*roJ1{DH|ZWd&2`I}hu@yv`j0-JleFEslp$sOD~J(<hmi?<B<woz7DeV0$^Y3)
zJnxxhi3Qw|QDAY=Vs&qiX(Iz0ZqOtH=jdLL@YW4Ej<@M6_G~OHa*wsMUoKU!pURRR
ze2ELY{*Wp+Dira}S6M+v6Z~TtE(t%G)DGR`!Y%W-V1q76u)nicv(ve&X;T2Z=gxTW
z@p@0LU)B?a8w>(I6ceT9dKejhtW==*%R4SJRTBa&*7lsu!m9>1Z{E~*00p!FJsp=U
zn4o`=%%*MS-kj9J&2-g0gaU=#632uBPHdGIOc&pJ?r7^<vtckpFY~zogK5qmUpjdl
zlKn>jzer>e&M+F?zl>1c1AGe$ha&A@bV)adW|sESZ|0V;(|nx9rwZ<qUHR)bhl>Dj
zD{DmyZO}NH(&mz|lRXFN4=U^EN^~+%(kTV;Ikg^8p|IHEP8Svq(y^(BJWCrMrmD7?
z^D?bH2GN)|t_Nx$ocz!?{$}1jesmaQYr+_AJ@jGWad&<c9hXzBbA%`>p3Fy<dYM<y
z$Mw<_`{c2|u&*wL@4t(z^ctVYgGl$LOVTCr=)J`!5FGiC+ikznHE@TKQSoeNB0Gu>
zpo8Nt>D_Vif$dKwSp<}`)HpA`&vY0NiH6}wOsDO!)Wz~hxAC|g<9eS+Wv66>%|J=P
z<n{6;P8>{22Wo^obXlrYaLCRd(5*0NySj??g8andVSONNC!r&O4Cmo_&A^Y+EK;nz
zb>O+TsB_;*`!f64_o?GYT;Vex8x<pnaKxYIEc^RpZnw{g=2@86Fxggh%pTjP4!K)f
zQU@Cc%DyM-Iw4gV=-*r&e#vw0=k=deADWs`CbB!PS&{f2uNGv8GtS!N`XoKR#zOhw
zHj$OXn9L!l4l(Xm<5ap5s(kw>&5=dI4^2qJ^*q82aR^=SH?foOCc3y{ncB#0k~z8}
zSZ7&h$zoZ+EU|6Gqp&Z21;iD++PeAL0<rM|?iP%`jS%!ElL<ue0`IK4(d7@`XAXD_
zd=+?if%O%%4f8{1k)_so;i=9p(=6xrw4Wp^UBfs6ro-vS%D?$A3oY*95|t0(O$}~i
z<V%p;>aRb0Oy!?dQlQqt59~+c^M#_BLQ^}hHd+-7m`8ZKyYG1wsHfWhm^X3kE8ZVE
zHMH3RqJ7j#S~ms@aGcR?tx_wK6{*1WGNQp9t>r7|b6D&#s^g0MBlIKG2Qq#I%L8g|
zUxv<{d?ol+)nY039~BB7mv1vLPKKOsE=J!tJt+P41RL0^pC*kVm+;&c^4wiiu%vX^
z-Kn^p1A}I&;~1bK(JbffK1qf8J@G<WVf#na&__=OezB>iiDkX3dV3j`LNr#pcN<<?
z2G>lHkv1qd4sN+Pr8aGLmBzF`TBHgI4cSTx1`OMJ$%?!>q|hpn#|7;EX!El(!uKu>
zy3)9}BL2$n5!&{n6Z|~()R~MqX)SRiHk{6yI=m%kkyeHK##)i6B?AgccgNa!Evy=@
z+OB=^+@X~|vo@>2jOVMR*l+bFd33fpq$F##bYmU|x1e{aQGU~QLde)+kErud*Wc_8
zlh$AXyW55;cKvBePE+MZ-3~r;MXs5WC7z@7f;Re>0;R+O{}AJiss2P275em_{mqEy
z%8;cXP1maR4e4NX8cXIYsr%quyVvOiEj27wpDG6xMgp~Rj&1t1w{+Qy+59tOA|rpm
zbDxf;)$Hi|nY823o=CQ#nw_acf=W~2Qaw1sghS^$Xwql+%_m4P-{U)xaX9m7Q)1H0
zV6ft4V|}uFJ&IN*>X8O#+Y+n=?Z>9lSi?GJp<*WLJgaUum{wsndAy8sdjAT@1`*p%
zf4u&mrF8jzaR1k@t1J|<8^#yo8G&0-pWjUtMjyPMEUQXNgdJBwHue`TXhQ@3S$c2a
zoR@n+UmgCjzker!$JN?+&b*kUaZ$5>@&C_pwHh}<5dSpuPonrYi(g;rVpHPpwd)_x
zC&(YSh%LB(HThS2!TRbrhmD&#z=P@UVf_<rZj;8jfcp*0y#H!Xmiy6i!n@0u^54!?
z5La;Z)|jq`{+&+6B|(kCSoMwcm;k{Gan0AYPL@VzBe7_)W{}?(?*nF~`ADBt7de9e
zhRBy+Kf<#_zGh~sCL?@KOt?W@u#PbmA9@QTEtD?x9_hhwY+Aez3?4KI`YI>U>XBIC
z1Cj7P<y~m<8)Hp6+6wxFSF)5(xdt!@QWTSf?n=SYR`i)NKE0{Mn9@wnW~hXzv^!1a
zw0pnr;<hZ|wCUcC_EAZ8;(aj!^Jbr<+b-g=SDNOUxc4FqXI#382yYAzw}y`#FQts^
z>Igb-I4#!E2yZTaPsQfe9*iZC{uo?(N;F!*VG$7D)HFK$)^}&KV{wJsp`f3>*x?}A
zBjEhWZ2gO79k02KrH^Q4b7>aM+^nlvudMLQ$3{Qq9p9hO4i$Et9!@F<T{ViYu4TUM
z6)t*~zmuF>)_~BS#v!MHTeP!vuH*~Nfm1W;x#(~8m{O(&#&8{j)y!uS^+>$ErTW<Y
z`Fb1@YMcM4Ijz)ff3Zo8PBWvBApO@^*vdwxO<%AM5~XN+(&&*{rC;e_bF8wVU`Gzi
zw`s*Hc)KoS^EOmzkIC?zc8bNGmn~|{rMTq3)e_BSyzVZBi^e|(sWsf<yPE_!;zI%D
z<YowJ@&*quJLe<GP?6%LmTM6Gy-0>cKCsAaqZj#}Me|tdU<t(Xd6lgLw^^&y^&^bq
zd8?#-_d6Glt#S6MpMa!~Ybh7+G`RJS9NAYNYu5Yx#OK4>P$E&6y6wyw#jhH^B|g$%
zkoa;!%!hTz{&|ms;Hqdehk*uu=i7-Lz{R}DL@E7jNb@qEqVy6rb75SwRB~mzXT&rf
zSijS%c&}z?@NDX{zZJK3!Q<;2#5sK%{9}VQa}GnZ<{p<Q7X!ou8u3mvoyDu1#r&M*
zF0^!KiQA%AWCiSv-JFZC!l78oT6o`%b6E(g@d%x%zb6Vul+>1#3xz&l{2po`2&tEG
z-xMM{IJvH*q&UOh$7>lpj4$+}pGRmdVaXl?avF%2q2R#Bw1J8A)}N<tJ-s0N;)$WH
zYhW;M^qAn{jry!pXl0%x$}KSa(6XVsySZ3BQ{WCYwZcYhmL7RyzGI55+{=4mC+#LL
z!~CDORP#OJp3Qw=H1u5MQgk<WmTCJ~!HypCqAtbULfc;5?M|<pl?7wIfNek3vzn|D
z1^Oy$^*fd`>DM(ijH{=r!qd5-Jt0EN=_%uC$vY_(Ct}Ka*;N{epLbzTg8U%pva~BB
zfJJswHnK>5<)))W^yUeBtkIp+H99!-Ohniqe3d;8`Uu)-SiK99IT62ZL#98K($f6|
zjc+^oJ@xdUdTqPf1ZgURK$>UkC~b>Zi<<FtXm>0SbL-XdhUwqR9s%64yU#<A<YX+z
z^E9xp?-7Zm-M5Hj$|S4%`WEtApxcZKkPa^1^dtc7b((a2UBLBIWIp=d57DI0&+GIE
zXp77~fP*SB)<vFnQ6|H;!K0<uTVL6i%z7tOTyfl}&9x0Q8@>7xm_ukNh<$LFwni>_
z@2S$qq%TCreR4kv!&dxbcr1~rT9?|9j@dCzq7rF0QvmY!lcL6mTY#!pHLM|8b>x0U
zu;Woh>f`~GoiH>HgA1ON9#uNF8e9#`R-Bo)M5DlyGLloEz75#2(=TT8^-6Ao()Vc<
z8y7N|GekRQ{6_qLRVq5T5ldu8F4ByJ|IBw5#ComAPRaz}Y@(D5&PoGitb&t+f?V)<
z3U~{}bM174N5eK#vxju|b9_0g{kUcu+!_(LM)1D_AG(wpG$B~Y$+x|o$_Uq7)M`fo
zEa)Pk#m<sDg*ZNvxEi+!BJreNz1d9&6U9|4v=TfMf{Sa*j~8ZMl~xBIf0Gp&sH<3T
zOD<-Lc)L5O5&l#`as!q5R=8m+a18j#_e*D5+|*9X&$M}@SvBGD;T|eP{tW|?wD`F?
zN#EctX2v^kV|9|iEc^MhPBqwQfm*3LyxAlw?d{d`Ij*g+Okxec`|==7`HQW-qt$wq
z3R_j}tn)oaT-d?uv0e7_65_4UraLBw7*Lspv@*SMJ)_i-MlW@I%5m~{t#0Ee`(%()
zxII<tJ*lT8eJ&u^3g$Q-p>jp#IwoBeT8-z=)E@EW-HhheDXeSMZ8Vx4i&>kSe)r=Y
z{CHs9JGAg#sYD+3;T-uG9nVwk`;#H-D|Gq-i(p~K9AUjc^3@c>2doa?GBTR_Y1vtT
zNJxgqEP3fM`$A^A_vT(#g@eh@fT+(8+%Lb^wyO@mr>4JbFM^CDPHpKMHGfB4^pGbS
zsHS*-;o<WnULx=+e>D$#e-Y(1&kLQ-5FT6)7&#G~?1jC?CWn@lk<iH@1<V)&7X0rj
zDR*gKRaiu{8;$m4Y#%-~68E_G9#zOL;&_$ALKioI8FCJAHE(n%#f;we#!SuHP2d=8
z=`{!VAa}#5rOgfH;hBepTtB@Cdq~^9t}K1Z2y;Ka((#><STAzSnL#HIK0Pu#abg-G
zmz=_ZRQZtH9nep<yPbU)xeyvCF4}jqjR?mtvciEa$5z6O_P2<qIau*yh>7NsopVv<
z_lk&=diGLAVkMd;!!!)~ioSiDS@l{^fqoX>x^_0l+ag;mKYlbY*xO`61w48w3Gsm!
z9&2C^*z&&`0&mGEJ}zA>c<X1Jg`ChY#0z+_f)x|*t@_2ACS03N=c*s_?qh(HZTD-c
zFK7xuNfIJa7X6Sa#wg@ARVGP^ly;4^p5BN|r1<KDnvwnDbi?cFDy`ewZTN=FkcQ6+
zsp?S_5L6o%YCVkdPN!2M=q{2f|H$p*w(314v$8PU`mDP!c*bSc;;i~zs^*++fJrh+
z<14wN3e{TU6Vhm4%h3XX%^9k?Vsugq<6QNw&y1JFGoX}bfJHO~?E^ne2$hV}@?&9t
z^^U~lzDVThz_Oa&TdZn&J%FmpZ4ShIUPARi@e&B0XN)J(AR$@fSh@erX~Vm*^ccJB
zr-fJx&17|I?o?ftN|y$tu0G~T_J#b4P~eQOg8JDtA&Tx9xei-cyk$-E9@)&4bj(^x
zee!FWw)F)iH8_=rK2)$PGC4f3vLud9M_@52-6($oiglWmf#c;O`8-#xvMo>?Q*S<g
zb;P|*!rIWnNclsHaLr0GHr}2O9#Xj0$OGmZ3RSq8(SoGn+kfv6oo9a{wXwGcw~*=~
zz3YPPN>zxd91~ha^_Qci2Pyz+F@jF#L?W53zMYi;it1BqHi}OmzWGN<bPqdCd_YfZ
z=qGkY+iLF4wX!(3A~86aIOe#InuLgN7Tg$og9K;lCS-otd108WoB}milS|eZBs`bj
zP$jQfWDGBFp>g#6_oxamta0Z`vFtNoYrYeZTKx?4X037uUD+Q*h;uw+-{4$M<q)Q%
z5ZRv;acA&ZRA*FEi>`c%ch>q@$XcS;n%}hWqzql&#?xDQS`q;r;HGx<74RES?n0?o
zsX(7F=aBp$7epIa(A(T&N?sZlIbhs5u1*-Y^J8k^QHl^!;iS|vCnujmF8@x&kLriK
zQ4I|rEt1O&bm3%kwLVeX2`xFAU{9<2dEDj_fswz;W;$(Bbk>tO&YA2iw=-1JGN%IG
zQ9OXAn2<KT{(8gaHcwjI_fkp^>u$=M#HWP}E>0sofgGour708-Zt-F~D@UD^Ehh<D
zd{bq1jw|_sA8A^;LNaEd@g2PS>I3eyUiSKDJ&My*_jO3IO|_;zw!QHx4yuAS1B%_=
zOnUg0AA?yesTbyz-1VBv$uhrHm30rA^ODD&@!y2&#7nd;XuvO%J@au|hY$ZKy0LQB
zMU@xmrJ!9an}62W88Ud1dqbCb@+od8ACfV(its5<K4qcJ2mPvXo}FGecj#jR=&|sF
zR3aN+41#zyN8F2UwaHIB9+>{yQr5lyKsdtLcemOmx`r0N;h;R*bcbPke0HXEMbT!E
zUR{CiR_>g$@O?o4I`llnG~`8Hz>`YXd4xlTfH!<rWg{jd|ID2UpmALF+4;`<?UWt)
zWY)wYX4PmPmzw9HZe%Lc2(LPX*h8$>iJIJ*gy^!<6}BpBPpvktsVsqFppT=P6|lx;
z{d4UW6&h)i)1)2mq!>U@Pn{f%D!jQ&p8Lye;i{|)$BwQM!MSctZ$7-3#Mwl%8m&^Z
zORr{Z^~p~=xw|yheT7x%s|a4Z58@Tq5l9Y){-1mO064SvZ#!5MfC6LAD(I4Hgit<v
z8T3#UD<Nn#`U1Dr_G!Y=Vj)dk1n_Iu%m}SBZD}psjq05(&xQl{zl*a6yt9=hv>7RY
z%x)=6E_M}#Pfh}A^SR-rV`=m}8Y^@$u<l3Y?h_2El*x6x^Q$9iHYR#}U;DES?9bx4
z2Ns3>6N?MWq?1L|nhoU$E0tF0;>x1@LoV5%4{q^iJcbE-UUHI322#nHFn>`70-wW0
z7sa5>RJNtkItfgk1Ml@ZM^&P>DqbU!Zp_bhn>jSHe{BNW@yHqb4^P>pT}+bWEV0GS
z?+TgrL><{i!SUCrm5h_WVArutZQowzGHci)SMyQZE=*T49#j?3@(Q7HV5?;CY}0s*
zqI)s<(&vWNVgimCOT+8iojX#Umb1+tr6a#-F~<nsXCDpqJe_U-VvnyR=o2H{8|E`m
zTn#>TZ%49sVTfF})G}|MB~88>N?YjNzW*juSmkjq6kESy6DieS8;DfFap)DlQ*fAw
z-?aA58oOPcA|od*P)bMTwpbM4fMX!tei80Ll?R63s5Y3|A0H|_Bz?zEZeMF7(~Gk3
z6|W8jaXZ|97Y2OtA(`&c&rMaKMI~hZ(C2bk9LHLnUv{)%9;(If$2+Rzl?;!Q_A*F=
zj9qkw9M}LFyPB07rUb;o%gKD@SieTJcBHPQ`0zy#2n5!DxAKVx38`?JG~Tg63X}HC
zk5!*vt4t<<&zL@~&R8O2-l+~4NwJy)@@48=hPvAts=VKa8m_n>jVmSL81Sa|=FdRu
zl_r-q0sX%%Al!9t?hG|HXtXi6`j+(X{{=wD#)qn#gp3|In?JaHdivE7OW!${$@28K
z8lLTq#hgvGdTCzmF@U>3eRen{^!elVS^ReUELMUigM#?*x2CsZeM%;nW#}+sAaO0q
zZh5NPm8n(4z1tsany9MQd*o-^Gjy6%KL*8aMm$TJ3!my^xNefm`(yXV*y`R&eul>y
zcf1+Nm)^(^I$hHzFWs8Mq^FX>oE9JYxGU-&7{}~h)d(mgTfaO;j?8QQOw@1M4rTTb
z<(pp)crp2=Q7m;HO<b&>F-rz{=W82Hz0<xUMa>gIUtnL&BMg^sG~7R}pPp-aWPoLx
zZ}3d-Kp+-x8CpEb5D!r8jH-J<k}a&t<wPj1$=RCAE7W4RLBrLX`)R<0J}R3Ds82q9
z9G}}KxsZ5n-~5?Z9?~ec*DzptdfA<j=rzrK6~cnm-J7X{05FH!#=ZRjqmsJfd<)g@
zrW;JoRXYqFr+V^tBsr?MK{%#kt8jE-nFFm$tNr_PcQZCcgdlfd+z|!%;NChs7Lf(%
z$AggE*+E*UuY<6Vh|!-ZWd^43;$(rc-jpL~-PR6j+Zh~dYuM^D2KjXYapaxEHl&qT
zdaA6g8x-{*1}?IyVH+9kY;zG;w=BL`CSQGWEpAVd1{$4Hz^NG$_@YEko);?~44|Jy
z=`QI|QtHR0uze?e{6rYoDM@U9t`;bd!0s(A-{r~uRpHHV^9l<1%y6Z~%bQ*UTGGtL
z`E($mBU?<JBdi7DJq4o$s7b`^N%R6<zdIpqoJ9*1@w6_B=kb!UMNgmwqv|Aq^X5RW
zF3?WsFL*1q#vKKo@)5-1*jVd8+{^B5E6O;BZbkHwJteU*l`+seb9V6A<lEcWBhT$a
zTe_O-F-E(g%@&7Iw&Y)_nwkPHhK`oOcfcl<N+E~SeDQ9dNwOMQ<&9teAL`!1E2_2q
zA67&KIY<d8t#nJ5ln6+7!yp|)cO!z*p>%gMbk`^$Idmf+F?2``J-i#^oacGY_xA_9
zYq4Ad<Lue{&QDy|b-R3~Tzs#@+9`$GI}0mGYJE1qmrcHO>@mI4xv9Vjp1U56W;oz~
zHN7hNE<vp<wT53F(Nv-~e1Dj~fgf$8t4V+$P+7tEC=B-=l88gcdYXE6C5S#>LEC?}
zP|tO$@j)lk>E8Zf;X?c%W1w;)-BRy3LV1QyEB{jDjdhFLVH|}{NH79K-hp@6GNm$e
zi7gj)DfODc=bXD<pcMz)=<BeDo=+pKV@A|5^M*O-%~Uk$tR7aAywNnc-ZajJN4P@8
z7^k#jTelY9vRl4RdV*zHU6Y`!0e3|_LhVfbP^W~PDky_#;O%Ny8r%uwveTx9pYJ_p
zuAxI}lR!90+(Pq6I>*87s|-%ZiXaBG8As+ex;nfsWeC+b_KQDO)w%d-zY@iL((gO<
zc@?8V==o<r9v5p`_CYgzG_l>0gzL!<{lhhe(Mt~lt<~yQ=7@K}J{Rk>HK`!vr@JwC
zySYFiBgpZGR(WLdOXi9%xoRsva`kOYe@PA4v<54Gd{C0QC&VeASn8!_c=p`<dci7@
z^2<6h-{L9kYgfrt(T^#tY~)sAeXYJ1{_E$P*B!1tiu<NJ0Op@e@9igV(?uHV`E=|E
zP-z=Z?^>Vj$*AHMpP4<f<$@j^w$B|KaUnUN=VDv$4t0F51Qa$O>Mp}h1*)F(lcV*?
zzvKntazfsI8J#m4m*BjID)Ra5+ijiZ?-%Z49wNj9MM+gZ*4-Y{>y{R91eR#UQ4sOM
zUJTKJs8=F`njYR3pqnUB6tF#JmiO++jC^5*U#O@G(TjUgS*y)i_B1x6LU98I4t5=#
z5RVYl>wKZyj2RDB98lIIz?%PJ^{{wS1RN1yJR2pGPa+@nssMi{PblcVs&|n6@XE$=
zScKzYA39qLNN`y{U!`Kxn&f3Tn9M$f`l(Lq_WsO>C2QIKqd4~vc(_XSHe+i1BweT-
ziw-rqih@7d)HB^+8b($DjcAIQ%8n)4v_j9z6D_sfoD*6G=CpHzef#%vesF4ufoBad
z<9=vPd<Sca4aQe30l4GR%IOAIvGi3|byTzH7GLCjm>~$}i6`tl?Dh5{RBg6*5W6gk
z*cfls;W{u|Ei5K&4tm#BjnUYA7uXA=YzZDmp-f8b`w8r_0R#I959yR@HBg>;reedh
zO~uvs&95p|TH|<x7EF)9f3+B;E*Bmcl{JMmM~v$Y9Y!knOtOn>PB)uppGViaTxaA<
zKf8#LtU7E}8{HGw>g$NO>YZSeSwdAR<v};SQbE@hI@+mgyaqA|st`@8I|v|fyG*y<
zYQ|S!hocFZBU-tu4ZY*fyA%E0w(=f`x_sZj)#tGukk7MVd3g-8Ye62{J8ZMehe5$U
zXOMK^-6eY<Htzc{-rMra^{!jYxBO6XG+|p&#0c|}iTsdqCePB|q+UOx`}8miwTZ0P
zQv-Q@&zO=s!I(IB;_mCEFdg>b#Od+SML?5O&%dW2v$m_#%zkopz_-~2Bq^SHC(hi<
zQLgF*ctT+HeN!Cn&a*gF_j>c8mZ$ji<XI$QJw$J^v16DyT6mTzsjbM3_vW8)m}N=B
z7z$UG!nH}<cFe3l@Ir_<kz6JtbSN&lrfRQK{5D!liN~L|WxMsp1wKY!dLcv78T7W&
z^H{#-gQ~2xt%HDLg(B_6N+ZU_#E$xwp+FV-(mfCl>DPCKtKl<x9+Qq)dLJR?K-QQL
z$&80$c-b}&bKVz22cmR}ye)w^TMaOX`ues@f6U{{9429(%qT(iP<U5b{m#8aN1f>y
zjg(f*Q`0EiN5!=zd6j*a=>23lt8v?S%nw^OoeI{NJQySQD)b~}55d8Xho?gOOVQ1{
z!Wj4_;aRBrVI}WJoTU#d-}YN#?TLT_S-}CWS50ED+f|63%3J6XhdQ;!Gn~Hujq2b^
zcS}(OpJJJ#H&=cw>s*$af?EBcgI-B;)kK4=$g|Ev_v^(wZXjFb`Ml1tYQ^c7y|SJQ
z=Yp2>A5stC?<3s;Chza_vaD8RwG{Ur>dB5#$CRi^*T5fvgG`!Os?Iy5MZYS7Vw^pp
z_o3bOvNNZU#D-q2R2*Nn(c0(*t*B)G58Ikdp2%%WOb;bcI}6Rm(x~WZH&^aSKdU#s
zfxECRHTPPwF!Pz^_>&s_CD^X-lJmT!SN}}exb2ZOm#}e}XBASW!E~pp5oxR?w|9NK
zMwpo#dsu^#`+$MDTC=ibl&_E@*>~h#w%fEv|G*8C%-J)&ioY75eyn#b?hZ=s)Y;ca
zJZrZ?np@m>y+2N|fl+!Ic2^q(B@UG{T5FijQZ%JD2(KV+u*URhHjy0il#rnOyy(8V
zyE(qxT(yD9`Xg{AwPvRb5!+}Q5Xxyelg|e(Aq6=qkn>v0XcG7x<h#-+22Kj7jLySy
zdEuDO@G*SVRwZ!|@ssR{vO+W@_EV?HkW}fn*rIA2YU4}C3zbOq0B@WRH7!=T&2Xle
zvh=OzO~_;a;N~ke4Um9#+=_wRJ9GEr8FMy;vE;1cR~6*=_2CBxq8NAk9xc^GydU#N
zc)}Jk8m#zdt6ecHd$*qF?uzL={4vvPX#e7eGzjN~nHQIwyRyxE9ku6$kO2dejMl+(
zR_oEW0sPsRLwYuA{4bhqt56=g+X`d{osU!|xI+W2HX?Z^aMOmpK&wGjvO;CBCy7|N
zm+a?NlItHBT6p;dT#ril(-nP`gK81O$C_$y_V?F<o=}0_n?S#{U5-d5Fd^aOHIik#
zcB8VLCN_QP1OatueWqulRZ(>CV9E+W`d9Anc;PCDksIo()y*n(P`K35UTZ!-SQSP6
zuFOqnvbw<(-lq<3)15H0{Nn60NXj9Dp2Z#*szIMwd;20d_3PZKcT0_8t&h8N{n=jl
z4E-_lY*G)uNy~jR`v=ss?}90)z7%;`lLZCZdQZW0?1IagW_P;PowTDGXniZ+C%JXi
z0b!9_3-%X8MO>@w>Pt?RU$73RWDp?0KA7DH`~z<Bt^xh*Ee%v|*ja43a6jv?&!XqM
zuqH5e8g6xE$!SR3m=*H1mg$Lba2*kOF(UbRq3B8(DpZfqU+SMB{5)e&wWZK3F8QMm
zce+;&qpoxzYnl>pqnXQ-eANM+O>C2^(Wjc*VxjaZGUWKs!0Ae-D_KANM$P5^t>%v0
zl=1p<ElQS-$fO2@4<LPX)-?y~hmp#F%;odPuCSs<7Wm|YmdnP`SD~HYYV&GJqxUVm
z=u2nq@smWR*j4gAk6YWo!pA6i>N#VKt8Rc31FwN-ESHFnjdYyoRF7*N^7j|xRq3Zy
zOQK4;qf;csouabE_xGbL9?MKF@kWjGN=y4_lbS9Zym`|762eOzg0&p5$^%aBpsx0+
z(2Wutgi}Wdhz=C^BzgksuzQQOM`O=&8N}aNj(p)juh0I<y3VITqVq_-wm4Mb^=qGf
zm(-_pl)-_v?uqMC<v`k`Nz&YP|JOBpbEwuu$vI2k8!F$9RJ0lnF<GZ2VN)7oAI%!!
zr~AQtzPKX~SMJ`%e*FS474agerBVK6Q@(zR+N}IqcnI@fek1TP&YO>6Qa|`VK1L7l
zr~H_YuY~_G2>-Z|xZ!}*^hzxF-M`;besGgyYeF@Q^{=n<dqoLEj}0qkQT+R@n3sU_
zDg8w1=+2Gv`RU1xi}`6==DeUSyYyP=nE3eb$hRrV??$Xoly9PNM0#nlQz#RXPQdVO
z^V0^qnJN#$)Nj5(;jeFwX$tHA>rpN*p}a#W@QIg*fvVn?-iuEgAQw<zyw;S+$4YaE
z8%K`I$IJ_pLed&S<hS`&U)VYiWnJSviV^(bXM8cam(6@_<?-FiO9A!2jmagQuvssc
zQyP;i8)EpEo)PC><<7j=9@<o_R6(z}xT|xlxd!Jht#`I>$<;iw?wRx@ha*bo#F{kr
zoW3@YtuUp85;=ii0nVR_qt+7SK&NwSYbYLSJ7>c%nei;PR41Zxb>O9e8S5w_SI2yz
zQPAlGp=ZXOjqC}<E55``w|U9;VAU>;`ab)0JUeCao8rse@IsNqwnr(HK`iM_vI6ne
z`GR2A;hn8INQmoK;$sDw@96r>k;qvlX!9+=%HWKJ=%>9q^{KsBAgwm)<Zg7@{M3p@
z@+(qrit3iZGz}fq9bl-Op|YD`W)(q-Mq4~j#@buTpsZY5qwfYt_~qI!yhN37l!8$*
zMa*v#JzvF7I_R;jMwZo(#nS)34Y@Ujl;lmPlH%U*kTAq+&C;nHToYI_SA-qq-8nR9
zVnN$MOTyz%wVkiTJ;!_nf_Hw%^`7rk57WuLm%uMv8=8NFM=FNnN?9N~SNTYpEkFYL
zTo=~Ym`bD=iiBu>KUNce^(~weKQ8&mQWP+_asWZ?u%7{{)(mbshF_Tdm61j+Ts-4`
zyoBFNoD|8xS(>p54-(QpaFhI~b-lg9+VwJ{nQ8=ML9&j#f|_ZT9tuBHQ2Yz}xXFt<
zOnRI_OnIRpdu@HoEKrH6s`dd;%jF^@-%D?+s+V<nI7dUJbB$(!JnivRMAEUf)b$nu
z9omfM$ovrcE1-)BP{?X;1(*Y-=a}T1&KNkS*^w-RVk5R7$B|aA9w*j&byjf!4I9@s
zZ06X@P}9t>dgURm@m&KA=W|4iqVBVwAV+=og&D$KD;PTIts9*NwyD8!4rK9#8WDNE
zY@L*_)8C#8UtiFkU$fN^_|-A|o1xs?mb3nFx`SuRS4Pa-6S-><zARC^Maovz=OvqU
z96lrWa1i0EZ)YEBrC9xNGKyVl`eL-+jc7mW48c(?&^74oV%6+;DFQNm-6B~_n%4#o
zO^A!*Qc$NZAzN^kjinC$If5CTnDxKva86;gUWeAStkH=n-Xr=?7s`d~X%$lM`wR86
zTx6fs{{DXS-d3{VmgZ`R+F5owxu{uWN?y<`4i&)z|1PK~AI92>rwE9@^`gK;(Ddri
z>GGSJDYuYeuwuT79s$BAVeo#hWiB9q#Nxk1TcB)PEwR_28u%5amjGZHE0p_6z&24B
z{}#>gzz%BN!(Fsca~rHvMgQ36$yGr+SZ`{qI_#X(M<~VA=j=Y|l+$PSKduZAoZv5g
z(Gj|Hx>%dWpLV$*CG8LKdF%z0<x>J|+OhT@{bhOlcfa2uKI!UFsx`P9V*1qPuq|9#
zg@tB;7C{ynO(P`yAdW?rbbkF+U>!-8u%xVp_#@-!@rPxuhKoCBuuBhy<7<yw7>+_K
z(cH}VOe#U8`mOSg&_r=!!V--QxF7QUM^+^w*1*2MES5JD8J9WNdPGSzKliq?(z+=6
z?}pPo*TGH|vI}W-H$YXh1jTN;lqyUgn5eWJ6t>V>>`rMpnfHlSwoexM6z}f{mIx~)
zaXLlne~Ky6OS%g;*XH#RC4uFk1*R_Sl%5}T4e4)i>d;J~1OAD!5COv=xv&Czo|?9*
zqbUZQkm8vY#KdoH$QKc<pLdIheIL`Txyc{!xa?I%hlGWhog{SNbs??<9rsJ&eW4%I
z=b!A!IxP2M&h+&?wiHwggeCdYZ^t-a_aBgR)N;E{Sh&0y7oyi^#SZ=KwfPyHnyGK(
zKJ(*nTf^{lr88yd^eNEH#e_0h&XaMjDSS>6Tsm=JieDj0Zt}Mtw!Sd?KyuTw0dEPx
zTs6lZ2^CT_T6PZxMw`>BKe77>^<ic4Jy^-OF+BSDsx-eYpg|>?G<Hm%UM5I;o)6I<
z>kP~_o3^;{sZ5AS1A#If+eaR!&T1dF0&{xElhPkr3l>zH<LZY@e)hoa=%}+F%(F)t
zTW{_QN^bPNXOz~2%oKeXAwis1^O*Fdr%nuja*MDH%FH_rV~WjfxUuHNE4k}u?+eD1
zQ=xZUo^?l1TFrQTco56{YC16;+&utR4lUoXZxU4ilKd=fb<6!K%i~lzy$?RU4Dic^
zvgCyyPN+;=PMd$`VJ+sKS_G>>$4^5jRPyAXFlf^UxIktKL7LTGr8Of6%c~!QD}&&X
z!$M)-UFcjCy$nsPDravSWQTDlRqIX_-^9nV^rjDO1DeUBroAa2i)soBQEjyxi|-a+
zs_$#_Nx;GT2h8fX4P&1!qCjtzj|#`~BHFp21o3=k&oT9$hs~!VpE_SFC_ETQ)CxUV
zpDpm(&{0bBb-;|VRs=B<MzIaQ8$O-cNGENTfXiH&p1~WZpa$ve!?qpZrarC$5w4jD
zW!OAmT1<G|pg5op-9&CBnP9znN)PPgn-mmVOjSP`=h{p#7&GDDJ~~$WE(_tpl%~(&
z>zlcZM;7^5TAsvW2a15HRjZoo?5xdUlxuO>wtqPF%DGhAUps=l?H{jTvG=`QyB`_^
zq};iqS0$Oa86uTet+jbfRqc@}m$IUv^;*bvg-H&%Zbo!4s#EfGuWhwljy`IZbHhJ<
z3MW>~Ki7n4?i!q{1ewZVKR&f(eNd>I!riZvp8&gXsl~0Xx$n*#xpnf#MiANDS%y@@
z@fObgp6!+gGeJ4AGm#TDI?@-q8OEYBM<@4WTG>q{j&;Jz!qN#O5Es(uZ{<AeG6=RG
zmA)x_=M+^li)+kWYmT6P<xxH$NHMYWeKj_D%u+;$>m<)d=skbSxHwEuEdv%gLrPrk
zvXC5CuFl7nI%+WvY)bNh=e+@5H<p3rvm6Ju*g2bP-9wpGx>W|6^{g5e5Cm1tROSwj
zRiN|L%54>I2t;CGw>KVuxSy?tp*0+{dsd`&YhS(Z>q{&rYc89qwpNMK+^>=t$fzrV
z=I=^rR|3Mn9HD~lkk8VuSi8@60LUo#_I=LH#Pb*7=hk|p(4I9HUB2FR*4q%tJMhWQ
z{7{tosBjq)IMz_&UdhX)E3waDfFhJd`Ap3w-N^z|<|9`x?f{vP+`JITDJ>Nbkk*qc
zgIo=XiKKcMiHcm4TUi1Ju<>?&++zWI(>9+8wg_!l_YUL@E%Ek_%hV<`rSUCcr$tuM
zHwEA_b%d60OHEbV`Kt_#1`I|?cNWfl&woA9x9N{nwk&5p#2KT$Ov}pnN`+x@Wgc%+
zz=$AlRl|p5&OQNDd>F#N*Ar+yOx>My_^l*SU%-=VM<1$@isxwCB-%{fH=|}>S!1$q
z+B9vIU!~G&&NYi^Sw>=Vh1{nyVc(Ow{sxb~7xCn|F5mZ0Mr?(?XBSVU{q-x=H}0=y
z=CC~gX2Q9%)uxZtq!K|}XcfA<wU5?t?A;?Vr;Y0N?CRlDj}hT)mmc@*1K5GN{h-gh
zLIvnz&9d?91TA1!XVMIEFMCe-to4yFGv8!;0l2sX2tl7s!chjMPYyfE)>>({!Q6+D
z8v&iD?O};HzL_|vnMUy)O?{ye;s@iGzS%Bz5Vh=QNw*RSKFKdBHZmWbgFB1g7u6F=
zwB*#90v6dzI$K&Jo*)`!&hm3%t#-)!jO{Nonc50WtDEN(X(?RRc{JZc(Q9Z$IV($N
zET8!23wubkbew|wt<Dkf;cCNPcC`|PnE>cT4Us<NYO-xN`7_v2lyd<cGs&U_t@qjb
zz!SmHjuKE?4Tgp_p?)f?taCcfe6<EKJzzzdsdo0P9%0<&Hkmj&MJP$nT>c1L=PPlR
z``5lI<Sx7%yiahf(tosbuj(K-3~Vqtmb8Di09&+fA~=+xwXGqIQ#*6HFjJHFT85jX
zF=60f1X^s5DKI@XjZDa#fW(_&V4?nE8iPRo2_of*!%e&4qEy=MzuQ~;=quqnACcQI
zdf8ytkR^|DSDH|@t8zTdl+5~3nMp|f7IwM+3tce1yl01j!oW+u!q@LFtg#K$0)~Mx
z7PA3KXh9+t2RChjXsn_c2TT$oGYIDX6#-^Vf?8jk+I?>FH{tel;8N`ldU-b~esp)4
zM~Vv<6MURGn}Okxk9m^DzBPk1Wy?CfywUfH8Rg44N1ePs?!&>Zmq*SG0tADDwhC8~
z=Y4$x<J%wX<|j3(&v8wCxKek&HN#l>qzf04@<3P5&#<k*Vu%9f<>if9W13F>?2=wq
zB?#5A0j;^ACG)J_Mjd12C{V6v1kGME59@s|--~zpE#`YB@6^tgUMY|RfuV)z$ZbVA
z42flMzOVKZ(*+55GW=uxUlsD*%|@wfg+~?5><9c-f43vmrCRfv^D`je1xP(2Mk#hD
zb!aCGkCj|7iH@gR)2@si{9NH5vs%SarWRM83eyvx!d=sm*w@Zi*b&YQ$eP*NigGJ&
z@nA~<q_)km&lVfsya$13k#nCjlH-fbyW0B~>;wh7in*q-7JD;-IfB?_Y5S}@TFZ8u
zRBht^yO@Qq&#-a3L@U2eG6ab*kQE*;G9{~pu37HiW8PoDA}dY_!c6<oI1_r#n+(|v
z<$4n5bw>g!E1+)W>ft2R4Q{0l`azdg%7y1@FQE=`#x&t?OoWw+CtE)PDBtdsXM!Be
z)<M_-zb6;*)J4wrD*&1Vme;h?w`_%1DQPwVv4<BS<|4PeTerR3WP!ZLHECISW-AKf
z&<FIx@wFWpQX<u1GIbMBqLIGDjSz?)m5)fxfQ51&=oS>Mep$dH;Js_>t*3qlS%URq
z-6)!QgcvD?d7ykTL9=lktvg;;lQ^SDEqLUT3EEX4RtDgS(c2E*_<ywah6t$b6`7fy
z#C^a)seC_wy``W-XuW!T8b96SA&LvAebOaH(QZExR9O0$fof|<VtC~9sCedsXOP(o
z!Bg>0lcJf*B;#x@4vj+F-@)E)61Una&6=Z#fc(L`ctH_dg%KfFaizWfrw2VUQZL9f
ztkuG4d@nI>0)0FvVgr@g2-CQ&9;6yFSEClYNm1riI7(be$z5=og*&V8b?Q*2)>1R=
zfm)*L))GI@ayjSawImleFJYVi7X6Ojux>HdP^^wNsc);IB%p=dH+-+oJb$dS)nql8
zgS9lx9|f!uO%(|zyLxNb@;)A}C<2!r(XedKVP9?Na{n_>#+IvfLBRJ;=w)^@yNvN&
zo9t$<p?6lS)V_wbEukkBaa_ZOpsfKfO-_j8G^bXIB^TT|;aLaCjDv{#!o)<Vbc3lE
zWV4P)*#0>_#Bm0n6kd)yRL3K)V>tN~d{uLvCSV$e8z2Ub$yrj9ro-G<*dE*FcKk@8
zlhC7Xs*PQxa~4hbL?_-#nJmRbzBH}%r3~&GK&R1WP50H|`6eoEFcQ5|%$DPJK9B%w
zTcy@Dil!$x?s|Qo-7?joh2`YJ7qGvR+8)-I>QzoK>D26@?q!pFY0I;6&b>Q4G-$dN
z*0;9nNx?&`Uxk!PH1&E9MXfr394NS52^3A{KK0x#E79!bHpcKt=mJ#=R&6U{e)%~e
z-`>il*KKUOx+`)E<!8>$o6xsbtkG$t^m;;`JrM3OhIw^rf?(rogZ&50MApNWf)5v$
z&(cTlBANvdojBV{FNpPw4mI5uqY}RK31DK7PD}NJqKg)=j4t~Vf>!kqUIh78Gv~Hd
zN4Oe!Hd?u7@r1O#57SL!zb&7303nuF(f9hM?wexd9U(V1OiwY__{}2)j6R7@e3iNA
z*lKiZolKccG<K(8Xua~x$Z$)G;@UFgFC{!!)_PR=Q_m>^;?Mciu!Q-sZf-wVMg%WT
zQux|=i6Cr*3B6kg$~P^0apV`>D?82ZABYYVxxz~JUjhE-%}>+{>YER#D?v&>v&C}A
zP?joYORI9n#NdlZs?EH8`pWNfScD5_!X19?r6LrqK#ElaE8hwrZv0PV|LY3WrQMHF
zhE2f{f3m&)Bkcaav(WzY!+xqaG8V%VbEiLN0{kP8eHH?QF@)Ar>i@XXubco8hNr+|
z$Nt6Hi2gg%>h~i7PxS_<IAwBC5{3J(gaC?IfZC==-y@ns{m)zY`5LH3-&X0Z{`%k7
zi;}*nSVw&)+~#jV4Oq#4{Y=pUVvi7G&cCnsn)*fy{NyLW^SkZ-2!X)kZ3CXxKUraa
zUkrEwY_-^NDm^0E$^SghpIj0kmrV1Y^tOLm=_b_;Xs1HsjA6O|?Uh@%FM!*aHG3cP
z@9P!b1iz`W53SSut9k!_-d(3TpM0|Zv|v;TT8=_|L{?Td9Y6oqX&Zfg{Re1hc9*TL
zk!>vcE?*b_?idRDo19zSG&;<mBZndpw>w$@>v(fmt_F$N5pcR(L7%C&z)0nFAIT;=
zJ3mtnjxuywnPO{n*-4Ugujxo+H_3YMXg2&ik!!|c^KhHv$SHncVBznBC6@pBw*8x7
z^&*ZA{nxiW!Rt;FWCRXjcqWha&*2He%PBk;INHs;;iP;i$iaE{&yq^c-lsXY(EX^Q
zQ0SdrVySuTwY-)T5q*SjMYqQoHyF~QY)w~&X+=RQs)%}fgF-N1$ddxyFDh*>r76+b
zwMu}4e(aJJsI>9TCtW~bJJE5sp$vM(!mL%R%Uax5%``!jpO>q2?|S-!J^_p2Z69LH
z?a6rUI!mdQRnz1!$3G*?4~6P2SKnPUJhflb{TmXs^>UNgasd*E>oTYL*xT@u^3mhR
zQATfsggPC8O%)q&E9-KNfr^Gkc~)M}V%02t)`ZXd{4eYI%Gd}J0aL;~x5eFE32IJ9
z>#kS2zX&fdBNCq7f>qMXcBB5B=ZXnvR8>!E&EFTR7Rrj<f0(hW*EGVj08>KQ^*54G
zDchavUKosI(GALt6iyfK(<sT&<^qr8<flLL^%Z_^dD(7cVRwz(yo}{p$Y~EWDi8(-
z1pc+I0B>u5UEOs*E6e<xHhnlEwMkV7CnLZ4g1f;}8|ew!pJhmbzR9#Ws?2jA@ug9|
zsD%`oe|#1b6Y~lqo+ZC<)GVR&&Xd3AITNr*eog%|ZCTJR&(`>3m06f%Nz)TgW3)NE
zjxBMSubl6?<1<RL3h@LpsF#QU<z1?6+V9P@xR&)2lX`3F$)wb}XvyYBm+EEPuKFm*
z)O$7juuIxsyihIGt!Ic%{3zOl*v?Hzpj54sw`R~UO$p(-U^5;P*_<i7b5-TZ<Bf!0
zo6ntxkClURrkA?!|5+yAh*1QZPDd`p+>b}E?J@Kv>Wg@V;{R@&(z-P2p-{c>kE?Qb
zs;Shav$t#QFfSpJh={!Yex@eRk@Y2I-IQMCxNH5tFflX9^qQi0uRYd>yXYx7{NpM<
z3oK`26}U!{aayl-F=Y(o-8<e=3Usly=qwuNn_v>YXbX)=Ns;X>cDA=|>|dQ&Dlb-t
z5jib&NFjVuMbpdkW}q>`$6KR)1)h8(VD+-RB~u^%Py{(|#z1GxH(4M}^wej*e~%Uk
zBu@rjU_r_CuJoN-(y=_CSPp1?R~LxP3M<1^hD%OcAxuL&c8%K`-~BJ{EMUDLPr>_q
zxW6hyet(YRlYAOK+{;0?!^6X)0O&o{BE|VE__3+&q|EBIu|}4~a+7(IUf5x%1SauN
zKo?o=bAo1Tu?oXZE7n6V<XR)Nz<Nvl=q#+T+U)vvO{+UHOZ*Wzp{*t@@*3K3LYs#5
zJ#s<e^lD{OG<>c7*js4*O31EQH{Wj#j9|Y+G`~DMC|wPaPvsXgFhE@Q%$iE@pMFPv
zK50iJzVVD$yOV~+b9h$n-6bz=wl`7w4k$tuTElyai&=rnmh7{3Jh>j2z6Rt@&Tgdg
z(2TN!(wpB5<2G4-Dy1&u>cK4>UtY)5sqPf^y}&fthnBS_%UocQWyHaBhRQ|ntY6Wq
zY^<GOlsHSz!!cHiU4)ak=ZMNuU$7%?H@cn*j@kZD<aga|CV&l8%&nJ7U>1Vc<j0EK
z9S;r<b7csZ3kEYpT`stEFs4#~)KM>C+tm}iYvJ$6_N%~!NbYOu=~U3(n*aQsKS^7q
z-k{y>-=pn)z+0LXOQ1wml(5$cX%V4TV4A_9#k8&au11x`avtnx%$Igr3FoOAiHlT$
zUNHge+>IZWbcOE?JV43WtDscG7tif-Fiy+Gq9g;d1~?o<o^%GTtx3jh{9I6I*T7@D
zFu2-z)&)#lOPfYUb~Nm{7iC^08R;GHkmQB=f2>xw@1XGYmt!7KKKTs_cFj?;<Q`&R
z=6)!#c=+H!PU?1{$DICF>~khh5+2)`0HJHQdsnsRt`4rQ`9QwsNRcoy$9An>P4{7C
zAb9_!;P>6ul`kk@D=Vg}Ru_o2SjwkQFRis}-k7~XSIu>xHet8MsM4-MD^jmvI6FHp
zTG!?(DsD-ys${q5>{YXrtD>^{RxO3zH;7!b&~Eg)o67H<)ZvI&iPv9wky!1$_VD23
zIJ-!#sDNu^Z6LkM`rg{#`!@}mTg-!p?$fV?jDMY@bIVU4Nks7t_VMm?DvES`)=*TX
z(|Nx|QkVAkI^okOQh$@83fpg$@7u&)7TRau8*A25v7E@MzzxzU(H57C&_)QwHOJ$z
zR!Q)G(ylfCnl}M^-E0{ulI#Y5;F)hD!komD>tK*+*;g<Wg{|G!R*yC<cJHqYNpkm~
zq#s1)=qB&{wd!r8AllW6G}DEJg$zPMLVma`w2BZSF1O?YZq*N@wk*1pF&E=OsZq{(
z+{`)$?qYCGD`2G^5duNO{;ZP}Q35E>+XqNlSN<fg!(olGcG!9*m<K?*t^?d;w!J--
zYto>3;*=!U7z27Ycq|mwb>|MshW3bBqg&4stchYvQtx*|DQW`SD+?1xxc$FTTLR5@
z8-7~$f4}io<SBqF8=_=6Kl~d9zDWac<zY$Gzj10t6o4yrU(*n^{~HHBzrmI6>fQgo
zp5p79JEX!3H~9CBB;4T27mO>vu4hN_9oQK=WjvxuNX0%Hig(XZnl&2<>H5EAM5%}B
zeiQ|2xB!Usb2!C!B?jIVIPoy{%rAIe-+(F|OE2!K@c8vd>&+tQ4@)@Ru{MKVt5YH!
zqpf%GXd{c<<+&Dr#WkuPul>AsaAZ1GOT(rh!|IOQeV(1Vulj>{3%7(DFADusbIfu0
zJy*gkivoPnH?NN<b^{4h`Ml0OxNRGE%Zm)g+*MsS*&B)H#vyF64>5B%hV$u|sbNl}
zb%tLBu8@uRiP;Lj`eriz?b<PftmfAq|BV6F>&{i7)SzihY^*r_q;hw0J)tw{XsUcw
z24XS6m0plba8l3NvF<S)pJh}PI|scWvp@SNhl8FO2;(%4MM}<-EB`3QX{N%XspxCq
zdz0Y4-u^6W#=4c7O%z5Ah&`sq_m)7djFTLheAZ92;DuuD5{Z2?*5N#AVvLg1WToL$
zAK$sZ^2~qr>-SZl7@L>lS+?^H(y3oWMPB+~GAD7TGmI6!I*}uj%PiR_nJ(ep0X6l_
z5VB<wWX{Ci(i<zL%Ws$nprHn3Ust=gY3ti4bX?ZbVI1~ol)`HZ3NKAJPY(9;R*KJe
zn(T!`-SM+ma*W$u=DvL^SirlA&3JL`pKdXy0Dj%;>RZmE7Y<#jZZ1BD!vik+y1SjU
z2V`@anb<~cIh?0gzg(Hf-1)s6)Nug7zwU55bMK~Qqa;zDp^?v#iV0}!<+!xZsJwBD
zDk?O&<{mSBE%1PWFed;WZ3Sv^TSW<(_j#RraX&r_hjl?Rc1t5OCx9wM(EUs4{j?G`
zZ{uDgCRA<CfmwB{%;UpJ?ZYsS<=fKIvRUK{DcMUMkGzI*463)IJDuzfeQ=+8byu|)
z+FYEkXmyBLe7*+N`w_?{nn5UqX(f(ju06wcAe=vhkU}xo#0oNIEP2d*JX*;u7d?KD
z2yni#5+XAZ?E;_lql8mK_@ze4&t7YsG65x&-m9XU$RRC&Gm_qC?Sl{-&%kpISsGAc
zjGjBR4|DmgpQ$C*JKA$zw~*6Wf@2!Fmjn?0_NqAvv{lS6@hKUVmU3Tdzwq{(J8gT`
zX3>4vuI4Q)i;R=6fQ#CQ8MHth`q0mQ!8IFe6uTeJ;6W^pp9pC({H?i0pDI)KCe-dS
zg+BzFhGqup+Z0mEH22C6?r;9>sEfY9t6X{y&_UEJ6k{i^(=tyn>`PKh3zllI*q{+-
zv>zt_O3#yaW>m7fD|4mYh!*xN%p#Mw%$h~N>c!c;)1rb}F#*MPmhk$B_M@#5lj^{`
z$`)lA@070mY3H(0zk^GZ<}0o6Fyh2F(g-D$r=?9GdT6GmYD5x>P}=*7_mY!rwOSKV
z+E5A$T$R9NX0$UH!Fs;ic5znWqs6}Kj+Bqm8SORPQV%T{+P%on*OeIbxJ6=lmKZk-
z5v0moF^JLyvC3NAue4j?HHzQrcw>t}@>e~VD_oDhUNDxGC;~B;07dyeL3Imu0O4a@
z$G=%xba_xP`MEOQ{tzkBt*gY18~B=%>#y^$0AZ?do}wJB68mAYuPgKu3oZR(#Y;%Y
zqpmH>VxH0gq76#U<3+3(mGXU#v~oOCju8%vjV=r+5-``^Ec>JpUDvy+fLsp3;eBt(
z@rDFeLe-&SVG7Q-M6R}3AOcy>Q?Z(PZB$cttsx*FO`F%bRgcH#+7zGp%s6x8p{JXN
z;)gHiR@YX3oQqz~MUo&QRa<S9)X)#ebS?qsEmlw^@3^&wf<@E9<4g9scqvjzr##T|
zh4L~8X5Lwn>jFOp?7}M%i!frB)=-I7{*Y(8Me@n<NJvPxwxczZg}Y`KC}EFPaP{>s
zwWIzDSg%{JR{s*b*`WNqaOgJm!ro17YgdQhs{1tbZwB*aDLHTQ7~HyBnK#BAL|G)=
z{8g(z!N{eP?zYkhR)xEZsHKl<*>vs;XW{*66(_4fCF+i{^t!mxdd*SrtR%<7mg7yV
z(l^6oghoPTOg?k9mPPY9ALeRwt@J9UdqweB9E~f3hbDYO-!Nz5LQB?R?@9yKca-=7
zOuEixVwtUbns%aaW7HZ*hZ$I&_h)IT6W$}Qls|I{>*P2E;#=btv$dFu%e?|>&hd2C
zyj#vvJ$#?M5oiCkd62#aV)sdT3m@a&{JxGeRefqZ@o7M1bqKHZ5)0GIl#X=96o~R#
zioF=qhEsD8j0F346{?5wkGYt8f|fU>Y{&?n4yq3)XD+YwS&+LysuR{MzcdBZxfDg{
z_|EkwjiT1%DnsI&3zS=W$0~in9u0$zF^QS15A*Z2n%!qDvpPlN0%SqNOrm8zazXf2
zo8cG}#g{XZA^vw*hwE2e7>j`QqiB;e8Ua0}{`^6IV)$Y!-vXu?Ik4$ExN6IoU}hXS
zJx6%~b-dF$B0?i@H@ap7xB85O{i#NxoX@wyllY!RO5)!S`wBRFa4(~$L-A&`Q}Ce5
zlk!XT3F}B3&d<85@;or9dc)Q--)hJRK_YlUW*nl71t^$F=J2xn9mR^@TPUf1tjTUb
zM<>KBkj=%W_L6A`k{I6(2{kI9<3>+EoZ&fAE;Eb$T0>=vj!$5~Hdx!YZTB%QCC^a$
z-kFw)u>d`K&vvTLJJ3}HE%U{zQ1k|K4eM)?yUYDy-)w`Oy{_3h_eyQ#x*0F1{m}MD
zXuH0b0A~)`Gw8rQ)F9I}T+2xmHXRxddc8t>8UlV0;g9WqUbq+^#??qmyV|EdCIrnT
zG}UCZ_oTY`^8JMs|7+KM|MnJV-}^V8*k0XiY<A)zvMB;#+pn1KSDRXI>c=E~lKyDD
zHLM0ICQ+t-mG}y5qEeQt%$a<pzSi<ivgPcpc9m{&4YXD?fN}p3B+)JOkfmmj4I^N7
z%8JjU>uD}C+1bohGr2>OgSv?hvbD!3X7vy|nL7Rr$9@!pfhDH%WrIxZbV^!RI`q|=
zf^J6l#K&zm546s-5EF=-KrD~tmZ<Ysu`nCUM_4PCGHkVGy+;er;-c4@N{5qcb0)#1
zbfy$U!D~HbykatuP<FAQfDoGZOFP}Rn5lNlUNSC5pDdORfKytbu+AVP&4da$XXV@=
zl>vIiwT0O@`mw>nU*$YgkY|pBWy3Z_Sr1LhwBj*reGG8>=ZD7K(OI4Qx4KfDeBrUT
zdw&ZWt$=d202JX#yTK_UrD*0fO-T)vkK&Gt!K;_@f@GVywP5WR*0-G-paRZM=G4$3
zm2v9Lw4sw`=rV4}nNcU?nI1cv#bA2Yi(|_zdtxW6f&kmtZt_aOkC(yIdt~!n?!?Jj
z8rImN&a)FHqwBK#_TPDf15IJor!%osmR|>|J1A>WhviF==RCNg6Ldjwh~(>J2#I>|
z4_47l{IZ!!=2+D1bEvmHH>QW_W9ah&8GK6(Rg;dxqs~zRJj>vy3d<|CCl31+ZeLlc
z9#+r%Wh3KF4%LZ$1o=@^=2JD1rE#4y*-A4_COr|{m!1H=K0=&0ed3dPzEsTh3{)y^
zP6$CTta|PybP_k_fE{<-N@Ja!n@9IpHI^lQBhFNr&k%>ydwe_4-EaGb#=l0|J=9mp
zM32czn)UN55R+`({NLY3-6D8VHas3s9MO|k+WD7efZ}vsFI)GymN55qoO4?|E67Eb
zyO}@^Vw;gZ(@URr^3;XIKk>ZtW1>}lOiIklU_!hSa2h5tPon7K_=o6J!xQ?e=Z?f3
z&CLmsJbL_ieeXO?BbG`}TWhzO`F$^6z(}rfJYQjD^#K)hSYOx}*U#;h5%)Z>{@t~@
zfXZsi;#>WvBp*-MTN);XXb2ShZ&}p|{qvW27BZ^e*!**<7)8XSU?|@6-@YC&iHuN&
zn20%EKKvtz{jDkcy_5jzk-y|#eEjcvfN$9V$o4fX>SxgA-`{rgA|nbYBB<L<L(&ce
zr~Z$+{v1&GrxS2)+}Qv5dBl#A_TH-b_cwjEmK8w=BN!H~pNJB`Eh3lRk+cfz@$JBu
z#d|cO9k)Amb2M@0@9?FvbJS;}{pv2@-#XG8961-0*?#jUJ4du5uN>C1dofPar{oKe
ztSZTYM%hW+5D&s!hw(ngc@8J8#UcXh&8Z!~v@styN$|YJIg-5d(B-x1%R=_tf?0n-
zh}QDJ*WuP<&-IQk%Q3NuJbtw<#jhK$cPco+OZnBVS2o}|As->mv&lLO*f(MG#WDAZ
z(=GQU;_s4zWV_<`ujds6)NM87Vu7*V^7SNFOef2HwwHOb>WmoVy1Xk_Xqk=1PqD05
zv-6=Y^4>2jx9bIT>)s{bSG1eoGepqFER~W0q@=3X*&JGEWGX?Eo10g7XbrXDre@M8
z(DM5Vb9>hcBq7aI8yl6L*ZLr}Z%WkE5KVp9td5}K;W_N|{=b=tWO^1>SF_AU;l?Us
z-@wMIjTUTW*I?meNx!VLLSIJzQJC&z;v`CIu8i_12u3eRJ;%UwQC`kuf584-9yjhz
z`<)wb$DnG_V}Tua=rNk{>p-)&EI>Cjx<#S=lut5n++0_PXXxj6-2WQin|e!w<rcg&
z03X{9`9XKhu9+|(gN<j3V@Y~<Dik0#m*U^l<k0)v3oi!uCWo>t4hvtVO23F0ex%J6
zX31SF*EG3XslHa^&Fr7xpKk`G8d|c7lnS0)7q(6-5AOxgmn)%(fzVlRjczPQ^0e#~
zNNC;)RJzbgd{UL5!6q#)T??L(y>hwhV88g)_Vqoat0s#y1>^70xN;NR+-xsK|7+aR
zqBhHTjD8LlE0j-u9n0|U=<>uTqX43$n(0DKbkvW{pi~qfy(QR6UPJaxJ$2Cim^gRQ
zdK!vZ^JFCAUGH6bgR>PRUiB}Y(k%sckHi(dT;F{>)8Ii{Lp+g&((bQnBC+#-@fW-_
zalws`^pPL)?B{C@F@m{uF|y~~-hRT3Uhm>rD<}Z?ulaBGQo^>N@GJn!-3362`spu1
z-RLk+7ch8+-qGJR>a|vd9znaN=B4lKE$@k;SL|0its2f$dPQ@iHvYq1lxX&SM3GJm
zn^bbXE0mzRREw$W@*q2+gG)QL1*~Xju1d-DAP`Seh@)n!n~J<dVp$4Qd)tIOWBt=^
zA-9?h)*cYD|DwX{IFHZ2p;=Dl;^+l8y)?^GP)U4XvYr`9mOEl{hj*8K=L*b<Q78#y
z3uY-4frFborYl{v0<73RBClrEs!cX%9x#!=TFw)e7lr#DC&5&b%!O~bOfQJnN1il%
z<_~EZAQ2MVCtT7L&>Jqb{>52f!wM?7jj?nIUADx%<8*`XOzXLdev_86yC-V))`2dH
zmxf3_S?GYagr_D&EaCyf<8fiP5kcu&tzU`Y%zfNSfHD!=;Q0SwEU?2nQWIIk<E*id
zPM8P46McokPke1&+WS0lJPGi-!NN1mM|<BMiGzNxecfEQ&Ep)y{{o!Z8%mObL#I_l
z^%Kxj-T->fcLO;Ql>ChMRl+^Fvhl0pMh*rER8TRrk2M_|y*npJz;R}O$cb9BEUlir
za+}V3ZTt-&0B#@&=B(>4k4g7-vRS=UC$R%(ayp^P$*%9VS|sSg-i(z#e06wE(tNX>
z9J@lHe7_knqn;4U#(L%UG}s8T>aDZdXbac0iz|0pea7FqSHMqLwfydZ$MOAudy2r?
zG}aelf#q8;p%eO<iIp)4Ve=)TcXifz`NURz_>%%b(eV&j8rh45Cpj8Wb<GI}84$Wf
zgD&lSC<N!#^3_H_qPt6P-tisD-|g@msLeYaggx?Wjg!TpQ>(4+C2YAt`tWBSlGPy?
z{Vspyu{a4mBT~!v!MmqO0cNoFr!6yJDNu|_jlNqkU4zzpLr}s-l$qpvk7mj`z$u+!
ze5M*<YKj6KtBbX54n7z4o-mdWE0uTvP|@cK;y?AdYOZmjMur%Sn_jwajg#ws$r2=3
zv%X;^r7fFsmQ#9tofG%~8sS{jDD#25qb%V{pW;8+YG9O5S7)W*W|<M8o%VNs4OfIn
zll;1Mk?)OwOy;Fmo~3;AXmnnv-vnQbWpI6wVqqU)BFmc-47+XuY6%8u?5coc<NGxW
zYMqM4vm&(PH?=y%&t918@h~HGtk<ailaUbQo|jIx>L5<7lKY434{{ltF2C1|7$PBe
zZLJ5_w}T*nL;sZ9Z+CMd!Lp`AEOt{ZFYZcbw9h+@<69Y@U~&zFMw`S=s=I%lNT$qZ
z_@NB;FW%v}L)rPoFWx+0kVFVVtrO{SyygnsuxyssdZ|*Y9L3ewIdwZJ04V7610xj8
z!}HYGIs8xd1|1y=i;wps)#HNuKe=>9Irb1jpj5Z4$hmtaX&xXk+RMuBU`ll4bdovq
z)0p=fKvt=+E$I!_z@IBoU}T=&r2}VCqsC&;utg5Y@H($kCBJ9Q1udT|t|`sArLPD!
z?vUSbkwAcpXeAeS=Y9LhMd(uGAmXQli`-dCTs}47GJk3TG%YQ;F@@Ch9IP#F$YUwE
z#}sjweBDav8x6kGwSB-3>L!rJy&)#i|4mFxcMnEhRzqvQsNae|?f+{{$8cl3>{vKu
z(mK-1xw;5>14gSmYONdi2?MQsuP)1~IQ3na)a$JE;NjlaUt3B;o|64+fLo{sH%0o=
zhBGOCu6u8pZ{x&8mIqgwi;<_E<&3=GHek-U0qR;+A?Og^ealWF6|9K~n)2)tJ?P$d
zuEs7pF6!84vlB*v`cjW>*a?*m#!L#ysVD2P_oWR{TUrj!ArQc{9qYm9nKodJjkorY
zQb4KiHbg7=Jl^J_a8fx|%l-H(m-$#SRsmOEjn)O2xUD$!PTBL~;5yzt<qMK3?B;M-
zT(&ETvX?}wi|}4xN?wZlbX+`hgYn*`*lczIYI1O(D!K}|etGZ-6gx=RH+UeuUgTr*
z^%1bm(IHfs!0_3^&Foq-Rmqlfyk%VX9fWAnbTfe<ANZNIenYr1M!AF@@#uisEQIyB
z)y0-usRlG|GFd+ewW`h$eV&?W#(-IF?{TMhv@mnflUlUC8w3=Zcbz4^{0j}-Lb(eB
z9Xa@Az7oH|Xo_xV=BwjNL%rPn?mOU5J0Fcn%PxZ(b`@-W6==0Wi|?|Hf;f)}H`()u
z!A?yD>nck5uQ}^N^O-YPPF(X@vYQw(*^=H%43~sVn#|fEy0wx{kP4Q`g*I468Os-u
z#1Hzk)43c?3KbCdK^$wYoBN8aHG0uX7czOQ8Go3~?rV2e?)wu6f19C-Ox)I*R`sxw
zR|oN(rbC`?<ZISerh2h*AH=((t>ffLc;%O#>Tu{mU8sYTDma+;=~zUo7mA_C@K;e>
z4}iG4q?wOp5z1}Qm3WWN;#w;i>MsRITm2N+tS9C&A%U}daal-FnEAemEtt7mvj%Bt
zKQmn5(_<zOU%Lh*l|^oB5MbQZ@MhD&I`{?g-vZLOP3#uu^JTmaHTRC+cCyGr6hov=
ze^)X~YOu+dUQous$LXgps}ube2@Wk``*C7%TOJl;ttEFJqM^U}a!8~nS8nAVJNqzr
z%>w78c>C^SV+<Ooi0`L=7)!Lpf{1WUtjdc$$DQsW*{h}Q64gZIOZKPlaan0JCtnbA
z4?O7~v&|!0`D4~3%K<tIEbVsn&w!o3A^1<=-G^fbg?j`%{QV673HCqB-4vRnQMi@#
z@2Z;h$2ZE<@hYm|zjM;+dv0j#3cASQe|;4&gaFu2b_4t8Q!*s~{T@#u0O^un+&2F+
zhyUR!-zR{iw6lq1yd$)m`E5gtvfI37xBqFLO0r84;1{0+LovYSJSCLj?rTp!c_%vJ
zH3|+ze`tCBj7L0*@b{7+@|_?1NApAHEa{*7oS#mV$RFw;7%D(4c`>n<iFZFzMcp)x
zONfWIMn`<)$~H1r3r{$=Wy@73^!)T}XhnY^kIV5o12{fUYq{(s7;T;TqAm~Eos@%>
zsp%G9qKMl@W;qL&W`>2yvP<td__{to!|Wc00cat*DWBMxY+NokS643cuxn6hY{K6O
zIn_XNCUY8}v5R$_vu-`yV4D0fO;pZ<I~&r+Gn#3w#J4#Bezj+R)tw)MHQ43V80QAl
zmMgw(U7!m)s5TwgbD~-0<l32g_iT2I`bm3*cbEC`B;)!)XWz>I@ESO^LfO9e#!wtx
z$TWWH-bJ6ePuK{CC9=fM?pGL^VgV3~!ZJ1*`2`rdk7!U@{gBdVeZ9R|F<|-?wQr$~
z5gYRP*$TsfM)SExV@JBncK>6LX#HsVXs`l4Q8C_n-MfMqB;}J)BNkWOQFk_<Bp0CH
z-KJ)jF8lJ*#k}S@!>XRFvq1FS?dma3?UPaM0|b5E>2!qT2%&7^;0D+#yKww-t!lNV
zlD4ofM6Wq96ee?>w|l9aJ-Tjl7svvhy>VdrDuS!GN5zX6Z$G{51Ry$THzd5>ea!xq
z8TDmeUXFt<u3CZ0M_><@+l%n>_mYWMg^#L?K-wy?F#449o2`Nc@ss~)hyH%NgI`4V
z+u6<dJ#!4hxnbgON&SSO`eLDZFf-8tT!0yIzE{W0PJ&sE?$$H`j<G-O%NoYpjRhJ?
z@-kJct}mnvVQ}A>7mJUr&$as-Lo1)Bd%^WF3zQ6?6u#7Sv>@pmo)67My}cN>hdK3|
zQeH`HC|{2S3M<0Ge85cO);jT^mJ9I-`L5#npbt2k^$v&!+E=g#mO~Xdm_9C#k3F-5
zuc}P*xzYpk1!_oV(r^uzwJ@3#V(l-7h|{a<Ja>du>+}R46p|EGw?x1X9j=JMLCFXU
zdF#NMY^V<?ySh_Pi_Z1LE}xp5HD_$a*wRx$@;J+&_s(9i%Z+wlG!LA;wRAy=Sh=eL
zOKO0os2Ot#1NUeq+Miz4dUJNr4bim&94lSkHPUQAm!?}meT6O5DDc6hbY5!bLrwnY
z9~9y_|Lp-?C=4wnVob%HMM<Avv4~TGS|b@I%U(*MOYx!74Q8bsb;oqMrIv~>H(PfS
z2<&VY@Q`ItO=u!dS4q_L-D(^-%}1VVBYF(^>)nNev4vKq7gg)Ly$_g{GC9BdvVQwK
zqhq9EGyF-Kw|XZ^ty^ARI&XXdnYRSbeG6)o<~;l8!5quYJY4|dL@R4*<TAMJkqcBm
zql#+wYEIa3F*&!^$(`N@j^{<|Gr%$63xNM&R69QzmDQ6sG~J<rx#X;QU!p%K=U+4q
zf4I9<zYxCBzc^a$P9K>o%^PbxdQ8WCMF75ozU8Bt9RN=%(Tj7e`Z9i%tASKc6mAiE
z_AA6I!w%=Ie_0#X!eizeWTJ^4<WeQu$-a4xQU;Ax%$Li-RrI}f!ME0G3`Xg@KU}{N
zsiJuHCU)L;=}pl{1_Oqs86EOv3j3%U`ZT$r59y)8U#Wr)NettVS6}d%j=}CXR0`!y
zy^B<*yS1Y`h;@tjd-2lD!yOUKCe9`Phofaxal>R2<<g#}@6g-~g>;Kem^VMKcI5WW
zlnHW6^NfBlA{(ZYK{J%s9@5m~^#O%elEESrMwjks{8bS*E+2A1kPiqlg~E&R$>r`n
z_tKK9#vDW#YbL(IVBrK_M;s=m#!6D$RdIIjCh5V8PDfJCo5bt+;)z21P0*tU#IQ)E
zM$la8ND3^yxH;(8z5>AV3@sKf#|WI8g~#DPd>{5;%F-$}vyJa@cS3r%rP8bTY>GyH
zgt%}9!{TSL_Fm&#s;Po~I;l?9cPR-RH4y0BK40-%+N>lzXuzz53~P$8i`srJ3wus#
zgN=T1C$9x1XBL#yL<;Sd*zKU=uJ)Ef9)Z+P&;&iU>ZMSVN1e+YKU*NJqy7~>TtBax
zi@qQQ-uZI7M-!alV(8*UsGzSZULF5L+nujh+s+<^<|%XhR)1&D^t;H_;dYg;D%d)B
z+gf$WsWDn9L9uiuIB}iEdKeC@ujy7zfV7RyEz;v%))oheL!+2djk;n^GoWS;>(Vc-
z@_-!J8Q<Fuuo(hQ&rA6XI)O4=Q7KdtbVjJIgay6D=8Hd8&xgB3;GOp9$>$nNTmyy@
zOeh7bf*07yX3681md+cbKkXj2|FL^I^oJQu<?y1nc8Y72t{!4)$$;V+CW~bwWxZqa
z!mdOTQ;BnR7}?#I78f%e^2`pSL#wTBt4w$c+^br~b96y3?4gfP8^W1rRIo}tIsR_A
z%fkACK|(!CUs%TwqL24^PLSD18GU+>{sr$q3Dl|OqHiW46fgUXP1;on(q|4lC_4x4
zul@W1>Fopq!bbY8x4?rx5b%==z0RxKOO)N4yNDZ6eCTCbFoN30EkgPK5%v~fO}*h8
zu&szl3Q9{iBHbV*jPBf|o6!wZDFF%T9^K_AX%y*_mR1@jwb8Kc8~*bD|NX!3yRKba
zz}e0@JMVkW`#kr3KlcM{RKpnsSaIaX&_LxOftau_YX)EA=V7;HjO4(f(ed0x89x7;
z@!3&jHh@zOGA%DqZ%SiOyJyBb(;UDmOiE2e;m4ZFJ>Z$)<Xp8Dy}hXX*3^3@)f)yf
z+|uK>2F@Dutk+)go9L0v&{*}5J+|V3OArUl)_cFn1X(fL5LGf5*G;8*Z^1;Sm6z9Y
zgF!ftlAU?p@XwNhx9ZaZ9r3r6(<^$67eJ+S#57mK>y(RQPl|1>r1BN#cLE}ngOyh_
zep|Y6?JAPi$H@?Jk4u8oCqyK3R376$T&w$P=Gz+3rMpJLZZ{wuw^LZ_?5_5nsM6A&
zkyG13Yj^(E%*iJ#@#DE@IhrBQS8AnaOequIcZfyPbCP|<%Z^_r)zz93k|G_N2OpBb
z0uooK`}Ar;q_H|YmW3RVPQVPX6eXUi-DZ=Hisd&IW|+%Kag?*_(W{49Rv=PSc<Z|+
zeT1qm0*`x=CqUjF=3K&T&V(*m)A|669bcJcfUrhX!&n@x{ls`2=hR)sAhbz4$DE?#
z%lerH1G)XM6;wf2vk3Xs?Oo<;($$<Msdq;BN4TkedavU_^Zt;q{O=wex;M<0=S?k`
zJx?dn1h`HC!o3j=MlqF$rpZ{gr~M3u102-Zd0w(LUaRDM+e3F>{&KZ%D9>Xo%ex0&
z{%pW|K)PXKM*}4NQeW|Xa1CFBQ6MS_<=W+LfK8r4FPLIXt+i6!ZTv{=`2#-T|BD2=
zxSLo=w%+>ULf}_{Ov}Rt3tN!g#H41sH&Q?;S!oUrE>+--atWCweOf#HNunQqlGa#O
z;W%Y$5*C6Ov%|NR3``}cK|ZTOp?cD|m{!6XTSZ#hYwpFTk?K89c>=YuPd~9QX$hs7
z@%V07<+(h>&G#1DZRyq?5zx@REe2*eiH^D`){UIy+m5=swfdQO!o|XxQ3`BO|6zFq
zl#68MD&A?lqe_{3tm7nFn`w7NP8IFUErK9}216cSg@>3wTum!350bB!isFC4=(N~C
zWkuo&xPSBF1ugyDdtKh5MAOLee15mUB5M32%{hL~toqkY^Glgc?{`asr))?Kue2yn
zerYRxiQB?uSw$%n1Dnsc4f_Xx-Lrv%cp?JYUmBEF@eRn>A+T;A{Jj-ymRepW@J`+D
zu{CVt7xCTbc<<h+sR3Yfoa~TqL-qa9+)QKC5jbDiY;4=ZQ(3i1Ucp=31Iwl*bTIqK
z?gM#G@Ue86xX;JF24K@Fc%qIcq^8K0vo}ed=qra<W@fTtENAfzZ<P~a&-e9#iy}lL
zKXX6S;Vo-BP>M?02YT7By;277^0wJ|O=iD3mS{U%k+Tb|h0SWD<2KfdPmc{zTDIkn
zq|QWtseSHdkSDpG88!ikdkI8xA}=P9AOxu?skP<O<&p#W**43Ot6YC?OZc>_!ClU|
z*NV;_5dN*11l?h@&YH`y3;PhX2K`rvvrqV2NQuJihs0d}W9rhrl93uTx!D<%cw#?v
zkgW22FK2LlxTWZTf3ZQ2*R5Vf(2Z+-OmDfe*s+unNp{4gl>1S|RC)&?Hy~ozBj!6z
z*OE+td_{U^#lWZ(2VwXm4_kpB7!w0Iubr(rmlI%~rp#5$lwYAhP3f0<>hb#)EMW{z
zB8R~sSEI$ArLelGMfdPl*SSiCBwvdmm;)o@$~#FiYmbLT)1mXc1#dA&k9Rr1V{2tf
zLV{^DdG6L8^nb)_SUBXW<N;Wm^WaYy_%T5&Dz-JEro(3nhL<4iX%92J`)gM<*_^oC
zrQt$Rs45I{4p(gI)aO0%x{^US{X<JdVcjOq<j3TV{><Ri@8NhSA6gN6MJhIz{e*sp
zWJK?XFS9*4_;b5+CpNEW``J7C2Nd%^GRz9qYeotS+q}W(|K^|b&R3L~kSpI`Xv9Am
zqjMRyoWZ|rgy8&dk@4^B^6DM`KZpB*sF0A^q`^wp9923pPm(!@vtF-x^L`m}!dSh3
z;`om)PD+|!pXCuH!c|&3SmbKu>Ui*GDri;%*~Yo~V;z-{`oXsFWhIgXJIasX+PM?<
ztO-eRR!uEf2ayHTgcO@*?LBN{CZEXu6ZH06Qv6+nkKbr&XOYTufo1vs)W88Fr^MIm
zFvDy^Di_n{m&4}?>7QVUGQ}sSf!jdBK)HxVIRZg*8q+-D#S7IBwVN#&&hDH)Uoyvv
z*Aml9P1ZSIqPZws;s_p7zYL(+Q^Tt6H0$IiS!p?9<KpAC?7rwQH<~Ccl%ws%<NPYI
zL|KVOL$`LlD@*1oXU^F8Se*p|s}oDQIjg>c6#xtknVk6j6vAkRYn%}{)le+an8<q-
zb&IEKywWG2n)UoP+qM(#h{8rf+2>Rg8d!9&WMyAfyTU~!ksobLX_;@WAK6F_Z4OH>
zK^V$KH47Hh%gh;N3GyUuL?sn^@sYRd3N&DyVwPA;?Dh7(ziF&rX@A%$s(EC^-`Ck0
zv^>(I;k(^_62{)<d-O-hTuF9)1g^ug{hOk+zGc@?DKkkio!vDK`FQbWl>-c1VVfwI
zTCoz7UTQ~EIU2%7-TD8a!7@F|7c2YEu9z@`RD)W_HPUep+b0Y2oOi?!GUE=t_L$5`
zX!>zg&uQintDp<rC%#|vu>zd+gDbt$yG2;ZKtgKjZ>QhVD7s?LGLc$%OeTrfv8Ge0
zXKDlOS+m1e#TO+%G$(>XMCWL^6R<)wHEg4CbBYSTz?yUJOl;ovbV2ki@W_>(pHT+~
zO^8QtGfPiXn*7A^PD9bIxgV?pUeF!e&s~F6N$t3bMI*u5ZT=Mzd`{=)m#$@x8G%Zx
z7YspclRL@-5+<v)cys5G$%i?9Ac~6fROhEzU+k0e?qrgGE0JN|%H!E%eFFmfTlL##
z#*)#Wv<PXM6fzc#M(fPgGA!hcp4NTwDOoDUJhztjuRS)Q@)Mg+-(ZO3%4{qKx=-5c
zK|#t{1^Dvq6+nmW1J2@P)5`Nu?<=Up`KtDim+c)^l=NxqmTVA<WV8eS!}?4j<Z^CT
zE6Z6w|J){p?=Is`&H9J|%eGF!#jatQBcFt|he&sLDC=1%@_?dlPhZceYG{8N4xP%P
z7%}ImGE)`41GCZzPBiz6)*P(tTqRqrx@AfDcJVQyG|ewH=n6Ei8&EV%ER41~2Wx*Q
zJLpUKD)N+HIFa9aceNW*xod9iSf0`PRu@w9_V$Q8-|39$#9lc1a3n30;YJ22!Vk0B
z&@zSJV}3!HsXb9dY*j4mcQO)lB?i)t2EC$M@=5^t^Jz|9=Mlx%T07UFjGQwO9d2hJ
zPuvqLEh9=u4s3a+8_*iZKkcMluldfTbvDEt<;vX$NM3_-=C~=0#OWt0r=T8$$OUV8
zM<LwZy&h~u?TIDxuyH#Apjf^#Wh%;;Dyka_Jzt}qgkucq%SQoZ67r_AoiwAVDOwIk
z@k(abc}%AuGw0bHSX80N+%IMmk$7?U`fren51SAOrU}hrFZ(yfZ!idj9dAC>?L=J7
zF9<~e5KzqRx*S+CzdxKn=%0L8n$^J$b@BzTJRn^GE6vE29(j;MRG?JcV%9e2>uls9
zu`vnWbU$QWs2^g8M!llMd_P&Ok5upKRZ{Y+^FF_EML4qUj?8|>$~22^z4=R|Y1n#@
zy47y2p|;Ia-!LY1etMz)!a<BPv+=w8g=c18X9zW<WVjd-x3SB77j}(EzIhrgvok}f
z75qa>gW2|+o@NGTXeZP|`)wB(WAwC(g_c2z3g1!GB0!Ojn_U-jksd*YT&u(a!HFPr
zX)xeX9}QObDpMeH(`NhoNpI&kFX$v@@pRkE=H->HILjaM&dLqb9iYt$d+w9CpS#Bl
z0T}6}G$<38z9^@AQ5IUV*J<JaYdKF(yfo`LI_Vrl<>>)e7{C0C-3Tiip!u{^q#OuV
zN@7!7(=QhD`b8<{DE!jwPI*WgryaYg&q^*H32IClaeS0hWR1}Sc>20$K>G6a7R!Pg
zV9#TZ^&sYr%&Q@DsgE}Xm?`1Oep`@{A=vSn(&eMs_CWmf_YH-bmP(^t@!c!q><~Vq
zH;dU?^!1e`s#jUe^Uit!n`K$>rJ)P9@4!&i=&9Ue0bU6`ta4SBcIxf?3UeN|Cx=0n
zrPVG?1xNJnB`xn>$LHxNx+qWVI;2ckJkF$v)A28j==XAj%Y8PQ^8N;@**D~#wz51J
z%0iGeXP!8RGgdOHQ-I}mmHjZY1LWCx+vnQYoSf4|k9)&up{TT@FYMk;9SYsN*wP#a
ziKa0BOaBDng3FYoZ&<)#63QDkqJ9}7RH|N-8!;_$*lk^i`K=ip{7W;sE2nc|$)2dA
z^0=<*h`vfe9IaWTfniW{?s~2rqT+TTF8uoW*mM1FOXX7=5rvAl{R}N?xQyOAbDtFC
z1_mDT>{Lv`NIf2prYa@Z-5W7X9S>7w<;=b(ZAid%Br1?y#&K$qZw+&fYrjwc`v*z~
z+My0Z%(2ibRN3RZvGFZI1Hq-FX}t}`ck%`=2q5?jt0(AD_A2rpG0SaTCB{dt+f_nK
zOIAVH9x457y4Mh`n*-!7ocAbj(n-PDSPg^SC|Atz`ciR=WW!U#x%|_z!~F>bTLhwE
z3o8XH0bbk@o^{b_ca;A~5S#pnXc#G$_5=#_Q6#p8AYRCoGYW8{<^-Bc+~@<XwgpAo
zqgT9sWtX|<oreVIpwV7U4UxWEsly}J8m(Oirawx4`YqywOJjvPaOp=L*id6NwF8T4
zup@OwU-gqWG6+;X+A+TkjP(9_>LakhQMC;ear-c)-4}8xl|(D~B^gqmVi9E_J|zYQ
zedO1(PtsvzlKibFohSd7o^%c}SIQ@^;6;;Df)A1UiZ1L%&f2P^B$pm_Hylk5HKFid
z?b!V0jDxY9@ypa-?k}-|*VNyF*YiHQ&SRB_BbEZ<XnB;;mHxH09a0mK<PTG?xO=jH
zSnZZOVW;kADO{aa*AD|4zqM)89X3>j?S4EtZQJIy(tA*GYWBqbIsP{};9b_)`LrQ>
zjnoLsL{`UmAgA^W9&)-Q4~U7{rO7)8r)R-&V}{5q_p0*6fy6Plk9^8$!maqZpYm{N
zJVJ778B!tLFfVWWuB}}#N(Yk-<>;hEtuQ7QBY(y_j=Cg<OlGZ|v%NX%X=vLZW06Um
zQZKTJX0S#=>EmUBnH<7r8V-MQ*e9@mEIBC_?EY38CZWy!y_U{u8!TR(`TXfpgJ~5^
zDg0Ae8k>`+fAm^`Gk3iwA?G%BoiN<9uTZ<~!l%_fbLKGxnUiQz5-e>uSW0SfYE7;y
zZFFd*9k9KRK!4PYCcau9dzrCM>a$z#ma#YMZ2;}t)@vu}&t8jvzcZ`ztIs}#@fWZL
zAdKg`TvL?bxlW6#2;Zn+<VhU_SHH99u6y^*6YGA7e0eO=N<L(#L5XWmw;Fk^2**3@
zyZ^kdz5qEC2**Nuv*tVp0hR}FPlGbS66p){tmF4Klc!<0yercy;0ejF_3s=$HHq;|
z8H&^fxbwcw6m{}m%|R>lJdH_0JU*43R?~?F&wPXH-f5k#g`|X6LK{?Z1`t?h#C9>8
zu^LvB=+?m(hrr1eAcpE<!yCJJ58=%4Pq7U^gIDwI6I}V_QY}TNtk(@&ZUbJ99B*eq
zFBG<Uw9xmA9F-kV!4@Mr1nk#w>Q1|)Sd4%U#-FktI?YxsKYxxsVyd8XmpEJp6{Wx^
zW8E8*necrLa9+96JP6pOu9t5dVB<(H0o9J8vVK)jY77PJP}DIn2(Gy4w$Y`p3R+8R
zD3_>Fi>WTxHPZ&ooDU6F)u88&b+{Lb(d|B$3MZ7NJFXsqITI0}!UuUNnWO#vva`K=
zDDyeBj4J|8DiE7{40B5-V39_aXE&DBt-rFLl+YAj!AiuJK`^YA*v<rMO*pWkR9l7f
z5yzbj4A3gGq$)TgysO52;u9^tpGJ6M?4>uiC_k<ZQ03uIprtmhqot1EHx;6v3r|iV
zXtu-^n2B&oGyx=I2V;EJ*^^|a>=uvFBDSlUNfHU^55Rt!22SN{1N)EFFN3E?rxZsc
z^@^kVO|ubYPtrk=H3e%>j*oUijsp?XaLM&@O$aQ>>lARJDFeLA_66~#{iM`mUd2x^
zZ(M^p!PD(*1Hek}m;SsJO|c*;zY=L<F)D@_`f?IxX~fs4_SMY`805{LL~FQrxhQ$Y
z3Ff<_g3I+5CPZ(<=lEu_acT{TBi~iAC65FTZ92O$8sS3THk6K0Vr*4&E(Z*g6kihN
zov$^z?yZg{c=LR)iiX++5L$csSN7|zc=Qvc9orRhNJSiobLBh%7w8p8-)a^2hcyku
z6{IKkN->7*@5k!=E2FX6N~W`TkDZd~xRMR}fYUBL@!5vYuz9-nlbABkKVTuBt7>}g
z33aUDHddr@&$8!*nJ?$8^pLGqjYP$-S)wp;Ggo#9b=L0TeuBaz`EvC;g!^&_PoiLA
zLtxww(3DwIDVMT;FDVz1l2uhzf|~(|`Kj;$sA{|mK+4S1_vkuPi~Q}xz#n_4a?Ws#
zFD5qp10o8F#rh2}rDS~Gm3aTka~i)fGbZ*IF*aa_pnIosEfJgb;Pj=L#?%A&f#5dO
zF+G)wFKSt;?53Z#s*-ZQ=?m^TaH5%;#m~yyj`(IX%Ye7{y5JiqIjk;Mu5)HI?a&Ju
z2bm7tK3dvD^N>Sz^ru9UNAmOuYTJwAOBsEQwA=P*YEGcufz)T)Hj}%87(pXj>7fU5
zK(lw9;#((|ClKANS$?G35K(6_b?ccR8wErnYn4%XhVAM03>JACNZ`(kV1zj{VTo#T
z75mYYh8{Lvr<q+P<%_ykR{q%Mq~$P3vTCxF9^~nuhZRLcm?Hy*5TDah!iZ~*;6qhF
zOaVZCD^8&*@Ze!p>!-Mu<ph-%E}o}Wp;i6we``rTy}6>kq`uqS#|{hVMgTQjja89#
z>K;#~vG9f7S_do4QQWgPQTFL&o}L)x+?@jlj<ki}Vg*sc`z1t$Q$jt^W{V*vrf5W7
z>!T~t5C0n~$DQ+lFdZ2S?2IFVpouaiU8Eh=_?(vsBE%mJ818to>0y~r&&HlV#L~%=
zD|=5#7rUD652J0S$S1Qkz!KS09Me{uiKNkcqE<o@eehBYjAjdKSkaqi>|$ISuqHrs
z9i}neUF$aKdGuDgDxiX<GTN%Ust3demPffw){`z3+Y__(akB)X%o@{VIDye<>4L2g
zpQ`FRcHC66<Xva}KEI;0Nr#M@jNh%~@8Tb8>t2V23Zq*rIX~ua9f8IeR}<R{QyV7Y
zPDVsp$b6)1Z0o{mLD`b&#ngr3aP-qr+0xcXk2V@#l%OBR2Z>wu>R6upbGo=sI^J@x
z0~|JFSK)~(P?bm~=NMM26|i`8;i(gqLM`|+V4zF1G1!pPo*jCV8J|+`A_YFwzADJp
z9)!Bn3!KDC>q;`@`L{;3BTDLixlWWVaes$Wd+$9(t2VNS0W0p-C(^O~`mvYX@?e|-
zs^K%5-w!3V;GpB6StWCf^j`Ae{cMA+1oPr=mq*2{Y~&HrJP9g0FPo@RI%(%k^4xcW
z6SeD?s5j@r9>#5)Ejhrz>u8?Ndp^HeKH4in_+?r#E*AWVeO<rgfHj8RK}1xycz540
z94t&X+1*pcq60cFT=;OimIDlpxV?9ji1=4L-YpXveZi)rw%DE@AFSwDT{Ne2OWM_w
zc@~P1#au*PM#R{jeo0*uhJ3cm)qo6M#n`5=@Z--zNp;C=agtvF&Z5W89BKVJ^KIVZ
zN!7s(AMX2L2ur6c+nSP&hRifMR+7X&M0GQV9G+u#B5Qp7%1uf7Bw=ekg~8ZDr1Dwa
z)?*#3Ozd4QxQtyIZGrl|kEw$0p_iZP)ds;K=y4u{3XJ#{_~$jtH|6#Tw34;cgQ%cZ
z4vc*g7gGo9j;5HCXj&P?5omjm9Wv@PfQtQWHBBdEzka^F-}|06b2v>MXZelr>*-(6
zNa3<_j<38e6X{DA3c=!9C!ph5^R39^)_6Bw>9$U~djphx0Q!#vr!=BF%}I`_gpaAe
zE~Ot&mG*11$RHY`8YZzdgk`&zfTyj9IbEk5kVIM!bstLqrlD4aH5sq>S>WzEnUVa7
z9wBf$Cv`Rwdff<g6OpTQF#ZIJZ?6#5Z*+H<`AUiM*m~*qoPYg>{7S<Ryfko5xK3P<
zyxkiv$SW}?;yBX9Cy@v;vm4RfDx0UlEgH1`Ig|TYunFSO6ZYF);S=GldA4cW{k<10
z6r*&1RC3<DfyfhhCZ?ad7GD1uE1Z8d`l(OE#Na~ro3wJ;+TDg)dg^G$i~U(x!={)Y
zUY0PL{{9adbTT)?_Z>WrfDazSFy?)Jv`cX+&fM{+jeot5NoFKH&rBs-Y8?_QuKzWq
zjRgftRXKs+%ebBgkXE$qju3TM#E(FMHzpS=(8GZ+Nns|Vs<ky49G)2K>(8@poA2Cy
zpCnBwgj(XRs&3d<1`eS8AAX)!#?&<#Qz4&A=y|LONVK1*1rDTdRXI?t4b3rx_qEiw
zEfr_XoC%gHjCHk4$6$-e@CuJnoW1ARPw=9+9{5;13Eu~(sOq3^XPn)?w)DlB`PF+`
zXTK}upx+>|FSd-<Ig;R8@R}`*pX9|GqSy*ZKg@QU)pKy|7h_OrcT>!c%8|%~-mKEc
zd$EoM1Wx!jZu4M#>01|%;B`@ae`rnS;;#)>gGYR1s<5P&6VV$XASSJ2)*|>VbGA?4
zklGL(OQi6Y$dqc;`S$dsb_h%`MM`?G9hh9@h4OWz|ARXIaeP%Fw<8SR<o^@J{YRMJ
z;lc1DkP0q8d6h5zua~pYReh<EDuu{jJ;MKahqL$<IGg3JA^6{2Ix1piLyp3Zn|%M>
zc60>-`;N&i{IjdSj@rO@CGlCS%^Cmiw&{4R#0RcO=5ZCA{m<8Y($&(FG#;w@-)+Wf
zSSYxP*<|AX_yYgmU(Q=ZcXwk$;j`sis=SKnk7Qixuhe6YW)E)tY1YuQ@zyiy$_K$)
z;>TIGI6h^})i1BF{u4cNdxw1Ft{6?_2J)w~JD;VMm2E@%0#8`=d^?ziT-2)8glR4k
zx;|7See--yekPNi%HJ9C<HGbry}GdjdHw36`~H7hTl_x8cX1L2u6_Rw<WFA-nmd2k
zLs+`?p!~LV8&z+L@-#ibHk3}_#(*D&)o2wBtLy8(llj%2{PHf%Jk4p~<%MjuWar;|
zhOk}wh5U8y`+LNn(GUJSUDJ!`%!I5gC&;)ZXpJB#bNvOw|GwPVt4~6QEkxCM$3!9X
ze^h^9+v>oCReNv$XEv$7yQ(3VjgQLt2P^+;BvY^|tr<$@)&FY3SY)xIOP1T$t^TJn
z_qW3O4?=hlTZG~eP3-z#3IKbC1WCA~7UsqOol5K2(-7#vY5Zd!|NeQO@QO*df$?bn
zzW4q|Ws4j3G}2dsjsLs9kayUr>91U$oJ@9hcJ`q;-6+eh4}2!ZAMpbFX5AZI5u}Xx
z_^6(2y^m(vFbhS*;eK_}xawfSG-CPR4282F;cwmmR>O61N>X$kb*|CCmDxA6kg1v>
zw8deRwM^Xt;q%z=ovXFOS{U%@Ny>76?bcLMQp(zHHV6Tx96o5h{8EE;WZ)8UJ1#d7
z9NZsg2kWKA<8p(!OSQ^K8BLl!=Um*LXWWQkEBAjJ6tvZ+&{MLP<lkPZ6PdlbO48(h
zKxg@gcI^_8n5>*9ADyj1AF7233@8CwP>BpJ<p7eG@8>65oo~S5fU;!nr`&tXwLSw$
zlsmc=nyFdPLy#}Jop@`J@I>8gS!cEe4CTiL7WUm@87W&3>QXtve_ho##svHBNnZOM
z*ZDjTSrDv0^Wx&Qv}{nJQNyrx)=EInLlSCg`2!rBRioTnM_ZHe&v|*by7ZXGw<V`m
zONP@mdWRNrHKw8sX$BGF{k94fEve>1+mp8I3HVz_4NC=#14-$un#BkbU5Pi>uTPXI
zc=a#ujq?Y7(46lHqkil`LnT5fgD)l)t*NDjyDHI(4<g)@Oce-u(Vvv_>C{`PCF7-d
zvsWJOM>1BC^L;!xNLQD%;J4S1Fz%NMxtc=0jUMRM{!g3P))SDl0fHjYOSfp|)8#(@
z+?~H<oxdmdCb6>}<a>#XAJ#dCWyd0F>*&5-m2tstz;0pI%{!y`k|WGsQ@|z2Qmbk@
zG4ICm;-c!fY!IC7Q_VA@w;{LnKC>+72<M$rd>$#rkK<Y|pjK5@7)nSK%UvLn_mz%m
zPpC;LS?2>yZu7BmpBWFePnaZN5X6JE(CKsJ0LXrN^0dy~x~K6nb9<r&UtDOHM+AZv
zldDduH5g~|G>AI4PH@sQ;NseS@?0OMA7NIm*M6PPVm07!Q%h~m*0FATa8M0+`Vti$
z9zId8rI&U#vtj7w+4HUXS^Z;Sg>kFFe9QLAK~ocRZ6F)+@Q}g4=_kkh_DNNZ#NP}e
z_71yGe7z`btqYJmHW2T{hTOyi9EWRB>y+u5BEMpaYp0h2!*UJW5|asNu=LR79y|H-
zYDpayvdUX|%2TIe2j9I*bqnrSn6$qM#iy2){*3jH@_0w>V|JsUsA&AkONo0*{;WoL
zBLw&3;lW0Y%~?cZDK28g{r|=PNNHq1$YCJmr**od;6@$RUqn$&QVxv{Ed72O)-(14
zjhZ}T2e<W+S3hR!n>{aL7E^RIs#8C(9?r}=kw{aTYuI}>sjaR~+j{;5sa@s7&;@E!
zo~z%>f3+^@(cM#<JftosHMxSBTGi`|0y$e)S-?^Qc>7;*Zj{e}MjPDP^>!$*_m?k{
z8*nr9%FyY%h;*&rUxrQ(0~^glV^WVz-q;Nl4&g_W%Ygz>{1pbx!)cC)0d7s385p1E
zrTOX*x98z$JGvjhQEZaau;>R$jCrNCWerV}g8CmYrr!kXxcIIlU(6^I2>2cE7U<Yd
zjfn@{)fB>o5WU~UZ*|8yJDoFegU^q*KcC3oX_d5O>+>@CQtyaaOt)I^c?4ypfxJ+Q
zrYO2V#h(9mm#U#<H|+wK*`VKsY#U3gqVYH>a)Hl!kEUxlz8p@wZG0=8gcM(Zs#+3C
z4D#-%{IJ%qAfN0Dn)_fq-AtpZ!F}uNuS=_i_A$YKiW0HU1Giflc1dJ4uYArApDd93
z&-_%0+Mb+%mM;vb-Mjxly^FXCSXWtAuAg&*-$5Nz(XKr3vdEI-URX$IT!S8uuhp^^
zpV=lslP`aG61wSai#{%T*)6`<tm}Sh*3+Onn$xOOo6v>kEhINa0X_xJ4?Uu*FyT{b
zu;LRE4!pcYWg)%uJpIG$9o|cZ_A*4hhj3O8^VjhvJc{oO?o~=eH9Cz+?E@U&mAs=t
zX1%8?%ftz1j*M2qi6KD*r0avh;c61nNAT&ql)Roz4*Mw)4;uv!_(b7Y0ia}A{<2I?
zwwS*rihN=v(9weUg2VS6$mv}k1CIO}W6a`ZWCxplUAyT|Kb#TBUv^p1p!$@b=7j-U
zK{d48^mKHk-=0lH+ez;>NAJv)kl}7|+#)|9lP)E1cNlvs34z#6l}leQ0N86Ztu$CY
zccDwVp2(J<CmaJ6s*ILLjROQb^{R}nJ1}u^*LdzM%D7zS4jMe;m8{&2Nm#Y$+zY$6
z{iiS2b{iMgmCHo1{s6#uCc$`s+??eH1h@vA*LHEg(eP=cu^P&d|8SW(<M)F$;G{D~
z`z<uN&VE{RXMXTv+9~_fm5}7G*Ehx=+BM}ybfP?*oS9=a)8_?+g{iD&$qG|4F^>fj
zUdYH4%goiYIS%7XvZ~}bc7w6*PtfWqeLi(CEL5H^L%hjTL(+`K_t0g^(5gCo^?usH
z=-r8C1^hGtq<LxIi<aP2=x{FT?!#iYQEdAf7Lx&Mcao@2muvj11uZRKPcH{%CSHfk
zJlvTbi_j_Cnc_%hTT|Q7&*Pds{(SPDmT*yip7(vX<RR_R=G0_$yBYax?SV-x7!&Bb
z|3P7LAhKky9pJ@pR~*WUwEPNMIk=X7jYiVtt^AT`TsN$m<Hk>60UQA%;I>N!<RhE+
zaR}LrtqzQ+$v?tx+)|(@F`2pU6Z#Rm-WH-y1ykqpomvelEJGpaSh(&mX8b1Pn|V)k
z8UL3!YxI|p1Q5F3v9Gb_Ky=;3b0Kvv$~mjd_rr%@9~Y9%qA3eFjq0Bqt98F}$80V@
zhR@9?$VeU+bB!QTTO6yNff)xg&EWQdy|7x=B^;l^Q>0e`2nrN#IvBqMX&W~SRP+TU
zhxK|p25FpqxD0T!#%r<}hGex%J<9Cj-iffV$L8xOd(nr#!Op*;uubCLn(7w65o)_3
zI0`}hHCUgLFr4`pO(0MX34`R%PBofMvXzw--cx$iZ&WL_*plVhcL{Z<VS5TD@40N;
z<+ht^dK4gG&bBiHkxH!}2Gzd%x@z=Rqp9CLJurdOe3Uve%;`*nTY4~_F*qcoG;dMC
zaVqqYIo`hRRHZEw3{y?2itQG^pL}kaS&l6Pdnik#-ShhO7{?F8+5ul=(Q|8v&~Uq~
zpxyV^D#kRHfFOdo^3o+wLRGH8<0VB6`w20DnMbCLUL(|pTN@ztDyIdOq`jX}5HQnd
zDWI1fVoyKAJlwsP(lb*h*e*-J>`TW2I7O6Iv4&*&=~NmUm^5#L0{3Wi8iy6^(z-tD
zf1n$t5pT?dwjf5g%-Z7V*o?~WpikX0>$rRx<1+$0YW6_(MSqIm|43r80Uc-Dx(jr-
z<5`%ZGyRTClVKK*`YG*6M_R*Xw8sRzef66-tY&aYIX|kHjT;Xb4uka2@*i7tRHuhC
zi*=Cec1CH}11>b7(m^ai)1%}Cb2`51ChwS(Ul`V_(`}S&kq$weG6Fu*E!jTn1l<R=
zc=s7fh%eC9k{xh-@tY(cf$Dynxr`LpPuzg6%rQk;`JW5#NP53E6aY(i-oaCckJrH}
zqZ@6Pbf_RTRt9`00p3HGIWnV4w5VT^GyY&p7M1*j@fB!dVqcoVfS4kXhD>!cBMO8_
z$B9frl~QVjgWt?R2lK77vZUrbclmySq!%PB&%Jl&eG(Z8`-fjRtussdXVjUfyHLxC
zY3s~JUZ3*?PoUU`&n$Ktg8|80B^z0elFok>vtLEiuas#=zPNe_cm(cXvh+AxI*cU3
zZ>G=RBJ8%{ECUjJp5n<6@=%gXM4T{>I?de~nlPlKaGYsULHWRhR~7bJ^J+g3>d<d?
zd=BcLFydaQA2vEN<_+NPoZJ5%iX`JI9ys@a8|Kl^u%-m_TK_tETW?h@JTqWuF|%h_
z3;Lp^KUHGM$~`l<-%!HUW9!r}nvN+gfAWYJeTGYlU9Hzk&o7R)GxMnQ{9VTbqm^pt
zWm&QsoC(D*J5Vhn0=T;lR3F{Xs@NtUKxXI^lWvfhZn)XDB;>frM20t;`~9A7n}$=h
zknZ8h?x=v*yDQ>R8-bWSw&iW~vvEjC$0JZ4y0__k6Wa^NryNv8y)$q5(KohkQf?;q
zsUR}1hq(&HyWO68nAbAZ?%EYGQLboy?uZ4=-}xt7F!n|@K@_4Me?|tx*!fY4%1x95
z1`la|gK&T4NgTH_?hhog>*Qy(patKbNGH<zMKv`xj!TpB=^@Asa3s1SYh)NB6>Ard
zmD${`2lnD?5W06gI7Y@;e*>36^yXAO;PW4JQ3pjt*<X2GL~v*4ymo0JAj#5xU|rV(
z#Qd3CDYN|6*-qt?z%xe~%E)lN)$3j-I&(7NPxklhr{nI4E{k1d5Ow&-pY#d|)6TZw
zqcr}|p@@=7ZwpdpSx^A_NgwsxhneW`{OTuY-zcp3qFkEHv<=ViJSm{5OuI5)d6#O=
zy^Fbh$9{*yq%EU+QBrBak3s;fG0!;k0J9_NS$gKP(?ym7PIK)pob(fqhP9ZkRzKyd
z2GcNdz!zw&&bb5JyY!5<vjwBozPqDZ1wlpli-Ga$)kt=isj0*h;8F+qg_?DM=_zWe
z%m^?J2k{?E04wZt5CfjdEYxL_ixcGs$^3h>h}#uhJ$V{u&~;SqB~Ht;ttWQA(<XKh
zs~IC;OA)ux$K}wa_E~^zkIN6N;r3r+ASDHTtz{~l(TY2u%WFsg?ng8%H%#i98t_&m
ziean5p0wtr+_o?LT!|?7D3#!3uH=xu*VR`w&P&Wx9Xl~rdh|XrrfA$+wafv=sYbJy
zB`@{@AmqOJEI`~kdh()Dqlqmc2A}s5q0!3525%@j5D-3D^5Yi$MxL{r`<+2QIB|N>
zJ96>IPWV@x6l~?)_S_yMTRC*7_F^%?wm-Or3rv;Rk=7B<tX6VVm8+5X>MLlSGx4J6
zw#yynr<`+?^TjRwa5Hq*%_j1bUOyku?uUfWJMT`+MuY8lUiyejSj{Gj9KPVN5A)hR
zSMYHFeX{vzqDzlv54=!Gv>$kw|Fs5zzIoTDEN5F+LNj#{1)fgn4DpUmj_r1<yiF+I
ze({sJ0B3Kswd^O#bOKVM7gIG=S+?SP9E<)H$vqB%`o?v?Z_={_SmIs8wChvar>4@-
zOZcMT6O~j^loErp;s=JDkW`1K)yGwMb{I>=guSS+=C1tNv{beC{d<=iG`<IQeTRoD
zF<NQ@lgW|?rQ#<=(1g1f3Kxvs691N$6Lh5Byi52Wq=UrjcR}8_hLE<9tzJ?-%kQGc
zI#bpCO=3nhP6jn(j|pB*$5oDX0bGRTO%t;6IvgKsG-<Q44Z}@GV0W$Q9aDGq`H=Q%
z$BXPY5bWjGcjj}%qbQNI;RaQtho|;FhtX%Od!OwCJ708eQtmzFoZW8;zO3C_(aH!s
zGp$^nweEPuC?;}@?ZxdK7#$g@^)|tLhQh^hLNf30?WQ>`m||mXP35Bl;fF!)mku(4
z>pk^Z=^k85^ap6p^|j@F)nG8^{I3f=_}$+skiYP?N}TzrFEF_2Q%1>K7Jw=)D$y|z
zg<xqwZ90EjWHihg{vnS>{fk@Rb{lcOgg3@!yVr=fZ%P9e)8L&Z|95=%$1k61?g{aC
zw$+5b8(mH6U=^@VuE^YNwPvY0QhjO=fAKS6iy)y!x*j|o8bQMO0w!<-#|A5$z}5d%
z5cmo2o>YxLg)&jozmbqXPT1KT=hM>n^>5_=jLYB1-~9O%=6CKEO#NRhY5vuf{PUSJ
z-~S=;gkQ-&;Uk2;|Ht8it{C6D&NFwXMn+=heIzHbW0EuiNM~__6FPf&<;5`q;wTBF
zvT1Qh*bNgb)T~>7bX`adpf<LCexOfJMF`(t=y+!;b7x$%syzvAy`M6AGKw6z+_-a0
zqVhLFH6MLTOzC!5i^H7Dnd#)m0MRD!>OFE{hkN`^?qpamRJV;04PW0T$0;%BfJEIw
zvwNXHg`p<aZFCa94)^27gt)l44H2;XXEG*n8SeId4#%a&$l(m}vZh#yz~TOMsxUI}
zj&_kQrxMoaxqijU^Zi+$UaUWxPWj6f8sFIG&w01L_QjuVC5^)>4D0i&+E3pf)4b0m
zW*(db#jd!`mKgCp&vv&>+y9=Yoe<JNuMkrTJioXY)ryfEp3C$Z|CvJHAdBsOILi_k
z8coiVaee{^9MQqQ*#^oRH<9SkqIh{RZEbC}zGp-T1ea=hgG1k_(<EEs)|n!vU;`ui
zVVBAUpOFbzAbxRdfP9kJU^Unoo{FZ>VMn4D)2qg3kQ=txB=bFNu3$RqeZHUmx5ba}
zCF=&0JH~&H{p)MQy*aKdeUjBczb#BLFYe$K!jt1@?~9yF-Ws<ZFMj!f?)HreEQWN2
z``AswZXazgMgjeuh&YX&so`wh9_zp>{mN-XTufCkGry08k9y|ao2`zv4-aZ%CUC>%
z6WBR?aN|ab{S=C^Yky+d^lfNZ^P2r;Rsi4lOX=tlWxocctg-6_C0--D6WKs<`()W?
ziJ#>0wvASt))k$dpADgZ5tAl`X+0u+830Jg&brKif3Gxo<1sLJX>Dn#VP{Bgxeu+`
z?<l?~#zIMl;(KK1*>v#edAs1OB`+H|SvZ;OO1Zf9y7@wbXDVXEsQMd=ee_|$K(ZE7
z`z86%lH<RUXlJ>OaUQI?F(eR#WDYo9a}e?TCDb?PclMKvP$Q&NuS^~b0C;f371<Mt
zHJvo3Ujoi*jxBHDJ^2pZZQlbLV(StpkHS-HQaB<>CwWe>&|{fiJZ0WwT}mCPbwz(-
z*>DJDo_kRux$GiK;GG5aK5Tmy!T#RfXYt|+)T8KpSiK}KFS|k-X-*Fa@$QMWNW)$!
zzWiFjLp>z72VevXurV5Cz16rd&B@vB8r^NZu$kUnXmrXGvKP%<XwdvHKVDK&S;6Y`
z_0(0I_94xA{a;=H={L?=+iOdWhpLjYrt?zw8b&VxbB#Mt8xEQNB#jXm8OSH<xq*%2
zMDcZ>N63Dj1o&v%)Jrony1JbSo#sK82Y9&VktuF`j@^TlwnV1dK!mriZ)yALszqZh
z?lcnpDE`3o=G`$YYE*0MrdrYHE(=DRn{$uNdcaGl+8<OJm(X=l3bV=mW3(jI5iRx5
z)FAM?Bxa0#O8MXbr`B|ZNr3T}jOD;BqmZ>yowDk)EX$#3?9)yLTkl$K>FP%GC#Hq9
z@xdZmfhqkl1I*MEYLlhfIdyQsZ~LEvSXhMK<>o#drB_o{U;lw0{iLFH3|+1hN25#w
zk%&yH(l1FPeQI$9X8EC?YA4kFR8&-~b>4DK6A1_{Ih;RS;;AwSj9wcAPL~?QGl`=T
ze8Znwc1wyS-8tE-ifBiyr@N<Y<S^L7va<FW>KrFubU}r^q8Bf0*c_MIWK1XmZr#2;
zR>m!+cC;<8dAT-F>v*Ah-wLf|?XT=NqpYR;>gcqc|4heqg^V)wNvea@l5#5d$d&W4
z=!xHCt%gruz944ddoZN;HCmfX?7i%T2Q6DfAq4Sc=ari`um50e6%Tp$Nfw2@fBX5d
zC}#u^vc^ctQ2EVhueEBKu2k+@jhaffTH9&dkV(VX-MyBAT~S+Rm@2mGArH3M;d#js
z`oY8dW=PaVu>?}()tmLNeOgmZYqEo$;EB^;<m-`BEqu$LHS#tGs@e<r?WYamncFYv
zLXtQE<~@>ygPGXMIeH1rlEusZ6Mo6hn-^d!G;&rFpLF>*_7!-AeU%a=SaQtOqb{(p
z(}k7<Iyj3`Q1#@3`$)~_#L?ASTK8=V%Sgj$TmK1ft;0RJ>M5fy(=`$elpDi2I%OF3
zC2%VuuF)!r+~FYxvy*w(e`uPlBS!Z9*Ov@d4mf6De)FDp>O2wZwIb!3j-#cLa-+HO
zjv_W^7iEw6(;_tObRGH41%qj2iDocvy8{6Mduy#rdnfYuhR=F0Dw+eA{2(Ku?O5-7
znH;4xr62E)zIh>&K|_z6=GDwEN!fvv^N7aJ!wb#4t?#tp5SN<Mk9$9)b2u)}Ppe@Z
zIr~XC&#p6d+)BAd{ERNP4{vUhjXG8*#281h64=gFf2eWo<`?ZsZH>#(c>%xt>g1wc
z>PXU8ww)YCg%2jA8~Q(VhDy2G-FJ|YODXsFL9T}K(6rz`tvVtiU8`sh&go)Gc3$H$
zs(;T?q!+VG@U8GshAiL*4BQsfdht*yGi~xnMZ39Dtr+HpI>!@=iI~k(_(-Z{xUBG`
zc2$s5Xx;R|uZ4CRRZIO-Zj%Ut9`{{Bwt5Dd6~Kcg%-z%66*{(&wb(VW%L8M|L@G|i
z=iZZS-HJ5lvu*xQQAtJEwNVOB`~3bR1i{SYsovqyqurk#_S0YMsR)v`8V=U(+$N&a
z7*MlKIERvm__BVypSZ{Q9aEr`6nq;r^j7l}CWlMId89>g-^W|ZTHC+UxcScAhm`qR
zFJ5XCzvGU~|Fm*?f-HN$2Tcmjifr<*lL<kr{lFj8t9}*8Bhe?GY;o92s7`Sv|083r
z*(*24cam+n<<i^mgc;5|KQ=&$pv&n{)ZA>$6}oe{9NcniqC1(KhE1;oV%b{nG?@kF
zM1k!u#9X%Tv)VJOW`^E9rTdogT?;~I=scMP(VS4rkhq!54I&(I+|n#~pLRgj#+Ube
z`QSp}sk9z7m4f{CGFS0h(LuHUPyYkD&A~?G{>m&yTH+FuZPzUnNWRj*Cjn=e9vVE*
zgF|puthxcE&kFzpS}m40lwbcjCtef2QBJbVEA#$F#pz9wVYT#G=8GL`6*F^@lv20x
zr+fya+p>kBn-T1O@L?dHQUXgfG8ZKmH)%hO1IRHw*O9Dz(`CcYWRK*leH9y0V=g6n
zK)<(RO8?C+_5Pf?so^tg0r%bSgzMbKw*rgHV>ygrl*3t~%*TCWta3X|%0=~zkwPfe
zaK^v{1wi09jGi9+6ZbVZ1U6Y3A{iXA7tA?V50CfBHWF<ljjL<5h7#n=2On;6-q7}N
zpvj&Ex@J1)w^LsR9CJJf^h)ve;Q>!2V__dEjk`z5<dB&Z!LSECG&O?Gz*myqxQUjU
zEP2l!$4p&nN84hwVjEpnn6EVk#Az<Cr;$<Tcq9R{v_B&{1M&1$%~dX%z5I0a-|3-0
z8G@fCoD^CDR^r9DW^0{r;+g#;J|pZpAJ)$E7weI!<~&C}1QsRB@OdiwBq3^d)uyaJ
zMYVX~KBN?R5JfKV`njc2WXWR^&}#<wai(f7|0h#&7whNKd{K2hN+S*YC@|pSzMoI{
z`r_w}kqn_+G%o~NcY3LndH5ozjn_5;FrD3@Jfu(7B%NVD+VbR^zt6b@4@uo6YX9OZ
z4(FzYFoxAVueXU3q|{`g4}*4}a++wK-1uRY|55J_zkCS>Z!f-E1gBNm!t`IGE_@@R
z-xU|L{>*i=nZO4wpqwhv`SOFf$2lLLRtmm#<@0g3)fXAj(z+}}$FtBcrUBhCLY?lW
zKY#klg^(0HFYu6zLoEBxa^}Dv#NTHGOJtn|?9u#KDre;|dWNqG6=ya!mk|WtaXn+w
zXyzgk{vi_%y%`~BB>OQ}1kNM3SxD2$u$ra3ykqjhAyJ|<_jc;rbxLVCacefMaCk(f
zc2eDbk(ie{E0bL6>U;>&3?BYD6_IUyEnE{5e(MQMAxf>N&kjKNp;g00ki@Pb&Bjr3
zh;ir9C7WU3-u-FqI#-pd_{nGvKZg9r@q7;7q{IOEt27E#cl%DN%zL5|){0ypxzeN(
zEU$=I2Qo!Hf*A*NrCwbe6GV+{z6lC@({ksf0~M%HCk+l7=L_vw^{isTj?@%7*+YM>
zE#G3{(ua%;392wKX?O6_bqW}Ox3GDl+Vntptu4NBE{A;Gd-1X+ml5-g&n1ycs4DQY
z-PmRk#TU5_jY6yVe>{m_T@A)2P6|dYESW;k_jaL~_AkGaz0Q4&yrYOhiK0x=eC1la
z2REKqC>DIKeR+T0qKQOV)!HP!kJE2uom1Xmnb_Tp3UcOgS9YoS?sdmGsd4$JU`w%2
z0J3}Aqc=Ai3f|0m<h^hd>$M9^N@JvFXSTkyDRNh26&a8mDw<$Rawp=vEQ$6z*@c%W
zDUP!4a0#0@bLt(T<DU#2Ng50=1t54Hrn~D`TRh=vaDSM_XZN7h?-nk5^`O0NSsgmN
zL(191jTjlLlB^6+Q<E8(ZRdSF|17gaU5Zz@GM-nA+s2mu{ySN-&8^sspE=SS&?%IL
zNzy8<VNxIO(|hznpcZeOg<jl_u}4c0jX8$h$)pn64UOo!2__#P?D>1zy#$$Qvf5g*
z@G)dX9j1iRXqN1eM;PozBU^fWdF7IEX0*h{uiOjj58QVi3_uK5PPTOx5@^$WP1%%C
zYD*Z+)d86_-&brT^RZ@<vGYBcn|R37!Zq{1FaD1%##g!qPT#X7{NG5wGBcz8+)OW@
z!>_ziY4t9Ls7XW(eMszLcWJF9`<kp1Zg-LYo>k7E@Nzvcd;U~m!*k>3ZZv80xcubH
z+ri~(5b86)rN+dBFmF4-)JqTzNXQG_QXR`~BFHuodXw|gfn|y%(mjAXjR#*B*y46l
z`Mp9XFI4RIBoE8uKF&h|^>|*J+XY9JeIl}A;g)r5O_vFJxR3&o@;-1SCZIo=>`lN6
zL8nj}-6}#I54>L)B}xGQ+6gt%qF7+7EZ-{`GB1NZllS?6%B<Q1a#rvWeA9Sh&0}_q
z$ZXXW;Dk(MgBRYW6!F&|<S*L7C23JrI@+FG<r0g!7}v8h4I@Dvr3-Y5f*%sS>FvER
zhaZDv?KoEexHN2o#u!7JIJCQF?yxIhU{>*<HwA!s98~#%MI2*z4ob2IT(CHGV3QI#
z$*C`E711jqZ44x-!eqV@LZyL#6{C7_b}UDiB<*ADclqcNVy18k&Sg8V?0~2_UIJTl
zw2}f2E;_WaYjYc>Ac0#?^%t<sS1xM|Y#S0f?XqJV_w=#0rtiik@%}^N-}ehPjM>*D
z=*{QQVpvUusu2>ZR{g|}`{87AMC-Xb&zPGzh9jt__n<i6EqvIz8&){7`h)5`M?Qk9
zF`Ub&_S(j4bf~0kW_G~b6hRx@D@RIWb&;f&mQp<M!8|U>EgEg*UX^FtstGnxvmSnF
z<%v*n4|U*u4tb5BAkfYY3mzuHnWf`j*EOwJJ`oJ@f`m@k-+gkGlf^3%BN5hBAsS6n
zBg|xdIdU?P^d&xDHt(9Y;VJv1DL61KNVVVJ?foGYazE!@t{m4%p;>rL()mqijz@^Y
zYY{(GuE#2`u{5a=FZB_3(?cx?m52E7s79dT#Pmv->r`_M#L2ev5}y&#nL;>t&cM?R
zs0vAhiPqtAEP@Za+7#3lc-SnF^GS&rUEpI_yB`%yKX0o=Xp}CE@%x5?v;81$lu#P8
zuP5mrKJ1foi7L3Rrf@CSjv-Z~8z$N$IVLNPF3sFcpu&!9gIPRyy5{@r_vOi6+Yjt1
zM55x>*eNyJ3l3DYRM^bik0T!cY<wmELoPyJ1v%WetmbyUcK85rl9vRbsvJ;0AnJ~x
zx`_v$>?D(d$cVN`Mr5^da&Qbl)$9Zpn4@Y6qbS0q{7-1azAZ&-Vg_VMyg%B%Vm^5B
z>ub0cqIRajAIJWf4r=lDIt8@3k(#h(%+*NCY&iImWi!_F$5Tx{)s-=6hOxRScaX96
z8EwO>Epi7|+vjYutamEEhHfz_r`|W0kNV=%r*fz}a+in4=6VcCpN#>O_Pv=hVU8jf
z@crw=GCg?Sc&Q0ls>9{C{*mtGqnTcQZwW4X-eL&kLG~lMVUSd^!8xJu8FFi1m<!Bs
z5i_r7J($L6Y<F~<<=0?_DCiUIRCYnsH%)mBb3oD|sne$fl_<$0Bcgh>`?rJW6^EVg
z>J4y@8E!%hwT$My+R>l5yd+<C`LZ-|8+@@8PXL9-XrgL8oiP#t!MMBUQB6POw6k)8
zcfLQRtGh6N%@9H9e?0GFtW*?-MqA9jJ;RlP0>!_!T<$^i@ur{oiu7GF0!%$;N<P&Z
zxVb265%sR6mroc3KyqK;(bPWNanaspr9%}CNm8t-Q-BOlS;Uv*6H_T;1@HU7l+o@j
z`oqy&@da7Ai{k)lqPh*E5{%sSQ&am37EBxJ?yLFW@cq#X`kztPQF0#?zjtFCzulg4
zl|?D7G^<3Ceyak5HMj%5AuJD*L#c20p}%vJ$cm^f;SQ^cB-@E3<tAZH`{JLOB1j&K
zo85AMp%-wTm#kzzRpD2<;w5}XFQ4qKNsvgV;8In>klqeNNgqGxS7P@mS!5EIVDrPK
z%gWr^P|Wlw5AHwrJc6KCqs`FK{T;Sh@(spEU7O!sY)lJ$EJK|Z_%;Ry#&L<3SDY7*
z+I8>x6xmH%Hf{I-05l(nJSi47C(9K>PgobKYy&wPS5;r&+Rf>5<}6VJy-6yK%l!%}
z)R>)(hb9>A5iJsg*uRYDpC{$flQfuUPZ4=?b2#Kn#u<p66yP+4|1H<jE?}{qmE_S1
z{F%e5&BysC2B^L!8y1ThwrKmVZi&Eh5Mp58S9bwwN~Lr`^24EXmfvjt*6kA#ZW`tB
zvM6qVzw*GxwUlm_+wb#yet0=&Rc}51hVV~^LyTr~6MAryy9VN!xn=WudWik6Td=6*
z1$LfOwyFh4jkfo-X52XcfZ$xSjap*FU5`APy4idOZhlLhV&WWfzN)B>U!>-~b4D)K
zovg$0cW94I_Y{6K>Lv{>5I}37*EqK(D?RLu=}%wl^PWC(f6^9FS%tdOR?@&V2Lc>(
zd?wy#PwH%ZZ&8p8*EO2cEa7Mu_0O*}sF6GW9CYV}y?aeTL0+$!y-nQ!Dc-95vo{ZJ
zoZ+sLX}z@(_qGoP9<Fw5iJm+oVEAX)I&N_g_O6CHvOa}EeC}Na?f$B*)xt<r{WRW_
z%@!^L4WZ6M^b$(K`fxvIFu&z*RU`b6mxqbE<D|0qE4JP;a{Wi#z-=3+?S7iT!G|i#
z0?)43+%lu-x`8ra4|U6^7#i40z4qrEd6OJ=%_s?!)wVABuiWOZt=FS&W$+cQSp4hC
z{I#5P+yau{D93j6HW?D^zsivR+3@=hL!4?@c_K-X`QOi^zu)sFIrJL)0Jn-BGV1xC
z>Gi)p{8|^gTYE-JCaQ{f!|GSk+5B#fgnr05%_2^pj0{&P^yS%``ocI-J+5qi9cW@o
z8I;b4*oc%VcJkI>l;pSw@`uRR!^>57Pl483h6wBaLlU*a-AS!-QKucRd5W8$Ftu*~
zQxc<o9iD%V-EnX$Lp*{6YGdfIH0>)5y8JM4w*il0Lc#L?q3kTfvRb#cEl4*=BMs6Z
zh=4TGozfjr(%l`>-Q6K6-QC^YDcud<MAuUH-tV99mxl-PAT#bc?sJ^im_1mB3$?HS
zHOdh-Va>5oWveiT9ZY2McwUh4BkVFW3F+xab52t}<(%krw{)DWuk4(>GT*y2ad}s9
z`aMcRBdkpVPY$Z^Q$8qQ<S7jm8AiS-wd|B(ae4$@sIib;E&v6GX&E|DA&^v8V7cE;
zy**R5eLd<bdQqa%2$P@%VBq=UY>Ln0EEz7JVTZQJIAGB{rQ7{@Xq}-gH-CH@RkpkG
zJbv^?u1Qi<_pfm#RapRO%)%a_1B38B_c2wg=LXb10+iI&yPES@Vm{F)6>PV1*HoCz
z)yOjZRx*5-7Z1F*++V)DPI|mEbHJK7-Fr1xnwkAz)G5<EoWz7?x?KBGi>+-k0!OVx
zx{>v~^@%qm`R$`AqeutjUspxX7T7=n*s_Ba5~E`_AtjGP8Z_niNX`c^bh<dQZv-JV
zskTKbJeu7IBNf6rQ2QfzZ=BiDt4vf8i&U!2`A#H@f?i|A$k#@r8E=xE^%f13=<O-w
zqfjSs2{xFIL@cE+4oTE$twohZ>jB;xuZ$%_)>>-in*XIr!SV;cSIVt}2quGr)_ix2
z3NgVb=%>_Rz~01t?!EC375)H<<U*DDn8$_h3luV0P|o$%^pyQB>7bNZ;HR5j64xAK
zb^Ne???rzd8e}sBdtB`Gs~tCs#vi@oIqgkekQ=0BpZd+BX8K;z94JsRTu&B<;S{ay
zF`LSWChXo$9n2Hb(7;1nBKBGbOa9A?fD3xXfiP@bm3JA79)_q`)t3xf(z~red-Nl@
zMltpE^>qu@%YOgb2Ib*Sju0;do)XV`KQ?8*k7){5rf+vH9!ssJ55@SyU<qm`BhV)0
z78X<qX=#_vD_GuCYbjJXa)tzc->sV!!<OKLcg0Q!U&Tv)3E<*NlHn-dI5JYDs>|-K
zE>E{acd?rd==YBd$#YXOPlc0`n{^rQ8CQE>5p<GJ@fqIFs-zAzE?z!HUZ|{*mCV;o
zjx{S^E6#J4E27iM%Q-8E#W7-ym748M6~Q}L>f1IB2i%g<Rh}rc&Es%LWM~3H8$;lz
zJPjA=Q2e{xYbQ^g8Mz*xM1e{UJg%7Quzvfa!^PFZMFSS=nTBb9nI}QPWiJk=D<0UV
z&udR1{R+jv3ztHFuSFnl!VaM0KE=SJY0Jb7Yc!C%9-~q#0`(9lC)!A(6f>F0k081g
znGU^&_r|u`cpWVPM@<-gmhm#Ao%b5ICwEK7=~87M!Dqgkah)H`zJ$S`fWx3w^|o8a
z0jHp#czYe}(MEX?B2RbAQ*AJ7IfHjun3oXMP=@dNg670enHB@XKQz=&T&23bp#;OA
z&Q$zvFnh9XSe27zyWsk!b!PPFWvx&IoXa-N&TLWQOe&)ZHlHTfhM?&Djx=#=v!RZ~
zqr4pIK+-$J5Il}IA(NZ|sI)<coA|td%(qHN*}-i3s1xO*YQ63H;bqdXA3JodfiJdV
zYSgu{Ay;(%)RV}C?Bf`zXxm!JHuTj3P=A$Tc6V>l%<rIxC7<J4e|3Qy*B?UZZbEa>
zTDZ&9JP9ycp>OJtUKhP8VSMCEN9Rmfo$zXX3DLq#rO<ZB;dGIoBbM}nGyu)3+7|)i
za7g4KcjB?#4G&q5@+5P+6;Jwy2BiWlzRJ9y?8iDVTW>~Z5Juxe_H=UDWVeTlqnWDQ
z$J#*j_8vlB)KuV{bGh{C&%}1NViYZrP{q=Xn@oT6Jx;C%!>>HqQ>bOAYe)2<jHdE<
z$Ekn5c(tiu<%7dqn|uXx2$3z~7#PdFO{?l&f<fn_!-C7#f0pedS+>^MN|TDSztG4w
z-p^F|h`}6)e}{mF+E-53q^qZ=B(qBM`<Zggj$FD^sNB>3(rCH>8h8z)hy3H9PyIn}
zWbXNu{EL@U|4>-AzbNbz)h`M={D;EM)bm02B$6=)-K@AkwcbqVN-y1tVk$>jLMt4W
z>-GCvI$rD`fS4$^_R8jJ&N45zF1bLaNeuqDeN&(|O(r*6>-qqZ)Qw*dir4vBB)=<^
zfqZjVPP6N4oF9Fu-IFVe%~lYL)vk;;OO9129tX-cXICty^%J5tUK>!O_7nCy<Sn2J
z>WKvg;eGgc?gBQX)aXQpU7%2;9Tkik{VI33WwT!)O`x(s3TTLD?uj^8R;0qn{&1_j
zrQm9u$@k|PdunMSV_vklKJBRYW>y20;iFvZ$D=r8aecU_d^tEhImTIeLe~GjIy)At
zsR_*;luS6?LR1z>yYxvWtVsEZqEbU6r|pb*e5URbaPnng@v|R48O7%2<{mSAu=v5q
z-U7Tcy(8uJ)u?CTrE`98bMtXFYBX}_vOe^6dHCfn9fJ(UG&c=bu-_)^Hm{9y)ld=}
zB3JPP{zm)Jd;!)lVWT-AUE(L>M_85PyAsqUOy%QAYH}Ys9NhP=qB=?>)9~7;LQ_T$
zbmNNy_Pz2s)`kuN)qg!j?2Dn|DyheD!E6q}%$n(i+}_FN48OJ1mynR~hzhDL5Eh;q
zRw6Cr7do0w<NLan7jzfsC|{x$+pA_f8EWkPDeT+e_(+=!7|j6g%ek-k>1K#HAo+&*
zrSNWVY2)7Eu-ffI0ag<zm)x2#I;|3d{&4cEyAN<g@`Y*`Sd7kL{7H`kU$MFRGNYDN
z<E?2KPSKlQT+5SxFH*kdRlJtS<d(<VnUW|D)ipVqCF3L4AarqTAE}1q?Y;y-pQqX*
zE|m3hv{^-^Y(FB<aCG4LvfKF;Rc5D0MwIqk%?otX@In4-iSpfrkM4flC6@zQ82Mys
zINB2437#rnpen5M?7M^SUq?z^)u0x2zmUcnZps(AFse^>rBe4VFr7}(u$b?>Wi*<3
z(HBJlKV7Vbadt&vvXdjOY4#L9W%xDKkkvRO`gU5GbE>MOG&a`Y2kz_Ttq$ai)SJ6+
zo!fyw<Zzz$J~I2~R2nS788mTml=x=EG~;uYNEq;t_1{RQ<M2;yUXKlvwnyqLTtjo4
z&g!n(SPjC4j@)^v<H@&TaB4OCQn_*&Y|7SU9fHpc_6!UM$~@sLkp<hJI4X6w{iy*x
zw!_`|^=`IlRD3SVO^fD69wuqq-d|jQl|7c!&8iue&6VVR=W|n_tQiJt!3yD#E;M88
z2IF^u#l--B=Ii6Pr$!?zO)0B<MH~_XIfqg=^p=8>_d@e8RN9`Vn>(D+E;J}eV14$P
zAl3|}a*rrH8Q<uBpL$9AQk&mqN+)1MoU2c`ha<9MzTSI=(nYRljm*^>U$BrJV5K*E
zGZw^pN)%jbRwNqZj|zn<>STdSoBmK1LIGUDnZEGSgp1UdCJ!SFj}v`4?!sBrc83$l
zG1Mv`9tZQhjGQka5%7Einwp5}iyriqt1Is-1`gzZXc*u8#GGn;uFsfL4Zxff%imZo
zX-du<XD;rVO>eVabM@wZGfkc&(ynE0s-Z`P>B@eie8Vn0(dpNdOl1`>@?fUO)o4#F
zEEGk<+|YOT*WJ<c2sZGv)?vHcPO7*Qx&=ChSZTNH_$nb2v<^ZI6qj%#V}|K1RF5@9
zG{d+hg?aF<%=-_?HsWup_k$CwG4;Mmjtq9*Z%*SPxg6nvRhYaK$9a!(Cht{m?U9DZ
zVg9Iwo%c-Ly1c$^>E|mkSlU?n%JA$)$XLg?B^>3yL6!3F7(q!*TIETLQBb!-)v$V?
z+mo8l$p9uVB}mN19t_8)YXZet`sU#>7L=)}sZr-{i7}SjZ3nt7LWW*E^%D<f>&;rH
zXq%q%Zh%?mf)vd|ZskMOapX5R;tDn`Yl{du=Q93`iRP)}vTPS=X*)igjVM?P&ExRN
z3mmy<z4{^Ax^1~8%(vhC8$LWkR#%gpc2ClN^AFWlBU#cqJB!4M9r|y@j7>GDQVSJI
z0{1uOOnx%W5`bxbcxIXvW1yY#1hsBYP1ov7;_cmk9bEe<umQ^cEIBLzsT}`&lGASZ
z1BH(Y+r2eesJ++2IsPvg*SOaqv1qaxbSMH>5$WQ$y0}=Yxe@K`tkF1WBm;}&j(b=y
zx5Jw|@cC_$-<`n{7zdSv(j~FEsn<CE56%qe-@)uluD9#d0^Xi_o?ECR^)^DK`cVy5
z*=<zUZ|h^E69>3Lq)emZ``SXo!md=9vI*CAn1PGtRh#Sw=WE`it(xVIlaE$=!U(vW
zL{)b5GIX^Ob(+V_G6;Lq`NTswu8KyfF(>+pA+;`!Ra2Qhi7}X&+(sK}Wj1$oMENm~
z<72Lr1L&^8Us?N$Foxh`)}(uQ_c^=L3`j&CjN$QB<^<19>C~FwI5+!wX;hbfuoSP0
zehiPdO4pl|zEJt$Car|-rrPKT-xo^*Te5<E#n$Hbs&dp0XOJZQE{B3T9f!Fcv2fbo
zSnVa7zEODgrSYcKg|CFtW#_FJfBw_%-6xS7%gv6%%|e9@iia3^ZhPG6ls8zOJUH1`
zft(;me^t>0IM3KJGUB3hVt8dbxqgL7K)N^}Kz_ZegqyOC+ia=s)3WX}yClziW|uyC
z5*qHoZ0EcYsA`rvYE=dx`!hF*in7)Jpv#k&5k#=LX+G;aCps(YX$044Yl2fJd2G@d
z@|Al`OyauZeZwiN<aFTZnR#8UJ4BLwA8Jn?tMn1W%K2MEjWRsz%?}l7z-G{p-zS|)
z>8iX>-`Vb#Nb-i*8GF3Zf90b+Q87v-FiWX@z7xR7DfO1P6o-F5+va=kny}RyvNcgu
z(nq<t>`PGvhfEl8goz)qz1u^#GJHuu`&T}R)tRpvY)IOgii|UoEXa?HWjVz&Jw71&
z(h$onM=zc&=NGLET72+(LVXa}tvF8wUKUm;+yB8)z;vO8aO&t0iMU|7!w{onwcM0M
zFl3iVf{KF+)mrr6W?~E>n=x?I#$~G_|E*IOqhfFhE$TjHnhn)VDEb{~zXD5^tLTH|
zx~$24?=E7@ArH+Ht7>fg8gdXm8wB=Lq2IXHBZP8dN=B|3EUZ^Y2j6~b7v{hop&Yq}
zgxClAqJEjX$`Fk@No;*_9A;1$dHbi<mo8``4|K0aEj5A5Kx^Vgk;P-&E{d;dLr$c9
z`Zo;#$TT&Su1pMmHwXIOSOm%&AJ^jnwNfP0^@Ma885!#{t=$=O4RwXN2$fQ6_^K#c
zEH|Va%o-G&oW!?!ltEbUVcbZVJd9YnW4vP^0~*jME)A8^2vpStD0wjG1X}tg3ok~k
zCW`|<{w9_NkC)D>Tc4$#9^aO_`Lnozs5$Nm9&QZhwr|(4qkwN_a9P?V(;HWr-%Mhp
zmA-T9m5EccrKD|~RLvrabx?37BvP}UuP^{ohL=;Z+|o|FbnrA;&onPaPi9RLD|$|H
zI{H?l=rJpZKok6Q+l#Z&5vrdCJfhB%PFbkUb{{Ex>Vf{nEB-f}fyjOjQmc|f<_fut
zA_uZKZc!TI2Do$U*D{_&O=ffV-=!@ppYK&t*Pjrw8qy&EfROCgdjaDlQa$7D8GZeF
z`4cJlG|pd4@GJF~A78#TZR5M%c?du5a(}cI;oEy!hEUU_5u7NQcrscKZKC5(Jg&8}
z?PI?H&hJSinO55d#aqV?s2%U(+jBvy<LPfIWb!YNhFzYys|(i&N@Rvv<Tf0*T2#h_
zD~&TSnHjSoOufbi{s-K$bF&P3(e6#L9}lRgj`LT3(b&LPtlI%Bwyxp1=BL=Wob^9V
zBX?+aQP2;43WdPN$#4uN0Y?ETmP*(@0_y6Je|}@kP$sJ#kplaRbWjMcAG&<P)#sfl
zajUfk_C^9iPKkj=rXtmYIzva}(C;s~%Avv|oNzM73Y6-_jzXz<J1vSPXSzc#L}lW0
zq*;fInnY~+jdd+@cbc!H=t=i7^G7Nn4d{vaJJ6-E-HbLzCw$?Jr~O@_VGb#xtj5`m
z9`w!b#P{B@zcEhD)h8_5I>SvOOY#p$O*h!paJt3>ngmCi{G!5}J_hG`_MUVzaGQn`
zW{RnqSNVwKx6HM%%e7X54d)RyEbB>5$}luAjc#Ih0y)z2Myua-Tb;{NtTd-JGiOkY
z9=KdiN%H*0aq2Fe2My4`E16DgemB+Jp>@eX(W5u_CxlF4U)hI4!Qn9?DQ70q(BSf;
ztMC>s23n^&(+zWZ+=HL4pUM>rsPiiy20XJvz3+!wY5eGaeG+>K7(=ZVR|#|5!DrB6
zSdSQ*1TRrqjI`Q(D!1zs2ScXnGg1<yJ96}$VP*QH^)Dvs62pHLZ~GtJY5Hfg$!c)_
zdOZHi=fX^&So9KO%z6L1eSi8fKmUR5D*)Z;M~19?{%ZmM*O%bFBy8!kyxfH~h5o&-
z`~UgYa$Faly(n~QMI-}pZIzCt`>Kif#nX+UXjp?mMF9VyfmH;Ru-AlGxT?x>k`?!x
zP%57$Zdq)cd@t5GP*1VB8<<RGHp5eOVhdFs$F*EkeL$dygZ<OmF9!$F4<+g(qpZy0
z<!0NNY{c2<!jFnAQT-%RaD!d+Za!U2#bBudn$cuI=w7N32Nxa)b|&=qAV7Bmt(#Zf
zp<bEYk}XB^)q_mJUsGf5Kf`uLIvhi4RZ@N;;3QnFU4L_w&+P$PYITR+fbkRcomR{=
zL0#!v^CGYwQ_DdKz~e*I9+S2MJr@4_!$a`Z2V`Obv!w<ki<<y1qw*3=$FGcO8c=Xh
zyReIOwjK$Sg*+sj#8*dLr6nst3(8%7W7iql&XiFA;B*B`bv_3<N8Ei`R%T&-d(?b!
zAlqLeY0w@*JZHvRS)kM)YTxcpc;tVy1tdH^ensg7;1V7lr(+aF35RpVf?E!ZxP)SX
z+v1N;Bj1Ey&6Jze3nLu(DbMNWyB<`Ui~PRY2<l%+G475c=0f9#`m}`Lrr8cAAk@bK
zu<t8FB9kGU2ku-T>%W{&5mz!Z?X?7JVEIDARDPG_R;0@Ky-2rfG-YeXja5gea<=vC
zjk2R7D+wtXFXdx=U!b{L&eewh`o|QXG%K?8?Qm3CR)uO?8bLWNJ1qVHR1dRQS^>RU
zIyr8i3hpN75#XJyQ#8smYE{(S{nt|18gfI4FV+3JN*KML)*PoJbH)8!AQ5}kI^}7a
zrM0OL0nAEOI1$w#giLp`D7JjV;i=(+D9{91*sKD=QP-G2(frr3c;<{OA1EHDKg-B$
z@zNZ8mvh@1yN3IHDIYhW^cd!^ei*5=AJ_?xp`CZ(JhXUi4dsZoz_BoTi%Rru+DrWi
zk<IR4NRFxYL!=6>lC*f|;NT}kPO;(fvR9Pfiw!EBUt{PWmjAH%9?zIEU<4G_=~iY#
zAo=<E$`Lr(gj=;Ei7UO4WIJyTs2>5FIcUs)B6R^(w$#<i#6LI~{D}!fKu_5!E!&k+
z((qnUHq}tM=pu3J9mi0?Wqz=mk>A)EF%V3?yFLE_-5H36Hhk(W97zbT5in7tf&<)1
z``C$S7yY({!6hh5OFPIY;Aa@rQA$BoMmH1|LrEVx@j1wHKI(AcN+xhJ=j>AB7EYGv
z-BWP5#r()V1D*yj@<mE7O_Zy=Eda~y2;K$57JzW0qgUs%6LYzG_q(vNGi8jA6F+i^
z)JErtK<<1|RRjZ-ACzXfLYgpWL;t9Dk}VnK3pqBTc^W0O-;}EH9Iv2;qUO7ELF?#T
z$%iD9Pry|JYLX~|V_wlCYHN1dEyL>7iseUqEKA3qK7z-GL8Fp$2PA3U<rI!I^YAwF
z)i!?nt48UthzL-xWlZvKV}}Nx>YbRe(P>l==G$G-K1FDAT(%>oWxKuW*<1rXIXNjc
z+_R0lx&RfQuB=d@3C8BCypJhXI63nw%Up)EY$V0H9a0(juEJc#WjM#^-{RU68q+YE
zDd6cg-nDjLlt&)-K_BlmhojhQDwhhQT|{6%34R+cZrTWmfb08X=VRjVBwEhEHA<VU
zcVWykSL3FG9g`U!8GJ+&5*PK_Ty{m|`gT*2m!RtZ6BbI15~MTmGMl2@h179npYX1?
zMliPLgLpy0xtqxsdoMa&{)iNhX8{pGrGhYn$EB?yKS^fY<=Pp$!^{~@B0as6KliaX
z3ia%yYT~gwBVJ1?Iv8gb(h@Yef900F?H5p0>2j`}EvhNFe<v6B-Y!KdD!-xm@z!pC
zR`zLuKTvBUj4)tb!_Zk;#lSg+T>iE5=nwI7%NvG8+d(6!<yz628WrqRB0|^ePsKrp
z$N#97>v2tqP4`B{=Id{&&(vEN)8vHB(zBB5%|V*f8&E@5t>J0bRf-;rhO6h!$c}hS
z?nqX@n(Mtea-Xh)<n?oZp?I-w^odhsU9$f{wmzy0-{q<BLUK2PRO@8=%=_-iD-KgJ
z=!xsgQn~m-`PkVFrp8)<OY`U0N9jGTrlH@@vl+>jZzb5^_2~}bxkLBxD%FXpSD#*t
z|HBJu{_w(^$L25b3{sGbB7z7wpuPDNrSNE4M<}EOW+@AAA!u;_(l#moN84n#fr)WB
z!`)xBd+}r9Td`TjoQ=!J=;Xa=vlfSY!uuWRZ_*+(_vBvL_X0lguRGX-JR0w=be5Bl
z6=;8%o6=nkZJ{Tm5R1U?<!6o@y=~cJiAR~+DLpG2*{1H(+TRabyi@~iaRSZVw+<+T
z=IYic=ZCXux(Zay86_p=h$SlZZ>kPnWMyZ!&tF@5fl`Er5!tMrW7Rm{z)a-Hqlv^)
zk`9ggWgY@6!w%KE@4R$4&Ms8kW)&eK=@$I5VA^4HO1+bZsi^q@*9^h|Y@GP6uF)P_
zIHF~hE)30M@+QuO99(i$MF+s70#tQ^f1JyKU(O};WLGor@VUJAp$pCnvcGQ<=JpBu
zg$wQe;KJASz!(5O{OL!;)72}j$%0QE2V?Je)!!B#Z;qhfyHffD%zKu6=Am%L%F}ZO
z))uD6i4-m?mkjH}t7RLyV3Bmv6uu&tUl#-}@JEqrpGK)Bh%<!C3gZ1?uHlRI<4p?j
zKtgFp&dLhOqQ~4tuC<(NuixuR4+`jKntt9TY`F86ZX13&1h_?>TO=PofXgs!CA=Xe
zO%%<r9|DLpplgbQg&A%h(Tx?W*V9JUFBITULlwSIO3Y0M&xKNsW78g?zYV{;EJZe`
z6!S5;_OfnGnjNXt5sYg#N4`!+kt{dwwPbNROqwAR%|)%;1DY=})NAMZl*-rAc%nDr
z{qNXAf*O42UNrg4RT_OPM1Mp=ZyF~L3x=$#tmY16RhoCYghuXD6G~lrdw$S5Qs&}5
zdx;%Gca<xV3c}&#Mb9FO6!bK#|JJ#uexydrr8MUrur>XFhEz+-<HHJ#T#T?5$sRUE
zlI|`c#(go5N4ZFu&G|!o2!6Q;h44m^N?XEGp4Llp*&IgIdRw)D)hzb(L?$I0paaok
zJXIyRB|AqMYz8xvb$O2&V`6d#vmS^Z!Nvl>QQ{w5XIDyr>#0BFur;h*)OH}|xC6Ha
zTd=mP#?Exfjc)E%&o;c#t;>_1Q0t_1)k5etRT<bxyMj{*a_GW*CI{csvA69)oLiQ_
zggljMw4<eJP>SWd3bMQTUKQv)J$gYBDV1gLcgW|vL~$G5=W{G)fO;W{t`Co0`SHlx
zJ9RjjBhx(6+$XkI48Qr<ert1r_1OJZILC$NK(_8lf0QfU)bp<v90GBeuu`!+0Ms>^
z9vVK?pvTZDOnuP<4x{g9+X3e6kG(!|Q5FH-jhDIRim4~WQ>AUC$L5VxWE8A=B75J$
zD%g8sMr?eAPr9Wz;zIRZm+v62nT=uk(FeT7^@pLSr$+`8Jye^7CyE34m|P7u^>t1P
zW&_YBl|m^#GC$-I6M{$ogpWoy_Cd(zI`~}Z!s{q&qkXT*7D6jy+_r~sfo2QHHf<8d
zroFZ~r4zsLLpk2~3GpzM$#kYD%YPV_EDG<i5ni*y=~fb##g=?qp1U-RcgkmMs$}OX
zH>s$sauM#Wb2y--jc-!sD+9oz*8F#)<?4nZV@(C$&gdWMANnn)EEicTee^?^o8sQ0
zDoeMhkFq}E-rR2v>{2I)FOez({XoNBv$(Fg6SA|h{)v8M<h5f|$FeX0IwM7I4r+51
za;ES<=}tD9*Z$cWbmh|fNHv?{S`=7yUuqAP;|zTwg>Eyb2Zn>VH@$@Ts^i4f172>T
zi4?Z{UMYAG8oY~M4TdcDdvWhZOrymadghmtyovDp(>(<LCObsXxhkNwj{ViaxK*u=
zTPhR}(|}U^qE0$p9*>;{&@uUA7$P>{vVATie{xC5f=@f70?NJ$Jgf|ncgp?Ec1KN3
z1yQKUV}}vr{BA>2xJ4JTH(OnyF^-69>?Y*{kXm5dff#hqu|wHZO=vuQ6%(l`DZVk?
zZu%@WwYBj@Q!$sM`u0|s0#bHuJIy4F%t^pOF?Mj}BfQoUz01fr^xxko_##nW=W1oc
zdYkk;@bE*#vqwp0_Ek95IY`5Jw^Xy20ch^OW;C2o>~KlDhQ17lIT5sBIlVa>GH-r_
zY^1I5AG^*x(kRmIzmC+)U7Ns7c;q2UjZea&Gq2!GEvGiF3i*MrTo<sF6S>grrg7h_
zC(g$5rx&(@`K)$D>Pxgs;#e2^$nk3>dF_NA21w_z?{irTX&94Q+oas@lC9YT4yHGn
zvYT`}!fy9zcTo1mmaF0-;9v>>4km)`A`|Mak@!?KSLi+Iqh*FCi~be{_Y~eg4yO5q
ze4VLcPUW5Qjgm^Sq2unYI%@1LeH5GBQ9!%$d!rpmh3+&>l4{d<4Orz=sdfqZSh~a&
z|GRh0uDUlODgg_Pcr;Q+4IiMUM+G_|qeqJ7-H??k7M|3CFvW`VX!Bl=B3|6uSktA6
z?NwyE2xCog&^gm)+oPT$)racXq`VMW*XTbZ?yt;tVKjRj+w5PFZDMayErjlt+-blj
zXJFu0u#<a;>GJ#HByU=x-UzYTALFBdJ>iGD+WfU(r{3?g<A}>RYUD_8;;P@IaYtpb
zNAkP(-BXtUk&dVQz7FPae9n(y8Ijo?YD_6?ct3hY_ci9OTJOFWVvCnQQd@PQ<B5*E
z3Zgf?y>7)(IYpA@AkqfQ6nB!V;$z2N%_Va$5}Xl5qZi!Xn#-Tf&>l3vu_%m+v^M5W
zH~V1pZbnwQv|2MrZ_&d$YvlwqbDYts^=~^67SizxvUVa8_kj?FX7|u?M?%8Ee3kF9
zT5}+N9%?NMI1Q#?D1LkGG<Yjyrcq>~?nE;ADA3}#WK^Kya{7_hfT|dj!3x<t$4|Y-
zXWG`hI!1f06YNPf`Ar=jedys?H$awdrx*r;ErvR=EE)F!n7DOB5X%()XKTXb8E=dB
zM9}dQ#)S{phkrbhyoUL5HI)XU{pFy$jLr?rxb`WtI|TOe7lBMo^(^`zVgR??;;=GE
z??2&(d2;_*mqdW_@J#@hr5J{VvZ1r=2u<a7_fi$D!1P7@cuw0s*0|<-h~^AU1(2Gm
zTi1#iI;EyI!V48_e8$O-{ns*ef|d7s=4zh<Fy6ZEV;U%yq(FHK8F$N`pPOiDVZzZN
z-{sOnoH;_F^~JuD{V2BgJ@-NB#<|~CCX7LbX;1TucbiY+3X8<%%w0F9g;MY^pYzv(
z^9NBM^2O#aUfD&;4-Cr-N*V#2yT6#~hGf~~sWW9IP%sEyg*ro19|ittI<|~IKO>lm
zSU(UGL|AV|PiGs`;Nl$i?}?~T_E)fvpZ8vSz3Xg=o;kktrjXSd$dkS%u7H*+%=n%#
zc1jRlO~lWjTtx;ITM{nP*BOXhYI$MgVy#}e=W7GZ82OsoxH)!za8naBl=k>Q?=J68
zeh69z7g_%HmmaCX$J4SCx`6dlkPMjoK`KhFB-5K6dnsFnXBjEk=58u%FP0(Cd7&cH
zRg->>3McX9-9qa>=n;K;$14M79KY7_=thT&wjPx#2J-v%V^mjYleQ18vgGCU*GM9w
zyJwX#Tdw}86qk*U^Ry?er&ga{yBxm>Noc6XjdEb>GMpL0!SY#cglZDdlTPCZxTTHF
zmcdyz8V=<+$ZWWK3wm1v{c1JyO0W&*<?T2Hz3pQ)4~Akt@&#3}8(=$EK&Qg$=MKoe
znmEPhazJ?_mI9h7800RoQy}TaC}=xaXG8R{8MFG~wmoh7?(4Q602K8Doe}a(o#uX(
zcm>N5Jx7+x^8NMp^vKYuTgOk=%ayk)fkw^~UHFql)=$=IyEjsW8m?EUJ*kMm=9RE%
zm|SWG&3RNLWAjGNC{_6(WCy?f2xgWn<K({ecj?dm=_heCacw)6HSslxmadr1z{F)k
zp!vpF(mzs^xaI8N;K&0CkyB@<fiXB)iVmDL!_?`Ak9c@10rF4tEYngDca|HCx;8gP
zCWC#qiwmk+fSTy3B4sXlvc6QoVRRw8u?>kS9EVCF2&<Gxu8Cdb;{v%2O_s5yPp;fm
zJ$9y}7{hU=UPG;#!tOwb&4HJ)0{fQN0s8`HYJ11!$IF06@xx72sX%oRVT-O0dlhoh
zsKpkhbIc6EjVhHV`erwm8`BJr`xF|Y>H(wN!z&!lC;UtBIT6vrWRua!cimCo`0sv8
zY+KOm(|zSPDr?`xS~x+yAmP2Ic0P-W3Wj%HCLSrwDG+Rb{x218rIvW*e4#Q9X8^1`
zj=LXyu$43xc4T29n(IEUv(n<^&qMwf<<J!b{h~A!(%5FA{a>F1Fg_1`5r7*GqjD+y
z*?j$>fV1I%@i$whP$T}|9}4`NV==%LycavM+WbGh7={acF$venXTIb2nf>#*!%@KJ
z+OFi<Xv3mYLrK&u70_s#xvKndM*rgq{_S=C;+P)W9`4@-!`EI#W6u$$;hz6kg16ir
zg8$9>bpB?2<TAf3KWQthS;E!pG9AseYYX%9Yv>xAyQ(H(!bT0Rp=4J7yG*C7W*{Wi
z-aDRqVQA1T<C@8bj&Qm$_!5Y#dR%*Ze;NKS_iwxn7b|tB;O^{S_Gh{2Nu^K{AhNg!
z+jd7R01OFoAY3~|TlZ!6$+Xn#Z+mtPfc*19jl(NToq0zvJ1=I4282c@TfaBK*dDpL
zWJw%$cw^(^xMLaL)(WRs05$imb`RTHe4a)%Z4|lm>$NrDRfCy=MoPiOT!oi7?>!O!
z1LFeHctDKatrpwrdKuD8*~^JyrEx8Sxk^*gzAtlG^kB9IbU$XQEI2AmXWO)F*n>SS
zbrnT6<)>!Hn&WGl<!SDD9w&=rRn(`<^f+rLHAYI;|8e-paj_$~#z~$XzOAUT$+5U^
zb<F_N>j;EvKM`93Ik(I-Jy2Fo*g9r>dF$tYf^x+o5%n<Z#_4nA+XM^$W6C4xgIb!z
zLBiThfB(3ajXs)2B?LOf8tGwlldL0HGYo!^Gorj(HK?Pt(<hq3(F^@a*Gz$9kl$<$
zz|1YM;sm+b_5B{jojL-c71pzdXIYs4&^aw`A^%c!M8`(1{e?<4+1ZUPG1`7z{`Y9i
z%nDlZ3>=c(8<%?t(`b0zyHQBvj7HPq<0@9pY?LtS2eb1D)CiJ$`(h$S2twlGHukgS
z+zJ(4340iI5-u@Oy0a?o)OosO;vymuol1?Lez+CFzUxiXb2iA=FuZq+B?mD%Asx+s
z=hpsJHrE|h`;@Q7?Fi)j$FxR}n)brMWHEs0r?Pzd0P<R*3hJH>Tx5MdOK&7o*g^F5
z^-uK0xm?d4C>1L|!&ey2qI9_&H`!yA8V}?7hcxAyMKrFrFWukz{*?iFJ`ke9{|8<J
z>jv<e^XaJH+WiEUMoYGTfBcxi2jnvX2zlqLMyZ(oC`yX0r=0Y{U8i=xkDV}Rn!`;G
zBh~td<f>V3Rcp+Vmt4$Hv$C>UR+u4R3M<%@!H<@Lefj%i+Am8r_@lG3f*+1w62O}M
zw`5nGy*NxMj>g4>$#&~PFs&7le$)WYQE&6=E;2{l3u@o*{^qpxw_b-%dH8O7z$;TQ
z^s7!~Xny1)fVV@nZU>Zz^3C`)Fs~lT6&u!Y0E-qm?xEAVHCi>kP@#|#wZ0^ldi0D=
zrsi#3t{YsXk({4jS=o;AeW-NwGe}q8`K(%yRc%hiX}1dM+-Ohnn%B;j=1TB_@}gN<
zkLh(@Fc5U53f905m2q638S+5CI&!;~PNI}<@Sef@;41bM;ioQeU+NglvJ8i|`<H;H
zNB>rD4UAm+8)n0MYnF`;dNafO`TpupqHdV)zvP*tkyT&3^h4kUB1HtLg;ZkkC#2p7
zP}9}ICfmYo&&-`oE>8+ieGd-~7Zg-;GPJOD=_EZ$qe$F2`8U(}xt<AueqJo4z<f2h
zM`An;=%{+inI*W;V=rEi$O`lE$eDnM$=1s7pD3hpgJc>{;h_$h(*^UxmL`QORf%C)
za}|LT`@wr`OrXyA2E0{TJ>BYs*BL=UJ5{FB`sv4Q^d^heSjN(*2*@o0Lm{9H#$hBf
zvQ7W?<38vA@#6&fkHWD6HGplr*4-BT@puBhRvX!Rn!zYhyohXHDuu;wUv59~-P%C5
zDDqm|5Jz9!)eT@Xrro(AogvX?oT?%y4c%Enpb7#JPyj2!p`GaYquT9ja5eXFpScL<
zE%z2Re7vzd?)LD)+@Nk=(a7>Y#1jmC4N_@5=?#_i%K1uyQLaRpADy%+>o^>=#%Rz@
z3-(eYAK-_r3g6REo2W-E-Haa0<l^BWjn;WZfry3zQ+}8qq&31mltQtZ*UO&p4H-V~
zIIpGiXkTut<v=tl%E&;PM!1uUq8E)$7Za(u7Lu}<fLbRz63CtZaCu6z{|U2bS=}6M
zJEgmm?8U|Ar!Q{W+7WRYMP^ZGY|T%_vbUlRPJybIA&A-c@{ECz{~^COY=8|Y$M`k8
z#}wkhzFEZ->Q3YRMW-SnJF~M$7N=BMMYn;tI<%fU=zYcM6-Mu~`bObC3ec$*?F#J3
zN(bekB&lcljebWFR5^PIj|tR^D7%eGt_FP|9zL1P*82t)!vmkviUc;6x;ss1yMwbf
zS`>(xj^~^75=pq_M0l%)WJWV?tr8nZH5WsDmdA+hUMfLEkvENBl5urdTwwawiOXcf
zXQg(|EgkBu0GzlbP?{hANO6*Y6c_kH26rAZ&ZK0(_#oywQV_&}P%Pz`VxmL^$98`K
z9Dam&bz=A3@pJSSe}XxST@;Ji)zcivXA~zItJ`}|={w#?gQJ~3^P!{Au0Z9de#bA1
zl);F`d(61a8)$^tY(wLu!+y~Q;y}9Uqx|;fa*?;)h?Qpp#Lf{Apy4*{2V#Y=L}rU9
zQwsv{INb3J*{gGvd)f$ZH{lm6zA^zU+vGlPaTySB_;F=(huu?JTMfVwJWrl(;CvAs
zFtC}w(G@G*SpWt@c(!5}EU8l$BwALKhOzqx<0FspKP4AXt~A(#F;MhR7RdVmoUL?s
zyQuA;*15L)^U*D;fUW7&o0k3eMP$Or1bRtCS|tw@uc!P>d!pV`v#XW}g=I+RSW|?*
zp%d_00wgzbm-gHLklg;w1N;4z2cA8lM^)<_AG7X5tlg)*aZD-gVltgTYLkv15TTHl
z)91(m<Uu_W!mH0HW@gEOB`l?9#CVM_Xf>LML<l?Mvb4M)@&*>st)fFSKWR|9yWz5#
z0&>l#1a^!D>67=U0X4;MfOuj)9L;D}beCV{MPi7?EK>sP0_;oG#YQXU@i>CmJzO@s
zjLI5PM&mK4#aZK)1|^NQ6~gvaMn}|d%QetKN{0*i#MDYvprG^B-L*}l<|`{&(hV|q
zdJi#GMpsww>ck`2yP&4ZLh%D1YP{_$7`ne2tgU%R<A1PX4ScPe{H9FbnT4p?0L<-A
znfH94&z}$U1wAMo@Mge+&LlnNq(C8*iTsxn1xhb(5im(Y4ju^f3ZFsKt~BMR96gy9
zg7Iu;OV+&vG1FNbW;6Oelu)iYVb{Nczp|>fxo?K@;SR^ZJsr<mG!+aBrh{QBSGg(s
zqM{GAwhxzm%Ed-Izbor*>~82LuMy6LWqiMvC3r&<k&*%-LBtYATbY=slJf<XQS4I1
z(pMj3P;2n(lp6}KsH>$fBxrK3yJ;ln4Q4$DE;_Z6Z@+MIdv-W>pu>r--ltbI4<&NG
zUjntjEOTGi%|caJzxq0MU6$i&wXRS_L;e;?HJobjC36K+{~qANX<oQZ2Q<6enrIR+
zWRjm|QR8<wv~7Gq@($miQ*ZD#JqFhVq`C`_g{V2nbq(Q(!xDAe#jBT%8zTKH(II+$
zF4^TYYQF$f(H5`(Ii0B(5vS_^UB=trJX<)DDIeguOlI=Pq%o)MF3gtTGLE}%9(n!F
zx2e(#&o(5vkh|Bp5{bTz+y-LX_Uuha<uk^1E+F3FJneY$JJi%?7M7gUb;|G%?-AC1
z8`F@GL)sp=|EO5#?Bcw-;IOD%DKb4+*_mK9fxrv<dC+K*?{dd!bP6>yPQI=QV=#`4
z`jsfNQn`Rgeh5#ikZJm)Lf}FtFbOkY-?NX3BKG1PDoK08&8T>)s%>vkwTxc!{9Ssx
zU#F^(<#6uG7a8&wQK+e>n;xpiK(}lPvgil)j1o|e(k!ONJWgY1e<q`7cii<^R}K&)
zL@c|*^hyXP55_nC!OZNM?|jMxwL1yxmDh<~J2L)0KvNxcyZ)5|g(a;c2;67Ek93q%
zW^-@=(GmiaA?~yRvc9^OotNX+WM$DMaxoXtv$ec<L@uM?sT(^d>zYT`BMHkxpRH_v
z!=dLbQmi}o8@-#7<`9qvVM69FGBJp_kFU_Fm5C(RRb>_6dVZyEPxB;qR+0gO5t=k^
zK`NF;+5NDfc@;%kVx-B$7;5>VUaEzh!5l`pK17>O>k1TLL}<*)Yj1wXZ^gnhx5ZKs
zw3;6v5b-&^yD;<eAq0Znh~BpHy3NT}NIwU2&s2b5E>X+@A@jnr`7SPS-ji5qzU{(p
zyMiMt6#M6`MmcOBE(+)=va$r2j_U@evTL!k^Ays9!@eUs(;x2eA8_ODzC7sAa|Gc*
z4hc<W`D#_U*ZMPFt1>Q7vh#iX^(o+psp93+5AC{=dwPfWH{>hUaRFmHlw(%ugFSGV
zP5n3HIXnDUnTd(%QNGhAT!-t_S(Gqx;-yh>E#{70zxy`4;QAtD@?#2K>HYjs=Ymr^
zqYr(=wIdu%_0bC9HEd?=`0Mk_B9%arZmIaFj~-V`K$17;;o<sAUo45WTK)q=bCGkl
zo_dVVUW})?bW0N}OKhXL79D-J+Y$a<3)*(+{5#Hy5IU9l!JGfw2jKyPRc~BHatKN&
zDr&Wlsw6k-zTUQEwW*=FBD-9y|DAYh5X`3l52~`&3uxJ#wm9ibb9KvCdGh@F?_H2y
zd7bGI16b&i94Zq|l=Nt=6H2kx@qJhZZ-%WJN%;vecyzyNty)mbe4WMF8?od^(uMk~
zBkXb}^patL;`%cT8eg7=yY`kx!nJ#F>)vdK*+{Nbgw*v@NmRMO#~xh!u5Yt#dI}ou
zZ4xsfxI`!)8cBqCskUaVwp&XqNrjlOUILAKcR)Jxci3KjD#b3=vNn&n5shivFPF90
zE#6v-Q%4Q!r>9W1V440@fisPSckT!zZ0`uN!?yBeMp!6Bu5zcI%Hgb3PCpY!`uC=W
zV6^6w!z;B>7_rg>@@Ft{R!jhuY{X`bTPkOU<doU{v=^^j5WdAVsJFT;qp1{r!b%`I
zigv}V8&~VFN_BwFZQ6x@=(;F$0A{n{+3@XIMdp;Nhz^y;mFHnbbFW_VZRDK5;kEFL
z9qNpP_=cSi9WBPDT0@+Fmbg`^8(*wd`OZ8Wr^M4kb<Roll*C`%-Jeeg%cv509Ndgl
z$#jE0etK3W3e2mcWoFC0A+N(^^%V6mcMreAMYphBh{<C8KFv;O8UKcchL-mwg^Do3
zl)Lh%t6^CcjK~!E)fTjQaF=@Gts9>oUJ#?nZdmZn{)w$>;gS?G(SYlbOY8&yvtuog
z!9?nian#8K82#8_rrjm@^p?=2fvm=9&!?sF?_p3PHjvwpiB&xP*QMF6<$133HVhCI
zus$EonyY5S6q26QpkjXzfk%L@jKU)FroYg_nJPwpz(!qoH{PI6bHGeJywF5*rC<D7
zWoVX-bAQlGH1PxCe{5(2`JW@I8sCcTT@M8)`;QRtZ|)gc6DuZOZ41UyDIfqNA{Io!
zXa--i8xT}<>9rf|l9&6tojr)q%(B4${YlT!O?f0KoA#;<YKhwjq%@&Hz}nD=sJGcS
ziHP<3APH$~WH_7gp=QI<!)A}U1xS@vyrIhd@3<&8F-R4)F<58sf80yI{<5-3n5Lq6
zxml~xB>VS@_#0jofGH};^8+I`|0hQ(wxUPe(s$ZFweH;ff8e1s5%*}lPkc%LT4sNL
zzd943qs@=5S0I?QdV+gQp;qxfAIM}$HpxTPTKB02y+8KXzdx8=@}DGVaqDx0u=OS6
z$Ium1sdQ(D8v9)$5)yX$*ohxj6%t?kY)#S~#@~!oSP=K5a&avLhxh^uUSYpu4Ayg$
z|1TdbI3dF)6~IAl1FtuF6Cn$JML}m{R6IbzHMcKm!pKUfUO%2mX4c!|&6!PTa{epZ
z{cFdqWD{xHCU1suHfrt6d-<ST?nqNV?`_B{3B8uw$q=OC<||FXNktub2ipCl2sAjM
zVD`Zb4GrI}ey4bj5pL(av;^LQ(Pv48QyiT-KvvDr98;u`Em8`o%x`VFVoUYrZE2KJ
z923sZt%XD+eC6)nMQ^7+<d|&zEpYz4*VKWf@m{A_uL>C77Z#HMW7fciT6ehv{#<Z3
zh@$!d<u*%@*upx?4$?WLHOwIh5bOXaBO}8+cXa!{8JYOqc&XuYNo{Ry0*547vQ+%w
z_SWY!n?NiyTA;lLBR-;$QN_Z>wijBonBGuT7bmM$R#vvM{N@EZt=eak$)uG3-1q|j
zC4e33mQ%-;NPz%@s9M4^1qq4P$_*CgF4Co%)zu6ZN(uMp8U>TiPV!#>N?iI(D(gCI
zO;q^QT>V!Eq?c4pcX*CAM-X}<(Wre&*vcf!IGm`I+A5d(^N21^m+o!+Fzr6D7^{m{
z0z4ujFmSFq1ONp?JY><o22zcR6<<DlLA?7UCu!x;?RpJTac%}ttEx)C$%)5gvWRfj
zq@K20S9zrwr%uJy&OWvOuRsJOc8TUk?3O%J7VEw~2#@D{<?Iigy8XWdBH2$-Zu@?j
zKFqD_H7qPabfO}tbO_7Es^E}_xV``Y@d`NBiQ}}20Y<E4&;>cUp;D`#z}KnZd#JKV
zIvmEnYoW+Bwf8xI@&g)Se9ANj(-T4x|I1N(K0ZJ2B;}%nA32>QG!8mNk+qi#&9xqC
zL0N`tEVBdF;<j?;h<zH_`7aga2FBjOP(Ekt^3_D|`IqXz=cSM@&Bnl<!2$0Q76_2N
zYUK*A)?D`R8hO3VA$e_2oy6gWR}6IN8Xc|u+?k5J+uZiAg~`<lP$%-0)Ry@w_inu@
z*``aD-GO-4i`oLw(Z0~J#D2Q|vWj2_%$LA)AHQ-v5ne!)Fo(X|+Sq+ZbOSJ;j!VEg
z9tG7vU8utaAH6z+X1;aEYq;E*=Nexyvbt!v*dma&-6)zr#w=<F+H1(Y0V}YuD9wG*
zgj=mI%Ovp+XPyAZrS-cMp+!goiiBn&%-RjGi8BYrN4Pv6DzYuy|5>YA-Vp)qqDyl-
z4Dql0%!U+_DLbG}!g~Hg|BU^b$jTb9lF?HaRjGD1MH;(%PwsKJSakouUk*q+AcI!#
zqyC=zB^S{q5WoPA<K#301&CihCe7Zho*%xaTXl!Lbz3Dm?w4A_pj8S9NRZea)<P;%
zKB&`r5V_Mu&gJ3-j?igbznNl8?SqgrPw9T5S-Nde!pC%Y*kwaT{n_?*HS)fnTXHZN
zDT`>UJhm#to(Xj;8=x&ML_XK}@s^iz>&bbHPdcZzVrxh`c|!ki23;lwp1<h9*U%yL
zfA6zz&%1+2S?d5`3V}ktL02coRQ1`!?)V7YcIF)M^T;cY#(zg%?f8my`uO<4^2gJL
z-Py#CW%DI8V8T0!?yzQ_!|zRd-PmtkHM+UGea|WV(#p;fjBaTOkFeN)Rg_Lo)c8Dn
zsfZmIF4Cv{o{UbuB2GvYxlY)S^n>pm$<h*Ohx~4)Zf}HCgQ7GP?34I$PK96yZl#El
zJY{OhUy1&Io(CzA&&~3?E1Sbg^%T}v<vQpqPgdqV<7rct{gk!Q&AQ)Wg0PGX3ZH6|
zwl&3HZi4X%^vT+FtcD%b)%pu-eA58=v1jepJeC$|A`?<sWSslpkDIU=<S`}`5gB<d
z95K-FVpM~1ws$W9S!gg#66MtsO<)8Nv-F5;o$ED);h7K%n06Kt6&+nLjJUfx3UnP$
zihuPVIOykUyH5gKY)!7~zNME<GR>R<GPWopB3_OceD4)XG^Q04pw*Je+-|?J;Dw5E
zN*~i0ds~-PFrJB&Q~RN+$kv_=bFHD)vPIg=OJ#v4sn$|>GCyo~_zziqb_D@mwE^+m
z>GwNJm@LMLF+6CJcb$qcPEZGSVKg!wJ7dq`B#Y;8()O=#5(}h~IISR`Klv0VTHjuz
z{9q5A<U(*0nd+k2TYF`Oy0z&NSwZ!&hRO+7r55)vBzummP?p!8Jd0U2s_NT+?1g`y
zX#`Zyz4A<H<T*d&&_pIj@Ju|(ju-M6>2AwQA3f&04hLlxRMpZ^A%=*gl~aUs>?UGB
z?ZZ*T`W0z_c|^AR_u|xSlfU*uYyf+O7X$Q1wXktu`hpIoa{<A%rkqKF9j*<T2qW)7
z9f!%}?^F-@a%+h#az8JBCe@vp)8z|_e!yizpR!i=`>@vcGt~nmk`tK%KGKn2;<Lkn
z^qd9eN3L?#72EAD^pX#c>U8tp{A!JBBzxv#iSP%7sEu|Df?a2veWFzG1RQ8@e%AeI
z^Hn_4{D-kmOQq~LC>_VIkN$%i{XDzn5x{ORo-&cu1!5qMm4DzaySACcs!1IRHCkCj
zB*2uD`kzL$C2UM_Ys?ra*&FQ_^g34>@wRPI`ENf@kblwmv*$PnL=`qr%1mnsaU?zb
zXUoCf6Zid_t=g2%o;)m<N`K4^kbJoZe9nK9FD|QVr1W%7r`zN7<kN0^NN-`l1P=G#
zeIE1;v{wsst~WxP_$CdX@ZN+dLYAO9$$&owrAo)oU*>SRAzm>wF+=Sx{Ui0Zakb$n
z=<O;jI>lt+C-7U*_M6@3FpPQwd1dNpZ@Izp+zG#f;=cvf&tLuLUoL;mrU`5ssfaPV
zt2$U|)H-V80N!qW9JZPegIAu*GqsU@5f!Lyz0XonI@Tc1TWy+f_G5Dw9Qwq<oK6R?
zN^90=8h(7P?&;gjsN-xgOX@XK(?(cpQ^itXq$~m))E4|#Nfdf*2WUmcBdR#xJxa4j
zhr%YP0NuwIv0)iK8~;aV5aX-6Qh#|vYh0Y)@v_aHxkC<Wo_r-`2N_9^=&ZJA@#M65
zk&e|V7+Ostvspqt$xyypb=+tG>~O-ei=6K6FnT%$BD3kvb$Iy~2?H$hzjGPCe)E<<
zA#Q1<80H4k2Z%H-^m!=uqx+p~zAs<C#Sxp}fDCp1PnXla35vW<i%X-rt?0jN?w_k1
zAOuN-Q22`eZ!rt}#N#z2O}(4WUD2jj|MM_=@yZ+tL_P)=EF$p#_+AeTKcKftC!ukg
z{O6qguE5>BpbP?hO_VW;%=Ufvu3&^EyKRDw65lwahpGW3kmTV4(%tn5tV8N-zMIu{
zpN}zLF1L}<9BglbS-^iiTs-!LTfUXE+mCRQ%gl&YumHm}LQ>hm?-21k{Sfg3tjyq?
zaX+f>WjANiE;_XW3)4k6-R%%iKl!RJ*7Izy;346<9Qo8Q=8iTyoNjsaHKDDZP8J^T
zj1qr`gGD8Op~Yq9J^6G8y+x;Jzy$x-kgR_%NnLP|@1`>c%GJ+zZ<=9b7t%~RhZs<{
ze3`GoQ?C9(I9IAQ{@MP>D^wEz2i7Ki;lxyPF(&=imSc-0k&#waCYc=YPS_9sj4Xjn
zU^dY%%irCp42w#F%fJ3R8vW0P$3EdXZ93sz(`_+AxbtbpduqIr%f~Y^@)ew8W3z#Z
z?gq_s7pundAi+ol@D6Bl2r=eWul0q6C<e(E8)-;nD3?E?Tg*YDIa@Nnv9Psenn$R-
z{5n91UsV+vP+9G&a`U0UZ5PjSYaoAHtb0o6%NOeFYG`*K(b)LGt^IwH+oAo=pvaD}
z+gP9fIvXHwG~u5Qhc9>syT1q8vJ2fp2+;k5&eF|E@01i40>QiQ;?|0`rBg&Y{Hw)R
z^*m~(1lTDRWHE<b954959$&0wo9|ykTO>!#{G74zkjO)ug#Q{JA2G4Y)XzbK4rzL_
zPr*o~Fy`^C(Tr5O|JGn4#`EaU$wCD$=i=hGdR?(dRm86+=Jb_a6M^AV0B%6CxPTE$
zIIWdxh(26qY~C#c5cSruh^t&I`lD+!ReRp*KlVAy*>m0AU$PZY_RjYFZsky2iqUC@
z&5UQ*bg|<x%W#|k*e8&?J(tMPXW>$*-lhvAm%GGnP0nu}Cxnj8<`k3a(a^yEZ8xs(
z%5r+WW|Xi<u^N94o=T7^J|0{hw<kOW?47T!%Yty;?C@H!+jL==L+||`+e#r&beet!
z5EED@hk*8(8Wt(}NSoR&=i{ch@z)p_h$?Q-?V5_U-c)w8<$8RcpLZN_Qo~*pN;%AW
zPK!oUL&G*DfM-i#k?l@qvVm0?f|E%md+IGaLpojIy0gA73^YDZmv7=sk5B$DSKOpF
z03G0PBs+`W>wD6tINP=BZJ<4efw?@E>m0Pob*if6xh`_<?=Ntw_z(3-xe9m>9`jOT
z>5>qErQGM;_E3AM@e}0D>9!v*o|}819doAMjVp=ON`UcdEE~!~Y<pv2vtmMy#o`uD
zwaFRWNE0htG&-XCO%;A-gy{M@&j4?YzldoqgPtZH<unjEc{NRSdkb@QSXXJRJqt+y
zq}!IdVwq8+#6>{9NN$Rtb>a^OfBxUK2ot5$K*_d$8{%2EKp_p_rE+r%*T0yvX+!y<
z=)TLDeS|rJfP#|JGT$zc_K6OyD*a=F=Fpd&g)-s+jT$IGKYjtU%#jakO^Y2?k?ZDV
zT1qKhqgNp)%Utt1{+g^SBb1Tt94@t~^Wz+A<o~sG=KoOVaU6H0a+RE$G?QH8m>Kc#
zaAhQ7%94mpj&W2diIvGY2o)Y|VURODa%?l?T8zk$#mq7Yt(it6gxMUq%`o;mtv1Q`
zANc<AeSE&J_v`(9y*}D{viOcua1J7$ICpH;bTod+99py7SqSt6@)(Td%v4>Y5KFX1
z&3JSys%-#pSH6gb8!H~?u$HDottVMVK$XfW&@byf92h<|5`*<f05@%^^qy}Gy>fI@
zAvJPhuLP0aDo+sHbJ%5}`B%-J(WsYFq09S;mP4fnW0piC!r(zSK;V~PulOCH_r|So
z<ZK*p|D<JSrf_cB>t73%w1;;J$%5l3+e<~{F@@}8C=P&G0)_+ia0loGB)pYRt`r=0
z#&G-osq}KOE@4uP-`^f5s)UXopZ!j%C#ZI%aHV>OlJmK>_$y9SOp=3t{i2<-sgYCG
zXw<t(WIt7ftZ1I)HHy__S&k%o=MS>37+Td{>I8xuYuIw|<LZA_8d*iX<cBJ(<23Xa
zTsozYYz!eOUf^9`hCYF<cIO(J+7?N0!RU#TCxxfV^9>>nKOPD9{_%GjrO%B`-U+I|
zDJLs1hQ{k!=(kR)lPFU-^+369o8h{UMBCiYC25apZuO~vJS(>Ixw1g8NO~a^(h7Su
z6EzvO0xs~A^QM-F_rKO}+rp0v9GYz7g!V2Tio&)jAlvKlfo|v6UKL!s<M)erAz*P1
zr2ed%yD*%JhKRv_7|oq<TL*ESl|lXRsZh8iJuSzJs?(5?tJQM^S$S%RTO#|y9b6u^
z!f|06Dw!ACH;e^UG(<vo+E>vTcYz9xERQ?A&NfO9LP{=!GCm%$FsF+n{R>(wKXCco
zMs3N!XUfkZ^>^;wd?$jyxgLk2ML*rhw5khDRXB^$@6APb{{=HM24wzu_4g%UIk9k3
zhNEA;29_^o0FZSP8Y%aD?39TNbUc-Ae4Uvw4X0n|(Xp7TdWI?0bS!thI}b2N>Y~in
z<hl1|3njD2DXiyNf-!eKs9sBG4?H=`<$&K@Tv?D{*WRQL=G)OqW6L<H0cHCCRVH}(
zhO8RwbQ)m?coRvL(gHvfDn|VDaC87DIUY}IW#o5Qiq~gK)&LGt^H(gk(rycjZH@mq
z8=mQ)Ac*o!BIX@61-isz$u;f~cFNW!GBh2%&~@258P$EpQfl}0yKT{h3|@kVdOA$%
zR_i=&s93+xcUoH`C5_0s%`}~`mPhs9cZW}tF9p|7s4P*M!iszw1<O(50Jj_-TzJS$
zb8?F~QLY$%JiRfD;`&R*2noY!*&{w~v^oIw@G15VTH5rZ93AlmC<mDR;^*j?pQ3A3
z3w81ATwpH<^rUccp14|KOTF8v*XimCOanR_U~!fB2Jmuc5U_M{JuAPE69X-J-yup|
z>k@W^w~BP49@vsOJTp`lR@f83d_Xo4{S)OVIhlZ6%i2o3r!$n#;}g1>D_~_o1%Gos
z^Nze%-dZBex1hIvGkZ%RkU1IX+G*))LIkrza%|ZcKEs6j?Lpz6Jp^#hjZUhhAe_Ci
zi{m3N5vCdR@9La`({>wUSMy?TtBh1&mpg-tuGVdK=ONt8{KSMl#gaXzUp$X+VmcBK
zgpaC`e=NcVFzaK;On8V;(oro_0h6cobjdltE&^uaMKKtyCB|B5=W#xkCJJ?ashBpd
ztLbF&s;RL}pH)yoU9>2h2Zn<KUp5*xtdxC+&P2BWQAQN7)6lbqJ}`nz7Usr|pL@8G
zp400V<Vv`jJwrCyUc3Iq;AM;}|MoPzhDvH044!+k6qzUuNg`H#7~yQNLuH)R`i6$~
z^M{8#Wd}<t7FK$yg}_ZRGm2#tQ4D<83MkW6y8Y~Ub{DD*S+nc|A>}O(UEX}dC=SMq
zg}TUQOp)TEX{roqNKJAY7X@X06s+~9_w8i|daXH2|L{4(qBSmJ-CS|u6aQ=DZyxlV
zkwj0NbY$La6m2&u(yEyV_};<r^U&lUR9Le>9tN<l5t|Vm=&wWb_ESPkxtUaXH##t2
zx7V&q0HS|w_H+~fZlWK~75yS<iMv%ZPUHikpMn9+%kL`s_pgH}h^~FX?=(|+fCp)A
KZB}NAiuo69;%$!r

literal 47336
zcmZU41y~%*7AEcl3jso41`7d#yABrIU4py2%i!+8-8HxccL?qd!QFLmmiy$sySwv!
zJzY~r>r_v5oxe|q%E^eLqkKexf`UR97ZX;1f`S3QwQrCR-oDLtWJ;i*P-@MDgyh79
zgn)APHpXU_Mo>^<p$SQda*78Z2FBYCNJ#i$U=##x{2XD#ka>Ol95EAO;E*VK`Q@s~
z!fAee5EicbxnCOMX8~<ku2z-1P(}ZnG`Augo{;(sM#vU2>S6OI<$m{ZXWR4Dp`9Bt
zl8(x6a#1iPr34R@jH3xhy4D-$qpT8d^MQq%;m1?+6o`r^Bql~ljywT3LR_lUMyxe3
zES?`<UuTs9b3Z{tVMp23Fo?zkUg%lgpyt<nhgy*tv0-6X<r=|bFdnReVf5x0Dal&_
zjSP}S3`F+|f4kHFiOgSkabKeZmCCqlvWKj|NR$fbZ@|t`^JBav<f*Nx3B)&W>-rQP
ztIzXuT>M3b^2R205Jj2~q}-L~Lcmy)#UYwHnDq+gi+Z(EPr0oARJf2^Fz82GMO22`
zlom^rt1Et4SH<`NRdiF7Lz?(KZ@=HCwE)Hsm(POlO_+-UqwK;se2OLpcfLhde;EMT
zM;I+)g?*=D(mBPyGTL(6A(%t~r-l?wjLU|H5pD6<jnpxY4Thi*L|-W18C@cMdnOgn
z9(Vl%)wfz}-`-N0T*Q%<_5nBl7dN=oJ2rs3A_b?YSo+K56(BlPrB~9y>wQyx%0`&0
zym5AS)(^ZAj<oQ$m@ShY+;N5sz$d<bOcdYFAXCd|KcscRujic@PY&O%g4X2EM-#`A
zLKUa&7r*};7Pib3)@2U0vavXWVpyrotL$A4iPaWnk%@S$sV3fR9e6NY{YBq|mR*e`
z=>=XfX~p%CN1B)*jTyca@#;B&gUg12Rm+BV*M-~FMZaA~J6%VA!9>$jYr9}Tg^NK@
z2l_WvVI~S-#dm5fKqXY6J9iQ<U?ApTMRl2RU?gpDtpp)XAoHHXJZ$iyks=8S?jzw$
z3SML3^rBRYa)eNBMhB2$iSfh*<db3xM|~AeB%=_cQV6vaHILDW&HHV(O*$2|BGeqi
zw~c;D(3is!A9$EsxNjKmZ$F92f|3zhnCmd%S%;|=sggar&sPV{8>uZ~lb5lN>Ij9%
zL6MFy24xbtweD%B_Y3YjicFAZ1WkX!R;iuSFXQhtr=KfuAlMLO*<R)g%U0GuM1X+k
ze$;b^^YDwZ^MpIzJA^0oCuvW-cED>SKjl8=Pb6zNVv?vBiDbzyr13b;SW%c`Sk^f1
zNN1tKxd@XH`+{hs{W#O1s3Bz`njts6ioMSI>~=oFq-L={#fbA6u(RSNsY$I!PslRJ
zSAjP%d~pfC9}GS0p*VfNlHkP*4|)tz{$~H(wk;5b(igBPf}Dp$bwy?Ig_~+L-XflO
z2&kN3E^?DCB0pU+T#P%zb;x-rbf`%|K_Nt;T5uqtUr-={D}fkK_r;0IE4O6wt66)U
zaB6x(YD1cHm~-@PqD)cRRNDda_4fyJcl2kpXU69|CdEaOl%lUn+PU8gR<b>X?s5IQ
z8T4!kYVq$Q?E6XjS^Fh%!@^3!Dp7QdswEPJ<P+W{Kr0uPW|$|NCmvGIww2;3XO+ax
zNX<UY2ABt$bI*(wJ2BfykrmP_c77jQ8RQu_*27Xa{z^=fq1?SRZf<Z>R#w7YI#4{W
zSg8Q2_*3FL%`m%eW@!F%lB3v8bn6Ok6?p|Y7nz1~M*0`yhX1axw2gGEakX*VuGQ$c
zh9xby9If0*BT^%}?qVr%X}W&T+-8=q=-HmsBKJ|at9LULk@C;HfYVneQpXSb#}iGt
z%-Ll{gvB(otN9)xkb=yh%tq~I?UX;rZG2vZ?M3Zs9a69PFAfb{X~ScNs#W7PkLZqQ
zerVeW%jipJ2<W3|dFZHUN9X_o`A7~CDiI?QT9N1ehknIKypQuA*VuECZKbB9*i!3K
zJsDV;BU!cdmP{W;q^2WG5^Yp0ZYR>MPmTBnT9=*@;V1nJV)d%~Hk&ET4-8X`)s5Un
zQR?j*ur;l!&9j7)x4FcbO57EKSw~YXGEB5AR*mxXaLg5Tr%kWSYc93}29G{B%DfmK
z8K#-FOyBxuq-s@Z`D)d!5_(8__<AKg(;_wt`Sf51e-56HQi&oRD35Z<NS0B|P~oWO
z@N#mtOXQsAgf!u|kT+R6AFNk#Y@{ovqgKGF0_G_y2EK!uI9qm_i5wq?SC@Euyec1S
zsf-nc6`f@cZW*rEJuD&n*M=US-Cm9t4~*9PAf>nNn^xPj*MD|ahwIl19Uyi(_X`id
zJ)`bC&z-KcwmpV0_VD&qkLPzQcL66l2d^BR3_#XwwrtP@m94;f2~bc@Y@#{)T_&Au
zXW7OLVhbES3Ll{$YA9L>nj5w`0X3>sW|$0mX0!KUkJ;yG^68H~zzDnszGL}c>UZhq
zYlS#P!LpU9FD%`3`g+0^<jnTY+kbvT<oV<+a*2i0M2GV<_3;@)8Ce+t`p^232Habp
z2WZ1uK2;LYN7+aKDSF9|CGe9sKn6V#nZiZAxxL)XqsC)tZgz>cKS$IDOqh+YOaKz3
z<b9t{q#wF5wp6bW<J<<*emugr`$hWU3EJqTRLO3WP~+Ydy5`3h@<`r@X=N=X?Ix&X
z-YOi^RJ`wy!H`%>d?6wGYT(i@XKZQg^?{Ry>Zn*)I*x=htvrdBzD3KNf;P^1%r31~
zPp0Fma03nEU`on#{BU<r9*w=jJ;r4P&v<KTYqW#GE^%rRmn_rSkmv9{%^qYIar?Cf
zs)N5O+bE~2+X%JggB_lgPQ+Ik?UkBdQ}K<s%mQCY$k#l&VKwLa&W7x|_0`LTozcMN
zKuOdVFw#>_gIJT8%1m{)S6>6*0u%<e)I6xNpB}R5>)w>4XrS1k&{08F(Rvs>EegvD
zQYrdrt+~}|e5A3dF}TEi)H-)UrA#|Yf1(X?@)9Cw`T6U3HE5BLE|ELYW?5|Y%i4lE
zmd0e=pzHLKv<~$&wT<e%(yYzgVypdCFl{$2dxN`8`Ep@Px#99&Rv&0>mH1a%&Qe{o
zC!(F`pQs{k1Lua9?)w7cq}z%(Egct0XP48^1&4<If<oiUu|KT!rsb^-HaeT_M~~09
z?6d0gR+aO`^qf$L+lZO3sn<st{v?Q+@9f^q60vc%-XmR!*}+aRbmVj}mRHwOwU<1b
zo=+wkLw3nJ7M~g(le?-*w+;v9)3Y<b@Gv?uy>53>9h4*$DayJuj##_dem)&3ubm!m
z$Ux<E+3@VVXD(lv`+>(p_o-#y`C^}9te}5*EQzp!LyOaX_TVs<ZLcB7f^I&wqD9-r
zI%~>%GiW|?n*G^2v!k!Y>HfBE`NSpnY~@7kc)yjV_3>DHw{0GBb&A2K_7HPkbr(C7
zcR9cnT?THvYiplwx^hj@nNOgMl_hpWZPs~;y&6c$>@K=4+G%@eV;w)vB056dZ+Y?T
zzskg$!t<vOe^GjNxT3jI4Sv0RIg$W>2aj7U9_6r?{V{J_eIC2e8s@+2+=8f|A%fn6
zXC8j-;p{0M?JbPA`8#yPv@3bm-z`1SZZG%b{LCSt(&+~fz}qeeDk?zzIY!7HfMuwJ
zl{1MLn;{E|@J5Wle4-@IXb~MD&=p1GpMmk2D1%C)u8#dMZ9)zcz|7FWo&D}z7%SUr
z)W~5^VXzksIS;hyA6pl@E`__`$gzvH+2?VhAZ4PBtj7+hs$JyE0@!njw_U7?k(#)%
zv@{g;TN?=qI@k;f?yUv=c6@w0prBymf}jxJ&e(5<a5l_;sW8B7*#EYnZvJ8vP!tju
ze>*E0*c%yHJDA!y`oiigys4TqQ&MwOla}H#u(6`kGqlk+qI0#f{YwOj$Cc}?X=UW7
z2XwWvw07Wf<t6<W2iIHsuWou$;J;WLEqF=Qq~(A@Hugq9HaZ4622ws0AP~r7Z)nV=
zAT079@wZ>Rq^6FJwp{e|E-o%~F3fZ`_9pa<oSdBW3{3P)Otfztv<`08j(V=N)(&L<
zR`Opx!bT1T_GY$@W;WKqzx3+q+c-J$l9K*q=<m<J{WNkl`=2FihyM)gZGiNDQRo@z
z80i1j{U*xuS1*^GnX8edy0DqmTX^1V@G-Hl^8Abc|D*iR;y)zS{wK-G!tzhae^CBk
zNo5Bkdm$UEH<ONh|C^cr2>+A#A3+}azefI#Nc=m@|LT2<Gam{M{oixOhe8AiYled2
zhY}YSP;!Mn)<X1D>buG!Pnz&JYlFPY6~m!|VUy$U)PBh&^=nJY3R~d+xlrZutt%+3
z7^s!%81u(N_Icce&ZG7FACJdVx+b`qEAi8WleN`GZf@olLL3~NH0O<Vy*kf62_{2K
z1|)nqG#CVEe;)zhN2Fd6GOQm#0-ZqJzX>!j)r^e7PbR<r(dW-UgBc>dm49yYfA`j5
zhQLGg$bpl7%lQU>Yw(A{JSV_MgE66ofk%0to%=29E<7nwgxlq8Y%aIIzhA;V_#L2d
zW@g4xdYI0>@%n0SSX6v)Fg`9$A8)307y&MK^`#~U>9d4Ce*@{dKYECKmmy8RiQ_gN
zq{Szd)$G%ktyHI@gXd@vI*$oNdJvmpKWrFL!Qb793jFd^=QjM|;qHq5U@f6+ztEzx
zP?G)_?{{~BP|$P(5jV`Zy4Up0ip=%?Gi2g9nopqPg>RbmAq<y#0$mjY;||*4dj2P8
zo#VZ|gpo1TCwqww;fqa{n{e6vVXC#sUwD)OI8F<CD~FWFVzkhxAHMQO60!j6TAmT#
zseNCuDN`+%P(>&Dni&NE38ej69Z6~QnX_70CuV?~H*M^|tl3?(_;u$l)9E@gjdbUU
ze1FLTRd^mtGLfy#%k}v4-FA3*-rb!mwPLg53_d2>COrrgHIzstjfg>%OC}nn0HMn;
z8~@|g?c@1!!_H#UB?$9lrb60cj@7ubhB1l)2oxiA4B*L{uSYFlthL+hMeeq|4;x09
z3W`kIKTH#u82mx$ByVW%A^|W9x%Q_3PLgXq8-CMHWiuBZ=e>dB<@P4^x)^;wE}uxR
zs&d|l0M&E8ly)}pm}Q6#OLTH;LMy4V8XRt;Qed;mS&KCRi8pb+mp&jBUJo_NEU@-^
zn1+X?!=U;6wWoU>_43{`K3W;xS?QNtj#OoE%{DCTJ)qWDF)JK#$|py4YX6Zq+vv3d
zvm=eo2CFeLjok#r!V7C)1ZV19QVf`0Dp>1D$BR3m8PXOavSLTcEaOokQeQe#vZYSY
zD(JNtfXZ_?1+qN{W_Wl5+`Ttx2sUpXvX!{CpJ~9&5ArXzv<mrEH<P!-R(%yj3+}gf
zmp!r|lPCK32%m$tIyO>ikVnKB4lYfSDoyJ^m21&-ucijEp0Hi6DJK3tcyOMB;-T74
z1Rw<87%cq9J2KJ)*XxpM><0NB1jjwA#)*8FwY=^?)XC9#9ZBS`tiFeaUAf?5foFH6
z7{n_(`gUQ(LN8gIeqLGy+`E!->O@$?cT-0;9g;d=c4e;N%snR@&2SU#WK22Dkq3{8
zJ<ks`8u6zeS>w3sj1G{dD|kKj14ApPjyYdARxU9Li}dd=ug|?)6!Q>n4$foA>a09m
z4~fLSe0Zr%Hhy8%%x6uYQI3B?`)G>{f)s?|4u$6%o;=)K59K$iD>LY<I34(#xrH)D
z7$KmtJU0?tPnzib=Jj^mfi<}5)G{bG2zGuyj<#f%IP-LVMSnelx&>>;v8u~3J&SP}
z%r=pyiC3Mm*kS`}8?=JGDcc`gwkgnHHJ{J{kLN(+-4-bnNK8GTzfShD|H;St)bM4V
zWWTvA2-*1;*z%Y|qsg4rns>6=VBnj(LYc8s^SK|Nqd;XQ%R$Cq_jS|Gc)6Fm_(J)!
zK%C1guD{u3Fkm{m<LP6_>A?VT;ib{=l!=a)5WBWV!Vx5|2eL>BFv-zHD=5rYSe~QZ
z(R4q{lieR3JX5?Xlr}{Jm#O>O0IzoYftUe4^t7y_&bTA2Jr&v3T4U&!r(j|KjQjbo
zhbsq`Th{)aDL&(~uP&$*pGEr9=gPIx-d!GR%7^Or70aAxD3uzDpDu)99>c0sXbUB%
zCBWb!J8zZCmw!b6^{aycSZ^^)?l^^iw_8J9pnPQ<0F4X*I#$Iv^V?&-)3fC*^U_?Z
z_rN$=?#McvFBdXs@&|a%I@P%ysn`#LrU-d2KbVh5&4Sa|u-eH2Fp_{q#VQ3gaBJ~&
z)dveXZSl{wmF<Q45n2PcC;OblEJ4~Xd1&3u*NThljsylMLMz(5&C`dh7R-jSs_i-c
zba`WYj`@AViIZ^!!zB_05;JvnJ!p0uyz#V(BAOt`8fR*=)2T4G^JyHH)mn4H%-LlE
zjoIju6SmVVwQ{j|UeINS!#v%CQNNTi{&LmQA;)MYcXTO}u?e#b;mb1q!sz1CZu+GO
z#Jhh46bN1NeR3S?@N#dCuhDAFI!QRl#rg!pNjcA*^`q<HH)sU7wK2}0r*O5}HHOG1
zki20KKDQWVG{Y5-$qS76Y%V7{fGGrs+YP})Za04Vy}Xq-e<8Fz=KR?vInwe^D{Bv8
z9<jngH~6gGtN$6TpORLhjN@g1I(?X~Df!|0SO5aL<XF80vnw1Wjw&nuI0}(BFohpC
z-Pmhqbdh^xEALf-iSoD&81RgzQ<g}^sJntzMZ+TuwFttXa7_2|faE8+1)YfKdTX42
z#bQ3OuxVFDYtkWnZDk<0-tb!;Gjc*D{}g#RkH-qvdkY@TB>U690s#_%yuT}b{idex
zcz2G)SPDN~>$L1_^-%Tbda<MW%^V7WT&YyGr~%F`p@1$tiSCETNOGH8Q;kt?n&PvM
z9n_VbpOu#NM>j-@BJycSy*ZZg&a($3*KSK^C}zY&$D7v3*O$&RGA=I8baJy`<%0$)
zEYox2note&Ag0>`>=F!;zx|i{T8k`(J0~*w6O0IiWEci6i^bm!fJRA7a^Zxj6!M}o
z%J`=>7W+E<wLh+-$}E=WJNim5?2?Px?kAB|7pz;Ne~1BXQGgnh{!<|Vvc@pMlPAxM
z(MIP=*t3YogGkwI(%Oq%2Er&}PIn~*4$o^OB3^GPB_?Wdw9Ya$377|yL4~G<os`Sc
z>%~@jZC6t_zz{}0U3S56BI=c|N3lSsj}OTNRx$<yiKIGAo=Q0otou$d=L!B&(p^Fn
zBbFP%2-En1%=#DI4{1Mr?;29C#@3fEYLe}Z0+RuhKlqp+BeM~0w#(VrxJ=GjS?SDG
ze_fCBS<y42kazyp3|_BS*HB}+d^P@_d>y4IZje+^(QSzVe`_6R0TDX<#mjv%Ky@vf
zSgR$>a1#PDnOyfxLV=T6i=KZHaxYeS`T6}sRa0OTmn!ALKbeHD?eSIY>Z}0${x~0i
z#IZjmxt|_IWVzL;4YM9Yg55y2<^8b5e3<!YlxU{f;e6(4=Pd$tixxIDrLg$29-rYr
zLMWtgoRo7r;&UjmTE;PvI0KcHybo~IWzIdOWthH_m>cx??%p03CyQ<zdH_opp&(#=
zuZrNI63Wj3yA?eRPAI5GUwqk_#mmZzC9}@uMExN40Er^*i%Vdc9IRBU59?^Wb(CM@
z%Y}@GU9S!Wqj@qrr4~23JDy3LXw;K#SJN+xUK4SMwPb}<cq@7MN>I4wI$SR>Qgu8)
zSIEs8u`8Dx+ej|E9B(UYz1;pB&Qg4=8@4Du!7#TL!yY@EOHfug`X-2gz`9tII(YDS
zk^1`lC`+p)BXfI(g>x3(IP5KUHgXr+I3QZN6^wyk?kqT)ynruSX6o2Hp<X7#@XP2U
zWEzmQ&V}w>p;C{+{AF+i>CS0Y!rTWJFKohXPVd4_P|$DTM_oh8B6Ww%{M)TEoa0kz
zs0jK|IQ!S~zD$g&wodPNF(D&HL~KYWOyCz!xE{f8i0_EwH17frVc=R|<+g%~EI+0e
zuF<eJKGA<~RYUO8U@ay4NP@o@B)QON$V3RG&FdH<rk5SmMU18hz7t1d#<F?+(*`?f
z^6kNTM@Ufj^K1HZ<5Lfk6O5!_Dw{RANTZ~h{kBN+!{RTaa5#GHpT!F-YFjl-POcaU
zl{gtvjfx7?07`H(BoO68{xE%;S}X1M)_~UC@e(hMY1GDN-^sh%N5H;B!|<=is8|Jn
zVxhN9<kH0-ix(m?F&88}9cJ(ClMDIzig@laU42V-QhyTcmsO+>)7FM7vNoP8hqo)W
z++hiP!dnaec^-RXo2y)kfvZr)qq2NYP#J~?@Ms@<a_|QDsGPA@TbvWu&2fL{yZp%;
z0JKJDx?ht#Y#vcLM$EFVx-v81mqdYg>iHGa1ni!bd(5t_$PA(2ar~6o@ULS#<|$h{
z*(eCrdsn}8OTAhJeP6xAKtM#OqD^HjFv)aPLI`ds*Fcy;+uJqJ&S5&=L_P4!+?!Ta
zEJT@}%gN9|hxHdO7JBa{4miwqcRH*hvB5${NQ;tufZz;{HBNhDw!CY6=n4yepD01A
zQ4<hW%gBHhPz?%=vo3Ds&~mzgO~6$`v+3ZHXS0UATF5|OGkLmD^*OK)(`*wZ>J%ez
z=8pN^wYy!k=6#j_S@09lQhma#lyq`6bze}%Fel#(D4D+U-oZSJI(nl46p+=e@MXbB
zx9P-F#n)|B3`3+<`>OKN%mw|gaAWS=T#Q%n!gm;O8bp-CkuT)Au_38pb&mZIjUxV`
z414(88W_%m599qhJ+40yBtx95AK)ttXO0mvJ2@y65a~fN6r=>-|3igZ;TMwDN=N10
z>vnjh>B$57X2hxpz>O(W<c}vAdXuG3tIz^{$EYb($e8Qq(T{!7KQU-D+~;Tr+to!`
zIh4e$I>&4bYGeS0rC#$-F`6$MQ3ctu%vX6zu|vA=FZRU}CJ*r%7_ykj0tsy9$M$~5
z8Cc37c!AD+XP~i>bm687z{K=BpE}VZNxvHPgOoHnUS5J5JQo&DJhcyh;*0)d>FV5c
znvJdSCU$)SJB}AGry!g5L?~Ddeoj`WQ0@sQPqZa(Sx0`-1|JdqL5DDP*BDKdvRc%k
zg>(ZRD|FYQN5972CocCcpMk%epk25Q0-iYQWq<j0TY-^K%|0cQ{)BsQKBPK894deG
zcD$GEcQL)6i$|F%O+>@f*<Oti;17mE<=3C4`^Y1ecyz!+=;H5#3q3M4bZ#$+FL%0I
z@Drcs7|Hn~!*{f~ljZyR_Q#j9ans>Bs~U;ikMsk*Oj1Tw<~P9}Xrv2``iMtojAZWu
zt2}6KDHdytEP~#t_iZGCb>#wwUG^t7Vj5sn?T#vvXCIYCmtp!#<`~pt+codA5vT_q
zWj-10A`K_>P&7UWv?=TN=*-YgAvM6Fu#f&k*^BRxTPo7jUReUPm(%kle?>Fx@bwQA
zcMcyO8>M=6_8#T-=V!sfl%&CLCSXDe2!k@7(nUEx6RBDY3CKoOO?;5K_|k$->Cy;k
zaf4-g;*QmP@$KrDPRsBUc_NO(Xsr3y!s1_w7#A%zSndtvR8S}vn;wihZ+>z!%d)<=
zHwUXh2Wr_>4^#KvtC*!|dUjbiKOsJ{k0bb+k^m*&M__-}uuXFm6wqZqx`Gs(jbci0
zY|R5P(cx-Zy!3JPdFYvgH>jMASq(8crZGdrzsLd0$NQ4tum6~6Kuf#*CvX2NTmS8a
z)cZMu!z@D1L8mSG6TyFT`t=AAekF!}nC*xP14WLvB>&&3{Wcd|0Q8_!6Vuzc|IYv4
zc;BFH6UUp>?!V=ME~GJIK8BIl2m==JU$BJ|w?HrjbTRy`ihApe)a-$%n7AW=g!~%b
zSljdI1i*sQS6s4J+`H5t?`7`onL3=!@P6;vygKh~WgzdM($!XY!9ULPwrmukdK9*p
zxI7M?-u0AZ$t|f`kAS}z@vU9~B-G2jw_GV}f(cp7WLhk51%5eHMbn+W7u{<dz0=9p
zMJr!OPBA-J<%{C;VDVM45znjFlx<3){wQ?y=eI0H3TMiNY`+5$$^~$tLEtOVR$E?F
zR-N(aa+~HIAZt{#jk|Y}vf}|m{qlps>D5k9mZo)4M@;mX#i-L|n%DgqF}Cb@WJnQ>
z$Nl!}5lCTQuHT_^C3l>u(RO%`0=6K$Z^8=J({VbGuQ^xrQ@sVg<T3>NWCdL6<sLdP
zD*Gd~n&r08)%`lvwYj}ATIN!u_)0ayd~Z>muhG-Zjz;54P{rZs+I^GV`?K)D^VP%d
zqopLeR{QylqNj{d)y5ae1ooC?S?7VuAw3r-nvVGwZpteg)k3+oZ*gGuC&5usnY*OO
z-|2~6*M|Lh3Mt7_5nV4mzs+|ABBSjwQ4)Rf?RBD8^L{WP<|N+en@wdPU+;5^Uw4hO
z5kJXuy)*}kdf!R4O=qs0JJ5U@BL0r2@_P0fF9oKR&LP>m-#;#_?oD&wMGDm9(=slL
zkIaDp#Ii3b4E8%?S-2eIi)Dk=mb`$Gi9fmffcu-1O>6d{(OfKH1<{2?6GPG^b)DUw
zKuhNY*(Cam$D3zQM*}b*2M0DojQl|_3SuKS-~Lp62zI(VFyQd=`gNmIs<gQ3UBm6I
z{H~=;^S<qNjWY$@!W8&G7x&b%foINV-wk30wqj79?d}VUsxwVqeuR{llMI0dGm>yl
zK<Ofp!7T$D@7c=!2=&4ve0lCYkeby0?7Cmf{4ND1;2g$`%-HeVI^bO!W?AGrL~#<w
zJGamdF@an%PyV0vrR<inWKS-p@%?Banqwg==g>bClMD0_-C{6;9e0G%n;&W=AzX<f
zKKFM{deo~=-*XvYGBnT4nve-NX^Rmq`b(_#rx1U%8|ZxGeQJ0nU}(Pdh2~#gcUbHG
zJY!?qA|Ly<YaMT>j*phrel@Y8X06QN^N{luY+b6Sw|H-TA{v~P^dO)ivxc#<G8Nns
zg^f=MXv7gS_aBse={D=2CenKJ?MROR(JWO`mrc)>dvbZEFLfwtbe**YxL5$F`QEm>
z!=UaKuQlqI=?m(jjfa-CiCUc$?mu?y1Co1zT^_@y5wLP^w}-VhdJ+cIEH>_hKdHMQ
zu`=mrHTV5eS8Dl%tW&F`2U9th4*uQK`8d->cgUXwi#z>5gZ=tRWTqZb#Mg&-L-zwo
zFmX%=qyJ{fnR+!G*u&MB$9I+Q<r@gK^*o)U`4$Gi`)G&#-0(X~m4#vCSM-&x{itH7
zBWrjAqEj^4NN?9p#pdEgZ5H`-mZVI=No?6xiFN{hsKNfdol>DITDczX+`1?>6(i>;
z7ASj{!aE<mUTs>VniQUYaqUrFhp)G?2QgxAn!R5!=>z84qq3>aYl<L7hY<*qOopbZ
z9^=l#pTa;FP0l7}0&YHwwPM`^?ZfkU)DH#>J8vJ5sffGQMmxv+y}|rLu_AMa-IR<m
zX{IZEsJE;t&f!!rx21`>>LoMF8t<qGP|C)E@O2aNzH7YXxd(utUEG;!xB6-O%%rQ7
zg<8|k^f-8s#ig%=4W`5S`m_x>Ad23%+GfN&+bei#zi(W&UPtTMlao1+LRVZVT{#Z`
z>IDelZ_l+m{x#bb-Z5IM5S&v;dA8{&_L4`%xxBx5wSG^K4bGItOf((X`eZ=z754yg
zF+_ws5??r(QF+%P%8-JgbCP$lBGMTz`VmZiGB0^AkJ$XOeDXL|4^|$KQKjElT|(TP
zt(R?ldb<|1FC3^ft=%d!Zhczd9dw^<)K&q<dd5JFnb3lp<tfv7=v)z2CXrxh1IF=+
zxoTdd>(*JCJ8tv$-s4>?sZGhUci+zd1anmYo-M$qoT%2I;8>$!cgAZ(j0gMxT~sIo
z_6bGy-f%6be4gnSnH;!N|4H46#eF2BQbo=n1jh?z>2r)nKa~}|ldT%x=DG;n8(f4Z
zvs%Sutc$WVOd0vnFvgi&>#vc`Bb3;wXPf|B$$^lIpM>7pTLUANG6`xA4rbK2RG2~#
zjPN3j1K7eL|7qo5jAJ7Ax=<V^1bprpEgHIT)v1I^I%eZNmT;$^phm||{A~ZgQlljQ
zHpFDgZNOoQlcr*c#y!5fk&@qctVX(L&euYTls@m!6q#9X_LJ-RjtbA{bBMnHv_dh_
zV@Pv-Si%{cR54zuPUJG%mR6a<S7z)IrHG@CCwNlOVyd9G1(MXvLwtBJTJtUF03z?^
z2Z79$c7WD{jFH0GB!*NwNFccd%w8B4h94BWf5qSY)Km|ke@?1+{?!-##QKw%%nBcp
z9rsQAp`nK2>4a?Rj?An>dnlTx<z}t<>1YYG=|ZOEs`bdfVtt~R1a3TArt!Ak8Ai8m
zS5v7wXl{9J*`EQ1OPwtw^-3Yi6S5Hp=IeL*hvw?vg_y`6ZUulAyq?b53{z%>^mQp5
zo0AXpd=8eF1Q7P+EcpeILEDqU8f~1?2=|0)XRE0N^qS5E^7L$}fpsvaa^o!P?}%y>
zeYH0CV_jBEvL%~VbX&RXUb+f|o+qMBR)AvA{Ol2u?_+5>4szw>tI%Q4NPH(#X$cB2
zf24@J#hI+>#$j*%_`;|avL2xG<wECPI5%W5w!>sW4V(GJN%L6&I9NRTmh^sby89Az
z#hG~cC2v^nSZrk}m{rpG1~Q-zd5|x2Pfx~h?3NqgKb(EO{V}DY7tXM$4?y4lB)Y}N
z7Z|Ph@T2|e@oh*^*_9$54RM<HKn3ezw4;vKf+-5fV+TNNoFNY-A&4(i%rrWwisaz6
zA{x&O>sX$&98h^*Wua42LbY_e6{Pd!#@`bG3`$52oqzkQ-dpeEQBEzJ@JW15n70E6
zZNBe`EB(D3UGeH*0h(*&u9qzXv^<J!W{qQKi!IsYKeM-kwO+`qUYpOYPss4k)^86A
zz^Zl}UTe*_dEI-vWf%iqk9!uki@ihfZ1W~co`S0HVmXYH!{_qhdzY_N3ypR8j}0PD
zHPQHW`S^#Y3TTbog4BVl@1S72Y__Jqkshd9j3WeUBbA8&oAzhv5^bYr1=X||JyO87
zz5HOjN^(Ep9*IucWK7}_L@`#G*B@7vNq1ekw5#jm7+mO>ho>iIV;9{8GDaW->$|5K
z;5YoL!Jo#OW3UHn!-_^gpI8%>SjFdq%>jw`m@3W-v2oa6)lSZSuOl*FV&N(B`}w$R
z6h>EB2aFNk;$5j`K6nFZ(GsA2uZ`T?pU1Y&FdUt6Is`0P4hKrStfW;3n(G1Vo~?7y
zVPtoY7gOHKYDE?&*EUd7lHWQX@gd1Ej(+x~&&5xMs*f{$S;{A>1zV1h`JS;2U@h0i
zTdePy>$e2Qr`N}~UfhA48GlUPTP<vV@+ajO)eV!yGgUKbb$;>d`S$2Wf7FLdQFM2v
zR|!Q3jj2QoK%|`xtS-b$y;Mbs{Is8ks$K&H%U@i^x1GS#iKg#3BBFPV+=4nH$6Z_A
zn{93Pb>lb37rzZT|BxidjRA`%&s6S$hXD$8;;^dHQ(GGf3oZ99#No6_f$I}|N`LKX
z4Zi010z{K&4skJdn%^Zaj&?%b@TF$*kLo?0RcMA*wP6?j@;SM-)2bUzs%+3MH-2pJ
zgy@)PTK;y@yZwduszylKz^pa!zvAR(2C{~SXn;a`P9H;Ayn4&pf8ZR9eEmapnc8t|
z4YIz-)9USFpv}<zLQLJ%7yZlegnj1P@A+s7<JQJ2s_yxyyQLn(g70{#Xm<7F&&i`R
zs!Q{)P&o2y<AW?(L2MY_{9I!_wW%^0#n2Ju@7k3cLBU9v0g=-T4vle6z=n2=_O*6)
zY2#5fKV()kq;$GsyGVRJG2IA`4O9>!`-DC{Y33Ao>Ynt7=A>=@E~mDl&-wF0Qh~Y^
znAoI1(o~6bXcyrn{@D-Dv-5jbGWx6TArRSD8YY4ouf~vs5}63^*irWkCKSq2mmi-4
z=)2S~p!2GdKw@dfKO{|Db6`RzsR=Cb<-$BcSL>FcPOb_bJkNY_>#jGzp;Ehnn<btx
zDz4l;Xh1IY&XWhpoD54oBGZ-KsL%Q)Jybt>lS%{J)W?&%t;<o%4$q1F<y7&fg$A?W
z9Pf}DU+qKadMt|Zj#O_XmnP<xYG-K6ep@`w79?ftME@sn3oc)3EV72AU7Q}<vDmmT
zrgvy*R=i4hcyC?$ZYT8+5PH~X%8mSa@m1(FdffRNVBHc_Q?hHg>_u%T9ElkM6qtXB
zc!IWDIZ~><_{hE)XQ{y;v5rGEv~>P7+VjpmGcNe8jXw7){j>+Y!!L3OSQFH|Gfau?
z`s%MlkY1ItBzq;ph%R$b3en~0^yyqcQb4PRUiO<cW9m#_=1Hu|Ar$Ve!b1*RIe#?E
z1Vde6zvj1K@3R|YyI&FGXRiyOmAP6I@?Qf9zcu_!6HHTc_Zb~_yz3kyRw!`$xdcrX
zJPTBl`Plk#sAS{~-Fgg(?`PhEY?fbKV-qHNcY0)YF5usUx5;LDg4EHJs=4;Jf^h=W
zo7TT}>>E&5&JCeVC1Cs#Ai6zKym$SO^`UCfR$_Ua&)C`PC=)KV>n5C6h9CU(!l0-u
zOT<zt>P)5tsjIlF%9EgROYXeULMPT+$5e;`_^$D<Y2wh&`m|7#^D49!)L!V)!jakz
zRJIf(9RzG5Hr?nn-)=>B-Qzi{ciMFShC2<P>Rn$t<c_<`aYwCx)|gg-SnsHMr&lyT
zMR(BFyof`d_m_ed+h;wrUJ^h>XN0G*>qVR6gJl>VJ{(S#5<Fg<W#~Vz=cn-X`1`Bv
z=6dDTf)38^vMc?%3b2g~@TT-y>y)q(Q8od&0%&*1ZarsLS)XhBywi_=BX!{aZd=0o
z6)5_mOn_NAl;rO67(nj+wB*_ij2goaz{N_N?t@$kUcnl}XRxWveK|n%(^bC=&!V_e
zSmkIgjFuJNi$UQR^x3Hoizy->u62(t<MyVkzbLcU-&^V$x$_kdV0{1ep*&#hW012N
zQ^aV=8zLkej4_1Nqw<p+S}$}{Q}M?q)eN=i-Zqc>rv`#jv~$3Bu<M@4f|A7ujW7iL
zW-!j|?wcn-2C@a7FB1=tK_L<d=X$x*yGGSS+nJYq_>C7K=P$0xcTDJKbc|14CI0dF
zb5-4BGa!`J>!^*D_NTY}&EqM?VC%}V4xiTZjBX);Qw36)PiaDQ9$+ty5<z(9Z2>=6
zik6s125CJ5TbChQtX>Jx>oh7KRv+E5S9yB}MzqqO4A#ApI!I#Zz@4IcaIe2<zT9Of
zz7|=4n(rn7U4=-`gvQ%6O<FURA92J$Q+I83I^fU@uy3g1z0=P0j?Vl`hQp4_WZ--~
zM(^evpVPhSy~9Jh@{`P6$$8WL#~<`M?R9)f?{bZ3RDu#@L&!)9d0Yd2msX<E)O<pL
zD?}Etsd_`-F;y<q^VR)$p_K^J+{`|6RsQ@;e<4%@$H;4ml+IRWKb%C!7Zan05b25q
zwx-y|a_bx6avgrPZ_UjyCCPnt&WGpPGmRH2(XL8D<XTP==~s05!v!cCYCWFe+N<}h
zi@oAWR<#p=K}^uKeHO{{c03s_e|GKSoO*a$tY>gkW_9Cy2gT2W{9<><Q4wPAx*DUA
zGgOz^D$TwvdAAkfyrq-N9ZBcSw^-IMZJuiz{TZ6w$gops1Ti~$Ou(iB;Aa4W?=(8}
z*ZY$}(r1vmksmL7RWzEVt^1lAlmGkPlJBMdAMfPYY#U@kQy~bxj&P(_9SCABaF^YX
z6G<g|0hg~4Wp9X0Odpain^ug;Y|j`3OGRVE*kFHvlG06|FD4<Q)on4;Up<`)Cqtl<
z3?{ZgCwg#O-NtR>akt0TV4Cg|&xjcRr6n^vJo|rv9{y`A-RY*4vc_n>PoKa24GH1H
z<@!P~0~w>rbaP{&|F0qtHw<WX9#cc0Tji#7DEhyPMc%ynfz+#y982;K4QMcv!oUw{
zivL8FI)RwdaKi8g0l>+Cm3*WBRfYKc^kWpnoW}eIiWTx1#u!(MWs=S8Zvd(j2t*1&
z>DSf!hoAs36$uG8&X|oX{PXT-+P@vxc6&p$7&T*e?wxg^{w{3cSHg<%;*Y>GS7Kxj
z{aY_^oDBHrlWg?Mt(^!T>Te$~mEoqW_;XVW#Yg^E@8Zi7<)aS&V}Q_ys{QZU7<(A#
z9-nQv!_U(Hvu_7CMSy7#lsd5N`w!0CFdqh>F@g2}YkxiI%|3%$JIO!oOT#5YZ+OW~
zN1%L8%}%TP+p(B=to6v>z!wJ6nASg-QulvP!&`KxBIWW@^2LY$;c;t}&muBwWh0cL
z_y633f+2-w`~c+iX%(OPo7W8=T8Eg<qk`J~d%LTIv`kK2ywdo67)=cS#kb3%N7+1_
zmUkZS2+^b4{g5r!rQ+>*7(WiCu>8ldbr!)+L_#HQoEaG0FvW6<G356<y%j=rCbwK%
zzbq{hD^f$Z1WMKX!yFA)=_Gh;zs6+Frv+dK7B6KxE7fVcg$)B_2iVT?q_f70glHNO
zb4_hUWy5GNWi{K?g%K02kz40ieW;3=vRM->)gw2<KV<iMiJHB}jn-XkamFVeXUI<!
z{E%w}W?bzcEioBkmAh}4WI%j8PL8<bcThDEGELCkBBN|T_^!^)0!@ce`y%fNg_gl;
zA3Mo)4!V`DN*&-@%GX}D-mhFe-kyCIqJ(_PaeIYi?lDYWs#V#Gm%15=E^ptCsLOJD
zYtvbOJB-JP2%n+u8PWSlq}C8P*Lq0^-Sd#=E+>_~7D3I*m~u<IB<%63Eh-)?3%7a0
z=&#nK<3KG}4R?~!lIi^1F0s;@e?}7@ZH~qr9>!WquJ^8dLFQ=f`A1xIdi-8kTdLfk
z%Iwac2M5a|Z;jX6EF}Y1QEH`v{Mpc`OGx#`Y6r|&`cM&1{E<S|kdqmIHL{)Kbq8<V
zM%!Y%=Zxk<NDmc{Ee%*(h}uDgXh^5x3-fre>HNrS-CiYYyywVx)usoXgNzon1KT5&
zR>0e^DDQ|?f3fR7#j<xLJ`&e?Fr2k;o~(i^a`J@+Hok7hgE{7!s+ognHzB6?tK6@k
z`-=0Sl9xVd#g6m5qqX$Iamh!=9z3(7rRcHMa<9`TC-_->_YZM7hMC!)mRqxKN7wj8
z=gtyc?k4*%K-PDME32FIO6Bov;1Ce@Q(GON=q|P)f%?Wuh9Xrtr!8XR7LXYFBk9&E
zl8o}yD>-MWME5d*N^qx{4RatKCzQvBQm%e@8H?|wiM?I2gz`r%c}E|iYVNKqdbaXb
z(R5-ZUeJ5W<a`x+G}3L{3<NIY?R#=&lrU%kc$MR6rA=vR31qYeZEW+)-+@Y{R_GFv
z(s>4&xAKf*7K3xM$bj(+E5ugejX{h=f$(cG;X>mpRn(@gXVHYm#%u*Eb6XAPpN6|%
zeGU|p-)}>kca;M|C>;y;SvoO|;9&(vR{I%#{2-*t5f-5KQaM3W7Yat>YVR5E#kEmL
zNsT4~`e!f<th_6ov)MA?PtKtQYm;4Mji3cr+Ip8x)P{QEUA@>a5iM2)mtvU9&IZ>}
zuA@uvro7kXZ_Qu3t`092zABw!3rWe+N2gJ+J2l+>a~|cH)R(3bdrNmRaLG%oU8^`n
z)AP0yl;w;iAHNgV?e`RV_@Q~fUeJ9XS+b$k_Kg}5p-gExHGpMrbp(yV<zw^pYIj~F
zYin&|uY>&>7WMbCuL%cgqRHt^>@uJ8Rj*2GOAdY5;=6xQ5b=zmZ7up8q#ym+uz401
zzRUAut>BRStVrohoEv9Vs(A3O{#Uexq(h~L>XhR!Xh^3)k#|U^T@Aq#%Z79hH=<4R
zx#tZ7b9zqGeAeqOu*kB$%k7x12V}HpK63o>ECYK&V;;mOPKD03-3LpZpG)9%ywiCj
zKIw)TJt?MaS=hdi_UX)fuWU9NhIf9Q?Pv>b?RLS@<!3or{wON5T8r{|)M;Vql6HJZ
z=P9MBtaN6-9W}pd{|f^WO`JL~nps8xI-@0wa)yQ+pv!kVq9G|sd?&&6W9r00-m+aW
zm4b!on{7{x0sUiUHniV;XXh2<T%4(_FQV?SpuB)t$*z=!!wyZ@I-rgbzl0$FGJNc&
zk$AjxKuUGQ*tIcHN(zwAdq=;RtHA{uM^$_akI&C?Ek`aiCnjI0M*J(sIP{_~Ot>?O
z6W)1nz;)Mh;KV*4cHLw&dfp@6MdWOc+0}+uFGP&c`Q@^*wbJ_=q8=YxE4w5)%AH);
z3|$h*$P1WlvRfX2I*m|*%~fu{`f(~&oVnz<$w}RQJ<tEu8fUlbqg)an7cK*U(gk1~
zl!a)hGG6cM4uxB;;~U04rlxac?H>KE@{e95pDoyaT<^hQoyOPXD6+!S^a$vw`S`&q
zpKdK0h03e(Jo(@>r7dx;?WRZ!gd_1Gx1sV~p5Uw`stTg2Wu62c3(hWhE_;5P+tTq2
zUa8$f$ohx}`Od0foA&z?mg{7)>^>&51=Ux(E|<mI1U<N*R@3LpI`D<@{oKZQ`4bZN
zmLJ|aEl$&HN7BRWjZO1|P*D0gXTQ}Fx()*n*m%3uN929HMERgHQ7F4N^)OglEEwHS
znh-eSwP!<vBt`O@){ET}OJ%Pj9B^uV9}Wk;#`sH$!uwi0>^=sG7Sw!eb&+b&$fMwZ
z?AYs%@R3P4KH;%G+b=;v45^snaLtY{VK)V9AI>GQjPga$Lp=c9-T~3&J9yh|6VbaX
zQb-B?0dipGXqw;^Oig@;=&uEz=_|-peR-b+Bh^Rz!B?|{g;`QJ!g=&Ng+FXQzBYoU
zvPf}yyckhLk9+vt#|W7WLat#SSWUEI({<|v;%vM373v~0stNSw;`b7`iHjG0%X~mF
zLk&I;PK>1&F8-qCgK0P4V^yLBk@J2jBq^L3rK4XPrx}eT>y$Lsr5FeNuPe{$g~h47
zcGY4Di6Bnp6$aQ!_8P=;@SbcKeR{OH!=k~KSMEbMRAATSKwM1%{fqE&AzduPZ;!O3
z;4s2`CCpbLd)Tn|AhFgMWB*BBigw)br_Phz_(N%J_opr&C}qSYqI|sKafNb=3A<wE
zU#)^qL|+aBZR>QEFupF5TA|f?Ot5_jJk>nUs<UHYw|<}Qeelk^p8!^G^Cb`a{ULNb
zo&pEG)dDTA*8PMGNdiZM5ojaLFGLj!-%aa5yPLlKOcJ-illxIE6_HBe<?>r#4vayX
zI}cTMD(}z@j2{bIa(5SCfx4R?st^fHjAuS8>8Y$rMz!%FSmNEbQipEm$^*OBGyEPE
zewLbwZ=j!zt*81u+A+y9-S@n@y4tt<X6D20cWnC}ye`L6I(ZY@n&Guw`d!f#kf9j)
zewW3w%Jvz&0agE}BlfWUl_eKBd(PY6XdzqqEJB4q3DpO~k!At(vs3B)2nI<ZO7(ne
zH}l)OzH5lGjl{st?z`8C&@F#a6V&HRl9zpcOufS|;FMe@A3bL``!g)fv-{x>I|LT$
zB_UeipNU;LQUgm%V>q!yn*<cS>J*yFI9l6L2d_iAhSErz2lg39sEtu$IOdoPpS}!i
z)VK7~3<dk5zfL%urB^H9vpMFLP)3F7=)}VCz?$~@r-33QU>5{E+wX_r-|PJJ2?@!m
zNOd^TWD=tWZ)i_$JbXK16;=X#!Z3cEYYw4TkvkXOi@<<;FdJ#@GR!`%lJDf#*vVCS
ztHX<n6kMr>%EG2CRan(*o^B5${FZ=6<*m!#x$V~l3!P_MqMv1q?f3|h+(ALccXeRM
zD%ZyU%6x_MGu78Cwg$s@z%N0v>Pv@z-Il_4otX2^MCg2_u%RF!ZLTM{qRM22G9^Y<
zt#62Cz6n4x{$&NYgZ!xiq4K$dG)<#I`1<W7c5l3!oC?pO252h+H02Wu?vnjJW76|Z
zcIN|sMtC=53~)@ozymbb!<u$AEN3SgOg=yBV&V>d84u01<=4}g^e<uW!3*H`74jl8
zWpZ8oQ*~L(Mf#YI_rcq6KPYK@<>B%URbHF_y{IVO+jS#4vuU3@nS-dkGq|4?>oIWu
zxc9mE3)Jx!Z2HbyU$kt5BRQU)Z+!r*lpBuf<lmLKW-MWhbJRa$Ja9|FOd{H(HIU=L
z`mv-hHA;YrDqpm_De&YP-+$3bNB`#LJnWC0jDer0kJ$|ss{Z<uq;fboJPIa=cU_m!
zw7Dsd?EBRrn!JM#bl0&CD}K^3T>53w4I#Me_he{%6rf)k{~Ac!#hqV9hGtC&N)^KN
z&-s2g0M)YbyhzH0U;w=f`)~l?==H_@@`T60@@1yLQfE?XMrDr0XCO7SBaEDkjZY>Y
zV5>8F=0kxWquY&!Rf^6)!<Wdxe}<kn{kBCgLWcFb)>T3h7rp5^G25ba@UPAGdT}|1
zOm*q*Hebh9mW;hR;pAyqbbfR3BsE9c&nH}+7PUl{!&CPK<cpcdATZ;;%i;3@b)VhM
zR(gxCb3qGiLVey|C~Q-TNB<D}Ds1dp4(mBuCQD!;q;GrOu}WgpL+91E-NOcrP*xHu
zuGCJrY{*E#KxRr&Oz|_I>Nmg^+W*}k4#H*4-rNu04>)jI_t{)9B$gRz&A%Hl4vbgR
zT0#RlQ!}+5<Y?T{F~C*yuyc<eEYZZO&#me_wj>S|$(ddR2m=Eo#8Vi2g#ExfFSLC!
zqJ0=-wlgk_4OlR4R2@u(N_M(}yW~`g-i|kAM{ABZdj($28{wXBX!Uh8my5DW%WY1+
z`w&LOp_aEwnSX0PeP+*{UHBRum&HpB3^*a^?YS!(^!CiFE>D?*qG~46hwMIxH;F-7
z*tols`I-ud)2-5opWzO-SWSuxXn5U$@tP>mD5ljx_XJh;g~0+!KpGYypTBSOGTKGv
z)HXaoVG1#A!S$6IuH{$!^FXXq3o@zbJ}as+Ek&*JEc8O4;#s!L;#e8UP^}DLL`mMb
zn?X%z4+9wr>6U;9)GiMnOJn@dRrg%91I>zsAWaX)YnDOS@|zmE3|tl&e&fXf@p#du
zDa~NYIGnO>C_qk_z@kb^BySJ?r9j|7O2=R-kr70IhctyPhQlAb*_fpa>bS+Hv<rOn
zSN;%_&u{N@=`+Dua&%0iog{!fqSL0?@@T~~_eytadKE4LCbcS^f*&mzq9}KD`X;Ku
zc#3ETxim=Pi)bUMrx`Be=aOn?6JqI#_@F|dZpGiZ;=8+c>78vLm}bUoS1cAjl&+<k
zpLp(Xzmy=m=$c^2`aWO7v?Eu;2tioS{~XwIJ$v|xexoaSP9GUnCHLv^ec9vFVo@Om
zB<b-4ME9c$`IdDSp@CxNeq+{KXj$xHV2BxCcr&ehp`~Pj1SoS8d3cF|yffmx^~|6D
zT3EQ>VWahY_`t4=D0Ab|EA*C_xSXw^SDYY<G+3XYo`xMS1=m2!d)xBX=Z-{Y&EJ*V
z1=yc`0Fx4mApT$ltNXq^h%*OKXsRS_XB^_KaeS7J>DP~gHgMp!H(wKV6HFisA&9xI
zTqR-WE~HN?$XV~zhz5`XzVsfHGEGgTV7$G5O1t8C`fkw8+l$nziHaP{Ie_;|7<(nD
z%;<}YI0C({RO{Gn^%A^D$X#V`9Qs0Q{8q}B-a25hQiFF3htLxhLqi>=ZS_0M50nF%
zV&6VS9Z=N6wjiTzVqysihZ5A%-b;&HW_;4IzY!{(-p+YpLal%BUk!D_Ma^gEicd_X
z9#-7pt(@tsO{j8IZc~IU!Y`{q$N186Ub`#cQaJ-y{+dykdh*G*h0q8#0D~ysxQJTY
z5dmMWO1NRDuUxpaXr=Z0$&~0Xqi9buHY_#$%<i)9K&zi#&rJj~wCBOsxYNES-{xEx
z(Ef~~q0cD8yZL1=<tg4P-FJEN_aPsMVkMsYR+;xnI3IYRW0asN*@YrTp^z2Ll<do)
zR+ST2O1}_sOUL;u<y`nb8>(07^RN3{_w)g#P@a0m;QgVE^NeUmel<M3z2@zs&Uj&e
zrqa>;BE4~>1fIJ-IiK7>Md&Sm26|_-48cCBKbJzfRA-aQluhRtx=z?REIG!lFP0gB
zb5GyGz`%}oC!%<u<4%4CSNbtjVb9h><hP9~nLK2CHxLI{bQ{SBVvnK!oR|WS!Rh;g
zKZWs=wjXrc4b{aUA3Nogwcr+WLi)t~ozewYq&!(ppZ!MLB~Tuhi^vhP`2Udg)&Xrb
z``UJKceg@uDFjN9A_0m^aV_peio3gOk<jAB-QC^Y-L<%eU|+h=-p|?R{r(M$$;z@>
zbN%kQ2Ay4;3O$9ry!%I&rhZzOlk2$VI~(kk`R07QE_Ss6KR^Ef+5u)Je_q0%rD~7N
zP7mJE!4HbqS(b0cHzlv%py1sErbsjPXw*4z^M0G|GQL9945|@u<N2fKPZ!l$8U%wC
z5{5kx=+0<Cvs49XXhEVuF2dUe{90ExNcpJ-&K~1xZiuCAdkQ}{;Whwa6}VRFcQI3s
zw%^x)^>JuF8jwRDElj7#f#??qFhu+^jCxWx_1KXfbOkp!Zz*V<TEGL6%ex}U$m}8n
zhvAc$tk-C_-bQf?Nm!@I(=1Yj^VP$+EUhvP_hhLo#)=IBZYWqo3OkRF5x?M+#p|wM
zFO7bFkoscsgmpz`cP*3-!65Ku@3y3m)bv7lM(0)?)4TFz-n%$kJ=R$0I69tSlT`N-
z*!nZ=Lkm4`y7c7h*_nzZ`BeVH$KdY?81G)Y9wPC5SDrNWj<*N4k&lR`dknh27VCcb
z`98}Rp{dUHG7inhtI8f|MY;DY?@Q(w9uB9q05n?8gflcKt5Lb`8C%GV-GxbLYApJm
z$2AGtEGfm^zz)Hn^2iUYF&304)WV|9V6Y!^d!ya1N4x!6Z4L5ARpi?)YmL$*LHLaq
z>TgmdLC{A**@S24?HlS^L4dg5x%~xy0uhu#;*WV@X2SlVuMQqd@4G&ke2ZDBk@x4Q
zMJ|K<q7=je@a5Z45_H#{NXXo$l%&CaBY_L53F4cn!b(F7^qWrAB^)!`$-sq{Q-P_=
zoNLt*#giwbj=)^FQMwbd(jYa8!j1e^N>s6KMWi6nvCOxOE}V<AC_zhV>YJgBm90d9
zjjPvs<k`5rXWxkUeZCSZ#=pZPKFWUk?#}jh+rZ3P{#4sQH#o?{-|#z(4M1}my*tE}
zYL;Qy+25gWmt_0NqxA}{#&yn}H!t>$qPY<lVG5UKa}O2iJ-fp!&a%1+H?ky&K`e~+
zkKeb<VP9~p8=dxgc$%&klBxl6;(C~owusX_wbH~Uf24@sZV(YOvlD--h$CkT5F}=Y
zg$r`{=#!PnE;pQP@W-`)HfC!()->agKWje#29PV4GHAfC&8qSe4;+$x;E+bvLkw@n
zW@&S}ttioNc=<jy(jhSmbOs+op^@%f-Wl|Sv+CWd>OeuPhOt2B2OYrWp9^P4Ns1<K
z%HZNh1~U1Fo-7iJ*EiOy%dy%|hu4=C$fkXo{zL3{vjM2HW!@!rpS(>Gd-c*PR9P$t
zJrNEe4HuyZJ);qAsa5SRq+I*4#L)<^DIDFE(qofOXN&^f2G>821DA*LMct5;N{A5Q
zTV#yFzd>I>l<P*8sSCqI8>;mh-cOWI{_HGd6<+;Td4-6WP<bFMc_PN7qt33lh(JIg
zG`R7J6&L-Y^`y%7c_i+E<}=(I5g7-sN0_DotYJ`cq7rL1IY*-wzn)V77)iA9`aY>z
z5|&${c-X@>7sHbj-Jy$GAAR3SKUE~jE&L<*Mpq3PTtH(S;#EGfr~a(T5Ml57@w3a@
z#7Lg9_ZVa~T<_sR#Nf|<Aob%h6Rsj{?|LQ)akT^;Bc|qU<pgt_ZPocad*_1RofoGg
zZj?A2l@BYrldX`z<K1<L6d=RN*Af|o?78w2m$;d^T%b!dpaLo+w5rTutV8A%USxj<
z3=)pa6BvrazI5p@Blfa-qmNroBDhqlX+jS1rHSk_x*t>pi)$4n<8-t@`-aMuS51_#
z%;XJM?=rYbU6?v$jk-*XLE?)8?>)UDYV8|a@+#1<R@t}S6upQ-N72v$NdO3V6FnNy
z1?~nUiv=q6yS$0t#)5NX=UsGDz=1S4+m51_x?F$tVd)P;!=qxSYKAP#RcOD4IISKl
zgko9OtzPt@@;2NB5)j**4Q6UTN_{!Ud#BbLfy+Lxtu=j5S<*Z;53NH{wA-8!8?Ro)
z`e5%S3N?xc2z9eSvvbf32icZx4y(AGY@@i`Tf66A);kLDPXFr$OyIW%)YpFCmI=J9
zcO~Agy&g=Ka9w|nV*>=^{%tfdVhy&g;a!qi5DE8HZ0t5~NmAnQAZZ8ju{tAtf68Q&
zmUE=K@78Kg0`A<fdWV!i8ZR|QAQlOW&@ACnc7JFWoNQzEz9M4DJa09gkQLw7de0^?
z*?PDp5N#zH^kh)PnL<_gG0DFaWOor*A9xP?o!F9wAzx1e$c{#A7xR6Y$iSy{ALfM`
z0}GMR-XK^>9Zzh5Q5*G~2UZ%H_{bpQ<7?NYR%Y8g^jPJW2w8c!+{^##)>>mLQ(RAH
zyOfORz)X<ZzMpP)J~A(8VW)adfzcv_f%}n8^3k5`KSAM6D!cu6ogWnI6@k~orZWFE
zF<6*Q!jA+S$o`(le9~m>pSl5}KPMJU2f^Y`4K@|(e`*ZG@D3cXRZP;-5-16gEQ9~G
zy*c&Y>Vr%QXO-obpZ{Cd@Wct*6J?CXu{<lIOyK;dowRu5-u^xYVwzbU#k$2S(m(5t
z5e|IMY0M4M3;*5)2SgZs2czF*@bD|z3(fm!!sV6HST2}-Z*LZ1K9nG9PZ91Ik5`T4
zugo9H9~shQTDC?qyI}V*l`bmT&Kz8u5~&d6cTotsCseyFQImygyVF_w$LzERS^zTn
zjRj9R76oU`t(~04K{Re?hvE(w`h{C-Po7;o{4=g2sYE>18+zrkaO-vK^7W4!7wadT
zW@fwz$lsC3`V12|PvXMA56}G+?7B2=_<E8OdD>7lLOaOn)3~D(H~jqTx=EPMgh-bF
z)27QLn(~41-@twe9eo4KMR={pz1HS%KM|Os1lUr0TbWAj!m`Hi3)e6<+S1JI+oe%(
zlhmO&T+zL#dwNA=`MlKkhs)RHXr<45{cm||O4LuGr;g#|DXgr!D?K-DlV;u>G-U~D
zND%GYUk8_;#$?@bG<EdNZ;xe?Qavu%K6qre98hVnOG5|zv@NPelU?%hgV)mQw>T?>
zf$WThqN|l(zB8grEy>@4(*lfsx~PBIt>LQv0Tcgysw&+bf^#9#7j-y=*1q)9hxR8F
zXB&TFB4|+=ZsPSK#2gp<>3Z!s&1R)zpUmFFy8vgNzFBKvtt)ij>}pE3y;*BN&4eku
zawkZ6)}I?mxw5Q5IjuKt<@c((-n<eGQ`L`^U%r*zMwiJeNT|IC+7iXKN9<cAV~}-U
zoxaC?>keyJpyT`&#qMg@uQ4z795{RR=$P=Zz~q}fuWvW1cYToPW9PNM1ifa$*kEJO
z!-o3_fuk6n)1XZnU$Qk<e<zniDSLx7Y9)%!<X*!!b4?{~pW8lP!AMw4l-AYm`d65+
zGq1H1_U-elm3}av!xTenAm;W!5f2FD#52>m_)HaJXIn{8zs9{Ah7}t8Jinv$eRhza
zmbB|q*gN2K_oP02LE`wGH{do@AUEHH6)#VIKy2-7M>M(FOGpNDfMvb0n*B#)zt`tb
zupH7Xj-AEhF#9Lpod02_`-UhxEdOx<po<TLw|;Bj4be--%8l%RvfsT{Wb(M+YnfF>
zUZ2_fj3ui*0ZOU+%5;wvjnJX&fG{-k^u|12lV_XnZbMkUt`QG*Bbn)`+7N?TQKk;v
zr{<?%WnY&|&tZLd@M50Dzb+oFP+^EvnNm?DC!btcqkSWx{2~07CIsS|rjX}uhRWA<
zkX5=5S9&+D1(>ioOBtF!ND$dVg4WS$#Al-)eKRv8Le)<@%V@T|;!zK{emH8V17B7A
ziYha(!#eZaCt-|ht@fGYWAKf`Wf_&R3(z<Hsy!N9K#g%gsW$#bFS0VXJ0#186H|P=
z^PEL6uM&<(U+v4Okj0;d*Dzmp8P?3UwC_TVAd_yUtW;n+!~HQ*pzPK!Q?X~YpICxD
z>o1brC)rSL(uoAiodoftMV2E#Y<5mC!<DzX4X9xAZh(ls{1S3zdi@{@`X!SG&ehO)
z-4Si)Zv7(^h2dlO%LYnE?PXaq9{m5ztteeFGUOuizQQ?M3Ra>-(H>6@oA{x0Wkow$
zZEHcW<<#so-}OX2`M36VM5~eTYNGSjX0X%p4x>+WT?R_)cx`}Sgm@!ODND}mu#J3x
zn`5#Nn=Q3o0_c<`uH{4mn!Pip+aK+qt3SsJ&|=W>1gj6=!BKVth3tC$@8yaKn*rMD
z@9iJ-HyR{7c`pp*ldO`pqR;kDJ8wT7)sRra#NY`zpM^ihM#$@8NMS>L3}2r_`?7PM
zOd}$4;fe_hMC-3WtTN)3pgcIQ2*#V2tPd0l(qc{)ofMo_?2_}oh0d54=wwH~X9lDz
zQnt9;I{+)F_yw#-=!l4lg~C*@$^KEND4mLhJ3HYDKLl%y$c!6eNfJ?`w1?!hy8XVE
zD$x}?e`ol_Xmt>k<ki~px+#d>%j<^4F#4G~xHfy7StsYCd$&eHd$|wV0;6c&^8Drp
zb;5ikImPIA6upF!1n_}8#EefnlYoj`Yg<38S)972r-)s<&Ksmvkfn;~F%mN|c}S!0
zmc*V~`30OODm!P(5+>X(olhaWnl?xnQ^@5K$urvUh#)2giQ?I|qTr^?9zHab?4s0L
z)I9#UaK^dJaP_RF_{rw>4;|D3;25c|A*46$+B4Yr_d&T7>8B67o$0rd4`1c%f7Q3N
zSP?+Hn=Kl`!EB~T{Dz|@m221e2yBIUF2x1zFsjJ^z}VbW;l1Pf6^iyqI%Ql7S!-UQ
zA=|%TFEnG-v6p+pttf_XV<5!+(M_?Nsm?9bN%Y;}U0D#Gt$o^c^*~2neFa7VACGHZ
zG299=UiJ3Rb5r3;h`!t7z=!LBlLqK>&ZIM_iwSXL4$qh1J<H8E6O126Z{_+)?;=Is
z;u0*@7=)xbtlDM<;;|;grezHi)tfkr&@J;hR}tzr+&JGxLR4xEc0;MX-z2Dd+j(Zh
zbBca&4dkWCl;J{pgs(_c><09`anwG@XPdsG(k=0HY(U428GhD|NDql{okJ5+ncl)X
zRw`FRs?FBaCzl27Bhs4c?Mz_D_XO%bb?F%j1uqHA3K=xZHk8omIqj)j!iNq#^6@z5
zfvFL`UAE~<t*HC7>HOaVE)O{Rv(0`6HH-+~z3W6r*2ZcqwT#c1W+6;~d9wsQ@9F64
ztdLrB_)!Aa%8Up{f^133PL&eAL%F-l7K8JYn~P;ubvZ7pk@PQm#+0l<K)zBPn^h93
z+BGstxD*&<Xx4E_;()4+gl)}}47}m0GhBg_;&PFD1!0hb%r4LnVO)^1;AEd%Q0TNZ
zKm-610n4}bueAb-3WtdzalqN8s>ssnO2mfcPR)%_hx57@DujSzI454+@5zeQc2q^r
z)-9J-vG)Gv6+FdJbXs+AD7eFbVnH)ue9^$h&Or(j6pe5~HE}vMS1}%oP)VNCq})oG
z-%xHQ_O<SLz|?=Yt)CKk({2a9W6slEogm;-k4(C6<}c=uqU>B-qPNFD_A+R;K)zDR
zUzH6XmCn1tE&X`G>II4}@jJ9LHut%_bp`s@pihKBAiNj$X@tY-yJ(6T(8#pn=sJ`@
zeLmdG9wF=z!%RpX_o8Y%o`pKhT&2dZ|KP1)Md-8Rx$GLxNnh@(^%gC?vJGt_L=E*T
z?3=kAfIF4(`V5vHh9-`&#jzPg)exj3e}7bWWJFYuep5-yiw|2K5w5gFmHmx3pNNnp
zYz)ELEGxiI1{wE<)R5IP-I)-f6f@Tv@+X$*P*fE7eK<MHTuO1xJcRCIT=6)GElL+^
z1HyM@%qvA~-`#xc-HN)8IoPM%)KBp+^>#Flcy-gaHC{$Cv=!8^Xy5Y6KxrecB9X_J
z4JLsUO~ob~j3QpLu*c~Y)rYfaF;gB-Fs;2S<nmX$irboJ#ly^8CL0BVYsC?NFwZ$O
z3gdqwNwtQomWgf6O7+~i?EPf>v}ikOu1oPo8(}g$9chp99!g{3ijv44+__{K;RDBW
z$nJ;V1dk)i;UJ?6zduJ(j=(T}=Mp;Td4T>JL9vKC+nk?3obO>KOsoD#$u6X68NSy6
z?Oc+zG`_6!o34>@!og&bD&Z0Z2M=3yChQ~jr+2}l;Gd{elDl~~PZfN%vA!i^YcCXy
z8?IT^KGq-?e9HRr5sGfWIxoGhAGGhWqhf6NseW*mmTQeL*O;i6B-)(wxB!PG8mWk>
zwe#M!2R!Tw=HgOG1u*Nc%BW*}e>RJ6RT0wL*6>L$x4EQ2Pk!oVL$*u~&H)mlq(zMU
z?OUoSW9QD`&@GBwxPrU<+u~zdb1Nd@&gB1j`hj@<>t=+ibng24;AusVQ-P_HYHSvC
z+;5@Ppu{kf-8>c(-@q#YGPqNNz`>pO*>;W^IHF!rKUokJoTQ*^MI<l5un0Bu55)B)
zmmcf3AU{@D>@Q#$;TUl#2Owq|a0_d@lW=hR;cf@0Hx&}N{vznBoEqsjC*BPNed;zK
zEKbgk)uWZ`{DI{DlaW*SyW3CG+mV%-Y~O~Fh<Cof#aJ^)pgg3y0=1);nE)H{p4xfj
zni=iY4~2uznm3G&kyvMy7Vvx7hzlQ)!a4;JPLf@>Yc~Yi!2@oI()2DklXIAJwDk>r
zKLtK73g&z{d2*&}sH0bnS7R*XlyapK4=64%DLGcYXJ_lD*Ix|7jAFb)U;5D3F^pU<
z^$m&4eJ|4a8jxEMN$E5D_5;E&K@ZJ<e&F%ta9K}@tIXed9nZ$U1Qzva{fSRX*lBW+
zOVYE-omev21ZaWt1p0$4%do11CH)E-(x3Edem{k+7Wp_oTr2z9T=sm?5Q^Un1Y`WW
z1CkP!XF`{!%ZGxCqdP>quIX-8eb(G#4JQL{PtJLBg`ED;HwIKaLSn1z#R9e69ka>@
zF}yg?T8ZyPzT_!#zZVs;n}?xrCDZH`LqWBnk;c*%t|7-aThkW5YJtaIgWNkWKe8JF
zO;b4I$=}whXvSZ8l+lGRt|Ug;t0LYU!w`oWEyzw*OBN`mhKu%1-o(l-ApMRx@F!w1
zjeCJsP?4<ZJL5Ew=+S?JLx;@{&RLj}zRUS3d{s6>L8gWMvkp<=UN7dWEK4MiLs4HV
z^rC@-hJ2<M<|wC?PJ1(xHwN)7n5&z$&y!kKoH0stQ7?YXK`W3$Y?*N%S)rgn3g0fX
zn=H^@L@DSF<!I)z?9p_yqCcc-aD={pHD+}?)K{v!@<azm-F1r+o%KX|bvst}0!1{s
z^7v8lvJ;2^oxBGzNb8Ji3D&sWDz2=9%EcO5TxBU=)`lx`0nEDKhV`8#nc**c3L3u5
zrKq9ie*`nycClWBnM-9hUgw`kp|1g-!r!F&_2%pHx)HPLSA96~>b!%gS=nhFo#F!*
zAv>Q9>(gp18VN7>8V!j2T$8}nP!B%6xn&g~ew+2sYK|18UuA55L2neFkD!gg{#gnM
z&cQ|TBlK-<gE*=x_i8cU8^)7#kFpr4F^^mUR~k7*9y^7lP^jLgAw?Z{pL1p7=^VMi
zEgW{q-<Q1}n$V7#O0bY7w^8&`{ac3~6FMNKa;3q>BO5^<%rdNf4~t0aO2l#CP(X~m
z#3yi29nYZBkJ+>chd9j(D6Ur&89oDxj>TTu{wpmh&ja6!*ej3V*i1mnvrlyQex87=
zi6hqBGGq2Q;)Ge>Wgt`cf&23BK|u6h4e&dG+nz(_YA}H~4GpAOZ2)zvEw3#8le_dU
zr0!I=33(1<-lpgHXPiz9FEx4+joM!e|6d>d4)^m-*Z-*U@xNo7aR)f;=u#QBu!wK|
z*;I@Y#!NU0mL5`>ivLfbF|Gl}0FkyoC42vr+d$@je#ze*ETo}gCZ>T4=R2bp`KN_l
z3wR^rQRY>FwKsBG|Jwu}a_{y>9npVj&Hf`ZgYH$KK@>Lauekq;RT^N&sj*8S8<7V5
z6YTsOV(lyq2&Z5EuV^VTJUon27xDXlz{Oudniw98q44ymnaNb|e<fS}1!Di^Jz1&+
zHZalO{Id&T%&^s1VH}^MnfL$e_(3D9CY0DU=sXh*aB%;boehoRMhG`!NU6?z{NKPT
zG;lkB!(L)=<p#&z_rGCYc`5_qxHRFl-2XjM0x`mTa7Lqw*KYj(y`?G+He&Dlp8wzX
zKjA{ZpMHV|{=dIJ92x~~#j^aR)Fp=Jl#u+-!MWmtZN(w!rIdijl@?`G%zBgbUMavt
zqk)||;-eR_^e?KvzZb#(>ETLAM<;FX%l-=N!?nt#Q6J;_!N~3*omal_ey|8tEDiPm
z`e4s(>c^Zl&%4FXO1V;oq)tb4vj<Oa@hK@4$hd84Z;8f7aCmeiy*=)-*wV-I9VdX1
zGWY=b7MJtv9R~RzJl&XJ_nUUl!*!0FZx0bkwWfdS(H|}XGPS|z@k;{u?=}6te*7*o
z5JOpjS3qLJ-8Xcl;ZBhGSM7GVA~Dzyd|qN0=#l95A>8GBJw1;>NIU{SeE+AMR9-`m
zBZaN4QmD>yJ<8>5dF**={k;X6-c_j2K>?FKsw0Qh_^R9yccBL8ZL25x8rLy*^Y)d0
zVoHh_)b@i0o(aZsL*MC_ed!6Chvz`vMTPg8Z08*k3c+lS3c-3S21XWUz*Cs6=$II-
zj&eP6!c=3_kHMq>$_1kl{Jw5+&6%RH&3=vcPR@V6aZJujSi|Y-h2W@aBxPtksq#9j
zZMEs7{y&B`fXG#1W^07P(ucgG)^c63Hq?H6<$4x2vO&DCFHW~#XbyLW611i<sk?~e
zrbi}XX?AZnvqhbD2bGT3^EgkJT4G;xo0u&h0#W&xKK)b%Z^V>S029A9Sc~Y(Kg7(J
z=_^EnSSL2W5CH=Zuqmm#czScAT%i^~9Bdj@1~llcfP!*a`?Nu@lnfPn#i&f60rFlz
zSlPDisq~gnhJk>FFIdc&?949k(t&t={r$>Q)Z%Gr(g$b6iaXdCPan0g&BKztxs8kg
zhFeJJjO-3HJWn{7)Rqkbhut)o1rW*A2e1(C)eoP>zcf>3q3CIN?F=&4pi<<y5&5l`
z!u6`N9b~CmB9qRSk<?Yf=F4}F9v^(co|uPX0DMW|N`>eM#37=${gBwWf5TdHWZOEc
zzze2of%;`~9VgC3CltK;xbOEyKtw|)P^TaEg-*v-2l|WC))vXMF}uG@;>t>eZpL3-
zggRB6)=!IY=jB+TsZ|8DBF(AaH_PAyR<;5gviS;0*A4rYRyT)L$6BMgW0jb9tEYQf
z6IQluqR)WCFG<Ymab5ID=Jc-XJ}h&^N`WsBPfQF0obN@-ba`-%_PZ2`iHTx7`o65U
zhx6jZQEiWRGpXn8l7Ag>%Kb>M|5mg8ZV0wK2+j1(HrFFQ9})~YS@F0H$owvh1xV%j
z{@K{3B{;%i&9A)0l2~{39Jc9S(zT&mKaUoxS*hd6`nuMQKFfL{`gWO`@4chj?+%fs
znF>QmxeEcx#dNYDm80pr!@Py{Eb&OtVAgraYmEX>zLG=ci*#OnnYOZ}C3D;T6vNH_
z?mZnHJBH2H)==5Y;~ih-$SR0goe{wKTqnTqZ92X3(R|(ODj*hg6G(+3V3hAeP=Z14
z3+8wRk5u^ID+t}OCjqpR%iA8*%~nyHw}tL5B~9jE4^@omymCS?4&}>dq*p^Y7z0;_
zeRl_OE^{8c(7m^WA}#jyYx1I1%T<*Epp%4BTZp{Yt`N*>58T&szX)7+!*@4e{<^(q
zA_xOP?7Pjk$!w>Q&&XEWv3g&p8w;4Y*Y1oVww#AK6Ya<*WT!;VDESySU8xl#w>=ZU
zf+C?O+S3hI0RbMX=@grmBgA5rmgL10KX-SVZn3X}8xvVDpk2+!q<|F4Kw(T8Kk2|6
z)cxy<g30_bZJnAh`C^wb(km>uGO0qHr4P7IhgHTfg8xyfIqh(1C^^V{c>Z8ap9Ii|
zK_whi_-kUj?SDpAPCVlDDe!t<CK4JHO94+Hb>PTX&Fh+n?&Y{YUXUM67LiJH?<YAn
zw$G|<u@-{ibg`L@4s6>DeIvicDMolxY5VH)OVIT#rx$eUPsl6xFy}hOE(rzlDABO*
z#iSuln?{jpc>mR#@Dd_Y&MWoqtT663D`}2=E>wp-vPtimx}3p*_SPHubp}AFla0hA
z1dBwBeIM?qyC+ur+4W>n?<5%bcx(mviG&q)ler_3V-|h9i$DoDqQP>h^%(nFtkgz|
z(YpKFk8^qLlesgt83wgC#f!7mg4uqv2bCAfiw|~aHxZ`I9v1wK9UO{!9dlCOLH=0k
zUhzogzs_K_TD=?zNoTgDze#^g>uf9@kU^e&!H2SliK#Z~wEo4o4u9EsZrI05Rgdtw
zMr@lG^O0FyYip(Zb^iNGUnHBrvBS3Ggrawh=k2odZ)(<F+|~ZoOn-;!XBouNSP`mF
z9BeXd27)M1D_u1{^(S3dj}IJEvT^7>RO=mPiv+6v=2Ztyhg3Gije#IU-@Cnqo9&T`
zVJbv>db5KyKGz>HTlC2xexDxN)mghs^L)?sKH5CVs#eH<4?kDSAYjSicrB*%C3HF?
z`EY!7@nNF=f|4y5@2wmREe`SK#J;~9#J0n{5{5~)7(ackomGVS<7ULx@16D#=cUeO
z+w+X&r_b+KtF=_lco(MUcw(?aupu6!hr(*^>@!;x7mXIX-wY=^#Xh%%@YbI$ZhaEi
zMk)7|>iFxSGqm%|Es@&#{8vL~C`HCO^U?J9z8oC%!&eRSkMm42YpubQ&}^}|W3g@t
zeVJ}U285%WN@|n3Z{ru?+37Il$-vozj(UUe=h;FZ?*LM`)BTDi$J&R-#10<aM|&$@
z7x$`mm4s+P%>MlB`B(~IBq6~02^dGj9)74orFJ@()57KH@cP1#IZObp5c4K3$TVN{
zAnLMh(YFJ`f#6+E6v!2strG0LepZ@w#}AlmW9&ggc&|mI-XY{U+4V^jSEFYO+8}=%
z^nrEn$HRqlv*`gsj>3rh$IJqx-dbWW%c~Q-Apfh9*mafl-3Sqw8>GlI{@U-N073p_
z^~)#%_vb|O5yg8qdm@E`BL%u-M8D+fE^<B@?A{9lVRovcLWBwlDJiKe-{kign=xv@
z2$;(Nq3O;O!s&OD!*f2j<a|$057$Hd4G=u6BcZO_*o8vv(p+Z!^3u5y22bpYhY4)^
zNw^c3$$4lbSR7B!JJ7@Fl=%l}<28*A4%iwR>8q%0qVZxN<TCM~r5pxP=f+ngG33^-
zkf*pjON7o2i`CUDJ;$A4U}<+d3$SLKg`f~orsme1Br(I$BSmzw?@%VroNDY1>0rQq
z3V!4J9A8NpZ%#(J<NnNM24rMqpF|iy4Kdz3<|5I1+<u}UQvEQzFY4}xigYtJYw_XD
z-QjxDa-F4krN+@p3BxS~Z<w;?Q?aAQWqQm)BX7slH)RK9s>e8We*@LSq-nM5pRJx<
zl>T?;LfFWuX=&8=m+fv>q;FwPjw$6v+j1m19@FT#=@iACtv52*j#n7id(dgE9r0u!
z++BNfqa9}9K}SzEx=>f-?T0~QzfiGBv=<ADB5Pl};YOlucm8UYj&z|GS0VY=Bm;r)
z`q$&giK#&xo~bkhwAzR3AHFR&t?euI-l1;6xjiwTi!!Ays$}^~*83iwHb~U55LIfI
z0korv34vJ>;vG=kaGW-FoRR=80s0B&+vWp#riq?c&*k}mwX#a$O@p*U2`26{GA(#a
zW~jDJio0|x=@)`>l92f;>+2<u@{57A)J%VLAr6@uo8ge(_!_CXO`C=#fNom-VYSK;
zw90McHoTu_0cmqk@i{Gz)chKt#T<p<&rlhVp%YK^l%(Hc#kh5P+yR`}oNDSO#ts?C
zdTH}Cml;OMRGgl`w}7CrlWzFD!s!mVu)1z=D6<C~BjvKY^iUpG@s+mw=b~sf$b(k%
zBq<vglY}-8FA?hr6PDh9kF!O^Q14zOeQpC(URrl4rTMo?M&@7OkPbV(q!xP26<cSm
zM(kHdV<Q)1N)3E2f=;pT9?N8V)mzOz3(!ST<=yap&4KS~2zvcixACW(TppCS!W7;7
z2!y0!)Iynp0~)LkM}Vk}0nHTXl!-YvvT;f&%8cb%?R~WH09tpoCh@C(1ip(ND$CpI
z3v&!IXA!|SIN+5E`NU`GNq6US2evWr4uB-FlKNe+hQa&4Hn;2dSrT=Y)vx})ypL9C
z#>$DFsK3C;5>_=MxlqJe3m3f1*mi_RBOp?Ydg*6g1Xxoo<X90&+d%u-+M&;Ku}N&F
zi~YOL(iKC(Djnte*0G&>7p}6j(-*SI0FX$FD1QejB4ReS1yTYYFh0Lx`e(N?_hMb=
zFHc|z*kA>=TP;-R<cFfrUnAa5DlK9U^ZH5S=eke-mek=9V>djx4+&iz2306KHYXWR
z^Pf-cV696k2tu&EyIk}a<tkR1(oOc(z#4ipJ{vanf9-)?>d3`~M&i%1H<xXC(;bwY
zKZ<TnYbjxiWeGGc)QDcLE821P;rds<YuA~Ssz<EhsrGEhr4ruWmC&1Y?Xg4cU1^^?
zp=yNSrmxH4=tj5jFXp39oSlA*kFbr}=a;24g-E5$u>7ym0-SR48Wiv?LKooI!wjVc
zJj8cSZ>g-m)qZc;kf9(WOP`Q^uEd28N}{Ipfw*@b>m9K9Q-d!9^x>yu6~i+1|H|94
zFF$C_hk{DxOL6!?0~tOc8EzLopC!Y6!NF4$)}LA@IiYsp*i}y=E`#u?t)5Ve$Cz}Z
zr;^@AzNdsdpXWOUDTN|G)$~8zG*K$gJ)1YT4I4>gb%<E4s$wH?mLlCriB8O4peBdh
zSb;_yT7*Rgq#vEOGkKK59hk4@?lppovrgX@)N}o;7UKwTae}e7?U_4ddX9?Q#S`_X
z;&UWX5ZB`tZ%$_toE~PHX!Llz)SBfrtS!NV36~$Q_Q@;;P2qaUuAcWAHip_jkg2Vm
z<c{lRr+k>vIHqn(f+u6?i;9ldcaMRc7^mDZ3_M-AXtAv5F9X_ms}4Q4)m@~?Hi1>I
zHzO6j27IKaJfhk%4G3s#p-`>gE<Wri{y;92+cX}CFco|_PG(aVQ8g0fcdDFp{Hn%>
zJp<aQdy<@43)q=zLV6UU$Q(&z`x5M)G)Sn&R*Fau*z1f!DJClA3uxXNl6;%^rL=MY
z!E7R8^+LmEwLCs3bQa0zscfYlI!sB9NzkS}>S?@=#G*%oo3-6EAc+f{ncBkQN0vfQ
zJXN*>pZLu0DI8=FJOsYuI5tG$Z0eHa5K|V?if@qG>2y`~Z@?TJD5jIrFKe0HcY2Jj
zwWe<sp~8g+uY`SR`F6psg+(bXMt|}%^o{zclW9EfO~13dLSS<12QxIR8`1K1VC4;D
zl%?(-*AM~Ig`lrrZ_(g1N!r#O%i8OI=nZs+YM}u&$LFyfaQal=#&B^dv}220>l{i5
zH`=*)3IbtV$LsxBOkvFc#dlvgP4g#A9M&74n*WRLRFnD>bFa$%5&E`hQ5G;{sVL|5
z54K=OHUYp^m2UI=S0V(;q>7QlEL_KJ#0lrFe)awr6d6Q7W`_%Cqx~1({HKwyx3Hsr
z7vo-2vJ<)gryW1&#9+HHbeIzr#cDB>B@E8A6lx4g`Cs&MXQFTT9|!^Ja`iM5-c6jJ
z_|kDYvtye%vrsQ0cxr{nwQ=P1x{*S|_pg&Q(DM&6J*anq;Mekwkhe|eXWz``a!p03
zVt8QP8+{V;Yxxf~tv}AM3y$ZMgkof82O?f^FMQ8~G0vg-a~6@@__@6gi2DCv1~#&A
z1Y0qDhh8Pji$m}G$u?t&A(`K-+6~gj*_-A>>sC0G@n0kJznGH!!E2>!$&Nxcp#wr+
zdh@kyoAt)8z_vU2Q7EQeDh=ZY)4Ab07J}!CErvT13LIvp4+3;4vI0pgDj}79?jmL{
zRe|pdRflk$7EWpQq{8N`7WO03jEo%C)Ot|hcJrV@ZS_{r__%Hh=WWB5*}Uv?j{dX7
zFsNH+^cN?OiZbucQCG{rq;8JQ4n-2u72&0HkTER&Q8$b4mQLHQJ`v#fc_@_9MDBjF
zHZ%WEtGS)+R4IvV$A$*Cx~jJ;BG&#pZ5(Wruyovfw@V|Zjda&R30ZI$pUXFf(D5xD
z9P*4Lg4w*8Pfl+$6#}j$?AosHv@M3sDN%M32reaAVp23aaAkGlZ5Y8tcE_YL?SIJx
zAj(^r8y$^KNAEH<39Q5AR9QO%)zzDzd0DpDN_}osR!^R=`qk8>4;^b3N;a@LX#O5n
zKshV8C^x;%KURy;vzM6Hu4okl>3eXfRj8|tk9E78fG3!*lwTLei211sc&+<<PA{@&
zn@!PxYF?y**WGRq<GT~|rJ3M~%}>2ZfQJQfcaoh*j-wLWg5y>*hXF15MGxP_xDn2#
zpF~TsezC47^<19?-M4eos3WgY=daM=bm)Qf<d9%Tal$K$A}x`D7>a@nB0U-249K#f
zXwfS|+n!y8g_pbp`&MT~00P=@@}Dl7MO?Cjz(pKBC-PseVH2EHG|-SM@mkBbt%4CG
zXqB$ZWpYtoki7f-9()7RAHw^t%f>CN4(u)ZYo$$j_sL*Ma{1fXMnkFZYultRqVIGe
zbH(a7W?s<Oy^pqAzZHKIc6{^YW$uj03UD0p{5Wh50#uw+f7fTGD1fM)ZRtUk1I-Z0
z<?MZ1Mp?YS%L4e0{`zt+01iWUGOx28+4%e-Cq5K&qelI2%#rh!Q+EUe0Q@+x2gncZ
zh7dJhTm<frdX+YR8b?A!RB@@-FN|b6TLIZsf3&NoX@EeFn(xF<$wHzuhI-2{&>1*O
zNjq|02R%Tlmj}=O?d+P?>z7bifKr#^0RTS<Wt>YfXhz_?eaFS!>j#$J*DA|82h^j8
z8g{)M(Ya1P)nZK%po?98T*U1EvJZOVq+7C=95TuEcg0z$6&>nkg5r_*@e*M<OC2xc
z6DT>xzMJJ7)NLZ7{{ua6*eHL_G=-}AQBCMwqM`0TRJqU4e+*HeXB#ef3V=cn&CSiu
zf&Q4BBps~2#nW;n8ZGbnuTLjNID2S#`gu#-Mw*w{H!9g)p8`Az-%&~+?SCJd-V6G9
zAY0M)j$v<q$A1Ik)jZQnhd5Ie7~lB)PjYvs!N?U4LkEBfIwDTce!f3-27;OZnf*F?
z<E2_HK7zKPFWh5WWjk$~J9OR%Lvj9ax$n<?PlWp4o(}+Dkhg?;Br{1_)=4>xeHa#o
zXl()y(HWvVzw+(FpQYIkF8RYD?Y$A41F|>_yt4nvB;#lg)hhliZ=r61NoprOJ6tfW
zsxdlUVN}<(izSp#>HDD8MxREdn=zr@?Jk^x-dG2q0EW$$`OqYNJZiTE+)~=SuoK_!
z2C{e63PFj8Ay9E$%QsWmU+l-rzl8j&_f6ifVXt)1ZdCvVW()r$7A$5W4hAZLxHS3T
zAe&<gdyp;j%$ZqAA8K7Uw|>KjhBYU+xvd=1&amIMKL27N3>K0(&+6qm;VXtPFY9Ke
zzg7>A^-)KJY7UqYb7KsJ@fnqxBT5%WKIquJ#`*Y_LM+f7>a6DDe2Lk`Kkp4E$8Yi`
z%I={s3~%R7kySKBm`@Jfj70rZ%^=ANK)9NDc8xJ>vlI%zH-$uPFzJ78b@~P-78XU)
zrDxcBX>rI)o8vG)^8&KgWjDIpW4X<)TJMXlL)X<1M#6gQaB~zy3G0SJNq*V>{J7Vn
zRW<C(NG=cQ3k`Y=6xf0Bf9RI(gsz{l&$mL$KoYwL1J6L}`R;I$qtIr#RoqN!(Ssba
ztxP8?V@L5~K)zDrfsr!tvqP9~Ys(9lC2CC=de7{rzf$nm66Ih0_3~#nIR+0temYaN
znlF^sySV%Tyz=W=v@5>aFVlXYJruf-LFRr}XQ_HGbYY8P^ZLybH4{2w8$N2CYYZG1
zDooik5*7uD<VdblPxnTr@{AZd-Ts-6zdvU9x~FoaRZ-$jA9n7&Nk@dBmt%d9HYbvz
z6n5i$DjSML?NYKK+-<mi*zWtUlRjJ>jf!YTzT9YjuD5~<J=@`U19cm|%(CR5%b|rz
zjc!-%I)^><2hE!a+;BK$w6y6GNG$aACQ?Y(tu{1#LXc+k_PFlPVWe%o;=AM<uKgEM
z{OG&LKt_>6QK)d{b@&y^pLPkA<wd8&scM>PL?NP@X~-5xy%Xw8NHN9gMz;y!;h0ce
zbf9NnwmE?tp{IN(<~ELGi0JvZyovUwuQ5MDRpGaRqvI{kXS9^#U*2QDI9_>|eT6S?
z|2I>iRu(0%xGL2oQ4=A^MyBS8OK7<&XlWm<!Fg(l$MZqnq4Tm^H9(~b?|kFSjnzBj
z`>4zJX0O7jNSRtaXxFlnphq0Z3*(Q6zw^erVBJITVy$USKD=>zi7oj%^erg%P9VXW
z?nEi)ds5T0A^r4~_#=CK528Msz4b~}kE2^Jp3W<K&|AliK<cYLxdP<OJ2V1vV&y_)
zdtf9PFngDh&r50&_;hpKDW{$^Hsah{$Z<8+xe0+THDH%s_q#~wWwgKNi<mNk1?<;H
ztDQ_xYYA_T8Zas2wmF=C4<Yg;Tb=b69x+p);iG*Ej7R{U#bb4TuxASd;|}k*X62qj
z<~cM$i0kJvp2=#(a2&xA;A`vb<)b8@0j|E+gIYZ4{qdA89YtgN>rjD1><gSFsuw_g
zI+&9C&;f<#@)qiOWyqAC1Z}uQQeDD{=R7m#qlTIwLLXV$&&)eBmI6y$_`2`{98?Fc
z=k&P9nzo{=)~1+~(#{T301qZiM2X%e*9{=#w&mwdmAG7Cw=dMOFMJT&RbbZq5fN@r
zgR-rlb%-FH{xG(~tOk;e(ROp9iBtBjBJ;|c<oGS%Y?}$qXZ2zv;P87+VIpuuui3iE
zN$di?g@T<*QR}b}LHkcn<)2JCS-3{P!4ke$ITZlhLuuw4hv~0gephmkB{4D~nGgsK
zdkf^g!Y>Hv<=9mHK$UFLM&VSTa32%OB_yi;iv8V;loKNx*9=smUJ-B5i91{G%%apl
zl_~qGi_=MTW{`m|p5w*L+QJeAxnR9LpNXVzg&^J@F00YXcD#OyB%P}Oh;)C~?>btV
zv#q53Q&Wdk-QKX?;{B@kN57BA@&(FjjN9EF*|=L~G#<vsOQ4)aC}MIwi9+h*@_Bdy
z1MQI)%Fhn>28hN(AD2Gx^*1U3Xl`uP8~}TyFDYRW$R%B>>b_Y%Rr}fr)BJsO&A)5q
znBj-#$N6iB?r3tQg?|h$FOZ#_{iWsyU_8^g&?He_w@EY@4idte#_=DXLx-Ez-sYja
z;UCBt+?T-TN}x}>aMC})WNUB#l7ufkBn<<AGM%iFTNxeJ`dtKH_|=YAVJa^NhltgI
z$3=rN(dQyRms>3Q{q?CFO^3Mu%XHvWwoc3SW;$|xg{lZV9-px|S%nm2Wlf(UMFcF^
zLP&VaB)KkB?``3?f(#dt{Yr5^C8{XZLc5`wmhmU6<VCggjWU)ptrk61sY(?8-Wl1)
zs{pL&x)S}CC(VtbdTZTJgk(Dvk@)p3Z<?S+(m#}!K?y>p6L8X@6sE2a7Yno77T(Mb
z%1=MtKB&x2S#~H21{SLpB{E^z+{T_OD<wJ2&3e@9qtHto8k)U<E}Ie?Mb_mr>Ig=b
z0(@&gCsJ}bb|Vyoyq@YJrQnOtl*g9-5c$xJgAcD10IwA1WP+&>Ky@jK4-|L!L4_Ou
zkAs35wpqa_6GyH}8v&1kOD9c;jUz7n;pukX2H@Buzi8*WI(55x8YItUdp~-ks-|&!
z`sK9}LnO3Z5ZOqJvkSO0wl27P<M*!T8-wo@!e=+`m9lbS-D7{F()%zF=;mlTqHr-K
z|LrkY24cA8@eqpa{a*HS1OY3xgzt*hhs{KrQqB}_9x#GRMOBotCsTZdOrSGQ;bBh0
zcfAPrd$nJ~e{5Tl^60=3fgB7M@amH^EDnJk&=1L^+<l+*3k^g#fPq!y=&>S7b(U*W
zi3C8K<<OwtQ;xT$x5H@<Xy=7w$7KPf8GgCQnn_nO>ro^s1@f%N%!Q*70>|;BPrY|k
z+V$TPh?=HC;P1F2wznaw+UnYJ9|_-U$&@YH6lg5Se?ZJyhArYS;b~vp3~YY71&puY
zsQ>g&Y>Pg*&c%0%#|RX0xo=2)0m*<Fh+i(cT)>A)0nxCudSpw8sPJk?xxQPL8<t+O
z##K*&92f-1s=R0*FPgF~E&ta>(vFU|!1t&76R8^Y{gf>)1K0XW?P0Ceo|D=jzS!?8
z>a0ao3z)^S6~NjIj8(2+ESPii#dL!1ej~eA;8h*^^Vgn3NW0ufas@t%d0OYyXH!*B
z2xYy!_~X(c3bj>OSb;pT!iYv$a%ziZUPP_K*jIO^E~8h(iq6GmZ~nXkEo-q1f$CKy
z?{wb0PzP3<OSC+U#J(V`5>JB#m?1=`@r`m#k;*DR81fUB%@%}^p7<mdX~z-u(!{bg
ztf*<Iv6bJeRxVW_{vwN$RJyrqqx?m2#CD@jRu8f_>^95Jo)R>;Ag2y)w4f}p-kdNc
zt?*J(<}!Y+WPxoLMY=KeDi80f;LttonDF^JU%n!&#v;U0P$`2HGP7C6yRsDJ_Q>k4
zmCUB~nIOBd5vXs>&3}>briFr7$<~N~zMo)l4D1jY`{g=Wx+7g+$g(uS2o9!&lw5M5
zgyx}(VesrF#ANp9;ayVD1?NM;#4ZVBT-$cqy58#XewwaWxhjB|Huk~JNOQS?bVHHk
zbNW59!t6}m7a9$iRAi|es-Isg-HH^rtenH;_sqwBG9+LTml&U%t+q*?G-p9l8r<wl
zH!?TL7MhF~Y<})`X_Ai*;xFBH3<uilws_=vnOHAxlkhN)wW?9p?_WcB-Qe9|yFXi3
zge_`fv>zv?5W`IsrUJcoQ*2>jMd`%*y`9Hx&~E*d#5V!wTt1h&JYo6K?huT(pW9lT
z=v#vlyQZ3aU*eJQt_;Iz)d2={$jIA##JJ2QP6bX(_`A>vJOQQa8tB_w(kehhtdMBa
zB{JN*vkd^xewHE4;pvNa-ua~OAX?7HMTf?0ob%Wmf7_ef?qK(yhY#0IKiW2pjPiOx
z@?d??OPe4taZ%^CNyYu*+uSQVZ*c4{vuHA<83~La2Cq5cZs*hGQ|{A?Dl5u_CVC7q
zWHbG-mt}yC?4kySwb5`A6RWa-+isAUm~JL>BE2(dgqdw*<3#%}!B9+c0a|HInNLyr
z@_Qr6@y3NThKgtz#*YwuTX}6MK9@@|lpo^=kpk0LYW)^oO<e=UzG`IZ+EQQM*?ZTx
zD%fNAdBrUn{A{>F+H&$;x$Usz(R@*SODPT)N?#yfQJ+IZ#*@f=8TI7hFZqiw=I*rL
zwN7TDA8gmFZ1*He*XT7zdU+0$Z>P`9;MSdcKTsr~?t)>sfJUL`u9a3|c*G6VG4m2+
zkRLdoh1NTjPC_UU4=Lp{wp-u}UL++-XZ=@@X1693VlVYDZ=Uy!#m+UUFDMC7)*~#Z
zyKiNOs`K6CIz{;z$kdJAh$xt=9tnqnk`|ivZ}NXGImz%GD1;4wKS+(0h{aqh*9qHD
z=XrD$(+I4FVx9mjKb0=~If=(pyfDYEaVK7-Fba=8lgS=kT%d(K)y0M~&Bk6Y^6ysO
zuQ!wtdiZ#S|IDM6-5;gZTr^H1e1GCA<PC`lC2#L^aC9&H^sb&q#acJBiK4`qcx(Ix
zst4Mfvzk?<m)via-x)!rbQJ6&H;(%JjGRf!;Pz1Hj^5bR@qFvc-ny9NpZ#%Jgb~fL
zFud{GMofd^%p}qUM$!*8**G?`^y9uc@H05D%1B3_zd3$lA9Z1G_VpYSns&j7RdSly
zPmW<0?UMvGNKh%s36}yC3W5TlxK7n9p5rD1>-yI#ZtDlc<3^&_$7(sL&qa?m05q&*
z1a~bS`mZnaP$jPhUR-^Jvs1!z`A8svM5Xa?5@)CsVU#||m7?ZXwkIh}p^PDBR`P5!
z0$hUm;@;+tu*xcp!4V4Anbs8R`gdgEiWma2=*5?V;iM8HxQq2gEZpZ^xaT+0f7t=N
zo4`m&F-p>=8`~!UP4L#yt^)8&At?Ky9SPeHWcY+6Bas>}JaYV$P18ADL)&o7^JS4a
zWzukx>l^$>SW=j1KM7$PY!LFQixD=c?704)&$4hD3vm1}$S*VL|FumP&Lr~Rf3Xh{
z#x3o<1zSYba660syMe!dT-`ygMBPtL_FLTv6xMHtHv2#SvP}w;;r9(et}x4(!nYrt
zq*vR7-8uLxFoipiDR9s7=+mx1z1e5QPo)pBfUAWUxDztiMayaAUT)Zz{>-MaM>lbj
zGs>V~_Jq`{{SWr;tHoL>9<k}(;p0HRkk@+$GSbBYjW={o^PVXFxvl7C!r23FW4F51
zVJ@H|nCj3miIcvHcsHxwF9EmH5|W(Ew(Qzq65+5b8G?-b2n8W=lIa3aUaXm<VAm`K
z$aMX9CUyOAT|BLcWFfnyZ=$$0)ygj?eY-CrJoRAY<cA=4(Qplc#TA&tDNb;>yRL=$
zW~Je}BRTX>EE#w4OnLp*=0@?e)(mjVUM*uE5OdTuLtwlvx3vj~yE{v6)uQx@+cbLg
z$>{9rVPRD1N1v^6WcWN7?2UxEN>FOFy;1Kh+l^K&^32FQ)NYAgM<$!qBVq&DuzV`I
z!x1g=tvH*lk(G4Mpk{oxI?Lj~Tycd^<J{As(sp>C4F?(FH@a*XNvj@^0=$5CPF~u|
z!805{GGmizr2F@<u0F%0S)E^Wi^c3wGJ^bM+FG3R!;Lo*u#ZEmMb4>}t+`?p0^Dd8
z?+%~%#xg&pTZ*frHIIWC3#lE7%eK2%eTvhTi?3|z`y%kOr^v0~F?)<s6I;w`;NjW&
zw+wF)Uy)?~{&;UONv>;B$|r>7{k1qD$9*|`t-K%bG^$S~n;^mQB)8uwd;}HRy;;Am
zws<|VMLzD0UB~hM4nWd=3XNQiQYg7BaC0j%b##vzH?3%<k%-Oa`ZHfdyTq3i8~>>j
zj^~MAZ7Jna{98D5sjN??Z8Q{BL7R}azDU4oe7?dr__IU=Qud?8oQ7Tkk<Is`xdmSA
z^3<M$`)_oRRS7XaLnB)}R6({rMdFST#VWD^`mFoBWM%<iEH=>d!%67Kx88{hNjH=(
z*>xfEiC)T2d5<hR`#L(C2O(I65}Rx!XS0Ft3OP=4^?Wn=B?(Fv>Pz`_z+Z1WR2~h`
zpRqKK+!hBAm!dlqSJ3KSRUg&CMK=ZwHjo7jp#RlET3*eCX5=EE?GY=HXiddb_8LjK
zn4gV~ds!ozH@d@msXE-mb@$O&EuL7r;A$|+4moTr*iFPNz=Sks`Rpwhh=Wpl3(i@|
zX{|YEu%Ed<rm0l-l_q%-f+2(hLAY$bJL}-5HQ%?I9JmbhgU_k4T;?6>6x-_T3j6@$
z|5gR(xBuPovKD5jgTZh8yE7GOnD02U#?(k^J@D{d{uk`sqa@1lPdGTWF3*UTgVgGB
zs+e#2<W70p5n(ynAXl<iYRTMRNSmawe|evMo{*yejQa?-ICf@#`0W~OX@2CoF`|K-
z;wXc42>WE>5}283R4y;5bi#4GUImx8$Jmht4H1EV`(u&<f85y#<?hsG=<?YoE-L>x
z_$V1cF6aYW=2%2O)P*$;Q`*5AVBkc=CY6R%H24^3ce^8jnM13$f+e<;4s@&sL_#O}
zf+fY}pKTX_!w0(+CWX=L@;HTd!v!<n=p`@VF(?HTVF}xB$L&6`b;CS*u;(YZqi=bn
zU-aFsL<<$oZX@X*m1%W@kBIcAc{Tv|d!OMatjSxDFJ0J|>i-Dwzs!wvV|Ji<MQ6w9
zzW&zZ0mF|_>h*K+PSS1zqlpFQiC%XGZX4A6vTI|7{VOhO`p#Y)NTJ;Y#d~j(u4$6V
z14@M-r$n6QQ@`^zP=WG0L|vHt^}fNV4vg?}VwWdmTrREfaNnmd+}jWS$e`oPm0o(i
z*j=f9t~KSk2a$O>><u$fW?K0?UB+M$7rcNX_cEQy=HPR)GW-}7Z`84&!8?9VRq$|V
zMDF(zLR=4$-*;o{b_<0tfF{@n>fH@q4irRv_$1gNP;o;*C~p`MwSB$S%&+o|M){2j
zoi9tg7gNvodB58Qo2B8!<YJP`bi|odXhB4THtLGk^wD&<XJ>+*w8?$YrDA!%9_Ot8
zN}us2p>T<@k899}u0HE{@X|z6fak+#pz#ue+Qu;catm5r>^QlF4;IbUUp)j14d9|+
z)9Z)9d&R(|Q}8(?Ivk8j_dFnkmXRIL7X^w<3p$*nz-zPI*mV*2*{nB;@PDd4Gb|_b
zI16>yi-@-g?I3$m`l<WMUl)4?t{x$Z2XWghzgLbMuXt7nSa^531&iS3kV@3@nZ(T~
zx+;OmSi+$va|Wz(3t2ha0d$46x))AePdxmXy8HjSI_t0~w>MlXjevB=(2cY-1JaGO
zN~a(oh@`;K(kUt3odS|Wr$~253Jl#noDa8qpWiwB%>^^-i}kGgz2CKX)#C9LDED~_
z;5BPT+BTmv2Jm;M${{Zc$UXfwI5Fl6mytvD#8?|^uY_M%-yd%%MP4M1U(R2jxD)}H
z45?r9V)H!(ANINy)tbp|Aue9K%P(Ie>+|NT(??3jp~ojU0rKUSg(*T-&%Ao$AceWI
zN4cnLV)|>uzEqNKvdR5L_u6o?-l#$Q^v@qkG(AdiaUQnAW%?2sSuDlz_4!ddGI#dN
zcwhCOir*j`Fl{68dJ*+K>aABUk(M{g4IeaYrxvbUg9og<#dKfvOR*w2(sy*|y4U$F
z%mhCV?eE8XN)=QQS@@dYdOgXJ_E;(q|FT4a)awsHlZ@7G9N7GJ=L1bRJcvp?1kSiW
zhQqoVa(W}jzlVTczDlPMAHsgvg}EP5abq}@B`#QuM%ZqqG;ikZHxmQC%JMfQK@8Ah
zQL6p!R|5zNPg;ApWf>#g)fnknu?=GnAY78U8vJx6#pA7Il&z|_H>^kdNjIP|&S-<1
zrR<5UH)`lCMlCjkPk$}>GrUk6Tgj2ruKrbq4+%bm@xgC(cE#MkfCiHK64~KMgnb!N
zPb;&m#P*4C=-sl;GwMly^*jL^1yQ@~UJIyuB5bI6m8Mp4J;#!}c~iev*$jOIT&9fk
zNlZz?3#JKz??w^pTCFm1#JLNX3US*f6_$#l*y1TKST3(nVM_(jLUZa6`MB%HFD2>d
zy<R4)(|AWMp0sm_!*UQLnTO1$?|YgDE(vh6_^pw`(dc=bqarrFZk&E|=2AAf)Hq+^
zAFskrZ9dK2o;(-+aGJE<F7?eX0{%-kX6UJ5I1UZm{hXb{=zB^lU+|H36~ix%laN<O
z$NjxVQPf-DP33!Ki#QG{SSJ6w>Ha~>g{DrKQ&dB%!)b&GG5awF&0w(VWuRV*g<~O=
z#KXa?s0`=z4p0+>SbwHZssa6|j5H!H_p6<En|mUr$`YwChmK!G&D@I%_dR?~UY_oz
zc*qF%nLKI<x!X1NC86u)K4ANv49$2hSf^e@u|Zsq>SZu3n{EQ<v^MxwUgim5>}vaY
zM#G-Ok&_vl*)-I56`vWR+X52l7t~7!hwh!<)spTz!N?9Bv(Ux}EKvPI_;m0r2UBDi
z28k}p@QWJv(lZLzj^hV4v<C=Wr>udoJJ-xtrukg_%q(RIT8|t3_PYyCVPWP-nQ5}s
zJHwQ)Nwy5-n~w6N9lizSNtjFx_}iOS;<N@XMv718dr^+UuQZ1JQCUeXPO^9;0ufVs
ziDqzyWp&DwEff<7M0^_g->EOks%)W@V5g30du7?0k%QTmVj0ia9U5I0=~yJh<x3>&
zZ=EH2pYkY%f0>ZP)4vVCFoN72WV`qKc?YFE>bn>_Hk>beBQWdT?T<f3v*e=mFhT|;
z({N@NrO6VleBi|H&_)2&M>98WgX?cm{ehZIPy8!AZKTGP?(uR6VmrV-R8vJ6nwOQ9
zK;14k@HxzjhTQ&G#dzIv!-gE2nU0pxG7Kfg_oKbG(@5I3SJf8V4UM&4c(Ec+NL9ag
zqZS*e?=J{p<%u=9+(q4}zO=8fAv$NX^h2Vs@x)1w@A>e%`C9OZhWdT-ykbZaad2X^
zMg{eTFY10G<{@Gxupb!CJAV{RQdyC!Fd>{(_s<8&CfcfEhvD0D%^uwVhw7<Rkfb^r
z>(X7o-kBN%mp1fP)931q(wb^Dq%k0>Zugw~&AR#<ah;J3GS?>JDU|T(W%!4R!$yhC
zph>Pqc`K=ecC&RV*WwUqLn9&*Ym^uEhqbG}W+I_*f&BTsPSRI~Q(~PcDB0E{YG3OI
zh+sv2rSLX9DP>hfcLuB2t-Gq#;h{_3skQf@izz<_rJ~6&m6_<KxNy1PpOVE<yVt{5
z_l0aEx8?fh&8NoLIcS_>Bi$Ip7Vm%?a2X#H0=c`ZFB~<_c|`oU^60VTWDKje;uGB)
zojcBm?qlo;A9Y`ez#4~sfibdlyGu^3%1n~a9Z7^i7ny~xYt7%?R;~Wx5PyJ8lN-Zd
zr}fHq=g+|D6`{v6>+y^JON|rmw)1s13K1<X>INQXS!cEqCEH7qK1|d}Qoj`PloB%A
z?`}p0_}_J3>8;37WictmN0Y(;bIl96vKhBWje4!CE0HF_<-F!4ku(g)L@kXgJ)z<?
z2X;nrJnNI;?<`f>%RLcazd7HyC=S=`28+6z7o}W#d{D#=bgsV)977o}?Ld{{n{k$?
zew=n$&!#gHqFK--fn5S-jG*L*?4+HYe)4uUG`_m_#@B=s_6+XEO?Gtt=J-PwKPfur
zsobSx(vO)Inn#b=z9>jbYCW?f6T(V6Jb8I0c%TAM92P9^nhFj$vw1gEBaU>Q_duk!
z;yB8~3axA-<Sii;dFC1Tj{eOI^5YC(eJ~ndGTmjYi-!r;xoseY1lh2=t}tcEXilA-
zC|Tf_ppCw#7P#9Cf(!;x;(3d>$Lflu5s(LqFE-&t=Il(yXe{HKyWUG2Z+(O)GSJ*A
z!`FG;Wm`_BzVdzD>w&j?3@NSzr$&6OA4$Sy3d-{;f%jg1B!g5QRniq4*SOUZF@hY>
zK7V?@xi4nwiZt2V+#O~yre7W|2OKkMS!n(P_zLq!VLJg&sNzIPChptWw*QAYeOI0N
z*3E0LmEv9^PBFB3=C~>YTtd;Db0;soAhbL8w3JD&qC+UR$uWV3tc*O@l6jAp5zSZ1
zLey|p1jwt3qr`3J3Rqj}()&Xk*kT^<3ZoXvOQ5$Cm1zqBQl!0^=b?v=;3s$#Mq1;k
zbE3Mf!Q2O`zeIl3QbE!+9hdLfK}AH4pRnQkz@1#4`3FU0*56#jqcTvr0N`oJp!q{L
zmI=!$m-qKX&Ns5vQU)mg0uzYEI@_-R8Q<vqNHbWsV;L0G0RT(KE|A6UW#Y%La910n
zh~5d?OyZ#>lA~@EGr3acM;s<byn4U&%9X8SI@;Hm=xKYnt$TrZ6DLdIO}#zSjV~sT
zN6daK57xphfID?VvAl~ZA#V!Hs7E~kj&!6GE*d@K`TUM81B_O1(~Bhz@LO<e_~zj#
zx5L{Hz&s{$KDD48JF;o?2^`%q+6u(12=L{_BgwS9)XRSKgD6dR<=mjkcm7W+n%RF&
zR(>Q0*rL%euK&1#=6zI3RU#}uf~@Z|P43g^L&GMQPpf9VP;$>U*ne259CUnQ6r*`h
z2hxGHl_9_mH=!&&Ex)-;H1}Y3tH5KIreH5N{VkBa;MDaMPLrwoDm3v~82!5a#OO+1
zQXCc=cUzX6mM}yg`(ya4*@_OC_bFFoX=6iIh+?hehn<NSh8?}`ENLDrO)XD7+t)3{
zZoti7h)oY9Sn7_PJF&G)DhUO>uCbxmlDR8NYO_xpipG<A?Qcm>uI77rR%SCGtenvv
z5h>S<u074Fcf_psJ#{~BE?EOTu*DTr5076qKZ;n-he);e&Lk{~V{(uFEYgIANslB6
zJew1!Bi{Eqm2`0ti+<onOJtOhk}!1siTBNl-3tQtR}TKey`XTywX?a=2-6vu(Aj;H
z6v`3(J$I=6oM;bBp}u+BGlcwcvd_e3d(}>2OURAl*`zhnJ`Yl*U)GDO0%qNx6tu6n
zybYEtN^M;Bfg=S9)R??KhL61$h&DdPY@+DG8PCP#qFd&FaaIt(Z8g~oz!wQYT(^8r
zp>yjvWzXlp6FKgnQ?@gP7C`6=y%(3e#QqZgoX$64@(Le}u!`E1foro0{pb})=6flV
z=@@q3!-?4F{0{+&LZffz(c`!e?xh-0dG{|GTBeeg5XG=Y?-QFjxsK)kj~7Lu^&!zy
z%}@W|-;|(pz^2V)qP{RL*ioALLy8_go+sUMn$KGXWoAlW=TlN%bDZ}H?GyMmSH^SA
z^8?h(313P0UCDo?WCZy7d_8goPKNxF?nOmo>z};vMIaG<)6uj3;3LP;PzLlIH|X*3
z)OTvgUaw3OdP_v^E}FT-N^g4RI0|tS{8_Pg+T5x&ep=(bZWNOO<O)Fu6^vH<PWppG
zQ$f+{xZ2C0)9vmU68$hHdXEyd_Z~T)h>y5zYE_q>f(16p4t?k{9}o|@4HAZOaDex{
z3w-+c@ZPbrha@qYq@1${IdGeL#~(X1Z2#u!F$Q*drZOq7`tZ**disu5MAVK6jklA=
zrb__4v6(Do`7{>3S~wR~qZSOF$-BtN(%$9Rv-F&a;MCGgYPmQ+m`w9<+3uqXB(DlP
zd50u$5t=$s;@NK7*$&~_6OQ+Fs`*(_n`q@U%cK-S2M(}0+zjU;@LbS`;#cVG4X2!=
zLv;tnZ@an0FhwS<lwCVBv~PMmPFo>JqIfu;Ex1U+#e|`%lY$9-_!RkK`T>QFg*BMi
z4z{B`x5?v0I_9+w{J2bKg~3@i@9Zbg!P=^JLmPXMVT3F%az10{4NxG`W#Q@Pc1rDF
zfy<NdJI}ghq2@nRLugC7nnApWgH)S}qA%H>r(k|p?F#;X7*4gHh~poIgWYt5EN*Bs
zo2nSk{PSfk@p$m4+1sH;XYLs%RuG+&59-P?xQ)@k;<ME&(YPa{3Kx}*-c=_2-mo24
zC*-W<wcpo6d&yB{b8@Gaf|3}(F-caF-pqSTY!+heTa`r9e#<B%`2I7rKZ@T?yq9oz
z1=k4sO`u(nfVBDghokThr21tC^gYh}NBXZbz>s!*=}2xgT)u;hlTClci#L56{WCqo
zSmf$<KG<gFW&#`0s7VFpqkOAvZFxd4o<=`eDuFX8Y4<d#k2h<Nxp`T2Dk6&gXa)9i
zOq-4X9eC-5{k*FUUEQS<+5Ph1KK!L8>VT0`0;9P*S4~&s_97(n`=NKSt+ir2PkixM
zeMH2$_J-;j+nYLDT6fATxSlqB&s32p50hHD{yz2slV!(DFaDJ0ucVV#lp?hUmbbHu
z5S_hMQBy0GD_gS3QXLg~+KO-1GJ`thr!wzkshHpk;oyliX`MCTDDsK0P4Ej2<7yoH
z4>sWEH%trDc++Q9bUeY}QW<LX7zr4+RXeRm`F<KFx-|aYWNpo%*cU{myJ}Y>^=ThH
z3VfkLGDd1N!+`dnOv|L(^{C*?+8qIPDWVnA><>Wykj->aN!O6u*+$}e38!5OU%=sd
zu%C$Q3hm0{Yv=>}k;vuAp8l8pJmnG0Lv^Off1!GrT-_uto$>Kt#&_()7bErgDGtw3
zMN}-1!l&<`F~`@#&(Z`HEm`^z`RBKe@ZY8>4AF$-XQaevqtE0oqrPKJ_p$wrRv6e&
zL30ecf(zol6P~=^A8F?~YUsxeQF5ZU=-QIxs)+)pF_z`6qn><^>10M%vyliM6Y=_O
zJBvMiHXD(FLE$hOdI%hRI*F3ueZ=5(a`(aLx%8u<o~l4Yk2B|F%=r}&&qE3HzKbc5
z&OA@tr)V?&H?}-cqx@ix)@uKa;oj(>$ni@QxXT50@zVsbvd%lL5?U{D(^Ea8+i1}A
zFP*BuF>wTj)}FO-``h^lPJQworfVL*Jl@P<a60`wr{z!DfCg9As2^ySGgWtNT9p#s
z$-!&0d^WpobJccDg{45CiYH-pJE9bHi}r6&$-|=furze(VgsJIQF}JkjV+F6HT+fW
z>STkVFm`96RPu0Prz>Oe(#h%0c*y>iW+Z*`M9M%%HK9X=3M`v#NT<F{;C=pMow<{`
z=?1@DIxW3IbsD65ms8G9V{f;i$<^0^Xfxb;_szIp13HZwjj<jU4Ozzy#5sLJ&#V1j
z27BWtN6d@)TI(UBk?HN5_!1U!RLjQuR;`J8If0OoU~==>0qrk5G9O4Q-AH^=1gzO(
z99$1(={Q@l$ORm~^~tsHixk}O2=7v?QNM>$2}^JOyu+s}Aiq^_EA|W@P)4=7zYd$S
zyA5ITOeYZ!J`FRw%{Y-==~~B#@fmicZjh3T)YwlIvKE9&R5{ajIrzZgf~eF@UA|~p
zjEET{Q3BzSv8$?QW~*p-++4pZt!tVCUboH!81JGs_T$B*Q6yh*ouG)_N;Q1wcfSqT
zx!&!Gs^A8T+?<1`0|ein-a55vg_l^Rvogi<6^5sl-#<{K<J4(gDoM(ha{1w;UYmX!
z!@9l?7u~fHqV8OIYhgl8D4Gd;$DJ^7J4^mA=fKfb>w@sT9%8rIe-Y6K&5PmpqQ50o
zH%1fJ<RYTcMuIED6HgIu^9;TPZ<6}US6*%<|HFsg{ozAQM$(45Yx6~31xK47@B3v?
z4r@M~VaJN-Mp9HeuMXSaHZ(v-gMrIz1KOZ@g}6k1b%n?xzc~$OYQKrLbcHmo04LOb
z-v{YyzQ{3;mVea`7XJ1rnfle%QUQ2zwL%vXpgyix>K!NrK~>~BwjR$Wwb*=HH~fW-
zsoQEO4f44V(_{iykxBzMSfs{kP*FR*j2b)goE@uu-CO~Fd#sJGUBVba!5c}%q9+0S
z+Ga#KQ22xH=*VIF%l`Rm@#PBc+pqmt-ppp&OZpi{ms?e9eD<qy$9|9$&_|$j9*dee
z5GSO`==YsmBP(d=b!dbP`IIx_PGhaj<%VuNzy0TMw?r~9h@+<iD0t*Y-oNX;K4xN$
zzMgl5G2-(n)4t*Jl58cLKGCH%T;0-?ucdb6*7#mAEb4uDW-cce1tKm|>t9t<2fEC+
z9+7)YnJq{}S0aD7bJ;8WCUK>?v0LY|MvnV2Z69Q|=zCls&iGT0<ZDpQUD>>gUL@qu
zUZ6Eve6NIb24^2si0%L;?Jx2SW8{=?IErH&-!vNfk`40YlgSMdY;(eoBbP@Q%k`Gf
z>O!+N`odsxLd;Rs0(rSqekakBF?sj-IRcHSl7xDR@9w2kBXGSMp)Z%@fwwa3%7lF$
zz+ZE<H^jw;wNF}Rn^2VkGIBfRqR46%st$s{O*>Ih@P;*7ytWYY<<ShCQlvK}Yk802
zyH)o^`ICN3BaM0jPvu1+Hm7Vb^S$V&gal4~6(f)C!=AbX&-x!sJ>7$JAV`{D=6ove
z9j}>AhZ5p9%ROOI+qET1)lXMpM9n{!D{u=xE#xZYQ$rS3iOtU<yQw{p_GTKCs0e0$
z9iKc;_E}%<Pk$o}S;-#${rk2X<Kxj7G&|Pu&3!WX{!2gV+<eV&PI_kmoz{o>R-0Z?
z?+N!Nj)_PTrI)q=0xlhL1g{#ZJsZleSL9eV3Zn_I2#qGaGjAJ4E#@O20vA!MSo0EB
zO|Ux>g#>*n?w(?EaNRsKr(I7ltNd{sL?+3BSp=tf%eWccUzJXhhk&(#@_wcHK9)g=
z)wZP7xe=x5Xj5w{m1^r!bAx8qPnhiV<eaja<HTGcMSL&^7LQ+bh!48M$4JE8(Y}TV
zJJbM+_~;%JZKK;G)9jnx5STXGxEZ^tXO=d(0`?iIz`I(HQBjP>jjzT@J6!>YHq>+s
zN-z`3KhS9`tK;#|n{Rqu(3l@i$*~MF*m{X)iO%HwS>)_+S4G`3<eCV!+fp~Bl!+Vz
z0N<P^isx!mlgKnM%-Ai1klsA4J*b02;n(xi6K6XD=3w{g^;W0${qJ_5vm0`-{hUF|
zxm*mjc7;arIY^LsRevTxVs$hB?oGXYwb!5>2UFJxoS6i!WkjZ{+71JK?3_1pS(_ia
z%W=aBg5oo&DLBdt-@df1Kd2aT$WVfL(HJ#&Y(y4w_j~8OA%=f%VtB5m9-qMZMrU`+
zSeK9$Sku3yOT93%uLwO|FZyLr^<Dsec<Zdx9uC$Pn0q<Q&hO~wh1a)tR|I=vPF@c8
z4SHnxG;<u18grpT?YXe$K8rR9ePVf2Zos`O&Qr70sGmG``vR;)F7W=yfS8dE=bbOW
zp%};TjIzTh(_Jr7g0)@FB>3||Cb&Y(UX9;qXSwoO_%T}XAbRzN@VJvq^1;|>Q<*UJ
zn2x}=B1$N!V-e0MjR!<fi5>pUho-z^o$Uf|Fh`RNsKxF?<404)nAVbUU2)`0vC$Dh
z<j#qJx7M8t;4B&6OoZ;~csTFTuOVkUMStD-+}B85@?IlXzP*lDx9E#5kCi<y3H%RW
z3O}b;to|62r$gOzwD%hbXegbaTN#NT5e!>-O7R4gqA>qrI_=^w1m)*tJ)c*_p4a1y
zciN+~rUojt#^fLFwnMV~kZ0wu#JMd4O+=ZCbvS0pAbuOa0K!#=4->xyn+Wlvq14&;
z+25{QVSI4914g$Sboui}-M-4#ABJ%{{=2N&*$H@6tFiLl1(ZPM>TLR19ik{-CmMR8
z74LLOn<B2NAtSzX&gmA`;!5(7h<MEQUWRMe*O8D}1vUZuSo;2=W|Uak1}Ek}*i;X|
zrZE6gS@2`(urDlEoR`hlYkH*1$gcO(DXmOQCu@2z6R!|K)#oH$74{l$p)@^}f1c@d
z@6!E5*b(-H<dJFoSZ-C$6^dvFYk=a|LNy_q1^IxQAgmX01=m}>K<TTjUOUMr@#1vP
zWOlt~EiJhtXRjw;uh?b$7oX@@*sWGY?VvO?c+XHiz6U_kk^gxL2~vrN)FRyFm_BV8
zLUMJ!y%g_2VNemNg&{5pyoR&g3vT3C(O0aFnKDL~;a*#5^-H<4w$o>vK<j5El+3d&
z{I8${Qm<(wHF8PZ)bb{($ZuQE`BX41W7_O=K~+`a3o}_-?dI8L*X_v(@|EP(;<0=Z
z2qC%bnYt^x?BWH>)!CksK)$yF4RI_JC!OdS?eEWPz2MncO*^`xdUk1Zx*M`Bya7|k
zpWhOC3;0akpT^lPE@Zge3e|#u@D7^l@T9#mc{RbIM5ndJ-?5BhPO$wcQfzbRM$m<J
z!lHaw|2G*#$nc{0=@08W6zr@e1L2ddErpDTCkd}t+A$m3jQl3uS*UgVd@41NcIJ)_
zk%jV<^11HxR)}rRaMV;&j?q6k*s>48)qgGB-E{x77^%cPb-8anrtTT?Yv!7p>t<6+
zMRPwwM#N=2m-*7)J6&#&81i^PWD;U<eQ|!NZi6_vIms$E$Yuk((PQaiGdaYTTH7d@
z3WoTqR{(k8lB{mFJrR?tG5VB4k6=6}d;E;k#OS$Re#mFRuC_zHCn3R&-hAZjkV0&{
zUV%>+1c)XR$RSt>LM05Xs%!JxaP&a%mu|WCwygf5@sho*?j9^h#h#zj7(@f!f^+rc
zAp0I-lJ@V)1F@vMLh-%QHfT*$TZaRKtNK_<^(IbSYdb=w4#L*3`;fKr2Q+l&U*Rop
z?1;?*T&6!6hlT3aZt~=b(ifA?58(_yF=leMCajJ6oE}@G9y*di3Oo0&85VzE9Za+~
z22I#LqM+2)y$s@J(_#13U(67FUJB&cz0WxiQ&G0&17j2MnA^i#*8Z~1l)C7RX!Nrb
zV~cbE8m(kvdhq0(be>6Irtm8fHEyZ!8s%s<3PE0o_Qbwk2<UYuEo)@ybf>H`09Mge
zv*HOyLx4Wy?mGeKLsUtY-l=n+DUn+H;_YG^JehkhS^ciDo?idUgDgGg7r{M^FJ^m{
zF!xeTZyq}p27Z4FCRj=v$i}X&dFS(`^tIo|$t?#=4TZuiZxP4U$X3VVX}iYpOQ$z#
zw(Cy3aMK(Ev$V>qHZiyBQ;@j7hna`%QpVd&`+X4I)1xX*{OD`Z$Brl36d+94bAE)Q
zz(+b<TFmzZ8w1Hw^caAtg=bW{<?;u=NMuVbt2UTrH%WU*lKC#<{GmTW5A>()B<EjK
z2MvVKuaU2e+dB7Ah0IqvKw^#PUPW3rhg0T{le1ueM*q@K`QTX{pTPeJJoJ`GvBt^8
z@oeW^o-5aL|6>9LgCF*j$^b=Qnkm$m{uO~9@Q$h6BX~TY^}o1C0{HX6nn<yg!%QkP
zw2#0jXa=BN+h-HUG}R!cZd^XDXc9ihjxYAo|EfV)j|cU*Lg@mcf|^#o?GAVzwBGHa
zA2>Ol=Z#6tb_{p;C-W*0I#AWw^*(#?sIms)-XZ>3!&N_FZ#suu?9GZbY_5s3Y<|n}
zq-4(3Kf}OXJ8F_B(mRys8N1<gT*#VzF6Q?5c=oK(==2HkSl>l&k1;pRA;{mv>tCD6
zM3Nf4x$70W<lHw~RRiH>MKyv?%FPWjlSMN4OAxi@u%MhXz!b`|p~%R^?5%05liQrO
zhX2^sVyk{FSR7R&tR<~ctBuvvtroBOMtf<fPA`U*&*M_P_y_m%eH}j~S2yF9mEL%V
z7t8nd-P$L4f5r}v2SEWRu`PoXt!rbr=H64Dan2d0_>!W7s=Z`cgLH|eQ|2E2DZ~cA
z8!tJV<xhy75%Ht=L9XZu1#xbFg4!+W2x$<k=J?Wmtl-Cj501*mXXS@ZtBBjnGJ%;c
zalcYgE&R1Pv&x~vX*r>j@5Vo^f%$aHqW<!`WhxmT|IsTZBxEIEGex`khPd<HMW$p+
zM`<N_DV#~i2bV)g+H4mf2D{iBZOTx$lk1AfYj#r$<@HRP=<4+!F$RWiXo@IB^6+4^
z*G=At{G}inG$C&Q8YC0YM30tmLZxH0S^JR?SK@K6J@z|f#&B%euFrM>IWj(L{T5FK
z^U0x@=_!fs_SAxK!T0Xr2F81#5$r_~7o16w58vz-JBYEIM-F4gthV*+rfQU!_A4|r
z`nP$l-kx5ff3xqDy^l}%neCZDWl)6qSyPT8u8bl`guJ);@-&RodJ_Ac_2sfJ-pE0j
zYmibuEyZCu>Iq-+&7;So8r6%v|L_7IiQsIZ2VUUX2{oSp|9uLgnQ^1h`#8XgNk2$=
z2ar4WrADa^yz`Z*ny^xPm5L==(fa++m6!uEUsE^letEr>wa~zT$C4cb_rB)yf_|t~
z_SuJW5;|`!yzDTdGi9OGOxPf1U}SGP-_5$CII47y>%l`Ojw{@=HHsCnQjL_oDvXjT
z_-G{iIn9h>eQ#Ro^VUKG#8YT-^)mu|;D)t&#y1UfR|Q8N{kd@PY02tUs#ypkT3kiJ
zKmyTM%5~0D2T3yVw~zSk784@x&cDhG)vMhfY&_SvIH2f4Z@<mtL9{qJAMZqda>)N_
zuHy=G;T{=deY0{gy~-($ZhL>duPIu5GQ3m~SS3q5rxCa<X$B;Pe=NTcYyec>_D12M
z1o>y4P>dOl<|!qb>*lRI$|{W)m}H|67E<@aHT_C7#4I9L<CU*3#PU=DV;3bnfNKDa
z0lP^4c)g$HQ(Y;~mBi`rc`0q9_nI(Ae@4a<rEpTV&17zjS<fgPGKM@MKBJli;&fVd
zR9}23P~#OZ*h2+*DPIc2cJ!fxzZ~f<=_Nw%{?iufGTM>MXG695J}r3~P5ls6=vqho
zXQ_#WVyoffy!e`be|cJWq*60qizT_4&t~-XwOiM6eXgn$(Y(QoSLQHvZ3j}9yy`9a
z3C!!S*C_9a*2kKZRN*l!W7y=a;u5aJG&y)<l%UQ$*L-GG+;)AZj>ajgEC~O<i?P!l
z;Y81RWk!%7>ZDR@vpYTMpa@Xx|B)20NCbHiIbCYNG#2Z4@U)=i_6*C=>PIqL)@V#S
zi<oTQW2*1noNYD+R>R3+P3w!mmK4h34wW05c07;!+vCKTLXACZM3a(r%3tkZNJ1^<
z>wFlgRqeJu{{5`qU2)}6Bs=Yr+w7=+9w+iXIE1Znq`YpqwCbb*Vbt11I-DtPD60>P
zot^-|7}R=QolDz{8y{YMrEaah;`5v1wXzlbHjcJLC!dEw32#>$HdQL=JezrrQiA$W
zWN)`!d-6|_9Z6URpJv_v+Y|FttpRi}_~I7?y2*|boCx&)v8*&Y?=a50y3I)@pt55I
zXkQuEMMp~xp$gyil5W=<!$vLs&L7MBFC>;$>y5bUlSMwR2g@@k5^_G{WN)q<6u-(f
z7X)M=PC8rOrQJoTNYsZSx9k0?l2eWU1-Z`L%qSLkTP_lmNV`3rN7x@!)f_t^QGDFl
zcy^3UH&Mlo&Z6@TjgUn@xUR;$jb%~KD)R>L{J$AGdFP#Lob$3$x^QP^M=jO4v;1Dv
zwPvk=a$rVrRxYB_(}Z&Q^5RX1AfIgJ5U^;BXzM_M7K-$6_tf*UOWh41u`5JmKvbVL
zox-GcAal8~r#gRUEIcj*DsI0Fj5Z}$0mqx7kNtSnbB|@y+;ErkfStd{jL_M`hE@nK
z3KZ;G2&QzYl|`0O2mP|_lZ8!0IgDykDpTu#ZiVdUZ8k|Jwhkf2pWf8JFF3s=q>N$0
zHZb`b1FZSbiB-3=Dq;U*dF9K>f41956*^(^YBEJm6Lb!BIhbYB$WSno!)KKK)3u-%
zu_~S90JJe`Q<Sz`{G30X{<T>sTg%EF+Fp(l7yEDJcX>J~i@74yJ=a(=!PqT9qVxCf
zt3nUaqb3CmB2L1|Xu^9vLJLOzD!z>Ahtkr67#w|wQ<>_stbuZLJg{Qx7Hm;}iRvZj
z&PsWv2y(!blKTJLet323zBXmj_{~3VfBpxH^i$H*^qWmkx^e24QsNn(I$<bZhF5+w
zg;`!7F|TFFYZRu`u{?D&u>B!MmIup|vx!`m4D}jfGR?T4;lYNMn~Sit!M~dSt0x+I
z@EBs*ESuVJ&3Vn49lIDgjF23`^}wpC(Tu*>_t2bP5Zl0IA`#0J+z2~VTKdcy(Bw59
z8c8fG`AF}%=na3y>0P2$t$~oW4bt!C&4zS~mPY?6R{0`@Jc4L3HfTewoxEB0YMUR;
z_)ZkP^f$B~4}}KY=etz6I@X4dS9fqRwf&M)eO?;y5yb^THvXwCTD4_A?Vx;&C1b%y
zC%AFs8aWh|*D8Oa2$Z>I+l0SGkE@Z_>`s+EnD|VyTwlogw32339kV2sz=Va1o@n4)
zHf{RN-^Y6dO^=2e4+k>n5P_Vza}VXr9|w9vyS!KJKaI9UpS871$tHN+9DaM!|CvxI
z?@c_$x~J#b1*!;jCxk1YpMnDF%k}t3PEVsm;qU#*hu}-S{IdP>4a!<Ug0<1lLnob#
z4`C87dJlN!QzQn=^@H}#=bXj=`}ZWc%jjq~k``&rK$gTu&=VpEVHi*OFACz&B2buN
zu3{(BM&po=cmG!qe27zzeCG{w`KbOUP`*W4Mf0T}X?=SoN0C+b_3uFcxwCM9od@b3
zjpj)H_c_UYze~3Pr}_2~tw0d7rULc89N&N-NUt<I*inerFY**+9J~`qw(Vg?NR$EC
z_-=0}bN|j&=%B|TLGSYX-1p+^PK|#ne~3RstpXC`YXH6o-y|}r8{8zqm9SvbCs`xQ
z-3hA*3$C;=2Oqs_#U5hb=x*PTif4QPik$u_Cq+9Uhknws458}&?L*1XdUUs9Yv&5X
z8t`)OEJio~4g|F?4fS(s9oD3Oq9Hi<M_iuye9p-ZALRGPV!~G{&zz<f+$U;&J(|lz
z2<Q(@K?;&U+l4cQSiutL6~=IE8a{>f$lMdLX#~h(gB0W0bSjY$2D@agO&o6CC%<C)
ztL97iN%+`F*w2z>b!fhgxW;0J1rl2?b#!;_xD?5Z6R)o>KXw|5+UX;qoQ4&T=T<${
zLOt?OgxAx4N4zNVVCMl^9bZbTu6Y1wkkR}M0gI<z#&tXew;zADk+K8p-F8euzXt)^
zL*6*_I8p~BaRWXx5%D2>fCeptTQ&kJ+BU)x1^sZH`q$*|dWv9+Xqx8}GD~gh1tdW$
zb)knO$ViLEYANTI3<VtF2i04ddO4QjrOoCuefn-3QI1AKgUI}^DydmOp+ntoktO5_
zBg&nJOTqERfcl4Y3ToKS*g<OnZceYfd%^XdTM6kaZ8xQM&K@n>-YWN<VXY*(rln!K
zNKXjGkWsU=U(@W7RXNn<Ox|X$@G+&h$CqnN3ideCrX7Jq0g%Xw+0Xalkt(+%3FNo9
zrR8Qfx`oERw|Hg5_KR{6l$?*Z8(nuLtc4W03+;A@M2TR1@XQrD>)|CYjr)IMA(uq(
z>Yp-FubS|)c_4T`{i3J%GtJWVB&Sy`)0zDFz)_PFD*o-l!g_EYfRmz0Br{a*L&f1A
zQ*zf(M?F6|@3Hp+wTx_|?*=M=p9Gv6G^B4&7~dtJ2GVu;Rb_a%ksQqDe4PoF2(7l=
zU{y?}6_SkbPsA<sY^dfbO8QeS;7p{Ltr=(bwq6hG3p2M_%B_;FUTm?#Ug@qfSz~0?
zIen?n8KrsG8t(0algVKgg!%EdOQEsLcPi6TxTk%t{Da<A(CABzju5a}tqPf_+WU_O
zFSwK`!P{mEPXfVOIPy2Lh7;bltDm2zmSf)mfEO*qr|F=r;vrXgEc>DszKxOVj(oe=
zlW`e%fbJLUCMMW(FO=ZsV_)6A{nO}tWQ9(yh)ZtNi&^)XP=z;_kWB8H(|u}zR4S9}
z&s09okw>$%YQW-vb?`2fyT)YPGWqnIXH^Kv(-L8>5SD1p7x3`{r2^HRvVZR_9)!pe
zV`KW6d>P(>pBkZ71M&DSmP2U=TdkD18YQA{e4iOLyx0?Q&f5_vACJAgLO03-+9JpL
zxYr6lWdM~6D1G)7AMnCG+2rgCKweop%Da_sM;KcQ=+~Tm<WjKvNwglXq39Qui<E4$
zQba~n{v1DT5vLM|FuZ~?p7khzz<E_|@>jVETk-4dS98Ohvp-v|`v&<bZX4{3j!c$%
z7`^SwD*(q74VLk@T0n3ve);x^BrG6aYK_sG9zUSKowm`on>9I;q~fs)2vB5wc`OFx
zqxDExobr`VwPweVie7hGa&*h)sto?-(b<_QmIQgOCnIGm->5Eb0pY*U;OkVjcz~8=
z%e4JAtoGf<#dmK$0AjEizK7A@*Q6=#<6d;MxgLMYARkD&n9?9|c|IqWsRP^6@x~CH
z!br<-GW=DzEkoER!@~_lu!5d-9LGE0tvT@2Y-rAz-4GJn(;||3z7M9hi6v#{@D=V;
zx#MQ76%+(Y0Z4jM$5&y*TdR2x83undCU`U|V4%KT8GG-^7SPe2F@K)t2nJV$WPIJx
zbmwYN4?t&vOXa1qb0F?5U-Bgt`qbSvt1wclZ?g!WY-aFWwH*N}$JrA`zR*mMlD2b(
ze`gVDdti<UZs9@Z46{L#=)uQf`iiYnf5Qx@pbNi&%A?nF5GyV#MKjXU))aEqp)?cr
zOV7Vf<pu_+`z8=z-F&70I-*`)iz)nt_Bo8eVbL~&)?pjnm#FPJ5_?T6YLj<B-5}fY
z?XNm4ySZxZiN{&T#PT<x*eA~yE|JHe%M8}lxgBHiCAvRK13gpuikL#%YImkRoh4Hq
z`@JmAhQb?LzFk~9M`6dT_s5o)w@m)c32rZZtkCbP_@x5Viac1}99>=rMbVWvV~a^c
zt5lG;`i|DBRWhEH$v<0fyFuh1(6ms*pAZR4@Ma4tk`FD`9!yfneFiRlqjvcj7p9jG
zK*07oAe7+Qx*jAv)K8EZ&>QI>#dGbQzw+?Z2;$Hu=Mk@8em$pr@f+wMA_V>B$kkbC
z<4l4hbLz<;HenU&5k0$-oss$#W>V-nRxm*|(AwvTrPDibpg1b`ejbVNWWR*3q`K!M
zs!D9&Ys;s;qQ_D}qdym+Bynf|wrF+XA<*VmCi)82Hv_#N9u3Y)u&E>dWNKqPKW+MG
zOo>Gv=MJ~mtv0nYh+1V@F~HJ9iMKVq6D32pNS`!{jL}c~xw;UEH3>Pvl5tVj)ZRRc
z7&!(&rloXe^4GiiHEBt!N<bxcFS7QUT!fCTN<o}68r@-op&*jErxd~q=htbM7~j0;
zIBmfCm&oJL@2#(#e)s>uzz_NQ_QNka7fE$2l^dI&$`E349f5Xx#Mm%iD|qgE-BKKW
za$8@jl@Q~`Z&dG_Dy`kci>cI<-;eoqD_LKpx6l%P<#XXvN{duC-%!+G(i!}oH(^VF
zv1X;7GBKspy*O2H@-Ms+LF&RU*47EGkD#?L@#Ja^$XanagY^v%QkWr({bLQ*DD!-g
zqz}hdOBH27DTvF5gZSSq$S0I{bf3FSZAx`G?xn~TKz#Rji*-wA*(gVz>nM71n<W4X
zJX>Ax*xnXd*bWViMAJ+!5i8?2tgi?pUBXAMi-Via6=cSjTNfLFdVn(j`gpH8`qF8<
zb@7ab<IjM+g{=MN;0s8sb8*|SsEYF~!wiq*zS2V4WjZ?Ex8&qYuoxDEy54&y`)IA*
zV&&|VlxF{C?J6-DdFYSMlI)ZnnZLWiV`ROQGvIo?*v)1ou|;eF@-xfJ=8m*BYjgx%
z0qXmoWFxUl(>8Ya&?IQL^671_tmdIyOdJ*>r+%}1!Mz~9RGxo@VHE6lKy&JkJt>vA
zKd6=Cooa8D!5#b<^#hPG1e^mqj0*R9k-b%?QR9`)OJA{A6n~*@@grbM4PcloawnX0
zG?Xo4!d;Qpnf`}{nLeNf(O!I<%QqwcM!G*!C-pNN9NpclIiD`%oJOqwBI;WtJnV<r
z0&h4E#x{x;fbDxWNHnjbQ)lyo(4a2aIs4C?@*NfTP*C$bDyP0t_1{V6AyplH_HiXG
z*XigoBHl{Cr$u<(5rgwd<>Y~BE~uadBXuni&MtP9|NaM*{>fp!T|N?c->0XJqq;`o
iugU()!qE;mmyiMIlM2EFftyFbkAjS<bomQozyAYzJP=s`

diff --git a/scripts/automation/Radius/images/mainMenuNoCA.png b/scripts/automation/Radius/images/mainMenuNoCA.png
index add306174991e11fef7b3e49ee82cdb19de6437f..aa1eae043d24de0075d5ff5544b31aa8cd0cea5f 100644
GIT binary patch
literal 66356
zcmeEug<F(e*DoLlqJko*G)l(+A|Wjz-QA#c*AP-OAR^KY(%s!TfFj-9puo@}1H(`=
zoI!p3-uHXXKX9(=a51p&z3;s@yVm;c-&%_xWkspG_+<DP7#MeDq+hFIVBF}%z`*pv
zyNS;Eq0&2qe$cTJ7gv@M7pGBnb}+ZHHN(JQin5D*CfA`%9H3OA8l}qe$zOeQL@Xyb
zha~lbt{8UU2upz;j7;r`LORENSKxzhZTB31GQKGE&-Q=8M2y67b$k$<!L!6|tqcDO
z1yKw&A2|A@ed=o@#Z<1PP|;6ODlK)$$x@1pd@1@dN<DG#D7Z@gq4)5<^;EBdtLTq|
zKB4Xi0tbifgfdM*NAeRRu-4sJ*W^*}d@2k57rxw*CA$I(8^SA3#4<lc`0!$h9O~RY
zE!opye)y?8=s`(Vd=T}g=emLRE{>B6Z;ePVkDo2-0!BmC7*$?9<a)>%VkJLnheE8+
zEn!)Ip9yS#ct`y^O@I(H1%t~9z4n{WuRm(%*>O3e!obVy6V~{gM`A{U0c3JF9^HMz
zNos8smKBPj<*rY%JuH!H{%vWX53?J41hMVGk^S<R!t&Oz7f`s|75`XdY<^E^;)St;
z_h$brdagCiv}Mc{6fjuOX*>+fKr0MvbP5ywAwz%A%M$$&0~h_92>p4Tf%Q-6joyqK
z|D-X!u3r>W6PJ-e|5h_`HZ!vaS~|E;OYL5uo0_sx*LKlXkQXp<uw#E~>R@cf{?5+v
zx(bHSI{|dk&dlX4%{x0=d!WEO;itde5J0D|vpJs9{CdU3M);|=f-;S`gR>b8FFPkY
z=Ti}U8X6iQXH#<l)z^}Ls-vHTpIW-OI0|rZxVyWvyFX`laJJxh#?Q~s!O6wJ#RWjW
z0RVc~yS#k|um{rqZsebKUYh|;oUI&PtQ_oVuG@WU?BMDm{PgK{M}NP5|D9&<tp2Ab
zd*Gj8p$EuuUBdB<os;8l+vuu7*SP}9R`1MgbzWQ9p{EDkhsbk2exYCQ|EuJGdi;-?
z+W%9NpZC9N{zu9GuBibua~5~7LwD&S@;@u{r`!K5{8Leg<9g)(F%!S1`ByG_o<;D5
zIR37g2tIE``Y;B@OAMLUV(RZOcT;h_)jLnRl~|Y~Uy;dd-t#<w&`MzEgwSZd{`TJB
zN{L!T<yhyw81Y0P&TWaN_ZhxpUJvjf0r4MR(m*bU69*0Wk{7+))qLsNdM(@?68WDW
zL8|$@_W6Nbxt{)cvmdarXfXcu{c``!Kbhe~KVh(^Mn*<zC%d-6ArbC1maVYHrY1)p
zv#qYMo!B_nqx7xqNu#du7%r~oOwXUQ8u^Gn*|@c^d${3!TLlaIB?k7(47z*1(fUMX
zPtVcKDrey>%;rDhv6|>v$luJCvRZndK6oJk`EhWdMEj8-^Co;dI-#B~RlqeE^tsJ9
zoJv@dP?+<hWY}YS`>(!FI=053{p-lDOP0%Jlt{!N-)3XNRRpi?LJq44H+L-6j}xn{
zueowHPU8;+yiYmJDqp3io0fw_MMZTRUG5Jetwa=(MQBB{jtnFZ&e!w`B*ZuzIEo%<
zgoLLH$xN3SRKLh>BPG2rgNUFi<f3QHA1QpEZ#93C>T*6nihQq_0-0SM4$9+C;c4@x
zEW;obLk|xF8($tn*4gj=D-1ke3_N0XKTp?f)q3{S-o?dKp;_HVyNmGTJi3r9e&C!s
ze)&B~Eg~YOL*1u~v-x}m;bCgBu;Gw|f|EO>FMI{uES1()R2x$3qu1BBi^3b$y>(NE
zYRM^xUn9>?GIvYZWEB+|sO#Q|dS5*jaNd0(EMzZ~o0|*mJLn0AoLB2?DatA3%YzmN
zOkI5NvjMI)(|M$7qB(ra9trWKr=4%3GBdvfx0(43gx*OKK&mCxS2$9^(2Hd;oA7mR
zh-3L{5w-L6l3`$n-uevkdAuP`a1R6X9)@4?>+g$%qFMVs=PJv7{xFSfR@SnWc$VJ5
zK?UZyI_$HGxEX;k3K4nc9vhUl9P%bX-jD3=kq;JWxk&I;X;s&^l>E~9y760e>^t;)
zd|DdyhEx#X7|6+WNa-AedbRCj0roV#eBcsP+N;7-q?SBY>KsI*W#xhKmV<OM{qtw(
zRIlSK()8gf##e}j<I<A#y0YZw2$}31lf?Py>2Bxg^}0|Jz14Peb6i3Y{|5Q?Tywc<
zm4P-&EkacC%NH>ZS@POp&1U<qQ{eH1$pnbh1cnsHLXQmd9uo-rjSM?z`VQbG`k@nh
z$s4&G`}tk!66nB3;z^MvG30XKb<$a9f_hyEheFEF7rhZc2Tfl-yII-0<h&VGA|l+0
zrSDn6dJ5E+2s_yEPi1`Lj+=01k$rq0*sR5If1k!SF47m|!_4|TW-0x=a#q5lJKTWa
z0f$x{o3P-a)%HSWDhm*`BH?+E9bvVh7;^`55(1+nBYG8sg5x(Q^W_wmd`jc@8v4-$
zcpjYVe&u(g#&ge;jNcYdBQ#V!AGZ?6`}Dh*dZ96$Oq%%U=yC7Bu+{Xw@OFy|GD};@
z2SMp<#@a^rw#jkSxEA0biF^RP$lXZKE=v_G+KG&feI1f;^@<wIwaC`7^pQzla$0H*
z(IZZ%ELw-ct(d=r_E#QnmCSCRTRW$Ft~eEGWZx`Zu87*F<c)pxN}NgH98Ur1!XPXR
z62iegEiQ?OAeZa7nMgI!B4UP5X%f<s%^a{;+KF%APpusKnCtWT@wUXWH=kCRAmn5#
zOi5~ciX6Oh_Ol0x7*8+)E7(k5Sv}<Q7_%W($;9#zbr2Ee2c_&Ix<4Jv$6R#`k+5G<
z_GJ<5%_%c@@eH7>34AV)gzDw?2A*597We_>jfXSW`xU*AL|7iNYbuD)3`6(h3LPCy
zNd{!Ay)b-piDbj>9tL$Np|_|bc%)fWL<oeH`)EYC-ab_z))5+fMnK#SG})Od6&Hi{
z#|*^WB_PQ2!A0fuk+8D3Z!UTvRMp{RE`+SXStFB$1|e8Cu%u(F+j#Br>HvBpHsvj^
z1>N>Exg>%f1RVCoVFM|LY+GPok0t_0+K(QwtJ>;Q@RS%uh?wU(Z$c1<mA7-IL4_N$
z`RO@%3S{G>tKH0k&-LQm^FaMA#-*j2xm5x#NgLg=L=wzF29<4ZbLoBgUG^rT^1!De
zciRp?0>Jf>w@4Vq+hNp=wc!%nlLIMSLP|~NTE1-5-Hpa2h^I^To}fF|21LD4mEL-)
zAyZQy@%+<bZ&=xI$gr@ukJqBu#>`5aU%5lRo82T_xaX)!DUDm_s#vq|)nF2@O8Mub
z4J#Z`nyrOa;oQ8Ok#urCRSk27eH0h24+lac`Z+KLAXsU?m@X?*7JC%=wZO-7Rjmap
zG<xau0lg?oaNF%&KqhmqMzLn*zCm*Vt}OIS(DWGj%o<!;zyuA7>H#)ht??h*>DFdR
zon>}<yYVSCBq`Ihp89;e;_$pO`gw6<^~Ngg)p=p*vV}*iX^^@nEN83x16-8W<0;uA
z>cFG#Cc@kkB3-zx)D5DW%hYCNyMxjWtw@5q<U*fs-rZHYI!AyvgAOB9nx_Cj4dmtr
z#w{k+yD%kq*tB78{9y7}ubPE=nw+iAfD-<lJIeS~+8lvl6rEA&&(SK%Yx7WwI<pnx
zHTvi(Ih$3p#HCc1JKv||bJ*&MOhM@uwNFN@`Qm#`Mz5;(TF;)Qkn!0{qfj81%WpDs
zb#{S$a9EpRHnHYSiP>ZLVV;d`Y5Yr5_^DV&XGp@Godl6V(|%hFghs5Xg_;3K`iWJS
zMYYZsk(|0t*rqi84_un)U4wMI{c5HjB5t`d2Xjq^(o@%5<9Axit=x89`He+q>&*um
zMsx+U#C4$-KQDjW08^{CNXQsAdWNY1qk*@EXM=`4GSr^1#im%LmmW4=CdAbhaZ&?K
zFN54A^xPojUkR}kQw8kO#37D{#?kF2(Yrq26sxO_-E9uceyRos?l3cY9V*k_j(i;>
zP@DsLS@OW(&MWGlekd&D;3eS~<Bt2tZ&L@=Lb6p23%zn20KLQFB`Z{Z@R6r)J1%<Z
zIz;@UQOJtrqpyNMq$Cl&VOtsYlC)wLxeQ<IMXjdzSQxp><>{?jR{X-8Dci$f^Zraa
z!U&-&vI(c`di=K}>hY;1cRq13%K%NnLqnA>JRRWlNxZD(&4|5=?#X1pg0YSpgGV(?
zFKV$+LM;9mno`cp!)U2>WUgSf^5B8?6Z~QND)~e%b#3?tk!@}D{%~6Xu$zF}=DfS+
z>iZL(Hm@Ji^t+UAY#Wv2_;9GI-F=GG%W|xb);A~m9}e|v0Buele~#b5YYr|qv|DGx
zcUGZucju$$<>3jVuuF#=TIJ9Qa-kkp*t9V9x-ZTqh$O>t;5&=S#wI3K<Ljl|rX!0*
zr6;YT;dMrAOS-QQ#77yF{4+9OI9(yj79W-qPJK!*gju%Qs7KneCaFtswbG1U`QJRw
zXWs>xv-U=$g(c7Wge+Fs(x>45ky#aBu=kHRFtbf+=|z62iM@TEUd=%2q^g_S!$xOi
zHbCMu+Z4gie4+b;eU-WvM+?$+di~M82xmK)oZ}i7SM7Dq5PFU1h75ruwy+Fcy3Jz>
zGey%Jv(IZbn4!mW9HTAtI=Y%it7)wtz|wtH@;o+E8Rh0f8IRIar3KxR7kZ7Z+O%d~
zr7DbzCQINFQfHmm&5sI;;})NN2~cS>yvlKCD?3+c%tUO@`U}+9^-t~J<bKzVu`TLS
z@WZoTa=KgCqUF=YaTa}ljsQ@0C6GQ|=BW>LzlXB1M@vOLEpVY^xKgh^d#{>L#IAO5
z_OLz?(7UoVlD=U}&F`!(EPZwvQvMmTl^H(q_TXaG@?v!br6VZhpI;~gb3`bo<9Ku&
zJikQmQLT$Bqr-~_%MtIrMQxEH{n>QQKPlMv0^h?2^+62{O-(<%hY0z9_9|ek-dHAF
zpgul`Xl#4tfp|*$lqnV9Ik(Wy>827#JS_LjN+#ZzD8Yb`pp_oqwBLNNMvVX*zj{`)
zBES;$-e&q)<CXnvlg6N6Tw^;=u~t4q82R|VaNZkDuKMX1Kq*nEjNC1)^1?w`A%u?F
zQVl#BF#XQH=SwhMswh~@XS)_mjXT%(T|`Ei86fk$@{%D@?SdayflTz|E!p#J!`h)L
z4qQIH2FqJMf(S2qw>NFg11q<)K@gOT1gu>={x~{85O?K#6LJ-;U7u|&Ir=1xuOz|L
zuwn_$4;&(1lV49cm~RtJVCu&ubbcB`oi-z9#ZRdC^&Nl3d%8-?<>czT6Gf2p56g?)
zFs1&wHTTOPt`^^fXXJ>V{wyz3n7;LcN9z?W;R16YKpSNE64rU}9C^Wty7DDFP7tzA
zZMypd(Rg?O)I-=LY~M{nnPgSO-RS;}A?@)oZ*9|wE<FP1DQcA)=86b=shYWEA|2;k
z&aF^blOHPy(F%t`YE&S6DEVt&D7IhpaeDodreAYf8fV)6T5j?;S9O@{)@(9^<F_S0
z<bF<gi|J@^=WUJe?6+oW+>k~>TBiggI3Cy>aF^|4QtM&Aw54QNUedGxqB~tZve<C3
zc~r8l-G}$$wnjorQ0>_Tzfn}reZCpsvu7-vGXqK@no}xH)go>yAA+mc*e4LeLYg}J
z=tHodL)~`8Uc2Ve3og+sCzeelXWa_8@`^)U+W61aAs9ye+dlKBuA{h(bfW3g*=TDl
zmk8Ge?H(gXw9l7I5-BK!qT(H2Z;?$FGf!LeGLE)vaOj(Ag8|_ThQ;OzBn>uSO(KfU
z#^vJ6zt@?M_GuJvi5Vu$F2SQvGIY>8n#%6`OA?qM6rG$v9P_G-zhtNjlXlW5eDrj0
zqp`EC^emOywpsNcZP5x&y)!^~Q^d5h#mWEXL|B4VRoq(OdS7lxY)F%KPABCV0={$C
z;A<zqa7ruQwXid_jr1V!1NOK*)$P@Ekfec9_6cd2QYqw&60B+%pRFr&Ak}H!u?{$1
z2;pF@gdv}wqaN3Se?%-7w|f%8niir>+2lyiK-Oxruzsyu-^j0TJihG;Pu^Tabtn{)
z#a%yQ;As=RaNhl_yCf4oFdBXN$*9V^v93RO(}9J>$s+9`ZB#sclk=iL?JQPm8C$<G
zX$%dCvDuJmaZQ6pey+vO{<V{mTQH7|Zu~iAsII`qe50&bJdm8%J}bc}`89{o5x20*
zl@CjEEOKijy*6uG?J0eTF@I=+n&;Y=i!GYr^0>`ehYGHr4>{E6@nc%Pl_F9RqG-iV
zJYmz8l72F~aV$2;=Mj{nSS80LIvF_q!0p?ffbckXIj^t<s*+_ms-*40Db4egMx{RA
zM<9lZ!iQS;g?Y_NwSPh$k(|B2^Jr6ba0I)7<uL?N&;n!Vx9pYEpPRm_9jyRYd24|U
z&E>oroYs1toqO)<2NIhW4sV{f@SZ7nI<36cM9r(+NLvML;d?#(mJ*>d4~tJr>U-!l
zerbLr7IHT+z2wEBd%Ef=RGqt-fqXD|N<YNRV7uohJ_X)BaWBR91JJ1obI;T6s1q3x
zuT`}nnZAS5n5xR%uu89CL%6VRi)kT+s!Z4CQABqE@+;4vF{qxmZ0({j_YyYQxBB4s
zeSGs)d$j&>sLGA&wR$1n9+zK>4O8W=T6Yo}wwu6m)VY1neT$WXU;8PkV9YmF_w8e=
zq@Tyt6fG>TbZ(i+(CNvr*&7-z5qq6+<yII&<yoj77sSrrwzZmi|4t`<+NO;YkC0Hy
zXZT=DJl<8uq4_YyKFHKNYT9uM%Ts5aIrJQUzR`&mfnr}`2QVjBR<3l0`m64S+wK@p
zS1tt}o_F)TD=dF!So@T9=fs(;dRoMyE1!xMa=5XxBQ9Fqsnun6^`#>v_(8^`RXK9b
z!~6a3i?;(-1>K{Aoxmx747^xQEaS7VRd@h2H^EfINi2F`aN_CDxft4q^_L7f=Tds8
z?s)Vy>-G(&W%eSvBPaN|;bZs?Txs1cUD&IxeQ~^5q-r3pVR*T$x4<VnR0+~LOAd|@
zI>m6cc!Y9>_8mIQU-c)vXM>Z~8kO6<!2Ly{I9@zBWqiH8x2#!n@ApjmV$=0#+U|;u
zy5D9Z=oHIPzC{c_-JQ#Q;PK9Lqy<NGe0mwARbUs$`TLd~Esn82MZck&#rSVp28Rwq
z&KVOk>&34l_iMzz51a4H-X|FJjcfXH$JoDm{dIr;ErDNV_+n?!J-SB|jGmJ}um6*X
zrNB~-mK&;lt@P*J|EPyAjb=1{b+%xQWnad=rZwfiHZI`d(G;Dmx3oHSh7Vls?hk9}
zYaq$%(PLm0y$n6)uzl5^pi&;$&Q)LHpy~uVcb6l#&3695yt<q^EmEgQp9!Aw;UY7d
zItx32pOVG_wl+dMFNtd}FZHP{x~BJLKo;lv3-br^Mp2KjU$%Q-+52Vwh)Lo2NQ9mY
z35oB8Dz#ht_9TT;$@q<ihH3W1J}l3aY8UmiGR)KjN7J&kw$>WS*N-rvLYBiyK0V$2
zsi+0lS#N#b7M&<NRl&$;RW2ra0P8frl-qG%`FYK4_|`o|(b6WLX-n6f2+vD&=2;7?
z>xK>A72iA(e9|g#yu}LG{LySvFs;;<nztiE>iINeO&@fzA#H+%6tcYhse3##lH_ub
zs!`wpfw`Qha&;QYxaKs7dsu57WxJ=@%d4f?zFrNK9GxWJs<{{;0nTRarZ+}=+sDG4
zEZ8-y-b@FteI=}CYpa)h8rGGd;<49qUld>@b2-rrwn75757j1MwV;{viJi7=#DU%{
zNYBUlL|bgGynA@ojYbqLdH3YnktcR!x;L?MW7>U(?yKj%=U9A$GsV@(m@`@he-<A&
zQD+m5IXD-c5~mOwA0@Mu=n?n*V=dO^1>gKw2=#%P*}e-^q9pEdUo$KMq?M3t1L3uH
z01fRNj>l|t`MB4=ot*CTu3sTW)-uNLo6r|Z6>~Oe6u{<1OQ}ypI>cKx1MBBiI+dw|
zo8u*K1zB<Dc+odKPL~Y~H>%be*jiOud>~<v960tUBz*i!%(P`fz<ai@!9`$2zKNpt
z&!|bu6-aGCN<^SQOmvbM*cM_L*N-Y2J*_h0LXgse8i5HV!jOxEsqri-Q3-(2PGG4L
z1SRNs)f%@~KgnnjL6U>?yiBpfg`xNNLMwW&FSkzL1h95u6UB@b_Wq1(!v3bfB`jQy
zRYKC_CY-vxgbb<kk`w7n1qeS+<~lQD4U#A=C@D~N=haFs>X4qJ!-r_!w5QtuF}?jZ
zeE+O<X}?dGV{c?^HbjQ5-0iM^Y;*}_J-o16iYoZ@U9-wc*uq{NefQL}Y?KUX_Kt<z
zzW5CrCLE7Wqi4qxVE4+ZBn7)<?CO#Q_R~3T3@?+80#x6RR@+p?toqi|dCliN1z_jF
z@tKgPY9PSI^Imu@6<-pQ*Yrl2;{D*x_!~|WO`ynlVWafAu7q3~$f3!%;iw&2*VzkH
z4?pA_+M)t;<WqPgBQrP<GZ}RPwYan<Aq}JMb!UY>>N=e~w?0rS2TOYIhJn3Yb*SBQ
zT9!^n)@I4mCHE3wp34pjA|h!1QkET)sh1uxmt{d8`!e7S`qDj{cX^{($UsIuUv1;c
zsWP5D;m|R+e93YU$gME7&}n0`*$ibQ3G1r8VF_CeW9nHp?esiE32?8M6>Tq6Q}1SN
z#&|3?PWGnoN%iBNdyE|?B&)gC#Re0>Mi(rTYQKMue!AzCWY8CQT<{vozub9h>ghi8
z_WTS{9j`IF@Q`o+up`T|F9AH>wOGj#afz4oype}K*L*blYPM)WJ6CCv)|)woqz2ht
zHa2fWnPqpeGQf3p5OuB|vFHk(caEYW)ed99_8MQdg|=+uhQ+2unI)v--Q&}tJ)3OU
zr$)_(>rMg6O9~Hsd_IA6w?20+eTopG@Yo5GoXGdVfw@>f(}W2?+8!U5l6=}1L?L$}
zhfkm)NUht^QM7%<r91hIdc+AoAgn5qnhzC{8jYBHqQPoIwb6Udt^3F4CU*-h<~e6`
zKg%&6I}9}^mhMD{ZYLZW=a%VBDnX6TofzR~vzOU@<6jHFZ^aCce;g?kk~I5vA0aHp
zm$dOW4kq-f3CH$3t{QAuGkKR<-$826!)1gAx3R~dAJjcJiv8CQZCrdnYgTwl2eT3=
zAxh)kKuWubH{Q|?-ssh*1)&K%U5jI6?*T$@$Ak97#UrjQJ1pyRQXhC`-+I0!0#$UF
z5P=-7_8|K$FE@J=PL#X~8=a9?(>0JHL3q){_}Z<zTSy1O@sFtqt_Q=a?b0Bzu5wyr
z0`KF+wml>`s!DRz2)0Qt)wdHy7-h#T0-q~KAl+iq4X+#t&~*Rly&m$doYNXg0FED#
z+)Mpu-G|<a{aS;4P<1e4n9WN&GVIYGYSUY<^znJ1jh*o_EyeDaJ`$-8hWSFhgw}x0
z%Kj5;x4i`?PBBV>cPmMA2_{-PZ#iYd<I5@5#qG#&SZA{eMEYebFHfVm6G>Vs{jDo-
z_){NN80&Y9r!FPWe6ZGJw^0|S+~A+iS|B*km`$mdS$t{T?TQx9D&3xS1SUIn3_e}5
zXJ2_X3UuG;xB(o*HE6GX+|wvzt9>iCUraci&8>O!5y~l^MdK#}M;-h2VGKS+6t(hD
z%(ez1dvcyVN|ZG~je$F>?}x}b?~dK$LytFaT**fGqw9`%P?6LkpR$&l#5{zf8iz>X
zN~b4l9{VR{M(l4j1&JaD0?YGj0Q=TSlRD%3^Gdv$dkI@N0+r}g2ZPP5hIUGsxCZph
zIE%omX)k!n%8okx$ajm_OtcIwW&}8T3&7=~Q!jNKvz3hUfwn>W(@);7c@gctxmWv<
z2U!S+NS)K@A5GdzV2X@0AZ=SQXYbuSAJB8v^&l!3IP)GSH<DcK{**onk7C&I0f%n$
zZC5Seu0!S(g?(p$bbjVY@6f(DSFLBnIVCC=$6XP$2#)N-Y(}Fw#$d?Ws49(Uq%8%>
z%S_BX8XufEqsYS@>8spDPlQAE33(VeECiyI4U=3IU)v5t-z#=}+9;tG<qj_h&{m%o
zJT&BNDSM==7mOz~jG4w3!}QH!#(JUEigR!6ETO|_Mtb%Vv8QJjH&y~2{BDGKPz|kW
zX=4nlQD%U)G@L1#g-8}licQq}ya4DtTAfHSwdf=C0NqG^;gw27eP3dDK`)uCl0<Ob
znCtG!8;PuiJ76bTvx@gkZw5(|`j4^$PfFy~b{mGQeFO(&k#7kM-K3H^&7z34Rxu4|
zC#?pFg!c#c==Kw{Vndqq2ZBg)Tb}9Vm)xKm)OU<svS6)izz*3-(~hE_U1i*$h!b52
zP_RvHm4$phx>LvQYDp#w98M>`@1`aJYIyTa3iLq^EzzFLk=uFB{1|94haA40<<y&Y
z*jWOX9L9Up?p44TB(%DUN{PRjRJk`hLWM_sc6D1(I^1s3=v#t3CD}wNk-~+@oc@3z
za+ysy6LxH`=chmG3|O7z+JY-BND1=Z&0Lf!8yT@sSWf46sL4DD^9M-0s1c5B19MSb
zR9+lUY$U79cRi_bgp=md1^HeYQU|hZ$k%mEpO?seT$PGQe~za4t&qt3tofs-Jlo6J
zLR1U<BVTid2}bz(<)_cH53<fKw!Ttv;!ul9B1F-;XV%SYb(|}rbnku7az6t3K6Ls0
zQXBNbVFLAjDLwRB7T7FJt&T@sG&6K8A?7VFEun|E&`W=L>!l1kYWkiqlOOiCfV$aF
z8jYUuz3e4`+4uDEO?J2|gJmVjXMrKw@ecXK50XoWO|8a3;Y|P;Hs&S%BUPXNhVeXp
z;Yp`G1<<9!sGExjc%@*}7&Crzne|2FEQY4)kbz=Wsx2gTBAz5|nyOGLj{h{#3}$RU
zWi>hnG!LI6WZDs$x(M${2*e0fN_?-rC-AuZwTt~1Sy*t))Qa=o^qbrDbiyLVyoMQq
zGh>1gi;eD;(U;R@+Vp%&;ZR;J9D@CsW{_m3+PDHxO8Csrzm)ik{a7^bUWk@xotc+S
zIJq~;Z8<N{&La=c!duO4{R^9ewqfzOw9#%AD?du2*)(@)`PCk*`NicZ4$8~I1{*|9
zx)QXz=(obC<Gu_fXHQG9+9Q!prkB=cdp=XWPT59{hv_r{uo2dP8`*rOAtgC_JfIrh
zN0X=A(MH;<TE*Q<7GmdGBZm&^h7R7^h;C1B-Sql;v=FY-y4iiL)2aMg+Q{S#sYhw=
zF}Yz^y`w4@s;pO};y(%n00P5V+^4F7ov*4oRYi40zo`}v#ymu<H@2npO=5dtMmn3V
zq(XOwM_CCcHSWiBMzfV|8L<gu#!^+LflqB8kW}nY*469_CcQM!`!FhgqbQ1T_(`pN
z)`(SbIMfMZCk3@IH;vI3m$Bma>!`7@04#T|7z=#0xL@7;tqgjjNj+yDAU@f$q2g1l
zd~u;Qe>c+HAb+$KvSXpXe+e~>lUSg%qX*1HLqAWRT5ja%gLdjQ&@`uHWfL7!bb7hf
z5{PY>zm9-C{>e0-RIlQo&a1&d|93J?q|@C?r_QFAGb@>t<7Iwm5qDYFDvDETv}V2h
zKo1i^VP~WgK`ng7RY$iO8{fD7`q}ge<=I3G2Q&<=+*~)I&x(x7ZN<9VR6MTFE4$w6
zIILx<ZV91RPBG+%zEQGWUzeufuN`Dx_@&~OGbMa)5?a=f8+?HgRm~jcuP+nrD{&@s
z1}MiNWj!$Z=;ma^786ir>G5K??$TFp7}L@8jQSQQt<^2P5A>5i8hx|4!5#Rg8x%b<
zV|c6yK-b7+F4&>mxXM}9n;?3<b3M`Sb2Esh>m|=P#m^!k3!#tG_u|*^s7D8RE8yCO
z`}SqWq6A|MK+_%PWu9UPk=yMhqIZTDPwFbBew;M{JkpNqkPNI%On1|Ex4r#@@6gq*
zWB_%ozkVsFOEuHF%u;NgElQ7$?_IhnX1xV?I~$vism*wcfG^DiOS);}iZ`k@+2f@S
zA<^_ZC!;w2&}h`cTiuXLbA4*B)&8i%Y%-gT!NeVtoeQ;*^IRRNA^m)&@V1dCz)}A@
zflqXeeA2!m7IXRda~}N%$o}vK{XmYcd}Ugy2QXztDvY2FnYZ*(-Q_Ai60=wD!@=1w
z&(#htRY>Wf)i()2^gfOklIT^kxp9q8?S;|!v>rv4fkP7+=*#3ulsV2t$)8&Al+NL8
zXSPYqz4H&*QvHO%`@3B>iQCgZ^P4DCczkc*%S1Oeh`(zs*KUo!bW+qQAawj@;j~4y
zSkBUTq~8|eRCv7e@v-xS8DAST!nq=+?ZueWBNV3474oDe7K|N&#gidN2e{g4(W$K6
zMGHL~A%t4&+MGt;D0{ec3Gzh(e^VBAZwi#PMY5d9W+iD?ery#Xi2KP|z4i5iVQ<-}
zyL)j#(UnbtOwia|m3_B_C-h6xF#|4Kw_=?w)jU8q)`wPP+|V{Jesb<Bd%quuiUQh5
zL7!_DY2G=xHh(d(lO7uJJ`d5#|GL`9PR2;yTA~^(G9*W5HujQ$`=mQu?ih18Zn-PC
z=rs~$FRK^4eg+lyOgim}Rtbm-J!kYb^Vz0X6I5Y|AlYempRzmcX83$Dz(;Y%elqX2
zP{P~<>Ta{b^z`QW>%-5KeNl_7>)0$ib6oPwz8CLwzmB<vAJy};;-4d%?j@^c?4TDp
z;3q{Iko}No$)~9@3EX_7j0N9dCTZicNmMd;yef5oGUEn0N4#(G;zCMvA*3k8gaaUV
z=z7x3SU!12ZS0=bmgvn-?X<;rFXgLTh<caF`0Xo6E>mY8zAayzbILxkIotJVgL;dd
zTEVW>2AWIpjrP7UqOGZjy&qYtM=w0nrdyUKM`xfTDIK32lr#~2?ubDr!v!uXNobxe
zt#{~lB;%Vg#fdqpk`HU4>pR{aeDn@E!)6u++UfT{Ui*~9?N@3ZP1h5fjkZ;p%(12q
zl@(a=V^+K_TURV@bX4?qV1ztteF9%;ms7AwEcxVAGLqI9>BY>-Y{P;4qLMAqi-3ZL
zFZN3KlS>+f0xo#``~!sfg=B^A&3pqIc8*!kGB`oyl{Ogf@J3U$J*3ql?VH{{w6KA7
zPy`7iH_BloW?x2ja0R`3@+D~hz$lI(yhMViS1Z<(R^-;MvB+h(>^k)_82Gaw@hE&Q
zjKNMP-xf_sbp?*XtK%&oSGc0mkFQP$T*K1IROC_>`+IV(06YfE8=^A`&kgM}*GK#H
zJ)J@>+ej}qX*iB(dq>ZqWKCx48gIkS`K;DONRCT!yxx3*UJyq#v)IC?^Kd@T{Tx=u
zwTdXEQz@<85%fQ!-k@=f4lPsCFkC)+LiI>DdUFY;`whQ}R<>&Nl#5JM7jkk+YCz45
zKA%oCpi;`I^m+cJuWH^A?~tQ6tz|nS_v6$v+BhCkYUzZ{ZS<UuHiNJ4BWEy5`wqYR
zUbT0%<TCf5%+z7lHw(PVT+l`^O47C|`BDV@++jlW7lhoY(>@@N<0GSfs^s8}rq*mC
zAP4m+)2sP$-Hdp?FAo{Nt3t%o=G!oW!OJ5z?lDzje}gN>56HAcm4P-Nb%)CyZ+*Jw
z(3F-U=Cu3DZi_{01l6<9*;f*pvhh;V*oS#{?UQ$}TH$*_gK#A?8|#nb3L~quK=Y11
zFJ`yOhevIxWjUX2e{ilbp>7=_+S7f{p_4~Lu%;QF9TAdToBQ56F`ucf(^X4|(=@zg
z;^K)^UTd)l_Tt%ur$B6W!OmneyjgJbG3&Q%!`Ym!8T$QXI2?l3OP1bfO%Fj?ZQy(Q
z;On;OGX}*2{HDIiy&|UWS06di>0=4DbLx(0ODc-bW|cp~p==A7edtw%FMy(CcHkD-
ztsUHKpj~#LC4E7N##3B)XgozaeIN4M(ZSKToz~w*8SLhV^qH5iZhzQ1)RHsz%n;ms
z@WIss%Vm}*ANi>@Fo9DX%P(0WBV!d|USHoZ8F=9C)NE|Yfk#Y<*`W7`QcoJ~{eo_>
zVGu8+G4gfmlD!ap=1ux)*9$^|26)%T1*K|aF6%Sf$(C<l5+h%J*SyEHc?u!1V^?%t
zxiCm6dpL)WB_W3qzm^5Pz4dSQvh&l+{Q&V0m5x#MUsUI>zJ3qj+F8REty^y=Gp(WZ
z?EhjZiS^J$A$z&v9lw38{*$Z3PsWH{`^tdt@qg(r9$jSYwKd}SukQT5GN9?wilA3i
z|GO{WmzDJBq8UR0Zi;_1sTJ2a);25hH`n`*hun47%C^@<bqNG_asPW<|9@!z@2=W@
z0N@_%9~S)u5#HUqxl&Y*P3+GD<Pt1b^8hZVKi~HC4e?TQY<^6re>53XB+;#umSZzr
z#t#@;UQU<1L;33N_9Q)rgM)zUHZhVDj7cf%Il#7)n4d=Dz`>#0@Q#^M$fd`dg8c9H
z?Lrfn<j-II@wrodN%Ml~(>Z)kd{##%HYG(~q_y?<C(>lIr*if9XTxD^e7q(T@%B`i
z!t*>3+UMnn9qoM)qQ)f=mCkR+5}<{b&3fxr>^nfz{_c1(dv{l2+}ieJ(b$NXJ8R<>
zDXDUF>eJAHKYhQ%cDD(|`g2w)XnrCu11467P{%!|jGIJyG1=DY`MjliI%_n}Kp-?h
zugoM~P;vusBv38ve9D<iQ+{RwfRn%Y{4s(`{6U&W{K*xvUPr#U&Teo%RnUz_>(Qel
z5#GN?HxzAuvK_$V|D7RA>Sya#z6Ab`QEJ$nCP_g4iiDPy#LwBRf2{gJdfpJ_Tp{x4
z5yzMpwU4}@`#zVD(I0m&CYp95sE_x8HW{yF<Q&MSk657Vp$&vi_Uu2M?Qp!i3Dg#K
zXYEr3R3$wHkmvK(W~AkV@iq<mHZDKWNaNQ@?n3(j@|u63`2Ca{>04ZUTccQ22Yz{+
zIKF)p_b4sjP`IhG_(%i#(V$e8<otBeeWpq8%TMpGli26LRmr*TzIwVuakdMXv#GuF
zy=H%}L!njSi<9v<)?2b4;mK=-di4Z*3y?sR_Eo;XV&<Y~yxGp>%wK`gBS#ZKuY>je
z!^eR2!9*b43Cs+i;MNxpLF{WcnrjDz-32N<M4+A*_=VdslbIPQ?)UB4+~*phc==s-
z$)nras3}FAqU-GD#r*s*Cvt&OP2T+RAHyglNNq<cd0<qYm!nbz4hM!5bT*ayXB;TL
zKy#ln5+1v;&rMF0tXkzx){4&3jum9O2@N2xLc4Ii(>%bu<?s@uZ=207-ZP8{b+tTq
z7<6&tbQN&}Bs$Zqw2D%$LE!4O5yF^yuU%Hq*8DdIWTP!Ox2-nc#CUx!m487f@|gM*
zG}FY_^K60I5!?`m2+X9F8lMGj?A}#6a&n+{DAInW%G~4pv!CBcjRkkF$Pm)hN2{r;
z5=p<eVkZ+7bzl9-fT=>AyP+9dyPj?nv*YJLsWkASd10!ci}JiwI5m`ieBWhd!m3CG
zLMBl$M*RS|lrlVZ6LqzE;lbLLetPA57<d@C98rhj>#fXc6`eWvxdsvA`Vo^IGr{_~
zRlSe_P4VGW!C}#xU+q#=yB(>#IYoXVE8P9tk(lTS_W;i{+VGh<)>wGStlt4Y0}A|c
zBlfqRDnUmKq=@x0GjoUDFx9vdk)e|g$|`9iO4L<VFJ(ISoU*8~9z5WVxB=Qqy+VK)
zin)wshLl`ve)}Uw=?ZKwJtJh%iFa6PshKF3dlZu&7zlk^3jlsbI}F5bG(a&gueuRO
znjq1`E6i2GRl+uEz!js8{UbQ?%hZ8C+Uv^9zvAwnJ)9fhTN}-Wr1CkCzV;reB{)Qg
zUcL_5xRSOQPRq_jgllSlJ3qgCt~8$Furc;kBE)rgIE6<quF$BQYS7%w>qHAEtzVHU
zv+T{2Y+WUBQOU?SwlB=US~rk-!lw37m)l16pcT$wH`5XTGSRY^@x$~xp7_vhiHrL%
zne$M`qUe?39|6Kti@kec8;5o-`o~)N8IMi-^m$mT#f!Ud&9q}pZzWAOyuD#|3+;M=
z4PWI6rZ3fLj%RloAb=b(1icQ-&Sqw24!XH4{1QM*LQXE%R&Jzp%k90B6?6^l@yM|W
zVRjh9J&@0A6h*z3X-NZ??=M=e#+RzMdS~=Cy%~KvS7Q}2=k^1dE=fRLv@Vu##F{^)
zp~?93=0DEvZxVd<-dLW}HCs6Sc2Y-^Cb#@BG`SA;!H<IGCr?rZHOj|lh3DfoPU@^@
z-<Q!djA;Q|Ga16jRQ=E41yoW|Lw$WK^ci_$T?)w>pv3GFcSA0jM4O;#^*0qKX#doU
zIy=k7CegU)(hr+0sr<nB*ZdBPML4xK<4L-}=Dteu6OLj{mGm^>-s$eZrHeN#GR?Jg
z{aP}5_4dnR&o<y2^fqRH#Zzt~#zLvw(WKP!ZxjTR$nbtcb9Q<@hNCG^OJf-SK6FTL
zeel4|v4ZUuv@|O(KPPWp>rUTaJf(f#H`*2lyZNuG`J2d1@U_|66YxZ{wEu}|ex)1H
zxMpbZhS$GKazCT-m8$pQsO!J+)dE_JZLIqV|GPx>+EJdl^>kC<-_Xk*jq`v<?f(~0
z#(a&}h>g5mD1RH(-#u^yx;|;EqM}Que-?L)iu-2sQRI50FJ)-HKYUCkQb^~5?eiO4
zHn?K92pMd}No}i5$G;_Z=Luu)%rEG|#)-{*L|q`|2TF6<{8o#_!zuJF1jSP)0=HBX
zgP=M7{G3?%U`Vv=EKYPvb47guIZq*FPu25l12RGe_vHU>{;jgk*SxHCx?7+W=(rv$
z`)F0Zqy{+T?dD+M7q77Q+AG{JH)g~Bg?dc}@_A7XCv+npEV<X=@n@bmpMJNG#oYJ<
zbK5`pGD({3mlRb^mZ--|LaJo!0%JMEvoAC=zhfv}8_Oh(U4{eW5m}jwtSWA9yo=I<
zIaP-H#}mS}o8NnFxK9(?n0OXF0;V(r?%LptAROv)ABir>9f1YySVI;~vU;w5x(OCN
z-WGS79%Fj)EbOCWGDj7c_h!S^6EXETXLC)ft=SqrfiGo3*$>M2QE!H{qi>I)Z)rVe
zUt`nLQT$_)YnXq~t}vEk{ZzI;@b@-Rd|)}x`H8GDt1w|<L0{VNOvZ>^L`>l$Qr6#S
z=H;`>UiJDSYFBHjB)Qlq@9d+-5B!x!Bkg3eVupuWcWO!D<crVj0b!o5&-VmeI@u&j
z_H?%=c|-LLQZ~M8bPbMlHkBxSN%JR<LpZwATS<Xp(!8b46P7(y(59!~kqdalyP^eA
zE-AltD^nbH7h$o?DucuDIN~1*9V2UCv@v_`NSnoe{-Brf(b}Y7dza~)&rf_LY}&)q
z@{MZ|#gF1D^4@8|<pwtl1yIX<oHH*b9gZcVz^(-i4Li|`FYLi0i3N3gkf0Ue7I*r-
zp1v%Zg?u(Ex_pIZAfnX086RzUln9whRf|77=RsO6-|sHzC3z3oL|P=P?wmunWQ_$<
z1=8m`n?eIwg@ucF?{29C^;L&l{IQ3cb-L$(J)yOr{u_~6v$d@%v7(L5jbqEUPr&eT
zpT4gS--e}IRjz7yzyJ2?!N3lV#$fA}ka<*fy@fJj@6UjDS?mNKD+zm)*`keauw&F7
zBl)=RP!w@`q~w1aoCK8&vu~^z>(l0kKd>k--j#&Ghq|4TH60+*f&@v#Q~pAMx+hTA
zI1<%t;=VGdNZNi4@_^Oau&(qnI^Rhh!)}RMs?GjId6kO|GQw<DleFI?<{djQ`KFl5
z>4a-jJ1{XBwqVuIeHJ9i?WTOUDJ@p<_6!7ar+xzxq;RSmOD}bvuVuJ>pZ{pdPU_m!
zNu{}K@y8eiY`86s9w^&IFxqeb*N$Uix%TuS(dofKKl-W4zL`Ue9>c+NBMnb@EKjml
z&GE%hX%o!`4ORAT)Xni+T-BDlkx9oZp9Q!J^ys6V!*c}rziU7psjYi4E3x`KRFAh_
z&ox|d>G{H;!v;=c6{x~xsyxlG_XQ3Yj=ELsU4{I;Z=njotxV-7s`={-0q+*W`)iOd
zTdD*QR(gIphS_wQGbalER*cQ|gy6TdxUBto4$IcXvF6Nr&jtc-x|a4F)jqd84Ixi-
z;00&{Kd!?rw=;!V$74BAn(&#ObXq7ibO$>0Ab`=w&9_y@?G?`%+Wykpu^2$)U`i~F
z!Zo5E+e^Ps{bx&K_<enPeT9{NMes|G`aZ3QS`0x@DP*7wo^I6x9u2BLeepRiN8v)7
z-xNn@Y|6)JyBePr63#&F;9f+wUrcPu{CqFak|aQ&D7f|VYtgcypxXHJNoJ+AVjB*)
zX@K_F69V4#q5awJp@ob&iXJ)QiRwo&yCiDe<kNT6<G1Zf^li!(k`dQe3Ni{#g=hy-
z_c`wT{JE(m0kma`c`iIvNvd!9$JuhUrhVu$Ihh|c*35<L2F>J>uxZ=of_c&A_kZ;+
zej-|xyt;|+bS*xV=Wg|=FBAf^w?d|MM?bt(F{jYYU{8!F&aFxLG%?4&*RZtFvOF}R
zXG>D5wixjcvh2qY;qW?(&6;bsmrtNvE1z~_$VgFhHp@9yV~0zG0<%SJoW}KZo^NhV
z0Pv-SyWh6#!9zhRe!n5MRd1aWjaYk`+gC5-fM9+zmFP`LXUQ@jJ;CtU>AA>s=@m(s
zI97jw`Rq=5DevmzKRSyT2Te#zh>>vpK4uTJ+mKv(at{irSgUlK+M^2S(L}o%nrH{=
z(WgQz1@bA~*VN+G&m-dwAMF>5M^tj5aE2q|OqE)*;rY2qv8Rp%(NKBW?;ibQ8v+{r
zD*ZR1R`aNL8v5&sUNC_%w7EMbznL7_iX;L+GYq0lDYwAF>Jgq!oE)_D9*npw4{{sI
zaK_Ddoy+I}pR_!#xN1U<bQ$D2#|^J2n89lUuE8rF-zk#=M!4Lh66mVvU%8vdGb`(W
zpy`c~IrF0Zs5j()1ZQycFHDq^Rf6$LgrFgj2&RJ}zUA)sB$q8&7Ua(zt2BU|b?SFP
z!Pf;t)Mn7_d<}~N%HhINt-*BNqn7256z$uiPbPc)Y3bTfXP{tcm8Z;8YQnbcDqY2`
zVS@yXDRByY8`E@_iT4IkSM|r(JS%vUCu`|K?j4!ut7UnkH*OTGAjweb@!3vV<=Wvx
z2C`YEZmhhr8y+IgU;_E6e3KU*KPgsjE_BO8@MgR*Ty1<ih(Qm8mE71Z^Y$aCeg)a!
z9Ol^92r}JUD^EzxnWzDm>`u9wnVMF^C|^@1e^3T!e!JkDH?))ApYKP7ssK}xtH&0C
z42lJ7@t!ysN;P>b!sxzK^u@t*D8b3GZeB=1cjm;<KBILT?pRuM3?)h5(N`axUPM*`
zb&1r{E>?LdBE{%TZ-)G3Ik+46zFG(PMdY82!i(N00Sd&wScD8>qDUSfHL1RTf{QGJ
zQ(!!utW~<=eQV~d8@6zR&fp&p)BG2LNrZ#?7Ct8s^%?K1w(;Xl%-JQ}Da5G^P$ym)
zWHV74idHe!afLQXILSApDW+dKzSe4`h07(ERg}cTu?qD<IJc*`Vm0lXUOqD3!(AIA
z<M0s~@cSmfb33=J#jSb(=Y(TpNRBf#ySZ6HRY#NI3b_R`dp6mp9?T@Cpq+>c*>Dcw
z(cq9sm(AI?`&uAV`qFF^k{11C%1TSOC#s~As0Fk^U!?yfP=K2tk6j<kSa;fVc-Cn%
zJT^L>hxgqR`J9EigB{v!QdWI=FWk`}Ee^_wf9Ge8$0f!ZHo`zvY>gbQ6mj?3oOVs~
zy?lG$v2ZD)uvfIGg6@wj!@zrd?;hW(v&eqmpziGzGv#lE<C3tjAwiAA)PYPf!?liw
zZb5E<FQxdbK{nNFiE-~}Q@?f2Yr<AMX<xN$2@Fewo9vXY<J+;8qm72p&Q5{Qiw)?O
zB-f+)S^hpx80FS~o#ltuOC&+${Fj^fn+O)hyx37Ez9`GQ@o)G`^PK`+ap>@s{l7sj
z(KX1u)!ML0_Gcgb52NV|L_=f2?%R!jK;D0NT*`8y8>By7$+G!(Z$oJCzDvQe_M4&o
ztpopP!Y}9s6TXLpl>J5ee|vi&g&|u7Y>E8mc>f*Q%M5I^ZAJe*2Yb`s`_NzL|NjT}
zcLJ{y|F5rDI|LhX*Wku)pzdcZml2xJXl81zY;GRkNN8wixVE!nGdDbx*Kqpoh~M__
z(1{7I&qc?5)!&;YnBTAGlXMgKSb8#KZH-vKb)DO8zBNWMoqtt*xTOVBpr{TI0Kw=C
zn%xEqt8~qO(;NSUTZ;?I{}aN!M9pdX!l21}wk6{3KPSiU{q=5i{22Lr4=Q8fefW4&
zt*zC^8BX_{);~}2Ds~-k$v^D`No_*ko<j?%$C3|P<oY!)vl1rv8*S@|@^kam7~0sz
z(Q(ujE3N(??@+v?6s%!%cB&K#`v)^(_`Ra><?ju^xc~I`m}Ck3I5xb+4ZIK<vSqhf
zGnIr<k8yBup<5Z{<w|KL;Z*mutd&5sazQ~s6OB?FNrz`8`Z~tOL*r9+^IP8v)f&U~
z4$x6V$~uF9`E$CHzbD!SO>UNi;4=Qskfrq_cB_BL>KH~gY4t7g%S65w$N745qim(m
zS|)CRQTh_`_XDK_j_$GiYV&apRxK4slj~NlMS7+$hOfmH<v;%m035J;=wxCwlObk(
z0cTd*oT*&p{sd_6z$MI*C83om=?u)u-ik>~A1_<<QWsH4$#1<NXlzPG3722m@c{H|
zW`4-g0OO53QT*F;jkF$~@03+li2#PE+dh}QE`eq=w0~q(tQ#6yC!E~(Mg4XdpP{cn
z2X}7k=k`d$&sKoL1^i$5?CC~fMq1HYq)MK9aR~+1lPs~0JbtK!hNu(D7a1@rVNdzJ
z{%3afRSnXN^o-+t%U3V^8@zLaNvzHT57csHNi-5m2IS|euP`V@LGQ_U3Y6klHB`GP
zeaJ;z@Zj5{VJG|ZQq`@O)X2uS4|r@AMn+e9{u*7{v0>WL$g|#emf8gdFDfZ$=w8ra
zZ|wbz=&b;H(JWBg?;(H8jAqBi#n~OeW`wA~&|m>Wzbg*O*B{iD4c#NL;hrvEV`3BI
zWLULFQ&FS1E`MSwOFn}n6q32~><t9Q`zCE*12Uj9qjD8lS^Pq#Ns%R&u*D+!ds^r<
z+8ju%rWh26F|RTcpyBkrd2(P;t>B5fGgX$WIDBf$i>CIa?Lzt+Xm4FzIqaQ&Lt<VY
zUSPIS?=BWQftltm{7aW{(E-Y0H_pek-RP?m)&bhm;<Fk9hF?8?emQMN+(6*YV>^Od
zY7yOk7*ks#3PGvG#l?xli3#o^)mhU?`1<DLuOP)N*Zzmxfa&}5f`iFCxj{<u8Pb{!
z0JTIeGdA}l2;_gqJc2#YF^{p1^k0-2{)5zg01};TR{2Zn>KE}@Chb&uJ{AR(t2S0a
zY+i2+rRMkaEL<%Bp05g>zVZHk@zz7BVxjB5SyF2+8Mbz!I9)9FAPMd02C1v-f6~x>
zcH63ZDD`-`o?#q64cubcTcvLt9UU`~V!~h0TN!Q-Ks&80gT!Yq`8Jvlw!Z%mpJ=rc
zY_iyV;|bpG<_7<GS}osu(VrDiv=ou&V=Pi;C&YX5w&`FgiraApuj$=kwA*KYgJ$KB
z^}zzIVXBEtJ3SZzk$u|0Isx7s(cb|i-`2MMekIzPUJttnx*~iGehfZES{`yRPn)YO
zQ={Vpd$Q>^tna)1QIZ+4_eNs%6l5NT90nes63}72FFC4`Yf2I>ktyYt<ME}(1GhP#
zSx@^4u~(wi+YE)1kXwx07sdR?omcChkAh$Vd;W+Q_oj(F5gic|hkPg`8GLi9(~ABq
z?MKIE@8RlZkVP6gGTSX_r((g;9he=lbiok>KliJQ7|rYm1SpyO)!OX@enR_GZm=Jm
z{~S?#EMwvD&`%lWwmJm2Zsjdfc$^Qn@iNhCPchlgH<1jUy9glb*4>?5U2~U&o5#0B
zr$+06ZCc(0z;D(;EW)Szm}_0Z*0#26$W{;}i8duENj6oWW|hWBt56bd-N!RWWL>JO
zqK*z!gCUO80(T}0OQ-CIhK91@iZzS*`<;!);{mehb8%*2b;iNEr7wR+hHkev#&A_g
zrv`{%$NzbhpTuKbz(4Yc!=R?*=KNnkBY?etCEmffmD0`p&rO~L`_+5#%`(9YW#zM%
z!Fc5_pKX{}V(R%UpM4i6IE~AFY&%yM#_~~0xqn@u&@OpuB2Pmu7q46&lBAfzU24GQ
zQBH4Ya@$4Rdb#XwvwHoLplCp_?FxK{!mf$A)@DA5MMAP5H~s0?4l7~SA6fc@)Iy&b
zgie@hSNMmbzrGUJDYRFjoU2tUo3^sD+J5)yt45RO9?N90T3~|L_UpG4%D}@a=t9{#
zg?<U6tMzhPeRAQOH|YbHp{Vt<Ug^IB3%~E%Tx*gNdHc^zY5<!~z*XB4Z}Cltlec$^
zno9NJg8r;3WiK#@L)AKb%;up!9=YKz0~H0ae6I{26Z;ZzYV*Bsudx4FVlp%tDmR!b
zDfL&a{6%k}cnxG`?f;O5{{;pC*I+Q7H4OASAnLC+M<*T=q50oWc%*-u`J0fvjaK!!
zP}%JCzr*>P_=s+h{OPNk|ETIed>@*08GD5WxmJy1n`pO;-(ddlPv0l#20wm^#QZfG
z?NpdrT907N8wxP1RH43ik;T8_hbjoMPVnA%&(iv@{_agerX9e^?X9Y!i81>-rykd@
zz2aq)*UCNXnZhVfjS`KZvFPzl-AkUV-OJiav2MxZg=voQM1PA-SfZTylUCIKq3*B3
z;_8|$P?+EjK@;5Fg1ZNIcM{y)-3bsRXmEFT_YmA&f_vlM=xLI?@Ba3`zl;Alcjtzu
zp}W^ybIqDnV~na<bg&v<d#e0gPDQrmGUL~a$Mq3<cDiK|8R(r3WJu$zETO?wNQCC&
ziC^CMxEI}rVSJ4|998ySlJE3X#Fcj<RqM(|a)&hF;BnG1J|pF%>g)0cLrFq?(4piy
zxZjh>GJ|cxj?|EN)tx}462D;YpkNeAd6pGG`fEN#VQf+~_O(Y5N?%pL&4$RSl9(2#
zz{JI#jf+fE`)h4&4HYS0Tn#gGdSdb#xX;e8BEZL*nv^ZjrF^mY$6ZY<U4Kn&jd_2G
zH4szRY{#O$Oa!HqBMQ^qH9R_u)U}~u-byV3jp4_1qH!vGd4@J|QC@VVb~lFepVeM@
zwHaF^*BSU%A;0l!R}10XRIE8du~eW1tH}ifMt9<9i}m4j$F=8(HK?_UV!<)>ScYDP
z*I3663-yQOjMJ-l&5T;yO%uSNl-JO;k!b{X{MuWfUdL*@gGi?jwvFlgO6K_3cms{f
zhzJBEFN+wZ7;GP=%;&Vm#5}J|@sk`}xOwZuMoN7GsR4Zuz#Mgm!ix_ji>h0GtC{G|
z)In$dS8B-O1X-gFUM0>F;_JOakrBb44SM&R-=_SU*~zHD(D@)LX(dpE?u@e<EKCzj
zMGmBERb))B{t|V<n==Lz1U*$GX;|bDhZFC_7G^N6H#Upr+7QFfehsJgEQ7U+Pun;d
z5)2r1Kk)^8mXeam$t)OA?f<dkxi5V?5uPl4a5fi6HgtQIbeb=wn;O#^np)##tJn4o
zOIG(&qGAjZDRAn!!|+rI%XJM*zXc~%aM+YC-@4Q4gSzMKv<MY5O)MeJQGUg(3*}1;
z7&o?eBES0)scwF)Qu+{v9%%sm?FT6#EPsOyz4Jx1TC2s0xYM4Y^O!v`g+MtZ)nr=i
z%88y^pS=C!NsF~Frwb@Q<HX;)ngE1Uan*8v+=*)459a7RMSLxh=zTfWBR}mQT$|#$
zVYOpVm^<I0qul<ZYB%x05!uZjyX#KSyqY4F1Gs@KQYlWsVYAnL&OOGCv`)3}iwm2z
zc1LgkZRo@us4^jDDEsg+YcE7GvVhIq=hR)Q$t$>gQuVd4dZjG-lyA&2z_3Uw*8)SU
zk4&G3F+7Lrv)08%^Kb${jiQrCz`5x1i_OeY)GpoDyC-f>sAJQQDu=XXMr6JV(xeHS
zsUuk1*0c>(!UvM1`na-~C8|su#PP|qW>_B~G6`gokCZx&lgcqL-pgdHX6*7du-C!7
z^?Y712Gjw+XFR^G{Ho+tq2D}q`Q4D}E0F(w5|T!rSR#RAlXkDKou|zN5`Up8)99q>
zN`4pJa<G3qlxDUfPtU>oB2{YZZitaK{tv}zY6qP&@bc6}se^vqu;FQf(*&~AMFvc&
zwko>RlGsuDS-s21#U7m==2-dpdDIaVNtM{-y3$Hgh6x_32k_&m<-cm!wX@_W`nUKM
zx;qFmpH&#h*;z;<5`9~~lYLTKesi3DB2BLLot!?iI!NxtTgf^i)!{QaA5iG6&`gay
z?RCtjr6!bFFAK%^9bzFs>(b<AH1@8=&(pQC0%I0zTFa``R$OD8kxt|RMbSz<DFuh^
z&qBv@&a({~+qV_J%4ydM(@@wBr!+Jh*KpXw0K+*axgJWL{V)o{KGtSCM?1|!fMXfl
z2mcyW4!~l7*vp<zxP@YB1H)Qb_<)W>IpYEFd!b%Re-eRX+Mj1a#Sil0*qN5WiLZ`A
zFdOykia~_<NRM7kRI;=~=W|pU-fSB?QX1#?fJJ7DWU?+5wv1l7lcD}wJoWJGG=UzQ
zg<$i8UyUx&;cZVdd*c(uPm~E49iO{BT5L?mDvWXQ;U>x{1?s{FwRA#&Z5>y#(vvE!
zs_8lpHMQP5YAi6a#UpWpn||z_+87p+vv<UOx@GH9+$}8J(Xm$a0#(B9%B%R|@d0H+
z$J`}RP~s_cgBJbkvb)6ncpM+^`MVizV-M?!P1R!Mt1w@hqkx(6dP@CCZ`9KM$RSih
zuTd{6BCO&y5c!cpHqiYVQJaJsI(FYo8lR5A7N7WrU%*wKt4El-OTw7i@qG-BU-o*5
zEo+Rl<pNL5)xn;H+BGrcmrVM)F8gwiV|E{?P;u3`y<YaZ`Dwn~in_fdQLJRX<Bh7N
zPWlqcp+ww$r?6)7y@j1v3pICR{*ETNzU0tmb7$<;w&hT1lf11~ozTwws!}<)V_5L)
zB6<Gict5p$3gBM9?9uiSDDUCh%UX_eSx678;CiITyckL2Z*AFm<l$JS#Wb?7VoXM$
zmjs<RsMw^b4YVb9_TpObHu}4iZy=c{n;~^Xoqh+`3z7AeZ?#v$d&80|Zl0@asU!<e
z>N;hv6)SR<9Z!)tjrbIrbK=sJw}k38O>gT->P1u%%CpDvN|P#;H0tg0our$KcIzE5
zll<f-kM8+yBW?HBp7hkP<{aAUl#SvCk$BWiO4G06ot*P@zH|b=(jkyj2j^N#PsI^>
z&ee_8Hibv9&0ZLnqna9Xch=1w1Qud+Vzq03Qy=Snqqv$cJ2#m47$mK((r_4QnNn-%
z*uw_3@}&|Z9zb8Q6H7B!oWqY|&0oYX+fOq+Ebye=PBX{8Yr|kxuQ>HHN%gi0;de$_
zA>j42`oCh8803$H=H-2Y86P|GhK%Qr=EdeSRgQ)&-HzXSErV$1O=ZQj9B}ZBZ&#Pv
z=1!lK3Dg{80k!q>%wbC8-!j?MZQzFT=cr9S+QGC^68>@))eIHyJSVC&O{)k{&`cy`
z0TLS@@b;Ya8!zJXwu$AXkfz&xSY=KfJr0sScRCm`wpgep7WX5NtKKtMgkSx*6S?Z6
z;e9wL-xfP?@+-91X4&KF>S)hwuLPe=nx5@+HWpOcR7`-kP`1z=IKLqLyw~Q8C)<Y0
zcMYtqGd`f`8=Sf*r<97{Mn5`an7f8!$xur?Qsc$eoXVKxnJIj$pAfe8Q{FT7ree9*
zu}ZsCMBHIFZ#arWfC_GBf7hb5Ea`saR9g~9A8737@CP^bMT7Dwo35i12CtD}0Q=1-
zo4TVk7BRDc^YO}B@oDbUOpUa3A$<-H!O<)1k)|$XR#(d*mc}rZ9CmBYI=dyz{i&N$
z<W0>8IJUU7PIa*@h_`W$T{B81b`SGB_0bD;hiO%wx5D`t$<1May-&yOxX&v2!+129
z6X=0fzd@vlwxJcPK|1gCgc}BK8UKUkVYF1gSWqSBN*b*hja)l1Db|SWWqH0MC!2A#
z7X=<iG2vcS^?eu_KDMDlLL$VJdU-odAiAw|;foB~yVB{ZG1m3LR#nMr@XCzKRL$^=
z$7WkE*_x5K5s0LuCgX9>Js9rcG_v>Svozm|W^>9SFg@8W+uepRe(8)^&M$dr(^{U^
z=0!7lKK-=+4Q2gf#k*b`Ai6)bN$ClI4$1t6(J*jdu34K5io#9O$L90^WS3rnJ%Jh<
zG6lHmwi=l(X8J4MAA#{Z1!Zv~(buLNw#hJF^d~9T=Dpt4Bll1brR2$IZup-8{G25E
z;PHbs64a8#@$Xz`c?%b-9AH>rw=Ooi$>xBTbZd)bHrvKt?bOd+bhJmB?%~T@4?n{j
z52g;JS+~xkIeXk;bq#M_-6!l>l<f)iIpQ!6|8%NrVgtFlHJp<o%)dOthWm}IWCn$_
z8}YyL?*f@$mo9ttI?+E=f)`xfO|KU6R`|~~Kr^k92TL@1u(JCdBLC$9uP;DJV?Xld
zcwIXu&<Xti5T{>XckzQ@{mtS!;{O5sg4Cp-Y~=roZ>{SM-AA1K?cQJrUgJ}(u4$``
zQbVn8iHL1-tLr{$#;DII)%-2il-@X+nV>Di9@-exee>JD_ZE%>x~aZhrR?li+qbiX
zTLCVBT_DhyHoo=sYD{5BYx;EC=F&6090$S+BktqVk)<4Uy~y4-K6i459=5KItMf2z
zQgCf$-$<#M=wdts916Jr2?*-@r$`S6BOBB4=?MZK8+<}TuGV=B&2JntC;gEgMrypD
zyv;8vPbZd6U$XiL8JP$fhmbmnd=Ggl2=Q0FVqO9LZ?19A$L|+q6;Xg++JI?%&7tcu
z%wJw?a!JKa_N3dsRWKh7|5qja_YC&yG!%*;59>?ig}w<%nY=$`K4hU~iI|$6n!SnA
zZ{*G+Q!myI{wePp?&EgJvs7ahr)<4aWygoV>hXme@jw)bo1F|ByFcRLzcUj&K5;_+
zD+c2{V@?J-%EE|J^SRhk?UN8AQ)5Lj4+>*rBW`+@PN>JBq};iuB_%P75KYM&P!F)E
zK@q>$JTe${#DZ^?k!nR#%2U~7d#)2%c)!iTPZmTztPQ$_{_G@6@Y5)tVK1|h?a(60
z+X7biv(AH|zP3aiMVuYRxP<*jGJ91l<2fz+$cQjf_mA~O`SIJ21A4c;T3XE3#H!{B
zkw0a8{75Xslzy>ao3GvTnb_YP&NF{mb`=AKmgDa`rb-6Pd}{~P!y<Cl5x9+%wCB|G
zap^RBW+vj>o<NUU+-9FAhLtg9J!2|zYI612sDW|St}uLTA7<w5V9zuv|FS>6^8YuF
zgAcyC(`G*4NLnOR7($aoHG#19@GYlNTsh%>)@(nbx7g~Frt?WfKa5iU=k(c|l^3sE
zx|U-Y=N!4-Rt1TC)O@l`KDUs>F%401SAxmnS)g)`U*?KynoH%PtnSHyR5zwbJZkPe
zgfN8pOx_2Tc1a|umK4!yQ^viLm0#281gZCs=D!KdH;vAErx$G$WhDc&CsyMMZk1{^
za-91qzB+?lrG^+nGR2P2PA^8b!=<1VzLoes&&$ooIx~xnCM#Uff$m#;&!n2B2k5)0
z*#$@~enV>O2jhr2sFsHVVvP5ggD99cH1n?iL0&SF(v26M2a3X3A74&XFMQG->C+9R
zJ6MX%qjyzWjjgqAdkJUUMb%BiNf`fbe@;=b$#VRjAelc8G79zG`4E+bi@0Np&klFG
z0FKCK)t>#yXbJ@&ypY!s4*negjJA+6p~z8uyu_Q!Wh=$priN;M6aML;vDAF|f*wPM
zE9j^11zE5PvU8qC;l-DFmNJX)G>*WlkJsiZFMoN<!DIDhyd4l;JGXSVMEMVGvDy2e
zQm)7bzw@kJAmvO`8=yJqH4wVTpkAS!yyx*yY?v<Yr2H6l$|u%2rYH2E`8MGmp7#A9
z;mwpp{vAavl>2fx{kGyy<z_bZBDL<7AO#b(TulrlFApZ;8fjpIenSne57VHIBPo#N
z2Z(s=<*6$%9(1w{h7$Iy@Y%zrFZsrT(D#vy;`Sd|0MzmsgjkN4XpA6#%LEgo3Jg_v
zzac&0E2JmoF;%=(<WpTQN_<+H7+M@YNE%O4!l2cNTvTdt+_~X(jQy9Ml!!*kwIt@n
zH_%*{Ozli3U6r`r>AX^!FMD-rwkqjlU30-(*!yP<A|-8lPwEUmXc2Y?y(#y%><Llr
z%PRZbZR+#UXub8G4-8`cG_7IkT$^OIeoB=wNrS8cF8%o-Zwc#mvq#F~B9J7Y$T(B&
zkhrhTp0ETslS4Hu5<cfzzXfK5;K;UhYpXV0lN>SYWy;~o(XpDGN2yOs=U7i(ndd~g
z=YMN>3Q=w6%Wf~$5m;`1-1Uzrv;YbWiv;iS{%}^iaKTT(7c?)EuV|l+N8A-(wLicS
z+@}~ny%B^%&DVc)V~iw94sVY+#v{<WJ4{rgx>RC;>Q_n_)fGHSsPDe(J<Yly*EZ1-
zu7TRbW#ND3u#+Zl&az%<bU|S|n)#A(|M=dR9&^XLH{jZdZ=)sKOnlQ3Fo;raP=h6{
z&@i9WkzCrbRDQU<l$3r<+nB;-CRLf?CEEqp5Gyc02?Q>ID7ZQb0XzMogeez^yW2Ia
zEZOT3#NVM&;q{D%N*e0#lqslavNSdIu&sb;P|l=<+Mup9^}G|ex+BWN`)f)>o7KHR
zJ*#rN3(`!RvMUPD&gEz0Uo}p(T8WY?8I(RiUL<#WNc_dO<x3UnozikIbfqIRaI5){
zTAk-QX7-nJv5gJ8j${7Ec*KtuN2(T+t>m+oYknnc6>=a~lPCG4|3Sx=i!`+Um3ml8
z4h?B;O38O<1d@k6Toru8ooTp9w7~o>P1gm|xXcPiGd(U4TJ)UgGeYT#**wVy(zcoL
z7G#uC-yGiweZ**YJT<D1=J?~cQK_ij@N{y+(_roV4NSOitlKwV;d^Vv=whS*p(%gj
zPiYKE_<?F(OG*+Ab4+Xi62fyH+uCyha^u085KlTld6!ojz8FJl6FNQ9>106D<wZ~K
z>E~@>#_jE{bJQ(h&e!3^eun~2k#<T)SJh?Fg+jO8D}km)x}NGOXGV;zGNH5y5+lL{
zP~En&qHDe~1E*4}NuSZLlRSpUoj_Z89Yq&RR{Tmx;{O*R*&bs+q5ZLBnM{Xi%axH}
z?rBcT2h@6?y=Xg{d~p{Hd)b|>j8|Q#Veni=Gdr#XzCa3HZuxx%VOXWfSri-YPnGYY
z{&q?7n+5?bo=8NfKS0CkEh;$>vXvy_+Og+rVM2a2ruGxrv1WU(j;M|?Ij1^ILrhDx
z^9>D5*V5$!Lq?!y_>|Ig(dWINcmuRyJ+G|9&`~HNQX~~+!jJN_U<2>H2km%j<QCQR
zGFNO}t)xzJYvhU0F^sDb;6T6Sx{$n(`u2Q@9x(AA^hLFd-oKe-v|<G<Ub<X)Wat#x
zMV`L}@MV+bJ`%>AZ_5cYZ@8w7uAJObo^bKK>_7A+H{EXXPDrpP->t=Imziz*IyaP;
zBh6sEuLiRt0*$c!sp@_vF4K+t+nxzwL5nqDa=JD%H@(y)hHhuJO<j7a-J=lH*U{Ls
zyzzS5(!CuhBta$4n6#}sXM{92cHk}MxV)WDZr_MS4m{fptlN&utna=1<MzP(!C&*b
zpMp?-=XLX={dUFZ{Y&VkS2#K-G<PL-4~C>y9QN8TA<~UY%M*X#dk*#sOyi?mn;@Lv
zAD%VuJCY?X<xgWx;-lPT^APOk$M@xy(S?(%=1^%DAW$+)1l;Zw@8oz0tR%@1@>&;>
zSz6Dn#D2^uJ8gA2Ii0zk^s!hZ&%ICbuKCil=KB@L)jTJKbf<mcSY3O(+5FZ->R@h3
ztNt@vtU7xu&*`4?ch@Q&XIU2{tR1;T=|7Cda`YqLKa7T0Csw2NUq+L!MOT~q;@GKl
zPu@9@K($!Y7EeYBT<f^OWSn+J5hybIA?>27YW%~3(Nft`^1h^Aou|MXXE4btaem4{
zJ8om&R4inWv|CRbFCozDFBJJC`<s(Q{kX4U2=)HEA*-YXSG<PrJd_`S8frxjv{Nn!
zJ87r@W4n)Wxb;{H!$mTmGdN20cY)BsFx5TDG8`2ti4_hFK4E0^LxmbM<#BZR+k|+6
z%qVwSD{O%2kcUm2W9*~KL?fwn=aTaG+^<vxDg^36BuGW-YpX@Zw3P;zshwyCsY49R
zKO_Sags~gLc@O^yZ+~wM#3Y)IVVhQ6=!FCS1?2zpVjT-qwc-`gm8<nXpZ`s>K-q)k
zSBkoPnv(VL@7({S{(t{$`~rGU8<Jr5|0Xe3d?24Q+b_YsmY9K`#fV7|!I5PL<G}J=
z>4}_vEK#8jfDg}l4i9)FBFfSLJ0R*T$|8{nRe%%<zgh*)hJp2m1Sd}SHDUB@Yh7u-
zJyC)+QFE-c@?JaPvvDyo)sz_X@a~~E0GIKDV|qi;1^FEe{nPJX{INy-g150DGfIvB
z%bR85pf}6rDOX5dztbfx()H#R(PcOeVc(1(&5;}8m@7?JMB#LoX*+_$??$zOyw1Iy
z?}}i4JdrLf@!ydo#KGkbG_bJy{tT=6U2qlLJ$rQG<|mfeYFJRMr+jZD!u*Ej1<RJV
zwj2#RVo>*VX!j-xR#$R+;aAOHe7`<lBpy^*_Q`4RSSFnNh-JonTFtT~rP6NY-5yKD
zC0O-@O^VVB;_EyP$jdXD2)AWxqIbi-k((V^?@R6OriQ7*TM+xv#}^iO25{Zj+(1C}
zIkqXeYHoKB0o6|S=94B_nWV;lhpb<o5AIDx5gzy!Q9RUeE7rfE+r?MObJK6(hVwL|
zA=7IUnQaC%sImlR+VQX=9y*nw_(#%0@b%W$&VTB!`Q+yG^487GQ@E9brz;p@Z+#&u
zmqZ}{fGLM12(JY;o01{l-OKzsTFuMjI`b`Z=AV@iY#{3rc4#<q@i7BE<Qmd9D1?l}
zUVNT6h?^Nd{Yz76>j<W>dKi8M*oJt)g`J178xC%KVv=B<e<vU<7xE*BOhU|`kwxT1
zGLX1Rk%-Lj$+dFDe~Jw}%b-`v&S1~}OWP$_-R5w%oo>@t!tId+WmcZ|P=KI2$c0)5
zj%|l=>O1Pp(9QV~oyhan_{Qwdw-oEK(@-}RtJV(s<9*$cFj@3+CUx&-D0G93N?PSY
zJ<g~|a6py5lqs9K1Gswcf9b-G`g+yEr`%dn2d&;UxwT<K^wB2x!6VW1Bs~ehM0>f5
zKL2PE&5b#V5@t@2jH7$oNHWFSQFkv+%in%4FE3z^^T#6ZZqYsw1J{-tAB}$7X$0i+
zy)kxKYC8^8R_xi*wva+o9btT>_FK7Q{?9V<I6P<t<#1yR6%6l^KFQenparH3y|DVs
zKQ^3LGOxJ^5%b@iJ4P0&naJxi5)+9Fd<hx%^rpC&5(P6)%;XP$Q|?CNJC~{-VF4|R
z3!RXv5;Cs$K6+`N%APUH!;jNO7YC8Y2QkEA)KYLf+EXOSwY6tZw?Fa#FC8yyuvB*A
zvnYmz?sz!wE}_M^_;vb{HyRC$s=x4aaInifZztdUvI412p)#M@6c6n4vv<-2a--Pi
zmF~$m>?7I;=hf8{dGd}Qx|uGoD@EIFy&l-(%T=*x*6+SFxy!59dw^P^1-w3>j3Jrm
z=h_+ej{ZM;XE6c{VQ{gu6KJ0Nx`PA2;JVc1gL}^L`-zKOmCvX*X-_!zm)_yr!h^5n
zbO=jyxSv3mWwt`gCW?r*sXw<(*!Ebi>(^ua;QcB|&dJrx*{#j8*6rK`jdb~KU4&w3
z#y_(Y`9o3mqxGSKqTV;=kJ<g-SF6mQJ(}#!@M6w>0k%36n$1=199%GPP9ZFBvm4Zw
zjZ*7!FodIm-UR~|zH2O;PqW)+Qb5dXe#{$-zAHRG8xMIh2=I5CwNl1~+AAk<?GWZ)
zKRgMyiiStGHU8$289lNtDRF~vCQVNE0EOYNXZR3q;G6!4z9K9Q#^+Cg$3CWw!q?vh
zPp@YQ@i2GP?J^&*oYcF%F6Nb}^pOZ9rAS{C-L{4yt7>mvS6G4}ddY};9=9x#vHnpr
z|7B)r!2XZZi{XQ<+NwC39Dj^|{e!;>q(rJ_mgpP%7lMk)e1&5BEL547M{^#$r8|^6
zjLYDSwMfV{1K>xmc@z)fVvBsmsum>0TasX|iZ2pCA{M|zT(;ew)VugH9kdH<j(Emt
z40?4$s7{g#v=zH!hYva^fQ@6~6E^qy_bRrk5W`J~+E}&$(?yE;_g9c;M*}iV!h!G;
zh@&Bwn5??mWtf$P$d{~nLIvv)X+|++C%Py}jbFvv$0_R@fYKPuy9tyw1U3qFR*L81
zk5+In97nw!%@9Z}Y#5e<j@tuoK$19qY+QyA0c&A_9mG8GFsjQz0q6DEd3>W2AwB3>
zjA%XOVpgg()N@KdnbOm*nf~$qM<RY~gNucgK*>M$Bv_9%+tvC7<xc$u#-YlY@(Njp
z(@F0KJ$^0hsLfWeSW;c~2eX2eI$K97z3d>3Y3YJSb$Q(n-|KTKE8jY<vb{BkLyJ??
zZdT*;E}3ukAN?`tj}aW{INyC;tKP>2=imWu9@&@^Sngu$5)`#B6aFkLA0&JhD{J>Q
zQ=V2&9)H(7hcvg3z7ibxRk7nE5<2`_4$`l;+hMDFt%NT6M&IJzF$>_EmveC4=EQv3
z;&yP*YuH^@J=-05yB;wIQFxmsyk`i#_o?|3C&-9dHp%}dcyL-p2;0&{$C9G8SMkpD
zAz`^&eNB0v=AnS4IgtNP6f`0Prz11X?AWFJ9Ry*)8TRADA<58UsI8uS(8+#~f4TI-
zG0q;|w^`rXBdyp8MXyj~2($b?sPi3C{s4&wa<uB&!oyh8qF=dH4t9L#l)($7BE5qq
z=(fGorFW~S-(vBry^)r;)5F`Mr7~`dKH5NEOkX$4xn(BDh54Q~9okimm@#y5aq(}=
zAA$*W$?{+m>nfIc_r3X<wF^-RaZU9gb%f|2U?Pw7Pi0MxStk`qs>rM~o4PeRFxv3b
z5XZ?#ly)ic&NK90_AIuBHIft1%bzF18<omtmlN;DEexXmMtds}ztQqqS@p|6=2sYi
z2>Gn(3s!KOjK~5lgN`$JLfB5j+F6$_-x*d3x8dHKR?lR+ZFL7oN+*ent3}_Icng~l
z{)-HAPZ!I5OUsP8H-T9FMCU>U55<=2%e4<oT_Tr2N<gD~JHFT5rAF$FHU;AxPm*ou
z;(icdFKk$}c~*OdX)YJjR;Fm{2MpT<M&54H*r{H-2uyBROOpg};=zmG2m11OIjJXp
zar*f2EjLH*+1&=ZVe%vjL71cYy&QHkpJRk4%Bg@TQbYGcvr;YNt)HBl6|sr6S6G0P
zml-I!wnfo=m884Q{17Yu2j&nhgW?L;vJ0O8CuqGF)4R%JQmfoI#O#K*C~jWpzgh+l
z{<t?g`@C^<xS5S0xGXkkckNV!T4EkS_FgJ$uz}wHhMqy829<k<*-Q$;BL2gm9CGFW
zs|PTTaHA8SAIlSOT1&GNEbx7Uq(LphQpk{3^cE$xFp;%t9;U5Y+Ag^@`fQy%!nc!H
z0|7&7GHfY(i~>4|(@V@Nj<Sy(_#WEHx@p+m&c6s>ZuHO9^UBzhRG>7P-$q#$6?^X-
zsxiq)#dp(JQ%&Gp1!)A<3lXgC0piTHso<-_y_5Qo9+?RBFFNXT)n3f{v}xy;ye&Z+
zobNw2IB3D;^)KUoFSycMBIR9^C+#fKLa{2}(Y2m))lYFWXOQ#xSTw2<-}#4SwkLs8
z)zbUNO?ZfD_uMg0)_u?kMs=LA6Ji9(`P3X-J7^F4IcLsfcSO4={;_7@vJbyv!<e}a
zltShyP=qLz22mZZNGv}5sz&lLh;*9y1v6xXHQw%Z+1;dyzH!vSf*Js@y4(isr*fp7
zI9D4`5N0iMWf_P7L`0~w!e-)!xT5K`xt1?{E~{0_m7@B(hwjPbxk)Cxe?HvQaGUob
zL#CI}&^y7-*946ue=ZSi-<^MIYz{Cb==P@5VY8-M$2}H-lKCR{)*imup>=54oPTOg
zdG97O82*~Jr)xa4XB2@W%l#!$*p9!>TtGBf!0!zA_6NK6FM)mXn~ydZ7BNM)AcTko
zP>-riA9nrp{u|cxr0nZ%DrBC@eJR32{u@r(;i_WN+8;7AGeE(_N|cDYPe(0fbSgKF
zB~N$wCCJ6r33ZvFJhL5I3&{qd9J(H>=a3vjO<J81LUNxjyeH&zPB6Q2HGoD)wU2G5
zu>H%9&(Lg&I<|1*mmervw^F`!AwbrXUN6YeVrg{*R8LgOT*@Qdy-Eo8wnV_^O#UeU
z7JLA1u<4Z8iADobULd(<MZTfch;mZ^Ab)tiln9bfN(B720+VMW^V+i;Q?_+>liE9S
zu09LaBP!9q!6ip<cP(r`{wugO`A(!|!)Z=$ZF}hrm^(NnQW<khZPmv9OxY@JWY8AV
z`@%io&<q_6a5DAor#nFOWuWbX>LH*aVUJmF{M&uRQd-(3n9Q!GKh7huej71`IJmtm
z$Mq?SVP}7N2cq17&!ZFd)r(cuca?138QbmPv^lP67d?!!$jYT-K-XNpwkVD?p=R+5
zU48WFhu`Ex@P;_1w^NC2+IO*by!Nl@e)od{H<~+CChI&ip~v^2j{8;+cT?vb{%|7Y
zXkrXHC(Rt;g9p^G;xNuwB~L<#31LTusuRCO0vL@>7wN`LWTcMxDZ+jgJ}$yoHzp`|
zOJ*qV|Aw%N{U94HUTc4_|8;1_qeEyqL?}7M_>)1BeB=XPVLd&l*6`LroZgwi%}=i(
z0T5Y?rxhooEj;Nc`YV!^+grIb@Tbh`<2aw6wiNE=ei-UdJqWd}DlK|N|D`{E^pF}7
z4Z&E2|M07<IIv^Wqr;GZUHo1bIqq6Gbn7b{=x7px!_nBCY0U2HlT$|A+@&#H+UKD9
zTD8)G4T(SS_!D@t5QvVAWQ{og!{G*gLOSdW1{WMbPdi(_vq@`3o*&bx#u~l-9nC?8
zYJ~F!E0zU`P5sCJP`-cppJqCk?VE&I&o9e=(d8e@{>u)N#Xy6}h>T+XS(ASV<DUgm
zqXcmlwNqjn!oNK7-;4hLF(|^IW_xIpH|UdXGmv<8z8V}?N7DV+Z}ps>7&nuf<^Gv2
z=mUAdeuk@$!4!G<U}M9tQ>Y3S%q0*~sC4vxMWkeu<jb+Du3AYt3<^0)l3#prVBqZG
zS}xt)JbP$QoncI|O`9Bd8U~V<X*ry{J7Km*cHkQsLk}3FDavMwn7yiw44dpvpjTSo
zGT4?999wth3tJZpkY=nYrCK$sPjsR>;Z1)0in+O$HvJyw7BOH>WJyTj)I_0Lh{)~E
zjcCpC>}ZiiJG>!<oe!v8{zEuO{w?7?Zw)OZdj+DgMLd+P0O6O&uwY7*ObrR^r@07=
zPOG<(&Fmt}B9ZL%Sy{fHo5Hkt$SKH%%<P=Up+ImhM9bPjBnl6?WDVi+xlp+70=tKM
zdHv3et%!ccLLb}f(TjL{0Lt)b2;CTX+j}B3yUUif)73E1W{W_jT-qjq<II5;ix&5F
zv5YS>&=6S{Xe?B}H0MuI$<EehD~xoC`@Ya+#=|Fhe(s`vsS=YBpvuE8QXzCVUj{;S
z+Ks%N+}y${Ze(OX1qcb}?n)Ade}iZLD~k2_RVWAd-v+`4j)|)pP*XqDeSiAQ1pJ(r
z*gw~_xf9WQ#&z1msO%Hs%YHPU{)<$fplCXqfb1uEPc^>yM}Aj~*n`#DZBsiV0P!#5
z!5}U?L};EX2xZ%<#;3%g#{B26Za&i1H9G`wbhFxOp}upt_th_X-KYyxsIhTz8z%`o
z3N2z_DpneBa!0(#-&_e6l<H>d4hGjO$gxN+cE=Iw6^oRiQzW!l9NCUEo2A{guOC0w
zXX2=qyF0&Qa<BS6^Cdb08{Aj$8tnVi9ESl~uKjqygo}nJhLdg|%a1LxIgr{=#vkqe
zV!6YpmJNyca)O^WGXyt@l4GAnCNwxi|9LvV84IA0c$(Oc4=sa3wgf!W!@!`{$0(^U
zf^HPH>1h-(ffdp}23~C^MP|W$<KKFS7!F#1<ZO8Q@>Pk?g0FMLN*<_nT*yDYNeXCm
zvAQ)8KZ-LwTfg!C(5*^dL?b7$>R$;Xi;bRQ;WcfEHlnqB_Zy)KO8NyGkt6YgKs(Ve
zDp4fy6P1$1yZA^_76WV!^)KF!D(*bW<GRH@Ggq4MAU?d{0?@K5->X$A0P;;y_3>9f
zK5AX3CK&_j37##E<F0qQd`1pZrb)yJXYyiW9FDJ4VfpOe^Ln=j`N{N*@3r%zd&_%I
zfD{(Ddnz%kVn9*hlNOYwC%*?pjo6pyNO9R@i0v)`%dG_^eC;IY-YCLA#r3i`d;%v(
zx~s?Vl&<(NXe&k%fICS`pGD+L!)YJ-ALUTFdtdk;E-G!ajWB(w!qL^|$MyQ)qH%g~
zh_3F8&nmTscv}bS-CvaR)SeR|v=QF8Z?!pBc`vHXsO<R#kRv3=(=v_>7gmeL(WheD
z__eB^f@yyHs(1hP4#XKrcEY=7m9w*Myf(gz(+bSWS|2`twp~O_jnW#=OuR7vT2lXl
ztTk2ChfY||^e}3>;j&L(cM%3t<MyuoPNa^V3N~08+uzc(qUa+3yx0HLb;oFe{Pq~#
zlnx5W!?nP&{x4P?W-<iWtMHc=7ZLSAd-m{N!KUFThnE|RLJg&ug_%1Mv0kR3(yJ!B
zx+}s4DOB2d<Sf6$_)@=I?qoi}eonGEun5%3`K*u9PY9ILXk>|prK7G>1$1gdgtEVo
z*0^W0SFHuj2Z5npGC`Brtg=wcfo!U7ZLkk+2?;>O8g-&~a>hgg&pxJG+3FMbbHP6Q
zXJ+`c1!2Csv5G4O@8kN+N!$d+D1+o(yYo4P*X>**MUMkWrW4Luxas^f1ic#E*7sps
z;)}gQ5Cyf%W1Z{@CCkoSWh3a^hV5J7{H8F%N?8JMAiQU9*=Lrn$w6w_E%9Su341AW
z<<}ErIZl3wICq;DO{(|%C>71R8%cu#-5Z~t5@E?iV=zTGrhGOZ6wqbkTpyb-DIv>z
z1+Kml)<4E#!v(khyunQBG-$OwcwF5cOoa*0VRFA+(rt3v2ajp4MBD+WV+db7J3p*X
z`7#PJpt!pE9)vP4ZBDkmP=C|%nO|uRQhhVqxh3BFJu9qXIXf{)@_UlJ;el@^9ecx$
z{fr@J<1K4S2uDC0)J4xz>e6^&;)_LiPn%W*j+v}77D!AgWNKtrE7}r01{%ARUzA^0
z&Rxc#mhAz{66B9bg*2dXwm2B|u!Wi1he7w8oD}`)@BF_~bVao?r!XarLw@&@g`{Ca
z#t1mg6tE5z!F_p?Y0zQD&xPg{v4g$C`j_hq%j<>EM{snTW7J8h($a4di1P=q_+|=4
zj;q>x1Eyr{Wp6WhYpit(sk(Y#;NIkyCix5JBjhIUo7>$wVVlHVk){ZPM2GO3l@2f5
zoRg2j=ThW9yn)#_ULH$pjxvPA8vGxTF0y4`vbs)44jDCSvWkRDK|9Se+TyWTru;@R
z<&hj-keapon7IU(jGQdn&sU+WlYBH5vFEB)*_+rd{g<!SN`WLY^G5kZ7C0+l9_<2?
z6?T+aUSohh`<iq^9C}l!-kr@Y09+naivUk<jw@g>zIOnio)ced#frjt)+h=x*&wT$
zY`LRo@>$9d#4&>JxZ}%;nLE!-)K~E%{70+U3)#}PJv+NWm6Qa?uSJX%y-D(4P`ERF
z;%@@c`PBxGx|tU(V0#tv)YMN=K7S6=cBD8C`B23O0Y4hq()^NsE#Od)(Obbd42+&?
z!fW14EuU~wN*~s5!gFt7I0zId=AA40<mG`L5A%<}QCu^6y;3g&eVoo0dgwZ|xb(0)
z<g5>dwECAfXKb%Hg@_NXih_&J+(8qxuzAT{Qy(INl4;E8%#m~uQzl~@syQpz+FbeY
zM%g36xIw#%l2zGBNZ>2=MD*z>!aPK|e_24vZf<v|wN@M*{3P&$=fb>juUfmY?EcH5
zAZ(E)R+J479jhov5%Jfw^+EFU$rD>&GNb;XJZUlR>NYGid*hkQUZ=LaWPtYhCUs4a
znH!x%D4F8ztB?$W_S0qhds~{a1wZvmy)8}4*{N^G2^)JufR=q8w&IlH=z9`Ko~)RO
z;5-TuGJtOCm;y_{=BOY5hbL;E?jIqgsF@e#);^uo+!jOvz@VfsFeqy4d1kQPZ_8In
zqb!c+L9H&w#gQ|p%Dz96#sqRt2|hEqz&UvoBE(S4W}xD~r>}9x9H5Lce=nfor{#0+
zqeztfk-J1nfl~$T8x7$JH5Q({f`qj|TP<q5Z|V(#Tv{7VT@a0?@<+|X7nQIP8wuiw
zk=9})SA{?wG}#syAAU%a&hyCc8gZIe@oPn%F-({Ot*2kBgyD)b#f;`3ymo=qjxcpL
z#N`J8la7&FS`E~EQ659{%bkf!l~%d+ZsivM7aKpo6wkW|E&n<AIx7mk{^)8u{?D%h
z*1~IG<mt9&2SG;W5J51H>tp5?T#vl#55-+@^Hj>5^?)Ed=&O^S+aUH`aCmV~^<!w}
zNEu6}F9u8bF;!TJ20iZN#`t>8Eto`T!K`Q}l6G+cy09r>w82K@d&;GJzV?9)-(}n>
zD>4mY>#U9)>~2n#Q?65um|G_<A1xm1mrT|0QwRxJ9b$#w=V#Y<M0&7eS=vRXaIun1
zTeOH5j3!L9EfGTHG%8qfqEpfj;5nU^@Ci#4NCwJsnk%$=<GW#;!v^oM<apHIq&AK}
zY5{<Gj@5-l9}5KFt3SvSpGc-Lb+R+ckF&YI<i~v9%;%%u3LTn^dx6(7_nO$(m9kML
zDg}ebv=h!^($YH8Z^dSKbd+0>mhw2k*IH2kDgb;Fta_CEHqGf|Pd*62>aim0J>{Wj
zWzMj|4|)ty9y=x}>IMfEW5)SlNDElG^GgGzvktuZFi;1L?stO$f_hEUEc^8O@-JEz
zoi*ha=UO|2U3;A#_wW{R!<(W?B59%rNZI|2aHVJ^q~%-Ui*m0Z1+*~IpoQ@qwC4vc
z%v3rU*U$mSIoo-l6G&0AgYcD5E7F%NTXu9{Z>x}4zGvDbp80WX3=#s!SoyY_%!Lc(
zCvqzYK8$<R?y$2dvB**n=EZ=!8zuPjB1;o<QulFTC&TYayfst8SSD%yT8O|mP6?=T
zBD1E2VwPX+G^vz~<-}NV+)7b^pF89j{InrFepz}xZ;@FeHKm}ntW?U7q8W#tKYGdW
zjxA-VZM)B7@8WnfdhYP%=@hIe3cxEV!SB2NRijY1&`=k))lI~Vg@bVkR+4%-vKZ91
z_0fz^Ul1v<;4KV76iV-n39H-ydSknP8-_9wy{lHgyw;^9U*L>KoS%%`&$&@OL#LE$
zs>f_K7sEES7hLp|bY8j1mbEVW!aNaygQLOHtj}DK#*;LetF#alC;|HqlT5BZ=(Zr!
zR`+TXI}s~H3KR-ObU&YeL+|GdZfPRdE4FyU)P8DYZ+$B6kziZ?RHLhP&YWJqmHQCw
z_iXmd<8fNU>_v?-?W_dc^!9zCYM%3>MrqP1%PT{(BJL8dp|9hl2YEw~w8g}YNP=!T
z1ubPN<IKaxS{#RW9%D}b#Kq0kmCCY)Wf}AY9^M^!IWM~8w$c+8pe_^`R?;+aE~H(p
zFc4Sc6FX-9gcrQ9zo(b?>!RsR@@nk5Ql5_eTi@p{u9>JH`0NV1_r2U=;Z%x?`ah;a
zGxl<w=9UQUr#~S}_aK{F#`{BhnyQ=5-X|Q;rvu!5*q*hHmFJSJKGsS^Ri|W!ZhznZ
zu2OJO7pbPl%0qF&Jir%ZUdjMZhIp!b%~9u>3vu-k#$skQ5I3XpNyV~r?rze9KR1RB
zH|Zy-CL-(cv~aw`!9X8tG-3NzG%wffixo)O>6cG}FE7jx&mKf@$P+&X)!dx+T(+>X
zBqd^N?G#;is;w5CQDqG#1?0nrxk8i+F)Eb#4PZqIzlSQn7@jQ#6DdGJ-(9M+#!NmN
z&e{XcTuhUVt#zIz_W8qbmzA#MF^lFTchosCi7naZG<wxPt6B=MNz!Ia6(z{8uI>b3
z=98ORVysMjOC{(a`QZDT#xwhaQaZ_C$)&FWip^i{)G4^>JEtLJvV@Ip%STQVcq=6+
zeCs|z;>T)ff(Xzaz>K5d*xvs*5IN=#pKyV0`91f9pNWE0S?s=g6_stosNx<K-z@#^
z^1C9bk&KxO8s;-tkL?QjGNSWK7Pjb0xFEetjD+*~8C2X%uW58poNqdl#~G4Pc6wXA
z9=8izz39%T^_ls;l<n}MgxHPyMaz_Nar5%}%p3G}za?xfM``4+C>uU-GR`?OU4$rG
z0U8RdnZu;xDwmm8mnb=1Fw1Z0Jp90>H6Oyu`Jvi)&}1_7f*=2{2B^5@1TBoL|HFyk
z?ubnk?cgbmVSrd^Ir}&m6Rcb@3ZA13vw*YyMwu7N6DTd)mW}ZsK)a#0xf*;K#+SwC
z-8O-7&78LCh$eAKbwi*A^eL*>KfN0cMpp$+w(<t+>?dp662TaUa^PcFRs(Y1)61f=
z9bl3zd2Np8=DcJ6P!ahM71wAFkBOs#!4GAV(aCT_tPb#%s!Vu!cMp}-UJ&ZbA;lS3
z@~Z;b7~OLAph&I5)Q8c{`zP*Qx&vxd3y!m`u%;+y$Qok`q_QV}`C}eezQFr^O$mt(
zKXfaA-I^Pp5CC``Z(HtLzeE^zDo)RTg*Z3Fs9Mj8_-ybFulIHiB29r>uR5p-I_DPn
zhIMqF#pjA?lNIDNnf$MaK(dO5!ZtHV>6nleJi*p3G~|opB_pfMtc9M-4Kpe2w$7f-
zniGE45!A!v9+wDs^IHjQ8jIo8QEtL?KzE^AhMvNRJyFyIm^{5H52^D9k*P`0f0Er#
zEQpbzn9buN71!Bz3Ik90s8`2`$68j7!Eqkg_6(ifZ!jfe(|<o0@gW$g318)3ZL(aS
zV*0a(&C;|607w<5_27%siP6}6h~$5_mEvQh<c0@aDAH9e)hAN}f?}c;C?<-}q9b^S
zT?&E=xVMp8udlAXFh^qnJS*2dY*WaxoFg#yVQxUe<fP?=<E10>b^fZa!TLYF0NA3o
zg_c+7bW5L93fdnfQ)Rb^;YLd(KP8#~w+AGm!P38^$ir_dF5=E_uOYRQmeCAM^CYCs
zor?%(RGcT(G<;to>2!6fpqz014*BVjG=+{N!tW)UrK6BK@g4t1uXE4o84VTxO(?(T
zsP!9-eiuBoW8a~?#Fv3Nk+c5B(uv+CN(<iMi0eb66S=i<WzOt;wvIG=$xzl}N&#>w
zeQ;JG^1EW*Odbo7`U_k_Jb5&9BrL|n4um16A;<DP^@4h}jvD!dJ*{#1)mso=t&!Q`
zO7804+RpcCRMIy0Dobz12{sA*sb~2}l^H$$Tc&$2NfhdvZ!wO&WNaj>!~P0X1u5U$
ze*l1_PNq)M;{f-p>(0E-xz0^>4fO30$qdsd)+M35ShUMb=F_aO;*4F6;$8@=cY!aH
z?V%K&4@%l*_$<c<4;a1}QjVXDaqBbWljoMWxL|Xw3k?);3B6yk2UE<;@5>XYPfPg(
z@+W)s%e`v|E=e_!5XF?|e|0`Vf%5rNyi0DfamdYshy+mmR2W}&eniL!MkVt<8IpLs
z$o;H8G*pJ$_E=&Zu5qb*B~ZqIr@E-jy50F{y(MrOY#Ue6f^&zb4mJMvr%F}izPR_5
zls1wdaioDyvf~%W?)-emW60)a&9LVY(UI8C5OhHBPaTV&$<A1q{mW!ut4@9itZ;)u
zR?WLN)MVoY^ckFav~QMr3W-v(R)s^g6DhE-ROVbX#EYiNN+#rDp}?$B`ZjimVhElp
zZ}Q&jc4+;=`>Sd)V!vT;^l842&;}`pT?iDYVE}E=fA;+@a*rOPXFILL3^!oJ-U3rU
zx$L_To0!9COMxyC{j6^3AeL0A#?k*r{_Gn52+EW)s{7ho{-dq_Bf`G=Z3s9{qfd)E
ztgnmre@bkU!a*LMQPtJn@V|YP^fiz0&8gW6G}(X4a{kJxZpE-wF^@{l*c|^;P4hn^
zFvo(f`(83>*yR5!gK{QgpBx;(0TH%2I<4EHnp{!5yu2glL8;4eFE_8V+up}^P`l-)
zu2UEvfwKpp4wRATN1yduh)%-0r%%s%G4rp#iHLO&GU&HJ4i1iQ+oAWX2s_M=rGHw8
z5uyl-$EH;;4<Y!~LSvhp=E!@wao)X#5|<RP8L)=(_d*zzka5bdSNDJY6O%hN6~i59
zz|gN=0$2Ofgf^=!`S0w(xE^U$S>C21WMMVCRU5osxY6bpv_PlukT%8MKR3IbpVjpD
z=0JDcN87y}|L-s|dhp>0ufq_NuAzuW<A?tEA=>w)mWV9%#|6}XwGt~)KYUl?+_7Ep
ze=-ICX%Ehz40Y+{hQ@y}k^!+-rAjP)G<xX&7|<v1L(rRQd%e~F$1Fh-S0u=~(jvK2
z2^0P%EB;gDp8?rr*;wd*wOQP^poA)}GrIuIf0;@V`X^$|bd>(z3CI6!(SqzGpa92y
zXyv2wUnZgeN-ETF6Gr`)`GXQ{AfLeM)KFSV>*nDR0Mf`^5@P2bT~vpXK|?U14IFHO
zM@1c03eBf+5zA-ru5a&~jZn&ilvs1%z<)lLGY3?=k<`u!NNHJTSJyxg#u7|bqbCjx
zgji{^2RVb*6C`|I*d>GJNL+TmkZV8~Vb(1P2@wOsSjB~&N`bv0e*oMTe@Je>eAh9L
zs|*OIf<%e99y*<-U58*POd7$F=|V<)4ut5qlg1j_%tzp5Z&71t#3`0{=TJPH-@*c?
zo81dPueA7(`Hpm)G{nPgp#Rgo@H|6$w$vwb*xu8LK$vd_Q&N1#muF{w_^BLzmJA%6
zZu<%)9@0q{q1A@`LDhslU=a7${`>oscK1h`hTP?kKZ9J-_RTx-`y8<T*Mr4}Ory&`
zSZv2d#AQWYacqs)U%2C3XtnLk&vW@@IotLggL)H25rr^7{A6XKSj1C8PA=p;Q#J&j
z$8}M4H)0^Zw>wKHQG5}){n3cuJsx<CH=IO|;ArXtp<Lh#hs$m~7e}t0KUe{31ks)?
z(%Nu_*eNe>58gNW3tx}$4kt(lIe2~z5BdE3{D2vGswW8&2&^>~&JKVgVy1!5A^a!;
z>Lk3b_rtr%>A<0&{&ca{6g4vjO!Cf@8nyA>8PIjH<`X)c#MoWTG7e<~0%>bX$sVWq
z!Ii7rocRA~dVa>>SjULktd{UxjxAmGGchJAZWniOb;nomb*FO>K2P3koLLPXXO<9j
zYT~;iHq8#2Ur8g&>(~8+t!yyR%Am^KEP-_=rqBZA><YZe-?+7y-p<A)O~tTByeo!c
zdyXIf6qT|hqncQpkU6CZ@TFOXdYMAInz6M7n(r_I>Te#ISEuZud<wPdP9a4?J0UhU
zHc<VvCR>~>Qpsj5GS%87KeOvx9n31j4zLo>WlMAH&%Us^J+$A-*45Q;@;w=%5Yh;6
zbK|7cnISo1GsMm&;~_i%vx5h8zw?<gSS{7CC9p-R`Ou6E4#Jsf2It4j_E+Y!U-JFO
zY8%0TW3deaIBbI8;-V2)_Fw4JY`=*dOyy4?o(quJ3|%p<qgj+3!6|-ItlIV!5Uf1W
z&32n45hjunLmCHZGJeeYQr#!*4_UV31na45*bI7z{*9~nNT4QBOilwt`+iH5jI7IT
zu8iQj^je6ifsNr56VX#2UVvaJ?B<XRV`Hf3=n$41HX)j8qm!7n<Bn99`x}Kaw!`kh
z7dxLv9!~v}k_rddH%C8D)LN?B^V=V)%(w*$6U>Zt3V2|!nrrB<bb8-1jNG|k;epyL
zsjGH$@SiO<RV(B>5Q*}6K#E5Zggy@V&ZW8AL66ExGO2C}SYMdNKv1&B#>Gyibuf@+
zt2v%e5v~_vc7D09zfdNre=Z~k1NAcs&M}J=TxtU~+V63_#P0c!HZ$2PF8?$q$R>=w
zn+*Zeb32^a4Qej+b&x{-9ZE0)R?uhCRev4M?A)KeLqA?}{BGVAjNVCYqX@?BN3Y=`
zT_$-&n{<Zu@zw7Yo|jRgrcRrVb=~N;X3LMCC_o1D!)tAc(CeY-*EdY&$?hQ^+gXuy
ztFxHC@t&u~<GS#&Iy@k>^fDPsMad08QGfDL0J3zZAtO_DDZ#Eb;Hy<?(vBSj{<Pf)
z2>$T{T$fSX3N<IGTmyO8^$252pI%^xTE7DC>rYpWU<c#ww}5Qd`J}ZG4D>ffde1pO
z8S5h<{@2FfeiM<heNCkh68uYT^uRyLYAAu8^x4c>Pb;7@x^aNuX*<mRmr>YeU$#em
ziGjDVuo8)t@SBB7yUznVDd_z7>wNpS7L0BeWYFw3aM0>A9?>sGi1Ad4I`Pw`;;v@D
za^9!$I>TdmzX&YUx(cXNqM2FcsI`5_{yBIJ;8+KTH;bOoQF(uLmU}gKK|9PW5bf~}
z%Jb$}WO|&1Bz#2qAmy1LTTprfJ*_QkFZ!zo)rgfe$*?9B28J-Poc!IVnO22*3ryH{
z52TYUit>-OL`6EqB-_JD>PGXM`V>ThWntxt<?s!b0x44hfgE;9fp|oU6GQUmGxwR0
zs#+0Gr0~CRt6n0osKFgOfbij)WDx}X9*2eO8t|-eZ&4NCJ#yJqpmAJBQ=!A)f<-Z&
z>+a&fRG}%8jm~;b<$)JFT|D~y?$X!5$S|k07;?eE%|6i~07pecuG+)Q=JlDXWg<sP
z;56A>m~tU88sz{T6lg13d;RG9Y2hOvAt+#fj~Eo9_japAV={+glrtbs^2$5B`*w1=
zFyvyNn{H&?RghL7GPKXpRD{UKbS$kCOyK1ncl+n9abGy5C?BK4V+t>o{(m4%KR6At
zPl|C?AMzJRgMvgQWHg7d2{S)om3m78(jTsUFyXNoAV*VJ-@Z?LX;CtRPH6UhbcY%d
zr~hD{R*)kW!kTid)rcmbx8~+aW<d?g5;4Eq^?G1)vYJOW8Bd4VQFJS0a_u(YbbW5)
zq#P|keASlbzOk-fnc7xS3driw-TP3hh!8huDxkxzcJvy_I;^(op$6eNO;y|;O`}Md
z0p<%izPcGw)mct!)wUafYZa==a(bTNA$kL>KbU_2lrm<UL>_K_DDJGglP0LlEk3=*
z<@hw=_soPCY=j1RnsZRO`lu4+{t}1T-M{rSm!(95*s8g8CqUecT{?~ev+8lZd|4H^
zFy#Zp8!}utUaoq{3{*goO^V1pb3a~ku7>_TRi@X9H8rHKiJh+P;d9BFSfRbSKo#Jv
zO3sAJSLG?VpHOPIKk;_-W|GA$lCb{Vw3vR#vxA?1lNqnSF#nU~i^ito?h#k%8cIoA
z2m00j!`NE~#l0nu+rcft3Be&agy8NF+@0X=65MAXSc1E2a3^?zySoN=cek1OO>%ed
z-u>3TRqx+ZLk;I6=k(K0cPn0WoyjIElBjZ;?i>pDwC40hc3>q3Ok6PpYJ$P{el8-B
zyw*cN!&XT%{fKzCG5WM4d|p7}c<0`Kow<@w7MQ5A`TPh8H@w^G;MwqKki@rtJ<hK+
zc9$lQ6%DZkHac>rnZ^05x1@+3#iPv+J7~A6rm7=*)Lx7k`hY{A?fJXD@z$<i|G4T3
za=ZEICQ`V9Tem6kE%`dn2nNcj1stZMy->|U<U7Z!s(DKN)IXePDbC!JO4_G!1PgxE
z;ijiL+ECh==F^6njT!BpqQtGOSGh*E6EtNv+0q%8#;Xw5W@wiztD#3Oo!7XkG<YXm
zKa4lT9G{rXI9GLo3x7~idDyL?zka6!OR`uOfK1%|gh32H^-Zlhx&3=w0*>6cV^-gk
z+xrXw@;y%~a<zMKs5xe+V)HWy)LUPFTj2KmrAtF-6X#`AcSa^tySLp5na@Kp2kWQ`
z3>c9yAQO1Pnj{g=_nlsg+54H0sF(J?7VtHSHn_ls)%tOjO06%6gfBN-n+4T$motWT
zb=V5K<fUR%2u=LMO`01~f{N8=TkWzR=0{v#I+z@F8tq_S9nIn_4Z9vK6Y$;a!^ku#
zYBH|oPb43I<}k#?Rt>`9i&o;WdbD@i3=Z=N7sUV$c|yQ&rr@3rfz_wS+YvsaHh0-0
zRwWRbCvK->S{}Qs&J2X`_2uBJi5vsJ{gu3QZQ%PW9sWht_Ift-9GX;)o6JuNzS0BK
z6kp!!)!_DP#!U#Q3UPwRv#9e5CnuB==2pU7c;&{G4sL?n(i@ON)wcPK4xWFUPd?>s
z3|wrboyb*Pm{vr3oP~tbvB@;x+8t!qoqt#N@Lq9ob;p$$M1e8?k;(}eJRq%LDmq{9
zgu7T(YY6;{DExcb%5kc7rQe6sjK&L*Fv^mK>T<`L66(UD7}sfPFvW=2k~%E^q;}Z3
zxrCjvU<~9ap$U};MJK}oDq7v%pF}VR-LmGmzQ}0*B%0z{*2_3NQo1+Q)B3`pDDUOQ
z-Rali(nLlgN2G7H%&3iy>8Cq(@;N-bfjXv(RcUqlJ@ML_rA7lvgV*O;xXFhzNzX}-
z?Ho2@gX%!&6*`~3#QXOAo`kQkw4abn_fSd0YUmYqh*pI@l4G0Do4Y~D0Fnv{E{D~(
zCO79r6;T7*YXq4?)a!A<I<v0|k9TiA{(i1?=Ibo{DEJhJgpS=jU)@m|TnszD4X?k*
zEdr_gbGGT6<horYi-`w3ez!?v`1BmqITSFb*qnn9$OOvk>tDUKt~XSA*3cV1GyDcW
zQ=yO6U=L9<%RR%cxF0CL;IB3mK0XurcDk{DtgI8iZ!KK(C*}0lyI91X)<{MAmiZ&>
z;?|>q@N$0w><L~PWhk7U2#gD3WkA9D>263=+{?moo27SOdk*eJg+*jKs9okIu68>b
zNPuA{d5d*+&@CNI4NrT?k?{rgc5<t~W4IefHZR$Z&7*|~pjG#QQK({cwwt-aEvB30
z(s}tLam*y0mhBGYa_2x!5t{K<1ErkmR;A5%C+r+n@#bWqUanS$ZIBvccw28jR01vF
zb^u-8iRVM=&AC<?RmFpKBrnQE<fIGtNv-}+dp=7AchxjucHJEF(XS>i_LoEg$`P%8
zNEj%mxJ99mNz;A_h&-V%`U4Fzt!>S61kV&(2)NZp^lmIOD5jiC=(;X@(JHb^Zz|`O
z_-gWlU*8P<`OS4nHF2g+EKb8*lgFdb%mlM`%ZIC{3eAQHHCsc1YZ`+>SL<`=Z;~c0
z?p>WK-YDWcaZdgGZuq%45x7$-9MtarJHX=Ov<(9#T044PhP2W1@J#ntWe9Kp(cAuu
zb5zTBe2dY8Z$+3+Vr7f*FndH>ZRn<>lEcxF%@auWnu#(4Gb;F36v&B)(y17;mCJJj
zE^+UzuB~vR2;bCa#Hy%Zy7S9Z<(;_kZE&$~Z={Mz514B=`2LtouheWANC?3Ye4bKn
z8IV1ywcK*&4n%q>(ytBbX$`k}loK1uA1~_MYZ}Fbis-^@a+%=S`7RD^rB-%}vDbxZ
ziB4$6p~Vl)URO!lYqEsus5;LjYn$Kw*ka<jQBmkE)^r{ubQnQOq@%qqcVzxgHg};^
z<)JND@w>Wn;t#X;`z6^!%4k@{uY>@b`R5&N?knE$`8v;mjrKSXX*s5JmkGY7&j`zG
z#pSUWc!gYG1qSwJa;0-z?CNoIa*FFcLoL)%kLHF7&i+u%rxHERwi*N5{?`4A=dBBz
z_3k^#&X@qW4>g`M#gN<3PUEC3@Z@IRT-$3=(TR3PN7JhTG)@q8o<zrK``uSiJbhdn
zcN99}w6&>;z~m6{d0Xa<ur*tYurpPiRJ`vaCG#&v%}QL-2X@ovp)<nzrMbJ>%a0Ek
z{~!v#Vnxs)va>VxS+y*9i?W3;yqlq|Q8jctia6Gw?Ye|kh0Zy4QI>(2sfYA+n`-8s
zD3061>G;c^T8~Js2g(ab)P%A)YTd;gTd3YBeTcLiwou50#N>+XHnSC9BwNo!Sr49l
zvGoR_K6UCZ!==@&-3HaooSmK`0-t}1eL9(`D8eKhUCQar7T}eVlthIY5^%K8v#nQR
z6cSwA4_s>h@pJbxa-IK|-mh5Z(sB^GVK0@vYr(gUt7ejlQODBzNgEQ;hQH8-{tIa2
z)10fK4VI9Fp5-IKET)xdT<xCUfk7r@$3N?Bx-_oUSAY{oVpfXLd<MI0A?T#=qfX(}
zi?Ct08#LpS#Q%*&Uf|q&U{+f>fX+NQ0H{7F%VM=|i{Gq8vbCI;JcuXKmK-er{jkoc
z6NRFYoxgestWFMUvH=bF?0csFhy0PFVH+tpzdpuw!2V|x@Gq{@@&*>2xlpI_f8m}K
zkvU2zo0&VpalratUnPeEsCM#mz2B+BfA25<{x8e~f7eg63T?dpAFgNz+HdAV*fA|s
znU$5b?*Ej#h%=S8mc_@bG)K9<9s_r|JqYKz4b2nBizwpb=Ln|Ger7z~lHVF1oMhEt
z6MRrJAL=1$^|=XRE|jl%AQ3Q|uw}W;gP57f{b2Yz{9QMHyPm=g%taYOoW>~KRR~<K
z2ZM5eX9mh;k_w(7kd;^MXwX1*DBnGMTBz1uw>}6uSWKk*@uml(&Ibz%6CdBwBbE8>
zRud~(XOI(F_v9AsI&@CbH<X6++62Qhm!{3v3W*Hr{wYODhI|g**{n<lQ}IfJ*wjWn
zMB)_myaW!*EvZQsA4is|Md7p?%qTLNKVdm6PiO(Wg|d4k%_q}WA1*uhJysF%alw^(
ztqeK`J3A<6k;Gq@l6F21=W5k_7`DE&BX1K&x;;YEZ*~n~2uLJ<xrT*7`k_$n>H4}o
zG!*H0p#?_I<ws|yc&O^E?#~3_2$Cy`2+%p)n~5rn4^qMb)0X3e)7CrOG<91al%DFt
z3IN%xZm7#B7@_O-OZ9Q-JzD55gM{de$oMawSM1~bng4wSp$5AGd14p^2Dm!ydQB;p
z8g)o$b#<a#hBD>x7rZu$4;K$Ve-T=_=4iTTsJnfxap2=bu07Ek$l#lWI*UZivFU=(
z@(ff`VY^DCB|5tIgT9wma<#u%(Uk>|k%rK2Fj;@9kTyF2?(yrz<Mu`T%g()hqkBTW
zeBvARxUBJ_qPFrlnrsiD{e?Cr^)l7o1uAUm1A|B#jmSHLZ5i<MgYiMv10B^}uqxdb
z@9nWyCl`YA0(5jMX$3`)Y(XEy3lx-?AYfA05u9P*Z*auiw04(YGHrAg0HPVJyG*BQ
zxDfljBFDF~_yb>cpn=<*4YdMZyVI40be~L>=>5v>KXI!Itl}>Brs>xDxIVD6>nype
z-gZ8~;^+X$P(*|tTBH3kL&&91AY6Z*>eFw=<hgSrW-lkaKikUq5@7%0c;N@5hL_ox
zeBod|Cnv_~sl)lUOvHn|lfrJ9L$QR{b5G4DXc5eJ<;e8ZUZp&Ow~Iy=sc>;|ao1Ez
zi6M1@7sV?|ihv{r#Z~1kCF=n_cC4euImC)*^$;l0s3|dr;<SX3${dY$!;LPJuKk(R
z+E1G^^yx>R#7_zfoa7KDQ=+099Ry<u#x1Yl=-Kk!d<Vak-&933-WBgXRm?)v8!JvI
zUztNOTu-yzbB|0+M3)V;hj#~Ok!`8e;Fm{p>dDE;iF^rLuhc{Bg>eifqtmWqUKh3A
z$yXK634McuGS9tzeNzQ80|OUwg&VES9-%&WZ`ZQ}OX|00Fzdn5Uz#wQ?~a4XGvI$8
zk;JO>3f}$ml}C=8j~#b_1X_S7a%_GL^G1HUg#^+BX66_LJWEpia6M49Dzwy|<}`oA
z|8(G7%o@!^`!8sPOz{JXtTvJ8LB+mznOMq&>hue(9%R=izu<hYp1OL&DbDAb^MZff
zO;7{|y<SACm%bLaUj5cv&FfiKoE8-QhgNN3kmJt)`g?jh79-P*=R90odzYpFS9RVG
zse98t`nkSdZ?3>TCYPTtBRpN+TpurLm}T?0G3fOH1_IN{?xdnW)4Vzge`-8i4JKF{
z`<y2g{nfSt!_biI-fmgDSd|y^8>!%DN~vgZz_zgMm;g`UZi?AqX&-QLdz>6e(GDuD
z=kfaK8yB{C9$=hLhZ%mD)p>vlj*v!CHITu|PqE3j0FlMYziAbR&-`y%6{q4z?8B?v
z{nV`_Jgm!Nz6n(E_k1~R;Y)pr00ql`bE%5ZjU(p5uTD}o@S3H_7^hNQ9%!%M^jiW9
z4LPPE@TG6pLg@yUo4kg#xiVwC94rL0WqLg)k&{JUlJH=*88*ChKUp=6$PzFXz<sZc
z84~F!mBLvT$;>3AUaSL|y5nRLJ$kAtf}GfAQ=&R%^4E2L&xVH%3Z#ZN^G>3KjxW5M
zQiY6oT^Y}uZ<MY98GyUV)15E~+Nfq>EjqdO1!tB}u0{T$ei=83$-s=K@-MEn=2-un
z(B%8W+3HpZmLY)=ElL}sHNE}WqL5{NEaF19TAAY0_z60{`-v<kOwlZ4)A+*lEC5bS
z8l6r*E!Yet_>ZdjCu`<U9y7GOn1N=kGGG?dHG4E4IZ3*|U!eDk4XXH57Es?mdWIiQ
z7GEUt4P*C)i@R}T6W`o^l9rYYQlNVgugRQjt9ZX3c$c$Q)*6K9wUuNvGtq<`e}YXN
z7VhkQvyWb(%Mln~{GfXcf*6gjf|OfjbH0Dox#$Zbq@Ax?^GBo05%k8j=Pcj^B#0^j
zu0H3HN_J-XJ*}&UNkXOyhBwnr1;qlAx@dX4M90a#;t*5NaU_38sy&x-p}=*%4#JRZ
zg%0P`445dJUq`n|)8Rn-JVbZA^B>}s5-?w^iLlgQX!UKaL*|t;<_A$m;R2N-AojKu
z+olxmPi`X!K9ef^uJ08dZm-O1LEq~cCHsM7Zf4gH0eeIBw$(rg%ui}q6lC*Hangv)
z#1QBohtpw}3uwdVEY%8B1ygT0j_e(zN<}EKbr+n2i({2vJs9+H*57qel2@A`I2i)W
z=B@@G6Qt72D9W&$zfi&XRShV?D5S(__|M%>ZHn)d-c*&(ujb9&=_)~%mV_MjzKMw~
z{)Nb1Fa_7mkcATJR-6f=?9(b{2TV*bZu;n!TdBlb5O)r;F;F6|H7aEj4&@zHvjiF<
zR6KK#z8=qHqVfL^9s^=96h>@~ylL+}Z&uv+8O-^t17bE_mQT%KFep!H>6QBXT;Pv_
z3|qo6xU2UwuP-WN>{#$TdO~&R{x5WP^qS1kYcyTn_CQ+4AJA$T+!c(r@pF&n?I3gp
z0P1KC8z@@1%KxF5n&#wEeMUP*vR3~{bF+Vi$T9i@lR37Xn5gwwqoH`e`-#!*vX?Sx
zFfOVK{<{#Dz436DDZ8N@Xu}L^5*au}piL*C@K7FYyVoyc<3^QpLx!Mo3sD7f&nNVS
zYU^6oj|Louv^Zja5SkJ)C+P9|byU$}y>-Pe1Gd<5wKAFvK@aqhwws2Ox|EyQWaU~(
zHx;Ct<k!GoDf6N2fx;$^>p$E70%%lc-{MJHA4-U?z_fc#WYI(zW~(w?Uz&B_dj>6P
zr*V|{?;ts@R1Wng-FloohD{(dKY9I7p`^=J7?16v{it1MwTep<3Bk==*9f#PE-BNm
zMa&SR*j0!qlA$1Mrs5cm`3RNm)JVG>)<QrK;vjD~8}W<H-kvzLOEMATo5gyl16)uZ
zKE`xY<wdAlHQTn<aNQ2gW!+q0jlSwX%Pxo^y~*bF89ThoKFt66(%W)MHR*jOU%pM>
z&@Awak7y(jOhstX-B&iNowMjO9Hg0)_`>JAS=$eDy*va58Q*^VejAj35j}4wu&@ah
zjfCF!J1$e&MI!NE{<*{CP~|XCA#qy2%#&<EFm62S*tVWlfL~B6QWB?3ym1(kEzgWE
zIcImx63eOpg8cZ)WgjjI<;hz7npH$7U`jk$yQA~;nhe~#4-<#-#hTJ1J-~}s+#J?3
zn6F1u5sJn$@oB2d<}2XXP70w{8M~l6l(5~EZq)<}0qsp)@3vDq;8>NM-3%1~2<}xm
z$$M)PF-S0GJi|5F10NhuHz7mu5sH{_qPkd625`p=TganU_gx3^m|*CNp(HNm4~a{!
ztJ~gKz(8;}&vCa!Xgw*a|JM4m^>f;)PZzvKnckJ>)Kn}@G%QLF?%_-&Q=1&sGMN-3
z(%>C*fHIAkvxPvmRZJp=bI=Dd=l<Ihqt0*C6S)dRUpmhA!Ei_c<?wV1{B0v;bu;a|
z)(P`w232@7ZEN07hI7WYPf$R2w3P`3bUN%m0l!Wo1Q73u%IVy}_5Iqf6m)tE_00S3
zBO}@Giv|wj9{H>0Abp5iD5(W%o`kfz@83TJ{v-4=dPpYz44uLHUS5=W{*Fw*-$Sz9
z5tn5;oB#!jiQg4gwLr$Wv&GJNz^ttxJU%aX&<xOOv4R-?j#cTEEkUE*3L@6snfOr>
zQ;u<~w;0Z9g^T6>Ode9Dp&Vj`XS~=+%YYSNE{$4{nl}GgyU6w8E24sMMe+<$`QTgc
zdo_}~Ghr6Z#1t#cxy;NACuYqPa6AFijj(k;O%w<|bd)`%)(FcX-IbJZrVOLi#}!A%
zFm--W#SxUr=lX)%!{htdf-f}sACFUszx6Hn%wNckv0W@5brggvhqn0b3o(g`vJMwj
zzP8x}XvABnbXbSSKh3P>!+sEHs<_zu+#gLy@APWa%Rw{j(An0xKcUY=J=fq<T;ddE
zi#WQt;lyiw+&`<HJ@mcE4@&yfG|A)5<S6ov8r3bm*IZn=TBNpv{A->^2-~%)2$R4Q
z*l1TdbC7FrvZx~A6gJ$Ih$7lxBU~`jy<-krwwKO7014O+{vGO|o6Y=Z=7}G2>NAv{
zw%b-S0D_UJglNOp3Td={e45LIcfZUwnj{FS+!V!9(&o*E91lVVBXtq4ezq7G6zB5W
zt487qNH4kWpJQD}87Q}BUIb4FAts>vU*W$;j%?Ctk;!$}+uyL1`cCsP|Eo_xf?FjU
z+w-cRlTN*}xfdGj<S+c-B`d5Pys@0Q_}elXd&~=}q(p`{mud!r&$EZs)a?ae=94pK
z;@fhAT6BO;o0$4+fq1{VhR#-A5nzht=4e*V^G+kJW?1$#*HVw|AfIVc+Nw-r#VG9k
z)`7HcK&&-WYJW15B?|<yw=ViUDI<wKMvadE7LIXHZ6IQgUDIMG2>w~acD^&c3gb0;
z-@u~j)-KcA`mBqBPz*ea5?}?#peMi3SWZd7$${BGdW|NSl}{}%=N2?S4XM%dS(F06
zyblfu1C)m?sgv~kdD6!end8^FN>@ErL^}SujSw)9Fhl@1d3fqSdzdWU3QK5QS9U<y
z?Vk-=jWOfk&i#x?p_!;v2-|(~J9<U&DuY;PSBFKX4bEl$w60ICujwnCB2eyw{(fTa
zwQ!`Vsp2iS2(p!4lgd?XV8lA;H@|^7Uihx&$y`8m>fo?XH)!;jvGkc{G=)A>X&;FY
zrO6Ear`0O4-qr&x_=TH47gKuoZ6*+<^Q*uG&9}bw{R`9eoeh)%6><ufj^+&y3ER5O
z=_#|;=P6aB9qLfyZG@&J#>@bY9y9c(z0(yDv6sBBzPWAxPVy&L>0udk&|`Rgo<(&k
zZl%Q--S*vsl0^zGp|PIt3D9aXw|q|F3RYT*HdgP`DDQh^p8mJf-d9GE(OHkWTiQc=
znfL>g+`L?D7*dl0Y4?i1c_I}ut@W<;zW41s`-J%Q+C-%SBbLGz*Xv<^_f4vqKDV`O
zAeShz>#Io{@sJTup^wRnvA3}#T%I}i4k!Gc(h-cZRhGU7J9(Pz^*oR0Ya;C6J{}=R
zAnCGWNN{IalOJ(#cmGS$eCXD*EiZQjGOloFz1z$C`WR87wtjS=X3Wc1|CZLJ!pZU8
zuQ=DR+EeD|jHA8pbX*+UzJ2RUZ@XK0r(!6dwASafzPBE2(+e>^@v6J5>hVh)B<q6m
z0nyAfPN&VicXeHRl#cu9p99&SpJYx7_wt?QssVx<MrWdC`4>(zkA^gFL&Nm>>hN)l
zX%#c#8ktCUw##~@+XnyEQJxu5pn;HnhJFVMry1@*YRptFCd!*4Cp2=@si3)My$?3N
zF%MN7Fbzo@FbKIHf(NVFR_+JY*7GLwoK~FR@{-u076s?3@mm7>@oAJ+?D$YiR0@h@
z<6oCMl8&`H7jNS;$-EzaeQaSRN_{cjcVdKy@y0*u`{UOq{7H@^fPmtoFQISL67C?F
zvUc*o(2q&pG7_OUV<d%FH-%8MkSR==UDCiP9QOiew;@3xT=+&;pg{@I`BIXCqW4&r
zv0d7>0Aj6Vcd-mYT5nqfQJ@@AIJV|LB;6<jIE8F(rdQkH9<Q+q8_MS1WMHd!4Pmy}
zr=Pd1!jq82(yqJgF|Q}_m`9G&PJ8cO_zSgqe{qA(^sXbW%;k1Pt;K&AR3#_h$uvY5
zZmZ)BO?Blbj_vQ^;2qxQ_?boLu_%%5&R6O>#);ed9&F^@g1AaXjz5<x4LF-m6>ar2
zxZ*0Ld0m<)#q;CVwXNBJm{B`0e3qmh?oO95$fC1fkhO86LT71_heh;rfqzp_P4Ag1
zt~OnG1W`y^t3>Oy=u*t2A)5~TG1w;?^W}k1D?TyF%fe|_CTP-ci&m-YUM7A66ib;a
zn6^Dlra)7n{ew-d|IEZSO&TXapU*Am45&?$UiAx-P))-(&KLq_+GWzSb0TwjsQgwp
z1U%YL`%jww{EYTbxjTn1fESKegu#EcGCM~yaW0a6w9#52HM$W)AkypeQE9d<!FIe&
z@31TLRcr&x+l?div|(H8=!9|l(Q<3hyVO<150TdYhNHTQgE@VMg)01o)WRsWfMC%2
z`%@T&MMs~{1&=a;;NAq8eQ5_yU;ZclS(CvGK5S0y-Nju6Tdh11Uy@bQo3@39h`Q%|
z1$D$JGrX==gFG@}E{BzZi1Fe*wYgk(#i(KMy<6}b?#!Pzxbf(_2lai)oI<-h3oZ(#
z3B;X~d}p8ZknDsIuYKE@ZrTOyRfe|$mzMqlt>;kCN@hL~@tAm1aL0QC<8?*D?(94x
zCD!;7n$W@@NoBf~JDVs-pG105FIomEQb<GQbV~h@oK@9jnvuWxPfSA{kgOxEDTJI|
zMD{NR+thys_`c_;&+)1)jHVKV)ao!pQ)FoWv5d-5Z%qe#o*_=t;FRCq7Of!Wd5%BN
zZZwU03Ii&9rRDK5*~3T>>J%ism*a>b>V#KC-o6;1gl@Wk(+2po^}&E)*VDW}seiS9
z`131RXn%*A0x*V_!my1Kc9{)UgcEzvgc1o-9nDR8>Kf<>!R*kwhOgSp%V?O69HSo#
zYrNHGDUO>l-=1*hO@@9(z+Be*r-Qxn2`UFToN8(EM-`5V><ZBzA;0EYGN6qm{^fz*
z-{BZ3T(-AIKcM^%g%oNFBV``&5d04^%Mt(-gmwUc+~|*B{FeszuT}K^E%_zm7X4q2
z{98u<|MSg+VAs0wlA<EoiL6E_b>D3)f(~}&;o0^V@Vb0KGAjND=&Bg1SE~zq?b0+5
zr-(@6RC9nwj$C{Ff)1Xxpq3sfg7;<7P{LPk@4G|#+gFV@B;5a#@Iov0$YA<g9?%q6
zm@Ci9T637eJcoh(eD$`unA^x38+YVFLaPEL`tx-dwo95!xlY}P6VUhZ1>B{<2l$@e
z-d`H4;X@n_BT_8J%l)6O?@^lk_M*NMct3m`c6=wj(}Rc5`7eEsV64J85V6{BP>jc8
z<Lz%PaDf2>17qR47aUab3k(cJCpbIem5IL9Ed%aclI3DGcy$+!dZ(GNDtOn8n{<AB
zF7#;gWqHhO>_ngy{sViD{tbIS{{?${a3;2AI=~<!qxQCmdO6EtY;BaTbN>4mjpwq_
zIYp3)Na2sb1662k-bg6RZ8wIINV^aw2?$;>TaYnNl(C&PmxR`Pu}b6J&C~B~P0^DF
z-f^iiaha;k*@*nQ6DS^)$>PVIMzx9dk4V@|1@^Uu|L+9r;cP`<S2QDs2!;D*k*P5_
z<D=M7Ea~`UsTceHL?si4oiZ6;oju%^FaccpT={1xPM^xVmuIAu3bW84HShI)fbw0s
zt0UedX5H7jqhL*Wj(wTzB#tQb5aZ1l=LGXV-Rp3$$x$G7uMQ>wwm1B{pF}DedvhzA
zQx7JERuau~gC1J0MEh^;b9E9K`ZQxjWbbU$%WPWi-YQ-0jbq5+k4aJdU``MdouTw_
zu!=s5-4zu*n0qG(a<qRQlxz_?=PZssn>75?ejuY()VT`xWS+odv%@W8w-uaqYm4{m
zB=LO=PW^h>T=}eQ8UtW!cQhs=<7FV?wH#hQ_uteT>cGyT@O-pcPp6dX-eJteeB#hV
z9+KM~MS#Rn=eQnBeUi*Y`JSM4)=C?lEwZFo<*#MHJcD=>Xt2`UwLXv75tZ4jiYHnK
zFcXr~QM+1)=A4wWdQ#S2&zq4Rhv<y;D`hR<IkLt_rKff(NwKSr<hY2as>Wq)mrP+^
z-FqG_g7){Vtfs!XmHJ+WyauK!9$8gD>JN*YSCpR~IJjO*lMjB$;Q~+TWOqiafWh%M
zx?8kcCxV9uhJwC!_GH#{Xn60)SMj!J6+fFDFA;K<2H1|x(A*NJv~L%1f>D19goD2Y
z!pad7=b0g;ubCMcJ%;b1jITrr7dc9&O*Tv;F;YYBPFG1zSHk^)=sFG9Do2nnU!JOc
z#to2drlg;ju)KFly{;b8{(cu3!G28gm!SAaj~t)lOF{MFdE(;wnng(Zw`dqKQN3&T
zTQr>7Q8vx^Kh)O5j~TS@_y0|8DOg#tLeL4Q>Lv_|cfOH1U%h4u8ST`Sn59~dd>BWX
zzy;>~;NcgSmw#El(nMh4$1SDR!gSJ@pot+Y_i(*jrrahF;RO*SSCdAiTqQ;nY<9=n
z!zoe>9$vukQm(xP@2gDY8~ZsyZdaOFww6AAy547Xs<??=o5vp=5Dq9!gxjD%?c#P=
zWg8SLZ2Dv5-NR+UrkYf0TBXn2A6W}0mdrwIZq&dg5@8+BXBH^z%LB!9DbZV|D<KNF
z2x>H7d<8?Y?m7a)uSfoDFy|LOdB)(lvkg|oRjZ4FJuM>OH)Te$$WLE8Cj#I$p3H}h
z=1&Ft)Z=L*Lc0*qx~j3xkZUdK!D_Y;Xnsc`)#iEsDJCgru3f#7ROq%LItk!<I)NSs
zJ$aU;)<PRKxRL%=35yEAsaLz*#T(twY=F+zZ^m5Bj3)ZR<_G;d-Ijq*df$l~&KBtJ
zts>VhcZPC*Js}q>SH9!fyo*@%GX$`!rP#)Mc~v>+=UQP2vp%?hHzn>Jz+yZh!$Q!l
z`}&+-yBM=+&pni+*}WjmZ2Ay*QGNgYt^<aG3Tb_t0c|i2mF({gDIht(Un70S*Xv5G
zzEs0VWK9T~KQcAe^ts%o-(vU5p-gi&AO0e&qnn(xeze6@BbC>ub@(KU%Zxrd+2S&@
z)J;J_kHwYy;#jMRW!rfah0O1q^t$_IDqnQ9iTVwv^!qNe<_}*tzhxK*{uDoYJ-WVK
zqE@~C1nJCbeaiJt6fwoA-;6}zRID^?hrvHbI?R)rEK#+&$a`t?poW*?OnGRGd;F^r
zLot(=@>K7q>qoumR;g&xuRhu9+X#X{vl($@(cB+YH5tKT_7u2X*Fkquk+^<9g8BSa
zv}pg1Fg*F1SbyiuYXam~t+3Fco<SxO;b}c(7qim<2Khfv?K4NN8X_<Q66vS3+eEgN
z|JBe~I1CnBWN4i#`lSI604g#g)sbo`J=OJPznh2B8&+6YSs30AaRGfyOq^f3z;YiN
zbU;OO0Mk^4HL}#c)jS;t)OWrwzNyk_ZfR`|))@SYp)S1po1rGp-SdBrS5cRI**2cF
zNky4CZK$2n=@_61AjAmY8w(M6cF5!f!T`WG+yjwkOJVeD;%QbCWocwu&#*-2AT3<l
zpnrklzH7qv-s*R#^LRqYRJIl1<O7F7`AR%yP5ISL%6}X!3{Zb-#xs|SBum{y;)q0K
zCYN;wG#0}sC|_ezYF={+t=@8$<QMGEKWWhEHDRJ|D0~nc2I{8{y}Rwt)<R|?w@xnl
zCP^)9ldx3pKn?J1ySRnIcg4>N_u@|fO;bJorm0uNs2DTQcqT9kW6FOzyCA1G`m%VZ
zQJrQ54XruyGeni5hYQUHwsXlNg{OEZeD}y~Q+n|x%kL2-w+uRlmSr<C7aC^TmYpQt
z#3q%vj}m@D4PNJtWmeF^)J<cF4S?sJ8i_0Mg-U+g_FF2ERhmzc!TA{}cfudBl$Fbb
zsTo^XFZGc{U+G~gUdn^)U}s7+;54f^XTyf;E{kV{2&;6ql#<L3-nc(;9YglWXUf!w
z!tj|9=PUK`kFMxX4(n|xDnOP7MVx@$1G^uZM~1o&3yVUAWMq>wpNQ9z#Jp#Ke}qHk
zQZ?J>Dm_rBm5%b3q{z|3!Bgo=orkBbyIB~{-F$k8-wk1`8>`|iZ;`fxuYiL<%mb&j
z>&l9ACuQAjj!ZWy&m>NZTl3+QD08-n#7i7Q?rv3}Av6?y$l#cxpP(W^`p0pgMIOE!
z73z!I;VuplYLtoIY4M@q%s}^&&WdW53*REe><~$YBb6Hwa<vW1{pDZ*UC85;yLRH`
zmTD@u=aYM$3^j^$Z#V&<Ws*ynNV7_vMuMW4W~7fFc=AA$#$kgTKJjbez-4dp>e5)d
z)qy0&nj5Ow$I?ZT={!$qx6B^@%}OKG$l2xp%}PyzFE{(|oMyVFp{$g$KPnx0(B^^u
zz2HOIUAyKATNa0BZZdPY9QHjubeWM5CfzodS1|;)l*;V>2kh*C!p>ZI5&r=PM@Z_t
zJ)^LoZR70Yyrxh?1G7-)y7AhtUzcT!c}LuP=~(l>CB)E7pdfcYZ7vU2K@H(-84AWW
zfX6uR<+hm|<Ngi~k>xogW}4b9)do~mo=vk%ClDFWq}6xH`;X_N<~_`CJID9dJ10iG
z$Gm#LHQY&sah13!u7Fm~fuT1%n}pr3T%4FvRj9kT6DLl1#blX5{7Ql5>WK4*E5+=q
zmyNdVA9Jw@NcL}Y@kq7V?et})_jSjO+h7i!qiS&`KEdd?PHjHzVGyqI=c!&=LJm+}
zmKtMB9yzM)sE=4!ufL`NLAHS}H2f+TKS~Lrc^n)>q%dq)qnD`mzI{i)={BxK*wox?
zi)R@z&km0GT9H94qQGYT$e$~<8xtef#o@aVS735dlm(t%0{Gm^Xv#((q3<(gh+!*Q
zsVGBl;roT@wq}oR38L*ORHxkgf&E834fBPPyxI*P23q(8yx5z*p6}V~wpRorAFGiY
z&G|829nOZX3jRcapbga}jon=S@V@yuph&a4D_Q|L05Jq+B;-*e?gqFklCPoQk_vc|
zuMY28-~aRI!5juXdZY%?7f6|1`pb%fi*v7PtfmA|8biLZoYoF@eUE6Gco3D9rSH)m
z{`TBSJ-ysy&H@=e+6kuVEZVVmO887--HlEn^cFlIchtz<_F}3H{$D&Z-l6_CQEr;(
z9*;6nsFB9GgKZ*-VhdVprhQ+gS!vfo@@1@zZn+KQ%WP?y{|lwUjfUOZIgLi#$cWmj
z^r*Nu8}<7fz#Jjz(U73ZJ&OqFKTUX>&SPM8A`lEjCw<-Tv+tEGFPS-6LWB}rU#f+F
zmq<3ZSY-K3Km6TQajin5c(SmfYe1Cnqnh1viv-o|G|+odDfm}6^KU+R(^=onwmq7x
zl_4Z)X^A`YIR9Gcwk~>Z#SryX@Dv!VjMrGg7xi?mO0G2gzF0;93Mg;di{AwbR~ob;
zf~jRi^q2DhzX2t**<2nT<@Iu%y7|9E%(s<tp;09|W)&ds2faVovRdd5W(Fj7wwuW~
z5qjT*wU`S`MIlygtWM&F<grUypP0yZ{L{|$41iZf8KlzlW8Gn2_-RVJELt^yr_xbs
z*bc4AD7pF>NfZe!w{j7eVnv+ZTjsLbj6hiM5)&r>?L^N0+ldr(TKbn03E+t<TK_O(
zMJxz-*&-m2%Yo{f|EeA8M9!4rIa*GC;Q9}|ENCK1>xx%a-2DkWU42Dm7OR%WK({cK
z`S8kN$4$Z$rbuABM3XUw`^uD7QOur0AM#v_B1UebT~#U5z_$PDr~JXxdg^9%q`>)9
z+kE~;K4&b>r^^qK!gv-Hped@=e6d=zibwOyR6{>{0qI8j71d=v&xPv5Q56m{TA}#9
z=s;~fB_+kNk-+-f0|MZ#`NyAyerBPsNa^}c+X6#Bw5#w5f{KbjNry8o(QTC64$GKN
zju0fl{I#APysFJxJ6v=!cF!2iCvXfqQ^i?PmV0qQYBbFud!b@LRgqHgj@2(Q#c~~P
zN5m&(@phw&IM<Rj9mw?k3?a}tHL%`tVyGSaPJ;#rx7Fth?`AXCW6o?DaGON?2TW4D
ze~<oDB*b^%ja=|77gj*M>-N#Mef2_aTxP4>800OYh)niDlCTWgB_#Dr!_DDTuAp~p
zbO=t9ycE;Gph7*zze{L;3ts^vR57yBfamS+3tCA*%mn+PV<WsS8|bGG^x`Jpj9VG?
z8OP0A7Gp<%1t`_^t|<57EdQllK07VEVAvqkL9H8AS~y{GQe1j+?Xow?KgYp#CP-p3
zbhr*F!(&GMekIN<%pcBek$3Z})~PwI6ArN>2L{vw3b*<xC+tA$C-h3F-#%*K*K1Jh
z$D`}2w%3KNeX#0^7R=hnhRG?Pb*(sGmke;MzM>V&r*{a?A>UtXZ2S&?*(C=YEXG;^
z-3fhfjUxmO70&^}poRYxk6UUPK3>~{ul&4kFw=CLG2IYowdtVIG>t$Jw`jlYw)H)+
zH|G23&j7Kok9-9xw%K#{dCxilx3Pjz@mSlPekVU~Xa?({eaxR`?^D$++(qX|%m~;H
zrky70(cXu4h$JCwQyVxi7u<j*yP?vtiVt)G{67(-NMq0)XbsH5Ga?)PIQt0gFEaV0
zT8Gl^5rtlo%wx4947j9<$mSqeCF8|j%##rUO%gugF>0YkgExKFfG<uN*9_$i;<)W=
z5-2Rg*r4qYpp|5ntbEk@UmKu_)vi0?ckvQOkAV3Pd%)faU{6bMIMb=4<D<S0*zxOk
z?7#Zx{Kc6%(5U`!$nGwMTFHq;Zlz`SZEHK?<#saT<b%SGu?GN|ReiLa#v@v27i%|r
z*(-aUtKF>=I3?4pFZHv#iMGAzMU6LnjOUcEFi{#kCWgzC+=rhZq;b@d?_?tZ&kIfU
z30{QtM-jVanvD^ZulT*LTBBj<t%*kAdL_PvM8ISEe3mpBta<T5_`S>rQT4_9X@=+|
zmgkEj)Jf*wpi%6H7ik4p&h}~aNX;PLeSC>Od!d$>cpj!dx1;E#_airxZ-QG%=F|N|
zlJXC7SSC6XCldt%wmg8j-+`Z^pU7&<V1$5xfS$bjARn=lf}p*%JAQ@V$dhE@B;Vmi
zt<jj>cQTjI_bc+gQdT#RIvJc?n)jyrQ&$@C`dD>~Js1D*9tTi=AD%wuIxQp8oI6sn
zxSo?+MeWwrA>dkDCF=YHZe3lnx3<7vdTw{x7cR?}f4LTTrEtF8aZ+`f2Pg4Qi0JtX
zIiIZ&@Qc)cX&Bys3sxbJFt9e9ePVIiTp09R!<oI59*O)xI1KTzmXmItWhpIr`cE&H
zzaYlC#BVYfehO2W{f`L!-#@hGB~0kMX>14Nf1FSLh93d=^3a-E{ACzD!T<5G8Od*_
zGqY_y>E96YAKoXlioQea67BRw<$oCEe?G23ha$)63H-Y8;y+}t>n}1mR-ObM%7!+P
zRrMPKVotEP={b>Y3N+ES;GCA(lU{FgkH=@tGyeosSb9yK)T#q3^(vb@8p<@Mr>R#}
zK?kbmkR^VMd%B^bXo$3!932d{jz|n?DMzeD@l+rzOy`#`z;_&?>LOU8A|eu4`6${V
zq6Yc0tk}4sqRI!-uOt!($uZ+Z4*9S2Zd>$D-S3?74+XNvR~m{&u2wAL(=)wxV`YQ<
zF)?AqM39jKmSj7cl_#-Huc@r&cUiCZ=Ma7zgl=Ep(B9Ofwe=nKH29QrlG;zbQ6S`0
z7glDLl!79r^unVi9JVMzR$^1h$eytkpHH{TyrFLoF4)ypjSF1aFhH2)2K5Y^IM}Cr
z4m#PWxOD!JNAt>tzTda**6OEie3-A9#X|*LmGeItza-(n{IS2&^);SWqXG;@xENaR
z97yM8{uY&et}J(|(ajwFC_oY=w4szcyp^d^Ch3-uYq@>7!+5HZVX!!IKS5-urvNRy
zJm38?f3bU1_07YRxu>ts7-9(gxWmriIGPenqBM{lZ1E}_KJjJOI+(e%ee~vNPGT^Q
z8fwEvm(5q2GaNxTC(!sz&I*d<33T2)rUDUnUz*#|iEN562W58c?P%j$-r&ENj6c!8
z5+xeQ5(zMc=WB2bU97k9D#wVfx63`Wn`*-1Yp^X_)NXVp(BX32{m$heA;H`7?zNe{
z?OGw0a79K#J#&=@vEC0h3x(`bz{ufFb9_}nK>-CTJqrExccnWq$nn$m*R3uI)I7D&
zh;d5BeBVlklTd-lpd~k4CLP>tAYXdIc9C)x?j-EPWiFiH9#cA}OS3}-Ec=$Yqpy=7
z<ml=pq2SbuwF&RpEgHqHs&@P7QZ3!QO9HlL&vldseY+|3+iwzZGiw&$bTa6?(iXmL
z^LLLXLR~)vVoO^1eMhc^)dJmVGwRPWyU`2`enJ+HZH9cUB!w(bEGrepkYOmu;s4w~
z9z-x?mau!|_?sKuAw12;w+~H6PFDDj@Xu%u@%8k2AIqMEriqAviwPwT?v@sJybWoK
zw8FxM<_Fcn<NXHtJ&$pTm)?3AdBY*|B(K@L*qR?wvAQ?=GT`Xx=`Ct32f9aGV(&U4
ziMR(y7Ipowad6nTS=EG_DQVQ6qRhTTMoLJRaS<H4?sUjM>1D6pI~52%wOA}QGFt*O
z^e+h_fl1<L50l%j8f{RNlK0`l<nSY@pgXbZfw}a`&-z$e4-5Q-V=Ke>B`e>=m#A+s
zVy;qzOba!sy61`oEN?F^RLB5|$2id-4nAwh^1_~ryWLD%>P6ArGp}v(IPi8y?44fA
zn~F5<{sAq+&S5x%E~RvCO1{Uq`jl8-i@xl7woDSst?^>N%BkcQM(q97YO$jOvl)Q<
zDw)!q#39a~2k`e|vSEKJrE0YKMGO@IdN&J(C)mqv`&3=kbH%)z)qE8)vsoSliNpD_
z=%Z6{ShY-8AmPl3ae9TW^aT^=(TB-MuS5zicfLQ&S9q5Cynziz+#HC_^E}weg;u#s
zw(n(WXj%blzUjBTiTvoYXYAL5Q7WTZEY)($kQT}zQJKMuMMf44bq7orY1!rVxhWe}
zNGSo5JDK`bgv1e8-3Bnt3(kb+n^*g*1>uWi{7!Gb?F((w4zE<_iepaY$MOMhpS^rp
z+z8!ImkXk9+H^QDeuKXb;mTir9!s|*#iErp559h^fXk;Z3z*j0ko=1?e?#p2!u&XX
z5T&$?LT}4>dyiIlyNW_>*?Iq&QV2f%n~bKh9Y(DZKcyQb$LDj;Pf2N0xc&gY$MsqS
zv})_C*R~B8rjmJP7n`1d4)R`!=(C{jj`2sQZt{;tVGM@fRV5;P&FL)0ArZ?%5aqoZ
zhHMS;Op?5d@#mW?vP!<P%L}x`F_NX}R;A8_=puTA)T5`XaY$bl{|QjQmMi4?tco9e
z(}zFYwN-0&fn6-E>7a<VJ6dmt&n&jxmz}`aTzgT%Hl_6`kzxB*=!Hg^dI)!<DR}7`
zEJeoXVeig-Hd&7*n~bVD^edNA>U{86>3evgc?!Xr<Ry{dn&f!)98%s%WDwDid1@<6
z*6|$P$zok+R~0_N<s=c%;&I&hAW|6o<md_{rPDyI6;3T&ey-~2G2#LNwOcJR4{KJh
zyfO_|2|<3XYNyeYp!lQTZ}LA+rN|r#&$Y}JIhVkh(^^1#wR`K9mp%fWQsPkJOz57)
zk9b(Pu;R_{W*4)ocgaj@h;9RZt^*xlX<3;*K2`rf*`yDv0zX(Y-Vtpm-73G{u3wXi
z31&!k{`FqBA)>TMN}IdRdKT8_?xcHpysab2urXJ$f>0AHvQn3w@c0>YXH8s4)-hk%
zYcXIQLWciIQ%Kz09f?)TwA%bg^CvgbOrmN3w;9&#<|HA<^H<(pouGDX7d$B$Ye0;)
zB4t4xJiV7BJqtM|3=9m9*CSa^FRg!KUwo0`WXs-%>*G}gJnqtV)!wk7S1k@FI#f$s
z`GtiW2;L=~FmXKJVe2g+FvP+DSk5x7Zny%uva9Ev67WGJnXM_h`#rUIZ`jUce0i?U
zrc<vPjL8>f-QLK@aa46`@2~mPKyRVXfo1-CIJWd<m)1Ks4U$_+`wtsGYZ(k<-%2FR
z_d~r_r(gqrUfI(+V0`&!$t^=i-|qszso}Sklv&_as+hL}PtUwAeb`zZ#RAcxUhGAA
zh><IBq3Byj)R0i$>$_^5`qI+o=aK69VKHy|x)88XB2BP;pOl(%ngMJY^u{<LiWJV<
z8=n-M<iEQbPfC_37`z-Cloo2euq=cuhpgVS+hh;pzti^5>O{Q{2H(~;L!`Z}ho%jA
z4g|9;w%KhUnrmdU^bgp7zf=TdJ94RiK(0U?!pEU4T*TI92(AfG_dYg5D4Bzmbx`H?
ziVNW38FTeY2JcOwg!Gr8W~)JHYb+<Uc7yWr7k2tt(y!CMnW;D^b@tr%pP<1Z#V4{M
z9PNkhN0g9#Q+v8i5psF`S;lLR!(~i>Sin{Kq}E(bPIA89S5mjZ|Egaob)(-rBeAh+
z{Pun%wKo4A7`2EoD;91+@#V{M3WbOQg|nff<ZIW4N{=(V%7mZi27;{X!2qkZhDdQQ
z`=j|=TKTkyQ~hSui2~&a?<bO%hY)N+&SDI$Lx>?n^#1AET43qPT0lvbjWNtl!Biri
ziT~IJ;%OySAya?j3OVk_(9OM`O0Bg_ylF8G3{@!{f#Y#IbmWwZAAV<8KU4rds?XDR
z(GaT0Sk-j&bs?w8+v{&|(Aq)E$A6dce&XIGL0}Rb(2mYW0$DCxz27{NORidfl_t1|
zyUO8_m`%H6rVh6D&T1Jj8B4l!Os-Ow*qa<~$~efvqLhl%oW@=FcDR?0KX0W2(>_xs
zyCu9CD!sCo%s6ekhBKaRZ#a5v*yb!@&S+3xym&a+PjKCrJ$Y3@SpDG41<nA0s_Db<
z5!)m3%r+cfU((UEu_L}ZoG-AvH(Yv`dOJE$G!I#F0<yV@DgI|ScEA~c4i>J`RG@!f
z)}~vghdeB(J!ee$bbBVH#=RTwTyV@VBFiJyU~p+ql~e%nthZ-*%QkgbGl;5~iUe&J
zVz6sEdRfr$@jyyhP`-#=*zo~@LLuGgG{SlTcpl^Iq~GSvxlo@TKk1f8A8u&zVE)~^
z+oU)AV|g#JQ#x?O$)q<yO<7r{p7Y8r^X+1vL3?FQA9YW>2Cw1|g7gXq)H#+F-9<$w
z;VnO;7ZWX7R<Kx_U;Iucyy(?>!sZOJp#Gs2dYi)TA;i~UFXzIV_x+@i#E6lE*5kqE
zq?sW*^+%%j*3!sT-e8}u){dNf&4})JD*JTyYYlt%Mn^^;_Y<vmmKRW5y3#dta-Lyk
zuj#zPSD#3$h}jxbt<WOo-#mDHf46<Lx3yK#W8sL+F5~!|O7EE7KYLM>xRYGmpZ9HM
zL+DaxV+LB;q#CDH20DKHNpeTq{P^|;_0P-IAG0YN#q5z<x7~rHH&5-U!A7x$Y*b<g
zS9a2ctW*O>>E@s;Y6WDX)jvlf-U*(yqjpc=S&sz8aS5%yj{ODl-Z|tX2<we!>pyrR
z<05~YqOP-EK~*5+Qoow|>3#}LDzc!GC)#)liWj^mU1k7`^_UF5Dav;>55B{RXG#KO
zG23um42RFSGJobUDLjF$Db%x{D~yY08uC`m&X{xgxWc+5G=FCGoML^)ofbNpbgvvX
z;0w+F?fiT=cpld{XJtPrDkz96xM)v(2><}l(?`R6We!$}8n7l?>C%{Kvz|twtCH>o
zP^Z35#CsUaZqEs;m8;21SUKUhnV#NjanZ@5JPG!<2OX2J-i~tbkLwUxjHHGKhGIZH
z1WATUxPGZm+^Gb><q%rvcU`%UfP=$b@>4{>=ev2kp`rWfL&aQrK7rA|_}h{D{Prf+
zCtn-4A2l~KpbhF`&r{waXzr*CqFXsY;q~`<8|Dt#Of~L~bRpVNOIr{5$Dv4?=^HVJ
zuX{4q3qSpu>+6TMrvy$bxMwelJ^C2SYHz-MC7BDaCu1F};eQl$do&Dh)}sIdt2vjr
ztl!Vt**`&T_u2kX-0l*x7Nmw#^>Sq_Xf?Rz`xWnb`y*GkwRgf=NA=@XKbr9KcHHfz
zgTwJ>H^ez@b(H3Fj0`izvfNsdYB}@1W*%1>;&kGGTsQ!Ak2ej(UwsHZW*9sh8tNdW
z<C3Zh%~wJU@K~oI;kYm<`id@bsy)IJNAurXJZl`;884{|b+2Ief6S=nb_LIz-e`yK
z82(xKI`7)IWaHt&?$12X@(?NJSsUX!(r|n@DZX8+gDji1U-uJc<6|d-@kPp&b{_>U
zKl#~xc~;@<1^ReOBHg7I#l189L1@UNQ(h^!`dy92sfM9F^&+{1m0Pj8e@tzgVayt;
zJ{H>ixgyE&sbEX<XKUD9N`!b*?PqZaGmkrB(Fy-M(W?;w=&mxoShM1N2tE(P7@t^N
z$#_(&mK`M;Xkhw<|MxCa6D>kRotihXDEW=)&gf$SmE+n4zr{$JX<`u5NWnDR`yCe(
z`dW+Ib##b`IYRP^@!nWkz$+r4x~)lr{R(!hFsK}m;!L$^R-=8q+#0^CiT?p1EN=8P
zW{){TEAEZHhm>CJ^Rji|uyY4X)YS6L*D)I}8h0dcY?9RmnKdy-iDu+s%EN`!7d|I3
z379=LB5wQ5NZmo48?A3v<B4>|ilS+EV_zxZuYQ)>ZEWzSAJYJuAB#FS{N2XyPV)NZ
zGzp&;qYc?XYd>roH-#Op>6UXI9*IAUs(tN0w@%vw(IJF-N4`ygxa_`^AU*w73NcNl
z{#>_uziXr;IUe0yGe(1dgF&O%5gJbmmE!9+$u;e*?5``#a<kbT+oTpfxP&}qgHtaG
z=B4s3<*fD1qmWo^dOmR!Ybhb{K#y0vgpWVJAfq~a#GfirqE5Nt?F<VR7XlU<_oAME
zJ^0!>JD;;^vK=WO2X=J4I4-0o(gi$d=yPqdhZtlXf<Qa6*N;_$>vpy?ZJMWB&^CuY
zQ_%FEn@vAids#*5o|=+S-mRb?ur9e>r`?PZ{@+o*nQ(x-Y>i*M475)UN3#CO&t0+M
z{)VSTw^pWkbHi*uFx6vjs@)cwosS>XA9^F?N(Z{Pi#XI^(o{9r-5UAD&OpT6jw3rf
zVKp>3nWv&%Z57M8SUKso)Udqb(Ko*0?FG1X)j=<EJX^(m!>Fg>5u_LRQRdCvDOHQy
zFs9QdW^nb=<~BVU!@O~x`>)HvBsKSy9T2Wf=*k8Ty|V6G5*N18>@!`H$EJ;E;%x={
z>6JEJPTP>8?8B0=3w$Y*U5sW|N3b~~Q#Ni{(t~pm(0i+Yv3d->3aJ_DbKn{K%^sey
zZF3v~dqQ5768ji^qFN5bh2c#xfTt?B%Vr!d^*#3M%p%%aB`o+{>ZDIB5}ns%J1j>K
z=?FaokUTUUSK&_jZtt^tf)Xh_E0r9D3i`$%71i(~mmi+Ix7J4PRoNz8Hck?~P(Q0Y
ztoYoSTsK|3;qqkRi;)uodZHh17RYJz_;EU9pGLNg3shv0MHP-_y<2qYuy3YppS)-H
z1~>Ux$~@_g4Vxk)(pA1)x*`TuwSP2uRch7KZ}sf7<PF+8@*WRWd0Je{f_=Ek)rw}h
zxr>1F&&<Iu&wxIf-j@XRXJ4O8pBlxQX=OeCaq4qG2_W7nop%?YxKH9ZGoU0EY<MHl
z97P$<FuqjdwzkWw4<i8^BLY+OUccdkWxf6A{!jbWX1DfFxnk$kj1b;5xnhKiOEbfo
zW&q{K+FCzov|g@VqwR!tviSc>JIjEmwyuvWiYTZk3P=lxlsJGOT}n4d*GM-=HwcI*
zARW@u-8nRpLrQlu)KD|Pz>x33>kaRHzP)@q=nQ+Gea_lz{nmf2t$mhV71NRJ5xnf~
zM|G_X1Ge5eN^|!^ySX~}n@bai#6p>jQG3<wp1x)b&&k#DI?W_rm-{m0cRAMDVk~R$
zx27sr*F74rNPFXFI=SQt8iNMIIeH~lY5e<!h+(Kh(e9<~QIk`MW+M-*H%P!~gX2xK
zKJ)Gi=g&IMB^<sUU45$&Q#BDgA$&Mo1b^8dR=n!GsO2E-Flx$qB8;<R{=n#E*={Mp
z5<gTKh|oDxFGu88X!JL}NqRp<21>a}cioD`d!?6Lq)&^h*-nno{osJfN;~fFu>6nL
zW!@3*o)mH`9b}2~%M18}oc+9LA`=mO26Y<Vx~Kc+%k{TI_UiJZG-$`cn99F5vp?C%
ztNCE6$C5}g2Oi-^fBo*yFb?oE60ZwOG$ih4SpKhnOuP9he6xLP-a!Y4;Mq-(28f*z
zI)hX<-E)jYAiKPQW_-R?;r|_w6YJHTS0YkD0}qO|<2!z&X#$6KB$9N<B@B0)9TOM5
zp4u)MbuO3C2kL+1>E#L2(rortWQH83ZxM-oc@)f&CaSl(%?C6&N>EPUO_ED}<L{X3
zH7#}?=`w$HbEa`F&fh5^sy`G86-ugek*_yXZl!%PjhK#OvkJo86KHF05qo#MFCgn0
ziLiG(C=y@z{)pS;u`R62?*Xk`uISkr&SF%vZy1NQjxd=(m_n%LyZyHlrH^)B38bfI
zF769lJm!EBj8@<z0es8VapxmY*q$mLMg{Z?WF8zG<fT$@M6lyM&o;Ps<Iqci@4@ek
zj|ji_-I*gaS?DI$Kb8-;&$PGJG{VtXTWcJm-}Fx$v$gZ0JFf7KmipzENi2!3jTaV}
z>Cbc-noQKic1%{|<HN+Og3L4vdRHiAlrMm)MQ>D&W>%%+M9oN-sU{rr0Z(%jqyFfA
zj^qS$*jc3!0#$nZMbUl%k#1?8mtWvR6%eyU#|yV>yHa0jDkxZ~<2v^C*U1XorKS%!
zl@EEW8~tLi>OT0xN4-PjWQTLKrO2?ZKSZcaO|*@PHv!O235>RuR2!q+-3W~-Sqntp
zgd;yF4BQ^GjyWaz5PI#O4~w^3`1_DD9oXM^&PC<sq#ys)i&y7s56BDiM?8|(zkCs}
z>{8;WeNkr4swuM-k(^vqDm;<As_(dS&<hWQ+YrE7_(KL9PEHF+lX<+z<?MIXCGUr<
z9-xe1Y*>nlio7~iDk&g!Fxd=YL*L;umH~*<6;0`h=W$=ZW-G5ERd&v6wPLlezF2CJ
z25cuswt+->X3Xo8yQhA9Cn#@xT@-J%`#QEO?~LXbZKG+}=Z^bsOrx@|&R)Mj!pE*~
z!YK~v30-0Uaq6|%+1ZVyE|1gAZa=kZXBG{1>)^1WhEyGl({h&=sc9f}5nCtsYRy@O
zPn-XE2L*3Vt6ooFfEH-H6gzWuC~;nA-M<ZwyCvy|4ZGyUIeQPDHu~!;bi9DE*io%W
z-d^!SWGIGrM?TM3Im`@~TJQF~@l6qp96yDt@Q(1^_7=Hjv)rjrw~v&6LQ9)AXV=fb
zST3M`6{Hi?o)6h8=3m4bdBSK+t>cDoG0+?Jf_8Cfsl;r{Rr<u>V-DPCxk1|{_Xd`J
zYq4t6^X~~a>W+A8oYqrO9kL0Z=xT7$d$5+jxLWi>6mF($OJ8E`aLK?JK)9%1qPU-W
zFpC%#sO3<JHn2V{TlM-#)_CEKI~Si`UD|E?Wn(1r)gd&2OXXbT+BN8%vpc*>Wj6}j
z+rx1XjYM&qNN3~y$4-lb89tFGyMLjn>CxW(kg1W{3nJp~@7@DPEJF>mM=(ToMiN`4
zU8vt#cTs~%mSi+tPNmo8tf2>_1w`4PQLdI~Es1U4$nUW`;e$C|?h>eSr#*z|OL$x0
z68fs|{A>N$i6f^N>%bMtN8In;+ukxh+_#)^`X>5iqjMD=h=`aIYyBvmCoRgufoJu$
zx8{Hj+(7yd7S=q2NKu^?e+qg2m)r7lRY_|!?Lujis-U9<74R{hbfx!5r5r5@4<N}f
z&m1xl;k|B^e#y6tw4#~be4Li1_#Wzg78V&E<dA-)Y=p@=Y5I|Dbk;7d8yyaEa)&yU
z*6BH{RJ+oGXv83-*ve!m7ZVk3Xtiw&e%oC%C7-2oCy!Hftbpi_<N5gs+uaBsr(SQr
zBA{2UTB9pwgZ3%AXd@RM(8I1*DP9LH9Xlk~s`aHgx<GS%mQ>z2m@H7S!+l%hxUP?5
z4TgDmA=#r$N|S*W(&O4XgVG5}M#etW%D`qAkh;f&9y+^ow-6(#zx(qJPi;sH=<u=U
z1d0R`)LnE$$Yi#@R7~lsaFU|&DV3{{5G0%?T9K=vY}Oq>&gh9l=;h09e<2ye;73Fu
zBV_6-p_l0;dMNN(U!9Ygn8IjsjHEG6+z$u;RaWqp4bVZsf;u=MSVSa;Yek0K^h(l{
zPMtFgQ|%;DDl`DUJIy#`dvuR?+a>qa?U@S$B=L`kIqe4TtKJ4%cbg>QG|35*uQbHa
zN}R`YJQz7O&69t=d3stVG65ocm@Wz7;otA7eH?9o|JM!;Y(v#@w>Zn69C|fSsId?u
zC*P$jFjI;Fh@S{5A+e#Tmud*7OD?;FQIU8}-fkKnK4e=2MnCI)_|;@#ERZEWzZHN{
zYfHYrU=&^__QCh2=7*bfm~iodIF^Ig_GWYBKx@iZ%=9)1Mt!kj%|J@o!;xYve87Pz
zc_5l;{<K8ybE_eTx`=+EPD{%HJomAogM{fOS{iIPGK%D3EYfx==d)XRMt`2nNE5lr
zBPML6G|I_j{X3${1Q3<-+iaBO6lbI=BYYzoU50hljVy@dj9_D|;0qAdd~aFyF1Eh7
zS|>h+&cK=@QHiTyvmG{pWp)#23e442i;fz3t}8@6M0}#4ayaQ&YFj%u-!gE><KWk_
zobx;_CHxRwGr+5bvR4xveM3H%Fy6(x6Nu>?#!CYnG$K%YxQ$s$dvV^8%xQ<pFP(j9
zvCG^Q>2f7Y_N-v#$aVsjr-Bf5Iwko+k#-IoHl<L(qC03{zcU$?-;na?0LAlY_=1Mb
zOdhOlcK}C5G3JUR_6a4ngK!JQi|QttYzk3A$lqL?X`bt>^w5z!<(8!svXYJ3imrOd
zw67r<%8^3E%xW_CON+UYTq#D=Ur>n&9F}7uY>=+({T4H==URqxQr*KD7XT^|Avv<a
zxI^nb{hFRa;zLir^5_$zD0tJgKExF1+;QAmF|gM*v|Td40{M`YsS!!;*qgWqWi#}!
z94@{}CGokZ59k%xrqOf1Y9hDu^UPN+OiXnxml5xHFv8$K!1MG&t{=Xh>>YB?uaVVu
zX3vpUrHkePbIG-i#`574*u6>ELg~AcPlLZ%MfOa4)pPd<`;U@P6joXbc(PA87h2<D
zYdIjkw@K^!Xy<WQOpA{$te8wzQ$h;HTFdEo(g4~xE=PX7Tcr?#5t_(d-jM*=8z`~V
zjO!-(V%fMQKLUpqRqOyUSmRD7U)+#GfH;}kS<PgK)F;|J+k}9-g|gL0FaSD97PH4i
z@GP}FfJNOy()`n^y_>@W(A`+pr<w%r3hTU;Cnp11uVqunCKpmP*bz#}4IAS#AeB-L
zr`wqE#O#J$4YGHy8#F!%38@k>aBS3pxXOH_LhS1&4jl?u2<~S{nGDt7$NfNZRhaY{
z06oL+6BCFE<tyGPGR|hh!HV<g5rN>6aGd2w8Uzz0%}4}3NsKg5;EcQtC6E%pQe%x6
z98_G$@bOf)Jwc-l8QPnh%1@#rw<VhFlsq~o`=O(@$&uSOO{-k;Q{x<S-=>m264|W`
zmdg8^d`=TJo8{3|{t_O0Ql#qtG|*Dmrie6J9jos81KN7TlH^Hnd(l%(laAnBnnK?G
zsnMEzZ2_-y3<8fbVUJ1PQEdHBL}Gr%G-!@Etezx{l!rv;YXkbr+d5a0`!1%5zsbmX
zl3%z&v%L;B)Xw>Ly9<Wxbxf7ADvMOB%FKn<twt}xqo!vN3sx@1tX(d@`9dfD0H<&P
zy5t-=wn;L23u+{@FArpL$_aE;S<PATfn&AeI_eKHxycXuoDCf+b=XQ;W-}_g($lDd
zJ%1#hkKtX<4Q&*F>>Fu0slDkL*XS(FIYm&mz1zUrp@%EAVdLAZ6&n_)*TaJiY+$6_
zy5=SM%Jnr2<R0{sQD*jgX3w|V23N0|$Fe)ARq~tV+`v3pw2#iOGa3{LVD5R|!6jj8
zm{ICkqi3M`QUJ14X8yc(N2O5D#(J(n-#?DA*XoGWUPg*^TtW)JE9zS9BnS+dBo5j@
z1Sghvj~0}j$3iYfB}q4*WNI>AGtn~7kzaUacF2v%xRlP}sbxAha0EM^sC`@~hKn6c
z5Z|nvRAeKJ)MHCdgqTUho9n#y8Mav@eAum0&>naJ&%;PB`Cj9AcBtW~jdnS;>tX=Q
zNL0RDS-I=>fmfsumEZ^n(40E_Cy-VFOl`kKHru)wv60IH7t@&MCZA^t)FoycmYjON
zvWxM^*hzTM{|Ik8;7YzGmByat?<AYVn-K|i<VfT(zX8cO7nkC5NwI`Se>z<^&TzI#
zpED@6+DgCKe2$5oia~Etr__taS&d>79h<oyOD!aq2(+~oIRBKVT9kSp^KGug{cjVt
z=ToS;nH=ud>USTt@2S@E52!OWwrp1l4B~O;KiQe60;~5Md!F7;l}(UWXoBpv%fzz|
zFKoW0g@~0McucP;R12x--Njg;leyTv7EpYOGg;*!t-V5sOIqSQmQ>G1SW7<ZVH~75
z9>?b1s*$kzX|4`9nS{$s*siiDcOJY+Y@M8N(BE@bRn(38+R?N=lr_RCRitoz*Q+lf
zrL!w~ZQg6MG{~(UVdJNTf+V{x^;hzVomiUW6FgVExyOH@*jrH5`#?ObIYyzl3hXr%
zEI?1p)z4x*RhrRN8W<_gWFuI=dV*5W_hRIWpX|QhP)OUT!k_2PE>))@r&2|#6?hFX
zk^<TA_P%O%_aYkX=?Cgna58rPN(NSs((JnRGhqD{1y7$`ns$`7tRya5<k#)eJZ(AI
zbL%bbDM02m8x1cl>gV^uqgRB!eBM$yCKi(Xe&MzMVBJ!Cw$6wiO+DU&*L%AC*%o!~
z3UnfOMk8y}#L|l24p0^Qv_RKtx+2?(3=|pcV12Q=6Zu0Ir@pr$W;-&ZE()&3w`~-(
zjf*%P=TEFn)p8_lkrnn)P>yLPIq_}JNI1tt+bq6SKh>?8gTCQcDuj$;+dERdw2%*L
zL&L-w)R}O}xr62zqQVR~ZeXu~-s|vvAFe}!8Z|z=dAJonw9l2i*i!ny<W`~B2utJR
zw_|!L#fv7-^TOjtuWX<642h?B7PEHl$#XqQh~7Uow!f(0CbgV!^X8*yuV<IUOkCu(
zK(ElP)z#tCrXh4QJ&c!PnA(7TY>I~l6I~a)FO^#M@x?&=M>Jw-{_r%G`nL<MK?G-W
zRY1A6hC>gyE@{`wm8kjtylTODpKFp+(DEv;It&i}0iLmTlvzE2mX=I;P|fh%RWpt(
zZ^Xwpoyhuz*QRV>k)(gd4v8+qoSQ+ETog4*e*sZ*!D@c#bAB#b)0xy`F~~**6oKBB
zCMAOaM8~LY5ee%iny%UlB{3EZyYfU{Fa=0Z8EkwTIFQEF;%p9(7ZkkWzIU8U^MwsI
z?Z?0y9u@OQ54KO*dob+d3{hmMeFIMEY$27Hep#Sdk??S_k>y<{v*8^B#+RUVgZR2m
zSe@`^JcjCsmFE_2i9`s}t-bP(doqfPW#RkVjS3!{c;Iw#U3`lTjNXfinC70NPRSDs
zArI^CoY+cLq;Imk7L}yIadX;Vqo?)S!mdpr0`E?>dN-;(Q_tTvHyPWGU15(8o2%p(
zJ5gUxPIE1_?YlJG=={!ShQEP}?K>Dw72)pI(>}FDgmK}ggWo8fl6R}r7pd4T(9KvB
z*EP?`>Uo)|bs8J`Q)!qk+5q;0c?z(fuk=q{e)}fif?25P$IPTKSvZWJx+yFsEe$kh
zT#u4=n#gMoGxlYy;IKx~*{*bb&gfQo+pG$%Ra8R$nfm#Y8oU(*fX|Kh%ccKZpg-R#
zf$Pt3T4x2$qLTjovB#JD{X0p)NP{esWuO1`S?f#SGq+v6ulg@wb@>P+03d0Co*44;
zYyKR{uZu&Hs|w*W)k}537R^4G&E^=!G!RXGM$6d^R)`%818B1@@t<#e$8m4>xl(!S
zBQYPxjURW<k~|1>wQIitjj1?YH|g;3tT?+ikX$;e6*Kw;2$P6*lfi6Cpk6T~aA2U?
zWiPYaVWtlwP4spLaQ0S--61*9x97Ppozc;HRKI+zuP?95-Z$5g+)r}i)%p;8I{7Ok
zV?_WHY8XeH>=3!yaC9aMz5N}-08^T8cs&0uarsvoSQ1_1$V9-NtE}8*;XJqcuH{+)
zQlClln^Ml>R;~H~K>0*ju8#!>0QB~GmP!y=GER4nNOcHsN-IaMb9BowW?5DsjVdo$
z%t{A^?)T-x5~CT{7a~?JN#*5iPoC0H`thUItwQH?jQ#-=|9D*HXK6#BxY64BZUAH&
zj(o^_ICzDZeDqr51%lQ`GFq_Z2CiF>IKXSlaXc`{YCh^htGX9pFu#WWeMdEc+7~A)
zz3|;Q0Hn0+xeo?Lj=Ot$syA$xf9vzpY?Bka4yTE3o0^((-Q2hv)0@l4RfSJN5*Vst
z$-FlNDSXL<{%u43Iie~*!KYHT5F|{YTAuQ>#Ev#KHJC9a`k7|%@xex_g71wZ(;*{=
z!dHGs=e>im;qwpBodq>l9aXpcb~HEk8jtY!Y8-@O2QwlSqa_JCFXcis;f8xfnh2#s
z=IaD^TEnQt5QE*X!x9pLJp1_qgSRHXC$C%w|3fe2k_6{jtWX``O{ceo^?W`$a?aPN
zB_HCC)!nGc^C<4Mj!w2DQbpzc0XF7$!1DMc|4<C2))=Fq+yWMB_dc+hruQZDd682{
zCw@%iaf&qy=niqV{E8&6CMWbK+Ye7S_>6bt-u&vc(gW*hkVpK(dHC1;=7-AQHc5OI
zWK_ymzKa*OdFR(4CgjLVtx!yep|gm^r&eTCo|4WBWIP^l%+WtLx}VIT)EjXAAUEkd
z6VADvJ13_H^cBnm9y9-NExgi8U8o2N=U#ziZKpTAr^<DHMsHxcjvsZYjWH8Q=Qr+4
zY6FxpuZcNC0cFg<MO(AU+zQL7+sZS~859Y5hD&eS+#_!w|GBgbeY19d^p2%Qg?zv{
zaL58eaD6cQP2NXk;WYSY&<!513lC!d5Ynr)>E_U90)0E#bt)lcmOUenEGBC34ZC^Y
z6ZF1%7qs0wdxoWiG9N3<*&^9TrV`aZ27oJXDo9&#8#yFyddDr-DHAdjJn3@o<)J(S
z46ntZ^ah~Umo#LQ1Tk=8s^<87WmFyJ_X2<d?%hHkDnFb&yG_4he**^bRSMj#Pe56>
z=3ZRbT%5Y&AJ6;W(D@!l)z`~A724Q{M;SexQenUJk>+ho=5+)*J>B3*RzJIpbPw;U
z5+mFK9@CGzz?Up6VY_5?A1}3(Nu%^3Z^+0?rc+lIqll=l1>Fyztk3{r#!gb<O+Rnn
zu<$q^hdHsg?ZdbOIUa7($y_+i>s=>3Tzld|WppQ87F6;i+Etcd>*UL5UB(D)LnH>X
zgxi*Tebl+#bGB(W?3o>{Xh2QHVe~aZD?7ANF?6D4wqBJpTtatbMZ5~ou}9PePnt{@
zrzjS?eK-`wj`DKae59O}Ru|l76Yt)CDnXzUZW$4FTIpg4{;xgEy9MN!Bf^=mi?*~>
zWSWBlYptTJ=g!YeB==-yBsLimM6cFzmL7y#Q<qqv1Efbpghd%JV?o974zXC0dAu(4
zHG6R|sTa%E@{Qz~L$S$Kr#_*XGR#ixY@4)!oV8a#;QF}yWEO_TfrHyoHO_CNlLJTM
z`gH2lY@%YQt;$NfObNH_u(26(DqX=Dl2NaKgDURbN2e|Jx?GG`4AIc27kNUSUhW~k
z8UN~t%VC4SmDK|`9+p)1mF}KnGHnlM$tI%Iz>Cm|8ix+~VlQ^h&tw_ExlET>eIfiG
zL8Ce17GmQF&?3-rEWKQQI{hI(wZcqE>{rMbJ)rbRyI(#h5UVO6`9(<`{T1S@^mJkK
zXkjc6e?H-sBl0*COS}w1%VB-4N@y%6CFK{>JK5pM-8`_F%i+-}C5)Ihk&OX?RStXY
zb)j_s8GR=ekcLFgWyvwZx2X@{Zww4T840{vMM=5m%X40u@j24ZdzWTi-;jl*X2f%5
zM>BqQC>~bo=qgdcWh_Un?>AoLzS$h@8MT;7SFf8ejHkBU>+q*ylRKN|8!mW5g3qYb
zN*PyWVLwwTt9sarw5!lLIgJZ+D@hf3p;hw^k;?6vZ6pIn6F=Mx98!<dw}=cD6UoUQ
z#_x(LGb)JI(c!USIS#iq?UxW52=9b7cqVdB(hO-DBhB&mZ{c>lSg0S?^}-&_RBx$(
zm;T1Pey))L7BD+oHhRHE#p_E??@*-Bwd>O{k0|VW=4L4-yo?|zi#~PtP>93Ovl-Mh
zlIY&aVZvI`gT=(8#Q_n~ON&zlCW?_t2Pxt6{TBdkeYDgO^i*|8=`u_1BZ>brOTL%e
z59TatWv<x{&No6shHk{b-s_T9)WRPmj<CuNESH`GVr`&mtH0r_%e4<qCzi;WlKS2*
z_DlRrgeV6h@N+@qmLSO@diH}&we<6iL>`Aud85_BncQ=mG_i#ny<)46O)GQoL~09_
zQhczd+g9^ba)N@lrs#3(TXDm>?o7v?#!1y#dQ5iXPT7@${=2|;fpE~k%HVrC^eeA!
zUEEl=og0_TnZZ*|pe_!Ot?X%|#~s17g;j=!;9kse^@j9#4ti!aQ4TQE&KlwYv-_HS
zco9pkYK58vpnnW?H&!ChNun#)cgsUM0{zW_^BF!cuG@uwDZGSe<{!Z-@X;>B>E?Qw
zQ5ukXcCK`)=Jo*6xa>Qw)3p(F<D*jy)r43_dQ}HNc+sj*WA)Ud;T@&fNPcjp3~}Bj
z>9=10{C16i@nRtnGF+GP91XenG*zq!s{Gy#tC4)7q)b9aja-F#;-d)3y?&01Qsw%0
z0};vHrVfaPyrsZy@xQfqf4-*%euBZaBj!8@E-MwzQ<a{#LAdU>Voc~$JkPLVHD1v%
z`WR%~F7nq3O4aTN6Ny?an5?nhOBj7mbyfURNK3}P%V?$LBkii*_>r@z-jK0cR0jI{
z>Kg1LL2I`KxUSAt{#()G={lPTs?eC$d{YWts)E3}<JyW*22NHqz6N#x^%trC4r&_b
zI;lo@MQ~fIRvU*@%pj{2G+U>D7*Ok%OF6YhYiG+1XtV_n-cg)BN3T+d#SC+$!DVr3
z-Yq!p)k<SO^C}HL@@rWiBJj+A!XsIi5b*@?Pyd|oABmTydSO9TiBawv`w8q_F~!lF
z(_5!UhQbyW`El10*)bF)|7(Ap?)`A6YT&7PtoT1Y=iS>^LH$b96~85R{=BF@x%DaB
z{c!H}y7%wq@#lN!{OLU%lpKS8<j?>94-48fBPSTSTzf$-iTnEue%jfl*Vm;*sw%Am
z$7oS$2Tsb8QfUsKKvTw$tPs1Ep3l4xJ8IPNfm>;^)8JWeA|qh|A|WU;a@Z}r!v5bg
z^yUeC|C$B@o-<ZpV-}Q%i;D{YbOX9@>nWRq4P}RIh;g#eQ3PK;-}-a`)^n{o6TXHq
zCm=b5;c5@}k=1UwN9M7f1m7;GZgfGe2t@@%y#xBwYt=gTQnp}VVn1H2jZ)k9n$tTD
zioLtnDe<2Lc~5(b)4s|x-w?+hIM+mmnB!H4qb1Anm;1lU6f!4uO3c`GJP#Z!&@k1&
zXI!?<ikUnO&p{w5ull;W9cT42s(Ij#|H^G%=7_VXGQ(nC=_%qVu2KJw_=52!r&2g%
z;a5EXcW8zE-(Io`Ya*8&0gva!HCow3*2sbW{xMT>$BbSP3ggdF1MYE}RT0vz2R!tt
zvTk8|{Z?%WKu-X&F5M@|3>Ldl%IInhr>TAh0l69Qwr@yCNYo38+HgI6{riKtcZ@u_
z$8=e&tw9buq&m_9(A(&9$^X6pUn%E-D6sNvPt>EHi$y7z&ZU&T*fv&@fWN*q!1@ox
z{Dlvu4MLC2s5jC7;J!e%o;LYT5IGPc+2=eiuGsw%Mtx*}${Me53#sYrf`1y*5!nmP
z>=fDaTKYTPS7W8rm}J2e=l^!C>8j+_UZAR_(sIrlXkS8|Tm)*D^Q5>>LIq6A<E%h~
zO>9S}{+<K!dV8>!D*d$USry3IYt!rm1uKi7s51QM1!&EIborHBm7Lqwijg6tTmgpy
z$7){^0fD}Eqn8j3>OEny*x_^S;q&p&5ANeTXpLMTP9hdWV4Mg(^#<Fh$<?A$G*Wl`
z2jxxELGeT$w{u?puiSTdoVFD^BH9~$NqJ>W$?YOULmvBO-tIX$m2$5*B5_D;WKg0D
z;Q)KdkjZ^LB@b4p{U5RdSte+u$)&KoWxSemEw3Y5u?6fQ(yJaE7}x=%*yuWyf2G)>
zQs^P$?X*wcQqnV-ueq)(W-u?M(bLIDa%Pe1&iu$!#@U>y!nG4P!O--a`N&;imTi7&
zsMN@w=9}2`Uhw+$>+{R&UiX0fQ#9;}daL!Uv~d6SjM6P?v_;<5AlJj4x`U^-ZzzmC
zxaG8M#rO-GqEMEG1E|Xzs5>ms(7$ISD+Xjp-_8Hfb+2E(2nBh0D&?u*|I(*#^1KuL
z?6#>E$-QDXIlT-7ew!0sS2}=xI5N3Q-h&wxmmYcgH1eqWr)C}EQ7la)O`TCAj9A=o
z%?QAcB5|6TtjONB6qk`{!Py`D=v!c#a|QY)!<Ob?0n-0J?wfQ|4$TB8nc}+}|L1TT
zsc(P=JGH_Ds%VHFdEJ4Ys&ct~>lVi@km@pMlWOKx{9r77b}w<Vs$)O4j2Xx(0Xgy4
zkcDIPN*lXv9!&79vTxoz8+}o8dfmG?E@Se$<lO0~3D!=i^ch21^VkQ8h=F=@)ly=A
zz2T{yxAGS;KeB~9l)J?F3pN0%D1;SP=CM0Zd7F%15%cBV2X{c6yIeeHL@V&(%&kUM
z&N(b_4=9ybn1V4zIq$6*ipiGVwiDikBzycr)%}SbK5D%73LuMR(7mR{Pyuq>t*;9j
zl-y%Mytl`BQrwE(1-K{ryfd?I!a4iVU`YZy_=bP<yPDgU`3tC5lkze-xNevD;DKRZ
zS-W)QUj+_74fDJw?YxqN5%VT?yl7!Api?o`v3&xR*6McV^;{#!1M39n)ES`%Z=*?u
zi~QH^Gp!OQmjih238l+VWlpb0H~i+EV@9qD0Ny$A=CNg_=M;D17MPZ?s`A4dtyjG2
zQA<tRV+ldaLmLK|u|r+#=J{cbe3Z!(D0Z&RstIVn^aVpSW0COj`YMykz)?o$9k{}%
zQvhL^TA)+7IX`1(0$UpgU3PlKA`anmI?Px(Qf^zdM37>7@xgJ!*~viU3eW%8pT{q&
zfjT109pJ$!Z!gT!xH{KGb(Dca>@vC>*e;v_5pktuSfE2)>D^$Dy*s%t@4Q&)0mL=_
zKdN=90ck_-3Wc5bj@S76HK~{%nGTF>rsMa3M9{lGy!sny$1m8j?V7p-K-O*aUseju
zPAux#!sYT%hXUuq2WBJ82J?cO(-l}3rzb^INXTHrQ~$Hkp;IkL<Fh~~S*dUNt?9yU
z1JnGd%qzAD;T9XR(v@mHme=gHYxd_RXP{65L+&g&*{Z1+?0@g5)m67RmBYDS686J}
zrC3y%;8Vzi#l2Nfc7B$G!m?859EC+enan0@uZp50OsBz?{ZeG0?OCT!J7v+85sxo_
zeiS;jJ&Zg12F9S0eG{07Qly_RHmr-ND@(cCy8&?I0GX|r?&49&+Tr4rDwth{hs@m*
zCal+c*BkSv!O<`vM5j}&d`9k4&HqyPJiB$tt-q`CWhNWpD$wI*GO)-kzo6qxzBg{v
zo!!TG<b0xRHGeh8ks(6rf-_F4&vck)N%<{H8mq1Lzx)?(x8(P4XeOk`sx0S%o6o?l
zont^V&EuN@CI|`;?!ndokdgj&KGAqFLaf4FX=;?|K6<EMt;7r;6IvtT9Yw5gFDs7@
zye$ONu$-DbVo8HWy~O8n+VS!7_Q{rSsEccHKmYEcMHypWf6U%CRmrc4a=BX`=3aSF
zf~VFft8EV;yw_N`t*wVy)ilX@TT@-BTW$ehm2J=-xW>XS&YJfR&1r~_{TZf?o7>O|
zlUm$%sn=2Gef)~L%V+^lW?*^n0*Ds6G8z;!0<x7-Ft9VRh8J&6)LA)cXfRNDerg4Z
zV4|FwdqM<W4S#;X5Ws!tu>|<d7%c@9A}>IR<o9|^Vp&?cp7{RT2Rj6cb0t}8i_D(q
zyYd+ZQeqiz$aZrbq&-$4Z3>8i6Y+Use8eS_?6THZDl#iUYJdLR3{-72-7m`OkNeUf
zcbMrAlPoG}%X*%k;Wqxgr#X_dtzAdVqyxp^!$Lv9N9>0Q9D9fv8*;D#h$iVj`>>bf
zv4e10Pp0{6BWM+;KHFP}^2_u^+H=g|X3424e0|O1_|35JC2*%=Q3uBzW4vu3#>1GY
zxq2s%Xb4G&t}j+zlM$~|{51%Z&hZ@Sfx%*7yAYscRbxyDT<9Fomz4M!4FF*rcL$i1
zCSG6@uMr(n@KfH(gR;aw4ZQZA=IK*CWF)R>0_hvWa40@c*v446V`KQ>4q@_`R`J$h
z1?ztz#`*Inp=nwNlgIocR__)LTm$j%q<>RGRJ)@~M@FLa_ED(RCT*eROb>Dn322F&
z3*D~jAKbqH;Qr%al@7pVdN%)Ef*ReU1PgZGuJmF&B031s&c9{~DbRWt`sJEw2`e0`
z1Te&-WAwuGMA_(Louqv5#=jk;`E%;f0!ieV{~On5|8ndvt*_IIt5VtXwGb?-+JCR~
vPb-akA3)WwA7>E%*9*P(|MJx5FRtFRzSY~Rd-41V@FO82D_r>Mt<V1f*WSH{

literal 39367
zcmagF1yo#16E2EOa3_!e!9#F&9S8(>cM0z9GPnf^!Gk*lcXxLW?(Xi)@HqCLbMISk
zy;*Bd_w=sn>aMQdT~+&=FnL)qR3v;PC@3gY32_lcC@2`>*ZLX)-0Qb0O{Fvx6jHUh
zu&}&@urP_dgRP0Vl`#~QcvyTQyu8u@ZvS}e0V$~<42<GuTYo1QaYTM!e<zIi?*Igf
z9zpp^@^7>axFRAICHucZ{Vk!5O4Tc}=PMWo$g<16y&<4EgAum78}+nZO@7#Y+S&Gc
zactwg8%aeLG`+~1l2(30BK3pz8^X0ge=lW)M5`|>U`Ftrx|dK?903s#Qc~mzsQ%8i
zLVd(W6WtR0^zt&R9F+Y58VW1QzKTigd(ee})eUlPl{VC}?1(KJry9@5J0_FC3K(V|
zu92dgW#Gslc|?D7kI0w%uO*0r`4<mW%1}R<cTM*Y6`2Wt68F_%WvTl!-xBauS5*bQ
zH+1j(@Ga&mU&*)xM3(Z#_U9myi~vxjGshK=xhjK8?B`&{3rHa9#abizvhqXze0JWT
zKUoD~F>+%{3}Lpu#AQtdGcK~&rWltD(OdpL{|{?{%($1}&u>jx3xcBT!?}D5CI)xD
zL{?Ju105oa7cj%Msaf<+-(MMTx$odjB7uH}7EFxGeG4bt;<F#AVICU{MZt@{P`Nk0
zMEC+GlgJ!*TZQUfsdi{<E>9}pN=d=R$!*{TwfMvY@|GoI7Zl1+U0xAKhpF~RIeNcs
z%uU`1cT+IQ?8=CJSHzX_t@ZnsX*bR|QyTFHfj$f*zm8xtt7w0O_0M$Y9q7-FU#^1J
z6wXHz#uCGnrX3cvONK?P(na)H!>nyB&!Cu=t8>bGmO^86Mc8B`o~kN|He321jaC{M
z8&NVV5v069%cd<jz6uBv6J+0qFGan(PXK^S7+CepHy-+cU47Ksb(GU}R0sx&fqLr&
z6EfgCoCZliV+BTn5N2G5<~&q<1*%I2(L6eQ7G_kZITw232G4RZ`~)KZIn3h*KMEPb
z=g<2H*pr{HF|m7)D#f@$DL117$uPzFegx){VTnZ1i6oFyh*K+uS&3PE*Ne#+FyAJd
zidq(K`Yy1IdWqMY#TFNIn4Q0G6c^wyiNS`H7M7pwIN?=;p%bZ^IlC`V1I-_)D{7mQ
zwvX%t1<ys13O5F28o9OZWpB^`&_<FC){3C*i{JWX@7!RbO?&#O4Eql24pFX$^}?!!
zeU*?nFuD)<-0}R|Me%w3J^wx2v&OTG*Sj|2mq<a%eT)(W8vqe$)OX1wDJrr!Y!}QZ
zj4@0bY!8I9Fp+Gy$%y^WC}e%u(_zS=#i3fEH$6%{E?+tAeMQL3V@kw{a+$C);-qNE
ztjSKu(>|_{+<X`K5kK%~<mmv#?MFxY?)&hd=OE<(=RoVWP&iU=;HD^I4g&QRwIvlV
z^=O=B9MKSoO1y>WO{S>AbkT4j&J52X_o48i76k=`Fojy)f#lb`JV_i$_&5eCXKL^4
zqDeaQwi=P2sdYc=Qe47aqHhyq3sR<94-l`lA1ypk!6;y6a1M*of@pF9ow9DWcHVNP
zm+%8lKo^sN9bWbOhX{v0(mwV+DV*@|qVRGgJ>yEr_#uUOw0LNh{9kDnNfrr*G_$S0
z-l=31#mq?0KF<bP1X=LTj1@Yw+Dnt?Gb(jxk1Y@K^&cBxYM9Uw(Wa?%Esk3l-V_%X
z@&4*B99Jq=1eUE9`Asv;uA3WKluU9J+KX*n0ag%~5wj6#DQ9FFm^T7;MPzJcVoWMc
zT6e8S$2G0!L8U0A&YF>$(KQ!~35(OUdlt5{0tH|PGRy2Ik<OmYFnG$<IU#2{XEG<;
z{o{$oY}U-;0)j%?*_B*R(Yw6#;PiUkCf(#!#8v_C{I-HN^>*o(T!>>GPs;F^ky^!g
z)f1`{ia*LW+!E>{3LNSvN)9SA$`L9to<by-D7C1uD7`4S@3BuQ@*Vyh{u*ailAZLF
zG{?`HpI%JttdZ<G28(8oBhu3mrU|yHmbVkBHmAk{{Vj{n32!F-4Py){dpDaXEDns4
zO*D+%N0DkB>aet|D=jialD2sySc*IpL)b@uTBe!mSgsi77+_l{=}((oSyWwY2M!*6
zs+WbB92upUH&5UCrTx^Y(DBo$ULo+5^7QkL2h+nh3Hx?qg?tK`i&Bju>o1LRO-qth
zN>k;k<??oRu}|Qh<GyQr-~6%B%H?3af@>pHB^9|0phi4LQP!^wY~*g<X(Dub8eUoC
z@AfW#s-`wk5>axIJ-B7MUiY-R+rKvQ{NxTfUN|sb@4fqV>#=FQO@F<*voc(}p6_^P
zulF$jIN%j^?{)5crL*lhgueG~U+s8qw|tlQMDO5*tAmMzJ(D97I6-YEv|dE=Szdgi
zDHAQ7L9U~C;|9JNz=$M3@EJJ_r3l3x%L0!E**ZO37B#)e=dj!S)AYw_{BDwncXa~C
z3Jn_fspo6?*aabS<v$^8T?}6hL@YnDI=F1F4%{gSC|G6_iKK`P=V*O>&m6|g&P@Cj
z{8h@3ck5F>eR%VSaze%^TS*d%o{z_p?~^uwhTReAA_YC!J-n==CSxh?_6fHoBO3jt
ztR`2c#FAtmdq17XJa(aPsa?VUa34&GeR|X8AL;+@v#mjLh1@nN4bDxzTW(xFpVW=G
zPR3&5ZoF#xt>Q6l+1qwmbjh^@2q`(8p=+PKiIs^rE;lXpQK5*;4^r-w(nNm7W*rL(
z`X4T1_9@i{vh8#tb+qt<$;s1k!(G8Sv<{9B=$B=D<1N2hq8$x)iGCLF$g!Lac@00%
z?%nOeZ@*MQwF_2c8fSHO86!92+P|~bi=dO$U9Rdeli2u?p64fZN0-AetnO0VQI}b>
zzH&LgGaA$sB!%1zLU_)q6K@n(ovG~d?yV!f0EUCCv<@m9riW~MyEdgL>L_+7^i&a5
zbsh&#3&JykRSQaNw6<DIjx;wl2N!vdT7I8UtI&@!p6CLdy@m0bOB#+>f)@xF5_l7A
zm&8}7*5)-ZH79EZ-KH01^k}AOY}Fo=XKjBkv^ZRa(09>u)_K^LF6B3u8ZGT*^a9sb
zh#Fe67HgWk;O)g$qY8KpUFslR4|yhuw`D(c^jxJ}Tu;O19qan?@=eOeR@rOKN?Yn|
z^)}m%p1`-9vl?^O<#UCM+)(h_@aZo<uaD9KNa3~6?9pZkIk;OM5U#}SVW*hdv)Y+U
zE32v7ioj;)lL;nwyX5T)&vj2pot3|~4*Ta)Gt;T~n4MT&wmYZ~iV_Qy<Xr1VY~1ZW
zosN`NPmkB7A#=NKcy&CmmM;H}eaFY}p?TlsVxM9xuWxuPk)VuAhudNH;4p?`uP)e<
zVeV&Hv#za8#+1)y@Lc3HC)g&vy|>x<;kIV!#5MbD`9%D9zlFBt=~#ESb?)x!6kS05
z@%wqjeaukKWj{}JF{u8&wQaib$}LfEE}k+*j>rkQN$)x4sy{KktKhm|r}eRwef&6s
z@CbRo8RFG<mHuw(T>#@Zh%(smiuOt^<mD1_Bni?6jax1pWpNg-TC}c!$1Ze+1@Aky
z?ljKefp0-Gj}3d+drC)p^W&`nj_u#ul)Y;27oX|3m%6h`vPh}*`iSw~*v)@dQiNJP
zhRf`SWh#f2H;ovZArFr5fsep=rX)&h78}9S7lRj^f$^OvhDxESjKQ5Y{Rk7t%GA!A
ziG~)=&hZj8a@d_8;!XRJ587<i&egtC@jfJS>|$*eJWd#_Lb#Ff)DBg#i+Gs_doKBh
z7i+98VIm^~Me|xmfPxM&hXTCTpkFWi*9!^?_D3)j{A-EzdWmGh{BswEI1~1tI@H=9
zghEQf5)!YalA(jKv5ljdt&{6;_wj32zs;4^oz!Kdc?@l>84QeUzZx^RS=;@=0>$UX
z^IEkwb}}Gwv$nEv<Z<IC`;&s_wf;vlBN@q`Bu<w6Wa={VB*L~1#v~jJObkq90!Snz
zBzz7=COnEFqJOi${^BPyb8@odVPtf5b!Bj6Ww3QHWn|{&=4NDKVPs*Uf2E*zbhmLb
zaHF?zB>$_EfBF$Ib~JP_w{tSLwITVVUxTl<&QAPfWPb?y-{-G!8oQbQE6K+3?`geG
zknxW@jLZy7jQ{KVm6h+0RvvkCH)AUe5p(NT^}NauU}0h9`;-3vb?0A+|KU{smy@0C
z|KR-3o&TFt#nIS7*w*@0q?5qEEAzM5|K9wYk&p3@ng2%<f2sM;)>l0XAn`H&Z_Nad
z9O^Pfpr8byBt(Ri-Jp+k-ejuuPG=-Kg;0@{#*vVcN^)Y6k&=*v--P*#7gE7wi>n9v
zlRb(lzlEm2QIP+Lqwtwp2p`j&Lf89h$@9)()w{r^MXCkQ?QYp~tnb+N?s#l$<W%&_
zmoEi1M~eY<&u#I60B9jW3=F`Zg}5ysdzu$kLhql3KibJ*CKVJ!p7q54)94pUf|1s>
zurBw1G>Vg8pbiSN5y$vyUjE(V9|Z{pEfWHa8ZC@Ql~GnIw}V@F;*ZZDFxa&Tmz{@4
zbI0}Y+FVjrR(7ss1gm}+=$J1Z_dQ8mLPEksVMmvT1moZ~5$((Ok8k{(gar|azq&|p
zdX+y0F4Z>%(5xv>s*MqXj<fMtfj3~;Ge-BT?JUpJQ;{8;7C#o#G3lq<vx4M|(X6#P
zn;bEZH8H})+KbAGEG;=6xBH4S*M@es617B8z9%+*-pwzMx6NnPvF)demIql+9*<pu
zOqz`r^wx`2K|eI)k%CJu$76Xp=~KaoqsjHYeXY!-Nx1=0hH5||N{i4Wc1zq}>SZ6Y
zRtSOiUFSUz%ZsD(0^OD7UxKFN={c>-HoqYa>5%!>C4sL{a^x!z82wS_3H=M_G(W&d
z1wv2wC`I>gZ*?Ty(>{WOIxR~jD`}M8-d+X2=LhmnUiwg=t6F>I3PB$p_rteo+*ge3
zHu4!!5Jzc5;tX%d8*l@})ZbV6D&f#dPg)Pw5XDkJa6*s^)6Hh80y?iE)BbdsyNm82
zeJsuFF1^)hjof?x`Qb`dBG=s}9(XCQiT>M5<VWfu<%bsKU-Evs-Va|qjGsUL1o!gI
zN#Hi+XLhZ<hwkc%b6qRI%Lo*6i*kBmO`y<T3+Uz4evsl(V}zMJSR&MG?T{GcLulc;
z#j%+AMZYq6ahgfe=|GFpk~u%GKGd@d%{r7$uk~|jMPtiP$gB6)?94B3%ENiEE<V#X
z_u})?8O`yk_tR`O|I=+=m}LuQw?FnJT0%!VfnPTrxbf<p;?{3h#SBXL%86_Acq$kE
z*-}T#UztqF>Kp#PvJV+t?mrIMEx(k@c+jde*?`O(qn6HjQkB5_b`84&F)R1e*Sw42
z8oW%X$CtZe89sgY^-5h*Zwp=~z;{>xY>>m|ctp8)4Y2+!8vDh}FslU?;x=e2)Pd-y
zJ`x@X@Vge&9~sz?Bw*g$VWxRN+8LhAY>S?pdGQups5Z?JBR-b7D53XjGy(_f6>2XK
zP}8DsZ>=VYU*Xc{BW{V(S|fGE8CMU5VN)KQ+(E=L7}X1ThIVD}sn^0Q%jM3KX;e!!
z_L`^~9d>g&!A}Y&_$4?7JPy}XtpesOrMgEF-BBO}zBwEkk?vr=FE~T-dDEt26P?1H
z$xi2Jkmup@Yw*ylq?A(bxpR011L4``TIoTPB{DVY;FwPHereHJrTaSN%`!Czfest5
z+YGl%P%4qWAlh_Pb?st9Spb239F<7i*<vo23wLa+DtLFeygjS3Jo+xr;N}f%vJ%)A
zSmT!;iBF}M42mKwaBZ~C^kGN!*tDln$p(~aS10h)SxP-z?&Rq-zvN1swMcn$*~pd&
zPr$Z%P#vFxgP6C>j_OYC55pl(XC+fV<7hNe7gr|3Pt7J%^V@(rh+Zzw3$=2bcuTcF
zvvZG?>G*sQTWs6ou9ludj^2CGASB#e4afG(5YM|RZ&2#FxABa)Dx9c-gCfgpp{`1+
z6tUMcVk@sV+=}+WC;Wjk3$F7UW=1^#G%O6?%C}9B`2mFJPCf_jW=de4*Q{i%T>Hz-
z(dwsh8H@(}^Tx9mq8#LR3`ucg;8Fs~#Qa#kqu+6qY78_=O>cLGQxbV=KL9|!rAw~z
z1{@h3bpARnQg3NR376_sy2K6?DG&+S;98xn1d3c7jl1*%&q$ogCL9C}U(*Zvt+lGC
zJePM0JTA{%@vT`XksD*JmgVqfYksgs{lH6ti8JP312D50o_C6p4&mX%D8!+#C!Z^`
zzbId~>dMHZE!HY8n2v%|9hhC5EoO7o+&lIm9o-gCE<?cNG$~Hje7h#=$r@(swMteT
zPuZQL)jZbO_Et1-lRK;Ra!pV;E`xMDO@dr}@NBgI8zipZ<JAFh@;Q&r2j_ZX%4xrU
z>B`KWC6sEJ_m2UUr{><#OLD4El|vvr4uNeN5Psxu^%X^jbfvm?<T~R?D}7ui5XWfS
zL=(f5>do<E$mJPGzDq3Th_5RH8{~3wwVowxqLJHVItP(gqX>VOBkQ_yfGu!-x;*wt
z7U9tSYS-QilzJZ`4?ntrhnqSFsY(B((wOYwa`bruZo?bljUFD5<@SEx<hjC$tC!Ab
ztqrzF7Z*$(#{clb?INA7*L$BUVpiKHWmR|JrRHfd+d|FH>-F&l+#XWoF`MG7q%<c0
zhMzj)i~W*B3Y(FuS+A_rhUw;ZZD!{$2Jw1`TlaHWy+}_VqTGa}uOOzG93_k%$fRp5
zVFEH}_;`Czn(uO=i(4J?BS12U<SrM_8MB7i$ZP~SLkTMR@P&tJWxB=ws2^D3#?twV
zM`*a!m7E^0@pc4}{q{OKg`*z2$G0LmDQT^t1EU2G`dIQ*;s#5sADpL6ZU|Y8Ih|xW
zVQ7+6z=CGJ>-JIJT0{qTA1OXjOl>OWAyi+~(Q8dKTwp61vs#Yr{i3t$3$j)C{29jj
z-Wj_-=uq-rz3I5w*GoW=;uP#x2i4{K0Rd!kf<4yivYihW8t@f_A~mJtovGV!LG(8%
ztWXoI@&LhXyu|px#^s!J-`!;s>71#eZCk20bJ!2@3T@GDiS-c?uS5`6s(K^hHz<J3
zZ^=d>U)vU}*ZAFijJLLm2b`WAex`|xKR=ZZZCtmT?ypt9P_ssiVFjFV{EqVVS!j^Z
zu{=j{PjSU1CMei8bq0P%H`5YK;jmTkhi~h?hTeef^2HW9_l2qoV`ubmM!FBs$3QS1
z`=PN@V0|fHZ72w55WKdR1wVC9V%ACd;bG~b$$wOE-C&c}@a^h*6reHv2=I8~NJP`p
zL<LCUu8Qto-nkqN6p#M^rw!74zELC|!{D0=_-e?%OMQNt04%;e_~_MO4myX2!L`<^
z%|wh{%gRS3po#2p1(sx&rSVW9l&lihKMPwHs@+?yoHDC)*5J?#-V4#8=q-Rjh0naT
zq_+=D=u>&!I!>Nxi}~o4YET~y3;jmL)Ab(iuR)I*?9FV&dexql%tWLe`@(TQevCli
z-l_Q*vD)MJ`n>m$LrE&Wc1?p{{6VzLsC|yYbB;L)!AaU^q{zu6+}fcfz1S3V>Etc!
zgvK%IZ+97EwSe)*d)u!0SgHxpOb6?HYQLblIl4k9)oIt=c^UDAlqg6jaNMueTW{T!
z;;t+-#aCU0kb{~p{rnhl85BR2=0_4Jj#|tj@YR`sLVu?<ah<-~R0cM+c0_Cf2OsX*
zUz8ti;O&Ck8Cr|XFy*v(obDNQTX)RIWuG-_<yduLtwBuI!T}Q{3c?)1CyGCr5emYB
zRisqUqO~B=#O)1y+{}~J@Y32=sd!J&E3p^khSAYBedssA$<&HDZiEr1>(5$*JlgYx
zJB<$|PZk~h?PFljyXH13WXdo)fSc8lrj~C!&d&+^1cP{cFRzwM;vyTCoLPg?ve)xc
zjm9pCoF<O3*x%rR?$*h-{LQVU?<XU|r4k{t#AH@eGA>LD9{bC<$M6a!HQ#kps9)-k
zY;<9YGgt6P)Jp~ktbz)YC;3*4C460;fX+bg$HDQjtKOZB<P*#^@~yi1{SMYnV3^ZV
zoz;Pqz^iq|qvHvEe>S+mzkv^#Ml69YQm*uOs8|`mC+BtemBIgXSG?coxT7q9(pM7!
zLwMRfV)<pS)kk7+#1Lofz^AT6<KPtSM5Q7Fv?6ZvP;HUX_v~*C!eH5Dg#0))21XR5
z9~T@Nu6FhI<<hq|@2s&vp9Sb&#Q&)?*%PF3_v@Zz8v4!y1dt10+>H0fo*IXMi?h~Q
z9nTN}@uA&u<z$18H_kGba8L%6$#70Ezu2CJCG=je{(dBLP8_kwR`89AQ|qGP;S=%1
zK$h_S4(9mu@%Y{($ST{shrqj&)cILU$xFi^uP30@W6HP9duAOG8c=M`v>wo2PuVgi
z@X=GfbVaaNqsgkVY4HMm18%HLg+?vAk}*miRyfi^#oHb3%J@^c$iYk-;mTwS-e_9A
zJfc;trH3@5oj@R>NNmcp0Zdb+G@i@iXjXP-$W~dMb)2XvB%3jwI7A1mZ~O(zGKa%z
zS-f%K;@w!sJV?ZnosCgdt>Dow8ObE*?vtEiN|lhE)rjoruv*DAqPD8}(NiHT*T-%-
zczoLXBsz_{k$7_i^O-UY;Zn_}u%KUF$32Zf)52ikbBEy!m8Tg#xFrY%h{!TyJ;aZq
z7FfA3eDcZNZr*vgeRuj8pRSF?2gCUKV!VVO@9bh#o;kl*C&F*LnPfd0$|a8P>I`Jz
z?CW#8HBO+&4W`$<taZ>8hDX0)+7!fwQG!=K*k8}8>vJt_3+8we^+R+hh9ADxc1bhn
z#pqUhvC*>LBSJ?cBsx6DCt5&yg~wI-4#Rcqd1lOKKa{eSKmK%kw6DS+ww=_gg~@}i
zmFxQTA?N3Z@6{oMU2G%h^1Q{J;2CAoDV9Q9>qs?aPo^VksD9t()%W?WNfYYPT3G^)
z;TH4!ogaD)>I5GY`FACVj9a6L7_JGMK_d%9zwb3J!HL@G&bJ<Q<F3ZVugnGngfGp0
zk-fQE9!T6jfXG!q*&!oK<l&@X7}av1a$>1h$Cw3Bo_l&OKD7*6n|4hZP1F(ceh5O3
z1m3E2wh=w4W3y%~^?0%hD4w7kG;E-6lq^!F`@NcUC^G#A09na>a{GDqZ`d6dkJl4h
zuE*2NZLVfv(kvVWSMQwRBf>l>Mz5?Tbt#XNg4E?P%n++k2Ql<WAJX{`NiHeK=&%a2
zT@vOq%X;p<?Jy^@WlO!=DcvGyJyR1^AtF)xYf+wyEPHUbD+<Yc;wID55i>SgU<EDh
zE#X4@i{P&@^#X%_AQRQl4zKf}li-r)QB7J|(g(MZFYw+`g?(Hb18ZeoOknNqC&}kw
zf6RoB@KP=}0Uop?vTcQ0+Z$(h*jDKq;ikQMBq!5R@0xEzTrF=yrsK~S@|DymNS5-9
zZ%4vG)fEnM7@==rDw7nF33SPN{kI+S$b9kG05H!Bn9uB=N$1;Y#oAPO7UjAR8&|;X
z?vBjQ8Zm?~9s1*|-l_`1ZP9nrWygOF<xFr3lV)KSolR6T1;;|*0CO!2$oVRpvG_J5
zUUvQjx4GbRknPNmg}l9&kucE9`K1;{C;(<M$vDZD6*ugd0$r#B->-ea2Q<=r=kHAA
zPKKb3514B9{#tABfsrC4mfA%d2MbX436QN$kvP@jZJLqxWI>Y}_vPP+oB;^P-l#FE
zo4LI-RN=z<E1Z7~zWs`!{mkBWSrwhk%5zZ%kdPoC!1(*V7TP`tR2k93(exYt3E|6B
z0oga{&}x>@dD?$c{Yh-+PMSHwu))%@-VnjZojqWe8d6@Pu^Hw{at)3cNIcdEtul!c
zS3O9VV7ljyC!W_%WRwK!49`hPbjF=2URox&CP=5>+PeH+nUxoKVd1T1d^wkGKRI^{
z_pAlVo!!Q+9>6OB{c6gGV_pP@yz;Jy#WkGg-wTKts5hqA<dc7T`haqXFLiR%Ctr<U
z^x|L?nZ0(Gd-K*@gErVCGPL02Ny%)_@7ws*PDD2G+Mu+%29pLv>d+Ct>H<nVN1F}Y
z|MWSHzkI;~RQv5^mNvQ2_~iZLw$`|x#Hmti%jd-n)Bc00IaY<(Lv708k>MBRdM=Mz
zxeqH#WU65AHnK3;Jb~$9hKCA%<T@{#_X8QU;g2p6d18ybQ~WZ9g(eSXJlE)xdi{)b
za-0YAL5)R5Y?1CCqePd9#n9`b@~&Ds59F2@>aMQoG6?l-(sxF1zqD#zdg?L;Z+^{D
zY^|5QNLx%)@&Yd-0trtoS{85gnpzH4e5QE4b<nDdbsko3*Ajn#s#)H6FusMHoFm6Y
zi-+u0>m<>AY8}<sr_v^&iIlf{W+TfZoVYiG`vUnHZFIU<N$&J{kxKcd&+I1;Rk~<P
zh9I$zHC9J#?oNS@*LnBemd=GyNQTaayvs`yQ*cJ*#~4)`$!r^$uLpIKlRYWUx>!hc
zUa}*&^zXm0rhhB=?4GmVll+$FhEbt-aq{{u?Cs)x|CfypYQloO=oK8PT3V6meyLcq
zqg5kKTMRx7&eoy5p2X=Z_@$nyZfiqC!uR{jZ?YNZnn3WclciMIlcRi2Rcde$o`0RK
z^8ep#?>^A=4_lY+>-`p2Ze8<fwkSLsckDO*(l1va-<y7GuHK6}=UrG!^6VxTDH}^?
z;#&Zz?IV>5gt8&A&5amaiJC|@HB_232c86A``Ap4$HecW5MNuA9Ik{YB7kaXb1Tjb
z`tf221u*QYsyU87qMvtuS9<uKuLMrsd4jSeC2{k5a%ACuJbXg|m?`fnSnVrFsM1I4
zAuO)jhywzyyZaT*<~?^!o4Df91AvQg85_84Sw7&UNZFBJK0oI|^QFB!9vOLK4|b<k
zlLMmOuFsZu<Hc530%h+Ti-@<4Zy@W*IuN&0k&6f=x_WFgGw>iPsIx{dEn4YGs6i^(
zhikE%p?G$-%uDuOy%tp5@_g1DW;-X~<e_>p9R}*D_iT55R9j^K?dauvI5uxh8g5s>
zdpgNAYj3c=`r>-nNy&=d^g@7jmg3E*nI=7r>yFmjlxM}pzeXE%X>_;!yIz>i+5A|c
zhmW1YkK?TBENrE3Jf1&1A0<?c)zj(Jc3dhq%#n}Jx7|-?v+$;LGSE)UU6ju+WAwSt
z{dVs3_Whx^7+ot1t6zfk`FVI>Q1Yz?k@zX-0cNHD@R%Xe5P{WByne||^?8Ug?7F+}
zn=yfp-iH-+Hp#rnRt*%K0m3i5^H#IY_iviMCw&bgmUoO5xD2K)Q7kfJe-c{&-VZf;
ziLW6NBc$aJN9Dk&WLDiJjS9Swh6T&85(mcQ#~d%hceQroGuKGZ5U{aAZcL?zUwGld
z>*{+8xyD(69mF-uT59*{DM!yitCh<2RsDDejJPDa&m?|rS3lv>F8dwthvFEH-9fk!
zCI#sEcMXx_5C(}2(^&{6S^&d{ZhWJS?B!Fnj}{Wnh%no3j)>;nQ!j^qg~@AVw27Fe
z%V($;BLnQ0&6^;|(6MTly<y#Z`uN+6Lf(cWWXvmFFPLPY%$vKG_|@nS;g5M*ft_t@
z_~C~o$=;9Y>NIL}nhzx#D}f2PH(Na!I#2e~prA*emK!5J<XmdDefsey1Zc;3?@G4x
zB?Q2w{4{zVxQQBg*irOS=h>dR*j{E>T%2<6asqq6Q!B>{Ia#%>zt@OAacDT>TJcjx
z?(Dc%YipofWWpu-6&IGT1Fy6{fS8R$p-36hxv7?}0`7zmR~+HC-)4Vzyf#Aeexc2n
zX&h#yIbLVFj|7VQ%WiWBe4r^_egB2lt)m|bumt?DB*+MSTks5(xuQ|?DQvUx<%^+^
z*p>*DQZkvsOr@Wg{%5y)Y~`)7!}p1(Gnp1OEE)zCdNn*@K^W0th!<?}EezqmmN8_&
zy!|wzBVTv7nw}Mg6n>)t>kkb3)bh>Pz!lWV4n|?wrk*_t)Mxrd?iEcu8?Z0I`Sm?i
z*l>Y7Gdk=H-?SWP)==r<R&==+t02dhe)7I!IJ@!WxDY~&)DECD3+RJ*{@0-F{Zh!q
zVR%j2rQVZP6;1V}+E+iN`n6V&`{7!VSN8+B(--Pwdc#m8^4FK*I{-`}0gYC~633R#
zFFQ75%)z*CNBAf2V4w$zd`##h6y2K#hiM{oo*XP*_b&G=x?7beDD|?QCbliwNB^<<
zLbBq?TCR!(xf>D7n`j^m*nGQ{|ME)gauCpd*_)$G(B~?@nwtAq=kLyULOydXY~F4&
zgr0u#XiEu6TLezklNa2}p1_(f)yh%+wU7((XNtgYLHMgh#ZT?LjA#}5_ve)WT&_?X
z12F|NDju}f%n>Bwt7D1wBm{V1bfSQ`a<#h|QbZuyJ61jv2Grud;!bXijA+44R|0##
zx-%&S*k@s@y|OXQM6j4*;Tzt8&r*JSOoMS-V;`#HWl_JH-9O#3j>~A<Am}(JgT(ik
zxNA0&IS{Hr6T({zRP6L0_fwgqD#oExiToy`z(uv_(;9+!z121d;urRaPMyVk6<v(q
zug|<M{1r<B+AELWhb2RZ;rSMcdkY7}5OLq8olkb{7MF}pq9yp<N6y!xlS`T0)NiUi
zJx&(8mH^P5I+!{ImuBz7u6~tv-DS!>sUNBXgZoBXLZek6O7Gmd*h=t)E97$c2?oo&
z<jLps4Q}dzu?J<Q{AcJjCP@-+Bv-_ANox9==gqJ4;J4xu5FnIUzoWGTMi$i^9DW!+
zRdzFee}v9}oXHvBuBR=QD?JcdVCU4-83JWLjvh56Pq2Nd45qoh-I{q>s3j&pdws^f
z?>qLSI(X^%nIXSuTL|V{1yMqTtzTp>P8LIetB{jvnU}KZ3Xk@*#pozdqi($NMsh)N
zbtn#1Jzvt|1mY6c%zBcB&3w$JlKD#wJ9qrKLHbvtv#;lV>(GnGvsG`mlZ|o9SBL{T
zsxEX@LKAB>kNNh4D|i6--*DM;5Z5Yc5Q?c(ZEsN`-fzQSg_D}GL;#kb5idyHe4V<l
zpQ|8Fu>yg`GR^$YncYxXr>j~<X$<Lc)SI0hXc@M@DXBLsc~XAYos%?~NLAqj)+g{7
zs(t|rt}8bIfjA#ba%*9a>OFaw13RT#<UB9U(d-!KpE2j6ChWV{HVaDMtr43c!r};I
zIxlRNt`R?gVOLyY`ybe`ZVYGJ(A;DyTu%DYi0f~1rq4m3<r+Q0xkJsxCp1CJB1E^B
zekFP{E}_I<U^AboVsD;2;<DS~tIDQe#Wwk+b|tUo+YLRUm)nDv<-_`wCu^KN$;J%L
zJcBNFI1%wA$lE;?qxYswCL7ONUmov(R`7FiN!t%-FMxZ1ul{b*LH*lzQOP!Dt3w|T
z=cp4FD@CEle3%rxduUyJ@s#(Hf<9LRfXE}#N7c3>iK5IU3*!7FpXVoFLsPsk`>Y?m
z$apC{`##nJ-r75_Y&6G2I3K_f(;0~FO*F|y;GfgPhv%V{us4*ByMJ!mASr%ylqC2`
zFE0^LH2xl5)`-L~W%e`i2L$#vDeX~bPBQjf%TU%x0(c}`wU1jr2O?#VOBWA#r9R2s
zi_b)>JULAJ99P(D0mZwI!HDdj+~T!ZM_nP@JGRCh#@3~1okz2G%yuGISgBpG6wTK$
z2})0>Y`|A9`Qa&q6M|L?=IyPwBo=)&;ew0C71!pwC5F}b^9VxOv{43=H=T5t_!#qq
z>?&wohPtjvnlfe64xXqS0y91&R^h>TuTu-CxM+L16Mo4pTwqDi=(>jS4@CZ@P9}*+
zZpW9(v_#(O%yJ)6D7cDVE^XAZbH8H!SfP;kwH@oYS+TJuq+dmMG-6ETX`UqYR?RK|
z9YD)fwt)^q$VPH5<O{nqUZT(t7buJD!+mb+_X$dXkpu;Qf{&2zun3fsjM2tP0+t4g
z7eqThLj-wYu}KyQDgyQ5fCkY&(nt9n16K_hzPC3b?(!uK$m?->dSg0)MYDZM786r$
zxAauEY<1vm4*UO9+IiJC=AaBsSdQ@xez>eMrgZqOjBv9HOsf~;80}w6Ow<Xjt2qY3
zTE)GKb#^gJw?}b$9tpsi+q1W8W!@bb!m%1pGvldcE@zyZ`IJ7gEkTdk4_<Cf23NUE
zSN_;3F)me(M5$Dq$NJ60Pu|kIvmXl!d6owW5DDQ^)2~NLVL)fUKZ=gd2xz6}nxv`k
z!cWVJ-Bx#4?UZkcAgfXowZ4xq*YHN?fSer*!m+bU(>dx!?152#%ytAuP9;3MDd<-W
zsjY=nyk<tDzD(%ukIw$Kl~V|iYE8*OOsN$@MS1xyIDpnp0rY@l<UEig{2({1E@(FB
zsqOm=&s6gJU@69oidRszl{D<O>NgZYEcXVit%q5xkC7u<AXmv_#}9=U6**PoI$GjI
zu|l@=pf*mT=$x=)kw?-qbC~|GGmN(!c<kf~+&N!yCPoY{B;^~oRHKIsNy~?j;JM?`
z8#)0TFFVqFo^lrtX6id9n1s^;X}3;%^m~uJM4vKo2>9o@XXW0weCYQq81=`PS{G?c
zUa}{-PpK`JUt_Ex<wAzn0%q-^f2c%9d!C$l$+8vJo31iJq1VYM@e=&JfqoEh{K!~v
zyCu>2i0z}^Vf(q=?ev>soMSDs6V*ZYGOpPZ`)+CbQoLSBWfRW@u+7#C96SBAH6u`R
z|NAcOer}^=)s_$a4KNLo*K`?2(>t}HT%3DmqU84)xr8fr^>exO{G1_{qUTQ|I##kP
zn>n;RW>^eJjJD`<5PTLQ4DBRhwF&e-nHISniB{mHC!>S2ulIp<x#(<XfSsE4I`EW}
z7SD`n-9mun;`xf9DsX)D>v$G51Ra59zoOD#)RG_Lja2knQvATMz2QDYwNg?C%^Hdg
zR{e7^A|J(jpQERS#VyxWW^WzYWAUZ<AOVC>J1_sewwMWp?jp2d|H_NEKEn5QUGT<%
z*tDt<z7;6;i(P=>S&BZsi<LGnB0UrxxWKz|;Bqy&RTBF-eKzTe;cS&z;1>^K`kQs2
zn*&T%z-LPNya-BfuKTXL&mqpSz<dAhBH-)VJ^AYw@xUQi`N9Da>Gar6Ilqpq-LE9Q
zQ*GRT1g|BAwd5`-2^2h1cfzn9YGbQDy`_CCtXE2|))lhb|LYIGG_4%RNA@P*-sLQM
z>6x7vqE<rUv3mmW_@zaM?81DA9&q|{PYA<(0q?~oih!;w1i34D1ir3ioWLXbJw_I&
zTiT1Z{#(_Y*uy0{yEo^_oYL1LIsLCHJ_VQD7iTk&(#A_Z`|z_Ff$!luPfnY9SEe^U
zN7tq2(-(|$w6<56X%41yL^Th0r9u}7I3JZ`DaSGJP8@|OT*AnN^!)<}o;fP!0u+pK
zX{64HeYp*Z8QVqracmr71=u9zN4rfsEXZki+m6ruOi)-&bH80Ps=-9B<FH!1SU;C<
z#3OT8V}jkedgqwMvOg>?`?vB;Ov)a=6N_}`^(rB9tcE>Wq)s+Nzgmu0vlP05W6cEp
z@dQd;Onmjk0~`x)uq_~klqKn%09b77mr)quopDsStiaCZ=)qJiJ&t<!phcgRU2MsQ
z*Ap$})p;XVhpe=$b>@3>_b7FV@!|^90jRyS(Sk6D0DiQX&~!)EV;0ZE^V0tOuoZGB
zUN)L&JQ<Qt1}YpY+|C{Xgt?l<(mQP=>t9G_ZfOM<$?a;}*NEgeJW;lbUb8m2urNtq
zOm`NXqD?9Tad3(kF5I`T0c!s6^AF!RKk<675WbK7_y+nNLg1p0j!{fjfcD8*y_o=u
z(^Wzj@?VJ`1eh2x-<53!Jznqajqe}c{15&?(u%3SK|bVAE9GIzaPU8Bf5ARsL3)h0
zD`I`cZq$|kWRUENFhcuSNJ;+%k6-}Ef&|$((y{){K0ynSC?Zf*f1?7Dy{X?O|0nl^
z0Ao@6+LlZDcP{F+5X{B+KFbjES@RO}f4M8@AYYbd1l)fUQ6vZ=NYE5sxdWnxF<n~!
zQnK*DNZx<9?ql)d#en(;&*B$KntA(x5i%XRL63*{&)o5dplioN=xRsLPXwX<hfyI5
z_MO`!|N0;y`meC>otUp9!fSyRzxYQ-e&XaLU1GVIiO>HNf)eGcc8`%bjk1cCd;br!
zU=N0T*Q=1o_p3i*{!!TX4b0G}s4&tWI}CVjqzF*|BhJMLjS7#-j(f}8EP`Y=DE3cM
zZ(tw6jg2__abW*MaES3A-HD+1?Z<6zhZ=wScT%rib?~O<hpq}Q`u!vBRaYp`x+h%%
z#F)dfEdMTvUqqCz6^jdAt?&D?$k%Kh!d!7o+3lrHr1K}^KdDIgF+#(_z7e|^K7>1M
z?<?p%zNY$uZ^Co>W)1gy@Un$p+?>egw!^YX`8Nv%PpKALc-g!qCjAwzpIhx`N<<?b
zi?w-vj!|NOo#`k_ekNHZhgrmZ%YPZeOyfVJ%|2p$aQvdM7FBsI-mKnKV2(0NM?C7r
zl+n+a05Uq`vQXg-j!Glr+3y{4h70zkx9puL!Mv#P1|gmB*)e+ye`nJZrq}xk0NVtz
zg7t^?`lFuT{$(%?NEo5Ad?0~Q{S11kx6W1=!mhL5vY=i2AH&^cR;irJeQ;I@K8n!v
zn6KDdM&Q>Fs77Y3y7o+o32&K0_NC*JgEH(CW(ji47nLq%T1?gt0SMyNVtv!C^k0jd
zHmHU=8w3Z;RGz+S;)ILQmdGcdMQBjHJ(1zS7!{-1aqPC_nnus}vT=)J`g>v3aAEkC
z7kE=&Pwbz+uApqh<_qXJ2JBsTIVF^9@3;>yHsA1cEdo$3CmP-lQhOKd_0_;UKm?D}
z{l8zIj1MY5ZCuUdzPNjsEx%c;*veMTHmLnJKhw_r(`_lvmzvhnG!+n)y5KK9-w~$t
ze9uL8j!CzWcb4zfxl4QTw|SQF0n|%3_zL-#ITAdg8^7l}HCBsFBDWeA*%(JxK*bJz
zBmOwy+777mdgqy13Z_qP)5wt4!SA2AnR9b<kX$=`pf}DraOWW089X&;whd92UCQZo
zw~&OfUNs&k4=j4kugGJ;d-`a?P<ZY{?hq*UTlRE`eZ`tgw2Y1WRDgtRc~qZ=77NF9
z7D@Id+iW?<-ib9ORTiA``RS#NYK8=XO%S%ZN8v~-hx(nN_q7O;Oj4{k#{6>JI78bm
zqW{kHU5{ep*GT}W4Sb5%YYwx6VBEfu@Z3@IHFEz6--z_rrZ%DjWE;8-rFaZ9BXrz)
zQ`cNX8#T2$u*I8R`2!<;xT1cp!nA*X`?w{@f<ycEi|tLcn%YZ+Y&-K6qkXB^{=D}<
zcZ|}b%XoCUbk-S2COfj3&-_H680ooh?P6M$qHSQO_91&_J^E6Z+)#AR{yoYf&{i)0
z)lUPUA&}c3`mn1EiA<LTP&;h{6oRmdw%VTMQ!iN`62U6Cr4re0xT3*p?+PxRlmwdZ
z*D+h<Kpg2b2@&~gw;!iN^e7c>>2lqW#2#gL9KXc|V*hQ*O&FmvO&z-F9M`}1!mfYE
zUR=wky!UV=mAhzF{+=dxq!y-HebFbES`a9b-G3UMCvaj|WC(tb&lzjmkl8nzQzY)^
z_Dh>5JhLfez4CeQqk|;qQB5N1A^L$z0a5lfCor8oD`8>h-1!3uW&_rU!fjn6;1`jB
z!A`!BW-En;xdeXY3(}=CnHlP9mO<T2|BoyKpd&gXS`8Ms`5D8q6RprxV`Ij;=Z&QP
z{xHtBY*)BmCCXcRys<^Z=1cB=IaOz*EZgJ$Fg9nukUe|Wuua39I6*wg#~h$!9eoD2
zz@_$IPr3EOFYDQyMPKj|E0Yb5R^M6-6)UzGtij9J^#MxvG=Knf3~5U5MeGC9^yb?P
z4VEwVZi@c!pJgA&6i^#>q~;6CuMpTlw5Ju9aBurzD{<IMc9}V?S5l<ypPk1y-qN`1
z#9@7?x$UE20H7m~oD)xeO3SGG^b{D)@`cYIRh5XIAcI<krIsf5_xD_neelL7A9GtG
zj1e{il?hNn6BA+h!0XPu)RC5G`}+hjVgsn(GjURzk?22x9Bs%V&j`fOt6=j#osbm0
zL0_Jee0z`9koQ0v`<f6&R4!6xGuVyJYXMe#>ilDi+g#Nn)xU(oC;re?`VQhsqO_=j
zg8s?kO96mo|C%LYiG@<H<Q-H26V5WgAxc*Zd-j#1e&qQ!+s>EEbZm1veYt0jFST0D
zC)s2>&Zl!Z-Ar|dRYuw7pN)V3Q2!a~;KU7n?EiRs5W2H)+8cAZt}woilJQ2yt`2Zu
z`q-92>qVP+;}$o{!L-uCx|SnbDXF(-aHGBFzIsGiJWBQ0Hhq(!bZ#h-rP%VgTbGg@
zFBr&$;gMO{kd|h(^}balB{m)im%cNM_eIVroZ{YFTF007H-H}VgNiMc2d2`obGC$~
zY{kJmKF7iPL9R@#_;HzM9ji^6u`U%@j*L;r82LJhb;-P64n5WUwQF@%Uzu0>%#PAu
z_CP{TmZ^+)+k~!Y;x~AOWqwTFLNqO<o($~=jsGpVdvjJWvXwy)S*?JGu2ta!;~Bkd
zF43rA5$sch;C+SEnl+^TSXwpZo532^$nO^(*&2NnEbu6;SgP6cv53dk1=r63*&1R7
ziH}@9Uvo<0Q+~u{`rWI$U(PmtgLQRX4Lvr&9k{F_afo>Hp7ygQfy>8Y)QL~ky8!%r
z9=dI_$23AgkP$1&U!mPB8<91}rCwLpI$#&oNJW72!qhH#9UYcZbvv>~^LIp6Udy4l
zrOjuF*SD2TsSY@QZS4U!gdPzwF;rSlCF94Xif(f+?YArADL#a|D?C7*T|9NyORN#z
z!yb%;dYiRG>2K~#JwK*??ikL{pq2!8LO13tEGVM)x!B=u>nM_9=;sZDM-mylF(Eic
z^wSZkBsdV!RkcWLOL=Av5YwFaKGR4YY*YMJ=G>5beRg^NB2-88uIgduclhM<JK@@-
z@>Go+Gw3IA{pw1qWcNf>-QeO;8F6HvxASf&5CTvYdMKemJaVckCJ|cpdA%=(F=WW7
z76z^%u7yF9zW5C~hKT-@za2dA!*`vB)XlT4DuX-CxT8<H7ycB}jT+M|u3xaS+Jt3Z
zpVl<64}Uvb19k`^|G^)#?{^t4-J~vvqt=PG2W4Vkf7_31n|5s9_J4HOfl%Rch@bRg
zj&Pi)CU^BfPxni#_7UY1vHA<b!7oj}xYuROeZs7+Fu6<J?4D6f8cqz7p}-Iy%UhZ1
zrPEmBZ@ylM8&CZ1^|wnofPp}@u_cQuz!5^?WrUEM`~4pu%$EcM7cf6a(gNQY6htc_
z@{bFK0Vvaa-S2j~Cl0d-x=5e?al#N_FvZq4FT+Dk>GA&Fe1G_`q9T9blidbGRTzzN
z|5|Sh00Zi)bBfVDoCmG<j}c%1Sjb=|)lJOXI#|iONdKjM1(}MH;PYBmJ(GU?SC+q^
z2*&xNm&ixP!T*d50R3Z@VG7|NPxRH*&PE75$5d#bVExx8KSv_obfA$D`gcNP0lruQ
zMn%>}9SPe1^7^(25LYdKS@i#p`-lMj+v^;XuWn2Ge~blyu`bh>d5bYC2B=7&`%f2t
zxXV*0|2DjiX8^4LGf0c&?_=!`3&?xGh(<R@_>bbL0X@f9)VUPI|BhN7p-{=XcSTwA
zKkutwJ^!66Qj<jSPWp#`!v^2Qy;r>X6vls~Dk4;zlV*$Mb|iTH+uG4Q9+IS!OZ_kB
z|3|=q@PBrejX?DpK<v8Vm?Th0;SQxxq8B+23&k<c+zS~|E4=pK;VZZ+olN!VQ=c8>
z$sAoWtJ0}<BNYP&$EYyp#k9x|f>%=&CHX`{<MH|~n`SyDM@+_GAcmaR`M~a7t;O%S
z&CShML^gl^hJWM2D;lm)<tl$B^VC}TtWJws?sVB{`z*)lcDYgiN3)T=D2n^fbiDbD
zKVbW}#9T??=$!Wpy>jtMgV7}#)$;L@@%!!7rU%P7!6_2<T|Trqn~p2BbAO_NnuG3&
zy&4G)x*h<JPiO59ACAry3hzIgfil(Pn(oreX0mj&e!aq1ACCssuJ0y6U0t~Zkcl(8
zWX{)=eev%ysaV@a0^7_iIn+PE$y5BUuGz@%u=eL<QoJ`(H=khOE_zX4gg(+L0Q{t)
ze6co4d2&v5c$CJ=bPyP!_Md~Uu1{RoLLv{~oNWs%k#&R%WHa)Q7pfGh`y$N*+xz$P
zn9C=!DfB|<Gp=Q+Xcnu#it9Q1*j!9sT&wiEI+iMD!L&YJe!CvJmtcGP=5CX1RLF#f
zli~m7QYkhVm5PGm3u4|x*~)Yywj9yzly~%X*45s4NFHIJKO-QQQ;$Gw{bsvJ$!T|_
zeWpRko9A(y`O*5QF7yIE0t*Y9I_zbn&~^M&xzz&aC#x+qxYF|7D}Yw&m%i+U(i^mM
zF{*pGq<FwP09m+iX&zLUkeAm7>xYv&C&R<`moddF7sA4mm6iQ(Z@$GHWQ)x;%Ur=$
zV<?Uw;KR{|M@8ko{^3EL|5L$U0wy7m2n-M&cgC<V)=);d*JhIpB~VV^NX+G)oM>js
zg^#OO3}5vox`y>ak81nVi~ck^4k)c$<>AJ$`e^w9xyb&Aw`e>zz)k)oMDlHO`r+?J
zb`^O_NNRe4B%LquipDpnPQ(8jRBtu4)=-q8e-7PDDVv__F{(Lf8N14|(<YzwS(2Rh
zG!hZO=XwHRRpBbQM?fiM1_-h?EiaYhjlZH}5ODm|aUbc;C)K3PRvt5`)y7iUjGry@
zH--{hW70h?5pS$!8q^N%te0fExmTV;OnH^^Tji|J%p`)!n^jTS21k}NDTxXcDI_O`
z*e#35i;b^#hKqF}Ay51gh=_>S`vI**<~eYZ4flKV_8xa2;)y+E++WA%RX|QRlG!31
zr3G_?v4_heTeIV%EggQ>&4q(Tg6Gt!3J)L0yc9G2wSFqfIn;eWUH(Gv6yBM;cYP5#
zrP}C)^?$+VXJ@^We(PqiC99?sCa6HQqnqXFW6|i9l}yS00gb-g8yCYaXb~pxSt*3`
z;(gY`WB-w@t}iVsnU6nPtmxpt;(dNWd3}0~M?;B#;&OpGPzKSeH|sODk(txc5+6Nx
zy)3zYh1E|k5`)M%?;8f!(6QF!MkYKfi}WAGSPzPA+iq5f!Cg!=$`vFxKG*iRi&cx8
zK$C4d_9fzr%lA0#pC269LXVti>J3l^NSZG*xE)1<>>oQup7->8^3K%CRIPKxH;$Cw
z7Tg-#Eu*%%cnM)xuja;BU>oXX2)fM)75~;|^K2+0ruF*Ndc|<F(bjni7JS6+kIXkK
zFYli+9zNL8sP?wX0cSIiR`>~c-B~+>&3>EKoDWm{0x$K7tq*ak<hDigi5N>JDhg0w
zXzQjih578>6-f0rGiW@iyoo^<TE`;G%&%5mitxUD;9G3AZKwC#&y-B0%Yv*&;2`NJ
zRrrQO&Ok2@$NzxG<<QsGzG1~;9i;56DP>ufWtC{KOuvH8E7BTJg*>aA9$e$XYT5Q9
z&a(sbZwo=5gsK}hDgmpD&On8{@SRy!&T(&O!nWfjknihXWm06*`QmAE37#=JX?%Y5
zJo|j$^+{DNe~Jm>kM{7m%kZ4BUFIER<;DOo#=UG8O-rum*4P=~cL$J{*_i3K_anlR
zEkb$O+mtJ%=)a65a+Zgm1_A^7UV-6iN#$VkR($<Gz~^?$u-v_3@0%aXm6{VS(SNev
zIX?b`M=QM0+kwt83ftU<Bj$VvfM;E7Go*~C(v9F*aV|JxUR*h;|E=neKXWg8zb4<r
zhWxwN`{L^SDS(Zw%}rm;M^EIPUS=bWYE39oqwAW0v-9ToX(NHx$vlmErZ0Yrfv%ru
zU&QiEG>*XDSemmJ@JH+qGu9__@L)bw&C$^}xAVyst9#=d$t}9)qIu~cS7Z=88j+$<
z>ShiDWh+m@ki+7VD<o?qdqLe%E9QxHBG0Nl9QxJCVjzV%zKYo-*bms)g0UpVYOR~P
zddC1r1t>q>-8F=i?JOLf)LItbzpr7|Vx21C&X^{!l~sj(ubh+=&-qJF%^4}W0vF&v
z_$Mws{%>6RpKx}pSa*&R!X75<x$SH15XYvr!D_naH&UHFA%ak-0Jys)Hw@iZn7Xn6
z@x#?lj+W&tiCF;8>a@~A&6(*EdxgzPRU>)3{2R4W?J(ZaG^e$0Z)E~MZz5Lii5tG}
z+#BT=Zn<kv6sbbKffA_ZANaiHoxO6m^j;=B{=nQbF$s3ZlY4UTct1v9iPBbeu-R^W
z)$)Sb&`a!gTWJOXOV`ekRf-*0;~7+bxIikuEi#pnn5};9T}yh`mJ+`Pj957Hu=?s}
zQuukH3NZa<adc?b^8exLtmC5W7PU=>NC}8iBPt;wNK1!=(j_G&-Q6)X0s<l+&49$v
z9g;%`NJ)2hcMVK^!@KuBXP@u?XBd9ZnkUw^?)zHwx3HuYLGZQN406c(&GH0AY~JIz
zg5c@+r{d__g86M=5H-P<UCkV2bjPAPLF_7^mjzV9zRX47#9En<xqh?j+88akcT{}2
z#!{;_DY%j*ceV%&er*BMe)uQynKR)%PmM<5s_q6I)U@$YcI6P5Zh*}Cb{BA0CX_<=
zHNh>=g97m>4!rE|q6avp-!frm_`<2ppCvKMP59l8Xc|X<>-3HaWEY3bsQUbPND-g0
z!!}BFr=D7mk)wP_7pd|HXG$cD^r4)JR=5uR@4mhXE?U7`=RR8oPXAw>03VZ&MCD}G
z2cGfoNwNaAhtej+TJAJ4TLH+c_=O^avQ##AWhpZ?9VEc<RyDb5g>)7*Ha*{9D@DN!
zkx`}<(4t8>3DhmX^TQ#141|>ZDT5<ThXSoEi5d3|U`icIVS4abi-Drmk8m^szdwO3
zt64?AdtIo_rGuwctDvdo^bH2h4^y95hg5x)7%gywq_d!*O$rv~g`h-8=Bljyc%c}(
ziH3h@Ch(d}puuq^Vc*mKYotf2X<d9I2}UjPZcKR0<mybFi%f}LIZdZTfk({tWV0sq
zhtJ8S6K+|{$=<P1XF^|?Uot~yBY!-=!Iy5_1P7hVx`j$$0VD#us9D~;c^?oT6Z@j^
zjJ&f9$=D&vn*$kN=#0eK1`F5Qj%Ae_+*<x<|Ek=M^BwZu-Qxh3T$*HAtd|#2XSVa2
zzr)Nql6jOE`RY~wp_B7i0yUctFAqCJPpH<<m=p11l{KnC;x<;N*cc>leROvf2X9(i
z;gD#&Az=_M3z6<Nl?$F!Wre10(O3Arsm{K6Sc-#qrEx@^Zjst6#hvwYh2jy;YkZtZ
z0*2@{T;!7x2{DCai&@1yWwEKF2hp9xabG->%+LKvOWUOG!|61{X8sQP!2(;6Q+AWa
zpX@o5O^6i=qN$3oMARJ3V}mB#%+ga1yd3t&ZS9A5)*x|3l~jYqmoCMdhzihNmE{a^
z8B^yWWn6d%g>L8Tihg3GaM>LHH>l;6@eixxUEMV(K8u;!!Vk^~bBl1*XSd+@lYZFJ
zz3?96@wUUh^T|X6r5yK75MQq+wEN}92xWm$Zp?#yqu4A#pOv06czfh)NJrymVG-E!
zOk2iy;4pO7OrvUjgc$W_{(&(|LmWs*3V6Jv*i#9~&Ppg96TT+I>TJa<*L`+n7O7eV
zN3RrZzg7Bl`XYGFvU9ysi?US_8lwdZSY6JZoI6OFL=`jEMPyZn;{*?4qE`WQpBk-F
zjHM%3Dy~ZE$KF3Qae_OPg-e2oy2f>c?t)#-8;y=ju)@yF@I{<EUt-kX_$9IwBjiV2
z(9OyCAC<brcrVLD71om<(+W7|FLEGKSU)NqIptUxs*K23%n%3WZU<XL>GohtkXZAX
z$Qakyr=1sf1cg35S)ee|$>`>Hn3c3>bf0tWv(HWMi~f;*sL5ltPs#r$sjV}wMBZEw
zx?u6h79MNRP=wjysT{wD`xm5U21}$8&)u%PNb8&DhgO@U?Wo#MhjI}S=&-=oBE#;U
z@*lqK6_k35f8ai`@xaXze0{VVw>?bI6-f_tgyP44gxXFN8on)TM`6a&35OXmoQV!w
zN^sdH%@i3K)^|CgO8|5$PAzp;ydua|TAT~bip*>asJHQn?LtKOAM<p`t|F*O1H1+F
zh(^sVawV-|_8rkomGFEtNCr_1bsBT%Q=VOyvRELuzO96G6i7b%0aH?p)b##-u$5s#
zQu^|=5e@_RcST;abhvGJ!9Aa+;(WEltUV<ZeW7%jP6P)@2%a<fHlrxQFbU}K2{NeY
zMK{mn`U+*y!F9k#|DdYpn|Z1d7d|s0Vmb-ZQ0Gu%g8tGXwYLzlqkv_f>RSEg$czQg
zL$yFouCEM=TqFTMM&GZKny#7PuMi9JUB^c8!P7dm;`n93s-QxdNR&ogyS~Rk81QF_
zaXf_Ze8Li7xTA7L-dBQL`*e5hhtj0A@;I85Do)HD4zXlsT>G5uiGEW9h|ZGp;mqRW
z({$V#l}D1CgrPn!E0Buw)!R+0%|qx9>mDe7>BZmEO-7S3kExUA1C@J25Y(g0rrcti
zrINRA&vq{9_U6}0FY22=cXzGjtrxB2k!m*nrPt;@6|+KOT`egigx1XZj1%#$ieC_!
zrB|`x0(GxpM_%lcNPu^QCv7(cEzmVO-r<4K`Vl^Z->y`>56urNnIe??-%nd~^ikIt
zC7eD15cnV?1UFbQ7=x&L?3I`2QSOgS!v}a>2`nE)C@sOl?iE#bG{Zt_!^YiqSEwuT
zi;<DNCLomk%nRKbekD?gH#edfa+R}LNSFGmb1`H}mix_D8gVTLwQw;GZo6soNC=6U
z7crA~otWAZK*(Fo<IwX~SB!`WDCGJV>D>G%aNd2t1kViRpLrU&g3X6JuhTCP=!^1P
zAKCK}f`(3T@2_za{X+J!hiOQxt#VHCoiZ2>E?}E~c6(G;(Ys{9<pCqEw|`_zM(`MY
z!Pc3rbsyOa&3=8koE(Yqv6s)BU+D0+;Au9lwh!)5Aj4+M(oK$&&sDNc$*IfNWPw>u
z$_!7_i@L@_6(ZyH@8ADH6FP6O26i^sUV|t(ad1egZrR+nhXzzv;kQHs;I(=}r|8wS
z9?Fc0o-++~p){2Mpf7=fqSilTf#)%ndUdtSt8x)9iedTQ60cX~|A8IO{pcmQxGw$6
z$(AT19><qv|BE7i?US2OA19IB2(|6M`HuBpu;&T+X&HdX0(iyE^Wy#gtS^RiOvOv`
z{m@wd|C{k086jOeGFpJ#px6L{^X>jT&!&gWS!x^jiQwN&aIy}PHuNoC!{DoN;3A>C
z4iA=4hxv6e_&+Xyu{|X)M{5o75vja7G%*8;ba{RYTlQ-nx8s65aR$JFq|2(^k)l-Z
zKQeJ~VfkOHFIMqTv5l|D#}{JZ64zTyFuNPaJ5IJKvMe_@N7%N`;{5q#_qjv?6WJk7
zSe`CefS#D=`8F<n@NwPwm=SjC#6xLPLryCG`On1VPzTbsXB3HzuZ;{|wR*hbz*zNO
z9}OEOrzdy3Gdyx93Bo8q_qEwRfR9?%@YzmwTQTp0?n=3<gR#l?8#dG@zgzr97<67m
z)cRNOv?^g4YUW^=E}WNfK+UXl)!JKqtWPNrlW#~DypCHrgnIHf(Nj9YP_sx+hhmzO
z<cpaEND~CX!U1n8240pbZV#)6^pw;ejBm#9W<-edf5W>u85CjiT6b8XATU7LxkguZ
z<GOitLo}O<Zq&OYO5WIyeJ@by)D)}KXyS1yUeR|*FM=IwVQ$JdGp>3FDQ5&8FE&~K
z$zhpd{@@+FKUq;s@~!(VqYwc*9U8?PO@@uocHT1nB0-m((*+OAm@dO!AQTG7sgB0z
z_SnyfaU|$fjj`8SG{PTT-leMB@>WT%TO?Jj{RZpYRFq_8zjb3aT%9oRmcd^C(WNKe
z=wn2(c0c)4rsY?|2iOLlJ4=N7X**TqI~k6%|7}gbo_^QdBICzqbm;3r^0+~_&-m9L
zWkh#bTvlu%M}yAEQmu$~rGB_7zVSOVV}L6A$4Zr+Y)!aUFgAQG0tkL7!rT5Nar>|F
zE+yZvTjp@s(WRezi^wo<Q$jnzZzF|YCe5SQ@TQA>KHW@-szj^D-(H_RU&G+aq&VjV
z`O=Wwoj__QTMhBM$S2zT+`$cAbz1lyoa=5}aKcD0i{W%_hrDCd!-Y>9t)#rtR&m&;
zDrdJZEjKS0IpQYT6xMcr<7dkdg>q(B%ldMM&Go-^B<*!LKulD3159%pls7k8%e|eW
z<N3<=0XE%s{l6UeyY82B(6zy$N59d?TS@}i%J?l`TenWa9_1v*-7<H^5Otn*wsmb(
zbfmarrVY9CsnQWVY1Bl#IFY<P_^Tg=ra%+X+NFDYx!qIGyzI(p;IGY9G?Om>7+bln
zZ@w>?DN9DCZR;1QF&4Nm-1LU=jW~C|67O0ih|m?7$=vG3M7$DP;8J>bWYEZ*Nk*JG
zjGpPc2u!5cOFY`g-3fJAaPhGo8X9n^UsAMNy!b&zzm;PJx=E%^ZaD^nlGAW@D6PAS
zGgZZI!|vWjld9hZEO;VVbJ+hjq;}!wOF>!vm+JRrBi}u6P$+)HWWAMMKbbJ~gG|Ho
z2${%me3Q?E61_8V;$P@bdl6|HBxHoRz-1tOl6B`6iqBR~O!I2!t#KeC_WN;X=EOzN
zgH`HT&cML2PpIGOH`upfYnlG~T=xjXKN6#z+mg;<%lA*u2>OcXW3Jt28zL7d|3@Dn
zpx#!35eS%h+#G>sAS3vLQqBv%Y=}&I-=gcl`@a{IM0Xd~Py<B?A9mkwCx+W;RhEQN
z+sh#Tp&w{6WUhlMH{jdgY24OKCVB<l%WCmFd%SZproT+GOf2qrKJ(4}U{XEVqE~4|
z{qom6<mg%pdtt<o7ou&F>rXb*ujLrJOThA#wp@72`#9CbWDc!Cm@@Tl4lwG=LUK0<
z>X`Ve)(Xgi8p<vX$ImLhB&+TeSEgp&eAeu|jJF)uS@AD*qEHEW{o9IZ%^#qIb2y(u
zA+9i45hydo{kCnzabH3g$xSA>Bg4s96(0}~@<>!|S=;V)x|no7a9rd>18@vGTn6S#
zBrKTlsftSq4d0oG&*@Sut4>-FP7ehAA2_l}2?%!K{=6d3@RP?MjuobMIb5ld`cC2^
zYBs?dA{$M)?U@?B(x`32ETD2#`Ct%GI%Bhz_mu!ZlSJ@|aVW9R+5|+4C4GR&GoSaS
zBl)$SG@?`Q6=idw2__XizWv^npwQFDED_@VK(6e!EaQTM5U?}{+<f?ZS~fjj&{2^C
z!F*!DAS6%e%%z04I|gHaxu8~f?7FesU}}!mZU*rioc%**WKr}6*Bx3DPihY{yKxlu
zIZv`sU`K-zWq(vyJiSDPQTj@w4~choRGW9ysn>Ta;b#O!LSr{*O7h9dZz}4ynfGZ&
z|8GYE0gs18em6%tyf5roNMO$ByRo)A3!IT}`g0-;w=rzOcM9`nlR|rK77zWt!tHrw
z4EE$?Qu~_@dmAuJ&px?W=^CkD^UlRJG(H2~iB0mcd+!g7gl?50OK0`Rb7)W!oBHBK
zsKkXcOnzYkn)F&*Bdf;XtB6;obMzc19`7k34O)RvAiG%W1QOP*I3%{13_y?<pYOrH
z&K!wi|AsB^Rfq&Msy8e+m6zkF7u{E-&;vhP5g70k|F&lj;iZY{JlFXapuz3Efzg|X
zN`-laeMdF9S<$bc%%}Mrw<*fjKw&r6ch6-t7@O8oV%dnT*`4PrjwMLwMDx4Q;KwiZ
za$lE8*J<SzA6<cGurMPwmOZYNLJzf&)}t`-Nl@m#apX!P5OVk6s8DT_?2E-#h*M7E
zU;}L_S?*TQz+BN%hs%V1av-t`x8<c0NXoVc({kqg@alTLUi%3h><9w)n$8@VaycE1
zknD-n^FiwurW7v-?4+Kha=g}#em30bFc;Dr3o4qlR&eGSiKxe>8X`^4vBcIBn_0`O
za60F}0eYH;1J-{<oqz;zu&keP|61t{Jsr1LDNZqt90YNJG?=8#rtZ}S+kO%Yp1~ey
zvjP2WcuAe@)(4!vHW<Tk-u$18%2-Wa`pw`(-K^7@R?%^%phth7NnY>zHh$PxUF)vc
zctMZ4i=4RVV3bKtr{>M1^S9+1awL;8ef-;p-4lw_C1H>D00vy{S+zecd!3PC2SQ>`
ziD2*Sqg@M|!liOVkh^sHa3>8KHf!={_Nq@&>Fb8zr~ewtwnfIufAblsFClyN#ErCM
ze1f?RTxLd4$Bz)CDHg)vCJ<i()p-hL(U9k)Q|wMaMHma}wWC&_Vy)j3s`>TD%Cz8M
zr+WnBw<}?i-U0jk5)2h<UMyc%_Vr^6fcA4xT@8B`lJf=RDAXBqs;zY>0&7ZvX1Yh#
z`d?X^r4wYHP1kl82Sg0h2x_F`d)vtL*i$|nm71!rW|;>c`b0~S+aTQzp9Hk5`lZ{b
z5${7|AV&KK&^M<^m$s(d3V#t$Y<eZbG1HKbWuJzbBMq$4u7V_C;?}@{TJu!zMNysL
zu2a)U<0sz*m48-wdA8YHJf0$CB!jy@^Y2hvd#63i4p8|7v0vQmre^`j3_oxUmFO~^
z#{UnZDXbmxZxup6e6%o5B7ukvf&Itqh0b&>3EUg*&(Y!ngRwZ}U~AqOT@!*N?$X7E
zfXHY(4k`W;9ZlxPr%ii}D*@2;w>T`y39O*MgNG0B#ak8sj|gG>UWD+#Vz7j@vw;f*
zAKIUh_<Gh@P0F(@7})5CTAGHaaH%0*d$WA5c3JF6SM%L*`ff4nw8vwzo=13O2n%@k
z6Ok<fRI$i<C4MC0q=QN~{={o>&XF@}^Ayy7b14(F@--$Mqt?Fa`BqaW_AWGvV$y3>
zvpsl$!=C$QR4t><W`svAx{~5r6~7CQ4)K+ecEhLGG-6D^9YJSFJ4$`n|FyHyW+OtY
zR-eD1$!6*2+xp|l@b9`zdzYWU)C2r&XSM5`%)ParpEJJcq{h)_BeSn{j4JI(T3n6)
z(iaap?NL=y(pcH}Jok237P0rm@`@C5I}H<|XZG!<zk*3%iDv0P8U?5Af{hHrrEQ?j
zg1~^_Zrf8pf!^nAw9euBGKO6<$Mu?}j@SA?Qn!ns>wV`bA;wdF7glhg0{WR`<%tN~
zV%w6RLOT=YtKCv~Xgl$7(p3bH28qT0%#@*#2bv-}%>9z)5FXH^et&3%S>p#;nwA(R
zjF32jU=v3^E$~8G`b5AOP9}1`ivrjD)AL_U1)4hIQE}=E5tDje#ouUXs#m_XrG}M4
zDflj&IWf?XvWP|y-u>rfl}t@6rw9786()}sR%Lw#1@~psy;JMCqkzB32Ks($7CS5$
zt4p(T4JNy@XwjxrQ1oK%b-(fU>Ca*ZYmm}{_DJY!^8g<!)q!dms{dj~Nueup(*#0d
zf`w0qZkjzDnONW<?`NLKXEfKP>qvxB3l@F8jS+vH+`4kbOFw<s99;i0wXM^I!W)Zy
zHkQAs(>Rj91@F;H8FKK)t30~l)hGXjkkC(r+_YVHE0OvS7RRl)HscZROCM&u%wfd(
zIMqfYXx4E!SIbU8HDpdT;8%w$QG@CmfgnrpT=GT;;C6hnKmCQdO4-A{-o`-k{pQdw
z1T3&(0Svdt3XO~{*IRgie2b5eUrzG6%6Q{Q{(TXm{2bsM;S=+lz?NcQG64{$8^COL
z&znx)2Nl}U!$gBkmV>6bKHVDBJ0<H019OzS4>4<pLwbyh7e{qgxipS$;w8|^j2~=9
zpA2IG=%GLwYxY0tnVK<NuDcBQ1o+j+;&FW^b_KL0C^xn8%sqX!niiOrj|+-UkclkP
z<2kfJ8-Xsu_3w^cw}!vc>Pi>U@47n6)4rPTBvDb*l;MOgZ@#}@2Q8&;aS8RU^Y8h<
z|E!Z&B1%W!e)d;_Ywe}}Pu(~5`RXGdGP5H!9ydb6zvHh<&vvshKwTvBFljHoTMQD2
zQ#pHvf=I3{gA<)6B8as-(HbWmofcA|90!wlkHgM;2qn#8<^IJz6k>Rn+q?41B8KMF
zZss!8XqAqTzfwYPZG#zDR@fQH$?F{+GhO&}A`(D;N`FtDSft+G(0~q3oKD3#*mWuk
zdWjE84Rm9%S!_-}h9hiy+l8cwllV)tr_@;=ZCzMcUf{x>b*SQ#OrUKHkB%N}76vr+
z^fCJl%HxyJf1a3P+`7P!pn*HCY?Dwi_=g-WJ6XTWx+6_iAOL8tpd_zyx#GREEo%V_
zK&ugrJYSFGi!*3rVHgvz^qQELQOR4d=36$q6^Zr(sH9{fe(WS%*7$Cy`lGD-|G+Ev
zx}{-=gLdF2ZZH38YxQObXq9$rv2II{X|?ms;xD~IL&O13o?)Zyw3ae=;N9GW<0UVu
zG<))HC1s_P(d3oCi2zu;+d53n;1c9_eH%t9#AL%0ICFDY!A<yN7|YU>!h2MauP86p
zG@JJJk=PQ7unQwUD@G+-xImaGteZ!nOrs;3luXOrnPzf%M`c7i|Cz+%I<@(EyR{nO
zKTs>Js#bqK0{<RracvRh^^M2KfV4d#?__j^ayq@biDLuIo)ZHtxs%!Z6s7K=R%;7q
z7+ZObdzXaz)Je~EuJ%^*->mge`O>>cw^!FWO<*^c{rTe1b;8=G)(wvyz23Hoj5kD*
zZ8p0f=5WKzujw>@J-#sFI}I*2tc@67HU%qNOS|8?=hMx(srfC-lJi!pT8<Q;U*JpS
zbzi?t$1g-<@RAj7sV<+#qF}FEJ|`6&YoUg!Z#cv|@NkCm$heKk_Qh57yi1t0l)bKC
zv`!p#X;KddtmPDUYB;v7gigR5bWp-8Cbu&FN?#)W%aQT^XM83)U?xi>kMulhc^`UL
z%p9wG94nEE2|+l9&qJ`4*4id%7hf^A0aVVaLk^ghjn=9o8MJ7@ral79oS?sHv}4z>
zWqiPRX=}Z3=I~0o@URXJ_)cE3>`&)3i9)wMfMKJBZWp?3_O3nkc}LeLtq&~~Vuqv&
zg~gxNGj^+pYAKj#NDp1*cuDL%XHNC6fo&sjJrCbw0P+Jo_NkPo5pfMDB@g!;OKQ9?
zC~8V}cUGPlP@?3bn}t~(%`5`<c+z6WddB!tvOXZF-fb5e!dMF*OXxDc#yz<cx~mto
zPYgE%@Nxr>{;W6E5@cWM#^S2pLE`A%Pjs4YYbR}V*AZ&BNfhYZ!Y``th$9!~04h3N
zh8Ze`$tIhC>EZzNr3g~thK$LXy8h07f$tMl1f+Go2+WuQa<|U*1Z(o0cb-uq`{ds}
z2Z}692Sf;WEUTu?X5y6BxOBHF)USB0WaiNA8PuO_UQ|mrW$vSrQ;b##e=AS6+j$Kt
zv&!_yuV=jIIARvw`dcA3>Fa#)%vCV&c~J5jVm;-DB0I#bg%GyNpkTs^g#c1E(@oo6
zToKJ5YXu8rHA7)of)+Dfeb@na&4ht-;hi6zLpiBl`Dcx@KCwzpp|9;yi;%<ER{w>u
zYf<ai8MOLPf==mS*z=g6@@^Y*y@bWrf;cAfeFI-r4o}>Wa9oQEphH)NPTOj*Zx9|a
zFqe#kRHRp>SclD2vq{K^?E%X~@rf!#BZkr63InIgj~j`_lozj%<HF=`P4KRIGG)9$
zF`j+?@DUBpBZL3SGDS)9Wn6~;Z_G!M?8_4@TO9_NL+|t681w(iEj`7+d@Noipa1PY
z%<o==ksuWmPP&}%n#bq;>;Fw8JtO#rt{sr%G6s3vp>>k#Es}VN8bxQJ{k*9{y5E0f
z#K-ncft)4jrZ0`zcm^eCPY@XP=tYT3xsEc#?M_;_PTU%zQ=JsK$=nXiR6w?)<29Ew
zPMhHYHdwhRztcb(@y%k%p9-@NLnI$MUA`$hR8ICbm<Nti-nJhvdG8FVw2BzB)Dyih
zA}fm&aD1M~tbrj|6^{}3)Jg3|pu}sTJc-52vA%T-NRf^4z4fJ({J&yB#^q0VDtNtO
zK-&I-;hoIF+HBey27;gshv|t#nyE^8O_o@&VXG!bgWXJ+uK|x!+`g_(xgpr8r8y!L
zSPGZOI1_Iy73OnN-_Lq$_-31!k_3s>f8t8$ryPtG=1^N(a~hFlAa#4bo!hB;`GPL5
zDq!dDV2CyWg7k9#{S!KoIy=QFZ!Vh5c86&YZg*A2U85~fSRylu@3J_U?-$T`3bY<1
zWiM9Q|EisYdT5FmrLy;PS)Q1-q~W!3oq4h5sn$rTR>hD(bK^(Y))QE-R`8~L#5+l4
z)AEO0-npeZ<v&TJyVev`Nxee~mAsYdLm5cwoY(Cr#GP<<B3FfXqxx)?%i@dCsB=w0
z{Ikt&BL9`P)#2lNI_KdpIP-yuZS=t3lRyAl(P`X(8)he7Ma1T*qPz}~d_@O0*oxOw
zLHM*$!g14gw#dYRNdL(?b!?BSoNX3T(#u~uSKA-%rkUE-m5Obgl=E9e>cHzg6*?J8
zrdIm!@R-Fq)zWLQ&+bxf%f7tC&XQ|iyLk4;GNW=paq0g>b3(5_AH%~{q$WiB<|JqT
zw#hfPOo%4ZKBW!TwH_;@Q-P8A>Ss}e$W%R(QuTBDDV$qN2Ph1e>FbhGXz^(w344+1
zceAU44%rlw)ad`-u|(JG183#t>`4Rdv12c|hX}CAJRu@IJBg_Y6K=Iaj>ocC5`z96
zbRnGI?ui`EM0i%i!SDV=tx7%i!Tj#<N^OM57HO{<Y8FXHAK?4V5JtogQ9DrGaS8_o
zG8|4RBbqx|)R4`!A0La1t#hP+BS~~Z7t8ByPd8cJ(tqa5BZVoz*E;ubZH)e=7l)o{
zYU-6Z*2Wj?%=+*PAe@lKrp~s-Yf>T(<;3o9^4xZ%nSU+pbAV+W@Kehj`W)CzBNd9M
zGa>a3eOtNcNPZ|hP86$pH>SMITMiRjx(jWuOhTuZ3YatZZzmH~i$HnMZ@FkE+DtrF
z^Sb@lSN@VTVWf1Ip>YI{c<UGoJ|yKN+f8f8e=L<&n5&1W`lgNycI1AD7oRm4?seV%
zlWRmqSBbpEiVusEx<JoTZclU42mU^A`<r46%(DcT{N3}B#N{SD#FI$0u5er{f&~Wv
z^8N?1fqnlkWCOQ-)G>{t6Z=r9nyyr8m@Zebq2l&r!H#{^q>0yRvWb|D@dQ6E6C~uw
zC+im==B$6*S8E9inO!@G0KVMRLV4c42sF*6@74<QjF!O%D}$tJp?oT%sR`XvYoYi2
zEO0{sCiQhs%Tb24lA@gzVhGcW()Ty<T#n(7nUF|-Zyaz@&PA!R&hgudd<{-VFz<O~
z)dyifD>p^DEgps+?o;of$M4^4?1f9*#Ow?U^zVgk{r1l}t|Yk2t})=);BXn;%e<$5
zC9f5$KH^=jwK$a?$k&SJg&V(ChYHmj(|ww~Nr)_Z2ynt+qzqUorC=@&6>D*Cjaj*!
z-dCa^nA!!cq~9^DO_~dyq|o|DQ@$!=&Sw8u{(;xWr39$0i_~pXAp%&ugO29>nc8r+
z6{P;Xe8U|h>g+`7;m<R9aL^|I5nJM+bAjRyHK1JX%P00Ol9UR=YHfs{M(|zN-VH~d
zoXAGKkGdQ_KPe^yd`{w5wDk2H#qjvfh?DnkRAyV%74zV~Q5ogGQQ1x5A$*Z~bZt;v
zyy_@^sbz1oU(-ffcrB8^^K9bfZkx*?)a6P8)jsUjL924uqZkKCEQ`XBI_-*TXSp4%
zS@OHq80!kRc}VK`t2q}F!Jx^qemvKxN}u`hI)bP8Cld=(F>f$(v(9v;y<H(eYvkzE
zt6SnxZ7C28CkOC0e`kuGXa-HQAN5fLAXVw#MOq0ay&ev6aPikpiVU}{%kuZR_)d$=
zoCm4Q95!cJ1^vgI>G!qO2~yuMKDs96Rw5yS^!Vus-Q(^wI@+hU`DaWY)TlndQ_XD4
zQ!T#cl4rdIiFi$)AzW>Nw1IO)<3SBr_{)1Y7Z`vbd^EYc=H8pC-hVlNB!bGBGakyb
zFY7G*gJ2|Jsrf9;Z+E<N$xnpjmT4QnBAxg9HP1!jfRh`4&H}!hS-Uw}sce6Y=JV}L
zI#NO7&4#ex@%AJ7$yz(=6~iKu*li-ZzOt#?9klW=+zp1iO-E<q$qD-4=XW&EHg5$Q
zQOsii@$a~K(23SDs!5^KuIP24k`x+ngfzF_5Pq;}!&rj_5shHrPmK%4&VEtaQ4%9=
z3F{CVGV`l{r;J|0(-J5GznD?4a40V>v^Ys9XP%QxeeOIJI1c;q8m8i*BJ6+f_bj2<
zACJ4a)DnMsQ+xDOx6yHK@w+iSfZmU4x<WEEL{A83^3{g1X4e;zP|WjxRGnHeg|Sx-
zD^n!KEXaT;ZwPcoqR!}93%pHzuNpISs`?a-iq>Du;#V{8KE881F+$8<?*9g;*m~Fk
z3km(4j<-mjO8eKd32LG(ur@3r9t~^0m{M-kwg{ivGsCje3tWQr7()bJv}z7~FKR%Y
zLf(gxiSE`3>XEnw3m46tM}1Wlm*u_+?BWZ)nNm<W^K)-9xaIgiI7?mh2AC5p6T!y&
zkdN$bjg_XQ6&<^A0>8IVd|w67IVL_^ZB_F9e?V7sVix*!C^jhX^o`dt);xM9bp0Hn
zN34%v2nd@-owFa!wWt;Zlhjqjwi#QQd-dcH)UQeO#f>!*wS&{}rrP2f|4AgV-6xXl
za5|UY-fWP%b9=}}lIT~v*3(!sxAVvq!#WPYqKZLLeZy{4tiMTF;L=LVJi<f7Im#K0
zMJkV0fZM*Ir!MqFzA8AK*jRrGR|0R=kb}L-#bKmizRXjvXea+;V^pt|=gOOnFbrHQ
zR8D%MR$jbBi#3CWAU5220-5<e3>z?SyYP|Ix@*&`$fi5Ow)bv{wDdl_#pYXewFC0X
zfi|7RR+p|wo)IQNh?b*NH~{`ua(h`2z3jDi@L*6>IJ32S-3oq~b=eaRbj}H(Yk0OS
zoS?E$fqF-?^B1J~-XdBx13f{cy%<S)WrUdg2V#AV3A!1s7iis`5HnTm(fDiB3V&Rx
zwG28_*H!C|nao%AyY^K+BX&g+%FNC-2gsK!plzVjXoe-uAdE32ki#`QLBlrpZ!u@m
z66AmKN{PYfypj>?%w_LLbYtq15hFUnC<bE8E-6J^*IEF+{r<DOLIpe8No;DsTGvb&
z($KszBqw`~8snT;ce$n@|79&C8lOcp^1}jWlMPVCCII4^e6DFbUBq}a+oYKGWfdDs
z`DezR+aQn|y4UdeQ*ii{OwLQLY|krN0`bmMuhUV}9wN(A%cSMojIF1~=s40Fw*Cw1
zzu@;Y?M@>PcSmUYDScBAsV0Ht|E6TByx*C>uSFR6oBYK^)2Ugqg^Q^Q<k_+f+dh9^
zmvIj$=Qd)GA*_8Iom)bOf11hEUVNR>FnB0ApC9tsYVe14GQ$C!zY~C6Vn14yA~#`~
z{R&^2!wrguU+Udl%PYRJQU7B5Z!&K(>4UCaOp4mZf56n~e0B%Tw+~e8toQ@5W#rDj
zjze6jCyu8?%!X!k_sJ$}#6zR)oaimFYg7Nq`(V>rHWdPXP+4-Un9O=igcUg?`G>gu
zBb@f)O(}50t>t9ax=d&xeeD9vgKxL*iguEUxtPcPyn{!YfEi7pc&|obrahpHYb&L`
zLy_h3e_&IKhbj0dutZGSkYwD$Tn8P!k=O5B^+IM^b%df~m>+uQ07u}Z75_Q6@ZW?M
z!l9~I4VXcyqy*csLutI~zs?&=fcKcG;}X9Xf2f4$F|fc@W+ehrV==%guO?K{)z2{5
zV4>*2AE<kF@)#t6gljVClz6+C)$F$zBJzM!TIf}kD~}XG&H%s+{_)ZKthPW^1c*l3
zZdUIjtJ$;FtmQ&Zd$hUJW^<JBo+Z^+>!Kt2`35CA+TZukadCh0sxb06m1lWs>qOsF
zj6JKcA5ZS889)Sm9tFUbZb~+67IU)KpK`tYNb-`2X(A$)_LZRG3{y0f=HS?6S^u67
zYgtPVSCS|hbr(bC-_<_MSUmex#UGq`p^>EQR-$F+-hN#NwwhIF$!^i%kJknj6`la+
zb=mp<(TctpFn{@QThNsy6%BDbXa!bV<{Q?k`uTukDSYR*Rt{(KFWHgxHbbc(louH8
z0o5@MjQUtZHveS-&w4msqJ$kD6f{y~Ix==kL^$wPM~vHF_iU#S@$`E&JUW2P*WF@4
zoRn3fT951s&s7sWMvX(WYn{O|k=`B?X!68uzM2@ea<s6R`#D(k+Y$^rHg5t}{D^Sv
z-l19~zJG5}wZEo-ogC`f{)R1;8K8J$fp#Bs@5il96?}~kA`x+oMm?<@2w4ptUOqi`
zKsuD3^M*8S#K^`Zb$n_m?7PI;u}C$A_eTR8kEpl8=IF5)GIvnhRBq{q=p`em7RRZw
z;(3NOFi7l3PT~Tx|2_{Da2w!(CKdSX$2ozgFF5$a+Td}Ihy7KnAie07IRz22wcs;c
z-oP8#np>>IpfL`U$9%z7`B6r0!KjNJx%PLeH^7inEZZFx4)8lLp>Q{Eon<Q>DZ99&
z8e<@OWk&qO8@$7&@eSa3M#SS|%vV&ll6@_Hk~y1JbxBg^&_}X0bKbREeYrkrrOgr*
zM`F5`)3kL{-VXINu3B{F^EyOJ#<e<4o`<^8j$`uMsDXqVoWSiHc^sAAoq)`cdv5ar
z`Ngac;_Il1Qn@|2PR+_Xo4<G+W4+^S|9b#)^z*VJp5jxxnX=qEr`djrbTYGyx{Z-y
zM6nW`c+T2vmox+4mkVm&ItJlrO+?fB3Z6t({2Wywn>7yz=vy@({=_t=_;z(e)gLA%
z)F$D0TI~lJhVm?ThnYc(g!XTCyIYCe<gW-k#QQ|vK0tG&E3{mq3W!g@%+V$VYF<M)
zN0Tz{GcC8T{trmH+f>~d(*9fE1i6uDj`RW@qv2UPrSt;Eu%mRBY;Ip1P!Jk4bt4Y_
zX0%m4wKjD3_y(1pxer*YdX8_v@{G6^k*3jRN79x4SEoV;A4|QgP|0SYAaW}RN1Oe}
zGo;sb=6KMjIDxkhzl6_4J&L9ElyTUQr|K;9CO*kHt-MJC*1r|IAqDK73}Q+Q>2hP7
z>}<LEN_rZQ41J2OF+@;u&4ibTsC{tqUpmFUp!Ua(L(7Wmuz&Looz_);%ixPOJ)8%<
z$(-}zz|BUix$}G1?M+Ux%s%ZFo-!^%-{j6wadWInzO!zd&$!5YR;^wNUeP`f?`=J7
z@7{ZKOD7Ib8ONdNmU|8~3tU6S3IF=hNd4#c_DgGr*o-Kt1;U95OrzL!V?oDT=g^TB
zCl$50{qlLQ4_g^KTByp_ODrO&pgOE#NwfUB`(Q>`i!Zq|rFg~iPsM(8&nE`GVdG@E
z8~guap&z{chGYt{lIT3mr1)F8a<6@|ZOAjBZc==!5JEyMIUIX0A%4816EtffGs3x#
z<=>P=Y5Vagp>tZ^6e*K9!Q9WC*MGn7GR`r-Bq!vn2!k|}tC4_h#KbF(r4{$?lb^wV
z#g1F(X3;i{dvV1VA*}3h82QLYo_|{a?v<xsqcPxwQ7EGS4P~Lfj~wS`^}xrW*W{i0
zJpZMbkP8}q{pu&$_4q$xRCKpb291T@G>1hCO!w~$C(0jbJXO-q?ImR%8RR4(`Q?g^
zoNe_sp1N5)TP+N*=+8`Zy~vgmitYq0{=SK)_`8xK3<TGFvPBM^_l-T+HFzOqc`N^X
zh5c>(ljROe-MI`l@VvlGndH&2b%E#TyYORZcdbmm-Y>~xQ&8x~;f!-Bk4E*j1;+x>
zCbv@Mt|~)l^1BxiqRJx=4=V+1YxVJ+B0(9@kKQJUAhu+-;_?EQ)0Jd}q8p}*?V>o~
z)VxP=v@?Gamv(U1<wiOd?qtJ)UXxqT-?AL^Ok;GF<*wL_q~T=oX<??cBA)audV_}X
zwj1{?dY*;zz1d`+kw|pf>XxN0tgU*fj<n@E+<f4yqE!Y&qYw(a*~$tLIcwM=3@bn2
zf7>&IF0Dm`qD;;`qC;Z`vv)7P>}S|5X&5?;N4}sQ5}<jA3lQA$TAyM=jaashY<!?k
zZ)Cmt+o`hm6x6ad!Ui-GJ{RM}s`%KF!+0OAvhA`8T^y1xkBo5^em!2+A4{vV`NnCw
zZ?eWF(b<AL!Tquybhi&GrU(?yZolhmgc%k~<N5{+vD*Hz(*IN(<}gxyVf(%RdO%0!
zc0AAMUm2@{K)}VRWc+==Dv3c4FO&JN|9>Z}>fci}5d4#{f>qfWujc)`1}0ALM;;px
zAX={5CXC)!;a@c{At))gqE2VE8ONPDyxwLigj?MoIPkJQs|ARaySh;bN8a9|8U_Gh
zZnMx@wLiqbkGGNEo#eh`e1z=k*xDZv<vwd87<Wha#RwL@-5if)%`cB>(AU*}8Cg1I
z;TY}|7_qd%G0E7U0FOZB)gfaTE*Q(j6W~x^N1FbvVf2e5F)g=M5a|XXx;e)9kbC6!
zzIEn7h{Hg_4;MeHFqcH}$?sAALk&+!g|PFCYCkHlvAQNoJZi9$kg_<8-4p<VMaN^%
z(jL<G!)3s*R}S36ic`81>vl?yTa}c)qG78Yy;sFR=BrwjaWCa~xW~H6QR#h4Y(p5`
z5)=MVQmW~X6BiSsd4j)80hC^d)P$h?HUNM38#R%R^PnY|RWjG{21l6<U?}IYayqN>
zADNpKMa2}Zo2=%q+$wPNTdP7}RM|X86RALrkcd+a${}-f9gq+^U|F<?GWX^1pVh$|
zdOqqolm+>AY@g*B)KQ#sAF5jSp#+3n!WxdG&f;tN3r{g^$i$t=$Z2RuSVLDeOWqOc
zH(7FenAdZLCEf2mf^L@;|Lyd?>|C~ONa2+y=_20{8os{3C88p&x)DP+%K(mAnsYAy
zYL-nN;$dcH<7<;a6jY$MxLybf51y(Mv!q1T16;Au(#Vs^v46M9nxJ#5NCdQQ@IF-~
zo^XEkKGCKgWFsSX3A09Tz=65oeXPY>ds>~X%EQ^`LClZ(CCJRCU8s3i`IV+PEZbaM
z?-w5E%U516XYRR{39F(-9v85v%c6C(WiVdYgr`I{zd-=0&h6p+$Ww9Av1o3Qlb*tm
zJpcmer-S9B*@l>LGfaA8{^K^Boh$8v^+N4a!W(rU@noW&53B4ZO|~@QR@+R@!>2sj
zJj^n^cDppsWfUU9!eUT&6>foj?R{_kPTWSC1ZNBmF5X&^LTnK2u*MrBzw#?sx$16A
zWy)O*<993ZII7FZ3$8EE>?57fOQKA_mhGH=zrTG#ay%1XIY-HmSK5B%Z^)7&0gw?8
zQQ4q{E-XnD2{*x|)Eu-R6`w8=%=&KEgV9pIW<Ac#Yx2uefT;LUFJuWSy}~W-!WmPI
zW=ms!iRQ4guW4awS1MZxPlE|tyaIlFNakRa7RpvO>s8KCHrVJ<TKcJ{85I?hvW(si
zNQiquOTW)_W9h3C_`16dm0$ZBc^WKacPz@L-pbnP4|m>>3#0PMg4WUk9q&k|4|@S2
z+qiy#sg6|UM+-@WPVX;map(g;ATeGceeOTU$af}c;GI%Ul;*)*YI|XQxlksa+uQI9
zDh3t8mYdO?n8)~sv>31TT2tZQB<Q3u*uN<hEk_@-ebRj%=(z`f2}EbMW(IXM#7S!0
zVGe2No|*U~8*;(E?_2DwW)ap;%e={g7@TJ0p3fgEDSS&=ZoZ-w+Beg48veW2{*^=|
zQpjY16m~O_#tUKU-@}ujB={))-XakHz7flR05LOlO38ornJey0WFxkau#<>9V8mJN
z7XqI|V=V;tRh)75tT6d!o(>~mYG{<<YEB4uY_RHVw?X}v<aL!R8SAjNC#jVSRq95P
zSqyga&WG5B7RrA-<EmgUF7R4lhT#wTec-YsK+lc78Qq{PG~9aBmDK2X`-O{YqhuQ~
zB^!#zo1lq8>DRm@`YRi-MV>?Mu{n@7;q|%+e#=%h=R$*0xgjl4c@6ZLWx*xg$s%m=
zSI<Z25rYvD$X}~M$fI6r@3~ecqkS}glA0SrTu{XOeAD##G)QPB_u-}0yAQoY!n{D!
zl$bM7GqN!%fGDr!NN%NWRm4-<heV=1F;pJ>?OF3)G(eRbkULKpWQ!e=uo(V;@>@B2
zi<ym)VMMIlVJ}D%#!4DXb80j)0<f0wMQ*$${2j^H0-GQPsvLo@ucScZkE*v{{5sAv
zNU<WI32(<XDzt-7(R?9$Jzq4=<qADkBP0>a67kG|(<L`pUhQl6Z)f@l7WI)mpkG_f
zB@T|}1-7?p-E``okM0iWlMyh-d`S9MnKsKDYcpxEv3IP&RL~v;N88!|m;`cfCOMwJ
zby(T1<c7ohi33?F%36T|(;K0YBok0Cmcc>93H+NujeWQ%Tq%38$(3AdaTKq9fAqaS
zn{cfIt*)TMIO{V=VVQ@B{ie0;L`}F59;v?vs|T=xXrb?<KyCkIJ};iYitL$4gA==P
zjNR=4DVOsnP3zhmn`(`G*p5Wt>6E!VJ}Ka_gKE!%8x3@1!G=r3L%?iNa<nXb9N6Ni
zq+bM2bM-W6Ig3^JrE(Krf2?-P3wXp5BJ@M<Ct}#35tkmdy5#83i0D=Yo5}nFn$UD0
z%$dOF^b7ULt`yA5x$)vzjIt})@OEn=m!KVH99nCP8q0nTOVh9du0EP7AEL)|%Mezl
znLySJu31E+fHb41q9k`g@F7&Dc?s&)3{hYH(AjHTwG&xy-zd&C9+$PE+3oAGmyAT{
zQhZ7a6!jiW---wjgwI`}Mt+G4y00@!BrKo5R_WRgI82VC#u}nrxa~>{PI^fJkfb+e
zf9NN+->pb)+n)$l85_T4-=nD9Uz(r(S@{F1)#&X)xl^e@W}j9I4lo)1;B6Z8vE1kd
zwgY@uXuij|X4OL&7~b)FgV~UW>0*R4u)l1%`pIN$j>Cf29~mrIMuR=oS{??GujAff
z(}g%7qju+h1`3IJ+UtNocc>{lv5%MzuTwXl*@r1QE(jh$;{k5VjzpR-dNnvi7GpDn
z(r6}&Ul^CMx8MHw{2}GX&$V^CdD3JF!3Mh)bi)bxrqz^|4Vcmjc)pjn1?$yMJ_NhN
z1o=|2Sd;+IptK=Xrf~7o@1c3jnS$jwv1-3IJ>l}_NJWtNhgpG{>0(m!RZv_8^ex&L
zNs5#sVzwUr0d=S;*Kc~RoU!-jWFU$X3gfL%ec=8=wlt}zAy~gi<4pW5@yYE2AUjt>
zV5YThCCO5^ZBK)$JBb#@rrR&|13|ma{S-U#wJyjb0$Of_?yG>Lom@QLuV-i6d)x~_
z+pl$5*;ep|+@_+bdX8t3j*^uP8uQr8&b>YeUNKo^=tFTgIN1g^wgTRs-BF9zX+0B?
zY+{1itm229M9g^^p!O!v(ZCN%t<Pa&dwBsn-&-~s0ww|0@Lx7wTl-G3Zj)7x^z*e|
zpd#lrG{r)*m`cNz0VGHELC|&1chYzLYa^c&4<5eqz6q`Hu1r~idb**W7$tVEB;@tw
z3-Qqfvlc9nPFm)V$od%fQga!$=Gqd>q7Elw#P%zq;wgsm(1{fa$Xlp-xT0e(VE)S{
zLTA?Qv6%0nmCoTptb{0VNyD`lR7`u6YW0IWeKj7()eo57EIlW;f7ii-F@raHW~}nZ
zkDXH7al6%(s)F`;MJ)})O#YEX{GvU$!l?cMWJq=FE;hseDdQK(WLz3i`!MVG{!y<z
zb+=E6<4op;yC>5FgQnJV=;msp<hs)>mDr)eaLZx+TiJ^s+CG|Z=Ubmy(X+~EtJomT
z=K8;CH%sf(wr$AUSoHqbP0DxG=xrJtn`&kPJ`MQYD5v*lWR@4dDA*SimHi0}?u{>A
zaU^2IZdXyQ0u3m(`Tg+@Zl>ETM5$?}d`?u3c=&WyXZw-%x$P!=L5T!NjXG^TEknML
z%X81J*M8P=c7*;x`ZGsLl;LAe2^6O36l<y59~Y5s$10`qXynh63Wz^EdDRqd%Mkd1
zdtu1<GMq2miZrl5G5K@k=E83mDwWfmS!QK(JA~qElw&WbKFj&0x}Bm>DRfooAOig;
z&W1b_M5z9S^1_2petJ<o1_`FNNUk_6au^8SfN7EWJP-(a%V98R_qU}}{EA*>3Le?e
zRO5r{Q_MNIT!>Ed6feCcH35Lzup?uEEYo{c0e2vsDdug~`hwWuDlR|G<hmw{N=^a$
z$AQptqa%Fl+mb1s16*E;iqo09ZK(G^=eSw*b6NA|40KcI11XpS4MxDkN#XAwsyLi(
z1j%6wTyv#x=Dp~Pi>d`!zEGwS{NdD&Z7)#7In1fo@Tp-9F8ec3^x^S#r2DnKUO3g)
z>L1m^n=zXg;W0g*F0HOcOnBq#txh#N4@-$fug9FeWgxpp2%w|@(Jz3Sl%Cs}N!sIU
zaGv}g0cv$rB*)3A%O%E=RIz@Q!d$RDH_odWnE#y{SqO(=)7+h7_-@qeSU-ljApYwA
zZEj^C7B^b<-C6ol2e9|=sN1*npYs?gMn6ROF+1~|;;9MJ{~n1@{Eo-lj%XsHj_%NF
zEBOzSdPRp^8_LkQX<VZifn(jCkBPy@B4iI&MNG2+D$s`k7CA>3)DE*(E2m`k2b1lu
z1h->N>(V8p56)XK>(HBEnjdT<|KT<Y#()cT&Y=}7Acucd{_)Qj&J~z?Q_yU)5g$|l
zoe25<dF2RX$O8HKpZebf9x=Tf!tcsFx2R@>1$UzOR1Gg{gR3J#bcvK#Tr!nB#OJ{K
zG$eDJNiz%?vPSKArS@LM7q!yLV@8`cA9?3_H1{HqQ%3G<{){mLE2-%s>mMTga(dD3
z-%;PFjbE!7d^Vm;@%O)V{Yik!dZGpV`Dx`~qdWD%5PzjHOe*{B#A4qEo9wd?KxTAG
zg)Y+pe%OLU%h`tAtR=oNxA&@a_swlcK0A}}6_C7AJG3~}J4og#CRrhu@C`z~wttKC
zN@@c70Y%;O^ofU*W@zz{B~9f7)Uz4bwMJ@jCUv@hYQ2BvPwiW#%%1tZ`eJV9!b0NF
z(LyY#;0DoGlTUKha=oC;0huo}y@N#Ve%DX+gor0<*UY#PwR7vAgl+bL=IRyK<$z=u
zzA<dHb)A8Sk_4r)F|vo`6~&oP-=QjG?6%q>vrCuQNtOl&LaRlo)p`j5;Il|!v^jTA
zU<3%hRtD5m)jGw@7Iq2J>Ac}3+}uZQR+Asz?oS53tWf=K6@Ej{@y}=}6|`I{z~Xqe
z-jrYCFK^<a*;Gt?=W9!Q|6Nio(ETo{7t4Goap3~kj%rL_sz40wDYt4ezo7X`Si<;~
z$XWXLBeN28o&w3v6>nL-FxWi~0)VgAZi2X6Hexo7#WT(Pi90tVdT!!QDb-uyWt*1%
z=-I$@bJtuS(ZeG;Gax4Fl(2X#P^eWTxrhJH$OMYF<}IPV_QB`RqjFuBmlFvu1V7P&
zeU}PFVkH`{^52OIZg4Tp*H04yNEbu<;!*2v*^PzZO+=KZ<Mx4B4`cm}EYx}#>4KzL
zPM&wL^Na3Kj>WKKn=EmWpkmXN<a=<U<bx{Q)=AUEp~RGZhVJ$?%Xvkl)QvN3X_9|=
zh{bQGwZm^QKA8SccTD{~x!ONR@euqG1_aZoywGf${z;H;h%@gFhtv(Wx>gXdVxhm`
ztEBMtk=vHDFU5_N-amg>^8S;-d|^SUhFTX15f!O5CHIF0J<lP?cfolFRoDnnyQadF
z{pUFJ|3S={(<M*StUFMGKH{GPo!Os#du`VHaFLY1HO%czwF+j}h#A$;rrNKq#0g8=
z6e)}jwa)|j0>Js~e|<!9pYa<5k?Wjty)1z>2V-Vz3d>5pA8DoYO#;Uz72)IRxUQ@w
zxA)qsW(N)QVJ1dk6+dY~`Jb_qMP_Oc@k^6(h~^0r+h*8zWW24=5UmVK7QDh)_)HFR
zwHWxbpY{dp!aGj?)^#*Q4>WFdu{}{F*vDl0hVv8@W-9j2X_6!-pbd7fnRNO_>KWF2
zGIiwB+z1z|`CxF^t!%xXf%>j3)9skXUSwFxJcVX@C9eJt>|s~_!P~>Ba>_K5@$asR
zKSoAz*ftcJHbT=}E$s$c=6=LS<yO0(&B%R2zw`(P>&z^s*fD?Ls}R9g%6_pK|LcTm
z<IL`aVh@_Omjk3^m%q<+N6P(Fj9;c4G~Fft@?h|#*;Jpx*a^fqM{XEUFxwD6hF<pQ
zaSxU>3MQ~5#;GBCr;8`@gz>v&Ls|B!Mew;$0Y2M?`|J8sw{`5j)t;~f&%_l8(gEg~
z{IKRgF}DZ?YbY7Qu1f@|eNg?cQ{RDlhSmD#$s~hdi8$FRyZrTGod?YG!)(1lPFjD$
zt6W?u_ud}k0L~pU?X!YqF$<s&zTVw(hK@?uY2+;RiE9v_wa$abf4I0raGrz;<iD%_
zT<3cvY&#|TgG|7G1qqOSCav~!2jmk?Gg;2rg)9B?h5uFNEm6J&RO6v<H5Yno)8wDG
zxY4PPR{b_-8$T69b|8uMme##wq*7R%>F+#Gn76qpeeU|>+KUQh*5&&72mcn<Q2Sl2
z9%#R}6$@O)iOu3pm@YFoDWOUNj8+P2Z++YSqF9qAW3#jI<S_~XrO-bcwvDE}E5X_E
zJBk%5=86cNxiZTxJmr^kuKjwr^CobT;6q;*DZv;wcsP{_<_JysdI$dZ4|$NWL)`&e
z^EmS@6J{Vo#G_VNldBJ$&zXU%=zCAh`^N<AYh+mF!KXiYn^RjJQ2+Sy^9$SE#o5N?
z)p_!B_+p>|^Zs;gOIVfMruw_ovR<zD1neS@9$AyhzxHo6q>ZvB!eq-vynjH=@kgC$
z@J`qL!;OXe?Aza%3xTr`(BI74;gku^KvuG%*2<sHL{4LZfrKH?J6Z6_{gmtGdCP3j
z8IER%KGoTn6mlHMDeEGGrwL<0Cu}7Ul=<5SV31#7?IeO1-(1>6Jhfla=l?Zz=HXDi
z?;j8IVX`xc?7JxYn#v$UAu6(F&z3A%Qent8WgE-LGAM<tS;m%q2_Z}NHCtj#n88>F
zzoT@0fAi0|X8t(Ob<UaRKCk=ze(w9J8^sn2>3F`q?m9=}@;}r`yxg2wb=_`BOzX>Z
zFOzqs&!ee#+^at@tmC0mc=wGJqrWj^c0@fW4B51n<G~C{Uo6=Qmv~UkTPsXQ1=fnb
z^W$A4=aG_OaI4Ky4A(`dR(6qTea$&Uc-zdm&^uqjR1B^+y}jiY`;v@73>t*rT@IOF
zF1;?#)i}$3-Tz{ng0t?2AME<RNn)bJ+i5b1>84fP4O)W>a|5E&3Eg|gtDWmia3dME
zD{}~$mtE#K>heIq=4C%#dzjyTB*Uok=CZjO=2!2geNPWLKZwC8#LQ<|P=yt*MmBOA
zEm!l>%1W(UZ&*7~!^3%+aO-os0HQ(I$E<8@t)-7*ly*W4%wyy^Ka*;_a~jXw#6e?e
zJd1-eCbdtm5Xv~sK5C`1?yMK4NR>a?JfGjTP4WOs!oVCN`swepH;o5GEQjkVdSO=L
zOwANa)^4Jf<*x+osF!{_^O#`n0jX*iA%ECKLq`Vg&AB>X?1onk*ycRz9z&~#y(LCR
zXcC9>8R3-unn`;?>y@ilHSkT%IpXH9-HT1Z84wmb|IMis^qXR{RT_atXWU3Eu(&`$
z&f@f;1VUbJ$xI5V&gc_ZWiJ}{UiHtrvW|DUVJ-aXoErLGqbbd{U;QtL1PK>jVxy}f
zEFOUBum$}|d7S^IJU37JWl<7W?f_ZO*(1^09E$IAeqZwoyG^c#&1v}g*np<dx()_=
zK7y20XWRg6{4#2kCx6q-YSqlzmG05DeqaX3n~#37un&yE;fCz#=V>2zi8#{qu<81}
zTWCy+#l1;;Q66;~XL>?{G%D)9PotcUUsAk}&Na*ot}DcseKPu7<^iAW=d)s%jU;Fv
z!#%G(8v{=?Z2DQHqPglOr9QOBd;;BsdhC{*>x{dOc9JVxj1H%qK)H_;Ch~CVb(B(O
z`G01M5H(1hHx-ygxfRI{1psvgX2pSUyA_!u8DTEC)H_f6;)80`&Kg=SL9ze5Ui;Em
z9|b$(4aOgZpai`<<~GqA;k4ebZ@VSdv5UBHe>}7%p*{7X-(OFZ`)knq)yoBqz^j@C
zv8NM)H<~||Tk;q;Q#tDQl6A-ztzeKCvC~;dspK&)6vR4E#!}#aL7G?*WZd>vUI&l;
z)IiQOK?Y6Ur-5`2y@ohpBN9VJF~mnu-W>98FD^9qCK`WwkljNdph6lmB3VS$S;w`0
ze*JFO5@zs1sj#L^GEL#m`4(;mLKBjLJsKjSH;~l*<~yK8IytsTeBah(S2POkr1W{D
z<CW|)ufeFG_;~7a<i|r?^eA?#*fIC+Va=_GW+WwfC%!pkY-XuUX~#?!wJ<ITOuM#J
znm#$l-Ldj0*LL-p`}_WLw$fDpE%0F8k~+bOM@vMLQ;u-uYpRTN`R&P`9F9NNrSw$h
z%a9pKbzL__o2uT7inBGZKh|d^4KvvyXf00z>heoz%!SndB0t_zyMefSY<V5nzqm_f
zX+XB|u)U@2Zs&`bbbF2sn$6}^`JZgE>M9v3#mvjeXU@=i-O^AqG|-h+nnOv1wd{I@
zSg{T3+)d6Bu0M8P>93@#a2dYWyE=i<BAJCpvE3?eycS!*WB(IT=W#|JW1BVse`}11
z7Bx3J|MG^V(s}by8q=*s<E<*cF6pED8h#Z^h=BKJrAN!*t5kXSBY!nGNFB04mFOhx
z$<E^f#|X&a9ErXoV(G5}LtlWgP7r5+lbj@-vNj>GdbJDn)q1LRePK>BdU?E8AJ2*}
z9$E~u{FL*EvOscRsWd}N?dkhaBT6`#ku1GGCC~yvzyKEaOJ5Irw3pyTa$N9rT$@4(
z={P8VYf#Rle$_9`BJRn0_+*Yj%rKWXnoC;uJWcCwfg8zdG`GVD71B#S1^>tkq^?@0
zK#^imm|`<|+}AO<+%<e@Uh)a1{^4wSjqeQnQg=f@;XCSREh$fJ1|td7W}pJR5kGIc
zD}><vYI9eS5!kUg)ET4whdNFm%^V;(5A<HEeok#q{vJ7R><Hl?BtYk#MVVd&egEz2
z+5bi!<7bS=+n6T^|JVRqhu@*ljWoJ<LY61@rbShiygTf!Wu(|&KKw&}jLhVh{Xv$N
z*R#yzF#nM7gbXE^Vi!fzIrS_?vd2$P@aN#6!8>ggEWR;kVkmnGntxBEOkURFyxew8
zsHB0iC7XuOau<5Mq2pPgov>I^xa*oC!*pJumIdoj(*WjuC9hqwksp7`lM|Y%4z(Zy
zIB8-0Ber+ya~8s6-3DOCa!+EF_e#0Q@`KTjM@VkhAKws7ACNxr_VocGZiMuVKHuyy
z1o}?oHZlSIOw^e!W~jQs<Y&=?6q(TByQM)Eyfp$^^kz~xgZ;-p{Mm`Ws#Q(5(oV-@
zS3enZbMFr%E<NMDf5|xBwJ}4ozwW|dE>IgX(3ax$YalX&a!?ua8yEO3d^5?LyHwnw
zCRfh8a~hM%K3e6kOB)@{q36S$%Yu>yojF&8uopdkmm;rr8uN3snx0hB7@ct)BHfK}
zJz(nrjHFq?fzkkTESpi~1L7)sndWD@k%dCj5UTVL?dt-^z~-U5+bO=m56cRmH<_+P
zA2rpTQJ;!e^;aT@gmE3kck|@aRUQ7EXU)S!ssLSk4?NnRTnuHCVvzH{`NoIAke-ZK
zDD6nTNEWX5oIG*R>-7H<r`1H{w|g~Bkf4$ZNy)T+N#YOXRZZragB_7%fh}KZDqzo=
zWENg2Tm^c?h=!{=iKogh=2q_s)*S+VhoDFL_bk<mY+JTg`FHEZU>NJ5<)TPHLDP&0
z(CNB5?A~F%KuHX(q9xt?_65$tq3E6|!<k8Z>gF|sUU2@=0%OkYiGd#P^E?_0ny7-K
z0C6>zvQF6$bfNa>AZZ8sw50>uc>F|r9#IL@O*VN=*Q)4bYrl!jtu@IH_*Q+E`N1dm
z9XC|;2fC09c$ok)3}GL5bL!#=^sewgAAz#%=Ey^x>INOY#Rrh=m&zo!SDMurE_Hrh
zs0$^HorO5})DS(dz1Y2@E;v=dIbN-ueIWR&k7`gQd*|pNGi!n2?sKb^X@eL9lKsYv
zSM9$^CmI>#n_pDVXk+pfy`(n|d(5gRM7fO<P~q#(xNO=GEaUJ>IN1%)PYyuwZBWDo
z%u>HG$yPKL3XPs))g;)$;&hQ!E&@!>zQTfxmh89@_jenMUE1tNX)8PSv?U?dE?3s8
zL+E*~XtOFgu>)O=l<*Tm^mH@%utJo_e4m+Xt(N%!^kAD`DN`?bD?>1>l}8Mm9dJp~
z0V+he!J&89>XRYmkfl*JUB5$>D(}l}-<y`w)rMke%mi$kg``6X8&-m^N7T%P5$~W+
zWnS3rb;xoD1yvrcR%?C19lk5>N4&}WwuF?K-T`>8LAAA71c!`C<yQls<}bf}l*P_r
zIy{;m@BN}MUFj@ZnYRgb*-{q{EcjIX_%G1K27{k*>4khwV{Yav@#>&Qy{&-A7Z|e|
zIrOH8q*7mPV8oWMg;XpfBU$rYkUvn*gyPO8UR2v<k9HkM)~uJ$*r$J%Vnt%r-~wK}
z4$6MpY2Zs>GNk0sTAf6cu&`cASMR4udmgJYUPYpgCZf?sK+6FAMtnI_lg^3P<x&lF
zG)!#Tw;1I)-)A_Ty$LZa-VP~8Se0D2V&|0{xrtw@3}{6hD+m$11{-5mCzy3r{&@$#
z>#y$x1XrGw4Q+3{Y8o2Sh+(XGI8M!^R~QiVwgc_1pY`CgC$rprqptKztkYIS)N1IF
z{2L;Kv)C!@lM4j^t-h}k@dK%%uoE8`4od=|K3Gy#GHqtGDUN7R<Gm*%^djJvgk{Y`
zSM`6edJp_^>siuOXKDN$#NbS)!AB=7DRJvHjK~#LJP(V!$^3W~@CRZA&D*FmlKhBb
ziDzXWZ7lXA2u|->6q?nC-(N{|K5+~x9E+1Rb1-i}!oXb-$&>rqJnpq5WWpZbmjTsU
zk|aqu0JSd!#5G<p_d8(mAif6_0Sa`ROlqefWedXH_8m7=OQb+HkVcO@UYAbQNu?jO
zq38PlfNao(zW&z<A~1Z@lNLARt^Zo0_>w0dl|o<t3)Cxoyf}Z*s9$W|#T9{MHX0s1
z6>iJyP!GThK#84XQ7SwPgW}1qc=BDxx0aW8A3!*+4Xp!m_Xn+16+x@^uUCDW)myqh
zsMRYQR@lNy`xITLUZqyLY3UKsm1&j9>QOx41~P{ky1<+@al+)6@_r(=x7=pXL7FVI
z+v?&fhYG1Gu3Zv^qp^HHpmkOU5ZAXH#eXm4UMyuRn|(5F%v#RItMrZ?Xv(<1HT^}S
zkDU)t_-~iFohA%NAdrT7$)JDJ$Dz8|5W)`bLLa|5Y`rEDZp%a6|FRWfj|N&gemD90
za)%)&;h?~XDWMmr$Blr9#oMCgN*y4s-HI+F%y17SuK&s89s3D}sHl*EZ0#!>j`>{d
zim7Y0Rdry4Vg_yvpsbMw-FRn0(SO%HvnT=t@BG{_`ya-B_9Gdl3n(82`&DnxgH~8}
zqw-pJA$vP~W2L6X*$>8XDyob12g2eerno)7vE!eBFZFY1)<(eTpm)8fv!?j(>pqqo
z{A>tfV^jy^@GpLK>J5E7fNCfOoe3W2?*})1k@1-anbp{4j~(NN;Xy!Va(fVp?&(cW
z%6)MkiOpt1J6k)H41k|<*R@Q%`opta6n}XZal*6jnMw<IFppX?cY&R{_b?;KB$sSz
zmWK`uX^*V9xE&{fEeF+IXSyQCk>^e>YkB6|xEBn+Jh|{+KH%`cOGRGsFn&|xfh${#
zed*@LBm>tR-3GK-!FJnse<`P&d0T4={+7{$iIDI&F>6<_%iIzRXz-9;)g2R>D7m%J
zURH@cBR?zeteVWS@TRPU;xcEtnkfeKmVT{LrROx|pN$GC!jmOd-Y?=RR8}%;$-~Dv
zFm%(haNgKulk;XHt`8f4XctIetyTdoWP}$sEAKdy-qoyo%kVOqt8d%SNkPJDdko)K
z3e{}g_p#Tcm}rlBh5XnDm}(tQi2~Cx5|{|?RI>8OfX6mQ>XUfBpv?kE;A=}2NPYfs
zb*Xz-cZp4XP5E-SkPWaDG@$l~PyF7l(9-_<Ln4Rbcd3kqiPdq(FOrlE(jKbev(Df#
z{dv(Tu8GRHydI@Smp*PLl@+feBk@#pq3wiN5603X{mmy6*s0)rlkpz@hK0wS>1Nr7
zs?`$hJfM#D%XVCYBi=ZbjZ31ZA|EYzA(_5!(G^LChJ^zQ(LwUj2%<1`8D#eJ<`Q;S
zQY1e43BCd+J<1u!ngE3)yCx{=b1Scl<KD*D)$UU)GAyP+0^L@q5se;``gEkUeJWX<
zqq^s!b~#b+D}uMh;zOMWO`lZ`*<^?nk!uLX4cGjkz?&BUB7K$>pk=DhXP??{_CJMD
zm8m)=$gwME+B*sN+(-W}3;k6oOMw2PAtJS9bQY(2=ii@)RD%}s)mAg}kwa(9Cr=f=
nlLJ3;92WQgzQcGE8FvHele0Qxh$V$*fX^+Mp2jD2>)`(b<dQu^

diff --git a/scripts/automation/Radius/readme.md b/scripts/automation/Radius/readme.md
index 9ae179a61..3e2af227c 100644
--- a/scripts/automation/Radius/readme.md
+++ b/scripts/automation/Radius/readme.md
@@ -4,11 +4,11 @@ This set of PowerShell automations are designed to help administrators generate
 
 ## Requirements
 
-This automation has been tested with OpenSSL 3.0.7. OpenSSL 3.x.x is required to generate the Radius Authentication user certificates. The following items are required to use this automation workflow
+This automation has been tested with OpenSSL 3.1.1. OpenSSL 3.x.x is required to generate the Radius Authentication user certificates. The following items are required to use this automation workflow
 
 - PowerShell 7.x.x ([PowerShell 7](https://learn.microsoft.com/en-us/powershell/scripting/install/installing-powershell?view=powershell-7.3))
 
-- OpenSSL 3.x.x (Tested with 3.0.7) (see macOS/ Windows requirements below)
+- OpenSSL 3.x.x (Tested with 3.1.1) (see macOS/ Windows requirements below)
 - [JumpCloud PowerShell Module](https://www.powershellgallery.com/packages/JumpCloud)
 - Certificate Authority (CA) (either from a vendor or self-generated)
 - Variables in `config.ps1` updated
@@ -22,14 +22,14 @@ macOS ships with a version of OpenSSL titled LibreSSL. LibreSSL is sufficient to
 
 To install the latest version of OpenSSL on mac, install the [Homebrew package manager](https://brew.sh/) and install the following [formulae](https://formulae.brew.sh/formula/openssl@3)
 
-Some packages or applications in macOS rely on the pre-configured LibreSSL distribution. To use the Homebrew distribution of OpenSSL in this project, simply change the `$openSSLBinary` variable to point to the Homebrew bin location ex:
+Some packages or applications in macOS rely on the pre-configured LibreSSL distribution. To use the Homebrew distribution of OpenSSL in this project, simply change the `$global:openSSLBinary` variable to point to the Homebrew bin location ex:
 
-In `Config.ps1` change `$opensslBinary` to point to `'/usr/local/Cellar/openssl@3/3.0.7/bin/openssl'`
+In `Config.ps1` change `$opensslBinary` to point to `'/usr/local/Cellar/openssl@3/3.1.1/bin/openssl'`\*\*\*\*
 
 ex:
 
 ```powershell
-$opensslBinary = '/usr/local/Cellar/openssl@3/3.0.7/bin/openssl'
+$opensslBinary = '/usr/local/Cellar/openssl@3/3.1.1/bin/openssl'
 ```
 
 ### Windows Requirements
@@ -67,14 +67,6 @@ At the time of this writing JumpCloud Module 2.1.3 was the latest version. Pleas
 
 Before Running the `Start-RadiusDeployment.ps1` script, the environment variables for your JumpCloud Organization must first be set. Open the `config.ps1` file with a text editor.
 
-#### Set Your API Key ID
-
-Change the variable `$JCAPIKEY` to an [API Key](https://support.jumpcloud.com/s/article/jumpcloud-apis1) from an administrator in your JumpCloud Tenant. An administrator API Key with at least [read/write access](https://support.jumpcloud.com/support/s/article/JumpCloud-Roles) is required.
-
-#### Set Your Organization ID
-
-Change the variable `$JCORGID` to the [organization ID value](https://support.jumpcloud.com/s/article/Settings-in-the-JumpCloud-Admin-Portal#AccessOrgID) from your JumpCloud Tenant.
-
 #### Set Your User Group ID
 
 Change the variable `$global:JCUSERGROUP` to the ID of the JumpCloud user group with access to the Radius server. To get the ID of a user group, navigate to the user group within the JumpCloud Administrator Console.
@@ -86,23 +78,23 @@ The ID of the selected userGroup is the 24 character string between `/user/` and
 
 #### Set your network SSID Name
 
-Change the variable `$NETWORKSSID` to the name of the SSID network your clients will connect to. On macOS hosts, the user certificate will be set to automatically authenticate to this SSID when the end user selects the WiFi Network. Multiple SSIDs can be provided as a single string with SSID names separated by a space, ex: "CorpNetwork_Denver CorpNetwork_Boulder". **Note: The SSID and user certificate are only associated with macOS system commands are generated. This parameter does not affect windows generated commands**
+Change the variable `$global:NETWORKSSID` to the name of the SSID network your clients will connect to. On macOS hosts, the user certificate will be set to automatically authenticate to this SSID when the end user selects the WiFi Network. Multiple SSIDs can be provided as a single string with SSID names separated by a semicolon, ex: "CorpNetwork_Denver;CorpNetwork_Boulder;CorpNetwork_Boulder 5G;Guest Network". **Note: The SSID and user certificates are only associated with macOS system commands. This parameter does not affect windows generated commands**
 
 #### Set the openSSL Binary location
 
 Depending on the host system and how OpenSSL is installed, this variable can either point to a path or call the binary with just the name `openssl`.
 
-[For macOS systems](#macos-requirements), this will likely need to be set to the openSSL binary installation path like `'/opt/homebrew/opt/openssl@3/bin/openssl'` or `'/usr/local/Cellar/openssl@3/3.0.7/bin/openssl'` if installed through Homebrew.
+[For macOS systems](#macos-requirements), this will likely need to be set to the openSSL binary installation path like `'/opt/homebrew/opt/openssl@3/bin/openssl'` or `'/usr/local/Cellar/openssl@3/3.1.1/bin/openssl'` if installed through Homebrew.
 
-Else, for Windows systems, installing OpenSSL and setting an environment variable described in [Windows Requirements](#Windows-Requirements) should be sufficient. (i.e no additional changes to `$opensslBinary` necessary)
+Else, for Windows systems, installing OpenSSL and setting an environment variable described in [Windows Requirements](#Windows-Requirements) should be sufficient. (i.e no additional changes to `$global:opensslBinary` necessary)
 
 #### Set Your Certificate Subject Headers
 
-Change the default values provided in the `$Subj` variable to Country, State, Locality, Organization, Organization Unit and Common Name values for your organization. **Note: subject headers must not contain spaces**
+Change the default values provided in the `$global:Subj` variable to Country, State, Locality, Organization, Organization Unit and Common Name values for your organization. **Note: subject headers must not contain spaces**
 
 #### Set Desired User Certificate Type
 
-Change the `$certType` variable to either `EmailSAN`, `EmailDN` or `UsernameCn`
+Change the `$global:certType` variable to either `EmailSAN`, `EmailDN` or `UsernameCn`
 
 ##### Email Subject Alternative Name (EmailSAN)
 
@@ -184,15 +176,25 @@ After successful import or generation of a self signed CA, the CA's serial numbe
 
 With the certificate authority generated/ imported, individual user certs can then be generated. The ID of the user group stored as the variable: `$global:JCUSERGROUP` is used to store JumpCloud users destined for passwordless Radius access. For each user in the group, a `.pfx` certificate will be generated in the `/projectDirectory/Radius/UserCerts/` directory. The user certificates are stored locally and monitored for expiration.
 
-If local user certificates are set to expire within 15 days, a notification is displayed on the main menu:
+If local user certificates are set to expire within 15 days, a notification is displayed on the main menu and the certificate generation window:
 
 ![certs due to expire](./images/expireCert.png)
 
+Selection option 2 from the main menu presents the various choices to generate/ re-generate user certificates:
+
+![certs due to expire from window](./images/expireCertFromWindow.png)
+
 At any time user certificates can be manually removed from the `/projectDirectory/Radius/UserCerts/` directory and regenerated using option 2 from the main menu. User certificates can be continuously re-applied to devices using option 3 to distribute user certificates.
 
 ## Certificate Distribution
 
-Option 3 in the main menu will enable admins to distribute user certificates to end user devices. Commands will be generated in your JumpCloud Tenant for each user in the Radius User Group and their corresponding system associations. This script will prompt you to kick off the generated commands. If the commands are invoked, they should be queued for all users in the Radius User Group. These commands are queued with a TTL timeout of 10 days — meaning that if the end user device is offline when the command is queued, for 10 days, the command will sit in the JumpCLoud console and wait for the device to come online before attempting to run.
+Option 3 in the main menu will enable admins to distribute user certificates to end user devices.
+
+![radius re-issue workflow](./images/deployMenu.png)
+
+Windows and macOS commands will be generated for each user in the Radius User Group.
+
+This script will prompt you to kick off the generated commands. Commands are queued with a TTL timeout of 10 days — meaning that if the end user device is offline when the command is queued, for 10 days, the command will sit in the JumpCloud console and wait for the device to come online before attempting to run.
 
 On the device, certificates are replaced if a command is sent to a device with a newer certificate. i.e.
 
@@ -230,7 +232,7 @@ After a user's certificate has been distributed to a system, those users can the
 
 ### macOS
 
-If the `$NETWORKSSID` variable in `Config.ps1` was specified, macOS users will only be prompted once to let `eapolclient` access the private key from the installed certificate. If the end user selects `Always Allow`, the'll not be prompted to enter their password for the entire life cycle of the user certificate, only when new certificates are deployed will end users have to re-enter their login password.
+If the `$global:NETWORKSSID` variable in `Config.ps1` was specified, macOS users will only be prompted once to let `eapolclient` access the private key from the installed certificate. If the end user selects `Always Allow`, the'll not be prompted to enter their password for the entire life cycle of the user certificate, only when new certificates are deployed will end users have to re-enter their login password.
 
 In macOS a user simply needs to select the radius network from the wireless networks dialog prompt. A prompt to select a user certificate should be displayed, select the user certificate from the drop down menu and click "OK"
 

From be2a65fde9dc1e6c1d5a3a99a858a544065c88ae Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 17 Jan 2024 08:20:38 -0700
Subject: [PATCH 025/346] cleanup

---
 .../Private/menus/Get-ResponsePrompt.ps1         |  2 +-
 .../Functions/Public/Start-DeployUserCerts.ps1   | 16 ++++++++++++++++
 scripts/automation/Radius/JumpCloud-Radius.psm1  |  1 -
 3 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Private/menus/Get-ResponsePrompt.ps1 b/scripts/automation/Radius/Functions/Private/menus/Get-ResponsePrompt.ps1
index 49f2302ce..cebae7e52 100644
--- a/scripts/automation/Radius/Functions/Private/menus/Get-ResponsePrompt.ps1
+++ b/scripts/automation/Radius/Functions/Private/menus/Get-ResponsePrompt.ps1
@@ -1,7 +1,7 @@
 function Get-ResponsePrompt {
     [CmdletBinding()]
     param (
-        [Parameter(Mandatory)]
+        [Parameter(HelpMessage = "The message prompt to display to the console", Mandatory)]
         [System.String]
         $message
     )
diff --git a/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1 b/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1
index 26cd22615..57a850bd3 100644
--- a/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1
+++ b/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1
@@ -49,6 +49,14 @@ function Start-DeployUserCerts {
         switch ($confirmation) {
             '1' {
                 # case for all users
+                switch ($PSCmdlet.ParameterSetName) {
+                    'gui' {
+                        $invokeCommands = Get-ResponsePrompt -message "Would you like to invoke commands after they've been generated?"
+                        if (($invokeCommands -ne $true) -And ($invokeCommands -ne $false)) {
+                            return
+                        }
+                    }
+                }
                 for ($i = 0; $i -lt $userArray.Count; $i++) {
                     $result = Deploy-UserCertificate -userObject $userArray[$i] -forceInvokeCommands $invokeCommands
                     Show-RadiusProgress -completedItems ($i + 1) -totalItems $userArray.Count -ActionText "Distributing Radius Certificates" -previousOperationResult $result
@@ -65,6 +73,14 @@ function Start-DeployUserCerts {
             }
             '2' {
                 # case for new users; users that do not have certinfo marked as already deployed (i.e. users with new certs or un-deployed certs)
+                switch ($PSCmdlet.ParameterSetName) {
+                    'gui' {
+                        $invokeCommands = Get-ResponsePrompt -message "Would you like to invoke commands after they've been generated?"
+                        if (($invokeCommands -ne $true) -And ($invokeCommands -ne $false)) {
+                            return
+                        }
+                    }
+                }
                 $usersWithoutLatestCert = $userArray | Where-Object { ( $_.certinfo.deployed -eq $false) -or (-not $_.certinfo.deployed) }
                 for ($i = 0; $i -lt $usersWithoutLatestCert.Count; $i++) {
                     $result = Deploy-UserCertificate -userObject $usersWithoutLatestCert[$i] -forceInvokeCommands $invokeCommands
diff --git a/scripts/automation/Radius/JumpCloud-Radius.psm1 b/scripts/automation/Radius/JumpCloud-Radius.psm1
index 1266ae69e..c07650b89 100644
--- a/scripts/automation/Radius/JumpCloud-Radius.psm1
+++ b/scripts/automation/Radius/JumpCloud-Radius.psm1
@@ -12,7 +12,6 @@ Foreach ($Import in $Private) {
 $Public = @( Get-ChildItem -Path "$PSScriptRoot/Functions/Public/*.ps1" -Recurse)
 Foreach ($Import in $Public) {
     Try {
-        write-host "import function $($Import.FullName): $_"
         . $Import.FullName
     } Catch {
         Write-Error -Message "Failed to import function $($Import.FullName): $_"

From d8e7a8ffae0d2e22296d0469d8e7cb861062a832 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 17 Jan 2024 12:03:06 -0700
Subject: [PATCH 026/346] fix for user.json system table missing osFamily

---
 .../Functions/Private/SystemTable/New-SystemTable.ps1     | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Private/SystemTable/New-SystemTable.ps1 b/scripts/automation/Radius/Functions/Private/SystemTable/New-SystemTable.ps1
index 3c1695032..c8ca0b7b2 100644
--- a/scripts/automation/Radius/Functions/Private/SystemTable/New-SystemTable.ps1
+++ b/scripts/automation/Radius/Functions/Private/SystemTable/New-SystemTable.ps1
@@ -15,10 +15,10 @@ function New-SystemTable {
         # $SystemUserAssociations += (Get-JCAssociation -Type user -Id $userID -TargetType system | Select-Object @{N = 'SystemID'; E = { $_.targetId } })
         foreach ($system in $AssociationTable.systemAssociations) {
             # $systemInfo = $GLOBAL:SystemHash[$system.resource_object_id]
-            $systemTable = @{
-                systemId    = $system.systemId
-                displayName = $system.hostname
-                osFamily    = if ($system.osFamily -eq "darwin") {
+            $systemTable = [ordered]@{
+                systemId = $system.systemId
+                hostname = $system.hostname
+                osFamily = if (($system.osFamily -eq "darwin") -or ($system.osFamily -eq "macOS")) {
                     "macOS"
                 } elseif ($system.osFamily -eq "windows") {
                     "windows"

From d394d7f47a90c0368fdc2c8e53983f127ab5234a Mon Sep 17 00:00:00 2001
From: Joe Workman <54448601+jworkmanjc@users.noreply.github.com>
Date: Mon, 22 Jan 2024 13:59:58 -0700
Subject: [PATCH 027/346] Update scripts/automation/Radius/Changelog.md

Co-authored-by: Geoffrey Wein <89030113+gweinjc@users.noreply.github.com>
---
 scripts/automation/Radius/Changelog.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/automation/Radius/Changelog.md b/scripts/automation/Radius/Changelog.md
index 1447b7e98..be9d20d6d 100644
--- a/scripts/automation/Radius/Changelog.md
+++ b/scripts/automation/Radius/Changelog.md
@@ -13,7 +13,7 @@ This release offers a significant overhaul for the Radius Cert Deployment tool,
 - Added an option to both generate and deploy radius certificates by username
 - Association data is cached up front rather than gathered throughout the script, offering performance improvements for organizations with a large number of radius users
 - Added ability to run each public function headless in order to automate cert generation and distribution
-- Added an table to keep track of generated/ deployed certificates when using the tool
+- Added a table to keep track of generated/deployed certificates when using the tool
 
 ## 1.1.0
 

From c1ff4a1f1486f758e3c62612c65ec23156e5c9e5 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Mon, 22 Jan 2024 14:09:49 -0700
Subject: [PATCH 028/346] cleanup Get-UserFromTable

---
 .../Private/CertDeployment/Deploy-UserCertificate.ps1        | 4 ++--
 .../Private/CertGeneration/Invoke-UserCertProcess.ps1        | 2 +-
 .../Radius/Functions/Private/UserTable/Get-UserFromTable.ps1 | 5 +----
 .../Radius/Functions/Private/UserTable/Set-UserTable.ps1     | 2 +-
 .../Functions/Private/commands/invoke-commandByUserId.ps1    | 2 +-
 .../Functions/Private/settings/Update-JCRUsersJson.ps1       | 2 +-
 .../Radius/Functions/Public/Start-DeployUserCerts.ps1        | 2 +-
 .../Radius/Functions/Public/Start-GenerateUserCerts.ps1      | 2 +-
 8 files changed, 9 insertions(+), 12 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1 b/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
index cff78ccf5..0add7923a 100644
--- a/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
@@ -426,7 +426,7 @@ if (`$CurrentUser -eq "$($user.localUsername)") {
                 }
             }
             # Update the user table with the information from the generated commands:
-            $userObjectFromTable, $userIndex = Get-UserFromTable -jsonFilePath "$JCScriptRoot\users.json" -userid $user.userid
+            $userObjectFromTable, $userIndex = Get-UserFromTable -userid $user.userid
 
             Set-UserTable -index $userIndex -commandAssociationsObject $user.commandAssociations
             # Invoke Commands
@@ -453,7 +453,7 @@ if (`$CurrentUser -eq "$($user.localUsername)") {
                 $true {
                     # finally update the user table to note that the command has been run, the cert has been deployed
                     # get the object once more:
-                    $userObjectFromTable, $userIndex = Get-UserFromTable -jsonFilePath "$JCScriptRoot\users.json" -userid $user.userid
+                    $userObjectFromTable, $userIndex = Get-UserFromTable -userid $user.userid
                     # Set commandPreviouslyRun property to true if there are command associations to set
                     if ($userObjectFromTable.commandAssociations) {
                         $userObjectFromTable.commandAssociations | ForEach-Object { $_.commandPreviouslyRun = $true }
diff --git a/scripts/automation/Radius/Functions/Private/CertGeneration/Invoke-UserCertProcess.ps1 b/scripts/automation/Radius/Functions/Private/CertGeneration/Invoke-UserCertProcess.ps1
index 56d88b1a3..3ca46db2f 100644
--- a/scripts/automation/Radius/Functions/Private/CertGeneration/Invoke-UserCertProcess.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertGeneration/Invoke-UserCertProcess.ps1
@@ -35,7 +35,7 @@ Function Invoke-UserCertProcess {
         }
 
         # get the user from user.json
-        $userObject, $userIndex = Get-UserFromTable -jsonFilePath "$JCScriptRoot/users.json" -userID $MatchedUser.id
+        $userObject, $userIndex = Get-UserFromTable -userID $MatchedUser.id
         # Test if the file exists:
         switch (Test-Path "$JCScriptRoot/UserCerts/$($matchedUser.username)-client-signed.pfx") {
             $true {
diff --git a/scripts/automation/Radius/Functions/Private/UserTable/Get-UserFromTable.ps1 b/scripts/automation/Radius/Functions/Private/UserTable/Get-UserFromTable.ps1
index c2b5f9ba5..cb89f823d 100644
--- a/scripts/automation/Radius/Functions/Private/UserTable/Get-UserFromTable.ps1
+++ b/scripts/automation/Radius/Functions/Private/UserTable/Get-UserFromTable.ps1
@@ -1,9 +1,6 @@
 function Get-UserFromTable {
     [CmdletBinding()]
     param (
-        [Parameter()]
-        [System.String]
-        $jsonFilePath,
         [Parameter(Mandatory)]
         [System.String]
         $userId
@@ -21,7 +18,7 @@ function Get-UserFromTable {
                 $userArrayObject = $userArray[$userIndex]
                 # Write-Host "[status] $($userObject.username) found in users.json at index: $userIndex "
             } else {
-                throw
+                throw "userId: $($userId) was not found in users.json"
             }
         } catch {
             # otherwise plan to append
diff --git a/scripts/automation/Radius/Functions/Private/UserTable/Set-UserTable.ps1 b/scripts/automation/Radius/Functions/Private/UserTable/Set-UserTable.ps1
index ddcf49b07..e4ff3bf39 100644
--- a/scripts/automation/Radius/Functions/Private/UserTable/Set-UserTable.ps1
+++ b/scripts/automation/Radius/Functions/Private/UserTable/Set-UserTable.ps1
@@ -32,7 +32,7 @@ function Set-UserTable {
         }
         if (($PSBoundParameters.ContainsKey('lookup'))) {
             # Get User From Table
-            $userObject, $userIndex = Get-UserFromTable -jsonFilePath "$JCScriptRoot/users.json" -userID $id
+            $userObject, $userIndex = Get-UserFromTable -userID $id
         }
 
         # TODO: if index is not correct make a stink about it
diff --git a/scripts/automation/Radius/Functions/Private/commands/invoke-commandByUserId.ps1 b/scripts/automation/Radius/Functions/Private/commands/invoke-commandByUserId.ps1
index 6ccc79d01..bbd0bf308 100644
--- a/scripts/automation/Radius/Functions/Private/commands/invoke-commandByUserId.ps1
+++ b/scripts/automation/Radius/Functions/Private/commands/invoke-commandByUserId.ps1
@@ -10,7 +10,7 @@ function invoke-commandByUserid {
 
     begin {
         # get the command id
-        $userObject, $userIndex = Get-UserFromTable -jsonFilePath "$JCScriptRoot\users.json" -userid $userID
+        $userObject, $userIndex = Get-UserFromTable -userid $userID
 
         # get macOS Command
         $macOS_commandId = ($userObject.commandAssociations | Where-Object { $_.commandName -match "MacOSX" }).commandId
diff --git a/scripts/automation/Radius/Functions/Private/settings/Update-JCRUsersJson.ps1 b/scripts/automation/Radius/Functions/Private/settings/Update-JCRUsersJson.ps1
index 424ff6e90..8e2b57269 100644
--- a/scripts/automation/Radius/Functions/Private/settings/Update-JCRUsersJson.ps1
+++ b/scripts/automation/Radius/Functions/Private/settings/Update-JCRUsersJson.ps1
@@ -60,7 +60,7 @@ function Update-JCRUsersJson {
             # If userID from users.json is no longer in RadiusMembers.keys, then:
             If (($user.userId -notin $Global:JCRRadiusMembers.userID) ) {
                 # Get User From Table
-                $userObject, $userIndex = Get-UserFromTable -jsonFilePath "$JCScriptRoot/users.json" -userID $user.userId
+                $userObject, $userIndex = Get-UserFromTable -userID $user.userId
                 # Remove the User From Table
                 $userArray = $userArray | Where-Object { $_.userID -ne $user.userId }
             }
diff --git a/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1 b/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1
index 57a850bd3..f9d11f490 100644
--- a/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1
+++ b/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1
@@ -123,7 +123,7 @@ function Start-DeployUserCerts {
                 }
                 if ($confirmUser) {
                     # Get the userobject + index from users.json
-                    $userObject, $userIndex = Get-UserFromTable -jsonFilePath "$JCScriptRoot/users.json" -userID $confirmUser.id
+                    $userObject, $userIndex = Get-UserFromTable -userID $confirmUser.id
                     # Add user to a list for processing
                     $UserSelectionArray = $userArray[$userIndex]
                     # Process existing commands/ Generate new commands/ Deploy new Certificate
diff --git a/scripts/automation/Radius/Functions/Public/Start-GenerateUserCerts.ps1 b/scripts/automation/Radius/Functions/Public/Start-GenerateUserCerts.ps1
index db836ca60..db17d34ce 100644
--- a/scripts/automation/Radius/Functions/Public/Start-GenerateUserCerts.ps1
+++ b/scripts/automation/Radius/Functions/Public/Start-GenerateUserCerts.ps1
@@ -116,7 +116,7 @@ function Start-GenerateUserCerts {
                 }
                 if ($confirmUser) {
                     # Get the userobject + index from users.json
-                    $userObject, $userIndex = Get-UserFromTable -jsonFilePath "$JCScriptRoot/users.json" -userID $confirmUser.id
+                    $userObject, $userIndex = Get-UserFromTable -userID $confirmUser.id
                     switch ($forceReplaceCerts) {
                         $true {
                             switch ($PSCmdlet.ParameterSetName) {

From e7ab39a3511ac897dc52293441d1a033a1324a27 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Mon, 22 Jan 2024 14:21:42 -0700
Subject: [PATCH 029/346] camelCase function names

---
 .../Private/{commands => Commands}/Clear-JCQueuedCommand.ps1    | 0
 .../Get-CommandByUsername.ps1}                                  | 2 +-
 .../Private/{commands => Commands}/Get-JCQueuedCommands.ps1     | 0
 .../Get-QueuedCommandByUser.ps1}                                | 2 +-
 .../Invoke-CommandByUserId.ps1}                                 | 2 +-
 .../Private/{commands => Commands}/Invoke-CommandsRetry.ps1     | 0
 .../Private/{commands => Commands}/New-JCCommandFile.ps1        | 0
 .../Functions/Private/{menus => Menus}/Get-ResponsePrompt.ps1   | 0
 .../Radius/Functions/Private/{menus => Menus}/PadCenter.ps1     | 0
 .../Private/{menus => Menus}/Show-CertDeploymentMenu.ps1        | 0
 .../Private/{menus => Menus}/Show-DistributionMenu.ps1          | 0
 .../Functions/Private/{menus => Menus}/Show-GenerationMenu.ps1  | 0
 .../Functions/Private/{menus => Menus}/Show-RadiusMainMenu.ps1  | 0
 .../Functions/Private/{menus => Menus}/Show-RadiusProgress.ps1  | 0
 .../Functions/Private/{menus => Menus}/Show-StatusMessage.ps1   | 0
 .../Private/{settings => Settings}/Get-JCRSettingsFile.ps1      | 0
 .../Private/{settings => Settings}/New-JCRSettingsFile.ps1      | 0
 .../Private/{settings => Settings}/Set-JCRAssociationHash.ps1   | 0
 .../Private/{settings => Settings}/Set-JCRSettingsFile.ps1      | 0
 .../Private/{settings => Settings}/Update-JCRUsersJson.ps1      | 0
 20 files changed, 3 insertions(+), 3 deletions(-)
 rename scripts/automation/Radius/Functions/Private/{commands => Commands}/Clear-JCQueuedCommand.ps1 (100%)
 rename scripts/automation/Radius/Functions/Private/{commands/get-commandByUsername.ps1 => Commands/Get-CommandByUsername.ps1} (93%)
 rename scripts/automation/Radius/Functions/Private/{commands => Commands}/Get-JCQueuedCommands.ps1 (100%)
 rename scripts/automation/Radius/Functions/Private/{commands/get-queuedCommandByUser.ps1 => Commands/Get-QueuedCommandByUser.ps1} (95%)
 rename scripts/automation/Radius/Functions/Private/{commands/invoke-commandByUserId.ps1 => Commands/Invoke-CommandByUserId.ps1} (98%)
 rename scripts/automation/Radius/Functions/Private/{commands => Commands}/Invoke-CommandsRetry.ps1 (100%)
 rename scripts/automation/Radius/Functions/Private/{commands => Commands}/New-JCCommandFile.ps1 (100%)
 rename scripts/automation/Radius/Functions/Private/{menus => Menus}/Get-ResponsePrompt.ps1 (100%)
 rename scripts/automation/Radius/Functions/Private/{menus => Menus}/PadCenter.ps1 (100%)
 rename scripts/automation/Radius/Functions/Private/{menus => Menus}/Show-CertDeploymentMenu.ps1 (100%)
 rename scripts/automation/Radius/Functions/Private/{menus => Menus}/Show-DistributionMenu.ps1 (100%)
 rename scripts/automation/Radius/Functions/Private/{menus => Menus}/Show-GenerationMenu.ps1 (100%)
 rename scripts/automation/Radius/Functions/Private/{menus => Menus}/Show-RadiusMainMenu.ps1 (100%)
 rename scripts/automation/Radius/Functions/Private/{menus => Menus}/Show-RadiusProgress.ps1 (100%)
 rename scripts/automation/Radius/Functions/Private/{menus => Menus}/Show-StatusMessage.ps1 (100%)
 rename scripts/automation/Radius/Functions/Private/{settings => Settings}/Get-JCRSettingsFile.ps1 (100%)
 rename scripts/automation/Radius/Functions/Private/{settings => Settings}/New-JCRSettingsFile.ps1 (100%)
 rename scripts/automation/Radius/Functions/Private/{settings => Settings}/Set-JCRAssociationHash.ps1 (100%)
 rename scripts/automation/Radius/Functions/Private/{settings => Settings}/Set-JCRSettingsFile.ps1 (100%)
 rename scripts/automation/Radius/Functions/Private/{settings => Settings}/Update-JCRUsersJson.ps1 (100%)

diff --git a/scripts/automation/Radius/Functions/Private/commands/Clear-JCQueuedCommand.ps1 b/scripts/automation/Radius/Functions/Private/Commands/Clear-JCQueuedCommand.ps1
similarity index 100%
rename from scripts/automation/Radius/Functions/Private/commands/Clear-JCQueuedCommand.ps1
rename to scripts/automation/Radius/Functions/Private/Commands/Clear-JCQueuedCommand.ps1
diff --git a/scripts/automation/Radius/Functions/Private/commands/get-commandByUsername.ps1 b/scripts/automation/Radius/Functions/Private/Commands/Get-CommandByUsername.ps1
similarity index 93%
rename from scripts/automation/Radius/Functions/Private/commands/get-commandByUsername.ps1
rename to scripts/automation/Radius/Functions/Private/Commands/Get-CommandByUsername.ps1
index fba5ba520..322abb4d0 100644
--- a/scripts/automation/Radius/Functions/Private/commands/get-commandByUsername.ps1
+++ b/scripts/automation/Radius/Functions/Private/Commands/Get-CommandByUsername.ps1
@@ -1,4 +1,4 @@
-function get-CommandByUsername {
+function Get-CommandByUsername {
     [CmdletBinding()]
     param (
         # Parameter help description
diff --git a/scripts/automation/Radius/Functions/Private/commands/Get-JCQueuedCommands.ps1 b/scripts/automation/Radius/Functions/Private/Commands/Get-JCQueuedCommands.ps1
similarity index 100%
rename from scripts/automation/Radius/Functions/Private/commands/Get-JCQueuedCommands.ps1
rename to scripts/automation/Radius/Functions/Private/Commands/Get-JCQueuedCommands.ps1
diff --git a/scripts/automation/Radius/Functions/Private/commands/get-queuedCommandByUser.ps1 b/scripts/automation/Radius/Functions/Private/Commands/Get-QueuedCommandByUser.ps1
similarity index 95%
rename from scripts/automation/Radius/Functions/Private/commands/get-queuedCommandByUser.ps1
rename to scripts/automation/Radius/Functions/Private/Commands/Get-QueuedCommandByUser.ps1
index a4c73cd8a..146c523d3 100644
--- a/scripts/automation/Radius/Functions/Private/commands/get-queuedCommandByUser.ps1
+++ b/scripts/automation/Radius/Functions/Private/Commands/Get-QueuedCommandByUser.ps1
@@ -1,4 +1,4 @@
-function get-queuedCommandByUser {
+function Get-QueuedCommandByUser {
     [CmdletBinding()]
     param (
         # Parameter help description
diff --git a/scripts/automation/Radius/Functions/Private/commands/invoke-commandByUserId.ps1 b/scripts/automation/Radius/Functions/Private/Commands/Invoke-CommandByUserId.ps1
similarity index 98%
rename from scripts/automation/Radius/Functions/Private/commands/invoke-commandByUserId.ps1
rename to scripts/automation/Radius/Functions/Private/Commands/Invoke-CommandByUserId.ps1
index bbd0bf308..08617b731 100644
--- a/scripts/automation/Radius/Functions/Private/commands/invoke-commandByUserId.ps1
+++ b/scripts/automation/Radius/Functions/Private/Commands/Invoke-CommandByUserId.ps1
@@ -1,4 +1,4 @@
-function invoke-commandByUserid {
+function Invoke-CommandByUserid {
     [CmdletBinding(DefaultParameterSetName = 'all')]
     param (
         # The userID to of which to invoke the command
diff --git a/scripts/automation/Radius/Functions/Private/commands/Invoke-CommandsRetry.ps1 b/scripts/automation/Radius/Functions/Private/Commands/Invoke-CommandsRetry.ps1
similarity index 100%
rename from scripts/automation/Radius/Functions/Private/commands/Invoke-CommandsRetry.ps1
rename to scripts/automation/Radius/Functions/Private/Commands/Invoke-CommandsRetry.ps1
diff --git a/scripts/automation/Radius/Functions/Private/commands/New-JCCommandFile.ps1 b/scripts/automation/Radius/Functions/Private/Commands/New-JCCommandFile.ps1
similarity index 100%
rename from scripts/automation/Radius/Functions/Private/commands/New-JCCommandFile.ps1
rename to scripts/automation/Radius/Functions/Private/Commands/New-JCCommandFile.ps1
diff --git a/scripts/automation/Radius/Functions/Private/menus/Get-ResponsePrompt.ps1 b/scripts/automation/Radius/Functions/Private/Menus/Get-ResponsePrompt.ps1
similarity index 100%
rename from scripts/automation/Radius/Functions/Private/menus/Get-ResponsePrompt.ps1
rename to scripts/automation/Radius/Functions/Private/Menus/Get-ResponsePrompt.ps1
diff --git a/scripts/automation/Radius/Functions/Private/menus/PadCenter.ps1 b/scripts/automation/Radius/Functions/Private/Menus/PadCenter.ps1
similarity index 100%
rename from scripts/automation/Radius/Functions/Private/menus/PadCenter.ps1
rename to scripts/automation/Radius/Functions/Private/Menus/PadCenter.ps1
diff --git a/scripts/automation/Radius/Functions/Private/menus/Show-CertDeploymentMenu.ps1 b/scripts/automation/Radius/Functions/Private/Menus/Show-CertDeploymentMenu.ps1
similarity index 100%
rename from scripts/automation/Radius/Functions/Private/menus/Show-CertDeploymentMenu.ps1
rename to scripts/automation/Radius/Functions/Private/Menus/Show-CertDeploymentMenu.ps1
diff --git a/scripts/automation/Radius/Functions/Private/menus/Show-DistributionMenu.ps1 b/scripts/automation/Radius/Functions/Private/Menus/Show-DistributionMenu.ps1
similarity index 100%
rename from scripts/automation/Radius/Functions/Private/menus/Show-DistributionMenu.ps1
rename to scripts/automation/Radius/Functions/Private/Menus/Show-DistributionMenu.ps1
diff --git a/scripts/automation/Radius/Functions/Private/menus/Show-GenerationMenu.ps1 b/scripts/automation/Radius/Functions/Private/Menus/Show-GenerationMenu.ps1
similarity index 100%
rename from scripts/automation/Radius/Functions/Private/menus/Show-GenerationMenu.ps1
rename to scripts/automation/Radius/Functions/Private/Menus/Show-GenerationMenu.ps1
diff --git a/scripts/automation/Radius/Functions/Private/menus/Show-RadiusMainMenu.ps1 b/scripts/automation/Radius/Functions/Private/Menus/Show-RadiusMainMenu.ps1
similarity index 100%
rename from scripts/automation/Radius/Functions/Private/menus/Show-RadiusMainMenu.ps1
rename to scripts/automation/Radius/Functions/Private/Menus/Show-RadiusMainMenu.ps1
diff --git a/scripts/automation/Radius/Functions/Private/menus/Show-RadiusProgress.ps1 b/scripts/automation/Radius/Functions/Private/Menus/Show-RadiusProgress.ps1
similarity index 100%
rename from scripts/automation/Radius/Functions/Private/menus/Show-RadiusProgress.ps1
rename to scripts/automation/Radius/Functions/Private/Menus/Show-RadiusProgress.ps1
diff --git a/scripts/automation/Radius/Functions/Private/menus/Show-StatusMessage.ps1 b/scripts/automation/Radius/Functions/Private/Menus/Show-StatusMessage.ps1
similarity index 100%
rename from scripts/automation/Radius/Functions/Private/menus/Show-StatusMessage.ps1
rename to scripts/automation/Radius/Functions/Private/Menus/Show-StatusMessage.ps1
diff --git a/scripts/automation/Radius/Functions/Private/settings/Get-JCRSettingsFile.ps1 b/scripts/automation/Radius/Functions/Private/Settings/Get-JCRSettingsFile.ps1
similarity index 100%
rename from scripts/automation/Radius/Functions/Private/settings/Get-JCRSettingsFile.ps1
rename to scripts/automation/Radius/Functions/Private/Settings/Get-JCRSettingsFile.ps1
diff --git a/scripts/automation/Radius/Functions/Private/settings/New-JCRSettingsFile.ps1 b/scripts/automation/Radius/Functions/Private/Settings/New-JCRSettingsFile.ps1
similarity index 100%
rename from scripts/automation/Radius/Functions/Private/settings/New-JCRSettingsFile.ps1
rename to scripts/automation/Radius/Functions/Private/Settings/New-JCRSettingsFile.ps1
diff --git a/scripts/automation/Radius/Functions/Private/settings/Set-JCRAssociationHash.ps1 b/scripts/automation/Radius/Functions/Private/Settings/Set-JCRAssociationHash.ps1
similarity index 100%
rename from scripts/automation/Radius/Functions/Private/settings/Set-JCRAssociationHash.ps1
rename to scripts/automation/Radius/Functions/Private/Settings/Set-JCRAssociationHash.ps1
diff --git a/scripts/automation/Radius/Functions/Private/settings/Set-JCRSettingsFile.ps1 b/scripts/automation/Radius/Functions/Private/Settings/Set-JCRSettingsFile.ps1
similarity index 100%
rename from scripts/automation/Radius/Functions/Private/settings/Set-JCRSettingsFile.ps1
rename to scripts/automation/Radius/Functions/Private/Settings/Set-JCRSettingsFile.ps1
diff --git a/scripts/automation/Radius/Functions/Private/settings/Update-JCRUsersJson.ps1 b/scripts/automation/Radius/Functions/Private/Settings/Update-JCRUsersJson.ps1
similarity index 100%
rename from scripts/automation/Radius/Functions/Private/settings/Update-JCRUsersJson.ps1
rename to scripts/automation/Radius/Functions/Private/Settings/Update-JCRUsersJson.ps1

From af43d63a0f7811c9bb42727de2455ea42c2758a1 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Mon, 22 Jan 2024 14:29:16 -0700
Subject: [PATCH 030/346] remove empty begin block

---
 .../Private/Menus/Show-DistributionMenu.ps1   | 45 ++++++++-----------
 1 file changed, 18 insertions(+), 27 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Private/Menus/Show-DistributionMenu.ps1 b/scripts/automation/Radius/Functions/Private/Menus/Show-DistributionMenu.ps1
index 75463005e..f8738ad83 100644
--- a/scripts/automation/Radius/Functions/Private/Menus/Show-DistributionMenu.ps1
+++ b/scripts/automation/Radius/Functions/Private/Menus/Show-DistributionMenu.ps1
@@ -5,36 +5,27 @@ function Show-DistributionMenu {
         [System.Object]
         $certObjectArray
     )
-    begin {
-        # $userCertInfo = (Get-Content -Raw -Path "$JCScriptRoot/users.json" | ConvertFrom-Json -Depth 10).certInfo
-    }
-    process {
-
 
-        $title = ' JumpCloud Radius Cert Deployment '
-        Clear-Host
-        Write-Host $(PadCenter -string $Title -char '=')
-        Write-Host $(PadCenter -string "Select an option below to deploy user certificates to systems`n" -char ' ') -ForegroundColor Yellow
-        # deployment progress of newly generated certs
-        if ($certObjectArray) {
+    $title = ' JumpCloud Radius Cert Deployment '
+    Clear-Host
+    Write-Host $(PadCenter -string $Title -char '=')
+    Write-Host $(PadCenter -string "Select an option below to deploy user certificates to systems`n" -char ' ') -ForegroundColor Yellow
+    # deployment progress of newly generated certs
+    if ($certObjectArray) {
 
-            Write-Host $(PadCenter -string ' Certificate Information ' -char '-')
-            Write-Host "Total # of local user certificates:" $certObjectArray.count
-            Write-Host "Total # of already distributed certificates:" ($certObjectArray | Where-Object { $_.deployed -eq $true }).count
-            Write-Host "Total # of un-deployed certificates:" ($certObjectArray | Where-Object { ( $_.deployed -eq $false) -or (-not $_.deployed) }).count
+        Write-Host $(PadCenter -string ' Certificate Information ' -char '-')
+        Write-Host "Total # of local user certificates:" $certObjectArray.count
+        Write-Host "Total # of already distributed certificates:" ($certObjectArray | Where-Object { $_.deployed -eq $true }).count
+        Write-Host "Total # of un-deployed certificates:" ($certObjectArray | Where-Object { ( $_.deployed -eq $false) -or (-not $_.deployed) }).count
 
-        }
-        # ==== instructions ====
-        Write-Host $(PadCenter -string ' User Certificate Deployment Options ' -char '-')
-        # List options:
-        Write-Host "1: Press '1' to generate new commands for ALL users. `n`t$([char]0x1b)[96mNOTE: This will remove any previously generated Radius User Certificate Commands titled 'RadiusCert-Install:*'`n`tand re-deploy their certificate file"
-        Write-Host "2: Press '2' to generate new commands for NEW RADIUS users. `n`t$([char]0x1b)[96mNOTE: This will only generate commands for users whos certificate has not been deployed."
-        Write-Host "3: Press '3' to generate new commands for ONE Specific RADIUS user."
-        Write-Host "E: Press 'E' to return to main menu."
-
-        Write-Host $(PadCenter -string "-" -char '-')
     }
-    end {
+    # ==== instructions ====
+    Write-Host $(PadCenter -string ' User Certificate Deployment Options ' -char '-')
+    # List options:
+    Write-Host "1: Press '1' to generate new commands for ALL users. `n`t$([char]0x1b)[96mNOTE: This will remove any previously generated Radius User Certificate Commands titled 'RadiusCert-Install:*'`n`tand re-deploy their certificate file"
+    Write-Host "2: Press '2' to generate new commands for NEW RADIUS users. `n`t$([char]0x1b)[96mNOTE: This will only generate commands for users whos certificate has not been deployed."
+    Write-Host "3: Press '3' to generate new commands for ONE Specific RADIUS user."
+    Write-Host "E: Press 'E' to return to main menu."
 
-    }
+    Write-Host $(PadCenter -string "-" -char '-')
 }
\ No newline at end of file

From 2e4e63cb493844d65c3d8200c327a035d788903f Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Mon, 22 Jan 2024 14:39:57 -0700
Subject: [PATCH 031/346] cleanup Invoke-CommandsRetry

---
 .../Private/Commands/Invoke-CommandsRetry.ps1         | 11 -----------
 .../Functions/Public/Start-MonitorCertDeployment.ps1  |  2 +-
 2 files changed, 1 insertion(+), 12 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Private/Commands/Invoke-CommandsRetry.ps1 b/scripts/automation/Radius/Functions/Private/Commands/Invoke-CommandsRetry.ps1
index 940f4ebfe..ab8f7bbbc 100644
--- a/scripts/automation/Radius/Functions/Private/Commands/Invoke-CommandsRetry.ps1
+++ b/scripts/automation/Radius/Functions/Private/Commands/Invoke-CommandsRetry.ps1
@@ -1,14 +1,7 @@
 Function Invoke-CommandsRetry {
-    [CmdletBinding()]
-    param (
-        [Parameter()]
-        [System.string]
-        $jsonFile
-    )
     begin {
         $RetryCommands = @()
         $userArray = Get-UserJsonData
-        # $commandsObject = Get-Content -Raw -Path $jsonFile | ConvertFrom-Json -Depth 6
         $queuedCommands = Get-JCQueuedCommands
         $SearchFilter = @{
             searchTerm = 'RadiusCert-Install'
@@ -51,10 +44,6 @@ Function Invoke-CommandsRetry {
         }
     }
     end {
-        # TODO: validate no need to write this out since it's done in Set-UserTable
-        # # write out/ update jsonFile
-        # Set-UserJsonData -userArray $userArray
-        # $commandsObject | ConvertTo-Json -Depth 6 | Out-File $jsonFile
         return $RetryCommands
     }
 }
\ No newline at end of file
diff --git a/scripts/automation/Radius/Functions/Public/Start-MonitorCertDeployment.ps1 b/scripts/automation/Radius/Functions/Public/Start-MonitorCertDeployment.ps1
index bdd0cc1f8..71770896d 100644
--- a/scripts/automation/Radius/Functions/Public/Start-MonitorCertDeployment.ps1
+++ b/scripts/automation/Radius/Functions/Public/Start-MonitorCertDeployment.ps1
@@ -21,7 +21,7 @@ Function Start-MonitorCertDeployment {
                 Get-CommandObjectTable -Failed -jsonFile $jsonFile
                 Pause
             } '3' {
-                $retryCommands = Invoke-CommandsRetry -jsonFile $jsonFile
+                $retryCommands = Invoke-CommandsRetry
                 Pause
             }
         }

From 8640140f586990a96984a715295349976a0160bc Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Mon, 22 Jan 2024 14:40:54 -0700
Subject: [PATCH 032/346] mandatory userId

---
 .../Radius/Functions/Private/SystemTable/New-SystemTable.ps1    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/automation/Radius/Functions/Private/SystemTable/New-SystemTable.ps1 b/scripts/automation/Radius/Functions/Private/SystemTable/New-SystemTable.ps1
index c8ca0b7b2..077d6c3a6 100644
--- a/scripts/automation/Radius/Functions/Private/SystemTable/New-SystemTable.ps1
+++ b/scripts/automation/Radius/Functions/Private/SystemTable/New-SystemTable.ps1
@@ -1,7 +1,7 @@
 function New-SystemTable {
     [CmdletBinding()]
     param (
-        [Parameter()]
+        [Parameter(Mandatory)]
         [System.String]
         $userID
     )

From ae09d4e22dbe28c6fd5acf2a5ef960af3fbae2ab Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Mon, 22 Jan 2024 14:42:59 -0700
Subject: [PATCH 033/346] menu messaging

---
 .../Functions/Private/Menus/Show-CertDeploymentMenu.ps1     | 4 ++--
 .../Functions/Private/Menus/Show-DistributionMenu.ps1       | 2 +-
 .../Radius/Functions/Private/Menus/Show-GenerationMenu.ps1  | 6 +++---
 .../Radius/Functions/Private/Menus/Show-RadiusMainMenu.ps1  | 2 +-
 4 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Private/Menus/Show-CertDeploymentMenu.ps1 b/scripts/automation/Radius/Functions/Private/Menus/Show-CertDeploymentMenu.ps1
index cbbf8c914..d4c1f09db 100644
--- a/scripts/automation/Radius/Functions/Private/Menus/Show-CertDeploymentMenu.ps1
+++ b/scripts/automation/Radius/Functions/Private/Menus/Show-CertDeploymentMenu.ps1
@@ -8,8 +8,8 @@ function Show-CertDeploymentMenu {
     Write-Host $(PadCenter -string ' Certificate Deployment Result Options ' -char '-')
     # List options:
     Write-Host "1: Press '1' to view results."
-    Write-Host "2: Press '2' to view failed command runs"
-    Write-Host "3: Press '3' to invoke/retry commands"
+    Write-Host "2: Press '2' to view failed command runs."
+    Write-Host "3: Press '3' to invoke/retry commands."
     Write-Host "E: Press 'E' to exit."
 
     Write-Host $(PadCenter -string "-" -char '-')
diff --git a/scripts/automation/Radius/Functions/Private/Menus/Show-DistributionMenu.ps1 b/scripts/automation/Radius/Functions/Private/Menus/Show-DistributionMenu.ps1
index f8738ad83..a08577006 100644
--- a/scripts/automation/Radius/Functions/Private/Menus/Show-DistributionMenu.ps1
+++ b/scripts/automation/Radius/Functions/Private/Menus/Show-DistributionMenu.ps1
@@ -22,7 +22,7 @@ function Show-DistributionMenu {
     # ==== instructions ====
     Write-Host $(PadCenter -string ' User Certificate Deployment Options ' -char '-')
     # List options:
-    Write-Host "1: Press '1' to generate new commands for ALL users. `n`t$([char]0x1b)[96mNOTE: This will remove any previously generated Radius User Certificate Commands titled 'RadiusCert-Install:*'`n`tand re-deploy their certificate file"
+    Write-Host "1: Press '1' to generate new commands for ALL users. `n`t$([char]0x1b)[96mNOTE: This will remove any previously generated Radius User Certificate Commands titled 'RadiusCert-Install:*'`n`tand re-deploy their certificate file."
     Write-Host "2: Press '2' to generate new commands for NEW RADIUS users. `n`t$([char]0x1b)[96mNOTE: This will only generate commands for users whos certificate has not been deployed."
     Write-Host "3: Press '3' to generate new commands for ONE Specific RADIUS user."
     Write-Host "E: Press 'E' to return to main menu."
diff --git a/scripts/automation/Radius/Functions/Private/Menus/Show-GenerationMenu.ps1 b/scripts/automation/Radius/Functions/Private/Menus/Show-GenerationMenu.ps1
index 817d6bd27..468cb44bf 100644
--- a/scripts/automation/Radius/Functions/Private/Menus/Show-GenerationMenu.ps1
+++ b/scripts/automation/Radius/Functions/Private/Menus/Show-GenerationMenu.ps1
@@ -15,9 +15,9 @@ function Show-GenerationMenu {
     Write-Host $(PadCenter -string ' User Certificate Generation Options ' -char '-')
     # List Options
     Write-Host "1: Press '1' to generate new certificates for NEW RADIUS users. `n`t$([char]0x1b)[96mNOTE: This will only generate certificates for users who do not have a certificate file yet."
-    Write-Host "2: Press '2' to generate new certificates for ONE RADIUS user. `n`t$([char]0x1b)[96mNOTE: you will be prompted to overwrite any previously generated certificates"
-    Write-Host "3: Press '3' to re-generate new certificates for ALL users. `n`t$([char]0x1b)[96mNOTE: This will overwrite any local generated certificates"
-    Write-Host "4: Press '4' to re-generate new certificates for users who's cert is set to expire shortly. `n`t$([char]0x1b)[96mNOTE: This will overwrite any local generated certificates"
+    Write-Host "2: Press '2' to generate new certificates for ONE RADIUS user. `n`t$([char]0x1b)[96mNOTE: you will be prompted to overwrite any previously generated certificates."
+    Write-Host "3: Press '3' to re-generate new certificates for ALL users. `n`t$([char]0x1b)[96mNOTE: This will overwrite any local generated certificates."
+    Write-Host "4: Press '4' to re-generate new certificates for users who's cert is set to expire shortly. `n`t$([char]0x1b)[96mNOTE: This will overwrite any local generated certificates."
     Write-Host "E: Press 'E' to return to main menu."
 
     Write-Host $(PadCenter -string "-" -char '-')
diff --git a/scripts/automation/Radius/Functions/Private/Menus/Show-RadiusMainMenu.ps1 b/scripts/automation/Radius/Functions/Private/Menus/Show-RadiusMainMenu.ps1
index c7baca4a8..3a09a3e5e 100644
--- a/scripts/automation/Radius/Functions/Private/Menus/Show-RadiusMainMenu.ps1
+++ b/scripts/automation/Radius/Functions/Private/Menus/Show-RadiusMainMenu.ps1
@@ -63,6 +63,6 @@ function Show-RadiusMainMenu {
     Write-Host "2: Press '2' to generate/update your User Certificate(s)."
     Write-Host "3: Press '3' to distribute your User Certificate(s)."
     Write-Host "4: Press '4' to monitor your User Certification Distribution."
-    Write-Host "4: Press '5' to update User/System Data"
+    Write-Host "4: Press '5' to update User/System Data."
     Write-Host "Q: Press 'Q' to quit."
 }
\ No newline at end of file

From 9f9609fe518a0b9041ddc58ae58edfba5a7e8809 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Mon, 22 Jan 2024 14:49:42 -0700
Subject: [PATCH 034/346] Get-CommandByUsername param

---
 .../Radius/Functions/Private/Commands/Get-CommandByUsername.ps1 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/automation/Radius/Functions/Private/Commands/Get-CommandByUsername.ps1 b/scripts/automation/Radius/Functions/Private/Commands/Get-CommandByUsername.ps1
index 322abb4d0..4dd8d882f 100644
--- a/scripts/automation/Radius/Functions/Private/Commands/Get-CommandByUsername.ps1
+++ b/scripts/automation/Radius/Functions/Private/Commands/Get-CommandByUsername.ps1
@@ -2,7 +2,7 @@ function Get-CommandByUsername {
     [CmdletBinding()]
     param (
         # Parameter help description
-        [Parameter()]
+        [Parameter(Mandatory)]
         [system.string]
         $username
     )

From 613f2448bf4357a603f8f5ba7531240b401f06fc Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Mon, 22 Jan 2024 14:52:44 -0700
Subject: [PATCH 035/346] remove debug messaging

---
 .../Radius/Functions/Private/Settings/New-JCRSettingsFile.ps1  | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Private/Settings/New-JCRSettingsFile.ps1 b/scripts/automation/Radius/Functions/Private/Settings/New-JCRSettingsFile.ps1
index 6c105376b..c9053f34c 100644
--- a/scripts/automation/Radius/Functions/Private/Settings/New-JCRSettingsFile.ps1
+++ b/scripts/automation/Radius/Functions/Private/Settings/New-JCRSettingsFile.ps1
@@ -25,16 +25,13 @@ function New-JCRSettingsFile {
 
     process {
         # if creating the settings file for the first time, update global vars; lastupdate date
-        write-host "update vars"
         Get-JCRGlobalVars -force
     }
 
     end {
-        write-host "endblock"
         if ((test-path -Path $configFilePath) -And ($force)) {
             $config | ConvertTo-Json | Out-File -FilePath $configFilePath
         } else {
-            write-host "create new settings file:"
             $config | ConvertTo-Json | Out-File -FilePath $configFilePath
         }
     }

From 86afccfab6c2dcb22cb0d65ea0be1f423a525a4d Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Mon, 22 Jan 2024 15:00:18 -0700
Subject: [PATCH 036/346] remove unnecessary todos

---
 .../CertDeployment/Deploy-UserCertificate.ps1 | 23 -------------------
 1 file changed, 23 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1 b/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
index 0add7923a..5365295d9 100644
--- a/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
@@ -16,8 +16,6 @@ function Deploy-UserCertificate {
     )
 
     begin {
-        #TODO: validate user object, if missing commandAssociations, or certInfo, return false
-
         switch ($forceInvokeCommands) {
             $true {
                 $invokeCommands = $true
@@ -252,7 +250,6 @@ fi
                         $NewCommand = New-JcSdkCommand @CommandBody
 
                         # Find newly created command and add system as target
-                        # TODO: Condition for duplicate commands
                         $Command = Get-JCCommand -name "RadiusCert-Install:$($user.userName):MacOSX"
                         $systemIds | ForEach-Object { Set-JcSdkCommandAssociation -CommandId:("$($Command._id)") -Op 'add' -Type:('system') -Id:("$($_.systemId)") | Out-Null }
                     } catch {
@@ -429,26 +426,6 @@ if (`$CurrentUser -eq "$($user.localUsername)") {
             $userObjectFromTable, $userIndex = Get-UserFromTable -userid $user.userid
 
             Set-UserTable -index $userIndex -commandAssociationsObject $user.commandAssociations
-            # Invoke Commands
-            #TODO:: skip if this is not per user basis
-            # switch ($force) {
-            #     $true {
-            #         # nothing do to
-            #         $action_invoke = $true
-            #     }
-            #     $false {
-            #         $confirmation = Read-Host "Would you like to invoke commands? [y/n]"
-            #         # $UserArray | ConvertTo-Json -Depth 6 | Out-File "$JCScriptRoot\users.json"
-
-            #         while ($confirmation -ne 'y') {
-            #             if ($confirmation -eq 'n') {
-            #                 $action_invoke = $false
-            #                 break
-            #             }
-            #             $confirmation = Read-Host "Would you like to invoke commands? [y/n]"
-            #         }
-            #     }
-            # }
             switch ($invokeCommands) {
                 $true {
                     # finally update the user table to note that the command has been run, the cert has been deployed

From 40de4a2af1bf0fae050d0718930004c797d02ed4 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Mon, 22 Jan 2024 15:20:07 -0700
Subject: [PATCH 037/346] command object ne $null

---
 .../Private/CertResults/Get-CommandObjectTable.ps1          | 6 +++---
 .../Functions/Private/Settings/Update-JCRUsersJson.ps1      | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Private/CertResults/Get-CommandObjectTable.ps1 b/scripts/automation/Radius/Functions/Private/CertResults/Get-CommandObjectTable.ps1
index 28dff5b77..58909dd86 100644
--- a/scripts/automation/Radius/Functions/Private/CertResults/Get-CommandObjectTable.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertResults/Get-CommandObjectTable.ps1
@@ -95,9 +95,9 @@ Function Get-CommandObjectTable {
                 }
 
                 # Iterate through all the associated commands
-                foreach ($command in $commandsObject.commandAssociations) {
+                foreach ($command in $commandsObject.commandAssociations | Where-Object { $_ -ne $null }) {
                     # Check to see if the current command is pending/queued
-                    if (($command.commandId -in $QueuedCommands.command) -And ($command -ne $null)) {
+                    if (($command.commandId -in $QueuedCommands.command)) {
                         # Get the queued command info for all workflows
                         $queuedCommandInfo = $QueuedCommands | Where-Object command -EQ $command.commandId
                         # Get the individual workflow information
@@ -137,7 +137,7 @@ Function Get-CommandObjectTable {
                         }
                     }
 
-                    if (($CommandObjectTable.commandName -notcontains $command.commandName) -And ($command -ne $null)) {
+                    if (($CommandObjectTable.commandName -notcontains $command.commandName)) {
                         if (!(Get-JcSdkCommandAssociation -CommandId $command.commandId -Targets system)) {
                             $CommandTable = @{
                                 commandName       = $command.commandName
diff --git a/scripts/automation/Radius/Functions/Private/Settings/Update-JCRUsersJson.ps1 b/scripts/automation/Radius/Functions/Private/Settings/Update-JCRUsersJson.ps1
index 8e2b57269..0ca77e37f 100644
--- a/scripts/automation/Radius/Functions/Private/Settings/Update-JCRUsersJson.ps1
+++ b/scripts/automation/Radius/Functions/Private/Settings/Update-JCRUsersJson.ps1
@@ -12,7 +12,7 @@ function Update-JCRUsersJson {
         # $userArray = Get-UserJsonData
         foreach ($user in $Global:JCRRadiusMembers) {
             $MatchedUser = $GLOBAL:JCRUsers[$user.userID]
-            $userArrayObject, $userIndex = Get-UserFromTable -userID $user.userID -jsonFilePath "$JCScriptRoot/users.json"
+            $userArrayObject, $userIndex = Get-UserFromTable -userID $user.userID
 
             if ($userIndex -ge 0) {
                 # $userArrayObject

From d4155438e41a6def63f57df9d5aa10f80ab5f981 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Mon, 22 Jan 2024 19:32:58 -0700
Subject: [PATCH 038/346] global vars namespace

---
 scripts/automation/Radius/Config.ps1          | 36 ++++++++-------
 .../CertDeployment/Deploy-UserCertificate.ps1 | 22 ++++-----
 .../Private/CertDeployment/Get-CertInfo.ps1   |  4 +-
 .../CertDeployment/Get-ExpiringCertInfo.ps1   |  4 +-
 .../CertGeneration/Generate-UserCert.ps1      | 46 +++++++++----------
 .../CertGeneration/Invoke-UserCertProcess.ps1 |  4 +-
 .../Private/Menus/Show-RadiusMainMenu.ps1     | 11 ++---
 .../Functions/Public/Get-JCRGlobalVars.ps1    |  2 +-
 .../Public/Start-GenerateRootCert.ps1         | 16 +++----
 .../Public/Start-GenerateUserCerts.ps1        | 20 ++++----
 .../automation/Radius/JumpCloud-Radius.psm1   |  4 ++
 .../Public/Start-DeployUserCerts.Tests.ps1    |  6 +--
 .../Public/Start-GenerateRootCert.Tests.ps1   | 32 ++++++-------
 .../Public/Start-GenerateUserCerts.Tests.ps1  | 17 ++++---
 .../Radius/Tests/SetupRadiusOrg.ps1           |  4 +-
 scripts/automation/Radius/readme.md           | 20 ++++----
 16 files changed, 125 insertions(+), 123 deletions(-)

diff --git a/scripts/automation/Radius/Config.ps1 b/scripts/automation/Radius/Config.ps1
index 27d63c5a5..a2bc6d1a8 100644
--- a/scripts/automation/Radius/Config.ps1
+++ b/scripts/automation/Radius/Config.ps1
@@ -1,19 +1,23 @@
 # JUMPCLOUD USER GROUP ID
-$Global:JCUSERGROUP = 'YOURJCUSERGROUP'
+$Global:JCR_USER_GROUP = 'your_radius_user_group'
 # USER CERT PASSWORD (this password is sent to the devices via JumpCloud Commands)
-$Global:JCUSERCERTPASS = 'secret1234!'
+$Global:JCR_USER_CERT_PASS = 'secret1234!'
 # USER CERT Validity Length (days)
-$Global:JCUSERCERTVALIDITY = 90
+$Global:JCR_USER_CERT_VALIDITY_DAYS = 90
+# Days until cert expire warning length (default: 15)
+# The tool will display certs that are set to expire if the expiration date is
+# within this number of days
+$Global:JCR_USER_CERT_EXPIRE_WARNING_DAYS = 15
 # List Of Radius Network SSID(s)
 # For Multiple SSIDs enter as a single string separated by a semicolon  ex:
 # "CorpNetwork_Denver;CorpNetwork_Boulder;CorpNetwork_Boulder 5G;Guest Network"
-$Global:NETWORKSSID = "YOUR_SSID"
+$Global:JCR_NETWORKSSID = "YOUR_SSID"
 # OpenSSLBinary by default this is (openssl)
 # NOTE: If openssl does not work, try using the full path to the openssl file
 # MacOS HomeBrew Example: '/usr/local/Cellar/openssl@3/3.1.1/bin/openssl'
-$Global:opensslBinary = 'openssl'
+$Global:JCR_OPENSSL = 'openssl'
 # Enter Cert Subject Headers (do not enter strings with spaces)
-$Global:Subj = [PSCustomObject]@{
+$Global:JCR_SUBJECT_HEADERS = [PSCustomObject]@{
     countryCode      = "US"
     stateCode        = "CO"
     Locality         = "Boulder"
@@ -27,7 +31,7 @@ $Global:Subj = [PSCustomObject]@{
 # EmailSAN
 # EmailDN
 # UsernameCn (Default)
-$Global:CertType = "UsernameCn"
+$Global:JCR_CERT_TYPE = "UsernameCn"
 
 ################################################################################
 # Do not modify below
@@ -45,13 +49,13 @@ function Get-OpenSSLVersion {
     param (
         [Parameter()]
         [system.string]
-        $opensslBinary
+        $JCR_OPENSSL
     )
     begin {
         try {
-            $version = Invoke-Expression "& '$opensslBinary' version"
+            $version = Invoke-Expression "& '$JCR_OPENSSL' version"
         } catch {
-            throw "Something went wrong... Could not find openssl or the path is incorrect. Please update the `$opensslBinary variable in the config.ps1 file to the correct path"
+            throw "Something went wrong... Could not find openssl or the path is incorrect. Please update the `$JCR_OPENSSL variable in the config.ps1 file to the correct path"
         }
 
         # Required OpenSSL Version
@@ -89,12 +93,12 @@ function Get-OpenSSLVersion {
         }
     }
 }
-Get-OpenSSLVersion -opensslBinary $opensslBinary
+Get-OpenSSLVersion -opensslBinary $JCR_OPENSSL
 
-# Validate no spaces in $Subj
-foreach ($subjObj in $subj.psObject.Properties) {
-    if ($subjObj.value -match " ") {
-        throw "Subject Header: $($subjObj.Name):$($subjObj.value) Contains a space character. subject headers cannot contain spaces, please remove and re-run"
+# Validate no spaces in $JCR_SUBJECT_HEADERS
+foreach ($JCR_SUBJECT_HEADERSObj in $JCR_SUBJECT_HEADERS.psObject.Properties) {
+    if ($JCR_SUBJECT_HEADERSObj.value -match " ") {
+        throw "Subject Header: $($JCR_SUBJECT_HEADERSObj.Name):$($JCR_SUBJECT_HEADERSObj.value) Contains a space character. subject headers cannot contain spaces, please remove and re-run"
     }
 }
 # Validate API KEY, OrgID, SystemGroupID, length
@@ -104,6 +108,6 @@ if (($JCAPIKEY).Length -ne 40) {
 if (($JCORGID).Length -ne 24) {
     throw "The entered JumpCloud Organization ID is not the expected length"
 }
-if (($Global:JCUSERGROUP).Length -ne 24) {
+if (($Global:JCR_USER_GROUP).Length -ne 24) {
     throw "The entered JumpCloud UserGroup ID is not the expected length"
 }
diff --git a/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1 b/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
index 5365295d9..e81a7c3ef 100644
--- a/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
@@ -66,21 +66,21 @@ function Deploy-UserCertificate {
             # get certInfo for commands:
             $certInfo = Get-CertInfo -UserCerts -username $user.username
             # determine certType
-            switch ($certType) {
+            switch ($JCR_CERT_TYPE) {
                 'EmailSAN' {
                     # set cert identifier to SAN email of cert
-                    $sanID = Invoke-Expression "$opensslBinary x509 -in $($userCrt) -ext subjectAltName -noout"
+                    $sanID = Invoke-Expression "$JCR_OPENSSL x509 -in $($userCrt) -ext subjectAltName -noout"
                     $regex = 'email:(.*?)$'
-                    $subjMatch = Select-String -InputObject "$($sanID)" -Pattern $regex
-                    $certIdentifier = $subjMatch.matches.Groups[1].value
+                    $JCR_SUBJECT_HEADERSMatch = Select-String -InputObject "$($sanID)" -Pattern $regex
+                    $certIdentifier = $JCR_SUBJECT_HEADERSMatch.matches.Groups[1].value
                     # in macOS search user certs by email
                     $macCertSearch = 'e'
                 }
                 'EmailDN' {
                     # Else set cert identifier to email of cert subject
                     $regex = 'emailAddress = (.*?)$'
-                    $subjMatch = Select-String -InputObject "$($certHash.Subject)" -Pattern $regex
-                    $certIdentifier = $subjMatch.matches.Groups[1].value
+                    $JCR_SUBJECT_HEADERSMatch = Select-String -InputObject "$($certHash.Subject)" -Pattern $regex
+                    $certIdentifier = $JCR_SUBJECT_HEADERSMatch.matches.Groups[1].value
                     # in macOS search user certs by email
                     $macCertSearch = 'e'
                 }
@@ -118,7 +118,7 @@ chmod 755 /tmp/$($user.userName)-client-signed.pfx
 currentUser=`$(/usr/bin/stat -f%Su /dev/console)
 currentUserUID=`$(id -u "`$currentUser")
 currentCertSN="$($certHash.serial)"
-networkSsid="$($NETWORKSSID)"
+networkSsid="$($JCR_NETWORKSSID)"
 # store orig case match value
 caseMatchOrigValue=`$(shopt -p nocasematch; true)
 # set to case-insensitive
@@ -173,7 +173,7 @@ if [[ "`$currentUser" ==  "`$userCompare" ]]; then
     fi
 
     if [[ `$import == true ]]; then
-        /bin/launchctl asuser "`$currentUserUID" sudo -iu "`$currentUser" /usr/bin/security import /tmp/$($user.userName)-client-signed.pfx -x -k /Users/$($user.localUsername)/Library/Keychains/login.keychain -P $JCUSERCERTPASS -T "/System/Library/SystemConfiguration/EAPOLController.bundle/Contents/Resources/eapolclient"
+        /bin/launchctl asuser "`$currentUserUID" sudo -iu "`$currentUser" /usr/bin/security import /tmp/$($user.userName)-client-signed.pfx -x -k /Users/$($user.localUsername)/Library/Keychains/login.keychain -P $JCR_USER_CERT_PASS -T "/System/Library/SystemConfiguration/EAPOLController.bundle/Contents/Resources/eapolclient"
         if [[ `$? -eq 0 ]]; then
             echo "Import Success"
             # get the SHA hash of the newly imported cert
@@ -191,7 +191,7 @@ if [[ "`$currentUser" ==  "`$userCompare" ]]; then
     fi
 
     # check if the cert secruity preference is set:
-    IFS=';' read -ra network <<< "`$networkSsid"
+    IFS=';' read -ra network <<< "`$JCR_NETWORKSSID"
     for i in "`${network[@]}"; do
         echo "begin setting network SSID: `$i"
         if /bin/launchctl asuser "`$currentUserUID" sudo -iu "`$currentUser" /usr/bin/security get-identity-preference -s "com.apple.network.eap.user.identity.wlan.ssid.`$i" -Z "`$installedCertSHA"; then
@@ -318,8 +318,8 @@ if (`$CurrentUser -eq "$($user.localUsername)") {
     }
     # expand archive as root and copy to temp location
     Expand-Archive -LiteralPath C:\Windows\Temp\$($user.userName)-client-signed.zip -DestinationPath C:\RadiusCert -Force
-    `$password = ConvertTo-SecureString -String $JCUSERCERTPASS -AsPlainText -Force
-    `$ScriptBlockInstall = { `$password = ConvertTo-SecureString -String $JCUSERCERTPASS -AsPlainText -Force
+    `$password = ConvertTo-SecureString -String $JCR_USER_CERT_PASS -AsPlainText -Force
+    `$ScriptBlockInstall = { `$password = ConvertTo-SecureString -String $JCR_USER_CERT_PASS -AsPlainText -Force
     Import-PfxCertificate -Password `$password -FilePath "C:\RadiusCert\$($user.userName)-client-signed.pfx" -CertStoreLocation Cert:\CurrentUser\My
     }
     `$imported = Get-PfxData -Password `$password -FilePath "C:\RadiusCert\$($user.userName)-client-signed.pfx"
diff --git a/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1 b/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1
index 4b4884b9f..7bd22c292 100644
--- a/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1
@@ -53,7 +53,7 @@ function Get-CertInfo {
                 # TODO: pscustomobject insted of hash
                 $certHash = @{}
                 # Use openssl to gather serial, subject, issuer, and enddate information
-                $certInfo = Invoke-Expression "$opensslBinary x509 -in $($foundCerts.Path) -enddate -serial -subject -issuer -noout"
+                $certInfo = Invoke-Expression "$JCR_OPENSSL x509 -in $($foundCerts.Path) -enddate -serial -subject -issuer -noout"
 
                 # Convert string data into a key/value pair
                 $certInfo | ForEach-Object {
@@ -77,7 +77,7 @@ function Get-CertInfo {
                     # Create hashtable to contain cert info
                     $certHash = [PSCustomObject]@{}
                     # Use openssl to gather serial, subject, issuer and enddate information
-                    $certInfo = Invoke-Expression "$opensslBinary x509 -in $($cert.Path) -enddate -serial -subject -issuer -fingerprint -sha1 -noout"
+                    $certInfo = Invoke-Expression "$JCR_OPENSSL x509 -in $($cert.Path) -enddate -serial -subject -issuer -fingerprint -sha1 -noout"
                     # Convert string data into a key/value pair
                     $certInfo | ForEach-Object {
                         $property = $_ | ConvertFrom-StringData
diff --git a/scripts/automation/Radius/Functions/Private/CertDeployment/Get-ExpiringCertInfo.ps1 b/scripts/automation/Radius/Functions/Private/CertDeployment/Get-ExpiringCertInfo.ps1
index 96229d877..7dfb6cc25 100644
--- a/scripts/automation/Radius/Functions/Private/CertDeployment/Get-ExpiringCertInfo.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertDeployment/Get-ExpiringCertInfo.ps1
@@ -1,10 +1,10 @@
 function Get-ExpiringCertInfo {
     param (
         $certInfo,
-        $cutoffDate
+        $JCR_WarningDays
     )
     process {
-        $expiringCerts = $certInfo | Where-Object -Property notAfter -LT $cutoffDate
+        $expiringCerts = $certInfo | Where-Object -Property notAfter -LT $JCR_WarningDays
     }
     end {
         return $expiringCerts
diff --git a/scripts/automation/Radius/Functions/Private/CertGeneration/Generate-UserCert.ps1 b/scripts/automation/Radius/Functions/Private/CertGeneration/Generate-UserCert.ps1
index 8669f5aaf..b68faf253 100644
--- a/scripts/automation/Radius/Functions/Private/CertGeneration/Generate-UserCert.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertGeneration/Generate-UserCert.ps1
@@ -4,7 +4,7 @@ function Generate-UserCert {
         [Parameter(HelpMessage = 'The type of certificate to generate, either: "EmailSAN", "EmailDN" or "UsernameCN"', Mandatory = $true)]
         [ValidateSet("EmailSAN", "EmailDn", "UsernameCN")]
         [system.String]
-        $CertType,
+        $JCR_CERT_TYPE,
         [Parameter(Mandatory = $true,
             HelpMessage = "Path to one or more locations.")]
         [ValidateNotNullOrEmpty()]
@@ -33,65 +33,65 @@ function Generate-UserCert {
     }
     process {
         # Set Extension Path
-        $ExtensionPath = "$JCScriptRoot/Extensions/extensions-$($CertType).cnf"
+        $ExtensionPath = "$JCScriptRoot/Extensions/extensions-$($JCR_CERT_TYPE).cnf"
         # User Certificate Signing Request:
         $userCSR = "$JCScriptRoot/UserCerts/$($user.username)-cert-req.csr"
         # Set key, crt, pfx variables:
-        $userKey = "$JCScriptRoot/UserCerts/$($user.username)-$($CertType)-client-signed.key"
-        $userCert = "$JCScriptRoot/UserCerts/$($user.username)-$($CertType)-client-signed-cert.crt"
+        $userKey = "$JCScriptRoot/UserCerts/$($user.username)-$($JCR_CERT_TYPE)-client-signed.key"
+        $userCert = "$JCScriptRoot/UserCerts/$($user.username)-$($JCR_CERT_TYPE)-client-signed-cert.crt"
         $userPfx = "$JCScriptRoot/UserCerts/$($user.username)-client-signed.pfx"
 
-        switch ($CertType) {
+        switch ($JCR_CERT_TYPE) {
             'EmailSAN' {
                 # replace extension subjectAltName
                 $extContent = Get-Content -Path $ExtensionPath -Raw
                 $extContent -replace ("subjectAltName.*", "subjectAltName = email:$($user.email)") | Set-Content -Path $ExtensionPath -NoNewline -Force
                 # Get CSR & Key
                 Write-Host "[status] Get CSR & Key"
-                Invoke-Expression "$opensslBinary req -newkey rsa:2048 -nodes -keyout $userKey -subj `"/C=$($subj.countryCode)/ST=$($subj.stateCode)/L=$($subj.Locality)/O=$($JCORGID)/OU=$($subj.OrganizationUnit)`" -out $userCSR"
+                Invoke-Expression "$JCR_OPENSSL req -newkey rsa:2048 -nodes -keyout $userKey -subj `"/C=$($JCR_SUBJECT_HEADERS.countryCode)/ST=$($JCR_SUBJECT_HEADERS.stateCode)/L=$($JCR_SUBJECT_HEADERS.Locality)/O=$($JCORGID)/OU=$($JCR_SUBJECT_HEADERS.OrganizationUnit)`" -out $userCSR"
 
                 # take signing request, make cert # specify extensions requets
                 Write-Host "[status] take signing request, make cert # specify extensions requets"
-                Invoke-Expression "$opensslBinary x509 -req -extfile $ExtensionPath -days $JCUSERCERTVALIDITY -in $userCSR -CA $rootCA -CAkey $rootCAKey -passin pass:$($env:certKeyPassword) -CAcreateserial -out $userCert -extensions v3_req"
+                Invoke-Expression "$JCR_OPENSSL x509 -req -extfile $ExtensionPath -days $JCR_USER_CERT_VALIDITY_DAYS -in $userCSR -CA $rootCA -CAkey $rootCAKey -passin pass:$($env:certKeyPassword) -CAcreateserial -out $userCert -extensions v3_req"
 
                 # validate the cert we cant see it once it goes to pfx
                 Write-Host "[status] validate the cert we cant see it once it goes to pfx"
-                Invoke-Expression "$opensslBinary x509 -noout -text -in $userCert"
+                Invoke-Expression "$JCR_OPENSSL x509 -noout -text -in $userCert"
                 # legacy needed if we take a cert like this then pass it out
                 Write-Host "[status] legacy needed if we take a cert like this then pass it out"
-                Invoke-Expression "$opensslBinary pkcs12 -export -out $userPfx -inkey $userKey -in $userCert -passout pass:$($JCUSERCERTPASS) -legacy"
+                Invoke-Expression "$JCR_OPENSSL pkcs12 -export -out $userPfx -inkey $userKey -in $userCert -passout pass:$($JCR_USER_CERT_PASS) -legacy"
             }
             'EmailDn' {
                 # Create Client cert with email in the subject distinguished name
-                Invoke-Expression "$opensslBinary genrsa -out $userKey 2048"
+                Invoke-Expression "$JCR_OPENSSL genrsa -out $userKey 2048"
                 # Generate User CSR
-                Invoke-Expression "$opensslBinary req -nodes -new -key $rootCAKey -passin pass:$($env:certKeyPassword) -out $($userCSR) -subj /C=$($subj.countryCode)/ST=$($subj.stateCode)/L=$($subj.Locality)/O=$($JCORGID)/OU=$($subj.OrganizationUnit)/CN=$($subj.CommonName)"
-                Invoke-Expression "$opensslBinary req -new -key $userKey -out $userCsr -config $ExtensionPath -subj `"/C=$($subj.countryCode)/ST=$($subj.stateCode)/L=$($subj.Locality)/O=$($JCORGID)/OU=$($subj.OrganizationUnit)/CN=/emailAddress=$($user.email)`""
+                Invoke-Expression "$JCR_OPENSSL req -nodes -new -key $rootCAKey -passin pass:$($env:certKeyPassword) -out $($userCSR) -subj /C=$($JCR_SUBJECT_HEADERS.countryCode)/ST=$($JCR_SUBJECT_HEADERS.stateCode)/L=$($JCR_SUBJECT_HEADERS.Locality)/O=$($JCORGID)/OU=$($JCR_SUBJECT_HEADERS.OrganizationUnit)/CN=$($JCR_SUBJECT_HEADERS.CommonName)"
+                Invoke-Expression "$JCR_OPENSSL req -new -key $userKey -out $userCsr -config $ExtensionPath -subj `"/C=$($JCR_SUBJECT_HEADERS.countryCode)/ST=$($JCR_SUBJECT_HEADERS.stateCode)/L=$($JCR_SUBJECT_HEADERS.Locality)/O=$($JCORGID)/OU=$($JCR_SUBJECT_HEADERS.OrganizationUnit)/CN=/emailAddress=$($user.email)`""
 
                 # Gennerate User Cert
-                Invoke-Expression "$opensslBinary x509 -req -in $userCsr -CA $rootCA -CAkey $rootCAKey -days $JCUSERCERTVALIDITY -passin pass:$($env:certKeyPassword) -CAcreateserial -out $userCert -extfile $ExtensionPath"
+                Invoke-Expression "$JCR_OPENSSL x509 -req -in $userCsr -CA $rootCA -CAkey $rootCAKey -days $JCR_USER_CERT_VALIDITY_DAYS -passin pass:$($env:certKeyPassword) -CAcreateserial -out $userCert -extfile $ExtensionPath"
 
                 # Combine key and cert to create pfx file
-                Invoke-Expression "$opensslBinary pkcs12 -export -out $userPfx -inkey $userKey -in $userCert -passout pass:$($JCUSERCERTPASS) -legacy"
+                Invoke-Expression "$JCR_OPENSSL pkcs12 -export -out $userPfx -inkey $userKey -in $userCert -passout pass:$($JCR_USER_CERT_PASS) -legacy"
                 # Output
-                Invoke-Expression "$opensslBinary x509 -noout -text -in $userCert"
-                # invoke-expression "$opensslBinary pkcs12 -clcerts -nokeys -in $userPfx -passin pass:$($JCUSERCERTPASS)"
+                Invoke-Expression "$JCR_OPENSSL x509 -noout -text -in $userCert"
+                # invoke-expression "$JCR_OPENSSL pkcs12 -clcerts -nokeys -in $userPfx -passin pass:$($JCR_USER_CERT_PASS)"
             }
             'UsernameCN' {
                 # Create Client cert with email in the subject distinguished name
-                Invoke-Expression "$opensslBinary genrsa -out $userKey 2048"
+                Invoke-Expression "$JCR_OPENSSL genrsa -out $userKey 2048"
                 # Generate User CSR
-                Invoke-Expression "$opensslBinary req -nodes -new -key $rootCAKey -passin pass:$($env:certKeyPassword) -out $($userCSR) -subj /C=$($subj.countryCode)/ST=$($subj.stateCode)/L=$($subj.Locality)/O=$($JCORGID)/OU=$($subj.OrganizationUnit)/CN=$($subj.CommonName)"
-                Invoke-Expression "$opensslBinary req -new -key $userKey -out $userCSR -config $ExtensionPath -subj `"/C=$($subj.countryCode)/ST=$($subj.stateCode)/L=$($subj.Locality)/O=$($JCORGID)/OU=$($subj.OrganizationUnit)/CN=$($user.username)`""
+                Invoke-Expression "$JCR_OPENSSL req -nodes -new -key $rootCAKey -passin pass:$($env:certKeyPassword) -out $($userCSR) -subj /C=$($JCR_SUBJECT_HEADERS.countryCode)/ST=$($JCR_SUBJECT_HEADERS.stateCode)/L=$($JCR_SUBJECT_HEADERS.Locality)/O=$($JCORGID)/OU=$($JCR_SUBJECT_HEADERS.OrganizationUnit)/CN=$($JCR_SUBJECT_HEADERS.CommonName)"
+                Invoke-Expression "$JCR_OPENSSL req -new -key $userKey -out $userCSR -config $ExtensionPath -subj `"/C=$($JCR_SUBJECT_HEADERS.countryCode)/ST=$($JCR_SUBJECT_HEADERS.stateCode)/L=$($JCR_SUBJECT_HEADERS.Locality)/O=$($JCORGID)/OU=$($JCR_SUBJECT_HEADERS.OrganizationUnit)/CN=$($user.username)`""
 
                 # Gennerate User Cert
-                Invoke-Expression "$opensslBinary x509 -req -in $userCSR -CA $rootCA -CAkey $rootCAKey -days $JCUSERCERTVALIDITY -CAcreateserial -passin pass:$($env:certKeyPassword) -out $userCert -extfile $ExtensionPath"
+                Invoke-Expression "$JCR_OPENSSL x509 -req -in $userCSR -CA $rootCA -CAkey $rootCAKey -days $JCR_USER_CERT_VALIDITY_DAYS -CAcreateserial -passin pass:$($env:certKeyPassword) -out $userCert -extfile $ExtensionPath"
 
                 # Combine key and cert to create pfx file
-                Invoke-Expression "$opensslBinary pkcs12 -export -out $userPfx -inkey $userKey -in $userCert -inkey $userKey -passout pass:$($JCUSERCERTPASS) -legacy"
+                Invoke-Expression "$JCR_OPENSSL pkcs12 -export -out $userPfx -inkey $userKey -in $userCert -inkey $userKey -passout pass:$($JCR_USER_CERT_PASS) -legacy"
                 # Output
-                Invoke-Expression "$opensslBinary x509 -noout -text -in $userCert"
-                # invoke-expression "$opensslBinary pkcs12 -clcerts -nokeys -in $userPfx -passin pass:$($JCUSERCERTPASS)"
+                Invoke-Expression "$JCR_OPENSSL x509 -noout -text -in $userCert"
+                # invoke-expression "$JCR_OPENSSL pkcs12 -clcerts -nokeys -in $userPfx -passin pass:$($JCR_USER_CERT_PASS)"
             }
         }
 
diff --git a/scripts/automation/Radius/Functions/Private/CertGeneration/Invoke-UserCertProcess.ps1 b/scripts/automation/Radius/Functions/Private/CertGeneration/Invoke-UserCertProcess.ps1
index 3ca46db2f..e2f2ee045 100644
--- a/scripts/automation/Radius/Functions/Private/CertGeneration/Invoke-UserCertProcess.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertGeneration/Invoke-UserCertProcess.ps1
@@ -10,7 +10,7 @@ Function Invoke-UserCertProcess {
         [Parameter(HelpMessage = 'The type of certificate to generate, either: "EmailSAN", "EmailDN" or "UsernameCN"', Mandatory)]
         [ValidateSet('EmailSAN', 'EmailDN', 'UsernameCN')]
         [System.String]
-        $certType,
+        $JCR_CERT_TYPE,
         # force replace existing certificate
         [Parameter(HelpMessage = 'When specified, existing certificates will be replaced')]
         [switch]
@@ -78,7 +78,7 @@ Function Invoke-UserCertProcess {
     process {
         # if writeCert, generate the cert
         if ($writeCert) {
-            Generate-UserCert -CertType $CertType -user $MatchedUser -rootCAKey "$JCScriptRoot/Cert/radius_ca_key.pem" -rootCA "$JCScriptRoot/Cert/radius_ca_cert.pem" *> /dev/null
+            Generate-UserCert -CertType $JCR_CERT_TYPE -user $MatchedUser -rootCAKey "$JCScriptRoot/Cert/radius_ca_key.pem" -rootCA "$JCScriptRoot/Cert/radius_ca_cert.pem" *> /dev/null
             # validate that the cert was written correctly:
             #TODO: validate and return as variable
         }
diff --git a/scripts/automation/Radius/Functions/Private/Menus/Show-RadiusMainMenu.ps1 b/scripts/automation/Radius/Functions/Private/Menus/Show-RadiusMainMenu.ps1
index 3a09a3e5e..3dc73e16f 100644
--- a/scripts/automation/Radius/Functions/Private/Menus/Show-RadiusMainMenu.ps1
+++ b/scripts/automation/Radius/Functions/Private/Menus/Show-RadiusMainMenu.ps1
@@ -6,18 +6,15 @@ function Show-RadiusMainMenu {
     $rootCAInfo = Get-CertInfo -rootCa
     $userCertInfo = Get-CertInfo -UserCerts
 
-    # Determine cut off date for expiring certs
-    $global:cutoffDate = (Get-Date).AddDays(15).Date
-
     # Find all certs that will expire between current date and cut off date
-    $Global:expiringCerts = Get-ExpiringCertInfo -certInfo $userCertInfo -cutoffDate $cutoffDate
+    $Global:expiringCerts = Get-ExpiringCertInfo -certInfo $userCertInfo -cutoffDate $JCR_WarningDays
 
     # Get UserGroup information from Config.ps1
-    $radiusUserGroup = Get-JcSdkUserGroup -Id $global:JCUSERGROUP | Select-Object Name
-    $radiusUserGroupMemberCount = (Get-JcSdkUserGroupMember -GroupId $global:JCUSERGROUP).Count
+    $radiusUserGroup = Get-JcSdkUserGroup -Id $Global:JCR_USER_GROUP | Select-Object Name
+    $radiusUserGroupMemberCount = (Get-JcSdkUserGroupMember -GroupId $Global:JCR_USER_GROUP).Count
 
     # Get SSID information from Config.ps1
-    $radiusSSID = $Global:NETWORKSSID.replace(';', ' ')
+    $radiusSSID = $Global:JCR_NETWORKSSID.replace(';', ' ')
 
     # Output for Users
     Clear-Host
diff --git a/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1 b/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
index 2606662e6..5260e5f77 100644
--- a/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
+++ b/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
@@ -90,7 +90,7 @@ function Get-JCRGlobalVars {
                 $users = Get-DynamicHash -Object User -returnProperties email, employeeIdentifier, department, suspended, location, Addresses, manager, sudo, Displayname, username, systemUsername
                 # $users | ForEach-Object { $_ | Add-Member -name "userId" -value $_ -Type NoteProperty -force }
                 # Get Radius membership list:
-                $radiusMembers = Get-JcSdkUserGroupMember -GroupId $Global:JCUSERGROUP
+                $radiusMembers = Get-JcSdkUserGroupMember -GroupId $Global:JCR_USER_GROUP
                 # add the username to the membership hash
                 $radiusMemberList = New-Object System.Collections.ArrayList
                 foreach ($member in $radiusMembers) {
diff --git a/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1 b/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1
index a531da5f4..8ecee1e5f 100644
--- a/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1
+++ b/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1
@@ -66,9 +66,9 @@ Function Start-GenerateRootCert {
     }
     # Save the pass phrase in the env:
     $env:certKeyPassword = $certKeyPass
-    Invoke-Expression "$opensslBinary req -x509 -newkey rsa:2048 -days 365 -keyout $outKey -out $outCA -passout pass:$($env:certKeyPassword) -subj /C=$($Subj.countryCode)/ST=$($Subj.stateCode)/L=$($Subj.Locality)/O=$($Subj.Organization)/OU=$($Subj.OrganizationUnit)/CN=$($Subj.CommonName)"
+    Invoke-Expression "$JCR_OPENSSL req -x509 -newkey rsa:2048 -days 365 -keyout $outKey -out $outCA -passout pass:$($env:certKeyPassword) -subj /C=$($JCR_SUBJECT_HEADERS.countryCode)/ST=$($JCR_SUBJECT_HEADERS.stateCode)/L=$($JCR_SUBJECT_HEADERS.Locality)/O=$($JCR_SUBJECT_HEADERS.Organization)/OU=$($JCR_SUBJECT_HEADERS.OrganizationUnit)/CN=$($JCR_SUBJECT_HEADERS.CommonName)"
     # REM PEM pass phrase: myorgpass
-    Invoke-Expression "$opensslBinary x509 -in $outCA -noout -text"
+    Invoke-Expression "$JCR_OPENSSL x509 -in $outCA -noout -text"
     # openssl x509 -in ca-cert.pem -noout -text
     # Update Extensions Distinguished Names:
     $exts = Get-ChildItem -Path "$JCScriptRoot/Extensions"
@@ -77,12 +77,12 @@ Function Start-GenerateRootCert {
         $extContent = Get-Content -Path $ext.FullName -Raw
         $reqDistinguishedName = @"
 [req_distinguished_name]
-C = $($subj.countryCode)
-ST = $($subj.stateCode)
-L = $($subj.Locality)
-O = $($subj.Organization)
-OU = $($subj.OrganizationUnit)
-CN = $($subj.CommonName)
+C = $($JCR_SUBJECT_HEADERS.countryCode)
+ST = $($JCR_SUBJECT_HEADERS.stateCode)
+L = $($JCR_SUBJECT_HEADERS.Locality)
+O = $($JCR_SUBJECT_HEADERS.Organization)
+OU = $($JCR_SUBJECT_HEADERS.OrganizationUnit)
+CN = $($JCR_SUBJECT_HEADERS.CommonName)
 
 "@
         $extContent -Replace ("\[req_distinguished_name\][\s\S]*(?=\[v3_req\])", $reqDistinguishedName) | Set-Content -Path $ext.FullName -NoNewline -Force
diff --git a/scripts/automation/Radius/Functions/Public/Start-GenerateUserCerts.ps1 b/scripts/automation/Radius/Functions/Public/Start-GenerateUserCerts.ps1
index db17d34ce..6411b6970 100644
--- a/scripts/automation/Radius/Functions/Public/Start-GenerateUserCerts.ps1
+++ b/scripts/automation/Radius/Functions/Public/Start-GenerateUserCerts.ps1
@@ -78,7 +78,7 @@ function Start-GenerateUserCerts {
                 # process all users, generate certificates for uses who do not yet have a certificate
                 # Get each RadiusMember User:
                 for ($i = 0; $i -lt $JCRRadiusMembers.count; $i++) {
-                    $result = Invoke-UserCertProcess -radiusMember $JCRRadiusMembers[$i] -certType $CertType
+                    $result = Invoke-UserCertProcess -radiusMember $JCRRadiusMembers[$i] -certType $JCR_CERT_TYPE
                     Show-RadiusProgress -completedItems ($i + 1) -totalItems $JCRRadiusMembers.count -ActionText "Generating Radius Certificates" -previousOperationResult $result
                 }
                 switch ($PSCmdlet.ParameterSetName) {
@@ -121,20 +121,20 @@ function Start-GenerateUserCerts {
                         $true {
                             switch ($PSCmdlet.ParameterSetName) {
                                 'gui' {
-                                    $result = Invoke-UserCertProcess -radiusMember $userObject -certType $CertType -forceReplaceCert
+                                    $result = Invoke-UserCertProcess -radiusMember $userObject -certType $JCR_CERT_TYPE -forceReplaceCert
                                 }
                                 'cli' {
-                                    $result = Invoke-UserCertProcess -radiusMember $userObject -certType $CertType -forceReplaceCert
+                                    $result = Invoke-UserCertProcess -radiusMember $userObject -certType $JCR_CERT_TYPE -forceReplaceCert
                                 }
                             }
                         }
                         $false {
                             switch ($PSCmdlet.ParameterSetName) {
                                 'gui' {
-                                    $result = Invoke-UserCertProcess -radiusMember $userObject -certType $CertType -Prompt
+                                    $result = Invoke-UserCertProcess -radiusMember $userObject -certType $JCR_CERT_TYPE -Prompt
                                 }
                                 'cli' {
-                                    $result = Invoke-UserCertProcess -radiusMember $userObject -certType $CertType
+                                    $result = Invoke-UserCertProcess -radiusMember $userObject -certType $JCR_CERT_TYPE
                                 }
                             }
                         }
@@ -168,7 +168,7 @@ function Start-GenerateUserCerts {
                 }
                 # Get each RadiusMember User:
                 for ($i = 0; $i -lt $JCRRadiusMembers.count; $i++) {
-                    $result = Invoke-UserCertProcess -radiusMember $JCRRadiusMembers[$i] -certType $CertType -forceReplaceCert
+                    $result = Invoke-UserCertProcess -radiusMember $JCRRadiusMembers[$i] -certType $JCR_CERT_TYPE -forceReplaceCert
                     Show-RadiusProgress -completedItems ($i + 1) -totalItems $JCRRadiusMembers.count -ActionText "Generating Radius Certificates" -previousOperationResult $result
                 }
                 switch ($PSCmdlet.ParameterSetName) {
@@ -184,20 +184,18 @@ function Start-GenerateUserCerts {
                 # TODO: if there are no certs set to expire in 'x' days inform when pressing this option
                 # recalculate expiring certs:
                 $userCertInfo = Get-CertInfo -UserCerts
-                $global:cutoffDate = (Get-Date).AddDays(15).Date
-                $Global:expiringCerts = Get-ExpiringCertInfo -certInfo $userCertInfo -cutoffDate $cutoffDate
+                $Global:expiringCerts = Get-ExpiringCertInfo -certInfo $userCertInfo -cutoffDate $JCR_WarningDays
                 for ($i = 0; $i -lt $ExpiringCerts.Count; $i++) {
                     $userCert = $ExpiringCerts[$i]
                     <# Action that will repeat until the condition is met #>
                     $userArrayIndex = $userArray.username.IndexOf($userCert.username)
                     $IdentifiedUser = $userArray[$userArrayIndex]
-                    $result = Invoke-UserCertProcess -radiusMember $IdentifiedUser -certType $CertType -forceReplaceCert
+                    $result = Invoke-UserCertProcess -radiusMember $IdentifiedUser -certType $JCR_CERT_TYPE -forceReplaceCert
                     Show-RadiusProgress -completedItems ($i + 1) -totalItems $ExpiringCerts.count -ActionText "Generating Radius Certificates" -previousOperationResult $result
 
                     # recalculate expiring certs:
                     $userCertInfo = Get-CertInfo -UserCerts
-                    $global:cutoffDate = (Get-Date).AddDays(15).Date
-                    $Global:expiringCerts = Get-ExpiringCertInfo -certInfo $userCertInfo -cutoffDate $cutoffDate
+                    $Global:expiringCerts = Get-ExpiringCertInfo -certInfo $userCertInfo -cutoffDate $JCR_WarningDays
                 }
                 switch ($PSCmdlet.ParameterSetName) {
                     'gui' {
diff --git a/scripts/automation/Radius/JumpCloud-Radius.psm1 b/scripts/automation/Radius/JumpCloud-Radius.psm1
index c07650b89..5612e8391 100644
--- a/scripts/automation/Radius/JumpCloud-Radius.psm1
+++ b/scripts/automation/Radius/JumpCloud-Radius.psm1
@@ -28,5 +28,9 @@ $global:JCScriptRoot = "$PSScriptRoot"
 # try to get the settings file, create new one if it does not exist:
 $global:JCRConfig = Get-JCRSettingsFile
 
+# Set expire warning days:
+$global:JCR_WarningDays = (Get-Date).AddDays($JCR_USER_CERT_EXPIRE_WARNING_DAYS
+).Date
+
 # Get global variables or update if necessary
 Get-JCRGlobalVars
diff --git a/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
index 5b9c6c724..65bd72e0f 100644
--- a/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
@@ -55,7 +55,7 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
             $user = New-RandomUser -Domain "pesterRadius" | New-JCUser
             $dateBefore = (Get-Date).ToString('MM/dd/yyyy HH:mm:ss')
 
-            Add-JCUserGroupMember -GroupID $Global:JCUSERGROUP -UserID $user.id
+            Add-JCUserGroupMember -GroupID $Global:JCR_USER_GROUP -UserID $user.id
 
             # update membership
             Get-JCRGlobalVars -skipAssociation -force
@@ -124,7 +124,7 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
             $user = New-RandomUser -Domain "pesterRadius" | New-JCUser
             $dateBefore = (Get-Date).ToString('MM/dd/yyyy HH:mm:ss')
             # add user to membership group
-            Add-JCUserGroupMember -GroupID $Global:JCUSERGROUP -UserID $user.id
+            Add-JCUserGroupMember -GroupID $Global:JCR_USER_GROUP -UserID $user.id
             # get random system
             $system = Get-JCSystem -os windows | Get-Random -Count 1
             Add-JCSystemUser -UserID $user.id -SystemID $system.id
@@ -150,7 +150,7 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
             $user = New-RandomUser -Domain "pesterRadius" | New-JCUser
             $dateBefore = (Get-Date).ToString('MM/dd/yyyy HH:mm:ss')
             # add user to membership group
-            Add-JCUserGroupMember -GroupID $Global:JCUSERGROUP -UserID $user.id
+            Add-JCUserGroupMember -GroupID $Global:JCR_USER_GROUP -UserID $user.id
             # get random system
             $system = Get-JCSystem -os windows | Get-Random -Count 1
             Add-JCSystemUser -UserID $user.id -SystemID $system.id
diff --git a/scripts/automation/Radius/Tests/Public/Start-GenerateRootCert.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Start-GenerateRootCert.Tests.ps1
index 7b1612fd3..d88cc606b 100644
--- a/scripts/automation/Radius/Tests/Public/Start-GenerateRootCert.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Start-GenerateRootCert.Tests.ps1
@@ -16,22 +16,22 @@ Describe "Generate Root Certifcate Tests" -Tag "GenerateRootCert" {
         $itemsAfter.BaseName | Should -Contain "radius_ca_key"
 
         #validate the subject matches what's defined in config:
-        $CA_subject = Invoke-Expression "$opensslBinary x509 -noout -in $JCScriptRoot/Cert/radius_ca_cert.pem -subject"
+        $CA_subject = Invoke-Expression "$JCR_OPENSSL x509 -noout -in $JCScriptRoot/Cert/radius_ca_cert.pem -subject"
         $CA_subject = $CA_subject.split("subject=").split(",")
-        ($CA_subject | Where-Object { $_ -match "C = " }) | Should -Match $Global:Subj.countryCode
-        ($CA_subject | Where-Object { $_ -match "ST = " }) | Should -Match $Global:Subj.stateCode
-        ($CA_subject | Where-Object { $_ -match "L = " }) | Should -Match $Global:Subj.Locality
-        ($CA_subject | Where-Object { $_ -match "O = " }) | Should -Match $Global:Subj.Organization
-        ($CA_subject | Where-Object { $_ -match "OU = " }) | Should -Match $Global:Subj.OrganizationUnit
-        ($CA_subject | Where-Object { $_ -match "CN = " }) | Should -Match $Global:Subj.CommonName
+        ($CA_subject | Where-Object { $_ -match "C = " }) | Should -Match $Global:JCR_SUBJECT_HEADERS.countryCode
+        ($CA_subject | Where-Object { $_ -match "ST = " }) | Should -Match $Global:JCR_SUBJECT_HEADERS.stateCode
+        ($CA_subject | Where-Object { $_ -match "L = " }) | Should -Match $Global:JCR_SUBJECT_HEADERS.Locality
+        ($CA_subject | Where-Object { $_ -match "O = " }) | Should -Match $Global:JCR_SUBJECT_HEADERS.Organization
+        ($CA_subject | Where-Object { $_ -match "OU = " }) | Should -Match $Global:JCR_SUBJECT_HEADERS.OrganizationUnit
+        ($CA_subject | Where-Object { $_ -match "CN = " }) | Should -Match $Global:JCR_SUBJECT_HEADERS.CommonName
     }
     Context "An existing certificate can be replaced" {
         # get existing cert serial:
-        $origSN = Invoke-Expression "$opensslBinary x509 -noout -in $JCScriptRoot/Cert/radius_ca_cert.pem -serial"
+        $origSN = Invoke-Expression "$JCR_OPENSSL x509 -noout -in $JCScriptRoot/Cert/radius_ca_cert.pem -serial"
         # force generate new CA
         Start-GenerateRootCert -forceReplcaeCert -certKeyPassword "newTest1234"
         # get new SN
-        $newSN = Invoke-Expression "$opensslBinary x509 -noout -in $JCScriptRoot/Cert/radius_ca_cert.pem -serial"
+        $newSN = Invoke-Expression "$JCR_OPENSSL x509 -noout -in $JCScriptRoot/Cert/radius_ca_cert.pem -serial"
         # the serial numbers of the cert should not be the same, i.e. a new cert has replaced the existing one
         $origSN | Should -Not -Be $newSN
         # both the key and the cert should be generated
@@ -40,14 +40,14 @@ Describe "Generate Root Certifcate Tests" -Tag "GenerateRootCert" {
         $itemsAfter.BaseName | Should -Contain "radius_ca_key"
 
         #validate the subject matches what's defined in config:
-        $CA_subject = Invoke-Expression "$opensslBinary x509 -noout -in $JCScriptRoot/Cert/radius_ca_cert.pem -subject"
+        $CA_subject = Invoke-Expression "$JCR_OPENSSL x509 -noout -in $JCScriptRoot/Cert/radius_ca_cert.pem -subject"
         $CA_subject = $CA_subject.split("subject=").split(",")
-        ($CA_subject | Where-Object { $_ -match "C = " }) | Should -Match $Global:Subj.countryCode
-        ($CA_subject | Where-Object { $_ -match "ST = " }) | Should -Match $Global:Subj.stateCode
-        ($CA_subject | Where-Object { $_ -match "L = " }) | Should -Match $Global:Subj.Locality
-        ($CA_subject | Where-Object { $_ -match "O = " }) | Should -Match $Global:Subj.Organization
-        ($CA_subject | Where-Object { $_ -match "OU = " }) | Should -Match $Global:Subj.OrganizationUnit
-        ($CA_subject | Where-Object { $_ -match "CN = " }) | Should -Match $Global:Subj.CommonName
+        ($CA_subject | Where-Object { $_ -match "C = " }) | Should -Match $Global:JCR_SUBJECT_HEADERS.countryCode
+        ($CA_subject | Where-Object { $_ -match "ST = " }) | Should -Match $Global:JCR_SUBJECT_HEADERS.stateCode
+        ($CA_subject | Where-Object { $_ -match "L = " }) | Should -Match $Global:JCR_SUBJECT_HEADERS.Locality
+        ($CA_subject | Where-Object { $_ -match "O = " }) | Should -Match $Global:JCR_SUBJECT_HEADERS.Organization
+        ($CA_subject | Where-Object { $_ -match "OU = " }) | Should -Match $Global:JCR_SUBJECT_HEADERS.OrganizationUnit
+        ($CA_subject | Where-Object { $_ -match "CN = " }) | Should -Match $Global:JCR_SUBJECT_HEADERS.CommonName
 
     }
     Context "An existing certificate can be renewed" {
diff --git a/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1
index c3960d7bc..dc1b282c0 100644
--- a/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1
@@ -33,7 +33,7 @@ Describe 'Generate User Cert Tests' -Tag "GenerateUserCerts" {
     Context 'Certs generated for newly added users' {
         beforeall {
             $user = New-RandomUser -Domain "pesterRadius" | New-JCUser
-            Add-JCUserGroupMember -GroupID $Global:JCUSERGROUP -UserID $user.id
+            Add-JCUserGroupMember -GroupID $Global:JCR_USER_GROUP -UserID $user.id
             $certs = Get-ChildItem -Path "$JCScriptRoot/UserCerts" -filter "$($user.username)*"
             # if user cert exists, for random user, remove:
             foreach ($cert in $certs) {
@@ -45,7 +45,7 @@ Describe 'Generate User Cert Tests' -Tag "GenerateUserCerts" {
             # Get the certs before
             $certsBefore = Get-ChildItem -Path "$JCScriptRoot/UserCerts"
             # add the new user to the radius group
-            Add-JCUserGroupMember -GroupID $Global:JCUSERGROUP -UserID $user.id
+            Add-JCUserGroupMember -GroupID $Global:JCR_USER_GROUP -UserID $user.id
             # update the cache
             Get-JCRGlobalVars -force -skipAssociation
             # wait just one moment before testing membership since we are writing a file
@@ -65,7 +65,7 @@ Describe 'Generate User Cert Tests' -Tag "GenerateUserCerts" {
             $UserCerts.fullname | where-object { $_ -match ".crt" } | Should -exist
             $UserCerts.fullname | where-object { $_ -match ".key" } | Should -exist
             # cleanup
-            Remove-JCUserGroupMember -GroupID $Global:JCUSERGROUP -UserID $user.id
+            Remove-JCUserGroupMember -GroupID $Global:JCR_USER_GROUP -UserID $user.id
             # update cache
             Get-JCRGlobalVars -force -skipAssociation
             # wait just one moment before testing membership since we are writing a file
@@ -84,7 +84,7 @@ Describe 'Generate User Cert Tests' -Tag "GenerateUserCerts" {
             $configPath = "$JCScriptRoot/config.ps1"
             $content = Get-Content -path $configPath
             # set the user cert validity to just 10 days
-            $content -replace ('\$Global:JCUSERCERTVALIDITY = *.+', '$Global:JCUSERCERTVALIDITY = 10') | Set-Content -Path $configPath
+            $content -replace ('\$Global:JCR_USER_CERT_VALIDITY_DAYS = *.+', '$Global:JCR_USER_CERT_VALIDITY_DAYS = 10') | Set-Content -Path $configPath
 
             # get user from membership list
             $RandomUsername = $global:JCRRadiusMembers.username | Get-Random -count 1
@@ -95,9 +95,8 @@ Describe 'Generate User Cert Tests' -Tag "GenerateUserCerts" {
             # Update Global Expiring list:
             $userCertInfo = Get-CertInfo -UserCerts
             # Determine cut off date for expiring certs
-            $global:cutoffDate = (Get-Date).AddDays(15).Date
             # Find all certs that will expire between current date and cut off date
-            $Global:expiringCerts = Get-ExpiringCertInfo -certInfo $userCertInfo -cutoffDate $cutoffDate
+            $Global:expiringCerts = Get-ExpiringCertInfo -certInfo $userCertInfo -cutoffDate $JCR_WarningDays
 
         }
         It 'Certs that are set to expire soon can be updated' {
@@ -106,7 +105,7 @@ Describe 'Generate User Cert Tests' -Tag "GenerateUserCerts" {
             # reset the validity counter
             $content = Get-Content -path $configPath
             # set the user cert validity to 90 days
-            $content -replace ('\$Global:JCUSERCERTVALIDITY = *.+', '$Global:JCUSERCERTVALIDITY = 90') | Set-Content -Path $configPath
+            $content -replace ('\$Global:JCR_USER_CERT_VALIDITY_DAYS = *.+', '$Global:JCR_USER_CERT_VALIDITY_DAYS = 90') | Set-Content -Path $configPath
             # Get the certs before generation minus the .zip if it exists
             $certsBefore = Get-ChildItem -Path "$JCScriptRoot/UserCerts" -Filter "$($RandomUsername)*" -Exclude "*.zip"
             # get the date before
@@ -116,7 +115,7 @@ Describe 'Generate User Cert Tests' -Tag "GenerateUserCerts" {
             Start-GenerateUserCerts -type ExpiringSoon -forceReplaceCerts
             # Update Global Expiring list:
             $userCertInfo = Get-CertInfo -UserCerts
-            $Global:expiringCerts = Get-ExpiringCertInfo -certInfo $userCertInfo -cutoffDate $cutoffDate
+            $Global:expiringCerts = Get-ExpiringCertInfo -certInfo $userCertInfo -cutoffDate $JCR_WarningDays
             # there should be no more certs left in the expiring cert var
             $Global:expiringCerts | Should -BeNullOrEmpty
             # Get the certs after generation minus the .zip if it exists
@@ -138,7 +137,7 @@ Describe 'Generate User Cert Tests' -Tag "GenerateUserCerts" {
             # reset the validity counter
             $content = Get-Content -path $configPath
             # set the user cert validity to 90 days
-            $content -replace ('\$Global:JCUSERCERTVALIDITY = *.+', '$Global:JCUSERCERTVALIDITY = 90') | Set-Content -Path $configPath
+            $content -replace ('\$Global:JCR_USER_CERT_VALIDITY_DAYS = *.+', '$Global:JCR_USER_CERT_VALIDITY_DAYS = 90') | Set-Content -Path $configPath
         }
 
 
diff --git a/scripts/automation/Radius/Tests/SetupRadiusOrg.ps1 b/scripts/automation/Radius/Tests/SetupRadiusOrg.ps1
index 5429018b6..60cc98ffc 100644
--- a/scripts/automation/Radius/Tests/SetupRadiusOrg.ps1
+++ b/scripts/automation/Radius/Tests/SetupRadiusOrg.ps1
@@ -47,7 +47,7 @@ Write-Warning "Updating Config File"
 $configPath = "$PSScriptRoot/../config.ps1"
 $configContent = Get-Content -path $configPath
 # Update the userGroupID:
-$configContent -replace ('\$Global:JCUSERGROUP = *.+', "`$Global:JCUSERGROUP = `"$($radiusUserGroup.id)`"") | Set-Content -Path $configPath
+$configContent -replace ('\$Global:JCR_USER_GROUP = *.+', "`$Global:JCR_USER_GROUP = `"$($radiusUserGroup.id)`"") | Set-Content -Path $configPath
 # update the openSSL path:
 if ($IsMacOS) {
     $brewList = brew list openssl@3
@@ -60,7 +60,7 @@ if ($IsMacOS) {
 
     Write-Warning "OpenSSL Version: $opensslVersion is installed via homebrew on this system; updating config:"
     $configContent = Get-Content -path $configPath
-    $configContent -replace ('\$Global:opensslBinary = *.+', "`$Global:opensslBinary = `"$($brewListBinary)`"") | Set-Content -Path $configPath
+    $configContent -replace ('\$Global:JCR_OPENSSL = *.+', "`$Global:JCR_OPENSSL = `"$($brewListBinary)`"") | Set-Content -Path $configPath
 }
 
 Import-Module "$psscriptRoot/../JumpCloud-Radius.psd1" -Force
\ No newline at end of file
diff --git a/scripts/automation/Radius/readme.md b/scripts/automation/Radius/readme.md
index 3e2af227c..4e000e357 100644
--- a/scripts/automation/Radius/readme.md
+++ b/scripts/automation/Radius/readme.md
@@ -22,14 +22,14 @@ macOS ships with a version of OpenSSL titled LibreSSL. LibreSSL is sufficient to
 
 To install the latest version of OpenSSL on mac, install the [Homebrew package manager](https://brew.sh/) and install the following [formulae](https://formulae.brew.sh/formula/openssl@3)
 
-Some packages or applications in macOS rely on the pre-configured LibreSSL distribution. To use the Homebrew distribution of OpenSSL in this project, simply change the `$global:openSSLBinary` variable to point to the Homebrew bin location ex:
+Some packages or applications in macOS rely on the pre-configured LibreSSL distribution. To use the Homebrew distribution of OpenSSL in this project, simply change the `$Global:JCR_OPENSSL` variable to point to the Homebrew bin location ex:
 
-In `Config.ps1` change `$opensslBinary` to point to `'/usr/local/Cellar/openssl@3/3.1.1/bin/openssl'`\*\*\*\*
+In `Config.ps1` change `$JCR_OPENSSL` to point to `'/usr/local/Cellar/openssl@3/3.1.1/bin/openssl'`\*\*\*\*
 
 ex:
 
 ```powershell
-$opensslBinary = '/usr/local/Cellar/openssl@3/3.1.1/bin/openssl'
+$JCR_OPENSSL = '/usr/local/Cellar/openssl@3/3.1.1/bin/openssl'
 ```
 
 ### Windows Requirements
@@ -69,7 +69,7 @@ Before Running the `Start-RadiusDeployment.ps1` script, the environment variable
 
 #### Set Your User Group ID
 
-Change the variable `$global:JCUSERGROUP` to the ID of the JumpCloud user group with access to the Radius server. To get the ID of a user group, navigate to the user group within the JumpCloud Administrator Console.
+Change the variable `$Global:JCR_USER_GROUP` to the ID of the JumpCloud user group with access to the Radius server. To get the ID of a user group, navigate to the user group within the JumpCloud Administrator Console.
 
 After selecting the User Group, view the url for the user group it should look similar to this url:
 `https://console.jumpcloud.com/#/groups/user/5f808a1bb544064831f7c9fb/details`
@@ -78,7 +78,7 @@ The ID of the selected userGroup is the 24 character string between `/user/` and
 
 #### Set your network SSID Name
 
-Change the variable `$global:NETWORKSSID` to the name of the SSID network your clients will connect to. On macOS hosts, the user certificate will be set to automatically authenticate to this SSID when the end user selects the WiFi Network. Multiple SSIDs can be provided as a single string with SSID names separated by a semicolon, ex: "CorpNetwork_Denver;CorpNetwork_Boulder;CorpNetwork_Boulder 5G;Guest Network". **Note: The SSID and user certificates are only associated with macOS system commands. This parameter does not affect windows generated commands**
+Change the variable `$Global:JCR_NETWORKSSID` to the name of the SSID network your clients will connect to. On macOS hosts, the user certificate will be set to automatically authenticate to this SSID when the end user selects the WiFi Network. Multiple SSIDs can be provided as a single string with SSID names separated by a semicolon, ex: "CorpNetwork_Denver;CorpNetwork_Boulder;CorpNetwork_Boulder 5G;Guest Network". **Note: The SSID and user certificates are only associated with macOS system commands. This parameter does not affect windows generated commands**
 
 #### Set the openSSL Binary location
 
@@ -86,15 +86,15 @@ Depending on the host system and how OpenSSL is installed, this variable can eit
 
 [For macOS systems](#macos-requirements), this will likely need to be set to the openSSL binary installation path like `'/opt/homebrew/opt/openssl@3/bin/openssl'` or `'/usr/local/Cellar/openssl@3/3.1.1/bin/openssl'` if installed through Homebrew.
 
-Else, for Windows systems, installing OpenSSL and setting an environment variable described in [Windows Requirements](#Windows-Requirements) should be sufficient. (i.e no additional changes to `$global:opensslBinary` necessary)
+Else, for Windows systems, installing OpenSSL and setting an environment variable described in [Windows Requirements](#Windows-Requirements) should be sufficient. (i.e no additional changes to `$Global:JCR_OPENSSL` necessary)
 
 #### Set Your Certificate Subject Headers
 
-Change the default values provided in the `$global:Subj` variable to Country, State, Locality, Organization, Organization Unit and Common Name values for your organization. **Note: subject headers must not contain spaces**
+Change the default values provided in the `$Global:JCR_SUBJECT_HEADERS` variable to Country, State, Locality, Organization, Organization Unit and Common Name values for your organization. **Note: subject headers must not contain spaces**
 
 #### Set Desired User Certificate Type
 
-Change the `$global:certType` variable to either `EmailSAN`, `EmailDN` or `UsernameCn`
+Change the `$Global:JCR_CERT_TYPE` variable to either `EmailSAN`, `EmailDN` or `UsernameCn`
 
 ##### Email Subject Alternative Name (EmailSAN)
 
@@ -174,7 +174,7 @@ After successful import or generation of a self signed CA, the CA's serial numbe
 
 ### User Cert Generation
 
-With the certificate authority generated/ imported, individual user certs can then be generated. The ID of the user group stored as the variable: `$global:JCUSERGROUP` is used to store JumpCloud users destined for passwordless Radius access. For each user in the group, a `.pfx` certificate will be generated in the `/projectDirectory/Radius/UserCerts/` directory. The user certificates are stored locally and monitored for expiration.
+With the certificate authority generated/ imported, individual user certs can then be generated. The ID of the user group stored as the variable: `$Global:JCR_USER_GROUP` is used to store JumpCloud users destined for passwordless Radius access. For each user in the group, a `.pfx` certificate will be generated in the `/projectDirectory/Radius/UserCerts/` directory. The user certificates are stored locally and monitored for expiration.
 
 If local user certificates are set to expire within 15 days, a notification is displayed on the main menu and the certificate generation window:
 
@@ -232,7 +232,7 @@ After a user's certificate has been distributed to a system, those users can the
 
 ### macOS
 
-If the `$global:NETWORKSSID` variable in `Config.ps1` was specified, macOS users will only be prompted once to let `eapolclient` access the private key from the installed certificate. If the end user selects `Always Allow`, the'll not be prompted to enter their password for the entire life cycle of the user certificate, only when new certificates are deployed will end users have to re-enter their login password.
+If the `$Global:JCR_NETWORKSSID` variable in `Config.ps1` was specified, macOS users will only be prompted once to let `eapolclient` access the private key from the installed certificate. If the end user selects `Always Allow`, the'll not be prompted to enter their password for the entire life cycle of the user certificate, only when new certificates are deployed will end users have to re-enter their login password.
 
 In macOS a user simply needs to select the radius network from the wireless networks dialog prompt. A prompt to select a user certificate should be displayed, select the user certificate from the drop down menu and click "OK"
 

From daeca953583f2fbd5960ff586716c01d7e8e5794 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Mon, 22 Jan 2024 19:44:40 -0700
Subject: [PATCH 039/346] global variables namespce

---
 .../Private/CertDeployment/Get-ExpiringCertInfo.ps1    |  4 ++--
 .../Private/CertGeneration/Generate-UserCert.ps1       | 10 +++++-----
 .../Private/CertGeneration/Invoke-UserCertProcess.ps1  |  2 +-
 .../Tests/Public/Start-GenerateRootCert.Tests.ps1      |  2 +-
 4 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Private/CertDeployment/Get-ExpiringCertInfo.ps1 b/scripts/automation/Radius/Functions/Private/CertDeployment/Get-ExpiringCertInfo.ps1
index 7dfb6cc25..96229d877 100644
--- a/scripts/automation/Radius/Functions/Private/CertDeployment/Get-ExpiringCertInfo.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertDeployment/Get-ExpiringCertInfo.ps1
@@ -1,10 +1,10 @@
 function Get-ExpiringCertInfo {
     param (
         $certInfo,
-        $JCR_WarningDays
+        $cutoffDate
     )
     process {
-        $expiringCerts = $certInfo | Where-Object -Property notAfter -LT $JCR_WarningDays
+        $expiringCerts = $certInfo | Where-Object -Property notAfter -LT $cutoffDate
     }
     end {
         return $expiringCerts
diff --git a/scripts/automation/Radius/Functions/Private/CertGeneration/Generate-UserCert.ps1 b/scripts/automation/Radius/Functions/Private/CertGeneration/Generate-UserCert.ps1
index b68faf253..7cc1f1cc6 100644
--- a/scripts/automation/Radius/Functions/Private/CertGeneration/Generate-UserCert.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertGeneration/Generate-UserCert.ps1
@@ -4,7 +4,7 @@ function Generate-UserCert {
         [Parameter(HelpMessage = 'The type of certificate to generate, either: "EmailSAN", "EmailDN" or "UsernameCN"', Mandatory = $true)]
         [ValidateSet("EmailSAN", "EmailDn", "UsernameCN")]
         [system.String]
-        $JCR_CERT_TYPE,
+        $certType,
         [Parameter(Mandatory = $true,
             HelpMessage = "Path to one or more locations.")]
         [ValidateNotNullOrEmpty()]
@@ -33,15 +33,15 @@ function Generate-UserCert {
     }
     process {
         # Set Extension Path
-        $ExtensionPath = "$JCScriptRoot/Extensions/extensions-$($JCR_CERT_TYPE).cnf"
+        $ExtensionPath = "$JCScriptRoot/Extensions/extensions-$($certType).cnf"
         # User Certificate Signing Request:
         $userCSR = "$JCScriptRoot/UserCerts/$($user.username)-cert-req.csr"
         # Set key, crt, pfx variables:
-        $userKey = "$JCScriptRoot/UserCerts/$($user.username)-$($JCR_CERT_TYPE)-client-signed.key"
-        $userCert = "$JCScriptRoot/UserCerts/$($user.username)-$($JCR_CERT_TYPE)-client-signed-cert.crt"
+        $userKey = "$JCScriptRoot/UserCerts/$($user.username)-$($certType)-client-signed.key"
+        $userCert = "$JCScriptRoot/UserCerts/$($user.username)-$($certType)-client-signed-cert.crt"
         $userPfx = "$JCScriptRoot/UserCerts/$($user.username)-client-signed.pfx"
 
-        switch ($JCR_CERT_TYPE) {
+        switch ($certType) {
             'EmailSAN' {
                 # replace extension subjectAltName
                 $extContent = Get-Content -Path $ExtensionPath -Raw
diff --git a/scripts/automation/Radius/Functions/Private/CertGeneration/Invoke-UserCertProcess.ps1 b/scripts/automation/Radius/Functions/Private/CertGeneration/Invoke-UserCertProcess.ps1
index e2f2ee045..92f20e019 100644
--- a/scripts/automation/Radius/Functions/Private/CertGeneration/Invoke-UserCertProcess.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertGeneration/Invoke-UserCertProcess.ps1
@@ -10,7 +10,7 @@ Function Invoke-UserCertProcess {
         [Parameter(HelpMessage = 'The type of certificate to generate, either: "EmailSAN", "EmailDN" or "UsernameCN"', Mandatory)]
         [ValidateSet('EmailSAN', 'EmailDN', 'UsernameCN')]
         [System.String]
-        $JCR_CERT_TYPE,
+        $certType,
         # force replace existing certificate
         [Parameter(HelpMessage = 'When specified, existing certificates will be replaced')]
         [switch]
diff --git a/scripts/automation/Radius/Tests/Public/Start-GenerateRootCert.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Start-GenerateRootCert.Tests.ps1
index d88cc606b..5f511c22b 100644
--- a/scripts/automation/Radius/Tests/Public/Start-GenerateRootCert.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Start-GenerateRootCert.Tests.ps1
@@ -29,7 +29,7 @@ Describe "Generate Root Certifcate Tests" -Tag "GenerateRootCert" {
         # get existing cert serial:
         $origSN = Invoke-Expression "$JCR_OPENSSL x509 -noout -in $JCScriptRoot/Cert/radius_ca_cert.pem -serial"
         # force generate new CA
-        Start-GenerateRootCert -forceReplcaeCert -certKeyPassword "newTest1234"
+        Start-GenerateRootCert -certKeyPassword "newTest1234"
         # get new SN
         $newSN = Invoke-Expression "$JCR_OPENSSL x509 -noout -in $JCScriptRoot/Cert/radius_ca_cert.pem -serial"
         # the serial numbers of the cert should not be the same, i.e. a new cert has replaced the existing one

From 2c18189bd10e9bd15e457fd5e5211714537e9de0 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Tue, 23 Jan 2024 09:46:12 -0700
Subject: [PATCH 040/346] order of expire cert calculation, once after re-write

---
 .../Radius/Functions/Public/Start-GenerateUserCerts.ps1        | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/scripts/automation/Radius/Functions/Public/Start-GenerateUserCerts.ps1 b/scripts/automation/Radius/Functions/Public/Start-GenerateUserCerts.ps1
index 6411b6970..811e32da2 100644
--- a/scripts/automation/Radius/Functions/Public/Start-GenerateUserCerts.ps1
+++ b/scripts/automation/Radius/Functions/Public/Start-GenerateUserCerts.ps1
@@ -184,6 +184,7 @@ function Start-GenerateUserCerts {
                 # TODO: if there are no certs set to expire in 'x' days inform when pressing this option
                 # recalculate expiring certs:
                 $userCertInfo = Get-CertInfo -UserCerts
+                # Get expiring certs:
                 $Global:expiringCerts = Get-ExpiringCertInfo -certInfo $userCertInfo -cutoffDate $JCR_WarningDays
                 for ($i = 0; $i -lt $ExpiringCerts.Count; $i++) {
                     $userCert = $ExpiringCerts[$i]
@@ -195,8 +196,8 @@ function Start-GenerateUserCerts {
 
                     # recalculate expiring certs:
                     $userCertInfo = Get-CertInfo -UserCerts
-                    $Global:expiringCerts = Get-ExpiringCertInfo -certInfo $userCertInfo -cutoffDate $JCR_WarningDays
                 }
+                $Global:expiringCerts = Get-ExpiringCertInfo -certInfo $userCertInfo -cutoffDate $JCR_WarningDays
                 switch ($PSCmdlet.ParameterSetName) {
                     'gui' {
                         Show-StatusMessage -Message "Finished Generating Certificates"

From a55bad36d947e80c0443382ae7224a96fa538cd5 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Tue, 23 Jan 2024 12:26:59 -0700
Subject: [PATCH 041/346] version on config

---
 scripts/automation/Radius/Config.ps1 | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/scripts/automation/Radius/Config.ps1 b/scripts/automation/Radius/Config.ps1
index a2bc6d1a8..c287225a2 100644
--- a/scripts/automation/Radius/Config.ps1
+++ b/scripts/automation/Radius/Config.ps1
@@ -37,7 +37,7 @@ $Global:JCR_CERT_TYPE = "UsernameCn"
 # Do not modify below
 ################################################################################
 
-$UserAgent_ModuleVersion = '1.1.0'
+$UserAgent_ModuleVersion = '2.0.0'
 $UserAgent_ModuleName = 'PasswordlessRadiusConfig'
 #Build the UserAgent string
 $UserAgent_ModuleName = "JumpCloud_$($UserAgent_ModuleName).PowerShellModule"
@@ -49,11 +49,11 @@ function Get-OpenSSLVersion {
     param (
         [Parameter()]
         [system.string]
-        $JCR_OPENSSL
+        $opensslBinary
     )
     begin {
         try {
-            $version = Invoke-Expression "& '$JCR_OPENSSL' version"
+            $version = Invoke-Expression "& '$opensslBinary' version"
         } catch {
             throw "Something went wrong... Could not find openssl or the path is incorrect. Please update the `$JCR_OPENSSL variable in the config.ps1 file to the correct path"
         }

From e6a024f6ccf2d26dcaba50316f46383c31ea7f60 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Mon, 5 Feb 2024 10:34:13 -0700
Subject: [PATCH 042/346] Cert Generation Tests + SN in Commands

---
 scripts/automation/Radius/Config.ps1          |   2 +-
 .../CertDeployment/Deploy-UserCertificate.ps1 |   6 +-
 .../CertGeneration/Invoke-UserCertProcess.ps1 |  10 ++
 .../Public/Start-DeployUserCerts.Tests.ps1    | 111 ++++++++++++++++++
 4 files changed, 125 insertions(+), 4 deletions(-)

diff --git a/scripts/automation/Radius/Config.ps1 b/scripts/automation/Radius/Config.ps1
index c287225a2..346610ca1 100644
--- a/scripts/automation/Radius/Config.ps1
+++ b/scripts/automation/Radius/Config.ps1
@@ -12,7 +12,7 @@ $Global:JCR_USER_CERT_EXPIRE_WARNING_DAYS = 15
 # For Multiple SSIDs enter as a single string separated by a semicolon  ex:
 # "CorpNetwork_Denver;CorpNetwork_Boulder;CorpNetwork_Boulder 5G;Guest Network"
 $Global:JCR_NETWORKSSID = "YOUR_SSID"
-# OpenSSLBinary by default this is (openssl)
+# JCR_OPENSSL by default this is (openssl)
 # NOTE: If openssl does not work, try using the full path to the openssl file
 # MacOS HomeBrew Example: '/usr/local/Cellar/openssl@3/3.1.1/bin/openssl'
 $Global:JCR_OPENSSL = 'openssl'
diff --git a/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1 b/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
index e81a7c3ef..11d50f229 100644
--- a/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
@@ -79,7 +79,7 @@ function Deploy-UserCertificate {
                 'EmailDN' {
                     # Else set cert identifier to email of cert subject
                     $regex = 'emailAddress = (.*?)$'
-                    $JCR_SUBJECT_HEADERSMatch = Select-String -InputObject "$($certHash.Subject)" -Pattern $regex
+                    $JCR_SUBJECT_HEADERSMatch = Select-String -InputObject "$($certInfo.Subject)" -Pattern $regex
                     $certIdentifier = $JCR_SUBJECT_HEADERSMatch.matches.Groups[1].value
                     # in macOS search user certs by email
                     $macCertSearch = 'e'
@@ -117,7 +117,7 @@ unzip -o /tmp/$($user.userName)-client-signed.zip -d /tmp
 chmod 755 /tmp/$($user.userName)-client-signed.pfx
 currentUser=`$(/usr/bin/stat -f%Su /dev/console)
 currentUserUID=`$(id -u "`$currentUser")
-currentCertSN="$($certHash.serial)"
+currentCertSN="$($certInfo.serial)"
 networkSsid="$($JCR_NETWORKSSID)"
 # store orig case match value
 caseMatchOrigValue=`$(shopt -p nocasematch; true)
@@ -329,7 +329,7 @@ if (`$CurrentUser -eq "$($user.localUsername)") {
 
         foreach (`$cert in `$certs){
             if (`$cert.subject -match "$($certIdentifier)") {
-                if (`$(`$cert.serialNumber) -eq "$($certHash.serial)"){
+                if (`$(`$cert.serialNumber) -eq "$($certInfo.serial)"){
                     write-host "Found Cert:``nCert SN: `$(`$cert.serialNumber)"
                 } else {
                     write-host "Removing Cert:``nCert SN: `$(`$cert.serialNumber)"
diff --git a/scripts/automation/Radius/Functions/Private/CertGeneration/Invoke-UserCertProcess.ps1 b/scripts/automation/Radius/Functions/Private/CertGeneration/Invoke-UserCertProcess.ps1
index 92f20e019..939f203b3 100644
--- a/scripts/automation/Radius/Functions/Private/CertGeneration/Invoke-UserCertProcess.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertGeneration/Invoke-UserCertProcess.ps1
@@ -81,6 +81,16 @@ Function Invoke-UserCertProcess {
             Generate-UserCert -CertType $JCR_CERT_TYPE -user $MatchedUser -rootCAKey "$JCScriptRoot/Cert/radius_ca_key.pem" -rootCA "$JCScriptRoot/Cert/radius_ca_cert.pem" *> /dev/null
             # validate that the cert was written correctly:
             #TODO: validate and return as variable
+
+            #TODO: cert should be written with $JCR_CERT_TYPE, if other certs exist, remove them.
+            $CertInfo = Get-CertInfo -UserCerts -username $MatchedUser.username
+            if ($CertInfo.count -gt 1) {
+                $foundCerts = Get-ChildItem -path "$JCScriptRoot/UserCerts/$($MatchedUser.username)-*.crt"
+                $orderedCerts = $founDcerts | Sort-Object -Property LastWriteTime -Descending | select -Skip 1
+                foreach ($cert in $orderedCerts) {
+                    Remove-Item $cert.FullName
+                }
+            }
         }
 
         # generate the cert depending if -force or if new
diff --git a/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
index 65bd72e0f..68c1e11ad 100644
--- a/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
@@ -191,4 +191,115 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
         }
 
     }
+    Context 'Cert Commands are generated for EmailSAN, EmailDN, UsernameCn type certs' {
+        BeforeAll {
+            # Member content | Get the user with 2 system associations mac and windows
+            $certTypeUser = $Global:JCRRadiusMembers | Get-Random -Count 1
+            while ($Global:JCRAssociations[$($certTypeUser.userID)].systemAssociations.count -ne 2) {
+                $certTypeUser = $Global:JCRRadiusMembers | Get-Random -Count 1
+            }
+        }
+        It 'EmailSAN certs are created and command generated with correct identifiers' {
+            # Set config
+            $configPath = "$JCScriptRoot/config.ps1"
+            $content = Get-Content -path $configPath
+            # set the user cert validity to just 10 days
+            $content -replace ('\$Global:JCR_CERT_TYPE = *.+', '$Global:JCR_CERT_TYPE = "EmailSAN"') | Set-Content -Path $configPath
+            # Get Cert Before
+            $CertInfoBefore = Get-CertInfo -UserCerts -username $certTypeUser.username
+            # Generate the user cert:
+            Start-GenerateUserCerts -type ByUsername -username $($certTypeUser.username) -forceReplaceCerts
+            # CertInfo After
+            $CertInfoAfter = Get-CertInfo -UserCerts -username $certTypeUser.username
+            # Cert Subject headers should be contain required EmailSAN identifier:
+            $CertInfoBefore.subject | Should -Not -Be $CertInfoAfter
+            $foundCert = Get-ChildItem -path "$JCScriptRoot/UserCerts/$($certTypeUser.username)-EmailSAN*.crt"
+            $foundCert.count | Should -Be 1
+            $CertSANInfo = Invoke-Expression "$JCR_OPENSSL x509 -in $($foundCert.fullname) -ext subjectAltName -noout"
+            # The cert info should contain the subject alternative name of the user's email
+            $CertSANInfo -match "email:" | Should -match "email:$($Global:JCRUsers[$($certTypeUser.userID)].email)"
+            # Create the new commands
+            Start-DeployUserCerts -type ByUsername -username $certTypeUser.username
+            # Go fetch the mac command for the user
+            $macCommand = Get-JCCommand -name "RadiusCert-Install:$($certTypeUser.username):MacOSX"
+            $windowsCommand = Get-JCCommand -name "RadiusCert-Install:$($certTypeUser.username):Windows"
+
+            # macCommand should contain SN
+            $snPattern = 'currentCertSN=\"(.*)\"'
+            $snMacMatch = $macCommand.Command | Select-String -Pattern $snPattern
+            $snMacMatch.matches.groups[1].value | Should -Be $CertInfoAfter.serial
+            # windows should contain SN
+            $snPattern = '\(\$\(\$cert\.serialNumber\) -eq \"(.*)\"\)'
+            $snWinMatch = $windowsCommand.Command | Select-String -Pattern $snPattern
+            $snWinMatch.matches.groups[1].value | Should -Be $CertInfoAfter.serial
+        }
+        It 'EmailDN certs are created and command generated with correct identifiers' {
+            # Set config
+            $configPath = "$JCScriptRoot/config.ps1"
+            $content = Get-Content -path $configPath
+            # set the cert type
+            $content -replace ('\$Global:JCR_CERT_TYPE = *.+', '$Global:JCR_CERT_TYPE = "EmailDN"') | Set-Content -Path $configPath
+            # Get Cert Before
+            $CertInfoBefore = Get-CertInfo -UserCerts -username $certTypeUser.username
+            # Generate the user cert:
+            Start-GenerateUserCerts -type ByUsername -username $($certTypeUser.username) -forceReplaceCerts
+            # CertInfo After
+            $CertInfoAfter = Get-CertInfo -UserCerts -username $certTypeUser.username
+            # Cert Subject headers should be contain required EmailDN identifier:
+            $CertInfoBefore.subject | Should -Not -Be $CertInfoAfter
+            $CertInfoAfter.subject | Should -Match "emailAddress = $($Global:JCRUsers[$($certTypeUser.userID)].email)"
+            # Create the new commands
+            Start-DeployUserCerts -type ByUsername -username $certTypeUser.username
+            # Go fetch the mac command for the user
+            $macCommand = Get-JCCommand -name "RadiusCert-Install:$($certTypeUser.username):MacOSX"
+            $windowsCommand = Get-JCCommand -name "RadiusCert-Install:$($certTypeUser.username):Windows"
+
+            # macCommand should contain SN
+            $snPattern = 'currentCertSN=\"(.*)\"'
+            $snMacMatch = $macCommand.Command | Select-String -Pattern $snPattern
+            $snMacMatch.matches.groups[1].value | Should -Be $CertInfoAfter.serial
+            # windows should contain SN
+            $snPattern = '\(\$\(\$cert\.serialNumber\) -eq \"(.*)\"\)'
+            $snWinMatch = $windowsCommand.Command | Select-String -Pattern $snPattern
+            $snWinMatch.matches.groups[1].value | Should -Be $CertInfoAfter.serial
+        }
+        It 'UsernameCn certs are created and command generated with correct identifiers' {
+            # Set config
+            $configPath = "$JCScriptRoot/config.ps1"
+            $content = Get-Content -path $configPath
+            # set the cert type
+            $content -replace ('\$Global:JCR_CERT_TYPE = *.+', '$Global:JCR_CERT_TYPE = "UsernameCn"') | Set-Content -Path $configPath
+            # Get Cert Before
+            $CertInfoBefore = Get-CertInfo -UserCerts -username $certTypeUser.username
+            # Generate the user cert:
+            Start-GenerateUserCerts -type ByUsername -username $($certTypeUser.username) -forceReplaceCerts
+            # CertInfo After
+            $CertInfoAfter = Get-CertInfo -UserCerts -username $certTypeUser.username
+            # Cert Subject headers should be contain required UsernameCn identifier:
+            $CertInfoBefore.subject | Should -Not -Be $CertInfoAfter
+            $CertInfoAfter.subject | Should -Match "CN = $($certTypeUser.username)"
+            # Create the new commands
+            Start-DeployUserCerts -type ByUsername -username $certTypeUser.username
+            # Go fetch the mac command for the user
+            $macCommand = Get-JCCommand -name "RadiusCert-Install:$($certTypeUser.username):MacOSX"
+            $windowsCommand = Get-JCCommand -name "RadiusCert-Install:$($certTypeUser.username):Windows"
+
+            # macCommand should contain SN
+            $snPattern = 'currentCertSN=\"(.*)\"'
+            $snMacMatch = $macCommand.Command | Select-String -Pattern $snPattern
+            $snMacMatch.matches.groups[1].value | Should -Be $CertInfoAfter.serial
+            # windows should contain SN
+            $snPattern = '\(\$\(\$cert\.serialNumber\) -eq \"(.*)\"\)'
+            $snWinMatch = $windowsCommand.Command | Select-String -Pattern $snPattern
+            $snWinMatch.matches.groups[1].value | Should -Be $CertInfoAfter.serial
+
+        }
+        AfterAll {
+            # Set config
+            $configPath = "$JCScriptRoot/config.ps1"
+            $content = Get-Content -path $configPath
+            # set the cert type
+            $content -replace ('\$Global:JCR_CERT_TYPE = *.+', '$Global:JCR_CERT_TYPE = UsernameCn') | Set-Content -Path $configPath
+        }
+    }
 }
\ No newline at end of file

From fe0bf6d2dc2771e12ed589e5995b1432ac5f6b8b Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 7 Feb 2024 13:30:37 -0700
Subject: [PATCH 043/346] support for spaces in filepath + settings file
 generation

---
 .../Private/CertDeployment/Get-CertInfo.ps1   |  4 +-
 .../CertGeneration/Generate-UserCert.ps1      | 44 +++++++++----------
 .../Private/Settings/New-JCRSettingsFile.ps1  |  8 +---
 .../Public/Start-GenerateRootCert.ps1         |  4 +-
 4 files changed, 28 insertions(+), 32 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1 b/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1
index 7bd22c292..6ef4851c9 100644
--- a/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1
@@ -53,7 +53,7 @@ function Get-CertInfo {
                 # TODO: pscustomobject insted of hash
                 $certHash = @{}
                 # Use openssl to gather serial, subject, issuer, and enddate information
-                $certInfo = Invoke-Expression "$JCR_OPENSSL x509 -in $($foundCerts.Path) -enddate -serial -subject -issuer -noout"
+                $certInfo = Invoke-Expression "$JCR_OPENSSL x509 -in `"$($foundCerts.Path)`" -enddate -serial -subject -issuer -noout"
 
                 # Convert string data into a key/value pair
                 $certInfo | ForEach-Object {
@@ -77,7 +77,7 @@ function Get-CertInfo {
                     # Create hashtable to contain cert info
                     $certHash = [PSCustomObject]@{}
                     # Use openssl to gather serial, subject, issuer and enddate information
-                    $certInfo = Invoke-Expression "$JCR_OPENSSL x509 -in $($cert.Path) -enddate -serial -subject -issuer -fingerprint -sha1 -noout"
+                    $certInfo = Invoke-Expression "$JCR_OPENSSL x509 -in `"$($cert.Path)`" -enddate -serial -subject -issuer -fingerprint -sha1 -noout"
                     # Convert string data into a key/value pair
                     $certInfo | ForEach-Object {
                         $property = $_ | ConvertFrom-StringData
diff --git a/scripts/automation/Radius/Functions/Private/CertGeneration/Generate-UserCert.ps1 b/scripts/automation/Radius/Functions/Private/CertGeneration/Generate-UserCert.ps1
index 7cc1f1cc6..2767ef5d7 100644
--- a/scripts/automation/Radius/Functions/Private/CertGeneration/Generate-UserCert.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertGeneration/Generate-UserCert.ps1
@@ -44,62 +44,62 @@ function Generate-UserCert {
         switch ($certType) {
             'EmailSAN' {
                 # replace extension subjectAltName
-                $extContent = Get-Content -Path $ExtensionPath -Raw
-                $extContent -replace ("subjectAltName.*", "subjectAltName = email:$($user.email)") | Set-Content -Path $ExtensionPath -NoNewline -Force
+                $extContent = Get-Content -Path `"$ExtensionPath`" -Raw
+                $extContent -replace ("subjectAltName.*", "subjectAltName = email:$($user.email)") | Set-Content -Path `"$ExtensionPath`" -NoNewline -Force
                 # Get CSR & Key
                 Write-Host "[status] Get CSR & Key"
-                Invoke-Expression "$JCR_OPENSSL req -newkey rsa:2048 -nodes -keyout $userKey -subj `"/C=$($JCR_SUBJECT_HEADERS.countryCode)/ST=$($JCR_SUBJECT_HEADERS.stateCode)/L=$($JCR_SUBJECT_HEADERS.Locality)/O=$($JCORGID)/OU=$($JCR_SUBJECT_HEADERS.OrganizationUnit)`" -out $userCSR"
+                Invoke-Expression "$JCR_OPENSSL req -newkey rsa:2048 -nodes -keyout `"$userKey`" -subj `"/C=$($JCR_SUBJECT_HEADERS.countryCode)/ST=$($JCR_SUBJECT_HEADERS.stateCode)/L=$($JCR_SUBJECT_HEADERS.Locality)/O=$($JCORGID)/OU=$($JCR_SUBJECT_HEADERS.OrganizationUnit)`" -out `"$userCsr`""
 
                 # take signing request, make cert # specify extensions requets
                 Write-Host "[status] take signing request, make cert # specify extensions requets"
-                Invoke-Expression "$JCR_OPENSSL x509 -req -extfile $ExtensionPath -days $JCR_USER_CERT_VALIDITY_DAYS -in $userCSR -CA $rootCA -CAkey $rootCAKey -passin pass:$($env:certKeyPassword) -CAcreateserial -out $userCert -extensions v3_req"
+                Invoke-Expression "$JCR_OPENSSL x509 -req -extfile `"$ExtensionPath`" -days $JCR_USER_CERT_VALIDITY_DAYS -in `"$userCsr`" -CA `"$rootCA`" -CAkey `"$rootCAKey`" -passin pass:$($env:certKeyPassword) -CAcreateserial -out `"$userCert`" -extensions v3_req"
 
                 # validate the cert we cant see it once it goes to pfx
                 Write-Host "[status] validate the cert we cant see it once it goes to pfx"
-                Invoke-Expression "$JCR_OPENSSL x509 -noout -text -in $userCert"
+                Invoke-Expression "$JCR_OPENSSL x509 -noout -text -in `"$userCert`""
                 # legacy needed if we take a cert like this then pass it out
                 Write-Host "[status] legacy needed if we take a cert like this then pass it out"
-                Invoke-Expression "$JCR_OPENSSL pkcs12 -export -out $userPfx -inkey $userKey -in $userCert -passout pass:$($JCR_USER_CERT_PASS) -legacy"
+                Invoke-Expression "$JCR_OPENSSL pkcs12 -export -out `"$userPfx`" -inkey `"$userKey`" -in `"$userCert`" -passout pass:$($JCR_USER_CERT_PASS) -legacy"
             }
             'EmailDn' {
                 # Create Client cert with email in the subject distinguished name
-                Invoke-Expression "$JCR_OPENSSL genrsa -out $userKey 2048"
+                Invoke-Expression "$JCR_OPENSSL genrsa -out `"$userKey`" 2048"
                 # Generate User CSR
-                Invoke-Expression "$JCR_OPENSSL req -nodes -new -key $rootCAKey -passin pass:$($env:certKeyPassword) -out $($userCSR) -subj /C=$($JCR_SUBJECT_HEADERS.countryCode)/ST=$($JCR_SUBJECT_HEADERS.stateCode)/L=$($JCR_SUBJECT_HEADERS.Locality)/O=$($JCORGID)/OU=$($JCR_SUBJECT_HEADERS.OrganizationUnit)/CN=$($JCR_SUBJECT_HEADERS.CommonName)"
-                Invoke-Expression "$JCR_OPENSSL req -new -key $userKey -out $userCsr -config $ExtensionPath -subj `"/C=$($JCR_SUBJECT_HEADERS.countryCode)/ST=$($JCR_SUBJECT_HEADERS.stateCode)/L=$($JCR_SUBJECT_HEADERS.Locality)/O=$($JCORGID)/OU=$($JCR_SUBJECT_HEADERS.OrganizationUnit)/CN=/emailAddress=$($user.email)`""
+                Invoke-Expression "$JCR_OPENSSL req -nodes -new -key `"$rootCAKey`" -passin pass:$($env:certKeyPassword) -out `"$userCsr`" -subj /C=$($JCR_SUBJECT_HEADERS.countryCode)/ST=$($JCR_SUBJECT_HEADERS.stateCode)/L=$($JCR_SUBJECT_HEADERS.Locality)/O=$($JCORGID)/OU=$($JCR_SUBJECT_HEADERS.OrganizationUnit)/CN=$($JCR_SUBJECT_HEADERS.CommonName)"
+                Invoke-Expression "$JCR_OPENSSL req -new -key `"$userKey`" -out `"$userCsr`" -config `"$ExtensionPath`" -subj `"/C=$($JCR_SUBJECT_HEADERS.countryCode)/ST=$($JCR_SUBJECT_HEADERS.stateCode)/L=$($JCR_SUBJECT_HEADERS.Locality)/O=$($JCORGID)/OU=$($JCR_SUBJECT_HEADERS.OrganizationUnit)/CN=/emailAddress=$($user.email)`""
 
                 # Gennerate User Cert
-                Invoke-Expression "$JCR_OPENSSL x509 -req -in $userCsr -CA $rootCA -CAkey $rootCAKey -days $JCR_USER_CERT_VALIDITY_DAYS -passin pass:$($env:certKeyPassword) -CAcreateserial -out $userCert -extfile $ExtensionPath"
+                Invoke-Expression "$JCR_OPENSSL x509 -req -in `"$userCsr`" -CA `"$rootCA`" -CAkey `"$rootCAKey`" -days $JCR_USER_CERT_VALIDITY_DAYS -passin pass:$($env:certKeyPassword) -CAcreateserial -out `"$userCert`" -extfile `"$ExtensionPath`""
 
                 # Combine key and cert to create pfx file
-                Invoke-Expression "$JCR_OPENSSL pkcs12 -export -out $userPfx -inkey $userKey -in $userCert -passout pass:$($JCR_USER_CERT_PASS) -legacy"
+                Invoke-Expression "$JCR_OPENSSL pkcs12 -export -out `"$userPfx`" -inkey `"$userKey`" -in `"$userCert`" -passout pass:$($JCR_USER_CERT_PASS) -legacy"
                 # Output
-                Invoke-Expression "$JCR_OPENSSL x509 -noout -text -in $userCert"
-                # invoke-expression "$JCR_OPENSSL pkcs12 -clcerts -nokeys -in $userPfx -passin pass:$($JCR_USER_CERT_PASS)"
+                Invoke-Expression "$JCR_OPENSSL x509 -noout -text -in `"$userCert`""
+                # invoke-expression "$JCR_OPENSSL pkcs12 -clcerts -nokeys -in `"$userPfx`" -passin pass:$($JCR_USER_CERT_PASS)"
             }
             'UsernameCN' {
                 # Create Client cert with email in the subject distinguished name
-                Invoke-Expression "$JCR_OPENSSL genrsa -out $userKey 2048"
+                Invoke-Expression "$JCR_OPENSSL genrsa -out `"$userKey`" 2048"
                 # Generate User CSR
-                Invoke-Expression "$JCR_OPENSSL req -nodes -new -key $rootCAKey -passin pass:$($env:certKeyPassword) -out $($userCSR) -subj /C=$($JCR_SUBJECT_HEADERS.countryCode)/ST=$($JCR_SUBJECT_HEADERS.stateCode)/L=$($JCR_SUBJECT_HEADERS.Locality)/O=$($JCORGID)/OU=$($JCR_SUBJECT_HEADERS.OrganizationUnit)/CN=$($JCR_SUBJECT_HEADERS.CommonName)"
-                Invoke-Expression "$JCR_OPENSSL req -new -key $userKey -out $userCSR -config $ExtensionPath -subj `"/C=$($JCR_SUBJECT_HEADERS.countryCode)/ST=$($JCR_SUBJECT_HEADERS.stateCode)/L=$($JCR_SUBJECT_HEADERS.Locality)/O=$($JCORGID)/OU=$($JCR_SUBJECT_HEADERS.OrganizationUnit)/CN=$($user.username)`""
+                Invoke-Expression "$JCR_OPENSSL req -nodes -new -key `"$rootCAKey`" -passin pass:$($env:certKeyPassword) -out `"$userCsr`" -subj /C=$($JCR_SUBJECT_HEADERS.countryCode)/ST=$($JCR_SUBJECT_HEADERS.stateCode)/L=$($JCR_SUBJECT_HEADERS.Locality)/O=$($JCORGID)/OU=$($JCR_SUBJECT_HEADERS.OrganizationUnit)/CN=$($JCR_SUBJECT_HEADERS.CommonName)"
+                Invoke-Expression "$JCR_OPENSSL req -new -key `"$userKey`" -out `"$userCsr`" -config `"$ExtensionPath`" -subj `"/C=$($JCR_SUBJECT_HEADERS.countryCode)/ST=$($JCR_SUBJECT_HEADERS.stateCode)/L=$($JCR_SUBJECT_HEADERS.Locality)/O=$($JCORGID)/OU=$($JCR_SUBJECT_HEADERS.OrganizationUnit)/CN=$($user.username)`""
 
                 # Gennerate User Cert
-                Invoke-Expression "$JCR_OPENSSL x509 -req -in $userCSR -CA $rootCA -CAkey $rootCAKey -days $JCR_USER_CERT_VALIDITY_DAYS -CAcreateserial -passin pass:$($env:certKeyPassword) -out $userCert -extfile $ExtensionPath"
+                Invoke-Expression "$JCR_OPENSSL x509 -req -in `"$userCsr`" -CA `"$rootCA`" -CAkey `"$rootCAKey`" -days $JCR_USER_CERT_VALIDITY_DAYS -CAcreateserial -passin pass:$($env:certKeyPassword) -out `"$userCert`" -extfile `"$ExtensionPath`""
 
                 # Combine key and cert to create pfx file
-                Invoke-Expression "$JCR_OPENSSL pkcs12 -export -out $userPfx -inkey $userKey -in $userCert -inkey $userKey -passout pass:$($JCR_USER_CERT_PASS) -legacy"
+                Invoke-Expression "$JCR_OPENSSL pkcs12 -export -out `"$userPfx`" -inkey `"$userKey`" -in `"$userCert`" -inkey `"$userKey`" -passout pass:$($JCR_USER_CERT_PASS) -legacy"
                 # Output
-                Invoke-Expression "$JCR_OPENSSL x509 -noout -text -in $userCert"
-                # invoke-expression "$JCR_OPENSSL pkcs12 -clcerts -nokeys -in $userPfx -passin pass:$($JCR_USER_CERT_PASS)"
+                Invoke-Expression "$JCR_OPENSSL x509 -noout -text -in `"$userCert`""
+                # invoke-expression "$JCR_OPENSSL pkcs12 -clcerts -nokeys -in `"$userPfx`" -passin pass:$($JCR_USER_CERT_PASS)"
             }
         }
 
     }
     end {
         # Clean Up User Certs Directory remove non .crt files
-        # $userCertFiles = Get-ChildItem -Path "$JCScriptRoot/UserCerts"
-        # $userCertFiles | Where-Object { $_.Name -notmatch ".pfx" } | ForEach-Object {
+        # `"$userCert`"Files = Get-ChildItem -Path "$JCScriptRoot/UserCerts"
+        # `"$userCert`"Files | Where-Object { $_.Name -notmatch ".pfx" } | ForEach-Object {
         #     Remove-Item -path $_.fullname
         # }
 
diff --git a/scripts/automation/Radius/Functions/Private/Settings/New-JCRSettingsFile.ps1 b/scripts/automation/Radius/Functions/Private/Settings/New-JCRSettingsFile.ps1
index c9053f34c..2edef77d6 100644
--- a/scripts/automation/Radius/Functions/Private/Settings/New-JCRSettingsFile.ps1
+++ b/scripts/automation/Radius/Functions/Private/Settings/New-JCRSettingsFile.ps1
@@ -13,6 +13,8 @@ function New-JCRSettingsFile {
         $ModuleRoot = (Get-Item -Path:($global:JCScriptRoot))
         $configFilePath = join-path -path $ModuleRoot -childpath 'settings.json'
 
+    }
+    process {
         # Define Default Settings for the Config file
         $date = Get-Date
         $config = @{
@@ -22,12 +24,6 @@ function New-JCRSettingsFile {
             }
         }
     }
-
-    process {
-        # if creating the settings file for the first time, update global vars; lastupdate date
-        Get-JCRGlobalVars -force
-    }
-
     end {
         if ((test-path -Path $configFilePath) -And ($force)) {
             $config | ConvertTo-Json | Out-File -FilePath $configFilePath
diff --git a/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1 b/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1
index 8ecee1e5f..8ed427366 100644
--- a/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1
+++ b/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1
@@ -66,9 +66,9 @@ Function Start-GenerateRootCert {
     }
     # Save the pass phrase in the env:
     $env:certKeyPassword = $certKeyPass
-    Invoke-Expression "$JCR_OPENSSL req -x509 -newkey rsa:2048 -days 365 -keyout $outKey -out $outCA -passout pass:$($env:certKeyPassword) -subj /C=$($JCR_SUBJECT_HEADERS.countryCode)/ST=$($JCR_SUBJECT_HEADERS.stateCode)/L=$($JCR_SUBJECT_HEADERS.Locality)/O=$($JCR_SUBJECT_HEADERS.Organization)/OU=$($JCR_SUBJECT_HEADERS.OrganizationUnit)/CN=$($JCR_SUBJECT_HEADERS.CommonName)"
+    Invoke-Expression "$JCR_OPENSSL req -x509 -newkey rsa:2048 -days 365 -keyout `"$outKey`" -out `"$outCA`" -passout pass:$($env:certKeyPassword) -subj /C=$($JCR_SUBJECT_HEADERS.countryCode)/ST=$($JCR_SUBJECT_HEADERS.stateCode)/L=$($JCR_SUBJECT_HEADERS.Locality)/O=$($JCR_SUBJECT_HEADERS.Organization)/OU=$($JCR_SUBJECT_HEADERS.OrganizationUnit)/CN=$($JCR_SUBJECT_HEADERS.CommonName)"
     # REM PEM pass phrase: myorgpass
-    Invoke-Expression "$JCR_OPENSSL x509 -in $outCA -noout -text"
+    Invoke-Expression "$JCR_OPENSSL x509 -in `"$outCA`" -noout -text"
     # openssl x509 -in ca-cert.pem -noout -text
     # Update Extensions Distinguished Names:
     $exts = Get-ChildItem -Path "$JCScriptRoot/Extensions"

From c85f8515ff2c61bb3484af69317ec5da39e0aada Mon Sep 17 00:00:00 2001
From: Joe Workman <54448601+jworkmanjc@users.noreply.github.com>
Date: Fri, 1 Mar 2024 11:24:57 -0700
Subject: [PATCH 044/346] Update Invoke-UserCertProcess.ps1

---
 .../Private/CertGeneration/Invoke-UserCertProcess.ps1         | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Private/CertGeneration/Invoke-UserCertProcess.ps1 b/scripts/automation/Radius/Functions/Private/CertGeneration/Invoke-UserCertProcess.ps1
index 939f203b3..bb0612d66 100644
--- a/scripts/automation/Radius/Functions/Private/CertGeneration/Invoke-UserCertProcess.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertGeneration/Invoke-UserCertProcess.ps1
@@ -78,7 +78,7 @@ Function Invoke-UserCertProcess {
     process {
         # if writeCert, generate the cert
         if ($writeCert) {
-            Generate-UserCert -CertType $JCR_CERT_TYPE -user $MatchedUser -rootCAKey "$JCScriptRoot/Cert/radius_ca_key.pem" -rootCA "$JCScriptRoot/Cert/radius_ca_cert.pem" *> /dev/null
+            Generate-UserCert -CertType $JCR_CERT_TYPE -user $MatchedUser -rootCAKey "$JCScriptRoot/Cert/radius_ca_key.pem" -rootCA "$JCScriptRoot/Cert/radius_ca_cert.pem" 2>&1 | out-null
             # validate that the cert was written correctly:
             #TODO: validate and return as variable
 
@@ -118,4 +118,4 @@ Function Invoke-UserCertProcess {
 
         return $resultTable
     }
-}
\ No newline at end of file
+}

From fbd130b8e8b3b80d64c6c1e44a90b30ee8ecb869 Mon Sep 17 00:00:00 2001
From: Joe Workman <54448601+jworkmanjc@users.noreply.github.com>
Date: Wed, 17 Apr 2024 09:39:19 -0600
Subject: [PATCH 045/346] Update JumpCloud-Radius.psm1

---
 scripts/automation/Radius/JumpCloud-Radius.psm1 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/automation/Radius/JumpCloud-Radius.psm1 b/scripts/automation/Radius/JumpCloud-Radius.psm1
index 5612e8391..2ec241952 100644
--- a/scripts/automation/Radius/JumpCloud-Radius.psm1
+++ b/scripts/automation/Radius/JumpCloud-Radius.psm1
@@ -29,7 +29,7 @@ $global:JCScriptRoot = "$PSScriptRoot"
 $global:JCRConfig = Get-JCRSettingsFile
 
 # Set expire warning days:
-$global:JCR_WarningDays = (Get-Date).AddDays($JCR_USER_CERT_EXPIRE_WARNING_DAYS
+$global:JCR_WarningDays = (Get-Date).AddDays(-$JCR_USER_CERT_EXPIRE_WARNING_DAYS
 ).Date
 
 # Get global variables or update if necessary

From 5c8eb66599157b683e9e7c3969b153bbb55f7dff Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 17 Apr 2024 12:45:00 -0600
Subject: [PATCH 046/346] fix expire notification warning

---
 .../CertDeployment/Get-ExpiringCertInfo.ps1   | 21 ++++++++++++++++++-
 .../Private/Menus/Show-RadiusMainMenu.ps1     |  4 ++--
 .../Public/Start-GenerateUserCerts.ps1        |  4 ++--
 .../automation/Radius/JumpCloud-Radius.psm1   |  4 ----
 .../Public/Start-GenerateUserCerts.Tests.ps1  |  4 ++--
 5 files changed, 26 insertions(+), 11 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Private/CertDeployment/Get-ExpiringCertInfo.ps1 b/scripts/automation/Radius/Functions/Private/CertDeployment/Get-ExpiringCertInfo.ps1
index 96229d877..5821320a0 100644
--- a/scripts/automation/Radius/Functions/Private/CertDeployment/Get-ExpiringCertInfo.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertDeployment/Get-ExpiringCertInfo.ps1
@@ -1,11 +1,30 @@
 function Get-ExpiringCertInfo {
     param (
+        # array of certificates
+        [Parameter(Mandatory)]
+        [System.Object]
         $certInfo,
+        [Parameter(Mandatory)]
+        [System.Int32]
         $cutoffDate
     )
+    begin {
+        $expiringCerts = New-Object System.Collections.ArrayList
+        $currentTime = Get-Date
+    }
     process {
-        $expiringCerts = $certInfo | Where-Object -Property notAfter -LT $cutoffDate
+        foreach ($cert in $certInfo) {
+            $certTimespan = New-Timespan -Start $currentTime -End $cert.notAfter
+            # $cert
+            if ($certTimespan.days -lt 15) {
+                Write-Debug "$($cert.userName)'s certificate will expire in $($certTimespan.Days) days"
+                $expiringCerts.add($cert) | Out-Null
+            } else {
+                Write-Debug "$($cert.userName)'s certificate will expire in $($certTimespan.Days) days"
+            }
+        }
     }
+
     end {
         return $expiringCerts
     }
diff --git a/scripts/automation/Radius/Functions/Private/Menus/Show-RadiusMainMenu.ps1 b/scripts/automation/Radius/Functions/Private/Menus/Show-RadiusMainMenu.ps1
index 3dc73e16f..cda36bc57 100644
--- a/scripts/automation/Radius/Functions/Private/Menus/Show-RadiusMainMenu.ps1
+++ b/scripts/automation/Radius/Functions/Private/Menus/Show-RadiusMainMenu.ps1
@@ -7,7 +7,7 @@ function Show-RadiusMainMenu {
     $userCertInfo = Get-CertInfo -UserCerts
 
     # Find all certs that will expire between current date and cut off date
-    $Global:expiringCerts = Get-ExpiringCertInfo -certInfo $userCertInfo -cutoffDate $JCR_WarningDays
+    $Global:expiringCerts = Get-ExpiringCertInfo -certInfo $userCertInfo -cutoffDate $Global:JCR_USER_CERT_EXPIRE_WARNING_DAYS
 
     # Get UserGroup information from Config.ps1
     $radiusUserGroup = Get-JcSdkUserGroup -Id $Global:JCR_USER_GROUP | Select-Object Name
@@ -33,7 +33,7 @@ function Show-RadiusMainMenu {
         Write-Host $(PadCenter -string "Root CA Expiration: $($rootCAInfo.notAfter)`n" -char ' ') -ForegroundColor Green
     }
     if ($Global:expiringCerts) {
-        Write-Host $(PadCenter -string "$($($Global:expiringCerts.subject).Count) user certs will expire in 15 days `n" -char ' ') -ForegroundColor Red
+        Write-Host $(PadCenter -string "$($Global:expiringCerts.Count) user certs will expire in 15 days `n" -char ' ') -ForegroundColor Red
     }
     Write-Host $(PadCenter -string " Details " -char '-')
     # /==== ROOT CA ====
diff --git a/scripts/automation/Radius/Functions/Public/Start-GenerateUserCerts.ps1 b/scripts/automation/Radius/Functions/Public/Start-GenerateUserCerts.ps1
index 811e32da2..4317c2f39 100644
--- a/scripts/automation/Radius/Functions/Public/Start-GenerateUserCerts.ps1
+++ b/scripts/automation/Radius/Functions/Public/Start-GenerateUserCerts.ps1
@@ -185,7 +185,7 @@ function Start-GenerateUserCerts {
                 # recalculate expiring certs:
                 $userCertInfo = Get-CertInfo -UserCerts
                 # Get expiring certs:
-                $Global:expiringCerts = Get-ExpiringCertInfo -certInfo $userCertInfo -cutoffDate $JCR_WarningDays
+                $Global:expiringCerts = Get-ExpiringCertInfo -certInfo $userCertInfo -cutoffDate $Global:JCR_USER_CERT_EXPIRE_WARNING_DAYS
                 for ($i = 0; $i -lt $ExpiringCerts.Count; $i++) {
                     $userCert = $ExpiringCerts[$i]
                     <# Action that will repeat until the condition is met #>
@@ -197,7 +197,7 @@ function Start-GenerateUserCerts {
                     # recalculate expiring certs:
                     $userCertInfo = Get-CertInfo -UserCerts
                 }
-                $Global:expiringCerts = Get-ExpiringCertInfo -certInfo $userCertInfo -cutoffDate $JCR_WarningDays
+                $Global:expiringCerts = Get-ExpiringCertInfo -certInfo $userCertInfo -cutoffDate $Global:JCR_USER_CERT_EXPIRE_WARNING_DAYS
                 switch ($PSCmdlet.ParameterSetName) {
                     'gui' {
                         Show-StatusMessage -Message "Finished Generating Certificates"
diff --git a/scripts/automation/Radius/JumpCloud-Radius.psm1 b/scripts/automation/Radius/JumpCloud-Radius.psm1
index 2ec241952..c07650b89 100644
--- a/scripts/automation/Radius/JumpCloud-Radius.psm1
+++ b/scripts/automation/Radius/JumpCloud-Radius.psm1
@@ -28,9 +28,5 @@ $global:JCScriptRoot = "$PSScriptRoot"
 # try to get the settings file, create new one if it does not exist:
 $global:JCRConfig = Get-JCRSettingsFile
 
-# Set expire warning days:
-$global:JCR_WarningDays = (Get-Date).AddDays(-$JCR_USER_CERT_EXPIRE_WARNING_DAYS
-).Date
-
 # Get global variables or update if necessary
 Get-JCRGlobalVars
diff --git a/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1
index dc1b282c0..a1dbc8204 100644
--- a/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1
@@ -96,7 +96,7 @@ Describe 'Generate User Cert Tests' -Tag "GenerateUserCerts" {
             $userCertInfo = Get-CertInfo -UserCerts
             # Determine cut off date for expiring certs
             # Find all certs that will expire between current date and cut off date
-            $Global:expiringCerts = Get-ExpiringCertInfo -certInfo $userCertInfo -cutoffDate $JCR_WarningDays
+            $Global:expiringCerts = Get-ExpiringCertInfo -certInfo $userCertInfo -cutoffDate $Global:JCR_USER_CERT_EXPIRE_WARNING_DAYS
 
         }
         It 'Certs that are set to expire soon can be updated' {
@@ -115,7 +115,7 @@ Describe 'Generate User Cert Tests' -Tag "GenerateUserCerts" {
             Start-GenerateUserCerts -type ExpiringSoon -forceReplaceCerts
             # Update Global Expiring list:
             $userCertInfo = Get-CertInfo -UserCerts
-            $Global:expiringCerts = Get-ExpiringCertInfo -certInfo $userCertInfo -cutoffDate $JCR_WarningDays
+            $Global:expiringCerts = Get-ExpiringCertInfo -certInfo $userCertInfo -cutoffDate $Global:JCR_USER_CERT_EXPIRE_WARNING_DAYS
             # there should be no more certs left in the expiring cert var
             $Global:expiringCerts | Should -BeNullOrEmpty
             # Get the certs after generation minus the .zip if it exists

From 57069f9437697a4e9f242381c01e9ff663e63bb6 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 1 May 2024 19:49:07 -0600
Subject: [PATCH 047/346] missing $

---
 .../Private/CertDeployment/Deploy-UserCertificate.ps1         | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1 b/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
index 11d50f229..cfb806f78 100644
--- a/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
@@ -253,7 +253,7 @@ fi
                         $Command = Get-JCCommand -name "RadiusCert-Install:$($user.userName):MacOSX"
                         $systemIds | ForEach-Object { Set-JcSdkCommandAssociation -CommandId:("$($Command._id)") -Op 'add' -Type:('system') -Id:("$($_.systemId)") | Out-Null }
                     } catch {
-                        status_commandGenerated = $false
+                        $status_commandGenerated = $false
                         # throw $_
                     }
 
@@ -399,7 +399,7 @@ if (`$CurrentUser -eq "$($user.localUsername)") {
                         $Command = Get-JCCommand -name "RadiusCert-Install:$($user.userName):Windows"
                         $systemIds | ForEach-Object { Set-JcSdkCommandAssociation -CommandId:("$($Command._id)") -Op 'add' -Type:('system') -Id:("$($_.systemId)") | Out-Null }
                     } catch {
-                        status_commandGenerated = $false
+                        $status_commandGenerated = $false
                         # throw $_
                     }
 

From 2e9e6ea4cb7b61d1547e62a791eb9aeb89e448da Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Thu, 2 May 2024 10:09:29 -0600
Subject: [PATCH 048/346] EmailSAN fix; rootCA cert var; try/catch for expiring
 certs

---
 scripts/automation/Radius/Config.ps1                      | 8 +++++---
 .../Private/CertGeneration/Generate-UserCert.ps1          | 4 ++--
 .../Functions/Private/Menus/Show-RadiusMainMenu.ps1       | 6 +++++-
 .../Radius/Functions/Public/Start-GenerateRootCert.ps1    | 2 +-
 4 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/scripts/automation/Radius/Config.ps1 b/scripts/automation/Radius/Config.ps1
index 346610ca1..0b2d145b4 100644
--- a/scripts/automation/Radius/Config.ps1
+++ b/scripts/automation/Radius/Config.ps1
@@ -2,9 +2,11 @@
 $Global:JCR_USER_GROUP = 'your_radius_user_group'
 # USER CERT PASSWORD (this password is sent to the devices via JumpCloud Commands)
 $Global:JCR_USER_CERT_PASS = 'secret1234!'
-# USER CERT Validity Length (days)
-$Global:JCR_USER_CERT_VALIDITY_DAYS = 90
-# Days until cert expire warning length (default: 15)
+# USER CERT Validity Length (days) (default 1 year)
+$Global:JCR_USER_CERT_VALIDITY_DAYS = 365
+# ROOT CERT Validity Length (days) (default 3 years)
+$Global:JCR_ROOT_CERT_VALIDITY_DAYS = 1095
+# Days until cert expire warning length (default: 15 days)
 # The tool will display certs that are set to expire if the expiration date is
 # within this number of days
 $Global:JCR_USER_CERT_EXPIRE_WARNING_DAYS = 15
diff --git a/scripts/automation/Radius/Functions/Private/CertGeneration/Generate-UserCert.ps1 b/scripts/automation/Radius/Functions/Private/CertGeneration/Generate-UserCert.ps1
index 2767ef5d7..3b60ed2f2 100644
--- a/scripts/automation/Radius/Functions/Private/CertGeneration/Generate-UserCert.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertGeneration/Generate-UserCert.ps1
@@ -44,8 +44,8 @@ function Generate-UserCert {
         switch ($certType) {
             'EmailSAN' {
                 # replace extension subjectAltName
-                $extContent = Get-Content -Path `"$ExtensionPath`" -Raw
-                $extContent -replace ("subjectAltName.*", "subjectAltName = email:$($user.email)") | Set-Content -Path `"$ExtensionPath`" -NoNewline -Force
+                $extContent = Get-Content -Path $ExtensionPath -Raw
+                $extContent -replace ("subjectAltName.*", "subjectAltName = email:$($user.email)") | Set-Content -Path $ExtensionPath -NoNewline -Force
                 # Get CSR & Key
                 Write-Host "[status] Get CSR & Key"
                 Invoke-Expression "$JCR_OPENSSL req -newkey rsa:2048 -nodes -keyout `"$userKey`" -subj `"/C=$($JCR_SUBJECT_HEADERS.countryCode)/ST=$($JCR_SUBJECT_HEADERS.stateCode)/L=$($JCR_SUBJECT_HEADERS.Locality)/O=$($JCORGID)/OU=$($JCR_SUBJECT_HEADERS.OrganizationUnit)`" -out `"$userCsr`""
diff --git a/scripts/automation/Radius/Functions/Private/Menus/Show-RadiusMainMenu.ps1 b/scripts/automation/Radius/Functions/Private/Menus/Show-RadiusMainMenu.ps1
index cda36bc57..1a227e991 100644
--- a/scripts/automation/Radius/Functions/Private/Menus/Show-RadiusMainMenu.ps1
+++ b/scripts/automation/Radius/Functions/Private/Menus/Show-RadiusMainMenu.ps1
@@ -7,7 +7,11 @@ function Show-RadiusMainMenu {
     $userCertInfo = Get-CertInfo -UserCerts
 
     # Find all certs that will expire between current date and cut off date
-    $Global:expiringCerts = Get-ExpiringCertInfo -certInfo $userCertInfo -cutoffDate $Global:JCR_USER_CERT_EXPIRE_WARNING_DAYS
+    try {
+        $Global:expiringCerts = Get-ExpiringCertInfo -certInfo $userCertInfo -cutoffDate $Global:JCR_USER_CERT_EXPIRE_WARNING_DAYS
+    } catch {
+        Write-Debug "No user certs exist, there are no user certs which will expire soon"
+    }
 
     # Get UserGroup information from Config.ps1
     $radiusUserGroup = Get-JcSdkUserGroup -Id $Global:JCR_USER_GROUP | Select-Object Name
diff --git a/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1 b/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1
index 8ed427366..6922dc4db 100644
--- a/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1
+++ b/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1
@@ -66,7 +66,7 @@ Function Start-GenerateRootCert {
     }
     # Save the pass phrase in the env:
     $env:certKeyPassword = $certKeyPass
-    Invoke-Expression "$JCR_OPENSSL req -x509 -newkey rsa:2048 -days 365 -keyout `"$outKey`" -out `"$outCA`" -passout pass:$($env:certKeyPassword) -subj /C=$($JCR_SUBJECT_HEADERS.countryCode)/ST=$($JCR_SUBJECT_HEADERS.stateCode)/L=$($JCR_SUBJECT_HEADERS.Locality)/O=$($JCR_SUBJECT_HEADERS.Organization)/OU=$($JCR_SUBJECT_HEADERS.OrganizationUnit)/CN=$($JCR_SUBJECT_HEADERS.CommonName)"
+    Invoke-Expression "$JCR_OPENSSL req -x509 -newkey rsa:2048 -days $JCR_ROOT_CERT_VALIDITY_DAYS -keyout `"$outKey`" -out `"$outCA`" -passout pass:$($env:certKeyPassword) -subj /C=$($JCR_SUBJECT_HEADERS.countryCode)/ST=$($JCR_SUBJECT_HEADERS.stateCode)/L=$($JCR_SUBJECT_HEADERS.Locality)/O=$($JCR_SUBJECT_HEADERS.Organization)/OU=$($JCR_SUBJECT_HEADERS.OrganizationUnit)/CN=$($JCR_SUBJECT_HEADERS.CommonName)"
     # REM PEM pass phrase: myorgpass
     Invoke-Expression "$JCR_OPENSSL x509 -in `"$outCA`" -noout -text"
     # openssl x509 -in ca-cert.pem -noout -text

From 0c5a660cee9ba56021f977b7c5054e8c5d763b6c Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Thu, 2 May 2024 10:21:33 -0600
Subject: [PATCH 049/346] mac/ windows Last Update Time display/ message

---
 .../Radius/Functions/Private/Menus/Show-RadiusMainMenu.ps1 | 6 +++++-
 .../Radius/Functions/Public/Get-JCRGlobalVars.ps1          | 7 ++++++-
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Private/Menus/Show-RadiusMainMenu.ps1 b/scripts/automation/Radius/Functions/Private/Menus/Show-RadiusMainMenu.ps1
index 1a227e991..c5ab5e7a7 100644
--- a/scripts/automation/Radius/Functions/Private/Menus/Show-RadiusMainMenu.ps1
+++ b/scripts/automation/Radius/Functions/Private/Menus/Show-RadiusMainMenu.ps1
@@ -46,7 +46,11 @@ function Show-RadiusMainMenu {
     Write-Host $(PadCenter -string "Radius User Group: $($radiusUserGroup.Name)" -char " ") -ForegroundColor Green
     Write-Host $(PadCenter -string "Total Radius Users: $($radiusUserGroupMemberCount)" -char " ") -ForegroundColor Green
     Write-Host $(PadCenter -string "Radius SSID(s): $radiusSSID" -char " ") -ForegroundColor Green
-    Write-Host $(PadCenter -string "Last Updated User/System Data: $($Global:JCRConfig.globalVars.lastupdate)" -char " ") -ForegroundColor Green
+    if ($IsMacOS){
+        Write-Host $(PadCenter -string "Last Updated User/System Data: $($Global:JCRConfig.globalVars.lastupdate)" -char " ") -ForegroundColor Green
+    } If ($isWindows){
+        Write-Host $(PadCenter -string "Last Updated User/System Data: $($Global:JCRConfig.globalVars.lastupdate.value)" -char " ") -ForegroundColor Green
+    }
     # Write-Host "`n"
     # if ($radiusSSID.count -gt 1) {
     #     Write-Host $(PadCenter -string "Radius SSIDs:" -char " ") -ForegroundColor Green
diff --git a/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1 b/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
index 5260e5f77..066ee170a 100644
--- a/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
+++ b/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
@@ -16,7 +16,12 @@ function Get-JCRGlobalVars {
         }
 
         # get settings file
-        $lastUpdateTimespan = New-TimeSpan -Start $global:JCRConfig.globalvars.lastupdate -end (Get-Date)
+        if ($IsMacOS){
+            $lastUpdateTimespan = New-TimeSpan -Start $global:JCRConfig.globalvars.lastupdate -end (Get-Date)
+        }
+        if ($ifWindows){
+            $lastUpdateTimespan = New-TimeSpan -Start $global:JCRConfig.globalvars.lastupdate.value -end (Get-Date)
+        }
         if ($lastUpdateTimespan.TotalHours -gt 24) {
             $update = $true
             $updateAssociation = $true

From ca2eecd8e9e5013ab194d59b1a9d67a7e150c545 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Thu, 2 May 2024 10:22:07 -0600
Subject: [PATCH 050/346] unnecessary legacy.dll messaging

---
 scripts/automation/Radius/Config.ps1 | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/scripts/automation/Radius/Config.ps1 b/scripts/automation/Radius/Config.ps1
index 0b2d145b4..6f70254a2 100644
--- a/scripts/automation/Radius/Config.ps1
+++ b/scripts/automation/Radius/Config.ps1
@@ -75,9 +75,7 @@ function Get-OpenSSLVersion {
             # If env variable exists, skip check for subsequent runs of ./config.ps1
             if ($env:OPENSSL_MODULES) {
                 $binItems = Get-ChildItem -Path $env:OPENSSL_MODULES
-                if ("legacy.dll" -in $binItems.Name) {
-                    Write-Host "legacy.dll module set through environment variable"
-                } else {
+                if ("legacy.dll" -notin $binItems.Name) {
                     Throw "The required OpenSSL 'legacy.dll' file was not found in the bin path $PathDirectory. This is required to create certificates. `nIf this module file is located elsewhere, you may specify the path to that directory in this powershell session using this command: '`$env:OPENSSL_MODULES = C:/Path/To/Directory' "
                 }
             } else {

From 4e228df9d1e16c56f4ab249c681c48c4102a2378 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 29 May 2024 15:28:25 -0600
Subject: [PATCH 051/346] track user certificates using system insight filters

---
 .../CertDeployment/Deploy-UserCertificate.ps1 | 18 +++++++--
 .../Private/CertResults/Get-CertBySHA.ps1     | 39 +++++++++++++++++++
 .../DeploymentTable/New-DeploymentTable.ps1   | 30 ++++++++++++++
 .../Private/Settings/Update-JCRUsersJson.ps1  |  8 ++--
 .../Private/UserTable/Set-UserTable.ps1       | 11 +++++-
 5 files changed, 98 insertions(+), 8 deletions(-)
 create mode 100644 scripts/automation/Radius/Functions/Private/CertResults/Get-CertBySHA.ps1
 create mode 100644 scripts/automation/Radius/Functions/Private/DeploymentTable/New-DeploymentTable.ps1

diff --git a/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1 b/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
index cfb806f78..98a2561c6 100644
--- a/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
@@ -98,7 +98,13 @@ function Deploy-UserCertificate {
                 'macOS' {
                     # Get the macOS system ids
                     $systemIds = $user.systemAssociations | Where-Object { $_.osFamily -eq 'macOS' } | Select-Object systemId
-
+                    # If the certificate is already on the device, no need to process the command
+                    $systemIds = $systemIds | Where-Object { $_.systemId -notin $user.deploymentInfo.SystemId }
+                    # If there are no systemIds to process, skip generating the command:
+                    if ($systemIds.count -eq 0) {
+                        Write-Warning "There are no remaining macOS systems for $($user.username)'s cert to be installed on"
+                        continue
+                    }
                     # Check to see if previous commands exist
                     $Command = Get-JCCommand -name "RadiusCert-Install:$($user.userName):MacOSX"
 
@@ -274,7 +280,13 @@ fi
                 'windows' {
                     # Get the Windows system ids
                     $systemIds = $user.systemAssociations | Where-Object { $_.osFamily -eq 'windows' } | Select-Object systemId
-
+                    # If the certificate is already on the device, no need to process the command
+                    $systemIds = $systemIds | Where-Object { $_.systemId -notin $user.deploymentInfo.SystemId }
+                    # If there are no systemIds to process, skip generating the command:
+                    if ($systemIds.count -eq 0) {
+                        Write-Warning "There are no remaining windows systems for $($user.username)'s cert to be installed on"
+                        continue
+                    }
                     # Check to see if previous commands exist
                     $Command = Get-JCCommand -name "RadiusCert-Install:$($user.userName):Windows"
 
@@ -477,4 +489,4 @@ if (`$CurrentUser -eq "$($user.localUsername)") {
 
         return $resultTable
     }
-}
\ No newline at end of file
+}
diff --git a/scripts/automation/Radius/Functions/Private/CertResults/Get-CertBySHA.ps1 b/scripts/automation/Radius/Functions/Private/CertResults/Get-CertBySHA.ps1
new file mode 100644
index 000000000..d5aa0e0c3
--- /dev/null
+++ b/scripts/automation/Radius/Functions/Private/CertResults/Get-CertBySHA.ps1
@@ -0,0 +1,39 @@
+
+
+function Get-CertBySHA {
+    [CmdletBinding()]
+    param (
+        [Parameter()]
+        [string]
+        $sha1,
+    )
+
+    begin {
+        # define list
+        $list = New-Object System.Collections.ArrayList
+
+
+    }
+
+    process {
+        # for macOS certs search
+        $macCertResultList = Get-JcSdkSystemInsightCertificate -Filter "sha1:eq:$sha1"
+        # for windows certs search with uppercase:
+        $windowsCertResultList = Get-JcSdkSystemInsightCertificate -Filter "sha1:eq:$($sha1.toUpper())"
+        foreach ($cert in $macCertResultList) {
+            $list.Add($cert) | Out-Null
+        }
+        foreach ($cert in $windowsCertResultList | Where-Object { $_.StoreId -notmatch "_Classes" }) {
+            $list.Add($cert) | Out-Null
+        }
+        if ($list) {
+            $userDeploymentTable = New-DeploymentTable -resultList $list
+        }
+
+    }
+
+    end {
+        return $userDeploymentTable
+
+    }
+}
\ No newline at end of file
diff --git a/scripts/automation/Radius/Functions/Private/DeploymentTable/New-DeploymentTable.ps1 b/scripts/automation/Radius/Functions/Private/DeploymentTable/New-DeploymentTable.ps1
new file mode 100644
index 000000000..38761c19f
--- /dev/null
+++ b/scripts/automation/Radius/Functions/Private/DeploymentTable/New-DeploymentTable.ps1
@@ -0,0 +1,30 @@
+function New-DeploymentTable {
+    [CmdletBinding()]
+    param (
+        [Parameter()]
+        [System.object[]]
+        $resultList
+    )
+    begin {
+        $results = New-Object System.Collections.ArrayList
+    }
+    process {
+        # Get User to System Associations:
+        foreach ($system in $resultList) {
+            $DeploymentTable = [PSCustomObject]@{
+                systemId   = $system.systemId
+                subject    = $system.Subject
+                commonName = $system.CommonName
+                issuer     = $system.Issuer
+                sha1       = $($system.sha1).toLower()
+                serial     = $system.Serial
+                path       = $system.path
+            }
+            $results.Add($DeploymentTable) | Out-Null
+        }
+
+    }
+    end {
+        return $results
+    }
+}
\ No newline at end of file
diff --git a/scripts/automation/Radius/Functions/Private/Settings/Update-JCRUsersJson.ps1 b/scripts/automation/Radius/Functions/Private/Settings/Update-JCRUsersJson.ps1
index 0ca77e37f..59d098414 100644
--- a/scripts/automation/Radius/Functions/Private/Settings/Update-JCRUsersJson.ps1
+++ b/scripts/automation/Radius/Functions/Private/Settings/Update-JCRUsersJson.ps1
@@ -13,6 +13,7 @@ function Update-JCRUsersJson {
         foreach ($user in $Global:JCRRadiusMembers) {
             $MatchedUser = $GLOBAL:JCRUsers[$user.userID]
             $userArrayObject, $userIndex = Get-UserFromTable -userID $user.userID
+            $InstalledCerts = Get-CertBySHA -sha1 $userArrayObject.certInfo.sha1 -userId $user.userID
 
             if ($userIndex -ge 0) {
                 # $userArrayObject
@@ -33,14 +34,14 @@ function Update-JCRUsersJson {
                 try {
                     if ($currentSystemObject -eq $null) {
                         $difference = $incomingList
-                        Set-UserTable -index $userIndex -username $MatchedUser.username -localUsername $MatchedUser.systemUsername -systemAssociationsObject ($incomingList)
+                        Set-UserTable -index $userIndex -username $MatchedUser.username -localUsername $MatchedUser.systemUsername -systemAssociationsObject ($incomingList) -deploymentObject $InstalledCerts
                     } else {
                         # write-host "test for differences"
                         if ($currentSystemObject -eq $incomingList) {
                             # write-host "nothing to do"
                         } else {
                             # write-host "writing user to do"
-                            Set-UserTable -index $userIndex -username $MatchedUser.username -localUsername $MatchedUser.systemUsername -systemAssociationsObject ($incomingList)
+                            Set-UserTable -index $userIndex -username $MatchedUser.username -localUsername $MatchedUser.systemUsername -systemAssociationsObject ($incomingList) -deploymentObject $InstalledCerts
                         }
                     }
                 } catch {
@@ -52,9 +53,8 @@ function Update-JCRUsersJson {
                 # case for new user
                 New-UserTable -id $user.userID -username $MatchedUser.username -localUsername $matchedUser.systemUsername
             }
-
         }
-        # lastly validate users that should no longer be recorded:
+        # validate users that should no longer be recorded:
         $userArray = Get-UserJsonData
         foreach ($user in $userArray) {
             # If userID from users.json is no longer in RadiusMembers.keys, then:
diff --git a/scripts/automation/Radius/Functions/Private/UserTable/Set-UserTable.ps1 b/scripts/automation/Radius/Functions/Private/UserTable/Set-UserTable.ps1
index e4ff3bf39..dbc063873 100644
--- a/scripts/automation/Radius/Functions/Private/UserTable/Set-UserTable.ps1
+++ b/scripts/automation/Radius/Functions/Private/UserTable/Set-UserTable.ps1
@@ -21,7 +21,10 @@ function Set-UserTable {
         $commandAssociationsObject,
         [Parameter()]
         [System.Object]
-        $certInfoObject
+        $certInfoObject,
+        [Parameter()]
+        [System.Object]
+        $deploymentObject
     )
     begin {
         # Get User Array:
@@ -57,6 +60,11 @@ function Set-UserTable {
         } else {
             $certInfo = $userObject.certInfo
         }
+        if ($deploymentObject) {
+            $deploymentInfo = $deploymentObject
+        } else {
+            $deploymentInfo = $userObject.deploymentInfo
+        }
     }
     process {
         # build the userTable object
@@ -67,6 +75,7 @@ function Set-UserTable {
             systemAssociations  = $systemAssociationsInfo
             commandAssociations = $commandAssociationsInfo
             certInfo            = $certInfo
+            deploymentInfo      = $deploymentInfo
         }
         # set the user table to new object
         $userArray[$userIndex] = $userTable

From f4f3972663c3e34982c59e20c15257e66ae1999a Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 29 May 2024 15:50:09 -0600
Subject: [PATCH 052/346] only path and systemID in table

---
 .../Functions/Private/CertResults/Get-CertBySHA.ps1      | 2 +-
 .../Private/DeploymentTable/New-DeploymentTable.ps1      | 9 ++-------
 .../Functions/Private/Settings/Update-JCRUsersJson.ps1   | 2 +-
 3 files changed, 4 insertions(+), 9 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Private/CertResults/Get-CertBySHA.ps1 b/scripts/automation/Radius/Functions/Private/CertResults/Get-CertBySHA.ps1
index d5aa0e0c3..69addef4c 100644
--- a/scripts/automation/Radius/Functions/Private/CertResults/Get-CertBySHA.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertResults/Get-CertBySHA.ps1
@@ -5,7 +5,7 @@ function Get-CertBySHA {
     param (
         [Parameter()]
         [string]
-        $sha1,
+        $sha1
     )
 
     begin {
diff --git a/scripts/automation/Radius/Functions/Private/DeploymentTable/New-DeploymentTable.ps1 b/scripts/automation/Radius/Functions/Private/DeploymentTable/New-DeploymentTable.ps1
index 38761c19f..5dc73b05f 100644
--- a/scripts/automation/Radius/Functions/Private/DeploymentTable/New-DeploymentTable.ps1
+++ b/scripts/automation/Radius/Functions/Private/DeploymentTable/New-DeploymentTable.ps1
@@ -12,13 +12,8 @@ function New-DeploymentTable {
         # Get User to System Associations:
         foreach ($system in $resultList) {
             $DeploymentTable = [PSCustomObject]@{
-                systemId   = $system.systemId
-                subject    = $system.Subject
-                commonName = $system.CommonName
-                issuer     = $system.Issuer
-                sha1       = $($system.sha1).toLower()
-                serial     = $system.Serial
-                path       = $system.path
+                systemId = $system.systemId
+                path     = $system.path
             }
             $results.Add($DeploymentTable) | Out-Null
         }
diff --git a/scripts/automation/Radius/Functions/Private/Settings/Update-JCRUsersJson.ps1 b/scripts/automation/Radius/Functions/Private/Settings/Update-JCRUsersJson.ps1
index 59d098414..f7ce491dc 100644
--- a/scripts/automation/Radius/Functions/Private/Settings/Update-JCRUsersJson.ps1
+++ b/scripts/automation/Radius/Functions/Private/Settings/Update-JCRUsersJson.ps1
@@ -13,7 +13,7 @@ function Update-JCRUsersJson {
         foreach ($user in $Global:JCRRadiusMembers) {
             $MatchedUser = $GLOBAL:JCRUsers[$user.userID]
             $userArrayObject, $userIndex = Get-UserFromTable -userID $user.userID
-            $InstalledCerts = Get-CertBySHA -sha1 $userArrayObject.certInfo.sha1 -userId $user.userID
+            $InstalledCerts = Get-CertBySHA -sha1 $userArrayObject.certInfo.sha1
 
             if ($userIndex -ge 0) {
                 # $userArrayObject

From 9116f72cbf68c9d1470e044a936556d2cf539fa7 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Thu, 30 May 2024 13:10:19 -0600
Subject: [PATCH 053/346] show status by certificate install

---
 .../CertDeployment/Deploy-UserCertificate.ps1 |  2 --
 .../Get-InstalledCertsFromUsersJson.ps1       | 31 +++++++++++++++++++
 .../Private/Menus/Show-CertDeploymentMenu.ps1 |  7 +++--
 .../Public/Start-MonitorCertDeployment.ps1    | 11 +++++--
 4 files changed, 44 insertions(+), 7 deletions(-)
 create mode 100644 scripts/automation/Radius/Functions/Private/Commands/Get-InstalledCertsFromUsersJson.ps1

diff --git a/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1 b/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
index 98a2561c6..c808b9eb7 100644
--- a/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
@@ -102,7 +102,6 @@ function Deploy-UserCertificate {
                     $systemIds = $systemIds | Where-Object { $_.systemId -notin $user.deploymentInfo.SystemId }
                     # If there are no systemIds to process, skip generating the command:
                     if ($systemIds.count -eq 0) {
-                        Write-Warning "There are no remaining macOS systems for $($user.username)'s cert to be installed on"
                         continue
                     }
                     # Check to see if previous commands exist
@@ -284,7 +283,6 @@ fi
                     $systemIds = $systemIds | Where-Object { $_.systemId -notin $user.deploymentInfo.SystemId }
                     # If there are no systemIds to process, skip generating the command:
                     if ($systemIds.count -eq 0) {
-                        Write-Warning "There are no remaining windows systems for $($user.username)'s cert to be installed on"
                         continue
                     }
                     # Check to see if previous commands exist
diff --git a/scripts/automation/Radius/Functions/Private/Commands/Get-InstalledCertsFromUsersJson.ps1 b/scripts/automation/Radius/Functions/Private/Commands/Get-InstalledCertsFromUsersJson.ps1
new file mode 100644
index 000000000..595d5fa95
--- /dev/null
+++ b/scripts/automation/Radius/Functions/Private/Commands/Get-InstalledCertsFromUsersJson.ps1
@@ -0,0 +1,31 @@
+function Get-InstalledCertsFromUsersJson {
+    [CmdletBinding()]
+    param (
+        [Parameter()]
+        [System.Object[]]
+        $userData
+    )
+
+    begin {
+        $CertificateStatus = New-Object System.Collections.ArrayList
+
+    }
+    process {
+        foreach ($user in $userData) {
+
+            $systemTotalCount = $($User.systemAssociations).count
+            $installCount = $($user.deploymentInfo).count
+            $CertificateStatus.add( [PSCustomObject]@{
+                    Username             = $($User.username)
+                    CertificateGenerated = if ($User.certInfo.sha1) { "$([char]0x1b)[92mYes" }
+                    TotalSystems         = $systemTotalCount
+                    InstallStatus        = if ($systemTotalCount -eq 0) { "$([char]0x1b)[91m0/0" } elseif ($installCount -eq $systemTotalCount) { "$([char]0x1b)[92m$installCount/$systemTotalCount" } else { "$([char]0x1b)[93m$installCount/$systemTotalCount" }
+                }
+            ) | Out-Null
+        }
+
+    }
+    end {
+        $CertificateStatus
+    }
+}
\ No newline at end of file
diff --git a/scripts/automation/Radius/Functions/Private/Menus/Show-CertDeploymentMenu.ps1 b/scripts/automation/Radius/Functions/Private/Menus/Show-CertDeploymentMenu.ps1
index d4c1f09db..668eb8a30 100644
--- a/scripts/automation/Radius/Functions/Private/Menus/Show-CertDeploymentMenu.ps1
+++ b/scripts/automation/Radius/Functions/Private/Menus/Show-CertDeploymentMenu.ps1
@@ -7,9 +7,10 @@ function Show-CertDeploymentMenu {
     # ==== instructions ====
     Write-Host $(PadCenter -string ' Certificate Deployment Result Options ' -char '-')
     # List options:
-    Write-Host "1: Press '1' to view results."
-    Write-Host "2: Press '2' to view failed command runs."
-    Write-Host "3: Press '3' to invoke/retry commands."
+    Write-Host "1: Press '1' to view certificate deployment status. `n`t$([char]0x1b)[96mNOTE: This will display every user, their associated devices and which systems have successfully installed the current certificate."
+    Write-Host "2: Press '2' to view command results. `n`t$([char]0x1b)[96mNOTE: This will display all command results and their status"
+    Write-Host "3: Press '3' to view failed command runs. `n`t$([char]0x1b)[96mNOTE: This will display all failed command results and their status messages."
+    Write-Host "4: Press '4' to invoke/retry commands."
     Write-Host "E: Press 'E' to exit."
 
     Write-Host $(PadCenter -string "-" -char '-')
diff --git a/scripts/automation/Radius/Functions/Public/Start-MonitorCertDeployment.ps1 b/scripts/automation/Radius/Functions/Public/Start-MonitorCertDeployment.ps1
index 71770896d..bdc4c1004 100644
--- a/scripts/automation/Radius/Functions/Public/Start-MonitorCertDeployment.ps1
+++ b/scripts/automation/Radius/Functions/Public/Start-MonitorCertDeployment.ps1
@@ -9,18 +9,25 @@ Function Start-MonitorCertDeployment {
     # Define jsonData file
     $jsonFile = "$JCScriptRoot/users.json"
 
+
+
     # Show user selection
     do {
         Show-CertDeploymentMenu
         $option = Read-Host "Please make a selection"
         switch ($option) {
             '1' {
+                $data = Get-UserJsonData
+                $certResults = Get-InstalledCertsFromUsersJson -userData $data
+                $certResults | Format-Table
+                pause
+            } '2' {
                 Get-CommandObjectTable -Detailed -jsonFile $jsonFile
                 Pause
-            } '2' {
+            } '3' {
                 Get-CommandObjectTable -Failed -jsonFile $jsonFile
                 Pause
-            } '3' {
+            } '4' {
                 $retryCommands = Invoke-CommandsRetry
                 Pause
             }

From d224d01ac615ba8cc0092712bc2e6572eee864ae Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Thu, 30 May 2024 14:29:58 -0600
Subject: [PATCH 054/346] null array for system list

---
 .../Functions/Private/Commands/Invoke-CommandByUserId.ps1     | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Private/Commands/Invoke-CommandByUserId.ps1 b/scripts/automation/Radius/Functions/Private/Commands/Invoke-CommandByUserId.ps1
index 08617b731..718d3dc4e 100644
--- a/scripts/automation/Radius/Functions/Private/Commands/Invoke-CommandByUserId.ps1
+++ b/scripts/automation/Radius/Functions/Private/Commands/Invoke-CommandByUserId.ps1
@@ -33,11 +33,11 @@ function Invoke-CommandByUserid {
             $macOSArray.add($system.systemId) | Out-Null
         }
         # invoke commands
-        If ($macOS_commandId) {
+        If ($macOS_commandId -And $macOSArray) {
             $macInvokedCommands = Start-JcSdkCommand -Id $macOS_commandId -SystemIds $macOSArray
         }
 
-        if ($windows_commandId) {
+        if ($windows_commandId -And $windowsArray) {
             $windowsInvokedCommands = Start-JcSdkCommand -Id $windows_commandId -SystemIds $windowsArray
         }
     }

From 549c7457dbf9f257db06be66f474478a7be96606 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Mon, 3 Jun 2024 11:22:53 -0600
Subject: [PATCH 055/346] determine work by certificate

---
 .../CertDeployment/Deploy-UserCertificate.ps1 | 13 +++----
 .../Get-InstalledCertsFromUsersJson.ps1       |  0
 .../Get-SystemsThatNeedCertWork.ps1           | 30 ++++++++++++++++
 .../CertResults/Get-UsersThatNeedCertWork.ps1 | 34 +++++++++++++++++++
 .../Commands/Invoke-CommandByUserId.ps1       |  4 +--
 .../Private/Menus/Show-DistributionMenu.ps1   | 10 ++++--
 .../Private/UserTable/Set-UserTable.ps1       |  2 +-
 .../Public/Start-DeployUserCerts.ps1          |  8 +++--
 8 files changed, 86 insertions(+), 15 deletions(-)
 rename scripts/automation/Radius/Functions/Private/{Commands => CertResults}/Get-InstalledCertsFromUsersJson.ps1 (100%)
 create mode 100644 scripts/automation/Radius/Functions/Private/CertResults/Get-SystemsThatNeedCertWork.ps1
 create mode 100644 scripts/automation/Radius/Functions/Private/CertResults/Get-UsersThatNeedCertWork.ps1

diff --git a/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1 b/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
index c808b9eb7..06446d197 100644
--- a/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
@@ -97,10 +97,7 @@ function Deploy-UserCertificate {
             switch ($user.systemAssociations.osFamily) {
                 'macOS' {
                     # Get the macOS system ids
-                    $systemIds = $user.systemAssociations | Where-Object { $_.osFamily -eq 'macOS' } | Select-Object systemId
-                    # If the certificate is already on the device, no need to process the command
-                    $systemIds = $systemIds | Where-Object { $_.systemId -notin $user.deploymentInfo.SystemId }
-                    # If there are no systemIds to process, skip generating the command:
+                    $systemIds = (Get-SystemsThatNeedCertWork -userData $user -osType "macOS")
                     if ($systemIds.count -eq 0) {
                         continue
                     }
@@ -278,9 +275,7 @@ fi
                 }
                 'windows' {
                     # Get the Windows system ids
-                    $systemIds = $user.systemAssociations | Where-Object { $_.osFamily -eq 'windows' } | Select-Object systemId
-                    # If the certificate is already on the device, no need to process the command
-                    $systemIds = $systemIds | Where-Object { $_.systemId -notin $user.deploymentInfo.SystemId }
+                    $systemIds = (Get-SystemsThatNeedCertWork -userData $user -osType "windows")
                     # If there are no systemIds to process, skip generating the command:
                     if ($systemIds.count -eq 0) {
                         continue
@@ -407,7 +402,9 @@ if (`$CurrentUser -eq "$($user.localUsername)") {
 
                         # Find newly created command and add system as target
                         $Command = Get-JCCommand -name "RadiusCert-Install:$($user.userName):Windows"
-                        $systemIds | ForEach-Object { Set-JcSdkCommandAssociation -CommandId:("$($Command._id)") -Op 'add' -Type:('system') -Id:("$($_.systemId)") | Out-Null }
+                        $systemIds | ForEach-Object {
+                            Set-JcSdkCommandAssociation -CommandId:("$($Command._id)") -Op 'add' -Type:('system') -Id:("$($_.systemId)") | Out-Null
+                        }
                     } catch {
                         $status_commandGenerated = $false
                         # throw $_
diff --git a/scripts/automation/Radius/Functions/Private/Commands/Get-InstalledCertsFromUsersJson.ps1 b/scripts/automation/Radius/Functions/Private/CertResults/Get-InstalledCertsFromUsersJson.ps1
similarity index 100%
rename from scripts/automation/Radius/Functions/Private/Commands/Get-InstalledCertsFromUsersJson.ps1
rename to scripts/automation/Radius/Functions/Private/CertResults/Get-InstalledCertsFromUsersJson.ps1
diff --git a/scripts/automation/Radius/Functions/Private/CertResults/Get-SystemsThatNeedCertWork.ps1 b/scripts/automation/Radius/Functions/Private/CertResults/Get-SystemsThatNeedCertWork.ps1
new file mode 100644
index 000000000..af0eab2d6
--- /dev/null
+++ b/scripts/automation/Radius/Functions/Private/CertResults/Get-SystemsThatNeedCertWork.ps1
@@ -0,0 +1,30 @@
+function Get-SystemsThatNeedCertWork {
+    [CmdletBinding()]
+    param (
+        [Parameter()]
+        [System.Object[]]
+        $userData,
+        [Parameter()]
+        [System.String]
+        $osType
+    )
+
+    begin {
+        $systemIDList = New-Object System.Collections.ArrayList
+    }
+    process {
+
+        foreach ($user in $userData) {
+            $userSystemAssociations = $user.systemAssociations | Where-Object { $_.osFamily -eq $osType }
+            $userSystemsCompleted = ($user.deploymentInfo).SystemId
+            foreach ($system in $userSystemAssociations) {
+                if ($system.systemId -notin $userSystemsCompleted) {
+                    $systemIDList.Add($system) | Out-Null
+                }
+            }
+        }
+    }
+    end {
+        return $systemIDList
+    }
+}
\ No newline at end of file
diff --git a/scripts/automation/Radius/Functions/Private/CertResults/Get-UsersThatNeedCertWork.ps1 b/scripts/automation/Radius/Functions/Private/CertResults/Get-UsersThatNeedCertWork.ps1
new file mode 100644
index 000000000..8b7087f1a
--- /dev/null
+++ b/scripts/automation/Radius/Functions/Private/CertResults/Get-UsersThatNeedCertWork.ps1
@@ -0,0 +1,34 @@
+function Get-UsersThatNeedCertWork {
+    [CmdletBinding()]
+    param (
+        [Parameter()]
+        [System.Object[]]
+        $userData
+    )
+
+    begin {
+        $userList = New-Object System.Collections.ArrayList
+    }
+    process {
+
+        foreach ($user in $userData) {
+            $userSystemAssociations = $user.systemAssociations | Where-Object { $_.osFamily -ne "Ubuntu" } | Sort-Object
+            $userSystemsCompleted = $user.deploymentInfo.systemId
+
+            if (-not $userSystemAssociations) {
+                # if a user does not have a system associated, add them to the list
+                $userList.Add($user) | Out-Null
+            }
+            foreach ($system in $userSystemAssociations) {
+                if ($system.systemId -notin $userSystemsCompleted) {
+                    # if user has a single system in their association list that's not in the completed list, add to the return list
+                    $userList.Add($user) | Out-Null
+                    break
+                }
+            }
+        }
+    }
+    end {
+        return $userList
+    }
+}
\ No newline at end of file
diff --git a/scripts/automation/Radius/Functions/Private/Commands/Invoke-CommandByUserId.ps1 b/scripts/automation/Radius/Functions/Private/Commands/Invoke-CommandByUserId.ps1
index 718d3dc4e..a5f71b698 100644
--- a/scripts/automation/Radius/Functions/Private/Commands/Invoke-CommandByUserId.ps1
+++ b/scripts/automation/Radius/Functions/Private/Commands/Invoke-CommandByUserId.ps1
@@ -17,9 +17,9 @@ function Invoke-CommandByUserid {
         # get Windows Command
         $windows_commandId = ($userObject.commandAssociations | Where-Object { $_.commandName -match "Windows" }).commandId
         # get list of macOS systems
-        $macOS_systemIds = $userObject.systemAssociations | Where-Object { $_.osFamily -eq "macOS" }
+        $macOS_systemIds = Get-SystemsThatNeedCertWork -userData $userObject -osType "macOS"
         # get list of Windows systems
-        $windows_systemIds = $userObject.systemAssociations | Where-Object { $_.osFamily -eq "windows" }
+        $windows_systemIds = Get-SystemsThatNeedCertWork -userData $userObject -osType "windows"
     }
 
     process {
diff --git a/scripts/automation/Radius/Functions/Private/Menus/Show-DistributionMenu.ps1 b/scripts/automation/Radius/Functions/Private/Menus/Show-DistributionMenu.ps1
index a08577006..33e6f55c4 100644
--- a/scripts/automation/Radius/Functions/Private/Menus/Show-DistributionMenu.ps1
+++ b/scripts/automation/Radius/Functions/Private/Menus/Show-DistributionMenu.ps1
@@ -3,7 +3,13 @@ function Show-DistributionMenu {
     param (
         [Parameter()]
         [System.Object]
-        $certObjectArray
+        $certObjectArray,
+        [Parameter()]
+        [System.Int32]
+        $usersThatNeedCertCount,
+        [Parameter()]
+        [System.Int32]
+        $TotalUserCount
     )
 
     $title = ' JumpCloud Radius Cert Deployment '
@@ -12,11 +18,11 @@ function Show-DistributionMenu {
     Write-Host $(PadCenter -string "Select an option below to deploy user certificates to systems`n" -char ' ') -ForegroundColor Yellow
     # deployment progress of newly generated certs
     if ($certObjectArray) {
-
         Write-Host $(PadCenter -string ' Certificate Information ' -char '-')
         Write-Host "Total # of local user certificates:" $certObjectArray.count
         Write-Host "Total # of already distributed certificates:" ($certObjectArray | Where-Object { $_.deployed -eq $true }).count
         Write-Host "Total # of un-deployed certificates:" ($certObjectArray | Where-Object { ( $_.deployed -eq $false) -or (-not $_.deployed) }).count
+        Write-Host "Users that have all their certificates installed: $([int]$TotalUserCount-[int]$usersThatNeedCertCount) of $TotalUserCount"
 
     }
     # ==== instructions ====
diff --git a/scripts/automation/Radius/Functions/Private/UserTable/Set-UserTable.ps1 b/scripts/automation/Radius/Functions/Private/UserTable/Set-UserTable.ps1
index dbc063873..35cd3b884 100644
--- a/scripts/automation/Radius/Functions/Private/UserTable/Set-UserTable.ps1
+++ b/scripts/automation/Radius/Functions/Private/UserTable/Set-UserTable.ps1
@@ -63,7 +63,7 @@ function Set-UserTable {
         if ($deploymentObject) {
             $deploymentInfo = $deploymentObject
         } else {
-            $deploymentInfo = $userObject.deploymentInfo
+            $deploymentInfo = $null
         }
     }
     process {
diff --git a/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1 b/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1
index f9d11f490..8d2035766 100644
--- a/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1
+++ b/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1
@@ -19,11 +19,13 @@ function Start-DeployUserCerts {
 
     # Import the users.json file and convert to PSObject
     $userArray = Get-UserJsonData
+    # identify users that need their certs still deployed
+    $usersWithoutLatestCert = Get-UsersThatNeedCertWork -userData $userArray
 
     do {
         switch ($PSCmdlet.ParameterSetName) {
             'gui' {
-                Show-DistributionMenu -CertObjectArray $userArray.certInfo
+                Show-DistributionMenu -CertObjectArray $userArray.certInfo -usersThatNeedCert $usersWithoutLatestCert.count -totalUserCount $userArray.count
                 $confirmation = Read-Host "Please make a selection"
 
             }
@@ -81,7 +83,9 @@ function Start-DeployUserCerts {
                         }
                     }
                 }
-                $usersWithoutLatestCert = $userArray | Where-Object { ( $_.certinfo.deployed -eq $false) -or (-not $_.certinfo.deployed) }
+                if (-Not $usersWithoutLatestCert) {
+                    $usersWithoutLatestCert = Get-UsersThatNeedCertWork -userData $userArray
+                }
                 for ($i = 0; $i -lt $usersWithoutLatestCert.Count; $i++) {
                     $result = Deploy-UserCertificate -userObject $usersWithoutLatestCert[$i] -forceInvokeCommands $invokeCommands
                     Show-RadiusProgress -completedItems ($i + 1) -totalItems $usersWithoutLatestCert.Count -ActionText "Distributing Radius Certificates" -previousOperationResult $result

From a9a6639257e9ec1b4bcd5ae43f7f16111b50eb32 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Mon, 3 Jun 2024 16:27:07 -0600
Subject: [PATCH 056/346] upload certificate table

---
 .../CertDeployment/Deploy-UserCertificate.ps1 | 65 +++++++++++++++++++
 1 file changed, 65 insertions(+)

diff --git a/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1 b/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
index 06446d197..e182e85ae 100644
--- a/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
@@ -224,6 +224,38 @@ if [[ "`$currentUser" ==  "`$userCompare" ]]; then
         echo "Removing Temp Pfx"
         rm "/tmp/$($user.userName)-client-signed.pfx"
     fi
+
+    # update si table
+    # The conf file is JSON and can be parsed using JSON.parse() in a supported language.
+    conf="`$(cat /opt/jc/jcagent.conf)"
+    regex='\"systemKey\":\"([a-zA-Z0-9_]+)\"'
+    if [[ `${conf} =~ `$regex ]] ; then
+    systemKey="`${BASH_REMATCH[1]}"
+    fi
+    # get the certUUID
+    regex='\"certuuid\":\"([a-zA-Z0-9_]+)\"'
+    if [[ `${conf} =~ `$regex ]] ; then
+    certUUID="`${BASH_REMATCH[1]}"
+    fi
+
+    # get the key /cert locations
+    keyLocation="/opt/jc/client.key"
+    certLocation="/opt/jc/client.crt"
+    caCertLocation="/opt/jc/ca.crt"
+
+    # Get json certificate data from osquery and add missing windows certificate columns
+    certJson=`$(/opt/jc/bin/jcosqueryi --json "select *, '' AS sid, '' AS store, '' AS store_id, '' AS store_location, '' AS username from certificates;")
+
+    # post
+    curl --cert `$certLocation --key `$keyLocation --cacert `$caCertLocation \
+    -X POST 'https://agent.jumpcloud.com/systeminsights/snapshots/certificates' \
+    -H "x-system-id: `$systemKey" \
+    -H "x-ssl-client-dn: /CN=`$certUUID/O=JumpCloud" \
+    -H 'Content-Type: application/json' \
+    --data-raw '{
+        "data": '"`$certJson"'
+    }'
+
 else
     # restore case match type
     `$caseMatchOrigValue
@@ -374,6 +406,39 @@ if (`$CurrentUser -eq "$($user.localUsername)") {
     } else {
         Throw "Cert was not installed"
     }
+
+    # update si table
+    # define curl path:
+    `$curlPath = "C:\ProgramData\chocolatey\bin\curl.exe"
+    if (Test-Path -Path `$curlPath) {
+
+        # Parse the systemKey from the cong file.
+        `$config = get-content 'C:\Program Files\JumpCloud\Plugins\Contrib\jcagent.conf'
+        `$regex = 'systemKey\":\"(\w+)\"'
+        `$systemKey = [regex]::Match(`$config, `$regex).Groups[1].Value
+        # get the certUUID
+        `$regex = 'certuuid\":\"(\w+)\"'
+        `$certUUID = [regex]::Match(`$config, `$regex).Groups[1].Value
+
+        # Get the key/ cert location
+        `$keyLocation = "C:\Program Files\JumpCloud\Plugins\Contrib\client.key"
+        `$certLocation = "C:\Program Files\JumpCloud\Plugins\Contrib\client.crt"
+        `$caCertLocation = "C:\Program Files\JumpCloud\Plugins\Contrib\ca.crt"
+
+        # Get json certificate data from osquery
+        `$certs = . "C:\Program Files\JumpCloud\jcosqueryi" --json "select * from certificates"
+        # format the data
+        `$certsText = "{``"data``":`$certs}"
+        # save the data to a temp file
+        `$certJsonFile = "C:\Windows\Temp\jsonFile.txt"
+        `$certsText | Out-File -FilePath `$certJsonFile -Force -Encoding utf8
+        # submit the request
+        C:\ProgramData\chocolatey\bin\curl.exe --cert "`$certLocation" --key "`$keyLocation" --cacert "`$caCertLocation" --header "x-system-id: `$systemKey" --header "x-ssl-client-dn: /CN=`$certUUID/O=JumpCloud" --header "Content-type:application/json " -d @C:\Windows\Temp\jsonFile.txt --url 'https://agent.jumpcloud.com/systeminsights/snapshots/certificates'
+        # remove the temp file
+        Remove-Item -Path `$certJsonFile
+    } else {
+        Write-Host "Curl might not be installed, system insights will update certificate information on this device within an hour"
+    }
 } else {
     if (`$CurrentUser -eq `$null){
         Write-Host "No users are signed into the system. Please ensure $($user.userName) is signed in and retry."

From 530e1cdec972a89ea9d1713d6a765f1997925d04 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Mon, 3 Jun 2024 16:27:34 -0600
Subject: [PATCH 057/346] note progress with addition of system insights check

---
 .../Radius/Functions/Private/Settings/Update-JCRUsersJson.ps1 | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/scripts/automation/Radius/Functions/Private/Settings/Update-JCRUsersJson.ps1 b/scripts/automation/Radius/Functions/Private/Settings/Update-JCRUsersJson.ps1
index f7ce491dc..ea5058ead 100644
--- a/scripts/automation/Radius/Functions/Private/Settings/Update-JCRUsersJson.ps1
+++ b/scripts/automation/Radius/Functions/Private/Settings/Update-JCRUsersJson.ps1
@@ -10,7 +10,10 @@ function Update-JCRUsersJson {
     process {
         # validate that the system association data is correct in users.json:
         # $userArray = Get-UserJsonData
+        $i = 0
         foreach ($user in $Global:JCRRadiusMembers) {
+            $i++
+            Write-Progress -activity "Getting User Certificate Info" -status "$($user.username): $i of $($Global:JCRRadiusMembers.Count)" -percentComplete (($i / $Global:JCRRadiusMembers.Count) * 100)
             $MatchedUser = $GLOBAL:JCRUsers[$user.userID]
             $userArrayObject, $userIndex = Get-UserFromTable -userID $user.userID
             $InstalledCerts = Get-CertBySHA -sha1 $userArrayObject.certInfo.sha1
@@ -67,6 +70,7 @@ function Update-JCRUsersJson {
         }
     }
     end {
+        Clear-Host
         Set-UserJsonData -userArray $userArray
     }
 }
\ No newline at end of file

From 74af55c1476fdef62d7731eef7498e7728a4f4bc Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Tue, 4 Jun 2024 14:36:12 -0600
Subject: [PATCH 058/346] passing tests baseline

---
 .../Radius/Extensions/extensions-emailSAN.cnf |  2 +-
 .../CertDeployment/Deploy-UserCertificate.ps1 |  2 +-
 .../Private/Settings/Update-JCRUsersJson.ps1  |  2 +-
 .../Public/Start-DeployUserCerts.Tests.ps1    |  6 ++---
 .../Public/Start-GenerateRootCert.Tests.ps1   | 24 +++++++++----------
 5 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/scripts/automation/Radius/Extensions/extensions-emailSAN.cnf b/scripts/automation/Radius/Extensions/extensions-emailSAN.cnf
index 18f598a5f..be3123204 100644
--- a/scripts/automation/Radius/Extensions/extensions-emailSAN.cnf
+++ b/scripts/automation/Radius/Extensions/extensions-emailSAN.cnf
@@ -11,7 +11,7 @@ OU = MyDivision
 CN = www.company.com
 
 [v3_req]
-authorityKeyIdentifier = keyid:issuer
+authorityKeyIdentifier = keyid:always,issuer:always
 keyUsage = digitalSignature
 extendedKeyUsage = clientAuth
 #For Client cert with email in the subject alternative name
diff --git a/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1 b/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
index e182e85ae..94affe7d3 100644
--- a/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
@@ -78,7 +78,7 @@ function Deploy-UserCertificate {
                 }
                 'EmailDN' {
                     # Else set cert identifier to email of cert subject
-                    $regex = 'emailAddress = (.*?)$'
+                    $regex = 'emailAddress=(.*?)$'
                     $JCR_SUBJECT_HEADERSMatch = Select-String -InputObject "$($certInfo.Subject)" -Pattern $regex
                     $certIdentifier = $JCR_SUBJECT_HEADERSMatch.matches.Groups[1].value
                     # in macOS search user certs by email
diff --git a/scripts/automation/Radius/Functions/Private/Settings/Update-JCRUsersJson.ps1 b/scripts/automation/Radius/Functions/Private/Settings/Update-JCRUsersJson.ps1
index ea5058ead..2b1dc06f8 100644
--- a/scripts/automation/Radius/Functions/Private/Settings/Update-JCRUsersJson.ps1
+++ b/scripts/automation/Radius/Functions/Private/Settings/Update-JCRUsersJson.ps1
@@ -70,7 +70,7 @@ function Update-JCRUsersJson {
         }
     }
     end {
-        Clear-Host
+        # Clear-Host
         Set-UserJsonData -userArray $userArray
     }
 }
\ No newline at end of file
diff --git a/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
index 68c1e11ad..2d88ab516 100644
--- a/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
@@ -247,7 +247,7 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
             $CertInfoAfter = Get-CertInfo -UserCerts -username $certTypeUser.username
             # Cert Subject headers should be contain required EmailDN identifier:
             $CertInfoBefore.subject | Should -Not -Be $CertInfoAfter
-            $CertInfoAfter.subject | Should -Match "emailAddress = $($Global:JCRUsers[$($certTypeUser.userID)].email)"
+            $CertInfoAfter.subject | Should -Match "$($Global:JCRUsers[$($certTypeUser.userID)].email)"
             # Create the new commands
             Start-DeployUserCerts -type ByUsername -username $certTypeUser.username
             # Go fetch the mac command for the user
@@ -277,7 +277,7 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
             $CertInfoAfter = Get-CertInfo -UserCerts -username $certTypeUser.username
             # Cert Subject headers should be contain required UsernameCn identifier:
             $CertInfoBefore.subject | Should -Not -Be $CertInfoAfter
-            $CertInfoAfter.subject | Should -Match "CN = $($certTypeUser.username)"
+            $CertInfoAfter.subject | Should -Match "$($certTypeUser.username)"
             # Create the new commands
             Start-DeployUserCerts -type ByUsername -username $certTypeUser.username
             # Go fetch the mac command for the user
@@ -299,7 +299,7 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
             $configPath = "$JCScriptRoot/config.ps1"
             $content = Get-Content -path $configPath
             # set the cert type
-            $content -replace ('\$Global:JCR_CERT_TYPE = *.+', '$Global:JCR_CERT_TYPE = UsernameCn') | Set-Content -Path $configPath
+            $content -replace ('\$Global:JCR_CERT_TYPE = *.+', '$Global:JCR_CERT_TYPE = "UsernameCn"') | Set-Content -Path $configPath
         }
     }
 }
\ No newline at end of file
diff --git a/scripts/automation/Radius/Tests/Public/Start-GenerateRootCert.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Start-GenerateRootCert.Tests.ps1
index 5f511c22b..c8bd799f2 100644
--- a/scripts/automation/Radius/Tests/Public/Start-GenerateRootCert.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Start-GenerateRootCert.Tests.ps1
@@ -18,12 +18,12 @@ Describe "Generate Root Certifcate Tests" -Tag "GenerateRootCert" {
         #validate the subject matches what's defined in config:
         $CA_subject = Invoke-Expression "$JCR_OPENSSL x509 -noout -in $JCScriptRoot/Cert/radius_ca_cert.pem -subject"
         $CA_subject = $CA_subject.split("subject=").split(",")
-        ($CA_subject | Where-Object { $_ -match "C = " }) | Should -Match $Global:JCR_SUBJECT_HEADERS.countryCode
-        ($CA_subject | Where-Object { $_ -match "ST = " }) | Should -Match $Global:JCR_SUBJECT_HEADERS.stateCode
-        ($CA_subject | Where-Object { $_ -match "L = " }) | Should -Match $Global:JCR_SUBJECT_HEADERS.Locality
-        ($CA_subject | Where-Object { $_ -match "O = " }) | Should -Match $Global:JCR_SUBJECT_HEADERS.Organization
-        ($CA_subject | Where-Object { $_ -match "OU = " }) | Should -Match $Global:JCR_SUBJECT_HEADERS.OrganizationUnit
-        ($CA_subject | Where-Object { $_ -match "CN = " }) | Should -Match $Global:JCR_SUBJECT_HEADERS.CommonName
+        ($CA_subject | Where-Object { $_ -match "C=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.countryCode
+        ($CA_subject | Where-Object { $_ -match "ST=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.stateCode
+        ($CA_subject | Where-Object { $_ -match "L=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.Locality
+        ($CA_subject | Where-Object { $_ -match "O=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.Organization
+        ($CA_subject | Where-Object { $_ -match "OU=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.OrganizationUnit
+        ($CA_subject | Where-Object { $_ -match "CN=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.CommonName
     }
     Context "An existing certificate can be replaced" {
         # get existing cert serial:
@@ -42,12 +42,12 @@ Describe "Generate Root Certifcate Tests" -Tag "GenerateRootCert" {
         #validate the subject matches what's defined in config:
         $CA_subject = Invoke-Expression "$JCR_OPENSSL x509 -noout -in $JCScriptRoot/Cert/radius_ca_cert.pem -subject"
         $CA_subject = $CA_subject.split("subject=").split(",")
-        ($CA_subject | Where-Object { $_ -match "C = " }) | Should -Match $Global:JCR_SUBJECT_HEADERS.countryCode
-        ($CA_subject | Where-Object { $_ -match "ST = " }) | Should -Match $Global:JCR_SUBJECT_HEADERS.stateCode
-        ($CA_subject | Where-Object { $_ -match "L = " }) | Should -Match $Global:JCR_SUBJECT_HEADERS.Locality
-        ($CA_subject | Where-Object { $_ -match "O = " }) | Should -Match $Global:JCR_SUBJECT_HEADERS.Organization
-        ($CA_subject | Where-Object { $_ -match "OU = " }) | Should -Match $Global:JCR_SUBJECT_HEADERS.OrganizationUnit
-        ($CA_subject | Where-Object { $_ -match "CN = " }) | Should -Match $Global:JCR_SUBJECT_HEADERS.CommonName
+        ($CA_subject | Where-Object { $_ -match "C=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.countryCode
+        ($CA_subject | Where-Object { $_ -match "ST=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.stateCode
+        ($CA_subject | Where-Object { $_ -match "L=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.Locality
+        ($CA_subject | Where-Object { $_ -match "O=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.Organization
+        ($CA_subject | Where-Object { $_ -match "OU=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.OrganizationUnit
+        ($CA_subject | Where-Object { $_ -match "CN=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.CommonName
 
     }
     Context "An existing certificate can be renewed" {

From ef58fb2889540b329d911788db1e662ff9f6a1d5 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 5 Jun 2024 13:10:49 -0600
Subject: [PATCH 059/346] tests should run independently

---
 .../Private/CertDeployment/Get-CertInfo.ps1   |  6 +-
 .../HashFunctions/Test-UserFromHash.ps1       |  4 +-
 .../Functions/Public/Get-JCRGlobalVars.ps1    | 50 ++++++++++-
 .../Public/Start-DeployUserCerts.Tests.ps1    | 32 +++----
 .../Public/Start-GenerateRootCert.Tests.ps1   | 90 ++++++++++---------
 .../Public/Start-GenerateUserCerts.Tests.ps1  | 11 ++-
 .../Radius/Tests/SetupRadiusOrg.ps1           |  1 -
 7 files changed, 124 insertions(+), 70 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1 b/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1
index 6ef4851c9..3af56f15c 100644
--- a/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1
@@ -102,8 +102,10 @@ function Get-CertInfo {
                     $username = $certFile.name.split('-')[0]
                     $certHash | Add-Member -Name 'username' -Type NoteProperty -Value $username
                     $certHash | Add-Member -Name 'generated' -Type NoteProperty -Value ($certFile.LastWriteTime.ToString('MM/dd/yyyy HH:mm:ss'))
-                    # Add hash to certObj array
-                    $certObj.add( $certHash) | Out-Null
+                    # Add hash to certObj array if the user is a member of the userGroup
+                    if ($username -in $global:JCRRadiusMembers.username) {
+                        $certObj.add( $certHash) | Out-Null
+                    }
                 }
             }
         }
diff --git a/scripts/automation/Radius/Functions/Private/HashFunctions/Test-UserFromHash.ps1 b/scripts/automation/Radius/Functions/Private/HashFunctions/Test-UserFromHash.ps1
index 3241f003e..6e03676cc 100644
--- a/scripts/automation/Radius/Functions/Private/HashFunctions/Test-UserFromHash.ps1
+++ b/scripts/automation/Radius/Functions/Private/HashFunctions/Test-UserFromHash.ps1
@@ -37,7 +37,7 @@ function Test-UserFromHash {
                 # Get the UserID from the keys
                 $matchedUserID = $Global:JCRUsers.keys | Select-Object -Index $matchedIndex
                 # validate that the userID is in the radiusMembership hash:
-                if ($Global:JCRRadiusMembers.username.IndexOf($username)) {
+                if ($matchedIndex) {
                     # finally return the $matchedUser object
                     $matchedUser = $Global:JCRUsers[$matchedUserID]
                 } else {
@@ -56,4 +56,4 @@ function Test-UserFromHash {
     end {
         return $matchedUser
     }
-}
+}
\ No newline at end of file
diff --git a/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1 b/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
index 066ee170a..6b8577f8d 100644
--- a/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
+++ b/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
@@ -6,7 +6,10 @@ function Get-JCRGlobalVars {
         $force,
         [Parameter(HelpMessage = "Skips the user to system association cache, which may take a long time on larger organizations")]
         [switch]
-        $skipAssociation
+        $skipAssociation,
+        [Parameter(HelpMessage = "Updates the system to user association cache manually using the graph api")]
+        [switch]
+        $associateManually
     )
     begin {
         # ensure the data directory exists to cache the json files:
@@ -15,11 +18,15 @@ function Get-JCRGlobalVars {
             New-Item -ItemType Directory -Path "$JCScriptRoot/data"
         }
 
+        if (-Not $global:JCRConfig) {
+            $global:JCRConfig = Get-JCRSettingsFile
+        }
+
         # get settings file
-        if ($IsMacOS){
+        if ($IsMacOS) {
             $lastUpdateTimespan = New-TimeSpan -Start $global:JCRConfig.globalvars.lastupdate -end (Get-Date)
         }
-        if ($ifWindows){
+        if ($ifWindows) {
             $lastUpdateTimespan = New-TimeSpan -Start $global:JCRConfig.globalvars.lastupdate.value -end (Get-Date)
         }
         if ($lastUpdateTimespan.TotalHours -gt 24) {
@@ -39,6 +46,16 @@ function Get-JCRGlobalVars {
                     $updateAssociation = $true
                 }
             }
+            switch ($associateManually) {
+                $true {
+                    $updateAssociation = $false
+                    $setAssociations = $true
+                }
+                $false {
+                    $updateAssociation = $false
+                    $setAssociations = $false
+                }
+            }
         }
 
         # also validate that the data files are non-null, if they are, force update]
@@ -149,6 +166,33 @@ function Get-JCRGlobalVars {
                     $userAssociationList = Get-Content -Raw -Path "$JCScriptRoot/data/associationHash.json" | ConvertFrom-Json -Depth 6 -AsHashtable
 
                 }
+                if ($setAssociations) {
+                    # create the hashtable:
+                    $userAssociationList = New-Object System.Collections.Hashtable
+                    foreach ($user in $radiusMemberList) {
+                        $userSystemMembership = Get-JcSdkUserTraverseSystem -UserId $user.userID
+                        if ($userSystemMembership) {
+                            $userAssociationList.add(
+                                $user.userID, @{
+                                    'systemAssociations' = @($userSystemMembership | Select-Object -Property @{Name = 'systemId'; Expression = { $_.id } }, @{Name = 'hostname'; Expression = { $systems[$_.id].hostname } }, @{Name = 'osFamily'; Expression = {
+                                                $osFamilyValue = $systems[$_.id].osFamily
+                                                if ($osFamilyValue -eq 'darwin') {
+                                                    "macOS"
+                                                } elseif ($osFamilyValue -eq 'Windows') {
+                                                    "Windows"
+                                                } else {
+                                                    $osFamilyValue
+                                                }
+                                            }
+                                        });
+                                    'userData'           = @($user | Select-Object -Property @{Name = 'email'; Expression = { $users[$user.userID].email } }, @{Name = 'username'; Expression = { $users[$user.userID].username } })
+                                }) | Out-Null
+                        }
+
+                    }
+                    # write out the association hash
+                    $userAssociationList | ConvertTo-Json -Depth 10 |  Out-File "$JCScriptRoot/data/associationHash.json"
+                }
                 # finally write out the data to file:
                 $users | ConvertTo-Json -Depth 100 -Compress |  Out-File "$JCScriptRoot/data/userHash.json"
                 $systems | ConvertTo-Json -Depth 10 |  Out-File "$JCScriptRoot/data/systemHash.json"
diff --git a/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
index 2d88ab516..37a8d7678 100644
--- a/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
@@ -41,13 +41,13 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
             Start-Sleep 1
             $userArray = Get-UserJsonData
             foreach ($user in $userArray) {
-                # cert should be deployed
+                # cert should be deployed for users that have a system association
                 if ($user.systemAssociations) {
                     $user.certinfo.deployed | Should -Be $true
-                }
-                $user.commandAssociations | ForEach-Object {
-                    $command = Get-JcSdkCommand -Id $_.commandId -Fields name
-                    $command | should -Not -BeNullOrEmpty
+                    $user.commandAssociations | ForEach-Object {
+                        $command = Get-JcSdkCommand -Id $_.commandId -Fields name
+                        $command | should -Not -BeNullOrEmpty
+                    }
                 }
             }
         }
@@ -94,13 +94,13 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
             Start-Sleep 1
             $userArray = Get-UserJsonData
             foreach ($user in $userArray) {
-                # cert should be deployed
+                # cert should be deployed for users that have a system association
                 if ($user.systemAssociations) {
-                    $user.certinfo.deployed | Should -Be $false
-                }
-                $user.commandAssociations | ForEach-Object {
-                    $command = Get-JcSdkCommand -Id $_.commandId -Fields name
-                    $command | should -Not -BeNullOrEmpty
+                    $user.certinfo.deployed | Should -Be $true
+                    $user.commandAssociations | ForEach-Object {
+                        $command = Get-JcSdkCommand -Id $_.commandId -Fields name
+                        $command | should -Not -BeNullOrEmpty
+                    }
                 }
             }
         }
@@ -174,19 +174,19 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
 
     }
     Context 'Distribute new certificates for a single user forcibly' {
-        it 'a user with system associations receeives a new command is created and deployed' {
+        it 'a user with system associations receives a new command is created and deployed' {
 
         }
-        it 'a user without system associations receeives a new command is not created and not deployed' {
+        it 'a user without system associations receives a new command is not created and not deployed' {
 
         }
 
     }
     Context 'Distribute new certificates for a single user without invoking' {
-        it 'a user with system associations receeives a new command is created and is not deployed' {
+        it 'a user with system associations receives a new command is created and is not deployed' {
 
         }
-        it 'a user without system associations receeives a new command is not created and not deployed' {
+        it 'a user without system associations receives a new command is not created and not deployed' {
 
         }
 
@@ -194,7 +194,9 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
     Context 'Cert Commands are generated for EmailSAN, EmailDN, UsernameCn type certs' {
         BeforeAll {
             # Member content | Get the user with 2 system associations mac and windows
+            Get-JCRGlobalVars -force -skipAssociation -associateManually
             $certTypeUser = $Global:JCRRadiusMembers | Get-Random -Count 1
+            Write-Warning "being while loop"
             while ($Global:JCRAssociations[$($certTypeUser.userID)].systemAssociations.count -ne 2) {
                 $certTypeUser = $Global:JCRRadiusMembers | Get-Random -Count 1
             }
diff --git a/scripts/automation/Radius/Tests/Public/Start-GenerateRootCert.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Start-GenerateRootCert.Tests.ps1
index c8bd799f2..ae6b1cb66 100644
--- a/scripts/automation/Radius/Tests/Public/Start-GenerateRootCert.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Start-GenerateRootCert.Tests.ps1
@@ -1,53 +1,57 @@
-Describe "Generate Root Certifcate Tests" -Tag "GenerateRootCert" {
+Describe "Generate Root Certificate Tests" -Tag "GenerateRootCert" {
     Context "A new certificate can be generated" {
-        # If the /Cert/ folder is not empty, clear the directory
-        $items = Get-ChildItem $JCScriptRoot/Cert
-        if ($items) {
-            foreach ($item in $items) {
-                write-host "removing $($item.FullName)"
-                Remove-Item -Path $item.FullName
+        It 'Generates a new root certificate' {
+            # If the /Cert/ folder is not empty, clear the directory
+            $items = Get-ChildItem $JCScriptRoot/Cert
+            if ($items) {
+                foreach ($item in $items) {
+                    write-host "removing $($item.FullName)"
+                    Remove-Item -Path $item.FullName
+                }
             }
-        }
-        Start-GenerateRootCert -certKeyPassword "Test123"
+            Start-GenerateRootCert -certKeyPassword "Test123"
 
-        # both the key and the cert should be generated
-        $itemsAfter = Get-ChildItem $JCScriptRoot/Cert
-        $itemsAfter.BaseName | Should -Contain "radius_ca_cert"
-        $itemsAfter.BaseName | Should -Contain "radius_ca_key"
+            # both the key and the cert should be generated
+            $itemsAfter = Get-ChildItem $JCScriptRoot/Cert
+            $itemsAfter.BaseName | Should -Contain "radius_ca_cert"
+            $itemsAfter.BaseName | Should -Contain "radius_ca_key"
 
-        #validate the subject matches what's defined in config:
-        $CA_subject = Invoke-Expression "$JCR_OPENSSL x509 -noout -in $JCScriptRoot/Cert/radius_ca_cert.pem -subject"
-        $CA_subject = $CA_subject.split("subject=").split(",")
-        ($CA_subject | Where-Object { $_ -match "C=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.countryCode
-        ($CA_subject | Where-Object { $_ -match "ST=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.stateCode
-        ($CA_subject | Where-Object { $_ -match "L=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.Locality
-        ($CA_subject | Where-Object { $_ -match "O=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.Organization
-        ($CA_subject | Where-Object { $_ -match "OU=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.OrganizationUnit
-        ($CA_subject | Where-Object { $_ -match "CN=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.CommonName
+            #validate the subject matches what's defined in config:
+            $CA_subject = Invoke-Expression "$JCR_OPENSSL x509 -noout -in $JCScriptRoot/Cert/radius_ca_cert.pem -subject"
+            $CA_subject = $CA_subject.split("subject=").split(",")
+            ($CA_subject | Where-Object { $_ -match "C=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.countryCode
+            ($CA_subject | Where-Object { $_ -match "ST=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.stateCode
+            ($CA_subject | Where-Object { $_ -match "L=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.Locality
+            ($CA_subject | Where-Object { $_ -match "O=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.Organization
+            ($CA_subject | Where-Object { $_ -match "OU=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.OrganizationUnit
+            ($CA_subject | Where-Object { $_ -match "CN=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.CommonName
+        }
     }
     Context "An existing certificate can be replaced" {
-        # get existing cert serial:
-        $origSN = Invoke-Expression "$JCR_OPENSSL x509 -noout -in $JCScriptRoot/Cert/radius_ca_cert.pem -serial"
-        # force generate new CA
-        Start-GenerateRootCert -certKeyPassword "newTest1234"
-        # get new SN
-        $newSN = Invoke-Expression "$JCR_OPENSSL x509 -noout -in $JCScriptRoot/Cert/radius_ca_cert.pem -serial"
-        # the serial numbers of the cert should not be the same, i.e. a new cert has replaced the existing one
-        $origSN | Should -Not -Be $newSN
-        # both the key and the cert should be generated
-        $itemsAfter = Get-ChildItem $JCScriptRoot/Cert
-        $itemsAfter.BaseName | Should -Contain "radius_ca_cert"
-        $itemsAfter.BaseName | Should -Contain "radius_ca_key"
+        It 'Replaces a root certificate' {
+            # get existing cert serial:
+            $origSN = Invoke-Expression "$JCR_OPENSSL x509 -noout -in $JCScriptRoot/Cert/radius_ca_cert.pem -serial"
+            # force generate new CA
+            Start-GenerateRootCert -certKeyPassword "newTest1234"
+            # get new SN
+            $newSN = Invoke-Expression "$JCR_OPENSSL x509 -noout -in $JCScriptRoot/Cert/radius_ca_cert.pem -serial"
+            # the serial numbers of the cert should not be the same, i.e. a new cert has replaced the existing one
+            $origSN | Should -Not -Be $newSN
+            # both the key and the cert should be generated
+            $itemsAfter = Get-ChildItem $JCScriptRoot/Cert
+            $itemsAfter.BaseName | Should -Contain "radius_ca_cert"
+            $itemsAfter.BaseName | Should -Contain "radius_ca_key"
 
-        #validate the subject matches what's defined in config:
-        $CA_subject = Invoke-Expression "$JCR_OPENSSL x509 -noout -in $JCScriptRoot/Cert/radius_ca_cert.pem -subject"
-        $CA_subject = $CA_subject.split("subject=").split(",")
-        ($CA_subject | Where-Object { $_ -match "C=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.countryCode
-        ($CA_subject | Where-Object { $_ -match "ST=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.stateCode
-        ($CA_subject | Where-Object { $_ -match "L=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.Locality
-        ($CA_subject | Where-Object { $_ -match "O=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.Organization
-        ($CA_subject | Where-Object { $_ -match "OU=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.OrganizationUnit
-        ($CA_subject | Where-Object { $_ -match "CN=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.CommonName
+            #validate the subject matches what's defined in config:
+            $CA_subject = Invoke-Expression "$JCR_OPENSSL x509 -noout -in $JCScriptRoot/Cert/radius_ca_cert.pem -subject"
+            $CA_subject = $CA_subject.split("subject=").split(",")
+            ($CA_subject | Where-Object { $_ -match "C=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.countryCode
+            ($CA_subject | Where-Object { $_ -match "ST=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.stateCode
+            ($CA_subject | Where-Object { $_ -match "L=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.Locality
+            ($CA_subject | Where-Object { $_ -match "O=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.Organization
+            ($CA_subject | Where-Object { $_ -match "OU=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.OrganizationUnit
+            ($CA_subject | Where-Object { $_ -match "CN=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.CommonName
+        }
 
     }
     Context "An existing certificate can be renewed" {
diff --git a/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1
index a1dbc8204..aa61e18c0 100644
--- a/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1
@@ -12,6 +12,9 @@ Describe 'Generate User Cert Tests' -Tag "GenerateUserCerts" {
     }
     Context 'Certs forcibly re-generated for all users' {
         It 'Certs re-generated have actually been re-written for all users' {
+            # first generate user certs
+            Start-GenerateUserCerts -type All -forceReplaceCerts
+            # capture the current time and cert times.
             $timeBefore = (Get-Date).ToString('MM/dd/yyyy HH:mm:ss')
             $certsBefore = Get-CertInfo -UserCerts
             # wait one second.
@@ -31,13 +34,13 @@ Describe 'Generate User Cert Tests' -Tag "GenerateUserCerts" {
         }
     }
     Context 'Certs generated for newly added users' {
-        beforeall {
+        BeforeAll {
             $user = New-RandomUser -Domain "pesterRadius" | New-JCUser
             Add-JCUserGroupMember -GroupID $Global:JCR_USER_GROUP -UserID $user.id
             $certs = Get-ChildItem -Path "$JCScriptRoot/UserCerts" -filter "$($user.username)*"
             # if user cert exists, for random user, remove:
             foreach ($cert in $certs) {
-                remove-item $cert.fullname
+                remove-item $cert.Fullname
             }
 
         }
@@ -75,7 +78,7 @@ Describe 'Generate User Cert Tests' -Tag "GenerateUserCerts" {
         }
 
     }
-    Context 'Certs generated for users whos cert is set to exipre soon' {
+    Context 'Certs generated for users who have certs that are about set to expire soon' {
         BeforeAll {
             # import necessary functions:
             . "$JCScriptRoot/Functions/Private/CertDeployment/Get-CertInfo.ps1"
@@ -99,7 +102,7 @@ Describe 'Generate User Cert Tests' -Tag "GenerateUserCerts" {
             $Global:expiringCerts = Get-ExpiringCertInfo -certInfo $userCertInfo -cutoffDate $Global:JCR_USER_CERT_EXPIRE_WARNING_DAYS
 
         }
-        It 'Certs that are set to expire soon can be updated' {
+        It 'Certs that are set to expire soon can be updated programmatically' {
             # at this point expiring certs should be populated from beforeAll block
             $Global:expiringCerts | Should -not -BeNullOrEmpty
             # reset the validity counter
diff --git a/scripts/automation/Radius/Tests/SetupRadiusOrg.ps1 b/scripts/automation/Radius/Tests/SetupRadiusOrg.ps1
index 60cc98ffc..2e095d0bd 100644
--- a/scripts/automation/Radius/Tests/SetupRadiusOrg.ps1
+++ b/scripts/automation/Radius/Tests/SetupRadiusOrg.ps1
@@ -17,7 +17,6 @@ Write-Warning "Removing Pester Radius Users with emailDomain: *pesterRadius*"
 $usersToRemove = Get-JCuser -email "*pesterRadius*" | Remove-JCUser -force
 
 # Create users
-
 Write-Warning "Creating New Pester Radius Users"
 # user bound to mac
 $macUser = New-RandomUser -Domain "PesterRadTest" | New-JCUser

From d1c6745297a723ec3eaf01fcbc31689b1103e996 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 5 Jun 2024 14:08:02 -0600
Subject: [PATCH 060/346] module validation tests

---
 .../automation/Radius/Tests/Invoke-Pester.ps1 | 51 +++++--------------
 .../ModuleValidation/ModuleVersion.Tests.ps1  | 17 +++++++
 2 files changed, 30 insertions(+), 38 deletions(-)
 create mode 100644 scripts/automation/Radius/Tests/ModuleValidation/ModuleVersion.Tests.ps1

diff --git a/scripts/automation/Radius/Tests/Invoke-Pester.ps1 b/scripts/automation/Radius/Tests/Invoke-Pester.ps1
index 9bf0bc4c3..d46ce2380 100644
--- a/scripts/automation/Radius/Tests/Invoke-Pester.ps1
+++ b/scripts/automation/Radius/Tests/Invoke-Pester.ps1
@@ -2,10 +2,13 @@
 # There are two parameter sets
 Param(
     [Parameter(ParameterSetName = 'SingleOrgTests', Mandatory = $true, ValueFromPipelineByPropertyName = $true, Position = 0)][ValidateNotNullOrEmpty()][System.String]$JumpCloudApiKey
-    , [Parameter(ParameterSetName = 'SingleOrgTests', Mandatory = $false, ValueFromPipelineByPropertyName = $true, Position = 2)][System.String[]]$ExcludeTagList
-    , [Parameter(ParameterSetName = 'SingleOrgTests', Mandatory = $false, ValueFromPipelineByPropertyName = $true, Position = 3)][System.String[]]$IncludeTagList
+    , [Parameter(ParameterSetName = 'SingleOrgTests', Mandatory = $false, ValueFromPipelineByPropertyName = $true, Position = 1)][System.String[]]$ExcludeTagList
+    , [Parameter(ParameterSetName = 'SingleOrgTests', Mandatory = $false, ValueFromPipelineByPropertyName = $true, Position = 2)][System.String[]]$IncludeTagList
+    , [Parameter(ParameterSetName = 'ModuleValidation', Mandatory = $true, ValueFromPipelineByPropertyName = $true, Position = 3)][switch]$ModuleValidation
 )
 
+
+
 # Get list of tags and validate that tags have been applied
 $PesterTests = Get-ChildItem -Path:($PSScriptRoot + '/*.Tests.ps1') -Recurse
 $Tags = ForEach ($PesterTest In $PesterTests) {
@@ -35,42 +38,16 @@ If ($PesterRunPaths) {
     Clear-Variable -Name PesterRunPaths
 }
 # Determine the parameter set path
-
-if ($env:CI) {
-    If ($env:job_group) {
-        # split tests by job group:
-        $PesterTestsPaths = Get-ChildItem -Path $PSScriptRoot -Filter *.Tests.ps1 -Recurse | Where-Object size -GT 0 | Sort-Object -Property Name
-        Write-Host "[Status] $($PesterTestsPaths.count) tests found"
-        $CIindex = @()
-        $numItems = $($PesterTestsPaths.count)
-        $numBuckets = 3
-        $itemsPerBucket = [math]::Floor(($numItems / $numBuckets))
-        $remainder = ($numItems % $numBuckets)
-        $extra = 0
-        for ($i = 0; $i -lt $numBuckets; $i++) {
-            <# Action that will repeat until the condition is met #>
-            if ($i -eq ($numBuckets - 1)) {
-                $extra = $remainder
-            }
-            $indexList = ($itemsPerBucket + $extra)
-            # Write-Host "Container $i contains $indexList items:"
-            $CIIndexList = @()
-            $CIIndexList += for ($k = 0; $k -lt $indexList; $k++) {
-                <# Action that will repeat until the condition is met #>
-                $bucketIndex = $i * $itemsPerBucket
-                # write-host "`$tags[$($bucketIndex + $k)] ="$tags[($bucketIndex + $k)]
-                $PesterTestsPaths[$bucketIndex + $k]
-            }
-            # add to ciIndex Array
-            $CIindex += , ($CIIndexList)
-        }
-        $PesterRunPaths = $CIindex[[int]$($env:job_group)]
-        Write-Host "[status] The following $($($CIindex[[int]$($env:job_group)]).count) tests will be run:"
-        $($CIindex[[int]$($env:job_group)]) | ForEach-Object { Write-Host "$_" }
-    }
+if ($PSCmdlet.ParameterSetName -eq 'ModuleValidation') {
+    $IncludeTags = "ModuleValidation"
+    $PesterRunPaths = @(
+        "$PSScriptRoot/ModuleValidation/"
+    )
 } else {
-    # run setup org locally and set variables
+    Write-Host "Begin Org Setup Before Tests:"
+    . "$PSScriptRoot/SetupRadiusOrg.ps1"
 }
+
 $env:JCAPIKEY = $JumpCloudApiKey
 Connect-JCOnline -JumpCloudApiKey:($env:JCAPIKEY) -force
 
@@ -104,8 +81,6 @@ $configuration.Filter.ExcludeTag = $ExcludeTagList
 $configuration.CodeCoverage.OutputPath = ($PesterResultsFileXmldir + 'coverage.xml')
 $configuration.testresult.OutputPath = ($PesterResultsFileXmldir + 'results.xml')
 
-Write-Host "Begin Org Setup Before Tests:"
-. "$PSScriptRoot/SetupRadiusOrg.ps1"
 
 Write-Host ("[RUN COMMAND] Invoke-Pester -Path:('$PesterRunPaths') -TagFilter:('$($IncludeTags -join "','")') -ExcludeTagFilter:('$($ExcludeTagList -join "','")') -PassThru") -BackgroundColor:('Black') -ForegroundColor:('Magenta')
 # Run Pester tests
diff --git a/scripts/automation/Radius/Tests/ModuleValidation/ModuleVersion.Tests.ps1 b/scripts/automation/Radius/Tests/ModuleValidation/ModuleVersion.Tests.ps1
new file mode 100644
index 000000000..5ca12d530
--- /dev/null
+++ b/scripts/automation/Radius/Tests/ModuleValidation/ModuleVersion.Tests.ps1
@@ -0,0 +1,17 @@
+Describe "Module Version Tests" -Tag "ModuleValidation" {
+
+    It "The versions across the module should match" {
+        # Get the PSD1 file and config.ps1
+        $PSD1 = Test-ModuleManifest -Path "$PSScriptRoot/../../JumpCloud-Radius.psd1"
+        $config = Get-Content -Path "$PSScriptRoot/../../Config.ps1" -Raw
+        # get the psd1 version
+        $psd1Version = $PSD1.version
+        # set regex to get psd1 version out of config.ps1
+        $versionLineRegex = '\$UserAgent_ModuleVersion.*'
+        $versionLine = ($config | Select-String -Pattern $versionLineRegex).Matches[0].Value
+        $semanticVersionRegex = "(0|[1-9]\d*).(0|[1-9]\d*).(0|[1-9]\d*)"
+        $configVersion = ($versionLine | Select-String -Pattern "(0|[1-9]\d*).(0|[1-9]\d*).(0|[1-9]\d*)").matches[0].value
+        # test that both versions are the same
+        $configVersion | should -be $psd1Version
+    }
+}
\ No newline at end of file

From 600d545b32503d0b439525f6e6a8ca25eede8e37 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 5 Jun 2024 14:42:25 -0600
Subject: [PATCH 061/346] radius-module ci task

---
 .github/workflows/radius-module-ci.yml | 164 +++++++++++++++++++++++++
 1 file changed, 164 insertions(+)
 create mode 100644 .github/workflows/radius-module-ci.yml

diff --git a/.github/workflows/radius-module-ci.yml b/.github/workflows/radius-module-ci.yml
new file mode 100644
index 000000000..67cd759f3
--- /dev/null
+++ b/.github/workflows/radius-module-ci.yml
@@ -0,0 +1,164 @@
+name: Radius Module CI
+
+on:
+  pull_request:
+    # Sequence of patterns matched against refs/heads
+    branches:
+      - "master"
+    paths:
+      - "scripts/automation/Radius/**"
+    types: [opened, synchronize, reopened, labeled, unlabeled]
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+jobs:
+  Filter-Branch:
+    runs-on: ubuntu-latest
+    if: contains(github.event.pull_request.labels.*.name, 'Radius Module')
+    steps:
+      - run: echo "Building JumpCloud Radius Module Event 'JumpCloudModule_'"
+  Check-PR-Labels:
+    needs: ["Filter-Branch"]
+    runs-on: ubuntu-latest
+    outputs:
+      RELEASE_TYPE: ${{ steps.validate.outputs.RELEASE_TYPE }}
+    steps:
+      - name: Validate-PR-Version-Labels
+        id: validate
+        shell: pwsh
+        run: |
+          $PR_LABEL_LIST=$(curl -s "https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/labels" | jq -r '.[].name')
+          if ("PowerShell Radius Module" -in $PR_LABEL_LIST) {
+              write-host "Starting Build for PowerShell Radius Module Release"
+          }
+          # validate type from label list:
+          $types = @('major', 'minor', 'patch', 'manual')
+          $typeCount = 0
+          foreach ($item in $PR_LABEL_LIST) {
+              if ($item -in $types) {
+                  write-host "$item"
+                  $typeCount += 1
+                  $RELEASE_TYPE = $item
+              }
+          }
+
+          if ($typeCount -eq 1) {
+              echo "RELEASE_TYPE=$RELEASE_TYPE" >> $env:GITHUB_OUTPUT
+          } else {
+              throw "Multiple or invalid release types were found on PR"
+              exit 1
+          }
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  Validate-Env-Variables:
+    needs: ["Filter-Branch", "Check-PR-Labels"]
+    runs-on: ubuntu-latest
+    steps:
+      - env:
+          RELEASE_TYPE: ${{ needs.Check-PR-Labels.outputs.RELEASE_TYPE }}
+        shell: pwsh
+        run: |
+          # validate release type variables
+          $env:RELEASE_TYPE |  Should -BeIn @('major','minor','patch','manual')
+  Setup-Build-Dependancies:
+    needs: ["Filter-Branch", "Check-PR-Labels", "Validate-Env-Variables"]
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    steps:
+      - uses: actions/checkout@v4
+      - name: Setup PowerShell Module Cache
+        id: cacher
+        uses: actions/cache@v3
+        with:
+          path: "/home/runner/.local/share/powershell/Modules/"
+          key: PS-Radius-Dependancies
+      - name: Install dependencies
+        if: steps.cacher.outputs.cache-hit != 'true'
+        shell: pwsh
+        env:
+          PESTER_APIKEY: ${{ secrets.PESTER_APIKEY }}
+          PESTER_ORGID: ${{ secrets.PESTER_ORGID }}
+        run: |
+          Set-PSRepository PSGallery -InstallationPolicy Trusted
+
+          If (!(Get-PackageProvider -Name:('NuGet') -ListAvailable -ErrorAction:('SilentlyContinue'))) {
+              Write-Host ('[status]Installing package provider NuGet');
+              Install-PackageProvider -Name:('NuGet') -Scope:('CurrentUser') -Force
+          }
+
+          $PSDependencies = @{
+              'PowerShellGet'                         = @{Repository = 'PSGallery'; RequiredVersion = '3.0.12-beta' }
+              'PackageManagement'                     = @{Repository = 'PSGallery'; RequiredVersion = '1.4.8.1' }
+              'PSScriptAnalyzer'                      = @{Repository = 'PSGallery'; RequiredVersion = '1.19.1' }
+              'PlatyPS'                               = @{Repository = 'PSGallery'; RequiredVersion = '0.14.2' }
+              'AWS.Tools.Common'                      = @{Repository = 'PSGallery'; RequiredVersion = '4.1.122' }
+              'AWS.Tools.CodeArtifact'                = @{Repository = 'PSGallery'; RequiredVersion = '4.1.122' }
+              'JumpCloud.SDK.V1'                      = @{Repository = 'PSGallery'; RequiredVersion = 'latest'}
+              'JumpCloud.SDK.V2'                      = @{Repository = 'PSGallery'; RequiredVersion = 'latest'}
+              'JumpCloud.SDK.DirectoryInsights'       = @{Repository = 'PSGallery'; RequiredVersion = 'latest'}
+          }
+
+          foreach ($RequiredModule in $PSDependencies.Keys) {
+              If ([System.String]::IsNullOrEmpty((Get-InstalledModule | Where-Object { $_.Name -eq $RequiredModule }))) {
+                  Write-Host("[status]Installing module: '$RequiredModule'; version: $($PSDependencies[$RequiredModule].RequiredVersion) from $($PSDependencies[$RequiredModule].Repository)")
+                  if ($($PSDependencies[$RequiredModule].RequiredVersion) -eq "latest"){
+                    Install-Module -Name $RequiredModule -Repository:($($PSDependencies[$RequiredModule].Repository)) -AllowPrerelease -Force
+                  } else {
+                    Install-Module -Name $RequiredModule -Repository:($($PSDependencies[$RequiredModule].Repository)) -RequiredVersion:($($PSDependencies[$RequiredModule].RequiredVersion)) -AllowPrerelease -Force
+                  }
+              }
+          }
+
+  Validate-Module:
+    needs: ["Setup-Build-Dependancies", "Check-PR-Labels"]
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          sparse-checkout: |
+            PowerShell
+      - uses: actions/cache@v3
+        with:
+          path: "/home/runner/.local/share/powershell/Modules/"
+          key: PS-Radius-Dependancies
+      - env:
+          RELEASE_TYPE: ${{ needs.Check-PR-Labels.outputs.RELEASE_TYPE }}
+        shell: pwsh
+        run: |
+          . "./scripts/automation/Radius/Tests/InvokePester.ps1" -ModuleValidation
+  Test-Module:
+    needs: ["Setup-Build-Dependancies", "Check-PR-Labels", "Validate-Module"]
+    runs-on: ubuntu-latest
+    timeout-minutes: 75
+    strategy:
+      fail-fast: false
+    name: Run Pester Tests and Upload Results
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          sparse-checkout: |
+            PowerShell
+      - uses: actions/cache@v3
+        with:
+          path: "/home/runner/.local/share/powershell/Modules/"
+          key: PS-Dependancies
+      - uses: actions/download-artifact@v3
+        with:
+          name: jumpcloud-vars
+      - name: Test PWSH Module
+        shell: pwsh
+        env:
+          PESTER_APIKEY: ${{ secrets.PESTER_APIKEY }}
+          PESTER_ORGID: ${{ secrets.PESTER_ORGID }}
+        run: |
+          Set-Variable -Name PesterParams_ApiKey -Value "$env:PESTER_APIKEY" -Scope Global
+
+          # Import JC Module
+          Import-Module "${{github.workspace}}/scripts/automation/Radius/JumpCloud-Radius.psd1"
+
+          # Authenticate to JC Org
+          Connect-JCOnline -JumpCloudApiKey:("$env:PESTER_APIKEY") -force | Out-Null
+
+          # Invoke Pester
+          . "./scripts/automation/Radius/Tests/InvokePester.ps1" -JumpCloudApiKey "$env:PESTER_APIKEY"

From e866e091c45b2780aa5e445030408d6626ccf845 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 5 Jun 2024 14:46:37 -0600
Subject: [PATCH 062/346] pester location

---
 .github/workflows/radius-module-ci.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/radius-module-ci.yml b/.github/workflows/radius-module-ci.yml
index 67cd759f3..c55ee6f05 100644
--- a/.github/workflows/radius-module-ci.yml
+++ b/.github/workflows/radius-module-ci.yml
@@ -126,7 +126,7 @@ jobs:
           RELEASE_TYPE: ${{ needs.Check-PR-Labels.outputs.RELEASE_TYPE }}
         shell: pwsh
         run: |
-          . "./scripts/automation/Radius/Tests/InvokePester.ps1" -ModuleValidation
+          . "./scripts/automation/Radius/Tests/Invoke-Pester.ps1" -ModuleValidation
   Test-Module:
     needs: ["Setup-Build-Dependancies", "Check-PR-Labels", "Validate-Module"]
     runs-on: ubuntu-latest
@@ -161,4 +161,4 @@ jobs:
           Connect-JCOnline -JumpCloudApiKey:("$env:PESTER_APIKEY") -force | Out-Null
 
           # Invoke Pester
-          . "./scripts/automation/Radius/Tests/InvokePester.ps1" -JumpCloudApiKey "$env:PESTER_APIKEY"
+          . "./scripts/automation/Radius/Tests/Invoke-Pester.ps1" -JumpCloudApiKey "$env:PESTER_APIKEY"

From 8eb0ac0e429f9ced4844c5deecca167f963a7884 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 5 Jun 2024 14:52:13 -0600
Subject: [PATCH 063/346] checkout scripts directory

---
 .github/workflows/radius-module-ci.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/radius-module-ci.yml b/.github/workflows/radius-module-ci.yml
index c55ee6f05..1d7e72f12 100644
--- a/.github/workflows/radius-module-ci.yml
+++ b/.github/workflows/radius-module-ci.yml
@@ -117,7 +117,7 @@ jobs:
       - uses: actions/checkout@v4
         with:
           sparse-checkout: |
-            PowerShell
+            scripts
       - uses: actions/cache@v3
         with:
           path: "/home/runner/.local/share/powershell/Modules/"
@@ -138,7 +138,7 @@ jobs:
       - uses: actions/checkout@v4
         with:
           sparse-checkout: |
-            PowerShell
+            scripts
       - uses: actions/cache@v3
         with:
           path: "/home/runner/.local/share/powershell/Modules/"

From 15fc3c85dfeaf886fbf10f09a2d2a9b7e0362c2d Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 5 Jun 2024 14:58:55 -0600
Subject: [PATCH 064/346] cache + setup order

---
 .github/workflows/radius-module-ci.yml            | 3 +--
 scripts/automation/Radius/Tests/Invoke-Pester.ps1 | 5 ++---
 2 files changed, 3 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/radius-module-ci.yml b/.github/workflows/radius-module-ci.yml
index 1d7e72f12..4eb02fb75 100644
--- a/.github/workflows/radius-module-ci.yml
+++ b/.github/workflows/radius-module-ci.yml
@@ -91,8 +91,7 @@ jobs:
               'PackageManagement'                     = @{Repository = 'PSGallery'; RequiredVersion = '1.4.8.1' }
               'PSScriptAnalyzer'                      = @{Repository = 'PSGallery'; RequiredVersion = '1.19.1' }
               'PlatyPS'                               = @{Repository = 'PSGallery'; RequiredVersion = '0.14.2' }
-              'AWS.Tools.Common'                      = @{Repository = 'PSGallery'; RequiredVersion = '4.1.122' }
-              'AWS.Tools.CodeArtifact'                = @{Repository = 'PSGallery'; RequiredVersion = '4.1.122' }
+              'JumpCloud'                             = @{Repository = 'PSGallery'; RequiredVersion = 'latest'}
               'JumpCloud.SDK.V1'                      = @{Repository = 'PSGallery'; RequiredVersion = 'latest'}
               'JumpCloud.SDK.V2'                      = @{Repository = 'PSGallery'; RequiredVersion = 'latest'}
               'JumpCloud.SDK.DirectoryInsights'       = @{Repository = 'PSGallery'; RequiredVersion = 'latest'}
diff --git a/scripts/automation/Radius/Tests/Invoke-Pester.ps1 b/scripts/automation/Radius/Tests/Invoke-Pester.ps1
index d46ce2380..af10aa204 100644
--- a/scripts/automation/Radius/Tests/Invoke-Pester.ps1
+++ b/scripts/automation/Radius/Tests/Invoke-Pester.ps1
@@ -44,12 +44,12 @@ if ($PSCmdlet.ParameterSetName -eq 'ModuleValidation') {
         "$PSScriptRoot/ModuleValidation/"
     )
 } else {
+    $env:JCAPIKEY = $JumpCloudApiKey
+    Connect-JCOnline -JumpCloudApiKey:($env:JCAPIKEY) -force
     Write-Host "Begin Org Setup Before Tests:"
     . "$PSScriptRoot/SetupRadiusOrg.ps1"
 }
 
-$env:JCAPIKEY = $JumpCloudApiKey
-Connect-JCOnline -JumpCloudApiKey:($env:JCAPIKEY) -force
 
 if (-Not $PesterRunPaths) {
     $PesterRunPaths = @(
@@ -61,7 +61,6 @@ Write-Host ('[status]Load private functions: ' + "$PSScriptRoot/../Functions/Pri
 Write-Host ('[status]Load public functions: ' + "$PSScriptRoot/../Functions/Public/*.ps1")
 Get-ChildItem -Path:("$PSScriptRoot/../Functions/Private/*.ps1") -Recurse | ForEach-Object { . $_.FullName }
 
-
 # Set the test result directory:
 $PesterResultsFileXmldir = "$PSScriptRoot/test_results/"
 # create the directory if it does not exist:

From c0ca9850c003bd30da6351ea034052db4672443e Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 5 Jun 2024 15:01:55 -0600
Subject: [PATCH 065/346] cache

---
 .github/workflows/radius-module-ci.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/radius-module-ci.yml b/.github/workflows/radius-module-ci.yml
index 4eb02fb75..8d0e257fa 100644
--- a/.github/workflows/radius-module-ci.yml
+++ b/.github/workflows/radius-module-ci.yml
@@ -141,7 +141,7 @@ jobs:
       - uses: actions/cache@v3
         with:
           path: "/home/runner/.local/share/powershell/Modules/"
-          key: PS-Dependancies
+          key: PS-Radius-Dependancies
       - uses: actions/download-artifact@v3
         with:
           name: jumpcloud-vars

From 17a4301fa1760dae39b458790c76356ad9c67aaf Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 5 Jun 2024 15:04:13 -0600
Subject: [PATCH 066/346] remove artifact download

---
 .github/workflows/radius-module-ci.yml | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/.github/workflows/radius-module-ci.yml b/.github/workflows/radius-module-ci.yml
index 8d0e257fa..0785cd85a 100644
--- a/.github/workflows/radius-module-ci.yml
+++ b/.github/workflows/radius-module-ci.yml
@@ -142,9 +142,6 @@ jobs:
         with:
           path: "/home/runner/.local/share/powershell/Modules/"
           key: PS-Radius-Dependancies
-      - uses: actions/download-artifact@v3
-        with:
-          name: jumpcloud-vars
       - name: Test PWSH Module
         shell: pwsh
         env:

From a8021e262ea382d30b0eb081829c62f3dc042e9a Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 5 Jun 2024 15:25:39 -0600
Subject: [PATCH 067/346] just run pester

---
 .github/workflows/radius-module-ci.yml | 10 +---------
 1 file changed, 1 insertion(+), 9 deletions(-)

diff --git a/.github/workflows/radius-module-ci.yml b/.github/workflows/radius-module-ci.yml
index 0785cd85a..da57f70f7 100644
--- a/.github/workflows/radius-module-ci.yml
+++ b/.github/workflows/radius-module-ci.yml
@@ -142,19 +142,11 @@ jobs:
         with:
           path: "/home/runner/.local/share/powershell/Modules/"
           key: PS-Radius-Dependancies
-      - name: Test PWSH Module
+      - name: Test PWSH Radius Module
         shell: pwsh
         env:
           PESTER_APIKEY: ${{ secrets.PESTER_APIKEY }}
           PESTER_ORGID: ${{ secrets.PESTER_ORGID }}
         run: |
-          Set-Variable -Name PesterParams_ApiKey -Value "$env:PESTER_APIKEY" -Scope Global
-
-          # Import JC Module
-          Import-Module "${{github.workspace}}/scripts/automation/Radius/JumpCloud-Radius.psd1"
-
-          # Authenticate to JC Org
-          Connect-JCOnline -JumpCloudApiKey:("$env:PESTER_APIKEY") -force | Out-Null
-
           # Invoke Pester
           . "./scripts/automation/Radius/Tests/Invoke-Pester.ps1" -JumpCloudApiKey "$env:PESTER_APIKEY"

From 74f8297877e6d65e5a3ef4b9d9db52365e994914 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 5 Jun 2024 15:32:05 -0600
Subject: [PATCH 068/346] radius org setup

---
 .../Radius/Tests/SetupRadiusOrg.ps1           | 54 ++++++++++++++++++-
 1 file changed, 53 insertions(+), 1 deletion(-)

diff --git a/scripts/automation/Radius/Tests/SetupRadiusOrg.ps1 b/scripts/automation/Radius/Tests/SetupRadiusOrg.ps1
index 2e095d0bd..d5362b79b 100644
--- a/scripts/automation/Radius/Tests/SetupRadiusOrg.ps1
+++ b/scripts/automation/Radius/Tests/SetupRadiusOrg.ps1
@@ -1,5 +1,57 @@
 # import helper functions:
-. "$PSScriptRoot/../../../../PowerShell/JumpCloud Module/Tests/HelperFunctions.ps1"
+Function New-RandomUser  () {
+    [CmdletBinding(DefaultParameterSetName = 'NoAttributes')]
+    param
+    (
+        [Parameter(Mandatory, Position = 0)]
+        [String]
+        $Domain,
+
+        [Parameter(ParameterSetName = 'Attributes')] ##Test this to see if this can be modified.
+        [switch]
+        $Attributes
+
+    )
+
+    if (($PSCmdlet.ParameterSetName -eq 'NoAttributes')) {
+        $username = -join ((65..90) + (97..122) | Get-Random -Count 8 | ForEach-Object { [char]$_ })
+        $email = $username + "@$Domain.com"
+
+        $RandomUser = [ordered]@{
+            FirstName = 'Pester'
+            LastName  = 'Test'
+            Username  = $username
+            Email     = $email
+            Password  = 'Temp123!'
+        }
+
+        $NewRandomUser = New-Object PSObject -Property $RandomUser
+    }
+
+    if (($PSCmdlet.ParameterSetName -eq 'Attributes')) {
+        $username = -join ((65..90) + (97..122) | Get-Random -Count 8 | ForEach-Object { [char]$_ })
+        $email = $username + "@$Domain.com"
+
+        $RandomUser = [ordered]@{
+            FirstName                = 'Pester'
+            LastName                 = 'Test'
+            Username                 = $username
+            Email                    = $email
+            Password                 = 'Temp123!'
+            NumberOfCustomAttributes = 3
+            Attribute1_name          = 'Department'
+            Attribute1_value         = 'Sales'
+            Attribute2_name          = 'Office'
+            Attribute2_value         = '456789'
+            Attribute3_name          = 'Lang'
+            Attribute3_value         = 'French'
+        }
+        $NewRandomUser = New-Object PSObject -Property $RandomUser
+    }
+
+
+    return $NewRandomUser
+}
 # beforeAll, remove PesterRadiusGroup + users
 Write-Warning "Removing Pester Radius User Groups with name: PesterRadiusGroup*"
 $pesterRadiusGroups = Get-JcSdkUserGroup -filter "name:search:PesterRadiusGroup"

From d3e3fe012f59bb657199499aa41fabb10c13e53d Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 5 Jun 2024 15:36:10 -0600
Subject: [PATCH 069/346] config path

---
 scripts/automation/Radius/Tests/SetupRadiusOrg.ps1 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/automation/Radius/Tests/SetupRadiusOrg.ps1 b/scripts/automation/Radius/Tests/SetupRadiusOrg.ps1
index d5362b79b..a563bacf2 100644
--- a/scripts/automation/Radius/Tests/SetupRadiusOrg.ps1
+++ b/scripts/automation/Radius/Tests/SetupRadiusOrg.ps1
@@ -95,7 +95,7 @@ Set-JcSdkUserGroupMember -GroupId $radiusUserGroup.Id -Id $bothUser.id -Op "add"
 # update config:
 Write-Warning "Updating Config File"
 
-$configPath = "$PSScriptRoot/../config.ps1"
+$configPath = Resolve-Path -Path "$PSScriptRoot/../Config.ps1"
 $configContent = Get-Content -path $configPath
 # Update the userGroupID:
 $configContent -replace ('\$Global:JCR_USER_GROUP = *.+', "`$Global:JCR_USER_GROUP = `"$($radiusUserGroup.id)`"") | Set-Content -Path $configPath

From 254cd031310202a56d263b985d59e18708e532a5 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 5 Jun 2024 15:44:06 -0600
Subject: [PATCH 070/346] gci debugging

---
 .github/workflows/radius-module-ci.yml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/.github/workflows/radius-module-ci.yml b/.github/workflows/radius-module-ci.yml
index da57f70f7..efd9ab8c2 100644
--- a/.github/workflows/radius-module-ci.yml
+++ b/.github/workflows/radius-module-ci.yml
@@ -148,5 +148,14 @@ jobs:
           PESTER_APIKEY: ${{ secrets.PESTER_APIKEY }}
           PESTER_ORGID: ${{ secrets.PESTER_ORGID }}
         run: |
+          $items = get-childItem -path "./scripts/automation/Radius/"
+          foreach ($item in $items){
+            write-host "$(item.FullName)"
+          }
           # Invoke Pester
           . "./scripts/automation/Radius/Tests/Invoke-Pester.ps1" -JumpCloudApiKey "$env:PESTER_APIKEY"
+
+
+
+          /home/runner/work/support/support/scripts/automation/Radius/
+          /home/runner/work/support/support/scripts/automation/Radius/config.ps1

From b71cca380da2f4ec5f859f2b3385b9754ad3a78f Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 5 Jun 2024 15:46:06 -0600
Subject: [PATCH 071/346] item.fullname

---
 .github/workflows/radius-module-ci.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/radius-module-ci.yml b/.github/workflows/radius-module-ci.yml
index efd9ab8c2..83737f106 100644
--- a/.github/workflows/radius-module-ci.yml
+++ b/.github/workflows/radius-module-ci.yml
@@ -150,7 +150,7 @@ jobs:
         run: |
           $items = get-childItem -path "./scripts/automation/Radius/"
           foreach ($item in $items){
-            write-host "$(item.FullName)"
+            write-host "$($item.FullName)"
           }
           # Invoke Pester
           . "./scripts/automation/Radius/Tests/Invoke-Pester.ps1" -JumpCloudApiKey "$env:PESTER_APIKEY"

From 156ad0e895c7a84cecaaead07194a579804ed8de Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 5 Jun 2024 15:53:04 -0600
Subject: [PATCH 072/346] config.ps1 casing

---
 .../Private/CertGeneration/Generate-UserCert.ps1          | 2 +-
 .../Radius/Functions/Public/Start-GenerateRootCert.ps1    | 2 +-
 scripts/automation/Radius/JumpCloud-Radius.psm1           | 2 +-
 scripts/automation/Radius/Start-RadiusDeployment.ps1      | 2 +-
 .../Radius/Tests/ModuleValidation/ModuleVersion.Tests.ps1 | 4 ++--
 .../Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1   | 8 ++++----
 .../Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1 | 2 +-
 scripts/automation/Radius/Tests/SetupRadiusOrg.ps1        | 1 +
 8 files changed, 12 insertions(+), 11 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Private/CertGeneration/Generate-UserCert.ps1 b/scripts/automation/Radius/Functions/Private/CertGeneration/Generate-UserCert.ps1
index 3b60ed2f2..cf53c2128 100644
--- a/scripts/automation/Radius/Functions/Private/CertGeneration/Generate-UserCert.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertGeneration/Generate-UserCert.ps1
@@ -21,7 +21,7 @@ function Generate-UserCert {
         $user
     )
     begin {
-        . "$JCScriptRoot/config.ps1"
+        . "$JCScriptRoot/Config.ps1"
         if (-Not (Test-Path -Path $rootCAKey)) {
             Throw "RootCAKey could not be found in project directory, have you run Generate-Cert.ps1?"
             exit 1
diff --git a/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1 b/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1
index 6922dc4db..a3f82145a 100644
--- a/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1
+++ b/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1
@@ -13,7 +13,7 @@ Function Start-GenerateRootCert {
     . "$JCScriptRoot/Config.ps1"
 
     if ( ([System.String]::IsNullOrEmpty($JCORGID)) -Or ($JCORGID.Length -ne 24) ) {
-        throw "OrganizationID not specified, please update config.ps1"
+        throw "OrganizationID not specified, please update Config.ps1"
     }
 
     ################################################################################
diff --git a/scripts/automation/Radius/JumpCloud-Radius.psm1 b/scripts/automation/Radius/JumpCloud-Radius.psm1
index c07650b89..e56b25522 100644
--- a/scripts/automation/Radius/JumpCloud-Radius.psm1
+++ b/scripts/automation/Radius/JumpCloud-Radius.psm1
@@ -24,7 +24,7 @@ Foreach ($Import in $Public) {
 $global:JCScriptRoot = "$PSScriptRoot"
 
 # import config:
-. "$JCScriptRoot/config.ps1"
+. "$JCScriptRoot/Config.ps1"
 # try to get the settings file, create new one if it does not exist:
 $global:JCRConfig = Get-JCRSettingsFile
 
diff --git a/scripts/automation/Radius/Start-RadiusDeployment.ps1 b/scripts/automation/Radius/Start-RadiusDeployment.ps1
index 55b2626d1..a97cb2337 100644
--- a/scripts/automation/Radius/Start-RadiusDeployment.ps1
+++ b/scripts/automation/Radius/Start-RadiusDeployment.ps1
@@ -3,7 +3,7 @@ Write-Verbose 'Verifying JCAPI Key'
 if ($JCAPIKEY.length -ne 40) {
     Connect-JCOnline -force
 }
-. "$psscriptroot/config.ps1"
+. "$psscriptroot/Config.ps1"
 
 ################################################################################
 # Do not modify below
diff --git a/scripts/automation/Radius/Tests/ModuleValidation/ModuleVersion.Tests.ps1 b/scripts/automation/Radius/Tests/ModuleValidation/ModuleVersion.Tests.ps1
index 5ca12d530..5b3a702e9 100644
--- a/scripts/automation/Radius/Tests/ModuleValidation/ModuleVersion.Tests.ps1
+++ b/scripts/automation/Radius/Tests/ModuleValidation/ModuleVersion.Tests.ps1
@@ -1,12 +1,12 @@
 Describe "Module Version Tests" -Tag "ModuleValidation" {
 
     It "The versions across the module should match" {
-        # Get the PSD1 file and config.ps1
+        # Get the PSD1 file and Config.ps1
         $PSD1 = Test-ModuleManifest -Path "$PSScriptRoot/../../JumpCloud-Radius.psd1"
         $config = Get-Content -Path "$PSScriptRoot/../../Config.ps1" -Raw
         # get the psd1 version
         $psd1Version = $PSD1.version
-        # set regex to get psd1 version out of config.ps1
+        # set regex to get psd1 version out of Config.ps1
         $versionLineRegex = '\$UserAgent_ModuleVersion.*'
         $versionLine = ($config | Select-String -Pattern $versionLineRegex).Matches[0].Value
         $semanticVersionRegex = "(0|[1-9]\d*).(0|[1-9]\d*).(0|[1-9]\d*)"
diff --git a/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
index 37a8d7678..9a373361c 100644
--- a/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
@@ -203,7 +203,7 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
         }
         It 'EmailSAN certs are created and command generated with correct identifiers' {
             # Set config
-            $configPath = "$JCScriptRoot/config.ps1"
+            $configPath = "$JCScriptRoot/Config.ps1"
             $content = Get-Content -path $configPath
             # set the user cert validity to just 10 days
             $content -replace ('\$Global:JCR_CERT_TYPE = *.+', '$Global:JCR_CERT_TYPE = "EmailSAN"') | Set-Content -Path $configPath
@@ -237,7 +237,7 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
         }
         It 'EmailDN certs are created and command generated with correct identifiers' {
             # Set config
-            $configPath = "$JCScriptRoot/config.ps1"
+            $configPath = "$JCScriptRoot/Config.ps1"
             $content = Get-Content -path $configPath
             # set the cert type
             $content -replace ('\$Global:JCR_CERT_TYPE = *.+', '$Global:JCR_CERT_TYPE = "EmailDN"') | Set-Content -Path $configPath
@@ -267,7 +267,7 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
         }
         It 'UsernameCn certs are created and command generated with correct identifiers' {
             # Set config
-            $configPath = "$JCScriptRoot/config.ps1"
+            $configPath = "$JCScriptRoot/Config.ps1"
             $content = Get-Content -path $configPath
             # set the cert type
             $content -replace ('\$Global:JCR_CERT_TYPE = *.+', '$Global:JCR_CERT_TYPE = "UsernameCn"') | Set-Content -Path $configPath
@@ -298,7 +298,7 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
         }
         AfterAll {
             # Set config
-            $configPath = "$JCScriptRoot/config.ps1"
+            $configPath = "$JCScriptRoot/Config.ps1"
             $content = Get-Content -path $configPath
             # set the cert type
             $content -replace ('\$Global:JCR_CERT_TYPE = *.+', '$Global:JCR_CERT_TYPE = "UsernameCn"') | Set-Content -Path $configPath
diff --git a/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1
index aa61e18c0..ca17252d4 100644
--- a/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1
@@ -84,7 +84,7 @@ Describe 'Generate User Cert Tests' -Tag "GenerateUserCerts" {
             . "$JCScriptRoot/Functions/Private/CertDeployment/Get-CertInfo.ps1"
             . "$JCScriptRoot/Functions/Private/CertDeployment/Get-ExpiringCertInfo.ps1"
             # Set config
-            $configPath = "$JCScriptRoot/config.ps1"
+            $configPath = "$JCScriptRoot/Config.ps1"
             $content = Get-Content -path $configPath
             # set the user cert validity to just 10 days
             $content -replace ('\$Global:JCR_USER_CERT_VALIDITY_DAYS = *.+', '$Global:JCR_USER_CERT_VALIDITY_DAYS = 10') | Set-Content -Path $configPath
diff --git a/scripts/automation/Radius/Tests/SetupRadiusOrg.ps1 b/scripts/automation/Radius/Tests/SetupRadiusOrg.ps1
index a563bacf2..c6bc31b19 100644
--- a/scripts/automation/Radius/Tests/SetupRadiusOrg.ps1
+++ b/scripts/automation/Radius/Tests/SetupRadiusOrg.ps1
@@ -96,6 +96,7 @@ Set-JcSdkUserGroupMember -GroupId $radiusUserGroup.Id -Id $bothUser.id -Op "add"
 Write-Warning "Updating Config File"
 
 $configPath = Resolve-Path -Path "$PSScriptRoot/../Config.ps1"
+write-warning $configPath
 $configContent = Get-Content -path $configPath
 # Update the userGroupID:
 $configContent -replace ('\$Global:JCR_USER_GROUP = *.+', "`$Global:JCR_USER_GROUP = `"$($radiusUserGroup.id)`"") | Set-Content -Path $configPath

From 8bc3bcf9fbb4250da89c6dfb9473ee0ebe344421 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 5 Jun 2024 15:59:51 -0600
Subject: [PATCH 073/346] casing/ locations

---
 .github/workflows/radius-module-ci.yml        |  5 --
 .../Radius/Tests/HelperFunctions.ps1          | 53 ++++++++++++++++++
 .../Tests/Public/Get-JCRGlobalVars.Tests.ps1  |  2 +-
 .../Public/Start-DeployUserCerts.Tests.ps1    |  2 +-
 .../Radius/Tests/SetupRadiusOrg.ps1           | 54 +------------------
 5 files changed, 56 insertions(+), 60 deletions(-)
 create mode 100644 scripts/automation/Radius/Tests/HelperFunctions.ps1

diff --git a/.github/workflows/radius-module-ci.yml b/.github/workflows/radius-module-ci.yml
index 83737f106..49bf6257e 100644
--- a/.github/workflows/radius-module-ci.yml
+++ b/.github/workflows/radius-module-ci.yml
@@ -154,8 +154,3 @@ jobs:
           }
           # Invoke Pester
           . "./scripts/automation/Radius/Tests/Invoke-Pester.ps1" -JumpCloudApiKey "$env:PESTER_APIKEY"
-
-
-
-          /home/runner/work/support/support/scripts/automation/Radius/
-          /home/runner/work/support/support/scripts/automation/Radius/config.ps1
diff --git a/scripts/automation/Radius/Tests/HelperFunctions.ps1 b/scripts/automation/Radius/Tests/HelperFunctions.ps1
new file mode 100644
index 000000000..0e7eee85a
--- /dev/null
+++ b/scripts/automation/Radius/Tests/HelperFunctions.ps1
@@ -0,0 +1,53 @@
+Function New-RandomUser  () {
+    [CmdletBinding(DefaultParameterSetName = 'NoAttributes')]
+    param
+    (
+        [Parameter(Mandatory, Position = 0)]
+        [String]
+        $Domain,
+
+        [Parameter(ParameterSetName = 'Attributes')] ##Test this to see if this can be modified.
+        [switch]
+        $Attributes
+
+    )
+
+    if (($PSCmdlet.ParameterSetName -eq 'NoAttributes')) {
+        $username = -join ((65..90) + (97..122) | Get-Random -Count 8 | ForEach-Object { [char]$_ })
+        $email = $username + "@$Domain.com"
+
+        $RandomUser = [ordered]@{
+            FirstName = 'Pester'
+            LastName  = 'Test'
+            Username  = $username
+            Email     = $email
+            Password  = 'Temp123!'
+        }
+
+        $NewRandomUser = New-Object PSObject -Property $RandomUser
+    }
+
+    if (($PSCmdlet.ParameterSetName -eq 'Attributes')) {
+        $username = -join ((65..90) + (97..122) | Get-Random -Count 8 | ForEach-Object { [char]$_ })
+        $email = $username + "@$Domain.com"
+
+        $RandomUser = [ordered]@{
+            FirstName                = 'Pester'
+            LastName                 = 'Test'
+            Username                 = $username
+            Email                    = $email
+            Password                 = 'Temp123!'
+            NumberOfCustomAttributes = 3
+            Attribute1_name          = 'Department'
+            Attribute1_value         = 'Sales'
+            Attribute2_name          = 'Office'
+            Attribute2_value         = '456789'
+            Attribute3_name          = 'Lang'
+            Attribute3_value         = 'French'
+        }
+        $NewRandomUser = New-Object PSObject -Property $RandomUser
+    }
+
+
+    return $NewRandomUser
+}
\ No newline at end of file
diff --git a/scripts/automation/Radius/Tests/Public/Get-JCRGlobalVars.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Get-JCRGlobalVars.Tests.ps1
index 6d4768edc..cf032ae4d 100644
--- a/scripts/automation/Radius/Tests/Public/Get-JCRGlobalVars.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Get-JCRGlobalVars.Tests.ps1
@@ -8,7 +8,7 @@ Describe "Get Global Variable Data Tests" -Tag "Cache" {
             'userHash.json'
         )
         # explicitly import the settings file functions for these tests:
-        $Private = @( Get-ChildItem -Path "$JCScriptRoot/Functions/Private/settings/*.ps1" -Recurse)
+        $Private = @( Get-ChildItem -Path "$JCScriptRoot/Functions/Private/Settings/*.ps1" -Recurse)
         Foreach ($Import in $Private) {
             Try {
                 . $Import.FullName
diff --git a/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
index 9a373361c..559e3d509 100644
--- a/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
@@ -10,7 +10,7 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
             }
         }
         # import helper functions:
-        . "$PSScriptRoot/../../../../../PowerShell/JumpCloud Module/Tests/HelperFunctions.ps1"
+        . "$PSScriptRoot/../HelperFunctions.ps1"
         # Manually update user associations for radius members, cache won't pick them up before:
         foreach ($user in $global:JCRRadiusMembers) {
             Set-JCRAssociationHash -UserID $user.userID
diff --git a/scripts/automation/Radius/Tests/SetupRadiusOrg.ps1 b/scripts/automation/Radius/Tests/SetupRadiusOrg.ps1
index c6bc31b19..2f1ecfa2e 100644
--- a/scripts/automation/Radius/Tests/SetupRadiusOrg.ps1
+++ b/scripts/automation/Radius/Tests/SetupRadiusOrg.ps1
@@ -1,57 +1,5 @@
 # import helper functions:
-Function New-RandomUser  () {
-    [CmdletBinding(DefaultParameterSetName = 'NoAttributes')]
-    param
-    (
-        [Parameter(Mandatory, Position = 0)]
-        [String]
-        $Domain,
-
-        [Parameter(ParameterSetName = 'Attributes')] ##Test this to see if this can be modified.
-        [switch]
-        $Attributes
-
-    )
-
-    if (($PSCmdlet.ParameterSetName -eq 'NoAttributes')) {
-        $username = -join ((65..90) + (97..122) | Get-Random -Count 8 | ForEach-Object { [char]$_ })
-        $email = $username + "@$Domain.com"
-
-        $RandomUser = [ordered]@{
-            FirstName = 'Pester'
-            LastName  = 'Test'
-            Username  = $username
-            Email     = $email
-            Password  = 'Temp123!'
-        }
-
-        $NewRandomUser = New-Object PSObject -Property $RandomUser
-    }
-
-    if (($PSCmdlet.ParameterSetName -eq 'Attributes')) {
-        $username = -join ((65..90) + (97..122) | Get-Random -Count 8 | ForEach-Object { [char]$_ })
-        $email = $username + "@$Domain.com"
-
-        $RandomUser = [ordered]@{
-            FirstName                = 'Pester'
-            LastName                 = 'Test'
-            Username                 = $username
-            Email                    = $email
-            Password                 = 'Temp123!'
-            NumberOfCustomAttributes = 3
-            Attribute1_name          = 'Department'
-            Attribute1_value         = 'Sales'
-            Attribute2_name          = 'Office'
-            Attribute2_value         = '456789'
-            Attribute3_name          = 'Lang'
-            Attribute3_value         = 'French'
-        }
-        $NewRandomUser = New-Object PSObject -Property $RandomUser
-    }
-
-
-    return $NewRandomUser
-}
+. "$PSScriptRoot/HelperFunctions.ps1"
 # beforeAll, remove PesterRadiusGroup + users
 Write-Warning "Removing Pester Radius User Groups with name: PesterRadiusGroup*"
 $pesterRadiusGroups = Get-JcSdkUserGroup -filter "name:search:PesterRadiusGroup"

From 842f8f2147422ccf6121bc40266d58f0ea84c583 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Thu, 6 Jun 2024 09:21:32 -0600
Subject: [PATCH 074/346] cache v4

---
 .github/workflows/radius-module-ci.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/radius-module-ci.yml b/.github/workflows/radius-module-ci.yml
index 49bf6257e..515e6bd33 100644
--- a/.github/workflows/radius-module-ci.yml
+++ b/.github/workflows/radius-module-ci.yml
@@ -68,7 +68,7 @@ jobs:
       - uses: actions/checkout@v4
       - name: Setup PowerShell Module Cache
         id: cacher
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           path: "/home/runner/.local/share/powershell/Modules/"
           key: PS-Radius-Dependancies
@@ -117,7 +117,7 @@ jobs:
         with:
           sparse-checkout: |
             scripts
-      - uses: actions/cache@v3
+      - uses: actions/cache@v4
         with:
           path: "/home/runner/.local/share/powershell/Modules/"
           key: PS-Radius-Dependancies
@@ -138,7 +138,7 @@ jobs:
         with:
           sparse-checkout: |
             scripts
-      - uses: actions/cache@v3
+      - uses: actions/cache@v4
         with:
           path: "/home/runner/.local/share/powershell/Modules/"
           key: PS-Radius-Dependancies

From 20faf112b7ca97bababe35eb57ec32d422031670 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Thu, 6 Jun 2024 09:22:00 -0600
Subject: [PATCH 075/346] generate random cert pass

---
 .../Radius/Tests/Public/Get-JCRGlobalVars.Tests.ps1      | 9 +++++----
 scripts/automation/Radius/Tests/SetupRadiusOrg.ps1       | 3 +++
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/scripts/automation/Radius/Tests/Public/Get-JCRGlobalVars.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Get-JCRGlobalVars.Tests.ps1
index cf032ae4d..458ae5d70 100644
--- a/scripts/automation/Radius/Tests/Public/Get-JCRGlobalVars.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Get-JCRGlobalVars.Tests.ps1
@@ -108,20 +108,21 @@ Describe "Get Global Variable Data Tests" -Tag "Cache" {
                 $beforeWriteTime | should -Not -Be $afterWriteTime
             }
         }
-        It "Data should be re-written when the -Force parameter is used; regardless of setings write date" {
+        It "Data should be re-written when the -Force parameter is used; regardless of settings write date" {
             # check the files before
             $filesBefore = Get-ChildItem -Path $dataPath
             # run Get-JCRGlobalVars with force param
-            Get-JCRGlobalVars -Force
+            Start-Sleep -Seconds 2
+            Get-JCRGlobalVars -Force -associateManually
 
             # check the files after:
             $filesAfter = Get-ChildItem -Path $dataPath
             # test each file write date
             foreach ($file in $requiredFiles) {
-                # write-host "validating write times for $file"
+                write-host "validating write times for $file"
                 $beforeWriteTime = (($filesBefore | Where-Object { $_.Name -eq $file })).LastWriteTime.Ticks
                 $afterWriteTime = (($filesAfter | Where-Object { $_.Name -eq $file })).LastWriteTime.Ticks
-                # Write-Host "before: $beforeWriteTime should not be after: $afterWriteTime"
+                Write-Host "before: $beforeWriteTime should not be after: $afterWriteTime"
                 # The file write time before running Get-JCRGlobalVars should not be the same after running the function
                 $beforeWriteTime | should -Not -Be $afterWriteTime
             }
diff --git a/scripts/automation/Radius/Tests/SetupRadiusOrg.ps1 b/scripts/automation/Radius/Tests/SetupRadiusOrg.ps1
index 2f1ecfa2e..8d33e2de1 100644
--- a/scripts/automation/Radius/Tests/SetupRadiusOrg.ps1
+++ b/scripts/automation/Radius/Tests/SetupRadiusOrg.ps1
@@ -40,6 +40,9 @@ Set-JcSdkUserGroupMember -GroupId $radiusUserGroup.Id -Id $macUser.id -Op "add"
 Set-JcSdkUserGroupMember -GroupId $radiusUserGroup.Id -Id $windowsUser.id -Op "add"
 Set-JcSdkUserGroupMember -GroupId $radiusUserGroup.Id -Id $bothUser.id -Op "add"
 
+# set a rootKeyPassword
+$env:certKeyPassword = -join ((65..90) + (97..122) | Get-Random -Count 5 | % { [char]$_ })
+
 # update config:
 Write-Warning "Updating Config File"
 

From 7e3828696a870c87cc691907eadfd6fde7e737a5 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Thu, 6 Jun 2024 09:32:45 -0600
Subject: [PATCH 076/346] populate cert /user cert dir + keyPass

---
 scripts/automation/Radius/JumpCloud-Radius.psm1    | 8 ++++++++
 scripts/automation/Radius/Tests/SetupRadiusOrg.ps1 | 2 +-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/scripts/automation/Radius/JumpCloud-Radius.psm1 b/scripts/automation/Radius/JumpCloud-Radius.psm1
index e56b25522..92cafbf71 100644
--- a/scripts/automation/Radius/JumpCloud-Radius.psm1
+++ b/scripts/automation/Radius/JumpCloud-Radius.psm1
@@ -28,5 +28,13 @@ $global:JCScriptRoot = "$PSScriptRoot"
 # try to get the settings file, create new one if it does not exist:
 $global:JCRConfig = Get-JCRSettingsFile
 
+# if the Certs / UserCerts directories do not exist, create thenm
+if (-Not (Test-Path -Path "$JCScriptRoot/Cert" -PathType Container)) {
+    New-Item -Path "$JCScriptRoot/Cert" -ItemType Directory
+}
+if (-Not (Test-Path -Path "$JCScriptRoot/UserCerts" -PathType Container)) {
+    New-Item -Path "$JCScriptRoot/UserCerts" -ItemType Directory
+}
+
 # Get global variables or update if necessary
 Get-JCRGlobalVars
diff --git a/scripts/automation/Radius/Tests/SetupRadiusOrg.ps1 b/scripts/automation/Radius/Tests/SetupRadiusOrg.ps1
index 8d33e2de1..c9f5fcb29 100644
--- a/scripts/automation/Radius/Tests/SetupRadiusOrg.ps1
+++ b/scripts/automation/Radius/Tests/SetupRadiusOrg.ps1
@@ -41,7 +41,7 @@ Set-JcSdkUserGroupMember -GroupId $radiusUserGroup.Id -Id $windowsUser.id -Op "a
 Set-JcSdkUserGroupMember -GroupId $radiusUserGroup.Id -Id $bothUser.id -Op "add"
 
 # set a rootKeyPassword
-$env:certKeyPassword = -join ((65..90) + (97..122) | Get-Random -Count 5 | % { [char]$_ })
+$env:certKeyPassword = "testCertificate123!@#"
 
 # update config:
 Write-Warning "Updating Config File"

From e4bfd457c5cacce0d68e1b2130b3e5730a5a96e2 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Thu, 6 Jun 2024 10:41:16 -0600
Subject: [PATCH 077/346] same certificate pass

---
 .../Radius/Tests/Public/Start-GenerateRootCert.Tests.ps1      | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/scripts/automation/Radius/Tests/Public/Start-GenerateRootCert.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Start-GenerateRootCert.Tests.ps1
index ae6b1cb66..5c484ef7f 100644
--- a/scripts/automation/Radius/Tests/Public/Start-GenerateRootCert.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Start-GenerateRootCert.Tests.ps1
@@ -9,7 +9,7 @@ Describe "Generate Root Certificate Tests" -Tag "GenerateRootCert" {
                     Remove-Item -Path $item.FullName
                 }
             }
-            Start-GenerateRootCert -certKeyPassword "Test123"
+            Start-GenerateRootCert -certKeyPassword "testCertificate123!@#"
 
             # both the key and the cert should be generated
             $itemsAfter = Get-ChildItem $JCScriptRoot/Cert
@@ -32,7 +32,7 @@ Describe "Generate Root Certificate Tests" -Tag "GenerateRootCert" {
             # get existing cert serial:
             $origSN = Invoke-Expression "$JCR_OPENSSL x509 -noout -in $JCScriptRoot/Cert/radius_ca_cert.pem -serial"
             # force generate new CA
-            Start-GenerateRootCert -certKeyPassword "newTest1234"
+            Start-GenerateRootCert -certKeyPassword "testCertificate123!@#"
             # get new SN
             $newSN = Invoke-Expression "$JCR_OPENSSL x509 -noout -in $JCScriptRoot/Cert/radius_ca_cert.pem -serial"
             # the serial numbers of the cert should not be the same, i.e. a new cert has replaced the existing one

From e5fb202c02dc50d1154f5db3813602538d082038 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Thu, 6 Jun 2024 10:55:49 -0600
Subject: [PATCH 078/346] generate root cert before deploy tests

---
 .../Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1         | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
index 559e3d509..dc5edd155 100644
--- a/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
@@ -16,6 +16,8 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
             Set-JCRAssociationHash -UserID $user.userID
         }
 
+        Start-GenerateRootCert -certKeyPassword "TestCertificate123!@#"
+
     }
     Context 'Distribute all certificates for all users forcibly' {
         BeforeAll {

From 344510cc9ed0543e684c00df0a78e3f979c79814 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Thu, 6 Jun 2024 11:27:37 -0600
Subject: [PATCH 079/346] tests

---
 .../Tests/Public/Get-JCRGlobalVars.Tests.ps1     |  2 +-
 .../Tests/Public/Start-DeployUserCerts.Tests.ps1 | 16 ++++++++--------
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/scripts/automation/Radius/Tests/Public/Get-JCRGlobalVars.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Get-JCRGlobalVars.Tests.ps1
index 458ae5d70..8b00d41a0 100644
--- a/scripts/automation/Radius/Tests/Public/Get-JCRGlobalVars.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Get-JCRGlobalVars.Tests.ps1
@@ -94,7 +94,7 @@ Describe "Get Global Variable Data Tests" -Tag "Cache" {
                 Write-Host "Time between 24 hrs and settings file: $($timespan.TotalHours)"
             }
             # run Get-JCRGlobalVars
-            Get-JCRGlobalVars
+            Get-JCRGlobalVars -Force -associateManually
 
             # check the files:
             $filesAfter = Get-ChildItem -Path $dataPath
diff --git a/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
index dc5edd155..0d026454d 100644
--- a/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
@@ -15,7 +15,7 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
         foreach ($user in $global:JCRRadiusMembers) {
             Set-JCRAssociationHash -UserID $user.userID
         }
-
+        Get-JCRGlobalVars -Force -associateManually
         Start-GenerateRootCert -certKeyPassword "TestCertificate123!@#"
 
     }
@@ -37,7 +37,7 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
             $userArray = Get-UserJsonData
             foreach ($user in $userArray) {
                 # cert should not be deployed
-                $user.certinfo.deployed | Should -Be $false
+                $user.certInfo.deployed | Should -Be $false
             }
             start-deployUserCerts -type All -forceInvokeCommands
             Start-Sleep 1
@@ -45,7 +45,7 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
             foreach ($user in $userArray) {
                 # cert should be deployed for users that have a system association
                 if ($user.systemAssociations) {
-                    $user.certinfo.deployed | Should -Be $true
+                    $user.certInfo.deployed | Should -Be $true
                     $user.commandAssociations | ForEach-Object {
                         $command = Get-JcSdkCommand -Id $_.commandId -Fields name
                         $command | should -Not -BeNullOrEmpty
@@ -64,7 +64,7 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
             Start-GenerateUserCerts -type ByUsername -username $user.username -forceReplaceCerts
 
             start-deployUserCerts -type ByUsername -username $user.username -forceInvokeCommands
-            $obj, $index = Get-UserFromTable -userid $user.id
+            $obj, $index = Get-UserFromTable -userId $user.id
             $obj.certInfo.generated | Should -BeGreaterThan $dateBefore
             $obj.certInfo.deployed | Should -Be $false
             $obj.commandAssociations | should -be $null
@@ -90,7 +90,7 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
             $userArray = Get-UserJsonData
             foreach ($user in $userArray) {
                 # cert should not be deployed
-                $user.certinfo.deployed | Should -Be $false
+                $user.certInfo.deployed | Should -Be $false
             }
             start-deployUserCerts -type All
             Start-Sleep 1
@@ -98,7 +98,7 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
             foreach ($user in $userArray) {
                 # cert should be deployed for users that have a system association
                 if ($user.systemAssociations) {
-                    $user.certinfo.deployed | Should -Be $true
+                    $user.certInfo.deployed | Should -Be $true
                     $user.commandAssociations | ForEach-Object {
                         $command = Get-JcSdkCommand -Id $_.commandId -Fields name
                         $command | should -Not -BeNullOrEmpty
@@ -140,7 +140,7 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
             Start-GenerateUserCerts -type ByUsername -username $user.username -forceReplaceCerts
             start-deployUserCerts -type ByUsername -username $user.username -forceInvokeCommands
 
-            $obj, $index = Get-UserFromTable -userid $user.id
+            $obj, $index = Get-UserFromTable -userId $user.id
             $obj.certInfo.generated | Should -BeGreaterThan $dateBefore
             $obj.certInfo.deployed | Should -Be $true
             $obj.commandAssociations | should -Not -BeNullOrEmpty
@@ -166,7 +166,7 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
             Start-GenerateUserCerts -type ByUsername -username $user.username -forceReplaceCerts
             start-deployUserCerts -type ByUsername -username $user.username
 
-            $obj, $index = Get-UserFromTable -userid $user.id
+            $obj, $index = Get-UserFromTable -userId $user.id
             $obj.certInfo.generated | Should -BeGreaterThan $dateBefore
             $obj.certInfo.deployed | Should -Be $false
             $obj.commandAssociations | should -Not -BeNullOrEmpty

From 685e7d5e808745977df18b8496bc98c4cc65c2c4 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Tue, 11 Jun 2024 16:09:41 -0600
Subject: [PATCH 080/346] tests missing force invoke + moduleValidation exclude

---
 .github/workflows/radius-module-ci.yml                          | 2 +-
 .../Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1         | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/radius-module-ci.yml b/.github/workflows/radius-module-ci.yml
index 515e6bd33..b04706ea0 100644
--- a/.github/workflows/radius-module-ci.yml
+++ b/.github/workflows/radius-module-ci.yml
@@ -153,4 +153,4 @@ jobs:
             write-host "$($item.FullName)"
           }
           # Invoke Pester
-          . "./scripts/automation/Radius/Tests/Invoke-Pester.ps1" -JumpCloudApiKey "$env:PESTER_APIKEY"
+          . "./scripts/automation/Radius/Tests/Invoke-Pester.ps1" -JumpCloudApiKey "$env:PESTER_APIKEY" -ExcludeTagList "ModuleValidation"
diff --git a/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
index 0d026454d..a390365a0 100644
--- a/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
@@ -92,7 +92,7 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
                 # cert should not be deployed
                 $user.certInfo.deployed | Should -Be $false
             }
-            start-deployUserCerts -type All
+            start-deployUserCerts -type All -forceInvokeCommands
             Start-Sleep 1
             $userArray = Get-UserJsonData
             foreach ($user in $userArray) {

From 66f4170a95f587423b57924645b4dff997ed4ca8 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 12 Jun 2024 08:30:21 -0600
Subject: [PATCH 081/346] macos-latest

---
 .github/workflows/radius-module-ci.yml             | 12 ++++++------
 scripts/automation/Radius/Tests/SetupRadiusOrg.ps1 |  8 +++++++-
 2 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/radius-module-ci.yml b/.github/workflows/radius-module-ci.yml
index b04706ea0..7c1f4ab1b 100644
--- a/.github/workflows/radius-module-ci.yml
+++ b/.github/workflows/radius-module-ci.yml
@@ -13,13 +13,13 @@ concurrency:
   cancel-in-progress: true
 jobs:
   Filter-Branch:
-    runs-on: ubuntu-latest
+    runs-on: macos-latest
     if: contains(github.event.pull_request.labels.*.name, 'Radius Module')
     steps:
       - run: echo "Building JumpCloud Radius Module Event 'JumpCloudModule_'"
   Check-PR-Labels:
     needs: ["Filter-Branch"]
-    runs-on: ubuntu-latest
+    runs-on: macos-latest
     outputs:
       RELEASE_TYPE: ${{ steps.validate.outputs.RELEASE_TYPE }}
     steps:
@@ -52,7 +52,7 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
   Validate-Env-Variables:
     needs: ["Filter-Branch", "Check-PR-Labels"]
-    runs-on: ubuntu-latest
+    runs-on: macos-latest
     steps:
       - env:
           RELEASE_TYPE: ${{ needs.Check-PR-Labels.outputs.RELEASE_TYPE }}
@@ -62,7 +62,7 @@ jobs:
           $env:RELEASE_TYPE |  Should -BeIn @('major','minor','patch','manual')
   Setup-Build-Dependancies:
     needs: ["Filter-Branch", "Check-PR-Labels", "Validate-Env-Variables"]
-    runs-on: ubuntu-latest
+    runs-on: macos-latest
     timeout-minutes: 10
     steps:
       - uses: actions/checkout@v4
@@ -110,7 +110,7 @@ jobs:
 
   Validate-Module:
     needs: ["Setup-Build-Dependancies", "Check-PR-Labels"]
-    runs-on: ubuntu-latest
+    runs-on: macos-latest
     timeout-minutes: 10
     steps:
       - uses: actions/checkout@v4
@@ -128,7 +128,7 @@ jobs:
           . "./scripts/automation/Radius/Tests/Invoke-Pester.ps1" -ModuleValidation
   Test-Module:
     needs: ["Setup-Build-Dependancies", "Check-PR-Labels", "Validate-Module"]
-    runs-on: ubuntu-latest
+    runs-on: macos-latest
     timeout-minutes: 75
     strategy:
       fail-fast: false
diff --git a/scripts/automation/Radius/Tests/SetupRadiusOrg.ps1 b/scripts/automation/Radius/Tests/SetupRadiusOrg.ps1
index c9f5fcb29..a5720e30c 100644
--- a/scripts/automation/Radius/Tests/SetupRadiusOrg.ps1
+++ b/scripts/automation/Radius/Tests/SetupRadiusOrg.ps1
@@ -55,8 +55,14 @@ $configContent -replace ('\$Global:JCR_USER_GROUP = *.+', "`$Global:JCR_USER_GRO
 if ($IsMacOS) {
     $brewList = brew list openssl@3
     if (-Not ($brewList)) {
-        throw "OpenSSL v3 is not installed on this system"
+        Write-Warning "OpenSSL v3 is not installed on this system. Attempting to install..."
+        try {
+            brew install openssl@3
+        } catch {
+            Write-Host could not install openssl
+        }
     }
+
     $brewListBinary = $brewList | Where-Object { $_ -match "/bin/openssl" }
     $regmatch = $brewListBinary | Select-String -pattern "\/([0-9].[0-9].[0-9])\/"
     $opensslVersion = $regmatch.matches.groups[1].value

From 0bb8419fb2a3e7a1324a2a5fea9c7ee1798f3723 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 12 Jun 2024 08:31:54 -0600
Subject: [PATCH 082/346] filter using ubuntu runners

---
 .github/workflows/radius-module-ci.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/radius-module-ci.yml b/.github/workflows/radius-module-ci.yml
index 7c1f4ab1b..39d2807b3 100644
--- a/.github/workflows/radius-module-ci.yml
+++ b/.github/workflows/radius-module-ci.yml
@@ -13,13 +13,13 @@ concurrency:
   cancel-in-progress: true
 jobs:
   Filter-Branch:
-    runs-on: macos-latest
+    runs-on: ubuntu-latest
     if: contains(github.event.pull_request.labels.*.name, 'Radius Module')
     steps:
       - run: echo "Building JumpCloud Radius Module Event 'JumpCloudModule_'"
   Check-PR-Labels:
     needs: ["Filter-Branch"]
-    runs-on: macos-latest
+    runs-on: ubuntu-latest
     outputs:
       RELEASE_TYPE: ${{ steps.validate.outputs.RELEASE_TYPE }}
     steps:
@@ -52,7 +52,7 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
   Validate-Env-Variables:
     needs: ["Filter-Branch", "Check-PR-Labels"]
-    runs-on: macos-latest
+    runs-on: ubuntu-latest
     steps:
       - env:
           RELEASE_TYPE: ${{ needs.Check-PR-Labels.outputs.RELEASE_TYPE }}

From 6cb615afd47b3ee605f99ffc2ad15730dd79e25d Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 12 Jun 2024 08:40:18 -0600
Subject: [PATCH 083/346] module location

---
 .github/workflows/radius-module-ci.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/radius-module-ci.yml b/.github/workflows/radius-module-ci.yml
index 39d2807b3..dd91bee22 100644
--- a/.github/workflows/radius-module-ci.yml
+++ b/.github/workflows/radius-module-ci.yml
@@ -70,7 +70,7 @@ jobs:
         id: cacher
         uses: actions/cache@v4
         with:
-          path: "/home/runner/.local/share/powershell/Modules/"
+          path: "/Users/runner/.local/share/powershell/Modules:/usr/local/share/powershell/Modules:/usr/local/microsoft/powershell/7/Modules"
           key: PS-Radius-Dependancies
       - name: Install dependencies
         if: steps.cacher.outputs.cache-hit != 'true'
@@ -119,7 +119,7 @@ jobs:
             scripts
       - uses: actions/cache@v4
         with:
-          path: "/home/runner/.local/share/powershell/Modules/"
+          path: "/Users/runner/.local/share/powershell/Modules:/usr/local/share/powershell/Modules:/usr/local/microsoft/powershell/7/Modules"
           key: PS-Radius-Dependancies
       - env:
           RELEASE_TYPE: ${{ needs.Check-PR-Labels.outputs.RELEASE_TYPE }}
@@ -140,7 +140,7 @@ jobs:
             scripts
       - uses: actions/cache@v4
         with:
-          path: "/home/runner/.local/share/powershell/Modules/"
+          path: "/Users/runner/.local/share/powershell/Modules:/usr/local/share/powershell/Modules:/usr/local/microsoft/powershell/7/Modules"
           key: PS-Radius-Dependancies
       - name: Test PWSH Radius Module
         shell: pwsh

From 840a50f25760cb67377fe227d0388ae88bdb0022 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 12 Jun 2024 09:25:53 -0600
Subject: [PATCH 084/346] cache + env

---
 .github/workflows/radius-module-ci.yml | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/radius-module-ci.yml b/.github/workflows/radius-module-ci.yml
index dd91bee22..c46c58529 100644
--- a/.github/workflows/radius-module-ci.yml
+++ b/.github/workflows/radius-module-ci.yml
@@ -70,7 +70,7 @@ jobs:
         id: cacher
         uses: actions/cache@v4
         with:
-          path: "/Users/runner/.local/share/powershell/Modules:/usr/local/share/powershell/Modules:/usr/local/microsoft/powershell/7/Modules"
+          path: "/Users/runner/.local/share/powershell/Modules/"
           key: PS-Radius-Dependancies
       - name: Install dependencies
         if: steps.cacher.outputs.cache-hit != 'true'
@@ -119,7 +119,7 @@ jobs:
             scripts
       - uses: actions/cache@v4
         with:
-          path: "/Users/runner/.local/share/powershell/Modules:/usr/local/share/powershell/Modules:/usr/local/microsoft/powershell/7/Modules"
+          path: "/Users/runner/.local/share/powershell/Modules/"
           key: PS-Radius-Dependancies
       - env:
           RELEASE_TYPE: ${{ needs.Check-PR-Labels.outputs.RELEASE_TYPE }}
@@ -129,6 +129,7 @@ jobs:
   Test-Module:
     needs: ["Setup-Build-Dependancies", "Check-PR-Labels", "Validate-Module"]
     runs-on: macos-latest
+    environment: Configure Test Radius CI
     timeout-minutes: 75
     strategy:
       fail-fast: false
@@ -140,13 +141,13 @@ jobs:
             scripts
       - uses: actions/cache@v4
         with:
-          path: "/Users/runner/.local/share/powershell/Modules:/usr/local/share/powershell/Modules:/usr/local/microsoft/powershell/7/Modules"
+          path: "/Users/runner/.local/share/powershell/Modules/"
           key: PS-Radius-Dependancies
       - name: Test PWSH Radius Module
         shell: pwsh
         env:
-          PESTER_APIKEY: ${{ secrets.PESTER_APIKEY }}
-          PESTER_ORGID: ${{ secrets.PESTER_ORGID }}
+          PESTER_APIKEY: ${{ secrets.RADIUSAPIKEY }}
+          PESTER_ORGID: ${{ secrets.RADIUSORGID }}
         run: |
           $items = get-childItem -path "./scripts/automation/Radius/"
           foreach ($item in $items){

From 3fe4592b9bf884a900e7b71704919078b48b9870 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 12 Jun 2024 09:31:11 -0600
Subject: [PATCH 085/346] cache + correct env

---
 .github/workflows/radius-module-ci.yml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/.github/workflows/radius-module-ci.yml b/.github/workflows/radius-module-ci.yml
index c46c58529..0a4c587d7 100644
--- a/.github/workflows/radius-module-ci.yml
+++ b/.github/workflows/radius-module-ci.yml
@@ -88,7 +88,6 @@ jobs:
 
           $PSDependencies = @{
               'PowerShellGet'                         = @{Repository = 'PSGallery'; RequiredVersion = '3.0.12-beta' }
-              'PackageManagement'                     = @{Repository = 'PSGallery'; RequiredVersion = '1.4.8.1' }
               'PSScriptAnalyzer'                      = @{Repository = 'PSGallery'; RequiredVersion = '1.19.1' }
               'PlatyPS'                               = @{Repository = 'PSGallery'; RequiredVersion = '0.14.2' }
               'JumpCloud'                             = @{Repository = 'PSGallery'; RequiredVersion = 'latest'}
@@ -129,7 +128,7 @@ jobs:
   Test-Module:
     needs: ["Setup-Build-Dependancies", "Check-PR-Labels", "Validate-Module"]
     runs-on: macos-latest
-    environment: Configure Test Radius CI
+    environment: Test Radius CI
     timeout-minutes: 75
     strategy:
       fail-fast: false

From 5ca60858970f4b74cd4fa14c4a7c7c5df546abf9 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 12 Jun 2024 10:03:09 -0600
Subject: [PATCH 086/346] generate root cert before user cert tests

---
 .../Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1        | 1 +
 1 file changed, 1 insertion(+)

diff --git a/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1
index ca17252d4..15564675c 100644
--- a/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1
@@ -9,6 +9,7 @@ Describe 'Generate User Cert Tests' -Tag "GenerateUserCerts" {
                 Write-Error -Message "Failed to import function $($Import.FullName): $_"
             }
         }
+        Start-GenerateRootCert -certKeyPassword "testCertificate123!@#"
     }
     Context 'Certs forcibly re-generated for all users' {
         It 'Certs re-generated have actually been re-written for all users' {

From 9f9ad2fb004e4ceffc52d948f790a5c328e253a0 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 12 Jun 2024 11:17:51 -0600
Subject: [PATCH 087/346] print debug

---
 .../Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1   | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
index a390365a0..c8a2d5081 100644
--- a/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
@@ -55,11 +55,19 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
         }
         it 'users without system associations should not have a deployed cert, even if the force option is specified' {
             $user = New-RandomUser -Domain "pesterRadius" | New-JCUser
+            Write-Warning "$($user.username) created with id: $($user.id))"
             $dateBefore = (Get-Date).ToString('MM/dd/yyyy HH:mm:ss')
 
+            Write-Warning "Add $($user.username) to radius Group with id: $($Global:JCR_USER_GROUP)"
             Add-JCUserGroupMember -GroupID $Global:JCR_USER_GROUP -UserID $user.id
+            $userMembers = Get-jcusergroupmember -byid $Global:JCR_USER_GROUP
+
+            foreach ($member in $userMembers) {
+                Write-Warning "$($member.username) is in the $($member.GroupName) Group"
+            }
 
             # update membership
+            Start-Sleep 1
             Get-JCRGlobalVars -skipAssociation -force
             Start-GenerateUserCerts -type ByUsername -username $user.username -forceReplaceCerts
 

From 7c1a43b90bd213e55678b1c48c87fd799419a509 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Fri, 14 Jun 2024 13:20:22 -0600
Subject: [PATCH 088/346] update readme

---
 scripts/automation/Radius/readme.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/scripts/automation/Radius/readme.md b/scripts/automation/Radius/readme.md
index 4e000e357..1f0ba5852 100644
--- a/scripts/automation/Radius/readme.md
+++ b/scripts/automation/Radius/readme.md
@@ -11,7 +11,7 @@ This automation has been tested with OpenSSL 3.1.1. OpenSSL 3.x.x is required to
 - OpenSSL 3.x.x (Tested with 3.1.1) (see macOS/ Windows requirements below)
 - [JumpCloud PowerShell Module](https://www.powershellgallery.com/packages/JumpCloud)
 - Certificate Authority (CA) (either from a vendor or self-generated)
-- Variables in `config.ps1` updated
+- Variables in `Config.ps1` updated
   - JumpCloud API Key Set (Read/ Write Access Required)
   - JumpCloud ORG ID Set
   - JumpCloud User Group containing users and assigned to a Radius Server
@@ -65,7 +65,7 @@ At the time of this writing JumpCloud Module 2.1.3 was the latest version. Pleas
 
 ### Set the Radius Config File
 
-Before Running the `Start-RadiusDeployment.ps1` script, the environment variables for your JumpCloud Organization must first be set. Open the `config.ps1` file with a text editor.
+Before Running the `Start-RadiusDeployment.ps1` script, the environment variables for your JumpCloud Organization must first be set. Open the `Config.ps1` file with a text editor.
 
 #### Set Your User Group ID
 

From e8da25944796e5f5bbdbab4414d7d93fe6bdaa68 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Fri, 14 Jun 2024 15:16:27 -0600
Subject: [PATCH 089/346] command should not be invoked test

---
 .../Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1       | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
index c8a2d5081..4072cce96 100644
--- a/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
@@ -100,13 +100,13 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
                 # cert should not be deployed
                 $user.certInfo.deployed | Should -Be $false
             }
-            start-deployUserCerts -type All -forceInvokeCommands
+            start-deployUserCerts -type All
             Start-Sleep 1
             $userArray = Get-UserJsonData
             foreach ($user in $userArray) {
                 # cert should be deployed for users that have a system association
                 if ($user.systemAssociations) {
-                    $user.certInfo.deployed | Should -Be $true
+                    $user.certInfo.deployed | Should -Be $false
                     $user.commandAssociations | ForEach-Object {
                         $command = Get-JcSdkCommand -Id $_.commandId -Fields name
                         $command | should -Not -BeNullOrEmpty

From 029425c295ca37f832b29c131152e0279747c64f Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Fri, 14 Jun 2024 15:28:44 -0600
Subject: [PATCH 090/346] test on pester org

---
 .github/workflows/radius-module-ci.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/radius-module-ci.yml b/.github/workflows/radius-module-ci.yml
index 0a4c587d7..68b5f753c 100644
--- a/.github/workflows/radius-module-ci.yml
+++ b/.github/workflows/radius-module-ci.yml
@@ -128,7 +128,7 @@ jobs:
   Test-Module:
     needs: ["Setup-Build-Dependancies", "Check-PR-Labels", "Validate-Module"]
     runs-on: macos-latest
-    environment: Test Radius CI
+    # environment: Test Radius CI
     timeout-minutes: 75
     strategy:
       fail-fast: false
@@ -145,8 +145,8 @@ jobs:
       - name: Test PWSH Radius Module
         shell: pwsh
         env:
-          PESTER_APIKEY: ${{ secrets.RADIUSAPIKEY }}
-          PESTER_ORGID: ${{ secrets.RADIUSORGID }}
+          PESTER_APIKEY: ${{ secrets.PESTER_APIKEY }}
+          PESTER_ORGID: ${{ secrets.PESTER_ORGID }}
         run: |
           $items = get-childItem -path "./scripts/automation/Radius/"
           foreach ($item in $items){

From 9b76e9d151ef8621bcec178f5d19e505166777ca Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Fri, 14 Jun 2024 15:28:53 -0600
Subject: [PATCH 091/346] update tests

---
 .../Public/Start-GenerateUserCerts.Tests.ps1  | 20 +++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1
index 15564675c..7c2884a3d 100644
--- a/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1
@@ -36,22 +36,19 @@ Describe 'Generate User Cert Tests' -Tag "GenerateUserCerts" {
     }
     Context 'Certs generated for newly added users' {
         BeforeAll {
-            $user = New-RandomUser -Domain "pesterRadius" | New-JCUser
-            Add-JCUserGroupMember -GroupID $Global:JCR_USER_GROUP -UserID $user.id
-            $certs = Get-ChildItem -Path "$JCScriptRoot/UserCerts" -filter "$($user.username)*"
-            # if user cert exists, for random user, remove:
-            foreach ($cert in $certs) {
-                remove-item $cert.Fullname
-            }
 
         }
         It 'When a new user is added to the radius group, the tool will generate a new cert' {
+            # create a new user
+            $user = New-RandomUser -Domain "pesterRadius" | New-JCUser
+            # add a user to the radius Group
+            Add-JCUserGroupMember -GroupID $Global:JCR_USER_GROUP -UserID $user.id
             # Get the certs before
             $certsBefore = Get-ChildItem -Path "$JCScriptRoot/UserCerts"
-            # add the new user to the radius group
-            Add-JCUserGroupMember -GroupID $Global:JCR_USER_GROUP -UserID $user.id
+            # wait one moment
+            Start-Sleep 2
             # update the cache
-            Get-JCRGlobalVars -force -skipAssociation
+            Get-JCRGlobalVars -force -skipAssociation -associateManually
             # wait just one moment before testing membership since we are writing a file
             Start-Sleep 1
             # the new user should be in the membership list:
@@ -90,6 +87,9 @@ Describe 'Generate User Cert Tests' -Tag "GenerateUserCerts" {
             # set the user cert validity to just 10 days
             $content -replace ('\$Global:JCR_USER_CERT_VALIDITY_DAYS = *.+', '$Global:JCR_USER_CERT_VALIDITY_DAYS = 10') | Set-Content -Path $configPath
 
+            # update cache
+            Get-JCRGlobalVars -force -skipAssociation
+
             # get user from membership list
             $RandomUsername = $global:JCRRadiusMembers.username | Get-Random -count 1
 

From 099d9705af443e0fce967bba39fa7351e7823a86 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 24 Jul 2024 13:21:57 -0600
Subject: [PATCH 092/346] do not skip associations

---
 .../automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1 b/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
index 6b8577f8d..343624253 100644
--- a/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
+++ b/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
@@ -52,7 +52,7 @@ function Get-JCRGlobalVars {
                     $setAssociations = $true
                 }
                 $false {
-                    $updateAssociation = $false
+                    $updateAssociation = $true
                     $setAssociations = $false
                 }
             }

From 09f77a93ac93b121f5c93ce005aef1206584861f Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 24 Jul 2024 13:53:37 -0600
Subject: [PATCH 093/346] associate manually menu / cache support

---
 .../Functions/Public/Get-JCRGlobalVars.ps1    | 33 ++++++++++++++++++-
 .../Radius/Start-RadiusDeployment.ps1         |  5 +++
 2 files changed, 37 insertions(+), 1 deletion(-)

diff --git a/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1 b/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
index 343624253..365dc32a0 100644
--- a/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
+++ b/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
@@ -9,7 +9,10 @@ function Get-JCRGlobalVars {
         $skipAssociation,
         [Parameter(HelpMessage = "Updates the system to user association cache manually using the graph api")]
         [switch]
-        $associateManually
+        $associateManually,
+        [Parameter(HelpMessage = "Updates just a single user's associations manually using the graph api")]
+        [System.String]
+        $associationUsername
     )
     begin {
         # ensure the data directory exists to cache the json files:
@@ -193,6 +196,34 @@ function Get-JCRGlobalVars {
                     # write out the association hash
                     $userAssociationList | ConvertTo-Json -Depth 10 |  Out-File "$JCScriptRoot/data/associationHash.json"
                 }
+                if ($associationUsername) {
+                    $userAssociationList = Get-Content -Raw -Path "$JCScriptRoot/data/associationHash.json" | ConvertFrom-Json -Depth 6 -AsHashtable
+                    $matchedUser = $radiusMemberList | Where-Object { $_.username -eq $associationUsername }
+                    if (-Not $matchedUser) {
+                        Write-Warning "user not found"
+                    } else {
+                        $userSystemMembership = Get-JcSdkUserTraverseSystem -UserId $matchedUser.userID
+                        if ($userSystemMembership) {
+                            # check if the user exists
+                            if ($userAssociationList[$matchedUser.userID]) {
+                                $userAssociationList[$matchedUser.userID].'systemAssociations' = @($userSystemMembership | Select-Object -Property @{Name = 'systemId'; Expression = { $_.id } }, @{Name = 'hostname'; Expression = { $systems[$_.id].hostname } }, @{Name = 'osFamily'; Expression = {
+                                            $osFamilyValue = $systems[$_.id].osFamily
+                                            if ($osFamilyValue -eq 'darwin') {
+                                                "macOS"
+                                            } elseif ($osFamilyValue -eq 'Windows') {
+                                                "Windows"
+                                            } else {
+                                                $osFamilyValue
+                                            }
+                                        }
+                                    });
+                            }
+                        }
+                        #
+                    }
+                    # write out the association hash
+                    $userAssociationList | ConvertTo-Json -Depth 10 |  Out-File "$JCScriptRoot/data/associationHash.json"
+                }
                 # finally write out the data to file:
                 $users | ConvertTo-Json -Depth 100 -Compress |  Out-File "$JCScriptRoot/data/userHash.json"
                 $systems | ConvertTo-Json -Depth 10 |  Out-File "$JCScriptRoot/data/systemHash.json"
diff --git a/scripts/automation/Radius/Start-RadiusDeployment.ps1 b/scripts/automation/Radius/Start-RadiusDeployment.ps1
index a97cb2337..8dbf16002 100644
--- a/scripts/automation/Radius/Start-RadiusDeployment.ps1
+++ b/scripts/automation/Radius/Start-RadiusDeployment.ps1
@@ -31,6 +31,11 @@ do {
             Start-MonitorCertDeployment
         } '5' {
             Get-JCRGlobalVars -force
+        } '8' {
+            Get-JCRGlobalVars -force -associateManually
+        } '9' {
+            $theUser = Read-Host "Enter the username of the user to manually update their association data"
+            Get-JCRGlobalVars -force -associationUsername $theUser
         }
     }
     Pause

From 9a801f0a15323409fff27240b0dcc00aff7c2a63 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 21 Aug 2024 15:46:26 -0600
Subject: [PATCH 094/346] validate certInfo object before generating
 certificate

---
 .../CertDeployment/Deploy-UserCertificate.ps1 | 23 +++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1 b/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
index 94affe7d3..90b0f8b69 100644
--- a/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
@@ -65,6 +65,29 @@ function Deploy-UserCertificate {
             $userPfxZip = "$JCScriptRoot/UserCerts/$($user.userName)-client-signed.zip"
             # get certInfo for commands:
             $certInfo = Get-CertInfo -UserCerts -username $user.username
+
+            # validate the certIfo required for installing commands:
+            If (-Not $certInfo) {
+                Write-host "$($user.username) did not have a certificate generated"
+                $status_commandGenerated = $false
+                $result_deployed = $false
+                continue
+            } else {
+                # explicitly validate that the serial number
+                if (-Not $certInfo.subject) {
+                    Write-host "$($user.username) has a certificate file but no subject was found"
+                    $status_commandGenerated = $false
+                    $result_deployed = $false
+                    continue
+                }
+                if (-Not $certInfo.serial) {
+                    Write-host "$($user.username) has a certificate file but no serial number was found"
+                    $status_commandGenerated = $false
+                    $result_deployed = $false
+                    continue
+                }
+            }
+
             # determine certType
             switch ($JCR_CERT_TYPE) {
                 'EmailSAN' {

From f40e0af66203265ee6489f34d7f85b1fc27cf48a Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Mon, 26 Aug 2024 13:23:50 -0600
Subject: [PATCH 095/346] get certs by sha in parallel

---
 .../Private/CertDeployment/Get-CertInfo.ps1   |  4 +-
 .../Get-CertBySHA.ps1                         |  0
 .../Private/CertJson/Get-CertHash.ps1         | 38 +++++++++++++++++++
 .../Private/Settings/Update-JCRUsersJson.ps1  |  8 +++-
 .../Functions/Public/Get-JCRGlobalVars.ps1    |  8 +++-
 5 files changed, 54 insertions(+), 4 deletions(-)
 rename scripts/automation/Radius/Functions/Private/{CertResults => CertJson}/Get-CertBySHA.ps1 (100%)
 create mode 100644 scripts/automation/Radius/Functions/Private/CertJson/Get-CertHash.ps1

diff --git a/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1 b/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1
index 3af56f15c..c9a48bbcf 100644
--- a/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1
@@ -7,7 +7,7 @@ function Get-CertInfo {
         [Parameter(HelpMessage = 'When specified this function will return all user certificate information for user certs located in /UserCerts', ParameterSetName = 'User', Mandatory = $true)]
         [switch]
         $UserCerts,
-        [Parameter(HelpMessage = 'When specified this function will return a single users certificate infomration for a cert located in /UserCerts', ParameterSetName = 'User', Mandatory = $false)]
+        [Parameter(HelpMessage = 'When specified this function will return a single users certificate information for a cert located in /UserCerts', ParameterSetName = 'User', Mandatory = $false)]
         [system.string]
         $username
     )
@@ -50,7 +50,7 @@ function Get-CertInfo {
                 }
 
                 # Create hashtable to contain cert info
-                # TODO: pscustomobject insted of hash
+                # TODO: pscustomobject instead of hash
                 $certHash = @{}
                 # Use openssl to gather serial, subject, issuer, and enddate information
                 $certInfo = Invoke-Expression "$JCR_OPENSSL x509 -in `"$($foundCerts.Path)`" -enddate -serial -subject -issuer -noout"
diff --git a/scripts/automation/Radius/Functions/Private/CertResults/Get-CertBySHA.ps1 b/scripts/automation/Radius/Functions/Private/CertJson/Get-CertBySHA.ps1
similarity index 100%
rename from scripts/automation/Radius/Functions/Private/CertResults/Get-CertBySHA.ps1
rename to scripts/automation/Radius/Functions/Private/CertJson/Get-CertBySHA.ps1
diff --git a/scripts/automation/Radius/Functions/Private/CertJson/Get-CertHash.ps1 b/scripts/automation/Radius/Functions/Private/CertJson/Get-CertHash.ps1
new file mode 100644
index 000000000..3d36b3f30
--- /dev/null
+++ b/scripts/automation/Radius/Functions/Private/CertJson/Get-CertHash.ps1
@@ -0,0 +1,38 @@
+
+function Get-CertHash {
+    begin {
+        $allCerts = Get-CertInfo -UserCerts
+        $shaFuncDef = ${function:Get-CertBySHA}.ToString()
+        $deploymentTableDef = ${function:New-DeploymentTable}.ToString()
+        $resultsArrayP = [System.Collections.Concurrent.ConcurrentDictionary[string, object]]::new()
+    }
+    process {
+        # $allCerts | Foreach-Object -ThrottleLimit 5 -Parallel {
+        #     #Action that will run in Parallel. Reference the current object via $PSItem and bring in outside variables with $USING:varname
+        #     $resultsArrayP = $using:resultsArrayP
+        #     # . $using:JCScriptRoot/Functions/Private/CertResults/Get-CertBySHA.ps1
+        #     ${function:Get-CertBySHA} = $using:shaFuncDef
+        #     ${function:New-DeploymentTable} = $using:deploymentTableDef
+        #     $item = get-CertBySHA -sha1 $PSItem.sha1
+        #     if ($item) {
+        #         $resultsArrayP.AddOrUpdate("$($PSItem.sha1)", $item, { param($key, $oldValue) $item }) | Out-Null
+        #     }
+        # }
+        $allCerts | Foreach-Object -ThrottleLimit 5 -Parallel {
+            #Action that will run in Parallel. Reference the current object via $PSItem and bring in outside variables with $USING:varname
+            $resultsArrayP = $using:resultsArrayP
+            ${function:Get-CertBySHA} = $using:shaFuncDef
+            ${function:New-DeploymentTable} = $using:deploymentTableDef
+            $item = get-CertBySHA -sha1 $PSItem.sha1
+            if ($item) {
+                $resultsArrayP.AddOrUpdate("$($PSItem.sha1)", $item, { $item } ) | Out-Null
+            }
+        }
+
+    }
+    end {
+        return $resultsArrayP
+
+    }
+
+}
diff --git a/scripts/automation/Radius/Functions/Private/Settings/Update-JCRUsersJson.ps1 b/scripts/automation/Radius/Functions/Private/Settings/Update-JCRUsersJson.ps1
index 2b1dc06f8..7732e0d50 100644
--- a/scripts/automation/Radius/Functions/Private/Settings/Update-JCRUsersJson.ps1
+++ b/scripts/automation/Radius/Functions/Private/Settings/Update-JCRUsersJson.ps1
@@ -16,7 +16,13 @@ function Update-JCRUsersJson {
             Write-Progress -activity "Getting User Certificate Info" -status "$($user.username): $i of $($Global:JCRRadiusMembers.Count)" -percentComplete (($i / $Global:JCRRadiusMembers.Count) * 100)
             $MatchedUser = $GLOBAL:JCRUsers[$user.userID]
             $userArrayObject, $userIndex = Get-UserFromTable -userID $user.userID
-            $InstalledCerts = Get-CertBySHA -sha1 $userArrayObject.certInfo.sha1
+            try {
+                $InstalledCerts = $Global:JCRCertHash["$($userArrayObject.certInfo.sha1)"]
+
+            } catch {
+
+                $InstalledCerts = $null
+            }
 
             if ($userIndex -ge 0) {
                 # $userArrayObject
diff --git a/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1 b/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
index 365dc32a0..0e3dac695 100644
--- a/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
+++ b/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
@@ -62,7 +62,7 @@ function Get-JCRGlobalVars {
         }
 
         # also validate that the data files are non-null, if they are, force update]
-        $requiredHashFiles = @('radiusMembers.json', 'systemHash.json', 'userHash.json')
+        $requiredHashFiles = @('radiusMembers.json', 'systemHash.json', 'userHash.json', 'certHash.json')
         foreach ($file in $requiredHashFiles) {
             if (Test-Path -Path "$JCScriptRoot/data/$file") {
                 $fileContents = Get-Content "$JCScriptRoot/data/$file"
@@ -224,10 +224,14 @@ function Get-JCRGlobalVars {
                     # write out the association hash
                     $userAssociationList | ConvertTo-Json -Depth 10 |  Out-File "$JCScriptRoot/data/associationHash.json"
                 }
+                # update certHash in parallel:
+                $certHash = Get-CertHash
+
                 # finally write out the data to file:
                 $users | ConvertTo-Json -Depth 100 -Compress |  Out-File "$JCScriptRoot/data/userHash.json"
                 $systems | ConvertTo-Json -Depth 10 |  Out-File "$JCScriptRoot/data/systemHash.json"
                 $radiusMemberList | ConvertTo-Json |  Out-File "$JCScriptRoot/data/radiusMembers.json"
+                $certHash | ConvertTo-Json |  Out-File "$JCScriptRoot/data/certHash.json"
             }
             $false {
                 # write-host "It's been $($lastUpdateTimespan.hours) hours since we last pulled user, system and association data, no need to update"
@@ -243,6 +247,7 @@ function Get-JCRGlobalVars {
                 $Global:JCRSystems = $systems
                 $Global:JCRAssociations = $userAssociationList
                 $Global:JCRRadiusMembers = $radiusMemberList
+                $Global:JCRCertHash = $certHash
                 # update the settings date
                 Set-JCRSettingsFile -globalVarslastUpdate (Get-Date)
                 # update users.json
@@ -254,6 +259,7 @@ function Get-JCRGlobalVars {
                 $Global:JCRSystems = Get-Content -path "$JCScriptRoot/data/systemHash.json" | ConvertFrom-Json -AsHashtable
                 $Global:JCRAssociations = Get-Content -path "$JCScriptRoot/data/associationHash.json" | ConvertFrom-Json -AsHashtable
                 $Global:JCRRadiusMembers = Get-Content -path "$JCScriptRoot/data/radiusMembers.json" | ConvertFrom-Json -AsHashtable
+                $Global:JCRCertHash = Get-Content -path "$JCScriptRoot/data/certHash.json" | ConvertFrom-Json -AsHashtable
                 # update users.json
                 Update-JCRUsersJson
             }

From 2f5a375f41d6a47aaef08e901567a3d820c4459a Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Mon, 26 Aug 2024 13:28:35 -0600
Subject: [PATCH 096/346] limit number of times commands are checked while
 deploying / fix "generated" text

---
 .../CertDeployment/Deploy-UserCertificate.ps1 | 195 +++++++++---------
 1 file changed, 99 insertions(+), 96 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1 b/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
index 90b0f8b69..e01b0ef0e 100644
--- a/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
@@ -117,27 +117,29 @@ function Deploy-UserCertificate {
             # Create the zip
             Compress-Archive -Path $userPfx -DestinationPath $userPfxZip -CompressionLevel NoCompression -Force
             # Find OS of System
-            switch ($user.systemAssociations.osFamily) {
-                'macOS' {
-                    # Get the macOS system ids
-                    $systemIds = (Get-SystemsThatNeedCertWork -userData $user -osType "macOS")
-                    if ($systemIds.count -eq 0) {
-                        continue
-                    }
-                    # Check to see if previous commands exist
-                    $Command = Get-JCCommand -name "RadiusCert-Install:$($user.userName):MacOSX"
+            $systemTypes = $user.systemAssociations.osFamily | sort | Get-Unique
+            foreach ($systemType in $systemTypes) {
+                switch ($systemType) {
+                    'macOS' {
+                        # Get the macOS system ids
+                        $systemIds = (Get-SystemsThatNeedCertWork -userData $user -osType "macOS")
+                        if ($systemIds.count -eq 0) {
+                            continue
+                        }
+                        # Check to see if previous commands exist
+                        $Command = Get-JCCommand -name "RadiusCert-Install:$($user.userName):MacOSX"
 
-                    if ($Command.Count -ge 1) {
-                        # $confirmation = Write-Host "[status] RadiusCert-Install:$($user.userName):MacOSX command already exists, skipping..."
-                        $status_commandGenerated = $false
-                        continue
-                    }
+                        if ($Command.Count -ge 1) {
+                            $confirmation = Write-Host "[status] RadiusCert-Install:$($user.userName):MacOSX command already exists, skipping..."
+                            $status_commandGenerated = $false
+                            continue
+                        }
 
-                    # Create new Command and upload the signed pfx
-                    try {
-                        $CommandBody = @{
-                            Name              = "RadiusCert-Install:$($user.userName):MacOSX"
-                            Command           = @"
+                        # Create new Command and upload the signed pfx
+                        try {
+                            $CommandBody = @{
+                                Name              = "RadiusCert-Install:$($user.userName):MacOSX"
+                                Command           = @"
 unzip -o /tmp/$($user.userName)-client-signed.zip -d /tmp
 chmod 755 /tmp/$($user.userName)-client-signed.pfx
 currentUser=`$(/usr/bin/stat -f%Su /dev/console)
@@ -296,59 +298,59 @@ else
 fi
 
 "@
-                            launchType        = "trigger"
-                            User              = "000000000000000000000000"
-                            trigger           = "RadiusCertInstall"
-                            commandType       = "mac"
-                            timeout           = 600
-                            TimeToLiveSeconds = 864000
-                            files             = (New-JCCommandFile -certFilePath $userPfxZip -FileName "$($user.userName)-client-signed.zip" -FileDestination "/tmp/$($user.userName)-client-signed.zip")
+                                launchType        = "trigger"
+                                User              = "000000000000000000000000"
+                                trigger           = "RadiusCertInstall"
+                                commandType       = "mac"
+                                timeout           = 600
+                                TimeToLiveSeconds = 864000
+                                files             = (New-JCCommandFile -certFilePath $userPfxZip -FileName "$($user.userName)-client-signed.zip" -FileDestination "/tmp/$($user.userName)-client-signed.zip")
+                            }
+                            $NewCommand = New-JcSdkCommand @CommandBody
+
+                            # Find newly created command and add system as target
+                            $Command = Get-JCCommand -name "RadiusCert-Install:$($user.userName):MacOSX"
+                            $systemIds | ForEach-Object { Set-JcSdkCommandAssociation -CommandId:("$($Command._id)") -Op 'add' -Type:('system') -Id:("$($_.systemId)") | Out-Null }
+                        } catch {
+                            $status_commandGenerated = $false
+                            # throw $_
                         }
-                        $NewCommand = New-JcSdkCommand @CommandBody
 
-                        # Find newly created command and add system as target
-                        $Command = Get-JCCommand -name "RadiusCert-Install:$($user.userName):MacOSX"
-                        $systemIds | ForEach-Object { Set-JcSdkCommandAssociation -CommandId:("$($Command._id)") -Op 'add' -Type:('system') -Id:("$($_.systemId)") | Out-Null }
-                    } catch {
-                        $status_commandGenerated = $false
-                        # throw $_
-                    }
-
-                    $CommandTable = [PSCustomObject]@{
-                        commandId            = $command._id
-                        commandName          = $command.name
-                        commandPreviouslyRun = $false
-                        commandQueued        = $false
-                        systems              = $systemIds
-                    }
+                        $CommandTable = [PSCustomObject]@{
+                            commandId            = $command._id
+                            commandName          = $command.name
+                            commandPreviouslyRun = $false
+                            commandQueued        = $false
+                            systems              = $systemIds
+                        }
 
-                    $user.commandAssociations += $CommandTable
+                        $user.commandAssociations += $CommandTable
 
-                    # Write-Host "[status] Successfully created $($Command.name): User - $($user.userName); OS - Mac OS X"
-                    $status_commandGenerated = $true
+                        Write-Host "[status] Successfully created $($Command.name): User - $($user.userName); OS - Mac OS X"
+                        $status_commandGenerated = $true
 
-                }
-                'windows' {
-                    # Get the Windows system ids
-                    $systemIds = (Get-SystemsThatNeedCertWork -userData $user -osType "windows")
-                    # If there are no systemIds to process, skip generating the command:
-                    if ($systemIds.count -eq 0) {
-                        continue
                     }
-                    # Check to see if previous commands exist
-                    $Command = Get-JCCommand -name "RadiusCert-Install:$($user.userName):Windows"
+                    'windows' {
+                        # Get the Windows system ids
+                        $systemIds = (Get-SystemsThatNeedCertWork -userData $user -osType "windows")
+                        # If there are no systemIds to process, skip generating the command:
+                        if ($systemIds.count -eq 0) {
+                            continue
+                        }
+                        # Check to see if previous commands exist
+                        $Command = Get-JCCommand -name "RadiusCert-Install:$($user.userName):Windows"
 
-                    if ($Command.Count -ge 1) {
-                        # $confirmation = Write-Host "[status] RadiusCert-Install:$($user.userName):Windows command already exists, skipping..."
-                        $status_commandGenerated = $false
-                        continue
-                    }
+                        if ($Command.Count -ge 1) {
+                            $confirmation = Write-Host "[status] RadiusCert-Install:$($user.userName):Windows command already exists, skipping..."
+                            $status_commandGenerated = $false
+                            continue
+                        }
 
-                    # Create new Command and upload the signed pfx
-                    try {
-                        $CommandBody = @{
-                            Name              = "RadiusCert-Install:$($user.userName):Windows"
-                            Command           = @"
+                        # Create new Command and upload the signed pfx
+                        try {
+                            $CommandBody = @{
+                                Name              = "RadiusCert-Install:$($user.userName):Windows"
+                                Command           = @"
 `$ErrorActionPreference = "Stop"
 [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
 `$PkgProvider = Get-PackageProvider
@@ -478,43 +480,44 @@ if (`$CurrentUser -eq "$($user.localUsername)") {
     exit 4
 }
 "@
-                            launchType        = "trigger"
-                            trigger           = "RadiusCertInstall"
-                            commandType       = "windows"
-                            shell             = "powershell"
-                            timeout           = 600
-                            TimeToLiveSeconds = 864000
-                            files             = (New-JCCommandFile -certFilePath $userPfxZip -FileName "$($user.userName)-client-signed.zip" -FileDestination "C:\Windows\Temp\$($user.userName)-client-signed.zip")
+                                launchType        = "trigger"
+                                trigger           = "RadiusCertInstall"
+                                commandType       = "windows"
+                                shell             = "powershell"
+                                timeout           = 600
+                                TimeToLiveSeconds = 864000
+                                files             = (New-JCCommandFile -certFilePath $userPfxZip -FileName "$($user.userName)-client-signed.zip" -FileDestination "C:\Windows\Temp\$($user.userName)-client-signed.zip")
+                            }
+                            $NewCommand = New-JcSdkCommand @CommandBody
+
+                            # Find newly created command and add system as target
+                            $Command = Get-JCCommand -name "RadiusCert-Install:$($user.userName):Windows"
+                            $systemIds | ForEach-Object {
+                                Set-JcSdkCommandAssociation -CommandId:("$($Command._id)") -Op 'add' -Type:('system') -Id:("$($_.systemId)") | Out-Null
+                            }
+                        } catch {
+                            $status_commandGenerated = $false
+                            # throw $_
                         }
-                        $NewCommand = New-JcSdkCommand @CommandBody
 
-                        # Find newly created command and add system as target
-                        $Command = Get-JCCommand -name "RadiusCert-Install:$($user.userName):Windows"
-                        $systemIds | ForEach-Object {
-                            Set-JcSdkCommandAssociation -CommandId:("$($Command._id)") -Op 'add' -Type:('system') -Id:("$($_.systemId)") | Out-Null
+                        $CommandTable = [PSCustomObject]@{
+                            commandId            = $command._id
+                            commandName          = $command.name
+                            commandPreviouslyRun = $false
+                            commandQueued        = $false
+                            systems              = $systemIds
                         }
-                    } catch {
-                        $status_commandGenerated = $false
-                        # throw $_
-                    }
-
-                    $CommandTable = [PSCustomObject]@{
-                        commandId            = $command._id
-                        commandName          = $command.name
-                        commandPreviouslyRun = $false
-                        commandQueued        = $false
-                        systems              = $systemIds
-                    }
 
-                    $user.commandAssociations += $CommandTable
-                    # Write-Host "[status] Successfully created $($Command.name): User - $($user.userName); OS - Windows"
-                    $status_commandGenerated = $true
+                        $user.commandAssociations += $CommandTable
+                        Write-Host "[status] Successfully created $($Command.name): User - $($user.userName); OS - Windows"
+                        $status_commandGenerated = $true
 
-                }
-                $null {
-                    Write-host "$($user.username) is not associated with any systems, skipping command generation"
-                    $status_commandGenerated = $false
-                    $result_deployed = $false
+                    }
+                    $null {
+                        Write-host "$($user.username) is not associated with any systems, skipping command generation"
+                        $status_commandGenerated = $false
+                        $result_deployed = $false
+                    }
                 }
             }
             # Update the user table with the information from the generated commands:

From af409c91d76ddc625277361b4169e296c99b3852 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Mon, 26 Aug 2024 16:16:14 -0600
Subject: [PATCH 097/346] hide output

---
 .../Private/CertDeployment/Deploy-UserCertificate.ps1     | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1 b/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
index e01b0ef0e..afdec2eed 100644
--- a/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
@@ -130,7 +130,7 @@ function Deploy-UserCertificate {
                         $Command = Get-JCCommand -name "RadiusCert-Install:$($user.userName):MacOSX"
 
                         if ($Command.Count -ge 1) {
-                            $confirmation = Write-Host "[status] RadiusCert-Install:$($user.userName):MacOSX command already exists, skipping..."
+                            # $confirmation = Write-Host "[status] RadiusCert-Install:$($user.userName):MacOSX command already exists, skipping..."
                             $status_commandGenerated = $false
                             continue
                         }
@@ -326,7 +326,7 @@ fi
 
                         $user.commandAssociations += $CommandTable
 
-                        Write-Host "[status] Successfully created $($Command.name): User - $($user.userName); OS - Mac OS X"
+                        # Write-Host "[status] Successfully created $($Command.name): User - $($user.userName); OS - Mac OS X"
                         $status_commandGenerated = $true
 
                     }
@@ -341,7 +341,7 @@ fi
                         $Command = Get-JCCommand -name "RadiusCert-Install:$($user.userName):Windows"
 
                         if ($Command.Count -ge 1) {
-                            $confirmation = Write-Host "[status] RadiusCert-Install:$($user.userName):Windows command already exists, skipping..."
+                            # $confirmation = Write-Host "[status] RadiusCert-Install:$($user.userName):Windows command already exists, skipping..."
                             $status_commandGenerated = $false
                             continue
                         }
@@ -509,7 +509,7 @@ if (`$CurrentUser -eq "$($user.localUsername)") {
                         }
 
                         $user.commandAssociations += $CommandTable
-                        Write-Host "[status] Successfully created $($Command.name): User - $($user.userName); OS - Windows"
+                        # Write-Host "[status] Successfully created $($Command.name): User - $($user.userName); OS - Windows"
                         $status_commandGenerated = $true
 
                     }

From e2c5ba4a0c648d425ab27892c4b7ebea00866d32 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Mon, 26 Aug 2024 16:16:29 -0600
Subject: [PATCH 098/346] test for user cert hash generation

---
 .../Tests/Public/Get-JCRGlobalVars.Tests.ps1  | 39 +++++++++++++++++++
 1 file changed, 39 insertions(+)

diff --git a/scripts/automation/Radius/Tests/Public/Get-JCRGlobalVars.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Get-JCRGlobalVars.Tests.ps1
index 8b00d41a0..15f917399 100644
--- a/scripts/automation/Radius/Tests/Public/Get-JCRGlobalVars.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Get-JCRGlobalVars.Tests.ps1
@@ -6,6 +6,7 @@ Describe "Get Global Variable Data Tests" -Tag "Cache" {
             'radiusMembers.json',
             'systemHash.json',
             'userHash.json'
+            'certHash.json'
         )
         # explicitly import the settings file functions for these tests:
         $Private = @( Get-ChildItem -Path "$JCScriptRoot/Functions/Private/Settings/*.ps1" -Recurse)
@@ -156,4 +157,42 @@ Describe "Get Global Variable Data Tests" -Tag "Cache" {
             }
         }
     }
+    Context "Tests that users.json is updated correctly if a cert is found on a user's computer" {
+        It "Validates that the deployment info for some user is updated when a cert is installed on all the user's devices" {
+            $userArray = Get-UserJsonData
+            # get the cert sha of one user with system associations:
+            $userFromList = $userArray | Where-Object { $_.systemAssociations -ne $Null } | select -first 1
+            # force an update of that user's cert
+            Start-GenerateUserCerts -type ByUsername -username $($userFromList.username) -forceReplaceCerts
+            # Update-JCRUsersJson
+            # Get the user array again
+            $userArray = Get-UserJsonData
+            $userFromList = $userArray | Where-Object { $_.userId -eq $userFromList.userID }
+            # create a cert hash object
+            $certHash = @{
+                $($userFromList.certInfo.sha1) = New-Object System.Collections.ArrayList
+            }
+            foreach ($systemAssociation in $userFromList.systemAssociations) {
+                $certHash[$userFromList.certInfo.sha1].Add(
+                    [PSCustomObject]@{
+                        systemId = $systemAssociation.systemId
+                        path     = "nullNotNeededForTesting"
+                    }
+                )
+            }
+            # write the mocked certHash to the data file:
+            $certHash | ConvertTo-Json |  Out-File "$JCScriptRoot/data/certHash.json"
+            $Global:JCRCertHash = Get-Content -path "$JCScriptRoot/data/certHash.json" | ConvertFrom-Json -AsHashtable
+            # update the users json file
+            Update-JCRUsersJson
+            $userArray = Get-UserJsonData
+            $after = $userArray | Where-Object { $_.userId -eq $userFromList.userID }
+            # The users.json file should be updated to show that the user has an installed certificate
+            foreach ($systemId in $userFromList.systemAssociations.systemId) {
+                $systemId | Should -BeIn $after.deploymentInfo.systemId
+            }
+
+        }
+
+    }
 }

From 17e05b76ee3209744a62f3dbbe8bf9e6c4783366 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Mon, 26 Aug 2024 16:40:56 -0600
Subject: [PATCH 099/346] cleanup certHash.json

---
 .../Functions/Private/CertJson/Get-CertHash.ps1      | 12 ------------
 1 file changed, 12 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Private/CertJson/Get-CertHash.ps1 b/scripts/automation/Radius/Functions/Private/CertJson/Get-CertHash.ps1
index 3d36b3f30..79c47dbb4 100644
--- a/scripts/automation/Radius/Functions/Private/CertJson/Get-CertHash.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertJson/Get-CertHash.ps1
@@ -7,19 +7,7 @@ function Get-CertHash {
         $resultsArrayP = [System.Collections.Concurrent.ConcurrentDictionary[string, object]]::new()
     }
     process {
-        # $allCerts | Foreach-Object -ThrottleLimit 5 -Parallel {
-        #     #Action that will run in Parallel. Reference the current object via $PSItem and bring in outside variables with $USING:varname
-        #     $resultsArrayP = $using:resultsArrayP
-        #     # . $using:JCScriptRoot/Functions/Private/CertResults/Get-CertBySHA.ps1
-        #     ${function:Get-CertBySHA} = $using:shaFuncDef
-        #     ${function:New-DeploymentTable} = $using:deploymentTableDef
-        #     $item = get-CertBySHA -sha1 $PSItem.sha1
-        #     if ($item) {
-        #         $resultsArrayP.AddOrUpdate("$($PSItem.sha1)", $item, { param($key, $oldValue) $item }) | Out-Null
-        #     }
-        # }
         $allCerts | Foreach-Object -ThrottleLimit 5 -Parallel {
-            #Action that will run in Parallel. Reference the current object via $PSItem and bring in outside variables with $USING:varname
             $resultsArrayP = $using:resultsArrayP
             ${function:Get-CertBySHA} = $using:shaFuncDef
             ${function:New-DeploymentTable} = $using:deploymentTableDef

From e0a483aaabd0a6926492c69862ea7a59da08ebce Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Fri, 11 Oct 2024 12:54:56 -0600
Subject: [PATCH 100/346] update deploy-userCert functions, only update if
 trigger SHA does not match

---
 .../CertDeployment/Deploy-UserCertificate.ps1 | 1127 +++++++++++------
 .../Commands/Get-CommandByUsername.ps1        |    6 +-
 .../Public/Start-DeployUserCerts.ps1          |   21 +-
 .../automation/Radius/JumpCloud-Radius.psm1   |    2 +-
 4 files changed, 735 insertions(+), 421 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1 b/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
index afdec2eed..6dda6850e 100644
--- a/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
@@ -9,6 +9,10 @@ function Deploy-UserCertificate {
         [Parameter(HelpMessage = 'When specified, this parameter will invoke commands on systems associated to the user from the "userObject" parameter')]
         [bool]
         $forceInvokeCommands,
+        # when specified will generated a new command for the given user
+        [Parameter(HelpMessage = 'When specified, this parameter will generate new commands for the user from the "userObject" parameter')]
+        [bool]
+        $forceGenerateCommands,
         # prompt replace existing certificate
         [Parameter(HelpMessage = 'When specified, this parameter will prompt for user imput and ask if generated commands should be invoked on associated systems')]
         [switch]
@@ -16,6 +20,23 @@ function Deploy-UserCertificate {
     )
 
     begin {
+        $workToBeDone = [PSCustomObject]@{
+            remainingMacOSDevices        = $null
+            remainingWindowsSDevices     = $null
+            removeQueuedCommands         = $null
+            removeCommands               = $null
+            forceGenerateMacOSCommands   = $false
+            forceGenerateWindowsCommands = $false
+            macOSCommandID               = $null
+            windowsCommandID             = $null
+            commandIDsToRemove           = New-Object System.Collections.ArrayList
+            commandQueueIDsToRemove      = New-Object System.Collections.ArrayList
+            commandQueueIDsDuplicates    = New-Object System.Collections.ArrayList
+        }
+
+        $status_commandGenerated = $false
+        $result_deployed = $false
+
         switch ($forceInvokeCommands) {
             $true {
                 $invokeCommands = $true
@@ -24,6 +45,16 @@ function Deploy-UserCertificate {
                 $invokeCommands = $false
             }
         }
+        switch ($forceGenerateCommands) {
+            $true {
+                $workToBeDone.forceGenerateMacOSCommands = $true
+                $workToBeDone.forceGenerateWindowsCommands = $true
+            }
+            $false {
+                $workToBeDone.forceGenerateMacOSCommands = $false
+                $workToBeDone.forceGenerateWindowsCommands = $false
+            }
+        }
         switch ($prompt) {
             $true {
                 $invokeCommandsChoice = Get-ResponsePrompt -message "Would you like to invoke commands after they've been generated?"
@@ -42,20 +73,38 @@ function Deploy-UserCertificate {
     process {
         foreach ($user in $userObject) {
 
-            #### Begin removal of queued commands + existing command:
-            # remove commands
+            # Determine the work to be done:
+            ## Does the user have all their certs already distributed
+            ### if so delete their queued commands, commands
+            ## Which types of systems does the user need commands for?
+            ### If only one type, delete the other
+            ## If the user's certs are not all distributed, does the SHA1 value of the current command match the SHA1 of their current cert?
+            ### If yes, skip to association update
+            ### If no, delete the command and create with new cert
+
+
+
+
+            ## first determine if the local cert sha is the same as the cert sha in the admin console:
+
+            # Get the commands for this user:
             $radiusCommandsByUser = Get-CommandByUsername -username $user.username
-            foreach ($command in $radiusCommandsByUser) {
-                Remove-JcSdkCommand -Id $command.id | Out-Null
+            if ($radiusCommandsByUser) {
+                $macOSCommands = ($radiusCommandsByUser | Where-Object { $_.Name -match "MacOSX" })
+                $windowsOSCommands = ($radiusCommandsByUser | Where-Object { $_.Name -match "Windows" })
             }
-            # remove queued commands
+
+            # Get the queued commands for the user
             $queuedRadiusCommandsByUser = Get-queuedCommandByUser -username $user.username
-            foreach ($queuedCommand in $queuedRadiusCommandsByUser) {
-                Clear-JCQueuedCommand -workflowId $queuedCommand.id | Out-Null
+            if ($queuedRadiusCommandsByUser) {
+                $windowsQueuedCommands = $queuedRadiusCommandsByUser | Where-Object { $_.name -match "Windows" }
+                $macOSQueuedCommands = $queuedRadiusCommandsByUser | Where-Object { $_.name -match "macOS" }
+            } else {
+                $windowsQueuedCommands = $null
+                $macOSQueuedCommands = $null
             }
-            # now clear out the user command associations from users.json
-            $User.commandAssociations = @()
-            #### End removal of queued commands + existing command
+
+            # Get the users certificate Details:
             # Get certificate and zip to upload to Commands
             $userCertFiles = Get-ChildItem -Path "$JCScriptRoot/UserCerts" -Filter "$($user.userName)-*"
             # set crt and pfx filepaths
@@ -65,7 +114,188 @@ function Deploy-UserCertificate {
             $userPfxZip = "$JCScriptRoot/UserCerts/$($user.userName)-client-signed.zip"
             # get certInfo for commands:
             $certInfo = Get-CertInfo -UserCerts -username $user.username
+            # Determine if the commands have matching SHA1 values:
+
+
+            if ($macOSCommands) {
+                # verify the certs match for macOS systems:
+                foreach ($maOSRadiusCommand in $macOSCommands) {
+                    if ((-Not $workToBeDone.macOSCommandID) -AND ($maOSRadiusCommand.trigger -eq $certInfo.sha1)) {
+                        # set the existing command IDs:
+                        $workToBeDone.macOSCommandID = ($radiusCommandsByUser | Where-Object { $_.Name -match "MacOSX" }).Id
+                    } elseif (($workToBeDone.macOSCommandID) -AND ($maOSRadiusCommand.trigger -eq $certInfo.sha1)) {
+                        # add the duplicate command to the list to remove
+                        $workToBeDone.commandIDsToRemove.Add($windowsOSRadiusCommands.Id) | Out-Null
+                    } else {
+                        # add the command to the list to remove
+                        $workToBeDone.commandIDsToRemove.Add($maOSRadiusCommand.Id) | Out-Null
+                    }
+                }
+            } else {
+                $workToBeDone.macOSCommandID = $null
+            }
+            if ($windowsOSCommands) {
+                # verify the certs match for windows systems:
+                foreach ($windowsOSRadiusCommands in $windowsOSCommands) {
+                    if ((-Not $workToBeDone.windowsCommandID) -AND ($windowsOSRadiusCommands.trigger -eq $certInfo.sha1)) {
+                        # set the existing command IDs:
+                        $workToBeDone.windowsCommandID = ($radiusCommandsByUser | Where-Object { $_.Name -match "Windows" }).Id
+                    } elseif (($workToBeDone.windowsCommandID) -AND ($windowsOSRadiusCommands.trigger -eq $certInfo.sha1)) {
+                        # add the duplicate command to the list to remove
+                        $workToBeDone.commandIDsToRemove.Add($windowsOSRadiusCommands.Id) | Out-Null
+                    } else {
+                        # add the command to the list to remove
+                        $workToBeDone.commandIDsToRemove.Add($windowsOSRadiusCommands.Id) | Out-Null
+                    }
+                }
+            } else {
+                $workToBeDone.windowsCommandID = $null
+            }
+
 
+
+            if ($windowsQueuedCommands) {
+                if ($workToBeDone.windowsCommandID) {
+
+                    # Get queued commands that are from a previous command; delete those
+                    foreach ($queuedCommand in $windowsQueuedCommands) {
+                        if ($queuedCommand.command -eq $workToBeDone.windowsCommandID) {
+                            # TODO: nothing to do here?
+                            $workToBeDone.commandQueueIDsDuplicates.Add($queuedCommand.Id) | Out-Null
+                        } else {
+                            # if the queued commands does not match the cert command, remove all these queued commands
+                            $workToBeDone.commandQueueIDsToRemove.Add($queuedCommand.Id) | Out-Null
+                        }
+                    }
+                } else {
+                    foreach ($queuedCommand in $windowsQueuedCommands) {
+                        # if there are commands in queue for the user but no matching cert command, remove all the items in the queue
+                        $workToBeDone.commandQueueIDsToRemove.Add($queuedCommand.Id) | Out-Null
+                    }
+                }
+            }
+            if ($macOSQueuedCommands) {
+                if ($workToBeDone.windowsCommandID) {
+
+                    foreach ($queuedCommand in $macOSQueuedCommands) {
+                        if ($queuedCommand.command -eq $workToBeDone.macOSCommandID) {
+                            # TODO: nothing to do here?
+                            $workToBeDone.commandQueueIDsDuplicates.Add($queuedCommand.Id) | Out-Null
+                        } else {
+                            # if the queued commands does not match the cert command, remove all these queued commands
+                            $workToBeDone.commandQueueIDsToRemove.Add($queuedCommand.Id) | Out-Null
+                        }
+                    }
+                } else {
+                    foreach ($queuedCommand in $macOSQueuedCommands) {
+                        # if there are commands in queue for the user but no matching cert command, remove all the items in the queue
+                        $workToBeDone.commandQueueIDsToRemove.Add($queuedCommand.Id) | Out-Null
+                    }
+                }
+            }
+
+            # remove the commands:
+            if ($workToBeDone.commandIDsToRemove) {
+                foreach ($commandIDToRemove in $workToBeDone.commandIDsToRemove) {
+                    Remove-JcSdkCommand -Id $commandIDToRemove | Out-Null
+                }
+            }
+            # remove queued commands:
+            if ($workToBeDone.commandQueueIDsToRemove) {
+                foreach ($commandQueueIDToRemove in $workToBeDone.commandQueueIDsToRemove) {
+                    Clear-JCQueuedCommand -workflowId $commandQueueIDToRemove | Out-Null
+                }
+            }
+            # remove queued commands:
+            if ($workToBeDone.commandQueueIDsDuplicates) {
+                foreach ($commandQueueIDToRemove in $workToBeDone.commandQueueIDsDuplicates) {
+                    Clear-JCQueuedCommand -workflowId $commandQueueIDToRemove | Out-Null
+                }
+            }
+            # # determine if we need to remove commands/ queued commands if the certs match:
+            # if ($certsMatch) {
+            #     $workToBeDone.removeCommands = $false
+            #     $workToBeDone.removeQueuedCommands = $false
+
+            #     # if there's no commands/ queued commands to remove, set the command Generated status to false
+            #     $status_commandGenerated = $false
+            # } else {
+            #     $workToBeDone.removeCommands = $true
+            #     $workToBeDone.removeQueuedCommands = $true
+            # }
+
+            ## determine the systems that need the cert
+            try {
+                $userCertHashData = $Global:JCRCertHash["$($user.certInfo.sha1)"]
+
+            } catch {
+                $userCertHashData = $null
+            }
+            if ($userCertHashData) {
+                # set the remaining systems that don't have the cert:
+                # macOS
+                $workToBeDone.remainingMacOSDevices = $user.systemAssociations | Where-Object { ($_.systemID -notin $userCertHashData.systemId ) -And ($_.osFamily) -eq "macOS" }
+                # windows
+                $workToBeDone.remainingWindowsSDevices = $user.systemAssociations | Where-Object { ($_.systemID -notin $userCertHashData.systemId ) -And ($_.osFamily) -eq "Windows" }
+
+                # if there's work to be done but not a valid cert command, generate the command
+                if (($workToBeDone.remainingMacOSDevices) -AND (-Not $workToBeDone.macOSCommandID)) {
+                    $workToBeDone.forceGenerateMacOSCommands = $true
+                }
+                # if there's work to be done but not a valid cert command, generate the command
+                if (($workToBeDone.remainingWindowsSDevices) -AND (-Not $workToBeDone.windowsCommandID)) {
+                    $workToBeDone.forceGenerateWindowsCommands = $true
+                }
+            } else {
+                # set the remaining devices to the association list from users.json
+                # macOS
+                $workToBeDone.remainingMacOSDevices = $user.systemAssociations | Where-Object { ($_.osFamily) -eq "macOS" }
+                # Windows
+                $workToBeDone.remainingWindowsSDevices = $user.systemAssociations | Where-Object { ($_.osFamily) -eq "Windows" }
+                # if there's work to be done but not a valid cert command, generate the command
+                if (($workToBeDone.remainingMacOSDevices) -AND (-Not $workToBeDone.macOSCommandID)) {
+                    $workToBeDone.forceGenerateMacOSCommands = $true
+                }
+                # if there's work to be done but not a valid cert command, generate the command
+                if (($workToBeDone.remainingWindowsSDevices) -AND (-Not $workToBeDone.windowsCommandID)) {
+                    $workToBeDone.forceGenerateWindowsCommands = $true
+                }
+            }
+
+            # ## determine which OS commands to generate:
+            # if ($workToBeDone.removeCommands) {
+            #     # if we remove commands, which os type should be generated
+            #     if ($workToBeDone.remainingMacOSDevices) {
+            #         # generate macOS commands
+            #         $workToBeDone.generateMacOSCommands = $true
+            #     }
+            #     if ($workToBeDone.remainingWindowsSDevices) {
+            #         # generate windows commands
+            #         $workToBeDone.generateWindowsCommands = $true
+            #     }
+            # }
+
+
+            ## Begin removal of queued commands + existing command:
+            # remove commands if necessary
+            # If ($workToBeDone.removeCommands) {
+            #     foreach ($command in $radiusCommandsByUser) {
+            #         Remove-JcSdkCommand -Id $command.id | Out-Null
+            #     }
+            # }
+            # # remove queued commands if necessary
+            # if ($workToBeDone.removeQueuedCommands) {
+            #     foreach ($queuedCommand in $queuedRadiusCommandsByUser) {
+            #         Clear-JCQueuedCommand -workflowId $queuedCommand.id | Out-Null
+            #     }
+            # }
+            # now clear out the user command associations from users.json
+            $User.commandAssociations = @()
+            #### End removal of queued commands + existing command
+
+            # write-host "____"
+            # write-host $certInfo
+            # write-host "____"
             # validate the certIfo required for installing commands:
             If (-Not $certInfo) {
                 Write-host "$($user.username) did not have a certificate generated"
@@ -73,13 +303,14 @@ function Deploy-UserCertificate {
                 $result_deployed = $false
                 continue
             } else {
-                # explicitly validate that the serial number
+                # explicitly validate that the subject header exists
                 if (-Not $certInfo.subject) {
                     Write-host "$($user.username) has a certificate file but no subject was found"
                     $status_commandGenerated = $false
                     $result_deployed = $false
                     continue
                 }
+                # explicitly validate that the serial number exists
                 if (-Not $certInfo.serial) {
                     Write-host "$($user.username) has a certificate file but no serial number was found"
                     $status_commandGenerated = $false
@@ -88,58 +319,71 @@ function Deploy-UserCertificate {
                 }
             }
 
-            # determine certType
-            switch ($JCR_CERT_TYPE) {
-                'EmailSAN' {
-                    # set cert identifier to SAN email of cert
-                    $sanID = Invoke-Expression "$JCR_OPENSSL x509 -in $($userCrt) -ext subjectAltName -noout"
-                    $regex = 'email:(.*?)$'
-                    $JCR_SUBJECT_HEADERSMatch = Select-String -InputObject "$($sanID)" -Pattern $regex
-                    $certIdentifier = $JCR_SUBJECT_HEADERSMatch.matches.Groups[1].value
-                    # in macOS search user certs by email
-                    $macCertSearch = 'e'
-                }
-                'EmailDN' {
-                    # Else set cert identifier to email of cert subject
-                    $regex = 'emailAddress=(.*?)$'
-                    $JCR_SUBJECT_HEADERSMatch = Select-String -InputObject "$($certInfo.Subject)" -Pattern $regex
-                    $certIdentifier = $JCR_SUBJECT_HEADERSMatch.matches.Groups[1].value
-                    # in macOS search user certs by email
-                    $macCertSearch = 'e'
-                }
-                'UsernameCn' {
-                    # if username just set cert identifier to username
-                    $certIdentifier = $($user.userName)
-                    # in macOS search user certs by common name (username)
-                    $macCertSearch = 'c'
+            ## If we need to generate commands:
+            # Get the cert type
+            # compress the CERT
+            # upload the command
+            # Get the command ID
+            # Set the command associations
+
+            ## If we are skipping the command generation
+            # update the command associations
+
+            # Report status
+
+
+            if (($workToBeDone.forcegenerateMacOSCommands) -OR ($workToBeDone.forceGenerateWindowsCommands)) {
+                # determine certType
+                switch ($JCR_CERT_TYPE) {
+                    'EmailSAN' {
+                        # set cert identifier to SAN email of cert
+                        $sanID = Invoke-Expression "$JCR_OPENSSL x509 -in $($userCrt) -ext subjectAltName -noout"
+                        $regex = 'email:(.*?)$'
+                        $JCR_SUBJECT_HEADERSMatch = Select-String -InputObject "$($sanID)" -Pattern $regex
+                        $certIdentifier = $JCR_SUBJECT_HEADERSMatch.matches.Groups[1].value
+                        # in macOS search user certs by email
+                        $macCertSearch = 'e'
+                    }
+                    'EmailDN' {
+                        # Else set cert identifier to email of cert subject
+                        $regex = 'emailAddress=(.*?)$'
+                        $JCR_SUBJECT_HEADERSMatch = Select-String -InputObject "$($certInfo.Subject)" -Pattern $regex
+                        $certIdentifier = $JCR_SUBJECT_HEADERSMatch.matches.Groups[1].value
+                        # in macOS search user certs by email
+                        $macCertSearch = 'e'
+                    }
+                    'UsernameCn' {
+                        # if username just set cert identifier to username
+                        $certIdentifier = $($user.userName)
+                        # in macOS search user certs by common name (username)
+                        $macCertSearch = 'c'
+                    }
                 }
+                # Create the zip
+                Compress-Archive -Path $userPfx -DestinationPath $userPfxZip -CompressionLevel NoCompression -Force
             }
-            # Create the zip
-            Compress-Archive -Path $userPfx -DestinationPath $userPfxZip -CompressionLevel NoCompression -Force
-            # Find OS of System
-            $systemTypes = $user.systemAssociations.osFamily | sort | Get-Unique
-            foreach ($systemType in $systemTypes) {
-                switch ($systemType) {
-                    'macOS' {
-                        # Get the macOS system ids
-                        $systemIds = (Get-SystemsThatNeedCertWork -userData $user -osType "macOS")
-                        if ($systemIds.count -eq 0) {
-                            continue
-                        }
-                        # Check to see if previous commands exist
-                        $Command = Get-JCCommand -name "RadiusCert-Install:$($user.userName):MacOSX"
 
-                        if ($Command.Count -ge 1) {
-                            # $confirmation = Write-Host "[status] RadiusCert-Install:$($user.userName):MacOSX command already exists, skipping..."
-                            $status_commandGenerated = $false
-                            continue
-                        }
 
-                        # Create new Command and upload the signed pfx
-                        try {
-                            $CommandBody = @{
-                                Name              = "RadiusCert-Install:$($user.userName):MacOSX"
-                                Command           = @"
+            if ($workToBeDone.forcegenerateMacOSCommands) {
+                # Get the macOS system ids
+                $systemIds = (Get-SystemsThatNeedCertWork -userData $user -osType "macOS")
+                if ($systemIds.count -eq 0) {
+                    continue
+                }
+                # # Check to see if previous commands exist
+                # $Command = Get-JCCommand -name "RadiusCert-Install:$($user.userName):MacOSX"
+
+                # if ($Command.Count -ge 1) {
+                #     # $confirmation = Write-Host "[status] RadiusCert-Install:$($user.userName):MacOSX command already exists, skipping..."
+                #     $status_commandGenerated = $false
+                #     continue
+                # }
+
+                # Create new Command and upload the signed pfx
+                try {
+                    $CommandBody = @{
+                        Name              = "RadiusCert-Install:$($user.userName):MacOSX"
+                        Command           = @"
 unzip -o /tmp/$($user.userName)-client-signed.zip -d /tmp
 chmod 755 /tmp/$($user.userName)-client-signed.pfx
 currentUser=`$(/usr/bin/stat -f%Su /dev/console)
@@ -152,413 +396,459 @@ caseMatchOrigValue=`$(shopt -p nocasematch; true)
 shopt -s nocasematch
 userCompare="$($user.localUsername)"
 if [[ "`$currentUser" ==  "`$userCompare" ]]; then
-    # restore case match type
-    `$caseMatchOrigValue
-    certs=`$(security find-certificate -a -$($macCertSearch) "$($certIdentifier)" -Z /Users/$($user.localUsername)/Library/Keychains/login.keychain)
-    regexSHA='SHA-1 hash: ([0-9A-F]{5,40})'
-    regexSN='"snbr"<blob>=0x([0-9A-F]{5,40})'
-    global_rematch() {
-        # Set local variables
-        local s=`$1 regex=`$2
-        # While string matches regex expression
-        while [[ `$s =~ `$regex ]]; do
-            # Echo out the match
-            echo "`${BASH_REMATCH[1]}"
-            # Remove the string
-            s=`${s#*"`${BASH_REMATCH[1]}"}
-        done
-    }
-    # Save results
-    # Get Text Results
-    textSHA=`$(global_rematch "`$certs" "`$regexSHA")
-    # Set as array for SHA results
-    arraySHA=(`$textSHA)
-    # Get Text Results
-    textSN=`$(global_rematch "`$certs" "`$regexSN")
-    # Set as array for SN results
-    arraySN=(`$textSN)
-    # set import var
-    import=true
-    if [[ `${#arraySN[@]} == `${#arraySHA[@]} ]]; then
-        len=`${#arraySN[@]}
-        for (( i=0; i<`$len; i++ )); do
-            if [[ `$currentCertSN == `${arraySN[`$i]} ]]; then
-                echo "Found Cert: SN: `${arraySN[`$i]} SHA: `${arraySHA[`$i]}"
-                installedCertSN=`${arraySN[`$i]}
-                installedCertSHA=`${arraySHA[`$i]}
-                # if cert is installed, no need to update
-                import=false
-            else
-                echo "Removing previously installed radius cert:"
-                echo "SN: `${arraySN[`$i]} SHA: `${arraySHA[`$i]}"
-                security delete-certificate -Z "`${arraySHA[`$i]}" /Users/$($user.localUsername)/Library/Keychains/login.keychain
-            fi
-        done
-
-    else
-        echo "array length mismatch, will not delete old certs"
-    fi
+# restore case match type
+`$caseMatchOrigValue
+certs=`$(security find-certificate -a -$($macCertSearch) "$($certIdentifier)" -Z /Users/$($user.localUsername)/Library/Keychains/login.keychain)
+regexSHA='SHA-1 hash: ([0-9A-F]{5,40})'
+regexSN='"snbr"<blob>=0x([0-9A-F]{5,40})'
+global_rematch() {
+    # Set local variables
+    local s=`$1 regex=`$2
+    # While string matches regex expression
+    while [[ `$s =~ `$regex ]]; do
+        # Echo out the match
+        echo "`${BASH_REMATCH[1]}"
+        # Remove the string
+        s=`${s#*"`${BASH_REMATCH[1]}"}
+    done
+}
+# Save results
+# Get Text Results
+textSHA=`$(global_rematch "`$certs" "`$regexSHA")
+# Set as array for SHA results
+arraySHA=(`$textSHA)
+# Get Text Results
+textSN=`$(global_rematch "`$certs" "`$regexSN")
+# Set as array for SN results
+arraySN=(`$textSN)
+# set import var
+import=true
+if [[ `${#arraySN[@]} == `${#arraySHA[@]} ]]; then
+    len=`${#arraySN[@]}
+    for (( i=0; i<`$len; i++ )); do
+        if [[ `$currentCertSN == `${arraySN[`$i]} ]]; then
+            echo "Found Cert: SN: `${arraySN[`$i]} SHA: `${arraySHA[`$i]}"
+            installedCertSN=`${arraySN[`$i]}
+            installedCertSHA=`${arraySHA[`$i]}
+            # if cert is installed, no need to update
+            import=false
+        else
+            echo "Removing previously installed radius cert:"
+            echo "SN: `${arraySN[`$i]} SHA: `${arraySHA[`$i]}"
+            security delete-certificate -Z "`${arraySHA[`$i]}" /Users/$($user.localUsername)/Library/Keychains/login.keychain
+        fi
+    done
 
-    if [[ `$import == true ]]; then
-        /bin/launchctl asuser "`$currentUserUID" sudo -iu "`$currentUser" /usr/bin/security import /tmp/$($user.userName)-client-signed.pfx -x -k /Users/$($user.localUsername)/Library/Keychains/login.keychain -P $JCR_USER_CERT_PASS -T "/System/Library/SystemConfiguration/EAPOLController.bundle/Contents/Resources/eapolclient"
-        if [[ `$? -eq 0 ]]; then
-            echo "Import Success"
-            # get the SHA hash of the newly imported cert
-            installedCertSN=`$(/bin/launchctl asuser "`$currentUserUID" sudo -iu "`$currentUser" /usr/bin/security find-certificate -$($macCertSearch) "$($certIdentifier)" -Z /Users/$($user.localUsername)/Library/Keychains/login.keychain | grep snbr | awk '{print `$1}' | sed 's/"snbr"<blob>=0x//g')
-            if [[ `$installedCertSN == `$currentCertSN ]]; then
-                installedCertSHA=`$(/bin/launchctl asuser "`$currentUserUID" sudo -iu "`$currentUser" /usr/bin/security find-certificate -$($macCertSearch) "$($certIdentifier)" -Z /Users/$($user.localUsername)/Library/Keychains/login.keychain | grep SHA-1 | awk '{print `$3}')
-            fi
+else
+    echo "array length mismatch, will not delete old certs"
+fi
 
-        else
-            echo "import failed"
-            exit 4
+if [[ `$import == true ]]; then
+    /bin/launchctl asuser "`$currentUserUID" sudo -iu "`$currentUser" /usr/bin/security import /tmp/$($user.userName)-client-signed.pfx -x -k /Users/$($user.localUsername)/Library/Keychains/login.keychain -P $JCR_USER_CERT_PASS -T "/System/Library/SystemConfiguration/EAPOLController.bundle/Contents/Resources/eapolclient"
+    if [[ `$? -eq 0 ]]; then
+        echo "Import Success"
+        # get the SHA hash of the newly imported cert
+        installedCertSN=`$(/bin/launchctl asuser "`$currentUserUID" sudo -iu "`$currentUser" /usr/bin/security find-certificate -$($macCertSearch) "$($certIdentifier)" -Z /Users/$($user.localUsername)/Library/Keychains/login.keychain | grep snbr | awk '{print `$1}' | sed 's/"snbr"<blob>=0x//g')
+        if [[ `$installedCertSN == `$currentCertSN ]]; then
+            installedCertSHA=`$(/bin/launchctl asuser "`$currentUserUID" sudo -iu "`$currentUser" /usr/bin/security find-certificate -$($macCertSearch) "$($certIdentifier)" -Z /Users/$($user.localUsername)/Library/Keychains/login.keychain | grep SHA-1 | awk '{print `$3}')
         fi
+
     else
-        echo "cert already imported"
+        echo "import failed"
+        exit 4
     fi
+else
+    echo "cert already imported"
+fi
 
-    # check if the cert secruity preference is set:
-    IFS=';' read -ra network <<< "`$JCR_NETWORKSSID"
-    for i in "`${network[@]}"; do
-        echo "begin setting network SSID: `$i"
-        if /bin/launchctl asuser "`$currentUserUID" sudo -iu "`$currentUser" /usr/bin/security get-identity-preference -s "com.apple.network.eap.user.identity.wlan.ssid.`$i" -Z "`$installedCertSHA"; then
-            echo "it was already set"
+# check if the cert secruity preference is set:
+IFS=';' read -ra network <<< "`$JCR_NETWORKSSID"
+for i in "`${network[@]}"; do
+    echo "begin setting network SSID: `$i"
+    if /bin/launchctl asuser "`$currentUserUID" sudo -iu "`$currentUser" /usr/bin/security get-identity-preference -s "com.apple.network.eap.user.identity.wlan.ssid.`$i" -Z "`$installedCertSHA"; then
+        echo "it was already set"
+    else
+        echo "certificate not linked from SSID: `$i to certSN: `$currentCertSN, setting now"
+        /bin/launchctl asuser "`$currentUserUID" sudo -iu "`$currentUser" /usr/bin/security set-identity-preference -s "com.apple.network.eap.user.identity.wlan.ssid.`$i" -Z "`$installedCertSHA"
+        if [[ `$? -eq 0 ]]; then
+        echo "SSID: `$i and certificate linked"
         else
-            echo "certificate not linked from SSID: `$i to certSN: `$currentCertSN, setting now"
-            /bin/launchctl asuser "`$currentUserUID" sudo -iu "`$currentUser" /usr/bin/security set-identity-preference -s "com.apple.network.eap.user.identity.wlan.ssid.`$i" -Z "`$installedCertSHA"
-            if [[ `$? -eq 0 ]]; then
-            echo "SSID: `$i and certificate linked"
-            else
-                echo "Could not associate SSID: `$i and certifiacte"
-            fi
+            echo "Could not associate SSID: `$i and certifiacte"
         fi
-    done
-
-    # print results
-    echo "################## Cert Install Results ##################"
-    echo "Installed Cert SN: `$installedCertSN"
-    echo "Installed Cert SHA1: `$installedCertSHA"
-    echo "##########################################################"
-
-    # Finally clean up files
-    if [[ -f "/tmp/$($user.userName)-client-signed.zip" ]]; then
-        echo "Removing Temp Zip"
-        rm "/tmp/$($user.userName)-client-signed.zip"
-    fi
-    if [[ -f "/tmp/$($user.userName)-client-signed.pfx" ]]; then
-        echo "Removing Temp Pfx"
-        rm "/tmp/$($user.userName)-client-signed.pfx"
     fi
+done
+
+# print results
+echo "################## Cert Install Results ##################"
+echo "Installed Cert SN: `$installedCertSN"
+echo "Installed Cert SHA1: `$installedCertSHA"
+echo "##########################################################"
+
+# Finally clean up files
+if [[ -f "/tmp/$($user.userName)-client-signed.zip" ]]; then
+    echo "Removing Temp Zip"
+    rm "/tmp/$($user.userName)-client-signed.zip"
+fi
+if [[ -f "/tmp/$($user.userName)-client-signed.pfx" ]]; then
+    echo "Removing Temp Pfx"
+    rm "/tmp/$($user.userName)-client-signed.pfx"
+fi
 
-    # update si table
-    # The conf file is JSON and can be parsed using JSON.parse() in a supported language.
-    conf="`$(cat /opt/jc/jcagent.conf)"
-    regex='\"systemKey\":\"([a-zA-Z0-9_]+)\"'
-    if [[ `${conf} =~ `$regex ]] ; then
-    systemKey="`${BASH_REMATCH[1]}"
-    fi
-    # get the certUUID
-    regex='\"certuuid\":\"([a-zA-Z0-9_]+)\"'
-    if [[ `${conf} =~ `$regex ]] ; then
-    certUUID="`${BASH_REMATCH[1]}"
-    fi
+# update si table
+# The conf file is JSON and can be parsed using JSON.parse() in a supported language.
+conf="`$(cat /opt/jc/jcagent.conf)"
+regex='\"systemKey\":\"([a-zA-Z0-9_]+)\"'
+if [[ `${conf} =~ `$regex ]] ; then
+systemKey="`${BASH_REMATCH[1]}"
+fi
+# get the certUUID
+regex='\"certuuid\":\"([a-zA-Z0-9_]+)\"'
+if [[ `${conf} =~ `$regex ]] ; then
+certUUID="`${BASH_REMATCH[1]}"
+fi
 
-    # get the key /cert locations
-    keyLocation="/opt/jc/client.key"
-    certLocation="/opt/jc/client.crt"
-    caCertLocation="/opt/jc/ca.crt"
+# get the key /cert locations
+keyLocation="/opt/jc/client.key"
+certLocation="/opt/jc/client.crt"
+caCertLocation="/opt/jc/ca.crt"
 
-    # Get json certificate data from osquery and add missing windows certificate columns
-    certJson=`$(/opt/jc/bin/jcosqueryi --json "select *, '' AS sid, '' AS store, '' AS store_id, '' AS store_location, '' AS username from certificates;")
+# Get json certificate data from osquery and add missing windows certificate columns
+certJson=`$(/opt/jc/bin/jcosqueryi --json "select *, '' AS sid, '' AS store, '' AS store_id, '' AS store_location, '' AS username from certificates;")
 
-    # post
-    curl --cert `$certLocation --key `$keyLocation --cacert `$caCertLocation \
-    -X POST 'https://agent.jumpcloud.com/systeminsights/snapshots/certificates' \
-    -H "x-system-id: `$systemKey" \
-    -H "x-ssl-client-dn: /CN=`$certUUID/O=JumpCloud" \
-    -H 'Content-Type: application/json' \
-    --data-raw '{
-        "data": '"`$certJson"'
-    }'
+# post
+curl --cert `$certLocation --key `$keyLocation --cacert `$caCertLocation \
+-X POST 'https://agent.jumpcloud.com/systeminsights/snapshots/certificates' \
+-H "x-system-id: `$systemKey" \
+-H "x-ssl-client-dn: /CN=`$certUUID/O=JumpCloud" \
+-H 'Content-Type: application/json' \
+--data-raw '{
+    "data": '"`$certJson"'
+}'
 
 else
-    # restore case match type
-    `$caseMatchOrigValue
-    echo "Current logged in user, `$currentUser, does not match expected certificate user. Please ensure $($user.localUsername) is signed in and retry"
-    # Finally clean up files
-    if [[ -f "/tmp/$($user.userName)-client-signed.zip" ]]; then
-        echo "Removing Temp Zip"
-        rm "/tmp/$($user.userName)-client-signed.zip"
-    fi
-    if [[ -f "/tmp/$($user.userName)-client-signed.pfx" ]]; then
-        echo "Removing Temp Pfx"
-        rm "/tmp/$($user.userName)-client-signed.pfx"
-    fi
-    exit 4
+# restore case match type
+`$caseMatchOrigValue
+echo "Current logged in user, `$currentUser, does not match expected certificate user. Please ensure $($user.localUsername) is signed in and retry"
+# Finally clean up files
+if [[ -f "/tmp/$($user.userName)-client-signed.zip" ]]; then
+    echo "Removing Temp Zip"
+    rm "/tmp/$($user.userName)-client-signed.zip"
+fi
+if [[ -f "/tmp/$($user.userName)-client-signed.pfx" ]]; then
+    echo "Removing Temp Pfx"
+    rm "/tmp/$($user.userName)-client-signed.pfx"
+fi
+exit 4
 fi
 
 "@
-                                launchType        = "trigger"
-                                User              = "000000000000000000000000"
-                                trigger           = "RadiusCertInstall"
-                                commandType       = "mac"
-                                timeout           = 600
-                                TimeToLiveSeconds = 864000
-                                files             = (New-JCCommandFile -certFilePath $userPfxZip -FileName "$($user.userName)-client-signed.zip" -FileDestination "/tmp/$($user.userName)-client-signed.zip")
-                            }
-                            $NewCommand = New-JcSdkCommand @CommandBody
-
-                            # Find newly created command and add system as target
-                            $Command = Get-JCCommand -name "RadiusCert-Install:$($user.userName):MacOSX"
-                            $systemIds | ForEach-Object { Set-JcSdkCommandAssociation -CommandId:("$($Command._id)") -Op 'add' -Type:('system') -Id:("$($_.systemId)") | Out-Null }
-                        } catch {
-                            $status_commandGenerated = $false
-                            # throw $_
-                        }
+                        launchType        = "trigger"
+                        User              = "000000000000000000000000"
+                        trigger           = "$($certInfo.sha1)"
+                        commandType       = "mac"
+                        timeout           = 600
+                        TimeToLiveSeconds = 864000
+                        files             = (New-JCCommandFile -certFilePath $userPfxZip -FileName "$($user.userName)-client-signed.zip" -FileDestination "/tmp/$($user.userName)-client-signed.zip")
+                    }
+                    $NewCommand = New-JcSdkCommand @CommandBody
+
+                    # Find newly created command and add system as target
+                    $Command = Get-JcSdkCommand -Filter @("trigger:eq:$($certInfo.sha1)", "commandType:eq:mac")
+                    $workToBeDone.macOSCommandID = $Command.Id
+                    # $systemIds | ForEach-Object {
+                    # Set-JcSdkCommandAssociation -CommandId:("$($Command.Id)") -Op 'add' -Type:('system') -Id:("$($_.systemId)") | Out-Null }
+                } catch {
+                    $status_commandGenerated = $false
+                    # throw $_
+                }
 
-                        $CommandTable = [PSCustomObject]@{
-                            commandId            = $command._id
-                            commandName          = $command.name
-                            commandPreviouslyRun = $false
-                            commandQueued        = $false
-                            systems              = $systemIds
-                        }
+                $CommandTable = [PSCustomObject]@{
+                    commandId            = $command.Id
+                    commandName          = $command.name
+                    commandPreviouslyRun = $false
+                    commandQueued        = $false
+                    systems              = $systemIds
+                }
 
-                        $user.commandAssociations += $CommandTable
+                $user.commandAssociations += $CommandTable
 
-                        # Write-Host "[status] Successfully created $($Command.name): User - $($user.userName); OS - Mac OS X"
-                        $status_commandGenerated = $true
+                # Write-Host "[status] Successfully created $($Command.name): User - $($user.userName); OS - Mac OS X"
+                $status_commandGenerated = $true
 
-                    }
-                    'windows' {
-                        # Get the Windows system ids
-                        $systemIds = (Get-SystemsThatNeedCertWork -userData $user -osType "windows")
-                        # If there are no systemIds to process, skip generating the command:
-                        if ($systemIds.count -eq 0) {
-                            continue
-                        }
-                        # Check to see if previous commands exist
-                        $Command = Get-JCCommand -name "RadiusCert-Install:$($user.userName):Windows"
 
-                        if ($Command.Count -ge 1) {
-                            # $confirmation = Write-Host "[status] RadiusCert-Install:$($user.userName):Windows command already exists, skipping..."
-                            $status_commandGenerated = $false
-                            continue
-                        }
+            }
+            if (($invokeCommands) -And ($workToBeDone.remainingMacOSDevices)) {
+                try {
+                    $commandStart = Start-JcSdkCommand -Id $workToBeDone.macOSCommandID -SystemIds $workToBeDone.remainingMacOSDevices.systemId | Out-Null
+                    $result_deployed = $true
+                } catch {
+                    $result_deployed = $false
+                }
+            }
+            # set the command associations
+            if (($workToBeDone.remainingMacOSDevices) -And ($workToBeDone.macOSCommandID)) {
+
+                $workToBeDone.remainingMacOSDevices | ForEach-Object {
+                    try {
+
+                        $commandAssociation = Set-JcSdkCommandAssociation -CommandId:("$($workToBeDone.macOSCommandID)") -Op 'add' -Type:('system') -Id:("$($_.systemId)") | Out-Null
+                    } catch {
+                        "already exists/ couldn't add" | Out-Null
+                    }
+                }
 
-                        # Create new Command and upload the signed pfx
-                        try {
-                            $CommandBody = @{
-                                Name              = "RadiusCert-Install:$($user.userName):Windows"
-                                Command           = @"
+            }
+            if ($workToBeDone.forceGenerateWindowsCommands) {
+                # Get the Windows system ids
+                $systemIds = (Get-SystemsThatNeedCertWork -userData $user -osType "windows")
+                # If there are no systemIds to process, skip generating the command:
+                if ($systemIds.count -eq 0) {
+                    continue
+                }
+                # Check to see if previous commands exist
+                # $Command = Get-JCCommand -name "RadiusCert-Install:$($user.userName):Windows"
+
+                # if ($Command.Count -ge 1) {
+                #     # $confirmation = Write-Host "[status] RadiusCert-Install:$($user.userName):Windows command already exists, skipping..."
+                #     $status_commandGenerated = $false
+                #     continue
+                # }
+
+                # Create new Command and upload the signed pfx
+                try {
+                    $CommandBody = @{
+                        Name              = "RadiusCert-Install:$($user.userName):Windows"
+                        Command           = @"
 `$ErrorActionPreference = "Stop"
 [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
 `$PkgProvider = Get-PackageProvider
 If ("Nuget" -notin `$PkgProvider.Name){
-    Install-PackageProvider -Name NuGet -Force
+Install-PackageProvider -Name NuGet -Force
 }
 `$CurrentUser = (Get-WMIObject -ClassName Win32_ComputerSystem).Username
 if ( -Not [string]::isNullOrEmpty(`$CurrentUser) ){
-    `$CurrentUser = `$CurrentUser.Split('\')[1]
+`$CurrentUser = `$CurrentUser.Split('\')[1]
 } else {
-    `$CurrentUser = `$null
+`$CurrentUser = `$null
 }
 if (`$CurrentUser -eq "$($user.localUsername)") {
-    if (-not(Get-InstalledModule -Name RunAsUser -errorAction "SilentlyContinue")) {
-        Write-Host "RunAsUser Module not installed, Installing..."
-        Install-Module RunAsUser -Force
-        Import-Module RunAsUser -Force
-    } else {
-        Write-Host "RunAsUser Module installed, importing into session..."
-        Import-Module RunAsUser -Force
-    }
-    # create temp new radius directory
-    If (Test-Path "C:\RadiusCert"){
-        Write-Host "Radius Temp Cert Directory Exists"
-    } else {
-        New-Item "C:\RadiusCert" -itemType Directory
-    }
-    # expand archive as root and copy to temp location
-    Expand-Archive -LiteralPath C:\Windows\Temp\$($user.userName)-client-signed.zip -DestinationPath C:\RadiusCert -Force
-    `$password = ConvertTo-SecureString -String $JCR_USER_CERT_PASS -AsPlainText -Force
-    `$ScriptBlockInstall = { `$password = ConvertTo-SecureString -String $JCR_USER_CERT_PASS -AsPlainText -Force
-    Import-PfxCertificate -Password `$password -FilePath "C:\RadiusCert\$($user.userName)-client-signed.pfx" -CertStoreLocation Cert:\CurrentUser\My
-    }
-    `$imported = Get-PfxData -Password `$password -FilePath "C:\RadiusCert\$($user.userName)-client-signed.pfx"
-    # Get Current Certs As User
-    `$ScriptBlockCleanup = {
-        `$certs = Get-ChildItem Cert:\CurrentUser\My\
-
-        foreach (`$cert in `$certs){
-            if (`$cert.subject -match "$($certIdentifier)") {
-                if (`$(`$cert.serialNumber) -eq "$($certInfo.serial)"){
-                    write-host "Found Cert:``nCert SN: `$(`$cert.serialNumber)"
-                } else {
-                    write-host "Removing Cert:``nCert SN: `$(`$cert.serialNumber)"
-                    Get-ChildItem "Cert:\CurrentUser\My\`$(`$cert.thumbprint)" | remove-item
-                }
+if (-not(Get-InstalledModule -Name RunAsUser -errorAction "SilentlyContinue")) {
+    Write-Host "RunAsUser Module not installed, Installing..."
+    Install-Module RunAsUser -Force
+    Import-Module RunAsUser -Force
+} else {
+    Write-Host "RunAsUser Module installed, importing into session..."
+    Import-Module RunAsUser -Force
+}
+# create temp new radius directory
+If (Test-Path "C:\RadiusCert"){
+    Write-Host "Radius Temp Cert Directory Exists"
+} else {
+    New-Item "C:\RadiusCert" -itemType Directory
+}
+# expand archive as root and copy to temp location
+Expand-Archive -LiteralPath C:\Windows\Temp\$($user.userName)-client-signed.zip -DestinationPath C:\RadiusCert -Force
+`$password = ConvertTo-SecureString -String $JCR_USER_CERT_PASS -AsPlainText -Force
+`$ScriptBlockInstall = { `$password = ConvertTo-SecureString -String $JCR_USER_CERT_PASS -AsPlainText -Force
+Import-PfxCertificate -Password `$password -FilePath "C:\RadiusCert\$($user.userName)-client-signed.pfx" -CertStoreLocation Cert:\CurrentUser\My
+}
+`$imported = Get-PfxData -Password `$password -FilePath "C:\RadiusCert\$($user.userName)-client-signed.pfx"
+# Get Current Certs As User
+`$ScriptBlockCleanup = {
+    `$certs = Get-ChildItem Cert:\CurrentUser\My\
+
+    foreach (`$cert in `$certs){
+        if (`$cert.subject -match "$($certIdentifier)") {
+            if (`$(`$cert.serialNumber) -eq "$($certInfo.serial)"){
+                write-host "Found Cert:``nCert SN: `$(`$cert.serialNumber)"
+            } else {
+                write-host "Removing Cert:``nCert SN: `$(`$cert.serialNumber)"
+                Get-ChildItem "Cert:\CurrentUser\My\`$(`$cert.thumbprint)" | remove-item
             }
         }
     }
-    `$scriptBlockValidate = {
-        if (Get-ChildItem Cert:\CurrentUser\My\`$(`$imported.thumbrprint)){
-            return `$true
-        } else {
-            return `$false
-        }
-    }
-    Write-Host "Importing Pfx Certificate for $($user.userName)"
-    `$certInstall = Invoke-AsCurrentUser -ScriptBlock `$ScriptBlockInstall -CaptureOutput
-    `$certInstall
-    Write-Host "Cleaning Up Previously Installed Certs for $($user.userName)"
-    `$certCleanup = Invoke-AsCurrentUser -ScriptBlock `$ScriptBlockCleanup -CaptureOutput
-    `$certCleanup
-    Write-Host "Validating Installed Certs for $($user.userName)"
-    `$certValidate = Invoke-AsCurrentUser -ScriptBlock `$scriptBlockValidate -CaptureOutput
-    write-host `$certValidate
-
-    # finally clean up temp files:
-    If (Test-Path "C:\Windows\Temp\$($user.userName)-client-signed.zip"){
-        Remove-Item "C:\Windows\Temp\$($user.userName)-client-signed.zip"
-    }
-    If (Test-Path "C:\RadiusCert\$($user.userName)-client-signed.pfx"){
-        Remove-Item "C:\RadiusCert\$($user.userName)-client-signed.pfx"
-    }
-
-    # Lastly validate if the cert was installed
-    if (`$certValidate.Trim() -eq "True"){
-        Write-Host "Cert was installed"
+}
+`$scriptBlockValidate = {
+    if (Get-ChildItem Cert:\CurrentUser\My\`$(`$imported.thumbrprint)){
+        return `$true
     } else {
-        Throw "Cert was not installed"
+        return `$false
     }
+}
+Write-Host "Importing Pfx Certificate for $($user.userName)"
+`$certInstall = Invoke-AsCurrentUser -ScriptBlock `$ScriptBlockInstall -CaptureOutput
+`$certInstall
+Write-Host "Cleaning Up Previously Installed Certs for $($user.userName)"
+`$certCleanup = Invoke-AsCurrentUser -ScriptBlock `$ScriptBlockCleanup -CaptureOutput
+`$certCleanup
+Write-Host "Validating Installed Certs for $($user.userName)"
+`$certValidate = Invoke-AsCurrentUser -ScriptBlock `$scriptBlockValidate -CaptureOutput
+write-host `$certValidate
+
+# finally clean up temp files:
+If (Test-Path "C:\Windows\Temp\$($user.userName)-client-signed.zip"){
+    Remove-Item "C:\Windows\Temp\$($user.userName)-client-signed.zip"
+}
+If (Test-Path "C:\RadiusCert\$($user.userName)-client-signed.pfx"){
+    Remove-Item "C:\RadiusCert\$($user.userName)-client-signed.pfx"
+}
 
-    # update si table
-    # define curl path:
-    `$curlPath = "C:\ProgramData\chocolatey\bin\curl.exe"
-    if (Test-Path -Path `$curlPath) {
-
-        # Parse the systemKey from the cong file.
-        `$config = get-content 'C:\Program Files\JumpCloud\Plugins\Contrib\jcagent.conf'
-        `$regex = 'systemKey\":\"(\w+)\"'
-        `$systemKey = [regex]::Match(`$config, `$regex).Groups[1].Value
-        # get the certUUID
-        `$regex = 'certuuid\":\"(\w+)\"'
-        `$certUUID = [regex]::Match(`$config, `$regex).Groups[1].Value
-
-        # Get the key/ cert location
-        `$keyLocation = "C:\Program Files\JumpCloud\Plugins\Contrib\client.key"
-        `$certLocation = "C:\Program Files\JumpCloud\Plugins\Contrib\client.crt"
-        `$caCertLocation = "C:\Program Files\JumpCloud\Plugins\Contrib\ca.crt"
-
-        # Get json certificate data from osquery
-        `$certs = . "C:\Program Files\JumpCloud\jcosqueryi" --json "select * from certificates"
-        # format the data
-        `$certsText = "{``"data``":`$certs}"
-        # save the data to a temp file
-        `$certJsonFile = "C:\Windows\Temp\jsonFile.txt"
-        `$certsText | Out-File -FilePath `$certJsonFile -Force -Encoding utf8
-        # submit the request
-        C:\ProgramData\chocolatey\bin\curl.exe --cert "`$certLocation" --key "`$keyLocation" --cacert "`$caCertLocation" --header "x-system-id: `$systemKey" --header "x-ssl-client-dn: /CN=`$certUUID/O=JumpCloud" --header "Content-type:application/json " -d @C:\Windows\Temp\jsonFile.txt --url 'https://agent.jumpcloud.com/systeminsights/snapshots/certificates'
-        # remove the temp file
-        Remove-Item -Path `$certJsonFile
-    } else {
-        Write-Host "Curl might not be installed, system insights will update certificate information on this device within an hour"
-    }
+# Lastly validate if the cert was installed
+if (`$certValidate.Trim() -eq "True"){
+    Write-Host "Cert was installed"
 } else {
-    if (`$CurrentUser -eq `$null){
-        Write-Host "No users are signed into the system. Please ensure $($user.userName) is signed in and retry."
-    } else {
-        Write-Host "Current logged in user, `$CurrentUser, does not match expected certificate user. Please ensure $($user.localUsername) is signed in and retry."
-    }
-    # finally clean up temp files:
-    If (Test-Path "C:\Windows\Temp\$($user.userName)-client-signed.zip"){
-        Remove-Item "C:\Windows\Temp\$($user.userName)-client-signed.zip"
-    }
-    If (Test-Path "C:\RadiusCert\$($user.userName)-client-signed.pfx"){
-        Remove-Item "C:\RadiusCert\$($user.userName)-client-signed.pfx"
-    }
-    exit 4
+    Throw "Cert was not installed"
+}
+
+# update si table
+# define curl path:
+`$curlPath = "C:\ProgramData\chocolatey\bin\curl.exe"
+if (Test-Path -Path `$curlPath) {
+
+    # Parse the systemKey from the cong file.
+    `$config = get-content 'C:\Program Files\JumpCloud\Plugins\Contrib\jcagent.conf'
+    `$regex = 'systemKey\":\"(\w+)\"'
+    `$systemKey = [regex]::Match(`$config, `$regex).Groups[1].Value
+    # get the certUUID
+    `$regex = 'certuuid\":\"(\w+)\"'
+    `$certUUID = [regex]::Match(`$config, `$regex).Groups[1].Value
+
+    # Get the key/ cert location
+    `$keyLocation = "C:\Program Files\JumpCloud\Plugins\Contrib\client.key"
+    `$certLocation = "C:\Program Files\JumpCloud\Plugins\Contrib\client.crt"
+    `$caCertLocation = "C:\Program Files\JumpCloud\Plugins\Contrib\ca.crt"
+
+    # Get json certificate data from osquery
+    `$certs = . "C:\Program Files\JumpCloud\jcosqueryi" --json "select * from certificates"
+    # format the data
+    `$certsText = "{``"data``":`$certs}"
+    # save the data to a temp file
+    `$certJsonFile = "C:\Windows\Temp\jsonFile.txt"
+    `$certsText | Out-File -FilePath `$certJsonFile -Force -Encoding utf8
+    # submit the request
+    C:\ProgramData\chocolatey\bin\curl.exe --cert "`$certLocation" --key "`$keyLocation" --cacert "`$caCertLocation" --header "x-system-id: `$systemKey" --header "x-ssl-client-dn: /CN=`$certUUID/O=JumpCloud" --header "Content-type:application/json " -d @C:\Windows\Temp\jsonFile.txt --url 'https://agent.jumpcloud.com/systeminsights/snapshots/certificates'
+    # remove the temp file
+    Remove-Item -Path `$certJsonFile
+} else {
+    Write-Host "Curl might not be installed, system insights will update certificate information on this device within an hour"
+}
+} else {
+if (`$CurrentUser -eq `$null){
+    Write-Host "No users are signed into the system. Please ensure $($user.userName) is signed in and retry."
+} else {
+    Write-Host "Current logged in user, `$CurrentUser, does not match expected certificate user. Please ensure $($user.localUsername) is signed in and retry."
+}
+# finally clean up temp files:
+If (Test-Path "C:\Windows\Temp\$($user.userName)-client-signed.zip"){
+    Remove-Item "C:\Windows\Temp\$($user.userName)-client-signed.zip"
+}
+If (Test-Path "C:\RadiusCert\$($user.userName)-client-signed.pfx"){
+    Remove-Item "C:\RadiusCert\$($user.userName)-client-signed.pfx"
+}
+exit 4
 }
 "@
-                                launchType        = "trigger"
-                                trigger           = "RadiusCertInstall"
-                                commandType       = "windows"
-                                shell             = "powershell"
-                                timeout           = 600
-                                TimeToLiveSeconds = 864000
-                                files             = (New-JCCommandFile -certFilePath $userPfxZip -FileName "$($user.userName)-client-signed.zip" -FileDestination "C:\Windows\Temp\$($user.userName)-client-signed.zip")
-                            }
-                            $NewCommand = New-JcSdkCommand @CommandBody
-
-                            # Find newly created command and add system as target
-                            $Command = Get-JCCommand -name "RadiusCert-Install:$($user.userName):Windows"
-                            $systemIds | ForEach-Object {
-                                Set-JcSdkCommandAssociation -CommandId:("$($Command._id)") -Op 'add' -Type:('system') -Id:("$($_.systemId)") | Out-Null
-                            }
-                        } catch {
-                            $status_commandGenerated = $false
-                            # throw $_
-                        }
+                        launchType        = "trigger"
+                        trigger           = "$($certInfo.sha1)"
+                        commandType       = "windows"
+                        shell             = "powershell"
+                        timeout           = 600
+                        TimeToLiveSeconds = 864000
+                        files             = (New-JCCommandFile -certFilePath $userPfxZip -FileName "$($user.userName)-client-signed.zip" -FileDestination "C:\Windows\Temp\$($user.userName)-client-signed.zip")
+                    }
+                    $NewCommand = New-JcSdkCommand @CommandBody
+
+                    # Find newly created command and add system as target
+                    $Command = Get-JcSdkCommand -Filter @("trigger:eq:$($certInfo.sha1)", "commandType:eq:windows")
+                    $workToBeDone.windowsCommandID = $command.Id
+                    # $systemIds | ForEach-Object {
+                    #     Set-JcSdkCommandAssociation -CommandId:("$($workToBeDone.windowsCommandID)") -Op 'add' -Type:('system') -Id:("$($_.systemId)") | Out-Null }
+                } catch {
+                    $status_commandGenerated = $false
+                    # throw $_
+                }
 
-                        $CommandTable = [PSCustomObject]@{
-                            commandId            = $command._id
-                            commandName          = $command.name
-                            commandPreviouslyRun = $false
-                            commandQueued        = $false
-                            systems              = $systemIds
-                        }
+                $CommandTable = [PSCustomObject]@{
+                    commandId            = $workToBeDone.windowsCommandID
+                    commandName          = $command.name
+                    commandPreviouslyRun = $false
+                    commandQueued        = $false
+                    systems              = $systemIds
+                }
 
-                        $user.commandAssociations += $CommandTable
-                        # Write-Host "[status] Successfully created $($Command.name): User - $($user.userName); OS - Windows"
-                        $status_commandGenerated = $true
+                $user.commandAssociations += $CommandTable
+                # Write-Host "[status] Successfully created $($Command.name): User - $($user.userName); OS - Windows"
+                $status_commandGenerated = $true
 
-                    }
-                    $null {
-                        Write-host "$($user.username) is not associated with any systems, skipping command generation"
-                        $status_commandGenerated = $false
-                        $result_deployed = $false
-                    }
+            }
+            if (($invokeCommands) -AND ($workToBeDone.remainingWindowsSDevices)) {
+                try {
+                    $commandStart = Start-JcSdkCommand -Id $workToBeDone.windowsCommandID -SystemIds $workToBeDone.remainingWindowsSDevices.systemId | Out-Null
+                    $result_deployed = $true
+                } catch {
+                    $result_deployed = $false
                 }
             }
-            # Update the user table with the information from the generated commands:
-            $userObjectFromTable, $userIndex = Get-UserFromTable -userid $user.userid
-
-            Set-UserTable -index $userIndex -commandAssociationsObject $user.commandAssociations
-            switch ($invokeCommands) {
-                $true {
-                    # finally update the user table to note that the command has been run, the cert has been deployed
-                    # get the object once more:
-                    $userObjectFromTable, $userIndex = Get-UserFromTable -userid $user.userid
-                    # Set commandPreviouslyRun property to true if there are command associations to set
-                    if ($userObjectFromTable.commandAssociations) {
-                        $userObjectFromTable.commandAssociations | ForEach-Object { $_.commandPreviouslyRun = $true }
-                        # set the deployed status to true, set the date
-                        if (Get-Member -inputObject $userObjectFromTable.certInfo -name "deployed" -MemberType Properties) {
-                            # if ($userObjectFromTable.certInfo.deployed) {
-                            $userObjectFromTable.certInfo.deployed = $true
-                        } else {
-                            $userObjectFromTable.certInfo | Add-Member -Name 'deployed' -Type NoteProperty -Value $false
+            # set the command associations
+            if (($workToBeDone.remainingWindowsSDevices) -And ($workToBeDone.windowsCommandID)) {
+                $workToBeDone.remainingWindowsSDevices | ForEach-Object {
+                    try {
+                        $commandAssociation = Set-JcSdkCommandAssociation -CommandId:("$($workToBeDone.windowsCommandID)") -Op 'add' -Type:('system') -Id:("$($_.systemId)") | Out-Null
+                    } catch {
+                        "already exists/ couldn't add" | Out-Null
+                    }
+                }
 
-                        }
-                        if (Get-Member -inputObject $userObjectFromTable.certInfo -name "deploymentDate" -MemberType Properties) {
-                            # if ($userObjectFromTable.certInfo.deploymentDate) {
-                            $userObjectFromTable.certInfo.deploymentDate = (Get-Date)
+            }
+        }
+        # if (($workToBeDone.generateMacOSCommands -eq $false) -AND ($workToBeDone.generateWindowsCommands -eq $false)) {
+        #     Write-host "$($user.username) is not associated with any systems, skipping command generation"
+        #     $status_commandGenerated = $false
+        #     $result_deployed = $false
+        # }
+        # TODO: return this object along with results:
+        # Update the user table with the information from the generated commands:
+        $userObjectFromTable, $userIndex = Get-UserFromTable -userid $user.userid
+
+        # Set-UserTable -index $userIndex -commandAssociationsObject $user.commandAssociations
+        switch ($invokeCommands) {
+            $true {
+                # finally update the user table to note that the command has been run, the cert has been deployed
+                # get the object once more:
+                # $userObjectFromTable, $userIndex = Get-UserFromTable -userid $user.userid
+                # Set commandPreviouslyRun property to true if there are command associations to set
+                if ($user.commandAssociations) {
+                    $user.commandAssociations | ForEach-Object { $_.commandPreviouslyRun = $true }
+                    # set the deployed status to true, set the date
+                    if (Get-Member -inputObject $user.certInfo -name "deployed" -MemberType Properties) {
+                        # if ($userObjectFromTable.certInfo.deployed) {
+                        $user.certInfo.deployed = $true
+                    } else {
+                        $user.certInfo | Add-Member -Name 'deployed' -Type NoteProperty -Value $false
 
-                        } else {
+                    }
+                    if (Get-Member -inputObject $user.certInfo -name "deploymentDate" -MemberType Properties) {
+                        # if ($userObjectFromTable.certInfo.deploymentDate) {
+                        $user.certInfo.deploymentDate = (Get-Date)
 
-                            $userObjectFromTable.certInfo | Add-Member -Name 'deploymentDate' -Type NoteProperty -Value (Get-Date)
-                        }
-                        Set-UserTable -index $userIndex -commandAssociationsObject $userObjectFromTable.commandAssociations -certInfoObject $userObjectFromTable.certInfo
-                        $invokeCommands = invoke-commandByUserId -userID $user.userId
-                        $result_deployed = $true
+                    } else {
+                        $user.certInfo | Add-Member -Name 'deploymentDate' -Type NoteProperty -Value (Get-Date)
                     }
-                }
-                $false {
-                    $result_deployed = $false
-                }
-                Default {
+
+
+                    # Set-UserTable -index $userIndex -commandAssociationsObject $userObjectFromTable.commandAssociations -certInfoObject $userObjectFromTable.certInfo
+                    # $invokeCommands = invoke-commandByUserId -userID $user.userId -commandAssociationsObject $($user.commandAssociations)
+
+                    # Start-JcSdkCommand -Id
+                    # $result_deployed = $true
                 }
             }
+            $false {
+                $result_deployed = $false
+            }
+            Default {
+            }
+
 
 
         }
@@ -567,12 +857,23 @@ if (`$CurrentUser -eq "$($user.localUsername)") {
 
     end {
         #TODO: eventually add message if we fail to generate a command
+        # if (($status_commandGenerated)::isNullOrEmpty) {
+        #     $status_commandGenerated = $false
+        # }
+        # if (($result_deployed)::isNullOrEmpty) {
+        #     $result_deployed = $false
+        # }
         $resultTable = [ordered]@{
             'Username'          = $user.username;
             'Command Generated' = $status_commandGenerated;
             'Command Deployed'  = $result_deployed
         }
+        $workDone = [PSCustomObject]@{
+            userIndex                 = $userIndex
+            commandAssociationsObject = $user.commandAssociations
+            certInfoObject            = $user.certInfo
+        }
 
-        return $resultTable
+        return $resultTable, $workDone
     }
 }
diff --git a/scripts/automation/Radius/Functions/Private/Commands/Get-CommandByUsername.ps1 b/scripts/automation/Radius/Functions/Private/Commands/Get-CommandByUsername.ps1
index 4dd8d882f..3e9ab9ec8 100644
--- a/scripts/automation/Radius/Functions/Private/Commands/Get-CommandByUsername.ps1
+++ b/scripts/automation/Radius/Functions/Private/Commands/Get-CommandByUsername.ps1
@@ -11,17 +11,17 @@ function Get-CommandByUsername {
         # define searchFilter
         $SearchFilter = @{
             searchTerm = "RadiusCert-Install:${username}:"
-            fields     = @('name')
+            fields     = @('name', 'trigger', 'commandType')
         }
 
     }
 
     process {
         # Get command Results
-        $commandResults = Search-JcSdkCommand -SearchFilter $SearchFilter -Fields name
+        $commandResults = Search-JcSdkCommand -SearchFilter $SearchFilter -Fields "name trigger commandType"
     }
 
     end {
         return $commandResults
     }
-}
+}
\ No newline at end of file
diff --git a/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1 b/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1
index 8d2035766..738cf88ea 100644
--- a/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1
+++ b/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1
@@ -60,7 +60,11 @@ function Start-DeployUserCerts {
                     }
                 }
                 for ($i = 0; $i -lt $userArray.Count; $i++) {
-                    $result = Deploy-UserCertificate -userObject $userArray[$i] -forceInvokeCommands $invokeCommands
+                    $result, $workDone = Deploy-UserCertificate -userObject $userArray[$i] -forceInvokeCommands $invokeCommands
+                    # update user json
+                    Set-UserTable -index $workDone.userIndex -commandAssociationsObject $workDone.commandAssociationsObject -certInfoObject $workDone.certInfoObject
+
+                    # show progress
                     Show-RadiusProgress -completedItems ($i + 1) -totalItems $userArray.Count -ActionText "Distributing Radius Certificates" -previousOperationResult $result
                 }
                 # return after an action if cli, else stay in function
@@ -87,7 +91,12 @@ function Start-DeployUserCerts {
                     $usersWithoutLatestCert = Get-UsersThatNeedCertWork -userData $userArray
                 }
                 for ($i = 0; $i -lt $usersWithoutLatestCert.Count; $i++) {
-                    $result = Deploy-UserCertificate -userObject $usersWithoutLatestCert[$i] -forceInvokeCommands $invokeCommands
+                    $result, $workDone = Deploy-UserCertificate -userObject $usersWithoutLatestCert[$i] -forceInvokeCommands $invokeCommands
+
+                    # update user json
+                    Set-UserTable -index $workDone.userIndex -commandAssociationsObject $workDone.commandAssociationsObject -certInfoObject $workDone.certInfoObject
+
+                    # show progress
                     Show-RadiusProgress -completedItems ($i + 1) -totalItems $usersWithoutLatestCert.Count -ActionText "Distributing Radius Certificates" -previousOperationResult $result
                 }
                 # return after an action if cli, else stay in function
@@ -133,12 +142,16 @@ function Start-DeployUserCerts {
                     # Process existing commands/ Generate new commands/ Deploy new Certificate
                     switch ($PSCmdlet.ParameterSetName) {
                         'gui' {
-                            $result = Deploy-UserCertificate -userObject $UserSelectionArray -prompt
+                            $result, $workDone = Deploy-UserCertificate -userObject $UserSelectionArray -prompt
                         }
                         'cli' {
-                            $result = Deploy-UserCertificate -userObject $UserSelectionArray -forceInvokeCommands $invokeCommands
+                            $result, $workDone = Deploy-UserCertificate -userObject $UserSelectionArray -forceInvokeCommands $invokeCommands
                         }
                     }
+                    # update user json
+                    Set-UserTable -index $workDone.userIndex -commandAssociationsObject $workDone.commandAssociationsObject -certInfoObject $workDone.certInfoObject
+
+                    # show progress
                     Show-RadiusProgress -completedItems $UserSelectionArray.count -totalItems $UserSelectionArray.Count -ActionText "Distributing Radius Certificates" -previousOperationResult $result
                 }
                 # return after an action if cli, else stay in function
diff --git a/scripts/automation/Radius/JumpCloud-Radius.psm1 b/scripts/automation/Radius/JumpCloud-Radius.psm1
index 92cafbf71..05a49d197 100644
--- a/scripts/automation/Radius/JumpCloud-Radius.psm1
+++ b/scripts/automation/Radius/JumpCloud-Radius.psm1
@@ -28,7 +28,7 @@ $global:JCScriptRoot = "$PSScriptRoot"
 # try to get the settings file, create new one if it does not exist:
 $global:JCRConfig = Get-JCRSettingsFile
 
-# if the Certs / UserCerts directories do not exist, create thenm
+# if the Certs / UserCerts directories do not exist, create them
 if (-Not (Test-Path -Path "$JCScriptRoot/Cert" -PathType Container)) {
     New-Item -Path "$JCScriptRoot/Cert" -ItemType Directory
 }

From 85050bc6001e495ef75c8aba7efe18436d1d15b3 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Fri, 11 Oct 2024 13:28:25 -0600
Subject: [PATCH 101/346] cleanup comments

---
 .../CertDeployment/Deploy-UserCertificate.ps1 | 112 +-----------------
 1 file changed, 1 insertion(+), 111 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1 b/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
index 6dda6850e..400a4b5ec 100644
--- a/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
@@ -72,19 +72,6 @@ function Deploy-UserCertificate {
 
     process {
         foreach ($user in $userObject) {
-
-            # Determine the work to be done:
-            ## Does the user have all their certs already distributed
-            ### if so delete their queued commands, commands
-            ## Which types of systems does the user need commands for?
-            ### If only one type, delete the other
-            ## If the user's certs are not all distributed, does the SHA1 value of the current command match the SHA1 of their current cert?
-            ### If yes, skip to association update
-            ### If no, delete the command and create with new cert
-
-
-
-
             ## first determine if the local cert sha is the same as the cert sha in the admin console:
 
             # Get the commands for this user:
@@ -212,18 +199,6 @@ function Deploy-UserCertificate {
                     Clear-JCQueuedCommand -workflowId $commandQueueIDToRemove | Out-Null
                 }
             }
-            # # determine if we need to remove commands/ queued commands if the certs match:
-            # if ($certsMatch) {
-            #     $workToBeDone.removeCommands = $false
-            #     $workToBeDone.removeQueuedCommands = $false
-
-            #     # if there's no commands/ queued commands to remove, set the command Generated status to false
-            #     $status_commandGenerated = $false
-            # } else {
-            #     $workToBeDone.removeCommands = $true
-            #     $workToBeDone.removeQueuedCommands = $true
-            # }
-
             ## determine the systems that need the cert
             try {
                 $userCertHashData = $Global:JCRCertHash["$($user.certInfo.sha1)"]
@@ -261,42 +236,9 @@ function Deploy-UserCertificate {
                     $workToBeDone.forceGenerateWindowsCommands = $true
                 }
             }
-
-            # ## determine which OS commands to generate:
-            # if ($workToBeDone.removeCommands) {
-            #     # if we remove commands, which os type should be generated
-            #     if ($workToBeDone.remainingMacOSDevices) {
-            #         # generate macOS commands
-            #         $workToBeDone.generateMacOSCommands = $true
-            #     }
-            #     if ($workToBeDone.remainingWindowsSDevices) {
-            #         # generate windows commands
-            #         $workToBeDone.generateWindowsCommands = $true
-            #     }
-            # }
-
-
-            ## Begin removal of queued commands + existing command:
-            # remove commands if necessary
-            # If ($workToBeDone.removeCommands) {
-            #     foreach ($command in $radiusCommandsByUser) {
-            #         Remove-JcSdkCommand -Id $command.id | Out-Null
-            #     }
-            # }
-            # # remove queued commands if necessary
-            # if ($workToBeDone.removeQueuedCommands) {
-            #     foreach ($queuedCommand in $queuedRadiusCommandsByUser) {
-            #         Clear-JCQueuedCommand -workflowId $queuedCommand.id | Out-Null
-            #     }
-            # }
             # now clear out the user command associations from users.json
             $User.commandAssociations = @()
-            #### End removal of queued commands + existing command
 
-            # write-host "____"
-            # write-host $certInfo
-            # write-host "____"
-            # validate the certIfo required for installing commands:
             If (-Not $certInfo) {
                 Write-host "$($user.username) did not have a certificate generated"
                 $status_commandGenerated = $false
@@ -319,19 +261,6 @@ function Deploy-UserCertificate {
                 }
             }
 
-            ## If we need to generate commands:
-            # Get the cert type
-            # compress the CERT
-            # upload the command
-            # Get the command ID
-            # Set the command associations
-
-            ## If we are skipping the command generation
-            # update the command associations
-
-            # Report status
-
-
             if (($workToBeDone.forcegenerateMacOSCommands) -OR ($workToBeDone.forceGenerateWindowsCommands)) {
                 # determine certType
                 switch ($JCR_CERT_TYPE) {
@@ -555,8 +484,6 @@ fi
                     # Find newly created command and add system as target
                     $Command = Get-JcSdkCommand -Filter @("trigger:eq:$($certInfo.sha1)", "commandType:eq:mac")
                     $workToBeDone.macOSCommandID = $Command.Id
-                    # $systemIds | ForEach-Object {
-                    # Set-JcSdkCommandAssociation -CommandId:("$($Command.Id)") -Op 'add' -Type:('system') -Id:("$($_.systemId)") | Out-Null }
                 } catch {
                     $status_commandGenerated = $false
                     # throw $_
@@ -605,15 +532,6 @@ fi
                 if ($systemIds.count -eq 0) {
                     continue
                 }
-                # Check to see if previous commands exist
-                # $Command = Get-JCCommand -name "RadiusCert-Install:$($user.userName):Windows"
-
-                # if ($Command.Count -ge 1) {
-                #     # $confirmation = Write-Host "[status] RadiusCert-Install:$($user.userName):Windows command already exists, skipping..."
-                #     $status_commandGenerated = $false
-                #     continue
-                # }
-
                 # Create new Command and upload the signed pfx
                 try {
                     $CommandBody = @{
@@ -761,11 +679,8 @@ exit 4
                     # Find newly created command and add system as target
                     $Command = Get-JcSdkCommand -Filter @("trigger:eq:$($certInfo.sha1)", "commandType:eq:windows")
                     $workToBeDone.windowsCommandID = $command.Id
-                    # $systemIds | ForEach-Object {
-                    #     Set-JcSdkCommandAssociation -CommandId:("$($workToBeDone.windowsCommandID)") -Op 'add' -Type:('system') -Id:("$($_.systemId)") | Out-Null }
                 } catch {
                     $status_commandGenerated = $false
-                    # throw $_
                 }
 
                 $CommandTable = [PSCustomObject]@{
@@ -801,22 +716,11 @@ exit 4
 
             }
         }
-        # if (($workToBeDone.generateMacOSCommands -eq $false) -AND ($workToBeDone.generateWindowsCommands -eq $false)) {
-        #     Write-host "$($user.username) is not associated with any systems, skipping command generation"
-        #     $status_commandGenerated = $false
-        #     $result_deployed = $false
-        # }
-        # TODO: return this object along with results:
-        # Update the user table with the information from the generated commands:
+        # TODO: get the userIndex only?
         $userObjectFromTable, $userIndex = Get-UserFromTable -userid $user.userid
 
-        # Set-UserTable -index $userIndex -commandAssociationsObject $user.commandAssociations
         switch ($invokeCommands) {
             $true {
-                # finally update the user table to note that the command has been run, the cert has been deployed
-                # get the object once more:
-                # $userObjectFromTable, $userIndex = Get-UserFromTable -userid $user.userid
-                # Set commandPreviouslyRun property to true if there are command associations to set
                 if ($user.commandAssociations) {
                     $user.commandAssociations | ForEach-Object { $_.commandPreviouslyRun = $true }
                     # set the deployed status to true, set the date
@@ -834,13 +738,6 @@ exit 4
                     } else {
                         $user.certInfo | Add-Member -Name 'deploymentDate' -Type NoteProperty -Value (Get-Date)
                     }
-
-
-                    # Set-UserTable -index $userIndex -commandAssociationsObject $userObjectFromTable.commandAssociations -certInfoObject $userObjectFromTable.certInfo
-                    # $invokeCommands = invoke-commandByUserId -userID $user.userId -commandAssociationsObject $($user.commandAssociations)
-
-                    # Start-JcSdkCommand -Id
-                    # $result_deployed = $true
                 }
             }
             $false {
@@ -856,13 +753,6 @@ exit 4
 
 
     end {
-        #TODO: eventually add message if we fail to generate a command
-        # if (($status_commandGenerated)::isNullOrEmpty) {
-        #     $status_commandGenerated = $false
-        # }
-        # if (($result_deployed)::isNullOrEmpty) {
-        #     $result_deployed = $false
-        # }
         $resultTable = [ordered]@{
             'Username'          = $user.username;
             'Command Generated' = $status_commandGenerated;

From d39796cbf786eeae42afe8e6fdd8df19c37255fe Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Mon, 14 Oct 2024 15:54:35 -0600
Subject: [PATCH 102/346] fix for duplicate macOS commands

---
 .../Private/CertDeployment/Deploy-UserCertificate.ps1       | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1 b/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
index 400a4b5ec..f7e5a9cd6 100644
--- a/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
@@ -109,10 +109,10 @@ function Deploy-UserCertificate {
                 foreach ($maOSRadiusCommand in $macOSCommands) {
                     if ((-Not $workToBeDone.macOSCommandID) -AND ($maOSRadiusCommand.trigger -eq $certInfo.sha1)) {
                         # set the existing command IDs:
-                        $workToBeDone.macOSCommandID = ($radiusCommandsByUser | Where-Object { $_.Name -match "MacOSX" }).Id
+                        $workToBeDone.macOSCommandID = ($radiusCommandsByUser | Where-Object { $_.Name -match "MacOSX" }).Id | Select-Object -First 1
                     } elseif (($workToBeDone.macOSCommandID) -AND ($maOSRadiusCommand.trigger -eq $certInfo.sha1)) {
                         # add the duplicate command to the list to remove
-                        $workToBeDone.commandIDsToRemove.Add($windowsOSRadiusCommands.Id) | Out-Null
+                        $workToBeDone.commandIDsToRemove.Add($maOSRadiusCommand.Id) | Out-Null
                     } else {
                         # add the command to the list to remove
                         $workToBeDone.commandIDsToRemove.Add($maOSRadiusCommand.Id) | Out-Null
@@ -126,7 +126,7 @@ function Deploy-UserCertificate {
                 foreach ($windowsOSRadiusCommands in $windowsOSCommands) {
                     if ((-Not $workToBeDone.windowsCommandID) -AND ($windowsOSRadiusCommands.trigger -eq $certInfo.sha1)) {
                         # set the existing command IDs:
-                        $workToBeDone.windowsCommandID = ($radiusCommandsByUser | Where-Object { $_.Name -match "Windows" }).Id
+                        $workToBeDone.windowsCommandID = ($radiusCommandsByUser | Where-Object { $_.Name -match "Windows" }).Id | Select-Object -First 1
                     } elseif (($workToBeDone.windowsCommandID) -AND ($windowsOSRadiusCommands.trigger -eq $certInfo.sha1)) {
                         # add the duplicate command to the list to remove
                         $workToBeDone.commandIDsToRemove.Add($windowsOSRadiusCommands.Id) | Out-Null

From 0c7f5555b3176d5fd14386fa8394c777bdef6ced Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Tue, 15 Oct 2024 14:24:47 -0600
Subject: [PATCH 103/346] duplicate cmds replace and force generate commands

---
 .../CertDeployment/Deploy-UserCertificate.ps1 |  70 ++++---
 .../Public/Start-DeployUserCerts.ps1          |  20 +-
 .../Public/Start-DeployUserCerts.Tests.ps1    | 171 ++++++++++++++++++
 .../Radius/Tests/SetupRadiusOrg.ps1           |   7 +
 4 files changed, 238 insertions(+), 30 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1 b/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
index f7e5a9cd6..0e0ccfc08 100644
--- a/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
@@ -107,15 +107,25 @@ function Deploy-UserCertificate {
             if ($macOSCommands) {
                 # verify the certs match for macOS systems:
                 foreach ($maOSRadiusCommand in $macOSCommands) {
-                    if ((-Not $workToBeDone.macOSCommandID) -AND ($maOSRadiusCommand.trigger -eq $certInfo.sha1)) {
-                        # set the existing command IDs:
-                        $workToBeDone.macOSCommandID = ($radiusCommandsByUser | Where-Object { $_.Name -match "MacOSX" }).Id | Select-Object -First 1
-                    } elseif (($workToBeDone.macOSCommandID) -AND ($maOSRadiusCommand.trigger -eq $certInfo.sha1)) {
-                        # add the duplicate command to the list to remove
-                        $workToBeDone.commandIDsToRemove.Add($maOSRadiusCommand.Id) | Out-Null
-                    } else {
-                        # add the command to the list to remove
-                        $workToBeDone.commandIDsToRemove.Add($maOSRadiusCommand.Id) | Out-Null
+                    # if we want to forceGenerate new commands, add all commands to the remove list
+                    switch ($workToBeDone.forceGenerateMacOSCommands) {
+                        $true {
+                            # add the command to the list to remove
+                            $workToBeDone.commandIDsToRemove.Add($maOSRadiusCommand.Id) | Out-Null
+
+                        }
+                        $false {
+                            if ((-Not $workToBeDone.macOSCommandID) -AND ($maOSRadiusCommand.trigger -eq $certInfo.sha1)) {
+                                # set the existing command IDs:
+                                $workToBeDone.macOSCommandID = ($radiusCommandsByUser | Where-Object { $_.Name -match "MacOSX" }).Id | Select-Object -First 1
+                            } elseif (($workToBeDone.macOSCommandID) -AND ($maOSRadiusCommand.trigger -eq $certInfo.sha1)) {
+                                # add the duplicate command to the list to remove
+                                $workToBeDone.commandIDsToRemove.Add($maOSRadiusCommand.Id) | Out-Null
+                            } else {
+                                # add the command to the list to remove
+                                $workToBeDone.commandIDsToRemove.Add($maOSRadiusCommand.Id) | Out-Null
+                            }
+                        }
                     }
                 }
             } else {
@@ -124,15 +134,23 @@ function Deploy-UserCertificate {
             if ($windowsOSCommands) {
                 # verify the certs match for windows systems:
                 foreach ($windowsOSRadiusCommands in $windowsOSCommands) {
-                    if ((-Not $workToBeDone.windowsCommandID) -AND ($windowsOSRadiusCommands.trigger -eq $certInfo.sha1)) {
-                        # set the existing command IDs:
-                        $workToBeDone.windowsCommandID = ($radiusCommandsByUser | Where-Object { $_.Name -match "Windows" }).Id | Select-Object -First 1
-                    } elseif (($workToBeDone.windowsCommandID) -AND ($windowsOSRadiusCommands.trigger -eq $certInfo.sha1)) {
-                        # add the duplicate command to the list to remove
-                        $workToBeDone.commandIDsToRemove.Add($windowsOSRadiusCommands.Id) | Out-Null
-                    } else {
-                        # add the command to the list to remove
-                        $workToBeDone.commandIDsToRemove.Add($windowsOSRadiusCommands.Id) | Out-Null
+                    switch ($workToBeDone.forceGenerateWindowsCommands) {
+                        $true {
+                            # add the command to the list to remove
+                            $workToBeDone.commandIDsToRemove.Add($windowsOSRadiusCommands.Id) | Out-Null
+                        }
+                        $false {
+                            if ((-Not $workToBeDone.windowsCommandID) -AND ($windowsOSRadiusCommands.trigger -eq $certInfo.sha1)) {
+                                # set the existing command IDs:
+                                $workToBeDone.windowsCommandID = ($radiusCommandsByUser | Where-Object { $_.Name -match "Windows" }).Id | Select-Object -First 1
+                            } elseif (($workToBeDone.windowsCommandID) -AND ($windowsOSRadiusCommands.trigger -eq $certInfo.sha1)) {
+                                # add the duplicate command to the list to remove
+                                $workToBeDone.commandIDsToRemove.Add($windowsOSRadiusCommands.Id) | Out-Null
+                            } else {
+                                # add the command to the list to remove
+                                $workToBeDone.commandIDsToRemove.Add($windowsOSRadiusCommands.Id) | Out-Null
+                            }
+                        }
                     }
                 }
             } else {
@@ -143,7 +161,6 @@ function Deploy-UserCertificate {
 
             if ($windowsQueuedCommands) {
                 if ($workToBeDone.windowsCommandID) {
-
                     # Get queued commands that are from a previous command; delete those
                     foreach ($queuedCommand in $windowsQueuedCommands) {
                         if ($queuedCommand.command -eq $workToBeDone.windowsCommandID) {
@@ -237,7 +254,8 @@ function Deploy-UserCertificate {
                 }
             }
             # now clear out the user command associations from users.json
-            $User.commandAssociations = @()
+            # THIS ISN't WORKING
+            $user.commandAssociations = @()
 
             If (-Not $certInfo) {
                 Write-host "$($user.username) did not have a certificate generated"
@@ -481,13 +499,13 @@ fi
                     }
                     $NewCommand = New-JcSdkCommand @CommandBody
 
-                    # Find newly created command and add system as target
-                    $Command = Get-JcSdkCommand -Filter @("trigger:eq:$($certInfo.sha1)", "commandType:eq:mac")
-                    $workToBeDone.macOSCommandID = $Command.Id
                 } catch {
                     $status_commandGenerated = $false
                     # throw $_
                 }
+                # Find newly created command and add system as target
+                $Command = Get-JcSdkCommand -Filter @("trigger:eq:$($certInfo.sha1)", "commandType:eq:mac")
+                $workToBeDone.macOSCommandID = $Command.Id
 
                 $CommandTable = [PSCustomObject]@{
                     commandId            = $command.Id
@@ -676,12 +694,12 @@ exit 4
                     }
                     $NewCommand = New-JcSdkCommand @CommandBody
 
-                    # Find newly created command and add system as target
-                    $Command = Get-JcSdkCommand -Filter @("trigger:eq:$($certInfo.sha1)", "commandType:eq:windows")
-                    $workToBeDone.windowsCommandID = $command.Id
                 } catch {
                     $status_commandGenerated = $false
                 }
+                # Find newly created command and add system as target
+                $Command = Get-JcSdkCommand -Filter @("trigger:eq:$($certInfo.sha1)", "commandType:eq:windows")
+                $workToBeDone.windowsCommandID = $command.Id
 
                 $CommandTable = [PSCustomObject]@{
                     commandId            = $workToBeDone.windowsCommandID
diff --git a/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1 b/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1
index 738cf88ea..ece75e575 100644
--- a/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1
+++ b/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1
@@ -14,7 +14,11 @@ function Start-DeployUserCerts {
         # Force invoke commands after generation
         [Parameter(HelpMessage = 'Switch to force invoke generated commands on systems', ParameterSetName = 'cli')]
         [switch]
-        $forceInvokeCommands
+        $forceInvokeCommands,
+        # Force invoke commands after generation
+        [Parameter(HelpMessage = 'Switch to force generate new commands on systems', ParameterSetName = 'cli')]
+        [switch]
+        $forceGenerateCommands
     )
 
     # Import the users.json file and convert to PSObject
@@ -45,6 +49,14 @@ function Start-DeployUserCerts {
                         $invokeCommands = $false
                     }
                 }
+                switch ($forceGenerateCommands) {
+                    $true {
+                        $generateCommands = $true
+                    }
+                    $false {
+                        $generateCommands = $false
+                    }
+                }
             }
         }
 
@@ -60,7 +72,7 @@ function Start-DeployUserCerts {
                     }
                 }
                 for ($i = 0; $i -lt $userArray.Count; $i++) {
-                    $result, $workDone = Deploy-UserCertificate -userObject $userArray[$i] -forceInvokeCommands $invokeCommands
+                    $result, $workDone = Deploy-UserCertificate -userObject $userArray[$i] -forceInvokeCommands $invokeCommands -forceGenerateCommands $generateCommands
                     # update user json
                     Set-UserTable -index $workDone.userIndex -commandAssociationsObject $workDone.commandAssociationsObject -certInfoObject $workDone.certInfoObject
 
@@ -91,7 +103,7 @@ function Start-DeployUserCerts {
                     $usersWithoutLatestCert = Get-UsersThatNeedCertWork -userData $userArray
                 }
                 for ($i = 0; $i -lt $usersWithoutLatestCert.Count; $i++) {
-                    $result, $workDone = Deploy-UserCertificate -userObject $usersWithoutLatestCert[$i] -forceInvokeCommands $invokeCommands
+                    $result, $workDone = Deploy-UserCertificate -userObject $usersWithoutLatestCert[$i] -forceInvokeCommands $invokeCommands -forceGenerateCommands $generateCommands
 
                     # update user json
                     Set-UserTable -index $workDone.userIndex -commandAssociationsObject $workDone.commandAssociationsObject -certInfoObject $workDone.certInfoObject
@@ -145,7 +157,7 @@ function Start-DeployUserCerts {
                             $result, $workDone = Deploy-UserCertificate -userObject $UserSelectionArray -prompt
                         }
                         'cli' {
-                            $result, $workDone = Deploy-UserCertificate -userObject $UserSelectionArray -forceInvokeCommands $invokeCommands
+                            $result, $workDone = Deploy-UserCertificate -userObject $UserSelectionArray -forceInvokeCommands $invokeCommands -forceGenerateCommands $generateCommands
                         }
                     }
                     # update user json
diff --git a/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
index 4072cce96..1e5c2c62f 100644
--- a/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
@@ -314,4 +314,175 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
             $content -replace ('\$Global:JCR_CERT_TYPE = *.+', '$Global:JCR_CERT_TYPE = "UsernameCn"') | Set-Content -Path $configPath
         }
     }
+    Context 'Duplicate Command / Command Result Tests' {
+        It 'When a duplicate commands with differing trigger SHA1 hashes exists, the command with the old SHA1 hash should be removed' {}
+        It 'When a duplicate commands with the same trigger SHA1 hashes exists, duplicate commands should be removed, only one should remain' {}
+    }
+    Context 'Force Generate Certificate Tests' {
+        It 'When forceGenerate switch is specified, the existing commands & queued commands should be removed' {
+            # create a user that has both a mac and windows association
+            $user = New-RandomUser -Domain "pesterRadius" | New-JCUser
+            $dateBefore = (Get-Date).ToString('MM/dd/yyyy HH:mm:ss')
+            # add user to membership group
+            Add-JCUserGroupMember -GroupID $Global:JCR_USER_GROUP -UserID $user.id
+            # get random system
+            $windowsSystem = Get-JCSystem -os windows | Get-Random -Count 1
+            $macSystem = Get-JCSystem -os "Mac OS X" | Get-Random -Count 1
+            Add-JCSystemUser -UserID $user.id -SystemID $windowsSystem.id
+            Add-JCSystemUser -UserID $user.id -SystemID $macSystem.id
+
+            # update membership
+            Get-JCRGlobalVars -skipAssociation -force
+            # todo: manually update association table to account for new membership
+            Set-JCRAssociationHash -userId $user.id
+            Update-JCRUsersJson
+
+            # Generate a user certificate for the user:
+            Start-GenerateUserCerts -type ByUsername -username $user.username
+
+            # Get the SHA1 hash for the user's cert:
+            $certData = Get-CertInfo -userCerts -username $user.username
+
+            # Mock some commands with the trigger to already exist if they do not exist
+            $macCommandBody = @{
+                Name              = "RadiusCert-Install:$($user.username):MacOSX"
+                Command           = "sha1234"
+                launchType        = "trigger"
+                User              = "000000000000000000000000"
+                trigger           = "$($certData.sha1)"
+                commandType       = "mac"
+                timeout           = 600
+                TimeToLiveSeconds = 864000
+            }
+            $newMacCommand = New-JcSdkCommand @macCommandBody
+            $macCmdBefore = Get-JcSdkCommand -Filter @("trigger:eq:$($certData.sha1)", "commandType:eq:mac")
+
+            # invoke the commands manually to simulate the command queue containing items:
+            Start-JcSdkCommand -Id $macCmdBefore.Id -SystemIds $macSystem.id
+
+            $windowsCommandBody = @{
+                Name              = "RadiusCert-Install:$($user.username):Windows"
+                Command           = "sha1234"
+                launchType        = "trigger"
+                User              = "000000000000000000000000"
+                trigger           = "$($certData.sha1)"
+                commandType       = "windows"
+                timeout           = 600
+                TimeToLiveSeconds = 864000
+            }
+            $newWindowsCommand = New-JcSdkCommand @windowsCommandBody
+            $windowsCmdBefore = Get-JcSdkCommand -Filter @("trigger:eq:$($certData.sha1)", "commandType:eq:windows")
+
+            # invoke the commands manually to simulate the command queue containing items:
+            Start-JcSdkCommand -Id $WindowsCmdBefore.Id -SystemIds $windowsSystem.id
+
+            # Get the queued commands:
+            $queuedCmdsBefore = Get-QueuedCommandByUser -username $user.username
+
+            # Run Start Deploy User Certs by username
+            Start-DeployUserCerts -type ByUsername -username $user.username -forceGenerateCommands
+
+
+            # After running, validate that the commands before execution, no longer exist
+            $macCmdAfter = Get-JcSdkCommand -Filter @("trigger:eq:$($certData.sha1)", "commandType:eq:mac")
+            $windowsCmdAfter = Get-JcSdkCommand -Filter @("trigger:eq:$($certData.sha1)", "commandType:eq:windows")
+            # Get the queued after:
+            $queuedCmdsAfter = Get-QueuedCommandByUser -username $user.username
+            # test that the commands should not exist:
+            $macCmdAfter.id | Should -Not -Contain $macCmdBefore.id
+            $windowsCmdAfter.id | Should -Not -Contain $windowsCmdBefore.id
+            { Get-JcSdkCommand -Id $macCmdBefore.id } | Should -Throw # in other words the command should not exist
+            { Get-JcSdkCommand -Id $windowsCmdBefore.id } | Should -Throw # in other words the command should not exist
+            # test that the queued commands should not exist:
+            $queuedCmdsAfter.id | Should -Not -Contain $queuedCmdsBefore.Id
+            $queuedCmdsAfter.id | Should -BeNullOrEmpty
+            # user.json should have the newID in command associations.
+            $allUserData = Get-UserJsonData
+            $testUserData = $allUserData | Where-Object { $_.username -eq $user.username }
+            $testUserData.commandAssociations.commandId | Should -Not -Contain $macCmdBefore.id
+            $testUserData.commandAssociations.commandId | Should -Not -Contain $windowsCmdBefore.id
+        }
+        It 'When forceGenerate & forceInvoke switches are specified, the existing commands & queued commands should be removed; new commands queues should be queued' {
+            # create a user that has both a mac and windows association
+            $user = New-RandomUser -Domain "pesterRadius" | New-JCUser
+            $dateBefore = (Get-Date).ToString('MM/dd/yyyy HH:mm:ss')
+            # add user to membership group
+            Add-JCUserGroupMember -GroupID $Global:JCR_USER_GROUP -UserID $user.id
+            # get random system
+            $windowsSystem = Get-JCSystem -os windows | Get-Random -Count 1
+            $macSystem = Get-JCSystem -os "Mac OS X" | Get-Random -Count 1
+            Add-JCSystemUser -UserID $user.id -SystemID $windowsSystem.id
+            Add-JCSystemUser -UserID $user.id -SystemID $macSystem.id
+
+            # update membership
+            Get-JCRGlobalVars -skipAssociation -force
+            # todo: manually update association table to account for new membership
+            Set-JCRAssociationHash -userId $user.id
+            Update-JCRUsersJson
+
+            # Generate a user certificate for the user:
+            Start-GenerateUserCerts -type ByUsername -username $user.username
+
+            # Get the SHA1 hash for the user's cert:
+            $certData = Get-CertInfo -userCerts -username $user.username
+
+            # Mock some commands with the trigger to already exist if they do not exist
+            $macCommandBody = @{
+                Name              = "RadiusCert-Install:$($user.username):MacOSX"
+                Command           = "sha1234"
+                launchType        = "trigger"
+                User              = "000000000000000000000000"
+                trigger           = "$($certData.sha1)"
+                commandType       = "mac"
+                timeout           = 600
+                TimeToLiveSeconds = 864000
+            }
+            $newMacCommand = New-JcSdkCommand @macCommandBody
+            $macCmdBefore = Get-JcSdkCommand -Filter @("trigger:eq:$($certData.sha1)", "commandType:eq:mac")
+
+            # invoke the commands manually to simulate the command queue containing items:
+            Start-JcSdkCommand -Id $macCmdBefore.Id -SystemIds $macSystem.id
+
+            $windowsCommandBody = @{
+                Name              = "RadiusCert-Install:$($user.username):Windows"
+                Command           = "sha1234"
+                launchType        = "trigger"
+                User              = "000000000000000000000000"
+                trigger           = "$($certData.sha1)"
+                commandType       = "windows"
+                timeout           = 600
+                TimeToLiveSeconds = 864000
+            }
+            $newWindowsCommand = New-JcSdkCommand @windowsCommandBody
+            $windowsCmdBefore = Get-JcSdkCommand -Filter @("trigger:eq:$($certData.sha1)", "commandType:eq:windows")
+
+            # invoke the commands manually to simulate the command queue containing items:
+            Start-JcSdkCommand -Id $WindowsCmdBefore.Id -SystemIds $windowsSystem.id
+
+            # Get the queued commands:
+            $queuedCmdsBefore = Get-QueuedCommandByUser -username $user.username
+
+            # Run Start Deploy User Certs by username
+            Start-DeployUserCerts -type ByUsername -username $user.username -forceGenerateCommands -forceInvokeCommands
+
+            # After running, validate that the commands before execution, no longer exist
+            $macCmdAfter = Get-JcSdkCommand -Filter @("trigger:eq:$($certData.sha1)", "commandType:eq:mac")
+            $windowsCmdAfter = Get-JcSdkCommand -Filter @("trigger:eq:$($certData.sha1)", "commandType:eq:windows")
+            # Get the queued after:
+            $queuedCmdsAfter = Get-QueuedCommandByUser -username $user.username
+            # test that the commands should not exist:
+            $macCmdAfter.id | Should -Not -Contain $macCmdBefore.id
+            $windowsCmdAfter.id | Should -Not -Contain $windowsCmdBefore.id
+            { Get-JcSdkCommand -Id $macCmdBefore.id } | Should -Throw # in other words the command should not exist
+            { Get-JcSdkCommand -Id $windowsCmdBefore.id } | Should -Throw # in other words the command should not exist
+            # test that the queued commands should not exist:
+            $queuedCmdsAfter.id | Should -Not -Contain $queuedCmdsBefore.Id
+            $queuedCmdsAfter.id | Should -Not -BeNullOrEmpty
+            # user.json should have the newID in command associations.
+            $allUserData = Get-UserJsonData
+            $testUserData = $allUserData | Where-Object { $_.username -eq $user.username }
+            $testUserData.commandAssociations.commandId | Should -Not -Contain $macCmdBefore.id
+            $testUserData.commandAssociations.commandId | Should -Not -Contain $windowsCmdBefore.id
+        }
+    }
 }
\ No newline at end of file
diff --git a/scripts/automation/Radius/Tests/SetupRadiusOrg.ps1 b/scripts/automation/Radius/Tests/SetupRadiusOrg.ps1
index a5720e30c..ab95b4baa 100644
--- a/scripts/automation/Radius/Tests/SetupRadiusOrg.ps1
+++ b/scripts/automation/Radius/Tests/SetupRadiusOrg.ps1
@@ -16,6 +16,13 @@ foreach ($user in $pesterRadiusUsers) {
 Write-Warning "Removing Pester Radius Users with emailDomain: *pesterRadius*"
 $usersToRemove = Get-JCuser -email "*pesterRadius*" | Remove-JCUser -force
 
+# remove existing radius commands in test:
+Write-Warning "Removing Pester Radius Commands"
+$commandsToRemove = Get-JCCommand -Name "RadiusCert-Install:*"
+foreach ($commandToRemove in $commandsToRemove) {
+    Remove-JCCommand -CommandID $commandToRemove._id -force
+}
+
 # Create users
 Write-Warning "Creating New Pester Radius Users"
 # user bound to mac

From 23f5489263a5dd14016a2222dc2483ce0c179712 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Tue, 15 Oct 2024 15:19:04 -0600
Subject: [PATCH 104/346] tests for existing sha cert cmd

---
 .../CertDeployment/Deploy-UserCertificate.ps1 |  33 +++-
 .../Public/Start-DeployUserCerts.Tests.ps1    | 175 +++++++++++++++++-
 .../Radius/Tests/SetupRadiusOrg.ps1           |   2 +-
 3 files changed, 206 insertions(+), 4 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1 b/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
index 0e0ccfc08..782e3c84b 100644
--- a/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
@@ -254,7 +254,6 @@ function Deploy-UserCertificate {
                 }
             }
             # now clear out the user command associations from users.json
-            # THIS ISN't WORKING
             $user.commandAssociations = @()
 
             If (-Not $certInfo) {
@@ -522,6 +521,23 @@ fi
 
 
             }
+
+            if (-Not ($workToBeDone.forceGenerateMacOSCommands) -And ($workToBeDone.macOSCommandID)) {
+                $systemIds = (Get-SystemsThatNeedCertWork -userData $user -osType "macOS")
+
+                $Command = Get-JcSdkCommand -Filter @("trigger:eq:$($certInfo.sha1)", "commandType:eq:windows")
+                $CommandTable = [PSCustomObject]@{
+                    commandId            = $workToBeDone.macOSCommandID
+                    commandName          = $command.name
+                    commandPreviouslyRun = $false
+                    commandQueued        = $false
+                    systems              = $systemIds
+                }
+
+                $user.commandAssociations += $CommandTable
+
+            }
+
             if (($invokeCommands) -And ($workToBeDone.remainingMacOSDevices)) {
                 try {
                     $commandStart = Start-JcSdkCommand -Id $workToBeDone.macOSCommandID -SystemIds $workToBeDone.remainingMacOSDevices.systemId | Out-Null
@@ -712,6 +728,21 @@ exit 4
                 $user.commandAssociations += $CommandTable
                 # Write-Host "[status] Successfully created $($Command.name): User - $($user.userName); OS - Windows"
                 $status_commandGenerated = $true
+            }
+
+            if (-Not ($workToBeDone.forceGenerateWindowsCommands) -And ($workToBeDone.windowsCommandID)) {
+                $systemIds = (Get-SystemsThatNeedCertWork -userData $user -osType "windows")
+
+                $Command = Get-JcSdkCommand -Filter @("trigger:eq:$($certInfo.sha1)", "commandType:eq:windows")
+                $CommandTable = [PSCustomObject]@{
+                    commandId            = $workToBeDone.windowsCommandID
+                    commandName          = $command.name
+                    commandPreviouslyRun = $false
+                    commandQueued        = $false
+                    systems              = $systemIds
+                }
+
+                $user.commandAssociations += $CommandTable
 
             }
             if (($invokeCommands) -AND ($workToBeDone.remainingWindowsSDevices)) {
diff --git a/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
index 1e5c2c62f..521b98e86 100644
--- a/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
@@ -315,8 +315,175 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
         }
     }
     Context 'Duplicate Command / Command Result Tests' {
-        It 'When a duplicate commands with differing trigger SHA1 hashes exists, the command with the old SHA1 hash should be removed' {}
-        It 'When a duplicate commands with the same trigger SHA1 hashes exists, duplicate commands should be removed, only one should remain' {}
+        It 'When a duplicate commands with differing trigger SHA1 hashes exists, the command with the old SHA1 hash should be removed' {
+            # create a user that has both a mac and windows association
+            $user = New-RandomUser -Domain "pesterRadius" | New-JCUser
+            $dateBefore = (Get-Date).ToString('MM/dd/yyyy HH:mm:ss')
+            # add user to membership group
+            Add-JCUserGroupMember -GroupID $Global:JCR_USER_GROUP -UserID $user.id
+            # get random system
+            $windowsSystem = Get-JCSystem -os windows | Get-Random -Count 1
+            $macSystem = Get-JCSystem -os "Mac OS X" | Get-Random -Count 1
+            Add-JCSystemUser -UserID $user.id -SystemID $windowsSystem.id
+            Add-JCSystemUser -UserID $user.id -SystemID $macSystem.id
+
+            # update membership
+            Get-JCRGlobalVars -skipAssociation -force
+            # todo: manually update association table to account for new membership
+            Set-JCRAssociationHash -userId $user.id
+            Update-JCRUsersJson
+
+            # Generate a user certificate for the user:
+            Start-GenerateUserCerts -type ByUsername -username $user.username
+
+            # Get the SHA1 hash for the user's cert:
+            $certData = Get-CertInfo -userCerts -username $user.username
+
+            $oldSha = "$($certData.sha1)1111"
+            # Mock some commands with the trigger to already exist if they do not exist
+            $macCommandBody = @{
+                Name              = "RadiusCert-Install:$($user.username):MacOSX"
+                Command           = "sha1234"
+                launchType        = "trigger"
+                User              = "000000000000000000000000"
+                trigger           = "$($oldSha)"
+                commandType       = "mac"
+                timeout           = 600
+                TimeToLiveSeconds = 864000
+            }
+            $newMacCommand = New-JcSdkCommand @macCommandBody
+            $macCmdBefore = Get-JcSdkCommand -Filter @("trigger:eq:$($oldSha)", "commandType:eq:mac")
+
+            # invoke the commands manually to simulate the command queue containing items:
+            Start-JcSdkCommand -Id $macCmdBefore.Id -SystemIds $macSystem.id
+
+            $windowsCommandBody = @{
+                Name              = "RadiusCert-Install:$($user.username):Windows"
+                Command           = "sha1234"
+                launchType        = "trigger"
+                User              = "000000000000000000000000"
+                trigger           = "$($oldSha)"
+                commandType       = "windows"
+                timeout           = 600
+                TimeToLiveSeconds = 864000
+            }
+            $newWindowsCommand = New-JcSdkCommand @windowsCommandBody
+            $windowsCmdBefore = Get-JcSdkCommand -Filter @("trigger:eq:$($oldSha)", "commandType:eq:windows")
+
+            # invoke the commands manually to simulate the command queue containing items:
+            Start-JcSdkCommand -Id $WindowsCmdBefore.Id -SystemIds $windowsSystem.id
+
+            # Get the queued commands:
+            $queuedCmdsBefore = Get-QueuedCommandByUser -username $user.username
+
+            # Run Start Deploy User Certs by username
+            Start-DeployUserCerts -type ByUsername -username $user.username
+
+            # After running, validate that the commands before execution, no longer exist
+            $macCmdAfter = Get-JcSdkCommand -Filter @("trigger:eq:$($certData.sha1)", "commandType:eq:mac")
+            $windowsCmdAfter = Get-JcSdkCommand -Filter @("trigger:eq:$($certData.sha1)", "commandType:eq:windows")
+            # Get the queued after:
+            $queuedCmdsAfter = Get-QueuedCommandByUser -username $user.username
+            # test that the commands should not exist:
+            $macCmdAfter.id | Should -Not -Contain $macCmdBefore.id
+            $windowsCmdAfter.id | Should -Not -Contain $windowsCmdBefore.id
+            $macCmdAfter | Should -Not -BeNullOrEmpty
+            $windowsCmdAfter | Should -Not -BeNullOrEmpty
+            { Get-JcSdkCommand -Id $macCmdBefore.id } | Should -Throw # in other words the command should not exist
+            { Get-JcSdkCommand -Id $windowsCmdBefore.id } | Should -Throw # in other words the command should not exist
+            # test that the queued commands should not exist:
+            $queuedCmdsAfter.id | Should -Not -Contain $queuedCmdsBefore.Id
+            $queuedCmdsAfter.id | Should -BeNullOrEmpty
+            # user.json should have the newID in command associations.
+            $allUserData = Get-UserJsonData
+            $testUserData = $allUserData | Where-Object { $_.username -eq $user.username }
+            $testUserData.commandAssociations.commandId | Should -Not -Contain $macCmdBefore.id
+            $testUserData.commandAssociations.commandId | Should -Not -Contain $windowsCmdBefore.id
+        }
+        It 'When a single command with the same trigger SHA1 hashes exists, no cert should be generated' {
+            # create a user that has both a mac and windows association
+            $user = New-RandomUser -Domain "pesterRadius" | New-JCUser
+            $dateBefore = (Get-Date).ToString('MM/dd/yyyy HH:mm:ss')
+            # add user to membership group
+            Add-JCUserGroupMember -GroupID $Global:JCR_USER_GROUP -UserID $user.id
+            # get random system
+            $windowsSystem = Get-JCSystem -os windows | Get-Random -Count 1
+            $macSystem = Get-JCSystem -os "Mac OS X" | Get-Random -Count 1
+            Add-JCSystemUser -UserID $user.id -SystemID $windowsSystem.id
+            Add-JCSystemUser -UserID $user.id -SystemID $macSystem.id
+
+            # update membership
+            Get-JCRGlobalVars -skipAssociation -force
+            # todo: manually update association table to account for new membership
+            Set-JCRAssociationHash -userId $user.id
+            Update-JCRUsersJson
+
+            # Generate a user certificate for the user:
+            Start-GenerateUserCerts -type ByUsername -username $user.username
+
+            # Get the SHA1 hash for the user's cert:
+            $certData = Get-CertInfo -userCerts -username $user.username
+            # Mock some commands with the trigger to already exist if they do not exist
+            $macCommandBody = @{
+                Name              = "RadiusCert-Install:$($user.username):MacOSX"
+                Command           = "sha1234"
+                launchType        = "trigger"
+                User              = "000000000000000000000000"
+                trigger           = "$($certData.sha1)"
+                commandType       = "mac"
+                timeout           = 600
+                TimeToLiveSeconds = 864000
+            }
+            $newMacCommand = New-JcSdkCommand @macCommandBody
+            $macCmdBefore = Get-JcSdkCommand -Filter @("trigger:eq:$($certData.sha1)", "commandType:eq:mac")
+
+            # invoke the commands manually to simulate the command queue containing items:
+            Start-JcSdkCommand -Id $macCmdBefore.Id -SystemIds $macSystem.id
+
+            $windowsCommandBody = @{
+                Name              = "RadiusCert-Install:$($user.username):Windows"
+                Command           = "sha1234"
+                launchType        = "trigger"
+                User              = "000000000000000000000000"
+                trigger           = "$($certData.sha1)"
+                commandType       = "windows"
+                timeout           = 600
+                TimeToLiveSeconds = 864000
+            }
+            $newWindowsCommand = New-JcSdkCommand @windowsCommandBody
+            $windowsCmdBefore = Get-JcSdkCommand -Filter @("trigger:eq:$($certData.sha1)", "commandType:eq:windows")
+
+            # invoke the commands manually to simulate the command queue containing items:
+            Start-JcSdkCommand -Id $WindowsCmdBefore.Id -SystemIds $windowsSystem.id
+
+            # Get the queued commands:
+            $queuedCmdsBefore = Get-QueuedCommandByUser -username $user.username
+
+            # Run Start Deploy User Certs by username
+            Start-DeployUserCerts -type ByUsername -username $user.username
+
+            # After running, validate that the commands before execution, no longer exist
+            $macCmdAfter = Get-JcSdkCommand -Filter @("trigger:eq:$($certData.sha1)", "commandType:eq:mac")
+            $windowsCmdAfter = Get-JcSdkCommand -Filter @("trigger:eq:$($certData.sha1)", "commandType:eq:windows")
+            # Get the queued after:
+            $queuedCmdsAfter = Get-QueuedCommandByUser -username $user.username
+            # test that the commands should not exist:
+            $macCmdAfter.id | Should -Contain $macCmdBefore.id
+            $windowsCmdAfter.id | Should -Contain $windowsCmdBefore.id
+            $macCmdAfter | Should -Not -BeNullOrEmpty
+            $windowsCmdAfter | Should -Not -BeNullOrEmpty
+            { Get-JcSdkCommand -Id $macCmdBefore.id } | Should -Not -Throw # in other words the command should not exist
+            { Get-JcSdkCommand -Id $windowsCmdBefore.id } | Should -Not -Throw # in other words the command should not exist
+            # test that the queued commands should not exist:
+            $queuedCmdsAfter.id | Should -Not -Contain $queuedCmdsBefore.Id
+            $queuedCmdsAfter.id | Should -BeNullOrEmpty
+            # user.json should have the newID in command associations.
+            $allUserData = Get-UserJsonData
+            $testUserData = $allUserData | Where-Object { $_.username -eq $user.username }
+            $testUserData.commandAssociations.commandId | Should -Contain $macCmdBefore.id
+            $testUserData.commandAssociations.commandId | Should -Contain $windowsCmdBefore.id
+
+        }
     }
     Context 'Force Generate Certificate Tests' {
         It 'When forceGenerate switch is specified, the existing commands & queued commands should be removed' {
@@ -391,6 +558,8 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
             # test that the commands should not exist:
             $macCmdAfter.id | Should -Not -Contain $macCmdBefore.id
             $windowsCmdAfter.id | Should -Not -Contain $windowsCmdBefore.id
+            $macCmdAfter | Should -Not -BeNullOrEmpty
+            $windowsCmdAfter | Should -Not -BeNullOrEmpty
             { Get-JcSdkCommand -Id $macCmdBefore.id } | Should -Throw # in other words the command should not exist
             { Get-JcSdkCommand -Id $windowsCmdBefore.id } | Should -Throw # in other words the command should not exist
             # test that the queued commands should not exist:
@@ -473,6 +642,8 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
             # test that the commands should not exist:
             $macCmdAfter.id | Should -Not -Contain $macCmdBefore.id
             $windowsCmdAfter.id | Should -Not -Contain $windowsCmdBefore.id
+            $macCmdAfter | Should -Not -BeNullOrEmpty
+            $windowsCmdAfter | Should -Not -BeNullOrEmpty
             { Get-JcSdkCommand -Id $macCmdBefore.id } | Should -Throw # in other words the command should not exist
             { Get-JcSdkCommand -Id $windowsCmdBefore.id } | Should -Throw # in other words the command should not exist
             # test that the queued commands should not exist:
diff --git a/scripts/automation/Radius/Tests/SetupRadiusOrg.ps1 b/scripts/automation/Radius/Tests/SetupRadiusOrg.ps1
index ab95b4baa..f72e0e105 100644
--- a/scripts/automation/Radius/Tests/SetupRadiusOrg.ps1
+++ b/scripts/automation/Radius/Tests/SetupRadiusOrg.ps1
@@ -20,7 +20,7 @@ $usersToRemove = Get-JCuser -email "*pesterRadius*" | Remove-JCUser -force
 Write-Warning "Removing Pester Radius Commands"
 $commandsToRemove = Get-JCCommand -Name "RadiusCert-Install:*"
 foreach ($commandToRemove in $commandsToRemove) {
-    Remove-JCCommand -CommandID $commandToRemove._id -force
+    Remove-JCCommand -CommandID $commandToRemove._id -force | out-null
 }
 
 # Create users

From 049eccb42c51bdf76fedde15a7063b5fa56bb50e Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Tue, 15 Oct 2024 15:35:51 -0600
Subject: [PATCH 105/346] test for multiple duplicate commands

---
 .../Public/Start-DeployUserCerts.Tests.ps1    | 110 +++++++++++++++++-
 1 file changed, 109 insertions(+), 1 deletion(-)

diff --git a/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
index 521b98e86..44dd58151 100644
--- a/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
@@ -400,7 +400,7 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
             $testUserData.commandAssociations.commandId | Should -Not -Contain $macCmdBefore.id
             $testUserData.commandAssociations.commandId | Should -Not -Contain $windowsCmdBefore.id
         }
-        It 'When a single command with the same trigger SHA1 hashes exists, no cert should be generated' {
+        It 'When a single command with the same trigger SHA1 hashes exists, a new cert command should not should be generated' {
             # create a user that has both a mac and windows association
             $user = New-RandomUser -Domain "pesterRadius" | New-JCUser
             $dateBefore = (Get-Date).ToString('MM/dd/yyyy HH:mm:ss')
@@ -484,6 +484,114 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
             $testUserData.commandAssociations.commandId | Should -Contain $windowsCmdBefore.id
 
         }
+        It 'When duplicate commands with the same trigger SHA1 hashes exists, one should be removed, a new command should not be generated' {
+            # create a user that has both a mac and windows association
+            $user = New-RandomUser -Domain "pesterRadius" | New-JCUser
+            $dateBefore = (Get-Date).ToString('MM/dd/yyyy HH:mm:ss')
+            # add user to membership group
+            Add-JCUserGroupMember -GroupID $Global:JCR_USER_GROUP -UserID $user.id
+            # get random system
+            $windowsSystem = Get-JCSystem -os windows | Get-Random -Count 1
+            $macSystem = Get-JCSystem -os "Mac OS X" | Get-Random -Count 1
+            Add-JCSystemUser -UserID $user.id -SystemID $windowsSystem.id
+            Add-JCSystemUser -UserID $user.id -SystemID $macSystem.id
+
+            # update membership
+            Get-JCRGlobalVars -skipAssociation -force
+            # todo: manually update association table to account for new membership
+            Set-JCRAssociationHash -userId $user.id
+            Update-JCRUsersJson
+
+            # Generate a user certificate for the user:
+            Start-GenerateUserCerts -type ByUsername -username $user.username
+
+            # Get the SHA1 hash for the user's cert:
+            $certData = Get-CertInfo -userCerts -username $user.username
+            # Mock some commands with the trigger to already exist if they do not exist
+            $macCommandBody = @{
+                Name              = "RadiusCert-Install:$($user.username):MacOSX"
+                Command           = "sha1234"
+                launchType        = "trigger"
+                User              = "000000000000000000000000"
+                trigger           = "$($certData.sha1)"
+                commandType       = "mac"
+                timeout           = 600
+                TimeToLiveSeconds = 864000
+            }
+            $newMacCommand = New-JcSdkCommand @macCommandBody
+            $macCmdBefore = Get-JcSdkCommand -Filter @("trigger:eq:$($certData.sha1)", "commandType:eq:mac")
+            $macCommandBody = @{
+                Name              = "RadiusCert-Install:$($user.username):MacOSX"
+                Command           = "sha12345"
+                launchType        = "trigger"
+                User              = "000000000000000000000000"
+                trigger           = "$($certData.sha1)"
+                commandType       = "mac"
+                timeout           = 600
+                TimeToLiveSeconds = 864000
+            }
+            $newMacCommand = New-JcSdkCommand @macCommandBody
+            $secondMacCmdBefore = Get-JcSdkCommand -Filter @("trigger:eq:$($certData.sha1)", "commandType:eq:mac")
+            $secondMacCmdBefore.count | Should -BeGreaterThan 1
+
+            # invoke the commands manually to simulate the command queue containing items:
+            Start-JcSdkCommand -Id $macCmdBefore.Id -SystemIds $macSystem.id
+
+            $windowsCommandBody = @{
+                Name              = "RadiusCert-Install:$($user.username):Windows"
+                Command           = "sha1234"
+                launchType        = "trigger"
+                User              = "000000000000000000000000"
+                trigger           = "$($certData.sha1)"
+                commandType       = "windows"
+                timeout           = 600
+                TimeToLiveSeconds = 864000
+            }
+            $newWindowsCommand = New-JcSdkCommand @windowsCommandBody
+            $windowsCmdBefore = Get-JcSdkCommand -Filter @("trigger:eq:$($certData.sha1)", "commandType:eq:windows")
+            $windowsCommandBody = @{
+                Name              = "RadiusCert-Install:$($user.username):Windows"
+                Command           = "sha12345"
+                launchType        = "trigger"
+                User              = "000000000000000000000000"
+                trigger           = "$($certData.sha1)"
+                commandType       = "windows"
+                timeout           = 600
+                TimeToLiveSeconds = 864000
+            }
+            $newWindowsCommand = New-JcSdkCommand @windowsCommandBody
+            $secondWindowsCmdBefore = Get-JcSdkCommand -Filter @("trigger:eq:$($certData.sha1)", "commandType:eq:windows")
+            $secondWindowsCmdBefore.count | Should -BeGreaterThan 1
+
+            # invoke the commands manually to simulate the command queue containing items:
+            Start-JcSdkCommand -Id $WindowsCmdBefore.Id -SystemIds $windowsSystem.id
+
+            # Get the queued commands:
+            $queuedCmdsBefore = Get-QueuedCommandByUser -username $user.username
+
+            # Run Start Deploy User Certs by username
+            Start-DeployUserCerts -type ByUsername -username $user.username
+
+            # After running, validate that the commands before execution, no longer exist
+            $macCmdAfter = Get-JcSdkCommand -Filter @("trigger:eq:$($certData.sha1)", "commandType:eq:mac")
+            $windowsCmdAfter = Get-JcSdkCommand -Filter @("trigger:eq:$($certData.sha1)", "commandType:eq:windows")
+            # Get the queued after:
+            $queuedCmdsAfter = Get-QueuedCommandByUser -username $user.username
+            # test that one of the commands should exist:
+            $macCmdBefore.id | Should -BeIn $macCmdAfter.id
+            $macCmdAfter.count | Should -Be 1
+            $windowsCmdBefore.id | Should -BeIn $windowsCmdAfter.id
+            $windowsCmdAfter.count | Should -Be 1
+
+            # test that the queued commands should not exist:
+            $queuedCmdsAfter.id | Should -Not -Contain $queuedCmdsBefore.Id
+            $queuedCmdsAfter.id | Should -BeNullOrEmpty
+            # user.json should have the newID in command associations.
+            $allUserData = Get-UserJsonData
+            $testUserData = $allUserData | Where-Object { $_.username -eq $user.username }
+            $macCmdBefore.id | Should -BeIn $testUserData.commandAssociations.commandId
+            $windowsCmdBefore.id | Should -BeIn $testUserData.commandAssociations.commandId
+        }
     }
     Context 'Force Generate Certificate Tests' {
         It 'When forceGenerate switch is specified, the existing commands & queued commands should be removed' {

From 062b789b823e39fb8b20a7ef1f5be4ff74a4c7b9 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 16 Oct 2024 13:10:21 -0600
Subject: [PATCH 106/346] consolidate tests

---
 .../CertDeployment/Deploy-UserCertificate.ps1 |   2 +
 .../Public/Start-DeployUserCerts.Tests.ps1    | 137 ++----------------
 2 files changed, 13 insertions(+), 126 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1 b/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
index 782e3c84b..b95f2bc21 100644
--- a/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
@@ -117,6 +117,7 @@ function Deploy-UserCertificate {
                         $false {
                             if ((-Not $workToBeDone.macOSCommandID) -AND ($maOSRadiusCommand.trigger -eq $certInfo.sha1)) {
                                 # set the existing command IDs:
+                                # There is a potential for this to be a bug, if duplicate commands with the same SHA1 trigger exist, this code just selects the first one and removes the second in the next iteration
                                 $workToBeDone.macOSCommandID = ($radiusCommandsByUser | Where-Object { $_.Name -match "MacOSX" }).Id | Select-Object -First 1
                             } elseif (($workToBeDone.macOSCommandID) -AND ($maOSRadiusCommand.trigger -eq $certInfo.sha1)) {
                                 # add the duplicate command to the list to remove
@@ -142,6 +143,7 @@ function Deploy-UserCertificate {
                         $false {
                             if ((-Not $workToBeDone.windowsCommandID) -AND ($windowsOSRadiusCommands.trigger -eq $certInfo.sha1)) {
                                 # set the existing command IDs:
+                                # There is a potential for this to be a bug, if duplicate commands with the same SHA1 trigger exist, this code just selects the first one and removes the second in the next iteration
                                 $workToBeDone.windowsCommandID = ($radiusCommandsByUser | Where-Object { $_.Name -match "Windows" }).Id | Select-Object -First 1
                             } elseif (($workToBeDone.windowsCommandID) -AND ($windowsOSRadiusCommands.trigger -eq $certInfo.sha1)) {
                                 # add the duplicate command to the list to remove
diff --git a/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
index 44dd58151..be4f4a7f3 100644
--- a/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
@@ -315,7 +315,7 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
         }
     }
     Context 'Duplicate Command / Command Result Tests' {
-        It 'When a duplicate commands with differing trigger SHA1 hashes exists, the command with the old SHA1 hash should be removed' {
+        BeforeEach {
             # create a user that has both a mac and windows association
             $user = New-RandomUser -Domain "pesterRadius" | New-JCUser
             $dateBefore = (Get-Date).ToString('MM/dd/yyyy HH:mm:ss')
@@ -339,6 +339,9 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
             # Get the SHA1 hash for the user's cert:
             $certData = Get-CertInfo -userCerts -username $user.username
 
+        }
+        It 'When a duplicate commands with differing trigger SHA1 hashes exists, the command with the old SHA1 hash should be removed' {
+            # Set a different SHA1 value to simulate an older cert command
             $oldSha = "$($certData.sha1)1111"
             # Mock some commands with the trigger to already exist if they do not exist
             $macCommandBody = @{
@@ -401,28 +404,6 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
             $testUserData.commandAssociations.commandId | Should -Not -Contain $windowsCmdBefore.id
         }
         It 'When a single command with the same trigger SHA1 hashes exists, a new cert command should not should be generated' {
-            # create a user that has both a mac and windows association
-            $user = New-RandomUser -Domain "pesterRadius" | New-JCUser
-            $dateBefore = (Get-Date).ToString('MM/dd/yyyy HH:mm:ss')
-            # add user to membership group
-            Add-JCUserGroupMember -GroupID $Global:JCR_USER_GROUP -UserID $user.id
-            # get random system
-            $windowsSystem = Get-JCSystem -os windows | Get-Random -Count 1
-            $macSystem = Get-JCSystem -os "Mac OS X" | Get-Random -Count 1
-            Add-JCSystemUser -UserID $user.id -SystemID $windowsSystem.id
-            Add-JCSystemUser -UserID $user.id -SystemID $macSystem.id
-
-            # update membership
-            Get-JCRGlobalVars -skipAssociation -force
-            # todo: manually update association table to account for new membership
-            Set-JCRAssociationHash -userId $user.id
-            Update-JCRUsersJson
-
-            # Generate a user certificate for the user:
-            Start-GenerateUserCerts -type ByUsername -username $user.username
-
-            # Get the SHA1 hash for the user's cert:
-            $certData = Get-CertInfo -userCerts -username $user.username
             # Mock some commands with the trigger to already exist if they do not exist
             $macCommandBody = @{
                 Name              = "RadiusCert-Install:$($user.username):MacOSX"
@@ -485,28 +466,6 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
 
         }
         It 'When duplicate commands with the same trigger SHA1 hashes exists, one should be removed, a new command should not be generated' {
-            # create a user that has both a mac and windows association
-            $user = New-RandomUser -Domain "pesterRadius" | New-JCUser
-            $dateBefore = (Get-Date).ToString('MM/dd/yyyy HH:mm:ss')
-            # add user to membership group
-            Add-JCUserGroupMember -GroupID $Global:JCR_USER_GROUP -UserID $user.id
-            # get random system
-            $windowsSystem = Get-JCSystem -os windows | Get-Random -Count 1
-            $macSystem = Get-JCSystem -os "Mac OS X" | Get-Random -Count 1
-            Add-JCSystemUser -UserID $user.id -SystemID $windowsSystem.id
-            Add-JCSystemUser -UserID $user.id -SystemID $macSystem.id
-
-            # update membership
-            Get-JCRGlobalVars -skipAssociation -force
-            # todo: manually update association table to account for new membership
-            Set-JCRAssociationHash -userId $user.id
-            Update-JCRUsersJson
-
-            # Generate a user certificate for the user:
-            Start-GenerateUserCerts -type ByUsername -username $user.username
-
-            # Get the SHA1 hash for the user's cert:
-            $certData = Get-CertInfo -userCerts -username $user.username
             # Mock some commands with the trigger to already exist if they do not exist
             $macCommandBody = @{
                 Name              = "RadiusCert-Install:$($user.username):MacOSX"
@@ -520,16 +479,8 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
             }
             $newMacCommand = New-JcSdkCommand @macCommandBody
             $macCmdBefore = Get-JcSdkCommand -Filter @("trigger:eq:$($certData.sha1)", "commandType:eq:mac")
-            $macCommandBody = @{
-                Name              = "RadiusCert-Install:$($user.username):MacOSX"
-                Command           = "sha12345"
-                launchType        = "trigger"
-                User              = "000000000000000000000000"
-                trigger           = "$($certData.sha1)"
-                commandType       = "mac"
-                timeout           = 600
-                TimeToLiveSeconds = 864000
-            }
+            $macCommandBody.Command = "sha12345"
+
             $newMacCommand = New-JcSdkCommand @macCommandBody
             $secondMacCmdBefore = Get-JcSdkCommand -Filter @("trigger:eq:$($certData.sha1)", "commandType:eq:mac")
             $secondMacCmdBefore.count | Should -BeGreaterThan 1
@@ -549,16 +500,8 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
             }
             $newWindowsCommand = New-JcSdkCommand @windowsCommandBody
             $windowsCmdBefore = Get-JcSdkCommand -Filter @("trigger:eq:$($certData.sha1)", "commandType:eq:windows")
-            $windowsCommandBody = @{
-                Name              = "RadiusCert-Install:$($user.username):Windows"
-                Command           = "sha12345"
-                launchType        = "trigger"
-                User              = "000000000000000000000000"
-                trigger           = "$($certData.sha1)"
-                commandType       = "windows"
-                timeout           = 600
-                TimeToLiveSeconds = 864000
-            }
+            $windowsCommandBody.Command = "sha12345"
+
             $newWindowsCommand = New-JcSdkCommand @windowsCommandBody
             $secondWindowsCmdBefore = Get-JcSdkCommand -Filter @("trigger:eq:$($certData.sha1)", "commandType:eq:windows")
             $secondWindowsCmdBefore.count | Should -BeGreaterThan 1
@@ -594,7 +537,7 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
         }
     }
     Context 'Force Generate Certificate Tests' {
-        It 'When forceGenerate switch is specified, the existing commands & queued commands should be removed' {
+        BeforeEach {
             # create a user that has both a mac and windows association
             $user = New-RandomUser -Domain "pesterRadius" | New-JCUser
             $dateBefore = (Get-Date).ToString('MM/dd/yyyy HH:mm:ss')
@@ -654,10 +597,11 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
             # Get the queued commands:
             $queuedCmdsBefore = Get-QueuedCommandByUser -username $user.username
 
+        }
+        It 'When forceGenerate switch is specified, the existing commands & queued commands should be removed' {
             # Run Start Deploy User Certs by username
             Start-DeployUserCerts -type ByUsername -username $user.username -forceGenerateCommands
 
-
             # After running, validate that the commands before execution, no longer exist
             $macCmdAfter = Get-JcSdkCommand -Filter @("trigger:eq:$($certData.sha1)", "commandType:eq:mac")
             $windowsCmdAfter = Get-JcSdkCommand -Filter @("trigger:eq:$($certData.sha1)", "commandType:eq:windows")
@@ -680,65 +624,6 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
             $testUserData.commandAssociations.commandId | Should -Not -Contain $windowsCmdBefore.id
         }
         It 'When forceGenerate & forceInvoke switches are specified, the existing commands & queued commands should be removed; new commands queues should be queued' {
-            # create a user that has both a mac and windows association
-            $user = New-RandomUser -Domain "pesterRadius" | New-JCUser
-            $dateBefore = (Get-Date).ToString('MM/dd/yyyy HH:mm:ss')
-            # add user to membership group
-            Add-JCUserGroupMember -GroupID $Global:JCR_USER_GROUP -UserID $user.id
-            # get random system
-            $windowsSystem = Get-JCSystem -os windows | Get-Random -Count 1
-            $macSystem = Get-JCSystem -os "Mac OS X" | Get-Random -Count 1
-            Add-JCSystemUser -UserID $user.id -SystemID $windowsSystem.id
-            Add-JCSystemUser -UserID $user.id -SystemID $macSystem.id
-
-            # update membership
-            Get-JCRGlobalVars -skipAssociation -force
-            # todo: manually update association table to account for new membership
-            Set-JCRAssociationHash -userId $user.id
-            Update-JCRUsersJson
-
-            # Generate a user certificate for the user:
-            Start-GenerateUserCerts -type ByUsername -username $user.username
-
-            # Get the SHA1 hash for the user's cert:
-            $certData = Get-CertInfo -userCerts -username $user.username
-
-            # Mock some commands with the trigger to already exist if they do not exist
-            $macCommandBody = @{
-                Name              = "RadiusCert-Install:$($user.username):MacOSX"
-                Command           = "sha1234"
-                launchType        = "trigger"
-                User              = "000000000000000000000000"
-                trigger           = "$($certData.sha1)"
-                commandType       = "mac"
-                timeout           = 600
-                TimeToLiveSeconds = 864000
-            }
-            $newMacCommand = New-JcSdkCommand @macCommandBody
-            $macCmdBefore = Get-JcSdkCommand -Filter @("trigger:eq:$($certData.sha1)", "commandType:eq:mac")
-
-            # invoke the commands manually to simulate the command queue containing items:
-            Start-JcSdkCommand -Id $macCmdBefore.Id -SystemIds $macSystem.id
-
-            $windowsCommandBody = @{
-                Name              = "RadiusCert-Install:$($user.username):Windows"
-                Command           = "sha1234"
-                launchType        = "trigger"
-                User              = "000000000000000000000000"
-                trigger           = "$($certData.sha1)"
-                commandType       = "windows"
-                timeout           = 600
-                TimeToLiveSeconds = 864000
-            }
-            $newWindowsCommand = New-JcSdkCommand @windowsCommandBody
-            $windowsCmdBefore = Get-JcSdkCommand -Filter @("trigger:eq:$($certData.sha1)", "commandType:eq:windows")
-
-            # invoke the commands manually to simulate the command queue containing items:
-            Start-JcSdkCommand -Id $WindowsCmdBefore.Id -SystemIds $windowsSystem.id
-
-            # Get the queued commands:
-            $queuedCmdsBefore = Get-QueuedCommandByUser -username $user.username
-
             # Run Start Deploy User Certs by username
             Start-DeployUserCerts -type ByUsername -username $user.username -forceGenerateCommands -forceInvokeCommands
 

From e9008f7ed32f7dd251e98b1fa7199d7ffe765e73 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 16 Oct 2024 14:37:40 -0600
Subject: [PATCH 107/346] do not force generate commands when using the GUI

---
 .../Radius/Functions/Public/Start-DeployUserCerts.ps1  | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1 b/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1
index ece75e575..c91397ca2 100644
--- a/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1
+++ b/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1
@@ -32,6 +32,16 @@ function Start-DeployUserCerts {
                 Show-DistributionMenu -CertObjectArray $userArray.certInfo -usersThatNeedCert $usersWithoutLatestCert.count -totalUserCount $userArray.count
                 $confirmation = Read-Host "Please make a selection"
 
+                # This can be updated later if necessary but for now if using the GUI, the $forceGenerateCommands switch will always be false
+                # Thus the GUI will never overwrite commands unless the SHA1 value does not match the local cert SHA1
+                switch ($forceGenerateCommands) {
+                    $true {
+                        $generateCommands = $true
+                    }
+                    $false {
+                        $generateCommands = $false
+                    }
+                }
             }
             'cli' {
                 $confirmationMap = @{

From b1a94c31c7e33fb4b76f03d2766f7283a9fa3015 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Thu, 17 Oct 2024 15:55:06 -0600
Subject: [PATCH 108/346] parallel cert distribution first pass

---
 .../Public/Start-DeployUserCerts.ps1          | 119 ++++++++++++++++--
 1 file changed, 107 insertions(+), 12 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1 b/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1
index c91397ca2..1635e6f2e 100644
--- a/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1
+++ b/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1
@@ -81,14 +81,67 @@ function Start-DeployUserCerts {
                         }
                     }
                 }
-                for ($i = 0; $i -lt $userArray.Count; $i++) {
-                    $result, $workDone = Deploy-UserCertificate -userObject $userArray[$i] -forceInvokeCommands $invokeCommands -forceGenerateCommands $generateCommands
-                    # update user json
-                    Set-UserTable -index $workDone.userIndex -commandAssociationsObject $workDone.commandAssociationsObject -certInfoObject $workDone.certInfoObject
 
-                    # show progress
-                    Show-RadiusProgress -completedItems ($i + 1) -totalItems $userArray.Count -ActionText "Distributing Radius Certificates" -previousOperationResult $result
+                # set thread safe variables:
+                $resultArray = [System.Collections.Concurrent.ConcurrentBag[object]]::new()
+                $workDoneArray = [System.Collections.Concurrent.ConcurrentBag[object]]::new()
+
+                $userArray| Foreach-Object -ThrottleLimit 5 -Parallel {
+                    # set the required variables
+                    $JCAPIKEY = $using:JCAPIKEY
+                    $JCORGID = $using:JCORGID
+                    $JCScriptRoot = $using:JCScriptRoot
+
+                    # set the required global variables
+                    $Global:JCRUsers = $using:JCRUsers
+                    $Global:JCRSystems = $using:JCRSystems
+                    $Global:JCRAssociations = $using:JCRAssociations
+                    $Global:JCRRadiusMembers = $using:JCRRadiusMembers
+                    $Global:JCRCertHash = $using:JCRCertHash
+
+                    # set the thread safe variables
+                    $resultArray = $using:resultArray
+                    $workDoneArray = $using:workDoneArray
+
+                    # import the private functions:
+                    $Private = @( Get-ChildItem -Path "$JCScriptRoot/Functions/Private/*.ps1" -Recurse)
+                    Foreach ($Import in $Private) {
+                        Try {
+                            . $Import.FullName
+                        } Catch {
+                            Write-Error -Message "Failed to import function $($Import.FullName): $_"
+                        }
+                    }
+
+                    # deploy user certs:
+                    $result, $workDone = Deploy-UserCertificate -userObject $_ -forceInvokeCommands $using:invokeCommands -forceGenerateCommands $using:generateCommands
+                    # keep track of results & work done
+                    $resultArray.Add($result)
+                    $WorkDoneArray.Add($workDone)
+
+                }
+
+                # update the userTable:
+                foreach ($item in $workDoneArray) {
+                    Set-UserTable -index $item.userIndex -commandAssociationsObject $item.commandAssociationsObject -certInfoObject $item.certInfoObject
+                }
+
+                # print the progress:
+                $resultCount = $resultArray.Count
+                $resultItemCount = 1
+                foreach ($item in $resultArray) {
+                    Show-RadiusProgress -completedItems ($resultItemCount) -totalItems $resultArray.Count -ActionText "Distributing Radius Certificates" -previousOperationResult $item
+                    $resultItemCount++
                 }
+
+                # for ($i = 0; $i -lt $userArray.Count; $i++) {
+                #     $result, $workDone = Deploy-UserCertificate -userObject $userArray[$i] -forceInvokeCommands $invokeCommands -forceGenerateCommands $generateCommands
+                #     # update user json
+                #     Set-UserTable -index $workDone.userIndex -commandAssociationsObject $workDone.commandAssociationsObject -certInfoObject $workDone.certInfoObject
+
+                #     # show progress
+                #     Show-RadiusProgress -completedItems ($i + 1) -totalItems $userArray.Count -ActionText "Distributing Radius Certificates" -previousOperationResult $result
+                # }
                 # return after an action if cli, else stay in function
                 switch ($PSCmdlet.ParameterSetName) {
                     'gui' {
@@ -112,14 +165,56 @@ function Start-DeployUserCerts {
                 if (-Not $usersWithoutLatestCert) {
                     $usersWithoutLatestCert = Get-UsersThatNeedCertWork -userData $userArray
                 }
-                for ($i = 0; $i -lt $usersWithoutLatestCert.Count; $i++) {
-                    $result, $workDone = Deploy-UserCertificate -userObject $usersWithoutLatestCert[$i] -forceInvokeCommands $invokeCommands -forceGenerateCommands $generateCommands
 
-                    # update user json
-                    Set-UserTable -index $workDone.userIndex -commandAssociationsObject $workDone.commandAssociationsObject -certInfoObject $workDone.certInfoObject
+                # set thread safe variables:
+                $resultArray = [System.Collections.Concurrent.ConcurrentBag[object]]::new()
+                $workDoneArray = [System.Collections.Concurrent.ConcurrentBag[object]]::new()
+                # foreach user:
+                $usersWithoutLatestCert | Foreach-Object -ThrottleLimit 5 -Parallel {
+                    # set the required variables
+                    $JCAPIKEY = $using:JCAPIKEY
+                    $JCORGID = $using:JCORGID
+                    $JCScriptRoot = $using:JCScriptRoot
 
-                    # show progress
-                    Show-RadiusProgress -completedItems ($i + 1) -totalItems $usersWithoutLatestCert.Count -ActionText "Distributing Radius Certificates" -previousOperationResult $result
+                    # set the required global variables
+                    $Global:JCRUsers = $using:JCRUsers
+                    $Global:JCRSystems = $using:JCRSystems
+                    $Global:JCRAssociations = $using:JCRAssociations
+                    $Global:JCRRadiusMembers = $using:JCRRadiusMembers
+                    $Global:JCRCertHash = $using:JCRCertHash
+
+                    # set the thread safe variables
+                    $resultArray = $using:resultArray
+                    $workDoneArray = $using:workDoneArray
+
+                    # import the private functions:
+                    $Private = @( Get-ChildItem -Path "$JCScriptRoot/Functions/Private/*.ps1" -Recurse)
+                    Foreach ($Import in $Private) {
+                        Try {
+                            . $Import.FullName
+                        } Catch {
+                            Write-Error -Message "Failed to import function $($Import.FullName): $_"
+                        }
+                    }
+
+                    # deploy user certs:
+                    $result, $workDone = Deploy-UserCertificate -userObject $_ -forceInvokeCommands $using:invokeCommands -forceGenerateCommands $using:generateCommands
+                    # keep track of results & work done
+                    $resultArray.Add($result)
+                    $WorkDoneArray.Add($workDone)
+                }
+
+                # update the userTable:
+                foreach ($item in $workDoneArray) {
+                    Set-UserTable -index $item.userIndex -commandAssociationsObject $item.commandAssociationsObject -certInfoObject $item.certInfoObject
+                }
+
+                # print the progress:
+                $resultCount = $resultArray.Count
+                $resultItemCount = 1
+                foreach ($item in $resultArray) {
+                    Show-RadiusProgress -completedItems ($resultItemCount) -totalItems $resultArray.Count -ActionText "Distributing Radius Certificates" -previousOperationResult $item
+                    $resultItemCount++
                 }
                 # return after an action if cli, else stay in function
                 switch ($PSCmdlet.ParameterSetName) {

From 5292049496a9ede79462780243b30227d6bc2161 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Fri, 18 Oct 2024 07:52:35 -0600
Subject: [PATCH 109/346] clean up start deploy

---
 .../Radius/Functions/Public/Start-DeployUserCerts.ps1     | 8 --------
 1 file changed, 8 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1 b/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1
index 1635e6f2e..7b8620663 100644
--- a/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1
+++ b/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1
@@ -134,14 +134,6 @@ function Start-DeployUserCerts {
                     $resultItemCount++
                 }
 
-                # for ($i = 0; $i -lt $userArray.Count; $i++) {
-                #     $result, $workDone = Deploy-UserCertificate -userObject $userArray[$i] -forceInvokeCommands $invokeCommands -forceGenerateCommands $generateCommands
-                #     # update user json
-                #     Set-UserTable -index $workDone.userIndex -commandAssociationsObject $workDone.commandAssociationsObject -certInfoObject $workDone.certInfoObject
-
-                #     # show progress
-                #     Show-RadiusProgress -completedItems ($i + 1) -totalItems $userArray.Count -ActionText "Distributing Radius Certificates" -previousOperationResult $result
-                # }
                 # return after an action if cli, else stay in function
                 switch ($PSCmdlet.ParameterSetName) {
                     'gui' {

From 65bc973425bc9a9c06057131fe93e774cec14720 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Mon, 21 Oct 2024 11:40:15 -0600
Subject: [PATCH 110/346] fix for deployment not generating commands for
 windows only users

---
 .../CertDeployment/Deploy-UserCertificate.ps1 | 143 ++++++++----------
 1 file changed, 66 insertions(+), 77 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1 b/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
index b95f2bc21..abb88d655 100644
--- a/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
@@ -315,23 +315,13 @@ function Deploy-UserCertificate {
             if ($workToBeDone.forcegenerateMacOSCommands) {
                 # Get the macOS system ids
                 $systemIds = (Get-SystemsThatNeedCertWork -userData $user -osType "macOS")
-                if ($systemIds.count -eq 0) {
-                    continue
-                }
-                # # Check to see if previous commands exist
-                # $Command = Get-JCCommand -name "RadiusCert-Install:$($user.userName):MacOSX"
-
-                # if ($Command.Count -ge 1) {
-                #     # $confirmation = Write-Host "[status] RadiusCert-Install:$($user.userName):MacOSX command already exists, skipping..."
-                #     $status_commandGenerated = $false
-                #     continue
-                # }
+                if ($systemIds.count -gt 0) {
 
-                # Create new Command and upload the signed pfx
-                try {
-                    $CommandBody = @{
-                        Name              = "RadiusCert-Install:$($user.userName):MacOSX"
-                        Command           = @"
+                    # Create new Command and upload the signed pfx
+                    try {
+                        $CommandBody = @{
+                            Name              = "RadiusCert-Install:$($user.userName):MacOSX"
+                            Command           = @"
 unzip -o /tmp/$($user.userName)-client-signed.zip -d /tmp
 chmod 755 /tmp/$($user.userName)-client-signed.pfx
 currentUser=`$(/usr/bin/stat -f%Su /dev/console)
@@ -490,38 +480,39 @@ exit 4
 fi
 
 "@
-                        launchType        = "trigger"
-                        User              = "000000000000000000000000"
-                        trigger           = "$($certInfo.sha1)"
-                        commandType       = "mac"
-                        timeout           = 600
-                        TimeToLiveSeconds = 864000
-                        files             = (New-JCCommandFile -certFilePath $userPfxZip -FileName "$($user.userName)-client-signed.zip" -FileDestination "/tmp/$($user.userName)-client-signed.zip")
-                    }
-                    $NewCommand = New-JcSdkCommand @CommandBody
-
-                } catch {
-                    $status_commandGenerated = $false
-                    # throw $_
-                }
-                # Find newly created command and add system as target
-                $Command = Get-JcSdkCommand -Filter @("trigger:eq:$($certInfo.sha1)", "commandType:eq:mac")
-                $workToBeDone.macOSCommandID = $Command.Id
+                            launchType        = "trigger"
+                            User              = "000000000000000000000000"
+                            trigger           = "$($certInfo.sha1)"
+                            commandType       = "mac"
+                            timeout           = 600
+                            TimeToLiveSeconds = 864000
+                            files             = (New-JCCommandFile -certFilePath $userPfxZip -FileName "$($user.userName)-client-signed.zip" -FileDestination "/tmp/$($user.userName)-client-signed.zip")
+                        }
+                        $NewCommand = New-JcSdkCommand @CommandBody
 
-                $CommandTable = [PSCustomObject]@{
-                    commandId            = $command.Id
-                    commandName          = $command.name
-                    commandPreviouslyRun = $false
-                    commandQueued        = $false
-                    systems              = $systemIds
-                }
+                    } catch {
+                        $status_commandGenerated = $false
+                        # throw $_
+                    }
+                    # Find newly created command and add system as target
+                    $Command = Get-JcSdkCommand -Filter @("trigger:eq:$($certInfo.sha1)", "commandType:eq:mac")
+                    $workToBeDone.macOSCommandID = $Command.Id
+
+                    $CommandTable = [PSCustomObject]@{
+                        commandId            = $command.Id
+                        commandName          = $command.name
+                        commandPreviouslyRun = $false
+                        commandQueued        = $false
+                        systems              = $systemIds
+                    }
 
-                $user.commandAssociations += $CommandTable
+                    $user.commandAssociations += $CommandTable
 
-                # Write-Host "[status] Successfully created $($Command.name): User - $($user.userName); OS - Mac OS X"
-                $status_commandGenerated = $true
+                    # Write-Host "[status] Successfully created $($Command.name): User - $($user.userName); OS - Mac OS X"
+                    $status_commandGenerated = $true
 
 
+                }
             }
 
             if (-Not ($workToBeDone.forceGenerateMacOSCommands) -And ($workToBeDone.macOSCommandID)) {
@@ -565,14 +556,12 @@ fi
                 # Get the Windows system ids
                 $systemIds = (Get-SystemsThatNeedCertWork -userData $user -osType "windows")
                 # If there are no systemIds to process, skip generating the command:
-                if ($systemIds.count -eq 0) {
-                    continue
-                }
-                # Create new Command and upload the signed pfx
-                try {
-                    $CommandBody = @{
-                        Name              = "RadiusCert-Install:$($user.userName):Windows"
-                        Command           = @"
+                if ($systemIds.count -gt 0) {
+                    # Create new Command and upload the signed pfx
+                    try {
+                        $CommandBody = @{
+                            Name              = "RadiusCert-Install:$($user.userName):Windows"
+                            Command           = @"
 `$ErrorActionPreference = "Stop"
 [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
 `$PkgProvider = Get-PackageProvider
@@ -702,36 +691,36 @@ If (Test-Path "C:\RadiusCert\$($user.userName)-client-signed.pfx"){
 exit 4
 }
 "@
-                        launchType        = "trigger"
-                        trigger           = "$($certInfo.sha1)"
-                        commandType       = "windows"
-                        shell             = "powershell"
-                        timeout           = 600
-                        TimeToLiveSeconds = 864000
-                        files             = (New-JCCommandFile -certFilePath $userPfxZip -FileName "$($user.userName)-client-signed.zip" -FileDestination "C:\Windows\Temp\$($user.userName)-client-signed.zip")
-                    }
-                    $NewCommand = New-JcSdkCommand @CommandBody
+                            launchType        = "trigger"
+                            trigger           = "$($certInfo.sha1)"
+                            commandType       = "windows"
+                            shell             = "powershell"
+                            timeout           = 600
+                            TimeToLiveSeconds = 864000
+                            files             = (New-JCCommandFile -certFilePath $userPfxZip -FileName "$($user.userName)-client-signed.zip" -FileDestination "C:\Windows\Temp\$($user.userName)-client-signed.zip")
+                        }
+                        $NewCommand = New-JcSdkCommand @CommandBody
 
-                } catch {
-                    $status_commandGenerated = $false
-                }
-                # Find newly created command and add system as target
-                $Command = Get-JcSdkCommand -Filter @("trigger:eq:$($certInfo.sha1)", "commandType:eq:windows")
-                $workToBeDone.windowsCommandID = $command.Id
+                    } catch {
+                        $status_commandGenerated = $false
+                    }
+                    # Find newly created command and add system as target
+                    $Command = Get-JcSdkCommand -Filter @("trigger:eq:$($certInfo.sha1)", "commandType:eq:windows")
+                    $workToBeDone.windowsCommandID = $command.Id
+
+                    $CommandTable = [PSCustomObject]@{
+                        commandId            = $workToBeDone.windowsCommandID
+                        commandName          = $command.name
+                        commandPreviouslyRun = $false
+                        commandQueued        = $false
+                        systems              = $systemIds
+                    }
 
-                $CommandTable = [PSCustomObject]@{
-                    commandId            = $workToBeDone.windowsCommandID
-                    commandName          = $command.name
-                    commandPreviouslyRun = $false
-                    commandQueued        = $false
-                    systems              = $systemIds
+                    $user.commandAssociations += $CommandTable
+                    # Write-Host "[status] Successfully created $($Command.name): User - $($user.userName); OS - Windows"
+                    $status_commandGenerated = $true
                 }
-
-                $user.commandAssociations += $CommandTable
-                # Write-Host "[status] Successfully created $($Command.name): User - $($user.userName); OS - Windows"
-                $status_commandGenerated = $true
             }
-
             if (-Not ($workToBeDone.forceGenerateWindowsCommands) -And ($workToBeDone.windowsCommandID)) {
                 $systemIds = (Get-SystemsThatNeedCertWork -userData $user -osType "windows")
 

From 9769fecf68e37a1d69faafbc0c545e37a37a2eb6 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Mon, 21 Oct 2024 11:41:10 -0600
Subject: [PATCH 111/346] tests for parallel command generation + new behavior

---
 .../Public/Start-DeployUserCerts.Tests.ps1    | 34 ++++++++++++++++---
 1 file changed, 30 insertions(+), 4 deletions(-)

diff --git a/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
index be4f4a7f3..6607a88df 100644
--- a/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
@@ -467,6 +467,8 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
         }
         It 'When duplicate commands with the same trigger SHA1 hashes exists, one should be removed, a new command should not be generated' {
             # Mock some commands with the trigger to already exist if they do not exist
+            $possibleMacIDs = New-Object System.Collections.ArrayList
+            $possibleWindowsIDs = New-Object System.Collections.ArrayList
             $macCommandBody = @{
                 Name              = "RadiusCert-Install:$($user.username):MacOSX"
                 Command           = "sha1234"
@@ -479,10 +481,12 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
             }
             $newMacCommand = New-JcSdkCommand @macCommandBody
             $macCmdBefore = Get-JcSdkCommand -Filter @("trigger:eq:$($certData.sha1)", "commandType:eq:mac")
+            $possibleMacIDs.Add($macCmdBefore.id)
             $macCommandBody.Command = "sha12345"
 
             $newMacCommand = New-JcSdkCommand @macCommandBody
             $secondMacCmdBefore = Get-JcSdkCommand -Filter @("trigger:eq:$($certData.sha1)", "commandType:eq:mac")
+            $possibleMacIDs.Add($secondMacCmdBefore.id)
             $secondMacCmdBefore.count | Should -BeGreaterThan 1
 
             # invoke the commands manually to simulate the command queue containing items:
@@ -500,10 +504,12 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
             }
             $newWindowsCommand = New-JcSdkCommand @windowsCommandBody
             $windowsCmdBefore = Get-JcSdkCommand -Filter @("trigger:eq:$($certData.sha1)", "commandType:eq:windows")
+            $possibleWindowsIDs.Add($windowsCmdBefore.id)
             $windowsCommandBody.Command = "sha12345"
 
             $newWindowsCommand = New-JcSdkCommand @windowsCommandBody
             $secondWindowsCmdBefore = Get-JcSdkCommand -Filter @("trigger:eq:$($certData.sha1)", "commandType:eq:windows")
+            $possibleWindowsIDs.Add($secondWindowsCmdBefore.id)
             $secondWindowsCmdBefore.count | Should -BeGreaterThan 1
 
             # invoke the commands manually to simulate the command queue containing items:
@@ -521,10 +527,13 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
             # Get the queued after:
             $queuedCmdsAfter = Get-QueuedCommandByUser -username $user.username
             # test that one of the commands should exist:
-            $macCmdBefore.id | Should -BeIn $macCmdAfter.id
+            # $macCmdBefore.id | Should -BeIn $macCmdAfter.id
             $macCmdAfter.count | Should -Be 1
-            $windowsCmdBefore.id | Should -BeIn $windowsCmdAfter.id
+            $macCmdAfter.id | should -BeIn $possibleMacIDs
+
+            # $windowsCmdBefore.id | Should -BeIn $windowsCmdAfter.id
             $windowsCmdAfter.count | Should -Be 1
+            $windowsCmdAfter.id | should -BeIn $possibleWindowsIDs
 
             # test that the queued commands should not exist:
             $queuedCmdsAfter.id | Should -Not -Contain $queuedCmdsBefore.Id
@@ -532,8 +541,9 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
             # user.json should have the newID in command associations.
             $allUserData = Get-UserJsonData
             $testUserData = $allUserData | Where-Object { $_.username -eq $user.username }
-            $macCmdBefore.id | Should -BeIn $testUserData.commandAssociations.commandId
-            $windowsCmdBefore.id | Should -BeIn $testUserData.commandAssociations.commandId
+
+            $testUserData.commandAssociations.commandId | Should -Contain $windowsCmdAfter.id
+            $testUserData.commandAssociations.commandId | Should -Contain $macCmdAfter.id
         }
     }
     Context 'Force Generate Certificate Tests' {
@@ -649,4 +659,20 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
             $testUserData.commandAssociations.commandId | Should -Not -Contain $windowsCmdBefore.id
         }
     }
+    context 'Deploy by all' {
+        It "deploys user certs by all" {
+            Start-DeployUserCerts -type "All" -forceGenerateCommands -forceInvokeCommands
+            $allUserDataBefore = Get-UserJsonData
+            Start-Sleep 5
+            Start-DeployUserCerts -type "All" -forceGenerateCommands -forceInvokeCommands
+            $allUserDataAfter = Get-UserJsonData
+
+            foreach ($user in $allUserDataBefore) {
+                if ($user.certInfo.deploymentDate) {
+                    $user.certInfo.deploymentDate | Should -BeLessThan ($allUserDataAfter | Where-Object { $_.userName -eq $user.UserName }).certInfo.deploymentDate
+                }
+            }
+        }
+
+    }
 }
\ No newline at end of file

From 85303eee19366c2cdeb50c55485453fcabdcc5d9 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Mon, 21 Oct 2024 11:41:36 -0600
Subject: [PATCH 112/346] formatting + Throttle Limit

---
 .../Radius/Functions/Public/Start-DeployUserCerts.ps1        | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1 b/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1
index 7b8620663..687923576 100644
--- a/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1
+++ b/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1
@@ -86,7 +86,7 @@ function Start-DeployUserCerts {
                 $resultArray = [System.Collections.Concurrent.ConcurrentBag[object]]::new()
                 $workDoneArray = [System.Collections.Concurrent.ConcurrentBag[object]]::new()
 
-                $userArray| Foreach-Object -ThrottleLimit 5 -Parallel {
+                $userArray | Foreach-Object -ThrottleLimit 20 -Parallel {
                     # set the required variables
                     $JCAPIKEY = $using:JCAPIKEY
                     $JCORGID = $using:JCORGID
@@ -118,7 +118,6 @@ function Start-DeployUserCerts {
                     # keep track of results & work done
                     $resultArray.Add($result)
                     $WorkDoneArray.Add($workDone)
-
                 }
 
                 # update the userTable:
@@ -162,7 +161,7 @@ function Start-DeployUserCerts {
                 $resultArray = [System.Collections.Concurrent.ConcurrentBag[object]]::new()
                 $workDoneArray = [System.Collections.Concurrent.ConcurrentBag[object]]::new()
                 # foreach user:
-                $usersWithoutLatestCert | Foreach-Object -ThrottleLimit 5 -Parallel {
+                $usersWithoutLatestCert | Foreach-Object -ThrottleLimit 20 -Parallel {
                     # set the required variables
                     $JCAPIKEY = $using:JCAPIKEY
                     $JCORGID = $using:JCORGID

From e689728a7a008eca6be6b82ec71f2f40560bf568 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Mon, 21 Oct 2024 13:38:40 -0600
Subject: [PATCH 113/346] Tests generate cert

---
 .../automation/Radius/Tests/Public/Get-JCRGlobalVars.Tests.ps1   | 1 +
 scripts/automation/Radius/Tests/SetupRadiusOrg.ps1               | 1 +
 2 files changed, 2 insertions(+)

diff --git a/scripts/automation/Radius/Tests/Public/Get-JCRGlobalVars.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Get-JCRGlobalVars.Tests.ps1
index 15f917399..b2f93cec3 100644
--- a/scripts/automation/Radius/Tests/Public/Get-JCRGlobalVars.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Get-JCRGlobalVars.Tests.ps1
@@ -17,6 +17,7 @@ Describe "Get Global Variable Data Tests" -Tag "Cache" {
                 Write-Error -Message "Failed to import function $($Import.FullName): $_"
             }
         }
+        Start-GenerateRootCert -certKeyPassword "TestCertificate123!@#"
     }
     Context "When no 'data' directory exists" {
         BeforeAll {
diff --git a/scripts/automation/Radius/Tests/SetupRadiusOrg.ps1 b/scripts/automation/Radius/Tests/SetupRadiusOrg.ps1
index f72e0e105..19b0330e4 100644
--- a/scripts/automation/Radius/Tests/SetupRadiusOrg.ps1
+++ b/scripts/automation/Radius/Tests/SetupRadiusOrg.ps1
@@ -79,4 +79,5 @@ if ($IsMacOS) {
     $configContent -replace ('\$Global:JCR_OPENSSL = *.+', "`$Global:JCR_OPENSSL = `"$($brewListBinary)`"") | Set-Content -Path $configPath
 }
 
+$env:certKeyPassword = "TestCertificate123!@#"
 Import-Module "$psscriptRoot/../JumpCloud-Radius.psd1" -Force
\ No newline at end of file

From 5fd981398f0c27f004f801492122c859a1114b05 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Fri, 6 Dec 2024 12:37:28 -0700
Subject: [PATCH 114/346] username from parameter

---
 .../Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1 b/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1
index c9a48bbcf..b7498e82b 100644
--- a/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1
@@ -99,7 +99,7 @@ function Get-CertInfo {
                     }
                     # lastly add the username of the certificate to the hash:
                     $certFile = Get-Item $($cert.Path)
-                    $username = $certFile.name.split('-')[0]
+                    # $username = $certFile.name.split('-')[0]
                     $certHash | Add-Member -Name 'username' -Type NoteProperty -Value $username
                     $certHash | Add-Member -Name 'generated' -Type NoteProperty -Value ($certFile.LastWriteTime.ToString('MM/dd/yyyy HH:mm:ss'))
                     # Add hash to certObj array if the user is a member of the userGroup

From 218dddc80f67771b3f3a21c1e1805c8bcb9ba022 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Fri, 6 Dec 2024 12:39:38 -0700
Subject: [PATCH 115/346] test on 2.0.0 branch

---
 .github/workflows/radius-module-ci.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/radius-module-ci.yml b/.github/workflows/radius-module-ci.yml
index 68b5f753c..9477414d2 100644
--- a/.github/workflows/radius-module-ci.yml
+++ b/.github/workflows/radius-module-ci.yml
@@ -4,7 +4,7 @@ on:
   pull_request:
     # Sequence of patterns matched against refs/heads
     branches:
-      - "master"
+      - "Radius_2.0.0"
     paths:
       - "scripts/automation/Radius/**"
     types: [opened, synchronize, reopened, labeled, unlabeled]

From 5a6df668795380abc7cc4d166ca6c6b1d86240cb Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Fri, 6 Dec 2024 13:03:40 -0700
Subject: [PATCH 116/346] use environment to test

---
 .github/workflows/radius-module-ci.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/radius-module-ci.yml b/.github/workflows/radius-module-ci.yml
index 9477414d2..0739271c2 100644
--- a/.github/workflows/radius-module-ci.yml
+++ b/.github/workflows/radius-module-ci.yml
@@ -128,7 +128,7 @@ jobs:
   Test-Module:
     needs: ["Setup-Build-Dependancies", "Check-PR-Labels", "Validate-Module"]
     runs-on: macos-latest
-    # environment: Test Radius CI
+    environment: Test Radius CI
     timeout-minutes: 75
     strategy:
       fail-fast: false

From 6b772bc18aad1cc44e5d07196ba1281263faf948 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Fri, 6 Dec 2024 13:04:18 -0700
Subject: [PATCH 117/346] env key

---
 .github/workflows/radius-module-ci.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/radius-module-ci.yml b/.github/workflows/radius-module-ci.yml
index 0739271c2..50c4dd46d 100644
--- a/.github/workflows/radius-module-ci.yml
+++ b/.github/workflows/radius-module-ci.yml
@@ -145,12 +145,12 @@ jobs:
       - name: Test PWSH Radius Module
         shell: pwsh
         env:
-          PESTER_APIKEY: ${{ secrets.PESTER_APIKEY }}
-          PESTER_ORGID: ${{ secrets.PESTER_ORGID }}
+          PESTER_APIKEY: ${{ secrets.RADIUSAPIKEY }}
+          PESTER_ORGID: ${{ secrets.RADIUSORGID }}
         run: |
           $items = get-childItem -path "./scripts/automation/Radius/"
           foreach ($item in $items){
             write-host "$($item.FullName)"
           }
           # Invoke Pester
-          . "./scripts/automation/Radius/Tests/Invoke-Pester.ps1" -JumpCloudApiKey "$env:PESTER_APIKEY" -ExcludeTagList "ModuleValidation"
+          . "./scripts/automation/Radius/Tests/Invoke-Pester.ps1" -JumpCloudApiKey "$env:RADIUSAPIKEY" -ExcludeTagList "ModuleValidation"

From 5359665036c204f511fdbad4f9844ae8c4fae99b Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Fri, 6 Dec 2024 13:07:14 -0700
Subject: [PATCH 118/346] revert env

---
 .github/workflows/radius-module-ci.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/radius-module-ci.yml b/.github/workflows/radius-module-ci.yml
index 50c4dd46d..9477414d2 100644
--- a/.github/workflows/radius-module-ci.yml
+++ b/.github/workflows/radius-module-ci.yml
@@ -128,7 +128,7 @@ jobs:
   Test-Module:
     needs: ["Setup-Build-Dependancies", "Check-PR-Labels", "Validate-Module"]
     runs-on: macos-latest
-    environment: Test Radius CI
+    # environment: Test Radius CI
     timeout-minutes: 75
     strategy:
       fail-fast: false
@@ -145,12 +145,12 @@ jobs:
       - name: Test PWSH Radius Module
         shell: pwsh
         env:
-          PESTER_APIKEY: ${{ secrets.RADIUSAPIKEY }}
-          PESTER_ORGID: ${{ secrets.RADIUSORGID }}
+          PESTER_APIKEY: ${{ secrets.PESTER_APIKEY }}
+          PESTER_ORGID: ${{ secrets.PESTER_ORGID }}
         run: |
           $items = get-childItem -path "./scripts/automation/Radius/"
           foreach ($item in $items){
             write-host "$($item.FullName)"
           }
           # Invoke Pester
-          . "./scripts/automation/Radius/Tests/Invoke-Pester.ps1" -JumpCloudApiKey "$env:RADIUSAPIKEY" -ExcludeTagList "ModuleValidation"
+          . "./scripts/automation/Radius/Tests/Invoke-Pester.ps1" -JumpCloudApiKey "$env:PESTER_APIKEY" -ExcludeTagList "ModuleValidation"

From 619dc3be888395c73a60b55c44c4fbe390ac8c1f Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Fri, 6 Dec 2024 13:54:00 -0700
Subject: [PATCH 119/346] update user cert generation tests

---
 .../Public/Start-GenerateUserCerts.Tests.ps1  | 88 ++++++++++++++++++-
 1 file changed, 87 insertions(+), 1 deletion(-)

diff --git a/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1
index 7c2884a3d..0b2b1d992 100644
--- a/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1
@@ -146,7 +146,93 @@ Describe 'Generate User Cert Tests' -Tag "GenerateUserCerts" {
 
 
     }
-    Context 'Certs generated by username' {
+    Context 'Certs generated for users with users with localUsernames and special characters' {
+
+        BeforeEach {
+            # create a new user
+            $user = New-RandomUser -Domain "pesterRadius" | New-JCUser
+
+        }
+        it 'A user with a localUsername (SystemUsername) will generate a cert' {
+            # manually set the user
+            $headers = @{
+                "x-api-key"    = "$env:JCApiKey"
+                "content-type" = "application/json"
+            }
+            # set a unique systemUsername for the user
+            $body = @{
+                'systemUsername' = "$($user.username)$($user.unix_guid)"
+            } | ConvertTo-Json
+            # update the user
+            $response = Invoke-RestMethod -Uri "https://console.jumpcloud.com/api/systemusers/$($user.id)" -Method PUT -Headers $headers -ContentType 'application/json' -Body $body
+            # add a user to the radius Group
+            Add-JCUserGroupMember -GroupID $Global:JCR_USER_GROUP -UserID $user.id
+            # Get the certs before
+            $certsBefore = Get-ChildItem -Path "$JCScriptRoot/UserCerts"
+            # wait one moment
+            Start-Sleep 2
+            # update the cache
+            Get-JCRGlobalVars -force -skipAssociation -associateManually
+            # wait just one moment before testing membership since we are writing a file
+            Start-Sleep 1
+            # the new user should be in the membership list:
+            $global:JCRRadiusMembers.username | Should -Contain $user.username
+            # Generate the user cert:
+            Start-GenerateUserCerts -type ByUsername -username $($user.username) -forceReplaceCerts
+            # Get the certs after
+            $certsAfter = Get-ChildItem -Path "$JCScriptRoot/UserCerts"
+            # filter by username
+            $UserCerts = $certsAfter | Where-Object { $_.Name -match "$($user.username)" }
+            # the files and each type of expected cert file should exist
+            # specifically for this test, the username should not be the localUsername (systemUsername)
+            $UserCerts.Name | Should -Match $user.username
+            $userCerts.Name | Should -Not -Match $response.systemUsername
+            $UserCerts.fullname | where-object { $_ -match ".csr" } | Should -exist
+            $UserCerts.fullname | where-object { $_ -match ".pfx" } | Should -exist
+            $UserCerts.fullname | where-object { $_ -match ".crt" } | Should -exist
+            $UserCerts.fullname | where-object { $_ -match ".key" } | Should -exist
+
+        }
+        it 'A user with a hyphen in their username will generate a cert' {
+            # manually update the user with a hyphen in their username
+            $user = Set-JCSdkUser -id $($user.id) -username "$($user.username)-$($user.username)"
+            # add a user to the radius Group
+            Add-JCUserGroupMember -GroupID $Global:JCR_USER_GROUP -UserID $user.id
+            # Get the certs before
+            $certsBefore = Get-ChildItem -Path "$JCScriptRoot/UserCerts"
+            # wait one moment
+            Start-Sleep 2
+            # update the cache
+            Get-JCRGlobalVars -force -skipAssociation -associateManually
+            # wait just one moment before testing membership since we are writing a file
+            Start-Sleep 1
+            # the new user should be in the membership list:
+            $global:JCRRadiusMembers.username | Should -Contain $user.username
+            # Generate the user cert:
+            Start-GenerateUserCerts -type ByUsername -username $($user.username) -forceReplaceCerts
+            # Get the certs after
+            $certsAfter = Get-ChildItem -Path "$JCScriptRoot/UserCerts"
+            # filter by username
+            $UserCerts = $certsAfter | Where-Object { $_.Name -match "$($user.username)" }
+            # the files and each type of expected cert file should exist
+            # specifically for this test, the username should not be the localUsername (systemUsername)
+            $UserCerts.Name | Should -Match $user.username
+            $UserCerts.fullname | where-object { $_ -match ".csr" } | Should -exist
+            $UserCerts.fullname | where-object { $_ -match ".pfx" } | Should -exist
+            $UserCerts.fullname | where-object { $_ -match ".crt" } | Should -exist
+            $UserCerts.fullname | where-object { $_ -match ".key" } | Should -exist
+        }
+        AfterEach {
+            # cleanup
+            Remove-JCUserGroupMember -GroupID $Global:JCR_USER_GROUP -UserID $user.id
+            # update cache
+            Get-JCRGlobalVars -force -skipAssociation
+            # wait just one moment before testing membership since we are writing a file
+            Start-Sleep 1
+            # the global variables should be cleaned up
+            $global:JCRRadiusMembers.username | Should -Not -Contain $user.username
+
+        }
 
     }
 }
\ No newline at end of file

From 6802d6592658eb3f17d288f6083a8e7e42fe3c33 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Fri, 6 Dec 2024 14:24:24 -0700
Subject: [PATCH 120/346] hyphen and localUsername tests

---
 .../Public/Start-DeployUserCerts.Tests.ps1    | 90 +++++++++++++++++++
 1 file changed, 90 insertions(+)

diff --git a/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
index 6607a88df..310fdcd37 100644
--- a/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
@@ -675,4 +675,94 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
         }
 
     }
+    Context "Certs generated for users with users with localUsernames and special characters" {
+
+        It "Generates a command for a user with a localUsername (systemUsername)" {
+            # create a user that has both a mac and windows association
+            $user = New-RandomUser -Domain "pesterRadius" | New-JCUser
+            # manually set the user
+            $headers = @{
+                "x-api-key"    = "$env:JCApiKey"
+                "content-type" = "application/json"
+            }
+            # set a unique systemUsername for the user
+            $body = @{
+                'systemUsername' = "$($user.username)$($user.unix_guid)"
+            } | ConvertTo-Json
+            # update the user
+            $response = Invoke-RestMethod -Uri "https://console.jumpcloud.com/api/systemusers/$($user.id)" -Method PUT -Headers $headers -ContentType 'application/json' -Body $body
+            # get the before date
+            $dateBefore = (Get-Date).ToString('MM/dd/yyyy HH:mm:ss')
+            # add user to membership group
+            Add-JCUserGroupMember -GroupID $Global:JCR_USER_GROUP -UserID $user.id
+            # get random system
+            $windowsSystem = Get-JCSystem -os windows | Get-Random -Count 1
+            $macSystem = Get-JCSystem -os "Mac OS X" | Get-Random -Count 1
+            # associate the system
+            Add-JCSystemUser -UserID $user.id -SystemID $windowsSystem.id
+            Add-JCSystemUser -UserID $user.id -SystemID $macSystem.id
+
+
+            # update membership
+            Get-JCRGlobalVars -skipAssociation -force
+            # todo: manually update association table to account for new membership
+            Set-JCRAssociationHash -userId $user.id
+            Update-JCRUsersJson
+
+            # Generate a user certificate for the user:
+            Start-GenerateUserCerts -type ByUsername -username $user.username
+
+            # Get the SHA1 hash for the user's cert:
+            $certData = Get-CertInfo -userCerts -username $user.username
+
+            # Run Start Deploy User Certs by username
+            Start-DeployUserCerts -type ByUsername -username $user.username
+
+            # get the commands
+            $windowsCmdAfter = Get-JcSdkCommand -Filter @("trigger:eq:$($certData.sha1)", "commandType:eq:windows")
+            $macCmdAfter = Get-JcSdkCommand -Filter @("trigger:eq:$($certData.sha1)", "commandType:eq:mac")
+            # validate that the correct local user name is found in the command body:
+            $macCmdAfter | Should -Match "userCompare=`"$($response.systemUsername)`""
+            $windowsCmdAfter | Should -Match "`$CurrentUser -eq `"$($response.systemUsername)`""
+        }
+        It "Generates a command for a user with a hyphen in their username" {
+            # create a user that has both a mac and windows association
+            $user = New-RandomUser -Domain "pesterRadius" | New-JCUser
+            # manually update the user with a hyphen in their username
+            $user = Set-JCSdkUser -id $($user.id) -username "$($user.username)-$($user.username)"
+            # get the before date
+            $dateBefore = (Get-Date).ToString('MM/dd/yyyy HH:mm:ss')
+            # add user to membership group
+            Add-JCUserGroupMember -GroupID $Global:JCR_USER_GROUP -UserID $user.id
+            # get random system
+            $windowsSystem = Get-JCSystem -os windows | Get-Random -Count 1
+            $macSystem = Get-JCSystem -os "Mac OS X" | Get-Random -Count 1
+            # associate the system
+            Add-JCSystemUser -UserID $user.id -SystemID $windowsSystem.id
+            Add-JCSystemUser -UserID $user.id -SystemID $macSystem.id
+
+            # update membership
+            Get-JCRGlobalVars -skipAssociation -force
+            # todo: manually update association table to account for new membership
+            Set-JCRAssociationHash -userId $user.id
+            Update-JCRUsersJson
+
+            # Generate a user certificate for the user:
+            Start-GenerateUserCerts -type ByUsername -username $user.username
+
+            # Get the SHA1 hash for the user's cert:
+            $certData = Get-CertInfo -userCerts -username $user.username
+
+            # Run Start Deploy User Certs by username
+            Start-DeployUserCerts -type ByUsername -username $user.username
+
+            # get the commands
+            $windowsCmdAfter = Get-JcSdkCommand -Filter @("trigger:eq:$($certData.sha1)", "commandType:eq:windows")
+            $macCmdAfter = Get-JcSdkCommand -Filter @("trigger:eq:$($certData.sha1)", "commandType:eq:mac")
+            # validate that the correct local user name is found in the command body:
+            $macCmdAfter | Should -Match "userCompare=`"$($user.username)`""
+            $windowsCmdAfter | Should -Match "`$CurrentUser -eq `"$($user.username)`""
+
+        }
+    }
 }
\ No newline at end of file

From 6b02e337c9a44006d218cd2d8fd04d402c27eacb Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Fri, 6 Dec 2024 14:29:24 -0700
Subject: [PATCH 121/346] test the command body

---
 .../Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1   | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
index 310fdcd37..a95f9417b 100644
--- a/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
@@ -722,8 +722,8 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
             $windowsCmdAfter = Get-JcSdkCommand -Filter @("trigger:eq:$($certData.sha1)", "commandType:eq:windows")
             $macCmdAfter = Get-JcSdkCommand -Filter @("trigger:eq:$($certData.sha1)", "commandType:eq:mac")
             # validate that the correct local user name is found in the command body:
-            $macCmdAfter | Should -Match "userCompare=`"$($response.systemUsername)`""
-            $windowsCmdAfter | Should -Match "`$CurrentUser -eq `"$($response.systemUsername)`""
+            $macCmdAfter.command | Should -Match "userCompare=`"$($response.systemUsername)`""
+            $windowsCmdAfter.command | Should -Match "`$CurrentUser -eq `"$($response.systemUsername)`""
         }
         It "Generates a command for a user with a hyphen in their username" {
             # create a user that has both a mac and windows association
@@ -760,8 +760,8 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
             $windowsCmdAfter = Get-JcSdkCommand -Filter @("trigger:eq:$($certData.sha1)", "commandType:eq:windows")
             $macCmdAfter = Get-JcSdkCommand -Filter @("trigger:eq:$($certData.sha1)", "commandType:eq:mac")
             # validate that the correct local user name is found in the command body:
-            $macCmdAfter | Should -Match "userCompare=`"$($user.username)`""
-            $windowsCmdAfter | Should -Match "`$CurrentUser -eq `"$($user.username)`""
+            $macCmdAfter.command | Should -Match "userCompare=`"$($user.username)`""
+            $windowsCmdAfter.command | Should -Match "`$CurrentUser -eq `"$($user.username)`""
 
         }
     }

From 60ec54379245b6c5589e3804aaa0208509d9fdb0 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Fri, 6 Dec 2024 14:48:00 -0700
Subject: [PATCH 122/346] get usernames if calling -UserCerts as a list

---
 .../Functions/Private/CertDeployment/Get-CertInfo.ps1       | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1 b/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1
index b7498e82b..95a0a4ec0 100644
--- a/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1
@@ -99,7 +99,11 @@ function Get-CertInfo {
                     }
                     # lastly add the username of the certificate to the hash:
                     $certFile = Get-Item $($cert.Path)
-                    # $username = $certFile.name.split('-')[0]
+                    if ('username' -notin $MyInvocation.BoundParameters) {
+                        $matchNames = $certFile.name | Select-String -Pattern "(.*)-$($Global:JCR_CERT_TYPE).*"
+                        $username = $matchNames.Matches.groups[1].value
+                    }
+
                     $certHash | Add-Member -Name 'username' -Type NoteProperty -Value $username
                     $certHash | Add-Member -Name 'generated' -Type NoteProperty -Value ($certFile.LastWriteTime.ToString('MM/dd/yyyy HH:mm:ss'))
                     # Add hash to certObj array if the user is a member of the userGroup

From ae8567831f6cc2deb3f09044b967b565a52d4503 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Fri, 6 Dec 2024 15:02:17 -0700
Subject: [PATCH 123/346] do not test null strings

---
 .../Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1 b/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1
index 95a0a4ec0..76f484940 100644
--- a/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1
@@ -99,7 +99,7 @@ function Get-CertInfo {
                     }
                     # lastly add the username of the certificate to the hash:
                     $certFile = Get-Item $($cert.Path)
-                    if ('username' -notin $MyInvocation.BoundParameters) {
+                    if (('username' -notin $MyInvocation.BoundParameters) -AND (-Not [System.String]::IsNullOrEmpty($certFile.name))) {
                         $matchNames = $certFile.name | Select-String -Pattern "(.*)-$($Global:JCR_CERT_TYPE).*"
                         $username = $matchNames.Matches.groups[1].value
                     }

From 6bc3c0b66994f2ac8bc19e6e076d0bd47fa0788c Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Fri, 6 Dec 2024 15:30:14 -0700
Subject: [PATCH 124/346] debug username match

---
 .../Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1 | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1 b/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1
index 76f484940..f130b7a7e 100644
--- a/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1
@@ -100,8 +100,11 @@ function Get-CertInfo {
                     # lastly add the username of the certificate to the hash:
                     $certFile = Get-Item $($cert.Path)
                     if (('username' -notin $MyInvocation.BoundParameters) -AND (-Not [System.String]::IsNullOrEmpty($certFile.name))) {
+                        Write-Host "Attempting to parse username from string: $($certFile.name)"
                         $matchNames = $certFile.name | Select-String -Pattern "(.*)-$($Global:JCR_CERT_TYPE).*"
-                        $username = $matchNames.Matches.groups[1].value
+                        if ($matchNames.Matches.groups) {
+                            $username = $matchNames.Matches.groups[1].value
+                        }
                     }
 
                     $certHash | Add-Member -Name 'username' -Type NoteProperty -Value $username

From 10ef5c7be062bbac4e9fd712f16a97614c11044c Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Fri, 6 Dec 2024 15:55:08 -0700
Subject: [PATCH 125/346] windows match tests

---
 .../Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1     | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
index a95f9417b..8567743ee 100644
--- a/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
@@ -723,7 +723,8 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
             $macCmdAfter = Get-JcSdkCommand -Filter @("trigger:eq:$($certData.sha1)", "commandType:eq:mac")
             # validate that the correct local user name is found in the command body:
             $macCmdAfter.command | Should -Match "userCompare=`"$($response.systemUsername)`""
-            $windowsCmdAfter.command | Should -Match "`$CurrentUser -eq `"$($response.systemUsername)`""
+            $windowsCmdAfter.command | Should -Match "-eq `"$($response.systemUsername)`""
+
         }
         It "Generates a command for a user with a hyphen in their username" {
             # create a user that has both a mac and windows association
@@ -761,8 +762,7 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
             $macCmdAfter = Get-JcSdkCommand -Filter @("trigger:eq:$($certData.sha1)", "commandType:eq:mac")
             # validate that the correct local user name is found in the command body:
             $macCmdAfter.command | Should -Match "userCompare=`"$($user.username)`""
-            $windowsCmdAfter.command | Should -Match "`$CurrentUser -eq `"$($user.username)`""
-
+            $windowsCmdAfter.command | Should -Match "-eq `"$($user.username)`""
         }
     }
 }
\ No newline at end of file

From 5b52a899287a5bfb8bded44be15f81c7c6e15540 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Fri, 6 Dec 2024 16:03:49 -0700
Subject: [PATCH 126/346] update user manually for association tests

---
 .../Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1 | 2 +-
 .../Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1      | 5 +++--
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1 b/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1
index f130b7a7e..010433f9b 100644
--- a/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1
@@ -100,7 +100,7 @@ function Get-CertInfo {
                     # lastly add the username of the certificate to the hash:
                     $certFile = Get-Item $($cert.Path)
                     if (('username' -notin $MyInvocation.BoundParameters) -AND (-Not [System.String]::IsNullOrEmpty($certFile.name))) {
-                        Write-Host "Attempting to parse username from string: $($certFile.name)"
+                        # Write-Host "Attempting to parse username from string: $($certFile.name)"
                         $matchNames = $certFile.name | Select-String -Pattern "(.*)-$($Global:JCR_CERT_TYPE).*"
                         if ($matchNames.Matches.groups) {
                             $username = $matchNames.Matches.groups[1].value
diff --git a/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
index 8567743ee..426905103 100644
--- a/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
@@ -140,9 +140,10 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
             Add-JCSystemUser -UserID $user.id -SystemID $system.id
 
             # update membership
-            Get-JCRGlobalVars -skipAssociation -force
+            Get-JCRGlobalVars -force -associationUsername $user.username
+            # Get-JCRGlobalVars -skipAssociation -force
             # todo: manually update association table to account for new membership
-            Set-JCRAssociationHash -userId $user.id
+            # Set-JCRAssociationHash -userId $user.id
             Update-JCRUsersJson
             # now generate the user certs
             Start-GenerateUserCerts -type ByUsername -username $user.username -forceReplaceCerts

From d75420b402e2cddc4f4299230b6ba0d0d1211027 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Mon, 9 Dec 2024 19:03:05 -0700
Subject: [PATCH 127/346] update test for duplicate commands already existing

---
 .../Public/Start-DeployUserCerts.Tests.ps1    | 49 +++++++++++++------
 1 file changed, 35 insertions(+), 14 deletions(-)

diff --git a/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
index 426905103..d1b48c3ec 100644
--- a/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
@@ -207,7 +207,7 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
             # Member content | Get the user with 2 system associations mac and windows
             Get-JCRGlobalVars -force -skipAssociation -associateManually
             $certTypeUser = $Global:JCRRadiusMembers | Get-Random -Count 1
-            Write-Warning "being while loop"
+            Write-Warning "begin while loop"
             while ($Global:JCRAssociations[$($certTypeUser.userID)].systemAssociations.count -ne 2) {
                 $certTypeUser = $Global:JCRRadiusMembers | Get-Random -Count 1
             }
@@ -470,29 +470,41 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
             # Mock some commands with the trigger to already exist if they do not exist
             $possibleMacIDs = New-Object System.Collections.ArrayList
             $possibleWindowsIDs = New-Object System.Collections.ArrayList
+            # define command body for macOS commands
             $macCommandBody = @{
                 Name              = "RadiusCert-Install:$($user.username):MacOSX"
                 Command           = "sha1234"
                 launchType        = "trigger"
                 User              = "000000000000000000000000"
-                trigger           = "$($certData.sha1)"
+                trigger           = "$($certData.sha1)1111"
                 commandType       = "mac"
                 timeout           = 600
                 TimeToLiveSeconds = 864000
             }
+            # add a mac command to the org using the command body
             $newMacCommand = New-JcSdkCommand @macCommandBody
-            $macCmdBefore = Get-JcSdkCommand -Filter @("trigger:eq:$($certData.sha1)", "commandType:eq:mac")
-            $possibleMacIDs.Add($macCmdBefore.id)
+
+            # update the command body to differentiate the next command:
             $macCommandBody.Command = "sha12345"
 
+            # add a second mac command to the org using the command body
             $newMacCommand = New-JcSdkCommand @macCommandBody
-            $secondMacCmdBefore = Get-JcSdkCommand -Filter @("trigger:eq:$($certData.sha1)", "commandType:eq:mac")
-            $possibleMacIDs.Add($secondMacCmdBefore.id)
-            $secondMacCmdBefore.count | Should -BeGreaterThan 1
+
+            # get the commands for the user:
+            $macCommandsBefore = Get-JcSdkCommand -Filter @("trigger:eq:$($certData.sha1)", "commandType:eq:mac")
+
+            # for each command
+            foreach ($cmd in $macCommandsBefore) {
+                # add to the list
+                $possibleMacIDs.Add($cmd.id)
+            }
+            # the number of macOS Commands for this user cert and it's identifying sha should be 2
+            $possibleMacIDs.count | Should -Be 2
 
             # invoke the commands manually to simulate the command queue containing items:
-            Start-JcSdkCommand -Id $macCmdBefore.Id -SystemIds $macSystem.id
+            Start-JcSdkCommand -Id $possibleMacIDs[0].Id -SystemIds $macSystem.id
 
+            # define windows command body
             $windowsCommandBody = @{
                 Name              = "RadiusCert-Install:$($user.username):Windows"
                 Command           = "sha1234"
@@ -503,18 +515,26 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
                 timeout           = 600
                 TimeToLiveSeconds = 864000
             }
+            # create the first windows command
             $newWindowsCommand = New-JcSdkCommand @windowsCommandBody
-            $windowsCmdBefore = Get-JcSdkCommand -Filter @("trigger:eq:$($certData.sha1)", "commandType:eq:windows")
-            $possibleWindowsIDs.Add($windowsCmdBefore.id)
+
+            # update the command body to differentiate the next command:
             $windowsCommandBody.Command = "sha12345"
 
+            # create the second windows command
             $newWindowsCommand = New-JcSdkCommand @windowsCommandBody
-            $secondWindowsCmdBefore = Get-JcSdkCommand -Filter @("trigger:eq:$($certData.sha1)", "commandType:eq:windows")
-            $possibleWindowsIDs.Add($secondWindowsCmdBefore.id)
-            $secondWindowsCmdBefore.count | Should -BeGreaterThan 1
+
+            $windowsCommandsBefore = Get-JcSdkCommand -Filter @("trigger:eq:$($certData.sha1)", "commandType:eq:windows")
+
+            # for each command
+            foreach ($cmd in $windowsCommandsBefore) {
+                # add to the list
+                $possibleWindowsIDs.Add($cmd.id)
+            }
+            $possibleWindowsIDs.count | Should -Be 2
 
             # invoke the commands manually to simulate the command queue containing items:
-            Start-JcSdkCommand -Id $WindowsCmdBefore.Id -SystemIds $windowsSystem.id
+            Start-JcSdkCommand -Id $possibleWindowsIDs[0].Id -SystemIds $windowsSystem.id
 
             # Get the queued commands:
             $queuedCmdsBefore = Get-QueuedCommandByUser -username $user.username
@@ -528,6 +548,7 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
             # Get the queued after:
             $queuedCmdsAfter = Get-QueuedCommandByUser -username $user.username
             # test that one of the commands should exist:
+
             # $macCmdBefore.id | Should -BeIn $macCmdAfter.id
             $macCmdAfter.count | Should -Be 1
             $macCmdAfter.id | should -BeIn $possibleMacIDs

From 1bf03eb0cb3e13d2263d66809c34e97a3a5bdfcf Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Mon, 9 Dec 2024 19:16:34 -0700
Subject: [PATCH 128/346] tests

---
 .../Tests/Public/Start-DeployUserCerts.Tests.ps1       | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
index d1b48c3ec..1cdf6744e 100644
--- a/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
@@ -141,9 +141,11 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
 
             # update membership
             Get-JCRGlobalVars -force -associationUsername $user.username
-            # Get-JCRGlobalVars -skipAssociation -force
-            # todo: manually update association table to account for new membership
-            # Set-JCRAssociationHash -userId $user.id
+
+            # wait one second to write to the file
+            Start-Sleep 1
+
+            # update the json file
             Update-JCRUsersJson
             # now generate the user certs
             Start-GenerateUserCerts -type ByUsername -username $user.username -forceReplaceCerts
@@ -476,7 +478,7 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
                 Command           = "sha1234"
                 launchType        = "trigger"
                 User              = "000000000000000000000000"
-                trigger           = "$($certData.sha1)1111"
+                trigger           = "$($certData.sha1)"
                 commandType       = "mac"
                 timeout           = 600
                 TimeToLiveSeconds = 864000

From dba3911d1b0f54720d497c61bf60b21ba8a9e4dc Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Mon, 9 Dec 2024 20:02:03 -0700
Subject: [PATCH 129/346] update global variables by users (including new
 users)

---
 .../Functions/Public/Get-JCRGlobalVars.ps1      | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1 b/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
index 0e3dac695..e0f9ba213 100644
--- a/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
+++ b/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
@@ -217,6 +217,23 @@ function Get-JCRGlobalVars {
                                             }
                                         }
                                     });
+                            } else {
+                                Write-Warning "user not found in association list"
+                                $userAssociationList.add(
+                                    $matchedUser.UserId, @{
+                                        'systemAssociations' = @($userSystemMembership | Select-Object -Property @{Name = 'systemId'; Expression = { $_.id } }, @{Name = 'hostname'; Expression = { $systems[$_.id].hostname } }, @{Name = 'osFamily'; Expression = {
+                                                    $osFamilyValue = $systems[$_.id].osFamily
+                                                    if ($osFamilyValue -eq 'darwin') {
+                                                        "macOS"
+                                                    } elseif ($osFamilyValue -eq 'Windows') {
+                                                        "Windows"
+                                                    } else {
+                                                        $osFamilyValue
+                                                    }
+                                                }
+                                            });
+                                        'userData'           = @($matchedUser | Select-Object -Property @{Name = 'email'; Expression = { $users[$user.userID].email } }, @{Name = 'username'; Expression = { $users[$matchedUser.userID].username } })
+                                    }) | Out-Null
                             }
                         }
                         #

From d4da7c1e7a7b264ab48ac1d3e53ccbeec3fec09b Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Mon, 9 Dec 2024 20:22:30 -0700
Subject: [PATCH 130/346] start command on the ID

---
 .../Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1       | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
index 1cdf6744e..1f2b87fcf 100644
--- a/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
@@ -504,7 +504,7 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
             $possibleMacIDs.count | Should -Be 2
 
             # invoke the commands manually to simulate the command queue containing items:
-            Start-JcSdkCommand -Id $possibleMacIDs[0].Id -SystemIds $macSystem.id
+            Start-JcSdkCommand -Id $possibleMacIDs[0] -SystemIds $macSystem.id
 
             # define windows command body
             $windowsCommandBody = @{
@@ -536,7 +536,7 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
             $possibleWindowsIDs.count | Should -Be 2
 
             # invoke the commands manually to simulate the command queue containing items:
-            Start-JcSdkCommand -Id $possibleWindowsIDs[0].Id -SystemIds $windowsSystem.id
+            Start-JcSdkCommand -Id $possibleWindowsIDs[0] -SystemIds $windowsSystem.id
 
             # Get the queued commands:
             $queuedCmdsBefore = Get-QueuedCommandByUser -username $user.username

From 58f2f0b95e696ab1469947240fdb77c7aeb8b7a7 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Mon, 9 Dec 2024 20:35:08 -0700
Subject: [PATCH 131/346] manual association

---
 .../Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
index 1f2b87fcf..c91e49ee8 100644
--- a/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
@@ -68,7 +68,7 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
 
             # update membership
             Start-Sleep 1
-            Get-JCRGlobalVars -skipAssociation -force
+            Get-JCRGlobalVars -force -associationUsername $user.username
             Start-GenerateUserCerts -type ByUsername -username $user.username -forceReplaceCerts
 
             start-deployUserCerts -type ByUsername -username $user.username -forceInvokeCommands

From f8c71bc939ff6482b6d6f888450694ac657cbb36 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Tue, 10 Dec 2024 11:16:19 -0700
Subject: [PATCH 132/346] fix for EmailSAN replacement certs

---
 .../CertDeployment/Deploy-UserCertificate.ps1 | 47 +++++++++++++++----
 1 file changed, 39 insertions(+), 8 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1 b/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
index abb88d655..f2319c11d 100644
--- a/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
@@ -291,6 +291,21 @@ function Deploy-UserCertificate {
                         $certIdentifier = $JCR_SUBJECT_HEADERSMatch.matches.Groups[1].value
                         # in macOS search user certs by email
                         $macCertSearch = 'e'
+                        # On windows devices, search certs by Subject Alternative Name
+                        $windowsCertHereString = @"
+        `$SANMatch = `$cert.Extensions | Where-Object { `$_.Oid.FriendlyName -eq "Subject Alternative Name" }
+        if (`$SANMatch){
+            if ((`$SANMatch).format(`$true) -match "$($certIdentifier)") {
+                if (`$(`$cert.serialNumber) -eq "$($certInfo.serial)"){
+                    write-host "Found Cert:``nCert SN: `$(`$cert.serialNumber)"
+                } else {
+                    write-host "Removing Cert:``nCert SN: `$(`$cert.serialNumber)"
+                    Get-ChildItem "Cert:\CurrentUser\My\`$(`$cert.thumbprint)" | remove-item
+                }
+            }
+        }
+"@
+
                     }
                     'EmailDN' {
                         # Else set cert identifier to email of cert subject
@@ -299,12 +314,34 @@ function Deploy-UserCertificate {
                         $certIdentifier = $JCR_SUBJECT_HEADERSMatch.matches.Groups[1].value
                         # in macOS search user certs by email
                         $macCertSearch = 'e'
+                        # On windows devices, search certs by Subject
+                        $windowsCertHereString = @"
+        if (`$cert.subject -match "$($certIdentifier)") {
+            if (`$(`$cert.serialNumber) -eq "$($certInfo.serial)"){
+                write-host "Found Cert:``nCert SN: `$(`$cert.serialNumber)"
+            } else {
+                write-host "Removing Cert:``nCert SN: `$(`$cert.serialNumber)"
+                Get-ChildItem "Cert:\CurrentUser\My\`$(`$cert.thumbprint)" | remove-item
+            }
+        }
+"@
                     }
                     'UsernameCn' {
                         # if username just set cert identifier to username
                         $certIdentifier = $($user.userName)
                         # in macOS search user certs by common name (username)
                         $macCertSearch = 'c'
+                        # On windows devices, search certs by Subject
+                        $windowsCertHereString = @"
+        if (`$cert.subject -match "$($certIdentifier)") {
+            if (`$(`$cert.serialNumber) -eq "$($certInfo.serial)"){
+                write-host "Found Cert:``nCert SN: `$(`$cert.serialNumber)"
+            } else {
+                write-host "Removing Cert:``nCert SN: `$(`$cert.serialNumber)"
+                Get-ChildItem "Cert:\CurrentUser\My\`$(`$cert.thumbprint)" | remove-item
+            }
+        }
+"@
                     }
                 }
                 # Create the zip
@@ -601,14 +638,8 @@ Import-PfxCertificate -Password `$password -FilePath "C:\RadiusCert\$($user.user
     `$certs = Get-ChildItem Cert:\CurrentUser\My\
 
     foreach (`$cert in `$certs){
-        if (`$cert.subject -match "$($certIdentifier)") {
-            if (`$(`$cert.serialNumber) -eq "$($certInfo.serial)"){
-                write-host "Found Cert:``nCert SN: `$(`$cert.serialNumber)"
-            } else {
-                write-host "Removing Cert:``nCert SN: `$(`$cert.serialNumber)"
-                Get-ChildItem "Cert:\CurrentUser\My\`$(`$cert.thumbprint)" | remove-item
-            }
-        }
+        # TODO: if the cert type is EmailSAN, do not search the subject
+        $windowsCertHereString
     }
 }
 `$scriptBlockValidate = {

From 43061bab077a3421540a9e9b569a38a32bedc73c Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Tue, 10 Dec 2024 11:21:06 -0700
Subject: [PATCH 133/346] remove todo

---
 .../Functions/Private/CertDeployment/Deploy-UserCertificate.ps1  | 1 -
 1 file changed, 1 deletion(-)

diff --git a/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1 b/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
index f2319c11d..3cb0a8f79 100644
--- a/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
@@ -638,7 +638,6 @@ Import-PfxCertificate -Password `$password -FilePath "C:\RadiusCert\$($user.user
     `$certs = Get-ChildItem Cert:\CurrentUser\My\
 
     foreach (`$cert in `$certs){
-        # TODO: if the cert type is EmailSAN, do not search the subject
         $windowsCertHereString
     }
 }

From c8a4beb0eff2c28ffb4e0b50e530cb9318aeccb3 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Tue, 10 Dec 2024 11:29:22 -0700
Subject: [PATCH 134/346] CUT-4505 resolve EmailSAN Replacement

---
 .../Functions/Private/CertDeployment/Deploy-UserCertificate.ps1 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1 b/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
index 3cb0a8f79..3bf3db8bf 100644
--- a/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
@@ -291,7 +291,7 @@ function Deploy-UserCertificate {
                         $certIdentifier = $JCR_SUBJECT_HEADERSMatch.matches.Groups[1].value
                         # in macOS search user certs by email
                         $macCertSearch = 'e'
-                        # On windows devices, search certs by Subject Alternative Name
+                        # On windows devices, search certs by Subject Alternative Name this is required to remove previously generated certs
                         $windowsCertHereString = @"
         `$SANMatch = `$cert.Extensions | Where-Object { `$_.Oid.FriendlyName -eq "Subject Alternative Name" }
         if (`$SANMatch){

From 7172eec26776372c248b36378af2c11bbeebbb3d Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Fri, 13 Dec 2024 13:26:44 -0700
Subject: [PATCH 135/346] get reports with the sdk functions

---
 .../Reports/Get-LatestUserToDeviceReport.ps1  | 54 +++++++++++++++++++
 .../Private/Reports/Get-ReportByID.ps1        | 25 +++++++++
 .../Functions/Public/Get-JCRGlobalVars.ps1    | 23 +-------
 3 files changed, 81 insertions(+), 21 deletions(-)
 create mode 100644 scripts/automation/Radius/Functions/Private/Reports/Get-LatestUserToDeviceReport.ps1
 create mode 100644 scripts/automation/Radius/Functions/Private/Reports/Get-ReportByID.ps1

diff --git a/scripts/automation/Radius/Functions/Private/Reports/Get-LatestUserToDeviceReport.ps1 b/scripts/automation/Radius/Functions/Private/Reports/Get-LatestUserToDeviceReport.ps1
new file mode 100644
index 000000000..141a4c595
--- /dev/null
+++ b/scripts/automation/Radius/Functions/Private/Reports/Get-LatestUserToDeviceReport.ps1
@@ -0,0 +1,54 @@
+Function Get-LatestUserToDeviceReport {
+    [CmdletBinding()]
+    param (
+        [Parameter()]
+        [System.Int32]
+        $minutes
+    )
+    begin {
+        # get UTC time now:
+        $utcTimeNow = Get-Date ([datetime]::UtcNow) -UFormat "%m/%d/%Y %r"
+
+        $headers = @{
+            "accept"    = "application/json";
+            "x-api-key" = $Env:JCApiKey;
+            "x-org-id"  = $Env:JCOrgId
+        }
+
+    }
+    process {
+        $reportList = Get-JCsdkReport -Sort 'CREATED_AT'
+        $userAndDeviceReports = $reportList | Where-Object { $_.Type -eq "ods-users-to-devices" }
+        if ($userAndDeviceReports) {
+            # get the first report
+            $firstUAndDReport = $userAndDeviceReports | Select-Object -First 1
+            $timespan = New-TimeSpan -end $utcTimeNow -start $firstUAndDReport.Created_At
+            # if time between now and the last generated report is >=24, create a new report
+            if ($timespan.Minutes -ge $minutes) {
+                write-host "last report generated $($timespan.Minutes) minutes ago; generating new user to device report"
+                $requestedReport = New-JcSdkReport -ReportType 'users-to-devices'
+                $latestReport = Get-ReportByID -reportID $requestedReport.Id
+            } else {
+                write-host "last report generated $($timespan.Minutes) minutes ago"
+                # return the last report
+                $latestReport = Get-ReportByID -reportID $firstUAndDReport.Id
+            }
+
+        } else {
+            # if there are no reports create a new one:
+            write-host "generating new user to device report"
+            $requestedReport = New-JcSdkReport -ReportType 'users-to-devices'
+            $latestReport = Get-ReportByID -reportID $requestedReport.Id
+        }
+
+        # get the json artifact:
+        # download json
+        $artifactID = ($latestReport.artifacts | Where-Object { $_.format -eq 'json' }).id
+        $reportID = $latestReport.id
+        $reportContent = Invoke-RestMethod -Uri "https://api.jumpcloud.com/insights/directory/v1/reports/$reportID/artifacts/$artifactID/content" -Method GET -Headers $headers
+    }
+    end {
+        # return the latest user report
+        return $reportContent
+    }
+}
\ No newline at end of file
diff --git a/scripts/automation/Radius/Functions/Private/Reports/Get-ReportByID.ps1 b/scripts/automation/Radius/Functions/Private/Reports/Get-ReportByID.ps1
new file mode 100644
index 000000000..d66da796e
--- /dev/null
+++ b/scripts/automation/Radius/Functions/Private/Reports/Get-ReportByID.ps1
@@ -0,0 +1,25 @@
+Function Get-ReportByID {
+    [CmdletBinding()]
+    param (
+        [Parameter()]
+        [System.String]
+        $reportID
+    )
+    begin {
+        write-host "attempting to get report by id: $reportId"
+    }
+    process {
+        do {
+            $reportList = Get-JCsdkReport -Sort 'CREATED_AT'
+            $foundReport = $reportList | Where-Object { $_.Id -eq $reportID }
+            if ($foundReport.Status -eq "PENDING") {
+                Write-Warning "[status] waiting 10s for jumpcloud report to complete"
+                start-sleep -Seconds 10
+            }
+
+        } until ($foundReport.Status -eq "COMPLETED")
+    }
+    end {
+        return $foundReport
+    }
+}
\ No newline at end of file
diff --git a/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1 b/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
index e0f9ba213..bb2b82dce 100644
--- a/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
+++ b/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
@@ -127,27 +127,8 @@ function Get-JCRGlobalVars {
                     ) | Out-Null
                 }
                 if ($updateAssociation) {
-                    # Get Report Hash:
-                    $headers = @{
-                        "accept"    = "application/json";
-                        "x-api-key" = $Env:JCApiKey;
-                        "x-org-id"  = $Env:JCOrgId
-                    }
-                    # request new user to device report:
-                    $reportRequest = Invoke-RestMethod -Uri 'https://api.jumpcloud.com/insights/directory/v1/reports/users-to-devices' -Method POST -Headers $headers
-                    # now fetch available reports:
-                    do {
-                        $reportList = Invoke-RestMethod -Uri 'https://api.jumpcloud.com/insights/directory/v1/reports?sort=CREATED_AT' -Method GET -Headers $headers
-                        $lastReport = $reportList | Where-Object { $_.id -eq $reportRequest.id }
-                        if ($lastReport.status -eq 'PENDING') {
-                            Write-Warning "[status] waiting 20s for jumpcloud report to complete"
-                            start-sleep -Seconds 20
-                        }
-                    } until ($lastReport.status -eq 'COMPLETED')
-                    # download json
-                    $artifactID = ($lastReport.artifacts | Where-Object { $_.format -eq 'json' }).id
-                    $reportID = $lastReport.id
-                    $reportContent = Invoke-RestMethod -Uri "https://api.jumpcloud.com/insights/directory/v1/reports/$reportID/artifacts/$artifactID/content" -Method GET -Headers $headers
+                    # get the latest report, generate a new report if it's been more than 10 mins
+                    $reportContent = Get-LatestUserToDeviceReport -minutes 10
                     # create the hashtable:
                     $userAssociationList = New-Object System.Collections.Hashtable
                     foreach ($item in $reportContent) {

From 80ee5a08dd4841447a91abed1ab0e1091c474365 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Fri, 13 Dec 2024 13:30:26 -0700
Subject: [PATCH 136/346] hide debug write-hosts

---
 .../Private/Reports/Get-LatestUserToDeviceReport.ps1        | 6 +++---
 .../Radius/Functions/Private/Reports/Get-ReportByID.ps1     | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Private/Reports/Get-LatestUserToDeviceReport.ps1 b/scripts/automation/Radius/Functions/Private/Reports/Get-LatestUserToDeviceReport.ps1
index 141a4c595..2a71aa8de 100644
--- a/scripts/automation/Radius/Functions/Private/Reports/Get-LatestUserToDeviceReport.ps1
+++ b/scripts/automation/Radius/Functions/Private/Reports/Get-LatestUserToDeviceReport.ps1
@@ -25,18 +25,18 @@ Function Get-LatestUserToDeviceReport {
             $timespan = New-TimeSpan -end $utcTimeNow -start $firstUAndDReport.Created_At
             # if time between now and the last generated report is >=24, create a new report
             if ($timespan.Minutes -ge $minutes) {
-                write-host "last report generated $($timespan.Minutes) minutes ago; generating new user to device report"
+                # write-host "last report generated $($timespan.Minutes) minutes ago; generating new user to device report"
                 $requestedReport = New-JcSdkReport -ReportType 'users-to-devices'
                 $latestReport = Get-ReportByID -reportID $requestedReport.Id
             } else {
-                write-host "last report generated $($timespan.Minutes) minutes ago"
+                # write-host "last report generated $($timespan.Minutes) minutes ago"
                 # return the last report
                 $latestReport = Get-ReportByID -reportID $firstUAndDReport.Id
             }
 
         } else {
             # if there are no reports create a new one:
-            write-host "generating new user to device report"
+            # write-host "generating new user to device report"
             $requestedReport = New-JcSdkReport -ReportType 'users-to-devices'
             $latestReport = Get-ReportByID -reportID $requestedReport.Id
         }
diff --git a/scripts/automation/Radius/Functions/Private/Reports/Get-ReportByID.ps1 b/scripts/automation/Radius/Functions/Private/Reports/Get-ReportByID.ps1
index d66da796e..df3077253 100644
--- a/scripts/automation/Radius/Functions/Private/Reports/Get-ReportByID.ps1
+++ b/scripts/automation/Radius/Functions/Private/Reports/Get-ReportByID.ps1
@@ -6,7 +6,7 @@ Function Get-ReportByID {
         $reportID
     )
     begin {
-        write-host "attempting to get report by id: $reportId"
+        # write-host "attempting to get report by id: $reportId"
     }
     process {
         do {

From 1a8eab57831b9474779baa48593337d18d934b6d Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Mon, 6 Jan 2025 09:02:33 -0700
Subject: [PATCH 137/346] UTC Time

---
 .../Private/CertDeployment/Deploy-UserCertificate.ps1    | 4 ++--
 .../Functions/Private/CertDeployment/Get-CertInfo.ps1    | 2 +-
 .../Private/CertDeployment/Get-ExpiringCertInfo.ps1      | 6 ++++--
 .../Functions/Private/Commands/Invoke-CommandsRetry.ps1  | 2 +-
 .../Functions/Private/Menus/Show-GenerationMenu.ps1      | 9 ++++++++-
 .../Functions/Private/Settings/New-JCRSettingsFile.ps1   | 2 +-
 .../Radius/Functions/Public/Get-JCRGlobalVars.ps1        | 6 +++---
 7 files changed, 20 insertions(+), 11 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1 b/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
index 3bf3db8bf..e19d2bd75 100644
--- a/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
@@ -803,10 +803,10 @@ exit 4
                     }
                     if (Get-Member -inputObject $user.certInfo -name "deploymentDate" -MemberType Properties) {
                         # if ($userObjectFromTable.certInfo.deploymentDate) {
-                        $user.certInfo.deploymentDate = (Get-Date)
+                        $user.certInfo.deploymentDate = (Get-Date).ToUniversalTime()
 
                     } else {
-                        $user.certInfo | Add-Member -Name 'deploymentDate' -Type NoteProperty -Value (Get-Date)
+                        $user.certInfo | Add-Member -Name 'deploymentDate' -Type NoteProperty -Value (Get-Date).ToUniversalTime()
                     }
                 }
             }
diff --git a/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1 b/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1
index 010433f9b..e3d033ed6 100644
--- a/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1
@@ -64,7 +64,7 @@ function Get-CertInfo {
                         $date = $property.notAfter
                         $date = $date.replace('GMT', '').Trim()
                         $date = $date -replace '\s+', ' '
-                        $property.notAfter = [datetime]::ParseExact($date , "MMM d HH:mm:ss yyyy", $null)
+                        $property.notAfter = ([datetime]::ParseExact($date , "MMM d HH:mm:ss yyyy", $null)).ToUniversalTime()
                     }
 
                     $certHash += $property
diff --git a/scripts/automation/Radius/Functions/Private/CertDeployment/Get-ExpiringCertInfo.ps1 b/scripts/automation/Radius/Functions/Private/CertDeployment/Get-ExpiringCertInfo.ps1
index 5821320a0..8debe9431 100644
--- a/scripts/automation/Radius/Functions/Private/CertDeployment/Get-ExpiringCertInfo.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertDeployment/Get-ExpiringCertInfo.ps1
@@ -10,11 +10,13 @@ function Get-ExpiringCertInfo {
     )
     begin {
         $expiringCerts = New-Object System.Collections.ArrayList
-        $currentTime = Get-Date
+        $currentTime = (Get-Date).ToUniversalTime()
     }
     process {
         foreach ($cert in $certInfo) {
-            $certTimespan = New-Timespan -Start $currentTime -End $cert.notAfter
+            $startDate = [datetime]$currentTime
+            $endDate = [datetime]$cert.notAfter
+            $certTimespan = New-Timespan -Start $startDate -End $endDate
             # $cert
             if ($certTimespan.days -lt 15) {
                 Write-Debug "$($cert.userName)'s certificate will expire in $($certTimespan.Days) days"
diff --git a/scripts/automation/Radius/Functions/Private/Commands/Invoke-CommandsRetry.ps1 b/scripts/automation/Radius/Functions/Private/Commands/Invoke-CommandsRetry.ps1
index ab8f7bbbc..34445180d 100644
--- a/scripts/automation/Radius/Functions/Private/Commands/Invoke-CommandsRetry.ps1
+++ b/scripts/automation/Radius/Functions/Private/Commands/Invoke-CommandsRetry.ps1
@@ -31,7 +31,7 @@ Function Invoke-CommandsRetry {
                             (($user.commandAssociations) | Where-Object { $_.commandId -eq $command.commandId }).commandPreviouslyRun = $true
                             (($user.commandAssociations) | Where-Object { $_.commandId -eq $command.commandId }).commandQueued = $true
                             $user.certInfo.deployed = $true
-                            $user.certInfo.deploymentDate = (get-date)
+                            $user.certInfo.deploymentDate = (get-date).ToUniversalTime()
                             Set-UserTable -index $userIndex -certInfoObject $user.certInfo -commandAssociationsObject $user.commandAssociations
                             # track retried commands
                             $RetryCommands += $command.commandId
diff --git a/scripts/automation/Radius/Functions/Private/Menus/Show-GenerationMenu.ps1 b/scripts/automation/Radius/Functions/Private/Menus/Show-GenerationMenu.ps1
index 468cb44bf..4e2ab20aa 100644
--- a/scripts/automation/Radius/Functions/Private/Menus/Show-GenerationMenu.ps1
+++ b/scripts/automation/Radius/Functions/Private/Menus/Show-GenerationMenu.ps1
@@ -9,7 +9,14 @@ function Show-GenerationMenu {
 
     if ($Global:expiringCerts) {
         Write-Host $(PadCenter -string ' Certs Expiring Soon ' -char '-')
-        $Global:expiringCerts | Format-Table -Property username, @{name = 'Remaining Days'; expression = { (New-TimeSpan -Start (Get-Date) -End ("$($_.notAfter)")).Days } }, @{name = "Expires On"; expression = { $_.notAfter } }
+
+        $Global:expiringCerts | Format-Table -Property username, @{name = 'Remaining Days'; expression = {
+            (New-TimeSpan -Start ((Get-Date).ToUniversalTime()) -End ([dateTime]("$($_.notAfter)"))).Days
+            }
+        }, @{name = "Expires On"; expression = {
+                [datetime]($_.notAfter)
+            }
+        }
     }
 
     Write-Host $(PadCenter -string ' User Certificate Generation Options ' -char '-')
diff --git a/scripts/automation/Radius/Functions/Private/Settings/New-JCRSettingsFile.ps1 b/scripts/automation/Radius/Functions/Private/Settings/New-JCRSettingsFile.ps1
index 2edef77d6..57785f0cf 100644
--- a/scripts/automation/Radius/Functions/Private/Settings/New-JCRSettingsFile.ps1
+++ b/scripts/automation/Radius/Functions/Private/Settings/New-JCRSettingsFile.ps1
@@ -16,7 +16,7 @@ function New-JCRSettingsFile {
     }
     process {
         # Define Default Settings for the Config file
-        $date = Get-Date
+        $date = (Get-Date).ToUniversalTime()
         $config = @{
             'globalVars' = @{
                 'lastUpdate' = @{value = $date; write = $true; copy = $true ;
diff --git a/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1 b/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
index bb2b82dce..2aaaa9164 100644
--- a/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
+++ b/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
@@ -27,10 +27,10 @@ function Get-JCRGlobalVars {
 
         # get settings file
         if ($IsMacOS) {
-            $lastUpdateTimespan = New-TimeSpan -Start $global:JCRConfig.globalvars.lastupdate -end (Get-Date)
+            $lastUpdateTimespan = New-TimeSpan -Start $global:JCRConfig.globalvars.lastupdate -end (Get-Date).ToUniversalTime()
         }
         if ($ifWindows) {
-            $lastUpdateTimespan = New-TimeSpan -Start $global:JCRConfig.globalvars.lastupdate.value -end (Get-Date)
+            $lastUpdateTimespan = New-TimeSpan -Start $global:JCRConfig.globalvars.lastupdate.value -end (Get-Date).ToUniversalTime()
         }
         if ($lastUpdateTimespan.TotalHours -gt 24) {
             $update = $true
@@ -247,7 +247,7 @@ function Get-JCRGlobalVars {
                 $Global:JCRRadiusMembers = $radiusMemberList
                 $Global:JCRCertHash = $certHash
                 # update the settings date
-                Set-JCRSettingsFile -globalVarslastUpdate (Get-Date)
+                Set-JCRSettingsFile -globalVarslastUpdate (Get-Date).ToUniversalTime()
                 # update users.json
                 Update-JCRUsersJson
             }

From 9622d3353825d152db928e7e5fb77711609f2769 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Mon, 6 Jan 2025 13:25:46 -0700
Subject: [PATCH 138/346] ISO 8601 timestamps

---
 .../CertDeployment/Deploy-UserCertificate.ps1       |  4 ++--
 .../Private/CertDeployment/Get-CertInfo.ps1         | 13 ++++++++-----
 .../Private/CertDeployment/Get-ExpiringCertInfo.ps1 |  2 +-
 .../Private/Commands/Invoke-CommandsRetry.ps1       |  2 +-
 .../Functions/Private/Menus/Show-GenerationMenu.ps1 |  2 +-
 .../Radius/Functions/Public/Get-JCRGlobalVars.ps1   |  6 +++---
 6 files changed, 16 insertions(+), 13 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1 b/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
index e19d2bd75..df0464f68 100644
--- a/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
@@ -803,10 +803,10 @@ exit 4
                     }
                     if (Get-Member -inputObject $user.certInfo -name "deploymentDate" -MemberType Properties) {
                         # if ($userObjectFromTable.certInfo.deploymentDate) {
-                        $user.certInfo.deploymentDate = (Get-Date).ToUniversalTime()
+                        $user.certInfo.deploymentDate = (Get-Date -Format "o")
 
                     } else {
-                        $user.certInfo | Add-Member -Name 'deploymentDate' -Type NoteProperty -Value (Get-Date).ToUniversalTime()
+                        $user.certInfo | Add-Member -Name 'deploymentDate' -Type NoteProperty -Value (Get-Date -Format "o")
                     }
                 }
             }
diff --git a/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1 b/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1
index e3d033ed6..1745050ae 100644
--- a/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1
@@ -62,9 +62,10 @@ function Get-CertInfo {
                     # Convert notAfter property into datetime format
                     if ($property.notAfter) {
                         $date = $property.notAfter
-                        $date = $date.replace('GMT', '').Trim()
+                        # $date = $date.replace('GMT', '').Trim()
                         $date = $date -replace '\s+', ' '
-                        $property.notAfter = ([datetime]::ParseExact($date , "MMM d HH:mm:ss yyyy", $null)).ToUniversalTime()
+                        $date = ([datetime]::ParseExact($date , "MMM d HH:mm:ss yyyy GMT", $null)).ToUniversalTime()
+                        $property.notAfter = Get-Date $date.ToUniversalTime() -UFormat '+%Y-%m-%dT%H:%M:%S.000Z'
                     }
 
                     $certHash += $property
@@ -84,9 +85,11 @@ function Get-CertInfo {
                         switch ($($property.keys)) {
                             'notAfter' {
                                 $date = $property.notAfter
-                                $date = $date.replace('GMT', '').Trim()
+                                # $date = $date.replace('GMT', '').Trim()
                                 $date = $date -replace '\s+', ' '
-                                $property.notAfter = [datetime]::ParseExact($date , "MMM d HH:mm:ss yyyy", $null)
+                                $date = [datetime]::ParseExact($date , "MMM d HH:mm:ss yyyy GMT", $null)
+                                $property.notAfter = Get-Date $date.ToUniversalTime() -UFormat '+%Y-%m-%dT%H:%M:%S.000Z'
+
                             }
                             'sha1 Fingerprint' {
                                 $property.Values = ($($property.Values)).ToLower().Replace(":", "")
@@ -108,7 +111,7 @@ function Get-CertInfo {
                     }
 
                     $certHash | Add-Member -Name 'username' -Type NoteProperty -Value $username
-                    $certHash | Add-Member -Name 'generated' -Type NoteProperty -Value ($certFile.LastWriteTime.ToString('MM/dd/yyyy HH:mm:ss'))
+                    $certHash | Add-Member -Name 'generated' -Type NoteProperty -Value (Get-Date $certFile.LastWriteTime.ToUniversalTime() -UFormat '+%Y-%m-%dT%H:%M:%S.000Z')
                     # Add hash to certObj array if the user is a member of the userGroup
                     if ($username -in $global:JCRRadiusMembers.username) {
                         $certObj.add( $certHash) | Out-Null
diff --git a/scripts/automation/Radius/Functions/Private/CertDeployment/Get-ExpiringCertInfo.ps1 b/scripts/automation/Radius/Functions/Private/CertDeployment/Get-ExpiringCertInfo.ps1
index 8debe9431..66874877a 100644
--- a/scripts/automation/Radius/Functions/Private/CertDeployment/Get-ExpiringCertInfo.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertDeployment/Get-ExpiringCertInfo.ps1
@@ -10,7 +10,7 @@ function Get-ExpiringCertInfo {
     )
     begin {
         $expiringCerts = New-Object System.Collections.ArrayList
-        $currentTime = (Get-Date).ToUniversalTime()
+        $currentTime = (Get-Date -Format "o")
     }
     process {
         foreach ($cert in $certInfo) {
diff --git a/scripts/automation/Radius/Functions/Private/Commands/Invoke-CommandsRetry.ps1 b/scripts/automation/Radius/Functions/Private/Commands/Invoke-CommandsRetry.ps1
index 34445180d..f8c95a1da 100644
--- a/scripts/automation/Radius/Functions/Private/Commands/Invoke-CommandsRetry.ps1
+++ b/scripts/automation/Radius/Functions/Private/Commands/Invoke-CommandsRetry.ps1
@@ -31,7 +31,7 @@ Function Invoke-CommandsRetry {
                             (($user.commandAssociations) | Where-Object { $_.commandId -eq $command.commandId }).commandPreviouslyRun = $true
                             (($user.commandAssociations) | Where-Object { $_.commandId -eq $command.commandId }).commandQueued = $true
                             $user.certInfo.deployed = $true
-                            $user.certInfo.deploymentDate = (get-date).ToUniversalTime()
+                            $user.certInfo.deploymentDate = (Get-Date -Format "o")
                             Set-UserTable -index $userIndex -certInfoObject $user.certInfo -commandAssociationsObject $user.commandAssociations
                             # track retried commands
                             $RetryCommands += $command.commandId
diff --git a/scripts/automation/Radius/Functions/Private/Menus/Show-GenerationMenu.ps1 b/scripts/automation/Radius/Functions/Private/Menus/Show-GenerationMenu.ps1
index 4e2ab20aa..75cbe8d0b 100644
--- a/scripts/automation/Radius/Functions/Private/Menus/Show-GenerationMenu.ps1
+++ b/scripts/automation/Radius/Functions/Private/Menus/Show-GenerationMenu.ps1
@@ -11,7 +11,7 @@ function Show-GenerationMenu {
         Write-Host $(PadCenter -string ' Certs Expiring Soon ' -char '-')
 
         $Global:expiringCerts | Format-Table -Property username, @{name = 'Remaining Days'; expression = {
-            (New-TimeSpan -Start ((Get-Date).ToUniversalTime()) -End ([dateTime]("$($_.notAfter)"))).Days
+            (New-TimeSpan -Start (Get-Date -Format "o") -End ([dateTime]("$($_.notAfter)"))).Days
             }
         }, @{name = "Expires On"; expression = {
                 [datetime]($_.notAfter)
diff --git a/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1 b/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
index 2aaaa9164..a9ecb0f6b 100644
--- a/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
+++ b/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
@@ -27,10 +27,10 @@ function Get-JCRGlobalVars {
 
         # get settings file
         if ($IsMacOS) {
-            $lastUpdateTimespan = New-TimeSpan -Start $global:JCRConfig.globalvars.lastupdate -end (Get-Date).ToUniversalTime()
+            $lastUpdateTimespan = New-TimeSpan -Start $global:JCRConfig.globalvars.lastupdate -end (Get-Date -Format "o")
         }
         if ($ifWindows) {
-            $lastUpdateTimespan = New-TimeSpan -Start $global:JCRConfig.globalvars.lastupdate.value -end (Get-Date).ToUniversalTime()
+            $lastUpdateTimespan = New-TimeSpan -Start $global:JCRConfig.globalvars.lastupdate.value -end (Get-Date -Format "o")
         }
         if ($lastUpdateTimespan.TotalHours -gt 24) {
             $update = $true
@@ -247,7 +247,7 @@ function Get-JCRGlobalVars {
                 $Global:JCRRadiusMembers = $radiusMemberList
                 $Global:JCRCertHash = $certHash
                 # update the settings date
-                Set-JCRSettingsFile -globalVarslastUpdate (Get-Date).ToUniversalTime()
+                Set-JCRSettingsFile -globalVarslastUpdate (Get-Date -Format "o")
                 # update users.json
                 Update-JCRUsersJson
             }

From 05e6d59be79f41f0dec0fe0354de555f654bfbe7 Mon Sep 17 00:00:00 2001
From: Geoffrey Wein <geoffrey.wein@jumpcloud.com>
Date: Wed, 8 Jan 2025 16:05:20 -0700
Subject: [PATCH 139/346] fix for one user in usergroup

---
 .../Private/UserTable/Set-UserTable.ps1       |  9 ++++++
 .../Functions/Public/Get-JCRGlobalVars.ps1    | 32 +++++++++----------
 2 files changed, 25 insertions(+), 16 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Private/UserTable/Set-UserTable.ps1 b/scripts/automation/Radius/Functions/Private/UserTable/Set-UserTable.ps1
index 35cd3b884..57a509fd5 100644
--- a/scripts/automation/Radius/Functions/Private/UserTable/Set-UserTable.ps1
+++ b/scripts/automation/Radius/Functions/Private/UserTable/Set-UserTable.ps1
@@ -29,6 +29,15 @@ function Set-UserTable {
     begin {
         # Get User Array:
         $userArray = Get-UserJsonData
+
+        # CUT-3470: Check to see if the userArray is not an array, cast it to one
+        if ($userArray -isnot [array]) {
+            Write-Debug "userArray is $($userArray.GetType().Name), casting to arrayList"
+            $array = New-Object System.Collections.ArrayList
+            $array.add($userArray) | Out-Null
+            $userArray = $array
+        }
+
         if ($PSBoundParameters.ContainsKey('index')) {
             $userIndex = $index
             $userObject = $userArray[$index]
diff --git a/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1 b/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
index a9ecb0f6b..8a153a3b7 100644
--- a/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
+++ b/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
@@ -27,10 +27,10 @@ function Get-JCRGlobalVars {
 
         # get settings file
         if ($IsMacOS) {
-            $lastUpdateTimespan = New-TimeSpan -Start $global:JCRConfig.globalvars.lastupdate -end (Get-Date -Format "o")
+            $lastUpdateTimespan = New-TimeSpan -Start $global:JCRConfig.globalvars.lastupdate -End (Get-Date)
         }
         if ($ifWindows) {
-            $lastUpdateTimespan = New-TimeSpan -Start $global:JCRConfig.globalvars.lastupdate.value -end (Get-Date -Format "o")
+            $lastUpdateTimespan = New-TimeSpan -Start $global:JCRConfig.globalvars.lastupdate.value -End (Get-Date)
         }
         if ($lastUpdateTimespan.TotalHours -gt 24) {
             $update = $true
@@ -145,7 +145,7 @@ function Get-JCRGlobalVars {
                         }
                     }
                     # write out the association hash
-                    $userAssociationList | ConvertTo-Json -Depth 10 |  Out-File "$JCScriptRoot/data/associationHash.json"
+                    $userAssociationList | ConvertTo-Json -Depth 10 | Out-File "$JCScriptRoot/data/associationHash.json"
                 } else {
                     $userAssociationList = Get-Content -Raw -Path "$JCScriptRoot/data/associationHash.json" | ConvertFrom-Json -Depth 6 -AsHashtable
 
@@ -175,7 +175,7 @@ function Get-JCRGlobalVars {
 
                     }
                     # write out the association hash
-                    $userAssociationList | ConvertTo-Json -Depth 10 |  Out-File "$JCScriptRoot/data/associationHash.json"
+                    $userAssociationList | ConvertTo-Json -Depth 10 | Out-File "$JCScriptRoot/data/associationHash.json"
                 }
                 if ($associationUsername) {
                     $userAssociationList = Get-Content -Raw -Path "$JCScriptRoot/data/associationHash.json" | ConvertFrom-Json -Depth 6 -AsHashtable
@@ -220,16 +220,16 @@ function Get-JCRGlobalVars {
                         #
                     }
                     # write out the association hash
-                    $userAssociationList | ConvertTo-Json -Depth 10 |  Out-File "$JCScriptRoot/data/associationHash.json"
+                    $userAssociationList | ConvertTo-Json -Depth 10 | Out-File "$JCScriptRoot/data/associationHash.json"
                 }
                 # update certHash in parallel:
                 $certHash = Get-CertHash
 
                 # finally write out the data to file:
-                $users | ConvertTo-Json -Depth 100 -Compress |  Out-File "$JCScriptRoot/data/userHash.json"
-                $systems | ConvertTo-Json -Depth 10 |  Out-File "$JCScriptRoot/data/systemHash.json"
-                $radiusMemberList | ConvertTo-Json |  Out-File "$JCScriptRoot/data/radiusMembers.json"
-                $certHash | ConvertTo-Json |  Out-File "$JCScriptRoot/data/certHash.json"
+                $users | ConvertTo-Json -Depth 100 -Compress | Out-File "$JCScriptRoot/data/userHash.json"
+                $systems | ConvertTo-Json -Depth 10 | Out-File "$JCScriptRoot/data/systemHash.json"
+                $radiusMemberList | ConvertTo-Json | Out-File "$JCScriptRoot/data/radiusMembers.json"
+                $certHash | ConvertTo-Json | Out-File "$JCScriptRoot/data/certHash.json"
             }
             $false {
                 # write-host "It's been $($lastUpdateTimespan.hours) hours since we last pulled user, system and association data, no need to update"
@@ -244,20 +244,20 @@ function Get-JCRGlobalVars {
                 $Global:JCRUsers = $users
                 $Global:JCRSystems = $systems
                 $Global:JCRAssociations = $userAssociationList
-                $Global:JCRRadiusMembers = $radiusMemberList
+                [array]$Global:JCRRadiusMembers = $radiusMemberList
                 $Global:JCRCertHash = $certHash
                 # update the settings date
-                Set-JCRSettingsFile -globalVarslastUpdate (Get-Date -Format "o")
+                Set-JCRSettingsFile -globalVarslastUpdate (Get-Date)
                 # update users.json
                 Update-JCRUsersJson
             }
             $false {
                 # set global vars from local cache
-                $Global:JCRUsers = Get-Content -path "$JCScriptRoot/data/userHash.json" | ConvertFrom-Json -AsHashtable
-                $Global:JCRSystems = Get-Content -path "$JCScriptRoot/data/systemHash.json" | ConvertFrom-Json -AsHashtable
-                $Global:JCRAssociations = Get-Content -path "$JCScriptRoot/data/associationHash.json" | ConvertFrom-Json -AsHashtable
-                $Global:JCRRadiusMembers = Get-Content -path "$JCScriptRoot/data/radiusMembers.json" | ConvertFrom-Json -AsHashtable
-                $Global:JCRCertHash = Get-Content -path "$JCScriptRoot/data/certHash.json" | ConvertFrom-Json -AsHashtable
+                $Global:JCRUsers = Get-Content -Path "$JCScriptRoot/data/userHash.json" | ConvertFrom-Json -AsHashtable
+                $Global:JCRSystems = Get-Content -Path "$JCScriptRoot/data/systemHash.json" | ConvertFrom-Json -AsHashtable
+                $Global:JCRAssociations = Get-Content -Path "$JCScriptRoot/data/associationHash.json" | ConvertFrom-Json -AsHashtable
+                [array]$Global:JCRRadiusMembers = Get-Content -Path "$JCScriptRoot/data/radiusMembers.json" | ConvertFrom-Json -AsHashtable
+                $Global:JCRCertHash = Get-Content -Path "$JCScriptRoot/data/certHash.json" | ConvertFrom-Json -AsHashtable
                 # update users.json
                 Update-JCRUsersJson
             }

From 2ea6ef66053f8bef4e913495c93596f373c8a9fb Mon Sep 17 00:00:00 2001
From: Geoffrey Wein <geoffrey.wein@jumpcloud.com>
Date: Wed, 8 Jan 2025 16:12:29 -0700
Subject: [PATCH 140/346] Test single user addition

---
 .../Public/Start-GenerateUserCerts.Tests.ps1  | 93 +++++++++++++------
 1 file changed, 67 insertions(+), 26 deletions(-)

diff --git a/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1
index 0b2b1d992..31cb7952a 100644
--- a/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1
@@ -27,10 +27,10 @@ Describe 'Generate User Cert Tests' -Tag "GenerateUserCerts" {
             foreach ($cert in $certs) {
                 $matchingBeforeCert = $certsBefore | Where-Object { $username -eq $cert.username }
                 # Each cert should have a generated date -gt the $timeBefore
-                $cert.generated | should -BeGreaterThan $timeBefore
-                $cert.generated | should -BeGreaterThan $matchingBeforeCert.generated
-                $cert.serial | should -Not -Be $matchingBeforeCert.serial
-                $cert.sha1 | should -Not -Be $matchingBeforeCert.sha1
+                $cert.generated | Should -BeGreaterThan $timeBefore
+                $cert.generated | Should -BeGreaterThan $matchingBeforeCert.generated
+                $cert.serial | Should -Not -Be $matchingBeforeCert.serial
+                $cert.sha1 | Should -Not -Be $matchingBeforeCert.sha1
             }
         }
     }
@@ -61,10 +61,10 @@ Describe 'Generate User Cert Tests' -Tag "GenerateUserCerts" {
             $UserCerts = $certsAfter | Where-Object { $_.Name -match "$($user.username)" }
             # the files and each type of expected cert file should exist
             $UserCerts.Name | Should -Match $user.username
-            $UserCerts.fullname | where-object { $_ -match ".csr" } | Should -exist
-            $UserCerts.fullname | where-object { $_ -match ".pfx" } | Should -exist
-            $UserCerts.fullname | where-object { $_ -match ".crt" } | Should -exist
-            $UserCerts.fullname | where-object { $_ -match ".key" } | Should -exist
+            $UserCerts.fullname | Where-Object { $_ -match ".csr" } | Should -Exist
+            $UserCerts.fullname | Where-Object { $_ -match ".pfx" } | Should -Exist
+            $UserCerts.fullname | Where-Object { $_ -match ".crt" } | Should -Exist
+            $UserCerts.fullname | Where-Object { $_ -match ".key" } | Should -Exist
             # cleanup
             Remove-JCUserGroupMember -GroupID $Global:JCR_USER_GROUP -UserID $user.id
             # update cache
@@ -83,7 +83,7 @@ Describe 'Generate User Cert Tests' -Tag "GenerateUserCerts" {
             . "$JCScriptRoot/Functions/Private/CertDeployment/Get-ExpiringCertInfo.ps1"
             # Set config
             $configPath = "$JCScriptRoot/Config.ps1"
-            $content = Get-Content -path $configPath
+            $content = Get-Content -Path $configPath
             # set the user cert validity to just 10 days
             $content -replace ('\$Global:JCR_USER_CERT_VALIDITY_DAYS = *.+', '$Global:JCR_USER_CERT_VALIDITY_DAYS = 10') | Set-Content -Path $configPath
 
@@ -91,7 +91,7 @@ Describe 'Generate User Cert Tests' -Tag "GenerateUserCerts" {
             Get-JCRGlobalVars -force -skipAssociation
 
             # get user from membership list
-            $RandomUsername = $global:JCRRadiusMembers.username | Get-Random -count 1
+            $RandomUsername = $global:JCRRadiusMembers.username | Get-Random -Count 1
 
             # regenerate user cert
             Start-GenerateUserCerts -type ByUsername -username $($RandomUsername) -forceReplaceCerts
@@ -105,9 +105,9 @@ Describe 'Generate User Cert Tests' -Tag "GenerateUserCerts" {
         }
         It 'Certs that are set to expire soon can be updated programmatically' {
             # at this point expiring certs should be populated from beforeAll block
-            $Global:expiringCerts | Should -not -BeNullOrEmpty
+            $Global:expiringCerts | Should -Not -BeNullOrEmpty
             # reset the validity counter
-            $content = Get-Content -path $configPath
+            $content = Get-Content -Path $configPath
             # set the user cert validity to 90 days
             $content -replace ('\$Global:JCR_USER_CERT_VALIDITY_DAYS = *.+', '$Global:JCR_USER_CERT_VALIDITY_DAYS = 90') | Set-Content -Path $configPath
             # Get the certs before generation minus the .zip if it exists
@@ -130,16 +130,16 @@ Describe 'Generate User Cert Tests' -Tag "GenerateUserCerts" {
                 $beforeWriteTime = (($certsBefore | Where-Object { $_.Name -eq $cert.Name })).LastWriteTime.Ticks
                 $afterWriteTime = (($certsAfter | Where-Object { $_.Name -eq $cert.Name })).LastWriteTime.Ticks
                 # the time written on the cert should be updated
-                $beforeWriteTime | should -Not -Be $afterWriteTime
+                $beforeWriteTime | Should -Not -Be $afterWriteTime
             }
             # the user cert table should have been updated too
             $certInfo = Get-CertInfo -UserCerts -username $RandomUsername
-            $certInfo.count | should -be 1
+            $certInfo.count | Should -Be 1
             $certInfo.generated | Should -BeGreaterThan $dateBefore
         }
         AfterAll {
             # reset the validity counter
-            $content = Get-Content -path $configPath
+            $content = Get-Content -Path $configPath
             # set the user cert validity to 90 days
             $content -replace ('\$Global:JCR_USER_CERT_VALIDITY_DAYS = *.+', '$Global:JCR_USER_CERT_VALIDITY_DAYS = 90') | Set-Content -Path $configPath
         }
@@ -153,7 +153,7 @@ Describe 'Generate User Cert Tests' -Tag "GenerateUserCerts" {
             $user = New-RandomUser -Domain "pesterRadius" | New-JCUser
 
         }
-        it 'A user with a localUsername (SystemUsername) will generate a cert' {
+        It 'A user with a localUsername (SystemUsername) will generate a cert' {
             # manually set the user
             $headers = @{
                 "x-api-key"    = "$env:JCApiKey"
@@ -187,15 +187,15 @@ Describe 'Generate User Cert Tests' -Tag "GenerateUserCerts" {
             # specifically for this test, the username should not be the localUsername (systemUsername)
             $UserCerts.Name | Should -Match $user.username
             $userCerts.Name | Should -Not -Match $response.systemUsername
-            $UserCerts.fullname | where-object { $_ -match ".csr" } | Should -exist
-            $UserCerts.fullname | where-object { $_ -match ".pfx" } | Should -exist
-            $UserCerts.fullname | where-object { $_ -match ".crt" } | Should -exist
-            $UserCerts.fullname | where-object { $_ -match ".key" } | Should -exist
+            $UserCerts.fullname | Where-Object { $_ -match ".csr" } | Should -Exist
+            $UserCerts.fullname | Where-Object { $_ -match ".pfx" } | Should -Exist
+            $UserCerts.fullname | Where-Object { $_ -match ".crt" } | Should -Exist
+            $UserCerts.fullname | Where-Object { $_ -match ".key" } | Should -Exist
 
         }
-        it 'A user with a hyphen in their username will generate a cert' {
+        It 'A user with a hyphen in their username will generate a cert' {
             # manually update the user with a hyphen in their username
-            $user = Set-JCSdkUser -id $($user.id) -username "$($user.username)-$($user.username)"
+            $user = Set-JcSdkUser -Id $($user.id) -Username "$($user.username)-$($user.username)"
             # add a user to the radius Group
             Add-JCUserGroupMember -GroupID $Global:JCR_USER_GROUP -UserID $user.id
             # Get the certs before
@@ -217,10 +217,10 @@ Describe 'Generate User Cert Tests' -Tag "GenerateUserCerts" {
             # the files and each type of expected cert file should exist
             # specifically for this test, the username should not be the localUsername (systemUsername)
             $UserCerts.Name | Should -Match $user.username
-            $UserCerts.fullname | where-object { $_ -match ".csr" } | Should -exist
-            $UserCerts.fullname | where-object { $_ -match ".pfx" } | Should -exist
-            $UserCerts.fullname | where-object { $_ -match ".crt" } | Should -exist
-            $UserCerts.fullname | where-object { $_ -match ".key" } | Should -exist
+            $UserCerts.fullname | Where-Object { $_ -match ".csr" } | Should -Exist
+            $UserCerts.fullname | Where-Object { $_ -match ".pfx" } | Should -Exist
+            $UserCerts.fullname | Where-Object { $_ -match ".crt" } | Should -Exist
+            $UserCerts.fullname | Where-Object { $_ -match ".key" } | Should -Exist
         }
         AfterEach {
             # cleanup
@@ -235,4 +235,45 @@ Describe 'Generate User Cert Tests' -Tag "GenerateUserCerts" {
         }
 
     }
+    Context 'Certs generated when userGroup only contains 1 user' {
+        BeforeAll {
+            # Save users in userGroup to variable for later
+            $RadiusMembers = Get-JCUserGroupMember -GroupID $Global:JCR_USER_GROUP
+
+            # Remove all members from UserGroup
+            $RadiusMembers | ForEach-Object {
+                $userRemoval = Remove-JCUserGroupMember -GroupID $Global:JCR_USER_GROUP -UserID $_.UserID
+            }
+
+            # Add One Member back to the Group
+            $SingleUser = $RadiusMembers | Select-Object -First 1
+            $userAdd = Add-JCUserGroupMember -GroupID $Global:JCR_USER_GROUP -UserID $SingleUser.UserID
+        }
+        It "When the Radius UserGroup only contains 1 user, the generation functions will not error" {
+            # update the cache
+            Get-JCRGlobalVars -force -skipAssociation -associateManually
+
+            Start-Sleep 1
+
+            # the updated Radius Members cache should only contain 1 user
+            $global:JCRRadiusMembers.username.Count | Should -Be 1
+
+            # the new user should be in the membership list:
+            $global:JCRRadiusMembers.username | Should -Contain $SingleUser.username
+
+            # Check for non-terminating errors
+            Start-GenerateUserCerts -type ByUsername -username $($SingleUser.username) -forceReplaceCerts -ErrorVariable err
+            $err.Count | -Should -Be 0
+        }
+        AfterAll {
+            # Remove the single User
+            $userRemoval = Remove-JCUserGroupMember -GroupID $Global:JCR_USER_GROUP -UserID $SingleUser.UserID
+
+            # Add original members back to the UserGroup
+            $userAdd = $RadiusMembers | Add-JCUserGroupMember -GroupID $Global:JCR_USER_GROUP -UserID $_.UserID
+
+            # update cache
+            Get-JCRGlobalVars -force -skipAssociation
+        }
+    }
 }
\ No newline at end of file

From d8cbb2daa5f023d723000f73c5628a065eeba483 Mon Sep 17 00:00:00 2001
From: Geoffrey Wein <geoffrey.wein@jumpcloud.com>
Date: Tue, 14 Jan 2025 09:23:57 -0700
Subject: [PATCH 141/346] fix param

---
 .../Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1
index 31cb7952a..af70f52f1 100644
--- a/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1
@@ -238,7 +238,7 @@ Describe 'Generate User Cert Tests' -Tag "GenerateUserCerts" {
     Context 'Certs generated when userGroup only contains 1 user' {
         BeforeAll {
             # Save users in userGroup to variable for later
-            $RadiusMembers = Get-JCUserGroupMember -GroupID $Global:JCR_USER_GROUP
+            $RadiusMembers = Get-JCUserGroupMember -ByID $Global:JCR_USER_GROUP
 
             # Remove all members from UserGroup
             $RadiusMembers | ForEach-Object {

From fd9606fb3a073d0d299db81e68012f56609d74fa Mon Sep 17 00:00:00 2001
From: Geoffrey Wein <geoffrey.wein@jumpcloud.com>
Date: Tue, 14 Jan 2025 09:54:49 -0700
Subject: [PATCH 142/346] syntax error in test

---
 .../Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1
index af70f52f1..c1c09ddbc 100644
--- a/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1
@@ -263,7 +263,7 @@ Describe 'Generate User Cert Tests' -Tag "GenerateUserCerts" {
 
             # Check for non-terminating errors
             Start-GenerateUserCerts -type ByUsername -username $($SingleUser.username) -forceReplaceCerts -ErrorVariable err
-            $err.Count | -Should -Be 0
+            $err.Count | Should -Be 0
         }
         AfterAll {
             # Remove the single User

From 05a58563cbeb6b3b814c3510eedf18788e435670 Mon Sep 17 00:00:00 2001
From: Geoffrey Wein <geoffrey.wein@jumpcloud.com>
Date: Tue, 14 Jan 2025 14:31:40 -0700
Subject: [PATCH 143/346] foreach

---
 .../Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1
index c1c09ddbc..7354e1301 100644
--- a/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1
@@ -270,7 +270,7 @@ Describe 'Generate User Cert Tests' -Tag "GenerateUserCerts" {
             $userRemoval = Remove-JCUserGroupMember -GroupID $Global:JCR_USER_GROUP -UserID $SingleUser.UserID
 
             # Add original members back to the UserGroup
-            $userAdd = $RadiusMembers | Add-JCUserGroupMember -GroupID $Global:JCR_USER_GROUP -UserID $_.UserID
+            $userAdd = $RadiusMembers | ForEach-Object { Add-JCUserGroupMember -GroupID $Global:JCR_USER_GROUP -UserID $_.UserID }
 
             # update cache
             Get-JCRGlobalVars -force -skipAssociation

From 2286eef03c8950177fc6615271a62cb606eb1f33 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 15 Jan 2025 13:20:12 -0700
Subject: [PATCH 144/346] create a certificate if it's been removed even if
 it's not associated

---
 .../CertDeployment/Deploy-UserCertificate.ps1      | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1 b/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
index df0464f68..6e2d8a4a5 100644
--- a/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
@@ -240,6 +240,13 @@ function Deploy-UserCertificate {
                 if (($workToBeDone.remainingWindowsSDevices) -AND (-Not $workToBeDone.windowsCommandID)) {
                     $workToBeDone.forceGenerateWindowsCommands = $true
                 }
+                # regenerate the cert to keep it on the console:
+                if ((-Not $workToBeDone.remainingMacOSDevices) -AND (-Not $workToBeDone.macOSCommandID)) {
+                    $workToBeDone.forceGenerateMacOSCommands = $true
+                }
+                if ((-Not $workToBeDone.remainingWindowsSDevices) -AND (-Not $workToBeDone.windowsCommandID)) {
+                    $workToBeDone.forceGenerateWindowsCommands = $true
+                }
             } else {
                 # set the remaining devices to the association list from users.json
                 # macOS
@@ -254,6 +261,13 @@ function Deploy-UserCertificate {
                 if (($workToBeDone.remainingWindowsSDevices) -AND (-Not $workToBeDone.windowsCommandID)) {
                     $workToBeDone.forceGenerateWindowsCommands = $true
                 }
+                # regenerate the cert to keep it on the console:
+                if ((-Not $workToBeDone.remainingMacOSDevices) -AND (-Not $workToBeDone.macOSCommandID)) {
+                    $workToBeDone.forceGenerateMacOSCommands = $true
+                }
+                if ((-Not $workToBeDone.remainingWindowsSDevices) -AND (-Not $workToBeDone.windowsCommandID)) {
+                    $workToBeDone.forceGenerateWindowsCommands = $true
+                }
             }
             # now clear out the user command associations from users.json
             $user.commandAssociations = @()

From 7d2ec469131cc658efee1e7b19268cc2a0b7bfe4 Mon Sep 17 00:00:00 2001
From: Ken Maranion <ken.maranion@jumpcloud.com>
Date: Wed, 15 Jan 2025 13:55:12 -0800
Subject: [PATCH 145/346] exit bug + validate ca password entry

---
 .../Private/Menus/Get-ResponsePrompt.ps1      |  3 +-
 .../Public/Start-GenerateRootCert.ps1         | 28 +++++++++++++++++--
 .../Public/Start-GenerateUserCerts.ps1        |  3 ++
 3 files changed, 31 insertions(+), 3 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Private/Menus/Get-ResponsePrompt.ps1 b/scripts/automation/Radius/Functions/Private/Menus/Get-ResponsePrompt.ps1
index cebae7e52..612dfe45c 100644
--- a/scripts/automation/Radius/Functions/Private/Menus/Get-ResponsePrompt.ps1
+++ b/scripts/automation/Radius/Functions/Private/Menus/Get-ResponsePrompt.ps1
@@ -12,8 +12,9 @@ function Get-ResponsePrompt {
         $invokeCommands = Read-Host "$message`nPlease type: 'y'/'n' (or 'E' to return to menu)"
         switch ($invokeCommands) {
             'e' {
+                Write-Host "Returning to Main Menu..."
                 $promptForInvokeInput = $false
-                break
+                return 'exit'
             }
             'n' {
                 return $false
diff --git a/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1 b/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1
index a3f82145a..28d74c533 100644
--- a/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1
+++ b/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1
@@ -42,6 +42,9 @@ Function Start-GenerateRootCert {
                     $false {
                         return
                     }
+                    'exit' {
+                        return
+                    }
                 }
             }
             'cli' {
@@ -57,8 +60,29 @@ Function Start-GenerateRootCert {
     switch ($PSCmdlet.ParameterSetName) {
         'gui' {
             $env:certKeyPassword = ""
-            $secureCertKeyPass = Read-Host -Prompt "Enter a password for the certificate key" -AsSecureString
-            $certKeyPass = ConvertFrom-SecureString $secureCertKeyPass -AsPlainText
+            # Loop until the passwords match
+            do {
+                # Prompt for password
+                $secureCertKeyPass = Read-Host -Prompt "Enter a password for the certificate key" -AsSecureString
+
+                # Reprompt for password
+                $secureCertKeyPass2 = Read-Host -Prompt "Re-enter the password for the certificate key" -AsSecureString
+
+                # Convert SecureString to plain text to validate
+                $plainCertKeyPass = ConvertFrom-SecureString $secureCertKeyPass -AsPlainText
+                Write-Host "plainCertKeyPass: $plainCertKeyPass"
+                $plainCertKeyPass2 = ConvertFrom-SecureString $secureCertKeyPass2 -AsPlainText
+                Write-Host "plainCertKeyPass2: $plainCertKeyPass2"
+
+                # Validate that the passwords match
+                if ($plainCertKeyPass -ne $plainCertKeyPass2) {
+                    Write-Host "Passwords do not match. Please try again." -foregroundcolor Red
+                } else {
+                    Write-Host "Password set successfully" -foregroundcolor Green
+                    $certKeyPass = ConvertFrom-SecureString $secureCertKeyPass -AsPlainText
+                    Write-Host "certKeyPass: $certKeyPass"
+                }
+            } while ($plainCertKeyPass -ne $plainCertKeyPass2)
         }
         'cli' {
             $certKeyPass = $certKeyPassword
diff --git a/scripts/automation/Radius/Functions/Public/Start-GenerateUserCerts.ps1 b/scripts/automation/Radius/Functions/Public/Start-GenerateUserCerts.ps1
index 4317c2f39..6b05c2ad6 100644
--- a/scripts/automation/Radius/Functions/Public/Start-GenerateUserCerts.ps1
+++ b/scripts/automation/Radius/Functions/Public/Start-GenerateUserCerts.ps1
@@ -163,6 +163,9 @@ function Start-GenerateUserCerts {
                             $false {
                                 return
                             }
+                            'exit' {
+                                return
+                            }
                         }
                     }
                 }

From 32ef4ee164f2c32f58534f1e399f9c802b74cee2 Mon Sep 17 00:00:00 2001
From: Ken Maranion <ken.maranion@jumpcloud.com>
Date: Wed, 15 Jan 2025 14:09:43 -0800
Subject: [PATCH 146/346] changelog + messaging

---
 scripts/automation/Radius/Changelog.md                |  1 +
 .../Functions/Public/Start-GenerateRootCert.ps1       | 11 ++++++-----
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/scripts/automation/Radius/Changelog.md b/scripts/automation/Radius/Changelog.md
index be9d20d6d..df6950d2b 100644
--- a/scripts/automation/Radius/Changelog.md
+++ b/scripts/automation/Radius/Changelog.md
@@ -14,6 +14,7 @@ This release offers a significant overhaul for the Radius Cert Deployment tool,
 - Association data is cached up front rather than gathered throughout the script, offering performance improvements for organizations with a large number of radius users
 - Added ability to run each public function headless in order to automate cert generation and distribution
 - Added a table to keep track of generated/deployed certificates when using the tool
+- Added password validation (re-enter) when generating root certificate
 
 ## 1.1.0
 
diff --git a/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1 b/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1
index 28d74c533..1ce2fea50 100644
--- a/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1
+++ b/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1
@@ -63,26 +63,27 @@ Function Start-GenerateRootCert {
             # Loop until the passwords match
             do {
                 # Prompt for password
+                Write-Host "NOTE: Please save your root certificate password in a password manager" -foregroundcolor Yellow
                 $secureCertKeyPass = Read-Host -Prompt "Enter a password for the certificate key" -AsSecureString
 
                 # Reprompt for password
-                $secureCertKeyPass2 = Read-Host -Prompt "Re-enter the password for the certificate key" -AsSecureString
+                $secureCertKeyPass2ReEntry = Read-Host -Prompt "Re-enter the password for the certificate key" -AsSecureString
 
                 # Convert SecureString to plain text to validate
                 $plainCertKeyPass = ConvertFrom-SecureString $secureCertKeyPass -AsPlainText
                 Write-Host "plainCertKeyPass: $plainCertKeyPass"
-                $plainCertKeyPass2 = ConvertFrom-SecureString $secureCertKeyPass2 -AsPlainText
-                Write-Host "plainCertKeyPass2: $plainCertKeyPass2"
+                $plainCertKeyPassReEntry = ConvertFrom-SecureString $secureCertKeyPass2ReEntry -AsPlainText
+                Write-Host "plainCertKeyPassReEntry: $plainCertKeyPassReEntry"
 
                 # Validate that the passwords match
-                if ($plainCertKeyPass -ne $plainCertKeyPass2) {
+                if ($plainCertKeyPass -ne $plainCertKeyPassReEntry) {
                     Write-Host "Passwords do not match. Please try again." -foregroundcolor Red
                 } else {
                     Write-Host "Password set successfully" -foregroundcolor Green
                     $certKeyPass = ConvertFrom-SecureString $secureCertKeyPass -AsPlainText
                     Write-Host "certKeyPass: $certKeyPass"
                 }
-            } while ($plainCertKeyPass -ne $plainCertKeyPass2)
+            } while ($plainCertKeyPass -ne $plainCertKeyPassReEntry)
         }
         'cli' {
             $certKeyPass = $certKeyPassword

From d75f472822d2cae1aaf5891fc97a0d0f6dfd4d44 Mon Sep 17 00:00:00 2001
From: Ken Maranion <ken.maranion@jumpcloud.com>
Date: Wed, 15 Jan 2025 14:18:49 -0800
Subject: [PATCH 147/346] hide write-host

---
 .../Radius/Functions/Public/Start-GenerateRootCert.ps1           | 1 -
 1 file changed, 1 deletion(-)

diff --git a/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1 b/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1
index 1ce2fea50..55557df30 100644
--- a/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1
+++ b/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1
@@ -81,7 +81,6 @@ Function Start-GenerateRootCert {
                 } else {
                     Write-Host "Password set successfully" -foregroundcolor Green
                     $certKeyPass = ConvertFrom-SecureString $secureCertKeyPass -AsPlainText
-                    Write-Host "certKeyPass: $certKeyPass"
                 }
             } while ($plainCertKeyPass -ne $plainCertKeyPassReEntry)
         }

From 3f995281dd7fc20b84693e8e4198615c4f6a14fd Mon Sep 17 00:00:00 2001
From: Ken Maranion <ken.maranion@jumpcloud.com>
Date: Wed, 15 Jan 2025 14:20:49 -0800
Subject: [PATCH 148/346] fix

---
 .../Radius/Functions/Public/Start-GenerateRootCert.ps1          | 2 --
 1 file changed, 2 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1 b/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1
index 55557df30..d2b8edf93 100644
--- a/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1
+++ b/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1
@@ -71,9 +71,7 @@ Function Start-GenerateRootCert {
 
                 # Convert SecureString to plain text to validate
                 $plainCertKeyPass = ConvertFrom-SecureString $secureCertKeyPass -AsPlainText
-                Write-Host "plainCertKeyPass: $plainCertKeyPass"
                 $plainCertKeyPassReEntry = ConvertFrom-SecureString $secureCertKeyPass2ReEntry -AsPlainText
-                Write-Host "plainCertKeyPassReEntry: $plainCertKeyPassReEntry"
 
                 # Validate that the passwords match
                 if ($plainCertKeyPass -ne $plainCertKeyPassReEntry) {

From e43e0279a1a9d51168c64ee821f506556e60e3b1 Mon Sep 17 00:00:00 2001
From: Ken Maranion <ken.maranion@jumpcloud.com>
Date: Tue, 28 Jan 2025 20:45:28 -0800
Subject: [PATCH 149/346] root cert menu

---
 .gitignore                                    |   3 +
 scripts/automation/Radius/Changelog.md        |   7 +-
 .../Private/Menus/Get-ResponsePrompt.ps1      |  19 +-
 .../Private/Menus/Show-RadiusMainMenu.ps1     |  17 +-
 .../Menus/Show-RootCAGenerationMenu.ps1       |  42 ++
 .../Public/Start-GenerateRootCert.ps1         | 384 +++++++++++++++---
 .../Public/Start-GenerateRootCert.Tests.ps1   |  85 +++-
 7 files changed, 477 insertions(+), 80 deletions(-)
 create mode 100644 scripts/automation/Radius/Functions/Private/Menus/Show-RootCAGenerationMenu.ps1

diff --git a/.gitignore b/.gitignore
index 01806df1c..9ee439031 100644
--- a/.gitignore
+++ b/.gitignore
@@ -18,6 +18,9 @@
 /scripts/automation/Radius/users.json
 /scripts/automation/Radius/settings.json
 /scripts/automation/Radius/data/*
+/scripts/automation/Radius/Cert/Backups/*.pem
+/scripts/automation/Radius/Cert/Backups/*.zip
+
 __pycache__/
 *.pyc
 # Ignore PWSH CSV Import/Update Files:
diff --git a/scripts/automation/Radius/Changelog.md b/scripts/automation/Radius/Changelog.md
index df6950d2b..d8c63b931 100644
--- a/scripts/automation/Radius/Changelog.md
+++ b/scripts/automation/Radius/Changelog.md
@@ -1,6 +1,6 @@
 ## 2.0.0
 
-Release Date: January 5, 2024
+Release Date: January 28, 2024
 
 #### RELEASE NOTES
 
@@ -15,6 +15,11 @@ This release offers a significant overhaul for the Radius Cert Deployment tool,
 - Added ability to run each public function headless in order to automate cert generation and distribution
 - Added a table to keep track of generated/deployed certificates when using the tool
 - Added password validation (re-enter) when generating root certificate
+- Added Start-GenerateRootCert menu
+  - Functionalities added
+    - New: creates new root cert. If there is an existing root cert, user gets prompted to overwrite the cert
+    - Replace: replaces the current cert. If you replace root cert, it will contain a different serial number and user certs generated with the previous CA will no longer authenticate
+    - Renew: renewing the root CA will contain the same serial number and CA subject headers. User certs generated with the previous CA will continue to authenticate.
 
 ## 1.1.0
 
diff --git a/scripts/automation/Radius/Functions/Private/Menus/Get-ResponsePrompt.ps1 b/scripts/automation/Radius/Functions/Private/Menus/Get-ResponsePrompt.ps1
index 612dfe45c..385bb9208 100644
--- a/scripts/automation/Radius/Functions/Private/Menus/Get-ResponsePrompt.ps1
+++ b/scripts/automation/Radius/Functions/Private/Menus/Get-ResponsePrompt.ps1
@@ -3,16 +3,27 @@ function Get-ResponsePrompt {
     param (
         [Parameter(HelpMessage = "The message prompt to display to the console", Mandatory)]
         [System.String]
-        $message
+        $message,
+        [Parameter(HelpMessage = "Change messaging if running in CLI")]
+        [System.Boolean]
+        $cli = $false
     )
 
 
     $promptForInvokeInput = $true
     while ($promptForInvokeInput) {
-        $invokeCommands = Read-Host "$message`nPlease type: 'y'/'n' (or 'E' to return to menu)"
+        if ($cli) {
+            $invokeCommands = Read-Host "$message`nPlease type: 'y'/'n' (or 'E' to exit)"
+        } else {
+            $invokeCommands = Read-Host "$message`nPlease type: 'y'/'n' (or 'E' to return to Main Menu)"
+        }
         switch ($invokeCommands) {
             'e' {
-                Write-Host "Returning to Main Menu..."
+                if ($cli) {
+                    Write-Host "Exiting..."
+                } else {
+                    Write-Host "Returning to Main Menu..."
+                }
                 $promptForInvokeInput = $false
                 return 'exit'
             }
@@ -23,7 +34,7 @@ function Get-ResponsePrompt {
                 return $true
             }
             default {
-                write-host "Invalid input`nPlease type 'y'/ 'n' (or 'E' to return to menu)"
+                write-host "Invalid input`nPlease type 'y'/ 'n' (or 'E' to exit)"
             }
         }
     }
diff --git a/scripts/automation/Radius/Functions/Private/Menus/Show-RadiusMainMenu.ps1 b/scripts/automation/Radius/Functions/Private/Menus/Show-RadiusMainMenu.ps1
index c5ab5e7a7..1e6e6e6e5 100644
--- a/scripts/automation/Radius/Functions/Private/Menus/Show-RadiusMainMenu.ps1
+++ b/scripts/automation/Radius/Functions/Private/Menus/Show-RadiusMainMenu.ps1
@@ -46,25 +46,14 @@ function Show-RadiusMainMenu {
     Write-Host $(PadCenter -string "Radius User Group: $($radiusUserGroup.Name)" -char " ") -ForegroundColor Green
     Write-Host $(PadCenter -string "Total Radius Users: $($radiusUserGroupMemberCount)" -char " ") -ForegroundColor Green
     Write-Host $(PadCenter -string "Radius SSID(s): $radiusSSID" -char " ") -ForegroundColor Green
-    if ($IsMacOS){
+    if ($IsMacOS) {
         Write-Host $(PadCenter -string "Last Updated User/System Data: $($Global:JCRConfig.globalVars.lastupdate)" -char " ") -ForegroundColor Green
-    } If ($isWindows){
+    } If ($isWindows) {
         Write-Host $(PadCenter -string "Last Updated User/System Data: $($Global:JCRConfig.globalVars.lastupdate.value)" -char " ") -ForegroundColor Green
     }
-    # Write-Host "`n"
-    # if ($radiusSSID.count -gt 1) {
-    #     Write-Host $(PadCenter -string "Radius SSIDs:" -char " ") -ForegroundColor Green
-    #     $radiusSSID | ForEach-Object {
-    #         Write-Host $(PadCenter -string $_ -char " ") -ForegroundColor Green
-    #     }
-    # } else {
-    #     Write-Host $(PadCenter -string "Radius SSID: $radiusSSID" -char " ") -ForegroundColor Green
-    #     Write-Host "`n"
-    # }
-    # /==== GROUP/SSID ====
 
     Write-Host $(PadCenter -string "-" -char '-')
-    Write-Host "1: Press '1' to generate your Root Certificate."
+    Write-Host "1: Press '1' to generate/update your Root Certificate."
     Write-Host "2: Press '2' to generate/update your User Certificate(s)."
     Write-Host "3: Press '3' to distribute your User Certificate(s)."
     Write-Host "4: Press '4' to monitor your User Certification Distribution."
diff --git a/scripts/automation/Radius/Functions/Private/Menus/Show-RootCAGenerationMenu.ps1 b/scripts/automation/Radius/Functions/Private/Menus/Show-RootCAGenerationMenu.ps1
new file mode 100644
index 000000000..657566a5d
--- /dev/null
+++ b/scripts/automation/Radius/Functions/Private/Menus/Show-RootCAGenerationMenu.ps1
@@ -0,0 +1,42 @@
+function Show-RootCAGenerationMenu {
+    $title = ' JumpCloud Radius Root CA Cert Deployment '
+    Clear-Host
+    Write-Host $(PadCenter -string $Title -char '=')
+    Write-Host $(PadCenter -string "Select an option below to generate/regenerate root certificate`n" -char ' ') -ForegroundColor Yellow
+
+    $rootCAInfo = Get-CertInfo -rootCa
+    Write-Host $(PadCenter -string ' Root CA ' -char '-')
+    if ($rootCAInfo -eq $null) {
+        Write-Host $(PadCenter -string "No Root CA detected`n" -char ' ') -ForegroundColor Yellow
+    } else {
+        Write-Host $(PadCenter -string "Root CA Serial Number: $($rootCAInfo.serial)" -char ' ') -ForegroundColor Green
+        Write-Host $(PadCenter -string "Root CA Expiration: $($rootCAInfo.notAfter)`n" -char ' ') -ForegroundColor Green
+
+        # If root CA is expiring within 30 days, display warning
+        $expirationDate = [datetime]$rootCAInfo.notAfter
+        $currentDate = Get-Date
+        $daysRemaining = ($expirationDate - $currentDate).Days
+
+        # Check if expiration is less root cert warning days
+        if ($daysRemaining -lt $JCR_ROOT_CERT_Expire_Warning_Days) {
+            Write-Host $(PadCenter -string "WARNING: The root certificate is expiring in $daysRemaining day(s) on $expirationDate! Please press '3' to regenerate your root cert.") -ForegroundColor Yellow
+        }
+    }
+
+
+    Write-Host $(PadCenter -string ' Root Certificate Generation Options ' -char '-')
+    # List Options
+    # Generate new root CA
+    Write-Host "1: Press '1' to generate new root certificate. `n`t$([char]0x1b)[96mNOTE: you will be prompted to overwrite any previously generated certificates. This will generate a new root CA with a new serial number and user certs generated with the previous CA will no longer authenticate."
+
+    # Replace root CA
+    Write-Host "2: Press '2' to replace current root certificate. `n`t$([char]0x1b)[96mNOTE: if you replace root CA it will contain a different serial number and user certs generated with the previous CA will no longer authenticate."
+
+    # Regenerate with the same serial number
+    Write-Host "3: Press '3' to renew root certificate. `n`t$([char]0x1b)[96mNOTE: renewing the root CA will contain the same serial number and CA subject headers. User certs generated with the previous CA will continue to authenticate."
+
+    # Return to main menu
+    Write-Host "E: Press 'E' to return to main menu."
+
+    Write-Host $(PadCenter -string "-" -char '-')
+}
\ No newline at end of file
diff --git a/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1 b/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1
index d2b8edf93..3b3f8f2cd 100644
--- a/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1
+++ b/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1
@@ -4,8 +4,23 @@ Function Start-GenerateRootCert {
         # Cert Key Password
         [Parameter(HelpMessage = 'The root certificate key password', ParameterSetName = 'cli')]
         [string]
-        $certKeyPassword
+        $certKeyPassword,
+        # Parameter to "New" or "Replace" the root certificate validateSet ('1', '2', '3', 'E')
+        [Parameter(HelpMessage = 'Select an option to generate or replace the root certificate', ParameterSetName = 'cli')]
+        [ValidateSet('New', 'Replace', 'Renew')]
+        [string] $GenerateType = 'New',
+        # Force invoke commands after generation
+        [Parameter(HelpMessage = 'When specified, this parameter will replace certificates if they already exist on the current filesystem', ParameterSetName = 'cli')]
+        [switch]
+        $forceReplaceCert
+
+
     )
+
+    $CertPath = Resolve-Path "$JCScriptRoot/Cert"
+    $outKey = "$CertPath/radius_ca_key.pem"
+    $outCA = "$CertPath/radius_ca_cert.pem"
+    $timestamp = Get-Date -Format "yyyyMMddHHmmss"
     # this script will generate a Self Signed CA (root cert) to be imported on the
     # Radius CBA-BYO Authentication UI
 
@@ -29,15 +44,106 @@ Function Start-GenerateRootCert {
         Write-Host "Creating Cert Path"
         New-Item -ItemType Directory -Path "$JCScriptRoot/Cert"
     }
-    # Check if cert exists, prompt user to overwrite with a while loop
-    if (Test-Path -Path "$JCScriptRoot/Cert/radius_ca_cert.pem") {
-        Write-Host "CA Cert already exists"
-        switch ($PSCmdlet.ParameterSetName) {
-            'gui' {
-                $overwrite = Get-ResponsePrompt -message "Do you want to overwrite the existing CA Cert?"
+
+    # If parameterSetname is CLI
+    if ($PSCmdlet.ParameterSetName -eq 'cli') {
+        switch ($GenerateType) {
+            'New' {
+                $selection = 1
+            }
+            'Replace' {
+                $selection = 2
+            }
+            'Renew' {
+                $selection = 3
+            }
+        }
+    } else {
+        Show-RootCAGenerationMenu
+        $selection = Read-Host "Please make a selection"
+    }
+
+
+
+    switch ($selection) {
+        # Generate new root certificate
+        '1' {
+            if (Test-Path -Path "$JCScriptRoot/Cert/radius_ca_cert.pem") {
+                Write-Host "Root Cert already exists"
+                # If the forceReplaceCert switch is set, force the generation of a new root certificate
+                if (!$forceReplaceCert) {
+                    if ($PSCmdlet.ParameterSetName -eq 'cli') {
+                        $overwrite = Get-ResponsePrompt -message "Do you want to overwrite the existing CA Cert? This will generate a new root CA with a new serial number and user certs generated with the previous CA will no longer authenticate." -cli $true
+                    } else {
+                        $overwrite = Get-ResponsePrompt -message "Do you want to overwrite the existing CA Cert? This will generate a new root CA with a new serial number and user certs generated with the previous CA will no longer authenticate."
+                    }
+
+                } else {
+                    $overwrite = $true
+                }
                 switch ($overwrite) {
                     $true {
-                        continue
+                        Write-Host "Overwriting Root Cert..." -ForegroundColor Yellow
+
+                        switch ($PSCmdlet.ParameterSetName) {
+                            'gui' {
+                                $env:certKeyPassword = ""
+                                # Loop until the passwords match
+                                do {
+                                    # Prompt for password
+                                    Write-Host "NOTE: Please save your root certificate password in a password manager" -foregroundcolor Yellow
+                                    $secureCertKeyPass = Read-Host -Prompt "Enter a password for the certificate key" -AsSecureString
+
+                                    # Reprompt for password
+                                    $secureCertKeyPass2ReEntry = Read-Host -Prompt "Re-enter the password for the certificate key" -AsSecureString
+
+                                    # Convert SecureString to plain text to validate
+                                    $plainCertKeyPass = ConvertFrom-SecureString $secureCertKeyPass -AsPlainText
+                                    $plainCertKeyPassReEntry = ConvertFrom-SecureString $secureCertKeyPass2ReEntry -AsPlainText
+
+                                    # Validate that the passwords match
+                                    if ($plainCertKeyPass -ne $plainCertKeyPassReEntry) {
+                                        Write-Host "Passwords do not match. Please try again." -foregroundcolor Red
+                                    } else {
+                                        Write-Host "Password set successfully" -foregroundcolor Green
+                                        $certKeyPass = ConvertFrom-SecureString $secureCertKeyPass -AsPlainText
+                                    }
+                                } while ($plainCertKeyPass -ne $plainCertKeyPassReEntry)
+                            }
+                            'cli' {
+                                $certKeyPass = $certKeyPassword
+                            }
+                        }
+
+                        # Copy the current root cert to the backups folder
+                        try {
+                            Copy-Item -Path "$CertPath/radius_ca_cert.pem" -Destination "$CertPath/Backups/radius_ca_cert_$timestamp.pem"
+                        } catch {
+                            Write-Error "Error backing up the current root cert. $($_.Exception.Message)"
+                        }
+                        # Save the pass phrase in the env:
+                        $env:certKeyPassword = $certKeyPass
+                        Invoke-Expression "$JCR_OPENSSL req -x509 -newkey rsa:2048 -days $JCR_ROOT_CERT_VALIDITY_DAYS -keyout `"$outKey`" -out `"$outCA`" -passout pass:$($env:certKeyPassword) -subj /C=$($JCR_SUBJECT_HEADERS.countryCode)/ST=$($JCR_SUBJECT_HEADERS.stateCode)/L=$($JCR_SUBJECT_HEADERS.Locality)/O=$($JCR_SUBJECT_HEADERS.Organization)/OU=$($JCR_SUBJECT_HEADERS.OrganizationUnit)/CN=$($JCR_SUBJECT_HEADERS.CommonName)"
+                        # REM PEM pass phrase: myorgpass
+                        Invoke-Expression "$JCR_OPENSSL x509 -in `"$outCA`" -noout -text"
+                        # openssl x509 -in ca-cert.pem -noout -text
+                        # Update Extensions Distinguished Names:
+                        $exts = Get-ChildItem -Path "$JCScriptRoot/Extensions"
+                        foreach ($ext in $exts) {
+                            Write-Host "Updating Subject Headers for $($ext.Name)"
+                            $extContent = Get-Content -Path $ext.FullName -Raw
+                            $reqDistinguishedName = @"
+[req_distinguished_name]
+C = $($JCR_SUBJECT_HEADERS.countryCode)
+ST = $($JCR_SUBJECT_HEADERS.stateCode)
+L = $($JCR_SUBJECT_HEADERS.Locality)
+O = $($JCR_SUBJECT_HEADERS.Organization)
+OU = $($JCR_SUBJECT_HEADERS.OrganizationUnit)
+CN = $($JCR_SUBJECT_HEADERS.CommonName)
+
+"@
+                            $extContent -Replace ("\[req_distinguished_name\][\s\S]*(?=\[v3_req\])", $reqDistinguishedName) | Set-Content -Path $ext.FullName -NoNewline -Force
+                        }
                     }
                     $false {
                         return
@@ -46,58 +152,144 @@ Function Start-GenerateRootCert {
                         return
                     }
                 }
-            }
-            'cli' {
 
+            } else {
+                # Generate new root certificate
+                Write-Host "Generating new CA Cert..."
+
+                switch ($PSCmdlet.ParameterSetName) {
+                    'gui' {
+                        $env:certKeyPassword = ""
+                        # Loop until the passwords match
+                        do {
+                            # Prompt for password
+                            Write-Host "NOTE: Please save your root certificate password in a password manager" -foregroundcolor Yellow
+                            $secureCertKeyPass = Read-Host -Prompt "Enter a password for the certificate key" -AsSecureString
+
+                            # Reprompt for password
+                            $secureCertKeyPass2ReEntry = Read-Host -Prompt "Re-enter the password for the certificate key" -AsSecureString
+
+                            # Convert SecureString to plain text to validate
+                            $plainCertKeyPass = ConvertFrom-SecureString $secureCertKeyPass -AsPlainText
+                            $plainCertKeyPassReEntry = ConvertFrom-SecureString $secureCertKeyPass2ReEntry -AsPlainText
+
+                            # Validate that the passwords match
+                            if ($plainCertKeyPass -ne $plainCertKeyPassReEntry) {
+                                Write-Host "Passwords do not match. Please try again." -foregroundcolor Red
+                            } else {
+                                Write-Host "Password set successfully" -foregroundcolor Green
+                                $certKeyPass = ConvertFrom-SecureString $secureCertKeyPass -AsPlainText
+                            }
+                        } while ($plainCertKeyPass -ne $plainCertKeyPassReEntry)
+                    }
+                    'cli' {
+                        $certKeyPass = $certKeyPassword
+                    }
+                }
+                # Save the pass phrase in the env:
+                $env:certKeyPassword = $certKeyPass
+                Invoke-Expression "$JCR_OPENSSL req -x509 -newkey rsa:2048 -days $JCR_ROOT_CERT_VALIDITY_DAYS -keyout `"$outKey`" -out `"$outCA`" -passout pass:$($env:certKeyPassword) -subj /C=$($JCR_SUBJECT_HEADERS.countryCode)/ST=$($JCR_SUBJECT_HEADERS.stateCode)/L=$($JCR_SUBJECT_HEADERS.Locality)/O=$($JCR_SUBJECT_HEADERS.Organization)/OU=$($JCR_SUBJECT_HEADERS.OrganizationUnit)/CN=$($JCR_SUBJECT_HEADERS.CommonName)"
+                # REM PEM pass phrase: myorgpass
+                Invoke-Expression "$JCR_OPENSSL x509 -in `"$outCA`" -noout -text"
+                # openssl x509 -in ca-cert.pem -noout -text
+                # Update Extensions Distinguished Names:
+                $exts = Get-ChildItem -Path "$JCScriptRoot/Extensions"
+                foreach ($ext in $exts) {
+                    Write-Host "Updating Subject Headers for $($ext.Name)"
+                    $extContent = Get-Content -Path $ext.FullName -Raw
+                    $reqDistinguishedName = @"
+    [req_distinguished_name]
+    C = $($JCR_SUBJECT_HEADERS.countryCode)
+    ST = $($JCR_SUBJECT_HEADERS.stateCode)
+    L = $($JCR_SUBJECT_HEADERS.Locality)
+    O = $($JCR_SUBJECT_HEADERS.Organization)
+    OU = $($JCR_SUBJECT_HEADERS.OrganizationUnit)
+    CN = $($JCR_SUBJECT_HEADERS.CommonName)
+
+"@
+                    $extContent -Replace ("\[req_distinguished_name\][\s\S]*(?=\[v3_req\])", $reqDistinguishedName) | Set-Content -Path $ext.FullName -NoNewline -Force
+                }
+                return
             }
         }
-    }
-    $CertPath = Resolve-Path "$JCScriptRoot/Cert"
-    $outKey = "$CertPath/radius_ca_key.pem"
-    $outCA = "$CertPath/radius_ca_cert.pem"
-    # Ask the user to enter a pass phrase for the CA key:
-    # Clear the pass phrase from the env:
-    switch ($PSCmdlet.ParameterSetName) {
-        'gui' {
-            $env:certKeyPassword = ""
-            # Loop until the passwords match
-            do {
-                # Prompt for password
-                Write-Host "NOTE: Please save your root certificate password in a password manager" -foregroundcolor Yellow
-                $secureCertKeyPass = Read-Host -Prompt "Enter a password for the certificate key" -AsSecureString
-
-                # Reprompt for password
-                $secureCertKeyPass2ReEntry = Read-Host -Prompt "Re-enter the password for the certificate key" -AsSecureString
-
-                # Convert SecureString to plain text to validate
-                $plainCertKeyPass = ConvertFrom-SecureString $secureCertKeyPass -AsPlainText
-                $plainCertKeyPassReEntry = ConvertFrom-SecureString $secureCertKeyPass2ReEntry -AsPlainText
-
-                # Validate that the passwords match
-                if ($plainCertKeyPass -ne $plainCertKeyPassReEntry) {
-                    Write-Host "Passwords do not match. Please try again." -foregroundcolor Red
+        # Replace current root certificate
+        '2' {
+            # Check if there is a current CA cert
+            if (Test-Path -Path "$JCScriptRoot/Cert/radius_ca_cert.pem") {
+
+                if (!$forceReplaceCert) {
+                    $overwrite = Get-ResponsePrompt -message "Do you want to overwrite/replace the existing CA Cert? This will generate a new root CA with a new serial number and user certs generated with the previous CA will no longer authenticate."
+
+                    if ($PSCmdlet.ParameterSetName -eq 'cli') {
+                        $overwrite = Get-ResponsePrompt -message "Do you want to overwrite/replace the existing CA Cert? This will generate a new root CA with a new serial number and user certs generated with the previous CA will no longer authenticate." -cli $true
+                    } else {
+                        $overwrite = Get-ResponsePrompt -message "Do you want to overwrite/replace the existing CA Cert? This will generate a new root CA with a new serial number and user certs generated with the previous CA will no longer authenticate."
+                    }
                 } else {
-                    Write-Host "Password set successfully" -foregroundcolor Green
-                    $certKeyPass = ConvertFrom-SecureString $secureCertKeyPass -AsPlainText
+                    $overwrite = $true
                 }
-            } while ($plainCertKeyPass -ne $plainCertKeyPassReEntry)
-        }
-        'cli' {
-            $certKeyPass = $certKeyPassword
-        }
-    }
-    # Save the pass phrase in the env:
-    $env:certKeyPassword = $certKeyPass
-    Invoke-Expression "$JCR_OPENSSL req -x509 -newkey rsa:2048 -days $JCR_ROOT_CERT_VALIDITY_DAYS -keyout `"$outKey`" -out `"$outCA`" -passout pass:$($env:certKeyPassword) -subj /C=$($JCR_SUBJECT_HEADERS.countryCode)/ST=$($JCR_SUBJECT_HEADERS.stateCode)/L=$($JCR_SUBJECT_HEADERS.Locality)/O=$($JCR_SUBJECT_HEADERS.Organization)/OU=$($JCR_SUBJECT_HEADERS.OrganizationUnit)/CN=$($JCR_SUBJECT_HEADERS.CommonName)"
-    # REM PEM pass phrase: myorgpass
-    Invoke-Expression "$JCR_OPENSSL x509 -in `"$outCA`" -noout -text"
-    # openssl x509 -in ca-cert.pem -noout -text
-    # Update Extensions Distinguished Names:
-    $exts = Get-ChildItem -Path "$JCScriptRoot/Extensions"
-    foreach ($ext in $exts) {
-        Write-Host "Updating Subject Headers for $($ext.Name)"
-        $extContent = Get-Content -Path $ext.FullName -Raw
-        $reqDistinguishedName = @"
+
+
+                switch ($overwrite) {
+                    $true {
+                        Write-Host "Replacing Root Cert..." -ForegroundColor Yellow
+                        switch ($PSCmdlet.ParameterSetName) {
+                            'gui' {
+                                $env:certKeyPassword = ""
+                                # Loop until the passwords match
+                                do {
+                                    # Prompt for password
+                                    Write-Host "NOTE: Please save your root certificate password in a password manager" -foregroundcolor Yellow
+                                    $secureCertKeyPass = Read-Host -Prompt "Enter a password for the certificate key" -AsSecureString
+
+                                    # Reprompt for password
+                                    $secureCertKeyPass2ReEntry = Read-Host -Prompt "Re-enter the password for the certificate key" -AsSecureString
+
+                                    # Convert SecureString to plain text to validate
+                                    $plainCertKeyPass = ConvertFrom-SecureString $secureCertKeyPass -AsPlainText
+                                    $plainCertKeyPassReEntry = ConvertFrom-SecureString $secureCertKeyPass2ReEntry -AsPlainText
+
+                                    # Validate that the passwords match
+                                    if ($plainCertKeyPass -ne $plainCertKeyPassReEntry) {
+                                        Write-Host "Passwords do not match. Please try again." -foregroundcolor Red
+                                    } else {
+                                        Write-Host "Password set successfully" -foregroundcolor Green
+                                        $certKeyPass = ConvertFrom-SecureString $secureCertKeyPass -AsPlainText
+                                    }
+                                } while ($plainCertKeyPass -ne $plainCertKeyPassReEntry)
+                            }
+                            'cli' {
+                                $certKeyPass = $certKeyPassword
+                            }
+                        }
+                        # Copy the current root cert to the backups folder
+                        try {
+                            Copy-Item -Path "$CertPath/radius_ca_cert.pem" -Destination "$CertPath/Backups/radius_ca_cert_$timestamp.pem"
+                            Copy-Item -Path "$CertPath/radius_ca_key.pem" -Destination "$CertPath/Backups/radius_ca_key_$timestamp.pem"
+
+                            # Zip the root cert and key files
+                            $zipPath = "$CertPath/Backups/replace_radius_ca_cert_backup_$timestamp.zip"
+                            Compress-Archive -Path "$CertPath/Backups/radius_ca_cert_$timestamp.pem", "$CertPath/Backups/radius_ca_key_$timestamp.pem" -DestinationPath $zipPath
+
+                            # Remove the original files
+                            Remove-Item -Path "$CertPath/Backups/radius_ca_cert_$timestamp.pem"
+                            Remove-Item -Path "$CertPath/Backups/radius_ca_key_$timestamp.pem"
+                        } catch {
+                            Write-Error "Error backing up the current root cert and key. $($_.Exception.Message)"
+                        }
+
+                        # Save the pass phrase in the env:
+                        $env:certKeyPassword = $certKeyPass
+                        Invoke-Expression "$JCR_OPENSSL req -x509 -newkey rsa:2048 -days $JCR_ROOT_CERT_VALIDITY_DAYS -keyout `"$outKey`" -out `"$outCA`" -passout pass:$($env:certKeyPassword) -subj /C=$($JCR_SUBJECT_HEADERS.countryCode)/ST=$($JCR_SUBJECT_HEADERS.stateCode)/L=$($JCR_SUBJECT_HEADERS.Locality)/O=$($JCR_SUBJECT_HEADERS.Organization)/OU=$($JCR_SUBJECT_HEADERS.OrganizationUnit)/CN=$($JCR_SUBJECT_HEADERS.CommonName)"
+                        # REM PEM pass phrase: myorgpass
+                        Invoke-Expression "$JCR_OPENSSL x509 -in `"$outCA`" -noout -text"
+                        # openssl x509 -in ca-cert.pem -noout -text
+                        # Update Extensions Distinguished Names:
+                        $exts = Get-ChildItem -Path "$JCScriptRoot/Extensions"
+                        foreach ($ext in $exts) {
+                            Write-Host "Updating Subject Headers for $($ext.Name)"
+                            $extContent = Get-Content -Path $ext.FullName -Raw
+                            $reqDistinguishedName = @"
 [req_distinguished_name]
 C = $($JCR_SUBJECT_HEADERS.countryCode)
 ST = $($JCR_SUBJECT_HEADERS.stateCode)
@@ -107,6 +299,86 @@ OU = $($JCR_SUBJECT_HEADERS.OrganizationUnit)
 CN = $($JCR_SUBJECT_HEADERS.CommonName)
 
 "@
-        $extContent -Replace ("\[req_distinguished_name\][\s\S]*(?=\[v3_req\])", $reqDistinguishedName) | Set-Content -Path $ext.FullName -NoNewline -Force
+                            $extContent -Replace ("\[req_distinguished_name\][\s\S]*(?=\[v3_req\])", $reqDistinguishedName) | Set-Content -Path $ext.FullName -NoNewline -Force
+                        }
+                        return
+                    }
+                    $false {
+                        return
+                    }
+                    'exit' {
+                        return
+                    }
+                }
+
+
+            } else {
+                Write-Host "No Root Cert detected. Please generate a new CA Cert. Returning to main menu..." -ForegroundColor Yellow
+                return
+            }
+
+        }
+        '3' {
+            # Check if there is a current CA cert
+            if (Test-Path -Path "$JCScriptRoot/Cert/radius_ca_cert.pem") {
+
+                # Copy the current root cert to the backups folder and zip it
+                try {
+                    Copy-Item -Path "$CertPath/radius_ca_cert.pem" -Destination "$CertPath/Backups/radius_ca_cert_$timestamp.pem"
+                    Copy-Item -Path "$CertPath/radius_ca_key.pem" -Destination "$CertPath/Backups/radius_ca_key_$timestamp.pem"
+
+                    # Zip the root cert and key files
+                    $zipPath = "$CertPath/Backups/replace_radius_ca_cert_backup_$timestamp.zip"
+                    Compress-Archive -Path "$CertPath/Backups/radius_ca_cert_$timestamp.pem", "$CertPath/Backups/radius_ca_key_$timestamp.pem" -DestinationPath $zipPath
+
+                    # Remove the original files
+                    Remove-Item -Path "$CertPath/Backups/radius_ca_cert_$timestamp.pem"
+                    Remove-Item -Path "$CertPath/Backups/radius_ca_key_$timestamp.pem"
+                } catch {
+                    Write-Error "Error backing up the current root cert and key. $($_.Exception.Message)"
+                }
+
+                $oldCACert = "$CertPath/Backups/radius_ca_cert_$timestamp.pem"
+                $csrOutPath = "$CertPath/radius_ca_cert.csr"
+
+                $select = openssl x509 -in $oldCACert -serial -noout | Select-String -Pattern "serial=(.*)"
+                $serial = $select.Matches.Groups[1].value
+                Write-Host $serial
+
+                openssl x509 -x509toreq -in $oldCACert -signkey $outKey -out $csrOutPath
+                # Create path for cert2.conf
+                $certConfPath = "$CertPath/radius_ca_cert2.conf"
+                $string = @"
+[ v3_ca ]
+basicConstraints= CA:TRUE
+subjectKeyIdentifier= hash
+authorityKeyIdentifier= keyid:always,issuer:always
+"@ | Out-File "$certConfPath"
+
+                try {
+                    # Use invoke expression to run the openssl command
+                    Invoke-Expression "$JCR_OPENSSL req -x509 -newkey rsa:2048 -days $JCR_ROOT_CERT_VALIDITY_DAYS -keyout `"$outKey`" -out `"$outCA`" -passout pass:$($env:certKeyPassword) -subj /C=$($JCR_SUBJECT_HEADERS.countryCode)/ST=$($JCR_SUBJECT_HEADERS.stateCode)/L=$($JCR_SUBJECT_HEADERS.Locality)/O=$($JCR_SUBJECT_HEADERS.Organization)/OU=$($JCR_SUBJECT_HEADERS.OrganizationUnit)/CN=$($JCR_SUBJECT_HEADERS.CommonName)"
+
+                    Invoke-Expression "$JCR_OPENSSL x509 -req -days $JCR_ROOT_CERT_VALIDITY_DAYS -in $csrOutPath -set_serial `"0x$serial`" -signkey `"$outKey`" -out `"$outCA`" -extfile $certConfPath -extensions v3_ca"
+                    # openssl x509 -req -days $JCR_ROOT_CERT_VALIDITY_DAYS -in $csrOutPath -set_serial "0x$serial" -signkey $outKey -out $outCA -extfile $certConfPath -extensions v3_ca
+                    # Cleanup
+                    Remove-Item -Path $certConfPath
+                    Remove-Item -Path $csrOutPath
+                } catch {
+                    # Error replacing the certificate
+                    Write-Error "Error replacing the certificate. $($_.Exception.Message)"
+                }
+                Invoke-Expression "$JCR_OPENSSL x509 -in `"$outCA`" -enddate -noout "
+            } else {
+                Write-Host "No Root Cert detected. Please generate a new CA Cert. Returning to main menu..." -ForegroundColor Yellow
+                return
+            }
+        }
+        # Return to main menu
+        'E' {
+            return
+        }
     }
 }
+
+
diff --git a/scripts/automation/Radius/Tests/Public/Start-GenerateRootCert.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Start-GenerateRootCert.Tests.ps1
index 5c484ef7f..4c00c890a 100644
--- a/scripts/automation/Radius/Tests/Public/Start-GenerateRootCert.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Start-GenerateRootCert.Tests.ps1
@@ -27,12 +27,47 @@ Describe "Generate Root Certificate Tests" -Tag "GenerateRootCert" {
             ($CA_subject | Where-Object { $_ -match "CN=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.CommonName
         }
     }
+
+    # Overwrite the existing certificate
+
+    Context "Overwrite an existing root certificate" {
+        It 'Generates a new root certificate when there is an existing one' {
+            # get existing cert serial:
+            $origSN = Invoke-Expression "$JCR_OPENSSL x509 -noout -in $JCScriptRoot/Cert/radius_ca_cert.pem -serial"
+            # force generate new CA
+            Start-GenerateRootCert -certKeyPassword "testCertificate123!@#" -generateType "New" -forceReplaceCert
+            # get new SN
+            $newSN = Invoke-Expression "$JCR_OPENSSL x509 -noout -in $JCScriptRoot/Cert/radius_ca_cert.pem -serial"
+            # the serial numbers of the cert should not be the same, i.e. a new cert has replaced the existing one
+            $origSN | Should -Not -Be $newSN
+            # both the key and the cert should be generated
+            $itemsAfter = Get-ChildItem $JCScriptRoot/Cert
+            $itemsAfter.BaseName | Should -Contain "radius_ca_cert"
+            $itemsAfter.BaseName | Should -Contain "radius_ca_key"
+
+            # Validate that the backup zip file was created
+            $backupFiles = Get-ChildItem $JCScriptRoot/Cert/Backups
+            # Should contain a zip file
+            $backupFiles.Extension | Should -Contain ".zip"
+
+            #validate the subject matches what's defined in config:
+            $CA_subject = Invoke-Expression "$JCR_OPENSSL x509 -noout -in $JCScriptRoot/Cert/radius_ca_cert.pem -subject"
+            $CA_subject = $CA_subject.split("subject=").split(",")
+            ($CA_subject | Where-Object { $_ -match "C=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.countryCode
+            ($CA_subject | Where-Object { $_ -match "ST=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.stateCode
+            ($CA_subject | Where-Object { $_ -match "L=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.Locality
+            ($CA_subject | Where-Object { $_ -match "O=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.Organization
+            ($CA_subject | Where-Object { $_ -match "OU=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.OrganizationUnit
+            ($CA_subject | Where-Object { $_ -match "CN=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.CommonName
+        }
+    }
+
     Context "An existing certificate can be replaced" {
         It 'Replaces a root certificate' {
             # get existing cert serial:
             $origSN = Invoke-Expression "$JCR_OPENSSL x509 -noout -in $JCScriptRoot/Cert/radius_ca_cert.pem -serial"
             # force generate new CA
-            Start-GenerateRootCert -certKeyPassword "testCertificate123!@#"
+            Start-GenerateRootCert -certKeyPassword "testCertificate123!@#" -generateType "replace" -forceReplaceCert
             # get new SN
             $newSN = Invoke-Expression "$JCR_OPENSSL x509 -noout -in $JCScriptRoot/Cert/radius_ca_cert.pem -serial"
             # the serial numbers of the cert should not be the same, i.e. a new cert has replaced the existing one
@@ -42,6 +77,11 @@ Describe "Generate Root Certificate Tests" -Tag "GenerateRootCert" {
             $itemsAfter.BaseName | Should -Contain "radius_ca_cert"
             $itemsAfter.BaseName | Should -Contain "radius_ca_key"
 
+            # Validate that the backup zip file was created
+            $backupFiles = Get-ChildItem $JCScriptRoot/Cert/Backups
+            # Should contain a zip file
+            $backupFiles.Extension | Should -Contain ".zip"
+
             #validate the subject matches what's defined in config:
             $CA_subject = Invoke-Expression "$JCR_OPENSSL x509 -noout -in $JCScriptRoot/Cert/radius_ca_cert.pem -subject"
             $CA_subject = $CA_subject.split("subject=").split(",")
@@ -55,10 +95,45 @@ Describe "Generate Root Certificate Tests" -Tag "GenerateRootCert" {
 
     }
     Context "An existing certificate can be renewed" {
-        # TODO: implement
-        # openssl req -new -key radius_ca_key.key -out newcsr.csr
-        # openssl x509 -req -days 365 -in newcsr.csr -signkey radius_ca_key.key -out radius_ca_cert.pem
-        # rm newcsr.csr
+        It 'Renews a root certificate' {
+            # get existing cert serial:
+            $origSN = Invoke-Expression "$JCR_OPENSSL x509 -noout -in $JCScriptRoot/Cert/radius_ca_cert.pem -serial"
+            # force generate new CA
+            Start-GenerateRootCert -certKeyPassword "testCertificate123!@#" -generateType "renew" -forceReplaceCert
+            # get new SN
+            $newSN = Invoke-Expression "$JCR_OPENSSL x509 -noout -in $JCScriptRoot/Cert/radius_ca_cert.pem -serial"
+            # the serial numbers of the cert should not be the same, i.e. a new cert has replaced the existing one
+            $origSN | Should -Be $newSN
+            # both the key and the cert should be generated
+            $itemsAfter = Get-ChildItem $JCScriptRoot/Cert
+            $itemsAfter.BaseName | Should -Contain "radius_ca_cert"
+            $itemsAfter.BaseName | Should -Contain "radius_ca_key"
+
+            # Validate that the backup zip file was created
+            $backupFiles = Get-ChildItem $JCScriptRoot/Cert/Backups
+            # Should contain a zip file
+            $backupFiles.Extension | Should -Contain ".zip"
+
+            #validate the subject matches what's defined in config:
+            $CA_subject = Invoke-Expression "$JCR_OPENSSL x509 -noout -in $JCScriptRoot/Cert/radius_ca_cert.pem -subject"
+            $CA_subject = $CA_subject.split("subject=").split(",")
+            ($CA_subject | Where-Object { $_ -match "C=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.countryCode
+            ($CA_subject | Where-Object { $_ -match "ST=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.stateCode
+            ($CA_subject | Where-Object { $_ -match "L=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.Locality
+            ($CA_subject | Where-Object { $_ -match "O=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.Organization
+            ($CA_subject | Where-Object { $_ -match "OU=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.OrganizationUnit
+            ($CA_subject | Where-Object { $_ -match "CN=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.CommonName
+        }
+
+    }
+    Context "Zip backup should be created when replacing certs" {
+
+
+    }
+    Context "Zip backup should be created when renewing certs" {
+
+    }
+    Context "Zip backup should be created when overwrting certs" {
 
     }
 }
\ No newline at end of file

From 3435b1fa34656ace9a05134bbbac6901b4c0d198 Mon Sep 17 00:00:00 2001
From: Ken Maranion <ken.maranion@jumpcloud.com>
Date: Wed, 29 Jan 2025 10:53:46 -0800
Subject: [PATCH 150/346] cleanup cli

---
 .../Private/Menus/Get-ResponsePrompt.ps1      |   2 +-
 .../Public/Start-GenerateRootCert.ps1         | 193 +++++++++++++-----
 .../Public/Start-GenerateRootCert.Tests.ps1   |  47 +++--
 3 files changed, 169 insertions(+), 73 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Private/Menus/Get-ResponsePrompt.ps1 b/scripts/automation/Radius/Functions/Private/Menus/Get-ResponsePrompt.ps1
index 385bb9208..9d5af6b1f 100644
--- a/scripts/automation/Radius/Functions/Private/Menus/Get-ResponsePrompt.ps1
+++ b/scripts/automation/Radius/Functions/Private/Menus/Get-ResponsePrompt.ps1
@@ -34,7 +34,7 @@ function Get-ResponsePrompt {
                 return $true
             }
             default {
-                write-host "Invalid input`nPlease type 'y'/ 'n' (or 'E' to exit)"
+                Write-host "Invalid input`nPlease type 'y'/ 'n' (or 'E' to exit)" -ForegroundColor Red
             }
         }
     }
diff --git a/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1 b/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1
index 3b3f8f2cd..942ca9d48 100644
--- a/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1
+++ b/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1
@@ -12,7 +12,7 @@ Function Start-GenerateRootCert {
         # Force invoke commands after generation
         [Parameter(HelpMessage = 'When specified, this parameter will replace certificates if they already exist on the current filesystem', ParameterSetName = 'cli')]
         [switch]
-        $forceReplaceCert
+        $force
 
 
     )
@@ -70,18 +70,18 @@ Function Start-GenerateRootCert {
         '1' {
             if (Test-Path -Path "$JCScriptRoot/Cert/radius_ca_cert.pem") {
                 Write-Host "Root Cert already exists"
-                # If the forceReplaceCert switch is set, force the generation of a new root certificate
-                if (!$forceReplaceCert) {
+                # If the force switch is set, force the generation of a new root certificate
+                if (!$force) {
                     if ($PSCmdlet.ParameterSetName -eq 'cli') {
-                        $overwrite = Get-ResponsePrompt -message "Do you want to overwrite the existing CA Cert? This will generate a new root CA with a new serial number and user certs generated with the previous CA will no longer authenticate." -cli $true
+                        $overwritePrompt = Get-ResponsePrompt -message "Do you want to overwrite the existing CA Cert? This will generate a new root CA with a new serial number and user certs generated with the previous CA will no longer authenticate." -cli $true
                     } else {
-                        $overwrite = Get-ResponsePrompt -message "Do you want to overwrite the existing CA Cert? This will generate a new root CA with a new serial number and user certs generated with the previous CA will no longer authenticate."
+                        $overwritePrompt = Get-ResponsePrompt -message "Do you want to overwrite the existing CA Cert? This will generate a new root CA with a new serial number and user certs generated with the previous CA will no longer authenticate."
                     }
-
                 } else {
-                    $overwrite = $true
+                    $overwritePrompt = $true
                 }
-                switch ($overwrite) {
+
+                switch ($overwritePrompt) {
                     $true {
                         Write-Host "Overwriting Root Cert..." -ForegroundColor Yellow
 
@@ -115,11 +115,21 @@ Function Start-GenerateRootCert {
                             }
                         }
 
-                        # Copy the current root cert to the backups folder
+                        # Copy the current root cert to the backups folder and zip it
                         try {
                             Copy-Item -Path "$CertPath/radius_ca_cert.pem" -Destination "$CertPath/Backups/radius_ca_cert_$timestamp.pem"
+                            Copy-Item -Path "$CertPath/radius_ca_key.pem" -Destination "$CertPath/Backups/radius_ca_key_$timestamp.pem"
+
+                            # Zip the root cert and key files
+                            $zipPath = "$CertPath/Backups/newOverwrite_radius_ca_cert_backup_$timestamp.zip"
+                            Compress-Archive -Path "$CertPath/Backups/radius_ca_cert_$timestamp.pem", "$CertPath/Backups/radius_ca_key_$timestamp.pem" -DestinationPath $zipPath
+
+                            Remove-Item -Path "$CertPath/Backups/radius_ca_cert_$timestamp.pem"
+                            Remove-Item -Path "$CertPath/Backups/radius_ca_key_$timestamp.pem"
+
                         } catch {
-                            Write-Error "Error backing up the current root cert. $($_.Exception.Message)"
+                            Write-Error "Error backing up the current root cert and key. $($_.Exception.Message)"
+                            exit
                         }
                         # Save the pass phrase in the env:
                         $env:certKeyPassword = $certKeyPass
@@ -217,20 +227,18 @@ CN = $($JCR_SUBJECT_HEADERS.CommonName)
             # Check if there is a current CA cert
             if (Test-Path -Path "$JCScriptRoot/Cert/radius_ca_cert.pem") {
 
-                if (!$forceReplaceCert) {
-                    $overwrite = Get-ResponsePrompt -message "Do you want to overwrite/replace the existing CA Cert? This will generate a new root CA with a new serial number and user certs generated with the previous CA will no longer authenticate."
-
+                if (!$force) {
                     if ($PSCmdlet.ParameterSetName -eq 'cli') {
-                        $overwrite = Get-ResponsePrompt -message "Do you want to overwrite/replace the existing CA Cert? This will generate a new root CA with a new serial number and user certs generated with the previous CA will no longer authenticate." -cli $true
+                        $overwritePrompt = Get-ResponsePrompt -message "Do you want to overwrite/replace the existing CA Cert? This will generate a new root CA with a new serial number and user certs generated with the previous CA will no longer authenticate." -cli $true
                     } else {
-                        $overwrite = Get-ResponsePrompt -message "Do you want to overwrite/replace the existing CA Cert? This will generate a new root CA with a new serial number and user certs generated with the previous CA will no longer authenticate."
+                        $overwritePrompt = Get-ResponsePrompt -message "Do you want to overwrite/replace the existing CA Cert? This will generate a new root CA with a new serial number and user certs generated with the previous CA will no longer authenticate."
                     }
                 } else {
-                    $overwrite = $true
+                    $overwritePrompt = $true
                 }
 
 
-                switch ($overwrite) {
+                switch ($overwritePrompt) {
                     $true {
                         Write-Host "Replacing Root Cert..." -ForegroundColor Yellow
                         switch ($PSCmdlet.ParameterSetName) {
@@ -262,7 +270,7 @@ CN = $($JCR_SUBJECT_HEADERS.CommonName)
                                 $certKeyPass = $certKeyPassword
                             }
                         }
-                        # Copy the current root cert to the backups folder
+                        # Copy the current root cert to the backups folder and zip it
                         try {
                             Copy-Item -Path "$CertPath/radius_ca_cert.pem" -Destination "$CertPath/Backups/radius_ca_cert_$timestamp.pem"
                             Copy-Item -Path "$CertPath/radius_ca_key.pem" -Destination "$CertPath/Backups/radius_ca_key_$timestamp.pem"
@@ -271,11 +279,12 @@ CN = $($JCR_SUBJECT_HEADERS.CommonName)
                             $zipPath = "$CertPath/Backups/replace_radius_ca_cert_backup_$timestamp.zip"
                             Compress-Archive -Path "$CertPath/Backups/radius_ca_cert_$timestamp.pem", "$CertPath/Backups/radius_ca_key_$timestamp.pem" -DestinationPath $zipPath
 
-                            # Remove the original files
                             Remove-Item -Path "$CertPath/Backups/radius_ca_cert_$timestamp.pem"
                             Remove-Item -Path "$CertPath/Backups/radius_ca_key_$timestamp.pem"
+
                         } catch {
                             Write-Error "Error backing up the current root cert and key. $($_.Exception.Message)"
+                            exit
                         }
 
                         # Save the pass phrase in the env:
@@ -319,56 +328,132 @@ CN = $($JCR_SUBJECT_HEADERS.CommonName)
 
         }
         '3' {
+            $env:certKeyPassword = $certKeyPass
             # Check if there is a current CA cert
             if (Test-Path -Path "$JCScriptRoot/Cert/radius_ca_cert.pem") {
 
-                # Copy the current root cert to the backups folder and zip it
-                try {
-                    Copy-Item -Path "$CertPath/radius_ca_cert.pem" -Destination "$CertPath/Backups/radius_ca_cert_$timestamp.pem"
-                    Copy-Item -Path "$CertPath/radius_ca_key.pem" -Destination "$CertPath/Backups/radius_ca_key_$timestamp.pem"
+                if (!$force) {
+                    if ($PSCmdlet.ParameterSetName -eq 'cli') {
+                        $replacePrompt = Get-ResponsePrompt -message "Do you want to renew the existing CA Cert? renewing the root CA will contain the same serial number and CA subject headers. User certs generated with the previous CA will continue to authenticate." -cli $true
+                    } else {
+                        $replacePrompt = Get-ResponsePrompt -message "Do you want to renew the existing CA Cert? renewing the root CA will contain the same serial number and CA subject headers. User certs generated with the previous CA will continue to authenticate."
+                    }
+                } else {
+                    $replacePrompt = $true
+                }
+
+                switch ($replacePrompt) {
+                    $true {
+                        Write-Host "Renewing Root Cert..." -ForegroundColor Yellow
+                        switch ($PSCmdlet.ParameterSetName) {
+                            'gui' {
+                                $env:certKeyPassword = ""
+                                # Loop until the passwords match
+                                $secureCertKeyPass = Read-Host -Prompt "Enter the current password for the certificate key" -AsSecureString
+                                $certKeyPass = ConvertFrom-SecureString $secureCertKeyPass -AsPlainText
+                                do {
+                                    # Run the OpenSSL command and capture the result
+                                    $result = Invoke-Expression "$JCR_OPENSSL rsa -in `"$outKey`" -passin pass:$($certKeyPass) -check"
+
+                                    # Check if the command was successful (e.g., "RSA key ok" is in the output)
+                                    if ($result -match "RSA key ok") {
+                                        Write-Host "Password validated! Proceeding..."
+                                        $env:certKeyPassword = $certKeyPass
+                                        $passwordValid = $true  # Exit condition for the loop
+                                    } else {
+                                        Write-Host "Incorrect password"
+                                        $passwordValid = $false  # Continue loop if password is incorrect
+                                        # Optionally, you could prompt the user to enter the password again
+                                        $secureCertKeyPass = Read-Host "Enter password for private key" -AsSecureString
+                                        $certKeyPass = ConvertFrom-SecureString $secureCertKeyPass -AsPlainText
+                                    }
+                                } while (-not $passwordValid)  # Continue looping until the password is correct
+                            }
+                            'cli' {
+                                $certKeyPass = $certKeyPassword
+                                # Validate that the password works with the old CA cert
+                                # Attempt to read the private key with the password
+                                do {
+                                    # Run the OpenSSL command and capture the result
+                                    $result = Invoke-Expression "$JCR_OPENSSL rsa -in `"$outKey`" -passin pass:$($certKeyPass) -check"
+
+                                    # Check if the command was successful (e.g., "RSA key ok" is in the output)
+                                    if ($result -match "RSA key ok") {
+                                        Write-Host "Password validated! Proceeding..."
+                                        $env:certKeyPassword = $certKeyPass
+                                        $passwordValid = $true  # Exit condition for the loop
+                                    } else {
+                                        Write-Host "Incorrect password"
+                                        $passwordValid = $false  # Continue loop if password is incorrect
+                                        # Optionally, you could prompt the user to enter the password again
+                                        $certKeyPass = Read-Host "Enter password for private key" -AsSecureString
+                                        $certKeyPass = ConvertFrom-SecureString $certKeyPass -AsPlainText
+                                    }
+                                } while (-not $passwordValid)  # Continue looping until the password is correct
+                            }
+                        }
+
+                        # Copy the current root cert to the backups folder and zip it
+                        try {
+                            Copy-Item -Path "$CertPath/radius_ca_cert.pem" -Destination "$CertPath/Backups/radius_ca_cert_$timestamp.pem"
+                            Copy-Item -Path "$CertPath/radius_ca_key.pem" -Destination "$CertPath/Backups/radius_ca_key_$timestamp.pem"
 
-                    # Zip the root cert and key files
-                    $zipPath = "$CertPath/Backups/replace_radius_ca_cert_backup_$timestamp.zip"
-                    Compress-Archive -Path "$CertPath/Backups/radius_ca_cert_$timestamp.pem", "$CertPath/Backups/radius_ca_key_$timestamp.pem" -DestinationPath $zipPath
+                            # Zip the root cert and key files
+                            $zipPath = "$CertPath/Backups/renew_radius_ca_cert_backup_$timestamp.zip"
+                            Compress-Archive -Path "$CertPath/Backups/radius_ca_cert_$timestamp.pem", "$CertPath/Backups/radius_ca_key_$timestamp.pem" -DestinationPath $zipPath
 
-                    # Remove the original files
-                    Remove-Item -Path "$CertPath/Backups/radius_ca_cert_$timestamp.pem"
-                    Remove-Item -Path "$CertPath/Backups/radius_ca_key_$timestamp.pem"
-                } catch {
-                    Write-Error "Error backing up the current root cert and key. $($_.Exception.Message)"
-                }
+                            Remove-Item -Path "$CertPath/Backups/radius_ca_cert_$timestamp.pem"
+                            Remove-Item -Path "$CertPath/Backups/radius_ca_key_$timestamp.pem"
 
-                $oldCACert = "$CertPath/Backups/radius_ca_cert_$timestamp.pem"
-                $csrOutPath = "$CertPath/radius_ca_cert.csr"
+                        } catch {
+                            Write-Error "Error backing up the current root cert and key. $($_.Exception.Message)"
+                            exit
+                        }
+                        $certConfPath = "$CertPath/radius_ca_cert2.conf"
+                        $csrOutPath = "$CertPath/radius_ca_cert.csr"
+                        $select = Invoke-Expression "$JCR_OPENSSL x509 -in `"$($outCA)`" -serial -noout"
+                        $serial = $select -replace "serial=", ""
 
-                $select = openssl x509 -in $oldCACert -serial -noout | Select-String -Pattern "serial=(.*)"
-                $serial = $select.Matches.Groups[1].value
-                Write-Host $serial
+                        # Validate that the password works with the old CA cert
+                        # Attempt to read the private key with the password
 
-                openssl x509 -x509toreq -in $oldCACert -signkey $outKey -out $csrOutPath
-                # Create path for cert2.conf
-                $certConfPath = "$CertPath/radius_ca_cert2.conf"
-                $string = @"
+                        try {
+                            Invoke-Expression "$JCR_OPENSSL x509 -x509toreq  -in $($outCA) -signkey $($outKey)  -out $csrOutPath -passin pass:$($env:certKeyPassword)"
+
+                        } catch {
+                            # Exit
+                            Write-Error "Error creating CSR file $($_.Exception.Message)"
+                            exit
+                        }
+
+                        $string = @"
 [ v3_ca ]
 basicConstraints= CA:TRUE
 subjectKeyIdentifier= hash
 authorityKeyIdentifier= keyid:always,issuer:always
 "@ | Out-File "$certConfPath"
 
-                try {
-                    # Use invoke expression to run the openssl command
-                    Invoke-Expression "$JCR_OPENSSL req -x509 -newkey rsa:2048 -days $JCR_ROOT_CERT_VALIDITY_DAYS -keyout `"$outKey`" -out `"$outCA`" -passout pass:$($env:certKeyPassword) -subj /C=$($JCR_SUBJECT_HEADERS.countryCode)/ST=$($JCR_SUBJECT_HEADERS.stateCode)/L=$($JCR_SUBJECT_HEADERS.Locality)/O=$($JCR_SUBJECT_HEADERS.Organization)/OU=$($JCR_SUBJECT_HEADERS.OrganizationUnit)/CN=$($JCR_SUBJECT_HEADERS.CommonName)"
-
-                    Invoke-Expression "$JCR_OPENSSL x509 -req -days $JCR_ROOT_CERT_VALIDITY_DAYS -in $csrOutPath -set_serial `"0x$serial`" -signkey `"$outKey`" -out `"$outCA`" -extfile $certConfPath -extensions v3_ca"
-                    # openssl x509 -req -days $JCR_ROOT_CERT_VALIDITY_DAYS -in $csrOutPath -set_serial "0x$serial" -signkey $outKey -out $outCA -extfile $certConfPath -extensions v3_ca
-                    # Cleanup
-                    Remove-Item -Path $certConfPath
-                    Remove-Item -Path $csrOutPath
-                } catch {
-                    # Error replacing the certificate
-                    Write-Error "Error replacing the certificate. $($_.Exception.Message)"
+                        try {
+                            Invoke-Expression "$JCR_OPENSSL req -x509 -newkey rsa:2048 -days $JCR_ROOT_CERT_VALIDITY_DAYS -keyout `"$outKey`" -out `"$outCA`" -passout pass:$($env:certKeyPassword) -subj /C=$($JCR_SUBJECT_HEADERS.countryCode)/ST=$($JCR_SUBJECT_HEADERS.stateCode)/L=$($JCR_SUBJECT_HEADERS.Locality)/O=$($JCR_SUBJECT_HEADERS.Organization)/OU=$($JCR_SUBJECT_HEADERS.OrganizationUnit)/CN=$($JCR_SUBJECT_HEADERS.CommonName)"
+
+                            Invoke-Expression "$JCR_OPENSSL x509 -req -days $JCR_ROOT_CERT_VALIDITY_DAYS -in $csrOutPath -set_serial `"0x$serial`" -signkey `"$outKey`" -out `"$outCA`" -extfile $certConfPath -extensions v3_ca -passin pass:$($env:certKeyPassword)"
+
+                            # Cleanup
+                            Remove-Item -Path $certConfPath
+                            Remove-Item -Path $csrOutPath
+                        } catch {
+                            # Error replacing the certificate
+                            Write-Error "Error replacing the certificate. $($_.Exception.Message)"
+                        }
+                        Invoke-Expression "$JCR_OPENSSL x509 -in `"$outCA`" -enddate -serial -noout "
+                    }
+                    $false {
+                        return
+                    }
+                    'exit' {
+                        return
+                    }
                 }
-                Invoke-Expression "$JCR_OPENSSL x509 -in `"$outCA`" -enddate -noout "
             } else {
                 Write-Host "No Root Cert detected. Please generate a new CA Cert. Returning to main menu..." -ForegroundColor Yellow
                 return
diff --git a/scripts/automation/Radius/Tests/Public/Start-GenerateRootCert.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Start-GenerateRootCert.Tests.ps1
index 4c00c890a..8e032ab6b 100644
--- a/scripts/automation/Radius/Tests/Public/Start-GenerateRootCert.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Start-GenerateRootCert.Tests.ps1
@@ -9,7 +9,7 @@ Describe "Generate Root Certificate Tests" -Tag "GenerateRootCert" {
                     Remove-Item -Path $item.FullName
                 }
             }
-            Start-GenerateRootCert -certKeyPassword "testCertificate123!@#"
+            Start-GenerateRootCert -certKeyPassword "testCertificate123!@#" -generateType "new" -force
 
             # both the key and the cert should be generated
             $itemsAfter = Get-ChildItem $JCScriptRoot/Cert
@@ -25,17 +25,23 @@ Describe "Generate Root Certificate Tests" -Tag "GenerateRootCert" {
             ($CA_subject | Where-Object { $_ -match "O=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.Organization
             ($CA_subject | Where-Object { $_ -match "OU=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.OrganizationUnit
             ($CA_subject | Where-Object { $_ -match "CN=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.CommonName
+
+            # Clean up the Cert directory
+            Remove-Item -Path $JCScriptRoot/Cert/* -Force
         }
     }
 
     # Overwrite the existing certificate
 
-    Context "Overwrite an existing root certificate" {
+    Context "Overwrite an existing root certificate when creating a new one" {
         It 'Generates a new root certificate when there is an existing one' {
+
+            # Create a new root certificate
+            Start-GenerateRootCert -certKeyPassword "testCertificate123!@#" -generateType "New" -force
             # get existing cert serial:
             $origSN = Invoke-Expression "$JCR_OPENSSL x509 -noout -in $JCScriptRoot/Cert/radius_ca_cert.pem -serial"
-            # force generate new CA
-            Start-GenerateRootCert -certKeyPassword "testCertificate123!@#" -generateType "New" -forceReplaceCert
+            # Force overwrite the existing certificate
+            Start-GenerateRootCert -certKeyPassword "testCertificate123!@#" -generateType "New" -force
             # get new SN
             $newSN = Invoke-Expression "$JCR_OPENSSL x509 -noout -in $JCScriptRoot/Cert/radius_ca_cert.pem -serial"
             # the serial numbers of the cert should not be the same, i.e. a new cert has replaced the existing one
@@ -59,15 +65,21 @@ Describe "Generate Root Certificate Tests" -Tag "GenerateRootCert" {
             ($CA_subject | Where-Object { $_ -match "O=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.Organization
             ($CA_subject | Where-Object { $_ -match "OU=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.OrganizationUnit
             ($CA_subject | Where-Object { $_ -match "CN=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.CommonName
+
+            # Clean up the Cert directory
+            Remove-Item -Path $JCScriptRoot/Cert/* -Force
         }
     }
 
     Context "An existing certificate can be replaced" {
         It 'Replaces a root certificate' {
+
+            # Create a new root certificate
+            Start-GenerateRootCert -certKeyPassword "testCertificate123!@#" -generateType "new" -force
             # get existing cert serial:
             $origSN = Invoke-Expression "$JCR_OPENSSL x509 -noout -in $JCScriptRoot/Cert/radius_ca_cert.pem -serial"
-            # force generate new CA
-            Start-GenerateRootCert -certKeyPassword "testCertificate123!@#" -generateType "replace" -forceReplaceCert
+            # Replace root certificate
+            Start-GenerateRootCert -certKeyPassword "testCertificate123!@#" -generateType "replace" -force
             # get new SN
             $newSN = Invoke-Expression "$JCR_OPENSSL x509 -noout -in $JCScriptRoot/Cert/radius_ca_cert.pem -serial"
             # the serial numbers of the cert should not be the same, i.e. a new cert has replaced the existing one
@@ -91,15 +103,21 @@ Describe "Generate Root Certificate Tests" -Tag "GenerateRootCert" {
             ($CA_subject | Where-Object { $_ -match "O=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.Organization
             ($CA_subject | Where-Object { $_ -match "OU=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.OrganizationUnit
             ($CA_subject | Where-Object { $_ -match "CN=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.CommonName
+
+            # Clean up the Cert directory
+            Remove-Item -Path $JCScriptRoot/Cert/* -Force
         }
 
     }
     Context "An existing certificate can be renewed" {
         It 'Renews a root certificate' {
+
+            # Generate new CA
+            Start-GenerateRootCert -certKeyPassword "testCertificate123!@#" -generateType "new" -force
             # get existing cert serial:
             $origSN = Invoke-Expression "$JCR_OPENSSL x509 -noout -in $JCScriptRoot/Cert/radius_ca_cert.pem -serial"
-            # force generate new CA
-            Start-GenerateRootCert -certKeyPassword "testCertificate123!@#" -generateType "renew" -forceReplaceCert
+            # Renew CA
+            Start-GenerateRootCert -certKeyPassword "testCertificate123!@#" -generateType "renew" -force
             # get new SN
             $newSN = Invoke-Expression "$JCR_OPENSSL x509 -noout -in $JCScriptRoot/Cert/radius_ca_cert.pem -serial"
             # the serial numbers of the cert should not be the same, i.e. a new cert has replaced the existing one
@@ -123,17 +141,10 @@ Describe "Generate Root Certificate Tests" -Tag "GenerateRootCert" {
             ($CA_subject | Where-Object { $_ -match "O=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.Organization
             ($CA_subject | Where-Object { $_ -match "OU=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.OrganizationUnit
             ($CA_subject | Where-Object { $_ -match "CN=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.CommonName
-        }
 
-    }
-    Context "Zip backup should be created when replacing certs" {
-
-
-    }
-    Context "Zip backup should be created when renewing certs" {
-
-    }
-    Context "Zip backup should be created when overwrting certs" {
+            # Clean up the Cert directory
+            Remove-Item -Path $JCScriptRoot/Cert/* -Force
+        }
 
     }
 }
\ No newline at end of file

From 0ff032bff4871859e701c3495437b23e5bb73c5b Mon Sep 17 00:00:00 2001
From: Ken Maranion <ken.maranion@jumpcloud.com>
Date: Wed, 29 Jan 2025 11:06:48 -0800
Subject: [PATCH 151/346] fix test prompts

---
 .../Radius/Functions/Public/Start-GenerateRootCert.ps1          | 2 +-
 .../automation/Radius/Tests/Public/Get-JCRGlobalVars.Tests.ps1  | 2 +-
 .../Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1         | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1 b/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1
index 942ca9d48..36e11fb67 100644
--- a/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1
+++ b/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1
@@ -8,7 +8,7 @@ Function Start-GenerateRootCert {
         # Parameter to "New" or "Replace" the root certificate validateSet ('1', '2', '3', 'E')
         [Parameter(HelpMessage = 'Select an option to generate or replace the root certificate', ParameterSetName = 'cli')]
         [ValidateSet('New', 'Replace', 'Renew')]
-        [string] $GenerateType = 'New',
+        [string] $generateType = 'New',
         # Force invoke commands after generation
         [Parameter(HelpMessage = 'When specified, this parameter will replace certificates if they already exist on the current filesystem', ParameterSetName = 'cli')]
         [switch]
diff --git a/scripts/automation/Radius/Tests/Public/Get-JCRGlobalVars.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Get-JCRGlobalVars.Tests.ps1
index b2f93cec3..13b3186d3 100644
--- a/scripts/automation/Radius/Tests/Public/Get-JCRGlobalVars.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Get-JCRGlobalVars.Tests.ps1
@@ -17,7 +17,7 @@ Describe "Get Global Variable Data Tests" -Tag "Cache" {
                 Write-Error -Message "Failed to import function $($Import.FullName): $_"
             }
         }
-        Start-GenerateRootCert -certKeyPassword "TestCertificate123!@#"
+        Start-GenerateRootCert -certKeyPassword "TestCertificate123!@#" -generateType "new" -force
     }
     Context "When no 'data' directory exists" {
         BeforeAll {
diff --git a/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
index c91e49ee8..c4a04f38a 100644
--- a/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
@@ -16,7 +16,7 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
             Set-JCRAssociationHash -UserID $user.userID
         }
         Get-JCRGlobalVars -Force -associateManually
-        Start-GenerateRootCert -certKeyPassword "TestCertificate123!@#"
+        Start-GenerateRootCert -certKeyPassword "TestCertificate123!@#" -generateType "new" -force
 
     }
     Context 'Distribute all certificates for all users forcibly' {

From 12a35bdfa278bff384860e2e58e14a933e7e1db3 Mon Sep 17 00:00:00 2001
From: Ken Maranion <ken.maranion@jumpcloud.com>
Date: Wed, 29 Jan 2025 11:11:20 -0800
Subject: [PATCH 152/346] test

---
 .../Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1
index 7354e1301..3f9454068 100644
--- a/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1
@@ -9,7 +9,7 @@ Describe 'Generate User Cert Tests' -Tag "GenerateUserCerts" {
                 Write-Error -Message "Failed to import function $($Import.FullName): $_"
             }
         }
-        Start-GenerateRootCert -certKeyPassword "testCertificate123!@#"
+        Start-GenerateRootCert -certKeyPassword "testCertificate123!@#" -generateType "new" -force
     }
     Context 'Certs forcibly re-generated for all users' {
         It 'Certs re-generated have actually been re-written for all users' {

From 0839d9ac4d569ea804bbbadfee29f56c6bf6b69c Mon Sep 17 00:00:00 2001
From: Ken Maranion <ken.maranion@jumpcloud.com>
Date: Wed, 29 Jan 2025 11:22:56 -0800
Subject: [PATCH 153/346] Cert backups folder

---
 scripts/automation/Radius/JumpCloud-Radius.psm1 | 1 +
 1 file changed, 1 insertion(+)

diff --git a/scripts/automation/Radius/JumpCloud-Radius.psm1 b/scripts/automation/Radius/JumpCloud-Radius.psm1
index 05a49d197..269bfd823 100644
--- a/scripts/automation/Radius/JumpCloud-Radius.psm1
+++ b/scripts/automation/Radius/JumpCloud-Radius.psm1
@@ -31,6 +31,7 @@ $global:JCRConfig = Get-JCRSettingsFile
 # if the Certs / UserCerts directories do not exist, create them
 if (-Not (Test-Path -Path "$JCScriptRoot/Cert" -PathType Container)) {
     New-Item -Path "$JCScriptRoot/Cert" -ItemType Directory
+    New-Item -Path "$JCScriptRoot/Cert/Backups" -ItemType Directory
 }
 if (-Not (Test-Path -Path "$JCScriptRoot/UserCerts" -PathType Container)) {
     New-Item -Path "$JCScriptRoot/UserCerts" -ItemType Directory

From 6fd540e8564b283840b0251540bd075489458948 Mon Sep 17 00:00:00 2001
From: Ken Maranion <ken.maranion@jumpcloud.com>
Date: Wed, 29 Jan 2025 11:34:40 -0800
Subject: [PATCH 154/346] test

---
 .../Public/Start-GenerateRootCert.ps1         |  8 ++++++
 .../Public/Start-GenerateRootCert.Tests.ps1   | 28 +++++++++++++++++--
 2 files changed, 33 insertions(+), 3 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1 b/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1
index 36e11fb67..5ed5948f0 100644
--- a/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1
+++ b/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1
@@ -45,6 +45,14 @@ Function Start-GenerateRootCert {
         New-Item -ItemType Directory -Path "$JCScriptRoot/Cert"
     }
 
+    # If cert backup folder does not exist, create it
+    if (Test-Path -Path "$JCScriptRoot/Cert/Backups") {
+        Write-Host "Backup Path Exists"
+    } else {
+        Write-Host "Creating Backup Path"
+        New-Item -ItemType Directory -Path "$JCScriptRoot/Cert/Backups"
+    }
+
     # If parameterSetname is CLI
     if ($PSCmdlet.ParameterSetName -eq 'cli') {
         switch ($GenerateType) {
diff --git a/scripts/automation/Radius/Tests/Public/Start-GenerateRootCert.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Start-GenerateRootCert.Tests.ps1
index 8e032ab6b..29213c5ec 100644
--- a/scripts/automation/Radius/Tests/Public/Start-GenerateRootCert.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Start-GenerateRootCert.Tests.ps1
@@ -6,7 +6,7 @@ Describe "Generate Root Certificate Tests" -Tag "GenerateRootCert" {
             if ($items) {
                 foreach ($item in $items) {
                     write-host "removing $($item.FullName)"
-                    Remove-Item -Path $item.FullName
+                    Remove-Item -Path $item.FullName -force
                 }
             }
             Start-GenerateRootCert -certKeyPassword "testCertificate123!@#" -generateType "new" -force
@@ -35,6 +35,14 @@ Describe "Generate Root Certificate Tests" -Tag "GenerateRootCert" {
 
     Context "Overwrite an existing root certificate when creating a new one" {
         It 'Generates a new root certificate when there is an existing one' {
+            # If the /Cert/ folder is not empty, clear the directory
+            $items = Get-ChildItem $JCScriptRoot/Cert
+            if ($items) {
+                foreach ($item in $items) {
+                    write-host "removing $($item.FullName)"
+                    Remove-Item -Path $item.FullName -Force
+                }
+            }
 
             # Create a new root certificate
             Start-GenerateRootCert -certKeyPassword "testCertificate123!@#" -generateType "New" -force
@@ -73,7 +81,14 @@ Describe "Generate Root Certificate Tests" -Tag "GenerateRootCert" {
 
     Context "An existing certificate can be replaced" {
         It 'Replaces a root certificate' {
-
+            # If the /Cert/ folder is not empty, clear the directory
+            $items = Get-ChildItem $JCScriptRoot/Cert
+            if ($items) {
+                foreach ($item in $items) {
+                    write-host "removing $($item.FullName)"
+                    Remove-Item -Path $item.FullName -Force
+                }
+            }
             # Create a new root certificate
             Start-GenerateRootCert -certKeyPassword "testCertificate123!@#" -generateType "new" -force
             # get existing cert serial:
@@ -111,7 +126,14 @@ Describe "Generate Root Certificate Tests" -Tag "GenerateRootCert" {
     }
     Context "An existing certificate can be renewed" {
         It 'Renews a root certificate' {
-
+            # If the /Cert/ folder is not empty, clear the directory
+            $items = Get-ChildItem $JCScriptRoot/Cert
+            if ($items) {
+                foreach ($item in $items) {
+                    write-host "removing $($item.FullName)"
+                    Remove-Item -Path $item.FullName -Force
+                }
+            }
             # Generate new CA
             Start-GenerateRootCert -certKeyPassword "testCertificate123!@#" -generateType "new" -force
             # get existing cert serial:

From a07d8e110e7ce6498e0a11958381f66a7ffc54ba Mon Sep 17 00:00:00 2001
From: Ken Maranion <ken.maranion@jumpcloud.com>
Date: Wed, 29 Jan 2025 11:51:34 -0800
Subject: [PATCH 155/346] cert backups

---
 .../Public/Start-GenerateRootCert.Tests.ps1   | 68 +++++++++++++++----
 1 file changed, 56 insertions(+), 12 deletions(-)

diff --git a/scripts/automation/Radius/Tests/Public/Start-GenerateRootCert.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Start-GenerateRootCert.Tests.ps1
index 29213c5ec..5eb356e5a 100644
--- a/scripts/automation/Radius/Tests/Public/Start-GenerateRootCert.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Start-GenerateRootCert.Tests.ps1
@@ -2,11 +2,22 @@ Describe "Generate Root Certificate Tests" -Tag "GenerateRootCert" {
     Context "A new certificate can be generated" {
         It 'Generates a new root certificate' {
             # If the /Cert/ folder is not empty, clear the directory
-            $items = Get-ChildItem $JCScriptRoot/Cert
+            $items = Get-ChildItem "$JCScriptRoot/Cert"
             if ($items) {
                 foreach ($item in $items) {
-                    write-host "removing $($item.FullName)"
-                    Remove-Item -Path $item.FullName -force
+                    # If the item is the 'backup' folder, process its contents separately
+                    if ($item.Name -eq 'Backups') {
+                        $backupItems = Get-ChildItem $item.FullName
+                        foreach ($backupItem in $backupItems) {
+                            Write-Host "Removing $($backupItem.FullName)"
+                            Remove-Item -Path $backupItem.FullName -Force
+                        }
+                    }
+                    # Otherwise, remove the item directly (outside of the 'backup' folder)
+                    elseif ($item.PSIsContainer -eq $false) {
+                        Write-Host "Removing $($item.FullName)"
+                        Remove-Item -Path $item.FullName -Force
+                    }
                 }
             }
             Start-GenerateRootCert -certKeyPassword "testCertificate123!@#" -generateType "new" -force
@@ -36,11 +47,22 @@ Describe "Generate Root Certificate Tests" -Tag "GenerateRootCert" {
     Context "Overwrite an existing root certificate when creating a new one" {
         It 'Generates a new root certificate when there is an existing one' {
             # If the /Cert/ folder is not empty, clear the directory
-            $items = Get-ChildItem $JCScriptRoot/Cert
+            $items = Get-ChildItem "$JCScriptRoot/Cert"
             if ($items) {
                 foreach ($item in $items) {
-                    write-host "removing $($item.FullName)"
-                    Remove-Item -Path $item.FullName -Force
+                    # If the item is the 'backup' folder, process its contents separately
+                    if ($item.Name -eq 'Backups') {
+                        $backupItems = Get-ChildItem $item.FullName
+                        foreach ($backupItem in $backupItems) {
+                            Write-Host "Removing $($backupItem.FullName)"
+                            Remove-Item -Path $backupItem.FullName -Force
+                        }
+                    }
+                    # Otherwise, remove the item directly (outside of the 'backup' folder)
+                    elseif ($item.PSIsContainer -eq $false) {
+                        Write-Host "Removing $($item.FullName)"
+                        Remove-Item -Path $item.FullName -Force
+                    }
                 }
             }
 
@@ -82,11 +104,22 @@ Describe "Generate Root Certificate Tests" -Tag "GenerateRootCert" {
     Context "An existing certificate can be replaced" {
         It 'Replaces a root certificate' {
             # If the /Cert/ folder is not empty, clear the directory
-            $items = Get-ChildItem $JCScriptRoot/Cert
+            $items = Get-ChildItem "$JCScriptRoot/Cert"
             if ($items) {
                 foreach ($item in $items) {
-                    write-host "removing $($item.FullName)"
-                    Remove-Item -Path $item.FullName -Force
+                    # If the item is the 'backup' folder, process its contents separately
+                    if ($item.Name -eq 'Backups') {
+                        $backupItems = Get-ChildItem $item.FullName
+                        foreach ($backupItem in $backupItems) {
+                            Write-Host "Removing $($backupItem.FullName)"
+                            Remove-Item -Path $backupItem.FullName -Force
+                        }
+                    }
+                    # Otherwise, remove the item directly (outside of the 'backup' folder)
+                    elseif ($item.PSIsContainer -eq $false) {
+                        Write-Host "Removing $($item.FullName)"
+                        Remove-Item -Path $item.FullName -Force
+                    }
                 }
             }
             # Create a new root certificate
@@ -127,11 +160,22 @@ Describe "Generate Root Certificate Tests" -Tag "GenerateRootCert" {
     Context "An existing certificate can be renewed" {
         It 'Renews a root certificate' {
             # If the /Cert/ folder is not empty, clear the directory
-            $items = Get-ChildItem $JCScriptRoot/Cert
+            $items = Get-ChildItem "$JCScriptRoot/Cert"
             if ($items) {
                 foreach ($item in $items) {
-                    write-host "removing $($item.FullName)"
-                    Remove-Item -Path $item.FullName -Force
+                    # If the item is the 'backup' folder, process its contents separately
+                    if ($item.Name -eq 'Backups') {
+                        $backupItems = Get-ChildItem $item.FullName
+                        foreach ($backupItem in $backupItems) {
+                            Write-Host "Removing $($backupItem.FullName)"
+                            Remove-Item -Path $backupItem.FullName -Force
+                        }
+                    }
+                    # Otherwise, remove the item directly (outside of the 'backup' folder)
+                    elseif ($item.PSIsContainer -eq $false) {
+                        Write-Host "Removing $($item.FullName)"
+                        Remove-Item -Path $item.FullName -Force
+                    }
                 }
             }
             # Generate new CA

From 5df50dbba5d04047d4cad27628948f03fe5cbcc2 Mon Sep 17 00:00:00 2001
From: Ken Maranion <ken.maranion@jumpcloud.com>
Date: Wed, 29 Jan 2025 12:02:05 -0800
Subject: [PATCH 156/346] remove-item

---
 .../Tests/Public/Start-GenerateRootCert.Tests.ps1    | 12 ------------
 1 file changed, 12 deletions(-)

diff --git a/scripts/automation/Radius/Tests/Public/Start-GenerateRootCert.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Start-GenerateRootCert.Tests.ps1
index 5eb356e5a..1833e9af6 100644
--- a/scripts/automation/Radius/Tests/Public/Start-GenerateRootCert.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Start-GenerateRootCert.Tests.ps1
@@ -36,9 +36,6 @@ Describe "Generate Root Certificate Tests" -Tag "GenerateRootCert" {
             ($CA_subject | Where-Object { $_ -match "O=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.Organization
             ($CA_subject | Where-Object { $_ -match "OU=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.OrganizationUnit
             ($CA_subject | Where-Object { $_ -match "CN=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.CommonName
-
-            # Clean up the Cert directory
-            Remove-Item -Path $JCScriptRoot/Cert/* -Force
         }
     }
 
@@ -95,9 +92,6 @@ Describe "Generate Root Certificate Tests" -Tag "GenerateRootCert" {
             ($CA_subject | Where-Object { $_ -match "O=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.Organization
             ($CA_subject | Where-Object { $_ -match "OU=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.OrganizationUnit
             ($CA_subject | Where-Object { $_ -match "CN=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.CommonName
-
-            # Clean up the Cert directory
-            Remove-Item -Path $JCScriptRoot/Cert/* -Force
         }
     }
 
@@ -151,9 +145,6 @@ Describe "Generate Root Certificate Tests" -Tag "GenerateRootCert" {
             ($CA_subject | Where-Object { $_ -match "O=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.Organization
             ($CA_subject | Where-Object { $_ -match "OU=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.OrganizationUnit
             ($CA_subject | Where-Object { $_ -match "CN=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.CommonName
-
-            # Clean up the Cert directory
-            Remove-Item -Path $JCScriptRoot/Cert/* -Force
         }
 
     }
@@ -207,9 +198,6 @@ Describe "Generate Root Certificate Tests" -Tag "GenerateRootCert" {
             ($CA_subject | Where-Object { $_ -match "O=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.Organization
             ($CA_subject | Where-Object { $_ -match "OU=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.OrganizationUnit
             ($CA_subject | Where-Object { $_ -match "CN=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.CommonName
-
-            # Clean up the Cert directory
-            Remove-Item -Path $JCScriptRoot/Cert/* -Force
         }
 
     }

From 16882be46ea5dc972feccd059192840adcd546a8 Mon Sep 17 00:00:00 2001
From: Ken Maranion <ken.maranion@jumpcloud.com>
Date: Wed, 29 Jan 2025 15:14:00 -0800
Subject: [PATCH 157/346] messaging

---
 .../Public/Start-GenerateRootCert.ps1         | 19 +++++++------------
 1 file changed, 7 insertions(+), 12 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1 b/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1
index 5ed5948f0..cb6536269 100644
--- a/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1
+++ b/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1
@@ -360,19 +360,15 @@ CN = $($JCR_SUBJECT_HEADERS.CommonName)
                                 $secureCertKeyPass = Read-Host -Prompt "Enter the current password for the certificate key" -AsSecureString
                                 $certKeyPass = ConvertFrom-SecureString $secureCertKeyPass -AsPlainText
                                 do {
-                                    # Run the OpenSSL command and capture the result
                                     $result = Invoke-Expression "$JCR_OPENSSL rsa -in `"$outKey`" -passin pass:$($certKeyPass) -check"
-
-                                    # Check if the command was successful (e.g., "RSA key ok" is in the output)
                                     if ($result -match "RSA key ok") {
                                         Write-Host "Password validated! Proceeding..."
                                         $env:certKeyPassword = $certKeyPass
-                                        $passwordValid = $true  # Exit condition for the loop
+                                        $passwordValid = $true
                                     } else {
-                                        Write-Host "Incorrect password"
+                                        Write-Host "Incorrect private key password!" -ForegroundColor Red
                                         $passwordValid = $false  # Continue loop if password is incorrect
-                                        # Optionally, you could prompt the user to enter the password again
-                                        $secureCertKeyPass = Read-Host "Enter password for private key" -AsSecureString
+                                        $secureCertKeyPass = Read-Host "Please enter a valid password for the current private key" -AsSecureString
                                         $certKeyPass = ConvertFrom-SecureString $secureCertKeyPass -AsPlainText
                                     }
                                 } while (-not $passwordValid)  # Continue looping until the password is correct
@@ -382,19 +378,16 @@ CN = $($JCR_SUBJECT_HEADERS.CommonName)
                                 # Validate that the password works with the old CA cert
                                 # Attempt to read the private key with the password
                                 do {
-                                    # Run the OpenSSL command and capture the result
                                     $result = Invoke-Expression "$JCR_OPENSSL rsa -in `"$outKey`" -passin pass:$($certKeyPass) -check"
 
-                                    # Check if the command was successful (e.g., "RSA key ok" is in the output)
                                     if ($result -match "RSA key ok") {
                                         Write-Host "Password validated! Proceeding..."
                                         $env:certKeyPassword = $certKeyPass
                                         $passwordValid = $true  # Exit condition for the loop
                                     } else {
-                                        Write-Host "Incorrect password"
+                                        Write-Host "Incorrect password" -ForegroundColor Red
                                         $passwordValid = $false  # Continue loop if password is incorrect
-                                        # Optionally, you could prompt the user to enter the password again
-                                        $certKeyPass = Read-Host "Enter password for private key" -AsSecureString
+                                        $certKeyPass = Read-Host "Please enter a valid password for the current private key" -AsSecureString
                                         $certKeyPass = ConvertFrom-SecureString $certKeyPass -AsPlainText
                                     }
                                 } while (-not $passwordValid)  # Continue looping until the password is correct
@@ -446,6 +439,8 @@ authorityKeyIdentifier= keyid:always,issuer:always
 
                             Invoke-Expression "$JCR_OPENSSL x509 -req -days $JCR_ROOT_CERT_VALIDITY_DAYS -in $csrOutPath -set_serial `"0x$serial`" -signkey `"$outKey`" -out `"$outCA`" -extfile $certConfPath -extensions v3_ca -passin pass:$($env:certKeyPassword)"
 
+                            # Message of success
+                            Write-Host "Root Certificate Renewed Successfully!" -ForegroundColor Yellow
                             # Cleanup
                             Remove-Item -Path $certConfPath
                             Remove-Item -Path $csrOutPath

From a353fe2ef1648fbf9bef1d82dbd2741dbb0ab0ec Mon Sep 17 00:00:00 2001
From: Ken Maranion <ken.maranion@jumpcloud.com>
Date: Thu, 30 Jan 2025 10:32:47 -0800
Subject: [PATCH 158/346] menu

---
 .../Menus/Show-RootCAGenerationMenu.ps1       |  27 +++--
 .../Public/Start-GenerateRootCert.ps1         | 111 +-----------------
 2 files changed, 19 insertions(+), 119 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Private/Menus/Show-RootCAGenerationMenu.ps1 b/scripts/automation/Radius/Functions/Private/Menus/Show-RootCAGenerationMenu.ps1
index 657566a5d..9407045a0 100644
--- a/scripts/automation/Radius/Functions/Private/Menus/Show-RootCAGenerationMenu.ps1
+++ b/scripts/automation/Radius/Functions/Private/Menus/Show-RootCAGenerationMenu.ps1
@@ -19,24 +19,27 @@ function Show-RootCAGenerationMenu {
 
         # Check if expiration is less root cert warning days
         if ($daysRemaining -lt $JCR_ROOT_CERT_Expire_Warning_Days) {
-            Write-Host $(PadCenter -string "WARNING: The root certificate is expiring in $daysRemaining day(s) on $expirationDate! Please press '3' to regenerate your root cert.") -ForegroundColor Yellow
+            Write-Host $(PadCenter -string "WARNING: The root certificate is expiring in $daysRemaining day(s) on $expirationDate! Please press '2' to regenerate your root cert.") -ForegroundColor Yellow
         }
     }
 
-
     Write-Host $(PadCenter -string ' Root Certificate Generation Options ' -char '-')
-    # List Options
-    # Generate new root CA
-    Write-Host "1: Press '1' to generate new root certificate. `n`t$([char]0x1b)[96mNOTE: you will be prompted to overwrite any previously generated certificates. This will generate a new root CA with a new serial number and user certs generated with the previous CA will no longer authenticate."
-
-    # Replace root CA
-    Write-Host "2: Press '2' to replace current root certificate. `n`t$([char]0x1b)[96mNOTE: if you replace root CA it will contain a different serial number and user certs generated with the previous CA will no longer authenticate."
 
-    # Regenerate with the same serial number
-    Write-Host "3: Press '3' to renew root certificate. `n`t$([char]0x1b)[96mNOTE: renewing the root CA will contain the same serial number and CA subject headers. User certs generated with the previous CA will continue to authenticate."
 
-    # Return to main menu
-    Write-Host "E: Press 'E' to return to main menu."
 
+    if (Test-Path -Path "$JCScriptRoot/Cert/radius_ca_cert.pem") {
+        # Generate new root CA
+        Write-Host "1: Press '1' to replace current root certificate. `n`t$([char]0x1b)[96mNOTE: you will be prompted to overwrite any previously generated certificates. This will generate a new root CA with a new serial number and user certs generated with the previous CA will no longer authenticate."
+        # Regenerate with the same serial number
+        Write-Host  "2: Press '2' to renew root certificate. `n`t$([char]0x1b)[96mNOTE: renewing the root CA will contain the same serial number and CA subject headers. User certs generated with the previous CA will continue to authenticate."
+        # Return to main menu
+        Write-Host "E: Press 'E' to return to main menu."
+    } else {
+        # Generate new root CA
+        Write-Host "1: Press '1' to generate new root certificate"
+        # Return to main menu
+        Write-Host "E: Press 'E' to return to main menu."
+    }
     Write-Host $(PadCenter -string "-" -char '-')
+
 }
\ No newline at end of file
diff --git a/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1 b/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1
index cb6536269..32f593d52 100644
--- a/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1
+++ b/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1
@@ -60,10 +60,11 @@ Function Start-GenerateRootCert {
                 $selection = 1
             }
             'Replace' {
-                $selection = 2
+                # Same functionality as 'New'
+                $selection = 1
             }
             'Renew' {
-                $selection = 3
+                $selection = 2
             }
         }
     } else {
@@ -230,112 +231,8 @@ CN = $($JCR_SUBJECT_HEADERS.CommonName)
                 return
             }
         }
-        # Replace current root certificate
+        # Renew current root certificate
         '2' {
-            # Check if there is a current CA cert
-            if (Test-Path -Path "$JCScriptRoot/Cert/radius_ca_cert.pem") {
-
-                if (!$force) {
-                    if ($PSCmdlet.ParameterSetName -eq 'cli') {
-                        $overwritePrompt = Get-ResponsePrompt -message "Do you want to overwrite/replace the existing CA Cert? This will generate a new root CA with a new serial number and user certs generated with the previous CA will no longer authenticate." -cli $true
-                    } else {
-                        $overwritePrompt = Get-ResponsePrompt -message "Do you want to overwrite/replace the existing CA Cert? This will generate a new root CA with a new serial number and user certs generated with the previous CA will no longer authenticate."
-                    }
-                } else {
-                    $overwritePrompt = $true
-                }
-
-
-                switch ($overwritePrompt) {
-                    $true {
-                        Write-Host "Replacing Root Cert..." -ForegroundColor Yellow
-                        switch ($PSCmdlet.ParameterSetName) {
-                            'gui' {
-                                $env:certKeyPassword = ""
-                                # Loop until the passwords match
-                                do {
-                                    # Prompt for password
-                                    Write-Host "NOTE: Please save your root certificate password in a password manager" -foregroundcolor Yellow
-                                    $secureCertKeyPass = Read-Host -Prompt "Enter a password for the certificate key" -AsSecureString
-
-                                    # Reprompt for password
-                                    $secureCertKeyPass2ReEntry = Read-Host -Prompt "Re-enter the password for the certificate key" -AsSecureString
-
-                                    # Convert SecureString to plain text to validate
-                                    $plainCertKeyPass = ConvertFrom-SecureString $secureCertKeyPass -AsPlainText
-                                    $plainCertKeyPassReEntry = ConvertFrom-SecureString $secureCertKeyPass2ReEntry -AsPlainText
-
-                                    # Validate that the passwords match
-                                    if ($plainCertKeyPass -ne $plainCertKeyPassReEntry) {
-                                        Write-Host "Passwords do not match. Please try again." -foregroundcolor Red
-                                    } else {
-                                        Write-Host "Password set successfully" -foregroundcolor Green
-                                        $certKeyPass = ConvertFrom-SecureString $secureCertKeyPass -AsPlainText
-                                    }
-                                } while ($plainCertKeyPass -ne $plainCertKeyPassReEntry)
-                            }
-                            'cli' {
-                                $certKeyPass = $certKeyPassword
-                            }
-                        }
-                        # Copy the current root cert to the backups folder and zip it
-                        try {
-                            Copy-Item -Path "$CertPath/radius_ca_cert.pem" -Destination "$CertPath/Backups/radius_ca_cert_$timestamp.pem"
-                            Copy-Item -Path "$CertPath/radius_ca_key.pem" -Destination "$CertPath/Backups/radius_ca_key_$timestamp.pem"
-
-                            # Zip the root cert and key files
-                            $zipPath = "$CertPath/Backups/replace_radius_ca_cert_backup_$timestamp.zip"
-                            Compress-Archive -Path "$CertPath/Backups/radius_ca_cert_$timestamp.pem", "$CertPath/Backups/radius_ca_key_$timestamp.pem" -DestinationPath $zipPath
-
-                            Remove-Item -Path "$CertPath/Backups/radius_ca_cert_$timestamp.pem"
-                            Remove-Item -Path "$CertPath/Backups/radius_ca_key_$timestamp.pem"
-
-                        } catch {
-                            Write-Error "Error backing up the current root cert and key. $($_.Exception.Message)"
-                            exit
-                        }
-
-                        # Save the pass phrase in the env:
-                        $env:certKeyPassword = $certKeyPass
-                        Invoke-Expression "$JCR_OPENSSL req -x509 -newkey rsa:2048 -days $JCR_ROOT_CERT_VALIDITY_DAYS -keyout `"$outKey`" -out `"$outCA`" -passout pass:$($env:certKeyPassword) -subj /C=$($JCR_SUBJECT_HEADERS.countryCode)/ST=$($JCR_SUBJECT_HEADERS.stateCode)/L=$($JCR_SUBJECT_HEADERS.Locality)/O=$($JCR_SUBJECT_HEADERS.Organization)/OU=$($JCR_SUBJECT_HEADERS.OrganizationUnit)/CN=$($JCR_SUBJECT_HEADERS.CommonName)"
-                        # REM PEM pass phrase: myorgpass
-                        Invoke-Expression "$JCR_OPENSSL x509 -in `"$outCA`" -noout -text"
-                        # openssl x509 -in ca-cert.pem -noout -text
-                        # Update Extensions Distinguished Names:
-                        $exts = Get-ChildItem -Path "$JCScriptRoot/Extensions"
-                        foreach ($ext in $exts) {
-                            Write-Host "Updating Subject Headers for $($ext.Name)"
-                            $extContent = Get-Content -Path $ext.FullName -Raw
-                            $reqDistinguishedName = @"
-[req_distinguished_name]
-C = $($JCR_SUBJECT_HEADERS.countryCode)
-ST = $($JCR_SUBJECT_HEADERS.stateCode)
-L = $($JCR_SUBJECT_HEADERS.Locality)
-O = $($JCR_SUBJECT_HEADERS.Organization)
-OU = $($JCR_SUBJECT_HEADERS.OrganizationUnit)
-CN = $($JCR_SUBJECT_HEADERS.CommonName)
-
-"@
-                            $extContent -Replace ("\[req_distinguished_name\][\s\S]*(?=\[v3_req\])", $reqDistinguishedName) | Set-Content -Path $ext.FullName -NoNewline -Force
-                        }
-                        return
-                    }
-                    $false {
-                        return
-                    }
-                    'exit' {
-                        return
-                    }
-                }
-
-
-            } else {
-                Write-Host "No Root Cert detected. Please generate a new CA Cert. Returning to main menu..." -ForegroundColor Yellow
-                return
-            }
-
-        }
-        '3' {
             $env:certKeyPassword = $certKeyPass
             # Check if there is a current CA cert
             if (Test-Path -Path "$JCScriptRoot/Cert/radius_ca_cert.pem") {

From 21e4b4931dfdc110e52063fb26516ee308806ee9 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Thu, 30 Jan 2025 14:08:01 -0700
Subject: [PATCH 159/346] spacing on menu options

---
 .../Functions/Private/Menus/Show-RootCAGenerationMenu.ps1     | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Private/Menus/Show-RootCAGenerationMenu.ps1 b/scripts/automation/Radius/Functions/Private/Menus/Show-RootCAGenerationMenu.ps1
index 9407045a0..e5d03cb79 100644
--- a/scripts/automation/Radius/Functions/Private/Menus/Show-RootCAGenerationMenu.ps1
+++ b/scripts/automation/Radius/Functions/Private/Menus/Show-RootCAGenerationMenu.ps1
@@ -29,9 +29,9 @@ function Show-RootCAGenerationMenu {
 
     if (Test-Path -Path "$JCScriptRoot/Cert/radius_ca_cert.pem") {
         # Generate new root CA
-        Write-Host "1: Press '1' to replace current root certificate. `n`t$([char]0x1b)[96mNOTE: you will be prompted to overwrite any previously generated certificates. This will generate a new root CA with a new serial number and user certs generated with the previous CA will no longer authenticate."
+        Write-Host "1: Press '1' to replace current root certificate. `n`t$([char]0x1b)[96mNOTE: you will be prompted to overwrite any previously generated certificates. This will generate a new root CA `n`twith a new serial number and user certs generated with the previous CA will no longer authenticate."
         # Regenerate with the same serial number
-        Write-Host  "2: Press '2' to renew root certificate. `n`t$([char]0x1b)[96mNOTE: renewing the root CA will contain the same serial number and CA subject headers. User certs generated with the previous CA will continue to authenticate."
+        Write-Host  "2: Press '2' to renew root certificate. `n`t$([char]0x1b)[96mNOTE: renewing the root CA will contain the same serial number and CA subject headers. User certs generated with`n`tthe previous CA will continue to authenticate."
         # Return to main menu
         Write-Host "E: Press 'E' to return to main menu."
     } else {

From 8ad13e02db4b8af5094becb16e12ff6b87b4cc73 Mon Sep 17 00:00:00 2001
From: Ken Maranion <ken.maranion@jumpcloud.com>
Date: Thu, 30 Jan 2025 14:34:04 -0800
Subject: [PATCH 160/346] changelog

---
 scripts/automation/Radius/Changelog.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/automation/Radius/Changelog.md b/scripts/automation/Radius/Changelog.md
index d8c63b931..b0ccc06da 100644
--- a/scripts/automation/Radius/Changelog.md
+++ b/scripts/automation/Radius/Changelog.md
@@ -1,6 +1,6 @@
 ## 2.0.0
 
-Release Date: January 28, 2024
+Release Date: January 30, 2024
 
 #### RELEASE NOTES
 

From d1b90fb553fd7125beca900fcee1803e8e2e31a6 Mon Sep 17 00:00:00 2001
From: Ken Maranion <ken.maranion@jumpcloud.com>
Date: Thu, 30 Jan 2025 14:53:43 -0800
Subject: [PATCH 161/346] wiki for cert renewal

---
 scripts/automation/Radius/readme.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/scripts/automation/Radius/readme.md b/scripts/automation/Radius/readme.md
index 1f0ba5852..84ced7860 100644
--- a/scripts/automation/Radius/readme.md
+++ b/scripts/automation/Radius/readme.md
@@ -154,6 +154,12 @@ A Certificate Authority (CA) is required for passwordless Radius Authentication.
 
 The first option in the menu will present options to generate a self-signed CA. The resulting file `radius_ca_cert.pem` in the `projectDirectory/Radius/Cert` directory. When generating a self signed CA, a password prompt is displayed, this password is used to protect the CA from unauthorized access. Choose a secure but memorable password, during the session this password will be stored as an environment variable as it is required to generate user certificates.
 
+#### Renewing a self-signed certificate
+
+The second option in the root certificate menu allows you to renew the current CA certificate. During the renewal process, you will be prompted to enter the password for the current private key. This ensures that administrators can renew expiring CA certificates while maintaining the ability to authenticate user certificates issued by the previous CA. The renewed certificate will retain the same serial number and CA headers.
+
+![Root Cert Menu](./images/rootCertMenu.png)
+
 #### Importing a certificate
 
 To Import your own CA, the certificate and key files can be copied to the `projectDirectory/Radius/Cert` directory. **Note: Please ensure the certificate and key name ends with `key.pem` and `cert.pem` (ex. `radius_ca_cert.pem` or `radius_ca_key.pem`)**

From d47871e78fa06da8481361b005df6a2b9fbcf8d3 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Fri, 31 Jan 2025 13:48:57 -0700
Subject: [PATCH 162/346] Tests for radius membership

---
 .../Tests/Public/Get-JCRGlobalVars.Tests.ps1  | 42 +++++++++++++++++++
 1 file changed, 42 insertions(+)

diff --git a/scripts/automation/Radius/Tests/Public/Get-JCRGlobalVars.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Get-JCRGlobalVars.Tests.ps1
index 13b3186d3..e04ce95bf 100644
--- a/scripts/automation/Radius/Tests/Public/Get-JCRGlobalVars.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Get-JCRGlobalVars.Tests.ps1
@@ -196,4 +196,46 @@ Describe "Get Global Variable Data Tests" -Tag "Cache" {
         }
 
     }
+    Context "Tests that the RadiusMembers.json file is updated when users are added or removed from the user group" {
+        BeforeAll {
+            # create a new user
+            $user = New-RandomUser -Domain "pesterRadius" | New-JCUser
+        }
+        It "when a user is added to the group, they should be added to the RadiusMembers.json & users.json file" {
+            # get the RadiusMembers.json before
+            # get the user.json file before
+            # add a user to the radius Group
+            Add-JCUserGroupMember -GroupID $Global:JCR_USER_GROUP -UserID $user.id
+            Start-Sleep 1
+            # update the cache forcefully
+            Get-JCRGlobalVars -force -skipAssociation -associateManually
+            Start-Sleep 1
+            # the new user should be in the membership list
+            $global:JCRadiusMembers.username | Should -Contain $user.username
+
+            # the new user should be in user.json list
+            $userData = Get-UserJsonData
+            $userData.username | Should -Contain $user.username
+
+
+
+
+        }
+        It "when a user is removed from the group, they should be removed to the RadiusMembers.json & users.json file" {
+            # get the RadiusMembers.json before
+            # get the user.json file before
+            # add a user to the radius Group
+            Remove-JCUserGroupMember -GroupID $Global:JCR_USER_GROUP -UserID $user.id
+            Start-Sleep 1
+            # update the cache forcefully
+            Get-JCRGlobalVars -force -skipAssociation -associateManually
+            Start-Sleep 1
+            # the new user should be in the membership list
+            $global:JCRadiusMembers.username | Should -Not -Contain $user.username
+
+            # the new user should be in user.json list
+            $userData = Get-UserJsonData
+            $userData.username | Should -Not -Contain $user.username
+        }
+    }
 }

From 7f645ede72a7be4310da67585cdcbeddde68d761 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Fri, 31 Jan 2025 13:58:02 -0700
Subject: [PATCH 163/346] user variable to test

---
 .../Radius/Tests/Public/Get-JCRGlobalVars.Tests.ps1           | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/scripts/automation/Radius/Tests/Public/Get-JCRGlobalVars.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Get-JCRGlobalVars.Tests.ps1
index e04ce95bf..1a9ae9412 100644
--- a/scripts/automation/Radius/Tests/Public/Get-JCRGlobalVars.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Get-JCRGlobalVars.Tests.ps1
@@ -211,7 +211,7 @@ Describe "Get Global Variable Data Tests" -Tag "Cache" {
             Get-JCRGlobalVars -force -skipAssociation -associateManually
             Start-Sleep 1
             # the new user should be in the membership list
-            $global:JCRadiusMembers.username | Should -Contain $user.username
+            $global:JCRRadiusMembers.username | Should -Contain $user.username
 
             # the new user should be in user.json list
             $userData = Get-UserJsonData
@@ -231,7 +231,7 @@ Describe "Get Global Variable Data Tests" -Tag "Cache" {
             Get-JCRGlobalVars -force -skipAssociation -associateManually
             Start-Sleep 1
             # the new user should be in the membership list
-            $global:JCRadiusMembers.username | Should -Not -Contain $user.username
+            $global:JCRRadiusMembers.username | Should -Not -Contain $user.username
 
             # the new user should be in user.json list
             $userData = Get-UserJsonData

From 14e26295c3e034737eeeef6dd72727e601e8dbd0 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Fri, 31 Jan 2025 14:44:11 -0700
Subject: [PATCH 164/346] remove duplicate code

---
 .../Public/Start-GenerateRootCert.Tests.ps1   | 87 +++----------------
 1 file changed, 10 insertions(+), 77 deletions(-)

diff --git a/scripts/automation/Radius/Tests/Public/Start-GenerateRootCert.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Start-GenerateRootCert.Tests.ps1
index 1833e9af6..216fac77c 100644
--- a/scripts/automation/Radius/Tests/Public/Start-GenerateRootCert.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Start-GenerateRootCert.Tests.ps1
@@ -1,25 +1,16 @@
 Describe "Generate Root Certificate Tests" -Tag "GenerateRootCert" {
+    BeforeEach {
+        # If the /Cert/ folder is not empty, clear the directory
+        $items = Get-ChildItem "$JCScriptRoot/Cert"
+        if ($items) {
+            foreach ($item in $items) {
+                # If the item is the 'backup' folder, process its contents separately
+                Remove-Item -Path $item.FullName -Recurse -Force -Confirm:$false
+            }
+        }
+    }
     Context "A new certificate can be generated" {
         It 'Generates a new root certificate' {
-            # If the /Cert/ folder is not empty, clear the directory
-            $items = Get-ChildItem "$JCScriptRoot/Cert"
-            if ($items) {
-                foreach ($item in $items) {
-                    # If the item is the 'backup' folder, process its contents separately
-                    if ($item.Name -eq 'Backups') {
-                        $backupItems = Get-ChildItem $item.FullName
-                        foreach ($backupItem in $backupItems) {
-                            Write-Host "Removing $($backupItem.FullName)"
-                            Remove-Item -Path $backupItem.FullName -Force
-                        }
-                    }
-                    # Otherwise, remove the item directly (outside of the 'backup' folder)
-                    elseif ($item.PSIsContainer -eq $false) {
-                        Write-Host "Removing $($item.FullName)"
-                        Remove-Item -Path $item.FullName -Force
-                    }
-                }
-            }
             Start-GenerateRootCert -certKeyPassword "testCertificate123!@#" -generateType "new" -force
 
             # both the key and the cert should be generated
@@ -43,26 +34,6 @@ Describe "Generate Root Certificate Tests" -Tag "GenerateRootCert" {
 
     Context "Overwrite an existing root certificate when creating a new one" {
         It 'Generates a new root certificate when there is an existing one' {
-            # If the /Cert/ folder is not empty, clear the directory
-            $items = Get-ChildItem "$JCScriptRoot/Cert"
-            if ($items) {
-                foreach ($item in $items) {
-                    # If the item is the 'backup' folder, process its contents separately
-                    if ($item.Name -eq 'Backups') {
-                        $backupItems = Get-ChildItem $item.FullName
-                        foreach ($backupItem in $backupItems) {
-                            Write-Host "Removing $($backupItem.FullName)"
-                            Remove-Item -Path $backupItem.FullName -Force
-                        }
-                    }
-                    # Otherwise, remove the item directly (outside of the 'backup' folder)
-                    elseif ($item.PSIsContainer -eq $false) {
-                        Write-Host "Removing $($item.FullName)"
-                        Remove-Item -Path $item.FullName -Force
-                    }
-                }
-            }
-
             # Create a new root certificate
             Start-GenerateRootCert -certKeyPassword "testCertificate123!@#" -generateType "New" -force
             # get existing cert serial:
@@ -97,25 +68,6 @@ Describe "Generate Root Certificate Tests" -Tag "GenerateRootCert" {
 
     Context "An existing certificate can be replaced" {
         It 'Replaces a root certificate' {
-            # If the /Cert/ folder is not empty, clear the directory
-            $items = Get-ChildItem "$JCScriptRoot/Cert"
-            if ($items) {
-                foreach ($item in $items) {
-                    # If the item is the 'backup' folder, process its contents separately
-                    if ($item.Name -eq 'Backups') {
-                        $backupItems = Get-ChildItem $item.FullName
-                        foreach ($backupItem in $backupItems) {
-                            Write-Host "Removing $($backupItem.FullName)"
-                            Remove-Item -Path $backupItem.FullName -Force
-                        }
-                    }
-                    # Otherwise, remove the item directly (outside of the 'backup' folder)
-                    elseif ($item.PSIsContainer -eq $false) {
-                        Write-Host "Removing $($item.FullName)"
-                        Remove-Item -Path $item.FullName -Force
-                    }
-                }
-            }
             # Create a new root certificate
             Start-GenerateRootCert -certKeyPassword "testCertificate123!@#" -generateType "new" -force
             # get existing cert serial:
@@ -150,25 +102,6 @@ Describe "Generate Root Certificate Tests" -Tag "GenerateRootCert" {
     }
     Context "An existing certificate can be renewed" {
         It 'Renews a root certificate' {
-            # If the /Cert/ folder is not empty, clear the directory
-            $items = Get-ChildItem "$JCScriptRoot/Cert"
-            if ($items) {
-                foreach ($item in $items) {
-                    # If the item is the 'backup' folder, process its contents separately
-                    if ($item.Name -eq 'Backups') {
-                        $backupItems = Get-ChildItem $item.FullName
-                        foreach ($backupItem in $backupItems) {
-                            Write-Host "Removing $($backupItem.FullName)"
-                            Remove-Item -Path $backupItem.FullName -Force
-                        }
-                    }
-                    # Otherwise, remove the item directly (outside of the 'backup' folder)
-                    elseif ($item.PSIsContainer -eq $false) {
-                        Write-Host "Removing $($item.FullName)"
-                        Remove-Item -Path $item.FullName -Force
-                    }
-                }
-            }
             # Generate new CA
             Start-GenerateRootCert -certKeyPassword "testCertificate123!@#" -generateType "new" -force
             # get existing cert serial:

From f14296e2ea9c0e923ff9f9089b86d25786f572ca Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Fri, 31 Jan 2025 15:33:19 -0700
Subject: [PATCH 165/346] only return certs for the selected cert type and
 filter by users in the radius group

---
 .../Functions/Private/CertDeployment/Get-CertInfo.ps1 | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1 b/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1
index 1745050ae..9f74d5677 100644
--- a/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1
@@ -23,10 +23,17 @@ function Get-CertInfo {
         if ($UserCerts) {
             # Find all userCert paths
             if ($username) {
-                $foundCerts = Resolve-Path -Path "$JCScriptRoot/UserCerts/$username-*.crt" -ErrorAction SilentlyContinue
+                $foundCerts = Resolve-Path -Path "$JCScriptRoot/UserCerts/$username-$($Global:JCR_CERT_TYPE)*.crt" -ErrorAction SilentlyContinue
 
             } else {
-                $foundCerts = Resolve-Path -Path "$JCScriptRoot/UserCerts/*.crt" -ErrorAction SilentlyContinue
+                $foundCerts = New-Object System.Collections.ArrayList
+                $global:JCRRadiusMembers.username | ForEach-Object {
+                    $foundCert = Resolve-Path -Path "$JCScriptRoot/UserCerts/$_-$($Global:JCR_CERT_TYPE)*.crt" -ErrorAction SilentlyContinue
+                    if ($foundCert) {
+                        $foundCerts.Add($foundCert) | Out-Null
+                    }
+
+                }
             }
         }
 

From e0cbc8178194015d89a33b2be358513f66c08eda Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Fri, 31 Jan 2025 15:33:46 -0700
Subject: [PATCH 166/346] fix for returning users with an index of 0

---
 .../Functions/Private/HashFunctions/Test-UserFromHash.ps1       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/automation/Radius/Functions/Private/HashFunctions/Test-UserFromHash.ps1 b/scripts/automation/Radius/Functions/Private/HashFunctions/Test-UserFromHash.ps1
index 6e03676cc..71dfe5a20 100644
--- a/scripts/automation/Radius/Functions/Private/HashFunctions/Test-UserFromHash.ps1
+++ b/scripts/automation/Radius/Functions/Private/HashFunctions/Test-UserFromHash.ps1
@@ -37,7 +37,7 @@ function Test-UserFromHash {
                 # Get the UserID from the keys
                 $matchedUserID = $Global:JCRUsers.keys | Select-Object -Index $matchedIndex
                 # validate that the userID is in the radiusMembership hash:
-                if ($matchedIndex) {
+                if ($matchedUserID) {
                     # finally return the $matchedUser object
                     $matchedUser = $Global:JCRUsers[$matchedUserID]
                 } else {

From 3dc7f3f65f649f5bcb774139572fb597cd787f12 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Fri, 31 Jan 2025 15:34:22 -0700
Subject: [PATCH 167/346] validate user cert tests

---
 .../Tests/Public/Start-GenerateUserCerts.Tests.ps1       | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1
index 3f9454068..66b7c717c 100644
--- a/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1
@@ -46,13 +46,14 @@ Describe 'Generate User Cert Tests' -Tag "GenerateUserCerts" {
             # Get the certs before
             $certsBefore = Get-ChildItem -Path "$JCScriptRoot/UserCerts"
             # wait one moment
-            Start-Sleep 2
+            Start-Sleep 1
             # update the cache
             Get-JCRGlobalVars -force -skipAssociation -associateManually
             # wait just one moment before testing membership since we are writing a file
             Start-Sleep 1
             # the new user should be in the membership list:
             $global:JCRRadiusMembers.username | Should -Contain $user.username
+            $Global:JCRUsers.keys | should -Contain $user.id
             # Generate the user cert:
             Start-GenerateUserCerts -type ByUsername -username $($user.username) -forceReplaceCerts
             # Get the certs after
@@ -170,13 +171,14 @@ Describe 'Generate User Cert Tests' -Tag "GenerateUserCerts" {
             # Get the certs before
             $certsBefore = Get-ChildItem -Path "$JCScriptRoot/UserCerts"
             # wait one moment
-            Start-Sleep 2
+            Start-Sleep 1
             # update the cache
             Get-JCRGlobalVars -force -skipAssociation -associateManually
             # wait just one moment before testing membership since we are writing a file
             Start-Sleep 1
             # the new user should be in the membership list:
             $global:JCRRadiusMembers.username | Should -Contain $user.username
+            $Global:JCRUsers.keys | should -Contain $user.id
             # Generate the user cert:
             Start-GenerateUserCerts -type ByUsername -username $($user.username) -forceReplaceCerts
             # Get the certs after
@@ -201,13 +203,14 @@ Describe 'Generate User Cert Tests' -Tag "GenerateUserCerts" {
             # Get the certs before
             $certsBefore = Get-ChildItem -Path "$JCScriptRoot/UserCerts"
             # wait one moment
-            Start-Sleep 2
+            Start-Sleep 1
             # update the cache
             Get-JCRGlobalVars -force -skipAssociation -associateManually
             # wait just one moment before testing membership since we are writing a file
             Start-Sleep 1
             # the new user should be in the membership list:
             $global:JCRRadiusMembers.username | Should -Contain $user.username
+            $Global:JCRUsers.keys | should -Contain $user.id
             # Generate the user cert:
             Start-GenerateUserCerts -type ByUsername -username $($user.username) -forceReplaceCerts
             # Get the certs after

From 5352ca60b5a399c60e739129f8ae1d25658a1ab8 Mon Sep 17 00:00:00 2001
From: Geoffrey Wein <geoffrey.wein@jumpcloud.com>
Date: Tue, 18 Feb 2025 09:09:06 -0700
Subject: [PATCH 168/346] Create Get-JCRCertReport.ps1

---
 .../Functions/Public/Get-JCRCertReport.ps1    | 67 +++++++++++++++++++
 1 file changed, 67 insertions(+)
 create mode 100644 scripts/automation/Radius/Functions/Public/Get-JCRCertReport.ps1

diff --git a/scripts/automation/Radius/Functions/Public/Get-JCRCertReport.ps1 b/scripts/automation/Radius/Functions/Public/Get-JCRCertReport.ps1
new file mode 100644
index 000000000..88bdcbeba
--- /dev/null
+++ b/scripts/automation/Radius/Functions/Public/Get-JCRCertReport.ps1
@@ -0,0 +1,67 @@
+function Get-JCRCertReport {
+    param(
+        [Parameter(Mandatory = $true)]
+        [string[]]$UserGroupIDs,
+        [Parameter(Mandatory)]
+        [string]$ExportFilePath
+    )
+
+    # Initialize an empty array to store the results
+    $reportData = @()
+
+    foreach ($groupID in $UserGroupIDs) {
+        $radiusMembersPath = Join-Path -Path $PSScriptRoot -ChildPath "data/radiusMembers.json"
+        $certHashPath = Join-Path -Path $PSScriptRoot -ChildPath "data/certHash.json"
+
+        if (!(Test-Path $radiusMembersPath)) {
+            Write-Error "radiusMembers.json not found at $radiusMembersPath"
+            continue # Skip to the next group if file not found
+        }
+        if (!(Test-Path $certHashPath)) {
+            Write-Error "certHash.json not found at $certHashPath"
+            continue # Skip to the next group if file not found
+        }
+
+
+        $radiusMembers = Get-Content $radiusMembersPath | ConvertFrom-Json
+        $certHashes = Get-Content $certHashPath | ConvertFrom-Json
+
+        foreach ($user in $radiusMembers) {
+            foreach ($device in $user.devices) {
+                $reportEntry = [ordered]@{}
+                $reportEntry.username = $user.username
+                $reportEntry.userid = $user.userid
+                $reportEntry.systemHostname = $device.systemHostname
+                $reportEntry.systemID = $device.systemID
+                $reportEntry.systemOS = $device.systemOS
+
+
+                # Check if certificate is installed on the device
+                $certInstalled = $false
+                $certificateSerialNumber = $null
+                $certificateExpirationDate = $null
+
+                if ($certHashes."$($device.systemID)") {
+                    # Check if the systemID exists in certHashes
+                    foreach ($cert in $certHashes."$($device.systemID)") {
+                        # Loop through possible certs on the device
+                        $certificateSerialNumber = $cert.serialNumber # Capture the serial number
+                        $certificateExpirationDate = $cert.notAfter # Capture expiration date
+                        $certInstalled = $true # If we got here there is at least one cert
+                        break # Exit inner loop, we can assume the user has a cert
+                    }
+                }
+
+                $reportEntry.CertificateSerialNumber = $certificateSerialNumber
+                $reportEntry."Certificate Expiration Date" = $certificateExpirationDate
+                $reportEntry."Certificate Installed on the device" = $certInstalled
+
+                $reportData += [pscustomobject]$reportEntry
+            }
+        }
+    }
+
+    # Export to CSV
+    $reportData | Export-Csv -Path $ExportFilePath -NoTypeInformation
+    Write-Host "Certificate report generated at: $ExportFilePath"
+}
\ No newline at end of file

From a3a52ea769dfc2ef6deeafb8cfe388343dc3a505 Mon Sep 17 00:00:00 2001
From: Geoffrey Wein <geoffrey.wein@jumpcloud.com>
Date: Fri, 21 Feb 2025 13:43:52 -0700
Subject: [PATCH 169/346] Update Get-JCRCertReport.ps1

---
 .../Functions/Public/Get-JCRCertReport.ps1    | 42 ++++++++++---------
 1 file changed, 22 insertions(+), 20 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Public/Get-JCRCertReport.ps1 b/scripts/automation/Radius/Functions/Public/Get-JCRCertReport.ps1
index 88bdcbeba..51061e0f3 100644
--- a/scripts/automation/Radius/Functions/Public/Get-JCRCertReport.ps1
+++ b/scripts/automation/Radius/Functions/Public/Get-JCRCertReport.ps1
@@ -10,8 +10,9 @@ function Get-JCRCertReport {
     $reportData = @()
 
     foreach ($groupID in $UserGroupIDs) {
-        $radiusMembersPath = Join-Path -Path $PSScriptRoot -ChildPath "data/radiusMembers.json"
-        $certHashPath = Join-Path -Path $PSScriptRoot -ChildPath "data/certHash.json"
+        $radiusMembersPath = Join-Path -Path $JCScriptRoot -ChildPath "data/radiusMembers.json"
+        $certHashPath = Join-Path -Path $JCScriptRoot -ChildPath "data/certHash.json"
+        $associationHashPath = Join-Path -Path $JCScriptRoot -ChildPath "data/associationHash.json"
 
         if (!(Test-Path $radiusMembersPath)) {
             Write-Error "radiusMembers.json not found at $radiusMembersPath"
@@ -21,40 +22,41 @@ function Get-JCRCertReport {
             Write-Error "certHash.json not found at $certHashPath"
             continue # Skip to the next group if file not found
         }
+        if (!(Test-Path $associationHashPath)) {
+            Write-Error "associationHash.json not found at $associationHashPath"
+            continue # Skip to the next group if file not found
+        }
 
 
         $radiusMembers = Get-Content $radiusMembersPath | ConvertFrom-Json
         $certHashes = Get-Content $certHashPath | ConvertFrom-Json
+        $associationHash = Get-Content $associationHashPath | ConvertFrom-Json
+
 
         foreach ($user in $radiusMembers) {
-            foreach ($device in $user.devices) {
+            $userSystemAssociations = $associationHash.$($user.userID).systemAssociations
+            $userCerts = Get-CertInfo -UserCerts -username $user.username
+            foreach ($system in $userSystemAssociations) {
                 $reportEntry = [ordered]@{}
                 $reportEntry.username = $user.username
                 $reportEntry.userid = $user.userid
-                $reportEntry.systemHostname = $device.systemHostname
-                $reportEntry.systemID = $device.systemID
-                $reportEntry.systemOS = $device.systemOS
+                $reportEntry.systemHostname = $system.hostname
+                $reportEntry.systemID = $system.systemId
+                $reportEntry.systemOS = $system.osFamily
 
 
                 # Check if certificate is installed on the device
                 $certInstalled = $false
-                $certificateSerialNumber = $null
-                $certificateExpirationDate = $null
+                $certificateSerialNumber = $userCerts.serial
+                $certificateExpirationDate = $userCerts.notAfter
 
-                if ($certHashes."$($device.systemID)") {
-                    # Check if the systemID exists in certHashes
-                    foreach ($cert in $certHashes."$($device.systemID)") {
-                        # Loop through possible certs on the device
-                        $certificateSerialNumber = $cert.serialNumber # Capture the serial number
-                        $certificateExpirationDate = $cert.notAfter # Capture expiration date
-                        $certInstalled = $true # If we got here there is at least one cert
-                        break # Exit inner loop, we can assume the user has a cert
-                    }
+                if ($certHashes.$($userCerts.sha1).systemId -contains $system.systemId) {
+                    $certInstalled = $true
                 }
 
-                $reportEntry.CertificateSerialNumber = $certificateSerialNumber
-                $reportEntry."Certificate Expiration Date" = $certificateExpirationDate
-                $reportEntry."Certificate Installed on the device" = $certInstalled
+                $reportEntry.certSerialNumber = $certificateSerialNumber
+                $reportEntry.certExpirationDate = $certificateExpirationDate
+                $reportEntry.certInstalled = $certInstalled
 
                 $reportData += [pscustomobject]$reportEntry
             }

From 14a5d91b4e8e3b44fc11e37ef9d8682f54f853e9 Mon Sep 17 00:00:00 2001
From: Geoffrey Wein <geoffrey.wein@jumpcloud.com>
Date: Tue, 25 Feb 2025 09:15:50 -0700
Subject: [PATCH 170/346] arraylist

---
 .../automation/Radius/Functions/Public/Get-JCRCertReport.ps1  | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Public/Get-JCRCertReport.ps1 b/scripts/automation/Radius/Functions/Public/Get-JCRCertReport.ps1
index 51061e0f3..228a68840 100644
--- a/scripts/automation/Radius/Functions/Public/Get-JCRCertReport.ps1
+++ b/scripts/automation/Radius/Functions/Public/Get-JCRCertReport.ps1
@@ -7,7 +7,7 @@ function Get-JCRCertReport {
     )
 
     # Initialize an empty array to store the results
-    $reportData = @()
+    $reportData = New-Object System.Collections.ArrayList
 
     foreach ($groupID in $UserGroupIDs) {
         $radiusMembersPath = Join-Path -Path $JCScriptRoot -ChildPath "data/radiusMembers.json"
@@ -58,7 +58,7 @@ function Get-JCRCertReport {
                 $reportEntry.certExpirationDate = $certificateExpirationDate
                 $reportEntry.certInstalled = $certInstalled
 
-                $reportData += [pscustomobject]$reportEntry
+                $reportData.Add([pscustomobject]$reportEntry) | Out-Null
             }
         }
     }

From 76f300ca66fb3d4c134f464706cb88d02b8a6f81 Mon Sep 17 00:00:00 2001
From: Geoffrey Wein <geoffrey.wein@jumpcloud.com>
Date: Tue, 25 Feb 2025 09:15:59 -0700
Subject: [PATCH 171/346] update .psd1

---
 scripts/automation/Radius/JumpCloud-Radius.psd1 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/automation/Radius/JumpCloud-Radius.psd1 b/scripts/automation/Radius/JumpCloud-Radius.psd1
index 04f150a17..2f1694297 100644
--- a/scripts/automation/Radius/JumpCloud-Radius.psd1
+++ b/scripts/automation/Radius/JumpCloud-Radius.psd1
@@ -70,7 +70,7 @@
 
     # Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export.
     FunctionsToExport = 'Start-DeployUserCerts', 'Start-GenerateRootCert',
-    'Start-GenerateUserCerts', 'Start-MonitorCertDeployment', 'Get-JCRGlobalVars'
+    'Start-GenerateUserCerts', 'Start-MonitorCertDeployment', 'Get-JCRGlobalVars', 'Get-JCRCertReport'
 
     # Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export.
     CmdletsToExport   = @()

From 8f55d002da0bda6006956a1f7a7d5dd604bf4985 Mon Sep 17 00:00:00 2001
From: Geoffrey Wein <geoffrey.wein@jumpcloud.com>
Date: Tue, 25 Feb 2025 14:47:08 -0700
Subject: [PATCH 172/346] test path and remove useless loop

---
 .../Functions/Public/Get-JCRCertReport.ps1    | 82 +++++++++----------
 1 file changed, 41 insertions(+), 41 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Public/Get-JCRCertReport.ps1 b/scripts/automation/Radius/Functions/Public/Get-JCRCertReport.ps1
index 228a68840..f9e6c6bd6 100644
--- a/scripts/automation/Radius/Functions/Public/Get-JCRCertReport.ps1
+++ b/scripts/automation/Radius/Functions/Public/Get-JCRCertReport.ps1
@@ -3,66 +3,66 @@ function Get-JCRCertReport {
         [Parameter(Mandatory = $true)]
         [string[]]$UserGroupIDs,
         [Parameter(Mandatory)]
+        [ValidateScript({ Test-Path -IsValid -Path $_ -PathType Leaf })]
         [string]$ExportFilePath
     )
 
     # Initialize an empty array to store the results
     $reportData = New-Object System.Collections.ArrayList
 
-    foreach ($groupID in $UserGroupIDs) {
-        $radiusMembersPath = Join-Path -Path $JCScriptRoot -ChildPath "data/radiusMembers.json"
-        $certHashPath = Join-Path -Path $JCScriptRoot -ChildPath "data/certHash.json"
-        $associationHashPath = Join-Path -Path $JCScriptRoot -ChildPath "data/associationHash.json"
+    $radiusMembersPath = Join-Path -Path $JCScriptRoot -ChildPath "data/radiusMembers.json"
+    $certHashPath = Join-Path -Path $JCScriptRoot -ChildPath "data/certHash.json"
+    $associationHashPath = Join-Path -Path $JCScriptRoot -ChildPath "data/associationHash.json"
 
-        if (!(Test-Path $radiusMembersPath)) {
-            Write-Error "radiusMembers.json not found at $radiusMembersPath"
-            continue # Skip to the next group if file not found
-        }
-        if (!(Test-Path $certHashPath)) {
-            Write-Error "certHash.json not found at $certHashPath"
-            continue # Skip to the next group if file not found
-        }
-        if (!(Test-Path $associationHashPath)) {
-            Write-Error "associationHash.json not found at $associationHashPath"
-            continue # Skip to the next group if file not found
-        }
+    if (!(Test-Path $radiusMembersPath)) {
+        Write-Error "radiusMembers.json not found at $radiusMembersPath"
+        continue # Skip to the next group if file not found
+    }
+    if (!(Test-Path $certHashPath)) {
+        Write-Error "certHash.json not found at $certHashPath"
+        continue # Skip to the next group if file not found
+    }
+    if (!(Test-Path $associationHashPath)) {
+        Write-Error "associationHash.json not found at $associationHashPath"
+        continue # Skip to the next group if file not found
+    }
 
 
-        $radiusMembers = Get-Content $radiusMembersPath | ConvertFrom-Json
-        $certHashes = Get-Content $certHashPath | ConvertFrom-Json
-        $associationHash = Get-Content $associationHashPath | ConvertFrom-Json
+    $radiusMembers = Get-Content $radiusMembersPath | ConvertFrom-Json
+    $certHashes = Get-Content $certHashPath | ConvertFrom-Json
+    $associationHash = Get-Content $associationHashPath | ConvertFrom-Json
 
 
-        foreach ($user in $radiusMembers) {
-            $userSystemAssociations = $associationHash.$($user.userID).systemAssociations
-            $userCerts = Get-CertInfo -UserCerts -username $user.username
-            foreach ($system in $userSystemAssociations) {
-                $reportEntry = [ordered]@{}
-                $reportEntry.username = $user.username
-                $reportEntry.userid = $user.userid
-                $reportEntry.systemHostname = $system.hostname
-                $reportEntry.systemID = $system.systemId
-                $reportEntry.systemOS = $system.osFamily
+    foreach ($user in $radiusMembers) {
+        $userSystemAssociations = $associationHash.$($user.userID).systemAssociations
+        $userCerts = Get-CertInfo -UserCerts -username $user.username
+        foreach ($system in $userSystemAssociations) {
+            $reportEntry = [ordered]@{}
+            $reportEntry.username = $user.username
+            $reportEntry.userid = $user.userid
+            $reportEntry.systemHostname = $system.hostname
+            $reportEntry.systemID = $system.systemId
+            $reportEntry.systemOS = $system.osFamily
 
 
-                # Check if certificate is installed on the device
-                $certInstalled = $false
-                $certificateSerialNumber = $userCerts.serial
-                $certificateExpirationDate = $userCerts.notAfter
+            # Check if certificate is installed on the device
+            $certInstalled = $false
+            $certificateSerialNumber = $userCerts.serial
+            $certificateExpirationDate = $userCerts.notAfter
 
-                if ($certHashes.$($userCerts.sha1).systemId -contains $system.systemId) {
-                    $certInstalled = $true
-                }
+            if ($certHashes.$($userCerts.sha1).systemId -contains $system.systemId) {
+                $certInstalled = $true
+            }
 
-                $reportEntry.certSerialNumber = $certificateSerialNumber
-                $reportEntry.certExpirationDate = $certificateExpirationDate
-                $reportEntry.certInstalled = $certInstalled
+            $reportEntry.certSerialNumber = $certificateSerialNumber
+            $reportEntry.certExpirationDate = $certificateExpirationDate
+            $reportEntry.certInstalled = $certInstalled
 
-                $reportData.Add([pscustomobject]$reportEntry) | Out-Null
-            }
+            $reportData.Add([pscustomobject]$reportEntry) | Out-Null
         }
     }
 
+
     # Export to CSV
     $reportData | Export-Csv -Path $ExportFilePath -NoTypeInformation
     Write-Host "Certificate report generated at: $ExportFilePath"

From 61d9ff9a60183f804bc7970a97fe3ed187246d6e Mon Sep 17 00:00:00 2001
From: Geoffrey Wein <geoffrey.wein@jumpcloud.com>
Date: Tue, 25 Feb 2025 15:49:57 -0700
Subject: [PATCH 173/346] fix path validation

---
 .../Radius/Functions/Public/Get-JCRCertReport.ps1 | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Public/Get-JCRCertReport.ps1 b/scripts/automation/Radius/Functions/Public/Get-JCRCertReport.ps1
index f9e6c6bd6..e41f63c0d 100644
--- a/scripts/automation/Radius/Functions/Public/Get-JCRCertReport.ps1
+++ b/scripts/automation/Radius/Functions/Public/Get-JCRCertReport.ps1
@@ -1,10 +1,17 @@
 function Get-JCRCertReport {
     param(
-        [Parameter(Mandatory = $true)]
-        [string[]]$UserGroupIDs,
         [Parameter(Mandatory)]
-        [ValidateScript({ Test-Path -IsValid -Path $_ -PathType Leaf })]
-        [string]$ExportFilePath
+        [ValidateScript({
+                $directory = Split-Path -Path $_ -Parent
+                if (-not (Test-Path -Path $directory -PathType Container)) {
+                    throw "The directory '$directory' does not exist."
+                }
+                if (-not ($_ -like '*.csv')) {
+                    throw "The specified path '$_' does not end with '.csv'."
+                }
+                return $true
+            })]
+        [System.IO.FileInfo]$ExportFilePath
     )
 
     # Initialize an empty array to store the results

From 5f77d2d057f1ef948e517a37bdb70e1e6761bd86 Mon Sep 17 00:00:00 2001
From: Geoffrey Wein <geoffrey.wein@jumpcloud.com>
Date: Tue, 25 Feb 2025 15:50:32 -0700
Subject: [PATCH 174/346] Create Get-JCRCertReport.Tests.ps1

---
 .../Tests/Public/Get-JCRCertReport.Tests.ps1  | 37 +++++++++++++++++++
 1 file changed, 37 insertions(+)
 create mode 100644 scripts/automation/Radius/Tests/Public/Get-JCRCertReport.Tests.ps1

diff --git a/scripts/automation/Radius/Tests/Public/Get-JCRCertReport.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Get-JCRCertReport.Tests.ps1
new file mode 100644
index 000000000..e8f60508d
--- /dev/null
+++ b/scripts/automation/Radius/Tests/Public/Get-JCRCertReport.Tests.ps1
@@ -0,0 +1,37 @@
+Describe 'User Cert Report' {
+    BeforeAll {
+        # Load all functions from private folders
+        $Private = @( Get-ChildItem -Path "$JCScriptRoot/Functions/Private/*.ps1" -Recurse)
+        Foreach ($Import in $Private) {
+            Try {
+                . $Import.FullName
+            } Catch {
+                Write-Error -Message "Failed to import function $($Import.FullName): $_"
+            }
+        }
+        # import helper functions:
+        . "$PSScriptRoot/../HelperFunctions.ps1"
+        # Manually update user associations for radius members, cache won't pick them up before:
+        foreach ($user in $global:JCRRadiusMembers) {
+            Set-JCRAssociationHash -UserID $user.userID
+        }
+        Get-JCRGlobalVars -Force -associateManually
+        Start-GenerateRootCert -certKeyPassword "TestCertificate123!@#" -generateType "new" -force
+        Start-GenerateUserCerts -type All -forceReplaceCerts
+        Start-DeployUserCerts -type All -forceInvokeCommands
+    }
+    Context "Report Generation" {
+        It "Generates the Report" {
+            # Export the report
+            Get-JCRCertReport -ExportFilePath "$JCScriptRoot/testReport.csv"
+            $report = Import-Csv -Path "$JCScriptRoot/testReport.csv"
+            $report | Should -Not -BeNullOrEmpty
+        }
+        It "Checks for invalid Path" {
+            # Export the report
+            { Get-JCRCertReport -ExportFilePath "$JCScriptRoot/testReport" } | Should -Throw
+            { Get-JCRCertReport -ExportFilePath "testReport" } | Should -Throw
+            { Get-JCRCertReport -ExportFilePath "$JCScriptRoot/testReport.csv" } | Should -Not -Throw
+        }
+    }
+}
\ No newline at end of file

From 22114b43e3f6e1eb6d7115494a7799075d39fbe3 Mon Sep 17 00:00:00 2001
From: Geoffrey Wein <geoffrey.wein@jumpcloud.com>
Date: Wed, 26 Feb 2025 10:06:21 -0700
Subject: [PATCH 175/346] add tag

---
 .../automation/Radius/Tests/Public/Get-JCRCertReport.Tests.ps1  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/automation/Radius/Tests/Public/Get-JCRCertReport.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Get-JCRCertReport.Tests.ps1
index e8f60508d..35d387558 100644
--- a/scripts/automation/Radius/Tests/Public/Get-JCRCertReport.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Get-JCRCertReport.Tests.ps1
@@ -1,4 +1,4 @@
-Describe 'User Cert Report' {
+Describe 'User Cert Report' -Tag "Reports" {
     BeforeAll {
         # Load all functions from private folders
         $Private = @( Get-ChildItem -Path "$JCScriptRoot/Functions/Private/*.ps1" -Recurse)

From 75c56b65f056085f5048769ac9ea6738ce7eb956 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Fri, 28 Feb 2025 13:13:23 -0700
Subject: [PATCH 176/346] multi group radius added

---
 .../automation/Radius/images/command_list.png | Bin 0 -> 112354 bytes
 .../automation/Radius/images/create_task.png  | Bin 0 -> 44804 bytes
 .../automation/Radius/images/log_example.png  | Bin 0 -> 101376 bytes
 .../automation/Radius/images/mgr_running.png  | Bin 0 -> 29784 bytes
 .../automation/Radius/images/pass_prompt.png  | Bin 0 -> 28454 bytes
 .../automation/Radius/images/task_action.png  | Bin 0 -> 59520 bytes
 .../automation/Radius/images/task_running.png | Bin 0 -> 124372 bytes
 .../Radius/images/task_schedule.png           | Bin 0 -> 26955 bytes
 .../Radius/images/user_cert_list.png          | Bin 0 -> 53855 bytes
 .../automation/Radius/multi_group_radius.ps1  | 130 ++++++++++++++++++
 scripts/automation/Radius/readme.md           |  94 +++++++++++++
 11 files changed, 224 insertions(+)
 create mode 100644 scripts/automation/Radius/images/command_list.png
 create mode 100644 scripts/automation/Radius/images/create_task.png
 create mode 100644 scripts/automation/Radius/images/log_example.png
 create mode 100644 scripts/automation/Radius/images/mgr_running.png
 create mode 100644 scripts/automation/Radius/images/pass_prompt.png
 create mode 100644 scripts/automation/Radius/images/task_action.png
 create mode 100644 scripts/automation/Radius/images/task_running.png
 create mode 100644 scripts/automation/Radius/images/task_schedule.png
 create mode 100644 scripts/automation/Radius/images/user_cert_list.png
 create mode 100644 scripts/automation/Radius/multi_group_radius.ps1

diff --git a/scripts/automation/Radius/images/command_list.png b/scripts/automation/Radius/images/command_list.png
new file mode 100644
index 0000000000000000000000000000000000000000..5d2b41031c5ec877aa59f8aa3f253ef48f60945b
GIT binary patch
literal 112354
zcmag`1yGz#(*_Eo!Gb4{;1b+|+u|17-2!CM;O_1o+}+(>f(L@TySqF5%af4ztMk{X
zL)F&aJNIZ$&rJ7q^$;i{C4vZ#1rG)WhA8?)P!0?X{1glfvIF)FD8*1<RT=aJZY?Lm
z4^}#avkUs63se!+my`sf1U<uof%_YQLA_)FeXu|uFfgbeeqb=5Z#2+HCLJ6M67&uJ
z@;)8nH7EFKI^^p!WC!Ry7@xd=s3_=LUe5{$G_y7|w;59fa|0EeGEz{nQIVA3&@(rs
z)%j+w3#4^0wRkB425{g2J(>b-bO;<wznfWeIB*gDmxBZJ{E|#ZMDSl08xt-f6-gNa
z0dp%L0SoPC+RsGX@B{<|0IP5M9CCufe~W{DaS<8X*jRAT(b?PE)7mrAnp+vr(X+F&
z(|u;3V_={G<)E>4G_%ohpfR&1{!__oJ%T`MJu4#%8zXZwf|q)Abj@vTxQK{e8v6J5
zr=LIvqyM#JX8m_qpaIgoyrH9~{Y>|-ZctIcODczqkpu9%s-Tf6NIal6xY=140RQFx
z|9kVl7XMF4mH(AwVrTuoCI8Qx|7S@>YoL{Yxhbeg8}9$j%-_QQ_vPP$0J@iv{~t;G
z5%YhkAUSix1L*$E88>{~N?#-x7%!NpAfJK*_(2M^%e!98UVKptknpd;eg?fGmnnWn
zg+wDmE@wDOB=lVGobd&rIy#o$2=1u6rrvo3mT;A)%|1cTdSR3H7a#2^V%osmL7#ox
z<DfHR6Z(D({3kwGSa3oDC?5}$06QoE4vl4vD<^K~omTgKUh%fGqIN+s3JL^2FKj)M
zr;2W1(@=NBkJkdQ$l!G+g0c0Ww||rNQBY9rQ%nd+P+y9G5>aR&h}Kp+NFsebUaJ8|
zwVZCikVE^^C<??X5dje%tp=Lv|0+2-xpv>>$cg;d5()$oI*Ry$jslwOYc3O1P*WxQ
zggLKGt$YU6>@O=S_*!wP5U=1uO{ssh@N1b)D4Zv|#!d<~!MDc`loh(&m0$Q+UV8=$
zZUVIw6rc`Yw^>``^%Wm#;e#^NA_m1Q-HUKQGVtgtAToRRwZ*KV8d?*f9>c69^u{Tz
z#2VQ4XK1jV*O4Cbf(vr_6(#O@E@@+@+rv9v%hrvjL>_ppZ$GuI5a{DB52naDbmfLv
zuE`DEz!g|@2r3Zp>0+3|*5x>;o3({wO6*bpZI2f{U~?PuM$FvDzMva>+i0}sOy2|F
z^sGU89-k*0My$FMU5-+=ESU*<QY<xyp)1r}aYX2Mr+~s5Jot+YcqK?sbWo=u%-$XQ
z_m62g9%DS-?zGA~OiINDsbxz^Q$**K(pb~1IPFG<d_sMd+Gqr?k07Ah14iEBglg{L
z1dpcC+1o`xV{=G1lDA=jM?5N$`%7fv!orHKJ!8|XP+y9W>e!z-@Z9-Aus~D_4Pax7
z*W6JVYPFp-nyRA-DDQ8|9nSPw__U@%#3tUCc7Ojv+oP@I;Gf{Y<A_mcQCS;@Dv-eO
zT@N7+-LGy^6pAG>vzf@PrK%zX+ArxUq3g@;ju~@B537awz6}s>Bm6f=50r9|_EoxC
zBLocu$8xKr@K(F06gW0YuO5gq!KFr=nX&=D%RVRr)yqf<?_{dKqHULjKnkqK5T!{*
z8C7L1qm*@BGvt;E_6I~>&!bu8y;nd(gZQJsC$Vrd?=7=DI$gt-xBRb-#@AuY8w_is
zM3%_CX~Qc*YKMOizv{m(26z)u*q$-M!(`D{ClnOk;N!&rD|m9qelLdIGa<)}Y_Qj?
zON5@E+h%fUG@^UIUAAT_BAXRW_jxVrpq3c;GNe;4jv4Un_AM@^5NG~2uQH!!B@YPW
za+NTcRNh&jz}S?G4uB_<;y;}zvOxQzo4l~i;t)DPZ1B33R+3Xki0(Xd2T-hco2%pG
ze4ZN7xkf2pCf@^%A^^<5pfnE}tIX-+2oXvhY_j7sN8Tvf6f#z3N^b3ru54~v@wTM~
zp(Eoa_n`#^B2flxgMPDD-54VKD&JM}K8%EW3qt&Xj?5+S@V4MQ+dcBV<qB`YT+d+F
zR9#ZiFL-zCsT=L<<4O<v{^U@soPqT37V_<^Cho1a-mUD;L4F%UBAZb;u<S$#uQi*;
zc}Sv))Moes;_U#g7k1+4o)faUQw5ACP3w)nhwSo}-A}!8HCw-MRc&T-6pZ^(l5{m2
z-G#i9Za62?1V|$UN2hn;>F6Tbwthze(#fUL;?A$zyaPA>-PMhNxpQ@>zOlbQph^4d
z2U#8tyOm5LQ$|_VIAa{tf2;r4!(-9YlvErLFI70(hxew%1x5&78-pCZ|BbY#nT-z}
z^nFFkBpGnLH~8Am1ADkQjTDz86gSC^$H{PkW?xpYy|>rDxy~#H0W*4g`_{UZRjbuS
z^!j))>+$|-bk!ZXrRJU_sE~RVv@lQb(8?*-)ZSK1WVK1(aoei`$df9H$@5FS8R1>8
zW*I57-;~WF1XxQUIv_|p6pl@`wYQ%P-st}}nDWZ8Is47N#QbdnYVKj!ZhaNDMBqXy
znOi&@ukHRATrj_#knEOnbg9XJ75YtUdBX2dY}TEb(JYqmfj=994Z&B%E?Em2FR@<7
zM_rGyfhiauV_<zjK;yv><!4e`(GLuFT*XYN+X-mgB9Q&6+5D2{WxTV-6FcK!HoN_b
zB2k}vu~~r_xa@X6>W;Y_c%@Uhnel`B`r}2%3k<uF^WDzv6q@B|_RcoJfTO|(csF(%
zY;zUP+JZr-8P-y%06xAw8VD%l$(l$eBRMS*R)mFJ4vi+e7(7a)KZ-mW^P&g75*>zE
z6LySmi%1Kp!YhsJ8>^skYzI;ZA_Xv5icfIh(0s6aF;nJ7OC{Sz)>NOf{JF#Pr>8rA
z8?|%r*sl^TwmJ_tOP2v0??OtKn{!wP2T;B5<PP_=nq9Y-Tqp4l47mMlTpsz&pY2zF
zs9vC0j-Dwp*`HeN%~v7dE>#4^4yOsjAmeAP>OC7s!BDZ9Ep46crJzV<Kd%W9EH*uR
z-~lc&nkb)ROs2-4+{1qiXVvlKb}TQa9W69u1q<GuZRVZ5r<CiDF35KXL{s1^=~dJu
z=Fn(!lPv3(`|nshg!N&E5D#XH<zC%E?%lCgU%mbH{M)}HC{CuuYs-*#HUwyU0T5Y_
z5sgiDYjzCv1xR-YDoJxb9#G)A-}$umC3fzemfMkvCI>KNOAoXqDpHMBPMS1u`^Nwg
z5k6!h5SFeg25w0_rNW#_#&aa;(>-{4O{jQCCo#jvxOhv?jrU&elcOGqDe`<5YvDN-
zOqr|QVB0idN<VHr6iH(;`l9KCnC|M2B=2=|%05U^^(^9OwUy4?_Qc0rq?9|%Z925A
zKrSC7jC3Ro6N5tB-m;V{PRHSX%Fv?Fp_vs#CW-xwtJz@ZUC3%EWy_N<?Ed}9|1RGp
zu2iEF(I??NZX|M@Y}cP%o-MTQa{E`*Na-`9fs}mZw_ni_%3pIu!f|rJNG>=4ZVxK|
z6WPo=OVd$f%L`@QRl|1Yl`x<3H6Zq!H_m&jXvsMATiwM3;t7OLViK3*xp|S>!(#z}
zTZ$wny2TH)h1|EYm_uX!#un;I!FoLowNv=qP7-ltT3JQY=2qHv1-e4@57TA~*?1{D
zSyMFJxhc+9@=2xIR&Dk;%pPWbXx*ur^YVEtG)7^SiJjO|$s7Xi=JTTa%GB8%(C6b1
zIaE7WDbCR}*7_XIPnl?Idl^59<+CVP{Xbhhyt{J2nQM(qr8MVV%r!N<mEP~G()h?7
z)_TFEJ|#c)DX>5!?kc)TkYuk6>s`v6Yk%+Z7JkU;=Qj>84+_MvW;PBcAzE-<2*U1>
zP%qmhFB8d$Ux3Le%Vh6`2SUrRo1{Ezfn=+W>N;UB&U>SK_SU0LWs|L)p?Bv)301Nl
zXg;)LVKSl71r%v$c2FuS>JywB1#4Y7kl`*ne0P}93{p7OA8}L@@&p}LD`O7)Xd~!Y
zB|ma{Nf#-$z(3ZW(qRl%J!`JGTF5TDf5iev2A7T|Csdyu-=?+tL}i^^oWLl{!F*|K
z01Q<=rIyy(+g2@QLP$wcr><eTq)3wfTwJXB3}cRn^~6Odo9iBq!y4=`kQ>To+DWmc
zSbvR8DeZ}Lx$l;)oKh))W2I@MYmt{Ho|Y<w!y}cz0L)|n4veuJmrx%BM166!l=gZt
zwFnx~90a;T-+M-8LIbp@S<kA<twJnA_jO#me0eU=bPGD??1Xt|QDmm-fGXX#)>*CW
zR`QA@EAx{ZRBg*GgM+>Y{bx_wPaS*bMS(_r4dWB{7nVy%;StC;m7MAYC==^s(()ZX
zq~iGVJL+cBl@!2%#00xT&OY0&uQWdG5qvg$c8wem6V6Al<q@`DVwvDfZ*55)H(R{z
z4!L-_VBTh2l_ZW&xA5dOH&~AnlJxhK+xD7yIpfowZS-@c5Ncu-YB!OJ6qHb3*cizt
zWp&DbrTU~48b;S-&wxLaz=e>3x?UVXpu>;Xm%F$TN2{seddh8cKSjg;Z14B>;~+#B
zfKmVVMsYC-?u$aSbCP|P<AJG^Ji^Oe;*98+4?d$EP+~A**h}HU9HdnU*~(v@W<QtV
zyEIPl$GUy1?40Xxs@jL|18d-5{5Xl30vEfN2`sv)mfwr1SQCPmg#?yxvovoh7F&Q@
zDTfBZjq6*tUDQ)lnd(Q;3vkR;+QMiyyTsh**>>rXNudjeV#=0Y9Qz|?KR8;CmdxjZ
z>!h)mep%wY9*I^(hz@>!^H}AId5I19VYbvbm^b~HUbvTco#*0cB^$|q3kTtTyJwqn
zfi2GTA*`?mj@s^`jn!OZ`GHEYc?bKHxG9VGC;!&bySFyp9>nRW)|Y$lt<MVN^Kxx=
z#}ev*LjUcii?BWvYhrP~2~+${_xo`uf|NpljIp<xn7!m1<E0vJ?XMiIw-u&L5%J3X
ze(G^4x}VK0KdmT_94)#(q9%M-Wf&jvbagmUIqXT3yQ?<(zIExlC(o02S5LokaFx=u
z<=|+woestv^x!Q_Qy|l@x0kXPx8NQMJBZD?!e{y6t8$JRx?MvYm8O>;@<Y(@bFR5`
ze*zbkV##u}nDS$U8M$SdTtzaw=|GGb?%W7CGkIxT<<+v#mjniq_cTh$x&?k=B@r5z
zk#XdzV^cbR9F71CDBasz=++}aC84P!>$eac$WsX1iKpY<oYh;uOb7!F4_Bn7A?M&r
zt%kmAhDT+m=TeNz9n4tXw0vc~Jn2FHISOue4RRDDbOLl7_U`3wFCG=18yLCU;GaH#
z<I$Ndum*WV?m9pZ&e7|A%U;c+9_v!Nb3f%!X%7Y~>Wz3KoSY{a)o+Xk4o>H=;phc*
z8ag|x(fgQP7EC`je|NAae_8slE1$Qs)Y7zd&yji-{cSKY#%klYQR?lG3Wh4?ivcZ2
z24Q~FN9bgZ1S?-<*KK>ihx<N;HRiBpo)@7`t975@Cy~9MN7lm5^OWmK?4^hJ;$l#}
zdQa!=6co<sT36s8&w%xX-PG@omwVU)^_HEi9>a+qZISut_MfDZ<6$ayQTO6YSz4{O
z#sBkByWT;V2h>;SqVPQqV6uXfC|m2_`_LQDIvh2ri6qFdXb$D09oZ``$Hx!P$3JxS
z!L89`jf4t*(}acfjOTB+%hUOSSi`nflVx?Pd2EXl4F??G457dj-XnbV8}PvWsV(dI
z^a`fy3rQvTvC~A35R@HQ7gSwW^KtrpDiit*(X5?gV%J{{eO(Cfq}X~paT5egq6971
zk?cYQ)pc@&{%;g3jR*9r5TdxR2K)>W$T+Kk#e&A+-_5;C;}J{tTJv|&=vK-+*5&E<
zs7#m0t^BEeGKV&8>wpQ21iY3Lga$7nGNTT_5QfcZYQoNuDYImjj{g0DL~Kg-O*AyH
zvbrlPoA*b-tCMOkK_CJ03d3@0yXeQJsbu8}(dhQxG!U9cg9Arn>nn<n<1@aI{T(oY
z7%b@24ah{A(?lF)dIaQ~jwvWm5A8c9*e=wy2&VSUYr4KsiW7;G-ZrIfTH5ZDbKmKS
ztVa|1>vHodpgXJwoAy8$$#$Y?&v%G0-XQ2cyszVZ`Z2GN)?~wUa{2JP=RBoFi^&eK
zmjFO?PoSwy{3hTI+x;yv>8>l%Kv3|Zp^feqx;e>-Eh#wrZ^w?wJU<KJd?8r5!&K`d
zT)X*XLhyL9!EK6g;#ve%l#kq4E%ieT&f)uIr}A$Jkk@W;DCb@T9ohBj?AOD-xN26$
zsJ&=Y^}8_O%FCBMbuHR&eq2|PT~saWF>4y-OIL_ACZ5Kqw~0Pv7b0s6zQZ6|K(Wl?
z)C{&4q(1qADTDT((!HP@LQpsumeI&WNG2NU8}Yq&H4$x}@R?=%oi6F)59yNiVwA(8
zJg`1Vi2V{EW%0aUAYW;u(+IB95=IsOrSw-+?VKbl5dm3(C>AYmX*P1*tYGg3;>yRg
z$7q<TrtF@#ZB~5oxt!kr-e$ieOK^H_vPr&CVAtY*ia?+?Lq>j^&nO9{%N{QYT2~y2
z;a%u2%kQOYi*RhzYx()igvd(hnNZL=BS{#RQB9i1Jl7p*LoIL9sronF$Zklulrr&9
z#s~t6G&V(J4D)Qy(~J8RQ+tVNH)XSiC6C?qBTtU>QK#>_A;OR9Qlhp0bUK-jK!Ygk
zZ7Bbf7+mEqO7}(Or@2YIZ+0zu_-kt#QEvNg)-F1OOo<xq&l(8Tqib$0W=`6;mNlCt
zaYG)2Mt@NwlmIEHj%2WIH6emT6ul^iH4`I;G(db^1s={r5YJo4)k!n^sF^mrO*0A1
z-4%nxz~2{_%vlk7Jls3FLBwfF%#~5LF9)FqibETmk9wCUg4dl|U!ah>c~b-Q`IQN{
zzeA@kYhZolCQX1ph9%7uDPeELbVsP(%`St=r%y?*YjueV0u{{?g#o@ni?v~Zu$t6l
zp&F63@fTvaDO3v+Ji}DR@RZ=Z&F@c3Y}#r5ws8N-DMO%QSb~k~!plzao1h&{>pt$i
zZ#}qcqyq@{4mL~r)rht$25s5c+;Jecm~zW1y)ND6Z73p=wZs$*HF0{@Bi8Oo-O^z}
z0kD1Z#=gr2mx*_~m!g%Ve^(+eY=pd^hV?{8QTM`~Tg&yOT-vo$xY6L0+kitQ&EHHb
zuAf#EP^ZCYx-m1uzBXw0PK!JD+5%Mn075S))`o`o0)`B#f%>;^|6r>C^m6tzhpwn-
z#@FQm>uJx&EBK%(6Z>zQX@-Va-9zVbJY$1~f|{Wb{_#naLb-IoZe8?0tMosFj9?84
zr?zXl<URopP@hLi76`nyzdE3pYp{0i5+^bEUoY(7*uDoYH`&K=-)8$RLZN0zBrq_U
z&e@z@6d%aA7>G35-Xo>3x%w3<UMV0V*-JfbBvfsj@6bEOQmr2xeB$~u+b9sS{Ovm8
z06-37s4#1b5=QEI^84%d)vO8Y_BtllBYx{2JWtiJ!jkddmtx<)mKja)=!|u+Dc(5{
z5-)H`kW<M0b}G}|>%4E`exGuM!zLJrMw*?AxG(?H#nEU#Otac#8T>BY`2F2(+;YA{
zB>#qLEA^o4ZdW*dnv;#0v}n|)Rr9v>8@@@EzC?EPn(uS*Kgh(fD3RBD`fJ)OxG#+-
znT}%r>L&_BB+-cy_34+GzCbcE@x<sm<l8Vj9!E4vMcA8q3PuX`*xxo!Ye3`i8kiOb
z)Gxi#DTFEqJWtKBAX9~RIrJI-5}UzmttU{RXzEGqIf*@PJb}ZRTQZ(I*lM#+c>ekz
zXQ<^ak<1n@CUP#m#sUuU*^MYpZ}4uJ26>?N^#p)L4;UqCwYgFV%Gn}*-fE)H0CQbP
z$9rsb`lvqlaV&>KTbrlRZv9O!pK^Qss(|55x?A(2U^gzq3KgYNJpsu0^SvHaeSjoU
zh;>YyD9E?)d{}sPyWOjiar~<H`#BdC3LkvxxsJFkFNaF$y!PQ0p+!-JpjYdP`Xnl`
zF7h^`t?p3a=$z+w@yb%^Y(D$r!@wI3r?Yp*(`kO)y!C9By7J$V<)sA{>Md^_aDbu2
z1bA+B$4gm^&naZ?&tP`F`{(RG?yS$JOx0@l3|fq|q!Q`35r;i)(~DoX6<8S04~t|-
zNI5~6IY+qjqrY#12US>1XT=<?Hq%j;-=^=LWB3hl_~mGoD!{?J-2UJ`KKZCKaj(5J
zPXP?t*t)3rLFmfC(O|Eh?^^lK1W16=ttKhuvpv4~*fex$7aWc~+Hj8ftIE!`HvZC0
zBrfX>@+WN`9!m8rTHD>la5+-xA;={hF6}iq@INYO@y1id&CL_31%bu>NMdicDzDQ~
zDupA4!~W>V;=vx5o}4_u%gbxl7H_mUjoVoYZmpNGEf{aqW&`l5!>EKON(;NWPpc}Z
z6vLdHFs{pY0-sR_nJhDXP`MO`{%!t75J<redlN>6=Uao(3N5ujIuHnv0{@QOkS-DD
zKMU<YSrPHI>)3OgMZn1r@u^9@hxoIxt$c%6MYAN^rup^SbCCKHoM?qeg+t-9EB-yU
zJO<D}K>VyYG4#JyS-|~aYJF2AHp0~04u2~dhxJt1wjR7ThY|%V*bsp2J6n$zMIf&E
zZ!biIkfmG`9-Z2Ex@DoHGJ4%C0z{!QCAva&OQt6ceo?U9T*7QzJjFw4>=FIl^V(Hk
zGT1^_%iP1fi70DJTcQzvl@otEk|(*Nv<B!<?0^X0lzK<^tx=j27~A=}b^CY_p=_4L
z^YziA2Ex`agukYDh!FG(0bIIcW?oZ#JV*(MN=5tr!*2*)+;HL*G@{b`o~)0Y6s50A
zi<|_Mh?fKP$@;YmqtU$4f%PiOqZeV3x_>e20h9m+RQrz*awz}H<q_b()M6p`{WXPX
z%?kNdkpps}1iP|!eWPA00MRUQ&abQs2oL}<DBYN5`(cY0$D`;PL5S{V85C6*Y&n8_
zKYzaa@L?yqT7x1I<gATj9OG(a@3WeZrl~jY{u(zZRS?XJ-t0!0Zm@d-2WQ#$sgrnk
zcr?X}g9MGcSrbIwpl-}RotNdiguZzwlB<KWJ!19<O9S8@O}u%FD_Mm>y?Oq!XSzQf
z;vO-DkS(-Y$8lWkh;(zA$Yz{P7Tg*v?yPMV^^hZ#;R9Tvw`jGbT3c%k;yNMmaC#&X
zk1QHvQO%bcJ8zTQ9A?i(u;&rtO0u=IkvAVXuMhIfT;Ghvm`pDR)Hy%%onMYl7g!ca
znRi*&;N}fIh)B-cWk3L%^QEGuE{3l(m4ac9>RV%sSxL3qMy6r5x9JXrwuiK<ol1#0
zM`3Z8btn}}&nqa!6$>9NsnnWXYHk&n7+P`J!-A9^Jm6zXgtaac(Xg^%L3?h-88c6&
zo3}{fdKn12&<?-Eer7n1dO1Oeq<IAaUT=?iE;2Ct#|~#}xR`JAX>r-zeyG{pB&YIR
zGw0nL%vzs0Ud%L?D1U8Pi3ff-mE=)t(<MAcf`^ww?}SRoI;nLk$Ld^kz7|lO|59Z-
zy;Oa@(l(LfN`*Dn#;V!k7KK%}_kof}WhZuu3U7|1O(Z<+r13h8i+U*EyX5-Ld(!b`
zBkYw<P3$-QB67?a`*FX=ig*zrj@Fvn5Gn(QBRx3)J96b1zkQQZwHdbNHXH64i#1<Q
zs$Xp`_N`299G!OJfX(p}BqPj8)jR1=PZzU{mDQP{Mk-DCHW?!-drS5xTo;al<76S3
z-$bJ<yf^1UlW>5$L1_hw+o>9)7QHQR%)5HpYWF_voK&FOoSe{m^{qcm{8V$jq+ei-
zMXWJz!xlM@D^0J=2^zodd?O1wB@Az7o=1_3rcR8`W1qeZD3@iK;i`>46s%JSG*&M}
z2tC4M_KC#w$7Q6sKc-wA@N`Lx^bJJQLr#`y3K&qmtmtH3g8prEdw$$Z>cFl*^ieWN
zEUPE8qa!Arz3&{BchsA|V!T^-?rDBv3APKEE>)jKD{;ZD!aq69d~iy~0;l1A3OM;Z
zm7#v@`GCS*eraz!dx{WNwK*N*Qg7U%A5CMTug2lbaLDNp?{tALf$|<18F_DJ3mxkO
zXg^nBfS=N25h;xP@hh$JQS$7p?%eY+YN1*I1R^e1q}v@3l4nI6gNoleF9cYzvryD_
z_9;0-&Um?pMtyg{4A-dVfh4)k;82*!b^-Phth6B5*t%f6K&6!Fv2s<qKb09l^49Ic
zd)oMA<AzB67vRy!we=$(OgK)KtT)Wa2tB&dZD9>{I)(hFyaaR+`Gg<c-?xGx$G2&6
zH$<bx@&>UI)+bL21rd3QflEC>CDpdG%-%2X;^mvc0*OFfD0A=`C2I8`N@Z%1b<$yl
z^X;C@Rmirr2ZBA#Rvg}YWZaCI3a)(1$HqduN5yCrg^6>>EvL;pL|XrAzcl_B5%U!+
z%?78G+z?#88WRWETIz%uERi_Ayjq&wp%!PG%Q-}N1w;frmBurJyLvv&r5dNjH|vC2
zb&A?)BH=0yw)Rpr{qHAhu!gRC`kC9TKK8g@)8vijYta<WS0fIpR)?suKF3R?a`#?q
zjr(1aEB3!rXg1{Y!sPQezq|T2;4%|0x~D>DW)bpyguRuq{;~^u_JJs20NPt`tv3}T
zYpboM+gfhCd`zoS5-|+yC7LYZLYVU?QYwwEZ$i@@PS?h~jL;q6=#kCi8Jxipjtd^u
zjXL^%+C2XhaQlKMPZR<MJ_+7Y=eQW|19P!w+g3rsY;=LLWPg5TO0tJ;qhR(fTQn*N
zV<`U1Al5W1D^%=YlCUCWENgF7omY?0DG{_$C7KUNs|#EtJ9JAHcE@sa=>^)hKHXpM
z33D}8=c(5nM}!aSC9*k@XP}~U+I>&tFvw{6ZZw&AS#8$YBXjx!9S$g!ZQ@faI2&ah
zB!W}xKxwoQYF{gLX!wJ`$1ft%$(ipF3{d*H&3{>iL5A%h-MC(&B{DivS81J|m$|%k
zzry8^IOH}GTSmq;Try}l(+;@j3~%&Dc`*&m%*^!b9NJPB4exuH-|=Vx&I=B?O@+y%
zQWWvxu-~Dac)2ZKu)1CuS)ZSl@7)jDud6zYeooGycCSBDF4dIo<!|(D22jP1|76aW
z$$ht2@0fIai_DYXbIrJLc-VNUq;!q%<ILk&ne8G4!nBQMrd{h-tHg3<x6h>tWq-^j
zr@okFD>x9xB_v0Ohmu-aT9KKs%K8*^QP3Nuc(qZ&h#BvGMagc$17{B#O{cY-Zcb3Q
zEw_ibj*|SEE`x^-^VMR4HWUj0B}{-FT$;DkuJsh0E~9b%vDBp+iKgT_9Z(1QLRff5
zQ*=~Ad^2k;QSJ@|*o*mr=p>mLkWNV@Bq}PfC{dsK_rZcK0{AX;YTnamc&vYTUg2BH
z6+&NPR%B+AN@efepXx`{Qe`mMSpPVdmt|ulckVQORbsTg^td4D>E?#Kxm%9OQldFD
zl|jFxtzL(IH-tL!d3Uh|-8ZI|1TtB<)CR7${ZV20d~TVgGCode%JG!Q_xEFa+e0gy
zY)t-hpE%RZ71gTQ?8HVvfkG=apG7CUXQ6Ds%9fe2davBI0(A|deRD|!jWwy42(;@E
zdzC@f&FMOYG@q(kwafdoA6g9!rjwX@c>Qq{MrId}O^?z+B>+xm<cEQ6CkG$>BRng_
z6}X#nCELjW(JY6DjH7OMqxmi)Cg)Y;i=sWG{%At3w6c9q#0jAnFdancJ{p;m;A<~$
zR~rn|c6k5R`Vve1(a}k%0+U88OrY5x8DC0e@3YO03>M4x_$3>MK>x|T?kdBx;@j`0
z`m)FhKD*YK1+EA)(1|?ewAN1Lg(x=9XH@5?`&8w{HoR%MNZ$AEzm!J97Vmd@)7&#u
z5#q*jnFnTpp==hStY6HnTst{@)SHFY-{@OT#X1FM`cmk4-EgRir9*)oX{!^8=Z5Il
z(X6$j)nKfV7fJfpTdwaZRw|lV`$W7C_);Xrm45^?Ss+0Xg@C*G=87LeK+|SHr+?AZ
zCU0JR9t(2OW90kA*kC)Q*#g^lIPBRD+*0qzD$wfqox}-q+-P%)wfQSSpkb)Y+8zRn
z2iB0_p`ejNiCU)AMZoZE)W2W8!lP2ZUodoUl9Y+u7PhFB{F&-f8fJnqR-Kwsj-2P1
zzb@2nJZpa2!|FOq92T+UnN}lnqCn1K8iuHIp59@@!D~CKp>cXdn`iC*xuO^LSvr?O
zTFje+xxrj>o9yLWBa&`^ilYA%K3SwJ*B$hpTnIkO7DH(Yg!^ZL2wa&Ij?0c943geL
zr4ljFs;RauGWr~WVSCU?2l%O}N?C3*;{I0r`@zP?YU5FAAXh3;J^HCdx3@IRg;A$a
zlOUpumkBB|K)vj^ol@wTa^b|&lg=?h=_tbg)_$E7-KWxgxO7398^lvNU2FtmNhl<O
z2t{$?39wHA+{Ful<69%Do4L3%_trq!*bS>pdf7@9ox~<X_NEK$LYTIi^u=EwYEK<b
z$CMJp8$E|umLMK6;IWp@Q`%R4BE>wg+iW1uxRa(Y1@rz*&?@>)M5Q-YDT7|KC5#^K
zmtqQMwONLJOGSv`ocX736<Jb)#y)4;zf)trRtzQA`4Ake!j<RC=ZXCarDclvI@=S7
zo>ZuOy7BGd;b9U?NE_bm(g_C|slA5l;a>D$5086?>WE?F)=zPnp+6W>8d^B!zG%9u
zb%!<n&Gmjao;QdkJ#T?AX{yG;sh3(@{(_MD)<=|ai&FX*I2P*~wihc{*%RT$U`kZn
zdhSqWQ=y6OV&yGBINdFH*nzsESXA$({>7PXXNS^aojuIHUK0X)Ppc8np#R(OdV6<Q
zRJly6CTgvTr?|v4%R>*p3wz2@5Yh+7dxD@5M2E=SPYpV@tA&QEm2;}7uarlONI!_d
zDNHYEkBe_wb*IyqtX9Pi*1K0cN5}%cBCZufzES>JqAr0LkHrcktudcW4$Ak``xOK8
z?N{-yXe}-WOFS)a=X_y=tYP%5;3O)0hPAaxf(u}#JLXhmiAQ8t&IF{(@9dA&>fNE=
z%N5O-kYvKzYL8a@gt%hps7H~w?#Arb$>d`tKH~J>T@OB&ll#7B&ouInAq@+aSyTP&
zu4O!yi!f=v6qcHAhECIZH8j~fYM5B~riSa{G{cXE^W@Qo&utE^Hwh(as=zPqXOpM(
zXpEPqMK?U=Mk#U%UaZdKb(8shfv~*J-b5A8r3{2tQ6r{3`wHOgx8fo!7=#H}+qZxV
zCI02jDy0XOH(|(kg)o~#ktvPWAG;uz+~mu`bSy~vJy@Az3-|&{)Lninxjr>FOg;x<
zEZ}<cMZJU!Sm6EVOqV?x>11>Mai<MF(DUObG5{%UcgMIch9YR{qXub#HAu>uYh7iF
zjY`s19a1W*iiHY<uyuBUnK*MbNc8qfyp1=o!d^F1`@VWT;9^r}(3s7+IWP#SJwJEW
zK8gPDu}a%xV?)-&FVCiiEM6ef$u{|jZ#&vd9WL~3Ua5iR+*2F_V$-m_Nb{(WNA-Hq
z&sNJ}9Epl%onB*F`Da;Qq6z-#2_ODjmMV-9*9Z`e#_e;8;b1Dx3RcpMJltBo7tFAJ
zr^bR5!F{)Go*#K@_(in|#v*OiNnc5mMwr#jp`X+egw6%9f%`A+q7HY|3@y}}Vq?NS
zt~8o2B&?N~1jD4#fQ#TbLxiz8c+8_&;P`KvQnjaqr`34)o2u-prRp87ntmh$%-8mt
zCP+I#;oNp!9vH%!&xPfh95?EA-Em*ywbg(HD+br&;po$7310asE|>R*RKThVyuni&
zU@gA?t>!ZOg1=kCH7gS#t@<$|iR17<!QRfJSW0O;!Ga?|3~WnR%@F?wsCovVThvPf
z)>P|<5>QMYY@S(ta7t}xc1q>tC<6bw%i#A=y3GLs*{9>+`{jMM?F6g=92yOCV$;3f
zC|<q$7`QG&RDWMYohhO)(*gSqodkit)6R5O*hZDDQkMa-*}nh+`pF0ty=5TZceQH5
z-zbJ59<^^#tYEp;zT$R-leqm0ld7lm{6MpYqOUTe)?P!dryedhjrqpX66e$w;3^UO
z>g;Podd$z0ziWNk=rdqg7G8=qGPdk-s~<qUXlMDpkAJnl&L;9775(CaE0e99^lH_b
zE%MtRFUjHqE1r%jDl+TL7Bk0k2IL}%a*wsJ!*y_JO%JDf&P-hopv^3yRHixF;YCKo
zmp(uIbW=C87hqC-g<ViKUqI9%r4l}7<B8n0Zt>YiX7i=7T#vQ^tSlZJr5ZfPFp`BG
zVS9F;B?lZ(bf2sGW{bmZVTpj$y!*zCXruMDR{gj@r{VZ=Zup$f{kLHB()`;Z=|Xe;
zH12!t{Ex%bnJpE!+sjMM<|%i8gMo<IhNXaSdN5eFc@w`4V4k=NTX%845-ZI#oxZPB
zH@;#tc%w;XGEG8s86q)D6ot=?{4laD`>it08l;dGs33@mtv`tYC?=N1?Y*d-DR@<K
zX)o&@zzl_`i=@onHCs81J>Rn)VE)cgeKVQKHSDFM;pQ^S4bD9LyQX)&oc!CWsZ0i=
z$Ucts$oWQ8ZFhE1xX1}6a}24QSES6Q6#R`gMmO^L&8zMBE*v$>E0GV2Csfm=;~qL$
zlLlP)oED^`6q6(EKJ>84itFp!+V1u{09-iqUti&6)%m7>&Dp}4bD3_g?mYEv_=`FU
zcHxrHocef}fKX7#c_t_IQfra$eTS=9^=A8%Y@&FN?3BcID8@k3Cj)HeLT&$P`fWy1
zv0I%@tfvDCec!?&{kD#YaFp;(o{}so<+AhddZ37ywS&)?*LR^wj=BiRMV(Q3(nj+`
zEehI_I9{sxF9_i7L;e^qK&1)<Z)7IbnH2?+C!XXn;sY*L0Wzgqp;$7xA-j%ak?AW0
z9N9itj7gKFI(uFtw_j&fVt6VNrJD^iATF-2Gy$6hK+V%%@+$dlMIVQ)z76PdKR);l
zC}<6)UiE4}pDb+0pKKnRau#^pb&=~IbO?SdkEb`VpA>r!%a{uS&j)`;d;xi{j&lPH
zB*6vjBlag6)4uQ^Q+J5qrpWy^6dKOa<M<H<nIcqd`ex9<q<K}7H({+Sth35a=N{zh
zGieR_Ox1~CHd^e$=lNIQ9;&g_aQfz!l6}aMdIEo%0J(mtp9DMGFH-torg5#?mmBQU
z+~lWORL8QDVRB7{1ipDEN_?tao4tz41)$?zsrHQD(rC3N&J~{hOoG~PHr@=fk#|j6
zWZ?clr@R@IrLPp6Z!a({@Uk#L0mv4rYo+qvr>WpbgHA3l*9&l>$bWj5ziD>(iTphp
zBh%@ki-Pv1)D=c$r_uhqz<JzL-#x)fK}_Dd2{Ul#HaKo4HL(X3+)U?y)A0@`_~WsH
z`;YtzxTfnQeT>dzP~6;A`TX7QhVutr5j`+@M_rDIhTynUqbP%+yq?QF3rM~GgWG0g
z$6NAgV~``|@P;KI0@(fy2a`^F^$lFtw3;UU&mJ!zm1AK)D2f7g;RN;>k85b4YMXY%
zT3cJI7iSw3E+@aqBZybQRqrM}$<j=)JyBiIJ!zB8k-iGLCIADr##%m%30UnJ;<}%t
zwxEkqc@&~aV#*#P2|7#O-5iKcr%c_v+-<JzalXm~8Vi>q0R}Kt6lEAYfl5&>7l)%U
zFu=^F>^P3Fgav}=E3Z<rQaxKb>APlm&PJC_wfyms_8I$~a^1xkvM)d1>VN`M!x}p1
zOZE?-#cvm!YK%wxB-L;3)O!RnIofz_ms6Ccajr4-b2=~brq-lW*~1f=9wM;cggMFc
zzt>`UIebMSj(tg<X#4cGs3mAPWE*Bjw*&mkOTdDQcv}H3D#P`*4;vpls-r3<0juR>
zHXgQbP0D3Fo1r{?frXINswyh+zc*&9w#C5c%40&-XRGvesF19K1OS8)C{-K3B(3cQ
zzCc1iuu({ez=?CXr!LqW_6)M-iui86y{6J{xJy@iFEvnE8ds_%Kc2CrXW1V|7ME!7
zI5<0Q({NcCk=Tfy3SVDg;-I+JBhu_(so0>kL%y|nwRm42?$Un%ZS&YeqxdEhEl9HT
zU>1ZqlyBG9^)&gR&HW_qJ!eXj#GYc@&QktCBHnTCn1z~yt$nAWGEi6uUZF6E8GhSN
z57PwXg@oB0jeVvjnS(WS(Ue03Meq@lQvI~;8CC=6CD!AeXsv{zFxk;kB0~V+du%KZ
zN7K7-u3+nzUJj&yk04k##RfN=LL3zXm%2gHSO$|?G9YzWPu{(Bc%5u3c_DgV9;TiT
zb*%8Vl`tLT3g)cm4aw+l?g<CvJe`hNARWuNi(%4<iMu@nZkMzc-i1$76;*flB1-sc
z8~ijPz*ng$ryaHM@I|8M8v(-p>bGfKrCVq`os2Hzx^pkuyNsr#Kp3wqMH$0pH9uEH
z;T8|Z!&u7_k)DW-{kSU&i@w2`FOA$Wkq_w~o&gH)u_T5H^#cVpS*exRFLEuYj#TOo
zb;U9kyFEv|3CM`|0NSFYFfWk=V`PNyP3eZiQ6Fk8a(vDs04@@H>|dM`&k{439%ahR
z`qV@+2*G1<x}Y>wi%7<cF_MMVV&Ni|8~0x>Zl4b=kV9~OZnS$O?e*WmQ`93OXpTJ%
zfz$P?XzHhF)4O&{ZNt_=8@O2s`RU8%_l6Ka^-r3_4!Gt;vg^ws9|jEa6qS^dF!0B_
zsg#W#qE!zdx~qT0%X2jB9pf-Kd1;zd#BjKeT{QGdrUu;iwjE9nnEm=Hn}LkU@8Ncn
zHo;3<zog@+ieQoFcD~5QEMyD-Qsm`GnX0P=>)WRJqm5yNVwcCv7CNr8?j_Pn8Xx)N
zvFH=ABK=Tn4%*3~p7>R@RrSH7qV4&FP(37pQGcbODypzybd)YEa`!8?cFei&UYke?
zV1dgJ<hm7lTB|ui<598NICGm(e^1q5SGewizZ1EfH;^z-jGK2@s1Iwk2|;wY`mKD~
zmPEZ3R7mIc0;mS?xl)uA4zt<Ppp%Fh0tS!nDx&fX@0x`Gh~Gg_ifNB@7MAHpg^#Pg
z9(hoDsD%pDBJ9@RvQP`(#^*ITuHP+Sntw#r`xug8xatMS1=qraGC3VJ6cB(LZ|?{u
z0^JSqjOS}#z3xg;)eH#1z@i>ai(|8NG0;Z^8tIhBY&K7o7lPQxb(sVLYKwxl60oK6
zzT`;%nnpiGH;wI;73F>`8)QW;lijcQW0lD;^J)t+fdz;YqX(Mh0K*w!wF*6FpCA(e
zD`0vsf||8M0d*-qk3LMRx2C=M^kx^VXm)XtMxmj&d;GM7rlh-fMbv_R3wWsUVukWv
z5Q10_*V341g}+P`FF8b6(sPF0fZwZmNw~5HT49=x@S?YWtwh)v0s<m4$dCh!SCVV*
zg+0Rk=&-SOlI`+p|7HFFkv0wrN@{1X`B2bd>wN-(74gu`ND93FG|+4UK})!H+&K0l
z?Qe^o@w^~@fK)^1UzRwi%!jI?T)HnGxi22IwB8g{zh*r_4?q*wxc1y9(JzI4`*v-(
z%&!gJ>b38l*HIqgDr+}dm%*61vsvY(-j<rjQ91uc_LT?)NQ6YC5qx1147dPR)bQ9)
z&;Gl#;D!bwm|)Dr3H|efE!xspGbhyk2&qGwKuidyyXM_ld0{%ub@^H!{VU;gjNnO*
zY3VUFRmT-Mb-EN6Onmw7uaHnMJjp+%;3;`-#Q*ES$_Mbc@~%VGl}5_2p7B%QtHDk{
ziXLEv$_ig)$wev<*Z4{uf=Ewt&^-#necKir;muEoudUK2ywGE^#T8*`ppenaNtW9g
zaf#N|Y_mU8u>ydQC0%QTM==lKK!$yrzWwCpR7d?UOaYwpPmmmo>!G0Cl#Z$Ie$JRh
z&<oEeg<}9D-2F$Oor0#}JtM56j7&MKLrB|Xw%6bKzeC8<t__t&yapEWuegHr>Zw)3
zs37mpSi9I>X1UQE&@&nX|2iCpU?>g#u4UcFPe%Vn68nefqrXc15%ectJLk(RJ%#O&
z&Hn321xO?H4sv4tX5p0}1F7+NS^0$YpBd7n21h;p;B1tm`=^H}<8T21y%$u}mw)(G
z&ky1t6$_#}oWgC|UCtt_e~10Fz%Q>)V<8sk<>gKB`SS>cQG*;&uT*j_%@Sw*mud5*
zOrAQ2@u<9Eje-Cvih*Fvp(eZGRIa=-|Il1(Oj^I9@2#zFzpwiz_g6Wji9j6X$q{To
zfJlVx{cv0688g;Nnb;!fM8h-~hufJ=y*&138>T_E^624t>lKv8+dBLD@z1Fi_d}X{
zGg<iWuZx9z`<3&y(rmMW<I1qI*qYr=PGl3C9N1TN%&2Z)pgw!kN9E23>DoUJs@t=r
zonz9?hc;QvitSxq%7oQf54-J684zeTT;=v1EV+-kxL(*AFBC>CUSx4}6fi!^j@N4D
z^M0f&9M5J3#g)cQ5<Q;Xla}J|1zOzhF)wM=I?<SCp>8XdQMg_X!aALd_&?1w$I!C1
z$4MjITHhaWZ8ZVsrPj?};uG6_Uxs<2yP%BR^Z&-?!6Ni+kLsP*YW?IqW7GdA>@prc
zRi@I{<n84((e;^ci@do6?{|;I_0prv6wBE6`5M+kt{XaAqvasKi(^UUvgPca5)Qw9
zWQ@j~%OL;Oq2tkYvgV@}J!HOQSs3->OPHeblXCY55Ei`PXLG@=mr!9w%{ta%vCFXS
zEsWBi0ofl|j|%tn1g=r~qdQn8NjmYQ%+i}<E4w(y^cNV=`SvWQLE`#|=d(2!k9Hd?
zHmh_R7qK|iT)bb+Js&1~XwH!<%&0(`2$O3Exfm!?nN_89vHq8AZ0Svcn(fgqAf?=A
zp6TQEj4YS$*R2B0kHaicJJ0q{L_fWT;yB5Gzmg-7oSyk=3Y{%A^c*cpXdwIXQBFFn
z>Kx~{M~NBH515vc5))drLqH*g!^>&d?^WUmKzs8BNM}X7bU+cDJ5i*FF9GfowLtk=
z73pN|fy`^8UOa_*end*y1{P++(~paAsKoVN;-Em;a73IZE<PyRohfGm#hY|O^V)+O
z=t<*;0&YRYedes;#_QEXR~TgZ1mny6@0WK9>ED^LI2}okmqGMglSJEXA&l!%1&!-m
zF)D~oW6Kdu3A%cA_JKC+%ZF0{-DRQFD!^binGU@WXtpkUQfS>0nP?d%;AU|>(oLjy
zhs)bnZ9+AjsqWT@EmyMPXn{e@(@n*fsks{*#Dh24<aWIR)a>4okj;vyh6)IWZeM2T
zk;*-dX=(JzY1tY*XAtWE2YPdd)g?eQ5W@R1KV_1=sSLztHD(hW{kcXEqf@FXtLPu5
zeUYOU$_?Bqi3#Z7l;uB#6iLAsd_<oNpvnah2vJU@^AYzXLgO1%D^DZES`tsDSH8Ch
zC1`GGw9TGlZZ_QUSX#K@j|1;WalYQ!tHFMkkA=Zr3Cy_I9UEKK%PsxjV2MT|_T?T4
zS6@~r3oS#pfdQ(=QCu<iJ<oIhy-X@nf0V-gx{^!DYRPEmFbMrTwH3fsD$yK1y-XW7
zcwXOE&9uT*yvAZO>!;?PDArUqz7ciSdcK`rrmznbt9Dv6Z(hu{H837+<%}!1Zr4%B
z*RbulEM7`ye*|5oky3kc)dVBjovGHAmX=TjukNbT<M_TSrk7cQJmPoak|C*_26h~7
zdv9~Z5|XEAlSIS~q_+;!+-BR6E4jUeWk7bi(a&nQW}hO)W*v}`{yisUt}TW%1V`c;
zAF$znQW0gqRuHr)mJ~%TU-`jQ>zY`xNFx%zn5S4xAW9f{)s@wJIX5GVEPlOXOd^W(
zJxwxwWFm9vFycEL4Hk1O#R8QjoZ%(-F$%400!bxA*m_6hvibHr6)OA2>H?$RBW1S^
z&svN1d^Y=6xM!!166hkxIW%ph*)tV-;}h%%hd}Y7sp33aY!<(uI+J5?ui%eu-u~f{
zE!ClKzrqo(I3e9OvND%y|9??-Q<;IVDARUnOgYE?NE<g(Pwh^^eOX6@J{s(mkx5C|
zDG0O6Wd^Kst(J)0;h5p!${_ZZi`NkLi0g#Tb+iEY_V%{OHBV(BicDPi_IzutKGvP!
zO#AvNnWN@D8v7;s9;F9cLOxkMhFt7CH!Lrzkk9z-4!@Okuuxlxn#7@c&5Bw2GV9|Y
zqA%mK=2v7WEOpDZE~QJZ4m|Ji?I-zO@$n4eUN}uK^w#@WB-8mXAn!99J*em<*pEo0
zo!BZ*q^*i@snZ{sEGqyRmm}H_5gX&E|LfQH#qdz}m*pu;#;`eGQbQ<}$p@5XYBimA
zS35;q9)?n!7g!PP_c2rEWoszk|0<GmRQsrlYxxQ0c>_e>gLr>I+-P5w+HaP%4Ctg1
z?Z}d!R#(j)E7x#*K!+KKvDiA4d0Yf>db<0_p{PCz6!Ir%x<3RRalfJ>(Srz!hfH4t
z3!L?|jbA_Hk}xD4rWGbv*c`WT%G9Y?9eyqbM}Pvl#NtSq%j`{;6YY)`hlzYaoSwb?
z68==0q)A+qzsOGGbB!%$#xV{!V${+ir>u&RIzzkTrdS*SY;KxWTG^v1aj@eqTDO8g
z4vNlKA_ypWouwc6j&PXgZX^pdNr?a|P!L0oT^h@}UhNZ9p)jFWQd5B`uK1#SJ(`8P
zIs%G_N^8>d>=0su-=#6SpzZLJx6Q^3MWIaXCsyi`6!i=VinB9nY3TFK49ET|50eX-
zhF_?6Zlk_I@A{=dp@|#92v-^OerD*f?jVnh!anSPN#4<T#35fhk2IJE3Y%!D7Raa=
zMq{JI%)JtOt+3>AVKk0%G)n)R#OFN09zz+O!NFWeWb_ifD(J<#L#Fis?)Hv5kIUKa
z)SEiQ(1kpq5)8mqG!qQsoIoh#AI@oCX-GSm<7yQ%HG)FGNv*{JLo$^)tz?iof$?+~
zbQMVM9zzBc3?QJ&|HA*duTm{lKK9Pg8Q~al*FVSk_@Deg=)Z#UJu)FShm8-+U$mp9
zb#OaqmNG3N&mlF{_eg>;a(&>|tN{<AC_Jg`VUBq^Bp?#-!V*$G3%W@sPz}K{db9W?
zF7T3ama>kWzYpFgLop9e;o5soAy<KZ$%JAkcKa)*X9n%vO}VGGY$vkGt|UfE`B-fa
zFDrq~x-i`$KNjZ~0EiK!RuQh9t&Bf{!C|%PsjZ1%wMSZV-92LlhHlH0p6@SQhx8yr
zV8ObZ&5BWB{QhQwiHP9yu@IZEZ0}yGs8RC8ox)a3J~vMOX;AW=73(Vv@rSZ-_2P*8
zC<*)AR%ui^3|6vo3=R(=5Un}Ug09U>T3a#Dwr@~kxQa|Q`L(f4wSG0mQaQAoXPP=|
zndM2SNl~wI+9RX7XcYX;Z6<vLu0IxJg{~5<ln1O#VuAkA#Gn5KP^Q)LgHoxOmqISS
z7<Bom!DbiDbfMmJZ=wKGsoLI6LVX^^B7oIxrp|PprFN*3YV8Q`Xo2oFXRp(TgvIXc
zty+yCMiXNcsc7+=X4fw;3Osp8vz7Y#tT$-Pye~1RP|9?|_UZ`bVmg!Ui1;6Few3sy
z5F(!+_ehe$0+&-Y;f%s?czp4=9Qi@Yt~B*s4U7KD9k7C^bkt>JJwt?*Pn~a-BW}e$
z8c(iT{CQBbI$86se5DxrP^zc1e$~IGfVXwwfw8BCrG5b9+L{$D{QB`}({Mg!8^X)O
z68ZxQ^r>VfTL;ILO!1*FoV<a&mEty1iTX?k)@ZdU=?AOye>@?y$yPH7^}*E;BOaY<
zF>H=h%nxi$LxMrA8^~bWOUhIn#L_c^VHb)U#n0x%v`~1qUg|g*K?dv{Ghk4Q=_`mZ
zPljdv^}nj}UH7+`+;`#6RaF(eKc!UWDwjNl_Qz66B|R<mth2A=@IoToyQwrNX|{D7
zgm$!Ze%IrH!g)rvSY|c<wwGG~ieg!8z^>p6-s1li1e&pL#!j4IYu&+Mlp6J)fxqKN
zkA}y`qe`_}_IL}AS>U^{O0A((HY|#Wzosn>b9UUqK!&KfJVZ8_qayQO$WPtmLpOQX
zKqJL*-UVtG=xI8;OVY&*fbMQ@C|Tc2G<;f(J>vQHPNyBKOBF`ttHr+V$_yxaSn>Ir
zb%y}DYr43;r2aI?kO2Oc0COeI<JpIWDUF6G)a&`k^?a+8@L9z<-UfbC-@6(U84Bh`
z=l?juOK1_68A?_x81i0ib$g4>%+!9&SVMn2*WISmC<^i1w@ARp`z?0`tohCm?9u8@
z2?bmn`W-6D{Dt3=b2b@wgY%>4lct&7(@PC^Y*>==y<sw0<F5HS14u4Bp;!P9Uo6WL
z(ym<F!d2jjnF6&5*0YR|?J7ZgcepTeGid@NM^C7<g8K@oNaxAUFZm0{W%HZVvEFix
z>>jan`bp3Q<coFbeTBLagMM|n(5&>I9;KOQViTy8`P}B;o&7?F$>ZthSgGmR(7h>F
zPkFWeLxgbt;|8yq8<RU18W;-<hEtKYS%Cctdt*6GlQ$OQM#{LcD9v4g+D*14sT)2i
zC}vP9Yvt{PYbw`gXKRl`58h6zwpjHaOQ3PaA)||Nd$}!sny8^zn}C<yy>No}>ono(
zAPm35sq$^PRhmy^DbQs?s40Txl@$CLU<C48uuhDloA#vrHVx=}SWTUGch~Dn%e=Hz
zZ4Zf&xOcpN+D<_<A~WcJ>Gl7-MC5IZv-c*w=EmFv|8B*S=5zXpng<)1L<9jpu#*{r
z*rD(f$dyEKgg|N<Cr(qG$OALM=0^hWMF!`8ViCm2G!So(EaL(Zfq?e^A8T(F5Lff9
zc?WkVxD#BH;O?%$-2w^j?h+&f2{abm-Q6961cJM}yW6*U^OEyF-<+AbnG0^3y?0kv
zS68i7zx6z23C9uMd0O-OII`*@EkK;4$bn(ZA;*W@Qfs4TkctO9+`*BbY4YI9agHSu
zujl-tV|Va{=Ps|8IjQ&Jya`&bOK2YaWe;)NXvF6>R`_AZub=tsQczv=V4KupIT&e0
z2s~HHSWrm_P@Nfeo0I_l_a_q$hK8Ka5X2={5rJj%;?iH3enN8QDzXi(uNigJ{;Nc=
zF@CNEH_$O3z{dugi&bUU-a)myFHp|!@MBc1r(3G{!1m{Hzae?frDU{sN48Oo@AYlX
z*&E7RQ0>&WgZ&+0`D3poUo<$&1wdVPuyDMAfjQVz#y3mYrne-F;p8phpLiJe{-n|*
zklJBBiG{C!&TNdVesfr16!#Gg_py8!n^RvU_^am7PHxjG?|PVUPrKAra>dryR}?M-
z+R4sUWHaDp3xc`}lP>SU4SK0+$EF14=B=URpjdj148DHDCvv1e=ucKJ@@s#CaM4I>
z*!L||W6KzP@!UOM>syX~gpubY=^w>J+XNiPeF_Kd>2f;+>q6RvwI@Cue7Zd7XU%jc
z?PToRSnIn`%h~=wg|$z(`-HXMA`XD0`ZQ^1GMv+V38?6usGS*8n2k(mCXmIJd0VMc
zyqj|fAwFD*b@cT|>utiV5H=rAw2JJpp=A`B`4*6@vrm*9itdeX8SG8nw5408?m5`-
zCviHbq}<&qu7KZM-yPn@XG(j#Mzqg1x}^UE^_TqB1LUuzFCt;**wXW#*ufgyYK6wD
zA4Egrd5h@eZ2;%ua%!)t9n9hdi1%Elxvh!`qH~7JYv%Irn78ajs6wXCBWjiU-vOYH
z2j$AQQ+%h;TKxA(bS|Nk^B9)W<Bl>pWU7!O%W`GX19ZgtQJ`MEQ!+FnzAWGF-BEae
z5|Ep~8KGVkn0e^`7&?ZOdE-wbV)>_iO&3)$L78{t(ZrPGuG?onM~dF00FyAI3{ckI
zfH2i={I#ar9Y&rOe6RGG?TrN)y7h=%>>c0!xbQv}q2Vvm?o8$F-dA#**jI~h#9b}d
zmZi1b*mX>?EHasp(q<YwYw}t%sYzn)`-%)OoNP<(t5fZv_%SZy)Ab}|%AEfodrIc4
zwa$QGai?9FcnD&{Y%veaxIaFHiVzMSIYT%o;$+aIx_Izp{(s_nG_rrWUPh?o7L&GW
zv>_;q|M50xi?26;=~;0OHBKe=7GbJF#e66B2NOZ1fl9HmZ*FN<7Os9^B#>C$9(7RA
zDpkb)fbfKor_hwp*ot34^lQD1TT+jVgt=byK8_sCa|m1dR@-xzWf<|UJA^Q3>!#;&
z#fa*2(+{{}>j*}NmC@I7C`R0~)fW92KjZ0)jYX$0z9~{Yz4A6I%CYQjn&V0%0`Ok5
z77T0XRP&vg+0ZXDlg4Mj2lWr&D|!D1@L4bzr5f`jF9G%66ZZ?U^#ibzt`q&Q0dXT+
zqp=6GZb|=ZaoL33BkQHaoB{ghN+|6_pEb%T^C|Lv=^#mRKw|7{)2a&+fg=iFUG7Hk
z($BO(oyeq;v*mO?;BFI|YBs`WU091~LIF?FbmeMMRSHaLbqN8KGHrJ&SUoMkhF5v~
ziQENM$Zo}S^AbxX&gRnPVs(&i3!))AOV6vcx3AJW9rEn4nbyWAhm+*P_9j-Kdq6X1
zuEeLOimDm_<NN8pMTF&+9HeXbE*$vb+4w`QnirSED|~FPh#7Bmr%I7TuyP6Tjv(6F
zn6bwOxzEQ<z3sgL-q=OgG-8@ayEWGgf8iBSg`Tx)#`S^lw~dcaC&a50{OK(O;{^T;
zz-6FNV_Em~e*C{tK7}#c*s0vJQM{v>(Aa#9b}m#CR)|7)Gn2YOvzn?F-iFgO8Hc#@
z54~@r@dHM6e_wPt79DO#raGI6$CYX$IO5^q0O`MKQKMaL7dYz#6(AlpDzTB-<8p8R
zz*nnVj8|nahLu9!^^ORA;s&bV?yzdtt?i*&`WH)(>#ySOR33XGR?}-zc0_`UoB-M;
z3t(nnj)Lq$cOErvAJmA~bjYx)%p68TG0+0TQuFn2y)H|!-Mj94A7D!L)*iEng^>A(
zy{KIX>a?P*<J|;UEImEFjL9ib7Ej@WJuTI9vaeBD_BzN*K9~v;-7uD?-c*bQ)>Po9
z_GUZ;UaZ3-PyG&1Z*DCU0Y89ys3zlkBUnwF6l<)*q|=;}Q!?1Q3SyFHJRF$XsH*N7
zk2_Xw3)AT=MAwQwS?yNYa69RtnR7l;vj0GwO;d^e`vSjK88=vpnytR#Q>HRaXUf_l
z-VvVEXP~rtc+7*%QvE3G{yzwxwMa!pW`UUiy~>%15ueRqyA>|83Uz-b!;^+o6&f@2
za+DbdrYhoFPK1*8UX!c1V_g?*9!D+!7E2E8_kR`P_f|*SorU^s5HEO1?Q^bd2o1PW
zQR(y=^?wKug^{+3#v6x{#>m(@n;uWy%Y@e0S<az1Ce&vo&r&(_6c(^I8I}SB2#WTC
zxmyqAKOMAt*OE#97sSVI0jQ4R!&`=gveO>(J@h9!8bmt5u(-M)+mmWm2$aZjT5a}v
z)RYP?x1Wj&rj#18=w${Pge0uzn|@IVTraD#L8}Kx5b>_KmJoko7HsjqJtvU~<FdKN
z=}%?HW*7SX`DY?GRVs4moX#%;B*D%$F7=_Z+XrDhk{%u(_(j+O{V?ag4AJe(hU#e}
zaOp<1TI4|*35_e*WiHQqiOXP_#KxcRBopUol(N#wJ7LPD-Nys+S?pIo7ut@zD$LPd
z^5i=j3?nOp$TSD+H#~w56<I04JIry1<4GDM4{2-ffoxHwwy$@eqWl}m&@wm*JYK+Y
zkp!^Rlb8U~mxyJ@CeJG(&-aG(smZDuI+o)Q=c_S=EMEQePQHeklHb<lN^ZG>zNP3-
zX<B3trLuT3Hm;8FKNi~!%psKJ{SHDP72v;@HzUE;J}PS}f~r$$y|GIALB^U=0UG-N
zq_M@Kl?}tfaHgR>NYnim6HO=hj<UI8zcY#5rsG5AIV8+ZXfxs}6sU%O3>y}8KR$K_
zS-dqFiuc_bk}KF06K}nyVMTsru~ul;qVRB)7ai0H6PC;)%xWV?SK4N@5ok5s8}{W_
zG+oecin`!ap4Z*C9oaKG{0RK1k+|@3u;G-Of=B1*Zf(VjZWQ7>e!RDNOs#0laykQm
zG!aj}ve9dQo#qFhHJUtxR=wZB6#ZD9m=?5(m<#DLO}lyk?dt(WIaV`|09uGmf9u6M
zzN>CPQLhedM6Fpz5@Gr~6ZnaXXCfg{$Uq=4ef={=eQlZzH;ZV6KUV$L4|xP4;x%r%
z8){h?|6=+r=|Gj&>~aJ_{ZIzJ(hrtU$AO}o-*}29Sc^{AxL{yf-PRo6{|or8<}|gX
zRr4}u8ueX&mxWas_Flrio^r8rDM=*NAj-=7dMw5pW_!+60;RjuDG#Im3unZ-$iLc!
ztED=-`uZ~gnXHlS<WP*~^VS40pgkJd(v*~Zfjt3a#|<~cX0^}L(ZAtSi5%eYHc=W0
z`j?#q_#gpyv9<mD>sVDHN764c&+)l;g7m)_U>%t+HHNKP0IBf{FhfoLm+mE7;nEcT
z;XZZnU~#CnYQCf!FCivy6|k+HTS#I2Qmds;g1V8a!|Ey6-y`0L1Qnz5(lQ|u7GLV}
zE=S@z-Bpa3Ny-vf9p%4xjs)@>WX5`BA@!>k#bSubiyB?co)O!>1Wf=o9#$lQn^3h5
z%fj-zmM*5&9m87RU-jnIcYrf-=xf1qis%H~c{U+s5B&*mQPG|ibkt?pkwGeOmi0le
z#l!#ND!pgT9Yj@4%Rxw0_*IKG!3*7j^(})H>DxXpgMZWe!boAkdV%hsuo?!RQn6)8
z31@m<oB#ReGp!4)Q;ZMWdyCsJF8eQd^?45~k{^sOs#Us|{hpTUzhvEgf2DhcYnTKC
zx8%%kaa;c0Ch!sXn8ABO=3rMSh$MR6{LNZ_3-AJb2*DLkXH*#G-QW;-V!0KYIBfSZ
z)sSCI-%!DS2!L7*p-EBT;jzG`)I|Q?N$>`BgX~bBlj6spuMrq6`hb>s9z59MucVOi
z8QwWAxj6VzZoDwgW%%b8b-)5ZFOG-;4&(s6W1Mt$XjI8+`qRhDX3rl<2Ppvb*Wti{
z8~}I=CGjA&7Y+>zO!@V%UwTtS>3JldcSx4MjAURCo$x+e!rWeM!!dRT^4C5)r6hgG
zNL$v2M?`dx(kub}EXT+-4ZT8U9KA@a-5zFGJYU~=uSUD7MF;S^n$k~Y4U0^AEe@KC
zxx<g*dMNm^UXPC}QfI)z=^>lK=gwauS+^|lk@OhrdB~!g{l6u7H@CAX@jd(`KDgf!
zSQb_s7|0i!9D~j{y-zAO(%EaU8MP#vTZsDaoDXN@7j6-=fMUH?H0!HJ|INM3Ql&N3
z<i+4EDQ<9Z-QPb?l<MY}!V)bQXa5JdcY~waBbOp+TriPo7-Ob*B-q&(I}Py6aGRyw
z<Aa~J%FTlILjEWQeG&Y&i>Su{%NzkzX;FaAhHxQ$BYYvp-0tF5HfUA)4KRSo#Gj>m
z_lN&?>E5O=YU$L<|4+HM1VVWyzH$&5RJ`c=zoC6D@oZKTZ<W2uelrxS@%(i3iXh@&
zaXcb)hh6=~HSI=$inV;uc(o0rJUMpwqa$|?t{0=~R$1;VqsBupVI&OH!J&3!Rw90_
z-ml^cKc0|{Z$?wzo6o0(bJCatyU+qN`U|`70Q<4FL9ly|heeC|Ht=dpMI*e)Ll{i>
zEfxT!J+#~qGqRU}f#WGG+#zQGwrHPk0~A5@rs!5(ZL6Z{EpCL*TVvIq=Y60rb_DmH
zre!iI<u;5YAXWjjo6u#E#^<RPh)ws+(qis9U+2?t4Zd)(b^92-lzGm4uLC>>{XJq3
zsi!6@@3A=@@kaUPO1oz%r>!BD_aVOvju}cki4LUE?KInI2U|Sulb%89^YS7C5N~o@
zD!{QNn9p=H(#^qC-cpNg1LiPf?9)y9*?-VL{-mRTU^MOa>_V@fz0k-{i}xhLZyPR%
zBwq7<{z>ty*DIK~R<hqIm^2qlbv){vyF(^287TZ01=e)g==Y|0_WLzREO|`$^Bqmc
z@>xy>=XmfZjb_P--aYYlfU^MJd9)wWDPOCpYE?QdNQ8=R=|1Fp{EEnPPZjjAxSj82
zF?vKF8m@FApDpWq1KC9Wjh~B9J)oP1Kh5kSF_9N@vfuM|-_>mFLRzkTn4KJ8iziKd
z4uc~7db6Ple@WoF85fJ^q9GQmQ5T+WOrBN{+r9Zjk!`%`UWGYyor$OlA(z)koEhsa
zD53UnKDrs20+Zh+Aec;GoL@1l&afZiLzW>D9*bd-#_@MCcgKUKUDj-|0zqSjCYKXG
zc<e!O@B5FZ{o5RMR%#`>xj>QChXXua76$=qtH^YGu$5drHid8tjXXfxF<xORT%b{n
zUJNK%w+Pclo9qstc@>c40sw|)Z?v+WU|+D}@C9EY1fAlI3j=C60k`Bc>~Lmh*DNYJ
zZOW##Z-U}4%9^L3MQeh{Lnwhe74=DTR`B?$TqL<M{s`2g9eX`|I<Usi{}{vNG2E$D
zW;>wz=pEH6qheJ@s@vL5&gnUhft2ZyUGRGy_Y77yJ3_N&>q+>!b-YCDh`CvaOI`!s
z_bLR?Kfft)`aMA6B_PC6doV9uKAu!iZ*Q^%qfr3rGd-wqt#Y{hxY#3%5^I$zNKUQW
zR9B@x3#q#cW8w1kt??yz%}=?5B`FLsWJ-0;GUf1O7G8mqvdMIrKEo<N)u&u+C#u<e
z$bM@uf%k*O4fd$f^^OhDZVHN1sQ)k>&C2-lp7KLw&qckjpZ~z7Y$gyzC9chA337FZ
zVrKOffY}1o1u>;NzSjR;+t-7X0Vw;*@SRt;)2jd}Dds=QzTWk8Sh^z>z#Xsw313)r
zruym?gI05_H{dBq?rw^Y+qNs}!;JI?6pCw9!0c>?C{-D*APUWFF=!0gwxKP6wU+7%
z*;7UsPttik#zd?Pw+IL2FHp(u+@(YOy8A|ls-!*8WoC-_l-&9=(RJMOOC+5*o1GGw
zyWBxg?s98r+;z&D|E~OD66dw90Jf+m%i`lq8<Gsc6=FRTGBLMcS;Ko13GuMKgk4C+
z&sECwT2fROJ*V}hObkhUzUXg)hmmka)SEn58?WYS&E%F){vnF-!@|Ppt?1jQ#!{m_
zsorTqH)kJ)ABC0uxAGhK;q&h<Sb9Yv803<szmA}B<>R%NZQG)(wY1{|>m+)m>v?Mn
z<bTM~@7YBB`0Uzs>Y|71;_e<D7pIn05aFv*hK{D+EQ7}y@ZpWTSPUI#17`m}so{P@
z!2hBG<jjEZ1{~D{-7kp^5%MhhRxOMvW#Zd-%KADNZjHM+VS$S7)1#hWbLsSnT_Nb@
z*+D(9;6y)QQNy2AfP2=@D!>iwKPtdC^0A=Vs?QybIR(%#^!$+K8_=Zy+&Vo$+!<4B
zV99rFHou#!vOn@V%<&Q3Tq&VUs>J|gfO14c>3fe;lLrAU_K++xZq7#{2G4~VTkTw5
z>TYQ0&|(3fQil*jdJ&xX;NyX#L>Er$zKA9ff6G>MEA?L37gl(2d=ICLBnrvytmMue
z+c0e7xNH{~3{z<8u`sV&X^RpPv=$4Nk<2Ph$>njLh2Br%m>R1TR%tiC?Bhd*gYOf&
zRck%rS4ui`bCRn!UBI7##{$?!<O=rR`QL5sdt;m4k861Bf^CTUkT{#oMV)T+iK4n4
zb2+SYuv2f+>xy0TJ6t__S}`9gEeKpcp#l0(S^(VK@US_GwnKceW4+lH2Gnk?#^oQi
zV4J2O7rCVgR&}b)R32B-{g=uNI>{U`KK4hZI9We_`N3Myi&6;moh=st1`U0?1+sz4
z(S)%;s4qT2OiVYW2mBm*Fh>0A%a3{$)p75&RBunV^zy96Cim?aw11!baJ#I>^Mx^B
z*VU}_Pp*E0A@d?{Jt)2X)ymQ<``?M6f5Rp*y`nj3ctw(9Fg|;UE``<xn>eh-jQg_Q
z1k^~lTwcp;(oE&4uC#3p56oN{s=)|uCx8S;QW*AbV8CkQYFMEgz|wDavb7|PU~am@
z@PjH@D=cTrQtGMURA$J~PdA6!b9EX#!s65>NcdpM@kHuUf44O_Y!q<rNSmP=@pSXp
z=O7knZJ|w=PsZXCae)`v&J(*|J`IHZvNM*laYKk1Ac*B2t$fWgS7)oMH^zQsI@TP<
z!a|jt(sEQzob<c3MQEY*8F?1O(AvcHy`7-;xq@Ac0}$<K!^T;CJHjwn1D)5*aju-)
zbBId~p8hMAIr91suq|gr7h~ZA(QCW|jB^Z`G(iMGKJKorBa_8ioZi8=$19z##Fs%-
zb?$Xaw+^N|(i3`c|EUzr$dW{_+<0X!5@ezAz7pS~?`!IRgMTX~0r-5(#}p_|{l!G{
zu-l0N3K_(hriLPCnN;$iYPBCQWMMdW{D*}BG2FJZ1YCvMr4a7kCG`DK+HyQD20MfQ
za6hEIi5gW%MmpsC@*8Wj>ldNm_x}_MN^;IV3k4OcPz|)f0tx^^NFA~YyEiRdUV}|3
zlPvp3DQNKCOk}JkLI0;O7i%F}e}q_2<0;-?Qf=2W07Tkz=`$3ib}Rt#@PUO<A{zR~
ztCp_z<&x^Dw`^1P<sBx3^=qB3z)Yww>(SCZ&YW!l;x#S-o{<QYVa0B{?CGzJN*UD7
z7;T-XiwZ?Hf<zqbLJQFwQZZ@7<ITkoO|O4`8tO0}FE+ye(dqydY7ggll&z{u<Uo2~
zX2;-YaRwK|s0%teDK=v^j$ll+MK8NNdCI-oO3o`Oz<_?-DW~8<d0yv|eG)TYsg~+W
zYJiSGOnO6yD4s3&>_2V=31y#jy2h|-72C>(r9;>Qcrw6*7FX9I)E!2srdu5CiON*h
zGO_lNCnw>FK5tWbWkVL2AC>N8+tugDe4jU~Nv*aJvyr|ce)koo$N*G^Y;(|29O`Sd
zmNWQ~-5AaI3zb?}E=47!65wxm&C?`zt`N2_+R6i6%c^$xv5w`$OmTyY_{_giF!=}9
z40|k2y0%o<A<=tN=mS;H_U}kF{b4;|{k|ikpVh~eZZ`W8{JGAzrI*4|Wi&u4I}$*~
zT{qkbk0#4q#A0jFl~$UUwtHp?s0UY6N~ro7ioQ%P)*BFtx89GJlaFsZ5SvX`Kr9&n
zPC5G01Y3?O)}(3WXA5;S<N2Swt&-Y1{a&41JwAM@lqSCGFAO9&>|HG=59mP?GTtB(
z|LwWiw6dI9W46vuziC`JX{Qz%SCQw~=EHq{M$F}w1a%Fpex|c^M|A^`NQA+B^IID+
z?5}h|8T~5ZmO9~pBZWN#W~oiaq0Jh*xw0PBKgliTzam0C1Cj)8XUdEHnfKpt(otj+
z-o-RH>=3zq`iV7fHd`G?q5D=ciNo+vtPpp48jh|>DuxzvWwL~C9mSlWT{@(`5`45f
z=-qF<&kV~rw~rn0%YIW;B%71q^VyP7Zw$<PPdNZ6YsE#e9Sf#<7|lFd{Vk&5vu<oJ
zS%qcceC&;W8PV-6A(D$Mf@cRRtUGCw>72AYaj&E2>-(>wl1J|uPa3eHziS`>hPp%k
zzlsPu`Ob+yDIke0P_y(1dotq@F2?1-9#eORVf1c#`rV-|<_AMIalw_wH9s+-NoozD
zfj^sH9iDIND(XC1&efdk{!SO3xefH;R%&wOL*>;1#Dn2Hk;i2<6w4A2v9-lMFge9R
zlsw=D+2#p3@1Y1x=V)t<`Bu<uvI_4k%B@~-=4A<;Sdr1IxavrL>qEeo&xqLqYJAIb
zqE9uY=V3btg>Je5yOT?t*ndvvSv5EL-}HkE#6$R};;>D|&+0+<0ZxfiV4iD|ha@<}
zh=5bjw_VG<Yb9MT>#9!c4d9ac*Di7SffRL3lz=QO6<Iw<v;+dWUT}P+e?ql^kMi$k
zMTrcFSSSa*1#Bgjt%Yz~SS&leJuIge&N;LoJCXB7D3$TQ6}4B1KH@SZe9+~lBZ17q
zX-~t8u0E2AECzKFFw~q|B$9UMkt7;$;ADOzWF(xhuu<=WNfZU5K1L#flfeQPB#GD!
zaW0_U?-gcF)i=+~HJ@EuALXsi%q8rkq#V`;<(KR((iHhPVNu&ryREmgVe+?}C@O+W
z3BXZ<Q7jijl2xGx83ul_#H>^7pJp!{m+d8C8vVYs{@(Pq7!u@zt^h98h7Tul*(3GE
zB>9`2Sb|NQ@L&hqej-YEqC-+<#>+Kxa82ma_i(Mp9nsD@t!5l$dFcSS#D4~tYlgMD
z#J!}OTE({Q>E8c7GZfCHsO!CPzsy*U>>7Jvz4zYe#z0)YfUl6jq6M}2ptaEkC#a&l
z-*!G&<Jx4@mOx5R^ts7tz#G<L9A8%#e*XC@k)88?xwRcrn-%#hpDO)SKapyA`L~mY
z0=-7F>XHL`3+ElD1D@`YjAN^9HJUqQg3VWSlGHl`$4M!=2r^IVmA?HkC#ihL=RA!b
zpN93aVD9<Mn|K)+#7#T7OL)J(E}T-lc}HQ2*1Fbg_XULqUf;04`@v@a8qV#fVu_uJ
zyOv*7Jd1qm$?X`o^HHDsIxlap4&NAMqZgbc_ks>n-uaUqFXW_PRYjSbsJX(yC=1Yh
zKXDRu`&Bp$%B=N1rMd^m>^6V3=HGot6k!p`;JvTsv*#uZr}I+xk%M;2fpXKa33GNK
z<;{N9Jt2pbGf95g8^8>hSAhHKFxR@_DjTT&<N8#-pw~B2MbhVjYG|lE0LJcp{CEZk
ztR>STDz}&vau**svvRz(P1$otzqdZd=2`!A4u>H|@Y2~l1ijh`h7RIbF6pZ3E79|t
zlT({IKEL*^CnED-Xz=VElQ!i8n%orc(|hQ^WaU4lY&p>ohK`G<*tKhq`L65LlhH4?
z+jwCf!@D?&R_UtB)UA86BSvxc!LI~T@36(K{Z8XKy}x%siU0h4CEZMQz~!;e!JzRN
zq%Ic>GFe}IxU2FSW2>=S%B{w)Rp_`r$xhPHhCXfok<4Sn2t+<#TJltqi?=}zfYDk#
z^zMhVHChm@v0Vtk<$bsP?60qQE0P2DBD9|bgZqIBNn239MU`8piO{^=R?TYjMwvpK
z?evGjpw+Iv_voB^SNu~7K+zh7+1&0$A~k+16@g+6>cj5oggF5vYiburY+6aA9Q?gR
z4&u(vQFJav4@*gi%QELQm-sp(^}TDTH^!HMZS7_EwM_=8jtxzS*69<z!F@%l)X#j%
zPiOLQckU<zt7R!`d7gzifR~^K4T?GU?o<h>;&M{G`jsqqJC3E>>RmvA?f!*~b++?I
zVQw43bN91AM~b3N>-pM~)t(r0l1naVGU>P{$&vU^&BJEF)!&SUZU!%MhLXfD>b&CL
z`8nzqxF|MsfvF~)`Jc#?#G&-^)&^2KD$B70zbn`{NI&C{paHDMRN4n%6>;l2Tp}Wz
zRUlAxQ78(g{Q|=VDdh;13Rg6{-pMICFudtGrRRi(N{QzsOy)ei3Q@}40aT=R1XczF
z+#ct3)bBZedaoXXx?>3+R|M0iCoLDHf{BsXS%|hj4eOwasy$?)0HHmu-R$vOjC{>(
z_;+nMZ>=&2I;*WJRVLFN?S*hus7XHwo);;78tV6f?4K$r4$fdT?IAFm%Xqu-E5?60
zFlc{;85G$Xp8E0XntX=Ob{Fy4;eM|*F+(hr_Mmb2E*_d=sC*cWatsz48R~2c4ds=(
zlj+rKtxf08W0Qmg{TH}&h5Y$W7X`{bMut-bs-hj5vDB*5NsLQQO}(-Sg2jofpt4+j
zm4MF1oXyDG11;8Q(S&$L)6N~(UU<<RIT`Me2xBR%%-FEKv4qMkh@?QUp34RI1jqLY
zvGH9e)rv6Vo*h*h0n__yl(KR5bTM?&(rP795-vkG3VHR5N-am>cByNRvx6&!nUzsB
z1N<I?kOjII!nimtyRvW!t_#3i+eQbMM?oaD;CCDsjKT+6*pIjG5}uA}TkXGeGLd96
zc#lHFCl-uB$e_tmJ~~)m7H)vF`7>4&lb&9QyzHZa0Vx@72P+Z3?T4a|S-J9wVnrN-
z?n16Yf<g)15l6(6m|w@^I>m)fH->1?+5k<Q$QF|>Jmwlf?ECrBVC4(J9rO>e_FD3(
z-17AmtqlD;2ZOlAjC$}WtMbU<tw{1v^V7!CEmZy}T^Uyw7YGiMfedq|TPY7LhVyS4
zY);-y`R@I)c$XtD4%C0bf|lIc!ksl#t9WmbV(aEv3sfsi;tl|Zqu+IX{GsTq{-pv5
z7RaDgu&(nNglUY(co@YEh>f;aFc)uQpVU=nQ4w3@&VZ95-ixrjJAcpTbW`*tgMYcX
zjY)`knzNe-(gm|<Bjf08noJyJb<)>IRiO7s3{e$;-g|KI+4^cQ(jKMN7uuk2DzvlE
zvd5q5o`|i18!{MMfu{Z|GAjfl1pHSd9|Iwe-M0^wh4|<pPkpr;1e|T&@aw;1$4q|Z
zzN7ehLU0V_)cDj_a!&i$_oOS--{$ztFuU3Sh6#e}8eiGSz8|i=|DwfC*(+*2QO;ev
z$Cqq^FjilzkcG{p^SyGJ*QRFMfON6mK4LUWst;l4K4G~*XRey8i~VTy(<|d&QHs!{
zI4r<v0)qX1-C^pZ3ZK>0)j}AI)E|QN2qo%%9gA^<5+2<H_Uz)X2SR!wW1SK=k-m)C
z*Bp{AbD7!jp9J4?czw11&Ul4EDIoxH=kPl2(pgw+G(P>o^33p+>JObIK>Pe%5N+Cb
z<OU(`4L|76OBVyIdoO8NlO#v7M5k2{zjlAwG+Mq(dNqkSsU3<46A^Yr<9Xfx)0-V$
zz)l>O;~uxdkX*m2nvR!G3YU90bOa9FB)*}r5rwly%F+Iecd(XuIdUq$#kh-Yw~<#9
zcjLwa96jyeiV&JUkryA+y5AmQY+Q0%^6bH!Ai)+7v{t`lzHRfY(~L!gsIe%#Gi%Wx
zkSsx&nZMH&jBwpvgb3_kCMg+{N0YAj0xSh0iala8OLdOY^gZJ=N(%5L^79<FA9e3x
zOCes(#cRv+r?iR#6G4a+AOPJ28&bT4pEqWAfRL<JWwY<8{k(cUQx&*%phPKeA`4#?
zR_{=R<Z`@>Hr#rrH7M%J*fQKkoM%0Cc^c{?I3L#@X6(6qjE2W*@U_d1Nw@1_m_GVA
zjR9&3O&8WhsthY#WW<>Uq7?6Fz_HH#h;O1uRbz8C`OJX9U&U@~kkK4((9FK^9;eD6
zEkOP7I3o`TMNr?uLhezSq)&XL#?AbE9Cp(L*qGhzeE2-Eq7viZt*X9m{90XQ#M7fF
zNZU%dye<2&0J6#8`<EWp{aHNahmm0>-FuAfEfc4WWt@IL^BGzv*W#UNF?_;Bs4bBJ
zzW%RR3}!w}llJ~&*0F}h-^tWS6}XFC2ib1H`IkC-VT(+PwrgwJ8B_bLuPoz;{e?lM
z&9MvhZZdGxzQ@7>F)r6TbjA740UQwP`M!dDBz%P7DB}JT`TYr_6aY6Y-mD9ymvGR}
zht?Kb|Gezqo4~B8P)(%f8$S2Wk(xgI3ETwWT*!Tyl~xyFh4-@l4gN@Y(2n6LN>p84
z8jPz-{tYb|Ae)3j+z}9qgI=0&ECMvjWtXA2@a6dkzRcbS1yA@{^h~!kz#10wPrUgY
znodD>bfL4`FK^--@TKs1GM4H&>Zr)R#I0$NMUYJ$=)HFZ5BK+(;s$fUj&lTK*8c>D
z&(Cg46^N&?RbLU4d@}zIvyY|L3$Z!M`||Hnz`k2)we6tjXZpB`ZEFg9Mvdm5(9%zy
zL?(u#V6W(>znNe8ynlbD=}UL%VuKr$bb-yPF9ov~zeK%2XNa}Yf$GZ3!rnQnI7Sbv
zG!Uu%+nL8)Xt4GaRw{#&2UGbNRmCq45)uO5qfW&%(ejKis%M+?<#k;uaD$w#;{I8S
zv(lmKFHE=GCsRAn<2AJZ#JmDO;Q|uS*;Ux!@B5VW0JEfW&Z4E4TR}ef;NOY(y>3f)
z_9*Q?Q{Z=7wix(|e-*;)?4_z=OyBr7ZblD2hU{2h*ikJ|SRYPpRe-Ykk}>!45FQfL
zO{sZ*E;Fo`ev)bn1jYkCwVTAhfwzDQ$?|Kd`N6Ot7=2Cgm&+D~p1Yv7?YG;@+rY|0
zcF2SjUJ#~OVZ40V|Kq3u=Jgae>AixNBtl3arVc95>d!|8;u(2J<&dD<#nFbBSIU5;
zz{)p0@ukrn7+@-^2J>3x>{jW#cPNq!u_fxF<UMlmF?hVdnN7gR!J{>HRU(B!Cd^jZ
zW0Q(u)NYWWQ!UPPzan-~dab9SbAPXWm0Ma$EdI*lq`!nP$uIT#7CPZ!#0bd&^9_lt
zGI%>lniLOCS&;^Q)qNm*TrpWH`s+faXtw0-<(14ydLm2b-HFs5xgU(K085djQ!PE)
z=21&1(QXzC({xO0>h4zz?=a5WjQh1So?u^60psd1wfMl|wJYOx{_{c@8^yu~huK0o
z(ikenW#?3-ekerglV3k2;QKI`&X(-ncbQYno#)!f=x}-eMPSQvrhH(8KPR<d!jynI
zm7UOs?2z3hVEk@Qu#-@Q+iu^wK(Um@m`**4R{6<q(qejFqEjG84DgqHSQrIW+Gy;~
zH}cnixYVopEIxw}LwR1Pa%;b2%%Bjpd4F1XVN+JS#dse^>!~SUqPXr~FrK-z{0gEk
zb?cGLQkW1PbQ{?tlO%VYzXMnl<Q?A;D+Uog5KP@0_Z>w!_nq<+_BsdyGff-trNNl2
zj(o?jwTdRzY5*dzv|VDAtY__9aUjF96es+Qn8!t;_GsR5KM{$iE^?FJv(Yh)qLON0
zWotOqUO#>-oWA1dqp41#7kQg7y745izgcrID=dpYo}NNDH(HMnm#3L5237)turTBH
zWy7k(dFzmOMz_|skor?q`^3?$!2@vqPx9en<B^`VH0Ne~CK?la(S=w&m3->=J$=*w
zHylCU@9b|**F#Fj>AV-Um9HvyPxDo?{W7T=E0S^3tN@9s{rGb@jEube>60Q*yGRm=
zUL9-T%%Ao_p-IKeQ*z)@o%}+KSb*6FkfYH7=~9pw(oOhkcNn>UJfJI;bW4=u{W1a?
z5zfcG;>6rZ`tsP1(~k#%{hp(t&p2(!-b;gQYZV0=8N($luzeb0pxOL(Vjd$L!v$jB
zYN_6cS0og0qh<7j{+(#uBKY9$l=H4Tbo84mLcZk`UzGJ#i~smpBk8%7uLn!Qo@TlQ
z4IYnO5uyZ;l_oCIX-8t+H+-u(oR-xO7BnaT(d60PRDhLaKF|J;Z%{W+x*$}kJPx|U
z2}Ah`bya8yIi)c1-q{fla@}GZ4_#w<PPA~h;{_~}vaa;DgIH|IY@wVFd3~%-Nzx{%
zh@otJ*{tWjToQ4Ja8EI2&W5!_@f3O`lN*By&S|ox6My7H;LFW9A7rZ%x}$=m#`6^O
z6&Hr{#-<oPuT35}+^^Gk1v}Y|(<ud>k2f!oJo}r*xRt_Q?DB&)nRIC(BJW-8My}By
zMBlQQj(z8a>)j^gtMQo7ylrqL$K$pAq1~u{6JffZ)^ac4sdwprYt&D3YXzp+<N%c|
zpBO0Sv6N_MGHj-04brHcnfmat(aO^l0L$k(5pv_^Z3;g)oztm*10tU>AfC$Cf8-I=
z`2o1JOP#FsWDoN{On)!6=)20>4cZ{Mo3>G@$!|0$bDTh@Rm!G(Js20X%<yV1<I7_D
zs_0U-U}vw*{k+6@?f|<TFZD%^o^u9a<CS97XT^NYjj!|J;Yk$e8;qB}HoWdD8RJF^
zqc>o?{)GJe{3hpYj^;~0PG2(}Nr<;5^E&&AA?{0W48&#umX9H<;ii!1+_Q1qpV(+W
z9253O({Ur=^ZE`YU$r7bD;|H~alx@^gQcqlVw>|G{I@$1)q8|f@9+`4wHUuKQ=gxN
zi0RCFiC*wODIZRhc(!7HLE1>=?9^hhx_-5@mYOq|2I$j%gWh&-hsD3mH>vLTh`1SP
z0_^DR=VBeMr}aK~xT-GJp|qE2C!m99MeR7los7)#uY3$ZfItZs5#_Na@%a74=<{j|
zj-epU!;BFT!Q*|YjmbcCxW{f84TB7#oc9kw@5u$IX7Fe?A0}1N4=0_w58rS`Oh+Sx
z*YW##>fQm#g<_MqQ&BeQgWK=0#M<?AXP+2mNceGB%q8Mb6GhXSZ<`FaVauZgldZV~
zjSd^|bQh$Qg^2Kg_5YjL(cF7fHV6<dhF2E4C<6Cs{ao8J85137W$7yY{npTcKf%`Y
z1h>X$7fYJjCz=YQ#Le*nQwYF@hIXOFGcNG*NED|_Bor%5>~Z}l9d>utex^ga%E8r#
zKC$)yGZa;IrKA~VJ~pfYAG*wqbh|Yrd9K2+L?E&DDB~e0{P%ueCY)m`vt`aYn7De=
zGq6n!M8TY_#J=B4S!{7<ns_RL_FO6qU3Y%Opqoq_jVr&IqxDYZplD3EY4Q8$K}RSW
zPLL3OW{ZgWgT06jp1{;!{97h<(&fm2pmYLy_vfqI4G`5Qr#GP<3Jo0DGT*;>J=urt
z59>93Yq@XQ98gA=hu~m+s6Z}$@&tQrgy8x+xZKdwpOpR~+)@)bk}i6?JrgJjjK~38
zno)P3z4R29bIPK+?~ibcjHngYb-s4`FJdh@WXrdFmJ#;84`Jqz9`Hw(nCB?ZciwV(
zr|_fE2CmwCCLV@9Usmy-eLw{8(qf7hs|7AvjfyM;`V_(*k9BSeIw=z#o*>VuX!NcK
zae!4v1+4&5ob5>l@7lGA!YN}bypoR6ALF@zh0uq-EBG;j0sqCy!YK7y8*aAy0^ZlF
zFjPeAHbxzm2qAdgEn2q7A14}QPwQQFq<n4;r^^i$OXVyHC*?B&;NI|K!VtBUJ-TUv
z9${5S%fOQ<yqfBiYgHXNd7@wlf+7gxEM2IR_K<W<KjebWpUqq=-h>!8YWOpK9;+dI
zC+q9_n76-ULq&%@ggG3*x|C|pj=DKSiW6UDITF7xR5IXX;&ZkP9tiaquQO8iA$<^`
z%rS*s4Y{1?JIvw7p8=+o>-Z2gghh4cQ^!~1O=@+K>XlJA-}vQS(_ljgy1knSLyjsX
znyha%(Qi;N89?++%*Xe2=!mbDDcaI1a8NFpf9~8nO8<CgUy|hKD+nZfaPwX%X9&d_
zts3E-V`b*UU>*9If`s1LPg@x?=a^$i+P&C37t8bFin@zI@lJjfkCunZEr;)RB5b3*
zb51OpBk&)aT`+9W#>6Z#lWBp8y^c!%sj8Oq2rZ%k5P{I6yh~hv6$Hq@#Jj)7z}gII
zIi)q-o$m-=vyB$2G3_oi*3Mj9<CnC#D)o*6?pocmGSRb31vso;@WhECKskC&k;Xf&
z{!R!?!_BxS+pKBpHe*xBvq&*FhkMPU(lD)>u_CBY)BW|Gs?)fH)e149x~#%C-g*`P
zII5~v(;{zJ&|i4e+m9yhe_%Zo8^j6c*^Iy7mMs9COTK;*L<sLhuf`y*NeUB*AX>19
zDs<z1*EBy}V~;XnI{%f{OCb=xW$j3)x5}5>*L_;Ut+H`$SI$|jh7ck%32-Xg<USqn
zBnTy15Z{a|wph7kGu*HUcRfv}7}JV6I8QiRZQ<)Zv>jY968H#t){Bulj1?g!d-#bQ
zhxr2c8bbclc{+W<yZFx0piI|YgYCSNjN|vl5?d1f6(z@#gi-@nb{p_Vp{HNCiP1Uj
zvR;kxD>NwTiePm=sy46$xLPAJ%INvBzCl4bXC^$kKEb%%ETla3r2-2*k1f__kRmXb
zy!CqWcZolK+7-WSQeN4kTA`tS4a}I@7{^nzC1Zp%z?lf?Ec=VJ+SfX@#C4&7EBY?S
zR3Z?e(o#%lG&(V?KtLT9jq?^;gYpzzh?w&SiH#0zmXAm5c3b?#yLi=sy*EM>k2m^q
z_>8lrK&d(4pOKF;{8WF-iCpwS{kAOL<d+_OXtGRmnH_Fu>};)-nCz}MWB(dpnBByY
z_X<!)gKkg#@y}A?jqZP_*{$W8@7&BDVf|zh)n`^D(X--mx)11-Vl&oi4dcGK;#VC2
zZ?>@h6jkp$*t+I_bGRH_=++yGq4ssAEd_yox}yP{nwEO0_Py~N^<Kq<YVP(Q0h0W8
zrKC17>{-T*w8I3Y$6lr<9Umo9Re^1-`GI}G>ry{Q1VBp-^2M3IE~~RGZC63w;XfDG
zm_ZSR15Bo!qK$Nkz!7lHR<3KLG%r1xIuRbrB8$W(q$c0!!n!KnHb|u3^Em6o4}3e2
z2x=riIM5ee`}94VZYt}Nw<YF$mX$AO?9;H~o?P>12o%P*Hc4#mEr@JyNqmg;Qea>>
zu&)TAanyM}L1X*7e4k@Y>5pe~;y~J+3nMypEOQbBV1sWOTphc$ZpzWtmNcjRCSpTX
zTt1CbP8J%um>cNoDWOk&PGPaE>!iK>VoxKz!ciAEKoV62<|{$ycuu9AZmlUD>vaZY
z_5J3nn1{Sr`s24)9NLHRRELB7bmo&am4lo{y1(UGiXLc&E3LD`d0V5QWEF<QmS+z}
zx7=+PR(+ALOc-@Jpb^ke+G}*&23%bvGOW}QVM3up!@^TJXb=|kZ{kHi<!EnN7a<0I
zXlwcuB@(jTX=j{N32Dxs=hnG<Ykwe?pk&!MhIHmCsNAV~K%*931fo=dKi&AEcL+(>
z7=4=L)yZU5Kd2cphZ$9&gLVBb-FnJ8kAlghNVhg$J+tg*ScapsmBJ2=MA*8hr9!NV
zIXlP~9P1HR+GF!x)Q$^e7HZwl$A(q^D=F9!@n|&X_2bUaRNE^Ie{l6V)xIAT(eu_u
zR1fqeNAsK&Bkggxe1(tSsh5do#?H4#a5~aTq#ISEzPh6#tmF)9kX*?iUbg9j;Wxdi
zV|p9oTMgy!n#LN54Ym5@M{l;ShrAp|_}&F=4ZE7}`=gjIQXNXU8Br*Gd6dpG8gl<9
z2i_ejr27<3%pa&(Yh|hT^_L>`Nsg@6bk=oaG$EsLinM=42qAYF-T3ADlMSjWa6l@B
zh%J5`^)8q(GF(1-Ty*kdnl}A)yOa*MpynXX+x;kl-Zm(@Z*O}osIC*_lQ?YGeYcas
z&zOS}fx5=6H|2ImP>LmIaGyh0Hj=QSJk>6oT9Bdf;`gqUkKY$l+nl&DdlSu9@D@Yd
zUZi3_{p`1Hv|oPR-oeY=eh!9}T#xQz^5Hmb5D{Ky10ihfng$QEe4%=o0*qh%(Fxp~
zk8{acJ#w4=n8$ztdN$-#1=xeRwua=X>3W(oZrZX?UqCIy=VghhHKhTi&_RXs9Aa{u
zE`#k#`I7VUmGat9s2_wzB)7rC7ie$U3n}?#T0FN;&IXgC|BG6O5}egcO6*>V9uPcm
zKZP&J=|jO}cl{bJ-ycFcFcMs7tn=2Uu^ERjr_zSQWX~Z`ent$0;H5F>L92lMDmE8i
z<kPBH9Qb(zIxI9;UHx<G6u{F(+t$8VraQKm(ZgV|^C`@uQro>}B8t5jHK+T7@6ci4
zd|^ww(z8z9`dO;4i<SLEk|He8Hp)(9c~E`Xiu&~rnaoD&wg7Qlrnj9~LdMqL)Z=0`
z3#Mz0$@2Zzg_e*RZdzZ2D*4pAOh9ay?=e|a1-KC~IWc)p_3^(FFI_)x)je-_p&zS)
zqiKc+zwPX2gP*51-cMB7%`u9^-uY>Ln(!a*90p0&`c;Z|WvTy%8dJ;HQ-7r##UT!u
zL%U#&=|Io3cH8K1`{%CsXJgHU8!STavcl<rwgLES1$95x_D%)@2QVi9=iG?Y+ugKY
z&Hf0qtg8ys!e1)gHD<C271r0m_kE50cB#VX#(%A3{xH^}A^&A3Z4fv%E+mdtCAL47
zLEiPOW$jX_(!??j{{Cska4@K|fQ@eW1UMCJLI+vYS~dv0mKGRsypEemg;@&REk|tz
z4Q>Z+WdogUutz2+NSp)Z`6y?NgAtDx&OX7P4*PY>-I70QbSbu`G=J;bI3$P;7hFIK
z_oxAUkK9hXrU;NH*%y<r@QxU3b;qB9pwOtC`Aqx5Bhyr8<An7>3&y;(nHL2CiN#+p
z000g~`t(W>ILgN}lTyg1bR1Br(qB#9KKVm|STXTHoZ1@-Lqqn9)3rI|ttx$u1zTl`
z{Pj}s)oU)f=l`J1#s5H?8ml%(>ppZ#4oA{JwW8yYVPk7lXRHt)ks>P<iXlXKT%O1$
zbUTkGAp&S^nq2dpv;Z=STsAq+Z-F+PpPWP<ByHk0Sxd`k=w}NPoH?>i59sqw4Gn?0
zy-x!dPKSyVhcusl<w7<k3k2v+n=CilCA<HyI<3Fct+pb!Tx^kE#MeoMh$r#bCI+e}
zdkMVp=7Q-11!#iDzD=c&WvGgVdwn4x4(1Qj$AY~J{%mv<=O)h>q&_bl`y?2=6J{Sa
z-{_qRk!2D63M*JOmf6dL<`Y(&uSb~))o}a(DM_h~e#kC?<~xdoCP%Fj--hw~I(Wc`
zM%yo($NMD7>4;b0=4^d^8T(NQb(8B_?0$dxKE(pEQ@z=sGJwa?icZ%R9>Eb;oJUw)
zikwO=CB0)lWr;Hq-Y}JXdEgJyG{hXKN4*BedT;1Nt`AL?LpsD7FZj+_Lf$)-M;4%G
zD>&Qua4QV<Hcb{H9R3}twb$(Bw6;jc&9-M)Fy@jt%gHBB&#tS<9vL?hN!I&EyfzZx
z4pr6@AmDTix(x$M@rPN~`M@rg14yH)osc7pf*u2{_subjX^~FLT-(lFKCNyK&<{PH
z_)J#X_0SzPh9ngZH>sFmu9J5~fsj1yZ?`-)-2fVx>88!^60M&cN2?2BJZYRs{+DJ3
z$spxBcaESgJa6Kf!$J<AU;WT@HxNY?$2Gunclb<x6ccDDy3W8;MygN{j0ZK-<e5v|
zfEBiDN3gA7hX~K})}4#1)>0BUSt4hTAQlb0mN}e|&rKWTL$J;di&k&k%Q*AJP^;Fp
zu&x+w6Ai@y5jt%fwb%@xm{Hc(@gd5^AD~omQb&VrF*a~Y920d42{qZ{U@a7chWy&_
zbBB^*z~DfoI$CI`Mx)<2$7@85`V;A3+L2IZDwp`7C-r*e?OgiA?GWD%q1Cz}1Z951
zV<@OP;yda@@Z%T*j)9Hzxc2vjz~tb0r9YFspk|S<lrF2~{JU~%SY6{mvbs<$=66AG
zf^MBYAFX0h*_wyN^a&BWF?6-nWF+bYV$oNdk9B~(zrvmBuaAn9InuK>Tx9iviVYZJ
za_2_Cu`GGUYqt)Y`!}z04SdQyuXIfoWWcjze(-7S`jnMn<oqIoB*bMmZAj9}*VfQ%
zu!}iwwdcb$E4cz4HD=Cl)wMGF0EhfF-goxOr0uHkgM58+7eTLLrU-%gvni_0+#uwM
z|0lWK<olYOpo&C7`*0W7Ms#)UnZ+UcKFZa}b^uC{Qlj0!ss2Dy?=6G2|2RMv%knS7
zY%dVUkqE&3)ki8x3j6*Ci5Jg}z+Z%kh6Er?aw)-QgxM|(Aj~%>P05{^9d<ngw0>$p
z5*z^9n4cWm8nWjYuNCENPUa*J5<nv0m1Q)!i6%G4!o>k(m^JI}@2&;t-Sn2)48+kg
z@$A>hdt@^Zu$k-$>lOzojcy%4)CS<v`M&H2E^)@9bD2x}a63B$O869Aq1fVvdPb<m
z(0abo$R1gkC?u#+fNgLWPcSVpH3T$AUPSqQZ^dY!{;}f^7-Y@_QoqWy)RXdoPYjq3
zU`J41XnyTOG?yf8nfeUao)KWiK*{cg@_Fr7V2wcY_n|#e*zJX|py|l)r>Kp>c5ELF
z7;W^tD$!m6Kyx^qsEPCp0COZhgkO0+u2O^?2h<JZ&rBeNbUm%l*@Y7<^Fy6(=9pG)
zO3&}w^LRG}6pw1ADxb(dUZH=0E`cb-nxue6F8iG>Lz08c#I)hvvH_T^zU9m^D-2(#
z*SXqZ(TX3k{6Z!gED4L5S}BTxa02)sp|9)?NmBv^{NdtZzhiZ75z~Ndub%|cKM+WZ
zBs9wEGDX73;2A7;l?^#Ncf}<J1Uf8hv_wAja(f?Yp93X}kk9_AY`^f~bGIxOgxeg)
zm%Uce1n({6DGdA|S<2+qY)!q{KfVdWon5+AMr@O++-uYspnUi2t;*%S615&Qx-e``
zmgbUtrh(AK(#PsFU_D<UylUI|FR?VmLG7r_06>dC*YgH^z=O*dwJ_%wV7Z`~`a8dJ
z>+^ANc}5qi>S-9e;fMbNvMc~LtV75I?l*6mA`wcQ)peb~oy}^kVQhoPaV%)4vU@Jf
z=8P+Ov0`4+%ukfP+Z!*!$}0w3VPgMp%u*t0zm5Q(@N88*0lDUFeTo;4cLbYg7<vpe
zGO;Y6@-;4P({U1Jk906Me*eiMG?&U`3@@ctK4IQb+bYTbe@84qpt<+Kckfh-*o)(A
z8egzwfG>k?R^-6Fq|5JEzdcwcNFECHP=$=`Mv(6m-}wd?36aMyvlwH>MNZ<$cj^?*
zL;DpuU@6$aI$nsg%nCv{>Mn}UVM{O$B+p~A%V#!hsUB)P4<kM%r~UYJ*AQkpgwW!o
zHO<a~uZL@Eipgo}%OAW|zyVKHp*1`wOQeFw?JaDkM+0+aDWA=m7=I(`0nWo(oyAvQ
zPLOA}j~O|rG%poZfxS<N_39M-B(F+Lx=_q|c;8vmUq&?}*unS_5dfoC%n(6VU~2TB
zY+a}Y8iw57?Z(h(e-RJ-QdWY1U&`^Anx@j9a7_Um4ECP;9>qr8`6b$-28d*u)cl;g
z#9r<TGlBvL5M$f6!OKmHawLPGIx2*SCc>0S`4@7fjt={tf+#j@@^26t4Eqcy3ss2F
ztSBt~|3q{5t#B@1(4V~7HA`QfPeS%weSqesIQLHssQ_L|@gLCAi=j~v|D{fj<oZ9L
z<^6q1-=3QP5+pCcME(gt+x8^e=;&>mN^f_@u<u<DU2?e^AbS4<&HwN$_h$fT@CBdZ
zp;VNpEUF|NW-#0Rg>>o4KmXTvPUE{4xkPiyLVEGvP?^)0S!FdZr;-e%V7JE(g*GCG
z=HH0dMF%#Z9v$ZM8k=)&mTb#ZwtZFd%LDz$P$>(?{0k!gUabJ00&raE`D7@oAFHN(
z(R!^fJXYl6GyE+6I@3V-J>7in<?9H5etu`wY|ENo&YxN22L7OC0E~ZshLyFn<`!!h
zoOW-#%;#E}T*@~?ekP|`zOZIg^ykkbYn+}}zB_-F&&2C-I!!S79|#x8S0aL#|6%If
zF`Ba~D(s78i$;)A7PZJ*4-cU|bj|QT-x#$otUSq}w;{CX<NXbS$}-xc>KOFD$n-M?
z0APt`kw#Bn8r;MPu&Gu?-r@u0KU5r6{Fz-Q;78avR13cJj4mlyslsY$nWtve-#3wd
z9#oo3XqPFYfq#0p?I{F+%qLGucjxb3?j)lJ1|wRHd9}fxS5Qab^3Wr;d5aGId~9D>
zX#jx-9B5iT4|w1j5eM*sE^;>%^SeJyB<Vm0Mq7_gqthDJY~@qrxZ%!M6&Az&EQS0L
zfGKV7jOC_(h-H6mxBOdCv)U?Cd8Z?LpvrK9tHJrnmtEx~W}<s|*wH(qRqwbLA7ES7
zkrOWW>mecxi0`5)fo@qw0~$zV0H2gEIAEP;Gedhyqgc+xYC0BzOvH!Bk(o%I>~@h`
z9-SjyQq1i<_H|-!J_*g?G^TJWPq7dgRIAR}uULmTabLli%w^BG9j%>pINO-oBcCi8
zK~x{k7zD${fr!J_FG_QWqSxS|QewY4j$4}mgulX;Tvt&Zi8Y65n+FZQXU?#}lWT!s
zO#CU{t3Wl^HqB$vp>1j^;ueXB^y1O!w~hEjIKf?_*|@pX418=B{6uRSD?S_dC;-N!
zWm^wLIF}fNp8+Odd0{>8kfp`mVlg6jnx<DgntI1*?i<Cj6{lAm<loHeykf1qGv;O&
zMn<fhP4oZ_gClV`Um4NwdC$4A+_1U`c&0|oYoQSHWqf7b?XNd^Wdl_13E?)k5@YSV
zZNo_|JCZ%GKFywMla{AO(zTA2(8>>)U#pIm4GJd8C{}zwuDAOK1q2mUF0-FX*vGak
zaQ%*&iQYIq+ZyI%9<=}en0w2hI=XfZ6PKVNxNC5CcSw-n?hpb5cXx*Xf#B}$?(Xgc
zcL?ro)8u`V^VOMCXQbxG{Gy85E!Ew-_gd?EuKN*3pLeXR1}bvit`P+@9k7~8E;<}#
z<Ra|Lj)j}=E%{3-mVC+rne+8OHf!mOVxDWVy-77ITdY@#W?op^cYG>;F4b)M<an}t
zQ&yLQYdbs<6o)hGlC=b+eDvEhzzFevOHb{`L2*9sR@sjMT3{7EsM+5s7Rh(WMQhEE
z!pqhHu~VG;5ZlHaUaMJs-q7qojwPW{=)8Ks@{^audNNf_Yqp_haimKY5+SBQjqz%X
z#d51~R)Cv0P>&cX2sEvYBgK>Od@Tp7_LRZCG-vNzGyM4rHVVox%sUhdcX^9Rc9*k_
zCerS)qg@XSX*!*UK=oKFdwI(hSGlUn%R2^g5`$jj<Ld~6ebvqP{^n515a@`Db%7p|
zDaN&+k_P>jk8i^GG01y5Ly6gEcQ26f-Bz-gJ%3hLUpO~ZwL8?aKtw~S4r^(|)a$#_
zN|11PGq@>VrJe(q+kxi3*hQ(pbc;gHxWC`p?$<A!XwFTIOQnb7a{*EPQ8UXaKLTil
z$?o88w55g{5NCne`>iYxy73+JrtuZ<K;zv7L&c^El_;Z`GTZD&`53+&I}?SeOY1I^
zhtihmLIWh{?_y!tF{dDhm-cWA_4eF&{LUc+nJKteubs^7PuPPT%Fz_}TZpHNUSt#7
zoC@Ft&UXjMkQ6Bb-kWn(lCNX7boIrSsY~jxTZ#bTF+WT(s9zYvaHr#_;ynNVgD&k=
zySW`svWzD(<!c7f8u0KqB}oUh4#C%5t~*5w`WkaCz^9?PJv=;yf0^&kwz6(hYp+Cx
zdvLoRgN0%Kj2n!j{kS)ojbe&B1@j6H2GLgXfVwZa6-~}9ZS4LlAPCvhD@YKv8THF5
z>itmEYQcY?%Mrc4o7Z{*rNCpiW6=;?PNo}IHSBvWnUKz#+hONW<Nk<E7+?4$cHg$6
zPr8p&(OA(uYAA_JUoczVGQS7vv=UAj`4j7mDeWy5<)M%;zc>G&XOE$jlPZk?cx6cU
z3*iivO1h|9TRLuXoAr>xeTFB!L^OkU_5lGfWH^Lvu8qBIv_CiuhS>adVKgQ>0d#W&
zijtjmg-tey;wkjp)Hw`%D6|fRtve^p=W6JCg5IXQf8r2n)jNVv5&M=ziZo8bJv;f`
zgZEeOh{gseN4o?j801%okdp|}s(cm=u?zGkG5)b9|A2~_0E4(vO}!kx?$0rTf>ETw
z#^=8>E-Cr_MnDXE{Rj#~COX62j@fi`fZEuU0MFIH(PVCVB%5Rdm6OjO-%WXGr{wg9
zn<pw1<s$q7-pO_k*IKo7u5Y0jCo)B|BKhxJDSR5QHES6#XtnSOhjz@ldx-s%>Vcft
zI>W5v0MKYuh^M(KTMapu|Ia{X3dQUueMB6MvMN-tIoDM-(tJz`m*JcJ$!qEXIKu|l
zC!4_^%uR=zW6(LF3WKNvzknj_{tDowG7*<HXP0dN4j!rR4~GJUQ_{fi@$`g*uZf@A
z_RRN@w-raKe&-yLU$Ozu)q~s@V!BHAxjEBITCX3vgDc=wi=3rNFy0?_W@6aCJ`y-v
z*&2*gI$uMAN;`#jd+9R9DpxAGJkjlq{P?>tT41fFsypL1{!%7e`3HYFf-s~W>gvtB
zV$4|zvkG_vQ!>FvC&lIuMAl8EtIc5+%Z(&^Kv%W629tV?wy*MO5^)p~WUJItwlqjC
zGNr*h<(G9pg#|*}R~i4?j`?OiE$ff}E6Oxv@Nw&X<FgUer46m>$xAEY2|>NL#92jT
z3KC2}Pd8Jdq!k{v1q!{CjojqotCBcPNyaOB{yCcFqyD_b>>AucwRxbFf^I6%-rM{5
z^LA$f#F(Gbvu2YwgCk-`d$xIKFRCK&(zjY^f;<m~M7%lfT#XH7qHmw&EY_is@@r3l
zPhc>Qbu(zM^+j_$!hTLoym^C>d7tJ<WzunX5e*&ky<hIJZ!z+g&-du-J+?{tb;of>
zmUwkU%n?u%45N+D?QMua4+<62<5V6f_-VIHV=_9y7H@uiKtN|qt=><$Y?ZXH>^vG4
z3ehTu{qxw^VgmD^?)G|C;0CBuM_<YV#o*8b^3<o>7e>cHO!fNDoFzM)?rvj=ZSjfI
zFUgJ77X)^yV>f4K*3;szx6MkLaP8fgJ)g%<{_GMB_8}f6<ats`?Pe#%VpUkj`A*Un
z#R7T7%FiFwn;c3sS1IgqyU01BfRcqoc6%BG0&cnD5taglfxWC=nRSC7-OCBAl49bK
zPF_O8&HMb}s1FFLWMakCBd&Iji6N+N;+o+=N9kOkg~imM&X<rO?7Q`-(x|1?D})1N
zi!=3^LXPOFis_5((T|puk~94{j0PO%@dmReECuqD<Vugwv>b?%)1Taa+OVPUy4Y2H
zEZslqKeaJf9OYHav!*V*6~v;t4R3>6R^#MO^L4KeOvzzyYAQLlb2MCJWEg}TMA2_0
zX<O>6_%-3)9a3HCf3O%7Q^mP6;20}q`LTA&XjEYb-g1J|A;RDoADr0Da`y^}@(0<E
zJ=D(-bwFyjd{_ka6k@7F#}X5ih8mNhl_sJ)M`9j+KsYwNvKt^Z;F|n2?)DX?p(#>0
zcsH0rg7f5lUY#u-ez@vk`=U?qbiRXQIj*rcISz!j8(QhzzbPhic1nl7;pU;i{4i6b
zB|K}aSg4d1TOMN>?Ie@B@7?aB128T<WKEwuy4RVdm2|rS8K30}E|q#U4B3Y@kMRA=
zy{T%qJNZJ{jHm<ZK*5lT+Kl#$=HJ9@F4P`hlMJ8iD{3mV6xBsvc{ea;9+~Y`t;LU!
z1u7AoI~D_*e;KD`<-|_~ggPu7Lh{rls23AfVb4YGZ9~ye*R$#|^19zkp>rE<K(j+o
z$7N6~)>*v2*iv1x+g;&xDYF8t?T?bz@vsu!>l(zn-;}w;(2&(~(mr1XyX(>K)+P2#
zO$K6{q^$RvY&5U|S=+Pti>PX9WlPFOKKddG9f#1S;=NgOm8)<J^3u<X?MO#%JTf8n
zkg~F}t=91*#hdxV3n{wNLT(nezabj-<Ua(h^C1WJYV12-$uM3-0)sSaQ`5y#j={3f
zh6t=7VSwNiP$@sO!B9V_w|tGqk(_$EQ3ZOK8))y5j7G;p^uZVM+ntr01{tj@-^x0q
zC!pzwJvBO3zaO~v(AI_74r>5H$UPjgv*_v_87vVjp^i(ylO6jKa}KR<RgZ^eQ(P)A
z(nF*KrIL7cpps0St>CEfsmCjzz(VQP6B>s?@aDXA@t{1of>=RMwcSpw&G#2>T<>is
z%oaNmvg8{xAhd14o^vyxkslv{<?GSpXrQ-RU7CJR$V7wfE)T`kOA_QDkRJ;}V^cpv
z#PKD3$XoZ>n>g?RMFIm|#FzeSNNB~OcuhB+8I2W>Dx=IJ5_SF;bM7f-hX(zL*c3Ol
z2L)$LgVDEev+2oUy4Gk*jm}OT)9G&w@&WfVIus+k#|Wvvx}uBHd6Lxc;?y=vqq!0{
zbUljn6KQDJcMQ1Y5S3d$hBgg<46z0jp6;`90tPb{^Y!KzCCwQeU-0S8u^JphUAf>g
zxS}e(qU+0}we?rv89^5ovuu?HO-4k^ozE0GTX(=7&1;HYs9i^?RH~MCd{!N-*1mnb
zls?J$9eW^j0T={JzoJf8c(@ncVBr9yUn3IB;^;#9-nzx?tI-A@e9@XrdWb7(D=g9A
z8P<8*J2{LxLagBVGCowSjl#^j>Xv)?#~719iG1n6Ii{9U(tVSGKW8v4qwtxCOgXd5
z7F0&y2GKm*^OTw8l6L3h!NF7}UVooiHy$3jZOf*-90Bg6Jl=|Mb@g{)$9v?xv(3EY
z=0=<A+cSfF`-9n1NgD|)MtxFN^M%g6{1>_<>t3=z%SS0nhr{+#*~K3(U4j%AFf`Vx
zYqA?Z>42IYT%-|xV+@Z}U+Ab5LfS9iFdaUI8?5=D^_CYOZe6Evn-%oFEgIs)+tov4
z$D+0~@{Vz(53)(Q$fE7_Km1EJJxT-9Xq>5Tu@q2KxqGR;I-)F9F2@*6Zi~LBf3`N^
z-7r$JqF#i}MJoR_9HWaM_6DCJQ80s*AYO>!I~)Sz6uYXTG5Kvla?!&%Zdqraz~r&!
zlIt!fFaAqNyOYb|;G6+4DF$k)4ICSddYm2U0K&c{yLKy(-ml}25;$p_({8Qh_y*Vc
zwA|q;UBpEe$*lh3tm2&$gb&r+UGli%8pWbgOG?>0T*z>nGn~&dWc7xw>ZMH{Jt6kP
z28*!DmH^<afa;2=*WagVYua>p^V8*%><!ZFr+Snn*LVr}S3$xKrdc_b<GWz60UfR~
z0YnJ+;4+0hXa2w9q5!NPI9OztAl{1tT1NRR!8~|mU)n40%@_`gu{hta`*+Cz)bc%Y
zMhr)>seyCWyYdq=`>q&7(QqI`olGR7Na=W_u6S1ZpM@cK@BA+$#2!gAzhnn*+c(%O
z>`YxV`t>qMkZLn-&%z>JSCM}&Cs>lb?h%!l#w@EnOum;7wOQ#OdZ{*Lukr69lULo_
zphI)CH%IrF+uv-~=>pq{19ey3hWT2p!~bhX<fjtALX_ZOvkM~)XnSTrXMnx=(y#K)
zl-(XVaojqOB33#Mfa?A}t`j3@M2u6eRD#JuwaKGA`ok)|#-h{RxgnKo`u8i@cr#%&
z0}mYPv5e?2B@3+-3-s0mJ4Mw0W@|cb{I)gkSiiMeEJBD9P{*1YA{G5q?Y;Gwu{2{=
zW<zD=8{ME==H$PYN#P_HBsiQDI>02BCla%rjEijHp~d)bwq_9Jlb23tFvi##-cJWX
zvBOb~3KzT>dW9(TvjaV9mD~0#$Fw9HD}G#V4<CG+N0V-S@n5rRZ&s26(s7(@RgHs9
zerUD%Wv9I4XuoW`IPo$NPpvQCzkb>LEWsju6`uTH-^rhEQ7(D-$gg!YXd7?)NA>o7
z^4`Qgo;=!TG@F)j2o%2h+3Fj(2eiQ;qO#piv?t;kyUR|?eWbCjcRXH}`Aso7*Zj#V
zqkv@ks53%{GNCKQ)BR~c%^cwF97}BzNO8F#Z{C=C$9X=tioyWpJa)DQ4$9|40z>MH
zocVupGFL)94r*Ua)p=V|cYyVzc5Yaw!%sJ(`>rY_$o{Z`qPkBryCCnKUM_#r%NXkZ
zYkEnKH~~uju{%+1*ANgCG|qdaQd~7r=i%hGpwZMO!inA$`m0nH#ESYjnipXja?@|W
zTyIXM?xhz=y&(0~$-fck3?}p#5)u^84>0f8AO}-lLiSyYZ50AtB;S>KyUhG|f=L)T
zG8lK|+14Cm##-uW7ET@>q!0v|^24`;qYkZ%$KSv48%Zh=O-|%H@-bPx@YL&vG*i-R
zPOw%&F?%+T9*Ruck@%+Xbhgb_-G_8n+HZxrS-Kmbm|=V@2vNUuJUVYB!dNEwme~HG
zmvSHKp>9{|okOFn8fG1P7ylZWD7!eXK4xYIE^G<lW1@t-d!?7|h$+D!OoG8CK+8yJ
z8Mic9R>Zr6y^_oDsc}S2=%;YZQ=n%~`f9!98NRh9xSj?hvRdP#Oh_-!fxEJBu_3PQ
zs8K1q{SFW8Q7|Qm>TV9OkRkbK;jsIt%k$%4yGu|emB;!-+E!8hb@Y1r6)ZLBgZA>b
z@-o~`0Y3d3OQi5=)Ic<R)FOIuuTF3ru$;!1@wf9Ue;DRu_g>W&X0)mPwVmD0_l(~R
zligy_y58UV@N{A`ynggUP?rL_hQqBmy6-E*qz=q<qq8vP8E3@w$`r0HJX0|Gpa#IZ
z?5{CY{U8S2^}#mqbB!a)YJsyOWMDYa->V2udkdJ23<bcpP3M#$P!m`T!bK|oBFvX`
zw-@_I(xyIw0XF^Q)&DMH3iJ;)<AzTIBBt!xDTo)Dz6{CFK0r_4c(cT;tn4X&w6F9U
zt&hUoV%6cM=(8!O(Gz~dftWYns3t6=$Xrg<8M!WRTU~u!k{G<vYxfc7lQ=0mg@mL2
zLa@hcJCzzU&9u>EUV=3ic!pZr=rTlHA@nH}AjUbCEB*MDUi#VN{U^PIn6MrV6dJio
zJ$HAE&cnCz)B_3b|LkxV7?B__Q{+Jb4ldI|2})J=TJ-Kj23pfCT%du>36~-Izraf;
zFaTb5KLxPHlW3q<Wa}khdy~Pz!F5pJ^EmatIn7ob_#l(U7N%+)f8%%V=i|o|O0ddL
zjE!1QR#t`@L+|(r7C(yB_C1&9nSA<betGh`M_9+zbGjWY<xoRO-dM`6Rla4YjSIJ}
zSi%tdmEBc}udrjM0w}w~eALMRn8>i_!~HYP^JH?9-jD-gL_->|z#xJ_r@h04yludS
zHI<ho0_z)YZQ0jEL%jejXG(q;!&ahB7~*K%><J~QXkrXv@}(EoN5;u<0%1(q>>;^k
z*DvRW`wxPN&~AdyvGq9sX4J={w~sEZM(Pr}8RJ$I28uiHQyN-?PmSg!FI4pVQ<!^=
z*BZDWL14w2;%XDL7WMx^zC0}T|0`b_(2~b(M)vbBZ~gG4e?jd}O3EEcq_-{_J9|7s
zsg*Ewm+#@fT9vedeT*pkmta1hWj|qj;~cC_HfTZop8#fy(_Tn2RL`#2M3+#r?Jj;F
zl+1s)mwtJN|KVN|KC?ieI|8MXA{lymcr-?;Pcqtw0;E5Hw$p*^ooa_pyJIP#e1)o?
zc;1&+FS1xtB&Sx{BZ1Dz`91`TZ}puiB!}8Hq%jDBVgJl4s;_RtVT$U7Ke9~1056|B
zytkOE42BPBNBlObQ%`!AVRv(p2t%R0>oyC<C~XtAeE$DhzNC}&i}4#`;Tv-VdeL;3
z)TjoI5wLx2uHUGrFZ|!-OJdglCSR%-siRf=A(>8)ygM1LNSIWyUo`X5h+{v)+28&Q
z&iocu*=Bu!-k~p*!sOpQ5I$5f!AS4nHwWrvE>)UGFt(Z{Ete&d1Ei&2fb3GZLLOJ*
zG<s)iP$vOvtUSDoNwcTT?t@#Un>L%c!#M`#?Y__vPS4A$`gDV~XRqtF?oG9EIuP(1
zt>4fNqz}lJEC@K<`~cO0SWh<;!}^I?a=0RIjjIz5R0ejIIGW;~&Tvg>)4c&P2wJB~
z-7q24aWt?7UU?vexvAKMp=jjj++aMw8$~F#GxT3Dj9i=+@2~tL<MX%74)&c3{l0K4
z^`1ZzPF1sQ+&OGzB|8Fwh<(VO4Z7GWama>#i2o60F8n`-nYVX<u&v8#Alg=g;BY79
z(PRmzp}3h+2Q`PIGp|EfKLUX3bjj$LNdG}-5QL{Er~K`DuRi$i><yr#A_dUvEKi6^
z(*BI_FaSK&1d<i_XCo)>S5t9TlzRp7<9`uPoL9PbBZjF?{)c(42YabdSl0}8P0?oA
zEB!lKBzkrAG<1!5f#0IvBRN0v*OOAPG|~FAe^nU2J5!aXRl@C!oaNY%{oFq%LWcZZ
zAYOIj3*wU7rc$y@+Wtc_xI@_SAFc?KC=lQ5fTq;RT^Odjc$j3l%k#d><4<{?EZ8$d
z=Wq%l^%8}dK_s_hNYUo#ot@5K4Eh0JX&k!T)HW3MN=s#%=K1FTpiJ-Y$S?|I;cvL9
z&(pE>Xl~NajT8SpA@4bVfp}_bFSgk_ZZh-p7P^$Ie-R!)8&O|zU9L}IHUjK_l?A2>
z#6NZqyVtP%(N6*R6%Jf)M?V&=KV#)M0Ja_H;APFo|9ek>Ps~wR(|mQ!u+*`i(@8A-
z1DOTexzTISLUoS$JU)y)y5XTsA^f@a5`@NJ+8NzX#4Uv9!4eZIL2vEMS(W}A0>ujX
z^o?U9(!&Ia=vBy>ANV(mzvYMyuiLfYMg67JUhJ<Y6xNby|M!GIUwNItB+cJvCi3-}
zIYcY@@#j_{!Q`XdfJA-y^IWZk0S}R@L78#NpZo440BDua-&sQcY+^|YKy(~e(Z2$3
zJ2>!U@Oovd{oRBFIIi9jwFaAImM=7tB(3sOL%{n_@z_+XE@vB%z_JUA;^29%P&h89
z7!JExER|NPoBwRdvcSy=|7k8&Yh@$PmF;rcFH1KeNg)?{d``FN3H}Tv3|evE!pyxs
z<zL=?mS`&DR@e@i*}nKVvoKxZ&d%j>Sw=WkA^CW`D9GZzPxEo1#gu?LC(L1<htJ_?
z!T#%NDYd(7E>jGhT4W--i7>#nZf@O7d!HT<C%>ibj&F)blmvpCJ>1{F@s%U#gXF+Z
zPN7yQ9kd@!<~z8qZm7bL9m9VjT@62K%D3%HwL9y~5!gLiXy|)YDzRCO-@Yo9rxzDl
zZ~4E)x*!p-4a(JQ_Q}Zp5Yv$hz8REDSwJwk$TbhIZgM=4%R^i)unP`REOdhGba%ek
zp%rhOuXj3&ism+)9NR&jd1`)pwKua`v0C*|r&uMXg$3_-sh!Mg%6D~qXPFS*Y5(d<
zssP5T6HLWQt9=rXn=6KZGna)#9h27;7%m_BMQ18YJOY=D&+Yd6>34f{KP}P3D!X5o
ztkMZPW$<bIo}X?pJ8G+P>^FNyKxWwn9~+gR7phzdW(pp#YRu<CPEP~QE46{%k5yM8
zl_OWj%T0ZY^u`CVM-bcJ*wRNG&Nq7a?Vj!t0Ce0+sxj2yIrb8N;rt30tBghm0JvCL
z`}Rs?<$F+BS=uzU%5k#d=G52o0@aG-S4XnM9vXc52<xVz;9YdqI*13r>aC-V*nnZu
zhf(yZ8u+FM(A|yXdmWaHnWEXd3%3D8@chyg*NJ6r$AXue7D^zf5yH@QZ_==VH2S%<
z1v+0Pt#rD@h#bI+kM#pl0fLzK_`X@ulnNh~9gml2O)!7zS(WQOeK8?es4+kI1b7mV
zuM$=94e>$*n}93<H&VpK6KR6Zb4SChL()0C<Uz~vFs`WT35IDyBT%6M5-EmvhvX<&
ztZFGg6G1Hr8<{1NYi;m;Qm5}Zw~i@0&jKj12S*FGG#Zf-4!F(}0kR~DDqb9gVSK$J
z3Y9Z4(6@g!7$9-kox(h|+Prn2X~qMT&!nBvG`j7%eC0s-ypN(J9=KAjH-~x0S`R@z
zXffb@Zr68t)8|F+tKAprxa{}g?T_!nvb6VBB_w^J9@~-beHF8fiLjZBA!wh>8+d|j
zw?_qi11=4Eko#7DSZ&dFR@9iX$!5L3GTD#DvN<YL`Z`&+dX;^{PeJ=2`1CdcB2FP)
z*F(MHQAXm&d)BMHxs=K;Bl>{%I3ECwkF4qseNB-0No!$Zyo2Od9AsOFPjDJxD@A#;
zvn{l}Ng~&sQOG-XI;Dr~5E7j;6w!RmyBoYe%H!$c3EZ!#eI40Uo`zpku5j(O0^V+l
z`BsA1%wKs#H;@}wfnv-#Uld<ac>fT-f?GXK6X^5iG405u;j2!`hz=ir=HJLr=83|z
zwyxl6jy7L&-t(Z%auu}E>Y4cJXwFw6mTFXjEk||ppg!X3TmhxK{LzmH3h`01&aapG
zX-@4s{NJ0$z^OH-4%@oyb=oYlwia7V>08cvahU442cOW$EzCOGa|AjZvn^&_tr0cm
zNW{P8sHZ9AL0(`?y*jfc3oLmOz%*DFY?dGD&9BY+vkk5VD1RQaUlEs!Wo=VG$Yp+&
z)J;x!39e3}r9ug&Az{s?g|w*ntqu4PL!TTiI!w-$a8E{L1-=n)dRVdseXUCMnnrm+
zV()k*g;<;Gt>y=a&iQ#VX|boWQtcr|8(WN-b`f~IbRqAMs3;17rTkk^Hm}USAi7=X
zx;OFcfg4(N){s}fW)dta{9%y1tapXIvAs8vcrB^WXs=6oq&(HiRf}uqZSzo;e#-8P
z>6+-LGn(DrC~jwkgnPF~7z9i-71#5iMT6%|?k*nNJwHO;n-84W6l%5nApIz!)mRgE
ziB6j&>nmozw?AWQ7f36k8V9J3200wgnJ>EU^SK@yov>(Mo+3ch9L!dw;hY(~kf30W
z2Wy$UX5cs-4moPfSJhE3KGoVqoHswlTX#`1&bjY=;{+VLjQ(7pMFKcUwewl#Dk*~J
z_2G(4TBUfpDf<g(D9QSEFL2E%-C-e3(3UiiDFi-nwYKR}rtvtdU&CQglKP6M?%E%)
z<f2kWO{tV5NnoRHh47;*T;r-465K#G13r#Kv*O-{JYBIZJU$U-c72q%nLpB#9!QTH
zNv@P9Apw*K=4ZQuiO53bA}MaiTaEh<8s`U0iTsX4tXq63!}z)45d=d5<c_Jys3YWw
zkNiOGeW4S6JDzqH3D6-kA_9phV);q`%5EK-3aIKJKV4AY&|ou5C+-P-$$ReWEPS)g
z7t3_2>pvNc!H-Yf4CV%ZJb(uvR=kgGy>z>_yQA-xO0IC+I?zApRebZ*s%H6V@0Ak~
zc*<_xB)j6)P+;*i)>FttH%1|s`7^e`^+ubs)npUB6B<eOz>S>;?x@v-%=hhQsqYM}
zTQX^M2!MJmi5`i7&!HK<j#S)bHvfd?w@GN(4Wxh;&YkWuId8CVJ<qL1nW>yOooxgc
zVPHkQmlO(iMh3mh)Hd%-zR}aB@OSo5F^?Lie;H0>7A<B!s6c3jLEIK7bh{*CwYWF@
zZph8t?tFK?{dW7>FJ}B?NLk)Lgg`d6xq$+pK7Rhe-(#qsqfgYBcL&&^%*qG(OLr`l
zFkI?D+|>`>eS{k&n97UPxu!g3?q|jq!1k_5V^NdG>c`tK!Bed|J?99;TEgS8ioZUb
z@0+643Epl_f_`r@l@sG_6!6WGGi~Q**+8rlR4afO=>XN1E|Su#tJn?>-6fDprGVmY
zwpjZF6IoZC{L3&VQ;jcItWg9^Gk5*2&Gw+6YIZ!8y~Nq`E#DcM3<6Z9?3(PB!wp<B
z^y~WEqvTqR!iMaM@ck8u8;;3p3-|gv&5x-(SYb&FQSZaksAj)Nq{{f|o*@^*)N?Z%
zj;>L#*^s_KmnXp4k=Fk_-E`I>nRWia<F@KdPGG*;`U9Q*Q5wBh(7PiA*1IR+8^J!Z
zYM_(VJ^wVx0Asxp5vR=;qiq6(+B0&o;dn&IV-Dl_4;>eUXwJ{8Ff?-9!M#YjBu<z(
z)=HK?ELzV_UkXLJsT68Su`swar;j1fGpnjk#<{$JIJkKS_)M`Y0#w1bg2XL{ef^P7
zH`ee+-JLAdi_^vF-&8r13{u^MO@tUg{8&BKJ4LMnH#v4<C-5&>a}@|n;&C*eWDDaR
zyt$j`T}9H9fv@}UAQ!?@qZ8%wdIwpwr5nB-U3^{8Zi?jqY7pwiMg)?^7_w=a*q8US
z5A%&9*&Ii!ol@8w`T~rB7?d0MgD;=7JF%grF|@-I>7ltxk1;4bUIoQR*m_T<R?@3q
z6T%CP_RLM2nq`V?vU*x*)XJTQE;EibNPNg}ZtDck7AjfOdNI&*Oc9+(H`yP5^go`x
zsqOB4<VfueCm@<NFmvcp*7pzOlqLcA9S$y%wAsmL6?$dIMcCrW7S|i@ow5oi_*mF2
zXzd1EAo%L*O7q*CPa_vw&GoPs2~HH7-r;r>?mX#zVJRYcKi%(@4!%5=50ju9pr*Es
z4a6cVr;115rwppVa2T2G`!)&zsiu9-eCfjgaqi3BT(q!`V_j}MDqOMtX%pD)Gn_!p
zT}I78_vVf5yp>587nG@^4=Zf^kEdb>gg7-}_1YmYo%hjn3O=>gPg509esdt;<WfnG
zDjkn*oqn*!3tL#xel4g|c_Zj5c5>HS?NrbT!|YwsNJV(ZH%`MKCiT$e>1TTiFQO*-
zl7h;q7kAHHUPyNgs}aq>Z$rjdTRzs|{+F>x>E^fP!;JauosIE4n0{MhC!TH62I#WW
zsw9zo?p$Ze>)N88C2BR{P!~(}C-3;RcPBJ>l)h-M%sdHYOW?XGMT5ZHCI#S^$Fp08
z)5yQNqYinHPr)6wEkkk8tI~&ptj`MQs%ywaV1bZ`+vbx(HlP&eg@>(vlRY68G$1Y=
zMNMb6c*W}Mbh2(Y+oIY|Kkbjlh0!l`0W{Zs^`_3Qtrgs`Be9}5vQEJJk?AHBQo%qh
zBJMy>4i$f}OB@j;6pml3%ZH@+Yp;Gi&<`er8_OQ2A8xtO{SxbFp(2ovLZ$ck+y*{$
zG+jh2>@k>N^kvk(k*7o2r^v;?%FD$}we2Gmy5U`8IoD#{fzWLM8V^V+jIu-4w{+5M
zLujS<lM9ZIiGW7g%@1iRdgT-YI6MsGPdbp`lr&V$?z@Pr`Ky{x{wYmvBo^k;%XyaU
z=fOL|v`KX_J^Jw)CnK@!5C@p(^a<3qJ2qY~&0RN$5TO@@@kyh7gXsFrFqNC@Y1ep*
zA9N6K8NS6n)e1pH?Mx3gmxA5kK;f_XJUEZbzP$KawxuL6jQ4<$KqEn{33+zX*;ljM
z#(tCcD|+aOE_)5#DQ`Ofa2$GIoGIyMUql8Fc-%C)7R{vJ{o(6Ewf~gdT$3Zo6L;S(
z*PN#$qcR7oV<jeIb~&|K59XYU742F2SMWI^e2MsX)$deg7`10R=<xc|4=eVukodVf
zHt1CgzkJsn@lA8&-7#(V-={eS<}VSom@1XF>L0GPW)|<bRJ&1=Ib|QE;M!15KR@#T
zjBDZ3<pKX=6*u=B-(b6>BGBs7LPIlwiHuUs=EVfL30~FL8#GJH)0YwgyrCS~>9gkY
zLH+7lM;8bQ>Bc^gR;lI^juK=HkttRU)nFPS_fvN3iv<th6*llirxpcbpVup__4@|a
z0E*#dI{wdc8^9NL+~!Jqm-q(Pu&J=_!rmvVU5>6;;xBO1YBnwah+9k?r9uE<49Bc)
zJ&KBy);7}7rr_(Lg$mo{#>y=;jH`g+TmfSgr;=z6RQ6(P3QIHLa`UBw3|QqMc`yeE
zv9qzOe_Xp)t&sC<yir#*7Cdy3>jgp70=?GXu;p^$&(s(QR_dg-rZCwQf+jS>p~ihE
z@6-!32wzg&<0$<T*wnrVD`HHBxD5|zh4t218ZjI+wiGsQ-(teuUVmGDPt9NLu+(?#
z%IvQ;A)jj4F^%lXd-~cDDhIQozjJp$CDabaape3Ro60uZu!ng_vaGtbQ~!4r<kdD@
zNJ0E1#%Zuv*ge7*p0K&IsMbMJ_Fou|<Tr-<H!&4ccCfthcVg=Gx^~@YXcqn#f<5G{
zaYON!zeg1U!>2xzN?@9*Hksl`jCq0+DK>9%yJKp@uKowbG5!~dLuI2fd}VRCzLP3{
z*9MLtcs!1%ux&1Oq{F8_6O?x?$Wq*^RxDAw9&nbO*AyuqER1$K#95T&&GU`P<p7f!
za|fM)n{{FFE!L!<Gd$dm14;IC?(WbyH+qh|`JEQ0^(csmc8xmZoDqn+@)0x6dXFP9
zD!F}L^?|dNp>x*>UT3sIPQ0=`9_Ni{zvAI2)+z`SMw3*JE*!fE9bVI$1vQx=t5Ktc
z&vW!dCV94Z9rG{rbBkj{@>4dNHtz4#t%6Lo$<|UJd|1g-8T5oCQhEFrWvtL{i^RZ(
za0s{|!%dqc>xx$WtbZK6CZ=ZL7GX^c2@&JWn!gz^@g7aMyD&pEclmy8%Tnvn0zJ+c
zesdUHtkWb|N%kr6=e5>q>7c+?$@3~ADFwFQ@?$ID1Z`|kwO!q=_Q_Zwhi}{bn(P_6
ze3(R={am-mk4QiwXrgJzVqSR=w^lnf!^*?^tWz4;+B^iR^!k{>yg=|c<OROuw%((g
zE!6uvocxq_YM;%&3-<F_>L0Au>_H+`p9(RgF0h$FGFkWOdHi%)Z<j1=5xa#P8zgZ3
zcxM}q(CVjqM_i~_u_2n%DJxa<tlC9HH#OLhi-yF(Fj!l{4I|f3Yq9cv9Zznw3|9wt
z&Wn}Xaulr5WgA-wi1H~m?*87(ip*Jv(wFopl^6@ilTRpn@<9Z$dN?`YjR)ktJ(X2b
z4+yB0X$E6?sm<rBW3u!OiFRv=S*U2HYl`M1<CPR-x|zq~_{(s|ez0Q@eO>&r6CF$v
zN4AEX6zZuaG*_yX)qHm@yPkO>VJsn121KU1gntQOvbkue-_Z_FOYtYsb(d`|KGka6
za+Eu-@3q-+J(#7H=zqIdj9!m-vg!FmYcJGdI$hZ7epWZ_$rIRTw$x0N!fP8ouA{nm
z_HpDZ3gl?@!0}@B#dXPIb<m<8aupgMjriWr4OW}PF29Y&UpMqXm;pFYI<XS*GLSbz
zYDanR$_o8au*C{~wz2`b7|2XTAJ*!><BJ7hEgyx$pdNPjP&&pkeKwsdWj@d$L$9ZY
z-uX8U5hj)lpE2?AtGc)9XaoUouClp?yjiM*m;TjezPjg`Fu>_tw)*Af#bCx+OcaKE
z-HwazY~Tmcth16lXB4AnOMvhij-}3#wy&K?FPji#x}?g7s@1M@`18w6Mg-<Y{=md7
z_#OGSx5xUUsIuLOLXX6@@hmW<vYfo7R1DwrQP~ZAjt*AX#*FU3s~t?NH5OUq_(p}=
zQl;787BiZ{D^q^VTzOt&N}cI5lGNgb%~l`-3`(;?fs84}Kt$YFOY4ZXZ=y($!N1I0
z9gbo+){U8k9QCo+E(@ljd5s*z(HI!K!2+Q{2FpZ?ax<$PEmnK3oahD%2m4|uF#;=#
zyEEuBhTr;3Q8_dleM*zoVJnn0Tmf<*V%h}wBqE79S@jTQm*VN}Dy?~`x_q-CZ9OZ{
zjhf6C?hZ0nVJcb=+|>ey>X8ZQQ6KpbRTi^F4MI95j&?><>FouUcZZXyE9T|O8r>}R
zDsw~<vR+ayGGuLeFMER9WCox7Raf|MA$sZf?_2eA-ejKgUgbjMHy;BpytNpJX%wU!
zi;iUaXo{snCs|?6`l#2^I22K?okSwf3ZMP)20RU2xq?qE3pVhcHamkv5@gI8X`^q@
zB?!=!aclPpc-=naeM&{A#@fyK^h2VUL)8XTQ$TQoh~UOBe~=ky&{^{<u-FDc)dPz&
zWHv`KuBR~0FV0h!lLVJ^U#nS!@s-)hs+Ny48l@5$1c1br*U%iWE%@E8S{aaBvt`DM
zM&N4|tD5qeo&2o*p>+@Ke99O`r_(6(a@vMF422&8VYUoS=Fl99MlU1`jhJ_dH8~L&
zLk+>ji>T4Z%z?;8vriKE1g+!EG>_|4_kl>A!;_KhQ&bSN)Cu&U_s{u!B%1Rs=!jF+
zFCSCid8S2qgEzwml|vyx{Ekg+?R%<lxZ)}x=fT4?<BSV!6_1})EKnFMm=%nwp;-o&
z)CnKo0y2q&JJbOby4E{~o>HB<$hG6%uKSf`R~yKSFg(+K>8g|<t@ijn=_I-^3cKC%
zAMev@8XL~HGIf5Ys7Ir%iKg;v*VwQ&O;UeE-+lZUsPtf%<x<&Ste<l(&;N3N8;2cC
ztQP8M)};lvy;P*3V={LKs2w$|f<6#-{>$~qsu82$h~@P|H1gR}M63OQMKxy2QpNq=
zs|b;T5Kv%N^G5x*=#|Jc#}sl|vRul>lnOb~9dC<0+Ty^G2QJT%7J@qbt5ntEk8n9{
z#~-!_L;5~HC;Lx(l~}+OyY~Augyvhmq(VgWPXi@&j55#N5d>*mjwkJmU1byb>jnj@
zH!bEeU5Y|)9o*T!E(k!0o;rBFg_1)CBDk=4vL#ZeWcf_JRn43>d!_NW4l}>97KX%i
zH)vL4p>y+{GHEv0^r-t;09XS#9PoIM^met3;G9lDUdp4&8yQaEF%D%6-j}0Xp!q}e
zK!;lVTzhL#(i6d7Ao0#KQOfFv@Y|aEM*qdc4)d@B)~~Z(v~As$--|e#lJuPCKZ@3J
z1iHQW*4zAeFD+EV_cBeFbj0X{P33+`^u*-(*8Oon+<V~-RDKtduviF_5O*;coc-i&
zfxedhD7sCO)=jwxBYVU>;WOt>4<j^uEu+3jUS6@&nnlE5h}&WQ*@kkP>kZwErD|N}
zg$#5_)N{$@VQeb7uh(b6?v-B7A&&>GS*Uhjy`9xn%J?)f_=m^^dt+hXEtQ=nCX>!?
z&|=c!w|E3BKTlLs@(;-{!nJ6$8v-8T>ly_AGeaW&84LI<G3tiNjVR{|2#5g4M-f3q
z5GQmoc$}Uogd4+UA1%Jq$~UuAxLZAeUuqg`8~P&z7t^1GKhySJ#DSxkV!f`(3fz*u
z61<kd_pO7ke_XiZ!e(Zyq%|OwV<I9VuD%bM({TApJ}JSX@)VDZ*9T~6_!jcdLayD9
z^0Qab?-tN#`u>Sc?PdMebCmpLSzN7Ls>Hcu7b<VHcpKZ&%l3C<YO#S-LA(hXZr|O{
zy4fMRG|H~yMLPaL(S%vk`IMr**Pm{FfJy|WwN57f$(n=_5Kzg3ZqIlvANV~2>qG*e
z$a-E`b?%@4fW5kbAc3#%tKW9u|G1MFClK7mtUmz{kFT3}+)J4L3B4o)0rm=N_3N+D
z_CIB}0;VE=nAuC>I0);^tBw5+rvWwv$QO*?`h^T>$ObWpxEJ=ppWT3x5khD$OE&s~
za_onG=(a51iPMJOBpvy4*fm!2HMH1U(-r6iw?8{1dUc&deqNIP`G=kifG2+5c+dWO
z1)>FlV4QlA>kBybIscA@|Ir4?jtkDOS<;N8=QRIZolbUd29*uv9<yb{Rn?m7KmXR|
z{c8>06j?TE3;xT>1a9BIrp*=>k2sJ%7u<$oyo`n>ZLZ@~%xeGpiS{C**H5tYQS6h;
zxbIE;=-Vm(JKmNBvw#tCdA!|g%PmV9&WJHXt-A|=#HV~C2TzbT-sl(m_ZD=%gSl7@
z7LMfid=^4;@@t!^_WtMGkQX32HG=~ke5-l>T!At;;O>-3%9wKh!%PV~U!!g<c6v#0
zwamZ&p_3{f0FCgL+AIzIuM67wDx8+iI{LNbRsU-Po_Z1kr~mje&DZkn&zAr9gh0I}
zWt`l9Zu(mQ8lMHNbS=CF^8=4TQ2Fa~Ydu%GT<;GQ4UpETHtM5=VRBO{e!YC`fpfXP
zG|7+NmiEWxu!~kMS)@>EwAy1TQLPCFI#sVpE4dlkpIyKaJO%5dLMY7vKuxsY^&-Z;
z8NC?7=heH0;SeNaHNHbYqtg)OBcoEz1GJ`zjxKRut{%1$g|cTBhe^ASi;cGIC8{l>
zY-xGWW&d;VX=*Ay;c98i1CSS=aQQ3p;Fpbzo4bF9mtGcFGEQ=eWL(*x{ikHE&FgBQ
z&`dUIw1sr_e+@o8y}HWs@D=~i(uT*fBv(TMKpgC=MEP1DvI3zidgGCRk#Lr(3X3Ua
zao4(&1ye-mTc{sqkdks$wJG4ZuOStH!ju{k^TN@7wsySKY@ej=HWhXrmrr=Jl6RFf
zwR6;j+oK62i0-qPNYAg*O3%NEiDgUSbkv?)bl8*jUwsJ*$Kxk@z=Uv9Yywp(TNFWS
z^-Z^+_>b_@$M*9F0@pcEqpq1Aq$c&ucdY6nVcJ>8rJs=5)J2fV)R8mcLMh~`M9L<(
zi6nv`CNy9KH$qq5O}Gv@J{#TeRgE>fTh0xZ+J~<m4llVJzl3vcudoNwE<4cPiC$Qs
zEjX?b&X_I)0G7&8z9+yR8*Q!<H&-;<<poojuMXxDV#iXb27o@x8|@4cxT0IBC8pF*
zJ@h(7HDPQxHHQL=jxR#Ai7e?WT3q7=%)9+<f>p>*8R1n|Z-$mH9j_Mb8&=9qa0EFF
z;7dK`Ug8hdx808J!w6exkK$RV$Led(!yJGPlSEGfuwVoM?c{?2fyXN?<ZfugX@S_S
zI+BPl`!RUZ^EF4`K%IPNjGgWuCixL@y;hI7WvJQNEmqtH-_+FV-SBu(!j$Y^@ny!C
zdZM&4LK9NRmT+IC52=(+{?Y@du+H?$>`vx${dArKe{tsgLKIE<QNO_T<k?+ZyD#<0
zShw5<QtEiAMbgw`>BFf$rh27Y%y7ltRCbe#M<kL51D)_%mE4ew2`@D!!K`b9i@nL1
zVd;3^Q6q9QdHQI}{ZvPn=lB{Q@2?_nP`l$!(XWdQaa-#z6EQ_91!Hj}TOQ}%8stx=
zlt(C(i&dj?JyAhL*GwQ3fe4u3K1x`W?z|h*ne<xPMA@wSnr;6FoVM)K%;$79jX|yE
zWK|9)&aMT}4m8c5CwKz~D>srp$Sl)^!j4qh839YPme;UKmoM#~BXwrDF69owZIC33
zJ|q+>R-3U_7(+pa$6QJ;I*dnV_2usxnHNY`iCqE}@+{{=t<f7bTh$kF?!;a$NSI>I
zA#r(+IaDY#WEUIH_3juIe(H{gM9x{{9>NCiW#Sz4GD=jdMmr>pF>+IY!c+OyD71X3
znnpw<f4tSem)jrM=R*V#-czpavJHrsEXg*g*D;Lf=OseiH-|qi$DhBYULuTWm$QgO
z+O+26D@_I1u;gzNd|eE1^ab6ap^wOzCr`=OA3=h+K$?&8bIb(UgvOQjMBYECLWzsu
zC3KdE&H~ERxFPr!j5}?2HEP&qKKl=bA6Ko7JSjV<*D&-`8w~2Md`jgKK2nQUqS}=N
z)#45k3NVBaR`v1joTwO?N(}(imr1qIb~bx-S`8CAL!NM)R+ytZ|4Q}7b60)yu1tJB
zmrTXwZtY0lHi8Tbpx*^h?zq?0crr1~*aiEh=bLkA_Av0uqR?7kQLK^Y<oqIYuRgf>
zA^<os+b?fZBZ0EX$$VIa{8CR=pzmBz3~LKe8VO1c+-7c2l-NaaB!ah^LCDEC?3Q_$
zxR|_>J5qLQ<0r2cqB@f)$_OR_#SL7W7SXJEAN~`C#S#b0_JN*_*i-o=&|kKjn7i7R
z7vW$vl<vt^jR)ib>6uPC#;K`1Yk(N?Vqzi3HeYHFrCN8-k;V2|ADgkfE<2^k${P#{
z(KgyYCxKYh#`$h`9fJZDb)3dy{yv&whhp~_>}YH30v)mv4AgPYCx<#a1aGxKzE#W@
z%x9@dYXOKDxpS@^FV$=i>zY^Bs547d)z5k_Wj{wdqSKrV1Z3l7F2x=-8PEEV*&MDk
zr7hK%_kbwV!(7ZaX+WQsDXT4YwLLoo?R>%$UUQ$koR^2<(C5_M_Ss`0vMSf*b(~-t
z=t{$Ly_Vm+F`bG7UB)w+4ZS_niD{5(H==$z88fg+ib<meQj0%l$1@sCMy}aia@x<j
z?N61Ew46)uP#Qc{S=~cmccC}O@ZG1=(Q4O9K=5B1v}eh-IgD#&B^T{tgn-3<9UmKn
zWX^Z)x@U3OVDV`pi1%`nM2lm7&IZIeL!jOHH8ef5lEHdd?K+S}oP%++-3qrgM7t??
zhaSeCUTq@(HhQuz;w2|FWr0ZT<6Bt>A)tmQy4g6TMz0I%{OZa*m$8!!mip~h5B=<0
za2Ex62a{MjZAI<xICW-uLvdvi&pn}@LklcRC24L;@q@R~YZ%&$iAK&7l7dLjpWQDI
z7J#HmRztW7<Bmst!`AzKYQ&q|y11w6Ohn`5fDxNyUPq#C7e}Alvz|#`CNPOqnu25^
z4wT9{&{-YJ(DA^SG<L^Nz_s{6YEArAwJer2Oy3_I9lJl=axI2WOMO7*2Nzn7#95+d
zo!L1NkWHl!OIbd8a<omhm+_=l^_k7tH4yg!>A>@Saf)wxe7gjEiMbKH?8#9lWWLCR
zkX@kva@2`(C<DDFAptd20}ReP!PQbtlHHF}yZu;_@3_^haMo1|Rpq`u3gQjG4W&UB
zQ~2n+K<+Iv-g0&wVyZZ-cId!bZa+!9n{DRJaHNXOaR#K#Ypu3%$L0hS`>;-*`_k0a
zO>&vg$v2Nc+Op7m)tB5{goBBqvgZA@KIhct<`&!`M9^Xw!2-<|ix!@?pZ%N$EBbN{
zXTy4C$Sdg_*7^#EsukPnFBD)QUZxO2t!J8Xn{iLH3$^B<&HX}@@6~|mNNyCF`x07c
zv>VJxtNR1WXaE=(SiVde-_Gpj#es?Zl#gYv+*<vBzIm?9P2;q`JxV{_=uX(aLb#bF
z*Mcu3q>m_x(cQs45*rs*WvTnk{y8NYy?hXx`Lduby1V3N?r1t|s8JO+TOjIcizUC3
zjFxt(UO@+~_E=k^)0^+cG*@8Gwij@>!B^K3&Gq3-^7DI0G(|Us(3G_OK4f3TD`-vQ
ztv9-@QLTIGvII^c{Um*N%nKy^D;2Y4`99jCkB-_~SsDdj?>%G9IOSz#)i>21F);WH
zP_XadGONxDZX$EV(^J=CO+oV__1A5DbCm&FAhKuwI(wH#X}ZJy3)OO?3!4{}xPCq(
zeGOX@MaB0<M^|B~eMJj41S%FvTQc?A{q^negrS@AEmh3TJN6ski)}Lf-J?2m`8q(8
zzfEv3#o5Cfd<T+Y3)bU$&H7a4UG)tJJ~5A{QawFSTYZ2K1R0pbs8O?9rP+)+{*>Ba
zyQ(|0tGAPcn?$p;tk>B~;Xz&rf`-fM8xaSB2Ymw$eK-q+EJR^4TW~f(S|dCgARtrw
zGt~Ju+lArP`8MmjyW*{8-eo#%+Nw-KcqSa3Lgh^Ic@iIgx`9iYS*>9v@|)voL<CaE
zbwV_+AEhAE_kF{f4DMleKPDcG=fmrm30+=xfG9#eXt(O(cRH12qcL2MV}+qNff@XC
zq>i%C9lldESEf*)?@uYcA3YsW!raWFw~hGX0`}BVI(OWxeCM$4(@7p3>~q+g%wb+z
ze`%^%^108ai%X;CS{&Ukru*Ip@(Wqhh}NvzK@D~5J8~(~9*-RiNAKnan1?rn`Gjuo
zn8M4$Td+(WS%A(b^Gh?AT`qK?0d?ka2vA0fbUFd;o;y-l{h=*T2ISHh9ml1qO^-fz
z=RwE;#85e~2R#)AeVLVfWUzF%Ul3LuS*%0m+SW@0c1eNg?)ET^ItqMhqfy1AH0i^p
z4+9Tm5*54sRNY#<ZCI)wd!FCW4D~aO$lw6Ex>(gN6H;nT0a1ZQNCyuCQSaAvw1%U3
z32IE0-^FpFA~-qTSL&lt$Fk!Y4B_LG){n2FVRsxHV9sro1rE|VI<XR-+HUvn47aXO
zgM|n%fHCrlZahD^Msqt_NF=e9EM|Qkh_c(Crj$u~9vj3mU8HJ{gjz>9;Aw^s)IMo(
z6#cc4$0yBKOif>Ab29tRvAm*v-KLN0tc@o9lsPTXENsotNSt7%OxQ}&agW!lTo0jh
z9$B-=>Og<<=l4j1f{(t9`mkhrNd1@A-qC;)UJ#hpq4nhe{@~o{PCpBIP@kNcjeLEV
ze})=b?J(E;0LwJq-^uX?PyvmLw)2E$ne-YQde~9HPtUsUr88A^H{TVH=9+U)U<iXd
zo3n<AFY6kyFYRW?IV~cVNN-&kNZ!z*v(;eNrhm1^nX=br^A>PX_DOODa;Yk(n#7)R
z&%Yu3no%mY<l$CjXA{@DuJtO91HJYB@(J@}mvcg2g6`X{ABsQb?#?vT2WBqdhFk}K
z>7AST#+g*1_kU?TR9i*$w}iU!NBElN$tdDs6a0iv;-mw<gBOC3>h1)0S|$Ftg!J&P
z7m<KswplHAZ!YUcIoKR`bVMmAFyTlnKhK{F@ghd{6ZppMh!1h+uuRBgy`lPbZuBDT
zJ&AaDCOYk*mY!7~Rvhl=&y+;Mj(2sXILe(V2-Hh`eSw7aVUnm%ICG8ka2G+u)uCw@
z%_w6Yn*E^|Hzsfc3;b3cW7UMiM=<;YALAL;73lS%MR|+YbM?KCrOIu}0w+stoxk<0
zZ6{--x~jNw-}t5-bjV*spEA?ZYjX#*TZ!wLFKW5IC%Cw$FFROhxR!%DXh+s|@Y@Dg
z%_)U(Wtc4QG>#Th*(N4lUcLxjzKzE*f&_5~*EoDCcfI}|!HZ~2Fjy8voDRc-1BTx;
zl~$6Jui(1b8`cRw+cC1>B=W|RSssR01q|143DzpQV`w1;M4XStQU$`150Sewl)c&^
z<v=7GM0~OI*5R0(1`PM8bL5cHzs6i<(Vo5RXGN>8XP>1wXQd&mQc#!8b6G!d7GdF~
zFh2tV%Ba_m3wfngfY;L;OtYd8t`E*E2aPo@A<X$MQFo5@Qx*&d5rgab+$TzxBA|h7
zh`{Yzm<CMrX9w+|MC4hH;d^!nPR%{B^fqK)+4pFmq5{BB0o7X<BC`cK@O!Tw%p8zT
zs`mrOk83HgSAyO7_lxlNhccPKCe(wvIs<gsgm7<0+h79?5e37+lU4}FXP6=eBZ|*+
zUytWStc!fghB0yWP1;P%SeQXrz(A##S@65?couvq(XDlFM)p4+ONS9rg2=2v4%7v@
zF+$Y89js?>njYy+r#Y8fiDv%K0~3QWra>z>-qls6y1l<}zC2pWeLMOZf&7`Rc6|l+
z1N&Wm)_?8P9*Fz;Idp$@@T;ti?p$2$(9_in@7LYMZh_T$W;D6XxMNv~bA5p1VttLZ
zhc<z$w+1f6!2)uz)pyRJux+GCt%haVo=f@H%kp}4g6v-7XP+Ji<r-{aD1a3diwGb+
zqX~8GWjm+>AF*iRkf#sJ!mg+Z*JmXW3Dg4ZzVw#YVI#Vz7)Eln?uAh6@!*7^4!Xy9
zBtnp&2G-Uv?+rO8M~~oh?A<#5GY0WSf<i@}Mca$DZ#M1rSQj6Bc=wee5eBU6KBDzj
zl~&uMgyYGAr^bq?k~mXqvO{VcJbL8k-p}mx>sY&0r`I%3>q(DsWt#4>$2FzE6Djic
z^+#)sU9IwSG?zVgo%rMJamm$-{v+}%vN7_GRg5qPcbW6%N@B#hGSNxM*xM}f`oWO$
zOLu6(ZhHTs7FK?97!}@K2|zz0?OtE0xly@4yzsCi<Y23|<=lN>#jQn+rc!!yhg!Jg
zbPApJ>1e5_&5h)7Yma%lW=x<F1vh0#>q@xTm{1oUCb9yU!0eSu1i3*(3EI)B{61|x
zyu2bl9%;|mXXHZ>|N6WSrktXLUrCTl*lV$VX*G=Uj<9bprOcWCBo!1z_R402W)LK;
zsKMQX6?|{i;&ev^8_o2?fMT;MFDPHhKTBtOAV%1)@6cb8teG@3EarxqY?%oC2Iz4}
z#)RfmjM?b131z<2oKk4LhTL8KDV8+2nmKS$fK#<f0SHF5-K8H7#9ibTZmdRu!*=(I
zYh*2&Ixta?9FGKw>n8Bgr-RIt3pB@3{Pv)YJa_m(J-;wpmL^|rj%ko?{U5ZwWk6MJ
z8>THtY(QE>x<o)qx*MdVrMp2&y1N?%=}wXE?h=sh?(S}wwN-qccjldMW`2Bsal7_f
z>t1{B>%NZbJkQ({rK4^+rEipM%TqX5BOKo!98aMzR*v$om&gKL!&32h%xB-TU7=@y
zKC_wJqm{&>Mzj@uu;gzq|6+mp;^&}9^v}3Wcj0jHQL58G>GT>agBXw@$|XYMog@_6
z^^-=Bdz{xyh1>K9l7$0iGrEofNk7Z}#r{L6pVg~!Ni)^Kp%t<$uH8K&wWdm_2+L<Z
z>#ZT^d^~Tn>n`@c@c5hc9lv`mY#j3RPHSG3$xH<Ep;2(*X!f;al*l#jqyjlHrNRSm
z$;*Lv2NTgEHX_zEhSvg@{qKGf)QcAP--*SfTHl)4Z5$tp{WNIQvHmf7=){8ibO-_b
ziJ%AhbfbmSs|oYH!{>G(-(S~Ann7=*L~L;i7ocDEMf8%sJF60~Y5@GMP;G!ToJ^p_
zC4%j<W3s!o*-0euz-gCw-*_6H*+v~w4&-?Typ0sRkBqo@Z8}$@YECrCY&!MYd}ks2
zmV(x%J^mfJl#f8tWgis<CaWF&m0|%EeCLm&NK!;sb?u3d8+HXC)Ja00L^w~Duq0Lr
zcsQS;IVIFnot}KhQ6Q1ACxr|Xa4WrDn|Nw<zw$$-*7l}Sjiitf(g=7n|9ZApq@DKO
z2TRawt=e)Y)~vDu(zqz+X!w9zX~PPcX`JR))@ft{E<NqDr(+x6)O`_Fzs7EL1U)BA
z`O@*;mThK<%WazK<3uS1(RZxkH~pV0hb_y&Ytxhco+_q%!$r`_JJm+mAThS9w2?Gd
z;-u5YOTbJ84jyLN%zhoE6cj<P->J3)QBSh_y0tbeg<fD=p+G52Azzt{&nB@qO=4u>
zsoOr%N#e>C{|EMVrYcGTRy(w@??++eFv(7G`Sm*$;E%inlm@)`ZIcK7=Q0!(8`iq1
zlJ$U?VoI-$uMEx#-OQ*}NVvC2C_3~ny5Ri38i2;>@>|r{$^t!n^*@55si>%w&R8tw
zbszwj5xrHCSFe@>S3C}VJbd1Ye|betj19Hbu&A^SSaL=$60wyUqyZlDTp0Km;IKu@
zxC3~7mrUx75_}%p__j0y%q5?}sNAX0{V)_V>}2@rlHRLmv^5f-NAPpvF6aAwy{&)#
z=WtveUqJRaz=?vPWjg;eN=D}ck9^A)Eq{Bq7v&At$X_FpD@;CAL?P9_Ph?GN-}gh)
zk1EQ6pL%s!0!ionsPRL8j(ey}^<YU=&L`a%R<<0GKqq*J@{<9n&T5>Qj^I#Z5tB&T
zF02F=0w3C>F4mbmDnJ{#)rFD*_(?qF<@I%d>RWO9qw#A?00%4r-#&H{PSsX>wHZ0F
zyVs0REac>*T{nJD`VuLg;<27`Wa%ohki$GgmSu&#I!tN3IvGA?Lm)LjqtM{d=vOdq
zxbV^ugH=TM9;{H!ov)%4BaN$-CJ^iK40)XW3+gSb`J4l;Y=v3OfTJ4ACM#f4sw<I9
zMUlj1&-an{kWKZp7^O&~p}(YMWOz*L{h&p7m>FD}Ox*>ZAX{kzg%~Kx&s3RSTonjx
zc|~hMi)w^5+&~k}kbhs-0w3^I>d>MpupjBb%kgBePX0|0IAiffLBbP_)`T<awdc-e
z+Fb|9@maeuQ7zowYvtig#%c>>OJn4h%wo&>Ghh8775vl}@Mc`7#88W$zRMX%j08sB
zn~sw~AdL;H@$=&M$C!0%EM{}vy{``f0c6Pe35Mn{m6yoJPzc;>NQZ@d)857wj_EMr
zFyQ8$WhYiyi+zl6I@vA9XtT;{=}DabN-bN|p`q-eSsQ?cFlz4Yn}N$gUF+Wmrl=3X
zv}CjqF}<Gb93nW9V5*H2*YAS%N0T+5EurLEl15vfygS<qn#y)8BP`g^RL}njV|$l^
zZSwtjQ8&9y3SXNLo5<>^oS<f<^wTbh7uu#icUiqL9Xju0m_ysUCEH7eN@&88wwjso
zPaIPw4(MK6&{|;Qvie~pw(Vk6cbad${$ioeypv#Yc-*db9XPQ!l5K|<gJWA99o7H=
zd@|P0E(n8bpo%&!@NO~Ac7_6Fj~)CD)jGo;zE>brP23>krw>JDi@uy3?g*}>O7Z$y
z$@r6`9_27fi`Gjju!`aY2P>E0#KYmx_AakmrQVutSHD<xe%7Kp8OA}K*KRGXoKNPL
zTWJ(fa1c5XE*>4UlUP-w(7zj83^}WZf?F2S!~8t{f?1WVtHMtngUrq}+`&uBQ~b^m
z_0Uh~1*+?0C==s7-9R|OL+^O1V!+Z=g*RjQ8g9&Vp=m(pC5*0(17;!v^@R~I19O0)
zUtrrtZxL;vA4yzxILca}|C4DQ(sIS}rPtW*8U_QDrrp|m$GS3gM{@t>j_DY6bqP73
zK*WTFz*wg3SEI-QD!kNRg(V0o`P&20m$P?|r4sNQumjIQ#`QA__s3UxAOLN}x+m`<
z|CXBH!gw>`ETx$7g=`O_cz)NPz;)B31~3xg$9a!8{(a@92X7S0^2e{j{=%YNzuwb>
z_)wDsh1BQLoy%xX>hXO8kU-y1!ja0p>HewN94Jr&P6rBMT=}-UtJ*btln42ME#dF;
zUg9N`rLru8G4BVRSU%hfT-|<T?M#*bRqKH(;TSYea_zts=P_h_&h?egD+$}Nh?(GT
zjX#&|!3FvGHQ2S3=&qd@xjQrOG$QL%^6^w0*ua;8RGkD}!{jvz*o&}#e7wSDYbav*
z0B;FHK78yQz_zp?Wc}|^X%Qel)3igBTPD<@4`<Kz(zCHkKK?&KMkr!^dnco3#>u~L
zJorQ${CJ~^+vk)Q4ak$D8P?A7|JKxoP{is1s?cR;?Cjo!y1>%?F7b&WJw-5<71GQK
z``CzKa?E~J>fn1igykuMzO0}fYJy9r+qqa&$#vBnT=Cu}8454q@%>Qnp@<~{a14mP
zmF(Qkdpq0g?Bhk|8$O;PFX|`nU)wxRI@h`9Vc$%3wG$Y6KLsrbJ!i4o4cO+Nk$F6g
zbl~pYqcebxfnnynC*kMe@kr9Y?;T+}P-+w54?P_||7R_r!4F;U`yJLl&qO*Nqzr#R
zLdB7he<6~{-<uu=5`-hV$L-3I_`A$QFTj`e(N%cHPz?6Z#^jKI2*sHHmIph<F5~b0
zQU#t*;hEeq&p(SHXb=9w1=je{;~)MnUvWHIxKRGp?dptWNvGpt$7r>h0=0E0qbq!?
z#TyoNSmDD*y$1__<2gTx*5NqojjbD7oJ}BZPbRP<<_qTS^y<Cq#K26OKXS&}$)&7h
zB@(+BQ7S)Y;>b{DpW%mmHCr~9@1yDAGxk|eVUhi7Du8Xa@oW^9ti?<r*Xdn2PV1~+
zMXPVHJDB)UxOWFd<tZtDzmcJ22lgTr0bLVy7x!Z5O>q)c7Ik4X_80S9En0&CL-<uY
zYKOB|!NUV7U6QPZT(&&6<D4HCsCkE3EM`Ot*zIxv<4sO^^PT>=uq(Qg)rHh6xwUlJ
zR$!n#_hImJ>jkC&BwjvWw{wo9fGCgq67ikgWq3}fA05rDoo_~1%@ZWH;7gfaq`CKB
z5^3*U1L30z1xYE#o_)q2PjIKvOdC%*%k<*@y5^WSQjGzGJ<bgM^liG&h9RiRsG6q{
zU<-~;n+{bO1d_T*-8<`r=)-D)8*QTwt~#{d$akkmCObJv;`yHP15W}j@Eu^!i&_~h
zetTRy5N%!;E%9x<PTpw2)B8h_F%Gb2tISACV6gyD*97jxI-~-^abm9KK!3T*{s&RF
z(@j)ZKgU&a;tNxC)h${#RMi5r@~Ln7u+xn<m>-8SA<p)PJtdRagzpjKeK(P96AKiT
z_OqMvCJKAc{3K>TtysFB&g$;F)R1YnO(ra$j?9d^GL;=WE52HkJD*;{ZNZA6T)u_k
zmSN_!x!C7g$^&BfMi1{)tS%Lcc8z)pfnIhq4wXpT$U@A$<>HfD^94thni|WKb-5S0
z6^L~k5bs-p3N#K#RBF!2mT;_}sMNb)0I^YDXfzw&Y$0F8iCn2zeH_bATOpUP|F+r@
ziX*&jvpW?I14Aj_ywpEeSH9jA3N_%HMmkI5KzA2wqc}iyOsiS*#v!&;dLO&uHfsE#
z-j_T70{?7#IJs9XEqun7$l*P2lJi-PcfQTD{Sog*?3cV7N^r(tU^sT-9;4xUh5;lf
zCLWd=E<nWB8DTZ3W<lzUJk&-F@c`eIDC|HwjTEQNdAgms7u3<#oeGmrcdUj6xWicT
zrL^%1#&vkh+6x1!Cy9YW;@at3y~`5({<tAZi&yT&d>s^#5!fKJ-2TC$+~iK|`@$|d
zMVa{&XZLxYia))9h%iGZ>~PqebFNv822|Se-kwAscB7O!kC{Y5<z6ZYFvkP*jPYFb
zyAuPs4|sg+?n}dO#V~R_Jli^Sydh=ZYU0PUTD>KejEdlbQ=g1H<iJ=iAKMup$tj2*
zitQfBvQRR~@H@@;__YT|K|NW5gLIze{X*eoGB{g;q-j^6W}!#Bmu1@Yhu0IRr84IQ
zH|)VYO6X_Ul4TpTs1Wf$R1P+W3n2zY?0|mLkC$9qIAUMOQC+1s0&SK1tDXbBah(9C
z!fEDuoM)8<s*?J76IsO2$Efwt&6NPm_)yzE!}#hGRo6f$pKG1_>pQ-0RhQ+Idw`Fx
zPRH@<hmZ0Oxa!p+&w5l#y%wF0e=0BOwgveTUAFYy-CSU0?2eYnag;<zKyZ@Dy+h7W
zpDm0FpZG$S;dk~ij`%~7sEJq%Gon1r2AOeAO^Wj_k!7|}uR>2fF&_R4O1{)OCxf)q
z%AMf^$rLVOaA!9hhb47@`zki2D#_;Xf@CyDRruqFrb@<*w#lemg%~Y;WB~R-U!pD*
ze9W>s&R_3|3k6&43~)_fmrB_y$f^u!b)pa419(iYqdNCDZ1j{yaWJMnLd0SAfebcO
z4#($4;|q?t>Fk?X^F>T^{D(Gv0jbZnjlqdm>4v*O1snHFw5^83*eDsVUQ!S{An&Qs
z()NfysJ%dLc6-rE2$B{+aWRSMPovKgAN0yv7y{gUjoX{&zu4`!LciE<doLpcFPkYM
zDcAKZhy8vGH>f#ZR5Ma4P$$f4pC(o97h`mrQdG-9h=!?g+`E+gdd!6V9A$NTZ@3Yo
z!feQAk-pJt4I9z07g6kezEX+Ns88;GZ5H6}IWmlqClEDL>WbN?QY;8Omlt(rIKbkj
z&U(CcZ>Y1?YEe^G>-aZiB-94smf#j!wb;a?uqqY%$r~GWB{z&--c6tC^V&x~U&iIR
z&!dllyEM%T$8m3-Y%-I8w+ubv%QYFPF9C__(Ij$vc0R*FNuL!a7|rVFRR|=5*mrb5
z-JU>_<&_y6V?eNgiZ;}6B*hOmgJH5z0><1D-}$>e5J132&{F#Q4L2o6(;NQez44BT
z{$6tUZl<HBi85$IW4{h?w0X{8FqoGkeP90}<0EN&lO7x1)yYf5tqHm3&?Cvoz;7|3
z4U`7EIBsj5#X_SV#xev1#3-Qq8T?$@?dx0`VS&+ov>Y=W0MS5U{H6Uv{9J;=mDy~m
z`fMtY54F5d%8Y2gLq@=oP0vkwxuzJhuB>s&tUmd=Wq1LM81FLCF{ooxRG7@j%|)xt
z_~tdvM}pW>ZE=`;A%cI@&L<JNxxjBu^F^UXi39s5NgX^=y`rbgpU)~mcb};;PuBY>
z^z+>T1HIMa=fWke5GIIvT`Y%UDKrJEIig8HvRMuig{sU~5zH0~6ur-tHZBaL{5e$0
z^eP1+;!1h)AL5Gbki2w;f#w1HU&PoB+0^D`(QTh66pLxF!|9%^<`Wv2YN1&8`6P48
zdi9yF85x2(3As21rC2D>HxftGD?@T;cS6>ZOmyr9xe}^A)%uXigKOW$6~rijF$NPG
zZC5)Pgr{&)2fcaQ8^?v9KM)@m&zvt@)Oh^8tzw^(MPptgEX(hSf?KLcYn}H7asrFt
zPgN>-n)>IdUD5g(mqmUbbe_5Y>drbt?Jk@%>jO(6G*f9tRR3dEX1P5uS5K6{zJr)_
zVPGKK#nsjL?)q%F33Xef4fTZ+m&8Yv!#-AcT$VWMA`Ge!ukj<TT&QE3lSh;o&o~YX
z#Yw(dL~@ghU}{6Jr+%|PwkG#RBNN4Jy4HLBFgw*!&TufkqpU+e^!SsgA^;M<x3c@-
zR3^LI`hQ}Mb^_qil|Jr(4PQ}v@DBNkNVyuXQoZ6`V6g`nBTiW{KPQtMWT)O&KQily
zXMmFUha*NH;Pt}ngT~Vt&a~~T#*+36%{ZQgM9}khCF;T;5S?O?Nt)VeFW5Wqd6>QH
ztu4ebG{kRn4$s0;YV*E1e?=SoWu#UY*{ip~B76W>qHCjKLu~D?y{|$4##|YHszaO#
z;Dlv-UgMl)FFDpB1qRy0UlBTB-Ht%*v3Mwg2GlV25eBFV)1deQJ#<d6Xyd3<E21Tn
zxG8t$Ct)G7h=Kl}&1t*nHuhUyPPp}lpe3mR;O9;&+~bBt_frEj!n#Z#S_g&kFyYS6
z#+ua8f6>A;jGKXzkP1Wyq@~cO#yBkI&v!WU`Eg$eZ-1cBPeP5JTx_Oebf0Fe#7C9^
z5<n-}o&57@#qy2Ygg5|J=+=@$Qq5mdHxs7yRmT;>{1O%!zo#>c%GA@l*c!{LRIV<%
zR5A>&Pq9cdN45iA4lvWrU05tyg@&iJznnndM7EQ&I~erS%!UT6KoLp_>ln!-6R2ri
zs~PrwR7WZn+<k`DCM{{#3RUhlw~k?2aM}wxXoo`=ElHWOmLasDnNsxV(?e;5!xC2N
znh&YqXifHc#krnMFmA2<oTIL7q_P*ro8e6it-vCWb@nr2=`J84+-pv~;c#8x8xjH6
zXZm8y6|P=Cu5$a8aq6Hh_&A2K^$k>K>S8*igr)p}>^wu}r<B<g)tu2fddBNHp^SFN
z&r}+WUVo)h5UhXVFkhS<-hi-@{WI!pf0`*Tuow3RZ*iz)9%2`RwKJNFxhzW}Qq0Gx
zs?nPqni99nvD@ItK2L9;^V$8w5oi62euvElViY`-fUPaU{e>oBz}qt$&=l2jiA7V1
z=13+Tmv24f<N7eEZ4fH0e#-NXFc>B!3UMd=Q6h@SZ{N0VHoDqYdrVAuVa{a<i<1XQ
zW1o-y&<hFAbJZfLTYtH`nQ?6kGT)+Ufc@de1TqwuRD-TE=bnGdq_?W{aX1wSX&0S*
zO7E&hm?as<zrAGmDaNr4jk#?}NG)crn>;wwJd3i4Y^Uxo8{CQehYcDE{4Z<}{loZA
z3+a){q|M+oPb%_Zhfzd3yEa#RY~QNA!D&Gao=T^Mp3k8lnN0b{wwbec>P=<Gb295b
zF7<1c7~tKxtx9RcUy=J@guxj8!hy!WaG*1Q1J94B0367G(2Ik!Qw&iCa70G4amek-
zY__^FfC$<EM6fUT7ZEfF<N}Bw?bCJac?iw}#Vf3KDZC?eo?ZLq*Fs7sa)$kp6=zT8
zU&6M`r-t#Y_1?WeymP8Ibt^m00fRxU@LxN|>XU7;zCiRY**d$uUDXm%JT|N66-GnT
zul?tKm<qkT!0mV7dnIyMPB~h6%<zi;lebo28>Bx<R|Q}{mMOeS5Q4z7=SZ4-R~>;#
zyFW7i<tyx>SBf!T><oCKZAw<+aufkeUj|v6AXh1s1D$GUC#`%(4PTdzMsK73aJFuF
zriS1asM+nM;CM!kkAtqFq|5RM#)0VdV)3^6`<qM6DUd--IFmMro}={`f@<^!vHbv*
z-J&jcBF2+L1kRF$wtYtd?sKM8SMqu>aM^1K0z3-Ct7%AzNR?(#R#6sNc~Mpe1Ofy$
zYtR-qCz75BV<{aLLa`oeJJu0bpIA<!YP6<R?5L3uL$glXbyQjNXrnF~Ve%*+N3~8@
z=IqrbDDEmPv^1?$W#CSg3Vuhizxb(Rok0nioTj}kR$cc|Y6SQ_Zf1becq5J*!5g4U
zjjI3wqNM@ZlZ=we{F*iSwTq{H0!f6~sqw_Gt%n$j8A+hJve3OP3CRSv70?T2=YxOL
zf0Mv(A-v@;mWvBR*Fr^`8_LEI71^QKkO&9}P&a{2%$l%*<DZ_wTaZIS@TLQE-4Icf
z<u4o09S0)7#`FJ(`TRYq(0Ygo)+E?W8a4iI*kuqsV`W0q0@k}ghUEzMY@ioxpo{gl
z7pxg!VAA@lUx6})>Od2HseWIOPnOc{GQS8|c{V><c}{e+zz!D}R&+um0TA@}>wQrV
zl>!XAzkJP>O6e!iFL~H2u?^W6NXY?q$|{k>YuK&WJ2R7xNNJ||Ry+GPWk-Fh-ZCIp
z(#OsQ;dc^nH;yjC{r<|o>9grWfyE9l(dJ5*J@u|O22StGjg7kwW?g*&>6K5f?XUXR
zEZuk8DV#`jo$3JmHv`~5_oX+`S<k|D*NoemZT6&i<T^_EdSR2t%P8%?Je8karL|mY
zW4H{fRF6Qdb6R+)_I&g8EGz5Qaq{C=N{7=uYrx?e)<yPoe2)Vy7%xq=P3+QYddy^E
z4ZU2uVCQ>1R^(j0k6~ir_0g+4<?FT$Pt+=$g>gk$aK{eEGge!h=Pw8}g5;#S6Z)VG
zGRC!o#C5Iity<A---NU4MvbpLXy&WEoXGlAQL~<dxb%HP&A7EZ&WClj?)+XX#dSU$
z#kL1srA=F$FINe!B}bZz)P=pmy6FBG?;2<iNKbG--GX;_o<V0n?Rt2n^{j_jY&>0`
zk}G$e+?$s^pnNUpXYB4eY5t1Mn19aJz%T)1idv)9*hpb{BCxW8+F%W#@DiOM);J2b
z6#^_g-;*z$xXn;$FDI-<$)FOO&z9HnUP<@756cM|0LKzygt>hsQ$#|=FT<qCip=R3
zDK9y8%hFQ|=xA^`Qz=PA(d!sI!(lO6S>H2Vi;jsM2a>Hm+pT}XA%``w+s?nT*#}%i
ziZ!SM?R*!XZ$7ObEl^I<kV;SiatWPo1I~+6-|3Z!t$8)lT3okGrCdohr_2gg{~&Om
zCnl0g>IwovANke0Q3vwzgLuM|Q+05;%*K#;M0c&BT&^rv40^g#UJ6zJR6dCrbi6NQ
z_OibG`bIJ!R^fQB)eGyo{|g)X-NB}1V5%=Ssu-hU|1R3nGf4NAs)ayaeu8Gqw6~}j
zz1MM49QDZb=Zh3}`IBgL2p7&55AOm7=5oyt*qv@O%l#YhLU$&jpU^LMVZ>QN>V|CX
zH`J{TXsedhf9{rnUg7151xFKJUXWggZ7^G=3l77!R`R1Nmt4aJbvQ6PHB~D0{vv)i
z2Ir6;+i$hILE|-=TWB_6O?~@n_%8>3BfmQPIp-1F_dCAeRWgR+Wci$a`j$AQ#vhqr
z*v#(Xe0w(eFm&rIp>miDX&?ZT8N`oKlESBIw~NL%0a#$hbLxg=@>Mr>CWo2h(w`3K
zc5NMqKZvl;wu*2#Tn2y`L|1v>9J_UZ-jWqUOQm)%v(x3_=jya0et&uo>12>U`%!|j
zEX}7~z2hPk<>w)vSIES%uWMTslmY7Z3KGXBf&my%PmV#B4C04eGGS4GYL2Bh!M8P<
zO9V1Wgg&)-1I;*(#0OTZsJWG@HEg<U)c3kO{amYkOB8gCI4<G(9wfNTOg#Q1Oi&#V
zL~oZMo<z@axV1)K$xqjtkqLV`|7hKY{jQk@gFzFasFRIJDeK`P_JUz-&D8(m(zxuK
zdT+MRH-qNytip3*T|>j{6=oC(^d)M;$tS4Yh+e~Zah5vxz1Pv1Kx*6w98#SzDf!EQ
zhPgO_A3Dl9Js~x%PaRSiU6F|LcP=RyGR?<=)<B<o-ahoN4Q6j0K=9c6J8nS?U_KZ5
z|KNV3XyK`je3L>xFYx-!?ef`{Nq2*^EZ2S}%a_U^+bk{~Fs3RhhSlJT=Q9E~yEsf6
z5xhMo)B<ciy+{F@Plda_ges*c_!yK}S0Lm-CMjH$WRwUL1JN%~LW16e4VbvS^}O@5
zXq>Nv$Ej?tcWZK5fsjJK8z!0)^|X-i@-@!!l^jVRq;Quw5hWYV<Z7QB(|_M52hw~O
z7@uyBZ@<0(I)y3UuTRGDa38J}vDw_<lh~Y-9SPqwPu9m#WVGkGefJ`5K{~LaGIBm6
z5L0G*=e&n4Po3pWgH9$XvXayPoap0U`se8|3C#VzrkhL(=52xC={zRr;>YpfdeWtA
z`J?Y8aRg``%U_+%Bq0{rf%Y&Mg`A^n()$VE@TvZj>$zBaF|2muSD?2HAQqsp>a}jk
zqZ(AasnuPuB%xl+NOW4LhM+Rg(3+6{tV2(H3MJn_S}g1W5h9*V4u<{HroC8Kp}F+4
zdon|DJkdoS-;<53E$bIzv)gj@ZuN-;!%heC$USbuzU7{7T4SxXKFd!K@LHkt96<YT
zzWqulJYvoKI75?iQf)qHS@|}pE1pwXR`{6_pcs6?Mb)0CSY&N_SYE$G1wuca$<S5h
zHyQ<U31oo5&LA|%EF#tDpREv7=D*0_q!Mf|mcqlF7Ib^->t-|y!2rg_lD0andCpVw
zuR+Uno>_B^@^UR(sHzu)i|kHD?nePGT$b^fj>lyGLH=|MXU4q$A%8<t)|l-<+^*}1
z&;1AQzFr9O9<s-jRmKpht6T@q9RpcbtNM`_?c&R7_^fT>Pm$rD^E)W~VOHQy^@+n$
zQB$sAQ;RGIsj52S6|~dtDg`#XRicswh!QTw7)|3~m+Moks!0jN1Oc5>I^gnIvu$nH
zTSubwL8;A`u$ldqfBpyb1S1tKhZjf12BrY3;77H<o!NRB*E*d_<9RBPohwC5$}&Fn
zhn&v%Ap1dGyxM`(rF7g^R@W5iw5s1cS6&Cd^=pPyuXRzT>a;N)k;V>VND9!+&{e-h
zIe7Y{@+fxTrrs@_&e7R%1lVomFX9>$H8TN$g`Zt0%Zk4Pxn1HsN42igqiJ1hoht0-
zFthcJ2@?yHq70-C)Qty=Mc*{TC69wWh&W@8R+>KUweFqWd;1%mW*VcxRN7ch@RYr8
z5mUupN7Vp1h!tbD<h0L3#o32m=;EUwHv;4KfOM3`zu}oePr?oL)QFZ{0)SqJVT9nc
zwU&frz(3lXp1iScIxl1d{37VQU<~s&NJUU+)8oTO?TV***b15Qzq6L;I=5p&A*gK+
z1beVhl?H6Kndhe+g*&?4UM}RgnHx+X4G%_JhkUFn?N`zc0g$kD_8PufN6;ExdVYnu
z(t6);zNxI<i)8GaijbO4wZ#o*)@LmrJHy;|Uhek99ore!9ZMq(WmnMF)y9Lt2`v)9
z^fVJ|WF`OBh$tXVnFoPaJE4z-8SwjH3&tjAShDwz^acVG+>wU}dHqj`hX-ad;}RS)
zc(2y}p?5(b!FZJLAT4q!pn(2W=`{!Y{3d@*BH<y&-~SYI@+bjl{G8uC(p>(+D_S)0
zxn)ktYCN7B1VGa6r^ZrgMU=Tu&9o(H|NeteGZW-zoxlX9Pu87eZ;o<B|5katsE4?o
zB3HX_CfiuPBQ8zPCX`uY$ti&M^^b+84{v782mt*&&8Vz4L@mGWt4SU_9@#Sn6?|P!
zW|SiYzU3{tVG#)6mHqyoybdS<ABd3rlAs-pyx&GU8|gFty>16(6aaW3rG}pENs1&`
z(e|!xK4Pxto`Wa>QFB{qbeWF-oWvp)q)aQCy`g79nuAJz)Wo0n05%;-V031V@pF7<
z^I2_}#3L625+4ELsOno;!@LpjGO;r4_l*P=3xI?Yz&|h*_BF6Qwb`-#ue2}pNz=t4
z{#>K;#H$_U$74!E%@U$eq^L8!s65-nqlD=Q#G65^i!XRQG&v-Ur^rKKTuHmUM*_vr
z-*W^`9w3}tx^m)wp=Xc>1F(8Ys6)<=<@O>pAE6k?vW)rOODo&-%_DP_f%GINYR`Z|
z>+yM9kV7vp%2O*iz}yv;vHP<U>9}Atn}Lhg6Y;OtrSjiGC%n~He7u6Uz+=fGvibLl
z99mGMiSE55VoQI`OM=(@CGafcydvJJcN<XvMu!$MFEAF0GCr?l3xdc14OlkNdJz;+
zmC5~l*Myf1G$!H14f~UF4kpY}cUa8dk-kX5p|$4^q(=F=e!bt|oTlSpx!E}`O*H&o
zs96^{wDU9hA6^pEF7G;e<YU@$#Hg>UT@~3s9e(=3k3VaR_)-LDb3}Xr=jI)_&o1&&
zPYBVd-3G^3?7hDdSIAWB=#iZZR~afn&rwqZks4miYZ@=Jlx>~wanOh_`6A-NgudJ>
z4XFzOrrX4L-0?Y<3dtpsn8K&+5hARB>5)tYyt<L@5yRx~Rkj=EUAM80#}<RPxmGe1
zOY;pkqwbp`OE<wpo=D?wVSVrB(-MVle-wSho31fTA+Z>nPI*PGN<=`xpts8E1n3$`
z7MzX%E!U~S5WSCM#V~Jj9j>pd@%*y>`088D0nKAP`GOIVYjTY=n6qsjMjzsuofy{-
zCF`(JJA0+argob{ipd44RpxSErxCLXWuAoL^N1Q{07A6ZpZ*HcP#Uj+yX9|PNvqz-
ze=!B5k(I)YIaR^$aeRu{W-=3SAi}D3Jb9sB<J33H-e1fgvGM-S$u4`%I!BCNqkTN4
zWVX!KEUW3h@i~w({J+-#wtTd%)X=U;xG&VGqnW^AHbY+up{p)U#J6rhaKDq7C|m$7
z&kTo&mK}$fP%ao<0BVI{<S4>JZIDa4sl(>}oO3JSo8|az>84`!ut;NSC`x^%|D{J2
zP$skgFEYT)n+pLa-h8u3E@Ulu+wT)M0ScwkFv+n`2LbsfRKhgV_hB%UsH(!OxX<@L
zgfN}9+Y-VWX_Cx)(Vu!<VG_W9Ik!!aN#n!x95Vy=&U)?pA*aQWRd*KwIZ~vOsK;Tw
zv7=pIeY|0-j3=$f9MA<R5Ix=NVH#~XAapt#Q#8^#F#k|#0~cSR1;;1t{kE|)U$8w4
zFZgvB?)#*f%2y7_jo2Kb+l(fc+<3Ql0Rm}z9G8@}ZI^Dt^(CVdV6q2vZZiFeD-3r!
zL?j{zxf?X|{NCb>^alHdVoNpQ-FyFKdrY7|Y>zz4g}SENtL_X-@Szw@8kn_*qZJn@
zV7JL>xN*-=-%*skGe{AMv+Z3MWu__y)Dc4=N1o-n7aER^0^b~*ozXQs{zdkV#LM%%
zi>TrlhBof}2PG@L{(wE>r7B862#Q$R@Oo)<GO-`YJ~X?cmr3xJ)7!Q?TY#j|=;!Lz
zuzj}}6Id_;1fM&$eeW$Z27aP_w`MRF<N$S?@oJ1K`GqQ*>D9XgL{+ypd$s^WwL6%R
zdg^4G<-ylxe11zx%o|B6!LRF&oJm~H0#W<u1ps|gvx|w9LFOtTibk4_ygh0YMY*9G
z^s!!U$TA#3(F|uE5oTtbI;V7ONA@%16=)t(OEuky=#Bca88#YgH2J${+cS3zTgdzk
z9XaY9VqqA)3AcIjOO`fE#B}5q-SA#J-3*4l;fRzk{1$;w%Yy~OkW#q;$-Qs9TVi3i
zfMepYp_!_5Z#ec3wHO+Ws0P#%<;8g&Xp$exZgrm^dXmp1T0V|m=AL?BAfrT)J5WfE
ziv`CNrMq#l4^bAiXH@L4sFbZb0fYmZgxnXUc8<e^A51a^K8Cw#1~vN~4#Zy}ViT~6
ztUI)pD@U=*!^bn*K{cS!;*Xsbbq-9rsubHm+wKg$i-L8qfyekEuJ0-)#&dPDp8oO{
zc~!H3o_cKqdM}kbDy9eqM*3J!lvMLqZ;A`@W8lonvdlJ#TOj|-m9<986FWz30V8~1
z+^)&x%itH~NWslzd@pnbiT@%t1bJNy_Mb84yVKU54(J~}*)=43=JkXLs-?<q3-?W1
z^w58WfL^i@fXpzS-GFs$DW+IPS_|SoWrl83F@Q3gn$~KxWQ9Y%XTnIDm&LeL{6=B4
zQV1Q$@+MZVu?qD&5y$-x2xzKJqh7);SVKKyA1DOM`*bmXXFgM@^CW~XwrPHjJs@?e
zRF~!MdWI;T!}giyh3JT(IMyO4*#2KSL-dQ&FfQlZqnnDYUXOj*`75d0%c35&*NbIe
z;nxNz$H}8A00G(%&|1l@*EAMG;o;5_P5R>Jdc+o*!XAmuXd#ZMTAuS7aa;DR2O|>>
z)XRmVDAzb^!4{t{oy`a|$b%H_4kI(EZ|z83Px;h^x$BXebD=2_aTKZ3zjOqlsGSx!
zdJ?Iv1Cq*Yi;eeb2~`#)F<Q^GLvP&O@pVZln?PD4u@>E_hA=lT=?!~C0D(f9g#j%}
z$F~hkZ=voVk(B-vG(BWd-n32FB=D-C-=(6kgozr!Q&lLS`ts;YKSZ1#6B8^@FSQ$5
zI=}Nb%4fza{)}bR;k6Kpe?`}#(%SoJC3?^1$|_>!Xt|?F-wb<yT#DQLy}pZBghj3n
z<G^wHMY+4u^^DzqT6T&}diw3M=~#JM^{b^yXh-KMDavh+akELPE?^_WpKmYl7RqLi
zum{wGMY-9>LNCjI&aQ>73}_Jvy7}2H_7lmmy#Pumh`2NMrCcWeQ?mqo=?acRmQ;+w
z@kpkmP_AtK>j~-v7ZD&lGD;sl|HQd0rwy+_nO-$t-lT?L{NcS42P_}m)?h80?|3Bx
z%r{tZ%ojk*tXNi?>BV12NLU@o2PArYW_VtiL{+`C4D<Dk!iRk28n~_$pmSAhpG}Rh
z|A8@6Q_6UWzOGCAYgZ_`Km7^roK~>&RuI#N+{B_o!wHG^Zjwu+9<s_`zH*VX&2gIv
zj2H~WEFa>QTZ~0{%mAUGTREYsuke!n=9+fN$Z@2f^YTz7Q7Z66O?BPYa}0b|JhTqb
zC%b)!<uRk8R&I=UyLAjs+@QLR<~F~Dusyg8EH^A5;IK0l9r-i6L7PO1w6wR;h2wMC
zjDR4V!tKg0+%2>ZmLQH-EXXFs%XfT@<DT1*wK{D#Cf3rHU;S~Oox!Y;N(gdb>(!ia
zmtH`jA`)n*b$K(cu^xhD)SqtQC^zWu6T_)CPFS6Z*uvgk`%3NbB_$}DJ?uWke#!QP
zP?339Q+uL-!rR$U?7>OJsmKYV3qpJ}Os8zklpG1+r9j~&^VNF2>jZ5*_iU^i$0@Ap
zC#+Xk(cd_{oL}y1QUbh?Wp<gBuz9Y+%-<801_sAE3@e1}IvAZyWK*f6gS|3MF|O(m
zjq1=zLPgF>Lm`&o%H*gul{(){_i8<l&$Ydv$><uYwpZauQI||yQF{7K!-U8E<-!n(
zx-OEo888Vh6YW&0*T4D0zqs(H?F(Afj{T!3AdY?pu_FYFr2SaxeNilNBGKf+kJ#k%
zT@FHL(0fNM#GbAo{PD|yL@wH(=g~gJdOnpgMJgsiWnQdmh1x9wM_y?8VEIZK$>M$A
zOSK2)y8cSD8RBt~O$jto$;4Q(=u=BYD%oSAde<pP%_g^oQ{=SyDho|f0Vky&!7Nxy
zLjGsEN;=+8yNWC5!V0<sqR6!&=MT@3w1o?a9`WIPNR%XyC5ST-MQ5m_HtG8;7#K_Q
zFP)-5P+cV4Rr5>T9WBhtkJJ@D8QYndnx>?p8F#Cv0Pzzj>>n194HE2b@AmHi!UY;~
z7ydZ%SXvf|L}pdB>%!US&ZPQ}d*StkYJq?(me_v@)$o6o8phZ`Xps48wZ3M^*C*4%
z)yC5mi1{}^WUM!<GkwdNVRc0hb)RPAP%@#lo4JJq2o24RuJ|D9Lro8N2G@0E_@(jZ
zA*wt0F1yt$sVs`qE2Y$Cj4$J$S|B@}So;-vnv=u%>z9xV9m%Z}*gJO4CtWVw3hW(`
zh3NeKA@mn%G&}h*_np<;hp()A+IB8iny$ZaAu+Ahm`*TxTsVD*Ar08F#*{rG_9cHx
zStWdl)sAGd>)D(w?vPzrqBW2}`6JTX_2o<0bEsx#nKT2})@zP@S8_uz_5tv37r#r3
zm*a<YK})gt(Ytq%|A1ez=m6J?2ea=b)kMui^_GNYfKm*J4<A1aOc%{y5H=7Ks$?RO
zcVrU=&gE+Cce-H+bUoX$0&JJfZ_7%f@oKx{8JNwchJ?>{4%u&*w}+iQs)bALjX{NT
z`>svTC#b2Us##8oF^~`}ud8{t2OGji+p^gXVS33rOuBtzNZj$ihMG?bSuiKX*(D8(
zz4@9kR&N(%JMg?aa)bk;mmL#s#MQ_}u}Cdhy*fcpq5_eYg=!U125@5_&X3D>=R%xY
z3Dw*Oan#8j$GaKv*S`s;;54h-snZM}_=ad<kUv)JtCUgvqYsA0-d3QuYq(3(UGodE
z`coLzAV3j{+aQ<r3{TG&*8G5iVFNXpfneUozX6(1&EnoIHzVu}68`o0c^=)qLTfG4
z>=Cf@(Sx?i0!=+_fhL@E=Q$>G?Mu#{sp<;ipJ>ok?e1U*2>rycPW{CYhQ`e_v;7M~
zaxX9zKeCZD)4M)!(D=Z&t<`4Ol$-<-fA0z#8gb6OY<Ktog>z7>#^|uBbVRS@IBEiH
zHyyklb%`mNQyLP9tkKgICWZ-yF|1ar<R6F9E7YT_Bk^eT?WhGN0seSfVWzai&CN{=
z)+M^|#(KN783l@yV!98~FyCtB6yOojYRp#KDTgsGdf{~{=~j~5{v^|G^*J84?iU6t
z6UE|M*~Ie!pHBckLg>;tux<Em%wsI{-|-GLOGR^%-iCA|&}bl!53~W$kMoEBd;Eu;
zVW;+i@5Pn_Vc$QH?-UpA9jj-xn0PXm_(QZZ5QFevl<Pm2Hc8k-zSK_f!E1?^>Knjg
ze#MTyoxFbAeoG0tvSmq=aREG>i)@his>{hNSQX-}+c3~jPyuI%5cr>4XF~A#2LNRv
zmOUU;JcP6*ZT_6%6GN?rI(x;s3yPLB+GC#x6oCNP)Y0ColoAx{w5<lRa6Bcv$xPw2
zrKJ5oO2uNY(BN5`1$pds^cx1^FZ|ASLn)LHNchF}tr%%E(O-Tw33X5$a(!5#0Mpaz
zK}(OHPSvxU1VW2!ByST~vMGKw1yE!_?IGX%G<@t_rqsipdf`CvA&Jj|PBFEg^<+Hm
z=(SJ+&iQfqvHgkE+K5?vB+OB^KdoU?&aH0!-O&g1fCNp5kPvXZra+dn0v@W=7E0?V
ztE|Oah>&yf1YgOd9vP-X4eDW7e_PjUW|DHESfbRDr_*tSKZrJEU?xy*Sy!ZimfUYH
zn*IhXeiV4y*2)Yy3(}uWP~SGtk$!PSZqXCR$@Nc%3l)HvpK}9Ny8(y^XV3P-)U>UE
zEyDa*Mi?xU_;s*=Z4f7>IPQYQ`Ks!~01mFwD9R*&TXFCdsx3=YZ-m)@B#vQY0&#@D
zubB5akPb<dOe(Gr4_GF<EBD<$B_5|s=5bF3e8xXY1Vx#EO!6&sH`shiOL{(=|1fo7
zxDxRnv={D@O#G6Hyx+qme&2WpOZv{bXYq$dawW8{{vQmP3@f!W^_9c%n#x`BB-_OS
zW}*4~lw<ragv33|!}jkyU7gv;c6Z4|O1Y@-ILbLPmh>@4q+IGX2Gx4f`U^deqnqjz
zcj&yLa^VtpzkJO@JhC)%4gO9%)FD|c;g}mJ!u?9A7<jxvyL$djwTgSKJCb(zv!|9H
zulJx|9&YQDV;|1NxJ#5Ump!A-DU`iXGMhUvvukrylzL#`Ur_=UB${B%90P*Hr~t)B
zAc=&_X{y@KX4zMZ_~nlt(Yi6u`8SqCyIouTtw)6WvGl#3>28qVA<~0RgrlPe7ShGX
z7exeyNKpOrFLr7Ru+u|EfSn3R<NMIb{{p835aHC8&zJymO1l~WJlPm0`^V~I){?@{
zv#B}kg3l&mpT-h?nVe2xmX!$O3Ek=FRTNEq4wc_*D1|DM2QS>jAAt-CpF)Tc6Oj?b
zp*&C&ix;NaU(1^aTJs^K^ebGbZh?@k6n}#7pNhl)CRZ?+jL>x^u^QuvDH0)A%rfuW
zK6RQNMYCBQS`jYy7my<^RnD?<%SPzJIx0gyv@b=qgfB@&Jsx$;zg(rD8vTlU^h}!q
z@$Qclahdl`fNPis?V}X2h*aub**b072`(+JObyE0r>G++8`!a)Kusg~z~PjbVXzj-
zjXF<{sk#yH3C6Q&appjfFb#Rpc`KzCH=k5Fz@l?zDYTjBH<;YO`2{8g*w9pRDycU&
zk0OWhqkXX_il`y<0OH$kkl6fEx7PW9=F0lV0F{NF)$=aaLF9Ejx<y(mt;hoh^CLXV
zQ_tc8X+eejdruv@<k0yd>T&wv#NN33#yG(E(^B0bK`ZIzD-GYqCC7IEn&*+}IwiCJ
zdw?k=dz1azSYYA+i*<zQ96OM512kN$^l~^xgGrc{>V{GB1L}Q$K}nem-v0?odNg&4
z$+93}U2l}EoL*$Pzrr)u&cx$%5%h_Bb)4c;pI-vB#%g@EW{UN3ga@2nnH$v)qH5xL
zAq{<h?ZzP918tRP{P6v&veszY=M`@q$&4aO)33JX6Jo^0d?2<F@Ob}ZU}Sm(@8xtT
z1_WL9&v-Jrx|2sJ$wUq_P9Pjs>U>+7Nz}=<tYER`Ffm_JukXTgiLZeIxCRd_i6HV>
zdOQJ4OqJ{oF5y(y6-nn$+k}yomF{@Y01Kv8=wn%~hwTsfA`r(*4x<XCZO*sl%A<w)
zazOB)mV6>fTb45yBEn&GY0A@H(mghU&$EQ&bDy!u)=Tm&L_dzy(<QMwvI{bizvMXI
z)z4S$DQ%C!vi5~N<Tk#>h1+3w>v@)|TA{<HQeuz<#17K<zmsrBzO3Q+DUR&Wn956B
zSfhT`ToU<BA=F-w?r<~#&C9U?5P5i#2lB>J9g(wnk+(i4HssPXar)oL5n)cZ-+WHd
z%EI!peP;4jvENijw2ht#O8mu(7x_*;o`SJ5O5KD$SRL_XNFXVY2&n9ps26cMU&MT!
zy;RSO9|@{n{;NOYeSslmvhh+qs0YurXBU*|D)QtjBxY>kXP3DnXsXyI>r-Wo6ed^W
z%)5nvHN@*6h}p?C7x6%*z_SD35klhl#U&H&6cxC$2jj{%;$YJuL;4cp=*3QH>dqzN
z@#fc*2G6&7qDrko&Vklke0rGmayuNUIdc?wh6@|LK+T~pG$fI+T$YOj5IczJ>-E$v
zWQ`}xml@>z<d-IK#hQc_;a^m;IPQ5*KixTDbB2}~rZuwfFcf~v|Ai*;{~b!^3>44Y
z!P;dh{=Y%VptrGx1L_efC@zmwQrssmuO&8h0UtLUdx_#-azvQ+6d1Gl%1FTYMle-d
z_gCnky*CC5h2H&P>{95b*Btc->wN+T3c2L?=t|Rjs!SM(_$9W;kcAok=a}K3WkY8%
zz~m#V#nm}L+_||}hSBblcjmivb5HS3oo+(75Cx=N^X6%swJbjWh2lIqM9Yp^|1@E=
zD2j#4$aqq{>2b1yXkzbE!$rvddlXsCi>iR8@ZV4*_dQ$P+8ip?oBSny6fMm2Unr8}
zKTu?4l$`7zDWbML+w52|J<jNv`^WrT2Usqhm<udMwJ2{v$tImceFUaYvwEnV?<O_>
zA(883s9o>6YA=cAVV{_;(4|~B-r?&WpC4zpc<L&(u>I8VG}-ktC%#fJ(3Y1<ri*b~
zw!JCOl~XQDuKf=b=?13}d;m0Mw<j{tmoOm&9B5X$+|P1r(@1xD90J}+#lP0p634W^
zLkNAIU!J9nzvSzY1Lceg_P2?1oN(Y-hd5f?xmJv<aM-Y#?A6MuuUYuQg=kP!11SE?
zq@z$^UT8cAqp<*dP<yrYhUXp516vp}e<uh#u_QT$kgtAYa>adu@!x91SP!j0z?el?
zzfBJ0&_)~_z`fgvjr|b20T@!bZf_Xa?GYlHv31>5QtpI2?c6-1VKr3Q9|9ca=81Y#
zcKr0`srq_e3mGisTB`KMn*4-b?p%2bl{eK(X#i^che>({|Np`y0g0K6tKUCL#AawP
zMdF&`+VwJ&0NVilp;PY&hkdHki~a#!1Aqn(EKlT_dG*ok_lrDZ(7~umQ*zUG6exjy
z!^|>3$8|e(I5PeC7v4-Fl&u9x<m+ddq$<Lhd}(-p3rN}*kBstNe&NjpK@ZEQCe>w>
z>YsBEB0L5lXf&&rB&Wk+Y`Ab(Gr0%U7P#8_11iDIc{od@rFSAcB|ik{x888+Q8fG&
z0cuEsx!+TBLq2oFr&m^z{$VPQRVkQ&Vk~QoC`b5r)|Si)P-grkkIlVayqO4=Pt0c5
zfzUHI<xdlqf6?4P2>2d!wlcTQj(vO2rg#-!_;`cr--85eQL5k#cFuYk;n)@aUIHfw
z7-Ou0H?ubDU&0C*|EmoIXb*69s=mMwnr6}wtY-2p^K53*d-QZ&`Nvh@6ap`T_8@4x
z4talQug?B`>EFpkU<wiul5T(2@v!~WR*p5jG<1>KP-&5_K47^s3{OVgh~x1#@s<k{
z$~GpM3t@QO0s_4^%>}8OU?Kf4th@;E3sf%31plSXK^}+zs5Ijpdi8h>i$c7AKqc{$
zY|g)TLk9X6sDyvn<NtWLL*hqJxkV@QNU76_e}PKkmpzgHdL8hT2*p#c$v-YhF)*ew
z3+bov_wfIfcE4$-*4oVakHc_&F*Lc$E;#KiYJ$V0Y}6Dc>5>RU3B%`ddk=_O10pKZ
zWl3(_Io|Iuo1#VcCvr$F6wUBXSj>iqQE{_q@Fxrm9=EnhJEU}Ix^t|?rW~H;*#e&e
zLQ?>oBI9U;4gVK(SxmAp68tDhbonDm<Sh88y5HK-^i6rDKdMPjs7F4ZYV7VC1|ElH
zPi1~x`<%0TR^Y-<V0*7F98>3fkgWCAsNKlEujVI@{eAlB$wmn}O>b;SZrQrbjX8u>
zo#Tw;$FUNQBu>{(J&t}=`+d8g;c;XSFnxGeGDpk*0WV*~6y1A@$sgyK`nr4*?7(Jp
z@3s%C2jqWXEh4!^ApD2?+qy8rZW+SM<<YpZ;r-3P5nSbiQDYIn=+Al<uux6tX;2Ms
zgW$<N<PMfI_?ZECNwQCmg8eTX8o@V$tT6`AFW#7LRhmrsd~8tlJ;!4eIg77M18^pX
zN;|@N&zMP=v$f~K50Zhn>$BbWy&IBWR{`0prB<wP7_rp=ts>>!*+mx0IP<jWXz5e4
zg*$`_qhSvx`z_v_{zMYsviMJ7^ZKToeAmpc>zwv#)hs5<LkSb<U=*8nx)2^(HQh%5
zY~yuVS*|;r&$%+)!!pg~bnA2aloaIh5;BDx2fr35at`I+y5oPmbfadw%~P~v)Sm!a
z)r)&eZT?8fU=xm~u#5IL{Ubenp$RNo_jeKaC?+^|15ac5lm2Z|3ep5kr28I^Bz9*|
zD2ADi77XxGc;D{dHD-c)R}UKM-@G)90W~0QfkqX+G8E~vAcUxl)1sWLF3x0N%OsBf
zyiTC$A>2*rp)3Sh_s($#sV8FJHVBL1wXeequ2{K^4N-Qud+#IFu24f5<Mp^w?j0EG
zC^|h?jrZ~34>%zR_?8|xeDz8MC1t)y-g~;zh(C0D;zjUTRh#<{gdJ}KGYb17s}HF*
zq>gNw&tAOy1dVy_EPPyhaVMLP-^QN@WLG-)Vq2*;O_6;VdUzTs<R-r}C|m%<>H%V{
z+&?y?J<8?J5Rq^xxBh4dWd;VOWfKfSH@(@Jz-W*H=%*QP(B7<OO*uEe?UAeJT%(o$
zyv=AX^iIiTwlP@As(|A>qJ9XyDUB{NN4yRYx@KaSjI%kw?X{LaHKEe%hX0VQqVDhC
z8g|g;ek%$_j1sMHcDb~^slfu;K{oiCo|gz$3Ta8s=RmmVYH0EwFVdR-qZcWUIhlqx
zWC+10#yh@%h5<1(?sJb-3YjpcQ=DBCS)&ZNfg}Lle~83*!%^%0z`f>1$x)!fN+MWU
z6~hvW$L(=#_Yg8qqvp{QMMH5V{US{;U+skCN-?ihSbux&OinDC5sq4=QnrUT&?{zn
zy@1fS#9@fvXAMM731%^hnyx}o9OP2u{)TA)PR%MjQ)aB5?AzKZ+xX@ZdNGAAo&3FN
z!RKomp*~V5FX6?NmCvHj18g%&PaELhM=tIudpa_pnprd~KcDdh!=#7lIozrzPu+$P
z{1yT5f%^phB7_i{q{ZiQ0SK}XQVXDrwF_$T94Z6$t*}UUlHHM{X{2SZ!Q9xY>2L-^
zXU=YSD15myR6wo~|Fz*LGG!=WI)X+fCgN{bn4^8?Je1{56AY{M(6W$4aYEcF@!9Lj
zXm6P9_L!CrA=*utVS_ds^{KP?bPWO~xz^%a;frEMxqp;{f_!}I|B?<4O5Sr?$PiMZ
zkVz)3yD5rba5Mrtf>0P}o5)+5J=H*doBLLwTCj4E;3e-)bYF&2iOvvUz&d9ueu7Dx
zlSQfEPY&xzXVQYkW_K_rwLkqE8xH)!hCZahwhJ|KT`1sT(aI=@uwn;AnpjD6NLYk%
zYfS1$&fBRHLs}-cCT3Tx!MV={4FLoX@^QUTE|s!i2@udzKOM=YF4aQ^oMX<m#y<n#
zj#s#b2h@{)`_r?&zMfpp@6=}1y=%2GUrKbk%#sO^YDCY*=s_U1xUaekcc^RR=F?8N
z3gn+OwA|2(6{l8_C|XY&4uX<b7yuIysqdOQ>eD|RaKJJ_iIg(wdimb<_gSj;=5oPO
zb+T!Yjudu4I!MY_|FR95!Hy=HA<f&L%{#>@C86kK%osf>F}ul_c{#nO8HPfO`tO==
z^zm+gW5SC#zwl7`Vl+ODT`yd^R2EW+FR@~nv~Or9LRBkA)_N659{@(!0q<FN78#Bs
zhn0f1s`~w9Us?TTRw}GJFooc!^hRQepGxIzlTuvq_r-Lm7N;^2C6-@GLQl+ZwhbJ7
zx0lZcE4;}`$YX$E%*6ksg#XpCbY<~Ccy;=}dX^&iB$dARv~{z1A-!+Z_ho8z56^1%
z6Q=GSE>uURz|Q(}6<{hP6`x8ARK-E{B*vvm#m8|8@=8gjTWB&CbZxhW%_bGkE!_VJ
z^+2yhy~!@ZFzZ7}`sk%M`xne)9ys(@D5gkvmOkUR<)6PR=JFyd1wwV4I;96YA5}Oa
zCEn0MV&hO$0UAT<3#8+EbKQ<t*4ZKS3sa?fc7?Am3fG_aiev?0q_H#QiPgyS<by{q
zB27+@#OfVJmos3F-;aHhm8s`&SchNlCDHH<*=?k47st2XpU3FM2_lDLg{ql5@!C)W
zcQKO*QI10|Uft#9%~V+oRhp@;3Y~w*mgD~;I?NgUW{I#g2LP(pDQRBbCudtDU9(Ou
zZvTi5mGk>fZ}}m$PoxPC=q={Iaj${lAy+<=*H4wjrZC)_Uy{Q)*V(+@oDcOPMAPks
zU2MUPS$`ylQ+NpiK?n0yDc^HwXeWx1mR=NXXwDHOhGuCHT9`YXeRar2a9irMjk0{D
zLQ`CLt#L+}1>IdNxJS;c+V2OPr7lf3#zGim3#P*ri_v^E&|Vi8f?tdLV7Roa276JY
z)TwiPQ;bvF$$`;V0Qw)ay>(oaTln@Xp@2$*C><gV0@5YjDcuc9cS;M=BHbn39Yc4Q
zNOwzj$64rR|MGm^_xy48e_J1C)~tDE=3e*rzOJiiXsWWci5z9W+@p`paGz_0(DtpC
zqA6o0vNQfSi}qJ%Nh6|_)`O*;uwElzmPG!ug;VZqHmM74Ll!%e7wq~$cvc1*rxH2x
zBAnOAn8UtO=@00|1WJRaB@62`nnJ+3ZI$`i2L{D7!#=gwQN^f-z;iV;kFA~2EXhc|
zL=%Q=>!uOoxQzslRWgw+RIYSHG2fE6<%uYDY!mw(x$>mdNu7T2!e(3M93?az9yI>5
zga52Sq<;4!gn&m1Oc$s0M0#s7q(<Hp9bI2v0}LNMR-{Fzfs-2Y4p)Z=%oT%l5Yo?6
zxv_sp;?VWS<q2m_5PA1z0nuV_h*mR@If9;_-O5`!8S<4OQ<}`g+tFzfHD9i7bivns
ze<9UWzX$Ewx?{kgPM)K}MAR6aBd$oZk(SP&TI=c{5a(Zz=#HPhi#Js)s3LRT7Fea-
zF!Ro8%GB!jc(!VH$m2!KS9xQ%U0%g#V1``~$wcSBp+v($!N0Dh#pcfz<G)$?*lqVK
zL(+B9J3gS{+x$e{s-ec7tJGkAnE(~da_$$8W4==oo*Ag^pfsp)yGY{RgXFqxl`TIP
z+OV8V<OS?xBNn{q+BFICJ)_U41RDXd9qi63h!=fjTGs}UqAww*(f$$K7diy0>3#CH
zAk^?%hvRDU#LR>&qw3AY;Fz*~wWKm(*gS5{Vur`aPdG7Th>5bJ3zbQFB^_zS>ot7d
zYUMeS%mahc0F=8QKi6TUBV~Qmx#(VT8c6k0K+{11lTy58pxP$~na>f-W~x=f-QP)n
zkLG+xV!la^WE`th@E}2K!5MRMMDVJcbJ+_RYL{AkLogPJXmVbIG!xtb?bnO9)pl3v
z(K6_TU)qa_6ZS`ocupGswe}eQ{Y3GTMN{|}=rgqwtjvG4h_tH+ZWPi4SRy%-OMG0{
z&vzO2s5@&pnX7&oI570M&AG!z7G5Xie^D&L)h~&!ELaC72>y9CLtp93Beezw#R|`T
ztsil_fn-CBz}y+Su}`2{63}{%xRUtmBj+YI2V{{OIk;uo-q?(|2q3}@nmIPjJe_B`
zidFO)Mmj!Bzl|~u4a5Sk+z<O|MriXlLb<cW6_h_d(m^1z>3F_fV=SzvY}Lddq;Xp7
zp<M$gA;s!Itj6v^mcVdIun9NyHLr5KZ}H<;&YFXL<POB%#{1!uSn_Us7=F7?Pq-|A
zW<Y<B_nBJ~`bb-tHz^0`Ev9YoO}5=4EX#Fr`&5-0MKTm7Vf}2lFDyN{yd8EqE!Tfx
zCcKft72lbvIC@zYMj|X5_@cn9x3%4H#*}q={WSs_r`6V!Vt|Lh9}Kv}&O$4DY@xn|
zvW6;XjJ4&ej9yN%(jJI2PTL#yM7_B6Wy?%Rp?ZB!)F(cbP=`MVu;t6<|L#pHDWRhR
z(>_>U{N}m%1RgK}b=Zk@?b~V$y{oX>Nq^1_La^+BHK{kS_?|TA&g?p>V|ny6ZuWei
zk=l`FNi~Yj6vtW0f4{5RdF-HWcG1q#5vhg0Fe!S!Ji`tQl>2&g?jCP2><8np^vDz=
znU8gl$T{L9+z!q;H7Ut*TDf|lyw4fojkEo6HWx`O3Ck<+-Wm0qW(1{|Jk-Y#7X=wu
z)C|~<BOK)J&ceUB-rXI=7Z3LK*4IV9bPd(_9qgUm0spz}RZqswLOe%oPGtD;9iHMk
zX*WaU7ABA#vZ*{d2zWR=g$c{86GQz)9*30PM>=xq$S#m$DQ0A$jg@lIjL+J&2c4K*
z<2NSi55`Sqp!qFz;67J^mJVbgEqB2?Q**>*om$y+J1}%PnGtJJf)}75MQTSh!KJmm
zCX`t*AQ^&=<~s>Rv*gvD8!b}b9@f9l3VA<)Ab@;DM7N77Gj<+(U_owOJrd04Zl#vV
zqy&8*fZ~}gLO61tpm-gmjrXDkRl?d^&W~zb`L|&*?cem1_Xy_<o+1TpIy(IHIHVzF
z>kchCvHW4nexepK8=qpY4r%i2KKywsDE_9we1Q(qHzlt!5Zj+W4t_N>04<0l7|N;a
zx73NogZU7!(jZ1C2cFYVc|yn&CnLy=QG8bY<x0ET3d=<wx5h&j&%Pk^aI$a){yyZd
z=V`)pjYN7v7?J~9n}lg=<pt5~b|?M6368Fb9-Ra(DvfT4Hy7&$x8#90kj^n*%{s@h
zr<jy{H8yac&!%dTw=6&6R53>lZt2lk2J&lb;CNyp(Th(OU-Q;dRY6GO3;%s`_Isvc
zy-F$99uP^P)!=3BezM7AnbUOF`$CTsSFs}2DTH)pLlLAw*4y!5R4e?3<kBq>^H@wm
z?oj+bUQ_jD@pc-YOr?ZQ`CMpc!GI>cwBNbfn(*zpR`FLOsYyQ5+j8djBT)zIIs`m{
zm6*igfv~olNH!~Fc#yMUZ@AO>C<m)-l2=+%tylxZauV^|h2oA=7Z#hR76X13ha`^z
z?lUFnxS>KLS>xh>v$|L;L*%s9O!d9hDKuUL69#q!oBFEEz<}P|MCGoqTi$mEg+bZn
z2Kx%CmXU*5yEav%(0olSl%!TZ+@q5qHXwBb93-7K8R-WMu0apFO23Xc5ry0WV`|d8
z;koUnDsJx;j^nJsBoOWZ_tWn77D8qn!+{O|5{9ic5gGOgLLlL{=X_sl(SE*xY@v<W
z*Rlhl<K3Dod{4UA%!iRUX@qlTPZ6$?{uGcRdS=_$4d~Jv?Q~eo=Cgu$%SY(24(G9Y
zJdGOl0r~EbYhmDVYP48&IQc<fl#eiQhOI2{Fs4dB*5|uGIlVxJ7a=e>Rp1equz*#e
zx86DhiHE;gatA#5Q3NT0)=zH0l@{hgyI%_YP}8c{2@qJy1lfYQEub1jSbtx?S+C)(
zDVZqe6+(D9N~?J9a9X1~gyO@7992<sd%&9Hn3TX~yi*iU3LRym_OHXK$?u=+NIdq}
z5dy`R2hnzDSGZ7GW9AbAZ0G3dqT#PIYXYMJ+JgvjSH&=+zkVcT8+j4K3;ab0Q7fNf
zb@kE@v51imC*Tgjpbn($W4WJslfM?|hMuQVDw1WO9lz{%<e1y1O_92#zabr9sYHcy
zVHF<RoNB<t<8e~$X`KlHLycmOUJ0k0DoSuPzch13IrsQvGcndzWMH`>^y6&;+;}}m
z46%)Ebhw4ln)X3J>taKx#Ka53%yUbP=_@;Mu_Hyp8%a2dJ?c-Wiov$IS&;Oy(=4<_
zsBM}zbQnM`YU3=7=JAt2EOKZC(_XUBVogTyj-VSa5&5}{7_>cKIM^hc<56%^agvWU
z`5~`*24nN*>~c6NQ#LwHBgxvD#j~X4l&y<nN0`W++8(cbO9lM>M`NLSq;2(=F#C-z
zSy{vHUG7UqGd?ua-o$}KxAskI1xuB;iTp}So*~sEGPXeQ=(MKJW_s+CBM(u<{H+}n
z`%YoRvT$o#b!RLUkq8<m;#*k)#4_xDIu#F%Tnkc3oYGZZ^DO7X^b6cbN-|({I$6Kx
zL4C*SoUl6wA=~<D<+gQ-S9nKz82FoP2hu;i?}fWsoO8j7n}ceLo6@uh<#D+6>w=`R
z&jO5}PqRIp(Nk1xl<{V-VEti;?;op~Z|O$)p)`g~J<7h0tUpE^PnCs4fC(mV3HKE(
zqOkbZR6~VCPn)Hv@LZ^fxlF`vTRHl83E$-R(LyjOdqO=>#r6U($P9A&c54ic&|qr&
zu^im!=brovA41~r%>F37JcV2lD#fBOLiT|RnIyJ(l7>B$LX5L<!;p7=)ob<_!qPE(
zcAx4=@nEFuDKh73<-z;nfFOVX+)kT9A7R4Nuz#Q3ereOjKM~oq)N?>RljbjC2i${>
zos#h}!k2wo#TcQtUXBs+vG6swFfc*i<3+F7nHrmD%mu5G?<G9I`B%4{$euBR4C8f#
zN}2#K>Trq(OmaKJU@}=WEOK`eDPtm+JCT5+yz+o$BQf7t{A#a=%77V{(;BrOfB%~v
zkY6By3qa@byAKv+ech=Xi#Z-R5Zy_+k&CZ*952SVQoEOwZ)*+WgTg{%-vtjOHg?$&
z_6(Zd8%c?x`Qb0mg*XT*mVbVN82vWR&P2f`p)>#WN^vZFs=rjkZ`at*sWiP-aL@;}
zA6`pS0^#FPnz#4m%U*Y4Dl>R?EwY;BZ-K9fS)Ua$y4hdk8!R~!&T-7a^BS$gx}Yq`
z7Dok|gd&mZPVigSE8J&i;ezZe;UT-3!6;&Cc4g~4Cpj!?N%HzF7Vi$5qWQX2)(^Io
z5y4HLd|$7V%gdy^V*HT~<L93BZhO;LVA;L29G3*)I!mU3^BpiW_E-Dt+Zh^Nrl5M4
zn4&x~i1dv8MaKR?@h2UPv}GWE?19zY)aDYh=e&ZcGRH;A0ZwXJGlkQ(-)SV)EBV5b
z8ZAXbJeF)KH*|>Rs;vU`yt6WK24fcL>N%>&d~&y$wBdm%jwn0P#ykD~1lb<1cDz<P
zU-EL>kD8eG>PK%QJQNcyS$Bx2t$p3Im2OF<JVmrn1nQj-vp7#QWE0LP;%2*<ecmP1
zi%*9^+F1x@BnMPQLqkyY?HM;0UrXNUtY}YfZ+Ju+jXSK{(`0;rwb!;ioq61ioB;`4
z7kGcbzFzj?s}7nE(QLH=2XcHJi6+|m^}=&tdz!)zKltYtD9jsVlUZtZigTJ=hkNp`
zZmgKvF)hJ?Ub2z#d5phqJyHIOI9+?H0O#DK!#;e~m@YrJ+h}z+Fg{($l?KMAQo#81
zIaa`<<$ZBSVl4GNV0;R@J1WhM(?KMsSC)~Gp!&{SJG!5_KNR!h%@k8xkEwEz{nyG&
zktq3&)GOpy6p7xjQboj32G8t{+j7!^f=e5%cjA<TKFVdK$*U*B;^N>fFU7<nRa#Xi
zAv;~;n;ix&3iAtxt|JYgo<5z?XR-Y-X;EMrB~f&+-v+JPxqO=QVXAYL`GP(wqy`F{
zNtO@JdcLcBbuPg@zxn>;bXTmqhO6~l)tAX<?Uvu~-hl94_;^6PW=j+Wj~5rP1y2Xd
zNg5L<lPMtEbFS))-DUTl^W3>2uUEOwhP%(8SS(4ss5b!^pAy<%41eSoM$q8`(ns)p
zOK6R<f6jIA)s!|ONcNqwE+?I49V@ES)1t^P-HHQN1v(1thi7NmQZm$*IXrYw7Rvgl
zR!ERaUqyHI^(^T-LzA~c#cPw1-tQt-anGh{Es9$lVa)E0PaRY%Wfl8k+?o$nLlJxJ
z$}p(HF>0O?O?~Xw8?&N8VZrAiDUPF0pPzaHaedP`J3`CD?nnO9nHHkQBnfInEI;rb
zW38)xlzb=&VM+F-&v=we%^y+_WuP0R-bYp!X%Q79|C4hEg#|uokVom=4<Ue{L>rH&
zwi^j4;vc!B_$NLQRC$^omKxysw|@MSaJV2yynrsIUT}!@J8HQ0pMtCiWgmfbm+Eaf
z{==hbzJ|^Py2rc>JB7d1C#g2k!pUF9(_{;Owav`Dhf5>glf%{l*(1GWnE)V$p-Elq
zO8hx_yK?{h!xUI*Sl1S`&a+$s?&kscU+hT6?7}m}AIeoR!mnWAtofGdKkiDpytQ5^
z{cg7T9rY0Bmo3_4B8FR?h{+aFOSzlvMDi)`pWMK0*t*;{Sq&pWd{y+IReV+a*{p{Y
z$6S>CS~NIgz0Z&jBX6|iYgnhG9-b~0b-!o(c!=`H)!)R&`y9qW_;Vl9-2rG8$%A*v
z-9`T{EiBe!JhEDWUTvI&5&Zr>Ea@xZf&!_z!j$1GHA$M4s_(;}cS(Syg0#gF^U8j-
zp@OZj3u5ExhiCEeyMKFf@?{r1Lt%c;dBeR?iT-y7J#e6hcjw)Y2OXql^+U2}J6bAf
zZ*+yym2YoR?Vi#IKjb<7AX_+5>I)(*e9Ad8Z!-1%?~D4X4XvrPggS#yBlU1$1QAFY
z>{0(@mi>2e0?g3dscroej{4qtJK(eMCw+3C6XDzk%{>WmwDjT56HvUrUx2CUn3~vh
z#^3F{!-OiL0I@Zm&iD_T7#0a`*)C^;3XQ*ygz_7txrQD`E8}GU{Wt$t7g*70O`hOX
z4FMH;#tSMpRS>Tx75ELC%jq%#pUWA8$lyYb2zVc-GC|>Fh^^DA|41H#9V(c1aLoxA
zETFw>KjA#=yvsJaYqsSHYW_Nq)JQnKbefoLMUylwIOY}k{^fndEXmvO`i~G=`Fvf(
zi^v>RKUMo}UN|H?dI*>1=>|*88(>j&QMEfE$Wws0f36G(il)62?Vol?cO|8g9ni(h
zp7S%?Xv<-=SDDScw?}+4m>_(%JL?d8#;cw3_9erogkH{Fd-ZBZl>r-I%;KQ(@p9(N
zXo(R|ch$!&`%gb>uoAglXxpsRD)(&F32YKSv6!L~C)1I_KH>hs+uA8o&x6A}C0nry
zsz|v=lMiEF2H64`s^!MNkwZQghFIw@L~fqMq3kM=BqL!9VSXAVu{|aP^L1f1e4Yec
zZr>GeN|Oq;8b6l0l+RR?Zm1@(IW(tV$BBZkm9O`=Kmu-&Iz$S2a%5+ymf}~AO5`a>
zEkB8`NQXG=v5D2$tkY^Vq8{pebyz7GRC(ey5*$SrL)$H##7T4=)OA|sS15XQR7BOB
zZx%6GZAW%#wr>9ES2@wi&Yb_gOu=liQ}I!A8qhW#yk}X5SRF;>!<o*A$qX2K=bc?9
zA6iA<UI&`b)#Axph_k)vA04MII1#Gplur77l!C60@$4`ysS5|+X`fJLQ-M&+{L`@}
z-o>v%*>>3ojmd%MGF6?S1RR^k<B@qtNDB^oZe0V2)Wd$r-Y)O+4JKxhvoS()fJR*P
z;)p$mr4VYRujXj9L|BVb?kz!oGJ6P+3Q$Hd#6Z}ebdH(L1T0K?>Wf52fnc-6Y9%+7
zMp<@yKcqXNt6`_QUc3sR^}AOzeeAp>pit;p@i7Uk<sS+wJAz$stI}lbHodS}-DK*0
zA?ieqrAtFFttd6|glg-K>_-mxf<{RIpM?d^mU2uwO?BrYDVk67xfD$1GD`TiaG}>k
z$jN8%RaxroRC2c?k*kZY7qJXpRMj#yRr*>*P+DEyeF^1~S(@_K{i>ytDHp=>Ij2{K
zSdn?Bw4Wy`%S<h%Yy6%@7YPYc%4gvU_WT?gMt}WzdCbgIG%-cGwmi!o7=K*tHAw0;
zynGKvol<uoX93WgR~PU-8rO(DO1WtD(?1Yj84Q=|IZ&PoNrEuOs%;z=r#C>(CEi1$
za$%-g!Y)F@O1Yxj9`Q5h>`{-}p(LeNeNrpGj?x~9J8rsA0Z-HjyF0_TOE+%yu`9$^
zqLa@eBbi@Nt3_7sO>Hd&-MtQtX9!=T(L9xgE>fUY3z&Lm^19J?Z!GF_VGpw%%X7>A
zLra`E_t8ko`kRKgcPR#N2iPk{ZVSc(a2dDw4oionaIYQw14dmIWc*r$UrAm}MHVPV
z&#fUvCUUx-f3vPn3U*URTZyE1y4F1(_6bY==>cf4aq6{vgRSV~<JGmznD?|>$CF34
zksNW~&;+0Px9}Wa$?m>Qj0%yRsis4(!~9l%g)BNrpC+6YYZ_@pqpW%;8DI8|VVzEJ
z|7i+h^?a0T6<>%apGAkdb+n^*fc2$kYomDWMcJ{Rf_#buX3e-&QK4#?=B>Lvow^je
zY1eqcAR)ya7#tfR>gh=G9bV2tsS{<wc^7%dan3XPLo!RIo_8$)oF!z#-ba8aVkoG)
zOJ^RZYXSTSnFJi>8=>Je!SudYj9oA^qDunhw!0W{Tp!C#mlxs0t8Df>F*xk0<4%9U
ztHi;XDN`~Uj=U3#A>_uJYe)hbPX1#1eVKW8@(tbqzsfK$r8zR#yLQyt2n*f;n0}RG
znqcf1r4d^7T7jD<p>I_Xq6|y*MU5}d!;Z~&Hb;1y2Wmbvq%n{NupQQ@@v>c5H%g_~
zz*ueesc>5idCwQlQG6%MAi8lD3!CMr3_}`j2N~{(9M+aRsz*0`_c%THhP{g)b*cvI
zGbACZKpB&|cWvH&Xr^6!waRAD&048466z&?O3LNwwm?Oml1`vK*$#(e%nJzu>Flcr
zm7~|lth%h)t4k`!CmX3P&dn_Iz1-K6l_tncPDQkzhl`>~`fH&x0!&_oMk{&>s;>qg
zmYXjdzAAmirStS;Z!-4YnYS=RG(>8;7IUOTK!r4U7TM*L;I;B>&WDVYsb5}G(D)nq
z5#(}1&Qsc34tuldzn6uEK#3fN^xS>`oXp2=YXA6PY8~$hLd93Ihwuuga!_sPet9;O
zYq9qAEQSB9Vf&`0|4dM-K{`}K)3)#WMvo!B-u5d;WATR7-jZAMj9-6VWBT5@boy(5
zE!4^o^o{#w5fZdpNCkN*^eUHj)1y+#1Gk$?*}L1DR*6UGdD^6W+U-G?b#(RL$%!Iq
zH3jmE5#!y{O~%c;ZhNEe(6HXj6cALH@~!qpq?Bd^4D<B@lH$BiCZ0KNymhLfi-1Y-
zO*+3XTFb3_@zUqSkc{<7=^O3v>jAB5jJ_6sEEZaj8X(F}(&gtz_WGyEZwhV~ytn@O
zMS{Oudj^4Ma;4-}G~z83Q?8cq_YP}6m=}a?g>ws$%#xoblL06a3!~1-uQI=cGP^W`
zJpa(da1@BjKf-@i=KP!U@aWmxsn*z?*h>z-6ul8(5cRac)aVH-(u=ndGoS5~TU&e>
z=puNE$X`oH__$VCS5Rm5#nFk|f^V-Sa~YPdGPzu3)K7=EkWxBM_odE2GE<~Gs|ZCf
z55$z)AiA*a|Ndi^_!Z^Oq{COtRrCg)K<ljhY}<Dr`C%+1*(O#JXDr&pPj8LxLMs2V
zekRO`LJD`YUz5OA^X_~e0h`-C4Y$_2o?E7i2Ad@X=yd$k;IcGakVX8Kwqk7%?i_CG
ztOeNvrXA1W?&y}<LL@=TNE$ed`lc*6@zrmRx&~UW_wB0F%ql{Qc_6^LFMaV^nX8AC
z+ie*-ef#oV(w<Zz<{NNuT&9gzI*q1M3h9ZW5#Jgwiax^02zhtiLR^$7CK_lY^<x-4
zE8yfCbAO)od384<t63apTd7h13OR%GF=40QE3Mn<l1{hB;ZZ@#og`PbcQFB2v?3rE
zGyP)TRTw>MF!R^^fS!Ztkhl5z+>JcRDvmXIK7V!l)_CEf%)pvwB9An!b8G<>30=GY
zP8S%)=`AnH%yjq!Yp41RNqki58rYqpf$W7cvBJ%ru6@(hDm+MzPT;BhN&i#%YHdwX
zJH>&4PHmj1w6bF(7Tba<O1AH_k!GDuwuCA9godwfCYeWo@iUn^9o6)4K5MWtTl_oe
zC`+bfqfk*03n+LnHgWVM)S=2Sv{gC{cc-TsgdTk!DkWjMNolZU{RTI7UaM7wvi9`(
z?zDHnivhX-dv-{lPEC6HnwT~XzwX7I4NburgX4AoUC>Kz!|9nl5x8W!$@pTAJ+&Ek
z(9p}0=D~S`C*v5rV3#9Tf=d(65~)};OZegzB+YJ!pZ1LADo$eL+}GtvsPH3{_zTK)
zjzk%f@xB3=RGX)84hOjkytMMj0k?ytFHNR%LG0cth~3LaYo&XVArY3qZT?ez#tWQE
zqlrQNBZ08giT<qR^1XO6ZE$t75zV;}z6^|S5OLpbCAxA(vEqWS--)-sgwR_d|JY>>
zj`GYX$vLc5E8r^XHiY#ZK@`T%O?002E=>EzwU4oezL^3h8Dg9YEeDI=^yP3pbv_i|
zM!7rFbZewK-2K|AAn0hlD=OC6b!P0K)hDO;Yo0S%5P`nzZBNp(x?CTp$Hgltu4M)T
zZM19EraF+SHsPQ|ftQ_#k}YcX#s<0s>T~;)P5p?WFFWuy9=rfxX3nuDz4t9v;k8Km
zie56Ams(ydPU=_u5cR5iZNJL1rjx|suouw6e3i<%$llm~ChDK|xIKWj@9dH9Q;E*j
zl@t9~mhmly5Uy`~f{w;(`&?!q;m0wvA&Fb5Cz;*FlYIT!)L`9U5YZQ8603`~pSw{<
z(1p%SZ#ki5<iPDZ^u@RrNl9We@1s+U^-<8T4`qOFK;HWtGjPWHp<ZL{)J9{sIr`49
zPdW7PHaeEsbmF~bBENPRe@dHV+-sj@WDKVphfgD>Zr^lFi+{tNWNSp<$d?#?&h4aC
z*Q;1)_O)6{x>i-$lHzKQj5&`Ks5H7RZia9UG(>`ls{~3VYO0<|eIFC7@TG;?FOfc0
z-7}_N(p%q}EE#W(<~8E_O*UrZbga_XAlk7xZ?i69k_4slBZOY0HBvCQp)p1(-IRuq
z5eH}Ki+&$ci=_1FLXYwp+SEwz!SPY~X*pcEyy#2HNjsI#C7qzl@@Y!x1L_--8uY$x
zsR6yq{t2LD`&BKuNHMM8^yahn9_?u1R+fC0EL90*>Nm;=gg76=Lm#6Hp^K5F+hlel
zPe*yndLGwCe1%mhZz@rsLw}rqEu2G4fbnLx)z!&bEDQc)#w1q=y&EIwN=j$Y51!Ar
z+dN;RRTbl5aOkU1F1M}0y;Z#|XK3JA={;b`K|fniYUQ?h9*IE{qcwLz*D?3VQTlM7
ziMh}o!z1=Qrqe@-Mb@bLVE!|tHcR2Bs~Dje>R0=_+jRG9?bLUl4_6RIQ~CX5tYPOL
zlg{NTOfUEkRxW5V(lS%0nl80J`~9?n>s;$Kb~~atZV%2F%UEwIDgLmR{i63P88LgW
z&o5z~OEx_&`dEW~<um;bm_q5Euts|?zx9nLc4Ao9&|RH-nxVc9GxQ=)xY@~Fx#|y%
z+c4J7pa0NIr9`hQu%7Ia$CYp3q6()z-k5xAwlyXEYCoWfxDx$2f%f&3)Y}fEUT#t?
zY3V5=rH&&JZ!(Ig#>U<&m@}d}xkc1E1_X;}$Q{`tg<7aAbl4Y<&L~HH<G0l2<ksYt
z_pok|-=F_?joboj5gGCuWuih1)*g{I8)S6^{DeaMq<wfF#X_4{)SM>S$~<R|WHRcf
zxT|p`YWa}x;;5ZM&a(M?RA?u$QX0Ok!U&OHl9`F|UNk|QW>{}7G%wuch13mvw1ni{
zSN`mt<OcpQk0V&$lr?X9zqj&nu&>2Paep}SJNkQcqEFY!H@bgTB{u~KaF+cEk^_6b
z6}gRGMtt3Uuldh8e4!VXxB|_ucSd=x8h*mQvUX9-kGQi)B9<X-C^&C6nl51s^ojm<
zbhPw^v<=hwDVE^^r>lnxc6^EbzJ&ar2q3v*9wFT+Nn^LsY|++3)4?_Py{%TBjKFv&
zxlshLLxp|820OiGR9VvYpRr$)O-UQU10!tp6h!=jxHVNhtn-B<G%y`sq>2_O32`s~
zX;8Svcyx+!+N@E(GZ~`>knjqbMg1=#Tskr2SJ89DVH`}22v#spOf-Mf5POsTE~4SS
zbo#R-EwY6JmnGw_UwKMwUST&?4F!l_Ks3O3MX8^HDYYJT@)_22P$Z&YaB^Ao^j-qN
zG?;}Wa@9O^db-4!B@q_HL;8upxb0U>^YOY}qg=*Q-d4E6L#OW{)uRrqEg0OK;UO?}
z6OUh&P_1WGK*`tesi=0yHs&fh{Y<w=jt2$q0%RAIi&^SyrJ`MmWrIIS8xnk#f1kIg
z2>5>tpS44f=D3rrzwN(3fyRK6-Y;;t=dGHi(8H~AH*NmtA9^BkW^VaDEa<Rl39Nqk
z-Z3cUxs1DeI{iy;w7O{LJIOn<Jx_kyi$SVIN}H2f4@<mt*P(I7HOu12n{scMLfZ>l
zLOjP8&!*Utk4`@!1we^5C!)AM{q><a>jT7!`V)B^NJWzkz4azN4<PF#xLtNfd;7#`
z&~kk_eox8SI)((;)akumgOD_TY%lNLt@Wu$loIrFI+{;FPUR~Chx|30O(?L>=lD>e
zv%edZ?B?@^<2-`F=8tKiBWZi>r}EfruUE0%z8gbTdG0B<Mt!Zw?Go@+6<*(ykl>v8
zw2rhFK9vmBY&+OG<A>+H5$dl&UA9GKk}C80wMP_<C6QOY0#xD&<Y5tv$-VEnmCJsv
z)22Pcq8o+-`G*>DqqZkgc5HB)a(g@2$DcMM&}?CWU1lG2NdlG4OA#a9>upC|X-??@
z-15`$eze2Unt}(pVc%vdE5L%V^XFkOIfSQd&<**s#s1d&WJ0LfFi`LIB`w>wg_Okv
zB>3MWz4g`yLFTs(*RP2rNC!aZA=@Ooun!~ob^H7c;Zp=C?xr&^H4TJ@R>eSQc);DZ
zElYM6bBnf)GYw7=D=`z{*(O(tw%02kDUfYA;@)LbLFp&dC|61TcP6OM&tZwLe#YF7
zjY@2D(=^Vk;{|Jt<YOi%tlyriMgHc<^jcG+Br0qzVKBjBt*(7EX3LL=M0tIc6{Y*}
zEi=T%?QK%$$>I999C+c}G%!lALby=lkHI!|HKTfPexO&|xjWB2%P!}t=m-xJ(52?6
z&7UHFhQ~?01q`-O1jj3#NaEOC8h-G4k{L(~1Dl==AP2nfm3&94dOL!I$41#Bfp#J7
zieEZW`Z>##ujH}mT+eV>(pMa8WLw)ODI52-FKA{_T?k3Xh*jh%gdugrh<+eNT(2Ea
zRH;HT1NNr?1`@vB1j#rV{Lrf=<3Onr%j`g8_i5VeaCM+t@z{yN@T>u*^m=*2%06^H
z+^&ta(e4Uq+#Tzp{W$z|cFpWL3@(>FAF)|1d&=^o$4JPJlutLWQPtL1jDL>p9G`bT
zu)x>ll)9ND42rSe+xr$v%a^%6cBpR-)xH9mhsv1iU6vnNRaM7N3k>Am_=>Y1x`E8Y
zG+VOF#Oe^to~R%8G;u>YKaITce33dTHC$rsOkPFBbP%!2!ufm=6sUE<EjAn}pR_iu
z5X1b~zR83p(8)&dlxf|i?F_Faa_N>&fC1Q__VUE(IgaO?MA<&)JjsO3tGjQ#FNDM1
z+n@G&J;Dr~jKl9Xx3Bg(K(Qw+uC~_iC5A`}<bp~tYw+s$TXk>oNKg~IFH;Pouwuy%
zV1DX(Z+_Y=fpUPLBV=PGA_w0Rq}zwi116Y7$jb!$y>uP;!=7*l8YF?r9s&P5m$;$-
z`VQ{j&_j6p1H%gjIRM9{lh}F}Wy<`md!k6ggI436YgN~P^(y-lOFboOHL-lrwlw7D
z&tKUekJC&WckX_E2YLnU4!6YPp6~}bjDG+iB%~nNX8NG8E1(j5MW9_l%nLpd<;J|#
zagBTTIfPvH=f%^o?l-Bp4umM*nFSAj%=qWx62q~xW`~wsla-G6Y9lp??y|1v`oa%*
zZ3QK3aGRu7<AdzOU=&+>sp3D`hc(rw8#0;F@j^)LCyIYTiwr3~@A$v=r)#3X{xtQt
zaK4VhsCpngKS;nxd=ft2P{caq?DOgM<DM8IJUrHGjtm_ome<&K;Tfwh?+s87S5tw<
zvB=COBj+Cj)XTk5_^F#giXYDt;1p@{#cl7?4`bg;;3XweZaDU8Rog9Fiu^jA<yp0#
z%?vlyVXwjrIKKWOZjDg~_eX395)rIS_eVJwslOr&Ohas35Q3*nz>IhjQ@AbP(8sPg
zw)BX{fjEogsY7o|kU;dIn@`hoq8UR+l7#jU2T#tL9K&B?f80+?BpDZveF|LQt3z<O
zML3DIB$F1^fAsFO71i<a!yUhfK3ym281V`7Hakj#@qIayI9(ATg*xGR?|}N6Ct{a7
z2_33^D`8NT&{y<Uzv{Y!X4+|D1@GWH>pGl~r6=5DJm7pP4+@DtK-KSvUGwsY?oxk2
zhK-#~O(Xam%6aMd6*jkF+P(9sf9#CEV_n(a0xAeT^mV<?whC{@3_Upb|H%I+{^$+I
z^6=6MC>)>M>kSDQ<k;a55;O&=dtYpB_<s<5g=65pI>l7-@{fH{H8%n)GkZrn@)75w
z;^5X3*RJI=<8ZC#JlO2coDP;D#YzirAgS>^ZYBn0`p&_AWG{x;@vEd0N4ROLx<gBB
z`w)Tp4?naKPNk33k=m_ki0-5IUg4oo)7yq99YnvHyCEHH76V@&Pa2Jx6O*X!>Yq{n
z75{aWb--EUq4+^GcQzSb>?I)EyvqMh2F^8E&3(*Oy`fS#>|*dR&*=U^sqbSn=>xOh
z@OQry^d{{%T51nOmu+{cz?G=94lzN@qXbo^@QIhM|0~8!VW-w`ggTut!8W$-DQwjn
ztHfmP8;-UuL;F=iM1y;wVeeKS)c*zj+rPwj6VhhV6KbqLw7-yWgJfv9*&@kio~YY*
zeu@J>zjR1Y3Ly5dVkGWiI0{~9A$ixmSbz4P!U)tEfbCIQX*Kex@;ne2TKH@<2PmQN
z2XJ%F4j_%y)(<=_zaJ<642+R31j5#3wtYtR9Ron%PyN^wD9}U}QLVa4H$s#CfcCVA
z01=!~(l+LLs9ftr09<SoQ4-(E{RgQv@ilEFYam{FMXd7ANA>*9eJI;V7vemWsI3^E
zm`9xpWN0ir9sf1P^-yC*cqnm0o^GEDRiNg_o0ZuP=pAm#J(RL&@WcyDpd7YLFAf&m
zb(K}m;8_1@_V5B_!|th|HV2h8xt+p{>;dyAGu5A$@ZJ&LQNcgGWgvjFT<B#lS2<^`
z^gj>zUY=;djudIA<5H;Z<G=H8Voi+q@GJO>Swu}<ZoF&ZsY&fWtM|+nXxakEE~a2h
z_BXMy+QV)FSf>QQ-^X~nvgguz$1nd~l>a@%Q&7>vYup%4AO4xuJWmiRhQ&YquuX*2
z_d700np#Ky0{@)++b(yt#do`$e>U+wLN(DsBwghzsu^k(zYpav1xjviX62O}{=PB~
zuqs~<C7>IW3L(X~2q%+P@Kj6PcvvhHGQ6XPzl)4;Kd2Y(uLZk2fg(d{4kH-;@c(u2
zu&#Xm@g)aXP%&e&4?F$8;@v--uTiARe@x-;b*}e2UQO3B#Qs2!9mBv~<{nlU^>9gq
z#}{xTK6|e50EPF7QDsPPi8W{n@*Zx8XW)K*@v`<|M*we55u52%GP&uXDR-IY&1nxv
z9vh1B|4IBqNIHo-1L)NRMN}H(yKcROjU}6eaz=n6=64nolr0!6(#qA1D0sG8mE}5L
z^Bv$I;U1R}1s5g_gzJ0y?H6wS(_SN6xgGnE>O%!m#rA|Z5-vO1+6d4jNuX!-M=e+W
z1$*!|uf||#HEzS>s`i8~#1zvK+9_q~k*7iGpHaRFr{;W(5rJe9Tj=hr4W7pC1K8_a
zWjCs`JSa_ApYZ=M0O2zQgX!PcPq)c{ddobEIniYpsE_zoKqgn#@@34HJVYlD<-(PM
z=<PlcA~v_s=FMdBaC7dH)rstr&e9@5zul0}sd#z}!2p+7W6+WXNn%HBJTjn@j{+Ty
znK;}vJ6k@ScXwZ{vE026BXb3^=RxlsZ&e+9@qd~qg{jvp=UgS1OWI^M7X<3P$eTpx
zlPq0}(I24Q6utwDDP;SfNajeTN9FG0!P*HTRKEe+&J-_mre0&8h+n!ooXW&w`AIRO
z9u7(N#&GA}R5WCHccw-h$TDqB<1y<<LO%~M?1!6|yEfa3x`8GEh$~#`BA%8~97uN8
zKsZg|j}2CHNSn9c%~X`ck(=L5+~})$243}%_PTfbifMg|_5Xx`sp|XR8l1N5W$I~G
zW8MjqBo!!c1zUqyD$;dcGWe6XUe3f8jw{XH?{kzqU2AfNUF=qrAVQeJvi1fXjPGZ)
zx#HMw>{fHVVa{hE1f@1MR|9xn#H9fh&mmV(PF51Zmjoj{$>XB+R*3lw4#RS%6S#!#
zA;%7pdt6`h^em|{NI5xBMuCGi+&l9_3E`VCZinG2AE^nTYApVZ5)pbm0FAHsWWpWf
zCtentk=>V0C+F2P6~;5~cN>va?Oy-%HUIo%IF-bGXy~^7cW?8}1~k?A>FlM*!TFud
zO$XxUT|4<?61xjj^Yo!r{2GWglK>8P;DcHHX5qwfsW5Nt$_4z+i0}Q%A;k>FCjrj6
z9R5g$t(2g%zmZ;;jF!(UQiwZg+@sV=;WYAk>FMsI`&Z7dTa6zWW3Ea77%Vrs<DDvT
z%TQ)^j48ZuOO22%oPtDfYhVLn^v(>>!6}D55@dNE9-dEg8(dBv<}<aD__-ja%5szn
z47(ryPSGj<e5OgMl*@X8!}<N5bg>hHCU|DIp08XB?7?LCP$CyX;|E?TwF<*}PJvG8
zMACIy00yx+ObHc=u6<4YPCFw$03*>$^LFV7;M9(NB<S9A;%q<doGzgp^KBsc`Hw`G
zv!Cmqon;z{NIv3I(UK3f6}?VFAc6a^2<^nr!PLAY5kUx5f44gw;)>ZDm8NQ;U~Q_`
zt}vOo>)SlW)SJT>>@3gfuIW|v=xLrnn3sI5fGjq%Gc-si6av1eVMn~Om6z3UX7d%%
zk)Z^?3N<6AhZD;L(m6@zF$%K=6QiAB^Oe!^xhEXY_lX#LgpzG{-d~6-AypFK#V%?|
zrkU@k1%4OKA}rT~uE__-XpV?_isyLGXE+3(twx8mteNqiWlg#-?C<5P^F->U3x^Jj
zLx_W~>*(4STwH+D@H?-qN9{pZ2Ioe}XcM&OYc9WEQzx<cml_U`3*M(K6_WaL-5;kg
z&t=8J*)bKC4=o$l`obasoq2u6y&HO35Z7~;DEf1KXrd@fwtnhYj($l?rs{qFhY$nU
zllnn-&K8n|CU<$GA)g_}yM@CsN4&xJ6-6UU%dpA%I?@iJ%&2Dv>fz+JCrXT`lt}bH
z=2JSXm+lfUevIQ3LAKD6CV6s_3PxT1;k0?Ebl@?vQOO&Uqx-WCK}_M20nZR_WrGmn
zF4adYS`FO{?iT$>Dc%PvNXsK431_eyQIstKVhUY%6}1b1K94>4R@b9i5{pia$Zz5o
z2RIkpJ4jB>*X!XprL<zY++0dxcPrws(-(JjxZ$m&!tcxkHfTuoD&{|pGB~o}Fy39t
zIGnCAYOHqRr@{dg7+{8Kx6dy2y6x&;QqE8DI3=EChLYWnYC3&~!=(o~g$LA^&c`x3
zh>wl*fx3HirM~u9uu=03#RP--O!TU1$8ttl6V7)cGwjQhTaIS?8ullN?K@kFGRsfw
z@Ggd<s%mcMT^r>_qG+`QYita&uAQve4^v>ESN)}g;1u)c@6H(=D3ON=?l`1Aa}!7z
zh`&fznD0xitI@>5;@n;T42Q(%r;qeFq@~A_8=m?TJUa}K(Xp{7yG-09@mSFE2}6zK
zc3<85(qi}ErGt5}sF0xTp+6sWQWOK40}qc!lxmgvYVT7Gn%Z)`4D!UHUS7Y)ZddH3
z@<)^Vy(HLXR-<!dVY{RHE${GfwNc*`du&LUCSK-(fi&ARN4I?FFa^X-j(sjZ1|1c_
ze(p^%!KW+fpusTQOV{|iP;2EVP{&=x>bbsT)0>NC?9vd2&On^#%ae`QiKr{$-_J3r
z$sfp{@6>qOacA-Of&YpAmWTF)4QBs^e*rYr7~S7{oVPLwhBD_Xd*43pxVV|Xwk6Ap
z9zYi#jN6MoX+-N7Alitr1;>6qs_9s$5bxEe&#t*4gVDFeVi8V6l><ks1EMi8@E7K*
zpH!q`nY5y0ET>hhSh8_eawrt?;hCK7G$yg4cs3m0$GUMCmGb}ovg&A}`TVNfcwVCp
zPG(J#CtJ9;noDS*xrs@$+LjFrmWY0*JCf-h)+1YSGw;Ap24GK=Y!yV%SSL48Ex4L#
zoAJM$f&JZyM`-(Iaj}^Tp5<=)%e)vFR#JfRwL4r74jNSy&qe2PwB1cQsFhrxPo-Vr
zmv;}`rwY_qdcFG$9g2VWAfU^2e>d>TxafHjapnO9120YjA`H`SZ?57cL!<u_*ehMF
z@QNJHv)=wo_JWWN2jjYBlS(-I&aH>^dP_Lkp1z@Z)%>zBjC+<RbLq>o5pbL{zGayo
zZu?#K@ucdg%^;Z5QgmG8)yk!>9ekA|7_`LgnN;4qI9f@I)(X%I$cSEQvtI#fLdB7W
zxVX6-)X|T;4Ain52US4^9RZlVVeJa_c(0NQt}FFem`sP0avM}UpJF|?PQ__oNEolZ
z`JO@Zrk)1^DcH4jFqo!)EB5p$oNm-`vKa|t58QZf5A)}#lq;yKf`pQtoIX7|K5BRO
zOY0VSww2I3y!6f)-i^!OM!GfAk>2!c$g1}Gq#9c6xNoFO_#TtXroq0`-iWrnT@rkS
zUqX4XHbcSbcKD7-KadCX>W&+i$ySFphP|iEcGXPdx1dbiZolufaUq#tLw9_un`v(S
z9O#0Ams&-sfMOw!h0n~}x$+!x{gXaD_UJ{R-;d|WA5xYB@1$R9Dcujma{;-<IUo=@
z0{%<KJyg77D#n7zoKD{r3siX(a^;`V00;}L-lVAaPqxN;FM{R#6hgF=U;Ao37mFpX
z2_k4k!vQBxnmGEfg3i_mLO0G=$TQ7)!$NN}5v$hnAJ5A;+lRLN3iKDWht9*;m8@PQ
z;Buzci;10t_S0Ttz%Up`DlkaEWsI|!sTBlL)--vF@SpG9M3xs3s2o<5w0;tpik@ta
zh7kOC+@>pFl=cY12=YA0Xm3=1d4)E|UA}ZU4CN^@5LAu@{UK_eG6Hc(x5n7bn4Qvz
z)Jq;u{i{fV1<O5MO{k8RRM%xj5Oe6(H<hR@#Yb#z!>FiP_`1#jLOJ+D$tj&P^%hJ<
zhtsbhd@%IaWw~mF_$YNc3dnSX@!SfRTwFF2+mnVm#jJzeWuNZPioEMEiN!#M*n9qN
zS2k~Z+5d~ooTa;T0&{1{GaE9?L02xlLPvT_>7DgD%gJ<3<r5m7U8x;4=E$QK8l-4$
zUrS5eHO>^o7#@!cXfml}%t6!$?mFJ|4#~`?24W-fNh~9ky=0sM^ja8h1KTQic0>1P
zt8D~<DruzH%Y7Zf)t<;exh$!jQzh`L!fvxB(ZyGnpqp=&2Q93sqBvJP&`Kq<67%Cp
z22SzEylM)16NqmA<q{I}3s&{rmt?o`XBE4nAE+rMrb@$+aq7e^#g|VAB$U0anW4vN
zXKJ0CT1JcM(X&6cI!DBlg^=nZcjf!1Q;>$rF0s}<aR@ew(qm9(aLd+hK{?b-Q~OQ1
z*L7|lOv(EKLNQ(2)>=n6xQoy5iPOv~4%VQ5{daAibGnU(^L43Px-IovC`$2;@obf=
z!sE&P;fT{;^7x6+jQ0Y=fAH%(NO|6{Q)IWpu1EuuctbS!%$~ZJRbE!6684NdGbS;t
zzTH8EuR#heM)4tzAJu#uvKUqmF8V;iYWfRF_{0I0d2>Saoj$j|qn9mu7cm%qm8m59
zZ|ZbJbin91C-u>L&9hdj@aj85cP^n_Hi>{%E_d%e{<__-<JWK3q0ljP`r{X4J?kMo
zzZaZCTk%uzZ@3-mXmmDH?`b$6+CA4JanRIY`}7ai`$k$V@`}-ry5f_;9-6n>K=oR&
zPfH-y9zj)MAn~0YL;gO4K@SQ>m6iX}bw>q~0luu4^+DW#xYhRbm(NzZok%CP3tr>p
zDSbPz=0DF5meJYa2D|{=3ltR|fTlWABwuA;7gl>txBhu?(q6%0{b<3CE9k_9(s7ki
zC}=|$0mAVn-vB~2xZP=Y6W{5uqkh%peW1O?F}lV|P4B9$J~DQEXFdCTy4tz^Sy5L_
zEdhNXH}m|@7#<z6m}w7_ppdWkL<p6?NzcK#En(m)!*rsUm(tV9l93rdtY^9$MQkt<
zTKGW$=&Y^FLv5i1t&~#+8D04@f?S{;K1fX>=b0{{bYjmftqkDb$yuoX7vXyuAY}w&
z4Wuxpq#<~Ix#}M8xoG%9<mNIPQfFEAPkr9l<Mj+3ZgGQ+ok9O9Cx#n<Gsa47^$$}N
zUj&$o6*Y$CgenVT_7A)BNq#TFV|w0uctMhyf55mrFSBBqf%9ee2yy7?LpP@w<?FE+
zt{65CiL#%dIc)e$%IIPblVa^;*1u!M4HEZ)J>?0RJ|Ta->5D{5<u#d=bDa?!4AAav
zaP9px`}cU?gtE^_6=vlxYAW=RpPrvr&pyBGeHi~R3G!I#c}bhJ;J@d6w6CLJ^{-x3
z$}R{|=uP*@v0y!MDj~R#<Svu`ck0+R?EUe&Y!2LYVg3d6@)0=?wE^~Oklq5VUyQ%m
z1T)W%_#0NC|9DLF{c}A!F#3|pb63|#V1RI&BLsP(xw6NAMJexNy^eIbTVaD=T^_84
z)4P6Bf>qs41UyHZp8CaPm@3~A&PGnpewS2wXs|c}Jz<n%jWuSDZhKDzofdCZqw@)N
zwfw@JK_ERoQr=V_XD6DuZ5{+SV6K+n=}hji#;-FlhFfSasC=o31mjOGr-Nx5q*#P_
znJuXtYBvyCJ?eMP7=Lb9#k3S_!@a(fJoZEc4cc@;ZB7UEU*+GI^V_Pd)rH=VSQpQ9
zP$@Dc?Z-(ucdl9Nu2|MVv?1VR2NqIAo#4G&Ac5snT*|fpVtxvP9(i+jtL56NvAe)i
zeii;y-q=<Jq}6TCwP3R?x0NbNC#4fyrd<;y2r>2NJt*=6!1yfw6XQc^(b=6S3$1l!
z|Au6_@Jw2t$*<h!he((N_ZLbW{Ofzdck=4>d@9f9Q{0mco|yd{Y3Y@>4)0LjKJkKA
zd1GHm)=7*E4a^F&sp!p0A+$PXS$Q^&akoIKxR;)Xb{0{-_5r#<l2A_ClyO6&W`Jwf
z0u1*RB219;3ZgtpLx6kR?2zrQS>=h+2E7FaS7f0x`WBUY&Rt2NMdepFl;GFlSLrRf
z8Q4KEmjI4Sx;h0Lo-P>9J}GNE7W#&HPxvyyu_S#Hmlc-203=_$UhP|F_=Y^TeOwc`
z(b6t{4Aprm75#=uquyR)z_WJL1@fdmjy(ew&*|_OVMkXmxXUn->Ioum%#pTA{1!oI
zqhBz*l8O5)HAp+0{x|JVQ#^Uh>bzt*3!dn$`?W!08@F&1R$J~sGe|p33HdAklZgb=
zLSzCGR4V1)-trT{H+X)F`6?W2L)>RDfIIoR<rT*5(w-a27atpsy~w<A@>kI&H*HyX
z7LHglWNn2)2^OY%lkVSqZC;lb?x=~1NJaS7;7MYSMrz}S2u<e4*n81W9TV<D{aVu|
ziPh>|=nA%9;H=*L3gsT#$n<~G{SgHj=@k;xi53s^0zXkK)~2sEZjPjDR`u6x`nfi?
zjKYsWTL#EILhcPLu?p?(biM$yGwR(n!1=@;!9S?}KE3~=`ukM=UsZn?j{h&JKVes+
z?XQD2=#{4P6iz7<(99N?RVRDGq1`ZeiBLX=0_C~gjO$_z!?@wK_7#*P%`X`#$hnyY
z>=HHdX4%Wb;7w)t2CR2m1lg@N%WXwcTzBqW<bJNv{*W?LLm^iCpOQbi&;LmNmWLvY
z=gsDPu~x|aB>OuTMS}mqd=Xkj0|X@oZr;phvjegV_+_P+U$94W1i^GvSj_MCr|Ve^
zq=B)m1|K_J(ENUF57ox{tib+f$sf7-^Jv?Zo3ATR1b<6Oa9H6{MbL=usJ=`6fNTAe
zazop6y24MTD(Vr%PeZzI>?ynOjsC@j|5NXm`A6>;vd`3cQxQwjPXs(gZ->z{WfD~_
zL_3>4SOiq;))s>Efdv|{ygPUI#3#ZcC}ZOK&x*e=n!xQ2t8f2+z6Hl#`gXB!fm;}$
z`O_Z2RcZh3Yw!s+ikg~Q`2>iW3?4hG=j(3|exof=w)#qew2JT;!61rURz~0*`ACyd
zNgr@%C2i&}HR_fy8q^|O-_I^iSab{SKXEH_eMQk*Q$RMDuxgn-DZoZFW+!H!4nc1V
z^u5nI3@{KET_*uPH|j-xL`XMwz09vj!08`5k;6S~>wQG>q<+sgZsoci6gX=yyuE;Y
z<166yq{1rXGOPNF4>#(6p?!unb?3mJUF^C2I`zgv3U|k0a+es6*TDFHqkXaeLHiOo
zY49JL{GolszFe^5YWKHu7w`K>M_7%{8&iswG;h+XI5NBD5uXu=8>2Dj*=4_42&16U
zcou3kFHtueGzNxo$MfGCO^fpsh>%*M;qzo_nobeuJBkQ8<o>uufhEP{#e?Nl)5tOR
zETN%YcPS!+1<wDX_uJo==j~LxZ7IO<<Ik<!yQQewVoub5_Oqry6s?hOolgCG`U02b
z|1S9x+WEhc{E0I`_1dE);_X2@S%2uyjnpTHj<WA$?)UkLUb#!O5WqUQ|J9YrNvQaz
zPi5G7q>}N5$K2A$t!taIf4o^V0bcRp_T}zOVTNr$6H?GX5`=Iv)%NTl0iIlQ-F58n
zt%Mg!3K;xc*9mt3L5B$h3G_86_!zeEiz@$U)Brji*mCqY3U+6(%*IVjC@2)Ve#B*U
z`5cjeQ8u5&CsIJ-_x~dIJ3r6bj&dL?&VK9rOwhyXoOHej<4@3`C&x+nps&@}(FwGl
zHG<1e>?cisUMq)<6>0G2_xYZD@-sFG&=)npt-bpeHo_*da7?MIQYj-Woj}<$L4HLw
zUWiKF@h<0sEM*9Nq6Y{%RL5of+02YIenb>H-#WXC)f(y>f<K6tK(dWl-EF>+Svs$(
zqWtTF5nYNMr+G5F!PBiml&zQIoiiRB4!Z~EE(ViY|3mH95qxF+RgYhM!hPc{=#TTa
zG)2*Bwizh;>`1iR`CvgOq4f!pe@G)YaHZiwTwy1~cLiNE1L`?8f;9$ZQt85R11Xp~
zS`^6jMtN$w&)eetv~0k;P}txduag`Fn6bn<$g!#Eld$MC6TWhO8SiP)r&_NbE6&xu
zxN?yvBY)vQpU6eoCHQ9FSMUYuda;R#@kyth+vTxE<r8mT6ba0o9$xGo>yRt6=<x`>
zDC2Yxg^6YsMNVZX(WvcI(CNEcs}d+o7L<pQmN>>~h&K*xwS2$`oyP_$;^s|*=)sjL
zwW(F%`lj~(e?)&|=%KE7Nn;Nf%!38NQPSU~Y}nZxl(K(n$1qP1X>zNI9+K9AA7+2K
zqUT*4__Kq%+F|GWiud6%pzE^4tU&xr@K8t*9B<0<c(uNjx^8fYX+AM4{|EDU7NhS6
zkeYWi^`j+cw`IM#7ytglD+duASIhFU@f&2#V7CmXsS}T4{$tiH1=b7Ru|E-sYKGiY
zFN{MAL+SUxg{|7Z0Ppnz6DiWfKme|o2Bw329b!fQKP$n9)>K%^E-oWRE<o+DMy3hf
zeW08u3in(Lro5zKmf~YLU9LK=S=PfUhu|Fz?46A<M?U|3nETghbgxFd4>`<qj2m1T
zzn@&a|4UCG-}{FJhP|q-e3-a<FMzV2i&jNxR%RZBI?PJL|FBg3H(;se3S-JF(}oBe
zV<%m%sO4r4&(gwwF9nnzBj0c8^t9b;h6&IAx7-(NLWC-Ewg06&F_xj#XN=K1KQC!#
zSM{)cq}uR~H<*li{&~<W(E|Tg>zpJ2ZSJZtF-8A-;erIvgfgPu&#wQOBi#48mvNeR
zbZDU%s!Be*r`){v#8>*;kl0@Y?1ARk3=i&)yptQR|EIjS460*&+dYFr2p-%aSa5f@
z;O-8=U4pwiNs!>~PLSYkA-KD{yUX;--r4{Co_EfiQ>SXGrfTvni|*CETA$~>?(26g
zQEBS@wcIHu$oR)6E=2v0Q51?aQ}Pk2N&n9xAaU}&y|B<fyQIqi@`zT#=TH5S1N8yD
zko}$0AH8!G^c9Q0Fs=U2w7+b%eN?R5&*|r^H&AZKSXdUU$4hO5``$~S@81CgK#$?~
z>cja*jq+9Dtea~27Wfu(RWSG*PVdwS<k<d*fTdb4huOevz||q~7tjC1-A8v3QfIW2
z?#1G^&C}>IawUw3WMv1K`?SqOgBnjddww~j8&SvxB_nYcjOc&>p0S?))&TK-7(dAN
zT`|rSId@?YpWi8hzdZxm@p6|l5ODEJE#ya|G<|3uG@W*jXG5Z;mwL<guClkN)T+WK
zt6%ipZ%11%t_>E3FWtYK2Oe0&cX%Fs$9yjZ-}bZ&sDf9bQa+g$Cu|9hZ+)sUuCQ5n
z)WscutfRc=Lg6e2+p)l+YO=-CrKX!gizP9K(!E!B{BFteVlVV!K@9}%Km&;+NGZLr
z(EBX|<}GA>QYu!eet*Pk7rM`GDeg*y-SFE5Xg^`amEbB)@Q`Y}O0i^i=fC&$aq}ly
z=SZj(w}z(A^Cz-dVN_!_o24-Cg@zPOR_hO5O)lBYJ9P3#!9xLQNEnUPSFe99rJnQ-
zX?-WCv@fAFt?8KZc#^04uP(rvj(@uV1KqI%dB3ppoUaOIPL>F?E>7;YaGjUv<b>x?
zHhoXS&a?r@7|xS>71V0@c<m#@+09-%van<pv|Y#E0(qIPmXj}^RiB$>_oFQJ<AEu{
z_rC2{caFJjC7vhPd$Tze49Se%?`pR#5k(vA%s(>)e;4cPaf&Y2Z6p4qdwb;I$dR?d
z5X5aEpYB3)Q{GU%oo<KMPOa|(D0`NuUOyaIuW%Rwb-nM%a29`1s8H(oZ`0{Yrnw`1
z_H4Q)$ZXAs$pkS=oysla!?(<CXTxfaXNDZ4FT_s902crkR}Dn4x5Uky;Y*=ttp3gz
z0&uJOqn*0*oUKl|Rn`5`1>>Xt=z;`y0pEc}8NU5{st%mM&4Djb`JSw)Unyir%2(5$
zLiz*hpSf8B8Uz-c_C<kq#aw(K*f3z5P$Hdmg+7jHK*i(Rc!88~HAPguHTRAD!?72v
zWY5S*%;~GcGkdN1`cJs{yx#tV*}QmH1F4J<UR-8a)+;UF27vT<z$=zZwo>*P@dH3V
zGe1wvienJ;yng3oD%W|U{CPsPOhb<Fhq)|3zWVC;t@M#C3ZLzBv6{DVo$!Ov0F^=w
zve%Dwih<8`v{852{9Eq4P1Y?6<TTPBcI2SPhg%-@F8Fv0S3ZAXi9yGFYq_q53i$W}
zitPNFv(l1#Ws)SqP~T<VtavSasQ|bZ$_HhV(blE)?-wSQ7-kzyI8_Q2VqWizNS$K%
zT8EK96*+}vvshh1W}A(f2~^NI@KIi=65eDUHC-zLCVb^4cNH6PmtoYX^EgkX`gA@Q
z-F=iwLy5|J{SAOgJ4lJ^HC_v`MX$p->+SS0*oQT&vDTJW5-9t@a$%e4rE7B*x~}=h
zvELl9SUkSva%9`(*%j%Kvfr^eMcnxD%O@A8#f^iI3mG%Eu+DT=G*1Tc3_=B?EBxeF
z`<Eynv7<rF1L;xdEnA#VLS)5Q?wIf<jt{R99pFTXG?B&<1w1^$R~BkJ9*4xVx^@2U
z&K7;I?~yp=j8&KGkvb|BgP1NYisQcOHo2o~_TIn`bew^VLi8{<AiLR@r{B%i9^eYo
zs7SD|l@zGKlYn#>n%&do)s?@p>4%W#1}K@2rxGGkJF+Nw5!RHl>a1xVNV&6BMq@P<
zV*TS5DsJxkjIsG)>%7fgyir(_Apl5>oWS>~G>}+6Q!Mk=TbC_kpxU^`bq)#g+je1x
z7uiu~o>b|icw*@|)rSO{Fm=h3bKzMh`EA*|@PRnW?fxAbsI&;rQh6~SMqk-9PHH3v
zJR`LeV0tnB*_$`7{}_Kk{y|k{Z$0mq({JSv$==D(us2e|s15O4KG6AC6v#Hzs(P=U
zFw}O09D%I5Hq865ln~X33%$E2VD|)=3A@7^UW2j#{zv7|;H+GmC!&>rS6Q9@cAN0#
z5@-P}{OR#&FT%U!UE4)Qy}e!n$V@owpB4Vbd}0*lY6Y$i9zPJ!)xyC0qSuVb6(V=X
zingm|rGl8q%x8jC;s9ez^u{ucUb13=q#*zEciC}3HUG-z*_Lj^&jr0Yx!)CBv({%@
z2#B~WR)Zo{tsTe--Z#<Kdrfx}yTdI_hl1F0H-tQyFZkRYX{DaozA^^JQqW7xiGA|<
zt_tBJX#hXaeS({?Ci9D)7j0U#ler%2T;4_4a0jMd^fyGUGK&sw=IF>qP?t}DKwNcq
zRx`{SECE%r<qAFi{gt*hi0}extQZ>gy5f(0U5=AGUVHH(a76$k!;s8+_7PX731ic_
z+4GJbJ0-a3Dknjv&@%~DxlWl;)68wu!(CVXUhBt6wh7^<Jd(%N?f^U+X``&Wp31h;
zf0+ucnz@0vsmTg)ioHmpj4FSomIPgb_C%5Czl6nL^j#VN+?XkLb@1U_{TP&NSXILA
z3IsrEUKdCv`76GYdVf%s;w_Nky+GIX7Hj9mNG^n1qs1xRmAv%MTjPb=;1JJ0S^@}l
znLRpe{Ou>C(^m)7kxt1VCi?Dax7I~YI5ae3I|^YS+T>q$LM0`@PFQ7PY>M?Pkmdcd
zF>-m7`txnt38NagC_EWF{Tm+sa!BKLDPLJ*iQ~hp*olh`XBMMn5>80`0D#+qQa_||
zOIx;3sWHB0KHK2IpH)3pWAJ(W#dr?fJ#Y>Bc#zL{>%=q4kf#ZW@etDZsVh6lb2;9D
zms}=8ICgG7o#h_>jC}Ro^ai6<Cg=qHkrwSMJPxLZ&WWn$@M)-kTrTDBACvUWTfZxm
zYjXm+Fin|Wn{M&PIIi(i_=tA&de?0c9A5ik^%V07NDcH2@{!dV^T}*`2v93(&W8)+
z;93Z{`-540LnzfSlt^Kmy@@BIs@7G9)R!R_7W;cE&8H(Cdks<~?QvGcR^mAW{7zck
zHfMwo2et(FXP$;#W9K3qz$$4aP7rINlkdgK+M+~SIN|T4p6$Fol2H8x-~%VAIH=f)
z2b)s29nH#sVm*s(Re{u(0PS5YHaiMCByK4mXBVxdz2kv8BmFq|w|Lz&Is6M^nx*Q`
zOs!VNDa(e&nw+F<1xzvMjx?%fda{Y{LmtoCj4l(oVRiVQq-k8<bt;0qWUegxXP?;o
zWpR5G#^wfq9$Se7OOEsq0<q{6n%De}y_eBm^3y8I<{$QMb<1_P5ENPqMp9#+#&X2r
z*&fk&#hk*=SQ;s>XT}T2B0X|Q&CAi%h0h(tk-AWBPWUtF2y5e36zUdBChvSz%XJUr
z*S*{dVZh<}^e0q>DC*xdErF&cb}~eb2Ra=$G`h{7$G=Nes8?m%_}F1qXx5Urg7H-v
z|JJH-;@C?sDka~vVeud)YWK!4I&(N(x>6aQ`27|W(@(DxHvD4nu_l5eoTvS50sb5U
zi+(?4lKe*(UBEYZX}~z7cb+Eg%yh@#h#i~I=xioKo6<}_u+dwlrCh8|EE&(liLeR7
z-pgx1<_$Op&-OK;frca@s9abl^4D7<!fk}S+m&Bs=BD%PDPC?bG?OyFk!qP>d-UCM
zdt;p-M${L(bl$?{ChFZ~f!d~%)O@S#C|9hKm{CfN_)U&v87K_qQ!_as%g+smg<J=m
zRnjFY&c)o$IzJA6mgPaLw4?tHv$pcOnF~lH%`ZLl>OjJ<Sp24!Z>8bS6%rusO~(9?
zMY&e4+hgMp`Ab+I3_$TomE;<Yhzq8l-VEJP7XiKF(>gpT=gry&>!PnuXFoC0F#}J<
z#VuDQFjW@a2pYW>f=@>mNr$%bH`ZKk_isM!j>ULy4U=(2S7Xq887Aj~tURQ4+<Dcv
z-YN_O5xXP31Af79x=*wX8A*88Q2)sIOfa8<5*@x5jvCqtxtPK}vdZI$^`XIG>l{{P
zf3nDYFtLhY>xrJ(dbZMUl`Ev3Bt#%Ag+&4uNT+s?R!kWhz{U`nK-yPmqI)O;L`J5L
zKH#a+V3b-<(WW}xs3eE&*qcksefQtIgqs1DKW2RCyFWz?LoB8=xUFN+bZelAD;4NI
zZE^6tQ(%`4mP%j=o7~#1+F%+(sNNmQWmYP``0l<Hp8b~LIEh9A)xAU!YKO*P9<gkh
zb$0*3_(=>~$-1u#LCRG~x%yg%%4PTvBrv}1M{8SzGjXQaVSF+noODU5#rZ+SW86e@
zIu{L$E#$e=2h~AdLNS9cM$-2y0}F?ZeIxyBs-vfG^qELME`K%t9;j%&u!W}4_wI+A
z5@SpjrS(0PS=%9iS%g6|dZ?@``^sx+(y#)cO-Rd6csLzL{Y<f!OO%w}o~j+1H@et@
zXDQ8;IC{(h(mdLl3H_tkankIeUk4<cE0~?0Ati((e6XXqC8gZ!?iZ+}$$ncz{ZKf3
z&A1!lZvkG3t|4pLSw`gjn}U}3pLBp}vk$CDlh4Z+?uzowbRIYGPrIXQ8Kg_4f?+=_
zrl#327k?stW2z9I>yE%2N4M}eZTr9yj+?*%+-kO^-w<+emtx;%dL^C)B-H`dLO_44
zTiE&lfjP*~i&dSr%9;TvkiUdS-1wurux!FNf2O*Gk-1aHIiw*8Xhp)$x#_vq{o7t>
zsmZvyex?7&^B;F1EpyvZw4WLz+RY(k7fhnlHoX7LPG+bK%%moTD^ojCLR(sUvfR%b
zeDZf(@Vdrb+HY#mwm|N_(-T-%tFV`*iQC?>%KEJStoE}2fiL_>WQch?l71V_$8R~#
zSHbor{fvA_(mhrsSBLvXWcBv|ci{!&e{~mjQm+*S)>_H^`sAX+Xyk?4)@Msm>F*^P
z7UF!e{%oJuK1Mf~W=AH!h~*#;vQHQS^ie6i{>*O1q#;-EOpZ=&ZeBw=zl1++zeJvp
zJn6F-t?Mm5Z{M<ci&fg-LxgbSPjkdIRE^8%{s-}C4E{wktjpMj##S5Bid$>RE)O7!
zs^v>#E9~}89sk0VJ;(=MVW4_KJ3SLAL-klz+*v@6_2TZdv+$QLA#s9I;WMMKjQ?2l
z$dHTTIo>kUSmm@wDfY6xZC3e=`S4|Bv-)`E)1P`ns~AyZg$iZ%fl(auKu{ANcm$rm
z^#${S`a0G>E!nNIs}1VwNVhr~7ki?%;J*LWRv7)iuoZ&Xqilb(M-64p2e{%`dw(!q
z;7QJ@Z%xnbnXISG#e@s(fllJ@y4L9@aDq09=wR&@_xKG0m_}=~w_c0&<?+0whDO*%
zcg=0HCZ$%C7LTbtOWr$=vwZgZZ-{rhF5*DckjU-L5fTqKcRGeAx1|cyin$3R?Je%1
zs-lxqQ^vD3Y)^;<y8h6mDgYmpIe<Pe&J=yG(lU@j;PtQ=7w`bKGSm8NWlv0m&NG6)
z)Std!soqVh6%S+DNN0;3B;~D{7nEGMeg#Q+wk4!Y_$2*Bpi9pXEtDW(p8|;HRm_*(
zy2eZfNBVU~@}549#oPHc-j3amm2!fdUN7r!cv<EiNO;-5e01T|l1gTv0uMNL0$S4<
z#n+`yR(+{;`0zgfup|3n!={$xt^^^)+z;d#Lh%Sl&#MzfOZRWS5)u539F-D4L_*91
zG9%=`dx=i4k3EUn#nnHKo-(3dEKM=~7D`KxoIWASO}q@<IUg=d&6Ka4UMd6JQA#jE
za!?Fo$igbKityX~p#|sgtC>I`z|eDd<bdtNEBI2<?^xh@M6%4k4TUP4_vrqfM9(b#
z8bpVr*-<SD<#9FeRrTL0?lovA@GLi{j~4KVw%FnH{mhKR(8#_zY&&B2!&o}sFN)%U
zpQC!USGAxt?C;keI3P~uEibU{PEAsg?e@nO$eCgGmC=1>$AoEvef`F0IDl;3v~T0&
zBPmwzydJw$ztT?KdTc?ZyqZHdb4keh?3t2s<iZ81_>9n@Bc!KBlL6Y+s$3*FkOBaB
zuiuZgB3I*rF(We~*q6(U#sIjM(U<6qT!6SD8Al!XWANuRCrPT{8vXMzjKT*Fm|NWj
z_o#r{cZk;@)M!W|@BSv?gx<QRk;lk$0BUB=f3p>qN~g~JcUz$-$X4jm?c4S^gMRN<
zVciJ{w}}V45FXthuF@tiy*+o^(r8E<<@HMU)hiZA2@yeM(jm?a&J`e`yNGcHNm%S}
z_3?J$aQF^I!J1&^SB7vtpX=&!%64H*IdE~UPC#~k40~{rYS!lLRuG%*2IR*9m%J=>
z6gPMzE7-XA*<ykKCW$z_-1<Tc561m}<uODO60w<URbtBmNsn8*8gktTQ7~Lw5b{o;
zs;mHR^e20=k>X6bY7lyF6N`zWyr)I#0hgBXKiZ@J=R&~An}7%xSD~YYf^0Mo@UsBQ
z$iO%5zi^}Uzq1Tusy!al|IRX8vy1a)e9HCu;fCAwDwH{mUQYIB2>&jJfL|BHtArLV
zpYDV^g!!6J+<jBtg9H1R7V-rNfvTc|mxe(XO4!lj*67^Ju_l9gh-E1#*~xw?_R(*?
zZBHpr)_Pec#f7bXjcx|Q3^OU0!ptekje@?D73oBfJMCZ2>4#(mR9Vjum@H`qljRTT
z5`7X-pQWnaM)QxBPG-}JE>kTcDN}C|^WWvz5zgB7jJa*)?i5C<ZyWU!(ROTl%%PCZ
z;;LQ#8tqrG9H$>Y1F8pke)ZK{M{&|X<~(53njoDUie?n&3Dkk30lLD!_uHV^AGBw!
zfXXND&e2L)NGqca5P;TV6&iE(d@=o>ot^$FF$|w!nUf=gzX~CnyfsR{6?7946iOnK
zeESv!A)MtisifffAJLKKtU0YKr_&+$0lkA7nBj^IIM^KgWH#l*vtUz@4gHk%b!qqb
zo#}PyIOAW4Q9~KSM{Wj&kFyHhh09eQgf4vfV+|LW4T##dCb3k)?vh_`<K^Xy`<h6o
z=lKGHr4DU(66Yyt3_5R7A8^tr0dL{eyAkJv4Ma$x@%#_zaoh^=!a&9);=U2hOIRro
zhznu&l^d}kk=Va_m21QF+lVG*IZQLAD=B1J8rq?tuXu+hT{$mT+}=d~7h(JV1!2^7
z0K5F+9X09LoFW@|3HI024X+GdA3+ix;$sIK=TE}fXZ#wP(O)2+l_>QHl39Jiy36>w
zHu`?ey)S!_jmlhlNfjDschjHhY!vAO!{Ca8>z-VjEAo&2@ff7Vju@g0<R>ZF%vf{%
z#K?El%KCs}hzj1bV>Q+#)NH?zAX49W773UNQ#KSxYm6(vgeg6yrN`j}3y3YZBNZ`d
zj<LKMMY0SGe}@>tnqv#q51oo}MEs*N!h#YE@fTRoWaVZXLwpbF*8;jp{cq>eCD+w-
zv$7!EBcvWKP>jqw`#b7FvLRH{byogg^Au7t2F7<wAOAmzjKMK!@4{c5rF=UTp{rju
zaGQf$EXwd?ixkf7HId@v1Pm1IbSc)!gw%@lB?iW9rE1(FT1uyH+`H*c_&?@4A)<1$
zgsUgePJ*yGOl$+s1GSchjQJ92;fnTNsCHIPkr9O3Zm;xlLk{jf_nnN9w_$m+0CO=e
zyIWWfD4XxNjYWq)RM`L%g{!L}SlNdC!z7h(%&(~bnWr$29X$A~HWK&7_<(A${Dj{r
z5vV#6|CM5xY|M0Alef;*2@fU*w@ng9r4Yw-UV7%I4bvS^q1MzG*~7ilr43!O`SYrA
z(43)q=;%CWA~+hgv%NDS8yJ!S&TZs;wLy~NpYlv%WBOrd&8}zbBFbmFv@o${sT-PI
z#o=2gCkic@>W00SJal#9L7Gf{>@?p)IYM-_giH9#FD43nLR^;y%kgrvXm;vXoZV=L
zVpVF!)^zNa&F9247>(|sep&Le(aa1fmP#vbz7I4jV2#n}t8G8<xW)FH!Xp*C)W7=v
z%k+GK7T7mOSh{J)Is6iHKon}`0QvYhW+W~D*s+MP{CpZ;I=+7TqhtA^0>h)?Zm*};
z=1+e#ym}%)wt>Qu`6Dc?9)MhJyh*N`2d6dOe>ARU5Seo^C2HF7k9{rl4aj{~qC$Xe
zLuMWDmrnIK1N!V`CTjZPkF5+?41fd&mlXa{A}J;QWiC`WXEMwA(<c^~_QzZZdvUfq
zhIaR8F`JSp{%2$tn*9GWvS_s4<?h&RiS>Qew|>tq^S|k$MC%|yFNIvd&1l+fHAkTF
zVYO9a`j4;)yz+wuYJjN6C!_nupLhyQQRp@arCn5-Z?b3qZ~3B`{Xo-oF$ghg@eg9u
z>^EX`iHP=($P9Qb0ls9hw)r2iRfG%VvIG#Lxj7{Wf7q|5c)t;&(MJ>6e@>~0=HH0X
zc@Ih4zvmw>D8CV-g<kGBf2I*%5&*2?2M_aFgTJmf<T(&x^iWNG;cv?8|JDLP7u)>*
zA!1aak<RsCb4_^WW@)1@hIGpdJCDARZMg&_r=j`$f8Tg`9mj3_M|Y%qKqR;$6~P^w
z21FiMXBxJ4Qt>s1$ws9S{Rg_2PeJG3%B9Ju+wf_4OL5gIbPDQp__Dx_i~GH9Y+~7f
zMl@M*Mv#h!Q+Fs(fk`XJ86H>A7^O8<#B6Hp15`+gW^q~fZgToQ;->i~BP1)PiP5U8
zal`J1qgGM?Pm=VAg-PniQTP4?n~>?p%Kw2v8r|}@{#a!Vc#rfms^2{3;?n9d=zPt1
zY->4qRgrBm4*}P5LoOp?u`6n^3l46WD*{A_oU}m63+#Uz<woUFgrv%*6cixJB!VS*
z{Q)LV%J%s}mSbjUXn8Ru)W?7Dbn)=G$Z=U`I5mm0>Ef0Va5f%NlFaaY(b{uK_br<T
z@)4I?VUCt>cxx@^;)1V_1c6x*MO%JZ*HsAD@H{n(%f!kRF8dbG#|JupyIw5qmKmfq
zf4KYJA^xsE;fRZ%a76EO_C1&gqEiD{&ulBFT_7;BQ|&A}sBn%OVRJ{VA|Z#WsV<H2
zmF*}Vf}D?b>v}ub?NS4-z5T^bnHCC*!e7CN{;S11FMQUw>y~S{H|>%U2^A(0L&V`D
zU!I8=1hL2SK;u?UZvcIf&<KY{PBa;k8TbhXk_X`Ni>I{Bi&g4lX|~wpEb8q%Yx6c0
zx&YXfj-DDnQC&w}eXA!Eik6)hHiW%}s9)MSb<MNBTac5c{UJ_?nD|D)2)Qp&uQP$f
zIE8O~!tan?Ldtd8WV`s1DQ6u0ze%<n<7+AbFSmCxFQDL3UT{VNxyAId9a132KKD{K
z;J(vJo1Pwr-yB+y8_3A|R^)ink^Mw8LE)pD%<Gma-N*oSL&&B{Zus(J<sGb`Fuwbn
z%qJM1+!if%`Pk{SyupOpU+<b6(!}COJyc((qkQnVJ}RK|3PBDG|M7#p*5(@V>R|Z`
zKphqCi_XYY5Psmi9Y~|5KzO#J3G(*weXm9-1(rh|njZ}H;fy56Om!3saD{Mcq27Nd
zTceC$t&!2HLnR+Aa>V$sGCEEkg)jKYQkA{5ktf-Cphfj7pUw*>5D69K&xa$%2X#Jo
z9>tbr;O~xzBlv)bm-|KdUZH&#t|k!*6VfbsvdC;cP(iua73JF#iP6Ae43$dw+e@3A
zw%P%U`1kTp?7B#5BPt8QE&(0ov<HP2Exkbb7sbE!)ocQ_j{o}vkEmW~*^S!<d$U_#
z-EqP|_om|~%F8AQ8rSBZ6*krc;(BzbAnYq~Jzy=By@l0yk>K#QJ6r95=%u7b*k4j%
zF|q`s`PeIyF6h-*gGn4C3P!0j&oVjK=9g3G^D8=zRm!ATrHo0(K+t1<kTay+<?VWG
zyd``8lPC@it!gJp*Hm>xki|@^@E$<TZ3a4Mt+iP4bki2j9Wf<CVhD18{6fVGa)dli
zz1~8}rQWyAR%B5xcChfLMx9z|$y1w2w2AykK<}YKx(^Sj&U|g$3qSKVZLS3Kj-pXp
zqjIY>6}6>1D5sYVwz)Fd^}~ly1Uv;P_s88T>92{4KaOT;(bxjFvq;6Mtdo^%+{dg?
z8ta3@(2{LN{77Mw#}|KYY?;**7hdAA7?r~=lV)id`!{=T6|28O{EiGQ=!@gO`d~PO
zS`459%hWHhX|-F!$)j=J1Id}XAG7$D-^Pmy-d~!VFHgcvhEgb03uv%-Fx@3kZ&2<W
zLq<eo2fdbG74Pc#*k~w|=r$955{W%Nw(HA)X1ij8|B<P!U30$HlHCm4(n`Hs05^rj
zF}=yg{I2*@jmcBK-Inw5vQ&g>X~IhD6U<MYh1Df}-yQ_m8(Xs%0-8k2u&~<@!kE!<
zHzl~{5nW_*NI%j=FkDrd%p^Y}$b&rU87|kkizRQ1Gg;w#N_}6_A@{E==BN$de%|g%
zR|anmCaBbC@9;QA*&Eu=6v@D&d>tJZZqq$MF3w+kIAP0Iv1AVy1@mCkmoXb>up$lz
zVy1M|$yW0vQaMm!7!v{Xu8@++Pywm95AiBkad(7>@SN^|P=mwAf&e)k=}#K2Io63o
zRj-ytyfCTPh3z+jWdx5jo24|EOmi8VIo!`T=`{uu>n;m{Ggpq{y2fG;dje?Yu_~c3
zkdUL523^`Yn<OwMKT+c?q{=bn#L&bM^CpWF6-C)B4aXPi9NBeR+;z_Bb?${dCm4P>
z+bsAO-zIEGRJ@_BmcFEG4Ey{>#z$?}WwO}O_PtIs<tMYL$gl4t4jJs-J?2(aC&8@Y
z=7{;tgj9W8zUN9%W$GbmL}qHwvlQ89s_703{+!$QmH8-4E5sif<YbWXsMvc?p)&9m
z5y2jno+C5Q@9-8{cka8%m&d^*CdJ;%z0GE?UpD|1N8VnkedJ^)0nw$#?aB~Ef7(IM
z<|%lU8^*w3JjVz(ywuwCjr>XN*B%jwwqM}3SEeZ<iQhgRHJfGm2S$Zu%CTD|Y#c&K
zZH7W=QNr7h5>dxd$<QuazjIT#3kd3)kJ1}04ywijA1Qz4r~?<Y>#Rk?ZaH&T(X6we
zJz9R?_3F*P-jAmq@E@JDzdB6k`6Px>+D_-Qycl;gr9D}k#7`!X+I_wl)F!UGtc&<f
z_!Yf>WoBSJ%n0$|W5+MmpF)_^;T(@IFrBz@M1r2-g!HWj5-~uFHZmOeb#;qO5VwoX
zM7a((99j}L5K=@IPk(Yyt{%CmR<51&UZq$B2n&vXj*=J0@m9$C#$=j}PAFH<zUQcZ
zp*hmIOIC!4K=#=s>4*7p;Q5wY574Z@MYJkt;DbMhB3n83^YhdVZ?3J&d#z$f>lbGv
z02oarlYuFnqDG4m%R12YPKRFUQ_<@qWD|RzHh07|E0!z6ATL)`*^iBx-C?L)101Nd
z6v(KyGY?uH1kh@8ZZY^x{2}4+M77V3C{HgT!Sl^i=#-npRNkwQ3<e_p@Z<JR*p=>@
zU9@H`XtG>DgsArQtprOlS}d6P5U|?u^xZIpRBQIa*OPj<{yGk$8l4!(*Su^qcg!6a
zX?v86arGPZIEBe>AVs0WG3zo4Mk1*wh`_&1T(Mk;(rn$Kk3gKzQ`9}2D%I5(Tm%4_
zXzV|Aoolfio(_YfmUx=lU)?|=zco~YgPn$M8#H)8)W`3vR!e#4td4M`39bxn2QR>E
zlC9+693p=?jGX9;Pz#NRGy%vpXFjj#NPZ{U<AL2UZ%o_+DApW@tpUaTNrQQfk3)bi
z@)d~QldH9u3M-v`@kk%5BW@>dJ`<j=vtAJ4jwwbC$^SxS1bs#?goca85uY%UF+9J4
zBKd^}+fvl_^C$m6Ib8C2C@D2XM7Eet$nd2lXUMX*&nk&)gnXXwa1$J=p%FWWjbR6t
zbrvEr@PJ&zm1YU_fw)}YP5@H%USh-0G>-#+GVkr^$&LCFq`9Kf(&3O|p!Lkfaaukb
zGVaY(C{08|g#_1~MO3IGPrpTYqnQ|g$mXJPQMOZlE1Sd<^!6c`;sk&s543{cb`pEW
zGDnX_w_sbk1oFZaxek`8+cl6JYJ|!zl+QEo)fTG}pJq^-I-}$Q{rSipHs?7WfhJZo
zBxV~089rHoo-gOEICUI>@@Wjl7{;cSy$cCZ9x=01jzH4X-01eAi?BCc)ebnhi&bzn
zUru@Y(qXfJ%*fW-R}{>lnFX`?RQ>rHhpgN3s`f5Nm=(Tj2I-6@`Nt)Mm11fP$U~2I
zj>?c%9?-ItCP)V;(z}(gGMkLbSG01Dt|ze04PDt_etHag1g6(lplEs;SXY{ELY{g#
zK0dyL;&Qp_k3WS31!J`_L$mN;Efa?YNBael*U4p2v(I4s@lq!JH8?^JXM5)5jP@rF
zh*Uf#^w@T>5b(%dZo?ifER9{KVE9a>U7atzW5o_lS46!+qH~j{-iO(-ZB;f{w4cU&
z%<h5)S~74W*dUM0IxYn|sksY7WE@u!Qq~y2jH*Yg^kROAu^(o$rwmIs4U6A0vU}aJ
zp5SFj0wu6`iKzx@<#N)ECf&0A%dP1nD})asX|qeGa9V7dpY~*eUT+&Q+nY3wbavny
zn7Tk;?}?LlS5>{|vTi!?=x*1Y3}a_zGn<wj{59H79QRDs(&O#=_~vLW2%iRGb`Vyx
z%`Kuine{lJ1CbVQZ}t-7y8)RjDKd+p`WIiQbP4JPcjq&!p){uS#w%ROtCX5-5x_w`
zB5REo5w@BnIGLvRg!|Z`uJKN=P;QeKp?-&m=cYyDp_e*_2-e9;HIU6#n}rnmI)Nu~
zxk{p1ul<9!mXUY8y#&}(4)D4`gj`>2c^FMoQF}d-%o^3`e6(M<dkiVmti$c$h*bk)
zl+cCJNv`o-<T&}U?@r847%k*9*cNXmKHE&}CJ-eOzT#4Vat`I30Yyv<1Sjq2vl3@W
zB9}|&=@g0lUI;TI4j2zem4nFLnZG)xQR~z61|Ftjrdg_aa^D05LD#U#!Bv>Mx%FI`
zjmKClq@Vjf++#jCA4xx$LA2^yl~<G2BV{J_vNU)&SD_K!^tge&YW1VO_L}8&>F;}n
zu8HZ%`%01t`{)SCGu{2-rpCAe&SC@W0BiRsfV}w<j2trRNY*}9!3`G8G`gw-XSZ3f
z-U3q&yY2aS2penr@rY~2Edd<Qx@mo(A)^r1t_Hp&u;A@f9k2Dwl2=dk6)zB6h`;qK
zmRl9p-erW2jkA$t6$iVnJg}+cnnee=j7h{-gT}kTpaMBO*G8cQ5-YQtxOH$w`GNOD
zCUA7a1>O)NFB4-3OFyP83F&W`!tSUNat!W`_7V?9CD;t?D*)f|77R$j4jqDhEC}L|
z-WI#)m1(c7o<>mOg5>mWZEYnPjVj`0TjAJ}`LpclGrh3BbB-|O229jK;#k>6Fi}Ww
zG!sY2Y99(e=yCY_JBjK@PBSppkq1XBqh7HKVb36+stRdr<^U|Xp&7^jEJcjWUdMP@
zddJv_eblLq=r4xYS$mgciKieAiUj^^=Z;_>sgrMcz15~;M?O9;tP11=w+B005AKe3
zrai5%LhMcFSZsiYJS+UYd=KdEcHHrf$DmPfCp50|xtZnag~z0m|M@kqOoGt?(E#Cv
z%{g6|61Qxzk$cI?lle~nt&rZoHwZWgIG}-NIr=l(cMy~mA}CWXd9t=LMAeGL2=C<x
zpgGav`s47MI($3PCYYh{=9Zz~={NayH8_rl$1|u`CpnUVT8qT8UQDWg-!ro^dZ5y^
z2va@)kVz9Kf84@r-=4l{%{bbZ`Z#Ru^{fIrRjL^_Z8urbSZm>WdE__&ogR|Y=bg9U
zax6*X90>TD*M6A;$evtjHoeja3$6TS?ARr*uwf3FrZLXv*ymFjZ;|}2A6N0f0b9Kj
zBeGGRm5U`uFdm4TJECU-BZz-aSJ8kqe>{ZbxVQUe+t=4k#eDQN!+hRPIAm}9<Xg_v
z_I8DEw#rDu_~0Ep+#18p@r$230)b#idT)p`-HvBVQdfdM(>V!bhR{{q>E0xtFkjp%
zJwPPN^X?KG1Hd{w#omDd0Yv(5V8^Od%a>Lac$HxNJ|Y|ZLQi6xTl!WQJ)uIFp8pd2
zjC{HYh<NGFd0W7~5@C?8R&nxT#1Kzc27ms{eRGI*Q~?FUAPCz_&oPe%uD<Fy)fk0J
zX-wRw&}%A(qENyn-X`=J2{xuDqclsYU_`Q}3K(Ve*CR)GEalUSI0}767iNEXjD^TO
zG@<>`*j*zV`#!#=I&eXN)2#XegSOxTlWyGO8R6Z)6krt0MLHe7EpxwAOpr!(+B}Qx
zyTpgL5Me9Pprv7m+=CJ4-{!~mv8cA|c)Xlq=O)`Mx=;s#3(X2~Io6Y=gw77mRtn#U
z%PsW#DI<e&3tQ*w0?sc0KxwYg*!h%`Ut2*`CSE*s92wwT9O)329*tRSa2TiWlat(}
zxdbSsP!~J#u%^hj)O=6Ukf`^sT4DW?(idvImnRTUx*~a9g%&Nk?|K1_5kKm>!_Dz{
zbTmLvIx?^ok03`N^NmDD+i_%;)sJLcYVwJB<gl_l{^rOPZiu%FbA!*gO8;b^#JAy*
z!UTlfLl|gPA#1elNrm^hviTHbnf?0UNN0Kv#Eoqa5^9T$4pXbqi0|A1;^CIxnc+4y
zUx;*z%Sa3BP)AKV=rK|%*6xT-rHVwlo#b)3i?U>Jaq^jO33er6x$#LWtT_k{7cwh6
zaU?U%<2pR^V73u^2u_#89C>wbc6=;DIQZFp{oRxOU3hL6O=L|MKR%iPdDtTbXA?~;
z!V<+dWGiBB7yHZ7KEvSN!04V=LT)5@`=v3M5)A^;5=UwU81Ru|Z&^rb_*m~7do?vO
z%JBh6Y2as2exBbFOu<J%@HI<zRmj%FCNu1--Pz!9jQ1ZHx&m5X);{C;@HwXrZMbaW
zRpp_GY%GkP^rv(w8hZMivo5~s<FK+&Koqxtg@*}j4TO57j<`FQ#Cma1W28n2NQm8?
z`%)I2W2=%F)HI9}zvAADwQl`N+;^zy^5}gO1yn=ouuZ7a0f(BhQasu+mv7hKsnCwU
z+N1)3g~)No{gG%lRTg>YlfZQDKB~)F6Au1O_u_FE@yE4<MBHX&*H<U7Er5HGc^g`4
ziK{{_7S_1_Wq4~efA55t--W;G0Bi&k<8!E`jT)cbyp@Ig3xWogtA$L}dHD`#62Ofj
zFY}1Kgh`KxbQfB?2WMpxGJ+CYN$uYo&wo<#HOf6xI3#AgpZJMm+JR?m{N0xq0q$Tn
zbp{^-f8QVz3)o~D78<jwA2v$~3^_pALxQa{vU4YlFpvWBU7$v>vH{8%(T5ZMC}Z8y
z$`~N6@W#T1%kkJV@U(C=)xcY(-*cvLo!Xi+=4x|~84r=Q0+yn?F_?Y@pIDWJ2A#o3
ztwdR{M&h>ZWF-d6`7*`!#%}R|(DjV*8{ms;=Rrm{veNyTM5^6v-NbivTHfpL+#j;B
zs}eo7T<M(#I|cMU$O2`BxDQSyXXsg<WrU1%1&H2R126J-&`pjgG<NMVV~+*ZqtFIO
z?Gm~iw+z9sME(x|qm<J!rJk@7#3-c!7^P5P7*Li?^*69v;aJy1i?*OQ)2%I0rVw!4
z`T|O+gmMDNe<ZPg5}XJeZE_|Z%<za}*T4?{mHeI9Y$)>$-U%)^i`wv^6OgbuFpzH}
zkM~R=E`<*OO35NH@}Z>ozSK_v_^9USTE&+i2SLU!OF=b$-kDQEP2HVfI9!2n{imlj
zC6)IHZ43wG>z|8t?h&``pCl+Wx||4rNq7cOMX?a{aGKuDBGzs5jx`D}T|+Q6NX%UE
z<8AuzxChoHuGGp?5n4nL5zN!zD4{i4-_qP7l4)RsZ>TSP(01blW@vz>AI3_ejiWca
zrqgUk>|T9+V94l~zf>kn-Lc1Lc|)|yWxN<-h?2x(*_!KiP9Xy#^WO?En#bVrOBk9g
zOm%^mzD{ZNaJHb1Akl}398Tq>?;&>bS>;7RZXVt$JpytPgS<_vAFpkN=d91`)Fo1X
zL71wW>kD@HBPXE$b3l2LZ_d_Fd`2@-jB=f!ryG;cAl=s|&2cbUbZP+OV&G2}^at*c
zXq*#OEvtbm3fUyGeAnAPm}-q>e8C)lBuxKTO_ls>QQ8bL!WZ936O~}R7!rhY$>Usy
zt&`cSs7+F~hx{j3D$>n>Sda%%EK9LvK_vdm$}zN$_MbcVRJtWgv!G=&NIPd?AAYG-
zg!d)_b+CcKvpgk0QM~PmIpuq$pAvfK+5YSi`E%h{N-w1B7Synu6?%P#$!@||TVo8(
ztJKxJOV)>@>W|?(bnKpcv$%E#)A-kIGjS#ZRrKDsi7#WJel1&3zEz&|vE(v_N1aD^
z9bMvP1BZ7&OrfF1Ooc}Nj;NN&Hi{~&x@0A0$B#wJxCoc17<~d{q}D1uowFY9Z(X|3
z)ach#L>@SUHjYi_>NN&gfM>BXo01AVyxj-FkFv$^x-|F=u@NLf^yv<nRKl(XD`C!&
zes#Q~wxyX05MOZ<N)L;XIQc>gzC7BWE=uTZ6cy>SxI-cL9DdrEq{IC|SZlbd=xBh;
zD2S1(6n;1<!LkOOKHa7M`*fp1gKdI|aV$wSvO(%J(>C4>c*V(@DXb>5^QBgwzS?ly
z5AON+zI9}4&4=$LCFa0G=JXMCv)nbP4HW$~ngpIZh<<I~Ue>-|3H=$H$wL})gTL=K
zdcaqF{ykU&joC0^3z1#GBFU+Ndhzd7tML7>(AKAAxU2BrZOQ#vH#7>iI}tf1N}p2h
z&w#c4B2b_ddA&HEUoIx{ycjfw1-7b%9EvW)Q|FuI`TPH%q3sA7u+@x$ro86&e>Q>v
zY4})OV({CvxX_uJ{?8x6eJvpkMbOy!>>Rr(-k%jo{4+=uKsm+p!@4_sKikD#jIg$-
zos#2-t)vR7v-}=E1KSQ3h)kNu3c~fXW^vd_S%1IOkgEI7@1iFGXC&_itE(mokyq<@
zBH;_>GWlz0>$gjUoFjzyh8zC8AKHNBrhmXJ{m*xvW)mTA2;m9f9^szlgGOwB51HGU
zAq|6&*>UPnw#(Jox3sq`8~<5_gcw+5@qJ?14*j^yXw^TzZA_3zET~?^EXC0=a#+76
z`rj)U0V|Z+M+5QI_Pal0PfudnKClb-{e4g~VMU-oCnZ<{*7mmZguhwt$H@}wPj}_N
z#?YYC$PU}x55V^^Y@%tpsG>0yI&aUGDof`6b8z&LL%-M-qzu~!68SvdhP}3<ru<$0
z{k?>%uRtWcJ(BAr$-h<z@O^EME6?)JNZXYFbZQrGdoy6#<HY|Q2%<V7Wa>ayD=^`^
zzo!85km(eVhSH%W*H1jW<O3yt{Y(KX5u#pTIY?nQ#Xq|ZET<gGFXtlVrt;?_8sKvL
z;hR<PXFq_8%=h)#&Ylfb#h;ISp}^4BF&HkD|6H4{>B#cL1YItc2iLZH4}{)t>85>J
zgZ%SHyvXqYy(f@>&+}G#K3paW@9~Uc9`(D9I+w>YxK}G#pv|)zHCxqf#txKi0*~wJ
z{hZMAlE=;S1;_3ybiY|&V9RF9K?!N@3P~1Mn>$)fV6{inF^KrjR0CyK@K~Y~JJ3=s
zIv#B~BW<t49B`*!W70p#mNi{wWpC*f_!}21ZrpH>hONkIMYwvl+P)yM9BlMB?L;5!
z0t3Vq%r|0ksq6Ml!%!mtgz)LneVu)$6m|v}_vY9<LA>+oE0^CNb$pcu_?v_pY=v()
zk7F9-yk!<dC^1t|fh0-+!f1HZR(>qpUHvlIoNbie^PRF#c+5ynpQ3@uR&gJ3omB1n
z4JPyw_1J+KPik#<WqQCwB!=&SkiFhoyE$hunGFHNC60`}fqYm+>Qh{EU@a8bd#_w1
zE8Izf4(JJakp_DMa`;=oBR=^3<YkUh0qHWoI596UbMyOv0vvHFo^odTi@<AN)+GSd
zp%}n!IRQ*jezvJlG<rQm=Zu$W{n!Jf-Dpcka2Y7KVHQJqLd_pe>F@Zx9}^+Ec%0vU
zv79b1yX2M|R<*{pX0u%ha6WlRpRcu&6n?nQ1SpWPdK1%Y_rmz5N9f5-dnfl%DGmhR
zy)XqijNX(lANX`$(LF!IEY;tcVyz@NODD&hrfS`ZHTB6olRxRBK=QrulZ%T&TxxRB
zyM3=)gUsqt;P?2rKjpw;JX6OEy?O-L7ZB5*>pgq?AWoYc+1J;hJEt_HYU>PcczmfQ
zi~gnXjaF??6e*vPOlGMt_t6VJLVjIx9EHWXasmrt6oy!SoMQ8j?;PF#gbQSxE{LS#
zL+1|zN$bXk+c@wI+eb|k)3(mQM8<aFbL-OXey!zXou!`tCrB1<S2$YTs$e(Im~Cks
z@g!!G&poughbK4WWD;K!d!c18bz8aZLKDihrEI6m1?Q?;J~oc!0JoC}iXT=C1%ary
zk;>V}pI^th5%%Hb>|2`69&@oTH{|#yN-CPA0Ye$NnHW*Vqnr8lracG?$_Ntok~61n
z+n&e;VR80Hjb0t`-;y3JHTosj9Mc%rmFkes#UHR_<IPnoo<<7HSKIP`+T#u+Qf_W(
zDf(3HQmA(mUE?)Fz~%f18HF=H(xG;&%_++L`sw+VO1XRjxR^|)9G?z7{Aa*<Fjkt$
z7{?^)kZ$$xA8}9d2C>Y1KNV`6ouyvFNL+p?c?zL~E+#+Cp&~w4ZpKHJv)VK#GbZ?p
zoS$c%XU>ob4W0n<hkvVku6GtFnV@82b2PCqBF8yKQ|Y89#yrU{{>#>vKYBIF6rqY=
zdJoo$8!Q%1Z5U>2jqz2=W)daQsf8*rUM)D}Ny+y(RE*8Go8$4bBO(xvO5F#@+s?EQ
z26?;quJ>G!w>8$f;dwQDz<aOV8ocVhf5^E;`tgZk?Y5&Q00s#wr<tYDMQtou28?Eq
z$jVZsLP!)IGZzxC9P{SaD7MW7pO$c{`PMvw1JV~n%W&p~&Q}p*<z6A<Nsc>I-jA-6
zb)ri9Qw_BIT3JrFyNo!~Z4|7w<MPQD#(2e()-;;ew@4vCbAI&Ci`hzVe907Y)(b7)
zXuK!Uf$XxFU<4ww6C*5co}G&3)BwzmvQ&);OW-*i3JzWzCJsiklO03Iiy;{C(`zAm
ziOE3NjDX7_j-u)x^=>sVf5CATRx*(RY$%OKHyU|cAuki#(U^oEwK1N-O}EuSh2|BE
z25bP40D@q^|E_%3Ur}yETxoXw@tjtzS7CSw4g*sZ9zC-?CV0ZOV8pKNATJz$1r#Da
z24=9m(z?VY|IL|p4?q$*9nB*oGrae$3=PAiCy+_z9MSnv<2l8pS?#S<?*P>P^F*mt
zf7z})2iPn?pFl&9(%8QQU!QdNHzXv+_}res(x$P;w?7<08Gxg5bmCVU^nfR0bBI+2
z=bM|2xI7f~a3k#H_=1sBEi#&qzjL6EJsXo$tI+%QOVo2^6~mXR>1GuPFQQEjV=%X9
zLtL|D^pAWu_3D9EpAjVARfYMNp9XD#l_vuEF=rh9MKaaoEXLEGDBW1hg{bt92*w^%
z@LL04(h&JRk+vx0g!62mTeis1a$RP|4?;Zi=Sn6C6~|F(ChpG^NdV*B9HX}M%qmjo
zpF$lq1)x`GC>J<=DLDZus!;rUm2fV@1RMs9ghFL4#pd<iyfD%b#eHR}BEz|HCO;d%
z(p|2LkP`SmYIkr|zqPxBd{W+^{5I-KZi}e~b|An|S-O-#rPB)j{Q7%aSs?`Q-V^rT
z8P<EVb0V9-LIrhsKpcS*7r+MP-y4@&hBzz2Hc4_Bp#A~#`X{|{sSkrW`-Lr$M67EE
z7y{zQKK9dr1lEX6)8V);O!;yYJ4afr;@r+5;VIzW-nMm4^*KW&m=WY=v^QJRwy>>^
z$Qb0jTy<If^Ul4mu5_t2q*+dzXx^y#)JX)oNlXt%V7%Wwz4LA~U=IH-uSX(IGb^NF
zhr6bcC2ekTW<&ZjVju%V%SOone{7EX*3<D-ZaVa?SqxpTSRpUlTFJIqH$I_EQ>y94
zTQ1|w<R?&63Z7VIu1Z=!42Ufl?$3Vfc6YIz-(0bstvd8bC9(c4!Ib*Z>-7BEp&otI
z7MPr3=R`evddn@4OXp)>V2o=zqqM|v#-84Huaih7zkBrWab`#cDXd>e^!XPSlmYua
z+tGY&EW?+EoH!~a#k=#?<M5sje1SKoYh7^S!a#Z`i`6WH<K7tx+C+Fvfzs+FXSTJ;
zFP!a#fNRwLrojakTcNx2=5;fAI(YZbXY?;y{Z;%OVidv*ML0O)Ke*#*Rs8FGnnDsz
z#j^G;{LL?ldknveVJGGu7#Gv^WZ`$x9G|F-5T{1v1Cx9txzRA`>NpMsA#rT+>@CRT
znT4xP4B8LD<QC#*8jfs$2AOz*F;jlaW;}$_S@4g3mmT`9%X&3BQ;=(dfz3s0XzzHw
zuB)AfNFN90Fa1vHGZ9}(Eg?rKQ9D~m&x~ac_7*Q0O)ekSVu(Xqs?xn#d%neOdsU2Y
zA<3sh&d=j{GQwRj*A6U6ahOi5C2APVH^WO0-RR%HEl~w)8z8gW%-#-OgxQ0;ys1WR
z5*DbWyfsE#(0T=roL(`%h`Eb-y;LBTqPa+19}M*os4Botf9`#JG#G)vKo5f7F4$;G
z%k~B%g-d|Ecme+u2P!~Xz}9DAXVm>L>|uJZR!);Ai=Uq+Iz99=mco1@|4O+;HLV{w
zExG{fQWRpP@l(mAZ6H^T!(+D4s8HrqyU!aLE9q5bO+Ftk%NTJ=(esbZYexv*Wz$d1
zyF{Aw_axI-s|PlN|D)VxMHyVE+f26$&NjReoNKc5IEytBzqm?aFA_@n8po*wjl;O@
zvo0Q#z-@3YeV-)r4Z_{YFzS2#X_!Q{D+(ddzg(4gX|P^HY9zaS+oMJUYZ>kgjW8tX
zoYGW!H|?nASs+bd0_fbdm_4&65nfQUAEDP$Qtbns4~Nv7NDn1G^cdM(rMLac9<yFB
z4v=GBt%iPSa4?~uufvf}X%Pr4Z*o6Aueivs1RA~ipTll6Vnd`L14Y4iM;3liq0qOc
z77_D%%&Pf$VWH15ee^=qG5DN@nYGuzbC1kE_>W3Q98a$lUK!d|4fVo%O$E~F2Jb;S
z-I81?S40_wM~`%RzycHQ^7-a4naTAtQ0s8lwWBe)8GJuIUByqD_(CtzC$z?++oB4o
zs|?wxEQ}=fvfANwes-2cqw&4|DV|<0T{eU7NU-FkO*FF38h!Ocz-h2EfsQ{>A2}=R
z(r5gp!Yz*|V~3LK{I<k^sC=+k?#FJQD&I~^ftcBv(4V8x%eLbmJi`E?E)KyGc{sST
z;kC&UNwa~4)hLU_TuqgkWYH}6cYSvvW5ZbT{WaG55*o-#Y{XbcBQ}a08eItg71Rot
zsS@=3s+792zDCv(1-RuUUiWq7`|0!dUuvb5hjq@Pg1~NX9S)o|)F;=x^@gsPYWK%e
z_^>ehJ4vg>m-J292Y0?GI4wk%%4|mI%hU_B@=RuGaHBM`&si(R%dEb{RXXCP{9HZo
zSvt`fv#D~W*2ykpX|XdwmeFUAX6}G`B{imX*w^Q1N~VS-aFNb!+|1Ji66o$CROJDI
zZnpF}oQ5x;f!<0P4^ZglK1Dy_p}DPqA5)v@SI`+U`hLoE?lQTY%cnQ)B3lHzz@S50
zaeoy9Ri2R__1G=LU~~S)U+cFDlN}<E+T=pmSiLX#tJ*{+r(CDWeNjq&^qs{_d5*PP
z;z8t3MDfE>*#w$ws>!-@{ttl|#|H;e$cw%2!k?qe@jD+iQ099M_`=ZUV&L7vP{k%Q
zOP?SxoAZs?pfxV+yrbB8$v~3byC|N?fCC6VNmKs>50GH@%ZLV=ey4d?8>EmCHkXIM
zttfR`YU=9Ri=sKJQ50J@S&nROv_4;L($C?UjF*agj>6#nI)ptA0HVF;jl<+{JQ#=)
zdF^Ru+1BH*u%TzIkq*-^UzvelRsQHYo)h9r=Uv<=Ep1qs62}G=1zgzx^Pj8_+ft7w
z^+KIB8u=;=d+V7gRr3%m@ufDLU7S5dy8<*$Gc{PWr`ht~LLQpse;4v1W)gYw3hR!{
zn~smEol8&FZf=h#_0kvVf;b@AwHZdfl61Yo#nwUD7gc5dZaSipk_>8_8WUa(LS08*
z9PP~t+ko*WdSMT&XDRo23q}EnF_Lr`m;LScd{u<d?*-xoT3cu4?GNc!z&{C5S&?!f
HegFRpe-NrD

literal 0
HcmV?d00001

diff --git a/scripts/automation/Radius/images/create_task.png b/scripts/automation/Radius/images/create_task.png
new file mode 100644
index 0000000000000000000000000000000000000000..22c8bed99655862b70a37172a62561ddb0c7f172
GIT binary patch
literal 44804
zcmZU41zc3m7cV6tN{4iblz=oW-6ajutV(xxOE*Zjbb~Z3B_T+|(%s#;z!GouSO51O
zpS$ek&YUxI&dfdY{hk@Zloh34J|}(-2M703Rz^Y<4i3Q!4i0_|6&d#A^1<)}9NhC<
zb8&HHS#fbnWd~amb1P#wIGM1-BoyWNIRd|vry?F5F?v-oTd*!1Lk<d7EC#n24rKxs
zg6NOvx0OG1u(07tKwvyQbV_asJoE^^@TF(kc$3c6AG^<eKBBfjx7&D5jBG}Dc7!1b
z{E!h+IC`UKnFNGE_*ljvypWqFj@(?sS4}E@@cVv&_jSCBFR+<-dEqG8%br+HP~bQV
zY||8f-a$^DG&bGuU$DR_zw5GZePP4cMHhROz=UIp;8!Yk2w-BDR9lRGrx1x3dRoDt
zn6fs`5S_lpIwACliX84+T;-_|hI9rToc7CVj+!Pk8PaovK;}RJf2_3<4}Dd&2{%*<
zsadQuY$^f#Y$8Z9FPd)z5nWXO+G`p2!esMK&*$tC3>g_u7rc*+`Gqnjj=MAw8T8jL
zMeANTn7GDI+!wr!M1PTH3~xK{n}$o<zE(Rld>Wc+Ox`yE1o6<m`<S%xY}v{@<Gsu5
z+Y63XF;ndf0_tIW*6WYM?9u|snqNs->gmqsz&FidpW<pWXhTsmwjwu`pZF*+OZ4BO
z#Z8YA-ZhPGT_s&-rJW`FJhR$c9_o1qG(X8`zPlBh)*FhXH@6mOFPh0vYMKNl?6C~f
z%AqCQU8s5GUq_ZJ?=8RI6dO5unUwVjr;pVwNtFIO@`oR|@BEp+!%@a(XYx%2N~h6F
zzm<_0GWs4n^V9TukY4TW3np|X61c+U{UHrE`D~v6tcUpw>wQIzIGNb#j3{}yRnGJF
z&BSdh5W*&L3F6peG!wSz@a&kH?<*0c8b4%pKjbm^;2(G;qZqvKJgd*{MX*p2$3GIS
zevycM-t+O9*0bpV1ZAX#FJ#{k4xgcjF!Lfr`xDq9>%k>=I**~-1fYDxiu5D=NZN`L
zkA<{G`CKAMol-#tlik0Z^35iKyC}ReD&EVVVra2gUq#Bky;R0lN6-*~<^XmHck!Iy
zLC>#5A>XLXUU(pS2dlgzD(u|<E@Xwl@rmFNGo({~4T+a*B<Nyo*p5%{B}H)h8v3d8
z4YvSlhaa6XoTS*eiVnRR9`2U^bFrV_)>S@F601{{zR-xWkf_fADf6fV6ekxenY~R5
zH~FS8u4o2y;!TTCl&%sb%wrm>-!*ZfyL;n-Dj5A3obz$=-J4g^FGz5MWPg<Z!23Ax
zF612@Tk^X`HkuTO*4w0Lt{?M;-qqu?uMg#{*j#uT&=#VPx-kst?07Stk09+tqIcQb
zr8XffvMhdDbk`HML4sf_by==goG#zIYQ@S9VeOvT7+r&&jh@CM@qHohjKh*x#dbi|
zMMXig4kQW0?s~0~WhUbECKx+D^dM}jM{1pRU3^^^CoEsVfs&aTP3AymD?cxvDW3{V
zSA#H@awuvbmK4hqZ~5zJ({r;C@4005x>Q(>kt(;^K0P5r3<HI6F}n%76;alZPO4n0
zNvcn(W(|_Ipmx$B`<&h!``ktij}dSHd-HNjV3XIua+7gOv41HpJ+^2-cL1foXn=5V
zW)PT2q49%Zm&uLc6z?1#gI-VlRbg&1Kpm4Y8RYK~>k$SJ>ju9tv(mw-2z3dZ7AMhE
zSFTfuR37?Jt}al<D<eIAwP)q=+#CJjmABucwyb_wL67Eq{$%lF)upI=R!urPuvxiT
z_O{{N6hAmTS*~V)JCPt!y3|a=a7wb2NgYybpz6&R!#!$F?rN~sYIt#6)@jjeL1n=-
zg;DHWrci8I3@whBbS(j@`<95#*iFcQ>8E&$*a~H*oW}9Yk}R@jyhfCbzQ1CKbdaJm
z)RR{j)RfPy2bM`&sxFA|>+vhK$U@^VR6<H{tJF#-ayTl>N?Md%6Kw*Hy#>FJtFfxs
z78xWjqj)1e$UH>dG2i7O4<K6w=mj7LgaqS>Yj!(zTXgG6Y0(s_)QsEY85qvaPV<g8
zfp3D*tUjAkznilL^H6ZCd}_Dzxw_{sG*U}4PcjeKizQlm`{V6s`Om||=1TX-TkZ>%
z3tNH)0tNyUW^ye?tvl^)?FQ}kYW9Y89SxnOnnEp4-Ku(<dLL`U&)to4hK@5y7A<2g
zdDbCEn*5&p)%tl$DQ%VB<=%-8WN)H~hTfVO*#F>d;xBjR-8k(ZA7Ps~OWDX)EL7}Q
zyi&|Ve?f3cNUHblu>5Gqe)&XTx63Zfd2WY&w{&a3zQV<Oy>O$~k$>|#(zr+NGnq-7
zL!%vGOSaR~>e_DgeBKi7*4~Ep?%YPfD*my?+SRP?0)J;qr{`kdv}u7-3v2Jpifj4_
zSpy(_u+lIFItQ(|KDeZVhTLi12&28jz(T2G4kWx|UTi=8^v&SgyYIB9NYw!iD1y(q
zQ57+T+E82Q-Bh-6i>Q*Q%EUloB{_rQ2jVLs%^}uko>(@oSkO*FW23ZiR0z+gz#KKN
z9o`KHSU68!nN69AI$6G8c|*OeJk;~K>L))z%-d>x)$c|hOFF@a1)9kvEb`heF3pDy
zBj+2{DYL(3?`ByuC>6O(siVm>@p(qBR*yH^SDVk|+zq`<ebAn?TOGY*@6EnAc3lTn
zOU(4t^duu-iUzGZf3*cK=VSJZ_H*^Gs8Oq>sh*WomlOp)?=t#inkJ>=qLckgLY<QM
zz3cmxI3bp6LW%)D_9T-!6L4%!vF>O3TT%9et*;uXSN4)U;Tv=3b6tnWq#GFue4`F+
zj=lzA2L1YT)pC|ocN*el+GUU`|LLBJJ*~1@Zr`I{fNbabgRq16nWr?<IL)sR8}ZHH
z2Cu7o=i6@KoBJ_kN;OKBrrL4yjb(~);paYwb4G3EGljN6tzDLq1d_&*!0_guGd?x<
zCHF-q=^H!{tLlXsQzn-(yMrIxGuHLA=d{hV-3x>^wk*a81WD}+)n0v5?CCXa{9*jG
z{3wHn1G=tz$Mc{AdCAW|kK`Z&g^cy33K|qH7cP(!`-O=nO>f)r<xwaS^!OMux1v`8
z)OUgNq&)aB5rB=-;$!lt=PGlhJf2g<)s@ycA3Hw+fPz3C^>@rK?E>;Y9iD#eZj%;>
zspC%LKDN!}!6$nrO)H)KgaaM?!S-ZG)|c8xqO_Y?43HJno_)c!!x_`~y5U8GRO5B#
zIser7_N2>s-P~RphmI-ZC}Y-=L$n*q(<0=ed53OZ@`#o7wce{^t>v@T&yzoOGa~?=
zEVn?A!yNSdC(DPKTc#1s5k2QtkA30`ok8c8gW;uyB|6{whbyBPeWi<+P?Cx^j5cd;
z^t+L(mTO?sp8Lf)^L52RBcd(jWgzBaTkYn^s{ZoQxF-X|U}Y2}eEV@pe5kui+976u
zyiBn2ad@|}P_(79Ry<35Nl7eQ;MF!p$Bp0ygq7x2i9u;F%Ur08q@GxiV_R?<>UDMz
zN0>_(&x-yS`;@nzxK@Vi3woFnB<B)3*SWugrmr_L+FCBpwH~CPX1U!9T|I1ubj2`I
zSPHWVJ9|gp-&;BSBwS2BuaW{TwBP!A-UwbnU9qKyQpukw|N64A0q>@U2uDi{XTb{B
z^OK|YvQC8K;)&D$sfXj@x^5O;c>+V^1^|b!1UDOECTJ9gokbkdwFqZr&8%PRcybvj
zL<?UC7YkxWDAz_TsB>PWVCU#~DmeDFpp3fXd0_QEg!ij?|NcD;w0<zwk~L9KfMbN+
zqr$<5n8P8#?%-h`V%P@`4)JR+9183k2lkQphVV}*g4Z|1f9~PeepeJ#6PJ~ReXAKd
z7#rI-n%O$-*0<)sR85<!YdL8tyayQCTC;pIvi)q#;%064TLezP4FJ2fHg@_%>1J(Z
z;|OpQr2bO_0K5PFn3bCHPZcLiL24}pWlC{d2V+WZmUk@gsD++WQc?;y7?}W6C8Yiq
zhy5i;ZRX@;2ViA&b#-NN<zTUOFlA-q<Kts}$Ii;m&J3%;?C5Ue^vR9c#*yYPCI9G=
zFm^O_Ft>9ux3!`Ct@qPsTW2RhYU<w&{rmG*KaJhY|7*#{@o%$W2D1JxVP#`^$NH~s
zn5e+-rvPPhH)AVp33F?hdthw{aq_YW{Hg!{mHgM@|43^6C&|sh{lAj`Q}X{xYB(A@
zh}&AjnsgHSZ)E-!{@=pC1qE1tTmC<u_{+_Ip2GYr^jv`T-!T(<?rgj&0S6}nCo3VU
z?goFDiRPs~HTRS)`%M;=GQGi9x8n67mHM+}9sGf>&m^&8+Z(Fz@r=>aKmIIOSok0z
zGL1?fu2H4|KZlkc&d<ma_&W9_z9pfGGU{vE{`*nK6G7LJ#pYU*uS4f8KI=;(?jsjo
zqeRCXqmCnFeXc7u4vLn-;o(qyF{tN?WFLWvnzy&0hNkAk*+$>q<=%w4hK6K)ef{f3
z!>X!$cc8xfMU|lF;I^-*I61kvV2?u4L<ymN(m2TT`EKjV<~Ua->3Xoku~$eE>kZ1w
zEZ6uC(gXQb%Y|F4Sp`q2;B3H|WW8da!^!!i=dw{*jTVLThNq)Y;fs=(#+vf%G0(9@
zmC2=IU$-UO68ei6&YEr^4=1V>66@uOa8gg{=Es+9x4Y;P9Vs%JuEpQ3AjjV>j<eot
zx*7>>)jbO31k|^ensQK_xF0Fp%_Tm(XATb!-@O<WE<$H*9kU)aG@UF~F=-aT7_!He
z`IG?fPfvZi<hr7=&|sY>v$6Yu>#I9IX{G5X$oatRbhXoIgl}i8amDALVaK#;akHbg
zxw-lL>%wEYYj!T}GgAiFc{kActjpcQ%Juj&@gndIQ;*u^0mS?Y%<Od8WtHXw)tD45
z(Qepdy*zw;Qti<7QR)W0#!9qtoU(q(aye`|Ouh^`Xo;Why{7S)yF)l4Ct?p<;5ojc
z&ypYYam%WdM@g=btNkRbo{CH(FzL}*hh16YzdK)JEH9_1Soonr$NXveH7%`*m>7b+
zzBZ8m@w!K9=hE>>Oz;|CdH(AQov{sLkGo!%%PQZ8h>?fR+k~(4X{zz<(#*Q`XvvSU
zhzOK$zpp4UN_EX{RL$9aywdl&pPEn+KD|*^Q&Z5OQv#Q$t&ArFy%cv`_9e*pT{y{v
z_HJl*$MK5@rbz1SnDik7PvBg_Yn9|>!igv7cua{tG}`XEYmpBN<+ti;DN1lAH4uXg
z62$Y+rXN%P7$7(<PszZL3UC4>v$WD@`hX$N?`*Bfyszg>(|~<K<WKh3!&Kmgb*+xm
zDNW#bf9XWRvLKBIbIA5zy|q`MBvmBl4_%AJogstYNRJY+Uz5IUBM6(6m4Gf%dmWx;
z@;OS$Z#?eynGY9I5+lQ7!TrA8jA5BZWOCgSG7bmVQCOrGqadtNk2TA?0<N!S<~?2z
zO-`tSyt>di0p3qua&n4jnx6l9NEA1Agy3Y$eoQR#`J-xc&VZyKR;UpI14G5`J%vFr
z^Ye4N8#gYSvgryMZQotwKYqn3K+3<^9`&znv2|sZV-vB)GGj-mSg5OyIXx@W)Ct3H
zo)v*Z`h8KRp%#ziPw~}dNyqDt;Uf`?QPwMvSc9@6PwVMfS!X`j-Ctxs<wvk8S%g|m
zKKt7qT?F=e#!L=v8H41V&f_CeK#OJPfTTNCs0%`?2jp<BcANjJuFNRw{L6sHzdScA
zEdtPfB;{>q9js~aI;_G-u3b>)bAi~uL|V`E+utz9pg>%U$g#@yy=F+n!&h}TXYjs_
zVeNU{NuiQ#vs7#<^+x|@BSH*24Dgpi6$ugN)_XoX3vKh<4uBp@EW0ZCH6>OB63gC1
zMACLuzGY?e^mHK4vRh{1jzTV`Fhfn7ZQHMo>GQp!Y>O%r?2ZzgyX$KbPxFbvgOWVA
z(ZMR)mQ0h8=Iry}`ohYij+~hWL228LW**8lZw^n@kZIZNmAiUYWOXHGPS0M>uUAqr
zO<6Yrdg-MUgEqS+Q%VCX-+d~2SC?FuEzEF5XG{&&zBBIzi<f^iewF*Gb{;H=K77_^
z$d<9uXZ5-VksPypqDVSAkiJtR>L}r1XoH26T_3y@GdY?MC3}cGDa-b3VIOyhIx>qM
zwa!1S4n{xB0QiC&$b7Gih?*gExDZjwdDQQ<u6<2FTz;47sH(Fz+Cfb%TX(^eg+|sW
zA`U4i`rMkK>G8rzd%@G~RYii6qV!#HeuBYbLwft2PU|x5EfX=vsaGkqAz>Lu@e}1j
zNKnXbx*Asx^vuxKd@R81D44nK;~7{a?MgTJiK^oX;ydYN_~3Kf(SdPC;o|e_JbO|7
zVOI9x_8V2&JvNQBC6vkcjzgPsRZzI;7M^_ndOu5FXX+y<oXLcGI&1J6cn#CnW9-m$
zo2o-3P~PXAgL;Dix!a-sWV7QtYOBG=wMGbbOvm<e{zSh^|7hDCkvYpl`Nmsi!G<G`
zAcCQE60@_Ew|$D)`!}5o5&bs7DpBwKXgp)8+~>RZ;z!6=E(jiK)haHti_C1#*gO>O
zgEmj?i6PyX*AvF;qE1ccYH|b}^$RW1JODi%SX8l63JVK!+F$Th>9{0NcUe_fKlit}
zS0>?gllk_Oq@Glo@`LczizrgTUaOE8ar<BI;gbSbqsj40PAGIMxsMp6-^}i{Hav}*
zPXu2nEVu<W^eR3s*tQep%m)<`@PBWN%Er>!dN=)9kOf3Pd?Zigdt5Y}f#3Tf?E~IZ
zx?O&5t|(AF{lmtpZahYYvu$ENz}qWk&=3(G3pK-UY7c#CuD0RT*X};Y>&n*sqRY{$
z_QDH*b3O&|RNP_-FqN<bsK+mOO*cNr0i3{3-7$B(A4>PZn7v)~<u&FEpn)enS{1fL
z8eDMZN;Fc?E!ioxYB3v$FVk%1^ZYQ?9G!`=h%Ej5hWwyQ1^;owG5VYALsO(j%$6fj
zv%NM0a9U$w({d<cP(N)hAeyvfa$ryft&!&7qPo%g2%U9ILldaL6ZuNk*W009J94XZ
zXv#5ZkmRJmihrpovYakeCe;O0;!QoM%~vhZAG>w&#<=9})H$hWpVoQH^O1WmwCsUl
z!o|OV&N|lmths#9<E+<nI^skYdJC$PJm0Wvm5uhw9voDd-a1fiXzlZK`PiKOU|s5!
z^z&#?!I;6?aH%=tKHj+PDBJVeocJLE=+;sZWzG-*DP=y_TQ;ToS~4IOjj0_CaoBLE
zp}0*GXe2T90wz)&*lYL8Ml(EuFV`L+&2mH5?HSw$f(Lxvu``=O+i;zfSg0KEQ+pen
zHs9j}OE9WNi(RKJI||D9ygFHCSDz6td0ysk&?zeST_5G^HF|#yy_>p+yw#s&P|+P*
zbD7u<BqMkXNt~dDqRS8AWcYkFr+7rsc-$C$`sH{Tbpi{)QL}vLCWd^Z#<4Y1^jQfL
z&5mgTm$Mhb_xGz`ulT5YFyWfLS$vvOPV6mG)q>dd>B+QN`mkSKWt9(l`ut+YP2D%q
z)=R!hupZ#V0q!`Iv#uC6m!tE)t$90`fXO8EfoE^FCSzo8&tR~`S&PNC)s#e=yJ+3m
zvwU=n3Q@t-KT}0JYhkrL$++2jPkr{PF%kEm#AaXXV`{dK&fYYk@9oBk^@6IgR?J+|
zU{x!)^({1>hOe`(uVKKxGg|V|uuMT;i?x{zk-QJ=)6OzCz}~uJ&*Z!YB~9G2^p7;%
zc6h|}Ee^lnHQ_tF9Bf}>>)nXuX)mft$W}Y{)z0dxt(y^Va#%wV<^}ROlAZIe+UG@k
z9-})S)@%$M+1GvT!*<+oe9SFQQtP8hPK-`1<ATt%*!Ox@?6Yr;oSD!**7P0??9tr2
zZ-jckwV5u~r|0gPLk}X}_Y>(x<$Y-y1EG@qy&S4qFlLql#7kg6Wxln^J)|M~dQ!8;
zw>C?VW%)@}zC_k}eqZ00anM&CIM+7lb>m3(h@$7youruQgpnWLiy`v8q*NYiP{<e7
zPOb=+t)6&jb6ugG*4XdGOrC+XTM!JV3rz@MZ28eVvx=W;{-k}6weE7;xod5xZ=@bK
z$j(1K2RakiGwyT5<69>@?5(-|#L6>A$G+Y<LNBcBZb&D|JjihG`*0wCl%?-$$<um2
z3Lt2jJ@h<wK0tS=*(_|Jt?F+Zi0F7<T;e&G-PusI-?b40eIHFk4g`yyP0y(EG@F`+
zKvf4mX5Q*hZloH!Io7G)-fv0T4Ed#2XDvp1C?$P*Qz~>0s%ks5wIph>A2pODYXNtz
zn-vU1bzu42#`vaCH)C$~KG5xy3|Ky1TM<Iy?%4;p&-s8m3S`}0k9p`UtNKGWhnGR!
zXA#;W?_MBv$%rUy%n$FO*D?6O%eN71IR<b4Mie6%0Lcn9wPLyZ*Ce)v!NwED-mHbU
zzD?3l=)<7^qiw3f)BFA@gDIS1hx?ez!&J5U_50X0+evnhZ-6(XeCEG;G0+CLqMoQs
z`}#m<0VBttw|!5m@=I<jc=2m<bMY$F(d{?$H|?d_PEC^l(gJldR2RJh!-^#It689g
zY~n##$CQIVspBR0tiqAftueJSQTx2wNy$TJU#S|AnJ#+`vvD;d-Y++k+htN_Uu#cC
zyt&&?Au{`)oxdDz)^t-GCWqVcs^#3LQ{`=gg_ak*(G2<X_&|N*Jhr|r-l3K-%n>Cm
z;(X0pUsmXPYw#{z%}c?sD2AgMHrs9lJwxQeOT1fLF0amTO%@I>`=hEZ9>C!4dC%KT
zXJ1dBvC<NvD+=?y&{N?iQs%gEY@gj<o*!=YfKsVVty~s;ide!Td>)^ccmakAbk&Hz
z9C(-d#uG)jeYEU}SyB|Ftc*BCE0`$S_r>E=iyO|wr&dZulZHvBLWn5jr8Nf<09u4j
zr`^iSwdbn`i*%g;PM3$_22VqJiuO{&5f>D8O$B4(U3<!-l7}v!RzAznl%|CCl&Eo;
zfvL6yqgGpAUwbbHf0hN(kWTVw#d-Z`BwNw6htjmE{#M}#eBw;G=X6|O@W7Wo^z4Nw
z&&Q0jtB*X7>@+-&IQ`jZ%P9eouN+$LiDJ_MBZqf7Nwo_XrUInVC7FlYt-aCTKy#9}
zFu<ZYxbX^xHti5Tm?}-bnA@9Z6NF8p{<V!{#tz5`zmpBraaXvny>K-8F+ef1l-jgS
zZQ%ko5uw>$H*wcECM8ako{A*)`w^MXTpo=;GEt}YmvV)DQcLe9nVCx(s4}^eI-~u(
zc&h^_w`$brCL}EMZGa<^@y2s(n+NxO<1gGZA+XHzKpZ9;3k})ptM(-}VXMu1hB@S!
zwyTCSlkk3>7_#RqgP4j$!|~2X^Cl>Y#*AC`I+{Xn=cH1>HGql?u?<fFo^bc?8*djj
z4u)7#qKw@RY=JM_S%@GxR_PRnol?7B#yMiIVGfqr@527bWj!>mW1Bwkfw{ZpCM#jo
z(`5jGX!P*AcE{|mc4IyP8!e$2Him3rLx;+&EAoTUjf6}m?JQ?>qYYMqL(&0{d!lVN
zOP=Ff#~(8ROS9GS=gpP(@9jJ^uMryuvq_q@`-ny{)%%h_?<A(<JQayT)>8)VhMOB5
z*IV~ChD$D7meNV}P~frb=zgg1`jpf(J|hP2rE?qSdP-859-izmEO|JzUQO%fzNGWM
z+biO9>QN9XZC>$!4$th(R#z3TBx;V&tYl3R*qvqwDPA}joh)MPj6rQXBw<_(M+Fhe
zBh@0`Lxd_J4DW(^Bah5q71vaa*fa8>-1eR}kW6pSil?FN(CLD3pfF_`yOjAu$WVH`
zDRbXZiSf~KNGa~VKOAZk?nmFDHPn@&!~UIVH7JFP`7EpTcifqhiRMf2N>+j4(@iAE
z;6|L-=}3uz=7IX|SQrRK9~Dp_12_fN?kp$sBKn)q{=n7+s+5{&u!NKB$k6lO#ewDo
zg>KT8u4L-rJ^V!kuuzL?`&w@XiTUI1XL70F=JufD&j>9}=5(LBR+fC^A-yU*YmH7M
z2!zg}->^~bbkqvDNkqLC!y~tg8Th>|kVY$U5g80MF=t?mDJ>a}-y;L;9IE90i(zS-
z3%()%4%H716-kaVR)(D4+dl!lP9XsX;>>&y%ChyPcQRJA<@dPhyJqeSMG*hcL4P|e
zzgj|!@K|_+I7yNAq@ax(stRz_TgPuNe{1sdBZJ@TF~4w=fcGuY<tJ)_aXPFvBnfWK
zR#D0OI^xl_gSQ5*Klql_)+Go2=5e0`{G6`cssJ8dZ%=*(7ko!R68XUo&laN8%05bU
zFCcN#s@6sJyYWyogwlW_^1eX(cfac}!83Q!J@$DHuR(7%Vs<B#xIHWUNd972<B}p#
z`_<cryPb0pl|q3Hlw-;W4v8$%w{?;vI~hKS8NwDT%FV@?zZs{3lwT%cnc9RAEJ}(m
zXYeG32{bSbLJljX{mhl&VK06p((K-bg5ynl@>e<Lc2}EMKgIEW8|wzZ1H+>crn|Y`
z9rAt&Bg5B2^uKxiV<c<)G|cxEXGoP|;9U<phFq~AZnnfnE>u5}cr3HXP*uZURyePs
zW@RYfBQQ*aGKz7+N^r4OSF^S+!x~^>?F|NA_=LXy(A+;{_wyIOKF^!|{r#VMDWH^h
z7*fBT{m+GpkOAI$TN%1X#Gr5gS{3wvO9sFdIbE%QHB><(5)wC`^E^L2`%g4fi~On2
zAba)_HCtxyD=r2FGRl92Jul!5>N<N-i>jV^`qWc*=mIrKIIcUf{z?q|84_27WalS%
zW0PyjknWr(a4>fcrsK`Jx84t*e=7OEqW$(zH(wIpw>L51+gBX+4*d^%|6|sAx*vDQ
ziD};B`=Fp8__*SVih{JXG`|5U-JJaV*B0Yq;yBi&;=q4&!DF4uQJS3uXSQLG0hGnQ
z5RhIn^3K~#&df~ktau@Yu+9T8?!NrvmK$2Ey6!$4!{IqK>(bKFb983n=XQ1MNz~QV
zCQ41c%H<AW8ZBK@C&LUOP~_Cu?L+vwmk2r7sQqi`6(zgHQw`P&yULRxNv-F1oBi>4
z=ndaft4(5JD$(~p{1N@Kzlh5G7K)4k40OSoM1ZG2`pm?7&^_h``Z-u-Xdc1k*)_#e
zJwW^6=(%PGPZ8;*f+JXZfpY8}g53>qFJ`^yUulfrnT&NbGmMo!3SWtAvRNDh<3UZ8
zr%k-|Tk`v40XsI0z{a2-1$@99h6?D!x!k>h-RhV!&Oc71{D2CR<uf(Nqj>zTe*@c8
ztQuX}EnH``UV~#LpPen!<Mp~bX%4EQl0o=81@haSr&4}9%jboBUMup71q2lxClyw9
zGnvw6b4MKoLs3=A25C%&8EsyC#wwS?%nMv?{PpG&y&JZt1MGy!;ZvN&OCmb<ukWZs
zt$;15&scQ7@P%`>WM+f&0(^|FH5ST^)rlen9|r)yygf4Hy@$g=7a-)m9{U)|f5PTo
z$HyAu!m}x_nLk@_9WWr@MotC#u)Xr}>GpX@W$BAVL<%U#l$mKX5paL<Wue2q=EXJa
zJynqxx%jo;W4ou?<fBvZnXW?cUAWDwue)U7X~)()aW3cLzhqiibOFQf5ix%WAAViS
z8%gL#Way8rHIz%!7Ixm})_lN<34Y60Ug0KqyJP~Y*xI^0^|!6RSi)@qy)KL?5~MT8
zk<HY{s5~%1q6iCF7njs_I`Dty&sR2pC|b+-^>7>Ip3l4ZvR&!w5vMGnLpM(Bndd%n
z5u*A6O(HtS?aIXEdH;#in-jhF1)g4B4At|W1U0Q~NK4n^_mwoutk*2(Xk|}33^%au
z>{Ox;(w5?c^^f*B&+DloT*rRZ$0I^rbK;!+-LT;NPqD@X67F<-=<nRHkQSzCml&2p
zw>939mGXbAs2txJt2T5!bF6eaSy9{TyjN`t0zGgRy_Hr%v>nQGJqB(%AbU?T3}}gR
z(S5MM?m4`dYxB8sA#O1t-#)tCZ5jBYu=z?bsxZb%^1y|2;e|W}F|u0(ji>9QKRfU-
zm;h6Cne#Pyemu(U%{unCn_}h<DpDuF#VD|mk>IjBr@gdAc2ykT7hgP^=m@iOTb2UP
z<l{)OtsM40@qZY$9o50U_Chl-M)!92J0FnMd!D-#dt}D#c93+P%IW*HVA|A#))<=?
zUz_hQJ8m2(xHYx6aqaNH%*z@r@k97-b~Yf-G0{x7^X*dS`;mgFu1cx7$lV{8=Gr~x
zHTol(`Xxd(u{2EU-aZ-6$?wg4WFSMA>C(E=i{K=V>&ak~T)VH&4TQw=Y9<(%caR+_
zS?!d3b-;NXE=T!$M^fN;)0MoHOFn5OHSN6D;Y(I6CFv^1<M%B?m$|7dH4V7of{88W
z`fE{6ZLB*icuVEp&AGpR>dYHd^E))Z=r6E``Y5@UPGIIgW5nbOo_fq=X-6&I$+%AD
zzL<Ol^tRY4^g-?#UjZWnJ$dw()E*iP=W=V8Zl;7zj(ijYkX;<2tSjlj+vF1{ftlwQ
z#-%0iD6DvrI4cSCqecS&^*w-R-P+eF2P-5k?G5vVh1YF+J<i}3)s<X!h%e!LLpxaR
z8Os{UDWod;2_92zU;dtE9BNg4T<o3~$DYJJqn?fqC{22K^#SZG7z@a_Zo92xX}QB<
zZqf_8Zh9TGQ+!OrxSyy*_f(q^{0sHD{5HyPLC1Km!u|P1Uk3lK?4H|Qi|gD4=UqIm
z$KBDKx`&x@b7k55bY-FwFnh{m9?YDJA8CB}ns!lSE+bfx<bB>g&p3w9>S-_LR;T8~
zUAlpDJ;&>aqzo<F!g?jG33Y-6MW5Et=hDW_s$yNi(1BVf_k%YR?JLaVJMl+4*yNs*
zGD$W;2TwWsCM7%5$*LY*KYnekzoK-4#!9tcIu4J!IR0QZv|cWyXkMr`DuFiFcg*?N
zdhbW*Hr?sg4Fd%hw`Us2w(rXOAJ^LI6<VsT#^-GAEwUlFRp2bX#tAiDmvrXCd62(N
zi|JR|uMh?@q1gbC3->m&?&d-?Ex&$LXg#2QbGl>16{<I^ZI?v;q?mv7({zN-^vglk
zWb8u2W#hGNgm5Mpq<n%{(6u%}=Ou4H3xiG)bnvjrUgaFl;PuJjh7@tH5=G5?x*-0_
zsXP&#KX7Wa3EVUdb=mQsW?(JwX3rdQL|Z|RS8xH)8stj$3D{^PO>{Cn%1lK17Eioc
zk!<YWE$r~DKWQQVoJU@Oi81)A2%PkB91_O%GE4a=$;LrXf{&-L3CttaV>QylLcZ<Z
z_M?IJVF2G4cdwhT@i72nP;(8{z)?~{eL-S#j~ly<nV*{c^{1K;q3g4c&oy{}4_o+w
zTT;c=ArTSc`P<iCIedsgJT7B2YUS~b)g~${J0*=mS3jBcT*4Z*ymTHv7d)H^=-z6p
z;bZ0x!`+4Dt<AsbJ*gPAo$C0GT4X+$BXDt1$$j8*7!js3mR{*_7By9ZPr6-^mdl?$
zJ(`hlP|@+Q?}Y7q;w|%(A*cPvWz6s#1tblUBnUxCz4(q7!L+pLdsDgYF?(e$LE<UE
zrr3;H77Q<Y$#2dz7iK<70h19cP@YG_eeYBggG(pH^NLEe>vgJaY)M1;9^rk@p2pk0
zeUoNs>o3)+0{KackT*vyP*o1G^LV~0)uojNPAh!VcYt3tYv1V<B<MMSh0Ia)BI5h=
z2~aybl`H&n@@)Pe_^Hp0%1f@gok?w45XPAnt;2uqU9R{PO0F_dcn5~tyx0&B<k#mr
zVkBJg(v-QlbMMy+{pB?$%G&XaT-8@MH^KkA6cH?DhthuJ^&(wEw`WP=nQ$OTW6<@%
zT(MLGwaB@oig=cdra<ZwSoocbu0aM{p9L|C6;0DX5aG1N{h1HSkIOT9iiL~|1+q6W
zyf3M@6_~lUmroHp-|yYEXkPGW63@h#n5%J*(_ubjU?h>9se!kzE05}=B&dYr;;@%5
z0$w`?9CH@zVI-ugHej#Whgsv^r7I@8$p~J0B{8k<sB}Jv1svLk(oYL^<kCsixn}Fq
zI=Lle{!n(lm;xT}dkUl1TZ?}VXgc&5N?hLHGd>W`_gRum7#L$He!Q~D*~x@!;`+rh
zN`MGjuN|g@%BDj=AM)E~vKwM9<7oi|aJW;bJo-~Vc}TsVL}31zY-nB`SkU`m`*5U0
z7Y%o<Lhw-heEm0#-iN`JY>td7<1hfyrw=JR3T;jy+g_*lx%^~vm7MV%o)kjwM^-Mm
z@@%I2=h6z<>uHRhHe(1?mCZG~)w3L(nw_t{iRU{@8<a}>^_*=kjjHwvYNmk9E;<4q
zXI9RGEXRYXloqP3#e5Y>EG|m#9;2jAbj1RuZlf&R-AR!>IaRbThUyA3W~N-gL<4I<
zq&fS&SFKkCli845JqZV*#V8E@McI>>hSYgI*&}B$WXzaqllpFt%K5{Clr7H<g38D1
zsrIWZ{qzqDT00+mt3rE*`)6f+k2n?{o!?`4rv>gs-hR&Aw=6n{mAzD661WSy8EVWt
zMY}pKGh&gD<H>UiU+yCu%^%t!bobeQv2b{|U@2U!*fqYGJwC<GqoP632SYpK5<kvj
zeDAw&x96dIWoojQ9ctURQ*EWC;Q;6T%|<;=0$!KHSM~U1mfawGz;;pgSlg5K{w-#8
zmFG+Kb^f^Pmo3aMCrhZN42QFVzbhX|Jxj*wb?2P@$z<BNti1WiNLlYVYjakxah9o;
zH)_5fq$_?**|)(jK&o?`J~^pArAqoc!qNM?F1v?#K#mpAKKnQ#JZ<)B&^$?)C%=eM
zcFxnS(3jt7=|ERt>zffQc!eQKS&G)P$xAr0C{F7`U>Qoky3y@AUXb(nRe|IBu99fZ
z3Ap_h)3l06Lu>+OA{ADwa9OV>Ypt(%Y&atTek1V>q!m)(lSNJN`JPVcDfr}o{Kj9T
z94mCop2d1$C6WBmEN0~w+2~Jx?4XB%D*rI4wmd8@b!7iHG^;o35v+k5JNaE*Vxaxf
zvU~2xgi4?UwhAS&>gP_sa4yd;)k~UlT3a|}F1P!GX3c%x0SPvBmjsuQt_Zdr58TEk
zCSSYPD2=aeTMhjmV7>eM!b(Sq1=n9P`FchrGACKB35CI6J=e(RMEUZ0{7N5NMZS!^
zP8iD_6F}PhG6Vu_;VZxwBZMgV<CT@g;N#k({;Q|}>BgEm$3|u^SPtXr?=8&V*k2Cy
z$6CbK=r3vi(<mc6uUF1jal!wHPbdzIHRR^!eS7mCKMRzD!vGd<Dr5e`1>lf!1N~rG
z&4}b%Op^cV`H5IzeO#$*Z#UpThP`*OLKQHcwZCt{yNnH{P)7V)I_>L^xmr^O28NPx
zpMDsrQM)dTX|S-cC{{@4p3Hp)>Opz4_&0;_PkH@=l@kW3@krZK4)uT1V>H*)h5!kb
zzpY~Zt!+IJP8ve&=s`wc-P14fCG}t9&g5a8zP}cH3(N2P*<i*B#f6!+o}c&WU(-bH
zam<KAMw>$l^Xm#HOLUiHFRrE^%-svxjb<NANVEBXc|>F*1ujSPslFVLNo15j<BW7k
zrc~>nxCvACp+2M;cu??&lDXt`P@&C{W3pO-cmIz{ovQ^t>G+EN3N12&CBz9Crg}>$
zrF}O|Q7o>s=Hf&{j<SI5zc?9nh{y!5mzC{j;69{(IH8e4rjOP^i>u;ISn`-Sg^xI$
zV#YUIR>gd-jx^a8h8|bi!WBjSj%7*QiLSAwLv^R7K)I8WNoU+UGGLY%|Mldv5ou?s
z=A=@J6=*h{*&@i$$;*?xpdbcQ-_?@e-?Esm|3W@^j2VUS*)cs&e%nW<c;kwr5>jKL
z!@oHq?8J2d3KnnQIAo-tD<nxxa#ch5E82_xoNDKgl2&$!5LP`rz8aprn1t$UCLK;0
zckf6$&NnaRUT89{4|dW{wmHUQC}1uzxmr>6{Srvy&c$zQEnD0WV);9VAi{}l1}-Yi
zgT4ke?x=zUpT0BaePJ-4mq)25#2mP+io4ct5X`=#D>8%d$!S$P6>GcrF;;mcYO|Cq
zNz8YuR3FvSyRWYAI&-?>j{%`eBHB`c(P~lbO9x2~o4dNu>-o0B#Gfp^7O!Olw{iBH
zX*CYwq$(H1SqY=R9eDA%hGQK0ywix0Beot&$tpWo@<9@GhS3B^a}+^iM(5&L1rETn
z(ej{y#(rgXVU;I9dw;hx(3r92y`sxqv&^3Km+t5&)7@SweR^i7hl9=Ro}9M4{uU>a
zyUqAggJ4{4@}1l<lS?H#H1b44$RlsAG3_DP27ZptISy3PFkk<$`*xwBoYxNHuM-Fl
zNH{kSwo$jsgiN^^TQO?Ag0Ax;3xoYtuYKU{6|T66Ted%Grh*=vAosPGMps0obFtDf
znDPY+xP*JgKX3UVtYBE45rfqy+J><bd?J`F=Xen`ffc2@B%LPS6RqF(1>VDB;=AFm
zbsWJ=4===}^C23KfjElm<l*sL+YDrbwM9v#u=bZ03-w>gcOOzxOPwRuWkm^H^Ee%T
zaX<tQ?6%N39iC=Dkwt3ekEQHwk>88*XK>U`s+n15RHuQ$UpKz4y^@LO@Cn;&Bf|wX
zAD?0K=g-Z6gH>7toi0B*Z0hi6>+rW<s_B02<6iSv>Qp3=;F-3~$pnX~4wm#0EDc{L
z2=P_>QsGDSI~RmLi-!_q79{q?9GF8@GR;)i1(vwudRHJ&V-sRwN~pT`+l|i3Bb0%V
z*@lAfPPRXRN8}RsBd|)A#*3J}k8;4bgkq`Itc6Y#J8WauK=oW%rvkwA`EljT)C7H|
z<>rfmGv=!N@n-$2J1+xWG2@Kma{8ix`jheUERWak%zGR>o?>PCwpjA_HBEM}1a+f^
zm>e*&?QrgdI)=SYEeD7ri0AF|-#e6+e_LnrQBsRix17)4<K(9Lb*ykA=RLFd-omIK
zaip(+dVY(xeh4txZVM<q>MhU5#2^{u3lt<}vm7&#cy*HX@v@C^C_2m|JH~sjC}9fR
zOj8qR$i&?znII?-bPQ~dAN{h>)Rv#FkF64S*A7i$-95$b#wL8fy{$C8uvXV*_eDW!
zn$w5!x@7*@*fsFH=8|~2L7k8HufsI31g5A5(x)0ex)^f6yXbS5`x)9;wdxK5g>;Kj
z$-tA}BrTO@n{n%j-ng74fF@|Y%3{v>@j$`>ZS8gW{gH}he&mExV^(23orL=CO&@0?
zFf`-Piop5^Z@duS8Ddr<#PL8s=upSxh-iIPFG6!mpwDAqMg6!)?WU^O1nGQtR+JqY
z$?UzVFz-6LWdgbYLk$W*I}ITIrL~66<kpXe7qlplzt*PpB#{eVujmoZt1w}ewa~aq
z83S#Gqn3Pr=QXEKKNWSL23Tc6#*hNnoaL!ew?g|oFANIl0}r9tq9O#QfnD#^4_l!#
zD9A;1PW$yIF?B<3-tt@Fw3WNrn|Vj9xyQ+*4w9)o_aYo}W(o4?_w3#`tD_}Ni{~}?
zeUhB!*R1AIGJ+t!fG#TSPDRQC<%`xqK4(jw7j(hh=7nJeGPdtGy_+#5gtJ%~s0%2F
zG0Ga`(#Q^kNM1_M2n)|;Y<>d#`Z94(7~DkdV<IYy;y+&$&Sqt8w@~{2H>`n0Jqc$2
zZTp*7n#pLFo87{${<ta~x6YWVtZ`rk@+Y>d_P0n=q}2L)fA|PDp_5xHbad+TB`F{B
zSe<YoxJ`|`V1NpDuM-rqr^?n?^{}Z_tO*Q=r?0&^X|x=9H407NeDygS?A(;WZSAw#
zz)|VIZcV=ryz>>NUYInW7SA6>Avy9;`Uq|1ND!1M2OE<u`-WyXR=&$K++Kf{*g)^P
zR22;(ur7vpk<}jaXBB2a9)}XD__Bmjn(A@=d|Dc;^9PLqn)}rA!{p=1S<4_@`7^nq
znSksmmb^CV{{8bE^G)3d^Y4v(u{DARLdwudk2MS3#4y7@i>`k$?dr|_#putpmvm$T
zZm~Yswb{2^`Tw9x(&tFhtFWBsWR5t>-Eqswm$FdszYDmElHbfbQo@N+fXm_TRFYv|
z^zV~^^-yQ$M~)oZwkv|GW7zf$hBU|9`BMvIn}4&^up3Tff2{Mus2pUYf0MMopAx{(
zPLw2p!~Y~i#eRdL*l0iEf19No(?a45i6OM++^VwXOk#^g{|8yYu-Z3V<%gDc?e&Ci
zBw~J=W2AfzfdJRzMJ%@Be`{d{A<d%5C@5HS4zHbZ5znt8T{s+8=r)33M-@r*BoqEQ
z?}ioXfv}U|h_U3dU>#+GLfS4RPLi>j#H<SrM8o}37WkhdC}FOAJC6#76aJr#BAmE>
z-Gsw!C`<oi3>*yKAovAR|7Q!<Fw*L&q~nRG>wgFjHY-Wn;V5%Z{{wCk9Ps7fsMuwG
z$L;rlW(ZvWqQ<lc5ji=zJkBUoVBW_d<^Pm~k|Ln(kJ?B?>x?1&jl_Nneak`0&kjKa
zipvI<JVss=joUZ`%M$ne*KfZFI8q_P2oph&%@E5xsHjrgS!Cni{#MI=Gba_=Ax{H?
zgqf?#Z2{q1WyQW_mgx<{$XYx``&Nw0pcZ%>W&Hn|JVfJ+>NZ_*ajVkF9ALpUJK39I
zU}ctj|DHsGCY)empwKD2djT=_uQPwYQ(8GlxjiJ|${uU#gZ9`8Y0hjggd&ikO7%ax
z1;w{yLW*r~ij-AVzg{Od)=p0`kI>YWKe>}bo)_k)&ZrjI(5~+ql&#g>9ky_mnLbaQ
zndGc#bcy`6T2nCbJ{9pC^8jF#E!mGqs1_uj*DFX2gV;RB`2)Sy&%pnV*LtML1;Fdj
z%6KGqNP(`TurSynJV|ve)c>xP-{l%vPxPR-HD?7El5Dzn5;oFbHCd%$n^$c~UbrRg
zqj+1y1HMVp1b2PqP_I7(Kx{6jFp|p`lpF_YoKs28cQc`c<I&q%YzMDIW}F9$j6Ly+
zW|nX=VEc)GkA=t>QrgT~8EpCMZyftxE}?JFc5=LI4;;&JsBX&pE9-rn2_BxH$9A8f
z{?adQ?(7YRF6vd^4aWVQNNx7u=My*ook-OP*UaDivt%lRijbpRo<;Bwzhp-GEByJ1
zEaI3Mgs|crW~4oAna``MDR51Nn00QkT_4zKwPFtxi~QMh`-9Laes@X!M69hWJ7<_b
z3NngjYIE#3=h4F|7$F7GmUg_5Uz%cND)3HrDq`6j%kw*Vc6tl|9yQ6k3R~{;c`bqv
zBY0jRa{n_;{ZFxFiU}E1Zfi-_a4l(MhvGM$;XBv|H@xd&3q40CR9$;%eR<%WRgiwY
zqsGne_<Iqm-(fIx0oF!0e50X@*`5)UY3rem**v3AI~jbDt?`T4<v?X7_oc=&;8F1w
z^%m~|)jV70n?y2(J5kJkn+>I-eBi&nB9)FN#oke5WMs^R9klGNI@i$9m@HAF>)2AJ
z<V7$Y$v~?_ko((BaHu_`{s{?qRopN{7dhWxUA9zJc9Fg2wGqWbPeT&`i*rb=Nk7Z9
zo8bQ^9ARM~4D*Muk`jm@|1++z0rpcuU~A}^DyqQtp3p?)$;A(G`1cLNmR+rO?Z~Ai
z0$GHfN*WQ0GW^qP*lz4AfBq_g89ca<Q3?OQwqgHJr%(l0T=`rJ{Dl8cBO)2N^h>9{
z2}wy(nf$JAhSnl3I^iz<o!Ot`MH;a?@&=$kEwy)<dA+LVetv)c&nruLj7GXFXWkub
z{;Cc&+Y8rmF#sO!zfOc=Bg8yZ1ZTZv&C8~{$7MB$juQ$Z`nUg-t5T~M=p%U)7o$@?
z4TKokBt#kiMHi7stXKPsk^vy6oVpgw&lteSONODp$lsseJP5*V8<^_t#e}qP-cWb#
zNFmexrx_~%DeYd+>zNvu-g$p|Oa%ZLOZZI&jlFl-b8`waGZ#!%U;*Klhw|zBAP!45
zc)qo7>)d4;=VH69**)%HnvSY2ufK7?g*?ajVRQnzFg992rpAyPULej;GQ~yyV8L(D
z+OIl4v&m4-X>;@j9DTP$p0UVVqZs}$?O7i4Cc>F{MN|#&K9_7${VjILU!hOX%AOT(
zJ@vC;D30>WKR%?yK;x|FrXvq@jHod`^uP5NesShE5kkvPmA9N1L~C07JCc-Qju#VF
zQSpSluC6+0r>_+#d$y(LOH(n|+RatRG_d#a$g|GHGu6E!w>*&LV4Swjg?n>+!|+@n
zlbou8(iW?N<N{fPxkWLV`SQSZ_0woOq4)hS!K(DT6qNQ}^ufDL6Iavea+w4n>-3Q@
z?XZsZ+ko97-&EN-3^sR-E%ml2b`yxRH`?0Sb=gE+Nuka=0?2Xm#AI@2TZo7C%vP39
zz&Xfh;(NO5*mkC~+~E56L8N)lJLds;%lVk(793vK;ebCQM(F>>n_9zaK_)ugWK2I#
zr<sqG#o5kC-jBu@Q&8O1%57>(f)_9`N%tr*f<mwW&@IfUTq*{t5NW(3Y{K*y^-bAT
zZuXJ<wcPOdB5LGF4o~jiumzHC=I!EU{6y5oUC>hUoZ@ms=JF8w#ky|00XT7k1X<g)
zZH;VqWx*G!TdW(dpt=eq8xX!vfdxf{wo(dyWEGz^v3<xPL1y0ARtZpFX|A<YcCqE4
zQ(YfOWq6Teei`^PD<c&$COVaKZ3VCS_nP``4y{S}6Nwtx&uSS8Kt{$vLksyNsfNl#
z-Fb$ZNk#C)e(edkJd2@{K5}fr-R;?xlHxen(nf_vv508KSVxUxFqY5wTtp71r0vTQ
z2ZQ_S=VXj1b5C(&&BOe96sd7oD0h|J)8@RR3lYd*ZWPli^r5ld!D|{v5p--(>0Nn&
z62iDQ=1)G!rNGOZQ%6IZPsh>`=a6WY<T&_ZU^Z3~#mGoWrFcglqTFkXPnVcE<W2$Z
z<_KXb=*g)%`<&q9lq~_d){|>2E3tNExJw<Y-c{moq8m9D;@GcMjF@be<d>YgtQ6ey
zc8Q*2I8u>|d1dbCco+)Gdrp|5BBIbr+VQ1XS5CjVG7;C%*)L-mYqe=<O`X&-iSBY7
zycv9Gyl^pmHd^AvRbSzwI5b%&<C$*m!eF?^>1g4n(}zJ;`PUjIf#P52cr%+S^Qw{`
zxfFLjLahsHK)5Zgx3N`KUL&of^B>w=FJl{?u>PAX=W*Qs7|4)JO;_AEZ_F)F=l%Tc
z;M3cEeB<(OX}C-bbo0|?df-fu-DE$AFGAw`NXjVvp<&-_Mpdulpv3F%mc6D@L~Dz*
z;X-4oaa*9gVyQYUm)N6x8xonRs-bUACCOu-u9wQp?lS~txZGnPxk^jmZw`9-x*6K;
znPjpQ8?>gk8#d;e^$bU|cJ%eAg?+=TERz)s`B{=H=7yF5PMmyTkI{lG6?ySGn1j9x
z%_a}kkaoUSEI?tisZZb>bol_Tf#-=g+(6SDSUhib^U`8m%4(8%dRv^0t0G9(q1s{4
z7S&s+0zMS$&8V?j00hg<{_QL(|2K{|b(f39dP`_nnEg34YP(sI3*zE$wm&j!2`VHP
z6ymx2=$tcG%A};oJD)VM>S4qcn+n}H5`y>{bIid`^+JI6Thl+`7eO@QH!q}kN*yNx
z)yfKJC9x;=KJHX%YDVeK95ZwEbrX;0ew@d~s84;K_`1oKTVVazY|yheYvLO_zV3H3
za$}2;oE8p}Q@6E*L-~i+7}_=7%E62yxgcF9HYJVdZAnM~LE|Xf);l%k^FGO*S3_D=
z66I4Ca&m1S2jPhYO(V&dK2WFN4K;BYb#NZ5TKl{no#5m-*b(zmVef0X<6C>~@JS9v
z`}M2d`r)u|4-ZXA>KvrJT>I+?1nj>7UUT-3mWH7sD-HPWR0^4t7SAks7GI|hx9?<2
zk_`8PHD&ogT%9W4l_H(W7hVpAtvTT(;7>GtnwwW(t}swtP3!2>46v5wom6@}<48*f
z?oU$|=|C!5B2DxGbM3xSp|F&NPlhgglu4-~y8LsO*3Hdvag<(_<>)8SUMJll?=`p8
zbrS<CJ?SuBrTu6(Rg&{$n;jtJN=q(ca%$|nJyJ1z4=o*2Us^l}mup^I&KRFx58GCo
zd#o+AD{ccPxtqvLP&;~}uOk6n4P*SvAbycbQYZOeD}xE@_o^9AY$0rIkM$zo!q0|3
z^Yx5Dt8@oZ_|fK*dA4CpICKLol4J;yS<68ln!+18Tnyw^j@hu;U*Wi-l@)52a`7D@
zaV23ZB{hSj&m6Yf*HjhE1@?;;hNh&yxiT)wI~FAt+DTv{{#BmUlx^a>sGr@@XDn_;
z=e_?Hnot`0jo@izhtq2nXVm?x6tUBFXv;6EymnR1Whfb|#V7lr^B#nxE^L~mz9?)-
z4w`RC7V{;YY!^Ys9uf(ehRuEfWTVj1OZrs1$)QQQqOhOT#Crm@q*W0-fi|SWK6}?F
zC1&}db{Dr%+2C!-AeMyyqQ=FP(5|JrZ4Dhw;VJJ#?iF++CKy6wcOD%%_Ds^~_5URT
z+cSf$CjQ0LW3MrQok_`iat8sK6kh*_wzrI`>ifb*5rdKv0qGKvmhMoxyW<E*bLfx;
zK|vacLw9#~N_TfjcX!{7DE|KMxMRFu?j3{ShvPYWueJ7Edp`4-&zvjyVm<%)JPb1j
zqjoQ9ACGbAvY&Cw8zCuEu8l&2rf~Z7(`KKppE#3i!Oh%#gA$jAJ;Q0>SmEk+Bv{(#
zDES}hhDLLe%@d5`q*8Hy{IHqgrwCXztIYj^9!y|`6#vUWvVujKBM*03RlQN&j3ZEW
zn!Y<$if}ul+Y?u_gWd5;c7B{30iGYrg$cgTrmG*LtzwP@HB8NXWV?(~|2hD()Y-m!
zpw-Kjrq8doh)|$5*;4e{gPFEZ+#jCJG2S@UO0RYEbj?s5Uyb1Qhvo)ptAQnQ)R4aa
z$s~?kj(HXrhS@6?wkXkEj-Dfmc!HOQk9w?)y%(AF&+)fMI4>|U5kPWu(T^Kl>dv71
z#r%TrF>cgS{39FzbGYC3l#mI_N<m2(d#sHlWnn?5;kaGuGL@T^l_VL<eopNL1XFfT
z_=i99F2^2CF3}o@wv}2pu>@9e3|YWDd3FzMJwqA_b=oq(Q)N-@RqVGDkz*j&Scl^c
z0l0-y{fHX0-Z;0Mvp0lE$@z5d+kpdUn092r1p#LG1%E7B8<r4)MyK&eASuqx2@=PI
zM{xYD@g6R^8<4rdf=W&aj{<R_IdAhFJ}j+0miXgl8wlNC3BE!91*`zPW(9(Oy4l8e
z|4Cx}+S7XeU+{PrQZM2?KYR#(7b4sasjKRz4Cq}|{atMz{~x)I&zGAHgDxM+Z=hzI
zFv&Gk)zrjBMn+WI_<bb%|7JUQ6AWQvxEvKPNppvXhYOg_Mpy*j(Iz6}))mNr69{jd
z=b6Ei(!Lm<<s=`=B(eV)FhAa-8`5IAbV(UjJZ^O88iX)G2K>Xmslwt_^Iv0FQH41D
zfST`jFvp1S=;YB)uG&0(%rRNSF`42BFTn>S4$K7GgI7u5EwK~)bKHMq2(LJ*`IX;|
z<r($|PuesG^wxjN;6~=2W^oqdXdo(T3_cbC5N{blkn6Zyw7KRyL6MmaH4vC1OB!Vy
ze=#OK8`Py-(}(*$iOUnW3Nha%k;ktIUCAy4KP!zX`PyC?{pPhxUx^2}(qV!KqG_Vv
zm2F@s5On>9G~>83cbADbJQS;awl(iNhtcEAb&BMT?8$iw)QjNaAK_OywH>vMi)~r)
zYjfVOAoGKK+rIsoFrXnd9;R>Hv!5n4%BwMIY%+josNe5NRO`IXV<0RAqT%Lj8RM*S
znbxhkP<9*R#mHWsPp)^k@=%AEBRTi78n=melPPW`?#KE3<R;dIz=X=RGy6j9cQwZ_
zc(44(+1OWGJU3S;j^;enF<kQH)P)4p<oOJ<h$X)CdPf7X@9U;)Uewy0fTO~9Qs=Hp
zxAW`BH2NrSCiij@K{DHu?6Hb7tikXfwv)}riH?`{L&n2IT~5Q;TsGo`6LT9`QxxB1
zxj31PCo?Agq8h1p!L$k9epXf9iBu9-s?K*@&}qDJXnrIox9N8RJiDZCZjf{%lFi*$
z{O4a0GUtlb41_X}n*|l=w3~~I8Be$Y98eXF7Fumdx-1=<vj)Tuw7Rp4Y4sgrbP<Yp
zsvjUcwM5pd?JqIj!&Ht9#g?|ns}6`uR`L_I^_^g=M&^o7pd(FLAFGEW+t9|$Xm%PE
zNVhOnXr`>8<`7AYNHuPJJpckEIzHaZRDZp~H}_$9wB6`>j}-+In}F11S#$=+mwR$V
zkAl@KJ(#$-+LV7IO&niXM7`dnoYGQ%TCI$0&V)~l{P0+@$?$l>&QP)MCD($1|5>KP
zck2={7%ut>lXXTp9tMe8XADwgb#e50D9V^rOdfmzk|MNPvBh>b@zXNwd=5#$;ZGe4
z9eUV(BsLqVy`CKTq+Ue&m!1gS7kZ*)Ez%BKTO5qFVo8+r`sp5t7U!dg!;bs`cGuOP
zh9Z2&2EO5GQ)LX`yTDQywtt^0A9!LsC1@|VdZB@DsJ=Sy6cX6M3-)3PS=D_S2i|ig
zIN1jWf-f-~t~v)8hrQ(;%tO&%Rw~hQz0I#WnjbD3mPo4{v7#g~9?o-L6k4Ph+zId`
z+Ht0_DcG~zFFlG)guuXr>uk%VC71{61UpR_1?y}icB0xw7~1l=T1}r_ERcgsm-D4?
zl#9TTY^@dk2Q3pTtF6N=LCN7vyH5wD@&@L6+gfR?L_HPkzIsi4mealDI2lFuF;R+N
zcM|XIg+J{pv8lN*#yJJH`v>BNd`H7L*mwmE+aj9#gpgcaU;5zmm2A?NWybVA?CU7u
zr?h=9P~rcQOY<(Vx})3aNq*?^R@$VxzOGMZm@Rg9&h^(jjDi(uR7HEMcN6|YHW{t2
zWa*AoDiDoQT4Cs#vS*f)ZlDLeS`)p6j|6z9W5;{miAl1#$c#4l&CoU-!E0)ltUjwn
z*M5dj>)pxGqgCD3tM)2ngOmA02W+X7S94YR?p;_%GU;y*=`7<ka|KYWl<=73^2@pQ
z38`~&g|m&y2V$vRvr={Y@+vg#gljs`E_!aazt-U?+HK?&Z;Kh)#_M-8E_F^P#(}L2
zwbC<-h3Z{-83@?LTyrtWmj;D8?8m@$t1xdq*_X}x7K*7!AlrVir%~(b@t7Hm#>Y)1
z8Pj3c^;yGleHCwMn%=hI;RmaVH6gGax}ThtjdxijVToSF_LXFNbX7L!>zK%Tn$h20
z0MT-e-ur|xwb_@0Vz-9@*}KncIa!}D#5qlL25al8Z#a1OeftTytlzsZ*0`qKW@xQq
zBwwoy(g~oGTwX0nDf}*GJvGvYhoIP{+LoN}A{(~AeW(jjRpcrgMlh@?<g9jq{e(-m
zy4^L+Gi1A{FoM+vY(*`S{u-os5)TJ+?2M!sq|v%`fr%0UJd*ICORwf1o<Qt7x0u}F
z7gIQa&SALiE@QnLY8r>q%-J|lxuK>XO1v=pI~7Lz-QM9e;PMMn*rm#=1_#o)4^2gW
zYf+_fL2PDvd9%X3(%2v%KNhy&9$Ouh1&T~8Pt8C%n7`4ss?&sE5ySN&&pl~Mq^3pN
zIx!qzwq?W}qfT^gX|+TOo~2*y$s`x#v1xs-FpeGas}wenMZX!siMmeVU><&ZRGeI{
zFIr%1SLHNfeky=xi}E$rls#LwxwgevZ|$&?AN$aKDnPcd-bD$hqolnYE=r;Xn<jk@
za!kqCW-XeI=i)E+_tJ!{+f`pEgl%rJq6l`L?V~JrF@w~(o{(eu8H_xZtER;C=i@*c
zm7TSQZ&p;m=n}ap-R$~SddpWT1@;IWp=*t2*w<~x4cu7mRUOR=1QvhlNdIo>R~!)W
z%&7YE2x^Y8AWCdgBg^!6B6sXq-a|I0tqSKskE%4R0I^PGfXD<3ZkHI~&?cauR+4S#
z85znk#7;_65sNC@?#c6|GD=+2Xk?zM@K`m<whq{)??3J!#!eQPxiZ8Q#*-YFwibnG
zfZqG&%dfbpEKhYT3I{6ZXmMZV*etPez!KP`o34jv<a{QqBPF(y8j%=F($iy?97V9D
zJt9Xeo!j0z9IflW%y(tm@F{uLG!QLrHg-)XJG4Ce>4{D>3zoY&@;8rI$r}?yelKB)
z<bXEbi_8vdsbo!vT3S#6-&hgk2J3hf+16QaWI|2Dm@NhXYo1?uZETogIqhXHjq$yt
z(nLYZg4$^aG7gv<8rObtt)+ByfWDR@j>j7*{JV-p>ogDbva#IgCTXyXMs=-tJ(wS^
zr#-e@^qb}eXH#XLZZ)yX?8a9B2@5OCT$|%W#o4D{Cq1);&5pNa!<@C2&4*D<-+EU|
zG9<ngy3MenmQ{2%9?dD!wyBLs&X*QB>Im}uDbrH~NTUmez12Ib+_wbaw_Cv44p3%-
zOCs^e<oHIAu!<yS;uq^ou^T<y8d=-7Y^o5tE@1-4#dgcNC_V%~d+}wl6~}?b`aDf6
zwn2l7>vAJQK^89+R*+c542nrHlX9&AEA7fKw0$2Aj6G=QdTnV$Q3bSv$Tm4GUH8W1
z=CF7o&pVz<zuYd`V?Dk;7Iw;bwl%rlMfU4?NtaiiI&IMY8|(G(ee#}H<>OArLnlv>
z2OaD2=P@$vHeq<2)3W;7Ol@*mEP#YR3Nv&^N5^oQ1kQH;IxhFT`TkE>YTf7ym<^Sq
zSZ=bw9(u)Xc6|*K8n=GU31VEb^VvGh`f6#ZMRtJR8jBm#+$7$8`tlrYeatUOq^icx
zFqAx2V&J4eE$}XV7lBv{Z)T7@ws}Z3Q^EtXlO3`2cj~@nWpA0TQ5X8cjjAr5K&yI|
zQnxXpyu1+;rzQDf3`6N`ki4J0a>zhtCO#uu7@f@TGROgB`W#cnwYefWPXI@A$zCIe
z2;adnFFJYIj6Aty()nrTutwS~|E0!mwOh%{#8R-z=#*wk2tEAn@Pu`=c;sNAJbpn8
zyjkIX31zGixXIUfHflJ}mwhY47+Hb<R|y=K!={tdq$~uq&rqnK)!2TOX><O0O&ffp
zt!4UyP4I;&58s#t1)KC#j(83@V>M?tn$|FXY9I{@c8XDd2*!)I744~Zb~OG4y!p^h
zoYW9466eZFNk&Vl&JFa>-S0J8@x~Nxv^V(BSL%Dr_?1z>=5E1u)-#6CYE)_xE=rVy
zRa@qtPpop+<b8S*w&$cVyLCa-Z}CY<3F31L>;p#nM?&`Yl@YW%DGLkQ8*}ybb1Ohq
zM+N}KUAhG19|gQEJLlQ3|D|xdyKMZXg>7jPNM3HcPm5D{maDj!BeC+@?IO<Cn#_+p
z8RR9ThuzaBUbhRCIY_&v^daUGGq^*n;!jww9j?wSHpUB+l@J5)I0S(JX=G<?#J;17
zy!3QuMy%H1c+d%fAfzZ1oArtNN4Pzfn_3T#+~08Qp0f7mO<0$$@=xI8{|D=#V9&@<
z2vE7>eC>>aT(RH&&K39zxFyft3Jg~l?tP#EvIAz&-h1aO9@YP0zK?;7XMWvmAA)!C
ztoW-3O&S#Rz7X%lXYaih&|H)DUyk0Ll?2L*wwE1u<>AK71VC`LKek!`2rvIIExmV%
z)nX*C%7@$R3*8B_j@hXGWk4D31X(#vTEMXG6H~lbs6Y(n>Wt+35W+0@0qIKCP4kF<
z8CF*yso4UG|Gx~${Ym<e$N}w5w^z%<7zhEGU5aa)BT%1I9QZGv0R<ZYTr%?Qo#y@T
zU!e#vT$2;Zoc~m_gaFA)w5Lda=6ENnV}=8!+2it6;o*0LA72<~;r}6={w#(btUS=N
zrz3=noQ^IS7`u4+&;JxRnWG8={bGPH&;W@*wu**^_1_%<0UWT_Z>rG+|7Gs(Q>X~I
z|32Xrf6?!vO8th~L+0Nwpr9wE)`)+4x&NII@LzP2z?}T--gW<_*MVos>h$XIzh9v&
z-mUFtm?qA@kNXjdTay>v|MwSZxJpG#AHrHp`}v<+c@sbnmM?M<JM9nc7QB2gCds>1
z9t!Z9co^tD-<>fXF;V?(w}Rp=cV|o`i(1V8j0qSzCXX|s*gs<my)&lm&k=}!A2bTj
z-Grq;O|pL{?9NIGthpoyzTQ2B0hnep@|}GTjs4G%O1$N&|J@Au5~Dkyb!4|cc+G~3
zWYox0PUPx9l9v0;;$hH)C_+zugoI=QLdU2U;q_LTwkG+9yPn-WY3@rr#ea821@3Aw
zJn`-!-A%}Sw-9|UULz0JwBQF80@sFF{NF-I-7Q4%oEA_C_-9w)-t8)(SVXyh3jvsN
z-Px9%^1p=;x?2bt{r}sLhUT04vRh>G|MR^FvV<F_y!E}7nvr*Zb(z2(SqSCzWi91c
z=(c6WwO(pR-I%VlYF>Z#^<n#9LmD6;7m>`&O#e~XKLQA#9B;D9hSK?RyS!0>-|%61
zGRVyD`aOZmXGRTd8|IA}OB&%!CyGcVBHj^Ih`xQ81{AP)8vbAO4XjQB(~kXke@zPN
z319$Tv{1rtq5oO}poJC(){^lQ-}*r^3I%MkhIxelQ+m;l%YD@;$Y@9OpKm^LgdS|;
z^X!X5&U<(-y76}3nIMA(9N)vFc^l$*4>_Ek7JIwuez-IS3d(*AX%3ldP=f@n)ilJq
zC^wr(=@{99lY|T=lQAA1p(k2KW@cgtnUs-h&*om?kkz5#q`I6$j(iUcq<>z+f6Lnj
z5dTZnOWGU$v|goTOtra9v$)9tXFBkoxw$($*vo*Bn};EIvSi>U>NI_%Q_OG<sQHS;
zWfz!#BC-9#nK$uXR`=U*`03qO{P%Q0Lgn>`P&09^;~}U*w?E`K<!b*#{Mf8!O1b(e
zlKyE}ZE|mrQ(jAAjqMI3J1lb;ie}>&{E79A!piwWvO7X1y{)Yd8d~Iu`j$0EBtG})
z;U(wlK0Qy{c|6Wsmsb+TZWEo}d-I7VR&O$=<CDggvM^rZzbEm?<4!IS;2!E)6(m^u
z*?*<Gf=v>WM~DSoX+3kcK7G*RJhjS$;TOCr%L?LkmGEO)f)~6&MW#G|^E+Ky{Ag&;
ze9Kq{{s<?m9nP(z9CoQo^oAs@%(up`=>6+ir1%NL{A0_zRYEJzQ}Xx*WGQgD`@=9W
zz%$o-Dh@>#&qur+@8jZU6{QNLCK<%ixX%c!Bvk@tXInWPR&N9@)Z6g73?<{!zv#@*
z()T_*_ysp!s99NqmjU=(8>I_RG1Y%nt*(j7o!)q*S$byM;dG(}3?KCB-qo$CQWKjM
z`~9Ha!R42?2pz?LC2+dCy^=-HE~5>?j-48D6+yMYz3hS*tQM(vTGok1BS|Dz=OF2R
z?WaD+sB#rfqLE5T+{IxDWLEO7^ongE9T)||K5Mc8hrZ}%kJ@8c7=-evt#Lt@LKL~y
zvWgJX;oW^1#)P)Eqsh=6(?REbJ4$b~hpp#L^lOFWt4y|_)tPczLMTS>KnSu~3ODi3
zH($W~<T{3j`$FVmy}LT@KgmsoCHQf7FPfl(wP{k1s-DU-S_V5>(~h?abe10dB2PkX
zRD51g^RcYl0U9VWq##alTnnI9&}(LRd-90cOZ&k}{e=?fJeYc-2WJX@hQXuv4wTst
z^y_l*Lo?M<9_P6TN-buo4;33&$J@k>2^i!G&Ani6mSLW?HAx*gPRu=#xXY~4Ql|-x
z#+C)bV^@JE71GN|WBOs@yV7tzHA|&fkD1aA?J8^y6aQG@y3Sg?z3w>5nYSf<h;SUb
znXM_k{;k2;>!1dnN+MU=<POwNHt9e7$}Y4$m+&W@7^#^$tS;d(e^`yStbBM1PJEp1
z3cBRb?cOog99y~Gx1qb;+252a-OOc<Puz!lbXJrUi(|@_MLpTS!~iAPq_>rjesLw}
zYU7LUlc+Xdz+8oNFG#5-4kk{GmSGgBhtT=cgVfXJijBoOPsrrLi+958UY%Ube6^kn
zC6t>{v}b+TCEn!FgMC(^p`oms0*qUG^G%HAzj*5f6%`a@(j{ZB!WRoZm87BDiHjun
zkcjpiWq@>aA89%btOO1pHe{dlCQ*5D{e9y=!79U^9mf6zr$!?qSdoIh&ySD7lr$4}
zW~$}Bz<zm(@=PwfwUI8}KrC%Qd{f(>^&Q@uhqqtz8^C`RftES8Sp_JSCORGO3bX#Y
zq?c$0!wOY0Edq7;X+)xj>NRpVLkoz8&^8Y)ikDCsK&ns0o-hCBqs}{6S%l<K^<XN5
zC{)008ej0)|20^kf}b96fk`<{2@k*$Xg+XP4^Yr7eV<tP4a}16pyk`mcmKqDP|%Hc
zP|BZ@X{s;#X*ONwzYzo2nv~F0(H{ZOjbLKJ|Ct9cAztgdyur*h%=W)=HqZiNazRae
zm@gm%WdS}Km~rj@&j7AoxHYX}qW<s2ykB|ce-y=D-p;WZu->^Z#_n_&D+Q$QHXDkC
zDdQ_~+44&SVfjfnxp_9_)G?|oWbrE|Q#eiLYp+{1Wo2Ld=1^xR=QoYiHVX6E-KUMW
z=+L~8-rhG9L@9kj+&bS?c_XM=Z108eNq`M6$2oA+l$If1Av6rwWmOTYGLHSa(A!+s
z?8~WN;apkq5WZoX+DpvH%#X$|`>PAsndBt_5@~4%xv8e@ua4b}UWmcNdKGQLuP2^q
z+`aG`zVSwIBH?s2YHm#WU!aFY4utrCaWYS@yuKraZT^T6GMKtxU}P^hF8CpX{{&l-
zu#on6?FAbF<QvWtxcf)D&rfI>_YqJsRQ(n(<jqeXcW(<~xlVoHXeYl&`GJJD_FiKM
zSMQb;IX~g1gIqNW%zLAC$Zm1bRS`FAnxr{*CRh*f%DJ5BtJ53plY*7xAuvA_%U#MH
zja2-fpZ&mU;G)*p&c@wL8K?g^A#0~`#yw`n6r&jL4ADClACQ}M(lB|yKal-7tc~1G
zuhmsmRm1ofEcK>qoc#<nY5ojmRceWC7zCW**yO@slON}6@sSdwrG1hgI?>MAO_#hu
z81Z?W=2+%bbE85+UwV7BDybK0lkr)y-&kQzi4KRJa$YIkG3TotL9WBYBxl9SN6y7~
zEKXf&IJ0?_%=@nx?Xw+>EyLFFTe*-Won|f~QOO<a*BxeFUlH7)n4}+WD|?w{+NR8u
zxUrdlIDt3;XoKcy1!0Y`1PJef=&sBhSyrc~Q)|D)DW6!KY%bS-le-%X^2J1fvz4yF
zU4_+WY*m>RK6m9eE9de+K07O#bfcTRYcxOGCP&cMQUHrGW2ITN)3yRv+?Z~A8X^ul
zmDif>-1i{A=YZF*Jd52F$0)6^Rlez<EXU6ZFRE#ZAc*x!j}&cMcYM(6cXDb6N*abM
z@70T=s{|NS>1@uUYhzD0msO~b%Fb_lMOB%9=~<d^&JT9juoRGRoOd^?-4+cCuIvN;
zsH!;SNKE3+5!3ab#)yl7vTUZ)7`!c93TPwcuviDFKlsMgVAJbyrdERB!mImRu4>x*
z(uoFarwim*?%}{`;o@=C<tnf4YF<T8Bpz8C?`5B#gpK-LparB637u=&zwf~%t#|~+
zR%>dMR?2Ermk;B+;2)my`+yra3@@CrViFna%J}V``&YW+ZVwX6-Z8H9)KnYY(UIAw
zv8rv8(MjqJnK~eP=NY-FBgFvl`Fgxz+PrY8RII=v8uS)D5rYADmgK08&cFwtE&(#s
zVR+UiG$kks!nVsi;kC1Z&ZWPOo$5Fpsjpl58UnK!<b;6OB|5COMen`?wCCK{ZSj3k
zxAAre3%(3DVZf?2$ZEzm3k4}?%<#EConFdDqa|k5=j)nr|7f4sl9PtFRd%8*6G?Ta
z4qQ)WWs6uO59+2@X-w+QBV}QJSNjllKcTqM5HN$d@R{M=u>W*X?fJZiey??inpo%a
z3Mo!$xb)~llKjJVB6nv%G$uaRU{DcAre7bF^p@OJdrx~W!3pW-dlzuau*g~E^)N<z
zX9WQ=g=9Pm9kT<EkvY)ieE4cU*QPUDY@!nknA;i;5gjBb$RU=QqYaZQffBr9PQ6oD
zwz<uzK3(gNW466;p9JMiMumN+K5VdEjj#d(n(<(C>Lnk0a(+ZJeEI#-@T6^KW@Wch
zNxrwj>6jspG0&2+q=|83pu8Eq7Ii=<u*AsV%k`MH+N`}B23CG{rgB-qJlN}JdQRwx
z#+}BeDj@mY?nvc&95)yTy^nw&rppgA+&iOF!dNra=2#A#>}nd;!2@DBPh8ubO}JEf
zd*H_&ZHJBPsl#x}Mt99Ccr~ro-{&-fI)wEtKs*s*>Kf!DxFX9QKX*nB)|3|xkXe|P
zj4L;umgLn*gR5}FVYy=4E$%&J*f_4bi7Z>)o<lOrn9kDy1dK>`0><WNk0e(|eKSAS
z1X6hg5?Ci+1TS{V<Yjz|2w~bPJIrXIZc;xybvl0BH&3B1+^d2a?F-i}@T_jbzM9NB
zihUKs!AUvmP5wwYgL}F{ZO8K?_NgM5FB2!*0l1fCkpsCxTo~YSW;9rW?3x(PC|cZo
zO_2pI>qVZlSqN5>VA^K$F+eu<lL$bHosj(<_OYGmuTHAB$XYHJjLCRjUW4Di!h9U8
zpKCTuUX$q0-Fm?(#<Jaa%Ef&>JTJ^#yUQq-?BrrDk!WwK(74G~j@BQsPnXBHY^u;X
zRWZ-)x^3SXF*A1MXEdOdKX%+#LTv^DQoDf;G^|grB4sw`f73=uK5oj7iDI~H&v08>
zS|m?yfZi+o9x%u!#)1k8=r$X}9cGouLV<&K$hjP-9C+_0_X*-Gev0QhTyBNx*`7wx
znax!GoYn?3J|OSkX2l`Hskcx$^^pT`(M~V+RyqDEYa27Ot@_F)P}R=2o*7xqJ`D{D
zdZmTR%>lOPc`aRF5Jy>Rr0M_Vap4D>!$TL@IGK-vj9ITrb>3iW@#)`T4DWZ)#AWFM
zr>sBIYlKLCmUyyXRChLSQtH)T=1P+2;)2=fxGLB*f*XQ|{N|qfJdw}_!7Prvk>SzP
zu226+bO(VLxgYhe9c=pJ0UcThZ244wor^f$^2y;4Kek!)g=!UdI%diF9ncdzVJ%9(
zMU}1MW}SZs2Jfm$9^J&!uOA7FQp{usz_<KE9)v$(%{}`f+QvROxS*yH4?nsWQo4J;
zF+bT-xj5*eErndc6lv2Z`MX>Ce@Fnhh@<OW*Lc-3lZm$n*KoO*NCdavA^Tbb-*}WO
zem5=x{IMeR))pR{CBLJD%4%<Hi!p7`yJC8uQ!AI{8K5CfvOgL=NzcNOg(pxp@tS|q
z7qaMV{iidJdj{d&uIsIu?{o}M;cI@9l++fbDRT3oVV8ObU_UY7OdSwCliU1@hRAOA
z!cy2ApuqP4lAp;Ph<0VGZMTyqpS_)91ezmdXJ#5kwNm94B$K%)OQhIj+RIe|GU~#N
zZ*qUIA5fM+PEM{FCL%6=<bce=%lqP&#bAsT=fwJ=G6Atukx;<{REBbYMf{Pb8(osX
z#gOD1J4V_+MCbOpp^+<c)ISCm^t;d#HaF*Gm&niByK>M~J*I#y^G$gBdz4c6p7&~a
zelVNkMf%ZMzQC=3d}H|cIn4M7CnjoRzg3O5OIt^U)fhfo=A+~w5v6j2^$vy@aB~cm
zW<er{bMWF`>fee^VxiQCO}kfjyad1y1Jh+QobU&<17_eGjK29SXX3AAJ2}QtCpx+4
zE0O!puainzmnu`0$blr7v`)`t!30SxSHJ;LDh_iF%Kb&4pua!~owUwMMNakh`%o>@
zP3aO#Z2mlbPyQDA$LfmfkUZ(z&|+-?Y3+r=cekC->OZqJ&U+^a;D}DzjQPbeT1n;3
zvUJ*Pe-Xacn^Q=bTVyl`3M>adYvP;bGUzzalwLN<Po}z5DQkLJWs-Eg`;<Rk*%{hI
zPeD*S5E@yVHH=G=gIV6>s_I-vqRYwNRg*qSN4fZi66J=K-%7yb!4e@Ua>`$@!FL%J
zm(eV~D(Fc2xbRhPlHTw@@wzHlTchfekG)hbpJ>%#RI1ptTx(}-^Qc`v(s86g*~VhS
zkEpnkq0ih?9ZW|ttcg4mWvQd6hNg1i`3^UqCr6Hl0wN_@HjGwV_XoGTz?UsBiS4zi
z)cyXyPWKS8*kkUhnP4ii-F#??9PE`UZ8a-(5M)jnX9lWFkaTmdeI#R8-;<rtrX<k;
zXQMdS5Xgw+lUgr;x(s01{CZhGP!_pL1VC;?fI7%z5ZdyNnsvA$K93}sW{j}0piPp<
z_e1N*1*f@P$bji$6Wu3^?=IJ8&#IOqg{CJR5}drjc*$B@_w2yJ_lDHk4BzvuLb{rr
z$5oq&#Ybb4#q#C4*tJ~x?(5#mIalgZYNI<T7E--7J;!J^JKUV|_35KpLaD3Isgv3>
z7t>>=)-CoaktbVE9e6fHzt#;$-PBB@w-*d_AIdh$R#o>6=}{>7s$Tq{JfiA!^4pN)
zlANG;>>Fp}b(m?c?8<U!vRNny-{(WhRyA~4o4vKk4zgIB9|%bQnn!6=4|^R`Y-&|H
zPl3)PH2DRQ4&yUHB-+Ydx0oN6Sucg{z#PIXz4!vXh#Z-N=YYQT^EXpmV(o=6bom%-
z1`U?>vuC6$P_xcmnAT_BbnR%g16|}ZMJ_)TO0<SefihyaLSIX(L$VNaqVM09`p3f|
z)f@ZvGg=h+j0?LQt7|efCnRg+=UNL6A6kK0$1`C_;^;vB!tLKc;a8LP++o*?%Yh`O
zA@bPBC3Pvg;c)3pr%{vmOb$lsBJ}_q2$~H>ckeREDLcBZ^<Gvb<CHK#x>R-aP7u#=
z>#5P{fL~s#w$~<P(6Pk<N&xd^!)>)~dKW&<ds9>akmc7noo}|sFS~&gS1bg$1$-{u
zErc>F)Va%Rhjm2Y`;OM1%9F)t4GGrem#ydH(d>fdE?ctV%h^$#VrwzevQuqHWcy0q
z1AU<}CRGZf%feTrPl8OU22=#m!>ZSoJvYh4I_6<=>b;kO7s-wqwQNcF##x=6HVsuB
zKk!2bx{6y}l1u8qE=WK9O<xiU!lmdBMa1W%BPLSy|B_#dkSoc}Q)FdYE?M(=$7w9v
zx^cjN6iDL66sW2HC|<CZrnuR4+|Xzuq$>6M^GI{2*&HshyQDI%3<Kh(QeJALw3Gl!
z#;HmR5t4#r!7)EY_0dO#f>Pq_nmQwrFC<O@zHc2r!{^2yy$gHZm&C|jKW{ZzmE(;|
z(#*CfE|#vz)HgKB)#^hwAJpTj<xRQJrVG$O^MZL)3H4)rDM2ga-y3glT4wmCwD**D
z5+OVdqLk>g0rx)ZIW$mpvwZ^^(y0{5V>5CRW3>{yW^>o|TGxoITdFh$N_=v(yw<iI
z4c+O=^R(BUls*ORD)20F_){Kj-z8pg%lTcwe$u5M8$FJ0s7a<}i*Qvaoj<|iQRM<B
zfaSS2O=H=J3n}lN9nKYLpz;(aEH}`3@5GHo=^aIWOsl0PotAPgBZ--EA<fIsZp6T(
z3@4VYqBW%)TF$hBVZ);ar7mudYxsJz4yEsXzZEhORr)B}RTpPaKO~-iV872Gu)+ou
zYc8A;Bqa^3ZWxYs#is|GQ3HpEIX%Le=EDG|qi#NvyPRGo)-_2n0(aW0W77xY=Qu{t
zpd&C(O5J!m9G5!b9Avm5+*`AS7@-}ip;g<rv<P1+)oGV+d56V89+qhXBsQ*TrrPiM
zd@TrM&5W0NkTT4@6-}d3*dng#>I(zZm8wE^!>Hb@`pu@{uY5oeQ0(=o)vKmjy!a6*
zPetNR-$IpVSA7fZK$suh9`W>zlHt!Bxwnx=4pA=q9TY6-gSj=9NvResS51lEsjWHq
ztEvqe(M+>#dltT#mTkZ7Wt}>&^-tHxQFaqv*LyjeSw7$lubZca8swrkg=%YV2-zLV
z$gUn(Gp-6r&d6w2p<PMF<93R8hK#?ZG?JA?u|NQQQjW*v5K2?=3p&1K+C>baRDEO4
zrE$CbqFypuDzO6Y4-v0L{A;`1T1-^*Edv9Cc&?|)^YpK@6H@hD=gRUNlv-&EAY7px
zSr;j+mi#G>A2+0*sb!Rvg}EG0jvPR<|ABev$V;d8cDu6@GgUT2xZ~|`a^FWPT(7?e
z(}#uY`~^0IC@&vLwnZ7vCm1D}Q=u8ScuCcX?XDoJXY1-jvYPzKlewF}D5xRZt<o<x
z+?>U_fd6G)_E<$mg7A5lE4Bg8ZOY{S6wccxBY#j>!aD5U6|H3Ee%%C19OPtWj4^it
z{k!GU&pV*wgaRB?;SHuO|4CSr8`yY%*^0luI#?VycH#SHZgggpJ)vI}XIfrBM(~Vs
zbnR4aZwj&uN-ozkY?%6_EJhdehhgL8M`gXeI$UoLCQ<dwuRZ(T=k0wY@RI0lQ!v+!
z?B4MhNDcsN(de+3_C4`~V8tf}xPQ_gU&#7_Q!2KJG&MCPVUTe9p~)J>-uo-R=}!_s
z*e<oG5e;t>vobS3i>ij{=l)IE@yfsW<;7ZWL=rRx=1+B(W>16thy)V1A@lnKFz;aI
zUE+x|@)!JHk`D-LUIL^S-AL@aXa5o}oInoi@Y5H{dwak87e($a^(1fi^VL5JZx2X^
z^@YIY{X=DdX4N}ltSB@rY=APq=0j>~s`bT@q0vYd`hK<XGbCJLjcQwe^0jv>x8-&;
z{W9|Fb+_z~4nBN(HC);I0q+GbEFr#hfAX7e2uqKe_<lrMjUK~dzGOt!b;H7~&52|S
zpc3FeM8TEDwTWRMY$tjBD1fjR7ZnSS2rdXSsrx_^4=L#f<n?-WeO4aO9y4oWLvk?x
z$~ae2X=L_tYVKxRbgcfg-0mUg1`v)Ryvne3ca^`uSuNyTT(K?}L-8+eq1(P9V0sf6
zoOe>@_XDNAZ&_GaBGjcZ|1BCnqWi0xN`Glns*}(ByQ@66Y`|Pav;(iP=s&^EIBez)
zo{K?f27tDaIWyLE66bJ_zq`&!+oNyo7SN#i$)6a1#14yF->95)XwvJmU!9U&^bHOF
z4B>h+KR9Z>-^8M^^t-eQSnKa@ii=;ZkqEpj>_3_9Ojl<04*{nOob*Jq1ajY;>5xxn
zOP#U?#0qapmdZLha+K~;B}mvmEeZTUX~1>W<StIA3x{WF4}t&Yb#%aI_UBRY#uK3o
za_mf*)k~<TsHAC2tv|(Z=DcXLx-v0~oG7VSe908!{;Rm>Io3nelJtXD_$fi)UTR9p
zI5da-!Ka0*vhpl=hxO6Q(3WK33-g$h@lueiddjyiLtPtw+4It$oW4X!A!1Dx&U5mS
z8Y+dTelyNcm)ytdlL<*H%etE1;Z)^e3(VlDHP4TlQYn9b+}5O@8}9+>OpdX2`qXv7
zUfR|xmBRe_Yd7^qm+M=Pg_i^``?kmB4>smXZNBf-!bnM|I*1hNzn#&G^2(p2Pc3zj
znr@47>J~iips^|^-TIS#=gmif&HS}k>By<n*V~%x6f<YJc@-2M82(g6R^VAFo|ESf
zYJ`dx0+kAg48ziU!EK|CUSG~vxJ=pnr>=8j^2;K!RzFp&CY~3~zmoi#y^~7qc#?^)
z5LPeXtAzgfEP~A{k0THzmkI6rY)<G`Q@IwJBpeNBmEm&BZC!^-3C{w7Gu7kB>zKV~
z%W)>**H=0(a>=tHn@7vZ8<8E73go%i^#Wy-KUY$RTA~ODjz`i=6Ha__44<+2`D0Ho
z0*s38C`{FjeTRxbbhY~78|PH4{UVCwV<|}f%-rS&V}#2;yR={I$p?zFvjIw=rB7K@
zYql+0{c>9OJQ~Z4NIt~Tm$~?7(zIMx(UN?zw7DF~Nb{UnaavpFc{68;5avy+Buf?l
zS3I1bCtr9fu3mi5>RTsPZA}uX_J1W3VuX_-Q=fH!#^|bm&sMG^8}dpcdwf9juvk4X
z1NE4zxKbFyS2cd3F92D79)~48G$7VA)VN?Vc@*=S`?AcC+urZZMTXR|l9?DAb5Ul>
z`dsdX+mNZ_hvi81iWs1%g2oJFC|HxzX>eV1@cqyRQdvf`^@r8xb^AT3a|fY7{L*E1
zFDo!lpp<tZ#PvGU@l%%~;`{cc2vMHPuq`FI4)&~A$TD3OnSBsv?26rXQfI642b2}*
zG8C)B*yG{;lE7KNNNTSP=gO!8H{0^^OcIM8QnotLaWPDFWM9-42s=bX3(RCa5qr^X
zGI^MxZ)wwZ8@CUo_$NJ>pakbBzqij9hD^Y{WfdAI^e8(kE5+;GRB9s$XJ-B926Rh2
zNft@YWqg0ML|LY3{i%=e{$NM{ldauQF>iY{<JpLL{QY7>GB!tMwsJ0^K2tM`z){04
zb{GDM!xsiqNo2b3+uN-A2IG!LmMYqK35~iAT#B~Rv0F#dFF8+oC@M3)Nan?gG9hZ8
zXq9h<;2jhgt|VvEG;#kbAqgCE7)$=FES>GVMJaKVjY*qLuX>x~G`P}q?;HT}V9?zL
zzWwoxN8Y|I052^mumwMT&U#2<kk)KmuO-<~>dk;pOUv+Uezd;$DMm^W>_|~6GaIkV
zE$o*kompct$AS4lm|#EGSW6x%hWKbbJqTZ8=H*)0KBWYK*w3V(05%0+{7h<DBRUL2
zgZ7a4-et7m7E+O@ulV7*Yy&=F%Ab;`#$Od*usblirnJ*q!BudRMC(ba9zROoR!%zE
zCl*Sp4s=fa?s9xEm*qFgLm6LkUho$M5WW7Dk(Y<jw`?V=p@9cbB0cGpJv}{))@#!7
z=e@BULQUTg4<iE^_V~ii*&HJyBW1_KF)a)F7tLt{p^C=4y1I&WDPPd<i%uU*93Lck
z37fONa9#>4E_V{IzuI_eCSw|g@g4lN?|w7Myl;Tmvb)}JB4RTN8yV}TQ!W?`96W|W
z>d%l#ek<5*IF|dW;O&U7$W^f+)y5f{Bhc(3{PoFa1)4ypS-Uys8~?52q<AjvD89yY
zpS9(p0^T_i33wqAh0XY+WEM;rc>8>$GEs!KvIeq0{&bDT-37_Zqbjsb$$CtcrL(wV
zQEAxp>Us51N6EtYTU8~iamPZzVP;NYM7guN+fsF{pC2Zj_q8I66;y+!`I!E^1W@3i
zaa)!#zeRo#h+l2RyZHg{p#TD9xB28NsDc(fPwsKakq9)AM#%u#_vC>;zq@nspP*5k
z-aiZ2_+#$?3qUyjgz)T(1n%*FgiJwjyn9cvShN1=liWX|x&1<5wit%_r_*@<2C5PB
z)2|Gqf1u)v1k@MW@n#u<e{S?iB-9g7kb5%wKTrY7{0O%0Bbt!&{|t<-Q_A#7rKbFU
z?m!4oC|buuM!Tb~0;w=Osr8KNDZbPYLvwA{DxKz!6zvspJJ{#7gui&v|8uF>CqEa;
zt(8o;BxrHjSKmhnfX??_h4ZicHVwc#Zv(Ay|A84O*l`k+12!i?ZK+*{iN-#I<udkb
z!#<tWsnGa$K?@5D!%B@eNPV2O&duD<#ghjaG~CCA(U_t0xe9*x)5@wYXq-&q(QG4N
z@<5XW$o?6_FHH9!cy6Rc2fr;F%{Lncq*c?z^>$THaeTRZ%_>_YQ*6>zGiz&OC+#r$
z(`uk6g(SO(iKP6V%?B5GB9+&OJ#FH1VEbA_$+yDGsLn^^;pKDZp%ctdVAt`YR<|<M
zlwdS?K0(#iQuwoL0^MA1R$K>d=Fm{}{nsd+)j~kj21Ox}622UgGEI^1FrD7)EdDK0
z0w#X+@@{aN35li}5W~x+a=FR1>=Ze)JOXiA9&<{WF*~F1dd9O?^Kw=`u@A0a@&XlQ
zyU@5kr9v3-X*$H-D=_=OD+HT(G<=m^K$rpW?yA+rrjJuw$b?TgO)S=iY`9JLfD-%T
z_|SOPXl9U0e0ZQ_LJF_R9&B1y{FN8Ia8Wki$na$rm#xbO05@cBD^8`K4#l%~n`BvA
zb4*t8vuYl@7aI-^iurIgEi(^sem3X|9o@hkz%@G9fB9&H43h&i=JTn;3o*NnzSQhf
zh%<fVH%988_lag+0x}fY#x?|o;oR&H<t4*%YYbP(Q`ngnMLTb$XsMaqE9n=KP9c(6
z?FnTbfzm}$28AS@xkeF*-@XKLmd#SWjA65)0Z$Z5F%vg`>fujfp~Oj9O!Lv;XGv=}
z{5jfL3Rz!fMpebo(jCE=iy*6cUr83d>~IsoZ_NBWxhPztq~i7^`O6vgAB*+=MGmFn
z;EiWS^%cQ-L44e+n`ZZD;6%u?Q7qjTRe^-(I<u)gEs{WetYVqb^t8MP8K@89BIAog
z$Pjb9M+8<R&Z+Bc#kY#OB{%B_rN+(+PRx1e&KiQu;+LJ>b&;U>X|NNb;gqNI?@i{;
zEk&5}C6J&t$&}doQgZuN4%vQnu^6)%HePKBQF5;^LpidE%yckBllJrl7{9d?<{mXL
z=q3I_B{7r*KW6%_uCPpIaFfMpX_}w%hAv5=Fga{R-#@4eL9Ne(=Ev8xQAGe>SUV-a
z4_2_HT5nk=k0PA900+rqjlh(XZgQCprJXO)!5c28$FlpGMA<jmwA^D6wr2H)dn^L4
z)n-@@oRX;Q=|f#<&PE+zp^;ZN=*OxS7HkZ;RXuNJd-6Db%m)!C%~@A(4k7`@d2kf$
z&_w7?S20{RzS}~+ok#<1@i7p|TDe2E9!FKbjANVxy-FR=p4EN0`MraDo>ZpJ_E4il
z9FC45Lzgj{ER$&=N6FRy6Eg%jM@lL4R!>b0qcYj>_bIV~9i+ykx8NkbT7;LxV!Kib
z^02G6B=Pi^!`MCcXYp=5<_R|bAb58|v^)6eMUg$_=6<wZUdXtPSxtTt=g)XN7IrjI
z{<GEv&M5p#X4KV&$|4><s_1pg<2<3S&(m?p;(iDPuvWu%WX-={T$t6z<4M}GhbsXO
zgvfKy`u;foyrVK%To;9V>aDZ;B2NE@oPo)d@eEqxqlvwllcgkh_DWld5k~L*F1L+6
z6AA+R@gvFbzKV^>;(9r546EVM8ah7w{l!1n!6r&{wDPiBDGF8pFLWrL+=at&xUAKZ
z1Ht^Ef|3HDZacp<%_jiwiJPbXSJnAeO?W~4)-6m+uQ>g1JzRKS^CuK7&vA9vgQm^J
zQ{%ZJ`6)3l<w8*O?~t=Z@sE_?oaO^XyU)^@4XuurCniZcl1$c}_pm_>?Pq+^hRu>X
z_j`@kMAU;QtNJr`y+9Y&L}~_{Z;={gxs#fe>c_g>8=GqbSHb-5!-=_b?P<&!)w@~Q
z7i~)IF8AmpWR=izGJw=59yn&T>TXVO`f`r8&Vwt(ljTMb1-5KP%4p)A6Q)lJFoXBb
zE-BnCxvFY%Vq!uB5fPCQJjoc32sSlMOXTyq=mxq+v0*ctMD#huXf2PjQ*azb8fs!V
z8XuZ6N(g-*AZ(zNH#?7TIUhlo^_9&Tynw=HM7?JL*<sHHC0G06)8BhM6Y<yGUNPn{
z{{`j$itdZHjt(Ek&ve!*X0w+H)Y1G5Z6NCFZ#40%Pw||(SBXwu$~vFc8ePj-AFarQ
zewd{U${oC*p)2{z4op9BqH?s+-`eIv+C4zPffasoX792dV%TyC>f(KYF}UN4++{_Y
zJLvXMO55PeI}XcD+h?9+hW4w{%d0-+0|~sMq2Rg2Ul)DB>K;Thxwg19;PfAN3=g>D
zgpY!x|M8*h08U8M35<G(4S5OQ-r<BVSYiLXC+`|8@7~t{E~5u2Ih1<>iuZi{bi+fV
zr#sN${6u+mAA!VaV65B#^&c|$jN<m|u;G7N+;9W89T-dh-*0(WfhK_i9@F`}kYvQf
ze1-T*VSv-{7<D^ecJ}m)#I^oKzreuwN!>GEIH{GJhI!6zjAWA&5jB=H(WqDOhJ}Td
z*zIa|c68A7cs=<yckgG=GU$U`4o7c+j<BjeTstL1eBb(O><`y|HF~T#uQ^2@pgogS
zSC6?6rOjsO3k=;OZE$9L=P%l4J#kP-;aV}dihm7~-Gbn$g-!G<>Enp^FxLqiez)tO
zDq$|YO#6B*yf+qCe|~LFx>0<BQ9WCPbBy=p*%#i=FT5!l+qBd%tZbR_AC<sgiZW}H
z4OYqJ4$sa?ZiCT7tF(zp(RWI9>MrfCt_zM?Tu-_DR1qR|^@q7Z)2==ah&6ISleNrV
zd<3afiA~hIvW<Hg7h}7c^`2tu<`vvOzX}k#xPb_VrPGj68`A4$dTqs1fsMzwer!1@
z^w~C1!=(KIX`wg(>wa_e{=hnl$Ax2iVvZcLu&3<w1^b3_d~P1xbDUcYxc;71RBYy=
zM%@?sLn~doLk9zJv&lZaQW>wejYc%zE2LVukW6hQcBKRU{Vm}BRT_*ADOO8zWhP}*
z(#lk(kif6x@t%%cb~runwNMF*&BkZCqPP-O5>zPV_K~ix^HXsg6f-WRUO%ZTHuWHS
zJb00=4|FLlt2C_DQ`4?;@0<wJ^G%M+AI+PnE7N#3Es+l{TjeCt$TkA)S9UJHjNiv)
z+OIQZ(AjM1u)&L*9J$EZMNo>>WJU))&yykV*s77y5VZI2&9sTS>N5r#Pf#xV&E|GS
zoPF&4+0Gr$P`J3ylW;s{GZSXO%~P=(<x@P;M|XVKOqkCtaqT3Xx7zAl$MZOBvq7PC
z@$iFTx=d7fx)I+gR*ut&@ga7}T$fp#p0<2CUR|A&%%rCsia9EPn2%(Cxei)%8BXt*
zE$@NAbP9bP@8ZZt&xruIL9{xh!YhQYM(az(fD=D0p-WvY3`fQcS;GjI4;#$dSNr5h
zJgpuTxg0y!T}B@$aV8&K<vvMknu68q5y~@<*vU0PHFZxloW3FH%u#oY)HFrYG9A!d
z?Yta0F=|RcDC4A#AG>7J$U&uNh5P|EdHGpijNZJcRhb~fV^P>5uA&pTkuF)tH4A*R
zE7nUfIjw7U6K9ufqhIp;$l0(ZNXQ%UVwjnw1rbAf{q{qE2BwIs#`r?Uc;Th#B0GIe
z8Tw_wynMxmrroX2p~AA+z=Fcl(3~Zi*`9G9Yg);8bu&|lbJ+%hlCvgrYIJ@@aJp35
zw!N$Et?Rx`7t6<{!#6fq>Z^idb%WOQRoqU6N(jcbIh_%u?_aWfN~GH?G}dd&GG$KK
zoC6$-fy|b}Zl8d&=8V3-7j5VJZpPhP+U!l<OZ)doEk0Ly5)79nj2j@(_GwPbVS93K
z@l5?FXYL~Glh=3ltqB_-pUCs1EKM-$dp$%?A~1|Pg(~qLj9|ke&|&Un>Z(}Qb(^S8
zTlir2dKVP%FqgOl0OSaB581I=KC{Hcsjk`?Bag9XO!T3x6QTbbQQwy<p@W4({ywCq
z)o%~GSBTFAbItN!l?HdV>Q}df1;^{H0?Z0({C}C1ibDA<gRtwPa;`i0b0$b#w)Atk
zgf-2J#)kT_GiXw4EscD4VtIw496Zk>qMb54!i;RyJ&Gw52+fRSV$M=iR+{!S{i&<D
z#8(uS7Or&P;kp4m5{9yv4)2gijq0)D;GVSWqm}QDcMcRkFL>QP<QA`Zb9(GHw@eYV
zRcasRoK3F>{#7JM^)mXxj)6nbrWn!r*5|x%LqF)mRU}^NRwengZEJjk9i=YAX0yw9
zsN3Y#aen^E=H>u!euJSc;)O-7Ay}ur56zr)iI$1W8gq+;^W0<S%%4%aVh2a7AexpN
z3fWht?2d0C?jp%S&!B}vFtBrsX3t6_;5wkEY*yy$Aw6gGqPr;-pqaCcimOz>Q2n%&
zKEQ?)2GBa9sNoY<>|RAJUbjyATuhAH$t*g0a*8Qb@Ae>xJkt>+ubvXN^|Wfo3^j!%
zzpA~M$mb3d^p6%DmD#SL+8y9JnKNNn{G>ak1d5noJZ#*!+xlab18kJljiQ?(7`5}o
zC&jIxOF`!$H0BQ@5W#J@FxneS{+l2m$}OIH+G&0rFKY123+f(k;UAs@K&pvrLBGwE
z1^gOQp}(V4E;Ft1BXcNEnT9=LQ^lk$Y-6IQY8WcAp=WVoT)-@+k8A{j?*g*A6|RP^
z|J4!e>KUqTpI8FeH!idVilC26%yCpHWDy_2x(Coi`02-a_Dodt!$CBs$pnE01I%-l
zb2NOpsIHaYW!$Ezy$l?c68G2g@B$_;wzn>uW`1e{u*%ZZF(7VcR-3y>TXFVFh|y^-
z&UCV+?ZwaTG~>9uvD+`}_P~j3l=a!v_+ynVY)xq}KWDT2RB*bLU$K))MokoEO?8J)
z*cbO<WB=x~0#dxm2{&%bX2WAQc|n4%TTS1DZdJ?X2<n$B7c|F0dFqZvS7YLk14w*$
z<>BtI;pnKM8eRi3XyqzA`mBFm08KW7eqD*N>I6rY&yaIfFlRFNW*^=1;%tokw25Bj
zxhnR^Yt;!9L!iZ}evJViTzzxPK*Y#c2MfEi3*{6xW{QTA=IQ~QrJAS4^%p4ecof{s
zQshp1Szm(~ViyJk1Mq4HqhP2n=!(w2w#7yT>)g;<^3^I13!YV$wp*ZanS6HJATC*T
zO(hpcI7%PtLY>-D`&MO8UR<oDiC1F#;z0V1x!eZoZe*(25SQ96qx#vekmS~YTn(k_
zDw|j<0dnn5z71{%-7C>s0yv%4@7qOZ=BDXNtt%C`r@+~gkrG5v2y^GjN3d_!Z#C6<
z24SmyFY%^p+ZsCydmC7q`T7_Y*70t4z0*lNOLb)_)=?;*{g$r-EOMUXNbSb0t+svk
zrR$VuywcoRmRj_VQ3wPvxvs>hK5TCC;`1B~NUd%S44j;BHpp(V;8`ptZeV6$kYEUe
zQ=Ws<)8YUII*!~0DtH)8#^1%CJJ3JAwQRks-T^rN@V-SInF^gYB%oJlQcX=woHdaH
zc%P+}(uFTs3isgl8(yt^KRplZo@hV7kL}P(xP%Ifa`QvQGdX7z56E*p0!^-8ogXq9
z^b=+(>!<58N|^ZuBIC01k_h@GyrK)7VVdZCtF{!o7%u{JfW_guJ{k%qalYzb_Varl
z#b%|q#PkB+gZK3dl*8uH7>XoFSJDOv*$YQ#Zh+@Kl7W^vU5}2A7Q6a+cSzi`C(WLY
zE-@WGI>`naJzBRI#-8q%=D_i5fTH#*?=W1Q!Foi2F-)ISB_q?;^cOxYNw-y!JF2T`
zTA~6|@X4MEnqcfBrKIn?F-{*aprD8vMfl&#%TrH!rv<!M`^Ro2qyrH3_@&7Bzx<f{
zJ5rQIYjzR)ubF}7|7kbM+aLw)Q@3d6w|5SQJn<jkI|y7tKsB)Ozvq&LKs||%ZwUHN
zArrAbz;mS>zq)#;0E2qO1Mq0)aL@mLyx0*!Y18uZvh`X&k&&Sxoee2a*_b9C`JuA1
zGR-~+0N)RPAH{jmoshhmScPcgfK+Vu>m$W{O$j(SxHKk>3Uha$!I0tZY;9;rh)xvp
zAMN-3kLe!?Ozk@g^Hl-#d}?>MxL9Eu4KfzJ=Soks5DYRt<1XL-vSo)?wZVgD#HpmS
z0;&2{HMzyEkB9t*N-A>?R3^%e`J!o+FKw?zR|>UJsN!Xi|AYhlsP~*%QABa^K5T-*
zxKa@+NAPH@QR>Nwt<jtcZ}b7Y0Rh`~#BL-fx!9U{SGD{*^^e<#14*TG4ESnl>zT~s
z`%{wm#%96re<%I%1HgjxHK)h1#r~zk2;uAE_HqBR{dcUI5FCI0uk5S@h-s{tieNH$
zGMIAAMZ_W)8(xw&`|yi;7*EVFN?{r2>dX1|qo1`qGPSMF|0T6vOIm?@s}Msm;t5A|
z<pXuOJscF&NLw_CbcU)}oi+}L03>Yxa`+rBEJY)i{%uAUBiLgp`DbpCcxh@`TUhw5
z^fQr@>KnO}+)SA)zUB6B6p;U?wW|z^YK_){C<BNR3Ld%<K|$#TkrD~%PNih%kd7lA
z14>8@-O>X{%_uG1Al*42%?x=rf_m<c`|tA1!yonx^L_i<>s{+z?^;X6qs3ux!Ex~k
zZXh|j;|=%n!2ZTaW_;z7QCjbVe||SVdJj}Q;J~}@F#0y{qCPx)n!7PWA8m!5|DY=0
zD1Z!CWM|Z^Sjl#&vl{lMN90EW!N*_8E33$e#D~s=lb_~_SWL-cDv;^Tr#UjTOG`u}
z&xl|3Tv1!jB(!E3ZVdF!JEgf~RY@%yXX-o0jAr-1oBf@XT;<;unJzi6gR>{W!_h;;
zYQNmo1qV6?{e<{86E|I0gJDjCBp)3XPdE8P=n8q9u2&dL$Z$sA5Wn;ld8LgC@=qRV
z*X4`tef*wI%jsP>W}_}O-Lkrtzz8n*L-f3orm4Y7c^aq~1i46X1@jC{5idfuV;Pwf
z{r#lFGG#092N~?uVp3Ak1v_ok^~zx{J)hkZ)VA;%2C3{?`sFUicS)9kxC;U~$G<a6
zby!-v`^8p2m$RR>*QUr=Rp2DoEt<cscE7cYCCem-Jot-e;?hTf7dZmp(u_ih&TsCH
zv(u}N8FG#xToO#_lXzz{Yvi<@2T6~W#|<?<#v{}>cv*>M$nldKWUpe%AT~@ge*&!t
z9XHmd)(*s(Dphq^=Zds35L!)Fgg%t~;@q=J(N5Cv23`&&OE~CDd{VyHTS~q3EP>ky
zW5e1;MS3@rP)47NR*K4CO_#~vNw}fNIq6<QRoc>rpGgsUd*ue-JqJ|FA}p8RpsD=1
zcSbbirQXzxOBp!P{kBF8(PECcA{dF%b;{n`KCDfAN!Cg4+J%o8o|RF}Dhejg|Mf*A
zasT=v<mt@{lxGXF3TdU69*H>{)T$!5qoUsQVZg`Ghbs$Xd8z|nP2xp(2rJbZ#s*<2
zQ$lukx)P|?Ga^?Kkv|qD4k(0=hw=B!&t%q5OwY6{ray-jFd@dwHz<{_3@QyB=pw_$
zZVs!g9K&qB@Et07sbt-r2CK6@&Ss+Rez!TAttH#Pq6Pq^8EPQ=70E-#&b)w!=r5*n
z6>dl)sX@_oxPyKukI;_eve+p5c<FQS0FYLy=dr84;+0ZqA3Y=tWsWwxAED)$%+};l
zA^sk$@|HTfBa5W(i)c*mt@7%3W0gDRc@Bd0PkCBhye`jQOK!L};_ume@zoA!4qz7d
z2{}DFDl?ERzx$(eX~~pKz%jSS1CVrN7&QiHEzKKrqX0QC3oC2Kj;jY7t_yNhTvk>#
zIxf!4qP&M`Cx1{!B-_Ai-_M3{h&b|{QPVv{S|9W6?>&@AoW#jeLgax<t48#1(728X
zhYg^2mo0iz#g)HzcPm`SgXY`@Fc{F&-X$lOTYD;*!-?uC_&+c>+f2?jlPFjF{4QmE
zb&xVLtRych-7KfLO4QAb=+PwxuCQQ+RL;AoZS6<fd2cKLk3OOVE$fq#7$*|1UI%2I
zIE-jF;HZ+HHwe7ci7S5`yB#-Hn#|n)WvRvZh(Ogdc+w9DXNh~{giaXm1+;5HnO!U_
zb1j*1osK0&><4dM8DKAB&}uq9qF(Y+`+W5qae;~9w{HB!XqvJMfK~VYrt_DV*-8We
zcDhXoFwwtXbfEyizTPLT`@L7d)&I{QwztL(-hx~+`J4B`AOJn`)hG4<GLLxR4kbXu
z{->7A=lL~SJzdaWge6!67_#)bfBXJZN$)e$$o&U`fuWWPsUu5UlKi|}e@MG)SPcnc
zfT}~U#xdB~*cjx;{<#*n`#;GzLo6T<Wj^!Om%zh!R)U3qgL!MCYPz4)z(YJaIe95Q
z@^|U90A^`vsbd%SNbfxj-88w?c!{vB{aezS7#P9VLhH$`zxdA0&x`-=6K_Rq{`PG~
zxmnLa!c1d2{<xlR7|l%LH3(81iC%h7ak(rg7HX<5v5yucqB!;6eh9hry#=(BJ3ICQ
zjw=KeFxV$QxtA|9SyZx>tgVYIs2Kk45+J|<){HehT&TmCR^_&D`9em9V}Gl`A5T?F
zOV<5xGb<^HV!%V@w-)B&2!O)Giv1lSRKhQS9B-^KM2`wk++3((Zc_=FPhkS?hUhN_
z&UL8|YU2^rPxN!AyO9xw7J8(av$}gRcI?lYi4-fw0a9^)+=`J1{1;l!0(GXc{ATNi
z8FZ|lTQMy&tA23i-sW^i-MiqBoT{G0bWB!~@h0HyY!1&C)D7P;aCPUaw_J7Fn>o8(
zrMA6jVsS#Lntr;YTpcz?H73V!f0FR92WqkTVaZ*Jr^~^G)qmW<%py4_eDmn1MR)?V
zhrvq-1F^~G1&z%vjw_b5UQWdZycs9PiNL-V9n1Kcf~_FRcZfH~lMHUA?2+&p5v7y;
zFX~(yE5m501=(jGu@w4iPJ_!e6RF>X1QIv`)~Jq?P<az4mdARSYRI20<qPjrou)z^
z&!MK4f+!GU4jX<r&B(D)@5z)<4F55eo9nWO%RPB~)d9QcN_DQ><%BiGzCsh_Agl}o
z?40yoz;+yobq_W(x!SaAj^&8+(X@jp>R>vXL*DC4h(Jf^if_B~k;AMe*#MeExG~+;
zfO2SJ;Z?<mIBYu>j<ukd9@2f=Vqbr`l{n8D@wk6hGHqD_HAy-r2Q-&ed~G0jpt2Ss
zxkGw?^Eid8W23~~Yx9X)(d<(v%iTlW0Ye<DBMRRYLJtp<kpNGvrY2??`j@L&6;R5z
zoR0wa2|W($a0Xm50nAwaZ1Tme&$RXt?_S&Vou}E=BC`5d6Ihasn_#wXR)=GN&uIM;
z=U+LtXs@vQl2wDl1sPfL?k@eKW+Q|w>9SkX$EJ9TZy+mF>xMB)2X&PL!tD%ayw30_
zS%(_;LQQl^RfyEj2bo#5@QgZD>XFy5ZR^~O!*h#US&<S<4Dh>m_nF=nc+GGbc+SpF
z+mbniuAd|FlPXV&e{lUfKKtnfYYN!|@6{)QJqBS+(-J>U7Nr+b%4ayY*@=bH*72_Q
zi+{cC+Y!e;ptY?lTpm8ar&v<S@r8Wc%5pgn<^f}yi7qkG_22<-K1C52`tn#;GZ?>v
ztudO#2&NRnaBP$|zni*du0v#D*`M{Dl?D-jr|02ihC%6SRezjqR*qv7UuYp(?>a}7
z@WzR_5A@p9Aocx&uJ;@%ib?W`><IS#c!mf)*CE$WWQnVc&DNzwJvqY88_S~6;`#SS
zMql-?r1B%C?kEhzJ~4+FBVN2ut)U!KfQq~7*}S?DXsb8(nA`ns798H;befd*vDGFs
zs<Am-2~`l_u6NwrvrHb?%6BqejEHtNlMU}TM(cfSN#kbBL=tWe4l_RaA>(4NsfE(?
zXgwSfh$*wYF#%0<?p1iRr{Uf>JT^F<m!Fw+-QIj)k$$f&=*%9ZbAKq{JhP-yJIb^*
z>KT8AC~fNmCfRDgaDr;jr1^X@|3?zU;e$uLfqm6OV_xdd>Wf4)YZ$_fu_qK<P8`z5
z&WRq_$sfu&__uk+Xjoa|91oB#z$=GdS;ZADL}g?}8JF)a^g+Z?%4uNw1M$>A5MQ!_
z+ZlR!)yDfcF-}sX)k05-tcBI3Cn<>H8?%%J5R0fuL@2M67W$EdQez#AC6MJURWh5$
zzioP0ZCibDha&DwG}tS!Pzr9~8U!Du0B)*A%vI#^&u;Z|eG&iN;6&+aX@Whk5b_{(
zp{fxQmHnh!hjaJoX_0NISDE9yo~iHDixz5T0}_$$OM4<jf8=5TyEKc5IF655q;A%o
z^bUasshYi*{?XN$qS8vSI|-7?hB}2S1d$seb=wu<#U0KnqSnwyeYi~ZS>1^K_8KdG
zA*N?ZKMUQYNP<07s82!R1?DmR`gZF5Op6i{al={~QbXnanI#F*UsMKlID-d!pF)I)
z0%Hn7EEZ83ivogz7XLaA#+?#xeE(kWZ@ISk57d%R<7e%Zf+-33#F~9_`kaU5<;a;|
z9i6DdyqUcoomJJ=BKIabRBL^)Mv|K3UKqpeM`i5s<UDN|&yS9x=X2+U)ocYNtIzFf
z85-0ux=)1;oQ`BYYddYm#oW?W(e_6g`ILu(YbTq+M;-HWLfLn1y(iB#X&J{^ye&R<
z3Vem<y4lhWiBwP2Afmkn5TRadV>`urIZ<|Z$87}or#xsm1l?-+Zu-&?-RCg8CcNE5
zyth_R>=q<K;_eYK@Q#2{Q|Hb^pWmWo<eKcS<gcpH58Zxjs(ZUt0+w8fpdL*AGyOx5
zVLOrAMI-<t(#LrY(h0UUm}FZ^Oj*SBE~Di1wKi>)a#uapT3<j1npRptHT+3JYo9!;
z3$mw|x)a$H>-D~|@ih{#?EX89CQOs;@YgbQQH^?4#cB82NfXjz91%OsfdkLI^Jvux
zjom$F`L%2<8<N#(BUGkLL>ZSWaV?25>?}3ocTcP%4jXQTn|$YY7_{H7-~}a{Z#^+?
zjCida-^OmemTx{Zc(2VGwrv`vw-<NLBwJ_3+(z$QRGliM{qRxbCoLpYhoy+zDa7YK
zt!{1@6JAu+?%q>$O{tDZ<ZavV%`;~t#*u^XW(QQyUFhgbZj9G7Eil`jovPgB)*(e6
z>@7B0jHU_e!-o$-&r{TqcG?`g|0=E-s!z)~G3NA+Ug*;_R!Z|;Cktk-vleb}yWFpe
zo4{i&2h#3ms12AjPM?2_15Z*gmhUE!w%UHh&fLvDHd(HrkY&Z24rfpzrneK!)+gl;
zm^lM?l5+CW@<J+Gf}*6M?9F)6P4WjZ-GRc=(J;N)vhpg+;@Tvh<im~8*~FSMnzW3l
zVa4H2+M)5?Wxla@tYFfY-U#b__a+71<2B>kv?0;2R2Xab9!tq+oE@9>uNbIoYv(7Y
zJo224>_<i)a+uEhG*9UrM$Hd-zY7v(d|#lc1Yh}-yi8~&T{Nzt*2H>q>oz9gb1~MV
z=%{+bP~n!Lw|)?B@r;U!A@#Ve#yEa&2$-UMy!1U!*NYDUa-{rECu#KzEQZ$Gsy+N_
z_~`SLI^TvY$%j$hEvnHl&g$-(KL~NPW@N+EqQN8ljQh;atBag-g5Jxwq?Blq>oQpL
z(^Q)!SwE`Lh3D<E?XOC;p24Jry0gZCX8YJAGRcZc-R*LleI*NoT+X`>wGXOZ?VJeH
z8*~AgwI{`L+SLztw!(EODd)NR4Av+FY4f3|e?hdn6!Lu|{JX@fig;&w@a^4g;gtSv
zvk3PI-D>UIX~Uv|^7xZ(U*^int(F?~7ln4vWf^*rfTpt2t2bP2b}S?#*kuTBlY<x1
zWG%>4yyCoH4(Jvu4XW5Zt5E|2+O?-{Zo2PVv$`NV0uIB06z$Z9ct2y7*cxJ*MT|4;
zHrOA3&xmAN)&fz@_L*sbDMDh^%XCH}R0%*jm~30apS9@gpV1!Ne_4zJ2N=b%QWNab
zPvv8pcX!yqFQGy|gvdi-a)I?Jr8&aIlV);s6gfi13&{<1Jv-_abgx~%bO~!H;jXTM
z*CAcPkg&T;-yC+mJp3Oz&QqIbS;;bh4xV8ZSj-#bOx)?H;Y|rZ$K%>pU0bZi4_+(;
zkTB=F^U1xHqNl=RRP_c&CL}V(Q;GAHx~_M_2mGlWNc7}S&%hDqY?431YpFA*-vp!O
zOG{y2qZV(k+K=Te=W4${%T${Fq_N7}YM{D4lPC&M(zK!?ML(1asXh`J-*c80;pu!t
z;0T_xui8(Xdz>T33#0d#ABtT|5AURNQwPmPr5AbOiKdsfhbYuP$}riOyYA`6wGDj|
zVkyno?)igVGQohwUsmrF>GAq=64U*J$8JU#$O#3VmNU)z+ifX3Zg7%TA^VZ-Ifz;c
ziYyvh-AWJF!B%#*5_MIW+H`sS%G_DMll*gHm0}IgXbbWaJ{5fc$zvKEtcF-I4-cVj
zR@KCL)b_lBK4X7xuh>A2;^C^ag99f%rNE$>NOuW%oJYWZA!t#CTGTPVdA2j26a3?O
z_5+5m1*X4*5o!yHokax&89;aK2guAVOQPb<N$#Ivhv^@-?1`r?;sGB6EX%iVEe0R#
zRu}))OYpdQ6%>Qd&rZ3Fn?NCiyLIm7{b6=70DIZQZbf4#nR+RYpxcdUQ1_1-J_H3t
z(uf}0Y)Vo0EUde~?)}vbkAtzdz^@0U&ael@G=8isd-Pg+`)uTC;Cp}A@m%BP_XW?y
z+uA=vuLaU0;@4P7uSP#{0l^v<M+rFtrg4PY>@0g8hs;nK*;NF(vX12j?vpaW4n6qW
zdPM9CAXvbQgZfav68F)#TUk*dDXG&7`t=sy8NwNN>}d(Nw-Pc{Rc#H{DGat3k(e~K
zCxb9it|F#b#w7uQN%s{(M=tE<DE4OKuHQ_#1dglNS0-Q9qAz~d_513H)lrw@Wv*el
zL9U5HQ2kkQJ0@C53ftE=FIu4fd8LP3gOCBlfD)0%r$$mWz0j7wF_#Z721vw)iSM$}
z$glA8l_Vg{%&#F1|I348*Z@h<sh76@sR>CB5fdwLM7O$^{*6BYQN>LR#Et1x@qg(u
z-fR*5{R(1YbTd^m>qsQlf3%&~d_i<R{2qjZTDE`sr2$>OXaT7xh&%f4e+Mojn78Gl
zYt#Gkhp+{{=?pstz`x7gLjQ+<Z@8cbGy}isUELfYLfnc2=mA7i<gXSSmwQ4N<}(d>
z6I^m|b)B!si<$Cb!3PLnn9j+L;8Avc0YrI4zuYX7q5tDQ5-T;Vwalaf0s=wau-V$5
z@Qk9zdy+KuA3lAOkqEez=5>m>9{TmgjX9R~t9=!V1eJ`|9v`Nt%x*|nEZ1xF&Ah{c
zok)6@7KVDASK&DxvZf5A-59yacBF~)1RP1nAvKM@-ZTjorkkF#HU=d!aNAkGrtPt}
z#rQIN;=m#)uNK(={mOnvKed(9OH8uLQxxfmuYs+_AnGx$bX228#WJ}&K#jHV5HE)M
zWCj~363<}A#C(8TDq~vODeCo&KC5$J8vp6IfpOcVjGEv8>wvqm7cqHKUvkJvM8Q^b
z`cMGf?1E7{*5CgODCEEWMF_VBr(|Wm<Q)w;)`ddk@&wQzacIKEIrX^sL}KCSBKO@*
zK)~eQ5-(!y&wo<@o5-&iVjyJxM{EO3{PdX#Jrj|_`*W*~_y8f1h!;jG`jR~mr%|d7
z<D<x_+hi+r&{*?GjBS|~XEf6_QUOA4AP!*JOsn4%8r_xu+AME0!44MYMn4|n<lplg
z<y5Z)OCIl56L?Iv;9S3=SPaDhm_}yo={CNxh<RfsO}}{7y0Jie#MN9t^)dr2>IoS$
zXzNRAE@Jd;33rq}k8-r!Cw*#Cnou#Hg*8@-7%0;;c=3K_U9LX7@=_y>6?Y9HaC)HT
zmU^Q1kYclD5zy&N7N5i>K|~~u+g4{42X^DR1Wm7>RvSjQx>9Ho7`EV1W!T*-gc;Q=
zSvauB<(UhRgg#iHLER;KcU98v3uU^1OsW)VhrI@R*PDy-xfw^C*58&VRAe%oJ5xX2
z|FK(4+Ij!&XVpjb3ivq%Y4#fTD^X|<?k<x-HBve+Tkk-tC~4y3{kV=>b<=XNxB2)5
zdLVeo+U=_cn!pL`>>?s<tkvq)7WlD}P&I<q&^{;+cRV-ok47dFn|Tm&m>?g<Rc~`@
z@Og?p@^B4zhiA^f%O2|}u(GEgs#i<tX(1>1WpN948zaz+;Z$WZ6vqOmnQ*<w<zO1&
zSK2>2YD;7SXYfL;eTXl2|CQWK#>c^2yvY|}r_BCOcSpc{&P0Xm-q3urtm<Z&LCjVE
zfcPis`N||+dx;8(FvKG37twM$x$YSLkDEXF7$G$^Qux&D_wzI(rxVF?v*#ZOKW*S{
z;4S|o!uMk(p7|w&2GsyFnYrw)Aa<8vrguYL&^*U$`x;&dM7pnSb~8$}H8*gDUC<^=
zx`jRX6Ni!JUgSR}&HT5&E&U=O=5BDVGrwIzv$&qPDr(Y<+lQY>w$G7)M7#z5alJaE
zU#T(c#O6!AGp4)Tdmqj5vGE-d+JDv(=iE!1`n<1tKJF0x@j!Qrie*mGz2Ql510QR|
zpsO=7hrq3w4Mx7U;>ozs@$C3IIjf5vT|cXCqL5!pWj)CgBVDkI_?Cr*;ctWFmf%BR
zmuy_5ae=?-2oS5lf&Npy;KUQ#dod7w#SA|*MK#pgp=9I9e9hDRZUrS$!#$nB7yNaa
zOyxn)4G%x5kY$<!9TXvu=nmL3B1A72M%N&jhM){glqweUdCP6+HqHII8W6)M_@G>*
z6{u}XKB=|35H@-qIf{nT|7I%RQ~MSSL$fNU!|+5~=>{`ULqmIz7+$P}Q(*eH#RT7;
zq}bLiTs5FCDn9S%dMHr-p!DJeZgW#pB!2u`C31!T1q8Q%=R0WiA>V&2_5luG@{R))
znt7N8g>;ZmxI{w`Eysh$0go%Ip?0LSB7p^oq~lg>_9eE^#^4hQL90pTUdjmI*<QYL
zRc>n}W!O1%Jr`B){XSkJYPI{P=uwDiCc{nSi4Vs06(A{%5hpFq>st&z3LzrCz8-2V
z64tVTb#R4-G`gVZH=Ze*XQ$^`ti;Bv@WjC0nRj6}sBvDQXWA!IajI?$h}B-t^Tz2p
z%QHal*}t6P{kYKbbm|b!Twf48S}N%yeW1y;yABxV3N@(|96v=xtk%nePpCLk!+I=7
zw-|RXrLU(7N@L&kCIl65qZH%cITM!sKn>i85#rrjj_V`EDGbUYr+X?FiTf4Y!=KpL
zmgU7Uq4yxs)jRF1Swq#GoRRX6nu(7}t~ON+Mqn7VbA;GpADA1lkeJM2QwI8yW@+Sl
zuFCDRjzvg1-=coNd_;r=`wx^JVPXus_GjLdMF*>Kfx%$Uv`KUNzqIsoZj50^3S9M@
z`wZV&vA4Ik_W-h3%4xoj?=O0;;9+SF0L@)w<zu8!C<q-2j$TTHf4v6A`oq-w<}!Uv
zh``>}oZrqaQlaLvrP;<!h>eZSz3J2P_ecQaPYoZnCPY*um*s`>yc>n2KpcQ#P)7Wp
zS0?+H??EW#Q!xR^DYGJrh`y`cpiY@Ft1EeUvXTMe=qEKw#&h`#AUqh7joiGva(;@0
z?)~myaAA2tft(uwo#^*?15$SVXnkOAjqpXi4v`-PcFX?~nTlY&<K6`REH7jRY5XEo
z*2?a6KzknXBvg3y6qs%MVa6ma2PEocV`CGizEPG2NLN_oWqIG4rYiQ_h9$*QJ9lH(
zDwvWY3z^5?Asgo%2fp-K5+@`itc0?|Q!fTb&Y#BWSVu7h=l|m*xWB)zd<K+O>c!2u
zzC-W4xg+S|Nd``vv0RY0fv$h|LdpZf<*+arzw&0<PNAv{5yzW?PCM>2@SU!>pE*{c
zyzthYlYF3j)V0n*xINpWJ3A+bHOC4OD5wIK&<w*WyHOkdtq2mYIrQD4GottrG&U|W
zl15Lit{5cj#fJA&4t=*xH`2hvVHT*dMR<G5u55S3_Uv}7-6UTL|K6TGm-53s)k*3F
zzqL!M2PQa!aJ})|DXa*7WXT;Y8ibNg(%Q0^4!rdbT{x%!SdNpElk!<XQOyfrIc?No
zLd{}7P>p@&c(CwqkIfd`Vaa&W7BD*w%R9g@t94gQU;F(kU7*38T~Oz={TRuvaE!E3
zG&S7J{e-;yWIT7wMWom&JUqOAdGU@nN@7v97=b+|MRM2IIxUxzz~K7+$93Fjh+4AM
m#{sn7v2y!X?T#_^nJ6p8qmBfe)!u8skF2D^^P*>le*XjJjuwFc

literal 0
HcmV?d00001

diff --git a/scripts/automation/Radius/images/log_example.png b/scripts/automation/Radius/images/log_example.png
new file mode 100644
index 0000000000000000000000000000000000000000..68698ca6835a90d6d52b11609ffbcf1bf8843ad6
GIT binary patch
literal 101376
zcmb@uWmH_t7A=e<5FkK;OR(VD!5u<ycL>(FTX2U!aCes=!QHKa;O_43ZVfc@NOJDI
z=bUeh@6UUTy?a+ztyM*>s$Erc%{4kmPDT_N5f2dx3JO_VOh^F=3RVaT3MT9o+;a|8
zP|^1DC$yb{=qISs;dgt_U-S$=iyKKxL(x2^UqL|!m_ohyCGvdZJ>O7JFQWaS;Gdsp
z&$rxnXeij{C-krK?=b(7gcbS@`=2yS*mF6QfTEzd`14ay-`3F3%Fe{vUdb{)_gQh;
zROz$*XK5)eeQQewT?1=9Lk4HdFTYfvc$~SOla_||y2Q?w7FKp#&b;q`OK?4>e`N#S
z6aN;mH|Kr-Sz3-*(Aw6Jn2q5B!-w~Lh{VLiJhlc#Tna)Wf2luz<9%;pZ~ui00B~}0
zVsK(+u(mY@FmiHo0zNPSn3(9FCFt#3tn782>8<QY|5WmydV~z^^leSQ*qd5g5&x=J
zSI^qPp7;IxUk&~D@6Z2f=xqAGmaOdl>eh1y0l!KBj0_(D|E>F3mFHJ3mz=4yp@o`|
zspYeIp4;GKV`b*~E&u;1`Cp5F)BOBDO%7(Zzia-j<lmagc80cs)|Ssr+VlNyWd2hA
zd*NS-Jb+(4|C=TLnE7|^vz_@6c>w<%Gd@J=6LdBxsE<(MLIO(8(1#$|K)1fQ6Bn~n
z=WH4$$0V8l9LPg)fFy=YdKjA_u*gKtjm<Em0)1^KOg!C;vB4RHhQRE<$;wMsZ!A{5
zFFoAu(}`av?#U3TMO)VvyI9TM?$6?9kuK##z9ql0|L#cw-<oHqGsBH^{c&nVY5Ros
z=HYyQIS`$a@2!n>DhFjL(0MCP^-=8R@SV4;=XuO!)5?R@&ZW;M;&KF--IJ8>h)JkX
zP~Gi<7OcC?C@|w-{=405hd`fD0<zQf5Ww+e^R?H!fRP-+i;qzMxN1MG`gL>&ItSMJ
z;Q4)pdiCGS;O*A{s*u4BegI*X)}#CDH0y*E_(t!)NqlYVpeR4MhWoTl==kJwO$-I|
z_lx$;SAl969)p+AZ=n8mInTb(dBb~n{q6r={^s-hle{PFyE4%-d2*Yd>4_6=vXILS
z@R1YvM0K~U^?_@s6~aE*YBREd^N&71o4_&R<2bSFE&sTe`w{Eigp}4(+T$scA&yW|
zl1kHQTx+g%D_`EpqjZMtQE>;#!x1~}WtH^<@57fGv?%<4R<_DX9LW;sdG<8w^<+IF
zFeEShj}Ak5@1#GsbvN<^@3EutG<Wgl0V4YpzI@l@rH(kQ`gpf++3h{#DtXeljK4Kj
zFxInmPDF8eY|STFHo-r-!g1ypkk<OcdRhtbZo95ky6(g?Bv(0J{A9fD5qSSGVDfgs
zdfXV8IMMTDOt1@v%X9NM*OCpNg7Omh=RkjKLleUjYQ152&^G3u6bTl;3P61dkZv8-
zW;9y9sY37oYfwx|e_DC06>OEyv~FJ6P07eyaR+O-wnj09&z>gT2rphf`M1QqN^(mm
zY*sC>yAj;?$`xlFzFc}5HY7F}4hXRR`viDSH@uJl86Iymm+kU<Jn|=bm5t?9t<<k#
zTw|I|&$isc8?TI@23RzfWA8>jaHY-ctzH|S4PaZ{U82VDbKG8_c!_yE9k<Gt%w-NA
zcx@*{B_PlIYx;g{BZ<6x<MEhs*$Pi$C*#U@?{t@E{iJ%=Dk(hrfIrk+N4z+CxWXqh
zHDVIvmG~q=M0e4Oql!iY#zzUe=>IH&bN=5M|0lr{@gf>-jQ`9t^T|Pr>M`_s4j-cx
z?>O@M=@6BL=)A!rD?*iT1DG?S#9?4HoY(K((w=Gi<S1EJ^VFVc=RD+uYaj;uk2isM
z75&-r8BZ&_PdvBHV1<`yTOM~~UJ!2Ao{@};qW~6=$G7Dh00CEZ*#H))zo+1eVZ<=<
z(?bXQ5Fhc`>FHy}%+?l?5o%O(=-QRbbjVxhr!o9@G(D|OmsK;jKahsX%G-#xcYP%P
zWqsmEvge6;^AhoC0~C>W|KR{~`9yKClYYCl;uUg}pgy&*ru4}(M)OkRQ?v1|_3~B%
zo%_YYrDX$^b<zf}P+6XM>}mZ>tLZWmSSz{p5$*xERrvU%E3)wx9+L}Pm$q`Mv2}M@
zrQr!nu*{So@^<H6V*>*N;Bh(MjQH8$2B86F?q6!;Ea!SytAE$|_Y30pv7m0y@+DlW
zIwb6yM)Lb}OWJz*SN~g!evgbilYy0n(jt+evf-n^5rPkIbqU-@&VTip8<Qzu`|s<`
zue7%%+H6{6gXJ`y;Xl@|UuzlqR{>wEf394_r;BJ`1uhracxh1nIgn7_UU~fMty*m$
zhx)eLVCky#?w`v76x`dpzb}^0={7q_D7Z1Zh0A=7S6@FedZTD*YEN8E;j#v!ugC^>
z<7#PX%TZE+?0&jxYmdzh(-2Z=UMf#1?vp)5U(xr6AN<wVNMRjIxG~zWy4|9c8!phD
zf{Hvo-w7{W+1~q9f>V0|X^Y8@%j8lYHJ@~z!~o0b&7Sxu2i~IKG^C3+BkA9rw<zOA
zqNRW>uR$uwICES9TrLjlu6{Gjtkc*$AmtP?N~^Fc+Ad3hu}(Q#7dJ!W543XpJGS43
zOQp0hnsnAF8j}!%2u&a4wBsM~n5ZM^x03Ft97*aIE7_?vk~_ouVqG!!(!>{tCd{(l
zO>;7zJOIl*G-Qv7`d+NyJKX{Cu216fBZl|tmvSAgr7q%LED0LvR$YROV)X4|Dv`Q*
z0gQ_apmV}TsNfgSZ)PoF%s&M3NtStS(BGl9x<#ZfX=vScyDDUhM-auIx4n}pn75^j
zvE8s7d#ukZyMT?`Uz#;p4^R$)yHjrx)h|?JXRL^3+Gk0T!7lnCb*&CzVQbvWS`x3^
zbv%k4xy!g7h?CE+OaDN)OwaBu7gLL#C9WO^$@5S6U~B{_>D+9|N1O0A1(;S{Gp0pY
zpbTyLQpBoMOUFGX94x-aqe`-rIAt)1XK<*fVs5N)NLsO>zaP10;A0L!n`f~L25{RR
z8rly3=*^v@?-K6WnmxQVv{rBw03lx1-sL@nLB_u3PO0#ePM`tYOJ(!M6T(MGOOZl)
z`#;oxQ`wMnmCfjRb!7nGz3{?|F6|F^xx>2CaTshfw2I`bfrdnp)zaZZ()|oL;FsX4
zd&rboC6U~Qpz`ySr+?$T))zzRrTHUO6;C@a!Sl@H4)fvV!&Cz5uC`Za57-ztsW6b_
zyHQt;1(I5tqPA>bGG3)#N$7Ws4Z+vmR+gW5jnOdD@Q>x|Tz0euHWKJ4h3h&}&PC*8
zbfdyWPKLWM33v<zzs*t|1pnN{BjEJejK;AQt+O9=k9H8-j$;{WA|&WhL8cscDCzG6
ztkUhFTF*Cnz}P56WH0EqV3i||Q-cbbphFf|#j*~f6v2^d@1I~OV~btMS$ph15S!KH
zCp$Xu<)&X2sq8B!SCM#$Q%(-WE@d|vC5!`*GVr-Jp(AP11|HXPM6|_6q$YlvRbCui
z2_{drL}xq6G|`0jJw_b{<f7sow~rrX7g!qI6*<w51qdILEL|Sw&y~cOIhcy>q(@Cp
zUZ+Nb*h9Ph?v9u24CLEPC**1y^BU;)Lt$~7R49Q8r#%7jP3)mPz<fy-tCC9Hxoh_u
z_AS1m=9*;?dmb+t{|b_u(@=g{z|oIjrK^Q(UA;v}rORsK^{7Ls^kS{k$dr=Cau~Q^
zcteMe@Jp+OO>64Kr+APt+|k-qKx)fsjUN)71vXgS{qXANO*NOggT?YnJ)kke@*Ic@
zhCora_&~kl*?FOI{pP{38VOF$la>wTIw+StijfQzmleFoPgMu_N@RBUF6(S7tEdxs
zTv&ryim=dCuhHu}EQC8iIeCTP6jm)DQS6m;J7=6WXt3x(5%OU~D%wM!T@i+qg4-ql
zrN}P%b&2(RZo?$nY&%B({+z`UmaIC&ov0ujH%wQ3l*6bXbfS#wnmq5c1a}FQ<GGZd
z-u(S`R52!7HZgWg^6LlDqrFiG?k$IJ(})hv4PXj*91BgTMMHz{D_diVz`sW)4F-g5
zxl&HFe}?7apL9ET^?Jd^vboMjlaW15ma*<Au@KSCp^=G^{Yb4~LY|UU_h%m*tGR^&
zC$O@6?(Nu*-Z-y$a}T`^cf;r-=QMN@16u!hhuJPX=8bbnJePvF)I}S>3Z+LAtqJPe
zHo}%toL~j(EnP0^26&p-BiB1omej!l1@mq&L?p({;<OW7Of&UE^Y}%aYe=WgJ1JTv
z^JK{7OZ+_MgE7gAK;z4o3s}R>)0XN6hvvx<c8l0cBj+cox8T_Ka|Iv_%3tTJuPSVT
zj!~IBqeVPP?szhVhA*R$QMMk|0*;z1MQh4o%%YVt_dc+Ba*6ii*?wwlm+D$E+`7AK
zl&qAXM&IgBk1a;dmGFqLn(PdqguY+B?05(^EW)66O&DyjXJVwgB7C*YOOSiYxF&)-
zEnS0&?>*o<wHx`pIq0Qq^lWrV&VKjQ@`tK<!ZNm=Gi$z`ZfIHbG&#&C8fwzzBx3jk
zYE?GyK5zP=A?8rK-N16r;k_&7F2Sb{D;u6<=(hv)MEyAlusQ(JGQ*7Y^VuRov!Wkk
z#qx%HB<4L}>)H1bO_T<)1JmgE)wNGo;*|@2;e&L?FVpW2&azLCO0ga6J@IC~eY=|U
z1uikqdR6&DqKZW3D~x$^$f?|{><2)L?uhe(Kca=9+*)yvO_|Cf3u@z{AM5No3Dc;N
zvulk6AEQssrUb7lgT`(nbK~%EA^u7WZs3<zl8`nr9`4T3Z9l{!?7E)YNMy>HHuV}n
z&J2x><L_<aqK9{DWd!k9m9|gjO*g{xg0~ab)<dY#RRb1PnbZF!G9^zz1aaL0-ZIW|
z>{DFpeA$H!NIs>byq5dY7{AFqbmkeDx#iE@C%B}h9EXqsw3%Y!YM$SfiOqxMF3^*P
z$eIqW$(o@N_ZhNsAbLe5=lH4T?9z*~-$zYJN($qOs=@<77s1&26t$}4n?l!kk=Vnr
z39W;yYnnR<HY`8SnMzWUisgDpWVG0tukr>`3Q|19G~<v3>}tC9Q0DaQ?RrU4DPRim
zw&D;jNWfcp_K}p3=v}gXQq6SC=aU#43#ZiXHPvxOP~}5pz3(z@A47fuzLf~It7wcy
z*&3R5=SJ>MVIy)Wz>Eu{q*gReA}&Wpiya%E;T(5qn1e-9Hd=Hss!M~G5LB<dZ;uaI
z@zv^^-7D;4Ewfr^N83mT;D9Wnr5}zmu9dv17WG;rWAiDhgq)&lzVlY*n3FQUkBJLC
zn%MLNaa7<G)0+hgcV^9E8AW*Y#j7~vM~6y=KZfwTXRI9Nt)^Fw&o=kiXxsDKbp)V;
zi+tQ9qAYeAn&)c2**}j<fXJ#mu8^5t<{@rR+bY%=I?=Mp$>Qs)!f|OHXd7@72Rb9G
z___%eH)lCA-AcrvkW_n`LPiN`V_IL1`>NDsjjD-bHqogqD0f|)iSP!^Hp)i);C;8R
zvk6CP$JoMtLrH7)nr{bUO%J{5l9J!0fgddX%ykeL`=x&cjV}5iS+zyyHLa}G)N*7H
zQ{*BDkF<ueP~52!kl8I#U56cpEW}tm)PU!P0pe8?t`v1W&*@JIe0y|Ufn)O&%Viw9
z1Q>P0oQu^i^DI3SZu(ZdSamitnOR;)1Q&vyE`&MUm8oFCQOP?@q-G&T&<m_}@OpdF
z^)^Bmp$@-bU0;7G+;pjITFW+`XDMMy*)Y)t2T-TKN!-^TZwqwME2dORU3WQ(iq@7P
z*XD_i8g&L|K_YN;WE9SzYLnlw^{~A?$<G;}%8a49_+Uvw!+e&^5L=(O8J@9306v#%
zDs$UP#)H>;K6n%2dW)hnVdD!@LyYd&d8XEIPE71%0>Ygy4llc9JW~;DPbX(|)zEsZ
zA2};l1;!^!Guyu`vTG-eqG(iWmQ6+|eGWi-qbZAtmo_-fEm8Rc7Ga}+15#~YkwqlS
zMtY3fABb%g#4E=2ddx#VgE}rONM(Bfi*1DN`tgTf38${DDT&Q+Lv@f&i$z}Z<kb27
z^J#Eli72L6HEJ36fx;#^texVdFXi>sr+`qm<r(xN5W@JuDD%a(IBUy;Uo7!0Tx+si
zOYW0~=vzwkc~i{9#RiCOJ-_I(KuXq)HO738KH$KRK%&1F!G#v<An!vZDXO!8+f7mz
zr)O6C>LG}!`PhRUe3QFm+_lzQ2nfySCgeYBxj3IhXpOSp_7!ro9dF4W<ptkH#pkc4
z;;hK@0tNOvw|*a=hKa!IlU3I3_Q%ljM;9lmMSbCjKcRoY4=Na1w?Lr#(ZS^pKqo)n
zWdop9IAa6*%ad)9b;<->_#_qZXbUiAmUC!GvL)USKQnaJgA8k$%6f%guO#L54r47>
zJ}LfIwpp~f#g!gn7`v<UBdQFHGF$Y<PyfY?T|eEp27b^PUV+g@3n#T`{Z*o{IGKA0
z?W+H6y)^~%PWEO4d^c6lxL8`mMo@^egvEVg4&$Lj4ZJL&i_9QVdYh2ct$7X@ZXr1&
zio+e9s1xEmn3+#XgwAK5jnYL#A$lh2LO;cMB>b9TXFvtwZ!uQMRO%C}xz=ngmVlFh
zu01^ECOl{3VtN(rA;{_4Lt{i(z$@f9>zb~>eN6rifRbGGkpE;qXdQS_W(tVH5%H`?
zbNW>FWK2`F`SO4qZNt)@0S>Lzbg02N)a3-7TW8AH-cwu}C36yJjyrPC6n?C$WXo}U
z#ZeB%yyntmoBL+6KLqZD9<ail3t}IvP`b)xZ*s(li*{HI=N>CLI`r$eMkS9zo}I<F
zc9=HYnxPf0oxv9JKkU*YE#k{o5Q%3{+1l9E**dEkL2Zb=gKMUe{nD2HI6$$o!)tB8
z3G4pX?(pETO#7|&r|K`HsRKjX>WGi=YrkG4K@)4qN*RJaW9YYzj<b2<>y$XD9Ikw`
z?iW?6t!AjiS;npHg%J7bH|{%qgTRv<*%0uGi0d2Ft3_<+jgs@=gu0*xU7lrOcbDB4
zO1mVjQa@Xyk27cB@18}TXH0QeTR(}N`NRvKUuamz{DsdbqvG)=T{(>j%$FrXA3->u
zo}5d4C6_mvj8zKZnEq&4ghPGWX6wO<{+H9nG4(m$vDy1O;XlD}+xDwA;`w(PVsL+R
ztvz>j)&}N7;Qv#3?<@33)mPfjI91sAq4GpN>t1J@b><*SIfT$0bX-w{fw7c{giEAq
zJV_<C2UIzVow&8&mLT%5&>z|Qs{hOU&On6XHK#yeuIkD?p2smd+!};Gvre>inNN17
zjw0vFEePSMXM0Ov?)~GE@D+lWwa~*S5BDh7o*fn@(`^3Q&|8iN*Vqpnk=i=e!tJJu
z+%orA{;H4mA1$?SKkD314J2eH$S}*&v&YBU7#zIY-<%4%@SkDsoSR5r-ZxO-Px7@t
zh>NYQR$zK`Z6x1veFn4xk*Qwum9`3g4}%St^(cNW7YufquP(N=BEru|KcKcQDf6#n
z>q26m0VmrJvkzSSDkHECvh%cYFN6O0I0)Z($0287YeUc;ZZF|4uic1jYxsX*RKQ*t
z5EA()@3Ddv1ecaJX)?~t-<U_yscO$w;SaCfYW9p$MJ<ye3*cQ7RI^3rP1Y~z^+<E*
zBb>w+elV0_h4W+!_2*AmaQ)bSgt>~YREJoEnk-Gi*0>3zMWspYp6@ejJi=5WT}_J+
zhxM@J&BORODEu(D{Io$W&pWupPwpp~Hseswl|sj|CXH88`-Z-Z4R?Y?tx`Jn>^ESo
zUNEbSU)AcR6SUZy2#3zSn?p!ry%GJ0KJ8%Y?b$xYNl+#k54Z)k&LQl8XezwhiOfN4
zU(KZ7L+tTZ5~s<~e{D9u_8abB7Km7e@IB}Y?af>QPM*j;&SC%;xQvmtS8E7)+>(bY
zqp`e9ZhEl2n-z9KSN*YYjw<~z{cB^aH7MkVfnmf+i=u_$CLElZu16pJG-n%(H$q3=
zy7^mO=Qn*7nB-j77BfB(*Sw4jpH(yrQE3cf+{D$6V!DNY>FUIgY)|QrQz0K;ZgMUh
zGUi;#o^x%JVc@{e4+*p~Uc!hOaNfeYBt$p>>86B3qWPN)j`r3ZuT%;RKVi&RvZRiR
zgGAub_({Xm+USNG{Ika*DJ+CUA0mZmV8cMbJM?`kXBXifxcGxP3FmZ!x2vcAu1?Zh
z%II%{Skf0yCFLA<Ini%Tfii}dHbm^}jqemDm3tbk&^NXw5}Mv&<&||43fC>xm#T2D
zIebcBSv-iQUuMr)x@S{W2nR*qq$mSwKG=S;=ga|>UeWa&8Db-8%2s*}Ptgh!QLFNp
zB?wV!b&TLsT6s>-TShF_#=8gDvoGgyfvawvKgOtsoOqR@7`^RgQ_oryY}{LtpV-HY
zJ35$LuidVJmoJS4&+TM0?Vq)UFuWBl<Ass+f@UUP38ycUX{2k3;`HE%Bp_eo!ZmJL
z8IkfC<mXHIa_G`n5!z*7j1`RZ$H!#;{#5gj#Oz)9OJ-0|JNM>V4xuY#ewW&Sx*K|A
zpeKP^*S;YMKPRNto1E$GSWJ-ztDv#QQMtrL6D$Fk;cV|7KpD$hSADAYH0j#gPD|br
zLYY+^HJ#b9pGqNU&KDn<5hJ8BC5fFzy0Z*mO;*wuyzge?m+fu5N;(JD%zc~M5H}x~
zI~diSQBkI_buU>$FH4t7U1vM2`awAZcUU3$prkR0Nvd*gmnHEK*trR~h^mZ(S3d9O
zXE#s^CEVDWtTa}_2IRep_tfiGjB!j^!6_JzS20c^E4+`UFw<ew`7sFX20OtY=c?+r
zAilipEHh=)%%2me)+l7hRtBUI_d6)S#+*MQ4BJsQOW#YQ)-xHQWi{i%S2lCA_$uX3
zF<Dy=T>LnBB(aM-qdng=Z(yB;QG9}K<Mw5)nT!N@up6^5tz0O{FX!?72NpKm1maX^
zWm*V>X+-rG<2eX@Bh%IRdC_F0t9Vm+x@e(^BIOi&7f0;<Ip8=u%99$tYj8GSC!24d
zwAic0@GdDXp--wY>)3o;G&%#VGO57Vq40d7Uj~uYxcwS$G!$YnskwjqHo`56$l*yU
zss4{Yvs@bHfHe?hIS1f*hx>4j4K5Gp&CI0`Z!Wx@lo2{&RU?VTv`~wR4RAFC>`lp`
z0+#ETLc@s8&dXUbTwIFlg&+I(TZ+SHD0o>5im2+m*%E24cpEEXkgkZgzwjGpDHo<<
zfF!pxNTP7!&0;DJhmuhgZxRudx+hxa$Kk&Bo>CfY#g4=IAoEHMbf9C_8qgLr+T4YG
zh!L+Yz%DBvfvfP;yO&8j$-W?wWjo4I50$7`kj}$AK^r+JUQ1PJ>f}`Gt1Ir3lz_}L
z$BQL;W+|A{l$ki!j2WmFEj&SF<7~b+r|PatyBm{^9rKRIm~mUF>Z{}eD+FlLH#qlf
z2I4RPRr&^}<8XB=vHsJTn!(?kRivKej<m*>g*L{*4J+X96<+6d%(e|#n#Y@4dj>(i
zPuuB05K^pn1liI-wN97ohB^4PO4$1WY7PK{Zg7Yg04sVvfM7|}NX<}WN3z%PE{UP3
zkoPt!G!$0tMknTq$qd5Bi`lV+PfTuTh~Yi)=XFXUFSqU0%vqN767ag}&fERw)GFBO
zij}r>=Y9RyyKiVQN=5E`b>f;q8EWB7#qVD{J#u2QZrWQE$P=`sCeiHEv!@<?!qNjF
z@sAIydgH>RW}`A|xL&5}R`XgdGi{}dyeY;Yy3eQzKS1p)=b_)fluB!(Jni!p252J$
zpW7BJO0}`O-&W)V{HZtCc};UL(*2%WGAqa$xLi3iDN*ms*%(tyb&;Fc=Q~uIC<&UK
z<&I21h&;zqDYBs3;~>pO$Ws+XZ`6m)x6-GMb29Y+*5%LR!aqz967()}s(n~xu@Z}L
z=A%)jTpa3MbvfttQqiw91Kn9rS10QUg_}%rZVG$jb7}eZx__!roI-$LT1%}jR|l@9
zR)@i|#S|%RIbJtq9{X`}&e#?NCgEchB2{m6U}SU^`#Snn^5QmH$GLiavW%dKGh=al
z&*=Cy5W9wA<Q4Pvw;jP)Lij&M28-zM!bRZ-YI}z5?(l!lSX$Q58hm_RVZ5&FGG=7Y
zy&*^bj689uX+o_W_1iVb;-rAmy$aRid4lr>-+a@kBqVNo!K4rh?vt0Wca4wQCnW_J
zNce|{b-o>9I7^2j_@ZVf($zn^hRnmabd&W%4ENIBn`Y--0trC28AVowSe1xFBpL-X
z@!SQJ{M7yxXbH>H197nlk}AP2vJvNSX0WrYEcdCoWr1r}bQB1Tc8ysX?nf)B2n|f_
zoc1wJ(`p(_i|7^C>j`M}Tvc)V<b<Irihe^=oe-z0NX}So{S8ofceGUFg&o}&R!ez9
z@53UpAzdth(Hx{MbYh$4hp-EFf>t)~veQ<vhH#|<YH;Yg9b6J{ZYl7=CY`@P!3OO&
zL!l%2LIpL+E;RF~MQxap43+0-v7+c=*a6e^r_GtXoKryfro%8BPamuQ;p<U@Itbfh
zy<?N=d$D~C9HRbUD){!EvrUS3-B|Q9AQ0ittIrDaQOp&9Y^mfx*0c#gL?GDI^cgdj
z1&b^)BccNq(cB^p^lUr`4jEV9>*@E(6ffG=^$i{wb8XU8P_`F#i-^Stmaco?-YWzh
zsR^neJviA*GVg>QXP?*d>=-z6G)Nv6*u+T9K5PXTHmD}>0Hf3jT(=4-{F{9nY;f@0
zqAX+8t>T%mhaUQmRTbQVlbdJ0+)thr#=nh?7V%4J0Jq1o2<It1eP(-6{55F<S21%$
zxRK7*19~p3ib9#!T1iG=9N1j9N9Odk^VX1V^$&MfuJOy?3Oc`?*(EQSz-|%Ie())I
zcS3qM2Cl>5%A-tIXq<1=1sY%ml=cC!6bOl%?v6_*ivltX994F<ic&;c09W$Xtak0>
z&c*>?6_%D|ZXJCFL|uf^9SrrHIySTo2g9Lm<h}m4R$-k~L1&tYb?knXxbao;eEqRD
zI-$|Kg_E}&>4$zKffSQDN^be$m9MtNwL4>5MO-h0M76?s8P98CEyO?HFuDaw5h)SA
zLdT~f@xNC=&MQ$%)KZIoz&zg;R5f;(dvuiTl?o^?*<1_UN9)I`sn^V|^JFFh>(1dD
z_NdH8s67o(%+O10fH%f&$yw7Pc@_xQQd)6P667l*u$V$<5<PW#jB={TF0N!oa59eg
z3GBpZ;WHS^dQ(UfI{2E!K+a^lkT~>Qss|@}xJqZ3ANawC941y3o}G8dC>w9eqpg#w
zCMy&B(z#q<^RBu_Zg*gE`?S(kq)t_V7Hxo#Kr5%mhr(D3@S}Cl4;pgq+U5e5F<|P*
zvLYH-Vyed{^7uR34dQP+R<89Iqqsni_T!n!BYTzqp=Py*VT$wCqXeVO_*0vmGt6Lm
zhlpt0UpPwV;n!T(Xq9<JbR$IGvAplkv8oZ_%a&YA19niQjlzD?p(8W=A%34fV=19f
z<y}<75Mc1hzk~T2gz2zawzl1Y;Xe;uOid@z|6=&qM4xHA?b%OE{{m&<=pTC*!`a_V
z!u|`Dy@SRPO3_E^`-{N)58cQu^IXsWQ~A^US1iM&yLWfV3|tX~>fCC$1M1G&);RUe
zjraS-6*2FyR0{>M+Yk3cYk{P<nXB~GGwV{3u)q8DJ+Q4O7!3o+?;O)|*PXX+aPs84
zO!&a{*iu4zRdnU>NFw==gfeeG?}U^9Zx~XzJ?Xxfy>W4a4FIh$Cq)!Exyzg>$MijO
zjZ5^yyvLfO4zx5$-5`D2U=?c6c^<48q`zsrSs$S759Au+snL}EJddrhBS%>#lgikf
zPBFl_vsW@qc@-nBTL;t~)79Ye8Ast=inaw+GAI5BqIVnKFPY$vT|qM&ol{P@_D8B@
zKr)Q8A5R}@x@2q!)?BC~z+LnB*--7>ap*R_d;fXKOG$fv;p13Q;AMBh>j#2E=Ay}G
zSN9@&veTm-DJiwgALz~V0j3CFsP1HRVWq0ZGYRN%VScGv<{|cUvm9`}iS>AHaGWC&
z1JuCB+xPYmHbysh?lmYAhFH9)=|Yo7&txdGkEkB&+|%e35!0Zf;$=KMFFfpJmdFX^
z8p>5HJO;>-Qy0~YbO%mLOMhv^p2SUyuAQ-Wxk{q<f}ZnpJwU+z|AleRB1Vbi_vyS*
z<L72EjM6dW0eU_snmbry-<MR}(VLNyUan)^7lzT#ywdY9@LM^ML_%DO+H{O=A>A)7
z?cPld&sIjA*ilJPm+@ijzUlscBA!}g<0xPpCa+hKliEiALjgSP>>hP@ylh^VBWlFx
z!4+mLl~llH`}05+pBnnppZADONXOw@ui~Mg>$TfSXMD>k+57alH&@ms{e(%p70?Fl
z6P#JDev}2%^c|?BfAHOPz!2IqzDxcazPnZUjqk$$gYWdpFx_O=vjXfp(`huS$E8Cv
z4JiiyiS4ow^N3D;j|{BEjyCv4TuPA!qu(wKH&Rn1s6lIwx{(!kDcUS1+|LD5hM^V&
zO9igeg!!X$70m2@TsO{PL`v-9OyJNn8Y*<oDXySp`kXQGIevQ1(+Q-?M8Z$f_--6H
z<H`ivv40n7<?1wfh$m~ZyQB~^!6Tbv8j<gOgivAw5kVQm3c#-rpw5`pSl_mDnBME$
z<;j%9J9Z%DY^gZdo^ko?TG2C(gFJn(u=ORUw4cznqB(Zl{G7}bw(lyDdPBYYMTD}}
z4#LpB!!=hGA8c0q$7&C)`Sm}DatotIKiyVx9Q?B8WA=XM(#1W?UL4y@JHG_>b^3h7
zz`~TGmg+mO$!zU|!pu<LaHE>Iix;PMjQIc|2`I6{)P)BbWzKGV6PgXLz|GHDo}ocB
z&`FiA)XJ5S=6bW}Mf=G9_LVMwnNj-E2oFUqfj#u=#jEj@n4dRi=iCny{3~1K@=Hk1
zT#U_ez2gEW!!oXZxCIC*f&IAT#r>bqtywZ}))SIDx`zN+{%kMMQm#`zj_k%)`ouly
z%Qp$|smV~s=Gl32J~;3^03z*N-?1$tt4M}<86t!CS(MfgGyh@K@eZ1y6BPT!rp}Cu
zRtHPm-3)b9wbJN4Y{QzWU$9V+?Zq!xm>WXpro!{~M+gJ0J<=ZD5T5cjdVl-(yCpt+
zl0%T$MJu7~r-OC+Q2U}&C(F*-1zx<7qRGo^N2P+PxS*0vqS0!FJkk_33Q#vXb>+f0
zHDV2X@_tFPe(RL-Q9g~xMjl>h<y%hacM3Ejxzx<#Q~ddpO*E-uGv>d*UqE)p^HE+(
zP8d$rbyzL$8=8mW-S<u0@(=}zG70#xj<i|)k+R0_!C8CklVdhMOt$J1*Tyt;v~fy@
zBEs$?HA{Kb*Hntug&F1WVk|Ld@9W6iv_H#fq%S%hFmJt7u1u1x=>jH4rx<ZzYmF0{
z>dsO8)Hqhm2KA>NQ+V$8Ev3@b7*!jK-uaX`Ssz}%Y<Vicr*`Y|4WgOV`nby1FOt(}
zRH~|Rd_&xSU~Ib**{oo+PKreGUhyG@ZNqj6!Wof4%C=#F$I2#aPgHB`z|PVb@@|LX
zM~@uWz*LV%78?ijpFPwF#+>nwOMA+?x$EgMn(yi{(euh;NS%R7M!L-z=87fNx|b%i
zn8^+&F}YdkIvR*<cz@awr)zQFYsSFOO9~kA+0Wms^r4~+sS%guEvN1G`0<CvJnV4&
z*(aSN8N57JgG|u-4QP264^o@ZMI>U5a-={hrBOZ;!6E&UB)#N{rbpRRYT#B(sS~HP
z#4)6j<ghDtEy(#`X75=LO1MSOLet~#<4og{Rd5$n62a|qIDsr{P@+rUoj4;3k>&k;
zcyp1`R9F3h*-+YQarzlnqS^Ms#NuVl(^zD^deky4rZrD%N50G<b<69}=r}~G-os1U
zI<0I?z0SFovVE;F-~rW7Cir<tW+MJDEa%t+BlXN=XVYN5#hn!8>)y|x;PIvzeE4cv
z=0@acUXeOx_Bb|Rn0pz3<=I{FjYgg0tt{WkU1(Fivtn9GZDUIrsHxU>(9;MV;|UYh
z-V$wbWbTG9?CvdhQ!}3?9W!?qSGPy4y(aYUqrqoX?;77hkIQB7-VwO^Q$L5RU54lV
zu<Ty;)oy(x#?eF6o6y<s@-WUd*Ym~0MLP|}mBS~!+J~E%5-6h4^^dy^gTE1B;>&vV
zpiIoJcV{n?UU32pBZFFjNi$3aevZd<RWk6yIY5d^>E%VMjt6HLJ43-7r6d_=@f^Wl
z<1<81?<NszWACs!#a(8=XtZ7s;S6ZJ&!r8fm~wF$04mb1p>5-^=B8ZmC6cSoXoab8
zmL4hRD>$^fgnp<^niMUaIIOi7i|?!T=SSCrhncbrHQ}HJ*7$bf0F_sbE;L{rrxc7b
zl`9L|m~KVuSPr<>@+czC+eWOER-zZC-I+omNzS*2C5l^R<{e=j2eZ7T9mpH_-q^0W
zT^H{^;x6^)MhU+GzG(`Lt;Fqe8%eL?K#T&+j_FU(L7eP1Jk`P?QGcIX+9=DhzV%|>
zjvdkSLfSJ%L)>i_;G(4ZYj`(saEb$pb^33;^>gY`ZAx0D`lU@GsuZY5EYJ5Fou7PU
z=vN{*;(<do<nKCM@((c1TbDHycd*%Jr|g1o6FxM~g{70{gV@L55;%<QH)W`@VvYqG
zm#u;=-yMLs<~NLX__qcyt>FXs;zr~WnU=LNaJp%Bj1u=eRY<GS-V2LX;SoYdzsZR;
zkW80YXwnfD|BSvgu+Tq<6ZsOMic|d3-ak><rlGYP9g}n^X05S`$h_BCWF2kZtfPNg
zeMNEC3PAwL@a;w|CSW?TS<j*giD&M8jg973Bv%t^&r$@&U)ay6w%)HSuqRQw#japw
zb;l?IOZM<nvU;HU%-6ZYdZz>L-+p)~@2ywG<Oaj^cX1=FA^^}6?OlnREmBVfV{9e6
zfFJPmF~r2$8$mx%?<Nhwc2&B(VvVhKacSfYnRJPv_Ik226ApHX_Nh)t{6XBEeDg`0
zFZA3&!Kdt)Iag8fTKn(pK|O!y!hkN}XM2b=e~~;C7}pJaB!s0VVe>!i?5B77HmH<{
zcLK}ghH77+nO@k6Vq*uMp8ZfOWRh28)u+D{aYz_vK!FLfdEFs|#;93e)Oh9=#3Gqm
zPNL367W>p40!zLnea!Jf7C#w?!d$xHp+dc80Q6r)0ypKG8#$N0k3h+*0U*4}iM=ZX
z_O}BZ$2O7$A^tx-ynpQ04Ppi{XU0;4Lpkgt4TT`24Nqrgat36<3H}dEwMjK^6_j#8
zr32U3SNRp(<Yg8qJomI<wzF9-4-y+x2OdwFOU~Geb|*$xv`pL5=H72K{xKbcIS62h
z2DPdPcJAY<fiBG7fsNk6uZj;zqTe(CJl1~H54znFytiBpM7v^;Z5xvOx<1M}H}I(+
z)<CsjiJhn*sNfkfR{Re!#zb;WOM*bOuUs|`K(N;q6>HzMk1;hzsH?@SEy+X_NjgNX
zGjnjlf^0+A-lVb9-ftgCXIg;6B<14=zsc1;gGQ9h4e@wvACuWQGgMaS1fMym@Wk^O
zG3#Z?Y=#~}q+4}~TC%~1-USqKzvWIs;idFw=}_}y-|#y5(jPA6wn*ZwCXl3sr=>cl
zpgj3yHmaE+jm`D5OyO%;c>7-LBb*=}8C|!0CW&iO23645m?aVeLv$Jt|A}s(-r^i5
zXy2$OkYJ{wN1(<|4UEp*w05mCH7R=cF;)4Rlr<?KYDl*ncDZ;(z0<S}0D1)x*c7Wh
z!d$|BjlOk>&{20^L77>&*q8du0wB?9T<5ZK-b*G7&A>I6(I})QJp)R}+lY|m`o0ri
zTCjM$<wBN_CpyYI<}sJUS^TsE_Am1Xc8?8TO>Gm5MFegKH|g!T3g`A{hZmObWP9$f
zyX#M6xAG93t@9vf4d<A4vQY^J^{qBNXD|9;jUYE7J)k1u@IOc1c#6~Z7)sg4dV4E_
z=P*PlZyp$mODfMTW=fTvO{b22oNbqOr<-J)sFWMVIf7E#Ofyrd*b4eq^Vsbn`q;o1
ze?h%+EEw}=02-q51_p-sl;hQ8w43YXL7(EX$~6Z~sJg*hISAXg5VMF}bP8<E?%#Cf
zFB%WgJ5F%BHj5nbdAo2<e8IsY<yk+0q-`&FOK4Q`{R-^`8j10HQfJZ~G`*;of1y$p
zim#Ckac@8UJLpu9{5d~h-gfj~aqBvU&s?F3$Sdf7p;FX1sMlHlH}Y)KA3fQhAtqi5
z1N`|fYpxO^v=KLo-caGaAVl--p2O67<`ac?NKB9R=f77K<vgOc0<8#a?ne>q8A|u|
z=|1pxQms`uJ$!-JHmaIEqXfqv93Z)t*Ch<%t+%Tq^hR**;OrJ`7?&V^oYf~U?_MEs
z{e#;YWO=f+A9o>_MaCK;6sVzAX*9XBd*7w=JX8aogKg{b&18mpc)9q9gb@th)U1b0
za`WZg6p9-Se7>w>o-C^n{Y5WQ<e88!(t2@yuPt-WF?L?v8W@$#OUjGK@0WD1b3k!8
z-|uW_KR^(8M3A+1pf1SZp=!E93_)2KPuTK`5w}j@NV$DsYw3|SuyI-YOkUsO_is1r
z@@oja8%LYtdsCG-{@p`jc{Cir7fI>?SP$j^=U3Z-RSCS@`Rupv(&bX>!S|b-t;2&Y
zm%Kw>wPHoOi+N#M0{ho4a9!ZR7_PIbf+K!(NnY*O;L`@|?Krq7+0pdt<>*oIyx~Xw
z`jLQJkf&0P#`l=h-i#iDBEz!X^KU!ppx*7=WOzT<xr5q!7*KR8(RKuM>k~FlOoPP&
zmU`ILiZ#!znnT^|#n$)$PVCy66pS9!jJEmLzd25iV=&Pue1`KGVgBh??t-z-Wu+<P
zv*2Nh>C;H)xhxMhpLxBYe3|8~xZ|kw$S-$T6>rDmP2&lhwSYnRE+Rp(@_BRi5>pQ^
z3#kliuCwu5@DjCvFY)KZ(-_M5s<r^cO>)*AF<EDc+e#WA%Vi4fOQcPB$k&bIpVo*L
zmFg$ev;vB%f{YFBaHCf$tr^sTmQ33jr&6)07@KLhW49Ih{Sw+=Tq1`1THU4lYOh}~
z+;n-oL3m;)yB`0fiADFtyiater%%|&GWM7!b*dxXTV@=KE`D-rdA}y7C1uFyShN%A
zrDYRU=fh_n^yP;yRq7TRjf)5B5UVuosWx2j+J&LKyy@OIh>Ci&7SE1ss3J@8(Q}ww
zW~SYMN<nZsU>|qHf6`edNHiruH79AOZ>f{2y#K<l2L{kQT&$ZnKc8fd!5hQ7R84qh
z7t^{ktRH%p<b{|Hb{X`Iru%5bd-Cm(61;ZPKz;RPTeW}Jc3bs+ve$#63b=Gfr@pJ;
zT6{)WmX0eKcBH&OT9x@lR}`VRhuC!wuzLk~<L2)v>~*&%Oj&+FjQ+a*5m|a}sfv>A
z>!Jy_=(EpN8U7%C?I$mfUc@K~|E6Jynw3Hn9x0xTOg@lXj&b6eZ;4~Wj!C?JF8de;
zPJSm4q{5RK5<)os)~(QDOoE-!KR(F<V|S^+WIPQgs8eJvYp9+5E(SzW69FM(kG(&9
zj?;2LA0dY;Q_W6Au=M5J`S|$+dBOe{C?_w%*Q(KBHMQ;OUIiMN#&COnH_{#+R6YKb
zksh9MA8Bf<jW;GnC^p2suZ5QO**dqU`?RuMQKfRS<GrKTEp6$(cfwK7;E?$OO^t;r
zz<AwwJa`ekF=q|PeqMRkU7EsAqeC6>!wg`3zb7v2OZJmajcozEy#Yiz_^~CyUoEJ3
z7Q?73yUA2#NC#oh#|9ufr&l!BG8`Ina?QCJ8oU;t=SxdZ<}rh*7wx!4CQy%P>RB}G
zcR`!kOgF$Tyg~U1j^9o@TMS$dV4rN-VARKBvHYZEwutXA@L(!erILATP*3>H>)BmR
zxN_V><hJKQzu%D>RUu5IrTxJAv!m9b`XlkZN4Mu3H843p=ZJ^}#o)sVCdNBH?fP(A
zqAk9D<})8-^bjkSg6@&0OqW;K{MtShJC|$SYB7c9TGKLH`rBwj6agIJ&b4x<QqxI?
zPr4w)ZN_MN<Ha5R6Qo4?%Vx^+^pxv#T}n>(R=E+7Nwoff`J?NIfzeViO@vvf(zcj%
zr5L&DYyb#a@AdNJS;v)GFe64-#K#0*3nz<slZYISRF}3F)8zqyf?LbZzlf7%&qPh}
z)BRlTXX4kw;7h@2y@%x`MsQThOa7Ja1jnxG4*}w%#0@L5)`xNl_$4R{3;d&u>uG{5
zxQhg*f>P^wSNv+BT0MDQc(OcL@szZm#yZQWoPGxwlf~Z#pa0NKz=Vto=Y<3gvn8{#
ziEY$IFyzDXz71aJX>E+Mj^lD@V#>5oZ0bpGGK;x%gkEBg#a1k>akKEWQ_o}G4e%+>
z>2r7htdpTDZv-jLz%dtw7!Rs^x>^fuPR+H`Rk<m)IDu|Q*K_b}n>fFe{jsc!u0h?@
zQ&jtm@ewo(RJ%^maTScQ7zyYm*d5%)4%w3H*@nXd8R$`m4$0=dqS}=ZBlx<mf}?Za
zZ8A&tmA6sXKxH>~*IG?y4}J=sSMTpTG`^MSeF(JvJO*Oob%;|p8>ery$ylunR}z(6
zBe-0%cNv~D3u)A|Pj2~ih0e^E%3{tRD_qV=if(OH?qr-)$rbP}nKy5i#70E4S?BwH
zPB*;UqU_??Pm&fH4OAb2Y5pk>VjgXY8Xp^NiEcQwpeV`_Zo?Z1ZPt+%`^UBCb*03~
zt6x<Pi`?{{Wq(3=B;no-F=1=bE60Elg~sfPRXbvHsvOvdv7F>%lkwCH(5W50;M;28
zY$ZMLLQfN|W6lb_Ri0;daWqdzCkOi;Z)1YK(`(PYnj|E%1H6X&wDaEWKELvF9K{Ji
z%>`{)1mi?=1$EcP#r>PlOT=6^?>)kovok>8wP86$^bf!;7qg=`MM=e_z0!$G?Yv2e
z%D-F&S5Rvnv>mfIW9*Xyy#xAP^yjMlP_rTJHit~Qlk9SqAC&jq>`Bp~ZhO9g=Jl}e
zvqrWsK-go}N!3gOGwirYr@y&mV-|C;WI-*Hm4avGptWn(suV_cY^8)5QT;jHYc8KX
z_?dUZ6u{O~TQZ}mZ<B0Mm{i#pCSvGr8|+0Ej+ly?DLV;z9|-WWa|K14U$7D6OsQfC
z%n@)o-kCg6KQsGBL81F^J)h^_x8QSw+Z_on{ck<TefY?f!?V!=Emc(C_vuFZUvhEC
zMmz9NY*1d0_QD($Oq>jMPRq#nQrDdrR@<sIvi(3W?JUlZ%|CkZ-J0jh&bZAwZx!C~
z?TOY;l+2y|e)R0QSXFkzx?a0qpHx=!r~@N8xpSyh^?+hbehMa$g;Wd|y=pAmvY3~_
z)><px_MCnXtp4)aGu<Mc%VQLu$UVX&IALL$Q|l(!_@d__xZSQQB+8UB%ZjK{B%KE-
z4ttE}>5x~*7mHupHe?zbdF7@>J(cn#J!_spy;DKrT+g&xcM3b*^$DO|_JvT<Y7s(H
ze5GN}|0+ENEef4JSS;xNK8(#k1GzH2?=Jm_;d?>X_gB<_%5r$>g9geFL6?oZ+8&?6
zdyDE2Bco8!x~k?1Q)PCqj_X$p8waGs<$Aq~#(P)nz)iUZr`>D<?@SOs8W0ViMS?X+
zseog=7O1uTa|v06b@F4p9Q^Y0Mwr2o7EI6Yp!&h5zdx)U1kJ(VC{B&;1v)P?><#Yb
zQRj>8^JDId3$l2ovms|+o!HfE&G_v_3fkFI<W4?zNxM6Mf%yS5Qv#*t^HTzZffY&b
z*#{hsYu*YDO3bjYhp4~1%W22U8qg!tmb0|PzZ&YyFET#}2tVTl0GDn01`yq{__;dq
z;HyW9hS8mHha2eFA0?D2h;nu8!gdPpNNK;a?&a~AZXl#2`*IW&|6;jM2dE5wsF0Ce
zvgu(xkrsLIj8w0o)3_T7SZ5*7#`0nL5vdEKZ3xEJVY5FwCk8u5xpVQ#vg+!2?d`e%
zFQ_cc3mjGWHC_bGoqVr%)BT|soVrX0z#Fi5vvs{D-0wJUw!yjcc#xyDC)XWFBf_J_
zgp~^Ul$GHJ*2Om?1>;kasZ-}{-Ck_dJB<6-w4#;y3?5&24?%UsMsbnk-NG#1hwy0^
z8{k)3S%a_Lk5_~=?93K42QMo7z$A>GTOxfUchL9_(j)xu$Ez~>4EM>eEDOGzIuk0I
zElQ51+$BQ1(aJ(ex%qBfxH&>I=$S;L{FXXqW6IjCnA7{RFC?#5J4e!Qo!dfOq-`)t
zwwRr;5gQ&1nuHYTd;4?%>}(VB`t<z*y)th<4-s=Y$MFdR#`0S3vD|{zBkmp_Wp|Ip
z$~Iy&I22H=3`aQN;1Xz$H7c;-hF{3}jSX34jp94N#w0o?xpNk|(D?dd;~ol)sR*_Z
z&4tAsKSvGAc{zlBNz<NvQ|4}3HhL(+zdE&?V)Df`=_+BDB+XVjZ5(w~?xc7!g$qDy
zOnJChxloHmE2@&jX<%L<MXqQ*cZU3-m!e3cgkp<TAToQkC=CabOtQ&>Cw^>FmhIhw
zJ?UHmv3(VP(8Ehzg}jX5p30(?Yn|?|`l$s7(5>moPSe6ju$jf<D?>PPK*FT?fp=Lu
z&JGetdZYp;tud#?QORqaF(}+dQ@m{{%?Syu&i#f-rlgDox#&h+{X+i!Ql&mGzqQu_
zo0(_==JDlbfPH=xQMJv@d=?XQH#4YtY9Fd32#==%4RZ#tPAp=uv&_ysGEey|43i(w
z(U|6EV$?9lNg=XF@6+(K`=;yArXSgz7Rx}@uf2_|kE5r6`?u|>DewAu!`bc)^0(6%
zTJq}Q!VKcv3Ov%y<+n2WOt1Qrdjb!o!`w>1Fi!y^(s>a<7zG{o$EN;mr%8v4qRJ?1
z?4-=X{gLv=)r%wQV@Br&=}h{}WxUa7HrpiVpXm*buL)csZYwsA559cFE=Oz`P3-!;
z2+HO3q~8*<8#SUbCVh#72U3TT=@OyUXIjFZ;v?B=8iyGki3{k5APWi3Xz8!Jg%7ZK
zX0x_je|UB(5?(OsQeHRmraiK2oLpX}a2Khrw}arbw3!wuGX0#_;%C3*bi7IPU_$um
z-p+$jb<MsfT}f@tDG^iCXO|nnmi<{A*r1RiZF$(lBQy)yJmmc{HTIBy?}@~E=J2w<
zN6)=sMU_+K-jH?4*Y|wI*+xhHC)3;|m@>%ML}9?tWsSDdrA|RH#g079^+p&gH<kKP
zDAQw6^ho4sQWJ?W27zk@D|SXoa^NIj{_8SHlEr_13!rj~VSbuTJE>LA{tn#F)F74I
z&PTVm4uWPH`$BM_E6!zawC|ElCS71d^hy!Jvluz*11X+&Ys+q1n19ndcvpzyN+OiX
zH1E{Dk<6YWvLttv!jV%FC~lS{zgt)Ac)(j&uy<o{TtCuZ9e!bC!O*15{BRpxmN*=P
z)t{CjTWYkd=u<q7y@gzJrm0h5Z2P&)`8+MP$HI0Iev0Nk*{M~*Vbu~LDYL&}#9$~w
zUrhRi_?NQHX4PZqY@PcYKaSw2!y)*}ZVJU-^N3GkVyCOGinmGTllIMEMJMHL7TL_G
z5Vd07&?scSo}mHuq9Q1K(_rE*nmu=**A=X^Z8txX&yTK;SvsZr70`g)j1cyArP)af
zqwfY|uLR!ia+lSj-}S>_7%xpz*V^ai_7i_V10(Uadn^x_IF{alFI;f9{Y_^)$_32~
zVdmlYmdwNah)tSizmVDpE?sNyI)zZX<IeOtCOth!67rTDUXKU$AyQ+;+?UYEB(<Pw
z2A{|z8q(Ed;a*>=*-=1>#ax`s0eLhwW$5sbS@Rx|0;LNwfScwjV8F3MBWLhuwPb)w
z(4wmvz}plR9dDwtGH#|j!@ZD8&8Rjsw3Tgfcsb(!S`1<13*?i4hB1cPdG%#S5Q;Su
zSRyWJ#vzzr*dwv5DU($*58BP2lY`<h5&8NKix9lR@zYkcvJgNLSdpg<)?U)=dn{Y%
zkm<*wpSYF;7O&Or^AjjmnIC7+nbGind*d)p7W3?~vbL<wkYisW%0BBjhYzqZ*|Ki~
zH0VUsJ#0p}rI?|6b@0(Oe_O%pr)JBn1G^&_9wac?FS&6>SgILFUZMDHEW5SL)-q>y
zt?`oMfX7j$x#_3WE|V-W^6-Rz^5p6)1`J+m_AcjzBtAzqdo2%yAXnDCd{OzM<mRaQ
zj55~Jfr*-DuFrFvpCF%Iecz3I1>KoQjv0^m<%TFv6B-R6FZM&_MURnyTPJ4c7%9mg
z@7ImkzK_{+V8kIFwAz@W^^_e&!hY(#)n{8w`<clAJ`FNrbW)eJO7!{Wu5o!KENI*^
z9%ztIlfm0|muHum=trHJ$Ocg;DCJ*1En;XVqF8F9xGy=#W{6||bvlhud;cHi{wgYt
zt?dGZ6QTrncY?b+B)A86r*U^DxVr^wg1fszaHnx6xV!slB75)ez5D-hF3wGl8eO)!
zs(RHk=bCdaVMK<jlp5Ru7>GtG{P#Pc-4a@4lj%aZhu>0T@TWuCvktyB>^s5#NG|-}
z<Lg`SYZIXUA;JFap?w8roaP=_y#4<<&+i2+!WTY9|F3Qjj}(a~+O(-9)4JWc<!~V4
zp?wCXzDy?yZQJczS~4o_KWNDC7RPMcODaK8khD^?x?%Oxw(i+Dh6M?koU2vAAzxt4
zUnwlo8U+Zq1#?5q{^lQRB(*QVycQVam$uwvHm{rfd5<nKCiBJz0BWUB<i_kqbH-cL
ziny}W<e76f*Kl#tA~Iex)Ejr9jeAlr#?#~FYDHwdd3X9f!f(9JQ9=qtQU3pnZl1|u
z4+RycCOb~{czX9+#(aOpcyLWoim48-EzQa(;+KU>qZyu$mc4U(oVT@}bBecOS{4=x
zJv^y3ez6PVHEO4dg&3$T9JzY+faFI+&2Gm(wtwaLw%xZ;vG;dZ+dW73u{^4ZA#rES
z+xvfH7AAy)g?(U|#qmWU>Om#K1gf|I_m@UH5QcGP(0FZN7(8=dWR=G5>4*FO$}GN@
z#ZJx{>Iv-SkgRHGE@IF2rTt4TnZF)$lCUkH##bg)XqX~l0wPX!EZqAfe@Ngc-LtZ1
zISC!46Tjx39|irRvS4VjT}-^Q<A?~=PPM|RU<{Ve#p#f`s6@In2}OKs1@v7ob&&m*
zynUik)!nmJIIC9_#XN(nxA=wh_ZUEr2w05>YK{Rb;Z-@9g3tfaN(lbZ!h^LEU@bg?
zt1m34Ta=P2z{avd%ztIwcenZ#%Bh~aNEjoJ@IFSvzr4(Tdf<O~8Ll--S(2ykd`H8A
zF^8S-L@fP?sFE#4^qA6@{u4ZhF-2du4Dmn*MajB07^UjL0VJh%I?b$R<JMZIh6zQ@
z5(_2dK)>NPuCMABmNa4-T&;}(fF5>5HcS}fA3}B$a4NAE62|%IhyDpl`exeo;DNm@
zQPh{PmUiy5g(PVLn9?P8g8gwVx@hoDy@Atf!%i~dy_b909~?i>3ANfU3jrlsTc~0E
zO!C#OQ!iHiF7ExC1P&oV8<Cd{Q+HTdGD7)7mI@!nX2yeBTRd(nGSvv1Jqh)rYhL`U
z$@k<AN!058v7AMXQNe0}xaIBAxTbW1Y`OGI(zs3lKRr2|2?lTWvKX6mGg4^{T<M77
z&_N9-T~z732<b<?x&E!_;!=bd>B7zEeyK(`o=k=<OhQ57ZLWpI?H5M*TgJZC-$EgQ
z_t6L}S9lB2_exEA;S%oLAaGbGZqxA{7eTcvM9Hiz3Z(K5*ncl=g@#HD3>*_u{bQEC
zsk1WH^atHo!yj&I&^-P?N>hv@Z6?1hrE07@XA{g6WoGHLG&_4H@j^*6%`b&&^1&MZ
z_{xzVnASGG6zu|p-R5MPi1jSm5gNO>bGmC0Vak0YK@=C67YCJAfJzH_w2=f5VO~P)
zfd{6cuvwMS;`{+FE#<_H0033mySNaYoJCUIFxmq>+d6x0?Zaf_+_6#xSg<Y>eBvbc
zDuKJhA5z+9R?W1zQc>u3Ipb1f1TdUKmtW(}{bf)-RH{&|8s#XY&mdmS<U~+~N;fTE
zHIhER<4$jDHPRxZ27NU4;`~Td!G!#k>Rd>v(ypEUp$bDw7Eg2e`O<ps7nT8&Ssv`m
z$}F}ciLDIrxp5j7Yu<TFcGt!kct)U0SF*hwe-8JjYw*YiSn+nefS?@l={#t9TYT9m
zq^01oS+sP4QHVKeMPVS<fzae)MKsv#>!A(0vNTCbTyvHZKL&4;B>)|ZcXdO@l<f3W
z**fGtF7D@^>1Bq5i%G>78H-oHScH?;zN9fhL2`-Svgb50=5b8A${$8dRmg$A7zE2;
z9l{MowQ_{I?Hs$lQW#$=n}L|025~S!$4%=q-NGc>Ihswm=9}9D-KB-o+itxveVEK~
zIs`)5GY2{2!Hz*&u~Sww+4V&eYEvewjndtRG;!RlQIu*siXb4ZN*wJ^ZVq1iTYo3*
zt*kpwi=b@UZXrE<HH@tA^pbDN%^{toW4K9uZud;8z6iAE+F*@=g_#DMD_w@Dvv!_Y
zxJnwZqFgqND&sBlYz&WsMf`)D<No=M|G|72UiaX5sUe6uHg#--%Rt3@_MG<|^%I+k
zc5etob<UYh#8=N8Ds}Li_1R;!^u7p};c7qkJYxCIxbvWEx@EW<lzcw2>>A*KmAbg}
ztTQ*UH5<(vbB;TE)|odk<lUoJcyqR92IXRw5}p#rCq(MOy~#BdZ5hWt3P4u{i6be0
z=bDIEI|U2PFKMg6O7p&y-%9gc-fZh<sd+v;3hO#4^#ZA&WvOQJ4Pjw>d@w_J32c+g
zR^09pWE5QzP3fjA*QddO6kAC@7P0rbM$lX9Dn}n#v&440Eb%!bM;T?8ewf6CeZ)aC
z2;Ml~HTvvm_F~eU3c!}ART^y?g(?-z=tpu(m%A={+0C1&mUQBzh_s7vH8D(ZC**V=
zyNgv=+p|9v9?rl#xgiKj#nNZNl-ka6&1(v9-!XJUYqC>-IWjEbSsqJ?Si4xSd{lOb
z&c;FQcVGngtu`1BTCaV*thX=ZTDo5Wplo#|F1>7Z$}L3A$$I6Y<3mnp{oz+x@$-hD
ztl<-K+3ogaJkWhb+PiZ8h9btse58&trHOLeA!is4n@G?vXwV`9ve`o~X2~%_vq@V%
zUcuejUPFmXT#9-9F3SBb@yh!pDS~)HGqb&i4u2Km;9eY}5Njid5x)9Lh<dG&5m8uZ
zg~TP%j`YHT*lgpAWW~%lpw^sPF|UZ>Oq>>VAU0Z6v9Z3K!tCBfF~H4|<|@89R<=Ja
zdeUjOgIK=m<v!Sd@-eZ6(7zF+aVb61Y-rK1!9IoLfyJ7TtzcF(Z=Kz3%yc%=UmJcl
z*PAzWK&<>3{vvrLIJ<NScTT%%4cxaj3{cbyxyG^Y*hj-K%DK)rP?(iix4GNeU@X7u
zf?w;xsZA?*&{r{`weirIeQd6%%Yz{5sZS{2adQ9E<ji=vih}kP`FE)m5!>eSd6STh
zcD&H?n6hs9X>zKWznp%3pSR2<(JEFE`TcS_xOl9Dk(MnjWft;-VP|kYXo10UEV&d8
zd>6<q`AJqS>8h6Ygv0{6#kt*wTD8R0mD_s{Sk{TwgHDktLHKklwVfc`c~@1X4~pO>
zM7Rn)?S!iB#3jb@M?Y$eMAJ>dn|CL>Eu9;{PcED%e<0*fy-0PqON8CBxe9XHIMy#G
zC*WNuHPZ?SGosz_Z|O|eXNXr1FjW42`a{q)v(xG)jRk+%U>55jlC${rZIJU0f2<G}
zdwWa#_8i4KhWK?sGT8C44*l#)x^!22L%0Nt=?-Y9TI;E-UANDNEKTYLg;p!pggPO2
z?{GBvzRAdvntrn;Ffl8USB`XkIUBM7rGQR)WKPjAjc%?V1&#NoJ}P^y>2$i@hj)+w
zcq{;`2s&FopYMYm4W4dC9RPvi$R6~!>91++hNRa@zMAOuw?I&$uI2;{i}ebhmDm}5
z>)-MVB37b*IE|UktnhiotK|mTP4!rW*$F-)j&Rci*`ICZ`0gKvNm2MjMb)A9!|v{%
z1dClN7H<@J@GC{KN|l7i0xLx4hkeESVLM~*D7s%Xk}U#}TRu{@5A9?&@Oa2rKSm~k
z$x7*SanYkz_TdC<H`{tER~WYAUe|#XLju1+jm2x#qwu8DQ`WVpi#@K5+O{LPMRO#X
zE^4jjYd)+p56!|#>a?rfW6INwFy9*Ihs&vH{=0#2I7;fhBe8?_&+dy4)>~R@ol?B;
z?)Q5y86)Dd;v;Ca(gyC9t5kH&=Bxpy6`E@p0XTE4umwE8i)5LdCg-0*Ya@D?{ZbPH
zHI-9chPr#3Iim4LVQ{5zwEY9|0j+<Y%c!>gw;(-VZw{}vDab5IreE^$yJHLX*ZLU^
z+k{_Z9+qIo&lO`1e^!qhe>k*p&DsgE{k<>v6WlG@_AZRM;1j*)T7GTf3N#eeX1c!6
zLV+bwGqQX<lLQqu&yjAY>Kp~^LrOGBd=w$p0^yQ>vHIPYfSr@1FP#E$4I48Q;Ud4H
zNoAcoc6c3@e>MijyUORff%@PJ=$NRbr-o~Ufn#-Vf4w`wug@|%u!bCpi2v=Mhvav^
z|H7;1^9usoi0qFtaR0Ny4~&3R(J>f)mqP!1a-o7p{c**`GjRX;MZXuIz)4tDbPW1`
z4*XZa?nL#R*B2iz!2J&x`@Mil0!C6g`n@k8u0;4e=+1AGN@zK*@;YxrEK)Q;%+r*O
zsyGdiF3FxshA_gAwg<bR3zbq3*cNdw=JX2dWYB*Bxwih-JT(=siGId)tDSdACxcz2
z&zf@=jf{alnN}*T2#*CD4x@47<sk~V9n_N%hJuk_qH~$pw!5LIn{Qx~FtQeNpBaYA
zG?8(;*L}G7KbrHPKbrG*5NoB+Syy&R&L;KcS)oLKH0P{MK!Rc5<+&nh%xxcWy;^D6
zb{TbXtaq!TurzBc-gXA#TqB>`Y6W0J{rz2{t??EtwPo>)i{~rRxkl%$h<d>nb~H}=
zE(diYha2N11&$VdpFExE+y!@<!Gnq9&b2cO{i}q3(CR*o7c;uRb4TbA#&hM$;@wgU
zAR=4s=WTNW=U9~%!@w{jfT3a#GuQe%Otq>Jp)YDw2p4=urzYnjSdu9%f@Z!|8z&{6
zgXII_lSCtAQNQx6@*D6_)ZOsGL+Z2WpoV-=!z*tNBF@CojY-3rd)+9R;Lpt$>uKG3
zNpjTvikEyls>!2HV)Af|7t*3DvRn2zCBr1ZC=3J0Rzoa~=P~sh<BIh!65Wm^oVICF
zTTuwur0Pfdyz!L6;X1j$Y{Ej2uVzLn+iJlkVN$A#H>ZZglWz+K{BD98yRlwjBu-no
z*m<O=e+^t`+5XzIVE2vr;c(n|0V7kL(_K5%-VvH<m}Y8T=@6#vm05(Vo}c$`r0d`X
zhJ&DXv}*b)^N2{{2-1{8s&Y?$xy#=DAQ=3Zo?(PZO0L;T3k;w<Y(z=EJ(-R$S6_6W
zJF%reM<3**={t)1?qO~$L$~mm7^_O*#W&Cy!w9a$P5@3C7ZKt8{0c$J#ZGipgH@I9
zj$0X`j=F&eSOCZnk^-ySm(rVm(2_*_S!Kkw!;~a_eJHCzdz|~fSScl?vqzyE*Y6if
zI=Lyv4fAKxA>!B#P<LuU>pnh>4TYi7&~m3=k&J}AT!G2Itx%HW31Z?fJ@vHMGf?O+
z7iu705k1I{nUMH-k*G|1p;5wol;<dFH^!`~I=<=Q-iUoVHA$GkvoggViG`w-$*qyS
z9m;*YF3fPC@Gvdjk*iMR%UQeD99DYcJa&#cTXG0>950w)pimvbxi7qx8!lsnDrVNa
z*brxAs^vL73MdY%J&cx$eWz%$N)Ne<;_CTuTf^p7{xLCC@I|S*l3`r<lU&H_a#G&-
zp=q&+f#7znKYfQXsaM<;*!7es4XRu|7~gv?)J-0nJ<6m|loBSt3=FW!I0bN3DZHL<
zVR88&4!`zwYh!I7mabu8&;W4PU1BysEF5rffVaH}o5~MFU&L{`BdWNPSx1epo8hg-
zt?0~NMOqEAGBmAc=dkNV+U*-nil`5Qq7AP7ZU-_RbJCqGI3>3FNMP)Z#x-pu8wPWd
zccW5j;V$IkklY+)z6%b~+Sqq37fMk#z3MC^MVhRGxy$8P{>tr;pJoyg#>=Ank(ab!
zBErc;?cSKlR6bFftnx-5(X=T=^)hsKb;C|jX?FrJU~6Pw$}&6OzK5_7A1!Q$`bu&m
zfk|dQkoD6pv$m!7ag@y@kbv8ufVwe&jAp+7D9lgsG?R3j-j<w~LY3svOhAaEJbE%d
z-h9Jguehh;lmqL*(Efyj)LtY-=7G?&$&RKWtGW9}j_}$8s`FjW>0HD2v>+aosmV(e
z9VPSbyHXCc0K3dx{W-sZu?q(C?Asi46&sDmF82u=aZ9+(p|@wD{Mz<B7Pj#k4VsXV
zf0WxVAod8#GCrL%G@nCeB(xlpp3^Sh!3GSTv^w&Bmu^0>ce%*EAgc>SW-ecUV3IDz
z(e>;7KrCI>fc<tV=8wm>8}3LAqq{r8$$17dxQR<~fzT76ps3hm8iOnCyCwfGq!N(q
zXIroYEv}He&}J+%7y~NuS?dQL!=I(xUcrXnHR(@YU(KZ<JLgxl8og@2FcDF0zU9I3
z-O^xJh@LbrzC$e1kO^A*fCVK~lXTzZ5_qz=%gli{RwbL6V`55AG5exoD#j_nDcllf
zOMu>(R39!8K&>e|N2=$Tn@!^`1x-@=bd@&dq&cZMEE2q?Bio=<Wk}V~(&>f1(LDpN
zC)$MWLWsjSlrWc0RQ-;cve~IUCApJuurp65;w0Pt;nZe8j-D!Zk5!BEsQ_J3M=Q4F
zC+7M7OS}p%HL#1gx<74v>gHiE_HZ2!hIFa9Y^0?9n^>9!`s3$^(NgX6VsH&t;HYKr
z=+;W9Rw@Dy`<GW7diIm)`SCbi;oKH0>|dtsB(y$ZK9FOHoeu&RmbAdi?a2YKay$D>
zZ2f{q8r|7D8w|68Ii6uwl4kq*Ou7?F;&?UjvT^toKXmbSHYC*-60Biy41KVhHyVtw
z9{#VJw~wM8hF`WpY;gfHBt-(Gmc6*|S%GPm|JTpE1NQUA&`hO;2|C16RlOsZZ24dw
z3*V{i6e$tPw3Sh%kq|~0tW@s<4dr3q(UPTUwvW?0@LJ@+CtuO|v~VpnR9&hxoW!o@
z?U%)F+4y5Zs=S%8K2z*c#e5DOJt4%An6-#4oe!Ut*W~B9!Epehy})lyc^~^7JK!$_
z=W&Cw9)sp^6(|&T`yoPHyL?tPdpT-~vPzlk39}vJ3aI9fC>nD0MHv#IZWE=L)1WiU
z2Q0WewN#yW*QngY)kX{*uo4<^gCc)31TP>ck(5FBw~@dH;P!}?OCrjR6#$@!^1VaP
ziGF?_s$GY(mJwEg5R*+P_(Nv$A{(4xV&peg6~V$5Gn3v5?w*qXB)l7sPRc10uUXgj
zuWC@uwK>DIW`WB_xy_#|vCPH5T5c1J<s?)K4<1-j%60$%I(s`+q-F)FqTlTYkfzbx
zw0u<`B}vPrTsbFp0>)&j?jNva(<(ymGT~7<DJ~`BFC8?^cS#3{!cBQ~Wl~o!p@q<~
zxJ^S~Af;r7RC=Kt0e6s(39#!JyNjACm<|3R1XjO)xI33_a?(XZ$Ic|?4)J7BzCNbi
zbdz(L%qJ;nr~0|SEKcLL-V03wxT?h0xmG~ccCzjnD!s(^+lha$_z`Q)DtD#Rpr(j<
z`X|A(P4#^dI)m`}{IXjcfvr}SQW3{#w4bya-;<50wAq%W88kq`<wirVn5=EtcWmaE
z_@qoZ^9M}2&LkLPIi`7?z9`Qn7fDhDwR9#6&|jx?HvMe>Yw49w2lbgXXA-M%jQ;ZT
z?&u2gUIq#*FvcSM^7GoE>o%qN8YbM^z+fq6KNU1XSJcnXZv8Y#@1V539H|RJ;{l_r
zrXnByf<fFkUov1I%SQ<@zd++fJtB@Mmu6D=_t*iqshxKsvFYY>l2<a$YD=eGQeca(
zpAa>ziC2oQQNYEA3QkSkNi^?)M3)ePp}QQZc<+pkJ&FtH9E$bPX01138y?i#hV{+|
zUF?FeX3Q)H&Sy%{94%=ym^gX-XS;UD2bBzK9gxznVn6;Pt3}}!C|Wz<JYP%mOl|3;
zl^;!m+fHlU@*OqL#=LE(5X^tTV)6f|+8#$oE-MtF;qIu!r(o9je@wmJYh_fk@FlBS
z-f>#sQLvxO^FcrKy!Y7sP<M*M1n!b32L6w)msR*bzFz41U%p=0bSQoY=*H?QVKTMz
zP1c>_BfU%bM4mh@N}(oS^izL?+~RuqdEr^4yd^jEi&w=m`-zZ=JMcBvw-n6q{Ic?E
zVVCMHiW*n^A15z=`FN+iaYLW&yBaq&t-c58{bcjPfG3z%H~igI4?L7bz$c$~Epnw!
z>I1km&TE;)XDM3Jyf6+Z2D?Me3L%&LkOP-8C>9j<SKsEWn(MgtAH;TLYl>~}65sdV
z&3G7HtUi*LE?zyDRa|Y2*5}S%QW(LVI1FIX3f2U@vFi~As{Vshl8OJwru!i9!FuEG
zuU}RxQC*jd+e>+9QFiUAd?t?m2a13fkdc(x^-JpBXMs@%88LqHxsSlE{S0=BohhsO
z>**7e|BUKr+d~|~7Z1ZD@@Z4Qj<)2Y#N(+)eS`n{-%Wu0U}*DS_wTQu8gS3e^wM`Q
zo%Fxw1ut{eJ_DOt$%x?JKG1(wx8Z-r`(F@b0R~ep7Rk6M@BZSV-&=sggL(eCdH>+4
zU*W-3mpKVqrmZ<4!*g%=f5IY0Dgm@onNi0iPSwHDzTUH_6t9AQSHHhsEd2=A%Jupx
z`Tv9@ty~zM58%0{d0bF&wbmbj19^9+9@1)3B3$j<9^pMEEBMi-sS7Z<Ae*ra?Iw%m
z06aNMC+u;>QMVdcm|yOyN{LN{1lE@5x!+SI@6kj;|Ampi8XMde{1y~&Ug+4u-)f_S
z+a#*x?z26M8kU}SZOnBOF??|AMei^pmR?gXi)o0q&y6l9B%Z0FM`^&frW%v9ABrAV
z9k|e7%T8*K&QBA4$8nfeBbuCdmHo2+zhUoXuN9dBi@seSQKsD>bKl*-ZP%XUFS1o=
zq85gka@o^tH#l!OX?5z2XK`+bM#0x1WegA;*cYQ2iuqjTGv;4#bIEp2#LFFn^CE$G
zpf2m#&|zsD+Alsy)gOlZ-7#fjq~a?A>tM}bhTb0Z_Kul|E;b;uPhpevC(9?ZNd%4!
zXDeAk8c5BG<y46d+ztkQE>+n^NU>Rzx@+KZ<!5(bww)iJASz(0jq5iZn{TlawIkGI
zXFu3MrCS@=ucN#=xz(Nt=%=G3>(*nr;_~{j=SyQ;H~leWa*DH9V|*ATHhkb;2z`tX
zS>y-@0tbAg-GKw42CjG(=+U_dHv5XvUmw)mV~tkLscIhy`|WDbM-p2`be~Z$XTsn!
zM45wHoSb6K>NRU_aX8l5pU%6Jo9_~_BnuRBh(*Dsvx2e&qjDTd-4`ie%*UWYUuO)z
z!Qy9R=`LEjqmKbueLfSDbk3^!JV%!-?H^vgS-9(In^<j3S1da)t2|lHmW8EYv4DF5
zuqd74k={0Ut$r94-Z)4qm%-GUemfe7j&Ojt4zHV;uI6|On<H=j=FXYIe%Im3i0sr=
zFG(pG<bju#I5ALafB1~~)DrU{H4Jok#fRY2ko5)tEZ?ltn(-Ye)v}keH&YLDxev1@
zHxqZo`)WuEz)mqYwH}k7@BjUK;$nJLV+xeIJu+vcJ)J!`2h8-=x5UHj-KM2#vkoW8
zZvgIdqZUEAa=<<sU3H0f4$DJ<{xR$dmu#VuJgGzl<KJj-;38VefKMOQOBk9#OL<_e
zGdEGT0LEa}01%kvp&MGBKxmU~6}U92^CRYJrRp>DiAY}$x<SXAT?|H|-Q}{4GEaC6
z+XuPnjww?2S!Vr|it4xRPYN7%hIgC0>%*#<x_L<nYD}<3Y2dt&Rofv7S36+$Qu8A@
z7PF4Zss{Zn82TkDi7>Nb;YdcPd>_MX=^pg<P{daYP|)ngZF`gh)VYR&N!zOlV<Mvn
zd0N={q#?2$tdJ^uFPFOi{0BM3wcQD9`#H};A1~0ZwsB5BCqryj&PM~o@RyrCCN&eu
z0|s^?&|#@fICN}xyCALgRS2sjel)+G$UwR@3RBk;!hlpLs5qIi+1u{)3_=(;2^J1!
zrOtPkNGK;**(7&W2O(Kizv+iM8iQEPnAJYOISwIiFk5iA(S_F}0mdi!PL!`u_S*{G
zRY0C(*uyy|ja<wpmm`oYWdvo_%Xz|HTREteL7MWU>%{uPbm^USRZlAq)3|qL%H^wS
zmK#WXpXf2)li7+aF!N1|?++6A&mW--vS<h&@n}^1=t;lOGG6U{^NG}qv&EWrTIDh|
zvF<|<DKTtVgKBrJP=s9YX+ONee&@1gk|~kkuB?HN$CDjjfSIzoozSNlb!{W%o6AzC
zEY(xOcQvnPy1%Kby0El+dxpvUpm)PwQn<K04Ahyn>k0zt9l$&L{JeN`vUjTM6UxnL
z?jv#PP&ypAh{u$)0BUmP!=e9aL9=rhsWN$)$IvMAwmdeSf7eU{vkFP0z4$J=XN9NG
zuT#K$NOH(JWgP1pKhz1o?q5F5>z%kZH-T+8=lOuvy$k85?c?tpID!O<I2@~z7vt$?
zA57PpwWq!3kk;8WPWOnBtVly859m*pA5&wr0`gBtP>&o#&eb;Ak|ox=?pF5WWL#BK
zPHlWS6FS!za@-wDLqEJZySiY*7}NoW@It-XC2e|V%o5sB9t{aK+zZ5qRXDrE8`_cL
zVm;Ndj9T0-mA-xonI=6#3h3*~hrKjtItso*F8}CgS2qGnNIvMBJ{hsv%#3*2>slq|
z7Z7H_eoO;98G{D5zJp_0c|&w^EWb+%(#-7=M?T8*eQQ&<(1NAeP)EG}?<>zMKtLM?
zm++A~gVkYylX&TE^ztb^f#Skv6Xrz@fIeOyK|pxoarw?yt%f#Wlq_Dn`>Z~kfA8it
zO%&%hhn+Hc11Vx4tj&+s>)5d{9Q0HodO{bEyfk!%`);=CTEnO-OHLQfiFIl-#1BHd
z)V9+UhZ2<7E*PEPxWIus<foeVkuuW-YqO{86*L`0o95p{d*{FDHBNY-M#a6)9k-OI
z9Liq$y4mzmDqsR*O)(VJ14}#g)teE)sUeBxVhfH@-1MjtCf5|RyzjJX75bj~N3%NE
z1wAW)&GfA|w46SUA1BnVY9VM-NeQ+>4us?L#Tvft^Qg5d4N7Ugw0tmR|G0|yhqrq!
z6F&UO9Er#v$?G(DFXEK!vX+EYqNp70G}{pC_F%6gMEviydv=NyBPvVxE+{Gp>C6+g
z`G?&yD{U2<%~N83{6CWqv~@!k5$Id2ab$cgMjFM%MTsM^JhWYws<qeng8%RN!A<!8
zU^paK!L)@VO-a52bJ?ceE>7CGk?npBas6{qQZbqI91^lD3nC-&`Dz>^Jl?}lP~SEF
zT*92XE`eHW-{T1Wb0x@rxzUZA1hww%B+j36v3MK9S}o6vcn(1)46VuIY?+0JxG?j%
zRdvnjp0$RSb&z`5(z)iK-dGvT9AH(9AzyYXCAHN7BzQCn3RqDvP$mtQd|n=hNq=<C
z4Fv-B;<}B(wm8u2aEb-c>($mtpa_N<KlVIe((@tzy~=GJ#AOwq&R0#fa%soFYSp6$
zRV21wDJaS3{Z~ur%RCY!qb^Xdt5`>vy=Tztw?}E}T6JmtSoj*03_BHT*37Gfc2W7b
zV+j?Rz6x#iz%B>K8gE1Xt+|fT-xpcHyPtk^xom{fLv4L}+QxVgy>~YZ_nv$*g4jy4
z)UcgN9dnif*K5XxF+g-%frv)|=b$FK<|*dV*m+`uE>*>mWJjrMVC-~OqX^5LheTau
zR7+P``ghHBOtOryk?ymWSr@R0#%?cbRN~zP4bn)@Qk{XqbptK|3xgE(OY*r3jyiLl
z63Fq`3aI%G@{DUMfvp~9lnSTLnz=w6drh^EyI8JP7O>{mIi-yWyzQJttWf~X9L*N9
z(>oa{*L=6?pmAYIZXesOCRtgs5!2MVa-xx9OXx=TK|??`U~+(WIeTxfWO%hYgffkm
zQ*XMz=P#)Uj^<8&9&xesJbUSW5>^V@8zGiB1h`y;O>bvkc~;mir4I{+Tsq56N%@W^
zPClkY)<1{61Cr-V_@ja6z!YYq&WhVybJ+3_(jS2Rm!$*N^`sZGm>peQJM~(ahNSXo
z01SFr(u70_s%M!{msE;aYJ&!S#y79k>8whjW%Q_7LDnSZf<aQI!MUFw!I_#|0T!kz
z42egYUkumLzo-C8=WrpbN$prk3vigO`vd3IT^T0y-DsnfQ}Zfxif%C-(V1^*r;w*J
z_o}L++m~{KE_ld^M)PZlTFTPiR8)U*e$IuNs4Sy0=zzRx$7HS#CK~Ta2G^;i9h1#0
znYJ7yLDsH6+<jmqcq|k&I_6#GvpktoF_Sw|PITr!qZ|4S0wV78W!V0iH|E$4QTc(|
zw)V)XZb3S52~5M@f-hW}v?rfsgv9kiIDPR%l34@QBSvZ(N6b9}45@9w{v;||Y+|NZ
zz`j>qg7ih?10Q)BIOd)yXQ21%{`mMwN&zq<Ji(ADtFP(vUK`<Cq%c~&&4*kjU_dB~
zoI`XcI5xAdvfglpU+1d)!ZJtT?p?vMJ#68Abx>Htb38kWd0-y5?hpkhU5d*V>Z+#x
zn!<)V=8@-K+Ss$IL75#y>Vttr&Cgm~<qi<*$U7i<Ir~o6tlaTp?lI<A_)bT|MK9wP
zlsGmH(2iMuf|=*xwRf_gwZ`jj|0@gwk7kK#1K<$yx%p|wXgxb|GYr$Rr)SA-O)j`^
zPdItABOC%%o~nf3DQPep$FwCmrHMd(jJxXa^_yMi8qpXaRsF=e;-Ch-6NPe#Sz0nr
z_X!J_y{j;vDVB|S61=-RHGg(0;-nHkK-#ad`@KdfU2GE4i=loYW7d7e>D!c&gKYa-
zoc*)e#`U-&#_?nix1g|>7gEqHK}l4(s$m@z_Jl056Q9EB=9n5afI2!$*ao_F)kziF
zZ5voV6ZwMbX+@dd9-JJlStJp>8&T>4$H8lQ+16<aN-6)qMko1aRKzB5c$Su7$ous2
zVK>q0hWTONwNnVBHMRxo;bLi-ByLGyI93FmV%qSX!P0N-3+@sTkt@DgorY$eyvytx
z!%Wf2rI^@-POV7Ziwf8aF(Lb*9ScOm(RAfgjeyRbt9Rc-o!g07<11!Bff_U#v;vfg
z%Z$U(3AK(w&f<!U^6G#}n3JMQ8`~|sqvSH4RFhBqC7%4_iZLCVGnt*R4SgG@{whiF
z;JC_3l2@41s&@7)L0m@0#z<R=n0N!>cfP3qP}2CvB9LI^NsqSX?fL*c&_^jqlKA#&
zxhL1*(8x|ah>XmhhLed@)m_OIbAKMiY{*VI4o}LU^klgoI7ok!d9@)wX?^R7G+R~?
zFD;w<Y<vSIv{8#l_hvFOeA=WVo29J2jQHSH_~l_;!Y|tR#w;?Cj`BoNez#&ve>OVC
zUP~&P#h(%zqV{;HOu&m{qGE2f`Ad+gO~!VE6w!)npNGK@wmsqUeefU>+6UK|ND)|5
zPWJRUGxPw;oZW_>qD#xfcmDocO|AQ~C>3_|Ibm?@N)%Ky<_omSD8&EXHMc)Q@=AsA
zzI_iLu|8d%g?4PUSaJznE;u|ISeBq33E!{fWJngg`)qDfyBWM+JBl^-P^%(o%(awz
zyF}-dnWW`Usnx0=&iD=XZD+YCNNv+?HoAM!s^o0@DZ$y=XBep&XCwwkGbW=0jq2JS
zk(&@MpzL%Bm|IQt<f-iO#j=!IzV9T2R1BQ-dRQY|6Yha4y0rym&k{{&aqF^lB=d2O
z^Z19~^uuX3mzMBVLmKO0tJna;poG!(;N1a*Tu&2kP|a#*jpnB6gynTKE}RhW#g8|f
zn`Q*%haRcxE~C=&@!vHvE{|12WfKzmgP;CT-Y;GQU7x4maR|_<`BcTpK~pMvqVMWF
z+Y1RH!G|F*@W@909y~$GANu6^RT>Yro2%Fx!9d`{BWe5G30(HGTNZ@SuKpJbQhT9j
z6_mNEQ`nz5Fkn?wx>C^OMd4jCYS6Jp`|$C+BwdjBJcQ~z>CmFB{x7NE_3qP88NWg9
z_p4uiXBqxwc=)sppM}7NNf5#R@HoF0%#y)wc5@_Q=YJu}FAjv0ADq25%=8BNcOc6@
z72FI9c$|HnB>eQBpZ|No!5@5_RO1h1f4S;E$15|3h&ZgCpMM+pcMovJcqAU9r9$=Q
znKd|1dhQ`$CUg`7oCOZ^dP*0*c?{f{UmIr*9W7_#wVuh{8o~5`di~GkGkAY4JwIUx
z(nV(;4>n2xDL6*>AIQbgP(uzs*Gz4C`2SQY9^PT!kBo^#LNjTZ4bCsOrz5=JcK?@*
z3WO{&f_IPSx$;W@r;h4Hj9Pl0;Bw!c7M_22Nb<M~Y)?1&`$H&RZlu=lfi|8-mgarg
zZ1hb#41XR@a4TK<{m3y`@_18Yq;7>}ZideMie2*pzYL0gu!L`Ef+rt9ZK`6Vm5e$u
z{4Jvgzq_!!P5ISY7&<>p7}xiKW}3P8n#;EfQ!XvGgbWNsvNwgTvI^YBb8)-~q{GgH
zglG4Hfv|m+^2qg~t&+ls4Kl(3Qnaeb`ZXYR6Sb{a8i^&WgxWOLh>^Zh*gW$<l<@01
z^BNkqYN->3Oqr{%5(cRmc*j%`8Z8QM?%}{we&SnE!YhyABVuTcKRxRA-MaMe*fgFW
z6M*1Ki|^RpK=3`!3yS~Z^(K5CliMk&yGgBURw(q*x1?qyFr^eeqE^+h=Q`K_0fE0O
zcYK(R?%Q=kb%&4`CzI@EAgx`du<#%hV+@d?X9N~YZkH(4g1}b>^8E|1gU{N18k>)z
zPY)0LE=Rn}kl8MUH)<}NO+UbMll(bpWKf%#z#@JyBX+2<V!o^f1rzrpX9gou^hz8T
ztq^0ufjyNCN`b57o=Z$FvyJks{<sm;b7RXszm5-wf1tY$)_gdrJx6$oS(}`8dnk0=
zxyZ@n?~j?pPqo5Nkx(B|pep`)_94#|AD7L2rtzQ`hx35XwQov5&H06UMFs3al@E43
z!;NM%OKFw8EWP?*r)@pk@@&-wp%x`n=RpM5uayo`p85lC2G7lGw>F2uR#M8#<h8a&
zhp{@?&0ke&6VK)Y)It+CSstD$Pw?+iLC3zZg8})P*<#s3Jh??T4i`c7KSiV*6EfL&
zG_2N*4jT=Fi`PnzRT3;a-#o3o)m@%gAYoh{XT2^N#1Ni6avF49JUZlj^w4$i(PKNh
zi)O!?;`FcV`7xw>86q5k`#^csrI6Fsu{?SNM0EE_-R%GFU-A1MTEQW}uT8Bn3k0cY
zhODk?a1J+81)e7X$-;`aF*D?GW39iKC9ngsj_Sg@sWeZZe_cw+_f&}tXh?#g>B~oB
zPs+(uonk)`e?JjlU%-=j^BqN##J$DAMH3Ig(v;lFKiscqRfg5HT%S*bJrmqIgf2De
zpJzuF4Z+eH*(_KCt8pOse%9cZ+4+jpEIvj$CXM${-p=Q0X*<@>kKO%5`h92%WUq;B
ziQc%zwd4g@N86CxmdHjZY}(HivdK3po)Q=FLDz%hD05N`bqiK=f!jTf-{y@PfX9BX
z{@#9;K*e4tk(V#Q4=%Ww;B)?Yidll&Oyo9M`Z+LP{qx=54X6UZJ=VrCzxn^}WI+$+
z$t|q6yzKvXP5g7GXmg#;@}E=uI$SL}xL2&LJ8R?k-!%gSU>Okm{THl%F5>Ujd8vhh
zPp`J%tc~-(Yc`%|2F3QM&8)dETQc5qIQ~F$;|Ndte$meh|GhSqHuj5`zZ<5^3vTFC
z1ifmV-}^v97i(*&o*}i~du{`j+XL)WhX~=e12i1H>&q(wV(>|SUJ@Kz3aWS<U&EcR
z!~~r0?roh9#i<Q&jXP?AmU$k$J*+~CuEYrOsWZSGpG!`5mg^?QBdXAMXE!O2OvKo<
zI&`$0X!$bHo-H1Qcjg=)IH~j1=eRXmWfDPou6(2&RW^`U$vt+5O2*m|3BJ0uM~VSb
z&V&=tYcV|4Xs@Qf%nUAL?Z7d5m>~>=9|3yG7B6>)7um5!Q^WFHtv(wh1&$qPIPQF(
z=v2Xp5RKiu(bTpeMd;@KdlT5-Bhv*gWjUs~OSA%;vXsu9fD4C=EU_L2MB9vj*Ugjn
zzC2EsShoXcp4n+z;%mdypZQ{Q6o(WMRaWBFOU%DiB;!sR3p~iAaz%8o@n`N9zx}x+
z!^u#h#Bb9qA1edGuYt`sk5za0U?%QZtaRO#KY~uHhn#ofVJ&7RxKz>-5yZ>I{>49n
zfo@l?2R;~Ou|<5|3Mn^!L`Icj=Xi!EzYXE{-8W;0sDBIc>A@SrTIR{6EnP~#O6!Cn
zWQl(~Gk1Bo;`KvF$7^vHE%j^_x8x<hJ-lEM#XAGe<7w*13C4z6E?!7rTJB=t_=BQF
zmjzgS4{<ddO8d^RvUJH4tAbYTONBWnev%EEP2^fP3tCJNZT2n2PN$)mm6EW{^y@@~
zhiCBEb2rqiWKHt~zT<#oG&g!<r<#(~4dP}u+mK%teexVHlml>lU;5h1d7jrt@!cG;
zz6oP+k$$v6+eeyN=fY82dHdTp%9zdW>~;yY4~Aalku+nn(j0eOm-=StdLnrj;k~;w
zHuU8H$~MRD`!BXVjX8%Hp!CF7!)#$;EAWhH1D%iB^kX-u1bS6BurXTO+c@^d37PS@
zxeFJ_;q-F^%PwxUgL{PL(1toS@Bsr#Hs$B+)DzPJsgE{yACnTidk8>I{YR9jz`b+l
zw~(+PPHKOQ*|j3#r)D&!Q?~-FfPkNg?8E9Ui}mE@hG(0)NL!qZG!gGvIZVS)CT$F|
zxTRcA=+zN*kl#T(cLiQAycU=Rcw6tyXas3KA4$5bC6w-XmUuv0l!MOidd?%CT-Oq0
z^3B=yQfiEZo3;*W9u2c2%DM%&ig6SleGJ_nf8OQZ2Ze--b&$4le6erL#F%W-du&R|
z6rzsv{&;c6l+R?uTQrE*-#n1F_~>gwo$L^X`8nZ836nbR^HiFA6=K^uXD$zOPSG|+
zOC!^qvAKSjF9Vx_9_EaqKZ4R@h0Q8!PRi$8`n?L7X^vWYf_PF4#-Ns}d8z>kO4%Ig
z(A*^plA9(`&F0TB;=|QgnxLv5G8uV{5O2UF>-OGvR4lt6mW~39*?GoG^X3DuxVh4O
z$|RcXWz_erI~l(CxEa3lEh>l4tu5GtJqVJeaLU4|e~4>$^tx$Jm263T<!w0xHLb-Q
zaTPQSJ%w4xUp<`5=ed4-FdV^h!lb&2J~kQKV_scilyyd3V=#<P<2{R*LZhmXA<TgH
znv~vda3MsNa!s#ES`OF)f-n7&Iow^kyB06jD0kGs{qVyS7f<zwvc1<KkE*{~f!02y
z>n40;sBQcGayI>vO}7eAJ#je!d#(_t16A=)3F7tR{W_*V7n!K)BI!8@&r`h9H1zS3
z8{`vUiCWmuE*sY%fVc@K^Jr{`TFj3yvR)+A&Z?;dAE6aV!Sbtou<4Iy-xm>!pi!Bf
znPsLHmG6?3cTFe?KKgR~P2mg_@{_$*M~WFBV>c^@F@-nQ_Z21=nH`!n`FdUl#%(Mj
zHgyI3)u(AX8QeMf!T6uDV;dAmW4En8aWEoR^B1>_l85FIsp}Ou@35PbNAW{{Sb3%d
zowgccjHu|ff2=K`3~JM`Iv0P$5M*g>9lN1n;?>7aHd?jfTT}6aX!Q0c6$UM=vMp(I
zL4}2LK{MPKWOmqY3gcGaZ>^cujQQwcw1nswsLo}yexle_Ve581|BTHyHDJX+XBxF%
zuif`^@ZFwApB%uK?M(80R%m5YJqB0AQZ@}^;@TkcP!#1sbBd@djNVLHNbB!c;TLSL
zh1hyGS-73%WzQlOwd;E^F>y>B(8v=YL+A#XMdn9V$8{00ShPs&>L>Y9#XQ-{F<}V*
znG(o|Sts~xeNkirY8%9<K&cdDdi!MFUC`Qj<t9zC6mx-JzQ!jRmK2Liqp?F+nPSxJ
zMq>~4`uKJ#aUPWBB&!DXFL^zvMgve|o5%)?m=Tp^R3~N*l6!>Bua%?}njb}7I}3M3
z%O7n5mC*z@-?4)PSdb4O2|<W4VussuF#`+9ca7M~w(B1j;8i;GbXr21<$gHS>}36_
zs5ZGVDirft*|Y}`@*0Y`p_f!-8Z<=6?*s_>+BuV!$Ig=Lvcec4zW@e@a+=EOEKV1O
z@C==8vOTp<jSXLU=l;GnWstAq!4p(xJv{_vev08$F}CLjlRC8AN7t%c{!-{6l|1}z
zOm-|bqhraIAzz-uJ<F*-eq3zRZ#{d&T*7JvFlCKLLiWbOt6Cj~-LcnlJ5YKKj0R-t
zQArSkcJ0^;s@Nb9sd!{J3@FSk$jI$HkQ>E`%Lj+>8PMlCGWcltEkD}#5POCBpRQst
zS_6+69u!o|VUo9EWx%0;L%0*FVZJ+<ib1Jar{>;e<)<N9yAvI=A`_b%H=5X$T_2T2
zhh}aQ0uAWfGGRpZHNr;7TaYc(5kO+>;^v&$P41j}76n%-!=?oGDR0d62jU*wMYA=a
zW!1z|Ui~T~+A!gj832dEF3ir7aA|HLN2eqoY`B~jzSnv-WGE#seEAfs9iAnig0qiv
zWwH-nmBEq3{otv<(?EdWFSbUfeg@C20!jpY6D?t<y&`kSn;_Dh*Et0SPpV3i$FcP8
zy@5Tj|5WsoOw(>IrV+KktkR{~KQ&k`^mA%~NuhZqNmtPZov|&4-|z;fkh4WoCoor|
zz^*4r)vh$;^_tl^VW?uZg2s`%VmDh{G+M47xs8SEz{NDhX3seV9l<PyHM+$bu2te3
z9=lu5uJM)+rSl18P~ORcz8{wu8d3jxvR-$^CYdpGDMaOJQvxk{zE=>rCPO#7Smv}-
zT<+e~sDFd2rKFOxEu&mXiZx4*O}P5-)yIHKv7Te>%(|Daf0cJ{5PBovPip4yxZODk
zuVSY^oW$L56VBSLfV~GY=XcWE+~gPI16VUQ$<sS_j_lMuVk<Td3y9L$rh#Nf#nw4z
z7V75VXc{8!eYtWyCWMR?H3n((EXMeipg^QgHtKQyZxrj;UI{*EM&Q8AhHkN&%pY6G
zD*JMa66kcts_UfWWI5J4PULcTclRoalnmoi7B|INp=Zb}95*0q4i---!c2NQ9v;Kn
zlCQWJIX9hOIXQANYU*ovFDbV#8V7q%;4z}=BfXH-v@~=qK?=Yywm1t2T`AAX!AN9+
zA{jT%e^fQ`=*2{ixQE|^40Dnc>j;9+z7l3xE_dPDYFt1)@=?5w4C75{fu7z&Sy5wA
z62a&Y*HQfT(CK}M4l6sVYisLdBZPaDhvtZhKm0cfVEDi)q28B%xVY|&v|Obnf1C-&
zb=ny&cT%nE;dM)D4H8g|+<A75O1fnKNSx(hqvx1n^cBo=x!2|{{1Yt#m-}|w{oTs&
zz(^yuMz54(dWGZG$CgQm{-nz00kYIHMW|Ps37=o+>5yN4!T3`|^AWs`mq?_XcneMj
z{98Ew{+GXaU4sZN($!|EwLkoC#Vv{dHMU;zdnn6aZ1CdG&NE`K;R)vYEndp~J;>iJ
z%pkxAOXkBc|GVi6h(Ena-1F39|9|bGLN9m9DUh3rg7l`oG2rX{iw$-h)+3;P<Tfn9
z*Q;5aU5P-5*Wd=sz=EYY=EA%S95hKiTXxnSgRPQj_Pw-qTF7Jxf@>|@ja%QCBX;gr
zW2f|5LfRca9m6ctvRAt}Z@jY|Sz%Y^F8lue`8ah1uOEwz8sTuCym;JBBQ@P0Qd;Vh
zN-q@8kZyk}mG0nqK8CiqazD8(ItqNc!a~VSoXrz|N6NpobkGF<v0kuxHn8CxX%&5t
z0Q&_NayrK|;ZOrHhHhD#Q`*&dpkY~q$4a-oc*C0h3@D@;+tFbUC2!3+Y@qT;Qy<=*
z;8*SjBdp1>RfA~;FgR!9<+z)`2l6X6X3W%>yp*#&qs%qm8OXEQU7$11>f3KySJxi^
z(9ue>s?l^<c8bk9rwy^P+tyMY1QrSoqxKA%gxy@3AYoPwGza0RBlVO|zLoO&g$A`V
z{}(&3d4a=t9(W()w~uIdE=nDcfR@Ko8uz_q*&+6wpwPUQPgJwQp8egUOoG<b-J%iU
zbMcodMY10Gd<fMj?VBg$xh^oZ9m)d<_?ewabOT1#JHiWi9(tIVpTthqwpV7*kGvqL
z^vGS=?2Kr0j94Pz@_7zr)l^ngK|H*;!r|eFXPK2snSI}J*pcfjLT1`zC5(yMw~j${
zbafoLW`UAnFHtR%OVv6VYU56Fkj>MG)H=QqkeTmG7%?y^Dt)SA+!$+`>LE%h3sSo5
zjTe`z+)^aJO>|@Yc;OZh)^q8<wQKWj7M+RP10iCVDs#~z$qpC&J41X0DW5E0;Wrlc
zg29h8h39s<Culx7u)RGEhDjqmdkaz<di!vcmNxEqj&-{j17p=>g`}DeIf*#$B>O=v
zj@u)liZlw{xWg%A<5i2JWM=AH*ZkS!Sv<MsE*YdV^^>(RhYS>zDqDa~1EQo+8hm3P
z+81{lED_q#Sv~BTajj7x{gQO12!?c#Nn5w-B7D>3c7>}XFo=)cDW_5}CChPtvd*<Z
z%2&t92ARA;cQDaIUslR9@3ATCuo_JWIdw~YX+?vsECYuy*KskMkpp@UE0KBHVqRY#
zE))XE{ER(rR0)OfR;n=vNK){GmkCZ<%zd+7AzFOMwF}26??NlIP-=h5mS)o{Wfydd
zOkb4Tg9~QyIV!$k0kM@I<}wE$M@9;q-ga_o>3YyP^cPwp9pT7unwg6DoDeYYHd4UY
z<@Jl76UGK>hB^&SaC`8qKXqEcP>x&C<#Y(8I(!UZg2txv#Qv0Y-e`AlBOeyLl>!*}
zD5M())93>Xt+w+K8R;`}%NMfU=+~ikD(WeCeYPKH&9dxr7)-A}O+K|$ksYiXzbq9%
z9LRp?pQ`@-gD?qy2S+QL*o&9H`o>L!UJd^9vw;yrxpnA5UT8}a!Qm>cbIYw*6syb4
zn#ookNt5CkRd38{8m<O|5kTY62qnzi(d!9QnC!3Tq$nm;omSCXsw;AMH)p5^W!@G>
z(pVnWbBPdTV}Pdp#Eq%rGRMB0uiDYAKz?#f&XnNJnItn38T~gAB?2{wa5)E1@!pOJ
zNQszs%EY9tJ2I&-<0tr%1PGR9Ql3`JcavU+rH{T8VGl+_AFxn4=F)q_9IN=j4a)y;
zRhmzGI@x4It+3061swJ2?LQ#bQ|qHP7eMec8&sZ!CUh`J=|gvzqSx<>n|W7Qr;=MR
zj+Zp@fmD^E(JyMTaA?~l0SBrADDfbUDW?j;Zl-%Hg0K`k0+$+ml~JeEstL&L`SwF6
zr~6HEWt_<hpLqbk2s4Y>Pzo7g6ip0uLTJn>lh2eAzET7BtXoV{qa0zxG+t6Ue6re3
zRf1~;vVr1ww-Id&3sqF#>;(;0slmM-PVyV_-@S;M7hlPzDin28fH%sIWBvg=Jl7Mu
zBQja8pvesJDRIYGPF6ym9jp<+KD#h&D3ArKE0*G>x01sX)q}uwU)12E^N6xsk_W{>
z-VHUU-iCkN<)c6-;R8YK3DclU#asT+^fCWrr)9~sKu3@627}oYK6;PPXoUT6#VlT8
zOaPM@;QGL5ga;~ntl-w4*5NV@nre+Ta;|_j$}2IO7!AYlZ6kwc9HBuNKSqbJ?qGgk
z7nc@tOreBYNF1|!`f0Dz!t1lbdT~xOZ03T5xfjfO6eaJ)1;$wTqQ7ZpW_5KduxE<C
zH_oJ54BRBdW@lgb6N~v|7KXdbn{ZOvsVn?m9Ld#O1i-<wo<}cS`(yfRaHo}BcPOKd
zUWaf5zj96c0aF^0QZZmt;dJxmoD=Jjc!15VAG+SYe!i`n0@lSG0-<qm?V3@v(iXjq
zO1F_E7%t3%!c5j9*ZO2kby$1mL0ivMqt~4`pGE&dF$5v`Q15$ua={e{BlnmK@x5=6
z52;9i&+eB_1P+@7csF8U8OV9xnJ9fhQJ*;}%Bl?!V7>7ug&U`YP_P9}tvpuDm;x(&
z<D>LRMU*Hce5RpsUgyhUFUkq0KZ=<0QPNf?DSpkAE%FscW5QB96<hCtRon<?4EZuU
zzB6fJMKf<<;mqRXmL}Js{8A}KD3mB;C;J7_!z$)mj%+DmRVF)i;5dHj1@{SypqJ8)
z;l?x&z0~6t(+Ou%7iuxA>G=B6U6dVa>CKN<lA=L?liaEGUIUo)lS~+5Q6#EN4mILw
z*CZk(wk;I2&>_E(D3RbPbLtM9Ry(3CgpuWT9!myUhb7vMHbi?QmJKp7b6s|oyen^^
z=+DLsydj96*nbx{%2*JN1NdS-eX=>B!x>ZFS#h+kT7+-2iHHGM^(&`MOBt;_ApAQ@
z8k;l(oC*fFIgEz>b;5mAnd<;0rj3d629@v86T{IDD<zO(Ciojm4LvG@+GfFfi6wI1
zW+x8lHEb2vLs@y~Y{ea(BAFWY=+D02Qnu8PbSH~tuWB@o6}@YZyK@`X4vG?Ofo{6Z
z?-X2_&Np{i^Z(j^on&yo%oeJ9>K<p|AW0a{o?*|Ss4v>rA@ee*!b+c<YkjV9#ZmB6
z{b!&8Q>xsTOstSJ(fJe`H?@Noakt%T3zwejKJ;0I`O@}|)+!#%u`eK=3oNfNLaSQY
zO@?$RWG3=VSxW{eG*7a8(S2*`s>f`$Nop!`W8tD}3hHTHX+q+GoUdg+3diF1;ZrAl
zT?^z8DZ@I}@!&NIc<pvIi{q-gyEX_PC=64AWYJ4_#d8roGvv;S?9Ef&)}+O*qLkKM
z?%^+jcHvT&45yYwZpnosf4p(#dT>&30oY&&Ni$4eDR+;4R@;83=^k^s`$GqVKZ-dw
z1o|BlkbXJ9!2Mge?kuRi7d=>(N&!%*Nu^HOov&lYRPcW8Ee`3AWkEL>?U(h~q25eg
zP7Ud11y<HF3<u)X8bq|}lxz|C<CiQN$87S+Hoolt4`Xi`6-T#rYbOK<PLRgk-8EPU
z?%ue&1@{0U1b24`(zt7IcXxMp4-ThEo_*fE_j$iDzMnmcY6@yqt@~PY-g8BDCmq^(
z)i%mTajNJ4Qh(Q7kV*D;rLp*(&m+wE3G4md{-VO7oIqy8?Z6{J)SV}Z(i#}_Kc9{d
zKM_Q&cis)c4d`WL<MPwORMudMeGpBZ06KRE3$Zpu)^OxZNHU<?J?X7e35l!9s_B<|
z`}%Pb$QQUtiGE6@P-IBOAN|g9zC71ah{tzua&h{Jxn(y!XR1Hfb;hRmY^MivgT_S>
zhkTf351B$4no+%#DRzpjh~LE`a;8?x8^*f-1~pY^*Gr)(B$SoGp(kVjik44nh(YhX
zC0w6El0zcr$01Z`!LxWs;g7Vc=a>(yq)G^7D+&qDZoK)-L`PhkL~5%sm6i!C={ZO?
zMkvFK>fRKGsvC*JqY-pvEi6kvYBfBtemgT^kmD;w7{(wShI)gDiUusgwAB`)WYQV!
zxB38bg9s!F-8=H(T2^L@JZ$!+b^~jIW=$qiF`b;fKv|@Nk;aL3wv=0YxrC0;)vl)L
z+F}$<vxcM_!&_Nq2QTiZe=Xnx1KJn~_}s6`rla10!21=)`ta#Y5!`%V#j473><{-M
z$24BWYP|vJE0`e%jd08|4xGi~zsxXms5nYEvxJJ+o=CZ@sBm*W^LIWRlp>M$K|z8m
zaVD58u|R2w$3Oa8G1gnau_p6yWUBD=0R1gY(FP=pFpT(=Tjrd+Fofwpm@y5;jE44;
zamx=ASf4aRa9DmJzkbu-r{pd8^#JsHqqqa~BinoP`sv>e*&crQCDu5!+|cs2^S`mC
z7#oZ=me5#Re+%b-WEAkpb2_igVYB*;^*_Jt4dl$Lkiq^A0j%%-Cs$c9g5`<YI-A-b
ztasMQ(XHaG<f*=4h@?cV$PNqhw%KM#FtMLLd8HgYCVF4sy#MFYePF;>fP%rbhy`&W
z6o46<$1@n=tb<Nf$6RY8D0G9*IzRCI=n5W)AI(?4XF_49`hDX<(u*yDlNoyp0ltJ{
zNS}^Yp{uoX!o5yP<o)T{(ft(K#$(R?WmCdQk5+^e&li9v|6`uE9_j7@<|&wJO8!ud
z%X$KK_ct>IYmTgwc35uI{@xlD_^tF;X`{A}fg$D5I{TYxkr>4j2flUpDQ=Hz%2h!#
zeyF+`d75PPNZx^-rmggbosS2%p&Hf4*7>*@-J_>JG*W`C_^mdHG-=ZTWg*G>umwR^
z9h)WX0kM#5_z5qc-Q@BVQk#A=Em|mnhx9tlu)JErXu|>%VFWR(+TE|`GsH6Ji-eKH
zJuy*qkER#y(y2}u1#du!g2vC}WiO44oftvbzjs7j^yfFh9K>{8Ih_ewcV4mW_D$sd
z*%*QGT}JOM)6=mB???Kllk<oxP(wOx%L=Z!WVgGfHlq{h>xVE=)-3m8>O1i|=Q$V)
zT2gUp)MsiZf3ch+q|!sq+$ozwOOSZEsXZQNp@C6CE4p!+2#-}{t@U9s+4_3FAU7xz
z=IK*~{us#$7G)4{87_rNtfxjVesV`K;<AT{k~0WpF0pcaVWc)Ug+MNHJc-~Tm>PJm
z*|phPaxy#|@y*$jHw%`XrJG8IN33+`oOrs|1i@l+>(Ld@VXgcq05MsXLV2;@i1D}l
z<Yof&@Qx0S7TaMOYBrlo5@|xL?h*><;bXHvaD*RsOF{$jlYE}tS^D&?9nSfj6F<Nr
zYu_#+bdS!1sxe2|TjbR3hPd?a)1U`<U1T;mYx>JSVQH`YGs-BC%_t=MN2<2j_kD4V
zISurwmJwS+VW*q#iBXI$I#O@R;S1^#$KH&Jix^*F4|B$u$}cx9707j`J*jXq=YbQ%
zu<n#P(9J#6R;u&-Tnrc~uuAjX@!e+P=sh#~^f2_2PPe&tE|$s{)e&;{`?pSL-{s+!
zo#=RZtOrY6`_}u5ans@+-|t~mp;pq?yt~brS#tyv*ocMvNo#5f5hd+I%v0`Sjz$s&
zyi@n__$p|AN0ED0pHu{}D2pX=eU%dG+#;w0SmJX8Mgx(;>gEXoMDIAin6W}9m2U!U
zw95l@>M+9C8<*XNa;k-VRko>;shn=W7&g2~diGt@`Y?Xx(tDDy-%u@aWwuAYv}S=g
z9jUl_!LU?J>^SgrT~9h7?BlVdC_W}yws4m9d%h@vK_VJC9yx|t+vD-=AH7N{yaXsO
z9lE}8yC=qRkEr0>^r>u1g_R(D3I~IVV(in{4<&lC!JBR2mAn0bnbD6DnQ4oJe!ZW8
zn<2co6a9iyj8ly{u&u5J%PN88YrVcx2ir{+7X+AwW^XrXBiPdau3UZ!{B(jt!tA<)
zUSEDv@^L@4vZFVBqxOC_Poe~%*{PU4;|C;Lu=dh1A8WzFu%E(_v^$WanKBDnCmXHN
zZ?{lEM}+;$J`H}cFIArtaE8q%7-%J8qzq5Y_`4Dp!CfF}h2aVv!I6s2wD&^k6C09W
zkY8tapqI}u7R0vMz`o<LJW#<1RED*S?oSh1;WA9%Og(Fg>>fgDNNt?Gh`(U?jbtc`
zavkja`&gL!2ZiV<S9P~oHgmu&Lt#y}!;(G~ZJPr(#t6($3?65e1W5<Oo1PrCj*Z70
zlO|5LOs;c=!#c~GpE9w$-SMheZ0KM)JgS(`NXu$E2WmQMWR}<l^$mMASI+>1FT`9$
z{QbC{R>*b%!=*0M$*k&f@wK_dZbu5%EHG*BM7RLiWV0g%pSR6-2jd0_N8yo>?AmDK
zNm4YUJc-5B2OMU2$Rlpywg${d$^?SL{X!|e{6@JcklaVuwR-Cu>tHUqwSOIJfy8y1
z4Z$W4`S*2ikJ85;Xiq%{<(x78zSUjk<<|MqG7uftY6}ZQUCMPG{+*3QMV_~^$2Jf$
z@hXf2#badU0@G)i8MhgRl%X(J!Usmcp3l8~-<lneOZ|z5rt&Pw^_h|3YuxwA?ONIa
zC-c6bXogXhlMfZgAF!l%?mj*Ti%nB4YXr$??X?tLZggYOWF>w~wKpPXgYGhv;#s&n
zMIUGx`&BPlOQjv-#Reohz`$-z)?t(NXT#ET#l(R}O@iHf@1MP2y51iJ8tXMP4T-)~
zCcy*f)P10y?TleH9un!C+6WPIop|gsH!A1_KMJ&KaiZ+@CRCf?2Z^)4sOoE`15pql
z{k@gGvLueo#+jPGbEOvZ^Bj!LG?w>e^m;E%blbl7x+OW#_&A{x?W5i%cdB6pbk!EB
zsmLvX>;gA=fOB!dTIHUacxm%MBmPKd>~$*81wg`Ro)Fg$dU)z9QZKt`0O91#r$Nbn
zIHo#}u^rC#+x<JqMh1f!Ny}pR);FLvbCu6i)4Jho`S7+AQJZI9tb&7FyMId+D&jW9
z1Rt&Pn)<wt7B_H`jRpBmPsL)Z>Sm!1zH%J}pSn650zPA!%Tuys8WtnkMb`6oene7w
z&Z;<D=PU{oc_@~c@T3&&li_;&C9S`?AProX<b?V1eACYvJxs0?7LJoU<w;4%s4~>7
zeSQpS*K7z8Agy){4z7ftWb&7=xan$>;|GzR4l8K|3Vk|&*gASnF?PcU7Yirm9S<ox
z9Y#UJ&c}U2HBKws{3#DX(ujw_5r!CL8VPzOL*69yB+No-^+6BV1vh(YS<vWRGnqo`
z*e%LCi7YoUa%hLjIm`MKaxg&E*jjwiPK{<gP0*)tp`#OO`lJmo-wxxsPwmkvb#YwS
zrm~F8tr;aOtg^K|<1s8BEvRd>DqMt(H;)5{(7t&Ko;`z!%5i+f!Je1P`>fU%bDqgV
zI#B1H(8l^zFp+W&f_M3jvp21xO#zEgLvnDmsfgq)8nwA&&szP?RU!6n5pGhqcr;rB
zI5qDGg?}>^x%I@WO9ZxQsZpNVe9-1fUbvJQmIAT4j|T9Rbr^*TOUH}hD4AV6&vckF
zr9oj`K+d6ZVzQ(cTOl9baUiuDp^v@kRJBLx_cl&4u7W{m$K8^coI`w`R)$BHfm~AW
zjZ}u1gK{19Vp4Y+oqcnwI2$`u-9;Vz001?fin7dCqaSO=dN<6ke4jmauf{L6$Bd-O
zcwz6zPT5>~1htOjx_6dslg)bZnNbnZ`0q^k6AxlAZ%DmoEbNF*RZR!HwogstM{9x^
z>qxJIX)xn%gsF2pnZCt7Z<*PZqRotwK(t+GXI7%H?t~%x!=UCdM`_YrjIBBOvha6!
zyxiMyYC7jF@-VdX(jF#<V2h#P5;1$4gAhQd-@eM4i;3|a(^AZQHMu0Qi(Blj3BlIm
zaRK_TWXvZbkOpRFkLG-JMykK0zz9KS6M=uPE2x671lgg7i?f%@xMVOeG?NOkk|{=N
zY$QhNHr_h58!I>uw0~_d{*hUoG>^k=9i3y*mWHmE1j<i<qiv(0wBCN+ni&zh)1e@g
zy85_KVz=IqxL_jqM5HHDqKH8#F?-CS=(tjW{EHB1x@U%Zz=V6VeW|e;L5vFiZ`sTM
zafd>pgL#FL*WuSYDYr-3!qh5uHRH{n8*p*f-+MKVrW8Dj@^r`AP%*{b>3=tf65P)3
z5#%ZB7v01GgcK__44k#T6T+xMW4w=Vx}!4xQa~lt7c09Pd}W{$$yne<0oUG`T_d6R
zRwg*1aWg5WOguc*roTB#9QfItWET>YGc3NKmUbR<t?S|5TkGoC-CAr{5sOlzL$_p6
z;`&3D2{(krf@xCk(pFw95PK8PWEi{2mu25O9vi;$_Ympofz-SO---4q{`ItMpoI(;
zE9wbLf^QPlJVGVFNsa87Qv1R$V=GjDh4@=TBd>qwvu*D$odjlaorLya&cpDpeg4!y
z@8k-sUb?oGp=FTSZXd|m5^ZM69rto2FwD-ar7bh=hU#(Fc1Lamyfs*}bp1xP2mvjC
zDFW=4+Y0mJy$BJQwLHsd>0$Y)eAWDuLv(Gm_kg~`$4x+VHNkd-@iUUs-+@Sk;-ky!
zezm6?Bxj2TLj@_^A61e|Z@A?jHC|xki~jD=KdEtaIOKDqOMSan)N!S8Z>v-2u+v1#
zsPC4)al&4#dm8<R67@)@xb$HjgC0^J_-G;azxA=&JMeAHVrPSketn1fY@<X5E`9!T
z10hou<LtAeur)&T;meqVDcN_TKgSzi?P0h_O3f|AVQ)FvsY=jK{+1p8!&v295aLOi
zcsx^(ui)|LP4f4zSc@kue`Ii|!+TTyUr_d~?MVdeA$vOZ5J&nuxc+tK2_Kl2PM$uz
zs%QW4UC-c1-aWAQf$XoB<?X-t>xKXfN;h6GOJr{@aK&~VmzpF9#(tN8iE4AN+JROL
zD&_|8wrTXla#ZLG_?$1VX0c-aSi;AqHQnmb$ws5bqf12dbAQTpOC91^!icSh1KkFF
z;zu2=9DzEbU+?m8Vw(8be(l6HzWY`z{o^5gUSqcz>+5bW<Z9c1|KSrEnE<bcoun=P
z(&$OR6!@a)!auEpBYFSRUpBq=cXeVs?6fs&G~gw))UFmCqBG_l4hxim=#xci?A^II
zGepyECyyuJ4X!NMD;6<xO`5j-)6uPwzLk=E#X6(Vm%|!1bo-MWJ-tJ=NX^=v)fC7V
zElFWKa|f86Wiuo?#mA-Kz(CV(T5RTC1B<u-)Mhr&AU4KvLZ%Yc7}d<>+c#YwnDbyy
zX8KL+q+s;~4W%_aJ8GqQ140R+r5r_^6ipsNdUN6j-XW*-%_Y>HV!W2WZb}^6{1MBH
z8_OzlQ^!SB7e69l*<P2Y?$}q|1hc%VRU(sQ$!1u5ElyGg*eH4Q*Lzlu0ttsDY%|d~
z%AflWhK){5V_x0m?bI?nH1-NiBrtljaoP;)8h%~E@rP$|pY@{Fj!m9HqAfj!?5-iA
zINU${R6&x$2}B}CaC%=HdaVa6@5G>?cpA^b2Yy&ID4^;d-Gw=0Izj@4Vqi(hl#K-M
zB!SHATWbUFk82z9z)}(4WoP!!Py+bt^FWF&NsF2BtNane9l9xl`V;-Mp5<DO^4O?0
zlodNY+aSCW{27nyOV`EWO`*bwcS+npBIxzIb1oAYN!)*+%YfmTPK=?OR){?r1zzQ(
zFG>nUv#U=LP<2ZHF4WC}Ez;j{mm1U!!YUV6UwQ!zrw$Gc$i6G$FNEM8yIsenj;jsO
zhX1Krd>Vtn3+P}l54h^78{Ho)0t;}Iu+UMyLlIZ^l)F7W48j%XrHziF0bB1&6=prK
zUFqM2YspnS(e(@E3gl+?#+jeF)Zb?Ef9#2&b0TG|Q8X#^?ei_-4^;UrjN4u4%IZK4
zpx-nO7oqu%?6vyE^dvnDUa79BqT_}*n=k*~D0Pcr#bK#<Pc){<-OprGa7$)1%ZdpG
zK&_d3*P<g?I>OIR^S#PC-wyqh%0T|wg)8!iKZ@B|+>zsFp$!SnZ--3%%ad@@lB2<2
z^*MZKD6qye$Bouvl{^Fo7<sCdS&U+Avd7NZ?hUcetwO#>EFxQ#)Fo$2R{^k#2y$lS
z-hw539P-^(>lN!k%(3Vw_H%oYTr0iWnmqA)R?22vSd;qMvW?M~xmIOD0BfE-Sm$}@
zsEdQDw`d9x)O*cR$!BCm!9MMNIbZ#D4ajD|!JLz!YNhM1id6)q61SduXs$ojNrK9S
z6qc}}TvlMeeMRv~jlJ@jo-F4(UvBCs1Rjk9O4T3EGwMvh5|_BxksXh89n-Sh9&fYk
z5lr>bv~_^YQ)PUP3Fr?n5FI+jbdrwB$c1L!^_j?u@Ipg?AMzz`Nc-6jPmdR@oFWWp
z-(B`z9uL@`MyH2`185L4CI{wz>6KY0@Wrx^Zf%7qVz>t1sW&d?Q744WL<HJrpUR<b
z9j4w-CE70p(M;xgDQ5m~zsK<Y`Oc=az=rm1!8Gvv8=&podOeQ;fZaJTx;sc%G6;@<
z-9?=>S<7GNY-FE68=3{)Bt~PfBUJnhgVd4WR85n%8E-<5SIK&}bQ2D}j5?3DMhL{&
zSmvjqS<2z!T%tlpsT)g$+sa)rzjlSI1W*}EJeD6+=Tyw}KOJZHcwRha2s2^7=%}%9
zGgQ+kQV3C^bn-kY1IH|g+$8u`%$dHM2^Azjo#L9h6ylu%Z^}?=I3T>qhRe!a?bs!|
z*SBQ2fJ#43fB90i1qWa9NXDNI$XF7ot}2>25TD9pA-@<I{@Aot<0CrG29~QtyQ!$r
z(b2P|o9_LBI3?tivI`IGGP`MhK?E&st$ldkWYyUmsB9HsJkY&KmTKC)CjtTzsR~=2
z(50NJolkh87PSr;n?_hvF(Z;3{vu+xu8z=2v{U$*EKG3?2{V&<!E3uB24(gW=5;-7
zE&NsE1w<*$V0vEl%H6Ko>>r<sT`eDy)Xd0>@^1KGkPs}Yg9@uSq$MTu9k2HMu%v6*
zBYR}e?2a%ezDxuv=br$SffM4zk6w81f||;sjXdQ&@D>93%Qnn0v?ro{o6AMbozHZ*
z%NPU|zI62&mS}qS#qe)5x+D5y34t0%qC;ZWe`WK%FyPLsqFS@!>OjWVVM)h${n$S<
zY7>=8JIZ9<$F;H6yQLoG=Txyp5W6;f>h3vL;CfcCsM!^(CF7P8LD^(y@fEKpNKd6U
z97)$f(Pgf;&oA4u8^iSSl-9OGf;{zek5k>7avjSs7a9pI=u;pmISky|Vo8R*<gHNX
zz!3FozQpLd>_$DI${w=+OoqO0%#OFd?vldJuEHENpsjUF!zYXP3BU@pBBApr>OtWt
zs?;&H2ZAFWjudx&vU{3%HmX^+4M<lxFKO&9zqPqC^6ir{u<<h%yXan7@tGP-L5p&W
zK^)gB|7sRNC~%L{2CzSi;)ucW=yR3sHlqDxf~Wdxxfq7o${hlr$YzOWv`&%7*<D!$
zJYRI{?(dSssjBrzWJgDoo>%sVv??kQDz1Ks06bn3KKh)TTtJvBtbndvai;FM#VrLv
zcefq`F{?^&H;E$%CW;d15;4e_AM~58c*4uQMUvL~h-k%}XrIbvBH2K&#s?LC<OM(W
zCH;!7!t;keR!b@=rRbX>yO#6>%SA@#npae6{4mR8J{mYImeK3hv4yL;R!%8Oe#6>8
zfQhmJJz%SR`MCrIj)QKE`FONcVlJ*L2fGX&E)0u6DOzzisfklxb>f7qhOU!95ygmF
zNdp$S=^newNtrg?zuy@zkE5_gp`8M`qmyn0_GpM36DlPQA~V#02$n$Xw=kw)-DY1b
zZR%yRDtn#libKo!K`7?-o0RSe(%G=EG?Id_>`QIVG^UhyrD&_Mq>Z1iVs-aS*Vpv;
zp&uOA_hAm4!y^NoQvbMpfI)4N2qY<)8D*t=*D>CC@4q@sLPrhvF4YT1V94$!W&=<B
zuZeXB#hUOq753M^^#rs?rdXa-x^wY|%rL7B#ExHfIUI`A)NO?dY?u<@rjFku>PyGA
z4f5$Qc8q7APdw>JuM_Gz7#NT;F)59yTck~+8geNw4Bu1iuijb1EBzX2#OK61Bx_Gd
z;rCZnl2zCWLoR++HFunp;v1=N)u^apw@aVaKsEJ@(EMDMmdvTPq)4smqq?e|Yy?m_
zg_E#8T!4FtEX}o=Q$$aTql(WNmtmv_0I$mmkA%flG$?Pvgw?HfBehN$QDtgwwNI*l
zY5_?HGA9!k-6v@jp4nQ$3wZsEEyW?@W?i;JrSbq^CCxkmTeMMWMJu$-d}cx&eWs6D
z?i};ATCpwrpe8Yp8aAi-a+gTp^@9JTx7xJtAmOp09MWmaCkpHD-_$p)VVTWW3wuqT
zOj3Zyy$_w0GmPJ!3|(WkvS8s-x-?+3cLhpYM#>wMK?DB_{lB@!8)tT45YQY4dQi8J
zDxaF&p?^p#Ri?|+1-12mOz&d;S;5diV2-q7+*3}>(F}*6^P5U4IHA7mIr#HH)O()M
zVYhVWOr^`LYj;$@X7{pHle)TwdEBgrE{JF02_@$SN?$0BL+vt)5SnBBZPhm+?Yy$n
zpitsPJ!+ch^8>L0f9K&oEEek6aWJozE*#!{A13WE%Qr^oo}9RHuOJeUpLsv<U7Wf4
zZi$OOD}Kh2;_<wZr3IQvl_4Na4`CF9JCF-^cd8!{TMu);D$B?g!ErN-pDnVW&DAZ3
zXK?NmjAw4oLLbcZjpemY_u={W$?FHzGmns*TgeCbFJ2LSkNgUO-N0w0sI53OZz`FE
z<Q<NynGj|}%LjgMdCw{(jM?MU^Gl-XpxFdRF@n=_;91}#lJgqN2(P-$dO<8BIJG3j
zQ)jbHhsX0wY*oTx<BG7qj)jM++nnd?`+W^yxN-=<4@hS$7wbBoS=i1dXBGARDl<N-
zA6d;Dr{aXnT$IxTvQeB{ItN57Nh7Ik&GXf+qBjM*d?VR6iG<c1NKsaztSs6yuXe4j
zrVGRJ#lCNW(ks8|Qh!EE{~jz~a7Nv~tc0MrHF>11Te57}VO*Bpgx^~Pd{m-XGG=(s
zs!)k-M0-%K*F_fhAVP>WL|1=I6)61WFpqcExJ3%rWaRMo)qT34{l|F4bWp055%DDr
z*Tjy=*)z;4H+Ub~5_I@((LP+=#0rxA#ICO?E{ayNMN|Q$Lr>NlpGvJRTr)}eG4Sd)
zPHCH0dO5%DvL})zaG;X1>h$C-$nr&$@{Vq4!ePCmU1*j&DSZhv%*|fx4pW-9@EAuI
zxbzBb30Y6oZCx{a`==mRfqC2*&lY=Gpb2jq;sZB?yq&jjUxD{hBBBBfu0TKKVhJ`f
zKxB=bXp1gRHp<P~lKa;k&DEt>6impu1@yQ=nj(Jxw$<}t?(qTPv?$Dp0SDrBRwa!j
zByQMz^NIHr#@cuxP_<d?mhSQfSL`^O)Z%dtR#hR%4nnU5Zfb6bIl&Wgk+9yjWgxI0
z&+N~O>Mte!gLyMSV4ZFzh{5dt!OLkFqR-XS%kOsn<LAL2)F@vYfByGVz~;k)leZ54
z36Wq~3=K?+hr*cE|BtX|@ha>&-7GonY`O4^?Ei9`-Tv`a3aruzIWDLtgWJM<u3z1U
z_vKK=fBsr`lwVcQQIBWqcarSZcbTHkA`h2_&oY-RV)AkaI!mD!jB2qqnzt?3UV}e*
zbb*^`U<D5uN5?i}D=sC^+xv9MWeE5pThSAZ^%b;A5A;lhcq{nRO?nqI4|4Xc|GU?+
z1-u;P=bd=nz9}#kAV)A!RF*NxsVWiHByr0Bkht=&ZF%3DA&`BlLm5{eaWjO>8=Q5r
zO#enW=(4oH!?yCA@ICr=wMx}m>Q#YfbqhFDQ)7V7$t^{`)l+z}T^-|aWBGRhI5j!G
zEwS4w$du(&!^nT&4^rOb(RGhq;sRtGI3x*1|1V5pzpN9bz6ycN6U7-83o%|8rJ>EL
z*|3I$ikRIqHu7zN;pzXPNo*?9L4aP%8|{JU!86OtIEobQo{w@nJpQU`{Pl93y+!=Y
z7xdpX+oVie1$jRVHrq%y2KV?I>#+O(d=L40hd=m0Ku2*ndhxkQl<nDBup$$9i=RGS
zfm<9e1TB&lpW3iE>g0k~6dIS_+YgGMgK}#+gDpMmgsk{l&j_f1MwdMUnLjd5zQt7#
z49#%Q<p^k0cfuKH(g8rXcX$9i|K-fkSqQ^|{b}`a-l`px8_STnxoHO}>IHs}oq(R(
zX~Rr@g7F_<bNR<)f@!y*R6ii=EMM{Duf-YYcotMH4IU%}hN$eCPWLh|0-Hv+uj1Es
zM6A7VT|~SB1ic7?=GlUi{XZ;t)Q7q=w);S?#`&VG2AKo+-1gK4@VM~mUy=8>h}cBf
zM}6>AD;BpQX_VZ@pUW5b#&nj<>If;*Xt}d1VwE9p{*3&aw?10F;s|M+EuONvI?Y0-
z0us!D1ke5%C}RFC*_>W+m*={;h4;Rg?jrU0&(0cRYc*^xR-;*8(SI`(cpUqs8!X0H
zH3b(IYLAY=#fH-{I;vH71yNb9I4xzDY%8ZfR=7rigB-xB-X>HX0J`@w0lgqlKg%`5
z4dyUDZ(+=N5A`n9eW$2F0-PQCOMaZf?HX>l$G0yfU1jvl!qw%ThJto7s)av?6-W7r
z34(n$P0q5cN-iu|PY>6^N}NyxkXq4IXphbp?Zrp-5m$bi69w_1e$4h^kRV%QeiRE{
zYtfn~dO66fhO0Rm;K@yL@7$=sr!D!inknd<L}EW53v~T*-}%GZpOS5Ew{L?0H{W34
zZ0@WJYaq<lSsd?lv$O<1#FuQt>0b~jSM)y+c`6JJynaWKMW8h1k-)YtuB?K9z(BT5
z`$!Png)_$Ql8iFQuI1s#y?$;)^PVnbeCk8zQ>COAtgrY%e<P(jL%a$}5AU-ZQ(lTs
zdupt>KYqzz4DDy0LprRYiW^6c)yu1o9_;MTLby&XeUhhi3xphK!-f$SF>lq&a3AbC
zxc^0vpY@l(?@lm5n*T$PRk7&YzVKp^>6MvRH?2!%$y&Qpc|Ea8LUV?+FZXDj8PAK{
z%h`i#uK+1gvRz8JZrS>A?7H3_R55yx$1mLeAzAy}eFQ)23`)mLq*ZRx-!*d=F204i
zC0#*;nnhj3a%w}l$?`V_Z9NU*0;hEqgewuRlUQ-q2qC_+-K?-(`GEBO@7{{fVewS+
z%nSad-{}1P-5HESUB0%IOfO?k=neg1>Z!Nvg6Os!*q1z(-v@|rL{j=uXVUxUcla3>
z*932Gg`kSWNYMs=u>6K-)5@%(0L7Q?oWEU+tKZ}~nV^j`Y_a8cxE35*6$)<qKB~&h
zGcvey6PMqVFAIo)F=(VeW`6jtGL{ilnH-jcrSZ`q?~n!zld#>R(X@2c7cn~wmiIt!
zD*pNqGgH-)cd_|$#*$lUgE%}-jONnVB9mA|B3N-QqM1K`Vi|8tGfFo}XwdzOCmW*v
zfAXa6Z~LI<z~l+hhdn=R%<-5h)*$Hv*bm{}#fDNM@W|jt@Ym+6P+os=>h<Y#T<U&j
z8yxRG3naSzcFoEbNzk~TE$8PdBf?mT4x?}+<9XgU5&rx44zu-y_GiCbF-EnjVrmy_
zo$aIDPTHB7??Sw18tO$#H7wbO6>cPw#mok%TfxEIBV^5=ue#sFt$&*vv1L|B_wv=m
zUZ}_gel0*yE^#_Ut~XSM3_CvPi^mem)r7BV7X@#Y5{nJ*{0`L#A=avjCmBqYE$vFN
zgKuSMoGyy>v968vZn1rTt#O4M^xlVr&1Kt$+ArdbC#n>Js*<fxuIs4`06H(I{|J8b
zN<<s96tleT)2p!e9c2*(v?D&BPX1se*O5I2mQQ=4eH!*h66}!};gdNkefaE-6*u^e
zuITfW0jjFd+FOTuU^u*&K(~{&8>QACpiE^C8bOP1R@n?pQ&BHt<)$6BM74omhR35>
z#|uH}j}5`+M~#|s802U`jQT^AGM@N8hHb^CB3D-UrnLJJBLvgn4nbl4p0B_|6`gG0
zrpq_G*m9*Go9-<<Z!h+LLjFN~B%;U^mIQjzym3CywgP+IvC(-bo96<mSL5U`(jnF$
z;e|rMRB?61H!@r;DZ)+5WVelBlTAOF>H>vub4i*yZR!a$7LKrL)vwKCiCk|)5MxZU
zoBUXD67I7Y=+`$Og$oo3z0V^bLSLw-OJGz=h|MJ#I6^pqu#<6clY96IDb_M^xxhG$
zg?Bnd6)c!JIp!M0#TdjIW~ucT4Tgf7MtQMt{6*Ya?>yPrRE7OWTQM!d<jeKnw!VLy
zXAcq(WEnGQVxVF(aFv#jOf$V$`2i)-7&BGbW<ylB5fCgZl{6vgx;8yZRGO`E&L&;E
z$yK9J5(dZN_JP2pHbFSiNNk+D^^)uWbASpudd*H*)FE7|spU|*zJt4LQPm-2m+us-
z;^U?W_v|g-UXEC)oX)(k!QJy(J^pHJHr3!G3NQTo_jwjbzumI&@CBDgP!yG!V*gm=
zV}<m%ea&vP-BSoA7F%C_WDAdHmbShG^AkR^Hn_!@#vAB4Vw`_=FWQjEl7i0*HezCK
z$|`6TyOxb}F4aA2z>wXv)R{!0b!22I1bDFJ6jA442X|nZ?NyqPJ#t`>RziVpNxgQ?
zH44q1{F%rl*R~1DFxU6SUH4n4bI+uLNi`E`ROn>98JY;FVdu$v)bp!Tu4Py#U7zMH
z!hf|>DGW`^>-Yx?tGQ)!9B4k3P3+|+xHlu+sM6NfQmmwFNNp6K+DY|!<aATpoHQ`k
zNgt@JP0LL-$8|6kSZiypBk$0wD-5;GrR!+W6d&lS%m+mlR?D8Gm@Q}Q$d=w<2Ic0$
zss0uetf#AVU!E!KDW|~G?KNVri=T|U3a~e^TQFXbq6~Ae`(-ETSk6ZOFNNd;3Stm6
zr0pq~;eEe!e*-ubrd<4T*(`%2WWZ&+x0<tOR%X%kLI(mi*+)CJ1`8<`a)p5#$qp-E
z6wX(qaKtZ8pN~#1zJCc{3N3Rnv&kS;oTRmU`<vw04u2aKAi`iiEH0RQAs7bw3Mj6h
zFrYc^6CS1;XwKeN`sCQ4SfPv_2hqD(9+zmJrPLi<DpuJwmRE#jy8dhZoPt_MmNYBU
zeyd%YWLJI0Pj<M-ZT!@sfSvOXW~xKZ+(`cmGl^CH!Azh-M{qQ>1DUm_oDsr2w3LEf
zsH%V@d$pw~SU(I1OaD!_I;-;z+ll~1G??CyDm^}THblgs#k%Aj+elVEh&>I~+v;2Q
ztmXE=b~#$;dcC92yt2<KD9B-qn8_REsx?iAOV_N%1vpOlar=u8x<DKSzGhxuRBi|E
zOfd$W{GXAyMD?m&Et_7APu7uAWO#ihJXg6tMG+C<bm?*1eBzT8ft!eOMHF}0I{%{I
zj*`<+{nd+MF|(qQ!yxT5ui;$)7A>9xY)vmw7V3!s8TVlqp}y|+C9b<Z*|#u8N)@?t
zz0(e33$mxU>RJr;13aINu#`EnEFovNQLfhJzRbA7NV}D<KF#x~6d-2~*2H`dlo~VB
zianhJ>`AW6TNfZgslT&@p9(LGbCkU}6btvw)@SF#!XoPcMuy+jOCtB3!N~<Oq{T3u
zT4*DP*zktzI?_`zd^;5s0mYsh0RudQCc}X6`>jycW#NMt4@S|g^Ajikvi`u?2{x@$
z_tX3`XIeJnj*3XIX6f`tvt%-e9(c+^MlgwAaz+<cEI;5C=sZ6hk!o%+jZ6&(#hR{5
zaa2aS0q}O3KlIYMa{8V6Ntd;7Ed4Mb-3ntIQj2nwj=qsRYY7?V0c?-OmAFLHrts?Q
zfmfoQOQ#M!zjnIl_;TBKubQ&(PdgvDIc~dAtSYu)sg0j_+Pgd;tHU>#1!ugfm!-BN
zHmz%GAO6s$BBa;(-gvfmNi0d=G7@Agrn+-vRny`@`r~tdld3!4=O74jO&OcQ=C9PT
z6XcDEUxu{PN6{pizyNwNbDMIA$=n1MG_ONt;wpLSK>Y6a&ZOmcH`ptxbsk;cJizo-
z`~KDM`}+(|78vwxLBEeYG2VSAz60>#7cz{vV?iB<;4&iP%nSm|svQ_WtxE73Hzz*-
zh1C1kR0)2ox)heYyes3$w>-;~@$Oa25Z`!SsqWuIP2N{glR!xR4a9#k<XSvQ`4U*v
zR5mL|{Pz>yyngrqhDiPY8%*&A;_s=pHYnc&9c>y3zW+DdzVU@I{12J)buGms1T49F
zEMAL1C9KYH<!zdbUr@Q&phT|1eLP;$JSV=T2aB7Q$6&jtKj43}i)JVMwTmMCyIu6I
zee#lB{q!)$6W$*~O$z|A!Szj{mWEC6{hwQg3JLdu1kP&k{)wEyo1>~LkY`g`Tub=u
z?{xzX1{iA)S@jmlKz=b_RX?r&s;5!&gM(tqhH(7eONTkLpQY}H&1o{Y2ks=|u>Yx9
z%7PFaFjLJja8@s`&g`yXbTg2%nyV66{eedogk=-+Y*FsKpw{areE78xsTQgi(7!jd
ziXGPQ-VyboMuJ(igF5|xT%!X}W+5p1oHViA{Fs?(^R*{ZUx0*vjiW=Nm#0B^x9leU
zuBcEBdT$$Ii4)o<Oz6>68})3znEkpoaP_;M*n)>I-s(CtLUXvQ$}mc+!u!WKnyexy
z5YrbQ`p&5aJLxj%^B?<Y+p-|oJ$gma{BUG=f4xQCoYmVO{c;ukcWrtr@33`HfThq|
zS;w30aFYSQi@osLp+XHlj%K>vq#$C`fZn=1{z@psSybDCaU9w54)FU^g<c8IMi_uM
z2xuKpQLDvS0#&uGHc(3cG`_HYV)kk>O@B3+_C%pjbtrLYT$9OxX0Kc+!ba%c!_Yp_
z8{~;=E=y%=6Gq%p2H_SsZVQ?(aNDy-AWN($xqF%Yaff=?RQ#tqG<!VI<lq?9n+}Q0
z--0bWr?+C_#5i0_(Y43Hvf`%9&71PNH&PbKz(&G25k<TEOCv(riG^J~9YHdI5Pwz`
zOA7<JDVrFb#lKPr0L1^%B6ooA{vr`9SWRLwBSmo*2pz^n$O$4-ov->T;XzTT?<U(l
zc>s<u2}O#dR2RoO{i#?9P73izab#4eJ!hw-o30ld)*km_@O|+4oVX+5+*A|Kl4Zm~
zAVQL%H2PJ<?wtbb-JYrm8v**1GC~>gj<fEthY-}N&`Fr!G;%g{uE0)P=<?nXE5$}w
z9U?nNenhc-;S0%ZGr%~uh3hX^j+b$zbDRRbVLbO~gJ9B8@NsO)(69rqodN@tYe>jS
z;6Y<>{bqQJ$0LThDRpLNeIX>wiY^fhjk8<WEycB<lLn+o!dxDI%6AL9+`lNLqJ+(l
zj+DT?Nm`aQLQ6GlC;zxWFaL3Y4nUwXP>2QzFCw{<c*hGWr#q)>{i8|d6&~WCJmVDe
zx-b@PB`^hk%p=ea@sY5y8VTyI9Kf>5_<+3Q$jX!$v%ys!mcm<4Qq4M|Xoh);EYnz}
zs<hb}Y8}-+ElL3E#Vanw)pnb<7R1a($i58IY4*o>Xe;;OpFTLS|5Fn-lqy-U>w9ze
zv2#W)qCl-bNVEjLM7-}(0wnm56$>TiH~299cGg-cfv<>Nj&TS;ZV4=i!7QDyj#e!j
zv*M*XAKw%eR<FgF9xClE+#V??1AOjwNf70sw+w@%<@9mUzK!<IykOzYd{;l45jZmh
z7wNUKA`G|wC(!}t-~6CVPV(sL>j@9-j-QUot^%+MB)`O0%xvU;E*^R`4p0lo>Noa>
z>wa3}%%v&(`QRR)A=}d0XWRpO(_1X6^UDO(#<gj;{b2C5>Z|tewb>@y&fuMMeq7Dm
zj6{y2qJX!@1eU*#Ype6Z&g-8|4vFDenJ+YW#<|vV)sb*n310lmew+(LY}1^uNm#w)
z3$S^Cg~;q;jC72wE1lCqcGJpqI%^sA%em|YBc=q4gl-TPdA&0R8kHQ6ZYf>M6l*#r
z9^S?`Rk}2eI+DdGuqBi=BE~iyK(vFd?xTgocavr2ov#rZAsN9IUoB<9Q--mw&Yh4e
zoUS8Ru=DMbe?eBE9q@-rYG0om0P0>s#D1p$xLzsn9^EVX3@)kqa;Se0juJF~$QG>!
zuk=!QW{U^*awrZc!!pxA982H|ew+@QJHwKuQRc*my8m|m(Z9ST@Of$eEI7A1n|CJb
zmRX1yq=W7n{^^GXZeADyg>r$%41)x4(E)L33Q@uarBfmHOGy_6gX8M7+qnUP9|?wW
z5-Dxw`D~+6r^KdObwg}SzLZvfyjS9tOasPyR4xN%I|LnO@gXiS@$+T}UmUTvf8LZP
zVSW45X3I7mKq(ggnJ`;hw7k9&b$#uBlt_kT2n<~-t>Lg2?&PB8%!dwDbE6I0u|x}~
zriuIs5c6K#IWA{)4H^kcakQ(UVF-Pwq(pWQj|w*z1}KeAHB^A3LzBJdMZ_q-NE{;X
z1>hFem0z;MVw?ZNflicNiop(;=w{60_8FDCy3-z;5+?(bCNNRK3KU_#Jzy>aHY&#q
z+Vjp9HGRqNF?TjyxFeNCagM!>zog4k|0~tM@qu_18@DH1pH%NJCR_cxr*`1IzlwT4
zT*2QHH+ghY{tFBVDIb}Ld2ERY?!@`li9+ztqmUcok|qt0E4G88IyiS{n9-xs00PfL
z*J4g-G|DAoSBm!TyueFKWy4XfyhpM3xTg1dHa0E^n2W&>B(QepS0(uaGHrCDJO9c8
zNcA%pJi=DtO`l1d%F__KaMN1C+^zat5t^-~*bqTZ(~b+spU`+)Hk}pACi5e1TFXM~
zXCGHe81(>IXi11Xmxy_Ip@eBDhCWHjQ0Vuch8jM&jk=rYpK4a<<`4w4vM4^&NY6vl
zT<eVWZ9Z344U(0Fd*oZn%_XwYOwbq)XsrCP3sz8hjx>sh515)g2KtbVH<2Eaqs8n}
zFoK2q-6jm#;gS#~`<<tWCRP&y+{iEPTNBExuyl+GvW<Agh!bo`x1Qb@V8?XuvBSY}
zseQ2ZE{p^k<jtQ2^~I333up!D+JB_Sh~?$)QbA{QsWj1@t-@3q1bM@DD|oaPn^jpE
z1<cx`yrr88*U6Kf(89Z^d8R<*eV{`q-XNEfrEc}_bu0(&rLq_1OV=K1La*hgzz|f|
z`raObyl<fiCn+Rwt!u*yMYcYYm3tzyq~tR?uBmqSq-Cp7?6@YLF$be}<R(GGJFB6%
zp-u*k5B?Fv+A`eavBhSDMQ+ied3X>*X}o1AA_CM)h1CtAPS~i!W)eAZv%~0VNx22x
zX1jx+z4y@NSM}C;1!l}QGSw$?4y3aWA;L;wOj0lORH}2~!rX57Qv-it5S^p0A_i*f
z;7B1Xjri4D`Z(}$az=Z}H81dt>fLK$IEM#OB#{Jvw~fD_eu1&H>Rrb-PP{IIfT7c<
zKV$ggsPsr!@l0);e=99JxBn2!F<4^4=2UzDS5u)<Wg=2(kIVYY=ov_{(A8S3{VH%B
zu$$bAeD||Qv1LPK#=B%P+{~RlFY=G+bpH%!kYyztmB1F{I6%zE6<k8dy6u##QE@Gv
z8-DEqwP|HhJ7n<cJ)LW>CWb380y+<cefM^POI5$2h?{D_;#euBEBRgx)RfLDlJyoB
z&P5eL+;#)IPeIW==~YBYmJ%d}RFb}QbnU3sms_YU#<<4J{u}1z?#+qnQa#=!PTy+R
zmDR#U;NV_?Pf6QhyK>P0hsA$)0#V6qQAKIAzEn8i=&EC?^3Xk!Le;_p&kv|+oxs^g
zeGAQXh@KQ5QxUnqK=9`6YeD`=0rG-WxN&qZJI_Y!D*Zx(xP_%v%*ZRF58V|UA@<tT
z!<L|Vp^A};#yG@LV4Pe6B6-W)e}x2W5-Ck{!K96GRxgnDb>vgf>Q132{7Owvtx|~{
zdxlRw?8g(*FN&}pQ6=tH+S`c2og_r@k<`*{io<~$g_5}Hh`ARN&Cyw@3iku{;Swi(
zyq(<X9!6Q2>ujZ85~<bHkHpxZfj*35Lj}?0YA)d5G;skl!mo>wfI!UL)*&vm>;+PR
zB|-51*dpN`vmRoeHE3B;d`@&-OlagOg0)#lAtKU8>6-oZSMU3|IG#{&Gaj27EpGxI
zw8{ptei^PX<;I%UM<OZ}S1Yk%Y;Mx6wKrkLXQh!Q1lz+{S~Q2Pyo?X6+J+8ZLLs>%
zbm`$|*z82eqJ&vl>qK<S-HP<O=4#n3OytJFB~nVsdiS|AG$R!gf-rZ+wfZl~w^<G)
z(=Z(rdWIgD@16Y|TBu<EF7>?e(fWtow&Oqhe1+^fEO6e}XhTbrdxDk<WFgX&NeP4e
z5*hc?JWaBP=h=El+v}2L6%I)_Q+pa24ii<acJObT->gJqq%Bo7666+NiH<3}uqDQp
zSXOK$sR=LYFCuQ`KQ#Zwhn)y4AZiF@yF}#t){?v*{4Cqn_#TD~0s{BbCldR^WV^$h
z=C@{JT{A=<R)3mWV!b2%3sfJ#UQntZ22p6Vai1q_<A<Hpe?U#Wh4@cU)6<8HWT|6v
z%>Uy!dGkL<+pNX(y1|Wq&RlH*uaoq@1K17htDCf-j+pkpk061yMm#Rtw~+q^iEmyr
zT0Vn~teywfeQ^JE<eTps1d{jRJnqD=jehmn9fHNv#6*o0>63O2PUwQLFvWOaUn&rZ
z8V2Gmc&MN7fPaAzWZ(PWV6c0SFQx#w)vIvH979;wL?vHpR&<lO#MdkB#dZ1baV7z7
z)jHVQy};Kv6UM%uf4sDFL}1l0VDCRw!%MuD*I>X~72B7Gvc1c7fnE6Jd7iAU+I);Y
z&P_ryC$Bgygi_#btat16w+#VxGQzp?z{lM2@dhv3N@2=C`vcB=RA3VM1p)ucmPBYB
z_Yh~lR8p-Go$D;vb(*Q4<gTd$L@;XA7ajO<f1EuRf!^p~G-0DO@!|A{v+v2r@UX50
z(zmM~Wh_0c((d?3$@f<%drhhvr>a2SF~p^Y8V5Mqgw8lR!m1u&XM5jd(D*jYm4@e(
z^)`H1Gr5!3!U^9LnpMPOyjC5$j3ZO9aS6fMRtB&4FcORHuax@}1_HdL=imOuGD^mM
z0H5s7f{fN1G+e=q6-v^+Ps9TvA>h6~MS-D0{#$;J%m9t`n8O*QLsx5K$O7cbQG&Bf
z1*~`5MgyYqixX1_ceoFOl8CrMljz+wSekqvH3Fo4NGxc-4{s{TUgL~lCwJd2<tkcs
zSf!EJd*6ncn?X`{N062p8eTz3mWP6l*2glN6SL-d`E%~M5;gHSQF}YVmQs7J{E9Y?
zDKk;!QH;vJ(I?nhT6H2OEBkJH4!34lY8Giq88|GA(@ss+EniRumw^7Ok4;FfQ5?<`
zY)RMw;v5m{lhXBUWv{+gtBp9m%I%4%qk5HKFN)O**@8(fS4`C2t%y<2k6Yq{Oee%N
z(`FSN7Fs9ef=fCh*yC5OKf^{0puI7W7w^MIH?T+ljOH77u(AjqG06L2HW`x%s^Bh3
zIaGwKWn^(|Ax;7mII!1LVz}`8xnfAAy|`gA2M%8M`h#ay{0~C|orZ?(Z6s2p_V+7e
zik+P;lsda`lWc@n>#&HwxfiNt*R%LgBV7Czg9wn#GU6K6m>VPNz49Hc$JY*z%!}a`
z%z7To(W!gUa66OyOuC)_AXpNNvc3)dO_i!)ul;Ng6M|egi3q2BY8V{OZ%`YpXPt}0
zvL$1v8P{liU}qzHxZ^ea1=uj#LpmTV96EHNHHaYs-^q-D1!dxTpDMXmbaBGP&erK(
zD1Fw7g_tM(w%$syh$rH{6Cn<4@3^r{;~f#iuSC<{`GnHh@W=A`lQg7$z29fLjISY;
zsaB=pYZuSxrg)Zh@mi%xnl;Y<7Kh^G430xFBK!Z0LpkL@zzZDjvPtzyDCNs2R5(wq
zva0VAFRs*g8H;g?{qkX-8#|0~+N@NIyBI3s8ZSyO9shV_CndSDT1cq@;T(HndTO-F
zFoZc)RdNf%un%kBZCfeBMf`i><`*hqi~h6r+LlcrXgi3%FQIzNKrgR5b%WqkpOcc8
z2ae`vZ=S1XLU3dJckk2F<h+yzTFLJ$baRG_z!zyq(Mx%K<L!n;5Q>L|W|pv%7+cYC
zg(Ltk4!WlBopwTo!lpbU!>M+qq}C*~w7fF!FkAgp`ucL(nHE7v)=$M%XW<HqXfLZ+
z8s>%S%BE~KO5lFt%#nKn09VHn?Qt=f9mxkAWO2w%GHMwMO&(l)C8WxG6ZHPZS9iM_
zZJ+T36KLA4l<L98SNKZ(In-o0hJXsC>IW+rsjiVMEz2mI`v!qbNkajg_f~3qW&s3Z
z%i~Bj28V+*(xX$DcNRL;&&3V{{^=H~2RG&&)&;fm^8AqxOX-qmaD#swsz46kz%+u@
z<l3rmVkrix$LaK$f`hAoovMzY_<=9_MmH9$4J*b%Y<QazmOrYqxZU-4BvBaVsi^bU
z4wRcPyPNN?X;e%M;R2FyFs(*_g?@lrq<~0^BLs0t#G!ZwO$KbrZF6Y)(odz1D^+(U
zMNvH$&+L~$%+}{~;u(Yc^l_df3TXqeeVgn?CU_qm@`wZtt8w3}Mp<Y+gfn*V4!rp@
z0l<ReQWZFmY$iH&QTe`JoL;SF@bAWQKi^!_x<BlLcgqc!XP>>8;;`L7EZ?2~+C|~}
zBNjGD9*bVc^B1i$CMIW*JfrZw3Nb!$A)tx7TZZ>)<GL)OrUIap+GY0Zm!1t(-b)~=
zw!%UdM<Pv_MUHS)hnA&vr>ySATN@?s4mfH5%$@#)JU`yD4NuOVZ?3zD6zAcC4H%of
zR9tUO445k1oJ>A?l)faUFV7B~Esm#q?rTdF9pJXi&3m)_ln@c)`7B#}kBXhB?zzkp
zd@wLqZ}iZM)vEslB^yi9b1eEB;wA#ifyMykL-lP|q82=xdS&oFe4JR%CPk#C2o%j!
zzK(^dFSe2>HAji~Ya+{#=Y!49Pou+pjnW(S=~YR=oMIo4+z_Xh8huVP25(gjDo_TP
z!`l+{Yq}~4CCRwld&^CQMRM+U(hTBOrp&={EXVaVT7rk%_R|_BI^;G4Kf_#jJ}L{-
z$eQ!%QTG3mMJ1k2j0Y*?q}{Px)8JOIhts8-i-~D+HyeaU-&s`f$Xp!oiZTph9WOqH
zM+5~(y;h`ce4<30#-%VEWi8L&y_lfNo<(17_YK{B5y{=Hzm&d|ef@cum3kQv?}Qnr
zxNT)69}LAACj{!e{g^z3)*S{QH07iB*kM%u;$F@#*wkNTDLX+Lt(QcF`OzRV8z;I`
zpfNu0z8qkC(EKwhXEw2zNNLaiIam?I|6*`ffw$W@<Bx);Vrg4$#epNN{(11MAj<;S
zqrgC~P!6difq&s>e*R6>LUMhA+WajFaO@Jfq-n}RLp@}m>KsFR%*v{tHj0o(4P<K|
zU+jAvJB>G4G`-e@^M#Ja>g<*uH@euWu$`m_Wn6h%RHD^(A>J5kFZLt8`S_Tfo2;+n
z%#GUAbOF^F&69LlcZk491BZ^M>BvWbqjCtnBj-iO=Hd<cHeKSo4&RsyP*6TQccr=z
zRW?T?nM`@;!BKhjNC@7m9O)WazkS(2{~Gl&loA@Er;UM(9_QS9ddSy9{o{-N!X3c0
z>4fqs2C`r{J!LadhD={6{0MG*(%P$6Ol#v$Lbt6qiW<x3E7IoYpuP4^&N>LeV-x`L
zPuUm^GV;&xS%A%bm7n|21q7&MiYSnSLR?K7ya)=n#ZzgyTm97ADhRZ0OLeiZDYafL
z!7v>QJl|$D17~%`YQN8rkyJ$HvHLBOz`dLWt0<y1OJ$ON^`kcT5&QL{2ZZjC=OxHk
z3#vY><_IbWo&D-NZqs8^ndV}}<oxX-J(~*HFWsLocO2MJeTqX@slWo7N1|2c#$89s
zL8;1Orn3HVy1MCjD%?6*q-=fy$Ipkpgk&X3>wr?s#RAOfwDJsxy%jIa!~$hU4M;yh
zprbkkiS;04$~=LgvnxE@UUXI}HR(FOT??HO$h++bdyu5k%PXGdqH40g6+m-6?Cej5
z8M53ga(auk`|D3b))M7wu4kavZJBB+%gx(nWBC{v46nQ3=ZAr%UqP)J5}LoZ*E;d3
z&G3S-Y-v(lN-=gs&83#Ut6QQmC`Q$MP|y&Ov(Fv+h^kK|s+rzssdhzysIUkxRk0Bq
z?c5by2AEew6#wy~<{32csJ5;G_E-Oyp$-L9_0TeauHJjJ!Iy{y&u-s_<eW@vNLXs^
zz~wEiU9(W!<|#HAbPE%Q<*juGlW8AJH9;R&DU?R&rILfZlSy#zaC3Mxo-!vNhVF3{
z^0~jGGZR>`WzDX^h9n(&(ET6gzA~t;rt30zkf6cco#2Gv1b24}?(P~OxVuAecfGi~
zyF+ky*SREl-ud2V=I8vFD(V)uICS^vb9(n$YwzA$ub)9Bco5C`I*lEBHY_v~U~%GG
zv(THVil3LQ;%HCL{KiNPTU3k{h86|SLn>@6v84#{57{S78Y?R`c<BPLS^RhB?nUf(
zH*}+>wU$25_7*wfv6q%T@sDHxk6`Z6M^Kj!KaeV>*Du0<mFQ7z<~qIGVEmJCX1$Cs
zGJ~=HG4#zfMRF^@%IRI+xklXh;PZ0f^b$t2D#HgnBW0DLMrkiQ!jcYAh+zo($wbtV
zmHP5Lni*MYE%5XS6&O6rntyaOoEtEphApSH11lP=EU8XOU`kG%W|@cI=jgGqyQ2B>
zA%S2<S}<h;MybDhN9u}Bj`b&|NuUs9hWr7iXkm<GTaB`Y-7uveQFHZDYL04UA7{Ur
zos;QMygcX7S5e98112XvwUm7X?a~Ft*x*U@#pqMiYbg21KzSrVR*^0f%+`k0z~gTN
zo^S}jq%{7uR)Zq;ve!=TaD8t?l|&9X_p)&1+?8+}n**AGiLvMG;4O!BpKlWW$>;a8
zw>d|PxsE0u2b_svRekdjf|f<5>B3d%14?gdmD^GhO$*@I2q`GbJC@_bxs*uW64P92
zSvwLdz*H6C<n0f}QKvLkx4+tM1?K}JdPF5Z9k#?QnucpoJu6r}Wr_CRaZ)5cBy`nZ
zr@wESbRo}SY<U7p;&FIP`_?PNFlj0eDHW$>+=vONKf=|Pu#No_ScUMH!mc35CdA1#
z58$0DDARkGF6=0&0y9Idn!1j{whpq2O*HnX#7AG&p`!WSM53o#S%y+~sXIPVM@_0=
zD57dcr@<YE(ZS3Kbyx`MY@RYTm)AK^eE;-&3n)SaCPFPO%2k)@GtW$ErGJcveShQK
z{(<0UmdBx~au(=~Kl-65l>I3%<*kDj1*?6Zjkog~&-88rlESRi*6Bm=hDfol4q*l;
zy1y#r8wB_b#_M4~a)wumPC%>wi<ttylpuTOIwh%-GW~@3bLs!MV4eg>A6bJ~7k|&e
zJCJ``<JBpC^LQ$*fEfNaaRq8p|8M_=;)z4xzjJ6ZGX4{)nhRj{(w^dZdBXI#UDVk8
z^lx&_tMiCRp@V3Wy*n3^a21T#M{*a{`nbXFVYIg5A%xFG>iR*iUkKvwvHy4fxqEX$
zPynUfTTrN#`(tXWJ3DRni~8&BTYCAn2?Rf}Y{dVgr}Z7g{;=OCw;u8+yb!#;o<1L-
zKI`4-O<+;{jyZh?`ah<%fdSl>Sis=3+aV8oF8o9$V`L`Hznf$W<hA@!KyO9$<tq7Q
zcL_Tf9+-7>*-C~~-<kjU2I+d(0a&0!jm1uo8C&*t{fB=?+UPz6Afn0M8ktj*+`@G7
z93UMQXp?-kWUr4gX2KD3N@^lcW;k@7CYf?)BjmL;5I1leU1Rq^tWKwsm!HDHmT+*G
z`#@|&QxfC2iZN<}od`h;eJa*WJtJeiM!9hMZTK<gmY$yaRcfFYZtd}6^T?3lu_s$N
z;w3j}^zrqL33!Qb9WkQMxD?+*d+=&c>~?txvDrZWXI|fd{CR)ob-|Tl7|{g+Ue0Ml
zGiguED*k;9FP!&NEPHL(&5~?we#W@4JL)qYlGV`j6$97P3-!~9%n#(zf4_JQ5bt9}
zlA0hUzYG57HT_3~;e~$dQ8|n6BgFrF4)5N+n8O0!@w!~{_J6$Ie@FQa6k8Z5!t@df
z`~Htd_y5<w+~RrzpSq?-Dp36aAxZAD_w2Zq=E$W2maGw<6Sd$yw-(#}ERtLI0tHB9
z*}v0xAi3MsS;~|LczH^M*v~!qZK7GKdzGNZs*h`%#o>4V5j}K}-cr}*LPfmt;&Z!*
zl(%|Ht!V&iS51MgrYEY#1O+nJ#ylojm?ua@(2E$)lyFx^^@~h%S=t5`Y=`}IeGD{2
z(pprm9AK&^L1|yzys!ldU|c4x<0N}-NZ@CnOJ1L)6o%ti`eE8JDFP{!F3pwFeV?(q
z+mTp|(nx6MvvjzG2HOj#Un=1EtkiP!l3c8Lt$=>tSsROr-RnaHyw%C)amj?Eu~5U^
zZDeD#EuQQ&_1pd{KS=k=%0!|XofFNbOZHsjjbmW8BbLBEUXE|0<g+Rhk{#VmbhmV>
zvQvhZCbpM$R)QlX>BAp%>s-I_BE7{c07F0^fRW)7DOV@e5y0$DZ#HA>oYsF5>I&84
zWuND|`gf3!(ba6e_BeuF?wo@!S95>^mebPWxXd8B+j?K`86tx9n;v8uLYfupo*~8Y
z)q>gP9<35-5)D>t@L{Vu!FdmZbW+GSF9v$XQLLZPqSjFbWV)GBu-oYL;ViJGC2z@0
zLh_N+c=w_-&I>EdSm+x0hl6a7nTJF+bY&+7hpTYTx?FuN+-{#<Uw`OKVv_{hN9L9X
zXMvde_}x8{HJt^_+W~zvtPWWK^z{<t>)uJx=ti$&s^w_`?v=-rsQ2M7Xxw4d1Bina
z9i&os`Oi?(I2_x7utQZyvbOZa%GAu*2y)K*6SB<XR){?_ETv(NZt!RBOZr|VQnBD-
zPUUULKe}oEtS}XZ|Faec35LMyd8F2B8$NNJ=fmqB%d?w(OH?&s+Ps=Bu)YmWRAKN3
z0xV^t3@lWocM>Z8s5u?n!ar_E_5((cWlz3x2QXt)_cgQ@%jt)9qPa%>b#Fi7)NZ^N
zoWA;g!!Bo#tkfLDu!W&b$h1Jt?(QVT)rj^rbe<xm+PF$IWWremSLX4ja2BtDGCok>
zkfsOt7>A-{4wxk1!_Lm|rNFz&@w9Ba^w4Fkux}d^)GxK%^p^|WT3rnbEPX_&<ELWl
ze$V;G;U6VY9~!SL9%*b(Df}JU4w*Er(xd^>WL!D<$$bUGBHRsv^zy~tm?!WeiJc(k
zVyl0crtEY)T#$MzNkDcq5MC1eGlsNfY}alqn>LeP7@PVk2`BiiX42T)rS0b{+GI!3
zd^jF!dWWs5boR~f{kyT8BY>5)MauT^ed1NmP{&^{>vb*3I_4bUy3ZX0k%bfXCQhev
zW5wUu(dTGdubGmT65Pm$GRD`wF}L6tN@;hW>jIPbR<=eP1=tJu7U3JheD=V!2YdPb
zZhvoI5g>5-@RoxsMLeoH^X^xh)<hRM{?ucWZ9=xFH2zfAY1@*Heg6)y7zQQQ*cRi}
z;835mhn-W+M2yBzBXuvx;dXX)6`n<@xg?zfjR<v%+QQ1h3^g(^L_Jya^uPh80}Ij!
z+P6n&VQMuhC^D{eV7sSSYhL7V9FJOc(>r&IZak-uk&`_zmm`@R;<ajWwy4rpHSyKQ
zK7p1jv2JPlM68=`zd)vIPRP7zC3m7kD7|)Egh<??Y)!gGP$lRCQIwp}%K~L)QLUPI
zZu~&?Ng%ONx+*$xuqh&+qQfJzg$Ovyy6i{i6i2F8Xhw&d&-`qe)-c^6-6psBp?u~Z
za=Com>a}3MBp1tEOrPUIQG5d^wuLO00FmKI6wg(L{YFO6vVPk$W`S9?n*OaiarVX#
zZi5p-Vf8imAK3H8{J-|2IH{GQ0z(SC?Q?Pf{@29Bxpsr@g$0%4JCzkvS$0fl8;Nmy
z5qZk_gXR+Z@+?L)?-4n}-EHFEuhD!3db`TVhqgH0RnAUQhRe0_{9<Ucf?TvsG`K-;
zLwWL_Q7+=iYDJsXhZ8x-J=-3Q_-^y`$N%8X5du8kA4`2dgPuxvi#h?!lakFNX1bEG
zclj-nJ3-xr3qryEJ8BquFFeCYpp$%aWh&$>DruHnT7)UZX24u29MPt57N_|KKUuu5
zWy9L%3LzJY_)ar@by=Oti#kQjMfN7KSw9dQG98ic=oGAi__GjAN#(K_e8JsGJpAJF
zM8xgYP<r}l^bz8?@&#`ElpKjk<q{12M)gpe@!PDXie#zjxzSgb+sV*5B4W*=#uOWM
z1$XJlJ@mT8a%_cMQ-@K-0kWBm36)nFEjzs;Sn$0QcUG>P2txK~{?@Kn{BUHby|M2O
zFE)Anz9B=bB&oNc4<f=P!xyO{g#izfRtJZ_<RQ`8^I)V5o=s0MTQp-lT?QuhD=&W5
zd$?&xC}263S%(@Rq=ScC`nmgl^!ta1#{8^V>O%yEl3`Bz6rrt9h@J)v8zENVGV|82
znWZ-KP5RmN_7b$dszA5AKpTo-HhQMKL=|W^hTTp`PXZGUGQ|ekA5gYT3vMgFW80%>
z=8rcHbkwKNHt*DYVGZUkYRPGHKUaQWufI5e-P?=ENf&?&GxcjpM(0?>F5bY{U`W-R
zn*Zj_6`LC0bx#tNublNkZcOUj=HSc^Lrp0;;Nn3og)wlWeD+hV1Gr#wLG@vQfv^j@
z-}q&=J&&xKL{X&aoK!JGD9M=xUg>$cv%aK+2&V9ElOK9u)1h&q7b}`7IV|dp;DS<N
z*oJBZb{8R^?2pobNhfY>S_K6pc<9{p21<d#9;K)6+raFiDh!2sqMIbS1FmsYamjIw
zsIhvQ4l4mAYlYKrW3pyaQ&IxN@p#yZ3rDJU2_x9y!9r8cWgZ-w(meWImSqZ^9|W6(
zSXh<RZuD3Mlw3t}#K<a!K|cL#9#)~~clyY%%bHdj*cmLE%M^{)J^XR(j-!RqsyLM2
z865nNLjc*E^aGJp)Z<wF{`K0cz*-C1(~IbuyO{aM=lIp7XEVd1l`rG7lr*|y4O&aT
zW@4vE10Uj}vfe_kGx^6dbko>A0d_O<Q%`NhQp`2cx9`nHw_Vqc@X#I$gsb*zSw5^*
zbU5#fB>U~>zI-mOWgE0ey{Kdr6Bl51j30I?8DIR=lkM6cMOSTJtl<lk;jIUi0AkR&
zDO)q7uR&qjTKTBBw#VlUBJ{4)uGQP>;fswOOlBno0BajDob-_94b_sMxwT|`RY7qs
zZ0+iWabTztsX{9z7^8O-W4*sJ^Ys)PRS*snq*qdY?*YZ6Oe0^)swubTGhImxIC21G
zd1}K~@{A%)qBN@}g~|JiL{izXlYM3bV*7{1$^yv0h<3e|pu&9+hxq!8XEpR}(Ia7A
zAnP@w<r3OvbN=QP`pL2CG$jT9eaiXcJ-Nt_%5_K!^FW`>a%FfQeZ+(#$k>si9vUO|
zA-=~20eTJ;$UcHHWq=PNge5DHHvpsOXP+A;+57Yi&vfIoHFibKm6=i{r^DBb`@zte
zgEF3cZbePa{L#XLSC`!kwce<5xG>DC3o-wydWud5r*kw`6)`^>2pd0EGsGH>u$v?{
z&)3YKQ9TNDgyv}%)w9@~i6z^O$G%pq-|6RwQLd%J6P94Ba==<#ezZx68&O|WE+s18
zF?0r^S_ZR-EPj~KvLc!VQ?>i`T6m40wWUO~2oaLKLcKYw5E|t&B0bd3b}bysua$47
zGh6V3$PwzOaktT|Fv$0N597zrPcd=KH#Zk^V+Dstog_`k=arVPP*W{210&QF+A7}#
zpV3Iu=h|=*9aNC+RnUxQMmzZgRELeXNvuTy5R1=>>r@a!L$~uJ*O?l~dRtP)uzaHY
zZOB{je&H|dwAFjl%hhF%CKK9+`VR~7Ecd7>;B<dVjheG~>%&Ib1~naijjZK=5^pox
zqkX<O;CNtC|G~Y<^9(S&1(a)sMB!Uh3afQQaR#&CeQ!#Uyk|<=AQKz})u(~Ff#=U9
z7PcCpv2=(x=zwRceKIBg>?j&_%{XX`l+3q%c&+KV7QTyz(ufyh6TPe^%Dkk2$(pH|
z)|+=qrM~Kr5JrJs0_{JwBM2;Z4dWu}4E3ufclfcDl=#SJuPQ~{<Hr;lz=gcUz`b)=
zA6Gs}IX-6zlyg|3DamCv&KfXJM~qf!Ps(&FJnk@ZW{IB>O{_jq-F$R3u+LhkOr0Y{
z76apcS?Hj?Xqj&yZ+E@(QgOO8Em8BH@BS`z4h<!-C!UuTeH@!^Pp9MN)2;--{IGIN
z;*`v!?1RhUqn2|I5p_sD{Mw_|f}}cPPrAa3qnG}{7nN1f!>>&^gZe&El5t~peIZt`
z$vq9Po7;HkL#bByW1Tdut=%mN-fGWBB)0)kh--gpgD#1!w>;jSzE+m{eFgBo1OKld
zg79_?jhzj~b{53{6jA;2i;6O+OyF#-Ap!dP@Bb+f`&PuX6PlM$?X#}_zlxPsl!5<5
zEHxY9rTg!ey!}wV^Ve8+_y4PB9nH6P=90ZN{#Dx*mi(Qc@vp!rkbm{thzx9}j0No9
z_kbp~?nTQ9^)?=Q9?)FkFU6>oQ)Y786%1|m%Bgbud!eR1aM#JG!E{P-Qlmq$cH20P
z2Q^;Hj$VK{f83%|{22D84Wd#yw<)1ma4u6NcoR3Z!Gj7Squ=-8eM}muM%Z}0Zgq8)
zy<~s=tbDa;fY_flnQ(QN?sl?b_HZ+UaOFndzu^S|3G$JlA{bi+Nl|*V@F=1#3rdMB
zLKI4C2Ib2wO1_jw1`t(<lSRIQ`>yadGuZCaclEoYQ1`~N)5!mnNEN$t<?jRmD9+2?
zM?(z+B^jT9EchJr8gb=&*L*VwLd9uNN1r_#Kby@OaU!6-K87<VHDr7@gQDaQdi`1T
z$>i%8m6LrdthsOWx5vaAL289#8*;TD4qS(W%Rb2UWh~&oCr*bNI!7jOH6J0vL+W+a
zO;Y(v2i%83EaJ6WY}~FCJjnK{W;#FNn2q=wx>J^bFqF%|EVbH%jPEtmmjkRG-|~z&
z%Ax8()Cqy<uk}LYGj-`<J7)$Pn76^h*<$lpGg3v<@DhsRc!CGFuCYT>GROnPsRjlD
zLwS&CwJ1e(BPFGy<@0R!(vgl?%dYE!Y49H?dH6cN6hyPE<w`{qV1%!HCh-$bn=|;#
zaiCUx^Xq+fTc0|Zz3aVYfNM5;1ldOy|Dn-kx0XyJ#WUX#r;5{jYT<a@{KW+j+_*(z
z7;E}b@U~$cCm#wEA5(~#ozAB_JPf@u(U>iPZ;O484Do5m#}{04W?|KK%zNWjp(xu;
zgYBM=bH^=?jsosrJ=Q9@HT~Fsmq=X#Zx+A(VTb&~<(T#a4;{}>VSGQ-EQGzxDy)07
z%r#F>$+-+q5vRQm&vnd}oa+kmS(g4`um_cbhQjvmk|;}0WEr}Ax%A?H@fny!(DFmz
zodq!k!JVuWAZN~S{nYhLP$b6Hq>Br`!>J_wr5j+1LLo52b-cP|w35Z;_{^Y6y&!-I
zL!q5ce+~t0t1OL!6-Xph5*udBd@dR?=?p~6gPvbi$2PL-_p7u+WB|)aXV6ABe%DgP
z{Er`kc(`{b_?orJ^kfSVaEeMzqnlT<=%^>OIP}jqO6lo7wPCn#QL8jIKWqeUi;{uB
zpyvz@l^I=NLT6`(zl=E?Z;{|<=ZGUJF~XPrG>z_H%7iQpvmL>dd5+!VUA`wtR^RQo
znB9A7&O^Cg{Gn;sR-!cOo|uoTnX_*4f-15m&V)gO=>O?H`2Fkq*r7JGP!!Vot#3oz
zAXY(GcOtKG%5>gt%cQk&tGiOMiMC4yDY<2et$YALrZbw2qGdXGr6$6&9j)ysd|;yo
z6&irHLP9cK40*GDj9JLCr<fQ08iYMB&DjOYfGWf8wL~9xjtunOIoRJPXGj#;P}q4|
z-iBur1-s)c`Fc6}#csvO37~HOSm$8b6F|z+;{NM?VhBvjrNW?gGKM0Z0*aIFG*#-0
z+u^9Wc4CqRCe5A$;)14Zy|aj7|AckLkZ-0P9?bzyQesA5zKt=BzI+Z@eBiX0S{w}L
z&yzZV$JA%yS)XZDVS_%fUfXcg^(5pVG3QP@(twMSK)0DO+nHbwttr`WX8L{yX*6*Q
zR6o^yLPs>~=>b~k#p!U&&tJ@O4xC3;G1zSllwMSV;_h%L<d-)IjW6=IwkVm7Cg%@O
z#1qW6r%f)utCXZVP9_n}s9c(3F4)1V_c~jTIZ)aN7|M<-xI=HwgsC{?Xh_yU`g2E@
zH<Dj*#ZafXb&oCOXrI0>orq8}ci)L_OQ?k#R}H$-*Cn(wNUIZdYF>WOQc^Nfe({to
z8O>(Q;h4$=LGL(3mom*M?d{ByN;6Ly1uwXtcNnqo3)T%{M&E4hvb9^}oFPWDxvx>z
z#4^0tayE(UA22eWw*bT!!%3r6UQi#$7$CBVe9Mq$;+*tH*)nvqSg1iMw6kQ(0;ht|
z_*~@pDPD}S{^|Z$oBtOW=%0-sgdnm2vB&7a|K)OS>FVqgzH`S(Z2Gw7>6|J2bbGWB
zo;C(ocOW5CF=u<x09*m5GZRO)(udrqvyGGZ@~6PKfZEKY<#c^VZNt7xO|I|#6xH5J
ziHtqCjr3seSSa+Ic&vDJe@NejM{*GM4ks8?6vlnV?5`)fYw*?d0>|o~!e38^f^zeg
z+4M4o=%_OlQNcT7XICQW+&#8;mf4~FDPK_+gT=lBqBnxua7p957X39=TfOYYCIsq-
z;TfeEDK)Q<8}eZ^3oqUP*};$DI_z0p(p(yVtCPas^sc}+n3~sK*aJAb#lihtUDd?c
zBTNg-%Q9&j0x>}2r<y7frT1JS;l=748C1uGVOYI>=+ucbq7t1Fv6@PxQepcE`RZCK
z!QQljje3<;$&r(2=6>n4BD6}@m*M%G)WzXZ9>}X@wawcDBPJQaw({dJWh!HCn1k41
z{fY<AXUjq@t(C$zE|rO-gQYa-dE8j`9cmS_ppyINz=H3;cl05$$UVjcl5wl!)4hWb
z@+-{Of!zbQ7mw4gjjd9_fW*Va2V$nsR{m_;jfLS$8UzfN@3}`9jOsi%GHe8pV;GkN
z@z35*s`{0zBF$YGhXE97t9j6=KX)OsP!hb`(nV)Y`e_cV*LTekqD3K7q(+>oqg8D;
zwX&jPs**tbkhu9R?M%Ga7(*-zD7N>^+15=_5^5=!USt%O4NOZu4j{wC=xQ9D&&8T$
zHxN7o1%QS`8*0Wj7FWs%TqXzAX}afVlpGxo8iMA`c5K;}(3ofwDAU20hu8T1G<K()
z;kEZvsz>}0<hiq;O&e3a+`Bx_8Gp?K0xRF|H-k{SoIOcb{9|~$ZAR##eg*MbP#&L{
z&zJmyBX(e`fDDD^ChpzGNB+smbev3(0D0S8iaryllweEBO}WWn!Qe-uoHf|Ic^%r^
zqri(E6To1FLmxQUQd?f^k`!p)Uzk$?1Ik1#&~4`D>27K9)A~{G;jrno{z-EuG2Jl&
z$%CwbzQ*N1@hUa1R!0>uas8<oq-EH$$ikyXc?~OesHBx9_&tLA)@}L%(dUYe@0ww*
z7Lrk1$Isracz0KyuG$4lTV$v1^dK1-#kqH)M=8}T)q@RiLW)N~)EkGZN(U}tlXO?F
zbgM*=GHcxs3{>tv7~@_nL6^BPRL;0oFW9jTK(zIk5|}0a2*!(hG^6z)G^kCk@ynt(
zDLdNGHDu|r{sDNNy$z^SsO_t%oj#1(A)CQLHr1AEBRk6GdD#lu|ForLn*}DE_CeBJ
z07BG5in3kcS-kLF6rt$`F*ge?8+T~qfm&}%5!&`>c-{$gz{<|N#K>J^zLp5bbmHc~
zHeL*(l<yzJ**^Jxc#jc1T0S;Y+G)S7^_ETby`Rdwv^HjN;=Xbj{SnzV`(0BRb1&C`
zl7A?6Fm<77{kL)^88m`AW<MXHcu7Nbmv268b?pwS45~xd?P?L@*Zl%5G4YJCLKvS`
zpAfEgkY2vfrup{wp&>;)Cc5{)u=QY(9Q*H;lOyGBIIlG*?pxK?3B)clm?71;84N!p
zF%ac*SkyBul=#l6HJB*~ZB&zvBe79#ei>M6Mdm_wZ6%L|#c6uLy*o^r2KQFCY7EQM
z%toeFOF-`j*J#c19l0-|So~${S5;9$T15MUE+S6-;iJ~8Eq$ex83ovN%qdDGs2zu5
zeWk5;^<#0t=NEPZ)Y`eC`vjqg<<{}@ty#Lfu2I+_UFzUw8u2eb-FXI49hp@f4EX`X
z@<^odbC>|}Xd>TrlE2`2IEA;$&-fP8<0hz<YA@!~K2v;Wb3}i0h6t>q;H&$~HL_Cz
z)90&pdC$UY?B0N$lnzujN;xzFrbo-M>4b2c7M5xjj!z~F-?nZQ@M}?UnhXYfthZm0
z|8gwK+&>)4<c(up?Rv6cFXd8`*<_Qr@@WkDQJ{00!sd@ul=xj}<uE{%5$$TmF`hnx
zRaL-d4O!A%BT1=m?WA4p+}g|`0xV=ym6o@9dLo@>Dh`tESS%D~E&E3Uv^d6*@8gr`
znT|Vmv@>$SvqXZ8n^!n@%LV6-WpYgyD@wu`Z)bm?h2ES~p2`^JS}lq<a4X=MEESj|
zwkxre2SF_r^wXhWxo@g(U!0n$c9C*$Co>|rxIJhYEB;ae0BR3%e9L~s)X3KQk6s7G
zxL(mtd3q$ihz%kam@RY@DJbWm2AoQ+<Vmz46V^`)_J1s-ZEc1e9bOK67nJeQmOQWH
zf(2H|E2)l_ge>&k-$hOz-|lvMy7sDfq^JR;Q!4NvwMr6>CQK*lsij}YPv?RwT<L_V
zwyMIx1%hHNMrqO40U?+(c)RJ)$lxG<c*ivXy><fNngS)~o%aYaqE=rAsm#*1YOp9Z
zr79OvpKfgN@3dA2TwrzBE4^rtK7UsXFOj!?0-zgMfCrpc#}M==ewOBk=1yqJ)Nmm&
z2%-pIyDeX+b+&laJD<O#u3ZTE`_QtG67~<sKOO(`nFs~aFg)T*H2E)HI4=U^g{)PJ
z1kC^9XPobO36r4&b3p!XB>&jEC?GGi(68k){ueKFLHy3oj1VmH4`}<#OLd5$b(W69
zN?70jvm;d_6{Mdjy|SnER><c+Z{C<g6S2PaZBF5>05kE2iK%xwmG3Vp^NgP=d0TPa
zVRJq2)w%5izuZ5eJ{xNG5&kpQc2^{09HoK|q9ENZfgq(XS=Ed1wNwFA8VZQOinECC
zye$YKOAwE_v-_@aTijp#haR~-?vCtS)efeH>YjEGw7niCPD{W&N@EFfIk_I41xzNr
z&w2i7{U4rOg5a(1w|9Zs(##CnmRr2a!ZmELkJj>y8i`uO3m`tn<FTpw!}IZ;MboQM
z+-X7QYN$3S!0Mm*@umkcNW+}okA*K#8ZH=WG4zA)vCrmK{KEbz=5RrXxXc1bDA_!%
za8_HjzI@4ElnS9DtDHv5&`IC6b1apwf-96?Bi~fbpL8;aAL0Wjf<HmMJrZm_0#(9b
z+TO>jT^`LTFU?kmuO7S++#b9eoVU9?=Uy^_y8FL~{@#jyFz^g*vO*!V2qoqyQXE#_
zbRIHp8j$-Px>1S2A_?Zcalc~v^HbaSxY*$QoZ$dNUwBnCG{fd09BmGYn?h)(#(M%`
zDqz3Vr1T5GgV{WJ!p%y12fOQ7M8{&cq#idtC|SUy%U&;H_J=o*)U+6kP=DY2Far7`
znU&g&->A}&;*(DT&dbSoA;Z9#SUP$d;Wmt7u?prO2kGH0BZA#WM1v$%VqoL~2x20!
zH#CjF;=|V?yxZ(ue)8z$ynqZ(Ddm#)CUakGvWXv_c|vE5!zX)5a}BG4b8z8FbUuBy
zL$#&WX#*`f9fC`JnQuDo$6Pw*9gC)=uwVgGAs#v;*mI1ODN_L$Nu($*LTWJh4D0XM
zx&k(*W<%U*KSk<zki=0donTH$6-3<GdMC9m`P}XtEL!ucCl;2WOiGz{LA&@SEk&Ep
zRk0Z6<>J1+RxDkl3r=(Ad0grYp30ELWMegz%pC1;UHa0pUu)KFOz)-A3KNfUp_n7B
z5gBQvBkex*Vg5)j3{vgAnW8?TMp=|~$B%f_nscj&XiFMan)i=M|5SOqs=H+EuC78`
zeS5Oj_A0E~Cs+bkdA)m5-VE?rkl+)XOrd#lJH>wJGs}J_I#2XGw$|2*m8D<t{?Br?
z_Jt0#Jv_t8>ZdI?Sl@sHjd8LmxJt%b3!^>8%Bp0f*d|z^vl9~?gCxh=)bIJN76J3T
zQEKe;Qht?#YZ>S~j!2&jI4N7I$NRW{(j?y4`H<;QWYiD(+Zt4ufMcOg4}IKUr$`gm
zc&y@4>pY?xLmvv5!=5ph4w(2!Y_ym#y?cx^+0f$v)fKh(`S-9=_z5QXKf3otYSY+6
zF_qbQ(<7ZyUg-UL|Ci_Swj*Mgr7?gAL{&N_#Z0YQT7H{DhdBZ53yGweGi;qbl4~`m
z;m+O{TLf{kVMprklICgdT9#Y67NB!~GdDWn;K-<1>^pur|0RmO{iXDMj&+hcwF@EK
zzZds#*t?HefJ_1YzXt9f9V|uY9n3`D48|73KPL2#<xIo|p%Ae98ua5|eXzc@BU#MQ
z5BuK+lb#J|V0ZkHp}qexCx1+}ITo;;6eYb#^ndOiIL^1BS^^F1$cJq#a*|K89ED|-
z-w`dS-~UXr5M(K9Mg;0%92^_U!5jb3t06+5yvCjyH8l9XKV@+Y`eB^}^_^kN_~f^_
zz$A)~ySw&fFH**F@`N)nc3(JrOqpEV8ci5x_g(-dd$L-<btbs(mHW#&|B95Wb=Tkh
zHo4W~8tfS_xS&g8s_o^4<=Gauv0*QRkx7#bsHGKty9oYbRQ8L5#d~rBb0!#*&HYpV
zX9p^5G#SX)TB0O51P+Hq9?Nns!q{bw>8exT>x5*|*bbSnC&SsC!AvJ|D*<RSlqxau
z<!{?ZB3<w^w-F|Er6nE`kI|7!ct_@Sx1Xo|mwg~lR%)Ahh!**+mX=;`>iA>ffb(Jp
zO`;y?m@%RE5U$1j8vNRt=`{i7s`k)Mbq;m47xHQU_3743tqxBg+Pez^F>+x=t#V9E
z#*gaY)CXqC(iBNBIWE(4Di*+>Un88jrNs*-FFN==GA@%F0aTKsiDLPEh}M{yp2LAm
zl&LjJN@i3oFu>wO)sUS8Sx{tgN=QQAx)98QP~AV|5{?!`mhbIRVSx^yWeq7`T}+ZZ
z$CtUzUC}4xs$U7I2A#wPU-5Xo276{k?3d#wSs&ivCI`We^;3mJCspIh<+n=rQV;}t
zGZkF6-?dlA_k&4D>xwr*G!`KAGbs7Z*Iajvg>&rb7xqtWc1guF-ZPHHF5L$hawo93
z^;Z{4No`e>Sekora9$lMHN<{ktkOq|_XBaL64Z=0Ot>(pYiQ7z$7v^Nn*N055}#Ts
zC7D%4qMtx3gU`y8bQgb@KfPG!a{qWuc;R=DJa*+?sTZDD8zb*axx_oc&0S-7vUxxZ
zpzT&&-dIWs#HC8;qjqi`E|W8--;Piuf1;*4jjCaH|6&+Dc9k(1^_ATOo%O7jP<13!
zX=*el9U)Lk9eA2<HnqZ!xnGk)qE7<y(#3#fu^72F&W0v0t?=>C=K!qlFak6_visou
zfW@_PQP@@!h}ld(puGjtT#tB`JKirw`<z^5HRv?r$BTsewU3KPW`6aZjk@u1W#3mm
zz!z4H!+oGGh7K{c2AKqPdZ?pa*wHtD*33E?4(d>fDycpYI>wRrfx5%TWvFof1Yc9^
z3E^#7RwIhkA(H02sJlVX*+Mf4YL=zPQXY<C6(t!jaS3Wr4yxikH7R);W(3#%JoU&^
z0q(})BVT4+U>JAjLp<#i%7TicyRGCt$&+Bt?;$un_`#w|Z!aCmmYL_LWoP9K?K1T+
z4)~TY49Tocc;3#SxZR{0@wnVrV{+e<l8?biB&g}RJ8$u+j9z?QOPeXb{7K$UqkJ_e
zM+1xfE1JAsMPrup!vSN;&`~PL47>L?DFo2zb<TK9o2O(sIX{yM?kz&|x!QCF)>@=T
zO<RhwL1QP4Om<sakM0@>JdJs@`Y+U-+mVU{Woe4iD(8+a#g6gRP4OR<6t<h`w+Q{L
zCNAS#(KyLYF%x@0B^y<U$j4AXR^oH5Ava6v(hM3TIhLiuwh4v9ji^%Ds_8z=S4FKz
zx~$o)q`Zh6qy<A!mL?+EhByq?KGgvgBDLE>iqGC(#P+CtZv(CjIvzAe%2iJh;=g3_
zgm|<LXO07^(qm&@q|y-tFTX>t%w6CN#Eq5I{frCWGtzFLWp;@!GE_BUFMHP5YPK*C
z(O^UX#RE5tmO=kKkJdR>X1$7XHD$LRMDk`72_$qF{q}D9uJ+zU`^!D7EbGq0JB}D9
zA}6}&4ju<7t`I~Ptpab?4tdiC=2@CLJmw?BK3g6}JtG>*4~^@5-!bPStBMLJwQ=ig
zI=;@*05<Ws`)sru=GYPJ3c!>LBR4_H*xcx<14=%JQ3g;CBexdS^r4k%4QXGFb8~-S
ztR7@MYCfBD#N2nKji^rxZ>5PZ_-u$1TuQw23#TCB01x5xi@oWv8(CXW+qSm_T3!l>
zQ1S!D8d?!VT>y(D$2akI8|t4VR7iS@s=gz3+;P?%A)j>2SMBuBK6Py=E3b{ZN@gq6
z70%$w8TPdt?v9p7CU|_M5ag&{gsxSe#x?8@G?WW^LIW^ynY!FU-BRYy>Vuc_n5v>M
z=8!=@omG0|R#7cIE9QWkxiH?mAO^)eFu^lsc&f%CR>}oDNE8E|a!_zQLk$sfXcp8o
z>dME^EPCEyM+mu=U>*j(TK)Rk>m9q&qk_sB;h-HYywDcTC$|v^4Di3VBr4DWIy<c@
zAmE#V65#Rp%Hv9BzuHsFV~jIvl7MbGH=kC}JGn@wbe{%iV9T-^Ct7xwk?w_&+QS+W
zUwUX0z?XmzJ>a|3@P0?lBtbDBXPXn9;ue%ARrwWj@@La$$~;3>wy5qf(P2Htu7f=V
zqoN4pV?&oL_CB%r8zVc?4|RUuYe|+z`A?{$c^mU0>8zB0vOF%{I2u|Xe#ruPO|MGZ
z7foa!(~JpoM}Ru2_}ZL#@J}v)FE7MkCso8T!m05bs`?+#nLW1eV&|?0k8XvRFG(c}
zdqDLc{E+Hdq<%VmGyU#WF)1(0v*6mt^O&%CsBsViCZMi!`6d@N8)cE_->z>46+X~e
z(d(s$5hlp)XIxZeMo~9W?Dt;k4zeB%d<Q0!1=2%C?^u{9^VG8+Coh93)Xknv`bhHn
zbGQ}3l}uRlXX|WW8t`P6_$;fzN$x0K(_f95I|jxm67VZ8oH@Ky!HyIL7Hs4N6UBeB
zN-NLJmr80ZFGh{2I|(f|#gn_-jBYY<R8!^}Ys+QKc~d&|?D5-mR?h^K21=9U+A1Q$
z#;h66Bxge-S8hUP-RF(A@AteS7Qb)$K^0=e;X2;y_Dng{$68xWQ89?D2U*WJoYtJy
z^C1*W)v(54Nq7)UkK?;a<q*(W>3(Uqw3qHms8|4ew{C8#<rfP!7fvGXcEyncD_zJ1
zw+{IP=jBT7)s&y;iSfd;s_Kw8(`w*LL^1ah%y!AU)p;M{O{LjUoOIL8_0e@$SDJ1w
zwk+lcF$3O!R)xYF*rYKics4BT%pH}0tTGopm%J^b?r5lmrfSY;90tDckL!=;a`>vj
zNq5P+lR^q*^vz@js2oj{^?WyqJQZ_dm5llN6DMjnU#K>dk?ilq)yD&^rx;PT=heV6
zpXR}`TLPP#<rfX~&4K8hyJkqy`Z+PdW)N&ht#g*h>nkkVL%)Ykv}C^<nIT!kek=B;
zdCicyWn5=7yU)0EDV7&Yi=&+-cdgMMROe~MT!N+MN5zDp20x6l68*3{^Q2B#8CNT)
zSVBc`0;t`s^89pPbFzqI)_ok5d7MJQ)*3D5c|WiV8*A-#2Qr20m;Py=ND^hxVUy;h
z@B@Yd3}J%Ew$xE63*0uL1)=+?pU*sxK{U-tcI+n<g2E5w6=MuU8^1kQ=Ac1nS?UPE
z_R6};Zu}XQasBRPt*>H$(G}M-HrK(!;Njh0`P!3TSHHUfPKg=wJl2kRXA>2|M~3rM
z419tEled|*-ZKvM++^9+Vcl!lT_&wWI}o|0*4xZrJAUE3O>q>{GQ<s<s|p<QIW=N&
z^q*De)M$Nf4m&cORg1R5Q3}j--JYBq9$q&G9qtY_VwT2DAFw}^Q(<vqq00GKIMTkf
zk&I>x+gmzf#3<<@vZ#?1oTQv0%2Xp{NvCWU;grN^YtszhR0pn(yaqMmbJ|H%mULnn
zROvF-KOFdZrhb?=M#Vf#9X_AvwybGnxvq}s8>(Z>#bfcu<4~xoUyqaaMy6zIZiOhP
z>jfH?l3u+Q0xOM#t6JKHX0nizP|dLVJS7G_H*uLaeb*|dpPPxd7`dx<#()PSt>6jh
z#yeUWNwgOqiDjRD?279??SqA`&OM~FS$LyUHQpv%n_oSo2G+G_InNd$p|9vH{&GZf
zha{=_rFg?WwJ9V4ln`ji&Q_lvZ(rv(E;5bzdGXAv%u-rpLHfV9H$(qS8%Z&?ckNVl
zG`!M?0m^~)N&wXIJ<_)5`XlGo{)-WCsHiuj2#ll+<Aq58SWq(#{z2~a>F?Cl;e(qm
z^J?7|?%Esv5Gx?9mnN7nu-p_61pPx3atL$)X%HIW@&bauDEr@3WL^i<I%#Qr(0A`&
zl%*O8sQs8fA^zj>e6!teFx406nqU0CU(e5s&C~rasR-CUP!ejmAo%j%T&dmsjhXbG
zLUzZe<&W+a*n<TJ6P1O3Z+6=`3LGC+QifQHwu{ro@Q_=HpZtmQXK+IVKz@Q58wK^d
zt@aOu1Ti8qgO(x&*@?gl)cFZ!+yYNxTXXtumyz4tB-dIWyghH<HA~}jKc?cn3~-$v
zI$c#g_ck?_`2J=bNxY6-QfW64OWt-V_t|3Py9R?FII^ws6Y6IZ>?|w&rwdPGG`9#6
z@K~q=rd61Ke3x)E6dzn0MebV?e|K!|cIYTbigGB&&bAmKMIz-85!~%@Er46P)YpUw
z3@Z4NO7S9qOho^Cu)va^Rs1!Np?E0N>|=rh6N6(@a%=LgmR!zaud9##TCJW#b3iAu
zHfLrVx3l=GOxsrg?L&UEg!NK7k?DBfr?6AFpbNt98-@y_RmcjmVv%y5rsN71O=1Xr
zrKpeT$T@g7NAc4uJb8XaL1ABu3IYJ06MC&pw818UJf3Co?-mzK@2wP1)Chlt$NLlG
z9_vGt0t<_pDNf#2PDacHPaBbn+@{2A2aNxj>1q@ar9e9Ei6QZr3H8PU&8aSpc*_ZF
z1JZ}*>$xigyQHz_-E!%@^H<M|u|S_1sf=|voQ1&{SAt`iVp~3l%I?7VUMyl5(QmwI
z=25|z>Fnl?l-hK1y&B4baCx{D5<R(TfdNwvkP78ED33a4C3<J_D|+k=IK4#E+?Eq~
zL)wV1_mI@YQsE)8w>11==(x6~F1F5@LT;H@vNEF++G?_kzxcWY`3&_*f3Q$f59cnY
zZ;-j;VyVoQ$Emam!TK<nN$Six=54z98#Rro9NK<u5QSEd&hh#cM5?<@vOFObjd6P`
zRVG~8brqF^k8WVRv~w|u!YlH7&*k#QuJ$i*mHQb2GuB?%Ms{txJ>I#56F2iyz4Po^
zBI-t<GE%xsgwfgRhEahgWP@a`R+q0C?rE<?LRE=VV)0p*)?@KY0K+TW-ncwWC!bhN
z3h99+MjH%mz#iIyrfPC}KCaSwBW?D5g<MB<B<4#!3eYJLqcwS|ai5y%y^}ZZ+KvK#
zMx))xeF$_2R}%1mERM8rT5uGnPZ!J^6$6im9dJ_0<uM)6RmFWMw85}vNw15{T9(=M
zV}p)Mm5PHo%3_<}7X5i?cN<aqG=PKz`e*TmgOkYzT6#%Da5qXS^DLPK(wKC&oUF1u
zAMS3K6Uxa|L~rsa_=Koo2iz<sL26!wZmbWjnI#A4?tM}B)oO6<qkpQPW-oEI-<wV}
zxs$!~Sy{3jl!zg+;OU<h-hgrP)FQT#EVf%s`rb<%9If#Q<#Du9j!o^PkSU#oXsjWH
zMeBnmVWA_YJRPNE8+Q-m4s}5_jNhHQuuhR98JMEh<&NZ1{eHttw#2IFj8J_zAxx~#
zcO}aw(Snb%VokBzqD32{e#Oq>_#-iPiR+>u2z<Y7k|%hy=1z07v&VQoLZIh^zvq?4
zUUP^*3C;6$Ow;eUoS|9=&!hkwI@%5YZ42(7e!5(J4_Ez6b!Q8`-vq}l&OsOEr9A@}
zlW=C79m@@&^n1EqLq(Sm=&z%OJ<Sed>%a#}Zmh?*ue#y75f;_LTEN1r8YzSYo`DHL
zlfNth1g=WeQ&a2lNGMG#Fo(8P2J~>pUMq&uUcrP3){zp6(h9vz!)@KQp;9o_lAzF_
zK!CAG0k$n@iex8R7Ck9V{M(Do*{)|nF)$)O@c*np6X+a;z$-&&Cj%%z!3eSdX0Uwx
zq*!%<byavk9HHATUS-ke%fU|->Bd??WVus$L)=YQkyZvsw_G;aOfX~LZ@*zw&Ge^i
zIj-!*w#LRjC2Q9o+KveNIb(~zYa+5VpP|(}LuS8+v&vg<M9vv$^APpWnk#Hh&3w+u
z^|yW-1HIE9SVdvVVIhvGHZW>i7*&x`hat7qHJcS#DUy+~^V;jDW@TUDQwuRTGOPtl
zy3}GA%2Fg*O4l@oiqM=;RD?PFEuq;!a4ObG)rQg4f4XEMx>oifdnk^&Yit#<;}#CQ
zx3=0br17hxW+yhc(RVlBtVVSU?74$0QuJH%x-IoX@@qqObd-{>Vj0-{e?kNWP(*4F
zS6pRsnvic-Q656;r&;lB!cgV_99}NG_1jy*8B<31NyW|Kd#BpvqYk5i-&&XYrWf_*
z60n+7gS4^L?Y|sNvSzeEIB)vGoYNVz)Q0!zv*W}1H#AhD_Pe#n$u{j^hQu}`MKyq8
z-BzxLIzBpUA4@4$4<4T`8<J>tS<xxWJ7(Ce#JNhYc4r+eT{hb;oJjZ&V4*<~l~Q`o
zJNBCSPahNC)}At>&-2+zhCo!3ks~hGM$gZvq@&J`CP0f0HVRetO6zTzypf(qm-4h8
zfG2ssH*kY{Qx>L>oKIh#AH5{dQ7bJWL1YKv1Eog%QP{GlDYm1b1J#R74PiZnXQM;>
zj^d?xmos6}#g}^*-D-W>CWbD=!*Kqf1Vh3|W5Q%oo9@4&qjxD;JKp=psYL%eEEt&I
zx_^owP?v-`6gOn-D>r~?Y%7(K(ErD^@@FXO;_v9})YWS#Fn(`i|B)Sek-a}Q4U>|3
zAO5-Se}7gay*YIZTlh@>LX1B^<DEDAn^OlWP~?v-`U5B45Czj4q8N7do&Mi#{GJ87
zx7{8dF$(;@du}&;3-(L8W{sMzYPr3?$Ha{z3-)iHLXJddNoTr@IjEr=#*-ef=D&>n
zX>Z?qyq8Kw9p60fH2Jw29iOtq=X=><bxycp=B;p?)Yd8o2a&x~OdZHFu&zZ7aRx*<
z@46wP$TeOTNA9Qnb1wA$rn#%*V*EX)E~7V3>44^C$ll!Pp21_-tDC4Wqe?L<llQWJ
z+LvQ|t1j%z96LIB%lXWQ7Y2*3L4g6(!bU8MCbZ{a7v8g#={y214v^UMmc``uCvbHI
z9(0)=-xrVxh+z=}2?)eoECSTxzM2YX^il$GVu~=(A*1WJ%TO78sS%rcyWeG$F$F{n
z%C2<U=PY1S+OLPc^;Z#dRwD!39=FK~?8{Xrl8}-HSyDzKu^I3Nn-xA%USI5|dKM?y
z=ISGE>jf|~%G8j|q`=W!y_okZstm@yvwst2j6vk(NdAG=>C?`N2;A`negT*TJ;aq;
z%v=+PCTU$a)q{o&T*c>3oAJ#Y*VR-*73wawM$j~6_-GiAdsXxV2r1zTVrb<Um~y15
z#qVvS7<U@QJ|#M~GomKcMHw8i<x^Lm#OdkU!Jzi}W83j<k5m;6ahZk>`<qaQS*e7;
zprqBQY{Bovs&TMTQR@h_<XId;GoCx!+Ui0u*c1$((3YGHkhe=_U_E+`6ZK!qt&y)`
zeCD=_`zgn$nMr){p<nn{4LiStJBOu$OYZ<Kr?%c)O)_26iqry#lq$@1oU9fhph0Lk
z(nfoe#vwZ4D_GCWC|fu2cyFNTQCSWtLOm%**jer8`}uf`ikHRvkRvF8eA>lAz%6aU
zLX92jr?n3%rCFn4V;)b>NO7b602vSGV?xwwnN=+g>!Iai`O1Ea#4)zQk`waB7x}6?
zHpjhH9PJGS<=!|mlBz<xHYwdx1krkHzH9GI)kiMF)Vf&8vN7n`h0Sf4xX8L6RR(r?
zVXJyO{M}9jUagjM!t@r!AE*JnJlZ*HJU{8KLj*nP82ZR$Rli6#xo199TuSQp=E7f5
z%9Sv;_)~gTXgri?8*MID{D^UfwU@<@l()-}^)@oSYrS2H3_ezyluimihpQaolB0`I
zu4pzmDZkq6E05vjay_?Sn10QCbjqRAU95<Mfd^WQ+0gdXIYbZM*IghUnA?Ua`3kL5
zOul@tM5Q3>C3&ztm|2U+j+Zj@PUa5=DzeN1WZ52@{)RwFnq|8KvQh_=`w5goCoW{i
zo|W<3$0`7qcvCcV_N1V=i&+lN68z`baQHU>liX*(c<T+9Aivy1;+aOP!rpgx9FR0!
z*ma;WqUlbARxIW>Rw;9V$aJ6YXtf13iASwRhKC*z3`J&zIX{2hu@8lD0alr6073Od
z+XW-O`Y3siQPyOxr1rDv83T7Kow{GLY<4gPpyz>TJIa~yC%wTXZTh!7NjwtOV+p)T
zM?mlNy)m`%ltBhX6L$RuzoEDvdi|p{XkM5}2bX1B<V6}VEKdA@OIT|13rdVM924%3
z(*ZU6#bc!e|5XpFO!2KPCg!6$In~CElZdSvpbiIPI1`iXV8vK%p7d19uCc=@9V>!s
z$3u4ev+)(iGN5M|KG;JE?wOUFr^`hGAdyyR#dS9QoV8Zoy^4<<F(kiavVT)<b=1Bn
z+%#5boiY^n>^8OhwUg*V514?FsfWue40mmAI~A_cFX<#j|7S{_^rY{e@lKG3*wLk*
z$|xsK!j*@7JT#-?DTK1)&M=sDdE0viBzV^9ZckUZMv-*r;f<w=oc=M5?Yf;C+8d^X
zsWMfIhSdQ%_8K~gL4!rH3XKamjN4|XN5&bR<cIjDXXx5H$L?lT??bmSTCVuBQ%TDB
z8UL<h8e|eF;67Xe<~{H+YYBfUJHm2mW^5LVh_0s;$}4-U^)C7~eSAfm<7((SIJg%#
zispgU>t^G$H}h47%#omJJxbFVao#Lhiorh3s7#C5KFL1~o$t0fx+~or_sjJ#$_H1%
zL2t~|28!Oi79s_$I`&JQ>(LyZ3P?ED?+w{44@GX~l83TGdXssZ@|evdkqNY@2owk{
zH9?>*O}`jj$PHy3{4dl}YUQ^#sgBP}T+6r1r%drPia?snq?E)`aj0qX<5{R;1(wG?
z+D3$>kB<Ty<Vlq)J82K~5!kn7<E1#3i+`|Z&xbJce6*4;=ExbA5_=u{INX~zVx!I(
z^lPS;9<FAnvgR3fbJ4u0rnLF_qdbmcA%U-*bjYvA{2nmpV#!B~>DIBM9J`MPK1U%;
zc;s<IvPw|0{*zQ6(|L7C>9;NG3pj>leio{Dz_ZY)@Qulp(4CSFLpd&HHq7{_XwogW
zYSzno@^)VlI(AyNP1IyC?6}HhWNl+Tx<~1|(w4WKAFkw#fw^~yOZg4v@~aMmdgNYB
zc^f5&GOajqR&TKmqjsXm`>UQMQJdV-q#tj_vq0|;8qFB})Np4Xx#ZTQ^vx6#4p$p8
zI}q<h4#>Jvxi!?_fX(yQ25!QK0t5>NqcJyNu2=hDSsAUF_+02;JkD?Dw5NvV9#klW
z$ErHQ(3_dj+}m;6c(U;Z#Yc`Vzm7dvdzpH;+W(^BvYk|S>Ou(n1F2KDskZ##C2}J~
zIaq)7XvZd1G&ht3EWuifyKpY>;O8gwWbrW@F5z5t5I*2LZ&pY(xvw->L1<FmfhetQ
zL)7-t((VNlBJ6jlbX?YSx!mN>B5!Pm=f)MK_2kjt=%z>t)Phn|lz<;!C1r=w`*rXi
zT9<szgk_@NjK$)-lywwfHyj!L#aK0Iyt0$o?86fS)E#SL7FFrX+dt)o?ojLkE*q46
zag_+f)}g4)9$i%3_8PMX+Zl97Km15P6Sf5~4z`3qHI?2QPq}WGYN(ZUGN0HEP8N!K
zXQfw|NEnO8K9UVR3pts$A<gCIe55CvFId8=j)3MV7q1*PH0>f?9I47A-EERLOY+@@
zQE|;3S+XEFci{o^doiGby@X>YpaPzpfO!vu`zn}nv-qnTgx{)vtbO{l|B&sq$s+Wz
zvey`bG?pfgBWn2by_v=q;l{9dDggfT4yi(;J!eluDKUAorC$p&S;kD*AXRp$;3|_C
z<dy8NywCX>40lnV%!(Br<l2s0e|b3zt#IPbu++ImYTxQ}amE!7-9uNB9mB_VfzgzL
z@7FYu^nT<Z=Na3|)(4<Wswi+A!W-`$$tiyH50S_EsNx;@aG+iC)WO5Vl*C}<#FgJI
zhKFA6c2L_7KL22Q^c)rIXwD%%$X!y9a&~lM1i#se9iV@M7TH>sXLWQxZNv}I*A*;1
zMpT}v1C($42x~**0b#&5_$mo=mQ2IMo@01VOKo5B<5>J)uE8ekx%-+@k2tsS=kj@M
zamFv2XXhfcXsYK1-htuX+FuO{&t^B5i##bC#uH<1bGF8=(b2|M%p!ysK0vLjgvt9O
zogFZgPnYBPH!JXZ_VZM4l2b>J+J59D2QiT8ZXJU%nG+bMT)HREhI+IURR&nh9|}0f
z|1akL!Yhtu`yPh_0fGb%5L|+LaCdii2_8JSLvWYi65M5Q_u%fqJ-9o;e@)19KleWG
z_YZj2VzFlR%+z#OS67|0&)&Oq8<OXa0$dLzW^3pj9+#<c^F2PXL<9xV_{IfIZpCs<
zJw!S#oXiLW(^@u(eOASCTk^qY-IVuPWZ1|0(njA;T3z*t>u{T=5WKNz(u9g)2F@J8
z4KnQ<&zh1^;btXE337V>cY-mG#3%Ih*81`Rtg6=o*B&$3zuDwfvyUP#Oy4Xdr9843
z4=9Jd*{&V6juoRAElj%qqK3&7;%4(%TZBz*;<(S&hPa}X*-a||b3)a;eztqOc5&gX
zPvgg8xnvb~mi?1qnaSHy&T6}Gj(AVs83*<K_YZR79wGR)dmjd)ixYFC$)_HtHU#%%
zK6uYbSvn&;lvwUYx-J)QcWhYY&NGi{=;Evyr=s(A07Qcl3~wR0anKuK1#8U4YatLa
z!@91=Q=DxoDn>(ob7|jQ$qu)W&ZGPruIxD=%PPl0d}Rm+*m510o5(GG*HK~^-=6i)
z5g2G(KYZH*mY=o+YuJI9`qliswN$%rqK1T|x6aN!@7l#deo_rwKFBXmVqSgx>-RN$
zWT~#ykFk!w$_pJYIi2c~B=;+4R*_3Pn?jPDTM)`*DY2TuhoX{kd#kl5wSSQ@uS*bm
z9^9p2$EiWEfsHOjm`7u1ESQH}{fzKZKs?%VUi?0!5&UI&o@P`lGC^~Y(mWn#a7h;3
z(VTS*IuED&`NmP8(p`bjI?zxbG@;%MRrTG)oq7gXknB}8#i=PRv5(O+I^dgH>BOCJ
zJMNt{0UI;s)hDU%?^sNJm+qvdz{TvsDaTgzTI}Os@V3A1ovrR1nsS9{OD&}CWk7|?
zXJRzv&5IMSBRQm2m~HPr@xZt0<gnIB??i>^E+=7)Qs|0g+O*BSDJ?eH2s=<A_x8CC
z4C#rH?D?rYh-)TjmRc}KJcbysKX{1WeAkOcc_umi`S6A|fK-aW!;azBt$O9;czE3W
z2M-BHx4nsx<uG0ya;HU~haTNw49(PIjt2m<OU#%Pe+)J6?5SmF4a<@{htC+;Tmm!Q
z|M2rX?QYWeN0HrRI!W~h8MpMV4?mo?6|Zw$TEpm2N}r!9cJDt7qTb{|=+i&Iiz|4k
z<fed5M}1#)KAlZbqS;~aK>=IcrEp;-F1}bSjmiC>M_d*e=h$2dbeOEA50xttj=Oj@
zPr`9>e*{c)6Egpg0}&-gSQv1?ktNH22daYanG8`I@d|Nq7NvufaTJ!Vjfj@v@J5_H
zI=bR4C)EaD{L_NW>^{U&Wg#w%$sC{2!h8S0*T#B8zk$THd=AJxLFJDkPH!sxKbBfv
zvEu;b$D9utCgne6{E&~5cPHLsn0+&i9JGtr2Ek)&CGJ6yp*f~c2!A{(z}6~<3_&o4
z^9#)Z&OwC_NPMZjMo<H<|6<>NUQGM)g=lY03(AT8i_G{6{G1d>SeJ#q;r%ON?Ew<s
z>W|8h{QqidOB%?&n}dnC|CK0*Khtmwip-$+jZ&7_TP{7JD3BZ$fck)?8$4aU`<YdK
z)dxx%GS-cMaDG3_x^ZZ90lpR?`9qhX{(M)>dx0*#EKL~zq#mSlR_>N`7C$KJ5@>zN
zutN!>BnTT7Z=>;6>>!>0vUGTeM(-}xsz!I$(o1)By`GXi8}MMt$56e!zokq@>Gsrn
zE$V!39Tac=1C!I-2#3fYi%Z;DMO>Zoz_>g(-fYSV(58sBTP}c&Pqz8O9a6tKGJZlD
zQ~-%#CJ4;8n!UqnGa2ZYFH@HHnBBSjXaatNc%$8ZSB(~#{;|8;^tlgaNx}PJ$B!6Y
zrB=oVx2@|JHFjNI*p*kjb$DF4fybpgd$M)+F@rqwB9eZt#a#0FjKl+U*yQ6^<Z**0
zfjE;W?W-SYDEzQRzs4o{ayjgyf&2<Q&%+`b70F3R0-NR$QdxR7(QI@!6O2guhIxsg
zWnQRMC3OFxWkNdtPXhc0E+wjc`yk-es><X&bHK@jYDpz)W^4^4>~NGpBqGGD)9+oz
z(4eOJ(F+sTyfuMLm|;{PdA}(3NA+t7A+7mfKQ?U>zRQ7+<Kvhh?70kOs|kL~sHENn
zdimFHl~ENi6D^swtX5g)=io~&f<qVcet8UHXV~z!*hV-SqV#j5lFsenT~{yNLX3B1
z5f6;L8&JjaMuK|5bk`uZ$_v3Y!+BizE+*?Fonlh_WG-{~Fydg9r*van8yFz3G5h3i
z7Bj&{Pn0R$xfOF-ic$ni#W)Xm#t)1N)X=-dpL4fj&l^2wl|1UE?WF3vZjIY&1Gw>w
z&WB$xctaJz!`DPqu5R{w@eKl(2=b={4+1-T!NXxm3!CpqDoac>(I%f+E~pGYKd$%?
z)YOoEb*!EKS>@1S<7Q{eZ6>|GPl}!^mEOmmeSU8D5GYMpTWXrY2MopqX@H6$rtb5S
zLS!xVUPS3kMwYFVroE$LUw$2oFIC$y$;L&z@;ZwjgFEZM>I;6h&g9UEe`yu-jz6}`
ztczZ5r!dPA+Vbmae!AHf8dYe7mEOD-SF;KfL$!wUq)NCD{%M{(!LlJPn1#Iw`YOh6
zs=B1dLPx~Pw$2)Lc6)a#tU7WgiP=aKY7I6vG0-PMg2T9C179cbq_R>i6@*K}OBmLO
z%xR_DQdQ`8-56RzKjEjpV{hx+kGEaCPJ+qe;9Nv2H0J#pJ<;y)=Q;L{LlJXKI`6vs
ziswNYpJBZtI_e)W>R}tIy{U6^WT*2R4QJNs%i6(fTD4muUOJF$B&~aRFjgSigIvjx
zx*ie2re0#deE1t%<~s%|tw$57dC#vk+_3dekU8%L)xwvc4`aLq7BEC2umc_DH-87D
zw7lYIi^-Idc~|jDULyTg%#p2P8e(0GXnbV4ac^3V&8C97DlWgjv?s=8P+7crlfz-3
zKdRRKo}T@ZG-%eNtVVQuq%`>?Nh+WklL+U}+||zYj6SQK-mJqcJ;br9mecSz;ZJBc
zN;~mBM1zDLMIYkJGs7|NktBH(Xw{m{<*Eb%kE&!G<?Oadpm^Wz*AC7!PiX(LFCr^>
zd&*T%Vy%GauBWw-#HT;Ft=nxBig$C#sDqqB00*(;4F1^!Ti0Kb=Bti1sYLi8a+HFf
znKwv6yGXX^hy5ESL)ATsc&glYZ-2bZ!syZj{)69h-}<BB%zatAQJr3KvKOvAWJ!k$
z)V3E#nZ%#S*oV?LM=q;N9Ti1CK6A}}J(^&_({Ck2`5@^86>oBicz<X`7T@9_e&BuV
zfpsvNNP+kJ$YmJ~XHg6|7uL#oGMehLx0o~A;tH!gQkFH`h04L_pX&++X<H($-;SBW
zH-TVilw$fq%U`C`b7BBzZM@9rQz3Z#ud4chZ7QS5%tgu!VfEEWA@%;dF1Sz{4&1A@
z<Wbt`=2L$E-`xEC7<3C*%-nJ1O-OgSq2|k2YB^YR92--H!z$`%Wiz{D<)5jA^ct4F
zq)8fl4rEs*xgR0_RXD+BsEK@hWU?o@-A+rdICLw6i2rfsD^TOZQtA*1A~>>|_fiFk
zGA`Ge-bvJa1h>xnbej=8Ks|lrzKZz@?po*-^84qxLq+DV`rDR*pj{uP0MtoWpnngE
zk%FzzRtPaRVr4cwTDQ0^;0EkYC&X&FDZo7&kKr;}#}S3~JW3WJp4kK`ufU96bP4qh
z5Y5u|R<z);IM1zHF#()ZsuItnIGnb4aYu2V&{^2xH|l@I2!DX&#aBS_xd|*TjOYc~
zf2mRf{{e`<Vo=Lo==;C;vah_QpB3Pf=16D%-45^#spqwHY6l7Ve->-LPm|B!@&%UP
z{mZ@j&woWgdCtVlA@o;L@eeI`)*dKVmtaxjrjFm-u%{}4VvqwXwXf#nDb@$>WigY4
zO3#sh6x}=8^OQY~eEu#*bbNF3d;dIv!zknoyr<7LH!SiKDymvwE&bD7Zwul`#OJIg
z1s!5e)9=B-A38LUq8fR4GyO_a(OtZ#84hbcHH#5`DRZ?SPW)uZw(8#w=-S(vAQV~x
zcVu=YUEN2eAODKToB9s{!rF{1{+Q*tW~<jjgih_stjQNH5^rGntzj><_o+$!LIlrI
z!t^`mEp+OM@O@hRS1$KdFn|<`c4rzhSLB@4Z2Q{6a<QpG!ropbJ5|LWVN>M?86+6J
zBp3`o-zP!{Asa_1fN&d6#>)eA(;(4bu|pT^h@JeG7ge~d<U>XWs!DV`$;0>aj|08m
zW3*jt&F|2!u09@SkLsG;sV&sfqe3!%q*o*gdJA6NcW3a;G<(kq!P^oyfAKq(koZg-
zPzSfa3DMEPI$fDiK2FBls<aPX{;fh}=i<L&tg`t>*+4GtD($ACRzhwx(7=GedG$8T
z!%{5umIso|<RYvvr9?t+HYuZA--bNpd+<SX&1SwZ8lwmIXp(cB$~P^nscMt!IH}k#
zBU>Gths@mU!bh(;a;Ig&rN(`lf8B_ABssGn(y6><q?6k4?$gQ$z5V(<S<|tUdSO00
zQ8RA0A9qz)$-t>Kc_15O<6Tl2J9}D^-}{uh5IifBOn1Svxywwu$YA^+Yzb9iJTj*f
z_oSp)<=?9wDAcNK59M06h@XQEp70F{6<rQ@+(@I!e)5oLH-*b5Es4~udf&-*Y<A!7
z)du#}l6w>J^0Ro~BF({JDB-gqo9;U=7El)}Pc`&OUG`U8iz;!f*{$84>{Fpt@hz)x
z${FFwk!j}W2aK{d#nPQ~zpsC)rq;23UyrW1td!7`K!vkZja}Ai03goSUw5j7IhoJj
zo+g>Xc}S%*D$Y~85VTSRr?#=P9&rY^uvs4C*}eeSHQn1O?%R^-pgT$NDn4JC_%f5<
zX=Vzny3?0O+`NL9$OY!OUeTT$+WBh?&<T>MwTa>8od@>Vx--#oQTa0g8_@%*)Vml;
z^uNOS8ahW`JpsiJh3K_>#3tvx{K%EE*_+!_d*=tQ)khLesbt$ZinaF;R(ReZ4Z&E7
z=~+<N8;LmBpPYgN?8egG_E1Ixl_<nBlyRh&>?Oy(RE$Hn?sQr3O0s532UQFi9ZCh5
zXyim`Jl&~k?1K{VIb~1r#;_Q0VH@hlUuNFlGSL?F?&)RjrPCc6-<Ue__f!?Qb|AW_
z8tY9D#?crHb!bZ6Wj8-C_2Twh6n2Fgvr|>!#KpNKZ2Yh_38@CcQ^XE{=xrdM>g5mF
z7q@h&9FPD_g7^`&M}@c-t&bajFbqHbjpOq7)^T4F*WDe0u@Opd_aqo9XAeA~eaD>r
zPTj#R1fCK{tRU+F^q=T#$EUVU*8w49uVG`_m`#!NHMaQ`<}^|mFCQjx$LOmBT@oy(
z5{BZFuP|Cm7t~VgspNdwhCwLy!fUnij(2ZO;gZ&M)&T^1)Y;eyx>Z-o>zz~+KgMF0
z?bWa<&B@YiHXJ~~k|JvR^^8LQnpY=c#5|dMP>*>t#B6RUQ(CZyn$q$XZIFRJ_Kr?A
zqN%>vRsXtkF@9?&9!r%LI~&h=kEeY<6!i%4=&=4f0{o(9^V~0<9<Q%o&K%P_Eh9qg
zKcPFw#MV~N;INaHz8ymh=|V*ESSdzOglY`b;k8V#yhvPtMI3rCNgw7alwD)ko^wz;
z@~|45m?_>anz6D|iggoRVl^sTKDRPTh`3S<W_l0~3Pza%HougOjJI4&f-n}hWRsgg
zzC`AXM@p*KI_M}}kSNglevKzfoZK2Tu5ij1sVJqJhtF$V(sAD$D0I&zJnz81&s(Q7
zf7ODiS!zRVg9ic3Fa7U`bm(3fy;U^<Vrmb&VB8PulDAS1+}WJP>tw!ab-)_l`1q-4
z<0PX<Fh6ZBpPx=h?~LQ>y?4WFJ6kTK3y$2xasxV}J}%-ODD_)^dS4WFt}}qBD{2@n
zc$ZoHMq^Ife2!xjD;Z4q>$TPZ1017U`=`NSL<zFq#t}F#`f)bHT#NW-AAe~>bOiz5
ziW}8ZBz6KiT=v*sSBI*Iyf{V#(M}g4;6J(3Qd3(~Ne8)!3Z1evRx{lvt*HQnmKQp0
z^U+jSVP%7ev9UBdZe<N~mw!ep>2P6>QA`@eu-|IkCYX#NRJ`d_04m8-8?KYDDQr+p
z8+*lAG1qc4H8Bn?BZnhcam8oZITPwcN7bxm+-CE1z9jBw5dn3erntmA>+Q`Uv*mJ2
z9xu!oQaDSKx#havHM^ymLtyM&u;Qj~!>wuH`ao4E$Z{!uU$bQXbHD_t<t_Zv-1fG4
zY51Wc+vhT)Y5A*yO>SOkEG=WyxgsaK8V~oKI#iu-_JJ;AmU-C)j}URjpHARaT`WUM
zUDKi=6@K_Dv>0SV1E-nYHlCxyl!q0$BV}~`drZ#OJ#kcMY7pSwhon&l4BK%}uU)%R
z$i`$>#v;?;aCMs>y&q5S-_T6~g$0An9n6RG8>-u3&Zh6adUczC^h=$+iif04FiC2}
z*4uV-&18O^m+K4Y_{_)N0K9JKDs+^K<;`vwqM57Qw48)Nf($%kFy<GkG4WG7Ynb$I
zhJD?6|L=A->xtqiL!oy$`>iCejm-nJjG@ohC3YHfA+<gV4L#<rv<m7|?Jt*0Di*`o
z*an`#K2m>sk8a1lLL#lZ{X>R+^<7&d(|ZmH{z7!;sEKQkFdV3}I$CBpj1dSK-Q*_G
z=S2V;h~0^z9LoflYf*vu;6v)X`>Zfy+dR7S*LjB$f5Lca+Az+d?b1Cm=1Y0ohS{ti
zJ?IOtJPyVv<25=FAZArPEH`fHEe4AAcs=IK>8;q`B1n?@lj(IK(!zUGr7J-#=qa`#
zq58oetp-V*=L7URWY1IEE%I2tn^BL$sk!=^_i9PDUKuz^veJ<YCeLt<GtDBufnZ7H
zlkg9U%cKJ=6y~^(E*EAQo;+Q|XYe01EfRs<W#D-dD1CFkQ#ipdKgJ!dw#MlfcBmz(
zzs{ea9W{28eE_TD8k*Hx#48W-sx%PR-B|-qGNnqu%-aFuhToD)W*V9$%4LDtIPfzG
z2jN*5pV!|Z%Gx*-o?ac<&c!h^wJS(OQ90jL%GO+<PW<S|`^Nd+U?X8k1{{ONSAW&L
z2;Z{tplTwjY(mD7k4}U0;8rb*KOX;{PJyJno{y0+2GdUGm^=>+bEC3&Z;g1OXBofW
zw70ejf?edD1L|^pZt}{v6-y2lM&*w3o-+1~jQ!7s)v;v121#P%T`ha(<Y(H-6!N%H
zEZBn5zXm0>zZW+@fJu6{3iHNMmc?9RLr1a@QC^iO@<7JS2z@eNEi;d8>d1NE=jdVE
zR27{}JcVs=MD&n_1$KlCy|ZILg`X|{R$-QF_u=_ZZhAWM(#<ih`B^%V3%zGO*#xrK
z8iNUiV6dj?Ijw#A3HoB&W2ODRoP|yI@YfkwXP%`BZ$S*B+J0L*1<%F?x%W2|RoxWJ
zg&$tee2d(6&BP}f-0!T$7Idr|II?{ZOMtfS2_7_I;eY?l>jxQ8l5|}Deyv^^s*UzA
z_z{8GVMyDNUS&y%dLx9fSvdoX&4V0kLXEk94SERfJ~%B(Rkcl=xX)tdU3*`59>OMU
z43*}-*nOxw`{si|FAV<iQDx=Gv~FpFg<d57nTLe+25PPZ7qVjbbSFF6z09Y0B+Ul&
zEnr&==kQD$ZiygN2ll;3v2@4s)ZL3-MpV@bsnbsfoTFJA*lsd4;p4>&@=;qJU$Q?Q
zGRkj8@9S$DEEs))FT|xA{&+pPhzZ4oa`2g}j~nSa*B-9pAThglg0~Q?T0N98>8#*3
zd~9AeMqEE#AAIEGP~BFWbT=BdhF2bo)a5rZeM%wx=;9~?n5_J?d1}X~n+vVfkxG&F
z`MtwrB`NcPacTsQfOoqz$xDJJ=Hx%pLe?y@6WqJIcUKm>|K0Z6F9+c*yJ1=faTQ`z
zN0*g*q>`v)8`dg|=sMP7Tt|;J^}+Mx->jjdY`vD~?yO`wtcn0DxKm?5md(;>8-uZv
z%(FFOTcE>*#l;egPGma0+@)pcHRLko-~q%t8BPKxXI5-m?Ft`SH-<0sznDV5Z&hd$
zr+Hf)R@}u)#L%6Ts0Gs8O=1xq<fywT!FhPJD2#f#RyhJD0Ev*3$p;DbKTi;_2aI}`
zX@;i)CBg?i_rAPWbhMEdHyD@vlxHlqv@}#b6<u0^;J=?ND8`N7H0hy_Ou(H@E6v9f
zl0fFHgnhk<unk%|Til1S-Cq>A_O9_ACs!o-zK`%egmvxVgRigcH`Q0u4Gs*jHjGrZ
znp03&^i^XInULF{*c7u~GKb^$RsqG>#_MHDL(vLx{BMsndf+mLQNHE8-*YXxGtipX
zGya~nG@=F810dXF3-%)|Zh}O=4~N2ewy4}!0vF07NMBFe()LQ)cQx-wJ4K35ewR_D
zMbkJU`PHbg>J~N=2t2n|=na*}=zEvSq;ApD7#j_lvd*LEk4dDKbV(=PCF8d47=m_l
zGArLh?<00tbLdn{8<A&xJR}T5C}an)l$Z6!4W_dZ$`)vnMKuK|e_Zt*hQ_Ip9SX7r
z1H}!tqVzaT^3*KK{X3lH!m$hC76jg7K{+1-a43@N{1QEcmFuFGBpcY`Ti2*x4cU8l
z6I{9|Uw<(GDQ=6?)8hkgJJ<`*b^{TMz31}>?8cCgXh7b@MKhTnG`12jGcpHoZsGA5
z?e2SNjIH>Zw?3V8!78tRjZvX)#jl|gLl|qy1(SnAQ>OzU_vafTLeXcWs2&W$c~vDI
zms-&}j~*;WIFH-=eGKF!h|APukxbI-Twq}zBK)HAL#CQb-ZEb|adqy>r`lY!P<`)q
zpJ#tG`cK4vbZB7UW&yf5A~j8++n4X5nKmPVmU6{*v(>R_b0VvM5{fS7=T!G>S{6(4
zc&xQsxH<*_aC_1#tt~6t!|a3qWW>)ezI4Lm%o-g9pbDJ+3#+b;2NbCwkj6VeJ^9~&
zI6*LQoLHb9;hDGge}CmQ&m=I*pIM*&@7SOB#ew4_$Q_rEC{dP<qg&_GcaRdnIjpGw
zc#$`=+So^T?8s4A8p;&)BK`lQ15tihD?HIG&$WyDe$ag_^P70E>9X2kzeU^4l9xe^
z(;PRF%V5LlOy^qNofC)g!tkqHK&(G21ujk(yfmcn!a`GH{y#eas=dFIuIs1`Z~8V*
zQMv_d0m2hIEbzl$9%gnzx$h7C6hDvY2`}qst;FKBHrBK)vCf$sfaiI#_QD$(S9RDh
zfE|1AtYw@L{S-{zZ}RO>U%hrjhOW!~77T(3(Ok+Vawy=@dp#ASZ^cu!!RuWB4g1_R
zDMA3JYu-a7G8paqcGl_(Ej=y%HohZ!l-u2;!$RTIw-RgfgR|qg7c&BtCfnD}cKdV9
zEv$qL8!@v|?~5?^R?YkegQVp4HxQ)6t2HFS`3sYC@=irpN;De<GergBmG%ld_aP6Y
z%J#l881R|TcWN~N`5!8`;3kdsW$CUStz_L!crD5y4{7dO&@7SR;;hW>S2JNtPUyzg
zxl)C*N^7^T2D+iPG<Nuu@!~%4D7(Cwm;#*EmN%yIn`5bGiqny}X2S;P9G}EtD3Byb
zVMiPzzgGc9o}eV*Z+Bm13TqS%oVdb?`Z&4MZUS-WoRXWttwL}J)k@_w%M)|NvGo8A
zmem_hF18l(AjzWG!97mE7Y0gch1c;-*#s#r*3@<Xj`9yj^hVw~NYnvjqOrU|&+xO%
zszOg&ucHmuDGn(#jW;Nv(d2?#Hw^qr5YH%)cZ$%bEoro)`;{j9hZS|#i|&Mrq`T|S
zPR!7Z-B>>z)fx(v3YIYyM%dSH*lzk(a{;Qh&xS_sL=I2jB}Q)ub{x-2C{l~7!XzRZ
zTAsjg0Uz?|1qB{-T-8*e<n67sDdX^=!F&SOJ}zF7KM!E#CLaMi4Zb#E6)*aPk;YsI
zu*Kp2FV9@S{G7+XoY@?I&nSMRX5&0&BX>}hwKJ2z9S>dW&*4yM#KAcMqGr+7T9g29
zIBRf1WOBo#JW^*>(h64BD^fo!0jN1QLl>$x$TpT$FiM5(`|M4ieo*+&79#m={~6x=
zH3Ib9wND9gr*<4pPxsq8$?skY0#;D}L(DOTAHTD|lNGAty=A=}-PWzp#C`Jc5_aOf
z!S--=gM4L#8_elyS=Y!kbg+|DAKkfv%fYNzbuZ>Z2pa=}4?~?vjWeImUboTfO&gV4
zR<Gl?OXLs6Nvj3&qSQ%%Caw_-rCm;xxKuOnV;VVo5z;wwlYSJAol+C=#%`Y?o!lww
zJ-_fcBCRiGTL1ODKuUxr_rM0O>gko>`c42+`H^=(E5AYw<mT<v#c>&6l;xVl1=41<
z5iGJ9?|x^Vp&~XAyI;darFZL|FP|epY^Rm99>H7DUFFii;CLl9ic1L0Q&zBmu?c%*
z7ogn!KS|;3`p@gK9ahw%v-FEHr}W8mb@?oFJ6raZPOHId5c+;llHcHq#{y!8c`Z4r
zy6Ztu3{KT$VXLG`4HhpF$@Qg8I5NprhRP}pW)PNy>A^&y9;vVrt^ELom}lXrP^k~;
zgg~nS+XzuzbqZG#=jqUsOA=%qtNAm32xP`?C2HG$SAzIXmKcXRkngx7oiC$Z<6Hgx
zB_DHw-9jQptoBi}0geSKn43qDLd1w8jnlwJbbJI(u9)({BRhLC?0D5XYqREz2*qsN
z)43EPP^>!99}=zw4j>6crV<3SB2ATUi~Dsdgew!5oLOFN4?O8rqniBFn`3yhw3?)n
z?27wPBeFrMjbyeSYC(O6=njZx1D2)LgR*@`g->Czm!i$|9Xh<()21{+QS77~hz%fb
zP;5g_sgwn*-CP&Bz8y7G^t>ndRZGo7t}qNd7&CIWO3DRCuo|$rN|H~mdrFsn+tQ`P
zKoR0089Lgth3lg8U(&e#FTa(?UqGo8ZxYv6fkplIB-+DvE_(&kN~I2|Vveurv}-k8
zp*5%m*}unv2#GvNjik$e&~^z{%gL*n?k+pOs;M*uzKpd9t$)5rkLf^bv>Fh!R$^<#
z;n#bZxzPHP#t_0c9(_!pt6U`A(eN0RJvwUF@F0QRh|<19*>eWT@g@F5rl)N>!V+1T
zE;??~x)D-0Q6(d=)qw<4hl{P4HX|KawW_gnVI&jz2-X$OsJM8(kdza*`^|EeN$<t;
zj5X=GDn0E>w1g&bopzE3Bg>_ty5g0qz3q(AXzg{2&AkbacCih3$t>Dtp6i#K@v%q~
z=%|@3PFGVezqOq0F6s%99zJ;AZIc4I;vX{ec8U|>xIF$0Rc2u+cwp$VCQ`Pa{ns!-
zEGPc<+y*?-z?Q#YChqX8{Jz$G{m_W<TJ>w&rej)Lr$tm#qhV?GjY=|ej4QTbqI?$%
zj9`!kh#R47Vgt@XZ@)Y=bI7dpl1%&vCdm{-)Bty#S@5n4+g^<GEOqNZ`}IsRyq_i>
zSS<sK(KY)_OXbXlwD>?oLR-C@jiADH%S^P2Y4;Uz=Z|I>^0HUO_*b{bv6zM7$j%Gb
zg%(_k2>VTroWA~?B#sck;##i<vE1bK^oY+|GDLnfkA&nOsXVCYMYUdo4DVxs3|3u5
zQ#2HZF0Az#4g>A%N?E;{X&qcEWzzgTIt|stvz3cCJSh;8&#zYU+yAY7&uW2B-%bwG
zKoI|V|B@_9AAbB6103aFm4Rn`e3gL}p1BL`AI$!RUp@;9UXBF#T4W*pE8>`Zrk(#k
zKQ9+ln}sD0{r3!BntA1I`s`H{fVKXgV#Lb}3rL`xp(!7pq5<u~I|Pu<S(H8dS}=h!
z2}^d`w625;;<&iO!=|6#%g@Ik&uaLK;c1!J;hL)M`mJzyc{&Qkgs&_)qg=Z)`+Dhp
zbXg|4Hrq%ofsw^>y}bNb*aiJ3noIslel0gJhV{I5e_94=0g0C{wSeK<e`*1@H!sFR
zzw^u0W-iLwyrkQ-0!LT6R-W<y`c(!br&>6^OTUpn=zn3$P;_Bk9R`KLHv2(NtU>60
z=a%=cIcTv3+HInV9r-F-F<a4Jufb!Gk&N<0x`(1TE<HHX@+M1;<iFLIrIdpW<Rs2~
zcatu{kx6VfgcSZ`)ilfYzlHiQ8eo5IkUS;Znr}lqD?*3Yc<=mnT=!!M8KY|9nlO9A
zI|tAaR_W=N!lvso6<83&hYiZP)u1YFtWvM?v3^*6z9GC?g!w}dK9;9T04VilgrY4f
zMm{j)sxbRiC^^^{Q!XF=m=IYo{-;<Ez5J($U>oQex?B$w5v09VZrYr7Z}Y8p>Q;A2
z?is4AJyk52%6arNDPmZ+%}1mAExxP)rV)Waz~l7Z@g7WWcV~!G){%?u^3%Md7G2-F
zHw?wwZ{6ALQ5wH<-pg?v;Ek(4bMxUS6D#N9qrZ}nNO(gJfF==#b+$+lXRr(=5OO4e
zdO>?~2u@t@JIHi)0Koj_z`_&5=V4c_6Qk~iT9oO?qBsA`t~+j+XmuqJ0}`-MTjKmM
zt!Ns908c&0SDp$QY^hSODgQWOo9-e<T>DmgOvVy`W+uM?<#SvaIkO7#V1^B+PpCp7
za(_|>c8IN}fM*YblV!Ar{mX@1)RMGvDxYM?;u9$~|Kyeo=$|p*+9xgzDuqlg@ufIg
zID>8GoHQP(A522r4mR?5fmqj}br};1Rk_XZlTscvmE1FD8(oT%NF`Zu=|>a;=Z#+m
zJ7uwVyk;pNcys?@sym>0EEl^0m<l5q@mc%tGFz%f0N8TY7yk(>{C#`KN^<eNMn82#
z)vT_@hz~_jv>uM3(PulnZq&#YCJuXsgLXQ_=wvvhAZ%|fby*EDP1CF2o~Kr=5aK|<
zgZAL4a%@=0b$Z+7$MwZU8v2A$z*I1QvZ22rx8NvP<Wir=yiF}Oz*k$P#|XFZu`>_J
ze1e()3aFQ9ASX&aOC`od>vs1{sshN>;-4vh7n8gR*0{DNBgt2N%;Z?i2!}sheQBMk
z)0b*$MWei1f>-J@@QnIfaU@2b)B*boo~8UWPHA7A^7UA%_n<CBj$Qe?%46YE*5JNL
zgu4vH#$}RP!e$bmf4l%by(b~f(()`HlaKqYF5Ut+b1`lupHP$c3RNYW!=ckMx>``3
zW+R{6=TY!+(RF}q+98XJJ*1RJuZQs_FSY#FfK6!Jb~EFe2zD?yL3<w3Dh%W=iJ7rf
ziK5yJt@PxrWg;{Dx`KrM7y}3K6rWeNq)1<89)6Do`JH@A$UVkXsAKN$$VNG={79*|
zcuMx#1%*m=xo6mxD0A(PzhBNDM3v+cjQdvUUD_WK!bp=?PKn^mg)T4M3WuTi$47eo
zZ%q4qRbGEAEUD{0vi3*$n-zsMzQ*Ec;%Z+HBrN{yF{&|@FX=*C^g}T+Oy+}2jxOC4
z2@9XReE7XO1xj}W8mJ$yUNO#0=9|7&m~o+bh3BRbKR1=85&F-1n2@PlZIu|iSOZ}x
zT9@<&CSp2f91A2cYXN@4t7%*kG(JQnJNCM8mme<R9h^Ns9Fab$_S>pRQ%h$J_zmiC
z*v=-8;=NTQp7<vY`fy2}L<B0=dS-e7+z|nST!F5EF$~$AXD6$U_fBjT2uoZ0<_%Ri
zno%Rpp}1}|K^p0dWg69QhR-DwCje-@O(nzKA+XXHV`^THwRPfaWhYomB6~UuP~jbp
z(uN%U*{9p{c$uWdVT^8y2Q!pi3dBRzF<4Cu6`1YXeK^@c!-AeUHU`kM598q!7t&Op
zYuXjbn`vu$2Fi3k7sB)%w^W<ENdV#iAUZN1mK~P6K6TmLdv!?0%mM*an(MzoDAW(B
z4@AwY)B41i<KE7UR-P}y@?^1{81&Y&_v;&3hsw+13=W6UKxfaie2u{ka>FfKU{Bml
z6|F=F#*Z>szN>1I9I&0lH7qReMK65ZglKvjP7z_lSUo-PekT3nM-kajNOPJc_bt_#
z%80=`@;U*>pH++J&E{;cyy?A%5Sk_jM9UZr5tXke^U&||w+6_TIfU&XS2RWVNL5RC
zR6x4QrG3pj<9035<W>8&*ZK+`K{05oGH%?|;u=XAs{8^+^>3fMpVj9-q0zhRv@sJ4
z5{C5R<2G9$G@?3^Rk6ffr>Ovfp5fq!+kM<Xgs}1hsGsu&tYnOmz38b3P1Pipsu|gX
zpG1~%^-%0+D3_1)D{)y*vwmVxF+IM^V7<e3Tv1?9Ym!eg{Lt170!ejqm05Eb`yxB+
zesyxkKI@ogN?)Z_$(de^ox7B25$&djY4DP+7R1X3_WwX|4=5Jr4F3`eYcODB2s`5-
z;Nh2aN=db4R3g}H{5f68jb4SBqDN>5UD+z9Ne9B2U@>-Sd-1M#W+Pl{Ac8F0VyXjP
zykXw;C?T|x$*p1i6Dmx>zk?w+)P+}ufZAP+>n|&Ey^0^fT$E31a4LT3vBOGX`)sPF
z7D}gNG0UQI-qno7U(Lcw>>&?@kF%+enfKT>6wY$3V>!TUncZ(9bT40!{{-~~XmWh!
zRm@fK!J3QnvG_v6sMwylk1UlF+Qaj{pfd4NUul-_6q5qtsmUt;SQElO(;_;lzL=c~
z(sFa))+<U4qayz|gu@aI06zb3YeoR^vBH}pfdAh(2)Hm_fD18QCPRSyFFs>55Fu%x
zd^Y^YHtcV}RqpvrzSK?SBl_Q#yh)G&{v+{NN=kTh=Vn-hM2aT3SSuLBh6k02sGo5y
zm_yAL(Lj@rOp!S)ao6+Z0KZN3{M$tw1TPkA?Z&84;>6@eDcXTicmSr6hx}g>z2Sc(
zdZ9|I9O-Shk5sp(6R_nwoqI5;33kX0B{yykLRJ9(?!f@I*-dr?gSNnSHi&%EFTZE=
zqaFh)<jT}-VnGyivn@dXp(^tMA@fnk*65!Y{cPE?_xJ+H`lm8)g_fM2cL*>{(+4~k
zx5gi=r5`c~o-e%o)Bl7*YO()l_0n}}H(3GNv{zN>ISj(n9NFm3$hqo83T%bn({GY&
zw9AukNex(=O#tNrq2RqFlKucS183}Z0XC6kqkxsIM-COC0O&OkOgj|#AAZy8laO+@
zH4B+ghGXBWq1?T*SH*k|iqZ`f4MWIZ?f~Ooq(^de{``L&#H=2U7XVPi+JkWUfwwWw
z>)fksSpEx?)oev9=_TKMrpl%dta1E^D_e+cBV)lN1+E+@QJ#c>(K$Dpv1qf&`;F;T
zgV@_8FnCjw4Fyxy!EM^bbB%txDiYXHjR52R7F&N~F7xeeB}Ix--=9(mrh#wZG5qZ&
zdRhn__U>{nW|52Ir&0x9+ocX>zQ2<zP-o8xCN<P<{5@|BUR7J==VqNUo@p_Oyy`jA
ze_7y=$m8lzCYJT~2T^Pq<{!;3V2&}=9I#XOR1YYQJY*srg_&vzJkGvaJ>3qTl?WCF
z^|j|c!#R{_Y5v7bg}NpF=*wFLB~VMZu5^ky+~#^#0i83B8kC+bj5*)4F}~LQ^&~I;
z@mI(-F^VLCDFjol0*?4bTe)&iJUqn1aY@d0rZ9$PGO4Z;j0$#>nhJ%e>hYY~;28$8
z8^-%a?sRlHfJK4OP^rQsd}T~0D2(l_)xuExY!w$pYu6H!%YeSoi`+CmlV@pidc7Pj
z64DV#NH75Jpd&@ku9z!eCFZMr^yD%j@st{Mxq}&l`q$fdD5l*IcKk4M_a&q;hySJ)
zmF6XS(VuWJhmk(ncHMfqxVuHMBV`(g<0!d5R=6!PlYx;n_0A_URcEqB?&Q~j&t=d-
zY5wNt+>X?aNr@;&hYu=T8eEB^*x_Pl11E1Y6I8=C0G)+mJTbOS)hBNOL;)AIO5xrV
z4vR^fV$q~#gTo%9P28BD8an#s3G%C0SoO-Krzlhjv3b_W&v6NcoJ4PLcO14DAl#4N
zT5j^Du50Myf+3B+*o{L0E!u0MvhgK2-oUiS@N+gBPo=J!UOC$$pmHrNPROwU`5!a!
zbHNwp0SHenz{X`)AXug3%mb{(+a5=-DYWd~tAy|jhFdkSl2nEG-Xj<>uwRx>S{alg
zm0bKz$J18hQ4Q~u_!Lj~=@fZC^l~WXhx;5diN7pIGf{yZR?z-7z~&ZeDk*2?bWz}#
zmkGGV_>NAcs;*<4@+;7OE@A*3|G{)j&m#fj^~`TVS`y7SPHdWEzklf<0cIR7#@%@S
z4LFEeK5~f!JOuO-z!l~}71>-bf97GU`T-%}(P-Px%}cnfOz5Bs1S#Y*26W*2b5RjN
z+`Gb4&f|pnwf^RklRx;#|IA}B&-P8^9DidJbMuy{`o4!vTJ5T6z}U6#DZtZRhVr0u
z3EwAVQX<5}$P5HiIWn?c4sd@fJFV<2_Vhdo+>)<?XLEmyt+62-zSXdJAmlKp`&i{F
z2A7brp@w*7ino3aR(`KEgjKq^9fo6#;O*yjy!Ex-h6Ii7tMB^G?Z_!Xb+LV!(Qr{X
z;(;zQowtUL3yjp3!6BLVhd(p5_Z$phXjv6Y=w#CHrMB+r`tGrC2{Bli_%_|?u`mul
zxTE6;>CN(dii;#Mt+P<KFQ8aauLvFsG&F#+=`N3lX%Gk+#5R{tz!ArbIABqwUw?KP
ztGw&_OpHo&vebI;#<Li|(x#KNF{YvExFSgk^rRms00bZ^2}`(xCsnLMC)}^SZ4NCu
z+^nHskQ@%7zogr>Yks+=RnQFVTQa-r_Pa$|@SWx6toKxyCX|l7o<H?{rVkU8yFj4O
z2m!XD>Oa;-UrKwb0uQB`br*xh$2+6$%WaOsM|QeR=pX2Qhak?@ln68{CfU$Tt`AKP
zWSG2jsUui`r#32NOlsXPB|{XQa|n0Raw7zGM;hZP1a*zlJkeW|HH;zHHIIoOPN6%K
zRzdDgt)-rrl|)f^{eVxr+&YX+sl5BXPdRJO5(hc5YGF=306B4<teFEjW*BySNQAU7
zf^yVyNM!R%5_PdgAwKL3ic6kR(?G1hv4^njh)|!_Lh9|4{j=)rz7e`C67iUL?@jm1
zg4^x`-TbEjg&un~EHS;%$k{S_WBdvQZWwI5aPEsfV@^OUwg}%5{?8!+I*R3TeZIw?
zs7U7SYx=<pYSxx3ZMThn5Py1!`Z=I5f~lOl`HTU_GMeL5F?#?m==!ou6Mh2yf_Sk5
z@*XAz!iYRq)P0yXGO^{KlvW6+^=d=0G(`VmTMqdH(ZrSya`3-F5~62U089M}0>=N1
z8D2pX1BA=iA!x$?sU87Rk6567L<3TL2lubKQW9|7P~@)#?SD#3<+;ywCDU%G5E8mC
z+=WmwYj2>3o{L9|-<JCzHd}a1M3ox9`HN=0#6BwguVBB)C3xfDwHJT(>iZL4O-H^;
zgV|Rli-LasMRc+MGY!(B0GKh>x(|G9ngS%+bv{<RdM~>INwRKWR39xI6GsP{&ovDk
zTQ8B_RSLz_6}$0oq>2QF$5m3|rpimVe4-%kDHjCd46{I)Uu4iyGVQLBs^n*V-0vDA
z(g~2H31%^_lhKl!sWu&Vp9?lp)1$#g#VW)uG`QpRmFbc3m?nSETl#OQXqVIV<{p0V
z_P?E`N&oCP^jo%sn0rPdnq2hC0qt|~Qw+a$Qe_E5Ax2eEpnkYak>vwH{K_UZFAkLi
zj6#UWp<mIV-~?qPC;34Yijq1A#ZXo8&Upp*?G6}}G;?{mV%JA#KbY!W=M`np&m1rt
zM#gJlHfm2_K5#Hq!d*LEW<^yETXI=kj?^4ZmBX3iZB*iJqnFu(`2)Zd)o#s7ND$ep
zv;WzY7uZ0(l*MX6a{Cp}(>|rN^_oVc?cqMTl=mU(=;U%msyf#_&?Loec~v4d>h+#N
zo0=gNLb^3dTsIDCW!DBxaS*E@F0)+KsPc6|;u=$Uf4+wlh`aXco#C*IZ;>09LEp{q
z1kLK+Y2s^!lmNC?a={o`16u#RSt&nn#*ABvaqlFwOXt1D-%p1g(w_}xZmt!bodzzB
zSs`P7+_as;Dtzo3%aDdsh9Os%Mj{r8J$O6N<F=NYP{lOwrs(Y?NIwZSuFmYE067u<
z`G=7lIOS816cW=VC!@x-N7}i=XhUOqtx^A#?5F)@w-J{SJJ0Q3Ji6PTeQ8Q+)g_P@
z-@6{ZrD;Goo`U`Mg$%i!ttn>7^P9+^2Gu~6wjHg2-~cpk@`Z$RpmU3P2t)PGO&dAl
zKf74Zgtns{5V}e~d2W7uaP0}1(6m2JyFS38#eU<aQSrITLGHmneoLZ7WV;0~d|TNp
zm|z8avbj+@tF}NkSB3_8HkUeI-XjvhP}TY=R=J=^<&)I(NG-Wy{y^vC?7aO<G__9~
ztjEIQy7UkDiT>#+@(>>c5U?a`2KZ0kyN3!M$?SC9FD0HMzOS-!@(qBha;Yi&$jFxK
zWr`E4Dt-C$Yn<|FQEmd?0ItZZUk3<Ip5u8=pPM-H&uLhu>T6=TPlZDl+z*V*RPvds
z(W&pa_BFXA;xOgU*^02;6snK}v7Wbl{B(#!o{zM2$NZqcCE!(smwCM7)!HU{{It$J
zQ|^R?KjGozG>p;egIeawVXu?CORt9*b`V~X*F7FZdJg+DS>i)h{x5drI7!i<J&fbu
zh03;4!utJN7&dh*;{z&2zMZsLkq5{e?7Ir#G?CnSs&i3FAbRCJZ2O{juT^@WN<3>K
z;3(0NAAV|ye+SCS@Ww^zE<>|X@5t;g4Bl@e^W82902gO<c@3$tFq<X4+@iR`#tc=#
z0-tAbPg$7Al+1j!V{V|TM{9<yWfwPd_d$^rdpRgvxcuZ@01~G6E8rT7MF@BeM{IuM
zJ)Fe^3VA(nKXm(#AwSUHqPE=M3*N>)ZJeKtx<4I_?p~U!o@me-j!H@+kbcU|>1NiU
zg)kQ~VN}t1yPdt}*V$3cTDUToM@gk>`K07+7AnJ{o~fTJ!fm`+z{$H!z@0_&SX?V}
zf%ieNz;4#4EGlPj)PB{a>Q>ft@gQ1(`kupL%i%Un_VbSO#g*^IDLJ@Mu7tKc!9%m+
z6Vwb}JHc0*fJ`}PFa+&d5t@+|FOED?w{jy~r$HssR0Q$r#d-`zN2B<U!4`6yworIF
zaDkjS3e@u8!uzxeFlT=^zO6(eFF>kb=z<-6IKKJfkHOpHd=v4Qg`h<rITv~{Ui^gd
zT>yisyn5l$a{)(*;7+lztLMi_bzKLu`RMS$RI^C;UB!&Do*l|M3-^*!tcVFCPk1=1
zuNzreA${W<MVp_fl0kQo%<IU=s9J?)rQcc=s<p+x^K@6M8&j5jS$)02s#3;f6E<z_
zMXIdAX=`FbDnjFqb>?!NZDr0?FuV6F!-ZW4UO@o6WY(KO!1@ij3`DW3)5gKb2k^{g
zdASBs=WJ=4b@+{JCls{f#D3X(>#u+MOO7Q1*}9U9JSd*gElh)!OQ0kSO(ofW?UAC1
zd)D_I$-dxwYD@95DW@#8YyU>N@dz}Gn!B70r!=1r&5(@C7?t@frl3S|C9hx4Q^2XV
zGbH@Z<Zi6smSdK-;4NQD)|#~~y$?=JDw0fUZz?QCslp`4BzfAMfqExtp!n4;-=E#p
z%Pk;mxrMB`OZK_>k45xsI;IABpJe<;`YRUj&s&KeT*OznZqAZr6JnB$VtCy2FA(`Y
zt88>JVsvES8$Bk3FVOl?ab%9fArq#_O3vc+>e_nf_r~7hW})(M%kccL*1fnclx}Vd
z>fExo4P(i_uKmsGB~^f*;F$lbq0xE~k}676`cXQfbe^^QG?Z!8L(xKr89y{hoK^Pq
zqJ@h4Yi}h8`Voc9249$m2RzGDxAxM`Q$-<0LislzPV`_$pyQJ`<NJPnsmsekF-$LT
zr^Tqm{Sc}7ax>I8z<FIxR)2WK>kNVl_&QFK-4&MLxipj!+-J9jdvx3%KszW*`YlN9
zY?@_{^@WRl$1sP;xGs8qg8-Spb&@OcA>*o&3ew|mbJ)*aW!||Pg1L)xW;3@A7>Vn)
z>bJ@R>Pm2+Hw`}^9r6y31S<U<3aJ2yF|eyzfm5`CrjSxa_fGbk;_K)?kMB$0{~0lA
zXyDLEnrLSQ7%zL6|JiEw`F-!W4|1!q4RPntQ2#jw_R{n#a7iHS7+3fNDgV!be_FHx
z2Ve~=0XlEdf4>v&1H?PI?XX$@eDt4I7a@R%XUR_oJo4Y~P(N3sB)!pu{(aK*Fwh%M
z2;(iflcMQdIc~MgWjbT{>0Z*-2i#t5mnU@>r*Bw#C2zO-?QVZa_L98x&#V8OJ>Mr>
zWby}2p<|}j4Bhecow*&(r8JP}#jbT91wZ9OeyGGG2MZn-*#CXu&shCZhfI#kaJ{8l
z#@)4?m;SWQ)AG2_I`ZM7b46!tKiz8FW1s%a_7}>(IueYaTn0K;DQG$G?x)+u8Ga9^
zkoDx#<F5Jb_FQD1^zk^IvhxzRXRFLG1l_-T;FY&9#Mw2HI3^mplWsyhw~&dAzyXEp
z1!l{r#2E0TM6}+t>5ko9FK<by$cJqA{v8VceW{nw?-YYZ(k83O0@URrc)T{Q-Xi1I
zojj7IQwZ-QDZ~<oMeGdoma1c#;f&eT$)E-9#zGx>>@D1l5T;faT}6E6$y+`$z)B)Z
z?L>u*ajU+Y&7qB9VcuD-m%I$JNk*8jw#FPS<cv9%oXC?JqV08Jv0UE>d+ak;C0$9#
zNu9)>I|Mg&ZS=Q0SMcyCeC)%78_Y>%4Y1pTGBzgG19fQ>1_;#W8J2Y>UW@P3(^IwO
z85#s!d)(O6Y79x>7x8uJ*`&|xu6X^9ZuJ0h3qEl_aC=;KQ1W>;2E2ay_rL(GJ%af9
zxrJ=I98-_lII<J=Ed23zH!ql%?p6(M8`y;irF45qeaZekIKO@sAy^UIIL41=aA^~a
zjY25@f41BzP#vN5|M+%08i5>#;SuZ}1kC?W%k3J^E?+c_U{e2eS6=2mSYY6Tz#XPw
zApUt4UOw{w2VZ%dp`;W}1%~6shcR}p%q^ElNBqb$#xj0{wL0b0$@)6UU}`6X-5h1+
z?*TVhZ+fRds-HPNPkMU6V^!&+Q{#n%?|z+sWz@~>v-i@It1KU)%ASKFkBff6MiY7G
zOP|Nz_vWq!$HUj0;dDEy$E|s7PivC5R}R#t99GzG>=!|b-BUH>Y7RRmIl?kH*nvKI
z=vz{2H;JxIk*54_YaDWN^J^Fdk*bA#ZY81l_#57}+CnN13Qg2m+I`Q@kk+D4OA{J&
zLq7qf1%lf~rA^RAY8@~%l~Js6m#~TyY*_jtL^O5TdYq`^gz}%EEqCqF&5<RA71)&X
zcV6*mOX;rh=o#(YmY0LZ6D{7Bsf@$ELs$H%Tx)sZtP0{SN`qgBPdTNryC$VLV|}gs
z<?l@#6e7?ibbVm<xZE)B^(E)QXEnaCxJY%m0z##8#NfwUADy<Q%`@#|NH}g_<NJ&G
zc?J-~vH?e;nq&>MFwMLnNdZlsImx2KZaL$`^yiTkqS}sH;i*Y*rR#FR>~=~jhbdE*
zR0W4Bq5YiFX;RH$W^0M|T|5O7Lr6(&T@T}ZI)2UsYtZ{KXDPd)ID(QYN*!}lEZN|_
z(}@QUg)fEMjqts1VicCcl)xD3v~7&<-PTC5%k1tt^BpSoryRAzw0<avz+A);^n43E
zt#Q%1y*sowDy$GrVanADVKGAc>JzRVY0;WBqLyAQvlCUSa;gy--~;#1u&=}RcK0Wr
zeq?>pzaAaU3Or`oyEx{(k7y;iBKAPyZd)!!=3c(MXMa#ku4Hx<w14HYIHy<q5DUc;
zVRDfez=^Y5H9V0O^o3}VGeDH-`+<B*ZFkW(T3Ye&*PbE=>>NuORxthrRh>Fi=nC0I
zfz_R9l$tf`(y^I*H?~8Dx*I1;>=qLZ<oaC_b3P(5(i*WnE#ZVUPIm`#?CMHEKI<Pi
zQXEi~N+Afj$rEg2CTTS#+`iT8dXx#v=x$#HlC=6+%hO-)1O;GgBhXBu`3=O#M{pye
z4lV+OIA2m_VZQ5L<X`p2aVoH-cDgt9yRO}#wv9A;)(U;DBU1QS93WH~)ftvl>sap}
zt|lIU`MUd0mhacoZUYHC9+AdT{iB^Qtwj27-<PWEXsj9;8u{m^-VS*jmn#@bnbfnq
ziNk2pD{<4rxtih15Lt0fVEnut>3?9>+4}AcNV$tig^Pkqc-F0la-si<J)CvFnUrDK
z7v`tNq7$B#UOMz*8msnvwTDE@c^<6IJ6cQEKE(tXnZ`!s*66e)>Kt&emz$&p15Sdd
z?3{9>dOSYprFM)oj+l++-xv3_xS|_t=weE}Y_l8W*D4LV*oa2i{E8NGDlhO}+jtFX
zw+N)J<whrTKfj3L5GovbNC~KC*}g|YvYeBtJQV-FxCR9tfKREJE?)ZYOQGP-Z?$}g
z$;^*6-qO|4chud!?mc6hjHS9Pg(WkqTbRNgEu;jmF08ieTXP&xoHe#KN`X2^qPjAb
zt5V6lF|2>TWeQVHumBoWlbNn|`z39LE9xLwOGyQfvX`@8D(4{zrJsJ4D<#_;mUXam
zc38_=YgkgxRV(m7V<#PM&b(Gc3>(+z<hwX#jhN^<Aqsas&}6=U)uE34hEqs1J|8cI
zdav3k0~sw+xoLQGOG7Wpu|ItwX43^udH$1#!|5_<h5YK=j)jQQ+*p7&c=bcY*w#pC
zE$lSzzNB_M_j=Ks2Zs?s@xZ!%;*o`2!AY#lAp@YMC2#YkxVDk(Ai%tn2v06*-qurg
zhX34SFzt{KRZ?3()q^5#(n@uS>!0L&vyl|0DIcxWxIxhz@$MC-`ai1xHJG<P?D+JD
z+lzC$-^Yxu={jR8qw($iXwe5aXF7zn&O9~XUvp`urP2EuaiFGA!A4=}ShQQ?&N@??
z0>7Po(1Dx|_@2-^s&k=H@>BmKNZM5bsg(RW4t<R35}rf3BM_awh=ywMU2fWtQ}6`F
zz@DG>TnaNT>8gR>(mQW4h%dzuc-VxF-rxKl%U!D5%>@w;70**AXZjzIvu%E8wrP`*
zRkRwKH=y;2c8W7WHKYzxQsGdjX-A={O1(SYCFuD7Dm%-dIKDVtCj=5Ckl^m_F2UX1
z-5mx9!8HjGG`PDDu7d;ycXxMp26w_v{<3>_x9+XF^J!{o`b^h!pYGrLoadajz4F*c
z=%7mL(=*CH%zgVtYiKhFGgiXMvW`Nv2(f<3t2MGLoKv%B|Gbs^w7Z$lDkERp!#Z!^
z{>gL2e{fJu!`sp98lx#Ay>_xlD9GB|BhI7lQ_=Xm3|om=P{Dv?{JEOdI_if88g9<=
z3FQ~sO27;NI8U1wp0%cj|Atr9E^h#FC7BHTc%_cvZq$M17<<yz>0`x#AoFj5r5Pby
z9sR3z@9H>oL!DMCYCny7>>wDEJxjgi=6A?CCM^dYu^y)q*S*AOSn!2eNP?@MV%%4F
zy}Wzlx2tF9L1|8{iSbKgXMQ1P0JH2s!;gNsjF837a+?rpV?UyqW26#>k@3cbpPkR$
zlgETuIYEQcRWrxbXM`ZTPu#y-KNJuUI#Lo##whzXu8D(R8JGqKsbMkAR7A9{ns(+^
znO{r6G#3y_Y{(UaF|yWbf=e|tg%#$LD<Z@S!MecFp!N@x_N)%dXBUQZ7Jz`QcUD#h
znUz8J9qFN`8tddBdJSgKP&}=+PxV`7hBH$T{RG%3pNKyt!=g+ok5u8NiHboB+yHhj
z&4^h8G60Iyi|K!mzuX6joQJOC{ZqfTdyy&2lU{fVJti7DYYz$tx}64Vq*Lu(qBUdX
z=pV7?bduyST==X9FG@2k9Z#c!T&xu}Hdh4fK-yXsmty+D(T{}qz$`lc!xm0g!Kw}~
zxOv#p&V5UuuCR)?W4sQJgmH{hemup>lX<JzIK#6hn9%$9pk}FlP=m%q(C4G5^1kWG
z;OP<Sj7O!Kravshaxy;qsI3B#0lA}mFtWCg1miaIfrIm?VA8bOtVaaSn;#jqw#d>W
zZQ21VFEz=kze9ED=W)miQBvOR*o+O-#+kEai#eQhX3t^pHb`6v_E&hgQs_r^1wFTz
zb7>vA4`;`ven9y53~@k!=@H!p_qJYFDc%}oObpd&`~bHgCpu!zc06M1llTO?ZF4K7
zODv<e0%$^LOS@{WR^Q;WSMm!V+k{!v)xoXNU4;l>smwfleWzEKzl7tXF;0MJJoUyD
ziTl8Z+1%jbjjy%{NJ&nM`l(v0lT$DV;k*;hJ36dRF1V%V#$fx()zClRsqv{Vk3IEV
z@dJKJzCcD#sfLMag7r%T-9V%5zAKH+h5((+Oz)lCU`>P-UD<e+5JCcvV<<x9``VBi
zoFz3gw*6lXRyV7G1%s;xzfGgk7Ob=r>rpN<lz(&aqho2$J-T6JS&ra%{UE?Z(*aC=
zj#FyX4<Q`2&KS<R;~DJFjHi&bm!RE~DfW2#PmyZ;{IMUJNJ5q!Po>iP{DSw(gWC$C
zgq+$`#UcI|a1i#U(>3x*#7Gt$NX;t;GlBF1wVRsgKZzWjeOqs6Mi7pcAxG0tJ|;^l
zmiY=55|e&R@o1sm7#n!$NyMP21yrlv%+5<OJ-|)aJuerqoQSc&O9RD$H!*Pwx&^rA
zL*D)5?BF?ZZWF@*G6Ggzy~!>XceG`}{ik-mxyF+I6q5|M$|s~3qElf%$#=c02!EpY
z{^EAHD0YDp+LVc(f^9a0Pd=nKFzm#?=Xc&Ya4GwBuaX~$<G&hee_oxfluOSOxwTPf
z``gQGx^8Hccz5QU@lo#%#O~<u)3XhUk1jyT-(Pr%|NeN{Efb%Q`<YYh<jcjbl`ySa
zSD4uLr^vbncz}P)XFx3PRWVfN=QqT~fLNX~-W2rGM>tIz&d~)w?$Yb{H6K5n_o7l`
z<9DTw?w_M_-rqJ7aQ$#>!_t5A?~R%o*6(7yBjBYBU2GlhPp@=ZLRFT{PoLK89`O-j
z=?(}ZmTn>Op!w&}xFde^`7n|3{moA}80cBN3<Il<Q{qv6ESRS^PQ~&1-)<fIXR#&<
zV-c*sT0DVo{Men((qy;y7W3Z<p%E3H#Qap!1w9$|Peafjeg*sYy~!9CK3>qm0ayMj
z)&CCFn18GZxWgj!|8t8!B%w|iN(*#d-Xy<*`5(>w|7=o${O#>a^!54cm-lRff3-tK
zBaQ<HeTN|`>?eP<y&Z_c7gSSeQuvmTfce7za;ffzazH^Wyvu&{-Yf#_Rcs^aBQF_=
z5TdWoD~&INk8k-4$fIBQ#Bco+h<z`jPj&GA3nR2B2>C-(_KVu(`lHZ9?Swni^&(UE
z;uJKKsPhnlXrE9$JU2i^wv&5XL??ogejsHkCwkd@Xi^SSRUp;t^GQ$7oYlTvB8e4w
z5e(6)qr;pQBE<L&_n57ZXvC}J++qV=hp2w!bLMxh&!-+u<k3E;XXQ14PjCmcC$fbM
zO0|!vFsof&Q#M%A)!LpqTU*0&offZQ#dQv5Ps$QuF3j>Cr<s-Ad~5g52awNai}I~X
z?L=5!9Qb#0;oXb5&gY(btW44@iZJzpvHOZJt{>f8pOdvNMbk8D9p6Gc0eZGxRkO^k
zV&7R~?tV{hRT}Crq>Z}Y8LHizf&#qEF1h5V>R`7xtkHpe*6++H6B9>kWkM%V4o4W}
zF)j=*2%|4s#|i<D11u>Zs`+}#f@0G|$@#h0ndy}bRGw9ESI@r@&(4bSFCaU=c9QN9
zCypu)N~w+ba8_-6M4*vK@xb$Fqwi{MYHg|(TgW-{c0Vc0Uz%9pDW+BRwqib(*`xhr
z#(L5&PL)GFn0TtgTx+dX?P<MHBCQOzjxqqR-Jsqj3MAZluh-4oRv)6{b>_D4UJ#Lk
zt~gJz_8`6_jWU(owT{ci-a{>}(px$s2J_Ix_d2D#4faI8^=C9EQ7xV(y@<Az26&c=
zBNJ_AtKji5e_eIV6+iL=)wft&X0$dXgICT=n858dBxYRSj3r{h@^Jmf@XYl!3pw0`
z&K<HkL#dRBtrZFK4p;SK#%bFaD`9Gxx8X<^H8pMq(Q7+c>_@286F|UEQU1stMx3(X
zp`Fd9;vwC+#j7R#*Z{b10Rl1VlGXcDexU5cvM1*S6A*1^RxER_yB8Rwo9EoCx@8=7
zSWBxQhk&lC_Jgh6$MuNaibYnJe(EuG&tonwCxQUfXP6n&FQ4Q^jRZ){D2ovuFlzO|
zl45Z)$~LG*n*gjn3I@CFRSi9xBa>eUI-WoB$9`e6py-m&HM+fBiZOv6EEOd5%FUyc
z2srAgw>4=Pb9R0wKC#kAOajANA*R;g`#HPZEQt?mU?_fZZdjXm@p&PAKD2VYL|2Kf
zIAYK3Yt9q``pc@h-P(tskVNtEsaKwfny#?r^>HklM2**X|E@x#c+*|Yo4XN+UAl<%
z0o_19b~+o2bi*Z}i4r4s6vew-J3G9DXc9%~Pm&u^;OP^u4ku{k3s&I8mWa@%)f=~V
zE?GxtYGBR3ambqMjFSkWp%Kij#nm$ouyW4BjxM1dXEK-ZiiU<camKruc_cF6pFE4!
z77Gy+AmlFAv%Ap7n+U;Pi`)Hl9T{>{#?9W|yKZrG6U1;S&)A;XN1;p?<hQ+RPPvQ+
z>#{LiQ(uX8baQ`!*&1?6L^$D;cLXkbZS;AuWS)#r&vo{8+eZ;&Sctq`k9rcuQV^2L
zc67VD1?;(>aN+(Dqg;9x_h|#;O&fole$mqGml%k4^X7MDO{2ZY+V_6PPoD>)w=GP3
z*Wy)}Pm%HJm28&0mIK_ZOvr3%s3f*jcbzVmJsbidCu)Zom+7o#{4!tV(r<AU29<38
zPDLJ^h(eV{EsQtzT%P{2M)V0A%Se5?(O6~gIz2g1lo|jS0gRPX7yL%|Cu9An5w*#f
ze0J%@t^B}q%Z#;_VTiG49ab9>d#~*HoDK-H`O_tNo=lS5rdL|-dkHh1?7qu9+Ck;S
z4$0N>CqbfHMH@4b<d8Z$6Mon_Pwq~wgrw|D^qNPdzG-tx;K29ce)K4?=!At?c+w1R
zMw3sqyVoh-r(SNg-3raDUXi$xNr<UqVpL39>T9#}i<=h1e1qy5BFhEHBf%mAH)ko^
z9K%-ittTojZEYnd0bU$?>Sv>%EGI_f-C*<gyM+em>M$o~51$CN1F$OBZ5iw@)3jy4
zv9u2ysp@9;9@at7hXsrpBrJ<vajjIY<|Vyoi%2h1HWgO)piN&*Gh$r8s5);IYI-@#
zEQ$DHAXhE3(TN4P%(#gTbkCT0r|I#w*4K`N&);JqArc5V{I0N#lJpm{m|*JUXVz_2
zJR71P&jA?nP>D69?qX`|di|APCvj>6>0J-qB(m+*n)@=FZR1>u>WJ_M!)a|!h)UPe
z=kVX_I-wzD=N}2pN$^XSQ>zvrTdHF#<(F&y+=#D92Y#^z+a|i5iDDnsO>-Mp^WUo#
zyC)dayWaMGDG6h-u0aG8U?3seunT3OFtKsft;^Q3Q#W#<xP?SA5aF>`+a4;x6srDu
z+-?}MP-yJ$Wylc@m0B#JF*IA^I#RJD^YmrB&X26Mr!p6~m>b+)*081R>5V|Bu#-Xt
z!Gg`qcv3QNL5sN+G#Qp<%D!X6ADG7yjKWauN25cz=OQzPG}w64J`>wplcV0wq2Rx_
zH@d)Bx0JXP<BxY+&7aYQiU}$g$c30C^zF!NgX^ZUbQ`-Rv!+=6+9Gv64etmDCoX0&
zirMVaHI69W!u2@H&GH)x(di1$g=MzwzPIkZ^ByvwIvKu?dAq5>uXX3V#&zu{dp&w{
z<I9=KSyHsU?@JU(n@KK<&+9Cyn#H&mqkNe;SF3O?je#4-xoF(O?)C1=8f~7Q1pbd_
z+1LsxvD9Ht!=?JFsuenDiF}_Z7^SgUz7R|Hqdcrednls}zZbo>YIUc9zHF(F0pgn_
z)?D9#_!O9~-IYuu_A_Jd7n`b^k=)P<uy#Z?Pb;aD!pv{G_028@kB?-TQ}v)-x1v_L
ze#oTs7En<T1r0K<z#3$IgzEcnkNwo=9kdVk{LBDHIeJ^_ZZx&_Qm-2%gJ5hQ<6(RK
zaj3$2y3EDp)B7^&?<s`yf71DS|Kc@^s^8UD8N>FcT%9@78UBqk+UniV_9E;z0w#Z=
zc^%R>uY)SSU;TLdTFLDVS>Ome)bTnrY8VKM$v18oVBDe@(>A4JLi@CYP@ci2vjgyi
zdf?z_`#1c3^OXS^#B_kQv)l_I1v{~NSV|M`#)~MlGryd76ELMoti*DI6OYaMvxRlh
zU)Id8gH|bj2)oT4;V^d-Nz+92H=*9naVB`eX>){8B~hZ6D^8^@C4*mv{);Xn1I5wj
z+&!i398|L{Xkd@{YHbAiPFtEFB?s~`K&%DbEbdi6PTo8llvS$r>PXW)jt-Ls`H~br
zAOf-!b?#K2Q}}+=mZ}w-%G4hP2?>F7Q!ZDBw02c#DP`3T4y!HUy4b{@z;Ry+?n<Q?
zcuu^{Skj68aw6;;{jNFJ2iIA=_^;yM`}u|nXEtI1r?4c(E4rwue>Y3<2dv7elQClj
zmPCBsZ3)=>{7nuc+}I)PIs=)u<9mXLUTPeh(4?Lh94#5erQ&v~nv+<U1|Yy-M#C_?
zJf=5-mfM$YjzWiifqj!@&%NDAb_0*R7yfbe>T$4MAs$J_G3HnWqo>=*E}+#-UPdRh
z#>8wkU(z6_G7N}Qz6s%Mb$siiXL!|s2N^x<8<Y1;8Y;tAX*LLRkD09?OAhT&VhJ5G
zO7y`4#Em`?@yU17B$sJx+n(~(R#GOFYn@fRWusQwhIWQ$lxWTcJOvJJSt_>(PwYYn
z*{?3S=71z<{`_m;<}G0Xfk3WfCO?qar+xb@Xl)so<o}z{cSyyx^uZbu)u=}vBzaCI
znh<sbusf=;e!TpGm`7Eo5kxslqn~+MJb&^09uf?X!lWK*7njszWrE#dr1zT>x!QVI
z06G`yEKncSJZ*($S&1qSxl$Fmy26}z1Ge>fo6_LXn>pUu1&j&eD_tb<OALD6ZsEeV
z*OD}HWL5Kgj_Gmt!($dVFkElqwZh@;9fP5d#y+IQx(PbppD7f@n}@+c(M}RE>`o|w
z=PERf>x76squOaI^cMRq^z>Q#w@K;Q7sMsyC~L1TP0~IKkcK*!F5ygsYgZ}22VO)k
zoQVzfbv}LE1#CLEB?YI@cr~kUB{jkeF{BkK<CHq>-qdmM0n!t`iFcZ76KOU&-oXLQ
zuk}0+ciE6$rI^iAt8D5bx!@i-BIu^*SVR`tiYv$ba+2n>bJD@Fk~yl9GC&x;F`T+2
zGx(IVOyc?$j@0HsLJfNZD8c&_LWn)c)S0m>81CA)cOyy@NnZ*l^D@&*IBXknD}!$}
zXtuu-ZiFb9P@?CkU-Ll@4=|d}DMV0iVQ}^+z*ZA7S<{s>t^yiZ=9WKCjy-!SWP3HU
zuY5wi>P~d}Rids}tJroIEVuP=CG|eSa4l?k!lEFgY?BO<S)tqP%5~tKn-Usuxi+VZ
zvv=D=n)1<@U2)jZl5;O53eXJcWBu~Yoz2Xto2ahBm)Y6-ZP^po&#Qu5-o{EbLxBDl
z$>uxXngK*xUP~Q_H-gGg_K2Us$?Jq)4mXeeydMLhv)WCuBh)mFN|#q3*Jz~r^r(Dz
zto*iH-aI_M!JI6^FsrcRHI|4(hPSG=nErv`l}9%l+3czZWkIZ;pe(3n<(i0??>0cg
zXIRGNYHn@HX!L1#&byqd+T*1RZdILm1F1}Hyj@Lonj$^J3n>nMhYHkJyIcGbjq5>M
zWTIaB)cx2L6`XC4azFdI@edh7WUu)sgOg#9KfQ`yr`;=ALb+u)c_Z?~mjdyquviPn
zw2l%msOioJQ3Sv}tA42eK|^U%EyNa5lz-exr1JBY*Wy}===sT|+IA6J-S3nn_*|R!
z$tOove-(+fSL8t08bxh5gIlr3bk>5N=Y#x|(duSdU|UUEC%WBsuq6r&b5zKUZsToX
zvX|y|mUfrLONKbo&uK)Wmh>4DT6uF74`$K(Tu-L36iu`@gksene|+MBmi@-jl--6P
zPF2N|i4tIUDmH04=a2AsrGEDCwjT5gbD^-4;4?Prsa-z-+Zxi6LNR%B(cOwJB9&Hk
z2r|}_c)uE{K$&Et7~S-f?(uW9=sDjxPF*TkDJBomLyw>E7o51YhZ%@RCP8gim3}^t
z7LsZyLx;P7OT6Zk9K+5^Yv)IS)fg7MdB1hm2D(ij&PrSY6O>kUnW!*)t!3GGZ%G%t
z3~}-}R{J%i0`iTutpxen9dcTXqSB0ZbnDCFWLSA$%ciwVy5aPKIdb_!xpp7{TQTW0
z<euVc%wiVu^oyErRU!7TInLGc4GxlbS|B~zNs%cYo(u2?Lva_1qip(%T-(>K(=vsD
zCm$TmcZQ>m-G${n6FGzLHN}Q6`o}s2RJk@z{jiZzF3&uVO#U8_MHn2v&ScnQ?MaGZ
zizkVo(-LY<%?O_lB>uz><eo5lqk(0BEyid9*bGSgHaJ&ZMk=<e7{p!0f}>IX!J|q;
z&a0rcOYY}=a?n8GQs2PZfe-bb(W)B2CgjHEAT?0P@YrBW?GT$;|6`?onZY75QMk?6
z!4dek^oG-Y6!Mw^HvIq=U!BZs?+qSzW5aE`m26br<|AYL`VsnBrNsROg!xN3mI1(|
z_L7DTC7#m0(-!<JBieybr$3kJ_yc>R=R}9)d$E8|j`0lBa$sN4%6^tM2*Z*rTdq4Q
z?HcSi&}%02W4TfS3GPN_p|yS|%%}7t1J+V*U5zwt9JTv<xmIhX0IbHTgHm5I@B()$
z7S-sZ3mcupiO!jr=$Ba?Ot0SBb+V>p2W))FCjp?t2e>i2RWVg(9Lom9T*Ud|+CJ*?
zQLr-PSQJi8V1t?SxR9inBrO7S)gR;J7D-iZHSjXee8YKR#4s($b&;Sy27`!76u7uV
z{+1RWud<c$N%p-pgH{NOi8XeHx0l^l19thws)jwLFAA)77VDnxMLRYhIoVeSY)`^F
zt1ox!hK)YW%nc}|n2`bvJ|$bULBhu^Kg4?PrMf%EbZK2Yc$rN1m`}>f&&!l;_kM?X
zpW3mW%0FF)9L=%mO=<?i?Vb(?_<V>7?Eg%Y{@4wrg&9W4Ycvn*><?FO(!y_1pEri=
z-e*h&$k^U?CFE9-OeD(aaFb!1=8qQzi6MGx+W-0)jMZN|Nt}Y?^Qsg{BTVlrk3oj?
z_VV_@Y^2AEr;i;atJk%yeV7-^Fw8z3;Gof5$Y%gsaO6vpz$KZY-Xi#j>w2e-K8{0e
z;P7uiXpU}VTC%f*<c%&bpcO{5#~<>>u>e2MEgf#Q&zhm9?|Z$tE<_nD1i}vffHR%t
zAzf6Gx6Z>xO3rmP1d|L{sriM~R-PnH{LW7C*(QZWI8)CIrN>yR;CHtuXZ~mhNNy?7
z-m<wYsr~95z6ix|z|XGTxPX+A#0x;z$*~v4O)!E{Xki6|<b-zr!BIRNl3?Oz9u-nE
zR7d^z6XE+TFzfI^z=<{EHWxC*@(?vc+Lb5c^tY^uyX#v0?ZqG35}@n588M$~W><fY
zoMF!d%d>JN54I!fsg%Jnl133c$dOaVNU0_e|A>wF7l9U0c!JWX#a?QU{iu&pf+NKz
z|6f1^vmk`VYlb*&0(K3SRN@p1<}?~2ZWQ0GadZ4kf-(yzCLK3#K*83h#?%wlBVZTR
z^PbwN&LcLeG*@s62l24})asih^uXCnMljm7lFdh>51y~Nkl)8Ir+mx+^Hh3oQJo+l
zUnA@#f%^O_Kkw{j5Skp0wH>?d7+cQCLI^irA`Mg)CkW2`hZyX!t5bmwBV8k8Rd<At
zsJnTk&h8<zrJdU(YP}zjN9EQ@gWR9v69``61gkyNfBRIYrd<=3P$pUN`n5$yEP5gT
z#-wf;6P~UIvVC3{CJ70QQCw7kyGc6z`o<5<V%Y3;={x+z=p%EzS<=MCD3;X<bk}J(
z*jcP^lcZnlme5$B{IvanbR81FwroH}VDpRzANjRC4Ar>9Fk>6+RCXA4FM9n4IDW$q
z6!z<1Mz(#g4JE9`BOi_Dehd34PX+}d`fFh$)>)Rr@d>X#d{oZVY$28r9Rcqz9&Nqm
z{L3SP4ky5;G*c3WTE2SypE&g|wyI3@I&e6l?>*(e!+-yNp^*{_RGa=Uo6v~wu!{XJ
z+XVV6Q2k0qDi`;^gVtB@@lvl4RXm54Vg4ta)%)XR=}pF1_Y#T-M=tJ=mnos}9W5E(
ze;e6)W2;XZoFV3LIlxM&PdOoX0rW&`Rori+FuM>-#fFI82e}wPnoM#@IiC^;-*|5I
zM*7a&i0N+OIt|1GZT`IrPAmV-)k>_@V&0D$Yb)fw@%xjc(jIRj_y0z$6VI*&o^1mp
z8iNqF<J;%K9m<v55>F1|TkE;Ujkl-{x+<m@l?6+@yIb2XZM-kKhF7Sc@owF){n*Kh
z{CTt8`oT(!jVOZ!X9btT=tsyQlq>UGeV&Mm-Edn6G9a+k>$OAAexrXyki1HOw|(d&
z2+$D-;Q@@I5nCY?oJnug|B*l7)Z9j54j>JfZETupbAxtSH%s5+BQB51?{(8~EA6k6
z-K3tzBa%GWPXE<}^f92`!#?!Mu`_X%gwO7HM&o@yb@H#$1%Osc_7_W6mr_|1QXl;D
zD-EBli4D8l15j>kISx{Yfoh$+dU4d6=j&HnSb!R|X)H?V7UgD_d0d-<(94F9gpZWw
z(yL6a3ot^6@o4`=Hz}ZWQwJCNYz2$PC5xloenkJK)`#I)qwj7^Yr3r2=gGV3|DA8%
zzvIT#Km6s;b>2at%(f-5c^fWUIuNr|!9)3C=rOQwN3Z^?L=o*_5vX;usCGQfvt(A;
zYc2AcNp5B*>Ku}}c7astvwUH>8oR3#bdt#NZsZlrUwuL^O1M=NBVc``%@F;W;bwg0
zw{)e^uQWTb@i(;;6orI8riYXz)byyPadRs&Oqp!=3e+wlIIWVhZte=Tx53<4#YlkZ
z8X%gn)1%v#3L64`ZXXK~5Ch^*Gv<7Bb-PRIUhqcK5XdLIQC}#*bj*DZH<(nxe(R62
zmeEC(5l$vq7SCwS@o8Eod2I<t)w@B-^z|4M6cFlgi|nvvrpB)3kv)?x+cBfvmO^y;
zkB+o!srSC*{+#bBZ6ZXr>68WG2g_^Grd)>=llC^(+({YAXV9uv`BW}^-;;@WwFI2z
zb5xxhH|mdDWID0ox#dq9Jo@YaE`qZTKG_VLzr^y5m~>1#0XtjzBu6l!1lblJ6^$%<
zbbOH(h}xobxebZ@0h*|5?75&Rm`-dU=((8hLs}#C=UvzWkow<|M9RdzZih^<2q4#1
zMNYa;CcSs&vDzFnJ-OMd>{J7L0zm+Q(+VN8ttI9?oRMt6#dNo|y4QQT4IIn!2aP2F
z&MR<3g`CrC*uSnG>dqe~mR#Drq6~kNGg6!iJP1LxD*sFapgT<)Hojh2hrE&jPb54Y
z-FJW*y}&OF@lVD-jeV}P543*W8~lJ89srVPa8=!U{jUOU_ZmsESFaGrWW+_(#a!x3
zIfT|OZeY`^_6AWKrzQN?y!x4hCHYZ<5<n;btvwE0-RpChYXg-SXWx}<%koaKuA4DT
zR+E80uuft*#_C&{URE{BqNSsGnio{&@O)(84d&+(4~e_V^th%#V?7i*kCk5hD&Q8H
zWgFg<+b!!ks$LAyUlByg;<|+T7(Td6rYEsY&q`ay!3kI+-pwm!wW1j}>L%wD^Yvk|
zrkCOXD%@bED5V)gt)kVLu(n)*O4TXW-b)1q{hRmr^4jk$9m}srb@2w)pvhH#kYAxa
ze=+Rjo2h(SnTzgfNx8L=Jg;R+-7a-lb;z6G1d-nD$gz~s4X%u)R-Ezp`}cGCbag!H
zN)e1FTtKZuklAe6#FoKK=Bl<NWRp6HYsz+km4MhPeEU1plw`6|YCh}Pvaj7aIWd(O
z_Bg~`T^1BF=Oqcm|NG+K_~nn5X`VH{XLPn^btTx6-If)^(*ku@sh-7}UY?U%EvP5y
zgk+;lN_VCj)9JB9>qXuF&?Fcu3$uyRoOoia*uPW{qCcv~9vJ{#?rZ?TTZKvhD{xO;
z#o^6gGXi2>b#`ulUsuoXgl!GSXqG2ZVSpP$uf|XcM!3WI#w}4@Qh(fg7NKx}doqbA
z8s?NXGe@QHAO`kB+S+Ezu42wx<vclb4%s2uREl3Kb{F#EH#ez~R4C96QKj{2#szH}
zn5In9jRt9>$+h(8BDAKNU!98fu(RKTFdZ>Z?$Jtp*zL8_p~IW4++5vn?E3uq_j*pr
z3s@!fX!A33D_E+1_GVmDevc;)_bFwdN`f;3Y=Uf?YF&5Ao_KTk3yT;&)CvmhTmug|
z$XF52E_M~Z|Mugs><RE2d;s_mNG4MQfjMb%d?x8|$pxsEGyctkvUP+n_D#_J%o8p@
zAUs9w5=y{A`}@YaUO}qNU_QD=ogbekbu|*VcNHLVG!o8yuz=*72mL5*qXTI!qy(ye
z)O}L5R=>92;a@QS7Q+}Y7)6S;eE&%SW_3QSUz8y&I`0iGkCEKqiIs<tc)MFL6^n>x
zF+}n@e7*99xekg|%ty!aQhiBN{+gs9X`)&7k$_!^YcWJ(mt|SvJgeP(ykciLgmXSO
zH$HExJbOi_?uWN1MMUAytbQ15_YjD_vhw*^N%j+Oek!qBQjdp2DzPf%33TlQIngm`
zPb8=dlIWtJoYQ?jGZRSRRq0?xyVdFA&@z`r%0vNlu44J|$!cF*meH#?Z~}M4<CNx`
zS2uZG?MN$XrqE|G8B@w6NYp|~24N^>H__pP{?#rTD?TzcXl_MwwW~FP-4HIyM|0~4
z_sgJM>g_o=^NAyU$gn<tNPp2U2c)bo6!pu&euC=OVJ65RbuaQW*XUKf2jdA{m-+>7
zsxWrcKYz9&$sc(nhvyG4FnIn048*=u?~g3tw)|di+h=6jQp~*^Vm{XmbS@ve!%|$u
zbm3APdzTrT+bM1dRLq{E=1PgCY~Bd=#4K&KCO0@|@B|M%M+yv#Vpp~B*AUCx%ue68
zzqLZJ^ezaT7*VW)&AnNrVQ*!Q@ep_Bo(Lar>2HwQ&}B-9?#X0o29)X-m|E-xeEcqo
zZKqY;dP9dc<WpKKKuc?|zQg26JL|DJl?VQ&`x@mo^lp1t8`WaeTE6C8KYp0sZe8On
zOxw>iIkV8m2^`$%Z&c|DBWl$5z=Y<oJ>7w#+47IWrYvI%q7Ts-%}M(o%2^gg3ibpt
zfOVyk_z9nE_y%HG)x4LQ=<F-1d)VEaG0FpSL#jXb5d&?7bnuoeGLs4kD-!NCC~?EV
zs;jysz3T&{=er}{w>t6y<o>x<xWZ#VGj!_nY!~l}zpErOdOYdC%_#F-$SI`Fb(Oqw
zUzM5MqJPQX*p6d^h7lWnEr)OwbkrGlY<Y7>rO)Je3z%>GQYR$(M@?~_z^%^=gtT_2
zRVicsm8oM?Vu_BgS%P8auV7<W$(3wqIwQ0$N|>)VP$vW#6^!o8qC)I^WXtV29sbc%
zNF^VcFs_$dQ9P{)IEs0*#+~bh?ziNFzuZ5H!zgNN+spPxEj52$@g~SsW=oN4?P6b#
zbDVxn?%)_t<ILX;fKNpA+OkM*2%NfI&OxI}@^ChN)ZN@+c47V^gCcs)!pN_{G($|~
zQh9o^!FK7DoV!8wvkU5$!-g>C-!Cm6IyEjwV0qSr;qGaDnM!O9gP?(i%7W-3;%>Qi
z$~g-WOnExq{Zr<Cl~||#K*WC+)gtp0`7)|}>>ffPe!BHxxe}v%-#sMa6``Z>$0n@Z
zbH;4ll(6rU47fs3zEm)sGM8W{>ts6Yz)%KV)~*NaDT9^j@GAXy>w87TTd}5Gws0*{
zL#7p)pGY9|_<{B#Ea}|OizaE<)@g%)W(MYmz>2CeMWlmwJKtN^mpgE(<C*Um2VZ%M
zJ;h)M9RQ%?O3zIKCMzoURSH~5az;2wu|{02)Hv|=CNE2UL66Sudo2S${C5_vrqok-
zb_E^NXZe7I1ivl$YfRFBK8R0LGZtH5A*%1ZxvY55)mWDvcB0Wxm<c6&5fauWW)D6;
z)8l+dH1E7EcnCNM0!sm6OFB9H)_(@{T;W*0){NB?B=vn}IBGkn4fMnZrQPF=@f?pw
z!g2Oa`LWaCI=XTHY8}mQ8E0A=Ya&ESF7ETo?0E>dN437UI3Mgpv-zj6pF-`|3UTm4
z>Ja(}osdC+kb0Q%)T${`V5xJ0AyQX{YODi}&q?cUKx;DVQ>32I-}^1Si9Pn8Dd!s!
z`5$S%lQV||>XID5PjkVH#hTlnof~1IP|??M3$^^<OUk`L=+!O1fn_2nL>r=L*pGr$
zK7;?~*tVaDzaq+ATBx+1K^7;0r&fJ>+z_U>SB?c*1RY~kda(x55v3+d*a05N!)@~a
zYc@v#bhQq3JT{EK3)t8Hna0-ZNxnw^TAGZre)m7+mjA~lXD_eOBtGt?0MXE2L0>Ww
LisBWb#^3(~IGUiA

literal 0
HcmV?d00001

diff --git a/scripts/automation/Radius/images/mgr_running.png b/scripts/automation/Radius/images/mgr_running.png
new file mode 100644
index 0000000000000000000000000000000000000000..d278cc9b611284eec1cd386794a24a64946ddc03
GIT binary patch
literal 29784
zcmeFZWn7fo7e9)Clpr7=-Ac<)(%m85igbu{Gtyl{w{%NMhjhmv9TL(hAux2`2R)wO
zIp^N{;{WQtxqd$5JoD_m*Is+=TI;*kB1B0+3ImM@4Gs<tLq=L$1r81Y1$drEK?43K
zCsTh4d_8bbkrIXbJVf#X_+e<GC1WZt561vJqrg1~GKWLFuL69CfDarTVoV?$GVuKb
z_$XyQfI|SjAKaH`!vCp>fRc&u=NWDuD2EeK6_b$xzEzFvO-!sE-q|>U3dzWUhEwKh
zT8>)suXv4Yte6dqZ46DAU9D{Io51nA@&b=mCXNOau2z=T4!o`cRKIHQ0?+raK~xmK
zsyJE*P-)34QHa^tn^15vvoNzz38GO@Q1IIuoARoNOa9dy_$5H~&e7497X)%~abb30
zXST671F`b(@PJs@Kx}L;fEq6xz}Aiit}m<|sDBgrLr2`i!N}g+*3sO?n&O_WfuW6)
zqW~4veMf))`^~3`tNH(WvUd1uSik^5_az`!W){%jw1KAl_iuTX%w0_^wZ+Y?0Pz5Q
z2(q!U^8c#;e=GT4kN;??^}m)}T%7-G`HzzSwp4d8u@|$k0=je*{NK#{)%c%<e>LO>
z-H-eqlK3s=UvB|93!?FZ{+=^Iw0SkENjNxRI2myfHP;7w&8ST#>Q0+p!s2vj?=p*o
zkPJ~p$03Ho=$Q$5qI6ifgwGIhHn5O<P?YmSMd0Bp=n?v`I#Q)kx<|Z4u|w3N=qYNu
z)j0eNCCY`e(1^}eDHyKzU0N^aXZI&~&UPL4!Ta+ri#8sD`)TGGHQ#Rc%u8#&3AzOI
z$I`Z@B=?ZQs}?8>ZhTFS6*yn=n~|YS<M_E&*CyG9LhyiE9}(h>%>sWD(iVC{pO7aj
zp}$x2O+kL!@n6M~nNNJ;8C1DN^eD@3PUp;!$=z*fI+wm|rtdIbFhKwUe^+limuy4o
z;4W=V)br$VJ6{f}av0(<OHF7qB>uZMpz<*_Jfkb7sE|gO3ETe~-?L)m=Y2*2!T32e
z`49f?TRey7#Ja3}%@p^~?!2)Hh!HLSU+V8`gV*B~cjWp%V7-r(=j?wha6Gb`=CaW5
zc^Ia5+*a7COFCg6P6O>JXP@mUU>B4Zn0HRWG$|OIEq*E4oFZ_vduJ6|dhth0?+|@_
zbVRh8T<thLE{`o+Z%!=`b3F~ltiC+vS&On<^f)7}GSvC-BX6b&eAL5q$GvLJ3ITI?
zSi1*Oe^?2jO{h&wW;ZkKC2{zAfZww`3A)?A8!-J@t?s-#$}XjIiO_Q1Z+ZC0>)Y+s
za;s-)H2<>O&lx>S|8ErRUyeJ(5KbjbI07X;ou}VVn78nlnS!!D=Ys310c<EkNT~5=
z!%ihKnQNv;Mu^9pRo!6ztK=s?qc<Y>e)eq)rOheC+WX=kW%@ma)_%7iu&kNXusDKl
zYWD2pCF(+d0#j+3_}009>10Ax5syZ~+~e{`K~*QFP}2>`Lw`LQ!K>XWi-CDlHc{Hb
z_0XzK7o5l3OWw9Smpf&V<nnz-YUoEugB<~n{Kh_X<7q+&t*Zx1YiAi6*Aw2z&N-HK
zIE7(eJPk)}hQ@l4uX?jCC!3}JXuM5MtQkK6>ALcyT-{vEEZnUc5f-Cj3c<!Z*62=0
zzI!EScpNT;RSpkcOFIv)O9i@d-IfJac1E`Fr@CC$EfwOkjfrMlpVOqpn9`MGOdG83
z?w8d!s?o4=ua>op6os9c9Ff0CdV7>czU|CSMcXr+f9EkDwGqzc87}~9^-3UhxSk|5
z+2?vPRG}kuc{p5o1WHZuu=%ODG8dli(osGNk@O+lb8Q7#W(+2^nAhGS7nmy6&d$>c
zxn0t&?J@y-hX57veJMre?$OzjAEqg>Rkbpw#Z*bAH#LFodtBIaxde2%PJcnC?Fr)<
z<*i|Xv+tITd$j}U9;Y*$Alw{aG4dp1%HsNGu}Z7e=@8gXXzDJLK6|yD@EosGBJ63v
zDYA1cjXYZ5)4)|NY!7e2+S|*W$WJIvhX$|Ua;}qDo`|kkwqb$SqNOB#J>2+-u{U_~
z>6S<6_2#M1j4uXCy=?q!kJ#Bc^==KiNg<f%sJBmFcs3iohaf-_<hiuVjCje0zWi8Z
zkJ}>u>Sn0*8iEcX0LtJYu@CPyyDcwiIs03jq3NAtr{mpTEyu5;@W8BnQFkjxn5anK
zrTeu5m!;RaV%+bJqZG}MZ~Bilh_CJ>*@%xg;U)Fsu%us$L@^yk+V_tu5Dc3aq&?+N
z$>m%2$6;%V!U}BX-6<JwdCbLlOX_uf*e>Qe`0|@^MP2Q<tT48m28I$uJ3#nxzgnC#
z|NKtAPDyZ50%cSvrH~|k-Nn%mABf;{^-V*u;eh@AU6u7=yG+~rNd>+=4nsx~d>z~N
zVEDfCDkwuSqTgoioHg;N9YXg_x?2Xc)|~#XwQ*rKFWo6_GTEzKT}e%-b}vwb{%&hZ
z45>5NSGoP#Kek0RX=Sa<UC^j|sn4j4V8a75P|P|nE2^DfzRNXK)A)9KqPfy2a+b%n
zdqBhW16~b!r|v~W_Z2}?f!FHBNJN;1agQj?ra2-+_zY!&4Qs_xDN2d|+gq1;+p9sY
zMRcjAV3i)8ZGO+XT@q?<B^unTX>JMuS-Etj39YOp`~X%JnB%0nrb(iXy^Pj;FkZ8J
zLy?7O0q3Iok>zZ)`ChJT;@ON@#_3Dw=;y|tvyaQN(M$Y4UAt;gF09^0OOX+t|9GAC
znjV}NCwCF>D)Baj)ku;Xp{n_8fsgNEEw<|AHy!o~YF&MnhUGwFHe92Cw-qivLLEK8
zVG_Pu(Mz^dq*FnXDu)DKGnZrAa`jvd=RzXn>D|h`H7B2-^=Eo*5E}2)v7Ec4EZL!q
zLfr_1G6n^7=IIl#h2Fk(KkTOTvQ<l0KN;GgcOo*uQ803^w$J3y$0PPA(oEN!)WjC_
zSM)e*TpV1%s<u7=A9myW1((zc)1L$!D%?~WqKsO<Oz<Zz^|F`T`e>wM`k5X-*LeUu
z+FaC->EX4lnt>MhcrVC8Lv2E6dG49Vs*QF3#=-}~gOXmTd1^1Q9I(0XjuP4Ut5a(D
zuQv4@&7KmY%&KAqIpEHRfj5RjV$Iftk4sxGRv|*8ygN7A+!Fnf`wptZ+?y9(X$_JG
zU7KPKD=g3Gqg?myvQ6Hl-qv`CYK4A2`I+HmZhC4K<iUBsgr>^CV0KIPEmq?#PveQ3
z(9mN6TS*i!{IFO3>B6o}s{nq*qaS9&m^=*{dLHoysaQnYXrfOwBw8HiJvuvzS&o^L
zJoL3*P?GkLp5UwE1?CPWX6=%l1p3HGN1~u}-SlZXYJ*>O7ci7Xvt=_pT0#VFKnM!_
zTVfQjdD3+98Y&;vZH7#Zbm4F-z8<6FN&voYuuWpRQEDdK=bEY40p@+=>ro!q^G`yF
z3`pse=|-vOZ*_9wmU+~rp+&`?iC|q=O4maB*7eJQ?QpY3kpgUSg&DWU1tO#ETEY)x
z`opeOpm+mB`;V4AR_Z7r2rS|=lBOtPaNWe&I#Q%gYK=O%c@e|>M_+5H5>!67F`Z$G
zJ)u%FPO+**-Lxocc6L6Q)C}TR4y}nqY???=W8NkqQ;Ewf??e%M%mdDFOntN(rM#nu
z7ARXxy|2{UhnhFx_CAdPlhnxFQE?AhY&%|4cXaQRHLpb)U67!PU<zw*wG9FDE1Adf
zDCf}pQdJL;1)`@vVQA5ISgpURx98<|hv5K0D);Wyi_Hw1GXaB4Gp7i8r*^c5UIfnx
zC`*LLJVPO$c)^Kz5`}0Lvv_U@8}n5ZR~@>o8Clmdb}v?E25;Q<y?C1>-(gFlFcO1a
ze6ZrtIP^ry3&+9EMhwxrW)h@@NbQq59~4vt+*NS973JAhsrXiS`*_<OB+~8^LSJ2C
zDx?tM?t3+C$kiClDQAX6-Yt8GMbMlYl6dWYp7Frsf7|fQaIZ$=5moE$<r}NfXoQcv
zCgGN`8YnT4=Y&FiNS+h)TFO22J0%OA8L<rLLC=5Mwj<d=cp;?y5-@yS9Z$=xHX8n-
zj)MNCBI82`KzqAH@cE2^7>6ybD~4OGsps*M576=aM8j3WM{Sn_@N1j53MCTY-^8b@
z2R?lCv>I<V`<QFqQB{fR@OVS>dFa^YzKn9Go6d&BcdNR2-<2di<u-2pSeE_ev|hIm
zHh=p9JdCE)S-A9=#I<6E#Pis6{%X5ai)~cVtWLi$k^FdypK=%9?RrVSpi5@pI`$Vw
zmBraVq!|@rX@{do;ODGX!a6iGiW~Xts=)Vz(r;~vta3P+otDnF!l$ijrpl~tyi(RD
zCb574{piORQzwZym3^meHTR=)CC=Lk&n?Xh7|dGMgFbSAxv^w0hl%488aXc5*w+}>
z$P&i-;8Rh{Cm}-Qip>o5k|aaH4hqlo54r`+{yclvajFWal6dDm#Y}}48hO+l2okYT
z31t~zRRjB#Ys~lEE^_TJUQKk$<LcZVJjq#FaNmgx1ow0k`AMc5=1o>*Q|r2D2#OOt
zUh8}xve1h)x{bPE2@5)1aCj%N>MaJc-Yncq<8)>$yFM(jS(s&3RX)cG<!2Kqmj9qP
zJu)cUUdK#ekKS!Ui&6aWh@6*k4&3_!LGQB(Nmnt?BTtxoOdb6OHTo>3MXF`R1+wUN
zS(;~OxzcAMroiWW{)*#ZjDczV-#Tv%IwCy+4B7*Q%M-)iz}%nHb=$+^w<W(E37XYC
zRzp-G3&YLKJ{yR0&I=ee2qJyTpFdB4ayIXxcc7NxG^O1h7X0n5pEiRepN{SrrTc}V
z>yIP<6~<7!oVccAUC{ayQ)0_<5f*end;GkFQLsSKPrLp?1FF38W%#|KyO3w(QN50i
zSan8aEqh${kr%G)Y17hVI6bGeqfml8Qe^s%X^cRBQ1i)DloV^;!p?+w+4)3aS-saN
zh{Y6-C@vIJ(#*1rUPnPvPu;_OJ(v@3d^J*ttS91J7iY83$>)3Hev4a_53gye(WGQb
zT}ssR4WEuz-v!BjvLQT(Y!C&bC=-JGkp&*V6}5&Et2WJIF;1z}nnWEuUU2!@$<;!B
z#K;$U^w8`SpUyql1tmPxM7=(?rNRHf!Mc%i|1|QG@oIB1y}fZHdt=Ct-qP^d5(tO9
z%lC`e^5~Bk%OzCh@CY<%9r?WdBd8hqN88VWG6)|~kC5MA+PUZ~2HD~(^bkB&Jk)hR
zq0@(7-@O<g2>ZNgA|;BNNfiL%--0df)h&|YQs6FWu`(DIu%HTb8o2_(M-F)K&@${r
zEs9BpTgd_Cm~T)A{V{VduihJ(LAmRlIJy0`NLNqP7nEJ%xp+u#xt!Fle8`KRvZ<+D
z;8b?!yNDX$7AT}0i#oB0+ld>*J&<ToKhZ5vC_V@gbNN8;kmka-jN?V6Rm@Sr%K79(
zUFvi?X|*}7VI)c713H;t0?SxReE&`Z4<=#&-nx*+gzFRrwnOXMV4X!PQPB8==a&<B
zsGw|Z({`N1`e=)v_4yRIV6L(^W4-Ajqm`s1ndOOi-B%t#|ECq9IUWyR?<swZ=HD0y
zptS8A#54&a<DkCk3ld5?%wt547Mi)knc?L7`d%$=^lPzl``}j;0-w*=S`|YnbXV6N
zKOHg#01Kqv0F4Z)N{9y@4I4AG%ycaG6`mGDGjMl=5|g<~v%c4w3=U~Ri49&{w5%Ew
zjnR_np+>`8nMb8I%!8ANZlYX?Mb&E~h_cJgX)2^N=x8l!GJI;X9y%VErs~{uK{ve=
z(easug#KslGLOMiD#JEPLWhP7d$lW(!oaeQ36+KJdIX14y38)@S@8?EJYIsz<fkz{
zQLpz4on8k-ita<vw|GzTCaIv~g=8v+quVng$fSq^<)K>Ydhf+9VEX<pVg!g(0L`h2
zBIc-oNqBU!OWyUexuE#Oh-(_Sg-r#2sTA7;Zju7k%WL*HDQs|eiiVS3uY&B0R&zM3
za?cA_W<d!l$OEVdL}>kIfYNkyye$<rBeK$Np5hC)CRoR9pn`ZXUasN@j5%pY@b2`$
z4cA}%usc2J8IId?!!g?Tt8Vn0^y`LBezjGb<erR{uS``r?4KIwO+GF@D2&yVy-4i=
z1b-`;IfW)#kd2iS85D~}($r{2ClmioaAV+`>GT%Fg)HDl2yHq_WODrsKe5+_QpGr(
zB>_{KG_fuopW^ElrH(||1IL(1W68tVm{-%ty3XJd8L{9;NI_#dZhJNDu1f=;gE;*7
zGbK~y9+nTeI;zZ{kBGmh!k~#2pL8xbOup&MYEv5Spdxo#Fi;(%NZdl$hfs9g#vH<_
zLY1RmGars)d+K)=JuGIYe`XTHeeg}!?Zs|}J|6M~D{R`Es4g5gT~;;FfW)XQe4+X!
zA&vUU<2&nZj>t${HFTv}Qmd!yZ>*kNn1`vK<iYH}d)?j4A!TtMCI*beE#n;JL>hS;
z8ISd<?1a^d>n-6_?(!*<hk(b2O}ch?>P07z!Q-C&d>aV+^;WqP63Xv%nB?Xix*Lw%
z9`NmZI`@84_2e!MZqJq|L$*0ft4oW!abK3Byhd98nDl`&u_t3pr`}dssUc)tD$As5
z&qQ-!KElAP3;|70?`p<1=d4a(z3%&|w6qv_>W#}*4wlLkUR~MEL%LB*W}4%?cUA16
zbScRvx9J&o@0KI0=BHs1Hnnk>x^B2O=t$7~gKS<Cp`Tl6olqo#ZRFMCH@ILOR!5ep
z^F1VVT>87+FxQKCE;de<)k4~8+8)B0^A0r~eDDH2L4Mq$?=y^9ljz$qAR=Y2OSCwc
zf_YHdflNOmGyX-78*iJo6HT%^2fSovE3hf)4}*yVl{``7g+okXk~4*3biA(b4_B~p
zFhI9TUzH;aMYERDabf4$w>s%cU~X`PsEk$=OvDrxUy#JHR?JqYL%?A7MM>#^+n)Tn
z1lvGP2z-}7oQ1Uc@npVj)d}c1C~p#23LmC^NPp*&%`ac=b813OjDmzQH_(-fcxuSB
zZ36fL#+k}Md?G>s{?~K($x$itG%p?3a1qgZWHfR{9@pl>*VJ4U2Xuq;DujWd6$QHl
zt?nOQa*7vklY$!x$JyNL6;s|exgM5t7TRl0CXU%5@&ybSyi*$1*AX{4UmLG1B+QP?
zo5HsWu@kil5iBiZ3~9ZT`yRx-83_PO?uW^O9v^75S87M)-%1BsN4ndg1XwAz<NLt)
z52a%@ba$?gDlI(I2oMmv9XAx-1n7y-ykI>+uHoeDbzCXg5q*toCF*njWSDnU)A``Z
z@a1Ld!9(f}b?MHGcfG@wqb&vTD0!p!5EQ8knC2bpnxAj!CfzUr_9ZK4a~TI4K^(sO
z?PUoiNPz!*nGHQch<9mD_K9aQPtC6ThMEC4-Q>Z~+-j(6rl551rit>08Kt2D&E?)m
z-)?T|lr<4k^vdfV7%sZ%Hm)DVXKDz7U^8@Iag9EY)VYK9d0D;ATA2W8*3X2`*K6yr
zntPlmtPL%eR?)N0tJ^|@ty_lNt_wR4s#L`j@wl$Y{&1ZVcjuf@E{A&Nygv`E^H4Qr
zC}x{cjiA}-UG|bHa%{A8@$^}8hEPEcjQ0r`lR?qrLOP`hxh8c!Vc^^`EOn6`-Y;C(
zh*EO(0Zqs21MXEBl4sj$%%?Kt_C79?Y7xS;=mU!%xfLP9TN5vZQhUsV4qHC{LLBey
z89aC#s4&HD78As<gdsD;{b-%aG{u&3kB|agZZY46s#Rnyy4MzKU|KF2q6pf`Yn7vu
zD=1HNR8Rmc>wBzFGSdx_CeCL>;MMAmyasykoM|jg#fC{n4yj&VWi`;nALxz+KF6oc
zf7XwM$eS1Q59s;3oFyIm-7cf#Dk0*4^<Px~v}?lxAjj`d{_y*U*gI-{ge;5z#s9u9
z_gUin3s3#KYhmIC#3)vD?uP#%?Tvw0_fI_Z7wuV;Y2kNb%Q*jLP#?fI>oNXx{s(Fu
z0bo{9Vzi9^zSl=+xBA2XFA)Jhd^mw|%qpFC{X-tVI3z}~M);f6ziL-wm-~zacF_L!
z{j{(x@t@BBj50Ia8^fOySCIAJ5H7%)@7$lx{~o0kFplc1gOK}q`zMEhh>`v)%KtMF
z`<#_D!Jq{-Wq_D_;C$pcXP)sLkBC*dEP!dRx<Q_-NKYWI68v6&jut6SDrRNsk#Gr*
zj5-+oEsl@k`l2NiUsHM5`8JY_K6VW@5sB*`u5`~F{}`_V(C#vk&ql*VbM~b6eUvjT
zS3mhoAJ!j_$yI@mHo~=U?Rw@7369=fem_T-I_|<zWU>O0xdj=mGu}^Po2!U^-XYaH
zCNo{IcD=1ZQs(FSl~8W&E0R@x0Dv7x2X7=>{`~%B?<&Wm!}!aj#v7Bm@Ah)1z!@3t
zd`g`_uKU&RF)!Vm{lE)^A!81&+v{CGO&=h0UGjmt>j6mfZo1pge&-pJM08z~X{CKd
zp&LhM0CTSc`~CoM{<t&%W;A+TXXTR}J7F(TW;|!p>fzk>0NMY|H$5+p>vy8*1%_HK
zuLv+$q;gta!Z6p%#-$p&i}iXItk=)n?q|s-B($ymt%z3jJ7woyQWwNd{jppbkwQ@!
zCMpO#O{WwYICtyt(|jklFsiQC&56{D;pichfLp*C9|Ul>#$5oV!f=8C&?u7FyUjEg
zg(0#W)Q%B?XGL$A(HRZ~7@Pe3W#%h$4YkZ(ePR^j`XN=^`mI}PbwiTaDsJ%OOGbkA
z`8d#enkS)~s<9K%?~S1q*jBG2B7A-CVc^?Lb(nq5v)^>&8x#7CxmDJ-{ULt!_(iTZ
zVuaA`dHH+WdsOidO`#y(n+jFyr7){0p5gXHAz}KcNTxNkJ2cpw5WbLLiV!Ekj{MGS
zenpIqxLBQUuUhp-(c7{u*WEolkye}g%?tP$dP;qwf_7HIKts%5)?zGsAcXD0N?S6i
z5oWCYa$%d;pmP9wOO{XJd@)|rVU#58GVk=w5*kOp?1Za5)+@_&QNio|4a>I|fYnJL
z1cr`a8qo)k_%<zO!{H0+GOh(zYBvCV3tU%!ew3eLO+<4;6+r6ldRINJ5KBjBkAvi0
za(LtH`<RyC0kKV!ozkw+s<)=nYnWR6H+9Xoc-vS_MysIVf^DKEE&wQ0N|crJ*sU5C
zZ1`HVU5#c|6CT&30?oUgg|AhZVE&ZxFEFs0w5d(su@i#}(Ma1sv$>W$o-x7Cp+8fd
zceV_jH+>Pn1w|x>6uFoEmF}uBXGz50Orfb-w&4u70vM~mvkW2X!)K6PC}SDP)AR&i
zgFd>;L~<NgHTC^mnL^dEZrs(Jcm#p{yjJ{WG3j-e)~k7@$09pO8TfkctigR~OmQlD
z1p5;p#z3sS(|de$^D>d`RE1f3FX1TLZGPfm)2rVn#t1Pyf)Pb#R5s%0=F`~+(VH1w
zg8q%R6#$BfB*BS^C!3JI2f&wvI2(#ym*bg9227buS+>h2eq28^-#SfN0&Wou*+#?e
zmz3Fv<{jc9-E?ii6ixIA2;KL9Q-2r^jCcD}&MdeTaHbeg2_AiApTjYa|JvuD-Hk}b
zxaW$R#kb$&pw+VGqf$Hd+5)37!#+!?5MS4o@;O)|9^Wb09;M|Ta;wh~_lc+D+)%j}
z{H&y`?plV*XDtmV$SCe?h7ZAj#G7&t;*1jg_#RGcuFYUW@Ug`WW@)ynouNq`|Mt1%
zayyDvw&FB;B+;0nNT(X)+Q$+RjtH@zW!#UAa5!oGA9&VfBr4lnFjWW}VeOGR<ET9z
zTU>r9$W6zxLOI*(gG`nraJiLZmD<>D7XESy<vM{$`$@!gaS^D8Di!{Cd^6pR8InQd
z(EZG0SAABY*Lo)#M^T9V*8%Orfr!*2oLTQr5S+wv;dda)TDXpiS(2VrK41|}EBC_%
zkY=XwTJtd7iY1*y*4TC%p;;>H*PW1M3W?wxSV!>4jaELX%Xe0tC-_V=&%;EWRg5L0
z+pbDn^h4qO43jnCSgD>eX^m*G8G%)X^V&4>6#I98b&n?dEPY|Rt#GAuQ)S|SY;&N9
zgWl<*uY;^Ew5mwwy<2X<kP*W2q^2H*rP9{Hl3|nqU9hnw=cH$srqnDC5?r9Q<-073
zmF^z8_WF%4m+<>N9#Iy?8SG{XEO4+ruhZR`J<ef<0RD+4+M*7nA1g-uG`SOQX}s!!
zV0XGVsyA=JI>3p#$LiP8ejba7QPhDfk<N+|ljFzg6NxIUej;(x&mAmqS7O+Wdo-Ga
zFQh22pU<oU=1cp1u{lcWXQCsD;w^mGDII#w3}yfcMXvT^?vwhfWYF?AVBrvw)ijBI
z)bxezZ<f8hfO0SK$P%0#PW7IFHE7sz1d-q~Fx029(8$uiQb7ma#^sL-xE3VTFo4cU
zoTm-ijb_7rYynqez$N!iNmT~}Jfo<h;Kf?GEhLUNeBezWAf}aZxi9`RNW_*{=zhRL
zW-NKC?=2crR(MLCto(CrG!jonpo}+LX$)yb^NFhE_bt!wwI&B!$r1DV1d*up_c()F
zcY%UO_f43mk5A@ErkXnouMtATWIVT8Wl>ADeOD6hZxAQt9>j6l&JMZ$+WGq~O`v39
zL4uDZM)Qu#Gm+T6K~I1EA@a-Q4TDNk9Ql#?C5g$SWV|A=cMp$O$?xh%OHiJBhvK#z
zWDa=MEqb~sd9UClv1y>ijyUkox-5FQ)L#8;MDBcl52QdJEf~cyDC0PN{Fn$UQDtt9
z6<WD?UhR*C6RknuI6uLvL8Dz0l@$XeUw24znnKND4ONw*{~55Yuf;*5HVMpcX@^<$
zr5nVI*4@^y?;=b6<1_(r$YrQWF>hoz&)8I97{h|+UmD;EmR5x>>{foThX>_hrVLd=
z8Xi340bp}vbi4?DAazJNk%>c(TktB&6g~(uON44AiIRS`LC>k{s%HVd1G^TOdo0~9
z|2N`&;cV)OEaFkgc!)5WthlCwsFjKZ03Q#mcn0ctW~j|IXIT|RqY+bx?~1jr@Q$EZ
zh#;~kBaW9e!7eDQsA)xW0E$;Y&sVVPdSp)i2jq~iC12CW3l+M=y?~A|#j>_U+97Z3
zD(mBgVKG1#87JFWglKZ706bk|dED6R+k5PDr=lP=_iC!5VYGsY#GcIS^8oAx3<IoS
z<F7wn_f9k@eIO72txgjn_UxgFk|-9-r_r&gh$?C2Nz3+YT$e&naNh_RRc?N?3GH2e
z44Ca!N*oumD0;Xty%>t0J6uqHv<Fj^JYR?k7A=rZR>PM>3I(MEE2poin>f(Ol4ViT
z8Sa|slRv;={YK~6*Yzx&iXCi#o++Iv?u%E6AH9;?zE-~)!6-X+NT!!!FpRhWW^o5R
z=As{rdu>C79JFXbR<7Y^%1TJ(o#QfsXkH@s00pTkS4RSef4z6(nA)T{!w@}qy`7Ok
zQ&4{9Ws-_U@bo37$Cj9Z7i5fU#<MGydN2BP_z(2pfnC;o`npFJvzWV2(ajj){dZ0k
zR|a{)Ky@Qg_2$mj6yCvAKb1!(vx^9^d3UFaUU#)3pW;PsZbecfj@aB+9JzT}+6c+F
zj0#V>wYmtp%<^VjvJcre-o8AI;o3`VG7>z9n3Lpk!X8+@N9h6eVT;Vi&Vr)ru$qq4
z-IP^>JIP(?vr(uRd_B2dESacs1O_4vdvLXErxVF=<Vr|PrmF@285U~`YZf;Jb*uoi
zIvABSCWyQ{{aWdLKXL$pp`k)F&ok?r&OW6NqL`t<GU@Kd=eT)493v}N3%hYbqI0i5
z;hguV(Sp#Me~cF(x3E>VMbum1=2E%$$w~UbB#_YYth&}b)zk7<QUP#(<Zr9pB*9M3
zW0Xv}NL;>-{4j6cm#}9Bu+ard_88@FrO8)R8{IvEE^|O5NbOHo33Tne23r?@G@y4D
zv1S!5^jF<Wj=EQ*>_(smF0xgy20fwVYuBn;YAt#OH^%1d#H+=;2$k)fdlcaDgY9Uc
zHI+HsyP}H35Bje<E8sADFlOPA9yxvbWt}7aS(aRg8cF<MSYva=!Q2f5uA;|vL>XR5
zs|SZ(;WC&yf=)fKM-}|cLjB8mD0ce9`GEF^Z@rX=MJyz^smFL#(^*j}wIRNWXipW4
zew$$@*aUTqC?{dOhYR|J<Thl)CA}$j!dBQ*z6B(TD-_BF_7#f0@t{&%bd@hDOmej7
zDPPT+U~Gb`H5*KIzwAyStOGPruL&_D6)d61x@cD?Q67|&kk*B9ElJY}0(b)ZiTKl0
ztfvxvA5UL#Bt#R2^C3386(MkWSo2rl&4?yS$+YH}R#G}PMSfxwl_#dJ2O;O<4}p$d
zgyn{rSWgTaX2uOx^}7sQkp4E8gi+yjMd%*%)cxMBf2^oBaq%`r6r75wx2FF#9hH0m
z`|OFn``o_`zgOabDfX)CwM+89=>X(8v1Gjut^Q4g1sgC4S+FhUO#rX{pFZ!;i|2s7
z`v1%gQiphnQ{v3OyN#m&>}EuQ#s5&j!3Ip^|DXB)L&-zF_>{vAwK;$2$>tv2PnaaS
zPrP$~Wqc$7>uC+)Sqgv6qb2;yCqC-TFp}{^Jfp1pL&ySALpE9g?b>G3WTvbo+GPJi
zJfV5tLd@pY)H<PAfG;3yoWSSM4^Fl_l-Oh@Mu>nkSvf-UJI8?M(G8Q^X2mj?Y5=X+
zbS4EEvvn8`=~R~e%?<3B>1wZeKxp5QmH_!h%l>s!{61-?s&kB)D|CgiU;Vl|ezQvZ
zbV|81<NlqjUN|0n&OAs3I%DxhzTc07;mXGP{UA6Iy*bbM_OvcxU#!qQZRmdKj6|Y5
zBSd-P-i?Ww)@=4@{t&R(eQ2=SxP?c(%-Uf{@YkAJWe&_v;Ry8xxFzR{uLHZU*TI_o
zRoBFw`$`duOwBbNvo8uddIKTw=m=Z$5@NmQUbNs9M?o%lR`}-H$s|qag_~z<{QE+m
zsF(%wUns;XwvRD_&!pek*LU=|Z)$H}2g2(r49NovAHoDrH(6pDe2~;~6qe_~(onWp
zC<PW#9seeSukq|P5{iEl8y0UVXGAW)Sj>4V_7=7eR}jQWW3-VK>h^WM>{kGsBnCi!
zdA{zoZY%!l*c$~gD75U(4veted{v!ZcY8o!TIzFL_kwz5Ps6pV5%f6TEWqgvC3a~!
zeB48n9E29|hy4dH1RI&x$3L9U1qB}U7o62#6Ffp>iPGe8F&`>Dji9<qX-vR;NrApB
zP+EP+(AEg5Yv}VF5cPj{2i3Elx3~#e!J>t|F&NC+JWkVlfgus2shj0};CVGy>KOER
zz0d-eDDEUl=%NcuXDoW*5>pW3`TBWeIy;g#<?#-2)o!yJW?Jh@i$0~5B2;i-{iRnK
zirQpA$A+iF*;s>))2F-Z%UP4qGy5ZnVvLalZS$PLDf8ku<YduC`aZ^*rv2&-VHCnp
zbpImO_B}9)&>a^5<K1CPb7Ij!ZSFjz+x4S7&+?W7I=Nl<m&FjcubyaF28ipUG?ke!
z(M_Ful=hP-(xHVnWiuMS630EiK4cSQEE!ulx_Tk8`*nq2cS}8k$VXYqyY{gG?s#pU
zJ7a!E{f9VIh(+G>W>HJr(9Xu|ER^w9!w)XYBa@-6b5OIItWC!1A<9#lra3l+%#r;B
z80xYt9s6+g<uHWOXnD}>&CO5zfi<P{CPvxlplbP(aR%@+{PWvO^1z;?Gs{Va&Q^@&
z(9V^;gsh1;e&}%TPi*PZN9Y@8mRxFyXkwk8^3p^D0BLxHsmv9Pxj^O2RU%qF$|n~R
zh(1aDm>eGHL0qtNV-_7cyWgU;h#E!IUv0>3<e_dgagc<psDd+h)2*Sh*P%_E+V55I
zb>m&|LF|u>Sq^%NzF}-uk8K9xQZyB3FI|`uV(3ocQ3;+Rz*jrOsbZ52tCzj68DF%Z
z7jQwJf8Im>;R<FLnImd<5Qv1Z++wo-xOrw9(`KtAPwUkiQymBV=R0X&v0>Cj?2PjF
zBMpHX=7cy0friQP&RhK>cer5b88xBO7^%u-rSlUEF(i0how&{t6W5TBF;ds=yJSAR
zPKT%6VpcKV7hEKZ_nF?l%?FK|7M@jJP}P(cJ+sp-xn>19iM6(v_6h6jLRG(~gEcs4
zY!~+kaqsQ>V|Mrxbbq(R0P1ozqF5vcBxz;0_{_Xa<LjDWH`eB(cNQv16}u4~EV#@S
zyD}E#Zv|RlU$6<@ASPWeUR@+)A1*K3_cadBFAB2cZXHa5G_V)U!N-f>57INFw;C7m
zoY+-_IK$NYa?vZL*(}YO!XOhuMy>TP6K-QRH`R-4g+Uwod7oAB58biLQY&N;)d%s#
z3de4H!3M_878Fs$%T;}!qNrt}*l6gi3XDk6`3?`+?=MQ>x_fVN!(i@DH}thG`%Rfp
zmD`rG@HQ<9;b~$tzAP7&vGu}4e%EF%2d{zE79%;z8P~p~Hj17B-rcG^x#J#~)ZX$k
z>IL>f5ZiOi{Eqkpuc{zE(lzXFo;w9MG?BI+gL{=r!~AP!9Z9hyaUr*PKuk`?Jr|R9
zYOEzsdWL~pJjoV?!<3?0^U>>pT6D{(xaTVniCy_%`hAb?0jOK6)r$wcp~}}0!vI^<
zZD>TgEqZzlmM`J<DJ$;4*`zoL6dxAp#fnYs`bb(O;7VDXwvz55MZE2V@3MpfcId?l
zVOKt|eP@Ta^okiLs*%L=6R^Ifaq+kBhCY1+(TS+PAq`Qf6iF8R6n?a(3_y7?g{bJo
zu!CQ^uQ0Hpw~xz*supkcr7OG^3tz0a)QraX2#`DDLV^<>h+La#tymGlgD+1`#E1nn
zt-A9oAp;cX723(<=In$%qvGD&H~iQw)DHujxpuMjk8FdRt?7s8V3rCSRcTF%bCYNY
z!@eq`F#aAr5!7O%Qa4LaWA@6i@x)vRqKWyW#)8~cKwPYg9=VDFib#y|ZF*$g(3@`;
z<hn+a1_6120b@lFgYivLvAoilf<oY|QzW~p+{s^~U){gz#8yfP*)O``P{yx5jJxo?
zE}nhQWE8vEn)Yqm#qGsv5*tlllJ=>_p*9Y|Q-{;Hzt#g0d^jPBzlyN?28XM%viEB!
zMg|Yw%{FAJau@YQcb>_!gI>6SXIO4;Yre!rLAZyAbZMwrW>LDVRKa)oPNID4s;%x3
zi6DG~zT1scjTEcy=i{}?BrI6IA_uI^GrYBz53O#$aY>!ME+}D(x^2Fyb^WS!S~CCh
z&3<Y5sFEN*1|y2xg`sd}d3R;eKB7^6o@K~+Oc*-C{J2{jqec9qqTj>BgcT^M!gANv
zIXdS)9w=Rz7cr}BJc50GUmR2RW3|kNbbE6pOj(tO#$B$Ek36NL+=1Ei{k{H7C#C-@
zw*1ZQ^xr;^V`TWtOQq{M(i_U;yk7u6`crtu#~OAze}T3H;)v6$o!j__7c}=m0`OFA
zL=7VC(~Un)mrOzU!`ryig|sQM)J69)K~Sr~U&=aGxsMVisNlES=%Xy`J$O7z-kDB(
z`t#tzqI)ya7iFm9UR_`@z&;@JM}2d`T>l%2`QsbWB73keqD6+Y_#Zz7&eMC%vv&Kf
z?QfR;I3~*Z0X;aOx69?1Lh!fB+vYC;gtq&ae!&0!Z^f1=5>T_(Sr1A7O$Oix(3=g4
z7ajsv+&}f^0l<M|0Dk4(`)@L@wC>gN=^~f*f2-wfFch`h7?^CM@eEW?_f}&5V(|ME
zNQarAnZssSV@Qz5Ct4(ParXM%X_?62z^dfFhl$dagzVf_U1dSvcen5qKR_Hfgg&we
z%V~Pmp0h0`K)@JU_q%-h*v_+XVO11}shhLzdd<|@v`TtdMlKc0C##ov*EbrcxXEci
zQ~{ufJ%VR^mCk=LuS;<LYmNWYxr2lZNS7eB!BOVl;u0PP%!4gLQT9J#{Wa|@@P2-P
zwAu^h6940lI)(u6(<wO+{v$<hfXx4g<OyUD75ERkeuek<GtD+hv6ngL|I_0ooIwfL
zHNy;DD@<Z=o%;7t^fZd;O}iT?Y2l{2)M|)TFM(iaf2<@P2UAX)g{IR*AmW}^lqb3L
zFH2IZP^haM7w3Ubp=yEYeLPg{yz`vNPHCO4GY~Lt40t#c%tu{-C_Bs1Y>62>O&#p9
zgIiSE)F`Vj>j^XOi%S!l4||Ab0Ix#oTi4})897ih?wDm|Kg|pf5FKX)#GB7ln~zr(
zWO(xOT_1GH9gX-|!&cs+hXLKZSbGk>51XzSR57MGWbGxvf#y_ZLvo=DLrlxh)YB0)
zNCzTBoyKHn<14dt?}LuVHV+ZvD#E!IxLe`}|B-h<@f{fyOnq(xq(#hVo2B9XoCm@J
zN$0es*SrwIh1G>h8Lp3pg)&AXD0&h+DKBR<-dM%Y1CFg3RYifx8ZG(5AFttB-vQU@
zBIOdEe@k&pJ1$DV-o3NsKGVPwNJ|+a1KcCEDtc;$G)!?FURQNqk0O;V%Nn+e^mPuH
zV^1D|nxY1iSgH8{#CwkEblND=a=-a(NEb)~Ic+YAwLV&D&WYe<NZ~LaV*wje<U%3t
zeP6|eV$`J48F-4IpU+tBKQZ29O^XpYJIU~qxgWG!=7e)XO$R^58({TRcRzjOKM?78
zoO5WEp{S3jGWVV~SgFO%^xzCO0CJJ#EgB|Z*D`qvc){GDb@YM)sLP4KKHg$PZ1Nq^
zoMcVv$V|%qDq@!5;mqms^E=cx`+POJR}Q^G)D{S@HhuJz>785n7camEW2}Pqr6)EJ
zKm8cS;LwWWl!A}LE<Ur?+&PCK1WjdNM?*gb#1gnFeIpl7`~0q`GOX8OSb*!Ro8pbw
zgzDQ+&6G9>UMS$X1eFl9g<T@KL69_(StKQAw~F2%6_9%%7R@r;bQu3WT|2SgeHGSM
zX<3VrgLlDg1lZ$r#ZZlFU#7ZvKZ3=*79}PstyE+u{Dul0H2{>}gy)H~>c<6oEEJth
zR`A1dK~C4T;xMWgyfQDDe($~@5T$1;15jrXaqu_3{<)nhTyPw+EO(Zo>s1Xywwbz#
zrnF?sE4rVL@R>;hlU=8H*gor1pztkt91U_I*l0w5^0WB-r3XorR0)~GO8t%1hX|_F
zkXCxtd_-Dg#&p16VeQ7$2^RkJ%!s5bsXdf75FN=H?NH<)p<r$SsEg8LMT}g_EX_&O
zlc-<_aMp}~6aaMG^78nHjJt}l{rzQx^vI_N9Z{bW5$?4`X^kj~H&RJH@={dDT{tl!
z=XcxA@<jc6R|%OHje_CG{c=9N^{r=d4WKL~>l%h_`ZH$by2v%Jbqk`P<I=c8DB=uC
z;g`NJTbzNDXBZy{!1}1?pXL;t!C=9JP%e{Pp-uX{T@~qLW?7v5_~mTJW)fCY7Rz^f
zMPa(<7xRaa!m@9yisGv6Iv$&QeGNLMME7AI=C5kT4|PD->Up6tO+e0SxE+OVvk;I7
zf$&G#xUUkobMxGuuZrCgTtnnbdMdrl03RoMnc89h(aC+xhhL;{o=;}pH5(lPqV}Z}
zVK5$iTt1J(hJQPD07U?%Upgc-`?`<uxjadzQdjSpB>n>$mZl!d4GEt&PLt}Ll0v7{
z_pwz2HN>0`*p|EZ3Z)IfKUg>#C}-c5ftN2jx!Y2DpSg|8b2;JWNt?!@Xw0un#zed#
za@TqmIbAg?ERA36BcWEeOMZ9Wi;%MKb$2DP`+i=`n$8CCdP_<O?TV*iW>rZJj+RUl
zWx}d>{%J%csqjU)SdXv<BR)v?JLlt-NLnlg?Vu#p3!~=`7D{TL5-vcpfaqo?me*SC
z>Ra;<@pZ5&<<?cDI1BF2Ru-&J99XyvN*X#~Hl^Bw9yYk{Tr6)~LHWFpqcgA<MVsUT
zbtHdfDPqpjvN<)$Gfu>JVy@Rkh7&W#?n^$%NS!%!mNa=2@@oMVowCS#Iv!a}`)tX{
zOK#c^=?BWTJ(Kwl-7aO7+!Z&SphM^0o0W+NRB@ESKxlO3AsJr3e-m0+8@&M=JcUw0
z>8Wqhr9FRsg>0J#=MxKd)-%Ho*N44xdz>wcT^A?c^fIh~SlO)M@=CiNLNku`DgJv^
z$QF?S0}-jgwVbijk3i0l^zb|OBXm}}P?d|^wfGpxi_2+p6s%Ajx4wNK{y?8%E$?cg
zKoBo(T_Kb{^aUAjlU*0gS+02_z&F%D*p2^Z{i-iP35~GO)y!~*@*UK;r<g7VzQjV*
zYw26*gJ*&gy=>snv8VIJs?H0WN3~e#L)J2^-`2ue0}VDRGT(5}4!JqaZM%w^_QyPz
zS!p?$dP6#%2m8_2g$bNz1atte{&8a~h13z3*<sAk0}WwU^p{x$2eu#ECE&{Npv+dH
zlD@b-u7;w7re40YN@Umzn%tOVXTUjMGYHD4-EIIvJ)7GZBVs@j>cp6=-kA)^Lf6Zf
zL5>9D6(WQ3<=%R+NTTulB1v21fr#sB%|Dc7XW|p6xkc*co!@XfA1N{-%s1`0&@jV0
z&Amrcxo9bJAxLz68j0#pCR!2|R$cjd=UmRRp}<I+eC-0*OgJ&?7eC%cluV7eunh66
z=tPT&{ZKilD~$w{vRCMcM66gG2iRU0vleA0mXgmGQf=XJ#W*GDH|z}CwpDsi%8UFf
z`t~Wh+^`OIyNRQdn^<U|=!i6&xbh1|A!N_>{H2mzU;oTP414DV``Rl+Ga;_K8zMrM
zuuGrFdC7_`m-RU&x$<c|J{cXcU1}wCVxU4cojZb%X@(ZQ792p8w;L0C2}gU5f-i71
ziUQ$)cba`4%Czg&j<OWn0}=CYVy!LT1_QZ60cJ!vO5bJV^b&A<94-;`aC{TdgR`6X
zPDI9z3=n$6Jf$AerfKY7V9TzxD^cRc@?Sh5bYL|<a<IqCpqg<X2C%bs$xLhnAD_tK
z!aX34#2}VcmW)`65RtH&Aj*;g-C1l~jn|6EOsrfZUg;?-K`zUCyijK~$u4ZMU1h8c
z?ibJ(WM|WjLHN4n{js&PYPxH*MoIihpOkl36@ByjND>Wlhj;q?V4}&>OUVUsl{=)R
zPkmbZQ6QYZ#$<VI&nNldh}a0@D6IwQnGtzea}T0my)eq>;CMyC?F0R<Z6hPxd5$E&
zh|<|T+3J3_-rX8FdAngD!8=0f3;b7iXR11*tKC^cc#<)0(AG;<aCA?FfD@et_b>Gn
zRoxK37KGiF($nQMB7$5K9vJ<^k>iM{kS(d~{$TX;_Du1Pmyi9Wc#&hhGk%ywj%G;M
z!v*gO{RwDZ*j$f=&4K!hHHJU#*Sa|(N_!`dsPyOlUs^B-#r0v9-un*w--bn78#UH`
zER|Y_q8|<?q1T$xl8Eht`zzn={>nd7H@^P?D8KqjSo+<<R~XZ+ZJG(w(u2CFzZuZG
z_aU@S_^<y*LH6)&3-zGzllb$RWdp^saWJS-4#dyFw-lB^;-Jm+n=sS8fswGqXY*TS
z-U2SLdE;iw{ky}8T^v5k?_6x!SocK$76DisOiCGT;FV;)vt7_*CU{qJ{MG}PfOX>I
zO8lp@T;alx9-M`(n6@Py^xc^Gv-;Vs4$UbrC~P%K>f>T<O(@2D$P(q9*tt_HeUZ5c
zy1T5g94lfpo7-iv_!2XwbWlrTyVX5&wsHH6|86K=%7p#STd(m(ozrU7D5zOAm-}X`
zS7>0U)z<pT12$K(-u-2p{Aa%c_Yb~hkM*PVvRfnPK^M;?`azZrInb2${%}X~nB$6A
z$FI~+AU(E9{_d)w6eQCG>bvQ?yVZ97dZ=mE>bkt1r{g9hot~uHvU^x1A|M3hePY?B
z-%WQYB^oIY#W{07u|JWU$#CBe*p1B)Xnrdm7iV)bNN%>Rw}<TE$oBfCIx>_*JgYQ+
z0^ewjR;WehRIlJO_JWb+#gNn4<hBvc7d;O3{cSn0=LPQ?kJU%dULBq@y$v%PrVI7c
zjxaGH+4IJo(zLfMS8bNDQ%$(veq>4M%%&%z1kLV0nloe1xA|Cl*It;n_Y4&F`R*w1
zTcx}ZEWRW(a;$(PY}SCkwOD8FdI4$g;xy<?AU=(Ir@{G4T)yf|d_GPFE?5=1phndH
zy-=qwHPoQYT?L5r4up|@7=c&<p{CIu2MDT_UlubmNIj3&`<eU|%bY%@X5na1DVbBW
z`Lq|{^m9`TPL)Os>j%dS>xYPv<M=%Rkips9vjCYrAcM32^fsq;kj!(fU@sT_gNfre
zOtRsp)v%=doFpLe6ZOLGt$5n`I~FtV9y(X^QHvSm0(lJnRv;a;hR8*ELE_B%S`RZ|
zu1`UVj=^oz&ClLuNd7L}3P@<FyiX>56&5%9I0d&-54vESEa~@6>v(*WPE!?pJz41X
zP-^f<$cx^{eRSGaL{_MHb<4K(UA{&V!YYqUsMpt<az7zb=1Bh2&|1G&!#2qd?ny4J
z$4Q{%M8Sp=q?z?ZlJvc%s~O6f3^LdcrTyF=98#Mm*r37ALicBHW|SlNVSaTRW*haS
zf*!A3_ih^%9|g7xoC)G>yb*1%r4!ZTKhL%;Vc-ijM$2d`S<#c7Ns(1mXBIE*h-&$c
zn}PQ3y+F_OO-5-S97MYZ>$otRQ?IAGpZCQ;=h+T5AY7KdtlhArk}pAQiklH3lA;I~
zjRUtYua+trP5Jig*X@xyvb)PLRhyE(M+m&<sT|dSgJZ3||62f?OQ_L4-W@~U$gR`o
zO1gSNNBOp)Oav%>s>X#HhddXI8JG(x*Kin%O$IqlZUQ~_vWFK(pg~K_h-TRS*;x$(
z$CQ13b!WcGZek_Z+t1M(Tu*Nta|b4#-I3N3hbAtrKB}7Qfy4Q^-*nenU8Z{E&?+ra
z<j_#bL+@z;jhkeLG-UJq3^w|V;$VIaQF;bJ99`72b8)`pvVQEOQ+=7^2-dc~-2??m
zHDTt#P(%2xQ@)IAWbq$vKU>bd&+fI%5D-eZ*{j<$P1F+rT`9}C1P|0K(JrD#NK|}g
z;FGmSBR|}6d`0i3YF-2lNTny>>@L7zc1mZR(nl1X|18R-UEpNwGCPE#MuhSq&4e?~
zD?wcQaePf=o$zroVM@?Av9%}N)dVdU>C}&S8n5e_BT&Gb;<6UmtI^>*BW3R1&L^19
z_7Fp8)6O$fRmu3RFZe?t2xF_!o$T3_w4ur$A?|Gsv(@yJ;YeVngVuKenrT4trf*iR
zMSqCM;eF<2U)f}&yEHD$)2=nLjusb;WQ6c=74rPOt@pw9+QrhSejfFyQhQjQxw1MD
zp{VSza+ZFB6w1>q%R0~f-kB_9Af16`c4}s^sphQ^x;Rs#5w0jq6ni6KleVR>*PSo7
zdARwc>wuR4bS?y9#;=S{lrn&~OD{CpOmj7S7<t{yklOhO<3_H(xacOgc2j}MPfu1z
zez3S`A9p#uRdYf^`S^Bu*3It;ZX)tU3K^H-Z7Rq-AYb^66;G)Z7Rxg18{-!}$4Ck%
zOuRwbl?EWA$BB2B&MeuQZR*wg(t7rd5SY26o)kL5MjepN_`0qm`Y`ph=*)>EfzBnG
zjqFJ_-`SNA@hMGK?ucp1V;-FK?_oFwaXkusP5crjipyeT>PBjUWm?Q>k!l~a?ep}L
z5)0l4HsKE!NE~U(5@o-LYK*mu8uL`yQ9D^#?YrL#{9l#=rr1oMYCM|KwWuj~e-`jG
zfSGJb5J;+~{2mnYgEsP(pU$2G;_ep__E2%_<lADXjhR1o7Tu|=iTiPU==G9z!Xna+
zB1W3NEF;Ie+~D?9bwVULNX}nLmPwU}VfRUvzDM^-mfJqZXd#yc7A+GREO~L+(?#R#
z^qJCCyHZmAn2cO>R|m@V_ydWvHoj*;F1QVu_PugJ^yVDOhb>TA-9v0@|8ogL{2KmJ
z``8FJ-|&R5%Mv7}IBFA*+aHQPg|#R7aV+Eavzw$%iV@w&y=WXuBvrL#cB}h&14K^F
zD$2Tjj(Jg&k-ru{=2Ema>M+aDQ`5l_d?(aW^Zvskf+8mIzNFFj`im*@fQqLeG7scP
zvjSF46KS3Xz1+-dccLEoTMBe>{sl-QWbpks5hF{F#6^SA?f06RnA?kCtF$cX)i#;u
zv%)Q;Bgje{8{exb;^q0?PP$5WxU2a<XH8XX;U8DzD9dao2n^GjKvZ;dz$FZt41vus
zndDZLF$&NJM5BkrBHWJkE!IN_S%Z(};!bm_c{g^{&OAs+@3r<sJ#fwoR9!e+4SJJT
zF?5+&2{h0YqV~NPCY<EF;=Bwx2-$HexHC3yZIL7Ay7WVRypc2UW!J^bsHc?tfvCPH
zw*v!nH8SkHo%KFAq!&8e)rP(<<d$vGH(0RK)rvK;Y8Q*br-nxLNL~U3=--Xj;kI#k
zPiU{as2o>ZpTm_DvIjU<Xu@62{@|)^K3|qR20fSOS1xqN4l^j|t>ert)?o^;s1e=^
z3wd^0%}(JYroP9LKzO?*beB~%Yv51_>vAuGE)<f`bGv+K9jf{>E7bVr1DEEqy7V3e
z5&UK~8g(3!pZ4`RKHYR!JnIQ>g7lTw=kcdcpe4r{LhDPyGwcc07RO&2)%FmbJ<1xJ
zkN%(!`LMOT*`ed()5qUa554y3VCod%>H7AS@4Zm9Q>kILE%vv0#=XiTDfmZmb-cKd
zMoo$2m|vv6Bo`z_+CrAJC?RN2KDf@oDWMHvTxb)&(|~RlFhwyWIZpqaB5z`+2psGt
zyCmtdoWUIAqP<UVj}(-zmOWodI1ve*UHsZm@7U=Ph)H!B5uSvDK*C)FqPfuzyjMUb
z)clq=Ml8X|;z)uW=Aj9lgjgYEHy0gQEYA)<xxHHU!y_4xAp3Y7pCRi0f3<g(VNteS
zzo(?7yBh|iyGy#k0m&f+6qFF@K_rImk{aoh5>b$jAq6D_0g)OSfuT#@3-9}Wp67kv
zZ~MdEU-o>QIOaIcy3X}q>;GHNe|$EYc}YGbNJE<Qy3Egs-85=5j*!jM*+FPc!D&$e
z;>f0Fv+z+4pVrt#J@-aNr)}}p64|+(J)B60iH2aka_~19?`^FbUGcKxh^A;)H+Q)3
ztcrI@wG8UmYOQ1xc^Q13Wi4XbXFtAWK7s1>r^u6x_cmf`$xJcRz9dylaN3mycq94a
z2E!=rO<9l#kKR072rG+Z#Zaqc_*C`BGn6LNl^x;Y#v6mh0XuOan?BwlQN-|dA#TA@
zU?uD<-V9<*W*U4t6P#lkHAthH9JzcT4^6C3`l5wkYbOdTP`(t@VeYVePQ-j7)Vrjn
zwi)va91m+f)W8Xnbt~i|zMxazQYF4|mJ;-;UW&4xy6eB8C_DuUq=mOQJjlJ#%ri^p
zqXeK0#Ul`qYdHDRGuhx@)lEz=FN0!C2hxVpM&^U%ho)tobnrwujC5?3>W?dTS-2=m
zZ1RI6a_ZL6Qu@sb`*SKk!j>!1^_lF?D8B-Zu)Km?UPKd*-cTExf^G~A)~x1d$6CA&
zO;`OvZqE2P5<<-2wKO6zs$v7ywZjafDArCW8CO|i&{>$B0bUGFK1Kv<N%7#}9&Eev
zg=RUWIs+3aZI^C9k=prwTXL_t9S5)FV;k_U##MlH0$4HLX>?lc%I)6h;W6d#8&6$$
z&bP<5TQn<B(jxO42F!SH_zaIDp_=(tMpl^78_9)@>#qHtz+4NsXMWrY$z|)7@sM9s
z?nQUX*}LvxtFmVBscU9<?-G{1cQ7qDy)9<UCC<pH!M6osS|dZ#-C?QFIKdUYFX>2%
zoC^XT$e+MImCqFtZbt`$?M-LVy#sg4RwJ><<8Rh{nq_)!y&orNSI|{VIW*D|<UlV@
z(rSMt@1Dbc4k;3a-ShAHL~UO;dT7_lCXqH{r&kE}Pa-nVoF@fJ$Q1W{MES|3VjjzB
zErMUIT05)qN1B&;ExorZDcBN?qI>xup>?_II!!E~W3Ffjksq6NR{gX#?HP<P-wzIW
zt8(UcsfeTEWKmBnn9>YM{gV}a7){8fdQyeRP=>Ol{K`BMg_W(wbBSj@fjgz}3?y)#
z`$?7vXllqNFZa-xskg<^gN`Yuoouk*Vz2F$Ss4^VlV53Q)2&f3;Ma$;^tIj_;ffG+
z4ft_WT5D|$oob!Dr`nQsAT*XFG01Ihp1k}a>i)d537-SVoj$P{!CC^6SsTs=s!tK+
zZ2l&D$YIJ3vq-yK^>v@WmfryL4_?KxUU!A}*Ts_+L)$AGEJ=<mwj{cjoicXb<oU5`
zu{O{6c6lguU%Cag+;lBLbUJxDy}P$ml0!RJhsY?Zi0ZrPsq<(g6jG_ktEg#sX!uF+
z8&rH7gXqiFTcgHy4xbUD>a`05mw|)ty?xxFdQ$#rKruNfg3~EvY%D~~YF+XzU`bSW
z|JF_M`rv7i(7G!3nH^oL=($&DCSm=dK&z-*3o>v#+!mAzJ5vrW!P9Ndz{xum{<e?n
zilM7jbb-O1Zg3m{d#G*7P3Y>Y%R{4ZHOph?ygaqpmgao^qC7M?%jaZqvEFGa91j+n
zq}LkMAf}d|)-VCz!1Qb`rs1un$Tb<#b`!hCOC&nh&r6YXsxm19?{dGFFB`C$GB7#3
zJx6?4Unj~2tk+=-iYH)4{iZXiT~XH#4!#NGhJj60&^D_oC)mc^?^#Zr-`}DJKP*;o
zPL&#}UEZfm)U#ea{qD0|VUYaT>d}1qgi;mG!3;*N-;E}8LFwFn$MN?N-zqrBxL<Y6
zW6c}k^tOrY5k<%XZ4tV3CuTbh0o&(0AmD;zBCekN4E(*Tr9upZ)b6UoQve;hYSRhb
zCocFbO4JufGP!m>FY-VfUOMS&yBbmysgx30=Quc5(BlA7A+*5fRH;a6fRW{MQ!u(e
z9#ve)4vnkrNqY-q+}7@5wLdRH$7RahZW&SHSq}U93S*$uCLISlFk(wd&c`Wsre<Un
zbk#b2c(o=z7{-uIGN2ks1(z-{VM|po;H51mm*6=h_^Nx4=2_BKqBjV64j8(>rWPs(
z@DOhCb7EoMPfOu~Kw4vW*ai!?8ypzmgB(4pJsjkRyn!FKpzVzLAz$;B_{1CaJRHaw
znLZ{q$z3*TaJ5nR8xM_UYKciTRElnIdw1WDJ=OCsS+oMH=d(+CqIepecDXqPr_9YS
zwcN)*B4)=EldZ-V`r6i-k5t5uUfa&%M(WO+X-#i`Og4t>^w`Bs*)UvyVr=IPIK6+Y
z+~1`3@dWAAo@-pkKCg^zwYNcpU4~C}von4At~<KN6oqooX$|2}d^S*&<Gb8d6+;{>
z?<5ya?SMaujd*ln*{-OYE!JqP-5i5(M`?os@!^%iyd^sWkO+gv*=fKHc7_6;b`EIW
z<~eYm+2bynk{@M_K!Nog=7|l~y6)A%)SrxPJGrT(E>!5Pzi0^BBA<%$r8nOd!MJ#w
zH8;OFB~oQ1b!S;n_O1=cn(bCgQ4+`CGv)TgXa54nt#eE0XG~20qYnL@-Bf==i<P1h
zmpwRS6{qwJx3~UHco$F5<CF8#6U5B3KP6xmxFih&TgnQ(lZ$_ZBrZB2-OObXpSXf*
z5VrQL>J2)4U%F@I3kg*0lM={QyDg9+CSl2!W0w4hV{eZ2N6{%~UzEo!B5D=|tiAu4
zTfUA3@M%ZSemoTUOA`W|kFU_+Gpn)TZj%xK+u*;u39}Y)_b=~+d!WAC{?VjvjeDKt
zY%hIdm~ZGFbYp%vi|F9Hx9}#jt?o;^bOEVH4*bj1Ubo~+r84Of^pi(+SlXoJ^Ti{Q
z9o%nQyqZ1}y~}V=>FHbX=q#ZA5E5}LYsN$gt%EUdziv9H?^ysD=N_?(Tu_<?JLJNh
zrv-(0;esK@%sr70N@x*5n-T4LHDY;Z`}iFgpNV4*nsuSAcbd;5%%MURqr`I*gJeHb
z<qq0{zOOik1wavyVAe&soB9Zcre>)U#ssY2*TyfPxch(0JW}n~HNU5zUo^OjrVK92
z2b3vhA8Q8-tD|}>t{zhL&KUb*hO|TW&uyWEzqXwhDEwX=)-unwt|hXaAI?yf9JB@C
z?w`9tv*MX)E*Ei19j{s%p}IP`mE()|19p!k=iF<{nWN0U8?9LU_HQ4(xzZ7RcZ)(;
z%B*~Sb1uFp$P{FB`Tl`|T5u9GU)odE*Mb1==W;u6XuH>Zdg_~aCF(H&#M2mj5;HxQ
zXmTc&94RCP&GkYY>CJWAV;XZJE3dpR7dQ(Y^c#^oiqd&99f8_;zViU$w5xM<#xh*W
zd>$j9as1Ggh2^f|!9w&Ty5>8d?aaW<msbtKccyD;w}SC?aKev7kEr1xnoXz7*SmGK
z8eh<cHfosVm=rY1AVHjp*9<|w^Ynur2#esKMQq%{YoOrQ@Rwu6kNp>ZSRLZYYr;40
z@dio;^$*K>KfO40i~X#abZxsp?!fEySk}#W0166Bb)vg#<M7o$qsU4R*|i?xIr-*`
zXuFG>vUC}I%JX?SL`Xt3gE??=^t*<_RhQeC;+3h{@`*{#^b9@qY6LYTS}=Hl9fJmS
z^R8sR==s+Sk0zwBzE+RmfWxYUvi~(p2CN<_Xs{qUpnb_Q5(DAr|4K`bH}Ew&G0t%O
z%}-59bb=#xit)=m1%9diU(Kf#gx0G5U9xcM)1mTvg3qIG1t71GT9XqI^N;ZEvI?<~
zfPu1}hZ=Jm#hIq>;g)L*%nLB$<A{ZR;u;(1;L`WePw*cVAK$~lQ<*etbD54Q?bXkL
zI7^Jgu+`{9?Sa_o83n^#IW8Fm%$}dtC$-;k5`T!_!d)^&NdT}~aMtqYRRl*kxO{B5
zpw8rcKQ^8i$(cyipnKEHrJT>^)E+Z72ssaWC@h7V;fq9K{!8ddA<nnFw=IKtzg8p;
zd1*mOr$aj+Tf!*8@6eIfw&@iw)=|Gv#%^88b-q{k!*Jw`36k~0l*mvMx_*6A5}cO}
z0oJk(GOqqdLiF|I+Dg47C2^UK#!CrU3V!-q_0r;kx5|o;nGs^!!rHW{YwFWWzkygD
z+)d`{69*2KCvH~0%V7fH?WBS4DD_z7*HBgKPKu8=_3HKC-Ksm0ek5!MKS%PK@JC-t
z3CgYU^j+?p*WXgEB%@988hq`u{tRtM-;eK`KR-%O>OlKUL`oas><P_m8<n2ca$YyI
zU795D(gg7FF^cb5cr|KwdoAR**GGfb{V_o53lA|)G^B{X3lRT)n!3~n+=sue_m^s0
zT7xwh1ba;sN8Y?!hhc{To-Z}G2KY^Xp$BxP3(oZI^(-Elfy_YxsS#5vwkLb2PqL>{
zfSlJuZ#~fADrWvfsU9AuaajK$ikdr^TlV_NC6=nzbP9Rc@)*&jTN0#-`8<hdwZz1p
zQWZsrz~n^GM$$?t`AMLH0Ah!7!;A&YtaTNfj&084tc!nVLLS>m<vXsc)KMpG*M!QP
z%w^7prfnE{4yOeLm1aJ`e)ESe=LC#=P@TP;w=^KE4fFi^OkfpR0BNmXHS1~6<(C!g
z!&LBF-2*Q%*tl#!w1K-kaKG^-qrEb|a0PDm!DYCoS8at&F{i(oYubF92Wf9LAe0}!
z`RrQLte1slfpUFxdd`(>#q>M<PYOq2@`^WKg#=2EV$&obU<kAOu_A-UE$~cs1nYHr
zh#XEyMu~~c0r2n(sZH_E^D!k}VOSw^;0iY$@Wbw_TGczwOM}vhFh_(`w~&`wK4M@|
z(ayg6jXCCF`9*yTFX0N?1Xsb;yuOR@VH_Z{krcc%p$O)Jx5teElnj_hWvh|0<#;Q9
zKbL=$(0~Ju+fXhB!n;E;$R{Gn+U1>IrnGzV`&6PNixb{l;D}4-s^PZFQUun89J2>}
z(n7ps5Agu}V%)T(qEe6$?dVHTpfjPJ&EPQIu;lnUpQ+RS>MK@EG=lRE_oLr$T(k?+
z3Su`M=AP2X(34LXFkSm+&CvSEew}^tmWt_?r`414RZDz;DA4e*FfOru5+G5DoQTQr
z254_n2WiB(a1fgE+^5kXxN-0lLVQF#d}-+MkSszoaXF^@%3wMOG`|Apa*^RA2W=X%
z85X;akOXDDWX(?{YBdiaUrJwOj1s%}1n4T-WD*Q!C0!!lKGiFKf7Eb<#UB0<Y;U?*
zPMFIpsl~(Y6oGS9s%tLaYrTH{+}nDRh*NZUbwZ&|KkG_dnPO12gM~=0bh4p;k0P&Z
zQtfNtk9nOzzLM*g5HKJw3I2C^Nt_7tf{67_{|8gO!<8Q{arBZuFN#>G7Az?ct%NDf
zIqa$AMCcdU<&}`)#`DSxmDeiG_Ht2pBLz=x&VQf1U|$C#D^tu>UQXQx0Ec&~WaFGi
z7{fJ`{>(e?YxR|=1SLzmdwrq_%6&%OL?Xq--#?Z(E9G??ng|i<THIv8Jq!;%>~9{z
z236bM%onkY`_lYG-W#7u?Z)Y+BO2Tb*<0;|rAw+Dx!~lvXb+dit@mCrn2D8j5;Hgq
z4QCf(7N^PIS^txWAGUgtKMp+-aNyh}Z^Lnj51=SXljpp9B{N0sa4%tQh9*KV>+>h)
z&|cb92PFQh48<g(?W2kel_3OClvc_hX<=Bw7vU(C4<D9)p$b&z%T&LRvhFI|vYmaq
z;~O4$(T^3n&dFqTR6Q!3PJCAlQ|d~XVHrP+csQ(Ka(loqBSRhSk6xw1j!y5vp>DJQ
zmCHbh?EJ7$2}kJ^%9Rm{N${`x;OE(!m_q+3Rs7Kn|0q=~f0U}bA_qACma6#pb=)lY
z4KMA5;^lXBm3|n4W#gP870<^)HmYCDSXIgi!z&wnc{T7y^A>6k?{U_qourQEZx5)=
zHbAohk>qCu`<VILDgJoUEm_ZUj#hR1`GMgm!dT1HIjy%zT4}7mX)@oR8x5)ambVst
z^rZT0+u1-bC}vLd6m|V7&@;P10uFelA>jcoR$-FvCN|$&kSZBj`}3@P6vHDvM$N{K
zYu1Du-EtnQBwRgKY~1)`Ia{)z>$EHN*sQR9KVyY0{X<!A{0lUivSMXWX@czAmnF8E
zaNBmjTP3VDzCJ-eRL--U*qfh^ev&lCN}-rNg18}NtmbW<%anNVemhRSKm`1pc^%I1
zw89(T2}9!uW0r0dk9Oayv2+6s*A#pL1axO&ud!|NcuKDK6;@&jvA#rjU?I|sPtwGI
z_<DW#TtGI2W8QdfK#}?Fwl=1+sT>vW-Q;w1kUMTg62ARUmT?!B($ps;1jLp%8zfsw
z^F{W!Wgt4jav?dPHUwMgzMX9pQbj`Vcdn`hFGI`LuZ}u&ZV#-Y!mO@8ninmNi%0fM
z(ktaxmuaDw7Nf(%^qCs0sumK7Iz7hH&-?Qf@mgz|uLgwn9T>V5GbB0nMm}xH2~dY+
zYA!uV6E9`{FpH~w-@5WKjPM&o;ZbHBxIT*}=uIgy`jAKF8QprJ+;hR(iDic}49|M!
zav|kP{!$Z+9SyTTD%#<`@#`%}(azk1wftO7mOE2*MSN9;cP95tuWyKY%~K$0SHMTP
z>C2qY+8LR^$FYT{RloYq`yCip2$4$3#t*q!Q}Hp&Eo-jM^xNs4ZDmwxKB_Y)C<S6G
zMZM&*L9uYxoulS=vxm|?u!8$J6yLzElLoSb>8}bd?vJcbnPp=6p8)#VNl*f-s-=U;
z#x=1(?U%CsuGf9|t+`%}+}(E1uF4ddsVun6J-X|cqm=t*&`U-^A<sKM^gOb-z<6jE
zC3mzR66q~1WbzyhRm~fSKMD%U*2S#VPaB8&!A~?@M11<pJ_s?rhKOO`?q)sh;69`>
z)7FdXp4g;{aiu6q-|7b$KMl8#->0e3XS~t+5SY_3q3aAP&EPu&s)QYEEjvS>MAJ<A
zfE%|~vso_;Js(e%zT)+c_!2efGw8gy_$x<*T_;h1LRe|2DDs+XB1sXhGLjmnf~|Lw
z`o;e&1y83`cjn>eiye3EY`Gig$C}5md(!s3OF)W!q*K&_g3oDHIz@`FRoh7i$g*5V
zK?M8jx60~A&Re43@qPa7?e?@{2}nuJ7qSQ;b74H==`SuP1dd#gh+Wsd<DXEe#+}ha
z8RS-@fvec?odmt3yh*4wv`DR5qE80%5T;_!sahuH=cDFTx|t1z91(#g!8G=DOV=7*
z)JUWq6Jk?Uc6|Ct@f=U9OayTNaZC#e15@SZBOC(mm11Ea!J%QMD%aW1s1C?Xe?G*<
zsD3KTXfiZ<36?6`cjeV9L+w}VUy=&$7weH`heOG0ADX5EE5&u|8}$WMFLb27R2vf=
z-DuG$<E&KJhF<0@V7rFW(X5r}o2XLXU9$zu1j0xD#yB#_sz3^;dg7@1LfbDjo@G@H
z`$Lx0M3u)V6tY$e7NH;EtCPo7L6L7!6GJa-D#)=Xb4eyNB9l(AO(Cc{<xDc=&tYkE
zun5(rYx}ut<kT}vPOh$VtGMan@~DLbfBU@qBDRoYCE+SNgL`3&y(F$Bp#m>=Y4E-d
z)8l@+2d{P2!2TsoKx*)0Mo*D{n6G4S|EachQo@TuJo6#G)5FQ(TW!G8dhHNUFn>e0
z#BB_5#~y2UXd-j6i3Ft`Xtn9}@hRd9n>o@UMlD|j%u<8PD&bV=zQw<U&DQ&=K(hG3
z721afyRi0w2vM%RB)h3hc@U2`h(@GiWj=Xazxfd5QWLjsvK!cy_0sq(Nxy11SJhuN
zA6jY1bs?Vb6yH_6_eejK8@`4`4?WZ>_VO7=zs<s%c<3)pJfKUj-N~AT#w?8O3F?6Y
zwX>ya8!lodHmaUyLc|5z<+;|iuraXFbHu)jg_e9SWdZ?GotR2KGIO0~;DD*F#ZatV
zw7KCZDxFbsoCeRH`aH-?SC{H<m9F)!Q+=aa(2P=eP_=QL8zZc-_uNxIpY?^XGZu2f
zC-5_e8ck+ea64VM4+A&B9=&DQw?{foh)?m|)tut~6A#lnRg(p&{Wb&F)~)@VXBzuH
zyvFM?{%-Cy>7|h6#ZN4=XR@a|PWRkoyu3XLf;0(UV$DeDI}|B&Bdp{ha6@C?(QO@C
z&}xG}gVB{on>!N|Vaiu=5n=;cBhl(%JP1{smiPNUbJQ?rpCKUo<Qm&7J8l~I=~nn|
zrL}@A0bBiJ#fn{NwY5rUb~f-_)2bjC44VHc3!~JmK_W-{1y5z37Ee;svzt3{VkNa#
z%9OxMkNDGJ?7No1sUih_i)YH9R95pT!OB^=^Wr$4VuyvrSa%-x0redBY~u^rgn|dJ
zt5%;>?um(WJs8Zn$UVp9#@`iQ2vd@sWa_CD;~7zF!Kk{3i;ht!?<RTuogqOkX3ANh
zNUtAN_i8k^+bY^^1T<1sjjic#uoULjYL=F{JYcj60B&8qZ)LqOkT?D{Nt;$fWJA+x
zydo&~KQAr)R6~r3W^rwec|a=7AWC~rxwZ?0`+K~|cql)GtE7FBNQlLSJ+Aq2NPq-Y
zKL@7WV9E#8mHrDD8f6KFO2wD(SAf)qHeI@QC0bMQpk2VQDW<bCMUo`zp8X!idW(Q4
zNzB=oBtx|CUy4vH<RTMx4)!JC32i(vv5D~0fYDX*z;aGvukx-G7@cA&*Jd)_3fDrg
zK^_Ugpy2(9ec=U`Ddu%!29%Rokf3X^iw99e=-ZNTp|dFC@zw2E-<1Y!s)Kv7i29)C
zY}lUIvsq@}KY>pVcaz5W8pL$xuq1&b`DJ1gHt8&Tm}iU}$f@j?n19`0Dj(KMuhLdy
zj~ZU~vE&>nf3Bg1lhl;Vt?KIAv^B-+s@r%46wF;Bz#*#B*+{w-E%Az#{1iNX{Aac=
zJ!l-vnP3}bx<a0ccZtb<8&Mr|$05!#H$ax!9p#S?qYC7t1nIZ^u(c{yt%j)9^^CNe
zXL^h@*7O_1r+k5Eh+8@vTH0*pKyc*>3*t2!($~(WXs#3r*D$v^A{fMEmVPP5BvLz|
zl`#ZsUd$CeA+Y=Sn0qUXj+{%6?qZAmuztMPNi8EyI>Hyo2}D=NJsDEHGWK~{*-*Ba
z`^wJ56_6F>Y>+;jc1F*83shv|eb_IgI_g=p`DHhU*OU(`D+Nm?@XZ#!*Q^%>TiKyj
z2lo<Ql#Y(!ibbH=_{K%psD8*!=?}tYMh^y$xIaDGvdB@|zB1m~(2}H)t|x=37H?IV
zh8bC80>+e3UM$mU?ZtKVHxN==X`)2ge2QDGEi4+%?oPD`$rkI_o^8ft$)7d|N5mLf
ztm@b7HJq;paC;A6_iFk6Xovca53OFX3whu!etyJE75FpiE&}gOQgSGt8=NA_L(h~L
zwe&uiEx+%!+AQt1C~WAZ?5AI(whk@!lF{dD!?<ox<7(T}-0M={pRdEwF10<-_O}}k
z6r!Lho?jeU6XcnP6<nO2`vcXeni`#fB;)m7+W!cMf9Z=t`?!9@-JNFj1VEAgfBHYh
zf&WWNNH?Lo6&L^YNoc4BV3zs+U;lqPGMz4L`@@jmUSjXOZT?Y->414rSxL$+xGhcm
zw{lF=flF8%S~tj*<H()wXWs<a2NHi~gOY*_hrx!Eq@SD!WmTU9$*ioD{qrL(3=B+H
zmU}j>QaJ!ovFRuD^6mr17nU^u;hSR)pttlB#sW?hu^h=~3t32J=Xw4};l$Fh_%V<B
z!oP-RheuwEzH>;Beso6A{_hSTbZWLG6i<1C0KU~hUGd@i*ciaKZ`lDjMlL^{?SH<Q
zbAJa|0m1`|n^zKK8=Ae>n<k2L7yINk-h?&qf0!4sbbmiJ+lo3*KLFrpnGJ!znz`qk
zGOb1Y<bl2x5n4tn`Ou5ao&6r-XNnr=(woJp4FDkPQ`5XV7yI)RiyEmwQ=|XY*8+d*
z|DdnM)bu~Ygy6$?Z%Sf#avr$fh4U_6VwNXI{E4YyCrIvpHi!r^{J+v5;?W-y-|b0}
z%aYXi>P<r~(4j@<^QtR%+&X|7Bgofd%J=BTqqWh*?Xd+=I<62{4&}`)O>L32buIfz
z!;IyeE9aXi&MIskM70VF%#l}HHvgB8iGb;S-C+{VzI|jSWOP{~WWj&^PEUFh#24&l
z{_8sA8^3}S-ov-EKpzNow}_Qj1OhZhXtW`w=1%Fh`}4rmVv0VE<8gWPw;>P{ro@lQ
zDj<(f7PAf%E7L#iIA6<IilR0elG4cQ-^<8zz#<t6w`ZouDb{cuB#)uvqaaqi@(?mc
zjon&;c2aZ%@T%zR3o{MOeDpRZ*K(fa17x<hc@%pnpqa@;ySntO&$RX25;!e1og|%^
zn6Ec*UJ)>FU@BVkJ>Uc4IxkR1(&l)G=%W!_XWORJg+OO+c#u~UFanVQy#$2nlJg#_
zk@nSfd?y0?8Z$G%l1-KeOh?v#q0?9r<=nNf8OMNyj9_73r^%aC+zq=3Pg3L4t#8nm
z%B7GS(v-rtb2J0&Np&6{DF{{7zjnk5wo9!NCjgwQ1%LSx{UWz+*SJJeqBQJk`yzwm
zp~K1x-fq}_#UAwZlR3kyZ+8_0+t2JtlBcM6O4@}MDj=qWtg~+sDIP_~2BWyv-f_bt
z;>cH%Po)K0%)r!*dj`Q<CS6|&u01}-#9VL(-7*dSB%rVv0f>CKoRIF0E-IXn^k%Hs
zqIh!sXKXE{%t1GSVDAT=F=2f}v}wRE(=E1|=rzzD^%PGnzK$r3C(R|9BBaJ>Xg`;i
z!wG0vao67-m*+R!7Z{u#TeLqgwxP*CFt!cbdv9JAuc|>o$QY;i(};bAgE<leI!&P)
zyJ$G;%jLU9HGn&-(pq5LxZgS7|B)rB4#><l;}XV-N6OpqSz<2y@cp!n?5B&ZD%E_R
zzF7?no5wo5)ILPSpdsTKyKq)mZmWUJXoTlL`LW;~)sm@X-*Si5aN{lc_xkCu1Yw1i
zvXd~@V}Mb&@!~Se7{Y<g9A{4WB<jQyuz);DRJd@VUw^u9?hr4Iq1a8R25`PCyFp5d
z!9Z&q6=u@*<paRJ_Te&L=*v5q{<Id`h*yenWN{>>EUt=b>JRc-^S=FU=Ir!SdGiDl
z-3cpYn&i$dAX$GVQaD?DV_5XSLCgxU=eY|8@Cq5*R*k<Ks<Z8S)udvX_WK{|*;VCz
zql+tf&||;E;npa?xMyj|aL9*GgX2cFCf|DKCukID_^YunG}DB>(*%_g1V)mDjHkjR
z61?@~m3f}~c?b_QlJy3I-~e%(J+o^g^_74>B`O_g(7<tl!$pJEo6;Xih0kW=7DqNq
zIp(Ut=9t7VuX+M_gRt%hNRaqR1fJ}?urLJ~qEHVa>=fjut81c+x7zgcVxBQE4<X>Q
z#MitKn+3fJL8K=DoqX?~7J&_33S&#uO^UOR(^KF=15Z&ObFZ+RT)m5-G#SyL=^Zl}
z+n$UND$9d=4S~AKF@E}`bBaUC{zA+Fp4|nKawir|+9WdxQ*0io7@-iqpC^D5V=?sd
z3ru11q_FH&80uj$8f6=#w2_ZLh)8y)Zc%s_q4W{3!n`WGsD3w!Z*#x(_bmfWNKLsw
zgXgJ#w+@_}0%BB6Q?goe8UV@^nzIeN`^wG(@KD@&CUuOhr2u+XZ=66j7Hk^0e0dO<
z+mBqPE4)s7pI1PUcT;58uzsiZscyYz(Ph1xh~JTJ|5G83pv|`*7Vz)=8H|${gS?BF
zOX_P32h#%OiZk2i2<+T$q~j5gG%`(aF%gyr+*x)zQG4Q^`4-dzZMP6J+Hwbkw5fZe
z|0g{2e_&~GN{Z};!%9gao#D}B(PcuWy$=l2h=0$t$`!rW6%=gA&t$~=AAB^!mkxd9
zQF+}QM}&z>K+`Wq3T%ox{-znWG`zj~ZkQ$k6Mos3PYl~Z?wsO+2etnjlV-Gw1Fg0g
zFw{aC3{d4P;Kdu|%J_^EOm&g;kwzF{Q=FUrg-YWl`mtFu;<EsBBe;sTeLLQZn9-ax
zWBl&mkZ@|erQ$%fDeQOl@RcNASmfW?Z!R(npjScKwTOy;%DND|bRah0php~mt&PKn
zTfwSK!`wTPiM$JuD|VA|1hY$!48#gWKRf~Ub)4C(om6g*tW9td8EX&h%(0tV2wP?l
zy_UCfh!5IPZ3U>E-a`qJ%y;PLjb<n#+57Uu<jkZ<Tcglnjw2DVy&;bkgYHJjaOvJH
z;g1mdWjHF>vQc;<J84<{plpAztRjpx$CZ^9x8gY8q6~b-b5t|(vc?2bUtjIfB`0B3
zw%oHty9*n`e<#QRM0AlTWEbvUq!8|Xk+n{a(#jSkptN<U`=h-L0FC+Uz!WOK1wP1x
zD#a-<>8p6`|3VaS)Eh5E<BXln64K`#j1~#WAM}zhQF1*c3_TNt#pJ2m0UL5frr}%U
z^uzB+0!|ttKbb)dk)ks#Ev_9*!B2AEidlOjz!W9Tz}gQp?#+ZOf&_W@>~sNqC5cXR
zsTEM5<5jkrF6d~~jB*{S=}K!*>HS7d6gmCi{st*_HvnEFZ9OSorz;^SVta43T*iLY
z83QITbvD)<;_zI&Wu46^cJUIS99HYm#h=oH<kCwCd!!IH^lh$BM5q9=_U|8)u1w6d
zc{FbtWoPdpQf4_&6TtgANaV+x-<Kcms<<x;5)^=XxYsn8`_cL}-~2_`Zh!f8pq>0U
zIZN`IA%c0_+asc!7*%?m;yZ$~;5nyR5nK4>V^Z?XpSlAeG{{l{pjQvfqi-4H2U~^r
zMg5C*CRr&M<=*=pL`6qZhw!ZNXb2Y=dKlpQU)>8yFxHqogH0In;1L)r4CuC_D0;$z
zz+CABs+<DU`1q_;^BP*oBPf?bG*4nAoiSbTd(gZaP+YC!>T{1bGv7ys>@+?Fv?Jxk
z_^i9{Q(`}p%6}5bDakZ$4E?&|1PvL1t}<U!Q6_|B-SUQK`-UsWh~e1z-tHnXUmYhJ
zUPOL_!xd_CYKG)(rSIxyss8Z(l7jmS01@0XTRdb9hG_Sb?obH83Y6u;JW11+QVoVn
zA4Mr-SU?&%5qR%8FB;oxIDT&ldNMEPDlUWxq57NwKk948=vzV@EA1_u{m+9~D4FEp
zpHNdj4TJArU^8|qFmicVmFL@mSq8#ETElpamrz4w@9XN@T0^^|Zv_C@j8S)J{5LAI
zV+6YH3oYBJ-}_T$0*p7{M4}@Q-nvX_!s4jDlPH?st6Zp$w1;EyQTv(cA#tB~*Im7h
zKI}cy&24$1^_N=-@Wk<8hStFvgklcnDNz4HayM%KEM*=;GH882q)BkJSxNqIK%4mf
z(Z3L4&taY600t$@<*KbO2HkVcZJgs<>yCHhO08qY%-_$(zg$bjq*;c6B<gg!hyU!T
zzvIRg#!yPY<#~KygFXC*x%(dxijpdB_1W*!jt*ASM}Je?{<*#YnC078)2~+ffBp&p
zIrlLF)XYVN%kL}-kDUG;o}vS>>aA@I#n*kiHN$xu37-7-Pvew?F>Vxvl;6EyOW=w`
P172Ec`uA&8Y+wBsfc~lM

literal 0
HcmV?d00001

diff --git a/scripts/automation/Radius/images/pass_prompt.png b/scripts/automation/Radius/images/pass_prompt.png
new file mode 100644
index 0000000000000000000000000000000000000000..fe67a26d026fb20015beb562f2e2cfae19bcf205
GIT binary patch
literal 28454
zcmZU)1ymhDvn~pO;JSg}?(Xi+#@*fBU4u(-cXxMp-;e}%cZc8(kN@2B&OPhBS*usq
zbk$eY)jiWzGm(n&l8A6PaA06yh(IYZWiT*s>8}I}1NBvMb6`IP1_oDXB`T^26cr^>
zbapVevNZz(lZs49g;q>j`SJ7Wvy4+)gi2Y&VO9r>x&Rs_9*IK)K$MK~O}IanuC`wr
z1r;2(a~53}o`^#X9sbwPsEzMh=<{w3hC?_0hA>^PhdrEEruKh1j|3l+c_07cfl-;p
zN+o}r1dpfrjUN8g&RSS#g4M3{6a4gN$XhelIsz&!7Z(^2OVuaC6*L%Ii9@FR$jjr^
zr`o>P8v+BEBGaH#H-bIQAZ7f0GA+R3+s{goa~@h2ah3I0Cb?+zh<`QI^65J>)UjDR
zjB^4;!~|gZ3AO)BktDOhz_bt>SR316rSNXPh0ura1)}U!c<U*v%z45PN-U#XqZ0FB
z<Y7Oialr=s!lsM??T|@%m8Mw@_`tD<QD<j=-g14k6_-kxyBw4L%BFfi6mCXvHup%H
zdn=)fhDXRW19w;r$V4OW-D&#$=U+sI8Nt|`K_@3UlVR%K_f1=?Y+3hZx?9$65eu#C
zA0&S;7#|G(ut@TyX(Zw?v{2rx%szEQ8YMJklSja0A4KmfesU8cSLo5fCM-^2zO+vr
z+^0U|W?rZHf44o^{5{NMV0D$<@$xLPsQWvb%F2$fw`?g}p?%&U`GnyQxioC*%dLuU
z@k4aA;>o7$zR2GT#ME3Pz!;-vsxVbOlzKlJQy_gk7*SGQ4);QcWG0m)os`sX)B5<O
z5sUgz-KJ**T6kJqu+q)b-)f#RdH%sD@2lB%r}C@`Qt^w~F*0D=Y&X68DTlV5-}Z4T
zAf`WJX;CfyEKjQhU<pAs{)AHf2{jEK){kB>g~SEUx&8f32n7aW#t?fuNGu+1*zmjN
z_r>6Eijb{A`1#+?ze5YrbA5{q{NV_t3zjzEHVtnd3~h)K{S(s=uNyiE1#*W7PApWF
zNKOiwC9s-^V*i_$Ft{QNI^u{3Y&=S$P*pynBC6^)HKEr6o@2~obXV|BxO?Hpd}2!k
zZwS9IB_{0Bfzx^cTO?MaALq#712Q|1T=;)OZ+HGUa_b@zhGp%*|8sld;DhP=NvQ}X
zE;6H}O{Id4b`S_BGLpZmWIT_fN?eJc7Go{eQqZZ$sT5qER<2-4ml<WAFE=A^Y2eD0
z`Ac51P8hR@cDm)*+?Dc$!W)J^_9LvoaGr?*OA-MWEfm;a-H&cK!4%F!$(+X2#!Q<2
zs7aR^%ih0g;@2><Om;49%k0kC3cD72F@$77>ByB0_ZRXg8h+5pF{Az4I>Wlrx|gn?
zJ>(;*!l2D=&A-hjtZtONaK@pfy{Vno>#2W9klaB80|_W%+o;YkIxx_%b|JVSsDorm
zxt2n%6k(`I5oeJH!xFpXyP~@~fXHGwXCitMSgA9qgW{rM+G65a%EoUi>F2`wBB}A5
zNjBpb`#$?^=y2kByAqKFrpg>Dr&O5Kanyun<t*kbw%ED9wKJqM%rpEmG#Vkb__b2c
zSypscSXTBLIZX{FQ1|Z+`1ZM+ZT4vn<Utz=S@C5PIup>KvI)$|rAdPnLbZPCV_Hw@
zf9N+DNL0G2Sfz#KJgUevX`O-I@!pX<B15wXmbTh}nh5uhMNwQ0RmEndXvN>^)vA0|
zTvC!V_b0aAaDMRbSbjf0w19e%CBqu4#q;I!b$7yExs6#Y1|5nWz~|N*3yiR+H0j0(
zj+7rMl9iTfCJW+~w5pHg`pSOXaU4@t1RnZ3-6pq}RRh+e*2LDd3rOW|RdVGv<*((x
z<~=G5R0Ar6mmKG$W~mmq%9u-m3$8QhmZ{dcOTK><P3y6!qn#xvO>|}CCN*RVTMVis
zZIsu9cy)Odx`3|<NJ`-qXmu);a|NumRTW)|9x3+0mwx;~1S*V54rTgjo6vp`?^5qE
zFZ3@(P!mwL!Medv!Qo-(q8dZ4L)Jq&5}Kr?N{uu2MfxVo%Zpqy?Xyo|u(rk)Bup!I
zvz&yiTSmQ({`YUZrKT#WR;gCOC-K-Dbp3Qw)g$LA9kpK3&m6Z5w+=sAe^CE`rYF#(
z(R|T5)N0l0ZD48L)mGEqXe`zA(Wz^(Z}GP?F&=7LF>zT+weFgBFR}~2(BSpqZO|*)
zNbjljtM*HI$ES$F{!M4D@6^xL&Rgxqwf7G+^Ot$<I(;uszEmD0e=lDIkMQFkCY~<S
zdG*C_r_C$A<3Yzrx0NH7<H~~xry6&^-O{~L7vBAcXtQByV|?=-=Qc;ot~}Sz?VaO>
z)uIiwgOfe2<CVRVZH!B`o%>~-HQs@)0iX4;MT-)JF2>QNEsv}#{8pZ<$y$@R*Ok|r
zhqF7%*YFpOCqY;yBoydo`Vh<)`t{y_M)~^rO!ee2kPX4D(EM;5F!IO(JuqEVo=OLW
zWyGn(RU(}t6$O)`XQEr-9pQGcJ}CBB46s)b@iCeJCCqE$S=L4}XQl~0Yq$A(%LPke
zR~rNd3X(&`-^0drBfLN2=o<8t>rD+S24>GoG}0;<WVGDfJI<Z|-t0A`FOM(3EHh>k
z$+KIK#NumUaQ?mDzTEHK?zoorGV!(WhyB#*cJT$iSq8ZbK7=%gEe$sgr+q^f4&8Q3
zbeP>NMg|Fk*g;z=Br2K8*A)#FWg&2brbZT-658(CdE;WLL^!e@vRerP3=f!u6F*r}
z&6~|<;|t1ljH#Z5S&|PD)iUm##D}ByR&G`X&oA-zvgNp^oO@gX^dt2_dMgdmHVZFm
zqE%W|k9C2I!!;+GRZScL7vns6ZY^h#XGu$+nHC8eiI4W8`(drV_it{`LxN9l(~3kY
zL=5dsGgf<>gfoJ0{^u*EJyuJl4x!zHHsU|T&BP6&I!2cK8{aD4%C55ZI3H~r)*3Bn
z-K!kW`Z<>DTF7t6JIIIDFzp=}%#wek_O3PfjxDfcHTLjE@{;pHPeM%Sc${3WcAm+I
z8;@K_KTed=v{cHe5xU>HKVCVl&9!UzIm~QMy+XcTUOujD>DCzNxr6x-o%PQJqe6H2
zn}6tfNZl*W6x6W~W)7^zum0tE?d<e!d7(#i3@$c0|Ccz_Bgq%n%#q1)=}^dtf&X2S
zTr%$y@H*Mg{Aq$emNAB_aGX=l1LW6QMqoc;i)$lmMQD|1d&s%rU6?tXcfV;~Imu+z
zwxF4!$=z^{^<?;5f4uEDqFfcfU}PlI#k$noyxumRAJNJA#pA>9Y|!bv@_IAEpuY4>
z`&Z+yu3NYFDbB6-q+8e7pN-ZH%7B*ld(${Qg<Hf|+?pPw9y>qym%sO24+iZgUbi>&
z4>f0P5Dt%sA;{}JP5Xbh^)@$Ve5fDwx28G;pA9!ee-8~xI>${ARPon-{5ftb748~n
z63rFeP!P%E!#YIjd*a`FWF&o7pjMd7wGybpZNcGZJ>*|}^}W7Lz%0Z}Vub&Q|13I9
z*{MPc=zL${Ctw%2(SCb*&Dw3Faj@B3={`$`$@P2_xPRXdAB>|Rv=L+$bn}aSd$V;O
z!CX(fsgp2R>wOOJdE&o+^+1*Uok8$jaXe^m58P7)0*o97%$gBwc!ag-u33on_LD8}
zbC~t^p?MixaSlo7i3jZ42H0}ACBJC`YA#Or;5wMC9lc(Y%hg@906BOmSbQh_w`whj
zl4iGULKfD(&yvdkYoeGJ&UZ$?bMT*yva+&Yi&k|rO`y4)92m_P4Fd)qZUqMUMS*`M
zoUa5129X#B2K|)-zLHq}xBr(5E}akYKQ!!r1cg;Zfxxd^#l+dn%-+S)!8JP;gYZk$
zqLr$qtEQYRkBNgFgORC&u^EG>o#THXV0@lDU!<Lxs}Yf>ovpnKk0(FLe@XCs(f=uC
zBq91Q5my_25=}WpB2fotGa?QKCI%)F0XQNeB0gtRa~@?eiT{Rw-SLxHy1F{@Ffw|0
zcrbXdGB`L}Ffwy<b2BorFtV`Fe@W20c-gxedD7dvkp3Sf|F0e~GZzzQD@Ru=2YaIb
z=ruBSaC7A+A^DG?|GEB8J<U9={;wr_m;ZL_%R$Efa2S~xm>B;@_ZO7!Kczg1R-R_I
zT4GjqU(NGnLx6>Yo$tTo|9_nSYw>>}HUBS?m6hp#BmWoY|BF;}F>@Amu=_IUD)4`M
z=D)%JoB7{BKF0re{=Zt{|1|S|m43Ce0309V|MZyvT%3Tz3mBLX7*I@D)f4=}586<7
zB;&J9T(8v>gs%bGP{ox+MyV$j0>IFFbU<Dvetu7ckOj;#9JI4tDwjv*z*`l^lR_pc
zBJTVIgR*5>;9y9ky=)}Y@oQQAe9UUwx;&rrarotakm5e7|EHUJ>-XDc_ttBvfPs#V
zP6*;azq`xX4nUGz`i3&6y|Y|)?u6z1vVdex|5CNiMX68qmg9OC=E=ABX#~~%ppZ^d
z+1$f}v!%Itx?HIUy;0tb+w&h$3>LFUX!y|1GJbr!f1hCL5C1Cln!@MXBeXY&K%w(+
zn``)qq3>&;jisfu?KnI#{c1>pSl8WC<1lHSp5G_!fmO`!sN;9NlcLiGyVKVoar|ym
z?@+ITL$^4Vl#`S^g0Swdp}%c-ZjUQ;vWYT;`oyrS1o1SG1f3(q&CN~8#f8<))m72Q
zhxh*B;grS19*B86-XKboxn~PS=U?xH?HCyIlQ>eS7DTO+@0l`3D?3Gq2PsflUOwG}
zw!U4Nm<R}xEwiXEFOQIxk*VnJ&X$P9t7u2MCaY~H=dVqXpavgDBnvrve|?<G<@d4t
z{S^6DRbZ8pqN=K!s7U03DoGT;qjSxIy@Vpvk8_Xn?K{4J`1$2!Ve3$MMb8C_-Abn#
zDx)XzFjec{NXJ)g9i5fdWz}=LwN@pAVacRY`Le{>#+_irSZiY`7Ri1jkA^U^xF`I}
z^YeTSeeYapnJBB9eGobVl*wM=i)Tq3v;<lNAaj4G6)BV1;sdo#OaP-l5@F_V&f9Ip
zdMTYG3OKPyn*_;@WPJpM4SXP{fq}SxuY$>Fw33(=rEH&NLOm}pubPL?O*2oh0US(w
z%O`qbCRJ$2Pc&klXAA&^m-<ph(^1tk*6+#VY^uu;W@*{=Xl%|I*ET!O8I(dq6qgKv
zZ$uJSQek9sV~k_e6O*)-gTo+cB|LubW^EEOnc(T~3hDQwwzJEyE!+%=s17JpijWAx
zhxajcwG}0)hY+eDv?U^-YoBmp`u_DK9jB_SY?X$p>Y<w%RF`8RB!YV{MIUj{PvSme
z=b}VRm;DGD_BW~xJ4aG~CRmeX%_7y|v$*I66ecn&?I7B3L{h}ShWl}OfA4muBm8gV
z-K{L>aQ8Y2u#K|E-bZ?%IH5oUZUXS>aM9GSTJwdGh2P<0#3<K^i7erw!p-FSP1d2D
zIh<ybL;ib02$ZyZeXw&qf74RsFBE%c=yhanX>B!y4LOhE{%H5Qd%F$rz=*0xi=Dbu
zmLQh))0|z!ztl!J`Z>wikuIT@diQF#(Kx~#7<?6Ea;QvmjjC|t{V(tppKPQ@u{O=X
zoB1*!NG2I9(tFHKknAlnW0GZ@HbWLIHyj25d{+ju<)XV_pHT3@X|>gb@%^$_a28&c
zqwn*=VHSgx>iVkFhuiPeKww8Il?WKJ;kDG5okmVt=({}?r|6=?`TnNSR}k<#UzUQq
zG*_xHWgRH&EBKt}V|?RrzMPQyW~yD7LpBGnCqZ_AbiGjYC|VTF=9}WW^}9Q$^UtZQ
ztUM|FB`7wA=cBu6oowN(b@e>b^FFRD1u%+8vOy!2R^oKYG2*$w#l<;JR#Au}@3=0V
z8e2c%3Sqi%=V6i64gN_oPAs4J(A9oE<}tJ8&{F|3N07?6<lgw390-Rz!Bng}7Qup>
zf4pI88Ekx4+o|%1eRB7dc$w{ji8h#xurHOS8`pH!^Jx5$XW%VLN8S0nz^6+j*s~V!
z?TGlJ0rFhvMbK))@3m#vEh*;dcvRG#X2UDN!Zx_ykm%p*)`pD1^9|-P<zzr<^Tfb7
z>l~kJqnL+JJsXhPK|Rv>&)S*EhN<b#YY~)H)lEQTEw?{m$D1@rXN73I>hnM)<g$C?
z?cW3MiOp8GIBK4}cl`5(PA_&+r0>Y_hhX1PS%cH`UR;JKeYT*#L-#v_-$&`08X%fo
zf9P3enX~Uh4K=0lf&%xO|NSqY<a61Uon&|;5*)}`v29v|&Wv7<Gi1;18#Jp@y6$5w
za%sIupBD!OYBo$dzDWOpkb`0+zd+FG@20=Ri~#V4AVVXuGvDh_O!Po$4ejp|pN6t3
zzdMfT59xtj#%O$n>_N-LzV-KS4$q4o<X+OPvIN|qFff!JW>JJdqs1O~Q9{-YtUNq8
zi7R{F7_GxjBrQ_u`2DK@9|ze<2;hKWkYogsp4l*3F!T6Po{t0rznx`TM4d-Q58$Vm
zTkuW9A{EDAnL^!Mk=ed`QceO>(l`;56b#?ZvI?8o>Adg+{jIHQq8O&`RTwGVn#3rj
zTZc7%Nj2sy1dCJAFGL6yv>3U4A)6sO?q*?T<d1vi1^T6~1pt)JWB6}+9UP47T>nw*
z$}@VWi(<>Z(GZjg($&0TG#$e5`L0b%G1``!LRtq-km=f9mQAowFVVlj+bPskxPzvK
zq~c`uG*fCcuFjnL(3wbJi6O|=HDP8XZ1E`pSx>4^>2%{-LI2h%$h;g^*I{k7eD>tS
zF}U1x@DTEnq3^HBFQ#$$z0BE-5!2}SqGg)Ghoi`{k2nU+w+~Gm;+^pHY9)q*5|18?
z4woFV^Q3O{2~a!8J<8_o1`^!0?xK&6desnPZ}G}6%m1_MO;->Wp<j|yHz4P1I41t!
z{?py=FY&G4iHyPSP5y}H_t#U-zMNaxrj$TjYIB+11Xfwp`phnugX!|_!5kIrEj(f{
z`@s|bV6%_bU878H7xVLdqHKa<dBDrLg&;0(x%0(pOR!ol_z|n;G-7+XM1O*a5M{S2
zZglRURLa^uuBagskR`PunA9eT8>!LdFvU7+N((%C`%MDO)Pj=l)y;pYKbc_)1<P5?
zN{VGldpdz3mbjnP4;qdnKs*@>I^IBdepS`kl9ULiD85*ivP!M;IuXRYGxP&|M|k<g
zn#hgdK(V4_h9Z0-hezZ9eV0#UCCfIP@tbJrnVppL6NiWj>sR-X#(UtD5D)u0umr0L
zP+m;4#R`AhG7YZfj9&ICQOZ2(XH%?l!@)!N_8cm-X_fr^J&yWMKIwKbP@1@VkSw+V
z@f)`g5mlubl4%+FtYwnb0Q(&&?kw)hqa)U0epS^kBtn7e-lG^j?whkRrQRoVA+;^5
zC6oX(KJz!E-=$?U8;Ro}g+b+(B2j4A88^WV`h=I}aF&-0eOTqz;_Ik1l+^gla>nfA
zf-!NaWzuy54Mqb^_-M^MOm*x~_O|`%S1VBUQ|sG~6=TxPoYU+&Op^1-b3fter9~S3
z0V=jS%~@UXMUvEv(7W=k6i*jkBrV78%HFYAqNnjMU3?Qgs9jjRS#`r-dHjqWt&?%j
zYnOTYef2OYA`La+LppWvwc@pKO%`wpe?l%ITbQ_p-ayurb4R;`u#}@$XENPCv>rTn
zx0Y}L7J_T^2$Sy4X7<mX)N1PL4_kxj)?p%vCxBvHZXS>m?Jxf;H?LXC5#*&#oqb})
zgh20QCkdS5`!5$qgYI<>jy!(Jr+Vuq2O7x2#;g%A95k<i$5NS|>^V;c;~BQS@661V
z(ikWtRq|?W>N{uGKSt$M)yw`1)Hgh0qU=+hK)@5(Mx#h6+$D;sCOX|YBRGs^@+@K;
z4#D_CuPJLLK8(zu1iSWBz+Zr5>|GQyV@;_3v)Re&QTah?cs9m2fhqLm+x#YQe#Hb>
zNd>2*6&V*5>|bjWGI;Zon9G)0(b4@;tekWBB&8Y*<9T-<Ya0rH^lE9~5^=UHxo{wM
zU<Q7Q=u)y0@+{|AJ}1e)p<aq{FrumrFbsH)9Mn)EPI}aG;eL6l>=~*Q)<|>Xr~z<9
z1iV-!kL!#}OeDYpACd|-G!wEaYdGPG6S5e+#^2}b+&E_=5Q^Qr4N(QLwM1gE)*ps-
zXo*i&GWeQL4z}^u<ToEQA*eN2Rvx+?FOCo{v`dC3L$Y%&8^&?z)?h`wQj6t@&Bx6T
z5#p6YR%+^|Bm;MiX&8tp=nH3!C!tC^1C6Ps0xumrWU%+K6aM{G{K=E<BJ@|-Ae~0~
zNh2zJo&*?)+0@am2qnUAM4>+HQXK1fXNZbs=B#{X{EeY8!BiH8S16HbWB{g5)>l<k
zRcvDebWka#^)^@6D#DZ)zOD&Yi_4#TDS`LCnv1mK&;N~2naOW8=SRk@qFA=rKuZ$t
ziqz1xcRX2akEZ>HGy~_pt!0Y-L1UU^Un;c1BbrC$FoxlJcBend*q?`qHF`Og0LJPI
ztGURkvOjD&45WITHz9#x5&Bh@c7Z~uYN|mf5ul$#&vFPloYR0D@4xc*LcFJD#t_i3
z$iTHA<;4a3(oLzK6X_AOntQY{0OrmXfe+{ymVRWw1aucAdO>Y$ZuyUjw8}o-!Axf=
z-C@Q)BAdSVF~31S|C{eYA(veK#1ul5HOgecoxh^qWs_6YBj<dbSKd>7-FTk}0;1v3
zc%IlfIaTE3_^|p1$N#j{0wNWq;EX!ga-nuIP{?Knj;%u3$dPlHa$o=lfB>1)dydqw
zB9?7IZ$2yE2d>?^{eOgdRm~m);`S^$X;yJ(i|?&tO$I)o<}ta0)mTv)E3#M(Ef!*}
zwnopxA+c>S7UfY@J1bJ-vdq5($YwR=Fv_TCCQi*V`1>q_gc7T4wkHxg#G3)AX(<9J
z60_ipSe9|e*M(Ivz^H`k29YE&ToVRmMv&zLjQ|W9IKEzXX;qwe#<b8skSu0WaWoL>
z-@^hz=cfE#`a^A7D%qi`Hn~mrjuh(s{k}w1GRSU648-R-uOvzB{-ZD%3|zxL`>7}}
z0<~><x2|jkwzkEL@nWkf<H0^4oJY%#ftGsb`WK8^Y8p`4tj*0;89L4+g1QPv)MQk?
zpkeQ<qS#h7n$09+C7jow8YeCJ`>>@)nM`V8Kq-e~JQOl^g|)lASbiEQTF}f~nM$tz
z$<qKD{RlzoIZsL_c~U}^qaPlY*M4F3EWtEKrKfFUP*yKW=Df^q1pP;S2|Pn_9M`mL
zS2|>Y@M)u>{{ob7F5V_c5DUe{j5-eg#~!-_zlHB9snNPJf>dJ~H2)g!+x&=0Vm7Ny
zpd#;{6ItzYAXuEu&6BBQns``A$?st$HIng=l}WOdO^C(Td3ehdCL^d`sTg3T%$VRb
z&B#xmy`sY1ES<I6_k1*hDB|IwE;m8`-W(!aj&3RF#|zbcuE%9GtMh#&HtXMzmDG&8
zxIf7JJ80%&7=$At8>^Do*Y#IBTv+Wk+#)!-o0Q+JN97A&R?1Y=?zw0#^yT)pd`6|m
z1F~MF%iDZuTH?CmU*1NT=>cZwyYnDrz$zh3WE~Fn7NJl36RF=@tIq7~42>JNa%$kR
z{(c4x@a!46*f(Rp>?p_PQRp<)YGpb$JG#g3Yi`(K;ehSRibPHlu?9qRKtB>fT`$C~
z@kgL*lQqj?$s(xTK*D!Ev8e9f$=>}Fll9T~X{J+bUgG{qOSZBKvhw!k3h*!e<xNEu
zx?4O=F~k>0CRQN>@6^^wWtq@=iOdNFad*i{5e?P#dLfkzwqoxpg5I`l>1ym66tb18
zcXpDql&cKsbuOMZ`vxphn?HQ-I_YUMC}Eegn|JffBhzsA@`6oCO`VBIU{_V){Y4>n
zS`=#{Uwq-?KKs(9UxJzYMwqE47|I}M&8wEfJt)1lBCf*OEiAXDF&!4gJkNh~7gF0C
zpSLWve_t=fSI4D3x*4D%=MYyWh?n8s*CUg<p~#ph&tB%6Gu^P2WqLnzm7}4XQR5y}
zbOcL}8Uo|I4>CV!wTUAUMK!&97RR&9oc?eM$QM_qaNksA@rq3u9k2FkC#|ONR>p=-
z#=ffEBq;&9yPJqqrsZt`XsBat0>{h4SG4o$RZP-9<|D99gi~26_KrY>x~_dCXEATX
zh+TwAaKNuf5h{@ry?w*Ir##v7Dm?P^xyhD7(xyigpzUyl(rPG7ZUXV5J`p%$z#J^y
zj>`bGantkqkmzuveHm1zvS~sgTbQ9@F{^c?D}A=9CugI<FT1dDaJMt3P*`|l9mUpD
zt=~}eY`3_0M`BmQ!@r1;#z`@O(6)?1hsdI}*BUOvLmvED?A_H=VMR_#*%M7wmei0&
zIR}eRxe|PmCanjpO~40;jO$%+YH5oxea^3DI%YZ3GwZ2B1Ryel1|;~F?e}4{Ea7j?
zMJW8INrV#%#Z&(cBSzD)Hr4J1G@#eSr0p2W&Q@yi{hnOF7V+rPKqcM{B(tIM290Tx
zQ@9&;`e=$G7Jx0Xk1};ws{UrZJi*GC$3DOG5G)icIFJ~m4=L{&QHZmk1V&4WBxQ4Z
z1d@P6-~2Ax2>hh1QY9I6Ws4+Yz78nh2=HPz`Aze&*)sn=n6Eb2;oEtheOi9TE?I5R
zd~7ez$Q-wu$d^_&W;9#>`BXlRyP8fZYfExi`*Cx@Zwch;&LGL@8aLo*Ak?zf8qU6n
zU%~B0sSFtdkU1@PZRwx%3?`cHVP!}2;iGwZo*p#q?IqA12|uf*%F>>-4hpsS<yL_y
z1*HpnvruGLZvr$-HJmtcwTu1U)F#f4pytK~yS(4$H~*TZ8Efdw7F8kAvjFhf=oygi
zNP*FE#uvr1yW?WW=S+g1fiN1$F&d9LH)u7DNzZOfU0V(G(Ta@X3&|oUtzUZr&!2|p
zkXFwCBUwPH`Ha`Rd%H#g8Qb{xUkvg@k_qAM1&YWmtsIoHPyKz~Vn1UU*M!gx84Jfa
zyJe>MdXnV150pzPYQ3*HRS9{dDCHT;q^uHfGHcH_fGK~f%6rZe(?_X_E!v0$)l3|U
zVaWzX{)NeoEVpn0izd+o8}2XLo=R-G4zg<Th85D{drl8i11PN4O)FS<fBRbSBG<j4
zLXiyhw@xe-4IFC|u2%P400pG=??j{kX}>kB>6DwLBJ0*f674qpFFQipZM$v5w{B3e
zyXQ&Q)_bZq2`-UtGQDI-hlgdgBJ(h?bSX~_!aH|uXhO-%mgMr6wQ(S?D}MXRFf+-6
z;L96(OK1NE4@O3^?^ZiOjKD-j(tmj4UC-IA&;MO~FYa6<4Vu3hmB64QqrMS}-q5>f
zc2I!0*lOFzJcn&n@-jpGlgs&wBDS^|)Er51xha<5Wuam?`t0f|2~YnCYP!3bM5b=!
z8^$^GyW#`h?;+2XTM{$Dt+swLpJKiGM?p%KilyH4FXNI;L|t}<oZa6!ueC_mwc8s#
zG)nPtUI-1|ZnQ4Z>doF)8gxE_WYlYi#AL(-W-or|OzDKhs`6nve=lVsL7VhsGJ+Ts
z_i<t|x}0h=R?nhT><Hx*2mXT>>jI@OT&h;NRNJ$W7(w+_N2KA1TlDUP*LwK)aC(5)
zm5l<3LDu?tswyMAfl;0@WKafLf2{2GTC$X3VVsy|-zBCEty112W(#zg8Hu^B9cL*H
z!i=(=bQicHD?8WQEgftQSI+re%PSIAb==F%gfvOm+-4zp4%$^LcSD?11qw5HklGX%
zUVN-fj|AZITxl@mbc;<foHTZW;LE0`E^P`gblPT>S|sN#QEe)Wrq*0Zw&<`dQ&aSK
zsh2-ELOrVi5(GrV0$nvE;-AZergcmSRb#*<eiZB#GHhy()=}!FiUH}B8&E38zFMj2
z;}4TKP2Ee=yX$GlKM4?bHq9Ddm&N>sHXQDo5lT+^84>~M`&JHDdmv(d%*YGd$9$j7
zKQaM@+GNI&Kd|Y7C~zp{LyXRE6g9Gq=iAAyE=I+EAD@y`VrNL@+vO~OSXz}!U6}(q
zx41Ls8;<bnLg~e%X6zv>v3P+KF^wYNhOqe78!}i~>n$cdI3~JH)(Fqu)!3KRveA-L
zx+tWh0DZf)og=G`So71(Cm6Zamw<g--k7&vf)XG7y7t(w)bqU=K{;2-@69YcMiSU|
z-1V{6k}-QNDQfexqhOMeiQm#!;gz00G)^4vvEN$dYna>Ft-XlW2TT51UNJDfVJXSz
zassX=NRuwx()g%lT5Y|gph+0lShpak;b#l=f|FhGO85~}Ic8}GU5KPhzB?z$mz;=%
zWnvte$Cij_QbvYhx!jh#%fefR@ONuu-E&4cK8~docWrEJRE?4-nPUl7Rg+44TS3w?
z@S)7bkukfk{Gq&dloeBipDqBVs;f?8Et1em?@gIfI$&6z(Md;=r7(S<&CzJRp6_KP
zPayOZ{~2~Cljh})GGzOaZc0Xd?e3t1dnP|6_@SDqBA7~{U@(rx-O{aBmAK%l{>r;r
ze&EP^ab8m#_4hIP2X~<vt++XTL4OduChie0>ZU{jKC+^rVA6Sd!+u@Gfij-DS%M(q
zA0usDGeo$dI(J>fDgU~X)YwNV#lOE!J4S#eX<_zl3G%z+5Z?s58p45@{@0$_RKV9J
zO3<WDkN-pGky)S$U9vtSkY#xYM>^2i7p_E1mc^;82p%5Pr8)Nt*VW=V3WLwAY0iJE
zo)l)HxHe;S?$P7^h3TZSbO-|&TZ2&Xew?Up-tMG1T5t(C-M)w=0?KZWw-+xgAh~4J
zrvk)c{q{6HU=v+cm{sRP1i=O2a<@}%;n_1FI8udW%J4$Dat6=+Eq$3xY-Ftd{x-21
z41txl$!7DaB#{UKPY$N9aW&i`ur}(7Pyj3E>dvLO@Q?DvC@Q~-o>F$aVUCdI*U>N9
zUPG?8;S`rpORB3**3Lqj34DhxukMr|Ik~hgnfM#i++~9xN2ONB<@P&D_S7}ipmJP~
zQYM8dMo^^EiVR3wIVXBX-hUSOH_ZGf#iKWj+sKkK!k3D7{JY6A(@T2sWvfWir}(>2
zt7bKSVpgwZsuV2Ae2cUm&a6=cxmqvv0sorOB8k(wHZVVKdf}l+M~q)KELCD<aU@AZ
zubVMD?RWqNXk2Jv%dT)I6^C4rPF7RvUP-P<vXI9_h!=zw%~YB}3n70e9*MlZe5FTG
zY}pnH*3%4(3?5vXSDnkS$dNO#Hj4^vr}d8*qs+2gy6kE8d9>&8tQQ~2BG3Xhb+svP
zHIJYR9J0_54B(g)XLxUUr3N{?W&4J&QnPsRJxi)x_e)~(-ygfL&hSLZR|{rlW<JtX
zTic8(DNyENlZ%0RKbYCkSKd9M{uRg8Ma)@CL`>P+DB<PEBNq{%;v=@{<k8hINUpE=
zPv>;L$@?evrSW5hWW$>4n-NqqwY`?U1~Vlgg2>OjMF|itjo1k*!Gnp#q7?`Z$H0dx
z9^xhUw3w^=rfGbh?s82x?1x9e@yYq}S3x)RcrclUp?%?TGDDhV4lqVRrkB6y(Ey2b
zd$sQLSFqHKv5ya{-1eLfX2bG1u88g@+vDslli>rx9s)}n_Q?%|N~J1}9l!@RqC6yh
z-6&XW0x{K%Gx{}m#kt&fUwOSG5~=ee0*x67%I01n6`QJZhnY0ZUwlfDaO^G~UVr$}
zJs-97D^`IC%zSZwpsz31JF*D8{PFEhbfm^|@4)TN#JV23Yu!&Eb*$TI9f=C47Frfm
z*Jh=BJe4Vbo1_put2Rq}aotPg5T!GA58kzB{Pvgm=*$jmZ=!b~GINsQ#VS5aeN6Zl
z{!o7TYf=Zp$XKYHsXjq|<vjIBLEn{##<j%@kijG!SMzI|1cj2Y7mc;BgT#+Hj~rWC
zi4~q@@8ww+Xqghe>Yah-g~#HJcp=}pyrY=LgAaqoL8>JPE3pK04-Y=Ylc5s`9|**@
zH-*Lj%afFNhK=tVkz|^uR)>cljS3;{;t3#!L6)%3)XQoXsp$hq&TiMt4XhG&u7rD`
zh)XHYZWBd2ja;y$JSabfxRhHe^FzC-T*bCg*T1Cguf5<Tk#1e0rcykerXuM>sfwml
z<1_4kKT8o$v5r(+>vdDr(~(b7=nfi{#gg%}@t5q~e5b35_U#rmMDH_4Hc~E&viP&W
z^(*-&V~4+|$=Zcyv{>4(%w0>ZYLSK336|CNNwHH@))ZOM5;IzK_9<`nTS&99doucg
z*NwHZNHPyW;|E~qC)ZSC3u&zyN$x(WRleQBKPMYdvvhWn7T&%KmZt(o^8^Z^KdSOx
z)XX<gcUL|ZO>N+wMA*|cB2D7?{WTU@+1c&}ul+F9fm5S!JTZj^o;`v9?6vgUz%<Ey
zBNw0~K8IlDa?v4iT@?t8I|;?~v5b461L^pUI*UQz{F_h5Bfez;B@Rz{TWiFRwq8-T
zTmv6lUmb(Pt+OA%8}L#l1zT=eg^Mhy+aG@Mhkv*u58TJ3oUfM=o43!;%H4M}q~Y&d
zE|e#ORYg7^Y8s6$q~SdD3n<)%1v4)06@5a<lX$29$(r{<XO;o;cp-&!HA#}I<svz#
z$!GEe?+f?Gpf_wSlSNWBZS|v9?2z`zW7RRU^W<{qnEf?>^O}C`XCqUHu=w_vG<_K;
z<BF>ITRY>v&D<^vB`Us&P~qV+(kqKQKA9vGxAX$YyvU+SmCUP%c4`TtxU!ws2Oy~M
z?VuMPMnNj(%Ei}4>{%B>wj5K|wDc@IMA411Rl7?B3Z7|du_~|KOV<Jp>F^5l1x<oa
z<OdIZ&vrNL95ih$d=a<^jJ(UU{b$rRnkMvBswUwT?tS#a>W>ng0=sFyC2k}8ERsfI
z!zq0<cbQ$TCKk0P*3(=)_w$o9c-Td<l#*E1w=>t6UhPU^Z&YQ`J>mAFo;m{wrRbAw
z>)A5Pxt7b!dxkdB!5P){t`s$(Cy|uzrSw@;W0U;oN}#pLV)dHp>gI114qFAlolJoM
zGuMqls?`Fpv&D;4$4EwZY@3*Ho;5FbT6yeg3gN_QDkE!&l$r9-qqzc1j+uy<EGkE7
z`e%yRvhif6{k3k<k%2sJ_5-#mYvi7XfJdsn?*n~v6@;B3=G|AK=({;QADn~~1}?u^
zLQ!e0R@huT`n(?HdAMG1PIG-LaF&$7TLr1=Hs4#n`{)-Yl*kpfa&}rkQ7~PhfK4rT
z4gHg8qtD+ke8aI*=(u)o!G@jdDd`~=<nyU7P#QFhj7KRsFnOmxxY{mnm?$5u2p_01
zbt2R?kg|^}GSH~+7L^^hvs<sTK%=55xnA&XRDg{KApwoIJYcpCci1zn2g4}spoWfh
zuts85uA<qb!OqNt1U?Kg;>?<rIVBQTgu3ScEH_Bb(9#+dbLt0#kKSk=NS1X=7Fn=Y
zuqP%IQ2^|YR=!RjXD%OiGkp86a0AMmk`8A<pLbf7I6d(%Je$Sa4|b^!VRZ}*1GU+u
z52DQn(=ey$uYPc<Q?pHK_A@lE-|NFs%2cr45<|O6CPVwQNRshYg}E}UT_NZL3sWuI
zmi3{UTU4V-c>F0A;tS}(!>mmaa24|P=Fk)6%_<br$5`IG!%($LcwE!Q$Y`G(Co`o>
zn~t>-Z<N?96Nf-|q!X$RNJ1!f%3w2dP{9Z2r|Y2Lc76nsJd{C`<Y@{c$3-&#`T88n
z7M%*)U0v%l`$C*W8o#k?G6au4(r&}`Hj}uB(#}k2nvQK#p3`QPaRYxmR+6!U10lZw
z0K1ha{sm1fW2KVBH%X<La;;osp+;yjEzfF4Zuf0r6giSHEkx>T`}X}wKbh~c>l(yT
zul(*sIO5UT`LPfYs7qK?ra8hZRAa>IAM=^gi^ixFUL*+5L9%l*D-x>zIGwoY-48Xp
zDqgPs2A-?N+~1FSUZI_d_)(G3YHzQ5N>u`yaO((_PIqUv4c9w2)XPiEB6ZHAZW5Z$
zh~kV~-OE8X*O<8BH~y9&ZdG1?gqU6ItHh1D<L#=pnPX5AwepY+qt_JY&N7>2O8Z_l
zvwSAMj+;+D@MW?Peo~x>@bPVyV)ONnLpya+>Fme5!`whAW_v(DSX2Qg1(4(+VIFX=
zWkjt&ysZCNgmPN9gzB4*mKFlK4YwI{G^g2)XmYq-`0fjdz`8Mwlc25;CkZ1K8HwMe
z4*MLhG7PP4$gy??No?R+3ZreN<@zUqjw>9`GLZ|5RL=ze_kdZ1b*U8LwM)Uwv-uB=
zEf99`Wt+;%wX)PCm?9&oc1d2^RsYvJu#ud4BRNVd?a8}mnknGM5<@tEbHsHi4PB}f
z5~mcbq-{1LHA$~c;$U=#Z>#SA{vp=2IdyA6YB>6jk|K)Zle+asmBAaH=P{xRCSw<q
zYoD)6aJ>pUXjQ1vS(Z;G3*xc81)o>K{k#Ctc*hfw@wE1k@JHHqJmURL9K|Rg-&sHc
zJd<pEw)aZsMyT5rp_SIS5Q+naW$uzgsxhaH&%JVk;~HSd4UlIGADHe>U;|n*-WS3O
zOGhOt%V^mh?IjkdMGc6_D>-$nw!#P!dgL^4z(E`1;d#KZvtJkgX1H{|RUa8Q)wj$Y
ze)3YsZ(3uT8`JFi`M`Ejpq-0?Gjq)`Gmw@fB}HKCkS&#9JtWVtF-)ZjDJC=DwI#2)
z+_i7%GfQE#x03Wg)rq&LR7sdbI@;*8kMp-YBv9Qd%_>w=yQDp7g;+opBJU?wIk@md
z2qJ~kuwg+*iCWZDLeu-Fz?t*Q0b{Q`tHs}92j4y1N;3D^$#TyRz~FC>@m6mFlcZ@1
z+9!<gz4@T(3Bww*{O~cXv7COB6yL$=R(kbRtSUV04WcMUYH_*hwHQ&BWkVzG-%qDB
zm3!oHIuAP9N9oKd^G&xY$t@Gr^ExTRZ_F^ou|H3}o6KQ?)p#0}p~);M*@(qxIokZ3
z>Jd4|Q8S6hQF|bV)7(-jeg67S(-ckOm{gGGxwcHC{{-iX@*1Fw)eoL&k)~q{SBDM0
zY#UZ0;C>@*+At=i-Hf~Y;pZ@^)$Ft<@iG;clf7`xd|NZ+u0x1OtF~&&Z4*r@sYwar
zc3b?rwMIwl{j%^d>iI2@DfikOaJTn2c0qtGcGjs=U{NuPz%OV~utz!tbHkMxtH_pb
zzKU%w6C|l*_DVZHxrP<P46{%B%?Y2T1#r4brW_$bO$L|f%F;1SlXC-Hs$=UvOD%-T
zEYYjt18g|NlSMBJ-w?_eyw7v1Gh6&=J*RuSfA)L@O!*R?^5u_GJBgq)gA&Xzq_gOD
zK<S5v!QBBqn0D*+`UhNLX$YY-N6J?NDXOoV3^#uWfCBn7=vJqyJ6zmUjeflBwRZWU
z2S<wKzFDiEe)Co;)XMq;S9!r~Zu3;$aZ4U{zF#}Q94$%q65quQcYO=)n_I2&6jURW
zae{BtyZKT(86iJ1F1eW5q<S#PAfo_qR;L?2PbQ7fdJg;0HGsV=_r1q!jb1N9{uBj~
z<vDX_L_6mGwUi;>S_p(@>5Tb6b*<sNU&oQ|poJw&7p{sXvjE;}D|Ei*z!F7WhF)ra
z^(MVd{t69^KBYuBPK3VG)yR2lhC+Is)=CC03MU?~gR{Sn4>J>(8nZ*R>ND_+y<$3T
z9NLqiV1ThLg52Wf38`kAno%0B#>4GHyC|}Ti0;Sq67)<bY`3ch0jk41KCQ;M7&VT*
zwzSeEg~H7qT54xY6S{S-uLyO>*JI{Wo+9E-B$$J6eO^JRA@R1+3<N>2ZemqI0)v@y
z5K>>C=ANRflcHVU9iy{cYc`stQBD(BxItQ@ypA_d!zWiojx*@`EGxr4%~@8oQ_@!l
z4qmSl6f-kpd2(ZfkN)>D*$uww4%iBI&m!R!CHq|7JuTUrde5mOlINYm9^FO?5f8FG
z8RZ|!p&I!Qkk)Vu6(GVbCCTe>UeDDy#8Dcf2m7_ESo12}KY633HM3Y>F?iyi7UH>S
zs*|PYsO3pYq^m{#^!_XY)JF9U(0D9jRr5o`F(nc!EKhJIEJcfQH@z;*FPh|Uj)mL^
z=6#`xDUzw5`BgCxoG(~h*=(i$Z>dV;qC#YYJ}gN~Wd;rLqwsTJ8U$Td^|g&Xdnj_|
z^iAD^BrGsz2-->PC8Uy6HE3&iMjwl=d~&tcWzXSbR5A6H)=1wKK3Eh`Vt!o+!Js>>
z!d?~8Gk!*u%JXFexvA8&q`gtY{Ql`+6w_SSk#c&tq_XEi8+j^_xj2ATNyPm@3h~JO
zcQj(k1yal=*?6_?VwG(7YgucRFIVX)OHn9Hf*=+xi91EJo?btoOicF!_Ifs#Bpe&h
zwXXplx(o_2EU*=(W_Fch@L>PaO~Jv*mIa!18>?#A!rH}(1R<M5#-GU#fvO!<2kU)n
z^Pgm=x3p@*-9i<MsdTzNMmdfjx?DC3XCN7BUx)(aNP<oJ_wa-b-f0Qs*HV?0Xx5YG
z*e1)R;(*-|!#!2JcZKcpxn%W@=Y}n%p(-0I9oB&EYCfqw1+DVJ9YqA$2cfFsQNd&2
zYsbcE%&1wkFi{%Jab});;%v#{EtK2IM5GEHe{Z{Rs&PFS{)xAjPN5%^?yjM@bSc!Y
zzfQBr0`LhFGuE0UFg40cKSa4S<XER^7Cb4MCsb)`N)$#wY}gBAHIaDYnX(8<VY1?4
z)=ul=qgI48WXA9$2<8LKJ4Nf=)#cHGIx;&HZhAU;vKKjvcCC}JX|Y9{d%YrZdjd5`
z{maLKQJIqRCI8OJ*=*$TFYMMuu+FLtYXBxGMjv7F9MPNU;<-tAAqQP{Y-<C3qMqPq
zcBB5trrk<Q6a&a2iA1s|#%E3?6g<y^3i?m=#FBPqrku^vlwUKmN_tk_`NV()@jreC
zUqb{j?0NO*y>fO=l~FWKW1(FB9;e11HGmzS0_iu~<*2?Vg>%9=q&H;}>ASfRm}Tb+
zbKa4rB)nOuqSp#{+m(d+L%`NU7`T_n-ns1_gufnJm(YkNTr7X^;2c9qWhFH_Hb1bW
z=AenHLATsWg*3*Zrm-`z@9s(e^ZT*(y=tfJCpHox)*Q1_XWQ2ogJp3)4J*+oi<dFV
zu$W0?t<<l($z*+na^rv9GB~YrFDgh2M3DN1P6@a3>j?OOi?s*SZ{4-_=9t)pi#6Bw
z0`zI^5=!LLkw^f|(g=1uRw;=Ll-eaE5+6gHBAq*i(h7ymTWr+%%K!nCLTZMJ{LYS}
znHT(;yNOfw5CySv@e|ot<NA+Adhh(Or$~BE0<+_<uOVt`)~s*>LZY>iE6GJMx^>I_
zjtEZoz%xMbluFkRTPkGpG@$ShdN({ks9Zz*O1TP$X|d*dwq%k8kR{P32O+d6UuhMn
zH1dnqL>eJ)tg1I>ZX&0NV-pz7&^rFzJzb39&`B7JvxX%Hh;M83^-}P5(k0$WI_jf(
zATV!Yy}v=!3a6e}rYwdJ#{)9;$Tr_&8I;>Z8gDT($<ReloF_wKDV0jIT2M-t<q=m-
z{)Apn?#XvXNW^7TBHiWidLYT|yL=5kO=X>{tC^OJapP%kA~|m{1RPlgzPj(*wfz1J
zbk<%Tq%nCc;#MhkI-jL)#WUsb;ewz+{6vJxv>qGw@{A)V^OMas*S({{Qz{65_iyvJ
z-;kx-a6d${8zCfjManD%ep~1@34jHKpkAQb_w;I#!a&rpc#{-%rV1YWPoi4ymaU1u
z{lUkwwSWZfHoIW?3Q|I<aafC0CEGCS5LSh#ugqmVL6uX*8Cd95?Z5R?63KE2r9V9%
ztfB1&N_EZ%V+0UW>GFok@L>>)(HtT+Cg*vEVQczY96jw}&MKjKRm7RsOZ7BiYz;)>
z_8{!yVll@~U~Y<aiH^;s#_(Fnlt;Z$>H;y6M(1{75cx(nG3IEfZF?@x?^_Ih**4re
zma%*VGI+7|?N4U!J-mraXorTc;(lISE23_v0d<6ofzbW~2{kxvR4Y7AaKIpn5VDl7
zKTbOri6rsbTjK6RgMB%o@pgZSAK1&F2<K1J46QRcImagjsz+iwc7X$fh<HVP;~j7b
zV^PV0mhn&iNV4ryvm@JO3a4aeK_=D8<M<{inw|_2&C(rzOYw~^hP1yAmo?q~0XHgy
zzpPX`4fz>#yq7HhJ?Y7Pjk@-dGNi*|ENlOaTL}IKgJNFu#jda+mTlnhEHRdqs_~G*
z6k~s0@%_Th(hrM(sGtLORc#JJrSepd<Nj^aLZ_yh4ao}~0ww<&$^G$`WpDkj-Mzaf
zCz(v)AoMRW6>5ad{n32_@McDAUdWY}+f%NxsX-X#AU>g78hjTe+_57U)8vN;<VfM*
z;bN5CJxbG}_0_r9yBn66e+=l^CM(!Ck8?Dyo-0JrbDHE*jb)fyH?f?l1o|Tk`w^}p
z>5inbocbFMmMM+>>o`@izLlmrr2A$nRbp~N$(}z*ZAAkSSiP*LPt>F?p{9+`k=x^A
zmm{ji(p-&6&-*|4Ptj2SKqFUP`I}%OQ@GYANv0yXxyZ~OMEG{e<#cOg%ZXo*nMpp$
z#C{FU1kMlKht(DHEuZ2ThYw@=l>E6G=>&|J_TA4h*!nQ}a=~;3@n2CURw*=5S|ahB
zeaBs*K^@QaYa*L?B8iXFND}@G_N6@3c!b%Zh??-*An_7AX)J+_*`wLfZ@prL5W?=_
zeY#+F^YS6;wX$#36v2F5PcAJt71|->xK(t6hj-;C`%}8d+Geme*&|#E43kj9Fc*`V
z;{*H=?mam-4QO%Ohb3wxvBkl%PD4LD1`%gjM&&Yj_SgjC8lwojj}@wwIOdj}_SB*k
z6~eW7LVjH`XvN~BQ8%(X`7S^IIKAMK+9>EjU)_-6ibB*T7YGu=<xqUy_pYowY`SZ=
z?QAeOGjj9^g_n3>(_fmc@7XN|P-F_zI6?Eq>W|4X;hf(PfZpa!;gjL))3ymwNFtD?
z5F?VNqLnsI<R35(WH0$0CHU$rWXBcjOwy-Jf5J)t>wmSOw0S%@eXL_xcp3kz`6uOy
z2<TiU0-jh0lO1Gj0=7U<TBjQh!`HJkPR=N);F0Rlb<9z)<qFD<Y3V}?Qx(ntZhW2V
zlvBss+ggTXej;i2PHLVEu8s|RbM`5Dg>2XA%GtY<Im_AN$cY#RE~IHH#-Z?}r>a=>
z6}9vtUnIu5bb0*lp6gHxgVHkpXIAU&xn(AG?hmTe&r5Th6Zn~ClWGPo$P;HrdgNx6
zcNC;O4D*rtkHeu^qKY{ET3?q*h&+dbFW-OC2}fBPOfz6mH;%%@pc(bU?pN5hbH{$L
zG^S~Eo=UT}c+W_;;ycjsVa|=9@m}z+m)IlE>~IJuw*3;6#N}7T)U$hYO-yz*KHISC
zBHTBwP*l1bCgQA_{W|C$N`|J#wU<2=`dY0H?u%4GidQB8|B9G*8@&pP<@o-__SXb5
z78|u47&Y0X@EA$q6}Oa0jtnE)7bg+cGH1+9|AYFI!J2n^YEeGq-{7yznNv+3HS=|h
za5DxyGMep8yMXuUMN=u5ip1$+1IJK2-aWI=J73$%9);H+9;Vy1k{E8&t^@W;DMJgq
z_vGpQn)cSt3Zyk^-;HEA{b;V;=#(S#7@eTJw}hg&B6V|7iKQ$PCvrlFzC*{;AfPi)
zmdIQdSSIgSLR3&)79|3*!OZ`ddU)KL(q0jw2O-=(c5YAvRO97*ic}3N7od0yC1K01
zj@#o6j}#*{PcS)D4I@*WnWQLPCc@&6c*r6_%u=ZV?E>z?==UMkK=i;FETr>Iu?u?M
z<K{U9m91}Mlw|e(0H3~VCzg2g^0ia%Uv$NoZMk)cXM00JMR`S7tO@KOm;fJ7^ebk;
zGt+yZE=Xr~vL!3Wny>8+^!Az}sP!$*(dvyr2@uo>%!LhtejbD!3IwRPR&A>jyz)Z~
z1fmP4*M}0ZQpceQi^Rs4^E-qX0TsO}@@OXBRMkgKK~pLo%Y?7@9exVmBK4vzGdtB`
z|1^?yvd`qoj*^8UU{D}wm$?49IAQG=^&#*5Hja}w+(N1ZN4;!k6``+94o7*t{R3Ox
zJ_PjtRQ8rZZMI#sFy7!^v{<p??(XjHF2$|5w@6EHcc(>Lph$|lI|ME6?oLkV^Zqz9
z-^@32{v~r?vM-sv_FmcdN=;*<WCG<_*>bJZo5KEB6UOyM17&4yFYilRay49@L=0zP
zQLoV+RF5XFwA$HXmDQlH$>#)Qw&Nw;?^<UX><z=1@Dm_WOpQoDpBpy$_Z&TA){Xvb
zV6}tmI<WD90G?B;$-O}kWu4V_-73K&cd8<a`C>G-V&rnHHtI#LQwA3-{}8LbZ%fzg
zmP)<F1e18GiDgQmb{Ljd6^?H{iAmoo5dr4}k*jp#GF$Sf#I`{53nNX`qMgx4UpUT`
z7cZG+c6Ux{vP9%&^LOb@>#T=eYh;|~eC5Raxw)p#C_n&N={Hdy%5_EH8%!RmbonGz
z9+$ee$%h<AK;xkTobx=jZo~ThGiL@re*s|iylm&9dj00_oEf$HC>hlRy}u1xw&TOO
z3`66eT)doA4@-L&Hut+O0{fO;U=FNRXODR{Ge16r_SLnA6bt*Vq=oKe3}3mco>hu7
zcGaQ6=O(hv6BhK~P}-*jetfpnVqE`8aay}>J_SppbT`21{vEe&E1q0qIAmfQtjfc>
zQ8h|fCUr|9Bgzl3OyOftLF;4qcIWyI?H$Iv>n93XtQ0DFJ|a%tLMbCko|QS&LL`2#
zhD|XprW_`0Q|H(LJffzzo40R%G)+N&w^`i0bKA62+<c3_+_`e9F0@c*{y0WBxkysY
zWtZ^gPc0}m!1g&A<BW-Ktn2FcQE_2}v6jFN1F`V)dxmloq=bEH#k7h)G{BRzYJUoj
z;$MHZGop{QeiJqd^_r3iG?RVLsjP-i$@}PM&k3!AJdx{z7u|64_=p)0gf-42OT=X$
zm+j0l&Rjp_NEBZZ7iaQWhiF5dk{x?#w3qDkR}q$T3MwuW-!>^RP0)%kg`z{HM*Yyy
z8Fi^g2tH(+#4*A8N=V@YlOxOrm}pVr&nl@Z&|<*Ef`k%~%$Oqu_;1tI<8+Hl(iE+#
z;Ijl{Xt!w@$+48<M;{6`r37rwAI0vp?5DI_K==9Ku%n||>ewv@OmF(a3u2ZP=f(&0
z9#L&H&Oyl&O<H@8guW`F=AMoUvKw2&I7XD%6FR6f#5&FP;P}CWJ~dr}L+(HiFRc?~
zu7f9ChsXb^3TMS*l40^W^<5;6s5XffqI*x^<vBUI&HR14DWRsLaeh3)Qx9_k7tEti
zNwN1wfZY3iYO<|$@btnEU1H7aYi<lqwG~CcTOZxYb2`%TRmSSIae1z(p24{`CwbJR
z4|$(mQ_<gVH~i72fc#2Rd}?(R272JSs~nfw?_b1o=&xj#V8+%c!xE~MI@ccgpwZ*1
z9DVk0xFobAN)Rz5ZcXgP6$kxFDp*|H+wJ}k7oRXb({&Syz0lD&M!F*A&_m|3P!-Ph
z{4<8?#q$eUX_<0AkU8d~EC!iKQ&D@<Nrn70Nt_BBj`S0?iGUR{k(@20v)!{tZ?V;%
zx5~6V*8roj!dilkMJV*<WJ&cAqkiHJ`8w(?r?V8*cEW|cZ-Uw~G_>1T*p?@4bS?Jc
z_~fK9CD;eVY1T|XNjtbJCfOHD#Z}+)<!f#oI>B2VWi@n{YI`<`hPc+Zp4gXPf1&-*
z${QG<F|~Py%7oq3UvGBxWqr@jU%4SF#&NMWR>Nw@J%64%oGQ{<jxb7V?8k_YMr59B
zjOMou07l0NDVSY>%TawATmRIr=;sFA`RD8_WU`(lB&XmcN+sUVL<WKKljoVfywpJR
zYn$?_BbscgnW-rS2XJ*6^0jS3-k&KdRaHjk5AfC7op`n3c}=}@o1Hna*!OZtu{;?n
zWP=;D{vlT!ph1O5q1K<?Nuqi$KW4o0t=IeW^FmGA*2B^mXl;7dT+!@eo!?l>39&A<
z1x_+L^K|7?8fYq|axvjc+>#^-2p@Iv(V*22?e${=?Aat&@lA`IX;e0A4n9?!%c~&#
zwXEIiR_tMc=Us`O5o0m2LgsJcrC=1)ryBXezHo_rLD@QMxm!*?McRRZ_#)9W^5vWB
zKD{I&g_5PHuN_xSF||EwUNOG@jq4z<@e(kdnml1QmHh9gX0D7+kBJGN7_4tH&&Q<N
zNFshDTT{5jYPI=gh^O9VQjJjlZT|MWhW`W$i^g4U&2v;Uz-jU8D;1Tr%DIY-Y0vn0
z?d;mmz{&BIb)`Aga*5(|Ivo0qY4B!E37Hq%A8i(;wUExUV^Zl<BU-!UTEjO6)~YTE
z4?8NfmMH`HxcqLw#K3g42W*;ya1wN!?(T}#bi9S8gc1b;AZziqRC*L0EeX29MVL~K
z<LA9KR_9;qWhDOm)VVCIlp+%`#DXpv&W(sMOQ_<mf>RAktzHbe0&Y1|-||{>qJu%7
z%I7Vbfp)3J0pF#f;v_e<xjq7DZ}>?~oC?t}`qv`=L|t>AgczC_xryk>5glGpEQOTe
zC;x7zkV~gX3(1geUU@MS!jXzT;ca^yHKo*5e^aS_(M|qdJ{7<V=t-bY*c2Po7>wdj
z;pmcD_5`ZL%T@61*fl5=H}$3lPzNypc~khPz{4uPLv0yFYicQ&W-sQqtqND7V>-*T
zw$fsqz;kaZD&adh^`EbPIW=`Jqepgv@qLSc56&tKf`+d2G7K`GR_8ZMIi`VJAF0YJ
z^+tU*QLE<{9eF1h&R5tehp|}k8EV^<zZYUiRR}dWGtGj*6{<64EpPM6L#xVb^rlUS
z+fpN_imB8;dzuM0W1FhNYb50j4D`Gu5|CfKbZ3aWlh4)Q`H^?mo!aE=)<f?0rcjxx
zmC(5Kj(_1HJo{)}LAz8_WZ~wLL9y14FQs?CjWX9(L|-GKI56s1tF2(|&6E}~-L2Ix
zAH(D2^<RAK^V7gOdTVs+c+A8P$n%CRJ!5S^<TEld$Irm(-+{jIjt){|6AY3cLtC^l
zxZ$0F0#-(B>r#^}#@q^nu)wJ*l32beeDKOy_#{cS=ek#7oka;mH;wVfb;RM0jFJ4|
z)lYeWM!pSJ-%`t^-;G+<`^2HTK_;Iq$Cs32!FR>DCRF{5F40NVISeB4St>@Yq#32t
z)>cc$UYN@l7a-mnF894Jcbi&QP3Fu=e+~mk-*^Z4ntD4JWgXU$x00zQa}%TjI_tf!
z&f-oTt`>7cr-=tKV)GQI<LJfTN_ZyzBGIQZieq)AB>nu2$-fA1Ln_;<FIQ*d@P7XJ
z$Q*=L7D01<?L##^*wAh`O_VjWy>RKlkVPhHcw)6>&#EhMPn(nz%hWUaIqD6nYz+tv
zL6WtZ*6|E`Pd1q#=k2@JcVhZ%1B+S5WxYDN0P;S@K2~_vqxHk>X=QHQ=v=;H-vrSf
za=hrwHj`X~IAU^goJtZ?)hn;1B>E%}u1WV+o$2jw^`4vaPp0&Kdp~tf<QkdV0py17
zxJ5{<nQ2FMpTF%#r|GsNuT=HQ1J=I9D-!#+7#R`RXSsV&22*&|d5<3{uLe1>w(G7a
z;KTu9Xqe~D06m*h3Y*{B-nR|udGZC&Y@Z)es2bNr<7xLi1xzM&ynpHOOu#wBW%w2K
z;N=#e#;TD`$f`j)K0Z$8-Fbx%jESCnC-U;OJY5cpWApkDRnJ<wiPgY4I?G9LU^8k#
z&-LZcYLy$4!B@%pSbJcZcn5_U7CitVtoJFRJA|f><)?1#Z!f#R%SDi4riG(_g@*oy
zp-wMr9mXnsl%OMnJr*GoLQ7wfM09IeCxZs<y&0O;oLLu=C^3)&ms*)PJVZP{AB#;&
zU#)RTYYsa000OLJaz?(*6d?i{9O9P{%AqjON@*<;Y`7RLfUs}`fjg=1)dYG3A<PqI
zdTJ$WbU38YFj=ux5P)rK(JmQrl?x5#wK)d@nmVoIz-N-zf#O~Va)CpFflf$41Q$V{
zL}}Iazn<77XnJpji2psyU&DqW-=OPn{=p1HjQa}vx?DB@wRneTYZ8oA7_<j$cnGD!
zG!okDCo!DYIba76Ugto98eWS2YBo|RHK3<~jVd?eStTqLnFm0K5TQqSB?<#WdHSja
zzzx?GdXwQ&q>gd8<ji0Toxlnn+Ic~2a)9l%EjQG@$iw5ni(xHe<EkKD;dc;`%lPsW
z*YA=HA-qr7sR3)wAC+jF8#YM?Tk4F{NQX$U)LDqQ8E)9hBWrJj4F1|dy5e>GJT$r3
z68Tnsx?h5OrE^P4$PFbMtNG=anVCJ8niu=QS3V2wht^Xo@Cl;xUUI)H7s^c;+%=-#
zZ>!K%7qfpF0-zls3v3(K@0<r0fs*SuvERgqJ=5(E_9w~NJLY?J@_V}FJa^B^Pg%d`
zOSvdX98ahW*S)XR7OfGYc4WIu6hd829V8V*Qz%L%BJ($s0Z;NS)soou)+^6me{(Fc
z2Cqm|m^=_Oud%G(i>}ChZYoUq%2QrO9xVI}q&l~lU(H<f+Eir$Zu2UD*!PEavpxA|
zHE5Gzh*d_@^~iK`NT05RN}de(wXL^6>twUr3doEp@epd|VQYc?;rjAR6HtpE-Up`m
zxHU({q@k?m+>due%={1}1CUi=`KGd}Q>nFLsoselcm<neDbTpq)4qjdKUBJ1K=IiO
z{t)e8ZAJ&@fbJO1m%5vs_-{@2;8e6@XV#Kmr7#s*U+jXh3*#yNjjhbZhT6MFtBW(o
z{qyTjm5+w*^}DE&@BFfKOBhB(CDOZq@CSa=!=}2$be87qYYV}fk#j$sO^2VsQ#C<9
zvxx(z_dwRG#nNR#S#z%5uD$Iig(bFa@}`arph)J5mr$~&BUPX52$$^QRS$w3*$;No
zN(kT}2M*zhsmhC%U=?_7soX)ipcPxP+M!Wv$L3S1huc4S^~5*#c@(SU-u+$9{ty*|
zx$#rP>yYtav-YozJ0ybp<>OUn&h{F*Te}gnWw!jou1fwqD{T*Rgkz&|@07iBukhWO
zl8SA!2{wm&YpTomhrP?)pDv2PiO{!_eKML5V&~^ipdvoxmMQpmoD04?6=40E0@gZ#
zD+k7#hkf5Y=jb#wvZ{BB&oot<0*0-ICXbXk)aSi7G$N=doOJqy)O__W*V#=2hMmW~
z=O*muH~uR1La9b8;+R~*(%?Dtn774x-GgL=RC|6!*wVqH<s@T0eJ|kQCcWp87j#5G
zp~LJwNy#;Rq4Axs!Sw^u#}451bXnLZW8u-mwm25@;P5Fig4ItX%+8J@N+N$Z3ek<4
zvmfSMO8ffSCnZB!`wokTAobzo;QcL^zKz+OV0Pw~Q+B_vLVZrxAdvZXggAqJXq{ok
z)zyIIWTZVZ84gQ-p>$f$@~<~5$Rv%mC7CV^UMkwDtxPu$3*FlWab;=!qpOTLRh2m0
zKaNw<Bp*+1HGbNzdDa{pJc!cyh;zuZ^5vwYu6P%hrq5q8gdB!qZ;Qch^cCPbeY4})
zAG*$wY$Ug0cD}W~k{i`4m(j)9O0Evzs+JDUk87E;N@!2wiFaOzPz>-~Mdukjwdtlc
z$Pv=<V<%no?qUl!&NLMK6#ssFki7kuu<vPqt}3iCrigl5=O*0*@p)>%_FE9+N(p0P
zt_!prPPS5J5c7O0&zVXht;(J|@U%&}GDBrtsm)Fs^aQ%xn>q`oOZ|Of^rpQ>pdg^;
zx%*2o=(ozY%G^Xf*I*$iV#!s7KFNV94TjE<y1cb=VT9MPww|MJF*aG$@MZ&b??4x#
zpz2rk65mpP5tUYSJkiF>d%<bN3lb{x-=;3>JUE^S-eJ9pY|E-_h95v&Q2FU+cjJh1
zE<hii`n}~u1sU!8(X8n=S@dkV)jy|S?|!fJ*7@+7a_f3Es=m}{*N62_rDhM{QU}P<
z#>Dlrn*RASlgkh^x}O&OtTE=1d|~K0%B|CwOHTbTWUuvH5`Upvd+2M#3V+W#o=Z}p
zsnj-3tT{FOFdi%*)_9&?v4Xi7&fY#1Hx2JUw##v!JzS-5c+nr5vcy-Sc#-by*-~Sg
zK^%nrEitj^MRO|(9ml~M(MF21X{d5r&^*DpEj|w@0IeGt7%vrX4Q>o8CzzQ?D{`N#
zek7tBd653<$M@Uik*|;z^BA(TKz_0so3k||s*0I#z0B0+L?mqBFOZ|kI`#E(8HMxd
zxiefOkF_uIzz_O*ICl2hw{PeqJQEwe-y%hEN+Xa$J0(JF6CLvSvND4_JI%K3E{I^@
zg71e-zsL5wKL?2-!oi{-g{KO`WYGSABK2BGho<806n^`n)0ZAUd<<+LI9}Y$40SA0
ziCbA59WFewV`B-dIeZ+RmN)p}7J&9*rE+p;<^BpnXmI+{9az>n>s(#0fVLhLBG5#D
zujt?B&sS)EU<Ji2JRvv%g0D-jh|Bc<inugLOx6>%YuM~C|6m>%a#r9<<yfTt)-#DM
zg%>)#hB$O`2Ko%XSCkchZx&UX@6!IG1-hts6ev1siVya%Lz|%>!3H{NFgQhN#IrR(
zADUsgii=^F;D&>Gc>lgawYb?l6%5PFz1s3l`fqdp;i|9P7qW9Y)kgBrvi|Ot(o#Q3
z^iZfsjKFdI^o)4(y~!uZ<olpVBt4P%Ep1(6=_1)UvV7{KWr}!X1PoF>G00;(BrBP|
zU=}Jz!=S9n)nY}{iM-91Lz?F~5Wy~$fsS{nhr}f>ndlo3j?!djmp14pK+&g0FEt@@
zuK49HzO<|?Qb17fM^h7D3D=-=IOUKPAj1`E=UNmcjB;&#y;g!%`4^asFfH+P3XAw{
zF<{0u8GV?fkT7w|l1r5CC|)ojMF=Ljje@5{>Ou&mOtP8jQ_KfaghVgP#4iLG8l|PO
zIH5{Q=B4{bLV(&>Y-?IEru&YSneTKxveU=^WK_`MGI$DGeuR985;w!bCd5+5u;5qL
z(U<D@MqOfiepEMZ!`{y&<zygJ)_y8m&kv-gEf=Q%1GZx5NrK%!XzS`$tkO?%6u89_
zTi=6oWrs-~qY4f7punzveRsI;QtSn}{`tK!EB8b@eea^eOMiD&OfgMK%Xj%|#>Sw*
z>g#rFspkE{FiiA7#iw7|rA9@$WfxyaU7EMw3OpXwX_9<p?@2B5p2lOuMJQfkZWtIq
zSLa!l{2$~gy+$vPY^0A-LXwK(0ZDE10c!WZD<9tYoz;o1R}1294x5$%$qi(g{Z9%n
z2O3V~yYy84hqXptw};R`issGBZH^oy=r&0w$HZ9GBlT3vE%<)YVX!g4K`6(82qCts
z9<nL=BAKwEZ<`}ME__S+yi49DL7~h#${8^;a=6#q9vo}aBNS7lhTXxDTV>b?(jhmG
z;=}_!pcHvF*6M_U{4&9T<i;W|NF|gkZO1$YBZ5+MUM~?WHL)L)QAJfNOjgCvDTXxL
zq``TIwHor66?yV>@|0f3S3}z~jX`zNpl>2diU;Ws{*!;8!(eO~Zb^iv4-QVub@cmM
zExicGx%#xjYsrnI9|10F%Z9T$kk$2_R^2eRvCF{EE2MLEc@OmL&wzYvUO&aut2^4B
zJo_%=*Wa!}LH;OQeM?VfsL;0d!?WMgdvf3QN%Y}rKZW7=x2j{YpbEKlv#y?S%xGht
z%U~~)NLh1Ts6Qj<Xz%Fd_vGC#6cX7vESR|EpvU8So6*c5j`c`3rI@WcY-J5T^=gl9
zls1pOoAAdU*8c(7Y)Q~pLJHbe?g^Ofe&VeSrJW=_OXJ!-%&P=&CX;^6Gn-2O;7OPy
z(S!Z3K`XR6SI^&G&|i9ItG%r@Rrj>0bJ>$(g93%)m}TrPi-JpwARoknO|W-hg2W$o
zCt?Ox_oh9Zi!I4cbrugxPfzkOO>V!Z9Ha71KMa3TE8Zk~2)UvcYtgNr+-zms@5^|?
z3AAP&ZNJ5mCTmRy@;jg1`qL=i4A~X*E<Yb3Qq-kyE)RuVTRl8sk|`zwwclmyY#4^_
zxbVCl^J&1Ypyz4pEp0rF98M6RJ29ug4oNEc(&U*@INGi6yS>plpq0lPY4%q`<5gK!
zRDkXDv2w+}f4`H(sGGp3KNNx$`%q}qOB?KBv&rtORirVvj2k)dCJ0MfXb?F(TVL1h
zv}vf6_OxlUIFD7Je5z8W*yc*wdbvv%rLAlr=<;@Sz9r)?|Fh0R*S*fTd7pIJM4>;#
z(LUZbKy;_(!g?dycbWLX?{Rz&j&e+swG8#Jxp^#m^fA09su^GYeL{7WiRYUyU}vpj
zWssu^$+x^uh{|DFSl_>Ym!nY3p~mLX8V!lMxJj!id_yp2ki;ppP<yuSVSgRRLSZ3M
zSd(pYA19Fe@{}OBzxZ&ucQe~KwK&}0vtgJdv@EO$o(cZyocnBPfR(e>{AqJ$hD*T?
z6l*Ql2-D3d5`}9}{4!h|!MXc(8U$3G$ODfTW^l6PGyc726mGMB_bw2*G1?O?X~}YR
z<t>;mspQKI|0%EMY-v2SFflcYDF=BR8BRd|D=oiSqScqfv{eY|uLtW4D=-eLV#9EU
z+1DxdYVgzGOG1IXJNWUFf0W`A9eJZ{jLG{pvQlI4N?WeMgSFWCoq<v9pPZo>K4lCq
zw-1YIw@CaJ0qXVgb_si7n~S>FUebK~bJzwJTbZX*i*bJ?IRm^rC%1dAp4+b`o>(s)
zn_~a$u$st;>bb!)+d}E(OYOX-+&_zgdrKHZqec&S&)3sQ`!RoPCQyHzRoZ1Uq1Kuf
zUcM_PuIZG3>G3(NYAiqciRkt{3)Vhavi0JNQBd$TFCL`@6HX>I+A@U#;pZ|ZpX@}P
z+sPDyF%5a!v-yqjx$y?jVB6(h+38<#m*5V8d9xi|y6Ns=mWz=M_~Bsr%QP~@GRPYG
zxDVGQ=hg4##>tVr&!e-4Wf?3DycXd&C}AVS@^iUTkbuj`Xv1{tL}SGkriHe~zkZBi
z8T3y)PK#2zc`ko@^t*Uid!C+lMa#wmPdt#V)v5W{9fnwI1*^w}FVj5svoS@LMKEw7
zZK)6?xuw%E+tTMol>(qmw3?`0jI29C&{YxnB%SE~-=yvjV((>RwOaGGrf@9t!86b@
zkvW8^a7+<7%`%me!a}Mpb*G>3p)iPX!Z&(_8*vlHtPnw<@<_iCx+a2HkP7j8IUHK+
z#I2?_%vK3+$GZf5*&p$o!L>k`h)7pBHQLM%ay%u!J3inE3=q>?3*VZ0UI#AiRnV2j
zcS#Yw1yIl8X;xYn-<IH6X4)ZzUSW5v|DjO8GAXxJgbF$kKjmZFbn6k*C|;O$GWl-w
zI1X@e{Flt@V8Muo9f|qzMe*XlH=v%17EJL}aT5cvrONyOstZW-1W6LWGM)7%Jnkf4
z7WiXEIt)&-XzGWsSou=B0mueNl>au%!jQXkdCQ;4@bpo{s{%r(Cq*K|qP<&L+krvB
z_n!;YY&840u)bGRC_bE*a`j|<hjJHUVxVOW{n=}b$nIa;;y7lG&~V^2l=+FphB~IK
z_+K<84<$)55GZgRp^+CfW>U}Oc_k(Y5fUk|1e<u}h5q*-LKyBwp44d5HuVkqrD0rF
zOyJWE65B|HQ#mgJR>#AD<Vqk{xsc!=r~;U^WOB0<FQ%2Hw4}B+zByw$J5p$XM1Esq
zn!zp4u4V$xP$46MO$-NY=DM%BoV(9oaDfS9z2eC{M)XI*LQ<T@LA)ubm3)a%T1F^w
zFRSI1PN579p;ACAKX^W;RKM^<jgE^9TywrwKJ!e<yn7Ah)+u0E>Mz$rxQ1wo3Rm~~
zWZU{oYueV0`CKzIiJ?K~m#~hID2{c(m0O(&eDXV}Ry9h=cDf%i0tz5B6uSgt<~6<G
z<>gS9`F>89)+ZuwXzWkM>{8$MT=i&}SHA7y?%<YU+AVy}!T}n_b^ggUJD_9msS}t=
z@=`eZm6qh#fc1}?j?tglP3EV7r=``i8e>w%G!tN$yTfW13+N=FryMi#XAf}(W4Kr!
zzzRrDlC~n=F5>)l_WaEuG<d**>Lcp4KdKZ5w?E2L(Uv*1b7zp*+3URAj@#!)MC4uH
zZn}hx<8~RJ14jQ0sm6)C+d*+IL4V26BJfR3&AqbDgmeVa*pBjkn$pfQG>1LA0NX?P
z0QKSAKYJ|$9?0hgCXePHS6{{mhbU9orsTYhF0~DaewkRb4vP-tMFfJ&dt3n|7LDC_
zyzSUgPUiKPCZ$@Aw55oId0VSpk>e#`G6*lN0uPARd)xiMuswtL-l)fS<#uv=lNsIZ
z+^KQW;$_Z5RCJZ!b20^3-^?z7o>e+24IVG^ihBWSk0Tj~+9J(z^Gtz~+U3D{4$S%0
zf)EP>pH<5%ymR>Ap+<|BsG5Go?{N<ix0;?##&dshkvAgy5I67K{Uy{*^&9#9gh{(_
z%57NC;Or?Wa0M(dV?Ly(&q;Cj+vHFaJcmN{Uz1AIztZ+2_&kcw!Fij?#LdL~2KBeq
zJv_RBTZ444o$T&Ngh2(l2ZwK`X%5NC%7}R;TE2}bR@Bng62Lue2$WD!b`4(INYzA2
z>PgIwd=WPj1E9swuhg1cnH%8D&Jj01wh*8D9J%eQ@}A!+kC!fG=}h0oE=gtOKIH`k
zO;8um$h1Ku4It|@TDw^?yTMISWPz2DHmbWDg$^%6%%0%sRtE2Z;A3)@;$Eu?l#SL0
zT|bRJ*%H!nCYzW<C?sswv?-R|GcAXKMU+^LL}kqdn7S%6)7z0kW3VRt=Ur`s;n}<$
zTylle{%o0QA{s&S(YbjFT!O%DuJRWRx%<2)(+a!Z4deRyxt%v*K-XpPd(VA$#qJ*!
zm{T<n0icQI*09u{2OR_V4Z`vr6t(^S{ZQduPHYGjHWt>!X>R@jBKMUwMs&)1b{%um
z(Uw?~qd#Lr;p<pCMx2`tSaKw=t0XQh*q!?vd_n~U1)(fWYhm?Y(h=^z!C;Vmuc{hd
zh09FD=Yj*C9v3YRCAM^~sRlpbD(48KJO#B2$RRyW!iR>mwrBEgb0fZ{S!i&+;UP|D
ztS&>=C>H<RPAmY9FsY}(neZ37I$46DIR`hiSp*K;Lf#0G!f)1)+E_>*38I>!W^X}E
zN9bv8`fV>SvGw28!cctIzP%?RdUB}b?ZJ9fhnjt!Oc7~pm1@QGaGs#d9}bmQh87ng
zMkWLKBP|f>2-Va8JvV*?T2;!gR4+8ALxrntH*}QZBrZYK>sx}lAT|I1niC=-TmDDG
z5<uM}2*&c&A3<AFnEl_$VFy+TD%-zK^hyX;ONBFJNdnNW=>Jb$|3CBLsSoMAo9}zw
zD5OvcX&BNd)y<B+Bi`koKpFk-%w03DR>~2Du0bV6XCiw$@*^?cDexCW+x^>16vWWA
zyYo$ab%|a_2M5MvzbvS~dmSkmo6Yz%xqt)v)w4=Si$Tf1ltz~o?BM^b4V4fR<5P3|
zQ8)R2uYH8q!zhIPHTe}=r<|CcmVEc_9aLZR0~X*r`Emq3Y7KKb@#{XZ0PqM1G<|*f
z@$sR>N>`81ss4v^RUg%9Y+AE2GmR2ST>in3S`z@_@bJ)5O23IMJ@dZ}_C~;=^%!|8
z<DIV*1wA0PCu}T?&p?xgbc8}Y)&K2exELvv(spBt8UA-bd{kypQ`m1e?f<QK0}2^2
zmgYvU=Of;M4J#^bQs9#3iT-SE8?ZLTUV6^;@6sWD4OwmU5Og{T{FWPFE*mOgR_^q#
z|HJ$I)7zWVyT@s+%^g-XtKpj$c3|8;&}0L|Lrzscsjp;A+x2yiYlOr0{4;<M;em3^
z<t$J3G%J8O$72#hVBWDUV;Ylk(;PY^l*@Q|W2;mkkJg>MFKz&K{kaDFA2)#nD+u>8
zJjQQ)uPku+EcK|oyMz(n{7UJg;KDjuCNl$HK!YNvU*t9Ijt*4`XsJr){#zA1EF>eT
z$YCt-o827pj*kLnrBeLsZO#YW(K+DPKsrVjQ{4WYGi*2v7MmfVvf%$e(i>sLJH^=C
z^dVAg=J+EtG~P_vl8cHR-ds-<ID62eVu=RJ@CV*Lb90q2{FbeQ!uTs+ap#vGMCE;Q
zYVxuZ5*I!@GxI$z+`1z9#|qGK+h&Upp%5CPjNf0gfL`h+uXf|&3Jx@;o9*`xicH&s
z;>Yf1S^Rb~qvZ#2sGA+YEX15PXh1UI%(LDO30@z4QXwC;bq=?Up2`Gk*Xx7X1Le<O
zQmU$|zQor3fKX7L%|Zm_O#LA~p!JzW@ga6dUFYydpQfy)Ls^Nv=+oqR?iVD=7;@3v
zj}GV&aCjzfee6GXo0r(b=Q*aYg(0F^n3_A<u?c$A!j>l_kcQ%C3GRV)RaD7-!B{T4
zE)s(LtuIt%y*)iA>g}gdunM-ck@PL(sEnsqR+KyNKa&6uELLxIj9nH=ld9ElS1H)A
z5R|-^h*}S(VBQ_bJB_@>tb<Au!?0w;ETkqUWA*WccjiBcV=UXK6^Zus_5Zsx)KKTa
z0gK`BdPUF};Ih)DiELL=Z*A9!3rS~m%sB+709?y%p~U_YX(;WSr+>}x2VXiwf|5|$
zPX_<KH{R+T6*X|_EZgFY!*G7_&CH@45^7~H)mxB-q2_<=ytIEm9%Z4!wfsmu+P>e!
zr>~GoF{-FDd7LFt?<l`snXk#3z__^g%eCeUrsY-I!29~Jk<h;{J3BTX?d{b?M{Wo$
zu?SNEQn{t4!9Re`kJ~^kR{X0R#bNNON`k0JpK&`qk)w%>?Fa<j`1gx1sI5BWDr(@Z
z-&H6E=(#Fy>K;$nFTo9Dw!q<)lOIixC*#e1VWp{s+I~4L+gpE?jx^?DYN(aD7kAf5
zHLPki&^q9;WU8+(f2Xabg=G^E!wx`GL?Gsw6r?kiAy^!&38H=X{NT6vSs@Z4r8^FB
zT2G)p`1>>LB-oN?wESBVbxZHe>YbF*FdAgr>Y)phtTD{wiK?pIF$@1@0R5`&bXgi*
z3FMvYOLI@=^sPj{;f^2lsS}#cy2Ncap5R`!Ljq)<5NU|E6LMT#SxYCjZBvoACyhCz
zi2@LGWcP+3BDu~Qm}hIY!95;EY;iVri&hf8o=#^Qf*)Ew6-m37L3jhjBj{|#N;TuZ
zuOov*&we+xUu+U+_p|PIiA_w=+Xkna_&McVhbauui?X78cS*?O?MVI@j}@|WH<Y)>
z?n&eYuYCErnF}|l%t(b`<<4^PECHXZW`dS|`3#nYLLN=l@u;D`6J4|cfNj1{NIN@!
z$JQ6M6eL5?gzX{V{)V!ea!4Fz!7AYm;LK-h6r!E+o!Nra=|tng*o`vIu<uXyH7`@q
zY5R5bOOlYU8ZaB5^6U7NrDzVD?`4k{coLVeeLF1*&5%pz!Pak~g5sKBB4yoW8uJPt
zo?;`#RQ~ERF~QdS3uj51ZAaDyng|@B?NW!pNM#3sMF!+>bLC116q}V7eV^bWuyXeF
zTwk4T+q19i_p)l!-yQJ__0Cc2uE(D8ZoggQHs)K@j!N|Urvu1i@Lyt@v&UKQy%>IL
zyeK_lA=kd1jFVl#%{TSyyCsrv>Z^*Zt#}FSLr@-U>W%1KC#AZp=0E|kBmLB+q#7b*
zW2Z|MS;G3<w^R?=vCrjS^A+A93@;#&b7_D6wCKN1?z0A)Ddg+!_((OE^cEjK!4#v^
zb9m(LAJ&9Qh<A)dx;ypJqn03U=?lxI-XZU@5>JzdrdGQKtG*%6b`Ae>*>@#NvD8FZ
zcog^RoCpD72gqD1sCz>GIXlASZM(^IrHX*6&c(*YMocV@BCR*yXUq5KDzHPT(Q%75
ziiHW5SaPtT<iYu=s(h=;+Sah3htI?wUHq0v=#OJ5k9#L+nR^)(bkx$=wk#W;Jz|Q0
z#M}xC^0?@i0CzLivBDnY-35*a`noU02}y6^G|Ru@5d~cTI=<?CT&3E;y+K`x+47*@
zCD-n4QraFD!=w2Eze^p4*5I@x<I;NlR??2GN3p29TtRsQCeJY=AC}ipjhKI*3WnqE
zSk!FS%kkC=M1>+EGLYZaX7Y?e7Q+OSe_5ckC00pPGy>No^Z6BkTd>)r_*+hEe&j&E
z#Umo%%&8xg+q|_R!TyIuW^$DI9{HZ#>t$RDd{+R;a+}hh{~k~%0s#CH*{)Pi7RD|{
z6i`7{Mn!#M_WwHVQA{i>{1DM(MEJn-5$nBz&&HZb_9y3<e=tkWh454E-6P1{GqJ}D
zs<kb(u(*g4Z24azElvqj*yBu>L%rU|TB;6*9e`2z>sP|!(h@2Pg{D3f^7DUU^99_o
zInDnJ9U2-U4OOfA+m&fHo$y|EO7OI0lW@W3zW@jtA0F1USK~=f(tp8K*DX=sh%@RC
zw&(!}c<y1fUJNnH)M*W*i$d+~aFvE>-IXQt{R~wy!Ba2Hl}HrerFD!*2E1ycTiruh
z?eZ%1c|m<+<KyyF3|%bc*4GGYJrc&Ik=-76pB@o`<Oe19>~4-0kU9U}7%&#%?exg+
zvhnR=7@ti|X}p%yIc+B;|8kU5kpP2<DchcjgDhS(Zj*$yrub8Y@kKiYQkoW`Hb3u<
zn~F+-S;|Kv?v4iLU*MSiua46zeF=gy$1+LZ$;2HM?*@Us$~<qDcpk}B5Y#_6=S>!k
z(oOcW@aM|(X}sg_ztC2`8pM^MRYEE@Aimo8=&*A7MW{&SqNVGh*TpxB?C#j3UKWlv
zS3Ixj2%)@C@@faZy`=qg=aQLjq^xM4VwR~bCYGc*Dfj+-SnKk9c)y9EPq?-Sa=j8<
z;9a;XE&7mnxWD`(VBFwu;bZVK+Hvg8rr=Jv=jP+Ly?sGljZtphN#yvHLivgy^$b2?
z07|Yi#hc}b=kq-a%L`(K^}ntDDeXe<qv(9UE;agHf4u$xkiwz*40Kq*>?eq(c$8#$
z@hj+Yier5F**djN#WY>JXWj6pb;v%h!qmTHm`f=w@9QHu`LZHrprZkU`nyf2azDE`
zhH#0wE$25+Ym<wms;kGim}{o6tdYRSn@MQtzVS4u#6uYieLz|u9+-7LG|rflC3NRM
z=!v>iYmKU$9`B=-vxR90snV~Duo+1&0N_!7C0C&gL%*k(O_zz5!Bo8;l%zn!Hr(*l
zR>Dm31er2853YW2F6BU^r^_&*KEM;jZ&x~8(-vjTFtK*8Hhmi1PnlyLsmOM=N7^{m
zzBNkjRV=mC)3Q7-FR~O+feCJ8WAz1GD(vF#(0~v1&lC6YcT)0nL5>mPsV}%so}$8{
bZjfMEMoVT1lJTb3zw?lnR*|ZfFbn%XqMw}I

literal 0
HcmV?d00001

diff --git a/scripts/automation/Radius/images/task_action.png b/scripts/automation/Radius/images/task_action.png
new file mode 100644
index 0000000000000000000000000000000000000000..803c6a7a7153e526da2d03bb099a6e0ab6779fb9
GIT binary patch
literal 59520
zcmZU41yo$S7ARKSX-jb{#ofI~kpcr0cPQ>UxE3qLi^JeDxVt;W-QC?8T>jkq?Ee2}
zt*nztw&x_-JJ}~x5g>(uN{9*r1A`$WE%6No1}+F%q>&M!E%^HBZ7?vX*%spBiZbHj
z<cf}VrWV#FFfh`g@d-$Zu?z40&R)ShT4J={#Ox-uVd%1uu%j`##c;{vu;D~IA{om%
zw6JktiJB(g>Y$NxOT0x3^ZT{(M)U17u+pIW(#HU~`Ej?E=gio4lxI)mHcsGnlo*EA
zI8r(eZU{D-e)w(3T?0pUw$X<MB|q3hzrd#&-eq(g23}qma`xg^<})N1&OEymK<~rt
z*{kZd`x81dj3R57LkqeseHTqMB#r^s49>4e?3kZ{{fqK)B&&S*+n?v9bbzFd3A)JC
z4VEckLkd!u%$TxsV@xR!42&j5B}Y{QiZt;hTp&}Rpg;CTp@;4_<taC0GRb-D3mgi;
zcNqk?iM%MjVFWZ00~;Tu-SZPIIz3U@CFnq)*DKza`rLeJQ>T5ZFc9qxhG-4Cqp54`
z)KeZ~I2wA239Q|sZwelD+eY>9$obD?6Vm=E{U#o2R)d7CH>=hbAUT(L#w(5%F*8lj
zd&-e_EH?%t>{5b>>c5GZYiTYQChr<U4P&Z7)IX6yJK@`kuY6=!g}RI=F|%X%4-I2G
zkc6A`l#4{4H`WKM!#%9}7H6QwhkLPEo#Aj=3md^U@Ek~?VOl@#fO&-aD@ww{m9kgv
zO?Zjo!K&Q0*yssHLb@StKZ{#}C~XCzS_dAhKT`z^d2B`+-%OxX3au2QwDhoXMf6;+
zSw)ae^*uTR8Uqnb{_5eds+(+vPXPAwBFN?tz!4)IJqwDEg<0pkY}=0CwQhpjCM<*>
ze~DzkF&mj5SN8qz8KKG#QN<5&95%S)ZQ&RuFD%dco2Sp%$nX;e1nWN}qEUMc-e|m;
z4S-WbsQW>Z33vPk=`#~AT%`Yddqf?W#7^Kinr#4*0d}|_z5#IyQY<#Y205xkkP5lH
zG#0ym3HhgOICoK4MdY^_y<#ZQ*uOs)XJRPgsKBXye$3+E$KQYJ4BLbX5xvc%Fh}=*
z_YPKKCCKkQtPr-w<S=}Hj1|%;yMe$<G8%NXF=EfBgFzOYx`B2MyyF%`Zug^6g!v*i
zp`=Bt{1$J=A62Y3b5rU2G@%Mb5xQ!Gr9^F3lOm5&KtW=Gf;nT#FVjr<34po2GjB>5
zK&o66KZjwwcHh*Q=HZhEvQXqpaF)R|>!%M==tOuyG94uyZw&@nLs)6p5?SlnsFH3q
z7!xA7Iu?z*D<|eZ9)GoFbK$8&S&BUA#x$a_=LMmTBJ72ubvf84H^413FB>kq>xkGQ
z+~O#7S#6e{uikxV!OjR_>7Lsf+jzVfJC8-+`$5_ngDtU+<A|({jD%tnNEC?E^-(F^
z{Im0?V4T>WN1;1ClAF|<;+xvIp}F#o<V=(((nr!exjDHExfGK$Rd5SQ$D(>-3DG>U
zR)0>mJ-6%MqJGKPlnl)>{>H6*NQ+MwMMq{*z;4QJO^`mUmHai?G}$Lvy$V57NHgJ>
zeL-h|ePOGL$5?+5XZw0baGTfBYMXusFt8Gn8Vw%Q9z+@d58@Ba4e7^|sdmuqGq};6
zzrB2iNvossAwRo-Uj>UkvB}>f+9Q--ta}pO+*%8_^ruVUtT>UnieimYxZ<!{iHcw`
zue8(z<iOek)f?^kgSX#{ri^ZAUXS`>?sUO)`L(EfdQ~dBexqWe%zfRZ*}LFhiC?P*
zx#Qo*OBI=`8qItuVo<p)(EH}i7sWkhLF%fv(PDIUTHI;bXGvknFoRhDES4{@DtIgi
zn|3YKSMe<rowJ{ko}``O1+(SL%s5ZHHBYcipYs}3G_LqS7w#xYW27T1Kcp_3U8`R#
zW%X_8vw)6(LbJ?c45m^@Azrz1(Nq>kS#e>rqHDZuz^S*;4^m|oB|ETQ;wq9i{Im3P
z!~@eq4&or9b%0I)Vn9gnTXFSn=WfexZAlHPe5I-h+Z;Wk`T1GiiH6C$U=-``W|XW8
zHj_ML9BYPc_CAm&fqY}-1d9ZVfP-j)6~+$6v69~7_{K8#@O$nn<}17Rb?@okBQcR`
z&}%$s?rPR)wpFs%ZEC4%tyJY}cxso|+SdBm7=7=qUodi-OR#Jncge8{IZ+qz6sXkA
zSxIUw^Dgm@e<t}9K`_i{s^`$b+aOQ^<lQ<Sm>6Z7x=7l}0OSJ(01!Y98v6Tld}1Be
z<C2qMht)H|{Vw}Z;KCmJe$mdLL#d1RX8u;6lfd>(xJl2~?<A(Jj`jBV%^A+G>l^!(
zi#aQJI|o~u`wLrn>+eogHz4!cO9GwEou146vu1e;%`AO$Yp$thBz63$LuE!$j|-2b
zH%Herk0B50cOodPnAk`)Oo8|hOv`QOhM9VqtQFMA2$cbKNJ6OG$N((iR^(<{H>I6y
zFhv4Iu~?H>Vb+lNk@#9jV~7okC${YeW|Xs^(GeQBO86HPlN?na9a#qjErHVz^BHqd
zXDf8(Pn5fg!#&^2dj;M{F;?n+t1vbw?3_H#Q%@{pmeq7|X*_luz1*ryn*THZFwX)a
z2XL8DMv|z%;~9mlpKiCUH(q>oH}W#`L3!0|aq^ORGXLS!brV=AG1pVolL&_;8nh1l
zZ8y1^i!~rRz%{U@OsSmm?V_-<5FCiwWo&4cBB|w~mGMVHg`7~%Rc<XtnE3{uY|xKA
z!L-J7GCHe3`#bHuD0|$_Z`EXo!<U|4TML&9UB{=yTOfJ9F~?RXU%gPh0o{eluU0b;
zs^Z0(#kb}DvpuB;8pYMzz9)b9Gk~>6p+~WEuPJ6R>c4Mo#kYg&ydY1&`)-lDr*TDc
zWpd_*>IsXjRk8^YRG;Go<5r8ge7m5QE~_u^znFZ{|JB$#=Tr4m_yj&n-Qu~mu3V}z
zV{j?9KkDF~v#F)Nq;90{Uc$GvV>XF<pU}2c>D52Oo?6u^5Gp_|fHVX@sO@@iy4Z9i
z`{jG@$=BP#eEQlVc~vr(E0^0dhoz|ob#J?g)v-r}$J5i>g*Ba0eO(tAPx7OVsQ?_L
zW*^fR9am|H;zU+CS652sV)WuD|6@~=N9_X>hJ8S;;qm$J?p7(ms2c7R?o+#Lo_8c~
zq^PAbUU46XI@n%~Ncxlei4^wJ3ixG&H0RN|_Bf;JKh~kwN!H(_T?))h>`uE})+`*P
zaA=v)kI|>EI7YfLzb@ZiHSW<YemP-b`Ka^ZRAcpG{rhyUc3K#}C-c32ljFkUWiPYZ
z+&#mn`lt@D#p96hN^1z%d^ECBw?gAv`wTIT(p9*^cqA%q#cZ|lMtc~AG~ehq9JpUy
zGToFO)x+D}VgzC>w^nbDuIsL@OnB1W>aC46iQF5kh!1ynNjXLhk`@b<y^QSF=ZiLX
zR*R>LuPBIR2!7bbY`+uQx@DodSD;fEO1BU$CaNVA;@B0Mee}Axiowsuk7Yr7iGIyF
zjNd56^KE)w5F+IgzSMepcud`_r?<0OU1&K<LQZ#k5{5i)hjc~JlUa$di2%JLpPsB8
zd-0bOFUuwMm)h=qJ@14dkFGdU!^xy?6#x9#+JbdchKHdhgt26S>FMRDzOMPqarMgS
z|JuWGbyG7Bt2l-E`Hmk3ZUtsO#9YWY1}B{`q-z<*+J;HD+Ue{%T$ma*A11nq39dvF
zKCcG2PR7pB{+f5{Ye^pQ!1K)FeGKbYB_}5bbz0R-G-OQW<zeWdbz~UW5DORtXbl!x
z2%!ZA2L5+23=;H-3oR0vaR2Fr3(AE5Z(aH?Kv89J85!tP*~rnv#Ma5&&KZ`tAL{(V
z&RVEwIBUqu@f+FMFdG`%eK%otv$6jR1xC<~A6m6BaW*7(v$3{y;&&6G{2PKFTK}t=
zg_8Vl5N9hPN)35Ma&bFH6LM~5R%TX8VN`N*azRI9Q~qxflK)1B{u81!cXqbtXJK)5
zb!B$tV77BKV`1at<6~iEXJKb&f<iDkx!XD$x-r>0QT>a^f9Ob<I2k!w*gIR;*^>W7
z*YLX?&{>F*@-IgJ{ryW$6E}<hak6##w^~pIS^nx_VPj@x`7doKs^DL({E8NCCf1q~
z7B*1xKzRsr@p20O4gdf3{Ey>5Fg5;%$<4|2Pt1Sx{J)s0P9~1xb~aF!&cgp2nSUey
zv-97Gf-HY&{trw1%glebLhUS!D#-HRF%w2rmtw1gf%yz0BO$8d278=_<oEW=Z2#Kn
zkB`&=={O0XFRW<<+<q~}{Jm~pM``Unz^)mvF(tSXN^A_|^bYvL1mVW>x~ysGzo}7&
zydY=kJjzo`LQ@<9&9Qn%iU%{r>g|WgKH91)X)aF}{hogur%N<rUoI2d$7|>GWFv@p
zxP^g7v$fJP-;j}EDaa85{jjm&#K;p6UY@QL7TbN>FYeb~U!-W#-6-kSA}1#&zj{qh
zO<^c21?NbZ15p)tHxLE~2eSoE8v+3Q2Oo2OKT-Xg#^=8XVy_`!k_t+TJYUBe8s|tx
zAOkYfoC@|tlhVYeOs;QmI0EgF&)Q#o9FSY(K0+D)jRckAGbMI`PGePN6Ph-g)&7Os
z51$5w=<W?CR0g#Yb4CKAU`5RT3Jb;Y@A+tdIY2YT(*7idgh`BSj|y4sz!CJgE>If1
z7Y0{&Ko0vz#WdMXIdM_{q2&d#L0^T>^Fxi(9w0;cr`|qCh(|f^+TL5WB9#H2odUG4
zI{%kdDv?!6wc>A1SFDB+yBuAfN?Jb)lLagPME531L8E^AKk@yrr3K+;ic~pHrGukF
zOul>BS2+ElxJ9>ElQWc*L>w?O`w$WMUuB`tI&l5OPUssBT)gY&8x^M%ob0u}UVy9w
z8m0eB&5z_Am|3J+Y2wVq9Wm06&(F7OQ;W4$7FW9?*H>dAL{U{1les9hmNUNq0w*=n
zGhc=Nfu8%;ztL%L!hJ78%2#PDyiUO99-{tmw-r^WK9=s%OMN+iA5b1*2KCiNdlrzk
zp;n;Hq6iO<5`Orp=5x=Lb~V@j?F@}MUpypAu~qk~;JkjN#%sW8x&+eb{Bpk+GJQA5
zQ2ya)m2o~_o{0Zyn1k<tUZ>8QV5UrWsi5AV6Rzl69_r5SZc`D_SLu2z8|R~0CYAWi
z9koXd5n>D8d0$n*R31B06{#AuPOSQ}#5%i)x*?g2_^epa(i4`*)A(I?@Qwq%Pt7RV
zEP+LXVK?H#cC12y)m&MhQ4ZxyfXDvc&B;=PL!Z0r#25T{EpV*RgX<&!apz9_chr(?
zb3_gb{%E?8z^ApPKzM3IH0awI2SeO-yXG0i+;q2z8%aSd#*9{!`!)ziAjlrs_4q!Z
ztoh*m!_Mu=HRM6Q##9+ccgmV(rc}qj?7$hfl#x~up8`wQzVi)*{5BeCdU3V!0B#qD
z%Xv|&bfh^y_g&>&+H^dFIxh3%2Cq#6_Lc!=llQoKu^Lm;Y10vUa`l+-5_0!5((<bB
zt9M4a{n1t(aM>C`$hI*+-d*=k02_LJIp8vBW0&nmcVH#TZ4@5O%Es=IwL@8uQ`;LW
zG>(TIF4N9q18}-cr+WyS=}YHff=Mz&&}r%YOElW8YiFr#3?6hY1Cb4au`wwGd<BgP
z1Oh?o?^P%lm48wj4P&RfpWfG0nlq@DIiuIwuEufO(r0=AEpcqM7MdT`59bRgZ8V<g
zL|0E>LlCMRF6<3HiMt{j;(-Fqbu+WD%5ytywkief*#eBTzyK0@#mE+72{)nfND_hH
zsBb{aZf=-##}%X7Tb^WAAr+hf5o-uui5ts<6n`xcv>31}Y=ImadYBZ}k>>f>vLFri
zK6Jz9Cg6UJGTd5>mo?Ya0H2qEK-$W#n~}`)$%_~-?VZEU0{t-Uc`v~z-dI7W+i?E+
zXJHVb@U;oU5pHt&EKoa5WWQ@tt%6!YXIZUW&xW&jDVW>-qPIk@)dRAByXMPd9Nibb
z@4Dt~#@n_}b7_B$9w{syh=y(|fB#vxWh#0}LfDkna=Kt6R@^)NVlr{>2UAFwMF>^o
zg61&yrT-0NK}u-k7^liM4QVMjjC#)K)9^2#z4!D)f8Y+QXO7b(!KEDO(GSdG;oRh8
zJ;VhAq{aTMC>oZNW}B$Tj+4*$dODE-V|@1Ae52L1UTqvpbv8?g;Q^!KYonRfMk~wA
zV*9`=q{K2Zh}(NI2k-Dky9akfg7jzc<<pK^`gt<7JB$uTJ~9ve4g?EQg_>SD;QJ?{
z4#)9c7k|7(Ga}xIvqFeq_gS>?tl*1a4zjy2_?#&4jONv)^7&sYUl(<zKyZOoJ&3pr
zz;lVi7j#F_Ln`*yiaLH;kZX$Ndb%hMo*l__ZD%JT6W|*)+CvgKZrTE~)NY25;#2d&
zHDI6j{z#+Y!56f}@?h2O#77;S6L&$q7L45L3JN2d3lY|#b*qEN_hH^bLr(0Z>*=(x
zBDOe<^%0d6X68Lc?nLzJKz3|`58*ZxS%Pti-a(^qzQ_`2*AR30ZR8#}9u`J@Bt@d*
z$2W4*ZP?oxi9P6mGkZjd>3%(8+j7FoCcZyA_9iz=pDe7aODsdzLpvJCKaS4}<F&s<
z0Pt*L`kCSLaL~r)M@lLi?k_ycPgb!3zn5%__7EyaoHc58OdxdHu%!`igRJ}D9^ugI
zinkTao<_|u{%Ze2h~G1zGT2K`<7z_v=tZW&Z^i4ht1(E37p&B`+@UPu3c13my4$bQ
zTB;Km%Z!DHlUmflw+DE&<)E+eJY~^@{JnLiBd?p{F5CY|l{vQMHq=&9qc~}ax!(5M
zy*>e<fXLW;zU2J&pxs>cMk+{g<=&~SPb7dKidc>QqF|$+6Q7}fhh+W9_1maO%WN38
z&o)F8p4Z1KW*dzjgz{8NI_j^<ro;I|w_`r0aw<&ojSk3wg{(>W*FxGPagxL5jAK(0
zd&BQb*W8dBdk)y+tz@jYjqF~0&V=3|J+lyAQ_NCF#<RCSkW6Xs*V#lxItXp9zTgi{
z-<|slAFsA9?H8}ORfBZRh49JYm$E{zc)xq?+c=Ph81%NBBZZ9m^>ZxWIBT<#@+LyA
zl24oot?DAg_d9MCM9viPZ-V$UvbqNdrXWTKAgnqvmu#EXaFdR}*8=f$AJU3&uI-Du
z-KDhK@sO*q{s0mI;oEzGAIVK3FL&KwT%$ioV|9*;@;`kxJo9fcAa}$SH+a5^q00Ng
zC4c_%BYyd{8KY|+k#;LWsF=#v@7)AfF4&Z&^5rd(WSJU}NfgTge05sy7QsH8Q9^Zu
zx=umvV3rWi+tVB_B5ozEc)a+j%Aq_{Cz%uIKFMPmZcp*Bn`-Cf8?nXWEqo5IlLC*A
z`xK7_#>Ur32TlVwv*E#^X$r0A4mxk=Cn^)-RS7XE#<=~l1m3xvTzpH^CD`li?C8~V
zWp7|4G%QG_YmG42DjjMJHJW8y&f(l5C=qIv%h3G(XdfBmG@n*nKz8UA93IONTxAdv
z%Q1jSaf`MFRz!LsN4~|1n)F#SRQ||+-XGrP*y&xp<jH_ZF%_c-b!#TE$4SK63VTj>
zV<&4iRCuz9<n1q(D||?1iZo;E&aMT#j<K`ZwsX9u@*~PjG3P(?8r(UUm`S}-gun;D
zW0DXPBy<La4ryS86hti`5l8P4a5IM}hlDX+Yhn${8QcUdiSjY8OB<DwkI`!$X--vi
zE|#hGrSu&WKJ--MdhqFILWtZtB<$ev^;T?Kh5NIJp8MYDzE*Gy^DiJC1!3dMF;`!H
z7CzovAhG38G3Qw=*y_RN-W(@kxK1^T3GbqP*~%C4);X8LSo$#@F@@j+tZTX-_ovnY
zQ_bI_@2O<SR8JYsU?toMXRpn&mtkq&+dq&x@`=qO^QFBR#m_w%_4FExCOgeq`XR#U
z?m|e+di4|j<Z#XVS+JVu$bftO5uDN9X`Cnbmz!oF)iFvD2x{xcW;X#Q4fQ`CO@_Ss
z^Z|+7(pOt}-jC1lEK3B5Bw?zjX>mp584nY8Q9Ri!xmY?M4qTsR^AxH_ou?m#P}4J3
zb}Ds#i8rfc6(2w{?R2BV#HWV7$=F?V{=^^wo#{I`L>f4EuX8yhFitizF)Jh4#c#63
zjbw2hjd|`r0we3|KZ5JX!%Q4`keH?SbK0DPn#?n<O1vds#}UWeE>?wXqZ0S|Flfe#
z;7$H?zj^l@$PB)z&<SDxV<dxx88X^!qrX6U?m~EGfX)^h;NmW5$PtBe6luDjFSHB8
zZH;y#OPTSS)X`|pgZ4%nSl8kl;kEw*ulpe;<O<=q@%2x&K!$_QJ|_0In>Ehf6(S(B
zECZMYor@<SR6Un2dw9;;So=LCJab06(beg<($xW`GkA;`dr^>_Gr?l4^nIQ_*puvV
ztRwf}JzlYd1u?a?+d&BSrX+=T$u)Z@)NLY1SjO%MC`_}ZH|#&(ikj{&_Jla+Fk2_r
zY&Az+2_67Z&$O%NYvBaJ=e|p>iv3QbIVa7piahbh>^C32%Mfq`LM-Pp<1@S@AXamZ
z5E!dDjId1XpGI)@JsZoLcu`28k1m&+6K&=Tfu*19*XJps67*<<l9YP;2MnEyXzu@V
zoc*glo-deXC_UbsL=efHH*{QIJ5!BPta<&wcE?%q4#!-Vr?yAe_q}kpEGD#G&8D7F
zlP&U$clw#P<NBT{vs%CfJEVe9O4}LDpB2S`8#}U?m&Nc08bxG0!m#<jT$G<Qa194g
zC$%(Krb)R#Ab^-9Uis(y^$+QegLHjP$ZKv8YNG+1A*qIQot2#CmdE)Ii1$*+Jy@`M
zVi9Cvzq@~{Bzen6#{AYp_MfIyloz5yEdFHw<P45BLlvd61W?3nWKG+W$zizj1%777
zizaBe`=IM%E$^j4rS^9yh8yr%!j+6ha<1p=KfHKk*m{H>I%nCh+y4sH{*IWUdl2AA
z_0oEt<H}I}8lQhhaXZNCT(0vxKclx?uoXXX1i2W0RQN|gLnleTDK(k<f##s>ubu1P
zu@~;IjubAdaH+}jmA;3xzI|jcA2YyE45R!5!@ueN1?Y<4bGL!CC9h)tVqbw*0Oljh
z;tk3q|9cDkH=*C*9fjcZul=N+C1>)Vj^BRY#YO`2k*>dekB?6zb{X{#o`Ijg<L%E^
zQl&xn?qFqPDaF?c@q!RofZ=yn-4gu&iUw8701gR@G*`&;27x!=_(K;#PnJNC<1Jfk
zEOfbq{g38!a-Tt6Z%Mrln*PBf$&WWkPE71SFi>@KSz#SemEF$sj{c+j-wZb2vZJ5`
z{T&DY%eWE<=ZE~lcU-Q>QKUkH3$TVBi|$kh1Ndf2fbMWVIGO)3{);H4KWchZ|5O?o
z9+%Bx93mLdo(KL1eQY>FSa(1cB9&&gR3vehcnBu7tSj7uQsFo1B1KWa5)AF{|BMCp
z8@P8BUV_#7x)0|fV-lii1wWDC?2(}XkBwjnJLz#~0>(UirBOeo18UA2mFxeAF^()D
zxbs`CS}Do<Yh5yzPk9#iEDG6<@X1m=%f=&aDdxwmMl|k$#d7lqPe#ZeYj4H_*(I?|
zYZQs&w_Tz9Q1>W&E+?)u)TEfibpv{6K&Aq9o~vvMh-<gvxd*&HPHDuOf_`5tzlkzF
zQMc&h*E_tN|MNc5jR2=o99bgqb0Mir_t{8TnaoZx6TyRGTTgDS8%1=<o^90)gWhQB
z<UECuGNH#eb>toq|8IOj7i&V5{~SEA4h-n9tSEl{o@@foUbvXq8w05@_@t`>5%XyI
z^FomnLl>|0UxR*TME>B3Duk&}7a1fvY08JI2v`xfayocF#=A2Q%<@mBc#%AB5r>a_
z<f*+o)fJze+6Q>pt)&Hb&ReOFA}!LD*A3=~<k?VZx_`84|0=M0p{U>YiBwY5x&k-4
z6hn>jg)@B_R#;8)j#>L^^5XnZnCCe_7)+}_jh2x;dbo?R9R5QA0_rdLV`p^VCwMjy
zy_jb4kZ^8Ra~Z;U1@V9U!D`iK>Pt30my$*~d8YpDrSiuYyKh?M6r3eeswvHGu^ZMG
zSZ&J442>mEOqdhdW(@K}{0j{h$UHgIe<CjVz@s@?z^Y*fHKTOZp$!nK+WTxYC6-a5
zlP#s^JJFgJ&b2GIgG6CWepVq7fHjlHCVdf?SD|elK~!*Q6Q&hf=U_<{X!dX$%LcIU
zU`IS8O^dJ@2cw^eJ&42SkF6|@L$4<CCrzM5qP1<sWO*U1*>kU!Q3YVQiJ^8A7hy_v
z(;{E5Dj3%1UB4vFa<<fi1)f;5=q+<C(C@D5Jg}p^OnM1o+ms43zaT;?Fq``{y+6q?
zz~PJX?(k4Zd%rR)3OpFkK$IamlrY(0sXn0`B9arsR6JQ3F!Q@Qg^$>6x%Xwqi0jJD
zA-?E^|6WQiLa(tuAM+w!_p(RQE;)~+EN5x+6DCcjslcM3DZ|F8m6wY`v6!s-+vY-&
zws69$9Rc+uqcUANj4vLVcPTmQ@Nyn!;CoM(R5@V_sZ=$D`|dxBSXTUc4?Dq%wA!WK
zPB|Pp1ii1L^;P>rp}Ifj&`qq)7frsU2wBhpGkC~1UdEa5K4f!lAjdVVhUV;hpi}vL
zj4(n=Ds8;-vE;C`@{5fVa<4LaM@LHpC;IxGemKYdKz(vbgZ*Y(aV)2P>UVbME-pK9
zm+WZPy}Ivbq&2Hu9^184iJ4dNk#^P5Or<jtUjpLxI;z4EZO{EyYoJ!AsP$YjseWlf
z3K4zfCX0n!=Zf?B`rGV0s=`Z1ES+5k=b+{dLWIR*xaHor_A+}T-o1wcC)*d7lxa<Y
zyqVrQ-yHjR>KHFW*iyk(6sRf-g(`bWqvF~%*EU~|g!L{II;cuvA?-)#MGy^A2-?o{
zCxhFb?P;oxIq@S$i>g?SYEulGm8KcD<TnqId(Z6fkxq-WQT)-_JDhev*QOSy;A+d^
zkC&5<&;Gl=6CQ?0WLu`vKb&fpF;z+&DVqIRC*~h5meM~h<r_9#=v$z_rPkAKT=5!f
z_8*$kdacSA!cii)4f$GA8<Y<eUg$U9M?JF!^?JO(X;gU+boJUPX+@P8-^p2E988|7
znqM2Uu<(YjL2}vPQy#X(B~f{%QU+TOep#P2@SKVp**=GIzxOc9XXhWE&srsjU6wsK
zlbW5%r{r>4Za@KoX2QHULMVu;a1{5JpJs&itFZTU)FKGm@}>=kM+A&GPeO6ps{Bki
zhU?sqOceBw?3T6dJT@E&wTfv*grD9-SgKFy&~LM^mSrAvRMi#NZR}ghZnW|Hpo#TY
zHIJ8OtSNXOC%^(zr>odUH~f6iNpO?;a0^z;?HdZu{OlHl2%k|`oWe@qC)~SJKO&~_
z<E1(f@_$S$nmd%xOgp;o$A(PfdWV*x7G=od6K9e(F6vXK_$)c0?1jOTG45?HclI|C
zpDaA(z7p3GSy`=J+aLhAvj91L(}pLz^EQwE7>>yPw0P^9J+#FU+CUNkmt3pz)`YU=
zQ~suxhogwGwU-;7rj1~t@UaM<Rq4Cy)0L&WxDk)N19|Uiye|qm7W}MSENqFC)4j%j
zl35-T6Z8utjm+LAeGY5S_kFvaG*o-_FtzuZvg!IEU|MtO66Im5zMoEZ<mdiSE04&n
z`2v$KEp&9P(?dmB#@jhg^SSMgSsyNP%?L(ziQL8F8~2S|UeF(;mcZyM8kA|%blvs+
zQ3^NE^V$S&nur%aVUmf_deGA0={x7``+B<amc+aGtGiYI=WCS<d#7an$sHqa$>9e`
zApDeJ99yh8Ba^RCj2hGf%^<R5Jfj=tPSn^dx;kwuY`X%K^GwC=k;&Rpwc^RI@{P@F
zo&Q{9uAJg8#<f_o1f3~u4a;uek@RVjUEw-3{rq&I@nvOC?>jG^cp@3wSbWYQvCz@G
z!}}S`#a2(A6Q4Hvh*bCN-)U0yMNGI+Uahe%aw)_~>Cwf9MN>r2!oO0zRfv~StK><X
z9+TJ9$CNHVw{Na^th(e_BRYw<J{>qKq=JX}i%xz%?AQ<icm=*nYHWRV@|qW}n^`nf
za~WvUv|fFVza^$)ynz61!U}6V`%wqUfJ8#giYKEg*yjWKHGa0O#bjL9`6ExIH4gF|
zmXn_y#M-|2!r-M9&#0X>n8|C|u`fa1uUs#?rIamjnRXebG+N<znvNy4y|ACQkGP4j
zi=R+nTE<p28X8$bRzA^pB_Upq9M^9LjlqgjN_k<AkFDKR6j+zcUk~Yd*sXATxH1X1
zPYK+W+^4C1$XGMKw|seux>SFS8tkKcl6;PKOA8x@wVNQDj{@g2M&uOu%@S+MxYm~%
z@`nk5CyF9gSF8z64h*@D%!n6s54gEfYuv*gdeN1@;FmeKRa#{`2*X#s4*8LZd-Vmv
zab~NaQnS}oM9)Mvjz=u4W6z2zavd)lE=w_z^tRxte7nu}-B^iC`QWi<5iQU2Os!Ff
z4`vBiYH0*qe>L-kl_S-oE=>xn*xUC3UrHB$SP7y_UgK<vX9+xa_mJfSN~Vo)9Bd>y
z?*A%rj-TBQZ<?(MVMk)h<=Wz(N|Aq)z`gQxPLII52V&N<Bmm0iwNIF&8H7zHx(h@!
z9he!tpQ@0L*b#@X8mVIBY7V{vjM#f9o*h40WZrfySFEu%z1yptIaq%oxUZO763L~q
z5l|kP6!b1#JhqDzy$d)ljhXd(*m*VQMYr;pRpQXGjLPGenk#a$QF+u-5g++6yU(TT
zjZ`1FhR}d9%zb16%+n6z8Q-Oxao<;8Mszo`<wz#_IO9HPcvBn4QT=w0<+`A5qlFN_
zM6B%<*KHh*H3;dJPp!~Qqe^tWc>!=;rc-IF_}UlTco_3=ZxxmEv{wC8TVGmt&v<W3
zyna+nXK-c5`l+cQw)EbT8`ntn>Z?ca>mLarleu||=Miel;*pX$ix%-kXF@Kk)(K+e
zS!%;VWQ3RWrh6Ma0-oWoT(m{(^-5Yo1BxOKfUKsZTH&fu=Uou8YFqN^olz7YRe`P8
z0vBD6r1idovJ_L0bDKkZq34*TM{Z7C`|v=5+o0=&6fft{%o}^t3u&W-kIN=sKu<%f
zJ^`Z#6G7~%pmuap%g?%=&bbSAJ2-_q+x}-Qa!hCZu|+C{-@OnEH9viA4lHXqkRn_t
zN@<!fmLca;y}7I3vKWcy8s-PLOSh^C17NEQ{JDmwt76)?wboowBM!*=esdiS9m@$V
zwuqvsBQ%EoFu|i%!N2q3dgREtv+X8e1vO62mtBu|?SJ>Mop4l^-AOfnvE^#s1{S!;
z4Kqc!+yZk}Sa_JEnn!BF%+Fgz#;G`FCJ(P=YRa?$*Ebl83tD%aCR@Q2;d5nn79~?>
zDP{~ddd+j`(h^(Gt$a(#2P?6b<(iH`pNCQI%8VAdm~eA4X%;Y}QW!g_EFuZB`opPg
zyi`(#W<DZbW}m&y*Oe20DJNX<zA<?0*YB_pyw3I=m>)rID9yR4E#1yLqO7fVP$gJ#
zCmc4Nf4KMNoM|>IHD8o?4L2#M!q&OQ<96yuy&maK98Ve1{-J3UccA~lcw12K^V#*B
zE%}9|d9LZv4dBEwe|`I8NgR4V#wr|Tl8niHNI4cAFr4mc@j3sN)6$Ekwb?gA)9mc=
z#j6;UK1y<Cwbc=Mkd-D~UJ5Ikl7i9vh?ugHQ^$wb7j*cY|Ct1cNqbs~*}CmYsQN-x
zZv1E#q_IkvoxT`*n{<n5$_oQq&8g<z?3`=k2{gIU|Eyo^pr^f_CSPyWO=ow{n4+`|
zjEnECIF4W`G~xixMa|_`TD~Ux*e2~IK8VA<y8G&|?H$CqFj~$3+0K87_9OK|O6Myw
z&E#sucx)BbXP^O&?274YFXyL@FLKXKTtRpTOKlM2x=le;L-A?*%@6QSCHzv%M{%aP
z@WxpTw~qY$w+<=%zGT2LTjQyasRD~)49m3=*8?tuSlkDo@SU#JoCK2s1KpOZyaS}_
zV{M=a%a}lOBztW}bKuBoTl|MJY;N~o)506vt1g`%--rP8nFgYK;k?>{tt@gOT{hsB
z?U_059#@_ULFjBbEUYvxxj}Ui8GQta)y6g7WD)GH{28<WUC!`cF0XXDR!jUL5?h`f
zIF&LABg=AeWB#6DR|pJYKhQg`3@j~Q6IF06Hn~0<t<ibCbSPlw(W%)RO?$~uwoqB?
zi@f=`G;lJn^wu~E!W2U|WNleky6XoY=NYQSo{wfRSyWl0#gsv4V%8=tB%Caf)}sIZ
z=*>c+WUKnCEpKYUoK#~;eLe$?Kg%D};c?%E2oZvz%GwzWf_2hNs^4`ES8xevGvMcT
zg{<Z?YvRo?8>flW=|FDh0=q+{sG~;k2&0yZ8D6*E`FXf-nB{DVh1X%YM!x9}mh2(h
zr)0_ca{0Q0O!&-q^g@U{y+jX>xjT1>z^nedMeC@m`lze>Vhcvy=`#7$Ho`sW@}_)m
zvo;B#8NNx)HI@=>e<tM8OAEjf&UAg&$eG-t#dMzbyOfMQ;BElh1Y~g`WhRl7o>c1O
z-H?`dd(Nzx`H2Y#P&$jnZX;}jQ0s2^T_$y+uG>u@63?2RF|%BY4y;(u(!2RYl=9WE
z3ZqikW#c;HC`g%x)Wo5c|L{2gGwY(WHf&4sr>>Hzrq=TV#Nka&zI^IrR}h-+t;JfK
zci&~+5vl{@&ylD30=-X22{mKS34Kr8GYvSOG9wI3Qpgd<PGB{!!L}<+qQ!wZ90l2q
z%*%B)+6xh?e7DquBk>1~L>TZ{InqqN>9-^iFD8yMA-!1<_7Crho!sv$5^C-)&&<D@
zIlXU{Q2%AB9Qn{~y!#tAbWg**4NRc>ptu;`JKeu|{oT4qwOB2?ImY-rhn2FB0T}29
zAO|_o5o_8~{pQ!<N!W0@x+)wUkf#-*3YeTuzpJTnhG-B%T=1SkIEC*Ngvun}Y@b`b
zA7cKfzI3llrYgG#Pls2-BvrxwGuWxpiRwtQ@B8;In%LH{ef^eOhx_S^nxZtva8{1u
z7bmA4@AkNE9@}o16h68?3g){uoL7UV&bvSRYUEd1)1><^H*^nHXJgG%dnv+Q$Tpvs
zBV2s(MD?@zMP{AoG(<GGlfr=|iZsOTR?ixFhCIUaEXXV$#rXoI!i3_=K;p+da{XuQ
z>G}ne`})!PH5x#Q&LvgP`h1f#g`Bo|8<*T)O@+HWyg`S^YWcua1r4SlHo~uUH9L_Q
z{RJ@3C^O&>$qADqh~c4ZL(VwQMmwajp&mXvN3SPR7_2Uaim2lRlCA9TcG|pW0!d%K
zYyJ`D+84<1QAg}G(f{FhDCl6L*o;>yGF$d(vv*}Nr0Ofp=KNv=conPJ@jM`0IhjO%
zmH<E^AheSlvZlj`0WMT%dLS?3FLm6&pzILgjSGL^Ik~fqa?8K95-ZkE5)&s?wkxrB
z|8rR>t7!P^LS`>NC6+P4^>DgytDvhe-6)8c9@+JtH|FsWQ9zF()YXAzDW>H4Yp_Gt
zJT$?8i=c_pyMiKG8Z#>5UNo)6z#C1?)P{yw(`w}sFqYmNZke&H;m}!C`7pkB?VL!n
zzs<+;Z4Qsa%Z^u+??JWmY5?KzF|-kEFYT_)aPkHln)DX<+lk(F5Q|ledU;UuC|;d^
z^@M>1)8*tN8qqbC=EHX$Kq!dDNZIikcR+^L!rK7Q;(I1mY5I7wt!SEv1=l$UhZ00%
zRjPezA%{#@?eB*B!#yY05I#L8?6oFYY&)dYE1W<~n3XD?QL5x|lPqanB4A)4zHtO?
z)$%@Walz7tfPEu8o+xdW8<#1<4CB)v&ZyhRZ|%52zBR|o&2t;>KPN0ZvilFjY;j_Z
z`Ecz8KH2UJPC5$^9be7|8<;Q#jF*D+Xb2tJ*y<X1uZ?ck?+gb%j4`q%M9Qm=?_txc
zPv~%eI_6X12(s`c0Zcv4=0%aYjn<ZComvA+r4hUlmUS4@jE^r%-RF%hg-Y0GFWuzk
z%5()7t8pu%41tP)we8Mtf&t`e_>3!vp){oa5<+&z$Gd`71yQJp2kt)wc8(lvjh*k!
zdn$wILGXC~>16s~qzA#ThlLf>xo0cRRo^mC*_6uZpOZ|B^R{EtJwuz)<FXt@Fn#k`
ziH#&?Nnm**!_wpm1mm<#N-PA>R{qS-$Zof&96M1)CC-zk_<^Rf2=abO@Q%v1WbgpI
zCr(TWgcQiEn59UE_T52tBU8YJ_{v$j+ZyoC-D?sB@Y5bg6W9px`NdR(Fps#Gh)o@t
ztdkWvt8$bPVAzPIh=6e^Q><RQt2s5BENa!rReBWZ(jvI@tL`M`P_|cCYVhkJ^rRSD
znmmpJmzIP-9=To0_K~=Rr6d3<9|Ik;l<?uc1z4~cv)Mx}StDPl*=2l;32EZwWG2U4
zh3rTd$e{Z)jqW_(46?o<F=-IzI~EG6Jl0{a8=)yzUOOI)0q-3->`zPq9Ew58k2}fb
zOIqnCeO0AUjTzmc$BoboqY^+!EK}%t^LiZ%z`JHQF@MY&?FczRl3=J4G2sjGy~iRQ
z*8PK_x&lj-3CIj?<GS!QB3X31(^P-)XKK*q+djt{v6|8h=mnfLqGF;eUI;)pa_Oh)
z2Zg#g`~WB)_sVz|=z*@Z5S$Bu>~-|egjkAT^KN~;1~AI3z~WkD79aX$Q90**TEl5Z
z-0KX`Sv&;wdMUN~z<Xw|y%R^J8SQn_8UFd!4A?vndZ-pRwic7zrGbu{@wszxH#W&6
zdiDym*<?#Y0QRzFP|LDaFR}iq);utsXwHVB9>t2Ds9}8R#TH&tH;oH-A?rsXBHVwG
zn%!^6H<XD!cF~<RL_mP)uG5#LE5sb8x_`l$dDQO=ez|>(UsadnY%@a8O-caUa&}%`
z$ixA4U7Ku%53VEWW!p;<d4noH(1Lh7F<U`f#Myeh4g#9ZEe1Dn>dCh1?zIHA0<+1B
z_D3|uUX<awRaFYxJ{NEJV;&XX*Y*FFWn5xrl65)Hl!~g>6N-8aU1N^ix+QT)*zzhn
z`!o${jA3yim=RG3G32y)LH;_Vh*d86TGj-BOdQFAxPF<kker;j@{{TbP28Rzvhx54
zk?r@7?bidV^b8=*1r54<dk#NcAPqB-1}04<+I+2m3bz`_8!Lv%Dv1iV$+m?V+1i&y
zw&<2Bs`Z<vU)!5HE^0LOyKZE$_G52WI=9*m+&{=~A9-j(FI!0$2dKM}Gn>|1SBr%=
z{b!QUzvNdok1xVEPV{{JXln8NaXMn%Ydh$dQzO@Q)1P{VsU;&#D?Rtzg}O`gp+!l?
zrMks$qz5WTcJ8e4+=G#yYsS=9U}*)4spgLB+Amh4{-6Y^$GWp&@jCty*TTx0N$CeV
z^Nj|y2z&nI9HKaNZisOxB0BK`&hVVF_chDKT@14I$Q7Wf5;oJqi)_A?O!Zat=2bez
z9NmkC&Y5Pf1eEvL!-XK=A;r+4dtRuNw!Vcml)@QzU$ZwrM>aO&mp3y;x%AN?eup&h
zqn1$po?1(FsENq;1($-Wi28ejr)xF|Vwa_$aSNuYrHz-vhwICRh}5>s4TKc$&xjz=
zhOk+2kQhUZqrz2aUsf!v&M3t;uPr`hlt`9w+G4nx@De_g_r`vx>QdpXEw2$})x{Tb
zwLMEOC0a78>%2dg78BOgAht+XaDN#~r**L4V45kGQXl(6(!TpF@Ai+{!lO_iaotuv
zuF--<(4k>quncLS##ioySXFa5f?vuXrY^b+_((hm`uQYCB9AEg@5?^|sHV4EAZf?Q
z31j>L194vnZp#^+X_`hgB4jA-Wx2RR9VdSEHsUdGhn_FJv*EUdG{&Rddim>l-6jjw
z!_&kJ9gEcjcre;UP?0duh!7*5vxmPFBby>c<Qa8C6kiL}SF(I1+kT7Fj?tlq*uFJk
zleWc#W~FRl(+KoK#_1wml={ecT;>NVe448yhQd_!zt7m#^wVfQ;Mg!%PA4K8b>S~x
z?!L9*t~`{|tRebKg7|zE9d*~qXfvDCE9}jtP}X^L%2C;UKM>cbMW9Y3FPVqXXxJBI
z0d&k`WDjqwc&ns<`lP#790yb*Hc4uLictrrY>CBNXja6NI@Tlz9OB|Yv!`UmpRZKM
zmm(>lZB_&MQe8gYyZ5CA@~iC+io_$RvKi)!t*+xt_&cKdlcsnl0eai9QuBJW$L!K6
z8~q=Z8*3sfe8$?EBFB=T6Dg=|O`5`$QyFuPTz*IB3PY38tm7X;+KAYu-t|mYIedsR
ze+wQDREm7P9N5a25zyRr5Dppdbzq*G;yu73;g@K3Imv#0yd}z@l8WR_=>U?v`L5HU
z|MVeMscfYGF)5A#9lDLj;laARA1rKaFz>U;SQ-4%tlYU+s!>U)TKFvp>S;=HSx#qu
zji<j)a8ru%l}g*Bt>=%cAiG~KBduo;Cmo_BJ=!|nrTNzEQX1})W%q#OLKzXgRpq4<
zN!3SVT=D6|m{-9ym=`MxYSlkfZ8l5X4=43&g)jPmY&^@koT7eGseWQ*x+H>cpP<>E
ze7LOm;3tfSM5iZr+wW>Z9%<(L;VL1vQjA+_!m}?LLxv1P^YOh^ER!xWaK1$YQQnU)
zna`fL-$X?zX3F)W4rhw@oIIS(FdW*{96{pS-I`(rb94*Y-hf=lac#U^8JnR-n>=D&
zo%82U7{gPhrGgCR9hLYKTVE`ZK9b2wD%OgIP1jH5hns8)PLuGjs0h<R1bg^0#LLDk
z5;i!+p1UzOqC{S#AF*C!m=@DSY0?(`EN9CYFtgs(<pzBYN9nj27n$G=AxV|KPRP@Z
znO9EXSHo<|0rx|=qt8_GhhzkA5F(X00&1tZFz1@oPWZ<=#X~HH5}5kx2-}1&Yh%jO
zDi)b-<EvvgNRObq9aNuwC&68SVd7Bp6o(zl6$dn!;gV|0Y?S4GyhP<G2XmzI+~nag
zbz$n#HjAfe=tPeH^jyu^pmEMh{?ZFeBa{fu=!#7M$ZOT)55^Y<TIvl#uQa7$;Er=O
zNZwhcG=B#M@@9yGJ#<Lv8Eu{wA98eUcVHj!O0gzPe}_NN7n>OCJhIahi?_eNG}}!g
zc<)$!4Dm>h4{|82HEoiX(i#gotdLmu-N$6UT^JSK?p>zK{Ul$wwK$@(e`30^$x{f)
z+4{--Hi<8tsmARE_Hd?FMuU9w%RHtR?NS4#*o!?0v$)nfBBZ@a#;yP)EJE2nFsGc3
z+2V296ZD=L2Cssj<#=4<N^|uP#-WYNxyUYlYHFGL^16W;ub6i!C!~p~vjKr&3Mehe
zh72ky^KXA`8)^7-I42!h-JN@jXu=B;)8*Cx9U;Yr)>q971VuO&%uVoEpd^H~Vj6^%
z$rsLqp;;tXW`2_(YO?~!vtK~CvBvrioMTe%yFN{ZWz7Fska)x4eIIXm!*%4D2qH`6
zpO0oyLaJ45j?z^Tu_w@G(o{d?TyRzcwid~+Io1RDmVRUMQm7C`={x?YM0rnSh_pkd
zgcYYF8epj-7Jz7~G{gT)i}lO|`jQq^41ivXGm@y=!R&at)@)-~0JyAXbG2$Ml~y)n
zRdl&zHD0wmPS3wK?UigDu(&d4*;9t4=P>{TV@8E;bsk(!0Lc{B86>!W<#!^(zOq<j
zQ`p7CmZV4V`ifay%kJ|(HJ*O&T&zBPw>L&IC6U+_zHvd5ZoF)6p+n`6HZ8oLkuC|k
z3je7#YGKu=n_{9#2Hp}1Z&gm3jZUd~(3401j+NyI!%>!97U6X8>j=%<DTWY~7k02f
z#0=I+UuSvwed=+|IwI`mhspFoI%Ab%;Or^w1y{G#Hp2mYl9gCI(XC+3eqYR=!?Txi
z??FOJV$z*C(F&hXnaJ!F@FMI%&h;Z_&J-H3A7NF$EEd)@X@fh2qDrLD?j=~ocmvZ$
z^X}E#75;rz<#~2N_wsAD4kY<lC!a$+*34PZJv4o_lvZN~brY_<xCnW=kHv4cA%7)u
zFIIXBuiSNgOljQlB78j>a#jxFIPf3y&3YC7oilojwSS7XHyKa%{27`wonxzs!5Q|E
z9=Ze-;Z*R8&Aw<4m0A=FPIekQOUXtd730|wxm<$4^`U~f5Uim$Xx+73Nz8O%Sa37b
zBk>J4n;ye+rW$<~&CyKtgUu_Lrs^42n|x3^7VO{Myz7FsUI-*CZ22@oPxy!`drULD
z|9LBe(E5*J;@_86siQfrESo>y@1lRtvyGbis`o<;NJ=m}LyXiKDa=m)`aV5PC31a<
z2yv={c&9<sZfDi`3m}+or2#9V5kgarSIltU4~hNrhiMq>z6Qyhcusu?^kOG4QygR7
z#Vwbrt-bm4wW-+#qe!onU$xzXzjSe5S7VIGW*B$2Y$_mK*%JW{6PQi(i1_Q5d8?z}
zD{z(0c`wa%a)TZM-}4cgru%sl*WOXBBr>`-1OO><1XxVZi2xi;Y(kWqXP@lTK3jRq
z(2)6C&O~yM_V$ftIJDO2Nwuz+5@03=pQV(tmzXeay*&h`8E;aqT>*%X=@3xP+Pd;m
z=O#+kw+XEYbv@p>&$3|Hi5SLf@0W@rjSvVer@YLYobrKz`5U*scEil?g}MD_Z}u(u
z(@(kL#J)Wq<z32izG8977MP;Co~_CYd~(Uld842-I`Vi>OR{9~SXaK^iTN%(_HtiI
z73<YPc_aPn+!QFoC--8jzgYXCmyWSFQ(Bb*8xO7tKEMAY9A)RH1Ia$h?RwqHG+KY8
zwDp9IL32qK^A`8%tZn^+1hX*8df9e&2o_P_!JMoMCPc6mDGS7RRFW0jqTIHsrr9g9
zNV=*?iq8=g=pEFHHKCew`|YYvFP4xie^y~loT}a8eMQDN4)HdY@R>fl%Ufq=R^o{{
znyDW5$7h~8H%MEWy0x0hBN~~H43ixZM@aH?OSi{bNtW5bcaOo-@+irL>FN_NLV=NH
zP-(K?#wK3hR0U2g|23r$`-<;gt&&<rvRe9TAbWfT*!&IC-M59!mD|ihO3QJ-l-GMg
zdG8dvB^28DKxiV2%-4>QF<}9v&zb!v(U~nZQk>2jHpuxL8p*0r=`P)X#6-96xE-}|
z<+Zb<8bjALT#-#pq(Zhc#o(2}1K@X@C@e5*DTVH0HC0~PRBV%}hx|7VSM_DJ4EpP~
zuJ#Pp4;0j|J%=dU1P)DS!MIxs!JUU1LlvCMmIOjeH_U_u3$U%l<$|NrOE+(t9)@V-
zQsY+U!+4K=SxRcwenHwlJM>Sa#-!#sPfIM=(KUOp<s=9vk}rwWU8LsRDR$T<n3>QJ
z?!#L+DoFiG+sq=Q@k9$OQ4Tr8c#6~lWsw$HJh{RG8((N1_8Ms>=yDviN8fPXwED*G
zy~vth?@v$<N25b?e>OAxE<&<pITmm>$K`7ktFi`97AuPJh8KPa`f6n8rVR0-=f|3e
z1uaLC1{YE7>?mY<FC|=Wgpl!ahgWe-r}B64*^gk{bPi`gnuaes7b|BgV}Vpg>g6@=
zc2Pv~G*N>*GjD~&b>qnVQ`L&+$o89KRPCrrp&yy_-IiEP<=5D6h_w!Lx7n=;7irg*
z*=VvGZyGM5l`l#}8HpHv2$}L*+Hp#Uew+-Z7$OsP;ENciuQweb<lpNWrSKfjl1GEs
zk5OhUD~|~)2zlsk$vWk#*AH227qB^xHts2%7%{}e5)U11Ov~WyH!dhlBo@ydEtG9u
z?X^kzw&(Gj%zOTcZ$U=!H~t8N^a%%Z#Ud<WqzPcUp1TA{I3jm00uM<G3L|$MG;htO
zn$L1L?f*byMrWnh(DchpxVsK`H{Aq0@~cl>x1pYmdRgT0NktLc-WtF9k%wV8BvR7-
zn?wzFjI2)xiT77nD?^efXSn_~9mc*hze%pI9F+p86qB&7+%uti=Jk#dt=Uo9HQ?3M
z2l3h#bWDdnndQjTHF@rFhVf}<(cYTq(Gr5#eeh$;WDi@bbZTdv(dXu%UoFP(8tJTE
z7K4Zjl`iC~cD*$PZ;@9AsRMFya9}9(G=mDaNHFFhyzQJu%Vp^RZRcsBHcbw6@{nll
zZjZ2m-NiO-hEC;x92+4o@vIapLNpywV#GhoWrpf0f4df5Ojo0MH2qbXx`>n@0Qvz;
z*CgxO0*Kz5Wy_~)p!=ep$S%9FyiKdGG}MCvI|Bhkj5}KI<aM1cv59a1iKQ4VX<%`Y
zD`98+Ka72KR26IcHXuqV9nv5z-5r9`AuSCeUDB}WM(L35?(UTC?iR^S*QPgo!||N+
zp5K4pTC-S-HM3`)yz{!RXFqmq3$vF7w%Cvs)nIeOf5kj)kb8W8FK|Yu*$JP!`Y35S
z*I(2Y+2{S?4dKOujf3f9&_k;~)yG`57b(09SQ~x|BG8|*B!f|pqi60-9L>r<57L<K
zW_@oQ)<49*W{<2+Pb$R2x3zw@?t5bo4&@p_8d{JvT)?l61l>^tp<XUL#}}#?4rS}F
zl4k;-aoy1{DR}${y`$7LJ3Vx3@)AXxysYoqATe)cqbt*!40mf%QbM8OpmYMR9NZw?
z%u@x>8t%?GfS5zoSE3^ff6cEXP#x6Lb94M!rhZ-qac2xPtWy!mXJkZZCx7?6GX7-H
zS}?Sz9@>i5;kxn6%8u~Uo1@umJOjFBgD%<Zm5wg)iUN#IspY2H{`%=KkFZ-M_7wSf
zWF1qKGXT%vLPaJo*AgB&PX!+x<b5n2Q-fmGnU5A@GR(VuR=F7e$-bZ|YQ`>D*%TI2
z3X>Z&Pb`1qR5dHm_U-)`vs_wPAHm!eHrGclIejP8Q4;I79X{ybuV}j+x}v+?6Z?x6
z;9R`z*R~df;>N*V72Fu|q@*p6QN$WNzLw{DW5Vg4*AH&EKRzPH;=|JHlnoQevh`fH
zr%BC9f#tj5FQ^Qg1p}>d&LJ`7Ln(E$bLSekY#{COt{b8~qgkFW%l$w=l^WVl5izb1
z;ZnYqSU)~_xOjH@<yc0r!KX$ZdzG<HTd^~TW<2Aaap7ICpnrnFbi8Y3Y-)oN_b*kL
z{PSXFb#a;0T?{w_EN?^FQMvhf_u-$TVfG^_EB%2sVbj6fa7|+U&Scewrq1eiEeq+v
zm;JH^Z^AY4m)tv%XfWeGFSvG<q^+E>4tt+pucdp{)gtm;Xh`bL_6Ug$@4lmP*he4|
zfMW21@Gq&uy*3T>aO1LAvFL)(gQ;M7I68<#ftA6;9On_Nx-{$~#_i+}<O0(ByJ=wg
zgV5vl++LDXNH`z`E5FuBLn@S8Qw~n%{FPwPPO{U5VXrCF%f^^SQE+_t44%ibpi8Fj
z<qMhqd6VF0s1(*p>(I~xvMiFb5;wTYK6H87A>r%eJH$JJEp)h3X>a1!{<k!`hhYIa
z!?d_oGRdb>Fft`#FD|P+#K{?q`@Wudx1BEdz}HEW=n@BX*e_C`zfB)H6x}>UpnemM
zpkhw~_#;d~LF(ylifY&(nz#NUdzkt`RP(YKSj1)fDrGxbkRWCCISO0yNCx<?VH*e^
zB(fFKTiTbePRu=nIWDwF)xrcuC7M%a#YRn<KlZv3?XU@MvY|rQ>QBFt>O!C3#egdv
z>X}uJkB{HRb09)M?)60>b14d)7tkb1z9O#tU(|wFsK{h!0z?qua&1#Y3*vs00r1?H
za1!7DgdQipPIlTdbVbRvPDGLb*y)dHz-<PF#mTrQjVvLO(v(A}1dc?P)PVbqop&%U
z(-+{)5BC+6#p<?QR(l=)y&I|KEabh!eGCQ);J^ht!_5~LlFqg!+g(-4OZ*0Kkn@<{
zSTVHWvb6kSKbGKVKN$Z~_)3Q@rTPSP6~V`fOzdQP!LSz~QiU#wy+a+FnmOnfrcQ}!
zMCs_eKxXs=r1YtJL&hGEOKFk%-LW`)-?m^*EDi7^gh7E@p8~};#d_cNonaya#R#-v
z6sk#18--;&&Zis%pF_|Q(_!?OF@B5eI*hz;^ZcqKIL0*EbU4T}7WQ%|&Y6}yU`tMW
z5ep7UoNR%(bCS>Pm$D`?l9P0BBk);DI@m-y*-4)t)_^*qLYG5eNNS4yQGX!=G-#Uq
z<ND1`I(MEzh>#bjBZyHD2XJ%@kh+(Kb9v&B+}?g$2j1`rQDt|fnL9U?KlZ_~Co%4g
z6g8jE1qA|TE6V5gf04f*QQ_lW^-~(&%%Au4UEF0F4rWT3iT(#IESe#J=w7n|U6ek;
z`jDqA*+XwOwtB{*u=o!S7Z^xj<R#$jvZVyVzt2-X{rl&hj}oSf+p;O2t4dp8?ykn3
zW<ApkP+wa#M=E*4bzFp*UlIE=_rD<I-%&qtoFj5c`-}^N*gQojM%}`i%J0LRj+Uj|
zbPL2cjIrSbiZR9%Vt256H)y}hJx$Nwu;yS~A4V-xkJGnFQ<WrPr+dQ<P)r;Pf^lD)
zypxdnbQIdiCnN9QABaSw7q~xbt@B9cRc<grJ4{-xec$IUZ}1IsfR-K3sl4GGiO_Aa
z<EL=3*WGN0r8nBvjP%vv!JnU&%~SV~M7+yG5KGJJHh?`sfDi<_x+btvH;&Jro7q_J
z--Emf=eCq&L~RwtGRAqKiV?H50sHI)Jm*^t<kS}{a&1h8Va-xNtz+1z@Z<fLcXZJI
zHLa7<n^2BKmn-Gr&J-`{1l;AYz`OIYbRusm+4jz&#%(YcmcZ~gcBijKwej=U(FI5=
z@2W353PT?!y#<EIHqmzM6CdVK&U|wlEg^d|YW9?j|4v8_x{m~jtN&u1mBl5`Ij&~a
zA(ym*LVjrIOKBPU8zE{9A^FT0u_nOZ`)3AWX@Gsl7Zv6HPrrcy%t3#`g_~C77XLe%
z-soT7kjZCa;Sc-=jV^+Wfu7G2@Ivc9FU%o<g^H_P=(expn6*`^rihM5X2bj3XEM?{
zZ|D8IZ<$arxt{zfAa#R;EhNY5SY;+Yp~$Xq+R0CC;pma_{az_I#C0`06JmF76)Ud=
zw$QrM28H<$_(JMSmW*Y57k;u?i>~PE<dZmO(`YAF@t}3pzT13?>>$F~9%3_r?U7Xv
z>RH$#lk=xsaUP|WQCjhK`)hJ6OAp>r4A?(z)THPo94<&t(YTADp$>nup*HgHc{O_{
zUa!1*>Asg-*rryo(UcFKb=?D>%DhlAt^gV7;L1^}>44I+C(w!?^!d8X_=#FO78&F;
zcrN4eh+CO%iJ5mYt>e3&#FGr%=|1+`{3D-Qo!z?Q-X{A4fuX`N)+DU?98wSWYb=6g
zTF>U!@h0$uxlH=bI>`zVqsx}tn`0SnTCX^XN#dedczi-Hr%N(ZygJCG%o4F8&nt#8
zWS)tVX&`nV;uPyoz)3ed!LK+va)PWXjqurFch7HIW>oh1+G>}R>h>ySC?bSsZ*!#x
zs{>HZ3J|OPH}tZSnTFVA4Dd_T7!A#^hqAlWh*-}{t666`2scL3)3~Sd5%|96IbMM;
z7<IH9cg^O1*cX+LR@@5^XzrMUE>G|{ZbKKT;+sm(DwcY2^_D8skN1)M;7sHpb(}iv
z$ngmCQT&F92Kf<K7e!Qp`&Ddl2Oex7;Z~<jbD66&UkxFrrq*#E){eeUdqHXXvav^)
zj^iY#^vwKiTuv|e0U1ZQUae5SWI48QB-oGo4;O&i(!-vWmerR1<Ze)_?vf|MR9BPv
z9KEe|BLV-4Zgv;>!|CAuS`3V_(@tLf=s3BK+-PmnO&eNU6G$-mxLi>k0Gp;chm|6O
z?!wom&~>6dlcS@-U+mN9u|ovrP2=l^rtY%i_ic50nMlG*bf8uJ>?xgu4>nvn=`#%s
z7ZQ0>%I`zAkMb>;tfa%3_r=rZ@RWVZq<$#ymdBlPSPMioA4m60=Xd5_Y_2PqNp8Hf
zA6PI<<n6YzYr28A$sT2M`Xbv%7jt)ak@`6QqP2E9%&@Lv0gJ=27ZXIWVNEct(F%ir
zm&z`oT-?|`Ri@KyIv0;+ddR8MwYH&l&j~f0G)Stnr#S?bG7C;sGeL%2x~B^#)7P#N
z)?n=kV25?<JSR)CEfZr?#bWB)<?B@djJjv7U!B4M=BKH*5f8t{trVfB_lDjJq!*AB
z^}@dRr4g=e6?PN(b)HRKNfZ#%RsBd)26L&hH}TNzwo-ePS2k}*T=q228D6_oedqyU
zMM;VWSk*J}KDVY!aDwn=J5jGj)+*aH&P;9gu(o0_t!1^wYzJ-+djCGDa;p<YOPWQI
zKxVolO|n@i@HgS!@<*pNtw^gylgg#tPm4X5buYl>NbjNh9Chel$1RqQ^+Bc~1Xszl
zhY&sK6s@wpQIm?H;8kbt9qQ>KzI`qE(^Q0ek59AtX1mACb5IEDAT^}!Su0esJ)f!h
z?PowVb*G8Ak7DC8WY0}DPvw5PwMvnhBl7UWJzo{!@!xUIm@B`V=H}<h-p}PY@BiFX
z{kxGPHzNU6p<N)7fv9_1tY9Qs%s5qU$`rDNcN?D@qCU|d7N2Ak5;)$M-8-eUDuY)*
zx24oDFUW8Fvi37VUP0unYEv51eu_br_s0Ak&0+)9aBH%;)c!inZL++g6JA%;e%c|l
z3m*JCOy%R3w)6=MP&W1Sdg8v!D*A>>hm>yphhwx`(3f1+ebeDK9d<u8E0y|C?9vQw
zHRtT+TMk?E!Y^%m%E#)s$>C*oX}DGd`g{vblm}XR`pdD=?JlnzNf%-SRudPEY)HsR
zNmq2~>5t`}bFzv#Om8L3&wR^?$Q*rTRBxkDG-I9W$4OGs&H#+Iwl&@&gg-d##^b^K
zo}5MM@tHTIiI_jmnQ+g;+1^^Tyl8`8z2varb+&gC=<YQ;1R=g$AceJNk=zVW3csU8
zZiB&NikEa?74YWyMz4q=_<B!f;48)?8@NhW)vWuvC(q;S>vpiz6{`96>Z<QZP2QQ@
zG~?WUe*rY`YW0$$l>S7QgPm{EKWa5z)VVd~NT4d53n%ca<Z^x5eDo^HJME(|WxN3a
z&MBT&m)J^`Z7q=Fn<H`Ekw~19rJcEtjoc$ExyJ0Q^hH8W>{g!ZWUQQ8oY$+QVTrw2
zU}aONDlcrczxc@T=rnX!bWnL{EQHH3bNN7f?`T0b;KR*@`0ZA#AK@oo;!n6OuI*;W
zqc*$i;j4+`rgKPn%xXr~y=wI%-+si9a2kr69S#d4I|vdnAI?{%=^JRICU-2xvH`=O
z^j+lE-;-PUAwmK?u0Yx&(Kl1FnoY5q8-Y-N!nnhQA15J^rbSlme99u47*?>A8E-c6
z{qq!oqpioqjOFpL!87w&Pd~5OkBmM|X{B}tTBfOq(6x+mlBV~(H|DrwJ&K~bIw!7)
zaVD@~i63qBJh+!Cta)IpaIbAT*YD8{jE}Z96CZixbSl<_m$K%hEJPaBRWom(y@~P^
zlj;v5AtYKdW-FE{lC4a?1Cq_Qz;ZvT3*(?HQ}u)V;%dBthblDDLN5flFT{tKbU$0B
zCfV)PtGD?BeV#S!RRV48vfL$tYm~xMV^Y`ClI1}>?Ipd4S_r?vic-sZPt{<EAtJ$r
zK@|=kBwPkWlN?t+EtaeZtn+G0#w?9xKOdU@fI2jgKbDO^vb5XQ+ACK8>EJc?nC?s+
zVcxtoL0z%HlsXvG<c*uXEHbhFBD`<3cY69|(3c{5_UAl*5Y(qP3^fF8oDrNW(Bli<
z+!C(UcnEz=v1HnLd&ktgE^$XFcd*HtwdcF`c?G>%m{|N{F&;JO&hT=E{noNN)MnLN
zZfN^s2<y(xnb@dO7BMG^qk4!ts13r>*W9qqGZ{~kJ{5e?v@>@*`EkSL%T;dB_r3}I
z!BI_Udu|+Y%Yh%OZOO)XpMH~XDq*;|7P2q6KKKP?YHwUX2`KfJSXALMhickNSM6J}
z|F~>nZ}?$NATUg`x3dl$z5PYXlYlg$eC1Pf3)y%3nk}`Vw>|kvj3(${zRlyV00733
zZ}}p<e9hu*Jd$KY?`wi3G|!hVL@+Io(V}n1R6Ebpzswvg=-W`axoaSnH>Tv+C2IX#
zbVVlp{@dFNk7QJZVp)&3&=Aei$9{K)SJoV6T#-Vj1ymcM_NIfq5de;Na;pRkLoZF8
zaztV`SikBqY=?N`r^aLbN>Oi2Y%wY54B)|;YTQZFn$#aaqV&cOzeQ6#AB*SXGxx!f
zj_=ed3Mv02S9dolov&$5L+E2C#2xc0{Xzn97hdRgm%@CZiYmAG8}hPckynZ9Yz-4i
z>MX~Oty_VOb4D7ZVyJp>7i_gurwCZ1VI{wRj~Bm7_qfEbwOX3p<vtkf?>}J`(LP2Q
z)Uo879HF~&nM)K_QcpG}K+_S=Ln%O>sxmb`P3M?;6Vyb)XuqAV;fW+re_|@^m1H=c
zJESqiK$D41%LvO*Yop@Kr4Zg+u4Cp#4FOgpU{RC7BI-}}^GuVb`dJ9eGPVt8!-fr8
zU=ALvEWqz3B+$ZR2EvdW`<f7ZE=)ackbk|=^YM?JD~SUa=ypB%+Xk$s-aWR`R|uzf
zi;n<b(YJRMGBg{>Q7g=Rj8K)B&$Q(9!R<2^ZG=60CDJztFwOpCEM8NJweBVU0;J>p
zSfo@<ZEz#556WJpb)2TdYde#q$|E!tuh|3A6!OQ1#)S6qq7(j)Um}Wi?Re<`0u^7K
zx=FO>g)!1h$hUBaw*LAx``u)!;n-;^jqX9t4M-(_U%xCJi5Epsubm1I5L_eJA(YMV
z8)`t!*J%HjJV)sVj2_kvL81N6S{30>xUN99rhM+(oXZZoSFW5^%N^p>(v+%3;yXE<
zd=^>~y8m$Wh?t`T);njf28ixocOd7r4^Hu-;t|!6j^I@^-3z6r|J1ztyr&*_`l7Js
zA20I>&5>ehi~B*+xtLI{2u<TReONL=-XXxCV4{-s{=x%6Eje{C<&x=Zo9<YXN#s=I
zyXB<7SF~L_zdHQXV*anga=!0E+zAA{?!B0~NVG>*#?q?ZtvIIOM$)hc$V!O**Dv}1
ztXJKHzpw(b)4d~UqQwT$OkQv(xD2$9;<+FGd6xlt!_9Uw9mcU3Vs;2CR+vIQiw(z2
zi*X=QuANQN-M-3TRkItl@qBdsI<R@EY<6-?{^to%_*~l~hot4DBwtM}>+s7-e9X-+
z=aJS(70StkkY;V`G32(r>iPt^Y{AnIl=w2B<=x)4`9JSZDMsX;H{khSBDxS`?4|Ll
zJd|zbm&@8@bbr@oO}I^b`3||Y$9-t6_Kq)Gt2Q$VZanx}-y!F(8h<i)Oklz#*xA@Z
znNB#_7)RW{pp;bx+w)F>!C-Ncx1Y9nBlZcUTOUPcne^h<U3jXr^BKBW@|FiDU&=W<
z;WgcydnvCaCPNbw4vXzM1>LSu2v*v-X7JmlX@^J`eg6V8^F)woF$V>rg3aS*_SCY{
z^jM=xQFVS6+kjSO2Mbk)#uJC?3abnt_Ga_rGKI5xFQ)8V%FK<~>z%BM4xumgY`e>?
zhAj6q%SmQRwc?pldHn*@$A6@ChZG3{TPB7nKZ>F(3yUB$!#Oq$$GJ8iOF<y&i9CzX
zO17=A>zo{#ZHorlUfJ2*>kTWcyuIJ=`h0u3uvFlBzTLZH!)$q4Ps94pR08wTK#A@p
zp9vbg+&nBUSZWy!e8%-s{zudm--^;H1Hl~xby27?WTN$8VBZYDJl0tJW3u+#DeeC*
zH}e=OY-6(!ObyFM)sY0>_2qPNJY`WKGw^5k*<SiujCtdudedzZV|N?}!>rSLkTui3
zaN-)n85d3G6(bHTr^2dr6R4kN+bs$p1jF)N<EDrrE-{a?^`?4pvA}bsSfTk5&Yl+*
zx5r+OGQy7+Y&utG8yt6T<p&eTyFU0qW}@$4aReOMTivznoA@{MY5-=ZMV4xA4?#~Z
zkJy(}MSNa=SO@-c+KuGNJVqaT)`hBSrV8{{(E^{<)u{`z5sC3*H;_MP4@h{WqTJd>
zkuB&rX0|EwB8&$-PEY57rm(N@Dk?v&`gjkDWyNq-mp|BKtEGi(rjxr5o*do2;4oSh
zr?9yg%sMFXn#_>j{_f!?<hPs0F+!tYqo8h#&zQi-{Fu+H>~aRV$XczxsJj@Gu*p^?
zcT}WlDid|v164-7X*$7d%4_hhdq{w{IHZ1lqyBH~hL#4dO)$XBL`O|tE^s2$?x(R(
zLnI%QrhE*aDr!l=TIBB=pFC$U)~6$CoNuUOS1J|Oq!T#S1i>GThpHWVi0{Awj}Nl(
zL{J}NM?#{^tm)D^uSZYAI@~+azqgjpHI28R`#eY$Apg4N=8|IMNbL+|FSO5YI-Tgb
z*Wk!LJ=`Yl9fZ|t`X#eBk5%m{jIfx$7FlJ)+ge$a0D_nHmv5ZOjEh+7r_X8gNJ7sn
zomttn9)6(-4GVlS=U8i8df@k#rGDUz<eioqP3Xj^EN2h4H3X8l?Z_u(7^BpWx(|O6
z@*E!>>=eDN(!m<+9^ukj%dT%{Vp1lZ9`%1e)^+C575J*q&S;1f>)R@8rQXx<MCSZO
z5T{jViIL9|xUsL-uHrn@-4itflpFA@HZv@TA6Y>u8U5JfoLF_7x*{G3<*M!`#CkRg
zS~Z2rW{$PY7dqB{czb@@2M1U?7Et}h-G7nHmCEX?*~&8U(D<#WREnN7uU37I+lGVp
z4rlLSf^zTW4%6YAr0Yqmi)Bul*W5`L3PZ@+LbHc^?g-Fkmp4$=6;r#j@#BIUFsjGY
zzNCORj4@&l`Ad;ENKd;?L>ud;O<l>+d*|TmGBZ<0ECnsTbEYx5tMcrJD~H@n?$y_m
zNgj8X`0{d+9b|CNUcAhB3S>!kA8vg7dR5tVj^X$dHdPU+nQimttX@D&hxtBE{GKI>
zkIpOQ91^*O@jIl`Ot37z<AwZ2Z_H>azt)I!;swBeCQ_<dE1mctE%BG`9}v+$T&#82
zD_r$BQ#=?)AaxgE)T-kk;q~k5IYE$_<>3hfC>%DvTt{(e=LLa?!zsEu?2HE=nfD<(
z39R|<#YB@0inRbSp17i|ZDp#Y$ZCGNr!?@&b3t7M=!U1Q-h|LjBFA@irH(qDM7o!|
z@@Ld>!dy{mwNq(*2`xH5(*DOZfh6*?o~hCCrWi@z8ZNouQet#>ay-GP#~!)dt(3jB
zs)CeL@)y%L@V`n#<P5!_!p21L>>`f=ly!+D{{a0xX`vRe0B&|bfm9x>sGtny&M^}F
zFHA@NQ5p{XoV5IHE^;9gJf{E8XoFr)%!BNHo=a3sYE)O>mnjK<>+vW|mz^W_U4Jb3
zjExB4v~bc!*%kMSAI6($;$rHiHriTT(M85`naEf|!surFilyoRFJZwRJ(^KNVHdc9
zUM!6>{hWuCe9fcB=r)WBlwzboLLM)1KC0D%eA09w)y6%*16kl|KQSBR1<FS&?eHNZ
z7l&#UIE+)nzW5FgoNi{erx=4hE5F_favsxe8MjM#6faAZ&U%RWbykj5zo`NlElMde
z{V_T^5PuO2aI2nhs<lsaX_m#mBQZnutKAR}+z+A{a_mIn54-#BNnF0VAxk=`lP@66
zj=+@HM)4@_h{u#qr=jyo)zyYMV@bj)=e2Hb7dX1VH`Lp1k3=V3u60f}3;)9`0{h~p
zEf4h?g}RBu*m^<XI#lxE<(4QR{%k7FK(XL#TRno57=zv|y*~;in9m2mI!w)$Y7s-S
zUb5N6vijgWvY8+&G$d`)=Fjs~HI2)aGi14!B)G2T)^oke%Ur+#@);YMk}i-BL%2$s
z5k4FZTB;z5b~4+$sV%$PI~v2?xIXUNJMV=yL#AwvAmQ9hxwlHW4<VsdxgH7-Ms|CW
zcXeksd$8MhiAFef($nYk)KxQ?C@v5=oim<Pz09o4bGSM=n~?ZM)+z9ht~2L$0jotl
z`eyw-?5@$iUq6?2D{F^(ad(+hCVToiOp;d-{%8wd^q(*1W9gK4_siRv$O8mo4UFZ(
z*(fUx*_)JF$q#e&07MY<_POBv#N8Wy$iXK0<9$@`2yI4|S&XU271Ok2A~}125f3g>
zx#l7Nr^{{Fy|k4CHhX58F<*hVll-}Z`8z4*LepA;@7+InlDsPY+nVqYw<=<HFSL`L
zwkO%&x;DYDOwlfmYezjcI~kNq=jv3C<F}7lNCF8vmX<{z)Riu+Q>V=)8s9gjm3eNJ
z2WA`csEV(?Y03tIHLm9dd>kY0Gluc_!suy_D(;jK)~Qeyd{o>;THOy8O9Ei}>e;E0
zuhW?*bRJ!OBzZgGM0vl%6e3N!t*Dk3`9tgkk3X*AiWQFherCKR?F7NWORW03TT^8s
zC}SG;KrzH67Li2dSR+$!w5|`TvY=|BGW@=fChf%rYB}hb?vwxhWbadc9cJwte}*O?
zV!u6%^!4RB`WrN(A8%EW3nk#C-|64k^b$@IeEwlM<aUt<x+5e_Y*ddlS;bBg@Dhd$
zTUmYyQSNu3WRS`*ecl@7$-AXru48Pn=jlMcW$*$Sfv9sC#q8bKR*l6R(*`>oe-O2e
zSE_ZP3vL+HTw*{l`0M>BkzDEagZ1o<9b9Q^Uh$fNN;y_bJ=qe2TPd@L=bB-SKoYlK
z4rfjWsTDU-#Z0^!Qi>J3o6*A%caA>SN9PJQzDdsbqWb*?-V}#j#~*D{V=q}B_`2*a
zTk9Vr_mNxNA$5Nk1_}w8o%gF~@AkVm*!u4G%O`#{@1h=eeG1ES5bXb2B~$-lq^NTp
z0>J@O?3*b^os(#`YGMAB4PXHvP({yq0-MBw*?0#NM5@ojxN}n7I*}YYBW(&Bfr9+n
z*8L;gn+xq^jOn%JeBG2zHj;?<YBmhS&O?gF`f3uI&jwqIkXO!KNR;+kM+Xg5j=kGZ
z%E=tuuyH1v005IwYOCALG?J_Oak}XSu9N@bl;1OZS*rz|-8dlB1|vaf!f>d~HeS<Z
zrPZ++s|;E8ALVfCsEStl^c}JqspOvHO`Up}YR*gtPQe1~3*5yT<MirL)7bZ))j1Y%
zh=FO&;Q;s;H}OSn5r_6;3*_qC8+|;X06i$=@EeE0gy`OeBTQvW#75juwFh^{cjZsI
z8_}kR1sbh|SDx?FBlw2uQ`~xmS95>I<9=|yENf|CNZr;;QbnE5np2<DU>pIT!C+kw
zDj~;DSm<5nFFxD!rCQ$mC{tI?xN2!Gs<n1`GWKHcmXI@Z79l<VxvQ>Lto_x`kj6ZQ
z!D-zAfHEsEK$-Ma%E~mPp;o3G$ml-lVQj>oNbc9`L17U*{)#XJuW-!y=NiJEnMuZZ
zor$G%ntIEL6W_>y8>^4A%Ufi+dNEI*0$+7DlUX=}yd8FS$<Hr#Wy_T}0^b=^n7i&8
zRSRv}nw%FeJS2+I5Kqi2CoF}|aux5jO69Pw%s8QX@Khuw!5+%4Sl@JbWlP0(a8zEy
znkPlQ!?A{b*GvbW;8e~|SvePrF)q|;dgPlaSHn&luR5ID@-{Jbt7@^&Do``H5{`Yc
z<P9o=I_1%YRMp?&yTK?r$!N~~+%nXO*J{4t`?H|le}f_UfjiQd`(dDDS~<JUYn?ZM
zbJRT%H2NC70(r+7O&KlZf(Oy(zQ<-#V`cRvj|QzABf0aw$kksarE{j|(DryQ-;Uyl
z;x@%|>(qL=Ej`)zmGOu&HSVNk`z87s4^bm8db7Pl7WzIV`96>e*3|4E9YHf&MAbDb
ztLMOO-!B1TAxU;i4nl4{)93TfJPrOSMP3#5B4xE{<>SrHl{u*C{>+o+u}L1OX0`$b
z#kq_Jy!X43dU~zil5<jffss<ixN*V9X75(mPj`t!NF<s|?8ql!!({%>ykdSA(R{Yo
zeBicMewn_J7<Nl8pD8c)TL^9;W=^?|c`M?}rI%lwJ*NC>_?j78ek=Lj(Ine5U95sj
zjP1jg6(upMOc}4#jI>b|H{@2WS2Aj`M5#X~Ptgi@SW(Y~BNUlq8~%<u_>jTF>2#C%
zDgk+05hBcwcNF<)dVShzYD0bTt&uVztEA?u6GTDV-=+STC+O|)U-DQwE7zNymeuNG
zc7mMj@I?htS5oRiw6-+V#+)tE`+u;*HdFnUl>MrW8U8+T8UqgaDJ2bT8`GJ^UgS2<
zRf3*bpHcr#1Lr22zc!jJkyDlNxAS)GK8-AQ=`VQ|?mRN|e?A7RV<2m00SD&JGwH7N
z`J93t><_~=Mk3(C5?!Pu@yCJqECSQMFiS}KSzlb5TVp*S8$%$7F*izT2g^qUFxbFD
z%<VZqmX#f27>DpL+mKEHro6{uxxseOK9~w-LHV`J?W9v8MuBGSTOcY`H+&KDcbZp{
z2reODx!NSch8mMSdLE^pG>5nRbI*5w3&b>Nl6eqMKq1%f$-iv_bT~S37_^Zx-PWeD
zQ$vKvR8jx_F5At1jKyYWW@6`MTd9rLd)!s<A^8zJ&C=gf2_|)(_UYf5)>ulI9drQ1
z|5o*>HX$Bc@+{?oAS_(!j7j?HpJxDn;8z+9k(j4t%AMvn=ER5ccqbZ9<{X6o4i+Zt
z@axZsoHMAd@&-j=4Hy6OvLs)@rNI$6E~;Kk$7Pq@(#vPk%f9(<wtkbEOx}Puw0s4-
zCRxBk*pCT-OV7K@+xOr6hZcH!f9IOu+c;>~Ro-@bV(4H}t@T?hZazztxQr!$Lii^k
zFOmcQJuSD)abF2A%L{r>pPBJK=j#K?f{?j>>~DqT0UT;c=~yp*@Dz56DqnDHO%LSZ
zGhOlf=W6-?iQS1H(!!OuUM77#asNL!fadga00)2z{}phEV1g(`0eFY=xo1+d1r0FQ
zAx<84d{(*`U!E232oh*A_Z?qoOeOwF-Y$KV?}<G4@OJ~>P_sDfjtB2kf9UxG8z7jf
zOauH^$V<(}OqL9bGw~Q0qG&{^41IQhHi(Whi$ht3*AdDlHj4@S&$O{pd>!GO`xt`D
z_<7cInM3>L1?Vt;AT~8^-K{yqI+<0_aD}4~MN%6P9=-oal-ujUW{=<AUZgJSCqvd^
zzCHtEvC$Sl1H@4?I&*Qb&TQ&%x2R&W8~O9%B-gyJj4Nh0OaZWn>IG7Z>$AaQsX`;d
z&%ifnc{?e4#q5?nQPFi$;s0!6Y|5X_F9cr^d<+pQANSV?faM<A70M`C$o+++RK%38
zBO6m+o@IT`M<|~#2J0v0d|5obQGB>vb(Uhz@h}kc<6z%Grl;EUV2<DPZj;Uj{7pwX
zN$H+*1xV2Cx%_2GsMwFaxp4ktZN!e8Y)(~6v<}VQOaXPx3Q3OB(U&=+Y_PhRC7XW$
z86whHlFgCS?zb$iy(wa~7IS$7oaP@(4b1Jt`8W3pJ0u~y0Jkp@#<Z$4{Z06vSj99N
zyEF0L1j|-|ocSlo{qT|;lbO(8rsev*R(Qpqj37uG{iX_NsDrHZ1sVfd-$}E48A%4u
zXrU%+66~$0dR?AkyK#3UY+D4}nW$sh3XLOe8AcvS@Eo`$3b4L^)5iJulcRr?lYU)n
zsBfxi2>P-QH`sqN3TwP7DpR*2?qVn-E*^-nr}j;`U@DR)0P;ck4$0)7V8n~JE<fC+
zmi6*J;vRFuD{ywHZzEW%Ex7VqCC=)M=(fq!k1lN|GrlYqHnJ|@_<L{XQjvKb#K&dW
zdjOekV+txK_%jnTXG|{z89a9>;$+S@=JUatB%nl++T~U2{5M$wyXtQE`JgKl>qMcR
zcJ~9-`HDxv3y4_!c#|(91}FKCf22VU+Y=1K^@0NIriQgRzV33K7p{32+UnjL&3H*r
zMj(?mVRB=AUEoJ3rSf3JeQ&yI`Z?ao;@L&J9Y2sVF3W7U(d1f*J`(h(-Jz~~92;;@
zPw%y^{hspAn!<#?NM@GCrnVJ-s{0po7}dX>!|9s}Q`aM|Dh7xpQEa|Vh;MkqJ~N#y
z(cq%`7PYng#Q-0*(IiFOG;H6j<#+fLkwjBN!+gI)iZHDSK9gRv6XO#f_;N`xy7C!P
z_40RU=#GbsvsQeu4n)QOPshj<k>1;tf{t6S0FK37H}K?4H=Iy^7Xrc#v5<Sh2`|9E
z=e|YT)p15dkhn+6WP(3xvO;9nrt@0*g-1Ccdlhl!?mqTCIqO!7HK&K9-9n;A?8kKP
zlT+e7NBjH0i9#c$OLxrvlZ;!UWY&nA3dE$>E!_>3vM>KqQ;0wq`|IvFd1pRgw0>I-
z3$`r(s=Tig>$Tr*sv6T9`+Mv*95F-XEe)ItuEEiBj_nXZW50&NtvT4~ij<^y<G(v$
zi$o;g5_x&BU^skc5cm?oxX&f<Wwp_D#>;fW2*FuN8tVv(>K4&jQm%;*iI75#FOb|g
zbXrol``0OFW^$T;H-+-e$3{CN!-XHj!n$lTsiF?*&e$;pcV*2=2FLP^%2S+-82^pf
zKe=>ZQm=c1VNg}qkQ);3NOg{+dVv}W%2!fK$*XSJe+1WGQkol{MeKXB(LC(?*TZzO
zYtGWjP48M?1Er;ZFWjexe5R=)9|ja?lrE>PrV?+pXqDoFF8)jUPbWnN?eSU_XP=$U
z!R3a?OTkQ<{r3g1j@hrs+_?<UM-tg3T>imo{T1%cp@ls^U8Y-f1=syI0pcx{;p<Jy
z4|ku$XMr+%uW#1U7LF!3>Ua%tid?sgwdI`yps0V#m?BJ`ufJdbxljLVR12yR@XMFq
zK1#jv^M@j}(xj-~T5MOIi-zPH#eqDMojyZad4vCpPkSE*Bixci+Sf@gT=e|a>G|!+
zsG-0T+VN}SAQtn$ZqcY6v8KDt)r-yviniG?k~?0;eXX-vs^8eR=u+?h4PHt*J{?XF
zy8iNLsea6*S5N6gQaF|5`kJw+TJiasWuZ<x0E#5W831aL{?<K8aexwEjs78x-c2W)
zI}z9Rze5+uk@OdM@GrNQAn(S`u?0S8%vg+9_L0Z{+!maqQdrU9|9<wbF{GsS$zB_8
z-AR*#?9b%`;Pc579CNQsK=)1BV%H|MrvisD$lSH1%2wsGum-7@;QreNe*i|gm?pY5
z!ujDtP1_`d<L%I0(MGRxzicLd(i<xHf20he4`3CzA;-A6=Q{t>e&8Oh6d8MrCJ`tR
zmx-Bc2-$ex%vMS|`afq|_)yYBI<d-WKoGYa3dH(A(;;kZqtRO%l%!{8`)P|6d^Jvj
zMH<z4H-#}D*uUS~7}5!gNlz%PngY=QGdk>oq5uVD`P75%eK#<OvGy;Mz*bKGXt|NY
z{raS#u5vh3rrEm}dV&jW%^dmtHG9eICT(RqjM{A#$Yd?Q8@Jg)RhyF<rAv1NZxKlp
z2s2BK?SQny*_d{!>`>Sjr{>F@UYBFu?mdQQvp&mHRBYtb9SjuEGQ0J++3oP*%~j56
z(|27uFSN-UiC36=Nz<eo&J)3h^(S^R82PjN8<xkMM4SAZ&HemUj(CbOy0RgA?f9*h
z_sC+}jhKb>pDhG1`VYAMt#u)|TU3LV1{27d<L0KOCQNB$A&h^9^4E6}KxAnT<Tic0
zt$u8zo57cS97^(bR<qoVEK@o6e^-+tu+3&ss@b-+ZQx>zN&3kb61OFvzMZaEJrN^Z
z6QB@e1D>Pj7PQGzK)b+`+dqmKNp1Y5#on1^gi^R=q+v{A{K{S)G5{pOhwA5Jk6r8i
zTbqc*n+ufx2i@9^uGMTRgFGIjB6(xaO!Qe8<MFC&s-42cDgRXXF!BEV8#{~cf&xWs
zP7HJ$Sq@gy&zP@P;j-*{mb#yXy>7(73QPJ`O15+4o8e;novebNf35haFfnQMC^2op
zBHW9n8lnpjr0zjMxfW~tNB9@|mn9{=6JpQdMPT4X$nX&1xrto)px`V&I|HT!u@@M$
zseFlPJnQ+>dUc9oq?3c$G*g%5dE@x&b7srmxE1H{+G^{P>f60YJ@_mmTYn59#h51(
z=*mW@7r0^7k|KX>m!h{KT{50J$v=v)>LX}A#TqgN5RWy`8^w$HMn+SI4xPHvLgrS-
z@2M$l?Cjgm>Pg>;-HNZy)VL6=Oj-q6HGA;O9a!k@3?Qw0uX5Zit8YM-^?Ihqy0M*i
zd4>hLHu}bE99zvM<1{$3bQLU`J%*sqHkvZv;K*Q}F2{Fd4d!CONu<lEv|m+pLL*r1
zzj;e}yKIG!a`8Tl1x=OQ7#5@sk1gA{$hTiQmDc#HCEyv0$FSIwu7-69=g;iRp7mML
ztVqw<y)i~z4J5%(appA@w$xXfFA360LJd<O30omX)3J(Jv&s13{h@CMWXg#XpM)bL
zgv*@qqh43cL{e0J+6N@ygwaz<opiVrANMMkP{OI=ZZ~~2fyiot=R%<NRs7wW)Y7&d
z*2b2l1o2;U0RultmT_z!TP5j~KhzOT+&uLfPDkWtfVWim<~uBl4<Dl$@TSZaPr1&G
zn!y2w#++Z5BpmvXoZcixANN0_p74+2Kks^D9AIm{Td&rMzak_*P#IE*U+mJu6#t^&
zX|{nY;|QsMDxnGO1;!?lkJAT-8drnuWvVDV<D|`_w4K`p`k>{y3k41;y9ja{u|6wO
zi}zF(;1xsuq#4d?qak|N;}7>{$zQhM(GqH!Z>eteI~7bnRJsN>>FDw0-&r=9+%A40
z*;pFc1IvVjSm}JJWo;5IVzgDr%=2MG^oBv4rh{z-spb1jpZ%)L{c&PaE5H#rqy@Jf
zkQlSt8grYjziMHsiy-oxW<2$nsjA+l@o<5@@LMCo3G1`n9DeGA!;OWbg4?hxq^rxk
zjpSufpBSdxAyCc(cR190pv2{|g-XyesnmicMfdu9edsd|(0WWw(+%D9X1$Tx(iXFI
z-naZd=Ta5+;(Q&oP)_>r$FR%Fy225GAZ>x9QSPNfZoN|ms}8GxALH*}|5{8RGD=E9
zkx>lklyrI&XKb$y7R30Sk0@{2Hblroo<Dz{LlxhcYV@n5ISoZm>48Bm@sSZwwKU*s
z0GgkL%cx0NEAxfLc=&Y^uf6e`m{6<pyE(rlw+I&{P3E@ueU4Cr*6ElZVwsUfLr(V^
zm7kwOj#l`o!hwTk%FY_)%tVBHTRtrB8{Uq@#~5DS-+*`e0!hvBt5V96)y1yPDj(Ib
z3eG2=yUc{8pTiQO!@#1Sydz7sm}!52Fz+ol+H>$uN-1e8eZkBIGCmkI0l<Mu;nXtG
z9JVf_RsO@C*A>ylk{b0=&AZEA*a*}3`+5-cu40I7+M!&I$Ez#S@Ki_dr3}_5@5*u?
z6Tjpr=gSYcXA{Glr~dp+ca_BW*;BvgRK>>eeP?m>`K?M2%{9;f;Of_hYx#V+;=I;F
z6%gH08SDQ|9ih?lCoIAzHotroicF)&Mbj{SpD8{HbXUmG@#@VeYR6)mssihrhW_i<
zf8>%D5{KzHS<_h`QieMvYi!QPJ%;mB5v7C(6Tz4rB2%$!Jgba}M564qc^9g)B_YpJ
z1B8F}zcd+y|9qcg`G6$l7-COir$@d&MK>fEG^w|@7;i5-{qE0BAWKKwwa8}T$KSQc
zXW~E1IqD0vGLi-FP(g3c_w-Z+qdSW*-+Mjv=kH#@!bu|A|Dybi{723_{ryErMj!E}
zQD^XtBPnG-(u=|W-HObIkHp>vf9tFH`+LAwMX-KO^#M=OVf@N90qEOg2k1hd?q<Xx
zp2&Q^QKh_Z!XyG-@m>=7R4bAT)-x$-tpr$D&ttjZ9pHh1)r7l$rE`y?KM;O)X7}4B
z`WNNoAtUC%ZMI;V$WxjK$mBIRbsG)@6GV50^1NEWhcCw-Tw1HPe-TUo2>W!T>l?o~
ztWLRPE=8cYzqA~7>&FKoFxIae5Wpjk`;=FqV3j2`3cKjGaSqcDQ2wjyKH6kIk%q~G
zh(v)<LRDRoy@9+VFM@oLR*k8FhYJKp!We`0erk+4?*!k&tgraWNbO7Ti@zn>Uc%3#
zmF7a=gN{TWj$Vy@BaiMJ<}VMZe}LLxKP*j67b@p3Uz=AB8-@n|kx*3$BJbY4!<9%+
z%w$(yPET~*d9l<-mx5J~C)nhu&?kRe5zBVxL?0qAqvI4(*z35iZnkN5rEJ>}OPvnF
zVa)hyDLI=u8M_(M>(?5lQ!*nvc_DZbf9lbY3VD9_;qE!I*L$>Bm4_mc!?zoQqr3^s
z8poVQI1`J74$`fpOXmj3&^JcySp5#h=e<3nTG@K@J6tQS$b{f_C!hUenbREDO4e5<
zHy$Yc*PaV`7Br_bv&Xa%JCHT)CVLTK^nP2oTg?F@o%q5K`8|eO`S?^TYsXomA&h%h
zC<<61LQpclzC%xR!EUnZt-QP^GT->1u)76RqUVuSRbVo5n~5Ppj^gW!SI`@{q*fN}
zDXGF=@JZT4RkvlW^{ipd?n>^WbWVv3Gej;AHo8lR1zo0~;sdLuGTM>$A+|*P^z-xf
z{F`;;yA-cwKegu6C5JJMiguvgceW_m?S{jyhusejgU{&AR!;(s+O@#p5uQ&g7N`O6
z^-@o?3m?UpDx!yL5#{+T;F#VXpZDq`T2r#WX-Qe~^@|mjw74<dNS4V<Lz^7EhvVl-
z>RR-yNZEyVy`e^RPMpyCzKQ8HI4;Wga~)NX)Q+{<#L*2j%3-KB)g5ZB%1Ls80J{d?
zDPyYA`l5R&{|vuX5*l@|gz@s-Pf}Qo1?+*=oP$_1Cgp1scs1AeKTEXbyrAmSLgV4R
z4<;{OZTe@pkPALeG;%n2_r0xI_#A3YRZl9i!`wXdc=`29vGt~ED_xUdKfOwa?{3{X
zZ7V_HB1kR`d#TLvl-+9+Ly;6BK31vlx!d}zg>Hg%zJ0Z-rY-=Qb`~r=clZ^@!ofP6
z(Z#~LkZohW#-_UGZK%trQeEAl(Gb^Ue*D*QsFBv}z}H{sw_94=6NszS&b*z)q~F;>
z4Y#+Ka@%vIxvp;Pcc+lr>%7obEOkcnyMKoSEZqcm@9_!?;_Ya6QOz>qVm<>uay6t+
zrP+*qy|a;z@Uh#*WNAi-nT^w6end-rB#BGqPa5WP-tG<QKMRD3?rh<mapX{J{TxdR
zFHhZfm9eu^dRp@~%^ht-;6{LeL8~nDYIo|0ownt!oMZeRB3O0)$wD>y@eHZlH6bo_
zf!}E?&D>2uAl+D{z{|UqG-enzscm94u;i1hx&Rw_TmeDz{xL%~&D&w8%jHTA4}C!b
zMV5s+PDs6{o6XkU8&|HpwfReufg=05loAJz?@TOsFD*!ziA3rZG=M61*rxS_e9P3t
z^xCtex9pdtJf`A)qeAf{Q9m?eJ~9fkq6^~n*qdMxudKH9O)=K>6J_tbnUBbeFV8wp
zherL-mWUY%PBngQw9RQlLt03a#7|?1wVH3>$G<qMTX*Z8v=)C-URE($%ZzKiLosnr
zX&q;6?@<xj+r}Hx6y6?zo3Pd#g?EtUYNKtVrX_fA;|wQZjZV8KvNEVPnWO}<QL-L>
zS=}!R2<_^V93$2K<8qcO7|^{Tw+p6fi-8)Rk*MEjP8suXNV~~LDiz{hQjF%0cBJQX
zP8XeeEpc(&4IFiE&FUCz8b4E%(sH5YeO;n+o_rO>Xt5gD_V)F{qQmWalK`bbbaKOH
z)MJyEWeRcmH%Jjk_<PtG<P4`KuiL0B+zol7Zqil2<7>&5jG@$K<Uox>fGb137|k9p
z)bfrT$0{AU`hDp9W4;B$<+<KNLg0!!d4Nfxy#Z!PBlAJs4j6~9FMI6y9505OMRIBi
zS`n#MfCC%0@i+Hs;rcGCBTEyt0u#qat9xjYbsZlr^zL_1z}(HaP^%|R%l06>*Vv(g
zAM&m8uYkhKxA~l;5o<`?)Z<2^KF{rUE9pHY=IYqv4Oca-$3w)!1j3L}uX9^Lp9I1{
zIJ3nyGcEelQP?X^;TOqD1g_{~7rc<Y#@;nPP=@-sw1?DPtZh{U(VMa-rDy^3R$Ck~
z!K&GyuWk2{+RM`=>->F_y3JiuNQr>y=TgK$4|C4viS^)3@^9ZUlN_p=@T&599d4~$
zTo1@!Rlohj1(Ch$z^)d(aWS>L-_vqr-LO|Z#T;Q*xE$4W#C?U&;U5^FKC$@w`GxyQ
z%KTo5mgVTR;|isg!m^jRC5}=(?@-~bQ*!g^0DbaGAZqB<kpUqm+rV+s*4mP)FvD=m
zsvSS6VvrPa;V7r-9c5Q`V>nWRuv4F7FePYvE!j&*fCo3yY(w>G{EFR7<eHOU#)!x<
z{YuQT_@-nkIHnyyH9bx&pd5NqS8990CC)%=)mq=HUEv9caFd+ptZ-vz6+%baO;SXh
z+>)3+RnN_iu{C3$fsV(!;l$`j5y|L=gQ~UF?Kfw#l9{XPG&btc<$iM}VhQhfC{vH-
zprN~r<hCyOE}Va1faNq?ez<^f+lpKo7POAGJmYd$M$Wh_B#r*%_9nhb0HgG<xS1$1
zsMhG<cXE2gR=#<BIcsrHR2Mg}jD{Nt>~twW*4<VYU{}9VH?g3UJN%KhD?{WIn>_)w
z=y^(#q{okzL#gTnCaq#Lr<e9wUF9}G5z_WMr^AEW6NmJVQ)&aV+V0u)^t*R@(2C&h
zbtfSr@<r8EwzxZv*6l$q<0ThQQ;dKyLgHqej-gdYGTLfim~z@7!2nW7#?szZ6{aA)
z(-fEGR|Gc#s+MPLDS?*}%ke9o*eiCfUl6)W)Y47Wu4F>D;A)%nKC2-d&UkG2SsA~~
zRVG!bC#+DYCd81F9&`6zU0*>YBGX5NH(Rs6=%X*ootvFI>p{Cd_w!zOQ+K4pt`&T?
z+VJa#@Hl$kRG;E&;~&(y2=Y1E8c0cP=4^~HwoL+3c<z|4zXFzY8yBVJc>^(g-kmP>
z{r20+*f;&W%eAL};2ZBHvI0_*XR2|nji)$Aj5s9NG7>y^qqRuQv?{)nZ=M~bXZ-Co
zzR6+GODYfz(F*3y?U_XUhy7W<SAn*<^I1Ock)QET<P#IlpCW{mxRIC6o$wqwtXQlr
z_Lgd!9p%>i-WZ*(lw2VpgQnDN|6X!jP;~-iMBdS30`5wc+~Avuo5<6aoFQ!#3Avns
z*3o*>aMpUpWtXKF1j}w&9`per9v85*<*XTFByb;$e>`-nUY0Tyz8`_QIIi8lGb}wy
zMrbLSfkyZ53E4;_Q=W~Su~`K9q&tLLb8{2DI~U!W!0B#9Lz6Q4GQZ8@<9#C}VK3}9
ze=8otYyU<;lRDu9C~7J>W{}m7t}z=<VC4Yd6FE+a#y?Z;iDsX{G1ZOM*URV}tWYim
z>kdvbf2n)c5Vk)_-GoE0Hg1-mx=piO@XBio-3t=A=GRW!23Vf6A7*Sw^_;eSmx{aZ
z4SSEzi@*8R2S<3Md$wB`b08IbGccbqkz+5O8OY)J^wu74$wDYU3i2qTquz$^b!_lm
ztV^I7>0qHc2uMtbhY@g|rSt=U{X*c7w6sGy?vqQaF0I1-@7xD>h&K;Hp57K)Ub~BR
zkKb(!m!N?k^^dMDXPK8sOdbvwdHsfq7Yo0fi8NWxUST(!VBC&zrk30a(l3qYuawpA
z@p08{A#6ObZ`%*;<YNhk*H74jc^ne4M$84`7`4QKxV6-RVbR=Ml3&0fwAoJ(w>f(G
zNLL^4_8<)*B@-<=3p%3}CZi}z3WPgHlI1e1ltU$jFJ1OF%MF!AgL8LZ`l6|1N?iGO
zh7C=L=XkgI8VuepV2`I=!4L2KPUb{3cxc5McDuM97@ha}$;qRA*idF*T+9BALqf{v
z=riGiz(~jVEBGQGk<GMD+k>KClu0#vBmI8VsB1oL99CPDdozvXI0^9`A&fNs?%1b$
z4>oC81`3NyBiee_dw3<GmcnE0X~@Hu6^<M&zS|yS3Y*T~uMfnZ8y+GkBTGEQTnbJ9
ztm_&}c>~n^KjS<3`K%QFBc^_wB=Y_>$NBd(p%llJZ8coCs4C6=I{8#<`|}^peD>)J
zo4SIg%S%g#h1@OC+sEN8M-<2U`kjFN=qT-t)mkOUF~W#wy)?z$*0Tslf>RztP=Bau
zHF}%z%{as*>r-D&(AfMuAF57xV}CEE9-*tFY>qa+hFvse^bWOARLO>C6<h&id0Sw4
zam8WO(^02S+CV2AHdOB%{@Mrc928s0DU2!Jj|=CXzS_oKMWxw|^yKi>ijwsw(xd**
zO@r}Sri`SWi{Xm<aqK@VN0NZ^6n6lw99i#r6zKAJdew%&F-%_K4T|^S#;^dh2G$G^
zxGew@&l*_FaL=FIJ@N{G3dLW6q<Y2k?oi^sd#3||lwpOe*hi!)zpdB+u|d)gFwZzL
zGDGCNAAQsKotc1oq-T;(4h-2oB9X)RJBI<Pc*@XZy{Vo73gL|L8Z%`X>I3gye|VRG
z$Qa9q8tWClOhy8Wbl^3MCTZ*xc1kYb-1zNbcNUDNu6)I$Wnid@jvo`c3l+NAjM-fx
zNpUK;qxd<%NwWd0Pjcgs>~KVXz5IQxl@B^`Oc{zFqHKm)Gk=9nPu%>hc(UnX;1=F_
z$HZr4z1fc;#-NZ!myCcR;gE_T1o`|m98ZHHB98&M)XMo-F|hx5xiGNFKM8QxUtRQ%
zGdb*L25F+nuAFGPVk<OUmru7#Der43j3(6KF7+w0(f%3Nzg~ojaXkkxxY)OQL_I7U
zA$!~mdha?5YAL_;kZezO;PR;OAgtAM$0Fu&$6QrTK-$sOB^sz~`0-&U)^bd*xeHW}
zR=@GLr|siTlTjWu-03R#qiLIxFRDo|tLjp5ZtK;WCAqoQ`#wPr-c+chtvk>2zKK+{
z@I0rIL*d{uTD=b)eWYF~B(9t9_@D*zQ#7ZoAD{iNSLpp*a9+I4>;X&KqSf5iIZ~O)
zhld+fMzb8tZDUM4pSuxnx1!6z6{~(#R%O9>f4i?wGx`(3hpXK^?!j4$R8ymAb!rhr
zCD&7Zz8jJp1R}_U{rkxxQSbU+Co{&X<OyybSBFa`D;u*J@BEgNwF8HDx8v0(hPKl>
zyCek6C8mFU204jE(RqOhGNEam-><;UI+Do$kFl=|i|YHrMMMz;Bm~JpYD7wrZUvO?
zPNh3%=pj_3q&tR^mQEQ;5a}K|L^_7<<{tEi_`mnd^_dSohdF2V*?X<E*Lv5x*4D;)
z@mroL<qXl?&h2NK0yi6`pM-aiV_pDBa9+pxt`Dp>bk#7aiLTGxg6AcXp4;u;ug`lB
za0Sx2pW;gzdy^kv@fWV{v>==7Df*qxVZ>bIA25D{A|ZD$oYF&d(aCSc+`+@X{}f{*
zkS=!L{7p?};ll6~<Y6pW$>wS?(QeJsUPCR-d_k-wM|RgmMWa16{YSs9mAJIag0_3J
z6~U6znExr)Zy`9t{Wdf{H_6@n8`PlO1_U%c^v1FJKG_z`=Y+WI=^j+8jAY|asExc%
z`(OzNl^{D6d~!JBek|IQAH?N!vrFxy5W2TX>T%TA^ZfdS@8lWodH)YIaM$Y{zKNaf
z<D+}h$eY6~Em^i4Jh(IUJfAWu+J0uB{BxZAl(yAft@TM94{7Y&GDW7dl~u|3{QYUG
z=ih4VmB^QRj_c^=zEptq`Ri7`e8ziAX_Hfcmrgxie!1X#s4bkwc%oCrLc~8XYMgHM
z1c51#mcMFNRqdojWOnxDhM&*9^Z2H+6<MT&_8FdRf7GzKOnH=mn~Yszc1QIr?($@H
z67R9n$=8t_`{p{#>lvE5&1*(j<hN!YcwNQJkps=kRD-qGp$wWY%q7BTyv?dV`Ro3O
zG?UlmOlKUD&NP^`;^EIIHHSw`jE+O}lCbc^-_j*`Yx&pHknQKLy#5|7n;V-(9j~7K
zp>?0_Znu2FPP*ed(8)=XR(Rp7sA^v-Q-G;bRorQJ-DKk-+YV@GYCpLT%d3IY%Z6TB
zAf0|UuDETD)tc;v>m*3ia%OcP*?FDBnv?TL)MAdIkHv~~w36iUZrL3ZgQ+)h@_V`@
zW3`^kfr<Lo6>Wsf!MV-7ngzI^aIiM{#9mNSoJE+9094RV9#4FsnlQKMpwY5~m)O)p
zAyLqWqQ;I-d&mm*?#vIr>5w|uw`)YNsTRJuxmOo2Gwqpci!OMw@qU-NWxe(|=%7Tu
zIp{;NQNe9?0qwgXrWg`LT`AwX^HWeCIZ~quGfU;eOch&wofs2^kH>V?5^-_U?~5eg
z3q0E`f^5GJP*}u3R@2>g>6Yk771v2-3WV7cLdiWqOj&AD)GWiI+dsc1jy|W6i9ra6
z66G?LRK)9Yd0HhEkIKAs*-cg_IvW~{Cy)Fv)>D7RR^vvYtqh#nGzcB(e?B97Eg0#{
z2*4pjd(D~!#(O~%AQQdXx4UnuEZ5XrP!;=4VTyCvPFwtJ+q2syPp!ql+u28=0SQ{%
z3+#o|fi;J$E(Q)3#ztrDEPcwHy2j7_9XM`u?p3cZMP>_k-1#&{y9hcLX#IK+SoH$Q
zIcm?bFz5f8ZkTUgP>7RkTZzw+6CQMDj)eBxB%%E;FH8-PyR%y{PFMp8Ke_WfUv(m3
z?a6gGvVgyg)P~O6m?c#q(6fRmo+F)3I<CjllmT)_K9$3;RWocnNwAk`xkY05Ytj3x
z)<;8qU)+*D?Q!l-4Xc#d4@eDB&t(T>yq>9c7w6vG%lkxJL7vm(8^j<$aRzk*4RQ)5
zQLwoBSn<@xl2=W!mvz?mbzk-ZI1iQQrC?Z-<NNHwpYitoD)mgxaGsiWGt^=NyuFkl
zN%L^X9`_!b0uY?@s}PRWVFp;GX1u5PbPl%}{hSEG*m)AGGo`p+=<RqOc~fJu+UBOT
zhm{A3Qcn^(i&Pm@D%**PiA9%0lFCOaBb}iGl=|b&(qV8{x@LY}2B+Bu*FEO+l<T)w
z?Df~StLFRzOH;Y*Pyv32wWK%4EP)vROWQzsu0$ixCqb&H9=dH)*MRdSc9!S!4`k~s
zz^Qa22{p?ui279>sm{F_3W#Qn;))2fyhp(SH){!%DeZc_JKJZf;+)|W{M`h12MfdK
z)p1B}b7&|4?;6dTw)Q1UME6M6KhGAlmMlj}E+}=Rh^B{naB*{UZ_+IvHB^+sjveBD
zC&&&=?2{KcP16TFj>|{bPO^{nHN#VIOy_#TO^;O-7e8&Fe(H0dDCdv}&VZwOOD)Gt
zj<-KA7TIg|EWWE+c_s~8%2QlP3tzC`vfnA$uNbzJU6b9H(lxJoE?`B!Ml{*%mfn-b
zRAM4hlL%SB)HJ<gjmeVussa-Kc8r(~|Cq-*M_2YsG&F5*mCB=t_o0=?xxf)*IGO8a
z@36F{)5*iQ@_ffR+ubzSK`vW#OXpJJ!pmc8Rgu>o)lD?-{3=o*L=oGbXo5oWxX#HU
zVRev<i4D6rP`+=zl(NR0WV11Juh&mac|P`W#y4Wfj3sHVvVu<M@lJJpq$(EtbPOl?
zEx+ohpJnQq&ZfPB$Jsu|@dX-SH#?c%;tb<s8<cpMXKBd^e@@Z=`~v>^#Qk6dBsQ*M
zoP6&dSJhh!R3VV6OMozFlZv~I22w~;zYEo^6S0(GG%9P=C^P3_i&83<uD2b$oo<-u
zFPP~uvk>HyUtVE;e6KW&OXsi@JKsk|(KcJ$#_7|RW1g}gL*iTHV$DD(RDNcLWoV~h
zyqTM@AeG-C^xWr}Q^yfeZ%A$EgFE)tzy4$e4Su}*v1VZ(!~_Ki@Gne5nHwu;$K*2C
z%q@&g*V8Pw3tGGKHokJFD15<i`Z8ca+Kt1My5am;U$f+-urU$5%A`+zAI#TWtEO)4
zz8xg+EbLZMO=STyq9Og5w>{L>h~@4G6Wt@k>C&~LNa4(yBo`jwXGHtmTjXvFI)Wyi
zn-kq59e?JGQN4U1L&SrqIkmQFI~~f;IN#$MrAeB{QQ0eFYoKGb1E5}00Ol=qlU^aD
z;?&*}dMiH$$m$@+rWSd3E*HN|dwl6m1^?%<l;+@bBJVSSAszKELC)J83xCpz53GNu
z6}uwKmLJmG0NwjIRurQwpmSQPa;~r_bMnncJv4#jDDMX&;z5Ex4vS{Vu2!{Pw5s{Q
zZf&=>ep$&f^><-re7Uj6YW5M7SLM6_VtWZdMl-yO;=@!MZ|*0W2%6}re9b6`lbR~h
zo&h=iI-WfcXtZq>*&Xy(o;|Bvx{gvmYKV43D%ZC>sorGY*$OPelxCZ0;cCA*P;m-%
z4r4wrcx6GVId;U9IfFFU;iI!Qb<`FLrmzp+H;1rkCVtQ1)Gv2GLRH>F1kru8`iwnK
zc7x^I6S4a#4X-%eVy9Z$%5th|sgxz+x&MWr@sO*NbpYtn2X(9y$}mdXFauhv=4vVX
z=$JYxXHwgxBom3*+RDD{aD4`t-zZyHSlP~65qan2@jS@xXO26|Spjfd&r1)Zx#h3Q
zMFZ^kju2Ab<!`UOnum|2EZT=(6S0IlsMd*qqz?Q>+Wd0aUfmmbLW-i&*WjzP!Ygr2
zL=kCnvyBb*`nbk)7pD|)lsoc<9YRpwdFmG4sZyP@*mc>+rVvRl#-f2GQeeG#Z``5H
z@k94gimWX^a~7;xJewZK@aJ@YFh&t*AzjSmkvi6lt=o$!eN)!|h$Ttjea3n~O@JIl
zLZO?D$AD2yg<Ls+nv+UqBsd`Q+pUb%n%Cx#OYc$s@(>-|b5-nJCrPi*x@y6hdI6|)
zGR+ZnoUEAbh7N|G3F62}f0`J7>zzb7PWYa;-K&fEK|Yh(^}RaZy5aJYn*_(3@(`cB
zWbi_**;)O%aCl-(AL4azh30F_qaWqL_+_Rvr>}ZH^h`jimnL_XgO?U5DC%ncPGVzT
zO>S(PkaaGc-VYECj?C@QuXY7{Tl3H(SV>?TKfV+!J)fPvkOPC`fsTa(L68h*(8~SE
z=Wnd*U*p%b#3UsS^-+{8Jl`p)pz9@0pxJ&~o>!Io(7a;zfE@}ua<A&-&bPEYmzq}`
zTP~ioe;d}kUloHH4AG4M5^y=uXx63$J5JvkyTz1O*NyKE8{F^`y2z06emkrRUg&tX
zZY*K90`OZkN=-r=pV)54JkvLs?}+saWG#$5e<I=F8z@#DT^t=jBwIp2N*`cQ6H#{8
zdnLY1)Q;3cB~L>XcC;f-Xr*;L-x>eK&1#0sNW!~<#}y`3cW7tF=+zc69QLEWNO$|X
zw4?(Ih2YaZGjym9BDrZ&Foto~gjZ0T--h5uMpt`6Olp0K+!#h%dwcc;;zDR)84NF(
z@m?M3|D-t@OIP5|Q2uVou>p7qM>3o$;2h!}4*NUOKx&YWaeQD2sPth}e|d2zV{&CQ
zT=2$?y<?{It}tu$H?2PXqQ?BDmZMPkst5~AZL8jeDNjO##WK~tO=OkN(LL`j$ZbN_
zp&BU6?yqs(UraEp<@;##4QlmeCcZdK8grFW4vHR-Ic{DKZyp}&Qg&3WqUeD6AiH>c
zWKNWi``6WTC&U;6%MXrT%nM}tm8Qd+{jJg|<bc2-O~iBkIosG*eZ}RpPhUnaJabOK
z@z0&xe$3#-n%gg0tP@?cQW_YczFfT1$=k}HblnAcku^@_5xl?k0PH>Dyut6IS^N~@
zZYa&s1ozIu1-J%6c<4u?ErvhkXChhih8Q5ZLr@16o=}YiMtgqJ;0B<-bqC{%wY2@D
z_^7~5YNPvEQj~AjNVQ76Ua4BOYTuhAJ+Mp~hl7l6{)wOnuZg>zLYS*hw%X~Pde@hN
zGqJbyaek-Vfw)yH;M;!~g6Xbk<~a2Qeh{$^?%=;2%T8^6{B^q0d1tQE*!XW|l+yUt
zhV+X4LRUJl8nYb<PeXHXxfYY(FNR4nXUF01<g1|X@q0g5M+RvN=BYH>{22ur`b*F7
z21%A0rJN8Tz$X@?+**O+@R*!$-Mx$R=qj!UcosLWG0?AY@8R(fbYl(PwEpy)&F}{o
zAQq=QSo|E^r>tG~Ss94$La$Lh{wKckiUZ3z{dl0N_IZOd?$>`o`R_owMfPG)hun@G
zKr$JKjQ@NnU!qN#ywkn$`w?Cw;BPEFyW84%>=d_dwmd`!c&a6}))g<_-z3IYti^nn
z_H@$Y`qSTO^{gA{CuMp7B_X5XrIv%)HAj`ZML?a^Xr;ZeN@Lue7j2yJEkiq%;wMAu
z-;Fh7-i<v)bmlSgu(Y1HAj<r@ETtANMv%;WYoksw;XY5DY&o-DeN60&WacxW5EQlK
z*~a?kZPyU*pwa*We#tz026On@!V1b_8@V=^iGX~~EJTPk;9Lc;2G6e1c&oc@-RHTw
zrbGl>8xX~F|L1)Juz;v^I^3t{DzTr8xDZ(8u#M}#rR6vLqArCd{+2MQ`qLd)uXKN!
zIR3GHOWDp7Z*#iFu-920+wN?6rBsIJ={QNkogQVBbMA@cIrjrHWleAWjxwz~?Ki(N
zv%NVYG4%pc{}=1vWd`<4D;y1-&lZ*mVjh!bv6y@{R$-mFYE3R_9vzb=P0K+aD&AkP
zD4|hm_$<&Ydb*&%&$gcdwlr~!nL!|tQ1m<>qVH!PSKVhl?M8AGjOvs45bo-8<G=U4
zKgI8Tz?4OS{)h6Tz<Yc6Osbd-(L!KuQuGv_EO`-;^;AiHQg^}_?OD_XNp^y?L_X()
z^&3s~U+CNgq~wAz=)TKu$uO=5vzMZL$X5K#h4ZsA$GV9@>$=(9n;lel+IK#_V7YH|
ze~~kUS@Q@?l2^gytekgvxZ^a!3qfvnrjC_YKX@|M(VI8kavOkD->;Ns2s7*k1ZAnB
zsOGY9&Uu!R(0KO0kq@l@-sZ9qGNadhh=smltZ^ZAsn?+$jDm0X7TK&D2=Grs4DkZ`
znIAxtDHsB>Bg~Dy)Gj4st`;M)q5sMKUp()Qmk=nfbWWS(Xqs3h%#c<s%8D>BYbbo}
z<PC$RU#`t=d}-fLy`LQM9|fTv7Lsf`kMj6j>`FUFx($^y4UZ-i#=F<{PabQypa`Om
ziHDHOhUD3>sul@4us!&vh_>#*;M)EfY-g$Pg>BKNB(+z_^4L`yBq4?1$BaCb<-D4+
zK<`(#gB^clxOjgheJMlgXF(l(y!yKu?gN`CcmJ3od5nX2<pWa9mnpX;Rg^wh5bK$a
zQXR>OfD%~OB0j|lF=KuQzsA-kByTrxF(t}A{<>7UPQrrOLAa25PX%vx$(e~Bu{BSo
zMj<veAhg|1!hbs`K({r3gN8oF-J>$2&eA}I@%0D5RW|)pX1?Bsry+k%MbcOC&5C1e
zf)o2ZL8Ty|QQz(7X3xN$N=ZrQK#Kg)#u9NRQTW%Q(F=cgrE<3}yu7oHj<=#=X8yzN
z3%Tg$yH+dE#;zc#J^z@?Yx;Y(;~*0?NH8r42O0OwuVbv^XB>WW_#!?d6C&a4X|8Q2
z#`S_j@ozNp$g@75#DrtBxx?+f9KMj^Rcge{2ga{?0~Y*51;fhD%meA0osC7K>e@5k
z|LC%i4BoG~P=6CDljuq-m{jURrq>qltn<c1JF%Cd!k<3P)}SeLGO|ELu206F3c!0>
z=R&bhg(Q~nT$XC&m~LdNj5vw>^q)As+o_F5JV|4;&o{(UZf8=SrmLZ4(cEOqOiE(D
z?avh}Tj1^<yCE@qE=n<9&+o0nmV)_PO?~g%Xg*+*^e!5BX?~+uhuCoJS4%!-&zbZn
z8s#mez;DFlCIeWQuPN}jqpX%V-V+9`m?Ro43kx&<eCXPfHu*U2J|aGdbN#u6%Wg9S
zf)hNZ0YA+lg!_H|9R)G=&K#3Z)`UC7kGU+SU-~;+JEbE6YsGrG6N58D{ku!YtK}lL
zwA)MUm~~Q8TL<pZd&8`I)3^Bls3_mH5~YV6``8*F2I5b&o?%Zl#Pu5KdWsDtQS)D9
z;5@wv-1gJ(%6^B{QBfw1QXA9F0+Q!OcRLffksdyGiwrzlv5Raa*1-EuY`9%msSHi^
z>0#*|3elC?5Ua2;)qE{+fd0>eGj}{(?Q9>}owr`U+z?V>S^zYWpsgYb20b)o_u^sE
z4mqm2Z*Hbzv<qGSCQlH<!(y+OlU><hEra)%g(VZ{#iU+P*V2lmr$CQCTw;u4`5b2(
zIQ8XmdM)6`5VGh<B`l~F=oaa8HWV0VpM*MK`;Mh|DF~!4@PJZ>puOhV?RxDz72m(W
z7k+*%g0<_m@G*w1#2l`Wnb~DIt0y?mNfmyp4x%%ubN_g1Kf%_h^ZNUo0d_AoI=8Ur
zI+V{G3$6yAG*OVWA=DN0wOZoA#(K-N+4S^c552%sncB~WHJeVhZY%mTOSPg$w)~<F
z<`dJGHHo=n-%KV%N$&-?`~)y|8HJg<tiMzTTNq%hj~PGwVX21nVhr{wF6f9#*4}ld
z18QUJiq)LvB8SwF&%Wev0eejh+JyrGD!jzRbLqZ)`LH*dd^%fHSs8-<_9vk+bQlrv
zbG+0@Qa}F2`t{c3ZLeQ{HY6$xfXDS3$Y<QZxnFq8VziWg?ikC9nH_yy$|Lj)|0u#l
zi6xGGLnlrkgQ&Mjo$c)`zmi_qi_vv5#8gs6-?JS-7mF4p8t?2WZ}vX|!-H`!e^P0`
z&=*9`+qV=Xz%BMG`8{^3By%MVrg0RvBF|<{Qt!}Eq&$jVF?&75n*f_BJu^R1mf!d+
z*h-*-&uMFopKU5BNq)biW8U^hv6@1QYum+Z{@%dpZrS|KehhvvKLB>R4aztC2704h
z&39rsV=?M}3h91`LXy_;`6c@8U|}B?Ir~BRx4%O7)f5(|aFz*fap9XAYghGIDiF3h
zC=f0UMvtXUs1NQve*Y)UAykY13zb&A`~x*gzv`#v2MU$ZWT`>sb1WB+H$PK9e;&5S
z8;~E*o`@hCE*J-R0mBUsB%PlV7o=qehQE7uweKenV%gxeV5PWWbHCGw?o6q)=P2aK
zSnwCWvzgeSAt?Ot{-sBRhGCW{#N|c+T`dXKson!aCO%b2<2j*gvl)_k8|w(E!Uw|L
zosDD>%k`X{d(SdII30bR@4ofw%GdJZq5P)Vq@AB29iGoRX`=U2SfA+@#nE%b)DL@l
zITH%Dsq<KCZmjrn$unoxHTvB5_8%Vo<Bc?7wGi5VBgnm{C;9dx`#SyIjeT-^jJ=B8
z*mus(>_fH}8};R9mhhU)@xfgGi3h{}bMd!Ak?O>y@zS{BZ>`|4j!POJFbf~hz;4wN
zEes##3k_nB!s%b0DsO+l3VTWS;ri8k+l6>W-q#pwq@!o^ONu1eQlzD0Ddh-OALULB
zRip2y*S#i%b@gp7tcZ2Kc}sl;e74F*neVmA-2t++n2Jg1*UbBM?0=lq-|7~QA*IrC
zzJSr=mK*uKg)dK8_>0Bej{0o9jRqkv<$9d|cJbdn()gn{V6TL`am~_BBXW4clB0;*
zNV=m2<L{5m_g=%@-Phz=Qezugch!1Q?Zair_x0d|lHBvSwEsP$#Twl%&!AP;7#x<p
zSS*JJSCpuV()$ecYs(%5Z$)OUehBiBtFVIm)wxzDCx1J#iCyUKQ!lUWrE!{Kf|v#5
z`JJTRyLv?-N*}BkwjxYz*Dc)AyxBmqM7oSiU;g*2`FfTqwA_@g(h6z8w!C^}G<0q$
z$}oa6q4=|HDQsDM#eY*-Vj`4IZx5(lTwyoL1hQqRcuW6v{b!$gQ3}FN*3xu)bF_VC
zH`t!B|2sb-7^(XNwVeCbek(oyGm`HZsp4<3yK(>br(Ob1ES`|b%|9OKg%fH)`;Db7
zO1O<mv^xwccAFjdB7*);O(<mn-+0G)dZO5Df<4lKQ?r*goG+t1w78K98k*{J>BqX!
zej5_0WIm$5174yA{y;?U!nxGkG{OQGkO3_Lw4)5+d$23bqinuKK;iDB$>3_$mnIq{
zeGmChy7K;pBpQRayLdhJ<si^7>|y{^hfJU{hU7}l4`@BpdRXX(uck@}8y`R~zJrPW
zed9U+Dm$XR!Fx4jEpO4iCzvY}ySNV|<IX!!+<ekf|FgolUJZt_(rJbS8Q-ya*+R)j
zuSSlBQS9sKj#VC^eiQwgIiUif-|7q_Pvxx#S7SBv7b-m7KrP`=9}h*GSMM?qJ5!<g
zSwP|=M2lsOx#jug@0$F#_+D<5--g6tdAV6xzA~C9sQO(Iu)>bUGKcmcN32eh#M_Ld
zM~#;>Xh4?Agn-3k5^B1CC08L!7qIma@k_U>YjSrk;6ZeQyZ^+9u`<A||6h;W*jknn
z6!yjW=Z(D3RBoGJWBvG#J(B_=m#4_?`_or)?Dgb+NVI8yfhvMAKa}7$me@a2t`D%v
zU<qy&78;I{=@X{y&|YWp1+~$x5#1rE;HA7#>SEDUS=}Zonn6T}`Ui^j1`yQf###y1
zogs^a6=Ja2cdo?5i;P<C;0F;ZmwvVG+?|_)T?+GRz(U_xuI2u}s}8We4`%hut|sbN
zG+Nlpy0ka{OfmOGkcXY5^{+&n;0Y-#MiZ=Di2+~)fRJ%2JRtk8^v!Z!a|We~WlSl*
zQiz$XV~F|VoBg)RYQTC-6J2JOFCOE0``iV!yCWVR)PGWC?fH+z6#`TaW68H%L{?YU
z<M`NPi{QnstmgWFt20r&5alm3s#U6y7WF}>an%>a$NwoRa0^#KEXnnX$}%9!D7t*6
zFleb`SR_pcJvS&H7@$ZClw9)K-;epEFAP2W0J>TiG%rSKPuJTeD<2+dU0uz>y5Io5
zd*b%)a!>ITio$)I`^Cv|WmsNSIFrw+7zQ)u9V(M)(_rDj&PYvdD2{f>-)<fuyzQOJ
zW3|AukLwzmJ67dbU>E@UXTE&^K{}OtckfDzXSuw9)4g^o$dafs{#gdfkWau@!*O5o
zUVRk^=V9#{sjOiQi~_B<E=z2H*~|$5tiv)Dmf+Pdh5Wcsi_KQy#j9(-0)!3(cg8+<
zWz^-DOj=D3W_Ia_&k#!GAdHh>QRNmRVP+K(E4x3dCWE>J6o^{g6AZJf#CtaxjK8id
z;NQJz+7j}}UHBvUe<PaZyH=UlCNk&p1R9lV?|vgMUS{7m3VsS-jnx3CE*Xi$jW@2q
zgEBG7FRHg$sy7-)UeBF;Y2Z%Q<VBV0v{m<keHI&4MiahxX+?9K7Mra#LroVD5$aJ<
zQEhS;pwOR>v)Hfwx^w;q*fr5Q4|{93RwO~0_2Bc5Kc5|5XMZTe;?D0~sGvrS&-V8Y
z%8*?QD^f>7Z|n1W{AcPG@@;WS2ltM4>AR6Vj<p$iniYL};QdV3i~>=Gm|bHs{44Fg
z#);nP+Q+_Nomz(KG)op3%=;XfvTt(Ymv>Q+&~Grz=HjSKZ@9ZxlnDB#LIMpv?i+_j
zg%M}3P+mX;sg_i?WrEo0yBm!-nOonV4FgA^V_b4~0B^;B-;2rIbS?9J)}(0=q`*>h
zxp-e4;b9~`PEe%q(C7MtD}ijehhCSobDNxh)p=Ri>j3M93ler-^ZsMP3ANcCud8|G
zFaL!?7?~{AKN}-(PsM}-DLD+{#UJ}E8!}`J%gxi1?6tz^Jl@+H9xNJpnO_pwKx*~%
z5!ko=i(x{zEz%s$Y_AKfd7gb#<yr>N(Bc`~c|NwQQ0`A4_<Mp>(Y^J-oypAio&b%W
zRI5n(KWwG=P~>1$uum)EF|#aKt@6mvxa(1`lN!JyeyA)niZ&}Ok2fFcyflVeidHzR
zYOKBcN8R0UZ}lPdP5ZOtOU=e!)bf0L%#I#*Kci3b$al6Dv7&5DnyLL{rh)K3<7OA?
zS<BH@)+Y_NcP!`L?OTh`i_T-^I;;WZ4htT*n3s25v;EIc{;j)8p+Y;va~o0o$`J3h
zE71VBL=u#71V$)~`<zz_<|#A)n6+FUVW%rm@XEa~^eEX!beEC{JVhCN-&J<%$b;0H
zQ)NQ`Hbq-on+Y;Qy3}!92c`Uk9+Jnd=v>@lE>z&q8!&seHA>7JkVxy1W_f<Pp9z#u
z$-RBM(q9NG)<-(dLE69Q_KkMBnl2>XhZa=C-bBEL-m<<n`8(q+;^<+n8~bGTvFQQ|
z?R=2#CsEvwv;c=K60MAVvc6fjDZ$SNZO6Ye4-QQwYCWahL>d;&ahzF<6nhICuRP~j
z&id^3{BXL86|r&Hy)=E!>r01iC5_ontx=NEz+kX=<?JNmdGSczt~)z2=Q;TGJ{xF%
z8TqbF^#-`9<8yU&LhZ?xB+p9Wcej+U$DN&Q%W3nF&1Zpm4^-j4M|Nn`m(uE04VE)*
zw+Cv<fb%KiW>2wfuJ`1sKOe2IPSOnjvNoAsWxCkwboiBl?9zIpVYuODm86AyW_axD
zCSFn?x83YpxiK`5Zb$Z2_XKt=d&isUYLWU)6=DhwYRVlac4Xk@+7sU&a|X{dXm*hP
zCn4jvHg=J_B+E|+Idlw{rrqS;?;?VSotJ7Xpmn2+)bzR1qYv*~ZI!GMLRK{1Q?zV3
zI@fbNcE_DMa;<v;G9sqM$DN*LUF~k<UK<{ZP1NoZ9@-0uM02kcT8ztnVeo9uY@6<+
zZdLO($2`3nqf(^M8jbhI#zM`t3`39Dm$b_1@6N8IFJu*?;Ri%=;Vs*lBT-N2YYK56
zkS#91_8Iep+g1u>(V9>>PFsf7+e=0j$)ru!=ZmST8kd#+IPq1@ZIrq!KM~o6q=wjA
zji<{k!^^4mRU^au6f?tN4*PfinI{7ZFMnAR%LQH&pb6y8VUzJ<SOfkN%lUCwZFQAL
zx|;nH`q`0t2}cj1HB)VE`?z)uL#w8UH-V>-E-C7mJ*znRDPG1&lEGa%Chygs`a~rO
z?VMBtJaL0Hi&W;-RgRPYeBTQXnvv=a#aFu96vDzsrGBnYG!k8+GBee;zzbn7Z||g=
zvcSbS$9V<MN+WaA=jJ3$wR~D6rebk=cp3ctcp$0xg4+6)+$>Iq`Xmn9-UNy4!4eH9
zleIflODFZ@)2GS*IQ86Ol>1>X1;noxe0CM6jCjQYabpnsj?2cPWL5JpP8Yjof9jEl
z=yemdAChbZPLDc&lkK_wknO`R$o6C;<IJ46bHCPEGyX8iF2Il5UK=RLY5jFmp1O3}
zlXWsJdV_~v<&cRPj}$}Wvj`&<5sE5ipble?&(M;%d6TtVxXWCmJMe3u0KfIq2ezl<
z-6nfAAjMy9ipKgSyL^bL?7gVclJP|)m-_|Pe!~900mF;<ROlw&tpthp%;RDeCt1)n
zK@&Wmy3@xl)3vqF9#}IJB#2DePOM-`cc`|uy50-;2+*`SrM^>X{?O7r8!k5CpU1ci
z>Hz!Hf`{%!g@6rgvrT6W=PxYnyNT(-b|X)d#ecEI9qgi$v{t2h2`I(TA|=S^z;3Qe
z=nspSNvb?w>MN^;1N3GA33@8g!F6R9<qE4NwzJGL$}{r0iOlB1@OaLd2<8X1DM05$
z|E0m^Y$TK!h4@NTqZvOe^q)s0REyU$B+lIap0GoBw6rTQd}lih&@vNky68Ky4_yUM
zQzfYx%sXa<a7nMU!c(Xd_pzJxR>30wOdY_Df^7aE8X6bd_=5ufF|Q#-7<%y?Wn_9@
zm6^dwXif65LOEL47IH$o`<v~)|8V*MSbmw2K3BI+!18A`cTJXk_0Znx*plaU><#{Q
z?9Sz0MUd65C64f=S-PO00!F3~iW)36Y$s%RCIvO@;P%tXe(qykd)TDcm!r%uiA0=!
zQrW2pu0SF|*5Cb8tj(VOmGT~p<&~uwpzd6LtlTpD>(>~7#)?0bX$nn-D$j#`6u29I
z(vSEkf}zg0V=MYeIjy9CHWDQ|@zkrWP1X}%DfnH_-a_`nb|LF-+cn(}9xd0NV=wC-
zn%@hrymIn{f^d5dF`{b{3-bYk=xnbyoGwX(3eP@a7pr&(UsZ6FSYv2SDiw#*qGqX~
z6`R$Ngoi&p972gd=RpgM#Krxh>36Q|jGUhk+!Cbfk8%5I7SOzSsDYeISC9UitBWmU
zfW!NIL5mXa>RQ%w;2P>~&G9!k-IQ^(C;Jrs>6#PS_?myi8n1`fV6cH9^+Dc(bSvl*
z{&tKjEsb}jqs+6vn*oqWj0Jqth|rYlS8^~*0i>Y*KfZPgP)oM_IW&O9^A4yyZQ=gG
zb`^mnKfzeu0eXSsaUETG>1elTC=2JvNe16OhP_EF%s3+IQ>5LOo7^CU%uMae|4K!7
z*~&iu!E>&QpG(kWlKj^MprKa^|4PDflM>d^7EMo2-x=9?wew9seQ)-OK$^1lT4rZF
zCvuR9rPtR5+^Y?;qRu6l@2YH;x*89q#IN{`g&na;8HlEc;?wF1dUnd&6t9i<Es4s)
z(ZgOoy7q?+`&-N_MZVE^1n0sM-4*1-fST(;pGE0z;+vVWNivF{GydIV&rDpBt7ij2
zcYqK>iS)^aBFYU@o6Bxito<vXK()M^6p&i7t^$N@*VqU%G<38Uh(vNE;``N$Wdtl5
zdGex*7t3bd5nXc=RgS0>`Tsx<uWA6UXj~nuP<;BZRG`|dNmsKO)LUf0FDak~fJ1#5
z=?8k*yDFlm_a`MDoSJFog%=-$yX0(T>ihKgsA8u%cyQpv#e9BqFjKlIQv%Bk{$|QH
zJN;$pWF{`dUG^<N^)367z#@shz%FlG)vqoQd%TQT<aS0{<{HC?B~qI?6b2PmM2Ub<
z$pPpxQsFjpNxGfoy;e)d0YKt$JK|f-;&EqUTVS4fI>RUhM>;PZX!(#Id{{k*N)S>t
zXwNMlj~p!fSq<i|Fp`F#Viu&mC?~d^lT5bSPmiQE#Chp3vqCC@IT>q1jbPKu`C(!B
z!EQV>UfXdcCECl3=^Zer_6`+ycDRFaEXvIn@XrqTY(Uw(=?CRJR|9%>tx{*1Ml!#O
zia7X!!K%JhAGUfx?U%ZPREW+Cn#V+m6hIXmBr@|#Y7nUU&>=>uWmkq>?mmOyOE~y9
zmb4Wn6!J2CXJYMRf8mYVaT*pNXZ#Nb`6<S`=NW++<*3BeLr}!ETUW~BDTIw1!eqXn
zQflF|t(30iG@z`it|&XVG()E6o&6W|1pf07efW7(!L@&G1%mq%?0>%^x4ce|!FHwN
zEp+H7)60NO`%z;r_fxQCf0VmDb%xt6zNE_~Z>D%rga?{had!ZxNHNDmzGBmrFrMA~
zmACg<U5Zn8B0q5WbJwEl?Om<mit2*U_VM{ido~e*E3u_?y;W*9;1B#u6%U~i4!c`y
z0H=AKx<D)uo8CVnW1$X)Mj@CDB~9IZ;r;Mcje@ZQ?MBTCtMrR%ZlHV{2L5=Dge@89
zg!+`3KH|`ZvB9f7>L)SU@|A@{Lyr~q#4iVYYPF=elbpAFCJF%y3D0evS2RCD2Pbwc
zW{kitp?ySnmku9gBAV{|-A6+*Oz>5|<?$xiL|S^T7bxK&&}*mQCf^uyD8b-E4X%IC
z!DZ@iV>Q*0T8fxq4RKU=>aKn~MD!xY?rnXUb#+Zn@dA1xP(S!xc5yM&EjZ{?9>_9j
znapgInU#4(4&~fgvxs{L0bS~Qj(?T{A27Guvm*L&R}TyE1#G7X<O<aUB3g<032C4#
zfREgDr3kXJS}?Yabsl}zvr6SMy{VZEG)3qyx76g>-|QRK`cAr7U<^%tk0TJHQEnk#
z=bkri#Q=*q;<S{&B!}E*w}RfQk=Qdg)gv#d_>lJ0wVRykZ`85zBH3iadJ(ucIanY;
zM)0^<cgdQRdjCwB@iXtxZp!qup2q(0+|JJrOFPywTU?L$sz9gP3C=saL%PU{Nq5P8
zxK%9%^U2LX-a~Gl{r60z`pwu!YfGm~`KCVvsIo}IHFec3ajMTukJRHiAV619MU(?)
zk2!@OV^{-%TlV2!Kry-e76D7C>g`}saTcYl$eK5fM-wbEC7-$SSWfv$qa*~MucFSS
z&$ZkM1FKTC-9DfsObidJcE)DnMi{&oq|+T$BOAvI<W^;k(!(39dk@@MdezUF(}9YE
z1ddJ%k#GvzVB$$w!V54?%3oDc67&KaMfM7Vs%0}V>N1R9jcb)%Bhh-v;(mw*$Gz25
z+dj+(ODJkKMwv=43cJjgmhUu+h1`g?r5aCBXi=lj{m@v~&^<G8RugOR(@i^Q+uRA_
zVHF)*jx;ni_WK+CdM<7cGA-KJtKYSD3MXW|LtFQgV!+3JboD{pP8KZq?M~cixi4Y`
z7PXcr57TUtpJaDVUB>wgma;R+Bd{73(H$S?hO*Ik=c^_EbyHd%pr3X~{2bwT>Dly9
z6DLO;iowud_ps=kF+h)CAk>R+fW0+>6Nlk~Yy?8I4QtoYvF1Qh#c<m@tfWYJ%dDAN
zB2#~N-zMs5Pv_Jo4Ta_5BI-^!@6dNfj{!ecrwWeVq6k)Gc=1`+%OYHQOUA?RE}ZlT
zxyJ;S3#?-SRzPDn$e_A$I%Jx|`lr;1;n<}aq*TO8v(MA`YLl}2!S?AxnzOSvq1DJH
z!)!_Q9V-RY*A9@tR~AqzevKG#pm`2x^i}rf+A^z=V#EF>KDOzFMf>k}U8XXU<m-V*
zrW$!JwEo%w_YSkGKgYy`VB5Rqg#(}`3n-`XAB2>V`VGHH!?TLY4`)SZeI|I1v2yKs
z1P0~c+W+Di_kjwm>hQ-txf1>WspkLgd69x~Kv)#V2k117_Q5|^!HlZVatzq1vgFyF
zzpUI8e``qB^H+R40fhS3gO_JU56;-k2XmXI8{X5ge<Te08)>t8q1A=z114?|S$(oo
z#An&A(00_S-)l~fW9-Y{EjgOb7`AK2)sA51&{449Hag3n<CxE$X=sR(oG|Mu8M^yl
zW*#svXkHpLJqV~dL&|icOxVlNu)B8JZDb_T-1PPmfC;Cu(m*VYWDeSEV=pm4Lv>tC
zW$DuE#5i5uZ;6f;!B$?~;`zr0*`ar325}!Ec@}n38N91?;aztg!Lj9K;hq97x{CA7
zyHky`1@)-a>-sN~a{y%B!Y-dS|I2}Yz+pTe)i)%`vPyM2>IZ|i0%SckU6akz{YlL)
z@M63+`_KpS+D6)J^s`;Gw6q7W0+xA5|K%4!Mcx4CWn2)8E=u@jbTn4SIieeT!tfZt
z-amc}?BD2~zB1&%uA1zCwK85APQqdF&=EupcJC5K0hu88{Ru~4))_}jO~a8CmwcGt
zGsXC5<2#OE50S3h3xK3m9`<s9uv`YiSwbP0&fCz?P~|0;e$yw$Sk{KW+63HYgZFFf
z8qmH*2H1-V<7k%fmrA2u*ys&z)X^UU#x7IvY%^Hx8NtgdsFE_|22d4e1Bh;8n66!?
zc=Fi>0Yn?@rxhe%LS=t?vfXX^v)cLMjPt(2x8Jh>o2{gz^Z`>2<37#R=527x3t%PU
zO$xSvezML#XaI8YtViyma14nS7v9*hbRBy7S?rTRYxfV%Z4vZJb?z|KD^Yh1Z{9=x
zYKyX3fUXDm>AWB>D(byEr8@0)y2`P<JCo?{BTi2@DHE9z6g|*|U@i0SV^$bV&rgqV
zK6A6tMnT~17GNHF-t^&37Oblh#8h_k!TTOxu)sp392Utyxb#tmca`nVJ=D&foFv$;
zW=Vok-B-lv+rZrN?;8D?pEbrbi{dNdRSzt2koo+Na&BRoN-uFjMn+z%J2YtEJ=0z&
zR%BV#30tkf-c&Bo;Wv+usl$&Af6+Cz!(iO#GaLZfM#T}>`2aJczRuJS=b8!;juy>K
zzd(%7fF%UGw{z7|hlZ2ttT7&&#h3A9!v;jun?qabkTOHik)`)z5Z>-!oL=!NF{^M4
zS%|`rWiEb=rury=aW_m{29ZKP@qZQg&J2}opc4toRk`k4T|i~2;&C+cjCI51V;iik
zG2(XvM#*LJG*(_`!iQs2A}!KuT+5N-{5*ZN#kXDDr&N_>Fnd2TO{(+ejH_ZBPt#iF
zRs?PE?nH-Y$oC4KNf1$3fs@PKv-3PQaS<E7Z?sbBYw1q}5vz^a{Zn(`#RXhaKi#G|
zAl>uo`1Nh8qn9cYsj0k9OJ&kLhI?Odu(iS{vE+W4@)i_puIQ8xqzr9>Ni^qY$rO*o
zs>F)I5#`|=G6x?5BSvJpBCU|N5+0YqS&JjO9n4_q<Y~N+DDgSlIVXefe2KpCjhd}>
z7Ly-f>s~ME;8dGr++DssvD*=OnKcl$8x4koWh0#hg;A)I;fLVRqSZzg8S5tOm~r1@
zF~LoJ@e&?W#%YV;AeirL@%DFEnar^PKPaEUTd(C+Sb}f<lfI>36yG)R4=b%sLK_di
z^32$iHY_ED7eTPEtqrO+*^HX#Xhi|u_HjU-l|AX5OT*K`iJqXlXub2xJe@|a<6V0%
zLVT-3biiUYR-}D#KX#eIOw6ZzNwof^^itt>>_UqQixHUzfe!ZvN-E4pz#u#FC?3=>
zCrBQ?X*sa_HP>b_J;{(!kSm4FFeq@L(T4(=mus1e9V(zeNUVt>2o!z={?!Bi;&Nkd
zr5RsOlbcv!-h~<Fl(==L6~Hi}`#Iv?&wp;8)`ZA(WnD5Z1n_^E)9X?nzM%&#>>?R`
zV$&G5o?)pyHA&1)K9$-Uif|v#dqnQs;=VKJiZW^6Tkq`C5PmXT!M%3GJY-QxQKj8|
z=eAUk{`9R^cJI}gzqvfmn7vDylsPp~rC4D#k);_d*f&-$R@-R$sN3sI(qrY!-eoH=
zbE!cFo;$YA>|_RmSh4B`y}*vG(45eqH@L2zheyryBfA_IUXEPVNXlibmq=ES9Sj~r
zk|TrH4bJcbJ1r5~(S{bBq<P^2jD}S)$IHcySx_wpUO`soOEWV|eXW+mE+~Z-Y@kpv
z$~EQh*5LJWl<2lX%ebzSh0jrcS=J-i!ICPQWAB*Kd9s7j+w!nZ4Lvq2{fw0WL51?$
zR)SBWkmT=!Qg{<A>-A0fPz`ibyr>5xr8eBB6XU#M1+vKj=X=C(m!gRmde};gpRu0b
z?8Dp6gIIE&z`J;7Ub#%~c=SB5oYA)lkerUV577L_DaC!+c+%HajN)@AIzjuP?hYe2
zmrFY%5He~L4}F6cs0@R&qtn+)Lk(msXnVsEVoNLv2ews>V4m{&%Y5&llxKmT4ro4g
zESIJ`_dW@2q&K>f)f&kRX>-tezpqN1k8~o;^x3N8H+iKx+t;_%1D+P0jYdbPx0S`V
zyKRtwZdCOi9LgeT>81j7O1@ho^P2fgCRq*+UulpY`6jMUM$!#WWc^B2{8Vt{&}PQ}
z$dcq;bI<yE?YmLC;xPv<ZO8ierB3gOQ?%!}HTC12E6K@(+2|q9H~N-l8{3<*_m{uF
zc*<y1A?sgbxw5jZyuXDqWI2Kyi^?Y0&dv*?fYN<F0f>iW3Ix$<gqt)c8P;-|)}g=g
z`k}whahNUTW!e+ie4)zu!9WmYgr9Zb#WFa54R4z+Y75}306fYp`S0jQdt=sFI-dvo
zvkW=6qoVBWPuaQEO){bP9FEG|MDYsS#2;DX#h=HX_>83$Kta^aZ}0@%TWAX>4|iI&
z#<D9SZx+9{|1jylZm#4dWKi~egF8=CKQWQQLjBcg+ezw7jFGX_ICXie#gjfiQnQ(m
zO_8=3g?(ygh02{NZg5<%m8{Y{$3+LQKOYD8??Wn;9LuOoE#Rc24XfL)1PtdMJz)W}
zzB{XRB88Q@k>BWmeQ@n$Fm01IBV^q_c<{lIw%V%w>x$ssvuCmR_+KPRQPguBujQMI
zJ$k;&dZ@GtCMi}G&?~vUwAa<O?zRNZdo@0cW%~ubp#s`u*<(C>QzOvGoEQ0WH7m#P
zBdrerm`(1xE)H<j!G>j2))bZ$A82x4qZ%P<W(L1QA*6R$1+xRBQxT;_vX|oyS;v?~
zWZ7d^pt22#ej3}TXUC3Ea15D+pT!b2^tvBEkQ>r>?L)0wQ-@Q>8T3|j##F=x=Fzx!
zs5gZbM`_J}-zhXScq^&r=X&(@mr~ruGH9{7_B4A@cF#5S4s)Wo`FU<duyjKG`RAZ7
zR;=sVZp~ZHe&STJ!8B2WYM}=G>gAuv1+~IoV#(kE$9%P8gXooiR6z7XY+FO8P^GwI
z%MtGQvJ2Hv?Pyw#JfvZ4II!(G^cE5DN6%675DS<4R(4tT>9!q3D<1s=-~uEvEmHNZ
zN4sq}agDWE@5Af-Z<oj!=9dxeSsLvguLN`|odEq9L{gp#4x0|%<;P>G6ljl$y1q?)
ze^C@)Wk1YpheyT$ubw@#X=k3Io=DQ?HA*3-a8Jp#L(Fc(bZ5JC)5;YZVo5_mtcz;&
ziSJ^k?<Z%i$pt4!<R%EE+xPD|kx>WJV}YV+Z_-zlr9bDqqBr>B-tz9?dE|kL6DLm8
zIbd1^X}kv2o#U<!6=QlY$I|pJzHely%8wP!-}kHDj>{0g`(*BB-)p-Y+Kvn*%x@JQ
z*Qdn`wI(x8xQQnxyg)TJ#mbutcG)3{#Q9`Ax)8{^lC{$P9NvXS_u0>5A`4|Ck2{8C
z+W0c^B}W(tFEe65KfRXSu!0JJhewvy5!NA0`l?=IdwMx!<jK6iTNjT3t0$BC6e||v
zUN5~nJ8q{wD=H6O_2JK}ZHuPYa93|ju@q?r*euavAj^PU>&@#7E5aU)uOOopUA#NP
zSm7^MJ$Y@5r}lf^+kgsc@hp^bU^aF7hT-t=fFSJ(adk=YJ+;i;6=4Wf+3%X33t$Ck
zc-K-UFDd>>t<7f)<z4qomSW8M?nv?Uv-eC6orWJRguTwyxbpgYUD%~MUN!lSN`Qz=
zx#eB514^61{Dn1UFl0Yh4JN73WA;1~<Lsr~T4JC#z~sr^w#%}l@r{epDWW0eoKQOr
z0%IjKhORk{CpAX|=cAsbX-g85{smFKfxNQun_q{Etkn-Gi<4C5w~woY`+&~La6opa
zLz|0dT@J>i``eKOZD`Zq80teE%J++Lb*U<GWPMlFCA3Gw#p`CcP8ZeSmWZ{T^;}-d
ziIcYRQUl(fR7R~X6Lgx*jE6UeLn@PAU>8LqcA|MM_bX2!fOM@Q!P;!dO|$+6j(i2N
zV6aTpZ^hgvqUXsj>F3ej?<)xuNN~`x9F>V4(b4ON)wI#mdh5vKq%Qp8?iJs+k@;DW
z1ZmD)-E<PL0xL~NV<^mbx*XCHk^j$cB%*LCmJwR(qC}ItWpR77GbT8F`B3*ZL{doy
zwAT+3wAw%9tnfHI=%!KFx`{dozL<CrUd&gHbk>g!a_|}PyDN%qd{Ggi8N3-mq=x?m
zSS`lrcGA+(*Y<}%d(;A=EVX4ikR`Fr@T`L2#fK2}BY*Otnl>ol_sUi0(29q$W4$h9
zC1%M6&l}EU6s(GTc`~D}rN!#r+r0VQL7BKc@B!pMvl`NgG3(N*;DA(Xd%c5L8+?t5
z!5k8mP+xXW8yGq1fr(}w1IQ&UVG%xv3ht6E>A|U<DV~BsgI|~?;hx4HD#dv%>>2)H
zeisKtuzqAPk`wjg<CuXCRi(5*pXxH>q0QhA?5nlsJ>2^KD!<6$OF@+a5xierWf$nq
z<z`AsUlPH(Z_iM*w9H4}|H4_CD^y_OEX;y-Yjsd%444wWd^Z}0>=FZbzCH0J-s>r3
zh<@bKnulN>lI7Gkls#h`&HR+<Dp55^%YYKdj`~rt){M}QyzTr(+=%8O6YWzO!?fJ7
znl?W-m)*CpC;BFW1Kf#?lnPCuh!#jQfyY%0rcC{9$e@z>g1+(?p%p0~emLb&gu6th
zi=riD(SF3)Z`e0Q7=y9;I%7<5g8P_U_PF4QK5=-u+lRn@^{p6%XopKr8VyKu)XHq7
zq-*ikKvIL9#q(%R;R@BhI>7X<Q5%MiPv#{^shTr*`_Z+$Xlo{zrVGmg0iD4ZV)Lwq
z-joWcSMoH6KNR5!=jpYV0=5?!a?~z(M5_n;zb)}lD48ce&~EjCZbzqd=B~0K!&%J<
zO@Qcrbg|f~B1A=@B@z-&zRCtK#t4(qT?@B5hb*8R`2-#Gs1+WHX&WGl`~@$^3V8i)
z(vhf~2*pt4smx|WK?S0uF2o|fxF6gytxl|t$Fds+1oq={s;!v8<fmM<`XTS7AZer}
z_#&y#`b_PQWI1IhG>5-Njue!($50{tNH0l?l)ASTflZqi&XfHdpWa+EkI1TTEjK_X
z4ZzZ=;0~$A^p-k(opkEwCJI^i%)jJ<sSLyMUx76=ZPQp~5Utt}ceAIxezSDqTVHc`
zwW2tBOCV8Y<j3FsdTcU6x-3Y;M*<?nAm)IG;&k5=8|2cS!JNTq`h;Zhxrk-g=1kbj
zwHT|u8OVxq^e=!CO>{wy^AOyIlx*@Qf_RH?vw{9Z+mdXD<|_~~i*``2B&j65x!@&l
z8tv9_Yp9m+q03VB-ZEmiXx9802ocPDN0Sp?>L;ij%__-XJ_vpynIyuh)*YRMhDQ2K
zT;zq4d_0Bf%5>PvXTSUg=IiT41i8P$w3HL&IX;FbQ0Il~isXIi-1aH@5B8>v2j(d~
zg4-PkqLVm^Y{PRU7k+W!k@v09LUmb4^9mveim!8InNfYd9$Fl)i}lJvAyRoYY1v76
zYWkD%G8HW$Fhk4$szz-I$Y2o^8KC=jabE*OUV>Qc>p;@YaF5m<U)&VAhv#F3ugyvi
zJ83gG`#Ql+KYNoRjR&7{Z)sjuw&}@GAHTO%k<F)8Y`+SgmBwhX&1{sG45!K_=HF!0
zeOb?f0(XJUn!YcsTz&DVBb&kWPRZ_7gmjy7WTJS=-N#s1IBD&8g;BpP;B<WYt{`Tv
zh(Hdj5mlYCWjH>ydtYGqv8Gmx^z8TAG{%|2eiz~^m?n9vtbdg!2a4!8fdFnhQ|N3t
z1e*ffn=+Q3kkfyLPv>p%xQlj5EMnZ3X<yQydDU)FAXQRSrOe}reo@|}GxsUt2R%<{
zpAU*PsI+M3$VSj~#$AE%ucn7|1Fl&M>xA%ekKrEpzc~r`GbbWub*Ykca99|fcUQ6#
znz&kmW%l4m^qJbJz0<K89>>%ypSlK%r3`#SuSPQ#IskPyu=qRK4(La5t@gdp3ot|(
zx;CwPVxtY}LX<i$!B<CR+H@3-iXo$E2?S=w1IqKs381=Kq_ii-he=z7vh5jN3z4>m
zT1482ZG7D;oAe9_$sYu2*~7!eL^In{@#!u7Xe!d}Hy#4jC%CP9Ko+TjW3{de@blC#
zBPA+xP8Eq69%veCDT}WSN00fy+PJJ%vm5VdUhXH#=yrj*Z6}RBip8>nOTx<<65OFR
zd!e~2bFw=!+0Bt0c{6r!us07SZ_Dr#;tIpjP%FDkS<en}z@yNCFw!2*6mL^+a_vsv
zxw7tbzp7PS21Yb01|A3oJsNq$K{cY&Misu4R`V+CrMQw)hyf-hBdC1t5G787N@`PU
zbvrcOCykGW(>U=(4f{rHRx<NMmGQs!yMFmhyGTzhb9mSS>NS`n4hNN1rzjCWsM$3C
zTX2C|uE^76C$gfv(6px`B9JPKRA_d@mr=pUB84Jo(;T?SepCz&vyDx6J1}<?X}0y#
zX;+&5O9z@|y;doJ=nNgJ#)jqX7WcZa=xP+Sj}NI6dFZ$Rrvsx@9FW}2`P*r7=+kdj
zJw@9h%wI_~C_n$n;5q;nZX$%o6TqFO5hr?f>K?<dRzz7&FGDLd3_Xllo+Y{w;0!@A
zFigZhuU|dGwXndzr##!NQU+L~M8g$)Nt-aQUk>7hC&Ol>0JxA-lHl)AG@#H%riif5
z?K=EM^dFvQz;LZLqYXU4E#{GF;E{_@zp79{(t%TCyF9Vn2aes@ip|k!%0{Niz030N
z$1m^))xl6yFJ`#gnk~yh^oLdz_IbgVJa3_V{18-HhvG7oI*TDE{i&Iv9a$^3<>&Ts
zS-^i7&A*Tzg|yh0<1}IQVio)ov&@9X)1jxMOW}`TY7*+NaLFZ&^&Sh92JXE73v>G7
zhM>M|$7Q43+o#z>Wi#&${rH(D4QVx?0wJWMM~qWlnrOUR>2xPnWgbJPbnz7ZL?!9%
zwe(aco;85}d&k-97w?$KJdYyN)Scm`FxJ-F>65G~DL@LyPmDCxUbqGL(`cRN{8NRN
zQ1X!olMyYwx*n~eFWw!Eof!zV`pe2y10V}5)Andc%2<0RTWs%9EmSZs+BQeAEoS;T
zz#flZ(_Iixc`k>QpJ6B+jB2h!z5>#@jASC27Z!Jufz$fu$`FCWrE|oIQJr6RS15l(
zhP2n5)OaMXiw6j;H5Cstk#qwHip-1o`Urk2D`GI`XZ(&XUge?U+(4>mfKt^rivO~P
ztcjj95>&KrTKP}Jmcr@#ESbB8!$!Eq?x@R0`(X#OfD%7tAGLiloGv4;!cT6Tif~_P
z{69rqXIvA@*9PPY2pR>ii1Z>wdT&XP-ixC2DqTW1^p1c?6BH1TqI9Gtkbp!YMGyiB
zNKHVB0g>K&@eNmf|NEN{`(b8x&YW|e*`4#u8I2zt(9HWc(4;*XAJCpzt^b38huj=v
zrh8nZpf;m`$9*In$qt|-JMausTX;pNZIFjz6(*V&t1?tPUv#RlI43^IeZbqfmLzC-
z=uDy8`S(wHL_M+=w-{RKezLSh?2{b#dI%j{b?|wR+mkq<EpF_a_lmKTkYw8ZVyUU!
zl$0f5w0^F(>V0{6U5=Wl0@CMcZs<rJBJE7#%KtumlOnf+SE{;&R*?~3q)nI2yT|On
zPg-7?>*PLsHr||(=l|%XR;>qWh3BHja_P`%k@njs=~om6Umz-bb2bDvO{5V^YXy(3
z9*HJ3iLeho3`pAeOK3h+xm#1=`*8$XD*;bK=n;9gy}Ra11BQAgpZwC%ek=7n<_SIh
zqF}4qheh*+y)<x-qr&Fx?QFMI129X0aoKX;)8)TmBof;>KGMnsZwZ50#i;ABC#Wsw
zdHmP0;+383lqpGpCw`d;G_M&c6VNrqk~Mmcrlt@vkv~Q{%u6B|U^Kfjg1H0`*+TN+
zNbZNAW38O)OHrtcSDAUhD(_%=T?Pd8OS%>CSAdW#SZ)<i;eVWByhdd0W(8Zq5s$mB
zfPmhO*L1uz`Vt|Y3*aMe1*I_3`d3Eth<fNvhQIOVLJ4xD6=^}oe19}pWSdi=7KVT;
zs2w$Be2#A@;dTPnwk8mumW{lzHf?k1HXXWBqG<o`sw?WSd`$XNUvuzRUTE1X|IGhM
z@B5O>_7?+d0^u9sJcOL^{~_e4H#{?lLN103nHpX5;?bZCya}Ny`jAthY^s{{Pw=Ft
zn60~C=3a;fPb^CzWd+9bWzUVgzHTqnBhmC@w;QlW{Ab1e`p+-_XAeAFb@rO_$=T>^
zlTdhS>x4U6P&y4nfKXf@$iAZ~lP%%~Yz5E=i;D7{*&LFV>D8yTX)}9hq#h4HBb~!`
zP7#pf+u|SVRg=L_c5QF_@xb3JxGCNH^n3diM-jER%E3!MnZZUSPi1&KvY7Ys3gf2p
zgBMIU`}RQp?sUdmF7l;%y^Bb8&65(Jd+JRh*AA0*bADgX%3@@5nHiS2!*iw*Poi*J
ztXLpDt%VcpHT3IpqO~*Udc?w4Nl>%HT&_p=dkQLCqU=H=GCbu^uYOq5?0>%|lnV6T
z0`6%FyLJQi?ko#3vZZ_Py%}fm{lYnnl9%J7oOhj@%YOOOh~KdqCeZ-_%Z&{lrig5#
z-axb8XW0;5_B=R(duW`x@wdVIG5`f)*^F7cGIc*2Q#?*sCN+-|*w@N1;V0+9awyRV
z2~Fu|v5iS7@!4L6x2|;yyL}!zP7fxKqC3Bk0f>6vf1Owg5LvC{A4_6+?V^7Qdqm!O
zY{YQEjZWK^%vgnDi81OXM7jKP;XU#2Ytih_O8zY#bX7aF<KX1EK}pYj?Y^+Mny#>$
zo1mS_JvR#-ZA-V1Z@-$4(fiFq@-4XL5dZy^Z@-FN3bI}DgPeZ^VAp^kFWJ64MPx-D
z-B-%1H^0L|%oE&sZlCyqVz0E7SF28W)|DlXEX>=delXxwykUrLi1!%7T@StpWP$`5
z8TlF{_xfv!1A6RUfcdL0Z|QJxP;d=Aixgp!eK*wPxz^`4JMb%X-`*fsrn+8o<Oe;O
zqLq%xV*@*`<?zW;31!YR+1R0#|5}k6{#W{GI+d-rZzSWaK18>pB#ra2%y>JA$(vVU
zljYX3%Y@JGa{ca4|E|k5AWC^tOMJ>zJ(_7^0(e}A?UgIIqZ;pcn&irRwz&B)JLHm&
zq?;(u+R2?>o0&54=aJOUKFLv_(ULRtoJc{oNqG~{Nqn92kNH`?kmW2u{4XXM8?aJe
z(`toyZa8iv`^EI9ue<h!Wv@Gr%ZyJA3fWtn4GV*CG6D+g?aKCw*jGLSAYJPVjO5p@
zl3(LDAS0ixte%Y;1Aobv0QrOlG@T&}Xo(c6#NBMmthjD;!)=!1#Sx8(Zv400_W3g5
zOSNY+)7&SI`Ak!OJu(SgYMzqo`Pv;)Q*G>`_m8>MzgI3L`g4SwKbutKV#%=H-;S3z
z8v7$I1%x)VUe`a=GCO`B(y<Y+4#36D`snXL%&wW}hsmM5kH7mIwF*a0>j%WAg2H%!
zsJ=-Wgtxv~iyi>6L-c90tIKE><cGxO6VAsZl3Fk6Q@%@wLj+pHikV7G71MFKV4TT+
zm6i5Vd_;hz*-7VCovI6Ux7orbGn^V%B_FW^JNbEg|LFE~GIJ}~LUyeW@<je<bRi`*
zu+zLJYDk0d#s?#y+_Gqbzd~=vA(sY^uCVt9@y|V7nJM4anlK3ZPpT+3u8oSsj`kN#
zozf?%bq)ci;C6<H%K_nj#!d5UitR=K{c3L2exm7m=;u<|<*fMvTG?M)t@R<2?t19P
z?aH(d{q7x^>%+J{E)LXp*a|&pZM!=&FIJ7Cd2Vpyvvs!y0T`~)w9sbFn*FFnVY8F*
zqn)u#K@C-GwLv+fzXh^u{ElVgx%#3I^npQ|<E+-a*rQxu?WREcu%H}&b2D_1YT!Jr
zZg+GJ;!0)wn}to{^@FRpPp}QY;~Mm>q2qN6`A3c4bG$K|rkdEkQ5-n@*Pi;07}q}P
z27-P1)~L0al5t>v*T&bBZ$yva!p_DfsyIRhXS5-XD%P5_%s~AvrP^Ie3+_lvXBPNc
zeiHlhyLMa1&-R0w-B=C-^H9sc%^uuSD7$SnCbKxdJ9W2dGNfa6V<&+~4%n#rRn@%y
zLPmYADpw<P1jn&tU%<6d>5jR}M6a!EpS$-jdDiUInp7^bwF0RyfBvdM80Cgh&o^5d
zrIxkP`n!NE0Z|La(#Zf*Gd5cjn`ZFJhke`Gr4qoCwG6?GSX1Vkht+ScX{;Z21iH7)
zXiySrSLq^V=bb1CqVoA#HB>oeR=3zbhzZFb<>t3Ku2{c3jQbatqcd@boj1q<lUoqo
z4t(@A@jnY|$hs>$pm?uEX|>Yr0yjWxSj5jDXvuqxp-Xi-kQdVG8fG@x6R_Esb=Q5W
z&1*q*Hsif>GFVDtV}yJ5F%SiR<Z-Z>5YqmRpvXbx87?n$*x=BtS$Np)Fq^I@%DS8N
z&l}?!x?Gzu4!T-PiAwe`?~+EQawrvz*j31N4rCy>IR<{u^fzw2OeLepWmq2CRuS{v
z>GgpI2EIE3uE>Q=-*{YG7_@niV_cR>w*L9lepNvF+R$t9UUrttx!?WePdktKJWGA|
zX{0Vu5C;YLlM>2>{=gRL!61V|EwL{Zcldc|wEws)$!mZ5P%zM3l%FS=+|82%kH-}e
zWH}7UPNLHsw{YrC=k@q??664{vonJ)?br0WKRT=D?MI!q6{S$gK4vL3$jkXS0f@*o
ztB@l{3Dze$66ucMA5cKZ_R^y;i2Jd<brnWXb_m`I!6VTZH?eOZ^Dw~mLk99|udOIW
zY{Wp2$*t)g>541ZA8A>Dr}MNfva3EvJBzb<0aI>|`C_D^E>K;0iihX=86Yze{82Rp
z0zwLQ_&+K$n0cGA-Lb%qXT0d5Pb(Yln~%MzkoJ9LsZ0154d5&&;((aEAmahu!@I;I
zr-B7T9`9GdvAvE%8WLZyHC(T|{7Jln1g&`LCqn#?C(Vd^*70)X%;!S?6r@-H<Y)dP
zJson?zp>hlh!q3wA>)oOskQZBv*m@Yw%)egY5`D*K{791ya+4&kt{n!O(I*rx4*IA
z+-H=ES&fN_nT@6up|&d@W}@Kw#)Mr`Klh|Nnq<oTMYdhG*SkuGMJT8r$Hm3Ls;$Gm
z)Kb4vF7#R#5W0{bN&>t;<&z_4VPRcI2tA-7kX}?=3bxQ8zCjg&*gVKe{!?d%mb@m_
z|6AvzIo8sBdq-UMs0=J(YzwU@tXm4vB9exhB+q$?x^mUXXq^1ZlFE5UewRvvyMUYr
zVF0(#KT{S5MG3vx$6#pS@hTFYl}P-DIPP8XI!Nb<4yd>vo)Ro*o|SGA52PoQ-p>a+
zS;p0*E6)NV8r~)~H?BAY9yoHcZ-OWnCDu-3Cep^}KgBtHslw@v?$q_1wZ%<5(>DQY
zv(9NdNU~fky%O()$^7>gI_WpWsM*07%o-n$2(+=sd@_?5hyiDmiDcSQ=VffPb$&qk
zN`jU#nHjW~YSI2dc)vGwXt{ED%6(|P2<@Z>S8J63W^`??XS0pPqlzv0UTMnVgKUKp
zfR^@OQ8}J=!~<MJ+coSE5x>p`CBy0VIGQ=_NHGz!I7q|b4Vk{O;t{8~MgYP-Tfz``
z1aq2?Zui4^oW&i$IOh)GZI%#*F}%d~3mE{rPqs1(Pr5K1R6N3+dO3pO>yo|Zx8rqm
z!QoK+U!^EUN#cN#Gqo78@eWLVn&yCdUdFI-bU|Z$KJ$(izifH~T*f?xKs5o=%Pw;X
z!~3pSIpg!^MFaR4E?-c~<Ro5*jN)8^fSpKb;4cK<{-eX60TgEJ^`Dmon(D9;I(YmM
zDir=6y5VkYg@ESuA#d|PF#0|n>-agQ;T~p~+<gKrd`0AEDjP^Aqxf&fZj)EV0x_Co
zr1am2boc7Z!>)#ItJQfU6QPxP)wMdU!pim!dB-qB*LgCP2_{MBr!iE3Jqe0r>pvrD
z!5i7=P4dv}0u6V;XvK?xuPU(2BPA;#+NRlsSI71<y4K`*5)a5U<fmL|dlV>RN%>`K
zs_)zUX?~PKHmXvU;18O&$WE8}3HP`^lQUA3+|4`R!u+9^GIo0bw=UqlI&Kd1<|l&h
z2ZwA}91j^PfmXh?$o`CC&{h94F^6+SN?&#7998prK4y{Wu(&(++<NNP^mCkshakgs
zY(7Y_FITp9(2UQ6mE=0n!^VW*pDS?+mR%KF@_s*_k_hD!&b_~3<k{WntDkN?<4djQ
zB}mhgL9!3I>;_7;2245;U*vils`ZS_eiT=Je?Leb86%KE%J$MoRkQ20+eb_!ot65Q
zv`fPzPn_rOZ%mESHY9VQuHT#eDsJ$?+q$ze4JjcwtYnsD>NRFP;R%})+|O_Cp+JlT
z&3x)?(_}i1neyC>>iyt{mFJ_SD~LEd6qAy=evyi*gLHscN0mAJQP!Qmy~NR<v+4ID
zZ&S39=xUBG)Qm!A-n}oo{iCe}IgJyJ%t|2>B@RLZBELp!qg8Z^I)Ydn>3%@K(sY(y
z+jZ*M3R*m<;afDRv&0B(Nf#{L`6;%w=(FIx%3G~uxu-5&yQ#0Rqmt{5MPZWW2&ElU
z1P*p8?Qp*#|M;V8iviv=&$djiyx<ze$;TxrfEU_Eas2?ZH<l8PVRPU+c?+n5Ubt`p
z@AL@xAew=z$&n5e5n$K7IS!PEU71IP_R1j2^hI_4iDjL12a4rF6Jo9*>eUpNUZ-M6
z20p6%9TO!=7k%+$gn>{JO+6~j>{97bnLK8T_rIAq=7RUr_R(5I5p^5&7g1-u2;Jn8
z#|rCj-pi~70uR9ZmRs0nh@z;A7uxAq^%GHBy=!52agkAGs`cY(=}EnC@i&q!h5}2S
zq5k=!@guUmhQ<2a5vw)EM&r)yavZ3{w6Re($1i@WN;}G|nAf~pCSSqE1~V~dyaQ7B
zV(PNum>aK7?z#PFX9mh_8#lB<WTwIvR>u?zJU2TIP=0&ZlIfM_8-kCPXUz~wh6Qz-
zd&`a6d&{Swt@E3dT2=_kp$|^dHA~S59?@sn6Us(alU;9ZC2|}f=>=RJAbsmnjj$BR
zd84RkJsh;h2H;l|EH$Q<%rvGC>Xn%iC9yYQBJM^TMHz^S8kEvgo45+F#YoU}nYsT4
z(P`C**yx^NIyu#nO7zbY3P?;2NSShITlSK`2jO3NEI66%ZBC~I1%?GLd~e*A=woI-
zYU>IXT)kO{WIigXX1xG4k?>l*A5?2y>4Ai1P+uZ{VTp`tD2nJ4_IjJJ{9U3;mGw51
z-!CR2H~w-f^)UQ04?V<O>7Brt8`?G5Vxb@8No*8UoO#|oSiZtql%<dNYYX4ySqB1J
z?TEVzq@l3v#7-cy?9*CX>?dfqH^L23C%yT8c%onk+tgw3su+0vP2#~$-^8-06P5K;
z+~K&4fMODk;Efu-SGodWowz4cS)@PWI2NNq+kaeSE&a?Xg$nqk?T2w#Vg8A$E^F8f
zZ5z;ICedF2-C#Ik&KmlJJ1C+-OlI8*<v+!NUB)Rg)}lREQn|wXmtPA=Xw+8kn{6Cz
z6M|BiNE6C9)LqH+qwV?usdAX<-0RIfYeZgvNJY4~(tAxd%l!OZh-!~`r_&NA^N4wi
zO+N`}g<z3`Hwrg7I_n*}VM>}q@9%DRB_I0K1j!7SK^#~yFXT3Y1a5}iWgJt*DeT4g
zSHxZpHq>d<Z|pDwR#3C2l3p5!4<xB$`G)HH0io@~68IyM{y`YqH<p6^raeN?!hM9&
z`nn2fh+0S;vl|nRs|bIaC|mb7h3J%>9xRxq8J(Qr1Abo>Hjv`f3j{4Eevt^1UPhAe
z8*bnM;>FMq8wKJ4?D<m4oImExA28!fmdfGuwq!e>lc9F~K#xLVlacJ;oCl^gXP0;y
zwSDA1YOA=6aW>wS4_UB$8Z@%7lBbK`=Ff%V&rnv+$1^}0>t6c!)67*IrcMiOV_9pB
zcYq9wF4cL}b9#B0mv%Opv12@0*=<Z#8w9UkM{E%<{!Atmv57tiCmm=_adyQQUGh3r
zSkll9Z={(Jll`V52DGJxU~@Tg&3!nk<mwKsK#hrv_`{a(TN(T9N$e0xj<gm(Kr>~f
zGlAB4zrD4Ws7<{GwtGMn@uvxTYO@Wi*acgCo>Z@Axei2y1)m134%Ci~x-VR=L-`rt
z?S+0)F>h^-n|Up}s%oSCQ3w%HoIjgeSl~*F{dUCHw&$VmE`)WGkuGg@1GO3zyXgM|
D8Xpip

literal 0
HcmV?d00001

diff --git a/scripts/automation/Radius/images/task_running.png b/scripts/automation/Radius/images/task_running.png
new file mode 100644
index 0000000000000000000000000000000000000000..d3ad316c15b2127ae6df0e0999bdc3fe409de4fa
GIT binary patch
literal 124372
zcmZ^~17My@_Bb3iXly%;-Pl%R+cq1!vF)UdZQD*7+qSLm&Aq$(yZ`Ne$t3UOnP=wA
z!5qy=h^(|IEHoB05D*ZoxR{VU5D*w15D<tz<R`$Bw#cD)ARy>pW`csU;(~$%vi3H{
zW|l@kKw=>Yi4d}Ji)cRQ?***t0_5@nHd7iv6h9#lqTyHskO<-tK=?Z&smnXn5fFi~
zo2O7TKNGMBp?nVW30(zOLz!`^((SqO(uHh!-fLq$H?$sS-RHfJ=e!@s0U|ey6pIHL
z0gk2|MG1OnWcu~X0HaaP2l&V*;H8#r1qP9djSYx^vE-fh90KTTo=vKB-_!m1yV8#9
z3k)rgEPc0KD~vT|H(B&;JQb1&h)=P=2?rIUu)<0ty;L|#@I@Jgbn@mTMP%A0-87FL
zAs$e6O!<W&oM<`_kQ!_iQ*|Sh7|s<)08IdwFT!S#o0h!7v<oD@$O6J8A|V%Q7Uq2t
z8<ck#CRxPLCW)A9ev(<2J2ayZMSA-CHQQT5ZoZhY!vS$vI{6(ee=Ur?@%Omtmptn5
z&oHS*z&1<XsmP@5n>C|j7r`k;cmvZq&8(#Kx{2H1YnEo|-<%hyubEl}Ow`iRh{jOq
z?sUf(MY)nxVsU8e$gUQr9-2b*VrtS!gCWy*!*^ug+413vw5XwC<|fde8Ygyd6Ynxp
zFO$5$Ef3d5d+Bw|&eNNo9tGw!N5jd@thm|>=F?>wXLRBZX~#$<pc0?16+Ck9!b@cj
z*S_rtjGw|LX6hjg(77b?lUIIH?nI{drKtoWh|9`gpA8UAB^RX@6B{+GjGpf^sr;c?
z^9V!rnF<>yf9+^g$we~D%OBx&Dc$NwnkhysdM-Ue5@_S=Rr^lDo@F!04ptH9@3%-Q
zM3b?F-wNIsd|=f+pA>yQ{RR%~L@AnpV*_U00Ds{_fCQb?#oX`{iiYmh1y=>1^9PXy
ztM|jr1~~zT;G<y!iS$LY{iF$$)aCU1v$a2jE<(5ux-L#DL>vOxCIPh24@CkgF?dGb
zQi3l#Ag=ttvXCgSeF9L?2(f%6*|4&RiXcjS&p$a1&<{`?ft#Uk`R}s{O<~+XJp<+F
zG4s2QDtRp7nDo$2;Dfp(H^JC&$A4UJj@hzn!r}*}ZGOIRdSKy#?C>Fz1ripRlv5{H
zKtbO1g%;?`-jdUw!BQkFhEa+z7pnW&EXykAUzk)VV@jPGYMd=KDQ&9b$d(!=En2~k
zo<sG!?!efQ?CFaeBzNRn;7{Ed`Y#xwFxbdH#5+qnQFMptgXqZ^lIR;4h?DPCsS_ia
zJC_VRt0osnP9!WDoLTFkmLpGl;0(xY+0voM!S=&HciY*fG=i+quIR0}YVulx-6P6$
zTWpnGtUX|~B4h>8^~`TiY(8I3T*QH~`{8xPAP8+B+CyqULO@vsU<V*}lgMS7@;QD9
zM2rhQ4%zJ$*&^K%+|ob_$(6Dvpdo@1I~Lo`&B>+8C7dFw23br#;nx;OjAo6q7(Cr^
z-)TUB7S7rd3HfO#&!TWdj!qFpfp1jEXv}DdnK`PSB9UU8;+3LO4W`DemUzOrsJY0v
zxLwU^s56YXbF<5}!)9->L%AzGv>KBZT`;UM3^7zNj6O0yqLYBH)Jbtb<w9|Ra)k;<
zuBnKT|ErKg5uP%s+1D-FErdg$X9~vDQXQ!**g0TM5L-o2wpK1&c2v1kk*kDFOmy=0
z(9#Xs^Ybf)r_Y<3xK>DBugX&HOyNw$4Zmw<bsD2ilWddtWBrv0YG7!RMD;LB0$PG-
zv8j^5tZ*@v;(ejEyeE4U%Y+%;ckRtqgX^=BF7tkKLUXEFxI(8AsX~jw=fbd=??pO_
z-bMWLw$ox$<g;uA4Ef@-j*}>+iRPK}9^<lxl^7J^_9A2knvzl@Dw4nIbV@`m<d^w4
zH92Kk#Ghl}<bsNjD-?>Se=?Pq6t&2HPq6ks^W^r!Q=pTxDbP+@gYX1>6?=_%qIt^s
zH2lfZU(^4Se^4Nbph}Npk9m)Vh$?ZuT=k@Nj<&(V!W`RV<J3bSl%>825&fdo6e~W{
zx?a1j*X;{uzM(>*S)!T$VKn9{btm;iY2QggQ@LySBg-}IwGCQ58U-2z4W25c>XX`@
zTD@9(6=VIDx{~^8b-t>*Mn#=<otKq?eow=qfx~>FdCPC-9IK#H6;5}~Dy^K=<hF9p
zQqP1}+%FNBqtwRQcAadEoTW}|+ZRKV;|$Z6$=g}d`O-tux6(PEVbCtnaWv^qN>4}a
z*3P*Ox@|+87WWwsig$<Y%A7s7^0)gPICt*Cjd~^YagE#T8*I^AvK-$xHV>+na#oRd
z54Y707Ps>@P|uV$Zx=L{IlEfA+*bzXO!8z}==$f^zo(t!)^ntdlp91nFFu#u9p8{W
z2R*4g@IukUAwbm91fW0Bth8U~Wou{CSCT@4Rr%LLa6_{|O2hNCLAH>)$nE|rAWS4I
z5oi`D`Z*$aEVv%j6l4YEj$n;J3w0hG9ifUOhki*o#Z*mVPe06M?lg02I%~@BXaPg}
zg=kN9v{%2Pj}tA5x=KsF(onakYw9FVC8>y3Qq9@9>BN5gYP%|VVQ}GTfi9gun%RUX
z5?2M4b^LbYY^Qyr=~BYgz{A7~>RqkX!9)DT)X$;&E}%+izPGwJ2?U=1$A(j^&D2^h
z{1E>T^U%5ikwU8cWl>d8K>&2Op`J;qh`O_S)}W9g0oJ$g-_~PzXz$SRhkY0mjcbjk
zqJI`@=#xM4Gsf@6Dy7`o3HOF>FJ3KnpPb=rr%SO<*ta=&YlmnLX)RVsSj;{t36`jp
z+*kO{^_Cr~mejC#pAK?lIn^D99LLSSr<%m5#NJyA?gZ9*+`c$H_V7Nu{FWt9AfRom
znKav8!=L1Z_BvTKY%`nBxB1c9Z6S;%Y$U7`+SE7iRsB-*QgEKO&3bQHwOnmN<y>NW
z+{rR;RY!V7+C<v3jBag1YZQ-`*uGrlF)+)RR^7%K!b!>rF#<ZQ@%`{@srgt^SikR7
z;(j=vvaVQ43E%nJ`TpE)dAd=>(`IsQ;u-Au?CgGVU9(I_%NfX>;J9<z9}%L(%lJ+6
zyV$Ml<j)G`?$oZO=%sOv=jLX&x+fY~TmM|WlZ)7%Hc_sqT9#CnGn-$msJP&wq@r2x
zNY5jk4DSZG11SU8G6xxj9OB$+3oy+4U!xjG>S5|d8tyW#IA<sKW}L5T7Y|dJ)J-TS
zC^J{>BVB0USMINy_Q{rnPwD7LG%?Op*Dg2oXZkcU!Z_S%A9b4T7oV^CXqD$5sm4{t
zHJw`Bj<BxPN1R%Y$5!iC$-L`cZw;fgWUgVKvCG=v+N?Z3KaJnE-03tPx?W$=+?5?S
zfZE){2Eebh)$ELKXsxYIx>MY1uTM1dKI*Otj`nnm+D8rJm2j88jU6=P^S5->2xbbd
z$_Qj}VeG+mJaBK{(-A+)P{@pAn(>ri*I{up?QzdNdt6?}p#MUTqx<|8{ho7_uvvoa
z-Tb=9jmOM$rT+5toVL|KX=Aar*m|4{nd$PvbNjjz)Ez~MZ^6sJ>*N{v@?vS<hrW_@
zRUx9Y-2Uk8{=j|v{2ftrGzAY_cF=Eo8`wnw6o?cH$ea$Sw~wjjrk0QC`u(f#doR=V
zUF`y}>@*zT0|yYuD$qiZDYsz^VkTBl_X?1u6^&Mn!}(1(4=HdyP;@g5NU0iVUaivx
zJ|k1dd)}G1IYGn|>nok-39wJ~w{PD7POH9=s<^R~6c8n#4+#VUj06M<=m7)1fr89{
z!2aq30et~{0s(=>1_D6<K9K-Fve_X29tFe82K{#*#Q)<(eg#2salog7fxVHDwS%dR
z;}YNMSAe6;W2UI;s4Df1!@$OhR?pBz--y=5%JyRl5SI%FplfC1s7K&pWohle;lfSy
z*Bcyw{>NiFB7(nOakStjQk9Y=5VWy3B4DAVr==(2fhHgz;IcO~=8zW>`PX#7U))5d
zj*hk*badapf2aM<L~CPjLdU?)&Q3?qNXN)X19*eR!PVMP&xOX?f%xx5{=JTnk%NJ~
znXRLljWxl?x_bIHPLA9}L?3|u^Y!;Wja<zB50bURzt938NcS;9$3RO@_rIn&ni>E9
zO#2x5d)i-k{SA)mV=)d{GZ!OEH6b%A09657<6-&A#Pt`LKSus<qkqp-axk(Nw6OwA
zbmaLzw)|`IKL`JN;$I+D{|_VsJ@eOp!u-e3Kc;@*z#(IA1^}n`K|~$~F1kOS{p)=$
zx(^EfgW`X)^RK4>e)2$b(fvm@c%a*IlJbFo_<+QP_!V7%Pck6VQH1XXylZ?*iJ<Y=
zY1lD<fxCo0p@L?c0Lk&U#SvWa)_f0S`UysyJb4W^BM6QL2FmV|87j6!N+ygL-`c`-
zT`|wSIz2tj&4g|I-T7|*IVI!ls92?<JtJSc!)>=nE+-J*yhy!{(tNh~hei1-6PC$W
z{=lbnXE&!srDn9Kux52Ctvg`}=Q#AD@Dr+|CumB#)XWtbkjpQ!zbyvK(JO#C5v}8Z
zpyC-o?v~B;tiznuq{)egqVihfM*VWx59JhZIfurhB8Brry^ajm9uUY+nh?aP3a&{K
zpVEiLxvS!tZ>mNHWz+;eb%+xn`M!3%`JJ3lTaFKR2Qj@xaJ%1abozoCBSwkxe&*J9
zDO9WZLfc-;Y2Ee;XXH_6U`&}nbyp&ZC6`P!Dy~hf3$0$D;R&9A9#%do2y#iX;VeC%
zPB!tXD$alp70nlmT)8ftvx-;tc<NgAOr%$n#B|lKzBZ_XvK~k)tky6{E#WFWDLqWi
z4YuVZtq#SOktNbL=TTJ}R_d1+A<T0f-I=-Ca=8?rRQXUsSE*6<{MyAtTjzYb<b6I_
z0*~jmW0&qYHI$c?_<96WU#DwTGeVUdzaWYF-LuM~Kb=ID9^?mm!DshZv~LE9M8HS{
zz5yiBS<6M-6_y&jRbPKMf@_Rm9#_TF9dQY3HPm?umr?B|z=8;SN<%ZVro>uP&p8p(
zB%b>vh6%G=NBbbK9qz>0ZT2PUFVB@N)Hy&z;`3VjiN|cBHmrFSq(m!H^&^uOVfFP#
z^I;Np9yf&Jn6kuyi4iD+*lW~!>C>nrdkn3~iQnC!?k&_<>LW)xB<<Vi<L6YDu9o!}
zkqFboQ>l#iMiVjM0;I$0OZ*dRPK~}t($l9ZU=lu%e>DVrkQgso)LI1t=E#Nl?decI
zaT?QSXk~247``Fo=;KLxRg87g3RGq>5s*6b`L0>e3I$?HX~wjqFTNyk)*&}25#J3Y
ztIu2-BCf=<*&tDFnMq{kekH2m;HW}CMFS*D0K~dM!}&^bvnzL)RDwWzKKvFdLIsx;
zIx>L_#y9+nlx(|)t3uY-lr|#Xk>)y!O1mDnlcjdtj@Nn}D)q7@vqFUqo>XQV-^8-z
zJyA{j-8$`|p;^ZIK(Nptpo*Vco1^MtK43_RK9h*#C#SN**wsYLEQwq(!^`&}t=&h~
zNkdjh1Ru<r66M3ep;Ro?rOZS-j!)@$tA>|E^9(uFXvlUxRcAYIb&zdq=2_jN>v-|g
zqBP$%Npbj^Bb4-+uK#e>A~~VglN2%2-eb7`mA=N0gsjtod<dRCO%#L#A;M=CQnz&A
zdXBt0!tK{#|0_v!IG778$+nzP8qyD+1<a|bsc%kP9k@J*w<%vlf*u`sf2<!1M`d!y
z$d?n{y}AK$&f;X04Oa-c?WU5e)bT_<6>pCSk8Fxd2~Y4Op+;SHx#){n{aD<4DZ{wR
zNuVr#T0Nqoe4JeBdL@ya0b3b2bLW0!A25hX!FP4mYLxn5Zr``g(|Y5Mgr?oF+;Xiz
zW*hz;wUL&x<>PP_ZtGj73^08{f_*c_^t8KUn#6i0cqkMI-w}7MP^mN)Go`#<`JXNv
z!IPWAB^6z7f@BvRb=b1vQf-U*rzvbr_U!5Lcbt)DnqcoXCBKhjohd71t|Nnmoqt{r
zCM1rkXjC^;{3ZheC;95@!Zili)#!ad0MCYEB$!w>Ih3l6k^OPl?wv`+I%Q9DMfO!G
zBT<>gF1paUSankrSZFBF#Mmz)wY!}ct5NcFFMDCd68W`D;%5?>Uo`u*Rw1O4Xf4I0
z&*R)R3CC~UC&A_}(aCU(tpZ%Q&M!AqQ&h^`N^P|K$Nf%qZdvKa14By1rqf1>;*YSR
z-cMM#OIbw;G1b;1%&*VvcqA#;Omn*{EHt(30y(=$9{u8%lMqZq#^`Oz<*NDn6dS9i
zR{<u3S*DU=TGA=2UNmgGMp#f7VBtFMkB=<FS7~4X$rH;Kf?U9VygT)yRO-xP1TUj4
z)fAt{&qqKOBY=Xs;GlZ*e|joWsC1lVU1)wb8JIXapA)zuSz<iwQ=vcEOT&qP*LRHe
zMAmU(r!^O4<`N?i4>^pE)dp_4dke2gW9BQLhtDdCgrLBCb>vlZ<<HGr@V`mtR>!0`
zuJ@p~V40zZZ@ru2#Be*dwbH7`{%U!koXdAO)#Pn=WRd@(#reJeOF?eM#;>P7L=B6S
zl2YX0fyYdplvv&lqv0nzgJ*Fcu-I52ZxE7QJ);~6U|?<cybS`<;830{cxH>)Zi)g$
zr<bqhGZ?XClZmui&H6`a)7|0lfs_1q;+Zbga<K4>?!p;MbyepL{-&`pzUf@Av0tG>
z#|TwmdoGHjCe8(SDHAq1n<c4;jU?R`n_Zd4&leUI4SEk4_Bd2NPHwc1o{#M_i(;Zi
z%<{lskIlzvB^L$@*HEXBPbrS&lShos!qXHZScF=LfbY|DM92?(?M$fnmO@dZa<X=f
zTs&X+^L2bei2=v?-C31t`~KPPMJSSy>!DUAVp>|T`2KrYIKygwiER+>oF3v<nJ#rT
zo>^l+e9a!~u$G6}_d%Wl;Xo}6#xmEtLQIZgCFO0W8IzMjL}NM3Px`qd4J_0o7gSxv
z4QhO4Vy?#*aL@HIDseOh0U)<ng3=@%Fv|$s2AJ)7gWIf7@od0NEL(NG3eK&L`I>(r
zLg3r&90<c%u4tnbl^dxCwt32eM0!T-+e;|B@GP`d8<2_u0bFv)AE?qhJ>6w0W9#*q
zxNlbj24;)a{=fxKdS_2R?aElSN*~<b;rilWfNWG=Mn`2*lWuUBl@~0?B$$wYizb*b
zo8Mn#$rg$%CD!KRx5nnq7`@k)Vc9kv?sv>7!sY5<hK);at`qX>OHsuq#5O5?$cN*>
z$t8qn2X$7~={|aT=NYYNLgKrpyz&m-CmAv&t?6;I9K({IU#`MBDK(&5Ujum*d+X@G
z12p>IjRe>C*O^!^<%G3m^r`B|msNgUf3a*7MEY`tXXf++spxhE>aaPLP*UP+5)$9S
zz##Kk>7EbOnrbrBduO$LQIN_U6Bp;dWd3c$DCxFGMaL`T7y?$PsW$t%_bh8BKD9VJ
ze(ap+ldne5iYXfQbA!9xc++WZt=sK!5GHzmWcz0=x>h#oRg`Sy@@C`gJH&Hf2BhFB
z-N&iC#`jHc)tZ!JI%(H2&5m4+?=Q9AqwZpa7=#v*=+J0?8)6+kGIL;bQLoZ+uyRK{
zJxGB-N&0jsBj5d&WdK-;-Y>e21V|c^<^b&;9SpYfCYKrx|CJo&UCj_zo3IW&XkPHQ
z`o`26M{!Muq$^Ikb{S<oWshL_mGec3D%=*ZT$4SjW?BBi*Th;ycpi;flv!zZae(|^
z*8o&%+xLPLUxK`8x-hWxuhL?N=^8<_VlY8{=FJnTXqV2>Fa7j^s>7<+!8}_~KRx5W
z`~6ht35+ORgsv?gLQ6q=1V`!>Ac-~w3q2Ylvk#Z~RTuO0!4W<r#Oz7p5V$XC0w3z1
z1w=W=AEv1it|i*@QvDYe-iHNUZMi2ne?XimbcU|CTnw+R{hFIskR$MTRhZ3%+q+Dt
zg^4?7eBMcsKt;Hkqt92!D9_Rn22&I*91glAuB&B8{$tdSa1FZuYLm>NP7h;iY@=3n
zT6j;HnYj>ykweSYmu05AC|qIbF@wY6sZ_H(f64JcOf7=Y+xvn?A;85<_11H{?!ruo
z<RPzi_QHeyv%?RtP=7wNgHcXRhd$pxr@s&(LZr8zzdLt1An%7bCc|@*{qmO|p$tMn
zL9x)`-BI%7et+V-BVOBQ?MQz^1-C7zh()8(AnbW7;(ht6ukgCy=wg3QcXwE6q0J%*
zn$i_y;M!wwsU6#)UDb~l?nLwyYgQ4$El*iwc+Vt;5OInDy&|xL?i{pdo1f!0_6t5{
zpkA*Tz2V4Ry_H7ot4Qi44X$@iX|LSFIy`o*mV8q05BfVbe@QH(({%@Q4_}^DI))Jp
z5m*MVVC_KaW7*FPi5OO~uSh1{W(-CUev(+#8CQ%EV4>kaoHxROv3?&mgCG-(XtkX9
zG^{{69$>Dc8^I2mP}U6`Myz@!-%96<-zN?ru-2_oSp#>(bA?5y!=H|E%Y8{;w|fRV
zR`Ag4xXl~+X7*<*I!=0CnzFhpjLS{u+i~q@;&X!{@dogNqKKH8QD=)Ye+8;2`qJ$;
z8awiZLU2E822PjE2Zv4Bp&mIWh~y~>sbk)vt9T0Mvh<N40B_@j=F8h<8dM$a<U80M
z9p!^g1B`=MHU=cyDy=~iI7b52Cnq&<fUNl;2k*YcY)ECh35)TC!{f<Zax;{-9Wh#}
z#K{jL#clF4hF<E0gyvOh!73GMwV)l%l$S}RP&|`7<o5bTZ=!DDP6~s&QzwW(n1wIf
zk(Zau6?QZp#j!Yu(}MJ~qm(K2xkmOC$0_Y^%}l7%&HuHF07#)`C6N|V5lRh#F}*r~
zj6(?!EWHx*&*Wl>i)|EpamQq2l+{ri_xN||tu8SyH0p6XQ;hW4bR2H08{R=fkx($;
zUU9Z|N2k%ROUs;XwW>!vh1HA)_{s=}2Kd;)H9=8@I8dcZJ8MY_h_=A3eED!1^+^zp
zt)>p|Ff7!}BI74y-t>h!ivb+m66!o`M=U5NPXrTyRE33?E0~6%C}QcYls$_0d?zBj
zw3mPt0(YOl0>YIgxr~_84%n~ww`_t>K<+6oD|6RztRYo3W+bwEkb|E7^WG_(Cs6Yn
zg<Yh`(%V~#!78S9Q^s1CUplYZ*8(WAKHLobFS@J*y_&xh8I;*Qz!o~~;=qP6fSXi$
z-8#q(Ocz%4iTHZ_aceIPS=vvZx7)PjZ~I%c;$=W4AqSgmJbvx&di~`E191Ag`N|6t
ztP9deNR2?}n2LXYlWczLt~6NeC6>h+FPO?U*uqsa7Xl%Xm4J%x)fk8^tcl0NEB?!~
zBtd`xxp4^wRSYHZ4Iu1<^X$ffru<9k0ASIiHJqBpH~zI{vFxu%*_-^4SURBb{SHYS
zqQsp#6_b#5ydUQog$nqwY4a}5zu`om8>KY-Z&xZA%C=CL0o23^KrUbqqg|Ey$q{m@
z(_JX(e+MjoMJ_BLU%4O=oFOd>z*!}keWz@Bl0M;vU6GJmoYF`*#|wjq1K6WXP%mC^
zLt@VIp%G;Tz;@R3Ti?kEQB`T6lEJ2=%QVMVHlY7y&HlD&|M`tV3f%8PE|CgY39ym>
zZU_QCfk6m3EB~V8e@OaQhg<@%HxyE-;g10Ej|NG|*CPlCXZ;^Y|Lg#uV&R3xeld#q
zw~_tlXaGX+>cxgm@Mh8O#-+>X1o(svP_?$m{*82U>tey4zr5=(_?%#I$b`t=MYC9k
zfpb@Y#w~4ffIt$`D|4W-xP$1Sl?2f1*SeL+B8}!cnyQ_uy?u^9@aLOC1i&GXlHrDr
zt8Tk^eqAy-)Ee{s@?BT$%s$*SomcM1mm-e6sMm$hg7aKO*xbLMYQOtQO4x*DwpBD@
zmCPAw$oq^&@%GZZx+mbwBUm-^|3N@LkRQadqjP@U6c#iY+$LyT{{6ZuKEufj-{YKA
z4%KX?U``9hy15>lG7{_z=iJ+VcbJ$Tnt?Kt{y|RyUq~=$8<$FVBvq=oO%RHrr{Ccc
z4WBp{=D5Js?rpl#;Uo2Rv+@TImhs<G91yoyv+rb%Jc`*#cJ4--Ff!*L6dY7^4MmE1
z;=9TllvJ40ckUitn~i-v;=Zhz4S&YQlZ$2%O9{`!aG48AW?nCm988a3wQdAy+knEa
z*Po^9ln*ptxSa`X4gQ+&?&k+5I9WHe?hWxO0EU6H&tsE`EZonKOY}e3O@ie6f{EAq
zKFe_?k`7TbeLO>SXj<<E;a_ck`x6sivCCk>#&J01z4qiWImVv!Y48H>u=V-PzX{1e
z0F8k|)0Wm)yQLck=}O|9CpnfCy=RKkTu|6v=d56#`7Nw`O!Sx39#q?Ce$s_tM|l?^
zPVuS%>)qu27-oo(H@41K5fmBX8{FS`7OaQH$PURrekNU>b^~x}<*~@jl*FW&tG`ZO
z!{0*mOT-Ke==NNWY;k^3Xf`OOJ19b&u2Qxa;Y|r^@HB6X)IaHPH;uO2{Ay_Shq(KK
zkw)|O_|x?FP;pPMq$OnhsB<mx3k+?K>)yg_M2~D0#WrThhOf1*b6l$^3SijYKl;&2
zez`j9vQcgv^F#GMv>eqM8qQAk5+4tv8Tq&xv>#^n%w*thQu5|3NYC}S(##=y+A2Z8
z$7$L?5c3<$>jK{*G!9${wj^fp<@T4cW#a4YbB2pI3#W7VFi|mJMQA#G&NKCJ_;nB%
zNx4kS>c+!@bJ#Z(`!DV661>*V{au=x#DB<`7!e3u+X|7TR$p4o;eARbgkI(+@FIz}
zS8wCdBvqDQKiF@64joKH-`A5W3-IqGDyH}h^rw%q^V7kRX{D=Tt>LL%(_8cy9W1xd
zeR^UgpmNtXRFl5?oVJ&%Lz1Fzs^-on4|nz_T=HEo4<7t26PH0#zqx?|)YS`U(0VNS
z3-f)l7}R7nLGR~wOymi;UJ1xvsloZmNS|`!QgGCYjjHeNpSTIao3}4<FBULnzk_iF
zq6f9%u_pRfPX}>@;#bJw5mbBLI*($#x3y5WocvmFo}Qr9fUTnk_5H-9fFU*w7qa}{
zIxm_F%&^ew1qMFTI=Na8>4jJ$B@^mU7~w>Ai@>q^`|rG-GJR6hOSqY*!91o(b486B
zZ5p&6Qw8s1oc>*;WdjV^$M9_<$42Vkda{`nZV961JnYnyHqkPsILx~kaZ7?b<%jj_
z)~TtME!H2pR-EHiW<n5eJ{L*A)|uY+&}Z09b58E%sDwt?1>^k>#Y@ftg15^c`?U)?
zRLV$MkrGPGXY>mG=j>A+1|dIx(?9j--+dAq-!Qs%jK#%8^#kxbptw8w8omF<8KC)P
zufR-Q$R7>(U_ZRJ|7rwgP(sP@OlHfYfeB#1A)qnSWhCat8GkNAD&~U+PYRi(1jw}h
z_g46-k+U}m7o+Hx0l~%}wgxaWFbFANqWHrF`mY8Eh;zqMn8+5F2k-u;#fV1$p4c>S
zeM2fvn~nVwG7uCAp|4k43n3>bwpRzfSprq=7d_;#0&!O!-9>ABmiM!u2FOv?BE0NN
z3OvX148K|=9I&|3Q_9R5zq<cM0|-hL%9cZlD#D{YY*KICE_>Dt&xl-B*<XOxm50|E
zXD$L0eU65GM6kNPBswUl?@xT7`LcK18o*^)<YP>-JXxmB8c&dAg4~p3NkkyzWW&*k
zWOlG5tLsNh@jL#U9GeEjjR!KI(x2hN^?0oga50594|TcwgfdkQW7l`nfwOi?f-7Ez
z9?n*;aYsnxTX0YfiT>n85n(i4PtThFK&9@O^vX<~*$Nh$(~)AW=_H6&vtx(`u5*`0
zy-ojQj_72wF!pn~e9bB6t)s%c*ZvEXnHl2?sF+e<_)I*?EwKDdGh;<(g}%ZIl|x%f
z7S*4uB|)GAVZg?#zQ+}LH(`{!4==W3=AzbV$4O(cnp)Dp=@04|fZH5nt}qa+!?#^U
z_qUrRo$n2E(%gM=@YhB%qtq_+;Ar56LeDDcw=Oi2nq%-tasuH!pAfXpgviuHP51l!
z2ZBIQy(xU(0)rxWal2<H#sw!zTDHA)%EN0U`0meEFE0o1EpB_KA8Zc}@E`8|y!9;l
zMbdYQf}`rCgwMk8H_`*W<$GvvjGvS`2g0vyeD-Ud<(AtF`{N5;iHr^yZC!F#5%2T%
zaG3843JS92%C1r;^=`kr+umHzH6Hje#mJGtBCoCb;&=lRWd?gu_42W&q50VNf1U~w
zmXC}<X_ixtU=$Ty-_a|N5REL@>1xY&x~JP?boA|>&8)et=e`Ov^>N-xT+VT6;RFd(
zyPE~Mm&2(i)!2-n8p<`_?{i=KS%cbpZtjjN&(ao6XNj9P`2(Df7pcC0(6zrZyfHpN
zW2}GPp9m{T*Z2~}de9a9tMp3;&V~MPICZJ&*UtrWrjeT7MvmvPzVX`@wlnM6n0V5S
zA@<+sik#UgdxZY9cmSvR7p~qlU69@GgX_WMJ5ni6_7-?NRRQx!HB?p$i*5JqX^h-9
z$^2`U=N;yn`#JagYjsX~vB`S7XXDG&NZ86l<@X*@w&#^k3tkU~5AE#1=DfRGgGD?u
zW-nwokCz0LuX}y9rB#iuqt0wi{NN8!!ivn6`z1D>D2aRV1SF&tm#dY=qy?5$1&c87
zqEXMbgBnn`8k&(ap#?wXdKA8@x!=8nwo-O<#+Bobs8W$vIrkM4T>q&*NJxNHdU`%F
zw{BrExBePHMc+R5r{vRXazw49hs_*E-%f@m+qi$)n7Agq7lMn#=M3x-joeNRM73Rq
zSl92*(9*)D5((07bJGJzR;n){H#aUSr6S+s)h_d+tE=na&`?(hGFhedDu?6gQk_@?
z{4SNUh<0D#pxAQ6F(VdV9Y}>9)o@<IKzYU8#;`rC?UEUDmD970SVC|(;L2-uHCo^1
zAfo}Un(T+Adz<!y2W4}PmD+>aCKn!11%;fS=r9bfw$a>0fr{XHq|)z3X$~H(Ml|<3
zT)tZcO3I0#tkIXM(s<1l{mDqz|JJO4q-26m&Ssan<8Ln9;bReq6jXiz{D&FGr~&&c
z+k*=z91eRJQ8-)`JFv)2*@%Vw94^O$Xk%3ba>j@}$9^MasAHlG2k|7nH~?x?jNASy
zeU@xZ65t!M(CW-j$nENB5%EmJ+Z&Ofrt8_H<*m6<O0ZU*T|rsdN~*;U-CKDh>EC-f
zl}cfK`;PDV7HwuOprfGa)eukBl{;0a8aBtg$N2N6HM-N}p(xskMedT@B}=s!%m%*w
zsbxYWIwvm(GT~O~I>_l;iEs}Oi^P;1m?+60a5&ETx^m22y5)8cZEx7@qcZu%tF{L@
z^YuUNC`A@!Y^_HB%6CDT_;hJ2CMBihB*uNXl;*}DGB|MI^#ITmV|wU6U|9~8w6TVj
z1lb`UY`IwBM;z`8b;EXTEpI2-_G{;geK}{|_?Y4^w=bX)Sn)@s{LASb&R@)UGqbLE
zGQA$?j8m6~M-<i_mr)hmDE%1lgp7>P1v2$rHWw2vZkMtc%!VD~dGi>CRXCBGhO@UX
zF(Sgnxk^v%DL3cly6Z=ZX!HLR+;}{YCsmNNc89amu-lUMo`eW0VlCJzA2L)3`<De*
zHh6cq-Hm%<GFt&mERO-1P74g&-izooi@2RuiXQSv9QI$;`{th@Lk<b>G4Tk(TsQ`K
z3<mpz(X|59YK%9JN-CVulA{zWU=S~<xD({`milcf%hwPMD;E6P*`4f^GnSSv5WO?8
z;0W<|aS_wtMP-2*l2>krk(j?3HKmwh$nQKi7(Clf?{hQvgfg#=YIdSV-6Mog*fHw~
zN1B_ISMw+qZ*-Msa7JtA(NfM^Mj=z4_A>OXy3^}0t2yDOFM_VWG;`&`2GS3i)auOr
z57#E%3M3K_{<cJ^dq#t{vvNM^mqtg}<=mVmjzT7g|8ZVnq$_2s>+Z&wxGx<msw?~M
z=7f?jVx7uKl`Di|nL4UTx?SMjCV?Gs?{=4}VQ^m}jmFoW01Uj|gNwt0Ed5R&;Dd##
zoS3rCb=P7+uZ=-|t_EEmmJB--3Y~rZ6>+P{%k;p)==`Nbsw$-Tfgdy3Z?0F1u4u1h
zYjfh$HWPGi`)k367spj?7!5~gR#`FmRw!K^DCg(-@!RZ8=4|0Eg%1}iH=YZR+v)_T
zia09e2u;P@Z;Bm^TwvE};KZe>x3~F^m!tRadO{`clRuw?3G+%%8xo<0dSU-m$c%y?
z@?Tc*-CVfUP6IvM%LcssU<GfQb-%b_m&fw;X*t+76U)WA_my?cg_!4k#ZwuE!lMfu
zoiBf;^`iSTVU6zKMd&Yjj^Gn6Bh`hvZIiF!?5MYQnc;-!nFW2NVha86P|1ha?z3qg
zJrn$+@cqs4k?n&TZ<7^eoomEJ$+n(MWj>dCI^l2;Y3crBYVXsn;J+lpxPu1pam-`(
zmF$>2hOvd~a$2uc&E^l0PPA|0u;jM{GZ}eYX5U_DMX+<zVdBhwE?q7)hnTM4b|c8m
z-F5KFODzxm_`@U2{)TMJ%mtaCUZB|dU@_6NaIa#Z+ftK|<j)gNG*yZ^X{zmZm=_(j
zY`^Y#Z`MO?$nqHwN;)qZ2^%{`bG({A2wgwT%2nu7DataClI;1jfCiwY%W<5je|aoe
z#Ch@E#FuAD6y{i)Sha6Yye)Y3HeDAfcuj$;poj|65S-GF!IZ>{O3ms~B?<JOFOm1q
ze%T$yQonjS(Nb;Ez{FL2zK*x+17*e|#t)nPL?I7%xKOn#x-zA&m<-&v<YkfKq1adY
zrwRk)av1vk>pYzj_IsG-Gs8}YrwL_1n9zEN1R2n%Rb_Vo{-GAf8b$GTM*iB;ei2+V
zOj|S|)KyuTWPz5IB+n(xg;`?o3-i<2yvkPdkWLV4vGSXY%iT*u_f!}Mp~_);4u}b!
z${Oy3)Vlxt+bz2?^_ym&v#jse1O|bnc)x`$JGP^IOU53JaKY#47LGG#iw*<hFMoQ}
zB+S0Sc<>@4#~JES$nPs~Ico|ThaPS~7>rlf+}>|5jTpE>5Fwl!_j_i(#IPBPvFbOQ
z5d9iYeDM$oC;a83QYle=XP3G(>UArJE^Wt_7V<HrR1TpO`vF(qh7|DNy`s>=Ivxeb
zIDWyvDrs~j**9NZ$Ob}Kk&Aalh|%dh;MdR=pys?vKPQX)5lYC`L-rcFAdoQ6R)(Ql
zn?{jh-}NWRPUlNama5ed;cDwCJ^Vg@u5z68vWR5~6UjV^4)f(tlM+mmBUaH!`ntGZ
zn_GMV?>fvxL_>-Ju~o;q4m-32a5NUC1sE4tgfa)m&gI8jBr(Mu=>pqI-Z0x5Q;T}7
zLh`hvjfm^&vQO=cgUtS9ZC()HXdr}{{B7LucCj<;)>1Q}U|_G(8!2nMtl<@Q)>c<!
z4<&*L>gvO9qm2uJp~Uf~LFA@Kt@cz-<_=-aYcly3&4eAeKaagUKi?Qy%ETj)q;O5B
zs5q2sm1P5bnzza&!A%U-k789W*xc#$Cg;$rU*z$H0;tk+&ZyAPpZ|13d%tb`3Zw1b
z8%wK$f|@e?A=w2rBPV>UNbT}i8Eak*C?4pM5920OTUI(DP$T?re>>g|#H=98%MDYs
zbMMc!0U=ax7#|eJ%|MBGyyPDo1H^*S<bdc?ES{L3`%e$$<8t};MRWi}g4F-WH2MmC
zBpQF=Kpp+B?3?&UR7t{BXo>XSI|l5D1lqTDh^`}nyjd0=i5v-p_zXjTIEC3Fv1uIj
zAB6VpC7^e?(0zG(KF?=-88iL`$fc5i12^@TNv2wIxlD*zV9kqX&mg(n42kPCR{(01
zs3V~MDFLK{8|}|$4yDN*i#S#EF<=t7zy%hXOkDBJiL!b~gJiyNxEwn*U^V|F911hA
z>*r>Rd0LgKm$ALjKu)o2MdaY2i%OSE{gZ_%P~P_&rn|G%66QwZu~fEg8Ix>)1A4Gj
zXHgW$w>$C)SbcJ&-_DroKk*|{oX@m|Y)iiLz2&plM;#Oi4=~xbzEDpO!01)#_d#2(
zHp4QH7y6>nXk;J%XpY%T((&plUu~&!xkNfyX+p;3bQa1Hi9pH%VWyr2GZm(r4$6uk
z`*#Y7oDgJ^3m2xY)DA!Vs~2GTcrTFhKnMm7kIO!EHs=$zPcS&a@%E@y=kuTottRm5
z2|7PS$ljsGj%Nqt)|(#eC+%q}HnJ~&-ejQ+t%11lkUS$AKmSJ-kV5#VGvPvV>6{1w
zH|B01OJ6!7<n$z{==kHhd-sjEEl<{pBiEW~;3_%4!kd|OY<G_LU8t1$YbVwAw9>tm
zxQaGn;xPuz3uhIzbgTb1n{uPZp5&tDrta!M=o#S+NIXu`H{6D-@fpVjms#iY=?ZNi
zxIQR30GCN-qajpI8PB_&Q8nsKrIXh(*SQP8Gp#ZMv)3s`z>XrnB08%-Sh+cTaw(nl
zTZmK=`WaHi#LCLbfbtXVpJMRQkKO^pfrUq!23&#%7xYACc?rAqNi-JElVXKRwcKqM
zedEn+E{CR6E-lROdW7|Uxnbt0<^7yRqnaD2P3;{1_}hJ0`k{avF>%~d2vmT-)1)mx
z8WfIr`g}S9*4%x|gU;>N(bAaToP3e7n48se2KhMYW||GHfU!+SEg%AYB|zL0U6kbo
zr9l2i>G7<J4oxl?8l5zVdwhdZnR;Dljl>+_9sqFb(VDmoREH9}<0=acuMVu#ep<f_
zts2`0U`VX5&-(d%>gE9lfiDSZzMzB~_{q{U)425<P?I*Vhw%uv*yVvX7+IDhqrA+C
zu-iCZS$I566{!WXa^^G$W?+zD947;%S~wiE`Q3@y1<XOok_t#z0iwvNH(q~amIg>d
zjl@3>AES)!$nk;QQBfh_V2OBVs?g(Pt>z@0vy+zS?y7|XF75a}Ncvx;8LhHZKNfK8
z+q7L~2MSt0Q>qk!txswJDoN6^gadV5;`ttP*BLbEj@JD`GNhTOZL(}ys)FZ*%$sz*
za=O=EZI`dy8C<SD5tBaP^5=VRe?EwhEuNiUR9EIA2RY1?Xwb)VgsaT`o_XV+2bZVP
zB%NH#uKNp-yKK2Dy>gh|2;vGJe-70+RZirP_t`%OW1*oaX6wyrQl>HR!eMj61?PnM
zt68YC1uM~V=J?-5TmL>u!A!no*Tx1;8>ffOCuLQ$X!KuE7Gx1MXhuIc^8*m9@#l}0
zYPWGXpFcv)TFm@zUT)IH|ELE+CObnKkl7*c@t1j?VLSbr>-PS87-QN>q-cJn47N-5
z>ZKhV<LQa_R@!~fFr4!mSB(40weP5IV?8`11EQ1Zp4?tXSrD!?tN=TI$Ewrkp3__e
ztfq%1<8*vqf3J?J+sN%btR-u(?`szN8#{5;OXg*>FMl{t*;-$Asb<?Kgwn;qPQ;UJ
z%wEoKmg|7Tw|ZV=1y6n*gc6SOW9#ZXpD7co<Dv_E&oQ(#{m*k1X1>M|T3bpO2_cqY
zUT;!#`cfUV9P^MkI8pwD(+}gOp)BiGvVlQ9!2M$TtpAVt?v3;D=G+^5`jiRBsweg=
zp~`K+qtC!io&0Q9sLY+&+vN|z;O!Fk+tC^jH1+-!;1<epyz<Nz@i=n9LquhE)}Jn4
z4v}RMu(HBOdD?fsU_5@lq3I&%+a}C&uLPyDnJdurML75Oxj1C4pM-%V?1!}IV<gdi
z1UAJzTid;DcwM}v-+nH++z2+FOMh}Za!tONGxdD%yGq7LY=FaNEs1ox`|=Xq0G-3=
zC<6(l+T_;eHcxk$k=eQ6!$4v%^RA~VAr!vp)I5}!E|Hboiq)NWL_yTjEp@QYq_nQw
zBZY_4{Q0;h!Hxt8qF@_AS(Lcev_*R#xjyRuu`DDAWFQ*oTf92>0?#F9-Ggtq8#>&d
zuN&00-_!#224!I|C8~54Kf}0KROJ6oQ^|^)KFfqy2vP^D&kL86ra}<otrLZJa2Y6S
z)A=2N`&L0;tnNh95kI-pU$lrK36huLv-xdf!Jr&a%<A>Hi$24Z!%=Uu94IInxpA@C
zQ>ayfM%z+~KW@2(5w*tjNrszV`k7#x<%HI|NLwT!!Zn5v*jG2&Yu)(U0RkjQ5y!|#
z0z~)n8sg8)&%@Y2nGTMie6<qs;bs%sq4Oq1*x&e*LRl?*DPdLh@X){$sCKs~I6K^$
zaD(XC8Qio25)458A1Odd_hA_&+SSxt%wfPXE=&q3*15=<U^xcqJFq=d_3(Vlc~Ev`
z!oY)FB`Y5oC3IWg*@O4)d)s&WK}pd6!?%LK>EKyC#pd0WLHV^z%k(99W`tq46L^s4
zJrsie@tTVo!xLidDm{d(<5h|Z{R?X?+J`uigG2@b3Vt0wIiIdYOqVG2DI2*&7eTyI
zCi**eQmK^tmCT}~^~WY2b(w@E{#v3SGc(Gy91UZ}Fs#3lP(6jENM(3pGUT4e<+X$n
zLX}+u@?TR6mGSt_<|asR4KC>cj*6_eH*dNw@I!y};D@h?S0Q`?WD#L^APf~74^3-$
zZV4OGHmDt0H5m`?&5X|#B%4j!nHIq>CKHW2wIlmDt0AOzteggZzB_8>w4i$OobH_S
zyBThR6*eJuxP00zDLdtB-3w_4h>wc2|7!%&U?4rzy$iMzi?d%1d}j<{8tC<TYtPq_
zVXuGsF~Dr+x3AX9!@A!Jy6=W?Ta61SNQ53qsv1dHhJ@#jG4})=bQ2_ep)8N)6Z#;K
z+wGCw`owee_ZLWWMNV*ydP@;?b*!nWX}O;su8Lxk{Oq^lDk4F3i=4I+yAope54C^_
zoV~nzNUnWP7^xZXOvW9JS~GOn0o!MlL#eY0bQU3jeCK#JI0~&ySXjq}681UfG6am~
zN!2jqD$9UohQW(4Bc@3=M-9)cSc`sdTLtAUVasI5_d;c3Oqz$hTyHnB{2Ph+DF}Br
zh#++_Zg?1$`#evNuZ<JxQE8SIc+btTtLLc_$qXh6wo%QGse=59X|+EofEO)h=#i};
zCBw`xYK@EW=(;2Pm+c_uaw{l6`{v8i5=Kk0oV7yjHMaB%b@Q<3`WUDQObCywKb_Ui
zO}akVI!d1h42jTB3Ct<vhm9~O`f6_XGmh^Evy9o|Oz@ws1heKadV*A6UJ?-8OEVof
z@>6cG>mZniD2eptr_QirSaRhZJN)c;4%N`eROpl9Qe9W}O#V@@ZO|;*<9mK7^c>d{
zs8KswnF{IG7v@&BnepD$h1p=C-zV6O<0m(RDu)L}f(R_yBRF5KHCd?#O08Xs;q<16
z`?i8ps@VkH^8HkvpHybUB@<q4`Mbe5y5z-x?`xq}4i=y+^rL(f5&aNjpL$@hzu5c`
zQj+Ua2x--c(l@pCZ!+gO950ko&lvn@xWkW$;ZUbwl6W?eYAlAP0ajUP#NCt%@%1(k
zfgTvm$yd}*G}z1>3wSYli%G0T=C(T2)u*mPnMOkg^B<ShH$mk)b+t;4GvU;+>&4&K
zBr=K!2b87vH|%jrpTu;B2j0Uj4W2P#V~;glr@sv=1B>joD)5UGXu7)FqQwc+&tNq=
zsJe;PWEv^t|8;jCZQ(09gdBY5&ltHMJon%-(ts2>r);5J9>*t+FzAN)uPc4b7XFxh
zCvlvjhuNZW-|-@;%D107qw7xX^Hlngp7}L?rkxIX1Tzw~-;zcB3wYdadFOGg^;{@h
zncosBed1ET`-R=DK5PCwWiTG3KVsk_&<s5sLdw1Bq=pd}k4lc<1bE+$Am!Ydk+__{
z1b)~**l!9b^5!97&9Z}f<E&J`z>HKG4(Y!%pOej0sNs?&T<dndJgRF`^pHk^ky!UB
zT~Br=JAaK-S`;=}^CIl8Ya^Qp)|-f@UiKx(Nh28~M@O<HLO6FIS-Z+u>ivo&MgX$t
zVBE!I3eyi;7>?;clj#MOORN+^41DQ`VUNF5h}kRP7sA>EN?gX2(I*EUDoqW-nDzrq
zH|YVc|5u-@EcTLZm`KA$jZJ^f>M(>|J&l-Q52uKEKQL2cE+JogpG!6udanh)pHQaf
zdeXtg%zUz~8NpdPbA^$XpR#!uxy)%rpPS289;X~vI~p2kqXbBvk5B7Nf^fSQEPMnO
zb2n*{rk^?GcuzO@=SscP`-^n8@No5lpPQIUG1mhX59h;1$w?_83NqZnBUDC>y-7a3
zZS>r9TN+Bij;<CuNVkFHa+=tbECVI`I{rLcA-djF`m1oIGN~>F?BBNi_E~$&^WsXI
zCUP7?dE!E0Aciv+rq$|Op`drJ6`Sh@TbcA#+HZDh;hY#&>#fdO8cYB&LM=~nY6}SQ
z>^Bx;o(ALoXPl~GblmjFhBnwMwBK&h;_T1$xsN;}IvRN}=t$(!AV({i*IjZjC(|gH
zo_*6c*1y}<yri+0)vh%sEZ+Ok$DWM_xtH9u)Pi(B8Nvaaz}615ecy(e1a5q$_7)B{
z!6c)k`Xk5i(t+tKO&Ir2Vrm7?ZIZ6XulIgK7N@DUEy<88my2*XD;)?8thJ6>Ak+GI
zgD)j(hv?h>&>$4Pq!AmjscxBJ^p_1fe*6TWyQ7C+L6`M*K@LSW#H?I|b+M$O)XjF_
zr%RHPE3uHst-z>NY#NXB#Twt9jwkCZ&=reS5s&A~25#;PEb!F;`3^EyQ%A`Cfp~c#
zzP^!YxPo3?vG-bRkFaw%-2Ux36ea7Eex5yqh>v0lTVkJB=BFXe)-q$q$w2o)HX=cJ
zvL7Rf_)=wSUD?!7PsM?O9<tz3+#QorJ&ak_xJQgPx86tA%PDaT^{1R1ynPo5Yo7F^
zHnibC=_5tzU9yO+uU0>3UDXc$?GUl8%;>F@&<BZ>AY(k9%4yq1L<Z*O6~ZB>uiK8Z
z!s=e>8jogP={jZ!+v$|2`H=MGcZG$mY7phUL0ZuTb`Q5CiWp|u%SvL5znVr=%)7(<
zzWxG}?g;7TJzv9f=_!}%NLG<w;52r1cxH?x3!u6W7&6^?$t)Tp8W!uT?Y&Foa6%(2
z>xwOCe>krH<wWE>Pc^NXoB@X_xLwA_MF~T@_UnTsua)viKd91~8u6L1-s*NjX^2ha
z6f7Q*WS@UDtJji#LdIX^AKwH+3eHJN)zOn5N#!0BbG1b(m*UU5@WZ82f4;_3Aza-t
zrAA)zh_39k;GX-{5~^c2Wq~320DKyKKKxhhLVf;QCEtXB@GK4bv6K7RR;S;AlS58Q
zoB12qPP^Ujoxd|wlTN3P<#tD(ZMw{ji@K2>j5DqrLw*l6;1M@G=N@d_z*HXZDQi!0
z@`h9a_gME2+EJP|4rr(TtK@+eti0_`z4c)$%;hjI3BeU8F3d+Y79N))!1MX8>likJ
zh$*ppRDlI5H$VTENCXz!VQ!oRoX^wc<J~qlgODr2O|#@!aBQI@pjyOrN9hK{8%UT-
zXp4h$gPw8Lv9s+(gP~|dm%D{yd}OA!^+^_u`9@cpR{Ic9PTtm}bpny>k#?Y^(+aXa
z(1Ijd6>J83&!pd@sC)wLBD}Itxr%nLZAE4Ex-lLKWb4p=&NG?$9rY%3Hf`jP=kN~3
z*6%=mje=_WZx7~5hG0uJ>?Q1TV)i8Apr1t*A_8$jIxA`0Aa;bZLEtA%YwVv!Ew^0_
zy5=XIAuVdgU-^%>r`cMG5|K$Qh?OzUnz!29C}$8-8O(XAzua^#Nj+X;gxs?u5%CUR
z!dVG|WL8w+knIry`}_2=%Go5>7-FPcURw3{*6=E3$ToR}9pJ!gsx*HiRd$lacW*HH
z4ch%XXq{A$&$T(cRVOQx%kas;DgBE$7xwd(b5{5j41Hf?Leh=Vy{<?0_=)&L{EH2c
zf?4@TsR7?1A;H8=qbrxtwc~@^uDoMm`<L)UorsL*rwv!O3ay|@&u?O0Ad};1`h?l}
zh`9GROr~zvLN{_%csm18qJ0|4zbIvJoi&D9)P}znV1N1PP@{Ylk$r}i?)+R}MD|dy
zERGNyL(f>*alLb^`ZSN2eDTm^x`hcUv#(*N@$6Hkq-isYfNE9b@|iJ;MWJMD@_jFD
zQnc?013BV@YiS+>+n$R8K`bu%oH_|F$;((9Lv%>wa3Cr8-oetKXaW5TF`H<hO9m&U
zuI7RMUT6D_udQB1el5e46<%5iL87iggts2wmKwvg4bOT*y`#R#v=^ng&4EY8Om$B0
zs#&U+dNnVJ>Lw3N-)VXb?PBWks%W3>KWS!M6+si=KEVEV-2%JC))l#|Ava(iPh~C%
zuS*^y_1z)11xRrq^YHZ`GV&|@n!$@A{IbqQfK=MeVZ~heE3nB94OE=M@eL(gnX^Lr
z%E=e2b<moti?N^Q^lh&kCoAokhp^@FR6POJ{MlyHe473sU+*W$$n<(~1xI7AF4XJH
zQ8^qB5Uw)P(!x}9JZDD-5_-uhO(yVWij}A?QS$-;`5i>43-!q0g3%K|;=~w^*}CPF
zh3n;_r%<5)4)DKss8_Gg=N)MT;p>)+Xz75O1-`>C{~uj%9n@C4#S0gAFAkwVf#O!&
zi#rr|m*VbH+}$m>ySux)yA><N9l}lDGv}Uj?l<2|X7bP8$$oZLR@U>g=xd*`nobCc
zi3Q{I2-pD7V9VGSeMB}rP!w}Lq{$^;beW8b(#vj)UqPGmYxga%&o=MOZ#;AFgJ{mZ
z*7FZRCR|5;GOsT~Vg@G$2%tl^k~?E#<F1g5Q&BwYx?}sVgzU16x;`ItwQjz&wM3Q1
zsF<d*BnSRQvZl$njTb9ln;z_}vtwq>wz}<=Hj`?Z5iutImt6Y7={N23*t!#>5f4^#
zlfpOfvS~-P5CX>3Dk=zxK`VL7z%u{cQfj1jG@_pxw(`OzY!qgN31xxis*M&0JN`N(
z8vao+C1f_l$LK#`He%%-b%rn3hEUpSg{-?f7eW|t3vd+lslP1kOuPARW;=_X+e8)$
zdY4K3e{kYhH|RYZx686rl-R2TmQV8B^}2VAvd&vEHp1_Ouw0lLm%CIY+dcMbR}?ne
z;TLOPzw!0=3ptO$r8LM5E_*D2MZW(fI~tVhIZE<@!Uap8jmgmsGX1s|aCO}v-d~Rd
z8jt6ehNO+9BvanvaBP8X?vE<ahOJ?b3*udli!O2um&2$#vCkvTUZ^%;dBzQ{&X#5~
za<BPPMcVz3rw7J69Z;6r%bMflZAeO>SmSaBrDlVF+BW*iogwn;c74lH7QL9%C6B+%
z`;zbO+ONsR=c@W-Y_xDekNPGw{V)vt(RiQDuY3%_s&Q_P4Q)8{E?;!(R+{gW-?~ME
zsd-}GbK$B((oE_18~!MS7<m#I^VBb|=bX$KqE`_wz>>Z$DkT3}?)E#EYh#M~uPt8A
z1O}5?1G8z<uB%-#N!_Q2?+&P(n=N@Bysu!AJN6S}2rBU$G75lA=9>-t!=@|AmirO$
zhWk;LoWtbTYL>5$Z>^W1vqHRp1qr0bgY2%yMDc<63*X^o0Z=%KmXGLsaB;3?&~-`i
zX>8kd{Yr?w450_9%^Ej~JR3<&)P)|=M+%RTy=}kd>UJbxsbx)7gf)CnF&03BL;n0C
z#x#a_sIj`TU*K~L9<lOTM;B|-gjgGqZ1VHb3xvGPx!)5ZdrsFtNXr=tU8~|?&}DUx
zu(yCv_Vm)OcNlf<z0Sjws#EJO74L%9q34}=N42r7ujLnyFMtQQLNPro@}K!uI@uLP
z*@pWB5x`jrSV#4B@}VgH2g9`>%=ccQChNzDp{;b=&N-pR_QRtHZ1FdBI*=Ctb`yks
z3TJsh@L$k_AU@@elJ^G&a5aqz?X25&52mwO8X_^cUvxfLh`}+lj9fqN$Lxdog5^lm
zzhtYiZ-FQ>+T~%-g$fYX$D|>4!a;Zz84oa_og9!Iof%APgCBm=?L&-`-qf2i&ThEd
z7j(Q-sRfEen_K1Z7b?mublo}Q5Lth?=y8rZ3Wfn@zWAo}&R-b4u7iys1P7%Ny%)X#
zy>lmj77@{Cp?U>Q8H9edZ9R^^phRi+UL>-&T!fK&h-<pbAYaQ3EfM=TU0L^2R;SnI
zdm`}yMzTC~sPtcSt+>sQfrtxwzL%AFw-X0B9qLO>?IU9Df+zDYeXz9>_ESdIF$5M4
zM{JDyH|M7-VM4tO>tUS|jlYy+s_>a{r9nP%rjZ&g?q6)&2TU*RmjX-w`}<}B-U{p-
zfCcKYM9^zZ))B!dgx^d*MxI`M(uHFw084%O!8=k+4Gj(S{D1=S8>!e_oURV-yV(%r
zV|KWh72=xP_P4QP1+3)_r%uz@)TVEXi?^<~T{-N(7*?YW$5ZkhkEUuBarb{>AkTFp
z*}gy7dT=46w(L%)a|qR&jyp{UAuTZ6v6BGVAAN3I8ZidR1xMXZfkDUgwr3&7hBt5B
z8*IDvhF`KGjP2tqc}c^a6oCLO4q})#9tme7+v&0n2^;*kbb_ur?7NO?((+}fTbCNv
zJ@6R$Z^2=r0i;hD+Ax@{&Pl{l$ntLdJ2+{#I(*UV;{9&;BhJ7J-ALFc5|vDg&|-I7
z6v)EscJq2lzWr==*QPi7P(~YR4kx7Ys;fO$N_~Hhl+D7LI@;8<iHYpcel7K=>#nYz
z{4BiHWA@-ORAg;vt`OmYwS9E*a2b9<%J$nJ0%-cy{iq}D6_oX8vGu@NZ||MsgL`X}
z7M7xX#PzGt2kPtOo4gyoq?-NbE%<?~70|t9s?C<wS)P3cofQrmlm?FPkJVzTAMcyS
zT6G`YRPfDMaINPfkdzKjW-BB5sj-4O8$r*w&H=uE2;IE5YWv)c)Po#4Wzy@7dH<aS
zfL@|fu9{{}MJNe5D))2Qp^jvCWo`K86T6%Va|&|fP6)CaYT_Tqo|CP^nFyybN^)|i
z=@5DTr_Yq~aKhme7P}9>EMP-<**3`JQ93Wn+|aH&?bjicOY-Ckxy}+`G~-^jwh*3_
zCAj?QwTO@*gY{ormox0DA4G2zdMPrt+filLVbdvv!4Vo%p1f*Eu3IZi1;)$19U;1o
zuz_$~zvtjr`PPq3GF<2PME?G2A_fxpTwNT^9%QGaIS4~i21}q>NpyrxyzKgR#At{i
znNpure~F3I(y};taBDME2)7}gJ8j*kany^Lj)8m7II~Nzp4@M!ibRYl&n1B+6yJ|v
znfkhVn*%I95}5ft=zFXbv3A&6+kBK@jbArwjKOctkIW(2f%La|{O5uG37xv-fI~hr
z3PgMw;{7MBma8cz0KDNYolkmnN*Tye^8VO7T^ADI?9>VO?l?|$QaeV6h#yorUiljR
z<1wRmkY4`tTkG_jHch@&rj5B`h^9JH*wt>P<5VrBsLlg5dBAo?F=YdMo2+D}B=#|c
z?5WxyGj>DWo+MT7`(Ybe_to2YZ-DuNxtj6Q+zCi=P--SwkQdf7%;UjmUreiINPSEa
zcqg!j(ayW-vSGGJ5j(sfYYm2XB(7o)zh(FYgh0ElKctPVoI1o28)JPet>ijo^d!)5
zgFSOQPz<?VYQnE&vReI_gZxqjk>b)wW&bZn@xLI*oJg$DkNdm7yS)QqjK4PeBIus5
zU^s8TfABs#W;`cLVvQ@4%V`>knAKk%*r=@h?FRR-<w}HBwGv)WA!I$Rdorj&tgV}h
z?@u<0TuJIhtBPOy3#nR2-kw(P2$r|@7M4C{w3g}IzC8QHBwerz84ZTi`S{^Yz0KTL
zLb2M7|G-_5nhmX9AUy~oz;@xDPz-MM@irhv0nB&CI&4TlLec;Rq%&-Xl#prCpy3i^
z|KoP?%cDS_ufQpTvVPUrvKCYOob13;Ut8*Kl$m>NaUpfK^^>2brmbAJb|kV$qk_e7
z@<>&W?$Bs-pECPIQhFy{F6y%P+AC7b?$fSeo8yQ^PXRZvSP!Ul`^Q%TSK<g@04Vqx
zAYj_@#2)<x4UU-)z-{;8-RIm{Sw>o@ST2}D7=qTUc7XKLe5|e~L;4*E&l?Co@fydu
zrik_5BpURmPrVfRzD}Z1UhkgQ+7iPO{7~6XWC}iTrf8NwisV&vk$fiObJ~c$hqxjX
zIZf3Zpe?NLes_8SA@B+qMFar;uz0U;4S8n~Sl(^g(zm}6v%aNATnsjgz0jRJ$WJd3
z7@sa4T1>2#b_}8LO`gxVywJ1Atj;kc`Hm$(85H3=Yp&ZC!KkmC+F8W}Sc%^+dEsgY
zz1UbHX8HcCB^YDbnOd%0E`wSoo@)M3jcH20oJ4nRt?fA5b;rtf>$`!BhS|%qMkdT*
zJT_rLr7|>p(HSy46xCn+4&o?N<AdSzxDDkt68rkJku3<uv6<PcvH{FZ!gNQn8=7pc
zALlMoE5oLVbk%s?4~W1pfN+gelK9;3ld2~uih8PBL8%n8Tme=8y$QBBtrOJ=rTdrI
zLHf<~QR<io;F4iz;;^Ktgn_s4nl%%v>kF=-n?>v8tstzyt|Sjh0y`Yg$F$eKTK$P|
zSe!=;i%Q?ERZdh>t+$a*WV9k>hPu<}#5Uwp><zi@@MmBhlKrD04M7Wle2eP$Yj{ql
z17G^GU4f^+5;@WJcq5*}v=a?3eI@)Fb|vEQ8;Cx2<wW@gU<-(FJI0ET8Fieq-kpXK
zKTKd$^i+igHrq^#pKml0H?JQZ1@(pA@+!SV-fTY;A#jBdPdS$Mu=(b=G#~j$w39V3
ze$Kvn`J|~u@0>CHE#FE%`~G)xG5*UzrqZ-+eZ`#y@rv0cOE}(kde_qHP&A}h`;bm7
z$JJ5{rItL8<;HSq?Po$(obDiLes>H<*K)a+>t*K3(HoDpHCIcX7+u}5r)Hxm;(os?
z!b{L5?&^WdkadKB_;Ao0(~kd8YMT^3U4w_K{?vJAP2PI(E{pf}{<-VT<uZjv>eX%3
z%HwtUqukhIBF0Xz#xbvVg6^+bhsPZ#X7iF;fp@68?9GzGchM`IoNL-ae{O;^vf(*Z
z$4%KL)r*If*<*wW^+(RBMC-F*nsNHgHK6Z1G3aRcM26Uyr>^;z)-42p(2E#{;c0AP
zf1RR!_I#)}T}?97M%BB;=9)%Q%mGCmcQsm+BtJ6lVWrlncGAM&<HU3`azbb!R;e@U
zLSmYlt~<q0B!0g4_{a44sX{A^*qcJmkmW!puR{aSqc5|M6^WqpHM?%3N_UAD(u~J%
zh0cB|v`r!L*wTqZAIml^pZ&{Hhv~?-u@%HO)Ynjnm&Y%`g_=|D%}$m-nt5$Jf)ky8
zL}bWVY8dG>zRWguGAVar!y8b)C`}8uU%cZ30bxO;%^$Wqi+_KOS!P-k%1*6(mr!S~
zlZ7at5X9gLUYc@G;Hl+xg%M+q&Zy*sAh1^K-SQc)D$q{4*S*IKo>o$lXT%SP+_NZX
z3$}eOp<3$RkbhfpZl!8D*^BRfpp9VCf3DnJ?#jp%kyNAOE@bZw4)JC7Re0Je30=LH
zv&uWxg1sGCtI=(zY#^x=*Ar%30mcon5^Bx--qpL?Z#ogJXgzh=RL44Zr+h)dx0$w2
zx!JgL^|#kn<^tE>(DC$yqs&_Jowlo!hl7>*OCr(HeS5=V3CHERIy(WHaIl9D;q**}
zncUDZDV9H@Z1~A4;LHj(ua0Tqy800g)<tm(Nhd_#AgBMdd>#+~9X}XOMSPn^X^h^p
zfl5{T8No(z2>z^V$AkFR;{>kbeQUecTZXlxZ4GIAN>m-_3{%xsCZvvEkQvtdfGUJC
zTij1^oZO7io^;jUY)R<i*4>{GkbeC9w#_rL)}$gYa09qSTF~21H#jbO<`?t)wpL`U
z**xjYu^O*;GJo~@Y~UgFGI4Fex3V>J8+*Ud1yH+N4c4LgRIIx7cOuq-8$5`g2zpdK
zRfbJi<oUz2ZnNljmOETf;6B23*dXEYbu-do+vkOz|M{5Q*wmEFh8ZCD9fJI@KM0I6
z_B>nN4Q(Eem`wLiG(G62HF;Bsu`xH;1mc`SW_3=iy6p$kGKu=Uy0sZ>D9IaLX3FAm
z^-=f=irfzr`<Z1AJ&^><U6q~Rf9)$dgkzHO+34WdEKweHl|=hxH@#nGcB6j+?@n}w
zko<MI&TQJ>Y{oe9CK}$ZW<;%ZtwF9IIVy%iXYu8^Qkd!YWMdK0Ur_1`<SCqYMC2YD
z-H+wVpQCNL<b8a-SC1ki0;iyxSbiS{v2daMuXJ;ygkAz`robLrK6-(O#9nz%oa63c
zX<_Mjnc<;7%OWGJ?Svi=$Y1&Lsn-g;%56nFqk~86+@srpM+{F;79w7Mv|{4%z5vQ%
z;LzCWi(r?C*Q$LyIh)uj8kAP?eAHGBj3b`~Htw54n9Od>BdrQ9=%UTqox1WFXd({c
zJ3v|Qef?;_9=-_nU76n^zx3Ya<*VP!UX5n6ujVH*?5vlQj*B`7ZMfu<6m4&IxsWv0
zn@hb=$kYmrH?Ef5@#>8+f>CEI7EH9HHJoSbp`8<&5=nk~@_Wjh;Ap?LgDA!<vpA^9
zU>fq~0PAfp{7JKtO}-kT75bICcd0K{&YI4ChHYkN%#VytGqR2Sah<Y&8GLWsEPplr
z4S#|y>J|50fv@CI3;h(#2->a&^P%B7>x~GY%BoiL@l~_zsK`j<f`Wp9>3!04Owm?f
z(1v_$78lL$1U9qJU60z?MfG3K@+%HLfi0qCtLRS<TSdN%jyx@OFlWmpKg0<=V>|7M
z*P7uqK`iNw1E+WQy;!}k>Bx6DCYMDRsdLTR3dROYiQ~m5AaMUwk(bt3=4D{%k6%Q)
zTO}bH?CFw?o2?djWj%u44uxiECUPaw+<v#3k>$K}Ia#e$3kr*H_5YU+hJal}Y)cdW
zB)Y02FO@CEgV3PuD!f+0okAv)XEhOH4`@km*3t+&hD@@wNTg}xyu7#>oU{R^S;}~c
z#7qiKZF>A1ip;`PniAx&{(RLj5q7HcN9}lH(YBa$5lyiEQJq-Z29@C~YGkz7ubFN4
zeM`jPyqN?ppqRe%rhud(KHyBwx{(!S9o4y=<B4;$?!*8nE$4pzBh68Gt(+NoUQ}Rt
zVxPn+t?Soz1qud}bE5M2oy~NWH7#GHrFv7=AB6Iy$;E^8;YG4}>TY)dtGSQoOE$>u
zRGg<6^vswMJ^W{E>N$?zodwOjeAz0d14At|rZqy&rg`ODHt7$wr&XH6qng@u*6(l1
z8aypZ?yX*TJ<kCp?n9a(yfk7})4zY_ej4EE3o0!~J`_^4n)WWdSQ{Qb-a<`2LsDF;
zW*c2wdQEmVz?62d=Urzr@?U~TiLQDPZ#!+<HDIkvXPeu+Pg3g(CyC0%cm}anxf5c6
z<{)@ntd_6I3+bo2FZd!SUj%qxcb6`?Rpo?>kQZl8xBT9{pNLsb7el&TaGgdTp-H$B
znVk`iEp3*|V%oS!0#o8{+2jqPuM1*5eA1r~`8n3Y+e#L__*@8;e5zh~TjUSJXx7t*
zV}Crck890|z*%x9+M5oBTXRDhq&ss>@yS1o)cm@+a55u_mmd|_e+686gSbt7-64q=
z5=*%C-tg@Ct~fg$7R5wfM7V9_9uoGvJNF8N_~%rsb%RV;#e%%kRn?;iqNaqzF2dH1
zDzWzMm#aB;A|oB`gI#~{Tj(#<iS)c0<oV2u62cXeWTiE46TK>;LuJOkUJKiec;bEO
z=ZLqCBRQp3%d2(^HNNc=-1c1{#L$`uP6QmkAGxQp3GAF0Br0Z|80vJq4{pjI7^chf
zZ6q-}Jn`*A*|e0gE}!ZkkBu#o_<$Y9`3W4sWt0N<88LHPffgKU_WS3{6vtvVNtO3c
z!y6SB2@W=ODrt?C#eF1p#7(GJ_|I(wz`8?Bnb8a+qY;U!w@Q0t?x^(zaodE(&ZXqh
z*3~ENi4K>br=8`k+o4bEV-8Z)PRMduzqL~cGtl{nI6D<MI^Jw}t)IKjrw5d?&v_G{
zS(41A(k=p<7Ry4sH<RR{ZRCd6OLaXpFZfB%b=dp%NR5}rt=H%A@&R~}%Vv|Tj>bN(
zq``blEPXXm`bT4Q##&cy>4pn+X>AaS$lokVRyQbI#bfc&KiOt=uje464PG*gdjLys
zI(v=|xagJJ>8f7Yaeft@XWpz|Aef4+hgW8vwOY{P)RnHCx>>hpRg(ruuZs0(3AJBn
zhOkSqew2P;U1$1P<hzDq@E}uM#52NF7sNXpH2}X&`gEv1@Vt@IVNnu-ciEo|e;%{8
z1aH!R8W#TvNLcOCqUpOt=pM1V3YZMiTCcXb(^S)d*}Q2ai9GAXVt&puZ2^tmm8^er
zj-~K^B7dxxN|-)gKF#%ge;%6@P_H`QWSs@w(AvF)a@49hM^1W7TL$VZHzOyW2m6}H
z^a-n#)q%K=xt=H%+`F2oADpq@dudo@IM^CrCv62jydUVArV&zl6`GDKoWzv3!0l_A
zpD^x!*UqyMO5gfEeW#Z3VxyjpwP7}^m$3U8T=i=V8Y$jgY^nE0zl!*M)q)ejMtFcp
zW@-H)Ki@P;OwJa$uQ*|T2RE)0UlK3Jy&U(Ki#QMpe}4*obH2E&cQSfHtB$-4-1PAG
zvAz})^=^9pprwNWZGpREuLZtpQW|Aj{Jb51d{)KEwb92np2NASWP6kb#>beG?N@n7
zIp~AQ)TLF#4*Qv41w8z>UQ{s|Vu+B}RV>@#38CtfevUfi-k{e%tQcMXYs_>e=RO2a
zi!=kGT5lsKuCf#jc6OD2`0jOixt%cUJfnq{9;s&T{VGp~-_)KetL&bVkX{0t#m=${
zx89iOE=a95ev311|D#M(N+LB@&IxW<Z!cw&9%j@!EVaV|uyhzDp4|lqXZH-V$cS&q
zRn}F$Xq%|bj0L{VDBG6tdQ+Vc6u9&Z{A8%oV?Hhzq``n#x~Hioc0}md^)_#v?Bsx5
zC8e8J%P+jjU)5Cm%w9LGUcf(Wl*6fk+w8T<b17U*#YDdYV6^G&Pt>woA+y~9EA6J}
zeMDrI>uE{eCR@lkid}A9N;taP0@;Qrgsw=q&AGu$Aa3Vtw$akFBAyvB`_6Ydi#msM
zAd5FUZz*5H)qPPfyP*)9NaeZ58+Sd>6=VFPUGW`3qGL_Y(ZTzYWpI4SP>A_*s1|F1
zHr-K~mb;{ywR1<4H^Y(1XN|%i+1zk1+g_{y*5E%}y!DMO2>B}c2R`Zdc$7BU04~bt
z0Ax<yVRA!<k?iWDuC{6D5Vx{)y6NLs59@PRE6Yd|;e$5oFHk9N>p!Lk|Eh+~TWXoN
zrd^mhMRj<I?Qi^}HQ5D}#owN64I*2Z$DS?ue!6zK^{gmwpH|jsaj6t*lpj33if>ra
z|2RHqK*Q1boZX1JTIEO#c;4fV_*xiNkZn7EaZ1?88~yTUDdOeanQK&4LzX>wOY9u=
zd7MGu6mDGow1rEdI(fL%+U7SsOU1B~i1x+_WanG3+$#es^upQLTzz7-x&{aLYb{Ld
zG}zEIYkkab_n}Ms8A{bRA*wOM2k~iOgF6DLpyf`~(JV%zN=eN9#sG!rC{cXw0HVxk
zmS1(*u=!PH8W-aHJm=M}rrSQY0m;VyDC><h>*LD|;{4(Yb$5rXA_PTBj8!g4cad*z
zc%jkk*SQItr@1Y@`f^}0890Z-7)__KSvD(Q_K)t*j%G8M5EVQM$Sw5xBu`NOnV5l<
zqEjI9DtN1RWy+^s;(<99z+A*(Vslq^qrZ<965weRNB@uo5dsAv&0+K{<huzHY7^U9
zdR7#hFJ0zm--@S-x+rIpkD67yx?8GO5(hp6ET4NvlvZr1-ZD>}rD&}-zw0{74e{0K
z+^oelCt6mY5N@*eez*0xK#02$e<-R^)?q1Ma{T^B$;=1uc8Uf+O5O4!q;<MU$yQuH
z>$;|#bI;LM9ib*Nm1Udrretsd_KoAVcS(rK>Q37dXs5`uBy?>_5L8pA%60E-vcm#S
zL;||s(*+kBbpX$=d4EwM;Qw|*Be@`o*7YML<Q<Z9i=<z+S@9O8NTlfxP-~T?-Ubvl
zd6mbgEiL9nqP^MT1^!Xfi=N_RKzRDS+Nw5<b<+L%X!|5LbEr8AoTn*w+Ys5jt#gq$
z_~he@%8tiyW@GaEq?Um5_u<$`6HYbh<q)ZH(+B$?RX<AMxxlcF(oCFVZRw*I+Yo15
z$>P`R<e3aCFFP97jcDA+;i5jV3bmn<5;0~DzDkqL>j8(~iy3)piy7^7<CB9IN?E_^
ziF{fj#)}cZa<pAYxWOJ&lYfk$2^u5+vol;AgjQXHh;qOj5>aw?Jqr$I2std_5XKZ#
z(t@-dZ6xKX9ZCMCkx?^eca?l?QDL?~kuIkQQ-bUlt-3N3pBHPra4|Hr!nj@Q-~dK9
z$1esSd)!=3?08Tc;TNcF5h?s%(Fg~R#5<D&Y`tp&@}?~7D`-hN15StN={9S1`Iwbc
z1jTM>{cTKvm)P`MW4C5k6BFb@57x^^f-|&22?s9nvDYjaF>0cF-M^x9>}Tn_;S-u)
z%-CYAkH5LGF3jLL$1rcUBMtRQ(rrvhw#t|0(y+*o4}2-CdI-B$N5H6#gKztFqwTz~
zO+S0?<vgypHh0+dB1X(NQ!vl!xz(}bUOKg`VY}pvCPi)S8ozr>l+s~y)T#t}<$XxX
z6*jC0gidVa&o8tws%_e?tOTdY9$*i;W@eu|b*l;EE!b8RJUzM?Zt0lq7v*N>y{!-`
z@};c}HMIbX<(ktmnRzQT8xbRL8C~Y64AVK}@d;kt+j@J8mj*9m%bOe>lHdmZn~^*m
zHc1q%*ub3hxQ~yGHoZ{OMaWqD5?+wEX?-3WYJ8V$rJUDE&#;Dr+y2$Q)x~4~6A;<G
zS{vt<UC~yeamV7i$iWo*_P(GeVU8Fmk861pX$dm4Rm}N@%O|`LMj<cZw-X#md|}Q(
zRzgDh2HSvyZ)B5v%m<0Zy&ViEzOwN=iA>QzCV<Hy6X>f<d!rsQDGwN_FLHI~lmACY
zX>qxgvxVHK%OkU0+@ZPV^RdNtfJ`gBa^+v@Pp;&D)SoGN{R)RK+a0WU+H>Jw(&d&q
zY|gIp6^H)B*jP5{oY`RqS>?-dun+k>x$J|<zCbS}{!XPcrf{l$eR*4CCB=k(oV)yu
zOMs<=FW;MXgA=<+HhW>E;!={lv5mn|yi%v!50@bF6VqwSP1WVQfXbuYDAo%Ucc4an
z>RA~oKA8!@ROTOqsHRf&Pf)j<9H&4k0Je7<Z!uhy)0pi9W&u!7uh}M<F$PJv`fpNE
ztCxwLo3fAw9%SWq+?3>9k#@u~nB8}fMdb_jxj(Wgu>2ff^?mAG+xhIPrgKaK!yUKI
zbllkIXMSe4(bk;k0P#PSe%t19(^g-%{Kdb|-F76K)oWp88Mp8c>r6Q=zuF`P7m8mY
zI{fgJv38~<ED|Qg+IzG*%DDXOi50ze%zr}I!S$}=q*P1n=9TdKQBzMub1CZ&6HpwO
zdhB}%jFWrWO9p4ME|#n9Pq0plfX(VgRc8BY@_D5m5qn%M(vBW8`+_jT^y6W4K=jk@
zCZh2>!>2jtW1n&52ku0Q)_INheqnK46c@_htrYV0?KR(SntrlREoM5<f{|fL-jJnt
z4lMd*MinJYZ@=9`lDXx>kaU$`cA(rz-q5j>@k1ll67=TVphO;I-ze|C>DzU{VOZNr
z!=u!M>Wf%4XUPu%uRlbOFL!FTmx+pE^go(?%i81G7YlEHFrR5o9CK(|7Ee$Kxag2f
z2I-EurZ@1Hgna&de0`jdz_b@lTI5o1I_Zzs_8*Z(F>2o>QulDnpb_FN)M`Z_tx3Yq
z*Oq$SVUq-Z$MVskG->97F*<4zy+*dj$WY~CUNq$+4^0EU+6w0pM=9;4;*(&Fvnos-
z`5i|Vz2OQG(qy|s2V|s|2?j)bipbors=n*i&AYoHBw|_I&NY_HRk0V_zVDk>@mCp@
zI`2G_U;kn!iE@yeTB?gxcPI13DZic4b=qAPBT>P}@!`;gdbdeeyKz1yzO<={7OS1{
zA42Sc-H%<o*ovx^o=LgA<x7n*nh&9*WXXee&Z_QF=Dom%n}FGq&Ahd7D7qo<DvS!z
zV5P54?mY3$5KvneB^p<E&2eo!B}NAh_Am8f*3F_)%R^P|ixiQGNEQ>br$z>v1lRCJ
z1jJJPae2{T0;(2WAvn-$@Vla|W3dh!3H_f`;)vVSYvV1S+#7|)RH>9+nbTI@vrgUK
zT`d!Ip$S=ra5ERhkx&f-Q@SsH1^9+J&!kpJ_=$^PPVd?EQqp-$_4dc!$tM8X6Epva
z0+OCC!}WqI*yDQ;7AI6Ru1GS8p6egt-f5x5&+?I6tQ`t+wxTdevq7KDIpL&=FjU`K
zuCc_YgpboHg`a_Qjh_v53%;mWREuN7t&&qTI6RmEBakiS8}{Z_CX&tuRSF5yrU2W1
zfCz){gON9H{;R%X+;}6mF;Sj~H5jq8u9PBlJyT6_5JHJk-Dc(#Qzr{Ls+=cF3>n#n
z{fD>(M?a%82FMlnkqi4p;%gf&NCDl05X&se#fw7drQF%CMw_XLcZD%{84{`otuPQo
zC<N7B>vqGZ_cJ$!S5Lk%&Z3`gwmHvhR}DPQv^iTYRFuMkMAX5C^6FsJ&|RUZ=lLOc
z{C$_fu}`QNrk9dwNNQ0ik!=z^#T%{>W^0TbCZ7pB3UUG0s;8?O7GDN<5Bb;Sqw2j0
z0;p_7g4M`U<d;GaN_fY;U153I7rf3aN(N~8h-jS3r16<rz~yz2@Dr@<Z9A-2z#o-k
zAN0(D60<PUT-mGaNL(0ltV<;NQYHy``rugs7!L#+h!o1;6H9gtzygE6`I5h$&?k>S
zDG#>yUQDX!q8J*)5+<Z4lZ!?oUC;87eBRXNWp3duAtB!fdJxF2Aq&^%quLTTz%S)5
zeAS{c&xB6HR8z%X1m#kfmPv($lNfAY^V6(7OITM_Vpx0Um1^r#e0rZ9HJX)%;rW^}
zfy-2SlI8J}>5kp<exiC7w1#ZmjMM5B8m|3EEpB}KhXqa?HvM;Q5B(bOXGaLwI7N)>
z`G2HH_>j$a{Po5(rj_8*6%`ZQYh6jfWaX8x0^0#c<bO)y^Y1>CfisdTP4(k2unnDN
zKyY*gW4yW6v?*|GCqe0VWMg?K)#j9n(*fl2pHuff(tm6AC@&@3cC{$VTa&gMT|iB3
zv2O*0e&5OwSt}+}_guKuR#JY$)OJuGo3N9W!KbMMNo?li!T5WXaxE3A{2V4Anq!g~
zv5Q%9ws#*JA7RT2l`e2%lM&Wx_>jaBAn1sV|89D#*v~lx>o0x!ymnTGUWKdlAK%6Q
z^<d<{!zY64#k6sxdRA!7<KOgTeW#x~nxTGd8luBNe$jHGvt$A%Ix{^>QnJ7Vi4Y?J
z-q6k$syY60nJ|ElueA26dIzf&!x{riksCPDJIJV$<|-M~>EB-A45LK4Z~bQY#Dvq_
zR>81uh#b~nJ+k+|zN&vI8CuYp_T0hOlI!(!ZNA;bXY3O3N|&<n_|2z|N_lJIN?!kv
zD_@y67;jHbWS$qj)oU#glgn$iVgLWhUHr$<#)Ob4G2JK}f?5PA*-oZ7#FHH{ON)9c
zyAUj}Q3>ZyXP%FeR-W;rpN|ERCgkvc?n_Q0hWh;)Ip^IB@2h4hT*uyO<{4XOrlb6U
zMdc_LFyB+K-1^ENbhdzBSdpZh0v(?q7={Ok$11E;xe8?gprx@lwo3jN$u0;PCZ@j`
zC|Bb2JZNq&MgV$PM^JvX#^~ByCTQgvo3Z<b(yA&3t07lntuZ~R7>sb|o--}#X7xvH
zjUNOKE&IX+*=rt7Q4D2C3AP01KsptHErjzFj&3^GR?4z#W&BxGw(zG^LcGLtIyZ1q
zrt-&ri44=<CfP8%T1Fa7o#Gi;P;@3Pz~(_9hV~+jU}eY&x^QPOeCf8nQGt+bKR0iq
zwwuSNfFixMr_=@wv~-K)i2m@Tn9*<1n*#`Vx>ZWG$LJxZFrreCskhOE-NbWbT(*18
zGGLdK+t<B%oECu21(sOl61(Pd)Z5c*^4UU1(~Z6SOqu-%<FerhA8YnA6VKnK*Mecr
z<-s*o)&>pKthAGBG%1<Cz|ejlP)2sYr$_eO)p<2Jbvk!^(0cFP-pYuA<4+A42lz;_
zinNRxgJTp0uP}0Ub05{~i=fHT=SY(c=wjY+_rY0pMKYUii>lUuAKkVPnlZ#>u8#-e
zpd9iM<@$`kf^xZBBcJ@vvJF<FZkDER-G#zjJ9aHHmJGO0YgTj?l(^*j(o2q;vnP^l
z^yNxK811NY$)Iv(=5@j~9Lvt3wzBuX%-HP<RUc1R=~3?H!#lEk^Rn4U_<S>th>Cj2
zKAVj5OruNbxe59DK<N-?MAE*|d8V|&$_DoHZJT`+H|fCodN#V$pd!ML3lm0z#}4hs
z<Vfm`*pAnd(yH?e{?o8K#)o;7Z*mVD9PWAb!l12cy1t($&B5DP8wX5Te}#00pFVA&
zg5=x#l=7Lqy3gk#(WtE5pyT<$WXy)gS>;+YbWO^(=umuq2T6zZGzYuUyJ|NQl{5dM
zS8u}H9oJEcc&#*@n_TO587|)vE^YI448NtGdXNTVzM}_~O!QSy?7DOo60o@=7O8w7
z9^EZ@STnouvsyx;;CDR0ujx1F)wKLReho*ly@+Yt&nLM?^@!5?-c5(HUiZ8cR-Q3i
zwMtnXihNOu5>YdGIy)?*|3o<UWlA}3D5)?RO;PsH`wI5{4tt;8%IHy3G<n)TqM#$Y
z-E%5uonMOpXPiP4W5<b}>or4?u8`H;ZvTlZOd148#xgPdoDx^?fc`8*sIeh9y!}B6
zE(kgW*pwt%!-0cUm$OOVed1zS0Ha*j@y^wJs=8U$)~wrk08^Lwj9#`?={U{xprz7$
z3iO<6MT4aCMt7?2Y@;_p*D@wVvSY&tDPC)VeubfS`4e&Rgfo#XIbH(W{1ergt;Tl;
zML}@9Hg97#VH*k!fQXd4AGpe7rY&FIImX33F@BCoCtd;QcE@BOT_<hB(~EebBA-Eo
z&%t2i*<avi+*<{x>Em<Dyk(S@QhFdFWO`D6WTfU;Ja7>EiJ=c2FZQ#8*l;;daW_CX
z_8#p>=+$>SnD6T9(xEwHr;X$dp7L#H{jy&%?Xq}{!=OJH1+XtX*Ju6{2t-hM@H&?H
z^ObK4s)^mK<^p$XqnERbT<S+%D5ZvlY7dBcJ_=Cf6E}4+fnSsFLp4!g+YO)L`(1o&
z+ed2~zA-HjqXr$UyJy@1GtPgbX1+D>R7ZVkHk-Ctsm=Xznc_SI;5_n=ASLe>dF8ts
z#B4dwC+Tm+Pw8omT3-*nuMpD`*1x@U5~q0nFs+nA<vi5^rSejji^dS3siuRFV$x2{
z$NGHG1Elf243uV6--+BCNKdON%gN|xo`Yy(I@780ex+a~f+lM5Z8G_IwY+!|%M3Zh
z@dnuxzeuR(Z!#VI0UK=;XJ)Vauoa7`>k|@-SXA)iP$fi!?^I?xsq3Hb4>0DQF?95R
z{Ti-KxT{lfeLKyzRQk&nKXUduUQ<LR#UD&w{b?pO0syJ86dqp8>!vfAjPQE)CSGST
zp_UFT*_5~%0zRT}mN|M3w|3xuVS+@lNi#PqIUs8RNoe^;4Nt~?11*MaVW+Y<%9Fh@
zMW5KBaFTdx&aza_o5)3R0;#CfQ|#OujoE|xvZ_Fl-!`n5Q-{p+iTRre_95^d5gDp&
zhcDNor-i;gdM{+4(W#0w>G{P^koaM>NU05E?P}7xbEd5pR2;o^g2q~}-{W^GsJE-;
z=gSHi`GGtZ8S-G$?r|fn?^t2gk;Us|rk?4(h@=<4)1$XdhnW*9`WtA*wg)#GgfMdB
z$4+qjxzT_`hx^24r2G+5l{-OU1Oo0n==7o>wJ4R79LwR1HuqQT*=n32!bCKN1U@AA
z?_vV0z0WN#@2Y(}z3~B4+*jZk<HS{8!pHBZ`p+iXC(x?i?lB4AqpxGv8~Us3)_Z7O
zV(w5RHxZ<q1f<VFLi10X9UW%xI-Z=EpFcx@uy_f;psSBv1}h_OwKr1~OF6_R%~oFH
zf<Lf5AEl+@0}RNFiQug$iOp57O9>6UP1QmRb)agG0E;2!IaDLT4QKSz@QdoXh*E^G
z`L-LdCX8&Fg>|T?>FWbakAyAWihLE8eQA)l{tj2*?9gsA{cqNtYyp?rjOsNVYvn8`
zA6{^Td|yA*n&SJQzKH4Uw#AiqSo)w|ttM1DDo+m(o)L}cpj=_aAWSUc2T{iut&H((
z2dJPN%8f|ywf2^4L1+D1h-|o3SwGwLdqA#gtG^0qr{m5P!XQz{a4T1@BACUdEMi<9
zXEE5H6%LpuKZ0Ag?VB&YSaXA^u=&oLR!|Xs$aK_K+-aS3<mBmL)9{!&#&(|LDM_`g
zmn<+hzeUWN!JP2%3`O*YvTxsHJ#$If$_G$1MT?BE&V<KIjCzcWJ?@`JOi15Ph9Ah(
zkoOt|U(RY`EVM;}nz!pG5RT3H6bo(|nxP-u`H0>f7(C3`1qUzqgR2C*_*cdU2zNaL
z>h-6AeBTIyG(R^kc0v<^>;mpH6fScgPzn4O5uiVzA$U3n%h8})uMB+4%~b#NP1u{e
zaC2n;H<c?75D9`y8DZPVq9l|_X1$Fk7mb^sQqb1G*xiCHo;V&?hT?EPI!G{uK_|!a
z;m=;Rjytc@#VpnoClB1t#f7@>@HPzRm3WKkE9c|l{aejZv$I{!uWDd-U<yNTz>Z|B
zIICqbPcPvVr($G^4?C}cWtyN+Pa3guC(MC6f!mJNWuH&AV1eJy;I1lTZmY~obvJF$
z2xdv=`*bXcbb$IYVJ^+`l;qDtpt>!JZz)ZQ0hw~i0^6zJ!*$|xMK32RclG)$u`A`a
zL1cZ-M?^B6+F5mGi{ELQxTmjs?fTn&-<kV0YK<{&aiM^zeJ5W5d7gW9#ikliHLr?H
zjk%a*Kazj;$r89ARYPKMXebce>XW9k+BgUZGW|9ICHC8>hmUFT;SLd=xkZZHv&zDL
zI?q`}(}B(sslqHPZc;lG9?I?HfEIQnyS&#Ad&`~2>88VC2k?<;L*;SoN*)H_3f1x<
zB`MxsJYNFR{q&r5ZVN)hyuR7ZZ%T8wwy|I*`~r}Jlz^*Ngv_%MrDY?%g{^d=e8_{E
zja^g+#YQYz34Sb}J_s*7tAV-T9U@$&zdd5c3wk8L4;dW}4e$|&I#Bu>hPLAQPvZr|
zTUMNlc4o2T-QAKDt`m`a`)9ar{BK<bGc_O=AfF%lJB8d=-t)8p^~V~vu-$BR^(q-U
zg%$r)^&I=q+%9pwM9Cq<t4@}CypBh6KS%CQAsrgCBRU%b13PkJA-U-Y@FC?-pMJO>
zC#i8e5e<yVt6Q_z|6(O3@^dk9Gq>vNg`~Xif4?LFv8}OcnS0^A?IYMtq6qvX?e98z
zdf9#e#Xn;1!8sH_yK~lXRw8VbIDW^9oxNasSRbIjSomn@5(|6lV+%n;=z%o=1g#i3
zU52P~Rt<4`bg(BXIG7nU-NlbQQ~zGmMb=19qR;#shhp1zywV=KJdARLjw>;&*Xl6D
z6o*bs(`4m<f;d9^-bTn<Uzn_|M>w;S<o-fCQ`0noQXcEEvW2cSgW@Y>5)R87?`rwS
zQ>F>i^ZUeS5KISBd|cFWsmD8Wv)IQi;|~N>2@wE)6DSiKj1<`r&TFH5b{a%E5t1ai
zL;9G~3$d7##wgaon`1oU!zbn6&d(<Yr(@qqvmFLD9;kL3g}HQ4BO4t#L=LQfZzJFJ
zpI~_^;jK6@llQ<gLFU3spapk%zx0{mvC6F<lV}G#71bGlHdzO^L-?u#D=O&B&CNeZ
zl8i0*UN<N00<^yRG0okxRF(%pnY+0}LUM-Hw$GvV-^tMJw1_qbEvlU;7ERQmZ+jxp
z9di%JVwNT(timw}2edO|6r8UzU$A@IFsV50a7wzL*`6|j188z-A&RtT@X<NxgG0cn
zpFFi{qdzxReg+3~n%YwY2xEa}y8yoPZJoaFtUbk#;-1eh2QhZPy?tLhH8k5LV?&6i
zOXUPj#VWnCF`fusw;&fjI|L<%Q7%%>$sBTf&d3Hl^F(XZcXE5AQ&{nyw73k<qWI3t
zP$*y}*8+I1{iQr-qKBi^BBHw&kl>sW19~0hN7_ia4<1H?bfmgq9mZ8})Zp)r5$a&g
z5-iV!TH)Eu`+BcLr`rv%zoQ{;_5?cABO>y_qPVxo{uw2Hy>afnL{!np7(yTy67Kak
z3vLIXb3&0~Mt&#uOx6zkEwU@?Y+<=G8Bt%EhF#V@jH;IFSVSKuSL9*Ag&)oUZl(9i
zm&pz?D<d}zG2sbe(POS#Fw(yR^}g<)-Vl(IlT?E0y3@B%IB9)<B%O8oKeQ_?hstx>
z_$d&#SL(K^=2lHmqAgESAQFY~(w(LB?L`gi$bZcDTRTe9Kiw|juhgA=WEmKqvWtqQ
z^q33hRb)6N<Tt{b0V3f+fQLef$Pf6KBRO`X6e&H)vL<pcEc_$qgGcPWgSdLg!!abd
z4RyS8{6?IS%ic$UDogl4YOil;>R(!UjSYp=1Y`gwZW`Fi-{YMUh@?J;!9EldT(!$g
z%3}|4jI|mc?lylIU~q|IRy1ak4H5lx?$i*uQSjydG)XO9%RUbS1?7s90KZ_?@7_4l
zT!fa)LwMkdb87}(_BNzjII{q9GCJ|o^gBdIK$oBcd&UsqOX24lB@!PU@3}}*A(M*K
z0;(>ZjX+0XsbqH_p0gS_%^?^{=r4iaj_3t}$SAbcjl9_CzNa;!4s7YA8!O|85jh?3
zj9m<UUm|ZQdo8$h)LKO_+on$Tiu<2998EF$nJtDopwnDld}8lQhT8*_KN}5v!Z#&#
zF0zZThw|UTaN_r+q$6~Yp7GXOvbOYOnINL`b5j&J(u4z&XPD~wxJFQV63eVKuT6&d
z1@~+~DOEZiFV6YSOPy(d++sIHV`KQZOlm!ML2CPRlfuYb^T&WBL#bhk1Xa?KlT0vK
z_-6Lv_K)^UNC_BQ>iNJZUU^R}InaH`Or^(_YK}J6ZKho0;h8Y~3?9{nQXHk@AC5}T
zM5dk&_&S@ENve%DF|R&*q>X>IcPu~YP#Yi3JC1wB8^`8eEZi+@z@Eu?&J6XiUD4S#
z!z1~xHaxS#)?WS?u!Kj~fRVa5KP7E$Hs@Z|hJ?05axo?b|8IGilR{?uf?Am<wZUm9
zcK2#s(1bv3q+x+45w~x?9tZHR+rxm6`tD~FyszfyM7`U_1riqhpl-XWJDW?l;oYC@
z%FSgk6dnVT$oRUuBW0DrIxNNk9Y`*OlsGbX#A4}Cd(BjY4(1dE&<-r&y8de>{Y=Q4
z9Qc-m>X06m1McDRNg>;iSWBG{j9(}1IvIc0#*eTWaNolpk`TlCz2GG6i2N$u)&*bN
z<KAGzenU)K=iBMqRZ-0HaK@?Bo@`^`mDqDRb?trQ`2O7@#bYy_Pdo^fA%djZ;|u88
zs5!9S)`Nn-@hrzpQpc#n>(t#|TYNLG`pKQhtYp7YmXYUZAJMwwM8Rt{r+Nr3Mb-TY
zOIA~@c>{F5yME|EiiWj0*e>I%sHG=eJyxs<+SZlJy2jm{&i1+vyLnhpk{>jiNW}pE
z{cWciQa9}-fvZ$O%PhUv&ujtKz{n{43|0Pp_ZW(JifzZR<9IIli=kfO3Ri8GyVPXx
z+{H}?c{_Orju8&Ke|l)MZDRVQ>wUM#$uLd@0)Za7hiPeO_Rx4Q1--@+sjt8;O95S7
zU4VE%z$5BLtE1WL(@}QJbUGVtWFbg<GW>BzonTNrw0i|xy7EHw<t^9%&4!Pp^08^S
ztH$_Jt+GwnCR%>bM{z0FC;gGz=!1@TO8Z@BxDiq*Qi0x|%e<>lRn%x^qGy0WnA$)_
zrhUMIa3uN1uBjE_B-vq$j11c8Dk{5%VbyPFXttIzzmAWV1ALolp%3bHRaJ4StE!@x
zmzIWvUwtlJtOw82E$LE9Iz1l{sjppAB@i3UElP$3ZXJ4}=6KcX)mw&1WK&1k0VzJH
zw;iKKLcmJ_sn}+HM9L9DenJaT{|;CCp<is?eCw6Zz^wF@FAaaV5SB*{KPJp?lBd`d
z;FnTI=sOZO`Dv?A?`qty|FLq!dxP;%X=zA<pP@TFQ{$*-Q8R)DH@}=HQo&q7@Q&U_
zWk8LmD+U~64!g?w+(6eI1}QvvTh63>u2_<?g*L{;Z~V{kh43@+UULx;;s#81JAzl@
z!w&iTSX6R7!z8}QU_E~9;OMz%NnfNs@v{r>$&1U^8Js_ykU>JIpW<1ozRTgA@_hV^
z)$h7U^M~tpW@hvx3XpY$86rdU=!~{szI3}_S;cGHsX}F99vNQjQ9;u)e2x#{0XV5f
zAjc;2$!d^utnPZY;PiTAioGJ`;J^i)WP_-cW8oXk%Z5>l5o8gWXW>uyrC}xGEWcA`
zi)08BZCWI(iTHP9=u5k+t$Y&L+VG*HR*efCRcSm?MW;0zuq&;zzN?9kLW;{VBKrp*
zz=I%!KwR%X6fiqKfudOCNkFs*H=fCnC!0VZe~HrQ^p{Y1@FXZ$Eb>#ezND-S(>f&p
zpI~OD2-Oape*<G&@Hp)IDsCVB4!*&D^8tb$9^5nW>0eC+DudyiQZScBkQh6da%cT=
z@>J;eqV5D?;nzl5(vro7V4lgP!>6UtZ{CWe3<wAB4E;OsC`bCy!!Khv;=HUFD9vbt
zF$~VCA_~k!QzOxgx_^vv@NjMNmCq5&io`SH!D3PGt};ovndQjWaYcXN*9X7<0{KoF
zgaqG<%Vb<FS7S=dmJUyh;B0Bq*xWzAe4K~yUYEUamyGY%jBy9->+7VLu9Sx0^NcY#
zt%KpD=p=!t#!jJ_ra~y>5vCory+-;qk(o=OnRHnVx$fV7&mKbHc1p06MoPrGLOxF|
z1S+U&SH7Pg7^&zmacSkUb(8br1ec1q$&l=%_So2w$jFIr;hjJYMlQg!BrC)-YrBYB
z@%cbvQ%RWWv381{fMPnt<$=iL_Bz{pCyYfCDofZs;^3kC@67h^C&6{WolVzmm}hBI
z&*R*Xcv3UXzfGC~S}tOD_ikBFe(hNB{QdTLxaMt{#52d-%4%RHLd-zFq`G=IiR}t4
zWx2qJg?pxTW>SDv95(2@e3J%v)3rj*jT_o}J&R7oQ_yE(L9#mr>GxR9<PpPw6C;?Z
zE(rgx>Hohj<eUV8ovh*Aa)kc413nX{Ul>fS?$(Vn1khG@uuva#KUBwj7M&jW_htX@
zB0iAYd0>EtKe#c$al-#u-hUnE<OMy)?Ss`C^#A)BZRq;_{U_gmhb;g1_WalROpsY0
zAlP}G{39l0BSSw_vCKIS;RtCnpL^AA(N%Ks7(WT6KvatOn}8h1J9X-9R+%K)4XJnh
zOP`}2f$pqU3AA+*G)k@Bz(*<X*E`~@Hf_|xkO~TO3N5qh-HU~r=FQRr0D9%X1a(w5
z;{04Y%(yjVu4AekYW^`?*%T_Ez;~1-b;-J>^=(!(Q&&nm*wt=X=)9XakZhBr(pgqB
z!PRmb!etwCP5$vpTFCRn-3e%*1?T&2YSk7D1d7UM|EQRt`ln98r3~&>tfW1`AyZC`
zt(5?1-hit|9tDSYTYbqZi4Q~vDlzW3YDB$38X3BN8++7CKV$f>sfa=lwQ&}eZ1Pg(
zYPR<FmJb*&fCs4jNNra95K8m*VJfX@V~6gZdY(0i=J;y4XJNyFbo1dy$NRnp-D(xr
z!5q0Y%@>LsSMm!uD*ST{oJ^2KzjZzmp%?2RLf!MD)1mc$JIp$$Ro@)!(p9qmsr!BT
z%UV}H6QiV@b>N0TPC=6WsVhvi5uqZ-p~d5RwgZH9Bx&Qr8up%sjfWAtaVE{(C4SeB
zdAkx1r$iI<xjS1*9SJiOZ_t=tf6E;QT(&nB34__+rT+yk@%-fce%gMWqh6bcGKPkR
zRB;Z+72ITBS$UVU)DH>h$lGPPIE9Jj>+zAHY3jie=$azf*q<wM1l8kOt!R=bOE1o?
zb1o<G!q?miwP=U%&~LZhz<;eEy5O^<dHB9ty%n3a>ltY;sGzC>ZE1FoqQC<~2`Xyh
z!QKq`3)^Ne5&nui`?0$N#1waL)$u<J-QDMq_b>gypXKfR7lA!N7c|n@(XcT=A7JIJ
z>S1w8edb6&rSv$}`lX9FC_N_2)|&Zu8UI=hH!0-n-8KRvH^=I?zn~@@A{f*p<m-Dn
z2mA}wl)u1RP*LkMS^cAJES62QqI8G`v^#-8%T&x%XT?&*c5>8cI)K;7AXc-w)hyZS
z#s!0low+37Xs@c^LA*bL4D+a+njG<{T}>s<3iruJay^g!bR&3d1bc+duzeB^zcx@>
z9aGwN$q!8YbSb1GhD$Q#M(sPEG4L{f^@n}lzl%ErDPW5;C&6B2g1!ehj{%byslj8w
zWlL)LoiSdNj@jA*ZPp9{n~cbRfX(AIZW9YP|1quN`8usEbfOqJx%|tXdylwWYPojI
zE7dh==LI_waaA%aWj<y1Kr9b@m^JxZA8!2Qf<!dx&1wgi7-#E7XD8ll$ZmSuf)D)M
zx|DBD4WPPk2YFAJU<jQ{ph9)`I?LG?9|<=(uH{%MEWV495U=1c?d9(CDmq-Rth2Jq
zg;}0A15+GiP6gs)ED2QG|Fn-8E)4yC;iHZ}8x|sh!4wJ;PkWwSFlD6QAeEWDS^na}
z(zNn;_W%z9eHjm&A*Dw#ORJ{kZ=XIxo3QbBp*dLa<L<(0IZEm0r5BUsF#ww$&;Acx
zXBk)3y7g_OJ0zsLq`SKtly2$nZjh2LN$HRd>F)0C4(VQWy$kj1z0b4H`^hi(Ta$ZD
z?s<=ET;o48gI_UXmah;8lUV!hcinasAN-JNJ%;;UD~0QiIm()|9UXx8E7(3@b@WBS
zPO_NZKWdPjR~x#Sg2va&)|eTxW)YR$%HGka=^QIZnBHRuzJ$`3RKx>gwp%}_)?05=
z+3>u};9cN)1wpSk(T<x%3;{Lyf+Hxu`I1*{Mgft@FgJa9eTMe4oP)WT#(mN8)mgiT
zLqA!?FPaFis4l6)_ivo&fPl}*Kktp2&gV7POZ~|yZgYUtNSP*>^Bv!@RWVQg(o|J(
zPoGkm8PqE-daitoNxwdUzEqmrmooaXs=#7H%%f8~l2tJO$Rm@ciutw{MPIGDp<7>F
zq1qtFNPyHIIY{Meo1F)=e3QNy#`e<&AvXSIB%kL$9wBKsuiNv<;aZ{Q=`dn;ut0mg
z02tD6i-6l(Vgzs&fD_r2-c~^0N1R0dO7LpNb<BH4_X`g>Q{hC-pPcrW<xL$I!wfT5
zYY-{5w~{<`i>4r0tk*K77Ea#h+7&i>g-LfMYL(FUVSdrEL!D#wtll|r53c~uKkpBK
zL)!2yD1*FaKXT>~(}&0tM8e4C+#;W&49udu%*TbKkP+W0O^4fxaOzj=Ua-YbA1=z*
z&LLpo4!9Qlh2e-*mx?clNXA!jK0OcfnHL61PG7&Z8P4CR?x7zFh@fJG&!==$@;M`>
ztQF2-3Vqfl=oMx@D=rI52aJD_hqi76l3G>O@3l1zeP3R_ny_(;vBK8H*0Ut$6$E<?
z6<zTX@#CQ`@ZFe-kkAAbT$NX*S7E^H4*uhY{s4Re3X3<yE=T5~AXoXb^o!m2n4F1d
z6<F@cB758$L``%MXl&GD1H)v=6W&Ul&<xi?#;fxOYA=NmQCk{?<!U0AyfQ2ZnDhvR
zY>TkAls2oqgN(m{m6N5-7uvn_woE2bFroo&^auR7Qp2pTNpD|3S0M)a1&)et2plYc
zghLN>D{=uw8mXhwkE!m<(05_nyB{BL&><+YqondL68cQh7DMpqEpSXicPALR1}_We
z4*^pHGx2#sd^>3kr}CW^!54$Lm=?R%U;3Bk+prFTrzoz!GgR#8|JwfFl2lkBx1W}Q
zaJZtkj}nFKe-rjQEuADX;nWK=Q{{79?ChJ4mce=!f5<|jE-nkKiD?F7)Us(<V`eQu
z%rF4|7y#m>%g(C4T43oafl@I1{fUV1f^~iPdz{ioHb1Q_qijiaF^`l&Efb_Nvoo(g
z#-UGHIr-|Hy>XEiF1RaaPzc(fth6I)<=tw<MIRm?K2wZV#ZFBOQ#2e+@yjF*{U-|m
z4pKLj3~sJdp3*0<uxwCb4&#akFDJMkJJqPH2I^3y017dM-hCB_0-cUT9Do>!h&*n7
zz#-p5{$xF)94<(;z<q&5t{!^haoBba473YI<nxCjgR$7K=rqdaLOCmhW;Z)FcZ1A#
z&@*cW!Fl7HQwb6jio7+c@IvqS2rNCQT%|e5Ew|kk#d`)s#CNz)Ka)AHB4FEE2-8|7
zV^!${Ee4nQJ<WXm24S*8Uuxf?de-WEfPD_rM~hsP6K{d;?(_pDP5X;AqU@Q#wx)U;
z8ioze3AW-fk{m^1pyJ5Ch*B82`=)$4<-4nz6AN*Cf?wy<Xku`&Bhbu(5t1Z_{TxV+
zAJ)*G&tV(3C6<=v;M07t!jsHd2kA&@r}f|aJla)~w+hKVrs#ny2r~^#RZQzNSUgw}
zNp@>ylgt@`Yrp{ai0Zc$!?njG0z_zyxv|>=;}sVgeS@+pMlo6u##HRrpC8q*yT@ty
zt~U>fQ#&Nq7Lmt?hU5sbgrh>AHCHP-sr&cNucKbuKhsrpU##ApKcE0YCNV<s2)5aY
z73zEH-=t$Yh-*E|sIhG)WNNkv+om8w=lhc((;w_=S;X{zQ11J_khr#zJ)i@HdR^+g
zGQyZjc+;+Qh^y@{OI_;l!8H!I`)5{fV06fh+G6gSaJrTt#G&F|c$^j!R+^H=6eCsu
zrL&KUPyTTy9N`BK*+<76a!VzR|A}@CIp8J@N1whs(Z7XEdM7xGF1<K7qY{1_u!T{d
z=xFa`L`Ck1`~6#n%2R~b^y9MCS$CidXO_x=*%;$sCh~u=oxp6p3~_vPlJW|ZCr5z&
zf(}bTOZ*ar9UXL((4+saGZiWFEoKBF!TQ<+`7OLl@XIW?cochkMlC;x&)v!aDdwHT
zz?9zPN_22T8qb<sGIQp*`uVVGun+LSEkFvce?v<ZGS*hb@Rkvk5!4FL4}zaMFqxU0
z(>x(QzT;%2NpHQ~FWt+_i?>9b_sw_hns+~&`M&W-<8|K>GJzW2?t3F`D_P0&^oI>s
z`y(^4<sS>hN}v2>Jay+!l3i3N82dW*Nn4uthtl)5k!Y6rAx&3_d*~~b%5)&M9ipvk
zZ@F28+f8%9$K~^!ui|$H6o7?38f*U04^;fltLB3x0QS>7o8R$-=OW%lVB;E2Z$E16
zGkq%uOorDp1mN+a;cP5XW=aK#meeLV%p2}9s@#qOYZ~_Y0fF4fZ)VI;um>i$SQ|$8
z{t@RWJco(bTR%RFg5;`?M3n%e21tES4pdY1O7*9eP7^+Wn#C3tmWQJE)gF1@t}vn^
zw7hxl4uhu<rtipG<VR8dZdDu{-=%}PMxDJ1@j~M0s(<i3Autj0>lUb3dzi21tgh<@
zME~e$5CGu#DGG{S?6H`cNT8~~(s55lHFaqa+R+l660LwKM2l*#rowtyI-1u&deF8o
z$vd7;iPq?C5(==6a&!kLKk{p1^M;7*9rNva;X!s!f5g$6H6U<2o`i6};z4y!oxnTb
zf2hA>(2hmLrwYmnu-RQGR_yT!p*G|_RwuI9=$eI9H~#`2*iNUaQkrcG6Qdd$4ij`A
zf{nZ`PgIM^q`ACS5sFIJqV>BEQ!zn=Qt#QS{Q4j&ZXcBS#SCAM>xuy&ZdmJ7JdCgq
zvDEb<XtE9D8ef%WD1!L{fE1xG{q-IKAp!Au9)hy1R)xepJeMDL8uz!Ye!)|?tE1=a
zcRXE1Xys5x3SQIL|4Qa`wlsLQ<7?(r6mxx`<Wyq|qRL9uo!2S4DXv9i;bN3VCKogt
zqFg-AEez~P%uN&<aXlw{tutx$NG7`4KgmAzFfFDdzl|p#U<NG>2f@MD!1`o71}v=c
z(B51maW=$t(Kse1{+P&`bT|5ns=tf!g}r&;#^5k(IQ8|0iy$0tF_Gu6tE9-ixsM#*
zYxD7W8-cv$mn`o^`E1PZ0Df?YlWB4T4fE~EY7i4~%W0tU$??EurAQ2oFRMgD+1{<c
zNV)Nz%4g+A2>;LQdB0)~-kC3wEsW(cRiUWvW&%h0bClUz14iKj)Fi+<PX#h*;a5}s
zALpfT0dwTrqj|>LOU}8jbD#GZ@O`@6xR6@*C^XMe+}&#}Jui?>+QD7A?%Ndf$OsLA
z4yD~)qnT;->jG^+2rDW^zP$;n&eYtAqNa(^WY{mZB3+?Z*8#0xbjrYlOS+!%0q}O3
z4hIs--0~C-Fqu?wg5a8E7IcUpsE2Q#EIai>kmnsU=!l>%0@8?J#Nppe;!n}t{$6~2
z>BW;S^=hWPvroJPJTw;si(p%9$B~cX5>)-`vNvg&t8x|S^$>cg=}uvWCnQ9pGHrj?
z>8JPIa9-4g6QMd0a3#vc<S&T!^i{!H67t0=A54SPB!`svV|vM-nI1o@*fl<QCb?)5
zAmu;Cw*}d~@Ip_P<)VkeZxEzo1NSruJWwKU{zBBw)c=%?f2zmVe<UD4O){>~IRGXW
zJzvVxu9WxOekR*KcEjj}->&CGW!<okStMhkR5FnC3kST_Ii_X*h3^`jz(haxE5pJG
zdj)oK0s6(p;PGBoO<6(`U5kUJHJvW7za?~v8#PTE&{IG6Kv#pmKC!@g%ZC0zZGNv%
zKAPXrX)2PetnAtOg#1Q(2R4WEBeT{-cJP_w-c#u%;lt8y#z!wTOyHj~sTgpXLm2g8
ze^<Z%_%%$0p#g_av{|x7D@|ueCK(8Qe0ShX<9qF|B&AvweEw{ltsKsx=U*QWgWNw*
zp;G5t4v-QU$Oqol>yE_j17z|P_cTpbM7}U?BH0AfMf!_(v+l!5sV4mw{$=S>llV2u
z5;k)sUBjJbsx&<!d_lkIh$89}rePs&xIM{qAOm(9U(u(Bq;2Wp)TysnoGqFa%jASK
z`r35Clftrc@d@|^9ABKO&l@MaB?g#)C@#KIqsXG_V6M!!LmMg&t;%>mCRED#=aEVS
zc`5LaX@#_<#~+pT1U{p>RDd6Rj>suKmU9Uod<DaWkL~V`F#{}(Xsg2)(P~~y;l@O#
z56N-xe4wNtGj^JF-|E<?pE{l_fsW=^J<)voU2+qWL04=LkufmEU4QX4Sr;bozj=X7
zK#S@oi&GJ}N^)W3l*iqaEf=spN3&=bC+J3v6c%kB&;*i`%ug*nJ>>(st1V9`i$<3)
zNh$aaW66dMXvVzzBope~8WXyu7MnJc;-%D4A4Wfek$f6l743M#NVmlD=@hKvf`Nu~
z&G<+(oBY9Dw&#tzq;^idH#h8MN=GSzQr4lrv=--$>Ce)ND(`n_*C(XfwQWyU>#@~E
zu+ys+s_oTQSL1+Q%YIX3Jy-|NAe%)N+#-BDBP<rjr*A?hoTO>20Ahpt`)?~AbBgab
zqY9q-_PyyI=V&Lqq`e&6$#I)+gb$xSd#OyJ@_q`l4r%?OPy?IXhL?}Ct71mVZ1fvO
zaKuB8*B8Zk_M}UxsjGMhW){gM+m$at;ykRGAsn5N6!)t$?SuB?f8r-c*IW-F(1jua
zK>$x8avk-#{*0h$0U`rnLv|wj<+#z!z41R3eRs?Qia_1xF_vOjs07*Iq&Y}fTfk9}
zuQAuXmK&up$A@80J{-ik<*vbTYkFbd1U~fP<Tp%NzPerC%t*s~gKKGGlDfDn#M89}
zOCuayD9@n%4wd(c$bmj^lWgaEO3dJr><h|OW6TGaO|3oMbBGehReE5s9zhg10`MsE
zr$Rb@>!<h-KSf8RpT|uFniHJQEt`XM);vLyx^~jRtx!Xca}S6V)OI4%N;n=BH3kg$
z@hU&B!zAjQwPTfqurli@3$iB~1(4*>I3CV4{k-2kFr;*fcyzjQG`dA;`EN_ik0Cad
z(?$4XInVkQ+RHUZbzpLnkt?!P1Ebs<95O#obK{-)9{h;F;*OufyTTYL{|%g}ougb{
zYPFB8%NrYZjH-tN4A@Ph)rG2DS*+$sUu@kdQs_wZSlv0$2Ao=-n4_s|(&UD$owOQw
zxdzxKR<Eu9fmKBI!r`rA=E;8xV;otDAASpCdXoP~7}H5~g(ASCkMriz@KG0S$Zy$n
zhj2W1`(um+JhbMJ#8ZtmWoSK$@oqEAv^jZoo($S|%ryj~rE|IG^A8Vyegjnm=Ji<x
zNmwuUnZ!5lXUYQ00rPG{BF|XVcfS4nWdi^Z2#1tkq=r_|?bM;R5-$b!9wT_zfLyhZ
z$a8w6;d1TUfbo*-p`aI@#@rv=t}{C>-V@|c{09w;tG}KlOd2MaM?pY49sH!ubF9yK
z*CxG@Rb(>Yp-wWa+>pRIz~OiREbU1En(+Ly2$fZ(21Dcpx81iE?ehL%5jJ@`TwWsi
z+DH)F_ZfdAzk3I^Tm=6Kc5DC2L~PnSpyu^me*bUH>nyA^5SER@cJBsWrl7QLIX&YL
z0xm(-LpcZOxm8p@;bXw+^ds(dL}RBDiK^RH!|l<)EN79)W`q;sc3IGENME;CUQmdP
z8*Z24>K%TGIVBVp@Le$0X9pO9`JAjIrEG=&<TAL4HjHpMes!TcMJU>O`uFxNzuX-b
z4qkijiYIa&uluqH)%FAOo;b<DA~i$@I?u%=6*sxMd=u5Ms6wqN#71B(@MLsH!h5{J
zSXB<hY?W#@lqu{e`1DIZ$CdxGyd*43!h0$+P5Z=#d?oy~;Y%rfwyu$Z;3}M^|Dj8e
zg{K?OE0#~9_Ju*48Tc|&hjZPO46~OSqA~C_UW`O9-&4+&4=h6tcwl3+`*wD0`uPFV
zACi}4><!zBYTrb_Oq1`b18#U>?n|atU;5cD(|>QbnToHdTF$AV;RhAy=n-KfJXAOw
z03{5j9pl;q;$Lj18wac`22MiJ<0XTLKLPSb8M}~jS=w&9t||n{fI(CkTcb)8w#WC`
z8m_imy7{^arD0DM8g=le9)bR|jkH|En1Km&_XWkOl8%qhlu3&UFf+ln0!pf24>+%G
z72~1qUv5>z$K<-s$M?Y<FjF7gig!C*4e&0|?ATI8F)pUcCXiC_gdPY#%Mq)>#1tPZ
z-_2K*Uz%KhkfxQ%u1$0`;6uo#^;QQKZXtRcqFFijuY%QaWBRLL#qbZoszlv__FrUY
z39?T$tK=`oidyrxWA$-<7eB%@pa;3;S$WoB7IZ`Mir~A2*u{(q-O=5I_BV!m!=>vc
zswzhE7~C2J=WnUrBWpLLu0d%g3Ad?{&lKv*N&i{$72@&vd1wR#gv}@fq~mL*%1v5P
zfnmhScD$7rUIKk3HURk--lrdZd+SK0wptNR01gjP7%~?OV@?0Tl8nx><DO{r+RDI5
z!W^1FvHC#^0BLNvI=yC9)8C>K3d-&Tb*EieFK9lkBh$oB8=TQrqt$0vmJ(WrE-F%_
zB^-UY#$EaXnF#@j3%Q=wK0|7CO0w_W{Kqs#N}R3)N~iokKZ<Y2md*Tyia5F!QP}y}
z%yDwofoabBN~;%`P{!O7TSit}GUq&8V&ZOm=pJd_Kwqs=sXxD&`Q}N|^;khC8O-2#
z83Dyj{J;TCX9Ez@@*Yj)XP4rNPxWj~7RE<SI?vTB5av3rJ7&ExRm{54$(I1V_T4{6
zLOCo@OIHpfg{sWjAm9Eu-zr17kCKIi4NHR}ah2iMEI75J_*zrz50M559YW&rRRIwc
zcyreFV|Xl%Fw-I<YBsTX-D+^`)@kWQqY}D=P><%?s6I7i`<T2Uv+FbtrMzl&DlhGV
zm!c_A=G+s@C7*@943IjLx8^sdE_d+jzJo7UxT-KqwMBVU&^`M_c~;Uye^H+LP|TA*
zlm|$|3!m}1X#z)+Yel${4+?j#2`P~^VqsT5M#A8@rC)!rW19GIH`??mB+bPia(Ph!
zPLmvK+nk^g@>*5V8Y4Bnt$OfEr{iI<(4xB!n<vE<?yJR)Mxc(irI5+H>~F%TJjiz{
zv-E*II8jZ#O7<J7suFfZcg=5Qyg+C2XQ;6!k~p1%EVNiAP<>Kb+6u}!OWG%hIs}=X
zg7;JIL`CZRc<0DLTXX}i*=r!W^eA}-3~oF5@&ZoQ40n>!%MEW+%bvyIkl+33%sD!~
z9!n?68S2KqfCMV+#Y#;c`E&uZg|<DnA?ag_CoJcCbyT3i8hiS5JhcNpVD3l6lB6>9
zf3(2fnG_&u`Ih%GZ*ZS<1pTP2e!$ohiFAR3Lb<HJ3?d)iph)q{$$<l3p2GV)<tWgb
z^#|P?3J7uhmz3kgE`GE7f25pg%YUPrsPxD5Z(1J%DP!cQO81i>1<{)Li`%B088M~)
zhnK^cl(XxoPoqm<?kC2MGAgvn>Ck4j5;iChJsLu0wPQ~G-&Rf-w*<o8&wOQ{EeBqH
z7aShD4eb!&=Dp;e-|z<YkC^ipym9T9!Y<579BSG0y)Iqm3vm!EX#5tLa}C@me(vHp
zM;(^QVzva;oi~taz`LMw5*zvmjXeRu30fd58A-5f@}Dmw7_b}hXLp_=LT<A8AnEy>
z7MNDHvAiA`(*8LkzH=BWF10uQ{||1sSqb_hmH771prifrA9$k`Yk1EI%N0SgSz>>D
zXy>R2u9oU}WjBeIEQJDP*Bocs?`BYky2WV|vrPV=8z2+l*L@EfyO2r+Zr!khQGc`Q
zvC(`v>faTN<Z&$?h3_;Sy=F<RQer!J``YwdqyW88f9aw3egjPB4`fMQ-p_o~b9@Q<
zV>Tc2O$wI#(}5z**PdVJy>TgM1xf`YloCz!^O;B;xWis}|066fjf6E3Gr9kva{TTo
zj)s8*YdEf2jM4sSH10t|M<>21>qN~_AZ++7-R=B=&mV(K`D!3*NADllV!RPLT6`kW
z+U|0px~w|4K2H1_JdV<hFaaNC1X2xx!!u3d5J0TBM=4xj5cvxSZ7h@9@R!%+_lxuc
zaT`uGjKVtZF|@3%sMa9bVV`#c57m$bVYXI;KD(UxP6tKZ1)YobhWl#~L6F@jz%4RH
zkG&N(FK|3p>78*ebS{XWJpU8gs?Up;9*aSjFf51>#@{`Ge*yy#l67L+S#^^RpbA89
z&tqE<7zRi1*YWu8|MSTWW8A)b2dOK%+L6&fnp$8c9^OR=Ka~NBJ6tf&X%r=)CW?!P
zQl?W~Wv-0f>L4CNUQ5u_>4}bVSR%MxN;AkJJLnUK69ag;BXrPu7EKh-fIpBmm?E~&
z?DCR~hXSjwEc6be*}p&W&sC1gp_o1*4BxBsmROkw+|CO9@Vv|geEib4wRscColt*A
zsI-`Zj@;%I8ZYk$dFKU3RK5vUjGw;5e;~y^2RiG)ZBye^wvV2)=!E=rmQ`#tkwl0=
zf}n(Z=NyWr6@4hH{$&b7o~JH0;W%FN5&0`39@LKu)EJ}wqGl6tjnA(b=rcYLGyfl2
z;1?MpaG$4eVHi_$<o-;lhla_|G-OWwWL*%DB5Ze9C-sdJ?5C_764hY}$btDrI~IG#
z-o`#gntP;FMS9m%w#3QH1@W9__P{Jz6_Qr%0oR$U_Po~I+B5;%vu)xWW=yKccVlp3
z62fptL(DFIHXf0n2$=tnvwxKO622foT+_H53BHsN`R@Y^mKh7auxIsk5m7cQUt0=n
z^&$c$U5kE<<Cy!cq9Zq9I;+m+32;;a$9#l=^k874XZl|&-VW`G(k}QEbb(!5azZwL
z7K}qf9~>^z|Ky4HwPo5gP1vBL^OwP@LpSjBYU?F#XNrr#^HMAPwAKt7A<Nk#E6`?x
zN1UDyf&`TP&4~1NlaYrkQzGN0LJP6p&;lQ^<DH#>X|Qkhvx8t<gJ|YT0>gKC2VA~9
z4}V)p;sYJ(CRwoOKf_ixe@j%_Ix-<1zw|LJ=H32YNBAv;grQO}eXm;LP*ye8p>%Ol
zzlc;d!N*FO67?0_bSlyju3FvItje5m7HJOE?1zB{DA^lF(4;Toi|EoF%=Ftn<aR2>
zh80A9iE?Fr=_h(ym#G3{h)!I|-r3F&@ZZ(;i~(5hyM|kP{T{kW+g+YW=9tg9(RZxg
z>?%&kC3HYnqrJhMzFFd*f%WKbM89Aw4L~tO&Lp!%O6YukJeh4ca$?Y1Ge1n#C7+B;
zf7AhN#{v%;>RX`w-8Sjf18x4xLq}O@7taIDzgbmO?%%A+6MD_g*)=HmvkwDkp*ZkM
zD(w5pS&Ir@`$1fqpaC^<iO&2NhBy_c@giM)!BP9j^VY2NjTlhx{AAA6DzPm_U=;c7
zTPJYw2BNNsDvSD>4@n7O_oxrB7rz#i(w0hJnRPkS|8_ODdtyg7q}|$Ap+4^vECCIW
zFWKtfQq)3Xnc_cvBo8H9`j9k7<1I(l8P24UG3pnQBSTG)TUlDTJ(Fs@#p^oteM8}D
zub_LZKBVm>orO2<3=z<9Lvom0a>sdu!@R;I^%iomRaBmy4|HyAne&7d^=BoIIe&~B
z^-=E8X=}|1**BH7Db`kJ2$>}nBw3r`pm32J-WJqJ=8g3h0*xEE>kqQ>0AJc9vNl<(
zXXjMw)Fm{I5}9Ce-*E7ZGCKrF3YSiqg}(8IiZy7tHf|k<bQ^ggac+QMcN6;&)1?Uh
z#kcS2t9p&HGbGM$&`vmr4cV-8!HS(N>s+H~>;PXfTxsU<n{=iQ>x9LQu<Nw(S6i<S
z95<N62w{Myk!Wx=nZ-9K1@oZtkGEX;!s(Y8EuXqnmSiJSH0u!9uG^;WD|+M_O?OdD
z)i_tdL{<`*zR*%3o=Ma$cTE$*oq<*K56F1FF+>{Y>HN-?JgD43j;+}6N;i(vf5{^I
zJ(GMHiA!W^k&gtxaXlH?scLZ&|1eBH2JmiPj<R+s$b{~e;)@b$H{?(I{<aM?z!koY
zNuWm!0#4xQq*#4r8DO12eQ8J(I*+w~|3mR~NtWMFEcPfI`UwN8jC?fkIca8<8}q{h
zK+bER;r!2EI&dNa+GYqb5`?{cidf*p#%U(rR^2(sU+}j@!lg0=LT&?q-t}DKa)m0o
zHWJQQ<ro)C<l3*aFpn#27Ik{^UGKa4Z(+oJWjcn>WOOB(+ocevNQhv2Pr0(%75I{#
zLGQj|0>6%H>}7lx=M=x{A+QZ*mcu!tTs8S733Yi*ghN}cyW<60te+btW3-wA%|f$7
zZ2NPT>U((~Dvwl#@}>xca%-{1V6+je&<~cZE~_OQ*8018{E6sx^SWe(h?>I{_<tC4
z2GXFk94Kdx)-Lw-)^f<igYDqweq8ZtYpT==5a+o0yog^EV3qP)jLFfRVDFjFj4QsT
z{ah$S?`>k-;R`n7XF}cxiWkiEkw0sddfIWt!E}n_2FI<j@TSBQQs$~qOI+SF{#h`<
z>3v&TtKY#?kk}D|$FZwTG3jla9O8$&rBD3KWIID?CSwhWA$(K>-NfU4w~J(pdP6Qe
zZEw%y58TMS+<rNwz9_&G67YGasAX(zScTjkRoZjoNv(H5z@&22Jf+i@49SbL_I5Lt
zR$iqqbU$vR{i%vpKFpB14ujWA>ld;}Ncs=5=t7$e>e$1nYmiJZ#KT>#8w?sqx7Jlc
zIy_>nU$F=T3-%ss4_I^`!aHx!srckpQw-XG!}c{SuZq%9xRFQdokW99?JZ{CRpqXh
zsSbUUp+vv?0{N3dT&|Jiam;RNN{mXA?TVfJw+D<6b=8d%$*eayWxkUxt@&2PpTwEZ
ze@~5(y8MwmOdAp&7(KT=ndt}KTyaN-StP_gP#``Eu`6nZ$D{eD`jKP&o+bmsMA&2?
z&3;61WG8dSZkBs>X<U`NWw$9hoE^Q+&3E}=ip_H=qC)s_w_P<s=@+~|mn}t0cfYmU
zT<v9m?5h%JS=($2Fl#jNy??*rAmeY1*K(S?@PUQ;+{?$VHXcOI#UW|C|5?!rjF<U#
zX@BmFGjc55GH{=?3o7E&kFR%*ZsC-ZN_@Ti*aH_5$dw!wz^9P|5f??QF-XQgzLp{%
z!5h4rMB9^F7;8XGNJtQl7$eKBpZSHoX%O_aZ32q4xXT49cgT4kcdkoTfpcQ*k;z`A
zRg}`*m=9(-kJggf1U^w=+=y!85xk0rT<N-=?~XLpsEnPd6KFm^vwX<|mnr>`MGg3+
zn@D+#9Gh!6H2qRdATNxO(_ta<@NM4ZP%-H#F0xiM!az}1Psp&AB_1a`Rgbpc`;5Tp
z(l6x_%*cOCp#8W#iR>m>(7t9orm^{pUSx&NVj(R>_q`e;4RC`+p_xfS-YH>3waLx;
z#8wi;R?@kHL?VEg`d@QgAE$Qlo#0*n$TYEoIMIxUMta+YZPzmrFds(%n0zyBu-#8s
z+3qHs@k;!99%#cE`?8tj6(3L88%<=#d`~zLbL6ju9?J$Tm83|;t-uC)*5uj}3VHel
zE+(!R^^QZ^+mzGi7}9QWfei>?S4f~q0Qg`#-emd_Tj~dbPz#!cKI6Oxfp9YM#DB0Z
zfk?Xf7gK;;lc?p<<CZMXVi!ExkJ8TZFOMyh{cc~=7}Bd$HcRI6Nea24iebs_e60Bi
z-BeBUXOMC~Y%O~?h9kO;f*F$jPJ?2@DdU0^O=wjPi!^r9%H^RDUGLWNRb?VVcL%%G
z?M53aFV!sDD4LZ^=UZEq*x4b(`gzTo&KG$V6^^=uv>w6x)Q4wM9wEw`4!<AH&)}OW
zG(oger2C68C)xuuK1e1{XwFvjK{PLe7_qBu;v_nE^3NFz+aj^W<C-OJJuGfTo%h!A
z8#5Sq`wBsl7wtDL%kovJT&3`DbqZE}WS&D?*{>KUI2p)(FAfL^G8V8wBoY(~!;K9}
zOoTaNTUrIx%d%I$m1JbuzQ9aTXvl=nw~zz6BEYp^A17lEkuX4~jJ-|o!1HCnMf;nK
zm6fEnG86z=o!J#-dePr?<7C+pIzc=4ZoU?Ee}sxMAV~(a;DQUiZ+kZK(A=Yw`t3kz
zsULe@6U#`&$$4pF1oK)Ak~Y{war{+f#wy+H(5#zqK&Z5e3MKPH?uxMst(}%1>88de
zu}R;3UWF?#wUlrU7aq)gljbE)xoi$%RXmbH(pTj@VWJHydw|2>F6*bp(?Y&du8A+J
zum&b-y^I&1O?k`$3&y>|>5lw^==`uXezb3#a?jU}u$B;wRZ@)A#Ui9^r|gB$j*#n4
z*IhOHcox;&WefmNuiN=HE^#-o2>pLt;)-WR1?1pWR-22cQkRF81o*$a)tDhx=QN#m
zd`q;nil6g-z>LZBEr9W(=olZ?b9(4+sR7unt$J;tj(S5mZeE9x&6@^U09$i1pxV0z
zz}X+Ik~k?UNia+qT*~FEK72*}o;aE)TUtszZ6J@pivo?s!W_q5BsJb)wYvIZC8!<x
z@V6%N2olMo;o;s-o9Ptc{6*v37cv>juAwm78!_E4z*a)|(2RS4?89y__B)M3Bl&yY
z?Ez)caaR&lY2(o+<4oC6_k|B8qlF72U(rL8R(^Ul)^tBvT`_lh7<iwsxo&ngEi-_l
z28Fm5Hpjog(xXf$wi-AfcO29E62(k8wKDbY5#{ntc$HA$Sp$VlWQ^*##?O&?_cpMb
zJf|OJZIi*68SJRMA-#U<nhjpVVv)uLb0@_j#}s>f+0A%W_uOOITW-0Zk+0$R(zh7g
z<LU7z8c!#>0>jluFN1G97JnfFS|Bno)GH7@@heo(oM6s>`5r$yC^cQq$y7Pl5#Uvv
zra)YDVELVoyaaFHU>|x5?2nr}8YytpDoS>K=Yrwvj9dSN2mY4}Qu>~n+8;RN*VXO^
z#`|!8@2*y593i~RNhsW@?4dV$NK}=Y4h#I|_HdyUARk8zR-NLmYi5k&;5ZTYW&_=*
zs##ZzFlV@iZWm^!4ZIeSK>?8mzq}Eb2wy7+UX?(UGm`%;g9y{LEvS^JZG1g{^V%7e
z2hO5Acf!#N$jKq*Zsf+|WiIpKbZY>0fX^T!d(GZX#TCZift!~o2-M}*D1((E=d(ot
z`d}x6Ai?W!zK~1j>KM3>j89bXIqql&W}=v@|128!K0#Oe)Au6=aj*yfs`IY{Kt{T^
zm;$S=0e-OuX~*R7zMFu<C6v+X5<QQ}Iy}LlqCad5xMQ}PiTT>M{n*%G(FMnNl@h`Q
zzKQwj@4DdoWwVu%QujeS5`*_spOSj)IAv3h%Kj=?GldD;`O@$<ne0jac_n{2#+ZJ!
zAs`++)gy<U8vm~Oi4`u+1~E1i9G3tXGryd|ar@T?qdj~w*nf7azfeLoF{mmM0ZPcj
z*qn7xhFmk^_VY|)t!Po72=LSiWFfW%qKBJ9%m1oiGXtT4FT_I?xjV$LL36av_^PH+
z#@2$<t<Sh?v)2WsjZqWT8C~YDcb7$8M{|I3elk1U2#Hla>@<g^*=(ZBdGJFj&ukZv
zh^-Vljb8`O9zi~BeT6+>Fjg};?GP$c&jIc^jtyPWCv1^9$n&pHCp3coy39}gRTX!v
zmjx{^s$}wO5L%utY#!^99yzUz4A?Z?Q<lXJxrN)$Uy&7J5<7~nuuzw9Yxr*zH~EEy
z`z55;47-buY3M)CUrp%&LRcAu!t|NKS*zdoMyPxaoifThoO;6FQ#I11k1(Y(=YGAE
zr3Q==n18LHDRL%oK<%9TF~{o+3C@2<)-ckvL#((TmnLv%Hok++l&Bn|AgfrTt_EHo
z)wnCwj#p3EEh3WCUHx}UgEe?j1t*8y_x%zWu(UQsQVnsk)CTV#v}l?}P%o>Wk}Pyx
z-Rczsn5-Uoy-9W@)ub~TY!OR1(D^=-cu*^1Eq$=)j-&lD?ls|`XGw8#n1JB_ySzRL
zqawf1n0#%_Z_Li)riYr3a96L~3K@xKnWY2dbi+<4c6FFnreG9^@qq$BAXoh8i%jpD
zUu=g7r`MN0Wo3#v0r{JXb2pV8mmq@`hpbQU)2(XC$=x$7ShS%!ryY3VJ<}cnDy)KV
z?Ia(Yj}K{Fm+sxRDd#4pZ^&k%s4gJ*dt|i$A%IbHcQRka^>oF>Q~q5*)yPqPJh?a@
ze0)fwI|JEDPV2WkNLVCsj27<chaumPnAM-9$NafkixvRc?zkc|Gx#UiiQ;d&t7is*
z0WeM~$!S4b-@lVnde~7vTltZ*2#o9ChS?t`!K0eH;ijOx-LTQ@wZ-(AxO}y=S-a@E
z$dGR)iCUj^`NDo<uybpMhL_^G$pdN{?{sgt)3|DCf{WH*3I4AwSHO4>Z$k`2v~XZN
z$OU0U8=hVpb!~gfP+zCS{tnR+rQv%b;z}>FI<8aRd@q#I5af6Uu2^wBthY^*vALa!
zph>V#taBlQJ7V|!r;01A@s7<ljIZA+W594`3o#+h-1LGB2O_$mU|&=vaGGP)kKS2;
z?6<Limd1m?@Oyv*-K2F9oxyea2Vs=qkTRiUnV<?#WuOgfmDAnS1J-iOBy+yvUmIhQ
zYCSsMI6f^k^@owAiPyEh@gRUsAbA054U&kGr-4IwBaVdRicN^0V;jZ%CL%kVbKTsi
z6q?R=aLjqmluY~hKQ7EFU6>>0x+1Msn{g=dat%K6kZvBfQOJ&wHiLPcJoUSi17j~9
zdS&XuV*~tZZ6>C6%O6?8HGLd*>*wC;o$||rRTDJt^UR%p7iKtVgK~okp0DfQO*a-&
zMLY$)n_B^iN_;Q5b720-r^|Z2VkQl%q_`|#sFIl`WMFVX1G;#eRh=D91Gx9j-*#yy
zSg_g2*PcpGM?LG6%oSvRN&p^c$4YFDh3DGWGtj%BaTVh55#<1g$$@m+Onl3(V;cS|
zfloR=ZrPe)0$DiBb|N5=#gad)j!dUdc$8cptR_++b!$FYv+C(*CnkO3-QpgZP9)uw
zY>r^L_ZBT8xv7CF{<K)@4m{_(4j+Cb_+Djbn{s1lS<l8#Ahr|b`@NU^2SH%lz`TO5
zk%?E~J08F|6Q$2N1c#C$f=%-?7Yj?~kIb6d&>e;47qeZr9B*;Uh&DfU{^H;o*<0F=
zRiK-7@)JJ;6xy`E^E`vl`0OqzaJXdWuND1r>$y>nbOx;?fvy(OvHOsMKv2wgT>-aB
zRQ3WBy&xmp{rk<CalrktAZMA#4fG+pYE<=N#MAmKJbn5!&zT738xon`&>9%6dLFp`
zqSOqk0!#;Z+y0e-QJZ3t!W&vDIMQG34yL#bF-Q4ocgvV){N5(gxUeVwm%*punsIyX
zG&}TeW&h`+3H_M(`)Moxh^NzPzDoUf0u!So;}!PJ;tjuojRFXq&`|UL!$+8G0*UYR
z{ox2be1D>_)eI<=!Lm&x4bC)P|1hm{d{X2)BQw*nen;Qy2ztlweMy>>^4%<|q~Ak~
zkQj6mA6NC0mjIdFY0=T46h64xJ)ssI9Pn=AyS(d~qAdb8ucfOZV#ynT@-hF-M@pTK
zbYvIl$eDtRoiz+rht4h)(rTqG1e-4J37WX7nO<{l%uO(&Pr{mm6F`*~_-Oh);6^Yp
z3|ZwPk5jac9b~_&ZxQ73!g3p5Uzx_stR)r@;PJl*0$a_~X5Yl4@BJa;Zam?BjveJB
zX!N<#mvO0qg5|<B?5B(38!3xc%+93~cA+JZ#$s)(z#E!kyMm!b$AB+!0f!Y__v06A
z;)C~B%sab9Y=n{b_?1j$yd*)>KL>{NPL~(h_t@F=j{@IrA?$>B#>opI8)4`ABOA0<
zDYK!xQ1Ym5{Zx!ai069VprWn_Qtaink6|BbE$HQRk%r^(#OBk~ciF-ZYzc6j-bYLi
z?MB6AU?#n~Qp8|uaiX)_&<;4m-!AZ#if+<#Nen35DDt$o5X*k(CSMF2_xWl&+hU+`
zuX$AxyXPw;_0-2Cz&Gc^_NK#B#d-N;rsuJI@b8Vu6_Tu2{g@J+GeVG!;yhZU_hge@
z3`~I#_WoJTnPZFSjYAdZMTNBT15t6xsq_9d-66a?a)L5Ig(7k&R#;%|fwa%R5X;Xw
z1Oy9~r%HQ1G@OsKLfrf7rp<X47uVv2Y(9Q~OQyLl8(=>IkIA`ul5BaJT+uD;;2x*c
zv)?3~c&@F~4{7U<SySee3W@Q5*i-FNdS4)hNtB^myJ%v`iMCkh!M(OZ05hn)%J_D#
ziDO;93NrnEZ@yW)WSjAj5Pd|fQ5jC|kCEFB5-lzubt;;?5<LCpdzcR|cxLd0IgD#L
z)i{o3+6Fk@L|bQ?t=b}WblEx7&Bs>TqgRAWc|#a~aPqJczmqMCNH=&%!lCz#e0DfM
z8Da&k7X>k1FjTG#_&ySA*p}O497^%%`EyBI+j_lI1O^Rk7sD`SvCP9u!84@$9kU-4
z*r^c9Qp`HnUNMT}@9cNPdEJXSyi6Uo*RM25plWN^Z{c1b)hCyFbKnKGTjd*qWuHt-
z#@ad_Q{N^P1cBdfhh!9N`8}9;nA9qBb?ylb1p;?E;;6o=V!a=Dqr_{hRNuZ5P()+x
zuN*ZzoAS6h2ki1OUD}?)k&vfDHUYBh8=itg^4omu_dM;5IQ4gB3JRRgTZ>lPRGY^@
zH>BQAs8fx*doZzWBQ;@*!8bt)({4uljIc6*zSP>RAzq!cV0uhNt%vKhd|D~POnoCx
z<g>?~`F!hPdo-0ps~Fl0=e-71x#uChLa9gW&dM{RMhOp{ev_LkyljDp8`rkX8;BYn
zw^|vTxoy9s2^t~cfboch!51zzHQ94^t+rIZK8v=77H0AS8}V&Hu3nhjor|@^$`~Kk
zvTyNW4V6im@%Usupm3inYYw8DE@&lQN+2(!cExXk4c)j)c&VALL|Ib+1d5kM5$$&U
zYG153G|gp^*#^*2e@-hHW7!a8)tP}lMG@?yK)yW=3l2DsEc4M1l6=}z6wUjk303Kn
z6>0&ex4eoiZ}l5qv!F;4#T{WB%h3^iA9%q~&8_ODcHKKZ@643Jvf#`soCH`;$1U+$
zd$aQ~3W&`$bG|cQrY!_*JdcO}uzXt}vm$d(Bs*D2s=LjZ-|OTLsBW-90n}+@ZlPf_
z9Kcd~?RqTM!aB2Xv&(PYbCx4B^)syZoyA;^G^0Je8b%xq_puKy^Ty_3KO#2_w6dc9
zXgwfeK}hf+ls;X~j6EjxhLcqcI-@@+uVjLmtW&g<cf9no^Xy4@-DDnt16YR~4T(@~
zVO4f2@(vl@YtAMW=X^w9S#e{&4BZ}e@+TRV*v<5lKWqlOJ9Z;#fc67kW=uQj4)okM
zyRjy7q!NKslG8&DLwq{I{qb7%wO6HlZnC=~e`xciDjya+l9JJ6OE@qFYa%OweXIWb
z+$&n~vccAC6}xAB0v_v`N-P;=ZN%{@EWHtB*2Ec|c@UVy<%GaM#1rdP=f3xC!sm8L
zwvCs^2^<^SppEzt6@RbheJoQ^7RCEX^-!}B-arkd=0_?^k2~~CPbBp6X3(Xx)4H}N
zTD0&6x_O7q%9J&nR0sm^v$>zeqNkkpPixhaEk2&huc;Cm07otb1Efzs=xt+pV<$F|
zu(!;tSdSV>`wo`A7}w#vCAMcP(S;3T$A8C(>$w?_xQ7jZEl`d#(}&g=Xq$JV1Vw-Q
zF4{z}ZGnk&8?+xwVaMI<lWww1y|BI+5gJx<bkmlcnm+xpWN%`Br7#0oh~Hs=&bvRU
z70|Aw;HJV#KNTll#}6G#k}Ca)q8Y3SxEIHhi9`DS6*)y6ZP~D$Xev(t!vQAyqdbzD
ze$f0Qzc1>!!dP8y*&tL@phtzHU0+n{hrRoJ2fQ)*)*(C8vR|WaNKPZ|oqcWU{O3KD
zM}_LM0s>AEwOcJ|9a4gYeM>!*a3;}Oa}rBdiN-|}E0f8Bs#N7Kb3ElZ8TN9xDS#ZH
zZDy}VA|I0&0Q+dg2ONb<3bJkjj>0)Z*&u?g`K?`{u9O8Hnm90uJP{)W$yl8iCIRG`
zXi86E?)H<Wm9V0x<7I*)Q1KmB?nxLD7_YA8TCv{?7A50%<=?9Yj%|vM=Xb?CmPy%!
zhg><V^q%wC*}tRwaVVD##l!?SB)Rt+Ze0<nPxN8KiH-3W<E9W11dZgPS<*1ax`h8R
z`{BN|;E6I2sf4OYW~mQ0e%yB>09Fdm$pc+{#f|3Beu!r`nNS97l{?6t_C4ER_`Nl`
zP09NVbukm%OzpaT?y}v4$l#L|>{$>5FNb@iC};%vv$h;3mVS|?^4mixJ=ar(J(wMC
zvmc|eyYJ`YCJg6q+9;l<w^CBDH}(anzP6l&j&J`b>k60e`8H>}TDZ$^*bDiPi{L(M
zV#KaTm2<#_1$&(Nl#k%&ig7TDp6<BKi_)Pc(V<Gq1ToN4vCslZR%5riI3>JcGLi_Y
zI=Q^J@~2>!R;Af59PBn2d|*%uQtx-T9Z_aDVUqWTcB7iaKMmnT@`ec|PZYqr$kswF
z7R#JKyh3dliG^|bLOL!W^0XLM$5lzubCDCQk;K5NO`!=9V*qmr8A6)A!(4j!v+X;i
zQv(MlxMf@VHWec)$v6sfrrMYgY^iGu&9n+l*%c9&cKuFha<&uZ1CAaly{Ctp*#`bv
zU&^UeEl(EZ{W|8aP%KPm%vg^QTNK%EOib`r$^o^xbb+V}Or>eEd-tjZ49DlP^Vg<t
zM$st0CG|AH)P8jdM0icsKzA0+H;Aq4Gc4dp?@pNk5OI&%N8qCPsA|DYP~o<pS~kw4
z5A<R=%B<GdW2SdRz5AkV?vtx|lk{2WR*$KY<ve3!IF3h}fb@p<i}lJ(^u#S8E@snm
z+Qf|Bmm49?1(};_75*;XR3``lS+p*E@9o5wZO?h!*}8(y=<dj4RXe42Eo*72rBe%$
zh2{0ObnX%xmO1VjajNYE_no`}%4%zR!R1PZc)l6oI>h6s8*tJ?dPCmBr-To;hCA!b
zZPptM=Q806_5=#h-J>I?0yH*M0M4v^&9_%xK_1ACPn0!~{MGO1o58=^Je0Sm=>@(e
z?FYX5#?)J7arBbL-aGnTaI>|aN)trFo4(`X{!bTRGHi|ZYLPoI*%u7Wnh{BRdkAxM
z_Agmm`)qw&p+cy8s*f_uYi`M>?VBGuZk!F%v{mx2D5<I8_#Oa?d*^xd9l*pc633Va
zB>p?_)@!6&y2!?f_PTS@5~hi%yEs)%6OY79D9Mn7$~C-lLC+d}8A7TWx}W=0%XZ+?
zV`Tg}8JI#|12{};^5Jb}39YMiE{@=$x;2sF?+(FdY^W+j&iF2>N8WVzjdf8RG%#>|
zEg$@T7SiO<eyaoMXa7{xBu8|$dA>vS(KA&D+*4izmXnzpI3Pnp_?Biuyile@lmNj6
zx5`*QXB6#j>5Iw?D6Rz5+c#vIC%e=>anfxv&hLjzqaM@hH5I?f?9dh#ANVp$SU}Rl
z)<4t6Nh=gqZ(oFj0F2Q;Y2^Z<6~;0`4eTvmJk!{liDQ-*v0W7#4W^(T@aI@#i(<1v
znEFr4YgcIPW(_*0mI84yMsbLhv??owk{2kB*}}*=3ZNr!;L@>9+yw&8ko{Tr?<EIr
zO)U_ERAhI2Qg>bzxyJSfQ>VCC5V<S>?&jse0K!Hpzzrek#G^>QSdL{A76eGNImP#c
z!TC7?shJuoHcPHEv!pvC5SMD--$^k<J`P-#s=LN%q4Ms_<C6mCAhm4Lt{pqU4x|lF
zzz?Vyru(Yg!L_;JvFu~-g9Jsuo_Yfr>_-{rxIdpPvAT4YtliYuZ!0_*_YY9syLc6V
zd9%d5TkfZ3kzOY|c!=E>&s$A0b<pjoS>1(%D)`DV^;JSaz<6t3w=w$LiTZ_WXZVB4
zDmsfdy;hhQE(=-lSmwSOw0W-&d9q~lw*k`%=>cYus&0J<R6L}qrkQ|{$X3p$VAzOA
ziZoT=%pbO5TlTE7(TBB{Znx+(R$`3|lg3u_hQYS@NCJ-wtnnwjmm^Zk1*M-7@nTR^
zuICN1XEjx0&Z9M9V7Qj_C6g5KmhbNK6$V1dkm`xvzuz7zk)s7g!xqKC!Iz^wp(#Zm
zB1{0wNj`{ZDPe#aro#0&ciNCMA3<~bxi^wB6~^B3Z6}5GI_WKSx?zL*XNMpjCTta*
z!+Jl6w<0KcS+c$M!5%{glj19cZ76T}E5##lGJ&#2Vm(paUR7x^SIsP=7pcD34KRQU
zN<LX&5+#IXJMw@uQ6!C^Q!v~%A{F4#A6Fc@-j@d5MmX2pum)c}V7C<qgN65o2nxvH
zJ10`CI@nH!PObO9wIGroX<GG^-Y*@P1l-I#YB@eNpV9U0Xbi9JG01dF@6bYd;wO$`
zG^gyPcOes)42Y~;+IA3#t|FjF1&%!dTS&PCq($y2ksiN!{F%}{^46tsHpR24r91T;
zEEGe?;oeR*eNP^9+8L!e!-%&YA_mH6&={tXZ+_lbsseMi;3+YMC9D~)aK;K$4`f7@
z{TMRsN(OrdoHlvnb+4s(jPTV?kS8!GOFb?DLP)S5TCxGTvYYwTVE}snA@)RE@?CS^
z9PLx<^x!IveOdvBQyRqu8wcHXqe+hrivG+Jf2{)<0OQUwm5Z<N{X@w7fg$;ob?>1%
z^G~t~UBwp~RqTm#hE`34B+PwH5CODwv6KpL(Suy?V#6o2dmFc|;~_FxoYi+LY<Mz0
zH&1<@^-pWofe7+tfm?eUzOx3mfPR$QwkTf27rtWTlVlec9P8w4Y;1Vx;8X}kclIG=
z#;;Rpn+o~@UcAo{p6(o9+pL3!oMAz@oJkCR&yg|@PvjebwU-{MLDSr-zaLIz957Q-
zSI0V9ZNY&=#NAt%o15!OVYR^J8hg`{TD}P9praZa<OY2UMFLEA$YjU{HV<a{8f(cU
zC}jfmn{oogtI=D|4Wt7;lvagjSc%fk`lFaKL+5U;q{8A`K}KKa^wZWYg905y`c#)y
zH{07Yy|L%L4=z10cO$j>J)zfA9J616FuxkQ-{dLqosKUsGEoSaXJi`*MXRJWUx<>K
zoG^EM+aiYm&Yq5<fJ`{IEX7R_{BfBa$qdqUn4v#?f?|>i)hY`CeX6{Zp-4PyHM%K}
zcCVj{0W=@oPpSEvV#ikX=l0HD<l40D)f#xx;hz1K6XG{3?rXdmtOfd~fnfb{U^a1?
z7-su`F3z&%%f$O4nSsv5xYm4V42-V7N4@Y~r_UUt;RZ&2^#L-Kku!1O>#v(+99O8A
zlHUIpmlg;X%Y?vc=3=2+=J?l?*`GFo#2e6~^Jq}yWYGta%%x_qV@12!l-CBwA4|>8
z`Ez@>b2dfs0Pq@0!(RIhbgjc_|M-c2=xlq_zr+Y#Z)=|ax{$v@dw{J3;2Joc8=d?Q
zZ|$`!lK(mtmv(>Qu=Ow6|6Ays74?mit_5B~3m(yU%?taw>j})>^$|*vy#ZUvu;jbN
zxfW+=dz~j4T)32T6No`sK;<1+c`L|jKj$0a#257Iejy{9^JCblpHC?1;R<EZUxe{|
zRP*UG0UKONm)^^|vYK<HP?@#bs_NsNx)8=EcRFXCoi-g`24Ak?HPM6)t=Pu@lLat$
z`aSqy`y$ji_n>69z~dOK;Ne6ylPmX$%1e`1j{D}&cD=UhlLfa;a3K8(!OOJNTrR6y
z9WX`-Kuh3hctr8}_R5kmVbhIg_lv6v9-e|iwn>KL#KcsU+G7Vn8sF3;=faEs+=qD4
z<>vbZFT`$KLG(jvJqI0vdTSrnXV!%s$X4ezd6AJAgY%oq6G&-e<M!dG=g;%A?8Wjj
zWj;<j{E0Vsu3JqeTxx1ieV-N|qc-j#)&fvq<#cdcj&Cv?9v04ALgj74yn_bN=BR9s
zn@>Mnx!*4dhZgc^sjof^b$5x-<CJ*N4>?30o$GjY4WiD-=0**1-y&?K!yV)dT2c2Y
z{<ID$k?NZ0syK<+kJ(TD6(@}JIw6T)JKPXKQgOSS#DsYY8P>W4CN=j$KTb%G!>`iB
zD@{-gV06K!S(OL7Nk4n6r!&Rn@a=t5_lS6#;-`ZM@aWLmMj%KXCnV;Vi|VMY&!u2e
zYzTrl*xZ#TAOxJR9jgz0$}TpFcRNg3DmyTqAzj=oCkTeMeA#s1|4@;8Ns)DO*l4eb
zpDw?1-Cd=87Vv4$+fy?L<1r#A_`1$*X#(&p9?g83b3GSsY;k1eQ?*e2Ewp9*?pzlF
zo2JQsdsa0)eS;!U5C9D;jK}iyZQzqxt`7!64Rc$F*H0qdjPb{7HLy133AMZ0k*Na$
z>J9Clb~~m|!$;T;+$F<ZyFUCiNEJ5xU`(0ZhTCa=o+Yj4n+}b_D^NbDyK(U(dla6i
z<fk{-;UNoOaXh;E2VJthF=*U$#%|wtcRwBS=jiPeTzfA(9dJ{svPeFPgRN6+c)2pA
zBhKaEml36;SHZ1sb52TFwnAmMDQY#)^1>$Ww^oguO1qbBdkKqi-O(kUGA9P#t<24?
zKHS@YRXtah0$<=US66IBdg&8f4S=ncdy0*HE8)=wdy>x19_#y}X3y~!?{&6L;E<#}
z3!^lOQQ9;I+AwWvG%_#k!3gtiLwqwQ0n*JO6{|8%;qw1+brnE$Y)Ly12p-(s-3b!h
zA$V|i2<~ukcXxLP?(XhRaCdii{>yv2Z+HKysi~oA=5o%oeJ#`NeY<tG^iIu?b97!W
z+RfPbUME7)39o|OW`5UMGU5GThA)s#b8#XgaC!BE1wjSB{ftt+NrEua=f$<lLHiwB
zvbv3hB;E47BDIi~DiXw5`%B>q0$!mx5_{qPLE~L6AWK6><&o0-8u{8vB<m0H#@)99
zXy{{19;((#VDo!%bmmv_#^bt)tcz#uZ;DdYX<q`h`E$ce2ic+C+uuHWoo9TG6>R+0
z{tk}C*V1Fi3Rl;F)|Rz#a^@(`hLITiMg870q9Zm@zT=$Y&QOyOB7EUU<nwF%0Tdbc
z?oN}zQ?JnLv68vy-aE&DNopM8N^aGCv4~2kJ3fx@6nqD~1BW&mdrF1LjnfZV4?Br&
z!{T#urlW(k-0sPnu7XNAz%#CI^)TJ!+xqiUy@<0@YDGncv0a6R*_?WnDI5waYFDJk
z4e`U=<2%m7@mpW2b?Khc!CRmDmWF)njpGl25@2^W+J9wIpCsVK8DzzRl^eP$U!p`J
zEA60RR(1Poud|O~Gv@<`Ww@0vWV!1!uK>WDD{66+;OF%ytT{?x*O1mbIgII9FGT?m
z$;kx7pzYq`7hpZPdi&2(^%5f4Jq+|uy%2}q9cDWYzNIzC*+{$^rOAv>e0BBf?ib(&
zX?6iGCg++iR0zx=#_w?D$_9^AB)73f3)15+qWk*t1DQN@SG-4GuhH&&V`1!YpC}yK
zh5^f4yyUzK>r0W1yKa3`;?uJ)@Bthe`CnmA7W3b$jPOZUDHpd#ElG8~J>!*g?}OVA
zJ*r=Jx~<G07`0L~(hTEP$;Qx(y0_kpfgSd*>yOO)7iB3Ujc$7#h+Zv8&{cA}WKq+S
zX<OkcvgHG+Pe7yv(#v@!Hj9o(mMu<A_GkvOV^4n!s+-WyX7eY^tjD89gck=Y<7xRW
zB(j_~WRR}b{XACII(4E?jIsY{M)f89ZN2$>uZ(v25n)AH#+-7;dm{H~9mCD>);sMo
z={=f^GhETkd#l6`r;4x5U6UQ|sw>1-&Ba_jPlE4W>+#7i(HJ@zb~rO{DUB>`?@ko&
z1ndXOq>xx{8U4X#=5-BwoyP2wZy~RxE$$k2J3-!Q%$0Sd`|dr^B|TBx?`Ul@_7&kp
zp5QD|^p6KLfFFkwFINX_he?;m@aDeGQQh5D<YE2Bi}q4d=WzrLGw~!bCLYEu-vJe#
z^cd;x-FEoN&W-o}P{_*AxJ@@Vp-(>K>X&UYOx<kCnS~SP>>c%XcXK8Uo$mLm5bw9z
z@2IjzJI44u<mcQls!iOR2ikLjJwqLW`uh4_bU*olMe%C$2e1iBU#$ecZn5)eKiokk
zRi7KX_=<>qzE*BCt}FVh7(ePy|7pW5T#-YFwBfiH?k%UTk=0}PZfpq_rCY&+@iTv?
zwZpQ^XBByotR_gVLxox+zZd*^dzazx{Xmae4w{qC^zLi`>uzP;<9D3f*!%-0$oI4}
z48h0@6bv*b&1V~|pUTT<6~kM^xDmn0B<BO^0_X#nzl)jsAZX*iJG>P)dr;k!IWE9K
zGZyrc^ycgb5Jz3E+MV)?(o-NiBd?*c->%5Q+kxU=3fa-k<iK$0I`{W@`j0}j;eP()
zZvA7;{%d<^d8=L&a(@f9frnT5m?IB7G&14ZjjQ_jeAS!HLsu*BrX*FLT&|@zh$L9L
zb(RQM+o>YRZ*S9pU1&N3{7TJw;tQq9(ab2{&sbr)^TSNKxkuSuhtF^+cV-8@byr86
zm=MXt3U_xl$}9;%Dy}l>-~6Pbq44FKw0P53_!iqcT$heBNu3m+xe4ffbE9N*!SC)W
znzRE#wB57DDD|ToeUVkk8w-*rdDXuNu|NjP!U|?!)mi>|&J@ITLA{ZOQMU~fS!<}f
zt%8f#$6B*8C`A4uVj{!^6_4*wXL8Z>IqmiBxL|?a0Z|LO+j;{~mF-2c8<fU}$90e~
z5QT|+hWIR0P$A^oP~|D?kO{cs9@Qm&#=+%FsG7ezm`s<+q1oglh0>A}4`&)XH>Wqd
z3VQ^D?sdPk2(kjmFm@(61J<{-BAT_eo_f!fa3d8GoNvWR_y0_Ua^amd?c;4;R_@jL
zX1!Uw>>9D}yLr)ZH+OUFdw?8kug<su+d5hm%lS5!{k!uX6!x%Ln7x}1;;+yTh)Ao2
zI(HaHKwu1U%PcSlt9L_U!vEyWe#}*U^`1{Np3GOYe*d18`kIYB+%XM}o&8-VmmI>`
zNT}Rw;vk@I)%J6}M(xm;195=*fksK@({5k{=SALmCS2Wbc-x<~v#enzTJP-`UPa|o
zOl#_2l_K<~Wji23g?+!EEbIHPs3rnd95mOCnylBzE#@sty7WYb@n{aejCrUK9o~${
z2z{$-qr&HCId<xZ=w0^RMVD6hslHhN+*azH^^}85rCy-y;=94#FV7p_m*D^E0rbMU
zjk9sB(G}yp=`-_S#P|beY+BX_LTgDl(|`1Jf4NG%R^Q09Xc~>3hxJz%*GTD^D6@mL
zTv+&2g61~DW^G65BZ|R#rQ66RP$?}2wWm9Y%{X&`GOVeCiI^`J$^P?Q^b4lhm)E=l
zh_(I;4(QnH2_r!y+rdc+K@^QKxj?w{=djo_)$bwG<RYiqAmJTs=Iq(0uHp%ek*5d(
zPZnzmIB*InP9fe*4t-yepPU?JX`JzJk|u>Q(udf842dj1yYepls3Up6&1t_^9KLfY
zb>WhH=UvQt(|oIIv%bR&pWF?V*)-$cX4sIh5)c$*79_F%w8(sx53G{dgf<QG!Rp_D
z_YG2h#|g;G4|Orcjl_WdR%xPVycTxOG)5xzg1hjv0tNgG2Zjk+M9@vYi7;%whhr1I
z?2Mwseo$3f{qrW7A4EW2P(4|WR3QjbAs(EE2kI_E*@&2mW(N#3^YkhMGAc7{xQ%_S
zvs9`JX>T*E523GX<Gxtp6_HrWRd$>XdcKL|Hqm5&TcAe%Ll7c6DrC@N*Xw}r&!Mv8
zRRrh}?x$1)ZEbLl;U5S@wM6%@3S*gZVOn<{E@@I-eleI{bhqmc>NW0UB!epF(*gL&
zkJ^`N04c0EVA2FT48FE+LPi@uJ##8{BZw*2phd8UO&4dJ9o_8}Qu2q~V6b-X-uoL$
ztpD3kuHCh>gKt_zN!8l-wK#+E)q@_uIUu=mra5w@2KR6<GJL7NmtA#+|9dz6u!soZ
zk8u-!|1=YFo3NkEm?>Ev3Y-)Tb@pAY%pE)s8A38qKiDCdsNa#cP7%x#n>=Bre~PoW
z?Mhw3<iF3@iEEhpgQgL46=Wzp!H=*jz=t9aA_QcdI|h0R=L+<_bwGL(xotjc2iRy2
zynJ<B&n(4hE+Ff;GxWZXHGKo4>97`LWA|8Y$eO-0{i$x^%;0w$JoT)+rQUHasPeW7
zyRgEW#5Vy=`jAV-V_mxSz?numKH0u4Nhk^8Sdi6uw{_84bE`-DIpP^73UT-c>yj1_
z5IL&lH=iTWyFV}==UbF?<PG#xc-($3eNl`T9kY7hB}jXCU>55Ep)gc<7@3;bSgBzB
zb20gV&Dcpx0`*rv-8q#tdlfAWceViPQUu@mg$2^eQ`Yb3pAq{jp$|<amtXNzw78Ir
zw7fd1#!EB9{ZoF63}$)Tj-#mX*tR%CJp2)Hc;bdbHa*sb@W<Nd1mdPyhHiXNxqBpY
zu@<~JBq=xcFsl^E-N2C1O(?W`zjrf-3azhwubBZ45ptI9CNRPHKGWIT1WF#DN0hMO
zw{Vlqb*03p^0yjKyRyY^zqg^oPXcT|_10;l>X9!+Cf(BdwT95^KpYZOwjm|p*H#HT
zTkW6vJ^*J{Ie!vSG<1LAg@W>1Qv^d5`vubbg=pbdwkiU@Q-|V|10_{o{Rrq?KNS^!
z(Oq?kUTBCt3Yd^WoL0<a9)*-ZVD00$Gqcs+n1K<KxKWJcRmT(HG{MgEe$3#^c|R?6
zwL6NQ%#iLkDaRAjey9v1;KcDUd|Y7#?AN92O7Egp5n)vOd+h|9z*qSLL1!9N94o3-
zE0lqdp{A6|r*Th>(SorCtFOqfH*SeTBlzLV+J8J>slRO`>sD99>KJ#{I*8KntiO%C
znI`4!pSCD6^>C@KF#*37DdSuL`^jk1v0T=jzK;3Jazhm<Xu3AadYyKNxCcigj=_1A
zdgW)b^US+yth7CTjN&Ir7|7icD{0(&9IKw&3{^VWRW-6Fn&8TFmUBnRPo*I+xl3H{
zKv7Gil!@j-$B8Yaa(==KX<iL~G}>;j2%%&gnlOfC>F99lzkPCGnB(BVqWKmz8zl1F
zVS6b~0_jvYBOZ?d^1G=0QiId~dO~y?`eA?1s+D`$fo1DBrRLGAy6Jj{+qU;}VIX6<
zS8&RJwi~2O37F@)mD-wh6~KVp{4;jbR@TGBd95tR#soJ}#mbs8&N`!!EMEb3a5>)Q
z@PT!eH<*fj%V?9O3l2NkQyrsJd&L-ESHB(cdNlEoG4`b^4mk8$gxbP`t;1x)s4`td
z_YLA1fXgx))RP?T<XO?o0c=SUqj1DPEtdJWKQnvvZN&3}y`pU+!2`B@PfGv5I?9Cc
z$WxkX<Z2n}&Y*T`m%0smyne!i;E@N)A~0%)eDliL%RCp_ae1p<avR|w`HHK49k{PT
zi`O59sox8zRO39bndlf7Z8=WJu~<K!l&;r$XKT1XgP+5IC)Z{}ff0$^c?!*uW%yaq
zj*-@eSfrj_W0UNL-G!CgtS?f|A()u<(`ZXQ7bjLDSfAmnTyr7m4Aq>88}7J98Eg1!
zZUoPeN)w}%m~GFP9-oz{W<A+~ot+^UJ3rZuuvEK&%&&;MKUN6fVr!kT_^WGZ`0LFA
zWLHd^^C$!r#J(?PhNfSzXH<~ocs%aG<TIH{>^UtZLmXK)$CQ@jM-YgIR90`_(7#e6
z$zA1{x8uVnS9984tm_eNxaoxyePa~_%@6W=`ssAw_;q^j{37bdnAKEq!UJ^Xar2qV
zyZX9;VlNb9zEXZYoqK`An8UAa`i>r^Zbk7b++TTDJu37bWdZeCE8Kd9OgMj7JwaaX
zS66{E0GIo5wXEc4SGQOauq5UUomqAO#OUF0a}7Rt96yeF5vSZ=twR+<s;`2IboQbN
z!Ws(GB5sdYW78$`W~~S&LWp(pd5|MqjX2Jm-K&BJstb0<+Q5oZw^K;ii7I9OFtQj_
zComu1k;^l1;kG}I*;BTe;dtKQN^k_^Sk}0EnvXs=vn^lm*)Ig~ou9qy5<j(9R2}g$
ze<mlH^NWyamK56W#@+8U7e{qGdfN~i=o{|4<TBF$tD#}Vt7|lQ*xo*GKKD>i)#i|C
zX*ayA^_v>X^IRO&+Fivy<AG4eqNZAjiX`<qB)UzoGZCjvy?>TUT;!D5S}{+|$B@z8
zj&V_;iamroI@@LL*dD0QmgNLYA9E5_w6>SKQS#fk{&;s78o*D-v?tOAX9^fU*J>-B
zFry9y_d~Smdl`>?jyN~RH6C#K1DR%DZkd&TdmT@GigPKe0X83zz!t0TkelC-<{wFp
z%SMmosz?J@wvP0bnr*_>yB!(k>9sgKc@AAdxM@rJtyCJPiXp56uKzxH`#eciX3dyy
zKq2$I)l+`O!hd_vDHXSQXqZIHv*xwVlEUkVE&6<ZE`sJsQ%&Uk?D=`weba*tcRkZ)
zz<4gb#2&w>ucu~$C-i>p8DC4Q5+vU7oNx6UeN&+?gx&4bVX*A%@zv8gTtJNr1;w}B
z0^b_P?&PXXZ#`m%`usxEw-F()Jn`H&)omrB1=&uTy_DQ-<y$F{7T`jiX2Jq0Rb`_2
zrv~w8`qF^J<w0}myEpIRw*~z(hCCTbB>!PI*yL1y6Yjk4RU}@gOa*#ErBE!7!|HLt
zZ52<or`=@gY+NrhFc>6CB$piYIz3}UwT=`tBSZ-`+>a|l&&0X7o<1Qe=%K*LpvVAI
zHzpBS?41~5Qc`eg<#M6Guee-ys;a7h{nDxjJt0&s=Aq5^bE@9YNRT03?YA7FK7il*
zRS{6dfaGx@R?=^+%|C|Wj_cWd{l6r1?|wc<Bw(~oemPGeTc6vdzozfQA&KJkE+%|P
z#SQs>l^Dmt1+`K|j~U5*hk?av9t14=cRh*3v4PlN^{kOfCMt*Zh$%O{T()w(cnYI@
zu(^;;dwYdXi%}uFeY)%J+wOOXQ)}K5ZN2NlYJEPEjXVaCNh?R9i}hfxxpz2zOn^Z6
z_QsXxaqsmfU0{U_Hul{rYyk|LtlYoK)=&BhXiJETbt>tZG?>C1Qvkcn%e7~HR9&+H
z&YJp!_U&M)c-#a(y!$e4RacQlU-oz~7HLZ)3a@l!?U@o*8<uB9y07=QljmS?UYU;L
z+o&sMrFxe#^0ofZ_VslJj+Q^sShQ%+Qr)nwaKnzkc$$yh-MpoDWYxJNBdx!d51vsb
z&|Oc$gIw3V0SD(~35TKuMMQj|#e3=8+P&i2V7I(*kx;~Q8RLlo&c~Jl4WO0<(JR8R
z8fF{D)>W;Z{WD!~;dU02uP2K0^113!O#`JJE`g>3OyH7@6U8A;`Hghlin-rcjf;!d
z3{~y-Ip0dK{vhgZUnFm7mq3$|)TtSoEr(PE04$x%B1XKS&ZuHri}>P-Igz02j=((q
zte<yDoolgghu3CRrwU8O6y@g#uz}BJ^iKH8&DhYv43}IfCXOWrYJi7-X_33;A`4v?
z>Sr`Sdy%qJD9Gt$R6qTJ+)#W2AH<u1@;!{rBSQ@0eom8$=82=?s@W1!UdS}@(Y9#R
zcNYkxr`E0H`S=<Hi1sBBm=(Z&`T=bhDZYKR4MPcJs!9r<zOcD!Mq=4wYqK5+Yxk|3
ze6%4I@u=%cU_9^>5eNiiWPJ*}UzZ3<Go`JKP$;8Y-U&Q?+&qRQ-0idXycq`DnNsX$
zh4K8Yy)=VN8Yna1VZmU)Ii){fyscHaPF`rhQ^|(>8f<asoX;?4S}p`4={&DjZChW5
z`h8Tn05hGj)k1vA=MP)IfdynJhDCPymGrd$3V&aLXyC69#e01@lnhna?4e;>^uw%F
zzQuCYBgVUG9+pQU0FJ|z04qg<m+`0-Y9_044d6DlzZ@8=4!bdG+mlY8$kuI072)7T
zQVuO(Ta9!IL2}JWBZd{ee+-5N7oOw)7|V+&&bJ<xYBex>^JnCRndmvLWAbk0PvtI-
zANPHpJ+H(l%V{O{s`9l8)TD9j?VMpBl51R&^%B(x6I}JsH?og45O~KB>y(>TX)Dc5
zW57R>)&X>=_QBF@7(~j<bsP116YX$FSKX=bez<@wcmyL3vJh(~CV`nJfrSKi7L}UQ
zEH^_)Ogn83q<a!LtY@-Yzo0PLalLBi8mg91RWTMSHpNt>%eO&~7s;W9n<@#$Hh-I}
zwUlDvEnzk7KeUaDPDC?b3sz2e@o`RdBv6inGqS}`R$e*6XhWw4iC)sSW_==K?W0X(
z5f$9*68dWtF#?Xa=L>P8Th|Vgavk8j10Os#-FcW3B-oeH_EC3$%4#=VnDT%Z6+T}F
zfdcenTCZP9XT2|GQk@63k=2S31@5?kD;1_&T_UkrBtCb#i8<#xSIBHT(@>qAFlIDB
zT2sSzO||i+wZ=v`_Di99UsYaVCK0Kl>hsMMed^^)cV^}0y{~_aASz37<CMioX?|n2
z6c^r+3nm@s`-#BpfB=v(z{8*1dfCDguKB{E0X#h(Q``%zThc2ekm0k@?Z*v3o8+<D
zhEHksC#sqZ7yF$ZrQYZshvVz&p4FOetu8W~zmoC1@IBi8_7kg=jqtWz_8c;4a<#4P
z<(mvPqeoYyEU9E+3>6cPdaRN8e4S-T!IL9X97A?-=I!4@s6Wnpsw8}Uf~q)*cR;T0
z^yPE3q>D%!?!9DAW=~EgRcD=f-LQ9Lok8MbOD{Z1JvCoEu1XkUWNkSyjNMI{;nI$D
zs7QEfo~Rjm#V9a&o4pM0K1-<dIOliH?Eq)?Tt%9Os)y)wlaBLOLq1@=Tvja9E~};>
z*ovOH0@d*7;$T<TU=5)z%I|;oSo1R(nbWDD5cQFwva1WJ>IWRv*vM+g-C#n-wX1c^
zR#H5=4zL1RoyccO)V`PTfZlrF|7Vsp!3x;Pm40+cptZcwEAZ|0NpCzP)2zImnVUy7
zyg@{y_cF?{#|ecX$$N!j%?^Bn3WufkiU`N{Gq7z|)njqHGAqtDUqBHV3Fu~8rXSUQ
z_b96}!F4EB=yt9v-lmb`n~8ZqP&DwtN0$ddr4}Nt7eLX=$&n*m3V@cA>;FB6G-ZoJ
z`x2M!d=~Wn%Z|cbh%yU02RTRVyZsi6<C`;BiQ}o@(OVCH=xWhW6UNe`fW3u>M~01@
z|Fl(3@8tImsbzoq`QO|3x#U+fWg&%_BlBB5im8`6i6hqMil?%~0{S{ThdA{AMYteH
z*-HeXsL}v1v8)>ec9$pEcJbG-q_~7Uh40Rqx63^Gu86$YIlc2G{t`l%+2v5Q6Xmq(
zxGYggP_xv1PpG#Ou?3g0VE!{aV=)aU;K>@U%4*_dFIXg3t!lHf>ONxq!#movoHw)`
z(i`tlLv_t^I2;cBEx)oS>a<pWNKAi9Mt;@~wal@;NL1Lg;ZMivpX<<MmTYc<*)v~>
zP)>Xa@mF`;qx@aPh?m-iL+^2oe0DIoB>Rh{gkGYJF&fBwpP*2ZJEMt3Lo^_$fr<ta
z-W%(iDVQQ7Dm=fg9#HpqixFiZKc33Gd{*yk&?ayFPRW&RiFTx=Yrdrwy=`4HIO^D_
zVvur%COsd@yyduQ-80F=5n*d9GjdF#smbaCwQw*-``W2{@WuSHQIVq_bi7!pPnNHc
ziBFT~#-hEP$3_JO-e0O&KseE8fAi=e;9%uOLl9U_3jRpCTYtNuYyR?zFgH@~cn%_$
z^`cujT48R|rd_88+fVAy8)Qa@=9Kh;sq&m162ucM6($ugUTiQq%h(#rW7cdNV0mQ3
zw2`xSFi+Q|g4xSyWx}O=kK~{%XBO$M*Oc=*Wvqp&KOg)YrdGl5@h<pmkRcuQ<X3E~
zxPcqrfCAE%i+Ya)1SyCB^!w%<DtdSF%&6A32u?h$VBBZZkPhJ$f&{DOP;exG9Jxgo
zSvY6atL(3}gM(DZ@T$oM2jt`zRtkkI(R7`;BHOP^nVu0PFjymm4)2){9?x2CiS5`D
zz2Lga{fzUk(=J)%Sf>6LDisj{4&rjVGqYSqaBV{>yLv07hD>X&Zc2|m5$oB@zM1r_
zN}UI@#f;6Yoa^j#g<Czwp9vcaCr%<cJqMsM|KuOKR;q!<xzN{`vR=c>aY<n=jB)K|
zd|1oB4<9n1u9+-MivIYU3+lj6>GjdUOrZvAiKQ?QkCv|UqJ*Bcl+b=Qa6+j7^9&J_
z&|dQ*uG_}ZCbwqtyc=+1miozo6jC%M@l9k^?L9rQfi-0kfNa+Xz8UIp*bk-=kDO0>
z_)yr_)tEQZ(=9|Rh8Ee{XYK9GpKz=Z*Ze1lceCXEh$?qE)=r6!7B~&XB1pO#wy6A5
z&WNq)Xs9*0L*}D+90c!iy}X7OiAUcVC`Cj{a4G`w2e1Bppak$ecpjpNP$dw4m_|tQ
zEN^6oCgD{U$Q(7uLL$Acy>u0FOBi9PBf4y4ZO!(pFLJEEMgwBRXoaA%mkZ748I_`C
zg+~g^eqQ$6tzT=R5@}o&6CG3}*7u6p6iouqHl>e-bJSD7>fNpbZ<8KJj9wfUI!J@Q
z@G2UHTc*rBZRP|RZ$irn6}kqf9i?fvxJ36UnFUyp(hV|I4XU&|z_Xrm?kF?rSxByW
zq|8^q)unNWt|TZF&GGL{hyR6K{-y=AAkfrw%j#qPg)=^Zq^meucw|()?tkI)6@DZ5
zeM;Te>pph&d4Ymj{v=8f^Qs1IasgG-&?l9I?73ONaO`Kji_fsr`YbwTYIE{0$smX7
zm3_y<<+ZSFk=Afxqz8HOwFnjL#Q@a~Dx*<SNf@tLl}iDA_?g&z2KuOAmu0(Sahgz(
z03<$C-oA7sgPgaOTjj0A<8qc#Xd{b-5Dx5m{o9OJkO8IV^0Tka$>N%tOBw3;;iR30
z+uvvVg!58V=6bOtJd}dNz11><3gB5-gZpvh67lPbA72NddT{rQtBhoY#Tbf$DU8ce
zNR^CLcLn2NOs8@fX_NlpNHGEhutESNs`#AXhehT`nw%wZk;oEQ9nJHmx*s-0ay9TN
zM;1$$JSxU8P0%j*fwOfyE2Oz7`s1g6XI&1-R2hNzb7>W`eSSC&$DG}xHtVBkj1*b#
zkwErv+QPw>G9B0-^z@pNXFp4sn==CnjdqE3|MU8@1a{~aIK!|zYT4<H4AZg;i!4e1
z#)6fZ9062VQ%xIx3heP{L+RxIT4&nFI>|NXr2e%|wws8C<t|!r6oWe8z}EFzQDIIL
z7)0_`eD7J8>~(*r{@<!ISVCpk?TG|=yeA9PbBNC&wYI^TMw*Gp6GhZjqT`}$i{IHy
zARY2`h=8p8_u;)o(y5K#C!T8Yw}Osy1vQ16E^DFyHDLb3s`{k3O6(CWmB=ugmEK%x
z=#hYE<ZM>~O%vXftpqnu!qPokJ(bgy*TW4|XvqW&4aBnAzZv2URd;x6yr~ngSAS$O
zQ_0+)=<z2`l5<QrbfBNWFy;wZwQ@W#8%UiVkN=*h<_YPQ8ezyW=}ORdRNivfF*g&j
zOgI)P5KpZ%2f)lbXZZ5jf;A@=5NQ#3Z;=D_$tAOK=m%T^9vl38+cXEPvPzo_vHe{O
zr2JI(K`;@`n>gQXpqo#Qf=6k3UWMXe<MndnDohRalP5)xbQCmgSuQC4lJGcH&~H1O
z(%h$CL#H>hdK;a$nHGu_dz#{p2+p1&!!08vhWd;3OD^S}!xtFd8A<K{L;#$r#GKa@
z5RC8V7{5vVor_5<NDBgFlM&tMlVia`()p5jrTW(JS;av4k=bo`#3r4S|5AQGeE42N
z<O;PrzSG6fCfRQ#z0b1vP)=}t>_RpL3g>NyYNj|HCN1VP$z0S9QL&215pT3_(OA55
zb#?-Ki`UIN7yVA&|9Gs^W<r0DIW{We=F=98GPnegYyiX!Gemj<F4BLf`qu@8J6KNf
z49M4=PaUCkf&nKrr<ICDK?x1veKG6Qn*)l6Dw$7#14>C+3n}ZNHniIPS<0->bQ!Fu
z={Y&!UIX>RPWp5wNz8fCD&j#JDKn>pchHhcRKti;F&)>Hsu9~dZ*_C@RgoIEE{SzJ
z$6O|D`<f%%@*?u(guWF%$0^2?8PR+TADD%;wlwKKHsOQCfkH@y`+)1&n--c|&z@G>
zx1sZDhiLaia#!~7iS6wa&Hmhz`}^&|R@Le1u2yj)f$dGo9U2mT>qr?F15C+J!b|Rz
znBSIG)mPKxikCOk>XXL-ZvbM$a^m?kRTa-<IA-Glto=jnf=^{`3(`9;VbPb;-~mNC
zlTYelLa7|aIJX7TUCr&vj|n|7=N8X6qmvE^-yWl<8p$mze=&c)i>=5dZ?v!O@_Y9S
z_iCa_J}Ux1VjC$*{>5~EvmWq_Kn3brT-U#-c`mZD2xtAhp6aMx+^0>|7-zhg$`ZXJ
z_}SmQd7f4uBH~<v-tAAlWm3j89=vqYsj8?8)|_#LJvA%|V0SotT3W!ac0CH(!e$)Z
zjKTV(tkRPU`|!@<;VCv2W1%J4nA_zyBi^(f4)mAgBuqxq+P5DK+x;Z_F;h@I{|bTD
zW-ypdxuy4S6B^@$JVe9mSJJRqka#j3Ntyg9poxfiNd)T_A)qq<R-^ZC$^SRAKq7jV
zs$DXPPY6ib8!7~qec9O~`aKT*E1JUFdDo(Yn^U<SXXl7)U)Upa-3*MZv<*&h-^k^T
z;7oe7N<!WAk|4DTRKyMG%brKXqKRE}_2c)O!&!*Wr>W5iJm}21PuWg|N<9~Gz3<8N
zn6LYLxJZzkAXIqW5lL|W*w}wr+IT+ch}PSQF~7D=|H8RDEIEc9B4wpdOek=+X|eIX
zIC9@HQgN1rC}r~u%zUD)ctaiB%k5eid&#qI51rudp(C3~tuj-ow{!VrbbH3y5G(dy
zorny(u@=4zHi_<iA|HQ}-xG(0kwPljJiL!xK|_cr@!C`8!9q^6A)SuZ9@G}8DQ#-#
z&$)0i-vgqU5HX;^Bmy<C`QJC@eSthECoJfQR&AJ>9!u;h#}s7ftH!n<Oc|X@z0YA=
zo~j}!Had_)ZsP#h&$m2tnE}_gV>%&5#_b{{Wfcr#wl;9f#P-HNrBnXGt^L0DeZHwB
z=9B37)BJ7mL1D*kOQYdwSnDMQ%ewNtj>`lF@j8JzeM5=xC(O^aqv|9GN}#CSYMj*M
z|E8Zc;=@G`yv@NR;XDWYhj3-pA{ELPe6?)5o%>0ep~kgfhZ_Qs%Ko!3)mMt_t+^<H
zAC8E`*QV41&2ifWq&W-uPBJv6OO?fAhHF7o^$5|h_i9Bq0cKpVEyJ+s%-xc9vw)U3
zwBxC5<R*gxmaN$f*937|1{d%3x^QC2>A0%J1uvRU4k+ldC@wS-|0^Q0G+;B$T^X^Y
zN^r#*2z@>(EJBzdsKE8qxm}2{R@g<Rasgo#g*2!F7YeyWz3^X8%a%jM)i(t0x-cv_
z10h!san>2~9Zv9}jvPawsJ|K~#`|~u??Eoz?C7x&28PC*5s&mh^An7ewUsS&S@ZwN
zr2~n>X$v`$0BA1RW!L8}^dSU(>X6)QXoNZ7BDKx;0mkFFfE@Y51C|2hKe+FMC;525
znpf^jc{l*6f4$a?Vzhh*0}Ay2z3VTe7zYB}LYz0h0s4PT_`gx`2StEutBru&{g2`O
zH~9#>nfSaI@rFAIs$u?R)&5p6vPw`m9JYC-j^VFF-a+KDxgz0NPeAi0o0L>Ug9HH1
z<{Z{*SRnrob5h8I`J^wz6-n1HlgRde(4+rL-0DzfXA-0S)kH7O|NQ!2|3jEer(v1D
zPcWLX+DDAYdH~l+D5fzk{(p5fFlLqU2^AiZ*YAXnA97N(lAtyz@&DfvBJEY8hLTQb
z_AglR&+h)ZxBx;=2wojP^8bJAFLpfu0v(F)f^+}q)&IWO2>hha^#IZ{Vi?Q!<HwK1
z6AahCndGmV@{_#2Jn%T4s8A*#04)__hDqC}k$?v45e`=rz4oJkQV7Rv`I39<kv&6<
zskn2?RWE?T9Mpn2>p?M!uoRHz;t57XalGTHl||A<QU1$F5ykW6(HO1)txDrtiGA0J
z5*KimpZv?~Zzw(iaGD7$v?4*iCh;sWFoA40AZf(}JG-NQY&7j>gepu?vH>{<3;{T6
zr$3q5n27IZNFf-NQfUx0>O*Xh%x5USP(G6ed+S@yY>uUlRG%jK=PYt_FL%P9Z}Z5n
zzeQWBFTB8psl9Wk@E?@xTX{H6fWP;_j0=#3)7g%vOF<zy9F_|NfrVQuD;gg|m=(DE
zg2+n<y@SXQGX1<y`w0x!SZ*X^Os3OR0oPV+I?eJ>jCotRVk<lLbz-R@(qrd6_jeiu
zXXi<FSKk%_(*o%&mm*Bml;Y6V9yvQ^AV+@Rh5r&lX?H`W2)XhO3A}neiF;m4%x{Q!
z>Mt*C)1@_Yr!sqmnnf2=-4)0eEX;_ynCr2Drq`a621OL^oC9<JQadnEv}GAR14_pR
zb1q%@lTdDpJI_$Jsoyn<9U)zN(Z}$pIGRZr1wKauA;0fw#C(B)6P1|6Na$%E$+%Rp
z+DVFw94Pp*D!ZS7tj9Kk!X5`^pQBZ#_U!<IA}02Wn;dih(QJvREgP2s{a?$u#3&_7
zi&LZnHu<FmMMe7?3sF#lUb<WQy`I-ZduY@AWYh3cdcV<aO2`PfU8H6t=D{LP_ff)F
zf;*rr$HM-ZEk`unuHx&hZ`C(?8PVMSwnOrz{ZDCLbDyI)fdSY}gSu`^q|8s<Vqm9@
zAPvyya(me;!)*998Clh1dDY{{djRTPng+B)#O~iZpj&`%mDZMbVBW61f3(o!;M58{
zw2_lhbcMzq>9=}9vn>0_xO8f0+}M1!Oa%|dul2Cnn<npLXbDjjN+`b!KHd1QR8Xk!
z+4%5tV*jgF5rV;HR=4(sF=may%s;yjuPNhiAx}Qtv;fprsJUWlPDFh(x&u=4OEd1*
zgX5sgUgme@KxBYnBP5EDX?|DXKEXp=^&cXCYg;9#g^sQ^#ftutWfF?yZ>kjqG6S>m
z6~n0mDIFLQ4bn&9R6WM~7L+K}YR4Crgp=Iot$R)Rqphx~8!1Ctv7pTO_aCYS!ON>z
zT|+LL_{-hhHkR&jz+q~vE`IVamGt6Ut<g$Vk#IFM-X%@LTesKLV~u@~lwDdRiaIdp
z68lM8Bh`KYMO}|X*WWL0_?!0wp^B|-kSEypq4GO0wenZA`)^QxT*2f#R^q2Wn{^zX
zYJY8u%`Ekn2;8-tE(witIn@Nz&F5TPLWS;>#sRf;FBA!E&sC{zhF)Pcq5KwmlKAzG
z%kGrxnqk|-*wsobpC1APDugg9n`DPV2o>5$EFUFd<*kE#yjM7u*UyF{Zmq8R7^Jaw
z3}Q2<zL`@kD>2_F<F3KIa-JmjDfb2wle6ii`4mlP#g3Mk7>?<;*;Y@>O)Pqg*ZT9$
zxN<nnZPY8{@h2ScBiAffe`3vtpV#lZTXJP@?kYju;NO_QD5PGgxT5u_n;h=YD{s&J
zfA`JlL1I^b>%W*n-`1u_ziJ`$%c-RLmwKl-|4@?WGM}E$Grgo`=^pVdwPJNkF|tcU
z+?GsBDDXlU4lmc$RL<>X*0v6MrYfwJC0)5X?t*OEt$+Entp0Y=m+NQ4m}Bp5M>9z4
zw>t3VoRfx>HqlE5n4L?=cibkIOraI&J2qxC<;rg}ILSr0rU^J3oVuFq=19IdB4y%p
z9_du);QmAhmu+{x?|EKX+Lx_{71cy*09k0*jxRYDOvIZ#ZFjb_vD!VpbeV$(R2rr&
zqYA7tQ}s1n(+)a{?Uf#{xi)9%?NZy^D$d$uI?LDrzif?fmh4qB<INje%uMedYol35
zPI#(tc4*^tB2Y~~Ej;$6>}WU+;C3jMu<STPOsJ=x!wGrZbE?{H4wR(QbYs?_Lfqqi
z+D%9i{l~oZ2@!M~Ve|?4k41U4JK(*rFS&hR*C$$Y-x9JHG@x%&o%`anyh5+r;tVFT
zrhu6_9=dVp|2XRYMo#8f2k06Sddw)FGPGFmIiHwgd6_B4Oi9XYsqQ5<j?ZRcAm8q9
z|4HAPaV%KHbgmd?`OIn$rL(Ffbrd{A-qE|tn7G|1Rbah^YU4jS<e3UFwO67a;f777
zy9%ed!bp_Y1{W-Ev$yk;2J;%e^>){7o_+NB$ZqBJ{JE6|82`9lLi;t>`<TA3_>O(o
z)HSrUddWpDwYC>^e1ik)a?Fco%l+bpw#MZSZ7gK;-1Ba|&P+N}zx)dSnKi?D=291x
zi<9G<Oy>3Ai~?w9*&0zu;GjH4s^<Q`Lvq8QK%g_+O;HV>O<rk1$fG$A@BUfp;YO<T
zFhDoOlXJaXI{C$GgoP`T(>IfeSoFrrM8wh|oT3(n-$Nm-I^~qE()0LmSocu7fif1x
zVd4b-s<v*mCtYWTXkUHt#o(@;KK8aLGgII_@At3iYnKJy)Z;_w+*s$(<?cf8YsTt5
zDFE}a=u3?ST%c>fJ+_TR$1H9isd`q`tz`kjE9C(*da3#F=yZXlJX<4Wiu-zV<&Ev(
z8jMr98?0}cCBG3o&Fi%B7$Bf*oAW2i&pA7X0mkQ2ItlOonbg!<W`vN-xu;xu#<(xP
znYtE6@?Op;@I6y*$6n1|KSM~Mkd8h5XxMx@lNOHe)x@ydw=`cnQZNv6r91Y|<H5LD
zufS3I%vAJldkwjAu7HpPxIU?Si;!u#`iA=^+hu@S0-ZUG8g15nOpNmb-YQv&u=ex>
ze>EfpTdPkdRd_0?LNa_R=hP_AGIy&>Xb2b)`5PF5f#7#o{t$qz7YEIc^4g_6t{<A`
zM1lHN;gEEF?6+GDzha4TuH5xtau@;hR6`gKxp9m(GuM3MBgr`3rmrb$vS$r&mfwqY
z<#Zjw8@JQZee4J+U<IOQ%^O-CMO2UFRO#Qymj;)e92k>zGXvSi8Y&-GVLJO}=X^{s
z{@ghva(WM7zxmt<k{`>>6N|43rq~O<uh272gn4Jj_E@H0E_zw5p4y*#?}SZgoRMMD
z-`|*zl~@fZb%Z&*x;8#OV=sft3;w|$Vcw@yS!0A!W3AwE4$EH@Q%Ia1>2nMpyo0fP
zdQjVDKFEf=a+!N$Zp$|2jUji=aE)xZTVGH5vV~TB$@&OUlL+;QR0Rnj-uDPB@t>6<
zO1fHeHrKr9+~$NU@h+>7><ma1z!>OCEIs;qnHc+UG-{H@(T0h<q+aS$S{>{vdi1nC
zM}4;4$RBYfT>{@T+~Yn!5uG?2kg3u7k7JIY1%%;#iS%ZX2B0PKnwK~!E6=16CT?KY
zQaknb&d+zTmvbwSa|@o(9&1}H*OBdz6T!DW(K{BWnv1DX^_pw-yYeFIOD!>&k`+%5
zXHXr-Mv(AAN|BCZ#fo!ZWpw=h>~suq!vl+zC)+-0XjlY4UXxnE-oRR#)N6XRZ5r9g
z%P{sN8nk@ke(u{`k4@X#mWJ_}65PJEv=)EXynJ6tpwpY<eTv{-(4%ucure2%!B@#>
z;sQlis^`;BE<of(hhBCpY+Ru0<PLT0k*&WeIjt0sOMc-t^Jw0@uI^xj>!nqAy`q%e
z2$d2Y?e9l#)^jh0Zy<^;xjnqU*!95?C1qOlyz>;dgn_ImPQ7afxr-#<%9oL8rX}RM
z0;t0LdZq5)G%T1FL`CCS6-aXc45nm+#G`*hFZp7#yzm`A^W`8;?m7f!klZfK+wyj8
z>CM^D@ovnzqH;JXQ_>W1YJ9Q04kr?ry8PQzhr|PYgT9c|aA8<)vddrTZBy9{7v%Q&
zoGT#by;KAf%XZqkK9sq8+eQp+xyKio60fb8H;SGnjcAhih5{W22Xdo>&Xd=)j{G}`
zY|}&f3A(#I=q)R1bU3fHwr`vzze?~>guXCaQ9R|MVO#JFlv;zwuo%*gyHhl(?8ZN7
zxt?LQa+_sun=(wK)VUQ#2(DJ>>@cmOP$>zOh)(n*xf)tHSE)6=MQEOF#MtsUuZF5P
zX?_co5L~`z)R{H7sZ?WDUH;h+(CZ9nIpuYyXEQMiTVv~MiU(DD-xs`4Tc;9v^=!Dk
zIW^ssn9F;<5E!rdMS7*&?D|bj+vxF;upBKIJAlJL8poTJS$l}OrpD?HVwvMgoLj_e
z_{9Lpe_$ebtW{50h4A7Z?;?vGQfMLUH+xhi91;Sk-WvB+QKGeOAfnj9`;RrRnBpY%
zYZ;pg3~$T1ctX%FnEJ5RY&-Bje;V$1_c!+VZUeS6hMTX*B-L0(A?+J2h9v@a`>vOi
zJno@8g=xj-He6t(m%rNA35~=5mVw#Zpsi|EVfJk7+2S8zU!^vpjUmX=v?qE8WcUA?
z%SoInD{<ovLHhLq!F_RVaG4C>E!-;hS~aBp>iLRays82t#&PnMfs#pb(T4o&a0{>p
zO{1Q52^~<gH}%~>17@YZ=8eckmEp7e_PHaNbNprc^CEqty_X8aw<3j$37yK<Z_g*^
zK)vj7==TUnY(;X`XxK5i$^lb!W0dhA*4Z`~F_a^t;o$DI?Q%YltJpu~tZ-8M<*daz
z4qFn`WmkEtRfiQd^G70LlQ=E^Dq1lPqbKoXz}ndIeq7V?3gupLdr;lT)BTz}wj7M<
z4gF<*484_Vj}quD<sp8AU-N(yv&6Gj5DMjTMP%Lcw+JaDM-}j(FwRh+-eVdLXEj&P
zFS_Z)<^Z4w9oO0!qVu72{B?o2%+m)gydwP)@fyz8I6+Lrg-ok~x-XvJx4TXCb&eSz
zowW3vnUe~p88l^8dEWvVp*#dr4lXh;w@fdSbE{s?z<Y!>#e2E?#BB69s(IIJG`u{4
zv*Ug4*v4$BacfJZR)7<nF!XoAA9~BVZ6><!tMZK?Fmq|zLOZaLpUfuj>j@jheI(wN
zT}L(a6|iSdn98RTw;r|8cNMuX>r~&M_&vjxTwX+1ppbT&Z0qUKEpRjYjvl9M4S0CL
z<7g)Vs?Ax$^*@L5)tSx9Rncc{arJ+>jl&vh10hXpug%3l;JtI!L?JqSN2a%Ictc%V
z47-wYm=y8F-p(gpaD(diz3{dvM*#D{FeWLXG2wEWleTi0<u#Qw3#Iq@q`>f~9uRD`
zLxFKtU23K%19icV&mhaO6H>LjOfCi{QT|L(e9=%`-*_;I1K@0DV`E}`fF5>^VBlB0
z=lu-V@j<(-UMPh`MY3Um?^NY5y2qi-p7t8Pp68iyPDpqMT8Lc%buz+nWej~IYM#(N
zoyy5U8$UbuHJ%k3EH$-PX&=o@p{%7KxNhX_S{prrt=K|i60226*#Q>>#R^3~OD(Dy
zktk%qSY#b~0^q7#?=2(SW@EZu##jwQ8Xo1HiTc`O_!bFtJmz@cU+ikl7m-*~;oRV4
zS^E>(2)rwiR2UAy8=eD|CA`m^4R<M_glN2(Zqqnd@y63Me&h@G@<gMg{Y(21h4OuR
z9v(b`%m@0Lkc1${rGB2T2RB75D}-lujo-kU(FG7yP@&=|KzQ~^Lo&l-|AGWSU=T<9
z5iTmbG_VpQU;#6a*o8U2R8-G$ZNIw4f)XMEQTLkQBe@G?`gnj3lc3UID8|iIHxWZB
z{kwyJq@-lKbFw$k$$9vQ^0<{QBK>bfiVqRe9xdOe95``pJ7v_}(vmJGC+FgNqNEaV
zsb}AsLtLy>q~@2P0`!vzP{0&03p3@Z@C5i{9fWW|;HXT<;6Rm?eySdYa*!F8$rzUL
z?y;jf$j}Ls4qge9>b$nd&NQn45oISo!3=+e18DC1;tA`378&zio=E)Hl<Mm0$tF8v
z8twKKNV*S?J&*wyeHP0S0;afSa~>7};y||#abE%ndYKFu9rCsn^YVlr-pr~Q(Iw9+
z>GS(ur07e91se*1KMY|Z6CbqhexE*d1JC>71swPcK_B2w7@%+vjyX=6R<{w=q?(iv
zHxXxYN3rlk(&M-rD)xE?(hISkV=Qga@e%T<g(Xh0h5IDK&J_x51n3q*)aDwO`M+T(
z0u|7zs;WvlJ4|y9v-ZYD_G6R52)KM--P=z)J3AZ8v+Fv0nfO~`W4VPcwa_jDx5Dex
z<vmlxqS498!85hBJ`K3;lri$@$exN6H`pQAGVK8w#itkX3aZwtaT_Qo?ZZHt#vy|$
z<j2Q)8?pUkIzJ33K@3z98oX+b0>H8BPm+c^wBzi8@93-Xg>g9VrA<2g#m<$eY?G;B
zn$w%}<csi+wkJL7JCQs~RO(PZ@i^47Esip1zaU^)OeO-)=YKq)zc2DLyovxStwxL<
z;o9ND$9jxt+ZShw=iA9g+f(++@;JYqIE^Y^saV{TnPDn4J(yimE#Xb%rzokGAmfZn
z+}QT^=&T!!49YqOAAZ?;7&2#}Ayg^r3~rR@>_q=Uxu7eUKUt1iDN4wt3sz*b*Q%E=
zdQKQBcMSWk=>*^djh65#M~mikjN|eH<9XQdMVRX^{u?s<wQnY<6`KLvd?jm#ib(|c
zOuQ$IDjPYB#Rq<kxicpHtF>YmYAyv&7BU=H9NrnVFrI;OwiQO`mE^QcIMQx0N)_D$
z<-ynTid<+#3X=9f_37$L4OGOffGKBNVw#Z*I2B+f&nXmtaAIN7i1vhBogD>nZC7j2
zCqt@WGrRu0t9?baqn^n9PxXCd2WC+dN072|WGcDN*~O=Fysw83^iXjw9|HPBnB&#Q
zud_QG-!}!j{GZsS_fM%T7HT}nPzZ(beh$&2?QV%>tP=GDKTTqWnPNq34l|2~?Uh&H
zv`4;84cbu*_@+NoMVioi(x=-&=TU!0p9E>J6)3Zdx+g8KtVp*Pw(*Pfb<T|<B;JN^
z%|D9N`Sz8tE6p1zC`L&P$=kmTBW6uo-vVZ=Zx0q{WWu0oaPC9(HsJo<3xGs+_(Q&i
zA%eD0;k|)cwj6+^NB!R%;ZLN~YmN{bh*k9sL7BV1@>gLN8A8mO_7feQ)e_?JNyldA
zonWDh_-r>Np5zcxz-GE}41-u1vSc6MN_vuA_sA0;4dInk`>=TSZc|Sb52H8@>mH|%
z{M}#!nGrBbPuhtAkH~5Nk8b>%*u(JNCnx6m9Agh*Xbal!pOh?ANY9`gx0jCOJ2uV-
zAoS%=EYs{R%xB6p(Nj7oC_Q$1#N00EfQd$as_lP;v``Sie>}#8;(voTp}+5Znz;d0
z92q4+Fad@{f@%?STmO5PB(h(j4s27JSKSu*dd&-iD4UR@n`vidc~(@MKHa_Apcs>U
z?d?xdw|P%{4r>+eHaHFl%&Z8IbCMQn#*tZ1gMA(pQsx^>(yh6wSkvYRUnk%vb&$aL
z1Gyc*Hqk-12dn@g<5LcW#N!H){-2oKuK!16Q`keOVzENk0-DTLUp~Fg$&}}2dr$6U
zsjl6NgSJ)P>0*dYaOCF87xazo<V+OUa4IOKZ<fBCMZyAS6#Gq$+J&xuPFED$xnCb>
z=9N*1k-1B*=#Jgbl2eUI5ad4gTez81`M>++fx_W*9NknSv_UhQD-15EaGeXHGEw;|
z1{kWk&GafOQ$rjyd>k0m=8>zKCy_n+Fd0VyexQHn`~P-QfoA|RyYp4vCJ$jT_<{wJ
z!gLUIQ3*GDLY=iH(_CYv;5G9{p5*I?P(;{dq2xz(_6BS1S@93Eo5q<$q8or15&u`r
ze=xE0a(jUB?Q#ElYycLx-uyr>%vAr7z-eZ(xI7djz)95rG|6lXsRVRfX7Yb)L?7ad
zQRWG-#ONj<|NOuODL0k-SZq8RsA<zhFR~2ARuVM$s;gCsXvN`Midi{j^TS;qhGGle
z5f{UJ4PBd71;lTQSkiQX_-;94g2lZ^k+GC-awYR63uqMDl&uXq3KD{j@w_I@LX(bU
zp7UeREC1N!k5|Fx{83@x><PN??gb{f+cT@IZ9#!<ZzUCqPR|+#*X;RnIS?Hkt=p#g
zuze6}J=Dx;{hpIk#;XYc>6ZN&kJHfZ&B@Ch)KlH77|XzdSUH?Sp<3VWeRDjAy`5^q
z4o*9;x-a|bu?0^SVGUU8^<Nt0N*I`Jy!y6wVnGNApvE7i>i%tS%{qC$NnWMfT^m#b
z%kcQH5-O1IybbxXWb)($dyI8@G7bLAqpAk}t^E0fiym0_{SP&x_#R1s^0;favUm)N
z#1IdUb<Mv@)m>&Udue|8-q|yT%xLZcKZ-p)DzE46s{O87tHOaUm^w(Z;Ij6>xvh2m
zemAh+5Y`{**rIF5;5PC}gKJMcH{<L3<5aG+>yz1mO)zoA0Jn4Q`u22S*mv1OR=2AG
z68jo@#-jo4+{-)B%Lp@(n_mS%b4<44v^ZL4)v&oou${|Is-1mxmrcsgBI0HoCdb?B
z_<SzYvtqCFtgS1vkBX$_San*KL5ik~oAK*Z>eu8;8|(UO*7pt<T9J1HYqx}7+ZI6O
zW6QfcJh@DFn0H1o_siECkB&2O7pluKpIE0TmgaWOo4>*T$3cbuu`w7;3{Knq0%XHJ
zp)8SbEdDy7ztU*IV4q5^_?-){2=mTRc?g_5ovGT(>5X1jg}WvfM89|@+IsXQB~}a+
z_XJJ}ZByM;goZOMP7ES|2V|_jL8E;|B=t#X*qa@4dv?ulbDqwiV4!=4WGnmb_gK6V
zWh?&Y&!k0V?&xo&k?6}nc>h7e+~|iPkWpnrZ#ivx$!8NhGN9F~q>?DDF4^jBDZ^Av
zx}VgR+duZt0UVg@XfZs)z`FdxO?eo$inh>r`aC_4&i#~9;C?vKIL92txGvW))#+9u
z+a8I&!V8;<_Y8_$HjFlO1pL@W4e;+29#L#(Ail>hNRQ*P1~hdDV0sWGmCrl~h{ig>
zh$i=%I^7L`xD^vb{xPcx56B%1e)XEZ!S8Jt`r2@MBIc+0jVxSjk9eXu{%72b6u-Hj
z93q`|Ca=?I#n#Epw9KmaQ0Kh^t(L=qeG0sG>&q6BUXevY{e8YDlyX>O0V6E1P?Uxm
zw;ZN6FC~UlZ{Y5d4Pa*Ob8c$`Z%at3R?pU~Xh%;gIpz=FZ?#~R{R28))G7w=M%}q_
zXaV=LOO}7YG_K~fxj=<;1_1Au<R_dAbpy^xlUFeCW{3|hmKLD{|5AmrB9J)W?ID~0
zsxk#;DS;{uL2Xn5l$1Z~S(dBKgW*g&3G;2v5GlR=(ys;Ap<<Bz1hSaIn;E{%pz5pj
zKJ-|0MZM4^limtlE5RJ>@^3QzKXBYD{FLsy^g$#!D9Q9_gz|Q8h7?MmU#=8(1tzj9
zrIw?W4>yio_;+-){!5O5$?R>Qo~GFTKdP=WD6VeV26uONcTI423k28T?yiHo6I=#D
zkl+M&3$DT4VQ_bSlkdL!-n~DjYO1E{oH={<?q0ombswm)vs4JkMkIE-Bhy9p3*4xr
zudGE35U6a+CpC&wtgIQfEn3~eG3EUrq-m0{MwVXCv4fj7Gq-iLrll}D?W@?r0rU0k
zcVZa~=LWB>!ZR?T1Hgf?Dwk6;S`_icN$C_sLqn5unnfq?>Y{xyaCDgjJ?t&n)^ZqB
z@cn-61*rj%ijDQR>16~_Y^C0+^sfJ(fcS^I8R3Jd)v*BAqv_!x+-s*QwNu)2fp=rf
z`Y%HqGIhMF(y}j5acdW8`cb5AaIjK1Y6<jUMe)b@Z%uDZv8_BqCLiOB@*PM;;?g&h
zNj_g2p*F=Hv~km$(og{>0s7`g1;x+}k~c;8?=yZf{=!I~*jh)t8;Wpom0G_8UlB4N
zCY=T~F49HFmY!ZV*pbl}FsPc%Ci}ymBPoJ(RbD9MQA9{tR;HWCLF3k?kHu|RgrTlw
z%@q%=d35-tZTJcQ2PF~3Hn$-H-ejMDGBugFR|LGfh<JK~3(fh>2#a}s4&Pss{!qoV
z88pg38dF@%KA6Sg^A2fv%F82aR_RBflJI+-48{>fw7MU+UV(F~5%)2u|KCmeYH036
z(|iqTT9rJz{1)&auUE?Gn3%qv5IEHiA9pI1@Mc?HyG8Ui&-1%Qy%mnXJxHAWmK~?C
z@7t~G_uF-<1;HpdySWN(-;^5Zmjdbe8b?R5+VCUaJSS*ht~Qtq%)v;R`m-PO*yIxk
zEZN;3&mOhpLIk&q2*26=hj#Pt)8?Z?pXi_-E3oKNEZ4f*=%Fkas?C+!+b=UzC<}!6
zNBl}kwGUxAcB9ZW#sH^PP8jq*>^+))8+ZH{Tmav0Q;wYfntF_dmKITIveJy6BtX9d
zFDAWGY$f#5s-HcMS)On(myX)JVPyX5T^K&5FAS|ckEsox`Gw~iqY1lr#iO?(<X-Ft
z7SfTWz`C~ox;z+^+3`6bh0|xFz@dV^K8<l#XeS5j-s+K$8p5nq$I8qeHhi*nWQ&gA
zN}87%QGhhh0`rIFK3+?F|G(_us7Mb5-Hwe$rvlp6RyNPsxbl%4oD)kK;E7c}Tk}O<
z(m?CR#nOZ2A7@PzHN&b=sPSIo{xe7UYcP5Gzr#5ndA@?X051wDgDUYZGwxl+^1)m!
zV-|00j~3E`>G@k<jm%)wULV<(Y4Sh1H)E_(B)z>h4lQwAAL^17sjCw${YU<;UrSU-
z;PPoZ2DsMW9{1__zf~?t(xMG06D)%ceb!MsiJ7JngN>=qI_2`(FMX)(w;R<MT5U8g
z-x;YG?<Kc<GOoF#2Lw_P%e1Fh$^<NS`BRa~)Mfq9ntqrQIJ%qy)%$0v?S@y<W?kPO
znA=mbp?r_97s;BL98V(Ki@d_1N0|SXa89Ovnf}+pf98dk+~FQORpfP&$3`nLFN!H=
zD~korpG#cbB%tdRGBD0}qU-SSeP_S;B@T}(aZ@C#jAtG+Be}W=V(tE_Q#K=eXsr$G
zn6At@NQq4)nz^25y;bzH#ooSE?q!c{v&G{r_Jye&(~H)U%^&+KXBk6f5%^aH`5!3;
z_}`d^1hRne$4={+wUaVaVk*Y$)T_+;&J4OJifyRW`AUQ)h8noOr$&wp!y66moc$)Q
z?PO2I()scX>oD4h^7A+WZlbRZEM57V$PB<`to<jV1osBep{Ke^enW^qb+f?b<T@Q1
zo9I^{J00|7nuo$++^NqHH;XP3_o!bRB1#h;{6`b!-=?Kagsl~mS@(rRYZ_#{fArSO
z!LXbaGD!Wo>Ti&!3eV2{FV$qw5Y^W@V0eo;XfY|(f57QyDSeEVzK0ZE{xsirH*}^*
zE}c)V;vt{I8J1d&pZ3ibWoY@gMP!j9|0WE)v|u*)7*^nlyA94>I6FKK6FnsgEaiY;
zEzvQQ$$PycznGFh^Uk>r{eJ>tgeqvk(6>_EV+GdJ4?1oukt&GBmBwkO<MoK>%0Yf3
z?$-BL5|tQv-6`e{#CC$})DQWvF$Zr2Z=>`Klu_4+y<rgJF)~}yLv?@6<fiYsV7^y@
z{@?A<M->n_1uIQnC5{y|0Sk9$Yca4Wgb!^7`&H?wZ)vFk-%{aXcQ7)khMkdKo0F^$
zGJg$Bp${cLpf2hB+AAyXH&mZo55?JFk+BPz7>dJ?3SCVImIRvpjTk(CBOH%}nArb$
z;eUPc!$>SesT#GU9*}6%7F@LFdvKUjHOs@4k{FlVm7bGQ_CR$pZ&A`_rq+k?{_FTm
z{$7aV2HZRLUsoc>hpgpmgJ|oE-nvhn+&B8I85~61VZe2jp2i2ZKCHjihsGiB-=c^l
zrLUJK1W9WU@+y#fIe{w{KXXF9-v4KA@qhOaR{>+~DK7K4|2jhdHsilyv<ub$hvxqQ
z)8UE!N*BY^aMB4N|Lq#xtI0^FJHy%nzG&Oi@#FGlk2kmnnAdqXot*mLcpkK$L>_~3
zDB|>YG)ilkhOW&w!grM$^iQP>ZZW5+;<Y&t1bx57q{J&k`KL`6fB&MG(Fwfr^$@>o
z-(8R{jo`xOgk$<*{DgaSsZLP#3gv1%$>eUlJF16N{l8#eR20&qjigoe5*;1OF<F#=
z3LVTw&A7&*bqRSwV9GQ|fwdPw0tCY%%9XFFZ0*)^6!9f`$aX$T8+(M+JsczkJ56?8
zG2J_wQ*HcPQOe!LGH9Qcu?$-re{UU&j%1k}0L0o<nIAO{onGY^v=?2QOu8dTVq_jS
z#|4e?(=7cHFqC2*C%ujH(oG0*KE!>K&Quung6$sA``^VyM}+KuQJ}%5tV0Edr9||p
zqC8%@!q+y2&W-S}9~hdL7|=H?7x^4kT%gzz7iroCDv8R9D0p&+P<748_7DmqHg}af
zdnNX(Q%hqqp#nd@G|EfwD9KDH!SMEfOTm()!5b<|#4)1R3V%RUUuqRG><;$g3!QW9
z8u#pn=}m>KDemVlonuBZbrF|x_={&>evFNB=r&~C5~ZO(@m7gDjt%JsC0+h;IF2NL
zN-C+^K1uItbi1Ocf`%a^0}&1HM%_0n9;4Lx0PJ2GNVboKANijxTg|*~zN~0v_OH<<
zq$)fKj_I$FeWZOfx)xONeS11TU#ihR&k_7H<3H@8V(vM7Y9?ZKp;4o85UH&7yXD*(
zPyu8SVvFBRNDWA1T@IeDG?_m8Cg6R?RCNxAriE+^xb>Cjf~)X%H$;kVsmmF~8Pjb-
zOY_b%rK=OPhcP)!2x^EG;p0x&GX%*UR~8ALEh+Nm@gaI@VrO;?N>}vHzD{_tDiN^w
zU(tDz4(L|j-`hqG%&<|%<ajSWv-~Fd-wpcg1~&M=+C4Dbxq&m;_HCwN88yy&lhY7<
zwZWB+?|^drG3KtCdEH-vFX#ci?Y{>wk6|*h{#287yKy^Emr-AdRBSmJZoLiUX{a_0
z-d%GfdmZ|s)ofx04VivjSHR9eyUj0F!^67zAS;Ase|U-ys+KW%?Aje~th6=c4KhQx
z6axBz6niD?H(Xofy_(ZX)hez(ELs3VIpWu^^rsOoYrKuzb3xYC<dfmT&n(h}xHv~U
z_l^Fj;P~l3(Q&r)rR1x@M)@j-M(AreFW1*e!=SyL@P{|MmLJT;P=Jb)<64e20wn3(
zP5@XwF^sc7dzkVX)JE)&cq8=n?soV1fWZ_4+toHb<ZC8~&x29qx;}LSG)D%NN|#7%
zcz-2`B<9zo-KL+v(>qcTr#&c*%})xtlk$GYg}%-`IOZ}tO~hj|0-^wRtSblHPc(pV
zzFM@T|308z@S%%ae1hV?G%@K@p{HkRgnel&z<il(Ngz(R2h`bdOq;_aylcswn98GA
z*009^!HWGO>wv35wPBCRdBV!=Tz=VGgY%S=M7k%JPYHs1*9(qb{lxIatdm(10I)P%
zExko)yCKXl44>>Ls6WC-U^nF|q>hYd-R|BF(<dpU>JQ#V=)RT6E3BJC1H?K9xo~R-
ziyhz*XY{2-xnh|<i2C#`6|Hmm8h3u9E~yjgSRigtV4`tHMmV<T-EUS^cT~NVBq3uS
zcYB@Vtjh8-OnEc4x`qraO{c2vs=ZF5S_Qpn>xd{&-v4frMo^KP7v6(?Ag#I67=`K6
zzs_WUPZI|26murATIs#vmof+KPQAhT;QINO_yC$RURe%0YdC#HB9^P%D_(@|*EddK
z%!wllztDE=9LB`WgAzKbU)rT1X(YeCwffV{a%TUnwcrG4HeAhPr`}`!^@Gq#|H#on
zt?TSWj>$A0y?rXL;U#-<T0U1ui%zbNgS!$;x2Ylr1HFl=;|T!!cnki^&seJvgCws>
zU%j!|(DKvAs>xt}G9j-aYMWEXC3M9<?34$=?x8%d@KK>Op{I`qw^xRpnpCVFSjHi;
zrDqF{KiRUWNVg<z)NPe3)+|8A8PvFA^8iIO=O>driMAnATHl(VZP;TGdshuyx8f0(
z(?npyY}e}4+3f@spgnPwGc|%=c3J6nHhuc_|LrO{!0|9Lqu_gfQM{-hq%JUE;WN9}
zDDDPGdQrp&gU!!JcmT!mteJ$o%k$BM@8h_GNVY|WJC!|>W=8Q4f0XWF<a44-+SjM8
zYF7IhaL>kua~`Y&fWmHPr&?wHxZogOq;sNmM`m1Nc~q!Ic<!fFVpCmHdmFaVKI(PH
zRWPg!HeSJ@kg1?4{g4@hj#k4^i4eH2Q;5jN|Itd(sVcDmkuSYGtS*+oQWEE@N*8eV
z<9ev=iLmfiW2h6tXJk0q@&JjoAZmBN{?y;RZxn-;a{cJ$lVeLiQG+TjVO}_{aD}w@
z=UrgT4jFZ)8WmyR^3p|J4m$kuU^JG)1#zVIUqTTq6p==>SCD^mh-CV$q5WRh3NWM!
z!lX>hPC;@o>$W8S1%xm%B2yQ9_}*(vy{RNhi$SRW2YJ~NI@+}g5iB@7Xgxz*E^%Bq
z0d9`ZFSOB723`3!;Z?cXikOg!nH*W)Gs1RAZ|>!kB$B_4s(QW!&!6TRp;6w)d7inz
zr6U)Uy&WNHb-m2lo>t$C;%u_1@9c~Z0Er7a&l0M$Togq9vcW@@H!h7E;IRazOEOwD
zU&{46=m=}!=fML0GODBVk|~)rs+R`P8UQdEZuovgDp6bT3+2~s?<T#aAc7@<RvXJk
zKZ~tpv&ctHf?Mr1TujjRcw?cEfmQo;*tNcnoMO6RBRyPs>6!EiGTJ?^>K%0z(Mj{h
z328kCj^7);_b3swt8Gj0FYeJN+tK!OTe1Uh1nP+OQIO8XWA2ecc(5T;#n@v5)>y`q
zDYLmyr%|On%(m4y-ib5$UC(@vAN6NsXl`8ekDQxa=u4A<)zygqTfJSr`Fx)mwjfLH
z0{`#wEke$JmT#SR1_~V3TC4oPxiFid?<voM_YcyOwKhByLheZQOC)AbokK^RLzyY4
zQVY<j=2j9`^`jO$bg7~i+~0u+4n;bF?O`n%yO*DlBBK*1ol~^@l6v9$IK{B&ubN@j
z)E<Xri}x%mI(&V0hcM0+s;-Aq=!gcNR)&rKGw)WAmWKVm@gJ3^8C^?Ht3vZe4eek`
z9-RW3wZieE@G;Q;jsQH&JN)3l3fgHqKG9HB@t+hkNKI_h%!2pMjJU4{t0aFglaFsm
zEk(!Mw<!DaPMrGHeSq$vK#$DMAUAySHzeiAFR2)s(Ap@Tpfe^(sRD5~Y!fpws^>)^
zvYjORdsCB$FQ1&+A-7E!^Ihy<3gguvg2eyj_pze_-zxuh+R^*|MY+DFBcy*RchN<J
z-65BZa*x-buxvozmA!Ax+kMEQ?{7>|jznk<e{^>U_M=LjAeYCk1;pk%4izLC4dL0?
z@=!u&9Muwen%OF5z0^;$<z;&2rT~vy#!oVhb!O#X_>@=4Uq1E-{L7QjNOU`}HtBPY
z*J=ENxrUypVxl7w1I=mv{{FcU;Q*-=<-5LiP9xIBkGF7ef8s#W7fX4ilDXb(v;E8b
zR5BYORU>T7ve3_AlCL(Y&K^9f@<YPBbXY7ZdxY}Qt~TmYsf!uGw_p4Zx!Q0lkX`?k
zcH=|OinHo72z<l?5DUb|&R9C}GZ8KQ;?#-P=hAg+B%;CftTn+6FdRR+^87B}ED0tj
z{yW_ZnnM5lF>0>ue&^ZVx7O~MlzF9*C_*_0RcWs%AJ-jXi3*pnbuWE3`n&PCO>@47
zJ9m{H)cDbyc)9CQ{#wf|3R29=$hGjl1oIcrSMCiDZ_YQqoAxqcIPbwS>4Fh4FB*<U
z(Q<1g<i{-~&M%9Gc6?5<`X62^miIIwTAw>++u#V*tB>62fM2X#Z9wUNtoBO|e5=f_
ziWaJK<3{n|5<ddVytAPxGr<H1rS}cJz~7sN26i)eAJ<*pOK7*<2R5sm^i{XrnU3eZ
zeo7%(O{hbU{9IQ4c@%YRcDpZ&n^)=>*8T55gqyA!0#?3r=3{%(f2|*Ou&8K%pX2$~
zhN<#S63z<A2rM7)Rswa|-KpYtk$hO8C8zVltn~?>2lDY9Y0s6w6U9e+_aGY8^j^?l
zSF{DxdpOf%v{=P&?C7~>3F(spD@*W49s4*k8t41kZ8k2E+PWaO10mhMJd6Uz=}45-
z%@*Ck%+&WBr-fcBOnNLZ5mg6ncB99V7*Pg4);Ac)r|ez4%m+Y208_x~qkxAc@nG#t
zrgY+f{woC4`=Oau`j6OorGS@D!5l|u6rSYL9VHM1abz+BXw;+rpq72rlo_SxH_4}<
zJ`)>4;TcU=yB~7tii}M>r9akF@(6Tp7X=uILIP_ez*DM*>|m?Z9~(rrxc}Uy$*t(N
zfdXqgYA)#Xy&QxDr}orVU7V3j_1mwn|0Ta52SC1c4&M5{q1ARO9Is*$eJt5pz@obZ
z4MV?p9|?>-Uey;keM-sAZGuom#^yb>&J7eI(%N2$3$mT+8ck)At=WmLEhS|dITF?~
zb$lY+C7!{T&~OTfJNi@}{f3j$Wq#Ep@oe>`g$xLQLYi!&Mu!f{uC@wR>D<7TRDRbf
z^}3i0_xzhw<}bqgHPWJ}Oz0$mDt&4Z(8I%@3^D?Dv)l50inMp^6B)&ObJfKP5aHc%
zRAb_>GIc)LXfvBpN~{N(57jzEsN|)QfhCU5Llin;5|g)2s;W0uZz(1)+vkJTUBVR@
zG`~sC$2kTrFW0s35#f#Gu>pJDx&NfhqO|)HnGaR5g^Mm1=+p1mFpoe2X}fS@Usp-F
zz%8}_1Ff>pKRLG~HPdQIJ`b~6MTT@a_U&)1nP|o~Qk*^E4(SV^T?4ZM$y}SDpt814
z1FCll;i_RgIudFD-o!u4@=Cps23UP?PfteKce0{BdA_(myls`l`U)A!_qne)4qj+!
z;-`KjYd}}oSY2F0Pmm@54Gl(_HnXK85eez`EN-XZ+=7q<DOvO@<b1<VC=l}68ly&8
zKJ_w+0UDy_7oCG@<-~VBM;zhgBAQWM{x*3j^+tt@sxQA%ML{<tTJE)ZrG|X4DCSUz
zxYUYJ3Atk~^la)uNzRN|5t3q;&wsEMy&v!!PbRywI^g1L=g;hgGJ;mtbK`a$0Ry4O
z`~|m54V6va#I%s+ThHW*R)_|boaU54+m!jyI~|Rm#vTr}DjrRN+ML)zRi9VtOq@?f
z$y8l8E3Gu`=>q&r!>+Zlx7u)xd;Y{s32`9mb$StX^>4(VRoa556)?uEbz+Hhy+W1U
zo+r>^?o-ft;%Nfv2{n9f#Y5yVzqxEwKkTWSatnZ{8(-@Qbnx^;7ZEeJvpf-7l#zs)
z+PL^Ua`@T^(;Nj6Zo1%7_s-=~9yIZ1p9EDKnfqhAit=Y<etNYAy=>`TLX$q45wW(*
zolv?gZ06qkQg~YvPNW?}k;!&Xs3Nhu{-h_mc}ZHRX?^Evo?6CFkRz9bhBYKOS50B0
zuwYfXZ^k_VcaroZn{>LUkbA89=r@>PcOHMj@FelVahz{Mdu<X9QOS<)_a<A9yt(Q1
zhaVMMbV2>9KEgSs|D_d}>uOdM5zbToJ&##Mr`$zq79A<P497Hfj&%DsNaN$J<J=rs
zndUch7A6fz1D$C#t;on-b-AY^J^RDDt{)=G3$M=b4987deMU1i?+*-G^FSI+=_YHV
z&9`#4-x69zlJ`h>1pnkqf!W=)TsmIQB}!iIea6IPPOLTlCC|mzvXz4qWx6;h<yt9~
zWfkJ;C^%ecrXy%FNg4u<ek9MN-b{K0C~r$$n1%p1A;NWFU|x&JR!Qpl=pAW*%RG_$
z4zm7&F<XGHHWuJr%Xf0P&7TbQtsWOeCQeF41NP(%hN#Pzgs9UOg@}2N?BIfq^tFce
zjKmv79n<%WQ?ccZM;&;<NvI{vAQqcoEF%r;VL^=TiT+r)rI`8a<a)njg<ZFCp2x+h
zv<HE?od&{@?_6fht4Mo2YFh9}eD(5NtdtGl<RaiE)?{@!xd#%cxVjPa#k@NimLf_`
zih>rG-JCDS^qVgpiA3vSdO+f0B=y_gmBMtwD%B{*RbFkwM%xPrMELF|+p_&}_2JcD
zJD`uj?a74MPzV5X*2V*4(B{!U9X~we*V@p=4nBn+f>ah9ZhyK>Aw1715#~$1>i$|a
zH8-U+qS2)7;cQtz=wyXCjNI6azs|qJtXR0w1`G*tdYXSgSZ%7GxVF)d@XIB%(k*GN
zSpAHJ;BNc9U#9_CDnx)Tp#u75&`D2cOS}nS=!&tf*8qcsTkWAER=P5XwDHC`nsC-n
z)Z~^#Hkwo!TYH!LPlfI?HslfN$ICXJjC#Aut$mA1h4<qAg{rW5%Q=Y{p9W{K@vO)c
ze8j9-6o)^JBwm)jJgWS^bz-(Eba{RU=hNsebWJonG_iU1Yp@5eY7hthxdz^SW?%Gt
z*Sd-}51KvJM8Z#JHow(Bdtzd{Cw3-^wZLFv^>Z(ulPrO42$YVuMb}AwZ^hRDz98M5
zD)kqKWV-YfFlz%O?QWh>#M*B>WwRx@D^$nncNx0$F)`GoB{X-sk5}pY0kZiA&~Gm8
zb%Cj+YTF?+KOwHYHhygPWW!I&b&Gea^S67=n+P_avkl?TK=S}$CInN#u-2~okMm{e
z8+XkSt^lhTr%wfG+@kZ&Prn-W-2wolW3)+k7Wd|M;Tl_CVtiCMW{*!b`(Ts7GV#W+
zO9qmfCqaLCv{Y{kPub9~#EBvbcW>Dx^*>XxX)&{RnTRT)l~ixe-juM73f+a@FCNd?
z&P0Zo04ou!U%nvkNeo_3vieam%l(z6m<M*>3)~y8W?$F5PGKah&o%<ZHaybvB?@6n
zafyzdRp?f%6-2tr=_XQ}1!aWJ=BhE{T7m6hGaY#{CLOH<zgLIyM<6rHh_G&9L4~UO
zUmi|ox(ZK~@R~<~zBK&5-|5cXZFMRKjJ!KK?;QMIcTSs+f6<>jdlBNwEv=Yym9gt3
zr!WHYdTB1>oQ-EXGFHz~atH+o1@6y(CvjQE>I>YFbT7UtOmTH0IM~c7YW}GiawOh&
zb!hAtLcmVye#dnjZi0Q)$DvmJr<|*I247kfB5~*xr?7NkeLoUDy_Ew5@P0!D2u^*l
z?5f8*e$#}oXD8LF!e_|AO%>2Qaq2-hdAZJzDF8j|2MMs+ZaG)d)0J60Y&r@#>2G66
zu6+MZBVI_#9+n;0`kgu^$_|(YGJOCk7|f#`g*(rzxLyE-Nt~aH3Wz{X_Yt>$F`6hn
z!jChNSOH-j8)!)0<5SEH^z_AeO4A*-gV|l$onJiN=c<_*llol<qiC8b!|hUsUz@hr
z?Dg_(XOKP@>;b*D@A4jwsRzyIkHQbVJSAiM#6=-B_qP#OA19jIy`>G}e#m{PDbZtN
z$hNItyA>gFwtQxCa;}EE=rz*Y^siL7dSn8CxBxvHqz+MGYOPBhrc?dAEAYvOwI*Te
zmAp8Ff?Nw8FjWW4?jn99-yL$o1*&2O(}@;#WYflLax!uoaf}?7<7KKUx6_Q;%x5WX
ztw=g2P!1o_5WXoxZlQ4)@;@v6lqENUB%BdjV<KGzY4Vp6Nxj3+VLXp>z62Z=J*@q7
zlO@tev0tAY@bph0I>WuZygYk4jo~Qkfqyi`4%Kvevzo<r?bYot?Dz0Qp%Bt#FDv>Z
zJ<h+zZr`?pR#6UN-8BK_YEbgodxG?gq3w%wDwlOD+B>TPNmb*^o_iBEpA5{`WTSUe
zmg9i(WKkCE_LK%xa|Z|EC11RGSMRrh+!eU<6V{@6<fq5d1*-G9gK{>Q4%~s(CY3|b
zQ-${65HViI-S#$@wu_^PzH`t@F9j1F9-3bZ@uYuUS$>D{+jq>N^S1I2w`~KfFQhC(
zb+~4RT0}4pZ?hoI9DoR7V5E**H(QXRbL~(qh){v?-oaTI7rBL$%TY!A+J+EX`^}CZ
z4HA_pOn<n^>KHZFum*oLU}fhQ`P5!|b!$FGvahFDLU9}h3+OH!&{Mc!_uF^Fj<eBI
z+7PC#lIl$V0>X#eY5tfgp|Ru<*WM|W#4U4{Zec~Zrq>{S|61$q%DL)S!cEtBol>31
z^1un*9!+YYV^yn+ejIDu<e;mZoGhj-yuq1nN~Jh!o}LHsEv-n{849ua)y-fVz(Q};
zS5Ri&GJ0^rl3{Ez@)F(mRiZxx4?QnAP)-y|PC3%0S*uhptW~R&lhRaCkh9Hgpt$XL
zlepGR_F0C9dhAoUkpoOsmd0G<<3;vwKYFKWvciAsnq1E$b|AG90T8bg0tI{NLy6=v
z1QEC<R;Hs`fs&4SPun(vT<sAr?rA%upn{2$FZgCWU0MY1=XkO2w<>1D%3`C=_dd$_
zmF{-FP=^Z$Z1$sC>o5H*27Hhl1a6o>Gvd1wOY~PqdIvO%k!0-;^GyQ#w`W)%Tkuh%
zt<S%*DS}WgNiGJNwTkb=lxL$WCpjA>I*+1(Mn?z_1fVmv$^JMXip)rl{Da?T$JK?F
zxCk#cdE&^+jhAibI67nM#0^g^h%D3xA>BY9NQ>KReHdmce?`(J=C8Qx)Irmt`R*ZL
zJ=xj%;^Xeu_U8qM=7UuqQj<)qzFY#Ci{0e&%k^cH0n9;*;^GFI?LXxLCR1URD4xh%
zfFI{fQZhSfzj5(BHDsdTs7I}2N0NrON{GI2IQLKXlE<VRva6&~y%I1gU1bBcj@LPl
zYYg`}5E28c3=4v&ZH3#$_bi-WlA!riWI!Tnf39vN7X7r$soOn}nVv1Tw$Xwf*HE`R
zb4lXnSP`YzpD4K<F^dz5Ug%%>HLzjcXe(CmC~2I(Ne~zdkoE1qhfA>CU!M%zRW5oR
z-pZ<lg`E=KJa!o@{u(#oF|I5e-r%Sxw_e`BA7?}T(j`cPypbtFi?qMpq32te4I7C`
zO9d<qo&+gypOQaqTruBs#t@p>&Q(Eer2u&%V!Q8J>b|yd3>OgJe4Kb{7hFU&HOh4S
zJ>k_Z<EwZEXu!aq#Ww5RHsY||LB0O=?DY4nF)cP;Ka-*~=Dl1!`c^@HTM_0V@Y<Kt
z$0bK|OcJ%GaO$l1=H}tvbhXBq&bTeI@-4bV@~~#7MgTTc7Z%lKfv`}(C|;VUjA+D1
zV==u!>G`gdo~%l+x&UcZH|q7G{$dfZZI*fLs6!-jH+Y%pCe)r50uMyc_UV<tgy(=T
z;Jh9<pLAsa55qH?E1ABy+vC&r@Zg$#GUm~3_n!XD@AkkAyKyrnnh@p=USYQ=C7|3!
zYn0C8ECZTP*4XhaKh%ZCd;-3|s{IBlvM>{Kw^T0qM+FI&Qy<|qJ~z&}GL@!o9Nx3=
zfR;LT6$9=YxQDT`gB>;2Aw=zf<HdNE<1C6!X9k{owAJH4&!!T`o}%&W)+_FK$9P~<
z<aQ6$<Jo&ZiqOW@*xFUL%ui7|O)k51-`E+(KDWVUfNG;9&Qs3tL)(?!`4bb9qoME6
z2&?xIH*oK9#^Am|i078~I?Dm>sRDnpgQog8PXkt{v60R}80log$B$S4m+ziy3#U#M
zozlvIf$yKmu$fgh<pLwL`;0cGTSCwSwEi!KwLM<<(XdM|(0mnXki_7`o7j9fS})4z
z8hiqx1bMe-`s8GC{noXQ@J8WX{enIaF2Pc8%JuNP4s=wq;JVl9z?b+GQH<8}n|kuA
zUmCF>bx<U^(*SN<dgnVromvy2<FitM0IywON!4kra-3O<Qc1bEwND$7jgE<#dD#k^
zB6lMqW})27`JhVVaX;Fk`z}2TnbqUxBOt_1!R=E-G~7S)jZ(U^Z_l{C!5>*TD>9Rm
ziR8wwQ5~61q5Uasa3Mi8TA$D!7f(fPt+z;T;o+!0hR`wLLM^Mm$Oa4fns3ffuOBld
zYOiYLw5{3*vC#aHXTAyRTio!S+l$6%JjXU#@&aQEEMj3Z@o7cYh9sgkzXbTl2)KU`
zZfi!hnQz5tyf<`dKU^4tIMQ}{XSegQYZj=U92q^60=%Ak<$;!WjO^fre?`o}?C=u6
zQ5g;f|HNPL3Ex@5^o&h!)7^nP@1Fg!V*LEzNvwtkVLKhAGMy@W*fmsF!HCRC68BpL
z^;6aR6(uk7$(~1blBM_9s7^+J_NwBpPCz-p068vTJ!!$OaeR?>zFjTBe@y7iM^UG~
z1C?y6*a(&H$g2sFcFgMFa*5sSKIuH{@Nj_3D%CT~A7VZ2qh*288(on1K#TL2dfk-h
zN@duxub)%4_1Ik6hEMo>Ac^i?33M@Z^b8>(I@|mL(tf}K7G47qo_q&7gk?x4i@GNB
zir~ESm_~(mJ|E-XaXkIZCdNXLWDhD_^6-0nKgmV#!`YjA2P{d5qSI(1f+-RBY~0@;
zAlk^OA(+*n?KU)VQyaufzaARZ`yU5ud<!(MuFS8lWajOJgs5~x`US7{jfYwv7pI>v
zktI>+9x%b>xj&(Fwz^7vPkT=bdi0~^^4{0!x*l82yv}jWtKl7L+4Q4b$0mu(^t>IA
z<Se%$RF0=S<Xg^Y46<L@tbOwgZV>vU&&u2z({{f#+k{7i6EWa6P9$%%CKNs9Sadd_
zkb`bj4=oM!OACcpDW&0ZBv*pN<*zrmLc#Uyiq_dBJZOthnZe8=`Q{k04zLaOH*;`a
z7|=G)<FL7ByM$wMF;gyhp}%;f_?hwfj@Yi`w3%*#G30!^Z(x$+g&&!K7Zc5HFVp)8
z{=1GKF0$FD`IN?rB+F9^>{2wPJFy<F;5ujR=Wchc@WY~Iqh9RMM%dmc#wUQ@C{gzc
z2(Mv|#j7hl4PU|LoH5a91;^vtM~^TM#uH^-l`zQ3n)kgD*~4Ge$!L*HboVktuL5$P
z_V;U5XgL8Qf`|!Sc;~t}<s~w&*a^qFEI;0a?(vXn!^Um5=^5hoU`C5=Y2gIZs8I9E
zs}Mdr+hxyaGRst_9y7h-S0~L+3d-m&{vexD<+d;WntFDV{weK7ufpx7wy$0%<6;G*
zNMP%!ExXTd$%?%bbH`HSeUI^SeZ`|YT?xNo*cG}1B>w%F4ea%-0t5>fK7I7IwFD`d
z50P!)90LP#Ln-&Zx)OR8<TnRfM7K#|Y6(E*<r$ov(Nv97uD`l|8z`N_Z<=XtBuv-5
zCtWx{d+d2V;DUR$YDD|f)g4})o<DQtX10Eh*jS6O$}mAM1`kaZ)SIlv%<oK)E}o++
z(Baqt({-?vt7(Slc?`wy;G<KA>)BijvwwFS(@#d$-2@XhveCco563QWs9bLwATf@Z
zsxO{T3g7GvRT-fvn<`HJ0imYlH`&U$s)EIlc*IH6AK4eAsk;Nvr<FP=)K^N#4nww{
zT7*9bcZ4+nJH9i0PohN*ni`G|zI(-TFD?qoG=N{dxkt^mKI4tAFsBkJ$_!im`+%>1
z5-^$4d-jTz#fC<>mXT_0RZ;du%ykQpoJzH_4*MmRWkT>?$);OK4A+ji5xm?tYRh2I
zUM@KdU9G$mUS0cjAd1kQ?pcL***zahT+~|+WZc3nOfas5A`l{78#~rnA>&Y1YHhna
z9CW+MzJPGsYzC)dor^YENt`b=nw8ml;JWw|pe(Ov-=<oSKDlp2-(3k%qb{~iHk4WX
zc++zs0UEf)NlRk)r>jT0y{&L_5=U)VAI2t9b)nbzdAL7Jzjm0pCwQ;$tC+54b5`U5
z<9%1@gBuuz3U=48I-4&Sq?uVD;E69%QcNsaT&SV_WHy)3-s0F0b9$EwNOsuETm{94
z#8bxc34NQ3tdaL`+OT5oNJZCgkFzd}&$~F907e&l2;$`U@R2{I*!5|wO*_z=PaO-t
z6%GLs>X^Vsla>0d2px&vuzTsOiDK(UipFhIgQc}YGcx6iZsHV$I!n)RJcBLCLztS8
z#ne$Vf9e!+eL?ahTLaR@?~s$3Ad6Mxl4Ol<gJet3oJ|D0$LEgTGS`lqRmhsp3%MFu
zqYdC@xAh$1sRW(T&1$`R8kwJHF#unsy7#6dK-k-bn#q2mcc}W~HEU)eBiV}b=8gb=
zA(n0FMeJb!Xq1rdjQ#ceVYh{BJL9xIE#1Q8T(1QOzyv&92f(j%-H(NGYOya26hle@
z`uEX@_htqcV;ozaZrSPXy%c-V_S{mi_$<7~-^A1nW&Bf@RcpVNyAgNYch&AfDTM^)
zo_d?w^kgAFcRj!Y*3;u;-aDb7-XD0k^K@c-jn-l}99ANl(15|GFXq6>=37Sq6R(IL
zTb7J~<pZOK#@js##HeNZT!$Hs<1O)?g>Ia)%FguB`t{XgP$C)mj$Q-<b~U-Ag`(#z
zKpKlb1Nc*Ou(OA$2tG&`;~`pc;^DD8BEa5(rT|JMe0Ka7p!05Wv--**HoBLYQ=p|K
zsu(6iMf_Cc>>c`1>eq5uSB63hPZ!+nbLRb6QizoxJ@S<dygKdIx+Qk6i?5s|+OaAC
z+~QCqvIGW+joXhq6YWfk8wEv}yl%SQ1eO-7q0L1b+k1MRn_5Qi*!`0?-Fu_TDr2b%
z)e-msVr#yb62l^Wf<7NYm7a)L6Xl-{%}>-_Iy_Mbp9E1C1A@=jJ{c8hnNKkil%xw8
z{zT4uWP83wTz#;#{38c=z+a&icy~mX5rk?9A0u^`wW##wQ#UNWaZ8hWk4opG_H4#!
z;<gQTyh2jv_Lay>eWc(O;$H1XDBwd2SL|~|g8O-lo_s?-aPK^nI9|3Tk0OwlcV|SX
z;~gbK^yp%h`Ph7HN59hLs27uy4L4QslUHE!Rhv6wVC)Sf*N{z|e3by3?REl~)FA4i
z?}&!N44@{>mdm*-4b|_|MfjZ)H&|MB&T12JM^!X{|M&y{&1i-_T#-F*(^=tNuW0mP
zMWQ*$Pw6FWL`nC8m<8@we>rU_KpOnM!7hrKNXJeo)KfITD+>Y+tHw%?DLvowlX9Jv
zB%WW$7o+4X32P2}>I-_N9;G!vBt@<s`O7iX1F)`=!~8SxcdA}=64G#@@08B2Ggdb?
z{#>o=lv$|zqvs2zF_w5IxcA9(LKc_A8V-UL1D`;(gz32V>x$(d%P>%cQKsCMcz!&5
zyEpj)yHpG%R)bPPymSoh4;I=UmLQH0e$&nGU6cvyL|0XKUuQriHTDCqHZU|z1k`Hq
zvrs{GmXn%gJiGTuoF^(1*&2tTlJG%asV{D>V>n!wp$iW)Gcy<4JlT?yllAYeL6b7&
znw7C`Toz;9;L%TU@3$dCk235xGu~e3@t|5$N#V2gSw+5NGq~iX3J9?*)FrI!L|Vxp
zi36vPS*#?XF}rqbo6u-JC1bvMFhl{+b&W66>_B$l-O(bRxtE4&pVG~k$Q_mGpjbMp
zu#=2n+RLs(=&wBM8aPs_Cc%iR=SD(d>6bq=^ZF0_NA5Xo;zXxiojxc)qmjW($Lj5y
zCarI5C`=+qny1#{kRf@MdRwTvo^N;O>#=7|>#=v~@9}>QcaMLkFt$}OcA3N&J=@JW
zMBzbpQciuBLNdak*@MP_P&sE;NN3d$+VZ3;pZXz(l_LTm9nb!#CC8d1t-R7`-$O>V
zFSNjAb+|J0mS9mbU-!a^+J3d6*)QK7(w#SBWIRN+Km?iXEs=b26KS?Z1q~S<7*OrF
z+KiDa;3=)Gona*iJvNsV4owX)uOFH7E(m*?8P+Cu9po=e-8Ex`K!#});zFJIkiPQG
z8^)IZKs+MwB(_cZQgJnntXW{kKZkAPqO%b;)5WFhOn&@Eo?<*ppm#&KVGELv)h{d*
zt<oyIogzX_*Lz#u7@-Qsc11&ts6!bQuR4kFkcYo>V9<>f$ZPQ%R6YHM=?Eib)8?e)
z+N?pOoODyTcsieEvln%qlpmy(e?aVOx~KC)kF0mZ7Yro;I7Z%K=rU02z+Cxa=@_RV
zk~cYYNO4hkc!(zG&Y}%IgM)5_<>le`giuC=8}JKKn2CJRNPS$h<)0$}C;d~u@9<}T
z+NXNc1fiF*L7Ld88toRX=Tmg|!fitR9vs|BM>7*QIt@-A+nr-tOxhK{I?SIIDwI13
zDR!Nn3MB6?#+@v>?PDA63gl}CKEos%EkzCj9)twFEVU#<VHRX6zCabA1KnFuHb{k{
z+2T`hAu|R1<e0>3YBnhmP#2R-4d6VE7Ec8}Cc*Y8$!8bfArQ8%yHIIAY$|;fA;c4;
z-Yvox%Dqq2P)2~DAcrPIf#7xLib(S)`LIsRHkgVam@!L2wi^)t@!m28Md)HE`+Tdr
znoJV;wG+GyL9(LK7UYIF)?Y+1zXH*8AIeR;AeT+T-{FVu<O_pix}i1{x-Z*f9(E@B
zSW&v1I?%h;+u;<11w(&A`2@~1AfvA=R1fC_jpGZqx#0k3-dvaKM1#hO-z2hiLZBp`
zp`IBlptq*KY`kOP5(c01Iz~5VXB7&u=w(fng)O%xI)<${w2OHw-1}FmeMkRiTf7vy
zUj%x>!#M6*@g#j$=0z3nM>2XAy{{@T4}jDZ6G-oi5gRB(=#fgPya*5+4T&7&(4m3o
z@Ys-DL_X=d)i3>k0JWcTM#&53bWLadGw0`no1whB?KLE@9#(PjAD<WAvMg063?~Nv
zy!*wN?nWkQtqwizf7jLh#ma-TI43m|3GXt2AGA;HWi7@ecHu!q(i9t|X4q*uykyEW
zP5OvxzhVC;HVxlaZAtMvrcTtqj49}evRfH&i!LVbpVv-kP-0GPi)ms)c;=GQ&N!`b
z|B7yE_-Yhp@kiu-Cu!HvN}?+WGgLGm13fN6w2g8ath5p(cHzlT&?zDDc9=!`lQ4!^
z{BkRl(^XvQX6zv9tV8fC9#F*_4@!@B*uAJREhqZZD)ptlnBXm~epd6#lc*ymM!c-9
z97SyBvV`>=P{O-~#Qf&Fmab;J8vp)P^e_XJ<B3d=C9rv&P0n|VnuQ`$p<Lub&7c#x
zy{wPrBX_^2L!=lp0)hiA1cc+qe#t_b+?~5R_MkAtlcjcVw{N;A-zgrJZfIl}6u>8k
z0{sNKSBW<CMUST730nF#dQiw<d54S-$nY+UB=UeCBa2S~#@K`q7=qBtI7xTV%n)~%
z=nKNAwN1ajOS#&oJzk}b4n5PNSqck4l`u$mdx#O@QbPx<)?p<JDF1eBI_U-86H6l?
zAXGpiAqw-mD%)#XA93cvz}OGR7La7}mI{$H74588?R?4$i=qvRga(^F*b2}gRjG*=
zppg2@u?Fm?HJ!B+U+CQIGPQFn=B-cPyT4r+YipcgH>)h^2IDXUy|&$&*#Ky~HsfE-
zCou%2-kYe6JE1AiWuYOTSrMt#rqiSq^36xn4%XT}4#bm0G^09OtrVk}n401ww6_c9
zyk05f@cF}rz@ZI*-wiXXmKBGa=C*1Ht<AKVVAl5dAmq7~u!6RE>p!?^Bl=L$YlDqV
zN*E1&mC~)C;9(1nm5C_>6SXXVg2sf+PH$}jzy0{@mV%^}$(O0U=qvM9#gY{8XNkHV
zFN`15AJ9GMa6xCk$CS;UYiUR*L^7jQ7qqD63Mph?4Tm5|x{%gAfKT$)Yz{BncxY$`
z8eMV8%VDB0kd$7fA0*#!AT1!7-DH)OrRC)r?Iq@xXa4;8v-^!TRDFI_Rebby4+Pp-
zZE>|)Yvu7;vzc(c{9fT;yiY&KL)V=J$rk%0oY&!r-e?Z&30HBc*;};Mr!Glx$5{MU
z=zFZ$TzJazkY}nu9Tei7R>rza;SRPC@P3H)QB5&(_8wsCyca;v8FesJZJc^-hcI|~
zT*z-&3m;U<69o+ysZiYiAo-aKxq`im=ikQA1NG7Wm5$PDiml)TDk2b`6cVH>s{on!
z!Ir;f%6PT8R(>=H2KC%QB<yg~UWT58Y>hq34kUrG!iXyou__@1FD52t-uCk0B#WD2
z2>wDXi^|7Mok(DZ|7Fgbn9q~cNWVR}{RMI_q98G?h?&v|g=V)Y==Gyj0P%=w@eBXA
zkn7q6xIFdk1-iRubPU39+WH$@0ed^KP8<h&(!w!{MN4Q~o_eY;2nheg5b$%phy~`t
zWJ{<<&fN48pPxPWXk#dSNJ{wr-DLHl1N99<*v!87DBzwdy@6~Ind*qaZPLR^BIEu1
z0dS<>gm)(Tbh200GOX~c_WDoNS=L#4vuYFF*MU~FS;toy%T6_mte!^XCZlfI0tkux
zCzJj_>sD?__=ofl&u+5vM<v`Oi}k@_sKoMzeP`Qql={tTk(4e2TI%Yd-;*gr!@>$2
zH-s6{Ks=D|>}wbBjb)QURP(P8<u|HA1tEsPon9r+q4k~JTK}E}z>_eZHLW~{fw_(r
zqoR31B6=&MxU$Qfvx0S9W4l6Pzw1HE#&@PzPL?^se)LPe9E6bEVGa=Fa2~7)f8Bd}
ze5#o`zT>TZs20Eizex|%@M##W<|>Fn`#OgE#eN&!&d-Z_JyQ@dyJRiGp6hH-gp?!%
zP;4MNoYUX@KDblkdZ%(pVZUN2lt0lSut(?R+6&K2=7|=N%`5uT@~!mRK8VR})0fdj
zbnjA6qKaqOLXUg4S!*>8Dc;o=F#CgZc!vlw?`+0q{;R(0E1zyI$Dz4yVZ4o?h`0XJ
z^?hMh26YR1X|gDDCeD>(7U|Vi$7axV%~V0+$16|l=|cf88<1O0YeprWR-OM+z*sce
zmvecH^YxG`lCI#x%86FRk&kqi_$So6O^$hC23>{+Pj6<qGjx`^Nh$ji+{WEoKF$nw
z^^#5hI1$MUbXhHlWz5gei%Dksa94*@jg?QATV%<cS#rvU8>oZxYY8Ea@se`R9MRTH
z-^tp=F-0Y%q{;+ynwEo%q|XgtJxtW!woKPwhcxOi1CsoUpP!c#Ob%r-`Z4{47F8&A
zmR_|#S>nsx9(su?gm$@-r1a&mLCY_T*pPABnb)LuC6Kz(wgkLnj((~|=DW|GKXOUe
ztp2Edr}?^d%zH-o>twG=u>ya-zDxamMn;X}a1&B%Uvp36rCBZ`evQUgzq&=kFzQ}0
zu&O`Av4q_B5x(0*|3~FwJcpyu$y&pees<0+3`8fHpio<xYQ!MOif809W7b69drZRL
z&v~LtkTxkroO}wtW|G_xQU@(vg7UVH@%~0v`rMF)o|(SDvsMlHWy0WLzqd(aznl}|
z*=zGYXVtvf*1q_@7i#1lvrEGHGcDoZx2SMj)sKLc)dPL$Yg^rLy<l{BYRKa1cu||Q
zdMWr>5eUPMU=q1sDqtF}MkV6cw3^+DKOt5?6Vy!J29n{Ir{xCQ`aLEiv~)J3KRGID
z>x3{*f8=BDXYA$JiZYiDwYg@*PbV93j(x{xgcT+DDgE!IzE$BLFQe$OqSD0;IN@rC
zu7;>$b%{2P|KKrZ4H0&mL1CLBNm^V`d3CWbcz>%qLi=e9o>)M|Q}X4v*%?`u@!G!r
zwrNjII7_|#h~!Z7AiJmHm&zByG^!;V6;Xp2jy|5P{JG}M<M-dW8Ffwyr%c~4ZB+8h
zEYq8K)NhGz8*|F0b>f)N9_<L&KCpEJ29Qn<F;JjKLSqh#)sl81Tn5m<YJU5w6hVo}
zPn|Ml+?U4l@Vc4q2Le$T6V3}h!{m9>$T%8ygJ(7!7LiiQVrhZb3>)%=1!va?GALMW
z`42k6MRI0q6d0-3P|3~P(C3r2sMu>cO{G=8@YVc;0W#4PKs)Bh7&+8o;^nzh;atW_
z&G5Lw8HA<n^jSaBW+f@p-3oV=TFt;+l}GV;aWJdR8K{z^ixm6B%U8~trAI!f$FjT&
z@YY4ab_I5UgB8OB8SgQtGR5;}%2w!RQ`+=SpO?WUGQA0o)zky^-q`bLl;>amcJva<
zSlPV#gNs|a7$PRvC&wS#vbI0fGcCS^HT~4l(;rCT1UknG^|gmvsKX@!;HV}W)hY)y
zO=n3GqHmAP)iv(YXr$M^Frbx39G|iebgrX*(cRJSZ_GFbGrj5@_V(`|4Pr*5_y)uH
z)29gh6Ly;o%SSS)i&^2lygV|M2*-*o9CpgR;+I|DtYYocFKq}5hhxy%?iP=PIn^}q
zwWQk*14qb!0$5BDz9M>dBP<c(`GyEL)}Wk<M@s5&THkhC)Dk9EX0Z)D2bq0e$IX^+
z$TzlwZ;gI<+m_=}_k*;?QJhMrkq-WK&Wb>%0#Fa*T_ged*5U%5(?PjlAy3oV?CPg9
zC<=6VXs`!?*AiPspMw5Y423|t_~Uy`&1VEsO3Lr(7zCB|<OeZw{@k@Ga(CCC&B=+n
zTUwNfy4S9UVA;*sHPak=b|c?LVvW;NHN{iIe3d`n9Z|TAvZxahXSbPuZ9gjv623C@
zE9;0s@3EH?jCo$3ywDVf78j2oH|ui&U8#|d3}x|S$mIEtWzO4g^<e3MUMZB4-3vti
za4U_GeU6P4(M^8-`U>UCU5D#~rI*AzW-gdoBNxbbA>+T`b~C~_eYMNlUw{#kV*znC
zU?oLHb9Q8og2y)UHW!Rp!9vHQ`76jElQ8JgSfSoy>isBS>iD|{zV*+zyFpt1mD2l&
z<Ks8jfn54OBa2hWDr}dalW(^&UyGbEHVA}7gp`9Ly1hB(YI#~aA}qC*N7(9XC1{OP
z4E-nYO*JpmCRNKXb+_`gO((x6;6xN>%=w$Oilz>v9_H}xa?-X()wV`^_FrFhp~E{t
z-c#4}=z6hG6KBWgalcg`ZBCr8236cIfVo2>Bog(tis6S|6j@*f1d))8g%F3~t3z##
zer92E%DyQ4dy5Z=h_5}D&}jX<8x0GlA&$a7&WX|s{zo~5Jpw&sdbPf^p<&*%#n(z$
zT>gvB3{BL?$XM}D2xJctbd-WQegcvd;c3&mao0|UqoVuRBMFdnPKzJ*r#O||F?z`|
z9Ty);;)qXkGU<MHXaz&$HDs&j`*TlMuM9N_1cJw1J88jop{G>C-!W~m8Os|uaUGSG
zyfv5J&BRPbKAYw+zA%6L^odYq;>3izZUjnGAR%Ci!HTlsjE*kXJ!{;HOS<yt_WOxc
z_4xc4w%1EaO&kxOda0MlXMxyyoRw0~<YT6_a_+Ei^S>|pC!8xwF7MY}^b@00tL<jz
zUQf>*VBH_VM11Rv9A+^gB*a;TRQsOmtWEnBK1t07SK?yJ%fkdyPJ}Xzn%0DeA8pR&
z(>YTl@5`LUCa=vR1d|?>UmuyEgCj)Abjw;|`WPsio|>{fXGRohxs+q7umNATeG8xv
z2sLrf2NYA#Djsg^mEltQIJw1WI-pXk^!F6?IE?z=S)Mjy4#s6v3O0J*dsKA~<<V4r
zME*&g5WfqO2rMq42BXo<c+vHb-k+ZL(wnn@D#}o!JOvUQ2&6-4?8)^cy?s=&59mSc
zK0&)^r1P=xG;tAi5ojUTuu7ZhdM=E79+f*glM;OmXqz<QI|{glFP~hQG?7m=TaZ~j
zH$&jPUm-m*1G<H<$rekPp9&S3*3D-S$34R>d^qMj{R@`VJn);^1TiS;6#IEwQ1sH#
z=vb1aF(UyJTYj6uA7AY`F?1F*7ZRl7`kSY8e_G4D{OHNRZ!spLR!y6%iU*o@XZY<A
z^Uek63e~BnKR|65v^TxpavOFq^x5bqeQ@x6bhAXLP}<smobpCbJf@@TpBUMbg@1_e
z9t#rU*f}LB>+UmSy||eddN?;8CS~$+>=jD@5rKi3i}0Z9xqm20V;!r(9!@psL19Nq
zb50^4R8$BHoS6D_eo*t@#Qb!<MDRDwF#-yJNwiP(B(ggN^%cYzs((giDU+emz$0xU
z9Wdi)f1GxAl72!1Rl0BD$@>qBmhT*?i`NZ@6LNIT3fIA+)vCZ{IdkR6YpRk0%+5I;
z@rHaX3->p=|A(@-4$CSF`?jT|TS2<Jq`O60x*McJ8l*u=x;vEa?rx;JySuyJjgB+U
zJl}JC@B7~zb0F+{-FvUSu5+E&Z)sqth`&{GP&B5U%A?zKw7KPDui8bNJK57L&PAkq
z<XB?=auiq<N!nwQK*P;nPG$0yb}=@!BaM@V&_)fTB@4a!Q$fmSki-|SiY88Nuy%;{
zc35STFp(B3=JGVPq6(*^^7eXV$exbkFj($h$@E}fC@>Vi4JFIhYfLdYpfaLY4u++T
zG^{(?7W1lWk?t&1WW`d}?K7PEs_rt*DO3NRtLt)vyR(&YahJXKb3qqX=*U8ItAL;V
z8%|FqCaQu%BB`~2y-~2CyqMRVsqh~o#@&|%B)7Gh4+l=1*vrsCFC?`051_Zl$Jz1f
zmKz(DufFmQZ0^>!GZ!?4Rai{za|iIyHH3`oV^Kom;O;J=y5AN@VaCwTczd`*`!BaP
zyJVi@KU44$ha=(XrU$`Mr<yDYn(2P8raMcUK%@C_uY0brWuPe9U-BGyd$~W8e`>kt
z0ekP|biRe~1eg5w>T;^oOWwT@N1$#8B=^ncVl_N;#!9OyE-!*ckp%gCbSvXiCe@+B
zP81ARrh`@0X4W-dNZCH(5MR+J-wLEr7ad?<@bEadml4+Cc8`jD+hclOS3;{nY?jpI
zB1mIzM9-e?OC^K*_q~DqkdkuQ@^&r-@KB#M47RAOcvv6eqRtw@{Jd=X7M3%#i^)2(
z#?*|u#kC(F3$>CBzfH|iQC5$PpgTJ`q(4R9=ErUYHnxuoq5CU`z!nAaX!0J8bPgk(
z3SG#)hlf_?st;p9rHkcGPci<E%EK?^dV!Pg7`T;V5<TI#!FBY3b-%6KFN0l@hWd~w
zbS=*piZ~Go>LciRfQRsE0s%_GSBPd)Nk?wjC+F#%BLY&=m&`MuwM&at12GQB&2EN}
zt8Vo$h|RU|eoeL$1qai+?>~OP^?8j52SO)92>=a3&#)!BA0@o(Lj}!P{sU0}fjWZX
zdbro^Phx2mNs5mb_3~&G5fihX8A|2FD^#sy7#)bC2g_F~W_g@KRIM`my1xD~BO~Lv
zDEp|1Tx1ZV+)hAR2Tj;h4aS+=V7n86!eO>h2T^Z-(AF7<enAN8JjAHA#Oq(niJO1Z
z9ZuH^WhORScZ=V$MhO&>eTzGC{J=5VZ6??Izv(b=v^RNbg%%7lC{Ulu^Dm$3n`$XM
zgW=kng&xY|jQ*Rmt&xV>sxr`KvP$zgG{d13yP3qj6^E*7UY?*U!dXln+_oQ|*Lop+
zbzNi~^7AmwTtFo48(ojVAIr9&?2|r{)kN3N`Xq@A-i#z)7dI^+A(Mjo^?DO$H9>7(
z-F5|IjQ|mj%%Xea#(BkxqKyLh9?&H(Jbe%$ARyQr4yiiq`~~M&%*P|*eSl5XaN;{p
z?K7Ck5H`zYzGEnyIL@JtgPLr6r51Gk@gj%_HK=hKkWp(D=Ot<44|`r>RK9Gg5zH5N
zA5AK-N#I+XMHfb+X94nK)B!#lrPZzFmJ$H{>ErjHn7s91!|N;eM`pCgbx41hE8U9{
z{H?2zcpFF8C7A|0e8^bX0Llwr;BYJZ;P#;UX20<cgp30vim$*vf(J3am!C%i^=J+s
z;Wtw{0P_+Rxnk>n`YIH-Nh6Os(Tlz=65+}Lp7B`--!rNT%Jbzre78$y@{?ga&47`y
z&xk4;QO`8<n+&RUxBq_4U2CNp+<@O}PQ=wzvZfZQt0ySleHXPaYc`v0`VF;DY?@Ek
zZ>9^{H2lpcy_tBOmcv1~TeDsRgs=n|sa3E<gWmX4Bk*4Wjo)Jfu!uk=GboBOSw85k
zle(fkf6YuUK=qoYFskQ=!FeD0NY^*eb8t8Ax76S?>Od&ITE(#vLxXWvLhq)y*<5h2
zxFiHN9}c}VWv_uP7&s<Eso)xKMt^^~>n)<nEeWh%6ai!eHAzKw@bh>7LOIW94L+*n
zYHdzuX+BkN6-(`eZq$Cby=tFvxv<+oP3K-?fj-Lty~21zf){7_?raL?c#r^Vax4I6
zo{WXW3Vn9b5e!#i*Y|723X(&4mi``XatE}hHX$(3+I6a<iqE|0`H%d9D#IdB$B@@|
z&DdX9e}L=Y7VaM7jiL;<hZhg(S!~)@UYMW;R#@P?&5=_(4>S!%lT17Rc+vE<KSwof
zyH3m?x_rFSQy$ay@>1($EhRaMy)&%n0GV<SYxiMR6wF1O4;-;+gCdhz8+3K;JBXJ0
zPQu@R7^wu@?L$6GP*XbN<LL-;!@c`mE8f{=OP~1ZrQg+6F5+c}+Nbxa_SMUmEY;rt
z_O*SV9Ah-M>dRr(;aFG$UN7b9gJ{hwmw-WyfAUIM`V@9@9{(&NhJGX^qL-ZjY5aLj
zKOQTEsf7;is1Uf==&ZLtZAF`}YPs<F^XFlu$~Rn&mdAxAGUzWd5&jsH@d&<1e@h8G
zTS!u}tF}o!!zi?lnDp$Hz7Gk4?1h}4&*wi^f^-MTjYKsQ#nafDO@LOjd;)s&i~=SH
z64MmQ-^`0(q7;yf5OSc<ha>wFAAntEBViQL$f&3qD2339_w`v-mb_7d2{fYW@-g+f
zzU^gpaXW$eu&L2DQcUOJDr1So1%c)pM1+cLpE1KP0UWLxVFT|E;5p3U&Zwg6lozl#
z5s{JM5fNf@(v_FCwzf>7{esdTczH-jNPY|rWoNPseYe}2T(-++4{bv6JyIhkfdTpZ
z0|I>nP}#5P-k)#hRPA+UUN_GViIy){s9t#S-WCcFK$C}rYkO4JA(%0bWG@uHnV`bG
zT1fHmR#Tm{L(SkJkfsCQCnZRN!rk3K5y@;7@L<MK-hOK_uiVkqMd{gIKPRPgYcm&3
zxikWwjx5IOQCg@=Z~KFLyb$TtE2G8OFPWjEAO5};J}7W7kVpU0NWm^^=h}o9FzHW_
z4kp2P9Sfk&y&Bh~Pnegkmv}C>uj4gc>_CK{Y>>Ak+z58dLJxlMc7D6As`0yLhC9IY
zJDNw5i=7bH5WruCGP)H6nW8ohL&|Xn-5(>M$W0x!9ri((&l??OP;XH6hE)O%>9ltd
z5)vY(q!4(MyMA#nC%m!J@V?{;OwPg)Tx~_=;6vt8M3FbvGqoEaZ>fe<k(<rs5NNy8
zIq9*UYRi4}H%?5lnoo)I)0jInA~JO){tu_iYUCuHcXK#VC_PPEGVtwJUz#s-P{Ivu
z{s9tQTv=bCXhjyI!}soKHd;r)UUJQKq&Q(5NBhb~vToSu?0VU4d<Nqx^AWpn(D9t1
zP)3+JCACUOaAjx-vGM77k;C62wB6zbiNaBGY5W-jmSBIqq7;s%M_yM%0PCKzmh6$s
z3CUgx$MX}KM0dzJWXW!};K?%~Z$6ahSf;HGfAUkVXwI!Y&2LeC#SAam!}LXxY?^-k
zlP~GYCsg5<%Q-)*-DbSj1g(q}^z~E$Zv^H{svArckP$~C5hc0XRXI?rgEgcnf)DXZ
z$KAM3%O{BHVo&yLRfld-Q8C{#YTk5KyncPs1SKOA4&cy2`{mdX=UAQINt6PSlcB;M
zy0Rf#_te|bO6#-z?68x4H){1ehL-Lg*SFbQZzK?i9{9K|v4jr<eGB2rIUez{-buEt
zu5i-lN3KE6slRkB*qnF3yo?@4A5@|*)HEpBr-^q2R)Cmg+Z*H)kNm-Rsa2=2x*}n(
z+Ovmg<~rt-_VXw?bvW!}C9V|AgVV7McDL?otvt?U=x&@Go$M9TF{_7U=+=8DazJx>
z&LVHGSCia9z-03jqKVN!fg2nG-u_myGS+k!;no=g7CY*N*P1BQ_b08aM=~97cC-DZ
zm3ou2aiz=GGSc@T29=K(k7QAct^(~wu$>Qmysb}rczMu|xgN(Q(x*>Ic`p1VT2N?Q
zHQ*PC93TrjS58@vZtD?zkI10Gk$eN4&cTtf=XJ=){*5GP=5rMwceZcc=EcNI&996l
zt``s_oZaY(w3<Uqr;0{mie0$Xn_Pr|dzTqT$AOT3QL38c0m;B1TW>&uRRGeWz?^FG
zDj^#hS>S(SwnqZ^TF7)#H&3%fQPZ~PQO&{vjS3Oj-^+HZtr~WJQlT#m7@GCweR3g|
z?YZ|=8F&z6ESO8$YrYii@f2=Jy|P)pU@1|PpD6E}n^gJ>qfIQ|8234XIPO54=jWNR
z(}8<Md7!Wz6Nl-^f%-CNZ1XvDOnM_=XFm*qLVp6|EN-A6g`@Y;2s=6YB>i~cF75V+
zJsDj4+M#0OHG^(zpS^whYsOVQwFsMDgJ>UwMMcsbZ$2VoB!H_09|wrW?gjAyiv+l4
z1pRZpt`K6_o`N)whBxje^<H19TsDS0C26kJDWFLl^~&J}_gG3^C5<mKqDeX^#BW_c
z?@pCL?wsfxO1_y#Qw|onMRH@N2V$#*^6IGa)@E7s)3$QthakGLb<J*;O5-J&t|9IR
z<b%Y%V}J;k(5}5ILnKKPCyTuFPRaE=G-vO&R7x9LCv6gE-S4|h1_@SypL-ix8hP32
z5z{rDP&Y6!Ry~^VZSPZt;pOYD6ppPo*>a>yh4Hgd%||9hty$<ys2vG>Js5!|wu5h1
za+T2&iQ{`&N3GN(PXHojBk}N3c&@Q2Rr0{lKDtQi;WA5S>TqRd<5H6l^EW};ZeZ=t
zGRiX5GTv9TTWSm3B8%qbaUfMh2sN9Yl5v{KfhG@z%v_LuuZpPec>Udv-mMLs>vlUm
zj`7Os-f5AmKZP5MOe*Dl{HTle0pt+`VlZZrttQks2(Ym@4)QUVum-xMA_)S~Ojbr&
zIR_jO8CeE^D~frp=NFl-KO#AB?>^@+L>+X`&+CW<wl#f5vma9PFC_R<T4oDN8i~W5
zNWWh;Dwb1bIRxFS$?a`X>yvjlu)y$E)15vGF$X=><cRQ{r5ei6Ve=(pLo|{npo>8P
z!90m0TOI$#V<;*(puON<CO(LgzulSGVtRrFidvxVsw@@SQkSsbC+l%BfD@=v7w$Pl
z9?TQLYUjEPvSIoVdaev{cfm^#-Bp8ptygc#;iUgM*J*OPyhO~sG=Eq9iuLW`yRVZ?
z@B_!^5!i*wHX8N};#RSPax?GOc2`>F?rH_@4r;}%j5@xxoF>X3Uhfu&Ar8@2U!gGf
zQ!bvei|MT>!HSi{@c3Wf&f+EJXe_}@EncLINK{VpmUKV3iXY^h-t>3{LVwcTPtvjT
zm7_!fW^xZ^++HIUaWu-~dJN99&4V@{*z5g%j3hQI(C!eNb|7r<aNP0R6>BPZQ|OGA
ztgp?g(J~b&uM!zRw+X`VYS#Uw@}dO1`2>l8)t#@sP$n-Ak>yRV{`$rSh55@#6YcL{
zM}a*r-x4ywtPr~_tMvIFTb>>u`MgmTi)0;a|4ajxt3@}ig*5hF+j@t7J?XsCv*d2J
z9bjSCdLmftv+Q6}<&K)rFC8Z>WIZo+CGo0=mJXMbD(#+8*ccqwUG#D6+fG+0EdGK+
z@=$QTE<bkx!*dPx(Za5NwdQT;#~Lf-_l|Av)@=8W2czXmdT%`-;?~}#f0c5_j<m~G
zS4e(lUQX9d&=^hA?2r9+Rv3q)pDF9DsrG2Q=I-L>@E*R&)d=UEOMT$jGs%;8D70{4
z{_JF5TOS)2_6)$Hy4upF3<P)B<BN;4OT{;h_Ygw5A{p!Dn@A5+Qb`A(HL!lf(7)d6
ze&}(mQlb^n1-44@TiRZ3ta&c-Dqpvt3M{$Z70yoYM?X!G28vC1BNw~K5Cub`5DpR^
z$X%%E+m}e5*jOi_3fH?yq6!yeW_t&g504Rqxl2N??`<{~>8Pvh2<Z_3!{23{nVC94
z8g?a#JLq;pQnb0n>4UJ&R~9!J6hdqcx!6WT$n;%M0!}x9MF@4)26qsP$y3XsCpTj*
zv>zr}TP`4szP%FNl%u;XP>Hd6G_)v@fz9G4^b$ya#UamBm}BH517d#hxDgskf75G~
z*?3QkM#7#HKH5EKkzlSN$0FDG79;Qeyv#dnaS-ugcVe@CT$0qp+&~h37VaP*fY~vz
zNSEhE3rhLf7gbphS3E)6PzuP}(i&X37aP$OR_5l#xnf)56~p?<<URd;{ZQrWtg!4B
z#&o$20>_<|K5_9KKD3WVC^R`9LPl$gY7Vt_jrB&rEzOGlfQm?qmDy>pc%msNls$_I
z*z*w5k{-yd@#twuVv|2+!k`M*a#?-k^d#yT;)FOY-;Cf}%%I5Gh-nu1Hi8P&Ug>zC
zpe+F{@k4{l{X2};xAW|;c4iSWPNc<TFa2|j^i7aOz5IUs5P8S?^*!pSy|xx&lHb`R
z$F_+p8M8Y~SA_rOHGsipU;B#j{EflN1%FWXu7&P!@3CTuyBai>%be-`qmwdMFYQhz
z@hFF?+-aL<(PN#i7N0eu96C-cpw?dJI1oa6Y<Kz^N?g@8DR&OJA(Cn0dbP77q@tXc
zF&$ncUoV{+TT~J><jG0B0zkRL(@R*KN22NP$=|JHCTiO%Kb*ldHUv1+wrg-m=_mG;
zV9Grsw>l2{b1Iv}HPsQngRxH;Y|Qw(c{srpxc}In`bEUcjMzUom@uLcv8D84U8Uxm
zN>5#NF768)AExE=3Y72obalYv9nbM<kZSRGd>zl?syT|3Q|{@&LE~PSzCF$Ysv2J?
zCrG{TV6afiZ(6ZnaS4s1q0zW3IXG#`Dfj{Np#>kfV_RwvMgv|D{|9(g-~zzQZRu~|
zH5`fyi+$}E`u_#IqUc^I)>qp@?PNi=GlV%Wu@IN!ahX5Et_qB2*mV!Ut_gz`?43xv
zR1}K<3riU;#@Z%~Q2`@T-v^zB`gVuBVPnP<>lwyf4(|`w;M^Cl1#KrRSCfxB%%jJv
z#}v)F<C-sog}T#jVMz9;$2(6l>I2)>wikAk<Hg)~a#BtRj6cW)<_+Qud2lz@)056m
zcIwxNZ{?af9Kcnu2{$8T8k4FLd^M#%9Hu;RmQ|YSS)GB%ckZD~DNaw^%GrGheeHxD
zUl9ChlxzFq5=Kt}YtPyDesf<n6t~<N;|ju*lKFPaP$L*Nmn;X0d<lW+Mouij)usOt
z=TwyH0uUU<?p97W`f324H2Q7=0$HCp=h)d_iZ4{-ED7|clP-c!6CBrVi}p1*&TpXg
zNpYB29g`Y-9@+8srZbM++{=oRkuee+#5p`FYP~F#*PTbT(nLQakzVhmVzH+AeKFqi
z=_frsJtCr_f=f-VNFN@tmCFV(5$H!GkwlwtrnAD_x0Sa`?Do+1XDeaR=`_a!q4v3l
zyj-8~HxIwflqOV-1Bj=>qDScoT$$t{1k7=FcDEOABxP{Iy)P5u7YNYi_uySEY#YrK
zpP+DaD1+gmuz9@y%=Bqdon+-Iqsn}4b$_Ou*4c*pmUFI5zi%F`54eg*e%9I_0|TwK
z#ZT$p_WSdk)YRBOlDkk}qAFp6i&bvL`Jg>;UTqD{kU3y3dXG`+ZIE>Btdq=4-}IHo
zp<KMGGd${$(3DLYi+?g~<-MU@ZOP}hORXP_pClJW@a9`1__nl%#bU-6ORF(XT-g4$
z=7cXS1;%q1NgD(d7Ed|P?QmYne-Fv8%6t~+4}pb+i6#=g+-cc-U4Ub?+~T>6%<&c~
zrE$(m$}UX)!(Jc*(6>g<FMw~l0?KeFGS$yRSurzK3nRLr^}8s=g^r4h5yUX&ELjGO
zEF2E|cXyXos@M-hstB{a=ncC*8ks9k`LC~&efwh-6??~lBR(XL#FGZ^d5slj4loAQ
z%SV&D0lD7W0{||N7*GP=U_k3G1zcRXR<|K(FJqJ|j1~npWT~{mo-Y(BZ1c6kx#R~}
zPZQLVNcXUHp18)Xh?vSA!5?*xRFZmKW3?tq#2CMM4I4B$@JQo|#7Q5%tuCSB2RG#(
z?&87628E=7hsK-cQS<`v3J5<yT|lfbGLT#O_`qRXEu%An-N=vxSa#~^+78r1vTfWx
z#mVFUf<W-`9w@Y7!=4aG3C)m_P_5zydHO6W_%dB>FCSBtqzKI+10sPR<$FLGJ{0DB
zcP!mJ#czWC7d!gvcRYW@!sfZUfLGS4z|_J=il46vemW6e^;47leeJ*L7L+w;+6mG+
zx^#k;19(Tb;6iCk!he6phz)=@!<I#v=N(f2fj4&lf;TH<2C@ZzBc<Qh!$$@TeX{qy
zj|bNOG_gzuj4tEUWo5nY?_E?)&ahRhE#Nh)6VA4&bZRJM)BbxYNT9(1&+KJlBW6%B
z_HQ-HKR8$c)X$+hwe5VXiin9AT$nZJy^#^Qu3D$=c9?U{HNZPw$yZ~F()}9eU(eXj
z3p6SL@2LIwrLkhPbQVxS5ky5FqO!iw+AcGQi}zWcm>>huOz&i@paTK|q~&G3OG@6J
z{})kos*b9SMq3iu4vUvyKwMwqn~HHN2#YxKQuC<j#8c$)>dulH`urvodQi}s5wX|~
zSrefW`fu!1GAGW!dlt)h6(tH*O{cYrmNstXvy)K!-r}dZZ<uN(Gl0_2EUATq?Pf{=
z+(DxlLd$flv2CjN-~rhP4olA2#gP|t2=v+cDc$~;^Ft4hzLWp!+qjMa2F;~UPRx`K
ze08?lm<MOJN&#=T;ib8X3Wn@$b$hAZ)!K3*k&LW*knU^%OrVSisDDn5NVMOXBIj}6
zc4OaLeN*UOUKcph5uwV!vfh@T*g#8dsqUPpfA^yk_&-)oOE;J*;eGO695&i2b;ums
zznz@(_`Yw53rTk$OzmpL_o$iKLJDr%CAu^O(TcGw4zm?pB%Q@CcwLEKM<UQ#>RTw_
zPJMbLm-^evSxo3sDj1uyHc1$oJ9SMC`CHKGb0#tGv=92cr*l*kT|7s&p+MTA*FRRC
zZ;jCRCUi)qPkn+*=c3_69`53#ll|#5N?`E!^N_>(tkgJ}evzjJ2aVv{rzw4w9jCLw
zU~#6i1yzhGst$O9p_}JCjfajpFZQOa4rZBWPos<d`eKW70B7kv!Tty0uDhM8jM&ls
zecOWgnF-f1GquvDDXxQdrVOG{2d#HI0i{L8=Cy1|OqlH|+Q`<3?<Ma+XILU9y=&oa
zhb5&(3TrtCON&!)H)aK%9t<Z^3nZ`4hJ*>D`_1Bd=6RXg>jr8)6kOodjOL=ghFOK`
z9L8m--Y`=OmrbO2)S>D5nzr%hJNvAq)}Y#;S>(F<$O;@l%U|rDR{7?oq%X$EDRAU(
z1^c;F1)+PyYVz?S8n6EZ_0QVnE#Y$wf8is!YYqpl%JfO++D=;%(w?|S6&@mE;W+mI
z1_AiEypSxF%Ql(BQOm&t3~a@7E#($Wu*s!Hbq0su@`tTmuHP1<VeFh=zkLGK7{B9R
zYRqUMJEXhB1$Ojq)y(^kE|gs{PdJG)@4jfYEJ<|cM7>?Bu*1j>b0tUC;E1mv3sP@&
zT;2}_;;;|JY<IIe9CmzNXIPXwr*f(@M9YlZ?SgO?F;0lyw>G(z=Tn3T3i=FaIVL7l
zcItCcoWXTZGxnPry|?2tilax!wxF6wFkpU9#WJ7BK@qB=G5;3TYMfsGbV2puyI@f1
zrwsb)p^t4Z<Xlcy+h40~JUvNHrS<lraHJoFV^5hX=#z>rql4n6XjpWUGq;($ydIKq
z9>fd2>+Kxx8mlREq}#bl18KWypiiU3mA+ZCG1T2S{t;lf?oRO6toP5f?<v7&%mHju
zN>akW!bUF>5E8;5hmVNCdNn1DccXH~f8<3}@GX0YOXQSb<e%n(t>2>Qm<(%GR;h!C
z?0K0w@Wx)nm_%NsW(!=u7+0WrUO?e$(*om7@tx5(#MXZ*_0^_dl{(U`GTd{ezVqKo
z{eOro0i5xj#8<7ike5b!0Tnii8Spk3QY2<5+6eb6OUyWpWdRjjKTB-<Y!#1sdesqO
z(Mgp4#)k{aJqfiNpBUeMY0}2qByk*Jrviq-9X+ke=((u}_#jT1wB)5{bEQW{uYdlK
z`I5STlGS)V?rytUkB$fQqHc{deJi_L^my6F9i2OL|3R>&y}ZvPNVQXqM|h{{=9eWS
z$5fZSA1XQC<?M4epg&(W{C)Mo)F{B1JkMp(5(9OyLzyKKco$;61({?h?3wfk7n$<r
zlYZVclGdO#Hq$_<aoJ!vJw1(L0W)PT8TP#DB*`SU^?&wH9PQcv7ym@$*~{$?vnjLS
zk@#CdDKywr;50@XqH29HG%HCttXZ%F=CD48qun1>Pt{Hz+3iMhPa;vez8{KuF`gQb
z_ds+QYL$0fF1@;J#Km47c*Si{dA1Fi>_sZO=Vm>sl06f|suyK=rW8`3$|>xy-K`40
zK}rBJ(Ta&}0ajgX3-o!&sA9LHo9accK~lG1cl)Wh+^)q*fHt?lf7BhPsvkT&YS}<~
zL34J#Uxt~E_ALEijs<Ea7RE2f9Z^WFO^!Y69e&mWjFaT}zm1d27vE?kkwEPPmPdr~
zNc<K>P4=dWQ)g|Go(*!)NIv}LQV3FdV}*2rf0xXifRRlrL~P7?jE0N+9U4bh7ip}5
zB4Ie?%yRJ?^w0iH8eULI9IKlbS&nF$4GFahHYG}>zYP(Ac4Us4olpza?|P$>)CH>-
zwwgyOk>1!{2Px4x@g!j-R4YnH>9&$tdnQDh=-cVu=Q@>%2KG}?1M&w9;L@9`H$=t~
zP3<R}qSRueu5NLtD%h;?IU7VE=y%Gw8I?NWG$m>I-*J$Y;XhdxmI8HjuuQ(=r=H<6
zx-HA5>RhVqawj*AL(V3${i!E!`8&v>A-_S!62mQQ+sn0Hk!UO`dVz0lQ2TS$h}4$A
z#su%}NT}uMde1DgFLM+&X>Q%kYKxKtm1DAU$htp>vaFRtNuJ4ub<g;uIgiv<9;MPC
ztSA2SULJm(^5}RSiRETFBb&`FToaE&h+?6o5ocJJps@-&VOm;rt`IR`un`d<FA!r&
zip+Vsa$DjKs_iXb6UegMD0WZedRI`vDLA<0x*EXa>ZT$vtr@UI7o>4L#x3fd(uG|N
zz8`4ztY=Vut@U4JWaz#a5YKa-oe?e6Rpm~lYF=QzOfa~SV&iF<fD~qT?N};Bj-Ts&
z!O~dcnr;xVY(8TKDqW-4H}rY?Z)+q*aA(!9*$>F|ZC$};g>6as(J9=BYWy<J#d-LR
zN_FV$o}^`kRJ>B$n9cp+lJ@uZmnq3RwMH^=W48x2n5uAGW3IwVg->p#p|AFTwNJjO
z45)Sru_pR4F2EkMp@(~v@ioI`*%7l^@v3;@%(ssP(%PuLtU#Gjbk*>80o}k5aT9N1
zXGSX?;=>n)tlj$JZh19$KqHa$Q_-Q1s>7FxShTZU4Hv2Kc<rlm&B2XG)GQsP9*cga
zVi?6en9LUh!)#Fg%ipck4R`e6p{C7P_80Dut3Ex2Rp1s;6hg9;e_JA$pC`m*t;FX=
zBzDyH1bbR8#pp`mc2)owkfo=Vbm-&!O6vE>vLP*g%DqVhf`xN!<(Jk+bH3oWrCWIS
zcz(1>vv7yK%kfX6udgu6&yyBAXA%-u!PtAtc!4&_=XzRz`B@wpmQN{M&7ToPJ3OCK
zk{&*bXuS2OcV#w5t<qSk#N{@)Vo;_!0PD^p+AkQloHkm|F16$W^BZNd`5x9$`NqLW
z;ljmo+hp5T12v^alJO!(*>F~(LH#lalkTSik{>Nexw%#<c2J(}z<Qf;+j4UBp}SZ9
zlwRN>1W`2KSq|1fDvP!YGHY;rA?2q}A|%)7;Gns>8{*Mf4hxv0lquccp3811*Mf64
z1{JLGjL*Y+2d}$KSYy^ES05`~7RPbub48)RAv`S^95x*27rN1&Sgx6JmeM<G#8b78
zjaOvjkbw3$<uLTqI|z(RvaJCVuEv-Y79&t8-sU%q*^+N><9^8@y@x{$|Nq5w3$LZi
zT8Xcqge~g3h)<CA9G`baNl0v`>+E3d4`zJ=(dl-Dz%Nq_TbtaGY#fI7l_k}70~t(I
ztJhJV`R&B<%oOwxrP@SselPG$q!o;cHaxF@fgW}BCbNTllbzAbyw3Z>kFOnNH}7xG
z#9%$gj-6$JCPAyqeU;e8THJ?Z^O-Vzi$MMEh|LyKwEGaC^jf@5K4?eeeW$1x!;Yc*
z18#D!<%mf}>bvvhhipYK?jdx<{V)63rzN`E%}HCFDKaNOX_vd2ZAJqkwS64G)~=YW
zV6`H*G$8?jvti$NPca!R(rw|)F4^@_Z!5i`<8vp+Oj3FuodPD)XDF2^C8bZgEqjAv
z0tCyvptp@pI_)oQ59d`D(kI^5Txhjtd?Y~10ax~D;r;l(c_p@gdL?f-#7`aO<v8z~
z$kXj<!sZ3OSwM%e^v&M+5?ZOEi!T93i8M=Pz3-DD+^w;5HqT%IUI&;=p1=uMZ-hgz
z>2Gsjan4`=xPH=UuZV76U0p44xv?fH976m-Z1RClb-_3maLi1ElA`4k1;3SeD<;Ly
zgg=tm6wC}Qg{q&1z8Y%tv4|}B_y(HoItiCe>S}5t??e6d)t3rb$fk%d@@Uc`NTB>5
zfD)PC4J7mCk?en3C!Ho6u-3#qJUF1E4Q)@387~Qj$)QU=1)?BwZ=p*`ZE=5$mix_2
zmc<kHMMXtrX0r-BRaI5<T(|&kurzghzN2^TGTrE0EkwcWkFeuuaq^ma9JOwl7We?#
z)#(YFUYgX2grg=Bl-?I#)}Zih3WAz5OcSivsdOJRwvI!B6`dJiam~mqy%p_Lg$yF<
zc$}`~Q}9t*zl11Vwmy3mt<DD-8+H;vg>MI^o`?EJN&fXkqD;wq!KcRutBYL){l{Jb
zNET;(Ej2Co2j)8ag8=u(vs4pC{lc5?=2(-iqYzT|gipwu6GJm2A8(kZ8DvF*@43n4
z0z>k{_mu}ICfqOsA%h*X=;A-E<9?6+bZBFfpk!A^y7}7ThlqR_Y7TxK?CGM&na@8?
z$<GxjQ07*d%?P+vUXo`=6r4zlP=)Sb%|+bFZ?|M2Y8ZacKBS(6p8z~lwo)VVko5??
z6IAx;v1}}3=CCj?2sCHOeD;%GRyFHNl<WEIkmyhS`dwt-APYGz;Nq2luMj@?xhkK1
z9sT$lEc`NBJYPz9_#o~p1uB&Tn;)DhAHTPU;BcB0@9=?oseIi1b}#&n>+4~yPp|Pu
zlBCUv<VP*ee)kGk$IK)leJRs?c1bP|T!(m`${*utcRH>ci93fr7$FKw`{k4cyYji#
zKo4T8FrNgC*HMCK;NDk{YsVb2W7)z#5CkRC@Bl5)2H|&kFt?`lbgOjW11xW~6yYx6
zcUX>ZbT4c9zN6CInGFqxTr^j_J1o#Zhkt@|Vp{I6wvJ|0#EI`)hw_6K_K`m=MuKvB
z7KCoa$#ITZK{O}Q9F7*>aM~yJ<)Nv6($vH~SD<-`h>Pu#uX>G@67?r(;6>IRfV{l1
zT<!Qe3yX6<{+>b+=p}p}vX6kHiwLf~-D3JKJ0oM1MZS<52M4Ec{AfB}MpP8~^z6(y
zci`{lwDe-{mG4IEB!5B-X>m|$moVTv=39Qo_RCsC#yZ?6Kmmuw5roBx1{~5WwtRee
zDHr!RZ|^+{EaLwlBS?ykut3)sKX;XK-XG2r(7uL*iaK`8LBfp!8tm`UvnEQkTWPBR
z<;d^h%0WzWA(wzqH|$v+9TT(iSLapQDoUk`oQ!C=wdHvACp>@~V0v;BE&+X4bp@>-
zlkB)H*(hOf&QX4_mT3u0M%gE{XIQGL-4Yk#nIp)%cT`9YzOj(%Z!a=uWtS7vw4RSw
z<YkD~85a`3tTw*jYON?nh|E*|Jo1TAaAP|_`E=1Vh3k<JQod>O^&U%Q<tTG;+@#i%
z^PHmlgjTS%`FiX8Ga?z-GnEf^A~B|citBPTFAlcS+8r9%4bq?+!?crMbKA1o0VXNc
z;n;$|+^Zjeb^1LV@x@LPvuDkvRe}`2F(>>|7A%DSLrDbo-se}Q!vd6KPgwZR#-*%D
zPuizrdewlQD^IPDsXLENs#mj`x5x%|4BVhbk~=|$S9&W+Iu#$7aS)BZ9y=82S-+uy
z&V;mB%W?ft65Xo#$m7%>zkbVaO1sv<us-jgn%}3P+Sso><E+c@SKm@xbp5r-C9C-c
z`pfnn<Ok+UCNzhEebs>oF5+xc=9bb!wose9)<w3a;FuR@r(n6VJ<J12x!+y{<7*-|
zC422}5K$jR1ByHSW}%<PQRs_<59vmV3PVLEe8<<=h40yMBPZ8yM1S=$p;3|jo=C>g
zLB^DXU77iJUxRvz;y<HP^RbseN(gTkKuItP(HsA<B8pX;c7SKD#-2v&#;L~TCZM<d
zv*|0N+{_L~-i4TR*@XDy5N1WZf~rF0CDRnrApGKf;FXzX+o?QdF>P(dX3XSU-s08p
zHZ<WHqRgDM5ZVR<dMrF8P0hycovs$|MPH@Q<K0kz=p^Yq(0UZ!Yif@gS?g}(YnN!8
zY?1HyR9Uh~lKOM`T4~o^`zqE{=}Z^P<ilK+gm(}|5j13B7eqI&71<{BtGP9gH;@Y4
z^$q496^3L!_2p6~_i=A8oQ=htfF6&+ZYwFwSZhA_{XRcn+(=NTbe>N5qzWvUpfm~9
zZ|^xuvcNbaJ{J0dj#^xg+e1K_-}I&mB6ptD%A$xJcNt(LO_?vNu*y0QDKlv>It(iq
zvGcgRQH<W_=P1O{P-E7vw)>lv{Lw~ampI`cB-J^6+N{TzXmkvFotXP38pR-~>QB`n
zoT>)V?5FA=$4l~4b*KVVZKX!$d>t&xCxk+{1!BG3D%q)B$E1-9*3mt~vG>d2fWYlo
zz9Zp7pSxwHRm@V9EzzWgHT6tH3bw#Z6}&kng;*1h;#MQk@g~(?)i~=m{K77^yDX%(
z@0W<!-53+|>Odme@RtGO!Cpe{ef5a~m+%3*J5yI}pUwOjTk&p_5BiW4rMt_aL;*Ig
zv8@WiZ-@&H3X;;Y;UEX}Mz>9bv4AsyWbW{JL9*nMQ&Y=(`T6^kzkBzdiUz7KvLf+o
zl7z1hJ8v5er$QB;jg6o2?pdOt&Q*iYG$z9vD)DMQrOc~b%*I@TKcUDVqU7xlmy_H}
zS^;o5mMwyzf1pUsUr^-LpZbDI8umn(#|*gMX#S8f<-_0R0^-eU-!5pa)W{zqxL?9(
zrexYkK{s1W{bO;T_rH|%RG_KllWZh*KhID0>5tU#jOs-zvc^wt>#1z$5xoE9F4(&X
zGIBK%3kSzjXpD_e<%@I{mm2E4Hb#T6KVBu0KH_sRJik9@gT~!=3fkWb^zZ}nX5y*>
zs$D`xxsUT9NR-t+WEs_p>$sbx*=wC%S7UAgUCf7HE)e&v+?P;_DN|F`yS!QHV+Pir
z+dP2V6Nmzkettg<!x9bTx&M#$o0^O$Zv+`AvK27#Bf_@!o@&8Yx<(X|i$LQ-CEU+o
zE=$k^;}mr#ICiqV&35AZ@Ecz(zl!kmiT(x?vVqmlByW~g>O~=D1DRc?LtN^?f>i7r
z^w|tfr;ELty(wanux_CjWN=N<xAFG4+MBF1)Pm!y-A3eG=WC#d`h%|9gZfRczwAh>
zMxE6qj2)NOJF%y90cTsj$ghn(RG8%w!_vFfHQ%?oe^wHZ!aA~fLwbl?OxZl;*PZpJ
zW*!zSYi_=i0WCL*db5PjhR0P4pc<HxvVEjHS<fg>ph(EJ`tXl%a9B~ll`U!`-~ejc
z7Z-4`_V|%&jtZTa{x|vGP304GYR`9181;H7gnyLyv#DKuV8{UmCqVRAT0KBy)P9+U
zi%<ZSV;Dt>UNSKa`hXpA3qGNRu6kX5^fY~B92tGiKEQCLGe2I<cym?~1Do}j-@C!>
zJ3lOr?HCMBq=l}|>*DPEi4<O*u60gq)s&7jVm~_g+vyp}@<P*I0}f{N8p4FHLL#5C
zzxBv%$al@gzBHYx)aA%`qRO(la*zC~>MW|=N$F7c(x*NHo~#IS78yQ!3}goNd3PGP
zSFWlY&hPu!la9=Hdv|^YOsTVbHa?PN%<@VjkT?v9$zQpM{NoE`^ae-2`E{otfhs&N
z7AAs-g^2!S76?LhRba+kQ8Cd(gp{iBs_!C}2^bhqMkLclyen{~r@*#W8Y&SAQu67(
z7}=>Oi;2{?N%w5U&KgcG6I||S+e4`ceZHq}G<+~<H{jk&4o+|fbI>oDZ9Xg*RWDM|
z>Oa{$_jK!5eQC;A`J5K@8(7?>@fsM0ap~2CDt>$Gb3Jpk($Obq$<|#;PBqXG;_OQH
zSnZOaW)Ai7VWjpJG&optkJtW0P3M({P~-c$07x@yfMqZizfE0pJf$feUJ3L{Uc;Eh
z+O!3+Q-`N{nX=QAo<C-6$aj%$#oTo|qtBdGxLTN!9ux`g(pyT6$N6h(e=X_P)_x<f
zwZC3A;3=8b8vxG;KdHRSYe``JS)cffabkB`Jq8>0ugC3}2#~R^k&9m8%!8Y;U|k+Q
zK+RRVi>M+_MNNVwstkXmv9Lf6PE-v`g+$>hX(5OjZ=ZqF8%k*eG)(xK7P=f^_rv3%
zVbL2<?Mi1;zc34@x71*@SLT9V?Zus;g0WQQFCFxc``vc}oGVq>gq_e0O)UZtd&yHg
z)tBIm3BD&R1v)qwQ4T4dG;M$UMF#2+el>@5B55!uIg)W%sgYcmS9TEHSmkUhzsl9H
zDzK@rFBGUO{Vt(r)PLMdvVSbk{<R{nS~v9>B{*<_U7jCyIZAI>-PezmGDN%hN+$ws
zB@j)y5b+s7HN0Ino+_nBn@>Ay7i+j0OcTyF4cJrMAVA_#L05$WSEvf>kjw-D%JIcB
zO<4PbCL~EF*%u0j&NK!&e;Js<95^dK6!sb?f1b6FKri0m{~c!}H6dOp&{7Sa;^szg
z@F7wARl@&MZwVBcJ3_%~??0RIJL{R^u~EZ1dy_QNm8R&lnhiPV$kRZW(cL3|{{nxx
z9<zBaU2l%@!jrM<tKV4w5mHd&kRXcfhFWA?`DO~uK=#lifq$78*~#<t;rW8t@}{h^
zI1l*Ed1z<#kqXPA@j%j2`scGvO6Y$zmy9gU#L%c2C=_%6Hw_Xo__?!dyDz+mh=?@8
zHI8p9|0tMo7E+ELC^et<3UD$c$YAmvj1|u6aFrxh<wpY@{_j5v-{}UgN+JYoHY6?q
zNQ0ho2hPJ>90jc?nR+x43j*nCaFIm)16RRtw!*;7;(&tOB{I464e}l003SPNtDp7!
zuNN>r60p7{Kq?NXp!f#0JqrsYQ2U$W`Aw_oj--8top@h)3IPN`r6PbBYa&Y%X98e!
z1qn#nA;GO{7pHgPI3mbTLIM3b06^r6YSK#kkEO6PXdZpjuY0HC7ZWVGN>JeJ&%q}*
z5K)^`I3UQ><2a@OJ^KB60={SgkNZmM!G*8!cDbcpprJY0!`$^DdxhvNvc`HO_#EGY
zFM7qBf3G<I`FFq{{o8yL_~ZBeycm39zCkZ^vg(c&r4ZBL?AI9rM{X)=s!7bR9e2)X
zit*W*Bnm(1Wvq>p#bBK@IH4A+rh5@BMfEtCQq6iJwB|){$7L21W@bhJ<`X|Ml3d_R
zJN8V*M`C;)+<Q@_-aqT27f9rD#o#YY2AW9`3HEMH`e$o#yAztd3mLmskJgHG`X*)u
z6@tkh_P36NEk0wcstgaCqr|`wMScx=@}mH%Y(qt4`;pTPF{qIP3u^Ykt(?@TBcma~
z3RP7lpo#@uZWBknmjr0SBPsO;B=^5-%=uCvdSyFb6%Ln+?OL%C>NcMU=Xcx4^XnfG
zy5{Vph03w95}H6quyv4B4tcd8Y}D|cL<995u|)g5=+Fv|8oRU`sBjuyM<j)gs_Gd#
z8kclaX*&mJUpNuLaLaT3<Ef>+qj>;TGEBhEjzK|@TLG_NDkUr|OjTKPdTJdN6@|~s
zn;J9A<u_TV_GPMYlj~OOO=Z4@_3v5n=Oux|gD~{{;Eq6?M`xmm@rCi^AOePS7p_wN
zRS>xHn5PfIT34`;fB>kju5QUqJ7W#a1+y*oBZru{I1(miz_eoN8;*5cvBazjBCpco
zQG?%at>-TsgcW@Hm6rr{S?}VPhezXSn0iL!c!`3!i2R37bG~+|AzkE?*3ZsQTjh^=
z#jIo^#vsE*k&!`mn|faBYY%1X2qv<EkcF)%WdbBi@O^vE_*XLoK-W_})95!of)*Z}
zh=^MXNx$i7<;;y1b1E8|_Rf5v8p}*1p-vKVN=gA4QRKF^w&CAZuKQaH$Bql(UN)5#
z4{Ws3v+u+FbjBY7DU&Wcn}JRR<B%YrQ-S{JTRhkV9=&-aqwk-AB35jw)|)SWX#mVy
zurYe964ZApuk&}$;|*jOURI13C8u`#D-BpTKq+7g8lZ8#KOZ<ywo(cgs-+cWmsHM>
zvG=bp-H&MXdjg++*l$k}mH9bD1TEm$Jh<me#h&6UdM7RPY`61zA|zyCHmQ%;?T4D{
zE>gffdFV%G+ANx!oxU|k#UuyEGQ`&O#&0aG!seHsrNjuI%$AA6d;)7ln|l`K`sKMd
z?B!>bOt~if=R_l5o&xgDo~}zWiV6zgC?4ikrt9vkjt9cYDQMr*n+y4Lk`sfxlb6o`
zioblE>o1#&`n~og_wC(D9|H3<!t7o?lDh!G9(i<^qoHs68s0OzPxI8{!EV73?bKa{
zV?7SqNgy!J&|Cl2d~kVsHKI32thC}&8-&^yX0v2mNb6u+n1~T)SP-Xt5xEK()FT|z
zIL{3XUPK=ZklwYlY0PCz9rIKR&9bvtnlGo=S>Yl%L*yVtAm3@L`S{$Ju$CYdvRxef
z+T^Gxex0i?*3;bNGq&sunWkCD45|d3XH!9Tmi|QRgZfyOD9^8(umtc`y~=dgs$<;s
z><6(!RO)GUx6)^ilwEFFqK>Yk`<zv;w4VBYlmo#WyPo$P`-It%>LHD`hz7ey8tPIf
z7F$nInokeZDm<WXQ>!^9_re;HpirI{?h&vg0|m~Y&q-0{i7bGMa{r~32dDS{qTk@0
zKKjj3_FM#yH$(YYY1b~;@UKh{Z)5_T@TNOLF{L28178|+zsUD`Y)_V>hy>zW<ujfU
zxc&OX62f&SYjen7T_48j8ZF$93geW|$Eqk$31Bzhl;hew4a4oRaLUu?k13)#2DyVa
z{-CPb>kEqiWCvsBXuLLt*G=Tis#_lFO~ymCK6E!@7#!vGyWRsP@MU*U{zsB!cRpFc
zHIiZAHM32MR<P3&LadVi-J=4Fr&6PpUyTO_1}5t7<PE>GI{1*84Ip&`p4lqXYw%>H
zeH?Rer^2^<%4Elas?@)K)>{eH<~U7Is4)%D3&^jqqfNqRka1E2N;ll6c#f6BP7Lw_
z3)B8o3%I6UWf(pTOQCEQaBi2N+X;8lXN{{a*Qvmnim*+hvL^P%4d6$KO8QtC#?2_N
z`%&<GKGAU~EDg$+XU(=X3g6x>=(^o>qL}BwEPh{qe$6+-IqmGqn|N)NN_D|1eM@ri
z=Tsc}+`in+ms#U0{J-q|6GMslw|pR-84`^4G=tpQL>L=CWEpBZ{0v*l{4>MCvnb)v
zrqWh8{oi{2)d(M+G#$^xqLBY`6&}~#(_i5gKL+W6@QUohG(U#2tPdUGhCM8!4fj!V
zFkYOa^F!CP3l*k)2szte&SSTsri-<UUo%E`_>Bbhc11!JO0=F(We@PQ#eNm8EL|*2
z?PKEB@(XpCWQjczP8aOdJQqZ<R@vj6H+r)gZXrhrMND+cU`D~*u=ygeKjx%!Ehazw
zQ1z;<ZZ4{f?6n=)E=hg&{`8HvSuMf@E#m7L2F(@|4b*Nyj^?D(OShtyp_KYpe(&K<
z<G%)K-IDtJ)emO~YQP9JM6pqTWOV*4oNfDgyeJ|3?au>73Vx3O<RW@(RKzgB|L)II
z@xmnGn}d_a;tCFmMml`#3##Nre*EFmUMx8KV`Mtkd<=%f9I6-`j7yI*_k}6WWx#KT
z-dFE^;)B?=c$};=B@cP42Ctv~az}Y85e@Mx0%Tr6`_L5T;%z<__R`b0?~NpaaSoMX
zlLmCeuDqBHqexqUl!(0o&U)hS;hDoNl)T-D${y?pXBaG>;w0Kwioev?p#pA6Z@2}s
z%i^t&RDrv8X#U$abqv?zJy!|GRTi_G;fck`r19eJ#l@li&`BGml)+m5k7;K>ZCjKj
z=4PJriuTuP`RAhNmPk6dy6e_7W1Jd%_sbs<4@a*!UPUf{uXz;?#1g1EzVjxv{ie^N
z_lM-pn*d1eCo8+(S9(9S#;y1YlKk4Wmy0h}ei_U8tA<^H#i72%;7yEKkVVMkY0C*4
z+n(vHnEeVlNSi&~uyGkYxKX42LG^y@W7_6;#9o%9F<i;8QPAQ3DImeeCuu2AcWFEZ
z80VceD=eI!G$wj00|hT7!B-t8J^={tb9)$x`3WJs`#KxZ%$*fcq7DtWuYc~DAmuOu
zGhz<oxU5VG^8b4dgZ6}(YbD6f9ERD~VvQ*Z^D5-W{g_-GJUIOb1o`Bl0F5tLGNUGl
z26olwqebw>4tuqkofcFwYt{3c;?@Rsz#gXaQaA0#%$|<*c6_TmZseo8%@!HlxfHYB
zvsH?-p}O`P)~HPoHZeMl)~(ci_K|r6QWG)~%}SR1T|?|TgTX_<^6#;m?^u<$b0P<@
zs4Gb+V^o9|sK2qFoFZWlS{W^eN$bq-ah^19jLn+}%2O|HxSz3=aoG1r3qP^da7@`~
z`DQn23^j%%kWc)v5^m7~9*t$XGFgjZ)RGyq>G~@ov!zD@V{UahRYWrbe$*c|wL(l5
zCj4%=BF8PDke5d-25+1%_Z2>~eQJTI66CtI@pJe6&|8&azWXZ|As%u4ITrz;8SS?y
zuG7c<K3{h}KlhGv^sdu5E74$5KT4nXCVgt<2jlwV{cJoalEVfnpB8MAqi;k{AC%q%
zl3eHw2VVC1&I0^pFT37f)u{ciYBU<TdzaX(>f5Nw#@4k%HWdg|qGb@G=-J|UTb{+j
zy;rZE%~vu*dwM%>>hRx+xo{5cSFa5`$SJ{F=JSda=aO^LS&Dxi01!H8?|V0X--n*h
z<qZ<FJ>GoUsK5Q~kstm25-8yNLb9?EeQuBUH%1eA(cu<dK^V%7PL(IkZo_5z;>2WR
zL?k5eu6LLGY&SOA6Lyo9{$DM;L{1M{K9JFA)Ma=hs8w6E7HQO5o~#Nr`nN2eb)Q@z
z>K=x4!<~IKVFluE<?Cg8o)_M~cAKsPf!O8Aro0$hjl8@KAd0pnl3{BoRrqXkKmo-~
z%4DvJW-x_&uZ(pny}6u5t*Spy83?i!z!!PW4)6tXJ@N30v5%eKp2A0HiZc3m;Qh)D
zXfWHXwb3Fd62zXZGER@_r=}*C4<Vk(21`^bvF`xV7rlhHTjm|n?7O)uiMD~Q@F~z9
zn!hjV*NwyX;u-e5(84xW)kYewL|0Zt|D8yAhL&gb$NnneTO={6-=FCBT?Zr#0JE__
zU6XC26ZpFlX>QF3Kr9CN*P0wyaCX#Y1cCkgfBqhwmM!pU3U)|<mS7jY`m5;wwNCy0
z6MRtH;2q-vWCYFx(hwjgC(;o3?En239!QpgKy764O(Y8GEh-RY?sRn+T&mYyTVT>^
z447WuicRPpkC&I#Cfep@*#E5C^hjI8z5Ni|^G;EM1(bQI2WNcZlR^1J?>nrC9h`C2
zLXO~qE}1s12wjVjpBwC;5<i+y1G{ozNl8IbQS!6Cd6n7e>FKRiVjCM9<P;SAZf-m@
zm7fs`)v8|>s||cUkA8~@OSY5!$G+q4mzJ%qCVm-F3SBz$j^IYzLRZwb!;V$;gSEw&
zaIZmB#<ynO#YkFr5&24>u>5H$0#{~!-+&A=`)G-LO$=a!!I7S8>EX_>EO1<qNn1d;
zsj<>S#=^=6|0e_z8ZX4+P4MurbVpS{=P<#QG^BvEv^0_<PB_|cyA@cMd;>vd1Ekla
zzIu<qSlShlLyDjSYvfo59={)Pibf00Wl~O<yr#6cpYJKm*yCwcU-A%8`Y;)Qf_!5g
zk2?`x0*n7Ua?$oXSao$p1sr-Y+Dcorz^m7>-*R$*u6iLTSlH)g2zlH=Q}7t&=Z(KM
zi+3uxW}-@M!9YdSY7n1ePga&yA!q099eKO_+_|0ef7Q7iayf?v@6%VA9}tcHz{2=(
z^L8_)vHsNYUI-z_rEnp$P;&mO{u`u`=9O{1PQsQ$!+Zm=pU%fO0#xnqf`hq?{viSH
zLW`2aBTWVO2WTehl^-{XPbQj`Zkz5xmc}R|kL;VUN^b;>;!ftc?9_4<iy!CeH(syZ
z1LD__#HP!wb4;zvV<RGtm%>wXBPU2`n%LBfdpmnH&ywwLIY=n>>dFe(e#io#+a77#
z{W<tfJ}=71DV?kuLSV=#p`pNIWm>I3#@Tu?Ym|~@e1+usVu-<Cy_e@h!ABC|a2?9s
z%_}-A+O@4(JiR#M%gZ0URm>i{xMI)lWzn^^uDG4)|Ll@-IWtfZB=GS<{M<t7z_jEY
zjJ%46rype`y`U?yk+ZQ{h53|Xye0wNB{l*iP|=PSHNB~iS@8O_gzH;ovt{|=o>R>U
zA(QY0GTq~gUM_}D(Rinby}_{b_L3Nsk2l)Ma66IcrBV(93b(7|PpqU^Thtsd;Wzz?
zT)gH`_|?Ut@A`$at+XnfV6iiK%YxfkiOO3LgoSA9B(c`qz8g~us{0={er{HcRhgv(
zgJAy>{dJOBhtY60dzMj$yugC0)kN5*HkvAPsIWB<I3(`sE39*;W&>Jt+<1>+lLwvz
zMkw6|B=MSQ?=;koO!5nV!=~O{`bms_^O-}AM^^-cD`i#)az0OOm>=N?Th(Ts;&e?=
z!C0)LiK8_#f=nX*!ZY!Dw@nFVuRad6QYkHX5zH>J+$p+DJ?OK2Xb!OLei?MYgt4HM
zs_^sykZVJ*ioW2!K{C!Bq-{@py~-HLw&|!H<RtOvx=lH0@`Fz9tk5VZd+SIcF*lm-
zaj<Vl<@Crc=DJ^@YWwAtg>rPM6K<A9l{}47RCsb%>%pO=3z`JTOI)wqp*lg;Zxc6#
z!<%V=_*1rF{E)R-Um6>*O`GRKN1o2u84NzP?Tls1$jTBvCd*Dbk<;>gUl0GBe}Qxc
z!$~$ZQk;2B6kYBNvsh85O{4r}BUVz04*UPq_Lgy3HQgJiASlu(-67o}%?(J3bR%8T
z-Q92#0tzVI-QC?G-QC^Ya5g^W^FIIc?HoSv+sf=cYu2n;v(`1&%$R+MK3TVlGzhaj
z6z0dbKg07%IYBBmBlKT%L#~5^Pa_M_2g9{f-VoHkwLMT5xwp2^p64lJvYJp1zs5ak
zwW$^}Y1xrFs^an|QWtOfs))ohi`l2RVI*>027(z|KeTZ>(j}negMf{O>3)Z|b{2#l
z*e@RX{`$3Os3=c4>Fk+f23JQ%6RtjCldYK3o=*OaYwm6z;c+9#TJ&WF*xPkayc(`;
zG<AGa2f-gp7g6WOMU7~BzpGnN?4+ak2K8e4q&7~hpF~~!s@j+JTjOj6EK0m#gJXv3
zFNH@6h+#5>o{-w^q{w`fiVBBNv8=$^IlF`+oZWtJ*R%bZb!^+%pvjNSS}65-UUH1T
z$EU{Ne|0S-*%$64LBRB$w(-0_o=bz^MHYO_kK1*s-W8lx%9XH$#kMU8>XIo+I$zD*
zdJLP?)yUfUOeio7bkbV#?U8Np&w=@#ZA_J8BE?>9cc$=T``TTk!a*k35*HT(TT=^6
zp5?mCBTgz|hmhVl-wuJ*Gkc7^c|TBsx}5npF8h{^`3g3#PIhR4B>Yv}C?Z~(9*>)F
zsRD%)JF<bM#D!|jdb;_5u%MhbGe<IJnAzg=S@P_cmwoZO*d0r*X4In&+_NRlQM0?M
zIg2q1%2`TDdf07;evC;ViS8l%QILsSesIzN=<5C!_h;pV(4z|3ll2qAw6hue%8?oj
zWorv$T<8-NDY#2IufnV~y<Fs^1O13flc{fTE_j3SXdUTwH}U~%ny`s4dt2a6{pYMx
zuY#CQ-8jnEQpDpy6G0#9jPvg*Sk@3?jIApOw|b|85EB{4Fwi?{fLGxp{|voMmmFe?
z?Ddi(BelF-{uMWHoCpak9X}Q{(ZcjNoKs16y4q&SNB}sUH<C^8-lx)<sWJY6dt&N^
zmen<tzGwojn5I(O)_#$h$d7v2jDsk3CPp#UG=4R{{_DOBbAG5%_il^(#j7_99|ILO
z@MjchWSfS61iD3*IM2;bUH|kcEYI`{*p_tq%5!5D5-BGSdBq^vf_XY4Zr2-(sdGKF
zjxIohcN;!^s5qsV!20M(qVa>P4$D8x-mT9Jb4%{Dok7|uW!?yu&IXa%ZM5Xmob^wJ
z6`|cG1FjcHRxWP41jQkCK}hx*ZdCOP+)0XIA}+X2aK-oji?vdZ!y^;pQXU>j0x1P{
z`pwo)Ljy{BDWp11c~uxenpilYx2qdxbf|6<E&7x<jN&mdniU1Q#E5-P%W}SwiUWFH
z><6Ji0dq6agqq_`0n4NT<?*HVG}WePmv@EoML*1WG;<QDA(gWrKRslP(&Q`sM8XW^
zMB|bVWD0R}vp{zIt4fkJs30lS)$Xq(y@oG1a`|82tqs}`2jSyjgkhq%hA$R(cD94H
z-Hr_@%rht-d$^g3)&&GdqU=!hyj$3o8c)=x>ITF7$Z6ru9{GNH^bc(=A>p&Oo+H#_
zA}lLu@ww}AZNPu;z78UO&%5ViUuZGj-)rf9N;?^qou?J_*iaM~2_3Uqd{?PtH(8t0
zkuGnxELL+BX@8tF0@2Wc{ILv$`EY(3ug_x9kY`a2@enr`fdEa;7*IOLjW8Auk-ryJ
z+PgLRIFrxXu{N+0Cy@bGNx*$UJg((!v;`%SPR;pJ=2+Z`-51peHh5uOUAWds5364@
zCX#M$Z*gJG3eE@0_+X_yA-ymRU6!FmO()>HLNT_Z`j&hy!f)4)=_o(U6xLo-X3Eel
zMEK$Pj1T%$4t%tnz4)Q7Sqg4KQg@ikdcfOfz@O*sp2*Vdbq(!NAJ;u8OSjUtD5w~q
zEVx<uHsgLhs#2wdHM1xqlNnFOwE7U*sWz9%Ck<V_A}W2Y;zR+5d%X^Wc)!WZPD#9r
zXr-M6g*On`+*V`V9ypB1$XG&rg&b^XwM<Gsu+|NxU|d-q3dIX|YTF?4d9EYV^Yvpq
zMgj<%E=zaHJRxh)F0v(<cP*d)BAISMzuUT~0j@Hm>&UN?A|kA`?Iav`od`Yht~8a|
zG(w$c>qwRGa9DEcuH-J0UmZ#|!I^O&Dw|A|>6z^=rGE71THU6Vd{pv@@vBlD?zQ=M
zrj=^?DI<IQE8wdM=t_+NzKEn?*<PY}(xPe*Uk|KcgF8?D%rbSELXzwHGUJn8QL}$Q
z7QBwrSwsqmZ0xJRUn_^>fPDV~&z-{=exKe*jt9eu-@`oFNux}+cg!FD^i0QMQUv6;
zs$cf3A^!Dp!eE)X{@di`7kK7f61$E3u8fgJ)A;zwd<@Xy?r*%OaVI3ahEUj#?jdle
zJf895foKjsE#vMJ3Uf!!QX}IeC5u;p-*^R7SF^um5#@W%IKy9fPI%f~|IWQTWqL;a
zS$<`nY#^q33R2Gxey^;>b{=bqm#g04QIX`6lvCBN8SZ(5;{**wg}Pdb{<!8vw2DSF
zzyXS#_nl`c^|ZXcQ-e99pVzo07{?xWOp-(r>#0A8k)LUNOIrw%KQkL3$x<VMHJ-`3
z<G!mCF+h3t`c%^IzO?_~R5>E6P~agrXR2h9qg~c@*LrruW0_z@AavRgrfB1>1D^w<
zt9*=xHaEqk$2CQw!vdW+U3N}bB}1l-xl2Xc+b@lI-$2{jAvgo}wf;49?Q$~=N~^m)
z#<R+b>K3=gChC*@Cr{2qFq&`E9wSXX4z6QHb+gz;3ZM1PChbHHWZ_|i)4l2nbWjQ@
z;0O#8kSfW1p#W^O*l4urc-r6*H4R@ZG6&r{)~~uzFgWv-;everDIp{h(-JbNFi$rM
z3J#mO>`8Y$(PcPB&*J>DT2e|wDY|EU|2NHGG2;ZRZ-Mo3lf*(HN8xGQ56BgwG4Hh%
z{qOvnxNn8sFjK@2Cxwa>m8u^j7jNh-LRwfEiG{@jirwy<_9eP7xnI%GBq<IEjBOPS
ztJmp*t-$LZn%-UHHAp46@%LEfZkNW6bTm6cw3^f|Ov}+LjPUXYkB;2vS;6l>?bo>a
zIHsWS)_gqTqI$TX_(pBc^s!v2#uJX&nt9{sJf$x0YLfUFY(X+b2?$u}W=*fcefkbN
zo?4>yZ@~;pwRyu8ZmR1}o0agKS0>%Is4(fC`$c6;cwtg(At;D?`}x6;6*Na<do<#`
zm<2y#BO*v3A>x1)8qKOC;Nly;zVEc>wr|M9o2iTHQ+X#@U%z=XT%^gHo`E2IxWLnK
z7KFJzYsS%<qW%7Pdte3LT55#QN~I*zR`KV4D%ax<40iXsYDGaqKrv8{2ddm>HCO(P
zwX_9am~vIwPN9|fB*Ut8a2{4TNJ**-boNn`pFvYd3wW*Q>{jHW(<moL((!Vs@T~n{
z5(&c>iXfASe0yRe8^>y9xiv&omDK56K4=Pual=tCm}`BI^$gmZF8RKYUb7LGl9ICb
zN4eT6(N>lp0*pQc7GHQv0JFgWaL60MaHYCxdCeB_`uCU&1F<L|SmH#scJ{-?D>0j`
zJbJ|`>Ud4Nw~20pb<e|CA>-d<$EYs)D&O7xd-Ms>p^OGx6*gQ>VhQ6fSpk~_Y_5V5
zusJj1(tI%LkT5*}kEHEqm<{jTDH_hC=Zq+=4`ApJeW=M45S1(fcQdz2LQC)!B8(J~
zXPVm<zFk<t&j;NDN9OlI6_DgdL;n3;!f;4<ZYbF}JHLu&&*8M)Zl<ngkc&yRdw+B>
zX0Z0^VEtXv6Y^ZxGx*~~oLqmXEa0P_wD^Z)PmhrF%_vA-YzANc_5Yqpkexyl_di?p
zP?PyQf#6XgD_Kbq?>SP`t7CTPcu2KXFM8--9`EUE$c_*m^rn!DOcSCIuvgU0%|1=C
z;z}0KYwEPlXIoxhNi1yY^8BDUtk+=5>psC_G7#P!7|U1;QgKQC($HU3Lx}-V65ofi
z#A4KN{s8y;8zNd-^*fyOITubMA_&$v1T-`>3To=M9J#Fa0#>9n;Pkif%YyGt<y_jn
z`dQP4e+%@d;wb>d)9RFFcfScI!P6UBuACK4Rmf8mYhGR*gk^N!FaW=92{=>?;ggp~
z{ZwJ<$Di{Y+7rQGAU=>A<^ue0P4T^hc2o*BZe>(mg9F0(n~Mf9tnFlIJiVg6zI}H0
z6PnNjijHX;eRh`%nt|^LLcno#0E&_WWFhAPx;&kUmzv7Y0~-6Rb;nUjt5MEpF{HI(
zvOm963~Nx%X+yU`E4@&t#vt1X>%VHRkgCjDZa6S=sFVr4*<!N@qb{h_rw}OWqbm4L
z9`7C-!#=CY;D9_gpsugzel}}J(O=<_dGUF@XHs+S-NNP!jhV#7I(_@Q5+xBy9z}Gb
z3*c@i@uvYmf&2mT;@fLnwQ`v2v@WfW7dr72R80Gc>LKrWO3rBSI5#w0nc3cCh2r_N
zEq86wkB(GF0CSoIkb@b^Md%Af^38snO*N~l>^*~ZDj|QgoZh!jS9fEyr>%otY~+F0
z-yB$uzjCNN!xa;HMhpT;_K=(^UK7z9nyZ0JOnRk{2VZK#sLR(-<iVd1Uu+lFh-u=k
zKX$HN_*Xp>A!16J4%*B@fLObD7YM%IVmSz|tO<%R!)?ThfwpI-vK}^@!Muc%(8XGL
zZ+qB(J6`*9q*e?ejF$RM!FlWFfpVz|gH~zfc}4H>P*@vkC9xz`9}I#qgu^!&7eNh<
zwC;>K5reJ}ywObfn%~WAJtVMjh<I|}JUjlWq{7q5=~F{HtKQW#*s_PeoB5<FQLm&0
zcN_x`?hyYUc5N1jc&(MBA7!Y#;X4BapvWcj)%;HGZ-=)|`i2zK7t6GW5Fd|x7_q7-
zfqdc>W+A8d7^LDyFJv@BJ9p|Qe*)Ny-VlG`wiZ2o*9`ro?%AVjXvlP&<;|H<B$(Hh
zlr$@{0zW8Nio!{6!I&r2CB?=X@BUK|TuS`B+)?H@v`Gs#O_OP@^RnT`)=2uWG;Wu4
z7dF_F;<Q5;_$UatSw8rtTS9vbOkoMkK4c8A+(`Mf+J~*Vy3m{Th1Ob^&-yF*C4{FO
zOMaV{Q4`+dNlO+E@B+2b?j!~H&XtVc3x1A<o*1|xXZI~`-Yj*2o*acGY`j_-`mv6&
zNk?FW;Z*u7&c_ot*2WVmNmLAK%3i5N!Rao7w7a@PWcrEOTx1gBSnwG_)Ab8Yvnf6i
zSZP8isMb3%;P<pI812c|H5U5dZWCgBi%i2F01qQ9qQ(Q4U}i<0<F3iWIpwQCk*@J_
z&<bq4b7OC60FuuIx9<8m0%j=sV2hBfw<2*;+6=VCuv{H}M<xlEI+C{W+qR+JQr1Im
zj<tu75u=QyD+2kEax8j;tNXU_Qo$3a%0Fbl^RrxOx-M;7uXvQ8Ou@r=X(wdb$3yH5
z%+M|lDN+WL)lqAq>cvhD`x42Fk}X47UF;(IhNFy~1+<g1X{OziG3<}d&imP?b{rRt
zyJ~VKYh!`ghUa$1@#eZyi}W^yCa6AT@cK8Q23(3o)-G<;=W%1(<K!`&M=shwv!vcI
zm5W@=<_&%#*j>pgLvnuvy(}xR8}|7A0q}c-e30bsmt699XUr>WqN8ufhoqq}IPdP5
zS%bbJ3F&wp0=^2RjvUDfU=yLY1YXIJPL)^?JP?g^Xga1m7DOKI4h(*nSsXFhj1#9m
zry0J!)Joh$RUEW+mGp9^0bCys=z6c#1F~22C5mIX92GzTiE0)wHRaY>eH|%-ywWS)
z5RUQHu4X_W1L;<g8^|~DKu!P3Hw^{0ca1R{?ko1UzA5F7HI#lN6E-qo0rN)NJXq(b
zBDa(ioTxssJ@{VA>Szax`I&VPpX0d2Oo?FSb<KZC806j(Gx_8geGrK;ownF1${|GR
ziL{Cu!dTQVpH-iq7!W|GncG;|PLW{h)*fgWtxLdkI}baXJ4&Hy>*MgTW7pcC>c=ws
zJ=F*v4nyUxYBg<>IIW40F84c&B2KsTQB<|coBYy8i7w-M8evE$9`0F2M=+547cDAh
zVPdU}XSMG3pBka{B02kCu%Do7-6AyEB|W5N6yzm6Jb(h;tM2xCu0I)iwysyG!-7}+
z+C?z|N09HRfu(SWt!PNF06B^p``wD#RFy?n%@k&Ppzg5_Y-g39-<3$)i|Y4lbvv;p
zxf7g>pJ+cyQlfc?te1}z%F&%7PAL@#zN@(7BFw~PVwb_=-gu=1fz=#=bRFRpV966~
z>W~13nncn0l|&?R7~Wdm2cEM#X|uOiXov`(k@$+xBTz?Ir+o(TSnNz)cu5~WX7YsS
zA(?WQq8rM`qS<Y|uGm3S3mp`6U4(Umd)Lw?T;1q}kw$a}3*T*F+7;jO4fY)Aq!?+Y
zrcs-fy6w8ZN=+%X(3|r600gIWI0s^%g^Pj%f^>yvrDX=pvu%t=O1vSLV}{YcbI&dO
z5C&GodO8ur{p5qMa>l)ElxY@`7OwuEbBfSv9%EIaH{cE5N;zR(271O#wux}fjbQIa
zzWjN!_Pu2_&{V2bz0flzdg1gcTHs*RgS&L>M(&TSzhc1&9f%O52^k<IItqGS=9yn`
z2^}quebq$vI6)QbXi_ZEF{3@Mq2Y&m+iQQwZ|e?G8LZXb+xf*Z3WoFSaFIZweJsS7
zw_U!c!=-e{;6v!```K~2a4bq`4`@@5gs5#t*PFE)>gGg|$Y!~+G6qWB@`bGUcwEz&
z@(*)HsYSDcSj?ZF?%#5*ef5THYj*CRSm<0~DN0F$zr<!AirEJm4xOUT&CTAJuo2AR
ze3tD#toe3A&2Tgm0TGXL?P63p>>|c&xz+FUIMuCQ%<RGq*Eco`{@`z;6d3EmXi2{N
z?Ue0P)JGC|pRewM4z_G=_p1+Tcah13h2*!1L`d5oq17E8;UdbRt2=&Bs7zk8A2i|0
z_*`BG4;8Hnx>BNt3H!Jd-<(nJi1O=#23fMq+X6}iIxwL1#cXss-SR_0XX502-%JFK
z`Mnr0hTJEW@|7W+s(3l5)Ksr&f7W$w$R&S<l;S=X?1$Ad|2ry@MuPfOZirH@(M$j3
z=Hb{Lcjg9-s&NMKc3U<w*waV30TvBm<!JPpcGzu-0UnpV*nEcK`5W~gRB|Xy;a;y8
zWe;brUA}^br4v+Qp)po9b;M{xT3(gemge6I>=i2b7g|L?zC+PkN+EOpiNgrV1UvZh
zpGecw!fUp}&^wu@z4hC0lDq$@{eH)EL{<k|w)H|ag8gu^jSf#CU01NxRrBT5`4l5d
zQU9~R0-W0Jx=^$=-K^-Kt5RhcH5__;X2};Euhrf@q<_t!9c4UPYF$%&`-<TR`GY}(
zTTZ2?RkmgYoVM`ajYi&pl!*H@7en2BpNl-o+Y7ovE>VFSx(Y}VEN=1leWBA(;D5|+
zR|-YmuHF^9<`LF@$=mLrbDuImVj=X=DysyW7j{BtdJ^xrx}I67k)ohwURiyGk@S6t
zhNa6@gz#sEkDH3fNz#PYP~wWv!SMqn<bQ>;Pk=x&pCjB<2aG@Sp@-*cSz_04>ti!f
zrV`6*h=BY3SuMFmY8lrLChhGVOSjA!S4OwyYG)U9Qx&Ehp+TzV6I(=C0=BUs2LyU~
zCiHK!l2x}~bJJ!DDueDmkTBoI4U`fC;DF;(>oqom3o?ES?D-mAvtKSSMS_!`yFZ}4
zS_##Wz$RPDs>E0sO;lPLqb0FCs#HZ@r2IfbhUG&548kD?C&Tkghmym62g{>ouUwVD
z*|$>Ya+HyEoE@Oh!WGuFoBf;whZ;-qgIxR{4s3l_?G3JZEIN-zbx2hD)K2*$H9tBH
zP{EiGk`>@+xt`E5LB7KDpZ{1u_90}N@E2GP$lFIZ|Ln959cw=ctnDM+*$HJQ6}EJE
ztdO%a+dJU2lZ#+3BekOe7j{x_#DEUkp*M}Z;Eg1=P`rXqD=U>|_q!4BFQx{yONz!Q
zv93~y+o(HMY^)1jZnhEkFLk_JW<WRpDoO3nO9=$K@Z5qU(|Ve@w1gHlJ^vCV1=I0L
zd+FTJ?FbqB(G{MzO01n%a42Q}3tO_s<3sOuZL*z-VBkA|!~#u5uT}|(fQZ{(MEj<s
z#)?D@6GwGXit<*<D;!yCiRi85a~u>?FO{;-&~>l!lm5vXngy3$qsUKr?4W*n*oDiN
zH1%io8D+F=e)jfl^#R%NjyIeZ#&#pG8#XQL15O<FJHfc+wxP$HT?w%@I>1K`J>_?w
z;?HINm9n|Ru}F%y3whMz#nH19V6YhbniSO`BD9ae4t814)gx~T9xYQdHmpEe)juA3
zgl+W4xsa{e0H1?-`W!@p!oM@X2RIfCe!nxWgKU;I(w?61$1A`izW?ayPythL+A{IW
zf`7BBXVAn?DH@nFVGsVFq5Wq8!g44~$N!htS~Z%NEh*f>d22carjjJ>lLw%2lXS#_
zRgZ;*Vl>9*4+%QvARr#jRoL+Q52#v#k~XxHtHUZz!f%B?Q^&a_&4*Oza#76I$Z@Vt
zupzqaE7?2V8Hk&3>(LBWFPf;{#PhyMU@d5=ejBEonc^l|J=(CJ2z^b}#au9M<I#7-
zmY~2hC-q0J3Fh<q+#kzdCk>NvfQEq)AZs&)4j?0hL*+(tZOps<&onty*nCAOkVhbg
zm2@r?Bj9#tjLVDQw7Vc^#Oe^4Yv+82Wd=Nb@|8BQ+_0&GLUof@nXQg_QKoZJzl2W8
zSguN<>I>%?mER}wLm14;F*^j851iyf!VHuv+>{)?gU4PsO@faEZw9l<gJ(4Z?T`8Y
zPJ-`Hk1ks~2Uns)AW>nwJ-a3&_zfZQ(w{-Q!cEN(>&_#wvtE*2+SZs9pIs2`Y`s+V
z5O*#`0sW+XHnZphf4|a5%XtAaQgq$uYFd-}{9E}jmifN*A#BoLHiYczm71Em#O6&4
zbThFmp{UYZ6r&!=adHR_SnVOw=-QOIaTCS@LaU>X6p=1#Rrf22qt@LzWs7rRz*1V=
z8jPQ!PqE>$&yKqljhR(qt)}EU#caqnPi$Jpa}zcFn<*-qsbCGfh%?j=J$NN{MY45`
zNbH^sT%3d)Jq)s~mSdBd@!l!rn&om95oL=r?o|(ct$GA;RkEX5nYv?{<X?$yx2}(5
zLerMe<|U7ZPhw+wb^Y&+rt8YbY8~vg{b~odi+CL}Y^mE$T_s|;r|b~FI8{FZTmOua
zD*)m1(G(Y#KZM@Xq~?d<3D>Ga#TtF^C8eI+WvR&nwQd=$hQFn^EOJI-^RR<IiStP%
z{lZ{i)fg)o$(%;0FyCZ~%gVz@uxr*Nuu-y(i8uSQtm-~Ump*e>f5Mi;!T5zeFXM0p
znIIahe5O|S1;JoT!beSC>z2g0FIe*$inH{gHAOZhn&Pi&;40Sx#z9~i%$Tl9t*hJT
zQP2GG(}BfHM!UBL?aqhRzJt0pec^6*>_IF9w1&E$sR~@AL?+QhB1_RZtUEs84)FOj
zxfQIr?jL;fOHJBP>Kj@lW5D};;1R2Mns5sOJ8u?^rJ7B@ygdH$kdVgPe1kC>`3_xi
zL!$X@&C*(<+mu2hv;}w=ZZv@wj6bSrO8P7{-hd48_3R4KNm%8eAb-m9=d(F=#`_*^
z9SxOBdQp9>bnsa7aAo=s`*K64=e)!Pt7L9O9}DJ?IyIip(mu9-T1|~(wTl(?$Bi1w
zL(2?$)-qR#bF>_~?C7W-^nLtX?&{|!1`Y8+WTdpPw$}0^-l_4+S9)B#;=R!!!%{zO
zqc#T>Q-r1mPVMB3OL;RG5dLbF9mUY<gq;Fa199W4MyK6es&#E0Sn1>gz_(;`seZ@Z
zhO}1q!&1?q;s<@(Q<>t~Q#tomxlmnbS+@LsTeY?lcRu4vAxAyYorAWMKr@zuq1%r7
zoH3Qq4cBz~W$}a#e~;KK(R1jT*6`57sFO%;odkcou0#Ii*0^>G|3@Edhp^oa6h>Ky
zO6mkTp0SJSaiSA_-qTmk!6?Kw<kfh`kAX2ch6V-PKYI(;PZg;5^@#qM?!7os!%4UV
zjtkLC`_KYu&l4AiR@uOTB}Bp@^P%W)7QlAqKo7piDSL252CmN0>Y~!&#HfuAFwPr2
zuh7<khwMT=*%<^&*Q3`P_p7hDSthO#++|&CIc`HuoQ3S*ifEE>-HryR-0s0nQjvVu
z_8O7_Tbv!Y6W^nv47knJFiWLFq^FG8@P$UMkV?!p4omX*UVz#KLgcGCTo4utqH_yX
zi7wY0QzZw(XNfUOSvRTeB!bc*s&iZ<$6fQq*WF7(+g&$5;rIoY!pqUNx5g?Rv@F~Y
z<Y4G9N{$*~D(d&ypZ?{l_(WmYdvS*zI>0!3Js$UTyhvf84+!{;yRPXMJV>;$9j$br
z(s<gk7DYwu*ZZGI0Kief)9Yp9Yl@{XPpdC4&16Jlq%;J%tc%P0v?jM+)Ks>7pSBb~
z+-+b_Q&1-!9O5O&A6fZ!a)7qGU<y_R_VUrZ323`Gpdy_j6ah^=+Sh4R-Cev_NguAh
z%241czt34^7=6HX2G<9!HVOSm9H@fjxPQMF@#uV4@r8P7<>wDhhl<inpVID)X1%>_
zJFi&KF|58BjQ&i3gm{y39aI9re%6nSqQ~U%!|Tyr`2&wj{CZGohODALt-_r3*tDWb
zm~wys*M!bE)+D3uwW2=GsAb$Ab3G7NzrQX-AKsJ{xW&N1@w>nvUApAK(LH73T^aRo
z3+|J}Ui!Ys)><>7gW`xx-e*;~WAL*CUw5^zrQU6Tp0@mT{)I``x|GKV=BP~^aJQ4E
z9PQ5ZD+7l-B0_p`4<2vvvV7J}>=%h$deVI2AC6r0@V5_VNc-M#E1}!46tu?(Wj+pv
zYaZaUsM6$S=Ql2iztthqVR=97c%Rewl}m`u9k>_@Pmp(I&e9}IsOek%u1}cjg!$*p
z1N?*aAl6UO&RBYwoQK<Kx6WhwGL^@7j@HK<e+@@3fD5Tkf|+W{ipyc%wW5DLb)|y%
zdhpPfNrWW*ffY+8W7cYBSOf}k;6<TTejs4Q@<4zf78vabi9$#?L9JXvgT|&OEW&3n
z^*3I;li(?`v}|hxEjfd;GBV)7XX}G5YCI`VbbZ{FMq%L!RXJ7dEYglBM;HmsK297t
zh&U_kHS=0p_~TC-iI+JA)+&g9iH8aU_EfVFyC=s8L(O9c8(3Mkvvw`z;iS36DZAFY
zle^!ov*QjUw08$2?G!2i`4v4CHY?*v>%@^p{@1DpR#5yXU8!RK<fuBAM;Ie?6{Ymy
zlcRCSipP5b0sn%@`J!KS8~U6k&1(zfD0eN#&->@mn}8S8UmtBZ0k<(X6$$!mBxr{j
zgR_Ia?br=9qD4d`@IzxMhd-vu9$Wh{R}=ccs{dH2yklBNBn(CSa(s5zuwWNxo%xF>
zV-J86t;fxnhZQ9CHdaW`#EMTb7Ei?<=06eu)3pF0cE->{0`1EIaI-*8^=QXop(&V_
z%R_i#<q~<aoM$CYGnC271TL;$7uCB7ez+lAfzTTo(Fy}$UsH(g;7!$zJU;aGluBa{
zT0G_xZv?jfBgVR3BM7?ZL{#j>=MWBxgBKemh8YfY2Pu5*us~K(lJy-g?RP!s!A$Lu
zr`%JcvE{QH6!A^hShI*1FAud4AkSXuuo%z3H0Wq7Bc?*pr_ZemWvj-?>)3*$Wsm{*
zJ&Sf6uwScABM(`)#k^oJmR7!@xO-1G?7UiATa%|JvH2@R;qziZ$9!ijFIoxe)yS{P
zJ5$4=!j&mjl3(h$bZ==nw1;F2q(BoO>RqGoGYo*?t{&ONGSMY@Vh4~1Z=;QdyL*uD
zzV46@*3Ua(_>f7d9IU?>(!6S<wl<3$B0{Y0NrF#&4`1f-dy)oY0}+>oI@4rb_gsJ7
zAc_+0cx3~vp{NF5)bNXq4(j{qX{LDEufft2!)>g{!Iye1j5T?+4?fDziCI_Q9QL-$
z2N!Z3$c@@!h5?xxi8>7!$TfEIo{4aeO)?L<-=boIT&o9Hxu2kqKLZtHb_g7`U6Ss1
zxO+O<J+LK~tG;mqO4ucJOUU*QS!yBPmdSHO6ONwIVKU<Z@Ko_QTM2zOP0D4<!9nmv
zw$2)xC$H5Bu2DmOT=NuRpgN3w1R(mIbt8kUr*+W3D@laZ*KrFtVLFzIF+L`VjXdn^
z9Bks7^P5a1R)ivMKc)bWlV3jt{KA02g>#^p!u)P<6k242ie^I&NoXeAk-;cPh;evH
z9(ItM17JRZvchbz@hg`a_54S|ES73v(JibRU~Yht06vsFTn5b8|3qZc%>-WTw?xe;
zp*rmKMxWPJO!?Kihi#07*9-JvVFl}-Jx4<E2%6^q{T<(`=Bzvo#6!g5bJXlj$U?@C
z=eXYUPfHlTweRUM`2w1KCFMdwMF$Et^2d)=;Ou6UDP}?t2%nMBl^Wa~(I@%0WdX$j
zG}^HO1(MuL0>%vj%hqtAo+CAt*d$!qPZ{B6Qqx0!iRetz+mz_{dRm``V=<4NsbexU
zG3^%NeK{y9G7>7bZ06j`SGZz3`s+VApC=?g0Durt?Bz!SYt2LHA0mc~!-Y%$@}OiQ
zcMl3SI%w|qaMep16`XIinnLlD6_Bz5xRS5u*81;B_K(*3MgR(0wym5}{9Qr6^b5Ep
zV32+$59vp+^78JuQh)z^T@uBb*4uZNxrAO>!v2n)jO77OgDM|J5l)%@_eKGFWH@TZ
zfPgms$oB$|?v~4ZULkePS#IIgY8o9h@zGLt0k-l#ZuS>W=2iR#XxpA777p$=$k6*}
zkHOWghv7#Zoo~C7RQnk}7+|!k>AY6u#LZ`LHxnEZA1t)&-S>wNUC^G#s)q^Pb{N8|
zD4jy=*zb=wfBRQQdLg4&suTH%`b@#Y`ermY+9{W~K|O?Ho6WnfvV?qIEtU-RwUi8q
z=C$|+;z@h-ZYX4OU5jCOaBk=7Q{f`|Fu1t&pip@CZaS#(^`IHO;sLSMNqg7Uji@F|
zTy3XA;KK`)nZ;lPp~v75dsny<gx<7&4Sx>^_Z_51n{IsHpynvN;RTLb?ZtW`W5VQR
zi}82pdY;QcRqCS*3ueACa3^EmXPa8j?riOxJ4N1<95-#&dcOvpxK7%k44~^%lTeMI
zqvl?JRMI`$9h`WmMXY@2p1HtvesCk5u-OsKu3wo#{Jk4}{eaHZwu+tVE=Im`E^15^
zxc!i4sR#ve@WuKeXuq#(;H2NNxXfm`N1I-|4}Y^XVwmT6Z_KtL*hs+2;@W%-Eoc}y
zYOO}!GALNT-^VzaM4LgQ06<sXM!e7wyhJ+gc~SSND4uROJ&+S1-UfEt-4T$n)nR#1
z&xQoho8*Rtb|=iqBo(HFMHgdZEwg+2J)hay&N8KNIRC2pyN;6il%FPq?^$2IAaZzJ
zP;Mz!enh}jeplFH=;~T2ujyE-_kf%iS$O}j_H~r;!SNGqoh?%0;hWW7O(j((%b{Dm
zxf8RmfD8q~j`mhKdT4H*j3sW7l-NQx<62_I6B=%{o!M-gR~mgp4k-9_dkXLFdm_4V
zkv$v7qEPyNN4B0pqXN$E>U}bw8O&5+*K=l^<re(aaiiCX`n}D9+p?2qu!F0g2k-mk
z!UH5`SdeNa+COiCp~{#{Y6mB<@YYv=O9FMEy3qCYd`h3KgZ-vzCs#UCcJXCI7+7jh
zJn~Fg{I_fdCxufLF-r4|l45>CbO4{0{T1l2cPqM|VXL7cx6yR={c%>`oEaf4^4yj>
z|A0e@RxVzJX2%E4QxhV*?~h<bvDsrDCI#WYx^(w3Z`j?MthMA>SX_8TxgYPaEsE)f
zB$YTMLT*Tct46HzQL?LgwLJEq9g%xB?;8rd^>EJ{@}tswep2O@9CY(o*Z2SUc0R9S
z)a*4XLYmulVL3ua$ZdLX4k~^0WD+-eQdH<UXXVn^d7&HAl$Ps(QlfqJW0|I9Qy%K(
zcM%nhuDoIa$%3t8hFXs!xEH<9ED_&^_xIYO6L?-d@4}jhJ))7#mn&HhLKOYxq_?D#
zhgap8$>@~GvP^J=?$PXaed`4Q>SgQcQ~$Sp7`_@CR!U15|4``<sL9{+-egifsGWRx
zJ1(v89Y#EW9CFXeMGSwXdG-ur`GX+8ye5pS3cKuH)AE2oVF#%kGsEly4IS?xHw)G+
zZS8sf8m&m&ccKx^hc(h@5M2#6f&l>2{5Go)MnbW#5Je8Wn0@ahjS}wVx1#xVJ&&ii
z9PH8{OA-75n<;eB5@xkQHt@t_|8UM^%KS1vy7o9<$@t)xH~U+ctxCz?iU``ObWQ(`
zdVgzK3kKlxt~NcN5R-rTEP!v6|1@>E7*GGf{rbHC-w`x`g*|X+!TrxWKnqZ)n>$EJ
zF2+iAQI9m2+5_J_kRy6U0+-qm4Z*T{{V|syI{~OQ>z8`T5)lAG9(wxN4W-s|3S>1e
z;Mju~RS@|JzfU@-U_)R`5Z|1Y+Smc7j{J<NrHcKvvh|1G=EMjm!3hcuZrBM74nCdf
z!h33;F;(+Bd}FHayWbl7*W=Sz*ZR=*{I7riruVU@_&yeviT8iC0hIX;V2sKmNB>b2
z@TYfZz`8)D_s>5;xZic<nE|NrI}7*!%<NBH%_jl0JUfT*RPMKq|MO7`pw;-0A|Od8
zqeD+fh?ITqAM<FcA=q8c?r2q!H-lS~+}`8VoN;=?JBq$}trP{!OGfWtrv1<sw)0Lt
z9Vvu5^lZ4?(Y7txZd6!Wn8Et4)WCGGjt{9l@>nnq-8v}TC006WeaU-q?Xr8lV0NX>
z>Sn<ZnKHS44bqYE*LOAuhQ(O$ZEvAZ85)0oNgHvYsF*41sp5kBve<Bl^u}dn3}OAi
z&S>!GNsw-70qF6eXHxN0v5=+nbeVg@p050+y!6X9LRa<EQt<D@wAauV4gUOTlDa~}
zR;XxbDO<tR;Y}@T-Yl<g@iX1T`sWG~^Hw?jgr#!1HMuGU`kmV+-}m1|$3a%SC8Tdn
zI=uUO<Kk}0(@Ba2LhOOt$7pO}e)AGyAou`1Z$Qg7vR|RDp77z6^}K<<UdlF+ahS(Z
zn?~Sn0b{OO&O>T=w3kVk>yZ_+uUM>TobIGQ?wEc*=2j~2sf9EhxjgKiYa$nU`;R-&
zt`1$#7g}uk>YE$ud8%*k(~KXIHgpN$LqF}N6^$(#RPos1<0ljkp~<6kIUl$V&reQk
ze0*7;_5eVd0P#8;h2bs(A%?Yt2o+4@<#s(~E%frO5kVyYW`;lve;pUO=;VcHM8C7q
zp@JRD@T?Zqh+%^W&W8;2!wDa?3&IX5t`O?1C9pI-kT{^FnhQ{Gc<|(B($d}yOYs1K
z8*ULG^mVb!53kLJO9D>Qln$_I8r;CnM0CB;XL=;A(W=jsGaM?DEoIP;ergWSHVEx7
z#|gPmQ_A(2j^htk%I{k!0{9DKAWkz?k*uYQt?A}tSATj)4`#(VfwBQ6<3xr{xpCTs
z?7ilM(`1q$U-x6_m+6{6;yW+2r8+yU1{GB|R8fhpYzZmiHq+?FyBFMyG6XugNZL`0
z_*eluI7wVpS>pJ6*f+a(-#_9E<o?j5(ZnI6@o&4qO;sfr{F>y(il{IV@bGEcM8Efx
z)E|X<+pPiJHFA~0QOF~q8aQc@tEp6@?V)^6{nN)W3zh;6r9%0g?<w$Z;F@WZL1u!a
z$pX*gda(BG&0%f+xFwC*@cYY4WZtmt&6zUp)m@6YMS(SFlK|JBHi(CpuDmpAx36m9
z@wRTc$q<?)(2}w-x>hcA)=TB#$LR)yBzKt*wGKlOMI}p9inZvS?ZiiRKZqTG3tV`}
zrK(4$Uv)VBq`(aR$#3P{m}`OA%M$;wX+{^G;VMF@z6fn^CKN!5sXaF57MgO0jwB=S
z1vkkxt-q9qAO5hG@4aVJOhG04HPZw8QGi%O+-*Xg7plEV=r8mXN#n-PyB@sDgQu>9
zYlWbV$1&x?o)h!!-eeB|NQpU2$B%i?Gt>j(QFh0z+igQ@p6iSS|IAxx>(|7SyQDYr
z<p@6Q7h47KLWjsP9H{N!-o*WaZ0)Ni`)26}`qhhRc|!o4mwGWIwh6sGz_84Qq7P;B
zrldx{8$_46LxU3_A@x&<*R^jlZ2J1#QJvO$ZRHDW8(WF<tgESV)V^uh!_27g@fAf-
zfU!*T>KuBH_Th|+e-~rbsm63ktux-Z&ZJ2l#qG%9kkRg7@8N!FD4d#?w)VTj?cjND
zm`uCb_HJ*#suiC^+94V%cGH!6zNGg{X(4ktSX1}yf=Zu8Th+PdNBV;IkNd15;vr>y
z0#sw%zo!+94(UjEoHzU&bS=&yVTd&H@7#V1I_X2fvoKEkP;Ohf%V?`dr)XZB=h6=T
zhLmQGOd^?DfqM6c>mi~8xFX;rLRR|sP^JS&nkVm<zbo!kMOtT@-w~)2SawKH1srg%
zfz&2*Z*>NCC31RpWUe7hyDYg`SUY$sXqsGuA0*_;zE1B{8Tou(z1j)X*?CEzfR4O)
zM42Ym?&t5$xCnyg(R@tXZjB%aX%Kz|L+M3Wz!W!a(z1fv%e|sD2tdU=nmX<6hPN81
zs6ibc3I>Yi7B64T(fdfP5CzaGIZ>1<OqcSlnn-~*Nh~2x>XjP|t~d{)@R(haj-tpR
z7X(s8Bt|FgMDdt@z8m3lO*;h0_@RU`j=~5qL0X65VRd!FNzqZuxWjKJqmE1pFeA?V
zf-{LXH=La7^6pxhDc`s!_N5;aQ1Qp=ZYQP2R7R&IIi1@F5!T0lOBE*{cHm?a^i;q>
z8(u9kD|S7HDr%C+xs+;i7&M?Z;awZ>z*o=u^2X@rhMOb$z~-+>6B!nm3w>Kvv~YI9
zJYnecct;67Di$J%C%rkar8TAm;ZiTwzRcX{&J)rwGz|8|e|%BqoP%*;4Z7fD#Mb_L
zk8+7ZyW+!Q`lF7{kXy)jwL<#GW))rEMfuX{66}#$-or_&8vNp<Pc3L5C|*n(2PE3W
z{=Efm-EBS}zJ~r6*gfZsm?%emmV@|tdz}KdBzY}U<R-giFcC@Tv=eJ<dv^f6^CB+F
zh?}mGc2-xM+#8|q@GeZrbFQd<z`FKroNt2=pPXvD5>}4^aF(!aR#m=w6{gLF<d9EZ
z=Z4iE*ynpCAQ%|pVKY@phgoY}i3JgX?h5*^#S$i|F}67Y;Cd^&x;Wu9kyT2WhR=Q-
ze=>mU7$Nonp)M=<j$wkQ%LUu7%(ZA6&EKgeQRuh^31YQ1+&Z#HaWh=g0R8&QQe{k2
zS0UskuGumF&Boq4$10s%6Bgg~C%d^ZM9c@Qgnj}w=CFP}0k?9`dH?FVwv=jC$;C1M
z06KnCh``+3b@0e;ftrhKA)tPN+;#mG;QJV@MU$vV>ARCWa2$Hx;f27xSF~nb_q*7L
zx4TKeuvT(QZ!C(7BFfS=3Rb}Gi%QE_P|1)=h`kgH#6DyANT0QLzZ3tR{4n&b@ZfpP
zjgjm6;nuq{CVkbA&5=@`T?7+q@Hx$cdr7TwI<M20`>3MH471$wp>#$rQ=RfDAEl+?
zuVK~DZgV3?uYN^PzE43Uk&E$EF&G6i+MB0=&JuCB>AeaPAC@sSuc&!Ufp~+o|KX+6
zOE!<M+iJ^duFbI*<WJc2H>rlGxQ?PciFEZp@au^bTJ}wvMaG7rMomp*MjgxNQ(wod
zqK!Ndd3-Hat}KQ#vQAyWNQ*P6iPqra&Bz~PHF;6zJdx0QFUVBu(P;)!iVjo~G;1E`
zUCt&Y{b|SFjlXYHymL}liQ3QO;a04J^iSD5InSW!-Q=dXuKj-L;$L*C(ZhHQS~~|V
z@7l@N@gTSwm0CPD_Sb-XZW3vLJ6`Bvj79{H`yZ9q%%vBQ)@rJGj0>4!Tk_#KzO_75
z&7NPrx_9jzmbGAQr|oZtY_m=PJ19|(QqYXXv9v9!yGI!f<G*za+k8FVLG)$cHgA@y
zNKLc725i90D3-QcIzFC6MNEx)*j84Ey?zeboj?br{1I887T?<`X09G@M+lT!nW94H
zQvJnZH|Xo>X~~rMUlu#S`W>$7XB86@%Z*&fhd+3NJ&_q8INoi|SR5ZM(;WK2yWznp
zKNrX+cJku3B_}J$ZMk8qkP!x#6mxu~eOf(6#lUc}8!>KDdQZTG&0^@8CK8tVA%aYd
zs;1fSA6EKJ#S<%??o5UW3BY`o3IE}wgI`yH>?LIp12)S3W@BHG5MnIOTKlOb54s%l
zXm;IEauJVq%OL07Oy-*awfBE&p8F$8_X-C>Y$81=1RUW%Qkx?=zCr~;^PZcnjW@<G
zYP8m*2DqMIac&qKi~m{TDGPYo86|NR&87pjR{UNQX>irb%Bu0(=@azq^$boebUQAH
zalTwpvrC-Wk{qDlOF?n-E_R#aWbux@d0`LGgJC=Y1BT%HjFv**%v+k`5jyq$-+3B0
zG|l%Oq``sW@&6;8@cj<Foni-?!v5Dwzk+|kCv;0DD<a`npZ=Y%J!Mq?zr1#2AB$qg
zIUOVY#_@9A!D?@+MA`&>R^ZQy0UA8Op7NTtXyW0kDETFB3MIguPjS+iqWV9Chp}uI
z5R4bLCzgl4LJ-ML#HtMbSIPzx2>`@UVzKAHC0Bnw?xX-pIX_A->-&$!y!f7!LSZ!V
zmsn5c{)dFw0l<_q))p~9_up&@@@d~oa=HrA-=+V`z>@KSSW6m7inC7qUmAWA1rX69
z3k#_1%?Km{HVe%5MTyn_NYttT0P3yhKTGES=MRASFd#310~pvpnCi^K;PN<^o5Oz2
z`JYldHJ<&SM}Z`7h_YHH2`ZMwNH(dqukqg`6;zm5Kp*^R1|2Q09rsGQqyf5q{*KE3
z;F(^|Pi<`AoZs8amPrHuC!2&o1%`*`R6bQTq;+~*ia>z(EX>5e_a8_nCj#1)9+Y%+
z+ou!Z{Dt2CTbC{9z(=MGJkKX<o&g0o7^(l#Baq^vFBw!~zbSnN>znWS+R@S2Ua^}s
z93hQQ0*Za)i4*tnZv{h=G!L43S$(EOh57Djc6l%#s--aC{5y94r}$uQuLLd!V&K3y
z85tR{(R{7l+Icun>OY<SSM`L3kW5F(JgMaff8<twS4DxG0~vrs5IR;^qB)MbWRe<d
z2`W{IVLDoR{w3fq)A{QwK%ZyF0J?s6s{0RZ@E=XO!Y}}@1^j>cTCHc>vNY4QDQh((
zQm7PTh7&c5$%ObLo1K8u_{X9Th|~UxKH&{bsbm>fKiI<UjA(O%Id@aV3mX0mUVpcz
z>=aMxBSJU;11@WNKob%YqWHv$SoG*bH6idtcB~lxbZ^;tSZ#K{aR20IMa_?Yjm9Sp
zAX`FQHv5#^jM;`%9tyQQaKdwA?yj=_XUG5$4!IVdW4F2wo69|f(Z1m8L5sC7g9)?2
z=%8$=VNuoiqW2t)U8(#(wr=M$&AVM`%{y@P;~4LIHw=%PvGFFqKEl2rC8N4ND_t9I
zojkkmceiP}G=$H)q3YYrGaY2InT)BL%|-l`);SZLBftgBQ6|{2&3Bg3Cdz5+sp!;(
zBx)4-;{4wDUtQ?61XKMI|B3hV44`!fzq_|`Jr^uL%~B^`4DptC3+l`y-^k(jniGm1
z-q*Klif&|d;0wuPQT5QnR}CEo@Yrp<E)8*|u)tFMI930St}yCR9zaMTyTwb((@I@q
zr;pg$11pe9PS$<-AdeH3jIS6sMomHkV1z<YI^v0WmA?D%hQ{cyT?Y!OM<oe{g}h_F
zruK4pY>jHcsUzZn+D&ThfuG8wt=IF^0*98$I|kd2_n2(|HNzGZOC)YX6K+!%2%bfi
zb)MAb+%Lq7%$G>AVc1!Q026X^*TZ)<8#<4v{5~~b1+FU(0!dfp_EKBv8l8t>#8i*9
z@?bt|UDhLZd{YXP$8tNl+J@J5JT#?u>CBy^vVmcCa0^Ao@tkg-iA>ivlB>o*=H}FH
zbQ}dKuuZ)Mw(Nm}+0}A!T+FkbwmJ=?6XC!9-4g0&k$1#F%SsoLa~MUoF^&+&ZhN<%
z>1|uDQ2DHUaPD`~QS!M!G$Eb0zG`=}cc(X>7jqkXPp;+c_4m)SLVJ6MLi@I{(j@cT
zcphj!pIe8bmh2>9l0wd|FL+@VaR2Wx21X&2G~a@-9B9q#UH@~WmE=47#?z2j1FEW(
z0$tRXS{5lbv7XA0EhfF5vgy|z`<))(B7+C~I@pUi@*@L_x{EFA3%n+8BJ=a>h(Rie
zI<F_<$GY7oKo<*VZ#Ot5b*7pq`gp6ne{siV1mY<;c69RQCAtedPQaL?)~73f#NW1o
z@ee53su8snp;G_txLi+oK0)C6f>;-D#Y-~YX_&B3P4Io?$FGe0QjTtdANAMX2P+ud
z#W5vIU?7_at6fjBF36z^;t4#u4w+be7=6)Gfm}J@uj@>3D1=b~|M{1&U-m9%NVo2`
z-Z>}qW+M#Rs{%5+U*gZ3#nX<@^_SI;!T&7h4WRZ@)#<F-8X3hRVA@TZa5!eRJHUqb
z@Obw6Ws~o{ofD3{K*HQF;OQUd2xt`(S}&f6lM{O;`=zS8dt(}~L9CNy?)TOIC)XhJ
z<V1ycCkjY%rS`=8p{`=HW0F+N`_F)_<lTLJZ9*98=}?5JlJV@?-xF{Ds}}&vjC!hw
zh=`xy82SAEa&h%+dsKlAjP-w&^_1c3#L$aRv0ClCImm8r7X+3yMHXBBYleVm(s&S9
znucT()FEMEO2XU}!5>-8X5_Jsi_K<PLtV2&sZRfo0HekeciVEQ83H(Ul)~#JmgUf+
z+x__@V%>ZwupGL+nDIj+h)g1u@5S4-czDqNDPfjpy^D~Q72{eg;?wrXZNkTn_I5%l
gDzR7G-ARu~v;M5tQ)=#Y&w!r~LXv`o@3p-DACSxm-2eap

literal 0
HcmV?d00001

diff --git a/scripts/automation/Radius/images/task_schedule.png b/scripts/automation/Radius/images/task_schedule.png
new file mode 100644
index 0000000000000000000000000000000000000000..65f87181e0df8cf3c9568885861508d35c6b9940
GIT binary patch
literal 26955
zcmd42XH=72*DeZ(bQCKBQWO!85~cSpy$MQ(C=hx;dJRQXM7oqnN2*APbOQuXn$*x+
zXwq8<5C|od9eiGW-fy2DXPj|<?9CV<H|w5rtu^N=^O}WlU2PRwDn=?IA|hHfRV6(l
zB9Z_iBH|?qGD6Ghf&L~D5mmOmqN1*vq9U8Fn~ROT6NrdNH9RqiTsMCFW-#WgK-5Hm
zOHaXNz?6vl6FFV%B@u<IYzcHE@=ejarA;PuSBRNv2d<k@vxz8Or;Z4IKXuXg`jBVY
z^X8qv=M;7LC4?x(+PPPBS$01`a=-UB5tnteY63|YaqNTc>tP4q1hccPZhd<aOuQES
z`nXbTlI9AJm>3b8K+zdLhMY(!&m~2>^=Kb+_H4oTn1-K7_u&uMdK%{kKR9Fe5_qoK
zk_3NI*pT26c&tAe{ZK3N`n#<XZtai1`njW1e*p$%Uff|J%8D!9vc9B}Mnq&xTP9fk
zjZ*dY4#{i2*HR&LzY6`#_4EgQC|H%p=(exik-Cw|un!fZ42odjjOzGxPt`XcYX9Az
zN<fJ_E$s{|c3P90uWIAI!XA;vg`<_Pq;a$HjvqYE<Bg=INdXbNOa!G|<7oI*(cQE4
zE*ZqqJ_xK8<#_l!Y5wB0lYN?|*BCEWuwKE|IPK=$o*Mw%^Bw^eDX8Ix+x%6WJL3Zf
z@bDLL6=@vrDAE=q7j)0WSuYow^HRo*AnA|3As6?Oa2YAv(7=mMtJB>r4}tcWH2Be>
z!iZUSB$qu{s-a*sP3PMXFkzLyheMq*=?JSIkc*2f)?J;}Tu|sm(<WuSxY`czNs{OK
zN@mb>?O_PtS0c9f%yjYL*D5JoD!i(y-PT`YM_X;bzA>vfq~W3FVIs<(Uh975qmdaH
zN_R4m242$^j8lyrNsH1Tnibk<SV&xQswG)qEWFTn8qIUXwr8wQKj@YmX?ZZ&(_peb
z;<ruL3z3(^h(%{F9?Q{DT<Cw!F#Ad=ma66XMWc%&p(MJb)vuVdNH#8#%khbkM2Fmb
zNoGa_{qEUE?Ho$}oGvn${`u{C@_0JZUu;xLZ=SMgsa_TcDQ3IBK;kP;tV?m7wpD>L
zmhOXGQ5LQ4m8T@n<nW&)R_Ir*dl1)B?aA+F-La$by8wCn<RL@;_qDGwPL~8<+}yYv
z_Fdx_sTgzb8|<&1m*Qr$tZ!3)QEz!3h)7X126O5XJyz&{V#1|={n}y(l|pOQ+!M<o
z#;13_&^(KBP^$V=t1J2>^fUCcjva5xdz&n+er-FThgeF4whBz1K8L5TYQ@Hb^XR@G
zg>>}k+fUDj9^SvDLc?_JjapN2)Ai?_55pdEK7u~1dBpy4--tIUTDWP#3R2cTc5g%7
z>5-RcH6<z<-F(T4^QBlCRWIpsB=ry1m&xBqCiy2{O!}J1I+N~S(fQ#xSF$yIaI2m!
zGYrr?I*<H?-$ri5lZwA$`5s57G<(I3!jyuX68xI!^_3s@o@Cg`dE9?{CH~!d_+pFl
z9LJpEoaxo@TrD>?zPpsF>#B>nIk`N!cLq4iNya~J$Xh5R#fru|{zNbMFVtM8dYn0@
z9RA5#Pegx>i=I1%n-%m~z(&A{A*0(QSv}b%IWXC<oYYv_IB7#*+-zK6e7;=N8rXSd
zVRun#LCno@;lZMI$5dQuY(b}KCwWIfCw<pw7ci0aSrhjPj}Q0O^_?4+xXhm3%Fq5R
z@$~WoXl;mJtY5f<Lh}HPos-Gcl6PLOM--V1pXydViPY^jD1ItcB&Mp;zqjh-M+Koi
zxdjP6HC8hZ&ucN9$Q}AT1lyJO%_vV50K#?QYKPT3wm06shpLx%iX`4lRQY1}%xd`Y
z7oMm4pDpwt;xQsfdlqktU-eel&7$uPZ4P%Fc!n>1_AJu+?D!e~Ibz7W5co8xP=55~
zpy~kEuvo#Pe6?YZ{_A#04jH2Xy}H(4Z*fPuDRWwxX=rsBYGhXdi&Px-P;!!Hk~(#2
z__#|?!V0g!^uG*#5-cq$tkd;QbPnBwNWWsy2Rv~puz*gJLoS@Co<tq-9p#X9k~xK%
zg_4Day}hnz*zD2l&}^z~#Ge18yx%#;!fI@6M6CbYz`<KeCrjJA568g+qO5{5FB)D3
z?j1|!Tk9v;C)tOt#xhLtHt`~hTQ?HnrM{7eB3OQ`%gySW+&9VjSd1PR9T_hfR~t8!
z2~^LSJTsXp&o}Zng;hCM1%j<Cn`_3c+((lf>iWELz+q@ZNq@;Q^PH)Vh*C%~B=Lm#
zeiTDDuZ@Lklh`-OVo$O8t&aZQM}ylR=QFkQwL7%;v~#FwZf?=vHhZ{HjP7=w#z?LF
zcp2_FzAUivWwFz>#0xT)Ki}pqxqyoVwWwP%+aTO(UeecPdYsMvS}B{znYy;PI&Zu(
zKA$&xWAoXsy)jdi<oCMo{*&z^ws|^rfVR;Y?^FzPwM1%HsZ|Vq9AAQ4-{r)I9T^_T
zQa-#yM_$SIn*NAyvSI5*mPOXXuN)MlWuevN(o`Z8+LvVz6m?uaPZqNa?j+qQQm9oZ
z{M4nmt~e704+B&B(>dSbr^LLAjWW9Wgns+ZfMEGOw}+il4xU4McEfh^9*#8p_wO$0
zcDGo<S|xAB@RphDeYJjG_<dj_&k$P3uVL)v1>bP%-I*`@IQDbwXbh0XrY&rHH=5b-
zhG_5J?B+tlEPPwt*DAm^kn+s9-aSC=*zT4458UfArO}r17AVPO`8TtkA6y2eb1!$u
zcL;aP=-<^((c3O8D=c_T^~3swZHlsqmr3SNrKfC+n%<f-aWeckde+Whfh3zsn}OI*
zpG_^f4&?<B7C$^o-gAB2@_v4NXZ**;=I!}3Epen9!ac|$+@iyLyiDD3_~@Bpk#W&J
zEM%mmWYwssLL><NQzFx|YCU{Ce)KHGHqP+FzO&-O+v<S5W6#58*@NRgT{e9-{%;li
z_Vd%M{jyYn8{^gp`_X)tH}yXpAK!codJKFIZygORKQ25jz@*NL?mLyC%58bPie9ca
ziHw4)ICePT9L*?tXBU1@!p)=xR9Qg#us~`#LNZ*ELz2AfLZ_+s>gGi4y2fM6R<!zl
zXa0k#FIvx7y|7;U7+2KbH$#X^|1=U$ir?JaAD=NR0h)Ue`LnGz4TfGJuM4y}HS<>8
z)9wER6aJC%eIj<ER{~#K>sNKeNBc4~_r=E6hh~I|R7|BvipZu*w&)G!iz*x{nP*q=
zT}_Y9teD%A+nID$(mzY6NgI#R2rmo8)ZDA4saCGRrSC`%_b&~3?NpAhrU;tYK0rRm
zm~xBu;Xj+)$HJF6Cmy2#fO}@QHjSpYXDx?XP17SJ{P_=owQl41omPH>(L<hI!(KDb
zdcQSBtVx$=-FnYd^%Q4N)ybZ9jJXb$7SB|IxP$;hsE>O0>TtkstG?JBK3vIq%>|cz
z+SivS5fux)v*y!N{r=qh7Bk3N*~8~kirvjWRNP`ZS&F1fPkUBs^5yHkS14vEPU$FQ
zO5Iwz)Oa90zYkzP)Zy0Y%CMIyVya@47F?1Z!3S((<LI;L;{nvCv1d7JiNA`j1=XI6
zOS1^e?3f%M;Zx^o9=JG8kJqn%q{#3&mf1U52>TK9fYnj<k*p^q`uNz%t(ATfx&u=N
zq8bi^{12q}@ZMKcx|3Nh>i&E+KTqtVe}RaDk;nl+)Y2+gv0Eu8h&>YuIcpKb;ws08
zbq6oW9Y_$7Oc9NR*-2Z+UCCe!`!Px61m-iZaL4RM%5V_p6UEl@krW$W$gA|6Wfc%?
zJj>e*a$t)(5<LMxHi(1EH8nK}pw$3mq-LX~Mf8C1OhH5(W=}*)cp@fz7zrODq6;71
z5|I<WuM$2=StNhnk_2R3`14G>bWSL*uc)R*_|~^_1A&~~?OZ%EXzpDmbTwlC)X2j~
zOH;zi1<e1#+QkyY?*o2$&O#*RBSClsgFIfa`GB3A-6eda@BXHcAUvNp1Maf@Ch>5T
zzH6kV%ckh!24WN8f5`vvt_&3$8=I7ywT*<HlJbAp34cl7we#?JDFFa@dwcVH3-Y_T
z*#aJki;Dvu3IGHI_y`ny?!L|*FMRl%-P!-?<WE0JAa^S_`<EW}F3xP{{l2ht@$`_s
zd-r^xzd!%X6Xaw6??}$>{}GEIAmIEB;1T~rz~8<JtWxK#61w(2ASYubdoV#ggfV1<
z#6+Zi)Biu-{5#@*aT@*0DI)kkIRER-|IYc$9pt9y0wxUUA@lFb{Abwze)%6pDZshp
z|D}n4)cm`Zpl2B>DZt+~BfPq%{ECQ3jz~>O{;3Z!dWt-aX&Aos%Wz$IJ(^gtNobym
z|8<`NHM1z2ha1K_UiXzf8H)58MeO7UQiX`JvQ;`0M#L?8^%Xj{JGZ?3!7o)c!-+%d
zwo4m)RU`&fCE25tJ(Yt_cr{YQ_rxnEyphRqmZQf<#RqxNDQ-U$W}*hvHhyxCB?bjE
zH8s^o_K0BZIJb@f4VuofOBBWd+a&PKE#<i7(gbvdxRFe)*JssZ5JTgMu)u6pf%OnS
z?OhE_T+V*u)9Dcj$z$m8i*eektc_vaw+?HREVLS%tIF4lbUKZ_j{FzLOl#r`DvR$r
zZ;wD1J}|@LiD6Q4T%!q~VQ3ko@YzfVG;d-bf4LOeJP*qq-1Qp{oIabLU+lmD?F&%*
zhOo|f*)>P?N>&IQw7_-xSa^-MVfamARy&s{Db<b7yGUi;n>>}_xquwGk8SLBrlCtb
z>~*&NiO!CB>x0qI9Buu4Une^|)!`gew->g4d#6=#u?tYb=D3tMa1s{30Dp3A@$1O9
zVql|1!@(T2ah+F5v2lg62zX*a+{h*jt5vzbm9qfDp7LUx;ZeLk+ZeYI3(n3uOoQXa
zfK1i)@2HL=j*5k;#Gaj>d9co{nVwkS-q&e5dZ|02I=<SyGt2jUF?nIuBL){rz<^Fe
zmHmX80%-vLc4btt&!W~U97`$SIKrzB{@Q-fm^U~JTm0m%@>6k~gJ#;;4<TzhjaNtQ
zn<(S+jnJr_U_gnC6VE!-fmNm|BZ%*^>^J2=0Z6S=)f_GS@W|2H4TfFJD)EU&=6m|1
zrJN^m6|}^pbQE>Lhl@<Oz#%<+XbM@6VN?U&e%&S&e4km;E1@@CQe%H}Do-)&Qug=E
zX`#kLW~RC&46p?`-b$r82k0CFmwqsx@iEa}*+~vK-fl17tCr5QTIM&nW1f3rqcyz3
z<9Rojh$QYxpDgjUb<S1(ZQB<UuWTvUbiXyVMKM{UQ-*OTgE2{6)u=$l>Tw$;$+5v;
z<Rnu`pU#=uWXkX$s!b=U<BO3b!$Y6T_G^7*TPYnOL?je!eacOwUgPqa4cHV2SfGrU
zAjwbmugSu93idZmoj6SQ#*|Ot8xZ4i>+s#pDM{hMf{FmzqfB@Wsyu#UlKVb{jON~0
z*M)9pQaU-d&%uIC?lPB6SPtprh=_0Wg-b;JvZRgLSuM!SpOc(|QXPzx;7uepzP`CF
z^)<$M`R(}(bQOqe^2}Z#u9E0qC!xqC_1YLVl{s9{H?DCuf3Ok(!HwIFkOIwQj#k*i
zg+<hm%--6dSxN%qtf5>ebR(<HWtuA&OEo>IIXU1UQG<T+_0wfSuf8FRto-pKT1?h;
z=;{jOyhhK~>hQPpT93kjh|gDuNgv$LB7TFlSbI-tH1XbYVB|F)fhmwUYBfzTpfFfR
z)-NyKQ<z_rl<r+=aPM7lOx{KzcTECFxr`S^)aU4bop$9K2}J@>&PpP^TX57~D24M#
z+}|&eoWLO`cQK9l9hrOUbY;C>g1(bvXCe^4B*bGVoe)8g_~1(4N9XyrD6gi1ReiyL
zK!JENV$wB5Hp!R$qvNPostMVVY<o#OI$lB9xBHU1V%@IDWd)Gf=;^Q$sE_XcM6-6u
z#2&iaYGAV;mmdSq5;9O2HVA$nIz>hsm+rNBBUg2YEm%%2#EqQIB=D>Edyg>nC(5;z
zYf|nKw)^eid}OZcQjvC7;SFL^2jf}Oy2}Y_`p$`%faT|-HVr$ST>`jQ*oAasck}%^
zu+X;oT%G8o-oY5|hzHOSA0zDm=>uLq{FN;GA%ee7fnTgTViz^%?&~^%S==)O?mSVK
z=m1XpXjN|vB-F|tZH2C;-w4Eg$72d6emM<xw6o6FaZF??4B+`czNYY@u>1O}-v1tT
zJ^bTySQ?sY@>4KF1#?<R8WvvR14H);NvRNp9Np}D?lQz6d!2Tp+@)4)Un?y@1IG`9
zF=hB~iudD>53vx?!*HRG_?;raqHLf~iV(OV@fdP?*Z1Xw`wj-#5X-`R%2&WLt#8s`
zb`NGO|0y$-%$q$%!b}E;xZ@dgGHiHay_cwb0YKYyJne@r*Z9I5#_F4(>5oI=*27pc
z*J>yR?&uDZFb03DtN3IQqUIGl-<^X*?0^cee&$YrFt@HMX;gDhxtXUvKM94BzML&?
z^8gJ2zmmDOu_^-_mleGdh1N_Pec9xF=^A2xRkVq(WL?C(4YCXiiihB2b#L;Y$Vmu+
z?}vJ$0o3%uT_dL8JLrk3_+elmum8S%LMsOGAVp>dT|5}{ocw98$LNe$$Ki)%!j`=o
zvN799$}^7A@*MvjHJ)*@k|-;gj;$&*tr5?Z9DKSCw~xX0k0+V&!*SwWv*PCm=lah}
zN3Y2IP4e5k?)N&b3=L`THW=re4Vz2bx-?$EL1Ru&lAQ*vc*cF((Rmus-a?$$>ZF>4
zm)!^0DCGVOOL-I|8t72abuE2L5?kzUhPx*c#VV?NU+dd<3(H{@#HvWe&=+J+kJF$^
zg}Lqi>G5O*j%Ln6(W@ff2Edwne8^H&(kszj`~r9NrI&bqg9E?5ZB6(nMS`MSD0`zQ
ztg;tv@!g<7A`P^lk&2iZN=BFiZJ`>^m-AahNa?tgn;3Ri1)M(#`sX{JtJPM;cj>{U
zc($1wi>yb_N2eAd5_v#He6@A=UCM1vM4XOIyw>`A8?u^(<E-YjB{3U5!?;z1_l!M~
zC>p+EDS0rsYjbF*pW4*rG}um`5o91lHwZGS;KkRBW6|Ioqzq3Y5bCJ)a;$o(n~yUi
zz(KiT9R{D!et4Qqt>4vPQiIJ0_bsk@+W_c#khCFRDXq!H$I-~?%o7PoL_=?48-tQ~
z=5nXL9kcUlkBDu0trk!cbKktQT>+I+#EZK_xY*@MH3JG_qU5Riid<7Aypx6<N7R<J
z(>Lz21UTfMh%IFV6}+$aFfx-6tr|1L<cs)89k!Q)Sp2W1!VWNJTIis|Jo*iWy0gRa
z#X>M6(WWimqjj1rcmD?=^Bs~w{-)DGL50%#wj!8v4Hv8sCa3qRLm<MQt*|EavN-RJ
zq1D5nUQ~vnS5+ut<M*M<(j&15c}FH>fv*JD0wn1M(19-SPOqdmShOYTS252hHURxI
z5elIoTr`hJdO>D<1s{!N1}~khf4d*H_n8$@?!4!)IsnfpE|Y0Bb}3+y)WnTDUWRW5
z@mFEaq)$ogon<v;*2I2jyKwFtxF8X@xH?RIj};7W<9_8$a=)Np5TjTM82(DkTtQ@Y
z_lYfG4+)K>y7^mHKS4crHfc<9AMjSOA^lLBP>k+li)SK9yx!OJ6TLY?*7!YYCacFd
z%s$jTbrh>GaV3|p*H5dioHgD4SY{vP+_)HbiE!T<HZg3h4wSn48tz|2T%<bKb;sT8
z&g3-p!0=~6$^@R(kU^I6QJ!bnkEzkfMM2aQi|3NYg@^8e>1y*;-Cru~ZMcVXg=1{&
zji5d~ylI>3!$md1g9iY~WXgx0g~C6<D6s#;ILql^=7jZV(-Yg1?yD6tqhP-$@5e{(
zUt^*p*dW=E2+G*Xj^1Tw^S+bTX~HG##pITl><IJ{?;Q=?NL%%dCYTFrYHM<Tn;`C2
z4RXYpfuDCwUFz?cx|G2KYUc!valaa^_tu23x<sL3j!bISPmM9hQ>Sz`gLW_##NGW$
zL1gDQwz&li1St&f&0p>D-F{8xG9!Je<S%Ym<0!Y1_Dga$D|91EBUGLCA*Oygus_d0
z|1JDhOO-;qGB~GWdCVzjI)hsyRKwiDYkK!sS~>>F^UgDWQJf@?u8*k2h0gNTZR|?H
zX@ETz?OoK&r&B6p=jSfE2uFzEyRAwEv{C|M@>!Ox8l*N<h=@t+Nq40rPjo>rY9Y-&
zQJY=3#p8uZ7W~0{%zQ~n$<DMtrlWzJIZ3e0eR&<$z{_KBY>J!45FKuGJ;PnR?Wdi|
zk6r7Y9x-+1cWFFLajJTDS$vjlUnkNlsokA$Gc*R1alZH_exY2iYTP*g(bfYLUr9$!
zjKyJ^z0bKWuRq9=2l5)!dVdrJLgc+>Al`M|a)JR9#I$pMyJIFSM^hKd=YU<gGuo)G
zE94kJ=+W*6n2b4pQ0<w_xLa2V1&)dtJitDCCl<rUHWL_Q>F8F0Yn{{>maEy>x#;EW
zsnRiC66B;v6tYH{ATZXo`8cb{L+cLXF8b@dHg0)C`lvwGCIGrg$(jDcdzF!k<qB6^
zFd37x{Ci4;?i^D_@GECg`(01z>2lgB&GNxp1%5Sxm!$3n%N>xur#h&tlSEH;HC$$5
zXy_fZB>i!3_C^bQFC@5Cs}+)JNVi-yg}7dQ4il^RbUm63QBygd6iUD*o`>5LERZXH
z@6ORyEFay$?S_q4K2by@t(0_GH<k^5(%88Q$1$B_*i5+`i%&&{Z(b@A*6PQD=hNSJ
z`*miE?T_<mizv~`gvO^$Ek4~_u2O8e>?HT?wjH8P+2*Tzc!CmYn8*qH0QM$#PoKq}
z0RKWvZqD9rFkxYycq^yZM9R5z<zqF;Sf%g_YQij@lTsW+lEzRZJZU0jKeXANOnJUj
zi|(3EG7r4tThTQqOrQyt^B_=V3nuO6wvj$yb^?+63%AL;pCe1sFI=%#wuGHb3|sSc
zg-QD9xoqi-ddqWU1$OBOV!W#+q6aJa2dpxmcXKW^8)?98(*HaM%e7pjIJhg*<Z+om
zd)^zJ-SKSbWv4et89WW`f0_sayrZyls&N_@s1uDcb%y7iEDY+%Myc+vkp1a3SZ=vD
zy|u*`_n|Zp{q}H;*5{w@&iniUn2p4Ug#nJ|)h_>O4M`&*4G{Mo3qPOI`Mh2O+2%u`
z%`@pg{J+`{-XH(^Lh%=a;)k5VLN!LF^}vsc0wzM&eor!FhhhkFFY9|oM&DQ;9ipRm
zWW?a`7>lGl=)_hi7XGI@<*e;e|1&O}_seSM56zb(yS<xpgamK4KGz{1*mdkl5pHO&
zGPt&;2}-cF46Rk^dBd=pr9yHJ)<ddE+?RWAoE#vGc<)Ee^WOpiKS}!IHmbSZo%(?d
z=5=0G)E#lfOWu&ZVMF1WHcO_l64M&Xh|dHw(rGvR<=ItSU;^VK2mXB7v{$-o>~D7H
z<gzR-${cSg5^#L_)Jb-dhp^?sTRHeevEIoyIZIcoPQS%4nqDCc-ATFeZ9Y0Xv$X&N
zdwek<(NRG7+$8=Z)AhSwM=kt2V(%z!1OxmGA6&otiyhtFk9dsa>1<$?0KJg##)92c
z3qnCV10%a48GkvST{mhBL_pLNGH$lg05d{viGT{7K3a0TKQmVLJ^_xS5%deMrj1?Q
zX51I@s+JeH!>9gk5YWZlV>|PKp7&<zWA8Y;JFkqilK8y{o35ips3j$RJ$Uv0eIu7u
zjg*43ZzjVxryAS#OR<~uJwK;6Fjdj6`^}E+!lxmV0WFsnC706LpOiK%Pb}+HdlY8C
zg%<lgQ>ho=Ey9Q2J7IZ&7uSj5=jyM$!KKqw(0B`Xgh-Qe1UWp|jtkK!4o035ecZBI
zcLG8ct#=Q@H1zk~7n4Vp(W8YN=H_$gzJ3cbncaM~5Zw6U7eg=e?L4=^JE+{Gj{qMp
z{g*n9X@Sz-pVM&Dd#A5NY@2ebaN-&nz(ZSc7wFDy<%^!0G4LL5=woP5ti)17ZC*~d
zPeWdoWdNra4q;$Ew19V9EPDpz(3~DqyeXYIACs{WXx-?A8yCG!Nmw?5?;xMG+gRwC
zw778=cPB<F{tCry&-o~~T&0yS(@BjTlkzn`-zL^{>Mjp=GG@`jjowOCb)HUstD6&C
z&|bd~i#Bb5_#aznC)c#~*8GY|U;M%yarH3GvnTB?6dkB@H)^k6EIx*+;X$KETl`f?
z-^fVmvUn*0cQwA-G2bViN5k7?piD6@eT;}Z4^=9u4Q#Hv@fq{FVETc6shM?t`|o~y
z93VgUO0(peaS;AEdUbJZ^{%+DHIC9vvlLh<fqkCj-y@*!Ch}{ETUMJ-p4oSO&ZEX{
zfkD#d^T)*p=Gj7BKSQ7o2CMvJ9c!RzQrSS%$p~Ov9Dk<AuTEwO;lB;AO?KJ-S>rNj
z>bC71p8P$3{(cvV`h)z(iqeJ?5Jpn_Lu7>VMD^XXn>?y1+hY>q_C~C$(#LgIgFKX%
zKKPI9tbDW0j4PYcNvLZK)CercFNK3<HyGHKZy9$T%xCEI$}BOWHvBX*j-^!#xOP8c
zQ6eSZ`wQ4zl2c0ucOf0_RqJj;6yozeXGs<5vMTxH(SfVT-imE{0sNzpBSp4RpJm2D
zr<&A)T%AI$R-aUvt=~3a)->xEu*UmCxVNe8Xlp9OwllTwQPEeAPVZ~PM*GcIyWSo}
zSZ2!RLj74+cpDppjlH{O7I&6Dg)bJU^g>00WFEQpKFN@BC)bX9mZ@EBOBa*!?P1(m
zQNco`KMY&*G`U9chI-$&hp$8P(a^?JN~&^oi4lO#xKVr40shlsgtk7nNM5hm8}yOC
z9Verw?EulUNpZiu2i=Jy@5m{rk2PUIY=8bF;JTROW`l<;PV6@%Bwl-KTdmb@hs^v*
z=a{4gBQx3CBu$14^i?*Fj>-5(m^I+jSN+liJ(7hN0vE-WChpNpR2K)-wA*%0*;J1_
z9eC-3u5GzgHGzvxJLr3XLq1m~%GeY1=>bbx<E-X#yGO_8OHTF~2hE)G7+vO(?C1AS
zFd*bDI>@Ks7_yDOn|XpVBm;&|n<q#BVf!nbpu`&i>Gn48B$2K(Ef-XU5>9hcO|%P0
zpORec(lI>Zln$w|;q09h0^V$NNpDZ$jOo?Ob6&c)=iFX>vY4j+w2c#T)G;esnn2m%
zzMeGc0r684ooU$HFMzsYh02g0?FBHk?AE>6&o#<$ZkyrFC5tlaH`h6ubym1!(|02q
z%ImLHR6^5HqT3V5GYMs_v&4+?s-(*RNi?v$FW{+`WK3C=Ca!k<X~)N&J$;}TWBVg0
zqDv<5Rizew7k!rasDrI?|4>$&wH^FmdrTJ$H3EpA9R}Se*}7J(*<HJI<h!%-cHIW{
zsAtjO%eEJoj_LQYuP0?Z-Gc>nlo!S9P5=*Z(-6>BzHhi(507`)-~i_b(+YX8O~mBR
zVMk8aQ-ZiKn=WC0$=+o*o{HNj%doD5_TD(j=v60V(+QV|6e2g(WoCovUf?!MA+>-6
zP^<(@ZEKb`A-lCK*|C^|uhEKki4eXZxV>Yz*rS2d<O>SImec1hdh18jy%z)`obe@1
zTfXb-XlEC=nETC6zLHUq^iQ{UK5FufUSzb`OLF(;HcLZSbk@zUDK2IdA~~v$4t?F0
z0K-_l{i3Jn?Azy8#2m?Lgh=&7t&n+DQe4|<cE#}m%4#x{oR&iLm>&_jUSQDZo5oqV
z&N~b=Jx<sJM3Ffb0o4P@GO_Tb-azT&w?pL{5$q|}+W3%xM(>?hiDvi@T~$ZYt$sC7
z5BCHx@S&yl&;8K|r7yMxT`ncbMaH$e4x5Z@mwlzK2ytBaJfv5bSsrhdKvi2jiysZT
zm6EaDrT?~<6nV7wLO{hfl^W4nY+S5yrm-mz7_sXcYVvmYZK^N@&4fsgZTbaKZeNRE
z1F1p!2gR;^wee(+;Zpwoeri)D`I*}*lI8nEjv`Xy`LEhU$60`vWhURRL1D_V6z902
ziM#LX2@ciOD_eEC7IWikz%uW50(6gbOi%Sz7+qN2GVUsJht&$Z4wq&a?)Fw)J?pS2
z9M7w#H$3QZAM)K<PjXyHJ%R@<cYpZqpEqv|wK1?B?4}(3nL5MB1~DV4FvE9_6YjV`
zGn{Z2JU{zmRk8nEMmPi8`r#o`nk|(7#LFRa1KU{aDz-#^rU|Tkv9o677HMPJ^%kdh
zV$m2MKa=+HtkbE2)Fo<M^vs)++m2z}_^i)SuPbROJKcG?B>tD*wr*dweM6Y?ct~!N
zub0zD{D;!S();Go8vttDO5Cj&XT=S7j!enX+CHw;{w3Rob*$sC^l5m8<DmuNtYggf
zDt-gOtSGr|lYuIk*W&yYw#cND{h3BB5*V%HNO7F=NMiMiMhJ+H6SvZz<1zKF5g^KZ
z1ZFsc0<M9)q!cqud?RRvg8`!r166D}xi@$Wlx)(nU)F<Yv?(oCwoS48eqUNoD;5ee
zwL9_T!8n!1l~ktl3r2361W>>AissfsImY63E=J)o!Tq_2eA00AUHXRILbDa+ILAy=
zzv?@5#38nv=C%-)*^8^l3z2e}D<lMdIx^xY%x-?nvu|JS&?r?BqM9Vs_hd(w2Wq-`
zYdqsd3K+Ls&yhUc=OiLxVAVn)eaL63maD86-2<QERT|HM2OZVZvoCMyviq(70ADsu
zk|+%*f7Phh-a??PD8i_Da+lQ6xe7p+==xq=Rvpr!)YE#%qVK@d`P)n2f6hPTXwSWo
zvrNLbnzZ|6<ZIWc51yfjk(Dha>^F=H)*)_;cXw_jc-fOwmcIr6-7bfw=uQ>YkvW*X
z5Z-EOmS-y2tf281EDum_z?U-wtbfu;&N_-6ymMUCQVY=5SpAZ9@6S|;LL8`gPkpND
zrGnnnTTd}rG!!%j92htXqZI#wIU*9!b-P&R7-;-H*s$#Z7vpa{ef}$JfaHjlsib5?
z^h;Is`xEhifGU%`u;8P=GuWZB%Nm`Su!J0Es5aBOBqLqb0%`Sp*YiF8od6ZZ$_>U6
zi7wkIrld$&v%nnrna+J4UEyc{I3DLX_NhWs@$8ya^CJBwpFYsP;_99r`G3$YVF%=q
z7IQaz%V;hjo?!xXCx%F(*#;m`^=CTLf8Z!Vf}3_#GG2hHT**8P611ZxY5dIDV#$G<
z<zHDWNhF$Wdp5@f0|2K7!S9DP9{<apc;%}CLg{gBu4(cELC54rwKZm2-TAw12UvmH
zt~&z0h4UA(3V^)nfPe`qEpuF+`%dvq(px!mDxVHT#B&F~uVxajAGkO;e7F=g!=>>m
z!D8KN&I#x>lYY`ug-k9@K&FFvKyY}c8*b3J5$jueJdRIW1YwF6*0a!n$4o`W-rN&9
z3=|1+P4BS-8nql;u-UtBS>0b9;|h~k12j@Vz4<i@zg8pkQAxZR0Q|;;=w1q^T8JAW
zJh8}(tT$8cH$(??T||^Le)r(juGdnQu2LR3^G(~`)>ru04yeQQ%ATg-kHtvU^r`AB
zySOSd57&4q>)D*0eRrz52tf&O9zVd)d_$4#JxOhvW6+jcqRl}rFlgL=b8e`+^@F|6
z&)N0T8^(QUv(b%!K^AjP&X^VY$AL$$<pM*z{5wh^MFPZ`jo{qh?jpsT;NGpg-d{!P
z5qO%!c+<?-)!NsoG@D*b{Xnu4=P%urqp8r&SNmRxfe5R@rB?dsyI~$Hb^v!~g1_QW
zw=(e9&7XkeuN}q*-Ix}#k4(3Kwh8RmITuZ*UK+peZa;3Ktikt5ysK)bAStWjY_2;n
z-P!odr4k^<i=ksT2Ptc&hxQx+9X(IX(U`gK;^131=<2pS8Wb1dz5dZ?XXHp~M>2IF
zpLbas9IrvB4f^1mZ_Z7xpOG|Nrcn#Fsq-yPs(aSxA9S^VW<koJ6777V9lfYESdbh2
zJ#xO=(abGD818G+W^`M^*JN{k$T<~%FkVM>2=AxqO*NJDY^(q-eH%fyHLoxC#$oz8
z+=W%<lDeT&`$LZ~Y1{4zaYxAmdTzt$;mh&J#jzT1-?1w3=t}1pfy&!jnMdM}Ai@PO
zqZ9GUK7GT<HI1ZHKcGE?A1lNVhWaF`MO6vd3rsXOT)Tb8CG6F7;|(nr=aWj2n(dmw
z`_sq^jR1RwNxFAg!5Ph?j5Q5lMdU9+;0?M_-o-zVqY~5UDNIO5FjaP^^bNY>if2ow
zTm`Z*55;k^si18=p4;h<v^Ec6R@NWyU1%V<C>)~@K5rP1lZmBKZu*<0g2Y$U{JvXf
zy>R)9X0q|EuwJ*lgva55M!x)}QoLnT$?dxX4$W_%Cu~;szHLM83&mahu`)->f(w=m
zI}2ZwPT}#^xb3h4BuoIb;5P&m2n#f25#LKxVlcqpzYNx_0&ixSS~qu^f{c!l0uwox
zn+tfg7R+U}w9n900*5Ef)}0fa3&l8m2Q7BABPBIjyPn%`!CM5TWxPZmeg8dkf3=xo
zg<}Ro{9^f35UN_oL_45xc=;@0>>AHC@E~}+=0R;8P6Y+U81)NToOrRMj<{ZJw0=4#
z)^GI_Z05#HZ=%!ugu!Zi?jk!PMqdji8nZnZc;nbTo~xfxBW7N72Kg2WGH5vW(0UEp
z#p_I53}(>ts7e*qiq5gv6Zh3;HKSwp$!{i%jVEraILks!ympdYsUr5KMQj0T=?&RM
zOe0TA)z&bNR8sXZJY~DAUE|ISIOBXU4$j;>q249&4C<TN+g~cz{z=6be7uL?9leG3
z1@3U_JRtqS`5d`ryu57;gc(!`=M1H0k$GRhk1uoYG4)LcvOBq-W>nRCo}^n{T^68a
z<+cT<WKz(?FQ2YDK~JDl+wqIw3SOs0_)_+j@b9imu9u)yCmw=Dc8G21s^^hrx$?<L
zs9)r68+~5kLl9(KX2v$sI(UtjtsTpO{Mn32zbDH))d;>@1TI`$GlQsRe4811VT}St
z=MR}3YB54~^^*h<hAigMjq?lDg82qVVZCF6mtN|JfW3T|JgX)VG{?7je(St<zJ+jv
znCaU%@%>#qlIA!^TU4<?z{%uCf%=JLjBRt59u|Gp)q;dRQ^}+TBvmj{1>h-72%1f9
zsFn5`w>N>!|17yZwIuci)Hbxgu+XKQc)&gg3cv9bx;u2EsHbrMhOMdF_%g~i-4wld
zx@H2cu)t1s>8;})%q)2Ndti}|+8Sn{lWPQ1dxyS{p`qnN>7J<P@X?2WYiVUZ8ELK?
z59=5p$}F7Qhk{i8*EW1=rQk0h4sC@!#d4*WOoHT34}y}$D_&_h*UB$ti2azM+<|w}
zlp{+n*OFq-M(!U~2Zoq6y104ul?2or_j<fZ0PXlLmc2@W7AKF?neeLv^c`8&0fFHV
z9_E*+Zj&rUzcz<iYjAKdcCALRWRE&vJ8gKC@34&{U0}b$%_s2-7;b98<bM*GK9fWy
z9^K8&JK}btPaT~UXRrlv3y9;j5YT6F{%Rn)tB`JjNW_bAR|WurV2}70AcY3)!CrTC
zUk8ha!G=wq6i!P<HBeTYakQIPOF-QGG8+UAN_ni0>n;fN&R{o+@_|7?ehj06pY|_F
z{tQ@AKI~z491LRS?1HQ@tV_P#vq5y2o%lO;jAv}G^VMw%%SxkcdvvRfQwF3a8mCx0
zW<+2zycYLd0v&^QhZnD=gZnX(UUj~U-uZi`2E@Kck;(V5rIHFuyxM_w@AeFjxf>z!
zEcS>#PaM*?QU><TpDuJm*|Dwy4?a;)GdIsjyHOEy4d%M-Z)QD=UQ0}D+t+|qi&Jko
z*b2b#$hQ^2#mgy}C?1f)&iu#S%e<qRsl`qVfY6b2-rSxs(DhC1<JkG15>YP}!kHI8
zv6?3y<mdr2w?d?ZUsShfe`#V(hHqfeJUb`C1rBaf`USrhG}9)N+Z%gs)gb_@0@c`h
zUD>@4WFcRvR-V=R)l2{p!8$X$+7qUh`1FKR>d}-AF<dt|cbmLDA34+Y#wjmT08bVU
ztXElTrG@WUV=7Jsj#smi-H@BmdoouQ_c^=LPo_%4-MoY3v=31UN~y(O>+m4&+o<vB
zQTsKC{XA~1{W(_az5|3FSR?%#+9}kK^(~NX)R=g?>Hd1fSg)TU87BVr17Qht^X_9N
zi^FtJpTtGYc=J+2mWnjXD#ux*w?l=sbifYQZ6I_;&Fom<q<uBwd79@cR=v)DkF(C)
z0){vuD3?KKzrN+xWkz<zQxE+ev28Jt6Bhb$^h>N;eg})}a>K@QU^D~F>pr&j)X92u
zKA_}~MVfQZ9h)=uGKQe!dC5AO^<~6tEuyVA!TeqNsB1z24ei(>+Gj0B9U{G4Q=t#j
z(hrbbDg@-Dnc)s`H;ztC?CN$BGtD!gK^c#FeSiY=$<}P!Bq4SL6iFzWI0A04o*jhU
zIBo^?rir`FhLA6zw^M{2ANYr;Oy9hbDF-`B@te%veSD*pUX3zIPG&R!@5u7Rma6tN
za|1U`y()XNb8My0Ke7L9HZ@%zs2?(&*wy$Aj%FQ!<8J6)R3lUgNRjXu6vsMG)sDZZ
zsq`s67XQ+)I^CYDACrF1#{B0q1cQu9=$E6XP{(CXz{qC@#k&UZ8#K~;<P|iV1EQ1W
zx^7NCc*rl+QC<1?=vT__>Rn?7cXXF}rv@Q2@Fo~;$Ic(cxlvzn+>`PPza-ko4M6Pb
zaisu1DBqX$vOGpzSa>TAc(!aA^}!=onYuqO8yRDV5}QP&EKIyI<Y&emUU}Hw2W-&H
z-Sl}Y1$T3rlLm~+$b!zR9~?~NpzeFAA}zJI*>J#p1Z(43ELk#kF5PX`m3|rQa~<k|
z^-B3Sf}ePi%6uUG0Hu;UpCoD0Z=uN;#^O-2wnhn&#ud4Ve*Q0D{FDT@$H=%~e750!
zaFw;QAQk>ML`<P1e?F|>fl#kwz*4J$_`-8XSMSzTgPBY370y;J`~m5@`y_apF$1#8
z(^`zhE+P(QFHKxl^XS1Fu95W~0aGZVztL(X?X2xGP!}QRe{x&K`CkOye{I(NAX_wl
z_qW%5?veeZW1H=ooxS*H3_59Il7^KiZfS+{x92cZfROzV5cBz6rE@-jk`5sr<!7ZH
z^VdJ2A+XR~viR$1^j~9}jhOy8!2ZWQVN=Wsfj#Tm`mbRah_5XRPoBsZ{UpEq6Kpum
znB3cc<qthkNTpoPN#*GNVj3`z2a!mqFZv@|+!aDL=O+yZv;3d=O<uf83_O13o5o@8
zedl-D={NNq`sZ%}3l~(ezk@}DxrPJ~vL1)8$6|i_e1u=G%?N`0f2N4C#W}=|jD#*6
z0G;CieE2`z6O$@%_4Q3mJXmrRRTv9QiTpDR+w9%vbCOYeMgyM2mV{cJe?+0<ASjJ1
z>OSPJ9A*SPo9T|d{==uFmQ}`>&LHjQA^asz`;Tg})=2d8H4A;1zFgh12Ve*Zi}&71
zR6Oio0}kC*$17|>4{~n)rkx?Fm&NCIsv4=+Jjqc8C72h|^R61Gr}+I{wg;4SThAyn
z9R5fUqJG}+|3WcFoOyU}N&T7nf4PN=H~J2=8$pUL-CK#HDFc7|`$9cr)+Bn8#>{au
zq6*IHG5AVoWX^P<2}k}jmm~bMFe21e7(f@K-D_WC+;(6S2`*!P$--nZYIB>j^}`2N
zLULU7`NX$fyn8`~_1l*9&)EJ=hn|Z8?9O=I4UVM|+r<qWzN=;FCVsDoelvw7JaD<g
z5!lFYbu?s#9Rx2V*T~f&^ye9C+I;)IP34{V>LUi%SsK4HwJSTT;Lh`t79>aHSneW_
zU%l|Qzt4z8`AeIKvwdJAX3%1<0#Qt&qzPKg+o~riV_&SkcnvgzXITbx)EnJ9KNg)_
zUwuB+myOD;@{}oYjIj1ug*`*#89K-Mk9Z|+69ac(Z{2%kj4UNuoqDK1yu+(N4qEhv
z{YvQl>05T0=B3)^gqXL7*I|&r(WQ9(eIF&3(Z+jwOSh0iKBCbHsK!9WHXIn5LhHeQ
zR$xPcIQ<a`NDL=;jx+fp=Dn1!WPbd6AIH+&a*d4iLkoyc`BEh|6dd`Ud1^pU0yhGB
z{M}k(YG0BDbPntoCQB}Og~Jf~Z%vmE@|^vM&=Ll3HD{jd$j@BM<gcl@j}#|l5Bg4a
z5UoJY{8HA<yN&hsFS3nn&6fb_Pv1y!7X?Qf<GyK*KXFD0@l~~)?eVpbX}#n>%k&+6
z21l-@$*8qq0)s4zONx@57hxmim)PI12g^}h^k@YQl87(H;88)hQ9-v*sDS!2e(A|Q
z$b^2#zO_z@8=69=$u@o8bM5CTm^p>MEA2uM-+X*y6FwTD)a$HD_WBS9_8ZK2R1UZ*
z?w4IJ4ikUUU}z3@wACmiwG0J42d=*ydW2<!Zq#;nw9=~Ng&uDREqOK)mt(-~YH9$w
zM<DEZszK>7+lXmf1MW=={S<G7ict8ngX$ejqq9goXI)`}r>PG~gWE$7DRzk47vXg)
zo9NCbH$Y2tb{X84Pa(m(n0T6@lgJ3{!rTal+kBvJuV8<KxQXdPMpD^oqnW!<xH;ia
z%b8OfVUqVxmsH{F+YDd^D##hw^c4lB!}$Sd>gH)M%te;LDc$`gWGAh7DSR}~)_(_W
z8U*xXs44EgzRCSOX^Iu`?CtsvJUThk)iuMcn0P+51A8XLqrR~s>737-@$l&quX^v&
zk{a^7#xcv8G+#$8lhG>OYJXSJrK5%%2S!0=FpUV%tPB=p;l9H@l&_<87O0)n>F;Jb
z?FOa{YART!m-1|w6sbo@ySw{2DV+!UW!BgF4#wmQuN~@ho<cQJ-L8?0h=1_geuGGu
zKD8CF>p$8R_mr@4p0@<co<?3Cqz6adV!vh*c;}=TE6&vGqe6yBUDg%px@>S12*q$2
zT8IVr|Bg<)q@rPEbH{tD){BbnmLdJCWv}*N@Gf2w<}3|!l|z{2HqMd!AX#k2Mgr_7
zc5EO|WB#a$3A@x2A9`6v%q8zU;K?HGx1a^(`A&#-E=Egk{!F}gAd~JeJ@2wpA?$t6
zCNhm<abj7s9h*&>1OW0&`{Q`O&<L=f+lmB>;Qi(2`FS2p!VU?V$pRd@iU!3-ccyAR
zE3nm-3&3%|!$l})wkc$wkC4ZP8KefDJWI}GUtlAIlHwu@{ums&T+*H5&^K8y<IF|D
zozoWr=*5WQ%Y-Nb9QP*6QHT)f{O3C5dLx&i!KCrzadMZcg@VjTNs1YMa^QDC?r&wh
z%aS{=J-92z<w5zEC65pb<re0q{?qVTo?sFfZ(mROYXTDVf`efRDG6`>*o2`h0uSva
z^|90z+pRYcQhQm#-hOs2DLd0eQIdw|RyzEDECrho!QOphc)<An4>##GyLavLmYd(-
zv(f*tL&0(-lphbYS(ASiRrP=Rd#THXUvvP>M#yq5SE4j6%Z%0nXLBze)*%jT#IsIL
z1zgpN_7WWo7*d&IeKKS@xxd_dNVw+DuUKjrWI`<5Q$oW=by6C(sly`6&>lVN1=TY{
zB}s`OCMKm`d~RXfFG9~pXVOCZZ3qT&jD){22$>G&zNKBdPtaSv1NDdYqGE|D3xDFw
zOG<T!#kQrS7Cra%3W0;{DJ(hJNiTHt_x)Jd!#}*by*LHtkvnTm`{lM&TqJlQ*GzV3
z#G8G_r|IUvL5qoaoq0FHspkwKEFeAoz*X9-Ei?I)y$M`r%54E2tQ;wWBa4d!P{pVc
zKN!<lw#@u_G4N}{rbGOw30b|T(LrN~aDC{LiKNj$kL!|p&ZaMOHr!|Crv)YQgg;eM
zQ3&Zk%q(Z>jQGX#Dx?l}?*<8*%tT3T?g6X^OA7o7GG(4^o}Ri2m=y>2NqF(Y^EI*q
zU}%1hMMqTZ_b4#RDKTi&xS(sCw(5+1aR4Op8x$&;vE6P=Ke`0fZ#;Y_B~#JLa>?9T
zP{XTmQMe}g)4^4LWiBiA36l}WgI?N!+uI=}tDDAxp8Bj7JOwOMz#|s-`W99{iAO9F
zZ=={3y&Uts%x1g}Z9TO(nXM-3UuJC7nF1?RjxOEea_Moo2}2jYUJ5rvbqB7y&T>Gz
zW_g@d&xo@HV;YZ&CLf+EseCCe@avRUtZQ*C>gqp??%CL_4M>-2LyF^{`>!4ZpGdxg
zS)rbcgj}<=6)NsQ>bcz<HiR>9Y?Ba^-sOo6z`$L992U+XdIv!h^)X^>bJUy#)A%&s
z+iFU;F;5r@*2SuA8@)jb%WnW71aoC<&ftm)D_oow#JCw-2(DT|tS1u-I?Q8`4^6F)
zuEqQuH;hj7P>r2vjaR1>LdKFaX~*Vx9-4<9j<he>OYiI1x{GSXSCqIv@>DxpH;pcQ
z8ZofvQ^l9Ako)5E?XxqR+*6_}@$FQ4<}ODz;w!|5({r$E?dWFn1$t2k8sb!&ms$Dn
ziANU@)H{pfXjld893gvqf}9+U>!RbQ3S7RfH;BrZJG)dB$JdC+YH0ZT)^u6V5iWvk
zp67`671l{y?t846y(69@Lizr5a|R0!4Cn<}i<uU|upb4Mit-?1V5cUVj#b+ICPI(r
z=re!$Noc0-t3VpNu+xd3gU_h15Nskn)4jSqEs@c*fSH$1+W>&k=om5O-hkQgmJoYp
zxfmoX=e#)Q_rx!HOlXcl{b+5{sSyG6BTnxR+oL+v7AHTM^7axVG_JPb!KioJvWfeF
z;{6%PX@Muh<#i`2uiJg!^h8+W@<j(-vQ=~{ZJArw$9C0W3L}TY5`qph^*fxn`=_Jj
zm%d4OcJDLq$9IElYce@x7bVuu>vok?ntU(KOh{fUXt%=@qeo*{lUEA%SX^=WzU42~
zc7BN0?8jMWQ0|*0__$Q}R-BC|pCugjtjda^f7DN7b`ahiCO^(DQoLrL9b`!G_D&>*
z6azm?wEB0hEvOx8SpTTOrs;lJc0HL9IDE55uZWEr?M#c04^bvoy~p<{_=d-ND=jQ$
zimytj57Un9%=g!DkIpy#A<QSD0k=SDN#M(3t2u1%7ig#6Yy7x8AM-BS_FnY(!m`Cg
z1r#2wRkO<wRb{cznVCL<t{O$^l`Yl|w-Ty(-{l97;#Iv|N(LX_?6pWo2oti|_;i2m
z>YHr3c;d|D5y<XH3y?8_z5|Gx>^X|~PIW3o7r^6c0W6h4Er*}1lEF7W39pXFnK6tR
z$`G&5y_GCxC}@qod>mb45`t%0br+&8ojh6>@U*aLJYA&@5DKpI@U-kkR7>*k<bwT(
zJ8t-QJywZH{Fq$gk+c{vUDHTo9F%#Y66RhZqr;pUv-=@4iXnC^ogHBt2(vQn@;fPT
zgY4wo*p0~;`rsU$nfJ7=zO%=f0!DDaWiGna$E<vCUdxs`fk?046Av^RDFj$xyy4Sz
zYx=b-7O0uZCm!5+{DhU1$Mb+@v-egtnpGm>W-5>Mj*K%aMqVDxfPTuzSQ@0Ovq&j!
zo-XMejwR{EJPTP|6;Ht1lB?Dh`*+HOWBZH8^X8EUU%y6(q=CP-9qonH{(NT?+EUDM
zHl`2YY@2kfV|SUZ79W_<DY0_>5t1_yVuB0APOQaS*t4*TatRkD*N&;$Qq5oPno?{?
zwUFpYoKCQ3!7`&vM)a4vz|AO>XXZ_&IE#Uvy@~{wnZ9fcA>YVHyo>>^?-wt>xtTu-
zpH?Xb&3<?9)vm|vvGUcWhBL(*vLdE2ZU}F2EOrta95|?442O^VMRwKuVi#f+FLk84
z5~|S7BlY#GZXCCy{VFG2+nM1X5&|+U9`Ck<V+t;`e;Abup?Ip2W!CNm?<|SFTJ^i4
z@y<hsA+BTrka|{Iu~C^qt>?PUGT6SO@yFqS2B4!U<N`Vi)xK+#B{FPqfBp6a;Ii?s
zL6JQz$>GILPbX;6<gxVK-@djS18Fw%7Kf}pZ#4?CBki82%Rt9{HRL^Y!ulA$A^Zk;
zw!&{iUO>PVX6b5*2U3SUH1i5$9x0J>+97VtsKp1OwzmJ2@aZ~-*dezPO=EWcx?Xe?
zbX#wp$J*WfW9M}v3CQ7*-@@ZRZnFZLToe5(`Rwq&Q0EZ=FSM@2(f`3C6d?o_3bOF~
z=Ys#HYNZ$>20A)AJ_5!5rIO1cyQmr2PD6ktm$d!{4b-{inhe#oI{!8}=n|j|8Tp(0
zf1@6G*V$%y^6rEFHVAVOctS%J;{ST6dQ@~<iF)zne;XJHJVoE-KdJqlG&iA!QoT^k
z_-_L(foFI&tM6}eHY<T3SKd%A?;l`9m@wnq_P3AzwAC^HPKSb&?%{U2j6gFzQ7rG@
z-aZnX@*hGbm4ts$`DYRo=V~L0`oDnUc~F%}aDesS_yHYZy?`Y*|HqP+k?^h(YQ6&h
zirz+0mqS3X9n0T+QA}9mvR4b|MbW<{bRa}UU~S~@mj13wD?y_-{{MH9+hDIK`zHCn
z((Xc}nojMaU?nT5)xYtlSp8s*sWhn#r9boe0U#*+^ieMP-!;)Dz~uiE6a<B*9Ii!e
zd55w54M$OkT|96QE+9kxJ$dh_zUDIZhvb?5nQ!nFJ0TsPzw*$%i*7pFTL%$pRlUN_
z>xxTvN&jpvRZ5SQ|JB@+heO%+8`)l4Qt{#yg*IDu5k{i2i?YRdQ;cn7Ez4L^Nee~x
zWv1+=F_!S!wb^Bvk$oxa5VD7G?iuFkJ?A^ucU|ZDuJfJq2iN7f?&p4f_iwp>`%jyC
znfHuiwcRC!kM9mp=_Z%}c)0x!Q(wpvNCS*{`QTZI`mcb%aksdon^Hdu(+1Hk&A0z_
zi_0_uaD0sP7jhRHMaDUNX+R^3KWLCUHzcY=6?@RBa|%{7(fCdaf=7uA508%TU8-;K
z7hsaof;`9}dKeD)%Cj~y1wvIWcqLcN8A8M>Apmi5e%f&=#6j3SG-y$lo$4;Yi@}rN
z64SI7BSGK|pR!@}A2*J(GXC`;nBWWAW3{#qBwxJ0kV>Tj%{KVh7VhG&3TNO+ffZW+
z+6s)+3tUD!72Z9xXXxdfy9KdVagh%mFdP|fy7Uo>(+MWg>gnlq6ginH58GZ+NV2_%
zg@79Zz*S{mq|`u?aeU7hqh9U)-hW0*u^jem8C^e}Zc-g9I+48(x&WC#h)xr6n#4?{
z*zhqxnT&V9fT8%AFu`+R^ZmTKWxpr`UMbDaBlm{xxT4PhW$rOV<wBG}f>)5IK)1l|
zlB2?aGB4kziBeA*ln5x3$ox;iAWO&W@N{SYoo-4y<<7xs{Ba4zDLhrT!jIs{W&0Em
z{8>1@uVoxPLOlZqS)y-+^Zol*$U16I9GBYobZJM~lEDj3IMki@XUJ=dB5ht?-Vf|Q
z9E;OsS*gf_2|j}v8%KGPIy8HWoa#)m^qj)KV!B6ZK7C<nw`n)oMKw(DA;2|<9B6~w
zm6Ic!g2Vrg6^LP{&U3OBvXI{Tei9><GPv}dM-`0_hA90G$Tj!p=cxk_r449kRndn3
z4_6$ssj_|=B<U=4!H+6P!L&e|G1Cc=dkHBB=8zAr&6A6x#CCTcjdD|nX<canh<Pta
zvYPwkuAuA*Zu?DEPVQ2ygjE`7D|i=)oO}?$K#3iZH@gp{=FqsNBScA0AS5sOq<NvZ
z{y`vlrg7Za5HxMzmHWtg#AzxxhH<cv0NTP*?wDvI6~TM#tK`6(h(8XJX93U_NnqR#
z%lH?mYQKS+Ku(Z@J{MsH5GX|w;6u|w=Qkk8kAibQq7znzJ~R!0D^fl8zrP9D=)fsN
zQhEh<j&$%C2A*w)Z2r#k+hGV54}mt&^t2&yQ6Z!@+UyDf>^wNZQKdXjDEM_6oIvaD
z1qj`*z~B4%&B`E!_d8%rp|_NBXtFGE7=b(EA-mWBWMKjW7yW$rmjcQHqIaG#1_{|Q
zT9_kTkHZ$R3eD^gq@Y1YoGcjeUszTZJA9$f<H5_;M>!$6{lW$0cJ)X5|NRQYX?W@W
zS!5do$sQU7nktJHz56ay9)o?LGwXQT9n`@OoyQWWKg)Yve_H|YFOTtLq+V?G;DAkB
zUnmVv6#Pn&@ym8%0J1O&0Lcn8$^BY8yPVerdtTqGeH&s+XYh*iert$v_mlI0e+Q$6
zX|lxm!*!`6!!k!fH`(q^`wxL-lQkXURA_5}-v2-6CLp?F4CE&I9jz5S`5PiB^R^wx
zo)-Vxv!?*jAtBrl@s@z?_diVHItQDH*{N}UcY{GJy`LMP{l^}H3iXUZK@ql870vPR
zFCYOQ7~^Ik@d2%Cdm#}1p><7gc;xq8RDrM`xUsnBX)^q%>-W$I)KU3Hki#wb!JV@b
z<A>*~I-rk(d<MDmxcPf$OCG^!7o;pxz)`;ZKI>Gb^8z-bse*>yh25J5w01H5nDQDW
zDeN*O@hJd%fK`rv*Ut_11<Zx*dY(D73yPrvxLCYoh@J;`Ie+R3xNfa4qy+4;Eo=aA
zUuTQqKLg?!^A8XcAMi{FhnU!i`*eP?Y6fjp*6oBX2xrScznbEO463Q{A_3{9?6OEF
zsPF=t7hV~Dc5~M_3NG6Z;7xp)kxGRZ58z!^T390YMUoLbr3K(cK7c+At0X(T)Aa;b
zD$@7>(#m)om8fz5{|1Q5H1M;B@rnA-Az^}3w8x4GbtX03%lZU0DoX(T@?tyZK?3;-
z)^Q4o9ZYFsPSFg#IB7h^9RCSILFYl6OC<^GfCRgTGl2n6Y3og((g71=@ZeuwfjK46
zbY1D^au>X5VXW!q`v+_t9Ua%@yOwRca;?VrhJHMF<2qC&7z$bw$pc;{QwK}KT)OjZ
zFE}7he4FDH>jPP(vkdvpmYkLpjOH9MEDACRsazcb>A0oIBjw);blz6Kzy@ELRg!D_
z0lFJqxaH>gmK>@&v8GMrQ7XW)=Y0IJae$a039r_&12Z%V96L|73--FUh2HFY$>!Ko
zEL=<xG!q?6UUmd$@j{e=YQB8|c_PYC^%EU4lpa^QdKg2ErAtw?$|9-c`SfR8;oeGi
zekG1?BJHx1ox`ScAOSY7bJDCho%uiQ=SYM8RN*-{SZT4DOY)VQB-}(+D<q3|_NX9T
z=w*iq=E~IyVwLI4MN1N4JNcYwt}Kh1Onw)Dp7agAN9)A&HV<C&S}y?$uXd4!b4ar?
zC;EI($uJy+=fG;m8dK7z%L2P(6f}$=^Pu9?5)YLJwFP-W&4tgI5)`9@(l)92En$YA
zJu)$7T`g3!Fi0ujP@pMtZEN4?#?W@aRKT>dgg|mCDd4-Y&w^0Xoi*9g{<C=7GLtSV
zR{WhQboM}sK~hFaSoaQ}1O*1?pu`?;A6wV$LArvWD<|CtW#A3s8mR<vbfu(0K{vbm
zR8e*09CBiD?rw_ESkA_UW4*7`oAzxB_i;y7pRLS7X6wJdA-Eb6Xmw&0UGC~O^R7fu
z&7CaZUdM(P6?_y;^eY!E;y1C0H!dkA=!j112^NPY-JS_-498cC2VzUA2yn6p1m`fH
zKQ;WAO%a~k?{YUu)#s(M<08)8(AIBbYS`OKt3fxc>50ef0y}yIkq&!F8cR}jRHg1W
zYj>1OXL{f0<+(8fah=rxF-?iUI*aj2b?e80C-zw{Xso@(xuz3{8-*!;jRDFPBCd&J
zZlPnVfr=khIGXhjY?qh2dV?~!jBN@*P6l73_wU7iDfxMo;pw(f-{OjF9N*6%e^;Zg
zPW={#r;b)9Ra|@^a67Vp^G7pX{gZ5Id)McTnc~H8NuPDM=fS808&mV!Kh$P|T2v!i
z>4bQRo1^;*2oZD9jEC>QB%V|Y;cxa$>VDqjZVJxlA0tlBiUzDnm;cPFxZ0!xf4(Uu
zROD}?8+A4T6^^z{0P{SSL5YFYRg?ZnO8WrpEp5AUkGS`}{`GDXhq8dOYl`U_yf+%I
z#}|_HN>kx}JhA<~cRoG8dQTCy5?@|#!Julvr6#4LU-?yS^ex;VN+eYwDwCYM8tjv_
z(gLaJlt8=nt#<ddysj|!FDYTIhW)eU$LoXlZ8v-yYmcpA@9<Ebo}MFiB+#Q;z|ZM;
zN$<AV&oXtPh>c6BJ}QKnXJYZ>j>|p4zFZHjYcf;M_&>R}ime>0h~IZ3+@%gAqH_9f
z#wk`g$!}F9_4+30IvqaY!TpD5Y`^=P`p)W@k2-esA#BI%D=UQ*eoJt8hizmwYZ?e#
zvo|<%N%EdK^2$J7^)=5SL{C!>vs1Ce$oTQ6cDHn5jW{HCuIMX*3GKSh+&mtw_!}!y
zL($63U5?A7;~`x`u972mti{nQlTpeIX#MT`%_=@=OYL39#iQ!*Xpwy5*IfzSK1g)e
z;*)biKd+ak6pS!NG#+U1XjAoF$S>9@Lk@I_Tv&WAZrwVtpy`mfVj26sE;*6uJF#F{
z(k0d{8MP9nMcB}r5KEk(@Q#-dM@x`FD1NTgeU9xy8sp_y--)3U^KKyrxLwTPa68o!
zd~18%;|l&*;|s@PT$h)VhCb<6>T_SVZ%qPSSKJQW=p&gE6Hk@TTW_{FtV}Ep9PBe@
z_q5ILm?_^re(lW{Sz<(X>8$k`h0;GH8nE6Yfn{RL=AkYUx8}8@W~QS*xj65H0}OA|
z=9?GVeOzuD<Ce4*0|Tg9Sn}*zcuDQ47Y04oIGfRG@CU3sk&@;EvuG8+;%~)$$g1^f
z_c3kKU}ZV}&2n582bk7#-8_Ppat&pr)I2&Qnr2yo^xkV>ajlB=2-czX?BbK9=`I7{
z>Is+0_?st>i$GV{KdMoTBMn@6`VS>F!gDVf&hT)qsaM8D^LP4<XbqmiUP_qpmKI0c
zw<s151_PPE&C$sTF3~O`QMin&1&6EQhWj4@Zlg>2d)vnhC;8-^zjs>>B`P5MPdt6P
zrG{eCnHxzr)R~Ly4k2qpLx<oTdVf%#@B;MqH?yxZC%5OwUQVAf4mD6+JFmLAWV}|Z
zQ1zv}S3g-PY)kqxCc-?9E>Q{0DI1hG5&-vkpEiBbFNGyC95|KwLEL$$s*=)i(BCgM
zSGjsP_|X_v#>ltGWqWH=6ZLb@^J)%gpejHPC~eFtz+VuuFNtv#S}m0h@x{2L-vvht
z``ghn`9EW{)O<h8)kT=FoMc^|k{kom!a`qW%MEFXIR!jK2$FFL3#Q%5RAm;68>JwH
z@~h|wFmm`tV4@V}CyQMH@PwnE#@vPc!Cp{hh<)mYIYfO6)&mToMlGGU&;u8;*;T99
z#thjW&OqzjOij0e9>{}t9BuzVK*3@|d0^@kv|s+^ar4o#`L8;<u+rfmW3*AEh813V
z<0O=^025C@odpk50%VuG&;fSIwF1giEQ;DDlH)c{S?OB-woBXZX~UqSj;=xLFcqRb
z!KauG{_))lC~xMLH0@uHF|_oI{^H`|>eELdEgA$nM5h>vXPz{HqLL<LS3k0s2sybX
z>SQ1F%1etJC``(c^<s~Ve{^I9^i_;DK+Ki9nHJRVfgw3`|8)g@pqNf{@1>$0{2mnk
z9wDjFFi8@<F__6WhGoOikBPXQvoRaeckldS*{Gk$%`M^F`{vS;4xc>WVI1xWDCou-
zXX+P>#aL?F+UDgm#fV<iX`pa(5bQpkY`5~a!7=wQG%BO>0?y(C%6XV8CpH_Gaqe?N
zYO(KU%_St024!xwWxgFG8)?(Hk{DoiUDViXYcy$wc=mH`0^Ju51cLS8(*Ey<a`Y+g
zY;XeiUq4&XP0^vQqP8nTIpcj6ST>@d&$lg=(I&63_>Rmi+di0HC+udQOGz}Y__`P^
zjYYid#m_e8)j!YKYj+m5@%`!j@_HI2n~~)c9N*$J7CO}XYP^r<0Yms18>jfyhT0lE
zAh<YSL8;sdkj|i&1s2r2ASj*@bR4BPyIDRoF>X3C=LeMEMB(MRZV!UxGunhWB}q;G
zkd(cbYD^~>_YLeOOoAstFjF(|35gobB$fi!Nfy}S3F;R?nHDWAL6XxdTxNAn*E%j&
zcB>+(?~7omgM)jI>{gYo5<--0KY8+|jB#Hq;~A;dI94C|vs63ks2{72v15C>Vzp{)
z5FVk=yu*lsp+O9Ob(JR-B({318Vhb37bY##?G+Z9^tgd`8$7bm7FZ#{hg9v&kIp<p
zpWqrD(z_bFrnW8or?XW{87Vh>VM#{(OkpQMAGlS#F6$Hz!O)y0*=xNM<-S6U9eX#}
z058qAy3wps9r?om9~;lvifD}tdq4Kq1Iy897KR(n6PoNaa;lrmJkl=7{nEsF2M<(h
zw3J4v*@yc5zr6MnMKzJ}3&XDujQ#jlliGUvj90|{0)&GSC@J!K$$G~#uG!WOpJ()4
z+WUp{NPqI>CQ^3#!l?AOw6Ij;4QV^8!kCAxes;#M&L`_RJEQ9fH%$^T14b@-Dk8(!
z>@OH83R^!v(CvX)iZ<&*ew=8m7$5cV6Az4j9N>?AQug&6i6Adxx$xT^p5u#b)yo16
zV@vj<Ps;K7Xi0}sc)_h3*N2Ew3+p!<%uU%=stQXg-{cB-zrO9aVi@w_?Y{a|E|-g=
zK3R`{x-Y!)$6>=Z>HOuSSY<&;3+U1=pq*=u8h@Q`S&q+Fm(Fut=(<&2dGj4HOnReR
zqvP$x8|sa1Qj)gD(WQtCx2*mzKPBKzo9pvJoY@Zqgi_^O44TW1*|Xs*Fx4lI%>Q*G
zzqw~A<H>X^n1N&$Ss{l%Bcu1U>gX`GJ^1BLT5~@~TY8_X>Zu5O_*o3i$MU^tfpbgE
zaOaw}g{hH^#=izye`}HcQ}4;M*nEd1iMJ_b78ym(oRv0q?@IV5*5YOFpY=YgVssTW
zn~QOGfv~1@ecFyIhvA^9gpE8BXq-8o63hP8)BIM68)vz11#6S_6u*=@*XESQne}IU
zqN~r3-e1b(BJhsv*NaqY)$enl_l=Tmv#v1Qx*p>%*A~!J7hT>USkU6`f)0?rv$^>a
zco*#4G-%_H9W#XKg+&eXSBuvkm0HD4x=E9+;-a-F)-ygLNOZo;jVa`T8!!>I3%Nv8
zE*REOaqCg@;T|b38m*Ct&kgOq`OV*@77}CN+JVy^9DJ?hio+41rFOxEXvUjunnSwL
z_KZ>aLZhG86tw;OhlwjhO~L3{kKpBxb}b2qy5??LR@}*F<yU%B^G$e1XfZ2v#Z|L=
z&9?(J9Pxi1aWM)-x5fm*J46kq)j$t0kMzBKrh5~S4lCb!I<T?T`FFtR$8_LQf>J?2
z)pyrodw&&a3v%!RWzxoahz)X%f3kcS32XHs;?0DH7w5DnS|Ruulc$s8v*_t4v>SJ%
ze3zq)Y3{1qbB*xYY4=wF;ru0E=^wcX4~q_>IVnoiQP*ZzKCvOKYum~e$87I0i<)5J
z`CMW=T<Z#4$b#!1AJwci#Bu%j`dBi}IMc?~Xf(7vjqk0@jz)0Qv}t^Z8_n}mi)>LY
zjv`bQrF+iR{M34Bn<|qQWxZ{3ta?7a;#RNseLI8nx%SjhF?dyfRgTwV@!~uIV`ZPO
zI$&;~EaJ0YYl;eLtU>>LO|1AkC-UCGZ7kp3`1mPbEcNeI8$G_S>UiYY*po~ASR2MN
zFU0YX;-P-`esiMCBrZR{o&9o*xaBcmn54)ZB+cz(x3H@mbFxRJHIFB{BH_u{6m?|w
zHQ#dryFs>BM=|P+d$+TPbel>DSN(M5E|LhD5h%R3<y3aSfj)<40~pEX2fpVpc*tf@
zVL~L?qlq>b0zO}no$kWpLjwrELdYGoyadwaym(^aUR6~4OASWzBF8If$_5jVo#M;U
z7MGiy-7uS@@;-ArK4=b$ugYQEyAEaM&RbCCY7%}oaLt}3mV1(p`qH<6#E%dg?AI<Q
zSP){FQpvU6<1u9jjm*uZMK>-nGn<upXd6KeX_}{FWw+;$lB9&_ev_I^z9kuJ*;D=#
z$+zQ3EIq>=*LEn!k>yHr;62W~u$KLYZl1jwu)q`sdwU%NIbH=s77m)`UUL|_J?LXk
z`ix8DXPQzv{kH&R?|v||ulnbLPP@m7Cy%N9%2F;Gl{IAh`fbXlqU+#U<zWJ>l`dfY
zFVIuEkz*x}0JX3ys)a+?M0GV4WrQl;`$vy8NvSh8uFo<MWxCRhvdMWUq7zeJClDys
zhb(ug9SLSU9H(teQq4G(I~;Z0O0=6;bEWgWB17#FTVc8-?#s9VU_2nu+i!fAr-<Ze
zjAlt<A1LgdSsl{Yr$TgI@PF+oAZmrSuS0!nvk|Vxb)a5*q8uZ!`U9EXyxk-RA26i$
zO~e%xl2&EYj0=U#l&McJnp<zu6p+){SecoD8HA`0<gQ+;wh7s~-gqU$0o`TWru072
zU<0Q*ZH=-7!jX7T!^5Lcg=OQZtH01ld;BqkfN}J}A88%S4vTj`o0I(MFF%m>F(epz
z7uRS_`<*K3V4?F`jxso|w4`jaT&~kH^4Zc=yv)Q7xgJ`Q`_QF&bH&cML16Pu(TivX
zoWb5lm=Z@KPa00WFWZZLx#3D?O!mfdyN`m;QhR?9+tcy;i|rL|)AE(^7Y2|ieahNP
z@H36gU9yBae^SA!X)5lMy4;K#k|2Kuo+$f~t|Q}#_E`pg78lF5d8Pz>TrootYm*{_
z9NW~nss$!G{yNOsBa-HsX<|X)TqnZm%*NzrflVvU(W|=3j~gr-in$1%Fg}Z8gw0Ro
zzKZa~iL!w$39G`lYgx+6v5CJ4FU9JY2J|>oMpx0RWHsG<R<hlo-V*!CA=|iA9U0Aj
zI>|-iO{IFB5Tfc_pXs9|^@z^PM5}D+ce01obswFn4Iy4g>8A~-)gas$TDEUrTSTlV
zm-uvk%hbnLs26WI7(a8bTsTOm#`uJcvp61*MaRaYXG+(zHs0v@Dv**QdirK~R8fU;
zJS`qB4;v6EPUF{Ho7MNyiz`fuoBFv&^T@*6RL313qfxvE>?1<QW%>#Pyuc#{{s_nJ
zxB#a>mQwnnlWFYsz1OEikKqg1#saK$l|#a9OE*kd#=1iE+E$Y=BO`SteJ@bpe`8dP
zm-;k!rf9E9nOeHfEE2d&eyT4zn5!=Wd|IF_t2dD>7WTQSj`7yFTP9u`qcdYXms>0p
z5Jwklarorc<oE%lc-LynlsuQF`)I6Wt&}M*9`z|-%7NHBGwTd*+ardsO!i9jUiV?O
zK%)y%pJf~l$h{kG+-7?gfl^<j-|S(sfXgl1Cn+uyu9mEt7PkCI=n80*@nJ@>T6m`~
z9_p2}U&p8kM9<o`t-rymFOD~6B0p`eUz@Wl@3Al54$P9_;y><HPa@BJzoe;uKKGo>
G-TweZ>z=p(

literal 0
HcmV?d00001

diff --git a/scripts/automation/Radius/images/user_cert_list.png b/scripts/automation/Radius/images/user_cert_list.png
new file mode 100644
index 0000000000000000000000000000000000000000..bbf4e6701e7bdbf7bf302f21573e1e57dbc02025
GIT binary patch
literal 53855
zcmdqJbyQSe|38X|B1#AdNH<7JH%Nn&bc1x~07H)`(jna?F?4tLkVAJ$cX!^=Pw4Y~
z?p^o(@w<2Z)@7aH)ULDl%z2+z>=W=oP6FjQ-g7uOI20*KQAId7crYB?qta(jVMp{n
z6BEN$j{u4i!f-`Uf-TsNfw8)jiL5LfEo}Q4+#^48IE0@`U>`i#2M!J)!WRw^w#I;c
zKBPT@dkkAY`guML{-2ca;Izm8Y(FZ6ore=r5|NUEt(6QNjE!voX10zlVQjFRk0#8O
z)g9GkWq1s2tr_)=Yz>SVU99bXW`W~#;el;h8$0TgxL8}+0C-&Z$$q8afo=ah%tS`=
zD~Y2eKbgAh2NDrm2V)Wr#<z@b$poI0kdW{>7@6=Wii-c89k$0$X6EQ<$HT+~1Ogd>
ztc<n}rcBJ-+}uoWS(sQ@7+@(F0IoKU`YsGM0P?>I`KKIFV}PN9xt*iAtqsY~a`g>t
zogDee$bMGz@84hTG<GrnU6T#q@5_Q+Ak)t?Ow5dLnf@&smX+`4QJxRxF2+_GqUP4H
z?t#@Iz{bkT_bdH>o%vnkA34>3=j7nz{xjzvXZ~kS6@amWh^;lON=Jd;BlCCWKTrOh
zk&o%;mH*Kbe|7V(qp*G!c+SW4@0bZZKfnmahl6_uCnYMR?DA;05zRwK!)ftmwBLtI
z1ana4`Eg@19O;NpnEmSe=Pxr`zOZeQ_k6d1tn%37Sh*40O?n`v`rh}sQNlO%v<aqM
z$9C{XiGz$BqxUO5YSiP}SLDykMXV!`A`HZwFr_I;U+U;ky`_59h0K~!Jt6RL&V7-T
zPq+2H3FNhL5`Msav)g#Cx!8D6yHn5zwQt{>t*+L$mIxzamjLe1wT6>R6tK=wdN*QT
z&P+D>>Rm<awbn13F?wtOy*3t}lp2q}oSK^x<w-8W^UO6fMqj$kEjW5p%|WnuhhFI9
zb+L<vrWM%&MHpk|2doF%E01xH8`@C3ga3PZDe(zvPJk5?9r9@-u4&KOw*Bz%t=Ihq
zXhBqdD=h|v`AIk&(l^-hP8K~4psCcZq0u!Jx|O(iYmzZX9>yn(SXt&9F!M9T&qQKB
z6DhPSxc8b>i~(f$clZ$5WBXjiZYdsNko>)fED1P}cz+>FLlbEHfnw{ARg6l@`R`c_
ze~gc-Z0~&_zuWi@9vA|bJX-IYLKyj1J-_~oA}Jr1-OJu?FBx8bnQVIe;Cfk;RUHGu
zV7gj*w&2!JyUqw}5f-{#^I}XF6R7V^_KmJlwDNV46GI!Qb^4-U*=fPa{HpqJT~F&t
z(}wKj;UFB&E`T!LxM$s|=+hLj9v<Xs@YSn~>-7)mDD?J7E{mjqsn3A&2jt@EK###^
z`6fupC4jts{G($g0bf0xl$K_*{AuPieTolY1U%*?ZomgqtLL^0!3)9S!^%0M&buga
zDV|^Q3pU?`ZsCJCYHXftd_O;QVM5Sl<s%h(VXcvVqR%8=D*NtT@{ryau1rjqkeJ@1
z1Nz6s=H<<%LQebRMBagV6QKDm&L1ag_b-~%-FMB=k-mMBU*fv&L|pWV1+5PrLcBEC
z57?F|ZwE{BT;XzW<|#_zAsbC#^oN#FA)EV!Ubtw93`PMuJ_lOEZ(ffV?hm;b`<q#u
zdzdO3R={vIz)`{3&+-p5)Q8;Y84AJo1IP<kM-8}BL&sqnw07H%_K$^hkOf01yq}ZV
z?MA!IUwFVz#u#78dHFwYp0!i-R9?FXHiX_Z9bDec51zHuI$zRps_MZ8An{O<I2EV$
zM&b6%or17u{AiR)<wuVlZ3HE`V`FJ=d)b{_O{C<K)Gf3*p-nFp_51jc@ejI?%R{Ed
z*Rkwa{nz|UXM*TP#z|&3j~b39iGr@?FPcorFVhE~HgAY;MHC}O>yuT!kxN@92j|^e
z`Yw9MdfggcCKn1D_8*7(+&`S`@*Z{#dW_^nLguiR6!@uevIH;L?d^^@ayJM-`zxsq
z<ZLX{vI23vLx2`g9H^{>JO=i)CZP3hJE#&>J9B5;5_n7;b&%I1#&mX5pSaUXeW+L)
z&p!D$VBPC}l4ajX?B+R?KTrjNgrb17qaG)cm}yH>CPH{bBDy5zvSVHg1)XQ>T|-i%
z#{x%fTiUZb@Ibgqm(A2tD?fsMKy^sd7BdtY_K~E{a0z0^nuIBd_VMkTGS(AFgtByW
z(4McAW|lou_F5e~j0m_c2l;Y7EXX#Dui|RF6p<P|&R9#0xJ$KXl5xZF<<mX>vfqxq
zei?cBnXA6IHTKYz`vMU!;Ap1l9MPyafvErR)dn?^GVdcxZoZ>>>**Sm?F%61<QMFQ
zc`f0nwT|j$)$g^5GvHH7G%o(_6!)3~iKDJC(1>ET&pd@^rAKp_^k!3bew<li=2!p7
zW4s=*#`8|j^u>q9k}g4>?1p=_&5CdMp?V1|S_6TfxpGuds|yc__1uuZ0px5fawi{a
z!C%mYzl-Jqe=gdScxz|;em`vi-EK^3hgx>03<~)SsGnI;yf3mVWkDi9@Gg7^l?SDx
z+fIT<foJnYRR^}gP0L9RvrOJAo1i{wW135;9+g`PfrsttT7}V^IqIV)p8h`&8;|3T
z4&{zc_A$RD21qQH1p?nI&&d}bRYc%VoqY3q)0ilw1U))ER6a3Pq2J;Cw8pq?>KHIE
zurVUcYd&*ZvZwzhv{C)IOSLwt8PU;77=Dd>iNR93Dfc<US-sBwK{4GyLUr&Pxnt0!
z%nP0~i2R`E56qg~l$+&SYQvZ_AW1}~Ew|CZkQ0BB*CnFXCu)JOee!U{C#t={KU_Vo
z%Wdjnt_n-Kq9z}D6Y=_v9h*|SE-3Cd1Nd}PLW@j#*+sr6nQ$+%lWyIpxMC}25I$3u
zUsXmq+D{YM*IW}<TI9Y&a!vjCV&RgXR~_G7Q}HPU;?}M^MRjN74y7t&!ju$t2XuWV
zNtBi<N8VQyA+g<D&vjJqNswIZiM&yW_`Ub$?yLxL#ig8C@eI$Nz{Jc=A*i9*agHnN
zdT0c{vvhiXy@#n`VOQ^bpDnj%rp|~7Z79J^bMvkw#ARz8LIE0fB~c~*#?C49YseRr
z&D@#qH63J=57KhL%{}Xc-K{4ibxFl&ME9*}H-u3YacB=C_*^N`oC)qDIX}+#W@nxI
zG9<zh+IfNdOWon*=QR62@A2<?5I8tF!{xxzMT3D9A2FwPZilP+v~PrVay^?~jCW}=
z-?$Sl1~M-((kbrT=9y_cFb*O(%m0dMAEpu5P(+A*p0AOpR`rgBB1oovd*{TkgR?z|
z@hi-D*HJGuY&gmh<&3f+Z=5MOp?!suOtU~5;x3#?&shE|@Sr}rs1zyXq9}GeciF|o
zj(|f_rh3G<qqbi2f$n#(%8`b5l-qHbGH3f0|9-_KSUMhXG&kc|AcEwlznAR@SOBXd
zaK@AUC-A<5kCys$z+KpHpRW2l)P0CWc+Fkdrw<<f<5)bxW|Hdv(t4rh#-T4N$^MPW
z-gOl3HYynXlEr@q*muSluvi|yB3$_IRY;~W{_LdxN6ot+tQyC;KSMkkQ__>#J#R%M
zZsYZGfZKB9DMgk4`*Gn{ca2ebivZ=unLQtvKqTSoObrK(F1s1cq^R41;4cZ10n~p~
z&w-@8T6Qnrut(S>G(R_2AiG`hM<+{?#Jua|2BYyE!U^0S2vA5r$m_393S#85y^#86
zAYg@AM7E?e?Hu?VZ7iJGGzT&s#Wpc4$+Wu?=r#M6%Vt#{TiVEElwYx22URVa5__4J
zDJg<x(t<r_?f|I>w4YkG=bo9wD2KCMcR_~6&1fol{KBJEjh<>I3G=5s@@08!Ck>}$
zf<Q9Q8Cv=c&fKKu*>%LiZXFT}#!fx$Iu12+>74ITDdUvI4fd{>p1IX3)IDE(&$|)H
z?fOoGR~(4^WVgRor5~v!>)fn%bZ86b>&nNT!iIT1Y-;MImG>7<R`ieH`9c{V_kBB0
zM{c0OeuXo^3Rqu7k&&a%80c3ij1;5gv3*QBmyZe0t3$Uc{3@Pqzd?2jhz`9NF~Aa}
zE`07(qGb==(lK0c#Gb4gB+|Vw-a2?oFxkGja#&Ih?j=pbIkmDNh?hySq{cb0LiPOO
zu;vRSwZ*|{Us(MtNbc0dx;(bs3BnGdwnm(c2-oXSwd}fm$tCzoS0_3h)mEH9SNdth
zw)<W2a-N&$7DsW*HGQ_Nj2`;QNv-Uwd#*jB{P{bwGH&DOPJ<@O-NQcFcRV<1`!nPl
z`6iLf$w_e%@00q1fz@QjLHREe*OCN_48pY*47N2mg}c0yMe;q{S00yaUm5GX?sL47
zm?M3ZtaUUQW5kgUz*M)1v`npyk3q6rOiFa+_Zy$$j;Al5fGW?Gc@;j&=7;^N>=9H;
zBX-(9vW;x13@o-d<V`vi;0?29hZ^StC$9Q!NvWYfq*mrC(<(hNYa3KLV}_@`G7fr&
zbD8#@w5qC6L`-dq8)yy9BhoLvB$YbTIlAgB@OgcMp<RpM8F^i%?Cd-$DMp~WYm`q(
z4l=|w+Yzt69O%N{N!rg=WL^`m&N(4AS6A?Jc>H#UD?2?0%xQB)z%iOj@_jE_!rIIn
zi(0^s!F@q==P(W-5dGNz!_G{^kht0#6C;(3kI|6)MHgfmsFZRwAWwP)1;y-JGjvO9
zVJKnnE2~^>iX~V1Qp)I?kJQ=V!8i`N`jA8JgQ1A|Av<yG$w<z<zJoUUc4^`&0>H@D
zO@F-HmeyKr-PD<fRyHAjBVgvN&N@G3=)AGUXXmwbm38na;PGhkBQ(89b$o07N?97u
zDQj)j(lRm5{00C|mz>@mSMo})!S%VZ9oPUVhc&AA$9DHK@l#s|h2@OaY*f{}@e8Ui
znCH4HQWg5R+tL<nj>fr!&XGpAuB#kMTvVtZz3BWZ){r=er1e=>f8_0^H4&L-8gWbp
zc}K42tb#CZMmCdeK}1>@+{vkSH8PBK%FZS1AIQ*F5(6O%E+Z~r(jrZ!@%f;!TNToE
zYa5?h-sM|&Fx`=oEgwhw3ZbG>GIYST-|beIy6|zb-#tpGN=i-s@R?MABt&`0KbA99
zg5nrU>8n_!9En4re}cOqRO-p|c?B`rczm&gE<T5%P}KY>ZY*%7>nrNA*{OwvE&|4&
z3~VcYoaE!ZJ$hfJWV9qPr*)eY4(qD&_8I{<p}B_5>@xO;v1n4Eh?Ayj+`<>9Nkm;)
zbVX5L>C|`N7zOuTV(`QCo`!PPhZGs^T_&A+qVtn7cUpUId*~i3c0k{45NRvV4tdjz
zpBShckmwTDnP~6p0j;oc<;D#-+}!f+vQE<*U9HEeD5iO*x6G5%PTHOXr*w<&`k(Lh
zESYv<s`pAYrHG0eOL@LA=EbP%NP5nla8xDf<M3flX{CFh+pRV_h_*;5B3MNOGI-{M
z=$e1jb~j?@88RgW)xSUuEnjr2=Cv79i8EpmSr&bN?QQQ9IBjv3E|*xdOO-(2U{=Uu
z;A(k;p~`pAV`He6f9lE0qM2s-;wj6DnO4eMPC-CQVYcqlZDP`TW|F@8S;rP~pTF}P
zx%?hjSCu0ZmX#7&RS<?*2E4n}M6Z-tAHBtxabIy5E37qPG)8pt4A@q#g^cec+00>3
z+dU7f6VMo)1}x`j%znlp9PdtT3}D@0-{xkpp0MjXBLDK9b~Z@Tf~{O_ITH5ldNSO&
zzOt!a{{*Yt&KTux<9eJodIcrNb_UezE}Y*!Q|+^B6vUGTFxAhb*eX~q$jKz$n|C3I
zEk;|>KBX!B&Ox;qKjz2WX%R``F2Nf@Qc5mly5^Cq_I-8uQTesA*kQ)=XBCLU-Z2yB
zBnC9$Um}tuLX-#KzjTH7r8#vvkQf-7G3G>WB-CVLx2dWNHgnO{8hi=ogMP@EC$2yy
z!Q3I?&V6oT-V|4;8U~HHmjZIvqvP=<H{%`m%j{wI=ye+>o1JZ|Xb^?nwN@agE$^EY
zk<b#Tjyjz}Iwx=~ZQ^bP?8&nD8Y>hj+H$$UMddVr0`-!<Or0rc0pFV1Yi~45NQNfa
z2baP(6>{sN-=Li}-SzB~T}s_lVjC~MPFP8u@qjyhMUyLZYXReuE9X4f6cM#I)>GES
zEP-NFVh*D;r_!tEM<GwNHFhAmMEp$wPEKV;gBP;E;*NdIIKKjI&llgz?Y}$gXG}J%
z3Y?S7?vQVd?zy8rrebK9mzT^NJf@`}!EtqcnKvLs!H@@<LVrBgs>AZ5g$wt3MW1i_
zLy?*zuAsVGSpESYTLt%l=!*ENev+&PPs(BJYEWL#YExjfwA8&&S)uc+zZb?{;*ej}
zGQnG>yt+Iz`LiD_@U2yDYjbLMqpGLXaaKJ@1iRApfc8AIUVw41-8TLsc+&|`pU*fY
z&@%kpTqRknTs*)~ghpzXCgNOw-I)R;Af(NJqgD)<IejLlP2Bke$nI%)?eUUSr#WDU
z5TcJgD*MVNRwSoPOtUo0gL-4MkHNZ)1|<eH38MKx6JWP}gjb|pldG>py{sYg)u8H?
zrCKkyQxdO%6-`f<B9DJ=Bt?Bra@lI}RSVuL*^%kJyscgKf<8isrcgJpI1aW7)uRC<
z?GbR73cnMTaji6_xKqG1=w)8bcGt94(+`P3RkfI;+hH!;d^Kib>S|_VvB9z0NYj8Z
z=Fq}o>CTvw^l;9bak0+vXupDp>oR~G11Sc>03$b=1m%o{ieFD^lp4)6Pw$AcUI8Yx
zLZ|LkcoOqdL^RatV_G-8v)IJ&52DJiuuZNj1Uj}*Rma)UfUHqkyYUlKSy$D%+dgV_
ze)1<T`xJ2r=lM5VsDOU&b}PU8)0Qc+EX20UjK~)1Hggyf1=5q1Vav~}HHu3?vsQyS
zPB~tKD-12($7~v-=v1djFgrEj4xnVbgS_<x5^`fr?<gHFjGE*;D@TzoS`h;Zu4hO!
zjw%F1Lb;_c-5RnXI|~tBGUUxU{tRBpHOWLtMEhdJd@tE8PJ{Y*t=pz8HRi0IS>eX;
z%?I&k&8WX8R+x`4inTEP4E?5zB2{X~5z<dPOSXlrQ0byAgwQdJzZjwRDCFH7xhqOm
z!-2f#sF>$Vivl+OGqPsN13W@z3<BKaQ&19eh`)h35;>GkA;e=t2aMPAa^u7I;JPik
zq|+zxSNKwAYpc4PnCvvWeHTR`+MY||3u4>nKeoPfxoBCd1Oph0!AO=l(l_S)(xSB=
zHR`go2-KF;NANMNeni(4Z@nx-$OCla@+*wY(dU#wzK!}t@-;en;qng5e^aAPz4rB`
zr!v8@XW^)9%hPmJ+W@3)k|{U=c@nsF;2LvYrW6Rn_e{ndat?D8mRcf<aBED*`832{
z#3ea6$R+1uUOZ>5ck<ljoNMxQpXE5)9L`ujgeLQHIjs77=F#6A5W2rQcvwS=qL9{W
zd+_dgK{;NS`#vFN$OCiZy=FqONgumrUDyLxdV(x?pBbTpIdM+-qAAJ8q1#^}MC>o*
z;U}IJNDlVv+8pB5ta(doj-(`~*_M6*MU`5zLI1Wn8s{T_Q5h}L)%5D4;a{lA6NAff
z;}rIwFPi(nkULQrHsI<svgtIasZ-{h3cU!tl=_W*oZc-B#h&eaqLKZB7{r(&_ulr@
z1cf~<$NdebzP(%f2}EiQMF##r0{hQkK%|}&-1-Mjs{M(R_NP9u{(;YUf8sNnZu7Ul
z3sh$OiO+aB#)ALAXQ4mw8NLIa%<ncvOT(zqwNMmx@;`7AISeQ5`zAg811J4|(!3T=
zKkK9D_>1VdHL%x1WVgpIE9IoA*zYSP@!qDg+l1yWyWNE~V$RN@*7!bUa=B@sISD;z
zW&N-bh5x$;zP-D9Swjb<sY>kxHeXVT(Fn%hXb+$8{V_lkAKVd8$GJVPx4<Z^8!7Hk
z4=*F<PU`FK3w|H1hZDN>OE99=-Lb953VzMQ{mq@>{(oRP#z(fYcOU4LB}T3G6PkF^
z7Z$@B?z8Tjz%uQg5{F|-@~(co9*j#eBGlQO&N(rTZiaZtyg%WV^CIOL7^Qa#Jm1Vv
zZKNX%e-5(Cxg&Z7xiic$Mal<|zs4PImZD!Lr%>H^%TkT^YWt|0pa7#KikpS%1%jlK
zwD{2EGhru8BZ>(idoPomfsq5cLZ#=|i|@s391bX$m3?KLLh{XmmXJ-Ga@Gx1X0XGH
z-eh07X6BzLD@kV(J5?!byU?v`D|>BX3j6U+h<j<RYJn&B;2I7yuBALTZ!U+1E4>`g
zBuQgTC#doJNsF~1t;B{yM6kt5nV=^cyTf${ru@<qv<76m6B!Vb`>5GNm)hbNdCygZ
zrW0N2@7H;$*Tk1qI3754i|35NA&vONcbkSc<z-P5vZnUdH&!(4eM(^ZyWDmsBFJR%
z535muv6*T{_c6o8yZv?(j>a8?G4I~&uJ9hVu1&JP@Y!PrIi^+2IQhy9eq|-bZB|87
zzAr`MjV*%)N2_tW?$PwP#~F3w2}0tX0q*!?D!45lsJ>v=6G)x$Pv_V0G$UosHo)(c
z$2Bo~US0E$9oNcMpc%g%G6+zf51g?W$I>c?VKpqj=Fa7GrxD4G<z5~4RgW_(b6j`R
zhVjyrIGv83Qbtib)iCbTgzXxp&VIkCUc?VMi_!FojHYbP`t+ktaCge(-F%^Ey_I6k
z#oG<?-Lih#X2N=l{;vO`HubGN=eM!a(dg(J06#xG?z;)r!6kNEz7RpZ2fn8Jv*HZ!
z&doq7Pd2sQ5rOXIJQ}&@tIJ5xY}lIKURSlAJCoNg*5CwzBc3QcMM+?^Hu2NP@+`p=
zpvQf=x|5|AqLXnvF+z1=xk-z{a!KuxUHIlgmN!%m&aX#fNCoqB?u*696;sfv>ON<k
zt6unJKAHDyIYvQ`P+lBoX^wkxef>AWd#=SOVV?P&XhN<^ljWE*#=FYKF=)}ssua3q
zLyM&Z+u?Z#_r>y<ni>x}A28k=8ehO>CAJvsrmf0(!mv=8b@Y05N5ydzKNlBSpMGn`
z)M&LtB@$5kCSj;Y#7VAl1ChuDE?MxF=XNXgp633N734oF??p7Y=!&X$nJ->(_W_OL
zVIA?XZt~W%!G5>h<?P|Ad1b5E3kl?Ox9Asjj@Dmh_ZSZkZ;0Eok7*+LH!uXmI{$)&
zyi8~$WxJL=HfCJpK}$V}=W9THrdUhNXhS)k<H4k@s3sL%2T=0p=vSKOI|<H9(|J6W
zH@ezwPQe_r99>(r-doU55^4EroEot$&ed{{>J`uYM@efJ-+sw#(z%Q5>ZJ{Xq76ED
zEl|R5BWF3(Y%}zU$Iy?rzOQssyG0<xm;a8EB0>h;SLEHL>R~zVw$8SbA!xZ(MK$lk
zwBn0tGwE(0Z~AgAju{ZzzwX9t$0Ahhv)s|-I6YA<7{(Bg1eF(6#DYP=O_twK@QFEM
z?!Ip3da>pf`d>&8Q8?dLo?Lxl?l^Xk{W(`aEw>cptufw@P>oQO%F0;v<ny4Q1YHbV
zVp1cpH$|3Q#}}E1{54kf&#c6^%29-;FLnWIMNjD+v8LtlkBqyviT4*vd!jWqLX~d0
zXhm;KII|~0xMk?8_4yj;F^bHLTsYT%D4jVvZbG*jFBU8b+CxK88`k~2UN_$zJp_;S
zxgYhPf4NM4Sm(QRJP5ld^V&*&z*tP-`2so~1(#fEH50K?Etjx`EsHv9=?YbbaBE{r
zFig2I@~q9yY9Q<J*sgsKWCfm7n3pFLcAX8sSY8+7jP}I6+bKduib!IL=$`?&y^bxa
zQN%9#SopZ+wr1tjhR+L^Yhl;fj?faak$DibiR7d)hn@4-jVKP2_i?hjor1LpVz%;N
zkbZ!-i_`N&`&!U^sfH1SDtk!aG!djolpmY%<EdzsKPu&0f5K`CPhbSj%jE?fvXZFC
zHQ@mN-iYfD7DVM<&>Ti)uyCkJgD*xp!K;fgE(g{!T^pt>%0BgIr(113;IJ`geY2gX
zy_rcY<=fgXD^@S2#+&e+u&Cnuzj1{}<b5RYHmK4hG^<e8cE*%N<*raAEN!UtM53!p
z$Vr^<qRFiTu}3tnN(^^;C%k;VKZg<AeGQQQzLP7YPX{nQ%gYQzj=ur}hK_J5_V^Sd
zRMU;)j|5gtc9RtBUjYiCwdu}QnsQ!!pJv5*tn^040_HykN6vnJ6m1;i!D^FfZF=W%
zBXdEf=GFXk9D5jOZh}z$;U;-y`P%Ph@D(7(+0X)I;*9VfD;_@}$%uZPQY?d$@k|t2
z%bDpQNETc6rLIXC?e-^$89pW}cy>U&a36WOE%>^XQ}2rIGQ7G0LVdAtkF)exaQq8S
z(`KcYhMDO~441c(%h*{@0yG6vVqgZlVKYY@XHPbXyI5h++`QaZE0h>lS#erdR52sE
z5hJysmMAG~pPg6&GQ*G)_m$3aQ*g3)A(z1Ro#*JilCH3sU!^V5bPu-EyA5cYq|}H;
zr$)H2;BxH|7o#3=SFK{CV$h5(d_4t!)Nqz=fSrVXJ;8hZmz*|I*ZXe<_hN~GVei~u
z5}KJu6T30}18qqL>I55(4QJ~N#A*$Uxx!fn0J7SOFNWU~r0OL_YnQf45}D=<@1tox
z{T46~?Wl;=KjOixRY;Ufc^7H3U`)>D!UGyV5&ja$5Yhatj|UA<sEcJve~!qSqZjYq
zigxWY*N^Oq%>JY;gd^b@c-0Cvqy&u|)M%oLoQjf613tu|tk#9k8Zv>Wz9V83oI~}@
z=H^(CVNI_yB5jso=sX4;*(A2gXRjvD?Bs4j$7IrsVq=iTS#@+l^IcaFGvtS@PIyk8
zC#zxkx6;>v3%f2GYe_&>_7q_b1z)x1bHRgpe5yR9JZ>=PrW#~f2WrP(_y`k_%1>PO
zuQrAbYs2DKKvzv_E9V;>^|O1~a+<|+4AO%9%OrBZ1Tcv+jj{R+jyRX$SGHtf!Ka6p
zUF0>j6JZieDG?ubo)iQTQyr=GyEd6yt*~In>^;iRnIZyvB@x+7cU5GwYePyz8-gV4
zRuHJ8J2zpEV$~KDB&g|p&&E04Snl&$g_3h@3c_We?g#rkM%2VJG|I^^=hFz*_&&gL
zALv_?By76Xs1>@h&5MR&Z2(Vx;_ZML*;2Fd`bp;#_a09yWfZJTiU*QuRo*s?V&am|
zDghl+?8XCn%lYLsq+UB^>-YO>7`P+HHUyh!b$4({g(CHQt0od7XWAW7I1nY`ef#ga
z`yyr&b0t}OHN~80tPAZn`*YK!3QtsWobTwKWX+kOR))3IW%{s>a&tzt`}46m6@2un
zQ#q@TPXQipT<{RLH>$1;r%T91kF2j#HJxTL{YdvC66Q(vZMrx;?*g^!4L;D_Zu07e
z_50l;v!-5Rd!3M{cHSE1zfQS#B%RBauv@-<!${8s=ExpIL?1aztXY8RQ_S<Cs4o(6
z7!;<-3a1pkF0tfgxw2YEyie431S!$w_;uT(UvRQpZHw{+IjQ%@80@|028RM5a#iY|
z-<QqjHTTVDmrs@mjC)s_)wmTSN1V>*H|Wf?Z@W{ZDd2;)ln50y_D6h%8}3My?WccX
z@(typB6{wt411P-44ap^XOxMX@m#jq?~-|4V<gEfOV6C*N44sr<u#6F!8h+6WI`@G
zns$?v^jKw4MV)(GUsDaM=GXNAl{~EoSywitwWKe-Jf$!<W%a$fUhnc=-fvkfFr!7$
zYe-*ph79LSy6E9?d%|~G<7e`1zE%$(qfl@S7|&Khl}H91lleWKKF?c}>)n+C@jkGb
zgTSGdOSjv3PO}-c2fTbORH(ZydZ?^kDXu==@q)bF{%pCO?IK}GHda<kUzt2eiM%fL
z+m-bCAJ&>Li!bM*FYq9zcg>f6n|JY2e7Awlm^ydz4_hlpbCi<`4&wN3_`ymu%<PoX
zr#4ZQ8wxVXw&H;HH$%+9`aO^4=c&pj!9&w?$XNPS`aQ7?ar9Y#q53*~MSk7Ul{3Y*
zY%wdTeMRW$(y1Mj+nRTdLPl!h%1et;pYqAFn(3EQihLHe?z7S(BBS&a{B6^0Be~kU
z$^nh6{>1r>y)Rl<TD{R<O4xcx>(;ZtWBORd&Iz8$;+zTPl#aNK2i?Xr2zS3Q%tLmC
z=aBOi7cH&u3D0`xSSKHQ!5;C0Z|S?~DVE&zOY3`a#XC<Q7MZck5~js^j=Zg~1_6W>
zs}upV;Og<h^$O(;ZC!cHi4U>oqj8+*#`RUZ)s8_c&k3a6EVvXK-B6uu&U)s`$mV!B
zzYpu{_{LI#Oh+a2BP<<fdmqcM`(P%ch$YWsr=uCiC)=$XXfC*sXrq~&Sj}d6@zO-*
zG-t>3e-v*9+am)bw9q#2tBr7VU)NS$FHVzH?Vt>Qut9+4^)cseW#(|bVChsv2z*vp
zs)SN)ySPwg&EuxLutqVP%nP(z?MA;DYq|g(06{o{*V&v`4k;eTQXVVCsVz9=&1M9n
zptGRVuAKz|U*i3H`(~)0KvZk}qRw(y^kQBwkc}bziVBLAiKSetQ?HPU>@1Qmz8z@D
zQTuftBc?kNh0!nAXp2we7x1+^{E7PRI3L6#%E`2Ll!)0wx0oK*tABKh991WtttV~g
z=ekX1mv{|$KBH|bAVTd)BNC72fT^Ru>_4R5uqW6T^@svTDQe3X54S|84|7i{8g+?9
zb07n*^P?~};5-h|qd|%NM(Qa$Zw1>w5Zqa4sfZU`KNPL<A4*+Pi;k;ib65Nb-=9F2
zAI1mNN!VG5|HkSRAG}~dzi%)K<Inu(lAoYkM6IR&!6sb6BuoZDrT70yJisUccLa#Z
zZ#Ll_{2Db3>)*=Ig#V@qBtM41IEH<6g2caFQNOM`DiuZ^9J6ML{_oSs{aM3$9ZvUq
z+k5_$+ABsY&`JK(!o>Q;M|>2s%h1>#k`R?Sz=Jf9Arj>`sRENmgIdzX<WjGK^x95<
zW6UbxQ{Ah2#6dwO(BdUoll|VSs^+ut88T_hKQlSYE*+AAmwoa?w#8(sQ*GadE3FiG
z-3484-}bF0MOpK%Wv7U$<5PThd!Qrk439lMnBn61#|-wf%W@du{jj;&<u<BBW!N2P
z(UneeZ!SFixKadt5q0k#@g06?_D9rX5A~bzB0{UYU%cE0xjaQ<e<1g`Ngj-O=k&-F
zkB7NYL3q4|7JqbeuJlgersRepSJ3)Hm%!e=buHx%21d!l7m>Y-G_HMO5q@d)Wc=1{
z|9e>jW@6G(n0#A1p7tS3V*O(@Ty}prvj)k#1WlIDP2w-}5=qEQoAMRB>@mnAgZ%UM
z=m@~YDKfMd_&mH-9_6-Nt_`QGZEY5|j@8rgfc!Wm+$U?QAp3vyS_Z1lu8iZT#SC$t
zQ07G(wS;&&B*WlaGOD18`3zyF1$sWjm0<};Ka4@BUzFatA!N#EdP}UidU}5zmiFTb
z8vN`a4`>k7H~&C&I5+8S>p9JHkre#-w$=$hC6)uRkv+Mya<3e5UYex&557Q&#BI|3
zX2LkkZ5MVE(CU4PCHjsq=a-;s7_91W1YIBE<RaNP6&CQmQs$izVPE?$@Ke*>v>1DF
zOOGud+S8=g6G1B2t5t|=q?}Y!Eu<6u2-%p$th6s&c`>pvF#ja+UEKg(i9qD3ENykd
zb-n&oh>l^m;}vx$B(8(LPHZDi)@ooqN=2369y`cyLY6!^hz@uYd7@IDo59W;Hufzz
zA5pj$du>0fkGBZVus1VjO0fQ?DvkgbqVu|(S~0$^(3aViV8>}AEk4p=^bJme5Bl32
z)eWkWIjTtkK<UWrUWGPf&QdLa#Ul9%_LapyL_Qo~>R!ZIJFxv^y4rRxBX{3~z;^>|
zIa$uMkxt%N8}#Tcjd6uk3Sd-(A#4Y>(5gCkzDDNjDLK2sSC>1h3soVn>l!Py3K^UJ
ziypwW{(~Oq^==>WkJ|WBSoATsar}<dTnI>9;vwQgF%D$!W-{?^YC=$B6w;%J_8S<<
zSUw&Pmr3XJ*17Lu8JY;OIZ6y+KtIY=mZ|;m(&?TYg>L%;!JP(#nXshs(@>2{RGZ)T
zVAgYL<7|6gK6nPRqxFv~%-xguo7tQ(tgqYD+b(d##Zk4+D+_WuX82sqpfo9<8GE+z
z>C+_W<_2Ip&O%gW#|5;Vwh#cejrqD3@ZkH@QEu`1xCYls)K0B0>x+GEpgHh5*nFkp
z<QR^uuPJ8N*O#^ISxSSso)^x!LoJ5__j)Gz!(WOp<;5g7zfRouk|J}&l)}97s)J5S
zZHQU9wP8{Ue%wB?3qqZnQ=}7;6>#TO37tw97h%K=3ajMy?6{zLLBa9n?IHcfh7MU8
z^aHJ5{(_>a5w|MHNU3lEOHc^X6=~MaG8Q{#w%Pk9`1fi((c;cjDqFD$fhbNPyVkgo
z<=Ez#JJSA?f^9PHyf#^ytsmr$zv>h*ky_B!;Vmljop(ic@iIvAN;+MTv4h6nhuM+$
z&!caEnw<%a+#8Rkki&pNKs@i`^;nOm(ph-ivBpQ^OARUIO4Oe#!rJPF0RTY6!jCL<
zpX<{RMm7VYOd>9~j_80VrF-pbkwIEdvU#4gPVJOhhe;(f6V{*CEXKd_%dzIjSke~0
zppWVM=2?#ac(sdwimi;WE+cS^m8Ajyq`Q`fhmURJ)G*Zxz3FN>wUrYegst~*BN!A9
z@glAzZ;!j0A|?Yi6Ffi$NiHrHC{yK0E|L#A`)wa+9MEnt?r&2-0n(GY#H<wmFagJE
z)y#f<%Q;W92F1W0?z}-iq&Et+mF@pab!N%{&Hs{}#UeD^<<M3}u+)0nunL^uVAw8c
zAq2wo7?L=T`mgAm&KNWc@APi)F~Gny4S>d&XT8}Hwe8AG&-}7jPM?+WqL`N>D7Ygp
zTY-6YWhy!c@=IpM9!^JiTDlUGc_4QTFFaQ-jS%A?*%RR*9y8{rcoKI85Krz-+cWF3
zd=uU+WG_#B>ZdokzL!;DgqvR$nz}oOb^fZT7`@&YNoIeE3n!4K)QI}ZL3f03Cdtk|
zUB+pq!<Z8+0<G6k$>^6>NB8Tua>lRM%sK!oiIMp%`?yNqvoy1;cy<p=xh5pW#qM0E
zrQlmYM*96TrH~V9b0CSN8}oT|4sV&Z$h&Hl-eDBVoAV~S&wz)38;&N=x-B}#^CKcy
zR=Z>FgY_`fV#XGt>bG8uczqCep>eiq<5Zx+65YcTW1|vyweu3IdcaiqBd`G8No#ZQ
zSwThbbNP`<A@xC~^u}sBlZ9Sx0AZwMd~FnEPY!X1-+EHhwn}juPSfF&Bwiq@-p$P9
z(2VCJd4a1;kNd!r=@Z*z`JVZ=YmLM#sd`tvYKK731@J3*nZ0yU3k~1)wUMmpU_ge6
z^$T4`<&2<nDrnMV&PGLrMmqx}44F39iis?DxK}qoenA@zDshnzmSMPut=!)h&3>91
z$@xOtOFNV^t;zg>hKaP|zh!R8bmF7Azh&-Rsa!E@CU2bxqTWr#V$qt65*^g6xBmD)
z$(^W;^S-cpi8OwH)QXBgktH$uAn~URPVBvGJ3OzC$>(4^00hPZ4AcJN0m?fpJCw<F
zo$qd!3swVB#E-c|LYzTEET8)0PQFxTc<`!_W`hsQZ2qMIp8i1tK&XGw0O9V5wV!iJ
zicNJD1v*GiZ0(F{n>nM-Nx8kg6h#h=(6Wzux7&v98LQ;m1QR@nx1O5w;z~o4Y-C6q
z*)YAHF%{A0HpYN&mgdpeozDWBvTWS|SWWijv)I1|ubSb@&3(wboxr&_vz$U4`1<^>
z8l{e*ecT7xCVXG5z9ScV?SY6A0N2xlUf4`7tuGFtz@||kN9twcL*GlUWguwgj&H?7
z_loA?<e??D`PO))KjE|Dg93G-+P)_HNKIoXO@Pt97rygs{qU&4kFIQ`&Did}75o=9
zWfNga{B9nYJKL{&Qw|dMbpz%r-=e*)y~Y+b1(I9fR6znlM%x(@+doO=zL8<@$5ghM
z7C2+5#Gl|rfaeu`%7D@q`Z^7DKLQD{tLKBns7o0sgsm=^nEnJZ4kW^xNlN`jOcG!x
zX=DQc5MiE2G-NIA1A#HANqK3FVlzRZnAbxSBY{Z)R=Ub6F;(ReH#^({;hNFzIoIIA
z&4YCF1V5wCucj%4&A&%O13v|P4>063AxkMYS%@1yt6?E$&-M&oaOR_=Ax~J0d)@y6
z>5Yk2DS(vp%#(yOK_opf?HMZJMS7H|RAW?Fw<|vzfHy*rSgCL#2z7w_E<o)r-kycs
zA`i3&I^cYJI)Q1{{6PNNt&iMHkmYMS=$NGfG)v(t2Ojo1VEVW@z|@xbAoTR$0RmFz
zLX{0$>Nr!-wo@DB{9ljz8G$b>hwaXEaVfUy)m-Z<{KhXN-(@ICUys#PshKLq)U)+h
ziWm*;4{*iwao%oDZ}&z-3gS_>(`P&l*VGFQ_~;5v<N+SjhZhAvCTv?j?YVR-nrf11
zuGox?#@5af3T`-3U&+a(N0Z_2O994}iM1g8T-OH4Tv7p>(ZoHthIaidhU$)Mgt_-n
zhla@ZEsHn9j-Hx}t~nhJx><bqJyMMG*#k?hEXi6@wM8M<Z~G(4qln41Gb~p;%~uPk
zb%c$j_A0e)J~zPC2+-p+7ZjsiPowKevAz`=HIVM;w36n*iLAD0f;hV(f6`>o)Ty+&
zXS?7J={U$?d5P%Uz~mR7nW)JMasH-|PtQ=lUw)3}2)w!4km)$B-AHLK9~5{o$Are?
zS{%)SCRAG-Ix;C9@8J2im%+U?$iOjD8?swMU(5M_r}l4J+4u&&oh@0F)^)rv6i683
zC5-0UN-Fm$hFH2a>@#dZ*p7n&r<NxJX17|me(0X|K32#O7vzMHDpw+z78~1_la?5(
zA3H`qZmqA@`E*d=m#rb`=2LE-sZ=|ai{WniQc%@B8s{_Q%VTnq(5cIqhUaDo%S4a%
zA|k;}Ti*qqv8!qpyM-?%baeQKFLi&T{<vafCi+TR`gN(-_^4-HLvc8=CurM$t6WD{
zIumVp-IiiJHWFwJaCokTsr(jN+mJ%#q4|>#i1l|6IxYBH+E;1^4nQ$@V~z&9F>;`!
zrl*<7wHia`Jk8eyfI2H4)zdS9p2on8Z=*S2(RAZcZj6I{SI_rG^T`n=x;u&o!JJ2I
zEVSgAoD{<>xZDyOlJ2-Qk9xikhBv53N5oW%R!A?H|5(qo@9)L@tizHG^Gu(`Hb~h{
z5d^W({rvHvGoN`()ll{wvSOq=a~$9)A_pu)A+H%38)7&B@(q_Wzi^Fq#pjP-SJInY
z*g)BTSp#hBPB#?*E*nrn0&a&6fy&}LUeMX>WxJNdQ9wK>aPnc*c3DL}th*0($D_;>
zx~F^N$=rO8rhwOv(tF_9s=zmOZ_{wNCRkN`pPyHnP06;{QR~StpcdWvwKqbDG%|rH
zyt{7|yY2!jfZi`S0a5m`G*#MgO95YvX|rJUYL}m$0$E37LZjjcFelEs6H3^mv0Hlo
zi~t64y8B?_*5vVnAF)RtWqAQ;cMqfis*tX5`O%h>Nh!l^jzn3NTWMkR!IE4vkROBe
zy_>5G&46sOL-(6nR#gh`UNREykT2F{32%V~-AXIbSuB;L-dymoNNlkoc)ub@1b*DN
zn(O8HlXO7)%IID%zu_*%{s5yL1UuNiAxJK@AjMHb&>C=@-@zkFFAc?<p-mvar~X&!
zhr!Y(@P6kNUJNbYQU0U_5Mj1}t=8i#$3M}&&Py02@j|`e{U4NsT?vdUAfng%k3y%O
zz?g>mPn~)HzbUfD7RRYi@vN=+o+QO>n=YV?$m5W-VTBs;n;aN(=Mdpf+ky2@i-<De
z=*7b^B8K^W+s#4{MBo~KIqe?6lM@i-^7%K_ViEaHjB)3oV|GEGU~FJuU?x*8|4-Jz
z07*FsaNY74ZK?fXU!?5x;gyNk9eL^da@g4ZYxYiq8OC9$00(Z>8t0Q)54`e%jW4!e
zaE%THY=!8smFB~o-T=t?&933(o%xr$bKFURqJGsP&2!GT^V6SvpI#IL@Z1USU4j_o
zC<nq^Xl`iv$GjNaFR~oBLew_I-?DrMMXL8p%oIZPjcnN8jID%ot5bfW0T{_(Kl_#)
z6P#9z?z2tREm?425v7;Z(Y;Fc-Qwo?!7tl49+gF`vF+y+FVIBj@VtpBw9r6q4Lgb#
zCE3fct2IK4yWS$G(2^)9GR3+mS)d&~r>B>KZQml8T@Zfu`D~)|m6*)6r}zz;CZPEK
z*{);Zw}7ghD^1X=c5GrdsCmuJa~=zxAj?@(H2L(hQ!upSZ-2WV*iGy-Q%>vTjhs<+
z>HLZXh4JW%7L9|Nq`-amhI1~}oBisfm%Vh-Oq<hVTrBZjuUnU`i~yVX1m6JLE;1hl
z#zW6P$kr|mN+us6*WsNl3kG#Y8kQZXlo|OOmj3b>#1lU+F6xEzWx=hOT9eE>=+W&Q
zca`FOU+wy2!ju_ixH~>`5?uu(ni2PYOzXtRt;4Du&!ej{0rb++p@M=sMRqd7p`Fq7
z=iOHpbAN$;Ko4@$LQ|%(?i4^M5bx$&a!ufP(IZ^T`GPC`&^?gBOvVetc*c5+3#oSp
zRG38!J$8XmwML|bZ;6Vv>R%Zj^(<Q)%XEs#Sw^sg(6T-Xh(qNH-4dHc$CB88M=;7_
zDR2M&BNkn)0P@omqu0{+Ph*rCiwwv8i<q70waA^SzF}@0X4>y-4$U+LBoTI17_&L2
z_cf1jlC52R%%@Yguyq0<X#Tc@qZ|imq!lx@MoSNI<`$QzI7ErlE|-use<_R!z6~)>
zE5x5)=ET>6#f`-Gol*Gn-=UyP{jWq89l)m|ucZ^DQx;gV8~3EU-O$g+^Bvk(2AGR6
z1f@R4A~@Hmie~L`>EVZwekG{dwbW3SBqUI)23W-KB~#ABoZ#s{G`S2JE>bk?25b9b
zMon+CmgEFsYJaBrUuyr(FSQ?C$5-wD67ko$6z;j(BTX{T(64#J_XKvOATfp97#Qry
zmypJQ&D5=svEkh-21Cr(3}!cI@xhR;l^PGv*I;W1n^9sPhfwhcl?T}LPLP0W!{@8;
zvErCm7FBy5iVOS{YAMh9rycfVN~*4>ysL>`FM0pA2Q-SuKz`Z-t{03No`z5l`x@sk
znJ3L>IZw$(7_WxU%KV7q`gB!DFcL#O<wE~;;G185*_Ug#%<zb5ZKkJk2^kR&QoGWz
zF`hRkQxV-;x1tm(`iNSODUaVa<+|*KP=^3Dzd3)~-WRjbCG+<p=lncHXn%iqg4F;p
zM8)j0evRfAkBMbtzc1huFw@}U?A}IEbu4G*xFAP)*t@2bp|hY}rNmr7J6DJZA8si&
zwyL<EU#qYxtAxc1J~rHC*s-xSM2+oKcu|!SR5nNVKlFM4BX96d22RI7kPYn(%k`uV
zE(Qhn0dMJW-MhgpeeJsC_Zl^yD^Zt@SLDuDx>jPnR|ae{cGP(Vs6F*Wr;2H9UW`5B
zN9)h!Z-VmI<W!|UR?0Jd<D;HqXwdTulh+kg{qUzT0gd?@rHDaV$~F{jA3rrh7;w2d
z&+QUB-Q+?IvuLpHal@KW1DD{&-b|7cJh$Yb6gwR$rH#|03{}}xpW=ynEC2j@;vA+1
zQw;9kz@5kb2dpR4T;|Y8mj6mHaJfJ!%>8CR*M8N}dO`Q8bWADj&Sh=Wenf14+gWFB
zyiQEZDrzX8p^Y-CPC-pSq6awulV%IC>x$7NpHelWbGa<h%%MBIa@&8c5JO1&s6nYd
zM5l21qB9^B2eG{Rg+nU(G(4hUR5hJKk#4-D8cwtlafIKn&B1DcI8O;`r+M<r?S1VS
zeV7Ybm0^EE!27V0%)&O{WL&!!b^97)Jl7#Cf0BE?hEi_n6_Hb8Lw5N_heCPP6DFQK
zbUJrTQ>f(_Ky#+xN6d=E(`e-?obWL--Qo^v+akn`4EF)ZaH(@2U+{mK$EBa`m7Ft>
z@=kw8-JH{SO(VsV&qenfTlA#BYuQ=lLb~x8SvM^>?oI(e@Q|M4DXBYse3fVCX^j`A
zn7C-L<PcqGIDP=Xn#HmWb7RDHNLkn@xefiUb5?(3O>J`KLFn-=6zya4FW6m$h%OyK
z5Vgu@QDK4onk`iOX(3$<COVx6fwZfc_=z@98=hkwdt#6Y`rc;cBSjb>)e0uR;|2jr
zl9Zp6v+4D#=DV9pJ!I|_unT_ypQ!OOvE}5TcW6(z##x?i^C_01>V9Zuxu9Tjl-!LA
z2r{vN<^WbA16KF9w6zizdray**&aBBMU)sna+kA8w`zwfujv<JylGH<rK!2>K`2j}
z_$r<0m1a35%%YEtk8$_oAi7=+lUoN8CCUP9MycPM-!w1nHu|4Na_kMMWTNR4&(V3h
z(t7OmAGm6If;_XqD+)Iu<qq&+In_H=@sU$mjQKZx*UMGBx9>{?<@(Bky`P5;i?{-{
zKjRdH?g*69$0!)=kx?6*(kj+3DJKyH7%B|8p*^`71ETTo7Y1mrt_kIEP={CK_?M7B
zeGP8+dAwq@8RmCnBob==r|n$uM}z)H1ER#lleoj!9|xl`|GW#}zb)ux{e0<Y)(nN}
z(w8=#f7#Hnf=FhL>Fo5#(tldZzmzOkltd;l6dsqT%jh1+?FFXTa-xlI(SEw3V;)G$
zkxVJTfVZCvL>QNjFTS3akvQJK>=<{jhdJ^8Pq6Mj!%afY6r<k<<Dd!y=_@%X_+mSc
zDrw~7R*P%FS!%>HFj4W3-mi&x98P2@oyu=aq)VMClP%lGsf}`7Nn8d-+P*4i6AKW&
zXE5V&N7-5KEH-~#OK}6-^k_CrTgE&yYnui{yeHj)^JZl@>m;23p8*?dp*BZHRhd-V
z#^civ8#8(<ZuewrscY<LYU%s?{PBo$>ow=vV$`+>0rsN3v3SRm2giWg4nO7K@@kLv
z!CY+}4Toci6(b7%+mSfo8Q{Xdj`hXQj|Q)X2JKx*Xy^TorgBV?!+vSw`N^Wv<<g;;
z(PsH7gbDfC*Hb(uUBj_eF^6~85mZBTa`VB=TqYWG#p+kQ7_LMIefrrQi9TicMnoS=
zi7IH_5nrhfBN!B8iLou1H*KF;md|m@i=E~UDP5@K=u+lTx_U&UPLZGnGR^{JWTk>-
zCx)DMTwf_|Bo5ELrKR>|CI}(msSLcOgDKdnDq;g4&`t1T8v28JWdA2rC7`YzV->Ta
znJGa8`?(L(p^1jz-L=IR=#HiYVerQ!y>AzJK}l$Em!PE<yFh8(I?YyR(w19awTSi7
zW7i#7S$TxZf1e+xw9!kuOLBy<K{rHaq18s9a~ftH9q|3w;J1dQ($jiO(HMB9(Wc%R
z`Zc+s<iZt0F!h4AI4(I0W(@i%f5)@H+lP@H$O(&&6dVU#lZ>gG3!joTvj+sAledPG
z%3DEthWy{e#Jnwg<u7-!b=)MraC(<ZzV6f1CPjP=U6jmYqQ0n$&ymvCYXVxYZi{fT
z9*&)!3K=#OR?&8G$4=6GWgpABV_T>EuKlv#atj-R#Z@(`wC_xfRkt|B?wg(@8c0pb
z`2r#;Z5ltHjBD4$Ba`isy{Ww)Sxb-ZR4kG__@t$8lAKZn)qB-a`q+a`K#x6(;ux=@
zm-%9d&Ai6*=Dcctb~r;~;Kx5|wz9_gBJX*QYmXOAo7WG|gHA*$rYObAs_o4PmlN5f
zlh}33K0Zw)DtLBI`Cs;QU~YJ~dhpsebh@~&e?ccd(KNT%Gc=^3`OPl+dUtaqpva?h
z4J-r;+Z0Iz3%$@>R4r~J<<3JTsb3nS2E1QW!NbxQG-2}ZSyr0W0vsDE;u(|tmQJqo
zo;-_m%hX8Sv&5&-YDv^d&;P2SQs$>g-4d6|`nLo85yliTY#Q)E7_ruG3pgB7R5(lm
zW@*cO^Cu|0gS`x+PSDHhk2${-AH;v^)XyTn{{|_a5YAyQ;n=#rEM@-_E8+gssmWym
zf6vnWRW}d#W(6|wCwesgId?bsEzO@ZVLyU?>eT=HH*$Yg?_@+vFWyyeE1H~L@a!g4
zblosDAnN!(P~5~bf&@U`Qi9i#lS|H#KHtUMiOc!4HQU_iC->8X1$Uhyw}RHWryjG_
z^VA@wmeGeD+jJ<+AMX?)@t&c!%jvsDYuJ1}!o(YTaMgr)xp46CsG;BrLHF3RxTBrP
z{p-!eon&*S#(l!!_p!dimPPrM?mM(7uIGQ_MT~rjeCxmQV*7r1=6yx0*G;e`v6=~;
z8p91t8nb#Q^5tfdJERd6)X<3yj)2hVj-*JVRqFLE@Y6Na`~Klxw^sXq!M&cN6C~k3
zDnt{n*I_irH}3@c=~D+x^xqi(a$Zd<H1aXha=I10axEyg{A*?~#UlSr{TlSqiH>7)
z>^;y60ZDIIXGdiK1r_FE->q&kR`)b=e!_IUe{-}N+pN&CAAaEetonXKP3B4-t?GT$
zS?y;YM8%=MW)b^us;3)o$tMS#a5Z_Mm?j#y=gtc|%_K<Jlhudp5lza_B<jLJ-5_ff
zUW+T0kkT1o^P0~GT@5#(!N1Jx&tigr9DYr$kGR1&$4LF)nPH+l8k{rST-KETgS)qk
zitF3^JR>An&;)`L+#v*acMtCF?hYZi2X}XOx8MYKDO?K*cZVsG-1|>%&olk3?zMVm
z&D&FlUHhCDtor=EvUwD<G*%2NoNUA|T0~>tTt_UK41LI28$|F`RMdaQm+(eq&xUa7
zQm<?cbVvNn;uNNMMCYdGY;$)vpbyA62DZa+2NQj^r!Xm!SNv0%7Wt`6??;@<R}@Ta
zh9?<O_6FO`j3etP7>HpseT?0)@dddJ;4@f^)FI!<wvcQ^L>>=0H8wUnI`^^#1)gC~
znHrGMd%j3<e1}zlxI<zS>ree0z3s|W>{G^612kpbkD3v+;xh*}su@~G>I4>irW~6J
za%WLONBJ5<u+ipKEgY#mYp^-j$xYl%UfpqX+XyzY6_jw7-FIto8bDY+vyDA4TX8>H
zsav!Z!TTlB$Y2%8PeXf1!bIpc##=}^?CKnpGCyWQ)xJR6S#wY|IJW$n0;A`Q-%rm@
zSyJU6OFLScya!C<ZDo8*gpi^luY29)oet{uE}sjFG|4O&R4Zttw55143XH}iYh5HZ
z={)(OO)&YH4AfOSIzE$W&CMFcU@mrLsP`*Jk~=Y_bsDg4A~1CEz*>ls%Ud=WC)i_6
zjD`x$*@q`^#RO%ep238s*_(@$OMs)xA2(QYX=5<J(5i3tqo%m~Ca7n!cqfxjeR_Gx
zAz3zQ8w7ZNy!^0DbG)<b88~wH16XmM(^e&=dwY#PT%den7i-6sXXy)|O0I}?9iglT
zF6a;J&^>&%%1eVpR35L^W1>%v=sw?&xIJkKpzbUJ=bIxux5V?#N>0GaM{+8)xQx<F
z^~(_j_2%i{@#feQZZACn-4UO-9(US`3zAvH0a<$RZ+BQP4gj#H+NNUPHYRjJcimd8
zl`~|bRu`jkNIxlEF~89B+xK>^G<J>lJ7JLGfEaqwPyKr&3T%CUxyB44D`LOFK9S%G
zz_$1M%%XN4TZu201k%b;aSXtuPvuWi>*^kfl=z!%)vli8Zz`$sV<ng*7J|`A)_hAC
zqDtDN-R|!qMWWD6f$lq>ivN{_4#+0o(=r`($LV3>m<#BMLY`7@mHCag4~2-Qj7%L1
z>g+}<Q>6hTu?p3e!@7*rF?<A4OU;!N_~H<pN|KJTk_@ayG<AU9;fICfY)dqjC6@c-
zcH{-?#Hjod$_f8i9X?$U@<dY3&=D4u7J5-ri9g8lvLp+wEH0{XE#=f@Jl`YQOZaHQ
zbR)TK5^G;buL}hHv6c7iq>QS9-eOQ&rvYv~qbW*Q!ZvGG^%avUQp<pwQ~q!PCNo^Z
zsLh)8-4TL2jmFGzi_?CQMvyMeL+R*s*<)FmUzqpHYubxg`|h2TPJQdiuO+}t%1hDf
z3kTHBxM9_X{I$VF_Wk4m`1PCZSJtPQN&T%M5B7?F5F*33l4jM^qyJ%nkGiivzS3WD
zs+!+soemojS$>anQ55uB_%;bI`?v6o4ugjZidU+%dY(m6NnK>ltP?bcTZ5NiI7VB(
z*DyK%A%X%t?#RP<KbE!5%wBk0OSCJmq?yw3l+F&fA}!vDem5r8Td3s`!>mxDtGz4T
z!A`cVI#06G6vf_j_;NOmR9!T7gRU~0GrAHRPF+XxZ<Y?7`A?Q+xTy)LJ;25SI{Au`
z+Gm#b6GovUlYAaW2q{w=R1hm><zA}{wj@W=n|H2zg6VxRrQa}}d8zvG8@kZ^i4U`B
ztuE>CtPi3UFy;gQ^fS4<L3L3Evn=DcB0U!PaTw7R<-phr4npI%jqi#I@R4iw&3hve
z<dR!ZlvNJ*Vep$$o!9`oG1qA#ji#@p5DYaS+~-d}7SAa0kg_E34177|m}Hr0-N<(L
zF`x7Z+5uw9%&@JR3cT}O7#t)Sggq1#vMe0T8N`{%PrhO1R0CFPV~&Wz?;LVGEFZJA
z-7X)`D^9!h*VztSEuLPk%Ho=R^mI|PoB!X0_YaKcX}gMta=#Su0^&M>|Ir#RQ~n{*
z@ceCEQKKeE0Fg(5rF$<NAnjvVK?^mf`=ffFBDeQEiS!e`4*ypT>yQQEy@t=WFM@Vr
zCM~1glX0wdwd*MKQ@e)tpG0#*M~`Q>`#g5(IW-&sN}?O-gg}`r=Bn@MyJpp;N|K_*
zZ%9nColAYW7OXE&eu8`Htd?^Y2Gz^HkZ$HrJ%J1KVn@U}F?vNgjaAv6<Mu%q8SN9-
zMXB#G<ji&s_^5Z;2Wwp9V-wf03esJC4;sSm>SsT#hqdH#`FLy-wH8EJF`3M%u9WZV
zsbHA*Oe|+;1oPVvZFb@9XBT%ZwV7?f;Lo*g5H3piBA*}mcJIB@UE$!@&#a_1ugTB%
zfHnu^)*q?J7&U_3_&aJf1m_x5mx4lN`s-wRd}D59lJ4$Hj`drt1GQzYi<fJuz_chu
zkykB`Gmn>3%-2D{Z;$<*%r|@QkA)`ow^J#_UqY$8o14IW&}h(&6;=yp4wy)JDL_t=
zf)RV+i!?k7kjNXQsc7qE!f79>@nCm3j`mTZ(Na&=2yD|CK9$hLjH~!~v6^6j6(?+A
zL^s?Ioy_RMg7B4P05n5OiGZd~kM~1;78m&dCtClFoI*0r(Dor(cg!pFG%F}p$tWvj
z$}Fpx@vyZs@{o3t{vfc#4jbBSu`jmwQBX4hGN$f_fCi3_3FhRe=JC)#$(c!^HygoN
z(Q}bW^5_gMoSr7zQzh&<1N3E4Is4e9rcFIHcVI?_gmAS5=cu_3GFrGjwKr>H+=61g
z#u+KmHRO+408*^e{WI%CJ@m2C9e#O3Yrf_J{is{a{hFXKBA{itCHh;|3syVi2`m@^
z)*NB1BJafoH~qkI#(r-jmIklmt(@gD!ODqK<ce5QGoz1p7?p3cnqt0a&rr^{E^QcB
zOJZfAS}u{mgip{^*rX%}G$|0qQ`_2`k@`mjvS0-d%ajGONr^kiv=g3?Pd(&q;@~t_
zIHtCGw`pkh>@P^T5k0=YvN@nRit{{HKE1q40Ur6bnefje*sl+0zSOutjz8fqNyKRn
z+|8;lUzwbZ=fvd~p0QkOtlKlq)Cv5&CY5g%p<qU~{NwseLw(9e7K0L-IlSgU7I}4Y
zok6X^O13jsvWu>jB(FN2sv8hvR|*}T{4Hn8YlT4!_PwCB`;{GOP5M&^UdmoeqO*@^
zu8j|Pi~SNMEnn#EaB7qsj0ohBtzJzlbJtDvLn%{B!}hFkGgU#Li?aPi1ttcp>aYe-
zB(hat^G9Ucqe)G+yJ~~_L6UG3HLeMpz3|TnJwqb_0&fiR%BSJf7})}`0%A{k$sUlr
zGk{CbLKnuEVvUH0pX4*Ds%D%-%cfMQRo_dQoz_S!Sw4~q8aCkM8mS~7*r;Dm^kmd8
zCejr-udt8KIc%-2@j0A{%h$DpIi>4a;T7sHQ_Ns1iUb;Og@N*%Ym<g&ll(<u7joRh
z98bM*WvOHH#w+y>eth;*s9M}(WocEkwx3JkdleefK>6q@qjA_AQq^kAeW0<y6VHs@
z5_EefuA{}JW{_C~eUDY`0llc;X8n}5pZ=A$4@on`DKPE%f>48PvT@e=xV0D|0|mdl
zbb@`=H1Et_@zFb1@x}5TsO8Gj<Jiy}=9Oz?FUfTr+*<l}rF-vWbl0rjpJ99(9kkA|
zz6{x-zBYVUcTo-b$zR6(f#&#y?EkrOU(+qV1h@uni^v;4l6H=SukaWuDH1!3tX(m~
zP?vR2axibB_;59QiI$(AZH>6-O0DC1Ump^|zuxknBM%7(792yQ|L1{65#3L}f1ctL
zllmlNMvv&*%=gzNBH~Wk;xTv{=KqTB#{we`CN|we^|o(ig~ZctU`XskPMIP>hXm2u
znZ&;CftLE_H_w7O1J-`q{Y{KcuqIAi63hJ>tJ8X#14-v=^xJ-^`(%zUB61z?%Qw+%
z64QWWYhf*|h1%Q}7{nyS+qJ1tebzIx->RYeQ)cX0;MW6~L;Rdw&+PRzAjhPD`-pU`
zp6b^(Jzth415ODYoDjeEBzE8p)UqDBFAl+lDU2QRCm-<G8qxq9&)mi<a(TLFzd3(P
zv1%1EuF%}_sS>yq8JB9Uw{IrWRE;F|8XPaBeX}XJQrw93)@8WUe)wz1xk>@+7QpKE
zVt*8H4W6UGh5c?z^Y_~VZaqL9I&am~Up9Sl?bd&YSiT8YYP}nQFL?|C3CDFMS+1$^
zsPG6Fi|8LPdL<^2ti?-MWHk8@o#>ryev6<?F%(Wmd+rW$7g)+u-P7LF*>?svrhUhI
z!sYICVA_MfFxN$$(-H0?+|nJ1XV^T=Hl;#K?nr{ZBMntXE>({8EuOUNDL+2lt&Mn$
z0gK+Aq1<e(1+)={-^O7NCzO1hv=KA(UMP1rbDn3#38Cbp<;ZI4p|I{z$#NT$X<@DW
z)qQMBoSyT2;;o&>6o9{bK<dkB_D|pag%~$(K!m=FyYH0Ng6jJVinM)^^am)p!Ag(&
zjJ)nYhafU9P~NhHlK1@TBKW1^d)+*x^&fhYQU4j$aCbkI2~_a$b^kMf0WS$I6KJFT
zb4BS2@Bl?&Z&aH0pNURB*Hf8*<)AU`KXV#6O0b@f!bUImuOtI_Sx`857<7YatMW&g
z0LoLDKsP)b%0Hu||1;b3x`kJ*f_=R4b^;ZY5jxz0Ct$1CTr6MgSW}ez|L9ix)r-cK
z2a0cfjN|$yeENRrQiJ_sY#9;qJZ*wUBD?GDKkr*Q34+{4`H^Jl0)9Q+!op&j*j`28
z59<S>So&J>#8Z$N_rVc2GUqYx<LNGLpnT%*+1>B?n#j|9&9UR^NuSpgh`WladzEaw
z-Az=)+dIixnqpolO0MU)`Ub-VTY^HN7lucG0TleJer<B=cm3L2+y8p~TGvhyNmRdi
z!|76?jB7{>(rXX@_OLN*zUOSVCMdQqtO__(4yx%c2D7ZNUR0pe$MvplK)9*xv}&;z
zTfh3*z!v%6YG4z?{Vy8W4&oiPOzttr$8h2H5J?)}_gPqGL4u?av~DJOc8X6%)}6ZP
zptr5S(eCY697z~L#BYIsAKh$8e9P%-4Xf&X^WEL$OuwY~5at?}<FxKIk@@x-y^Z%^
zA)b~CV)*BLB)=*S$$uu&EBi*{v8cWfN9GUje!m50U0?@p-Z%h5M8}jdueefau+9hD
zqXGI~G5;wu9pFY6`{y+^gXSg_GF3I-SxVrYwS2y$b8vy-A{08L1ANH^TsXq_LSURd
zIO@NNYwZtVXVDG*XEs+nETPpPQR=>Bph8^iZfmi1j-{Xr)T<m+VUx8UxT$%K2CHag
zd{xby+jzb*Mh4bEF&PYr;qbi{k$z1)#)R`o{!Z|hEGYx&+I*9l{YgSC=f6&0NNk)a
zpr{J!zHelQ6kJOt8-Y|+j}X==!VEP3$E4p4d|!pEvnOV?iF_90p}SxHv!)H@YB#4A
zg=_B*oBs7*HvQytuuUIMfTP8F09c+N`3lLrjNOD!tcdxT#cb}BSjE4WP&$O$$U=E0
z)`zi?mzJOi<5dy6#(j^ju(f0+ams`*9h{Mo)#ET_JzuFzw`4NQ1Q~Ex_{{`Msz$tE
zo~k0)fU@hHXAZ31<hOu0Pre{$B%er9ZwL02FxX*PUce^euz2k<&D^hdq`-+gzP`By
z9nQAZj?w#r8`@&s+qA3w(Nc8v#n`}&Y%YMKstAb4b-OT%;2k!^juw~S9()1<w6V4y
z0)gSLlUS7s6qb|TNY1+cR@n>2Mq~c_GW-2w))?FJ1A8r@4J+5GRf1Y|LG-vhco2aS
z-g2CMEXk)P&s*5^zTmoucW}OIY=YF@vFrL$QgJPB$;r&Gmn}P&H3h7>Ee56y^F6*M
zA;eqd&f1MajtFBZL87tb3>V&@$b|_uN#Wj5L1MV<NsfYf2lm#>ePRk)3U%I4!^T!<
zum!Q|#M&0<&e&RG&R2%Cwxo0)<(xuc75-GrH{UM`=T>vkT;r%Pv4x1Wz@dFfbqp&D
z*Fe0KWwI_z{ArS>;E6hI9nBY?&<cOd=bH%`07vK_=Idu=O&&{IM&%&q95INuwRe;C
zl48MO{OJm3_&C1n7OxeEl=n|*ct#!n+R9t_Y^ySOXv$4OO)31$Usw<Q3+tU&ktKeG
z;2Zr+!I^#2Z-lz?)5o^%i#$sv%~oynYMKNNk+!of-s^jHOZ#D%c>jvQdmsX#hyvyF
zBz}e94;@~HexlLtK26<Ybf^(st|Q2L)mW?bfiA3e6WaEa4mf85dNthk!&tH(-A`UB
zdAK~p$bYRmQBBT}b6^y&smLq1f8Ck^8A_8P6SdDRQIprzQZ1~JVP-IAFTIpTCWZX6
zzCT5F28k{#AJ_+N=KkylbMY!<?uRhdN3vTlGGi`B)ZA<!z2E-nmJ?hZy;Gw#tSLB;
zzS-X?!E;7OUe(oJn;Gdr=<sVuW;;d*Xt}_h@s}AHXA!B5brfHfS;u+_Hnu~j#Z!p@
z!Od*-lflwwEC9z4X4EMpuZs_?qvHS^eo7)6>B!Ukh(cwpQDz%-Ff_yS7rz;rw>wdL
z8#l>&1-lD;Z%CwQ_A#;--K6@~JNCJr4mKf)Jf4LyXTjSivAZdG5ehDKSQF0KAlEo}
zgJz>rvfAamkTSgYL5ukOGv4Nt%iKzdZe|Sky{chxgZ9a77g%FB8yAg$%G*kA9L^oA
z&}pZJZXe(+-q)ghb;?rwF5D!Nd$lHWR6Ie7kM;dJ{^7J5=9BuJ@>BhmKS=Hg31-zh
zcqu$TzZ(w<D5%QI)IODtdK<Aw_6gk%QN8Cf?mB6BEpb;4GGZZJeRT=vhNdB$qmNqd
zquSa92T6rdi;VE#C#bqLnZ>u?f}1I6>sSJ_1&n>LX}Pf%h~C17L_HB{6x^nZK-{sn
z{zLuEFdtvisU*DxKTgkFbj~`or$}plqbp~^_?>rT?f-pS8qrRRzi6Q+Am{=0Egp-P
zx4W^Ug%XN{b7=^Yq&ork%HWM<LV4qc1r_oWS<aH#T9}a%8M6tDa}F+qZH$lv6m6~n
zY$d@&=+bK)Pbu|wilXy~f#d7j%6x3f%|qVYzz-V76ECSl@R3_;^cYfjJ%z-%Zg-ZE
zahs9|RR_w#*S<#0eAvkYmgu{aI8N#@67K9dOxs;xOmD(#5Ba3)GH7XYAde=0CvrDY
z3;pH6)|QKlzlY2S@}>>jJb~kKsco#>*a+|Wq0|y|&D;=5M&Xh>oWd@a9cFFju1;Q?
zj1by9S4K@<YH>0rJzO9!f!{foQ}3Tu%z9D!zg39VB%X4FF`u@D7n}2mwXxRfK#|^S
z)>Hr~R6j@Wx0SlZ!~9^)RWrNDgwtM=fdaS4btEgEbvb0~_3;ZfKU%feK4S#xQmKrp
z26Xaiv(88<XIcess|-QJD#=8zRJ2&E;q5~A(e&T0=WU@~%{{W3$3H62Y-cvS;dL$|
z^~4%BRvCqH4v37Wz>(~Mn>bwn$#%%fVyR9Ie+q+h=B&3CZKkqZ=YL&**7QFsK>G$6
zN!XvC1XhhTKYVM8kZYSH%|)v7_dN5$bbenjKR%K7j^{}(p78m%TwG4MI8GHtVMVzU
z3Y}x;!nA9|>O<)T!m<&Ril$|PEu5s?I9nx@;!4r%88&)R)|!DA95^SC93oM21hIEk
zaM~bc2X1I!!yZbe{?ZzSm0HI5yY{TM=s#-DKJzC3uhgFD=Xiq+$)8*K&eO?e>fEdc
ziR(sNXh<@!K7m}{8F4)Qj$bf;QBzm!ITKKLirW05-}!@>rgC>ExHOvn1+qIJPPecn
znorOeP>K5UNB{SBMCLR7dq`Y2#O_Dc@$b?lsvJp_-UBZsbBfOt!zCu8|FNIK$2}Dd
z<CZ$_ftUNolbQ%+rQDV%7~J?fH4V-XbBDeKQ_1>E@zcNV15-)vSZ3)Tzq{ALR5E?_
zY~qhRbUrbdN{WoD^C|wJl1XMTl`wFArw{+<iwgt6RAPcb1^UCI%peJ-l2C+?Lw`_-
z2|gH_{@>UhxZ<p2@Bdd7XAvV{o-yL~KA&M}K`M~N^M^Hb<G9St0sx?OmwM<~TkbpQ
z52bHw_Bg~b=VmhA{*g=G@vw&{ur1=rzzH90Cx0%UK%iU6{e`|p55hh4gB%l&ppLs@
z*4-MRAn|)7`FTZVNllIfIg0@X@ySwVR|5T?Bm*`TOa3+$?}u<$uOkMOq;otKoDJR;
zK$**rFfUfS0j=qYoldJ})z~OiPlMw_YJlbM^1D1vl#=aAd0eQ1A6*21Uh_S2VZ)n*
z=rKmO?K^h)5fdb-PA_PjR`kCl8Q!?gCG}J?wcg;kfe1*BQZ8AMrWEfdAHUbNtTc_@
z*E(vO?JZty3*m}=81*VRH)WoWwra!=>K+5Vs$Bba$(>UATs#fnKm4=%Y>$&t7JGR8
z%A#SvY1uu0Fqc8(pXjpte?Pih_}`2!|HL0K!@XA7I~fNgqW(glwWB&E_A@h#9W}KE
z)9~c7R4OXn!;m`G>9<wE%q-KdJg<s+zu_l>?$m-35CjsV&!asQD}@`9!9~#(;)=?y
z`5xNf>~f50u!rW9bK18g_=ZuR)>b3}#Xs}QTGVmm1o)L(@K23#C5EZ(rb|v3o~;kg
zZuh&ILQ*rANnG~gQmtz&%|}hRf;Xf`B#*VY18sm%%eD)RyIG3V5{vEsgeMe?)e?*G
z$<{)sVjZFx|Mu@uZ%otLyf)>^c9j@1O~tVXJ}mai4gapV4t>&!-?FfUTt8M_a*jr*
zIi?&c*6I>7eynY;Zajv4O&CRou0nCn3PJV*)@)Ri<AtB+DX&eX%03L4Hf|)da}<>6
z3z2VMW1ZQvIaz`kjKYl~lfOgYNY*Zn%P=PMb&wWYizOI1XnY#?`|`F15Vmj4yLOzG
z;L)~R;#pT%RH*8iySR806P{aSv3T3mc3S`fS>7L%^*6%Z$n4j6QsD=vU{JPssbx;w
z;RR+{K2vHF7W@iI(m++L`u?5!OEm0JoL<x+^8!I$30kH;Oc9{=?AFN|dmF@uyJNtB
z8h&pynWtub6yzz@$+{GBMjSD#0g2nVrFu8)zlEv49!45gZ*Lx0{k2si19n-MN(U{9
zXNFTh>q|;5dmP_by~DIzvdxI&qWyc9r7L2$<6zCM$EyyY)p>zuN2uw{ahD>&whJFu
zZQH}T(}a{8mxswo_|eVd)#1^dt<+kPsVB&$alGdwpK+0^(M*9UH%Lgx)hNh4S|`5e
z;_j1F6y|vYXqx?ysa9R~$V6qna$w*27(m}N&RJUu&KOrXG-dC5tt&M(8(YSenQ6E7
zg7RL~-Z}_OSc)zCT`_PSN|3D7iX?Yp5CaOrZPpEFJUAgP=jpf(v$2)b25xG_*_uPw
zr8So5JiBp9is{Loqw<ZtP$)K59*HJ`EjG%t??%u<+~Iyt$-}F|6!&F`a8?k>cb`;6
z<Qb|XOn|ZI$8n7ATCr7|Wl8r<XaS*E7?C#)5LY$xI;piay_#L{0+Muecm*&S7s1ki
z=y$H!d<7Gg)!s&$$YX;+u{hd-@we=2T-9l;%Ri7PcNZ%2Mp$5&gY6Q>Y30y`vfOiZ
z)y>bz6teC?<au$?xVRi}grxQzX)52;sWtiGd#<(eGUbj&(9?{W4$D`R^$6UvFdi50
zF?Bzg<Jhcjcw!Yy+E?w$?&@IB?W)JyNCnqZkYi4VHn`4c0}30MTh6CdW3F}&4tk`T
zS3|EhG#{AwJqZKfi#e{-JWM+s?M&BsJi~RlyggDMlez0?lGHjMd1PLRkH;5#8>d#`
znZaL{v(`o_I4ptLkl5dWL5(dYd;JytNA|@8cjB&rkQMdZSDqseU03t9Vglazk@d-3
z<G8QH6Am6lGX`IZ<WZ_f&3dn8lX4%4D9`*E2;0%tX1X?`QY+4My%N4m;2BZ!^u&$m
ztT{1uK^{21=&gDkPCp#AGWC8<Wt!;_;iN8-W3jfF3C>H+D;JgwUsM*<Irb(NTxXW5
z6V~XH`xsA_$jpBt2hEb2G?O>})qKMkr|skDd)EEjOJJ$gR|Dge7f~oaRTf%`y9Ped
z@!6j{3GvC~wV8OoWOWnH$<xmfE!mSW_a}G09w9!-tfLjhIM58!1MZQsLg%ArYNe|B
zASq+w3(REkb;S<H+`;4oy(u~kAK~Gnv6_FA8LiN+Ur_M;9qM_q404dKr0%lSi}}R9
zaD+tj{7(KbSrP~Du@MU_Z!<B8>)b(MRsF}k<AQ@9)b|>2$4Y(63u|bx-`AOHJMSGY
z(_r4pHKCilovwNH_&NpCD|uT<k5qtQC(ecUb`bM(BW{M++)!gHJ^Wo_uq>)aGum2(
zPhHD>iqipP?@`C@!!xdXu{QlE*X_yutD~~>^<h`facT-pT7g*P%*1b1xZG=`8Lf8f
zlh7PIF@U_@4AC1Y@-c%$#rZfZUxH{=MXMh{jFpIzpZCVXJY38{_rArq0_=4--Pbip
z$pwsowO=)D^Ca|(!n=1P({T5DN8PER6*rVDd+!}a+CMEbdic%mz*^ThfZQRkRmV~-
zRHu{txH|&jyV!R8mx7c&Z={nS_aS8yo%+Xln6WWclg5?75q$1(F7=W%p|0ON4=xgm
zreNIov2MozxEFLoBwJP!A&_skG~vvDt1H^pIoK5P#XBznMa-AAWG%W)x(@@vc2iL}
z<oZF2^?cWM=$a=jBPl^U7%$H?eoPQ$H9J}2b^$+QMt{Rg8YK9xVj=T(m3c}b_`9r&
z(0B|rZ-du#s7P~^PZs072}gZ)W=azgs*WO)ysziQl^k0on_dv!W*Otd%X3Y~lcN$L
z7ZSMk<pv%Z`+EaHL!MrpS=TDv{XF;Sp-H)SbKIB;_gjz6`!Q(vu(HD}_dQIl8I7I;
zs!N%iZ8uJ@XDro(1{66nYL_n`X4XN9!$s$XkJ=UbTwl5(gwG-Pr-r;K!bbTd6uPDg
z^>f}R&2OfeU_2tF_Av2R&<=SfGTvTZYeh}XEZtSAbRP1MR1FGSD|JE%2z!4mu1zUa
zbh{(6CJ#pZ2=(nlHe^PlpV4qjhYnN)-tBWV)cW9e@K_;2Zf519a-yhFiN*|}ZS8o}
zS)=h=hgs%rH$8lO^YQIUJ=PWmsPUCP5wdPtrZU4^`6kDg2(#R&__U=;Awh-ItN1(9
z_QUra`2%|L9yoGD4?HutUncg6xAB-bB8P9;@l$+AxE6HzTL%3{3k6CXyLa8Px{zoZ
zMS@g;VRe!mmQ0P0=N+*Y^!{&kN2$pyMy`@EskK6I5>2SsxP}Vv7DMzy?yg%>!w)nt
zZHl%cWOJ)qT0%+E+>kF9Y!P%S(5_nY6zd*PACs@mo6oT=1wjOlU%E${eZo2Jm_Ol;
z=;}S3PIWFehtwSCN-L+5BP+X4d`~n-SYhtgN-4Pep18>-_wEFVjbmjGf_+T2L}VU1
z8MGw8b$cwf%V<<%e)obA*k~={8(yQba0q}HrpDA)J)KB}s!>qXggbF8yRe(DTvCEy
zHqn)Gul$g+LoJC$1w!EUMG%1=I1hG^)b}7T+z7v!la{TQ%$}|-&NL)kl6xM^<`Nq~
zVA^`_oH&u#m?M>V659Rxf<|1OC9l>{^hnRP$qCKRc4`)Pv3K&_YaPJ5R`b+x$VeGI
z)TuA#UY3Uz8z|@8B9ck{2)J*AT5@0OkRH7S$InSNy_Vcoe&}D+C}b;{Q<_+9oQ7*`
zSjon=+$jD?;J7XWroApv1l2=d08att2*6gwtKrBmDHx<$W5aZpAEkj(uP{@Ihw7D2
z`*x<MQ4g9=B^Ml*-GfNl;vc~kS8%N-eSD(v9!D?J_)caFt(Q&Tk~iKcdY;EMtuJ|E
z*iP&lS>mD0a(s<ASY)^?lW0gxvfVbegiMkjfZEifzM64}v3d8&ls&#{6U+BaYK>**
zl`kcA9rL}95Y^?HB9~+sVMI1$Ch;WNV1ehNv1D-i<SX4(VG<$tbN~8$&Hgd-3@r81
zDGnx~iJK|@dhff%B8~}xYa{SMeP_82+cgxr(mZ_-n-3L?>YI=m#6_40nj4PWD7*@2
zQRbs>%RLyG@q^Uhby<4t%)aDZvP5dLuXMOxp-A2#njh;(-zQ=Bui!d+K=mk5dJYba
zA`lJloYPw%IGb?!g#?khCidP6*S{#?k%DtAWEv(;Q+;V?VT@$K$<#ci-Aa~D<_X>^
zMO1LS`HmM}O=rMxW9F~{><nbp;4m6cCuGTmTg`G<C)7OdLEeUV)Kij5xeMP@>K;v@
z(iQDO$iWCB6)i!xWQ%QpiNDjA7Ojf9WO7_shL%{b!vF&QrL=Acm13C&)lMgeOZ3tv
z|3HoD%v0r=`%LQ$*L{K1Y6;gVU2RHUste5WHL&-nW)Cv@<NZE@8;+&RE#cDaWw1j^
zxErDGWounOE=5yJ@nrO~ywBB|JqeZ7{)sMlDGcn-kqxTYw&!QwUGvNuIeq)|4DSPk
z4>#Z2`~v3t`{le1%8~KwJ)xM7_lw~zFhU2%ZHs1atVN}gi)QF|UY`9Zn{;IQ!P?eH
z;cN__^nTEPAW={4)0?L?z91sL;7z}PFd>(`_q$A3cERSn%~7=iF^y#I4&8nDN_j5z
z-Dz{GD{*sY6>)XiXj2vn>iMrftapacu(ozN^&^h;{kaVHua7W7zf+u4dt~t-d;WFZ
zgpa$+*qm96hWGc4Kfhca5z$)Z6=4DX@4fu|Od9hAzNBfVvJ29SKW@(d`Xyk3{DTO}
zzc&uP*$eQr0Os&`@Y9q0Yh`W}2>xV+=OTsw+U(EICjGz*0IXs)em(Z@n+rdDSgVE+
z{w(nCCwqD&jNk>P{i@FX-q)+=NO|(yk>vmWqNfM1!2>VAn4I(euYHk21u&Pqh?M*L
z5#YcJ)T~mr{IxGR9`Kt%`Ia5@*CUuiEhr>ee8JRwlx=pp<{)i3!V)DqI7f{h{Ti#d
z98R!EQNJ06TNpzz9{$(gr6A`kZ=7}0ctSCiR(#Z#aiO?h{EEr6eaNQS=}4W-y^{k3
zy^E+P`s;;Lyr>CIj)c<ZF%b|KV^WdZkPDo$^n@GHKge^JQ~1;`&k<B!E6sl%Hj~m5
zF_T<~@^(k)&-b;0f-hawSAd*C6clf>5sjY<ikh)>W`G_^>s2p%{CIFPgZq6EL2@;<
z^bz*b?jh}})srE}6#)LXwF_A1bc&?~@ESh{XpY>)O0}?(s^HYzFC>MtPvhjTnh$05
zs+4VxngGfemsG-JZVFkv++5!1>fSL0Pi5xax?$+<G|TqQ>lzyoeIcha8;nIy&rO8O
zE2FIky`F_CwsetGOX;57BX72thrhiZVDs*`Zwi7AA3!eyjpQvHNU6%S?(R*tvX3vc
z7B3hX&0ey=CobNoQt8-FGe3aXVc2lafp<6@YwKuk$&=P^n0rV|br`evaj;o8h8BS7
zTrP*Sbo2TBTbJVx7UAv7J*ypRRed|yf&ODQw~O36`s;^1Vp}(`-_I>y(r}dQH%SV4
zJq$KdG3AFIj)yi3!J=87E-I7w5>`iY$0D2Gwr83mo|0Uw+RigmNB3OPGG1t7^g0Zf
zKb5EJ8v~*tl(_Y?WQB9^IoGp-9c#aMW$*xc-=CoCWkM6GG3;cv3ft#?-VQx_<pEuU
z9aU{1KW;V}ej;fIL&hj{GF>ph_+?cN#<~TI=bUQZxmd5(ODRr1-Tn17rd%mQ&XkTe
zX5i|(*XvU;O{NuI@_Mj?<YHgBN{?3(X}e%NHn*INJUb~Vs|`K{AQwe<2lXrL9OTRZ
zEaKa-zGcxr<eXEBOT2y-aHjKV%9T4M5Z#*_sYK)yOAbi5C_U~=yaJU^e0}z2x@jAb
zN3G!2gq^h;@4R0)E?6~Dro2)8isl6kJCCPkR$JLinsMLz?icqQ(9L%eE;>Q{CV`-Z
zbgpxec{KxbCQyWu2Lw=1GV<eQ4sIUs%W3$uu}_^0dhjxw@Q3iwj%R*YL_0Wq$N1A(
zBC<*XqijDqDko$OAzvZ;V~d9Lj3vwp@*wDf7`KJykSLM(so-Llxv9sDAHH>sF+D5R
zBqZQDmp}+AQr6P?z}^4qDmdNdvi!=Q+yvIlT~oS2!@qi`+djPr!96=^N@<}9DfA|q
z0$$_z&{#<^iSR7$jW!7RxO81X5q_o%eSOw(G=W%bAF2zfF4`y?<?I|row>3lKwJE^
z`fYUR3x_jP<^1lg1!X$xAj}a=-l*<eBG#6)8Rd8z{+L}QPfF>s{h){65MImh{}Bi;
zpd7KIeC!isE1~ds<}D1_SPnlOi3PXVN0iP4T`R+{%@#Bb1>KPHLMIV9q*}0I|8u?B
ze8Gq+R)QKiA?<8N?ZqR4)am>>jgCKlUIMyhA+K~p-7S7JBT+Zbjx?y6a{mJ$j-S3N
zGe;;MX^S)b>N2r3&%E_`)&ckM(<So@{S?i!9q|~OjpW?!(_xRLygUhJW86*qmfLY-
z(Zlj_8Z~znGIT6j$Il3FxbFImAX@hqH>--+^!XTIl66PsZ=B@%y+N~B;nyk0Hb-F+
zh8ugZ+ZsVTpR$+tZk{#7_q-9RRd<w2b?NuB*FBhX3}7@RmgG9Vc0KMuxMS4_xO?4t
zf8XZS9qx(hOF*D>*9DZW_pW{1gC%vlblpCseb)-aqx3ilCS5qkbK8l%TwU;Gg2Y0W
z)iYj;q`07oCe4d^tVCmBGT$&Ehc&IYqm<Z$H6V-vNWC;JO~P(((1U&5ejB=96Ic}n
zWzH22261(mMDh9S5{;zir3&(cndR6(Df7gKxbjil>2DCa0h({)q+EK&!(SP^kn~Tl
zfI!#e3=UkML&U9LhQ=DfU>|3e`l_fIV5+>_%+<Fn`tz4DJ%r6Geq&Kif&Y=tky-vr
zIv+u5vWF2@KpbxLQZGpwlh=t9g^LQvmU~4+__d#-N4YvePjO5y&S_@XI-12F4q4A+
zY<_zR<j#Q#7l;@MRh4^}usQh*CfFsFc=6e&y<5N~9LYCTtWIRV$%el9dFtcRDI&J=
zaOjtrM()w`#|^#i$nK}fxt;!$xXoaY&whhhTfmhgcGv$EP-H{r?gc;?LmIxu!Mv1^
z%XS>!vyK1Ej(m20#AevpYd}YiSy%Sbzjm}0X?8ms9fxZ;#81i4MwrmmeOMJ>xb!Wo
zKuq~tXs36*!P?WoFW`eO*uCfshgVdWZ%|opht~@7QZq-mK62hZj$UOiz{#iH1>Cr8
zB^VwJS$fc|1c1ja&@vKza|j=-qop+)twBDi>7x4+>(WH`Br!%+mqq(x^&Lq4B^32~
z0+`BBBxDyxLR>A3=MTKo_xP!*;cIsQsA0Jze%1D}hKbzDsopjFA0y!xy4##_J`^^^
zb?Y8YK&=EzOfJ5?Gv9g@w)0l+yAmU*I;vd>z7MPXkZUP~P{jd60`P^%;aK`ApI*Jb
zH*&Nv8l%<36s!(9RePB?sb)2>`(81QRMD(2s&@x0KZjm@_#EZIr6gF$dp+qU%_1-m
zQeJSq{{A_n6dgq@jJ;a0>;o^JDf?iICf@4$t@qAk*+9)cud>|iMU^laE@9uEFssBR
ziMlav^g5H?r*Oy5Luid5cZl5PyAy>f>bPtUY*TsEpKN+qumka9RqeQZfQqP-sROz%
z%MbkV!Tn`*H@=po3rrR+^G6kPA^kli^WW@m1=DRiA6F%P1C$V4Eh8x%sz(|N5`yq4
z5K0Oh*_7=pK*05IuCRH_Hta)>%O>-R>)E`=D9~wzRLj5}76T{lHN)vC*UC;_nu3l3
zirgteFxBbv?9aw;Z5OBL3v-79T=IVe^!f2)bL2KpTwTz&xqR;n=>kNkNv#($UT(#i
z14a<4C?%}*B(0&6@9RSM4D{0;4st09=E1TT;<&f;1%gK()B<k^!z+RBa?GP6uVE!}
z^wc{h*+LJ+Pj9D~z?EjhgQEzD5)+^GEL_>V(OpG3yXM^Yf@~hVMm}pC9EZClulm>8
zV1jYcxG$)1e9|G-#*=DweL}(=wc?SM>PD50hNT6+m@Y`#hJN~HofHGQNd)Cs?K3bm
zQT>ua*1#R$Z?9;Kn-gN?p{w<AWQx<wO#4<%5dQM@q7i(P#aDLbt9k?>GEtKpH>Zo!
zT-G{{>r>9D#Fl)6h>1FmD+EzJo5^VKferU0Xb+p~!VAYA{XBP`6NU|HU%fvNT9dCr
z<3#6Mn_g}|8d(ZXyKjHTd1aec^uTPU(W7!nn@=f)5?I`7tTj{%X_c%~J}l><HFSba
z4s#ulf@9_IB6YiDI(r{N(*7_r?fxpq9<v(2=<z%$`+%n4s6rw5Rz2yvGQn}|iCrEC
zl1WKvE5^p5#{N#NeoF<El^uDnRA|*aC9!d1aHkr3w;2}{3MU~E<qQpAtm;m1xDWTd
zDkE1WMYzOVS)iQqxMwXam1qqr(ej@8HPu*q8vPV{R={+$<>bUc#z_zbP_9TaV%2OI
zh?k#kGc2#`X@@H-i*|%!9Zmc#8~29*gI1cc;81v@n*L+xjuV0Zgk9w9(Zo%_kvCbQ
zll)+{FsQT#d<uh74^Tn6v}i6bvH!ASWUQvZ3k?PkMO|8%exWAG#G~*m8Mo&&Z5jx9
ze-=QKgD#hh509xj%9++If6g&I;Qox>RED!`@y`07X~a<hmkoNh!0QF7w}r_Ri$c4f
zMVZKqWzkf<C{t-sz|Q&Z%<;(p%}d8oZ^>!XoJl_Et)i@}8kxdm+>lQL7HxGdOt(_H
z7LC~ZRM{_@gg)AQh>-1{T1e)Ta%Gz>RuLp6vCV*~V}?m!NPq?P{;LZBM|=%H5S@q4
zZo2Gu46CeWVSTfD!&8uPclLO259<99K^S?)J?Vqt&2nCb;5&g&YTvHJJpLmP;f7Cb
z($c{PR81-a_{sA?d)Vi@JP!v`8r)2u7oI@~Z%gct7JcdAK7l$rAUtPHUnA#&Vo*+b
zbc<L{=pKx()S68v(YiOY;(ynG)l;o`KKo4S(3a498GQE5&4wcLF<*6eFwgmYR{Ru;
zngrE@mu7Xh|0V+0(Wd6XtlV0%hSd7Sx4aA8K5702N*B~af>oI6*BlIc@uedStPf;~
zFE(xam|Zq<8<n*jukSEMFOI8s^roD94xUFzlUhwiWsX)K(Pqq(rgej&@OQV!3WiNn
zLF(0#>|r4%LkKChOP^S6{6<nQ>{ecrAvlDb=*)?REFnjvH&2{&3$H6>l0dlb#Glx4
z&WtFNwCGHLj8PeD%iVG4{GI74`6iBn-(@hO0@*O%_*#nk!O~aJ!ZtQ+>gr^BqveHK
zmokE8J~>S`%}>~zgQg;vHo#|_nVbS@OrOp+Yc<u}ooT%haXaXjaWgnpJlb;fc!R*n
zB}lW*^k6A{_tm5NDEQhqNn^0=K}u%pkqR_DAHH_b<!TKKzq@O_iR)pC_&pkM&mmdh
zf9$gJM*Q%cvB|sDT>u}UL(qE#naPy<izQ6u*-Gle!vcm~(+o8!FZ;k8g}l3eM-OVP
zW!bO@8=f?WSE7Jq_`)N_RowaG`^THO;R56P>AFYVa}7p*370jsmRu3X*sQSWq~~WR
zTPm8lYQ79E-2Kkl3bvtAg0d7Z-r>Q33(cmev3x=c*`k7Y(_5jWCD*0j4-sdp@}**w
z(ZqFQ;;jg!8>~gMJ$7r}32@;iW{2eF?vy;A8a!iq_!6q9AyKSMpp9hFdj6d}QtB5x
z=d(ON-*6goje+<5-j19<SN+i5NHzTzuO~)u52a393Oaov{tLLhi9W2IX*mZm{B_kG
zJRWF7a2l8Ui&nLu1DH9KQgtN$ysCu@X8wbhsq`rS3=+N|GAn^+5eTt)N^k$XItvK~
z`P(lf5`T?2;A6o92JcO>zc+jV#`_)46%pCLHuisbyI%7bV-8XhBM-pkr=G;Ovlj<V
zhwW@jECEWCs7gW(e+?w)NxYuqid@{gMFhz4yOc{VpK#AJDdF@7SEPKeXg&Ww1`df)
z-0G6MZTpJL84#e03kTcJaWc@)|9I3Z<a{=3ml<`()$oS_AtTVEGUdZ@XRD-G#viNr
zaN9oJc9V4IT$XqNEO;~>;lky0N6(_7G8%hu*{b6OwS8@h6*A}Qbl;#o|IYEIty0m7
z()GXv_LKu~3`*#2$Ds<Hm}YnBXFixa24PNDYnnGxBY5|#$AAn7(r`Lw(H@6%YPPK@
z(t4Cw58s_!C}F5Tr}w|XtkQp-UtrL=WBR7F@j2s*-6R|oMMGM~CYZAM+D?y$li_q5
zuuG|9{RFctZ}4DL`RBNxlzrT+4m>W%>sfci!m6^b?$I3^Nx)YyEU8FXuSO5^@*fme
z>rD~LO2Hjo>7Orh=$0P@xVzjsstf>D38Z&act`-HBQu>sV;pOVz~siJ<wFIgEk+ux
zX7e@&3j<eVSdkB^<Qce>Sg&b4Gnd>swQwi_;0^$GRo;T-Y6<<*f$#M-?%&jFL)UqY
z-EdK_nI+a|Ek;V*FPjkJFw4m_N2|ujvOgo?9*UUh!J?sIWV=(c8+;2S{$@3m4f}vU
zl^~kI)bak2sMtY#yis1Hil;*-kIwg9k}TId1@+qJZ}L6|>~2C8TFwpY67d-eRZtgk
z-@Z9v%2zWLE$Z%IMD8Se({p|T0u-XsPn&ru>x&%qGT<~b`6;!REnp$+TXqqprMA1g
zPZ0yHobHQ-48z{5rDyg%tE8joyM!OF*b-plnyh^YmvViY6%;8(+T(HO$>f*{uw;*(
z##nwe*nS;Ntxzh)-H?z=UC`8LJTa#6AIOhmHdx-8Ak$?xikJ)Ah)9IzDC=YF-idf<
z_QKih-RqAVq#~~2Dr6d6F7(DQMNlpz%1RC{puKeNwQ|0|F=p1c^Q7-;$Qwh2X<YUx
z+#zJdyf>M?iP<G`y|6xmd$#-jhp@E!gqt-3?3*_b!VS+nk>pCRixqSO059eNisq^}
zCC&BlcIO%4c2yX``W<&6g6{n&kY!hw^u-erVOP{oYCJG<lL>o558uBSMSG-d6fWF8
zOgUyl7HTh&+t<{0My30dVLXTwW_GMhUxUD3tBI_82Tc0z?2TqPg1U{icGdp5vqEHk
z#%3clr|-&T(uypGPCazz8D5p;no%_^q`ohcsG``{-R&o`!!@lF1K==+)eIzETpTEX
z&q}@+Ej$^*I&Ag~;z6r&rv<pY1I`FqeSV)?%Hw~#S!iMjVO4&a#8~3`1(EYqpS|83
z8CdQY=)k(fs5f8Vum<F_YU4OPRp}S>rM<loTQu3^I8|(hzc#bw0-#l2^f-P;^EM4g
z{%W&A_MWp8d_ECsxsF7OOKz{SmH?YM!;bEkAbjlY4pt>G8+to}|5~4~G|%I-w9eKm
z_|~Q64*)!JvDcV|w*_DaB^wy<en#PSrQ|i1{k#_epCdUi4xi~R!cX^(r+PmgsS7+7
zsJomw?(e2Im~Q&G2~P*fip6xm82}y5;_u_p0a07&;FM=jVso=$6lYKEDoa~!QV9Sn
zNi#5qRz)nDQ=yp)^bGaP46l5Msjt<xHPd%=69s8vp18bZ)2eiJyn;T4CO$&kgbOaa
z!NLIo7)gZ&0k%8L5D&BBSKqTsnkPDt8GSM*@pCbE8R>bspz*}q%C=@iXc5B5ALMTZ
z*IV4i4c%4;FNX4O(XgBkdI@IBP5_ko0PBazTz@`ii7dioDVA^#$|L8OlIR)h`!JU#
z?pHXl=3LA5N(FE1ICHF1A<9}ILRo$>d-HIz9A_ZQYp$kf1#7?ITcKi1=Eg;r4J^Uo
zkSyYaPYo|J>50-Z$<9}eUW+O42kT9U5`&Nvm&VZN-$`KMI~V$3jSTHhXtgt*(1&ZH
zZ5O%p52~l}4~?_FBBp>c^z<(xWgy7zB8<TxMiSY9Yzj=bs*WdY3L<XmYFc6tO0b<R
zpDb7sEK|7LC0wH;{20~pF6x3h?7QRUzRg+ma7~Q-7X6o%&ipzi8-*4Q=6OOD!+=I-
z>IrSz%qmGDWi|+i1@O!NQpBz~m9uA{uG!2vb?D$7EGx@Rif0nY@YNhFt|EPO-{~oM
zdow~^BbCI}1qSI46~91wtnMdBk1K&ey42ubAU%+&glAu({!80-<acCh9dnXO!V`CQ
zGvo4^Yeg?n7j!CS{!YUsXh3)&UK7}Z5~ltEA(+MU=6cnUQq6q3-fpD5V-YNc57W3q
zW7vK_-mvxoOqk1p`qJ@M%+0a8yhglj!)KYa!_{ou98{a3RiQ~(5f8<gk;H<q<cM%s
zRB9mJkm1Gg0{w{b-ORt0XZss4kJPNaE61>KzFz|&Z!*F=pD<tkAm$91%uf6M=`+e*
z?v}R;eeM~Xcm?XexLd^<qT(9^&Q^b!9^yHQljQx4T2}KYc=nt5pcTDI1`NSq;v|zg
zz)3T05YM6A-EX;WQ^4Iaj2IV751i{xwxxD0>^G=FCT&xQ4zKP%wI>fMzF$#qi0S-1
zzOpt6{8;hrBQ7_23?uE#zO12?00Ah2m;fIWS>|;1LUMh6;tsTmPKRtNWHWC)xLbyd
z(tG^O)TBxxajhxYWktOAV2Ejc>ZR`1y3msb%Lz%vZ0M+J-5n>>t-y)mc6U;MqO<`N
zTB(4lt_;S$J&Uu*=8n(=zU~JBMyP>2nxE;OgO%BOI}pElW^SyQewtlG9$54a;UBMT
zaq&_OcrI#}Z<U?~_i!vNI!z?rGI2Fb-=^ulo{_OX7;^0AmGGvvjxN3;Z^Ql&-h!k5
z8d9DL=g}z9*$)@cZ*C-em5WDFm<aUG>%b3?x4-L`&lKL?u!<i4K;G8=-Qm-c2tx4n
z<~e}jqC8R>Vd|Lj%T3XzAuR-Kk*G$36~_`NtIEXFn6@NZsRy?&;A7k^IISC<(M_l6
zD}ySrzpt9QKI<iWy(_+X*pVAl&Js~j_4bJ0(q7fvX@yzh5}vh8Sta+i>BUQV!NuBR
z*jd6U_rT7^+v6e7%?I$Yn_~vz*s}dT1i1ye$X$2fjPQHeJq35l7xw`BkybdhUf#0y
z`%;OOVirMEj|0+H4P{k?6Q)TViMb|?6oIk3vsW$(s=<|zb2+8+lF6CUyUNKNxDFO3
zoH$+Nus&E^48uK2;)&Ou?A>aceB`1^rJB{Y<foV{1fG*4f}@=@5u`e`PP*1YBgo)f
zdI@fCIuV%bgKz?Z;I#UgKn<|MrOC1-*aCi44e9};|EA>tW7(@(XHi_?$b40~mlp}B
zbrjQ&FaoK0uVIv$e=tFNeVBYn3Gi0%LeUqJMLud#@Cm6NzwVzY+gEox<ZCq9P_JXC
zJZ){gOzT;&V*{uPzj6rI>cR{>GnXs)c7n(R+_o3q*Qzo>&sZ4o72P-D5}K{-;S*MK
z_0h<C$4Ic)#yzIdUm*8j`!cbAu~|#9`*e~m=N%fXP`ezn{b6fDtks9XuV@j6_pqeq
zI0PQi$lB)xJ^JQ*TTxvHKV|FQuL*#O8U5U^cjQI+C}-;%!pI^gj=b20QEdu*IXuzW
zupG`_H#zKEsK}dcU5&skBbBsC&2FN;<;D4R+Z~t`F)H9S76t;dl#!WTSSrgB@8{TI
zV~*XN%(B}8ZeB|he{ikY>qwz=M-n^%V})*c4@8qn*3Lfxxb|NFY!kNg6M#2Dp8(k5
zh$8ta<8ZAz{igafm-=pW2%nOP%Cm6ibD*tDO5{9WDj*z>4{5VfOQSj5hhkJ^hwRdX
z)zf#E--U!$EnWDSa@!yyrkOT(Ziwz>PlZDi3v=AH8cw=x0zOE=-;FcwIafVS_vd>=
zsMcDDG|N>WMP9U%hPMJ&XGsFdFP*vto5MxUT%*YWPACj(%n`fqhA%2_O6;PD_JZxu
z6ACw#Lsde)fB*uN^ej&jtV5%-`DV2)Y}PTb+k6t=nCZ~`rA8|fo_sKy)F~eSjRO!!
zMy<y8=@Cn3HmNE(ed)U+E}N4Qhia_(wlByzIz^cZm^4M0rDjfe^1mO;f-BBCqTz6T
zLb)OJe=jikg?lLP{IK=b!iv8-(RY_|n0KP|Z2F6d!40ON_}b1AG+J46;)-F^WQQ>t
zgNs1alzz9=fRKyrv-{<86UHpfF`9x8zhq7Sgr}tt=*-ZY{-O-#=LypYKmymlu+2mm
ztiQr(iz)sk>#l-n(C;*&<*$njgkY`LuRMq155R%)vH~Mw=XIaPUl%cu!NN4(?0C$7
zYyc^5)lIMLuZwVC94)~!+Y$W}M?WNkVbY4TQt{7=>3&bTG-9pYU-B)YB=`ZCapx$0
zJ^Zg7OY=R6=uoPS$bW(>6v>A*`sDDvzZf?k4@|QRK2+*|ft$};L~D#;p$nKlX>Rfx
zcvl!5v88`8c?a|YYU}OF1!v{e0|(~q?#P2<Hs`S~M_ruXU#~Be=V>5dU44I*WF@u1
zsn+K4lBP|KcYunj-uKa>Wh%RS9&6CNy-33z^L{Z5__&Fw^<<LzQ`tX#o4-^2pnh44
z@9;=_XUXM)#dW946?QuxzRtjP!@A)3Xgbt}%eTj{e>UUinsvEedKkXihwb<Z%U3_7
zwmMzlb~j-eCjS=ZJxw^k!|%3F7v$xN=AmD9<a9B4kGkbry*@=3?#-cskyqk;7Hz!{
zHPK`$H{nrpd@wxFSePOeu5A|bXi%YYRv#;+OPS&b<LpWaR{|le?-x4v>E)zc)#@3;
zYsJN9m|o`+;Xy@JXi4h6Gv@Q!T%OK`(hU}hw5!(Fp);}uj@!kg%k~Z?ia5r#stOj>
zvg^le@L_W|DidL<=y^%2#?~lRkR5peQ_Abf@<5MS7P%qjW)Eex*-}SMhKuasQfRqG
zh0(aw|Es&VjEeGa^u3V~B&CrWrKG!SK)SnAknWZi>28q@rCYi?q&tT0?(Q?_KXBiB
zKj%E_ygR<*$E=xQh9%dxKGW!W%`(6ZJLWWes|{MXVt{rNa@tcNX3H^IJza~_mM<XG
z1~oS<IKig4Tyq)h5?&6wTCaKXeCt_Y855J6*fDTO`fS-}q22s3Q9<6*jD#qPuTt?H
zP*oOD?_RLs#;qAct-L~J@nfZre3MCH&w8AfjoHoXI&-`(-;qmR>SLRP&eFLQjhlTZ
z04?C-C=cV5FTjm|P&hk6T*ys*xPwchxq0aI-U`AMBI7VLT2X?%oX&Sn1&UMQOUNdl
z@h~y<DoPV@6zlRo>d!Ky_Syo-J*Mu3G}}UoLM((CQN(O|oXOsNvwZa-)iM~vSke~2
z<j2E#96gvOTRZOZrZ-qvTIV*z;U=!J`|8WIhOpdGqI6^m4Ow!$3qJy+w>C5|?@AY#
zUI}hpW>M=%Ew~o$1sQU?yWXky)eHc-HiG<kFuCtOp7&&leF{r`s383+%gf_^Mq7KH
z8;rSN*|o`Om?E)_pN=P6tE%KK4(&8v;tKB2ctt^WWH6auZLvK>G}QUvox2DWQ3F5Q
z5x*@>OFHP<sxd+2t@S;+Rvv>5NFd7c_M_Jt@+E&!BjCLVVZs`o%gqW8g@aoj``y*J
zBUm+@j3L)iWQa=)GNwb{vMpC-mfx%WeQF-Mh>;#D9@trxtTjJ1C8GJ9li6~N*G<Zq
z&P;WOaf<Yz)V?%ee*V+7;X%hZH9h^OsoIsWGOR^9j&&~N?DQHefiYa~hGJ0V_fgs?
z1ucQiwkQs)s#0SNRTcd)u!uz~ulYQuuT_kJFcl`WCxC=zJRl|3;3Cb2BjHEyF!vF^
z`oLpDrh(A}vPrW`rmhkiG1Q10i@_XTAyqt5S+F#Wp!Q2gMRATye->@tR=G!DhW|XN
z=a$*!Ow)~so5vpD$hYa??JoC~luGPK=v?sVnw-V;NBimWuE;dPkg)S1j2rR}`p~^A
zgA_>CZM*S8=Xophx~#?Vm_mcNnUm!T6UR(<bFCVmef>R0u^FhYQb*^}`T4mZSJPQS
zb*0AmmE;Q<1~~mnI^o|LoAh?;7|W)0lcv&MC<OAk$7oh8+sjs?#t_&lsb%~L`eEs=
z89#G8HkDg9xcw?45A9@6;s4ORH&>gL`fk|Oxl7SUcZ(<WxX*dDlr`G*$km&JSYp@W
zK_9#@_X=LJ1=yzr(=LB6Gk#N=D8XliX8tXp)e)o6eu-`$<K<|K?st};z0Zs}q3yZF
z@Dx8v6-D(*1oD5RDy8`SQA>BnOfNSPfsRBD+Ah+emf#9FCq?Zqc*$V)X1HB$yYVp1
zOR0{QcO_ZW+^A$VuBRpP?M}UIrjYgNbi6cMmNW-vj!f0|Os5N{)D~V(SVcGxJJQ=Z
zX#}H!w5}*ub&`Q4@Th;J@&=zqe`}|1ANHpBqF-cqfsWXr17viz+VzQgYK!H=LW=46
zxd5x%U730B+h;$DX&RYnvlz<eeJLjA0<*Jf<s?~~`@eJ@K+PBAva>*C7rki@U+`yZ
zT=GB4+6Q#X@LmcS-+3K4>^+<}ac_Vet-eCOLyxO(^7P6I7lVrvR|`o>oUmn|wBAxp
z=)pD)O2&R7wlVmZ?mEvw?P?-Em8o61QlqpmQdxWLvc*ycm+QA>ZdmADW$RPo^hA*)
zlzHc&ovv5k2QORW_Y&nU7}$?zQKU+A)+*GjD^_lErBM8j6NJUsQ*8<FR2NU4Co#V3
zn!(&3zdq!_0(oG$DpNuw%a|m+ZONzO*GK+UUuP|bwSoUJXi;DnKX^ikV;y}*jgc8V
z65|$>HRk`Vc4(1eJx9X$+DTxz{Y_N1c=r*0F)tF9IkC*irLR|GUUuK?8OL=+SWzQ<
z>-54BrFbYD1(R5&pO~QhwU-K&zuNm}f>Fuk6haXWM@4MQ<aWq-UpU7flX4fHu$D25
z+6g1kg00qw_9;YE`a!C90R@oV8GT9OO6CnF==|Pu!f!YQyWRn-st?|aCoblyN@J$y
zSTK4eA;q-MKbI<e>zdqMWS|{>u5NH{6mg*0a@@vFm(+N6GPF1OL5-Z_E5F;&CE+ng
zT=y#zz&?X5@csR?H~SdXzL_sJ%v|3G$N_{MVSlT<u}n!|kv5mVeqH5qd8SVsh5zYj
z_`S?+NA~?&-m7lX#N+W+PF@ywy!-15^)Y~ziniplbe|m3iJaIw2s9DT(@eZ<>CG2;
zW4t`bN+X`~FVI|@K#e|B`0g{cpCyz@LVc~HmQ5W`N6i!t=ssu#f94p@kGQVSzr(2=
zBwY&I-0x(=JungYA^-r)AiuA)5;luNC8R<=><y26709DtA<gHjkKOGZuNs^R@aSsI
z8%&+Gy1=KNwOBFQyd8;4V}QjUq<8hWhq1|PZsUD$P_deD`PFYnmu`<Df>jC>30tOq
zCXh9?IXfg61TMFmwmTQC0cSnDsf%?qwK6nI)4fAY+hHRUPEi?2Qn}D)OyTDTxtbUs
z+wB-asMd$fWqP@?*+TVJ5WWRR^eP^{SqXPOF$xXRlag<MLi%dV;XK(c)gGG^jXxu;
znM~uU(amH1ums}duQ9hfD54}N-aa=WHt4vxH>i`v`dLW>dsRfKxaDurXG9v}b@nng
zsOP$TEkpJJ5`>?yd~7CkHMC`D_;pZ;N8W0j(aQc(ofT7P0<*tr8^369#*|A_U;S3f
z>iYex?Fwguc+b|I)&0)S@DXT-oYxKz)_BWuJLd-JUbbceAszgQ<vzU<JTcgejFiHX
zb;a%=K9!Bew5dpV6@4@DWg$DE)6*w2{!LJ*$^B^g^ufuHG*_5|YXLcf4gOmtyA^%_
z@tH0X@#&}G&+uYkgP<-OY!GaSa7jDJEJhmW8Exy;Er?UWo_~r=)rk#H-b+aZ7{>3Y
z?mD_T!p>s?Jh!;vG;ePa3i`O*b`$NO)B8<-MAIHKcg(W1r#BsT^b~^qx@N8Ko8zxZ
zO=D*k0VtUt`ni?cDib;<(Uic?i5Ik`vhdN^7!RYcm%XvS4^p9Vc_g<iwSs&DpjdHv
z0~=wSVIrtPEi9xIXB{~<R@-w|nCE?6Ajsh<0JZaVNq^8kOfR9WNc1gcWJzsJaD1_(
z90-mlKsgQX>yK}pefqD0R248L9O&%_-P|V8=uZ=1D+kz|@e7IHV^j^?@U4J<t(195
zxNeIup9y5!IoMWzDvf7WZ`jBgZ|9a#bd;MG`=DfcFC#@bf7_z%dXIbWY)7Di5O*Yb
z)cdja(BO6@4xr-6R;1O1t`nNJgXI44TBG@{*o$(ZLM1V-)KH2ze{;BqCWg)UZv!Gu
z<ps4IYNg2T>8D>F#MzfWJ&04j*dkX@C!MZc5ndd7K^<VBpa|u&S{lFt2dMvDvU-F~
z?B&Vmb)7ayI$~<BqZIDcY?9}O)tUgI;rT@!t5?}NPStugkDOb>k4nPT1Is-a@PC2D
zHL}r4m?q0x0{fvb6jDw$t>hw3oBTPZkecGErW~={v3bWLcjl`qn<k!sI<ViM-X8op
zK=^xK6|YR9`e-WtQW|WA9@GtXmd8~fJOYnH>P$x)O;Ud6{U-0o*ae?tVrvx&tq?)<
zuLgauZ;V#4w90YJM(zLsOwh4;Rj7V3A=%G(g{y>vZP<nEBw@nP;g}kO;8&*oj%B8+
zmqoh1WOujU3j30>9tz2e4U*d5G?_r~H)@=n-@Iz)^Q@K>Qi0;EoxX>$*SP3toD6zd
zY?AfCH0_fR*Wj#z3V}D+vf$}YG$_l890gwAT|BpSb-f+GTpuSQ)X)~3+4+Q>Qiu6)
z0qa3r;;|TZKl(M%Qp6P@w|O5m<RfvU7gC#}EaCDxegkqYfw?jbam<Yg_h)b^tDRVg
ztL)L!i2RoPo@wL`A@S?CB=I#MTUzc?KSCDsTCS5g1wB@nhYfp$#eZ5F7#vmCiYq@@
z9Z$scF5Y3qX(Z{V6Lphi*h=tw#7^3aU)$J{1d?2FrH7S;+brm(zonCHis_nt=iK+p
z&LG!zp5G#}rUCmIAcSR%4+}f8n27aKjuleByo-FM=a@c{L!<cxQYu&cIX}0lkAyso
zu$Ug(_z`($Wi6<3tF}0!F(SXq_$>!A1PboQR7t8h*mTdwo2JtdJwEvY1R1b;Q%ygS
z+ejB@+qiZs+%SAl6r9#4ofm1vG%j41ZXP|wTnMSkXufj(LcCtOp~8YVBGtAVf;G49
zj=`~?jGx6SU2{}RD?lF>sjJwBK0g_&M(`0BS|vbzd}RjOV0%vTO}{gGYTtX2c^v~e
zp>pkH{#<Kr(Hiq!`toX@nQfxp-Sq<2!VcF50L6*&gQ@d^TzDnhu2r@E4*E(&XI7vd
zT1VrvG$f~lE7&{1@n+Z=5kC#_-wAo~YOg}x|EpOqIC|2u+YkvSRAMjEs`Dcj2^&M~
zx5|1zZaQ0*S)Mq6u_XO@JL-9FqzZiS94qkL5`~*pgiPWb_IPE~BQIcST8w0v<TJgC
ze0|O$<nfXf7csF~gAMvJ_X5c!)pDwB%3-B|od|mSE1y*MSsOb>>Vryv`z>De%|>Hb
z>fH_9()J$D`|%xX01u2sBTKUjrqVbH=lGIwd!{#O+6YsDeY7{roZtjGV;SB19&+SX
zVe~h#>0@CKQiDbmo|6~+IUwgZJTJVmUdysApZ4O(EUi9x5LDH3`lajKmp=EA7|mSQ
zfC`yZJ=*zLk0Q&mSkk`6gJ#{N&+HsFLQnhE%5UnMkO>)hOTdG+2&-qDkfQURW%Xjh
z*X2~r4Gr>4D$O$MYzHs;<J&)+1q4V3bdJIf-At4}9FJ=<usPBg9{%*!UIIek^gEq%
zmQnS|ZO7QahQpb=TRYd2Lww4|q<wtpOUo0-A+7Pz8#!1Zo`2#^EXtz3v~kHnu0m9P
zVvd|ifn5-H0N_aa$)SG`*sl<9s5U5hVnpOvfgfq-<}$$P$sxNU*jgdXYoqag;*IdR
zgG~_ig)Wi$C-HxCIuW>PAWLBRs^Ez=v7HEhq-$Q@<>V)a$e3O;raYjshpUUj-LgSw
zN7swFi$#J1d_ig~gaTr&KU@@Wl-}P#fiQ}4zwZxaazAhbXzc=Cza^1<Xn-5z6aOLb
z<mc)aOQX#`TR6`@kcD(`b*<yb?ale)&fH#%C9^l|6xAJyJggBjpFL1xJzT!m$<CC0
zaxd@FI9`mosW+i@F1QW4?oo1g0P3mr%Si+6)WM)uDNP)!QSohK2WN~`+8>!Pr<0Ky
z%Rw(clD=3S)mQB+g=IjLl*(YsaE_MIH~)s7+fpspJrmq)ZTiv>oUF$@Yk!_azs1Pc
z&x|LnGnS~$)-0^+KH9OoP5qeHu}mY(S-3*G9>w8O)q%}+@}&^AW|=ymh0s;ld;erm
zoJa!1I@-MLxAbAUo^Wr&s(a;N)#PNaP%73%e3VdZT^r_C#!zC2*}BPk(l*XK4g>a@
z?Yn)PwPQ6s4nG211~s|@3JB03V~a5D-yA1Vtvlnb9T0^aWOnvEB#lwxe;%(z&#u#-
zf2`o=sPLGE7=W7udtcdkKS$0XS)x>^mB_59&M{554Sg3IMO{R2VdeBy?2!TeHZ)#p
z)x6j0Mkir7^`*TGRy3j%%J@QeFQK|O1XE=AtvV=qAm;iFy$5+gt+_XhRS<NsAr${v
z;r)r~dm)USAMoXa^q%h5$B0d;Q^Hr_3Yn$bbHzj&y2@$=SSyw-GHlOEKkL+R5P}xy
z5eP=7;}J7RXcZ>r;A0Ed`Sr8h&uubM<JWAIWa?1mAz4Gg%bl+0Y2#(RE)4P86;&UE
z;0|lnJS|=rM#~K9HUt;BZyP2^tKO|^CQq8Ix)1);P3*7C-p@KqM4}%8H^WF{u%uZR
zhCT?s(;b99o+3xo?Z(?G-^HZU<4IulRf2Aarl#g9Z0Izy`Q4wN?Rf0Zr{^dQTL`)g
zo4vpZvJ-x6(5H#&Wxomx{decS9-OZR&w%_ZJommH(PRaO=PuAxl%Yyxa!<1J%5ar$
za;dg!i7L0QxD(^xRxtIe)-lYp@-U6kPkX9kfyNqZ^9=1=V(r)^-%{D;Ie*YVx58Bq
z(CmTGhWx<BgNgDt^DkX_023j_0Ws!Gb}d2+eu>~KHgJk=8%BAq3y#sxL-peCSN5*f
zoKL?x{9dht&iky?vJnnSc3$l{$4zD_xF49|n>gH7%@t1ptCpDkStQFxYv+b`0>cLz
zD|3^T=b3<3ha(Z}U+&z_sZO?L7>LaL10jObjh|8J>*K66O)CY3b0R!0(+kOx39i+@
zLuskPnu&$^S+1fDB|^`TgG<{&R4<yBrJpfKy%1LaHswg6S-Cg1K@%23jTwcrE32XO
zfIfvSa<F@ZT`CYc+85Gd;5hzW{(V6hx)8aAco5G>`dDr-)nxGBRsaKWpF81^)m~AT
z%&%^|Ra_!9XBCs`kINcIQ#?095F5L?^CG3lq!9(to`M&#_QVypa3ozSrTo}mIXGQb
zsN(BMg4pb+TDfw|KAs!oVZ+BjHUL~y57&Bt6rz;4jqB*HF=5BGLy8N_%$@DI0guRI
z4q6<_h}q-JTV8)`Ds5o3`Lg<!jwBEC&yc)Qu2^au%qPR4fcU$pu4D1A{;?$&x!jT&
z@lfD`!`NJt*K0*hzt1GeY3+j356VrOS0WctZIHb>cD_nqXae~Scs_o7M*eF)E~h1W
zh+#KI%6zva>th?Rnu})3?VrDv5ycGmBQo3hwv{h6x@y~Mmeyf%BY<EH|6J+ifaA_w
z(N{T@zZ&YNP^3Psoq1<18KJ)-ZRkQ}f8qJ~?)Po-GA?)x>J7y^k;9BSD>#x;>1OW2
zbGP3MOY>a9E>$@C`8nE#wj(#~XAT`jGnCdca5tC;I6t^!7E~phv!Oq`sA%P4<V<Dc
zAc^we*ap>P(HgMrTrZ#HdQ{<QCMCR+d?6>%jcV?3Df&YB0!rcalH<0|eKSUdO!#O!
z7tP&Uinoe0#g%kR@FMV4MT=3Gkss>Bf@HMkSCz|+EkZtT-;ZZRIg&W;$R+9EwY;)I
z+ta?e*b#8fzQPB8U|rpYwR)hwxHJxMC6x(p)$WGDK2@R>)BXHhi-00`yZ{<a+Wz%?
zyfx7m42~ReZrkssFL31F(fSS`N%38R7Byvw2U)De`#WmuJ!~8TZ9Dw9os)`$>lOk~
zh}NhgLKI<GSOBcbg(8oFH)$a3*PJ_!QK4ex*PMHJ`xag*{N`TQ)NjYe0jyv#9qUZs
z?<jD0G8`>)Zh6rn6$yJSd<5A!HpVa#?ZbRw>J&k~w1!(0O~-KcGhEZAWRPo<LC3?x
zSIm7I89J+4T$5QD-Oq(KdP7+)#K6CbsVl9YC3!FhQJbXt9B#&@6^7w>OsoV^l|HaA
zGpY%}TC7y-&Xf_=yx%(?@*H>HZE^gXUq86ZB~@zNC<oWanDas89KZ<qPvAUMTIY+?
z49S+=>gB<D*(E@srcxB=gu4*$a*=Pv&0L<$kYS^LN<Y9VMKCy}aGbtRR9$@NDAxmo
zBg~(lSOEy#7+$8+0G}BODV^LNjzL(ezgBfRcs)7&@D=M0sZ5H)O8|=DWOj%$@3{4u
zF#A;~MA+Ag1;%s-iu``j<^y$9dTGuLGXHNemFQsl=77bYne$xN(13`P&>8aLVFk~p
z73SPM$u+<yDImJVTkE`;?9{|*&j<@z9dMhP$-v3XLp^bV%~nLoP#|J({qj-xMeo0)
z&3#$Eke0bCi?*25{1^~_Ghz@M)k>o8QRqAOmR<S~Go{gFEHZffS4ivu^9ooOnS;gi
zPf9$f(2;Pt*qwO4onh^?^(H^9@ia-HA5KW3jALafr@7R0JpK6XmXdgFICBNhBGoc^
z-q+v7>W!8+bJ|+PWe@gD%RvEAZS5hc6R?4nM#{-2)>T?H9TP)D4N0D6nbNA6u9u1^
zrK`xYoBJ)WCdWN5A2a0YcTA)TP%zZb=f;lD%w{&yyI)54SMOA2;VC|t^hs5HYcTk1
zIJ<Qw1&hY9*VVd??*f`>F&t-ncNK#GD;1u)JGg8cJUR%s=0<y}GUNHrW;w=lJ;^O6
zk-suG>DXF>9OVMP;vgmQo5|e??-xk7=S`Eb8po}XYSJks@^2K=Z|!nkL<}W@(p8>?
zdaa^1_(jcMbb;(+0X_)@VTg~bWvy@eJ)hrur`%usC6t)71M_zA4mj6Dp9cyAF&?)T
zTQ6h7VSuGlcCxFM;@J0kIt?wVy4z-?hTyT?wqsb-htln$r@DzeLz9(;;CIuxfq|b*
zJA5YznO`Bz4f&Nwc#<L;!mc?L{H-;(PnN1<nzU`%O_?d<As~RoB$2;)C{;L==T~%m
z#m(0!t2oC^FwUX%oM$Xx*PIWsWfJRxO%9;`-3hG?CSm$3Oha5%tm7+=?9SYk3wWl6
zvn5rl8kaLuF~ByM%RIjR&ve<V0Lbi&`&a-~F$mUaeOQ_<QyPyIXG??-kys<hV@o_<
zs+4IpcZ7AnL3;uFe#II9^Qz(T!gn#2Y{+f&x)?_e%W8lsEd=(*WvtQ<aJ^KP;8_sw
zp2SyMI@tH$IIS|j{Ju<{#fM}`ooKq*uS30WB6WD)<A7(BZes1yywz-UjR*VbBjvx+
z!^<5#=c@d^kp~Ov$%Xq%NGS<E@a4?;P*3xdOW>i8;OlwTc?R_GCt>eU`QzbUdaTzI
zIgxe*-s)P^>yr^8{2O(qnSh0d1xSDj>dBQq-wIfGfIfCfa$`aM^9=Y#!AUQu++X=Q
zSV;Z7g!bwr28*Giu=tPEPY$!d9p!QpltM(wCl}$NB4FLJLcnyS`s5J&Bek215~{!Y
z`b16OhJz(WCzs)J>662R$I@{YPdOv~6D`F|2o_kOPJQkAPY-Dx#mEm4tOXs1IM2K3
zhp@4?jj|5zx#a&o#b<AZrl3t}rC&`Zdfv~G$0AzO&?q0C`%#uvTD1iK*EF_y>CItK
zfI^IR=fz#K**glL(xv#O$27$s_viMwE>HEmcNRLlKHJ$oS;|C8+=K$UpcLH}8;zaU
z`El+YAGmFBRj-6`?OLe)F_<>ihGfCare+@38`#<*is|*d?gxI@WqYuw*@H`QKc9xM
zsSO$aLNZ`NQ@g=x^S)k+D)-y?np{L(_ZO_8CbO!K1*7bh&d*l9ipbnJCoP|;BRk}O
zxieiUT*Gm4*Zkh%@t2f|#d)4ZHjFn+y*`RFvngmwZwYP)6VWH(`lvzXFd9IVdQnK$
zBFZxL`;B6sWlbWLpsFs|msWEI$3IS9&)+%C5VmOFg0+RE;S6)Mbtm3p_FQUZhFe!j
zoAh2Uu@r>e3#*#pp-t?yF8(qNVE($Qxxd>0z;%JDrq#m`^(<v(@fgW|d&4#&al$4X
z2|Cq`-vXt!zB*_+-oZXLbR&(+l*Co2U|^v6x`)h9p@dd#fV_UgYnrTQK?r9-BAfBn
z!Wa{|#Z;<eOFx{)Z|0yDKz||$Ol~N6`7pL))uID*!(Xt=N0oCwoV*9tZ=W9sEfhDx
zMn@lXhybsTJ_!tm)~E-UL&$s%uA*NU4GUZ$#(7bsc$ZRXqe&jBqSI8cPUySPctc|+
z2#?J13`=%;6GNT?Xd;4rVEznBz<$lo;f>7eB|Ty6TcJFrSR%RJU)|zONR={vU>;X8
z#hCzKkWzjxtLkBv=%MLjvzQ~I3;qGO<5#lVr<2;q-A0F1>F$v<HCXaL$|3e(V$s+V
zZFM1$q0o0Lh&?M5fQzKTtHoT$QC6@Q7P#{(<Yg<Y>SWdwG>a;taqB8*cg4MeXCwG~
zcWjw;GB(5!mtQgbwIJ^T<bs=fjdhcAH4;p>{MKWeq_O-;=JLF%DfE6Gpx{X@$))W|
z;N-F39zXzde~%*b{_bI`%}MJc9Pj}YcQLHb!)yTtWuS>8yxnPeb;J)h_QLB|hI=f`
zNplc{T}mjG&`SAvUJUDtbZvN^@~;5bAI-_eo~%-iT>bf`LKXPsX>hD&`JLfni0v{H
zm;Tv5mUz?Y1wnzmXeFzY(A#N>C>O3Plv!%Z8iYORRm6K5X{oF~e12rgysc2=cJd#r
zFt<lm*axWa|H29zDG;8f4j&hvCfCiT7&I`8hy|KaN>3-(?bjmkSh=A$UUtwed%7*z
zRbP(*mpUtUJ}&2@+Bc*FW^^8G>bKrD0)Q-6A|LNOZ=F8g*StL%uK*TuqZM`@8zZQz
z_caY0*rA9Zy3%uk1a5>&B_EE!z%VJ5#3#~=L)jUO49f+b&=yN&U(Zjnk8EFB)mh;&
z-&JZN9GQ8f$iL9kU#d)kF9mm!x4+F+PY0)>wA`Kd4dPM9${05MXrvkSz&A-{4NJMA
zIyW}R6njzf*g<Aw^<%hC)XKcfDJy9Xa#UAw%bu;k`ai&gg-g4S1OLK=RoCZMqfTMV
z%z*x0D0}zr=80vtswNNoLkm;DRw=^XlORe^OJ^^w_&rmua%5Y6D^gNmXBI-FW{QXp
zlO)8+Be8)WXX7)&{g7h`f?PJukInDCrdC$j`WRoiw<2)vOx8>ZC<|4B8a&LOrHxa-
zeI9bsvY-FibKp|4&e<QPu4B3Tc(ihBr>V|UUouPTu2;SPC5i;WBvQ^`+M|9;J9hTW
z{_*4e+*hs+e~ZHP<<kibE2Yo5b#-{aBR{s~XwR#Kmv@mQ+SGHQO_v%gE!p6C>od2_
zxq~(*A(11515U4T;KRzN6}=#8DNWmsdzc_ad2O@YnEzAVSFM<m{R<!V->5!-A?0jw
zVDDQV{jDxYrf1m#L#m%c=u$J8ear(;W)GmljF1Q)1>pVX4lA_<?y%RMRMQChuWxX_
z@D=gZe8fP_{M}~$@{$;}Br5O`9)?5l?$<oIMks-9(pFBu{5L&pW3})auS#O>Ol*i+
zZa_;1X2~3krw)4MKuVT7Mjt3Dt|a^JwRwR$0H22JXHmvaTK@d;^hhT%+o_U{uM@(>
z6MQ@PKL@7e?9pT?=|<SA;D~>m*9Z-tZN4ncv?Fc$jJR=2F`=CDx~l)RxU+Yjn<<2^
z5Zd=j9O87<G;U){rljUdvf~wRL%ePJ$d$3cIf&CTysp<X@(PU<Oe4zEKv%as*B=s1
zDgs$eH60ApUR^q&5Bv9fvj=mCI}u|QFik1MI;@VISg*u~MX%R#MtM*C6xYW611A~l
z`qgCZY<gP5u?4ul99C8}p%30I;%I-I11x5HZdIB0pd{B40PZV1W}OdYKn816S>5vQ
z6wz&O4<peE_F=R5GIqya+`YgvO(pcF+ydqbCN}6;=(J*nJ-5_qA*BL!J4R!;*4LZV
zu2iV)XIcefQ7{wL%np8IZ({w-G|s!F`0qTq^S_-Zul&p=Et-&SH~_zUpi!>4v#d7}
z))`Po(%0!#f9p<Ylb^RsnShxAB$}Qzv$lX3n-sIfm;{8sI?_Q%;EuFbsACf<K(L2R
zWkgg-R^jBm{`jw&bRTRv(c+?sVTXLWbO-wy9mWsga?YlAdVLqLqq#b%W&<eKh;x02
z8i*V)ts$&=aBtSkK^s^v8fb}8eB{|O0@kq7MNpKkp?~soLCS0qh^f@Vtvy#~BRi7L
z%av-fh1L{O<N(#okhT|Diigt7KE721(*%qi5yvWc4_?>BT+Wvh#0}AYiwCo5c6?3o
z!)imNIOp@bsy8O7&fiiJf{5^p+wvA}Q>z-#1U|g);mBUN>||5CuyXFz7~4<*3@%=W
z?igS7yd68gnSXH6yz6nU&^`lFSB@zhk-AW(5J%qfb?{RY^U8oUD4<+RJatiU_D1P|
zz&=Lej`v8!7;li^f9!j#^4>?W#|pvW{N5yM2{3PHzi057in#mEjW8<&4~yJM%*(23
zOi3Cn)?c2`xv=;$PR>}e;bOS*SC`tNPnUXyosB6tFC_zczqfR)3M=#0d$DvIRnzm~
z6VfUL+PBH?9G*eNPsm~47r+Yl)kE42O7j+hi4{jlFwawLSh-!BrE)*~0=M;Hie=RD
zM2&(}olEZM=KUmsNbNAbbO?Xl_iCOMJImkMs5fE4@_`|>{_5btnVbCuC_;lJJc%)L
zZ_k4JYBjogBgOS)a7Xh2Pebil)#XN?)k@*PM<#i|6)d&KI;q?4Qdi{FM?&J0)MCQ@
zb%O#2fB;vOY-IO#;`0e}a7Jpf42thTDX3{8cvQ=-*mtuZn*L5h6)#osaDQc-y~5KI
zx8+9aI{Ep<&#&rKTx%`Vtf(RJD@wC@)gnghvHkOduE9E4Kwi)4j!5j8{!gpbkXtz*
zo+<of;27wO(rHM0BBkzQrP}60KRD#HQ&*@u6;o&|ovWXJTSCXPF?Jpj4Hen{3Z)G?
zOer7vk5;v#yEwY2aHN_dR3%JfLtUiG7!)ao1trjp9{(%>Hz2)PChe<5atti*bM^0x
z-HMTV6{R^Xk%Pb;DP8`v3-v~o2g<Xmw-0BxqiJX21Z*w$Zu9jXhpOxs4Xse-B)X3U
z?edd89>lRLg%-bTF(%6iZrj?53SX{+di0Aqr_|-2bnBkiy`J91+{Y1U;DulFM#Sxz
z+Uy0$C#dLtT<30WzxwaiHkmP2s`kQIL*4p)1%-;8UD!Mw2$?ni3u@0#&BNk`3we(p
zz~EjQY2cDvZ^Pwycr>vX$(C2n3zp}0+d59_4bf*wYORsd(rzUqIMrXTGx6uJdWP53
z=j`m53w5M?xVje_K>9i#Ou!#A^T-HG4g@p8L_IFZ%tn9JscYYWLrMR67E@n_>E}Fm
z2S(n+8Qp92S^ZVGk5b!@fuJ|}_y*<*2J&%De1X~{D;Is-Xzoxb+z&h+C@)z<A-dNe
z=co81o>VKA+BxDyE8;U7!b9gC$1{o^EPTdURSs9>Qk8E6J#izT#2}&`ui0)cfx?z+
zOU$_w#Od0XBV`z$%rMY_({T2wdOoQGcZT*Ze^oN=AxZs5fY5!)HABIN3;Nyg-63Xf
z2F5N^Pa}cOfq!6OilcwS!rq0jP8WU2S1JB-%0R#)eqfui_RlnUVJG!|Ec<XG_3G8k
zfPxH<@4@Yf{-ydkl=#>Cb6DPRwgz`JtKA!+x&aa1s8-hnjkWODIdNrE@lOgAAi9;1
zyEHW^*SLWMKZqA)(*&n#HQuhcll)Ut3SA?jzl9}o03TQ%96a!n8aaO%FaqZJY#n&)
zDzV#!KkOOm2Pn8K&z^V|Kz5*CoO}8l^W~jLc{r#XkKnV?eMN~IuW4FN`A2rjHa&{E
zJ9@YEDsBHkk1edE>;AG$7bal9Yl%B_dTnQxQbT7KcEM^E^(zd>zooJzp_htg(tLe-
zpurPa3g;zEd>F)CxL_R7uJgzF|HEuAaHxr7wDl)*3?7_H=6@nl`o~0g27WdE|6$Xr
z#<TDiJ0~A7=(IN)+vy-6P%^~?`4v4-#Ob*G<pW(CU`Wf;*2XVZL@(eiYgYVC*Md%o
zpQ?4)Y-m#~4)>#80GJU>EvXhWFYZ~j*oky~Gcb9WjPO?0Wvhl$h{W=VeZmJf7R0wl
zluhzZEkYf2bR-lDlS4`GY(}TeF8;;@5E~m}s}xRDK!YLIu;P$yv&xcf+97!Ths^)z
z3pXa2L^&)br=amko#=EzWu+VCUc*gg6^Z%c0d3FoRrNiQYzA<iw!vqlqAPcnN;-}K
z6xGgwq<Jw*MjKLPLh4Xn%MEXfJv{<>?X-s#?tt3`Uen^AY?^@aIrZAT>6YU^z>DAt
z{FS2cVCE^hM}}B1M<rTY^B9Q>aY6?eBZikOiqskUZeAPOPr;jB0zxSZ@ii;GuUOnO
z)2wOh>x}u+-}_)%Ebu-U+=0yfsl91ALwtA==kz>w$B}7fUAdL;7gVfZ^IEo1f9ieq
z`FbSTry8HCS!2^Fkt-W(wW6v}@JQH5S3eL58W8Sc=RSCUXwyfueb@N)e9VTLgr{qM
zKJZcV!<5gJN%+^M-{4DvBTlU!_|)_IhLwTGPN<z1Be{s4c<R0aCF)EzE+WhC%V#~<
z0;SMWZ?k>g7B}(foz65%$e7&}p}Sl&?NrXDxim_!t(($}xZS}~&9=J9aFK<D>yi|x
zSKNR)ZPJ;wEi6)9TroUu_9weADLBXeCXC&FC(x=dgF!?bj>Vhs<@WLk#?d;&&K*z;
z5~R_&jVl4ABWU&u+hG1y_uI1nq3)?N{tH`d=Aw%tXLc?Dso;MIJ45Xp$-Kz}y<!}y
z-WlXOr~Qi-BXwxQfOtI;{8RDZnFE<2BBW3`S-+iZa<s|n8J;mf@?Uws<uh(IkYB!}
zUzr<Z`o#_e8RXM=2z}=sdf$j#FN%GRjc|HF0wd8RrWY%i7xYD*=MgIA*fwjax@&>c
zB>T=}=|fu>A3ioDtjuqgSbd~){<meJ0+HyflAtuFC|`r@ipfjr{a;IBlbL^(#9->T
zBecZtAu)N>l!>t3$|fGf1YJ~Q+I7~|vgwz1AyCicX`6L|im$^2?50&i-)v`3=CVE5
zR(UP|Z-8P!@-<-^S{$0_Mj`qOOMsunfw2Ci(d^3;4SfGF#YD?+4a&HcslWtqf;)A?
zJubmi7WC}uqxv_@YUb)0qc^!(C(e|qe?i5zBdEhiG$4M7^)j0Ojaa`sF0V9DsMyfb
zPLw`tD7N`Nezf4Yz-oMLQG>NSdCQ%NR^8cZ!GWoVguXW>Qe#tw4Fr6?*^5tQQ>9Gp
zb1`t&$hu=6;kCdAZ-{q?d&HyBbQv&cbPdcA!5F_f@gq5-CBXC}(%Y#=%PbPv{yjkf
zDF<$C<dgn12}Cd#OgnQ2wn?boOs4g8r9x^IJ7bODXqGpDsoBHBA#)SYJ&_~1Z9+Ul
zbzhOX;^&@*IqdXu3W{@4fB9_MB2BJeNU?YA1sx&u7tZZX6?KHbt4{qH_xj%1Rk#=j
zk6|MaA-zbq5k>3v?uI)x?pTee1Ht}ps+gt7Fr#Dhc(z&=(Zjm4<xPv6y_K4*tJBr)
zHuA-48GBcX)AowoiabQ$(bt7nbg&0g_QC_asYRLHuNP~l&%A6IEWSh5?B{Tw#USl;
z&Xyg#w3v`g@>o8(SoQ^6I@G_sLUOyg@q`KnJW#`n2$x(24yIefT0Bf+%U<qZ3~lI>
zyA2Ac-mYTHRqqH~j?f&m)gV|Qvy)_XkF=Aj?CPY6k~S3QDfZ~C&NAbN*7!+ujVM~K
zxy#>}^jv_S0BVv%rS8l6g(>Ysc8TL?Y&1>E!O?OF{%Dh#oXITHk}l5>j87-otWpmW
zs+%ZGnEU???pq%B-Ba9movmlfa#ev9p-4ni?5;0EggcVNYn8Nmj-Y^%m}_fhZ&Hnb
zqu-HjmuO`7?~?Rv{g+^I`8VCdDeFfFQ0~(6c}+HTV_K=ijxlAED*Ws-g-&&P!YYAc
zlq`}&QSz8E5pa|jQ%1wWQCdRLTFY9+U2^OAtkk7hRm1t?H!jq;Xm3bR4W+J_dLMb-
zViD@<0DCCD$)h*(Y)O2UHi!~9@*6}}R^a`za@=k+FBxJ$#+jUD*9PIm&#R<P4k>>W
zwSD?WZI6|wZ@Nx=9Sc*TvSxS<IgOJ+Z2m#b6(!<^jB<p_<eWp2f-t6Tmnxw3H&(3b
zpsm4T0dAAy*g!PEfy`fUgia*+Jf7`4W%2xlYV0fX?av8;qmLi6BEx+IJ&?rVZRNhB
zvAN3?4CcTF@jf(P?mh^tMBB0{Iv*2npTvVdK!L64s{fO>ZV)x8Aj_LB6aYobwude}
zNsn~0@u<1n%_+O0*n=1;X!p+a2Cc}N*?I?_R&7|gGV%M=%9_+@*kqO=uenk%25zM0
z{>HDUINmhXK5uby)<j`?TmR@9Jkb3s9Ojsqv1yvKE9t8WO+8v2MN=`$o_C69!ra?R
z?sXY`Dat<V_3`ZsNGd(CNbkIMVv*c0l3x5kP%@snecz-XYT+{XWHSW|_U!R>$2e&Z
zCf@O?O)c)82QhCz%z=Q?A7n8K(BH~E%*>`ohx|jRv4e-NPxt{!mO>NlWF>-u-1`|B
z>8scLh9V;-wZJX$n>5%%Kgr0K2j3GI>|b5I`2?ECR;sAwb=-B#lhOLH8e+$ZCPZD8
zBc%URqUjfn3B^V2LLhRU<VxeNl}%+IkFCMta>`uTU}eIhyVjj}2uuLCzatYh5-9L*
zU=y4002$4VNeV?GmA@aix*r6;O<e#_{Hg^HuKBxtrx`skRqWxd(B=OJTkK4cTjUJ9
zq}G!9X1X0R6n$>E8Uyss2pj*p%(?xHxHkp!XJKWjwpFUf)z$kinG|7tL_q6v9j9;G
zXYSV;4nX-*@F#FSV!w9*w-Nl+zBp#^L7#FT2hdmv;y-JBav$^P^}q7yc!n%b3dX92
z<dzT~Qo!;qucHvhL$eVD-NmJdLO0Xxkg}z>o>fZ66R23OQd8otr)2Q`M4y6mG2Bkb
zLXobp^i?#mF3B#LQoEg4GMlO6T(M;QnF(M*E7LuOvGpo+9A^0u5L6t6?r#kIiz%kR
zvBHa=NuC>fyfi(SxIKHmI(VaKcAf!#&HnG1V&!%SPncq4MZb{WH#5VIklD3P!-G=i
z`HzHeu{j<2C4CFyUxaU54wM*L&b|1F$?fg@M<UfDvK}uOLL}Svc8tBQUoR@Fj=itr
zchD^$-)ei8LBP}dw|>VR|E1rdd(o_@_czsu!qToL!u4gb3Bd$0t^gJ68e3_LL3Wdu
z(@BE@vixhmE6Q0}^p6p@)N3(dRIq9Do6(g7phHE^J>KY%G%W>(sQIOdyWnLDhEzSJ
zp*o3!ivF}CA@zzK75U`&u7cFs&D6#wXp9dLW={-T1^fqtHaqb(6~q9_%9YH{iMNMK
zd)x@3;t(@645_&}|Bc(R^7w@+-Nmz^0->vV$CIv_1KtHS_ub#Z9<er8X+sqTueO0q
ztEo_Vg>tUCh$w5aSf{I(t_g9LAB9t`I5xv6KI20pXOIqFW>3YBnS;Xl{=YiQz0m#3
zqdSSnB(~y@^zT!TVaF1+iV#`p^>=5MN-EL+=I0L2VNL!M`pthPJz;0~LWGm!s6||V
zQE!`#>)jR-jd+aXVE=IWy>pqz6!=epYX$a1+-|<rZ%wbnr~ld++Qli#g+SKkSA;&`
z(Aa%2R43dO1Jm|Y)!*g)4$yfb1m%R=kUVHG%~sQ{@8$Zy!-g!Zhvv~bQ8048QDDXQ
zIsaOi)Dr+WqEJk4hS5Kw9)I+#Mz{+o^jCO3`xu_nrs_a}cvD!D3pfX-cy!U=VZvPG
zF%qzN$?k0jpFqM`wAXtJDSq^@0dEJiZ^-cs>{k&}dG@xNk>m+?an?F)gK-*2iTItf
z*McKEO9f@%&PN#5w%m$R%cNa8vc^ZLAEA8QhR7#|AN;eHuqobIP!Bk<;=nJ&AYvOE
z>SLX1Yx9x`a|YOea5hZ8dC+)^G}Q6@9%V~~5%T1*7XL0GZ`Pexc<kk;wr>>ScNk%L
z!dQ81bR909=v&{@$<drzdR#9g90y+&VxJ{GROM(`0fXw$4?2>8$0rY-t{0Z0vWPGc
zr^5{I#Bs6s5c%(3A`#%pX6b$sWgfGq=IebP6H{J}*bH&G<_!%$j5+m1KbaEz`KUSo
zijh#@;KTMp90I(g21S^Te`2w>A<PY0t-hDyCz^Txvcem>Z*2pp#Gp9GI|NBjcn{A-
zce@oCruJZy3-L|1ax?QfUNg%vv~AfmP~X<laL3`%F?&+V0$tphQJht>O&0nF(6Rt`
z#BF)O(g#GBkUg_g9=mK=5v$iEA7`NeY2s(x=q^o}Vi<;VG+$0K6vGD^{pb*-j815n
z52hrLzI_F0<7L{h6*IyfcGP!XWT2iP4V(F+_>^s{r15OqIeJ#nr#RK6#JQL186-5E
zBDQJ@e(`)h@{3i>oXUb!Hj81nm#_IgL4d#Mf|28>-Xy}UPxSk1xR>2j))AHh*N(3#
ztv>#HJGge3zNF5=a+1GqMoyi^PJ>9z{rCWncgCm5XM<Zc67_hej|XWbpO(w%OAdd3
z7kp~-tixnhT;i{rLwL192935hx1#^`M8FTg`>fEg7FBmN<{Se2PfSQ!u;`uc=l=!e
C>+h@p

literal 0
HcmV?d00001

diff --git a/scripts/automation/Radius/multi_group_radius.ps1 b/scripts/automation/Radius/multi_group_radius.ps1
new file mode 100644
index 000000000..d1db47c41
--- /dev/null
+++ b/scripts/automation/Radius/multi_group_radius.ps1
@@ -0,0 +1,130 @@
+# Get the config path, set this value
+$configPath = "$PSScriptRoot/config.ps1"
+# define the PSD1 path:
+$psd1Path = "$PSScriptRoot/JumpCloud-Radius.psd1"
+$logPath = "$PSScriptRoot/log.txt"
+# define data file path:
+$dataFilePath = "$PSScriptRoot/data/radiusMembers.json"
+$certHashFilePath = "$PSScriptRoot/data/certHash.json"
+
+Function Write-ToLog {
+    [CmdletBinding()]
+    Param
+    (
+        [Parameter(Mandatory = $true, ValueFromPipelineByPropertyName = $true)][ValidateNotNullOrEmpty()][Alias("LogContent")][string]$Message
+        , [Parameter(Mandatory = $false)][Alias('LogPath')][string]$Path = "$logPath"
+    )
+    Begin {
+        $FormattedDate = Get-Date -Format "yyyy-MM-dd HH:mm:ss"
+        # If attempting to write to a log file in a folder/path that doesn't exist create the file including the path.
+        If (!(Test-Path $Path)) {
+            Write-Verbose "Creating $Path."
+            New-Item $Path -Force -ItemType File
+        }
+        # check that the log file is not too large:
+        $currentLog = get-item $path
+        if ($currentLog.Length -ge 5000000) {
+            # if log is larger than 5MB, rename the log to log.old.txt and create a new log file
+            copy-item -path $path -destination "$path.old" -force
+            New-Item $Path -Force -ItemType File
+        }
+
+    }
+    process {
+        Switch ($Level) {
+            'Error' {
+                Write-Error $Message
+                $LevelText = 'ERROR:'
+            }
+            'Warn' {
+                Write-Warning $Message
+                $LevelText = 'WARNING:'
+            }
+            'Info' {
+                Write-Verbose $Message
+                $LevelText = 'INFO:'
+            }
+        }
+    }
+    end {
+        # Write log entry to $Path
+        "$FormattedDate $LevelText $Message" | Out-File -FilePath $Path -Append
+    }
+}
+
+Write-ToLog -Message ('########### Begin Radius Deployment ###########')
+
+Write-ToLog -Message ('Begin setting environment variables')
+#TODO: validate the paths exist ^^
+$EncryptedCertData = Get-Content "$PSScriptRoot/keyCert.encrypted"
+$env:certKeyPassword = $EncryptedCertData | ConvertTo-SecureString | ConvertFrom-SecureString -AsPlainText
+$EncryptedData = Get-Content "$PSScriptRoot/key.encrypted"
+$env:JCAPIKEY = $EncryptedData | ConvertTo-SecureString | ConvertFrom-SecureString -AsPlainText
+# validate that the jumpcloud API key is set as an ENV var
+if ( -not $env:certKeyPassword) {
+    throw "the Cert Key Password is not set, please set the cert key password as an Env variable"
+}
+# validate API key
+if ( -not $env:JCAPIKEY) {
+    throw "the Api Key is not set, please set the API key as an Env variable"
+} else {
+    Write-ToLog -Message ("Connecting to JumpCloud Organization")
+    import-module jumpcloud
+    Connect-JCOnline -JumpCloudApiKey $env:JCAPIKEY -force
+}
+
+# Define list of Radius User Group IDs:
+$radiusUserGroups = @(
+    @{"US-Radius" = '5f3171a9232e1113939dd6a2' }
+    @{"US-Dairy-Farmers" = '664e50582d9c0e000143ee97' }
+    @{"AK-Farmers" = '5f7f418a1f247569e35070f1' }
+)
+
+# For each group, update the config and
+foreach ($radiusGroup in $radiusUserGroups) {
+    <# $currentItemName is the current item #>
+    Write-ToLog -Message ("Processing Radius User Group: $($radiusGroup.keys) | $($radiusGroup.values) ")
+    Write-Warning "Processing Radius User Group: $($radiusGroup.keys) | $($radiusGroup.values) "
+    # set the contents of the config for each user groupID
+    $configContent = Get-Content -path $configPath
+    # Update the userGroupID:
+    $configContent -replace ('\$Global:JCR_USER_GROUP = *.+', "`$Global:JCR_USER_GROUP = `"$($radiusGroup.values)`"") | Set-Content -Path $configPath
+    # remove the radius members data file:
+    if (Test-Path -Path $dataFilePath) {
+        Remove-Item $dataFilePath -Force
+    }
+    # remove the cert hash data file:
+    if (Test-Path -Path $certHashFilePath) {
+        Remove-Item $certHashFilePath -Force
+    }
+    # force import the radius module
+    Import-Module "$psd1Path" -Force
+    # this will generate a new user-to-association report and update the cached data of your radius group membership
+    Write-ToLog -Message ("Begin updating global variables")
+    Get-JCRGlobalVars -force *>> $logPath
+
+    # # next generate user certificates for "new" users only — users who have not yet had a certificate generated
+    Write-ToLog -Message ("Begin Certificate Generation")
+    Start-GenerateUserCerts -type "New" *>> $logPath
+    Write-ToLog -Message ("Finished Certificated Generation")
+
+    # # Some users will have a cert already but it might be expiring soon, if those users are set to expire within 15 days, generate a new cert
+    Write-ToLog -Message ("Begin Replacement of Certs Expiring Soon")
+    Start-GenerateUserCerts -type ExpiringSoon -forceReplaceCerts *>> $logPath
+    Write-ToLog -Message ("Finished Replacement of Certs Expiring Soon")
+
+    Write-ToLog -Message ("Begin Certificate Deployment")
+    # # distribute those new certificates
+    Start-DeployUserCerts -type "New" -forceInvokeCommands *>> $logPath
+    Write-ToLog -Message ("End Certificate Deployment")
+
+    # # Write Report
+    if (-Not (test-path -Path "$PSScriptRoot/reports/")) {
+        New-Item -Path "$PSScriptRoot/" -ItemType Directory -Name reports
+    }
+    Write-ToLog -Message ("Begin Report Generation")
+    Get-JCRCertReport -ExportFilePath "$PSScriptRoot/reports/$($radiusGroup.keys)_report.csv"
+    Write-ToLog -Message ("End Report Generation")
+}
+Write-ToLog -Message ('########### End Radius Deployment ###########')
+exit
\ No newline at end of file
diff --git a/scripts/automation/Radius/readme.md b/scripts/automation/Radius/readme.md
index 84ced7860..6de84c62a 100644
--- a/scripts/automation/Radius/readme.md
+++ b/scripts/automation/Radius/readme.md
@@ -274,6 +274,100 @@ Before Connecting, users can view the authentication source. Click "Connect" to
 
 The user should then be connected to the radius network.
 
+## Automation Scripts
+
+The generation and distribution of certificates with Radius Certificate Module can be automated with the [multi_group_radius](./multi_group_radius.ps1) script found in this repository. This script should serve as just an example of how to automate this, there are numerous ways in which this can be achieved.
+
+For the purpose of this example, we'll assume:
+
+- A self-hosted Windows System is acting as a scripting server
+- All of the requirements from the Radius Certificate Module have been met/ software installed on that server
+- A scheduled task can be run on this device
+
+### Automation Setup
+
+In order to automate these scripts, our scripted example solution needs to know how to get the values of your JumpCloud Organization API Key and the secret password saved when the CA was generated. In the following example, these values will be saved as secure strings.
+
+On the self-hosted Windows system, create a location on the scripting server to host the Radius project directory. Within this directory and signed in as the user administering these certificates, open a powershell 7 terminal window.
+
+CD into this location root and run the following
+
+```powershell
+$APIKeyString = "yourAPIKEY"
+$APIKeySecureString = ConvertTo-SecureString -String $APIKeyString -AsPlainText -Force
+$EncryptedKey = ConvertFrom-SecureString $APIKeySecureString
+$EncryptedKey | Out-File -FilePath ".\key.encrypted"
+```
+
+This should save a "key.encrypted" file containing your API Key to the root of the Radius directory. When the Multi_Group_Radius script runs it'll connected to your organization using the contents of this file and the authentication data stored in the scheduled task.
+
+Encrypt the CA key password. Copy the following into the same PowerShell window:
+
+```powershell
+$CertKeyPass = "yourCertPass"
+$CertKeySecurePass = ConvertTo-SecureString -String $CertKeyPass -AsPlainText -Force
+$EncryptedKey = ConvertFrom-SecureString $CertKeySecurePass
+$EncryptedKey | Out-File -FilePath ".\keyCert.encrypted"
+```
+
+This should save a "keyCert.encrypted" file containing your API Key to the root of the Radius directory. This file is used to set your CA Private Key variable during the Multi_Group_Radius operation.
+
+If the [multi_group_radius](./multi_group_radius.ps1) script is not already in the project root, copy it to the root directory of the Radius project.
+
+Edit the file and name each Radius User Group you wish to generate and distribute certificates for.
+
+```powershell
+# Define list of Radius User Group IDs:
+$radiusUserGroups = @(
+    @{"US-Radius" = '5f3171a9232e1113939dd6a2' }
+    @{"US-Dairy-Farmers" = '664e50582d9c0e000143ee97' }
+    @{"AK-Farmers" = '5f7f418a1f247569e35070f1' }
+)
+```
+
+The names should correspond to the userGroupIDs of each user group. Note. Multiple user groups are not required, if you only wish to automate one single group just list the single user group name and the user group ID in the $radiusUserGroups list.
+
+#### Running the Multi Group Radius script
+
+At this point, if you’ve set everything already, you should be able to just change directories into the Radius folder and run the script “MultiGroupRadius.ps1”
+
+The script will generate and deploy user certificates for each user in the defined groups.
+![script running](./images/mgr_running.png)
+
+#### Scheduling the Multi Group Radius script
+
+The Multi Group Radius script can be scheduled with Windows Task Scheduler
+
+Create a task
+![Create a task](./images/create_task.png)
+
+Define a trigger time for the task to run
+![Task Schedule](./images/task_schedule.png)
+
+Add an action to "Start A Program"
+Under the Program/ script field add: `"C:\Program Files\PowerShell\7\pwsh.exe"`
+Under the Add Arguments add: `-ExecutionPolicy ByPass -File "C:\Users\yourUsername\path\to\Radius\MultiGroupRadius.ps1"`
+![Task Action](./images/task_action.png)
+
+When you click Okay and save the task it should prompt for your user account password. Enter the value and click OK
+![Password Prompt](./images/pass_prompt.png)
+
+The task should run at the scheduled time. You can also kick off the task manually by pressing the run button from the task scheduler.
+![Task Running](./images/task_running.png)
+
+After running the task, user certs for each user group should be added to the `/Radius/UserCerts` directory:
+![User Cert List](./images/user_cert_list.png)
+
+Every user with a system association should have a command generated and queued for installatioon if they do not already have the current generated certificate installed.
+![Command List](./images/command_list.png)
+
+#### Logging
+
+Each time the script runs there should be a corresponding log generated in the Radius Directory titled “log.txt”. Below is a sample screenshot showing one of the two of the user groups I’ve generated/ deployed certs for.
+![Log Example](./images/log_example.png)
+
+New events will be appended to this log file until the log is greater than 5mb. At that point the log will be copied to a new file log.txt.old and a new log will be created to prevent excess log data from being stored.
+
 ### Troubleshooting
 
 #### Clearing Commands Queue

From 94c8081e6c161dc8dc3087ff777bbb347f511c6f Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Fri, 28 Feb 2025 13:14:39 -0700
Subject: [PATCH 177/346] spacing in readme

---
 scripts/automation/Radius/readme.md | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/scripts/automation/Radius/readme.md b/scripts/automation/Radius/readme.md
index 6de84c62a..1111a34f8 100644
--- a/scripts/automation/Radius/readme.md
+++ b/scripts/automation/Radius/readme.md
@@ -332,6 +332,7 @@ The names should correspond to the userGroupIDs of each user group. Note. Multip
 At this point, if you’ve set everything already, you should be able to just change directories into the Radius folder and run the script “MultiGroupRadius.ps1”
 
 The script will generate and deploy user certificates for each user in the defined groups.
+
 ![script running](./images/mgr_running.png)
 
 #### Scheduling the Multi Group Radius script
@@ -339,31 +340,39 @@ The script will generate and deploy user certificates for each user in the defin
 The Multi Group Radius script can be scheduled with Windows Task Scheduler
 
 Create a task
+
 ![Create a task](./images/create_task.png)
 
 Define a trigger time for the task to run
+
 ![Task Schedule](./images/task_schedule.png)
 
 Add an action to "Start A Program"
 Under the Program/ script field add: `"C:\Program Files\PowerShell\7\pwsh.exe"`
 Under the Add Arguments add: `-ExecutionPolicy ByPass -File "C:\Users\yourUsername\path\to\Radius\MultiGroupRadius.ps1"`
+
 ![Task Action](./images/task_action.png)
 
 When you click Okay and save the task it should prompt for your user account password. Enter the value and click OK
+
 ![Password Prompt](./images/pass_prompt.png)
 
 The task should run at the scheduled time. You can also kick off the task manually by pressing the run button from the task scheduler.
+
 ![Task Running](./images/task_running.png)
 
 After running the task, user certs for each user group should be added to the `/Radius/UserCerts` directory:
+
 ![User Cert List](./images/user_cert_list.png)
 
 Every user with a system association should have a command generated and queued for installatioon if they do not already have the current generated certificate installed.
+
 ![Command List](./images/command_list.png)
 
 #### Logging
 
 Each time the script runs there should be a corresponding log generated in the Radius Directory titled “log.txt”. Below is a sample screenshot showing one of the two of the user groups I’ve generated/ deployed certs for.
+
 ![Log Example](./images/log_example.png)
 
 New events will be appended to this log file until the log is greater than 5mb. At that point the log will be copied to a new file log.txt.old and a new log will be created to prevent excess log data from being stored.

From b991b6d9c996e098f03e5ed6a6ab5ccdd7339648 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Thu, 20 Mar 2025 13:23:38 -0600
Subject: [PATCH 178/346] update tests to validate commandNames in users.json

---
 .../Public/Start-DeployUserCerts.Tests.ps1      | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
index c4a04f38a..58777e308 100644
--- a/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
@@ -569,6 +569,23 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
             $testUserData.commandAssociations.commandId | Should -Contain $windowsCmdAfter.id
             $testUserData.commandAssociations.commandId | Should -Contain $macCmdAfter.id
         }
+        It "When the commands are generated the names of the command should match the predetermined naming structure" {
+            # Run Start Deploy User Certs by username
+            Start-DeployUserCerts -type ByUsername -username $user.username
+
+            $macCommand = Get-JcSdkCommand -Filter @("trigger:eq:$($($certData.sha1))", "commandType:eq:mac")
+            $windowsCommand = Get-JcSdkCommand -Filter @("trigger:eq:$($($certData.sha1))", "commandType:eq:windows")
+
+            # macCommand name should be set correctly
+            $macCommand.Name | Should -Match "RadiusCert-Install:$($user.username):MacOSX"
+            # windowsCommand name should be set correctly
+            $windowsCommand.Name | Should -Match "RadiusCert-Install:$($user.username):Windows"
+
+            # validate that the command names are recorded correctly in the users.json file
+            $userData = Get-UserFromTable -username $user.username
+            $userData.commandAssociations.commandName | Should -Contain "RadiusCert-Install:$($user.username):MacOSX"
+            $userData.commandAssociations.commandName | Should -Contain "RadiusCert-Install:$($user.username):Windows"
+        }
     }
     Context 'Force Generate Certificate Tests' {
         BeforeEach {

From cb251cd3cc339f11ddb7a526f262c2019e36cf7c Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Thu, 20 Mar 2025 13:25:36 -0600
Subject: [PATCH 179/346] get the correct command name

---
 .../Private/CertDeployment/Deploy-UserCertificate.ps1         | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1 b/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
index 6e2d8a4a5..868ea9763 100644
--- a/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
@@ -550,7 +550,7 @@ fi
                     $workToBeDone.macOSCommandID = $Command.Id
 
                     $CommandTable = [PSCustomObject]@{
-                        commandId            = $command.Id
+                        commandId            = $workToBeDone.macOSCommandID
                         commandName          = $command.name
                         commandPreviouslyRun = $false
                         commandQueued        = $false
@@ -569,7 +569,7 @@ fi
             if (-Not ($workToBeDone.forceGenerateMacOSCommands) -And ($workToBeDone.macOSCommandID)) {
                 $systemIds = (Get-SystemsThatNeedCertWork -userData $user -osType "macOS")
 
-                $Command = Get-JcSdkCommand -Filter @("trigger:eq:$($certInfo.sha1)", "commandType:eq:windows")
+                $Command = Get-JcSdkCommand -Filter @("trigger:eq:$($certInfo.sha1)", "commandType:eq:mac")
                 $CommandTable = [PSCustomObject]@{
                     commandId            = $workToBeDone.macOSCommandID
                     commandName          = $command.name

From 207f1eeafe902d9bca793b0d1f4795d7a1a77c72 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Thu, 20 Mar 2025 13:36:55 -0600
Subject: [PATCH 180/346] userID not username to get userdata

---
 .../Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
index 58777e308..ab8508490 100644
--- a/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
@@ -582,7 +582,7 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
             $windowsCommand.Name | Should -Match "RadiusCert-Install:$($user.username):Windows"
 
             # validate that the command names are recorded correctly in the users.json file
-            $userData = Get-UserFromTable -username $user.username
+            $userData = Get-UserFromTable -userId $user.id
             $userData.commandAssociations.commandName | Should -Contain "RadiusCert-Install:$($user.username):MacOSX"
             $userData.commandAssociations.commandName | Should -Contain "RadiusCert-Install:$($user.username):Windows"
         }

From 239c29b79ab11de17dc10574b4905480d5be228c Mon Sep 17 00:00:00 2001
From: Geoffrey Wein <geoffrey.wein@jumpcloud.com>
Date: Mon, 24 Mar 2025 11:37:55 -0600
Subject: [PATCH 181/346] Create New-JCRadiusConfig.ps1

---
 .../Private/Config/New-JCRadiusConfig.ps1     | 25 +++++++++++++++++++
 1 file changed, 25 insertions(+)
 create mode 100644 scripts/automation/Radius/Functions/Private/Config/New-JCRadiusConfig.ps1

diff --git a/scripts/automation/Radius/Functions/Private/Config/New-JCRadiusConfig.ps1 b/scripts/automation/Radius/Functions/Private/Config/New-JCRadiusConfig.ps1
new file mode 100644
index 000000000..fa0252751
--- /dev/null
+++ b/scripts/automation/Radius/Functions/Private/Config/New-JCRadiusConfig.ps1
@@ -0,0 +1,25 @@
+function New-JCRadiusConfig {
+    [CmdletBinding()]
+    param()
+
+    $ModulePath = "$env:PSModulePath/JCRadius"
+    $ConfigFilePath = "$ModulePath/config.json"
+
+    if (-not (Test-Path -Path $ConfigFilePath)) {
+        try {
+            # Create the directory if it doesn't exist
+            if (-not (Test-Path -Path $ModulePath)) {
+                New-Item -ItemType Directory -Path $ModulePath -Force | Out-Null
+            }
+
+            # Create the blank JSON file
+            @{} | ConvertTo-Json | Out-File -FilePath $ConfigFilePath -Force
+
+            Write-Verbose "[status] Created blank config.json at $ConfigFilePath"
+        } catch {
+            Write-Error "[error] Failed to create config.json: $($_.Exception.Message)"
+        }
+    } else {
+        Write-Verbose "[status] config.json already exists at $ConfigFilePath"
+    }
+}
\ No newline at end of file

From 672224c2ad1205a2ec3b46f65ad532774bb104e3 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 26 Mar 2025 10:41:25 -0600
Subject: [PATCH 182/346] Rename module

---
 .../Radius/{JumpCloud-Radius.psd1 => JumpCloud.Radius.psd1}  | 4 ++--
 .../Radius/{JumpCloud-Radius.psm1 => JumpCloud.Radius.psm1}  | 0
 scripts/automation/Radius/Start-RadiusDeployment.ps1         | 5 ++++-
 .../Radius/Tests/ModuleValidation/ModuleVersion.Tests.ps1    | 2 +-
 scripts/automation/Radius/Tests/SetupRadiusOrg.ps1           | 2 +-
 scripts/automation/Radius/multi_group_radius.ps1             | 4 +---
 6 files changed, 9 insertions(+), 8 deletions(-)
 rename scripts/automation/Radius/{JumpCloud-Radius.psd1 => JumpCloud.Radius.psd1} (97%)
 rename scripts/automation/Radius/{JumpCloud-Radius.psm1 => JumpCloud.Radius.psm1} (100%)

diff --git a/scripts/automation/Radius/JumpCloud-Radius.psd1 b/scripts/automation/Radius/JumpCloud.Radius.psd1
similarity index 97%
rename from scripts/automation/Radius/JumpCloud-Radius.psd1
rename to scripts/automation/Radius/JumpCloud.Radius.psd1
index 2f1694297..8f5107900 100644
--- a/scripts/automation/Radius/JumpCloud-Radius.psd1
+++ b/scripts/automation/Radius/JumpCloud.Radius.psd1
@@ -1,5 +1,5 @@
 #
-# Module manifest for module 'JumpCloud-Radius'
+# Module manifest for module 'JumpCloud.Radius'
 #
 # Generated by: jworkman
 #
@@ -9,7 +9,7 @@
 @{
 
     # Script module or binary module file associated with this manifest.
-    RootModule        = 'JumpCloud-Radius.psm1'
+    RootModule        = 'JumpCloud.Radius.psm1'
 
     # Version number of this module.
     ModuleVersion     = '2.0.0'
diff --git a/scripts/automation/Radius/JumpCloud-Radius.psm1 b/scripts/automation/Radius/JumpCloud.Radius.psm1
similarity index 100%
rename from scripts/automation/Radius/JumpCloud-Radius.psm1
rename to scripts/automation/Radius/JumpCloud.Radius.psm1
diff --git a/scripts/automation/Radius/Start-RadiusDeployment.ps1 b/scripts/automation/Radius/Start-RadiusDeployment.ps1
index 8dbf16002..857e78924 100644
--- a/scripts/automation/Radius/Start-RadiusDeployment.ps1
+++ b/scripts/automation/Radius/Start-RadiusDeployment.ps1
@@ -13,7 +13,10 @@ if ($JCAPIKEY.length -ne 40) {
 $global:JCScriptRoot = $PSScriptRoot
 
 # Import the functions
-Import-Module "$JCScriptRoot/JumpCloud-Radius.psm1" -DisableNameChecking -Force
+Import-Module "$JCScriptRoot/JumpCloud.Radius.psm1" -DisableNameChecking -Force
+
+# Check for Module Updates
+Update-JCRModule
 
 # Show user selection
 do {
diff --git a/scripts/automation/Radius/Tests/ModuleValidation/ModuleVersion.Tests.ps1 b/scripts/automation/Radius/Tests/ModuleValidation/ModuleVersion.Tests.ps1
index 5b3a702e9..495bd0df3 100644
--- a/scripts/automation/Radius/Tests/ModuleValidation/ModuleVersion.Tests.ps1
+++ b/scripts/automation/Radius/Tests/ModuleValidation/ModuleVersion.Tests.ps1
@@ -2,7 +2,7 @@ Describe "Module Version Tests" -Tag "ModuleValidation" {
 
     It "The versions across the module should match" {
         # Get the PSD1 file and Config.ps1
-        $PSD1 = Test-ModuleManifest -Path "$PSScriptRoot/../../JumpCloud-Radius.psd1"
+        $PSD1 = Test-ModuleManifest -Path "$PSScriptRoot/../../JumpCloud.Radius.psd1"
         $config = Get-Content -Path "$PSScriptRoot/../../Config.ps1" -Raw
         # get the psd1 version
         $psd1Version = $PSD1.version
diff --git a/scripts/automation/Radius/Tests/SetupRadiusOrg.ps1 b/scripts/automation/Radius/Tests/SetupRadiusOrg.ps1
index 19b0330e4..41be97310 100644
--- a/scripts/automation/Radius/Tests/SetupRadiusOrg.ps1
+++ b/scripts/automation/Radius/Tests/SetupRadiusOrg.ps1
@@ -80,4 +80,4 @@ if ($IsMacOS) {
 }
 
 $env:certKeyPassword = "TestCertificate123!@#"
-Import-Module "$psscriptRoot/../JumpCloud-Radius.psd1" -Force
\ No newline at end of file
+Import-Module "$psscriptRoot/../JumpCloud.Radius.psd1" -Force
\ No newline at end of file
diff --git a/scripts/automation/Radius/multi_group_radius.ps1 b/scripts/automation/Radius/multi_group_radius.ps1
index d1db47c41..d315da3bd 100644
--- a/scripts/automation/Radius/multi_group_radius.ps1
+++ b/scripts/automation/Radius/multi_group_radius.ps1
@@ -1,7 +1,7 @@
 # Get the config path, set this value
 $configPath = "$PSScriptRoot/config.ps1"
 # define the PSD1 path:
-$psd1Path = "$PSScriptRoot/JumpCloud-Radius.psd1"
+$psd1Path = "$PSScriptRoot/JumpCloud.Radius.psd1"
 $logPath = "$PSScriptRoot/log.txt"
 # define data file path:
 $dataFilePath = "$PSScriptRoot/data/radiusMembers.json"
@@ -76,8 +76,6 @@ if ( -not $env:JCAPIKEY) {
 # Define list of Radius User Group IDs:
 $radiusUserGroups = @(
     @{"US-Radius" = '5f3171a9232e1113939dd6a2' }
-    @{"US-Dairy-Farmers" = '664e50582d9c0e000143ee97' }
-    @{"AK-Farmers" = '5f7f418a1f247569e35070f1' }
 )
 
 # For each group, update the config and

From 25b6c4cb51296f6e780601856a89ea8b594bdc37 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 26 Mar 2025 10:47:54 -0600
Subject: [PATCH 183/346] hide radius files

---
 .gitignore | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.gitignore b/.gitignore
index 9ee439031..fadc0068e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -20,6 +20,8 @@
 /scripts/automation/Radius/data/*
 /scripts/automation/Radius/Cert/Backups/*.pem
 /scripts/automation/Radius/Cert/Backups/*.zip
+/scripts/automation/Radius/*.encrypted
+/scripts/automation/Radius/log.txt
 
 __pycache__/
 *.pyc

From fe0ff971fd9ce0b17a3a5a3f9cff3db0417fe4e2 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 26 Mar 2025 10:48:38 -0600
Subject: [PATCH 184/346] hire reports

---
 .gitignore | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.gitignore b/.gitignore
index fadc0068e..a9a397178 100644
--- a/.gitignore
+++ b/.gitignore
@@ -22,6 +22,7 @@
 /scripts/automation/Radius/Cert/Backups/*.zip
 /scripts/automation/Radius/*.encrypted
 /scripts/automation/Radius/log.txt
+/scripts/automation/Radius/reports/*
 
 __pycache__/
 *.pyc

From 677d499643589a9c73229d7e90c92680340a40e2 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 26 Mar 2025 14:31:08 -0600
Subject: [PATCH 185/346] first pass on update module function

---
 .../Public/Module/Update-JCRModule.ps1        | 88 +++++++++++++++++++
 1 file changed, 88 insertions(+)
 create mode 100644 scripts/automation/Radius/Functions/Public/Module/Update-JCRModule.ps1

diff --git a/scripts/automation/Radius/Functions/Public/Module/Update-JCRModule.ps1 b/scripts/automation/Radius/Functions/Public/Module/Update-JCRModule.ps1
new file mode 100644
index 000000000..43c580a57
--- /dev/null
+++ b/scripts/automation/Radius/Functions/Public/Module/Update-JCRModule.ps1
@@ -0,0 +1,88 @@
+function Update-JCRModule {
+    [CmdletBinding()]
+    param (
+        [Parameter(HelpMessage = 'ByPasses user prompts.')][Switch]$Force
+
+    )
+    begin {
+        # JumpCloud Module Name
+        $ModuleName = 'JumpCloud.Radius'
+        # for testing allow swtich to change repo
+        $localPSRepo = $true
+        $repo = if ($localPSRepo) {
+            "localPSRepo"
+        } else {
+            "PSGallery"
+        }
+    }
+    process {
+        # get the latest module
+        $latestModule = Find-Module -Name $ModuleName -Repository $repo
+        # get the currently installed module
+        $currentModule = Get-InstalledModule -Name $ModuleName
+
+        # compare the versions
+        if ($latestModule.Version -gt $currentModule.Version) {
+            Write-Host "A new version of the $ModuleName module is available: $($latestModule.Version) (current version: $($currentModule.Version))."
+            Write-Host "You can update the module by running: Update-Module -Name $ModuleName"
+        } else {
+            Write-Host "You have the latest version of the $ModuleName module: $($currentModule.Version)."
+        }
+
+        # prompts to update if force param is not set
+        if (-not $Force) {
+            Do {
+                Write-Host ('Enter ''Y'' to update the ' + $ModuleName + ' PowerShell module to the latest version or enter ''N'' to cancel:')
+                Write-Host (' ') -NoNewline
+                $UserInput = Read-Host
+            }
+            Until ($UserInput.ToUpper() -in ('Y', 'N'))
+        }
+        Else {
+            $UserInput = 'Y'
+        }
+
+        # if the user pressed "N" then exit
+        if ($UserInput.ToUpper() -eq 'N') {
+            Write-Host "Update cancelled."
+            continue
+        } else {
+            # else get the module config from the current module:
+            # TODO: get the json config with the private function not created yet
+
+            # now, attempt to update the module
+            try {
+                Update-Module -Name $ModuleName
+            } catch {
+                Write-Error "Failed to update the module: $_"
+            }
+
+            # Get the installed module versions
+            $installedModules = Get-InstalledModule -Name $moduleName -AllVersions
+
+            # Remove the modules from the current session
+            Get-Module -Name:($ModuleName) -ListAvailable -All | Remove-Module -Force
+
+            # uninstall the older versions
+            foreach ($module in $installedModules) {
+                if ($module.Version -ne $latestModule.Version) {
+                    Uninstall-Module -Name $ModuleName -RequiredVersion $module.Version -Force
+                }
+            }
+
+            # now validate the modules
+            $currentModule = Get-InstalledModule -Name $ModuleName
+            if ($currentModule.Version -eq $latestModule.Version) {
+                Write-Host "The $ModuleName module has been updated to version $($currentModule.Version)."
+            } else {
+                Write-Error "Failed to update the module to the latest version."
+            }
+            Import-module -Name $ModuleName -Force
+
+        }
+    }
+    end {
+
+    }
+
+}
\ No newline at end of file

From f8d97c0ec01ede77f4a0e0f8bf56c185d575c0dd Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 26 Mar 2025 14:57:19 -0600
Subject: [PATCH 186/346] move Start-RadiusDeployment

---
 .../Public}/Start-RadiusDeployment.ps1               |  0
 scripts/automation/Radius/JumpCloud.Radius.psd1      |  4 ++--
 scripts/automation/Radius/JumpCloud.Radius.psm1      | 12 ++++++++----
 3 files changed, 10 insertions(+), 6 deletions(-)
 rename scripts/automation/Radius/{ => Functions/Public}/Start-RadiusDeployment.ps1 (100%)

diff --git a/scripts/automation/Radius/Start-RadiusDeployment.ps1 b/scripts/automation/Radius/Functions/Public/Start-RadiusDeployment.ps1
similarity index 100%
rename from scripts/automation/Radius/Start-RadiusDeployment.ps1
rename to scripts/automation/Radius/Functions/Public/Start-RadiusDeployment.ps1
diff --git a/scripts/automation/Radius/JumpCloud.Radius.psd1 b/scripts/automation/Radius/JumpCloud.Radius.psd1
index 8f5107900..1eb8c426d 100644
--- a/scripts/automation/Radius/JumpCloud.Radius.psd1
+++ b/scripts/automation/Radius/JumpCloud.Radius.psd1
@@ -30,7 +30,7 @@
     Copyright         = '(c) jworkman. All rights reserved.'
 
     # Description of the functionality provided by this module
-    # Description = ''
+    Description       = 'Module for managing JumpCloud Radius user certificates.'
 
     # Minimum version of the PowerShell engine required by this module
     PowerShellVersion = '7.0.0'
@@ -70,7 +70,7 @@
 
     # Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export.
     FunctionsToExport = 'Start-DeployUserCerts', 'Start-GenerateRootCert',
-    'Start-GenerateUserCerts', 'Start-MonitorCertDeployment', 'Get-JCRGlobalVars', 'Get-JCRCertReport'
+    'Start-GenerateUserCerts', 'Start-MonitorCertDeployment', 'Get-JCRGlobalVars', 'Get-JCRCertReport', 'Start-RadiusDeployment'
 
     # Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export.
     CmdletsToExport   = @()
diff --git a/scripts/automation/Radius/JumpCloud.Radius.psm1 b/scripts/automation/Radius/JumpCloud.Radius.psm1
index 269bfd823..91b074753 100644
--- a/scripts/automation/Radius/JumpCloud.Radius.psm1
+++ b/scripts/automation/Radius/JumpCloud.Radius.psm1
@@ -23,11 +23,13 @@ Foreach ($Import in $Public) {
 # set script root:
 $global:JCScriptRoot = "$PSScriptRoot"
 
-# import config:
-. "$JCScriptRoot/Config.ps1"
+# # import config:
+# . "$JCScriptRoot/Config.ps1"
 # try to get the settings file, create new one if it does not exist:
 $global:JCRConfig = Get-JCRSettingsFile
 
+# from the settings file we should have a location for the certs and user certs
+
 # if the Certs / UserCerts directories do not exist, create them
 if (-Not (Test-Path -Path "$JCScriptRoot/Cert" -PathType Container)) {
     New-Item -Path "$JCScriptRoot/Cert" -ItemType Directory
@@ -37,5 +39,7 @@ if (-Not (Test-Path -Path "$JCScriptRoot/UserCerts" -PathType Container)) {
     New-Item -Path "$JCScriptRoot/UserCerts" -ItemType Directory
 }
 
-# Get global variables or update if necessary
-Get-JCRGlobalVars
+# # Get global variables or update if necessary
+# Get-JCRGlobalVars
+# Export module member
+Export-ModuleMember -Function $Public.BaseName -Alias *

From 1dcd26e2648d595c5f128c809c94db66de83f86d Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 26 Mar 2025 15:06:00 -0600
Subject: [PATCH 187/346] create public functions

---
 .../Public/Start-RadiusDeployment.ps1         | 83 ++++++++++---------
 1 file changed, 43 insertions(+), 40 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Public/Start-RadiusDeployment.ps1 b/scripts/automation/Radius/Functions/Public/Start-RadiusDeployment.ps1
index 857e78924..215254998 100644
--- a/scripts/automation/Radius/Functions/Public/Start-RadiusDeployment.ps1
+++ b/scripts/automation/Radius/Functions/Public/Start-RadiusDeployment.ps1
@@ -1,45 +1,48 @@
-# Import Global Config:
-Write-Verbose 'Verifying JCAPI Key'
-if ($JCAPIKEY.length -ne 40) {
-    Connect-JCOnline -force
-}
-. "$psscriptroot/Config.ps1"
+function Start-RadiusDeployment {
 
-################################################################################
-# Do not modify below
-################################################################################
-# set script root
-#TODO: move to global functions
-$global:JCScriptRoot = $PSScriptRoot
+    # Import Global Config:
+    Write-Verbose 'Verifying JCAPI Key'
+    if ($JCAPIKEY.length -ne 40) {
+        Connect-JCOnline -force
+    }
+    . "$psscriptroot/Config.ps1"
+
+    ################################################################################
+    # Do not modify below
+    ################################################################################
+    # set script root
+    #TODO: move to global functions
+    # $global:JCScriptRoot = $PSScriptRoot
 
-# Import the functions
-Import-Module "$JCScriptRoot/JumpCloud.Radius.psm1" -DisableNameChecking -Force
+    # Import the functions
+    # Import-Module "$JCScriptRoot/JumpCloud.Radius.psm1" -DisableNameChecking -Force
 
-# Check for Module Updates
-Update-JCRModule
+    # Check for Module Updates
+    # Update-JCRModule
 
-# Show user selection
-do {
-    #Output-Certs
-    Show-RadiusMainMenu
-    $selection = Read-Host "Please make a selection"
-    switch ($selection) {
-        '1' {
-            Start-GenerateRootCert
-        } '2' {
-            Start-GenerateUserCerts
-        } '3' {
-            Start-DeployUserCerts
-        } '4' {
-            Start-MonitorCertDeployment
-        } '5' {
-            Get-JCRGlobalVars -force
-        } '8' {
-            Get-JCRGlobalVars -force -associateManually
-        } '9' {
-            $theUser = Read-Host "Enter the username of the user to manually update their association data"
-            Get-JCRGlobalVars -force -associationUsername $theUser
+    # Show user selection
+    do {
+        #Output-Certs
+        Show-RadiusMainMenu
+        $selection = Read-Host "Please make a selection"
+        switch ($selection) {
+            '1' {
+                Start-GenerateRootCert
+            } '2' {
+                Start-GenerateUserCerts
+            } '3' {
+                Start-DeployUserCerts
+            } '4' {
+                Start-MonitorCertDeployment
+            } '5' {
+                Get-JCRGlobalVars -force
+            } '8' {
+                Get-JCRGlobalVars -force -associateManually
+            } '9' {
+                $theUser = Read-Host "Enter the username of the user to manually update their association data"
+                Get-JCRGlobalVars -force -associationUsername $theUser
+            }
         }
-    }
-    Pause
-} until ($selection.ToUpper() -eq 'Q')
\ No newline at end of file
+        Pause
+    } until ($selection.ToUpper() -eq 'Q')
+}
\ No newline at end of file

From 94ab9790496de1da625745fab97272c1c047f082 Mon Sep 17 00:00:00 2001
From: Geoffrey Wein <geoffrey.wein@jumpcloud.com>
Date: Thu, 27 Mar 2025 11:04:53 -0600
Subject: [PATCH 188/346] new default config file

---
 .../Private/Settings/New-JCRSettingsFile.ps1  | 26 ++++++++++++++-----
 1 file changed, 19 insertions(+), 7 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Private/Settings/New-JCRSettingsFile.ps1 b/scripts/automation/Radius/Functions/Private/Settings/New-JCRSettingsFile.ps1
index 57785f0cf..ea812106b 100644
--- a/scripts/automation/Radius/Functions/Private/Settings/New-JCRSettingsFile.ps1
+++ b/scripts/automation/Radius/Functions/Private/Settings/New-JCRSettingsFile.ps1
@@ -11,21 +11,33 @@ function New-JCRSettingsFile {
     begin {
         # Config should be in /PowerShell/JumpCloudModule/Config.json
         $ModuleRoot = (Get-Item -Path:($global:JCScriptRoot))
-        $configFilePath = join-path -path $ModuleRoot -childpath 'settings.json'
-
+        $configFilePath = Join-Path -Path $ModuleRoot -ChildPath 'config.json'
+        $date = (Get-Date).ToUniversalTime()
     }
     process {
         # Define Default Settings for the Config file
-        $date = (Get-Date).ToUniversalTime()
         $config = @{
-            'globalVars' = @{
-                'lastUpdate' = @{value = $date; write = $true; copy = $true ;
-                }
+            'userGroup'                 = @{value = $null; write = $true; copy = $true }
+            'certSecretPass'            = @{value = $null; write = $true; copy = $true }
+            'userCertValidityDays'      = @{value = 365; write = $true; copy = $true }
+            'caCertValidityDays'        = @{value = 1095; write = $true; copy = $true }
+            'certExpirationWarningDays' = @{value = 15; write = $true; copy = $true }
+            'networkSSID'               = @{value = $null; write = $true; copy = $true }
+            'certSubjectHeaders'        = @{
+                'countryCode'      = @{value = $null; write = $true; copy = $true }
+                'stateCode'        = @{value = $null; write = $true; copy = $true }
+                'Locality'         = @{value = $null; write = $true; copy = $true }
+                'Organization'     = @{value = $null; write = $true; copy = $true }
+                'OrganizationUnit' = @{value = $null; write = $true; copy = $true }
+                'CommonName'       = @{value = $null; write = $true; copy = $true }
             }
+            'certType'                  = @{value = $null; write = $true; copy = $true }
+            'radiusDirectory'           = @{value = $null; write = $true; copy = $true }
+            'lastUpdate'                = @{value = $date; write = $true; copy = $true ;}
         }
     }
     end {
-        if ((test-path -Path $configFilePath) -And ($force)) {
+        if ((Test-Path -Path $configFilePath) -And ($force)) {
             $config | ConvertTo-Json | Out-File -FilePath $configFilePath
         } else {
             $config | ConvertTo-Json | Out-File -FilePath $configFilePath

From 775208923cc71624dc2e755c98054d7085b176a2 Mon Sep 17 00:00:00 2001
From: Geoffrey Wein <geoffrey.wein@jumpcloud.com>
Date: Thu, 27 Mar 2025 11:06:17 -0600
Subject: [PATCH 189/346] rename to JCRConfigFile

---
 .../Settings/{New-JCRSettingsFile.ps1 => New-JCRConfigFile.ps1} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename scripts/automation/Radius/Functions/Private/Settings/{New-JCRSettingsFile.ps1 => New-JCRConfigFile.ps1} (98%)

diff --git a/scripts/automation/Radius/Functions/Private/Settings/New-JCRSettingsFile.ps1 b/scripts/automation/Radius/Functions/Private/Settings/New-JCRConfigFile.ps1
similarity index 98%
rename from scripts/automation/Radius/Functions/Private/Settings/New-JCRSettingsFile.ps1
rename to scripts/automation/Radius/Functions/Private/Settings/New-JCRConfigFile.ps1
index ea812106b..0ef27b28b 100644
--- a/scripts/automation/Radius/Functions/Private/Settings/New-JCRSettingsFile.ps1
+++ b/scripts/automation/Radius/Functions/Private/Settings/New-JCRConfigFile.ps1
@@ -1,4 +1,4 @@
-function New-JCRSettingsFile {
+function New-JCRConfigFile {
     [CmdletBinding()]
     param (
         [Parameter(

From 76bbe6543f621ffbd3b8d3ecfa475087e0d0cda0 Mon Sep 17 00:00:00 2001
From: Geoffrey Wein <geoffrey.wein@jumpcloud.com>
Date: Thu, 27 Mar 2025 11:07:06 -0600
Subject: [PATCH 190/346] rename to JCRConfigFile

---
 .../{Get-JCRSettingsFile.ps1 => Get-JCRConfigFile.ps1}      | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)
 rename scripts/automation/Radius/Functions/Private/Settings/{Get-JCRSettingsFile.ps1 => Get-JCRConfigFile.ps1} (86%)

diff --git a/scripts/automation/Radius/Functions/Private/Settings/Get-JCRSettingsFile.ps1 b/scripts/automation/Radius/Functions/Private/Settings/Get-JCRConfigFile.ps1
similarity index 86%
rename from scripts/automation/Radius/Functions/Private/Settings/Get-JCRSettingsFile.ps1
rename to scripts/automation/Radius/Functions/Private/Settings/Get-JCRConfigFile.ps1
index 4dc3c78e0..36a09a594 100644
--- a/scripts/automation/Radius/Functions/Private/Settings/Get-JCRSettingsFile.ps1
+++ b/scripts/automation/Radius/Functions/Private/Settings/Get-JCRConfigFile.ps1
@@ -12,10 +12,10 @@ function Get-JCRSettingsFile {
     begin {
         # Config should be in /PowerShell/JumpCloudModule/Config.json
         $ModuleRoot = (Get-Item -Path:($global:JCScriptRoot))
-        $configFilePath = join-path -path $ModuleRoot -childpath 'settings.json'
+        $configFilePath = Join-Path -Path $ModuleRoot -ChildPath 'settings.json'
 
-        if (-Not (test-path -path $configFilePath)) {
-            write-host "write new settings file $configFilePath"
+        if (-Not (Test-Path -Path $configFilePath)) {
+            Write-Host "write new settings file $configFilePath"
             # Create new file with default settings
             New-JCRSettingsFile
         }

From ffe2c363b9b7216ca2277e716f9d448edd748121 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Thu, 27 Mar 2025 12:02:59 -0600
Subject: [PATCH 191/346] first pass at update tests

---
 .github/workflows/radius-module-ci.yml        |   6 +-
 .../Public/Module/Update-JCRModule.ps1        |  17 +--
 .../automation/Radius/JumpCloud.Radius.psd1   |   2 +-
 .../Public/Module/Update-JCRModule.Tests.ps1  | 132 ++++++++++++++++++
 4 files changed, 141 insertions(+), 16 deletions(-)
 create mode 100644 scripts/automation/Radius/Tests/Public/Module/Update-JCRModule.Tests.ps1

diff --git a/.github/workflows/radius-module-ci.yml b/.github/workflows/radius-module-ci.yml
index 9477414d2..e50281e9e 100644
--- a/.github/workflows/radius-module-ci.yml
+++ b/.github/workflows/radius-module-ci.yml
@@ -62,7 +62,7 @@ jobs:
           $env:RELEASE_TYPE |  Should -BeIn @('major','minor','patch','manual')
   Setup-Build-Dependancies:
     needs: ["Filter-Branch", "Check-PR-Labels", "Validate-Env-Variables"]
-    runs-on: macos-latest
+    runs-on: ubuntu-latest
     timeout-minutes: 10
     steps:
       - uses: actions/checkout@v4
@@ -109,7 +109,7 @@ jobs:
 
   Validate-Module:
     needs: ["Setup-Build-Dependancies", "Check-PR-Labels"]
-    runs-on: macos-latest
+    runs-on: ubuntu-latest
     timeout-minutes: 10
     steps:
       - uses: actions/checkout@v4
@@ -127,7 +127,7 @@ jobs:
           . "./scripts/automation/Radius/Tests/Invoke-Pester.ps1" -ModuleValidation
   Test-Module:
     needs: ["Setup-Build-Dependancies", "Check-PR-Labels", "Validate-Module"]
-    runs-on: macos-latest
+    runs-on: ubuntu-latest
     # environment: Test Radius CI
     timeout-minutes: 75
     strategy:
diff --git a/scripts/automation/Radius/Functions/Public/Module/Update-JCRModule.ps1 b/scripts/automation/Radius/Functions/Public/Module/Update-JCRModule.ps1
index 43c580a57..7e2061e0c 100644
--- a/scripts/automation/Radius/Functions/Public/Module/Update-JCRModule.ps1
+++ b/scripts/automation/Radius/Functions/Public/Module/Update-JCRModule.ps1
@@ -1,23 +1,17 @@
 function Update-JCRModule {
     [CmdletBinding()]
     param (
-        [Parameter(HelpMessage = 'ByPasses user prompts.')][Switch]$Force
+        [Parameter(HelpMessage = 'ByPasses user prompts.')][Switch]$Force,
+        [Parameter(HelpMessage = 'Set the PSRepository')][System.String]$Repository = 'PSGallery'
 
     )
     begin {
         # JumpCloud Module Name
         $ModuleName = 'JumpCloud.Radius'
-        # for testing allow swtich to change repo
-        $localPSRepo = $true
-        $repo = if ($localPSRepo) {
-            "localPSRepo"
-        } else {
-            "PSGallery"
-        }
     }
     process {
         # get the latest module
-        $latestModule = Find-Module -Name $ModuleName -Repository $repo
+        $latestModule = Find-Module -Name $ModuleName -Repository $Repository
         # get the currently installed module
         $currentModule = Get-InstalledModule -Name $ModuleName
 
@@ -37,8 +31,7 @@ function Update-JCRModule {
                 $UserInput = Read-Host
             }
             Until ($UserInput.ToUpper() -in ('Y', 'N'))
-        }
-        Else {
+        } Else {
             $UserInput = 'Y'
         }
 
@@ -52,7 +45,7 @@ function Update-JCRModule {
 
             # now, attempt to update the module
             try {
-                Update-Module -Name $ModuleName
+                Update-Module -Name $ModuleName -Force
             } catch {
                 Write-Error "Failed to update the module: $_"
             }
diff --git a/scripts/automation/Radius/JumpCloud.Radius.psd1 b/scripts/automation/Radius/JumpCloud.Radius.psd1
index 1eb8c426d..1922f13a4 100644
--- a/scripts/automation/Radius/JumpCloud.Radius.psd1
+++ b/scripts/automation/Radius/JumpCloud.Radius.psd1
@@ -70,7 +70,7 @@
 
     # Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export.
     FunctionsToExport = 'Start-DeployUserCerts', 'Start-GenerateRootCert',
-    'Start-GenerateUserCerts', 'Start-MonitorCertDeployment', 'Get-JCRGlobalVars', 'Get-JCRCertReport', 'Start-RadiusDeployment'
+    'Start-GenerateUserCerts', 'Start-MonitorCertDeployment', 'Get-JCRGlobalVars', 'Get-JCRCertReport', 'Start-RadiusDeployment', 'Update-JCRModule'
 
     # Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export.
     CmdletsToExport   = @()
diff --git a/scripts/automation/Radius/Tests/Public/Module/Update-JCRModule.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Module/Update-JCRModule.Tests.ps1
new file mode 100644
index 000000000..e1910b918
--- /dev/null
+++ b/scripts/automation/Radius/Tests/Public/Module/Update-JCRModule.Tests.ps1
@@ -0,0 +1,132 @@
+Describe 'Module Update' -Tag "Module" {
+    BeforeAll {
+        # local repo name:
+        $localRepoName = 'LocalPSRepo'
+        # get the registered repositories:
+        $repositories = Get-PSRepository
+        $localRepoPath = "~/$localRepoName"
+        if ($localRepoName -notin $repositories.Name) {
+            If (-not (Test-Path -Path $localRepoPath)) {
+                # create the local file share
+                New-Item -ItemType Directory -Path $localRepoPath -Force
+            }
+            $fullRepoPath = Resolve-Path $localRepoPath
+            # Register a file share on the local machine
+            $registerPSRepositorySplat = @{
+                Name                 = $localRepoName
+                SourceLocation       = $fullRepoPath.Path
+                ScriptSourceLocation = $fullRepoPath.Path
+                InstallationPolicy   = 'Trusted'
+            }
+            Register-PSRepository @registerPSRepositorySplat
+        } else {
+            Write-Host "LocalPSRepo already exists"
+        }
+        # get the local module path:
+        $localModulePath = $env:PSModulePath.split(':')[0]
+        # set the dev module path relative to this test:
+        $devModulePath = "$PSScriptRoot/../../../"
+        # module name
+        $moduleName = "JumpCloud.Radius"
+        # uninstall the module if it exists
+        $installedModule = Get-InstalledModule -Name $moduleName -AllVersions -ErrorAction SilentlyContinue
+        foreach ($module in $installedModule) {
+            Uninstall-Module -Name $module.Name -Force -RequiredVersion $module.version
+        }
+        # remove the modules from the local module path
+        $localNugetPkgs = Get-ChildItem -Path $localRepoPath -filter "$moduleName*.nupkg"
+        foreach ($pkg in $localNugetPkgs) {
+            Remove-Item -Path $pkg.FullName -Force
+        }
+
+        # module directory
+        $moduleDirectory = Join-Path $localModulePath $moduleName
+        # get the module version from the psd1 file
+        $psd1Path = Join-Path $devModulePath "JumpCloud.Radius.psd1"
+        $Psd1 = Import-PowerShellDataFile -Path:("$psd1Path")
+        $moduleVersion = $Psd1.ModuleVersion
+
+        # create the module directory within the local module path if it does not exist
+        if (-NOT (Test-Path -Path $moduleDirectory)) {
+            New-Item -Path $moduleDirectory -ItemType Directory
+        }
+        # create the version directory within the module directory if it does not exist
+        $versionDirectory = Join-Path $moduleDirectory $moduleVersion
+        # create the version directory within the module directory
+        if (-NOT (Test-Path -Path $versionDirectory)) {
+            New-Item -Path $versionDirectory -ItemType Directory
+            # Copy all the contents from the parent folder to the destination folder
+            Copy-Item -Path $devModulePath/* -Destination $versionDirectory -Recurse -Force -Exclude "Cert", "UserCerts", "images", "data", "users.json", "reports", "Tests", "deploy", "key.encrypted", "keyCert.encrypted", "log.txt", "changelog.md"
+            # Publish the module to the local Repo
+            Publish-Module -Name $moduleName -Repository $localRepoName -Force -RequiredVersion $moduleVersion
+        } else {
+            write-host "JumpCloud.Radius module v$ModuleVersion already exists"
+        }
+
+    }
+    Context 'Module can be installed from the local repo' {
+        It 'Install Module' {
+            # Install the module from the local repo
+            $installModuleSplat = @{
+                Name            = $moduleName
+                Repository      = $localRepoName
+                RequiredVersion = $moduleVersion
+                Force           = $true
+            }
+            Install-Module @installModuleSplat
+            # check that the module is installed:
+            $installedModule = Get-InstalledModule -Name $moduleName
+            $installedModule | Should -Not -BeNullOrEmpty
+            $installedModule.version | Should -Be $moduleVersion
+        }
+    }
+    Context 'When a new version of the module is available' {
+        BeforeAll {
+            # remove the module from the module directory
+            Remove-Item -Path $moduleDirectory -Recurse -Force
+            Install-Module -Name $moduleName -Repository $localRepoName -RequiredVersion $moduleVersion -Force
+
+            # update the module manifest version to simulate a new version
+            $newVersion = "$(([version]$moduleVersion).major).$(([version]$moduleVersion).minor).$(([version]$moduleVersion).build + 1)"
+            Update-ModuleManifest -Path $psd1Path -ModuleVersion $newVersion
+
+            # move the module to the local module path and publish it to the local repo
+            # create the module directory within the local module path if it does not exist
+            if (-NOT (Test-Path -Path $moduleDirectory)) {
+                New-Item -Path $moduleDirectory -ItemType Directory
+            }
+            # create the version directory within the module directory if it does not exist
+            $versionDirectory = Join-Path $moduleDirectory $newVersion
+            # create the version directory within the module directory
+            if (-NOT (Test-Path -Path $versionDirectory)) {
+                New-Item -Path $versionDirectory -ItemType Directory
+                # Copy all the contents from the parent folder to the destination folder
+                Copy-Item -Path $devModulePath/* -Destination $versionDirectory -Recurse -Force -Exclude "Cert", "UserCerts", "images", "data", "users.json", "reports", "Tests", "deploy", "key.encrypted", "keyCert.encrypted", "log.txt", "changelog.md"
+                # Publish the module to the local Repo
+                Publish-Module -Name $moduleName -Repository $localRepoName -Force -RequiredVersion $newVersion
+            } else {
+                write-host "JumpCloud.Radius module v$newVersion already exists"
+            }
+            # import the local module
+            Import-Module $psd1Path -Force
+        }
+        It 'Module can be updated from the local repo' {
+            # update the module from the local repo
+            Update-JCRModule -Force -Repository $localRepoName
+            # $updateModuleSplat = @{
+            #     Name            = $moduleName
+            #     RequiredVersion = $newVersion
+            #     Force           = $true
+            # }
+            # Update-Module @updateModuleSplat -ErrorAction Stop | Out-Null
+            # check that the module is updated:
+            $updatedModule = Get-InstalledModule -Name $moduleName
+            $updatedModule | Should -Not -BeNullOrEmpty
+            $updatedModule.version | Should -Be $newVersion
+        }
+    }
+    AfterAll {
+        # reset the module version
+        update-modulemanifest -Path $psd1Path -ModuleVersion $moduleVersion
+    }
+}
\ No newline at end of file

From e7d48750decacc883a80e3a1d6d30b9b5b8e504d Mon Sep 17 00:00:00 2001
From: Geoffrey Wein <geoffrey.wein@jumpcloud.com>
Date: Fri, 28 Mar 2025 09:08:08 -0600
Subject: [PATCH 192/346] re-organize files

---
 .../Get-JCRConfigFile.ps1                     | 23 ++++------
 .../Private/Config/New-JCRConfigFile.ps1      | 44 ++++++++++++++++++
 .../Private/Settings/New-JCRConfigFile.ps1    | 46 -------------------
 3 files changed, 54 insertions(+), 59 deletions(-)
 rename scripts/automation/Radius/Functions/Private/{Settings => Config}/Get-JCRConfigFile.ps1 (66%)
 create mode 100644 scripts/automation/Radius/Functions/Private/Config/New-JCRConfigFile.ps1
 delete mode 100644 scripts/automation/Radius/Functions/Private/Settings/New-JCRConfigFile.ps1

diff --git a/scripts/automation/Radius/Functions/Private/Settings/Get-JCRConfigFile.ps1 b/scripts/automation/Radius/Functions/Private/Config/Get-JCRConfigFile.ps1
similarity index 66%
rename from scripts/automation/Radius/Functions/Private/Settings/Get-JCRConfigFile.ps1
rename to scripts/automation/Radius/Functions/Private/Config/Get-JCRConfigFile.ps1
index 36a09a594..125ab58ea 100644
--- a/scripts/automation/Radius/Functions/Private/Settings/Get-JCRConfigFile.ps1
+++ b/scripts/automation/Radius/Functions/Private/Config/Get-JCRConfigFile.ps1
@@ -12,12 +12,12 @@ function Get-JCRSettingsFile {
     begin {
         # Config should be in /PowerShell/JumpCloudModule/Config.json
         $ModuleRoot = (Get-Item -Path:($global:JCScriptRoot))
-        $configFilePath = Join-Path -Path $ModuleRoot -ChildPath 'settings.json'
+        $configFilePath = Join-Path -Path $ModuleRoot -ChildPath 'config.json'
 
         if (-Not (Test-Path -Path $configFilePath)) {
             Write-Host "write new settings file $configFilePath"
             # Create new file with default settings
-            New-JCRSettingsFile
+            New-JCRConfigFile
         }
     }
 
@@ -27,19 +27,16 @@ function Get-JCRSettingsFile {
             $config = @{}
             foreach ($item in $rawConfig.psobject.Properties) {
                 # $config.$item
-                $config.Add($item.Name, @{})
-                foreach ($setting in $item.value.psobject.Properties) {
-                    # $setting
-                    $config.$($Item.Name).Add($setting.Name, $setting.value.value)
-                }
+
             }
-        } else {
-            # Get Contents
-            $config = Get-Content -Path $configFilePath | ConvertFrom-Json
         }
+    } else {
+        # Get Contents
+        $config = Get-Content -Path $configFilePath | ConvertFrom-Json
     }
+}
 
-    end {
-        return $config
-    }
+end {
+    return $config
 }
+
diff --git a/scripts/automation/Radius/Functions/Private/Config/New-JCRConfigFile.ps1 b/scripts/automation/Radius/Functions/Private/Config/New-JCRConfigFile.ps1
new file mode 100644
index 000000000..9079b7e31
--- /dev/null
+++ b/scripts/automation/Radius/Functions/Private/Config/New-JCRConfigFile.ps1
@@ -0,0 +1,44 @@
+function New-JCRConfigFile {
+    [CmdletBinding()]
+    param (
+        [Parameter(
+            HelpMessage = 'To Force Re-Creation of the Config file, set the $force parameter to $true'
+        )]
+        [switch]
+        $force
+    )
+
+    begin {
+        # Config should be in /PowerShell/JumpCloudModule/Config.json
+        $ModuleRoot = (Get-Item -Path:($global:JCScriptRoot))
+        $configFilePath = Join-Path -Path $ModuleRoot -ChildPath 'config.json'
+        $date = (Get-Date).ToUniversalTime()
+    }
+    process {
+        # Define Default Settings for the Config file
+        $config = @{
+            'userGroup'                         = @{value = $null; write = $true; copy = $true }
+            'certSecretPass'                    = @{value = $null; write = $true; copy = $true }
+            'userCertValidityDays'              = @{value = 365; write = $true; copy = $true }
+            'caCertValidityDays'                = @{value = 1095; write = $true; copy = $true }
+            'certExpirationWarningDays'         = @{value = 15; write = $true; copy = $true }
+            'networkSSID'                       = @{value = $null; write = $true; copy = $true }
+            'certSubjectHeaderCountryCode'      = @{value = $null; write = $true; copy = $true }
+            'certSubjectHeaderStateCode'        = @{value = $null; write = $true; copy = $true }
+            'certSubjectHeaderLocality'         = @{value = $null; write = $true; copy = $true }
+            'certSubjectHeaderOrganization'     = @{value = $null; write = $true; copy = $true }
+            'certSubjectHeaderOrganizationUnit' = @{value = $null; write = $true; copy = $true }
+            'certSubjectHeaderCommonName'       = @{value = $null; write = $true; copy = $true }
+            'certType'                          = @{value = $null; write = $true; copy = $true }
+            'radiusDirectory'                   = @{value = $null; write = $true; copy = $true }
+            'lastUpdate'                        = @{value = $date; write = $true; copy = $true ;}
+        }
+    }
+    end {
+        if ((Test-Path -Path $configFilePath) -And ($force)) {
+            $config | ConvertTo-Json | Out-File -FilePath $configFilePath
+        } else {
+            $config | ConvertTo-Json | Out-File -FilePath $configFilePath
+        }
+    }
+}
diff --git a/scripts/automation/Radius/Functions/Private/Settings/New-JCRConfigFile.ps1 b/scripts/automation/Radius/Functions/Private/Settings/New-JCRConfigFile.ps1
deleted file mode 100644
index 0ef27b28b..000000000
--- a/scripts/automation/Radius/Functions/Private/Settings/New-JCRConfigFile.ps1
+++ /dev/null
@@ -1,46 +0,0 @@
-function New-JCRConfigFile {
-    [CmdletBinding()]
-    param (
-        [Parameter(
-            HelpMessage = 'To Force Re-Creation of the Config file, set the $force parameter to $true'
-        )]
-        [switch]
-        $force
-    )
-
-    begin {
-        # Config should be in /PowerShell/JumpCloudModule/Config.json
-        $ModuleRoot = (Get-Item -Path:($global:JCScriptRoot))
-        $configFilePath = Join-Path -Path $ModuleRoot -ChildPath 'config.json'
-        $date = (Get-Date).ToUniversalTime()
-    }
-    process {
-        # Define Default Settings for the Config file
-        $config = @{
-            'userGroup'                 = @{value = $null; write = $true; copy = $true }
-            'certSecretPass'            = @{value = $null; write = $true; copy = $true }
-            'userCertValidityDays'      = @{value = 365; write = $true; copy = $true }
-            'caCertValidityDays'        = @{value = 1095; write = $true; copy = $true }
-            'certExpirationWarningDays' = @{value = 15; write = $true; copy = $true }
-            'networkSSID'               = @{value = $null; write = $true; copy = $true }
-            'certSubjectHeaders'        = @{
-                'countryCode'      = @{value = $null; write = $true; copy = $true }
-                'stateCode'        = @{value = $null; write = $true; copy = $true }
-                'Locality'         = @{value = $null; write = $true; copy = $true }
-                'Organization'     = @{value = $null; write = $true; copy = $true }
-                'OrganizationUnit' = @{value = $null; write = $true; copy = $true }
-                'CommonName'       = @{value = $null; write = $true; copy = $true }
-            }
-            'certType'                  = @{value = $null; write = $true; copy = $true }
-            'radiusDirectory'           = @{value = $null; write = $true; copy = $true }
-            'lastUpdate'                = @{value = $date; write = $true; copy = $true ;}
-        }
-    }
-    end {
-        if ((Test-Path -Path $configFilePath) -And ($force)) {
-            $config | ConvertTo-Json | Out-File -FilePath $configFilePath
-        } else {
-            $config | ConvertTo-Json | Out-File -FilePath $configFilePath
-        }
-    }
-}

From ddb9938c7ff3332b8aed3814f5d506d208e637fb Mon Sep 17 00:00:00 2001
From: Geoffrey Wein <geoffrey.wein@jumpcloud.com>
Date: Fri, 28 Mar 2025 09:08:51 -0600
Subject: [PATCH 193/346] delete unneeded file

---
 .../Private/Config/New-JCRadiusConfig.ps1     | 25 -------------------
 1 file changed, 25 deletions(-)
 delete mode 100644 scripts/automation/Radius/Functions/Private/Config/New-JCRadiusConfig.ps1

diff --git a/scripts/automation/Radius/Functions/Private/Config/New-JCRadiusConfig.ps1 b/scripts/automation/Radius/Functions/Private/Config/New-JCRadiusConfig.ps1
deleted file mode 100644
index fa0252751..000000000
--- a/scripts/automation/Radius/Functions/Private/Config/New-JCRadiusConfig.ps1
+++ /dev/null
@@ -1,25 +0,0 @@
-function New-JCRadiusConfig {
-    [CmdletBinding()]
-    param()
-
-    $ModulePath = "$env:PSModulePath/JCRadius"
-    $ConfigFilePath = "$ModulePath/config.json"
-
-    if (-not (Test-Path -Path $ConfigFilePath)) {
-        try {
-            # Create the directory if it doesn't exist
-            if (-not (Test-Path -Path $ModulePath)) {
-                New-Item -ItemType Directory -Path $ModulePath -Force | Out-Null
-            }
-
-            # Create the blank JSON file
-            @{} | ConvertTo-Json | Out-File -FilePath $ConfigFilePath -Force
-
-            Write-Verbose "[status] Created blank config.json at $ConfigFilePath"
-        } catch {
-            Write-Error "[error] Failed to create config.json: $($_.Exception.Message)"
-        }
-    } else {
-        Write-Verbose "[status] config.json already exists at $ConfigFilePath"
-    }
-}
\ No newline at end of file

From 644a6b6cc2099cb6eb5d57c9fcf1a0c2d31ec415 Mon Sep 17 00:00:00 2001
From: Geoffrey Wein <geoffrey.wein@jumpcloud.com>
Date: Fri, 28 Mar 2025 09:44:24 -0600
Subject: [PATCH 194/346] fix path

---
 .../Private/Config/Get-JCRConfigFile.ps1      | 21 +++++++++++--------
 .../Private/Config/New-JCRConfigFile.ps1      |  2 +-
 2 files changed, 13 insertions(+), 10 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Private/Config/Get-JCRConfigFile.ps1 b/scripts/automation/Radius/Functions/Private/Config/Get-JCRConfigFile.ps1
index 125ab58ea..ff984b058 100644
--- a/scripts/automation/Radius/Functions/Private/Config/Get-JCRConfigFile.ps1
+++ b/scripts/automation/Radius/Functions/Private/Config/Get-JCRConfigFile.ps1
@@ -11,7 +11,7 @@ function Get-JCRSettingsFile {
 
     begin {
         # Config should be in /PowerShell/JumpCloudModule/Config.json
-        $ModuleRoot = (Get-Item -Path:($global:JCScriptRoot))
+        $ModuleRoot = (Get-Item -Path:($PSScriptRoot)).Parent.Parent.FullName
         $configFilePath = Join-Path -Path $ModuleRoot -ChildPath 'config.json'
 
         if (-Not (Test-Path -Path $configFilePath)) {
@@ -27,16 +27,19 @@ function Get-JCRSettingsFile {
             $config = @{}
             foreach ($item in $rawConfig.psobject.Properties) {
                 # $config.$item
-
+                $config.Add($item.Name, @{})
+                foreach ($setting in $item.value.psobject.Properties) {
+                    # $setting
+                    $config.$($Item.Name).Add($setting.Name, $setting.value.value)
+                }
             }
+        } else {
+            # Get Contents
+            $config = Get-Content -Path $configFilePath | ConvertFrom-Json
         }
-    } else {
-        # Get Contents
-        $config = Get-Content -Path $configFilePath | ConvertFrom-Json
     }
-}
 
-end {
-    return $config
+    end {
+        return $config
+    }
 }
-
diff --git a/scripts/automation/Radius/Functions/Private/Config/New-JCRConfigFile.ps1 b/scripts/automation/Radius/Functions/Private/Config/New-JCRConfigFile.ps1
index 9079b7e31..e494ac697 100644
--- a/scripts/automation/Radius/Functions/Private/Config/New-JCRConfigFile.ps1
+++ b/scripts/automation/Radius/Functions/Private/Config/New-JCRConfigFile.ps1
@@ -10,7 +10,7 @@ function New-JCRConfigFile {
 
     begin {
         # Config should be in /PowerShell/JumpCloudModule/Config.json
-        $ModuleRoot = (Get-Item -Path:($global:JCScriptRoot))
+        $ModuleRoot = (Get-Item -Path:($PSScriptRoot)).Parent.Parent.FullName
         $configFilePath = Join-Path -Path $ModuleRoot -ChildPath 'config.json'
         $date = (Get-Date).ToUniversalTime()
     }

From a6fb4f51d295e7e5fe9cce160e6d67aa21cec5fb Mon Sep 17 00:00:00 2001
From: Geoffrey Wein <geoffrey.wein@jumpcloud.com>
Date: Fri, 28 Mar 2025 09:45:41 -0600
Subject: [PATCH 195/346] nest config variables in globalvar

---
 .../Private/Config/New-JCRConfigFile.ps1      | 32 ++++++++++---------
 1 file changed, 17 insertions(+), 15 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Private/Config/New-JCRConfigFile.ps1 b/scripts/automation/Radius/Functions/Private/Config/New-JCRConfigFile.ps1
index e494ac697..e8aaceafb 100644
--- a/scripts/automation/Radius/Functions/Private/Config/New-JCRConfigFile.ps1
+++ b/scripts/automation/Radius/Functions/Private/Config/New-JCRConfigFile.ps1
@@ -17,21 +17,23 @@ function New-JCRConfigFile {
     process {
         # Define Default Settings for the Config file
         $config = @{
-            'userGroup'                         = @{value = $null; write = $true; copy = $true }
-            'certSecretPass'                    = @{value = $null; write = $true; copy = $true }
-            'userCertValidityDays'              = @{value = 365; write = $true; copy = $true }
-            'caCertValidityDays'                = @{value = 1095; write = $true; copy = $true }
-            'certExpirationWarningDays'         = @{value = 15; write = $true; copy = $true }
-            'networkSSID'                       = @{value = $null; write = $true; copy = $true }
-            'certSubjectHeaderCountryCode'      = @{value = $null; write = $true; copy = $true }
-            'certSubjectHeaderStateCode'        = @{value = $null; write = $true; copy = $true }
-            'certSubjectHeaderLocality'         = @{value = $null; write = $true; copy = $true }
-            'certSubjectHeaderOrganization'     = @{value = $null; write = $true; copy = $true }
-            'certSubjectHeaderOrganizationUnit' = @{value = $null; write = $true; copy = $true }
-            'certSubjectHeaderCommonName'       = @{value = $null; write = $true; copy = $true }
-            'certType'                          = @{value = $null; write = $true; copy = $true }
-            'radiusDirectory'                   = @{value = $null; write = $true; copy = $true }
-            'lastUpdate'                        = @{value = $date; write = $true; copy = $true ;}
+            "globalVars" = @{
+                'userGroup'                         = @{value = $null; write = $true; copy = $true }
+                'certSecretPass'                    = @{value = $null; write = $true; copy = $true }
+                'userCertValidityDays'              = @{value = 365; write = $true; copy = $true }
+                'caCertValidityDays'                = @{value = 1095; write = $true; copy = $true }
+                'certExpirationWarningDays'         = @{value = 15; write = $true; copy = $true }
+                'networkSSID'                       = @{value = $null; write = $true; copy = $true }
+                'certSubjectHeaderCountryCode'      = @{value = $null; write = $true; copy = $true }
+                'certSubjectHeaderStateCode'        = @{value = $null; write = $true; copy = $true }
+                'certSubjectHeaderLocality'         = @{value = $null; write = $true; copy = $true }
+                'certSubjectHeaderOrganization'     = @{value = $null; write = $true; copy = $true }
+                'certSubjectHeaderOrganizationUnit' = @{value = $null; write = $true; copy = $true }
+                'certSubjectHeaderCommonName'       = @{value = $null; write = $true; copy = $true }
+                'certType'                          = @{value = $null; write = $true; copy = $true }
+                'radiusDirectory'                   = @{value = $null; write = $true; copy = $true }
+                'lastUpdate'                        = @{value = $date; write = $true; copy = $true ;}
+            }
         }
     }
     end {

From 97639cd6a3f18d254827e3181bccb0b2725a8153 Mon Sep 17 00:00:00 2001
From: Geoffrey Wein <geoffrey.wein@jumpcloud.com>
Date: Fri, 28 Mar 2025 09:49:24 -0600
Subject: [PATCH 196/346] lastUpdate not writable

---
 .../Radius/Functions/Private/Config/New-JCRConfigFile.ps1       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/automation/Radius/Functions/Private/Config/New-JCRConfigFile.ps1 b/scripts/automation/Radius/Functions/Private/Config/New-JCRConfigFile.ps1
index e8aaceafb..559d8f115 100644
--- a/scripts/automation/Radius/Functions/Private/Config/New-JCRConfigFile.ps1
+++ b/scripts/automation/Radius/Functions/Private/Config/New-JCRConfigFile.ps1
@@ -32,7 +32,7 @@ function New-JCRConfigFile {
                 'certSubjectHeaderCommonName'       = @{value = $null; write = $true; copy = $true }
                 'certType'                          = @{value = $null; write = $true; copy = $true }
                 'radiusDirectory'                   = @{value = $null; write = $true; copy = $true }
-                'lastUpdate'                        = @{value = $date; write = $true; copy = $true ;}
+                'lastUpdate'                        = @{value = $date; write = $false; copy = $true ;}
             }
         }
     }

From df37a3a2e739cc3bf2f3565c82aa54c8bf13bab3 Mon Sep 17 00:00:00 2001
From: Geoffrey Wein <geoffrey.wein@jumpcloud.com>
Date: Fri, 28 Mar 2025 09:49:29 -0600
Subject: [PATCH 197/346] Create Set-JCRConfigFile.ps1

---
 .../Public/Config/Set-JCRConfigFile.ps1       | 91 +++++++++++++++++++
 1 file changed, 91 insertions(+)
 create mode 100644 scripts/automation/Radius/Functions/Public/Config/Set-JCRConfigFile.ps1

diff --git a/scripts/automation/Radius/Functions/Public/Config/Set-JCRConfigFile.ps1 b/scripts/automation/Radius/Functions/Public/Config/Set-JCRConfigFile.ps1
new file mode 100644
index 000000000..27363e9ea
--- /dev/null
+++ b/scripts/automation/Radius/Functions/Public/Config/Set-JCRConfigFile.ps1
@@ -0,0 +1,91 @@
+function Set-JCRConfigFile {
+    [CmdletBinding()]
+    param (
+    )
+    DynamicParam {
+        $ModuleRoot = (Get-Item -Path:($PSScriptRoot)).Parent.Parent.FullName
+        $configFilePath = Join-Path -Path $ModuleRoot -ChildPath 'Config.json'
+
+        if (Test-Path -Path $configFilePath) {
+            $config = Get-Content -Path $configFilePath | ConvertFrom-Json
+            # Create the dictionary
+            $RuntimeParameterDictionary = New-Object System.Management.Automation.RuntimeDefinedParameterDictionary
+            # Foreach key in the supplied config file:
+            foreach ($key in $config.PSObject.Properties) {
+                foreach ($item in $config.($key.Name).PSObject.Properties) {
+                    # Skip create dynamic params for these not-writable properties:
+                    if (($config.($key.Name).($item.Name).Write -eq $false)) {
+                        continue
+                    }
+                    # Set the dynamic parameters' name
+                    # write-host "adding dynamic param: $key$($item) $($config[$key][$item]['value'].getType().Name)"
+                    $ParamName_Filter = "$($key.Name)$($item.Name)"
+                    # Create the collection of attributes
+                    $AttributeCollection = New-Object System.Collections.ObjectModel.Collection[System.Attribute]
+                    # If ValidateSet is specificed in the config file, set the value here:
+                    if ($config.($key.Name).($item.Name).validateSet) {
+                        $arrSet = @($($config.($key.Name).($item.Name).'validateSet').split())
+                        $ValidateSetAttribute = New-Object System.Management.Automation.ValidateSetAttribute($arrSet)
+                        $AttributeCollection.Add($ValidateSetAttribute)
+                    }
+                    # If the type of value is a bool, create a custom validateSet attribute here:
+                    $paramType = $($config.($key.Name).($item.Name)).getType().Name
+                    if ($paramType -eq 'boolean') {
+                        $arrSet = @("true", "false")
+                        $ValidateSetAttribute = New-Object System.Management.Automation.ValidateSetAttribute($arrSet)
+                        $AttributeCollection.Add($ValidateSetAttribute)
+                    }
+                    # Create and set the parameters' attributes
+                    $ParameterAttribute = New-Object System.Management.Automation.ParameterAttribute
+                    $ParameterAttribute.Mandatory = $false
+                    $ParameterAttribute.HelpMessage = "sets the $($item) settings for the $($key) feature"
+                    # Add the attributes to the attributes collection
+                    $AttributeCollection.Add($ParameterAttribute)
+                    # Add the param
+                    $RuntimeParameter = New-Object System.Management.Automation.RuntimeDefinedParameter($ParamName_Filter, $paramType, $AttributeCollection)
+                    $RuntimeParameterDictionary.Add($ParamName_Filter, $RuntimeParameter)
+                }
+            }
+            # Returns the dictionary
+            return $RuntimeParameterDictionary
+        }
+    }
+    begin {
+        if ($JCAPIKEY.length -ne 40) {
+            Connect-JCOnline -force | Out-Null
+        }
+
+        # Config should be in /PowerShell/JumpCloudModule/Config.json
+        $ModuleRoot = (Get-Item -Path:($PSScriptRoot)).Parent.Parent.FullName
+        $configFilePath = Join-Path -Path $ModuleRoot -ChildPath 'Config.json'
+
+        if (Test-Path -Path $configFilePath) {
+            $config = Get-Content -Path $configFilePath | ConvertFrom-Json
+        } else {
+            New-JCRConfigFile
+            $config = Get-Content -Path $configFilePath | ConvertFrom-Json
+        }
+    }
+
+    process {
+        $params = $PSBoundParameters
+        # update config settings
+        foreach ($param in $params.Keys) {
+            foreach ($key in $config.PSObject.Properties) {
+                if ($param -match $key.Name) {
+                    # Split the name
+                    $ParamKey = $param -split $key.Name
+                    # assign the first group
+                    $config.($($key.Name)).($paramKey[1]).value = $params[$param]
+                }
+            }
+        }
+    }
+
+    end {
+        # Write out the new settings
+        $config | ConvertTo-Json | Out-File -FilePath $configFilePath
+        # Update Global Variable
+        $Global:JCConfig = Get-JCSettingsFile
+    }
+}
\ No newline at end of file

From 0c0b550fdbb5dc482a8b358e67891589895d3f4e Mon Sep 17 00:00:00 2001
From: Geoffrey Wein <geoffrey.wein@jumpcloud.com>
Date: Fri, 28 Mar 2025 09:50:30 -0600
Subject: [PATCH 198/346] set global jcconfig variable

---
 .../Radius/Functions/Public/Config/Set-JCRConfigFile.ps1        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/automation/Radius/Functions/Public/Config/Set-JCRConfigFile.ps1 b/scripts/automation/Radius/Functions/Public/Config/Set-JCRConfigFile.ps1
index 27363e9ea..ba67af56c 100644
--- a/scripts/automation/Radius/Functions/Public/Config/Set-JCRConfigFile.ps1
+++ b/scripts/automation/Radius/Functions/Public/Config/Set-JCRConfigFile.ps1
@@ -86,6 +86,6 @@ function Set-JCRConfigFile {
         # Write out the new settings
         $config | ConvertTo-Json | Out-File -FilePath $configFilePath
         # Update Global Variable
-        $Global:JCConfig = Get-JCSettingsFile
+        $Global:JCConfig = Get-JCRConfigFile
     }
 }
\ No newline at end of file

From 7376ea82626b3c6b1995948e5e2347bcbc0c5fe3 Mon Sep 17 00:00:00 2001
From: Geoffrey Wein <geoffrey.wein@jumpcloud.com>
Date: Fri, 28 Mar 2025 09:51:10 -0600
Subject: [PATCH 199/346] remove unneeded semicolon

---
 .../Radius/Functions/Private/Config/New-JCRConfigFile.ps1       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/automation/Radius/Functions/Private/Config/New-JCRConfigFile.ps1 b/scripts/automation/Radius/Functions/Private/Config/New-JCRConfigFile.ps1
index 559d8f115..743f4205e 100644
--- a/scripts/automation/Radius/Functions/Private/Config/New-JCRConfigFile.ps1
+++ b/scripts/automation/Radius/Functions/Private/Config/New-JCRConfigFile.ps1
@@ -32,7 +32,7 @@ function New-JCRConfigFile {
                 'certSubjectHeaderCommonName'       = @{value = $null; write = $true; copy = $true }
                 'certType'                          = @{value = $null; write = $true; copy = $true }
                 'radiusDirectory'                   = @{value = $null; write = $true; copy = $true }
-                'lastUpdate'                        = @{value = $date; write = $false; copy = $true ;}
+                'lastUpdate'                        = @{value = $date; write = $false; copy = $true }
             }
         }
     }

From 91a402f2ea76561c170af1fcaed75a485374a2df Mon Sep 17 00:00:00 2001
From: Geoffrey Wein <geoffrey.wein@jumpcloud.com>
Date: Fri, 28 Mar 2025 10:46:03 -0600
Subject: [PATCH 200/346] incorrect function name

---
 .../Radius/Functions/Private/Config/Get-JCRConfigFile.ps1      | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Private/Config/Get-JCRConfigFile.ps1 b/scripts/automation/Radius/Functions/Private/Config/Get-JCRConfigFile.ps1
index ff984b058..e72d8d965 100644
--- a/scripts/automation/Radius/Functions/Private/Config/Get-JCRConfigFile.ps1
+++ b/scripts/automation/Radius/Functions/Private/Config/Get-JCRConfigFile.ps1
@@ -1,4 +1,4 @@
-function Get-JCRSettingsFile {
+function Get-JCRConfigFile {
     [CmdletBinding()]
     param (
         [Parameter(
@@ -38,7 +38,6 @@ function Get-JCRSettingsFile {
             $config = Get-Content -Path $configFilePath | ConvertFrom-Json
         }
     }
-
     end {
         return $config
     }

From faae9097993493367f5e925b43758b0ae99e790b Mon Sep 17 00:00:00 2001
From: Geoffrey Wein <geoffrey.wein@jumpcloud.com>
Date: Fri, 28 Mar 2025 11:10:04 -0600
Subject: [PATCH 201/346] flatten return object

---
 .../Radius/Functions/Private/Config/Get-JCRConfigFile.ps1       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/automation/Radius/Functions/Private/Config/Get-JCRConfigFile.ps1 b/scripts/automation/Radius/Functions/Private/Config/Get-JCRConfigFile.ps1
index e72d8d965..ce9b32975 100644
--- a/scripts/automation/Radius/Functions/Private/Config/Get-JCRConfigFile.ps1
+++ b/scripts/automation/Radius/Functions/Private/Config/Get-JCRConfigFile.ps1
@@ -39,6 +39,6 @@ function Get-JCRConfigFile {
         }
     }
     end {
-        return $config
+        return $config.globalVars
     }
 }

From b2a6fb0c30647fb3d7ea5bb58ff7a2b51138a698 Mon Sep 17 00:00:00 2001
From: Geoffrey Wein <geoffrey.wein@jumpcloud.com>
Date: Fri, 28 Mar 2025 11:10:20 -0600
Subject: [PATCH 202/346] remove key name lookups

---
 .../Functions/Public/Config/Set-JCRConfigFile.ps1      | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Public/Config/Set-JCRConfigFile.ps1 b/scripts/automation/Radius/Functions/Public/Config/Set-JCRConfigFile.ps1
index ba67af56c..2b153714c 100644
--- a/scripts/automation/Radius/Functions/Public/Config/Set-JCRConfigFile.ps1
+++ b/scripts/automation/Radius/Functions/Public/Config/Set-JCRConfigFile.ps1
@@ -19,7 +19,7 @@ function Set-JCRConfigFile {
                     }
                     # Set the dynamic parameters' name
                     # write-host "adding dynamic param: $key$($item) $($config[$key][$item]['value'].getType().Name)"
-                    $ParamName_Filter = "$($key.Name)$($item.Name)"
+                    $ParamName_Filter = "$($item.Name)"
                     # Create the collection of attributes
                     $AttributeCollection = New-Object System.Collections.ObjectModel.Collection[System.Attribute]
                     # If ValidateSet is specificed in the config file, set the value here:
@@ -72,12 +72,8 @@ function Set-JCRConfigFile {
         # update config settings
         foreach ($param in $params.Keys) {
             foreach ($key in $config.PSObject.Properties) {
-                if ($param -match $key.Name) {
-                    # Split the name
-                    $ParamKey = $param -split $key.Name
-                    # assign the first group
-                    $config.($($key.Name)).($paramKey[1]).value = $params[$param]
-                }
+                # assign the first group
+                $config.($($key.Name)).$param.value = $params[$param]
             }
         }
     }

From aeb5522733ffd4f6475b119112cc862eba60e3b5 Mon Sep 17 00:00:00 2001
From: Geoffrey Wein <geoffrey.wein@jumpcloud.com>
Date: Mon, 31 Mar 2025 10:22:45 -0600
Subject: [PATCH 203/346] add required property

---
 .../Private/Config/New-JCRConfigFile.ps1      | 30 +++++++++----------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Private/Config/New-JCRConfigFile.ps1 b/scripts/automation/Radius/Functions/Private/Config/New-JCRConfigFile.ps1
index 743f4205e..fcd68ee63 100644
--- a/scripts/automation/Radius/Functions/Private/Config/New-JCRConfigFile.ps1
+++ b/scripts/automation/Radius/Functions/Private/Config/New-JCRConfigFile.ps1
@@ -18,21 +18,21 @@ function New-JCRConfigFile {
         # Define Default Settings for the Config file
         $config = @{
             "globalVars" = @{
-                'userGroup'                         = @{value = $null; write = $true; copy = $true }
-                'certSecretPass'                    = @{value = $null; write = $true; copy = $true }
-                'userCertValidityDays'              = @{value = 365; write = $true; copy = $true }
-                'caCertValidityDays'                = @{value = 1095; write = $true; copy = $true }
-                'certExpirationWarningDays'         = @{value = 15; write = $true; copy = $true }
-                'networkSSID'                       = @{value = $null; write = $true; copy = $true }
-                'certSubjectHeaderCountryCode'      = @{value = $null; write = $true; copy = $true }
-                'certSubjectHeaderStateCode'        = @{value = $null; write = $true; copy = $true }
-                'certSubjectHeaderLocality'         = @{value = $null; write = $true; copy = $true }
-                'certSubjectHeaderOrganization'     = @{value = $null; write = $true; copy = $true }
-                'certSubjectHeaderOrganizationUnit' = @{value = $null; write = $true; copy = $true }
-                'certSubjectHeaderCommonName'       = @{value = $null; write = $true; copy = $true }
-                'certType'                          = @{value = $null; write = $true; copy = $true }
-                'radiusDirectory'                   = @{value = $null; write = $true; copy = $true }
-                'lastUpdate'                        = @{value = $date; write = $false; copy = $true }
+                'userGroup'                         = @{value = $null; write = $true; copy = $true; required = $true }
+                'certSecretPass'                    = @{value = $null; write = $true; copy = $true; required = $true }
+                'userCertValidityDays'              = @{value = 365; write = $true; copy = $true; required = $true }
+                'caCertValidityDays'                = @{value = 1095; write = $true; copy = $true; required = $true }
+                'certExpirationWarningDays'         = @{value = 15; write = $true; copy = $true; required = $true }
+                'networkSSID'                       = @{value = $null; write = $true; copy = $true; required = $true }
+                'certSubjectHeaderCountryCode'      = @{value = $null; write = $true; copy = $true; required = $true }
+                'certSubjectHeaderStateCode'        = @{value = $null; write = $true; copy = $true; required = $true }
+                'certSubjectHeaderLocality'         = @{value = $null; write = $true; copy = $true; required = $true }
+                'certSubjectHeaderOrganization'     = @{value = $null; write = $true; copy = $true; required = $true }
+                'certSubjectHeaderOrganizationUnit' = @{value = $null; write = $true; copy = $true; required = $true }
+                'certSubjectHeaderCommonName'       = @{value = $null; write = $true; copy = $true; required = $true }
+                'certType'                          = @{value = $null; write = $true; copy = $true; required = $true }
+                'radiusDirectory'                   = @{value = $null; write = $true; copy = $true; required = $true }
+                'lastUpdate'                        = @{value = $date; write = $false; copy = $true; required = $false }
             }
         }
     }

From 14edb158ee5b278c4b9fde965af0c6538d2c1a76 Mon Sep 17 00:00:00 2001
From: Geoffrey Wein <geoffrey.wein@jumpcloud.com>
Date: Mon, 31 Mar 2025 10:25:50 -0600
Subject: [PATCH 204/346] fix return object with -raw param

---
 .../Radius/Functions/Private/Config/Get-JCRConfigFile.ps1      | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/scripts/automation/Radius/Functions/Private/Config/Get-JCRConfigFile.ps1 b/scripts/automation/Radius/Functions/Private/Config/Get-JCRConfigFile.ps1
index ce9b32975..b87002ed7 100644
--- a/scripts/automation/Radius/Functions/Private/Config/Get-JCRConfigFile.ps1
+++ b/scripts/automation/Radius/Functions/Private/Config/Get-JCRConfigFile.ps1
@@ -36,9 +36,10 @@ function Get-JCRConfigFile {
         } else {
             # Get Contents
             $config = Get-Content -Path $configFilePath | ConvertFrom-Json
+            $config = $config.globalVars
         }
     }
     end {
-        return $config.globalVars
+        return $config
     }
 }

From 3392f8d4b935ff6fc672a39ef43708a7ddc47a03 Mon Sep 17 00:00:00 2001
From: Geoffrey Wein <geoffrey.wein@jumpcloud.com>
Date: Mon, 31 Mar 2025 11:17:18 -0600
Subject: [PATCH 205/346] add placeholder property

---
 .../Private/Config/New-JCRConfigFile.ps1      | 30 +++++++++----------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Private/Config/New-JCRConfigFile.ps1 b/scripts/automation/Radius/Functions/Private/Config/New-JCRConfigFile.ps1
index fcd68ee63..7e90f06e9 100644
--- a/scripts/automation/Radius/Functions/Private/Config/New-JCRConfigFile.ps1
+++ b/scripts/automation/Radius/Functions/Private/Config/New-JCRConfigFile.ps1
@@ -18,21 +18,21 @@ function New-JCRConfigFile {
         # Define Default Settings for the Config file
         $config = @{
             "globalVars" = @{
-                'userGroup'                         = @{value = $null; write = $true; copy = $true; required = $true }
-                'certSecretPass'                    = @{value = $null; write = $true; copy = $true; required = $true }
-                'userCertValidityDays'              = @{value = 365; write = $true; copy = $true; required = $true }
-                'caCertValidityDays'                = @{value = 1095; write = $true; copy = $true; required = $true }
-                'certExpirationWarningDays'         = @{value = 15; write = $true; copy = $true; required = $true }
-                'networkSSID'                       = @{value = $null; write = $true; copy = $true; required = $true }
-                'certSubjectHeaderCountryCode'      = @{value = $null; write = $true; copy = $true; required = $true }
-                'certSubjectHeaderStateCode'        = @{value = $null; write = $true; copy = $true; required = $true }
-                'certSubjectHeaderLocality'         = @{value = $null; write = $true; copy = $true; required = $true }
-                'certSubjectHeaderOrganization'     = @{value = $null; write = $true; copy = $true; required = $true }
-                'certSubjectHeaderOrganizationUnit' = @{value = $null; write = $true; copy = $true; required = $true }
-                'certSubjectHeaderCommonName'       = @{value = $null; write = $true; copy = $true; required = $true }
-                'certType'                          = @{value = $null; write = $true; copy = $true; required = $true }
-                'radiusDirectory'                   = @{value = $null; write = $true; copy = $true; required = $true }
-                'lastUpdate'                        = @{value = $date; write = $false; copy = $true; required = $false }
+                'userGroup'                         = @{value = $null; write = $true; copy = $true; required = $true; placeholder = '<UserGroupID>' }
+                'certSecretPass'                    = @{value = $null; write = $true; copy = $true; required = $true; placeholder = '<CertPassword>' }
+                'userCertValidityDays'              = @{value = 365; write = $true; copy = $true; required = $true; placeholder = '<365>' }
+                'caCertValidityDays'                = @{value = 1095; write = $true; copy = $true; required = $true; placeholder = '<1095>' }
+                'certExpirationWarningDays'         = @{value = 15; write = $true; copy = $true; required = $true; placeholder = '<15>' }
+                'networkSSID'                       = @{value = $null; write = $true; copy = $true; required = $true; placeholder = '<networkSSID>' }
+                'certSubjectHeaderCountryCode'      = @{value = $null; write = $true; copy = $true; required = $true; placeholder = '<US>' }
+                'certSubjectHeaderStateCode'        = @{value = $null; write = $true; copy = $true; required = $true; placeholder = '<CO>' }
+                'certSubjectHeaderLocality'         = @{value = $null; write = $true; copy = $true; required = $true; placeholder = '<Boulder>' }
+                'certSubjectHeaderOrganization'     = @{value = $null; write = $true; copy = $true; required = $true; placeholder = '<JumpCloud>' }
+                'certSubjectHeaderOrganizationUnit' = @{value = $null; write = $true; copy = $true; required = $true; placeholder = '<Customer_Tools>' }
+                'certSubjectHeaderCommonName'       = @{value = $null; write = $true; copy = $true; required = $true; placeholder = '<JumpCloud.com>' }
+                'certType'                          = @{value = $null; write = $true; copy = $true; required = $true; placeholder = '<EmailSAN/EmailDN/UsernameCn>' }
+                'radiusDirectory'                   = @{value = $null; write = $true; copy = $true; required = $true; placeholder = '<Path/To/radiusDirectory>' }
+                'lastUpdate'                        = @{value = $date; write = $false; copy = $true; required = $false; placeholder = $null }
             }
         }
     }

From e9033482a0c65ae86d3d94eae40ec72769533d76 Mon Sep 17 00:00:00 2001
From: Geoffrey Wein <geoffrey.wein@jumpcloud.com>
Date: Mon, 31 Mar 2025 14:48:03 -0600
Subject: [PATCH 206/346] Create Confirm-JCRConfigFile.ps1

---
 .../Private/Config/Confirm-JCRConfigFile.ps1  | 48 +++++++++++++++++++
 1 file changed, 48 insertions(+)
 create mode 100644 scripts/automation/Radius/Functions/Private/Config/Confirm-JCRConfigFile.ps1

diff --git a/scripts/automation/Radius/Functions/Private/Config/Confirm-JCRConfigFile.ps1 b/scripts/automation/Radius/Functions/Private/Config/Confirm-JCRConfigFile.ps1
new file mode 100644
index 000000000..41f779be5
--- /dev/null
+++ b/scripts/automation/Radius/Functions/Private/Config/Confirm-JCRConfigFile.ps1
@@ -0,0 +1,48 @@
+function Confirm-JCRConfigFile {
+    [CmdletBinding()]
+    param (
+    )
+    begin {
+        if ($JCAPIKEY.length -ne 40) {
+            Connect-JCOnline -force | Out-Null
+        }
+
+        # Config should be in /PowerShell/JumpCloudModule/Config.json
+        $ModuleRoot = (Get-Item -Path:($PSScriptRoot)).Parent.Parent.FullName
+        $configFilePath = Join-Path -Path $ModuleRoot -ChildPath 'Config.json'
+        $rawConfig = Get-Content -Path $configFilePath | ConvertFrom-Json
+
+        $requiredAttributesNotSet = @{}
+    }
+
+    process {
+        # validate config settings
+        foreach ($item in $rawConfig.globalVars) {
+            foreach ($property in $item.PSObject.Properties) {
+                # check to see if the key is required and if the value is null
+                if ($property.Value.required -eq $true -and $property.Value.value -eq $null) {
+                    $requiredAttributesNotSet += @{ $property.Name = $property.value.placeholder }
+                }
+            }
+        }
+    }
+    end {
+        if ($requiredAttributesNotSet) {
+            $requiredAttributesNotSet = $requiredAttributesNotSet | Sort-Object
+            $requiredAttributesNotSetString = $requiredAttributesNotSet.Keys -join ","
+            Write-Warning @"
+There are required settings for this module that have not yet been set with the Set-JCRConfigFile function.
+The module requires you set: $requiredAttributesNotSetString
+To set these run the following command (changing the default settings for your own organization):
+
+`$settings = @{
+$($requiredAttributesNotSet.GetEnumerator() | ForEach-Object {
+"`t$($_.Key) = $($_.Value)" + [System.Environment]::NewLine
+})}
+
+Set-JCRConfigFile @settings
+"@
+            Write-Error "Please set the following variables with Set-JCConfigFile: $requiredAttributesNotSetString"
+        }
+    }
+}
\ No newline at end of file

From 9a7883ac4341b1d3cbe42919bcb965fd2f31a055 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Mon, 31 Mar 2025 15:22:43 -0600
Subject: [PATCH 207/346] update path

---
 .../Private/Config/Confirm-JCRConfigFile.ps1  |  5 +-
 .../Private/Config/Get-JCRConfigFile.ps1      |  6 ++-
 .../Private/Config/New-JCRConfigFile.ps1      |  4 +-
 .../Private/Config/Update-JCRConfigFile.ps1   | 48 +++++++++++++++++++
 .../Public/Config/Set-JCRConfigFile.ps1       |  4 +-
 5 files changed, 58 insertions(+), 9 deletions(-)
 create mode 100644 scripts/automation/Radius/Functions/Private/Config/Update-JCRConfigFile.ps1

diff --git a/scripts/automation/Radius/Functions/Private/Config/Confirm-JCRConfigFile.ps1 b/scripts/automation/Radius/Functions/Private/Config/Confirm-JCRConfigFile.ps1
index 41f779be5..549a0a5c7 100644
--- a/scripts/automation/Radius/Functions/Private/Config/Confirm-JCRConfigFile.ps1
+++ b/scripts/automation/Radius/Functions/Private/Config/Confirm-JCRConfigFile.ps1
@@ -7,8 +7,7 @@ function Confirm-JCRConfigFile {
             Connect-JCOnline -force | Out-Null
         }
 
-        # Config should be in /PowerShell/JumpCloudModule/Config.json
-        $ModuleRoot = (Get-Item -Path:($PSScriptRoot)).Parent.Parent.FullName
+        $ModuleRoot = (Get-Item -Path:($PSScriptRoot)).Parent.Parent.Parent.FullName
         $configFilePath = Join-Path -Path $ModuleRoot -ChildPath 'Config.json'
         $rawConfig = Get-Content -Path $configFilePath | ConvertFrom-Json
 
@@ -27,7 +26,7 @@ function Confirm-JCRConfigFile {
         }
     }
     end {
-        if ($requiredAttributesNotSet) {
+        if ($requiredAttributesNotSet.count -gt 0) {
             $requiredAttributesNotSet = $requiredAttributesNotSet | Sort-Object
             $requiredAttributesNotSetString = $requiredAttributesNotSet.Keys -join ","
             Write-Warning @"
diff --git a/scripts/automation/Radius/Functions/Private/Config/Get-JCRConfigFile.ps1 b/scripts/automation/Radius/Functions/Private/Config/Get-JCRConfigFile.ps1
index b87002ed7..8b6bebfff 100644
--- a/scripts/automation/Radius/Functions/Private/Config/Get-JCRConfigFile.ps1
+++ b/scripts/automation/Radius/Functions/Private/Config/Get-JCRConfigFile.ps1
@@ -10,8 +10,7 @@ function Get-JCRConfigFile {
     )
 
     begin {
-        # Config should be in /PowerShell/JumpCloudModule/Config.json
-        $ModuleRoot = (Get-Item -Path:($PSScriptRoot)).Parent.Parent.FullName
+        $ModuleRoot = (Get-Item -Path:($PSScriptRoot)).Parent.Parent.Parent.FullName
         $configFilePath = Join-Path -Path $ModuleRoot -ChildPath 'config.json'
 
         if (-Not (Test-Path -Path $configFilePath)) {
@@ -19,6 +18,9 @@ function Get-JCRConfigFile {
             # Create new file with default settings
             New-JCRConfigFile
         }
+
+        # # confirm the config file is set with the required settings
+        # Confirm-JCRConfigFile
     }
 
     process {
diff --git a/scripts/automation/Radius/Functions/Private/Config/New-JCRConfigFile.ps1 b/scripts/automation/Radius/Functions/Private/Config/New-JCRConfigFile.ps1
index 7e90f06e9..ea7772eb8 100644
--- a/scripts/automation/Radius/Functions/Private/Config/New-JCRConfigFile.ps1
+++ b/scripts/automation/Radius/Functions/Private/Config/New-JCRConfigFile.ps1
@@ -9,8 +9,7 @@ function New-JCRConfigFile {
     )
 
     begin {
-        # Config should be in /PowerShell/JumpCloudModule/Config.json
-        $ModuleRoot = (Get-Item -Path:($PSScriptRoot)).Parent.Parent.FullName
+        $ModuleRoot = (Get-Item -Path:($PSScriptRoot)).Parent.Parent.Parent.FullName
         $configFilePath = Join-Path -Path $ModuleRoot -ChildPath 'config.json'
         $date = (Get-Date).ToUniversalTime()
     }
@@ -44,3 +43,4 @@ function New-JCRConfigFile {
         }
     }
 }
+New-JCRConfigFile -force
\ No newline at end of file
diff --git a/scripts/automation/Radius/Functions/Private/Config/Update-JCRConfigFile.ps1 b/scripts/automation/Radius/Functions/Private/Config/Update-JCRConfigFile.ps1
new file mode 100644
index 000000000..db6a0276d
--- /dev/null
+++ b/scripts/automation/Radius/Functions/Private/Config/Update-JCRConfigFile.ps1
@@ -0,0 +1,48 @@
+function Update-JCRConfigFile {
+    [CmdletBinding()]
+    param (
+        [Parameter(Mandatory = $true)]
+        [ValidateNotNullOrEmpty()]
+        [object]
+        $settings
+    )
+
+    begin {
+        # Config should be in /PowerShell/JumpCloudModule/Config.json
+        $ModuleRoot = (Get-Item -Path:($PSScriptRoot)).Parent.Parent.Parent.FullName
+        $configFilePath = join-path -path $ModuleRoot -childpath 'Config.json'
+
+        if (test-path -path $configFilePath) {
+            # Get Contents
+            $config = Get-JCRConfigFile -Raw
+        } else {
+            # Create new file with default settings
+            New-JCRConfigFile
+        }
+    }
+
+    process {
+        foreach ($newSetting in $config.psobject.properties) {
+            foreach ($copiedSetting in $settings.psobject.properties) {
+                if ($newSetting.name -eq $copiedSetting.name) {
+                    # If the new property is in the copied settings property list:
+                    foreach ($newProperty in $newSetting.value.psobject.properties) {
+                        foreach ($copiedProperty in $copiedSetting.value.psobject.properties) {
+                            # If the property names match & the new property is eligible to be copied, copy it
+                            if ( ($newProperty.name -eq $copiedProperty.name) -And ($newProperty.Value.copy -eq $true)) {
+                                # If the values are different, copy the values
+                                if ( $newProperty.value.value -ne $copiedProperty.value.value) {
+                                    $config.$($newsetting.name).$($newProperty.name).value = $settings.$($copiedSetting.name).$($copiedProperty.name).value
+                                }
+                            }
+                        }
+                    }
+                }
+            }
+        }
+    }
+
+    end {
+        $config | ConvertTo-Json | Out-File -FilePath $configFilePath
+    }
+}
\ No newline at end of file
diff --git a/scripts/automation/Radius/Functions/Public/Config/Set-JCRConfigFile.ps1 b/scripts/automation/Radius/Functions/Public/Config/Set-JCRConfigFile.ps1
index 2b153714c..52e6c0ee1 100644
--- a/scripts/automation/Radius/Functions/Public/Config/Set-JCRConfigFile.ps1
+++ b/scripts/automation/Radius/Functions/Public/Config/Set-JCRConfigFile.ps1
@@ -3,7 +3,7 @@ function Set-JCRConfigFile {
     param (
     )
     DynamicParam {
-        $ModuleRoot = (Get-Item -Path:($PSScriptRoot)).Parent.Parent.FullName
+        $ModuleRoot = (Get-Item -Path:($PSScriptRoot)).Parent.Parent.Parent.FullName
         $configFilePath = Join-Path -Path $ModuleRoot -ChildPath 'Config.json'
 
         if (Test-Path -Path $configFilePath) {
@@ -56,7 +56,7 @@ function Set-JCRConfigFile {
         }
 
         # Config should be in /PowerShell/JumpCloudModule/Config.json
-        $ModuleRoot = (Get-Item -Path:($PSScriptRoot)).Parent.Parent.FullName
+        $ModuleRoot = (Get-Item -Path:($PSScriptRoot)).Parent.Parent.Parent.FullName
         $configFilePath = Join-Path -Path $ModuleRoot -ChildPath 'Config.json'
 
         if (Test-Path -Path $configFilePath) {

From 93e22dcacbc136ce214c8be9649145e35a5b91c7 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Mon, 31 Mar 2025 15:23:53 -0600
Subject: [PATCH 208/346] ignore config.json

---
 .gitignore | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.gitignore b/.gitignore
index a9a397178..763484e9f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -23,6 +23,7 @@
 /scripts/automation/Radius/*.encrypted
 /scripts/automation/Radius/log.txt
 /scripts/automation/Radius/reports/*
+/scripts/automation/Radius/config.json
 
 __pycache__/
 *.pyc

From c139d724330a5b05de666ad243225c5c4f64abc1 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Mon, 31 Mar 2025 15:25:49 -0600
Subject: [PATCH 209/346] config changes

---
 .../Radius/Functions/Private/Config/Get-JCRConfigFile.ps1 | 8 +++++++-
 .../Radius/Functions/Private/Config/New-JCRConfigFile.ps1 | 3 +--
 .../Functions/Private/Config/Update-JCRConfigFile.ps1     | 2 +-
 .../Radius/Functions/Public/Module/Update-JCRModule.ps1   | 6 ++++++
 4 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Private/Config/Get-JCRConfigFile.ps1 b/scripts/automation/Radius/Functions/Private/Config/Get-JCRConfigFile.ps1
index 8b6bebfff..f13eeb915 100644
--- a/scripts/automation/Radius/Functions/Private/Config/Get-JCRConfigFile.ps1
+++ b/scripts/automation/Radius/Functions/Private/Config/Get-JCRConfigFile.ps1
@@ -10,8 +10,14 @@ function Get-JCRConfigFile {
     )
 
     begin {
+<<<<<<< Updated upstream
         $ModuleRoot = (Get-Item -Path:($PSScriptRoot)).Parent.Parent.Parent.FullName
         $configFilePath = Join-Path -Path $ModuleRoot -ChildPath 'config.json'
+=======
+        # Config should be in /PowerShell/JumpCloudModule/Config.json
+        $ModuleRoot = (Get-Item -Path:($PSScriptRoot)).Parent.Parent.Parent.FullName
+        $configFilePath = Join-Path -Path $ModuleRoot -ChildPath 'config2.json'
+>>>>>>> Stashed changes
 
         if (-Not (Test-Path -Path $configFilePath)) {
             Write-Host "write new settings file $configFilePath"
@@ -44,4 +50,4 @@ function Get-JCRConfigFile {
     end {
         return $config
     }
-}
+}
\ No newline at end of file
diff --git a/scripts/automation/Radius/Functions/Private/Config/New-JCRConfigFile.ps1 b/scripts/automation/Radius/Functions/Private/Config/New-JCRConfigFile.ps1
index ea7772eb8..d23a080f5 100644
--- a/scripts/automation/Radius/Functions/Private/Config/New-JCRConfigFile.ps1
+++ b/scripts/automation/Radius/Functions/Private/Config/New-JCRConfigFile.ps1
@@ -42,5 +42,4 @@ function New-JCRConfigFile {
             $config | ConvertTo-Json | Out-File -FilePath $configFilePath
         }
     }
-}
-New-JCRConfigFile -force
\ No newline at end of file
+}
\ No newline at end of file
diff --git a/scripts/automation/Radius/Functions/Private/Config/Update-JCRConfigFile.ps1 b/scripts/automation/Radius/Functions/Private/Config/Update-JCRConfigFile.ps1
index db6a0276d..62bfa7c2c 100644
--- a/scripts/automation/Radius/Functions/Private/Config/Update-JCRConfigFile.ps1
+++ b/scripts/automation/Radius/Functions/Private/Config/Update-JCRConfigFile.ps1
@@ -45,4 +45,4 @@ function Update-JCRConfigFile {
     end {
         $config | ConvertTo-Json | Out-File -FilePath $configFilePath
     }
-}
\ No newline at end of file
+}
diff --git a/scripts/automation/Radius/Functions/Public/Module/Update-JCRModule.ps1 b/scripts/automation/Radius/Functions/Public/Module/Update-JCRModule.ps1
index 7e2061e0c..60c4d3122 100644
--- a/scripts/automation/Radius/Functions/Public/Module/Update-JCRModule.ps1
+++ b/scripts/automation/Radius/Functions/Public/Module/Update-JCRModule.ps1
@@ -42,10 +42,16 @@ function Update-JCRModule {
         } else {
             # else get the module config from the current module:
             # TODO: get the json config with the private function not created yet
+            $savedJCRSettings = Get-JCRConfigFile -raw
 
             # now, attempt to update the module
             try {
                 Update-Module -Name $ModuleName -Force
+
+                # update the settings file config.json
+                Update-JCSettingsFile -settings $savedJCSettings
+                # re-import the settings file variable
+                $global:JCConfig = Get-JCSettingsFile
             } catch {
                 Write-Error "Failed to update the module: $_"
             }

From faacc239b3147f91d2b455d4be783ab03ad0858d Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Mon, 31 Mar 2025 15:42:55 -0600
Subject: [PATCH 210/346] update function names

---
 .../Radius/Functions/Private/Config/Get-JCRConfigFile.ps1   | 6 ------
 .../Functions/Private/Settings/Set-JCRSettingsFile.ps1      | 2 +-
 .../Radius/Functions/Public/Get-JCRGlobalVars.ps1           | 2 +-
 .../Radius/Tests/Public/Get-JCRGlobalVars.Tests.ps1         | 6 +++---
 4 files changed, 5 insertions(+), 11 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Private/Config/Get-JCRConfigFile.ps1 b/scripts/automation/Radius/Functions/Private/Config/Get-JCRConfigFile.ps1
index f13eeb915..8b8857acd 100644
--- a/scripts/automation/Radius/Functions/Private/Config/Get-JCRConfigFile.ps1
+++ b/scripts/automation/Radius/Functions/Private/Config/Get-JCRConfigFile.ps1
@@ -10,14 +10,8 @@ function Get-JCRConfigFile {
     )
 
     begin {
-<<<<<<< Updated upstream
         $ModuleRoot = (Get-Item -Path:($PSScriptRoot)).Parent.Parent.Parent.FullName
         $configFilePath = Join-Path -Path $ModuleRoot -ChildPath 'config.json'
-=======
-        # Config should be in /PowerShell/JumpCloudModule/Config.json
-        $ModuleRoot = (Get-Item -Path:($PSScriptRoot)).Parent.Parent.Parent.FullName
-        $configFilePath = Join-Path -Path $ModuleRoot -ChildPath 'config2.json'
->>>>>>> Stashed changes
 
         if (-Not (Test-Path -Path $configFilePath)) {
             Write-Host "write new settings file $configFilePath"
diff --git a/scripts/automation/Radius/Functions/Private/Settings/Set-JCRSettingsFile.ps1 b/scripts/automation/Radius/Functions/Private/Settings/Set-JCRSettingsFile.ps1
index 2a28a3889..870c5f73a 100644
--- a/scripts/automation/Radius/Functions/Private/Settings/Set-JCRSettingsFile.ps1
+++ b/scripts/automation/Radius/Functions/Private/Settings/Set-JCRSettingsFile.ps1
@@ -95,6 +95,6 @@ function Set-JCRSettingsFile {
         # Write out the new settings
         $config | ConvertTo-Json | Out-File -FilePath $configFilePath
         # Update Global Variable
-        $global:JCRConfig = Get-JCRSettingsFile
+        $global:JCRConfig = Get-JCRConfigFile
     }
 }
\ No newline at end of file
diff --git a/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1 b/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
index 8a153a3b7..e78f98746 100644
--- a/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
+++ b/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
@@ -22,7 +22,7 @@ function Get-JCRGlobalVars {
         }
 
         if (-Not $global:JCRConfig) {
-            $global:JCRConfig = Get-JCRSettingsFile
+            $global:JCRConfig = Get-JCRConfigFile
         }
 
         # get settings file
diff --git a/scripts/automation/Radius/Tests/Public/Get-JCRGlobalVars.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Get-JCRGlobalVars.Tests.ps1
index 1a9ae9412..48b819e7c 100644
--- a/scripts/automation/Radius/Tests/Public/Get-JCRGlobalVars.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Get-JCRGlobalVars.Tests.ps1
@@ -48,7 +48,7 @@ Describe "Get Global Variable Data Tests" -Tag "Cache" {
         }
         It "Data should not be refreshed when running Get-JCRGlobalVars if it's been less than 24 hours since last update" {
             # Get the settings data
-            $settingsData = Get-JCRSettingsFile
+            $settingsData = Get-JCRConfigFile
             $timespan = New-TimeSpan -Start (Get-Date).AddHours(-24) -End $settingsData.globalVars.lastupdate
             # Write-Host "Time between 24 hrs and settings file: $($timespan.TotalHours)"
             # get files before
@@ -79,7 +79,7 @@ Describe "Get Global Variable Data Tests" -Tag "Cache" {
         }
         It "Data should refresh when running Get-JCRGlobalVars if it's been more than 24 hours since last update" {
             # Get the settings data
-            $settingsData = Get-JCRSettingsFile
+            $settingsData = Get-JCRConfigFile
             $timespan = New-TimeSpan -Start (Get-Date).AddHours(-24) -End $settingsData.globalVars.lastupdate
             # Write-Host "Time between 24 hrs and settings file: $($timespan.TotalHours)"
             # get files before
@@ -91,7 +91,7 @@ Describe "Get Global Variable Data Tests" -Tag "Cache" {
                 # set the settings file to a mocked value of now
                 Set-JCRSettingsFile -globalVarslastUpdate (Get-Date).AddHours(-25)
                 Start-Sleep 2
-                $settingsData = Get-JCRSettingsFile
+                $settingsData = Get-JCRConfigFile
                 $timespan = New-TimeSpan -Start  $settingsData.globalVars.lastupdate -End (Get-Date).AddHours(-24)
                 Write-Host "Time between 24 hrs and settings file: $($timespan.TotalHours)"
             }

From c8c58b96ba08681257e96001c15832115b0ec812 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Mon, 31 Mar 2025 15:50:24 -0600
Subject: [PATCH 211/346] write last update needed when we set this in the
 module

---
 .../Radius/Functions/Private/Config/New-JCRConfigFile.ps1       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/automation/Radius/Functions/Private/Config/New-JCRConfigFile.ps1 b/scripts/automation/Radius/Functions/Private/Config/New-JCRConfigFile.ps1
index d23a080f5..0542048df 100644
--- a/scripts/automation/Radius/Functions/Private/Config/New-JCRConfigFile.ps1
+++ b/scripts/automation/Radius/Functions/Private/Config/New-JCRConfigFile.ps1
@@ -31,7 +31,7 @@ function New-JCRConfigFile {
                 'certSubjectHeaderCommonName'       = @{value = $null; write = $true; copy = $true; required = $true; placeholder = '<JumpCloud.com>' }
                 'certType'                          = @{value = $null; write = $true; copy = $true; required = $true; placeholder = '<EmailSAN/EmailDN/UsernameCn>' }
                 'radiusDirectory'                   = @{value = $null; write = $true; copy = $true; required = $true; placeholder = '<Path/To/radiusDirectory>' }
-                'lastUpdate'                        = @{value = $date; write = $false; copy = $true; required = $false; placeholder = $null }
+                'lastUpdate'                        = @{value = $date; write = $true; copy = $true; required = $false; placeholder = $null }
             }
         }
     }

From 5fc1253186c1c2c31035b25b7e1d567edc019a50 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Mon, 31 Mar 2025 15:51:01 -0600
Subject: [PATCH 212/346] Set-JCRSettingsFile -> Set-JCRConfigFile

---
 .../automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1  | 2 +-
 .../Radius/Tests/Public/Get-JCRGlobalVars.Tests.ps1           | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1 b/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
index e78f98746..5b8c07780 100644
--- a/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
+++ b/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
@@ -247,7 +247,7 @@ function Get-JCRGlobalVars {
                 [array]$Global:JCRRadiusMembers = $radiusMemberList
                 $Global:JCRCertHash = $certHash
                 # update the settings date
-                Set-JCRSettingsFile -globalVarslastUpdate (Get-Date)
+                Set-JCRConfigFile - (Get-Date)
                 # update users.json
                 Update-JCRUsersJson
             }
diff --git a/scripts/automation/Radius/Tests/Public/Get-JCRGlobalVars.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Get-JCRGlobalVars.Tests.ps1
index 48b819e7c..a740cccfc 100644
--- a/scripts/automation/Radius/Tests/Public/Get-JCRGlobalVars.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Get-JCRGlobalVars.Tests.ps1
@@ -58,7 +58,7 @@ Describe "Get Global Variable Data Tests" -Tag "Cache" {
                 # continue with test
             } else {
                 # set the settings file to a mocked value of now
-                Set-JCRSettingsFile -globalVarslastUpdate (Get-Date)
+                Set-JCRConfigFile -lastUpdate (Get-Date)
 
             }
             # run Get-JCRGlobalVars
@@ -89,7 +89,7 @@ Describe "Get Global Variable Data Tests" -Tag "Cache" {
                 # continue with test
             } else {
                 # set the settings file to a mocked value of now
-                Set-JCRSettingsFile -globalVarslastUpdate (Get-Date).AddHours(-25)
+                Set-JCRConfigFile -lastUpdate (Get-Date).AddHours(-25)
                 Start-Sleep 2
                 $settingsData = Get-JCRConfigFile
                 $timespan = New-TimeSpan -Start  $settingsData.globalVars.lastupdate -End (Get-Date).AddHours(-24)

From e18fe6e571b076bdb6ea54a5ccf983d8d8a71de9 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Tue, 1 Apr 2025 18:19:40 -0600
Subject: [PATCH 213/346] update config

---
 .../Private/CertDeployment/Get-CertInfo.ps1   |   9 +-
 .../Commands/Clear-JCQueuedCommand.ps1        |   2 +-
 .../Private/Config/Confirm-JCRConfigFile.ps1  |  32 ++--
 .../Private/Config/Get-JCRConfig.ps1          |  24 +++
 .../Private/Config/Get-JCRConfigFile.ps1      |   8 +-
 .../Private/Config/New-JCRConfigFile.ps1      |  20 +--
 .../Private/Menus/Show-RadiusMainMenu.ps1     |  12 +-
 .../Private/Module/Get-JCRUserAgent.ps1       |  13 ++
 .../Private/Module/Get-OpenSSLVersion.ps1     |  60 ++++++++
 .../Module/Validate-JCRModuleRequirements.ps1 |   6 +
 .../Public/Config/Set-JCRConfigFile.ps1       | 104 ++++++-------
 .../Functions/Public/Get-JCRGlobalVars.ps1    |  10 +-
 .../Public/Start-GenerateUserCerts.ps1        |   4 +-
 .../Public/Start-RadiusDeployment.ps1         |  16 +-
 .../automation/Radius/JumpCloud.Radius.psd1   |   8 +-
 .../automation/Radius/JumpCloud.Radius.psm1   | 145 +++++++++++++++++-
 .../Tests/Public/Get-JCRGlobalVars.Tests.ps1  |   4 +-
 .../Public/Start-DeployUserCerts.Tests.ps1    |  26 ++--
 .../Public/Start-GenerateRootCert.Tests.ps1   |  48 +++---
 .../Public/Start-GenerateUserCerts.Tests.ps1  |  30 ++--
 .../Radius/Tests/SetupRadiusOrg.ps1           |   2 +-
 .../automation/Radius/multi_group_radius.ps1  |   2 +-
 22 files changed, 391 insertions(+), 194 deletions(-)
 create mode 100644 scripts/automation/Radius/Functions/Private/Config/Get-JCRConfig.ps1
 create mode 100644 scripts/automation/Radius/Functions/Private/Module/Get-JCRUserAgent.ps1
 create mode 100644 scripts/automation/Radius/Functions/Private/Module/Get-OpenSSLVersion.ps1
 create mode 100644 scripts/automation/Radius/Functions/Private/Module/Validate-JCRModuleRequirements.ps1

diff --git a/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1 b/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1
index 9f74d5677..67b2ec679 100644
--- a/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1
@@ -12,9 +12,6 @@ function Get-CertInfo {
         $username
     )
     begin {
-        # Import the Config.ps1 variables
-        . "$JCScriptRoot/Config.ps1"
-
         if ($RootCA) {
             # Find the RootCA Path
             $foundCerts = Resolve-Path -Path "$JCScriptRoot/Cert/*cert*.pem" -ErrorAction SilentlyContinue
@@ -23,12 +20,12 @@ function Get-CertInfo {
         if ($UserCerts) {
             # Find all userCert paths
             if ($username) {
-                $foundCerts = Resolve-Path -Path "$JCScriptRoot/UserCerts/$username-$($Global:JCR_CERT_TYPE)*.crt" -ErrorAction SilentlyContinue
+                $foundCerts = Resolve-Path -Path "$JCScriptRoot/UserCerts/$username-$($module.PrivateData.config['certType'].value)*.crt" -ErrorAction SilentlyContinue
 
             } else {
                 $foundCerts = New-Object System.Collections.ArrayList
                 $global:JCRRadiusMembers.username | ForEach-Object {
-                    $foundCert = Resolve-Path -Path "$JCScriptRoot/UserCerts/$_-$($Global:JCR_CERT_TYPE)*.crt" -ErrorAction SilentlyContinue
+                    $foundCert = Resolve-Path -Path "$JCScriptRoot/UserCerts/$_-$($module.PrivateData.config['certType'].value)*.crt" -ErrorAction SilentlyContinue
                     if ($foundCert) {
                         $foundCerts.Add($foundCert) | Out-Null
                     }
@@ -111,7 +108,7 @@ function Get-CertInfo {
                     $certFile = Get-Item $($cert.Path)
                     if (('username' -notin $MyInvocation.BoundParameters) -AND (-Not [System.String]::IsNullOrEmpty($certFile.name))) {
                         # Write-Host "Attempting to parse username from string: $($certFile.name)"
-                        $matchNames = $certFile.name | Select-String -Pattern "(.*)-$($Global:JCR_CERT_TYPE).*"
+                        $matchNames = $certFile.name | Select-String -Pattern "(.*)-$($module.PrivateData.config['certType'].value).*"
                         if ($matchNames.Matches.groups) {
                             $username = $matchNames.Matches.groups[1].value
                         }
diff --git a/scripts/automation/Radius/Functions/Private/Commands/Clear-JCQueuedCommand.ps1 b/scripts/automation/Radius/Functions/Private/Commands/Clear-JCQueuedCommand.ps1
index 23807b64e..eb33d1461 100644
--- a/scripts/automation/Radius/Functions/Private/Commands/Clear-JCQueuedCommand.ps1
+++ b/scripts/automation/Radius/Functions/Private/Commands/Clear-JCQueuedCommand.ps1
@@ -8,7 +8,7 @@ function Clear-JCQueuedCommand {
             'x-api-key' = $Env:JCApiKey
             'x-org-id'  = $Env:JCOrgId
         }
-        $response = Invoke-RestMethod -Uri "https://console.jumpcloud.com/api/v2/commandqueue/$workflowId" -Method DELETE -Headers $headers -UserAgent $UserAgent
+        $response = Invoke-RestMethod -Uri "https://console.jumpcloud.com/api/v2/commandqueue/$workflowId" -Method DELETE -Headers $headers -UserAgent $module.PrivateData.settings['userAgent'].value
     }
     end {
         return $response
diff --git a/scripts/automation/Radius/Functions/Private/Config/Confirm-JCRConfigFile.ps1 b/scripts/automation/Radius/Functions/Private/Config/Confirm-JCRConfigFile.ps1
index 549a0a5c7..b4f9a0ece 100644
--- a/scripts/automation/Radius/Functions/Private/Config/Confirm-JCRConfigFile.ps1
+++ b/scripts/automation/Radius/Functions/Private/Config/Confirm-JCRConfigFile.ps1
@@ -1,28 +1,30 @@
 function Confirm-JCRConfigFile {
     [CmdletBinding()]
     param (
+        [Parameter(
+            Mandatory = $false,
+            HelpMessage = 'Switch to pass into the function when first loading the module, the function will not write an error if this parameter is true'
+        )]
+        [switch]$loadModule
     )
     begin {
         if ($JCAPIKEY.length -ne 40) {
             Connect-JCOnline -force | Out-Null
         }
-
-        $ModuleRoot = (Get-Item -Path:($PSScriptRoot)).Parent.Parent.Parent.FullName
-        $configFilePath = Join-Path -Path $ModuleRoot -ChildPath 'Config.json'
-        $rawConfig = Get-Content -Path $configFilePath | ConvertFrom-Json
-
+        $config = $module.privateData.config
         $requiredAttributesNotSet = @{}
     }
 
     process {
         # validate config settings
-        foreach ($item in $rawConfig.globalVars) {
-            foreach ($property in $item.PSObject.Properties) {
-                # check to see if the key is required and if the value is null
-                if ($property.Value.required -eq $true -and $property.Value.value -eq $null) {
-                    $requiredAttributesNotSet += @{ $property.Name = $property.value.placeholder }
-                }
+        foreach ($item in $config.keys) {
+            $setting = $config[$item]
+
+            # check to see if the key is required and if the value is null
+            if ($setting.required -eq $true -and $setting.value -eq $null) {
+                $requiredAttributesNotSet += @{ $item = $setting.placeholder }
             }
+
         }
     }
     end {
@@ -32,6 +34,7 @@ function Confirm-JCRConfigFile {
             Write-Warning @"
 There are required settings for this module that have not yet been set with the Set-JCRConfigFile function.
 The module requires you set: $requiredAttributesNotSetString
+
 To set these run the following command (changing the default settings for your own organization):
 
 `$settings = @{
@@ -40,8 +43,13 @@ $($requiredAttributesNotSet.GetEnumerator() | ForEach-Object {
 })}
 
 Set-JCRConfigFile @settings
+
 "@
-            Write-Error "Please set the following variables with Set-JCConfigFile: $requiredAttributesNotSetString"
+            if (-not $loadModule) {
+                Write-Error "Please set these variables with the Set-JCRConfigFile cmdlet"
+            } else {
+                Write-Warning "Please set these variables with the Set-JCRConfigFile cmdlet"
+            }
         }
     }
 }
\ No newline at end of file
diff --git a/scripts/automation/Radius/Functions/Private/Config/Get-JCRConfig.ps1 b/scripts/automation/Radius/Functions/Private/Config/Get-JCRConfig.ps1
new file mode 100644
index 000000000..5598a846d
--- /dev/null
+++ b/scripts/automation/Radius/Functions/Private/Config/Get-JCRConfig.ps1
@@ -0,0 +1,24 @@
+function Get-JCRConfig {
+    [CmdletBinding()]
+    param(
+        [Parameter(Mandatory = $true)][string]$FilePath
+    )
+
+    if (Test-Path -Path $FilePath) {
+        try {
+            $savedConfig = (Get-Content -Path $FilePath -Raw | ConvertFrom-Json)
+            # Merge loaded settings with the module's default configuration
+            foreach ($settingName in $savedConfig.PSObject.Properties.Name) {
+                if ($Module.privateData.config.containsKey($settingName)) {
+                    $Module.privateData.config[$settingName].value = $savedConfig.$settingName.value
+                } else {
+                    Write-Warning "Loaded config contains unknown setting: '$settingName'. It will be ignored."
+                }
+            }
+        } catch {
+            Write-Warning "Failed to load config from '$FilePath'. Using default configuration."
+        }
+    } else {
+        Write-Warning "Config file '$FilePath' not found. Using default configuration."
+    }
+}
\ No newline at end of file
diff --git a/scripts/automation/Radius/Functions/Private/Config/Get-JCRConfigFile.ps1 b/scripts/automation/Radius/Functions/Private/Config/Get-JCRConfigFile.ps1
index 8b8857acd..f902c4a15 100644
--- a/scripts/automation/Radius/Functions/Private/Config/Get-JCRConfigFile.ps1
+++ b/scripts/automation/Radius/Functions/Private/Config/Get-JCRConfigFile.ps1
@@ -6,7 +6,7 @@ function Get-JCRConfigFile {
             HelpMessage = 'Returns Config.json with value, copy, write properties'
         )]
         [switch]
-        $raw
+        $asObject
     )
 
     begin {
@@ -18,13 +18,10 @@ function Get-JCRConfigFile {
             # Create new file with default settings
             New-JCRConfigFile
         }
-
-        # # confirm the config file is set with the required settings
-        # Confirm-JCRConfigFile
     }
 
     process {
-        if (-Not $raw) {
+        if (-Not $asObject) {
             $rawConfig = Get-Content -Path $configFilePath | ConvertFrom-Json
             $config = @{}
             foreach ($item in $rawConfig.psobject.Properties) {
@@ -38,7 +35,6 @@ function Get-JCRConfigFile {
         } else {
             # Get Contents
             $config = Get-Content -Path $configFilePath | ConvertFrom-Json
-            $config = $config.globalVars
         }
     }
     end {
diff --git a/scripts/automation/Radius/Functions/Private/Config/New-JCRConfigFile.ps1 b/scripts/automation/Radius/Functions/Private/Config/New-JCRConfigFile.ps1
index 0542048df..10a4f5937 100644
--- a/scripts/automation/Radius/Functions/Private/Config/New-JCRConfigFile.ps1
+++ b/scripts/automation/Radius/Functions/Private/Config/New-JCRConfigFile.ps1
@@ -15,25 +15,7 @@ function New-JCRConfigFile {
     }
     process {
         # Define Default Settings for the Config file
-        $config = @{
-            "globalVars" = @{
-                'userGroup'                         = @{value = $null; write = $true; copy = $true; required = $true; placeholder = '<UserGroupID>' }
-                'certSecretPass'                    = @{value = $null; write = $true; copy = $true; required = $true; placeholder = '<CertPassword>' }
-                'userCertValidityDays'              = @{value = 365; write = $true; copy = $true; required = $true; placeholder = '<365>' }
-                'caCertValidityDays'                = @{value = 1095; write = $true; copy = $true; required = $true; placeholder = '<1095>' }
-                'certExpirationWarningDays'         = @{value = 15; write = $true; copy = $true; required = $true; placeholder = '<15>' }
-                'networkSSID'                       = @{value = $null; write = $true; copy = $true; required = $true; placeholder = '<networkSSID>' }
-                'certSubjectHeaderCountryCode'      = @{value = $null; write = $true; copy = $true; required = $true; placeholder = '<US>' }
-                'certSubjectHeaderStateCode'        = @{value = $null; write = $true; copy = $true; required = $true; placeholder = '<CO>' }
-                'certSubjectHeaderLocality'         = @{value = $null; write = $true; copy = $true; required = $true; placeholder = '<Boulder>' }
-                'certSubjectHeaderOrganization'     = @{value = $null; write = $true; copy = $true; required = $true; placeholder = '<JumpCloud>' }
-                'certSubjectHeaderOrganizationUnit' = @{value = $null; write = $true; copy = $true; required = $true; placeholder = '<Customer_Tools>' }
-                'certSubjectHeaderCommonName'       = @{value = $null; write = $true; copy = $true; required = $true; placeholder = '<JumpCloud.com>' }
-                'certType'                          = @{value = $null; write = $true; copy = $true; required = $true; placeholder = '<EmailSAN/EmailDN/UsernameCn>' }
-                'radiusDirectory'                   = @{value = $null; write = $true; copy = $true; required = $true; placeholder = '<Path/To/radiusDirectory>' }
-                'lastUpdate'                        = @{value = $date; write = $true; copy = $true; required = $false; placeholder = $null }
-            }
-        }
+        $config = $module.privateData.config
     }
     end {
         if ((Test-Path -Path $configFilePath) -And ($force)) {
diff --git a/scripts/automation/Radius/Functions/Private/Menus/Show-RadiusMainMenu.ps1 b/scripts/automation/Radius/Functions/Private/Menus/Show-RadiusMainMenu.ps1
index 1e6e6e6e5..27e00bbda 100644
--- a/scripts/automation/Radius/Functions/Private/Menus/Show-RadiusMainMenu.ps1
+++ b/scripts/automation/Radius/Functions/Private/Menus/Show-RadiusMainMenu.ps1
@@ -8,17 +8,17 @@ function Show-RadiusMainMenu {
 
     # Find all certs that will expire between current date and cut off date
     try {
-        $Global:expiringCerts = Get-ExpiringCertInfo -certInfo $userCertInfo -cutoffDate $Global:JCR_USER_CERT_EXPIRE_WARNING_DAYS
+        $Global:expiringCerts = Get-ExpiringCertInfo -certInfo $userCertInfo -cutoffDate $module.PrivateData.config['certExpirationWarningDays'].value
     } catch {
         Write-Debug "No user certs exist, there are no user certs which will expire soon"
     }
 
     # Get UserGroup information from Config.ps1
-    $radiusUserGroup = Get-JcSdkUserGroup -Id $Global:JCR_USER_GROUP | Select-Object Name
-    $radiusUserGroupMemberCount = (Get-JcSdkUserGroupMember -GroupId $Global:JCR_USER_GROUP).Count
+    $radiusUserGroup = Get-JcSdkUserGroup -Id $module.PrivateData.config['userGroup'].value | Select-Object Name
+    $radiusUserGroupMemberCount = (Get-JcSdkUserGroupMember -GroupId $module.PrivateData.config['userGroup'].value).Count
 
     # Get SSID information from Config.ps1
-    $radiusSSID = $Global:JCR_NETWORKSSID.replace(';', ' ')
+    $radiusSSID = ($module.PrivateData.config['networkSSID'].value).replace(';', ' ')
 
     # Output for Users
     Clear-Host
@@ -47,9 +47,9 @@ function Show-RadiusMainMenu {
     Write-Host $(PadCenter -string "Total Radius Users: $($radiusUserGroupMemberCount)" -char " ") -ForegroundColor Green
     Write-Host $(PadCenter -string "Radius SSID(s): $radiusSSID" -char " ") -ForegroundColor Green
     if ($IsMacOS) {
-        Write-Host $(PadCenter -string "Last Updated User/System Data: $($Global:JCRConfig.globalVars.lastupdate)" -char " ") -ForegroundColor Green
+        Write-Host $(PadCenter -string "Last Updated User/System Data: $($module.PrivateData.config['lastUpdate'].value)" -char " ") -ForegroundColor Green
     } If ($isWindows) {
-        Write-Host $(PadCenter -string "Last Updated User/System Data: $($Global:JCRConfig.globalVars.lastupdate.value)" -char " ") -ForegroundColor Green
+        Write-Host $(PadCenter -string "Last Updated User/System Data: $($module.PrivateData.config['lastUpdate'].value.value)" -char " ") -ForegroundColor Green
     }
 
     Write-Host $(PadCenter -string "-" -char '-')
diff --git a/scripts/automation/Radius/Functions/Private/Module/Get-JCRUserAgent.ps1 b/scripts/automation/Radius/Functions/Private/Module/Get-JCRUserAgent.ps1
new file mode 100644
index 000000000..35f9ced9c
--- /dev/null
+++ b/scripts/automation/Radius/Functions/Private/Module/Get-JCRUserAgent.ps1
@@ -0,0 +1,13 @@
+function Get-JCRUserAgent {
+    $ModuleRoot = (Get-Item -Path:($PSScriptRoot)).Parent.Parent.Parent.FullName
+    $psd1Path = Join-Path -Path $ModuleRoot -ChildPath 'JumpCloud.Radius.psd1'
+    $psd1 = Import-PowerShellDataFile -Path $psd1Path
+    $UserAgent_ModuleVersion = $psd1.ModuleVersion
+    $UserAgent_ModuleName = 'PasswordlessRadiusConfig'
+    #Build the UserAgent string
+    $UserAgent_ModuleName = "JumpCloud_$($UserAgent_ModuleName).PowerShellModule"
+    $Template_UserAgent = "{0}/{1}"
+    $UserAgent = $Template_UserAgent -f $UserAgent_ModuleName, $UserAgent_ModuleVersion
+    # When we import this config, this function will run and validate the openSSL binary location
+    return $UserAgent
+}
\ No newline at end of file
diff --git a/scripts/automation/Radius/Functions/Private/Module/Get-OpenSSLVersion.ps1 b/scripts/automation/Radius/Functions/Private/Module/Get-OpenSSLVersion.ps1
new file mode 100644
index 000000000..0734a131a
--- /dev/null
+++ b/scripts/automation/Radius/Functions/Private/Module/Get-OpenSSLVersion.ps1
@@ -0,0 +1,60 @@
+function Get-OpenSSLVersion {
+    [CmdletBinding()]
+    param (
+        [Parameter()]
+        [system.string]
+        $opensslBinary
+    )
+    begin {
+        $conditionsNotMet = $false
+        try {
+            $version = Invoke-Expression "& '$opensslBinary' version"
+        } catch {
+            Write-Error "Something went wrong... Could not find openssl or the path is incorrect. Please update the `$JCR_OPENSSL variable in the config.ps1 file to the correct path"
+            $conditionsNotMet = $true
+        }
+
+        # Required OpenSSL Version
+        $OpenSSLVersion = [version]"3.0.0"
+
+        # Determine Libre or Open SSL:
+        if ($version -match "LibreSSL") {
+            Write-Error "LibreSSL does not meet the requirements of this application, please install OpenSSL v3.0.0 or later"
+            $conditionsNotMet = $true
+        } else {
+            [version]$Version = (Select-String -InputObject $version -Pattern "([0-9]+)\.([0-9]+)\.([0-9]+)").matches.value
+        }
+
+        # Determine if windows:
+        if ([System.Environment]::OSVersion.Platform -match "Win") {
+            # If env variable exists, skip check for subsequent runs of ./config.ps1
+            if ($env:OPENSSL_MODULES) {
+                $binItems = Get-ChildItem -Path $env:OPENSSL_MODULES
+                if ("legacy.dll" -notin $binItems.Name) {
+                    Write-Error "The required OpenSSL 'legacy.dll' file was not found in the bin path $PathDirectory. This is required to create certificates. `nIf this module file is located elsewhere, you may specify the path to that directory in this powershell session using this command: '`$env:OPENSSL_MODULES = C:/Path/To/Directory' "
+                    $conditionsNotMet = $true
+                }
+            } else {
+                # Try to point to the Legacy.dll file
+                Write-Error "The required OpenSSL 'legacy.dll' file is required for this project. This module file is required to create certificates. `nIf this module file is located elsewhere, you may specify the path to that directory in this powershell session using this command: '`$env:OPENSSL_MODULES = C:/Path/To/openSSL_Directory/' Where the legacy.dll file is in openSSL_Directory "
+                $conditionsNotMet = $true
+
+            }
+
+        }
+    }
+    process {
+        if ($version -lt $OpenSSLVersion) {
+            Write-Error "The installed version of OpenSSL: OpenSSL $Version, does not meet the requirements of this application, please install a later version of at least $Type $Version"
+            $conditionsNotMet = $true
+        }
+    }
+    end {
+        # Return false if the version is less than the required version
+        if ($conditionsNotMet) {
+            return $false
+        } else {
+            return $true
+        }
+    }
+}
\ No newline at end of file
diff --git a/scripts/automation/Radius/Functions/Private/Module/Validate-JCRModuleRequirements.ps1 b/scripts/automation/Radius/Functions/Private/Module/Validate-JCRModuleRequirements.ps1
new file mode 100644
index 000000000..9fe970c60
--- /dev/null
+++ b/scripts/automation/Radius/Functions/Private/Module/Validate-JCRModuleRequirements.ps1
@@ -0,0 +1,6 @@
+function Validate-JCRModuleRequirements {
+    $openSSLValidated = Get-OpenSSLVersion -opensslBinary $JCR_OPENSSL
+    if ($openSSLValidated -eq $false) {
+        throw "OpenSSL validation failed. Please check the OpenSSL path and version."
+    }
+}
diff --git a/scripts/automation/Radius/Functions/Public/Config/Set-JCRConfigFile.ps1 b/scripts/automation/Radius/Functions/Public/Config/Set-JCRConfigFile.ps1
index 52e6c0ee1..30841168b 100644
--- a/scripts/automation/Radius/Functions/Public/Config/Set-JCRConfigFile.ps1
+++ b/scripts/automation/Radius/Functions/Public/Config/Set-JCRConfigFile.ps1
@@ -3,85 +3,71 @@ function Set-JCRConfigFile {
     param (
     )
     DynamicParam {
-        $ModuleRoot = (Get-Item -Path:($PSScriptRoot)).Parent.Parent.Parent.FullName
-        $configFilePath = Join-Path -Path $ModuleRoot -ChildPath 'Config.json'
+        # $ModuleRoot = (Get-Item -Path:($PSScriptRoot)).Parent.Parent.Parent.FullName
+        # $configFilePath = Join-Path -Path $ModuleRoot -ChildPath 'Config.json'
 
-        if (Test-Path -Path $configFilePath) {
-            $config = Get-Content -Path $configFilePath | ConvertFrom-Json
-            # Create the dictionary
-            $RuntimeParameterDictionary = New-Object System.Management.Automation.RuntimeDefinedParameterDictionary
-            # Foreach key in the supplied config file:
-            foreach ($key in $config.PSObject.Properties) {
-                foreach ($item in $config.($key.Name).PSObject.Properties) {
-                    # Skip create dynamic params for these not-writable properties:
-                    if (($config.($key.Name).($item.Name).Write -eq $false)) {
-                        continue
-                    }
-                    # Set the dynamic parameters' name
-                    # write-host "adding dynamic param: $key$($item) $($config[$key][$item]['value'].getType().Name)"
-                    $ParamName_Filter = "$($item.Name)"
-                    # Create the collection of attributes
-                    $AttributeCollection = New-Object System.Collections.ObjectModel.Collection[System.Attribute]
-                    # If ValidateSet is specificed in the config file, set the value here:
-                    if ($config.($key.Name).($item.Name).validateSet) {
-                        $arrSet = @($($config.($key.Name).($item.Name).'validateSet').split())
-                        $ValidateSetAttribute = New-Object System.Management.Automation.ValidateSetAttribute($arrSet)
-                        $AttributeCollection.Add($ValidateSetAttribute)
-                    }
-                    # If the type of value is a bool, create a custom validateSet attribute here:
-                    $paramType = $($config.($key.Name).($item.Name)).getType().Name
-                    if ($paramType -eq 'boolean') {
-                        $arrSet = @("true", "false")
-                        $ValidateSetAttribute = New-Object System.Management.Automation.ValidateSetAttribute($arrSet)
-                        $AttributeCollection.Add($ValidateSetAttribute)
-                    }
-                    # Create and set the parameters' attributes
-                    $ParameterAttribute = New-Object System.Management.Automation.ParameterAttribute
-                    $ParameterAttribute.Mandatory = $false
-                    $ParameterAttribute.HelpMessage = "sets the $($item) settings for the $($key) feature"
-                    # Add the attributes to the attributes collection
-                    $AttributeCollection.Add($ParameterAttribute)
-                    # Add the param
-                    $RuntimeParameter = New-Object System.Management.Automation.RuntimeDefinedParameter($ParamName_Filter, $paramType, $AttributeCollection)
-                    $RuntimeParameterDictionary.Add($ParamName_Filter, $RuntimeParameter)
-                }
+        # if (Test-Path -Path $configFilePath) {
+        $config = $module.PrivateData.config
+        # Create the dictionary
+        $RuntimeParameterDictionary = New-Object System.Management.Automation.RuntimeDefinedParameterDictionary
+        # Foreach key in the supplied config file:
+        foreach ($key in $config.keys) {
+            $setting = $config[$key]
+            # Skip create dynamic params for these not-writable properties:
+            if (($setting.Write -eq $false)) {
+                continue
             }
-            # Returns the dictionary
-            return $RuntimeParameterDictionary
+            # Set the dynamic parameters' name
+            # write-host "adding dynamic param: $key$($item) $($config[$key][$item]['value'].getType().Name)"
+            $ParamName_Filter = "$($key)"
+            # Create the collection of attributes
+            $AttributeCollection = New-Object System.Collections.ObjectModel.Collection[System.Attribute]
+
+            # Set the type of the parameter
+            $paramType = $setting.type
+
+            # Create and set the parameters' attributes
+            $ParameterAttribute = New-Object System.Management.Automation.ParameterAttribute
+            $ParameterAttribute.Mandatory = $false
+            $ParameterAttribute.HelpMessage = "sets the $($key) config for the module"
+            # Add the attributes to the attributes collection
+            $AttributeCollection.Add($ParameterAttribute)
+            # Add the param
+            $RuntimeParameter = New-Object System.Management.Automation.RuntimeDefinedParameter($ParamName_Filter, $paramType, $AttributeCollection)
+            $RuntimeParameterDictionary.Add($ParamName_Filter, $RuntimeParameter)
+
         }
+        # Returns the dictionary
+        return $RuntimeParameterDictionary
+        # }
     }
     begin {
-        if ($JCAPIKEY.length -ne 40) {
-            Connect-JCOnline -force | Out-Null
-        }
-
         # Config should be in /PowerShell/JumpCloudModule/Config.json
         $ModuleRoot = (Get-Item -Path:($PSScriptRoot)).Parent.Parent.Parent.FullName
         $configFilePath = Join-Path -Path $ModuleRoot -ChildPath 'Config.json'
+        # config should be loaded from the module
+        $config = $module.PrivateData.config
 
-        if (Test-Path -Path $configFilePath) {
-            $config = Get-Content -Path $configFilePath | ConvertFrom-Json
-        } else {
-            New-JCRConfigFile
-            $config = Get-Content -Path $configFilePath | ConvertFrom-Json
-        }
+        # if (-NOT $config) {
+
+        #     New-JCRConfigFile
+        # }
     }
 
     process {
         $params = $PSBoundParameters
         # update config settings
         foreach ($param in $params.Keys) {
-            foreach ($key in $config.PSObject.Properties) {
-                # assign the first group
-                $config.($($key.Name)).$param.value = $params[$param]
-            }
+            # assign the first group
+            $config[$param].value = $params[$param]
+
         }
     }
 
     end {
         # Write out the new settings
         $config | ConvertTo-Json | Out-File -FilePath $configFilePath
-        # Update Global Variable
-        $Global:JCConfig = Get-JCRConfigFile
+        # Update Module Config
+        Get-JCRConfig -FilePath $configFilePath
     }
 }
\ No newline at end of file
diff --git a/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1 b/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
index 5b8c07780..2c96b4a88 100644
--- a/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
+++ b/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
@@ -21,16 +21,16 @@ function Get-JCRGlobalVars {
             New-Item -ItemType Directory -Path "$JCScriptRoot/data"
         }
 
-        if (-Not $global:JCRConfig) {
-            $global:JCRConfig = Get-JCRConfigFile
+        if (-Not $Script:JCRConfig) {
+            $Script:JCRConfig = Get-JCRConfigFile
         }
 
         # get settings file
         if ($IsMacOS) {
-            $lastUpdateTimespan = New-TimeSpan -Start $global:JCRConfig.globalvars.lastupdate -End (Get-Date)
+            $lastUpdateTimespan = New-TimeSpan -Start $script:JCRConfig.globalvars.lastupdate -End (Get-Date)
         }
         if ($ifWindows) {
-            $lastUpdateTimespan = New-TimeSpan -Start $global:JCRConfig.globalvars.lastupdate.value -End (Get-Date)
+            $lastUpdateTimespan = New-TimeSpan -Start $script:JCRConfig.globalvars.lastupdate.value -End (Get-Date)
         }
         if ($lastUpdateTimespan.TotalHours -gt 24) {
             $update = $true
@@ -115,7 +115,7 @@ function Get-JCRGlobalVars {
                 $users = Get-DynamicHash -Object User -returnProperties email, employeeIdentifier, department, suspended, location, Addresses, manager, sudo, Displayname, username, systemUsername
                 # $users | ForEach-Object { $_ | Add-Member -name "userId" -value $_ -Type NoteProperty -force }
                 # Get Radius membership list:
-                $radiusMembers = Get-JcSdkUserGroupMember -GroupId $Global:JCR_USER_GROUP
+                $radiusMembers = Get-JcSdkUserGroupMember -GroupId $module.PrivateData.config['userGroup'].value
                 # add the username to the membership hash
                 $radiusMemberList = New-Object System.Collections.ArrayList
                 foreach ($member in $radiusMembers) {
diff --git a/scripts/automation/Radius/Functions/Public/Start-GenerateUserCerts.ps1 b/scripts/automation/Radius/Functions/Public/Start-GenerateUserCerts.ps1
index 6b05c2ad6..dea113c77 100644
--- a/scripts/automation/Radius/Functions/Public/Start-GenerateUserCerts.ps1
+++ b/scripts/automation/Radius/Functions/Public/Start-GenerateUserCerts.ps1
@@ -188,7 +188,7 @@ function Start-GenerateUserCerts {
                 # recalculate expiring certs:
                 $userCertInfo = Get-CertInfo -UserCerts
                 # Get expiring certs:
-                $Global:expiringCerts = Get-ExpiringCertInfo -certInfo $userCertInfo -cutoffDate $Global:JCR_USER_CERT_EXPIRE_WARNING_DAYS
+                $Global:expiringCerts = Get-ExpiringCertInfo -certInfo $userCertInfo -cutoffDate $module.PrivateData.config['certExpirationWarningDays'].value
                 for ($i = 0; $i -lt $ExpiringCerts.Count; $i++) {
                     $userCert = $ExpiringCerts[$i]
                     <# Action that will repeat until the condition is met #>
@@ -200,7 +200,7 @@ function Start-GenerateUserCerts {
                     # recalculate expiring certs:
                     $userCertInfo = Get-CertInfo -UserCerts
                 }
-                $Global:expiringCerts = Get-ExpiringCertInfo -certInfo $userCertInfo -cutoffDate $Global:JCR_USER_CERT_EXPIRE_WARNING_DAYS
+                $Global:expiringCerts = Get-ExpiringCertInfo -certInfo $userCertInfo -cutoffDate $module.PrivateData.config['certExpirationWarningDays'].value
                 switch ($PSCmdlet.ParameterSetName) {
                     'gui' {
                         Show-StatusMessage -Message "Finished Generating Certificates"
diff --git a/scripts/automation/Radius/Functions/Public/Start-RadiusDeployment.ps1 b/scripts/automation/Radius/Functions/Public/Start-RadiusDeployment.ps1
index 215254998..c10dc7fae 100644
--- a/scripts/automation/Radius/Functions/Public/Start-RadiusDeployment.ps1
+++ b/scripts/automation/Radius/Functions/Public/Start-RadiusDeployment.ps1
@@ -1,24 +1,12 @@
 function Start-RadiusDeployment {
-
     # Import Global Config:
     Write-Verbose 'Verifying JCAPI Key'
     if ($JCAPIKEY.length -ne 40) {
         Connect-JCOnline -force
     }
-    . "$psscriptroot/Config.ps1"
-
-    ################################################################################
-    # Do not modify below
-    ################################################################################
-    # set script root
-    #TODO: move to global functions
-    # $global:JCScriptRoot = $PSScriptRoot
-
-    # Import the functions
-    # Import-Module "$JCScriptRoot/JumpCloud.Radius.psm1" -DisableNameChecking -Force
 
-    # Check for Module Updates
-    # Update-JCRModule
+    # validate the setting from the module have been set
+    Confirm-JCRConfigFile -ErrorAction stop
 
     # Show user selection
     do {
diff --git a/scripts/automation/Radius/JumpCloud.Radius.psd1 b/scripts/automation/Radius/JumpCloud.Radius.psd1
index 1922f13a4..6c9dc9e60 100644
--- a/scripts/automation/Radius/JumpCloud.Radius.psd1
+++ b/scripts/automation/Radius/JumpCloud.Radius.psd1
@@ -3,7 +3,7 @@
 #
 # Generated by: jworkman
 #
-# Generated on: 1/5/2024
+# Generated on: 3/31/2025
 #
 
 @{
@@ -69,8 +69,10 @@
     # NestedModules = @()
 
     # Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export.
-    FunctionsToExport = 'Start-DeployUserCerts', 'Start-GenerateRootCert',
-    'Start-GenerateUserCerts', 'Start-MonitorCertDeployment', 'Get-JCRGlobalVars', 'Get-JCRCertReport', 'Start-RadiusDeployment', 'Update-JCRModule'
+    FunctionsToExport = 'Get-JCRCertReport', 'Get-JCRGlobalVars', 'Start-DeployUserCerts',
+    'Start-GenerateRootCert', 'Start-GenerateUserCerts',
+    'Start-MonitorCertDeployment', 'Start-RadiusDeployment',
+    'Set-JCRConfigFile', 'Update-JCRModule'
 
     # Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export.
     CmdletsToExport   = @()
diff --git a/scripts/automation/Radius/JumpCloud.Radius.psm1 b/scripts/automation/Radius/JumpCloud.Radius.psm1
index 91b074753..e7b23bf8d 100644
--- a/scripts/automation/Radius/JumpCloud.Radius.psm1
+++ b/scripts/automation/Radius/JumpCloud.Radius.psm1
@@ -23,11 +23,6 @@ Foreach ($Import in $Public) {
 # set script root:
 $global:JCScriptRoot = "$PSScriptRoot"
 
-# # import config:
-# . "$JCScriptRoot/Config.ps1"
-# try to get the settings file, create new one if it does not exist:
-$global:JCRConfig = Get-JCRSettingsFile
-
 # from the settings file we should have a location for the certs and user certs
 
 # if the Certs / UserCerts directories do not exist, create them
@@ -43,3 +38,143 @@ if (-Not (Test-Path -Path "$JCScriptRoot/UserCerts" -PathType Container)) {
 # Get-JCRGlobalVars
 # Export module member
 Export-ModuleMember -Function $Public.BaseName -Alias *
+
+# Set the module config
+$Module.PrivateData.config = @{
+    'userGroup'                         = @{
+        value       = $null;
+        write       = $true;
+        copy        = $true;
+        required    = $true;
+        placeholder = '<UserGroupID>';
+        type        = 'string'
+    }
+    'certSecretPass'                    = @{
+        value       = $null;
+        write       = $true;
+        copy        = $true;
+        required    = $true;
+        placeholder = '<CertPassword>';
+        type        = 'string'
+    }
+    'userCertValidityDays'              = @{
+        value       = 365;
+        write       = $true;
+        copy        = $true;
+        required    = $true;
+        placeholder = '<365>';
+        type        = 'int'
+    }
+    'caCertValidityDays'                = @{
+        value       = 1095;
+        write       = $true;
+        copy        = $true;
+        required    = $true;
+        placeholder = '<1095>';
+        type        = 'int'
+    }
+    'certExpirationWarningDays'         = @{
+        value       = 15;
+        write       = $true;
+        copy        = $true;
+        required    = $true;
+        placeholder = '<15>';
+        type        = 'int'
+    }
+    'networkSSID'                       = @{
+        value       = $null;
+        write       = $true;
+        copy        = $true;
+        required    = $true;
+        placeholder = '<networkSSID>';
+        type        = 'string'
+    }
+    'certSubjectHeaderCountryCode'      = @{
+        value       = $null;
+        write       = $true;
+        copy        = $true;
+        required    = $true;
+        placeholder = '<US>';
+        type        = 'string'
+    }
+    'certSubjectHeaderStateCode'        = @{
+        value       = $null;
+        write       = $true;
+        copy        = $true;
+        required    = $true;
+        placeholder = '<CO>';
+        type        = 'string'
+    }
+    'certSubjectHeaderLocality'         = @{
+        value       = $null;
+        write       = $true;
+        copy        = $true;
+        required    = $true;
+        placeholder = '<Boulder>';
+        type        = 'string'
+    }
+    'certSubjectHeaderOrganization'     = @{
+        value       = $null;
+        write       = $true;
+        copy        = $true;
+        required    = $true;
+        placeholder = '<JumpCloud>';
+        type        = 'string'
+    }
+    'certSubjectHeaderOrganizationUnit' = @{
+        value       = $null;
+        write       = $true;
+        copy        = $true;
+        required    = $true;
+        placeholder = '<Customer_Tools>';
+        type        = 'string'
+    }
+    'certSubjectHeaderCommonName'       = @{
+        value       = $null;
+        write       = $true;
+        copy        = $true;
+        required    = $true;
+        placeholder = '<JumpCloud.com>';
+        type        = 'string'
+    }
+    'certType'                          = @{
+        value       = $null;
+        write       = $true;
+        copy        = $true;
+        required    = $true;
+        placeholder = '<EmailSAN/EmailDN/UsernameCn>';
+        type        = 'string'
+    }
+    'radiusDirectory'                   = @{
+        value       = $null;
+        write       = $true;
+        copy        = $true;
+        required    = $true;
+        placeholder = '<Path/To/radiusDirectory>';
+        type        = 'string'
+    }
+    'lastUpdate'                        = @{
+        value       = $null;
+        write       = $true;
+        copy        = $true;
+        required    = $false;
+        placeholder = $null;
+        type        = 'string'
+    }
+}
+
+# Set the module non-configurable settings
+$Module.PrivateData.settings = @{
+    'userAgent' = Get-JCRUserAgent
+}
+
+# From the saved config file, get the settings and set them in the module
+Get-JCRConfig -FilePath "$JCScriptRoot/Config.json"
+
+# validate the config settings
+Confirm-JCRConfigFile -loadModule
+
+# print the config:
+# foreach ($item in $module.PrivateData.config.keys) {
+#     write-host "$item | $($module.PrivateData.config[$($item)].value)"
+# }
\ No newline at end of file
diff --git a/scripts/automation/Radius/Tests/Public/Get-JCRGlobalVars.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Get-JCRGlobalVars.Tests.ps1
index a740cccfc..aaf785042 100644
--- a/scripts/automation/Radius/Tests/Public/Get-JCRGlobalVars.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Get-JCRGlobalVars.Tests.ps1
@@ -205,7 +205,7 @@ Describe "Get Global Variable Data Tests" -Tag "Cache" {
             # get the RadiusMembers.json before
             # get the user.json file before
             # add a user to the radius Group
-            Add-JCUserGroupMember -GroupID $Global:JCR_USER_GROUP -UserID $user.id
+            Add-JCUserGroupMember -GroupID $module.PrivateData.config['userGroup'].value -UserID $user.id
             Start-Sleep 1
             # update the cache forcefully
             Get-JCRGlobalVars -force -skipAssociation -associateManually
@@ -225,7 +225,7 @@ Describe "Get Global Variable Data Tests" -Tag "Cache" {
             # get the RadiusMembers.json before
             # get the user.json file before
             # add a user to the radius Group
-            Remove-JCUserGroupMember -GroupID $Global:JCR_USER_GROUP -UserID $user.id
+            Remove-JCUserGroupMember -GroupID $module.PrivateData.config['userGroup'].value -UserID $user.id
             Start-Sleep 1
             # update the cache forcefully
             Get-JCRGlobalVars -force -skipAssociation -associateManually
diff --git a/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
index c4a04f38a..f9685f394 100644
--- a/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
@@ -58,9 +58,9 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
             Write-Warning "$($user.username) created with id: $($user.id))"
             $dateBefore = (Get-Date).ToString('MM/dd/yyyy HH:mm:ss')
 
-            Write-Warning "Add $($user.username) to radius Group with id: $($Global:JCR_USER_GROUP)"
-            Add-JCUserGroupMember -GroupID $Global:JCR_USER_GROUP -UserID $user.id
-            $userMembers = Get-jcusergroupmember -byid $Global:JCR_USER_GROUP
+            Write-Warning "Add $($user.username) to radius Group with id: $($module.PrivateData.config['userGroup'].value)"
+            Add-JCUserGroupMember -GroupID $module.PrivateData.config['userGroup'].value -UserID $user.id
+            $userMembers = Get-jcusergroupmember -byid $module.PrivateData.config['userGroup'].value
 
             foreach ($member in $userMembers) {
                 Write-Warning "$($member.username) is in the $($member.GroupName) Group"
@@ -134,7 +134,7 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
             $user = New-RandomUser -Domain "pesterRadius" | New-JCUser
             $dateBefore = (Get-Date).ToString('MM/dd/yyyy HH:mm:ss')
             # add user to membership group
-            Add-JCUserGroupMember -GroupID $Global:JCR_USER_GROUP -UserID $user.id
+            Add-JCUserGroupMember -GroupID $module.PrivateData.config['userGroup'].value -UserID $user.id
             # get random system
             $system = Get-JCSystem -os windows | Get-Random -Count 1
             Add-JCSystemUser -UserID $user.id -SystemID $system.id
@@ -163,7 +163,7 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
             $user = New-RandomUser -Domain "pesterRadius" | New-JCUser
             $dateBefore = (Get-Date).ToString('MM/dd/yyyy HH:mm:ss')
             # add user to membership group
-            Add-JCUserGroupMember -GroupID $Global:JCR_USER_GROUP -UserID $user.id
+            Add-JCUserGroupMember -GroupID $module.PrivateData.config['userGroup'].value -UserID $user.id
             # get random system
             $system = Get-JCSystem -os windows | Get-Random -Count 1
             Add-JCSystemUser -UserID $user.id -SystemID $system.id
@@ -219,7 +219,7 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
             $configPath = "$JCScriptRoot/Config.ps1"
             $content = Get-Content -path $configPath
             # set the user cert validity to just 10 days
-            $content -replace ('\$Global:JCR_CERT_TYPE = *.+', '$Global:JCR_CERT_TYPE = "EmailSAN"') | Set-Content -Path $configPath
+            Set-JCRConfigFile -certType "EmailSAN"
             # Get Cert Before
             $CertInfoBefore = Get-CertInfo -UserCerts -username $certTypeUser.username
             # Generate the user cert:
@@ -253,7 +253,7 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
             $configPath = "$JCScriptRoot/Config.ps1"
             $content = Get-Content -path $configPath
             # set the cert type
-            $content -replace ('\$Global:JCR_CERT_TYPE = *.+', '$Global:JCR_CERT_TYPE = "EmailDN"') | Set-Content -Path $configPath
+            Set-JCRConfigFile -certType "EmailDN"
             # Get Cert Before
             $CertInfoBefore = Get-CertInfo -UserCerts -username $certTypeUser.username
             # Generate the user cert:
@@ -283,7 +283,7 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
             $configPath = "$JCScriptRoot/Config.ps1"
             $content = Get-Content -path $configPath
             # set the cert type
-            $content -replace ('\$Global:JCR_CERT_TYPE = *.+', '$Global:JCR_CERT_TYPE = "UsernameCn"') | Set-Content -Path $configPath
+            Set-JCRConfigFile -certType "usernameCn"
             # Get Cert Before
             $CertInfoBefore = Get-CertInfo -UserCerts -username $certTypeUser.username
             # Generate the user cert:
@@ -314,7 +314,7 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
             $configPath = "$JCScriptRoot/Config.ps1"
             $content = Get-Content -path $configPath
             # set the cert type
-            $content -replace ('\$Global:JCR_CERT_TYPE = *.+', '$Global:JCR_CERT_TYPE = "UsernameCn"') | Set-Content -Path $configPath
+            Set-JCRConfigFile -certType "usernameCn"
         }
     }
     Context 'Duplicate Command / Command Result Tests' {
@@ -323,7 +323,7 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
             $user = New-RandomUser -Domain "pesterRadius" | New-JCUser
             $dateBefore = (Get-Date).ToString('MM/dd/yyyy HH:mm:ss')
             # add user to membership group
-            Add-JCUserGroupMember -GroupID $Global:JCR_USER_GROUP -UserID $user.id
+            Add-JCUserGroupMember -GroupID $module.PrivateData.config['userGroup'].value -UserID $user.id
             # get random system
             $windowsSystem = Get-JCSystem -os windows | Get-Random -Count 1
             $macSystem = Get-JCSystem -os "Mac OS X" | Get-Random -Count 1
@@ -576,7 +576,7 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
             $user = New-RandomUser -Domain "pesterRadius" | New-JCUser
             $dateBefore = (Get-Date).ToString('MM/dd/yyyy HH:mm:ss')
             # add user to membership group
-            Add-JCUserGroupMember -GroupID $Global:JCR_USER_GROUP -UserID $user.id
+            Add-JCUserGroupMember -GroupID $module.PrivateData.config['userGroup'].value -UserID $user.id
             # get random system
             $windowsSystem = Get-JCSystem -os windows | Get-Random -Count 1
             $macSystem = Get-JCSystem -os "Mac OS X" | Get-Random -Count 1
@@ -718,7 +718,7 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
             # get the before date
             $dateBefore = (Get-Date).ToString('MM/dd/yyyy HH:mm:ss')
             # add user to membership group
-            Add-JCUserGroupMember -GroupID $Global:JCR_USER_GROUP -UserID $user.id
+            Add-JCUserGroupMember -GroupID $module.PrivateData.config['userGroup'].value -UserID $user.id
             # get random system
             $windowsSystem = Get-JCSystem -os windows | Get-Random -Count 1
             $macSystem = Get-JCSystem -os "Mac OS X" | Get-Random -Count 1
@@ -758,7 +758,7 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
             # get the before date
             $dateBefore = (Get-Date).ToString('MM/dd/yyyy HH:mm:ss')
             # add user to membership group
-            Add-JCUserGroupMember -GroupID $Global:JCR_USER_GROUP -UserID $user.id
+            Add-JCUserGroupMember -GroupID $module.PrivateData.config['userGroup'].value -UserID $user.id
             # get random system
             $windowsSystem = Get-JCSystem -os windows | Get-Random -Count 1
             $macSystem = Get-JCSystem -os "Mac OS X" | Get-Random -Count 1
diff --git a/scripts/automation/Radius/Tests/Public/Start-GenerateRootCert.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Start-GenerateRootCert.Tests.ps1
index 216fac77c..8ae510e80 100644
--- a/scripts/automation/Radius/Tests/Public/Start-GenerateRootCert.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Start-GenerateRootCert.Tests.ps1
@@ -21,12 +21,12 @@ Describe "Generate Root Certificate Tests" -Tag "GenerateRootCert" {
             #validate the subject matches what's defined in config:
             $CA_subject = Invoke-Expression "$JCR_OPENSSL x509 -noout -in $JCScriptRoot/Cert/radius_ca_cert.pem -subject"
             $CA_subject = $CA_subject.split("subject=").split(",")
-            ($CA_subject | Where-Object { $_ -match "C=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.countryCode
-            ($CA_subject | Where-Object { $_ -match "ST=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.stateCode
-            ($CA_subject | Where-Object { $_ -match "L=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.Locality
-            ($CA_subject | Where-Object { $_ -match "O=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.Organization
-            ($CA_subject | Where-Object { $_ -match "OU=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.OrganizationUnit
-            ($CA_subject | Where-Object { $_ -match "CN=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.CommonName
+            ($CA_subject | Where-Object { $_ -match "C=" }) | Should -Match $module.PrivateData.config['certSubjectHeaderCountryCode'].value
+            ($CA_subject | Where-Object { $_ -match "ST=" }) | Should -Match $module.PrivateData.config['certSubjectHeaderStateCode'].value
+            ($CA_subject | Where-Object { $_ -match "L=" }) | Should -Match $module.PrivateData.config['certSubjectHeaderLocality'].value
+            ($CA_subject | Where-Object { $_ -match "O=" }) | Should -Match $module.PrivateData.config['certSubjectHeaderOrganization'].value
+            ($CA_subject | Where-Object { $_ -match "OU=" }) | Should -Match $module.PrivateData.config['certSubjectHeaderOrganizationUnit'].value
+            ($CA_subject | Where-Object { $_ -match "CN=" }) | Should -Match $module.PrivateData.config['certSubjectHeaderCommonName'].value
         }
     }
 
@@ -57,12 +57,12 @@ Describe "Generate Root Certificate Tests" -Tag "GenerateRootCert" {
             #validate the subject matches what's defined in config:
             $CA_subject = Invoke-Expression "$JCR_OPENSSL x509 -noout -in $JCScriptRoot/Cert/radius_ca_cert.pem -subject"
             $CA_subject = $CA_subject.split("subject=").split(",")
-            ($CA_subject | Where-Object { $_ -match "C=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.countryCode
-            ($CA_subject | Where-Object { $_ -match "ST=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.stateCode
-            ($CA_subject | Where-Object { $_ -match "L=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.Locality
-            ($CA_subject | Where-Object { $_ -match "O=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.Organization
-            ($CA_subject | Where-Object { $_ -match "OU=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.OrganizationUnit
-            ($CA_subject | Where-Object { $_ -match "CN=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.CommonName
+            ($CA_subject | Where-Object { $_ -match "C=" }) | Should -Match $module.PrivateData.config['certSubjectHeaderCountryCode'].value
+            ($CA_subject | Where-Object { $_ -match "ST=" }) | Should -Match $module.PrivateData.config['certSubjectHeaderStateCode'].value
+            ($CA_subject | Where-Object { $_ -match "L=" }) | Should -Match $module.PrivateData.config['certSubjectHeaderLocality'].value
+            ($CA_subject | Where-Object { $_ -match "O=" }) | Should -Match $module.PrivateData.config['certSubjectHeaderOrganization'].value
+            ($CA_subject | Where-Object { $_ -match "OU=" }) | Should -Match $module.PrivateData.config['certSubjectHeaderOrganizationUnit'].value
+            ($CA_subject | Where-Object { $_ -match "CN=" }) | Should -Match $module.PrivateData.config['certSubjectHeaderCommonName'].value
         }
     }
 
@@ -91,12 +91,12 @@ Describe "Generate Root Certificate Tests" -Tag "GenerateRootCert" {
             #validate the subject matches what's defined in config:
             $CA_subject = Invoke-Expression "$JCR_OPENSSL x509 -noout -in $JCScriptRoot/Cert/radius_ca_cert.pem -subject"
             $CA_subject = $CA_subject.split("subject=").split(",")
-            ($CA_subject | Where-Object { $_ -match "C=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.countryCode
-            ($CA_subject | Where-Object { $_ -match "ST=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.stateCode
-            ($CA_subject | Where-Object { $_ -match "L=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.Locality
-            ($CA_subject | Where-Object { $_ -match "O=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.Organization
-            ($CA_subject | Where-Object { $_ -match "OU=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.OrganizationUnit
-            ($CA_subject | Where-Object { $_ -match "CN=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.CommonName
+            ($CA_subject | Where-Object { $_ -match "C=" }) | Should -Match $module.PrivateData.config['certSubjectHeaderCountryCode'].value
+            ($CA_subject | Where-Object { $_ -match "ST=" }) | Should -Match $module.PrivateData.config['certSubjectHeaderStateCode'].value
+            ($CA_subject | Where-Object { $_ -match "L=" }) | Should -Match $module.PrivateData.config['certSubjectHeaderLocality'].value
+            ($CA_subject | Where-Object { $_ -match "O=" }) | Should -Match $module.PrivateData.config['certSubjectHeaderOrganization'].value
+            ($CA_subject | Where-Object { $_ -match "OU=" }) | Should -Match $module.PrivateData.config['certSubjectHeaderOrganizationUnit'].value
+            ($CA_subject | Where-Object { $_ -match "CN=" }) | Should -Match $module.PrivateData.config['certSubjectHeaderCommonName'].value
         }
 
     }
@@ -125,12 +125,12 @@ Describe "Generate Root Certificate Tests" -Tag "GenerateRootCert" {
             #validate the subject matches what's defined in config:
             $CA_subject = Invoke-Expression "$JCR_OPENSSL x509 -noout -in $JCScriptRoot/Cert/radius_ca_cert.pem -subject"
             $CA_subject = $CA_subject.split("subject=").split(",")
-            ($CA_subject | Where-Object { $_ -match "C=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.countryCode
-            ($CA_subject | Where-Object { $_ -match "ST=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.stateCode
-            ($CA_subject | Where-Object { $_ -match "L=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.Locality
-            ($CA_subject | Where-Object { $_ -match "O=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.Organization
-            ($CA_subject | Where-Object { $_ -match "OU=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.OrganizationUnit
-            ($CA_subject | Where-Object { $_ -match "CN=" }) | Should -Match $Global:JCR_SUBJECT_HEADERS.CommonName
+            ($CA_subject | Where-Object { $_ -match "C=" }) | Should -Match $module.PrivateData.config['certSubjectHeaderCountryCode'].value
+            ($CA_subject | Where-Object { $_ -match "ST=" }) | Should -Match $module.PrivateData.config['certSubjectHeaderStateCode'].value
+            ($CA_subject | Where-Object { $_ -match "L=" }) | Should -Match $module.PrivateData.config['certSubjectHeaderLocality'].value
+            ($CA_subject | Where-Object { $_ -match "O=" }) | Should -Match $module.PrivateData.config['certSubjectHeaderOrganization'].value
+            ($CA_subject | Where-Object { $_ -match "OU=" }) | Should -Match $module.PrivateData.config['certSubjectHeaderOrganizationUnit'].value
+            ($CA_subject | Where-Object { $_ -match "CN=" }) | Should -Match $module.PrivateData.config['certSubjectHeaderCommonName'].value
         }
 
     }
diff --git a/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1
index 66b7c717c..0cf2ac868 100644
--- a/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1
@@ -42,7 +42,7 @@ Describe 'Generate User Cert Tests' -Tag "GenerateUserCerts" {
             # create a new user
             $user = New-RandomUser -Domain "pesterRadius" | New-JCUser
             # add a user to the radius Group
-            Add-JCUserGroupMember -GroupID $Global:JCR_USER_GROUP -UserID $user.id
+            Add-JCUserGroupMember -GroupID $module.PrivateData.config['userGroup'].value -UserID $user.id
             # Get the certs before
             $certsBefore = Get-ChildItem -Path "$JCScriptRoot/UserCerts"
             # wait one moment
@@ -67,7 +67,7 @@ Describe 'Generate User Cert Tests' -Tag "GenerateUserCerts" {
             $UserCerts.fullname | Where-Object { $_ -match ".crt" } | Should -Exist
             $UserCerts.fullname | Where-Object { $_ -match ".key" } | Should -Exist
             # cleanup
-            Remove-JCUserGroupMember -GroupID $Global:JCR_USER_GROUP -UserID $user.id
+            Remove-JCUserGroupMember -GroupID $module.PrivateData.config['userGroup'].value -UserID $user.id
             # update cache
             Get-JCRGlobalVars -force -skipAssociation
             # wait just one moment before testing membership since we are writing a file
@@ -86,7 +86,7 @@ Describe 'Generate User Cert Tests' -Tag "GenerateUserCerts" {
             $configPath = "$JCScriptRoot/Config.ps1"
             $content = Get-Content -Path $configPath
             # set the user cert validity to just 10 days
-            $content -replace ('\$Global:JCR_USER_CERT_VALIDITY_DAYS = *.+', '$Global:JCR_USER_CERT_VALIDITY_DAYS = 10') | Set-Content -Path $configPath
+            Set-JCRConfigFile -caCertValidityDays 10
 
             # update cache
             Get-JCRGlobalVars -force -skipAssociation
@@ -101,7 +101,7 @@ Describe 'Generate User Cert Tests' -Tag "GenerateUserCerts" {
             $userCertInfo = Get-CertInfo -UserCerts
             # Determine cut off date for expiring certs
             # Find all certs that will expire between current date and cut off date
-            $Global:expiringCerts = Get-ExpiringCertInfo -certInfo $userCertInfo -cutoffDate $Global:JCR_USER_CERT_EXPIRE_WARNING_DAYS
+            $Global:expiringCerts = Get-ExpiringCertInfo -certInfo $userCertInfo -cutoffDate $module.PrivateData.config['certExpirationWarningDays'].value
 
         }
         It 'Certs that are set to expire soon can be updated programmatically' {
@@ -110,7 +110,7 @@ Describe 'Generate User Cert Tests' -Tag "GenerateUserCerts" {
             # reset the validity counter
             $content = Get-Content -Path $configPath
             # set the user cert validity to 90 days
-            $content -replace ('\$Global:JCR_USER_CERT_VALIDITY_DAYS = *.+', '$Global:JCR_USER_CERT_VALIDITY_DAYS = 90') | Set-Content -Path $configPath
+            Set-JCRConfigFile -caCertValidityDays 90
             # Get the certs before generation minus the .zip if it exists
             $certsBefore = Get-ChildItem -Path "$JCScriptRoot/UserCerts" -Filter "$($RandomUsername)*" -Exclude "*.zip"
             # get the date before
@@ -120,7 +120,7 @@ Describe 'Generate User Cert Tests' -Tag "GenerateUserCerts" {
             Start-GenerateUserCerts -type ExpiringSoon -forceReplaceCerts
             # Update Global Expiring list:
             $userCertInfo = Get-CertInfo -UserCerts
-            $Global:expiringCerts = Get-ExpiringCertInfo -certInfo $userCertInfo -cutoffDate $Global:JCR_USER_CERT_EXPIRE_WARNING_DAYS
+            $Global:expiringCerts = Get-ExpiringCertInfo -certInfo $userCertInfo -cutoffDate $module.PrivateData.config['certExpirationWarningDays'].value
             # there should be no more certs left in the expiring cert var
             $Global:expiringCerts | Should -BeNullOrEmpty
             # Get the certs after generation minus the .zip if it exists
@@ -142,7 +142,7 @@ Describe 'Generate User Cert Tests' -Tag "GenerateUserCerts" {
             # reset the validity counter
             $content = Get-Content -Path $configPath
             # set the user cert validity to 90 days
-            $content -replace ('\$Global:JCR_USER_CERT_VALIDITY_DAYS = *.+', '$Global:JCR_USER_CERT_VALIDITY_DAYS = 90') | Set-Content -Path $configPath
+            Set-JCRConfigFile -caCertValidityDays 90
         }
 
 
@@ -167,7 +167,7 @@ Describe 'Generate User Cert Tests' -Tag "GenerateUserCerts" {
             # update the user
             $response = Invoke-RestMethod -Uri "https://console.jumpcloud.com/api/systemusers/$($user.id)" -Method PUT -Headers $headers -ContentType 'application/json' -Body $body
             # add a user to the radius Group
-            Add-JCUserGroupMember -GroupID $Global:JCR_USER_GROUP -UserID $user.id
+            Add-JCUserGroupMember -GroupID $module.PrivateData.config['userGroup'].value -UserID $user.id
             # Get the certs before
             $certsBefore = Get-ChildItem -Path "$JCScriptRoot/UserCerts"
             # wait one moment
@@ -199,7 +199,7 @@ Describe 'Generate User Cert Tests' -Tag "GenerateUserCerts" {
             # manually update the user with a hyphen in their username
             $user = Set-JcSdkUser -Id $($user.id) -Username "$($user.username)-$($user.username)"
             # add a user to the radius Group
-            Add-JCUserGroupMember -GroupID $Global:JCR_USER_GROUP -UserID $user.id
+            Add-JCUserGroupMember -GroupID $module.PrivateData.config['userGroup'].value -UserID $user.id
             # Get the certs before
             $certsBefore = Get-ChildItem -Path "$JCScriptRoot/UserCerts"
             # wait one moment
@@ -227,7 +227,7 @@ Describe 'Generate User Cert Tests' -Tag "GenerateUserCerts" {
         }
         AfterEach {
             # cleanup
-            Remove-JCUserGroupMember -GroupID $Global:JCR_USER_GROUP -UserID $user.id
+            Remove-JCUserGroupMember -GroupID $module.PrivateData.config['userGroup'].value -UserID $user.id
             # update cache
             Get-JCRGlobalVars -force -skipAssociation
             # wait just one moment before testing membership since we are writing a file
@@ -241,16 +241,16 @@ Describe 'Generate User Cert Tests' -Tag "GenerateUserCerts" {
     Context 'Certs generated when userGroup only contains 1 user' {
         BeforeAll {
             # Save users in userGroup to variable for later
-            $RadiusMembers = Get-JCUserGroupMember -ByID $Global:JCR_USER_GROUP
+            $RadiusMembers = Get-JCUserGroupMember -ByID $module.PrivateData.config['userGroup'].value
 
             # Remove all members from UserGroup
             $RadiusMembers | ForEach-Object {
-                $userRemoval = Remove-JCUserGroupMember -GroupID $Global:JCR_USER_GROUP -UserID $_.UserID
+                $userRemoval = Remove-JCUserGroupMember -GroupID $module.PrivateData.config['userGroup'].value -UserID $_.UserID
             }
 
             # Add One Member back to the Group
             $SingleUser = $RadiusMembers | Select-Object -First 1
-            $userAdd = Add-JCUserGroupMember -GroupID $Global:JCR_USER_GROUP -UserID $SingleUser.UserID
+            $userAdd = Add-JCUserGroupMember -GroupID $module.PrivateData.config['userGroup'].value -UserID $SingleUser.UserID
         }
         It "When the Radius UserGroup only contains 1 user, the generation functions will not error" {
             # update the cache
@@ -270,10 +270,10 @@ Describe 'Generate User Cert Tests' -Tag "GenerateUserCerts" {
         }
         AfterAll {
             # Remove the single User
-            $userRemoval = Remove-JCUserGroupMember -GroupID $Global:JCR_USER_GROUP -UserID $SingleUser.UserID
+            $userRemoval = Remove-JCUserGroupMember -GroupID $module.PrivateData.config['userGroup'].value -UserID $SingleUser.UserID
 
             # Add original members back to the UserGroup
-            $userAdd = $RadiusMembers | ForEach-Object { Add-JCUserGroupMember -GroupID $Global:JCR_USER_GROUP -UserID $_.UserID }
+            $userAdd = $RadiusMembers | ForEach-Object { Add-JCUserGroupMember -GroupID $module.PrivateData.config['userGroup'].value -UserID $_.UserID }
 
             # update cache
             Get-JCRGlobalVars -force -skipAssociation
diff --git a/scripts/automation/Radius/Tests/SetupRadiusOrg.ps1 b/scripts/automation/Radius/Tests/SetupRadiusOrg.ps1
index 41be97310..e15f8baac 100644
--- a/scripts/automation/Radius/Tests/SetupRadiusOrg.ps1
+++ b/scripts/automation/Radius/Tests/SetupRadiusOrg.ps1
@@ -57,7 +57,7 @@ $configPath = Resolve-Path -Path "$PSScriptRoot/../Config.ps1"
 write-warning $configPath
 $configContent = Get-Content -path $configPath
 # Update the userGroupID:
-$configContent -replace ('\$Global:JCR_USER_GROUP = *.+', "`$Global:JCR_USER_GROUP = `"$($radiusUserGroup.id)`"") | Set-Content -Path $configPath
+$configContent -replace ('\$module.PrivateData.config['userGroup'].value = *.+', "`$module.PrivateData.config['userGroup'].value = `"$($radiusUserGroup.id)`"") | Set-Content -Path $configPath
 # update the openSSL path:
 if ($IsMacOS) {
     $brewList = brew list openssl@3
diff --git a/scripts/automation/Radius/multi_group_radius.ps1 b/scripts/automation/Radius/multi_group_radius.ps1
index d315da3bd..16876789b 100644
--- a/scripts/automation/Radius/multi_group_radius.ps1
+++ b/scripts/automation/Radius/multi_group_radius.ps1
@@ -86,7 +86,7 @@ foreach ($radiusGroup in $radiusUserGroups) {
     # set the contents of the config for each user groupID
     $configContent = Get-Content -path $configPath
     # Update the userGroupID:
-    $configContent -replace ('\$Global:JCR_USER_GROUP = *.+', "`$Global:JCR_USER_GROUP = `"$($radiusGroup.values)`"") | Set-Content -Path $configPath
+    Set-JCRConfigFile -userGroup $radiusGroup.values
     # remove the radius members data file:
     if (Test-Path -Path $dataFilePath) {
         Remove-Item $dataFilePath -Force

From c37f2190a07a828967d88e3ec99844db45dfed23 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Tue, 1 Apr 2025 18:23:47 -0600
Subject: [PATCH 214/346] update Build-HelpFiles files from main branch

---
 PowerShell/Deploy/Build-HelpFiles.ps1 | 84 ++++++++++++++++++++++++++-
 1 file changed, 83 insertions(+), 1 deletion(-)

diff --git a/PowerShell/Deploy/Build-HelpFiles.ps1 b/PowerShell/Deploy/Build-HelpFiles.ps1
index b04028496..5bce8cffe 100755
--- a/PowerShell/Deploy/Build-HelpFiles.ps1
+++ b/PowerShell/Deploy/Build-HelpFiles.ps1
@@ -2,9 +2,59 @@ Param(
     [Parameter(Mandatory = $true, ValueFromPipelineByPropertyName = $true, HelpMessage = 'Name of module')][ValidateNotNullOrEmpty()][System.String]$ModuleName = 'JumpCloud'
     , [Parameter(Mandatory = $true, ValueFromPipelineByPropertyName = $true, HelpMessage = 'Path to module root')][ValidateNotNullOrEmpty()][System.String]$ModulePath = './PowerShell/JumpCloud Module' # $PSScriptRoot
     , [Parameter(Mandatory = $false, ValueFromPipelineByPropertyName = $true, HelpMessage = 'Which parameter set to be used for New-MarkdownHelp')][ValidateNotNullOrEmpty()][ValidateSet('FromCommand', 'FromModule')][System.String]$NewMarkdownHelpParamSet = 'FromCommand'
-    , [Parameter(Mandatory = $false, ValueFromPipelineByPropertyName = $true, HelpMessage = 'Language locale')][ValidateNotNullOrEmpty()][System.String]$Locale = 'en-US'
+    , [Parameter(Mandatory = $false, ValueFromPipelineByPropertyName = $true, HelpMessage = 'Language locale')][ValidateNotNullOrEmpty()][System.String]$Locale = 'en-Us'
     , [Parameter(Mandatory = $false, ValueFromPipelineByPropertyName = $true, HelpMessage = 'For adding comment based help')][ValidateNotNullOrEmpty()][System.Boolean]$AddCommentBasedHelp = $false
 )
+# modified from source: https://github.com/PowerShell/platyPS/issues/595#issuecomment-1820971702
+function Remove-CommonParameterFromMarkdown {
+    <#
+        .SYNOPSIS
+            Remove a PlatyPS generated parameter block.
+
+        .DESCRIPTION
+            Removes parameter block for the provided parameter name from the markdown file provided.
+
+    #>
+    param(
+        [Parameter(Mandatory)]
+        [string[]]
+        $Path,
+
+        [Parameter(Mandatory = $false)]
+        [string[]]
+        $ParameterName = @('ProgressAction')
+    )
+    $ErrorActionPreference = 'Stop'
+    $Docs = Get-ChildItem -Path $Path -Recurse
+    foreach ($p in $Docs) {
+        Write-Host "[status]Removing ProgressAction from $p"
+        $content = (Get-Content -Path $p -Raw).TrimEnd()
+        $updateFile = $false
+        foreach ($param in $ParameterName) {
+            if (-not ($Param.StartsWith('-'))) {
+                $param = "-$($param)"
+            }
+            # Remove the parameter block
+            $pattern = "(?m)^### $param\r?\n[\S\s]*?(?=#{2,3}?)"
+            $newContent = $content -replace $pattern, ''
+            # Remove the parameter from the syntax block
+            $pattern = " \[$param\s?.*?]"
+            $newContent = $newContent -replace $pattern, ''
+            if ($null -ne (Compare-Object -ReferenceObject $content -DifferenceObject $newContent)) {
+                Write-Verbose "Added $param to $p"
+                # Update file content
+                $content = $newContent
+                $updateFile = $true
+            }
+        }
+        # Save file if content has changed
+        if ($updateFile) {
+            $newContent | Out-File -Encoding utf8 -FilePath $p
+            Write-Verbose "Updated file: $p"
+        }
+    }
+    return
+}
 # Define misc. vars
 $FilePath_Psd1 = "$ModulePath/$ModuleName.psd1"
 $FolderPath_Docs = "$ModulePath/Docs"
@@ -140,6 +190,38 @@ Try {
     # Creating: .\en-Us\$ModuleName-help.xml and .\en-Us\about_$ModuleName.help.txt
     Write-Host ("[status]Creating: .\en-Us\$ModuleName-help.xml and .\en-Us\about_$ModuleName.help.txt")
     New-ExternalHelp -Path:($FolderPath_Docs) -OutputPath:($FolderPath_enUS) -Force # -ApplicableTag <String> -Encoding <Encoding> -MaxAboutWidth <Int32> -ErrorLogFile <String> -ShowProgress
+    # Remove ProgressAction from Doc files (PowerShell 7.4.1 with PlatyPS)
+    Remove-CommonParameterFromMarkdown -Path:($FolderPath_Docs)
+    $ProgressActionXML1 = @"
+      <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="proga">
+        <maml:name>ProgressAction</maml:name>
+        <maml:description>
+          <maml:para>{{ Fill ProgressAction Description }}</maml:para>
+        </maml:description>
+        <command:parameterValue required="true" variableLength="false">System.Management.Automation.ActionPreference</command:parameterValue>
+        <dev:type>
+          <maml:name>System.Management.Automation.ActionPreference</maml:name>
+          <maml:uri />
+        </dev:type>
+        <dev:defaultValue>None</dev:defaultValue>
+      </command:parameter>
+"@
+    $ProgressActionXML2 = @"
+        <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="proga">
+          <maml:name>ProgressAction</maml:name>
+          <maml:description>
+            <maml:para>{{ Fill ProgressAction Description }}</maml:para>
+          </maml:description>
+          <command:parameterValue required="true" variableLength="false">System.Management.Automation.ActionPreference</command:parameterValue>
+          <dev:type>
+            <maml:name>System.Management.Automation.ActionPreference</maml:name>
+            <maml:uri />
+          </dev:type>
+          <dev:defaultValue>None</dev:defaultValue>
+        </command:parameter>
+"@
+    (Get-Content -Path "$FolderPath_enUS/JumpCloud-help.xml" -Raw).Replace($ProgressActionXML1, '') | Set-Content "$FolderPath_enUS/JumpCloud-help.xml"
+    (Get-Content -Path "$FolderPath_enUS/JumpCloud-help.xml" -Raw).Replace($ProgressActionXML2, '') | Set-Content "$FolderPath_enUS/JumpCloud-help.xml"
 } Catch {
     Write-Error ($_)
 }

From a89469ce4dcc6eb570b104d98f2784ad1887031f Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Tue, 1 Apr 2025 18:26:30 -0600
Subject: [PATCH 215/346] temp module validation tests

---
 .../ModuleValidation/ModuleVersion.Tests.ps1  | 55 +++++++++++++++----
 1 file changed, 43 insertions(+), 12 deletions(-)

diff --git a/scripts/automation/Radius/Tests/ModuleValidation/ModuleVersion.Tests.ps1 b/scripts/automation/Radius/Tests/ModuleValidation/ModuleVersion.Tests.ps1
index 495bd0df3..05d3a0407 100644
--- a/scripts/automation/Radius/Tests/ModuleValidation/ModuleVersion.Tests.ps1
+++ b/scripts/automation/Radius/Tests/ModuleValidation/ModuleVersion.Tests.ps1
@@ -1,17 +1,48 @@
 Describe "Module Version Tests" -Tag "ModuleValidation" {
+    BeforeAll {
+        $psd1Path = "$PSScriptRoot/../../JumpCloud.Radius.psd1"
+        $configPath = "$PSScriptRoot/../../Config.json"
+        # remove the config file if it exists
+        if (Test-Path -Path $configPath) {
+            Remove-Item -Path $configPath -Force
+        }
+    }
 
-    It "The versions across the module should match" {
+    It "The userAgent should be set in the module settings" {
         # Get the PSD1 file and Config.ps1
-        $PSD1 = Test-ModuleManifest -Path "$PSScriptRoot/../../JumpCloud.Radius.psd1"
-        $config = Get-Content -Path "$PSScriptRoot/../../Config.ps1" -Raw
-        # get the psd1 version
-        $psd1Version = $PSD1.version
-        # set regex to get psd1 version out of Config.ps1
-        $versionLineRegex = '\$UserAgent_ModuleVersion.*'
-        $versionLine = ($config | Select-String -Pattern $versionLineRegex).Matches[0].Value
-        $semanticVersionRegex = "(0|[1-9]\d*).(0|[1-9]\d*).(0|[1-9]\d*)"
-        $configVersion = ($versionLine | Select-String -Pattern "(0|[1-9]\d*).(0|[1-9]\d*).(0|[1-9]\d*)").matches[0].value
-        # test that both versions are the same
-        $configVersion | should -be $psd1Version
+        $PSD1 = Test-ModuleManifest -Path $psd1Path
+        Import-Module $psd1Path -Force
+        # the user agent should be set to the module version
+        $module.PrivateData.settings['userAgent'] | Should -Match "$($PSD1.version)"
+        # the string should be in the format of JumpCloud_ModuleName.ModuleVersion
+        $userAgentRegex = 'JumpCloud_PasswordlessRadiusConfig.PowerShellModule/[0-9]+.[0-9]+.[0-9]+'
+        $module.PrivateData.settings['userAgent'] | Should -Match $userAgentRegex
+    }
+
+    Context "Module Config Tests" {
+        It "when the config file does not exist, importing the module should only write warning messages" {
+            # Import the module
+            { Import-Module $psd1Path -Force } | Should -Not -Throw
+            # Check that the config file does not exist
+            Test-Path -Path $configPath | Should -Be $false
+            # Check that the module config is set to the default values
+            $module.PrivateData.config['userGroup'].value | Should -Be $null
+        }
+        It "Setting the settings to some series of values should not throw an error" {
+            $settings = @{
+                certSubjectHeaderCommonName       = "JumpCloud.com"
+                certType                          = "UsernameCn"
+                certSubjectHeaderOrganization     = "JumpCloud"
+                radiusDirectory                   = "~/RADIUS"
+                certSecretPass                    = "secret1234!"
+                certSubjectHeaderOrganizationUnit = "Customer_Tools"
+                certSubjectHeaderCountryCode      = "US"
+                certSubjectHeaderStateCode        = "CO"
+                certSubjectHeaderLocality         = "Boulder"
+                networkSSID                       = "TP-Link_SSID"
+                userGroup                         = "5f3171a9232e1113939dd6a2"
+            }
+            Set-JCRConfigFile @settings
+        }
     }
 }
\ No newline at end of file

From 1aebc70607afe5fce5c5ede42ed96076a88a5124 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Mon, 7 Apr 2025 12:10:22 -0600
Subject: [PATCH 216/346] global JCRConfig settings

---
 .../Private/CertDeployment/Get-CertInfo.ps1   |  6 +--
 .../Private/Config/Confirm-JCRConfigFile.ps1  | 16 +++----
 .../Private/Config/Get-JCRConfig.ps1          |  1 +
 .../Private/Config/Get-JCRConfigFile.ps1      |  6 +--
 .../Private/Config/New-JCRConfigFile.ps1      |  4 +-
 .../Private/Menus/Show-RadiusMainMenu.ps1     | 12 ++---
 .../Private/Settings/Set-JCRSettingsFile.ps1  |  3 --
 .../Public/Config/Set-JCRConfigFile.ps1       | 33 +++++++------
 .../Functions/Public/Get-JCRGlobalVars.ps1    |  2 +-
 .../Public/Start-GenerateUserCerts.ps1        |  4 +-
 .../automation/Radius/JumpCloud.Radius.psd1   |  1 -
 .../automation/Radius/JumpCloud.Radius.psm1   | 20 ++++----
 .../ModuleValidation/ModuleVersion.Tests.ps1  |  2 +-
 .../Tests/Public/Get-JCRGlobalVars.Tests.ps1  |  4 +-
 .../Public/Start-DeployUserCerts.Tests.ps1    | 18 +++----
 .../Public/Start-GenerateRootCert.Tests.ps1   | 48 +++++++++----------
 .../Public/Start-GenerateUserCerts.Tests.ps1  | 24 +++++-----
 .../Radius/Tests/SetupRadiusOrg.ps1           |  7 +--
 18 files changed, 98 insertions(+), 113 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1 b/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1
index 67b2ec679..2cf60811f 100644
--- a/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1
@@ -20,12 +20,12 @@ function Get-CertInfo {
         if ($UserCerts) {
             # Find all userCert paths
             if ($username) {
-                $foundCerts = Resolve-Path -Path "$JCScriptRoot/UserCerts/$username-$($module.PrivateData.config['certType'].value)*.crt" -ErrorAction SilentlyContinue
+                $foundCerts = Resolve-Path -Path "$JCScriptRoot/UserCerts/$username-$($global:JCRConfig.certType.value)*.crt" -ErrorAction SilentlyContinue
 
             } else {
                 $foundCerts = New-Object System.Collections.ArrayList
                 $global:JCRRadiusMembers.username | ForEach-Object {
-                    $foundCert = Resolve-Path -Path "$JCScriptRoot/UserCerts/$_-$($module.PrivateData.config['certType'].value)*.crt" -ErrorAction SilentlyContinue
+                    $foundCert = Resolve-Path -Path "$JCScriptRoot/UserCerts/$_-$($global:JCRConfig.certType.value)*.crt" -ErrorAction SilentlyContinue
                     if ($foundCert) {
                         $foundCerts.Add($foundCert) | Out-Null
                     }
@@ -108,7 +108,7 @@ function Get-CertInfo {
                     $certFile = Get-Item $($cert.Path)
                     if (('username' -notin $MyInvocation.BoundParameters) -AND (-Not [System.String]::IsNullOrEmpty($certFile.name))) {
                         # Write-Host "Attempting to parse username from string: $($certFile.name)"
-                        $matchNames = $certFile.name | Select-String -Pattern "(.*)-$($module.PrivateData.config['certType'].value).*"
+                        $matchNames = $certFile.name | Select-String -Pattern "(.*)-$($global:JCRConfig.certType.value).*"
                         if ($matchNames.Matches.groups) {
                             $username = $matchNames.Matches.groups[1].value
                         }
diff --git a/scripts/automation/Radius/Functions/Private/Config/Confirm-JCRConfigFile.ps1 b/scripts/automation/Radius/Functions/Private/Config/Confirm-JCRConfigFile.ps1
index b4f9a0ece..e6254c4b3 100644
--- a/scripts/automation/Radius/Functions/Private/Config/Confirm-JCRConfigFile.ps1
+++ b/scripts/automation/Radius/Functions/Private/Config/Confirm-JCRConfigFile.ps1
@@ -8,23 +8,21 @@ function Confirm-JCRConfigFile {
         [switch]$loadModule
     )
     begin {
-        if ($JCAPIKEY.length -ne 40) {
-            Connect-JCOnline -force | Out-Null
+        if (-not $global:JCRConfig) {
+            $global:JCRConfig = Get-JCRConfigFile -asObject
         }
-        $config = $module.privateData.config
         $requiredAttributesNotSet = @{}
     }
 
     process {
         # validate config settings
-        foreach ($item in $config.keys) {
-            $setting = $config[$item]
-
+        foreach ($setting in $global:JCRConfig.PSObject.Properties) {
+            $settingName = $setting.Name
+            $settingValue = $setting.Value
             # check to see if the key is required and if the value is null
-            if ($setting.required -eq $true -and $setting.value -eq $null) {
-                $requiredAttributesNotSet += @{ $item = $setting.placeholder }
+            if ($settingValue.required -eq $true -and $settingValue.value -eq $null) {
+                $requiredAttributesNotSet += @{ $settingName = $settingValue.placeholder }
             }
-
         }
     }
     end {
diff --git a/scripts/automation/Radius/Functions/Private/Config/Get-JCRConfig.ps1 b/scripts/automation/Radius/Functions/Private/Config/Get-JCRConfig.ps1
index 5598a846d..7bdae7d8f 100644
--- a/scripts/automation/Radius/Functions/Private/Config/Get-JCRConfig.ps1
+++ b/scripts/automation/Radius/Functions/Private/Config/Get-JCRConfig.ps1
@@ -20,5 +20,6 @@ function Get-JCRConfig {
         }
     } else {
         Write-Warning "Config file '$FilePath' not found. Using default configuration."
+        New-JCRConfigFile -Force
     }
 }
\ No newline at end of file
diff --git a/scripts/automation/Radius/Functions/Private/Config/Get-JCRConfigFile.ps1 b/scripts/automation/Radius/Functions/Private/Config/Get-JCRConfigFile.ps1
index f902c4a15..b2040ed63 100644
--- a/scripts/automation/Radius/Functions/Private/Config/Get-JCRConfigFile.ps1
+++ b/scripts/automation/Radius/Functions/Private/Config/Get-JCRConfigFile.ps1
@@ -11,7 +11,7 @@ function Get-JCRConfigFile {
 
     begin {
         $ModuleRoot = (Get-Item -Path:($PSScriptRoot)).Parent.Parent.Parent.FullName
-        $configFilePath = Join-Path -Path $ModuleRoot -ChildPath 'config.json'
+        $configFilePath = Join-Path -Path $ModuleRoot -ChildPath 'Config.json'
 
         if (-Not (Test-Path -Path $configFilePath)) {
             Write-Host "write new settings file $configFilePath"
@@ -24,10 +24,10 @@ function Get-JCRConfigFile {
         if (-Not $asObject) {
             $rawConfig = Get-Content -Path $configFilePath | ConvertFrom-Json
             $config = @{}
-            foreach ($item in $rawConfig.psobject.Properties) {
+            foreach ($item in $rawConfig.PSObject.Properties) {
                 # $config.$item
                 $config.Add($item.Name, @{})
-                foreach ($setting in $item.value.psobject.Properties) {
+                foreach ($setting in $item.value.PSObject.Properties) {
                     # $setting
                     $config.$($Item.Name).Add($setting.Name, $setting.value.value)
                 }
diff --git a/scripts/automation/Radius/Functions/Private/Config/New-JCRConfigFile.ps1 b/scripts/automation/Radius/Functions/Private/Config/New-JCRConfigFile.ps1
index 10a4f5937..b6b9f828c 100644
--- a/scripts/automation/Radius/Functions/Private/Config/New-JCRConfigFile.ps1
+++ b/scripts/automation/Radius/Functions/Private/Config/New-JCRConfigFile.ps1
@@ -10,12 +10,12 @@ function New-JCRConfigFile {
 
     begin {
         $ModuleRoot = (Get-Item -Path:($PSScriptRoot)).Parent.Parent.Parent.FullName
-        $configFilePath = Join-Path -Path $ModuleRoot -ChildPath 'config.json'
+        $configFilePath = Join-Path -Path $ModuleRoot -ChildPath 'Config.json'
         $date = (Get-Date).ToUniversalTime()
     }
     process {
         # Define Default Settings for the Config file
-        $config = $module.privateData.config
+        $config = $script:configTemplate
     }
     end {
         if ((Test-Path -Path $configFilePath) -And ($force)) {
diff --git a/scripts/automation/Radius/Functions/Private/Menus/Show-RadiusMainMenu.ps1 b/scripts/automation/Radius/Functions/Private/Menus/Show-RadiusMainMenu.ps1
index 27e00bbda..8557c2136 100644
--- a/scripts/automation/Radius/Functions/Private/Menus/Show-RadiusMainMenu.ps1
+++ b/scripts/automation/Radius/Functions/Private/Menus/Show-RadiusMainMenu.ps1
@@ -8,17 +8,17 @@ function Show-RadiusMainMenu {
 
     # Find all certs that will expire between current date and cut off date
     try {
-        $Global:expiringCerts = Get-ExpiringCertInfo -certInfo $userCertInfo -cutoffDate $module.PrivateData.config['certExpirationWarningDays'].value
+        $Global:expiringCerts = Get-ExpiringCertInfo -certInfo $userCertInfo -cutoffDate $global:JCRConfig.certExpirationWarningDays.value
     } catch {
         Write-Debug "No user certs exist, there are no user certs which will expire soon"
     }
 
     # Get UserGroup information from Config.ps1
-    $radiusUserGroup = Get-JcSdkUserGroup -Id $module.PrivateData.config['userGroup'].value | Select-Object Name
-    $radiusUserGroupMemberCount = (Get-JcSdkUserGroupMember -GroupId $module.PrivateData.config['userGroup'].value).Count
+    $radiusUserGroup = Get-JcSdkUserGroup -Id $global:JCRConfig.userGroup.value | Select-Object Name
+    $radiusUserGroupMemberCount = (Get-JcSdkUserGroupMember -GroupId $global:JCRConfig.PrivateData.userGroup.value).Count
 
     # Get SSID information from Config.ps1
-    $radiusSSID = ($module.PrivateData.config['networkSSID'].value).replace(';', ' ')
+    $radiusSSID = ($global:JCRConfig.networkSSID.value).replace(';', ' ')
 
     # Output for Users
     Clear-Host
@@ -47,9 +47,9 @@ function Show-RadiusMainMenu {
     Write-Host $(PadCenter -string "Total Radius Users: $($radiusUserGroupMemberCount)" -char " ") -ForegroundColor Green
     Write-Host $(PadCenter -string "Radius SSID(s): $radiusSSID" -char " ") -ForegroundColor Green
     if ($IsMacOS) {
-        Write-Host $(PadCenter -string "Last Updated User/System Data: $($module.PrivateData.config['lastUpdate'].value)" -char " ") -ForegroundColor Green
+        Write-Host $(PadCenter -string "Last Updated User/System Data: $($global:JCRConfig.lastUpdate.value)" -char " ") -ForegroundColor Green
     } If ($isWindows) {
-        Write-Host $(PadCenter -string "Last Updated User/System Data: $($module.PrivateData.config['lastUpdate'].value.value)" -char " ") -ForegroundColor Green
+        Write-Host $(PadCenter -string "Last Updated User/System Data: $($global:JCRConfig.lastUpdate.value)" -char " ") -ForegroundColor Green
     }
 
     Write-Host $(PadCenter -string "-" -char '-')
diff --git a/scripts/automation/Radius/Functions/Private/Settings/Set-JCRSettingsFile.ps1 b/scripts/automation/Radius/Functions/Private/Settings/Set-JCRSettingsFile.ps1
index 870c5f73a..8a91edfdd 100644
--- a/scripts/automation/Radius/Functions/Private/Settings/Set-JCRSettingsFile.ps1
+++ b/scripts/automation/Radius/Functions/Private/Settings/Set-JCRSettingsFile.ps1
@@ -52,9 +52,6 @@ function Set-JCRSettingsFile {
         }
     }
     begin {
-        if ($JCAPIKEY.length -ne 40) {
-            Connect-JCOnline -Force | Out-Null
-        }
 
         # Config should be in /PowerShell/JumpCloudModule/Config.json
         $ModuleRoot = (Get-Item -Path:($JCScriptRoot))
diff --git a/scripts/automation/Radius/Functions/Public/Config/Set-JCRConfigFile.ps1 b/scripts/automation/Radius/Functions/Public/Config/Set-JCRConfigFile.ps1
index 30841168b..6ad581084 100644
--- a/scripts/automation/Radius/Functions/Public/Config/Set-JCRConfigFile.ps1
+++ b/scripts/automation/Radius/Functions/Public/Config/Set-JCRConfigFile.ps1
@@ -7,29 +7,29 @@ function Set-JCRConfigFile {
         # $configFilePath = Join-Path -Path $ModuleRoot -ChildPath 'Config.json'
 
         # if (Test-Path -Path $configFilePath) {
-        $config = $module.PrivateData.config
         # Create the dictionary
         $RuntimeParameterDictionary = New-Object System.Management.Automation.RuntimeDefinedParameterDictionary
         # Foreach key in the supplied config file:
-        foreach ($key in $config.keys) {
-            $setting = $config[$key]
+        foreach ($setting in $global:JCRConfig.PSObject.Properties) {
+            $settingName = $setting.Name
+            $settingValue = $setting.Value
             # Skip create dynamic params for these not-writable properties:
-            if (($setting.Write -eq $false)) {
+            if ($settingValue.Write -eq $false) {
                 continue
             }
             # Set the dynamic parameters' name
             # write-host "adding dynamic param: $key$($item) $($config[$key][$item]['value'].getType().Name)"
-            $ParamName_Filter = "$($key)"
+            $ParamName_Filter = "$($settingName)"
             # Create the collection of attributes
             $AttributeCollection = New-Object System.Collections.ObjectModel.Collection[System.Attribute]
 
             # Set the type of the parameter
-            $paramType = $setting.type
+            $paramType = $settingValue.type
 
             # Create and set the parameters' attributes
             $ParameterAttribute = New-Object System.Management.Automation.ParameterAttribute
             $ParameterAttribute.Mandatory = $false
-            $ParameterAttribute.HelpMessage = "sets the $($key) config for the module"
+            $ParameterAttribute.HelpMessage = "sets the $($settingName) config for the module"
             # Add the attributes to the attributes collection
             $AttributeCollection.Add($ParameterAttribute)
             # Add the param
@@ -46,28 +46,27 @@ function Set-JCRConfigFile {
         $ModuleRoot = (Get-Item -Path:($PSScriptRoot)).Parent.Parent.Parent.FullName
         $configFilePath = Join-Path -Path $ModuleRoot -ChildPath 'Config.json'
         # config should be loaded from the module
-        $config = $module.PrivateData.config
 
-        # if (-NOT $config) {
-
-        #     New-JCRConfigFile
-        # }
+        if (-NOT $global:JCRConfig) {
+            # create the config file from template
+            New-JCRConfigFile
+            # set the variable
+            $global:JCRConfig = Get-JCRConfigFile -asObject
+        }
     }
 
     process {
         $params = $PSBoundParameters
         # update config settings
         foreach ($param in $params.Keys) {
-            # assign the first group
-            $config[$param].value = $params[$param]
+            # set the value of the config setting to the value passed into this function
+            $global:JCRConfig.$param.value = $params[$param]
 
         }
     }
 
     end {
         # Write out the new settings
-        $config | ConvertTo-Json | Out-File -FilePath $configFilePath
-        # Update Module Config
-        Get-JCRConfig -FilePath $configFilePath
+        $global:JCRConfig | ConvertTo-Json | Out-File -FilePath $configFilePath
     }
 }
\ No newline at end of file
diff --git a/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1 b/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
index 2c96b4a88..c64a43c19 100644
--- a/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
+++ b/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
@@ -115,7 +115,7 @@ function Get-JCRGlobalVars {
                 $users = Get-DynamicHash -Object User -returnProperties email, employeeIdentifier, department, suspended, location, Addresses, manager, sudo, Displayname, username, systemUsername
                 # $users | ForEach-Object { $_ | Add-Member -name "userId" -value $_ -Type NoteProperty -force }
                 # Get Radius membership list:
-                $radiusMembers = Get-JcSdkUserGroupMember -GroupId $module.PrivateData.config['userGroup'].value
+                $radiusMembers = Get-JcSdkUserGroupMember -GroupId $global:JCRConfig.userGroup.value
                 # add the username to the membership hash
                 $radiusMemberList = New-Object System.Collections.ArrayList
                 foreach ($member in $radiusMembers) {
diff --git a/scripts/automation/Radius/Functions/Public/Start-GenerateUserCerts.ps1 b/scripts/automation/Radius/Functions/Public/Start-GenerateUserCerts.ps1
index dea113c77..836ddd633 100644
--- a/scripts/automation/Radius/Functions/Public/Start-GenerateUserCerts.ps1
+++ b/scripts/automation/Radius/Functions/Public/Start-GenerateUserCerts.ps1
@@ -188,7 +188,7 @@ function Start-GenerateUserCerts {
                 # recalculate expiring certs:
                 $userCertInfo = Get-CertInfo -UserCerts
                 # Get expiring certs:
-                $Global:expiringCerts = Get-ExpiringCertInfo -certInfo $userCertInfo -cutoffDate $module.PrivateData.config['certExpirationWarningDays'].value
+                $Global:expiringCerts = Get-ExpiringCertInfo -certInfo $userCertInfo -cutoffDate $Global:JCRConfig.certExpirationWarningDays.value
                 for ($i = 0; $i -lt $ExpiringCerts.Count; $i++) {
                     $userCert = $ExpiringCerts[$i]
                     <# Action that will repeat until the condition is met #>
@@ -200,7 +200,7 @@ function Start-GenerateUserCerts {
                     # recalculate expiring certs:
                     $userCertInfo = Get-CertInfo -UserCerts
                 }
-                $Global:expiringCerts = Get-ExpiringCertInfo -certInfo $userCertInfo -cutoffDate $module.PrivateData.config['certExpirationWarningDays'].value
+                $Global:expiringCerts = Get-ExpiringCertInfo -certInfo $userCertInfo -cutoffDate $Global:JCRConfig.certExpirationWarningDays.value
                 switch ($PSCmdlet.ParameterSetName) {
                     'gui' {
                         Show-StatusMessage -Message "Finished Generating Certificates"
diff --git a/scripts/automation/Radius/JumpCloud.Radius.psd1 b/scripts/automation/Radius/JumpCloud.Radius.psd1
index 6c9dc9e60..3ccbed8e9 100644
--- a/scripts/automation/Radius/JumpCloud.Radius.psd1
+++ b/scripts/automation/Radius/JumpCloud.Radius.psd1
@@ -122,7 +122,6 @@
             # ExternalModuleDependencies = @()
 
         } # End of PSData hashtable
-
     } # End of PrivateData hashtable
 
     # HelpInfo URI of this module
diff --git a/scripts/automation/Radius/JumpCloud.Radius.psm1 b/scripts/automation/Radius/JumpCloud.Radius.psm1
index e7b23bf8d..b19a17f1f 100644
--- a/scripts/automation/Radius/JumpCloud.Radius.psm1
+++ b/scripts/automation/Radius/JumpCloud.Radius.psm1
@@ -34,13 +34,11 @@ if (-Not (Test-Path -Path "$JCScriptRoot/UserCerts" -PathType Container)) {
     New-Item -Path "$JCScriptRoot/UserCerts" -ItemType Directory
 }
 
-# # Get global variables or update if necessary
-# Get-JCRGlobalVars
 # Export module member
 Export-ModuleMember -Function $Public.BaseName -Alias *
 
 # Set the module config
-$Module.PrivateData.config = @{
+$script:configTemplate = @{
     'userGroup'                         = @{
         value       = $null;
         write       = $true;
@@ -163,18 +161,16 @@ $Module.PrivateData.config = @{
     }
 }
 
-# Set the module non-configurable settings
-$Module.PrivateData.settings = @{
+# # Set the module non-configurable settings
+$script:settings = @{
     'userAgent' = Get-JCRUserAgent
 }
 
-# From the saved config file, get the settings and set them in the module
-Get-JCRConfig -FilePath "$JCScriptRoot/Config.json"
+# From the saved config file, get the settings and set them in the module as $config
+$global:JCRConfig = Get-JCRConfigFile -asObject
+# Get-JCRConfig
 
-# validate the config settings
+# validate the config settings (skip throw on first load with 'loadModule' param)
 Confirm-JCRConfigFile -loadModule
 
-# print the config:
-# foreach ($item in $module.PrivateData.config.keys) {
-#     write-host "$item | $($module.PrivateData.config[$($item)].value)"
-# }
\ No newline at end of file
+# TODO: Check the OpenSSL version
\ No newline at end of file
diff --git a/scripts/automation/Radius/Tests/ModuleValidation/ModuleVersion.Tests.ps1 b/scripts/automation/Radius/Tests/ModuleValidation/ModuleVersion.Tests.ps1
index 05d3a0407..b3be0c1de 100644
--- a/scripts/automation/Radius/Tests/ModuleValidation/ModuleVersion.Tests.ps1
+++ b/scripts/automation/Radius/Tests/ModuleValidation/ModuleVersion.Tests.ps1
@@ -26,7 +26,7 @@ Describe "Module Version Tests" -Tag "ModuleValidation" {
             # Check that the config file does not exist
             Test-Path -Path $configPath | Should -Be $false
             # Check that the module config is set to the default values
-            $module.PrivateData.config['userGroup'].value | Should -Be $null
+            $Global:JCRConfig.userGroup.value | Should -Be $null
         }
         It "Setting the settings to some series of values should not throw an error" {
             $settings = @{
diff --git a/scripts/automation/Radius/Tests/Public/Get-JCRGlobalVars.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Get-JCRGlobalVars.Tests.ps1
index aaf785042..76da20f65 100644
--- a/scripts/automation/Radius/Tests/Public/Get-JCRGlobalVars.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Get-JCRGlobalVars.Tests.ps1
@@ -205,7 +205,7 @@ Describe "Get Global Variable Data Tests" -Tag "Cache" {
             # get the RadiusMembers.json before
             # get the user.json file before
             # add a user to the radius Group
-            Add-JCUserGroupMember -GroupID $module.PrivateData.config['userGroup'].value -UserID $user.id
+            Add-JCUserGroupMember -GroupID $Global:JCRConfig.userGroup.value -UserID $user.id
             Start-Sleep 1
             # update the cache forcefully
             Get-JCRGlobalVars -force -skipAssociation -associateManually
@@ -225,7 +225,7 @@ Describe "Get Global Variable Data Tests" -Tag "Cache" {
             # get the RadiusMembers.json before
             # get the user.json file before
             # add a user to the radius Group
-            Remove-JCUserGroupMember -GroupID $module.PrivateData.config['userGroup'].value -UserID $user.id
+            Remove-JCUserGroupMember -GroupID $Global:JCRConfig.userGroup.value -UserID $user.id
             Start-Sleep 1
             # update the cache forcefully
             Get-JCRGlobalVars -force -skipAssociation -associateManually
diff --git a/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
index f9685f394..844b75f85 100644
--- a/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
@@ -58,9 +58,9 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
             Write-Warning "$($user.username) created with id: $($user.id))"
             $dateBefore = (Get-Date).ToString('MM/dd/yyyy HH:mm:ss')
 
-            Write-Warning "Add $($user.username) to radius Group with id: $($module.PrivateData.config['userGroup'].value)"
-            Add-JCUserGroupMember -GroupID $module.PrivateData.config['userGroup'].value -UserID $user.id
-            $userMembers = Get-jcusergroupmember -byid $module.PrivateData.config['userGroup'].value
+            Write-Warning "Add $($user.username) to radius Group with id: $($global:JCRConfig.userGroup.value)"
+            Add-JCUserGroupMember -GroupID $global:JCRConfig.userGroup.value -UserID $user.id
+            $userMembers = Get-jcusergroupmember -byid $global:JCRConfig.userGroup.value
 
             foreach ($member in $userMembers) {
                 Write-Warning "$($member.username) is in the $($member.GroupName) Group"
@@ -134,7 +134,7 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
             $user = New-RandomUser -Domain "pesterRadius" | New-JCUser
             $dateBefore = (Get-Date).ToString('MM/dd/yyyy HH:mm:ss')
             # add user to membership group
-            Add-JCUserGroupMember -GroupID $module.PrivateData.config['userGroup'].value -UserID $user.id
+            Add-JCUserGroupMember -GroupID $global:JCRConfig.userGroup.value -UserID $user.id
             # get random system
             $system = Get-JCSystem -os windows | Get-Random -Count 1
             Add-JCSystemUser -UserID $user.id -SystemID $system.id
@@ -163,7 +163,7 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
             $user = New-RandomUser -Domain "pesterRadius" | New-JCUser
             $dateBefore = (Get-Date).ToString('MM/dd/yyyy HH:mm:ss')
             # add user to membership group
-            Add-JCUserGroupMember -GroupID $module.PrivateData.config['userGroup'].value -UserID $user.id
+            Add-JCUserGroupMember -GroupID $global:JCRConfig.userGroup.value -UserID $user.id
             # get random system
             $system = Get-JCSystem -os windows | Get-Random -Count 1
             Add-JCSystemUser -UserID $user.id -SystemID $system.id
@@ -323,7 +323,7 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
             $user = New-RandomUser -Domain "pesterRadius" | New-JCUser
             $dateBefore = (Get-Date).ToString('MM/dd/yyyy HH:mm:ss')
             # add user to membership group
-            Add-JCUserGroupMember -GroupID $module.PrivateData.config['userGroup'].value -UserID $user.id
+            Add-JCUserGroupMember -GroupID $global:JCRConfig.userGroup.value -UserID $user.id
             # get random system
             $windowsSystem = Get-JCSystem -os windows | Get-Random -Count 1
             $macSystem = Get-JCSystem -os "Mac OS X" | Get-Random -Count 1
@@ -576,7 +576,7 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
             $user = New-RandomUser -Domain "pesterRadius" | New-JCUser
             $dateBefore = (Get-Date).ToString('MM/dd/yyyy HH:mm:ss')
             # add user to membership group
-            Add-JCUserGroupMember -GroupID $module.PrivateData.config['userGroup'].value -UserID $user.id
+            Add-JCUserGroupMember -GroupID $global:JCRConfig.userGroup.value -UserID $user.id
             # get random system
             $windowsSystem = Get-JCSystem -os windows | Get-Random -Count 1
             $macSystem = Get-JCSystem -os "Mac OS X" | Get-Random -Count 1
@@ -718,7 +718,7 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
             # get the before date
             $dateBefore = (Get-Date).ToString('MM/dd/yyyy HH:mm:ss')
             # add user to membership group
-            Add-JCUserGroupMember -GroupID $module.PrivateData.config['userGroup'].value -UserID $user.id
+            Add-JCUserGroupMember -GroupID $global:JCRConfig.userGroup.value -UserID $user.id
             # get random system
             $windowsSystem = Get-JCSystem -os windows | Get-Random -Count 1
             $macSystem = Get-JCSystem -os "Mac OS X" | Get-Random -Count 1
@@ -758,7 +758,7 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
             # get the before date
             $dateBefore = (Get-Date).ToString('MM/dd/yyyy HH:mm:ss')
             # add user to membership group
-            Add-JCUserGroupMember -GroupID $module.PrivateData.config['userGroup'].value -UserID $user.id
+            Add-JCUserGroupMember -GroupID $global:JCRConfig.userGroup.value -UserID $user.id
             # get random system
             $windowsSystem = Get-JCSystem -os windows | Get-Random -Count 1
             $macSystem = Get-JCSystem -os "Mac OS X" | Get-Random -Count 1
diff --git a/scripts/automation/Radius/Tests/Public/Start-GenerateRootCert.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Start-GenerateRootCert.Tests.ps1
index 8ae510e80..749bb9f31 100644
--- a/scripts/automation/Radius/Tests/Public/Start-GenerateRootCert.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Start-GenerateRootCert.Tests.ps1
@@ -21,12 +21,12 @@ Describe "Generate Root Certificate Tests" -Tag "GenerateRootCert" {
             #validate the subject matches what's defined in config:
             $CA_subject = Invoke-Expression "$JCR_OPENSSL x509 -noout -in $JCScriptRoot/Cert/radius_ca_cert.pem -subject"
             $CA_subject = $CA_subject.split("subject=").split(",")
-            ($CA_subject | Where-Object { $_ -match "C=" }) | Should -Match $module.PrivateData.config['certSubjectHeaderCountryCode'].value
-            ($CA_subject | Where-Object { $_ -match "ST=" }) | Should -Match $module.PrivateData.config['certSubjectHeaderStateCode'].value
-            ($CA_subject | Where-Object { $_ -match "L=" }) | Should -Match $module.PrivateData.config['certSubjectHeaderLocality'].value
-            ($CA_subject | Where-Object { $_ -match "O=" }) | Should -Match $module.PrivateData.config['certSubjectHeaderOrganization'].value
-            ($CA_subject | Where-Object { $_ -match "OU=" }) | Should -Match $module.PrivateData.config['certSubjectHeaderOrganizationUnit'].value
-            ($CA_subject | Where-Object { $_ -match "CN=" }) | Should -Match $module.PrivateData.config['certSubjectHeaderCommonName'].value
+            ($CA_subject | Where-Object { $_ -match "C=" }) | Should -Match $global:JCRConfig.certSubjectHeaderCountryCode.value
+            ($CA_subject | Where-Object { $_ -match "ST=" }) | Should -Match $global:JCRConfig.certSubjectHeaderStateCode.value
+            ($CA_subject | Where-Object { $_ -match "L=" }) | Should -Match $global:JCRConfig.certSubjectHeaderLocality.value
+            ($CA_subject | Where-Object { $_ -match "O=" }) | Should -Match $global:JCRConfig.certSubjectHeaderOrganization.value
+            ($CA_subject | Where-Object { $_ -match "OU=" }) | Should -Match $global:JCRConfig.certSubjectHeaderOrganizationUnit.value
+            ($CA_subject | Where-Object { $_ -match "CN=" }) | Should -Match $global:JCRConfig.certSubjectHeaderCommonName.value
         }
     }
 
@@ -57,12 +57,12 @@ Describe "Generate Root Certificate Tests" -Tag "GenerateRootCert" {
             #validate the subject matches what's defined in config:
             $CA_subject = Invoke-Expression "$JCR_OPENSSL x509 -noout -in $JCScriptRoot/Cert/radius_ca_cert.pem -subject"
             $CA_subject = $CA_subject.split("subject=").split(",")
-            ($CA_subject | Where-Object { $_ -match "C=" }) | Should -Match $module.PrivateData.config['certSubjectHeaderCountryCode'].value
-            ($CA_subject | Where-Object { $_ -match "ST=" }) | Should -Match $module.PrivateData.config['certSubjectHeaderStateCode'].value
-            ($CA_subject | Where-Object { $_ -match "L=" }) | Should -Match $module.PrivateData.config['certSubjectHeaderLocality'].value
-            ($CA_subject | Where-Object { $_ -match "O=" }) | Should -Match $module.PrivateData.config['certSubjectHeaderOrganization'].value
-            ($CA_subject | Where-Object { $_ -match "OU=" }) | Should -Match $module.PrivateData.config['certSubjectHeaderOrganizationUnit'].value
-            ($CA_subject | Where-Object { $_ -match "CN=" }) | Should -Match $module.PrivateData.config['certSubjectHeaderCommonName'].value
+            ($CA_subject | Where-Object { $_ -match "C=" }) | Should -Match $global:JCRConfig.certSubjectHeaderCountryCode.value
+            ($CA_subject | Where-Object { $_ -match "ST=" }) | Should -Match $global:JCRConfig.certSubjectHeaderStateCode.value
+            ($CA_subject | Where-Object { $_ -match "L=" }) | Should -Match $global:JCRConfig.certSubjectHeaderLocality.value
+            ($CA_subject | Where-Object { $_ -match "O=" }) | Should -Match $global:JCRConfig.certSubjectHeaderOrganization.value
+            ($CA_subject | Where-Object { $_ -match "OU=" }) | Should -Match $global:JCRConfig.certSubjectHeaderOrganizationUnit.value
+            ($CA_subject | Where-Object { $_ -match "CN=" }) | Should -Match $global:JCRConfig.certSubjectHeaderCommonName.value
         }
     }
 
@@ -91,12 +91,12 @@ Describe "Generate Root Certificate Tests" -Tag "GenerateRootCert" {
             #validate the subject matches what's defined in config:
             $CA_subject = Invoke-Expression "$JCR_OPENSSL x509 -noout -in $JCScriptRoot/Cert/radius_ca_cert.pem -subject"
             $CA_subject = $CA_subject.split("subject=").split(",")
-            ($CA_subject | Where-Object { $_ -match "C=" }) | Should -Match $module.PrivateData.config['certSubjectHeaderCountryCode'].value
-            ($CA_subject | Where-Object { $_ -match "ST=" }) | Should -Match $module.PrivateData.config['certSubjectHeaderStateCode'].value
-            ($CA_subject | Where-Object { $_ -match "L=" }) | Should -Match $module.PrivateData.config['certSubjectHeaderLocality'].value
-            ($CA_subject | Where-Object { $_ -match "O=" }) | Should -Match $module.PrivateData.config['certSubjectHeaderOrganization'].value
-            ($CA_subject | Where-Object { $_ -match "OU=" }) | Should -Match $module.PrivateData.config['certSubjectHeaderOrganizationUnit'].value
-            ($CA_subject | Where-Object { $_ -match "CN=" }) | Should -Match $module.PrivateData.config['certSubjectHeaderCommonName'].value
+            ($CA_subject | Where-Object { $_ -match "C=" }) | Should -Match $global:JCRConfig.certSubjectHeaderCountryCode.value
+            ($CA_subject | Where-Object { $_ -match "ST=" }) | Should -Match $global:JCRConfig.certSubjectHeaderStateCode.value
+            ($CA_subject | Where-Object { $_ -match "L=" }) | Should -Match $global:JCRConfig.certSubjectHeaderLocality.value
+            ($CA_subject | Where-Object { $_ -match "O=" }) | Should -Match $global:JCRConfig.certSubjectHeaderOrganization.value
+            ($CA_subject | Where-Object { $_ -match "OU=" }) | Should -Match $global:JCRConfig.certSubjectHeaderOrganizationUnit.value
+            ($CA_subject | Where-Object { $_ -match "CN=" }) | Should -Match $global:JCRConfig.certSubjectHeaderCommonName.value
         }
 
     }
@@ -125,12 +125,12 @@ Describe "Generate Root Certificate Tests" -Tag "GenerateRootCert" {
             #validate the subject matches what's defined in config:
             $CA_subject = Invoke-Expression "$JCR_OPENSSL x509 -noout -in $JCScriptRoot/Cert/radius_ca_cert.pem -subject"
             $CA_subject = $CA_subject.split("subject=").split(",")
-            ($CA_subject | Where-Object { $_ -match "C=" }) | Should -Match $module.PrivateData.config['certSubjectHeaderCountryCode'].value
-            ($CA_subject | Where-Object { $_ -match "ST=" }) | Should -Match $module.PrivateData.config['certSubjectHeaderStateCode'].value
-            ($CA_subject | Where-Object { $_ -match "L=" }) | Should -Match $module.PrivateData.config['certSubjectHeaderLocality'].value
-            ($CA_subject | Where-Object { $_ -match "O=" }) | Should -Match $module.PrivateData.config['certSubjectHeaderOrganization'].value
-            ($CA_subject | Where-Object { $_ -match "OU=" }) | Should -Match $module.PrivateData.config['certSubjectHeaderOrganizationUnit'].value
-            ($CA_subject | Where-Object { $_ -match "CN=" }) | Should -Match $module.PrivateData.config['certSubjectHeaderCommonName'].value
+            ($CA_subject | Where-Object { $_ -match "C=" }) | Should -Match $global:JCRConfig.certSubjectHeaderCountryCode.value
+            ($CA_subject | Where-Object { $_ -match "ST=" }) | Should -Match $global:JCRConfig.certSubjectHeaderStateCode.value
+            ($CA_subject | Where-Object { $_ -match "L=" }) | Should -Match $global:JCRConfig.certSubjectHeaderLocality.value
+            ($CA_subject | Where-Object { $_ -match "O=" }) | Should -Match $global:JCRConfig.certSubjectHeaderOrganization.value
+            ($CA_subject | Where-Object { $_ -match "OU=" }) | Should -Match $global:JCRConfig.certSubjectHeaderOrganizationUnit.value
+            ($CA_subject | Where-Object { $_ -match "CN=" }) | Should -Match $global:JCRConfig.certSubjectHeaderCommonName.value
         }
 
     }
diff --git a/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1
index 0cf2ac868..f06ff17d4 100644
--- a/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1
@@ -42,7 +42,7 @@ Describe 'Generate User Cert Tests' -Tag "GenerateUserCerts" {
             # create a new user
             $user = New-RandomUser -Domain "pesterRadius" | New-JCUser
             # add a user to the radius Group
-            Add-JCUserGroupMember -GroupID $module.PrivateData.config['userGroup'].value -UserID $user.id
+            Add-JCUserGroupMember -GroupID $global:JCRConfig.userGroup.value -UserID $user.id
             # Get the certs before
             $certsBefore = Get-ChildItem -Path "$JCScriptRoot/UserCerts"
             # wait one moment
@@ -67,7 +67,7 @@ Describe 'Generate User Cert Tests' -Tag "GenerateUserCerts" {
             $UserCerts.fullname | Where-Object { $_ -match ".crt" } | Should -Exist
             $UserCerts.fullname | Where-Object { $_ -match ".key" } | Should -Exist
             # cleanup
-            Remove-JCUserGroupMember -GroupID $module.PrivateData.config['userGroup'].value -UserID $user.id
+            Remove-JCUserGroupMember -GroupID $global:JCRConfig.userGroup.value -UserID $user.id
             # update cache
             Get-JCRGlobalVars -force -skipAssociation
             # wait just one moment before testing membership since we are writing a file
@@ -101,7 +101,7 @@ Describe 'Generate User Cert Tests' -Tag "GenerateUserCerts" {
             $userCertInfo = Get-CertInfo -UserCerts
             # Determine cut off date for expiring certs
             # Find all certs that will expire between current date and cut off date
-            $Global:expiringCerts = Get-ExpiringCertInfo -certInfo $userCertInfo -cutoffDate $module.PrivateData.config['certExpirationWarningDays'].value
+            $Global:expiringCerts = Get-ExpiringCertInfo -certInfo $userCertInfo -cutoffDate $global:JCRConfig.certExpirationWarningDays.value
 
         }
         It 'Certs that are set to expire soon can be updated programmatically' {
@@ -120,7 +120,7 @@ Describe 'Generate User Cert Tests' -Tag "GenerateUserCerts" {
             Start-GenerateUserCerts -type ExpiringSoon -forceReplaceCerts
             # Update Global Expiring list:
             $userCertInfo = Get-CertInfo -UserCerts
-            $Global:expiringCerts = Get-ExpiringCertInfo -certInfo $userCertInfo -cutoffDate $module.PrivateData.config['certExpirationWarningDays'].value
+            $Global:expiringCerts = Get-ExpiringCertInfo -certInfo $userCertInfo -cutoffDate $global:JCRConfig.certExpirationWarningDays.value
             # there should be no more certs left in the expiring cert var
             $Global:expiringCerts | Should -BeNullOrEmpty
             # Get the certs after generation minus the .zip if it exists
@@ -167,7 +167,7 @@ Describe 'Generate User Cert Tests' -Tag "GenerateUserCerts" {
             # update the user
             $response = Invoke-RestMethod -Uri "https://console.jumpcloud.com/api/systemusers/$($user.id)" -Method PUT -Headers $headers -ContentType 'application/json' -Body $body
             # add a user to the radius Group
-            Add-JCUserGroupMember -GroupID $module.PrivateData.config['userGroup'].value -UserID $user.id
+            Add-JCUserGroupMember -GroupID $global:JCRConfig.userGroup.value -UserID $user.id
             # Get the certs before
             $certsBefore = Get-ChildItem -Path "$JCScriptRoot/UserCerts"
             # wait one moment
@@ -199,7 +199,7 @@ Describe 'Generate User Cert Tests' -Tag "GenerateUserCerts" {
             # manually update the user with a hyphen in their username
             $user = Set-JcSdkUser -Id $($user.id) -Username "$($user.username)-$($user.username)"
             # add a user to the radius Group
-            Add-JCUserGroupMember -GroupID $module.PrivateData.config['userGroup'].value -UserID $user.id
+            Add-JCUserGroupMember -GroupID $global:JCRConfig.userGroup.value -UserID $user.id
             # Get the certs before
             $certsBefore = Get-ChildItem -Path "$JCScriptRoot/UserCerts"
             # wait one moment
@@ -227,7 +227,7 @@ Describe 'Generate User Cert Tests' -Tag "GenerateUserCerts" {
         }
         AfterEach {
             # cleanup
-            Remove-JCUserGroupMember -GroupID $module.PrivateData.config['userGroup'].value -UserID $user.id
+            Remove-JCUserGroupMember -GroupID $global:JCRConfig.userGroup.value -UserID $user.id
             # update cache
             Get-JCRGlobalVars -force -skipAssociation
             # wait just one moment before testing membership since we are writing a file
@@ -241,16 +241,16 @@ Describe 'Generate User Cert Tests' -Tag "GenerateUserCerts" {
     Context 'Certs generated when userGroup only contains 1 user' {
         BeforeAll {
             # Save users in userGroup to variable for later
-            $RadiusMembers = Get-JCUserGroupMember -ByID $module.PrivateData.config['userGroup'].value
+            $RadiusMembers = Get-JCUserGroupMember -ByID $global:JCRConfig.userGroup.value
 
             # Remove all members from UserGroup
             $RadiusMembers | ForEach-Object {
-                $userRemoval = Remove-JCUserGroupMember -GroupID $module.PrivateData.config['userGroup'].value -UserID $_.UserID
+                $userRemoval = Remove-JCUserGroupMember -GroupID $global:JCRConfig.userGroup.value -UserID $_.UserID
             }
 
             # Add One Member back to the Group
             $SingleUser = $RadiusMembers | Select-Object -First 1
-            $userAdd = Add-JCUserGroupMember -GroupID $module.PrivateData.config['userGroup'].value -UserID $SingleUser.UserID
+            $userAdd = Add-JCUserGroupMember -GroupID $global:JCRConfig.userGroup.value -UserID $SingleUser.UserID
         }
         It "When the Radius UserGroup only contains 1 user, the generation functions will not error" {
             # update the cache
@@ -270,10 +270,10 @@ Describe 'Generate User Cert Tests' -Tag "GenerateUserCerts" {
         }
         AfterAll {
             # Remove the single User
-            $userRemoval = Remove-JCUserGroupMember -GroupID $module.PrivateData.config['userGroup'].value -UserID $SingleUser.UserID
+            $userRemoval = Remove-JCUserGroupMember -GroupID $global:JCRConfig.userGroup.value -UserID $SingleUser.UserID
 
             # Add original members back to the UserGroup
-            $userAdd = $RadiusMembers | ForEach-Object { Add-JCUserGroupMember -GroupID $module.PrivateData.config['userGroup'].value -UserID $_.UserID }
+            $userAdd = $RadiusMembers | ForEach-Object { Add-JCUserGroupMember -GroupID $global:JCRConfig.userGroup.value -UserID $_.UserID }
 
             # update cache
             Get-JCRGlobalVars -force -skipAssociation
diff --git a/scripts/automation/Radius/Tests/SetupRadiusOrg.ps1 b/scripts/automation/Radius/Tests/SetupRadiusOrg.ps1
index e15f8baac..08eac6ba0 100644
--- a/scripts/automation/Radius/Tests/SetupRadiusOrg.ps1
+++ b/scripts/automation/Radius/Tests/SetupRadiusOrg.ps1
@@ -53,11 +53,8 @@ $env:certKeyPassword = "testCertificate123!@#"
 # update config:
 Write-Warning "Updating Config File"
 
-$configPath = Resolve-Path -Path "$PSScriptRoot/../Config.ps1"
-write-warning $configPath
-$configContent = Get-Content -path $configPath
 # Update the userGroupID:
-$configContent -replace ('\$module.PrivateData.config['userGroup'].value = *.+', "`$module.PrivateData.config['userGroup'].value = `"$($radiusUserGroup.id)`"") | Set-Content -Path $configPath
+Set-JCRConfigFile -userGroup $radiusUserGroup.id
 # update the openSSL path:
 if ($IsMacOS) {
     $brewList = brew list openssl@3
@@ -75,8 +72,6 @@ if ($IsMacOS) {
     $opensslVersion = $regmatch.matches.groups[1].value
 
     Write-Warning "OpenSSL Version: $opensslVersion is installed via homebrew on this system; updating config:"
-    $configContent = Get-Content -path $configPath
-    $configContent -replace ('\$Global:JCR_OPENSSL = *.+', "`$Global:JCR_OPENSSL = `"$($brewListBinary)`"") | Set-Content -Path $configPath
 }
 
 $env:certKeyPassword = "TestCertificate123!@#"

From 3f693f881168cbf93f771daecec5e516198e8e52 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Mon, 2 Jun 2025 12:35:47 -0600
Subject: [PATCH 217/346] psd1 date

---
 scripts/automation/Radius/JumpCloud.Radius.psd1 | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/scripts/automation/Radius/JumpCloud.Radius.psd1 b/scripts/automation/Radius/JumpCloud.Radius.psd1
index 3ccbed8e9..6e3e217a6 100644
--- a/scripts/automation/Radius/JumpCloud.Radius.psd1
+++ b/scripts/automation/Radius/JumpCloud.Radius.psd1
@@ -1,9 +1,9 @@
 #
 # Module manifest for module 'JumpCloud.Radius'
 #
-# Generated by: jworkman
+# Generated by: JumpCloud Customer Tools
 #
-# Generated on: 3/31/2025
+# Generated on: 6/2/2025
 #
 
 @{
@@ -21,13 +21,13 @@
     GUID              = '71bfaf58-3326-4512-9a7f-a2d9dc19d6b5'
 
     # Author of this module
-    Author            = 'jworkman'
+    Author            = 'JumpCloud Customer Tools Team'
 
     # Company or vendor of this module
-    CompanyName       = 'Unknown'
+    CompanyName       = 'JumpCloud'
 
     # Copyright statement for this module
-    Copyright         = '(c) jworkman. All rights reserved.'
+    Copyright         = '(c) JumpCloud. All rights reserved.'
 
     # Description of the functionality provided by this module
     Description       = 'Module for managing JumpCloud Radius user certificates.'

From 38abfcca1a11006fe4aa133a6da1c49c65afc993 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Mon, 2 Jun 2025 12:42:58 -0600
Subject: [PATCH 218/346] check changelog

---
 scripts/automation/Radius/Changelog.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/scripts/automation/Radius/Changelog.md b/scripts/automation/Radius/Changelog.md
index b0ccc06da..01488a9a6 100644
--- a/scripts/automation/Radius/Changelog.md
+++ b/scripts/automation/Radius/Changelog.md
@@ -5,7 +5,7 @@ Release Date: January 30, 2024
 #### RELEASE NOTES
 
 ```
-This release offers a significant overhaul for the Radius Cert Deployment tool, many new underlying functions have been introducted to reduce the number of required API calls. Most notably, the tool will cache data from an organization on load.
+This release offers a significant overhaul for the Radius Cert Deployment tool, many new underlying functions have been introduced to reduce the number of required API calls. Most notably, the tool will cache data from an organization on load.
 ```
 
 #### Features:
@@ -42,7 +42,7 @@ Release Date: December 1, 2023
 #### RELEASE NOTES
 
 ```
-In macOS, it's possible for a user to define their username as `user1234` or `USER1234`. When JumpCloud takes of a user it'll perform a case insensive string comparison and take over the account that matches the username from JumpCloud.
+In macOS, it's possible for a user to define their username as `user1234` or `USER1234`. When JumpCloud takes of a user it'll perform a case insensitive string comparison and take over the account that matches the username from JumpCloud.
 
 Commands executed by JumpCloud in macOS run as shell scripts `/bin/bash` by default, this shell does not perform case-insensitive string comparisons. This patch version of the Radius Certificate Utility addresses this limitation by explicitly changing the `bash` match patterns to be case-insensitive.
 ```
@@ -146,7 +146,7 @@ Release Date: March 21, 2023
 #### RELEASE NOTES
 
 ```
-Iniital release of the Passwordless Radius User Certificate Generation automation scritps
+Initial release of the Passwordless Radius User Certificate Generation automation scripts
 ```
 
 #### FEATURES:

From 45c1854858b0ae6abc6b9af5ae8d979b00827939 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Mon, 2 Jun 2025 12:56:49 -0600
Subject: [PATCH 219/346] check workflow

---
 .github/workflows/radius-module-ci.yml | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/radius-module-ci.yml b/.github/workflows/radius-module-ci.yml
index e50281e9e..c900379e8 100644
--- a/.github/workflows/radius-module-ci.yml
+++ b/.github/workflows/radius-module-ci.yml
@@ -60,7 +60,7 @@ jobs:
         run: |
           # validate release type variables
           $env:RELEASE_TYPE |  Should -BeIn @('major','minor','patch','manual')
-  Setup-Build-Dependancies:
+  Setup-Build-Dependencies:
     needs: ["Filter-Branch", "Check-PR-Labels", "Validate-Env-Variables"]
     runs-on: ubuntu-latest
     timeout-minutes: 10
@@ -71,7 +71,7 @@ jobs:
         uses: actions/cache@v4
         with:
           path: "/Users/runner/.local/share/powershell/Modules/"
-          key: PS-Radius-Dependancies
+          key: PS-Radius-Dependencies
       - name: Install dependencies
         if: steps.cacher.outputs.cache-hit != 'true'
         shell: pwsh
@@ -108,7 +108,7 @@ jobs:
           }
 
   Validate-Module:
-    needs: ["Setup-Build-Dependancies", "Check-PR-Labels"]
+    needs: ["Setup-Build-Dependencies", "Check-PR-Labels"]
     runs-on: ubuntu-latest
     timeout-minutes: 10
     steps:
@@ -119,14 +119,14 @@ jobs:
       - uses: actions/cache@v4
         with:
           path: "/Users/runner/.local/share/powershell/Modules/"
-          key: PS-Radius-Dependancies
+          key: PS-Radius-Dependencies
       - env:
           RELEASE_TYPE: ${{ needs.Check-PR-Labels.outputs.RELEASE_TYPE }}
         shell: pwsh
         run: |
           . "./scripts/automation/Radius/Tests/Invoke-Pester.ps1" -ModuleValidation
   Test-Module:
-    needs: ["Setup-Build-Dependancies", "Check-PR-Labels", "Validate-Module"]
+    needs: ["Setup-Build-Dependencies", "Check-PR-Labels", "Validate-Module"]
     runs-on: ubuntu-latest
     # environment: Test Radius CI
     timeout-minutes: 75
@@ -141,7 +141,7 @@ jobs:
       - uses: actions/cache@v4
         with:
           path: "/Users/runner/.local/share/powershell/Modules/"
-          key: PS-Radius-Dependancies
+          key: PS-Radius-Dependencies
       - name: Test PWSH Radius Module
         shell: pwsh
         env:

From bf41676d71de3cb14eaf6b23545be1f97eed6ed8 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Mon, 2 Jun 2025 13:35:35 -0600
Subject: [PATCH 220/346] global settings/ variables in config.json

---
 .../CertDeployment/Deploy-UserCertificate.ps1 |  6 +--
 .../Private/CertDeployment/Get-CertInfo.ps1   | 14 ++---
 .../CertDeployment/Get-CertKeyPass.ps1        |  2 +-
 .../CertGeneration/Generate-UserCert.ps1      | 50 ++++++++---------
 .../CertGeneration/Invoke-UserCertProcess.ps1 | 10 ++--
 .../Private/Config/Confirm-JCRConfigFile.ps1  |  8 +++
 .../Private/Config/New-JCRConfigFile.ps1      |  2 +-
 .../Private/Menus/Show-RadiusMainMenu.ps1     |  2 +-
 .../Menus/Show-RootCAGenerationMenu.ps1       |  2 +-
 .../Private/Module/Get-OpenSSLVersion.ps1     |  4 +-
 .../Module/Validate-JCRModuleRequirements.ps1 |  2 +-
 .../Functions/Public/Get-JCRGlobalVars.ps1    | 10 ++--
 .../Public/Start-GenerateRootCert.ps1         | 54 ++++++++++---------
 .../Public/Start-GenerateUserCerts.ps1        | 14 ++---
 .../automation/Radius/JumpCloud.Radius.psm1   | 24 +++++----
 .../Tests/Public/Get-JCRGlobalVars.Tests.ps1  |  4 +-
 .../Public/Start-DeployUserCerts.Tests.ps1    | 10 ++--
 .../Public/Start-GenerateRootCert.Tests.ps1   | 36 ++++++-------
 .../Public/Start-GenerateUserCerts.Tests.ps1  | 16 +++---
 19 files changed, 141 insertions(+), 129 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1 b/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
index 6e2d8a4a5..9233391a9 100644
--- a/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
@@ -93,12 +93,12 @@ function Deploy-UserCertificate {
 
             # Get the users certificate Details:
             # Get certificate and zip to upload to Commands
-            $userCertFiles = Get-ChildItem -Path "$JCScriptRoot/UserCerts" -Filter "$($user.userName)-*"
+            $userCertFiles = Get-ChildItem -Path "$($global:JCRConfig.radiusDirectory.value)/UserCerts" -Filter "$($user.userName)-*"
             # set crt and pfx filepaths
             $userCrt = ($userCertFiles | Where-Object { $_.Name -match "crt" }).FullName
             $userPfx = ($userCertFiles | Where-Object { $_.Name -match "pfx" }).FullName
             # define .zip name
-            $userPfxZip = "$JCScriptRoot/UserCerts/$($user.userName)-client-signed.zip"
+            $userPfxZip = "$($global:JCRConfig.radiusDirectory.value)/UserCerts/$($user.userName)-client-signed.zip"
             # get certInfo for commands:
             $certInfo = Get-CertInfo -UserCerts -username $user.username
             # Determine if the commands have matching SHA1 values:
@@ -299,7 +299,7 @@ function Deploy-UserCertificate {
                 switch ($JCR_CERT_TYPE) {
                     'EmailSAN' {
                         # set cert identifier to SAN email of cert
-                        $sanID = Invoke-Expression "$JCR_OPENSSL x509 -in $($userCrt) -ext subjectAltName -noout"
+                        $sanID = Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) x509 -in $($userCrt) -ext subjectAltName -noout"
                         $regex = 'email:(.*?)$'
                         $JCR_SUBJECT_HEADERSMatch = Select-String -InputObject "$($sanID)" -Pattern $regex
                         $certIdentifier = $JCR_SUBJECT_HEADERSMatch.matches.Groups[1].value
diff --git a/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1 b/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1
index 2cf60811f..b9282bfaa 100644
--- a/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1
@@ -14,18 +14,18 @@ function Get-CertInfo {
     begin {
         if ($RootCA) {
             # Find the RootCA Path
-            $foundCerts = Resolve-Path -Path "$JCScriptRoot/Cert/*cert*.pem" -ErrorAction SilentlyContinue
+            $foundCerts = Resolve-Path -Path "$($global:JCRConfig.radiusDirectory.value)/Cert/*cert*.pem" -ErrorAction SilentlyContinue
         }
 
         if ($UserCerts) {
             # Find all userCert paths
             if ($username) {
-                $foundCerts = Resolve-Path -Path "$JCScriptRoot/UserCerts/$username-$($global:JCRConfig.certType.value)*.crt" -ErrorAction SilentlyContinue
+                $foundCerts = Resolve-Path -Path "$($global:JCRConfig.radiusDirectory.value)/UserCerts/$username-$($global:JCRConfig.certType.value)*.crt" -ErrorAction SilentlyContinue
 
             } else {
                 $foundCerts = New-Object System.Collections.ArrayList
                 $global:JCRRadiusMembers.username | ForEach-Object {
-                    $foundCert = Resolve-Path -Path "$JCScriptRoot/UserCerts/$_-$($global:JCRConfig.certType.value)*.crt" -ErrorAction SilentlyContinue
+                    $foundCert = Resolve-Path -Path "$($global:JCRConfig.radiusDirectory.value)/UserCerts/$_-$($global:JCRConfig.certType.value)*.crt" -ErrorAction SilentlyContinue
                     if ($foundCert) {
                         $foundCerts.Add($foundCert) | Out-Null
                     }
@@ -45,10 +45,10 @@ function Get-CertInfo {
                 # Check if cert and key name is radius_ca_cert.pem and radius_ca_key.pem if not, rename it
                 if ($foundCerts.Name -notmatch "radius_ca_cert.pem") {
                     Rename-Item -Path $foundCerts -NewName "radius_ca_cert.pem"
-                    $foundCerts = Resolve-Path -Path "$JCScriptRoot/Cert/*cert*.pem" -ErrorAction SilentlyContinue
+                    $foundCerts = Resolve-Path -Path "$($global:JCRConfig.radiusDirectory.value)/Cert/*cert*.pem" -ErrorAction SilentlyContinue
                 }
                 # Get the key path and rename it if needed
-                $foundKey = Resolve-Path -Path "$JCScriptRoot/Cert/*key.pem" -ErrorAction SilentlyContinue
+                $foundKey = Resolve-Path -Path "$($global:JCRConfig.radiusDirectory.value)/Cert/*key.pem" -ErrorAction SilentlyContinue
                 if ($foundKey.Name -notmatch "radius_ca_key.pem") {
                     Rename-Item -Path $foundKey -NewName "radius_ca_key.pem"
                 }
@@ -57,7 +57,7 @@ function Get-CertInfo {
                 # TODO: pscustomobject instead of hash
                 $certHash = @{}
                 # Use openssl to gather serial, subject, issuer, and enddate information
-                $certInfo = Invoke-Expression "$JCR_OPENSSL x509 -in `"$($foundCerts.Path)`" -enddate -serial -subject -issuer -noout"
+                $certInfo = Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) x509 -in `"$($foundCerts.Path)`" -enddate -serial -subject -issuer -noout"
 
                 # Convert string data into a key/value pair
                 $certInfo | ForEach-Object {
@@ -82,7 +82,7 @@ function Get-CertInfo {
                     # Create hashtable to contain cert info
                     $certHash = [PSCustomObject]@{}
                     # Use openssl to gather serial, subject, issuer and enddate information
-                    $certInfo = Invoke-Expression "$JCR_OPENSSL x509 -in `"$($cert.Path)`" -enddate -serial -subject -issuer -fingerprint -sha1 -noout"
+                    $certInfo = Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) x509 -in `"$($cert.Path)`" -enddate -serial -subject -issuer -fingerprint -sha1 -noout"
                     # Convert string data into a key/value pair
                     $certInfo | ForEach-Object {
                         $property = $_ | ConvertFrom-StringData
diff --git a/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertKeyPass.ps1 b/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertKeyPass.ps1
index 252708842..107c18e0c 100644
--- a/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertKeyPass.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertKeyPass.ps1
@@ -1,6 +1,6 @@
 function Get-CertKeyPass {
     #TODO: params required to test if a CA password is correct
-    $foundKeyPem = Resolve-Path -Path "$JCScriptRoot/Cert/*key.pem"
+    $foundKeyPem = Resolve-Path -Path "$($global:JCRConfig.radiusDirectory.value)/Cert/*key.pem"
     Write-Host "Found key: $($foundKeyPem)"
 
     if ($foundKeyPem -match "ca_key") {
diff --git a/scripts/automation/Radius/Functions/Private/CertGeneration/Generate-UserCert.ps1 b/scripts/automation/Radius/Functions/Private/CertGeneration/Generate-UserCert.ps1
index cf53c2128..bbda23d3a 100644
--- a/scripts/automation/Radius/Functions/Private/CertGeneration/Generate-UserCert.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertGeneration/Generate-UserCert.ps1
@@ -21,13 +21,13 @@ function Generate-UserCert {
         $user
     )
     begin {
-        . "$JCScriptRoot/Config.ps1"
+        # . "$JCScriptRoot/Config.ps1"
         if (-Not (Test-Path -Path $rootCAKey)) {
             Throw "RootCAKey could not be found in project directory, have you run Generate-Cert.ps1?"
             exit 1
         }
         if (-Not (Test-Path -Path $rootCA)) {
-            Throw "RootCA could not be found in project direcotry, have you run Generate-Cert.ps1?"
+            Throw "RootCA could not be found in project directory, have you run Generate-Cert.ps1?"
             exit 1
         }
     }
@@ -35,11 +35,11 @@ function Generate-UserCert {
         # Set Extension Path
         $ExtensionPath = "$JCScriptRoot/Extensions/extensions-$($certType).cnf"
         # User Certificate Signing Request:
-        $userCSR = "$JCScriptRoot/UserCerts/$($user.username)-cert-req.csr"
+        $userCSR = "$($global:JCRConfig.radiusDirectory.value)/UserCerts/$($user.username)-cert-req.csr"
         # Set key, crt, pfx variables:
-        $userKey = "$JCScriptRoot/UserCerts/$($user.username)-$($certType)-client-signed.key"
-        $userCert = "$JCScriptRoot/UserCerts/$($user.username)-$($certType)-client-signed-cert.crt"
-        $userPfx = "$JCScriptRoot/UserCerts/$($user.username)-client-signed.pfx"
+        $userKey = "$($global:JCRConfig.radiusDirectory.value)/UserCerts/$($user.username)-$($certType)-client-signed.key"
+        $userCert = "$($global:JCRConfig.radiusDirectory.value)/UserCerts/$($user.username)-$($certType)-client-signed-cert.crt"
+        $userPfx = "$($global:JCRConfig.radiusDirectory.value)/UserCerts/$($user.username)-client-signed.pfx"
 
         switch ($certType) {
             'EmailSAN' {
@@ -48,57 +48,57 @@ function Generate-UserCert {
                 $extContent -replace ("subjectAltName.*", "subjectAltName = email:$($user.email)") | Set-Content -Path $ExtensionPath -NoNewline -Force
                 # Get CSR & Key
                 Write-Host "[status] Get CSR & Key"
-                Invoke-Expression "$JCR_OPENSSL req -newkey rsa:2048 -nodes -keyout `"$userKey`" -subj `"/C=$($JCR_SUBJECT_HEADERS.countryCode)/ST=$($JCR_SUBJECT_HEADERS.stateCode)/L=$($JCR_SUBJECT_HEADERS.Locality)/O=$($JCORGID)/OU=$($JCR_SUBJECT_HEADERS.OrganizationUnit)`" -out `"$userCsr`""
+                Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) req -newkey rsa:2048 -nodes -keyout `"$userKey`" -subj `"/C=$($JCR_SUBJECT_HEADERS.countryCode)/ST=$($JCR_SUBJECT_HEADERS.stateCode)/L=$($JCR_SUBJECT_HEADERS.Locality)/O=$($JCORGID)/OU=$($JCR_SUBJECT_HEADERS.OrganizationUnit)`" -out `"$userCsr`""
 
                 # take signing request, make cert # specify extensions requets
                 Write-Host "[status] take signing request, make cert # specify extensions requets"
-                Invoke-Expression "$JCR_OPENSSL x509 -req -extfile `"$ExtensionPath`" -days $JCR_USER_CERT_VALIDITY_DAYS -in `"$userCsr`" -CA `"$rootCA`" -CAkey `"$rootCAKey`" -passin pass:$($env:certKeyPassword) -CAcreateserial -out `"$userCert`" -extensions v3_req"
+                Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) x509 -req -extfile `"$ExtensionPath`" -days $JCR_USER_CERT_VALIDITY_DAYS -in `"$userCsr`" -CA `"$rootCA`" -CAkey `"$rootCAKey`" -passin pass:$($env:certKeyPassword) -CAcreateserial -out `"$userCert`" -extensions v3_req"
 
                 # validate the cert we cant see it once it goes to pfx
                 Write-Host "[status] validate the cert we cant see it once it goes to pfx"
-                Invoke-Expression "$JCR_OPENSSL x509 -noout -text -in `"$userCert`""
+                Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) x509 -noout -text -in `"$userCert`""
                 # legacy needed if we take a cert like this then pass it out
                 Write-Host "[status] legacy needed if we take a cert like this then pass it out"
-                Invoke-Expression "$JCR_OPENSSL pkcs12 -export -out `"$userPfx`" -inkey `"$userKey`" -in `"$userCert`" -passout pass:$($JCR_USER_CERT_PASS) -legacy"
+                Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) pkcs12 -export -out `"$userPfx`" -inkey `"$userKey`" -in `"$userCert`" -passout pass:$($JCR_USER_CERT_PASS) -legacy"
             }
             'EmailDn' {
                 # Create Client cert with email in the subject distinguished name
-                Invoke-Expression "$JCR_OPENSSL genrsa -out `"$userKey`" 2048"
+                Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) genrsa -out `"$userKey`" 2048"
                 # Generate User CSR
-                Invoke-Expression "$JCR_OPENSSL req -nodes -new -key `"$rootCAKey`" -passin pass:$($env:certKeyPassword) -out `"$userCsr`" -subj /C=$($JCR_SUBJECT_HEADERS.countryCode)/ST=$($JCR_SUBJECT_HEADERS.stateCode)/L=$($JCR_SUBJECT_HEADERS.Locality)/O=$($JCORGID)/OU=$($JCR_SUBJECT_HEADERS.OrganizationUnit)/CN=$($JCR_SUBJECT_HEADERS.CommonName)"
-                Invoke-Expression "$JCR_OPENSSL req -new -key `"$userKey`" -out `"$userCsr`" -config `"$ExtensionPath`" -subj `"/C=$($JCR_SUBJECT_HEADERS.countryCode)/ST=$($JCR_SUBJECT_HEADERS.stateCode)/L=$($JCR_SUBJECT_HEADERS.Locality)/O=$($JCORGID)/OU=$($JCR_SUBJECT_HEADERS.OrganizationUnit)/CN=/emailAddress=$($user.email)`""
+                Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) req -nodes -new -key `"$rootCAKey`" -passin pass:$($env:certKeyPassword) -out `"$userCsr`" -subj /C=$($JCR_SUBJECT_HEADERS.countryCode)/ST=$($JCR_SUBJECT_HEADERS.stateCode)/L=$($JCR_SUBJECT_HEADERS.Locality)/O=$($JCORGID)/OU=$($JCR_SUBJECT_HEADERS.OrganizationUnit)/CN=$($JCR_SUBJECT_HEADERS.CommonName)"
+                Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) req -new -key `"$userKey`" -out `"$userCsr`" -config `"$ExtensionPath`" -subj `"/C=$($JCR_SUBJECT_HEADERS.countryCode)/ST=$($JCR_SUBJECT_HEADERS.stateCode)/L=$($JCR_SUBJECT_HEADERS.Locality)/O=$($JCORGID)/OU=$($JCR_SUBJECT_HEADERS.OrganizationUnit)/CN=/emailAddress=$($user.email)`""
 
                 # Gennerate User Cert
-                Invoke-Expression "$JCR_OPENSSL x509 -req -in `"$userCsr`" -CA `"$rootCA`" -CAkey `"$rootCAKey`" -days $JCR_USER_CERT_VALIDITY_DAYS -passin pass:$($env:certKeyPassword) -CAcreateserial -out `"$userCert`" -extfile `"$ExtensionPath`""
+                Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) x509 -req -in `"$userCsr`" -CA `"$rootCA`" -CAkey `"$rootCAKey`" -days $JCR_USER_CERT_VALIDITY_DAYS -passin pass:$($env:certKeyPassword) -CAcreateserial -out `"$userCert`" -extfile `"$ExtensionPath`""
 
                 # Combine key and cert to create pfx file
-                Invoke-Expression "$JCR_OPENSSL pkcs12 -export -out `"$userPfx`" -inkey `"$userKey`" -in `"$userCert`" -passout pass:$($JCR_USER_CERT_PASS) -legacy"
+                Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) pkcs12 -export -out `"$userPfx`" -inkey `"$userKey`" -in `"$userCert`" -passout pass:$($JCR_USER_CERT_PASS) -legacy"
                 # Output
-                Invoke-Expression "$JCR_OPENSSL x509 -noout -text -in `"$userCert`""
-                # invoke-expression "$JCR_OPENSSL pkcs12 -clcerts -nokeys -in `"$userPfx`" -passin pass:$($JCR_USER_CERT_PASS)"
+                Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) x509 -noout -text -in `"$userCert`""
+                # Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) pkcs12 -clcerts -nokeys -in `"$userPfx`" -passin pass:$($JCR_USER_CERT_PASS)"
             }
             'UsernameCN' {
                 # Create Client cert with email in the subject distinguished name
-                Invoke-Expression "$JCR_OPENSSL genrsa -out `"$userKey`" 2048"
+                Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) genrsa -out `"$userKey`" 2048"
                 # Generate User CSR
-                Invoke-Expression "$JCR_OPENSSL req -nodes -new -key `"$rootCAKey`" -passin pass:$($env:certKeyPassword) -out `"$userCsr`" -subj /C=$($JCR_SUBJECT_HEADERS.countryCode)/ST=$($JCR_SUBJECT_HEADERS.stateCode)/L=$($JCR_SUBJECT_HEADERS.Locality)/O=$($JCORGID)/OU=$($JCR_SUBJECT_HEADERS.OrganizationUnit)/CN=$($JCR_SUBJECT_HEADERS.CommonName)"
-                Invoke-Expression "$JCR_OPENSSL req -new -key `"$userKey`" -out `"$userCsr`" -config `"$ExtensionPath`" -subj `"/C=$($JCR_SUBJECT_HEADERS.countryCode)/ST=$($JCR_SUBJECT_HEADERS.stateCode)/L=$($JCR_SUBJECT_HEADERS.Locality)/O=$($JCORGID)/OU=$($JCR_SUBJECT_HEADERS.OrganizationUnit)/CN=$($user.username)`""
+                Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) req -nodes -new -key `"$rootCAKey`" -passin pass:$($env:certKeyPassword) -out `"$userCsr`" -subj /C=$($JCR_SUBJECT_HEADERS.countryCode)/ST=$($JCR_SUBJECT_HEADERS.stateCode)/L=$($JCR_SUBJECT_HEADERS.Locality)/O=$($JCORGID)/OU=$($JCR_SUBJECT_HEADERS.OrganizationUnit)/CN=$($JCR_SUBJECT_HEADERS.CommonName)"
+                Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) req -new -key `"$userKey`" -out `"$userCsr`" -config `"$ExtensionPath`" -subj `"/C=$($JCR_SUBJECT_HEADERS.countryCode)/ST=$($JCR_SUBJECT_HEADERS.stateCode)/L=$($JCR_SUBJECT_HEADERS.Locality)/O=$($JCORGID)/OU=$($JCR_SUBJECT_HEADERS.OrganizationUnit)/CN=$($user.username)`""
 
                 # Gennerate User Cert
-                Invoke-Expression "$JCR_OPENSSL x509 -req -in `"$userCsr`" -CA `"$rootCA`" -CAkey `"$rootCAKey`" -days $JCR_USER_CERT_VALIDITY_DAYS -CAcreateserial -passin pass:$($env:certKeyPassword) -out `"$userCert`" -extfile `"$ExtensionPath`""
+                Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) x509 -req -in `"$userCsr`" -CA `"$rootCA`" -CAkey `"$rootCAKey`" -days $JCR_USER_CERT_VALIDITY_DAYS -CAcreateserial -passin pass:$($env:certKeyPassword) -out `"$userCert`" -extfile `"$ExtensionPath`""
 
                 # Combine key and cert to create pfx file
-                Invoke-Expression "$JCR_OPENSSL pkcs12 -export -out `"$userPfx`" -inkey `"$userKey`" -in `"$userCert`" -inkey `"$userKey`" -passout pass:$($JCR_USER_CERT_PASS) -legacy"
+                Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) pkcs12 -export -out `"$userPfx`" -inkey `"$userKey`" -in `"$userCert`" -inkey `"$userKey`" -passout pass:$($JCR_USER_CERT_PASS) -legacy"
                 # Output
-                Invoke-Expression "$JCR_OPENSSL x509 -noout -text -in `"$userCert`""
-                # invoke-expression "$JCR_OPENSSL pkcs12 -clcerts -nokeys -in `"$userPfx`" -passin pass:$($JCR_USER_CERT_PASS)"
+                Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) x509 -noout -text -in `"$userCert`""
+                # Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) pkcs12 -clcerts -nokeys -in `"$userPfx`" -passin pass:$($JCR_USER_CERT_PASS)"
             }
         }
 
     }
     end {
         # Clean Up User Certs Directory remove non .crt files
-        # `"$userCert`"Files = Get-ChildItem -Path "$JCScriptRoot/UserCerts"
+        # `"$userCert`"Files = Get-ChildItem -Path "$($global:JCRConfig.radiusDirectory.value)/UserCerts"
         # `"$userCert`"Files | Where-Object { $_.Name -notmatch ".pfx" } | ForEach-Object {
         #     Remove-Item -path $_.fullname
         # }
diff --git a/scripts/automation/Radius/Functions/Private/CertGeneration/Invoke-UserCertProcess.ps1 b/scripts/automation/Radius/Functions/Private/CertGeneration/Invoke-UserCertProcess.ps1
index bb0612d66..17a1278fd 100644
--- a/scripts/automation/Radius/Functions/Private/CertGeneration/Invoke-UserCertProcess.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertGeneration/Invoke-UserCertProcess.ps1
@@ -37,7 +37,7 @@ Function Invoke-UserCertProcess {
         # get the user from user.json
         $userObject, $userIndex = Get-UserFromTable -userID $MatchedUser.id
         # Test if the file exists:
-        switch (Test-Path "$JCScriptRoot/UserCerts/$($matchedUser.username)-client-signed.pfx") {
+        switch (Test-Path "$($global:JCRConfig.radiusDirectory.value)/UserCerts/$($matchedUser.username)-client-signed.pfx") {
             $true {
                 switch ($forceReplaceCert) {
                     $true {
@@ -51,7 +51,7 @@ Function Invoke-UserCertProcess {
                     }
                 }
                 if ($prompt) {
-                    $writeCert = Get-ResponsePrompt -message "A certifcate already exists for user: $($matchedUser.username) do you want to re-generate this certificate?"
+                    $writeCert = Get-ResponsePrompt -message "A certificate already exists for user: $($matchedUser.username) do you want to re-generate this certificate?"
                     switch ($writeCert) {
                         $true {
                             $cert_action = "Overwritten"
@@ -78,15 +78,15 @@ Function Invoke-UserCertProcess {
     process {
         # if writeCert, generate the cert
         if ($writeCert) {
-            Generate-UserCert -CertType $JCR_CERT_TYPE -user $MatchedUser -rootCAKey "$JCScriptRoot/Cert/radius_ca_key.pem" -rootCA "$JCScriptRoot/Cert/radius_ca_cert.pem" 2>&1 | out-null
+            Generate-UserCert -CertType $JCR_CERT_TYPE -user $MatchedUser -rootCAKey "$($global:JCRConfig.radiusDirectory.value)/Cert/radius_ca_key.pem" -rootCA "$($global:JCRConfig.radiusDirectory.value)/Cert/radius_ca_cert.pem" 2>&1 | out-null
             # validate that the cert was written correctly:
             #TODO: validate and return as variable
 
             #TODO: cert should be written with $JCR_CERT_TYPE, if other certs exist, remove them.
             $CertInfo = Get-CertInfo -UserCerts -username $MatchedUser.username
             if ($CertInfo.count -gt 1) {
-                $foundCerts = Get-ChildItem -path "$JCScriptRoot/UserCerts/$($MatchedUser.username)-*.crt"
-                $orderedCerts = $founDcerts | Sort-Object -Property LastWriteTime -Descending | select -Skip 1
+                $foundCerts = Get-ChildItem -path "$($global:JCRConfig.radiusDirectory.value)/UserCerts/$($MatchedUser.username)-*.crt"
+                $orderedCerts = $foundCerts | Sort-Object -Property LastWriteTime -Descending | select -Skip 1
                 foreach ($cert in $orderedCerts) {
                     Remove-Item $cert.FullName
                 }
diff --git a/scripts/automation/Radius/Functions/Private/Config/Confirm-JCRConfigFile.ps1 b/scripts/automation/Radius/Functions/Private/Config/Confirm-JCRConfigFile.ps1
index e6254c4b3..16c2d483f 100644
--- a/scripts/automation/Radius/Functions/Private/Config/Confirm-JCRConfigFile.ps1
+++ b/scripts/automation/Radius/Functions/Private/Config/Confirm-JCRConfigFile.ps1
@@ -23,6 +23,14 @@ function Confirm-JCRConfigFile {
             if ($settingValue.required -eq $true -and $settingValue.value -eq $null) {
                 $requiredAttributesNotSet += @{ $settingName = $settingValue.placeholder }
             }
+            # specifically for the openssl binary, check if the path exists
+            if ($settingName -eq 'openSSLBinary' -and $settingValue.value -ne $null) {
+                Get-OpenSSLVersion -opensslBinary $settingValue.value
+                # if (-not (Test-Path -Path $settingValue.value)) {
+
+                #     Write-Warning "The OpenSSL binary path '$($settingValue.value)' does not exist. Please set it with Set-JCRConfigFile."
+                # }
+            }
         }
     }
     end {
diff --git a/scripts/automation/Radius/Functions/Private/Config/New-JCRConfigFile.ps1 b/scripts/automation/Radius/Functions/Private/Config/New-JCRConfigFile.ps1
index b6b9f828c..a34edae73 100644
--- a/scripts/automation/Radius/Functions/Private/Config/New-JCRConfigFile.ps1
+++ b/scripts/automation/Radius/Functions/Private/Config/New-JCRConfigFile.ps1
@@ -15,7 +15,7 @@ function New-JCRConfigFile {
     }
     process {
         # Define Default Settings for the Config file
-        $config = $script:configTemplate
+        $config = $global:JCRConfigTemplate
     }
     end {
         if ((Test-Path -Path $configFilePath) -And ($force)) {
diff --git a/scripts/automation/Radius/Functions/Private/Menus/Show-RadiusMainMenu.ps1 b/scripts/automation/Radius/Functions/Private/Menus/Show-RadiusMainMenu.ps1
index 8557c2136..1e42f844e 100644
--- a/scripts/automation/Radius/Functions/Private/Menus/Show-RadiusMainMenu.ps1
+++ b/scripts/automation/Radius/Functions/Private/Menus/Show-RadiusMainMenu.ps1
@@ -15,7 +15,7 @@ function Show-RadiusMainMenu {
 
     # Get UserGroup information from Config.ps1
     $radiusUserGroup = Get-JcSdkUserGroup -Id $global:JCRConfig.userGroup.value | Select-Object Name
-    $radiusUserGroupMemberCount = (Get-JcSdkUserGroupMember -GroupId $global:JCRConfig.PrivateData.userGroup.value).Count
+    $radiusUserGroupMemberCount = (Get-JcSdkUserGroupMember -GroupId $global:JCRConfig.userGroup.value).Count
 
     # Get SSID information from Config.ps1
     $radiusSSID = ($global:JCRConfig.networkSSID.value).replace(';', ' ')
diff --git a/scripts/automation/Radius/Functions/Private/Menus/Show-RootCAGenerationMenu.ps1 b/scripts/automation/Radius/Functions/Private/Menus/Show-RootCAGenerationMenu.ps1
index e5d03cb79..8709b9c68 100644
--- a/scripts/automation/Radius/Functions/Private/Menus/Show-RootCAGenerationMenu.ps1
+++ b/scripts/automation/Radius/Functions/Private/Menus/Show-RootCAGenerationMenu.ps1
@@ -27,7 +27,7 @@ function Show-RootCAGenerationMenu {
 
 
 
-    if (Test-Path -Path "$JCScriptRoot/Cert/radius_ca_cert.pem") {
+    if (Test-Path -Path "$($global:JCRConfig.radiusDirectory.value)/Cert/radius_ca_cert.pem") {
         # Generate new root CA
         Write-Host "1: Press '1' to replace current root certificate. `n`t$([char]0x1b)[96mNOTE: you will be prompted to overwrite any previously generated certificates. This will generate a new root CA `n`twith a new serial number and user certs generated with the previous CA will no longer authenticate."
         # Regenerate with the same serial number
diff --git a/scripts/automation/Radius/Functions/Private/Module/Get-OpenSSLVersion.ps1 b/scripts/automation/Radius/Functions/Private/Module/Get-OpenSSLVersion.ps1
index 0734a131a..38446745d 100644
--- a/scripts/automation/Radius/Functions/Private/Module/Get-OpenSSLVersion.ps1
+++ b/scripts/automation/Radius/Functions/Private/Module/Get-OpenSSLVersion.ps1
@@ -10,7 +10,7 @@ function Get-OpenSSLVersion {
         try {
             $version = Invoke-Expression "& '$opensslBinary' version"
         } catch {
-            Write-Error "Something went wrong... Could not find openssl or the path is incorrect. Please update the `$JCR_OPENSSL variable in the config.ps1 file to the correct path"
+            Write-Warning "OpenSSL Not Found`nThe module could not find 'openssl' or the path is incorrect. Please update the 'OpenSSLBinary' setting for this module with the Set-JCRConfigFile cmdlet:`nWindows: Set-JCRConfigFile -openSSLBinary 'C:\Path\To\OpenSSL\bin\openssl.exe'`nMacOS/Linux: Set-JCRConfigFile -openSSLBinary '/opt/homebrew/bin/openssl'"
             $conditionsNotMet = $true
         }
 
@@ -45,7 +45,7 @@ function Get-OpenSSLVersion {
     }
     process {
         if ($version -lt $OpenSSLVersion) {
-            Write-Error "The installed version of OpenSSL: OpenSSL $Version, does not meet the requirements of this application, please install a later version of at least $Type $Version"
+            Write-Warning "The installed version of OpenSSL: OpenSSL $Version, does not meet the requirements of this application, please install a later version of at least $Type $Version"
             $conditionsNotMet = $true
         }
     }
diff --git a/scripts/automation/Radius/Functions/Private/Module/Validate-JCRModuleRequirements.ps1 b/scripts/automation/Radius/Functions/Private/Module/Validate-JCRModuleRequirements.ps1
index 9fe970c60..4181aae89 100644
--- a/scripts/automation/Radius/Functions/Private/Module/Validate-JCRModuleRequirements.ps1
+++ b/scripts/automation/Radius/Functions/Private/Module/Validate-JCRModuleRequirements.ps1
@@ -1,5 +1,5 @@
 function Validate-JCRModuleRequirements {
-    $openSSLValidated = Get-OpenSSLVersion -opensslBinary $JCR_OPENSSL
+    $openSSLValidated = Get-OpenSSLVersion -opensslBinary $global:JCRConfig.openSSLBinary.value
     if ($openSSLValidated -eq $false) {
         throw "OpenSSL validation failed. Please check the OpenSSL path and version."
     }
diff --git a/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1 b/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
index c64a43c19..ff68f9251 100644
--- a/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
+++ b/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
@@ -21,18 +21,18 @@ function Get-JCRGlobalVars {
             New-Item -ItemType Directory -Path "$JCScriptRoot/data"
         }
 
-        if (-Not $Script:JCRConfig) {
-            $Script:JCRConfig = Get-JCRConfigFile
+        if (-Not $global:JCRConfig) {
+            $global:JCRConfig = Get-JCRConfigFile
         }
 
         # get settings file
         if ($IsMacOS) {
-            $lastUpdateTimespan = New-TimeSpan -Start $script:JCRConfig.globalvars.lastupdate -End (Get-Date)
+            $lastUpdateTimeSpan = New-TimeSpan -Start $global:JCRConfig.globalvars.lastupdate -End (Get-Date)
         }
         if ($ifWindows) {
-            $lastUpdateTimespan = New-TimeSpan -Start $script:JCRConfig.globalvars.lastupdate.value -End (Get-Date)
+            $lastUpdateTimeSpan = New-TimeSpan -Start $global:JCRConfig.globalvars.lastupdate.value -End (Get-Date)
         }
-        if ($lastUpdateTimespan.TotalHours -gt 24) {
+        if ($lastUpdateTimeSpan.TotalHours -gt 24) {
             $update = $true
             $updateAssociation = $true
         } else {
diff --git a/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1 b/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1
index 32f593d52..7e78f0111 100644
--- a/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1
+++ b/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1
@@ -17,42 +17,44 @@ Function Start-GenerateRootCert {
 
     )
 
-    $CertPath = Resolve-Path "$JCScriptRoot/Cert"
-    $outKey = "$CertPath/radius_ca_key.pem"
-    $outCA = "$CertPath/radius_ca_cert.pem"
-    $timestamp = Get-Date -Format "yyyyMMddHHmmss"
+
     # this script will generate a Self Signed CA (root cert) to be imported on the
     # Radius CBA-BYO Authentication UI
 
     # Edit the variables in Config.ps1 before running this script
-    . "$JCScriptRoot/Config.ps1"
+    # . "$JCScriptRoot/Config.ps1"
 
-    if ( ([System.String]::IsNullOrEmpty($JCORGID)) -Or ($JCORGID.Length -ne 24) ) {
-        throw "OrganizationID not specified, please update Config.ps1"
-    }
+    # if ( ([System.String]::IsNullOrEmpty($JCORGID)) -Or ($JCORGID.Length -ne 24) ) {
+    #     throw "OrganizationID not specified, please update Config.ps1"
+    # }
 
     ################################################################################
     # Do Not Edit Below:
     ################################################################################
-    Set-Location $JCScriptRoot
+    # Set-Location $JCScriptRoot
 
     # REM Generate Root Server Private Key and server certificate (self signed as CA)
     Write-Host "Generating Self Signed Root CA Certificate"
-    if (Test-Path -Path "$JCScriptRoot/Cert") {
+    if (Test-Path -Path "$($global:JCRConfig.radiusDirectory.value)/Cert") {
         Write-Host "Cert Path Exists"
     } else {
         Write-Host "Creating Cert Path"
-        New-Item -ItemType Directory -Path "$JCScriptRoot/Cert"
+        New-Item -ItemType Directory -Path "$($global:JCRConfig.radiusDirectory.value)/Cert"
     }
 
     # If cert backup folder does not exist, create it
-    if (Test-Path -Path "$JCScriptRoot/Cert/Backups") {
+    if (Test-Path -Path "$($global:JCRConfig.radiusDirectory.value)/Cert/Backups") {
         Write-Host "Backup Path Exists"
     } else {
         Write-Host "Creating Backup Path"
-        New-Item -ItemType Directory -Path "$JCScriptRoot/Cert/Backups"
+        New-Item -ItemType Directory -Path "$($global:JCRConfig.radiusDirectory.value)/Cert/Backups"
     }
 
+    $CertPath = Resolve-Path "$($global:JCRConfig.radiusDirectory.value)/Cert"
+    $outKey = "$CertPath/radius_ca_key.pem"
+    $outCA = "$CertPath/radius_ca_cert.pem"
+    $timestamp = Get-Date -Format "yyyyMMddHHmmss"
+
     # If parameterSetname is CLI
     if ($PSCmdlet.ParameterSetName -eq 'cli') {
         switch ($GenerateType) {
@@ -77,7 +79,7 @@ Function Start-GenerateRootCert {
     switch ($selection) {
         # Generate new root certificate
         '1' {
-            if (Test-Path -Path "$JCScriptRoot/Cert/radius_ca_cert.pem") {
+            if (Test-Path -Path "$($global:JCRConfig.radiusDirectory.value)/Cert/radius_ca_cert.pem") {
                 Write-Host "Root Cert already exists"
                 # If the force switch is set, force the generation of a new root certificate
                 if (!$force) {
@@ -142,9 +144,9 @@ Function Start-GenerateRootCert {
                         }
                         # Save the pass phrase in the env:
                         $env:certKeyPassword = $certKeyPass
-                        Invoke-Expression "$JCR_OPENSSL req -x509 -newkey rsa:2048 -days $JCR_ROOT_CERT_VALIDITY_DAYS -keyout `"$outKey`" -out `"$outCA`" -passout pass:$($env:certKeyPassword) -subj /C=$($JCR_SUBJECT_HEADERS.countryCode)/ST=$($JCR_SUBJECT_HEADERS.stateCode)/L=$($JCR_SUBJECT_HEADERS.Locality)/O=$($JCR_SUBJECT_HEADERS.Organization)/OU=$($JCR_SUBJECT_HEADERS.OrganizationUnit)/CN=$($JCR_SUBJECT_HEADERS.CommonName)"
+                        Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) req -x509 -newkey rsa:2048 -days $JCR_ROOT_CERT_VALIDITY_DAYS -keyout `"$outKey`" -out `"$outCA`" -passout pass:$($env:certKeyPassword) -subj /C=$($JCR_SUBJECT_HEADERS.countryCode)/ST=$($JCR_SUBJECT_HEADERS.stateCode)/L=$($JCR_SUBJECT_HEADERS.Locality)/O=$($JCR_SUBJECT_HEADERS.Organization)/OU=$($JCR_SUBJECT_HEADERS.OrganizationUnit)/CN=$($JCR_SUBJECT_HEADERS.CommonName)"
                         # REM PEM pass phrase: myorgpass
-                        Invoke-Expression "$JCR_OPENSSL x509 -in `"$outCA`" -noout -text"
+                        Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) x509 -in `"$outCA`" -noout -text"
                         # openssl x509 -in ca-cert.pem -noout -text
                         # Update Extensions Distinguished Names:
                         $exts = Get-ChildItem -Path "$JCScriptRoot/Extensions"
@@ -207,9 +209,9 @@ CN = $($JCR_SUBJECT_HEADERS.CommonName)
                 }
                 # Save the pass phrase in the env:
                 $env:certKeyPassword = $certKeyPass
-                Invoke-Expression "$JCR_OPENSSL req -x509 -newkey rsa:2048 -days $JCR_ROOT_CERT_VALIDITY_DAYS -keyout `"$outKey`" -out `"$outCA`" -passout pass:$($env:certKeyPassword) -subj /C=$($JCR_SUBJECT_HEADERS.countryCode)/ST=$($JCR_SUBJECT_HEADERS.stateCode)/L=$($JCR_SUBJECT_HEADERS.Locality)/O=$($JCR_SUBJECT_HEADERS.Organization)/OU=$($JCR_SUBJECT_HEADERS.OrganizationUnit)/CN=$($JCR_SUBJECT_HEADERS.CommonName)"
+                Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) req -x509 -newkey rsa:2048 -days $JCR_ROOT_CERT_VALIDITY_DAYS -keyout `"$outKey`" -out `"$outCA`" -passout pass:$($env:certKeyPassword) -subj /C=$($JCR_SUBJECT_HEADERS.countryCode)/ST=$($JCR_SUBJECT_HEADERS.stateCode)/L=$($JCR_SUBJECT_HEADERS.Locality)/O=$($JCR_SUBJECT_HEADERS.Organization)/OU=$($JCR_SUBJECT_HEADERS.OrganizationUnit)/CN=$($JCR_SUBJECT_HEADERS.CommonName)"
                 # REM PEM pass phrase: myorgpass
-                Invoke-Expression "$JCR_OPENSSL x509 -in `"$outCA`" -noout -text"
+                Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) x509 -in `"$outCA`" -noout -text"
                 # openssl x509 -in ca-cert.pem -noout -text
                 # Update Extensions Distinguished Names:
                 $exts = Get-ChildItem -Path "$JCScriptRoot/Extensions"
@@ -235,7 +237,7 @@ CN = $($JCR_SUBJECT_HEADERS.CommonName)
         '2' {
             $env:certKeyPassword = $certKeyPass
             # Check if there is a current CA cert
-            if (Test-Path -Path "$JCScriptRoot/Cert/radius_ca_cert.pem") {
+            if (Test-Path -Path "$($global:JCRConfig.radiusDirectory.value)/Cert/radius_ca_cert.pem") {
 
                 if (!$force) {
                     if ($PSCmdlet.ParameterSetName -eq 'cli') {
@@ -257,7 +259,7 @@ CN = $($JCR_SUBJECT_HEADERS.CommonName)
                                 $secureCertKeyPass = Read-Host -Prompt "Enter the current password for the certificate key" -AsSecureString
                                 $certKeyPass = ConvertFrom-SecureString $secureCertKeyPass -AsPlainText
                                 do {
-                                    $result = Invoke-Expression "$JCR_OPENSSL rsa -in `"$outKey`" -passin pass:$($certKeyPass) -check"
+                                    $result = Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) rsa -in `"$outKey`" -passin pass:$($certKeyPass) -check"
                                     if ($result -match "RSA key ok") {
                                         Write-Host "Password validated! Proceeding..."
                                         $env:certKeyPassword = $certKeyPass
@@ -275,7 +277,7 @@ CN = $($JCR_SUBJECT_HEADERS.CommonName)
                                 # Validate that the password works with the old CA cert
                                 # Attempt to read the private key with the password
                                 do {
-                                    $result = Invoke-Expression "$JCR_OPENSSL rsa -in `"$outKey`" -passin pass:$($certKeyPass) -check"
+                                    $result = Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) rsa -in `"$outKey`" -passin pass:$($certKeyPass) -check"
 
                                     if ($result -match "RSA key ok") {
                                         Write-Host "Password validated! Proceeding..."
@@ -309,14 +311,14 @@ CN = $($JCR_SUBJECT_HEADERS.CommonName)
                         }
                         $certConfPath = "$CertPath/radius_ca_cert2.conf"
                         $csrOutPath = "$CertPath/radius_ca_cert.csr"
-                        $select = Invoke-Expression "$JCR_OPENSSL x509 -in `"$($outCA)`" -serial -noout"
+                        $select = Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) x509 -in `"$($outCA)`" -serial -noout"
                         $serial = $select -replace "serial=", ""
 
                         # Validate that the password works with the old CA cert
                         # Attempt to read the private key with the password
 
                         try {
-                            Invoke-Expression "$JCR_OPENSSL x509 -x509toreq  -in $($outCA) -signkey $($outKey)  -out $csrOutPath -passin pass:$($env:certKeyPassword)"
+                            Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) x509 -x509toreq  -in $($outCA) -signkey $($outKey)  -out $csrOutPath -passin pass:$($env:certKeyPassword)"
 
                         } catch {
                             # Exit
@@ -332,9 +334,9 @@ authorityKeyIdentifier= keyid:always,issuer:always
 "@ | Out-File "$certConfPath"
 
                         try {
-                            Invoke-Expression "$JCR_OPENSSL req -x509 -newkey rsa:2048 -days $JCR_ROOT_CERT_VALIDITY_DAYS -keyout `"$outKey`" -out `"$outCA`" -passout pass:$($env:certKeyPassword) -subj /C=$($JCR_SUBJECT_HEADERS.countryCode)/ST=$($JCR_SUBJECT_HEADERS.stateCode)/L=$($JCR_SUBJECT_HEADERS.Locality)/O=$($JCR_SUBJECT_HEADERS.Organization)/OU=$($JCR_SUBJECT_HEADERS.OrganizationUnit)/CN=$($JCR_SUBJECT_HEADERS.CommonName)"
+                            Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) req -x509 -newkey rsa:2048 -days $JCR_ROOT_CERT_VALIDITY_DAYS -keyout `"$outKey`" -out `"$outCA`" -passout pass:$($env:certKeyPassword) -subj /C=$($JCR_SUBJECT_HEADERS.countryCode)/ST=$($JCR_SUBJECT_HEADERS.stateCode)/L=$($JCR_SUBJECT_HEADERS.Locality)/O=$($JCR_SUBJECT_HEADERS.Organization)/OU=$($JCR_SUBJECT_HEADERS.OrganizationUnit)/CN=$($JCR_SUBJECT_HEADERS.CommonName)"
 
-                            Invoke-Expression "$JCR_OPENSSL x509 -req -days $JCR_ROOT_CERT_VALIDITY_DAYS -in $csrOutPath -set_serial `"0x$serial`" -signkey `"$outKey`" -out `"$outCA`" -extfile $certConfPath -extensions v3_ca -passin pass:$($env:certKeyPassword)"
+                            Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) x509 -req -days $JCR_ROOT_CERT_VALIDITY_DAYS -in $csrOutPath -set_serial `"0x$serial`" -signkey `"$outKey`" -out `"$outCA`" -extfile $certConfPath -extensions v3_ca -passin pass:$($env:certKeyPassword)"
 
                             # Message of success
                             Write-Host "Root Certificate Renewed Successfully!" -ForegroundColor Yellow
@@ -345,7 +347,7 @@ authorityKeyIdentifier= keyid:always,issuer:always
                             # Error replacing the certificate
                             Write-Error "Error replacing the certificate. $($_.Exception.Message)"
                         }
-                        Invoke-Expression "$JCR_OPENSSL x509 -in `"$outCA`" -enddate -serial -noout "
+                        Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) x509 -in `"$outCA`" -enddate -serial -noout "
                     }
                     $false {
                         return
diff --git a/scripts/automation/Radius/Functions/Public/Start-GenerateUserCerts.ps1 b/scripts/automation/Radius/Functions/Public/Start-GenerateUserCerts.ps1
index 836ddd633..2f8f1d410 100644
--- a/scripts/automation/Radius/Functions/Public/Start-GenerateUserCerts.ps1
+++ b/scripts/automation/Radius/Functions/Public/Start-GenerateUserCerts.ps1
@@ -21,7 +21,7 @@ function Start-GenerateUserCerts {
     if ($env:certKeyPassword) {
         Write-Host "Found CA-Key password in env"
         # Check if the key.pem works with the password
-        $foundKeyPem = Resolve-Path -Path "$JCScriptRoot/Cert/*key.pem"
+        $foundKeyPem = Resolve-Path -Path "$($global:JCRConfig.radiusDirectory.value)/Cert/*key.pem"
         $checkKey = openssl rsa -in $foundKeyPem -check -passin pass:$($env:certKeyPassword) 2>&1
         if ($checkKey -match "RSA key ok") {
             Write-Debug "ENV CA-Key password is works with the current key"
@@ -39,11 +39,11 @@ function Start-GenerateUserCerts {
     $userArray = Get-UserJsonData
 
     # Create UserCerts dir
-    if (Test-Path "$JCScriptRoot/UserCerts") {
+    if (Test-Path "$($global:JCRConfig.radiusDirectory.value)/UserCerts") {
         Write-Host "[status] User Cert Directory Exists"
     } else {
         Write-Host "[status] Creating User Cert Directory"
-        New-Item -ItemType Directory -Path "$JCScriptRoot/UserCerts"
+        New-Item -ItemType Directory -Path "$($global:JCRConfig.radiusDirectory.value)/UserCerts"
     }
     #### end function setup
 
@@ -64,10 +64,10 @@ function Start-GenerateUserCerts {
                 # if force invoke is set, invoke the commands after generation:
                 switch ($forceReplaceCerts) {
                     $true {
-                        $replcaeCerts = $true
+                        $replaceCerts = $true
                     }
                     $false {
-                        $replcaeCerts = $false
+                        $replaceCerts = $false
                     }
                 }
             }
@@ -188,7 +188,7 @@ function Start-GenerateUserCerts {
                 # recalculate expiring certs:
                 $userCertInfo = Get-CertInfo -UserCerts
                 # Get expiring certs:
-                $Global:expiringCerts = Get-ExpiringCertInfo -certInfo $userCertInfo -cutoffDate $Global:JCRConfig.certExpirationWarningDays.value
+                $Global:expiringCerts = Get-ExpiringCertInfo -certInfo $userCertInfo -cutoffDate $global:JCRConfig.certExpirationWarningDays.value
                 for ($i = 0; $i -lt $ExpiringCerts.Count; $i++) {
                     $userCert = $ExpiringCerts[$i]
                     <# Action that will repeat until the condition is met #>
@@ -200,7 +200,7 @@ function Start-GenerateUserCerts {
                     # recalculate expiring certs:
                     $userCertInfo = Get-CertInfo -UserCerts
                 }
-                $Global:expiringCerts = Get-ExpiringCertInfo -certInfo $userCertInfo -cutoffDate $Global:JCRConfig.certExpirationWarningDays.value
+                $Global:expiringCerts = Get-ExpiringCertInfo -certInfo $userCertInfo -cutoffDate $global:JCRConfig.certExpirationWarningDays.value
                 switch ($PSCmdlet.ParameterSetName) {
                     'gui' {
                         Show-StatusMessage -Message "Finished Generating Certificates"
diff --git a/scripts/automation/Radius/JumpCloud.Radius.psm1 b/scripts/automation/Radius/JumpCloud.Radius.psm1
index b19a17f1f..a45480c7a 100644
--- a/scripts/automation/Radius/JumpCloud.Radius.psm1
+++ b/scripts/automation/Radius/JumpCloud.Radius.psm1
@@ -25,20 +25,13 @@ $global:JCScriptRoot = "$PSScriptRoot"
 
 # from the settings file we should have a location for the certs and user certs
 
-# if the Certs / UserCerts directories do not exist, create them
-if (-Not (Test-Path -Path "$JCScriptRoot/Cert" -PathType Container)) {
-    New-Item -Path "$JCScriptRoot/Cert" -ItemType Directory
-    New-Item -Path "$JCScriptRoot/Cert/Backups" -ItemType Directory
-}
-if (-Not (Test-Path -Path "$JCScriptRoot/UserCerts" -PathType Container)) {
-    New-Item -Path "$JCScriptRoot/UserCerts" -ItemType Directory
-}
+
 
 # Export module member
 Export-ModuleMember -Function $Public.BaseName -Alias *
 
 # Set the module config
-$script:configTemplate = @{
+$global:JCRConfigTemplate = @{
     'userGroup'                         = @{
         value       = $null;
         write       = $true;
@@ -159,10 +152,18 @@ $script:configTemplate = @{
         placeholder = $null;
         type        = 'string'
     }
+    'openSSLBinary'                     = @{
+        value       = $null;
+        write       = $true;
+        copy        = $true;
+        required    = $true;
+        placeholder = '<Path/To/OpenSSL>';
+        type        = 'string'
+    }
 }
 
 # # Set the module non-configurable settings
-$script:settings = @{
+$global:JCRSettings = @{
     'userAgent' = Get-JCRUserAgent
 }
 
@@ -173,4 +174,5 @@ $global:JCRConfig = Get-JCRConfigFile -asObject
 # validate the config settings (skip throw on first load with 'loadModule' param)
 Confirm-JCRConfigFile -loadModule
 
-# TODO: Check the OpenSSL version
\ No newline at end of file
+# TODO: Check the OpenSSL version
+# Get-OpenSSLVersion -opensslBinary $global:JCRConfig.openSSLBinary.value
\ No newline at end of file
diff --git a/scripts/automation/Radius/Tests/Public/Get-JCRGlobalVars.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Get-JCRGlobalVars.Tests.ps1
index 76da20f65..54dcba23c 100644
--- a/scripts/automation/Radius/Tests/Public/Get-JCRGlobalVars.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Get-JCRGlobalVars.Tests.ps1
@@ -205,7 +205,7 @@ Describe "Get Global Variable Data Tests" -Tag "Cache" {
             # get the RadiusMembers.json before
             # get the user.json file before
             # add a user to the radius Group
-            Add-JCUserGroupMember -GroupID $Global:JCRConfig.userGroup.value -UserID $user.id
+            Add-JCUserGroupMember -GroupID $global:JCRConfig.userGroup.value -UserID $user.id
             Start-Sleep 1
             # update the cache forcefully
             Get-JCRGlobalVars -force -skipAssociation -associateManually
@@ -225,7 +225,7 @@ Describe "Get Global Variable Data Tests" -Tag "Cache" {
             # get the RadiusMembers.json before
             # get the user.json file before
             # add a user to the radius Group
-            Remove-JCUserGroupMember -GroupID $Global:JCRConfig.userGroup.value -UserID $user.id
+            Remove-JCUserGroupMember -GroupID $global:JCRConfig.userGroup.value -UserID $user.id
             Start-Sleep 1
             # update the cache forcefully
             Get-JCRGlobalVars -force -skipAssociation -associateManually
diff --git a/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
index 844b75f85..297f33660 100644
--- a/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
@@ -22,7 +22,7 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
     Context 'Distribute all certificates for all users forcibly' {
         BeforeAll {
             # clear certs:
-            $certs = Get-ChildItem -Path "$JCScriptRoot/UserCerts"
+            $certs = Get-ChildItem -Path "$($global:JCRConfig.radiusDirectory.value)/UserCerts"
             foreach ($cert in $certs) {
                 Remove-Item -Path $cert.FullName
             }
@@ -84,7 +84,7 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
     Context 'Distribute all certificates for all users without invoking' {
         BeforeAll {
             # clear certs:
-            $certs = Get-ChildItem -Path "$JCScriptRoot/UserCerts"
+            $certs = Get-ChildItem -Path "$($global:JCRConfig.radiusDirectory.value)/UserCerts"
             foreach ($cert in $certs) {
                 Remove-Item -Path $cert.FullName
             }
@@ -122,7 +122,7 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
     Context 'Distribute new certificates for new users forcibly' {
         BeforeAll {
             # clear certs:
-            $certs = Get-ChildItem -Path "$JCScriptRoot/UserCerts"
+            $certs = Get-ChildItem -Path "$($global:JCRConfig.radiusDirectory.value)/UserCerts"
             foreach ($cert in $certs) {
                 Remove-Item -Path $cert.FullName
             }
@@ -228,9 +228,9 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
             $CertInfoAfter = Get-CertInfo -UserCerts -username $certTypeUser.username
             # Cert Subject headers should be contain required EmailSAN identifier:
             $CertInfoBefore.subject | Should -Not -Be $CertInfoAfter
-            $foundCert = Get-ChildItem -path "$JCScriptRoot/UserCerts/$($certTypeUser.username)-EmailSAN*.crt"
+            $foundCert = Get-ChildItem -path "$($global:JCRConfig.radiusDirectory.value)/UserCerts/$($certTypeUser.username)-EmailSAN*.crt"
             $foundCert.count | Should -Be 1
-            $CertSANInfo = Invoke-Expression "$JCR_OPENSSL x509 -in $($foundCert.fullname) -ext subjectAltName -noout"
+            $CertSANInfo = Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) x509 -in $($foundCert.fullname) -ext subjectAltName -noout"
             # The cert info should contain the subject alternative name of the user's email
             $CertSANInfo -match "email:" | Should -match "email:$($Global:JCRUsers[$($certTypeUser.userID)].email)"
             # Create the new commands
diff --git a/scripts/automation/Radius/Tests/Public/Start-GenerateRootCert.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Start-GenerateRootCert.Tests.ps1
index 749bb9f31..3119b1ed5 100644
--- a/scripts/automation/Radius/Tests/Public/Start-GenerateRootCert.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Start-GenerateRootCert.Tests.ps1
@@ -1,7 +1,7 @@
 Describe "Generate Root Certificate Tests" -Tag "GenerateRootCert" {
     BeforeEach {
         # If the /Cert/ folder is not empty, clear the directory
-        $items = Get-ChildItem "$JCScriptRoot/Cert"
+        $items = Get-ChildItem "$($global:JCRConfig.radiusDirectory.value)/Cert"
         if ($items) {
             foreach ($item in $items) {
                 # If the item is the 'backup' folder, process its contents separately
@@ -14,12 +14,12 @@ Describe "Generate Root Certificate Tests" -Tag "GenerateRootCert" {
             Start-GenerateRootCert -certKeyPassword "testCertificate123!@#" -generateType "new" -force
 
             # both the key and the cert should be generated
-            $itemsAfter = Get-ChildItem $JCScriptRoot/Cert
+            $itemsAfter = Get-ChildItem $($global:JCRConfig.radiusDirectory.value)/Cert
             $itemsAfter.BaseName | Should -Contain "radius_ca_cert"
             $itemsAfter.BaseName | Should -Contain "radius_ca_key"
 
             #validate the subject matches what's defined in config:
-            $CA_subject = Invoke-Expression "$JCR_OPENSSL x509 -noout -in $JCScriptRoot/Cert/radius_ca_cert.pem -subject"
+            $CA_subject = Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) x509 -noout -in $($global:JCRConfig.radiusDirectory.value)/Cert/radius_ca_cert.pem -subject"
             $CA_subject = $CA_subject.split("subject=").split(",")
             ($CA_subject | Where-Object { $_ -match "C=" }) | Should -Match $global:JCRConfig.certSubjectHeaderCountryCode.value
             ($CA_subject | Where-Object { $_ -match "ST=" }) | Should -Match $global:JCRConfig.certSubjectHeaderStateCode.value
@@ -37,25 +37,25 @@ Describe "Generate Root Certificate Tests" -Tag "GenerateRootCert" {
             # Create a new root certificate
             Start-GenerateRootCert -certKeyPassword "testCertificate123!@#" -generateType "New" -force
             # get existing cert serial:
-            $origSN = Invoke-Expression "$JCR_OPENSSL x509 -noout -in $JCScriptRoot/Cert/radius_ca_cert.pem -serial"
+            $origSN = Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) x509 -noout -in $($global:JCRConfig.radiusDirectory.value)/Cert/radius_ca_cert.pem -serial"
             # Force overwrite the existing certificate
             Start-GenerateRootCert -certKeyPassword "testCertificate123!@#" -generateType "New" -force
             # get new SN
-            $newSN = Invoke-Expression "$JCR_OPENSSL x509 -noout -in $JCScriptRoot/Cert/radius_ca_cert.pem -serial"
+            $newSN = Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) x509 -noout -in $($global:JCRConfig.radiusDirectory.value)/Cert/radius_ca_cert.pem -serial"
             # the serial numbers of the cert should not be the same, i.e. a new cert has replaced the existing one
             $origSN | Should -Not -Be $newSN
             # both the key and the cert should be generated
-            $itemsAfter = Get-ChildItem $JCScriptRoot/Cert
+            $itemsAfter = Get-ChildItem $($global:JCRConfig.radiusDirectory.value)/Cert
             $itemsAfter.BaseName | Should -Contain "radius_ca_cert"
             $itemsAfter.BaseName | Should -Contain "radius_ca_key"
 
             # Validate that the backup zip file was created
-            $backupFiles = Get-ChildItem $JCScriptRoot/Cert/Backups
+            $backupFiles = Get-ChildItem $($global:JCRConfig.radiusDirectory.value)/Cert/Backups
             # Should contain a zip file
             $backupFiles.Extension | Should -Contain ".zip"
 
             #validate the subject matches what's defined in config:
-            $CA_subject = Invoke-Expression "$JCR_OPENSSL x509 -noout -in $JCScriptRoot/Cert/radius_ca_cert.pem -subject"
+            $CA_subject = Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) x509 -noout -in $($global:JCRConfig.radiusDirectory.value)/Cert/radius_ca_cert.pem -subject"
             $CA_subject = $CA_subject.split("subject=").split(",")
             ($CA_subject | Where-Object { $_ -match "C=" }) | Should -Match $global:JCRConfig.certSubjectHeaderCountryCode.value
             ($CA_subject | Where-Object { $_ -match "ST=" }) | Should -Match $global:JCRConfig.certSubjectHeaderStateCode.value
@@ -71,25 +71,25 @@ Describe "Generate Root Certificate Tests" -Tag "GenerateRootCert" {
             # Create a new root certificate
             Start-GenerateRootCert -certKeyPassword "testCertificate123!@#" -generateType "new" -force
             # get existing cert serial:
-            $origSN = Invoke-Expression "$JCR_OPENSSL x509 -noout -in $JCScriptRoot/Cert/radius_ca_cert.pem -serial"
+            $origSN = Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) x509 -noout -in $($global:JCRConfig.radiusDirectory.value)/Cert/radius_ca_cert.pem -serial"
             # Replace root certificate
             Start-GenerateRootCert -certKeyPassword "testCertificate123!@#" -generateType "replace" -force
             # get new SN
-            $newSN = Invoke-Expression "$JCR_OPENSSL x509 -noout -in $JCScriptRoot/Cert/radius_ca_cert.pem -serial"
+            $newSN = Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) x509 -noout -in $($global:JCRConfig.radiusDirectory.value)/Cert/radius_ca_cert.pem -serial"
             # the serial numbers of the cert should not be the same, i.e. a new cert has replaced the existing one
             $origSN | Should -Not -Be $newSN
             # both the key and the cert should be generated
-            $itemsAfter = Get-ChildItem $JCScriptRoot/Cert
+            $itemsAfter = Get-ChildItem $($global:JCRConfig.radiusDirectory.value)/Cert
             $itemsAfter.BaseName | Should -Contain "radius_ca_cert"
             $itemsAfter.BaseName | Should -Contain "radius_ca_key"
 
             # Validate that the backup zip file was created
-            $backupFiles = Get-ChildItem $JCScriptRoot/Cert/Backups
+            $backupFiles = Get-ChildItem $($global:JCRConfig.radiusDirectory.value)/Cert/Backups
             # Should contain a zip file
             $backupFiles.Extension | Should -Contain ".zip"
 
             #validate the subject matches what's defined in config:
-            $CA_subject = Invoke-Expression "$JCR_OPENSSL x509 -noout -in $JCScriptRoot/Cert/radius_ca_cert.pem -subject"
+            $CA_subject = Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) x509 -noout -in $($global:JCRConfig.radiusDirectory.value)/Cert/radius_ca_cert.pem -subject"
             $CA_subject = $CA_subject.split("subject=").split(",")
             ($CA_subject | Where-Object { $_ -match "C=" }) | Should -Match $global:JCRConfig.certSubjectHeaderCountryCode.value
             ($CA_subject | Where-Object { $_ -match "ST=" }) | Should -Match $global:JCRConfig.certSubjectHeaderStateCode.value
@@ -105,25 +105,25 @@ Describe "Generate Root Certificate Tests" -Tag "GenerateRootCert" {
             # Generate new CA
             Start-GenerateRootCert -certKeyPassword "testCertificate123!@#" -generateType "new" -force
             # get existing cert serial:
-            $origSN = Invoke-Expression "$JCR_OPENSSL x509 -noout -in $JCScriptRoot/Cert/radius_ca_cert.pem -serial"
+            $origSN = Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) x509 -noout -in $($global:JCRConfig.radiusDirectory.value)/Cert/radius_ca_cert.pem -serial"
             # Renew CA
             Start-GenerateRootCert -certKeyPassword "testCertificate123!@#" -generateType "renew" -force
             # get new SN
-            $newSN = Invoke-Expression "$JCR_OPENSSL x509 -noout -in $JCScriptRoot/Cert/radius_ca_cert.pem -serial"
+            $newSN = Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) x509 -noout -in $($global:JCRConfig.radiusDirectory.value)/Cert/radius_ca_cert.pem -serial"
             # the serial numbers of the cert should not be the same, i.e. a new cert has replaced the existing one
             $origSN | Should -Be $newSN
             # both the key and the cert should be generated
-            $itemsAfter = Get-ChildItem $JCScriptRoot/Cert
+            $itemsAfter = Get-ChildItem $($global:JCRConfig.radiusDirectory.value)/Cert
             $itemsAfter.BaseName | Should -Contain "radius_ca_cert"
             $itemsAfter.BaseName | Should -Contain "radius_ca_key"
 
             # Validate that the backup zip file was created
-            $backupFiles = Get-ChildItem $JCScriptRoot/Cert/Backups
+            $backupFiles = Get-ChildItem $($global:JCRConfig.radiusDirectory.value)/Cert/Backups
             # Should contain a zip file
             $backupFiles.Extension | Should -Contain ".zip"
 
             #validate the subject matches what's defined in config:
-            $CA_subject = Invoke-Expression "$JCR_OPENSSL x509 -noout -in $JCScriptRoot/Cert/radius_ca_cert.pem -subject"
+            $CA_subject = Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) x509 -noout -in $($global:JCRConfig.radiusDirectory.value)/Cert/radius_ca_cert.pem -subject"
             $CA_subject = $CA_subject.split("subject=").split(",")
             ($CA_subject | Where-Object { $_ -match "C=" }) | Should -Match $global:JCRConfig.certSubjectHeaderCountryCode.value
             ($CA_subject | Where-Object { $_ -match "ST=" }) | Should -Match $global:JCRConfig.certSubjectHeaderStateCode.value
diff --git a/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1
index f06ff17d4..78929cece 100644
--- a/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1
@@ -44,7 +44,7 @@ Describe 'Generate User Cert Tests' -Tag "GenerateUserCerts" {
             # add a user to the radius Group
             Add-JCUserGroupMember -GroupID $global:JCRConfig.userGroup.value -UserID $user.id
             # Get the certs before
-            $certsBefore = Get-ChildItem -Path "$JCScriptRoot/UserCerts"
+            $certsBefore = Get-ChildItem -Path "$($global:JCRConfig.radiusDirectory.value)/UserCerts"
             # wait one moment
             Start-Sleep 1
             # update the cache
@@ -57,7 +57,7 @@ Describe 'Generate User Cert Tests' -Tag "GenerateUserCerts" {
             # Generate the user cert:
             Start-GenerateUserCerts -type ByUsername -username $($user.username) -forceReplaceCerts
             # Get the certs after
-            $certsAfter = Get-ChildItem -Path "$JCScriptRoot/UserCerts"
+            $certsAfter = Get-ChildItem -Path "$($global:JCRConfig.radiusDirectory.value)/UserCerts"
             # filter by username
             $UserCerts = $certsAfter | Where-Object { $_.Name -match "$($user.username)" }
             # the files and each type of expected cert file should exist
@@ -112,7 +112,7 @@ Describe 'Generate User Cert Tests' -Tag "GenerateUserCerts" {
             # set the user cert validity to 90 days
             Set-JCRConfigFile -caCertValidityDays 90
             # Get the certs before generation minus the .zip if it exists
-            $certsBefore = Get-ChildItem -Path "$JCScriptRoot/UserCerts" -Filter "$($RandomUsername)*" -Exclude "*.zip"
+            $certsBefore = Get-ChildItem -Path "$($global:JCRConfig.radiusDirectory.value)/UserCerts" -Filter "$($RandomUsername)*" -Exclude "*.zip"
             # get the date before
             $dateBefore = (Get-Date).ToString('MM/dd/yyyy HH:mm:ss')
             Start-Sleep 1
@@ -124,7 +124,7 @@ Describe 'Generate User Cert Tests' -Tag "GenerateUserCerts" {
             # there should be no more certs left in the expiring cert var
             $Global:expiringCerts | Should -BeNullOrEmpty
             # Get the certs after generation minus the .zip if it exists
-            $certsAfter = Get-ChildItem -Path "$JCScriptRoot/UserCerts" -Filter "$($RandomUsername)*" -Exclude "*.zip"
+            $certsAfter = Get-ChildItem -Path "$($global:JCRConfig.radiusDirectory.value)/UserCerts" -Filter "$($RandomUsername)*" -Exclude "*.zip"
             # test each file, it should have been written
             foreach ($cert in $certsAfter) {
                 Write-Host "$($cert.Name)"
@@ -169,7 +169,7 @@ Describe 'Generate User Cert Tests' -Tag "GenerateUserCerts" {
             # add a user to the radius Group
             Add-JCUserGroupMember -GroupID $global:JCRConfig.userGroup.value -UserID $user.id
             # Get the certs before
-            $certsBefore = Get-ChildItem -Path "$JCScriptRoot/UserCerts"
+            $certsBefore = Get-ChildItem -Path "$($global:JCRConfig.radiusDirectory.value)/UserCerts"
             # wait one moment
             Start-Sleep 1
             # update the cache
@@ -182,7 +182,7 @@ Describe 'Generate User Cert Tests' -Tag "GenerateUserCerts" {
             # Generate the user cert:
             Start-GenerateUserCerts -type ByUsername -username $($user.username) -forceReplaceCerts
             # Get the certs after
-            $certsAfter = Get-ChildItem -Path "$JCScriptRoot/UserCerts"
+            $certsAfter = Get-ChildItem -Path "$($global:JCRConfig.radiusDirectory.value)/UserCerts"
             # filter by username
             $UserCerts = $certsAfter | Where-Object { $_.Name -match "$($user.username)" }
             # the files and each type of expected cert file should exist
@@ -201,7 +201,7 @@ Describe 'Generate User Cert Tests' -Tag "GenerateUserCerts" {
             # add a user to the radius Group
             Add-JCUserGroupMember -GroupID $global:JCRConfig.userGroup.value -UserID $user.id
             # Get the certs before
-            $certsBefore = Get-ChildItem -Path "$JCScriptRoot/UserCerts"
+            $certsBefore = Get-ChildItem -Path "$($global:JCRConfig.radiusDirectory.value)/UserCerts"
             # wait one moment
             Start-Sleep 1
             # update the cache
@@ -214,7 +214,7 @@ Describe 'Generate User Cert Tests' -Tag "GenerateUserCerts" {
             # Generate the user cert:
             Start-GenerateUserCerts -type ByUsername -username $($user.username) -forceReplaceCerts
             # Get the certs after
-            $certsAfter = Get-ChildItem -Path "$JCScriptRoot/UserCerts"
+            $certsAfter = Get-ChildItem -Path "$($global:JCRConfig.radiusDirectory.value)/UserCerts"
             # filter by username
             $UserCerts = $certsAfter | Where-Object { $_.Name -match "$($user.username)" }
             # the files and each type of expected cert file should exist

From 1d7b11dfddbea12563606a78f89cbb655db00a4a Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Mon, 2 Jun 2025 13:42:06 -0600
Subject: [PATCH 221/346] Module version Tests

---
 .../Tests/ModuleValidation/ModuleVersion.Tests.ps1    | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/scripts/automation/Radius/Tests/ModuleValidation/ModuleVersion.Tests.ps1 b/scripts/automation/Radius/Tests/ModuleValidation/ModuleVersion.Tests.ps1
index b3be0c1de..75a49c528 100644
--- a/scripts/automation/Radius/Tests/ModuleValidation/ModuleVersion.Tests.ps1
+++ b/scripts/automation/Radius/Tests/ModuleValidation/ModuleVersion.Tests.ps1
@@ -1,5 +1,5 @@
 Describe "Module Version Tests" -Tag "ModuleValidation" {
-    BeforeAll {
+    BeforeEach {
         $psd1Path = "$PSScriptRoot/../../JumpCloud.Radius.psd1"
         $configPath = "$PSScriptRoot/../../Config.json"
         # remove the config file if it exists
@@ -13,10 +13,10 @@ Describe "Module Version Tests" -Tag "ModuleValidation" {
         $PSD1 = Test-ModuleManifest -Path $psd1Path
         Import-Module $psd1Path -Force
         # the user agent should be set to the module version
-        $module.PrivateData.settings['userAgent'] | Should -Match "$($PSD1.version)"
+        $global:JCRSettings.'userAgent' | Should -Match "$($PSD1.version)"
         # the string should be in the format of JumpCloud_ModuleName.ModuleVersion
         $userAgentRegex = 'JumpCloud_PasswordlessRadiusConfig.PowerShellModule/[0-9]+.[0-9]+.[0-9]+'
-        $module.PrivateData.settings['userAgent'] | Should -Match $userAgentRegex
+        $global:JCRSettings.'userAgent' | Should -Match $userAgentRegex
     }
 
     Context "Module Config Tests" {
@@ -24,9 +24,9 @@ Describe "Module Version Tests" -Tag "ModuleValidation" {
             # Import the module
             { Import-Module $psd1Path -Force } | Should -Not -Throw
             # Check that the config file does not exist
-            Test-Path -Path $configPath | Should -Be $false
+            # Test-Path -Path $configPath | Should -Be $false
             # Check that the module config is set to the default values
-            $Global:JCRConfig.userGroup.value | Should -Be $null
+            $global:JCRConfig.userGroup.value | Should -Be $null
         }
         It "Setting the settings to some series of values should not throw an error" {
             $settings = @{
@@ -41,6 +41,7 @@ Describe "Module Version Tests" -Tag "ModuleValidation" {
                 certSubjectHeaderLocality         = "Boulder"
                 networkSSID                       = "TP-Link_SSID"
                 userGroup                         = "5f3171a9232e1113939dd6a2"
+                openSSLBinary                     = '/opt/homebrew/bin/openssl'
             }
             Set-JCRConfigFile @settings
         }

From 20f0966a51fa21aef940591386dde5a47b8cc60b Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Mon, 2 Jun 2025 13:54:10 -0600
Subject: [PATCH 222/346] cache path

---
 .github/workflows/radius-module-ci.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/radius-module-ci.yml b/.github/workflows/radius-module-ci.yml
index c900379e8..cefe36c0b 100644
--- a/.github/workflows/radius-module-ci.yml
+++ b/.github/workflows/radius-module-ci.yml
@@ -70,7 +70,7 @@ jobs:
         id: cacher
         uses: actions/cache@v4
         with:
-          path: "/Users/runner/.local/share/powershell/Modules/"
+          path: "~/.local/share/powershell/Modules/"
           key: PS-Radius-Dependencies
       - name: Install dependencies
         if: steps.cacher.outputs.cache-hit != 'true'
@@ -118,7 +118,7 @@ jobs:
             scripts
       - uses: actions/cache@v4
         with:
-          path: "/Users/runner/.local/share/powershell/Modules/"
+          path: "~/.local/share/powershell/Modules/"
           key: PS-Radius-Dependencies
       - env:
           RELEASE_TYPE: ${{ needs.Check-PR-Labels.outputs.RELEASE_TYPE }}
@@ -140,7 +140,7 @@ jobs:
             scripts
       - uses: actions/cache@v4
         with:
-          path: "/Users/runner/.local/share/powershell/Modules/"
+          path: "~/.local/share/powershell/Modules/"
           key: PS-Radius-Dependencies
       - name: Test PWSH Radius Module
         shell: pwsh

From 7010b52981d9dd920c8e3f7c8a7f00f380e9efaf Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Mon, 2 Jun 2025 14:09:36 -0600
Subject: [PATCH 223/346] private functions load before setupRadiusOrg

---
 scripts/automation/Radius/Tests/Invoke-Pester.ps1 | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/scripts/automation/Radius/Tests/Invoke-Pester.ps1 b/scripts/automation/Radius/Tests/Invoke-Pester.ps1
index af10aa204..46c8a4f14 100644
--- a/scripts/automation/Radius/Tests/Invoke-Pester.ps1
+++ b/scripts/automation/Radius/Tests/Invoke-Pester.ps1
@@ -37,6 +37,11 @@ $IncludeTags = If ($IncludeTagList) {
 If ($PesterRunPaths) {
     Clear-Variable -Name PesterRunPaths
 }
+# Load private functions
+Write-Host ('[status]Load private functions: ' + "$PSScriptRoot/../Functions/Private/*.ps1")
+Write-Host ('[status]Load public functions: ' + "$PSScriptRoot/../Functions/Public/*.ps1")
+Get-ChildItem -Path:("$PSScriptRoot/../Functions/Private/*.ps1") -Recurse | ForEach-Object { . $_.FullName }
+
 # Determine the parameter set path
 if ($PSCmdlet.ParameterSetName -eq 'ModuleValidation') {
     $IncludeTags = "ModuleValidation"
@@ -50,16 +55,11 @@ if ($PSCmdlet.ParameterSetName -eq 'ModuleValidation') {
     . "$PSScriptRoot/SetupRadiusOrg.ps1"
 }
 
-
 if (-Not $PesterRunPaths) {
     $PesterRunPaths = @(
         "$PSScriptRoot"
     )
 }
-# Load private functions
-Write-Host ('[status]Load private functions: ' + "$PSScriptRoot/../Functions/Private/*.ps1")
-Write-Host ('[status]Load public functions: ' + "$PSScriptRoot/../Functions/Public/*.ps1")
-Get-ChildItem -Path:("$PSScriptRoot/../Functions/Private/*.ps1") -Recurse | ForEach-Object { . $_.FullName }
 
 # Set the test result directory:
 $PesterResultsFileXmldir = "$PSScriptRoot/test_results/"

From b856be6c49151052bf2476e502b6904e243b0301 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Mon, 2 Jun 2025 14:13:12 -0600
Subject: [PATCH 224/346] import module

---
 scripts/automation/Radius/Tests/Invoke-Pester.ps1 | 1 +
 1 file changed, 1 insertion(+)

diff --git a/scripts/automation/Radius/Tests/Invoke-Pester.ps1 b/scripts/automation/Radius/Tests/Invoke-Pester.ps1
index 46c8a4f14..e8346a68f 100644
--- a/scripts/automation/Radius/Tests/Invoke-Pester.ps1
+++ b/scripts/automation/Radius/Tests/Invoke-Pester.ps1
@@ -39,6 +39,7 @@ If ($PesterRunPaths) {
 }
 # Load private functions
 Write-Host ('[status]Load private functions: ' + "$PSScriptRoot/../Functions/Private/*.ps1")
+Import-Module -Name "$PSScriptRoot/../JumpCloud.Radius.psd1" -Force
 Write-Host ('[status]Load public functions: ' + "$PSScriptRoot/../Functions/Public/*.ps1")
 Get-ChildItem -Path:("$PSScriptRoot/../Functions/Private/*.ps1") -Recurse | ForEach-Object { . $_.FullName }
 

From e5771a775f3bd8269bc9c74b6cd85c5b47ce28d5 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Mon, 2 Jun 2025 14:25:22 -0600
Subject: [PATCH 225/346] settingsFille -> ConfigFile

---
 .../automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1 b/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
index ff68f9251..973904654 100644
--- a/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
+++ b/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
@@ -247,7 +247,7 @@ function Get-JCRGlobalVars {
                 [array]$Global:JCRRadiusMembers = $radiusMemberList
                 $Global:JCRCertHash = $certHash
                 # update the settings date
-                Set-JCRConfigFile - (Get-Date)
+                Set-JCRConfigFile -lastUpdate (Get-Date)
                 # update users.json
                 Update-JCRUsersJson
             }

From ea03d58b4a8592c187507aa32cd49183930b32ae Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Mon, 2 Jun 2025 14:38:40 -0600
Subject: [PATCH 226/346] setup org with variables

---
 .../automation/Radius/Tests/SetupRadiusOrg.ps1  | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/scripts/automation/Radius/Tests/SetupRadiusOrg.ps1 b/scripts/automation/Radius/Tests/SetupRadiusOrg.ps1
index 08eac6ba0..021794d68 100644
--- a/scripts/automation/Radius/Tests/SetupRadiusOrg.ps1
+++ b/scripts/automation/Radius/Tests/SetupRadiusOrg.ps1
@@ -54,7 +54,22 @@ $env:certKeyPassword = "testCertificate123!@#"
 Write-Warning "Updating Config File"
 
 # Update the userGroupID:
-Set-JCRConfigFile -userGroup $radiusUserGroup.id
+$settings = @{
+    certSubjectHeaderCommonName       = "JumpCloud.com"
+    certType                          = "UsernameCn"
+    certSubjectHeaderOrganization     = "JumpCloud"
+    certSecretPass                    = "secret1234!"
+    certSubjectHeaderOrganizationUnit = "Customer_Tools"
+    certSubjectHeaderCountryCode      = "US"
+    certSubjectHeaderStateCode        = "CO"
+    certSubjectHeaderLocality         = "Boulder"
+    radiusDirectory                   = "$PSScriptRoot/../"
+    networkSSID                       = "TP-Link_SSID"
+    userGroup                         = $radiusUserGroup.id
+    openSSLBinary                     = 'openssl'
+}
+
+Set-JCRConfigFile @settings
 # update the openSSL path:
 if ($IsMacOS) {
     $brewList = brew list openssl@3

From 2120281e18b2c23f5a7ef4deb3e1b268804eb0bf Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Mon, 2 Jun 2025 14:54:21 -0600
Subject: [PATCH 227/346] generate cert variables

---
 .../CertGeneration/Generate-UserCert.ps1      | 10 +++---
 .../Public/Start-GenerateRootCert.ps1         | 34 +++++++++----------
 2 files changed, 22 insertions(+), 22 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Private/CertGeneration/Generate-UserCert.ps1 b/scripts/automation/Radius/Functions/Private/CertGeneration/Generate-UserCert.ps1
index bbda23d3a..4f93e49a2 100644
--- a/scripts/automation/Radius/Functions/Private/CertGeneration/Generate-UserCert.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertGeneration/Generate-UserCert.ps1
@@ -48,7 +48,7 @@ function Generate-UserCert {
                 $extContent -replace ("subjectAltName.*", "subjectAltName = email:$($user.email)") | Set-Content -Path $ExtensionPath -NoNewline -Force
                 # Get CSR & Key
                 Write-Host "[status] Get CSR & Key"
-                Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) req -newkey rsa:2048 -nodes -keyout `"$userKey`" -subj `"/C=$($JCR_SUBJECT_HEADERS.countryCode)/ST=$($JCR_SUBJECT_HEADERS.stateCode)/L=$($JCR_SUBJECT_HEADERS.Locality)/O=$($JCORGID)/OU=$($JCR_SUBJECT_HEADERS.OrganizationUnit)`" -out `"$userCsr`""
+                Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) req -newkey rsa:2048 -nodes -keyout `"$userKey`" -subj `"/C=$($($global:JCRConfig.certSubjectHeaderCountryCode.value))/ST=$($($global:JCRConfig.certSubjectHeaderStateCode.value))/L=$($($global:JCRConfig.certSubjectHeaderLocality.value))/O=$($JCORGID)/OU=$($($global:JCRConfig.certSubjectHeaderOrganizationUnit.value))`" -out `"$userCsr`""
 
                 # take signing request, make cert # specify extensions requets
                 Write-Host "[status] take signing request, make cert # specify extensions requets"
@@ -65,8 +65,8 @@ function Generate-UserCert {
                 # Create Client cert with email in the subject distinguished name
                 Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) genrsa -out `"$userKey`" 2048"
                 # Generate User CSR
-                Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) req -nodes -new -key `"$rootCAKey`" -passin pass:$($env:certKeyPassword) -out `"$userCsr`" -subj /C=$($JCR_SUBJECT_HEADERS.countryCode)/ST=$($JCR_SUBJECT_HEADERS.stateCode)/L=$($JCR_SUBJECT_HEADERS.Locality)/O=$($JCORGID)/OU=$($JCR_SUBJECT_HEADERS.OrganizationUnit)/CN=$($JCR_SUBJECT_HEADERS.CommonName)"
-                Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) req -new -key `"$userKey`" -out `"$userCsr`" -config `"$ExtensionPath`" -subj `"/C=$($JCR_SUBJECT_HEADERS.countryCode)/ST=$($JCR_SUBJECT_HEADERS.stateCode)/L=$($JCR_SUBJECT_HEADERS.Locality)/O=$($JCORGID)/OU=$($JCR_SUBJECT_HEADERS.OrganizationUnit)/CN=/emailAddress=$($user.email)`""
+                Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) req -nodes -new -key `"$rootCAKey`" -passin pass:$($env:certKeyPassword) -out `"$userCsr`" -subj /C=$($($global:JCRConfig.certSubjectHeaderCountryCode.value))/ST=$($($global:JCRConfig.certSubjectHeaderStateCode.value))/L=$($($global:JCRConfig.certSubjectHeaderLocality.value))/O=$($JCORGID)/OU=$($($global:JCRConfig.certSubjectHeaderOrganizationUnit.value))/CN=$($($global:JCRConfig.certSubjectHeaderCommonName.value))"
+                Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) req -new -key `"$userKey`" -out `"$userCsr`" -config `"$ExtensionPath`" -subj `"/C=$($($global:JCRConfig.certSubjectHeaderCountryCode.value))/ST=$($($global:JCRConfig.certSubjectHeaderStateCode.value))/L=$($($global:JCRConfig.certSubjectHeaderLocality.value))/O=$($JCORGID)/OU=$($($global:JCRConfig.certSubjectHeaderOrganizationUnit.value))/CN=/emailAddress=$($user.email)`""
 
                 # Gennerate User Cert
                 Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) x509 -req -in `"$userCsr`" -CA `"$rootCA`" -CAkey `"$rootCAKey`" -days $JCR_USER_CERT_VALIDITY_DAYS -passin pass:$($env:certKeyPassword) -CAcreateserial -out `"$userCert`" -extfile `"$ExtensionPath`""
@@ -81,8 +81,8 @@ function Generate-UserCert {
                 # Create Client cert with email in the subject distinguished name
                 Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) genrsa -out `"$userKey`" 2048"
                 # Generate User CSR
-                Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) req -nodes -new -key `"$rootCAKey`" -passin pass:$($env:certKeyPassword) -out `"$userCsr`" -subj /C=$($JCR_SUBJECT_HEADERS.countryCode)/ST=$($JCR_SUBJECT_HEADERS.stateCode)/L=$($JCR_SUBJECT_HEADERS.Locality)/O=$($JCORGID)/OU=$($JCR_SUBJECT_HEADERS.OrganizationUnit)/CN=$($JCR_SUBJECT_HEADERS.CommonName)"
-                Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) req -new -key `"$userKey`" -out `"$userCsr`" -config `"$ExtensionPath`" -subj `"/C=$($JCR_SUBJECT_HEADERS.countryCode)/ST=$($JCR_SUBJECT_HEADERS.stateCode)/L=$($JCR_SUBJECT_HEADERS.Locality)/O=$($JCORGID)/OU=$($JCR_SUBJECT_HEADERS.OrganizationUnit)/CN=$($user.username)`""
+                Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) req -nodes -new -key `"$rootCAKey`" -passin pass:$($env:certKeyPassword) -out `"$userCsr`" -subj /C=$($($global:JCRConfig.certSubjectHeaderCountryCode.value))/ST=$($($global:JCRConfig.certSubjectHeaderStateCode.value))/L=$($($global:JCRConfig.certSubjectHeaderLocality.value))/O=$($JCORGID)/OU=$($($global:JCRConfig.certSubjectHeaderOrganizationUnit.value))/CN=$($($global:JCRConfig.certSubjectHeaderCommonName.value))"
+                Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) req -new -key `"$userKey`" -out `"$userCsr`" -config `"$ExtensionPath`" -subj `"/C=$($($global:JCRConfig.certSubjectHeaderCountryCode.value))/ST=$($($global:JCRConfig.certSubjectHeaderStateCode.value))/L=$($($global:JCRConfig.certSubjectHeaderLocality.value))/O=$($JCORGID)/OU=$($($global:JCRConfig.certSubjectHeaderOrganizationUnit.value))/CN=$($user.username)`""
 
                 # Gennerate User Cert
                 Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) x509 -req -in `"$userCsr`" -CA `"$rootCA`" -CAkey `"$rootCAKey`" -days $JCR_USER_CERT_VALIDITY_DAYS -CAcreateserial -passin pass:$($env:certKeyPassword) -out `"$userCert`" -extfile `"$ExtensionPath`""
diff --git a/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1 b/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1
index 7e78f0111..7b536df72 100644
--- a/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1
+++ b/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1
@@ -55,7 +55,7 @@ Function Start-GenerateRootCert {
     $outCA = "$CertPath/radius_ca_cert.pem"
     $timestamp = Get-Date -Format "yyyyMMddHHmmss"
 
-    # If parameterSetname is CLI
+    # If parameterSetName is CLI
     if ($PSCmdlet.ParameterSetName -eq 'cli') {
         switch ($GenerateType) {
             'New' {
@@ -144,7 +144,7 @@ Function Start-GenerateRootCert {
                         }
                         # Save the pass phrase in the env:
                         $env:certKeyPassword = $certKeyPass
-                        Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) req -x509 -newkey rsa:2048 -days $JCR_ROOT_CERT_VALIDITY_DAYS -keyout `"$outKey`" -out `"$outCA`" -passout pass:$($env:certKeyPassword) -subj /C=$($JCR_SUBJECT_HEADERS.countryCode)/ST=$($JCR_SUBJECT_HEADERS.stateCode)/L=$($JCR_SUBJECT_HEADERS.Locality)/O=$($JCR_SUBJECT_HEADERS.Organization)/OU=$($JCR_SUBJECT_HEADERS.OrganizationUnit)/CN=$($JCR_SUBJECT_HEADERS.CommonName)"
+                        Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) req -x509 -newkey rsa:2048 -days $($global:JCRConfig.caCertValidityDays.value) -keyout `"$outKey`" -out `"$outCA`" -passout pass:$($env:certKeyPassword) -subj /C=$($($global:JCRConfig.certSubjectHeaderCountryCode.value))/ST=$($($global:JCRConfig.certSubjectHeaderStateCode.value))/L=$($($global:JCRConfig.certSubjectHeaderLocality.value))/O=$($($global:JCRConfig.certSubjectHeaderOrganization.value))/OU=$($($global:JCRConfig.certSubjectHeaderOrganizationUnit.value))/CN=$($($global:JCRConfig.certSubjectHeaderCommonName.value))"
                         # REM PEM pass phrase: myorgpass
                         Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) x509 -in `"$outCA`" -noout -text"
                         # openssl x509 -in ca-cert.pem -noout -text
@@ -155,12 +155,12 @@ Function Start-GenerateRootCert {
                             $extContent = Get-Content -Path $ext.FullName -Raw
                             $reqDistinguishedName = @"
 [req_distinguished_name]
-C = $($JCR_SUBJECT_HEADERS.countryCode)
-ST = $($JCR_SUBJECT_HEADERS.stateCode)
-L = $($JCR_SUBJECT_HEADERS.Locality)
-O = $($JCR_SUBJECT_HEADERS.Organization)
-OU = $($JCR_SUBJECT_HEADERS.OrganizationUnit)
-CN = $($JCR_SUBJECT_HEADERS.CommonName)
+C = $($($global:JCRConfig.certSubjectHeaderCountryCode.value))
+ST = $($($global:JCRConfig.certSubjectHeaderStateCode.value))
+L = $($($global:JCRConfig.certSubjectHeaderLocality.value))
+O = $($($global:JCRConfig.certSubjectHeaderOrganization.value))
+OU = $($($global:JCRConfig.certSubjectHeaderOrganizationUnit.value))
+CN = $($($global:JCRConfig.certSubjectHeaderCommonName.value))
 
 "@
                             $extContent -Replace ("\[req_distinguished_name\][\s\S]*(?=\[v3_req\])", $reqDistinguishedName) | Set-Content -Path $ext.FullName -NoNewline -Force
@@ -209,7 +209,7 @@ CN = $($JCR_SUBJECT_HEADERS.CommonName)
                 }
                 # Save the pass phrase in the env:
                 $env:certKeyPassword = $certKeyPass
-                Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) req -x509 -newkey rsa:2048 -days $JCR_ROOT_CERT_VALIDITY_DAYS -keyout `"$outKey`" -out `"$outCA`" -passout pass:$($env:certKeyPassword) -subj /C=$($JCR_SUBJECT_HEADERS.countryCode)/ST=$($JCR_SUBJECT_HEADERS.stateCode)/L=$($JCR_SUBJECT_HEADERS.Locality)/O=$($JCR_SUBJECT_HEADERS.Organization)/OU=$($JCR_SUBJECT_HEADERS.OrganizationUnit)/CN=$($JCR_SUBJECT_HEADERS.CommonName)"
+                Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) req -x509 -newkey rsa:2048 -days $($global:JCRConfig.caCertValidityDays.value) -keyout `"$outKey`" -out `"$outCA`" -passout pass:$($env:certKeyPassword) -subj /C=$($($global:JCRConfig.certSubjectHeaderCountryCode.value))/ST=$($($global:JCRConfig.certSubjectHeaderStateCode.value))/L=$($($global:JCRConfig.certSubjectHeaderLocality.value))/O=$($($global:JCRConfig.certSubjectHeaderOrganization.value))/OU=$($($global:JCRConfig.certSubjectHeaderOrganizationUnit.value))/CN=$($($global:JCRConfig.certSubjectHeaderCommonName.value))"
                 # REM PEM pass phrase: myorgpass
                 Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) x509 -in `"$outCA`" -noout -text"
                 # openssl x509 -in ca-cert.pem -noout -text
@@ -220,12 +220,12 @@ CN = $($JCR_SUBJECT_HEADERS.CommonName)
                     $extContent = Get-Content -Path $ext.FullName -Raw
                     $reqDistinguishedName = @"
     [req_distinguished_name]
-    C = $($JCR_SUBJECT_HEADERS.countryCode)
-    ST = $($JCR_SUBJECT_HEADERS.stateCode)
-    L = $($JCR_SUBJECT_HEADERS.Locality)
-    O = $($JCR_SUBJECT_HEADERS.Organization)
-    OU = $($JCR_SUBJECT_HEADERS.OrganizationUnit)
-    CN = $($JCR_SUBJECT_HEADERS.CommonName)
+    C = $($($global:JCRConfig.certSubjectHeaderCountryCode.value))
+    ST = $($($global:JCRConfig.certSubjectHeaderStateCode.value))
+    L = $($($global:JCRConfig.certSubjectHeaderLocality.value))
+    O = $($($global:JCRConfig.certSubjectHeaderOrganization.value))
+    OU = $($($global:JCRConfig.certSubjectHeaderOrganizationUnit.value))
+    CN = $($($global:JCRConfig.certSubjectHeaderCommonName.value))
 
 "@
                     $extContent -Replace ("\[req_distinguished_name\][\s\S]*(?=\[v3_req\])", $reqDistinguishedName) | Set-Content -Path $ext.FullName -NoNewline -Force
@@ -334,9 +334,9 @@ authorityKeyIdentifier= keyid:always,issuer:always
 "@ | Out-File "$certConfPath"
 
                         try {
-                            Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) req -x509 -newkey rsa:2048 -days $JCR_ROOT_CERT_VALIDITY_DAYS -keyout `"$outKey`" -out `"$outCA`" -passout pass:$($env:certKeyPassword) -subj /C=$($JCR_SUBJECT_HEADERS.countryCode)/ST=$($JCR_SUBJECT_HEADERS.stateCode)/L=$($JCR_SUBJECT_HEADERS.Locality)/O=$($JCR_SUBJECT_HEADERS.Organization)/OU=$($JCR_SUBJECT_HEADERS.OrganizationUnit)/CN=$($JCR_SUBJECT_HEADERS.CommonName)"
+                            Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) req -x509 -newkey rsa:2048 -days $($global:JCRConfig.caCertValidityDays.value) -keyout `"$outKey`" -out `"$outCA`" -passout pass:$($env:certKeyPassword) -subj /C=$($($global:JCRConfig.certSubjectHeaderCountryCode.value))/ST=$($($global:JCRConfig.certSubjectHeaderStateCode.value))/L=$($($global:JCRConfig.certSubjectHeaderLocality.value))/O=$($($global:JCRConfig.certSubjectHeaderOrganization.value))/OU=$($($global:JCRConfig.certSubjectHeaderOrganizationUnit.value))/CN=$($($global:JCRConfig.certSubjectHeaderCommonName.value))"
 
-                            Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) x509 -req -days $JCR_ROOT_CERT_VALIDITY_DAYS -in $csrOutPath -set_serial `"0x$serial`" -signkey `"$outKey`" -out `"$outCA`" -extfile $certConfPath -extensions v3_ca -passin pass:$($env:certKeyPassword)"
+                            Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) x509 -req -days $($global:JCRConfig.caCertValidityDays.value) -in $csrOutPath -set_serial `"0x$serial`" -signkey `"$outKey`" -out `"$outCA`" -extfile $certConfPath -extensions v3_ca -passin pass:$($env:certKeyPassword)"
 
                             # Message of success
                             Write-Host "Root Certificate Renewed Successfully!" -ForegroundColor Yellow

From e1037dfbdc477b9464569938c322f838a57de5cc Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Mon, 2 Jun 2025 15:01:42 -0600
Subject: [PATCH 228/346] variables from config

---
 .../CertDeployment/Deploy-UserCertificate.ps1      |  2 +-
 .../Private/CertGeneration/Generate-UserCert.ps1   |  6 +++---
 .../CertGeneration/Invoke-UserCertProcess.ps1      |  4 ++--
 .../Functions/Public/Start-GenerateUserCerts.ps1   | 14 +++++++-------
 4 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1 b/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
index 9233391a9..c1f6b7d58 100644
--- a/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
@@ -296,7 +296,7 @@ function Deploy-UserCertificate {
 
             if (($workToBeDone.forcegenerateMacOSCommands) -OR ($workToBeDone.forceGenerateWindowsCommands)) {
                 # determine certType
-                switch ($JCR_CERT_TYPE) {
+                switch ($($global:JCRConfig.certType.value)) {
                     'EmailSAN' {
                         # set cert identifier to SAN email of cert
                         $sanID = Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) x509 -in $($userCrt) -ext subjectAltName -noout"
diff --git a/scripts/automation/Radius/Functions/Private/CertGeneration/Generate-UserCert.ps1 b/scripts/automation/Radius/Functions/Private/CertGeneration/Generate-UserCert.ps1
index 4f93e49a2..02b656e41 100644
--- a/scripts/automation/Radius/Functions/Private/CertGeneration/Generate-UserCert.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertGeneration/Generate-UserCert.ps1
@@ -52,7 +52,7 @@ function Generate-UserCert {
 
                 # take signing request, make cert # specify extensions requets
                 Write-Host "[status] take signing request, make cert # specify extensions requets"
-                Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) x509 -req -extfile `"$ExtensionPath`" -days $JCR_USER_CERT_VALIDITY_DAYS -in `"$userCsr`" -CA `"$rootCA`" -CAkey `"$rootCAKey`" -passin pass:$($env:certKeyPassword) -CAcreateserial -out `"$userCert`" -extensions v3_req"
+                Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) x509 -req -extfile `"$ExtensionPath`" -days $($global:JCRConfig.userCertValidityDays.value) -in `"$userCsr`" -CA `"$rootCA`" -CAkey `"$rootCAKey`" -passin pass:$($env:certKeyPassword) -CAcreateserial -out `"$userCert`" -extensions v3_req"
 
                 # validate the cert we cant see it once it goes to pfx
                 Write-Host "[status] validate the cert we cant see it once it goes to pfx"
@@ -69,7 +69,7 @@ function Generate-UserCert {
                 Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) req -new -key `"$userKey`" -out `"$userCsr`" -config `"$ExtensionPath`" -subj `"/C=$($($global:JCRConfig.certSubjectHeaderCountryCode.value))/ST=$($($global:JCRConfig.certSubjectHeaderStateCode.value))/L=$($($global:JCRConfig.certSubjectHeaderLocality.value))/O=$($JCORGID)/OU=$($($global:JCRConfig.certSubjectHeaderOrganizationUnit.value))/CN=/emailAddress=$($user.email)`""
 
                 # Gennerate User Cert
-                Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) x509 -req -in `"$userCsr`" -CA `"$rootCA`" -CAkey `"$rootCAKey`" -days $JCR_USER_CERT_VALIDITY_DAYS -passin pass:$($env:certKeyPassword) -CAcreateserial -out `"$userCert`" -extfile `"$ExtensionPath`""
+                Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) x509 -req -in `"$userCsr`" -CA `"$rootCA`" -CAkey `"$rootCAKey`" -days $($global:JCRConfig.userCertValidityDays.value) -passin pass:$($env:certKeyPassword) -CAcreateserial -out `"$userCert`" -extfile `"$ExtensionPath`""
 
                 # Combine key and cert to create pfx file
                 Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) pkcs12 -export -out `"$userPfx`" -inkey `"$userKey`" -in `"$userCert`" -passout pass:$($JCR_USER_CERT_PASS) -legacy"
@@ -85,7 +85,7 @@ function Generate-UserCert {
                 Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) req -new -key `"$userKey`" -out `"$userCsr`" -config `"$ExtensionPath`" -subj `"/C=$($($global:JCRConfig.certSubjectHeaderCountryCode.value))/ST=$($($global:JCRConfig.certSubjectHeaderStateCode.value))/L=$($($global:JCRConfig.certSubjectHeaderLocality.value))/O=$($JCORGID)/OU=$($($global:JCRConfig.certSubjectHeaderOrganizationUnit.value))/CN=$($user.username)`""
 
                 # Gennerate User Cert
-                Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) x509 -req -in `"$userCsr`" -CA `"$rootCA`" -CAkey `"$rootCAKey`" -days $JCR_USER_CERT_VALIDITY_DAYS -CAcreateserial -passin pass:$($env:certKeyPassword) -out `"$userCert`" -extfile `"$ExtensionPath`""
+                Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) x509 -req -in `"$userCsr`" -CA `"$rootCA`" -CAkey `"$rootCAKey`" -days $($global:JCRConfig.userCertValidityDays.value) -CAcreateserial -passin pass:$($env:certKeyPassword) -out `"$userCert`" -extfile `"$ExtensionPath`""
 
                 # Combine key and cert to create pfx file
                 Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) pkcs12 -export -out `"$userPfx`" -inkey `"$userKey`" -in `"$userCert`" -inkey `"$userKey`" -passout pass:$($JCR_USER_CERT_PASS) -legacy"
diff --git a/scripts/automation/Radius/Functions/Private/CertGeneration/Invoke-UserCertProcess.ps1 b/scripts/automation/Radius/Functions/Private/CertGeneration/Invoke-UserCertProcess.ps1
index 17a1278fd..331f6a23f 100644
--- a/scripts/automation/Radius/Functions/Private/CertGeneration/Invoke-UserCertProcess.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertGeneration/Invoke-UserCertProcess.ps1
@@ -78,11 +78,11 @@ Function Invoke-UserCertProcess {
     process {
         # if writeCert, generate the cert
         if ($writeCert) {
-            Generate-UserCert -CertType $JCR_CERT_TYPE -user $MatchedUser -rootCAKey "$($global:JCRConfig.radiusDirectory.value)/Cert/radius_ca_key.pem" -rootCA "$($global:JCRConfig.radiusDirectory.value)/Cert/radius_ca_cert.pem" 2>&1 | out-null
+            Generate-UserCert -CertType $($global:JCRConfig.certType.value) -user $MatchedUser -rootCAKey "$($global:JCRConfig.radiusDirectory.value)/Cert/radius_ca_key.pem" -rootCA "$($global:JCRConfig.radiusDirectory.value)/Cert/radius_ca_cert.pem" 2>&1 | out-null
             # validate that the cert was written correctly:
             #TODO: validate and return as variable
 
-            #TODO: cert should be written with $JCR_CERT_TYPE, if other certs exist, remove them.
+            #TODO: cert should be written with $($global:JCRConfig.certType.value), if other certs exist, remove them.
             $CertInfo = Get-CertInfo -UserCerts -username $MatchedUser.username
             if ($CertInfo.count -gt 1) {
                 $foundCerts = Get-ChildItem -path "$($global:JCRConfig.radiusDirectory.value)/UserCerts/$($MatchedUser.username)-*.crt"
diff --git a/scripts/automation/Radius/Functions/Public/Start-GenerateUserCerts.ps1 b/scripts/automation/Radius/Functions/Public/Start-GenerateUserCerts.ps1
index 2f8f1d410..343b95904 100644
--- a/scripts/automation/Radius/Functions/Public/Start-GenerateUserCerts.ps1
+++ b/scripts/automation/Radius/Functions/Public/Start-GenerateUserCerts.ps1
@@ -78,7 +78,7 @@ function Start-GenerateUserCerts {
                 # process all users, generate certificates for uses who do not yet have a certificate
                 # Get each RadiusMember User:
                 for ($i = 0; $i -lt $JCRRadiusMembers.count; $i++) {
-                    $result = Invoke-UserCertProcess -radiusMember $JCRRadiusMembers[$i] -certType $JCR_CERT_TYPE
+                    $result = Invoke-UserCertProcess -radiusMember $JCRRadiusMembers[$i] -certType $($global:JCRConfig.certType.value)
                     Show-RadiusProgress -completedItems ($i + 1) -totalItems $JCRRadiusMembers.count -ActionText "Generating Radius Certificates" -previousOperationResult $result
                 }
                 switch ($PSCmdlet.ParameterSetName) {
@@ -121,20 +121,20 @@ function Start-GenerateUserCerts {
                         $true {
                             switch ($PSCmdlet.ParameterSetName) {
                                 'gui' {
-                                    $result = Invoke-UserCertProcess -radiusMember $userObject -certType $JCR_CERT_TYPE -forceReplaceCert
+                                    $result = Invoke-UserCertProcess -radiusMember $userObject -certType $($global:JCRConfig.certType.value) -forceReplaceCert
                                 }
                                 'cli' {
-                                    $result = Invoke-UserCertProcess -radiusMember $userObject -certType $JCR_CERT_TYPE -forceReplaceCert
+                                    $result = Invoke-UserCertProcess -radiusMember $userObject -certType $($global:JCRConfig.certType.value) -forceReplaceCert
                                 }
                             }
                         }
                         $false {
                             switch ($PSCmdlet.ParameterSetName) {
                                 'gui' {
-                                    $result = Invoke-UserCertProcess -radiusMember $userObject -certType $JCR_CERT_TYPE -Prompt
+                                    $result = Invoke-UserCertProcess -radiusMember $userObject -certType $($global:JCRConfig.certType.value) -Prompt
                                 }
                                 'cli' {
-                                    $result = Invoke-UserCertProcess -radiusMember $userObject -certType $JCR_CERT_TYPE
+                                    $result = Invoke-UserCertProcess -radiusMember $userObject -certType $($global:JCRConfig.certType.value)
                                 }
                             }
                         }
@@ -171,7 +171,7 @@ function Start-GenerateUserCerts {
                 }
                 # Get each RadiusMember User:
                 for ($i = 0; $i -lt $JCRRadiusMembers.count; $i++) {
-                    $result = Invoke-UserCertProcess -radiusMember $JCRRadiusMembers[$i] -certType $JCR_CERT_TYPE -forceReplaceCert
+                    $result = Invoke-UserCertProcess -radiusMember $JCRRadiusMembers[$i] -certType $($global:JCRConfig.certType.value) -forceReplaceCert
                     Show-RadiusProgress -completedItems ($i + 1) -totalItems $JCRRadiusMembers.count -ActionText "Generating Radius Certificates" -previousOperationResult $result
                 }
                 switch ($PSCmdlet.ParameterSetName) {
@@ -194,7 +194,7 @@ function Start-GenerateUserCerts {
                     <# Action that will repeat until the condition is met #>
                     $userArrayIndex = $userArray.username.IndexOf($userCert.username)
                     $IdentifiedUser = $userArray[$userArrayIndex]
-                    $result = Invoke-UserCertProcess -radiusMember $IdentifiedUser -certType $JCR_CERT_TYPE -forceReplaceCert
+                    $result = Invoke-UserCertProcess -radiusMember $IdentifiedUser -certType $($global:JCRConfig.certType.value) -forceReplaceCert
                     Show-RadiusProgress -completedItems ($i + 1) -totalItems $ExpiringCerts.count -ActionText "Generating Radius Certificates" -previousOperationResult $result
 
                     # recalculate expiring certs:

From 4abbd2c527424e13bd5fa686f8682925f68f66b0 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Mon, 2 Jun 2025 15:09:59 -0600
Subject: [PATCH 229/346] paths with new variables

---
 .../Public/Start-GenerateRootCert.Tests.ps1      | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/scripts/automation/Radius/Tests/Public/Start-GenerateRootCert.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Start-GenerateRootCert.Tests.ps1
index 3119b1ed5..69a50b239 100644
--- a/scripts/automation/Radius/Tests/Public/Start-GenerateRootCert.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Start-GenerateRootCert.Tests.ps1
@@ -1,7 +1,7 @@
 Describe "Generate Root Certificate Tests" -Tag "GenerateRootCert" {
     BeforeEach {
         # If the /Cert/ folder is not empty, clear the directory
-        $items = Get-ChildItem "$($global:JCRConfig.radiusDirectory.value)/Cert"
+        $items = Get-ChildItem -Path "$($global:JCRConfig.radiusDirectory.value)/Cert"
         if ($items) {
             foreach ($item in $items) {
                 # If the item is the 'backup' folder, process its contents separately
@@ -14,7 +14,7 @@ Describe "Generate Root Certificate Tests" -Tag "GenerateRootCert" {
             Start-GenerateRootCert -certKeyPassword "testCertificate123!@#" -generateType "new" -force
 
             # both the key and the cert should be generated
-            $itemsAfter = Get-ChildItem $($global:JCRConfig.radiusDirectory.value)/Cert
+            $itemsAfter = Get-ChildItem -Path "$($global:JCRConfig.radiusDirectory.value)/Cert"
             $itemsAfter.BaseName | Should -Contain "radius_ca_cert"
             $itemsAfter.BaseName | Should -Contain "radius_ca_key"
 
@@ -45,12 +45,12 @@ Describe "Generate Root Certificate Tests" -Tag "GenerateRootCert" {
             # the serial numbers of the cert should not be the same, i.e. a new cert has replaced the existing one
             $origSN | Should -Not -Be $newSN
             # both the key and the cert should be generated
-            $itemsAfter = Get-ChildItem $($global:JCRConfig.radiusDirectory.value)/Cert
+            $itemsAfter = Get-ChildItem -Path "$($global:JCRConfig.radiusDirectory.value)/Cert"
             $itemsAfter.BaseName | Should -Contain "radius_ca_cert"
             $itemsAfter.BaseName | Should -Contain "radius_ca_key"
 
             # Validate that the backup zip file was created
-            $backupFiles = Get-ChildItem $($global:JCRConfig.radiusDirectory.value)/Cert/Backups
+            $backupFiles = Get-ChildItem -Path "$($global:JCRConfig.radiusDirectory.value)/Cert/Backups"
             # Should contain a zip file
             $backupFiles.Extension | Should -Contain ".zip"
 
@@ -79,12 +79,12 @@ Describe "Generate Root Certificate Tests" -Tag "GenerateRootCert" {
             # the serial numbers of the cert should not be the same, i.e. a new cert has replaced the existing one
             $origSN | Should -Not -Be $newSN
             # both the key and the cert should be generated
-            $itemsAfter = Get-ChildItem $($global:JCRConfig.radiusDirectory.value)/Cert
+            $itemsAfter = Get-ChildItem -Path "$($global:JCRConfig.radiusDirectory.value)/Cert"
             $itemsAfter.BaseName | Should -Contain "radius_ca_cert"
             $itemsAfter.BaseName | Should -Contain "radius_ca_key"
 
             # Validate that the backup zip file was created
-            $backupFiles = Get-ChildItem $($global:JCRConfig.radiusDirectory.value)/Cert/Backups
+            $backupFiles = Get-ChildItem -Path "$($global:JCRConfig.radiusDirectory.value)/Cert/Backups"
             # Should contain a zip file
             $backupFiles.Extension | Should -Contain ".zip"
 
@@ -113,12 +113,12 @@ Describe "Generate Root Certificate Tests" -Tag "GenerateRootCert" {
             # the serial numbers of the cert should not be the same, i.e. a new cert has replaced the existing one
             $origSN | Should -Be $newSN
             # both the key and the cert should be generated
-            $itemsAfter = Get-ChildItem $($global:JCRConfig.radiusDirectory.value)/Cert
+            $itemsAfter = Get-ChildItem -Path "$($global:JCRConfig.radiusDirectory.value)/Cert"
             $itemsAfter.BaseName | Should -Contain "radius_ca_cert"
             $itemsAfter.BaseName | Should -Contain "radius_ca_key"
 
             # Validate that the backup zip file was created
-            $backupFiles = Get-ChildItem $($global:JCRConfig.radiusDirectory.value)/Cert/Backups
+            $backupFiles = Get-ChildItem -Path "$($global:JCRConfig.radiusDirectory.value)/Cert/Backups"
             # Should contain a zip file
             $backupFiles.Extension | Should -Contain ".zip"
 

From eea883dab9099ecb003bd526e87b4bce1961ceff Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Mon, 2 Jun 2025 15:15:07 -0600
Subject: [PATCH 230/346] lastUpdate

---
 .../Tests/Public/Get-JCRGlobalVars.Tests.ps1     | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/scripts/automation/Radius/Tests/Public/Get-JCRGlobalVars.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Get-JCRGlobalVars.Tests.ps1
index 54dcba23c..40bcae8cf 100644
--- a/scripts/automation/Radius/Tests/Public/Get-JCRGlobalVars.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Get-JCRGlobalVars.Tests.ps1
@@ -49,12 +49,12 @@ Describe "Get Global Variable Data Tests" -Tag "Cache" {
         It "Data should not be refreshed when running Get-JCRGlobalVars if it's been less than 24 hours since last update" {
             # Get the settings data
             $settingsData = Get-JCRConfigFile
-            $timespan = New-TimeSpan -Start (Get-Date).AddHours(-24) -End $settingsData.globalVars.lastupdate
-            # Write-Host "Time between 24 hrs and settings file: $($timespan.TotalHours)"
+            $timeSpan = New-TimeSpan -Start (Get-Date).AddHours(-24) -End $($global:JCRConfig.lastUpdate.value)
+            # Write-Host "Time between 24 hrs and settings file: $($timeSpan.TotalHours)"
             # get files before
             $filesBefore = Get-ChildItem -Path $dataPath
             # check the settings time the files were last written
-            if ($timespan.TotalHours -lt 24) {
+            if ($timeSpan.TotalHours -lt 24) {
                 # continue with test
             } else {
                 # set the settings file to a mocked value of now
@@ -80,20 +80,20 @@ Describe "Get Global Variable Data Tests" -Tag "Cache" {
         It "Data should refresh when running Get-JCRGlobalVars if it's been more than 24 hours since last update" {
             # Get the settings data
             $settingsData = Get-JCRConfigFile
-            $timespan = New-TimeSpan -Start (Get-Date).AddHours(-24) -End $settingsData.globalVars.lastupdate
-            # Write-Host "Time between 24 hrs and settings file: $($timespan.TotalHours)"
+            $timeSpan = New-TimeSpan -Start (Get-Date).AddHours(-24) -End $($global:JCRConfig.lastUpdate.value)
+            # Write-Host "Time between 24 hrs and settings file: $($timeSpan.TotalHours)"
             # get files before
             $filesBefore = Get-ChildItem -Path $dataPath
             # check the settings time the files were last written
-            if ($timespan.TotalHours -gt 24) {
+            if ($timeSpan.TotalHours -gt 24) {
                 # continue with test
             } else {
                 # set the settings file to a mocked value of now
                 Set-JCRConfigFile -lastUpdate (Get-Date).AddHours(-25)
                 Start-Sleep 2
                 $settingsData = Get-JCRConfigFile
-                $timespan = New-TimeSpan -Start  $settingsData.globalVars.lastupdate -End (Get-Date).AddHours(-24)
-                Write-Host "Time between 24 hrs and settings file: $($timespan.TotalHours)"
+                $timeSpan = New-TimeSpan -Start  $($global:JCRConfig.lastUpdate.value) -End (Get-Date).AddHours(-24)
+                Write-Host "Time between 24 hrs and settings file: $($timeSpan.TotalHours)"
             }
             # run Get-JCRGlobalVars
             Get-JCRGlobalVars -Force -associateManually

From 1a4834930f7b204ec9912e281065e07b7cbe1b54 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Mon, 2 Jun 2025 15:48:23 -0600
Subject: [PATCH 231/346] global vars changes

---
 .../Functions/Public/Get-JCRGlobalVars.ps1     | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1 b/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
index 973904654..2f86c5a0c 100644
--- a/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
+++ b/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
@@ -27,10 +27,24 @@ function Get-JCRGlobalVars {
 
         # get settings file
         if ($IsMacOS) {
-            $lastUpdateTimeSpan = New-TimeSpan -Start $global:JCRConfig.globalvars.lastupdate -End (Get-Date)
+            try {
+                $lastUpdateTimeSpan = New-TimeSpan -Start $($global:JCRConfig.lastUpdate.value) -End (Get-Date)
+            } catch {
+                Write-Host "[status] lastUpdate value is null, updating global variables"
+                $update = $true
+                $updateAssociation = $true
+                Set-JCRConfigFile -lastUpdate (Get-Date)
+            }
         }
         if ($ifWindows) {
-            $lastUpdateTimeSpan = New-TimeSpan -Start $global:JCRConfig.globalvars.lastupdate.value -End (Get-Date)
+            try {
+                $lastUpdateTimeSpan = New-TimeSpan -Start $($global:JCRConfig.lastUpdate.value) -End (Get-Date)
+            } catch {
+                Write-Host "[status] lastUpdate value is null, updating global variables"
+                $update = $true
+                $updateAssociation = $true
+                Set-JCRConfigFile -lastUpdate (Get-Date)
+            }
         }
         if ($lastUpdateTimeSpan.TotalHours -gt 24) {
             $update = $true

From 6edb38222b6ef5ffdd9fa919cb5c769643875448 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 4 Jun 2025 09:22:57 -0600
Subject: [PATCH 232/346] user cert paths

---
 .../Functions/Private/CertGeneration/Generate-UserCert.ps1      | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/automation/Radius/Functions/Private/CertGeneration/Generate-UserCert.ps1 b/scripts/automation/Radius/Functions/Private/CertGeneration/Generate-UserCert.ps1
index 02b656e41..f3ea4e123 100644
--- a/scripts/automation/Radius/Functions/Private/CertGeneration/Generate-UserCert.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertGeneration/Generate-UserCert.ps1
@@ -33,7 +33,7 @@ function Generate-UserCert {
     }
     process {
         # Set Extension Path
-        $ExtensionPath = "$JCScriptRoot/Extensions/extensions-$($certType).cnf"
+        $ExtensionPath = "$($global:JCRConfig.radiusDirectory.value)/Extensions/extensions-$($certType).cnf"
         # User Certificate Signing Request:
         $userCSR = "$($global:JCRConfig.radiusDirectory.value)/UserCerts/$($user.username)-cert-req.csr"
         # Set key, crt, pfx variables:

From ab363ce9941eca752152ff4fddea86d51940be73 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 4 Jun 2025 09:41:51 -0600
Subject: [PATCH 233/346] pester variables

---
 scripts/automation/Radius/Tests/Invoke-Pester.ps1           | 6 ++++++
 .../Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1     | 2 +-
 scripts/automation/Radius/Tests/SetupRadiusOrg.ps1          | 2 +-
 3 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/scripts/automation/Radius/Tests/Invoke-Pester.ps1 b/scripts/automation/Radius/Tests/Invoke-Pester.ps1
index e8346a68f..8b2ca7771 100644
--- a/scripts/automation/Radius/Tests/Invoke-Pester.ps1
+++ b/scripts/automation/Radius/Tests/Invoke-Pester.ps1
@@ -81,6 +81,12 @@ $configuration.Filter.ExcludeTag = $ExcludeTagList
 $configuration.CodeCoverage.OutputPath = ($PesterResultsFileXmldir + 'coverage.xml')
 $configuration.testresult.OutputPath = ($PesterResultsFileXmldir + 'results.xml')
 
+Write-Host "-----------------------"
+Write-Host "[Status] JCRConfig Settings:"
+foreach ($setting in $global:JCRConfig.PSObject.Properties) {
+    Write-Host ("$($setting.Name): $($setting.Value.value)")
+}
+Write-Host "-----------------------"
 
 Write-Host ("[RUN COMMAND] Invoke-Pester -Path:('$PesterRunPaths') -TagFilter:('$($IncludeTags -join "','")') -ExcludeTagFilter:('$($ExcludeTagList -join "','")') -PassThru") -BackgroundColor:('Black') -ForegroundColor:('Magenta')
 # Run Pester tests
diff --git a/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
index 297f33660..637d06c15 100644
--- a/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
@@ -27,7 +27,7 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
                 Remove-Item -Path $cert.FullName
             }
             #remove existing users
-            $usersToRemove = Get-JCuser -email "*pesterRadius*" | Remove-JCUser -force
+            $usersToRemove = Get-JCUser -email "*pesterRadius*" | Remove-JCUser -force
             Get-JCRGlobalVars -force -skipAssociation
         }
         it 'users with system associations will have deployed certs' {
diff --git a/scripts/automation/Radius/Tests/SetupRadiusOrg.ps1 b/scripts/automation/Radius/Tests/SetupRadiusOrg.ps1
index 021794d68..20f3cab3c 100644
--- a/scripts/automation/Radius/Tests/SetupRadiusOrg.ps1
+++ b/scripts/automation/Radius/Tests/SetupRadiusOrg.ps1
@@ -63,7 +63,7 @@ $settings = @{
     certSubjectHeaderCountryCode      = "US"
     certSubjectHeaderStateCode        = "CO"
     certSubjectHeaderLocality         = "Boulder"
-    radiusDirectory                   = "$PSScriptRoot/../"
+    radiusDirectory                   = "$(Resolve-Path $PSScriptRoot/../)"
     networkSSID                       = "TP-Link_SSID"
     userGroup                         = $radiusUserGroup.id
     openSSLBinary                     = 'openssl'

From 9bfd77d96162c095b07f7042a4aac1c1b3dfbefb Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 4 Jun 2025 10:51:24 -0600
Subject: [PATCH 234/346] test update in get-CertInfo

---
 .../Functions/Private/CertDeployment/Get-CertInfo.ps1      | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1 b/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1
index b9282bfaa..dbe944ea3 100644
--- a/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1
@@ -24,6 +24,13 @@ function Get-CertInfo {
 
             } else {
                 $foundCerts = New-Object System.Collections.ArrayList
+                # if $global:JCRRadiusMembers.username is not defined, update
+
+                if (-not $global:JCRRadiusMembers.username) {
+                    # update global variables
+                    Get-JCRGlobalVars -skipAssociation
+                }
+
                 $global:JCRRadiusMembers.username | ForEach-Object {
                     $foundCert = Resolve-Path -Path "$($global:JCRConfig.radiusDirectory.value)/UserCerts/$_-$($global:JCRConfig.certType.value)*.crt" -ErrorAction SilentlyContinue
                     if ($foundCert) {

From feb60cd74d8b008c5f792a5cc72de9c1504395d5 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 4 Jun 2025 10:57:15 -0600
Subject: [PATCH 235/346] Revert "test update in get-CertInfo"

This reverts commit 9bfd77d96162c095b07f7042a4aac1c1b3dfbefb.
---
 .../Functions/Private/CertDeployment/Get-CertInfo.ps1      | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1 b/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1
index dbe944ea3..b9282bfaa 100644
--- a/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1
@@ -24,13 +24,6 @@ function Get-CertInfo {
 
             } else {
                 $foundCerts = New-Object System.Collections.ArrayList
-                # if $global:JCRRadiusMembers.username is not defined, update
-
-                if (-not $global:JCRRadiusMembers.username) {
-                    # update global variables
-                    Get-JCRGlobalVars -skipAssociation
-                }
-
                 $global:JCRRadiusMembers.username | ForEach-Object {
                     $foundCert = Resolve-Path -Path "$($global:JCRConfig.radiusDirectory.value)/UserCerts/$_-$($global:JCRConfig.certType.value)*.crt" -ErrorAction SilentlyContinue
                     if ($foundCert) {

From 0ea11b6d17b0ddb0e425364a10f08380edac6e8c Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 4 Jun 2025 11:08:22 -0600
Subject: [PATCH 236/346] get global vars on import

---
 scripts/automation/Radius/JumpCloud.Radius.psm1 | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/scripts/automation/Radius/JumpCloud.Radius.psm1 b/scripts/automation/Radius/JumpCloud.Radius.psm1
index a45480c7a..daa6b3adf 100644
--- a/scripts/automation/Radius/JumpCloud.Radius.psm1
+++ b/scripts/automation/Radius/JumpCloud.Radius.psm1
@@ -174,5 +174,9 @@ $global:JCRConfig = Get-JCRConfigFile -asObject
 # validate the config settings (skip throw on first load with 'loadModule' param)
 Confirm-JCRConfigFile -loadModule
 
+
+# Update the global variables required for the module
+Get-JCRGlobalVars -skipAssociation
+
 # TODO: Check the OpenSSL version
 # Get-OpenSSLVersion -opensslBinary $global:JCRConfig.openSSLBinary.value
\ No newline at end of file

From 565c8695605eea9d1de4fda02a55da44050a6b5d Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 4 Jun 2025 11:14:37 -0600
Subject: [PATCH 237/346] module validation with API key

---
 .github/workflows/radius-module-ci.yml            | 2 +-
 scripts/automation/Radius/Tests/Invoke-Pester.ps1 | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/radius-module-ci.yml b/.github/workflows/radius-module-ci.yml
index cefe36c0b..f1e409bc0 100644
--- a/.github/workflows/radius-module-ci.yml
+++ b/.github/workflows/radius-module-ci.yml
@@ -124,7 +124,7 @@ jobs:
           RELEASE_TYPE: ${{ needs.Check-PR-Labels.outputs.RELEASE_TYPE }}
         shell: pwsh
         run: |
-          . "./scripts/automation/Radius/Tests/Invoke-Pester.ps1" -ModuleValidation
+          . "./scripts/automation/Radius/Tests/Invoke-Pester.ps1" -JumpCloudApiKey "$env:PESTER_APIKEY" -ModuleValidation
   Test-Module:
     needs: ["Setup-Build-Dependencies", "Check-PR-Labels", "Validate-Module"]
     runs-on: ubuntu-latest
diff --git a/scripts/automation/Radius/Tests/Invoke-Pester.ps1 b/scripts/automation/Radius/Tests/Invoke-Pester.ps1
index 8b2ca7771..53bbf8b4f 100644
--- a/scripts/automation/Radius/Tests/Invoke-Pester.ps1
+++ b/scripts/automation/Radius/Tests/Invoke-Pester.ps1
@@ -49,6 +49,8 @@ if ($PSCmdlet.ParameterSetName -eq 'ModuleValidation') {
     $PesterRunPaths = @(
         "$PSScriptRoot/ModuleValidation/"
     )
+    $env:JCAPIKEY = $JumpCloudApiKey
+    Connect-JCOnline -JumpCloudApiKey:($env:JCAPIKEY) -force
 } else {
     $env:JCAPIKEY = $JumpCloudApiKey
     Connect-JCOnline -JumpCloudApiKey:($env:JCAPIKEY) -force

From 904ba881167e2406b5b4d6e29cbdcc8ed0811eaf Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 4 Jun 2025 11:19:07 -0600
Subject: [PATCH 238/346] set env

---
 .github/workflows/radius-module-ci.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/radius-module-ci.yml b/.github/workflows/radius-module-ci.yml
index f1e409bc0..fa7bdc487 100644
--- a/.github/workflows/radius-module-ci.yml
+++ b/.github/workflows/radius-module-ci.yml
@@ -121,6 +121,8 @@ jobs:
           path: "~/.local/share/powershell/Modules/"
           key: PS-Radius-Dependencies
       - env:
+          PESTER_APIKEY: ${{ secrets.PESTER_APIKEY }}
+          PESTER_ORGID: ${{ secrets.PESTER_ORGID }}
           RELEASE_TYPE: ${{ needs.Check-PR-Labels.outputs.RELEASE_TYPE }}
         shell: pwsh
         run: |

From 675ef6651e8f967cc01667a577f2418bc1981c45 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 4 Jun 2025 11:23:43 -0600
Subject: [PATCH 239/346] multiple param sets

---
 .../automation/Radius/Tests/Invoke-Pester.ps1 | 19 +++++++++++++------
 1 file changed, 13 insertions(+), 6 deletions(-)

diff --git a/scripts/automation/Radius/Tests/Invoke-Pester.ps1 b/scripts/automation/Radius/Tests/Invoke-Pester.ps1
index 53bbf8b4f..802075054 100644
--- a/scripts/automation/Radius/Tests/Invoke-Pester.ps1
+++ b/scripts/automation/Radius/Tests/Invoke-Pester.ps1
@@ -1,10 +1,17 @@
-# InvokePester.ps1 is intended to be called directly as a file-function
-# There are two parameter sets
 Param(
-    [Parameter(ParameterSetName = 'SingleOrgTests', Mandatory = $true, ValueFromPipelineByPropertyName = $true, Position = 0)][ValidateNotNullOrEmpty()][System.String]$JumpCloudApiKey
-    , [Parameter(ParameterSetName = 'SingleOrgTests', Mandatory = $false, ValueFromPipelineByPropertyName = $true, Position = 1)][System.String[]]$ExcludeTagList
-    , [Parameter(ParameterSetName = 'SingleOrgTests', Mandatory = $false, ValueFromPipelineByPropertyName = $true, Position = 2)][System.String[]]$IncludeTagList
-    , [Parameter(ParameterSetName = 'ModuleValidation', Mandatory = $true, ValueFromPipelineByPropertyName = $true, Position = 3)][switch]$ModuleValidation
+    [Parameter(ParameterSetName = 'SingleOrgTests', Mandatory = $true, Position = 0)]
+    [Parameter(ParameterSetName = 'ModuleValidation', Mandatory = $true, Position = 0)]
+    [ValidateNotNullOrEmpty()]
+    [System.String]$JumpCloudApiKey,
+
+    [Parameter(ParameterSetName = 'SingleOrgTests', Mandatory = $false, Position = 1)]
+    [System.String[]]$ExcludeTagList,
+
+    [Parameter(ParameterSetName = 'SingleOrgTests', Mandatory = $false, Position = 2)]
+    [System.String[]]$IncludeTagList,
+
+    [Parameter(ParameterSetName = 'ModuleValidation', Mandatory = $true, Position = 1)]
+    [switch]$ModuleValidation
 )
 
 

From 432fb6156557c4adf3487bc805b4282be17766b1 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 4 Jun 2025 11:31:20 -0600
Subject: [PATCH 240/346] module load order

---
 scripts/automation/Radius/Tests/Invoke-Pester.ps1 | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/scripts/automation/Radius/Tests/Invoke-Pester.ps1 b/scripts/automation/Radius/Tests/Invoke-Pester.ps1
index 802075054..4d83d1a25 100644
--- a/scripts/automation/Radius/Tests/Invoke-Pester.ps1
+++ b/scripts/automation/Radius/Tests/Invoke-Pester.ps1
@@ -44,11 +44,7 @@ $IncludeTags = If ($IncludeTagList) {
 If ($PesterRunPaths) {
     Clear-Variable -Name PesterRunPaths
 }
-# Load private functions
-Write-Host ('[status]Load private functions: ' + "$PSScriptRoot/../Functions/Private/*.ps1")
-Import-Module -Name "$PSScriptRoot/../JumpCloud.Radius.psd1" -Force
-Write-Host ('[status]Load public functions: ' + "$PSScriptRoot/../Functions/Public/*.ps1")
-Get-ChildItem -Path:("$PSScriptRoot/../Functions/Private/*.ps1") -Recurse | ForEach-Object { . $_.FullName }
+
 
 # Determine the parameter set path
 if ($PSCmdlet.ParameterSetName -eq 'ModuleValidation') {
@@ -71,6 +67,12 @@ if (-Not $PesterRunPaths) {
     )
 }
 
+# Load private functions
+Write-Host ('[status]Load private functions: ' + "$PSScriptRoot/../Functions/Private/*.ps1")
+Import-Module -Name "$PSScriptRoot/../JumpCloud.Radius.psd1" -Force
+Write-Host ('[status]Load public functions: ' + "$PSScriptRoot/../Functions/Public/*.ps1")
+Get-ChildItem -Path:("$PSScriptRoot/../Functions/Private/*.ps1") -Recurse | ForEach-Object { . $_.FullName }
+
 # Set the test result directory:
 $PesterResultsFileXmldir = "$PSScriptRoot/test_results/"
 # create the directory if it does not exist:

From a124a7a0d0f613a15688e3c0db4e0beac75099c7 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 4 Jun 2025 11:34:51 -0600
Subject: [PATCH 241/346] setup Org

---
 scripts/automation/Radius/Tests/Invoke-Pester.ps1 | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/scripts/automation/Radius/Tests/Invoke-Pester.ps1 b/scripts/automation/Radius/Tests/Invoke-Pester.ps1
index 4d83d1a25..e85ff2ba0 100644
--- a/scripts/automation/Radius/Tests/Invoke-Pester.ps1
+++ b/scripts/automation/Radius/Tests/Invoke-Pester.ps1
@@ -52,6 +52,8 @@ if ($PSCmdlet.ParameterSetName -eq 'ModuleValidation') {
     $PesterRunPaths = @(
         "$PSScriptRoot/ModuleValidation/"
     )
+    Write-Host "Begin Org Setup Before Tests:"
+    . "$PSScriptRoot/SetupRadiusOrg.ps1"
     $env:JCAPIKEY = $JumpCloudApiKey
     Connect-JCOnline -JumpCloudApiKey:($env:JCAPIKEY) -force
 } else {

From 8647e751c287a848156c36fc171c7da3c025ddc7 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 4 Jun 2025 11:36:46 -0600
Subject: [PATCH 242/346] order

---
 scripts/automation/Radius/Tests/Invoke-Pester.ps1 | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/scripts/automation/Radius/Tests/Invoke-Pester.ps1 b/scripts/automation/Radius/Tests/Invoke-Pester.ps1
index e85ff2ba0..d14069633 100644
--- a/scripts/automation/Radius/Tests/Invoke-Pester.ps1
+++ b/scripts/automation/Radius/Tests/Invoke-Pester.ps1
@@ -52,10 +52,10 @@ if ($PSCmdlet.ParameterSetName -eq 'ModuleValidation') {
     $PesterRunPaths = @(
         "$PSScriptRoot/ModuleValidation/"
     )
-    Write-Host "Begin Org Setup Before Tests:"
-    . "$PSScriptRoot/SetupRadiusOrg.ps1"
     $env:JCAPIKEY = $JumpCloudApiKey
     Connect-JCOnline -JumpCloudApiKey:($env:JCAPIKEY) -force
+    Write-Host "Begin Org Setup Before Tests:"
+    . "$PSScriptRoot/SetupRadiusOrg.ps1"
 } else {
     $env:JCAPIKEY = $JumpCloudApiKey
     Connect-JCOnline -JumpCloudApiKey:($env:JCAPIKEY) -force

From 24b925dc8f6f3a4d9eddf92ef34e346b3b57ff71 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 4 Jun 2025 11:39:25 -0600
Subject: [PATCH 243/346] functions load order

---
 scripts/automation/Radius/Tests/Invoke-Pester.ps1 | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/scripts/automation/Radius/Tests/Invoke-Pester.ps1 b/scripts/automation/Radius/Tests/Invoke-Pester.ps1
index d14069633..e04ff2a96 100644
--- a/scripts/automation/Radius/Tests/Invoke-Pester.ps1
+++ b/scripts/automation/Radius/Tests/Invoke-Pester.ps1
@@ -45,6 +45,11 @@ If ($PesterRunPaths) {
     Clear-Variable -Name PesterRunPaths
 }
 
+# Load private functions
+Write-Host ('[status]Load private functions: ' + "$PSScriptRoot/../Functions/Private/*.ps1")
+Import-Module -Name "$PSScriptRoot/../JumpCloud.Radius.psd1" -Force
+Write-Host ('[status]Load public functions: ' + "$PSScriptRoot/../Functions/Public/*.ps1")
+Get-ChildItem -Path:("$PSScriptRoot/../Functions/Private/*.ps1") -Recurse | ForEach-Object { . $_.FullName }
 
 # Determine the parameter set path
 if ($PSCmdlet.ParameterSetName -eq 'ModuleValidation') {
@@ -69,11 +74,7 @@ if (-Not $PesterRunPaths) {
     )
 }
 
-# Load private functions
-Write-Host ('[status]Load private functions: ' + "$PSScriptRoot/../Functions/Private/*.ps1")
-Import-Module -Name "$PSScriptRoot/../JumpCloud.Radius.psd1" -Force
-Write-Host ('[status]Load public functions: ' + "$PSScriptRoot/../Functions/Public/*.ps1")
-Get-ChildItem -Path:("$PSScriptRoot/../Functions/Private/*.ps1") -Recurse | ForEach-Object { . $_.FullName }
+
 
 # Set the test result directory:
 $PesterResultsFileXmldir = "$PSScriptRoot/test_results/"

From 8577a67aff7a91f546525b4c5abc715087c1ffb7 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 4 Jun 2025 11:51:54 -0600
Subject: [PATCH 244/346] session import

---
 .../Radius/Functions/Public/Get-JCRCertReport.ps1          | 4 ++++
 .../Radius/Functions/Public/Get-JCRGlobalVars.ps1          | 5 +++++
 .../Radius/Functions/Public/Start-DeployUserCerts.ps1      | 5 +++++
 .../Radius/Functions/Public/Start-GenerateRootCert.ps1     | 5 +++++
 .../Radius/Functions/Public/Start-GenerateUserCerts.ps1    | 5 +++++
 .../Radius/Functions/Public/Start-RadiusDeployment.ps1     | 5 +++++
 scripts/automation/Radius/JumpCloud.Radius.psm1            | 7 ++-----
 7 files changed, 31 insertions(+), 5 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Public/Get-JCRCertReport.ps1 b/scripts/automation/Radius/Functions/Public/Get-JCRCertReport.ps1
index e41f63c0d..2bb4a4ec7 100644
--- a/scripts/automation/Radius/Functions/Public/Get-JCRCertReport.ps1
+++ b/scripts/automation/Radius/Functions/Public/Get-JCRCertReport.ps1
@@ -13,6 +13,10 @@ function Get-JCRCertReport {
             })]
         [System.IO.FileInfo]$ExportFilePath
     )
+    if ($Global:JCRSettings.sessionImport -eq $false) {
+        Get-JCRGlobalVars
+        $Global:JCRSettings.sessionImport = $true
+    }
 
     # Initialize an empty array to store the results
     $reportData = New-Object System.Collections.ArrayList
diff --git a/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1 b/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
index 2f86c5a0c..74033af83 100644
--- a/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
+++ b/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
@@ -15,6 +15,10 @@ function Get-JCRGlobalVars {
         $associationUsername
     )
     begin {
+        Write-Verbose 'Verifying JCAPI Key'
+        if ($JCAPIKEY.length -ne 40) {
+            Connect-JCOnline -force
+        }
         # ensure the data directory exists to cache the json files:
         if (-not (Test-Path "$JCScriptRoot/data")) {
             Write-Host "[status] Creating Data Directory"
@@ -122,6 +126,7 @@ function Get-JCRGlobalVars {
         }
     }
     process {
+        Write-Host "begin Get-JCRGlobalVars"
         switch ($update) {
             $true {
                 # update the global variables
diff --git a/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1 b/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1
index 687923576..7865c741f 100644
--- a/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1
+++ b/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1
@@ -21,6 +21,11 @@ function Start-DeployUserCerts {
         $forceGenerateCommands
     )
 
+    if ($Global:JCRSettings.sessionImport -eq $false) {
+        Get-JCRGlobalVars
+        $Global:JCRSettings.sessionImport = $true
+    }
+
     # Import the users.json file and convert to PSObject
     $userArray = Get-UserJsonData
     # identify users that need their certs still deployed
diff --git a/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1 b/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1
index 7b536df72..52c7009a6 100644
--- a/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1
+++ b/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1
@@ -17,6 +17,11 @@ Function Start-GenerateRootCert {
 
     )
 
+    if ($Global:JCRSettings.sessionImport -eq $false) {
+        Get-JCRGlobalVars
+        $Global:JCRSettings.sessionImport = $true
+    }
+
 
     # this script will generate a Self Signed CA (root cert) to be imported on the
     # Radius CBA-BYO Authentication UI
diff --git a/scripts/automation/Radius/Functions/Public/Start-GenerateUserCerts.ps1 b/scripts/automation/Radius/Functions/Public/Start-GenerateUserCerts.ps1
index 343b95904..f8adb990b 100644
--- a/scripts/automation/Radius/Functions/Public/Start-GenerateUserCerts.ps1
+++ b/scripts/automation/Radius/Functions/Public/Start-GenerateUserCerts.ps1
@@ -16,6 +16,11 @@ function Start-GenerateUserCerts {
         [switch]
         $forceReplaceCerts
     )
+
+    if ($Global:JCRSettings.sessionImport -eq $false) {
+        Get-JCRGlobalVars
+        $Global:JCRSettings.sessionImport = $true
+    }
     #### begin function setup:
     # Check if CA-Key is saved in env
     if ($env:certKeyPassword) {
diff --git a/scripts/automation/Radius/Functions/Public/Start-RadiusDeployment.ps1 b/scripts/automation/Radius/Functions/Public/Start-RadiusDeployment.ps1
index c10dc7fae..543fbd50e 100644
--- a/scripts/automation/Radius/Functions/Public/Start-RadiusDeployment.ps1
+++ b/scripts/automation/Radius/Functions/Public/Start-RadiusDeployment.ps1
@@ -8,6 +8,11 @@ function Start-RadiusDeployment {
     # validate the setting from the module have been set
     Confirm-JCRConfigFile -ErrorAction stop
 
+    if ($Global:JCRSettings.sessionImport -eq $false) {
+        Get-JCRGlobalVars
+        $Global:JCRSettings.sessionImport = $true
+    }
+
     # Show user selection
     do {
         #Output-Certs
diff --git a/scripts/automation/Radius/JumpCloud.Radius.psm1 b/scripts/automation/Radius/JumpCloud.Radius.psm1
index daa6b3adf..9be032a2a 100644
--- a/scripts/automation/Radius/JumpCloud.Radius.psm1
+++ b/scripts/automation/Radius/JumpCloud.Radius.psm1
@@ -164,7 +164,8 @@ $global:JCRConfigTemplate = @{
 
 # # Set the module non-configurable settings
 $global:JCRSettings = @{
-    'userAgent' = Get-JCRUserAgent
+    'userAgent'     = Get-JCRUserAgent;
+    'sessionImport' = $false;
 }
 
 # From the saved config file, get the settings and set them in the module as $config
@@ -174,9 +175,5 @@ $global:JCRConfig = Get-JCRConfigFile -asObject
 # validate the config settings (skip throw on first load with 'loadModule' param)
 Confirm-JCRConfigFile -loadModule
 
-
-# Update the global variables required for the module
-Get-JCRGlobalVars -skipAssociation
-
 # TODO: Check the OpenSSL version
 # Get-OpenSSLVersion -opensslBinary $global:JCRConfig.openSSLBinary.value
\ No newline at end of file

From 0535e49bee75236c5b9cfdad3cfe92c8695ce8ca Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 4 Jun 2025 12:12:43 -0600
Subject: [PATCH 245/346] user cert location log

---
 .../Radius/Functions/Public/Start-GenerateUserCerts.ps1          | 1 +
 1 file changed, 1 insertion(+)

diff --git a/scripts/automation/Radius/Functions/Public/Start-GenerateUserCerts.ps1 b/scripts/automation/Radius/Functions/Public/Start-GenerateUserCerts.ps1
index f8adb990b..7d088a3df 100644
--- a/scripts/automation/Radius/Functions/Public/Start-GenerateUserCerts.ps1
+++ b/scripts/automation/Radius/Functions/Public/Start-GenerateUserCerts.ps1
@@ -49,6 +49,7 @@ function Start-GenerateUserCerts {
     } else {
         Write-Host "[status] Creating User Cert Directory"
         New-Item -ItemType Directory -Path "$($global:JCRConfig.radiusDirectory.value)/UserCerts"
+        Write-Host "[status] User Cert Directory Created at: $($global:JCRConfig.radiusDirectory.value)/UserCerts"
     }
     #### end function setup
 

From 0df9bb8a1354d334d43a45641bc6e8ab21bea538 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 4 Jun 2025 12:17:13 -0600
Subject: [PATCH 246/346] resolve path

---
 .../Functions/Private/CertDeployment/Deploy-UserCertificate.ps1 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1 b/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
index c1f6b7d58..975a370bb 100644
--- a/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
@@ -93,7 +93,7 @@ function Deploy-UserCertificate {
 
             # Get the users certificate Details:
             # Get certificate and zip to upload to Commands
-            $userCertFiles = Get-ChildItem -Path "$($global:JCRConfig.radiusDirectory.value)/UserCerts" -Filter "$($user.userName)-*"
+            $userCertFiles = Get-ChildItem -Path (Resolve-Path -Path "$($global:JCRConfig.radiusDirectory.value)/UserCerts" -Filter "$($user.userName)-*")
             # set crt and pfx filepaths
             $userCrt = ($userCertFiles | Where-Object { $_.Name -match "crt" }).FullName
             $userPfx = ($userCertFiles | Where-Object { $_.Name -match "pfx" }).FullName

From 8d9079418d16956ca6570d203b29cb1b5033fbc9 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 4 Jun 2025 12:20:30 -0600
Subject: [PATCH 247/346] resolve path

---
 .../Private/CertGeneration/Invoke-UserCertProcess.ps1       | 6 +++---
 .../Radius/Functions/Public/Start-DeployUserCerts.ps1       | 4 ++--
 .../Radius/Functions/Public/Start-GenerateRootCert.ps1      | 4 ++--
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Private/CertGeneration/Invoke-UserCertProcess.ps1 b/scripts/automation/Radius/Functions/Private/CertGeneration/Invoke-UserCertProcess.ps1
index 331f6a23f..1ee3f3e54 100644
--- a/scripts/automation/Radius/Functions/Private/CertGeneration/Invoke-UserCertProcess.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertGeneration/Invoke-UserCertProcess.ps1
@@ -85,7 +85,7 @@ Function Invoke-UserCertProcess {
             #TODO: cert should be written with $($global:JCRConfig.certType.value), if other certs exist, remove them.
             $CertInfo = Get-CertInfo -UserCerts -username $MatchedUser.username
             if ($CertInfo.count -gt 1) {
-                $foundCerts = Get-ChildItem -path "$($global:JCRConfig.radiusDirectory.value)/UserCerts/$($MatchedUser.username)-*.crt"
+                $foundCerts = Get-ChildItem -path (Resolve-Path -path "$($global:JCRConfig.radiusDirectory.value)/UserCerts/$($MatchedUser.username)-*.crt")
                 $orderedCerts = $foundCerts | Sort-Object -Property LastWriteTime -Descending | select -Skip 1
                 foreach ($cert in $orderedCerts) {
                     Remove-Item $cert.FullName
@@ -111,9 +111,9 @@ Function Invoke-UserCertProcess {
     end {
         #TODO: eventually add message if we fail to generate a command
         $resultTable = [ordered]@{
-            'Username'       = $MatchedUser.username;
+            'Username'       = $($MatchedUser.username);
             'Cert Action'    = $cert_action;
-            'Generated Date' = $certInfo.generated;
+            'Generated Date' = $($certInfo.generated);
         }
 
         return $resultTable
diff --git a/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1 b/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1
index 7865c741f..43be74927 100644
--- a/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1
+++ b/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1
@@ -109,7 +109,7 @@ function Start-DeployUserCerts {
                     $workDoneArray = $using:workDoneArray
 
                     # import the private functions:
-                    $Private = @( Get-ChildItem -Path "$JCScriptRoot/Functions/Private/*.ps1" -Recurse)
+                    $Private = @( Get-ChildItem -Path (Resolve-Path -path "$JCScriptRoot/Functions/Private/*.ps1") -Recurse)
                     Foreach ($Import in $Private) {
                         Try {
                             . $Import.FullName
@@ -184,7 +184,7 @@ function Start-DeployUserCerts {
                     $workDoneArray = $using:workDoneArray
 
                     # import the private functions:
-                    $Private = @( Get-ChildItem -Path "$JCScriptRoot/Functions/Private/*.ps1" -Recurse)
+                    $Private = @( Get-ChildItem -Path (Resolve-Path -path "$JCScriptRoot/Functions/Private/*.ps1") -Recurse)
                     Foreach ($Import in $Private) {
                         Try {
                             . $Import.FullName
diff --git a/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1 b/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1
index 52c7009a6..bb5a7182f 100644
--- a/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1
+++ b/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1
@@ -154,7 +154,7 @@ Function Start-GenerateRootCert {
                         Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) x509 -in `"$outCA`" -noout -text"
                         # openssl x509 -in ca-cert.pem -noout -text
                         # Update Extensions Distinguished Names:
-                        $exts = Get-ChildItem -Path "$JCScriptRoot/Extensions"
+                        $exts = Get-ChildItem -Path (Resolve-Path -path "$JCScriptRoot/Extensions")
                         foreach ($ext in $exts) {
                             Write-Host "Updating Subject Headers for $($ext.Name)"
                             $extContent = Get-Content -Path $ext.FullName -Raw
@@ -219,7 +219,7 @@ CN = $($($global:JCRConfig.certSubjectHeaderCommonName.value))
                 Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) x509 -in `"$outCA`" -noout -text"
                 # openssl x509 -in ca-cert.pem -noout -text
                 # Update Extensions Distinguished Names:
-                $exts = Get-ChildItem -Path "$JCScriptRoot/Extensions"
+                $exts = Get-ChildItem -Path (Resolve-Path -path "$JCScriptRoot/Extensions")
                 foreach ($ext in $exts) {
                     Write-Host "Updating Subject Headers for $($ext.Name)"
                     $extContent = Get-Content -Path $ext.FullName -Raw

From 9b98560dfc1341e22ab031a96089a83070d6bc58 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 4 Jun 2025 12:27:24 -0600
Subject: [PATCH 248/346] update filter

---
 .../Functions/Private/CertDeployment/Deploy-UserCertificate.ps1 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1 b/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
index 975a370bb..de90dc656 100644
--- a/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
@@ -93,7 +93,7 @@ function Deploy-UserCertificate {
 
             # Get the users certificate Details:
             # Get certificate and zip to upload to Commands
-            $userCertFiles = Get-ChildItem -Path (Resolve-Path -Path "$($global:JCRConfig.radiusDirectory.value)/UserCerts" -Filter "$($user.userName)-*")
+            $userCertFiles = Get-ChildItem -Path (Resolve-Path -Path "$($global:JCRConfig.radiusDirectory.value)/UserCerts") -Filter "$($user.userName)-*"
             # set crt and pfx filepaths
             $userCrt = ($userCertFiles | Where-Object { $_.Name -match "crt" }).FullName
             $userPfx = ($userCertFiles | Where-Object { $_.Name -match "pfx" }).FullName

From 5e0eb5a6d0c848eff96f89eb47c6069a42ecf23d Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 4 Jun 2025 12:28:11 -0600
Subject: [PATCH 249/346] cert info debugging

---
 .../Functions/Private/CertDeployment/Get-CertInfo.ps1    | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1 b/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1
index b9282bfaa..ed58ee66a 100644
--- a/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1
@@ -18,12 +18,21 @@ function Get-CertInfo {
         }
 
         if ($UserCerts) {
+
             # Find all userCert paths
             if ($username) {
                 $foundCerts = Resolve-Path -Path "$($global:JCRConfig.radiusDirectory.value)/UserCerts/$username-$($global:JCRConfig.certType.value)*.crt" -ErrorAction SilentlyContinue
+                # print the number of Radius Members in the Array
+                if ($foundCerts) {
+                    Write-Host "Found $($foundCerts.Count) Radius Member certificate(s) for user: $username"
+                } else {
+                    Write-Host "No Radius Member certificate found for user: $username"
+                }
 
             } else {
                 $foundCerts = New-Object System.Collections.ArrayList
+                # print the number of Radius Members in the Array
+                Write-Host "Found $($global:JCRRadiusMembers.username.Count) Radius Members in the Array"
                 $global:JCRRadiusMembers.username | ForEach-Object {
                     $foundCert = Resolve-Path -Path "$($global:JCRConfig.radiusDirectory.value)/UserCerts/$_-$($global:JCRConfig.certType.value)*.crt" -ErrorAction SilentlyContinue
                     if ($foundCert) {

From 49cee6cd6759f70b9071eb59244da973f32dad46 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 4 Jun 2025 12:40:55 -0600
Subject: [PATCH 250/346] debug with radius directory

---
 .../Radius/Functions/Public/Start-GenerateUserCerts.ps1         | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/scripts/automation/Radius/Functions/Public/Start-GenerateUserCerts.ps1 b/scripts/automation/Radius/Functions/Public/Start-GenerateUserCerts.ps1
index 7d088a3df..4906ac038 100644
--- a/scripts/automation/Radius/Functions/Public/Start-GenerateUserCerts.ps1
+++ b/scripts/automation/Radius/Functions/Public/Start-GenerateUserCerts.ps1
@@ -21,6 +21,8 @@ function Start-GenerateUserCerts {
         Get-JCRGlobalVars
         $Global:JCRSettings.sessionImport = $true
     }
+    Write-Host "[status] Starting User Certificate Generation"
+    Write-Host "[status] Using Radius Directory: $($global:JCRConfig.radiusDirectory.value)"
     #### begin function setup:
     # Check if CA-Key is saved in env
     if ($env:certKeyPassword) {

From 70207b808f946063cc5394341776312dec3cdb7d Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 4 Jun 2025 12:41:52 -0600
Subject: [PATCH 251/346] cert info warning

---
 .../Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1   | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1 b/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1
index ed58ee66a..abf2f70a0 100644
--- a/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1
@@ -26,7 +26,8 @@ function Get-CertInfo {
                 if ($foundCerts) {
                     Write-Host "Found $($foundCerts.Count) Radius Member certificate(s) for user: $username"
                 } else {
-                    Write-Host "No Radius Member certificate found for user: $username"
+                    Write-Warning "No Radius Member certificate found for user: $username"
+                    Write-Warning "location: $($global:JCRConfig.radiusDirectory.value)/UserCerts/$username-$($global:JCRConfig.certType.value)*.crt"
                 }
 
             } else {

From be15b8ef7b4cfd482c9256d16222a73ae13eb96d Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 4 Jun 2025 12:49:53 -0600
Subject: [PATCH 252/346] additional debug

---
 .../Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1 | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1 b/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1
index abf2f70a0..9493d2955 100644
--- a/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1
@@ -38,6 +38,10 @@ function Get-CertInfo {
                     $foundCert = Resolve-Path -Path "$($global:JCRConfig.radiusDirectory.value)/UserCerts/$_-$($global:JCRConfig.certType.value)*.crt" -ErrorAction SilentlyContinue
                     if ($foundCert) {
                         $foundCerts.Add($foundCert) | Out-Null
+                    } else {
+
+                        Write-Warning "No Radius Member certificate found for user: $_"
+                        Write-Warning "location: $($global:JCRConfig.radiusDirectory.value)/UserCerts/$_-$($global:JCRConfig.certType.value)*.crt"
                     }
 
                 }
@@ -49,6 +53,7 @@ function Get-CertInfo {
     process {
         # If no cert is found, return null
         if (!$foundCerts) {
+            Write-Warning "No certificates found in $($global:JCRConfig.radiusDirectory.value)/Cert or $($global:JCRConfig.radiusDirectory.value)/UserCerts"
             $certHash = $null
         } else {
             if ($RootCA) {

From 3e81dfe0ffd62f52482d4e3d0cfa22579bab5b74 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 4 Jun 2025 12:51:42 -0600
Subject: [PATCH 253/346] no need to setup org for module validation

---
 scripts/automation/Radius/Tests/Invoke-Pester.ps1 | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/scripts/automation/Radius/Tests/Invoke-Pester.ps1 b/scripts/automation/Radius/Tests/Invoke-Pester.ps1
index e04ff2a96..3ca284a7c 100644
--- a/scripts/automation/Radius/Tests/Invoke-Pester.ps1
+++ b/scripts/automation/Radius/Tests/Invoke-Pester.ps1
@@ -57,10 +57,6 @@ if ($PSCmdlet.ParameterSetName -eq 'ModuleValidation') {
     $PesterRunPaths = @(
         "$PSScriptRoot/ModuleValidation/"
     )
-    $env:JCAPIKEY = $JumpCloudApiKey
-    Connect-JCOnline -JumpCloudApiKey:($env:JCAPIKEY) -force
-    Write-Host "Begin Org Setup Before Tests:"
-    . "$PSScriptRoot/SetupRadiusOrg.ps1"
 } else {
     $env:JCAPIKEY = $JumpCloudApiKey
     Connect-JCOnline -JumpCloudApiKey:($env:JCAPIKEY) -force

From 9f6c644b13b824d229ef1698b7f936097f0e12cf Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 4 Jun 2025 12:51:48 -0600
Subject: [PATCH 254/346] Revert "multiple param sets"

This reverts commit 675ef6651e8f967cc01667a577f2418bc1981c45.
---
 .../automation/Radius/Tests/Invoke-Pester.ps1 | 19 ++++++-------------
 1 file changed, 6 insertions(+), 13 deletions(-)

diff --git a/scripts/automation/Radius/Tests/Invoke-Pester.ps1 b/scripts/automation/Radius/Tests/Invoke-Pester.ps1
index 3ca284a7c..b94c70e53 100644
--- a/scripts/automation/Radius/Tests/Invoke-Pester.ps1
+++ b/scripts/automation/Radius/Tests/Invoke-Pester.ps1
@@ -1,17 +1,10 @@
+# InvokePester.ps1 is intended to be called directly as a file-function
+# There are two parameter sets
 Param(
-    [Parameter(ParameterSetName = 'SingleOrgTests', Mandatory = $true, Position = 0)]
-    [Parameter(ParameterSetName = 'ModuleValidation', Mandatory = $true, Position = 0)]
-    [ValidateNotNullOrEmpty()]
-    [System.String]$JumpCloudApiKey,
-
-    [Parameter(ParameterSetName = 'SingleOrgTests', Mandatory = $false, Position = 1)]
-    [System.String[]]$ExcludeTagList,
-
-    [Parameter(ParameterSetName = 'SingleOrgTests', Mandatory = $false, Position = 2)]
-    [System.String[]]$IncludeTagList,
-
-    [Parameter(ParameterSetName = 'ModuleValidation', Mandatory = $true, Position = 1)]
-    [switch]$ModuleValidation
+    [Parameter(ParameterSetName = 'SingleOrgTests', Mandatory = $true, ValueFromPipelineByPropertyName = $true, Position = 0)][ValidateNotNullOrEmpty()][System.String]$JumpCloudApiKey
+    , [Parameter(ParameterSetName = 'SingleOrgTests', Mandatory = $false, ValueFromPipelineByPropertyName = $true, Position = 1)][System.String[]]$ExcludeTagList
+    , [Parameter(ParameterSetName = 'SingleOrgTests', Mandatory = $false, ValueFromPipelineByPropertyName = $true, Position = 2)][System.String[]]$IncludeTagList
+    , [Parameter(ParameterSetName = 'ModuleValidation', Mandatory = $true, ValueFromPipelineByPropertyName = $true, Position = 3)][switch]$ModuleValidation
 )
 
 

From d85237b9394b1be837fdd75f719a00c99cac8baf Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 4 Jun 2025 13:04:34 -0600
Subject: [PATCH 255/346] resolve path

---
 .../Private/CertGeneration/Generate-UserCert.ps1       | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Private/CertGeneration/Generate-UserCert.ps1 b/scripts/automation/Radius/Functions/Private/CertGeneration/Generate-UserCert.ps1
index f3ea4e123..c41d0aa25 100644
--- a/scripts/automation/Radius/Functions/Private/CertGeneration/Generate-UserCert.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertGeneration/Generate-UserCert.ps1
@@ -33,13 +33,13 @@ function Generate-UserCert {
     }
     process {
         # Set Extension Path
-        $ExtensionPath = "$($global:JCRConfig.radiusDirectory.value)/Extensions/extensions-$($certType).cnf"
+        $ExtensionPath = Resolve-Path -path ("$($global:JCRConfig.radiusDirectory.value)/Extensions/extensions-$($certType).cnf")
         # User Certificate Signing Request:
-        $userCSR = "$($global:JCRConfig.radiusDirectory.value)/UserCerts/$($user.username)-cert-req.csr"
+        $userCSR = Resolve-Path -Path  ("$($global:JCRConfig.radiusDirectory.value)/UserCerts/$($user.username)-cert-req.csr")
         # Set key, crt, pfx variables:
-        $userKey = "$($global:JCRConfig.radiusDirectory.value)/UserCerts/$($user.username)-$($certType)-client-signed.key"
-        $userCert = "$($global:JCRConfig.radiusDirectory.value)/UserCerts/$($user.username)-$($certType)-client-signed-cert.crt"
-        $userPfx = "$($global:JCRConfig.radiusDirectory.value)/UserCerts/$($user.username)-client-signed.pfx"
+        $userKey = Resolve-Path -Path  ("$($global:JCRConfig.radiusDirectory.value)/UserCerts/$($user.username)-$($certType)-client-signed.key")
+        $userCert = Resolve-Path -Path  ("$($global:JCRConfig.radiusDirectory.value)/UserCerts/$($user.username)-$($certType)-client-signed-cert.crt")
+        $userPfx = Resolve-Path -Path  ("$($global:JCRConfig.radiusDirectory.value)/UserCerts/$($user.username)-client-signed.pfx")
 
         switch ($certType) {
             'EmailSAN' {

From 370a4d2f0d129d958b24f01c4c27d58a72713321 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 4 Jun 2025 13:07:14 -0600
Subject: [PATCH 256/346] update radius module tests

---
 .github/workflows/radius-module-ci.yml | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/.github/workflows/radius-module-ci.yml b/.github/workflows/radius-module-ci.yml
index fa7bdc487..cefe36c0b 100644
--- a/.github/workflows/radius-module-ci.yml
+++ b/.github/workflows/radius-module-ci.yml
@@ -121,12 +121,10 @@ jobs:
           path: "~/.local/share/powershell/Modules/"
           key: PS-Radius-Dependencies
       - env:
-          PESTER_APIKEY: ${{ secrets.PESTER_APIKEY }}
-          PESTER_ORGID: ${{ secrets.PESTER_ORGID }}
           RELEASE_TYPE: ${{ needs.Check-PR-Labels.outputs.RELEASE_TYPE }}
         shell: pwsh
         run: |
-          . "./scripts/automation/Radius/Tests/Invoke-Pester.ps1" -JumpCloudApiKey "$env:PESTER_APIKEY" -ModuleValidation
+          . "./scripts/automation/Radius/Tests/Invoke-Pester.ps1" -ModuleValidation
   Test-Module:
     needs: ["Setup-Build-Dependencies", "Check-PR-Labels", "Validate-Module"]
     runs-on: ubuntu-latest

From a175860d74ba6597ca6b6a918521918ee5e4210d Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 4 Jun 2025 13:14:47 -0600
Subject: [PATCH 257/346] test path and show

---
 .../Radius/Functions/Public/Start-GenerateUserCerts.ps1      | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/scripts/automation/Radius/Functions/Public/Start-GenerateUserCerts.ps1 b/scripts/automation/Radius/Functions/Public/Start-GenerateUserCerts.ps1
index 4906ac038..9c8a5c7ea 100644
--- a/scripts/automation/Radius/Functions/Public/Start-GenerateUserCerts.ps1
+++ b/scripts/automation/Radius/Functions/Public/Start-GenerateUserCerts.ps1
@@ -52,6 +52,11 @@ function Start-GenerateUserCerts {
         Write-Host "[status] Creating User Cert Directory"
         New-Item -ItemType Directory -Path "$($global:JCRConfig.radiusDirectory.value)/UserCerts"
         Write-Host "[status] User Cert Directory Created at: $($global:JCRConfig.radiusDirectory.value)/UserCerts"
+        if (Test-Path ("$($global:JCRConfig.radiusDirectory.value)/UserCerts")) {
+            Write-Host "[status] User Cert Directory Created Successfully"
+        } else {
+            Write-Warning "[error] User Cert Directory could not be created at: $($global:JCRConfig.radiusDirectory.value)/UserCerts"
+        }
     }
     #### end function setup
 

From c3b63e28fcd7d2c735027814e9709c48fbc52da6 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 4 Jun 2025 13:20:13 -0600
Subject: [PATCH 258/346] don't re-direct output and resolve path

---
 .../Functions/Private/CertGeneration/Invoke-UserCertProcess.ps1 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/automation/Radius/Functions/Private/CertGeneration/Invoke-UserCertProcess.ps1 b/scripts/automation/Radius/Functions/Private/CertGeneration/Invoke-UserCertProcess.ps1
index 1ee3f3e54..50bffb567 100644
--- a/scripts/automation/Radius/Functions/Private/CertGeneration/Invoke-UserCertProcess.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertGeneration/Invoke-UserCertProcess.ps1
@@ -78,7 +78,7 @@ Function Invoke-UserCertProcess {
     process {
         # if writeCert, generate the cert
         if ($writeCert) {
-            Generate-UserCert -CertType $($global:JCRConfig.certType.value) -user $MatchedUser -rootCAKey "$($global:JCRConfig.radiusDirectory.value)/Cert/radius_ca_key.pem" -rootCA "$($global:JCRConfig.radiusDirectory.value)/Cert/radius_ca_cert.pem" 2>&1 | out-null
+            Generate-UserCert -CertType $($global:JCRConfig.certType.value) -user $MatchedUser -rootCAKey (Resolve-Path -path "$($global:JCRConfig.radiusDirectory.value)/Cert/radius_ca_key.pem") -rootCA (Resolve-Path -path "$($global:JCRConfig.radiusDirectory.value)/Cert/radius_ca_cert.pem") # 2>&1 | out-null
             # validate that the cert was written correctly:
             #TODO: validate and return as variable
 

From b8b85414ede9b2874ebd6b4c3daaf6cd44afe3d3 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 4 Jun 2025 13:27:02 -0600
Subject: [PATCH 259/346] case sensitive extension file

---
 .../Functions/Private/CertGeneration/Generate-UserCert.ps1   | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/scripts/automation/Radius/Functions/Private/CertGeneration/Generate-UserCert.ps1 b/scripts/automation/Radius/Functions/Private/CertGeneration/Generate-UserCert.ps1
index c41d0aa25..f10475b98 100644
--- a/scripts/automation/Radius/Functions/Private/CertGeneration/Generate-UserCert.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertGeneration/Generate-UserCert.ps1
@@ -30,6 +30,11 @@ function Generate-UserCert {
             Throw "RootCA could not be found in project directory, have you run Generate-Cert.ps1?"
             exit 1
         }
+        # hack for linux:
+        # if the first character of the $certType is uppercase, convert it to lowercase
+        if ($certType -match '^[A-Z]') {
+            $certType = $certType.ToLower()
+        }
     }
     process {
         # Set Extension Path

From c67d8e9ec87498255924573a1d7bcf3b97085b7d Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 4 Jun 2025 13:36:29 -0600
Subject: [PATCH 260/346] case insensitive extension path

---
 .../Private/CertGeneration/Generate-UserCert.ps1  | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Private/CertGeneration/Generate-UserCert.ps1 b/scripts/automation/Radius/Functions/Private/CertGeneration/Generate-UserCert.ps1
index f10475b98..48c760956 100644
--- a/scripts/automation/Radius/Functions/Private/CertGeneration/Generate-UserCert.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertGeneration/Generate-UserCert.ps1
@@ -30,16 +30,17 @@ function Generate-UserCert {
             Throw "RootCA could not be found in project directory, have you run Generate-Cert.ps1?"
             exit 1
         }
-        # hack for linux:
-        # if the first character of the $certType is uppercase, convert it to lowercase
-        if ($certType -match '^[A-Z]') {
-            $certType = $certType.ToLower()
-        }
     }
     process {
         # Set Extension Path
-        $ExtensionPath = Resolve-Path -path ("$($global:JCRConfig.radiusDirectory.value)/Extensions/extensions-$($certType).cnf")
-        # User Certificate Signing Request:
+        $extensionsDir = Join-Path $global:JCRConfig.radiusDirectory.value "Extensions"
+        $expectedFile = "extensions-$certType.cnf"
+        $ExtensionPath = Get-ChildItem -Path $extensionsDir -Filter "extensions-*.cnf" | Where-Object { $_.Name -ieq $expectedFile } | Select-Object -First 1
+
+        if (-not $ExtensionPath) {
+            Throw "Extension file '$expectedFile' not found in '$extensionsDir'."
+        }
+        $ExtensionPath = $ExtensionPath.FullName        # User Certificate Signing Request:
         $userCSR = Resolve-Path -Path  ("$($global:JCRConfig.radiusDirectory.value)/UserCerts/$($user.username)-cert-req.csr")
         # Set key, crt, pfx variables:
         $userKey = Resolve-Path -Path  ("$($global:JCRConfig.radiusDirectory.value)/UserCerts/$($user.username)-$($certType)-client-signed.key")

From 02225b5cf90af3f9486f763b26669db8d7cab98c Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 4 Jun 2025 13:45:30 -0600
Subject: [PATCH 261/346] Case sensitive

---
 .../Private/CertGeneration/Generate-UserCert.ps1  | 15 +++++++++------
 .../Private/System/Get-CaseInsensitiveFile.ps1    | 11 +++++++++++
 2 files changed, 20 insertions(+), 6 deletions(-)
 create mode 100644 scripts/automation/Radius/Functions/Private/System/Get-CaseInsensitiveFile.ps1

diff --git a/scripts/automation/Radius/Functions/Private/CertGeneration/Generate-UserCert.ps1 b/scripts/automation/Radius/Functions/Private/CertGeneration/Generate-UserCert.ps1
index 48c760956..ebe8c9fd6 100644
--- a/scripts/automation/Radius/Functions/Private/CertGeneration/Generate-UserCert.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertGeneration/Generate-UserCert.ps1
@@ -40,12 +40,15 @@ function Generate-UserCert {
         if (-not $ExtensionPath) {
             Throw "Extension file '$expectedFile' not found in '$extensionsDir'."
         }
-        $ExtensionPath = $ExtensionPath.FullName        # User Certificate Signing Request:
-        $userCSR = Resolve-Path -Path  ("$($global:JCRConfig.radiusDirectory.value)/UserCerts/$($user.username)-cert-req.csr")
-        # Set key, crt, pfx variables:
-        $userKey = Resolve-Path -Path  ("$($global:JCRConfig.radiusDirectory.value)/UserCerts/$($user.username)-$($certType)-client-signed.key")
-        $userCert = Resolve-Path -Path  ("$($global:JCRConfig.radiusDirectory.value)/UserCerts/$($user.username)-$($certType)-client-signed-cert.crt")
-        $userPfx = Resolve-Path -Path  ("$($global:JCRConfig.radiusDirectory.value)/UserCerts/$($user.username)-client-signed.pfx")
+        $ExtensionPath = $ExtensionPath.FullName
+
+        # User Certificate Signing Request:
+        $userCertsDir = Join-Path $global:JCRConfig.radiusDirectory.value "UserCerts"
+        $userCSR = Get-CaseInsensitiveFile -Directory $userCertsDir -FileName "$($user.username)-cert-req.csr"
+        $userKey = Get-CaseInsensitiveFile -Directory $userCertsDir -FileName "$($user.username)-$($certType)-client-signed.key"
+        $userCert = Get-CaseInsensitiveFile -Directory $userCertsDir -FileName "$($user.username)-$($certType)-client-signed-cert.crt"
+        $userPfx = Get-CaseInsensitiveFile -Directory $userCertsDir -FileName "$($user.username)-client-signed.pfx"
+
 
         switch ($certType) {
             'EmailSAN' {
diff --git a/scripts/automation/Radius/Functions/Private/System/Get-CaseInsensitiveFile.ps1 b/scripts/automation/Radius/Functions/Private/System/Get-CaseInsensitiveFile.ps1
new file mode 100644
index 000000000..28041287b
--- /dev/null
+++ b/scripts/automation/Radius/Functions/Private/System/Get-CaseInsensitiveFile.ps1
@@ -0,0 +1,11 @@
+function Get-CaseInsensitiveFile {
+    param (
+        [Parameter(Mandatory)]
+        [string]$Directory,
+        [Parameter(Mandatory)]
+        [string]$FileName
+    )
+    $file = Get-ChildItem -Path $Directory -File | Where-Object { $_.Name -ieq $FileName } | Select-Object -First 1
+    if ($file) { return $file.FullName }
+    else { return (Join-Path $Directory $FileName) } # If not found, return the intended path for creation
+}
\ No newline at end of file

From 822b451d5f852d554f741f8a63f867845c8bad63 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 4 Jun 2025 14:08:01 -0600
Subject: [PATCH 262/346] case insensitive cert info

---
 .../Private/CertDeployment/Get-CertInfo.ps1         | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1 b/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1
index 9493d2955..ca3a660c0 100644
--- a/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1
@@ -14,14 +14,18 @@ function Get-CertInfo {
     begin {
         if ($RootCA) {
             # Find the RootCA Path
-            $foundCerts = Resolve-Path -Path "$($global:JCRConfig.radiusDirectory.value)/Cert/*cert*.pem" -ErrorAction SilentlyContinue
+            $certsDir = Join-Path $global:JCRConfig.radiusDirectory.value "Cert"
+            $foundCerts = Get-CaseInsensitiveFile -Directory $certsDir -FileName "*cert*.pem"
+            # $foundCerts = Resolve-Path -Path "$($global:JCRConfig.radiusDirectory.value)/Cert/*cert*.pem" -ErrorAction SilentlyContinue
         }
 
         if ($UserCerts) {
 
             # Find all userCert paths
+            $userCertsDir = Join-Path $global:JCRConfig.radiusDirectory.value "UserCerts"
             if ($username) {
-                $foundCerts = Resolve-Path -Path "$($global:JCRConfig.radiusDirectory.value)/UserCerts/$username-$($global:JCRConfig.certType.value)*.crt" -ErrorAction SilentlyContinue
+                $foundCerts = Get-CaseInsensitiveFile -Directory $userCertsDir -FileName "$username-$($global:JCRConfig.certType.value)*.crt"
+                # $foundCerts = Resolve-Path -Path "$($global:JCRConfig.radiusDirectory.value)/UserCerts/$username-$($global:JCRConfig.certType.value)*.crt" -ErrorAction SilentlyContinue
                 # print the number of Radius Members in the Array
                 if ($foundCerts) {
                     Write-Host "Found $($foundCerts.Count) Radius Member certificate(s) for user: $username"
@@ -35,13 +39,14 @@ function Get-CertInfo {
                 # print the number of Radius Members in the Array
                 Write-Host "Found $($global:JCRRadiusMembers.username.Count) Radius Members in the Array"
                 $global:JCRRadiusMembers.username | ForEach-Object {
-                    $foundCert = Resolve-Path -Path "$($global:JCRConfig.radiusDirectory.value)/UserCerts/$_-$($global:JCRConfig.certType.value)*.crt" -ErrorAction SilentlyContinue
+                    $foundCert = Get-CaseInsensitiveFile -Directory $userCertsDir -FileName "$_-$($global:JCRConfig.certType.value)*.crt"
+                    # $foundCert = Resolve-Path -Path "$($global:JCRConfig.radiusDirectory.value)/UserCerts/$_-$($global:JCRConfig.certType.value)*.crt" -ErrorAction SilentlyContinue
                     if ($foundCert) {
                         $foundCerts.Add($foundCert) | Out-Null
                     } else {
 
                         Write-Warning "No Radius Member certificate found for user: $_"
-                        Write-Warning "location: $($global:JCRConfig.radiusDirectory.value)/UserCerts/$_-$($global:JCRConfig.certType.value)*.crt"
+                        Write-Warning "location: $($userCertsDir)/$_-$($global:JCRConfig.certType.value)*.crt"
                     }
 
                 }

From c4bc212ca49caa389f692f707e9507f111a395b6 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Thu, 5 Jun 2025 09:26:43 -0600
Subject: [PATCH 263/346] create dirs on import

---
 scripts/automation/Radius/JumpCloud.Radius.psm1 | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/scripts/automation/Radius/JumpCloud.Radius.psm1 b/scripts/automation/Radius/JumpCloud.Radius.psm1
index 9be032a2a..f60ab6be5 100644
--- a/scripts/automation/Radius/JumpCloud.Radius.psm1
+++ b/scripts/automation/Radius/JumpCloud.Radius.psm1
@@ -176,4 +176,19 @@ $global:JCRConfig = Get-JCRConfigFile -asObject
 Confirm-JCRConfigFile -loadModule
 
 # TODO: Check the OpenSSL version
-# Get-OpenSSLVersion -opensslBinary $global:JCRConfig.openSSLBinary.value
\ No newline at end of file
+# Get-OpenSSLVersion -opensslBinary $global:JCRConfig.openSSLBinary.value
+
+# create required cert directories if they do not exist
+# if the radiusDirectory variable is not null, create the directories
+if (-not $global:JCRConfig.radiusDirectory.value) {
+    Write-Warning "The radiusDirectory variable is not set in the configuration file."
+} else {
+    $userCertDir = Join-Path -Path $global:JCRConfig.radiusDirectory.value -ChildPath "UserCerts"
+    if (-not (Test-Path -Path $userCertDir)) {
+        New-Item -Path $userCertDir -ItemType Directory | Out-Null
+    }
+    $caCertDir = Join-Path -Path $global:JCRConfig.radiusDirectory.value -ChildPath "Cert"
+    if (-not (Test-Path -Path $caCertDir)) {
+        New-Item -Path $caCertDir -ItemType Directory | Out-Null
+    }
+}
\ No newline at end of file

From b55040fc211b27aeec42400b539a570ca2611126 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Thu, 5 Jun 2025 09:33:02 -0600
Subject: [PATCH 264/346] Revert "create dirs on import"

This reverts commit c4bc212ca49caa389f692f707e9507f111a395b6.
---
 scripts/automation/Radius/JumpCloud.Radius.psm1 | 17 +----------------
 1 file changed, 1 insertion(+), 16 deletions(-)

diff --git a/scripts/automation/Radius/JumpCloud.Radius.psm1 b/scripts/automation/Radius/JumpCloud.Radius.psm1
index f60ab6be5..9be032a2a 100644
--- a/scripts/automation/Radius/JumpCloud.Radius.psm1
+++ b/scripts/automation/Radius/JumpCloud.Radius.psm1
@@ -176,19 +176,4 @@ $global:JCRConfig = Get-JCRConfigFile -asObject
 Confirm-JCRConfigFile -loadModule
 
 # TODO: Check the OpenSSL version
-# Get-OpenSSLVersion -opensslBinary $global:JCRConfig.openSSLBinary.value
-
-# create required cert directories if they do not exist
-# if the radiusDirectory variable is not null, create the directories
-if (-not $global:JCRConfig.radiusDirectory.value) {
-    Write-Warning "The radiusDirectory variable is not set in the configuration file."
-} else {
-    $userCertDir = Join-Path -Path $global:JCRConfig.radiusDirectory.value -ChildPath "UserCerts"
-    if (-not (Test-Path -Path $userCertDir)) {
-        New-Item -Path $userCertDir -ItemType Directory | Out-Null
-    }
-    $caCertDir = Join-Path -Path $global:JCRConfig.radiusDirectory.value -ChildPath "Cert"
-    if (-not (Test-Path -Path $caCertDir)) {
-        New-Item -Path $caCertDir -ItemType Directory | Out-Null
-    }
-}
\ No newline at end of file
+# Get-OpenSSLVersion -opensslBinary $global:JCRConfig.openSSLBinary.value
\ No newline at end of file

From 082b59fd2c6328325883548c0107aa0692fde1dd Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Thu, 5 Jun 2025 09:33:17 -0600
Subject: [PATCH 265/346] Revert "case insensitive cert info"

This reverts commit 822b451d5f852d554f741f8a63f867845c8bad63.
---
 .../Private/CertDeployment/Get-CertInfo.ps1         | 13 ++++---------
 1 file changed, 4 insertions(+), 9 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1 b/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1
index ca3a660c0..9493d2955 100644
--- a/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1
@@ -14,18 +14,14 @@ function Get-CertInfo {
     begin {
         if ($RootCA) {
             # Find the RootCA Path
-            $certsDir = Join-Path $global:JCRConfig.radiusDirectory.value "Cert"
-            $foundCerts = Get-CaseInsensitiveFile -Directory $certsDir -FileName "*cert*.pem"
-            # $foundCerts = Resolve-Path -Path "$($global:JCRConfig.radiusDirectory.value)/Cert/*cert*.pem" -ErrorAction SilentlyContinue
+            $foundCerts = Resolve-Path -Path "$($global:JCRConfig.radiusDirectory.value)/Cert/*cert*.pem" -ErrorAction SilentlyContinue
         }
 
         if ($UserCerts) {
 
             # Find all userCert paths
-            $userCertsDir = Join-Path $global:JCRConfig.radiusDirectory.value "UserCerts"
             if ($username) {
-                $foundCerts = Get-CaseInsensitiveFile -Directory $userCertsDir -FileName "$username-$($global:JCRConfig.certType.value)*.crt"
-                # $foundCerts = Resolve-Path -Path "$($global:JCRConfig.radiusDirectory.value)/UserCerts/$username-$($global:JCRConfig.certType.value)*.crt" -ErrorAction SilentlyContinue
+                $foundCerts = Resolve-Path -Path "$($global:JCRConfig.radiusDirectory.value)/UserCerts/$username-$($global:JCRConfig.certType.value)*.crt" -ErrorAction SilentlyContinue
                 # print the number of Radius Members in the Array
                 if ($foundCerts) {
                     Write-Host "Found $($foundCerts.Count) Radius Member certificate(s) for user: $username"
@@ -39,14 +35,13 @@ function Get-CertInfo {
                 # print the number of Radius Members in the Array
                 Write-Host "Found $($global:JCRRadiusMembers.username.Count) Radius Members in the Array"
                 $global:JCRRadiusMembers.username | ForEach-Object {
-                    $foundCert = Get-CaseInsensitiveFile -Directory $userCertsDir -FileName "$_-$($global:JCRConfig.certType.value)*.crt"
-                    # $foundCert = Resolve-Path -Path "$($global:JCRConfig.radiusDirectory.value)/UserCerts/$_-$($global:JCRConfig.certType.value)*.crt" -ErrorAction SilentlyContinue
+                    $foundCert = Resolve-Path -Path "$($global:JCRConfig.radiusDirectory.value)/UserCerts/$_-$($global:JCRConfig.certType.value)*.crt" -ErrorAction SilentlyContinue
                     if ($foundCert) {
                         $foundCerts.Add($foundCert) | Out-Null
                     } else {
 
                         Write-Warning "No Radius Member certificate found for user: $_"
-                        Write-Warning "location: $($userCertsDir)/$_-$($global:JCRConfig.certType.value)*.crt"
+                        Write-Warning "location: $($global:JCRConfig.radiusDirectory.value)/UserCerts/$_-$($global:JCRConfig.certType.value)*.crt"
                     }
 
                 }

From 87fe2af55f8e104fce0365700e428796682054e8 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Thu, 5 Jun 2025 10:37:29 -0600
Subject: [PATCH 266/346] no need to import private functions here

---
 .../Radius/Functions/Public/Start-DeployUserCerts.ps1  | 10 ----------
 1 file changed, 10 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1 b/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1
index 43be74927..496b34e00 100644
--- a/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1
+++ b/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1
@@ -108,16 +108,6 @@ function Start-DeployUserCerts {
                     $resultArray = $using:resultArray
                     $workDoneArray = $using:workDoneArray
 
-                    # import the private functions:
-                    $Private = @( Get-ChildItem -Path (Resolve-Path -path "$JCScriptRoot/Functions/Private/*.ps1") -Recurse)
-                    Foreach ($Import in $Private) {
-                        Try {
-                            . $Import.FullName
-                        } Catch {
-                            Write-Error -Message "Failed to import function $($Import.FullName): $_"
-                        }
-                    }
-
                     # deploy user certs:
                     $result, $workDone = Deploy-UserCertificate -userObject $_ -forceInvokeCommands $using:invokeCommands -forceGenerateCommands $using:generateCommands
                     # keep track of results & work done

From 2310cd41c14097e25d9345cec9db1bab8d720ac8 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Thu, 5 Jun 2025 11:04:17 -0600
Subject: [PATCH 267/346] for parallel threads import the private functions

---
 .../Functions/Public/Start-DeployUserCerts.ps1   | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1 b/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1
index 496b34e00..34b8cf760 100644
--- a/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1
+++ b/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1
@@ -97,6 +97,16 @@ function Start-DeployUserCerts {
                     $JCORGID = $using:JCORGID
                     $JCScriptRoot = $using:JCScriptRoot
 
+                    # Import the private functions
+                    $Private = @( Get-ChildItem -Path (Resolve-Path -path "$JCScriptRoot/Functions/Private/*.ps1") -Recurse )
+                    foreach ($Import in $Private) {
+                        Try {
+                            . $Import.FullName
+                        } Catch {
+                            Write-Error -Message "Failed to import function $($Import.FullName): $_"
+                        }
+                    }
+
                     # set the required global variables
                     $Global:JCRUsers = $using:JCRUsers
                     $Global:JCRSystems = $using:JCRSystems
@@ -173,9 +183,9 @@ function Start-DeployUserCerts {
                     $resultArray = $using:resultArray
                     $workDoneArray = $using:workDoneArray
 
-                    # import the private functions:
-                    $Private = @( Get-ChildItem -Path (Resolve-Path -path "$JCScriptRoot/Functions/Private/*.ps1") -Recurse)
-                    Foreach ($Import in $Private) {
+                    # Import the private functions
+                    $Private = @( Get-ChildItem -Path (Resolve-Path -path "$JCScriptRoot/Functions/Private/*.ps1") -Recurse )
+                    foreach ($Import in $Private) {
                         Try {
                             . $Import.FullName
                         } Catch {

From 970c60e49421ead93e3e5138917f0d852fc15520 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Thu, 5 Jun 2025 11:16:17 -0600
Subject: [PATCH 268/346] set script root explicitly

---
 .../Radius/Functions/Public/Start-DeployUserCerts.ps1           | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1 b/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1
index 34b8cf760..b9c2aba92 100644
--- a/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1
+++ b/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1
@@ -30,6 +30,8 @@ function Start-DeployUserCerts {
     $userArray = Get-UserJsonData
     # identify users that need their certs still deployed
     $usersWithoutLatestCert = Get-UsersThatNeedCertWork -userData $userArray
+    # set the script root variable to use for parallel functions:
+    $JCScriptRoot = $Global:JCScriptRoot
 
     do {
         switch ($PSCmdlet.ParameterSetName) {

From 1b32911f83fc8f894d4a6d60b207c30ef9ffbd11 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Thu, 5 Jun 2025 11:21:37 -0600
Subject: [PATCH 269/346] no need to resolve path

---
 .../Radius/Functions/Public/Start-DeployUserCerts.ps1         | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1 b/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1
index b9c2aba92..73a7a1611 100644
--- a/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1
+++ b/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1
@@ -100,7 +100,7 @@ function Start-DeployUserCerts {
                     $JCScriptRoot = $using:JCScriptRoot
 
                     # Import the private functions
-                    $Private = @( Get-ChildItem -Path (Resolve-Path -path "$JCScriptRoot/Functions/Private/*.ps1") -Recurse )
+                    $Private = @( Get-ChildItem -Path "$JCScriptRoot/Functions/Private/*.ps1" -Recurse )
                     foreach ($Import in $Private) {
                         Try {
                             . $Import.FullName
@@ -186,7 +186,7 @@ function Start-DeployUserCerts {
                     $workDoneArray = $using:workDoneArray
 
                     # Import the private functions
-                    $Private = @( Get-ChildItem -Path (Resolve-Path -path "$JCScriptRoot/Functions/Private/*.ps1") -Recurse )
+                    $Private = @( Get-ChildItem -Path "$JCScriptRoot/Functions/Private/*.ps1" -Recurse )
                     foreach ($Import in $Private) {
                         Try {
                             . $Import.FullName

From 2557d62c7e03e814d7dae1753044cfb7c77b5d7a Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Fri, 6 Jun 2025 14:49:33 -0600
Subject: [PATCH 270/346] set global config

---
 .../Radius/Functions/Public/Start-DeployUserCerts.ps1 | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1 b/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1
index 73a7a1611..55c850a71 100644
--- a/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1
+++ b/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1
@@ -175,6 +175,17 @@ function Start-DeployUserCerts {
                     $JCScriptRoot = $using:JCScriptRoot
 
                     # set the required global variables
+                    $global:JCRConfig = @{
+                        'radiusDirectory' = @{
+                            value = $using:JCRConfig.radiusDirectory.value
+                        }
+                        'certType'        = @{
+                            value = $using:JCRConfig.certType.value
+                        }
+                        'openSSLBinary'   = @{
+                            value = $using:JCRConfig.openSSLBinary.value
+                        }
+                    }
                     $Global:JCRUsers = $using:JCRUsers
                     $Global:JCRSystems = $using:JCRSystems
                     $Global:JCRAssociations = $using:JCRAssociations

From 4db66eb1b8facd0bac9246325378e32385f2c010 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Fri, 6 Jun 2025 15:15:45 -0600
Subject: [PATCH 271/346] set global vars

---
 .../Radius/Functions/Public/Start-DeployUserCerts.ps1 | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1 b/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1
index 55c850a71..1f431c55d 100644
--- a/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1
+++ b/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1
@@ -110,6 +110,17 @@ function Start-DeployUserCerts {
                     }
 
                     # set the required global variables
+                    $global:JCRConfig = @{
+                        'radiusDirectory' = @{
+                            value = $using:JCRConfig.radiusDirectory.value
+                        }
+                        'certType'        = @{
+                            value = $using:JCRConfig.certType.value
+                        }
+                        'openSSLBinary'   = @{
+                            value = $using:JCRConfig.openSSLBinary.value
+                        }
+                    }
                     $Global:JCRUsers = $using:JCRUsers
                     $Global:JCRSystems = $using:JCRSystems
                     $Global:JCRAssociations = $using:JCRAssociations

From e93e2222adbfc5001c454dd4bd99924a0a43d50b Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Fri, 6 Jun 2025 15:24:06 -0600
Subject: [PATCH 272/346] user agent

---
 .../Functions/Private/Commands/Clear-JCQueuedCommand.ps1    | 2 +-
 .../Radius/Functions/Public/Start-DeployUserCerts.ps1       | 6 ++++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/scripts/automation/Radius/Functions/Private/Commands/Clear-JCQueuedCommand.ps1 b/scripts/automation/Radius/Functions/Private/Commands/Clear-JCQueuedCommand.ps1
index eb33d1461..c931c7aa4 100644
--- a/scripts/automation/Radius/Functions/Private/Commands/Clear-JCQueuedCommand.ps1
+++ b/scripts/automation/Radius/Functions/Private/Commands/Clear-JCQueuedCommand.ps1
@@ -8,7 +8,7 @@ function Clear-JCQueuedCommand {
             'x-api-key' = $Env:JCApiKey
             'x-org-id'  = $Env:JCOrgId
         }
-        $response = Invoke-RestMethod -Uri "https://console.jumpcloud.com/api/v2/commandqueue/$workflowId" -Method DELETE -Headers $headers -UserAgent $module.PrivateData.settings['userAgent'].value
+        $response = Invoke-RestMethod -Uri "https://console.jumpcloud.com/api/v2/commandqueue/$workflowId" -Method DELETE -Headers $headers -UserAgent $global:JCRSettings.userAgent
     }
     end {
         return $response
diff --git a/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1 b/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1
index 1f431c55d..3c0e38f28 100644
--- a/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1
+++ b/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1
@@ -121,6 +121,9 @@ function Start-DeployUserCerts {
                             value = $using:JCRConfig.openSSLBinary.value
                         }
                     }
+                    $global:JCRSettings = @{
+                        userAgent = $using:JCRSettings.userAgent
+                    }
                     $Global:JCRUsers = $using:JCRUsers
                     $Global:JCRSystems = $using:JCRSystems
                     $Global:JCRAssociations = $using:JCRAssociations
@@ -197,6 +200,9 @@ function Start-DeployUserCerts {
                             value = $using:JCRConfig.openSSLBinary.value
                         }
                     }
+                    $global:JCRSettings = @{
+                        userAgent = $using:JCRSettings.userAgent
+                    }
                     $Global:JCRUsers = $using:JCRUsers
                     $Global:JCRSystems = $using:JCRSystems
                     $Global:JCRAssociations = $using:JCRAssociations

From e30e4dceb4bd8d2cf890a9d8123bfd9cdc6bb2ab Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Mon, 9 Jun 2025 12:12:58 -0600
Subject: [PATCH 273/346] debug logging

---
 .../Private/CertDeployment/Deploy-UserCertificate.ps1         | 4 +++-
 .../Radius/Functions/Private/Settings/Update-JCRUsersJson.ps1 | 3 +++
 .../Radius/Functions/Public/Start-DeployUserCerts.ps1         | 1 +
 3 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1 b/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
index de90dc656..4efefcd9f 100644
--- a/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
@@ -14,7 +14,7 @@ function Deploy-UserCertificate {
         [bool]
         $forceGenerateCommands,
         # prompt replace existing certificate
-        [Parameter(HelpMessage = 'When specified, this parameter will prompt for user imput and ask if generated commands should be invoked on associated systems')]
+        [Parameter(HelpMessage = 'When specified, this parameter will prompt for user input and ask if generated commands should be invoked on associated systems')]
         [switch]
         $prompt
     )
@@ -73,6 +73,8 @@ function Deploy-UserCertificate {
     process {
         foreach ($user in $userObject) {
             ## first determine if the local cert sha is the same as the cert sha in the admin console:
+            Write-Warning "processing user: $($user.username)"
+            Write-Warning "user: $user"
 
             # Get the commands for this user:
             $radiusCommandsByUser = Get-CommandByUsername -username $user.username
diff --git a/scripts/automation/Radius/Functions/Private/Settings/Update-JCRUsersJson.ps1 b/scripts/automation/Radius/Functions/Private/Settings/Update-JCRUsersJson.ps1
index 7732e0d50..f0bcd5183 100644
--- a/scripts/automation/Radius/Functions/Private/Settings/Update-JCRUsersJson.ps1
+++ b/scripts/automation/Radius/Functions/Private/Settings/Update-JCRUsersJson.ps1
@@ -15,6 +15,9 @@ function Update-JCRUsersJson {
             $i++
             Write-Progress -activity "Getting User Certificate Info" -status "$($user.username): $i of $($Global:JCRRadiusMembers.Count)" -percentComplete (($i / $Global:JCRRadiusMembers.Count) * 100)
             $MatchedUser = $GLOBAL:JCRUsers[$user.userID]
+            if (-not $MatchedUser) {
+                Write-Warning "Could not find user with userID: $($user.userID) in JCRUsers"
+            }
             $userArrayObject, $userIndex = Get-UserFromTable -userID $user.userID
             try {
                 $InstalledCerts = $Global:JCRCertHash["$($userArrayObject.certInfo.sha1)"]
diff --git a/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1 b/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1
index 3c0e38f28..eb1f5075a 100644
--- a/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1
+++ b/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1
@@ -282,6 +282,7 @@ function Start-DeployUserCerts {
                     $userObject, $userIndex = Get-UserFromTable -userID $confirmUser.id
                     # Add user to a list for processing
                     $UserSelectionArray = $userArray[$userIndex]
+                    write-warning "Selected User: $($UserSelectionArray.username) with userID: $($UserSelectionArray.userID)"
                     # Process existing commands/ Generate new commands/ Deploy new Certificate
                     switch ($PSCmdlet.ParameterSetName) {
                         'gui' {

From 0fda727a0d4f181eb9586e0a6f9fd84f4fd1f10e Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Mon, 9 Jun 2025 15:00:51 -0600
Subject: [PATCH 274/346] subject headers differences in ubuntu/macOS

---
 .../CertDeployment/Deploy-UserCertificate.ps1 |  2 +-
 .../CertDeployment/Get-SubjectHeaderValue.ps1 | 15 +++++
 .../Public/Start-GenerateRootCert.Tests.ps1   | 56 +++++++++----------
 3 files changed, 44 insertions(+), 29 deletions(-)
 create mode 100644 scripts/automation/Radius/Functions/Private/CertDeployment/Get-SubjectHeaderValue.ps1

diff --git a/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1 b/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
index 4efefcd9f..3c8f64dbb 100644
--- a/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
@@ -325,7 +325,7 @@ function Deploy-UserCertificate {
                     }
                     'EmailDN' {
                         # Else set cert identifier to email of cert subject
-                        $regex = 'emailAddress=(.*?)$'
+                        $regex = 'emailAddress\s*=\s*(.*?)$'
                         $JCR_SUBJECT_HEADERSMatch = Select-String -InputObject "$($certInfo.Subject)" -Pattern $regex
                         $certIdentifier = $JCR_SUBJECT_HEADERSMatch.matches.Groups[1].value
                         # in macOS search user certs by email
diff --git a/scripts/automation/Radius/Functions/Private/CertDeployment/Get-SubjectHeaderValue.ps1 b/scripts/automation/Radius/Functions/Private/CertDeployment/Get-SubjectHeaderValue.ps1
new file mode 100644
index 000000000..14e002659
--- /dev/null
+++ b/scripts/automation/Radius/Functions/Private/CertDeployment/Get-SubjectHeaderValue.ps1
@@ -0,0 +1,15 @@
+# Helper function to extract a subject header value from a subject string
+function Get-SubjectHeaderValue {
+    param (
+        [Parameter(Mandatory)]
+        [string]$SubjectString,
+        [Parameter(Mandatory)]
+        [string]$Header
+    )
+    # Regex: match key, optional spaces, '=', optional spaces, then capture value up to next comma or end
+    $pattern = "$Header\s*=\s*([^,]+)"
+    if ($SubjectString -match $pattern) {
+        return $Matches[1].Trim()
+    }
+    return $null
+}
\ No newline at end of file
diff --git a/scripts/automation/Radius/Tests/Public/Start-GenerateRootCert.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Start-GenerateRootCert.Tests.ps1
index 69a50b239..927de9f26 100644
--- a/scripts/automation/Radius/Tests/Public/Start-GenerateRootCert.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Start-GenerateRootCert.Tests.ps1
@@ -20,13 +20,13 @@ Describe "Generate Root Certificate Tests" -Tag "GenerateRootCert" {
 
             #validate the subject matches what's defined in config:
             $CA_subject = Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) x509 -noout -in $($global:JCRConfig.radiusDirectory.value)/Cert/radius_ca_cert.pem -subject"
-            $CA_subject = $CA_subject.split("subject=").split(",")
-            ($CA_subject | Where-Object { $_ -match "C=" }) | Should -Match $global:JCRConfig.certSubjectHeaderCountryCode.value
-            ($CA_subject | Where-Object { $_ -match "ST=" }) | Should -Match $global:JCRConfig.certSubjectHeaderStateCode.value
-            ($CA_subject | Where-Object { $_ -match "L=" }) | Should -Match $global:JCRConfig.certSubjectHeaderLocality.value
-            ($CA_subject | Where-Object { $_ -match "O=" }) | Should -Match $global:JCRConfig.certSubjectHeaderOrganization.value
-            ($CA_subject | Where-Object { $_ -match "OU=" }) | Should -Match $global:JCRConfig.certSubjectHeaderOrganizationUnit.value
-            ($CA_subject | Where-Object { $_ -match "CN=" }) | Should -Match $global:JCRConfig.certSubjectHeaderCommonName.value
+
+            (Get-SubjectHeaderValue -SubjectString $CA_subject -Header "C")  | Should -Match $global:JCRConfig.certSubjectHeaderCountryCode.value
+            (Get-SubjectHeaderValue -SubjectString $CA_subject -Header "ST") | Should -Match $global:JCRConfig.certSubjectHeaderStateCode.value
+            (Get-SubjectHeaderValue -SubjectString $CA_subject -Header "L")  | Should -Match $global:JCRConfig.certSubjectHeaderLocality.value
+            (Get-SubjectHeaderValue -SubjectString $CA_subject -Header "O")  | Should -Match $global:JCRConfig.certSubjectHeaderOrganization.value
+            (Get-SubjectHeaderValue -SubjectString $CA_subject -Header "OU") | Should -Match $global:JCRConfig.certSubjectHeaderOrganizationUnit.value
+            (Get-SubjectHeaderValue -SubjectString $CA_subject -Header "CN") | Should -Match $global:JCRConfig.certSubjectHeaderCommonName.value
         }
     }
 
@@ -56,13 +56,13 @@ Describe "Generate Root Certificate Tests" -Tag "GenerateRootCert" {
 
             #validate the subject matches what's defined in config:
             $CA_subject = Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) x509 -noout -in $($global:JCRConfig.radiusDirectory.value)/Cert/radius_ca_cert.pem -subject"
-            $CA_subject = $CA_subject.split("subject=").split(",")
-            ($CA_subject | Where-Object { $_ -match "C=" }) | Should -Match $global:JCRConfig.certSubjectHeaderCountryCode.value
-            ($CA_subject | Where-Object { $_ -match "ST=" }) | Should -Match $global:JCRConfig.certSubjectHeaderStateCode.value
-            ($CA_subject | Where-Object { $_ -match "L=" }) | Should -Match $global:JCRConfig.certSubjectHeaderLocality.value
-            ($CA_subject | Where-Object { $_ -match "O=" }) | Should -Match $global:JCRConfig.certSubjectHeaderOrganization.value
-            ($CA_subject | Where-Object { $_ -match "OU=" }) | Should -Match $global:JCRConfig.certSubjectHeaderOrganizationUnit.value
-            ($CA_subject | Where-Object { $_ -match "CN=" }) | Should -Match $global:JCRConfig.certSubjectHeaderCommonName.value
+
+            (Get-SubjectHeaderValue -SubjectString $CA_subject -Header "C")  | Should -Match $global:JCRConfig.certSubjectHeaderCountryCode.value
+            (Get-SubjectHeaderValue -SubjectString $CA_subject -Header "ST") | Should -Match $global:JCRConfig.certSubjectHeaderStateCode.value
+            (Get-SubjectHeaderValue -SubjectString $CA_subject -Header "L")  | Should -Match $global:JCRConfig.certSubjectHeaderLocality.value
+            (Get-SubjectHeaderValue -SubjectString $CA_subject -Header "O")  | Should -Match $global:JCRConfig.certSubjectHeaderOrganization.value
+            (Get-SubjectHeaderValue -SubjectString $CA_subject -Header "OU") | Should -Match $global:JCRConfig.certSubjectHeaderOrganizationUnit.value
+            (Get-SubjectHeaderValue -SubjectString $CA_subject -Header "CN") | Should -Match $global:JCRConfig.certSubjectHeaderCommonName.value
         }
     }
 
@@ -90,13 +90,13 @@ Describe "Generate Root Certificate Tests" -Tag "GenerateRootCert" {
 
             #validate the subject matches what's defined in config:
             $CA_subject = Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) x509 -noout -in $($global:JCRConfig.radiusDirectory.value)/Cert/radius_ca_cert.pem -subject"
-            $CA_subject = $CA_subject.split("subject=").split(",")
-            ($CA_subject | Where-Object { $_ -match "C=" }) | Should -Match $global:JCRConfig.certSubjectHeaderCountryCode.value
-            ($CA_subject | Where-Object { $_ -match "ST=" }) | Should -Match $global:JCRConfig.certSubjectHeaderStateCode.value
-            ($CA_subject | Where-Object { $_ -match "L=" }) | Should -Match $global:JCRConfig.certSubjectHeaderLocality.value
-            ($CA_subject | Where-Object { $_ -match "O=" }) | Should -Match $global:JCRConfig.certSubjectHeaderOrganization.value
-            ($CA_subject | Where-Object { $_ -match "OU=" }) | Should -Match $global:JCRConfig.certSubjectHeaderOrganizationUnit.value
-            ($CA_subject | Where-Object { $_ -match "CN=" }) | Should -Match $global:JCRConfig.certSubjectHeaderCommonName.value
+
+            (Get-SubjectHeaderValue -SubjectString $CA_subject -Header "C")  | Should -Match $global:JCRConfig.certSubjectHeaderCountryCode.value
+            (Get-SubjectHeaderValue -SubjectString $CA_subject -Header "ST") | Should -Match $global:JCRConfig.certSubjectHeaderStateCode.value
+            (Get-SubjectHeaderValue -SubjectString $CA_subject -Header "L")  | Should -Match $global:JCRConfig.certSubjectHeaderLocality.value
+            (Get-SubjectHeaderValue -SubjectString $CA_subject -Header "O")  | Should -Match $global:JCRConfig.certSubjectHeaderOrganization.value
+            (Get-SubjectHeaderValue -SubjectString $CA_subject -Header "OU") | Should -Match $global:JCRConfig.certSubjectHeaderOrganizationUnit.value
+            (Get-SubjectHeaderValue -SubjectString $CA_subject -Header "CN") | Should -Match $global:JCRConfig.certSubjectHeaderCommonName.value
         }
 
     }
@@ -124,13 +124,13 @@ Describe "Generate Root Certificate Tests" -Tag "GenerateRootCert" {
 
             #validate the subject matches what's defined in config:
             $CA_subject = Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) x509 -noout -in $($global:JCRConfig.radiusDirectory.value)/Cert/radius_ca_cert.pem -subject"
-            $CA_subject = $CA_subject.split("subject=").split(",")
-            ($CA_subject | Where-Object { $_ -match "C=" }) | Should -Match $global:JCRConfig.certSubjectHeaderCountryCode.value
-            ($CA_subject | Where-Object { $_ -match "ST=" }) | Should -Match $global:JCRConfig.certSubjectHeaderStateCode.value
-            ($CA_subject | Where-Object { $_ -match "L=" }) | Should -Match $global:JCRConfig.certSubjectHeaderLocality.value
-            ($CA_subject | Where-Object { $_ -match "O=" }) | Should -Match $global:JCRConfig.certSubjectHeaderOrganization.value
-            ($CA_subject | Where-Object { $_ -match "OU=" }) | Should -Match $global:JCRConfig.certSubjectHeaderOrganizationUnit.value
-            ($CA_subject | Where-Object { $_ -match "CN=" }) | Should -Match $global:JCRConfig.certSubjectHeaderCommonName.value
+
+            (Get-SubjectHeaderValue -SubjectString $CA_subject -Header "C")  | Should -Match $global:JCRConfig.certSubjectHeaderCountryCode.value
+            (Get-SubjectHeaderValue -SubjectString $CA_subject -Header "ST") | Should -Match $global:JCRConfig.certSubjectHeaderStateCode.value
+            (Get-SubjectHeaderValue -SubjectString $CA_subject -Header "L")  | Should -Match $global:JCRConfig.certSubjectHeaderLocality.value
+            (Get-SubjectHeaderValue -SubjectString $CA_subject -Header "O")  | Should -Match $global:JCRConfig.certSubjectHeaderOrganization.value
+            (Get-SubjectHeaderValue -SubjectString $CA_subject -Header "OU") | Should -Match $global:JCRConfig.certSubjectHeaderOrganizationUnit.value
+            (Get-SubjectHeaderValue -SubjectString $CA_subject -Header "CN") | Should -Match $global:JCRConfig.certSubjectHeaderCommonName.value
         }
 
     }

From df2a31631bd156f3227eeec6390896811613c273 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Mon, 9 Jun 2025 15:10:24 -0600
Subject: [PATCH 275/346] set the user cert validity in the user cert tests

---
 .../Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1   | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1
index 78929cece..41ff6acdc 100644
--- a/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1
@@ -86,7 +86,7 @@ Describe 'Generate User Cert Tests' -Tag "GenerateUserCerts" {
             $configPath = "$JCScriptRoot/Config.ps1"
             $content = Get-Content -Path $configPath
             # set the user cert validity to just 10 days
-            Set-JCRConfigFile -caCertValidityDays 10
+            Set-JCRConfigFile -userCertValidityDays 10
 
             # update cache
             Get-JCRGlobalVars -force -skipAssociation
@@ -110,7 +110,7 @@ Describe 'Generate User Cert Tests' -Tag "GenerateUserCerts" {
             # reset the validity counter
             $content = Get-Content -Path $configPath
             # set the user cert validity to 90 days
-            Set-JCRConfigFile -caCertValidityDays 90
+            Set-JCRConfigFile -userCertValidityDays 90
             # Get the certs before generation minus the .zip if it exists
             $certsBefore = Get-ChildItem -Path "$($global:JCRConfig.radiusDirectory.value)/UserCerts" -Filter "$($RandomUsername)*" -Exclude "*.zip"
             # get the date before
@@ -142,7 +142,7 @@ Describe 'Generate User Cert Tests' -Tag "GenerateUserCerts" {
             # reset the validity counter
             $content = Get-Content -Path $configPath
             # set the user cert validity to 90 days
-            Set-JCRConfigFile -caCertValidityDays 90
+            Set-JCRConfigFile -userCertValidityDays 90
         }
 
 

From 019c4ed6f9f806e56ec1690e6ffa8595beeba113 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Tue, 10 Jun 2025 11:07:02 -0600
Subject: [PATCH 276/346] update module tests

---
 .../Public/Module/Update-JCRModule.ps1         |  2 +-
 .../Public/Module/Update-JCRModule.Tests.ps1   | 18 ++++++++++++++++++
 2 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/scripts/automation/Radius/Functions/Public/Module/Update-JCRModule.ps1 b/scripts/automation/Radius/Functions/Public/Module/Update-JCRModule.ps1
index 60c4d3122..ffda06615 100644
--- a/scripts/automation/Radius/Functions/Public/Module/Update-JCRModule.ps1
+++ b/scripts/automation/Radius/Functions/Public/Module/Update-JCRModule.ps1
@@ -42,7 +42,7 @@ function Update-JCRModule {
         } else {
             # else get the module config from the current module:
             # TODO: get the json config with the private function not created yet
-            $savedJCRSettings = Get-JCRConfigFile -raw
+            $savedJCRSettings = Get-JCRConfigFile -asObject
 
             # now, attempt to update the module
             try {
diff --git a/scripts/automation/Radius/Tests/Public/Module/Update-JCRModule.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Module/Update-JCRModule.Tests.ps1
index e1910b918..83763ad06 100644
--- a/scripts/automation/Radius/Tests/Public/Module/Update-JCRModule.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Module/Update-JCRModule.Tests.ps1
@@ -63,6 +63,24 @@ Describe 'Module Update' -Tag "Module" {
             write-host "JumpCloud.Radius module v$ModuleVersion already exists"
         }
 
+        # lastly populate the local module path with the JumpCloud Module from PS Gallery
+        $latestJumpCloudModule = Find-Module -Name "JumpCloud" -Repository 'PSGallery' -ErrorAction Stop
+
+        $content = Invoke-WebRequest -UseBasicParsing -Uri "https://www.powershellgallery.com/api/v2/package/JumpCloud/$($latestJumpCloudModule.version)" `
+            -Headers @{
+            "authority"       = "www.powershellgallery.com"
+            "method"          = "GET"
+            "path"            = "/api/v2/package/JumpCloud/$($latestJumpCloudModule.version)"
+            "scheme"          = "https"
+            "accept"          = "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"
+            "accept-encoding" = "gzip, deflate, br, zstd"
+            "accept-language" = "en-US,en;q=0.9,es;q=0.8"
+            "referer"         = "https://www.powershellgallery.com/packages/JumpCloud/$($latestJumpCloudModule.version)"
+        }
+        $binaryData = $content.Content
+        $filePath = Resolve-Path -Path $localRepoPath
+        # Save the binary data to a file
+        [System.IO.File]::WriteAllBytes("$($filePath.path)/JumpCloud.$($latestJumpCloudModule.version).nupkg", $binaryData)
     }
     Context 'Module can be installed from the local repo' {
         It 'Install Module' {

From 80cb87c0ae1f16323870d15b6c3899c70e37bcea Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Tue, 10 Jun 2025 14:30:26 -0600
Subject: [PATCH 277/346] required modules

---
 .../Public/Module/Update-JCRModule.Tests.ps1  | 60 +++++++++++++------
 1 file changed, 41 insertions(+), 19 deletions(-)

diff --git a/scripts/automation/Radius/Tests/Public/Module/Update-JCRModule.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Module/Update-JCRModule.Tests.ps1
index 83763ad06..a2b77a1ea 100644
--- a/scripts/automation/Radius/Tests/Public/Module/Update-JCRModule.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Module/Update-JCRModule.Tests.ps1
@@ -22,6 +22,47 @@ Describe 'Module Update' -Tag "Module" {
         } else {
             Write-Host "LocalPSRepo already exists"
         }
+
+        $requiredModules = @(
+            'JumpCloud.SDK.V1',
+            'JumpCloud.SDK.V2',
+            'JumpCloud.SDK.DirectoryInsights',
+            'JumpCloud'
+        )
+        foreach ($module in $requiredModules) {
+            # Populate the local module path with the JumpCloud Module from PS Gallery
+            $latestJumpCloudModule = Find-Module -Name "$module" -Repository 'PSGallery' -ErrorAction Stop
+
+            $content = Invoke-WebRequest -UseBasicParsing -Uri "https://www.powershellgallery.com/api/v2/package/$module/$($latestJumpCloudModule.version)" `
+                -Headers @{
+                "authority"       = "www.powershellgallery.com"
+                "method"          = "GET"
+                "path"            = "/api/v2/package/$module/$($latestJumpCloudModule.version)"
+                "scheme"          = "https"
+                "accept"          = "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"
+                "accept-encoding" = "gzip, deflate, br, zstd"
+                "accept-language" = "en-US,en;q=0.9,es;q=0.8"
+                "referer"         = "https://www.powershellgallery.com/packages/$module/$($latestJumpCloudModule.version)"
+            }
+            $binaryData = $content.Content
+            $filePath = Resolve-Path -Path $localRepoPath
+            # Save the binary data to a file
+            [System.IO.File]::WriteAllBytes("$($filePath.path)/$module.$($latestJumpCloudModule.version).zip", $binaryData)
+            # create a local module path if it does not exist
+            if (-not (Test-Path -Path "$($filePath.Path)/$module")) {
+                New-Item -Path "$($filePath.Path)/$module" -ItemType Directory
+                # create the version directory within the module path if it does not exist
+                New-Item -Path "$($filePath.Path)/$module/$($latestJumpCloudModule.version)" -ItemType Directory
+                # Unzip the file to the local module path
+                Expand-Archive -Path "$($filePath.path)/$module.$($latestJumpCloudModule.version).zip" -DestinationPath "$localRepoPath/$module/$($latestJumpCloudModule.version)" -Force
+            }
+            publish-module -Path "$($filePath.Path)/$module/$($latestJumpCloudModule.version)" -Repository $localRepoName
+            # remove the zip file after publishing
+            Remove-Item -Path "$($filePath.path)/$module.$($latestJumpCloudModule.version).zip" -Force
+            # remove the module from the local module path if it exists
+            Remove-Item -Path "$($filePath.path)/$module" -Recurse -Force -ErrorAction SilentlyContinue
+        }
+
         # get the local module path:
         $localModulePath = $env:PSModulePath.split(':')[0]
         # set the dev module path relative to this test:
@@ -62,25 +103,6 @@ Describe 'Module Update' -Tag "Module" {
         } else {
             write-host "JumpCloud.Radius module v$ModuleVersion already exists"
         }
-
-        # lastly populate the local module path with the JumpCloud Module from PS Gallery
-        $latestJumpCloudModule = Find-Module -Name "JumpCloud" -Repository 'PSGallery' -ErrorAction Stop
-
-        $content = Invoke-WebRequest -UseBasicParsing -Uri "https://www.powershellgallery.com/api/v2/package/JumpCloud/$($latestJumpCloudModule.version)" `
-            -Headers @{
-            "authority"       = "www.powershellgallery.com"
-            "method"          = "GET"
-            "path"            = "/api/v2/package/JumpCloud/$($latestJumpCloudModule.version)"
-            "scheme"          = "https"
-            "accept"          = "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"
-            "accept-encoding" = "gzip, deflate, br, zstd"
-            "accept-language" = "en-US,en;q=0.9,es;q=0.8"
-            "referer"         = "https://www.powershellgallery.com/packages/JumpCloud/$($latestJumpCloudModule.version)"
-        }
-        $binaryData = $content.Content
-        $filePath = Resolve-Path -Path $localRepoPath
-        # Save the binary data to a file
-        [System.IO.File]::WriteAllBytes("$($filePath.path)/JumpCloud.$($latestJumpCloudModule.version).nupkg", $binaryData)
     }
     Context 'Module can be installed from the local repo' {
         It 'Install Module' {

From fab8955ef0e7803222d11079ce398bdcd089b92b Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Tue, 10 Jun 2025 16:02:21 -0600
Subject: [PATCH 278/346] update install tests

---
 .../Public/Module/Update-JCRModule.Tests.ps1  | 131 +++++++++---------
 1 file changed, 67 insertions(+), 64 deletions(-)

diff --git a/scripts/automation/Radius/Tests/Public/Module/Update-JCRModule.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Module/Update-JCRModule.Tests.ps1
index a2b77a1ea..1f73f6a26 100644
--- a/scripts/automation/Radius/Tests/Public/Module/Update-JCRModule.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Module/Update-JCRModule.Tests.ps1
@@ -33,6 +33,12 @@ Describe 'Module Update' -Tag "Module" {
             # Populate the local module path with the JumpCloud Module from PS Gallery
             $latestJumpCloudModule = Find-Module -Name "$module" -Repository 'PSGallery' -ErrorAction Stop
 
+            # if the nuget package already exists in the local repo, skip downloading
+            Find-Module -Name "$module" -Repository $localRepoName -ErrorAction SilentlyContinue | Out-Null
+            if ($?) {
+                Write-Host "Module $module already exists in the local repo"
+                continue
+            }
             $content = Invoke-WebRequest -UseBasicParsing -Uri "https://www.powershellgallery.com/api/v2/package/$module/$($latestJumpCloudModule.version)" `
                 -Headers @{
                 "authority"       = "www.powershellgallery.com"
@@ -49,82 +55,86 @@ Describe 'Module Update' -Tag "Module" {
             # Save the binary data to a file
             [System.IO.File]::WriteAllBytes("$($filePath.path)/$module.$($latestJumpCloudModule.version).zip", $binaryData)
             # create a local module path if it does not exist
-            if (-not (Test-Path -Path "$($filePath.Path)/$module")) {
-                New-Item -Path "$($filePath.Path)/$module" -ItemType Directory
+            if (-not (Test-Path -Path "$($filePath.Path)/temp/$module")) {
+                New-Item -Path "$($filePath.Path)/temp/$module" -ItemType Directory
                 # create the version directory within the module path if it does not exist
-                New-Item -Path "$($filePath.Path)/$module/$($latestJumpCloudModule.version)" -ItemType Directory
+                New-Item -Path "$($filePath.Path)/temp/$module/$($latestJumpCloudModule.version)" -ItemType Directory
                 # Unzip the file to the local module path
-                Expand-Archive -Path "$($filePath.path)/$module.$($latestJumpCloudModule.version).zip" -DestinationPath "$localRepoPath/$module/$($latestJumpCloudModule.version)" -Force
+                Expand-Archive -Path "$($filePath.path)/$module.$($latestJumpCloudModule.version).zip" -DestinationPath "$localRepoPath/temp/$module/$($latestJumpCloudModule.version)" -Force
             }
-            publish-module -Path "$($filePath.Path)/$module/$($latestJumpCloudModule.version)" -Repository $localRepoName
+            publish-module -Path "$($filePath.Path)/temp/$module/$($latestJumpCloudModule.version)" -Repository $localRepoName
             # remove the zip file after publishing
             Remove-Item -Path "$($filePath.path)/$module.$($latestJumpCloudModule.version).zip" -Force
             # remove the module from the local module path if it exists
-            Remove-Item -Path "$($filePath.path)/$module" -Recurse -Force -ErrorAction SilentlyContinue
+            Remove-Item -Path "$($filePath.path)/temp.$module" -Recurse -Force -ErrorAction SilentlyContinue
         }
 
-        # get the local module path:
-        $localModulePath = $env:PSModulePath.split(':')[0]
-        # set the dev module path relative to this test:
+        # # get the local module path:
+        # $localModulePath = $env:PSModulePath.split(':')[0]
+        # # set the dev module path relative to this test:
+        # $devModulePath = "$PSScriptRoot/../../../"
+        # # module name
+        # $moduleName = "JumpCloud.Radius"
+        # # uninstall the module if it exists
+        # $installedModule = Get-InstalledModule -Name $moduleName -AllVersions -ErrorAction SilentlyContinue
+        # foreach ($module in $installedModule) {
+        #     Uninstall-Module -Name $module.Name -Force -RequiredVersion $module.version
+        # }
+        # # remove the modules from the local module path
+        # $localNugetPkgs = Get-ChildItem -Path $localRepoPath -filter "$moduleName*.nupkg"
+        # foreach ($pkg in $localNugetPkgs) {
+        #     Remove-Item -Path $pkg.FullName -Force
+        # }
         $devModulePath = "$PSScriptRoot/../../../"
-        # module name
-        $moduleName = "JumpCloud.Radius"
-        # uninstall the module if it exists
-        $installedModule = Get-InstalledModule -Name $moduleName -AllVersions -ErrorAction SilentlyContinue
-        foreach ($module in $installedModule) {
-            Uninstall-Module -Name $module.Name -Force -RequiredVersion $module.version
-        }
-        # remove the modules from the local module path
-        $localNugetPkgs = Get-ChildItem -Path $localRepoPath -filter "$moduleName*.nupkg"
-        foreach ($pkg in $localNugetPkgs) {
-            Remove-Item -Path $pkg.FullName -Force
-        }
-
-        # module directory
-        $moduleDirectory = Join-Path $localModulePath $moduleName
-        # get the module version from the psd1 file
         $psd1Path = Join-Path $devModulePath "JumpCloud.Radius.psd1"
         $Psd1 = Import-PowerShellDataFile -Path:("$psd1Path")
         $moduleVersion = $Psd1.ModuleVersion
+        $radiusModule = "JumpCloud.Radius"
+        $radiusModuleDirectory = "$($filePath.Path)/temp/$radiusModule"
 
-        # create the module directory within the local module path if it does not exist
-        if (-NOT (Test-Path -Path $moduleDirectory)) {
-            New-Item -Path $moduleDirectory -ItemType Directory
+        # remove the module if it exists
+        if (Test-Path -Path $radiusModuleDirectory) {
+            # remove the module directory if it exists
+            Remove-Item -Path $radiusModuleDirectory -Recurse -Force
         }
-        # create the version directory within the module directory if it does not exist
-        $versionDirectory = Join-Path $moduleDirectory $moduleVersion
-        # create the version directory within the module directory
-        if (-NOT (Test-Path -Path $versionDirectory)) {
-            New-Item -Path $versionDirectory -ItemType Directory
-            # Copy all the contents from the parent folder to the destination folder
-            Copy-Item -Path $devModulePath/* -Destination $versionDirectory -Recurse -Force -Exclude "Cert", "UserCerts", "images", "data", "users.json", "reports", "Tests", "deploy", "key.encrypted", "keyCert.encrypted", "log.txt", "changelog.md"
-            # Publish the module to the local Repo
-            Publish-Module -Name $moduleName -Repository $localRepoName -Force -RequiredVersion $moduleVersion
-        } else {
-            write-host "JumpCloud.Radius module v$ModuleVersion already exists"
+        # remove the .nupkg if it exists
+        $localNugetPkgs = Get-ChildItem -Path $localRepoPath -Filter "$radiusModule*.nupkg"
+        foreach ($pkg in $localNugetPkgs) {
+            Remove-Item -Path $pkg.FullName -Force
         }
+        New-Item -Path "$radiusModuleDirectory" -ItemType Directory
+        # create the version directory within the module path if it does not exist
+        New-Item -Path "$radiusModuleDirectory/$moduleVersion" -ItemType Directory
+        # Copy all the contents from the parent folder to the destination folder
+        Copy-Item -Path $devModulePath/* -Destination "$radiusModuleDirectory/$moduleVersion" -Recurse -Force -Exclude "Cert", "UserCerts", "images", "data", "users.json", "reports", "Tests", "deploy", "key.encrypted", "keyCert.encrypted", "log.txt", "changelog.md"
+        Publish-Module -Name "$radiusModuleDirectory/$moduleVersion" -Repository $localRepoName -Force -RequiredVersion $moduleVersion
     }
     Context 'Module can be installed from the local repo' {
+        BeforeAll {
+            # Get installed Radius Modules:
+            $installedModules = Get-InstalledModule -Name $radiusModule -AllVersions -ErrorAction SilentlyContinue
+            # Uninstall the module if it exists
+            foreach ($module in $installedModules) {
+                Uninstall-Module -Name $module.Name -Force -RequiredVersion $module.version
+            }
+        }
         It 'Install Module' {
             # Install the module from the local repo
-            $installModuleSplat = @{
-                Name            = $moduleName
-                Repository      = $localRepoName
-                RequiredVersion = $moduleVersion
-                Force           = $true
-            }
-            Install-Module @installModuleSplat
+            write-host "Installing module $radiusModule from local repo $localRepoName with version $moduleVersion"
+
+            install-Module -Name "JumpCloud.Radius" -Repository $localRepoName -RequiredVersion $moduleVersion
             # check that the module is installed:
-            $installedModule = Get-InstalledModule -Name $moduleName
+            $installedModule = Get-InstalledModule -Name 'JumpCloud.Radius'
             $installedModule | Should -Not -BeNullOrEmpty
             $installedModule.version | Should -Be $moduleVersion
         }
     }
+
     Context 'When a new version of the module is available' {
         BeforeAll {
             # remove the module from the module directory
-            Remove-Item -Path $moduleDirectory -Recurse -Force
-            Install-Module -Name $moduleName -Repository $localRepoName -RequiredVersion $moduleVersion -Force
+            Remove-Item -Path $radiusModuleDirectory -Recurse -Force
+            Install-Module -Name $radiusModule -Repository $localRepoName -RequiredVersion $moduleVersion -Force
 
             # update the module manifest version to simulate a new version
             $newVersion = "$(([version]$moduleVersion).major).$(([version]$moduleVersion).minor).$(([version]$moduleVersion).build + 1)"
@@ -132,23 +142,16 @@ Describe 'Module Update' -Tag "Module" {
 
             # move the module to the local module path and publish it to the local repo
             # create the module directory within the local module path if it does not exist
-            if (-NOT (Test-Path -Path $moduleDirectory)) {
-                New-Item -Path $moduleDirectory -ItemType Directory
-            }
-            # create the version directory within the module directory if it does not exist
-            $versionDirectory = Join-Path $moduleDirectory $newVersion
-            # create the version directory within the module directory
-            if (-NOT (Test-Path -Path $versionDirectory)) {
-                New-Item -Path $versionDirectory -ItemType Directory
+            if (-NOT (Test-Path -Path $radiusModuleDirectory)) {
+                New-Item -Path $radiusModuleDirectory -ItemType Directory
+                # create the version directory within the module path if it does not exist
+                New-Item -Path "$radiusModuleDirectory/$newVersion" -ItemType Directory
                 # Copy all the contents from the parent folder to the destination folder
-                Copy-Item -Path $devModulePath/* -Destination $versionDirectory -Recurse -Force -Exclude "Cert", "UserCerts", "images", "data", "users.json", "reports", "Tests", "deploy", "key.encrypted", "keyCert.encrypted", "log.txt", "changelog.md"
-                # Publish the module to the local Repo
-                Publish-Module -Name $moduleName -Repository $localRepoName -Force -RequiredVersion $newVersion
-            } else {
-                write-host "JumpCloud.Radius module v$newVersion already exists"
+                Write-Warning "Copying module files from $devModulePath to the local repo for version $newVersion"
+                Copy-Item -Path $devModulePath/* -Destination "$radiusModuleDirectory/$newVersion" -Recurse -Force -Exclude "Cert", "UserCerts", "images", "data", "users.json", "reports", "Tests", "deploy", "key.encrypted", "keyCert.encrypted", "log.txt", "changelog.md"
+                Publish-Module -Name "$radiusModuleDirectory/$newVersion" -Repository $localRepoName -Force -RequiredVersion $newVersion
             }
-            # import the local module
-            Import-Module $psd1Path -Force
+
         }
         It 'Module can be updated from the local repo' {
             # update the module from the local repo

From fac90900eefc056c821d97a76581bdfb974919b7 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 11 Jun 2025 10:22:18 -0600
Subject: [PATCH 279/346] debugging

---
 .../Public/Module/Update-JCRModule.Tests.ps1  | 34 +++++++++----------
 1 file changed, 16 insertions(+), 18 deletions(-)

diff --git a/scripts/automation/Radius/Tests/Public/Module/Update-JCRModule.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Module/Update-JCRModule.Tests.ps1
index 1f73f6a26..2123af6aa 100644
--- a/scripts/automation/Radius/Tests/Public/Module/Update-JCRModule.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Module/Update-JCRModule.Tests.ps1
@@ -67,24 +67,15 @@ Describe 'Module Update' -Tag "Module" {
             Remove-Item -Path "$($filePath.path)/$module.$($latestJumpCloudModule.version).zip" -Force
             # remove the module from the local module path if it exists
             Remove-Item -Path "$($filePath.path)/temp.$module" -Recurse -Force -ErrorAction SilentlyContinue
+            # Print the LocalPSRepo File Contents:
+            Write-Host "# LocalPSRepo File Contents after $module insert #"
+            Get-ChildItem -Path $localRepoPath | ForEach-Object {
+                # print the file type, name and size
+                Write-Host "$($_.PSObject.TypeNames[0]) | $($_.Name) | $($_.Length) bytes"
+            }
         }
 
-        # # get the local module path:
-        # $localModulePath = $env:PSModulePath.split(':')[0]
-        # # set the dev module path relative to this test:
-        # $devModulePath = "$PSScriptRoot/../../../"
-        # # module name
-        # $moduleName = "JumpCloud.Radius"
-        # # uninstall the module if it exists
-        # $installedModule = Get-InstalledModule -Name $moduleName -AllVersions -ErrorAction SilentlyContinue
-        # foreach ($module in $installedModule) {
-        #     Uninstall-Module -Name $module.Name -Force -RequiredVersion $module.version
-        # }
-        # # remove the modules from the local module path
-        # $localNugetPkgs = Get-ChildItem -Path $localRepoPath -filter "$moduleName*.nupkg"
-        # foreach ($pkg in $localNugetPkgs) {
-        #     Remove-Item -Path $pkg.FullName -Force
-        # }
+        # Now publish the JumpCloud.Radius module to the local repo
         $devModulePath = "$PSScriptRoot/../../../"
         $psd1Path = Join-Path $devModulePath "JumpCloud.Radius.psd1"
         $Psd1 = Import-PowerShellDataFile -Path:("$psd1Path")
@@ -108,6 +99,13 @@ Describe 'Module Update' -Tag "Module" {
         # Copy all the contents from the parent folder to the destination folder
         Copy-Item -Path $devModulePath/* -Destination "$radiusModuleDirectory/$moduleVersion" -Recurse -Force -Exclude "Cert", "UserCerts", "images", "data", "users.json", "reports", "Tests", "deploy", "key.encrypted", "keyCert.encrypted", "log.txt", "changelog.md"
         Publish-Module -Name "$radiusModuleDirectory/$moduleVersion" -Repository $localRepoName -Force -RequiredVersion $moduleVersion
+
+        # Print the LocalPSRepo File Contents:
+        Write-Host "# LocalPSRepo File Contents #"
+        Get-ChildItem -Path $localRepoPath | ForEach-Object {
+            # print the file type, name and size
+            Write-Host "$($_.PSObject.TypeNames[0]) | $($_.Name) | $($_.Length) bytes"
+        }
     }
     Context 'Module can be installed from the local repo' {
         BeforeAll {
@@ -122,7 +120,7 @@ Describe 'Module Update' -Tag "Module" {
             # Install the module from the local repo
             write-host "Installing module $radiusModule from local repo $localRepoName with version $moduleVersion"
 
-            install-Module -Name "JumpCloud.Radius" -Repository $localRepoName -RequiredVersion $moduleVersion
+            install-Module -Name "JumpCloud.Radius" -Repository $localRepoName -RequiredVersion $moduleVersion -force
             # check that the module is installed:
             $installedModule = Get-InstalledModule -Name 'JumpCloud.Radius'
             $installedModule | Should -Not -BeNullOrEmpty
@@ -170,6 +168,6 @@ Describe 'Module Update' -Tag "Module" {
     }
     AfterAll {
         # reset the module version
-        update-modulemanifest -Path $psd1Path -ModuleVersion $moduleVersion
+        Update-ModuleManifest -Path $psd1Path -ModuleVersion $moduleVersion
     }
 }
\ No newline at end of file

From a56ab4c6a0bc65f232cc70b5571d2d2761e7761c Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 11 Jun 2025 12:14:34 -0600
Subject: [PATCH 280/346] ubuntu debugging

---
 .../Tests/Public/Module/Update-JCRModule.Tests.ps1   | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/scripts/automation/Radius/Tests/Public/Module/Update-JCRModule.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Module/Update-JCRModule.Tests.ps1
index 2123af6aa..baf7a993d 100644
--- a/scripts/automation/Radius/Tests/Public/Module/Update-JCRModule.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Module/Update-JCRModule.Tests.ps1
@@ -34,9 +34,14 @@ Describe 'Module Update' -Tag "Module" {
             $latestJumpCloudModule = Find-Module -Name "$module" -Repository 'PSGallery' -ErrorAction Stop
 
             # if the nuget package already exists in the local repo, skip downloading
-            Find-Module -Name "$module" -Repository $localRepoName -ErrorAction SilentlyContinue | Out-Null
-            if ($?) {
-                Write-Host "Module $module already exists in the local repo"
+            $foundModule = Find-Module -Name "$module" -Repository $localRepoName -ErrorAction SilentlyContinue #| Out-Null
+            if ($foundModule.Name -eq $module) {
+                Write-Host "Module $module already exists in the local repo: $localRepoPath"
+                $filesFound = Get-ChildItem -Path $localRepoPath -Filter "$module*.nupkg"
+                #print the file names:
+                foreach ($file in $filesFound) {
+                    Write-Host "Found file: $($file.Name) in local repo: $localRepoPath"
+                }
                 continue
             }
             $content = Invoke-WebRequest -UseBasicParsing -Uri "https://www.powershellgallery.com/api/v2/package/$module/$($latestJumpCloudModule.version)" `
@@ -81,6 +86,7 @@ Describe 'Module Update' -Tag "Module" {
         $Psd1 = Import-PowerShellDataFile -Path:("$psd1Path")
         $moduleVersion = $Psd1.ModuleVersion
         $radiusModule = "JumpCloud.Radius"
+        $filePath = Resolve-Path -Path $localRepoPath
         $radiusModuleDirectory = "$($filePath.Path)/temp/$radiusModule"
 
         # remove the module if it exists

From 52485ca8a510e5aa0e2cf24a719599f4e31c9084 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 11 Jun 2025 12:14:57 -0600
Subject: [PATCH 281/346] fullname

---
 .../Radius/Tests/Public/Module/Update-JCRModule.Tests.ps1       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/automation/Radius/Tests/Public/Module/Update-JCRModule.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Module/Update-JCRModule.Tests.ps1
index baf7a993d..0b40032a1 100644
--- a/scripts/automation/Radius/Tests/Public/Module/Update-JCRModule.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Module/Update-JCRModule.Tests.ps1
@@ -40,7 +40,7 @@ Describe 'Module Update' -Tag "Module" {
                 $filesFound = Get-ChildItem -Path $localRepoPath -Filter "$module*.nupkg"
                 #print the file names:
                 foreach ($file in $filesFound) {
-                    Write-Host "Found file: $($file.Name) in local repo: $localRepoPath"
+                    Write-Host "Found file: $($file.FullName) in local repo: $localRepoPath"
                 }
                 continue
             }

From cd78d177b320062d62d8bc009c7cfbdf7b685cf0 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 11 Jun 2025 12:56:54 -0600
Subject: [PATCH 282/346] update module tests

---
 .../Public/Module/Update-JCRModule.ps1        | 87 +++++++++++++++++++
 .../Public/Module/Update-JCRModule.Tests.ps1  |  4 +-
 2 files changed, 89 insertions(+), 2 deletions(-)
 create mode 100644 scripts/automation/Radius/Tests/Public/Module/Functions/Public/Module/Update-JCRModule.ps1

diff --git a/scripts/automation/Radius/Tests/Public/Module/Functions/Public/Module/Update-JCRModule.ps1 b/scripts/automation/Radius/Tests/Public/Module/Functions/Public/Module/Update-JCRModule.ps1
new file mode 100644
index 000000000..727b73606
--- /dev/null
+++ b/scripts/automation/Radius/Tests/Public/Module/Functions/Public/Module/Update-JCRModule.ps1
@@ -0,0 +1,87 @@
+function Update-JCRModule {
+    [CmdletBinding()]
+    param (
+        [Parameter(HelpMessage = 'ByPasses user prompts.')][Switch]$Force,
+        [Parameter(HelpMessage = 'Set the PSRepository')][System.String]$Repository = 'PSGallery'
+
+    )
+    begin {
+        # JumpCloud Module Name
+        $ModuleName = 'JumpCloud.Radius'
+    }
+    process {
+        # get the latest module
+        $latestModule = Find-Module -Name $ModuleName -Repository $Repository
+        # get the currently installed module
+        $currentModule = Get-InstalledModule -Name $ModuleName
+
+        # compare the versions
+        if ($latestModule.Version -gt $currentModule.Version) {
+            Write-Host "A new version of the $ModuleName module is available: $($latestModule.Version) (current version: $($currentModule.Version))."
+            Write-Host "You can update the module by running: Update-Module -Name $ModuleName"
+        } else {
+            Write-Host "You have the latest version of the $ModuleName module: $($currentModule.Version)."
+        }
+
+        # prompts to update if force param is not set
+        if (-not $Force) {
+            Do {
+                Write-Host ('Enter ''Y'' to update the ' + $ModuleName + ' PowerShell module to the latest version or enter ''N'' to cancel:')
+                Write-Host (' ') -NoNewline
+                $UserInput = Read-Host
+            }
+            Until ($UserInput.ToUpper() -in ('Y', 'N'))
+        } Else {
+            $UserInput = 'Y'
+        }
+
+        # if the user pressed "N" then exit
+        if ($UserInput.ToUpper() -eq 'N') {
+            Write-Host "Update cancelled."
+            continue
+        } else {
+            # else get the module config from the current module:
+            # TODO: get the json config with the private function not created yet
+            $savedJCRSettings = Get-JCRConfigFile -asObject
+
+            # now, attempt to update the module
+            try {
+                Update-Module -Name $ModuleName
+
+                # update the settings file config.json
+                Update-JCSettingsFile -settings $savedJCSettings
+                # re-import the settings file variable
+                $global:JCConfig = Get-JCSettingsFile
+            } catch {
+                Write-Error "Failed to update the module: $_"
+            }
+
+            # Get the installed module versions
+            $installedModules = Get-InstalledModule -Name $moduleName -AllVersions
+
+            # Remove the modules from the current session
+            Get-Module -Name:($ModuleName) -ListAvailable -All | Remove-Module -Force
+
+            # uninstall the older versions
+            foreach ($module in $installedModules) {
+                if ($module.Version -ne $latestModule.Version) {
+                    Uninstall-Module -Name $ModuleName -RequiredVersion $module.Version -Force
+                }
+            }
+
+            # now validate the modules
+            $currentModule = Get-InstalledModule -Name $ModuleName
+            if ($currentModule.Version -eq $latestModule.Version) {
+                Write-Host "The $ModuleName module has been updated to version $($currentModule.Version)."
+            } else {
+                Write-Error "Failed to update the module to the latest version."
+            }
+            Import-module -Name $ModuleName -Force
+
+        }
+    }
+    end {
+
+    }
+
+}
\ No newline at end of file
diff --git a/scripts/automation/Radius/Tests/Public/Module/Update-JCRModule.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Module/Update-JCRModule.Tests.ps1
index 0b40032a1..0c3b4e7e2 100644
--- a/scripts/automation/Radius/Tests/Public/Module/Update-JCRModule.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Module/Update-JCRModule.Tests.ps1
@@ -126,7 +126,7 @@ Describe 'Module Update' -Tag "Module" {
             # Install the module from the local repo
             write-host "Installing module $radiusModule from local repo $localRepoName with version $moduleVersion"
 
-            install-Module -Name "JumpCloud.Radius" -Repository $localRepoName -RequiredVersion $moduleVersion -force
+            install-Module -Name "JumpCloud.Radius" -Repository $localRepoName -RequiredVersion $moduleVersion
             # check that the module is installed:
             $installedModule = Get-InstalledModule -Name 'JumpCloud.Radius'
             $installedModule | Should -Not -BeNullOrEmpty
@@ -138,7 +138,7 @@ Describe 'Module Update' -Tag "Module" {
         BeforeAll {
             # remove the module from the module directory
             Remove-Item -Path $radiusModuleDirectory -Recurse -Force
-            Install-Module -Name $radiusModule -Repository $localRepoName -RequiredVersion $moduleVersion -Force
+            Install-Module -Name $radiusModule -Repository $localRepoName -RequiredVersion $moduleVersion
 
             # update the module manifest version to simulate a new version
             $newVersion = "$(([version]$moduleVersion).major).$(([version]$moduleVersion).minor).$(([version]$moduleVersion).build + 1)"

From e1a38d4268b9122b2a3173ef33edce74cb0fe730 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 11 Jun 2025 13:08:35 -0600
Subject: [PATCH 283/346] update module tests

---
 .../Public/Module/Update-JCRModule.ps1        |  4 +-
 .../Public/Module/Update-JCRModule.ps1        | 87 -------------------
 2 files changed, 2 insertions(+), 89 deletions(-)
 delete mode 100644 scripts/automation/Radius/Tests/Public/Module/Functions/Public/Module/Update-JCRModule.ps1

diff --git a/scripts/automation/Radius/Functions/Public/Module/Update-JCRModule.ps1 b/scripts/automation/Radius/Functions/Public/Module/Update-JCRModule.ps1
index ffda06615..a95128b52 100644
--- a/scripts/automation/Radius/Functions/Public/Module/Update-JCRModule.ps1
+++ b/scripts/automation/Radius/Functions/Public/Module/Update-JCRModule.ps1
@@ -46,10 +46,10 @@ function Update-JCRModule {
 
             # now, attempt to update the module
             try {
-                Update-Module -Name $ModuleName -Force
+                Update-Module -Name $ModuleName
 
                 # update the settings file config.json
-                Update-JCSettingsFile -settings $savedJCSettings
+                Update-JCRConfigFile -settings $savedJCSettings
                 # re-import the settings file variable
                 $global:JCConfig = Get-JCSettingsFile
             } catch {
diff --git a/scripts/automation/Radius/Tests/Public/Module/Functions/Public/Module/Update-JCRModule.ps1 b/scripts/automation/Radius/Tests/Public/Module/Functions/Public/Module/Update-JCRModule.ps1
deleted file mode 100644
index 727b73606..000000000
--- a/scripts/automation/Radius/Tests/Public/Module/Functions/Public/Module/Update-JCRModule.ps1
+++ /dev/null
@@ -1,87 +0,0 @@
-function Update-JCRModule {
-    [CmdletBinding()]
-    param (
-        [Parameter(HelpMessage = 'ByPasses user prompts.')][Switch]$Force,
-        [Parameter(HelpMessage = 'Set the PSRepository')][System.String]$Repository = 'PSGallery'
-
-    )
-    begin {
-        # JumpCloud Module Name
-        $ModuleName = 'JumpCloud.Radius'
-    }
-    process {
-        # get the latest module
-        $latestModule = Find-Module -Name $ModuleName -Repository $Repository
-        # get the currently installed module
-        $currentModule = Get-InstalledModule -Name $ModuleName
-
-        # compare the versions
-        if ($latestModule.Version -gt $currentModule.Version) {
-            Write-Host "A new version of the $ModuleName module is available: $($latestModule.Version) (current version: $($currentModule.Version))."
-            Write-Host "You can update the module by running: Update-Module -Name $ModuleName"
-        } else {
-            Write-Host "You have the latest version of the $ModuleName module: $($currentModule.Version)."
-        }
-
-        # prompts to update if force param is not set
-        if (-not $Force) {
-            Do {
-                Write-Host ('Enter ''Y'' to update the ' + $ModuleName + ' PowerShell module to the latest version or enter ''N'' to cancel:')
-                Write-Host (' ') -NoNewline
-                $UserInput = Read-Host
-            }
-            Until ($UserInput.ToUpper() -in ('Y', 'N'))
-        } Else {
-            $UserInput = 'Y'
-        }
-
-        # if the user pressed "N" then exit
-        if ($UserInput.ToUpper() -eq 'N') {
-            Write-Host "Update cancelled."
-            continue
-        } else {
-            # else get the module config from the current module:
-            # TODO: get the json config with the private function not created yet
-            $savedJCRSettings = Get-JCRConfigFile -asObject
-
-            # now, attempt to update the module
-            try {
-                Update-Module -Name $ModuleName
-
-                # update the settings file config.json
-                Update-JCSettingsFile -settings $savedJCSettings
-                # re-import the settings file variable
-                $global:JCConfig = Get-JCSettingsFile
-            } catch {
-                Write-Error "Failed to update the module: $_"
-            }
-
-            # Get the installed module versions
-            $installedModules = Get-InstalledModule -Name $moduleName -AllVersions
-
-            # Remove the modules from the current session
-            Get-Module -Name:($ModuleName) -ListAvailable -All | Remove-Module -Force
-
-            # uninstall the older versions
-            foreach ($module in $installedModules) {
-                if ($module.Version -ne $latestModule.Version) {
-                    Uninstall-Module -Name $ModuleName -RequiredVersion $module.Version -Force
-                }
-            }
-
-            # now validate the modules
-            $currentModule = Get-InstalledModule -Name $ModuleName
-            if ($currentModule.Version -eq $latestModule.Version) {
-                Write-Host "The $ModuleName module has been updated to version $($currentModule.Version)."
-            } else {
-                Write-Error "Failed to update the module to the latest version."
-            }
-            Import-module -Name $ModuleName -Force
-
-        }
-    }
-    end {
-
-    }
-
-}
\ No newline at end of file

From 460b30809566a412bbd02e1427714198dbe2b8d5 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 11 Jun 2025 13:34:01 -0600
Subject: [PATCH 284/346] module update tests

---
 .../Private/Config/Update-JCRConfigFile.ps1   |  2 +-
 .../Public/Module/Update-JCRModule.ps1        |  4 +-
 .../Public/Module/Update-JCRModule.Tests.ps1  | 40 +++++++++++++++++--
 3 files changed, 40 insertions(+), 6 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Private/Config/Update-JCRConfigFile.ps1 b/scripts/automation/Radius/Functions/Private/Config/Update-JCRConfigFile.ps1
index 62bfa7c2c..0eaf2e6e3 100644
--- a/scripts/automation/Radius/Functions/Private/Config/Update-JCRConfigFile.ps1
+++ b/scripts/automation/Radius/Functions/Private/Config/Update-JCRConfigFile.ps1
@@ -14,7 +14,7 @@ function Update-JCRConfigFile {
 
         if (test-path -path $configFilePath) {
             # Get Contents
-            $config = Get-JCRConfigFile -Raw
+            $config = Get-JCRConfigFile -asObject
         } else {
             # Create new file with default settings
             New-JCRConfigFile
diff --git a/scripts/automation/Radius/Functions/Public/Module/Update-JCRModule.ps1 b/scripts/automation/Radius/Functions/Public/Module/Update-JCRModule.ps1
index a95128b52..481fadc57 100644
--- a/scripts/automation/Radius/Functions/Public/Module/Update-JCRModule.ps1
+++ b/scripts/automation/Radius/Functions/Public/Module/Update-JCRModule.ps1
@@ -49,9 +49,9 @@ function Update-JCRModule {
                 Update-Module -Name $ModuleName
 
                 # update the settings file config.json
-                Update-JCRConfigFile -settings $savedJCSettings
+                Update-JCRConfigFile -settings $savedJCRSettings
                 # re-import the settings file variable
-                $global:JCConfig = Get-JCSettingsFile
+                $global:JCRConfig = Get-JCRConfigFile -asObject
             } catch {
                 Write-Error "Failed to update the module: $_"
             }
diff --git a/scripts/automation/Radius/Tests/Public/Module/Update-JCRModule.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Module/Update-JCRModule.Tests.ps1
index 0c3b4e7e2..ddb1b4402 100644
--- a/scripts/automation/Radius/Tests/Public/Module/Update-JCRModule.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Module/Update-JCRModule.Tests.ps1
@@ -1,5 +1,31 @@
 Describe 'Module Update' -Tag "Module" {
     BeforeAll {
+        # Load all functions from private folders
+        Write-host "script root: $($JCScriptRoot)"
+        if (-not (test-path -path $JCScriptRoot -erroraction silentlycontinue)) {
+            write-host "JCScriptRoot not set, setting it to the parent directory of the script root"
+
+            # until we've found the correct parent path traversing up the directory tree
+            do {
+                $JCScriptRoot = Split-Path -Path $PSScriptRoot -Parent
+                # check if the JumpCloud.Radius.psd1 file exists in the parent directory
+                if (Test-Path -Path "$JCScriptRoot/JumpCloud.Radius.psd1") {
+                    break
+                }
+                # if not, traverse up one more level
+                $PSScriptRoot = $JCScriptRoot
+            } while (-not (Test-Path -Path "$JCScriptRoot/JumpCloud.Radius.psd1"))
+
+        }
+        $Private = @( Get-ChildItem -Path "$JCScriptRoot/Functions/Private/*.ps1" -Recurse)
+        Foreach ($Import in $Private) {
+            Try {
+                . $Import.FullName
+            } Catch {
+                Write-Error -Message "Failed to import function $($Import.FullName): $_"
+            }
+        }
+
         # local repo name:
         $localRepoName = 'LocalPSRepo'
         # get the registered repositories:
@@ -81,8 +107,8 @@ Describe 'Module Update' -Tag "Module" {
         }
 
         # Now publish the JumpCloud.Radius module to the local repo
-        $devModulePath = "$PSScriptRoot/../../../"
-        $psd1Path = Join-Path $devModulePath "JumpCloud.Radius.psd1"
+        $devModulePath = "$JCScriptRoot"
+        $psd1Path = Join-Path $JCScriptRoot "JumpCloud.Radius.psd1"
         $Psd1 = Import-PowerShellDataFile -Path:("$psd1Path")
         $moduleVersion = $Psd1.ModuleVersion
         $radiusModule = "JumpCloud.Radius"
@@ -159,6 +185,7 @@ Describe 'Module Update' -Tag "Module" {
         }
         It 'Module can be updated from the local repo' {
             # update the module from the local repo
+            $configFileBefore = Get-JCRConfigFile -asObject
             Update-JCRModule -Force -Repository $localRepoName
             # $updateModuleSplat = @{
             #     Name            = $moduleName
@@ -167,9 +194,16 @@ Describe 'Module Update' -Tag "Module" {
             # }
             # Update-Module @updateModuleSplat -ErrorAction Stop | Out-Null
             # check that the module is updated:
-            $updatedModule = Get-InstalledModule -Name $moduleName
+            $updatedModule = Get-InstalledModule -Name $radiusModule
             $updatedModule | Should -Not -BeNullOrEmpty
             $updatedModule.version | Should -Be $newVersion
+
+            # test that the config.json file contains the data from the previous module version
+            $configFileAfter = Get-JCRConfigFile -asObject
+
+            foreach ($property in $configFileBefore.PSObject.Properties) {
+                $configFileAfter.$($property.Name).value | Should -Be $property.value.value
+            }
         }
     }
     AfterAll {

From bef5abf46515017715686f5aea405c65cd315c56 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Thu, 12 Jun 2025 14:26:06 -0600
Subject: [PATCH 285/346] JCRScriptRoot + extensions tests

---
 .../CertDeployment/Deploy-UserCertificate.ps1 | 12 ++---
 .../CertGeneration/Generate-UserCert.ps1      |  4 +-
 .../CertGeneration/Set-JCRExtensionFile.ps1   | 23 ++++++++
 .../CertGeneration/Test-JCRExtensionFile.ps1  | 37 +++++++++++++
 .../Private/Config/Confirm-JCRConfigFile.ps1  |  4 --
 .../Private/Config/Set-JCRRadiusDirectory.ps1 |  0
 .../Config/Validate-JCRRadiusDirectory.ps1    |  0
 .../HashFunctions/Test-UserFromHash.ps1       |  2 +-
 .../Settings/Set-JCRAssociationHash.ps1       |  2 +-
 .../Private/Settings/Set-JCRSettingsFile.ps1  |  4 +-
 .../Private/UserJson/Get-UserJsonData.ps1     |  4 +-
 .../Private/UserJson/Set-UserJsonData.ps1     |  2 +-
 .../Functions/Public/Get-JCRCertReport.ps1    |  6 +--
 .../Functions/Public/Get-JCRGlobalVars.ps1    | 54 +++++++++----------
 .../Public/Module/Update-JCRModule.ps1        |  9 ++++
 .../Public/Start-DeployUserCerts.ps1          | 10 ++--
 .../Public/Start-GenerateRootCert.ps1         | 26 +++------
 .../Public/Start-MonitorCertDeployment.ps1    |  4 +-
 .../automation/Radius/JumpCloud.Radius.psm1   |  2 +-
 .../Tests/Public/Get-JCRCertReport.Tests.ps1  | 10 ++--
 .../Tests/Public/Get-JCRGlobalVars.Tests.ps1  |  8 +--
 .../Public/Module/Update-JCRModule.Tests.ps1  | 51 ++++++++++++++----
 .../Public/Start-DeployUserCerts.Tests.ps1    | 10 ++--
 .../Public/Start-GenerateUserCerts.Tests.ps1  |  8 +--
 24 files changed, 189 insertions(+), 103 deletions(-)
 create mode 100644 scripts/automation/Radius/Functions/Private/CertGeneration/Set-JCRExtensionFile.ps1
 create mode 100644 scripts/automation/Radius/Functions/Private/CertGeneration/Test-JCRExtensionFile.ps1
 create mode 100644 scripts/automation/Radius/Functions/Private/Config/Set-JCRRadiusDirectory.ps1
 create mode 100644 scripts/automation/Radius/Functions/Private/Config/Validate-JCRRadiusDirectory.ps1

diff --git a/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1 b/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
index 3c8f64dbb..065813b2e 100644
--- a/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
@@ -380,7 +380,7 @@ chmod 755 /tmp/$($user.userName)-client-signed.pfx
 currentUser=`$(/usr/bin/stat -f%Su /dev/console)
 currentUserUID=`$(id -u "`$currentUser")
 currentCertSN="$($certInfo.serial)"
-networkSsid="$($JCR_NETWORKSSID)"
+networkSsid="$($global:JCRConfig.networkSSID.value)"
 # store orig case match value
 caseMatchOrigValue=`$(shopt -p nocasematch; true)
 # set to case-insensitive
@@ -435,7 +435,7 @@ else
 fi
 
 if [[ `$import == true ]]; then
-    /bin/launchctl asuser "`$currentUserUID" sudo -iu "`$currentUser" /usr/bin/security import /tmp/$($user.userName)-client-signed.pfx -x -k /Users/$($user.localUsername)/Library/Keychains/login.keychain -P $JCR_USER_CERT_PASS -T "/System/Library/SystemConfiguration/EAPOLController.bundle/Contents/Resources/eapolclient"
+    /bin/launchctl asuser "`$currentUserUID" sudo -iu "`$currentUser" /usr/bin/security import /tmp/$($user.userName)-client-signed.pfx -x -k /Users/$($user.localUsername)/Library/Keychains/login.keychain -P $($global:JCRConfig.certSecretPass.value) -T "/System/Library/SystemConfiguration/EAPOLController.bundle/Contents/Resources/eapolclient"
     if [[ `$? -eq 0 ]]; then
         echo "Import Success"
         # get the SHA hash of the newly imported cert
@@ -452,8 +452,8 @@ else
     echo "cert already imported"
 fi
 
-# check if the cert secruity preference is set:
-IFS=';' read -ra network <<< "`$JCR_NETWORKSSID"
+# check if the cert security preference is set:
+IFS=';' read -ra network <<< "`$(`$global:JCRConfig.networkSSID.value)"
 for i in "`${network[@]}"; do
     echo "begin setting network SSID: `$i"
     if /bin/launchctl asuser "`$currentUserUID" sudo -iu "`$currentUser" /usr/bin/security get-identity-preference -s "com.apple.network.eap.user.identity.wlan.ssid.`$i" -Z "`$installedCertSHA"; then
@@ -644,8 +644,8 @@ If (Test-Path "C:\RadiusCert"){
 }
 # expand archive as root and copy to temp location
 Expand-Archive -LiteralPath C:\Windows\Temp\$($user.userName)-client-signed.zip -DestinationPath C:\RadiusCert -Force
-`$password = ConvertTo-SecureString -String $JCR_USER_CERT_PASS -AsPlainText -Force
-`$ScriptBlockInstall = { `$password = ConvertTo-SecureString -String $JCR_USER_CERT_PASS -AsPlainText -Force
+`$password = ConvertTo-SecureString -String $($global:JCRConfig.certSecretPass.value) -AsPlainText -Force
+`$ScriptBlockInstall = { `$password = ConvertTo-SecureString -String $($global:JCRConfig.certSecretPass.value) -AsPlainText -Force
 Import-PfxCertificate -Password `$password -FilePath "C:\RadiusCert\$($user.userName)-client-signed.pfx" -CertStoreLocation Cert:\CurrentUser\My
 }
 `$imported = Get-PfxData -Password `$password -FilePath "C:\RadiusCert\$($user.userName)-client-signed.pfx"
diff --git a/scripts/automation/Radius/Functions/Private/CertGeneration/Generate-UserCert.ps1 b/scripts/automation/Radius/Functions/Private/CertGeneration/Generate-UserCert.ps1
index ebe8c9fd6..bf06ffb77 100644
--- a/scripts/automation/Radius/Functions/Private/CertGeneration/Generate-UserCert.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertGeneration/Generate-UserCert.ps1
@@ -21,7 +21,7 @@ function Generate-UserCert {
         $user
     )
     begin {
-        # . "$JCScriptRoot/Config.ps1"
+        # . "$JCRScriptRoot/Config.ps1"
         if (-Not (Test-Path -Path $rootCAKey)) {
             Throw "RootCAKey could not be found in project directory, have you run Generate-Cert.ps1?"
             exit 1
@@ -33,7 +33,7 @@ function Generate-UserCert {
     }
     process {
         # Set Extension Path
-        $extensionsDir = Join-Path $global:JCRConfig.radiusDirectory.value "Extensions"
+        $extensionsDir = Join-Path $JCRScriptRoot "Extensions"
         $expectedFile = "extensions-$certType.cnf"
         $ExtensionPath = Get-ChildItem -Path $extensionsDir -Filter "extensions-*.cnf" | Where-Object { $_.Name -ieq $expectedFile } | Select-Object -First 1
 
diff --git a/scripts/automation/Radius/Functions/Private/CertGeneration/Set-JCRExtensionFile.ps1 b/scripts/automation/Radius/Functions/Private/CertGeneration/Set-JCRExtensionFile.ps1
new file mode 100644
index 000000000..876ae2a67
--- /dev/null
+++ b/scripts/automation/Radius/Functions/Private/CertGeneration/Set-JCRExtensionFile.ps1
@@ -0,0 +1,23 @@
+function Set-JCRExtensionFile {
+    [CmdletBinding()]
+    param ()
+
+    $extensionsDir = Join-Path $JCRScriptRoot "Extensions"
+    $exts = Get-ChildItem -Path (Resolve-Path -Path $extensionsDir) -Filter "extensions-*.cnf"
+    foreach ($ext in $exts) {
+        Write-Host "Updating Subject Headers for $($ext.Name)"
+        $extContent = Get-Content -Path $ext.FullName -Raw
+        $reqDistinguishedName = @"
+[req_distinguished_name]
+C = $($global:JCRConfig.certSubjectHeaderCountryCode.value)
+ST = $($global:JCRConfig.certSubjectHeaderStateCode.value)
+L = $($global:JCRConfig.certSubjectHeaderLocality.value)
+O = $($global:JCRConfig.certSubjectHeaderOrganization.value)
+OU = $($global:JCRConfig.certSubjectHeaderOrganizationUnit.value)
+CN = $($global:JCRConfig.certSubjectHeaderCommonName.value)
+
+"@
+        $updatedContent = $extContent -Replace "(\[req_distinguished_name\][\s\S]*?)(?=\[v3_req\])", $reqDistinguishedName
+        Set-Content -Path $ext.FullName -Value $updatedContent -NoNewline -Force
+    }
+}
\ No newline at end of file
diff --git a/scripts/automation/Radius/Functions/Private/CertGeneration/Test-JCRExtensionFile.ps1 b/scripts/automation/Radius/Functions/Private/CertGeneration/Test-JCRExtensionFile.ps1
new file mode 100644
index 000000000..2376ea564
--- /dev/null
+++ b/scripts/automation/Radius/Functions/Private/CertGeneration/Test-JCRExtensionFile.ps1
@@ -0,0 +1,37 @@
+function Test-JCRExtensionFile {
+    [CmdletBinding()]
+    param ()
+
+    $extensionsDir = Join-Path $JCRScriptRoot "Extensions"
+    $exts = Get-ChildItem -Path (Resolve-Path -Path $extensionsDir) -Filter "extensions-*.cnf"
+    $allValid = $true
+
+    foreach ($ext in $exts) {
+        Write-Host "Validating Subject Headers for $($ext.Name)"
+        $extContent = Get-Content -Path $ext.FullName -Raw
+
+        $expected = @{
+            'C'  = $global:JCRConfig.certSubjectHeaderCountryCode.value
+            'ST' = $global:JCRConfig.certSubjectHeaderStateCode.value
+            'L'  = $global:JCRConfig.certSubjectHeaderLocality.value
+            'O'  = $global:JCRConfig.certSubjectHeaderOrganization.value
+            'OU' = $global:JCRConfig.certSubjectHeaderOrganizationUnit.value
+            'CN' = $global:JCRConfig.certSubjectHeaderCommonName.value
+        }
+
+        foreach ($key in $expected.Keys) {
+            $pattern = "$key\s*=\s*(.+)"
+            if ($extContent -match $pattern) {
+                $actual = $Matches[1].Trim()
+                if ($actual -ne $expected[$key]) {
+                    Write-Error "Mismatch in $($ext.Name): $key expected '$($expected[$key])' but found '$actual'"
+                    $allValid = $false
+                }
+            } else {
+                Write-Error "Header $key not found in $($ext.Name)"
+                $allValid = $false
+            }
+        }
+    }
+    return $allValid
+}
\ No newline at end of file
diff --git a/scripts/automation/Radius/Functions/Private/Config/Confirm-JCRConfigFile.ps1 b/scripts/automation/Radius/Functions/Private/Config/Confirm-JCRConfigFile.ps1
index 16c2d483f..8e8197c99 100644
--- a/scripts/automation/Radius/Functions/Private/Config/Confirm-JCRConfigFile.ps1
+++ b/scripts/automation/Radius/Functions/Private/Config/Confirm-JCRConfigFile.ps1
@@ -26,10 +26,6 @@ function Confirm-JCRConfigFile {
             # specifically for the openssl binary, check if the path exists
             if ($settingName -eq 'openSSLBinary' -and $settingValue.value -ne $null) {
                 Get-OpenSSLVersion -opensslBinary $settingValue.value
-                # if (-not (Test-Path -Path $settingValue.value)) {
-
-                #     Write-Warning "The OpenSSL binary path '$($settingValue.value)' does not exist. Please set it with Set-JCRConfigFile."
-                # }
             }
         }
     }
diff --git a/scripts/automation/Radius/Functions/Private/Config/Set-JCRRadiusDirectory.ps1 b/scripts/automation/Radius/Functions/Private/Config/Set-JCRRadiusDirectory.ps1
new file mode 100644
index 000000000..e69de29bb
diff --git a/scripts/automation/Radius/Functions/Private/Config/Validate-JCRRadiusDirectory.ps1 b/scripts/automation/Radius/Functions/Private/Config/Validate-JCRRadiusDirectory.ps1
new file mode 100644
index 000000000..e69de29bb
diff --git a/scripts/automation/Radius/Functions/Private/HashFunctions/Test-UserFromHash.ps1 b/scripts/automation/Radius/Functions/Private/HashFunctions/Test-UserFromHash.ps1
index 71dfe5a20..a6ee2b358 100644
--- a/scripts/automation/Radius/Functions/Private/HashFunctions/Test-UserFromHash.ps1
+++ b/scripts/automation/Radius/Functions/Private/HashFunctions/Test-UserFromHash.ps1
@@ -13,7 +13,7 @@ function Test-UserFromHash {
     begin {
         # Get User Group membership
         if ( -not $Global:JCRUsers ) {
-            $Global:JCRUsers = Get-Content -path "$JCScriptRoot/data/userHash.json" | ConvertFrom-Json -AsHashtable
+            $Global:JCRUsers = Get-Content -path "$JCRScriptRoot/data/userHash.json" | ConvertFrom-Json -AsHashtable
         }
     }
     process {
diff --git a/scripts/automation/Radius/Functions/Private/Settings/Set-JCRAssociationHash.ps1 b/scripts/automation/Radius/Functions/Private/Settings/Set-JCRAssociationHash.ps1
index e91d4dc2e..5a3547013 100644
--- a/scripts/automation/Radius/Functions/Private/Settings/Set-JCRAssociationHash.ps1
+++ b/scripts/automation/Radius/Functions/Private/Settings/Set-JCRAssociationHash.ps1
@@ -7,7 +7,7 @@ function Set-JCRAssociationHash {
     )
     begin {
         # get the data
-        $associationFile = "$JCScriptRoot/data/associationHash.json"
+        $associationFile = "$JCRScriptRoot/data/associationHash.json"
         $associationContent = Get-Content -Path $associationFile | ConvertFrom-Json -depth 6 -AsHashtable
     }
     process {
diff --git a/scripts/automation/Radius/Functions/Private/Settings/Set-JCRSettingsFile.ps1 b/scripts/automation/Radius/Functions/Private/Settings/Set-JCRSettingsFile.ps1
index 8a91edfdd..fd7f24ee6 100644
--- a/scripts/automation/Radius/Functions/Private/Settings/Set-JCRSettingsFile.ps1
+++ b/scripts/automation/Radius/Functions/Private/Settings/Set-JCRSettingsFile.ps1
@@ -3,7 +3,7 @@ function Set-JCRSettingsFile {
     param (
     )
     DynamicParam {
-        $ModuleRoot = (Get-Item -Path:($JCScriptRoot))
+        $ModuleRoot = (Get-Item -Path:($JCRScriptRoot))
         $configFilePath = join-path -path $ModuleRoot -childpath 'settings.json'
 
 
@@ -54,7 +54,7 @@ function Set-JCRSettingsFile {
     begin {
 
         # Config should be in /PowerShell/JumpCloudModule/Config.json
-        $ModuleRoot = (Get-Item -Path:($JCScriptRoot))
+        $ModuleRoot = (Get-Item -Path:($JCRScriptRoot))
         $configFilePath = join-path -path $ModuleRoot -childpath 'settings.json'
 
         if (test-path -path $configFilePath) {
diff --git a/scripts/automation/Radius/Functions/Private/UserJson/Get-UserJsonData.ps1 b/scripts/automation/Radius/Functions/Private/UserJson/Get-UserJsonData.ps1
index cf4b60152..87b1055b5 100644
--- a/scripts/automation/Radius/Functions/Private/UserJson/Get-UserJsonData.ps1
+++ b/scripts/automation/Radius/Functions/Private/UserJson/Get-UserJsonData.ps1
@@ -5,8 +5,8 @@ function Get-UserJsonData {
 
     )
     begin {
-        if (Test-Path -Path "$JCScriptRoot/users.json" -PathType Leaf) {
-            $content = (Get-Content -Raw -Path "$JCScriptRoot/users.json")
+        if (Test-Path -Path "$JCRScriptRoot/users.json" -PathType Leaf) {
+            $content = (Get-Content -Raw -Path "$JCRScriptRoot/users.json")
             if ([string]::isNullOrEmpty($content)) {
                 $userArray = New-Object System.Collections.ArrayList
             } else {
diff --git a/scripts/automation/Radius/Functions/Private/UserJson/Set-UserJsonData.ps1 b/scripts/automation/Radius/Functions/Private/UserJson/Set-UserJsonData.ps1
index 4d3aba071..bdd39f53d 100644
--- a/scripts/automation/Radius/Functions/Private/UserJson/Set-UserJsonData.ps1
+++ b/scripts/automation/Radius/Functions/Private/UserJson/Set-UserJsonData.ps1
@@ -11,6 +11,6 @@ function Set-UserJsonData {
         $array.add($userArray)
         $userArray = $array
     }
-    $userArray | ConvertTo-Json -Depth 6 | Set-Content -Path "$JCScriptRoot/users.json"
+    $userArray | ConvertTo-Json -Depth 6 | Set-Content -Path "$JCRScriptRoot/users.json"
 
 }
\ No newline at end of file
diff --git a/scripts/automation/Radius/Functions/Public/Get-JCRCertReport.ps1 b/scripts/automation/Radius/Functions/Public/Get-JCRCertReport.ps1
index 2bb4a4ec7..cc4a1f676 100644
--- a/scripts/automation/Radius/Functions/Public/Get-JCRCertReport.ps1
+++ b/scripts/automation/Radius/Functions/Public/Get-JCRCertReport.ps1
@@ -21,9 +21,9 @@ function Get-JCRCertReport {
     # Initialize an empty array to store the results
     $reportData = New-Object System.Collections.ArrayList
 
-    $radiusMembersPath = Join-Path -Path $JCScriptRoot -ChildPath "data/radiusMembers.json"
-    $certHashPath = Join-Path -Path $JCScriptRoot -ChildPath "data/certHash.json"
-    $associationHashPath = Join-Path -Path $JCScriptRoot -ChildPath "data/associationHash.json"
+    $radiusMembersPath = Join-Path -Path $JCRScriptRoot -ChildPath "data/radiusMembers.json"
+    $certHashPath = Join-Path -Path $JCRScriptRoot -ChildPath "data/certHash.json"
+    $associationHashPath = Join-Path -Path $JCRScriptRoot -ChildPath "data/associationHash.json"
 
     if (!(Test-Path $radiusMembersPath)) {
         Write-Error "radiusMembers.json not found at $radiusMembersPath"
diff --git a/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1 b/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
index 74033af83..fbfbda125 100644
--- a/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
+++ b/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
@@ -20,9 +20,9 @@ function Get-JCRGlobalVars {
             Connect-JCOnline -force
         }
         # ensure the data directory exists to cache the json files:
-        if (-not (Test-Path "$JCScriptRoot/data")) {
+        if (-not (Test-Path "$JCRScriptRoot/data")) {
             Write-Host "[status] Creating Data Directory"
-            New-Item -ItemType Directory -Path "$JCScriptRoot/data"
+            New-Item -ItemType Directory -Path "$JCRScriptRoot/data"
         }
 
         if (-Not $global:JCRConfig) {
@@ -82,43 +82,43 @@ function Get-JCRGlobalVars {
         # also validate that the data files are non-null, if they are, force update]
         $requiredHashFiles = @('radiusMembers.json', 'systemHash.json', 'userHash.json', 'certHash.json')
         foreach ($file in $requiredHashFiles) {
-            if (Test-Path -Path "$JCScriptRoot/data/$file") {
-                $fileContents = Get-Content "$JCScriptRoot/data/$file"
+            if (Test-Path -Path "$JCRScriptRoot/data/$file") {
+                $fileContents = Get-Content "$JCRScriptRoot/data/$file"
             } else {
-                Write-Host "[status] $JCScriptRoot/data/$file file does not exist, updating global variables"
+                Write-Host "[status] $JCRScriptRoot/data/$file file does not exist, updating global variables"
                 $update = $true
             }
             # if the file is null force update
             if ([string]::IsNullOrEmpty($fileContents)) {
-                Write-Host "[status] $JCScriptRoot/data/$file file is null, updating global variables"
+                Write-Host "[status] $JCRScriptRoot/data/$file file is null, updating global variables"
                 $update = $true
             }
         }
 
         $requiredAssociationHashFiles = @('associationHash.json')
         foreach ($file in $requiredAssociationHashFiles) {
-            if (Test-Path -Path "$JCScriptRoot/data/$file") {
-                $fileContents = Get-Content "$JCScriptRoot/data/$file"
+            if (Test-Path -Path "$JCRScriptRoot/data/$file") {
+                $fileContents = Get-Content "$JCRScriptRoot/data/$file"
                 switch ($skipAssociation) {
                     $true {
-                        # Write-Host "[status] $JCScriptRoot/data/$file will be skipped"
+                        # Write-Host "[status] $JCRScriptRoot/data/$file will be skipped"
                         $updateAssociation = $false
                     }
                 }
             } else {
-                Write-Host "[status] $JCScriptRoot/data/$file file does not exist, updating global variables"
+                Write-Host "[status] $JCRScriptRoot/data/$file file does not exist, updating global variables"
                 $update = $true
                 $updateAssociation = $true
             }
             # if the file is null force update
             if ([string]::IsNullOrEmpty($fileContents)) {
-                Write-Host "[status] $JCScriptRoot/data/$file file is null, updating global variables"
+                Write-Host "[status] $JCRScriptRoot/data/$file file is null, updating global variables"
                 $update = $true
                 $updateAssociation = $true
             } else {
                 switch ($skipAssociation) {
                     $true {
-                        # Write-Host "[status] $JCScriptRoot/data/$file will be skipped"
+                        # Write-Host "[status] $JCRScriptRoot/data/$file will be skipped"
                         $updateAssociation = $false
                     }
                 }
@@ -164,9 +164,9 @@ function Get-JCRGlobalVars {
                         }
                     }
                     # write out the association hash
-                    $userAssociationList | ConvertTo-Json -Depth 10 | Out-File "$JCScriptRoot/data/associationHash.json"
+                    $userAssociationList | ConvertTo-Json -Depth 10 | Out-File "$JCRScriptRoot/data/associationHash.json"
                 } else {
-                    $userAssociationList = Get-Content -Raw -Path "$JCScriptRoot/data/associationHash.json" | ConvertFrom-Json -Depth 6 -AsHashtable
+                    $userAssociationList = Get-Content -Raw -Path "$JCRScriptRoot/data/associationHash.json" | ConvertFrom-Json -Depth 6 -AsHashtable
 
                 }
                 if ($setAssociations) {
@@ -194,10 +194,10 @@ function Get-JCRGlobalVars {
 
                     }
                     # write out the association hash
-                    $userAssociationList | ConvertTo-Json -Depth 10 | Out-File "$JCScriptRoot/data/associationHash.json"
+                    $userAssociationList | ConvertTo-Json -Depth 10 | Out-File "$JCRScriptRoot/data/associationHash.json"
                 }
                 if ($associationUsername) {
-                    $userAssociationList = Get-Content -Raw -Path "$JCScriptRoot/data/associationHash.json" | ConvertFrom-Json -Depth 6 -AsHashtable
+                    $userAssociationList = Get-Content -Raw -Path "$JCRScriptRoot/data/associationHash.json" | ConvertFrom-Json -Depth 6 -AsHashtable
                     $matchedUser = $radiusMemberList | Where-Object { $_.username -eq $associationUsername }
                     if (-Not $matchedUser) {
                         Write-Warning "user not found"
@@ -239,20 +239,20 @@ function Get-JCRGlobalVars {
                         #
                     }
                     # write out the association hash
-                    $userAssociationList | ConvertTo-Json -Depth 10 | Out-File "$JCScriptRoot/data/associationHash.json"
+                    $userAssociationList | ConvertTo-Json -Depth 10 | Out-File "$JCRScriptRoot/data/associationHash.json"
                 }
                 # update certHash in parallel:
                 $certHash = Get-CertHash
 
                 # finally write out the data to file:
-                $users | ConvertTo-Json -Depth 100 -Compress | Out-File "$JCScriptRoot/data/userHash.json"
-                $systems | ConvertTo-Json -Depth 10 | Out-File "$JCScriptRoot/data/systemHash.json"
-                $radiusMemberList | ConvertTo-Json | Out-File "$JCScriptRoot/data/radiusMembers.json"
-                $certHash | ConvertTo-Json | Out-File "$JCScriptRoot/data/certHash.json"
+                $users | ConvertTo-Json -Depth 100 -Compress | Out-File "$JCRScriptRoot/data/userHash.json"
+                $systems | ConvertTo-Json -Depth 10 | Out-File "$JCRScriptRoot/data/systemHash.json"
+                $radiusMemberList | ConvertTo-Json | Out-File "$JCRScriptRoot/data/radiusMembers.json"
+                $certHash | ConvertTo-Json | Out-File "$JCRScriptRoot/data/certHash.json"
             }
             $false {
                 # write-host "It's been $($lastUpdateTimespan.hours) hours since we last pulled user, system and association data, no need to update"
-                $userAssociationList = Get-Content -Raw -Path "$JCScriptRoot/data/associationHash.json" | ConvertFrom-Json -Depth 6 -AsHashtable
+                $userAssociationList = Get-Content -Raw -Path "$JCRScriptRoot/data/associationHash.json" | ConvertFrom-Json -Depth 6 -AsHashtable
             }
         }
     }
@@ -272,11 +272,11 @@ function Get-JCRGlobalVars {
             }
             $false {
                 # set global vars from local cache
-                $Global:JCRUsers = Get-Content -Path "$JCScriptRoot/data/userHash.json" | ConvertFrom-Json -AsHashtable
-                $Global:JCRSystems = Get-Content -Path "$JCScriptRoot/data/systemHash.json" | ConvertFrom-Json -AsHashtable
-                $Global:JCRAssociations = Get-Content -Path "$JCScriptRoot/data/associationHash.json" | ConvertFrom-Json -AsHashtable
-                [array]$Global:JCRRadiusMembers = Get-Content -Path "$JCScriptRoot/data/radiusMembers.json" | ConvertFrom-Json -AsHashtable
-                $Global:JCRCertHash = Get-Content -Path "$JCScriptRoot/data/certHash.json" | ConvertFrom-Json -AsHashtable
+                $Global:JCRUsers = Get-Content -Path "$JCRScriptRoot/data/userHash.json" | ConvertFrom-Json -AsHashtable
+                $Global:JCRSystems = Get-Content -Path "$JCRScriptRoot/data/systemHash.json" | ConvertFrom-Json -AsHashtable
+                $Global:JCRAssociations = Get-Content -Path "$JCRScriptRoot/data/associationHash.json" | ConvertFrom-Json -AsHashtable
+                [array]$Global:JCRRadiusMembers = Get-Content -Path "$JCRScriptRoot/data/radiusMembers.json" | ConvertFrom-Json -AsHashtable
+                $Global:JCRCertHash = Get-Content -Path "$JCRScriptRoot/data/certHash.json" | ConvertFrom-Json -AsHashtable
                 # update users.json
                 Update-JCRUsersJson
             }
diff --git a/scripts/automation/Radius/Functions/Public/Module/Update-JCRModule.ps1 b/scripts/automation/Radius/Functions/Public/Module/Update-JCRModule.ps1
index 481fadc57..5fe8dfec5 100644
--- a/scripts/automation/Radius/Functions/Public/Module/Update-JCRModule.ps1
+++ b/scripts/automation/Radius/Functions/Public/Module/Update-JCRModule.ps1
@@ -52,6 +52,8 @@ function Update-JCRModule {
                 Update-JCRConfigFile -settings $savedJCRSettings
                 # re-import the settings file variable
                 $global:JCRConfig = Get-JCRConfigFile -asObject
+
+
             } catch {
                 Write-Error "Failed to update the module: $_"
             }
@@ -78,6 +80,13 @@ function Update-JCRModule {
             }
             Import-module -Name $ModuleName -Force
 
+            if (-not (Test-JCRExtensionFile)) {
+                Write-Host "Extensions file is not valid, updating it now..."
+                Set-JCRExtensionFile
+            } else {
+                Write-Host "Extensions file is valid, no need to update"
+            }
+
         }
     }
     end {
diff --git a/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1 b/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1
index eb1f5075a..58805d5c6 100644
--- a/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1
+++ b/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1
@@ -31,7 +31,7 @@ function Start-DeployUserCerts {
     # identify users that need their certs still deployed
     $usersWithoutLatestCert = Get-UsersThatNeedCertWork -userData $userArray
     # set the script root variable to use for parallel functions:
-    $JCScriptRoot = $Global:JCScriptRoot
+    $JCRScriptRoot = $Global:JCRScriptRoot
 
     do {
         switch ($PSCmdlet.ParameterSetName) {
@@ -97,10 +97,10 @@ function Start-DeployUserCerts {
                     # set the required variables
                     $JCAPIKEY = $using:JCAPIKEY
                     $JCORGID = $using:JCORGID
-                    $JCScriptRoot = $using:JCScriptRoot
+                    $JCRScriptRoot = $using:JCRScriptRoot
 
                     # Import the private functions
-                    $Private = @( Get-ChildItem -Path "$JCScriptRoot/Functions/Private/*.ps1" -Recurse )
+                    $Private = @( Get-ChildItem -Path "$JCRScriptRoot/Functions/Private/*.ps1" -Recurse )
                     foreach ($Import in $Private) {
                         Try {
                             . $Import.FullName
@@ -186,7 +186,7 @@ function Start-DeployUserCerts {
                     # set the required variables
                     $JCAPIKEY = $using:JCAPIKEY
                     $JCORGID = $using:JCORGID
-                    $JCScriptRoot = $using:JCScriptRoot
+                    $JCRScriptRoot = $using:JCRScriptRoot
 
                     # set the required global variables
                     $global:JCRConfig = @{
@@ -214,7 +214,7 @@ function Start-DeployUserCerts {
                     $workDoneArray = $using:workDoneArray
 
                     # Import the private functions
-                    $Private = @( Get-ChildItem -Path "$JCScriptRoot/Functions/Private/*.ps1" -Recurse )
+                    $Private = @( Get-ChildItem -Path "$JCRScriptRoot/Functions/Private/*.ps1" -Recurse )
                     foreach ($Import in $Private) {
                         Try {
                             . $Import.FullName
diff --git a/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1 b/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1
index bb5a7182f..b452ea7d5 100644
--- a/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1
+++ b/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1
@@ -27,7 +27,7 @@ Function Start-GenerateRootCert {
     # Radius CBA-BYO Authentication UI
 
     # Edit the variables in Config.ps1 before running this script
-    # . "$JCScriptRoot/Config.ps1"
+    # . "$JCRScriptRoot/Config.ps1"
 
     # if ( ([System.String]::IsNullOrEmpty($JCORGID)) -Or ($JCORGID.Length -ne 24) ) {
     #     throw "OrganizationID not specified, please update Config.ps1"
@@ -36,7 +36,7 @@ Function Start-GenerateRootCert {
     ################################################################################
     # Do Not Edit Below:
     ################################################################################
-    # Set-Location $JCScriptRoot
+    # Set-Location $JCRScriptRoot
 
     # REM Generate Root Server Private Key and server certificate (self signed as CA)
     Write-Host "Generating Self Signed Root CA Certificate"
@@ -154,21 +154,11 @@ Function Start-GenerateRootCert {
                         Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) x509 -in `"$outCA`" -noout -text"
                         # openssl x509 -in ca-cert.pem -noout -text
                         # Update Extensions Distinguished Names:
-                        $exts = Get-ChildItem -Path (Resolve-Path -path "$JCScriptRoot/Extensions")
-                        foreach ($ext in $exts) {
-                            Write-Host "Updating Subject Headers for $($ext.Name)"
-                            $extContent = Get-Content -Path $ext.FullName -Raw
-                            $reqDistinguishedName = @"
-[req_distinguished_name]
-C = $($($global:JCRConfig.certSubjectHeaderCountryCode.value))
-ST = $($($global:JCRConfig.certSubjectHeaderStateCode.value))
-L = $($($global:JCRConfig.certSubjectHeaderLocality.value))
-O = $($($global:JCRConfig.certSubjectHeaderOrganization.value))
-OU = $($($global:JCRConfig.certSubjectHeaderOrganizationUnit.value))
-CN = $($($global:JCRConfig.certSubjectHeaderCommonName.value))
-
-"@
-                            $extContent -Replace ("\[req_distinguished_name\][\s\S]*(?=\[v3_req\])", $reqDistinguishedName) | Set-Content -Path $ext.FullName -NoNewline -Force
+                        if (-not (Test-JCRExtensionFile)) {
+                            Write-Host "Extensions file is not valid, updating it now..."
+                            Set-JCRExtensionFile
+                        } else {
+                            Write-Host "Extensions file is valid, no need to update"
                         }
                     }
                     $false {
@@ -219,7 +209,7 @@ CN = $($($global:JCRConfig.certSubjectHeaderCommonName.value))
                 Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) x509 -in `"$outCA`" -noout -text"
                 # openssl x509 -in ca-cert.pem -noout -text
                 # Update Extensions Distinguished Names:
-                $exts = Get-ChildItem -Path (Resolve-Path -path "$JCScriptRoot/Extensions")
+                $exts = Get-ChildItem -Path (Resolve-Path -path "$JCRScriptRoot/Extensions")
                 foreach ($ext in $exts) {
                     Write-Host "Updating Subject Headers for $($ext.Name)"
                     $extContent = Get-Content -Path $ext.FullName -Raw
diff --git a/scripts/automation/Radius/Functions/Public/Start-MonitorCertDeployment.ps1 b/scripts/automation/Radius/Functions/Public/Start-MonitorCertDeployment.ps1
index bdc4c1004..fe8ed67e9 100644
--- a/scripts/automation/Radius/Functions/Public/Start-MonitorCertDeployment.ps1
+++ b/scripts/automation/Radius/Functions/Public/Start-MonitorCertDeployment.ps1
@@ -5,9 +5,9 @@ Function Start-MonitorCertDeployment {
     # Do not modify below
     ################################################################################
     # Import the functions
-    # Import-Module "$JCScriptRoot/Functions/JCRadiusCertDeployment.psm1" -DisableNameChecking -Force
+    # Import-Module "$JCRScriptRoot/Functions/JCRadiusCertDeployment.psm1" -DisableNameChecking -Force
     # Define jsonData file
-    $jsonFile = "$JCScriptRoot/users.json"
+    $jsonFile = "$JCRScriptRoot/users.json"
 
 
 
diff --git a/scripts/automation/Radius/JumpCloud.Radius.psm1 b/scripts/automation/Radius/JumpCloud.Radius.psm1
index 9be032a2a..3fd3682c8 100644
--- a/scripts/automation/Radius/JumpCloud.Radius.psm1
+++ b/scripts/automation/Radius/JumpCloud.Radius.psm1
@@ -21,7 +21,7 @@ Foreach ($Import in $Public) {
 # setup:
 # build required users.json file:
 # set script root:
-$global:JCScriptRoot = "$PSScriptRoot"
+$global:JCRScriptRoot = "$PSScriptRoot"
 
 # from the settings file we should have a location for the certs and user certs
 
diff --git a/scripts/automation/Radius/Tests/Public/Get-JCRCertReport.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Get-JCRCertReport.Tests.ps1
index 35d387558..03f6a74f3 100644
--- a/scripts/automation/Radius/Tests/Public/Get-JCRCertReport.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Get-JCRCertReport.Tests.ps1
@@ -1,7 +1,7 @@
 Describe 'User Cert Report' -Tag "Reports" {
     BeforeAll {
         # Load all functions from private folders
-        $Private = @( Get-ChildItem -Path "$JCScriptRoot/Functions/Private/*.ps1" -Recurse)
+        $Private = @( Get-ChildItem -Path "$JCRScriptRoot/Functions/Private/*.ps1" -Recurse)
         Foreach ($Import in $Private) {
             Try {
                 . $Import.FullName
@@ -23,15 +23,15 @@ Describe 'User Cert Report' -Tag "Reports" {
     Context "Report Generation" {
         It "Generates the Report" {
             # Export the report
-            Get-JCRCertReport -ExportFilePath "$JCScriptRoot/testReport.csv"
-            $report = Import-Csv -Path "$JCScriptRoot/testReport.csv"
+            Get-JCRCertReport -ExportFilePath "$JCRScriptRoot/testReport.csv"
+            $report = Import-Csv -Path "$JCRScriptRoot/testReport.csv"
             $report | Should -Not -BeNullOrEmpty
         }
         It "Checks for invalid Path" {
             # Export the report
-            { Get-JCRCertReport -ExportFilePath "$JCScriptRoot/testReport" } | Should -Throw
+            { Get-JCRCertReport -ExportFilePath "$JCRScriptRoot/testReport" } | Should -Throw
             { Get-JCRCertReport -ExportFilePath "testReport" } | Should -Throw
-            { Get-JCRCertReport -ExportFilePath "$JCScriptRoot/testReport.csv" } | Should -Not -Throw
+            { Get-JCRCertReport -ExportFilePath "$JCRScriptRoot/testReport.csv" } | Should -Not -Throw
         }
     }
 }
\ No newline at end of file
diff --git a/scripts/automation/Radius/Tests/Public/Get-JCRGlobalVars.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Get-JCRGlobalVars.Tests.ps1
index 40bcae8cf..23e277ada 100644
--- a/scripts/automation/Radius/Tests/Public/Get-JCRGlobalVars.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Get-JCRGlobalVars.Tests.ps1
@@ -1,6 +1,6 @@
 Describe "Get Global Variable Data Tests" -Tag "Cache" {
     BeforeAll {
-        $dataPath = "$JCScriptRoot/data/"
+        $dataPath = "$JCRScriptRoot/data/"
         $requiredFiles = @(
             'associationHash.json',
             'radiusMembers.json',
@@ -9,7 +9,7 @@ Describe "Get Global Variable Data Tests" -Tag "Cache" {
             'certHash.json'
         )
         # explicitly import the settings file functions for these tests:
-        $Private = @( Get-ChildItem -Path "$JCScriptRoot/Functions/Private/Settings/*.ps1" -Recurse)
+        $Private = @( Get-ChildItem -Path "$JCRScriptRoot/Functions/Private/Settings/*.ps1" -Recurse)
         Foreach ($Import in $Private) {
             Try {
                 . $Import.FullName
@@ -182,8 +182,8 @@ Describe "Get Global Variable Data Tests" -Tag "Cache" {
                 )
             }
             # write the mocked certHash to the data file:
-            $certHash | ConvertTo-Json |  Out-File "$JCScriptRoot/data/certHash.json"
-            $Global:JCRCertHash = Get-Content -path "$JCScriptRoot/data/certHash.json" | ConvertFrom-Json -AsHashtable
+            $certHash | ConvertTo-Json |  Out-File "$JCRScriptRoot/data/certHash.json"
+            $Global:JCRCertHash = Get-Content -path "$JCRScriptRoot/data/certHash.json" | ConvertFrom-Json -AsHashtable
             # update the users json file
             Update-JCRUsersJson
             $userArray = Get-UserJsonData
diff --git a/scripts/automation/Radius/Tests/Public/Module/Update-JCRModule.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Module/Update-JCRModule.Tests.ps1
index ddb1b4402..14e94f347 100644
--- a/scripts/automation/Radius/Tests/Public/Module/Update-JCRModule.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Module/Update-JCRModule.Tests.ps1
@@ -1,23 +1,23 @@
 Describe 'Module Update' -Tag "Module" {
     BeforeAll {
         # Load all functions from private folders
-        Write-host "script root: $($JCScriptRoot)"
-        if (-not (test-path -path $JCScriptRoot -erroraction silentlycontinue)) {
-            write-host "JCScriptRoot not set, setting it to the parent directory of the script root"
+        Write-host "script root: $($JCRScriptRoot)"
+        if (-not (test-path -path $JCRScriptRoot -erroraction silentlycontinue)) {
+            write-host "JCRScriptRoot not set, setting it to the parent directory of the script root"
 
             # until we've found the correct parent path traversing up the directory tree
             do {
-                $JCScriptRoot = Split-Path -Path $PSScriptRoot -Parent
+                $JCRScriptRoot = Split-Path -Path $PSScriptRoot -Parent
                 # check if the JumpCloud.Radius.psd1 file exists in the parent directory
-                if (Test-Path -Path "$JCScriptRoot/JumpCloud.Radius.psd1") {
+                if (Test-Path -Path "$JCRScriptRoot/JumpCloud.Radius.psd1") {
                     break
                 }
                 # if not, traverse up one more level
-                $PSScriptRoot = $JCScriptRoot
-            } while (-not (Test-Path -Path "$JCScriptRoot/JumpCloud.Radius.psd1"))
+                $PSScriptRoot = $JCRScriptRoot
+            } while (-not (Test-Path -Path "$JCRScriptRoot/JumpCloud.Radius.psd1"))
 
         }
-        $Private = @( Get-ChildItem -Path "$JCScriptRoot/Functions/Private/*.ps1" -Recurse)
+        $Private = @( Get-ChildItem -Path "$JCRScriptRoot/Functions/Private/*.ps1" -Recurse)
         Foreach ($Import in $Private) {
             Try {
                 . $Import.FullName
@@ -107,8 +107,8 @@ Describe 'Module Update' -Tag "Module" {
         }
 
         # Now publish the JumpCloud.Radius module to the local repo
-        $devModulePath = "$JCScriptRoot"
-        $psd1Path = Join-Path $JCScriptRoot "JumpCloud.Radius.psd1"
+        $devModulePath = "$JCRScriptRoot"
+        $psd1Path = Join-Path $JCRScriptRoot "JumpCloud.Radius.psd1"
         $Psd1 = Import-PowerShellDataFile -Path:("$psd1Path")
         $moduleVersion = $Psd1.ModuleVersion
         $radiusModule = "JumpCloud.Radius"
@@ -204,6 +204,37 @@ Describe 'Module Update' -Tag "Module" {
             foreach ($property in $configFileBefore.PSObject.Properties) {
                 $configFileAfter.$($property.Name).value | Should -Be $property.value.value
             }
+
+            # Validate that the extension files in /Extensions are updated from JCRConfig
+            # print the $JCRScriptRoot
+            Write-Host "JCRScriptRoot: $JCRScriptRoot"
+            $extensionsDir = Join-Path $JCRScriptRoot "Extensions"
+            Write-Host "Extensions Directory: $extensionsDir"
+            # Validate the extension files exist:
+            $extensionsFiles = Get-ChildItem -Path (Resolve-Path -Path $extensionsDir) -Filter "extensions-*.cnf"
+            $extensionsFiles | Should -Not -BeNullOrEmpty
+            foreach ($file in $extensionsFiles) {
+                Write-Host "Found extension file: $($file.FullName)"
+                $fileContent = Get-Content -Path $file.FullName -Raw
+                # Validate that the file contains the expected headers
+                $expectedHeaders = @(
+                    "C = $($global:JCRConfig.certSubjectHeaderCountryCode.value)",
+                    "ST = $($global:JCRConfig.certSubjectHeaderStateCode.value)",
+                    "L = $($global:JCRConfig.certSubjectHeaderLocality.value)",
+                    "O = $($global:JCRConfig.certSubjectHeaderOrganization.value)",
+                    "OU = $($global:JCRConfig.certSubjectHeaderOrganizationUnit.value)",
+                    "CN = $($global:JCRConfig.certSubjectHeaderCommonName.value)"
+                )
+                foreach ($header in $expectedHeaders) {
+                    $fileContent | Should -Match $header
+                }
+            }
+            # Validate that the extensions files are valid with the function
+            $extensionsValid = Test-JCRExtensionFile
+            $extensionsValid | Should -BeTrue
+
+
+
         }
     }
     AfterAll {
diff --git a/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
index 637d06c15..7e02f54e1 100644
--- a/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
@@ -1,7 +1,7 @@
 Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
     BeforeAll {
         # Load all functions from private folders
-        $Private = @( Get-ChildItem -Path "$JCScriptRoot/Functions/Private/*.ps1" -Recurse)
+        $Private = @( Get-ChildItem -Path "$JCRScriptRoot/Functions/Private/*.ps1" -Recurse)
         Foreach ($Import in $Private) {
             Try {
                 . $Import.FullName
@@ -216,7 +216,7 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
         }
         It 'EmailSAN certs are created and command generated with correct identifiers' {
             # Set config
-            $configPath = "$JCScriptRoot/Config.ps1"
+            $configPath = "$JCRScriptRoot/Config.ps1"
             $content = Get-Content -path $configPath
             # set the user cert validity to just 10 days
             Set-JCRConfigFile -certType "EmailSAN"
@@ -250,7 +250,7 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
         }
         It 'EmailDN certs are created and command generated with correct identifiers' {
             # Set config
-            $configPath = "$JCScriptRoot/Config.ps1"
+            $configPath = "$JCRScriptRoot/Config.ps1"
             $content = Get-Content -path $configPath
             # set the cert type
             Set-JCRConfigFile -certType "EmailDN"
@@ -280,7 +280,7 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
         }
         It 'UsernameCn certs are created and command generated with correct identifiers' {
             # Set config
-            $configPath = "$JCScriptRoot/Config.ps1"
+            $configPath = "$JCRScriptRoot/Config.ps1"
             $content = Get-Content -path $configPath
             # set the cert type
             Set-JCRConfigFile -certType "usernameCn"
@@ -311,7 +311,7 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
         }
         AfterAll {
             # Set config
-            $configPath = "$JCScriptRoot/Config.ps1"
+            $configPath = "$JCRScriptRoot/Config.ps1"
             $content = Get-Content -path $configPath
             # set the cert type
             Set-JCRConfigFile -certType "usernameCn"
diff --git a/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1
index 41ff6acdc..9a1cb7142 100644
--- a/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1
@@ -1,7 +1,7 @@
 Describe 'Generate User Cert Tests' -Tag "GenerateUserCerts" {
     BeforeAll {
         # Load all functions from private folders
-        $Private = @( Get-ChildItem -Path "$JCScriptRoot/Functions/Private/*.ps1" -Recurse)
+        $Private = @( Get-ChildItem -Path "$JCRScriptRoot/Functions/Private/*.ps1" -Recurse)
         Foreach ($Import in $Private) {
             Try {
                 . $Import.FullName
@@ -80,10 +80,10 @@ Describe 'Generate User Cert Tests' -Tag "GenerateUserCerts" {
     Context 'Certs generated for users who have certs that are about set to expire soon' {
         BeforeAll {
             # import necessary functions:
-            . "$JCScriptRoot/Functions/Private/CertDeployment/Get-CertInfo.ps1"
-            . "$JCScriptRoot/Functions/Private/CertDeployment/Get-ExpiringCertInfo.ps1"
+            . "$JCRScriptRoot/Functions/Private/CertDeployment/Get-CertInfo.ps1"
+            . "$JCRScriptRoot/Functions/Private/CertDeployment/Get-ExpiringCertInfo.ps1"
             # Set config
-            $configPath = "$JCScriptRoot/Config.ps1"
+            $configPath = "$JCRScriptRoot/Config.ps1"
             $content = Get-Content -Path $configPath
             # set the user cert validity to just 10 days
             Set-JCRConfigFile -userCertValidityDays 10

From 2e7d1a398edceafe3c82aab93f0c9946d0315669 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Fri, 13 Jun 2025 09:41:18 -0600
Subject: [PATCH 286/346] clean up write-hosts

---
 .../Functions/Private/CertDeployment/Get-CertInfo.ps1  | 10 ----------
 .../Radius/Functions/Public/Get-JCRGlobalVars.ps1      |  1 -
 2 files changed, 11 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1 b/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1
index 9493d2955..b5f66ee8b 100644
--- a/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1
@@ -22,24 +22,14 @@ function Get-CertInfo {
             # Find all userCert paths
             if ($username) {
                 $foundCerts = Resolve-Path -Path "$($global:JCRConfig.radiusDirectory.value)/UserCerts/$username-$($global:JCRConfig.certType.value)*.crt" -ErrorAction SilentlyContinue
-                # print the number of Radius Members in the Array
-                if ($foundCerts) {
-                    Write-Host "Found $($foundCerts.Count) Radius Member certificate(s) for user: $username"
-                } else {
-                    Write-Warning "No Radius Member certificate found for user: $username"
-                    Write-Warning "location: $($global:JCRConfig.radiusDirectory.value)/UserCerts/$username-$($global:JCRConfig.certType.value)*.crt"
-                }
 
             } else {
                 $foundCerts = New-Object System.Collections.ArrayList
-                # print the number of Radius Members in the Array
-                Write-Host "Found $($global:JCRRadiusMembers.username.Count) Radius Members in the Array"
                 $global:JCRRadiusMembers.username | ForEach-Object {
                     $foundCert = Resolve-Path -Path "$($global:JCRConfig.radiusDirectory.value)/UserCerts/$_-$($global:JCRConfig.certType.value)*.crt" -ErrorAction SilentlyContinue
                     if ($foundCert) {
                         $foundCerts.Add($foundCert) | Out-Null
                     } else {
-
                         Write-Warning "No Radius Member certificate found for user: $_"
                         Write-Warning "location: $($global:JCRConfig.radiusDirectory.value)/UserCerts/$_-$($global:JCRConfig.certType.value)*.crt"
                     }
diff --git a/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1 b/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
index fbfbda125..45eae4c79 100644
--- a/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
+++ b/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
@@ -126,7 +126,6 @@ function Get-JCRGlobalVars {
         }
     }
     process {
-        Write-Host "begin Get-JCRGlobalVars"
         switch ($update) {
             $true {
                 # update the global variables

From 9f9785add5c60a459208295020b1f57ffcde5e95 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Fri, 13 Jun 2025 10:38:08 -0600
Subject: [PATCH 287/346] validate user and cert dir

---
 .../Config/Test-JCRRadiusDirectory.ps1        | 41 +++++++++++++++++++
 .../Config/Validate-JCRRadiusDirectory.ps1    |  0
 2 files changed, 41 insertions(+)
 create mode 100644 scripts/automation/Radius/Functions/Private/Config/Test-JCRRadiusDirectory.ps1
 delete mode 100644 scripts/automation/Radius/Functions/Private/Config/Validate-JCRRadiusDirectory.ps1

diff --git a/scripts/automation/Radius/Functions/Private/Config/Test-JCRRadiusDirectory.ps1 b/scripts/automation/Radius/Functions/Private/Config/Test-JCRRadiusDirectory.ps1
new file mode 100644
index 000000000..12cb726a5
--- /dev/null
+++ b/scripts/automation/Radius/Functions/Private/Config/Test-JCRRadiusDirectory.ps1
@@ -0,0 +1,41 @@
+function Test-JCRRadiusDirectory {
+    [CmdletBinding()]
+    param (
+        [Parameter(Mandatory = $true)]
+        [string]$Path
+    )
+
+    # Resolve the full path
+    $resolvedPath = Resolve-Path -Path $Path -ErrorAction SilentlyContinue
+
+    if (-not $resolvedPath) {
+        Write-Error "The path '$Path' does not exist."
+        return $false
+    }
+
+    if (-not (Test-Path -Path $resolvedPath -PathType Container)) {
+        Write-Error "The path '$resolvedPath' is not a directory."
+        return $false
+    }
+
+    $certDir = Join-Path $resolvedPath "Cert"
+    $userCertsDir = Join-Path $resolvedPath "UserCerts"
+
+    $certExists = Test-Path -Path $certDir -PathType Container
+    $userCertsExists = Test-Path -Path $userCertsDir -PathType Container
+
+    if (-not $certExists) {
+        Write-Host "The directory 'Cert' does not exist in '$resolvedPath'."
+        # create the directory if it does not exist
+        New-Item -Path $certDir -ItemType Directory | Out-Null
+        Write-Host "Created directory 'Cert' in '$resolvedPath'."
+    }
+    if (-not $userCertsExists) {
+        Write-Host "The directory 'UserCerts' does not exist in '$resolvedPath'."
+        # create the directory if it does not exist
+        New-Item -Path $userCertsDir -ItemType Directory | Out-Null
+        Write-Host "Created directory 'UserCerts' in '$resolvedPath'."
+    }
+
+    return $true
+}
\ No newline at end of file
diff --git a/scripts/automation/Radius/Functions/Private/Config/Validate-JCRRadiusDirectory.ps1 b/scripts/automation/Radius/Functions/Private/Config/Validate-JCRRadiusDirectory.ps1
deleted file mode 100644
index e69de29bb..000000000

From 4b01266b702003e2062ee6d86ebe775369c13bf7 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Fri, 13 Jun 2025 10:48:47 -0600
Subject: [PATCH 288/346] validate radius dir outside module path

---
 .../Functions/Private/Config/Test-JCRRadiusDirectory.ps1  | 7 +++++++
 .../Radius/Functions/Public/Config/Set-JCRConfigFile.ps1  | 7 +++++++
 scripts/automation/Radius/Tests/SetupRadiusOrg.ps1        | 8 +++++++-
 3 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/scripts/automation/Radius/Functions/Private/Config/Test-JCRRadiusDirectory.ps1 b/scripts/automation/Radius/Functions/Private/Config/Test-JCRRadiusDirectory.ps1
index 12cb726a5..d4c8814a9 100644
--- a/scripts/automation/Radius/Functions/Private/Config/Test-JCRRadiusDirectory.ps1
+++ b/scripts/automation/Radius/Functions/Private/Config/Test-JCRRadiusDirectory.ps1
@@ -18,6 +18,13 @@ function Test-JCRRadiusDirectory {
         return $false
     }
 
+    # validate that the $resolvedPath is not the same as the JCRScriptRoot
+    Write-Warning "Resolved path: $resolvedPath | JCRScriptRoot: $global:JCRScriptRoot"
+    if ("$resolvedPath" -eq $($global:JCRScriptRoot)) {
+        Write-Error "The path '$resolvedPath' cannot be the same as the JCRScriptRoot. This could lead to certificate data loss if the module is updated or reinstalled. Please set the 'RadiusDirectory' to different directory.`nSet-JCRConfigFile -RadiusDirectory '<Path/To/radiusDirectory>'"
+        return $false
+    }
+
     $certDir = Join-Path $resolvedPath "Cert"
     $userCertsDir = Join-Path $resolvedPath "UserCerts"
 
diff --git a/scripts/automation/Radius/Functions/Public/Config/Set-JCRConfigFile.ps1 b/scripts/automation/Radius/Functions/Public/Config/Set-JCRConfigFile.ps1
index 6ad581084..a6b1d2ae7 100644
--- a/scripts/automation/Radius/Functions/Public/Config/Set-JCRConfigFile.ps1
+++ b/scripts/automation/Radius/Functions/Public/Config/Set-JCRConfigFile.ps1
@@ -59,6 +59,13 @@ function Set-JCRConfigFile {
         $params = $PSBoundParameters
         # update config settings
         foreach ($param in $params.Keys) {
+            # validate the parameters
+            switch ($param) {
+                'radiusDirectory' {
+                    # validate the directory
+                    Test-JCRRadiusDirectory -Path $params[$param]
+                }
+            }
             # set the value of the config setting to the value passed into this function
             $global:JCRConfig.$param.value = $params[$param]
 
diff --git a/scripts/automation/Radius/Tests/SetupRadiusOrg.ps1 b/scripts/automation/Radius/Tests/SetupRadiusOrg.ps1
index 20f3cab3c..c89200deb 100644
--- a/scripts/automation/Radius/Tests/SetupRadiusOrg.ps1
+++ b/scripts/automation/Radius/Tests/SetupRadiusOrg.ps1
@@ -53,6 +53,12 @@ $env:certKeyPassword = "testCertificate123!@#"
 # update config:
 Write-Warning "Updating Config File"
 
+# Create a new Radius directory
+$radiusDirectory = Join-Path -Path $HOME -ChildPath "RADIUS"
+if (-Not (Test-Path -Path $radiusDirectory)) {
+    New-Item -ItemType Directory -Path $radiusDirectory | Out-Null
+}
+
 # Update the userGroupID:
 $settings = @{
     certSubjectHeaderCommonName       = "JumpCloud.com"
@@ -63,7 +69,7 @@ $settings = @{
     certSubjectHeaderCountryCode      = "US"
     certSubjectHeaderStateCode        = "CO"
     certSubjectHeaderLocality         = "Boulder"
-    radiusDirectory                   = "$(Resolve-Path $PSScriptRoot/../)"
+    radiusDirectory                   = "$(Resolve-Path $HOME/RADIUS)"
     networkSSID                       = "TP-Link_SSID"
     userGroup                         = $radiusUserGroup.id
     openSSLBinary                     = 'openssl'

From a41d2c78dab21f5d2eda8ca06a7e520bf633a215 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Fri, 13 Jun 2025 10:55:05 -0600
Subject: [PATCH 289/346] create radius directory if it does not exist

---
 .../Radius/Tests/ModuleValidation/ModuleVersion.Tests.ps1    | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/scripts/automation/Radius/Tests/ModuleValidation/ModuleVersion.Tests.ps1 b/scripts/automation/Radius/Tests/ModuleValidation/ModuleVersion.Tests.ps1
index 75a49c528..b796da6dd 100644
--- a/scripts/automation/Radius/Tests/ModuleValidation/ModuleVersion.Tests.ps1
+++ b/scripts/automation/Radius/Tests/ModuleValidation/ModuleVersion.Tests.ps1
@@ -29,6 +29,11 @@ Describe "Module Version Tests" -Tag "ModuleValidation" {
             $global:JCRConfig.userGroup.value | Should -Be $null
         }
         It "Setting the settings to some series of values should not throw an error" {
+            # First create a new radiusDirectory
+            $radiusDirectory = Join-Path -Path $HOME -ChildPath "RADIUS"
+            if (-Not (Test-Path -Path $radiusDirectory)) {
+                New-Item -ItemType Directory -Path $radiusDirectory | Out-Null
+            }
             $settings = @{
                 certSubjectHeaderCommonName       = "JumpCloud.com"
                 certType                          = "UsernameCn"

From a573dc822fc42616b376d4b522ebd71bc8e5eacf Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Fri, 13 Jun 2025 11:10:12 -0600
Subject: [PATCH 290/346] write-hosts

---
 .../Private/CertDeployment/Deploy-UserCertificate.ps1       | 4 ++--
 .../Functions/Private/CertDeployment/Get-CertInfo.ps1       | 6 +-----
 .../Private/CertGeneration/Invoke-UserCertProcess.ps1       | 2 +-
 .../Radius/Functions/Public/Start-DeployUserCerts.ps1       | 2 +-
 .../Radius/Tests/Public/Module/Update-JCRModule.Tests.ps1   | 3 +--
 5 files changed, 6 insertions(+), 11 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1 b/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
index 065813b2e..049cac0a9 100644
--- a/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertDeployment/Deploy-UserCertificate.ps1
@@ -73,8 +73,8 @@ function Deploy-UserCertificate {
     process {
         foreach ($user in $userObject) {
             ## first determine if the local cert sha is the same as the cert sha in the admin console:
-            Write-Warning "processing user: $($user.username)"
-            Write-Warning "user: $user"
+            # Write-Warning "processing user: $($user.username)"
+            # Write-Warning "user: $user"
 
             # Get the commands for this user:
             $radiusCommandsByUser = Get-CommandByUsername -username $user.username
diff --git a/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1 b/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1
index b5f66ee8b..99fdab862 100644
--- a/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertDeployment/Get-CertInfo.ps1
@@ -29,11 +29,7 @@ function Get-CertInfo {
                     $foundCert = Resolve-Path -Path "$($global:JCRConfig.radiusDirectory.value)/UserCerts/$_-$($global:JCRConfig.certType.value)*.crt" -ErrorAction SilentlyContinue
                     if ($foundCert) {
                         $foundCerts.Add($foundCert) | Out-Null
-                    } else {
-                        Write-Warning "No Radius Member certificate found for user: $_"
-                        Write-Warning "location: $($global:JCRConfig.radiusDirectory.value)/UserCerts/$_-$($global:JCRConfig.certType.value)*.crt"
                     }
-
                 }
             }
         }
@@ -43,7 +39,7 @@ function Get-CertInfo {
     process {
         # If no cert is found, return null
         if (!$foundCerts) {
-            Write-Warning "No certificates found in $($global:JCRConfig.radiusDirectory.value)/Cert or $($global:JCRConfig.radiusDirectory.value)/UserCerts"
+            # Write-Warning "No certificates found in $($global:JCRConfig.radiusDirectory.value)/Cert or $($global:JCRConfig.radiusDirectory.value)/UserCerts"
             $certHash = $null
         } else {
             if ($RootCA) {
diff --git a/scripts/automation/Radius/Functions/Private/CertGeneration/Invoke-UserCertProcess.ps1 b/scripts/automation/Radius/Functions/Private/CertGeneration/Invoke-UserCertProcess.ps1
index 50bffb567..e501a87f2 100644
--- a/scripts/automation/Radius/Functions/Private/CertGeneration/Invoke-UserCertProcess.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertGeneration/Invoke-UserCertProcess.ps1
@@ -78,7 +78,7 @@ Function Invoke-UserCertProcess {
     process {
         # if writeCert, generate the cert
         if ($writeCert) {
-            Generate-UserCert -CertType $($global:JCRConfig.certType.value) -user $MatchedUser -rootCAKey (Resolve-Path -path "$($global:JCRConfig.radiusDirectory.value)/Cert/radius_ca_key.pem") -rootCA (Resolve-Path -path "$($global:JCRConfig.radiusDirectory.value)/Cert/radius_ca_cert.pem") # 2>&1 | out-null
+            Generate-UserCert -CertType $($global:JCRConfig.certType.value) -user $MatchedUser -rootCAKey (Resolve-Path -path "$($global:JCRConfig.radiusDirectory.value)/Cert/radius_ca_key.pem") -rootCA (Resolve-Path -path "$($global:JCRConfig.radiusDirectory.value)/Cert/radius_ca_cert.pem") 2>&1 | out-null
             # validate that the cert was written correctly:
             #TODO: validate and return as variable
 
diff --git a/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1 b/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1
index 58805d5c6..b9ea09175 100644
--- a/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1
+++ b/scripts/automation/Radius/Functions/Public/Start-DeployUserCerts.ps1
@@ -282,7 +282,7 @@ function Start-DeployUserCerts {
                     $userObject, $userIndex = Get-UserFromTable -userID $confirmUser.id
                     # Add user to a list for processing
                     $UserSelectionArray = $userArray[$userIndex]
-                    write-warning "Selected User: $($UserSelectionArray.username) with userID: $($UserSelectionArray.userID)"
+                    # write-warning "Selected User: $($UserSelectionArray.username) with userID: $($UserSelectionArray.userID)"
                     # Process existing commands/ Generate new commands/ Deploy new Certificate
                     switch ($PSCmdlet.ParameterSetName) {
                         'gui' {
diff --git a/scripts/automation/Radius/Tests/Public/Module/Update-JCRModule.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Module/Update-JCRModule.Tests.ps1
index 14e94f347..23a3414ac 100644
--- a/scripts/automation/Radius/Tests/Public/Module/Update-JCRModule.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Module/Update-JCRModule.Tests.ps1
@@ -1,8 +1,7 @@
 Describe 'Module Update' -Tag "Module" {
     BeforeAll {
         # Load all functions from private folders
-        Write-host "script root: $($JCRScriptRoot)"
-        if (-not (test-path -path $JCRScriptRoot -erroraction silentlycontinue)) {
+        if (-not (test-path -path $JCRScriptRoot -errorAction silentlyContinue)) {
             write-host "JCRScriptRoot not set, setting it to the parent directory of the script root"
 
             # until we've found the correct parent path traversing up the directory tree

From 8a2a473b7ef8832a38b36939d68dded381917076 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Mon, 16 Jun 2025 13:54:42 -0600
Subject: [PATCH 291/346] module name for Build-HelpFiles

---
 PowerShell/Deploy/Build-HelpFiles.ps1 | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/PowerShell/Deploy/Build-HelpFiles.ps1 b/PowerShell/Deploy/Build-HelpFiles.ps1
index 5bce8cffe..78ad17128 100755
--- a/PowerShell/Deploy/Build-HelpFiles.ps1
+++ b/PowerShell/Deploy/Build-HelpFiles.ps1
@@ -220,8 +220,8 @@ Try {
           <dev:defaultValue>None</dev:defaultValue>
         </command:parameter>
 "@
-    (Get-Content -Path "$FolderPath_enUS/JumpCloud-help.xml" -Raw).Replace($ProgressActionXML1, '') | Set-Content "$FolderPath_enUS/JumpCloud-help.xml"
-    (Get-Content -Path "$FolderPath_enUS/JumpCloud-help.xml" -Raw).Replace($ProgressActionXML2, '') | Set-Content "$FolderPath_enUS/JumpCloud-help.xml"
+    (Get-Content -Path "$FolderPath_enUS/$ModuleName-help.xml" -Raw).Replace($ProgressActionXML1, '') | Set-Content "$FolderPath_enUS/$ModuleName-help.xml"
+    (Get-Content -Path "$FolderPath_enUS/$ModuleName-help.xml" -Raw).Replace($ProgressActionXML2, '') | Set-Content "$FolderPath_enUS/$ModuleName-help.xml"
 } Catch {
     Write-Error ($_)
 }

From d78ba2393ce53769d06515859108d68aa37faa4a Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Mon, 16 Jun 2025 14:07:30 -0600
Subject: [PATCH 292/346] deploy first pass

---
 .../Private/Settings/Set-JCRSettingsFile.ps1  |   97 --
 .../automation/Radius/JumpCloud.Radius.psd1   |  169 +-
 .../Radius/deploy/BuildNuspecFromPsd1.ps1     |  193 +++
 scripts/automation/Radius/deploy/build.ps1    |   52 +
 .../deploy/output/JumpCloud.Radius.nuspec     |   27 +
 .../Radius/docs/Get-JCRCertReport.md          |   59 +
 .../Radius/docs/Get-JCRGlobalVars.md          |  105 ++
 .../Radius/docs/JumpCloud.Radius.md           |   41 +
 .../Radius/docs/Set-JCRConfigFile.md          |  290 ++++
 .../Radius/docs/Start-DeployUserCerts.md      |  112 ++
 .../Radius/docs/Start-GenerateRootCert.md     |   97 ++
 .../Radius/docs/Start-GenerateUserCerts.md    |  100 ++
 .../docs/Start-MonitorCertDeployment.md       |   44 +
 .../Radius/docs/Start-RadiusDeployment.md     |   44 +
 .../Radius/docs/Update-JCRModule.md           |   74 +
 .../Radius/docs/about_JumpCloud.Radius.md     |   57 +
 .../Radius/en-Us/JumpCloud.Radius-help.xml    | 1356 +++++++++++++++++
 .../en-Us/about_JumpCloud.Radius.help.txt     |   52 +
 18 files changed, 2788 insertions(+), 181 deletions(-)
 delete mode 100644 scripts/automation/Radius/Functions/Private/Settings/Set-JCRSettingsFile.ps1
 create mode 100644 scripts/automation/Radius/deploy/BuildNuspecFromPsd1.ps1
 create mode 100644 scripts/automation/Radius/deploy/build.ps1
 create mode 100644 scripts/automation/Radius/deploy/output/JumpCloud.Radius.nuspec
 create mode 100644 scripts/automation/Radius/docs/Get-JCRCertReport.md
 create mode 100644 scripts/automation/Radius/docs/Get-JCRGlobalVars.md
 create mode 100644 scripts/automation/Radius/docs/JumpCloud.Radius.md
 create mode 100644 scripts/automation/Radius/docs/Set-JCRConfigFile.md
 create mode 100644 scripts/automation/Radius/docs/Start-DeployUserCerts.md
 create mode 100644 scripts/automation/Radius/docs/Start-GenerateRootCert.md
 create mode 100644 scripts/automation/Radius/docs/Start-GenerateUserCerts.md
 create mode 100644 scripts/automation/Radius/docs/Start-MonitorCertDeployment.md
 create mode 100644 scripts/automation/Radius/docs/Start-RadiusDeployment.md
 create mode 100644 scripts/automation/Radius/docs/Update-JCRModule.md
 create mode 100644 scripts/automation/Radius/docs/about_JumpCloud.Radius.md
 create mode 100644 scripts/automation/Radius/en-Us/JumpCloud.Radius-help.xml
 create mode 100644 scripts/automation/Radius/en-Us/about_JumpCloud.Radius.help.txt

diff --git a/scripts/automation/Radius/Functions/Private/Settings/Set-JCRSettingsFile.ps1 b/scripts/automation/Radius/Functions/Private/Settings/Set-JCRSettingsFile.ps1
deleted file mode 100644
index fd7f24ee6..000000000
--- a/scripts/automation/Radius/Functions/Private/Settings/Set-JCRSettingsFile.ps1
+++ /dev/null
@@ -1,97 +0,0 @@
-function Set-JCRSettingsFile {
-    [CmdletBinding()]
-    param (
-    )
-    DynamicParam {
-        $ModuleRoot = (Get-Item -Path:($JCRScriptRoot))
-        $configFilePath = join-path -path $ModuleRoot -childpath 'settings.json'
-
-
-        if (test-path -path $configFilePath) {
-            $config = Get-Content -Path $configFilePath | ConvertFrom-Json
-            # Create the dictionary
-            $RuntimeParameterDictionary = New-Object System.Management.Automation.RuntimeDefinedParameterDictionary
-            # Foreach key in the supplied config file:
-            foreach ($key in $config.PSObject.Properties) {
-                foreach ($item in $config.($key.Name).PSObject.Properties) {
-                    # Skip create dynamic params for these not-writable properties:
-                    if (($config.($key.Name).($item.Name).Write -eq $false)) {
-                        continue
-                    }
-                    # Set the dynamic parameters' name
-                    # write-host "adding dynamic param: $key$($item) $($config[$key][$item]['value'].getType().Name)"
-                    $ParamName_Filter = "$($key.Name)$($item.Name)"
-                    # Create the collection of attributes
-                    $AttributeCollection = New-Object System.Collections.ObjectModel.Collection[System.Attribute]
-                    # If ValidateSet is specified in the config file, set the value here:
-                    if ($config.($key.Name).($item.Name).validateSet) {
-                        $arrSet = @($($config.($key.Name).($item.Name).'validateSet').split())
-                        $ValidateSetAttribute = New-Object System.Management.Automation.ValidateSetAttribute($arrSet)
-                        $AttributeCollection.Add($ValidateSetAttribute)
-                    }
-                    # If the type of value is a bool, create a custom validateSet attribute here:
-                    $paramType = $($config.($key.Name).($item.Name)).getType().Name
-                    if ($paramType -eq 'boolean') {
-                        $arrSet = @("true", "false")
-                        $ValidateSetAttribute = New-Object System.Management.Automation.ValidateSetAttribute($arrSet)
-                        $AttributeCollection.Add($ValidateSetAttribute)
-                    }
-                    # Create and set the parameters' attributes
-                    $ParameterAttribute = New-Object System.Management.Automation.ParameterAttribute
-                    $ParameterAttribute.Mandatory = $false
-                    $ParameterAttribute.HelpMessage = "sets the $($item) settings for the $($key) feature"
-                    # Add the attributes to the attributes collection
-                    $AttributeCollection.Add($ParameterAttribute)
-                    # Add the param
-                    $RuntimeParameter = New-Object System.Management.Automation.RuntimeDefinedParameter($ParamName_Filter, $paramType, $AttributeCollection)
-                    $RuntimeParameterDictionary.Add($ParamName_Filter, $RuntimeParameter)
-                }
-            }
-            # Returns the dictionary
-            return $RuntimeParameterDictionary
-        }
-    }
-    begin {
-
-        # Config should be in /PowerShell/JumpCloudModule/Config.json
-        $ModuleRoot = (Get-Item -Path:($JCRScriptRoot))
-        $configFilePath = join-path -path $ModuleRoot -childpath 'settings.json'
-
-        if (test-path -path $configFilePath) {
-            $config = Get-Content -Path $configFilePath | ConvertFrom-Json
-        } else {
-            New-JCSettingsFile
-            $config = Get-Content -Path $configFilePath | ConvertFrom-Json
-        }
-    }
-
-    process {
-        $params = $PSBoundParameters
-        # update config settings
-        foreach ($param in $params.Keys) {
-            foreach ($key in $config.PSObject.Properties) {
-                if ($param -match $key.Name) {
-                    # Split the name
-                    $ParamKey = $param -split $key.Name
-                    # assign the first group
-                    $config.($($key.Name)).($paramKey[1]).value = $params[$param]
-                }
-            }
-        }
-        # # Re-Calculate Parallel Settings:
-        # if (($config.'parallel'.'Override' -eq $true) -And (($config.'parallel'.'Eligible' -eq $true))) {
-        #     $config.'parallel'.'Calculated' = $false
-        # } elseif (($config.'parallel'.'Override'.'value' -eq $false) -And (($config.'parallel'.'Eligible'.'value' -eq $true))) {
-        #     $config.'parallel'.'Calculated'.'value' = $true
-        # } else {
-        #     $config.'parallel'.'Calculated'.'value' = $false
-        # }
-    }
-
-    end {
-        # Write out the new settings
-        $config | ConvertTo-Json | Out-File -FilePath $configFilePath
-        # Update Global Variable
-        $global:JCRConfig = Get-JCRConfigFile
-    }
-}
\ No newline at end of file
diff --git a/scripts/automation/Radius/JumpCloud.Radius.psd1 b/scripts/automation/Radius/JumpCloud.Radius.psd1
index 6e3e217a6..a2802176c 100644
--- a/scripts/automation/Radius/JumpCloud.Radius.psd1
+++ b/scripts/automation/Radius/JumpCloud.Radius.psd1
@@ -1,134 +1,135 @@
 #
 # Module manifest for module 'JumpCloud.Radius'
 #
-# Generated by: JumpCloud Customer Tools
+# Generated by: JumpCloud Customer Tools Team
 #
-# Generated on: 6/2/2025
+# Generated on: 6/16/2025
 #
 
 @{
 
-    # Script module or binary module file associated with this manifest.
-    RootModule        = 'JumpCloud.Radius.psm1'
+# Script module or binary module file associated with this manifest.
+RootModule = 'JumpCloud.Radius.psm1'
 
-    # Version number of this module.
-    ModuleVersion     = '2.0.0'
+# Version number of this module.
+ModuleVersion = '2.0.0'
 
-    # Supported PSEditions
-    # CompatiblePSEditions = @()
+# Supported PSEditions
+# CompatiblePSEditions = @()
 
-    # ID used to uniquely identify this module
-    GUID              = '71bfaf58-3326-4512-9a7f-a2d9dc19d6b5'
+# ID used to uniquely identify this module
+GUID = '71bfaf58-3326-4512-9a7f-a2d9dc19d6b5'
 
-    # Author of this module
-    Author            = 'JumpCloud Customer Tools Team'
+# Author of this module
+Author = 'JumpCloud Customer Tools Team'
 
-    # Company or vendor of this module
-    CompanyName       = 'JumpCloud'
+# Company or vendor of this module
+CompanyName = 'JumpCloud'
 
-    # Copyright statement for this module
-    Copyright         = '(c) JumpCloud. All rights reserved.'
+# Copyright statement for this module
+Copyright = '(c) JumpCloud. All rights reserved.'
 
-    # Description of the functionality provided by this module
-    Description       = 'Module for managing JumpCloud Radius user certificates.'
+# Description of the functionality provided by this module
+Description = 'Module for managing JumpCloud Radius user certificates.'
 
-    # Minimum version of the PowerShell engine required by this module
-    PowerShellVersion = '7.0.0'
+# Minimum version of the PowerShell engine required by this module
+PowerShellVersion = '7.0.0'
 
-    # Name of the PowerShell host required by this module
-    # PowerShellHostName = ''
+# Name of the PowerShell host required by this module
+# PowerShellHostName = ''
 
-    # Minimum version of the PowerShell host required by this module
-    # PowerShellHostVersion = ''
+# Minimum version of the PowerShell host required by this module
+# PowerShellHostVersion = ''
 
-    # Minimum version of Microsoft .NET Framework required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
-    # DotNetFrameworkVersion = ''
+# Minimum version of Microsoft .NET Framework required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
+# DotNetFrameworkVersion = ''
 
-    # Minimum version of the common language runtime (CLR) required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
-    # ClrVersion = ''
+# Minimum version of the common language runtime (CLR) required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
+# ClrVersion = ''
 
-    # Processor architecture (None, X86, Amd64) required by this module
-    # ProcessorArchitecture = ''
+# Processor architecture (None, X86, Amd64) required by this module
+# ProcessorArchitecture = ''
 
-    # Modules that must be imported into the global environment prior to importing this module
-    RequiredModules   = @('JumpCloud')
+# Modules that must be imported into the global environment prior to importing this module
+RequiredModules = @('JumpCloud')
 
-    # Assemblies that must be loaded prior to importing this module
-    # RequiredAssemblies = @()
+# Assemblies that must be loaded prior to importing this module
+# RequiredAssemblies = @()
 
-    # Script files (.ps1) that are run in the caller's environment prior to importing this module.
-    # ScriptsToProcess = @()
+# Script files (.ps1) that are run in the caller's environment prior to importing this module.
+# ScriptsToProcess = @()
 
-    # Type files (.ps1xml) to be loaded when importing this module
-    # TypesToProcess = @()
+# Type files (.ps1xml) to be loaded when importing this module
+# TypesToProcess = @()
 
-    # Format files (.ps1xml) to be loaded when importing this module
-    # FormatsToProcess = @()
+# Format files (.ps1xml) to be loaded when importing this module
+# FormatsToProcess = @()
 
-    # Modules to import as nested modules of the module specified in RootModule/ModuleToProcess
-    # NestedModules = @()
+# Modules to import as nested modules of the module specified in RootModule/ModuleToProcess
+# NestedModules = @()
 
-    # Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export.
-    FunctionsToExport = 'Get-JCRCertReport', 'Get-JCRGlobalVars', 'Start-DeployUserCerts',
-    'Start-GenerateRootCert', 'Start-GenerateUserCerts',
-    'Start-MonitorCertDeployment', 'Start-RadiusDeployment',
-    'Set-JCRConfigFile', 'Update-JCRModule'
+# Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export.
+FunctionsToExport = 'Get-JCRCertReport', 'Get-JCRGlobalVars', 'Start-DeployUserCerts', 
+               'Start-GenerateRootCert', 'Start-GenerateUserCerts', 
+               'Start-MonitorCertDeployment', 'Start-RadiusDeployment', 
+               'Set-JCRConfigFile', 'Update-JCRModule'
 
-    # Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export.
-    CmdletsToExport   = @()
+# Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export.
+CmdletsToExport = @()
 
-    # Variables to export from this module
-    VariablesToExport = '*'
+# Variables to export from this module
+VariablesToExport = '*'
 
-    # Aliases to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no aliases to export.
-    AliasesToExport   = @()
+# Aliases to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no aliases to export.
+AliasesToExport = @()
 
-    # DSC resources to export from this module
-    # DscResourcesToExport = @()
+# DSC resources to export from this module
+# DscResourcesToExport = @()
 
-    # List of all modules packaged with this module
-    # ModuleList = @()
+# List of all modules packaged with this module
+# ModuleList = @()
 
-    # List of all files packaged with this module
-    # FileList = @()
+# List of all files packaged with this module
+# FileList = @()
 
-    # Private data to pass to the module specified in RootModule/ModuleToProcess. This may also contain a PSData hashtable with additional module metadata used by PowerShell.
-    PrivateData       = @{
+# Private data to pass to the module specified in RootModule/ModuleToProcess. This may also contain a PSData hashtable with additional module metadata used by PowerShell.
+PrivateData = @{
 
-        PSData = @{
+    PSData = @{
 
-            # Tags applied to this module. These help with module discovery in online galleries.
-            # Tags = @()
+        # Tags applied to this module. These help with module discovery in online galleries.
+        # Tags = @()
 
-            # A URL to the license for this module.
-            # LicenseUri = ''
+        # A URL to the license for this module.
+        # LicenseUri = ''
 
-            # A URL to the main website for this project.
-            # ProjectUri = ''
+        # A URL to the main website for this project.
+        # ProjectUri = ''
 
-            # A URL to an icon representing this module.
-            # IconUri = ''
+        # A URL to an icon representing this module.
+        # IconUri = ''
 
-            # ReleaseNotes of this module
-            # ReleaseNotes = ''
+        # ReleaseNotes of this module
+        # ReleaseNotes = ''
 
-            # Prerelease string of this module
-            # Prerelease = ''
+        # Prerelease string of this module
+        # Prerelease = ''
 
-            # Flag to indicate whether the module requires explicit user acceptance for install/update/save
-            # RequireLicenseAcceptance = $false
+        # Flag to indicate whether the module requires explicit user acceptance for install/update/save
+        # RequireLicenseAcceptance = $false
 
-            # External dependent modules of this module
-            # ExternalModuleDependencies = @()
+        # External dependent modules of this module
+        # ExternalModuleDependencies = @()
 
-        } # End of PSData hashtable
-    } # End of PrivateData hashtable
+    } # End of PSData hashtable
 
-    # HelpInfo URI of this module
-    # HelpInfoURI = ''
+} # End of PrivateData hashtable
 
-    # Default prefix for commands exported from this module. Override the default prefix using Import-Module -Prefix.
-    # DefaultCommandPrefix = ''
+# HelpInfo URI of this module
+# HelpInfoURI = ''
+
+# Default prefix for commands exported from this module. Override the default prefix using Import-Module -Prefix.
+# DefaultCommandPrefix = ''
 
 }
 
diff --git a/scripts/automation/Radius/deploy/BuildNuspecFromPsd1.ps1 b/scripts/automation/Radius/deploy/BuildNuspecFromPsd1.ps1
new file mode 100644
index 000000000..935db04bc
--- /dev/null
+++ b/scripts/automation/Radius/deploy/BuildNuspecFromPsd1.ps1
@@ -0,0 +1,193 @@
+
+# $nuspecFiles = @{ src = 'en-Us/**;Private/**;Public/**;JumpCloud.psd1;JumpCloud.psm1;LICENSE'; }
+$nuspecFiles = @(
+    @{src = "en-Us/**/*.*"; target = "en-Us" },
+    @{src = "Functions/Public/**/*.*"; target = "Public" },
+    @{src = "Functions/Private/**/*.*"; target = "Private" },
+    @{src = "JumpCloud.Radius.psd1" },
+    @{src = "JumpCloud.Radius.psm1" },
+    @{src = "LICENSE" }
+)
+# Adapted from PowerShell Get
+# https://github.com/PowerShell/PowerShellGetv2/blob/7de99ee0c38611556e5c583ffaca98bb1922a0d4/src/PowerShellGet/private/functions/New-NuspecFile.ps1
+function New-NuspecFile {
+    [CmdletBinding()]
+    Param(
+        [Parameter(Mandatory = $true)]
+        [string]$OutputPath,
+
+        [Parameter(Mandatory = $true)]
+        [string]$Id,
+
+        [Parameter(Mandatory = $true)]
+        [string]$Version,
+
+        [Parameter()]
+        [String]$buildNumber,
+
+        [Parameter(Mandatory = $true)]
+        [string]$Description,
+
+        [Parameter(Mandatory = $true)]
+        [string[]]$Authors,
+
+        [Parameter()]
+        [string[]]$Owners,
+
+        [Parameter()]
+        [string]$ReleaseNotes,
+
+        [Parameter()]
+        [bool]$RequireLicenseAcceptance,
+
+        [Parameter()]
+        [string]$Copyright,
+
+        [Parameter()]
+        [string[]]$Tags,
+
+        [Parameter()]
+        [string]$LicenseUrl,
+
+        [Parameter()]
+        [string]$ProjectUrl,
+
+        [Parameter()]
+        [string]$IconUrl,
+
+        [Parameter()]
+        [PSObject[]]$Dependencies,
+
+        [Parameter()]
+        [PSObject[]]$Files
+
+    )
+    Set-StrictMode -Off
+
+    Write-Verbose "Calling New-NuspecFile"
+
+    $nameSpaceUri = "http://schemas.microsoft.com/packaging/2011/08/nuspec.xsd"
+    [xml]$xml = New-Object System.Xml.XmlDocument
+
+    $xmlDeclaration = $xml.CreateXmlDeclaration("1.0", "utf-8", $null)
+    $xml.AppendChild($xmlDeclaration) | Out-Null
+
+    #create top-level elements
+    $packageElement = $xml.CreateElement("package", $nameSpaceUri)
+    $metaDataElement = $xml.CreateElement("metadata", $nameSpaceUri)
+    # warn we're over 4000 characters for standard nuget servers
+    $tagsString = $Tags -Join " "
+    if ($tagsString.Length -gt 4000) {
+        Write-Warning -Message "Tag list exceeded 4000 characters and may not be accepted by some Nuget feeds."
+    }
+
+    Write-Host "env:Source = $($env:Source)`r`nglobal:Source = $($global:Source)"
+    # Append buildNumber
+    if ($env:Source -eq "CodeArtifact") {
+        $date = (Get-Date).ToString("yyyyMMddHHmm")
+        # $BuildString = "build$($env:GITHUB_RUN_NUMBER)datetime$($date)"
+        $build = $($env:GITHUB_RUN_NUMBER)
+        $Version = $Version + ".$($build)" + "-$date"
+        Write-Host "Building Module Version: $Version"
+    } else {
+        Write-Host "Building Module Version: $Version"
+    }
+
+    $metaDataElementsHash = [ordered]@{
+        id                       = $Id
+        version                  = $Version
+        description              = $Description
+        authors                  = $Authors -Join ","
+        owners                   = $Owners -Join ","
+        releaseNotes             = $ReleaseNotes
+        requireLicenseAcceptance = $RequireLicenseAcceptance.ToString().ToLower()
+        copyright                = $Copyright
+        tags                     = $tagsString
+    }
+
+    if ($LicenseUrl) {
+        $metaDataElementsHash.Add("licenseUrl", $LicenseUrl)
+    }
+    if ($ProjectUrl) {
+        $metaDataElementsHash.Add("projectUrl", $ProjectUrl)
+    }
+    if ($IconUrl) {
+        $metaDataElementsHash.Add("iconUrl", $IconUrl)
+    }
+
+    foreach ($key in $metaDataElementsHash.Keys) {
+        $element = $xml.CreateElement($key, $nameSpaceUri)
+        $elementInnerText = $metaDataElementsHash.item($key)
+        $element.InnerText = $elementInnerText
+
+        $metaDataElement.AppendChild($element) | Out-Null
+    }
+
+
+    if ($Dependencies) {
+        $dependenciesElement = $xml.CreateElement("dependencies", $nameSpaceUri)
+
+        foreach ($dependency in $Dependencies) {
+            $element = $xml.CreateElement("dependency", $nameSpaceUri)
+            # $element.
+            $element.SetAttribute("id", $dependency)
+            if ($dependency.version) {
+                $element.SetAttribute("version", $dependency.version)
+            }
+
+            $dependenciesElement.AppendChild($element) | Out-Null
+        }
+        $metaDataElement.AppendChild($dependenciesElement) | Out-Null
+    }
+
+    if ($Files) {
+        $filesElement = $xml.CreateElement("files", $nameSpaceUri)
+
+        foreach ($file in $Files) {
+            $element = $xml.CreateElement("file", $nameSpaceUri)
+            $element.SetAttribute("src", $file.src)
+            if ($file.target) {
+                $element.SetAttribute("target", $file.target)
+            }
+            if ($file.exclude) {
+                $element.SetAttribute("exclude", $file.exclude)
+            }
+
+            $filesElement.AppendChild($element) | Out-Null
+        }
+    }
+
+    $packageElement.AppendChild($metaDataElement) | Out-Null
+    if ($filesElement) {
+        $packageElement.AppendChild($filesElement) | Out-Null
+    }
+
+    $xml.AppendChild($packageElement) | Out-Null
+
+    $nuspecFullName = Join-Path -Path $OutputPath -ChildPath "$Id.nuspec"
+    $xml.save($nuspecFullName)
+
+    Write-Output $nuspecFullName
+}
+# Set Variables for New-NuspecFile
+$psd1Path = "$PSScriptRoot/../JumpCloud.Radius.psd1"
+$Psd1 = Import-PowerShellDataFile -Path:("$psd1Path")
+$params = @{
+    OutputPath   = "$PSScriptRoot/output"
+    Id           = $(Get-Item ($psd1Path)).BaseName
+    buildNumber  = $env:GITHUB_RUN_NUMBER
+    Version      = $Psd1.ModuleVersion
+    Authors      = $Psd1.Author
+    Owners       = $Psd1.CompanyName
+    Description  = $Psd1.Description
+    ReleaseNotes = $Psd1.PrivateData.PSData.ReleaseNotes
+    # RequireLicenseAcceptance = ($requireLicenseAcceptance -eq $true)
+    Copyright    = $Psd1.Copyright
+    Tags         = $Psd1.PrivateData.PSData.Tags
+    LicenseUrl   = $Psd1.PrivateData.PSData.LicenseUri
+    ProjectUrl   = $Psd1.PrivateData.PSData.ProjectUri
+    IconUrl      = $Psd1.PrivateData.PSData.IconUri
+    Dependencies = $Psd1.RequiredModules
+    Files        = $nuspecFiles
+}
+New-NuspecFile @params
\ No newline at end of file
diff --git a/scripts/automation/Radius/deploy/build.ps1 b/scripts/automation/Radius/deploy/build.ps1
new file mode 100644
index 000000000..91e9aed5b
--- /dev/null
+++ b/scripts/automation/Radius/deploy/build.ps1
@@ -0,0 +1,52 @@
+[CmdletBinding()]
+param (
+    [Parameter(Mandatory = $true, HelpMessage = 'The type of build to create.')]
+    [ValidateSet('Major', 'Minor', 'Patch')]
+    [System.String]
+    $buildType = 'Patch'
+)
+
+# Define the module path and output path
+$modulePath = "$PSScriptRoot/../"
+$outputPath = "$PSScriptRoot/output"
+$rootPath = "$PSScriptRoot/../../../../"
+
+# Ensure the output directory exists
+if (-not (Test-Path -Path $outputPath)) {
+    New-Item -ItemType Directory -Path $outputPath | Out-Null
+}
+
+# Get the public functions from the module
+$publicFunctions = Get-ChildItem -Path "$modulePath/Functions/Public" -Recurse -Filter '*.ps1'
+
+# Get the psd1 file for the module
+$psd1Path = "$modulePath/JumpCloud.Radius.psd1"
+$Psd1 = Import-PowerShellDataFile -Path:("$psd1Path")
+
+$moduleManifest = @{
+    ModuleVersion     = $Psd1.ModuleVersion
+    RootModule        = 'JumpCloud.Radius.psm1'
+    GUID              = $Psd1.GUID
+    Author            = $Psd1.Author
+    CompanyName       = $psd1.CompanyName
+    Copyright         = $Psd1.Copyright
+    Description       = $Psd1.Description
+    PowerShellVersion = $Psd1.PowerShellVersion
+    RequiredModules   = $Psd1.RequiredModules
+    FunctionsToExport = $publicFunctions.basename
+    Path              = $psd1Path
+
+}
+
+# update the module manifest with public functions and generation date
+Update-ModuleManifest @moduleManifest
+
+# Package the module into a .nupkg file
+. $PSScriptRoot/BuildNuspecFromPsd1.ps1
+
+# generate docs
+$helpFileFunctionPath = Join-Path $rootPath "PowerShell/Deploy/Build-HelpFiles.ps1"
+
+. $helpFileFunctionPath -ModuleName 'JumpCloud.Radius' -ModulePath $modulePath
+
+Write-Host "Module packaged successfully to $outputPath"
\ No newline at end of file
diff --git a/scripts/automation/Radius/deploy/output/JumpCloud.Radius.nuspec b/scripts/automation/Radius/deploy/output/JumpCloud.Radius.nuspec
new file mode 100644
index 000000000..9abdfb62a
--- /dev/null
+++ b/scripts/automation/Radius/deploy/output/JumpCloud.Radius.nuspec
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="utf-8"?>
+<package xmlns="http://schemas.microsoft.com/packaging/2011/08/nuspec.xsd">
+  <metadata>
+    <id>JumpCloud.Radius</id>
+    <version>2.0.0</version>
+    <description>Module for managing JumpCloud Radius user certificates.</description>
+    <authors>JumpCloud Customer Tools Team</authors>
+    <owners>JumpCloud</owners>
+    <releaseNotes>
+    </releaseNotes>
+    <requireLicenseAcceptance>false</requireLicenseAcceptance>
+    <copyright>(c) JumpCloud. All rights reserved.</copyright>
+    <tags>
+    </tags>
+    <dependencies>
+      <dependency id="JumpCloud" />
+    </dependencies>
+  </metadata>
+  <files>
+    <file src="en-Us/**/*.*" target="en-Us" />
+    <file src="Functions/Public/**/*.*" target="Public" />
+    <file src="Functions/Private/**/*.*" target="Private" />
+    <file src="JumpCloud.Radius.psd1" />
+    <file src="JumpCloud.Radius.psm1" />
+    <file src="LICENSE" />
+  </files>
+</package>
\ No newline at end of file
diff --git a/scripts/automation/Radius/docs/Get-JCRCertReport.md b/scripts/automation/Radius/docs/Get-JCRCertReport.md
new file mode 100644
index 000000000..6877b4508
--- /dev/null
+++ b/scripts/automation/Radius/docs/Get-JCRCertReport.md
@@ -0,0 +1,59 @@
+---
+external help file: JumpCloud.Radius-help.xml
+Module Name: JumpCloud.Radius
+online version: /
+schema: 2.0.0
+---
+
+# Get-JCRCertReport
+
+## SYNOPSIS
+{{ Fill in the Synopsis }}
+
+## SYNTAX
+
+```
+Get-JCRCertReport [-ExportFilePath] <FileInfo> [<CommonParameters>]
+```
+
+## DESCRIPTION
+{{ Fill in the Description }}
+
+## EXAMPLES
+
+### Example 1
+```powershell
+PS C:\> {{ Add example code here }}
+```
+
+{{ Add example description here }}
+
+## PARAMETERS
+
+### -ExportFilePath
+{{ Fill ExportFilePath Description }}
+
+```yaml
+Type: System.IO.FileInfo
+Parameter Sets: (All)
+Aliases:
+
+Required: True
+Position: 0
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### CommonParameters
+This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).
+
+## INPUTS
+
+### None
+## OUTPUTS
+
+### System.Object
+## NOTES
+
+## RELATED LINKS
diff --git a/scripts/automation/Radius/docs/Get-JCRGlobalVars.md b/scripts/automation/Radius/docs/Get-JCRGlobalVars.md
new file mode 100644
index 000000000..066a0ba8b
--- /dev/null
+++ b/scripts/automation/Radius/docs/Get-JCRGlobalVars.md
@@ -0,0 +1,105 @@
+---
+external help file: JumpCloud.Radius-help.xml
+Module Name: JumpCloud.Radius
+online version: /
+schema: 2.0.0
+---
+
+# Get-JCRGlobalVars
+
+## SYNOPSIS
+{{ Fill in the Synopsis }}
+
+## SYNTAX
+
+```
+Get-JCRGlobalVars [-force] [-skipAssociation] [-associateManually] [[-associationUsername] <String>]
+ [<CommonParameters>]
+```
+
+## DESCRIPTION
+{{ Fill in the Description }}
+
+## EXAMPLES
+
+### Example 1
+```powershell
+PS C:\> {{ Add example code here }}
+```
+
+{{ Add example description here }}
+
+## PARAMETERS
+
+### -associateManually
+Updates the system to user association cache manually using the graph api
+
+```yaml
+Type: System.Management.Automation.SwitchParameter
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -associationUsername
+Updates just a single user's associations manually using the graph api
+
+```yaml
+Type: System.String
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: 0
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -force
+Force update all cached users, systems, associations, radius group members
+
+```yaml
+Type: System.Management.Automation.SwitchParameter
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -skipAssociation
+Skips the user to system association cache, which may take a long time on larger organizations
+
+```yaml
+Type: System.Management.Automation.SwitchParameter
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### CommonParameters
+This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).
+
+## INPUTS
+
+### None
+## OUTPUTS
+
+### System.Object
+## NOTES
+
+## RELATED LINKS
diff --git a/scripts/automation/Radius/docs/JumpCloud.Radius.md b/scripts/automation/Radius/docs/JumpCloud.Radius.md
new file mode 100644
index 000000000..f6eccf3d4
--- /dev/null
+++ b/scripts/automation/Radius/docs/JumpCloud.Radius.md
@@ -0,0 +1,41 @@
+---
+Module Name: JumpCloud.Radius
+Module Guid: 71bfaf58-3326-4512-9a7f-a2d9dc19d6b5
+Download Help Link:  
+Help Version: 2.0.0
+Locale: en-Us
+---
+
+# JumpCloud.Radius Module
+## Description
+Module for managing JumpCloud Radius user certificates.
+
+## JumpCloud.Radius Cmdlets
+### [Get-JCRCertReport](Get-JCRCertReport.md)
+{{ Fill in the Synopsis }}
+
+### [Get-JCRGlobalVars](Get-JCRGlobalVars.md)
+{{ Fill in the Synopsis }}
+
+### [Set-JCRConfigFile](Set-JCRConfigFile.md)
+{{ Fill in the Synopsis }}
+
+### [Start-DeployUserCerts](Start-DeployUserCerts.md)
+{{ Fill in the Synopsis }}
+
+### [Start-GenerateRootCert](Start-GenerateRootCert.md)
+{{ Fill in the Synopsis }}
+
+### [Start-GenerateUserCerts](Start-GenerateUserCerts.md)
+{{ Fill in the Synopsis }}
+
+### [Start-MonitorCertDeployment](Start-MonitorCertDeployment.md)
+{{ Fill in the Synopsis }}
+
+### [Start-RadiusDeployment](Start-RadiusDeployment.md)
+{{ Fill in the Synopsis }}
+
+### [Update-JCRModule](Update-JCRModule.md)
+{{ Fill in the Synopsis }}
+
+
diff --git a/scripts/automation/Radius/docs/Set-JCRConfigFile.md b/scripts/automation/Radius/docs/Set-JCRConfigFile.md
new file mode 100644
index 000000000..6cb43ebb0
--- /dev/null
+++ b/scripts/automation/Radius/docs/Set-JCRConfigFile.md
@@ -0,0 +1,290 @@
+---
+external help file: JumpCloud.Radius-help.xml
+Module Name: JumpCloud.Radius
+online version: /
+schema: 2.0.0
+---
+
+# Set-JCRConfigFile
+
+## SYNOPSIS
+{{ Fill in the Synopsis }}
+
+## SYNTAX
+
+```
+Set-JCRConfigFile [-certSubjectHeaderCountryCode <String>]
+ [-radiusDirectory <String>] [-networkSSID <String>] [-certSubjectHeaderCommonName <String>]
+ [-certSubjectHeaderLocality <String>] [-certSubjectHeaderOrganization <String>]
+ [-certSubjectHeaderStateCode <String>] [-caCertValidityDays <Int32>] [-userGroup <String>]
+ [-certType <String>] [-certSubjectHeaderOrganizationUnit <String>] [-userCertValidityDays <Int32>]
+ [-lastUpdate <String>] [-certSecretPass <String>] [-openSSLBinary <String>]
+ [-certExpirationWarningDays <Int32>] [<CommonParameters>]
+```
+
+## DESCRIPTION
+{{ Fill in the Description }}
+
+## EXAMPLES
+
+### Example 1
+```powershell
+PS C:\> {{ Add example code here }}
+```
+
+{{ Add example description here }}
+
+## PARAMETERS
+
+### -caCertValidityDays
+sets the caCertValidityDays config for the module
+
+```yaml
+Type: System.Int32
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -certExpirationWarningDays
+sets the certExpirationWarningDays config for the module
+
+```yaml
+Type: System.Int32
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -certSecretPass
+sets the certSecretPass config for the module
+
+```yaml
+Type: System.String
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -certSubjectHeaderCommonName
+sets the certSubjectHeaderCommonName config for the module
+
+```yaml
+Type: System.String
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -certSubjectHeaderCountryCode
+sets the certSubjectHeaderCountryCode config for the module
+
+```yaml
+Type: System.String
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -certSubjectHeaderLocality
+sets the certSubjectHeaderLocality config for the module
+
+```yaml
+Type: System.String
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -certSubjectHeaderOrganization
+sets the certSubjectHeaderOrganization config for the module
+
+```yaml
+Type: System.String
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -certSubjectHeaderOrganizationUnit
+sets the certSubjectHeaderOrganizationUnit config for the module
+
+```yaml
+Type: System.String
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -certSubjectHeaderStateCode
+sets the certSubjectHeaderStateCode config for the module
+
+```yaml
+Type: System.String
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -certType
+sets the certType config for the module
+
+```yaml
+Type: System.String
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -lastUpdate
+sets the lastUpdate config for the module
+
+```yaml
+Type: System.String
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -networkSSID
+sets the networkSSID config for the module
+
+```yaml
+Type: System.String
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -openSSLBinary
+sets the openSSLBinary config for the module
+
+```yaml
+Type: System.String
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -radiusDirectory
+sets the radiusDirectory config for the module
+
+```yaml
+Type: System.String
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -userCertValidityDays
+sets the userCertValidityDays config for the module
+
+```yaml
+Type: System.Int32
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -userGroup
+sets the userGroup config for the module
+
+```yaml
+Type: System.String
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### CommonParameters
+This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).
+
+## INPUTS
+
+### None
+## OUTPUTS
+
+### System.Object
+## NOTES
+
+## RELATED LINKS
diff --git a/scripts/automation/Radius/docs/Start-DeployUserCerts.md b/scripts/automation/Radius/docs/Start-DeployUserCerts.md
new file mode 100644
index 000000000..cf5e5c6a5
--- /dev/null
+++ b/scripts/automation/Radius/docs/Start-DeployUserCerts.md
@@ -0,0 +1,112 @@
+---
+external help file: JumpCloud.Radius-help.xml
+Module Name: JumpCloud.Radius
+online version: /
+schema: 2.0.0
+---
+
+# Start-DeployUserCerts
+
+## SYNOPSIS
+{{ Fill in the Synopsis }}
+
+## SYNTAX
+
+### gui (Default)
+```
+Start-DeployUserCerts [<CommonParameters>]
+```
+
+### cli
+```
+Start-DeployUserCerts -type <String> [-username <String>] [-forceInvokeCommands] [-forceGenerateCommands]
+ [<CommonParameters>]
+```
+
+## DESCRIPTION
+{{ Fill in the Description }}
+
+## EXAMPLES
+
+### Example 1
+```powershell
+PS C:\> {{ Add example code here }}
+```
+
+{{ Add example description here }}
+
+## PARAMETERS
+
+### -forceGenerateCommands
+Switch to force generate new commands on systems
+
+```yaml
+Type: System.Management.Automation.SwitchParameter
+Parameter Sets: cli
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -forceInvokeCommands
+Switch to force invoke generated commands on systems
+
+```yaml
+Type: System.Management.Automation.SwitchParameter
+Parameter Sets: cli
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -type
+Type of cert deployment to initiate
+
+```yaml
+Type: System.String
+Parameter Sets: cli
+Aliases:
+Accepted values: All, New, ByUsername
+
+Required: True
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -username
+The JumpCloud username of a user to deploy a certificate
+
+```yaml
+Type: System.String
+Parameter Sets: cli
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### CommonParameters
+This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).
+
+## INPUTS
+
+### None
+## OUTPUTS
+
+### System.Object
+## NOTES
+
+## RELATED LINKS
diff --git a/scripts/automation/Radius/docs/Start-GenerateRootCert.md b/scripts/automation/Radius/docs/Start-GenerateRootCert.md
new file mode 100644
index 000000000..236358ab8
--- /dev/null
+++ b/scripts/automation/Radius/docs/Start-GenerateRootCert.md
@@ -0,0 +1,97 @@
+---
+external help file: JumpCloud.Radius-help.xml
+Module Name: JumpCloud.Radius
+online version: /
+schema: 2.0.0
+---
+
+# Start-GenerateRootCert
+
+## SYNOPSIS
+{{ Fill in the Synopsis }}
+
+## SYNTAX
+
+### gui (Default)
+```
+Start-GenerateRootCert [<CommonParameters>]
+```
+
+### cli
+```
+Start-GenerateRootCert [-certKeyPassword <String>] [-generateType <String>] [-force]
+ [<CommonParameters>]
+```
+
+## DESCRIPTION
+{{ Fill in the Description }}
+
+## EXAMPLES
+
+### Example 1
+```powershell
+PS C:\> {{ Add example code here }}
+```
+
+{{ Add example description here }}
+
+## PARAMETERS
+
+### -certKeyPassword
+The root certificate key password
+
+```yaml
+Type: System.String
+Parameter Sets: cli
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -force
+When specified, this parameter will replace certificates if they already exist on the current filesystem
+
+```yaml
+Type: System.Management.Automation.SwitchParameter
+Parameter Sets: cli
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -generateType
+Select an option to generate or replace the root certificate
+
+```yaml
+Type: System.String
+Parameter Sets: cli
+Aliases:
+Accepted values: New, Replace, Renew
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### CommonParameters
+This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).
+
+## INPUTS
+
+### None
+## OUTPUTS
+
+### System.Object
+## NOTES
+
+## RELATED LINKS
diff --git a/scripts/automation/Radius/docs/Start-GenerateUserCerts.md b/scripts/automation/Radius/docs/Start-GenerateUserCerts.md
new file mode 100644
index 000000000..0af03ee81
--- /dev/null
+++ b/scripts/automation/Radius/docs/Start-GenerateUserCerts.md
@@ -0,0 +1,100 @@
+---
+external help file: JumpCloud.Radius-help.xml
+Module Name: JumpCloud.Radius
+online version: /
+schema: 2.0.0
+---
+
+# Start-GenerateUserCerts
+
+## SYNOPSIS
+{{ Fill in the Synopsis }}
+
+## SYNTAX
+
+### gui (Default)
+```
+Start-GenerateUserCerts [<CommonParameters>]
+```
+
+### cli
+```
+Start-GenerateUserCerts -type <String> [-username <String>] [-forceReplaceCerts]
+ [<CommonParameters>]
+```
+
+## DESCRIPTION
+{{ Fill in the Description }}
+
+## EXAMPLES
+
+### Example 1
+```powershell
+PS C:\> {{ Add example code here }}
+```
+
+{{ Add example description here }}
+
+## PARAMETERS
+
+### -forceReplaceCerts
+When specified, this parameter will replace certificates if they already exist on the current filesystem
+
+```yaml
+Type: System.Management.Automation.SwitchParameter
+Parameter Sets: cli
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -type
+Type of certificate to initialize.
+To generate all new certificates for existing users, specify "all", To generate certificates for users who have not yet had certificates generated, specify "new".
+To generate certificates by an individual, speficy "ByUsername" and populate the "username" parameter.
+To generate certificates for users who have certificates expiring in 15 days or less, specify "ExpiringSoon".
+
+```yaml
+Type: System.String
+Parameter Sets: cli
+Aliases:
+Accepted values: All, New, ByUsername, ExpiringSoon
+
+Required: True
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -username
+The JumpCloud username of an individual user
+
+```yaml
+Type: System.String
+Parameter Sets: cli
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### CommonParameters
+This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).
+
+## INPUTS
+
+### None
+## OUTPUTS
+
+### System.Object
+## NOTES
+
+## RELATED LINKS
diff --git a/scripts/automation/Radius/docs/Start-MonitorCertDeployment.md b/scripts/automation/Radius/docs/Start-MonitorCertDeployment.md
new file mode 100644
index 000000000..7b125dc05
--- /dev/null
+++ b/scripts/automation/Radius/docs/Start-MonitorCertDeployment.md
@@ -0,0 +1,44 @@
+---
+external help file: JumpCloud.Radius-help.xml
+Module Name: JumpCloud.Radius
+online version: /
+schema: 2.0.0
+---
+
+# Start-MonitorCertDeployment
+
+## SYNOPSIS
+{{ Fill in the Synopsis }}
+
+## SYNTAX
+
+```
+Start-MonitorCertDeployment [<CommonParameters>]
+```
+
+## DESCRIPTION
+{{ Fill in the Description }}
+
+## EXAMPLES
+
+### Example 1
+```powershell
+PS C:\> {{ Add example code here }}
+```
+
+{{ Add example description here }}
+
+## PARAMETERS
+
+### CommonParameters
+This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).
+
+## INPUTS
+
+### None
+## OUTPUTS
+
+### System.Object
+## NOTES
+
+## RELATED LINKS
diff --git a/scripts/automation/Radius/docs/Start-RadiusDeployment.md b/scripts/automation/Radius/docs/Start-RadiusDeployment.md
new file mode 100644
index 000000000..321cc15ab
--- /dev/null
+++ b/scripts/automation/Radius/docs/Start-RadiusDeployment.md
@@ -0,0 +1,44 @@
+---
+external help file: JumpCloud.Radius-help.xml
+Module Name: JumpCloud.Radius
+online version: /
+schema: 2.0.0
+---
+
+# Start-RadiusDeployment
+
+## SYNOPSIS
+{{ Fill in the Synopsis }}
+
+## SYNTAX
+
+```
+Start-RadiusDeployment [<CommonParameters>]
+```
+
+## DESCRIPTION
+{{ Fill in the Description }}
+
+## EXAMPLES
+
+### Example 1
+```powershell
+PS C:\> {{ Add example code here }}
+```
+
+{{ Add example description here }}
+
+## PARAMETERS
+
+### CommonParameters
+This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).
+
+## INPUTS
+
+### None
+## OUTPUTS
+
+### System.Object
+## NOTES
+
+## RELATED LINKS
diff --git a/scripts/automation/Radius/docs/Update-JCRModule.md b/scripts/automation/Radius/docs/Update-JCRModule.md
new file mode 100644
index 000000000..29806b814
--- /dev/null
+++ b/scripts/automation/Radius/docs/Update-JCRModule.md
@@ -0,0 +1,74 @@
+---
+external help file: JumpCloud.Radius-help.xml
+Module Name: JumpCloud.Radius
+online version: /
+schema: 2.0.0
+---
+
+# Update-JCRModule
+
+## SYNOPSIS
+{{ Fill in the Synopsis }}
+
+## SYNTAX
+
+```
+Update-JCRModule [-Force] [[-Repository] <String>] [<CommonParameters>]
+```
+
+## DESCRIPTION
+{{ Fill in the Description }}
+
+## EXAMPLES
+
+### Example 1
+```powershell
+PS C:\> {{ Add example code here }}
+```
+
+{{ Add example description here }}
+
+## PARAMETERS
+
+### -Force
+ByPasses user prompts.
+
+```yaml
+Type: System.Management.Automation.SwitchParameter
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### -Repository
+Set the PSRepository
+
+```yaml
+Type: System.String
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: 0
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
+### CommonParameters
+This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).
+
+## INPUTS
+
+### None
+## OUTPUTS
+
+### System.Object
+## NOTES
+
+## RELATED LINKS
diff --git a/scripts/automation/Radius/docs/about_JumpCloud.Radius.md b/scripts/automation/Radius/docs/about_JumpCloud.Radius.md
new file mode 100644
index 000000000..62fd4e103
--- /dev/null
+++ b/scripts/automation/Radius/docs/about_JumpCloud.Radius.md
@@ -0,0 +1,57 @@
+# JumpCloud.Radius
+## about_JumpCloud.Radius
+
+```
+ABOUT TOPIC NOTE:
+The first header of the about topic should be the topic name.
+The second header contains the lookup name used by the help system.
+
+IE:
+# Some Help Topic Name
+## SomeHelpTopicFileName
+
+This will be transformed into the text file
+as `about_SomeHelpTopicFileName`.
+Do not include file extensions.
+The second header should have no spaces.
+```
+
+# SHORT DESCRIPTION
+{{ Short Description Placeholder }}
+
+```
+ABOUT TOPIC NOTE:
+About topics can be no longer than 80 characters wide when rendered to text.
+Any topics greater than 80 characters will be automatically wrapped.
+The generated about topic will be encoded UTF-8.
+```
+
+# LONG DESCRIPTION
+{{ Long Description Placeholder }}
+
+## Optional Subtopics
+{{ Optional Subtopic Placeholder }}
+
+# EXAMPLES
+{{ Code or descriptive examples of how to leverage the functions described. }}
+
+# NOTE
+{{ Note Placeholder - Additional information that a user needs to know.}}
+
+# TROUBLESHOOTING NOTE
+{{ Troubleshooting Placeholder - Warns users of bugs}}
+
+{{ Explains behavior that is likely to change with fixes }}
+
+# SEE ALSO
+{{ See also placeholder }}
+
+{{ You can also list related articles, blogs, and video URLs. }}
+
+# KEYWORDS
+{{List alternate names or titles for this topic that readers might use.}}
+
+- {{ Keyword Placeholder }}
+- {{ Keyword Placeholder }}
+- {{ Keyword Placeholder }}
+- {{ Keyword Placeholder }}
diff --git a/scripts/automation/Radius/en-Us/JumpCloud.Radius-help.xml b/scripts/automation/Radius/en-Us/JumpCloud.Radius-help.xml
new file mode 100644
index 000000000..ab41e37aa
--- /dev/null
+++ b/scripts/automation/Radius/en-Us/JumpCloud.Radius-help.xml
@@ -0,0 +1,1356 @@
+<?xml version="1.0" encoding="utf-8"?>
+<helpItems schema="maml" xmlns="http://msh">
+  <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp">
+    <command:details>
+      <command:name>Get-JCRCertReport</command:name>
+      <command:verb>Get</command:verb>
+      <command:noun>JCRCertReport</command:noun>
+      <maml:description>
+        <maml:para>{{ Fill in the Synopsis }}</maml:para>
+      </maml:description>
+    </command:details>
+    <maml:description>
+      <maml:para>{{ Fill in the Description }}</maml:para>
+    </maml:description>
+    <command:syntax>
+      <command:syntaxItem>
+        <maml:name>Get-JCRCertReport</maml:name>
+        <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="none">
+          <maml:name>ExportFilePath</maml:name>
+          <maml:description>
+            <maml:para>{{ Fill ExportFilePath Description }}</maml:para>
+          </maml:description>
+          <command:parameterValue required="true" variableLength="false">System.IO.FileInfo</command:parameterValue>
+          <dev:type>
+            <maml:name>System.IO.FileInfo</maml:name>
+            <maml:uri />
+          </dev:type>
+          <dev:defaultValue>None</dev:defaultValue>
+        </command:parameter>
+
+      </command:syntaxItem>
+    </command:syntax>
+    <command:parameters>
+      <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="none">
+        <maml:name>ExportFilePath</maml:name>
+        <maml:description>
+          <maml:para>{{ Fill ExportFilePath Description }}</maml:para>
+        </maml:description>
+        <command:parameterValue required="true" variableLength="false">System.IO.FileInfo</command:parameterValue>
+        <dev:type>
+          <maml:name>System.IO.FileInfo</maml:name>
+          <maml:uri />
+        </dev:type>
+        <dev:defaultValue>None</dev:defaultValue>
+      </command:parameter>
+
+    </command:parameters>
+    <command:inputTypes>
+      <command:inputType>
+        <dev:type>
+          <maml:name>None</maml:name>
+        </dev:type>
+        <maml:description>
+          <maml:para></maml:para>
+        </maml:description>
+      </command:inputType>
+    </command:inputTypes>
+    <command:returnValues>
+      <command:returnValue>
+        <dev:type>
+          <maml:name>System.Object</maml:name>
+        </dev:type>
+        <maml:description>
+          <maml:para></maml:para>
+        </maml:description>
+      </command:returnValue>
+    </command:returnValues>
+    <maml:alertSet>
+      <maml:alert>
+        <maml:para></maml:para>
+      </maml:alert>
+    </maml:alertSet>
+    <command:examples>
+      <command:example>
+        <maml:title>-------------------------- Example 1 --------------------------</maml:title>
+        <dev:code>PS C:\&gt; {{ Add example code here }}</dev:code>
+        <dev:remarks>
+          <maml:para>{{ Add example description here }}</maml:para>
+        </dev:remarks>
+      </command:example>
+    </command:examples>
+    <command:relatedLinks>
+      <maml:navigationLink>
+        <maml:linkText>Online Version:</maml:linkText>
+        <maml:uri>/</maml:uri>
+      </maml:navigationLink>
+    </command:relatedLinks>
+  </command:command>
+  <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp">
+    <command:details>
+      <command:name>Get-JCRGlobalVars</command:name>
+      <command:verb>Get</command:verb>
+      <command:noun>JCRGlobalVars</command:noun>
+      <maml:description>
+        <maml:para>{{ Fill in the Synopsis }}</maml:para>
+      </maml:description>
+    </command:details>
+    <maml:description>
+      <maml:para>{{ Fill in the Description }}</maml:para>
+    </maml:description>
+    <command:syntax>
+      <command:syntaxItem>
+        <maml:name>Get-JCRGlobalVars</maml:name>
+        <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="none">
+          <maml:name>associationUsername</maml:name>
+          <maml:description>
+            <maml:para>Updates just a single user's associations manually using the graph api</maml:para>
+          </maml:description>
+          <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
+          <dev:type>
+            <maml:name>System.String</maml:name>
+            <maml:uri />
+          </dev:type>
+          <dev:defaultValue>None</dev:defaultValue>
+        </command:parameter>
+        <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
+          <maml:name>associateManually</maml:name>
+          <maml:description>
+            <maml:para>Updates the system to user association cache manually using the graph api</maml:para>
+          </maml:description>
+          <dev:type>
+            <maml:name>System.Management.Automation.SwitchParameter</maml:name>
+            <maml:uri />
+          </dev:type>
+          <dev:defaultValue>False</dev:defaultValue>
+        </command:parameter>
+        <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
+          <maml:name>force</maml:name>
+          <maml:description>
+            <maml:para>Force update all cached users, systems, associations, radius group members</maml:para>
+          </maml:description>
+          <dev:type>
+            <maml:name>System.Management.Automation.SwitchParameter</maml:name>
+            <maml:uri />
+          </dev:type>
+          <dev:defaultValue>False</dev:defaultValue>
+        </command:parameter>
+
+        <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
+          <maml:name>skipAssociation</maml:name>
+          <maml:description>
+            <maml:para>Skips the user to system association cache, which may take a long time on larger organizations</maml:para>
+          </maml:description>
+          <dev:type>
+            <maml:name>System.Management.Automation.SwitchParameter</maml:name>
+            <maml:uri />
+          </dev:type>
+          <dev:defaultValue>False</dev:defaultValue>
+        </command:parameter>
+      </command:syntaxItem>
+    </command:syntax>
+    <command:parameters>
+      <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
+        <maml:name>associateManually</maml:name>
+        <maml:description>
+          <maml:para>Updates the system to user association cache manually using the graph api</maml:para>
+        </maml:description>
+        <command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue>
+        <dev:type>
+          <maml:name>System.Management.Automation.SwitchParameter</maml:name>
+          <maml:uri />
+        </dev:type>
+        <dev:defaultValue>False</dev:defaultValue>
+      </command:parameter>
+      <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="none">
+        <maml:name>associationUsername</maml:name>
+        <maml:description>
+          <maml:para>Updates just a single user's associations manually using the graph api</maml:para>
+        </maml:description>
+        <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
+        <dev:type>
+          <maml:name>System.String</maml:name>
+          <maml:uri />
+        </dev:type>
+        <dev:defaultValue>None</dev:defaultValue>
+      </command:parameter>
+      <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
+        <maml:name>force</maml:name>
+        <maml:description>
+          <maml:para>Force update all cached users, systems, associations, radius group members</maml:para>
+        </maml:description>
+        <command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue>
+        <dev:type>
+          <maml:name>System.Management.Automation.SwitchParameter</maml:name>
+          <maml:uri />
+        </dev:type>
+        <dev:defaultValue>False</dev:defaultValue>
+      </command:parameter>
+
+      <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
+        <maml:name>skipAssociation</maml:name>
+        <maml:description>
+          <maml:para>Skips the user to system association cache, which may take a long time on larger organizations</maml:para>
+        </maml:description>
+        <command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue>
+        <dev:type>
+          <maml:name>System.Management.Automation.SwitchParameter</maml:name>
+          <maml:uri />
+        </dev:type>
+        <dev:defaultValue>False</dev:defaultValue>
+      </command:parameter>
+    </command:parameters>
+    <command:inputTypes>
+      <command:inputType>
+        <dev:type>
+          <maml:name>None</maml:name>
+        </dev:type>
+        <maml:description>
+          <maml:para></maml:para>
+        </maml:description>
+      </command:inputType>
+    </command:inputTypes>
+    <command:returnValues>
+      <command:returnValue>
+        <dev:type>
+          <maml:name>System.Object</maml:name>
+        </dev:type>
+        <maml:description>
+          <maml:para></maml:para>
+        </maml:description>
+      </command:returnValue>
+    </command:returnValues>
+    <maml:alertSet>
+      <maml:alert>
+        <maml:para></maml:para>
+      </maml:alert>
+    </maml:alertSet>
+    <command:examples>
+      <command:example>
+        <maml:title>-------------------------- Example 1 --------------------------</maml:title>
+        <dev:code>PS C:\&gt; {{ Add example code here }}</dev:code>
+        <dev:remarks>
+          <maml:para>{{ Add example description here }}</maml:para>
+        </dev:remarks>
+      </command:example>
+    </command:examples>
+    <command:relatedLinks>
+      <maml:navigationLink>
+        <maml:linkText>Online Version:</maml:linkText>
+        <maml:uri>/</maml:uri>
+      </maml:navigationLink>
+    </command:relatedLinks>
+  </command:command>
+  <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp">
+    <command:details>
+      <command:name>Set-JCRConfigFile</command:name>
+      <command:verb>Set</command:verb>
+      <command:noun>JCRConfigFile</command:noun>
+      <maml:description>
+        <maml:para>{{ Fill in the Synopsis }}</maml:para>
+      </maml:description>
+    </command:details>
+    <maml:description>
+      <maml:para>{{ Fill in the Description }}</maml:para>
+    </maml:description>
+    <command:syntax>
+      <command:syntaxItem>
+        <maml:name>Set-JCRConfigFile</maml:name>
+        <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
+          <maml:name>caCertValidityDays</maml:name>
+          <maml:description>
+            <maml:para>sets the caCertValidityDays config for the module</maml:para>
+          </maml:description>
+          <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue>
+          <dev:type>
+            <maml:name>System.Int32</maml:name>
+            <maml:uri />
+          </dev:type>
+          <dev:defaultValue>None</dev:defaultValue>
+        </command:parameter>
+        <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
+          <maml:name>certExpirationWarningDays</maml:name>
+          <maml:description>
+            <maml:para>sets the certExpirationWarningDays config for the module</maml:para>
+          </maml:description>
+          <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue>
+          <dev:type>
+            <maml:name>System.Int32</maml:name>
+            <maml:uri />
+          </dev:type>
+          <dev:defaultValue>None</dev:defaultValue>
+        </command:parameter>
+        <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
+          <maml:name>certSecretPass</maml:name>
+          <maml:description>
+            <maml:para>sets the certSecretPass config for the module</maml:para>
+          </maml:description>
+          <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
+          <dev:type>
+            <maml:name>System.String</maml:name>
+            <maml:uri />
+          </dev:type>
+          <dev:defaultValue>None</dev:defaultValue>
+        </command:parameter>
+        <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
+          <maml:name>certSubjectHeaderCommonName</maml:name>
+          <maml:description>
+            <maml:para>sets the certSubjectHeaderCommonName config for the module</maml:para>
+          </maml:description>
+          <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
+          <dev:type>
+            <maml:name>System.String</maml:name>
+            <maml:uri />
+          </dev:type>
+          <dev:defaultValue>None</dev:defaultValue>
+        </command:parameter>
+        <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
+          <maml:name>certSubjectHeaderCountryCode</maml:name>
+          <maml:description>
+            <maml:para>sets the certSubjectHeaderCountryCode config for the module</maml:para>
+          </maml:description>
+          <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
+          <dev:type>
+            <maml:name>System.String</maml:name>
+            <maml:uri />
+          </dev:type>
+          <dev:defaultValue>None</dev:defaultValue>
+        </command:parameter>
+        <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
+          <maml:name>certSubjectHeaderLocality</maml:name>
+          <maml:description>
+            <maml:para>sets the certSubjectHeaderLocality config for the module</maml:para>
+          </maml:description>
+          <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
+          <dev:type>
+            <maml:name>System.String</maml:name>
+            <maml:uri />
+          </dev:type>
+          <dev:defaultValue>None</dev:defaultValue>
+        </command:parameter>
+        <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
+          <maml:name>certSubjectHeaderOrganization</maml:name>
+          <maml:description>
+            <maml:para>sets the certSubjectHeaderOrganization config for the module</maml:para>
+          </maml:description>
+          <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
+          <dev:type>
+            <maml:name>System.String</maml:name>
+            <maml:uri />
+          </dev:type>
+          <dev:defaultValue>None</dev:defaultValue>
+        </command:parameter>
+        <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
+          <maml:name>certSubjectHeaderOrganizationUnit</maml:name>
+          <maml:description>
+            <maml:para>sets the certSubjectHeaderOrganizationUnit config for the module</maml:para>
+          </maml:description>
+          <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
+          <dev:type>
+            <maml:name>System.String</maml:name>
+            <maml:uri />
+          </dev:type>
+          <dev:defaultValue>None</dev:defaultValue>
+        </command:parameter>
+        <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
+          <maml:name>certSubjectHeaderStateCode</maml:name>
+          <maml:description>
+            <maml:para>sets the certSubjectHeaderStateCode config for the module</maml:para>
+          </maml:description>
+          <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
+          <dev:type>
+            <maml:name>System.String</maml:name>
+            <maml:uri />
+          </dev:type>
+          <dev:defaultValue>None</dev:defaultValue>
+        </command:parameter>
+        <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
+          <maml:name>certType</maml:name>
+          <maml:description>
+            <maml:para>sets the certType config for the module</maml:para>
+          </maml:description>
+          <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
+          <dev:type>
+            <maml:name>System.String</maml:name>
+            <maml:uri />
+          </dev:type>
+          <dev:defaultValue>None</dev:defaultValue>
+        </command:parameter>
+        <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
+          <maml:name>lastUpdate</maml:name>
+          <maml:description>
+            <maml:para>sets the lastUpdate config for the module</maml:para>
+          </maml:description>
+          <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
+          <dev:type>
+            <maml:name>System.String</maml:name>
+            <maml:uri />
+          </dev:type>
+          <dev:defaultValue>None</dev:defaultValue>
+        </command:parameter>
+        <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
+          <maml:name>networkSSID</maml:name>
+          <maml:description>
+            <maml:para>sets the networkSSID config for the module</maml:para>
+          </maml:description>
+          <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
+          <dev:type>
+            <maml:name>System.String</maml:name>
+            <maml:uri />
+          </dev:type>
+          <dev:defaultValue>None</dev:defaultValue>
+        </command:parameter>
+        <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
+          <maml:name>openSSLBinary</maml:name>
+          <maml:description>
+            <maml:para>sets the openSSLBinary config for the module</maml:para>
+          </maml:description>
+          <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
+          <dev:type>
+            <maml:name>System.String</maml:name>
+            <maml:uri />
+          </dev:type>
+          <dev:defaultValue>None</dev:defaultValue>
+        </command:parameter>
+
+        <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
+          <maml:name>radiusDirectory</maml:name>
+          <maml:description>
+            <maml:para>sets the radiusDirectory config for the module</maml:para>
+          </maml:description>
+          <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
+          <dev:type>
+            <maml:name>System.String</maml:name>
+            <maml:uri />
+          </dev:type>
+          <dev:defaultValue>None</dev:defaultValue>
+        </command:parameter>
+        <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
+          <maml:name>userCertValidityDays</maml:name>
+          <maml:description>
+            <maml:para>sets the userCertValidityDays config for the module</maml:para>
+          </maml:description>
+          <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue>
+          <dev:type>
+            <maml:name>System.Int32</maml:name>
+            <maml:uri />
+          </dev:type>
+          <dev:defaultValue>None</dev:defaultValue>
+        </command:parameter>
+        <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
+          <maml:name>userGroup</maml:name>
+          <maml:description>
+            <maml:para>sets the userGroup config for the module</maml:para>
+          </maml:description>
+          <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
+          <dev:type>
+            <maml:name>System.String</maml:name>
+            <maml:uri />
+          </dev:type>
+          <dev:defaultValue>None</dev:defaultValue>
+        </command:parameter>
+      </command:syntaxItem>
+    </command:syntax>
+    <command:parameters>
+      <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
+        <maml:name>caCertValidityDays</maml:name>
+        <maml:description>
+          <maml:para>sets the caCertValidityDays config for the module</maml:para>
+        </maml:description>
+        <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue>
+        <dev:type>
+          <maml:name>System.Int32</maml:name>
+          <maml:uri />
+        </dev:type>
+        <dev:defaultValue>None</dev:defaultValue>
+      </command:parameter>
+      <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
+        <maml:name>certExpirationWarningDays</maml:name>
+        <maml:description>
+          <maml:para>sets the certExpirationWarningDays config for the module</maml:para>
+        </maml:description>
+        <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue>
+        <dev:type>
+          <maml:name>System.Int32</maml:name>
+          <maml:uri />
+        </dev:type>
+        <dev:defaultValue>None</dev:defaultValue>
+      </command:parameter>
+      <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
+        <maml:name>certSecretPass</maml:name>
+        <maml:description>
+          <maml:para>sets the certSecretPass config for the module</maml:para>
+        </maml:description>
+        <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
+        <dev:type>
+          <maml:name>System.String</maml:name>
+          <maml:uri />
+        </dev:type>
+        <dev:defaultValue>None</dev:defaultValue>
+      </command:parameter>
+      <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
+        <maml:name>certSubjectHeaderCommonName</maml:name>
+        <maml:description>
+          <maml:para>sets the certSubjectHeaderCommonName config for the module</maml:para>
+        </maml:description>
+        <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
+        <dev:type>
+          <maml:name>System.String</maml:name>
+          <maml:uri />
+        </dev:type>
+        <dev:defaultValue>None</dev:defaultValue>
+      </command:parameter>
+      <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
+        <maml:name>certSubjectHeaderCountryCode</maml:name>
+        <maml:description>
+          <maml:para>sets the certSubjectHeaderCountryCode config for the module</maml:para>
+        </maml:description>
+        <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
+        <dev:type>
+          <maml:name>System.String</maml:name>
+          <maml:uri />
+        </dev:type>
+        <dev:defaultValue>None</dev:defaultValue>
+      </command:parameter>
+      <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
+        <maml:name>certSubjectHeaderLocality</maml:name>
+        <maml:description>
+          <maml:para>sets the certSubjectHeaderLocality config for the module</maml:para>
+        </maml:description>
+        <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
+        <dev:type>
+          <maml:name>System.String</maml:name>
+          <maml:uri />
+        </dev:type>
+        <dev:defaultValue>None</dev:defaultValue>
+      </command:parameter>
+      <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
+        <maml:name>certSubjectHeaderOrganization</maml:name>
+        <maml:description>
+          <maml:para>sets the certSubjectHeaderOrganization config for the module</maml:para>
+        </maml:description>
+        <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
+        <dev:type>
+          <maml:name>System.String</maml:name>
+          <maml:uri />
+        </dev:type>
+        <dev:defaultValue>None</dev:defaultValue>
+      </command:parameter>
+      <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
+        <maml:name>certSubjectHeaderOrganizationUnit</maml:name>
+        <maml:description>
+          <maml:para>sets the certSubjectHeaderOrganizationUnit config for the module</maml:para>
+        </maml:description>
+        <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
+        <dev:type>
+          <maml:name>System.String</maml:name>
+          <maml:uri />
+        </dev:type>
+        <dev:defaultValue>None</dev:defaultValue>
+      </command:parameter>
+      <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
+        <maml:name>certSubjectHeaderStateCode</maml:name>
+        <maml:description>
+          <maml:para>sets the certSubjectHeaderStateCode config for the module</maml:para>
+        </maml:description>
+        <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
+        <dev:type>
+          <maml:name>System.String</maml:name>
+          <maml:uri />
+        </dev:type>
+        <dev:defaultValue>None</dev:defaultValue>
+      </command:parameter>
+      <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
+        <maml:name>certType</maml:name>
+        <maml:description>
+          <maml:para>sets the certType config for the module</maml:para>
+        </maml:description>
+        <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
+        <dev:type>
+          <maml:name>System.String</maml:name>
+          <maml:uri />
+        </dev:type>
+        <dev:defaultValue>None</dev:defaultValue>
+      </command:parameter>
+      <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
+        <maml:name>lastUpdate</maml:name>
+        <maml:description>
+          <maml:para>sets the lastUpdate config for the module</maml:para>
+        </maml:description>
+        <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
+        <dev:type>
+          <maml:name>System.String</maml:name>
+          <maml:uri />
+        </dev:type>
+        <dev:defaultValue>None</dev:defaultValue>
+      </command:parameter>
+      <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
+        <maml:name>networkSSID</maml:name>
+        <maml:description>
+          <maml:para>sets the networkSSID config for the module</maml:para>
+        </maml:description>
+        <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
+        <dev:type>
+          <maml:name>System.String</maml:name>
+          <maml:uri />
+        </dev:type>
+        <dev:defaultValue>None</dev:defaultValue>
+      </command:parameter>
+      <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
+        <maml:name>openSSLBinary</maml:name>
+        <maml:description>
+          <maml:para>sets the openSSLBinary config for the module</maml:para>
+        </maml:description>
+        <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
+        <dev:type>
+          <maml:name>System.String</maml:name>
+          <maml:uri />
+        </dev:type>
+        <dev:defaultValue>None</dev:defaultValue>
+      </command:parameter>
+
+      <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
+        <maml:name>radiusDirectory</maml:name>
+        <maml:description>
+          <maml:para>sets the radiusDirectory config for the module</maml:para>
+        </maml:description>
+        <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
+        <dev:type>
+          <maml:name>System.String</maml:name>
+          <maml:uri />
+        </dev:type>
+        <dev:defaultValue>None</dev:defaultValue>
+      </command:parameter>
+      <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
+        <maml:name>userCertValidityDays</maml:name>
+        <maml:description>
+          <maml:para>sets the userCertValidityDays config for the module</maml:para>
+        </maml:description>
+        <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue>
+        <dev:type>
+          <maml:name>System.Int32</maml:name>
+          <maml:uri />
+        </dev:type>
+        <dev:defaultValue>None</dev:defaultValue>
+      </command:parameter>
+      <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
+        <maml:name>userGroup</maml:name>
+        <maml:description>
+          <maml:para>sets the userGroup config for the module</maml:para>
+        </maml:description>
+        <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
+        <dev:type>
+          <maml:name>System.String</maml:name>
+          <maml:uri />
+        </dev:type>
+        <dev:defaultValue>None</dev:defaultValue>
+      </command:parameter>
+    </command:parameters>
+    <command:inputTypes>
+      <command:inputType>
+        <dev:type>
+          <maml:name>None</maml:name>
+        </dev:type>
+        <maml:description>
+          <maml:para></maml:para>
+        </maml:description>
+      </command:inputType>
+    </command:inputTypes>
+    <command:returnValues>
+      <command:returnValue>
+        <dev:type>
+          <maml:name>System.Object</maml:name>
+        </dev:type>
+        <maml:description>
+          <maml:para></maml:para>
+        </maml:description>
+      </command:returnValue>
+    </command:returnValues>
+    <maml:alertSet>
+      <maml:alert>
+        <maml:para></maml:para>
+      </maml:alert>
+    </maml:alertSet>
+    <command:examples>
+      <command:example>
+        <maml:title>-------------------------- Example 1 --------------------------</maml:title>
+        <dev:code>PS C:\&gt; {{ Add example code here }}</dev:code>
+        <dev:remarks>
+          <maml:para>{{ Add example description here }}</maml:para>
+        </dev:remarks>
+      </command:example>
+    </command:examples>
+    <command:relatedLinks>
+      <maml:navigationLink>
+        <maml:linkText>Online Version:</maml:linkText>
+        <maml:uri>/</maml:uri>
+      </maml:navigationLink>
+    </command:relatedLinks>
+  </command:command>
+  <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp">
+    <command:details>
+      <command:name>Start-DeployUserCerts</command:name>
+      <command:verb>Start</command:verb>
+      <command:noun>DeployUserCerts</command:noun>
+      <maml:description>
+        <maml:para>{{ Fill in the Synopsis }}</maml:para>
+      </maml:description>
+    </command:details>
+    <maml:description>
+      <maml:para>{{ Fill in the Description }}</maml:para>
+    </maml:description>
+    <command:syntax>
+      <command:syntaxItem>
+        <maml:name>Start-DeployUserCerts</maml:name>
+        <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
+          <maml:name>forceGenerateCommands</maml:name>
+          <maml:description>
+            <maml:para>Switch to force generate new commands on systems</maml:para>
+          </maml:description>
+          <dev:type>
+            <maml:name>System.Management.Automation.SwitchParameter</maml:name>
+            <maml:uri />
+          </dev:type>
+          <dev:defaultValue>False</dev:defaultValue>
+        </command:parameter>
+        <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
+          <maml:name>forceInvokeCommands</maml:name>
+          <maml:description>
+            <maml:para>Switch to force invoke generated commands on systems</maml:para>
+          </maml:description>
+          <dev:type>
+            <maml:name>System.Management.Automation.SwitchParameter</maml:name>
+            <maml:uri />
+          </dev:type>
+          <dev:defaultValue>False</dev:defaultValue>
+        </command:parameter>
+
+        <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
+          <maml:name>type</maml:name>
+          <maml:description>
+            <maml:para>Type of cert deployment to initiate</maml:para>
+          </maml:description>
+          <command:parameterValueGroup>
+            <command:parameterValue required="false" command:variableLength="false">All</command:parameterValue>
+            <command:parameterValue required="false" command:variableLength="false">New</command:parameterValue>
+            <command:parameterValue required="false" command:variableLength="false">ByUsername</command:parameterValue>
+          </command:parameterValueGroup>
+          <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
+          <dev:type>
+            <maml:name>System.String</maml:name>
+            <maml:uri />
+          </dev:type>
+          <dev:defaultValue>None</dev:defaultValue>
+        </command:parameter>
+        <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
+          <maml:name>username</maml:name>
+          <maml:description>
+            <maml:para>The JumpCloud username of a user to deploy a certificate</maml:para>
+          </maml:description>
+          <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
+          <dev:type>
+            <maml:name>System.String</maml:name>
+            <maml:uri />
+          </dev:type>
+          <dev:defaultValue>None</dev:defaultValue>
+        </command:parameter>
+      </command:syntaxItem>
+    </command:syntax>
+    <command:parameters>
+      <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
+        <maml:name>forceGenerateCommands</maml:name>
+        <maml:description>
+          <maml:para>Switch to force generate new commands on systems</maml:para>
+        </maml:description>
+        <command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue>
+        <dev:type>
+          <maml:name>System.Management.Automation.SwitchParameter</maml:name>
+          <maml:uri />
+        </dev:type>
+        <dev:defaultValue>False</dev:defaultValue>
+      </command:parameter>
+      <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
+        <maml:name>forceInvokeCommands</maml:name>
+        <maml:description>
+          <maml:para>Switch to force invoke generated commands on systems</maml:para>
+        </maml:description>
+        <command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue>
+        <dev:type>
+          <maml:name>System.Management.Automation.SwitchParameter</maml:name>
+          <maml:uri />
+        </dev:type>
+        <dev:defaultValue>False</dev:defaultValue>
+      </command:parameter>
+
+      <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
+        <maml:name>type</maml:name>
+        <maml:description>
+          <maml:para>Type of cert deployment to initiate</maml:para>
+        </maml:description>
+        <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
+        <dev:type>
+          <maml:name>System.String</maml:name>
+          <maml:uri />
+        </dev:type>
+        <dev:defaultValue>None</dev:defaultValue>
+      </command:parameter>
+      <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
+        <maml:name>username</maml:name>
+        <maml:description>
+          <maml:para>The JumpCloud username of a user to deploy a certificate</maml:para>
+        </maml:description>
+        <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
+        <dev:type>
+          <maml:name>System.String</maml:name>
+          <maml:uri />
+        </dev:type>
+        <dev:defaultValue>None</dev:defaultValue>
+      </command:parameter>
+    </command:parameters>
+    <command:inputTypes>
+      <command:inputType>
+        <dev:type>
+          <maml:name>None</maml:name>
+        </dev:type>
+        <maml:description>
+          <maml:para></maml:para>
+        </maml:description>
+      </command:inputType>
+    </command:inputTypes>
+    <command:returnValues>
+      <command:returnValue>
+        <dev:type>
+          <maml:name>System.Object</maml:name>
+        </dev:type>
+        <maml:description>
+          <maml:para></maml:para>
+        </maml:description>
+      </command:returnValue>
+    </command:returnValues>
+    <maml:alertSet>
+      <maml:alert>
+        <maml:para></maml:para>
+      </maml:alert>
+    </maml:alertSet>
+    <command:examples>
+      <command:example>
+        <maml:title>-------------------------- Example 1 --------------------------</maml:title>
+        <dev:code>PS C:\&gt; {{ Add example code here }}</dev:code>
+        <dev:remarks>
+          <maml:para>{{ Add example description here }}</maml:para>
+        </dev:remarks>
+      </command:example>
+    </command:examples>
+    <command:relatedLinks>
+      <maml:navigationLink>
+        <maml:linkText>Online Version:</maml:linkText>
+        <maml:uri>/</maml:uri>
+      </maml:navigationLink>
+    </command:relatedLinks>
+  </command:command>
+  <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp">
+    <command:details>
+      <command:name>Start-GenerateRootCert</command:name>
+      <command:verb>Start</command:verb>
+      <command:noun>GenerateRootCert</command:noun>
+      <maml:description>
+        <maml:para>{{ Fill in the Synopsis }}</maml:para>
+      </maml:description>
+    </command:details>
+    <maml:description>
+      <maml:para>{{ Fill in the Description }}</maml:para>
+    </maml:description>
+    <command:syntax>
+      <command:syntaxItem>
+        <maml:name>Start-GenerateRootCert</maml:name>
+        <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
+          <maml:name>certKeyPassword</maml:name>
+          <maml:description>
+            <maml:para>The root certificate key password</maml:para>
+          </maml:description>
+          <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
+          <dev:type>
+            <maml:name>System.String</maml:name>
+            <maml:uri />
+          </dev:type>
+          <dev:defaultValue>None</dev:defaultValue>
+        </command:parameter>
+        <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
+          <maml:name>force</maml:name>
+          <maml:description>
+            <maml:para>When specified, this parameter will replace certificates if they already exist on the current filesystem</maml:para>
+          </maml:description>
+          <dev:type>
+            <maml:name>System.Management.Automation.SwitchParameter</maml:name>
+            <maml:uri />
+          </dev:type>
+          <dev:defaultValue>False</dev:defaultValue>
+        </command:parameter>
+        <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
+          <maml:name>generateType</maml:name>
+          <maml:description>
+            <maml:para>Select an option to generate or replace the root certificate</maml:para>
+          </maml:description>
+          <command:parameterValueGroup>
+            <command:parameterValue required="false" command:variableLength="false">New</command:parameterValue>
+            <command:parameterValue required="false" command:variableLength="false">Replace</command:parameterValue>
+            <command:parameterValue required="false" command:variableLength="false">Renew</command:parameterValue>
+          </command:parameterValueGroup>
+          <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
+          <dev:type>
+            <maml:name>System.String</maml:name>
+            <maml:uri />
+          </dev:type>
+          <dev:defaultValue>None</dev:defaultValue>
+        </command:parameter>
+
+      </command:syntaxItem>
+    </command:syntax>
+    <command:parameters>
+      <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
+        <maml:name>certKeyPassword</maml:name>
+        <maml:description>
+          <maml:para>The root certificate key password</maml:para>
+        </maml:description>
+        <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
+        <dev:type>
+          <maml:name>System.String</maml:name>
+          <maml:uri />
+        </dev:type>
+        <dev:defaultValue>None</dev:defaultValue>
+      </command:parameter>
+      <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
+        <maml:name>force</maml:name>
+        <maml:description>
+          <maml:para>When specified, this parameter will replace certificates if they already exist on the current filesystem</maml:para>
+        </maml:description>
+        <command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue>
+        <dev:type>
+          <maml:name>System.Management.Automation.SwitchParameter</maml:name>
+          <maml:uri />
+        </dev:type>
+        <dev:defaultValue>False</dev:defaultValue>
+      </command:parameter>
+      <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
+        <maml:name>generateType</maml:name>
+        <maml:description>
+          <maml:para>Select an option to generate or replace the root certificate</maml:para>
+        </maml:description>
+        <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
+        <dev:type>
+          <maml:name>System.String</maml:name>
+          <maml:uri />
+        </dev:type>
+        <dev:defaultValue>None</dev:defaultValue>
+      </command:parameter>
+
+    </command:parameters>
+    <command:inputTypes>
+      <command:inputType>
+        <dev:type>
+          <maml:name>None</maml:name>
+        </dev:type>
+        <maml:description>
+          <maml:para></maml:para>
+        </maml:description>
+      </command:inputType>
+    </command:inputTypes>
+    <command:returnValues>
+      <command:returnValue>
+        <dev:type>
+          <maml:name>System.Object</maml:name>
+        </dev:type>
+        <maml:description>
+          <maml:para></maml:para>
+        </maml:description>
+      </command:returnValue>
+    </command:returnValues>
+    <maml:alertSet>
+      <maml:alert>
+        <maml:para></maml:para>
+      </maml:alert>
+    </maml:alertSet>
+    <command:examples>
+      <command:example>
+        <maml:title>-------------------------- Example 1 --------------------------</maml:title>
+        <dev:code>PS C:\&gt; {{ Add example code here }}</dev:code>
+        <dev:remarks>
+          <maml:para>{{ Add example description here }}</maml:para>
+        </dev:remarks>
+      </command:example>
+    </command:examples>
+    <command:relatedLinks>
+      <maml:navigationLink>
+        <maml:linkText>Online Version:</maml:linkText>
+        <maml:uri>/</maml:uri>
+      </maml:navigationLink>
+    </command:relatedLinks>
+  </command:command>
+  <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp">
+    <command:details>
+      <command:name>Start-GenerateUserCerts</command:name>
+      <command:verb>Start</command:verb>
+      <command:noun>GenerateUserCerts</command:noun>
+      <maml:description>
+        <maml:para>{{ Fill in the Synopsis }}</maml:para>
+      </maml:description>
+    </command:details>
+    <maml:description>
+      <maml:para>{{ Fill in the Description }}</maml:para>
+    </maml:description>
+    <command:syntax>
+      <command:syntaxItem>
+        <maml:name>Start-GenerateUserCerts</maml:name>
+        <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
+          <maml:name>forceReplaceCerts</maml:name>
+          <maml:description>
+            <maml:para>When specified, this parameter will replace certificates if they already exist on the current filesystem</maml:para>
+          </maml:description>
+          <dev:type>
+            <maml:name>System.Management.Automation.SwitchParameter</maml:name>
+            <maml:uri />
+          </dev:type>
+          <dev:defaultValue>False</dev:defaultValue>
+        </command:parameter>
+
+        <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
+          <maml:name>type</maml:name>
+          <maml:description>
+            <maml:para>Type of certificate to initialize. To generate all new certificates for existing users, specify "all", To generate certificates for users who have not yet had certificates generated, specify "new". To generate certificates by an individual, speficy "ByUsername" and populate the "username" parameter. To generate certificates for users who have certificates expiring in 15 days or less, specify "ExpiringSoon".</maml:para>
+          </maml:description>
+          <command:parameterValueGroup>
+            <command:parameterValue required="false" command:variableLength="false">All</command:parameterValue>
+            <command:parameterValue required="false" command:variableLength="false">New</command:parameterValue>
+            <command:parameterValue required="false" command:variableLength="false">ByUsername</command:parameterValue>
+            <command:parameterValue required="false" command:variableLength="false">ExpiringSoon</command:parameterValue>
+          </command:parameterValueGroup>
+          <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
+          <dev:type>
+            <maml:name>System.String</maml:name>
+            <maml:uri />
+          </dev:type>
+          <dev:defaultValue>None</dev:defaultValue>
+        </command:parameter>
+        <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
+          <maml:name>username</maml:name>
+          <maml:description>
+            <maml:para>The JumpCloud username of an individual user</maml:para>
+          </maml:description>
+          <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
+          <dev:type>
+            <maml:name>System.String</maml:name>
+            <maml:uri />
+          </dev:type>
+          <dev:defaultValue>None</dev:defaultValue>
+        </command:parameter>
+      </command:syntaxItem>
+    </command:syntax>
+    <command:parameters>
+      <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
+        <maml:name>forceReplaceCerts</maml:name>
+        <maml:description>
+          <maml:para>When specified, this parameter will replace certificates if they already exist on the current filesystem</maml:para>
+        </maml:description>
+        <command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue>
+        <dev:type>
+          <maml:name>System.Management.Automation.SwitchParameter</maml:name>
+          <maml:uri />
+        </dev:type>
+        <dev:defaultValue>False</dev:defaultValue>
+      </command:parameter>
+
+      <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
+        <maml:name>type</maml:name>
+        <maml:description>
+          <maml:para>Type of certificate to initialize. To generate all new certificates for existing users, specify "all", To generate certificates for users who have not yet had certificates generated, specify "new". To generate certificates by an individual, speficy "ByUsername" and populate the "username" parameter. To generate certificates for users who have certificates expiring in 15 days or less, specify "ExpiringSoon".</maml:para>
+        </maml:description>
+        <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
+        <dev:type>
+          <maml:name>System.String</maml:name>
+          <maml:uri />
+        </dev:type>
+        <dev:defaultValue>None</dev:defaultValue>
+      </command:parameter>
+      <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
+        <maml:name>username</maml:name>
+        <maml:description>
+          <maml:para>The JumpCloud username of an individual user</maml:para>
+        </maml:description>
+        <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
+        <dev:type>
+          <maml:name>System.String</maml:name>
+          <maml:uri />
+        </dev:type>
+        <dev:defaultValue>None</dev:defaultValue>
+      </command:parameter>
+    </command:parameters>
+    <command:inputTypes>
+      <command:inputType>
+        <dev:type>
+          <maml:name>None</maml:name>
+        </dev:type>
+        <maml:description>
+          <maml:para></maml:para>
+        </maml:description>
+      </command:inputType>
+    </command:inputTypes>
+    <command:returnValues>
+      <command:returnValue>
+        <dev:type>
+          <maml:name>System.Object</maml:name>
+        </dev:type>
+        <maml:description>
+          <maml:para></maml:para>
+        </maml:description>
+      </command:returnValue>
+    </command:returnValues>
+    <maml:alertSet>
+      <maml:alert>
+        <maml:para></maml:para>
+      </maml:alert>
+    </maml:alertSet>
+    <command:examples>
+      <command:example>
+        <maml:title>-------------------------- Example 1 --------------------------</maml:title>
+        <dev:code>PS C:\&gt; {{ Add example code here }}</dev:code>
+        <dev:remarks>
+          <maml:para>{{ Add example description here }}</maml:para>
+        </dev:remarks>
+      </command:example>
+    </command:examples>
+    <command:relatedLinks>
+      <maml:navigationLink>
+        <maml:linkText>Online Version:</maml:linkText>
+        <maml:uri>/</maml:uri>
+      </maml:navigationLink>
+    </command:relatedLinks>
+  </command:command>
+  <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp">
+    <command:details>
+      <command:name>Start-MonitorCertDeployment</command:name>
+      <command:verb>Start</command:verb>
+      <command:noun>MonitorCertDeployment</command:noun>
+      <maml:description>
+        <maml:para>{{ Fill in the Synopsis }}</maml:para>
+      </maml:description>
+    </command:details>
+    <maml:description>
+      <maml:para>{{ Fill in the Description }}</maml:para>
+    </maml:description>
+    <command:syntax>
+      <command:syntaxItem>
+        <maml:name>Start-MonitorCertDeployment</maml:name>
+      </command:syntaxItem>
+    </command:syntax>
+    <command:parameters />
+    <command:inputTypes>
+      <command:inputType>
+        <dev:type>
+          <maml:name>None</maml:name>
+        </dev:type>
+        <maml:description>
+          <maml:para></maml:para>
+        </maml:description>
+      </command:inputType>
+    </command:inputTypes>
+    <command:returnValues>
+      <command:returnValue>
+        <dev:type>
+          <maml:name>System.Object</maml:name>
+        </dev:type>
+        <maml:description>
+          <maml:para></maml:para>
+        </maml:description>
+      </command:returnValue>
+    </command:returnValues>
+    <maml:alertSet>
+      <maml:alert>
+        <maml:para></maml:para>
+      </maml:alert>
+    </maml:alertSet>
+    <command:examples>
+      <command:example>
+        <maml:title>-------------------------- Example 1 --------------------------</maml:title>
+        <dev:code>PS C:\&gt; {{ Add example code here }}</dev:code>
+        <dev:remarks>
+          <maml:para>{{ Add example description here }}</maml:para>
+        </dev:remarks>
+      </command:example>
+    </command:examples>
+    <command:relatedLinks>
+      <maml:navigationLink>
+        <maml:linkText>Online Version:</maml:linkText>
+        <maml:uri>/</maml:uri>
+      </maml:navigationLink>
+    </command:relatedLinks>
+  </command:command>
+  <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp">
+    <command:details>
+      <command:name>Start-RadiusDeployment</command:name>
+      <command:verb>Start</command:verb>
+      <command:noun>RadiusDeployment</command:noun>
+      <maml:description>
+        <maml:para>{{ Fill in the Synopsis }}</maml:para>
+      </maml:description>
+    </command:details>
+    <maml:description>
+      <maml:para>{{ Fill in the Description }}</maml:para>
+    </maml:description>
+    <command:syntax>
+      <command:syntaxItem>
+        <maml:name>Start-RadiusDeployment</maml:name>
+      </command:syntaxItem>
+    </command:syntax>
+    <command:parameters />
+    <command:inputTypes>
+      <command:inputType>
+        <dev:type>
+          <maml:name>None</maml:name>
+        </dev:type>
+        <maml:description>
+          <maml:para></maml:para>
+        </maml:description>
+      </command:inputType>
+    </command:inputTypes>
+    <command:returnValues>
+      <command:returnValue>
+        <dev:type>
+          <maml:name>System.Object</maml:name>
+        </dev:type>
+        <maml:description>
+          <maml:para></maml:para>
+        </maml:description>
+      </command:returnValue>
+    </command:returnValues>
+    <maml:alertSet>
+      <maml:alert>
+        <maml:para></maml:para>
+      </maml:alert>
+    </maml:alertSet>
+    <command:examples>
+      <command:example>
+        <maml:title>-------------------------- Example 1 --------------------------</maml:title>
+        <dev:code>PS C:\&gt; {{ Add example code here }}</dev:code>
+        <dev:remarks>
+          <maml:para>{{ Add example description here }}</maml:para>
+        </dev:remarks>
+      </command:example>
+    </command:examples>
+    <command:relatedLinks>
+      <maml:navigationLink>
+        <maml:linkText>Online Version:</maml:linkText>
+        <maml:uri>/</maml:uri>
+      </maml:navigationLink>
+    </command:relatedLinks>
+  </command:command>
+  <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp">
+    <command:details>
+      <command:name>Update-JCRModule</command:name>
+      <command:verb>Update</command:verb>
+      <command:noun>JCRModule</command:noun>
+      <maml:description>
+        <maml:para>{{ Fill in the Synopsis }}</maml:para>
+      </maml:description>
+    </command:details>
+    <maml:description>
+      <maml:para>{{ Fill in the Description }}</maml:para>
+    </maml:description>
+    <command:syntax>
+      <command:syntaxItem>
+        <maml:name>Update-JCRModule</maml:name>
+        <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="none">
+          <maml:name>Repository</maml:name>
+          <maml:description>
+            <maml:para>Set the PSRepository</maml:para>
+          </maml:description>
+          <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
+          <dev:type>
+            <maml:name>System.String</maml:name>
+            <maml:uri />
+          </dev:type>
+          <dev:defaultValue>None</dev:defaultValue>
+        </command:parameter>
+        <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
+          <maml:name>Force</maml:name>
+          <maml:description>
+            <maml:para>ByPasses user prompts.</maml:para>
+          </maml:description>
+          <dev:type>
+            <maml:name>System.Management.Automation.SwitchParameter</maml:name>
+            <maml:uri />
+          </dev:type>
+          <dev:defaultValue>False</dev:defaultValue>
+        </command:parameter>
+
+      </command:syntaxItem>
+    </command:syntax>
+    <command:parameters>
+      <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
+        <maml:name>Force</maml:name>
+        <maml:description>
+          <maml:para>ByPasses user prompts.</maml:para>
+        </maml:description>
+        <command:parameterValue required="true" variableLength="false">System.Management.Automation.SwitchParameter</command:parameterValue>
+        <dev:type>
+          <maml:name>System.Management.Automation.SwitchParameter</maml:name>
+          <maml:uri />
+        </dev:type>
+        <dev:defaultValue>False</dev:defaultValue>
+      </command:parameter>
+
+      <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="none">
+        <maml:name>Repository</maml:name>
+        <maml:description>
+          <maml:para>Set the PSRepository</maml:para>
+        </maml:description>
+        <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
+        <dev:type>
+          <maml:name>System.String</maml:name>
+          <maml:uri />
+        </dev:type>
+        <dev:defaultValue>None</dev:defaultValue>
+      </command:parameter>
+    </command:parameters>
+    <command:inputTypes>
+      <command:inputType>
+        <dev:type>
+          <maml:name>None</maml:name>
+        </dev:type>
+        <maml:description>
+          <maml:para></maml:para>
+        </maml:description>
+      </command:inputType>
+    </command:inputTypes>
+    <command:returnValues>
+      <command:returnValue>
+        <dev:type>
+          <maml:name>System.Object</maml:name>
+        </dev:type>
+        <maml:description>
+          <maml:para></maml:para>
+        </maml:description>
+      </command:returnValue>
+    </command:returnValues>
+    <maml:alertSet>
+      <maml:alert>
+        <maml:para></maml:para>
+      </maml:alert>
+    </maml:alertSet>
+    <command:examples>
+      <command:example>
+        <maml:title>-------------------------- Example 1 --------------------------</maml:title>
+        <dev:code>PS C:\&gt; {{ Add example code here }}</dev:code>
+        <dev:remarks>
+          <maml:para>{{ Add example description here }}</maml:para>
+        </dev:remarks>
+      </command:example>
+    </command:examples>
+    <command:relatedLinks>
+      <maml:navigationLink>
+        <maml:linkText>Online Version:</maml:linkText>
+        <maml:uri>/</maml:uri>
+      </maml:navigationLink>
+    </command:relatedLinks>
+  </command:command>
+</helpItems>
+
diff --git a/scripts/automation/Radius/en-Us/about_JumpCloud.Radius.help.txt b/scripts/automation/Radius/en-Us/about_JumpCloud.Radius.help.txt
new file mode 100644
index 000000000..e36d7cc0d
--- /dev/null
+++ b/scripts/automation/Radius/en-Us/about_JumpCloud.Radius.help.txt
@@ -0,0 +1,52 @@
+TOPIC
+    about_jumpcloud.radius
+
+    ABOUT TOPIC NOTE:
+    The first header of the about topic should be the topic name.
+    The second header contains the lookup name used by the help system.
+    
+    IE:
+    # Some Help Topic Name
+    ## SomeHelpTopicFileName
+    
+    This will be transformed into the text file
+    as `about_SomeHelpTopicFileName`.
+    Do not include file extensions.
+    The second header should have no spaces.
+
+SHORT DESCRIPTION
+    {{ Short Description Placeholder }}
+
+    ABOUT TOPIC NOTE:
+    About topics can be no longer than 80 characters wide when rendered to text.
+    Any topics greater than 80 characters will be automatically wrapped.
+    The generated about topic will be encoded UTF-8.
+
+LONG DESCRIPTION
+    {{ Long Description Placeholder }}
+
+Optional Subtopics
+    {{ Optional Subtopic Placeholder }}
+
+EXAMPLES
+    {{ Code or descriptive examples of how to leverage the functions described.
+    }}
+
+NOTE
+    {{ Note Placeholder - Additional information that a user needs to know.}}
+
+TROUBLESHOOTING NOTE
+    {{ Troubleshooting Placeholder - Warns users of bugs}}
+    {{ Explains behavior that is likely to change with fixes }}
+
+SEE ALSO
+    {{ See also placeholder }}
+    {{ You can also list related articles, blogs, and video URLs. }}
+
+KEYWORDS
+    {{List alternate names or titles for this topic that readers might use.}}
+    - {{ Keyword Placeholder }}
+    - {{ Keyword Placeholder }}
+    - {{ Keyword Placeholder }}
+    - {{ Keyword Placeholder }}
+

From 02e8e71114fb15693ac43ca576cf36e86e237db3 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Mon, 16 Jun 2025 14:58:39 -0600
Subject: [PATCH 293/346] consolidate JCRConfig Subject Headers

---
 .../CertGeneration/Generate-UserCert.ps1      | 10 +--
 .../CertGeneration/Set-JCRExtensionFile.ps1   | 12 +--
 .../CertGeneration/Test-JCRExtensionFile.ps1  | 12 +--
 .../Config/Test-JCRRadiusDirectory.ps1        |  2 +-
 .../Public/Config/Set-JCRConfigFile.ps1       | 18 ++--
 .../Public/Start-GenerateRootCert.ps1         | 18 ++--
 .../automation/Radius/JumpCloud.Radius.psm1   | 90 +++++++------------
 .../Public/Module/Update-JCRModule.Tests.ps1  | 12 +--
 .../Public/Start-GenerateRootCert.Tests.ps1   | 48 +++++-----
 9 files changed, 101 insertions(+), 121 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Private/CertGeneration/Generate-UserCert.ps1 b/scripts/automation/Radius/Functions/Private/CertGeneration/Generate-UserCert.ps1
index bf06ffb77..e6fe2e2d9 100644
--- a/scripts/automation/Radius/Functions/Private/CertGeneration/Generate-UserCert.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertGeneration/Generate-UserCert.ps1
@@ -57,7 +57,7 @@ function Generate-UserCert {
                 $extContent -replace ("subjectAltName.*", "subjectAltName = email:$($user.email)") | Set-Content -Path $ExtensionPath -NoNewline -Force
                 # Get CSR & Key
                 Write-Host "[status] Get CSR & Key"
-                Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) req -newkey rsa:2048 -nodes -keyout `"$userKey`" -subj `"/C=$($($global:JCRConfig.certSubjectHeaderCountryCode.value))/ST=$($($global:JCRConfig.certSubjectHeaderStateCode.value))/L=$($($global:JCRConfig.certSubjectHeaderLocality.value))/O=$($JCORGID)/OU=$($($global:JCRConfig.certSubjectHeaderOrganizationUnit.value))`" -out `"$userCsr`""
+                Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) req -newkey rsa:2048 -nodes -keyout `"$userKey`" -subj `"/C=$($($global:JCRConfig.certSubjectHeader.Value.CountryCode))/ST=$($($global:JCRConfig.certSubjectHeader.Value.StateCode))/L=$($($global:JCRConfig.certSubjectHeader.Value.Locality))/O=$($JCORGID)/OU=$($($global:JCRConfig.certSubjectHeader.Value.OrganizationUnit))`" -out `"$userCsr`""
 
                 # take signing request, make cert # specify extensions requets
                 Write-Host "[status] take signing request, make cert # specify extensions requets"
@@ -74,8 +74,8 @@ function Generate-UserCert {
                 # Create Client cert with email in the subject distinguished name
                 Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) genrsa -out `"$userKey`" 2048"
                 # Generate User CSR
-                Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) req -nodes -new -key `"$rootCAKey`" -passin pass:$($env:certKeyPassword) -out `"$userCsr`" -subj /C=$($($global:JCRConfig.certSubjectHeaderCountryCode.value))/ST=$($($global:JCRConfig.certSubjectHeaderStateCode.value))/L=$($($global:JCRConfig.certSubjectHeaderLocality.value))/O=$($JCORGID)/OU=$($($global:JCRConfig.certSubjectHeaderOrganizationUnit.value))/CN=$($($global:JCRConfig.certSubjectHeaderCommonName.value))"
-                Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) req -new -key `"$userKey`" -out `"$userCsr`" -config `"$ExtensionPath`" -subj `"/C=$($($global:JCRConfig.certSubjectHeaderCountryCode.value))/ST=$($($global:JCRConfig.certSubjectHeaderStateCode.value))/L=$($($global:JCRConfig.certSubjectHeaderLocality.value))/O=$($JCORGID)/OU=$($($global:JCRConfig.certSubjectHeaderOrganizationUnit.value))/CN=/emailAddress=$($user.email)`""
+                Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) req -nodes -new -key `"$rootCAKey`" -passin pass:$($env:certKeyPassword) -out `"$userCsr`" -subj /C=$($($global:JCRConfig.certSubjectHeader.Value.CountryCode))/ST=$($($global:JCRConfig.certSubjectHeader.Value.StateCode))/L=$($($global:JCRConfig.certSubjectHeader.Value.Locality))/O=$($JCORGID)/OU=$($($global:JCRConfig.certSubjectHeader.Value.OrganizationUnit))/CN=$($($global:JCRConfig.certSubjectHeader.Value.CommonName))"
+                Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) req -new -key `"$userKey`" -out `"$userCsr`" -config `"$ExtensionPath`" -subj `"/C=$($($global:JCRConfig.certSubjectHeader.Value.CountryCode))/ST=$($($global:JCRConfig.certSubjectHeader.Value.StateCode))/L=$($($global:JCRConfig.certSubjectHeader.Value.Locality))/O=$($JCORGID)/OU=$($($global:JCRConfig.certSubjectHeader.Value.OrganizationUnit))/CN=/emailAddress=$($user.email)`""
 
                 # Gennerate User Cert
                 Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) x509 -req -in `"$userCsr`" -CA `"$rootCA`" -CAkey `"$rootCAKey`" -days $($global:JCRConfig.userCertValidityDays.value) -passin pass:$($env:certKeyPassword) -CAcreateserial -out `"$userCert`" -extfile `"$ExtensionPath`""
@@ -90,8 +90,8 @@ function Generate-UserCert {
                 # Create Client cert with email in the subject distinguished name
                 Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) genrsa -out `"$userKey`" 2048"
                 # Generate User CSR
-                Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) req -nodes -new -key `"$rootCAKey`" -passin pass:$($env:certKeyPassword) -out `"$userCsr`" -subj /C=$($($global:JCRConfig.certSubjectHeaderCountryCode.value))/ST=$($($global:JCRConfig.certSubjectHeaderStateCode.value))/L=$($($global:JCRConfig.certSubjectHeaderLocality.value))/O=$($JCORGID)/OU=$($($global:JCRConfig.certSubjectHeaderOrganizationUnit.value))/CN=$($($global:JCRConfig.certSubjectHeaderCommonName.value))"
-                Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) req -new -key `"$userKey`" -out `"$userCsr`" -config `"$ExtensionPath`" -subj `"/C=$($($global:JCRConfig.certSubjectHeaderCountryCode.value))/ST=$($($global:JCRConfig.certSubjectHeaderStateCode.value))/L=$($($global:JCRConfig.certSubjectHeaderLocality.value))/O=$($JCORGID)/OU=$($($global:JCRConfig.certSubjectHeaderOrganizationUnit.value))/CN=$($user.username)`""
+                Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) req -nodes -new -key `"$rootCAKey`" -passin pass:$($env:certKeyPassword) -out `"$userCsr`" -subj /C=$($($global:JCRConfig.certSubjectHeader.Value.CountryCode))/ST=$($($global:JCRConfig.certSubjectHeader.Value.StateCode))/L=$($($global:JCRConfig.certSubjectHeader.Value.Locality))/O=$($JCORGID)/OU=$($($global:JCRConfig.certSubjectHeader.Value.OrganizationUnit))/CN=$($($global:JCRConfig.certSubjectHeader.Value.CommonName))"
+                Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) req -new -key `"$userKey`" -out `"$userCsr`" -config `"$ExtensionPath`" -subj `"/C=$($($global:JCRConfig.certSubjectHeader.Value.CountryCode))/ST=$($($global:JCRConfig.certSubjectHeader.Value.StateCode))/L=$($($global:JCRConfig.certSubjectHeader.Value.Locality))/O=$($JCORGID)/OU=$($($global:JCRConfig.certSubjectHeader.Value.OrganizationUnit))/CN=$($user.username)`""
 
                 # Gennerate User Cert
                 Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) x509 -req -in `"$userCsr`" -CA `"$rootCA`" -CAkey `"$rootCAKey`" -days $($global:JCRConfig.userCertValidityDays.value) -CAcreateserial -passin pass:$($env:certKeyPassword) -out `"$userCert`" -extfile `"$ExtensionPath`""
diff --git a/scripts/automation/Radius/Functions/Private/CertGeneration/Set-JCRExtensionFile.ps1 b/scripts/automation/Radius/Functions/Private/CertGeneration/Set-JCRExtensionFile.ps1
index 876ae2a67..d17c0ff72 100644
--- a/scripts/automation/Radius/Functions/Private/CertGeneration/Set-JCRExtensionFile.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertGeneration/Set-JCRExtensionFile.ps1
@@ -9,12 +9,12 @@ function Set-JCRExtensionFile {
         $extContent = Get-Content -Path $ext.FullName -Raw
         $reqDistinguishedName = @"
 [req_distinguished_name]
-C = $($global:JCRConfig.certSubjectHeaderCountryCode.value)
-ST = $($global:JCRConfig.certSubjectHeaderStateCode.value)
-L = $($global:JCRConfig.certSubjectHeaderLocality.value)
-O = $($global:JCRConfig.certSubjectHeaderOrganization.value)
-OU = $($global:JCRConfig.certSubjectHeaderOrganizationUnit.value)
-CN = $($global:JCRConfig.certSubjectHeaderCommonName.value)
+C = $($global:JCRConfig.certSubjectHeader.Value.CountryCode)
+ST = $($global:JCRConfig.certSubjectHeader.Value.StateCode)
+L = $($global:JCRConfig.certSubjectHeader.Value.Locality)
+O = $($global:JCRConfig.certSubjectHeader.Value.Organization)
+OU = $($global:JCRConfig.certSubjectHeader.Value.OrganizationUnit)
+CN = $($global:JCRConfig.certSubjectHeader.Value.CommonName)
 
 "@
         $updatedContent = $extContent -Replace "(\[req_distinguished_name\][\s\S]*?)(?=\[v3_req\])", $reqDistinguishedName
diff --git a/scripts/automation/Radius/Functions/Private/CertGeneration/Test-JCRExtensionFile.ps1 b/scripts/automation/Radius/Functions/Private/CertGeneration/Test-JCRExtensionFile.ps1
index 2376ea564..fc7e19fb7 100644
--- a/scripts/automation/Radius/Functions/Private/CertGeneration/Test-JCRExtensionFile.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertGeneration/Test-JCRExtensionFile.ps1
@@ -11,12 +11,12 @@ function Test-JCRExtensionFile {
         $extContent = Get-Content -Path $ext.FullName -Raw
 
         $expected = @{
-            'C'  = $global:JCRConfig.certSubjectHeaderCountryCode.value
-            'ST' = $global:JCRConfig.certSubjectHeaderStateCode.value
-            'L'  = $global:JCRConfig.certSubjectHeaderLocality.value
-            'O'  = $global:JCRConfig.certSubjectHeaderOrganization.value
-            'OU' = $global:JCRConfig.certSubjectHeaderOrganizationUnit.value
-            'CN' = $global:JCRConfig.certSubjectHeaderCommonName.value
+            'C'  = $global:JCRConfig.certSubjectHeader.Value.CountryCode
+            'ST' = $global:JCRConfig.certSubjectHeader.Value.StateCode
+            'L'  = $global:JCRConfig.certSubjectHeader.Value.Locality
+            'O'  = $global:JCRConfig.certSubjectHeader.Value.Organization
+            'OU' = $global:JCRConfig.certSubjectHeader.Value.OrganizationUnit
+            'CN' = $global:JCRConfig.certSubjectHeader.Value.CommonName
         }
 
         foreach ($key in $expected.Keys) {
diff --git a/scripts/automation/Radius/Functions/Private/Config/Test-JCRRadiusDirectory.ps1 b/scripts/automation/Radius/Functions/Private/Config/Test-JCRRadiusDirectory.ps1
index d4c8814a9..e0eb89d39 100644
--- a/scripts/automation/Radius/Functions/Private/Config/Test-JCRRadiusDirectory.ps1
+++ b/scripts/automation/Radius/Functions/Private/Config/Test-JCRRadiusDirectory.ps1
@@ -19,7 +19,7 @@ function Test-JCRRadiusDirectory {
     }
 
     # validate that the $resolvedPath is not the same as the JCRScriptRoot
-    Write-Warning "Resolved path: $resolvedPath | JCRScriptRoot: $global:JCRScriptRoot"
+    # Write-Warning "Resolved path: $resolvedPath | JCRScriptRoot: $global:JCRScriptRoot"
     if ("$resolvedPath" -eq $($global:JCRScriptRoot)) {
         Write-Error "The path '$resolvedPath' cannot be the same as the JCRScriptRoot. This could lead to certificate data loss if the module is updated or reinstalled. Please set the 'RadiusDirectory' to different directory.`nSet-JCRConfigFile -RadiusDirectory '<Path/To/radiusDirectory>'"
         return $false
diff --git a/scripts/automation/Radius/Functions/Public/Config/Set-JCRConfigFile.ps1 b/scripts/automation/Radius/Functions/Public/Config/Set-JCRConfigFile.ps1
index a6b1d2ae7..a65c430cc 100644
--- a/scripts/automation/Radius/Functions/Public/Config/Set-JCRConfigFile.ps1
+++ b/scripts/automation/Radius/Functions/Public/Config/Set-JCRConfigFile.ps1
@@ -10,9 +10,9 @@ function Set-JCRConfigFile {
         # Create the dictionary
         $RuntimeParameterDictionary = New-Object System.Management.Automation.RuntimeDefinedParameterDictionary
         # Foreach key in the supplied config file:
-        foreach ($setting in $global:JCRConfig.PSObject.Properties) {
-            $settingName = $setting.Name
-            $settingValue = $setting.Value
+        foreach ($setting in $global:JCRConfigTemplate.keys) {
+            $settingName = $setting
+            $settingValue = $global:JCRConfigTemplate[$setting]
             # Skip create dynamic params for these not-writable properties:
             if ($settingValue.Write -eq $false) {
                 continue
@@ -67,13 +67,19 @@ function Set-JCRConfigFile {
                 }
             }
             # set the value of the config setting to the value passed into this function
-            $global:JCRConfig.$param.value = $params[$param]
-
+            if ($global:JCRConfig.PSObject.Properties.Name -contains $param) {
+                $global:JCRConfig.$param.value = $params[$param]
+            } else {
+                # Add the property with a hashtable structure (assuming you want to match existing pattern)
+                $global:JCRConfig | Add-Member -MemberType NoteProperty -Name $param -Value $global:JCRConfigTemplate[$param]
+                # now update the value:
+                $global:JCRConfig.$param.value = $params[$param]
+            }
         }
     }
 
     end {
         # Write out the new settings
-        $global:JCRConfig | ConvertTo-Json | Out-File -FilePath $configFilePath
+        $global:JCRConfig | ConvertTo-Json -Depth 10 | Out-File -FilePath $configFilePath
     }
 }
\ No newline at end of file
diff --git a/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1 b/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1
index b452ea7d5..b5d9b981b 100644
--- a/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1
+++ b/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1
@@ -149,7 +149,7 @@ Function Start-GenerateRootCert {
                         }
                         # Save the pass phrase in the env:
                         $env:certKeyPassword = $certKeyPass
-                        Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) req -x509 -newkey rsa:2048 -days $($global:JCRConfig.caCertValidityDays.value) -keyout `"$outKey`" -out `"$outCA`" -passout pass:$($env:certKeyPassword) -subj /C=$($($global:JCRConfig.certSubjectHeaderCountryCode.value))/ST=$($($global:JCRConfig.certSubjectHeaderStateCode.value))/L=$($($global:JCRConfig.certSubjectHeaderLocality.value))/O=$($($global:JCRConfig.certSubjectHeaderOrganization.value))/OU=$($($global:JCRConfig.certSubjectHeaderOrganizationUnit.value))/CN=$($($global:JCRConfig.certSubjectHeaderCommonName.value))"
+                        Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) req -x509 -newkey rsa:2048 -days $($global:JCRConfig.caCertValidityDays.value) -keyout `"$outKey`" -out `"$outCA`" -passout pass:$($env:certKeyPassword) -subj /C=$($($global:JCRConfig.certSubjectHeader.Value.CountryCode))/ST=$($($global:JCRConfig.certSubjectHeader.Value.StateCode))/L=$($($global:JCRConfig.certSubjectHeader.Value.Locality))/O=$($($global:JCRConfig.certSubjectHeader.Value.Organization))/OU=$($($global:JCRConfig.certSubjectHeader.Value.OrganizationUnit))/CN=$($($global:JCRConfig.certSubjectHeader.Value.CommonName))"
                         # REM PEM pass phrase: myorgpass
                         Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) x509 -in `"$outCA`" -noout -text"
                         # openssl x509 -in ca-cert.pem -noout -text
@@ -204,7 +204,7 @@ Function Start-GenerateRootCert {
                 }
                 # Save the pass phrase in the env:
                 $env:certKeyPassword = $certKeyPass
-                Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) req -x509 -newkey rsa:2048 -days $($global:JCRConfig.caCertValidityDays.value) -keyout `"$outKey`" -out `"$outCA`" -passout pass:$($env:certKeyPassword) -subj /C=$($($global:JCRConfig.certSubjectHeaderCountryCode.value))/ST=$($($global:JCRConfig.certSubjectHeaderStateCode.value))/L=$($($global:JCRConfig.certSubjectHeaderLocality.value))/O=$($($global:JCRConfig.certSubjectHeaderOrganization.value))/OU=$($($global:JCRConfig.certSubjectHeaderOrganizationUnit.value))/CN=$($($global:JCRConfig.certSubjectHeaderCommonName.value))"
+                Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) req -x509 -newkey rsa:2048 -days $($global:JCRConfig.caCertValidityDays.value) -keyout `"$outKey`" -out `"$outCA`" -passout pass:$($env:certKeyPassword) -subj /C=$($($global:JCRConfig.certSubjectHeader.Value.CountryCode))/ST=$($($global:JCRConfig.certSubjectHeader.Value.StateCode))/L=$($($global:JCRConfig.certSubjectHeader.Value.Locality))/O=$($($global:JCRConfig.certSubjectHeader.Value.Organization))/OU=$($($global:JCRConfig.certSubjectHeader.Value.OrganizationUnit))/CN=$($($global:JCRConfig.certSubjectHeader.Value.CommonName))"
                 # REM PEM pass phrase: myorgpass
                 Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) x509 -in `"$outCA`" -noout -text"
                 # openssl x509 -in ca-cert.pem -noout -text
@@ -215,12 +215,12 @@ Function Start-GenerateRootCert {
                     $extContent = Get-Content -Path $ext.FullName -Raw
                     $reqDistinguishedName = @"
     [req_distinguished_name]
-    C = $($($global:JCRConfig.certSubjectHeaderCountryCode.value))
-    ST = $($($global:JCRConfig.certSubjectHeaderStateCode.value))
-    L = $($($global:JCRConfig.certSubjectHeaderLocality.value))
-    O = $($($global:JCRConfig.certSubjectHeaderOrganization.value))
-    OU = $($($global:JCRConfig.certSubjectHeaderOrganizationUnit.value))
-    CN = $($($global:JCRConfig.certSubjectHeaderCommonName.value))
+    C = $($($global:JCRConfig.certSubjectHeader.Value.CountryCode))
+    ST = $($($global:JCRConfig.certSubjectHeader.Value.StateCode))
+    L = $($($global:JCRConfig.certSubjectHeader.Value.Locality))
+    O = $($($global:JCRConfig.certSubjectHeader.Value.Organization))
+    OU = $($($global:JCRConfig.certSubjectHeader.Value.OrganizationUnit))
+    CN = $($($global:JCRConfig.certSubjectHeader.Value.CommonName))
 
 "@
                     $extContent -Replace ("\[req_distinguished_name\][\s\S]*(?=\[v3_req\])", $reqDistinguishedName) | Set-Content -Path $ext.FullName -NoNewline -Force
@@ -329,7 +329,7 @@ authorityKeyIdentifier= keyid:always,issuer:always
 "@ | Out-File "$certConfPath"
 
                         try {
-                            Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) req -x509 -newkey rsa:2048 -days $($global:JCRConfig.caCertValidityDays.value) -keyout `"$outKey`" -out `"$outCA`" -passout pass:$($env:certKeyPassword) -subj /C=$($($global:JCRConfig.certSubjectHeaderCountryCode.value))/ST=$($($global:JCRConfig.certSubjectHeaderStateCode.value))/L=$($($global:JCRConfig.certSubjectHeaderLocality.value))/O=$($($global:JCRConfig.certSubjectHeaderOrganization.value))/OU=$($($global:JCRConfig.certSubjectHeaderOrganizationUnit.value))/CN=$($($global:JCRConfig.certSubjectHeaderCommonName.value))"
+                            Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) req -x509 -newkey rsa:2048 -days $($global:JCRConfig.caCertValidityDays.value) -keyout `"$outKey`" -out `"$outCA`" -passout pass:$($env:certKeyPassword) -subj /C=$($($global:JCRConfig.certSubjectHeader.Value.CountryCode))/ST=$($($global:JCRConfig.certSubjectHeader.Value.StateCode))/L=$($($global:JCRConfig.certSubjectHeader.Value.Locality))/O=$($($global:JCRConfig.certSubjectHeader.Value.Organization))/OU=$($($global:JCRConfig.certSubjectHeader.Value.OrganizationUnit))/CN=$($($global:JCRConfig.certSubjectHeader.Value.CommonName))"
 
                             Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) x509 -req -days $($global:JCRConfig.caCertValidityDays.value) -in $csrOutPath -set_serial `"0x$serial`" -signkey `"$outKey`" -out `"$outCA`" -extfile $certConfPath -extensions v3_ca -passin pass:$($env:certKeyPassword)"
 
diff --git a/scripts/automation/Radius/JumpCloud.Radius.psm1 b/scripts/automation/Radius/JumpCloud.Radius.psm1
index 3fd3682c8..e19a028d6 100644
--- a/scripts/automation/Radius/JumpCloud.Radius.psm1
+++ b/scripts/automation/Radius/JumpCloud.Radius.psm1
@@ -32,7 +32,7 @@ Export-ModuleMember -Function $Public.BaseName -Alias *
 
 # Set the module config
 $global:JCRConfigTemplate = @{
-    'userGroup'                         = @{
+    'userGroup'                 = @{
         value       = $null;
         write       = $true;
         copy        = $true;
@@ -40,7 +40,7 @@ $global:JCRConfigTemplate = @{
         placeholder = '<UserGroupID>';
         type        = 'string'
     }
-    'certSecretPass'                    = @{
+    'certSecretPass'            = @{
         value       = $null;
         write       = $true;
         copy        = $true;
@@ -48,7 +48,7 @@ $global:JCRConfigTemplate = @{
         placeholder = '<CertPassword>';
         type        = 'string'
     }
-    'userCertValidityDays'              = @{
+    'userCertValidityDays'      = @{
         value       = 365;
         write       = $true;
         copy        = $true;
@@ -56,7 +56,7 @@ $global:JCRConfigTemplate = @{
         placeholder = '<365>';
         type        = 'int'
     }
-    'caCertValidityDays'                = @{
+    'caCertValidityDays'        = @{
         value       = 1095;
         write       = $true;
         copy        = $true;
@@ -64,7 +64,7 @@ $global:JCRConfigTemplate = @{
         placeholder = '<1095>';
         type        = 'int'
     }
-    'certExpirationWarningDays'         = @{
+    'certExpirationWarningDays' = @{
         value       = 15;
         write       = $true;
         copy        = $true;
@@ -72,7 +72,7 @@ $global:JCRConfigTemplate = @{
         placeholder = '<15>';
         type        = 'int'
     }
-    'networkSSID'                       = @{
+    'networkSSID'               = @{
         value       = $null;
         write       = $true;
         copy        = $true;
@@ -80,55 +80,7 @@ $global:JCRConfigTemplate = @{
         placeholder = '<networkSSID>';
         type        = 'string'
     }
-    'certSubjectHeaderCountryCode'      = @{
-        value       = $null;
-        write       = $true;
-        copy        = $true;
-        required    = $true;
-        placeholder = '<US>';
-        type        = 'string'
-    }
-    'certSubjectHeaderStateCode'        = @{
-        value       = $null;
-        write       = $true;
-        copy        = $true;
-        required    = $true;
-        placeholder = '<CO>';
-        type        = 'string'
-    }
-    'certSubjectHeaderLocality'         = @{
-        value       = $null;
-        write       = $true;
-        copy        = $true;
-        required    = $true;
-        placeholder = '<Boulder>';
-        type        = 'string'
-    }
-    'certSubjectHeaderOrganization'     = @{
-        value       = $null;
-        write       = $true;
-        copy        = $true;
-        required    = $true;
-        placeholder = '<JumpCloud>';
-        type        = 'string'
-    }
-    'certSubjectHeaderOrganizationUnit' = @{
-        value       = $null;
-        write       = $true;
-        copy        = $true;
-        required    = $true;
-        placeholder = '<Customer_Tools>';
-        type        = 'string'
-    }
-    'certSubjectHeaderCommonName'       = @{
-        value       = $null;
-        write       = $true;
-        copy        = $true;
-        required    = $true;
-        placeholder = '<JumpCloud.com>';
-        type        = 'string'
-    }
-    'certType'                          = @{
+    'certType'                  = @{
         value       = $null;
         write       = $true;
         copy        = $true;
@@ -136,7 +88,7 @@ $global:JCRConfigTemplate = @{
         placeholder = '<EmailSAN/EmailDN/UsernameCn>';
         type        = 'string'
     }
-    'radiusDirectory'                   = @{
+    'radiusDirectory'           = @{
         value       = $null;
         write       = $true;
         copy        = $true;
@@ -144,7 +96,7 @@ $global:JCRConfigTemplate = @{
         placeholder = '<Path/To/radiusDirectory>';
         type        = 'string'
     }
-    'lastUpdate'                        = @{
+    'lastUpdate'                = @{
         value       = $null;
         write       = $true;
         copy        = $true;
@@ -152,7 +104,7 @@ $global:JCRConfigTemplate = @{
         placeholder = $null;
         type        = 'string'
     }
-    'openSSLBinary'                     = @{
+    'openSSLBinary'             = @{
         value       = $null;
         write       = $true;
         copy        = $true;
@@ -160,6 +112,28 @@ $global:JCRConfigTemplate = @{
         placeholder = '<Path/To/OpenSSL>';
         type        = 'string'
     }
+    'certSubjectHeader'         = @{
+        value       = @{
+            CountryCode      = $null
+            StateCode        = $null
+            Locality         = $null
+            Organization     = $null
+            OrganizationUnit = $null
+            CommonName       = $null
+        }
+        write       = $true
+        copy        = $true
+        required    = $true
+        placeholder = '@{
+            CountryCode      = "US"
+            StateCode        = "CO"
+            Locality         = "Boulder"
+            Organization     = "JumpCloud"
+            OrganizationUnit = "Customer_Tools"
+            CommonName       = "JumpCloud.com"
+        }';
+        type        = 'hashtable'
+    }
 }
 
 # # Set the module non-configurable settings
diff --git a/scripts/automation/Radius/Tests/Public/Module/Update-JCRModule.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Module/Update-JCRModule.Tests.ps1
index 23a3414ac..57a8bea77 100644
--- a/scripts/automation/Radius/Tests/Public/Module/Update-JCRModule.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Module/Update-JCRModule.Tests.ps1
@@ -217,12 +217,12 @@ Describe 'Module Update' -Tag "Module" {
                 $fileContent = Get-Content -Path $file.FullName -Raw
                 # Validate that the file contains the expected headers
                 $expectedHeaders = @(
-                    "C = $($global:JCRConfig.certSubjectHeaderCountryCode.value)",
-                    "ST = $($global:JCRConfig.certSubjectHeaderStateCode.value)",
-                    "L = $($global:JCRConfig.certSubjectHeaderLocality.value)",
-                    "O = $($global:JCRConfig.certSubjectHeaderOrganization.value)",
-                    "OU = $($global:JCRConfig.certSubjectHeaderOrganizationUnit.value)",
-                    "CN = $($global:JCRConfig.certSubjectHeaderCommonName.value)"
+                    "C = $($global:JCRConfig.certSubjectHeader.Value.CountryCode)",
+                    "ST = $($global:JCRConfig.certSubjectHeader.Value.StateCode)",
+                    "L = $($global:JCRConfig.certSubjectHeader.Value.Locality)",
+                    "O = $($global:JCRConfig.certSubjectHeader.Value.Organization)",
+                    "OU = $($global:JCRConfig.certSubjectHeader.Value.OrganizationUnit)",
+                    "CN = $($global:JCRConfig.certSubjectHeader.Value.CommonName)"
                 )
                 foreach ($header in $expectedHeaders) {
                     $fileContent | Should -Match $header
diff --git a/scripts/automation/Radius/Tests/Public/Start-GenerateRootCert.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Start-GenerateRootCert.Tests.ps1
index 927de9f26..cdae417b6 100644
--- a/scripts/automation/Radius/Tests/Public/Start-GenerateRootCert.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Start-GenerateRootCert.Tests.ps1
@@ -21,12 +21,12 @@ Describe "Generate Root Certificate Tests" -Tag "GenerateRootCert" {
             #validate the subject matches what's defined in config:
             $CA_subject = Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) x509 -noout -in $($global:JCRConfig.radiusDirectory.value)/Cert/radius_ca_cert.pem -subject"
 
-            (Get-SubjectHeaderValue -SubjectString $CA_subject -Header "C")  | Should -Match $global:JCRConfig.certSubjectHeaderCountryCode.value
-            (Get-SubjectHeaderValue -SubjectString $CA_subject -Header "ST") | Should -Match $global:JCRConfig.certSubjectHeaderStateCode.value
-            (Get-SubjectHeaderValue -SubjectString $CA_subject -Header "L")  | Should -Match $global:JCRConfig.certSubjectHeaderLocality.value
-            (Get-SubjectHeaderValue -SubjectString $CA_subject -Header "O")  | Should -Match $global:JCRConfig.certSubjectHeaderOrganization.value
-            (Get-SubjectHeaderValue -SubjectString $CA_subject -Header "OU") | Should -Match $global:JCRConfig.certSubjectHeaderOrganizationUnit.value
-            (Get-SubjectHeaderValue -SubjectString $CA_subject -Header "CN") | Should -Match $global:JCRConfig.certSubjectHeaderCommonName.value
+            (Get-SubjectHeaderValue -SubjectString $CA_subject -Header "C")  | Should -Match $global:JCRConfig.certSubjectHeader.Value.CountryCode
+            (Get-SubjectHeaderValue -SubjectString $CA_subject -Header "ST") | Should -Match $global:JCRConfig.certSubjectHeader.Value.StateCode
+            (Get-SubjectHeaderValue -SubjectString $CA_subject -Header "L")  | Should -Match $global:JCRConfig.certSubjectHeader.Value.Locality
+            (Get-SubjectHeaderValue -SubjectString $CA_subject -Header "O")  | Should -Match $global:JCRConfig.certSubjectHeader.Value.Organization
+            (Get-SubjectHeaderValue -SubjectString $CA_subject -Header "OU") | Should -Match $global:JCRConfig.certSubjectHeader.Value.OrganizationUnit
+            (Get-SubjectHeaderValue -SubjectString $CA_subject -Header "CN") | Should -Match $global:JCRConfig.certSubjectHeader.Value.CommonName
         }
     }
 
@@ -57,12 +57,12 @@ Describe "Generate Root Certificate Tests" -Tag "GenerateRootCert" {
             #validate the subject matches what's defined in config:
             $CA_subject = Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) x509 -noout -in $($global:JCRConfig.radiusDirectory.value)/Cert/radius_ca_cert.pem -subject"
 
-            (Get-SubjectHeaderValue -SubjectString $CA_subject -Header "C")  | Should -Match $global:JCRConfig.certSubjectHeaderCountryCode.value
-            (Get-SubjectHeaderValue -SubjectString $CA_subject -Header "ST") | Should -Match $global:JCRConfig.certSubjectHeaderStateCode.value
-            (Get-SubjectHeaderValue -SubjectString $CA_subject -Header "L")  | Should -Match $global:JCRConfig.certSubjectHeaderLocality.value
-            (Get-SubjectHeaderValue -SubjectString $CA_subject -Header "O")  | Should -Match $global:JCRConfig.certSubjectHeaderOrganization.value
-            (Get-SubjectHeaderValue -SubjectString $CA_subject -Header "OU") | Should -Match $global:JCRConfig.certSubjectHeaderOrganizationUnit.value
-            (Get-SubjectHeaderValue -SubjectString $CA_subject -Header "CN") | Should -Match $global:JCRConfig.certSubjectHeaderCommonName.value
+            (Get-SubjectHeaderValue -SubjectString $CA_subject -Header "C")  | Should -Match $global:JCRConfig.certSubjectHeader.Value.CountryCode
+            (Get-SubjectHeaderValue -SubjectString $CA_subject -Header "ST") | Should -Match $global:JCRConfig.certSubjectHeader.Value.StateCode
+            (Get-SubjectHeaderValue -SubjectString $CA_subject -Header "L")  | Should -Match $global:JCRConfig.certSubjectHeader.Value.Locality
+            (Get-SubjectHeaderValue -SubjectString $CA_subject -Header "O")  | Should -Match $global:JCRConfig.certSubjectHeader.Value.Organization
+            (Get-SubjectHeaderValue -SubjectString $CA_subject -Header "OU") | Should -Match $global:JCRConfig.certSubjectHeader.Value.OrganizationUnit
+            (Get-SubjectHeaderValue -SubjectString $CA_subject -Header "CN") | Should -Match $global:JCRConfig.certSubjectHeader.Value.CommonName
         }
     }
 
@@ -91,12 +91,12 @@ Describe "Generate Root Certificate Tests" -Tag "GenerateRootCert" {
             #validate the subject matches what's defined in config:
             $CA_subject = Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) x509 -noout -in $($global:JCRConfig.radiusDirectory.value)/Cert/radius_ca_cert.pem -subject"
 
-            (Get-SubjectHeaderValue -SubjectString $CA_subject -Header "C")  | Should -Match $global:JCRConfig.certSubjectHeaderCountryCode.value
-            (Get-SubjectHeaderValue -SubjectString $CA_subject -Header "ST") | Should -Match $global:JCRConfig.certSubjectHeaderStateCode.value
-            (Get-SubjectHeaderValue -SubjectString $CA_subject -Header "L")  | Should -Match $global:JCRConfig.certSubjectHeaderLocality.value
-            (Get-SubjectHeaderValue -SubjectString $CA_subject -Header "O")  | Should -Match $global:JCRConfig.certSubjectHeaderOrganization.value
-            (Get-SubjectHeaderValue -SubjectString $CA_subject -Header "OU") | Should -Match $global:JCRConfig.certSubjectHeaderOrganizationUnit.value
-            (Get-SubjectHeaderValue -SubjectString $CA_subject -Header "CN") | Should -Match $global:JCRConfig.certSubjectHeaderCommonName.value
+            (Get-SubjectHeaderValue -SubjectString $CA_subject -Header "C")  | Should -Match $global:JCRConfig.certSubjectHeader.Value.CountryCode
+            (Get-SubjectHeaderValue -SubjectString $CA_subject -Header "ST") | Should -Match $global:JCRConfig.certSubjectHeader.Value.StateCode
+            (Get-SubjectHeaderValue -SubjectString $CA_subject -Header "L")  | Should -Match $global:JCRConfig.certSubjectHeader.Value.Locality
+            (Get-SubjectHeaderValue -SubjectString $CA_subject -Header "O")  | Should -Match $global:JCRConfig.certSubjectHeader.Value.Organization
+            (Get-SubjectHeaderValue -SubjectString $CA_subject -Header "OU") | Should -Match $global:JCRConfig.certSubjectHeader.Value.OrganizationUnit
+            (Get-SubjectHeaderValue -SubjectString $CA_subject -Header "CN") | Should -Match $global:JCRConfig.certSubjectHeader.Value.CommonName
         }
 
     }
@@ -125,12 +125,12 @@ Describe "Generate Root Certificate Tests" -Tag "GenerateRootCert" {
             #validate the subject matches what's defined in config:
             $CA_subject = Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) x509 -noout -in $($global:JCRConfig.radiusDirectory.value)/Cert/radius_ca_cert.pem -subject"
 
-            (Get-SubjectHeaderValue -SubjectString $CA_subject -Header "C")  | Should -Match $global:JCRConfig.certSubjectHeaderCountryCode.value
-            (Get-SubjectHeaderValue -SubjectString $CA_subject -Header "ST") | Should -Match $global:JCRConfig.certSubjectHeaderStateCode.value
-            (Get-SubjectHeaderValue -SubjectString $CA_subject -Header "L")  | Should -Match $global:JCRConfig.certSubjectHeaderLocality.value
-            (Get-SubjectHeaderValue -SubjectString $CA_subject -Header "O")  | Should -Match $global:JCRConfig.certSubjectHeaderOrganization.value
-            (Get-SubjectHeaderValue -SubjectString $CA_subject -Header "OU") | Should -Match $global:JCRConfig.certSubjectHeaderOrganizationUnit.value
-            (Get-SubjectHeaderValue -SubjectString $CA_subject -Header "CN") | Should -Match $global:JCRConfig.certSubjectHeaderCommonName.value
+            (Get-SubjectHeaderValue -SubjectString $CA_subject -Header "C")  | Should -Match $global:JCRConfig.certSubjectHeader.Value.CountryCode
+            (Get-SubjectHeaderValue -SubjectString $CA_subject -Header "ST") | Should -Match $global:JCRConfig.certSubjectHeader.Value.StateCode
+            (Get-SubjectHeaderValue -SubjectString $CA_subject -Header "L")  | Should -Match $global:JCRConfig.certSubjectHeader.Value.Locality
+            (Get-SubjectHeaderValue -SubjectString $CA_subject -Header "O")  | Should -Match $global:JCRConfig.certSubjectHeader.Value.Organization
+            (Get-SubjectHeaderValue -SubjectString $CA_subject -Header "OU") | Should -Match $global:JCRConfig.certSubjectHeader.Value.OrganizationUnit
+            (Get-SubjectHeaderValue -SubjectString $CA_subject -Header "CN") | Should -Match $global:JCRConfig.certSubjectHeader.Value.CommonName
         }
 
     }

From 070f7bf17a3eef7bfee78886bcebb2a14191f445 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Mon, 16 Jun 2025 15:45:18 -0600
Subject: [PATCH 294/346] remove config.ps1 and update refs

---
 scripts/automation/Radius/Config.ps1          | 113 --------------
 .../CertGeneration/Generate-UserCert.ps1      |   1 -
 .../Private/Config/Confirm-JCRConfigFile.ps1  |   2 +-
 .../Private/Menus/Show-RadiusMainMenu.ps1     |   8 +-
 .../Private/Module/Get-OpenSSLVersion.ps1     |   1 -
 .../Public/Start-GenerateRootCert.ps1         |   7 -
 .../ModuleValidation/ModuleVersion.Tests.ps1  |   1 -
 .../Config/Confirm-JCRConfigFile.Tests.ps1    | 102 ++++++++++++
 .../Public/Start-DeployUserCerts.Tests.ps1    |  12 --
 .../Public/Start-GenerateUserCerts.Tests.ps1  |   7 -
 scripts/automation/Radius/readme.md           | 145 ++++++++++++++++--
 11 files changed, 236 insertions(+), 163 deletions(-)
 delete mode 100644 scripts/automation/Radius/Config.ps1
 create mode 100644 scripts/automation/Radius/Tests/Private/Config/Confirm-JCRConfigFile.Tests.ps1

diff --git a/scripts/automation/Radius/Config.ps1 b/scripts/automation/Radius/Config.ps1
deleted file mode 100644
index 6f70254a2..000000000
--- a/scripts/automation/Radius/Config.ps1
+++ /dev/null
@@ -1,113 +0,0 @@
-# JUMPCLOUD USER GROUP ID
-$Global:JCR_USER_GROUP = 'your_radius_user_group'
-# USER CERT PASSWORD (this password is sent to the devices via JumpCloud Commands)
-$Global:JCR_USER_CERT_PASS = 'secret1234!'
-# USER CERT Validity Length (days) (default 1 year)
-$Global:JCR_USER_CERT_VALIDITY_DAYS = 365
-# ROOT CERT Validity Length (days) (default 3 years)
-$Global:JCR_ROOT_CERT_VALIDITY_DAYS = 1095
-# Days until cert expire warning length (default: 15 days)
-# The tool will display certs that are set to expire if the expiration date is
-# within this number of days
-$Global:JCR_USER_CERT_EXPIRE_WARNING_DAYS = 15
-# List Of Radius Network SSID(s)
-# For Multiple SSIDs enter as a single string separated by a semicolon  ex:
-# "CorpNetwork_Denver;CorpNetwork_Boulder;CorpNetwork_Boulder 5G;Guest Network"
-$Global:JCR_NETWORKSSID = "YOUR_SSID"
-# JCR_OPENSSL by default this is (openssl)
-# NOTE: If openssl does not work, try using the full path to the openssl file
-# MacOS HomeBrew Example: '/usr/local/Cellar/openssl@3/3.1.1/bin/openssl'
-$Global:JCR_OPENSSL = 'openssl'
-# Enter Cert Subject Headers (do not enter strings with spaces)
-$Global:JCR_SUBJECT_HEADERS = [PSCustomObject]@{
-    countryCode      = "US"
-    stateCode        = "CO"
-    Locality         = "Boulder"
-    Organization     = "JumpCloud"
-    OrganizationUnit = "Solutions_Architecture"
-    CommonName       = "JumpCloud.com"
-}
-
-# Cert Type Generation Options:
-# Chose One Of:
-# EmailSAN
-# EmailDN
-# UsernameCn (Default)
-$Global:JCR_CERT_TYPE = "UsernameCn"
-
-################################################################################
-# Do not modify below
-################################################################################
-
-$UserAgent_ModuleVersion = '2.0.0'
-$UserAgent_ModuleName = 'PasswordlessRadiusConfig'
-#Build the UserAgent string
-$UserAgent_ModuleName = "JumpCloud_$($UserAgent_ModuleName).PowerShellModule"
-$Template_UserAgent = "{0}/{1}"
-$UserAgent = $Template_UserAgent -f $UserAgent_ModuleName, $UserAgent_ModuleVersion
-# When we import this config, this function will run and validate the openSSL binary location
-function Get-OpenSSLVersion {
-    [CmdletBinding()]
-    param (
-        [Parameter()]
-        [system.string]
-        $opensslBinary
-    )
-    begin {
-        try {
-            $version = Invoke-Expression "& '$opensslBinary' version"
-        } catch {
-            throw "Something went wrong... Could not find openssl or the path is incorrect. Please update the `$JCR_OPENSSL variable in the config.ps1 file to the correct path"
-        }
-
-        # Required OpenSSL Version
-        $OpenSSLVersion = [version]"3.0.0"
-
-        # Determine Libre or Open SSL:
-        if ($version -match "LibreSSL") {
-            Throw "LibreSSL does not meet the requirements of this application, please install OpenSSL v3.0.0 or later"
-        } else {
-            [version]$Version = (Select-String -InputObject $version -Pattern "([0-9]+)\.([0-9]+)\.([0-9]+)").matches.value
-        }
-
-        # Determine if windows:
-        if ([System.Environment]::OSVersion.Platform -match "Win") {
-            # If env variable exists, skip check for subsequent runs of ./config.ps1
-            if ($env:OPENSSL_MODULES) {
-                $binItems = Get-ChildItem -Path $env:OPENSSL_MODULES
-                if ("legacy.dll" -notin $binItems.Name) {
-                    Throw "The required OpenSSL 'legacy.dll' file was not found in the bin path $PathDirectory. This is required to create certificates. `nIf this module file is located elsewhere, you may specify the path to that directory in this powershell session using this command: '`$env:OPENSSL_MODULES = C:/Path/To/Directory' "
-                }
-            } else {
-                # Try to point to the Legacy.dll file
-                Throw "The required OpenSSL 'legacy.dll' file is required for this project. This module file is required to create certificates. `nIf this module file is located elsewhere, you may specify the path to that directory in this powershell session using this command: '`$env:OPENSSL_MODULES = C:/Path/To/openSSL_Directory/' Where the legacy.dll file is in openSSL_Directory "
-
-            }
-
-        }
-    }
-    process {
-        if ($version -lt $OpenSSLVersion) {
-            Throw "The installed version of OpenSSL: OpenSSL $Version, does not meet the requirements of this application, please install a later version of at least $Type $Version"
-            exit 1
-        }
-    }
-}
-Get-OpenSSLVersion -opensslBinary $JCR_OPENSSL
-
-# Validate no spaces in $JCR_SUBJECT_HEADERS
-foreach ($JCR_SUBJECT_HEADERSObj in $JCR_SUBJECT_HEADERS.psObject.Properties) {
-    if ($JCR_SUBJECT_HEADERSObj.value -match " ") {
-        throw "Subject Header: $($JCR_SUBJECT_HEADERSObj.Name):$($JCR_SUBJECT_HEADERSObj.value) Contains a space character. subject headers cannot contain spaces, please remove and re-run"
-    }
-}
-# Validate API KEY, OrgID, SystemGroupID, length
-if (($JCAPIKEY).Length -ne 40) {
-    throw "The entered JumpCloud Api Key is not the expected length"
-}
-if (($JCORGID).Length -ne 24) {
-    throw "The entered JumpCloud Organization ID is not the expected length"
-}
-if (($Global:JCR_USER_GROUP).Length -ne 24) {
-    throw "The entered JumpCloud UserGroup ID is not the expected length"
-}
diff --git a/scripts/automation/Radius/Functions/Private/CertGeneration/Generate-UserCert.ps1 b/scripts/automation/Radius/Functions/Private/CertGeneration/Generate-UserCert.ps1
index e6fe2e2d9..c502bbe95 100644
--- a/scripts/automation/Radius/Functions/Private/CertGeneration/Generate-UserCert.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertGeneration/Generate-UserCert.ps1
@@ -21,7 +21,6 @@ function Generate-UserCert {
         $user
     )
     begin {
-        # . "$JCRScriptRoot/Config.ps1"
         if (-Not (Test-Path -Path $rootCAKey)) {
             Throw "RootCAKey could not be found in project directory, have you run Generate-Cert.ps1?"
             exit 1
diff --git a/scripts/automation/Radius/Functions/Private/Config/Confirm-JCRConfigFile.ps1 b/scripts/automation/Radius/Functions/Private/Config/Confirm-JCRConfigFile.ps1
index 8e8197c99..775f6e656 100644
--- a/scripts/automation/Radius/Functions/Private/Config/Confirm-JCRConfigFile.ps1
+++ b/scripts/automation/Radius/Functions/Private/Config/Confirm-JCRConfigFile.ps1
@@ -48,7 +48,7 @@ Set-JCRConfigFile @settings
 
 "@
             if (-not $loadModule) {
-                Write-Error "Please set these variables with the Set-JCRConfigFile cmdlet"
+                throw "Please set these variables with the Set-JCRConfigFile cmdlet"
             } else {
                 Write-Warning "Please set these variables with the Set-JCRConfigFile cmdlet"
             }
diff --git a/scripts/automation/Radius/Functions/Private/Menus/Show-RadiusMainMenu.ps1 b/scripts/automation/Radius/Functions/Private/Menus/Show-RadiusMainMenu.ps1
index 1e42f844e..2dec9d950 100644
--- a/scripts/automation/Radius/Functions/Private/Menus/Show-RadiusMainMenu.ps1
+++ b/scripts/automation/Radius/Functions/Private/Menus/Show-RadiusMainMenu.ps1
@@ -13,11 +13,11 @@ function Show-RadiusMainMenu {
         Write-Debug "No user certs exist, there are no user certs which will expire soon"
     }
 
-    # Get UserGroup information from Config.ps1
+    # Get UserGroup information from Config.json
     $radiusUserGroup = Get-JcSdkUserGroup -Id $global:JCRConfig.userGroup.value | Select-Object Name
     $radiusUserGroupMemberCount = (Get-JcSdkUserGroupMember -GroupId $global:JCRConfig.userGroup.value).Count
 
-    # Get SSID information from Config.ps1
+    # Get SSID information from Config.json
     $radiusSSID = ($global:JCRConfig.networkSSID.value).replace(';', ' ')
 
     # Output for Users
@@ -25,7 +25,9 @@ function Show-RadiusMainMenu {
 
     # ==== TITLE ====
     Write-Host $(PadCenter -string $Title -char '=')
-    Write-Host $(PadCenter -string "Edit the variables in Config.ps1 before continuing this script `n" -char ' ') -ForegroundColor Yellow
+    If (($global:JCRConfig -eq $null) -or (-not (Confirm-JCRConfigFile))) {
+        Write-Host $(PadCenter -string "Edit the required settings with `Set-JCRConfigFile` before continuing this script `n" -char ' ') -ForegroundColor Yellow
+    }
     # /==== TITLE ====
 
     # ==== ROOT CA ====
diff --git a/scripts/automation/Radius/Functions/Private/Module/Get-OpenSSLVersion.ps1 b/scripts/automation/Radius/Functions/Private/Module/Get-OpenSSLVersion.ps1
index 38446745d..2eda86249 100644
--- a/scripts/automation/Radius/Functions/Private/Module/Get-OpenSSLVersion.ps1
+++ b/scripts/automation/Radius/Functions/Private/Module/Get-OpenSSLVersion.ps1
@@ -27,7 +27,6 @@ function Get-OpenSSLVersion {
 
         # Determine if windows:
         if ([System.Environment]::OSVersion.Platform -match "Win") {
-            # If env variable exists, skip check for subsequent runs of ./config.ps1
             if ($env:OPENSSL_MODULES) {
                 $binItems = Get-ChildItem -Path $env:OPENSSL_MODULES
                 if ("legacy.dll" -notin $binItems.Name) {
diff --git a/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1 b/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1
index b5d9b981b..c5e2da5f7 100644
--- a/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1
+++ b/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1
@@ -26,13 +26,6 @@ Function Start-GenerateRootCert {
     # this script will generate a Self Signed CA (root cert) to be imported on the
     # Radius CBA-BYO Authentication UI
 
-    # Edit the variables in Config.ps1 before running this script
-    # . "$JCRScriptRoot/Config.ps1"
-
-    # if ( ([System.String]::IsNullOrEmpty($JCORGID)) -Or ($JCORGID.Length -ne 24) ) {
-    #     throw "OrganizationID not specified, please update Config.ps1"
-    # }
-
     ################################################################################
     # Do Not Edit Below:
     ################################################################################
diff --git a/scripts/automation/Radius/Tests/ModuleValidation/ModuleVersion.Tests.ps1 b/scripts/automation/Radius/Tests/ModuleValidation/ModuleVersion.Tests.ps1
index b796da6dd..603821198 100644
--- a/scripts/automation/Radius/Tests/ModuleValidation/ModuleVersion.Tests.ps1
+++ b/scripts/automation/Radius/Tests/ModuleValidation/ModuleVersion.Tests.ps1
@@ -9,7 +9,6 @@ Describe "Module Version Tests" -Tag "ModuleValidation" {
     }
 
     It "The userAgent should be set in the module settings" {
-        # Get the PSD1 file and Config.ps1
         $PSD1 = Test-ModuleManifest -Path $psd1Path
         Import-Module $psd1Path -Force
         # the user agent should be set to the module version
diff --git a/scripts/automation/Radius/Tests/Private/Config/Confirm-JCRConfigFile.Tests.ps1 b/scripts/automation/Radius/Tests/Private/Config/Confirm-JCRConfigFile.Tests.ps1
new file mode 100644
index 000000000..6ab0852bf
--- /dev/null
+++ b/scripts/automation/Radius/Tests/Private/Config/Confirm-JCRConfigFile.Tests.ps1
@@ -0,0 +1,102 @@
+Describe 'Confirm-JCRConfigFile Tests' -Tag "Acceptance" {
+    BeforeAll {
+        # Load all functions from private folders
+        if (-not (test-path -path $JCRScriptRoot -errorAction silentlyContinue)) {
+            write-host "JCRScriptRoot not set, setting it to the parent directory of the script root"
+
+            # until we've found the correct parent path traversing up the directory tree
+            do {
+                $JCRScriptRoot = Split-Path -Path $PSScriptRoot -Parent
+                # check if the JumpCloud.Radius.psd1 file exists in the parent directory
+                if (Test-Path -Path "$JCRScriptRoot/JumpCloud.Radius.psd1") {
+                    break
+                }
+                # if not, traverse up one more level
+                $PSScriptRoot = $JCRScriptRoot
+            } while (-not (Test-Path -Path "$JCRScriptRoot/JumpCloud.Radius.psd1"))
+
+        }
+        $Private = @( Get-ChildItem -Path "$JCRScriptRoot/Functions/Private/*.ps1" -Recurse)
+        Foreach ($Import in $Private) {
+            Try {
+                . $Import.FullName
+            } Catch {
+                Write-Error -Message "Failed to import function $($Import.FullName): $_"
+            }
+        }
+        # Import the module to set the global variable
+        Import-Module -Name "$JCRScriptRoot/JumpCloud.Radius.psd1" -Force
+    }
+
+    It "should confirm the config file exists" {
+        # Check if the config file exists
+        $configFilePath = Join-Path -Path $JCRScriptRoot -ChildPath 'Config.json'
+        Test-Path -Path $configFilePath | Should -Be $true
+    }
+    It "should confirm the config file is valid JSON" {
+        # Check if the config file is valid JSON
+        $configFilePath = Join-Path -Path $JCRScriptRoot -ChildPath 'Config.json'
+        $configContent = Get-Content -Path $configFilePath -Raw
+        { ConvertFrom-Json -InputObject $configContent } | Should -Not -Throw
+    }
+    Context "When there is no config file" {
+        BeforeEach {
+            # Remove the config file if it exists
+            $configFilePath = Join-Path -Path $JCRScriptRoot -ChildPath 'Config.json'
+            if (Test-Path -Path $configFilePath) {
+                Remove-Item -Path $configFilePath -Force
+            }
+        }
+
+        It "should create a new config file" {
+            # Call the function to create a new config file
+            New-JCRConfigFile
+            # Check if the config file exists
+            Test-Path -Path $configFilePath | Should -Be $true
+            # the config file should be valid JSON
+            $configContent = Get-Content -Path $configFilePath -Raw
+            { ConvertFrom-Json -InputObject $configContent } | Should -Not -Throw
+            # Check if the config file contains the expected keys
+        }
+        It "Confirm-JCRConfigFile should throw when the config is missing required settings" {
+            # Call the function to confirm the config file
+            { Confirm-JCRConfigFile } | Should -Throw
+        }
+        Context "Individually Set all of the required settings but one, Confirm-JCRConfigFile should still throw" {
+            BeforeEach {
+                # Create a new config file
+                New-JCRConfigFile -force
+                # Get all the required settings
+                $requiredSettings = $Global:JCRConfigTemplate.GetEnumerator() | Where-Object { $_.Value.required -eq $true }
+                foreach ($setting in $requiredSettings) {
+                    # Set each required setting
+                    if ($setting.Value.type -eq 'hashtable') {
+                        $stringData = $setting.Value.placeholder
+
+                        # Remove the leading and trailing '@{' and '}'
+                        $cleanStringData = $stringData -replace '^@{|}$', ''
+
+                        # Convert the string data to a hashtable
+                        $hashTable = ConvertFrom-StringData $cleanStringData
+
+                        $param = @{ $setting.Key = $hashTable }
+                    } else {
+
+                        $param = @{ $setting.Key = $setting.Value.placeholder.replace('<', '').replace('>', '') }
+                    }
+                    Set-JCRConfigFile @param
+
+                    # set one of the required settings to null
+                    if ($setting.Key -eq 'openSSLBinary') {
+                        $param = @{ $setting.Key = $null }
+                        Set-JCRConfigFile @param
+                    }
+                }
+            }
+
+            It "Confirm-JCRConfigFile should throw when the config is missing required settings" {
+                { Confirm-JCRConfigFile } | Should -Throw
+            }
+        }
+    }
+}
\ No newline at end of file
diff --git a/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
index 7e02f54e1..15c94a35d 100644
--- a/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
@@ -215,9 +215,6 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
             }
         }
         It 'EmailSAN certs are created and command generated with correct identifiers' {
-            # Set config
-            $configPath = "$JCRScriptRoot/Config.ps1"
-            $content = Get-Content -path $configPath
             # set the user cert validity to just 10 days
             Set-JCRConfigFile -certType "EmailSAN"
             # Get Cert Before
@@ -249,9 +246,6 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
             $snWinMatch.matches.groups[1].value | Should -Be $CertInfoAfter.serial
         }
         It 'EmailDN certs are created and command generated with correct identifiers' {
-            # Set config
-            $configPath = "$JCRScriptRoot/Config.ps1"
-            $content = Get-Content -path $configPath
             # set the cert type
             Set-JCRConfigFile -certType "EmailDN"
             # Get Cert Before
@@ -279,9 +273,6 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
             $snWinMatch.matches.groups[1].value | Should -Be $CertInfoAfter.serial
         }
         It 'UsernameCn certs are created and command generated with correct identifiers' {
-            # Set config
-            $configPath = "$JCRScriptRoot/Config.ps1"
-            $content = Get-Content -path $configPath
             # set the cert type
             Set-JCRConfigFile -certType "usernameCn"
             # Get Cert Before
@@ -310,9 +301,6 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
 
         }
         AfterAll {
-            # Set config
-            $configPath = "$JCRScriptRoot/Config.ps1"
-            $content = Get-Content -path $configPath
             # set the cert type
             Set-JCRConfigFile -certType "usernameCn"
         }
diff --git a/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1
index 9a1cb7142..bd1438c63 100644
--- a/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1
@@ -82,9 +82,6 @@ Describe 'Generate User Cert Tests' -Tag "GenerateUserCerts" {
             # import necessary functions:
             . "$JCRScriptRoot/Functions/Private/CertDeployment/Get-CertInfo.ps1"
             . "$JCRScriptRoot/Functions/Private/CertDeployment/Get-ExpiringCertInfo.ps1"
-            # Set config
-            $configPath = "$JCRScriptRoot/Config.ps1"
-            $content = Get-Content -Path $configPath
             # set the user cert validity to just 10 days
             Set-JCRConfigFile -userCertValidityDays 10
 
@@ -107,8 +104,6 @@ Describe 'Generate User Cert Tests' -Tag "GenerateUserCerts" {
         It 'Certs that are set to expire soon can be updated programmatically' {
             # at this point expiring certs should be populated from beforeAll block
             $Global:expiringCerts | Should -Not -BeNullOrEmpty
-            # reset the validity counter
-            $content = Get-Content -Path $configPath
             # set the user cert validity to 90 days
             Set-JCRConfigFile -userCertValidityDays 90
             # Get the certs before generation minus the .zip if it exists
@@ -139,8 +134,6 @@ Describe 'Generate User Cert Tests' -Tag "GenerateUserCerts" {
             $certInfo.generated | Should -BeGreaterThan $dateBefore
         }
         AfterAll {
-            # reset the validity counter
-            $content = Get-Content -Path $configPath
             # set the user cert validity to 90 days
             Set-JCRConfigFile -userCertValidityDays 90
         }
diff --git a/scripts/automation/Radius/readme.md b/scripts/automation/Radius/readme.md
index 1111a34f8..0f22b10c0 100644
--- a/scripts/automation/Radius/readme.md
+++ b/scripts/automation/Radius/readme.md
@@ -11,7 +11,8 @@ This automation has been tested with OpenSSL 3.1.1. OpenSSL 3.x.x is required to
 - OpenSSL 3.x.x (Tested with 3.1.1) (see macOS/ Windows requirements below)
 - [JumpCloud PowerShell Module](https://www.powershellgallery.com/packages/JumpCloud)
 - Certificate Authority (CA) (either from a vendor or self-generated)
-- Variables in `Config.ps1` updated
+- Module Settings Configured with `Set-JCRConfigFile` cmdlet
+- JumpCloud Organization API Key (Read/ Write Access Required)
   - JumpCloud API Key Set (Read/ Write Access Required)
   - JumpCloud ORG ID Set
   - JumpCloud User Group containing users and assigned to a Radius Server
@@ -22,16 +23,18 @@ macOS ships with a version of OpenSSL titled LibreSSL. LibreSSL is sufficient to
 
 To install the latest version of OpenSSL on mac, install the [Homebrew package manager](https://brew.sh/) and install the following [formulae](https://formulae.brew.sh/formula/openssl@3)
 
-Some packages or applications in macOS rely on the pre-configured LibreSSL distribution. To use the Homebrew distribution of OpenSSL in this project, simply change the `$Global:JCR_OPENSSL` variable to point to the Homebrew bin location ex:
+Some packages or applications in macOS rely on the pre-configured LibreSSL distribution. To use the Homebrew distribution of OpenSSL in this project, simply change the `openSSLBinary` setting to point to the Homebrew bin location ex:
 
-In `Config.ps1` change `$JCR_OPENSSL` to point to `'/usr/local/Cellar/openssl@3/3.1.1/bin/openssl'`\*\*\*\*
+Update the `openSSLBinary` to point to `'/usr/local/Cellar/openssl@3/3.1.1/bin/openssl'`\*\*\*\*
 
 ex:
 
 ```powershell
-$JCR_OPENSSL = '/usr/local/Cellar/openssl@3/3.1.1/bin/openssl'
+Set-JCRConfigFile -openSSLBinary '/opt/homebrew/opt/openssl@3/bin/openssl'
 ```
 
+````
+
 ### Windows Requirements
 
 Windows does not typically ship with a preconfigured version of OpenSSL but a pre-compiled version of OpenSSL can be installed from [Shining Light Productions](https://slproweb.com/products/Win32OpenSSL.html). These automations have been tested with the full installer (i.e. not the "Light") version of the tool. OpenSSL can of course be downloaded and configured from [source](https://www.openssl.org/source) if desired.
@@ -63,22 +66,105 @@ After installing PowerShell 7.x.x, install the [JumpCloud PowerShell Module](htt
 
 At the time of this writing JumpCloud Module 2.1.3 was the latest version. Please ensure you are at least running this version of the PowerShell Module.
 
-### Set the Radius Config File
+### Set the Radius Configuration Settings
+
+Before Running the `Start-RadiusDeployment` function, the environment variables for your JumpCloud Organization must first be set.
+
+```pwsh
+$settings = @{
+    radiusDirectory                   = "/Users/username/RADIUS"
+    certType                          = "UsernameCn"
+    certSubjectHeader @{
+        CountryCode      = "Your_Country_Code"
+        StateCode        = "Your_State_Code"
+        Locality         = "Your_City"
+        Organization     = "Your_Organization_Name"
+        OrganizationUnit = "Your_Organization_Unit"
+        CommonName       = "Your_Common_Name"
+}
+    certSecretPass                    = "secret1234!"
+    networkSSID                       = "Your_SSID"
+    userGroup                         = "5f3171a9232e1113939dd6a2"
+    openSSLBinary                     = '/opt/homebrew/bin/openssl'
+}
+
+Set-JCRConfigFile @settings
+````
+
+#### Set or update the Radius Directory
+
+The Radius Directory is the location where all generated CAs and User Certificates will be stored. This directory should be set to a location on your system where you have read/write access.
+
+To set the Radius Directory, run the following command in a PowerShell terminal window:
+
+```powershell
+Set-JCRConfigFile -radiusDirectory '/Users/username/RADIUS'
+```
+
+#### Set or update the User Cert Validity Days
+
+The user certificate validity days is the number of days a user certificate will be valid for before it expires.
+
+To set the user certificate validity days, run the following command in a PowerShell terminal window:
+
+```powershell
+Set-JCRConfigFile -userCertValidityDays 365
+```
+
+#### Set or update the CA Cert Validity Days
+
+The CA certificate validity days is the number of days a CA certificate will be valid for before it expires.
+
+To set the CA certificate validity days, run the following command in a PowerShell terminal window:
+
+```powershell
+Set-JCRConfigFile -caCertValidityDays 1095
+```
+
+#### Set or update the Certificate Expiration Warning Days
+
+The certificate expiration warning days is the number of days before a user certificate expires that a warning will be displayed in the main menu. The default value is 15 days.
+
+To set the certificate expiration warning days, run the following command in a PowerShell terminal window:
+
+```powershell
+Set-JCRConfigFile -certExpirationWarningDays 15
+```
+
+#### Set or update the certificate secret password
 
-Before Running the `Start-RadiusDeployment.ps1` script, the environment variables for your JumpCloud Organization must first be set. Open the `Config.ps1` file with a text editor.
+The certificate secret password is used to protect the private key of the user certificates. This password is required when generating user certificates and should be kept secure.
 
-#### Set Your User Group ID
+To set the certificate secret password, run the following command in a PowerShell terminal window:
 
-Change the variable `$Global:JCR_USER_GROUP` to the ID of the JumpCloud user group with access to the Radius server. To get the ID of a user group, navigate to the user group within the JumpCloud Administrator Console.
+```powershell
+Set-JCRConfigFile -certSecretPass 'Your_Secret_Password'
+```
+
+#### Set or update the Radius User Group
+
+To change the JumpCloud user group with access to the Radius server use the `Set-JCRConfigFile` cmdlet. To get the ID of a user group, navigate to the user group within the JumpCloud Administrator Console.
 
 After selecting the User Group, view the url for the user group it should look similar to this url:
-`https://console.jumpcloud.com/#/groups/user/5f808a1bb544064831f7c9fb/details`
+`https://console.jumpcloud.com/#/groups/user/5f3171a9232e1113939dd6a2/details`
+
+The ID of the selected userGroup is the 24 character string between `/user/` and `/details`: `5f3171a9232e1113939dd6a2`
 
-The ID of the selected userGroup is the 24 character string between `/user/` and `/details`: `5f808a1bb544064831f7c9fb`
+To set the user group ID, run the following command in a PowerShell terminal window:
 
-#### Set your network SSID Name
+```powershell
+Set-JCRConfigFile -userGroup '5f3171a9232e1113939dd6a2'
+```
+
+#### Set or update the network SSID Name
+
+On macOS hosts, the user certificate will be set to automatically authenticate to this SSID when the end user selects the WiFi Network. Multiple SSIDs can be provided as a single string with SSID names separated by a semicolon, ex: "CorpNetwork_Denver;CorpNetwork_Boulder;CorpNetwork_Boulder 5G;Guest Network". **Note: The SSID and user certificates are only associated with macOS system commands. This parameter does not affect windows generated commands**
 
-Change the variable `$Global:JCR_NETWORKSSID` to the name of the SSID network your clients will connect to. On macOS hosts, the user certificate will be set to automatically authenticate to this SSID when the end user selects the WiFi Network. Multiple SSIDs can be provided as a single string with SSID names separated by a semicolon, ex: "CorpNetwork_Denver;CorpNetwork_Boulder;CorpNetwork_Boulder 5G;Guest Network". **Note: The SSID and user certificates are only associated with macOS system commands. This parameter does not affect windows generated commands**
+To set the network SSID, run the following command in a PowerShell terminal window:
+
+```powershell
+Set-JCRConfigFile -networkSSID 'Your_SSID'
+```
 
 #### Set the openSSL Binary location
 
@@ -86,15 +172,40 @@ Depending on the host system and how OpenSSL is installed, this variable can eit
 
 [For macOS systems](#macos-requirements), this will likely need to be set to the openSSL binary installation path like `'/opt/homebrew/opt/openssl@3/bin/openssl'` or `'/usr/local/Cellar/openssl@3/3.1.1/bin/openssl'` if installed through Homebrew.
 
-Else, for Windows systems, installing OpenSSL and setting an environment variable described in [Windows Requirements](#Windows-Requirements) should be sufficient. (i.e no additional changes to `$Global:JCR_OPENSSL` necessary)
+Else, for Windows systems, installing OpenSSL and setting an environment variable described in [Windows Requirements](#Windows-Requirements) should be sufficient.
+
+To set the OpenSSL binary location, run the following command in a PowerShell terminal window:
+
+```powershell
+Set-JCRConfigFile -openSSLBinary '/opt/homebrew/opt/openssl@3/bin/openssl'
+```
 
 #### Set Your Certificate Subject Headers
 
-Change the default values provided in the `$Global:JCR_SUBJECT_HEADERS` variable to Country, State, Locality, Organization, Organization Unit and Common Name values for your organization. **Note: subject headers must not contain spaces**
+Set the Country, State, Locality, Organization, Organization Unit and Common Name subject headers for your organization. **Note: subject headers must not contain spaces**
+
+To set the subject headers, run the following command in a PowerShell terminal window:
+
+```powershell
+Set-JCRConfigFile -certSubjectHeader @{
+        CountryCode      = "Your_Country_Code"
+        StateCode        = "Your_State_Code"
+        Locality         = "Your_City"
+        Organization     = "Your_Organization_Name"
+        OrganizationUnit = "Your_Organization_Unit"
+        CommonName       = "Your_Common_Name"
+}
+```
 
 #### Set Desired User Certificate Type
 
-Change the `$Global:JCR_CERT_TYPE` variable to either `EmailSAN`, `EmailDN` or `UsernameCn`
+Set the type of user cert to generate to either `EmailSAN`, `EmailDN` or `UsernameCn`
+
+To set the user certificate type, run the following command in a PowerShell terminal window:
+
+```powershell
+Set-JCRConfigFile -certType 'UsernameCn'
+```
 
 ##### Email Subject Alternative Name (EmailSAN)
 
@@ -180,7 +291,7 @@ After successful import or generation of a self signed CA, the CA's serial numbe
 
 ### User Cert Generation
 
-With the certificate authority generated/ imported, individual user certs can then be generated. The ID of the user group stored as the variable: `$Global:JCR_USER_GROUP` is used to store JumpCloud users destined for passwordless Radius access. For each user in the group, a `.pfx` certificate will be generated in the `/projectDirectory/Radius/UserCerts/` directory. The user certificates are stored locally and monitored for expiration.
+With the certificate authority generated/ imported, individual user certs can then be generated. The ID of the user group stored as the `userGroup` setting is used to store JumpCloud users destined for passwordless Radius access. For each user in the group, a `.pfx` certificate will be generated in the `/projectDirectory/Radius/UserCerts/` directory. The user certificates are stored locally and monitored for expiration.
 
 If local user certificates are set to expire within 15 days, a notification is displayed on the main menu and the certificate generation window:
 
@@ -238,7 +349,7 @@ After a user's certificate has been distributed to a system, those users can the
 
 ### macOS
 
-If the `$Global:JCR_NETWORKSSID` variable in `Config.ps1` was specified, macOS users will only be prompted once to let `eapolclient` access the private key from the installed certificate. If the end user selects `Always Allow`, the'll not be prompted to enter their password for the entire life cycle of the user certificate, only when new certificates are deployed will end users have to re-enter their login password.
+If the `networkSSID` setting is set with `Set-JCRConfigFile`, macOS users will only be prompted once to let `eapolclient` access the private key from the installed certificate. If the end user selects `Always Allow`, the'll not be prompted to enter their password for the entire life cycle of the user certificate, only when new certificates are deployed will end users have to re-enter their login password.
 
 In macOS a user simply needs to select the radius network from the wireless networks dialog prompt. A prompt to select a user certificate should be displayed, select the user certificate from the drop down menu and click "OK"
 

From cf1df0fcd36b76174f5a15b466c5dd3d75bd9abc Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Mon, 16 Jun 2025 15:49:56 -0600
Subject: [PATCH 295/346] update module version tests

---
 .../ModuleValidation/ModuleVersion.Tests.ps1  | 26 ++++++++++---------
 1 file changed, 14 insertions(+), 12 deletions(-)

diff --git a/scripts/automation/Radius/Tests/ModuleValidation/ModuleVersion.Tests.ps1 b/scripts/automation/Radius/Tests/ModuleValidation/ModuleVersion.Tests.ps1
index 603821198..6abeff1a4 100644
--- a/scripts/automation/Radius/Tests/ModuleValidation/ModuleVersion.Tests.ps1
+++ b/scripts/automation/Radius/Tests/ModuleValidation/ModuleVersion.Tests.ps1
@@ -34,18 +34,20 @@ Describe "Module Version Tests" -Tag "ModuleValidation" {
                 New-Item -ItemType Directory -Path $radiusDirectory | Out-Null
             }
             $settings = @{
-                certSubjectHeaderCommonName       = "JumpCloud.com"
-                certType                          = "UsernameCn"
-                certSubjectHeaderOrganization     = "JumpCloud"
-                radiusDirectory                   = "~/RADIUS"
-                certSecretPass                    = "secret1234!"
-                certSubjectHeaderOrganizationUnit = "Customer_Tools"
-                certSubjectHeaderCountryCode      = "US"
-                certSubjectHeaderStateCode        = "CO"
-                certSubjectHeaderLocality         = "Boulder"
-                networkSSID                       = "TP-Link_SSID"
-                userGroup                         = "5f3171a9232e1113939dd6a2"
-                openSSLBinary                     = '/opt/homebrew/bin/openssl'
+                certType          = "UsernameCn"
+                radiusDirectory   = "~/RADIUS"
+                certSecretPass    = "secret1234!"
+                networkSSID       = "TP-Link_SSID"
+                userGroup         = "5f3171a9232e1113939dd6a2"
+                openSSLBinary     = '/opt/homebrew/bin/openssl'
+                certSubjectHeader = @{
+                    CountryCode      = "US"
+                    StateCode        = "CO"
+                    Locality         = "Boulder"
+                    Organization     = "JumpCloud"
+                    OrganizationUnit = "Customer_Tools"
+                    CommonName       = "JumpCloud.com"
+                }
             }
             Set-JCRConfigFile @settings
         }

From 53a96ea7b71dac4fad65ec21985c4b4f464f3a42 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Mon, 16 Jun 2025 15:53:14 -0600
Subject: [PATCH 296/346] update setup org

---
 .../Radius/Tests/SetupRadiusOrg.ps1           | 26 ++++++++++---------
 1 file changed, 14 insertions(+), 12 deletions(-)

diff --git a/scripts/automation/Radius/Tests/SetupRadiusOrg.ps1 b/scripts/automation/Radius/Tests/SetupRadiusOrg.ps1
index c89200deb..554830ebe 100644
--- a/scripts/automation/Radius/Tests/SetupRadiusOrg.ps1
+++ b/scripts/automation/Radius/Tests/SetupRadiusOrg.ps1
@@ -61,18 +61,20 @@ if (-Not (Test-Path -Path $radiusDirectory)) {
 
 # Update the userGroupID:
 $settings = @{
-    certSubjectHeaderCommonName       = "JumpCloud.com"
-    certType                          = "UsernameCn"
-    certSubjectHeaderOrganization     = "JumpCloud"
-    certSecretPass                    = "secret1234!"
-    certSubjectHeaderOrganizationUnit = "Customer_Tools"
-    certSubjectHeaderCountryCode      = "US"
-    certSubjectHeaderStateCode        = "CO"
-    certSubjectHeaderLocality         = "Boulder"
-    radiusDirectory                   = "$(Resolve-Path $HOME/RADIUS)"
-    networkSSID                       = "TP-Link_SSID"
-    userGroup                         = $radiusUserGroup.id
-    openSSLBinary                     = 'openssl'
+    certType          = "UsernameCn"
+    certSecretPass    = "secret1234!"
+    radiusDirectory   = "$(Resolve-Path $HOME/RADIUS)"
+    networkSSID       = "TP-Link_SSID"
+    userGroup         = $radiusUserGroup.id
+    openSSLBinary     = 'openssl'
+    certSubjectHeader = @{
+        CountryCode      = "US"
+        StateCode        = "CO"
+        Locality         = "Boulder"
+        Organization     = "JumpCloud"
+        OrganizationUnit = "Customer_Tools"
+        CommonName       = "JumpCloud.com"
+    }
 }
 
 Set-JCRConfigFile @settings

From 61d55b4a4ba1080b1b664d1fadaed280cf1b3e22 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Mon, 16 Jun 2025 15:58:54 -0600
Subject: [PATCH 297/346] set the contents of the config to the value from
 before

---
 .../Private/Config/Confirm-JCRConfigFile.Tests.ps1    | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/scripts/automation/Radius/Tests/Private/Config/Confirm-JCRConfigFile.Tests.ps1 b/scripts/automation/Radius/Tests/Private/Config/Confirm-JCRConfigFile.Tests.ps1
index 6ab0852bf..f73944ddc 100644
--- a/scripts/automation/Radius/Tests/Private/Config/Confirm-JCRConfigFile.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Private/Config/Confirm-JCRConfigFile.Tests.ps1
@@ -26,6 +26,10 @@ Describe 'Confirm-JCRConfigFile Tests' -Tag "Acceptance" {
         }
         # Import the module to set the global variable
         Import-Module -Name "$JCRScriptRoot/JumpCloud.Radius.psd1" -Force
+
+        # get the current config.json contents
+        $configFilePath = Join-Path -Path $JCRScriptRoot -ChildPath 'Config.json'
+        $configBefore = Get-Content -Path $configFilePath
     }
 
     It "should confirm the config file exists" {
@@ -99,4 +103,11 @@ Describe 'Confirm-JCRConfigFile Tests' -Tag "Acceptance" {
             }
         }
     }
+    AfterAll {
+        # Restore the original config file contents
+        $configFilePath = Join-Path -Path $JCRScriptRoot -ChildPath 'Config.json'
+        if (Test-Path -Path $configFilePath) {
+            Set-Content -Path $configFilePath -Value $configBefore
+        }
+    }
 }
\ No newline at end of file

From 7bdac787f19f4ff2d9e54a78990629d94f15f703 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Tue, 17 Jun 2025 13:48:30 -0600
Subject: [PATCH 298/346] update tests with hashtable values

---
 .../Private/Config/Confirm-JCRConfigFile.Tests.ps1   | 10 ++++++++--
 .../Tests/Public/Module/Update-JCRModule.Tests.ps1   | 12 +++++++++++-
 2 files changed, 19 insertions(+), 3 deletions(-)

diff --git a/scripts/automation/Radius/Tests/Private/Config/Confirm-JCRConfigFile.Tests.ps1 b/scripts/automation/Radius/Tests/Private/Config/Confirm-JCRConfigFile.Tests.ps1
index f73944ddc..0271d7e99 100644
--- a/scripts/automation/Radius/Tests/Private/Config/Confirm-JCRConfigFile.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Private/Config/Confirm-JCRConfigFile.Tests.ps1
@@ -85,8 +85,14 @@ Describe 'Confirm-JCRConfigFile Tests' -Tag "Acceptance" {
 
                         $param = @{ $setting.Key = $hashTable }
                     } else {
-
-                        $param = @{ $setting.Key = $setting.Value.placeholder.replace('<', '').replace('>', '') }
+                        switch ($setting.Key) {
+                            'radiusDirectory' {
+                                param = @{ $setting.Key = "$HOME" }
+                            }
+                            Default {
+                                $param = @{ $setting.Key = $setting.Value.placeholder.replace('<', '').replace('>', '') }
+                            }
+                        }
                     }
                     Set-JCRConfigFile @param
 
diff --git a/scripts/automation/Radius/Tests/Public/Module/Update-JCRModule.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Module/Update-JCRModule.Tests.ps1
index 57a8bea77..9ab45350d 100644
--- a/scripts/automation/Radius/Tests/Public/Module/Update-JCRModule.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Module/Update-JCRModule.Tests.ps1
@@ -201,7 +201,17 @@ Describe 'Module Update' -Tag "Module" {
             $configFileAfter = Get-JCRConfigFile -asObject
 
             foreach ($property in $configFileBefore.PSObject.Properties) {
-                $configFileAfter.$($property.Name).value | Should -Be $property.value.value
+                # if the property is a hashtable, check each key-value pair
+                if ($property.type -eq "hashtable") {
+                    foreach ($key in $property.value.Keys) {
+                        # Validate that the value is the same as before
+                        $configFileAfter.$($property.Name).$key | Should -Be $property.value.$key
+                    }
+                    continue
+                } else {
+
+                    $configFileAfter.$($property.Name).value | Should -Be $property.value.value
+                }
             }
 
             # Validate that the extension files in /Extensions are updated from JCRConfig

From 485e2e8628cb4fe62cef20508ec04ea956a0385e Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Tue, 17 Jun 2025 14:02:49 -0600
Subject: [PATCH 299/346] $param and confirm with a forced config file

---
 .../Tests/Private/Config/Confirm-JCRConfigFile.Tests.ps1      | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/scripts/automation/Radius/Tests/Private/Config/Confirm-JCRConfigFile.Tests.ps1 b/scripts/automation/Radius/Tests/Private/Config/Confirm-JCRConfigFile.Tests.ps1
index 0271d7e99..80a62215b 100644
--- a/scripts/automation/Radius/Tests/Private/Config/Confirm-JCRConfigFile.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Private/Config/Confirm-JCRConfigFile.Tests.ps1
@@ -63,6 +63,8 @@ Describe 'Confirm-JCRConfigFile Tests' -Tag "Acceptance" {
             # Check if the config file contains the expected keys
         }
         It "Confirm-JCRConfigFile should throw when the config is missing required settings" {
+            # Call the function to create a new config file
+            New-JCRConfigFile -force
             # Call the function to confirm the config file
             { Confirm-JCRConfigFile } | Should -Throw
         }
@@ -87,7 +89,7 @@ Describe 'Confirm-JCRConfigFile Tests' -Tag "Acceptance" {
                     } else {
                         switch ($setting.Key) {
                             'radiusDirectory' {
-                                param = @{ $setting.Key = "$HOME" }
+                                $param = @{ $setting.Key = "$HOME" }
                             }
                             Default {
                                 $param = @{ $setting.Key = $setting.Value.placeholder.replace('<', '').replace('>', '') }

From 571f8baa281191dc13c4632f77cbdd1287e69b22 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Tue, 17 Jun 2025 14:17:35 -0600
Subject: [PATCH 300/346] confirm tests

---
 .../Tests/Private/Config/Confirm-JCRConfigFile.Tests.ps1    | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/scripts/automation/Radius/Tests/Private/Config/Confirm-JCRConfigFile.Tests.ps1 b/scripts/automation/Radius/Tests/Private/Config/Confirm-JCRConfigFile.Tests.ps1
index 80a62215b..bac85325a 100644
--- a/scripts/automation/Radius/Tests/Private/Config/Confirm-JCRConfigFile.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Private/Config/Confirm-JCRConfigFile.Tests.ps1
@@ -62,12 +62,6 @@ Describe 'Confirm-JCRConfigFile Tests' -Tag "Acceptance" {
             { ConvertFrom-Json -InputObject $configContent } | Should -Not -Throw
             # Check if the config file contains the expected keys
         }
-        It "Confirm-JCRConfigFile should throw when the config is missing required settings" {
-            # Call the function to create a new config file
-            New-JCRConfigFile -force
-            # Call the function to confirm the config file
-            { Confirm-JCRConfigFile } | Should -Throw
-        }
         Context "Individually Set all of the required settings but one, Confirm-JCRConfigFile should still throw" {
             BeforeEach {
                 # Create a new config file

From bd6bb66eec7dd6e97a6f20ba2f5918a941b61016 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Tue, 17 Jun 2025 14:31:45 -0600
Subject: [PATCH 301/346] reset config

---
 .../Tests/Private/Config/Confirm-JCRConfigFile.Tests.ps1  | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/scripts/automation/Radius/Tests/Private/Config/Confirm-JCRConfigFile.Tests.ps1 b/scripts/automation/Radius/Tests/Private/Config/Confirm-JCRConfigFile.Tests.ps1
index bac85325a..d9aaafcfb 100644
--- a/scripts/automation/Radius/Tests/Private/Config/Confirm-JCRConfigFile.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Private/Config/Confirm-JCRConfigFile.Tests.ps1
@@ -110,6 +110,14 @@ Describe 'Confirm-JCRConfigFile Tests' -Tag "Acceptance" {
         $configFilePath = Join-Path -Path $JCRScriptRoot -ChildPath 'Config.json'
         if (Test-Path -Path $configFilePath) {
             Set-Content -Path $configFilePath -Value $configBefore
+            $Global:JCRConfig = Get-JCRConfigFile -asObject
         }
+
+        Write-Host "-----------------------"
+        Write-Host "[Status] JCRConfig Settings:"
+        foreach ($setting in $global:JCRConfig.PSObject.Properties) {
+            Write-Host ("$($setting.Name): $($setting.Value.value)")
+        }
+        Write-Host "-----------------------"
     }
 }
\ No newline at end of file

From 26032fae359d2043be801134d4cb81b94fdfc7ae Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Tue, 17 Jun 2025 15:02:15 -0600
Subject: [PATCH 302/346] update module tests

---
 .../Tests/Public/Module/Update-JCRModule.Tests.ps1       | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/scripts/automation/Radius/Tests/Public/Module/Update-JCRModule.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Module/Update-JCRModule.Tests.ps1
index 9ab45350d..e4ce6afc1 100644
--- a/scripts/automation/Radius/Tests/Public/Module/Update-JCRModule.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Module/Update-JCRModule.Tests.ps1
@@ -202,10 +202,10 @@ Describe 'Module Update' -Tag "Module" {
 
             foreach ($property in $configFileBefore.PSObject.Properties) {
                 # if the property is a hashtable, check each key-value pair
-                if ($property.type -eq "hashtable") {
-                    foreach ($key in $property.value.Keys) {
+                if ($property.value.type -eq "hashtable") {
+                    foreach ($key in $configFileAfter.$($property.Name).value.PSObject.Properties) {
+                        $configFileAfter.$($property.Name).value.$($key.name) | Should -Be $key.Value
                         # Validate that the value is the same as before
-                        $configFileAfter.$($property.Name).$key | Should -Be $property.value.$key
                     }
                     continue
                 } else {
@@ -241,9 +241,6 @@ Describe 'Module Update' -Tag "Module" {
             # Validate that the extensions files are valid with the function
             $extensionsValid = Test-JCRExtensionFile
             $extensionsValid | Should -BeTrue
-
-
-
         }
     }
     AfterAll {

From 2cb244cdd0ddd50c126bd79e6c94ae1f7980dd30 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 18 Jun 2025 15:21:53 -0600
Subject: [PATCH 303/346] exclude config.json, update the config with update
 module

---
 .../Private/Config/Get-JCRConfigFile.ps1      |  2 +-
 .../Private/Config/Update-JCRConfigFile.ps1   | 49 +++++++++++++------
 .../Public/Module/Update-JCRModule.ps1        | 15 ++++--
 .../Public/Module/Update-JCRModule.Tests.ps1  | 40 ++++++++++++++-
 4 files changed, 85 insertions(+), 21 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Private/Config/Get-JCRConfigFile.ps1 b/scripts/automation/Radius/Functions/Private/Config/Get-JCRConfigFile.ps1
index b2040ed63..466a86168 100644
--- a/scripts/automation/Radius/Functions/Private/Config/Get-JCRConfigFile.ps1
+++ b/scripts/automation/Radius/Functions/Private/Config/Get-JCRConfigFile.ps1
@@ -10,7 +10,7 @@ function Get-JCRConfigFile {
     )
 
     begin {
-        $ModuleRoot = (Get-Item -Path:($PSScriptRoot)).Parent.Parent.Parent.FullName
+        $moduleRoot = $JCRScriptRoot
         $configFilePath = Join-Path -Path $ModuleRoot -ChildPath 'Config.json'
 
         if (-Not (Test-Path -Path $configFilePath)) {
diff --git a/scripts/automation/Radius/Functions/Private/Config/Update-JCRConfigFile.ps1 b/scripts/automation/Radius/Functions/Private/Config/Update-JCRConfigFile.ps1
index 0eaf2e6e3..0c14993ac 100644
--- a/scripts/automation/Radius/Functions/Private/Config/Update-JCRConfigFile.ps1
+++ b/scripts/automation/Radius/Functions/Private/Config/Update-JCRConfigFile.ps1
@@ -9,7 +9,7 @@ function Update-JCRConfigFile {
 
     begin {
         # Config should be in /PowerShell/JumpCloudModule/Config.json
-        $ModuleRoot = (Get-Item -Path:($PSScriptRoot)).Parent.Parent.Parent.FullName
+        $moduleRoot = $JCRScriptRoot
         $configFilePath = join-path -path $ModuleRoot -childpath 'Config.json'
 
         if (test-path -path $configFilePath) {
@@ -18,25 +18,46 @@ function Update-JCRConfigFile {
         } else {
             # Create new file with default settings
             New-JCRConfigFile
+            $config = Get-JCRConfigFile -asObject
+        }
+
+        Write-Host "---------Update settings--------------"
+        Write-Host "[status] Module Path : $($moduleCheck.Path)"
+        Write-Host "[Status] JCRConfig Settings:"
+        foreach ($setting in $settings.PSObject.Properties) {
+            Write-Host ("$($setting.Name): $($setting.Value.value)")
         }
+        Write-Host "-----------------------"
     }
 
     process {
-        foreach ($newSetting in $config.psobject.properties) {
-            foreach ($copiedSetting in $settings.psobject.properties) {
+        foreach ($newSetting in $config.PSObject.properties) {
+            foreach ($copiedSetting in $settings.PSObject.properties) {
                 if ($newSetting.name -eq $copiedSetting.name) {
-                    # If the new property is in the copied settings property list:
-                    foreach ($newProperty in $newSetting.value.psobject.properties) {
-                        foreach ($copiedProperty in $copiedSetting.value.psobject.properties) {
-                            # If the property names match & the new property is eligible to be copied, copy it
-                            if ( ($newProperty.name -eq $copiedProperty.name) -And ($newProperty.Value.copy -eq $true)) {
-                                # If the values are different, copy the values
-                                if ( $newProperty.value.value -ne $copiedProperty.value.value) {
-                                    $config.$($newsetting.name).$($newProperty.name).value = $settings.$($copiedSetting.name).$($copiedProperty.name).value
-                                }
-                            }
-                        }
+                    Write-Host "Updating setting: $($newSetting.name)"
+                    $newSettingValue = $newSetting.Value
+                    $copiedSettingValue = $copiedSetting.Value
+
+                    if ($newSettingValue.value -ne $copiedSettingValue.value) {
+                        Write-Host "Old Value: $($newSettingValue.value) New Value: $($copiedSettingValue.value)"
+                        $config.$($newSetting.name).value = $settings.$($copiedSetting.name).value
                     }
+
+
+                    # # If the new property is in the copied settings property list:
+                    # foreach ($newProperty in $newSetting.value.PSObject.properties) {
+                    #     foreach ($copiedProperty in $copiedSetting.value.PSObject.properties) {
+                    #         # If the property names match & the new property is eligible to be copied, copy it
+                    #         if ( ($newProperty.name -eq $copiedProperty.name) -And ($newProperty.Value.copy -eq $true)) {
+                    #             # If the values are different, copy the values
+                    #             if ( $newProperty.value.value -ne $copiedProperty.value.value) {
+                    #                 write-host "Copying property: $($newProperty.name) from $($copiedSetting.name) to $($newSetting.name)"
+                    #                 Write-Host "Old Value: $($newProperty.value.value) New Value: $($copiedProperty.value.value)"
+                    #                 $config.$($newsetting.name).$($newProperty.name).value = $settings.$($copiedSetting.name).$($copiedProperty.name).value
+                    #             }
+                    #         }
+                    #     }
+                    # }
                 }
             }
         }
diff --git a/scripts/automation/Radius/Functions/Public/Module/Update-JCRModule.ps1 b/scripts/automation/Radius/Functions/Public/Module/Update-JCRModule.ps1
index 5fe8dfec5..15a3d81fe 100644
--- a/scripts/automation/Radius/Functions/Public/Module/Update-JCRModule.ps1
+++ b/scripts/automation/Radius/Functions/Public/Module/Update-JCRModule.ps1
@@ -43,15 +43,17 @@ function Update-JCRModule {
             # else get the module config from the current module:
             # TODO: get the json config with the private function not created yet
             $savedJCRSettings = Get-JCRConfigFile -asObject
+            Write-Warning "copying settings from the current module to the new one, this will overwrite the current settings file."
+            $savedJCRSettings | Format-List
+            Write-Warning "userGroupID =  $($savedJCRSettings.userGroup.value)"
 
             # now, attempt to update the module
             try {
                 Update-Module -Name $ModuleName
 
-                # update the settings file config.json
-                Update-JCRConfigFile -settings $savedJCRSettings
-                # re-import the settings file variable
-                $global:JCRConfig = Get-JCRConfigFile -asObject
+                Write-Host "The $ModuleName module has been updated to the latest version: $($latestModule.Version)."
+
+
 
 
             } catch {
@@ -80,6 +82,11 @@ function Update-JCRModule {
             }
             Import-module -Name $ModuleName -Force
 
+            # update the settings file config.json
+            Update-JCRConfigFile -settings $savedJCRSettings
+            # re-import the settings file variable
+            $global:JCRConfig = Get-JCRConfigFile -asObject
+
             if (-not (Test-JCRExtensionFile)) {
                 Write-Host "Extensions file is not valid, updating it now..."
                 Set-JCRExtensionFile
diff --git a/scripts/automation/Radius/Tests/Public/Module/Update-JCRModule.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Module/Update-JCRModule.Tests.ps1
index e4ce6afc1..1b88c5ca2 100644
--- a/scripts/automation/Radius/Tests/Public/Module/Update-JCRModule.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Module/Update-JCRModule.Tests.ps1
@@ -128,7 +128,7 @@ Describe 'Module Update' -Tag "Module" {
         # create the version directory within the module path if it does not exist
         New-Item -Path "$radiusModuleDirectory/$moduleVersion" -ItemType Directory
         # Copy all the contents from the parent folder to the destination folder
-        Copy-Item -Path $devModulePath/* -Destination "$radiusModuleDirectory/$moduleVersion" -Recurse -Force -Exclude "Cert", "UserCerts", "images", "data", "users.json", "reports", "Tests", "deploy", "key.encrypted", "keyCert.encrypted", "log.txt", "changelog.md"
+        Copy-Item -Path $devModulePath/* -Destination "$radiusModuleDirectory/$moduleVersion" -Recurse -Force -Exclude "Cert", "UserCerts", "images", "data", "users.json", "reports", "Tests", "deploy", "key.encrypted", "keyCert.encrypted", "log.txt", "changelog.md", "config.json"
         Publish-Module -Name "$radiusModuleDirectory/$moduleVersion" -Repository $localRepoName -Force -RequiredVersion $moduleVersion
 
         # Print the LocalPSRepo File Contents:
@@ -165,6 +165,42 @@ Describe 'Module Update' -Tag "Module" {
             Remove-Item -Path $radiusModuleDirectory -Recurse -Force
             Install-Module -Name $radiusModule -Repository $localRepoName -RequiredVersion $moduleVersion
 
+            # import the installed Module
+            Write-Host "Importing module $radiusModule from local repo $localRepoName with version $moduleVersion"
+            Import-Module -Name $radiusModule -force
+
+            $moduleCheck = Get-Module -Name $radiusModule
+            $moduleCheck | Should -Not -BeNullOrEmpty
+            $moduleCheck.version | Should -Be $moduleVersion
+
+            # populate the config:
+            $settings = @{
+                certType          = "UsernameCn"
+                certSecretPass    = "secret1234!"
+                radiusDirectory   = "$(Resolve-Path $HOME/RADIUS)"
+                networkSSID       = "TP-Link_SSID"
+                userGroup         = "111111111111111111111111"
+                openSSLBinary     = 'openssl'
+                certSubjectHeader = @{
+                    CountryCode      = "US"
+                    StateCode        = "CO"
+                    Locality         = "Boulder"
+                    Organization     = "JumpCloud"
+                    OrganizationUnit = "Customer_Tools"
+                    CommonName       = "JumpCloud.com"
+                }
+            }
+
+            Set-JCRConfigFile @settings
+
+            Write-Host "-----------------------"
+            Write-Host "[status] Module Path : $($moduleCheck.Path)"
+            Write-Host "[Status] JCRConfig Settings:"
+            foreach ($setting in $global:JCRConfig.PSObject.Properties) {
+                Write-Host ("$($setting.Name): $($setting.Value.value)")
+            }
+            Write-Host "-----------------------"
+
             # update the module manifest version to simulate a new version
             $newVersion = "$(([version]$moduleVersion).major).$(([version]$moduleVersion).minor).$(([version]$moduleVersion).build + 1)"
             Update-ModuleManifest -Path $psd1Path -ModuleVersion $newVersion
@@ -177,7 +213,7 @@ Describe 'Module Update' -Tag "Module" {
                 New-Item -Path "$radiusModuleDirectory/$newVersion" -ItemType Directory
                 # Copy all the contents from the parent folder to the destination folder
                 Write-Warning "Copying module files from $devModulePath to the local repo for version $newVersion"
-                Copy-Item -Path $devModulePath/* -Destination "$radiusModuleDirectory/$newVersion" -Recurse -Force -Exclude "Cert", "UserCerts", "images", "data", "users.json", "reports", "Tests", "deploy", "key.encrypted", "keyCert.encrypted", "log.txt", "changelog.md"
+                Copy-Item -Path $devModulePath/* -Destination "$radiusModuleDirectory/$newVersion" -Recurse -Force -Exclude "Cert", "UserCerts", "images", "data", "users.json", "reports", "Tests", "deploy", "key.encrypted", "keyCert.encrypted", "log.txt", "changelog.md", "config.json"
                 Publish-Module -Name "$radiusModuleDirectory/$newVersion" -Repository $localRepoName -Force -RequiredVersion $newVersion
             }
 

From 1f2a70d6976600a6e66d9e0430bd1e8e5955c57a Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Wed, 18 Jun 2025 16:24:19 -0600
Subject: [PATCH 304/346] remove module if lingering

---
 .../Tests/Public/Module/Update-JCRModule.Tests.ps1       | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/scripts/automation/Radius/Tests/Public/Module/Update-JCRModule.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Module/Update-JCRModule.Tests.ps1
index 1b88c5ca2..76b95cff8 100644
--- a/scripts/automation/Radius/Tests/Public/Module/Update-JCRModule.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Module/Update-JCRModule.Tests.ps1
@@ -157,6 +157,15 @@ Describe 'Module Update' -Tag "Module" {
             $installedModule | Should -Not -BeNullOrEmpty
             $installedModule.version | Should -Be $moduleVersion
         }
+        AfterAll {
+            $moduleCheck = Get-Module -Name $radiusModule
+            if ($moduleCheck) {
+                Write-Host "Removing module $radiusModule from the session"
+                Remove-Module -Name $radiusModule -Force
+            } else {
+                Write-Host "Module $radiusModule is not loaded in the session"
+            }
+        }
     }
 
     Context 'When a new version of the module is available' {

From 6f1a2c6e5feaa53d2d949af6b4c61c4455c8b22d Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Fri, 20 Jun 2025 12:29:17 -0600
Subject: [PATCH 305/346] remove extensions file changes in .gitignore

---
 .gitignore | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.gitignore b/.gitignore
index 763484e9f..e8988ab8d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -4,6 +4,8 @@
 *test_results
 # Ignore support.wiki
 *support.wiki
+# Ignore Extensions
+/scripts/automation/Radius/Extensions/*
 # Ignore Config
 /PowerShell/JumpCloud Module/Config.Json
 # Ignore Radius Certs

From dcf73297d80772535c86f6f5a4ad0e7b00ce6ea8 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Fri, 20 Jun 2025 13:13:40 -0600
Subject: [PATCH 306/346] extensions file generation + confirm JCR tests

---
 .../CertGeneration/Set-JCRExtensionFile.ps1   | 69 +++++++++++++++++--
 .../CertGeneration/Test-JCRExtensionFile.ps1  |  2 -
 .../Private/Config/Confirm-JCRConfigFile.ps1  | 43 ++++++++++--
 .../Private/Config/Get-JCRConfig.ps1          | 25 -------
 .../Public/Config/Set-JCRConfigFile.ps1       |  9 +++
 .../Public/Start-GenerateRootCert.ps1         | 21 ++----
 .../Config/Confirm-JCRConfigFile.Tests.ps1    | 21 ++++++
 7 files changed, 136 insertions(+), 54 deletions(-)
 delete mode 100644 scripts/automation/Radius/Functions/Private/Config/Get-JCRConfig.ps1

diff --git a/scripts/automation/Radius/Functions/Private/CertGeneration/Set-JCRExtensionFile.ps1 b/scripts/automation/Radius/Functions/Private/CertGeneration/Set-JCRExtensionFile.ps1
index d17c0ff72..345793104 100644
--- a/scripts/automation/Radius/Functions/Private/CertGeneration/Set-JCRExtensionFile.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertGeneration/Set-JCRExtensionFile.ps1
@@ -4,10 +4,29 @@ function Set-JCRExtensionFile {
 
     $extensionsDir = Join-Path $JCRScriptRoot "Extensions"
     $exts = Get-ChildItem -Path (Resolve-Path -Path $extensionsDir) -Filter "extensions-*.cnf"
-    foreach ($ext in $exts) {
-        Write-Host "Updating Subject Headers for $($ext.Name)"
-        $extContent = Get-Content -Path $ext.FullName -Raw
-        $reqDistinguishedName = @"
+    $emailDNHereString = @"
+[req]
+req_extensions = v3_req
+distinguished_name = req_distinguished_name
+
+[req_distinguished_name]
+C = $($global:JCRConfig.certSubjectHeader.Value.CountryCode)
+ST = $($global:JCRConfig.certSubjectHeader.Value.StateCode)
+L = $($global:JCRConfig.certSubjectHeader.Value.Locality)
+O = $($global:JCRConfig.certSubjectHeader.Value.Organization)
+OU = $($global:JCRConfig.certSubjectHeader.Value.OrganizationUnit)
+CN = $($global:JCRConfig.certSubjectHeader.Value.CommonName)
+
+[v3_req]
+keyUsage = digitalSignature
+extendedKeyUsage = clientAuth
+authorityInfoAccess = OCSP;URI:http://localhost:9000
+"@
+    $emailSANHereString = @"
+[req]
+req_extensions = v3_req
+distinguished_name = req_distinguished_name
+
 [req_distinguished_name]
 C = $($global:JCRConfig.certSubjectHeader.Value.CountryCode)
 ST = $($global:JCRConfig.certSubjectHeader.Value.StateCode)
@@ -16,8 +35,46 @@ O = $($global:JCRConfig.certSubjectHeader.Value.Organization)
 OU = $($global:JCRConfig.certSubjectHeader.Value.OrganizationUnit)
 CN = $($global:JCRConfig.certSubjectHeader.Value.CommonName)
 
+[v3_req]
+authorityKeyIdentifier = keyid:always,issuer:always
+keyUsage = digitalSignature
+extendedKeyUsage = clientAuth
+#For Client cert with email in the subject alternative name
+subjectAltName = email:username@domain.com
 "@
-        $updatedContent = $extContent -Replace "(\[req_distinguished_name\][\s\S]*?)(?=\[v3_req\])", $reqDistinguishedName
-        Set-Content -Path $ext.FullName -Value $updatedContent -NoNewline -Force
+
+    $usernameCNHereString = @"
+[req]
+req_extensions = v3_req
+distinguished_name = req_distinguished_name
+
+[req_distinguished_name]
+C = $($global:JCRConfig.certSubjectHeader.Value.CountryCode)
+ST = $($global:JCRConfig.certSubjectHeader.Value.StateCode)
+L = $($global:JCRConfig.certSubjectHeader.Value.Locality)
+O = $($global:JCRConfig.certSubjectHeader.Value.Organization)
+OU = $($global:JCRConfig.certSubjectHeader.Value.OrganizationUnit)
+CN = $($global:JCRConfig.certSubjectHeader.Value.CommonName)
+
+[v3_req]
+keyUsage = digitalSignature
+extendedKeyUsage = clientAuth
+authorityInfoAccess = OCSP;URI:http://localhost:9000
+"@
+
+    foreach ($ext in $exts) {
+        Write-Host "Updating Subject Headers for $($ext.Name)"
+        # replace the content of the extension file with the appropriate string based on the certType
+        switch ($ext.Name) {
+            'extensions-emailDN.cnf' {
+                Set-Content -Path $ext.FullName -Value $emailDNHereString -NoNewline -Force
+            }
+            'extensions-emailSAN.cnf' {
+                Set-Content -Path $ext.FullName -Value $emailDNHereString -NoNewline -Force
+            }
+            'extensions-usernameCN.cnf' {
+                Set-Content -Path $ext.FullName -Value $usernameCNHereString -NoNewline -Force
+            }
+        }
     }
 }
\ No newline at end of file
diff --git a/scripts/automation/Radius/Functions/Private/CertGeneration/Test-JCRExtensionFile.ps1 b/scripts/automation/Radius/Functions/Private/CertGeneration/Test-JCRExtensionFile.ps1
index fc7e19fb7..3eb6e3e5e 100644
--- a/scripts/automation/Radius/Functions/Private/CertGeneration/Test-JCRExtensionFile.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertGeneration/Test-JCRExtensionFile.ps1
@@ -24,11 +24,9 @@ function Test-JCRExtensionFile {
             if ($extContent -match $pattern) {
                 $actual = $Matches[1].Trim()
                 if ($actual -ne $expected[$key]) {
-                    Write-Error "Mismatch in $($ext.Name): $key expected '$($expected[$key])' but found '$actual'"
                     $allValid = $false
                 }
             } else {
-                Write-Error "Header $key not found in $($ext.Name)"
                 $allValid = $false
             }
         }
diff --git a/scripts/automation/Radius/Functions/Private/Config/Confirm-JCRConfigFile.ps1 b/scripts/automation/Radius/Functions/Private/Config/Confirm-JCRConfigFile.ps1
index 775f6e656..b3fb23278 100644
--- a/scripts/automation/Radius/Functions/Private/Config/Confirm-JCRConfigFile.ps1
+++ b/scripts/automation/Radius/Functions/Private/Config/Confirm-JCRConfigFile.ps1
@@ -20,15 +20,46 @@ function Confirm-JCRConfigFile {
             $settingName = $setting.Name
             $settingValue = $setting.Value
             # check to see if the key is required and if the value is null
-            if ($settingValue.required -eq $true -and $settingValue.value -eq $null) {
-                $requiredAttributesNotSet += @{ $settingName = $settingValue.placeholder }
-            }
-            # specifically for the openssl binary, check if the path exists
-            if ($settingName -eq 'openSSLBinary' -and $settingValue.value -ne $null) {
-                Get-OpenSSLVersion -opensslBinary $settingValue.value
+            switch ($settingName) {
+                'openSSLBinary' {
+                    if ($settingName -eq 'openSSLBinary' -and $settingValue.value -ne $null) {
+                        Get-OpenSSLVersion -opensslBinary $settingValue.value
+                    }
+                }
+                'certSubjectHeader' {
+                    # check if the cert subject header is set
+                    if ($settingValue.value -eq $null) {
+                        $requiredAttributesNotSet += @{ $settingName = $settingValue.placeholder }
+                    } else {
+                        # check if the hashtable has all required keys
+                        $requiredKeys = @('CountryCode', 'StateCode', 'Locality', 'Organization', 'OrganizationUnit', 'CommonName')
+                        foreach ($key in $requiredKeys) {
+                            if ($global:JCRConfig.certSubjectHeader.Value.$($key) -eq $null) {
+                                $requiredAttributesNotSet += @{ $settingName = $settingValue.placeholder }
+                                break
+                            }
+                            # validate that the value has no spaces, throw
+                            if ($global:JCRConfig.certSubjectHeader.Value.$($key) -match '\s') {
+                                if (-not $loadModule) {
+                                    throw "The `'$settingName`' value contains spaces.`nThe value: `'$($global:JCRConfig.certSubjectHeader.Value.$($key))`' for `'$key`' cannot contain spaces."
+                                } else {
+                                    Write-Warning "The `'$settingName`' value contains spaces.`nThe value: `'$($global:JCRConfig.certSubjectHeader.Value.$($key))`' for `'$key`' cannot contain spaces."
+
+                                }
+                            }
+                        }
+                    }
+                }
+                Default {
+                    if ($settingValue.required -eq $true -and $settingValue.value -eq $null) {
+                        $requiredAttributesNotSet += @{ $settingName = $settingValue.placeholder }
+                    }
+                }
             }
         }
     }
+
+
     end {
         if ($requiredAttributesNotSet.count -gt 0) {
             $requiredAttributesNotSet = $requiredAttributesNotSet | Sort-Object
diff --git a/scripts/automation/Radius/Functions/Private/Config/Get-JCRConfig.ps1 b/scripts/automation/Radius/Functions/Private/Config/Get-JCRConfig.ps1
deleted file mode 100644
index 7bdae7d8f..000000000
--- a/scripts/automation/Radius/Functions/Private/Config/Get-JCRConfig.ps1
+++ /dev/null
@@ -1,25 +0,0 @@
-function Get-JCRConfig {
-    [CmdletBinding()]
-    param(
-        [Parameter(Mandatory = $true)][string]$FilePath
-    )
-
-    if (Test-Path -Path $FilePath) {
-        try {
-            $savedConfig = (Get-Content -Path $FilePath -Raw | ConvertFrom-Json)
-            # Merge loaded settings with the module's default configuration
-            foreach ($settingName in $savedConfig.PSObject.Properties.Name) {
-                if ($Module.privateData.config.containsKey($settingName)) {
-                    $Module.privateData.config[$settingName].value = $savedConfig.$settingName.value
-                } else {
-                    Write-Warning "Loaded config contains unknown setting: '$settingName'. It will be ignored."
-                }
-            }
-        } catch {
-            Write-Warning "Failed to load config from '$FilePath'. Using default configuration."
-        }
-    } else {
-        Write-Warning "Config file '$FilePath' not found. Using default configuration."
-        New-JCRConfigFile -Force
-    }
-}
\ No newline at end of file
diff --git a/scripts/automation/Radius/Functions/Public/Config/Set-JCRConfigFile.ps1 b/scripts/automation/Radius/Functions/Public/Config/Set-JCRConfigFile.ps1
index a65c430cc..f0abdd210 100644
--- a/scripts/automation/Radius/Functions/Public/Config/Set-JCRConfigFile.ps1
+++ b/scripts/automation/Radius/Functions/Public/Config/Set-JCRConfigFile.ps1
@@ -76,10 +76,19 @@ function Set-JCRConfigFile {
                 $global:JCRConfig.$param.value = $params[$param]
             }
         }
+        # validate the config settings
     }
 
     end {
         # Write out the new settings
+        Write-Host "---------Updated settings--------------"
+        Write-Host "[status] Module Path : $($ModuleRoot)"
+        Write-Host "[Status] JCRConfig Settings:"
+        foreach ($setting in $global:JCRConfig.PSObject.Properties) {
+            Write-Host ("$($setting.Name): $($setting.Value.value)")
+        }
+        Write-Host "-----------------------"
         $global:JCRConfig | ConvertTo-Json -Depth 10 | Out-File -FilePath $configFilePath
+        Confirm-JCRConfigFile
     }
 }
\ No newline at end of file
diff --git a/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1 b/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1
index c5e2da5f7..f9817b6d6 100644
--- a/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1
+++ b/scripts/automation/Radius/Functions/Public/Start-GenerateRootCert.ps1
@@ -202,22 +202,13 @@ Function Start-GenerateRootCert {
                 Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) x509 -in `"$outCA`" -noout -text"
                 # openssl x509 -in ca-cert.pem -noout -text
                 # Update Extensions Distinguished Names:
-                $exts = Get-ChildItem -Path (Resolve-Path -path "$JCRScriptRoot/Extensions")
-                foreach ($ext in $exts) {
-                    Write-Host "Updating Subject Headers for $($ext.Name)"
-                    $extContent = Get-Content -Path $ext.FullName -Raw
-                    $reqDistinguishedName = @"
-    [req_distinguished_name]
-    C = $($($global:JCRConfig.certSubjectHeader.Value.CountryCode))
-    ST = $($($global:JCRConfig.certSubjectHeader.Value.StateCode))
-    L = $($($global:JCRConfig.certSubjectHeader.Value.Locality))
-    O = $($($global:JCRConfig.certSubjectHeader.Value.Organization))
-    OU = $($($global:JCRConfig.certSubjectHeader.Value.OrganizationUnit))
-    CN = $($($global:JCRConfig.certSubjectHeader.Value.CommonName))
-
-"@
-                    $extContent -Replace ("\[req_distinguished_name\][\s\S]*(?=\[v3_req\])", $reqDistinguishedName) | Set-Content -Path $ext.FullName -NoNewline -Force
+                if (-not (Test-JCRExtensionFile)) {
+                    Write-Host "Extensions file is not valid, updating it now..."
+                    Set-JCRExtensionFile
+                } else {
+                    Write-Host "Extensions file is valid, no need to update"
                 }
+
                 return
             }
         }
diff --git a/scripts/automation/Radius/Tests/Private/Config/Confirm-JCRConfigFile.Tests.ps1 b/scripts/automation/Radius/Tests/Private/Config/Confirm-JCRConfigFile.Tests.ps1
index d9aaafcfb..c4a461aec 100644
--- a/scripts/automation/Radius/Tests/Private/Config/Confirm-JCRConfigFile.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Private/Config/Confirm-JCRConfigFile.Tests.ps1
@@ -105,6 +105,27 @@ Describe 'Confirm-JCRConfigFile Tests' -Tag "Acceptance" {
             }
         }
     }
+    Context "Validation for individual setting" {
+        It "Should throw when a subject header contains a space" {
+            # Set the certSubjectHeader with a space in the CommonName
+            $param = @{
+                certSubjectHeader = @{
+                    CountryCode      = 'US'
+                    StateCode        = 'CA'
+                    Locality         = 'San Francisco'
+                    Organization     = 'JumpCloud'
+                    OrganizationUnit = 'Engineering'
+                    CommonName       = 'Test User'  # Contains a space
+                }
+            }
+            { Set-JCRConfigFile @param } | Should -Throw
+        }
+        It "Should throw when a string value is set for an 'int' type setting" {
+            # Set a string value for an int type setting
+            $param = @{ caCertValidityDays = 'NotAnInt' }
+            { Set-JCRConfigFile @param } | Should -Throw
+        }
+    }
     AfterAll {
         # Restore the original config file contents
         $configFilePath = Join-Path -Path $JCRScriptRoot -ChildPath 'Config.json'

From 6c9f7d10b8cb69a5a8f86ada074cc1e111feb7e4 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Fri, 20 Jun 2025 13:18:35 -0600
Subject: [PATCH 307/346] JCRConfig rename

---
 ...CRConfigFile.ps1 => Confirm-JCRConfig.ps1} |  12 +-
 ...et-JCRConfigFile.ps1 => Get-JCRConfig.ps1} |   4 +-
 ...ew-JCRConfigFile.ps1 => New-JCRConfig.ps1} |   2 +-
 .../Config/Test-JCRRadiusDirectory.ps1        |   2 +-
 ...JCRConfigFile.ps1 => Update-JCRConfig.ps1} |   8 +-
 .../Private/Menus/Show-RadiusMainMenu.ps1     |   4 +-
 .../Private/Module/Get-OpenSSLVersion.ps1     |   2 +-
 ...et-JCRConfigFile.ps1 => Set-JCRConfig.ps1} |   8 +-
 .../Functions/Public/Get-JCRGlobalVars.ps1    |   8 +-
 .../Public/Module/Update-JCRModule.ps1        |   6 +-
 .../Public/Start-RadiusDeployment.ps1         |   2 +-
 .../automation/Radius/JumpCloud.Radius.psd1   | 166 +++++++++---------
 .../automation/Radius/JumpCloud.Radius.psm1   |  16 +-
 .../ModuleValidation/ModuleVersion.Tests.ps1  |   2 +-
 ....Tests.ps1 => Confirm-JCRConfig.Tests.ps1} |  22 +--
 .../Tests/Public/Get-JCRGlobalVars.Tests.ps1  |  10 +-
 .../Public/Module/Update-JCRModule.Tests.ps1  |   6 +-
 .../Public/Start-DeployUserCerts.Tests.ps1    |   8 +-
 .../Public/Start-GenerateUserCerts.Tests.ps1  |   6 +-
 .../Radius/Tests/SetupRadiusOrg.ps1           |   2 +-
 .../automation/Radius/multi_group_radius.ps1  |   2 +-
 21 files changed, 149 insertions(+), 149 deletions(-)
 rename scripts/automation/Radius/Functions/Private/Config/{Confirm-JCRConfigFile.ps1 => Confirm-JCRConfig.ps1} (94%)
 rename scripts/automation/Radius/Functions/Private/Config/{Get-JCRConfigFile.ps1 => Get-JCRConfig.ps1} (95%)
 rename scripts/automation/Radius/Functions/Private/Config/{New-JCRConfigFile.ps1 => New-JCRConfig.ps1} (96%)
 rename scripts/automation/Radius/Functions/Private/Config/{Update-JCRConfigFile.ps1 => Update-JCRConfig.ps1} (94%)
 rename scripts/automation/Radius/Functions/Public/Config/{Set-JCRConfigFile.ps1 => Set-JCRConfig.ps1} (96%)
 rename scripts/automation/Radius/Tests/Private/Config/{Confirm-JCRConfigFile.Tests.ps1 => Confirm-JCRConfig.Tests.ps1} (90%)

diff --git a/scripts/automation/Radius/Functions/Private/Config/Confirm-JCRConfigFile.ps1 b/scripts/automation/Radius/Functions/Private/Config/Confirm-JCRConfig.ps1
similarity index 94%
rename from scripts/automation/Radius/Functions/Private/Config/Confirm-JCRConfigFile.ps1
rename to scripts/automation/Radius/Functions/Private/Config/Confirm-JCRConfig.ps1
index b3fb23278..2d015fadc 100644
--- a/scripts/automation/Radius/Functions/Private/Config/Confirm-JCRConfigFile.ps1
+++ b/scripts/automation/Radius/Functions/Private/Config/Confirm-JCRConfig.ps1
@@ -1,4 +1,4 @@
-function Confirm-JCRConfigFile {
+function Confirm-JCRConfig {
     [CmdletBinding()]
     param (
         [Parameter(
@@ -9,7 +9,7 @@ function Confirm-JCRConfigFile {
     )
     begin {
         if (-not $global:JCRConfig) {
-            $global:JCRConfig = Get-JCRConfigFile -asObject
+            $global:JCRConfig = Get-JCRConfig -asObject
         }
         $requiredAttributesNotSet = @{}
     }
@@ -65,7 +65,7 @@ function Confirm-JCRConfigFile {
             $requiredAttributesNotSet = $requiredAttributesNotSet | Sort-Object
             $requiredAttributesNotSetString = $requiredAttributesNotSet.Keys -join ","
             Write-Warning @"
-There are required settings for this module that have not yet been set with the Set-JCRConfigFile function.
+There are required settings for this module that have not yet been set with the Set-JCRConfig function.
 The module requires you set: $requiredAttributesNotSetString
 
 To set these run the following command (changing the default settings for your own organization):
@@ -75,13 +75,13 @@ $($requiredAttributesNotSet.GetEnumerator() | ForEach-Object {
 "`t$($_.Key) = $($_.Value)" + [System.Environment]::NewLine
 })}
 
-Set-JCRConfigFile @settings
+Set-JCRConfig @settings
 
 "@
             if (-not $loadModule) {
-                throw "Please set these variables with the Set-JCRConfigFile cmdlet"
+                throw "Please set these variables with the Set-JCRConfig cmdlet"
             } else {
-                Write-Warning "Please set these variables with the Set-JCRConfigFile cmdlet"
+                Write-Warning "Please set these variables with the Set-JCRConfig cmdlet"
             }
         }
     }
diff --git a/scripts/automation/Radius/Functions/Private/Config/Get-JCRConfigFile.ps1 b/scripts/automation/Radius/Functions/Private/Config/Get-JCRConfig.ps1
similarity index 95%
rename from scripts/automation/Radius/Functions/Private/Config/Get-JCRConfigFile.ps1
rename to scripts/automation/Radius/Functions/Private/Config/Get-JCRConfig.ps1
index 466a86168..b295c5db3 100644
--- a/scripts/automation/Radius/Functions/Private/Config/Get-JCRConfigFile.ps1
+++ b/scripts/automation/Radius/Functions/Private/Config/Get-JCRConfig.ps1
@@ -1,4 +1,4 @@
-function Get-JCRConfigFile {
+function Get-JCRConfig {
     [CmdletBinding()]
     param (
         [Parameter(
@@ -16,7 +16,7 @@ function Get-JCRConfigFile {
         if (-Not (Test-Path -Path $configFilePath)) {
             Write-Host "write new settings file $configFilePath"
             # Create new file with default settings
-            New-JCRConfigFile
+            New-JCRConfig
         }
     }
 
diff --git a/scripts/automation/Radius/Functions/Private/Config/New-JCRConfigFile.ps1 b/scripts/automation/Radius/Functions/Private/Config/New-JCRConfig.ps1
similarity index 96%
rename from scripts/automation/Radius/Functions/Private/Config/New-JCRConfigFile.ps1
rename to scripts/automation/Radius/Functions/Private/Config/New-JCRConfig.ps1
index a34edae73..d7c01138f 100644
--- a/scripts/automation/Radius/Functions/Private/Config/New-JCRConfigFile.ps1
+++ b/scripts/automation/Radius/Functions/Private/Config/New-JCRConfig.ps1
@@ -1,4 +1,4 @@
-function New-JCRConfigFile {
+function New-JCRConfig {
     [CmdletBinding()]
     param (
         [Parameter(
diff --git a/scripts/automation/Radius/Functions/Private/Config/Test-JCRRadiusDirectory.ps1 b/scripts/automation/Radius/Functions/Private/Config/Test-JCRRadiusDirectory.ps1
index e0eb89d39..f39dba3fb 100644
--- a/scripts/automation/Radius/Functions/Private/Config/Test-JCRRadiusDirectory.ps1
+++ b/scripts/automation/Radius/Functions/Private/Config/Test-JCRRadiusDirectory.ps1
@@ -21,7 +21,7 @@ function Test-JCRRadiusDirectory {
     # validate that the $resolvedPath is not the same as the JCRScriptRoot
     # Write-Warning "Resolved path: $resolvedPath | JCRScriptRoot: $global:JCRScriptRoot"
     if ("$resolvedPath" -eq $($global:JCRScriptRoot)) {
-        Write-Error "The path '$resolvedPath' cannot be the same as the JCRScriptRoot. This could lead to certificate data loss if the module is updated or reinstalled. Please set the 'RadiusDirectory' to different directory.`nSet-JCRConfigFile -RadiusDirectory '<Path/To/radiusDirectory>'"
+        Write-Error "The path '$resolvedPath' cannot be the same as the JCRScriptRoot. This could lead to certificate data loss if the module is updated or reinstalled. Please set the 'RadiusDirectory' to different directory.`nSet-JCRConfig -RadiusDirectory '<Path/To/radiusDirectory>'"
         return $false
     }
 
diff --git a/scripts/automation/Radius/Functions/Private/Config/Update-JCRConfigFile.ps1 b/scripts/automation/Radius/Functions/Private/Config/Update-JCRConfig.ps1
similarity index 94%
rename from scripts/automation/Radius/Functions/Private/Config/Update-JCRConfigFile.ps1
rename to scripts/automation/Radius/Functions/Private/Config/Update-JCRConfig.ps1
index 0c14993ac..e80472ee7 100644
--- a/scripts/automation/Radius/Functions/Private/Config/Update-JCRConfigFile.ps1
+++ b/scripts/automation/Radius/Functions/Private/Config/Update-JCRConfig.ps1
@@ -1,4 +1,4 @@
-function Update-JCRConfigFile {
+function Update-JCRConfig {
     [CmdletBinding()]
     param (
         [Parameter(Mandatory = $true)]
@@ -14,11 +14,11 @@ function Update-JCRConfigFile {
 
         if (test-path -path $configFilePath) {
             # Get Contents
-            $config = Get-JCRConfigFile -asObject
+            $config = Get-JCRConfig -asObject
         } else {
             # Create new file with default settings
-            New-JCRConfigFile
-            $config = Get-JCRConfigFile -asObject
+            New-JCRConfig
+            $config = Get-JCRConfig -asObject
         }
 
         Write-Host "---------Update settings--------------"
diff --git a/scripts/automation/Radius/Functions/Private/Menus/Show-RadiusMainMenu.ps1 b/scripts/automation/Radius/Functions/Private/Menus/Show-RadiusMainMenu.ps1
index 2dec9d950..62a18b89f 100644
--- a/scripts/automation/Radius/Functions/Private/Menus/Show-RadiusMainMenu.ps1
+++ b/scripts/automation/Radius/Functions/Private/Menus/Show-RadiusMainMenu.ps1
@@ -25,8 +25,8 @@ function Show-RadiusMainMenu {
 
     # ==== TITLE ====
     Write-Host $(PadCenter -string $Title -char '=')
-    If (($global:JCRConfig -eq $null) -or (-not (Confirm-JCRConfigFile))) {
-        Write-Host $(PadCenter -string "Edit the required settings with `Set-JCRConfigFile` before continuing this script `n" -char ' ') -ForegroundColor Yellow
+    If (($global:JCRConfig -eq $null) -or (-not (Confirm-JCRConfig))) {
+        Write-Host $(PadCenter -string "Edit the required settings with `Set-JCRConfig` before continuing this script `n" -char ' ') -ForegroundColor Yellow
     }
     # /==== TITLE ====
 
diff --git a/scripts/automation/Radius/Functions/Private/Module/Get-OpenSSLVersion.ps1 b/scripts/automation/Radius/Functions/Private/Module/Get-OpenSSLVersion.ps1
index 2eda86249..70886d5ec 100644
--- a/scripts/automation/Radius/Functions/Private/Module/Get-OpenSSLVersion.ps1
+++ b/scripts/automation/Radius/Functions/Private/Module/Get-OpenSSLVersion.ps1
@@ -10,7 +10,7 @@ function Get-OpenSSLVersion {
         try {
             $version = Invoke-Expression "& '$opensslBinary' version"
         } catch {
-            Write-Warning "OpenSSL Not Found`nThe module could not find 'openssl' or the path is incorrect. Please update the 'OpenSSLBinary' setting for this module with the Set-JCRConfigFile cmdlet:`nWindows: Set-JCRConfigFile -openSSLBinary 'C:\Path\To\OpenSSL\bin\openssl.exe'`nMacOS/Linux: Set-JCRConfigFile -openSSLBinary '/opt/homebrew/bin/openssl'"
+            Write-Warning "OpenSSL Not Found`nThe module could not find 'openssl' or the path is incorrect. Please update the 'OpenSSLBinary' setting for this module with the Set-JCRConfig cmdlet:`nWindows: Set-JCRConfig -openSSLBinary 'C:\Path\To\OpenSSL\bin\openssl.exe'`nMacOS/Linux: Set-JCRConfig -openSSLBinary '/opt/homebrew/bin/openssl'"
             $conditionsNotMet = $true
         }
 
diff --git a/scripts/automation/Radius/Functions/Public/Config/Set-JCRConfigFile.ps1 b/scripts/automation/Radius/Functions/Public/Config/Set-JCRConfig.ps1
similarity index 96%
rename from scripts/automation/Radius/Functions/Public/Config/Set-JCRConfigFile.ps1
rename to scripts/automation/Radius/Functions/Public/Config/Set-JCRConfig.ps1
index f0abdd210..dd03090b1 100644
--- a/scripts/automation/Radius/Functions/Public/Config/Set-JCRConfigFile.ps1
+++ b/scripts/automation/Radius/Functions/Public/Config/Set-JCRConfig.ps1
@@ -1,4 +1,4 @@
-function Set-JCRConfigFile {
+function Set-JCRConfig {
     [CmdletBinding()]
     param (
     )
@@ -49,9 +49,9 @@ function Set-JCRConfigFile {
 
         if (-NOT $global:JCRConfig) {
             # create the config file from template
-            New-JCRConfigFile
+            New-JCRConfig
             # set the variable
-            $global:JCRConfig = Get-JCRConfigFile -asObject
+            $global:JCRConfig = Get-JCRConfig -asObject
         }
     }
 
@@ -89,6 +89,6 @@ function Set-JCRConfigFile {
         }
         Write-Host "-----------------------"
         $global:JCRConfig | ConvertTo-Json -Depth 10 | Out-File -FilePath $configFilePath
-        Confirm-JCRConfigFile
+        Confirm-JCRConfig
     }
 }
\ No newline at end of file
diff --git a/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1 b/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
index 45eae4c79..02b1e5983 100644
--- a/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
+++ b/scripts/automation/Radius/Functions/Public/Get-JCRGlobalVars.ps1
@@ -26,7 +26,7 @@ function Get-JCRGlobalVars {
         }
 
         if (-Not $global:JCRConfig) {
-            $global:JCRConfig = Get-JCRConfigFile
+            $global:JCRConfig = Get-JCRConfig
         }
 
         # get settings file
@@ -37,7 +37,7 @@ function Get-JCRGlobalVars {
                 Write-Host "[status] lastUpdate value is null, updating global variables"
                 $update = $true
                 $updateAssociation = $true
-                Set-JCRConfigFile -lastUpdate (Get-Date)
+                Set-JCRConfig -lastUpdate (Get-Date)
             }
         }
         if ($ifWindows) {
@@ -47,7 +47,7 @@ function Get-JCRGlobalVars {
                 Write-Host "[status] lastUpdate value is null, updating global variables"
                 $update = $true
                 $updateAssociation = $true
-                Set-JCRConfigFile -lastUpdate (Get-Date)
+                Set-JCRConfig -lastUpdate (Get-Date)
             }
         }
         if ($lastUpdateTimeSpan.TotalHours -gt 24) {
@@ -265,7 +265,7 @@ function Get-JCRGlobalVars {
                 [array]$Global:JCRRadiusMembers = $radiusMemberList
                 $Global:JCRCertHash = $certHash
                 # update the settings date
-                Set-JCRConfigFile -lastUpdate (Get-Date)
+                Set-JCRConfig -lastUpdate (Get-Date)
                 # update users.json
                 Update-JCRUsersJson
             }
diff --git a/scripts/automation/Radius/Functions/Public/Module/Update-JCRModule.ps1 b/scripts/automation/Radius/Functions/Public/Module/Update-JCRModule.ps1
index 15a3d81fe..c0c4ddc12 100644
--- a/scripts/automation/Radius/Functions/Public/Module/Update-JCRModule.ps1
+++ b/scripts/automation/Radius/Functions/Public/Module/Update-JCRModule.ps1
@@ -42,7 +42,7 @@ function Update-JCRModule {
         } else {
             # else get the module config from the current module:
             # TODO: get the json config with the private function not created yet
-            $savedJCRSettings = Get-JCRConfigFile -asObject
+            $savedJCRSettings = Get-JCRConfig -asObject
             Write-Warning "copying settings from the current module to the new one, this will overwrite the current settings file."
             $savedJCRSettings | Format-List
             Write-Warning "userGroupID =  $($savedJCRSettings.userGroup.value)"
@@ -83,9 +83,9 @@ function Update-JCRModule {
             Import-module -Name $ModuleName -Force
 
             # update the settings file config.json
-            Update-JCRConfigFile -settings $savedJCRSettings
+            Update-JCRConfig -settings $savedJCRSettings
             # re-import the settings file variable
-            $global:JCRConfig = Get-JCRConfigFile -asObject
+            $global:JCRConfig = Get-JCRConfig -asObject
 
             if (-not (Test-JCRExtensionFile)) {
                 Write-Host "Extensions file is not valid, updating it now..."
diff --git a/scripts/automation/Radius/Functions/Public/Start-RadiusDeployment.ps1 b/scripts/automation/Radius/Functions/Public/Start-RadiusDeployment.ps1
index 543fbd50e..a548b8bb2 100644
--- a/scripts/automation/Radius/Functions/Public/Start-RadiusDeployment.ps1
+++ b/scripts/automation/Radius/Functions/Public/Start-RadiusDeployment.ps1
@@ -6,7 +6,7 @@ function Start-RadiusDeployment {
     }
 
     # validate the setting from the module have been set
-    Confirm-JCRConfigFile -ErrorAction stop
+    Confirm-JCRConfig -ErrorAction stop
 
     if ($Global:JCRSettings.sessionImport -eq $false) {
         Get-JCRGlobalVars
diff --git a/scripts/automation/Radius/JumpCloud.Radius.psd1 b/scripts/automation/Radius/JumpCloud.Radius.psd1
index a2802176c..e387a255e 100644
--- a/scripts/automation/Radius/JumpCloud.Radius.psd1
+++ b/scripts/automation/Radius/JumpCloud.Radius.psd1
@@ -3,133 +3,133 @@
 #
 # Generated by: JumpCloud Customer Tools Team
 #
-# Generated on: 6/16/2025
+# Generated on: 6/18/2025
 #
 
 @{
 
-# Script module or binary module file associated with this manifest.
-RootModule = 'JumpCloud.Radius.psm1'
+    # Script module or binary module file associated with this manifest.
+    RootModule        = 'JumpCloud.Radius.psm1'
 
-# Version number of this module.
-ModuleVersion = '2.0.0'
+    # Version number of this module.
+    ModuleVersion     = '2.0.0'
 
-# Supported PSEditions
-# CompatiblePSEditions = @()
+    # Supported PSEditions
+    # CompatiblePSEditions = @()
 
-# ID used to uniquely identify this module
-GUID = '71bfaf58-3326-4512-9a7f-a2d9dc19d6b5'
+    # ID used to uniquely identify this module
+    GUID              = '71bfaf58-3326-4512-9a7f-a2d9dc19d6b5'
 
-# Author of this module
-Author = 'JumpCloud Customer Tools Team'
+    # Author of this module
+    Author            = 'JumpCloud Customer Tools Team'
 
-# Company or vendor of this module
-CompanyName = 'JumpCloud'
+    # Company or vendor of this module
+    CompanyName       = 'JumpCloud'
 
-# Copyright statement for this module
-Copyright = '(c) JumpCloud. All rights reserved.'
+    # Copyright statement for this module
+    Copyright         = '(c) JumpCloud. All rights reserved.'
 
-# Description of the functionality provided by this module
-Description = 'Module for managing JumpCloud Radius user certificates.'
+    # Description of the functionality provided by this module
+    Description       = 'Module for managing JumpCloud Radius user certificates.'
 
-# Minimum version of the PowerShell engine required by this module
-PowerShellVersion = '7.0.0'
+    # Minimum version of the PowerShell engine required by this module
+    PowerShellVersion = '7.0.0'
 
-# Name of the PowerShell host required by this module
-# PowerShellHostName = ''
+    # Name of the PowerShell host required by this module
+    # PowerShellHostName = ''
 
-# Minimum version of the PowerShell host required by this module
-# PowerShellHostVersion = ''
+    # Minimum version of the PowerShell host required by this module
+    # PowerShellHostVersion = ''
 
-# Minimum version of Microsoft .NET Framework required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
-# DotNetFrameworkVersion = ''
+    # Minimum version of Microsoft .NET Framework required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
+    # DotNetFrameworkVersion = ''
 
-# Minimum version of the common language runtime (CLR) required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
-# ClrVersion = ''
+    # Minimum version of the common language runtime (CLR) required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
+    # ClrVersion = ''
 
-# Processor architecture (None, X86, Amd64) required by this module
-# ProcessorArchitecture = ''
+    # Processor architecture (None, X86, Amd64) required by this module
+    # ProcessorArchitecture = ''
 
-# Modules that must be imported into the global environment prior to importing this module
-RequiredModules = @('JumpCloud')
+    # Modules that must be imported into the global environment prior to importing this module
+    RequiredModules   = @('JumpCloud')
 
-# Assemblies that must be loaded prior to importing this module
-# RequiredAssemblies = @()
+    # Assemblies that must be loaded prior to importing this module
+    # RequiredAssemblies = @()
 
-# Script files (.ps1) that are run in the caller's environment prior to importing this module.
-# ScriptsToProcess = @()
+    # Script files (.ps1) that are run in the caller's environment prior to importing this module.
+    # ScriptsToProcess = @()
 
-# Type files (.ps1xml) to be loaded when importing this module
-# TypesToProcess = @()
+    # Type files (.ps1xml) to be loaded when importing this module
+    # TypesToProcess = @()
 
-# Format files (.ps1xml) to be loaded when importing this module
-# FormatsToProcess = @()
+    # Format files (.ps1xml) to be loaded when importing this module
+    # FormatsToProcess = @()
 
-# Modules to import as nested modules of the module specified in RootModule/ModuleToProcess
-# NestedModules = @()
+    # Modules to import as nested modules of the module specified in RootModule/ModuleToProcess
+    # NestedModules = @()
 
-# Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export.
-FunctionsToExport = 'Get-JCRCertReport', 'Get-JCRGlobalVars', 'Start-DeployUserCerts', 
-               'Start-GenerateRootCert', 'Start-GenerateUserCerts', 
-               'Start-MonitorCertDeployment', 'Start-RadiusDeployment', 
-               'Set-JCRConfigFile', 'Update-JCRModule'
+    # Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export.
+    FunctionsToExport = 'Get-JCRCertReport', 'Get-JCRGlobalVars', 'Start-DeployUserCerts',
+    'Start-GenerateRootCert', 'Start-GenerateUserCerts',
+    'Start-MonitorCertDeployment', 'Start-RadiusDeployment',
+    'Set-JCRConfig', 'Update-JCRModule'
 
-# Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export.
-CmdletsToExport = @()
+    # Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export.
+    CmdletsToExport   = @()
 
-# Variables to export from this module
-VariablesToExport = '*'
+    # Variables to export from this module
+    VariablesToExport = '*'
 
-# Aliases to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no aliases to export.
-AliasesToExport = @()
+    # Aliases to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no aliases to export.
+    AliasesToExport   = @()
 
-# DSC resources to export from this module
-# DscResourcesToExport = @()
+    # DSC resources to export from this module
+    # DscResourcesToExport = @()
 
-# List of all modules packaged with this module
-# ModuleList = @()
+    # List of all modules packaged with this module
+    # ModuleList = @()
 
-# List of all files packaged with this module
-# FileList = @()
+    # List of all files packaged with this module
+    # FileList = @()
 
-# Private data to pass to the module specified in RootModule/ModuleToProcess. This may also contain a PSData hashtable with additional module metadata used by PowerShell.
-PrivateData = @{
+    # Private data to pass to the module specified in RootModule/ModuleToProcess. This may also contain a PSData hashtable with additional module metadata used by PowerShell.
+    PrivateData       = @{
 
-    PSData = @{
+        PSData = @{
 
-        # Tags applied to this module. These help with module discovery in online galleries.
-        # Tags = @()
+            # Tags applied to this module. These help with module discovery in online galleries.
+            # Tags = @()
 
-        # A URL to the license for this module.
-        # LicenseUri = ''
+            # A URL to the license for this module.
+            # LicenseUri = ''
 
-        # A URL to the main website for this project.
-        # ProjectUri = ''
+            # A URL to the main website for this project.
+            # ProjectUri = ''
 
-        # A URL to an icon representing this module.
-        # IconUri = ''
+            # A URL to an icon representing this module.
+            # IconUri = ''
 
-        # ReleaseNotes of this module
-        # ReleaseNotes = ''
+            # ReleaseNotes of this module
+            # ReleaseNotes = ''
 
-        # Prerelease string of this module
-        # Prerelease = ''
+            # Prerelease string of this module
+            # Prerelease = ''
 
-        # Flag to indicate whether the module requires explicit user acceptance for install/update/save
-        # RequireLicenseAcceptance = $false
+            # Flag to indicate whether the module requires explicit user acceptance for install/update/save
+            # RequireLicenseAcceptance = $false
 
-        # External dependent modules of this module
-        # ExternalModuleDependencies = @()
+            # External dependent modules of this module
+            # ExternalModuleDependencies = @()
 
-    } # End of PSData hashtable
+        } # End of PSData hashtable
 
-} # End of PrivateData hashtable
+    } # End of PrivateData hashtable
 
-# HelpInfo URI of this module
-# HelpInfoURI = ''
+    # HelpInfo URI of this module
+    # HelpInfoURI = ''
 
-# Default prefix for commands exported from this module. Override the default prefix using Import-Module -Prefix.
-# DefaultCommandPrefix = ''
+    # Default prefix for commands exported from this module. Override the default prefix using Import-Module -Prefix.
+    # DefaultCommandPrefix = ''
 
 }
 
diff --git a/scripts/automation/Radius/JumpCloud.Radius.psm1 b/scripts/automation/Radius/JumpCloud.Radius.psm1
index e19a028d6..f3b098837 100644
--- a/scripts/automation/Radius/JumpCloud.Radius.psm1
+++ b/scripts/automation/Radius/JumpCloud.Radius.psm1
@@ -125,12 +125,12 @@ $global:JCRConfigTemplate = @{
         copy        = $true
         required    = $true
         placeholder = '@{
-            CountryCode      = "US"
-            StateCode        = "CO"
-            Locality         = "Boulder"
-            Organization     = "JumpCloud"
-            OrganizationUnit = "Customer_Tools"
-            CommonName       = "JumpCloud.com"
+            CountryCode      = "<CountryCode>"
+            StateCode        = "<StateCode>"
+            Locality         = "<Locality>"
+            Organization     = "<Organization>"
+            OrganizationUnit = "<OrganizationUnit>"
+            CommonName       = "<CommonName>"
         }';
         type        = 'hashtable'
     }
@@ -143,11 +143,11 @@ $global:JCRSettings = @{
 }
 
 # From the saved config file, get the settings and set them in the module as $config
-$global:JCRConfig = Get-JCRConfigFile -asObject
+$global:JCRConfig = Get-JCRConfig -asObject
 # Get-JCRConfig
 
 # validate the config settings (skip throw on first load with 'loadModule' param)
-Confirm-JCRConfigFile -loadModule
+Confirm-JCRConfig -loadModule
 
 # TODO: Check the OpenSSL version
 # Get-OpenSSLVersion -opensslBinary $global:JCRConfig.openSSLBinary.value
\ No newline at end of file
diff --git a/scripts/automation/Radius/Tests/ModuleValidation/ModuleVersion.Tests.ps1 b/scripts/automation/Radius/Tests/ModuleValidation/ModuleVersion.Tests.ps1
index 6abeff1a4..ad516bb1c 100644
--- a/scripts/automation/Radius/Tests/ModuleValidation/ModuleVersion.Tests.ps1
+++ b/scripts/automation/Radius/Tests/ModuleValidation/ModuleVersion.Tests.ps1
@@ -49,7 +49,7 @@ Describe "Module Version Tests" -Tag "ModuleValidation" {
                     CommonName       = "JumpCloud.com"
                 }
             }
-            Set-JCRConfigFile @settings
+            Set-JCRConfig @settings
         }
     }
 }
\ No newline at end of file
diff --git a/scripts/automation/Radius/Tests/Private/Config/Confirm-JCRConfigFile.Tests.ps1 b/scripts/automation/Radius/Tests/Private/Config/Confirm-JCRConfig.Tests.ps1
similarity index 90%
rename from scripts/automation/Radius/Tests/Private/Config/Confirm-JCRConfigFile.Tests.ps1
rename to scripts/automation/Radius/Tests/Private/Config/Confirm-JCRConfig.Tests.ps1
index c4a461aec..c71fe9a3c 100644
--- a/scripts/automation/Radius/Tests/Private/Config/Confirm-JCRConfigFile.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Private/Config/Confirm-JCRConfig.Tests.ps1
@@ -1,4 +1,4 @@
-Describe 'Confirm-JCRConfigFile Tests' -Tag "Acceptance" {
+Describe 'Confirm-JCRConfig Tests' -Tag "Acceptance" {
     BeforeAll {
         # Load all functions from private folders
         if (-not (test-path -path $JCRScriptRoot -errorAction silentlyContinue)) {
@@ -54,7 +54,7 @@ Describe 'Confirm-JCRConfigFile Tests' -Tag "Acceptance" {
 
         It "should create a new config file" {
             # Call the function to create a new config file
-            New-JCRConfigFile
+            New-JCRConfig
             # Check if the config file exists
             Test-Path -Path $configFilePath | Should -Be $true
             # the config file should be valid JSON
@@ -62,10 +62,10 @@ Describe 'Confirm-JCRConfigFile Tests' -Tag "Acceptance" {
             { ConvertFrom-Json -InputObject $configContent } | Should -Not -Throw
             # Check if the config file contains the expected keys
         }
-        Context "Individually Set all of the required settings but one, Confirm-JCRConfigFile should still throw" {
+        Context "Individually Set all of the required settings but one, Confirm-JCRConfig should still throw" {
             BeforeEach {
                 # Create a new config file
-                New-JCRConfigFile -force
+                New-JCRConfig -force
                 # Get all the required settings
                 $requiredSettings = $Global:JCRConfigTemplate.GetEnumerator() | Where-Object { $_.Value.required -eq $true }
                 foreach ($setting in $requiredSettings) {
@@ -90,18 +90,18 @@ Describe 'Confirm-JCRConfigFile Tests' -Tag "Acceptance" {
                             }
                         }
                     }
-                    Set-JCRConfigFile @param
+                    Set-JCRConfig @param
 
                     # set one of the required settings to null
                     if ($setting.Key -eq 'openSSLBinary') {
                         $param = @{ $setting.Key = $null }
-                        Set-JCRConfigFile @param
+                        Set-JCRConfig @param
                     }
                 }
             }
 
-            It "Confirm-JCRConfigFile should throw when the config is missing required settings" {
-                { Confirm-JCRConfigFile } | Should -Throw
+            It "Confirm-JCRConfig should throw when the config is missing required settings" {
+                { Confirm-JCRConfig } | Should -Throw
             }
         }
     }
@@ -118,12 +118,12 @@ Describe 'Confirm-JCRConfigFile Tests' -Tag "Acceptance" {
                     CommonName       = 'Test User'  # Contains a space
                 }
             }
-            { Set-JCRConfigFile @param } | Should -Throw
+            { Set-JCRConfig @param } | Should -Throw
         }
         It "Should throw when a string value is set for an 'int' type setting" {
             # Set a string value for an int type setting
             $param = @{ caCertValidityDays = 'NotAnInt' }
-            { Set-JCRConfigFile @param } | Should -Throw
+            { Set-JCRConfig @param } | Should -Throw
         }
     }
     AfterAll {
@@ -131,7 +131,7 @@ Describe 'Confirm-JCRConfigFile Tests' -Tag "Acceptance" {
         $configFilePath = Join-Path -Path $JCRScriptRoot -ChildPath 'Config.json'
         if (Test-Path -Path $configFilePath) {
             Set-Content -Path $configFilePath -Value $configBefore
-            $Global:JCRConfig = Get-JCRConfigFile -asObject
+            $Global:JCRConfig = Get-JCRConfig -asObject
         }
 
         Write-Host "-----------------------"
diff --git a/scripts/automation/Radius/Tests/Public/Get-JCRGlobalVars.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Get-JCRGlobalVars.Tests.ps1
index 23e277ada..514ca52c6 100644
--- a/scripts/automation/Radius/Tests/Public/Get-JCRGlobalVars.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Get-JCRGlobalVars.Tests.ps1
@@ -48,7 +48,7 @@ Describe "Get Global Variable Data Tests" -Tag "Cache" {
         }
         It "Data should not be refreshed when running Get-JCRGlobalVars if it's been less than 24 hours since last update" {
             # Get the settings data
-            $settingsData = Get-JCRConfigFile
+            $settingsData = Get-JCRConfig
             $timeSpan = New-TimeSpan -Start (Get-Date).AddHours(-24) -End $($global:JCRConfig.lastUpdate.value)
             # Write-Host "Time between 24 hrs and settings file: $($timeSpan.TotalHours)"
             # get files before
@@ -58,7 +58,7 @@ Describe "Get Global Variable Data Tests" -Tag "Cache" {
                 # continue with test
             } else {
                 # set the settings file to a mocked value of now
-                Set-JCRConfigFile -lastUpdate (Get-Date)
+                Set-JCRConfig -lastUpdate (Get-Date)
 
             }
             # run Get-JCRGlobalVars
@@ -79,7 +79,7 @@ Describe "Get Global Variable Data Tests" -Tag "Cache" {
         }
         It "Data should refresh when running Get-JCRGlobalVars if it's been more than 24 hours since last update" {
             # Get the settings data
-            $settingsData = Get-JCRConfigFile
+            $settingsData = Get-JCRConfig
             $timeSpan = New-TimeSpan -Start (Get-Date).AddHours(-24) -End $($global:JCRConfig.lastUpdate.value)
             # Write-Host "Time between 24 hrs and settings file: $($timeSpan.TotalHours)"
             # get files before
@@ -89,9 +89,9 @@ Describe "Get Global Variable Data Tests" -Tag "Cache" {
                 # continue with test
             } else {
                 # set the settings file to a mocked value of now
-                Set-JCRConfigFile -lastUpdate (Get-Date).AddHours(-25)
+                Set-JCRConfig -lastUpdate (Get-Date).AddHours(-25)
                 Start-Sleep 2
-                $settingsData = Get-JCRConfigFile
+                $settingsData = Get-JCRConfig
                 $timeSpan = New-TimeSpan -Start  $($global:JCRConfig.lastUpdate.value) -End (Get-Date).AddHours(-24)
                 Write-Host "Time between 24 hrs and settings file: $($timeSpan.TotalHours)"
             }
diff --git a/scripts/automation/Radius/Tests/Public/Module/Update-JCRModule.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Module/Update-JCRModule.Tests.ps1
index 76b95cff8..0eab9a19d 100644
--- a/scripts/automation/Radius/Tests/Public/Module/Update-JCRModule.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Module/Update-JCRModule.Tests.ps1
@@ -200,7 +200,7 @@ Describe 'Module Update' -Tag "Module" {
                 }
             }
 
-            Set-JCRConfigFile @settings
+            Set-JCRConfig @settings
 
             Write-Host "-----------------------"
             Write-Host "[status] Module Path : $($moduleCheck.Path)"
@@ -229,7 +229,7 @@ Describe 'Module Update' -Tag "Module" {
         }
         It 'Module can be updated from the local repo' {
             # update the module from the local repo
-            $configFileBefore = Get-JCRConfigFile -asObject
+            $configFileBefore = Get-JCRConfig -asObject
             Update-JCRModule -Force -Repository $localRepoName
             # $updateModuleSplat = @{
             #     Name            = $moduleName
@@ -243,7 +243,7 @@ Describe 'Module Update' -Tag "Module" {
             $updatedModule.version | Should -Be $newVersion
 
             # test that the config.json file contains the data from the previous module version
-            $configFileAfter = Get-JCRConfigFile -asObject
+            $configFileAfter = Get-JCRConfig -asObject
 
             foreach ($property in $configFileBefore.PSObject.Properties) {
                 # if the property is a hashtable, check each key-value pair
diff --git a/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
index 15c94a35d..68b3eeebb 100644
--- a/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Start-DeployUserCerts.Tests.ps1
@@ -216,7 +216,7 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
         }
         It 'EmailSAN certs are created and command generated with correct identifiers' {
             # set the user cert validity to just 10 days
-            Set-JCRConfigFile -certType "EmailSAN"
+            Set-JCRConfig -certType "EmailSAN"
             # Get Cert Before
             $CertInfoBefore = Get-CertInfo -UserCerts -username $certTypeUser.username
             # Generate the user cert:
@@ -247,7 +247,7 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
         }
         It 'EmailDN certs are created and command generated with correct identifiers' {
             # set the cert type
-            Set-JCRConfigFile -certType "EmailDN"
+            Set-JCRConfig -certType "EmailDN"
             # Get Cert Before
             $CertInfoBefore = Get-CertInfo -UserCerts -username $certTypeUser.username
             # Generate the user cert:
@@ -274,7 +274,7 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
         }
         It 'UsernameCn certs are created and command generated with correct identifiers' {
             # set the cert type
-            Set-JCRConfigFile -certType "usernameCn"
+            Set-JCRConfig -certType "usernameCn"
             # Get Cert Before
             $CertInfoBefore = Get-CertInfo -UserCerts -username $certTypeUser.username
             # Generate the user cert:
@@ -302,7 +302,7 @@ Describe 'Distribute User Cert Tests' -Tag 'Distribute' {
         }
         AfterAll {
             # set the cert type
-            Set-JCRConfigFile -certType "usernameCn"
+            Set-JCRConfig -certType "usernameCn"
         }
     }
     Context 'Duplicate Command / Command Result Tests' {
diff --git a/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1 b/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1
index bd1438c63..5ba6705e4 100644
--- a/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Public/Start-GenerateUserCerts.Tests.ps1
@@ -83,7 +83,7 @@ Describe 'Generate User Cert Tests' -Tag "GenerateUserCerts" {
             . "$JCRScriptRoot/Functions/Private/CertDeployment/Get-CertInfo.ps1"
             . "$JCRScriptRoot/Functions/Private/CertDeployment/Get-ExpiringCertInfo.ps1"
             # set the user cert validity to just 10 days
-            Set-JCRConfigFile -userCertValidityDays 10
+            Set-JCRConfig -userCertValidityDays 10
 
             # update cache
             Get-JCRGlobalVars -force -skipAssociation
@@ -105,7 +105,7 @@ Describe 'Generate User Cert Tests' -Tag "GenerateUserCerts" {
             # at this point expiring certs should be populated from beforeAll block
             $Global:expiringCerts | Should -Not -BeNullOrEmpty
             # set the user cert validity to 90 days
-            Set-JCRConfigFile -userCertValidityDays 90
+            Set-JCRConfig -userCertValidityDays 90
             # Get the certs before generation minus the .zip if it exists
             $certsBefore = Get-ChildItem -Path "$($global:JCRConfig.radiusDirectory.value)/UserCerts" -Filter "$($RandomUsername)*" -Exclude "*.zip"
             # get the date before
@@ -135,7 +135,7 @@ Describe 'Generate User Cert Tests' -Tag "GenerateUserCerts" {
         }
         AfterAll {
             # set the user cert validity to 90 days
-            Set-JCRConfigFile -userCertValidityDays 90
+            Set-JCRConfig -userCertValidityDays 90
         }
 
 
diff --git a/scripts/automation/Radius/Tests/SetupRadiusOrg.ps1 b/scripts/automation/Radius/Tests/SetupRadiusOrg.ps1
index 554830ebe..1cda1157b 100644
--- a/scripts/automation/Radius/Tests/SetupRadiusOrg.ps1
+++ b/scripts/automation/Radius/Tests/SetupRadiusOrg.ps1
@@ -77,7 +77,7 @@ $settings = @{
     }
 }
 
-Set-JCRConfigFile @settings
+Set-JCRConfig @settings
 # update the openSSL path:
 if ($IsMacOS) {
     $brewList = brew list openssl@3
diff --git a/scripts/automation/Radius/multi_group_radius.ps1 b/scripts/automation/Radius/multi_group_radius.ps1
index 16876789b..7a0c9f8a4 100644
--- a/scripts/automation/Radius/multi_group_radius.ps1
+++ b/scripts/automation/Radius/multi_group_radius.ps1
@@ -86,7 +86,7 @@ foreach ($radiusGroup in $radiusUserGroups) {
     # set the contents of the config for each user groupID
     $configContent = Get-Content -path $configPath
     # Update the userGroupID:
-    Set-JCRConfigFile -userGroup $radiusGroup.values
+    Set-JCRConfig -userGroup $radiusGroup.values
     # remove the radius members data file:
     if (Test-Path -Path $dataFilePath) {
         Remove-Item $dataFilePath -Force

From 922c00f7f1bca533c55a3d8e3b1250aac72200b9 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Fri, 20 Jun 2025 13:20:00 -0600
Subject: [PATCH 308/346] docs

---
 .../automation/Radius/JumpCloud.Radius.psd1   | 166 ++++----
 .../Radius/docs/JumpCloud.Radius.md           |   5 +-
 ...{Set-JCRConfigFile.md => Set-JCRConfig.md} |  94 +----
 .../Radius/en-Us/JumpCloud.Radius-help.xml    | 364 ++++++++++++++----
 4 files changed, 380 insertions(+), 249 deletions(-)
 rename scripts/automation/Radius/docs/{Set-JCRConfigFile.md => Set-JCRConfig.md} (60%)

diff --git a/scripts/automation/Radius/JumpCloud.Radius.psd1 b/scripts/automation/Radius/JumpCloud.Radius.psd1
index e387a255e..c4cef1bfb 100644
--- a/scripts/automation/Radius/JumpCloud.Radius.psd1
+++ b/scripts/automation/Radius/JumpCloud.Radius.psd1
@@ -3,133 +3,133 @@
 #
 # Generated by: JumpCloud Customer Tools Team
 #
-# Generated on: 6/18/2025
+# Generated on: 6/20/2025
 #
 
 @{
 
-    # Script module or binary module file associated with this manifest.
-    RootModule        = 'JumpCloud.Radius.psm1'
+# Script module or binary module file associated with this manifest.
+RootModule = 'JumpCloud.Radius.psm1'
 
-    # Version number of this module.
-    ModuleVersion     = '2.0.0'
+# Version number of this module.
+ModuleVersion = '2.0.0'
 
-    # Supported PSEditions
-    # CompatiblePSEditions = @()
+# Supported PSEditions
+# CompatiblePSEditions = @()
 
-    # ID used to uniquely identify this module
-    GUID              = '71bfaf58-3326-4512-9a7f-a2d9dc19d6b5'
+# ID used to uniquely identify this module
+GUID = '71bfaf58-3326-4512-9a7f-a2d9dc19d6b5'
 
-    # Author of this module
-    Author            = 'JumpCloud Customer Tools Team'
+# Author of this module
+Author = 'JumpCloud Customer Tools Team'
 
-    # Company or vendor of this module
-    CompanyName       = 'JumpCloud'
+# Company or vendor of this module
+CompanyName = 'JumpCloud'
 
-    # Copyright statement for this module
-    Copyright         = '(c) JumpCloud. All rights reserved.'
+# Copyright statement for this module
+Copyright = '(c) JumpCloud. All rights reserved.'
 
-    # Description of the functionality provided by this module
-    Description       = 'Module for managing JumpCloud Radius user certificates.'
+# Description of the functionality provided by this module
+Description = 'Module for managing JumpCloud Radius user certificates.'
 
-    # Minimum version of the PowerShell engine required by this module
-    PowerShellVersion = '7.0.0'
+# Minimum version of the PowerShell engine required by this module
+PowerShellVersion = '7.0.0'
 
-    # Name of the PowerShell host required by this module
-    # PowerShellHostName = ''
+# Name of the PowerShell host required by this module
+# PowerShellHostName = ''
 
-    # Minimum version of the PowerShell host required by this module
-    # PowerShellHostVersion = ''
+# Minimum version of the PowerShell host required by this module
+# PowerShellHostVersion = ''
 
-    # Minimum version of Microsoft .NET Framework required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
-    # DotNetFrameworkVersion = ''
+# Minimum version of Microsoft .NET Framework required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
+# DotNetFrameworkVersion = ''
 
-    # Minimum version of the common language runtime (CLR) required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
-    # ClrVersion = ''
+# Minimum version of the common language runtime (CLR) required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
+# ClrVersion = ''
 
-    # Processor architecture (None, X86, Amd64) required by this module
-    # ProcessorArchitecture = ''
+# Processor architecture (None, X86, Amd64) required by this module
+# ProcessorArchitecture = ''
 
-    # Modules that must be imported into the global environment prior to importing this module
-    RequiredModules   = @('JumpCloud')
+# Modules that must be imported into the global environment prior to importing this module
+RequiredModules = @('JumpCloud')
 
-    # Assemblies that must be loaded prior to importing this module
-    # RequiredAssemblies = @()
+# Assemblies that must be loaded prior to importing this module
+# RequiredAssemblies = @()
 
-    # Script files (.ps1) that are run in the caller's environment prior to importing this module.
-    # ScriptsToProcess = @()
+# Script files (.ps1) that are run in the caller's environment prior to importing this module.
+# ScriptsToProcess = @()
 
-    # Type files (.ps1xml) to be loaded when importing this module
-    # TypesToProcess = @()
+# Type files (.ps1xml) to be loaded when importing this module
+# TypesToProcess = @()
 
-    # Format files (.ps1xml) to be loaded when importing this module
-    # FormatsToProcess = @()
+# Format files (.ps1xml) to be loaded when importing this module
+# FormatsToProcess = @()
 
-    # Modules to import as nested modules of the module specified in RootModule/ModuleToProcess
-    # NestedModules = @()
+# Modules to import as nested modules of the module specified in RootModule/ModuleToProcess
+# NestedModules = @()
 
-    # Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export.
-    FunctionsToExport = 'Get-JCRCertReport', 'Get-JCRGlobalVars', 'Start-DeployUserCerts',
-    'Start-GenerateRootCert', 'Start-GenerateUserCerts',
-    'Start-MonitorCertDeployment', 'Start-RadiusDeployment',
-    'Set-JCRConfig', 'Update-JCRModule'
+# Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export.
+FunctionsToExport = 'Get-JCRCertReport', 'Get-JCRGlobalVars', 'Start-DeployUserCerts', 
+               'Start-GenerateRootCert', 'Start-GenerateUserCerts', 
+               'Start-MonitorCertDeployment', 'Start-RadiusDeployment', 
+               'Set-JCRConfig', 'Update-JCRModule'
 
-    # Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export.
-    CmdletsToExport   = @()
+# Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export.
+CmdletsToExport = @()
 
-    # Variables to export from this module
-    VariablesToExport = '*'
+# Variables to export from this module
+VariablesToExport = '*'
 
-    # Aliases to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no aliases to export.
-    AliasesToExport   = @()
+# Aliases to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no aliases to export.
+AliasesToExport = @()
 
-    # DSC resources to export from this module
-    # DscResourcesToExport = @()
+# DSC resources to export from this module
+# DscResourcesToExport = @()
 
-    # List of all modules packaged with this module
-    # ModuleList = @()
+# List of all modules packaged with this module
+# ModuleList = @()
 
-    # List of all files packaged with this module
-    # FileList = @()
+# List of all files packaged with this module
+# FileList = @()
 
-    # Private data to pass to the module specified in RootModule/ModuleToProcess. This may also contain a PSData hashtable with additional module metadata used by PowerShell.
-    PrivateData       = @{
+# Private data to pass to the module specified in RootModule/ModuleToProcess. This may also contain a PSData hashtable with additional module metadata used by PowerShell.
+PrivateData = @{
 
-        PSData = @{
+    PSData = @{
 
-            # Tags applied to this module. These help with module discovery in online galleries.
-            # Tags = @()
+        # Tags applied to this module. These help with module discovery in online galleries.
+        # Tags = @()
 
-            # A URL to the license for this module.
-            # LicenseUri = ''
+        # A URL to the license for this module.
+        # LicenseUri = ''
 
-            # A URL to the main website for this project.
-            # ProjectUri = ''
+        # A URL to the main website for this project.
+        # ProjectUri = ''
 
-            # A URL to an icon representing this module.
-            # IconUri = ''
+        # A URL to an icon representing this module.
+        # IconUri = ''
 
-            # ReleaseNotes of this module
-            # ReleaseNotes = ''
+        # ReleaseNotes of this module
+        # ReleaseNotes = ''
 
-            # Prerelease string of this module
-            # Prerelease = ''
+        # Prerelease string of this module
+        # Prerelease = ''
 
-            # Flag to indicate whether the module requires explicit user acceptance for install/update/save
-            # RequireLicenseAcceptance = $false
+        # Flag to indicate whether the module requires explicit user acceptance for install/update/save
+        # RequireLicenseAcceptance = $false
 
-            # External dependent modules of this module
-            # ExternalModuleDependencies = @()
+        # External dependent modules of this module
+        # ExternalModuleDependencies = @()
 
-        } # End of PSData hashtable
+    } # End of PSData hashtable
 
-    } # End of PrivateData hashtable
+} # End of PrivateData hashtable
 
-    # HelpInfo URI of this module
-    # HelpInfoURI = ''
+# HelpInfo URI of this module
+# HelpInfoURI = ''
 
-    # Default prefix for commands exported from this module. Override the default prefix using Import-Module -Prefix.
-    # DefaultCommandPrefix = ''
+# Default prefix for commands exported from this module. Override the default prefix using Import-Module -Prefix.
+# DefaultCommandPrefix = ''
 
 }
 
diff --git a/scripts/automation/Radius/docs/JumpCloud.Radius.md b/scripts/automation/Radius/docs/JumpCloud.Radius.md
index f6eccf3d4..ae5c4f3c0 100644
--- a/scripts/automation/Radius/docs/JumpCloud.Radius.md
+++ b/scripts/automation/Radius/docs/JumpCloud.Radius.md
@@ -17,7 +17,10 @@ Module for managing JumpCloud Radius user certificates.
 ### [Get-JCRGlobalVars](Get-JCRGlobalVars.md)
 {{ Fill in the Synopsis }}
 
-### [Set-JCRConfigFile](Set-JCRConfigFile.md)
+### [Set-JCRConfig](Set-JCRConfig.md)
+{{ Fill in the Synopsis }}
+
+### [Set-JCRConfig](Set-JCRConfig.md)
 {{ Fill in the Synopsis }}
 
 ### [Start-DeployUserCerts](Start-DeployUserCerts.md)
diff --git a/scripts/automation/Radius/docs/Set-JCRConfigFile.md b/scripts/automation/Radius/docs/Set-JCRConfig.md
similarity index 60%
rename from scripts/automation/Radius/docs/Set-JCRConfigFile.md
rename to scripts/automation/Radius/docs/Set-JCRConfig.md
index 6cb43ebb0..3fe398f4b 100644
--- a/scripts/automation/Radius/docs/Set-JCRConfigFile.md
+++ b/scripts/automation/Radius/docs/Set-JCRConfig.md
@@ -5,7 +5,7 @@ online version: /
 schema: 2.0.0
 ---
 
-# Set-JCRConfigFile
+# Set-JCRConfig
 
 ## SYNOPSIS
 {{ Fill in the Synopsis }}
@@ -13,13 +13,10 @@ schema: 2.0.0
 ## SYNTAX
 
 ```
-Set-JCRConfigFile [-certSubjectHeaderCountryCode <String>]
- [-radiusDirectory <String>] [-networkSSID <String>] [-certSubjectHeaderCommonName <String>]
- [-certSubjectHeaderLocality <String>] [-certSubjectHeaderOrganization <String>]
- [-certSubjectHeaderStateCode <String>] [-caCertValidityDays <Int32>] [-userGroup <String>]
- [-certType <String>] [-certSubjectHeaderOrganizationUnit <String>] [-userCertValidityDays <Int32>]
- [-lastUpdate <String>] [-certSecretPass <String>] [-openSSLBinary <String>]
- [-certExpirationWarningDays <Int32>] [<CommonParameters>]
+Set-JCRConfig [-certSubjectHeader <Hashtable>] [-networkSSID <String>]
+ [-lastUpdate <String>] [-certSecretPass <String>] [-openSSLBinary <String>] [-userCertValidityDays <Int32>]
+ [-radiusDirectory <String>] [-caCertValidityDays <Int32>] [-userGroup <String>]
+ [-certExpirationWarningDays <Int32>] [-certType <String>] [<CommonParameters>]
 ```
 
 ## DESCRIPTION
@@ -81,86 +78,11 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
-### -certSubjectHeaderCommonName
-sets the certSubjectHeaderCommonName config for the module
+### -certSubjectHeader
+sets the certSubjectHeader config for the module
 
 ```yaml
-Type: System.String
-Parameter Sets: (All)
-Aliases:
-
-Required: False
-Position: Named
-Default value: None
-Accept pipeline input: False
-Accept wildcard characters: False
-```
-
-### -certSubjectHeaderCountryCode
-sets the certSubjectHeaderCountryCode config for the module
-
-```yaml
-Type: System.String
-Parameter Sets: (All)
-Aliases:
-
-Required: False
-Position: Named
-Default value: None
-Accept pipeline input: False
-Accept wildcard characters: False
-```
-
-### -certSubjectHeaderLocality
-sets the certSubjectHeaderLocality config for the module
-
-```yaml
-Type: System.String
-Parameter Sets: (All)
-Aliases:
-
-Required: False
-Position: Named
-Default value: None
-Accept pipeline input: False
-Accept wildcard characters: False
-```
-
-### -certSubjectHeaderOrganization
-sets the certSubjectHeaderOrganization config for the module
-
-```yaml
-Type: System.String
-Parameter Sets: (All)
-Aliases:
-
-Required: False
-Position: Named
-Default value: None
-Accept pipeline input: False
-Accept wildcard characters: False
-```
-
-### -certSubjectHeaderOrganizationUnit
-sets the certSubjectHeaderOrganizationUnit config for the module
-
-```yaml
-Type: System.String
-Parameter Sets: (All)
-Aliases:
-
-Required: False
-Position: Named
-Default value: None
-Accept pipeline input: False
-Accept wildcard characters: False
-```
-
-### -certSubjectHeaderStateCode
-sets the certSubjectHeaderStateCode config for the module
-
-```yaml
-Type: System.String
+Type: System.Collections.Hashtable
 Parameter Sets: (All)
 Aliases:
 
diff --git a/scripts/automation/Radius/en-Us/JumpCloud.Radius-help.xml b/scripts/automation/Radius/en-Us/JumpCloud.Radius-help.xml
index ab41e37aa..a6395ccba 100644
--- a/scripts/automation/Radius/en-Us/JumpCloud.Radius-help.xml
+++ b/scripts/automation/Radius/en-Us/JumpCloud.Radius-help.xml
@@ -243,9 +243,9 @@
   </command:command>
   <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp">
     <command:details>
-      <command:name>Set-JCRConfigFile</command:name>
+      <command:name>Set-JCRConfig</command:name>
       <command:verb>Set</command:verb>
-      <command:noun>JCRConfigFile</command:noun>
+      <command:noun>JCRConfig</command:noun>
       <maml:description>
         <maml:para>{{ Fill in the Synopsis }}</maml:para>
       </maml:description>
@@ -255,7 +255,7 @@
     </maml:description>
     <command:syntax>
       <command:syntaxItem>
-        <maml:name>Set-JCRConfigFile</maml:name>
+        <maml:name>Set-JCRConfig</maml:name>
         <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
           <maml:name>caCertValidityDays</maml:name>
           <maml:description>
@@ -293,73 +293,13 @@
           <dev:defaultValue>None</dev:defaultValue>
         </command:parameter>
         <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
-          <maml:name>certSubjectHeaderCommonName</maml:name>
+          <maml:name>certSubjectHeader</maml:name>
           <maml:description>
-            <maml:para>sets the certSubjectHeaderCommonName config for the module</maml:para>
+            <maml:para>sets the certSubjectHeader config for the module</maml:para>
           </maml:description>
-          <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
-          <dev:type>
-            <maml:name>System.String</maml:name>
-            <maml:uri />
-          </dev:type>
-          <dev:defaultValue>None</dev:defaultValue>
-        </command:parameter>
-        <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
-          <maml:name>certSubjectHeaderCountryCode</maml:name>
-          <maml:description>
-            <maml:para>sets the certSubjectHeaderCountryCode config for the module</maml:para>
-          </maml:description>
-          <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
-          <dev:type>
-            <maml:name>System.String</maml:name>
-            <maml:uri />
-          </dev:type>
-          <dev:defaultValue>None</dev:defaultValue>
-        </command:parameter>
-        <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
-          <maml:name>certSubjectHeaderLocality</maml:name>
-          <maml:description>
-            <maml:para>sets the certSubjectHeaderLocality config for the module</maml:para>
-          </maml:description>
-          <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
-          <dev:type>
-            <maml:name>System.String</maml:name>
-            <maml:uri />
-          </dev:type>
-          <dev:defaultValue>None</dev:defaultValue>
-        </command:parameter>
-        <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
-          <maml:name>certSubjectHeaderOrganization</maml:name>
-          <maml:description>
-            <maml:para>sets the certSubjectHeaderOrganization config for the module</maml:para>
-          </maml:description>
-          <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
+          <command:parameterValue required="true" variableLength="false">System.Collections.Hashtable</command:parameterValue>
           <dev:type>
-            <maml:name>System.String</maml:name>
-            <maml:uri />
-          </dev:type>
-          <dev:defaultValue>None</dev:defaultValue>
-        </command:parameter>
-        <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
-          <maml:name>certSubjectHeaderOrganizationUnit</maml:name>
-          <maml:description>
-            <maml:para>sets the certSubjectHeaderOrganizationUnit config for the module</maml:para>
-          </maml:description>
-          <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
-          <dev:type>
-            <maml:name>System.String</maml:name>
-            <maml:uri />
-          </dev:type>
-          <dev:defaultValue>None</dev:defaultValue>
-        </command:parameter>
-        <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
-          <maml:name>certSubjectHeaderStateCode</maml:name>
-          <maml:description>
-            <maml:para>sets the certSubjectHeaderStateCode config for the module</maml:para>
-          </maml:description>
-          <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
-          <dev:type>
-            <maml:name>System.String</maml:name>
+            <maml:name>System.Collections.Hashtable</maml:name>
             <maml:uri />
           </dev:type>
           <dev:defaultValue>None</dev:defaultValue>
@@ -489,9 +429,21 @@
         <dev:defaultValue>None</dev:defaultValue>
       </command:parameter>
       <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
-        <maml:name>certSubjectHeaderCommonName</maml:name>
+        <maml:name>certSubjectHeader</maml:name>
         <maml:description>
-          <maml:para>sets the certSubjectHeaderCommonName config for the module</maml:para>
+          <maml:para>sets the certSubjectHeader config for the module</maml:para>
+        </maml:description>
+        <command:parameterValue required="true" variableLength="false">System.Collections.Hashtable</command:parameterValue>
+        <dev:type>
+          <maml:name>System.Collections.Hashtable</maml:name>
+          <maml:uri />
+        </dev:type>
+        <dev:defaultValue>None</dev:defaultValue>
+      </command:parameter>
+      <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
+        <maml:name>certType</maml:name>
+        <maml:description>
+          <maml:para>sets the certType config for the module</maml:para>
         </maml:description>
         <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
         <dev:type>
@@ -501,9 +453,9 @@
         <dev:defaultValue>None</dev:defaultValue>
       </command:parameter>
       <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
-        <maml:name>certSubjectHeaderCountryCode</maml:name>
+        <maml:name>lastUpdate</maml:name>
         <maml:description>
-          <maml:para>sets the certSubjectHeaderCountryCode config for the module</maml:para>
+          <maml:para>sets the lastUpdate config for the module</maml:para>
         </maml:description>
         <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
         <dev:type>
@@ -513,9 +465,9 @@
         <dev:defaultValue>None</dev:defaultValue>
       </command:parameter>
       <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
-        <maml:name>certSubjectHeaderLocality</maml:name>
+        <maml:name>networkSSID</maml:name>
         <maml:description>
-          <maml:para>sets the certSubjectHeaderLocality config for the module</maml:para>
+          <maml:para>sets the networkSSID config for the module</maml:para>
         </maml:description>
         <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
         <dev:type>
@@ -525,9 +477,9 @@
         <dev:defaultValue>None</dev:defaultValue>
       </command:parameter>
       <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
-        <maml:name>certSubjectHeaderOrganization</maml:name>
+        <maml:name>openSSLBinary</maml:name>
         <maml:description>
-          <maml:para>sets the certSubjectHeaderOrganization config for the module</maml:para>
+          <maml:para>sets the openSSLBinary config for the module</maml:para>
         </maml:description>
         <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
         <dev:type>
@@ -536,10 +488,11 @@
         </dev:type>
         <dev:defaultValue>None</dev:defaultValue>
       </command:parameter>
+
       <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
-        <maml:name>certSubjectHeaderOrganizationUnit</maml:name>
+        <maml:name>radiusDirectory</maml:name>
         <maml:description>
-          <maml:para>sets the certSubjectHeaderOrganizationUnit config for the module</maml:para>
+          <maml:para>sets the radiusDirectory config for the module</maml:para>
         </maml:description>
         <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
         <dev:type>
@@ -549,9 +502,21 @@
         <dev:defaultValue>None</dev:defaultValue>
       </command:parameter>
       <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
-        <maml:name>certSubjectHeaderStateCode</maml:name>
+        <maml:name>userCertValidityDays</maml:name>
+        <maml:description>
+          <maml:para>sets the userCertValidityDays config for the module</maml:para>
+        </maml:description>
+        <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue>
+        <dev:type>
+          <maml:name>System.Int32</maml:name>
+          <maml:uri />
+        </dev:type>
+        <dev:defaultValue>None</dev:defaultValue>
+      </command:parameter>
+      <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
+        <maml:name>userGroup</maml:name>
         <maml:description>
-          <maml:para>sets the certSubjectHeaderStateCode config for the module</maml:para>
+          <maml:para>sets the userGroup config for the module</maml:para>
         </maml:description>
         <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
         <dev:type>
@@ -560,6 +525,247 @@
         </dev:type>
         <dev:defaultValue>None</dev:defaultValue>
       </command:parameter>
+    </command:parameters>
+    <command:inputTypes>
+      <command:inputType>
+        <dev:type>
+          <maml:name>None</maml:name>
+        </dev:type>
+        <maml:description>
+          <maml:para></maml:para>
+        </maml:description>
+      </command:inputType>
+    </command:inputTypes>
+    <command:returnValues>
+      <command:returnValue>
+        <dev:type>
+          <maml:name>System.Object</maml:name>
+        </dev:type>
+        <maml:description>
+          <maml:para></maml:para>
+        </maml:description>
+      </command:returnValue>
+    </command:returnValues>
+    <maml:alertSet>
+      <maml:alert>
+        <maml:para></maml:para>
+      </maml:alert>
+    </maml:alertSet>
+    <command:examples>
+      <command:example>
+        <maml:title>-------------------------- Example 1 --------------------------</maml:title>
+        <dev:code>PS C:\&gt; {{ Add example code here }}</dev:code>
+        <dev:remarks>
+          <maml:para>{{ Add example description here }}</maml:para>
+        </dev:remarks>
+      </command:example>
+    </command:examples>
+    <command:relatedLinks>
+      <maml:navigationLink>
+        <maml:linkText>Online Version:</maml:linkText>
+        <maml:uri>/</maml:uri>
+      </maml:navigationLink>
+    </command:relatedLinks>
+  </command:command>
+  <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp">
+    <command:details>
+      <command:name>Set-JCRConfig</command:name>
+      <command:verb>Set</command:verb>
+      <command:noun>JCRConfig</command:noun>
+      <maml:description>
+        <maml:para>{{ Fill in the Synopsis }}</maml:para>
+      </maml:description>
+    </command:details>
+    <maml:description>
+      <maml:para>{{ Fill in the Description }}</maml:para>
+    </maml:description>
+    <command:syntax>
+      <command:syntaxItem>
+        <maml:name>Set-JCRConfig</maml:name>
+        <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
+          <maml:name>caCertValidityDays</maml:name>
+          <maml:description>
+            <maml:para>sets the caCertValidityDays config for the module</maml:para>
+          </maml:description>
+          <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue>
+          <dev:type>
+            <maml:name>System.Int32</maml:name>
+            <maml:uri />
+          </dev:type>
+          <dev:defaultValue>None</dev:defaultValue>
+        </command:parameter>
+        <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
+          <maml:name>certExpirationWarningDays</maml:name>
+          <maml:description>
+            <maml:para>sets the certExpirationWarningDays config for the module</maml:para>
+          </maml:description>
+          <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue>
+          <dev:type>
+            <maml:name>System.Int32</maml:name>
+            <maml:uri />
+          </dev:type>
+          <dev:defaultValue>None</dev:defaultValue>
+        </command:parameter>
+        <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
+          <maml:name>certSecretPass</maml:name>
+          <maml:description>
+            <maml:para>sets the certSecretPass config for the module</maml:para>
+          </maml:description>
+          <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
+          <dev:type>
+            <maml:name>System.String</maml:name>
+            <maml:uri />
+          </dev:type>
+          <dev:defaultValue>None</dev:defaultValue>
+        </command:parameter>
+        <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
+          <maml:name>certSubjectHeader</maml:name>
+          <maml:description>
+            <maml:para>sets the certSubjectHeader config for the module</maml:para>
+          </maml:description>
+          <command:parameterValue required="true" variableLength="false">System.Collections.Hashtable</command:parameterValue>
+          <dev:type>
+            <maml:name>System.Collections.Hashtable</maml:name>
+            <maml:uri />
+          </dev:type>
+          <dev:defaultValue>None</dev:defaultValue>
+        </command:parameter>
+        <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
+          <maml:name>certType</maml:name>
+          <maml:description>
+            <maml:para>sets the certType config for the module</maml:para>
+          </maml:description>
+          <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
+          <dev:type>
+            <maml:name>System.String</maml:name>
+            <maml:uri />
+          </dev:type>
+          <dev:defaultValue>None</dev:defaultValue>
+        </command:parameter>
+        <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
+          <maml:name>lastUpdate</maml:name>
+          <maml:description>
+            <maml:para>sets the lastUpdate config for the module</maml:para>
+          </maml:description>
+          <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
+          <dev:type>
+            <maml:name>System.String</maml:name>
+            <maml:uri />
+          </dev:type>
+          <dev:defaultValue>None</dev:defaultValue>
+        </command:parameter>
+        <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
+          <maml:name>networkSSID</maml:name>
+          <maml:description>
+            <maml:para>sets the networkSSID config for the module</maml:para>
+          </maml:description>
+          <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
+          <dev:type>
+            <maml:name>System.String</maml:name>
+            <maml:uri />
+          </dev:type>
+          <dev:defaultValue>None</dev:defaultValue>
+        </command:parameter>
+        <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
+          <maml:name>openSSLBinary</maml:name>
+          <maml:description>
+            <maml:para>sets the openSSLBinary config for the module</maml:para>
+          </maml:description>
+          <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
+          <dev:type>
+            <maml:name>System.String</maml:name>
+            <maml:uri />
+          </dev:type>
+          <dev:defaultValue>None</dev:defaultValue>
+        </command:parameter>
+
+        <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
+          <maml:name>radiusDirectory</maml:name>
+          <maml:description>
+            <maml:para>sets the radiusDirectory config for the module</maml:para>
+          </maml:description>
+          <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
+          <dev:type>
+            <maml:name>System.String</maml:name>
+            <maml:uri />
+          </dev:type>
+          <dev:defaultValue>None</dev:defaultValue>
+        </command:parameter>
+        <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
+          <maml:name>userCertValidityDays</maml:name>
+          <maml:description>
+            <maml:para>sets the userCertValidityDays config for the module</maml:para>
+          </maml:description>
+          <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue>
+          <dev:type>
+            <maml:name>System.Int32</maml:name>
+            <maml:uri />
+          </dev:type>
+          <dev:defaultValue>None</dev:defaultValue>
+        </command:parameter>
+        <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
+          <maml:name>userGroup</maml:name>
+          <maml:description>
+            <maml:para>sets the userGroup config for the module</maml:para>
+          </maml:description>
+          <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
+          <dev:type>
+            <maml:name>System.String</maml:name>
+            <maml:uri />
+          </dev:type>
+          <dev:defaultValue>None</dev:defaultValue>
+        </command:parameter>
+      </command:syntaxItem>
+    </command:syntax>
+    <command:parameters>
+      <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
+        <maml:name>caCertValidityDays</maml:name>
+        <maml:description>
+          <maml:para>sets the caCertValidityDays config for the module</maml:para>
+        </maml:description>
+        <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue>
+        <dev:type>
+          <maml:name>System.Int32</maml:name>
+          <maml:uri />
+        </dev:type>
+        <dev:defaultValue>None</dev:defaultValue>
+      </command:parameter>
+      <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
+        <maml:name>certExpirationWarningDays</maml:name>
+        <maml:description>
+          <maml:para>sets the certExpirationWarningDays config for the module</maml:para>
+        </maml:description>
+        <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue>
+        <dev:type>
+          <maml:name>System.Int32</maml:name>
+          <maml:uri />
+        </dev:type>
+        <dev:defaultValue>None</dev:defaultValue>
+      </command:parameter>
+      <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
+        <maml:name>certSecretPass</maml:name>
+        <maml:description>
+          <maml:para>sets the certSecretPass config for the module</maml:para>
+        </maml:description>
+        <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
+        <dev:type>
+          <maml:name>System.String</maml:name>
+          <maml:uri />
+        </dev:type>
+        <dev:defaultValue>None</dev:defaultValue>
+      </command:parameter>
+      <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
+        <maml:name>certSubjectHeader</maml:name>
+        <maml:description>
+          <maml:para>sets the certSubjectHeader config for the module</maml:para>
+        </maml:description>
+        <command:parameterValue required="true" variableLength="false">System.Collections.Hashtable</command:parameterValue>
+        <dev:type>
+          <maml:name>System.Collections.Hashtable</maml:name>
+          <maml:uri />
+        </dev:type>
+        <dev:defaultValue>None</dev:defaultValue>
+      </command:parameter>
       <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
         <maml:name>certType</maml:name>
         <maml:description>

From 3fa443f557fa2ec20979d927c8778b3e1e7fad7a Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Fri, 20 Jun 2025 13:45:18 -0600
Subject: [PATCH 309/346] update emailSan extensions

---
 .../Private/CertGeneration/Generate-UserCert.ps1          | 8 ++++----
 .../Private/CertGeneration/Set-JCRExtensionFile.ps1       | 2 +-
 .../Tests/Private/Config/Confirm-JCRConfig.Tests.ps1      | 4 ----
 3 files changed, 5 insertions(+), 9 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Private/CertGeneration/Generate-UserCert.ps1 b/scripts/automation/Radius/Functions/Private/CertGeneration/Generate-UserCert.ps1
index c502bbe95..fd3206588 100644
--- a/scripts/automation/Radius/Functions/Private/CertGeneration/Generate-UserCert.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertGeneration/Generate-UserCert.ps1
@@ -55,18 +55,18 @@ function Generate-UserCert {
                 $extContent = Get-Content -Path $ExtensionPath -Raw
                 $extContent -replace ("subjectAltName.*", "subjectAltName = email:$($user.email)") | Set-Content -Path $ExtensionPath -NoNewline -Force
                 # Get CSR & Key
-                Write-Host "[status] Get CSR & Key"
+                # Write-Host "[status] Get CSR & Key"
                 Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) req -newkey rsa:2048 -nodes -keyout `"$userKey`" -subj `"/C=$($($global:JCRConfig.certSubjectHeader.Value.CountryCode))/ST=$($($global:JCRConfig.certSubjectHeader.Value.StateCode))/L=$($($global:JCRConfig.certSubjectHeader.Value.Locality))/O=$($JCORGID)/OU=$($($global:JCRConfig.certSubjectHeader.Value.OrganizationUnit))`" -out `"$userCsr`""
 
                 # take signing request, make cert # specify extensions requets
-                Write-Host "[status] take signing request, make cert # specify extensions requets"
+                # Write-Host "[status] take signing request, make cert # specify extensions requets"
                 Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) x509 -req -extfile `"$ExtensionPath`" -days $($global:JCRConfig.userCertValidityDays.value) -in `"$userCsr`" -CA `"$rootCA`" -CAkey `"$rootCAKey`" -passin pass:$($env:certKeyPassword) -CAcreateserial -out `"$userCert`" -extensions v3_req"
 
                 # validate the cert we cant see it once it goes to pfx
-                Write-Host "[status] validate the cert we cant see it once it goes to pfx"
+                # Write-Host "[status] validate the cert we cant see it once it goes to pfx"
                 Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) x509 -noout -text -in `"$userCert`""
                 # legacy needed if we take a cert like this then pass it out
-                Write-Host "[status] legacy needed if we take a cert like this then pass it out"
+                # Write-Host "[status] legacy needed if we take a cert like this then pass it out"
                 Invoke-Expression "$($global:JCRConfig.openSSLBinary.value) pkcs12 -export -out `"$userPfx`" -inkey `"$userKey`" -in `"$userCert`" -passout pass:$($JCR_USER_CERT_PASS) -legacy"
             }
             'EmailDn' {
diff --git a/scripts/automation/Radius/Functions/Private/CertGeneration/Set-JCRExtensionFile.ps1 b/scripts/automation/Radius/Functions/Private/CertGeneration/Set-JCRExtensionFile.ps1
index 345793104..97f922b99 100644
--- a/scripts/automation/Radius/Functions/Private/CertGeneration/Set-JCRExtensionFile.ps1
+++ b/scripts/automation/Radius/Functions/Private/CertGeneration/Set-JCRExtensionFile.ps1
@@ -70,7 +70,7 @@ authorityInfoAccess = OCSP;URI:http://localhost:9000
                 Set-Content -Path $ext.FullName -Value $emailDNHereString -NoNewline -Force
             }
             'extensions-emailSAN.cnf' {
-                Set-Content -Path $ext.FullName -Value $emailDNHereString -NoNewline -Force
+                Set-Content -Path $ext.FullName -Value $emailSANHereString -NoNewline -Force
             }
             'extensions-usernameCN.cnf' {
                 Set-Content -Path $ext.FullName -Value $usernameCNHereString -NoNewline -Force
diff --git a/scripts/automation/Radius/Tests/Private/Config/Confirm-JCRConfig.Tests.ps1 b/scripts/automation/Radius/Tests/Private/Config/Confirm-JCRConfig.Tests.ps1
index c71fe9a3c..d2f61a82e 100644
--- a/scripts/automation/Radius/Tests/Private/Config/Confirm-JCRConfig.Tests.ps1
+++ b/scripts/automation/Radius/Tests/Private/Config/Confirm-JCRConfig.Tests.ps1
@@ -99,10 +99,6 @@ Describe 'Confirm-JCRConfig Tests' -Tag "Acceptance" {
                     }
                 }
             }
-
-            It "Confirm-JCRConfig should throw when the config is missing required settings" {
-                { Confirm-JCRConfig } | Should -Throw
-            }
         }
     }
     Context "Validation for individual setting" {

From 3174d9ad4a6de7c18895774f5032ef2a590ef681 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Mon, 23 Jun 2025 13:15:55 -0600
Subject: [PATCH 310/346] openSSL validation

---
 .../Functions/Private/Config/Confirm-JCRConfig.ps1       | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/scripts/automation/Radius/Functions/Private/Config/Confirm-JCRConfig.ps1 b/scripts/automation/Radius/Functions/Private/Config/Confirm-JCRConfig.ps1
index 2d015fadc..605a9843a 100644
--- a/scripts/automation/Radius/Functions/Private/Config/Confirm-JCRConfig.ps1
+++ b/scripts/automation/Radius/Functions/Private/Config/Confirm-JCRConfig.ps1
@@ -23,7 +23,14 @@ function Confirm-JCRConfig {
             switch ($settingName) {
                 'openSSLBinary' {
                     if ($settingName -eq 'openSSLBinary' -and $settingValue.value -ne $null) {
-                        Get-OpenSSLVersion -opensslBinary $settingValue.value
+                        $openSSLValid = Get-OpenSSLVersion -opensslBinary $settingValue.value
+                        if (-not $openSSLValid) {
+                            if (-not $loadModule) {
+                                throw "The `'$settingName`' value is not a valid OpenSSL binary path.`nThe value: `'$($settingValue.value)`' is not valid."
+                            } else {
+                                Write-Warning "The `'$settingName`' value is not a valid OpenSSL binary path.`nThe value: `'$($settingValue.value)`' is not valid."
+                            }
+                        }
                     }
                 }
                 'certSubjectHeader' {

From 4d65784b4784a8021968bccd5d18773c632cafdf Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Mon, 23 Jun 2025 13:17:19 -0600
Subject: [PATCH 311/346] JCRConfig in readme.md

---
 scripts/automation/Radius/readme.md | 30 ++++++++++++++---------------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/scripts/automation/Radius/readme.md b/scripts/automation/Radius/readme.md
index 0f22b10c0..480715547 100644
--- a/scripts/automation/Radius/readme.md
+++ b/scripts/automation/Radius/readme.md
@@ -11,7 +11,7 @@ This automation has been tested with OpenSSL 3.1.1. OpenSSL 3.x.x is required to
 - OpenSSL 3.x.x (Tested with 3.1.1) (see macOS/ Windows requirements below)
 - [JumpCloud PowerShell Module](https://www.powershellgallery.com/packages/JumpCloud)
 - Certificate Authority (CA) (either from a vendor or self-generated)
-- Module Settings Configured with `Set-JCRConfigFile` cmdlet
+- Module Settings Configured with `Set-JCRConfig` cmdlet
 - JumpCloud Organization API Key (Read/ Write Access Required)
   - JumpCloud API Key Set (Read/ Write Access Required)
   - JumpCloud ORG ID Set
@@ -30,7 +30,7 @@ Update the `openSSLBinary` to point to `'/usr/local/Cellar/openssl@3/3.1.1/bin/o
 ex:
 
 ```powershell
-Set-JCRConfigFile -openSSLBinary '/opt/homebrew/opt/openssl@3/bin/openssl'
+Set-JCRConfig -openSSLBinary '/opt/homebrew/opt/openssl@3/bin/openssl'
 ```
 
 ````
@@ -88,7 +88,7 @@ $settings = @{
     openSSLBinary                     = '/opt/homebrew/bin/openssl'
 }
 
-Set-JCRConfigFile @settings
+Set-JCRConfig @settings
 ````
 
 #### Set or update the Radius Directory
@@ -98,7 +98,7 @@ The Radius Directory is the location where all generated CAs and User Certificat
 To set the Radius Directory, run the following command in a PowerShell terminal window:
 
 ```powershell
-Set-JCRConfigFile -radiusDirectory '/Users/username/RADIUS'
+Set-JCRConfig -radiusDirectory '/Users/username/RADIUS'
 ```
 
 #### Set or update the User Cert Validity Days
@@ -108,7 +108,7 @@ The user certificate validity days is the number of days a user certificate will
 To set the user certificate validity days, run the following command in a PowerShell terminal window:
 
 ```powershell
-Set-JCRConfigFile -userCertValidityDays 365
+Set-JCRConfig -userCertValidityDays 365
 ```
 
 #### Set or update the CA Cert Validity Days
@@ -118,7 +118,7 @@ The CA certificate validity days is the number of days a CA certificate will be
 To set the CA certificate validity days, run the following command in a PowerShell terminal window:
 
 ```powershell
-Set-JCRConfigFile -caCertValidityDays 1095
+Set-JCRConfig -caCertValidityDays 1095
 ```
 
 #### Set or update the Certificate Expiration Warning Days
@@ -128,7 +128,7 @@ The certificate expiration warning days is the number of days before a user cert
 To set the certificate expiration warning days, run the following command in a PowerShell terminal window:
 
 ```powershell
-Set-JCRConfigFile -certExpirationWarningDays 15
+Set-JCRConfig -certExpirationWarningDays 15
 ```
 
 #### Set or update the certificate secret password
@@ -138,12 +138,12 @@ The certificate secret password is used to protect the private key of the user c
 To set the certificate secret password, run the following command in a PowerShell terminal window:
 
 ```powershell
-Set-JCRConfigFile -certSecretPass 'Your_Secret_Password'
+Set-JCRConfig -certSecretPass 'Your_Secret_Password'
 ```
 
 #### Set or update the Radius User Group
 
-To change the JumpCloud user group with access to the Radius server use the `Set-JCRConfigFile` cmdlet. To get the ID of a user group, navigate to the user group within the JumpCloud Administrator Console.
+To change the JumpCloud user group with access to the Radius server use the `Set-JCRConfig` cmdlet. To get the ID of a user group, navigate to the user group within the JumpCloud Administrator Console.
 
 After selecting the User Group, view the url for the user group it should look similar to this url:
 `https://console.jumpcloud.com/#/groups/user/5f3171a9232e1113939dd6a2/details`
@@ -153,7 +153,7 @@ The ID of the selected userGroup is the 24 character string between `/user/` and
 To set the user group ID, run the following command in a PowerShell terminal window:
 
 ```powershell
-Set-JCRConfigFile -userGroup '5f3171a9232e1113939dd6a2'
+Set-JCRConfig -userGroup '5f3171a9232e1113939dd6a2'
 ```
 
 #### Set or update the network SSID Name
@@ -163,7 +163,7 @@ On macOS hosts, the user certificate will be set to automatically authenticate t
 To set the network SSID, run the following command in a PowerShell terminal window:
 
 ```powershell
-Set-JCRConfigFile -networkSSID 'Your_SSID'
+Set-JCRConfig -networkSSID 'Your_SSID'
 ```
 
 #### Set the openSSL Binary location
@@ -177,7 +177,7 @@ Else, for Windows systems, installing OpenSSL and setting an environment variabl
 To set the OpenSSL binary location, run the following command in a PowerShell terminal window:
 
 ```powershell
-Set-JCRConfigFile -openSSLBinary '/opt/homebrew/opt/openssl@3/bin/openssl'
+Set-JCRConfig -openSSLBinary '/opt/homebrew/opt/openssl@3/bin/openssl'
 ```
 
 #### Set Your Certificate Subject Headers
@@ -187,7 +187,7 @@ Set the Country, State, Locality, Organization, Organization Unit and Common Nam
 To set the subject headers, run the following command in a PowerShell terminal window:
 
 ```powershell
-Set-JCRConfigFile -certSubjectHeader @{
+Set-JCRConfig -certSubjectHeader @{
         CountryCode      = "Your_Country_Code"
         StateCode        = "Your_State_Code"
         Locality         = "Your_City"
@@ -204,7 +204,7 @@ Set the type of user cert to generate to either `EmailSAN`, `EmailDN` or `Userna
 To set the user certificate type, run the following command in a PowerShell terminal window:
 
 ```powershell
-Set-JCRConfigFile -certType 'UsernameCn'
+Set-JCRConfig -certType 'UsernameCn'
 ```
 
 ##### Email Subject Alternative Name (EmailSAN)
@@ -349,7 +349,7 @@ After a user's certificate has been distributed to a system, those users can the
 
 ### macOS
 
-If the `networkSSID` setting is set with `Set-JCRConfigFile`, macOS users will only be prompted once to let `eapolclient` access the private key from the installed certificate. If the end user selects `Always Allow`, the'll not be prompted to enter their password for the entire life cycle of the user certificate, only when new certificates are deployed will end users have to re-enter their login password.
+If the `networkSSID` setting is set with `Set-JCRConfig`, macOS users will only be prompted once to let `eapolclient` access the private key from the installed certificate. If the end user selects `Always Allow`, the'll not be prompted to enter their password for the entire life cycle of the user certificate, only when new certificates are deployed will end users have to re-enter their login password.
 
 In macOS a user simply needs to select the radius network from the wireless networks dialog prompt. A prompt to select a user certificate should be displayed, select the user certificate from the drop down menu and click "OK"
 

From 2ce1b5c5ed63fba5624506806d21fdc8ff5052f0 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Mon, 23 Jun 2025 13:23:57 -0600
Subject: [PATCH 312/346] openssl location

---
 .../Radius/Tests/ModuleValidation/ModuleVersion.Tests.ps1       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/automation/Radius/Tests/ModuleValidation/ModuleVersion.Tests.ps1 b/scripts/automation/Radius/Tests/ModuleValidation/ModuleVersion.Tests.ps1
index ad516bb1c..854ee1e29 100644
--- a/scripts/automation/Radius/Tests/ModuleValidation/ModuleVersion.Tests.ps1
+++ b/scripts/automation/Radius/Tests/ModuleValidation/ModuleVersion.Tests.ps1
@@ -39,7 +39,7 @@ Describe "Module Version Tests" -Tag "ModuleValidation" {
                 certSecretPass    = "secret1234!"
                 networkSSID       = "TP-Link_SSID"
                 userGroup         = "5f3171a9232e1113939dd6a2"
-                openSSLBinary     = '/opt/homebrew/bin/openssl'
+                openSSLBinary     = 'openssl'
                 certSubjectHeader = @{
                     CountryCode      = "US"
                     StateCode        = "CO"

From 8ce48f9fc0b89aca4b60fac31c55dc8719e7a87c Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Mon, 23 Jun 2025 16:01:09 -0600
Subject: [PATCH 313/346] remove items from multiGroupRadius automation script

---
 scripts/automation/Radius/multi_group_radius.ps1 | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/scripts/automation/Radius/multi_group_radius.ps1 b/scripts/automation/Radius/multi_group_radius.ps1
index 7a0c9f8a4..6131b3599 100644
--- a/scripts/automation/Radius/multi_group_radius.ps1
+++ b/scripts/automation/Radius/multi_group_radius.ps1
@@ -60,7 +60,7 @@ $EncryptedCertData = Get-Content "$PSScriptRoot/keyCert.encrypted"
 $env:certKeyPassword = $EncryptedCertData | ConvertTo-SecureString | ConvertFrom-SecureString -AsPlainText
 $EncryptedData = Get-Content "$PSScriptRoot/key.encrypted"
 $env:JCAPIKEY = $EncryptedData | ConvertTo-SecureString | ConvertFrom-SecureString -AsPlainText
-# validate that the jumpcloud API key is set as an ENV var
+# validate that the JumpCloud API key is set as an ENV var
 if ( -not $env:certKeyPassword) {
     throw "the Cert Key Password is not set, please set the cert key password as an Env variable"
 }
@@ -69,7 +69,7 @@ if ( -not $env:JCAPIKEY) {
     throw "the Api Key is not set, please set the API key as an Env variable"
 } else {
     Write-ToLog -Message ("Connecting to JumpCloud Organization")
-    import-module jumpcloud
+    import-module JumpCloud
     Connect-JCOnline -JumpCloudApiKey $env:JCAPIKEY -force
 }
 
@@ -83,8 +83,6 @@ foreach ($radiusGroup in $radiusUserGroups) {
     <# $currentItemName is the current item #>
     Write-ToLog -Message ("Processing Radius User Group: $($radiusGroup.keys) | $($radiusGroup.values) ")
     Write-Warning "Processing Radius User Group: $($radiusGroup.keys) | $($radiusGroup.values) "
-    # set the contents of the config for each user groupID
-    $configContent = Get-Content -path $configPath
     # Update the userGroupID:
     Set-JCRConfig -userGroup $radiusGroup.values
     # remove the radius members data file:

From 4b61e751c75c84f6f71c4a67f55301bf760cd9a5 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Mon, 23 Jun 2025 16:01:32 -0600
Subject: [PATCH 314/346] update set-JCRConfig to hide true/false from
 validating radius directory

---
 .../Functions/Public/Config/Set-JCRConfig.ps1 | 20 +++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Public/Config/Set-JCRConfig.ps1 b/scripts/automation/Radius/Functions/Public/Config/Set-JCRConfig.ps1
index dd03090b1..2bce976ba 100644
--- a/scripts/automation/Radius/Functions/Public/Config/Set-JCRConfig.ps1
+++ b/scripts/automation/Radius/Functions/Public/Config/Set-JCRConfig.ps1
@@ -63,7 +63,10 @@ function Set-JCRConfig {
             switch ($param) {
                 'radiusDirectory' {
                     # validate the directory
-                    Test-JCRRadiusDirectory -Path $params[$param]
+                    $validRadiusDir = Test-JCRRadiusDirectory -Path $params[$param]
+                    if (-not $validRadiusDir) {
+                        Write-Error "The radius directory path '$($params[$param])' is not valid or does not exist. Please create this directory before trying again."
+                    }
                 }
             }
             # set the value of the config setting to the value passed into this function
@@ -80,15 +83,12 @@ function Set-JCRConfig {
     }
 
     end {
-        # Write out the new settings
-        Write-Host "---------Updated settings--------------"
-        Write-Host "[status] Module Path : $($ModuleRoot)"
-        Write-Host "[Status] JCRConfig Settings:"
-        foreach ($setting in $global:JCRConfig.PSObject.Properties) {
-            Write-Host ("$($setting.Name): $($setting.Value.value)")
+        try {
+            $global:JCRConfig | ConvertTo-Json -Depth 10 | Out-File -FilePath $configFilePath
+            Confirm-JCRConfig
+        } catch {
+            Write-Error "Failed to validate JCRConfig File: $_"
+            throw
         }
-        Write-Host "-----------------------"
-        $global:JCRConfig | ConvertTo-Json -Depth 10 | Out-File -FilePath $configFilePath
-        Confirm-JCRConfig
     }
 }
\ No newline at end of file

From 8a173534eb302b320fbaac9ee7838eaf6197f191 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Mon, 23 Jun 2025 16:53:22 -0600
Subject: [PATCH 315/346] warn if openssl is null + 2.1.0 version

---
 .../Private/Config/Confirm-JCRConfig.ps1      |   4 +-
 .../automation/Radius/JumpCloud.Radius.psd1   | 164 +++++++++---------
 2 files changed, 85 insertions(+), 83 deletions(-)

diff --git a/scripts/automation/Radius/Functions/Private/Config/Confirm-JCRConfig.ps1 b/scripts/automation/Radius/Functions/Private/Config/Confirm-JCRConfig.ps1
index 605a9843a..0a3a7b6d3 100644
--- a/scripts/automation/Radius/Functions/Private/Config/Confirm-JCRConfig.ps1
+++ b/scripts/automation/Radius/Functions/Private/Config/Confirm-JCRConfig.ps1
@@ -22,7 +22,9 @@ function Confirm-JCRConfig {
             # check to see if the key is required and if the value is null
             switch ($settingName) {
                 'openSSLBinary' {
-                    if ($settingName -eq 'openSSLBinary' -and $settingValue.value -ne $null) {
+                    if ($settingValue.value -eq $null) {
+                        $requiredAttributesNotSet += @{ $settingName = $settingValue.placeholder }
+                    } else {
                         $openSSLValid = Get-OpenSSLVersion -opensslBinary $settingValue.value
                         if (-not $openSSLValid) {
                             if (-not $loadModule) {
diff --git a/scripts/automation/Radius/JumpCloud.Radius.psd1 b/scripts/automation/Radius/JumpCloud.Radius.psd1
index c4cef1bfb..ee9d7e06d 100644
--- a/scripts/automation/Radius/JumpCloud.Radius.psd1
+++ b/scripts/automation/Radius/JumpCloud.Radius.psd1
@@ -8,128 +8,128 @@
 
 @{
 
-# Script module or binary module file associated with this manifest.
-RootModule = 'JumpCloud.Radius.psm1'
+    # Script module or binary module file associated with this manifest.
+    RootModule        = 'JumpCloud.Radius.psm1'
 
-# Version number of this module.
-ModuleVersion = '2.0.0'
+    # Version number of this module.
+    ModuleVersion     = '2.1.0'
 
-# Supported PSEditions
-# CompatiblePSEditions = @()
+    # Supported PSEditions
+    # CompatiblePSEditions = @()
 
-# ID used to uniquely identify this module
-GUID = '71bfaf58-3326-4512-9a7f-a2d9dc19d6b5'
+    # ID used to uniquely identify this module
+    GUID              = '71bfaf58-3326-4512-9a7f-a2d9dc19d6b5'
 
-# Author of this module
-Author = 'JumpCloud Customer Tools Team'
+    # Author of this module
+    Author            = 'JumpCloud Customer Tools Team'
 
-# Company or vendor of this module
-CompanyName = 'JumpCloud'
+    # Company or vendor of this module
+    CompanyName       = 'JumpCloud'
 
-# Copyright statement for this module
-Copyright = '(c) JumpCloud. All rights reserved.'
+    # Copyright statement for this module
+    Copyright         = '(c) JumpCloud. All rights reserved.'
 
-# Description of the functionality provided by this module
-Description = 'Module for managing JumpCloud Radius user certificates.'
+    # Description of the functionality provided by this module
+    Description       = 'Module for managing JumpCloud Radius user certificates.'
 
-# Minimum version of the PowerShell engine required by this module
-PowerShellVersion = '7.0.0'
+    # Minimum version of the PowerShell engine required by this module
+    PowerShellVersion = '7.0.0'
 
-# Name of the PowerShell host required by this module
-# PowerShellHostName = ''
+    # Name of the PowerShell host required by this module
+    # PowerShellHostName = ''
 
-# Minimum version of the PowerShell host required by this module
-# PowerShellHostVersion = ''
+    # Minimum version of the PowerShell host required by this module
+    # PowerShellHostVersion = ''
 
-# Minimum version of Microsoft .NET Framework required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
-# DotNetFrameworkVersion = ''
+    # Minimum version of Microsoft .NET Framework required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
+    # DotNetFrameworkVersion = ''
 
-# Minimum version of the common language runtime (CLR) required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
-# ClrVersion = ''
+    # Minimum version of the common language runtime (CLR) required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
+    # ClrVersion = ''
 
-# Processor architecture (None, X86, Amd64) required by this module
-# ProcessorArchitecture = ''
+    # Processor architecture (None, X86, Amd64) required by this module
+    # ProcessorArchitecture = ''
 
-# Modules that must be imported into the global environment prior to importing this module
-RequiredModules = @('JumpCloud')
+    # Modules that must be imported into the global environment prior to importing this module
+    RequiredModules   = @('JumpCloud')
 
-# Assemblies that must be loaded prior to importing this module
-# RequiredAssemblies = @()
+    # Assemblies that must be loaded prior to importing this module
+    # RequiredAssemblies = @()
 
-# Script files (.ps1) that are run in the caller's environment prior to importing this module.
-# ScriptsToProcess = @()
+    # Script files (.ps1) that are run in the caller's environment prior to importing this module.
+    # ScriptsToProcess = @()
 
-# Type files (.ps1xml) to be loaded when importing this module
-# TypesToProcess = @()
+    # Type files (.ps1xml) to be loaded when importing this module
+    # TypesToProcess = @()
 
-# Format files (.ps1xml) to be loaded when importing this module
-# FormatsToProcess = @()
+    # Format files (.ps1xml) to be loaded when importing this module
+    # FormatsToProcess = @()
 
-# Modules to import as nested modules of the module specified in RootModule/ModuleToProcess
-# NestedModules = @()
+    # Modules to import as nested modules of the module specified in RootModule/ModuleToProcess
+    # NestedModules = @()
 
-# Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export.
-FunctionsToExport = 'Get-JCRCertReport', 'Get-JCRGlobalVars', 'Start-DeployUserCerts', 
-               'Start-GenerateRootCert', 'Start-GenerateUserCerts', 
-               'Start-MonitorCertDeployment', 'Start-RadiusDeployment', 
-               'Set-JCRConfig', 'Update-JCRModule'
+    # Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export.
+    FunctionsToExport = 'Get-JCRCertReport', 'Get-JCRGlobalVars', 'Start-DeployUserCerts',
+    'Start-GenerateRootCert', 'Start-GenerateUserCerts',
+    'Start-MonitorCertDeployment', 'Start-RadiusDeployment',
+    'Set-JCRConfig', 'Update-JCRModule'
 
-# Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export.
-CmdletsToExport = @()
+    # Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export.
+    CmdletsToExport   = @()
 
-# Variables to export from this module
-VariablesToExport = '*'
+    # Variables to export from this module
+    VariablesToExport = '*'
 
-# Aliases to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no aliases to export.
-AliasesToExport = @()
+    # Aliases to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no aliases to export.
+    AliasesToExport   = @()
 
-# DSC resources to export from this module
-# DscResourcesToExport = @()
+    # DSC resources to export from this module
+    # DscResourcesToExport = @()
 
-# List of all modules packaged with this module
-# ModuleList = @()
+    # List of all modules packaged with this module
+    # ModuleList = @()
 
-# List of all files packaged with this module
-# FileList = @()
+    # List of all files packaged with this module
+    # FileList = @()
 
-# Private data to pass to the module specified in RootModule/ModuleToProcess. This may also contain a PSData hashtable with additional module metadata used by PowerShell.
-PrivateData = @{
+    # Private data to pass to the module specified in RootModule/ModuleToProcess. This may also contain a PSData hashtable with additional module metadata used by PowerShell.
+    PrivateData       = @{
 
-    PSData = @{
+        PSData = @{
 
-        # Tags applied to this module. These help with module discovery in online galleries.
-        # Tags = @()
+            # Tags applied to this module. These help with module discovery in online galleries.
+            # Tags = @()
 
-        # A URL to the license for this module.
-        # LicenseUri = ''
+            # A URL to the license for this module.
+            # LicenseUri = ''
 
-        # A URL to the main website for this project.
-        # ProjectUri = ''
+            # A URL to the main website for this project.
+            # ProjectUri = ''
 
-        # A URL to an icon representing this module.
-        # IconUri = ''
+            # A URL to an icon representing this module.
+            # IconUri = ''
 
-        # ReleaseNotes of this module
-        # ReleaseNotes = ''
+            # ReleaseNotes of this module
+            # ReleaseNotes = ''
 
-        # Prerelease string of this module
-        # Prerelease = ''
+            # Prerelease string of this module
+            # Prerelease = ''
 
-        # Flag to indicate whether the module requires explicit user acceptance for install/update/save
-        # RequireLicenseAcceptance = $false
+            # Flag to indicate whether the module requires explicit user acceptance for install/update/save
+            # RequireLicenseAcceptance = $false
 
-        # External dependent modules of this module
-        # ExternalModuleDependencies = @()
+            # External dependent modules of this module
+            # ExternalModuleDependencies = @()
 
-    } # End of PSData hashtable
+        } # End of PSData hashtable
 
-} # End of PrivateData hashtable
+    } # End of PrivateData hashtable
 
-# HelpInfo URI of this module
-# HelpInfoURI = ''
+    # HelpInfo URI of this module
+    # HelpInfoURI = ''
 
-# Default prefix for commands exported from this module. Override the default prefix using Import-Module -Prefix.
-# DefaultCommandPrefix = ''
+    # Default prefix for commands exported from this module. Override the default prefix using Import-Module -Prefix.
+    # DefaultCommandPrefix = ''
 
 }
 

From 792be15a74b4e1ecbfb7a0896779cce2a17c1605 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Thu, 3 Jul 2025 08:47:01 -0600
Subject: [PATCH 316/346] tests run on branch 'master'

---
 .github/workflows/radius-module-ci.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/radius-module-ci.yml b/.github/workflows/radius-module-ci.yml
index cefe36c0b..ce133aa67 100644
--- a/.github/workflows/radius-module-ci.yml
+++ b/.github/workflows/radius-module-ci.yml
@@ -4,7 +4,7 @@ on:
   pull_request:
     # Sequence of patterns matched against refs/heads
     branches:
-      - "Radius_2.0.0"
+      - "master"
     paths:
       - "scripts/automation/Radius/**"
     types: [opened, synchronize, reopened, labeled, unlabeled]

From fcc5c8e9708f5828badd33401a6123e2796133ca Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Thu, 3 Jul 2025 10:00:11 -0600
Subject: [PATCH 317/346] release workflow Dependencies

---
 .github/workflows/release-workflow.yml | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/release-workflow.yml b/.github/workflows/release-workflow.yml
index d95e267a8..ac7c39173 100644
--- a/.github/workflows/release-workflow.yml
+++ b/.github/workflows/release-workflow.yml
@@ -42,7 +42,7 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
-  Setup-Build-Dependancies:
+  Setup-Build-Dependencies:
     needs: ["Filter-Branch", "Check-PR-Labels"]
     runs-on: windows-latest
     timeout-minutes: 10
@@ -53,7 +53,7 @@ jobs:
         uses: actions/cache@v4
         with:
           path: 'C:\Users\runneradmin\Documents\PowerShell\Modules\'
-          key: PS-Dependancies
+          key: PS-Dependencies
       - name: Install dependencies
         if: steps.cacher.outputs.cache-hit != 'true'
         shell: pwsh
@@ -70,9 +70,9 @@ jobs:
               'PlatyPS'                               = @{Repository = 'PSGallery'; RequiredVersion = '0.14.2' }
               'AWS.Tools.Common'                      = @{Repository = 'PSGallery'; RequiredVersion = '4.1.122' }
               'AWS.Tools.CodeArtifact'                = @{Repository = 'PSGallery'; RequiredVersion = '4.1.122' }
-              'JumpCloud.SDK.V1'                      = @{Repository = 'PSGallery'; RequiredVersion = '0.0.35'}
-              'JumpCloud.SDK.V2'                      = @{Repository = 'PSGallery'; RequiredVersion = '0.0.39'}
-              'JumpCloud.SDK.DirectoryInsights'       = @{Repository = 'PSGallery'; RequiredVersion = '0.0.23'}
+              'JumpCloud.SDK.V1'                      = @{Repository = 'PSGallery'; RequiredVersion = 'latest'}
+              'JumpCloud.SDK.V2'                      = @{Repository = 'PSGallery'; RequiredVersion = 'latest'}
+              'JumpCloud.SDK.DirectoryInsights'       = @{Repository = 'PSGallery'; RequiredVersion = 'latest'}
           }
           foreach ($RequiredModule in $PSDependencies.Keys) {
               If ([System.String]::IsNullOrEmpty((Get-InstalledModule | Where-Object { $_.Name -eq $RequiredModule }))) {
@@ -86,14 +86,14 @@ jobs:
           }
 
   Build-Nuspec-Nupkg:
-    needs: Setup-Build-Dependancies
+    needs: Setup-Build-Dependencies
     runs-on: windows-latest
     steps:
       - uses: actions/checkout@v4
       - uses: actions/cache@v4
         with:
           path: 'C:\Users\runneradmin\Documents\PowerShell\Modules\'
-          key: PS-Dependancies
+          key: PS-Dependencies
       - name: Build Nuspec
         shell: pwsh
         run: |
@@ -126,7 +126,7 @@ jobs:
           retention-days: 1
 
   Manual-Approval-Release:
-    needs: ["Check-PR-Labels", "Setup-Build-Dependancies"]
+    needs: ["Check-PR-Labels", "Setup-Build-Dependencies"]
     environment: PublishToPSGallery
     runs-on: ubuntu-latest
     steps:

From da885d2aba4dda103bec7cf6e525c96d2de6a544 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Thu, 3 Jul 2025 10:00:23 -0600
Subject: [PATCH 318/346] radius module release workflow init commit

---
 .github/workflows/radius-release-workflow.yml | 196 ++++++++++++++++++
 1 file changed, 196 insertions(+)
 create mode 100644 .github/workflows/radius-release-workflow.yml

diff --git a/.github/workflows/radius-release-workflow.yml b/.github/workflows/radius-release-workflow.yml
new file mode 100644
index 000000000..980268eed
--- /dev/null
+++ b/.github/workflows/radius-release-workflow.yml
@@ -0,0 +1,196 @@
+name: Release and Publish PSModule
+on:
+  pull_request:
+    types:
+      - closed
+    paths:
+      - "scripts/automation/Radius/**"
+    branches:
+      - master
+
+jobs:
+  Check-If-Merged:
+    if: github.event.pull_request.merged == true
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check if Merged
+        run: echo {GITHUB_HEAD_REF} merged into master
+
+  Filter-Branch:
+    runs-on: ubuntu-latest
+    if: contains(github.event.pull_request.labels.*.name, 'Radius Module')
+    steps:
+      - run: echo "Building Radius Module Event 'RadiusModule_'"
+
+  Check-PR-Labels:
+    needs: [Filter-Branch, Check-If-Merged]
+    runs-on: ubuntu-latest
+    steps:
+      - name: Validate-PR-Version-Labels
+        id: validate
+        shell: pwsh
+        run: |
+          $PR_LABEL_LIST=$(curl -s "https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/labels" | jq -r '.[].name')
+          if ("Radius Module" -in $PR_LABEL_LIST) {
+              Write-Host "Starting Build for Radius Module Release"
+          } else {
+            Write-Host "Missing Radius Module Label, not continuing Release workflow"
+            exit 1
+          }
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+  Setup-Build-Dependencies:
+    needs: ["Filter-Branch", "Check-PR-Labels"]
+    runs-on: windows-latest
+    timeout-minutes: 10
+    steps:
+      - uses: actions/checkout@v4
+      - name: Setup PowerShell Module Cache
+        id: cacher
+        uses: actions/cache@v4
+        with:
+          path: 'C:\Users\runneradmin\Documents\PowerShell\Modules\'
+          key: PS-Dependencies
+      - name: Install dependencies
+        if: steps.cacher.outputs.cache-hit != 'true'
+        shell: pwsh
+        run: |
+          Set-PSRepository PSGallery -InstallationPolicy Trusted
+          If (!(Get-PackageProvider -Name:('NuGet') -ListAvailable -ErrorAction:('SilentlyContinue'))) {
+              Write-Host ('[status]Installing package provider NuGet');
+              Install-PackageProvider -Name:('NuGet') -Scope:('CurrentUser') -Force
+          }
+          $PSDependencies = @{
+              'PowerShellGet'                         = @{Repository = 'PSGallery'; RequiredVersion = '3.0.12-beta' }
+              'PackageManagement'                     = @{Repository = 'PSGallery'; RequiredVersion = '1.4.8.1' }
+              'PSScriptAnalyzer'                      = @{Repository = 'PSGallery'; RequiredVersion = '1.19.1' }
+              'PlatyPS'                               = @{Repository = 'PSGallery'; RequiredVersion = '0.14.2' }
+              'AWS.Tools.Common'                      = @{Repository = 'PSGallery'; RequiredVersion = '4.1.122' }
+              'AWS.Tools.CodeArtifact'                = @{Repository = 'PSGallery'; RequiredVersion = '4.1.122' }
+              'JumpCloud.SDK.V1'                      = @{Repository = 'PSGallery'; RequiredVersion = 'latest'}
+              'JumpCloud.SDK.V2'                      = @{Repository = 'PSGallery'; RequiredVersion = 'latest'}
+              'JumpCloud.SDK.DirectoryInsights'       = @{Repository = 'PSGallery'; RequiredVersion = 'latest'}
+          }
+          foreach ($RequiredModule in $PSDependencies.Keys) {
+              If ([System.String]::IsNullOrEmpty((Get-InstalledModule | Where-Object { $_.Name -eq $RequiredModule }))) {
+                  Write-Host("[status]Installing module: '$RequiredModule'; version: $($PSDependencies[$RequiredModule].RequiredVersion) from $($PSDependencies[$RequiredModule].Repository)")
+                  if ($($PSDependencies[$RequiredModule].RequiredVersion) -eq "latest"){
+                    Install-Module -Name $RequiredModule -Repository:($($PSDependencies[$RequiredModule].Repository)) -AllowPrerelease -Force
+                  } else {
+                    Install-Module -Name $RequiredModule -Repository:($($PSDependencies[$RequiredModule].Repository)) -RequiredVersion:($($PSDependencies[$RequiredModule].RequiredVersion)) -AllowPrerelease -Force -AllowClobber
+                  }
+              }
+          }
+
+  Build-Nuspec-Nupkg:
+    needs: Setup-Build-Dependencies
+    runs-on: windows-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/cache@v4
+        with:
+          path: 'C:\Users\runneradmin\Documents\PowerShell\Modules\'
+          key: PS-Dependencies
+      - name: Build Nuspec
+        shell: pwsh
+        run: |
+          $ErrorActionPreference = 'Stop'
+          . "${{ github.workspace }}/scripts/automation/Radius/deploy/BuildNuspecFromPsd1.ps1" -RequiredModulesRepo PSGallery
+      - name: Pack nuspec
+        shell: pwsh
+        run: |
+          nuget pack "${{ github.workspace }}/scripts/automation/Radius/deploy/output/JumpCloud.Radius.nuspec" -Properties NoWarn=NU5111,NU5110
+      - name: Validate NuPkg File
+        shell: pwsh
+        run: |
+          $NupkgPathDirectory = (Get-ChildItem -Path:("${{ github.workspace }}/scripts/automation/Radius/deploy/output/*.nupkg")).Directory
+          $nupkgPath = (Get-ChildItem -Path:("${{ github.workspace }}/scripts/automation/Radius/deploy/output/*.nupkg")).FullName
+          Write-Host "NuPkg Path: $nupkgPath"
+          mkdir $NupkgPathDirectory/nupkg_module
+          unzip $nupkgPath -d $NupkgPathDirectory/nupkg_module
+          $moduleRootFiles = Get-ChildItem -File -Path:("$NupkgPathDirectory/nupkg_module")
+          $moduleRootDirectories = Get-ChildItem -Directory -Path:("$NupkgPathDirectory/nupkg_module")
+          Write-Host "Module Files:\n$moduleRootFiles"
+          Write-Host "Module Directories:\n$moduleRootDirectories"
+          # Validate that the nuspec directory contains a Public/ Private directory
+          "Private" | should -bein $moduleRootDirectories.name
+          "Public" | should -bein $moduleRootDirectories.name
+      - name: Upload Nupkg
+        uses: ./.github/actions/upload-secure-artifact
+        with:
+          name: radius-module-nupkg
+          path: "${{ github.workspace }}/scripts/automation/Radius/deploy/output/JumpCloud.Radius*.nupkg"
+          retention-days: 1
+
+  Manual-Approval-Release:
+    needs: ["Check-PR-Labels", "Setup-Build-Dependencies"]
+    environment: PublishToPSGallery
+    runs-on: ubuntu-latest
+    steps:
+      - name: Manual Approval for Release
+        run: echo "Awaiting approval from required reviewers before continuing"
+
+  Draft-GH-Release:
+    needs: [Manual-Approval-Release]
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Build Draft Release
+        run: |
+          VERSION=$(grep -Po '(\d+\.\d+\.\d+)' "${{ github.workspace }}/scripts/automation/Radius/JumpCloud.Radius.psd1")
+          TITLE="JumpCloud Radius Module v$VERSION"
+          CHANGELOG=$(cat "${{ github.workspace }}/scripts/automation/Radius/Changelog.md" |awk "/^## $VERSION/{ f = 1; next } /## [0-9]+.[0-9]+.[0-9]+/{ f = 0 } f")
+          TAG="v$VERSION"
+          BODY="$TITLE $CHANGELOG"
+
+          (gh release view $TAG && echo "Release exists for $TAG") || gh release create $TAG --title "$TITLE" --notes "$BODY" --draft
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+  Deploy-Nupkg:
+    needs: [Manual-Approval-Release, Build-Nuspec-Nupkg]
+    runs-on: windows-latest
+    steps:
+      - name: Download nupkg artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: radius-module-nupkg
+      - name: Publish
+        shell: pwsh
+        run: |
+          # add nuget source for PSGallery:
+          dotnet nuget add source "https://www.powershellgallery.com/api/v2/package" --name PSGallery
+          # get nupkg artifact:
+          $nupkgPath = (Get-ChildItem -Path:("${{ github.workspace }}/scripts/automation/Radius/deploy/output/JumpCloud.Radius*.nupkg")).FullName
+          # test
+          $nupkgPath | Should -Exist
+          Write-Host "Nupkg Artifact Restored: $nupkgPath"
+          # nuget push from here:
+          dotnet nuget push $nupkgPath --source PSGallery --api-key $env:NuGetApiKey
+        env:
+          NuGetApiKey: ${{ secrets.NUGETAPIKEY }}
+
+  Cleanup-Cache:
+    needs: Deploy-Nupkg
+    runs-on: ubuntu-latest
+    steps:
+      - name: Cleanup
+        run: |
+          gh extension install actions/gh-actions-cache
+
+          echo "Fetching list of cache key"
+          cacheKeysForPR=$(gh actions-cache list -R $REPO -B $BRANCH -L 100 | cut -f 1 )
+
+          ## Setting this to not fail the workflow while deleting cache keys.
+          set +e
+          echo "Deleting caches..."
+          for cacheKey in $cacheKeysForPR
+          do
+              gh actions-cache delete $cacheKey -R $REPO -B $BRANCH --confirm
+          done
+          echo "Done"
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          REPO: ${{ github.repository }}
+          BRANCH: refs/pull/${{ github.event.pull_request.number }}/merge

From 96b389b11e8e5246c2b2da04cb8ffdf1bfc74fb3 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Thu, 3 Jul 2025 10:17:25 -0600
Subject: [PATCH 319/346] test radius release

---
 .github/workflows/radius-release-workflow.yml | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/radius-release-workflow.yml b/.github/workflows/radius-release-workflow.yml
index 980268eed..17d013dcb 100644
--- a/.github/workflows/radius-release-workflow.yml
+++ b/.github/workflows/radius-release-workflow.yml
@@ -1,12 +1,12 @@
 name: Release and Publish PSModule
 on:
   pull_request:
-    types:
-      - closed
+    # Sequence of patterns matched against refs/heads
+    branches:
+      - "Radius_2.1.0"
     paths:
       - "scripts/automation/Radius/**"
-    branches:
-      - master
+    types: [opened, synchronize, reopened, labeled, unlabeled]
 
 jobs:
   Check-If-Merged:
@@ -167,7 +167,7 @@ jobs:
           $nupkgPath | Should -Exist
           Write-Host "Nupkg Artifact Restored: $nupkgPath"
           # nuget push from here:
-          dotnet nuget push $nupkgPath --source PSGallery --api-key $env:NuGetApiKey
+          #   dotnet nuget push $nupkgPath --source PSGallery --api-key $env:NuGetApiKey
         env:
           NuGetApiKey: ${{ secrets.NUGETAPIKEY }}
 

From 30293bc1d707594af8d6344947863468d84d641e Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Thu, 3 Jul 2025 10:26:21 -0600
Subject: [PATCH 320/346] test release workflow

---
 .github/workflows/radius-module-ci.yml        | 2 +-
 .github/workflows/radius-release-workflow.yml | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/radius-module-ci.yml b/.github/workflows/radius-module-ci.yml
index ce133aa67..beecf2d07 100644
--- a/.github/workflows/radius-module-ci.yml
+++ b/.github/workflows/radius-module-ci.yml
@@ -4,7 +4,7 @@ on:
   pull_request:
     # Sequence of patterns matched against refs/heads
     branches:
-      - "master"
+      - "Radius_2.1.0"
     paths:
       - "scripts/automation/Radius/**"
     types: [opened, synchronize, reopened, labeled, unlabeled]
diff --git a/.github/workflows/radius-release-workflow.yml b/.github/workflows/radius-release-workflow.yml
index 17d013dcb..388f1ac7f 100644
--- a/.github/workflows/radius-release-workflow.yml
+++ b/.github/workflows/radius-release-workflow.yml
@@ -1,9 +1,9 @@
-name: Release and Publish PSModule
+name: Release and Publish Radius Module
 on:
   pull_request:
     # Sequence of patterns matched against refs/heads
     branches:
-      - "Radius_2.1.0"
+      - "master"
     paths:
       - "scripts/automation/Radius/**"
     types: [opened, synchronize, reopened, labeled, unlabeled]
@@ -46,7 +46,7 @@ jobs:
     timeout-minutes: 10
     steps:
       - uses: actions/checkout@v4
-      - name: Setup PowerShell Module Cache
+      - name: Setup Radius Module Cache
         id: cacher
         uses: actions/cache@v4
         with:

From ac24ae4411b5c5a87e559900671c9791564aaaae Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Thu, 3 Jul 2025 10:28:38 -0600
Subject: [PATCH 321/346] test release workflow

---
 .github/workflows/radius-release-workflow.yml | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/radius-release-workflow.yml b/.github/workflows/radius-release-workflow.yml
index 388f1ac7f..5eba15b8e 100644
--- a/.github/workflows/radius-release-workflow.yml
+++ b/.github/workflows/radius-release-workflow.yml
@@ -9,12 +9,12 @@ on:
     types: [opened, synchronize, reopened, labeled, unlabeled]
 
 jobs:
-  Check-If-Merged:
-    if: github.event.pull_request.merged == true
-    runs-on: ubuntu-latest
-    steps:
-      - name: Check if Merged
-        run: echo {GITHUB_HEAD_REF} merged into master
+    Check-If-Merged:
+      if: github.event.pull_request.merged == false
+      runs-on: ubuntu-latest
+      steps:
+        - name: Check if Merged
+          run: echo {GITHUB_HEAD_REF} merged into master
 
   Filter-Branch:
     runs-on: ubuntu-latest

From 16941ce8856ace7e7ab689b8beba00c58f955f74 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Thu, 3 Jul 2025 10:29:39 -0600
Subject: [PATCH 322/346] test release workflow

---
 .github/workflows/radius-release-workflow.yml | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/radius-release-workflow.yml b/.github/workflows/radius-release-workflow.yml
index 5eba15b8e..3e830b3fa 100644
--- a/.github/workflows/radius-release-workflow.yml
+++ b/.github/workflows/radius-release-workflow.yml
@@ -9,12 +9,12 @@ on:
     types: [opened, synchronize, reopened, labeled, unlabeled]
 
 jobs:
-    Check-If-Merged:
-      if: github.event.pull_request.merged == false
-      runs-on: ubuntu-latest
-      steps:
-        - name: Check if Merged
-          run: echo {GITHUB_HEAD_REF} merged into master
+  Check-If-Merged:
+    if: github.event.pull_request.merged == false
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check if Merged
+        run: echo {GITHUB_HEAD_REF} merged into master
 
   Filter-Branch:
     runs-on: ubuntu-latest

From c464b9b187ce51e101cd551277edf133f145426f Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Thu, 3 Jul 2025 10:49:33 -0600
Subject: [PATCH 323/346] Update License

---
 PowerShell/JumpCloud Module/LICENSE | 13 +++++++------
 PowerShell/LICENSE                  | 13 +++++++------
 scripts/automation/Radius/LICENSE   | 21 +++++++++++++++++++++
 3 files changed, 35 insertions(+), 12 deletions(-)
 create mode 100644 scripts/automation/Radius/LICENSE

diff --git a/PowerShell/JumpCloud Module/LICENSE b/PowerShell/JumpCloud Module/LICENSE
index a00f8dacf..186fa3bcb 100644
--- a/PowerShell/JumpCloud Module/LICENSE	
+++ b/PowerShell/JumpCloud Module/LICENSE	
@@ -1,5 +1,6 @@
-JumpCloud
-Copyright (c) 2019-2022 JumpCloud
+MIT License
+
+Copyright (c) 2025 JumpCloud, Inc.
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
@@ -8,13 +9,13 @@ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 copies of the Software, and to permit persons to whom the Software is
 furnished to do so, subject to the following conditions:
 
-The above copyright notice and this permission notice shall be included in
-all copies or substantial portions of the Software.
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
 
 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-THE SOFTWARE.
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/PowerShell/LICENSE b/PowerShell/LICENSE
index 155ffbf68..186fa3bcb 100644
--- a/PowerShell/LICENSE
+++ b/PowerShell/LICENSE
@@ -1,5 +1,6 @@
-JumpCloud
-Copyright (c) 2019-2020 JumpCloud
+MIT License
+
+Copyright (c) 2025 JumpCloud, Inc.
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
@@ -8,13 +9,13 @@ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 copies of the Software, and to permit persons to whom the Software is
 furnished to do so, subject to the following conditions:
 
-The above copyright notice and this permission notice shall be included in
-all copies or substantial portions of the Software.
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
 
 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-THE SOFTWARE.
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/scripts/automation/Radius/LICENSE b/scripts/automation/Radius/LICENSE
new file mode 100644
index 000000000..186fa3bcb
--- /dev/null
+++ b/scripts/automation/Radius/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 JumpCloud, Inc.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

From 36925aa3a9d1a4311d52bcfcedcf265d7f7c028e Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Thu, 3 Jul 2025 10:52:27 -0600
Subject: [PATCH 324/346] update output path + nuspec/nupkg location

---
 .github/workflows/radius-release-workflow.yml | 28 +++++++++----------
 .../output => }/JumpCloud.Radius.nuspec       |  2 +-
 .../Radius/deploy/BuildNuspecFromPsd1.ps1     |  2 +-
 3 files changed, 16 insertions(+), 16 deletions(-)
 rename scripts/automation/Radius/{deploy/output => }/JumpCloud.Radius.nuspec (96%)

diff --git a/.github/workflows/radius-release-workflow.yml b/.github/workflows/radius-release-workflow.yml
index 3e830b3fa..a07c6139a 100644
--- a/.github/workflows/radius-release-workflow.yml
+++ b/.github/workflows/radius-release-workflow.yml
@@ -100,12 +100,12 @@ jobs:
       - name: Pack nuspec
         shell: pwsh
         run: |
-          nuget pack "${{ github.workspace }}/scripts/automation/Radius/deploy/output/JumpCloud.Radius.nuspec" -Properties NoWarn=NU5111,NU5110
+          nuget pack "${{ github.workspace }}/scripts/automation/Radius/JumpCloud.Radius.nuspec" -Properties NoWarn=NU5111,NU5110 -OutputDirectory "${{ github.workspace }}/scripts/automation/Radius/"
       - name: Validate NuPkg File
         shell: pwsh
         run: |
-          $NupkgPathDirectory = (Get-ChildItem -Path:("${{ github.workspace }}/scripts/automation/Radius/deploy/output/*.nupkg")).Directory
-          $nupkgPath = (Get-ChildItem -Path:("${{ github.workspace }}/scripts/automation/Radius/deploy/output/*.nupkg")).FullName
+          $NupkgPathDirectory = (Get-ChildItem -Path:("${{ github.workspace }}/scripts/automation/Radius/JumpCloud.Radius.*.nupkg")).Directory
+          $nupkgPath = (Get-ChildItem -Path:("${{ github.workspace }}/scripts/automation/Radius/JumpCloud.Radius*.nupkg")).FullName
           Write-Host "NuPkg Path: $nupkgPath"
           mkdir $NupkgPathDirectory/nupkg_module
           unzip $nupkgPath -d $NupkgPathDirectory/nupkg_module
@@ -120,19 +120,19 @@ jobs:
         uses: ./.github/actions/upload-secure-artifact
         with:
           name: radius-module-nupkg
-          path: "${{ github.workspace }}/scripts/automation/Radius/deploy/output/JumpCloud.Radius*.nupkg"
+          path: "${{ github.workspace }}/scripts/automation/Radius/JumpCloud.Radius*.nupkg"
           retention-days: 1
 
-  Manual-Approval-Release:
-    needs: ["Check-PR-Labels", "Setup-Build-Dependencies"]
-    environment: PublishToPSGallery
-    runs-on: ubuntu-latest
-    steps:
-      - name: Manual Approval for Release
-        run: echo "Awaiting approval from required reviewers before continuing"
+  #   Manual-Approval-Release:
+  #     needs: ["Check-PR-Labels", "Setup-Build-Dependencies"]
+  #     environment: PublishToPSGallery
+  #     runs-on: ubuntu-latest
+  #     steps:
+  #       - name: Manual Approval for Release
+  #         run: echo "Awaiting approval from required reviewers before continuing"
 
   Draft-GH-Release:
-    needs: [Manual-Approval-Release]
+    needs: [Build-Nuspec-Nupkg]
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
@@ -149,7 +149,7 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
   Deploy-Nupkg:
-    needs: [Manual-Approval-Release, Build-Nuspec-Nupkg]
+    needs: [Build-Nuspec-Nupkg]
     runs-on: windows-latest
     steps:
       - name: Download nupkg artifact
@@ -162,7 +162,7 @@ jobs:
           # add nuget source for PSGallery:
           dotnet nuget add source "https://www.powershellgallery.com/api/v2/package" --name PSGallery
           # get nupkg artifact:
-          $nupkgPath = (Get-ChildItem -Path:("${{ github.workspace }}/scripts/automation/Radius/deploy/output/JumpCloud.Radius*.nupkg")).FullName
+          $nupkgPath = (Get-ChildItem -Path:("${{ github.workspace }}/scripts/automation/Radius/JumpCloud.Radius*.nupkg")).FullName
           # test
           $nupkgPath | Should -Exist
           Write-Host "Nupkg Artifact Restored: $nupkgPath"
diff --git a/scripts/automation/Radius/deploy/output/JumpCloud.Radius.nuspec b/scripts/automation/Radius/JumpCloud.Radius.nuspec
similarity index 96%
rename from scripts/automation/Radius/deploy/output/JumpCloud.Radius.nuspec
rename to scripts/automation/Radius/JumpCloud.Radius.nuspec
index 9abdfb62a..b0a4e4f8b 100644
--- a/scripts/automation/Radius/deploy/output/JumpCloud.Radius.nuspec
+++ b/scripts/automation/Radius/JumpCloud.Radius.nuspec
@@ -2,7 +2,7 @@
 <package xmlns="http://schemas.microsoft.com/packaging/2011/08/nuspec.xsd">
   <metadata>
     <id>JumpCloud.Radius</id>
-    <version>2.0.0</version>
+    <version>2.1.0</version>
     <description>Module for managing JumpCloud Radius user certificates.</description>
     <authors>JumpCloud Customer Tools Team</authors>
     <owners>JumpCloud</owners>
diff --git a/scripts/automation/Radius/deploy/BuildNuspecFromPsd1.ps1 b/scripts/automation/Radius/deploy/BuildNuspecFromPsd1.ps1
index 935db04bc..18c723468 100644
--- a/scripts/automation/Radius/deploy/BuildNuspecFromPsd1.ps1
+++ b/scripts/automation/Radius/deploy/BuildNuspecFromPsd1.ps1
@@ -173,7 +173,7 @@ function New-NuspecFile {
 $psd1Path = "$PSScriptRoot/../JumpCloud.Radius.psd1"
 $Psd1 = Import-PowerShellDataFile -Path:("$psd1Path")
 $params = @{
-    OutputPath   = "$PSScriptRoot/output"
+    OutputPath   = "$PSScriptRoot/../"
     Id           = $(Get-Item ($psd1Path)).BaseName
     buildNumber  = $env:GITHUB_RUN_NUMBER
     Version      = $Psd1.ModuleVersion

From dd6dacac0311370fd30599f48ea36fbbd640d79d Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Thu, 3 Jul 2025 11:00:12 -0600
Subject: [PATCH 325/346] paths to test release workflow

---
 .github/workflows/radius-release-workflow.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/radius-release-workflow.yml b/.github/workflows/radius-release-workflow.yml
index a07c6139a..ac6524f81 100644
--- a/.github/workflows/radius-release-workflow.yml
+++ b/.github/workflows/radius-release-workflow.yml
@@ -120,7 +120,7 @@ jobs:
         uses: ./.github/actions/upload-secure-artifact
         with:
           name: radius-module-nupkg
-          path: "${{ github.workspace }}/scripts/automation/Radius/JumpCloud.Radius*.nupkg"
+          path: D:/a/support/support/scripts/automation/Radius/JumpCloud.Radius*.nupkg
           retention-days: 1
 
   #   Manual-Approval-Release:
@@ -138,9 +138,9 @@ jobs:
       - uses: actions/checkout@v4
       - name: Build Draft Release
         run: |
-          VERSION=$(grep -Po '(\d+\.\d+\.\d+)' "${{ github.workspace }}/scripts/automation/Radius/JumpCloud.Radius.psd1")
+          VERSION=$(grep -Po '(\d+\.\d+\.\d+)' ${{ github.workspace }}/scripts/automation/Radius/JumpCloud.Radius.psd1)
           TITLE="JumpCloud Radius Module v$VERSION"
-          CHANGELOG=$(cat "${{ github.workspace }}/scripts/automation/Radius/Changelog.md" |awk "/^## $VERSION/{ f = 1; next } /## [0-9]+.[0-9]+.[0-9]+/{ f = 0 } f")
+          CHANGELOG=$(cat ${{ github.workspace }}/scripts/automation/Radius/Changelog.md |awk "/^## $VERSION/{ f = 1; next } /## [0-9]+.[0-9]+.[0-9]+/{ f = 0 } f")
           TAG="v$VERSION"
           BODY="$TITLE $CHANGELOG"
 

From 1ecdef9b6fb35d07c6ee490a1811ebbd5ae628b0 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Thu, 3 Jul 2025 11:44:52 -0600
Subject: [PATCH 326/346] Include Boilerplate Extensions in nuspec

---
 scripts/automation/Radius/JumpCloud.Radius.nuspec        | 6 ++++--
 scripts/automation/Radius/deploy/BuildNuspecFromPsd1.ps1 | 8 +++++---
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/scripts/automation/Radius/JumpCloud.Radius.nuspec b/scripts/automation/Radius/JumpCloud.Radius.nuspec
index b0a4e4f8b..1fe3c8f3b 100644
--- a/scripts/automation/Radius/JumpCloud.Radius.nuspec
+++ b/scripts/automation/Radius/JumpCloud.Radius.nuspec
@@ -18,10 +18,12 @@
   </metadata>
   <files>
     <file src="en-Us/**/*.*" target="en-Us" />
-    <file src="Functions/Public/**/*.*" target="Public" />
-    <file src="Functions/Private/**/*.*" target="Private" />
+    <file src="Functions/Public/**/*.ps1" target="Functions/Public" />
+    <file src="Functions/Private/**/*.ps1" target="Functions/Private" />
+    <file src="Extensions/*.cnf" target="Extensions" />
     <file src="JumpCloud.Radius.psd1" />
     <file src="JumpCloud.Radius.psm1" />
     <file src="LICENSE" />
+    <file src="readme.md" />
   </files>
 </package>
\ No newline at end of file
diff --git a/scripts/automation/Radius/deploy/BuildNuspecFromPsd1.ps1 b/scripts/automation/Radius/deploy/BuildNuspecFromPsd1.ps1
index 18c723468..aa7e63b94 100644
--- a/scripts/automation/Radius/deploy/BuildNuspecFromPsd1.ps1
+++ b/scripts/automation/Radius/deploy/BuildNuspecFromPsd1.ps1
@@ -2,11 +2,13 @@
 # $nuspecFiles = @{ src = 'en-Us/**;Private/**;Public/**;JumpCloud.psd1;JumpCloud.psm1;LICENSE'; }
 $nuspecFiles = @(
     @{src = "en-Us/**/*.*"; target = "en-Us" },
-    @{src = "Functions/Public/**/*.*"; target = "Public" },
-    @{src = "Functions/Private/**/*.*"; target = "Private" },
+    @{src = "Functions/Public/**/*.ps1"; target = "Functions/Public" },
+    @{src = "Functions/Private/**/*.ps1"; target = "Functions/Private" },
+    @{src = "Extensions/*.cnf"; target = "Extensions" },
     @{src = "JumpCloud.Radius.psd1" },
     @{src = "JumpCloud.Radius.psm1" },
-    @{src = "LICENSE" }
+    @{src = "LICENSE" },
+    @{src = "readme.md" }
 )
 # Adapted from PowerShell Get
 # https://github.com/PowerShell/PowerShellGetv2/blob/7de99ee0c38611556e5c583ffaca98bb1922a0d4/src/PowerShellGet/private/functions/New-NuspecFile.ps1

From 399f244d0dc9743670118b30437a8aaea641d7ea Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Thu, 3 Jul 2025 12:02:07 -0600
Subject: [PATCH 327/346] changelog updates

---
 .github/workflows/radius-release-workflow.yml |  2 +-
 scripts/automation/Radius/Changelog.md        | 22 +++++++++++++++++++
 2 files changed, 23 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/radius-release-workflow.yml b/.github/workflows/radius-release-workflow.yml
index ac6524f81..09d69e8ea 100644
--- a/.github/workflows/radius-release-workflow.yml
+++ b/.github/workflows/radius-release-workflow.yml
@@ -138,7 +138,7 @@ jobs:
       - uses: actions/checkout@v4
       - name: Build Draft Release
         run: |
-          VERSION=$(grep -Po '(\d+\.\d+\.\d+)' ${{ github.workspace }}/scripts/automation/Radius/JumpCloud.Radius.psd1)
+          VERSION=$(grep -Po "ModuleVersion\s*=\s*'\K[0-9]+\.[0-9]+\.[0-9]+" ${{ github.workspace }}/scripts/automation/Radius/JumpCloud.Radius.psd1)
           TITLE="JumpCloud Radius Module v$VERSION"
           CHANGELOG=$(cat ${{ github.workspace }}/scripts/automation/Radius/Changelog.md |awk "/^## $VERSION/{ f = 1; next } /## [0-9]+.[0-9]+.[0-9]+/{ f = 0 } f")
           TAG="v$VERSION"
diff --git a/scripts/automation/Radius/Changelog.md b/scripts/automation/Radius/Changelog.md
index 01488a9a6..eff891985 100644
--- a/scripts/automation/Radius/Changelog.md
+++ b/scripts/automation/Radius/Changelog.md
@@ -1,3 +1,25 @@
+## 2.1.0
+
+Release Date: July 3, 2025
+
+#### RELEASE NOTES
+
+```
+This release is a minor update to the Radius Cert Deployment tool. This version of the tool is now a PowerShell Module, which allows for easier updates and management of the tool. The module can be installed and updated from the PowerShell Gallery.
+```
+
+#### Features:
+
+- The Radius Cert Deployment tool is now a PowerShell Module
+- The module and the cert locations are now configurable via a new public function `Set-JCRConfig`
+- All configuration settings which were previously stored in `config.ps1` are now variables configured with the `Set-JCRConfig` function
+- The module can be installed and updated from the PowerShell Gallery using `Install-Module JumpCloud.Radius`
+
+#### Bug Fixes:
+
+- Fixed an issue where the macOS CommandNames were not stored correctly in the users.json file.
+- Fixed an issue where the tool would not work correctly when only one user was assigned to the radius user group.
+
 ## 2.0.0
 
 Release Date: January 30, 2024

From b006c70022cb08eae461ca533b14c60f3d5a359f Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Thu, 3 Jul 2025 12:14:22 -0600
Subject: [PATCH 328/346] update module validation for radius

---
 .github/workflows/radius-release-workflow.yml | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/radius-release-workflow.yml b/.github/workflows/radius-release-workflow.yml
index 09d69e8ea..4339c7f8a 100644
--- a/.github/workflows/radius-release-workflow.yml
+++ b/.github/workflows/radius-release-workflow.yml
@@ -111,11 +111,17 @@ jobs:
           unzip $nupkgPath -d $NupkgPathDirectory/nupkg_module
           $moduleRootFiles = Get-ChildItem -File -Path:("$NupkgPathDirectory/nupkg_module")
           $moduleRootDirectories = Get-ChildItem -Directory -Path:("$NupkgPathDirectory/nupkg_module")
+          $moduleRootDirectory = "$NupkgPathDirectory/nupkg_module"
           Write-Host "Module Files:\n$moduleRootFiles"
           Write-Host "Module Directories:\n$moduleRootDirectories"
-          # Validate that the nuspec directory contains a Public/ Private directory
-          "Private" | should -bein $moduleRootDirectories.name
-          "Public" | should -bein $moduleRootDirectories.name
+          # Validate that the nuspec directory contains a Functions directory with a Public/ Private directory
+          "Functions" | should -bein $moduleRootDirectories.name
+          # the public and private directories should be inside the Functions directory
+          "Public" | should -bein (Get-ChildItem -Directory -Path:("$moduleRootDirectory/Functions")).name
+          "Private" | should -bein (Get-ChildItem -Directory -Path:("$moduleRootDirectory/Functions")).name
+          # Validate that the nuspec directory contains an Extensions directory
+          "Extensions" | should -bein $moduleRootDirectories.name
+
       - name: Upload Nupkg
         uses: ./.github/actions/upload-secure-artifact
         with:

From 73c476f4bcb48fa2b27be23fd160dd192aa940e0 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Thu, 3 Jul 2025 12:25:01 -0600
Subject: [PATCH 329/346] test build and pack

---
 .github/workflows/radius-release-workflow.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/radius-release-workflow.yml b/.github/workflows/radius-release-workflow.yml
index 4339c7f8a..d84e05124 100644
--- a/.github/workflows/radius-release-workflow.yml
+++ b/.github/workflows/radius-release-workflow.yml
@@ -120,7 +120,7 @@ jobs:
           "Public" | should -bein (Get-ChildItem -Directory -Path:("$moduleRootDirectory/Functions")).name
           "Private" | should -bein (Get-ChildItem -Directory -Path:("$moduleRootDirectory/Functions")).name
           # Validate that the nuspec directory contains an Extensions directory
-          "Extensions" | should -bein $moduleRootDirectories.name
+        #   "Extensions" | should -bein $moduleRootDirectories.name
 
       - name: Upload Nupkg
         uses: ./.github/actions/upload-secure-artifact

From 26ce5d6fdab1205c188badcac540639881021120 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Thu, 3 Jul 2025 12:35:54 -0600
Subject: [PATCH 330/346] test for extensions

---
 .github/workflows/radius-release-workflow.yml            | 4 ++--
 scripts/automation/Radius/JumpCloud.Radius.nuspec        | 2 +-
 scripts/automation/Radius/deploy/BuildNuspecFromPsd1.ps1 | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/radius-release-workflow.yml b/.github/workflows/radius-release-workflow.yml
index d84e05124..4b7d94aa3 100644
--- a/.github/workflows/radius-release-workflow.yml
+++ b/.github/workflows/radius-release-workflow.yml
@@ -120,13 +120,13 @@ jobs:
           "Public" | should -bein (Get-ChildItem -Directory -Path:("$moduleRootDirectory/Functions")).name
           "Private" | should -bein (Get-ChildItem -Directory -Path:("$moduleRootDirectory/Functions")).name
           # Validate that the nuspec directory contains an Extensions directory
-        #   "Extensions" | should -bein $moduleRootDirectories.name
+          "Extensions" | should -bein $moduleRootDirectories.name
 
       - name: Upload Nupkg
         uses: ./.github/actions/upload-secure-artifact
         with:
           name: radius-module-nupkg
-          path: D:/a/support/support/scripts/automation/Radius/JumpCloud.Radius*.nupkg
+          path: D:\a\support\support\scripts\automation\Radius\JumpCloud.Radius*.nupkg
           retention-days: 1
 
   #   Manual-Approval-Release:
diff --git a/scripts/automation/Radius/JumpCloud.Radius.nuspec b/scripts/automation/Radius/JumpCloud.Radius.nuspec
index 1fe3c8f3b..0b47f75f4 100644
--- a/scripts/automation/Radius/JumpCloud.Radius.nuspec
+++ b/scripts/automation/Radius/JumpCloud.Radius.nuspec
@@ -20,7 +20,7 @@
     <file src="en-Us/**/*.*" target="en-Us" />
     <file src="Functions/Public/**/*.ps1" target="Functions/Public" />
     <file src="Functions/Private/**/*.ps1" target="Functions/Private" />
-    <file src="Extensions/*.cnf" target="Extensions" />
+    <file src="Extensions/**/*.cnf" target="Extensions" />
     <file src="JumpCloud.Radius.psd1" />
     <file src="JumpCloud.Radius.psm1" />
     <file src="LICENSE" />
diff --git a/scripts/automation/Radius/deploy/BuildNuspecFromPsd1.ps1 b/scripts/automation/Radius/deploy/BuildNuspecFromPsd1.ps1
index aa7e63b94..a6a356887 100644
--- a/scripts/automation/Radius/deploy/BuildNuspecFromPsd1.ps1
+++ b/scripts/automation/Radius/deploy/BuildNuspecFromPsd1.ps1
@@ -4,7 +4,7 @@ $nuspecFiles = @(
     @{src = "en-Us/**/*.*"; target = "en-Us" },
     @{src = "Functions/Public/**/*.ps1"; target = "Functions/Public" },
     @{src = "Functions/Private/**/*.ps1"; target = "Functions/Private" },
-    @{src = "Extensions/*.cnf"; target = "Extensions" },
+    @{src = "Extensions/**/*.cnf"; target = "Extensions" },
     @{src = "JumpCloud.Radius.psd1" },
     @{src = "JumpCloud.Radius.psm1" },
     @{src = "LICENSE" },

From 9975fac491c255d23421d8e85275277f2f61c235 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Thu, 3 Jul 2025 12:37:46 -0600
Subject: [PATCH 331/346] radius tag

---
 .github/workflows/radius-release-workflow.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/radius-release-workflow.yml b/.github/workflows/radius-release-workflow.yml
index 4b7d94aa3..e7eadca83 100644
--- a/.github/workflows/radius-release-workflow.yml
+++ b/.github/workflows/radius-release-workflow.yml
@@ -147,7 +147,7 @@ jobs:
           VERSION=$(grep -Po "ModuleVersion\s*=\s*'\K[0-9]+\.[0-9]+\.[0-9]+" ${{ github.workspace }}/scripts/automation/Radius/JumpCloud.Radius.psd1)
           TITLE="JumpCloud Radius Module v$VERSION"
           CHANGELOG=$(cat ${{ github.workspace }}/scripts/automation/Radius/Changelog.md |awk "/^## $VERSION/{ f = 1; next } /## [0-9]+.[0-9]+.[0-9]+/{ f = 0 } f")
-          TAG="v$VERSION"
+          TAG="radius_v$VERSION"
           BODY="$TITLE $CHANGELOG"
 
           (gh release view $TAG && echo "Release exists for $TAG") || gh release create $TAG --title "$TITLE" --notes "$BODY" --draft

From b133df0be7fb8979238023c2426f114558007736 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Thu, 3 Jul 2025 12:44:35 -0600
Subject: [PATCH 332/346] escape paths

---
 .github/workflows/radius-release-workflow.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/radius-release-workflow.yml b/.github/workflows/radius-release-workflow.yml
index e7eadca83..c65452be1 100644
--- a/.github/workflows/radius-release-workflow.yml
+++ b/.github/workflows/radius-release-workflow.yml
@@ -126,7 +126,7 @@ jobs:
         uses: ./.github/actions/upload-secure-artifact
         with:
           name: radius-module-nupkg
-          path: D:\a\support\support\scripts\automation\Radius\JumpCloud.Radius*.nupkg
+          path: D:\\a\\support\\support\\scripts\\automation\\Radius\\JumpCloud.Radius*.nupkg
           retention-days: 1
 
   #   Manual-Approval-Release:

From eaad04ff7a5f2e7fcfb9f081555a5905038a38ef Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Thu, 3 Jul 2025 13:43:08 -0600
Subject: [PATCH 333/346] artifact upload

---
 .github/workflows/radius-release-workflow.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/radius-release-workflow.yml b/.github/workflows/radius-release-workflow.yml
index c65452be1..37f57aadb 100644
--- a/.github/workflows/radius-release-workflow.yml
+++ b/.github/workflows/radius-release-workflow.yml
@@ -126,7 +126,7 @@ jobs:
         uses: ./.github/actions/upload-secure-artifact
         with:
           name: radius-module-nupkg
-          path: D:\\a\\support\\support\\scripts\\automation\\Radius\\JumpCloud.Radius*.nupkg
+          path: "${{ github.workspace }}/scripts/automation/Radius/JumpCloud.Radius*.nupkg"
           retention-days: 1
 
   #   Manual-Approval-Release:

From 1e5e82af7239e8d9d2567e62a2540eb99ff49508 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Thu, 3 Jul 2025 13:54:56 -0600
Subject: [PATCH 334/346] upload path

---
 .github/workflows/radius-release-workflow.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/radius-release-workflow.yml b/.github/workflows/radius-release-workflow.yml
index 37f57aadb..a0fb6831c 100644
--- a/.github/workflows/radius-release-workflow.yml
+++ b/.github/workflows/radius-release-workflow.yml
@@ -126,7 +126,7 @@ jobs:
         uses: ./.github/actions/upload-secure-artifact
         with:
           name: radius-module-nupkg
-          path: "${{ github.workspace }}/scripts/automation/Radius/JumpCloud.Radius*.nupkg"
+          path: D:/a/support/support/scripts/automation/Radius/JumpCloud.Radius*.nupkg
           retention-days: 1
 
   #   Manual-Approval-Release:

From 8da0b158c8c694dccf0e7735fc29f638cdc24adc Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Thu, 3 Jul 2025 14:30:41 -0600
Subject: [PATCH 335/346] get artifact by path

---
 .github/workflows/radius-release-workflow.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/radius-release-workflow.yml b/.github/workflows/radius-release-workflow.yml
index a0fb6831c..41d8606f4 100644
--- a/.github/workflows/radius-release-workflow.yml
+++ b/.github/workflows/radius-release-workflow.yml
@@ -168,7 +168,7 @@ jobs:
           # add nuget source for PSGallery:
           dotnet nuget add source "https://www.powershellgallery.com/api/v2/package" --name PSGallery
           # get nupkg artifact:
-          $nupkgPath = (Get-ChildItem -Path:("${{ github.workspace }}/scripts/automation/Radius/JumpCloud.Radius*.nupkg")).FullName
+          $nupkgPath = (Get-ChildItem -Path:("D:/a/support/support/scripts/automation/Radius/JumpCloud.Radius*.nupkg")).FullName
           # test
           $nupkgPath | Should -Exist
           Write-Host "Nupkg Artifact Restored: $nupkgPath"

From 1c8e2bd081d68be4e185cd1e32c55f6350405e72 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Thu, 3 Jul 2025 14:36:42 -0600
Subject: [PATCH 336/346] artifact download path

---
 .github/workflows/radius-release-workflow.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/radius-release-workflow.yml b/.github/workflows/radius-release-workflow.yml
index 41d8606f4..88c9b1a3e 100644
--- a/.github/workflows/radius-release-workflow.yml
+++ b/.github/workflows/radius-release-workflow.yml
@@ -162,6 +162,7 @@ jobs:
         uses: actions/download-artifact@v4
         with:
           name: radius-module-nupkg
+          path: D:/a/support/support/scripts/automation/Radius/
       - name: Publish
         shell: pwsh
         run: |

From 16ffd129aff481ab41a43dab6e8be7e0c90c2973 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Mon, 7 Jul 2025 16:00:16 -0600
Subject: [PATCH 337/346] set code markers

---
 scripts/automation/Radius/readme.md | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/scripts/automation/Radius/readme.md b/scripts/automation/Radius/readme.md
index 480715547..d6933b9dd 100644
--- a/scripts/automation/Radius/readme.md
+++ b/scripts/automation/Radius/readme.md
@@ -33,8 +33,6 @@ ex:
 Set-JCRConfig -openSSLBinary '/opt/homebrew/opt/openssl@3/bin/openssl'
 ```
 
-````
-
 ### Windows Requirements
 
 Windows does not typically ship with a preconfigured version of OpenSSL but a pre-compiled version of OpenSSL can be installed from [Shining Light Productions](https://slproweb.com/products/Win32OpenSSL.html). These automations have been tested with the full installer (i.e. not the "Light") version of the tool. OpenSSL can of course be downloaded and configured from [source](https://www.openssl.org/source) if desired.
@@ -89,7 +87,7 @@ $settings = @{
 }
 
 Set-JCRConfig @settings
-````
+```
 
 #### Set or update the Radius Directory
 

From f043b598b6b03e3d94bd27b4f96947dd06eaae38 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Mon, 7 Jul 2025 16:02:10 -0600
Subject: [PATCH 338/346] indent

---
 scripts/automation/Radius/readme.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/automation/Radius/readme.md b/scripts/automation/Radius/readme.md
index d6933b9dd..2af181eee 100644
--- a/scripts/automation/Radius/readme.md
+++ b/scripts/automation/Radius/readme.md
@@ -79,7 +79,7 @@ $settings = @{
         Organization     = "Your_Organization_Name"
         OrganizationUnit = "Your_Organization_Unit"
         CommonName       = "Your_Common_Name"
-}
+    }
     certSecretPass                    = "secret1234!"
     networkSSID                       = "Your_SSID"
     userGroup                         = "5f3171a9232e1113939dd6a2"

From 6bd28ad6099bd0e215749f98499441faa8cf92b6 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Tue, 8 Jul 2025 10:50:23 -0600
Subject: [PATCH 339/346] readmes

---
 scripts/automation/Radius/readme.md | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/scripts/automation/Radius/readme.md b/scripts/automation/Radius/readme.md
index 2af181eee..240a5505d 100644
--- a/scripts/automation/Radius/readme.md
+++ b/scripts/automation/Radius/readme.md
@@ -66,7 +66,9 @@ At the time of this writing JumpCloud Module 2.1.3 was the latest version. Pleas
 
 ### Set the Radius Configuration Settings
 
-Before Running the `Start-RadiusDeployment` function, the environment variables for your JumpCloud Organization must first be set.
+Before Running the `Start-RadiusDeployment` function, the environment variables for your JumpCloud Organization must first be set. All of the required settings can be set at once or individually.
+
+To set all of the settings at once, run the `Set-JCRConfig` cmdlet with a hashtable containing all of the required settings. The following example shows how to set all of the required settings in one command:
 
 ```pwsh
 $settings = @{
@@ -101,7 +103,7 @@ Set-JCRConfig -radiusDirectory '/Users/username/RADIUS'
 
 #### Set or update the User Cert Validity Days
 
-The user certificate validity days is the number of days a user certificate will be valid for before it expires.
+The user certificate validity days is the number of days a user certificate will be valid for before it expires. The default value is 365 days.
 
 To set the user certificate validity days, run the following command in a PowerShell terminal window:
 
@@ -111,7 +113,7 @@ Set-JCRConfig -userCertValidityDays 365
 
 #### Set or update the CA Cert Validity Days
 
-The CA certificate validity days is the number of days a CA certificate will be valid for before it expires.
+The CA certificate validity days is the number of days a CA certificate will be valid for before it expires. The default value is 1095 days.
 
 To set the CA certificate validity days, run the following command in a PowerShell terminal window:
 

From 12afe1884e2808594d3c4760853f71da0a836960 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Tue, 8 Jul 2025 10:56:33 -0600
Subject: [PATCH 340/346] release on PR Closed to "Master Branch"

---
 .github/workflows/radius-release-workflow.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/radius-release-workflow.yml b/.github/workflows/radius-release-workflow.yml
index 88c9b1a3e..d74177e5d 100644
--- a/.github/workflows/radius-release-workflow.yml
+++ b/.github/workflows/radius-release-workflow.yml
@@ -1,12 +1,12 @@
 name: Release and Publish Radius Module
 on:
   pull_request:
-    # Sequence of patterns matched against refs/heads
+    types:
+      - closed
     branches:
       - "master"
     paths:
       - "scripts/automation/Radius/**"
-    types: [opened, synchronize, reopened, labeled, unlabeled]
 
 jobs:
   Check-If-Merged:

From 08ad2f75442392200d397866856b2e0a1bebd3d2 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Tue, 8 Jul 2025 10:57:17 -0600
Subject: [PATCH 341/346] test CI on PR to "Master Branch"

---
 .github/workflows/radius-module-ci.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/radius-module-ci.yml b/.github/workflows/radius-module-ci.yml
index beecf2d07..ce133aa67 100644
--- a/.github/workflows/radius-module-ci.yml
+++ b/.github/workflows/radius-module-ci.yml
@@ -4,7 +4,7 @@ on:
   pull_request:
     # Sequence of patterns matched against refs/heads
     branches:
-      - "Radius_2.1.0"
+      - "master"
     paths:
       - "scripts/automation/Radius/**"
     types: [opened, synchronize, reopened, labeled, unlabeled]

From 1decc64b82b14ddbde9fdff18843b36c8d95fc1b Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Tue, 8 Jul 2025 12:19:43 -0600
Subject: [PATCH 342/346] gate approval with manual step

---
 .github/workflows/radius-release-workflow.yml | 20 +++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/.github/workflows/radius-release-workflow.yml b/.github/workflows/radius-release-workflow.yml
index d74177e5d..43a0d55e5 100644
--- a/.github/workflows/radius-release-workflow.yml
+++ b/.github/workflows/radius-release-workflow.yml
@@ -129,16 +129,16 @@ jobs:
           path: D:/a/support/support/scripts/automation/Radius/JumpCloud.Radius*.nupkg
           retention-days: 1
 
-  #   Manual-Approval-Release:
-  #     needs: ["Check-PR-Labels", "Setup-Build-Dependencies"]
-  #     environment: PublishToPSGallery
-  #     runs-on: ubuntu-latest
-  #     steps:
-  #       - name: Manual Approval for Release
-  #         run: echo "Awaiting approval from required reviewers before continuing"
+  Manual-Approval-Release:
+    needs: ["Check-PR-Labels", "Setup-Build-Dependencies"]
+    environment: PublishToPSGallery
+    runs-on: ubuntu-latest
+    steps:
+      - name: Manual Approval for Release
+        run: echo "Awaiting approval from required reviewers before continuing"
 
   Draft-GH-Release:
-    needs: [Build-Nuspec-Nupkg]
+    needs: [Build-Nuspec-Nupkg, Manual-Approval-Release]
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
@@ -155,7 +155,7 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
   Deploy-Nupkg:
-    needs: [Build-Nuspec-Nupkg]
+    needs: [Build-Nuspec-Nupkg, Manual-Approval-Release]
     runs-on: windows-latest
     steps:
       - name: Download nupkg artifact
@@ -174,7 +174,7 @@ jobs:
           $nupkgPath | Should -Exist
           Write-Host "Nupkg Artifact Restored: $nupkgPath"
           # nuget push from here:
-          #   dotnet nuget push $nupkgPath --source PSGallery --api-key $env:NuGetApiKey
+          dotnet nuget push $nupkgPath --source PSGallery --api-key $env:NuGetApiKey
         env:
           NuGetApiKey: ${{ secrets.NUGETAPIKEY }}
 

From 6932c8ab0bf73b435bd5f9fa73dc450d6b4d4b09 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Tue, 8 Jul 2025 12:53:57 -0600
Subject: [PATCH 343/346] readme suggestions

---
 scripts/automation/Radius/readme.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/scripts/automation/Radius/readme.md b/scripts/automation/Radius/readme.md
index 240a5505d..94a972fe4 100644
--- a/scripts/automation/Radius/readme.md
+++ b/scripts/automation/Radius/readme.md
@@ -23,9 +23,9 @@ macOS ships with a version of OpenSSL titled LibreSSL. LibreSSL is sufficient to
 
 To install the latest version of OpenSSL on mac, install the [Homebrew package manager](https://brew.sh/) and install the following [formulae](https://formulae.brew.sh/formula/openssl@3)
 
-Some packages or applications in macOS rely on the pre-configured LibreSSL distribution. To use the Homebrew distribution of OpenSSL in this project, simply change the `openSSLBinary` setting to point to the Homebrew bin location ex:
+Some packages or applications in macOS rely on the pre-configured LibreSSL distribution. To use the Homebrew distribution of OpenSSL in this project, simply change the `openSSLBinary` setting with `Set-JCRConfig` to point to the Homebrew bin location ex:
 
-Update the `openSSLBinary` to point to `'/usr/local/Cellar/openssl@3/3.1.1/bin/openssl'`\*\*\*\*
+Update the `openSSLBinary` to point to `'/usr/local/Cellar/openssl@3/3.1.1/bin/openssl'`.
 
 ex:
 

From 3b3fd3df55b5de36dd792f64c3ad5113887b4319 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Tue, 8 Jul 2025 12:55:26 -0600
Subject: [PATCH 344/346] multi_group_radius cleanup

---
 scripts/automation/Radius/multi_group_radius.ps1 | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/scripts/automation/Radius/multi_group_radius.ps1 b/scripts/automation/Radius/multi_group_radius.ps1
index 6131b3599..ec939f16d 100644
--- a/scripts/automation/Radius/multi_group_radius.ps1
+++ b/scripts/automation/Radius/multi_group_radius.ps1
@@ -1,5 +1,3 @@
-# Get the config path, set this value
-$configPath = "$PSScriptRoot/config.ps1"
 # define the PSD1 path:
 $psd1Path = "$PSScriptRoot/JumpCloud.Radius.psd1"
 $logPath = "$PSScriptRoot/log.txt"
@@ -55,7 +53,13 @@ Function Write-ToLog {
 Write-ToLog -Message ('########### Begin Radius Deployment ###########')
 
 Write-ToLog -Message ('Begin setting environment variables')
-#TODO: validate the paths exist ^^
+If (!(Test-Path "$PSScriptRoot/keyCert.encrypted")) {
+    throw "The keyCert.encrypted file does not exist at path: $PSScriptRoot/keyCert.encrypted"
+}
+If (!(Test-Path "$PSScriptRoot/key.encrypted")) {
+    throw "The key.encrypted file does not exist at path: $PSScriptRoot/key.encrypted"
+}
+
 $EncryptedCertData = Get-Content "$PSScriptRoot/keyCert.encrypted"
 $env:certKeyPassword = $EncryptedCertData | ConvertTo-SecureString | ConvertFrom-SecureString -AsPlainText
 $EncryptedData = Get-Content "$PSScriptRoot/key.encrypted"

From b9b9ea5dfe800f95700bb1d86bdb6a1ff7daeddb Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Tue, 8 Jul 2025 13:12:21 -0600
Subject: [PATCH 345/346] docs

---
 .../Radius/docs/Get-JCRCertReport.md          | 21 +++++---
 .../Radius/docs/Get-JCRGlobalVars.md          | 20 ++++++--
 .../automation/Radius/docs/Set-JCRConfig.md   | 44 +++++++++++++++--
 .../Radius/docs/Start-DeployUserCerts.md      | 22 +++++++--
 .../Radius/docs/Start-GenerateRootCert.md     | 23 +++++++--
 .../Radius/docs/Start-GenerateUserCerts.md    | 21 ++++++--
 .../docs/Start-MonitorCertDeployment.md       | 14 ++++--
 .../Radius/docs/Start-RadiusDeployment.md     | 14 ++++--
 .../Radius/docs/Update-JCRModule.md           | 18 +++++--
 .../Radius/docs/about_JumpCloud.Radius.md     | 49 ++++---------------
 10 files changed, 165 insertions(+), 81 deletions(-)

diff --git a/scripts/automation/Radius/docs/Get-JCRCertReport.md b/scripts/automation/Radius/docs/Get-JCRCertReport.md
index 6877b4508..2962f1446 100644
--- a/scripts/automation/Radius/docs/Get-JCRCertReport.md
+++ b/scripts/automation/Radius/docs/Get-JCRCertReport.md
@@ -8,7 +8,8 @@ schema: 2.0.0
 # Get-JCRCertReport
 
 ## SYNOPSIS
-{{ Fill in the Synopsis }}
+
+This cmdlet generates a report of RADIUS certificates for JumpCloud devices and their associated users.
 
 ## SYNTAX
 
@@ -17,21 +18,26 @@ Get-JCRCertReport [-ExportFilePath] <FileInfo> [<CommonParameters>]
 ```
 
 ## DESCRIPTION
-{{ Fill in the Description }}
+
+This cmdlet generates a report of RADIUS certificates for JumpCloud devices and their associated users.
+
+The report includes details such as certificate installation status, and user associations.
 
 ## EXAMPLES
 
 ### Example 1
+
 ```powershell
-PS C:\> {{ Add example code here }}
+Get-JCRCertReport -ExportFilePath "C:\Reports\RadiusCertReport.csv"
 ```
 
-{{ Add example description here }}
+This command generates a report of RADIUS certificates and exports it to a CSV file at the specified path.
 
 ## PARAMETERS
 
 ### -ExportFilePath
-{{ Fill ExportFilePath Description }}
+
+Specifies the file path where the report will be exported.
 
 ```yaml
 Type: System.IO.FileInfo
@@ -46,14 +52,17 @@ Accept wildcard characters: False
 ```
 
 ### CommonParameters
+
 This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).
 
 ## INPUTS
 
 ### None
+
 ## OUTPUTS
 
 ### System.Object
+
 ## NOTES
 
-## RELATED LINKS
+## RELATED LINKS
diff --git a/scripts/automation/Radius/docs/Get-JCRGlobalVars.md b/scripts/automation/Radius/docs/Get-JCRGlobalVars.md
index 066a0ba8b..3d4533526 100644
--- a/scripts/automation/Radius/docs/Get-JCRGlobalVars.md
+++ b/scripts/automation/Radius/docs/Get-JCRGlobalVars.md
@@ -8,7 +8,8 @@ schema: 2.0.0
 # Get-JCRGlobalVars
 
 ## SYNOPSIS
-{{ Fill in the Synopsis }}
+
+This function retrieves and updates global variables related to JumpCloud Radius deployment, including user associations and system caches.
 
 ## SYNTAX
 
@@ -18,20 +19,23 @@ Get-JCRGlobalVars [-force] [-skipAssociation] [-associateManually] [[-associatio
 ```
 
 ## DESCRIPTION
-{{ Fill in the Description }}
+
+This function retrieves and updates global variables related to JumpCloud Radius deployment, including user associations and system caches.
 
 ## EXAMPLES
 
 ### Example 1
+
 ```powershell
-PS C:\> {{ Add example code here }}
+Get-JCRGlobalVars -force
 ```
 
-{{ Add example description here }}
+This command forces an update of all cached users, systems, associations, and RADIUS group members.
 
 ## PARAMETERS
 
 ### -associateManually
+
 Updates the system to user association cache manually using the graph api
 
 ```yaml
@@ -47,6 +51,7 @@ Accept wildcard characters: False
 ```
 
 ### -associationUsername
+
 Updates just a single user's associations manually using the graph api
 
 ```yaml
@@ -62,6 +67,7 @@ Accept wildcard characters: False
 ```
 
 ### -force
+
 Force update all cached users, systems, associations, radius group members
 
 ```yaml
@@ -77,6 +83,7 @@ Accept wildcard characters: False
 ```
 
 ### -skipAssociation
+
 Skips the user to system association cache, which may take a long time on larger organizations
 
 ```yaml
@@ -92,14 +99,17 @@ Accept wildcard characters: False
 ```
 
 ### CommonParameters
+
 This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).
 
 ## INPUTS
 
 ### None
+
 ## OUTPUTS
 
 ### System.Object
+
 ## NOTES
 
-## RELATED LINKS
+## RELATED LINKS
diff --git a/scripts/automation/Radius/docs/Set-JCRConfig.md b/scripts/automation/Radius/docs/Set-JCRConfig.md
index 3fe398f4b..070120a2f 100644
--- a/scripts/automation/Radius/docs/Set-JCRConfig.md
+++ b/scripts/automation/Radius/docs/Set-JCRConfig.md
@@ -8,7 +8,8 @@ schema: 2.0.0
 # Set-JCRConfig
 
 ## SYNOPSIS
-{{ Fill in the Synopsis }}
+
+This function sets the configuration for the JumpCloud Radius module, allowing you to specify various parameters such as certificate subject headers, network SSID, last update timestamp, certificate secret password, OpenSSL binary path, user certificate validity days, radius directory, CA certificate validity days, user group, certificate expiration warning days, and certificate type.
 
 ## SYNTAX
 
@@ -20,20 +21,40 @@ Set-JCRConfig [-certSubjectHeader <Hashtable>] [-networkSSID <String>]
 ```
 
 ## DESCRIPTION
-{{ Fill in the Description }}
+
+This function sets the configuration for the JumpCloud Radius module. It allows you to specify various parameters such as certificate subject headers, network SSID, last update timestamp, certificate secret password, OpenSSL binary path, user certificate validity days, radius directory, CA certificate validity days, user group, certificate expiration warning days, and certificate type.
 
 ## EXAMPLES
 
 ### Example 1
+
 ```powershell
-PS C:\> {{ Add example code here }}
+$settings = @{
+    radiusDirectory                   = "/Users/username/RADIUS"
+    certType                          = "UsernameCn"
+    certSubjectHeader @{
+        CountryCode      = "Your_Country_Code"
+        StateCode        = "Your_State_Code"
+        Locality         = "Your_City"
+        Organization     = "Your_Organization_Name"
+        OrganizationUnit = "Your_Organization_Unit"
+        CommonName       = "Your_Common_Name"
+    }
+    certSecretPass                    = "secret1234!"
+    networkSSID                       = "Your_SSID"
+    userGroup                         = "5f3171a9232e1113939dd6a2"
+    openSSLBinary                     = '/opt/homebrew/bin/openssl'
+}
+
+Set-JCRConfig @settings
 ```
 
-{{ Add example description here }}
+This command sets the required configuration for the JumpCloud Radius module using the specified settings.
 
 ## PARAMETERS
 
 ### -caCertValidityDays
+
 sets the caCertValidityDays config for the module
 
 ```yaml
@@ -49,6 +70,7 @@ Accept wildcard characters: False
 ```
 
 ### -certExpirationWarningDays
+
 sets the certExpirationWarningDays config for the module
 
 ```yaml
@@ -64,6 +86,7 @@ Accept wildcard characters: False
 ```
 
 ### -certSecretPass
+
 sets the certSecretPass config for the module
 
 ```yaml
@@ -79,6 +102,7 @@ Accept wildcard characters: False
 ```
 
 ### -certSubjectHeader
+
 sets the certSubjectHeader config for the module
 
 ```yaml
@@ -94,6 +118,7 @@ Accept wildcard characters: False
 ```
 
 ### -certType
+
 sets the certType config for the module
 
 ```yaml
@@ -109,6 +134,7 @@ Accept wildcard characters: False
 ```
 
 ### -lastUpdate
+
 sets the lastUpdate config for the module
 
 ```yaml
@@ -124,6 +150,7 @@ Accept wildcard characters: False
 ```
 
 ### -networkSSID
+
 sets the networkSSID config for the module
 
 ```yaml
@@ -139,6 +166,7 @@ Accept wildcard characters: False
 ```
 
 ### -openSSLBinary
+
 sets the openSSLBinary config for the module
 
 ```yaml
@@ -154,6 +182,7 @@ Accept wildcard characters: False
 ```
 
 ### -radiusDirectory
+
 sets the radiusDirectory config for the module
 
 ```yaml
@@ -169,6 +198,7 @@ Accept wildcard characters: False
 ```
 
 ### -userCertValidityDays
+
 sets the userCertValidityDays config for the module
 
 ```yaml
@@ -184,6 +214,7 @@ Accept wildcard characters: False
 ```
 
 ### -userGroup
+
 sets the userGroup config for the module
 
 ```yaml
@@ -199,14 +230,17 @@ Accept wildcard characters: False
 ```
 
 ### CommonParameters
+
 This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).
 
 ## INPUTS
 
 ### None
+
 ## OUTPUTS
 
 ### System.Object
+
 ## NOTES
 
-## RELATED LINKS
+## RELATED LINKS
diff --git a/scripts/automation/Radius/docs/Start-DeployUserCerts.md b/scripts/automation/Radius/docs/Start-DeployUserCerts.md
index cf5e5c6a5..49a379420 100644
--- a/scripts/automation/Radius/docs/Start-DeployUserCerts.md
+++ b/scripts/automation/Radius/docs/Start-DeployUserCerts.md
@@ -8,36 +8,42 @@ schema: 2.0.0
 # Start-DeployUserCerts
 
 ## SYNOPSIS
-{{ Fill in the Synopsis }}
+
+This function initiates the deployment of user certificates for JumpCloud Managed Users.
 
 ## SYNTAX
 
 ### gui (Default)
+
 ```
 Start-DeployUserCerts [<CommonParameters>]
 ```
 
 ### cli
+
 ```
 Start-DeployUserCerts -type <String> [-username <String>] [-forceInvokeCommands] [-forceGenerateCommands]
  [<CommonParameters>]
 ```
 
 ## DESCRIPTION
-{{ Fill in the Description }}
+
+Typically called using a CLI method in scripts this function initiates the deployment of user certificates for JumpCloud Managed Users. It can be used to generate new commands or invoke existing ones based on the specified parameters.
 
 ## EXAMPLES
 
 ### Example 1
+
 ```powershell
-PS C:\> {{ Add example code here }}
+Start-DeployUserCerts -type "New" -forceInvokeCommands
 ```
 
-{{ Add example description here }}
+This command initiates the deployment of new user certificates and forces the invocation of generated commands on the systems.
 
 ## PARAMETERS
 
 ### -forceGenerateCommands
+
 Switch to force generate new commands on systems
 
 ```yaml
@@ -53,6 +59,7 @@ Accept wildcard characters: False
 ```
 
 ### -forceInvokeCommands
+
 Switch to force invoke generated commands on systems
 
 ```yaml
@@ -68,6 +75,7 @@ Accept wildcard characters: False
 ```
 
 ### -type
+
 Type of cert deployment to initiate
 
 ```yaml
@@ -84,6 +92,7 @@ Accept wildcard characters: False
 ```
 
 ### -username
+
 The JumpCloud username of a user to deploy a certificate
 
 ```yaml
@@ -99,14 +108,17 @@ Accept wildcard characters: False
 ```
 
 ### CommonParameters
+
 This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).
 
 ## INPUTS
 
 ### None
+
 ## OUTPUTS
 
 ### System.Object
+
 ## NOTES
 
-## RELATED LINKS
+## RELATED LINKS
diff --git a/scripts/automation/Radius/docs/Start-GenerateRootCert.md b/scripts/automation/Radius/docs/Start-GenerateRootCert.md
index 236358ab8..b8b5c7aa3 100644
--- a/scripts/automation/Radius/docs/Start-GenerateRootCert.md
+++ b/scripts/automation/Radius/docs/Start-GenerateRootCert.md
@@ -8,27 +8,38 @@ schema: 2.0.0
 # Start-GenerateRootCert
 
 ## SYNOPSIS
-{{ Fill in the Synopsis }}
+
+This function generates a root certificate for the JumpCloud Radius module, allowing you to create or replace the root certificate as needed.
 
 ## SYNTAX
 
 ### gui (Default)
+
 ```
 Start-GenerateRootCert [<CommonParameters>]
 ```
 
 ### cli
+
 ```
 Start-GenerateRootCert [-certKeyPassword <String>] [-generateType <String>] [-force]
  [<CommonParameters>]
 ```
 
 ## DESCRIPTION
-{{ Fill in the Description }}
+
+This function generates a root certificate for the JumpCloud Radius module. It allows you to specify whether to create a new certificate, replace an existing one, or renew the current certificate. The function can also handle the root certificate key password and force replacement of existing certificates if specified.
 
 ## EXAMPLES
 
 ### Example 1
+
+```powershell
+Start-GenerateRootCert -generateType "New" -certKeyPassword "your_password" -force
+```
+
+This command generates a new root certificate for the JumpCloud Radius module, using the specified key password and forcing replacement of any existing certificates.
+
 ```powershell
 PS C:\> {{ Add example code here }}
 ```
@@ -38,6 +49,7 @@ PS C:\> {{ Add example code here }}
 ## PARAMETERS
 
 ### -certKeyPassword
+
 The root certificate key password
 
 ```yaml
@@ -53,6 +65,7 @@ Accept wildcard characters: False
 ```
 
 ### -force
+
 When specified, this parameter will replace certificates if they already exist on the current filesystem
 
 ```yaml
@@ -68,6 +81,7 @@ Accept wildcard characters: False
 ```
 
 ### -generateType
+
 Select an option to generate or replace the root certificate
 
 ```yaml
@@ -84,14 +98,17 @@ Accept wildcard characters: False
 ```
 
 ### CommonParameters
+
 This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).
 
 ## INPUTS
 
 ### None
+
 ## OUTPUTS
 
 ### System.Object
+
 ## NOTES
 
-## RELATED LINKS
+## RELATED LINKS
diff --git a/scripts/automation/Radius/docs/Start-GenerateUserCerts.md b/scripts/automation/Radius/docs/Start-GenerateUserCerts.md
index 0af03ee81..b2643ff92 100644
--- a/scripts/automation/Radius/docs/Start-GenerateUserCerts.md
+++ b/scripts/automation/Radius/docs/Start-GenerateUserCerts.md
@@ -8,36 +8,42 @@ schema: 2.0.0
 # Start-GenerateUserCerts
 
 ## SYNOPSIS
-{{ Fill in the Synopsis }}
+
+This function generates user certificates for JumpCloud Managed Users, allowing you to specify the type of certificate generation and whether to replace existing certificates.
 
 ## SYNTAX
 
 ### gui (Default)
+
 ```
 Start-GenerateUserCerts [<CommonParameters>]
 ```
 
 ### cli
+
 ```
 Start-GenerateUserCerts -type <String> [-username <String>] [-forceReplaceCerts]
  [<CommonParameters>]
 ```
 
 ## DESCRIPTION
-{{ Fill in the Description }}
+
+This function generates user certificates for JumpCloud Managed Users. It allows you to specify the type of certificate generation, such as generating certificates for all users, new users, by username, or for users with expiring certificates. The function can also replace existing certificates if specified.
 
 ## EXAMPLES
 
 ### Example 1
+
 ```powershell
-PS C:\> {{ Add example code here }}
+Start-GenerateUserCerts -type "New"
 ```
 
-{{ Add example description here }}
+This command generates user certificates for users who have not yet had certificates generated.
 
 ## PARAMETERS
 
 ### -forceReplaceCerts
+
 When specified, this parameter will replace certificates if they already exist on the current filesystem
 
 ```yaml
@@ -53,6 +59,7 @@ Accept wildcard characters: False
 ```
 
 ### -type
+
 Type of certificate to initialize.
 To generate all new certificates for existing users, specify "all", To generate certificates for users who have not yet had certificates generated, specify "new".
 To generate certificates by an individual, speficy "ByUsername" and populate the "username" parameter.
@@ -72,6 +79,7 @@ Accept wildcard characters: False
 ```
 
 ### -username
+
 The JumpCloud username of an individual user
 
 ```yaml
@@ -87,14 +95,17 @@ Accept wildcard characters: False
 ```
 
 ### CommonParameters
+
 This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).
 
 ## INPUTS
 
 ### None
+
 ## OUTPUTS
 
 ### System.Object
+
 ## NOTES
 
-## RELATED LINKS
+## RELATED LINKS
diff --git a/scripts/automation/Radius/docs/Start-MonitorCertDeployment.md b/scripts/automation/Radius/docs/Start-MonitorCertDeployment.md
index 7b125dc05..da8d03740 100644
--- a/scripts/automation/Radius/docs/Start-MonitorCertDeployment.md
+++ b/scripts/automation/Radius/docs/Start-MonitorCertDeployment.md
@@ -8,7 +8,8 @@ schema: 2.0.0
 # Start-MonitorCertDeployment
 
 ## SYNOPSIS
-{{ Fill in the Synopsis }}
+
+This function monitors the deployment of certificates for JumpCloud Managed Users, ensuring that the deployment process is tracked and any issues are logged.
 
 ## SYNTAX
 
@@ -17,28 +18,33 @@ Start-MonitorCertDeployment [<CommonParameters>]
 ```
 
 ## DESCRIPTION
-{{ Fill in the Description }}
+
+This function monitors the deployment of certificates for JumpCloud Managed Users. It is designed to track the progress of certificate deployment.
 
 ## EXAMPLES
 
 ### Example 1
+
 ```powershell
-PS C:\> {{ Add example code here }}
+Start-MonitorCertDeployment
 ```
 
-{{ Add example description here }}
+This command starts monitoring the certificate deployment process for JumpCloud Managed Users.
 
 ## PARAMETERS
 
 ### CommonParameters
+
 This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).
 
 ## INPUTS
 
 ### None
+
 ## OUTPUTS
 
 ### System.Object
+
 ## NOTES
 
 ## RELATED LINKS
diff --git a/scripts/automation/Radius/docs/Start-RadiusDeployment.md b/scripts/automation/Radius/docs/Start-RadiusDeployment.md
index 321cc15ab..d35fe4903 100644
--- a/scripts/automation/Radius/docs/Start-RadiusDeployment.md
+++ b/scripts/automation/Radius/docs/Start-RadiusDeployment.md
@@ -8,7 +8,8 @@ schema: 2.0.0
 # Start-RadiusDeployment
 
 ## SYNOPSIS
-{{ Fill in the Synopsis }}
+
+This function is the root menu for the GUI portion of the JumpCloud Radius module. It provides a user interface for managing Radius deployments, including generating root certificates, user certificates, and monitoring deployments.
 
 ## SYNTAX
 
@@ -17,28 +18,33 @@ Start-RadiusDeployment [<CommonParameters>]
 ```
 
 ## DESCRIPTION
-{{ Fill in the Description }}
+
+This function is the root menu for the GUI portion of the JumpCloud Radius module. It provides a user interface for managing Radius deployments, including generating root certificates, user certificates, and monitoring deployments. The GUI allows users to easily navigate through various options related to Radius management without needing to use command-line parameters.
 
 ## EXAMPLES
 
 ### Example 1
+
 ```powershell
-PS C:\> {{ Add example code here }}
+Start-RadiusDeployment
 ```
 
-{{ Add example description here }}
+This command starts the GUI for managing Radius deployments, allowing users to generate root certificates, user certificates, and monitor deployments through a user-friendly interface.
 
 ## PARAMETERS
 
 ### CommonParameters
+
 This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).
 
 ## INPUTS
 
 ### None
+
 ## OUTPUTS
 
 ### System.Object
+
 ## NOTES
 
 ## RELATED LINKS
diff --git a/scripts/automation/Radius/docs/Update-JCRModule.md b/scripts/automation/Radius/docs/Update-JCRModule.md
index 29806b814..e2e440589 100644
--- a/scripts/automation/Radius/docs/Update-JCRModule.md
+++ b/scripts/automation/Radius/docs/Update-JCRModule.md
@@ -8,7 +8,8 @@ schema: 2.0.0
 # Update-JCRModule
 
 ## SYNOPSIS
-{{ Fill in the Synopsis }}
+
+This function updates the JumpCloud Radius module, ensuring that the latest configurations and settings are applied.
 
 ## SYNTAX
 
@@ -17,20 +18,23 @@ Update-JCRModule [-Force] [[-Repository] <String>] [<CommonParameters>]
 ```
 
 ## DESCRIPTION
-{{ Fill in the Description }}
+
+This function will check if there are any updates available for the JumpCloud Radius module and apply them if necessary. It can also bypass user prompts if the `-Force` parameter is specified.
 
 ## EXAMPLES
 
 ### Example 1
+
 ```powershell
-PS C:\> {{ Add example code here }}
+Update-JCRModule -Force
 ```
 
-{{ Add example description here }}
+This command forces the update of the JumpCloud Radius module without any user prompts.
 
 ## PARAMETERS
 
 ### -Force
+
 ByPasses user prompts.
 
 ```yaml
@@ -46,6 +50,7 @@ Accept wildcard characters: False
 ```
 
 ### -Repository
+
 Set the PSRepository
 
 ```yaml
@@ -61,14 +66,17 @@ Accept wildcard characters: False
 ```
 
 ### CommonParameters
+
 This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).
 
 ## INPUTS
 
 ### None
+
 ## OUTPUTS
 
 ### System.Object
+
 ## NOTES
 
-## RELATED LINKS
+## RELATED LINKS
diff --git a/scripts/automation/Radius/docs/about_JumpCloud.Radius.md b/scripts/automation/Radius/docs/about_JumpCloud.Radius.md
index 62fd4e103..43bbf7373 100644
--- a/scripts/automation/Radius/docs/about_JumpCloud.Radius.md
+++ b/scripts/automation/Radius/docs/about_JumpCloud.Radius.md
@@ -1,57 +1,28 @@
 # JumpCloud.Radius
-## about_JumpCloud.Radius
 
-```
-ABOUT TOPIC NOTE:
-The first header of the about topic should be the topic name.
-The second header contains the lookup name used by the help system.
-
-IE:
-# Some Help Topic Name
-## SomeHelpTopicFileName
-
-This will be transformed into the text file
-as `about_SomeHelpTopicFileName`.
-Do not include file extensions.
-The second header should have no spaces.
-```
+## about_JumpCloud.Radius
 
 # SHORT DESCRIPTION
-{{ Short Description Placeholder }}
 
-```
-ABOUT TOPIC NOTE:
-About topics can be no longer than 80 characters wide when rendered to text.
-Any topics greater than 80 characters will be automatically wrapped.
-The generated about topic will be encoded UTF-8.
-```
+PowerShell module to generate and manage RADIUS certs for JumpCloud Managed Users.
 
 # LONG DESCRIPTION
-{{ Long Description Placeholder }}
 
-## Optional Subtopics
-{{ Optional Subtopic Placeholder }}
+This module provides cmdlets for generating and managing RADIUS certificates for users in JumpCloud. It simplifies the process of creating, deploying, and renewing certificates, ensuring secure authentication for clients connecting to JumpCloud Radius-Backed networks.
 
 # EXAMPLES
-{{ Code or descriptive examples of how to leverage the functions described. }}
 
-# NOTE
-{{ Note Placeholder - Additional information that a user needs to know.}}
+```
+# Open the GUI menu to begin the process of generating and managing RADIUS certs.
+Start-RadiusDeployment
+```
 
 # TROUBLESHOOTING NOTE
-{{ Troubleshooting Placeholder - Warns users of bugs}}
 
-{{ Explains behavior that is likely to change with fixes }}
+This module requires the JumpCloud Module to be installed and configured. Ensure you have the necessary permissions and API keys set up in your JumpCloud account.
 
-# SEE ALSO
-{{ See also placeholder }}
+Please view the reademe.md for this module for more information on how to set up the environment and prerequisites.
 
-{{ You can also list related articles, blogs, and video URLs. }}
+# SEE ALSO
 
 # KEYWORDS
-{{List alternate names or titles for this topic that readers might use.}}
-
-- {{ Keyword Placeholder }}
-- {{ Keyword Placeholder }}
-- {{ Keyword Placeholder }}
-- {{ Keyword Placeholder }}

From 118ee602fd2dca7a814c5f43e57f8dc3dcfbb5e1 Mon Sep 17 00:00:00 2001
From: Joe Workman <joe.workman@jumpcloud.com>
Date: Tue, 8 Jul 2025 13:14:32 -0600
Subject: [PATCH 346/346] radius docs + module update

---
 .../automation/Radius/JumpCloud.Radius.psd1   | 166 +++----
 .../Radius/docs/Get-JCRCertReport.md          |   5 +-
 .../Radius/docs/Get-JCRGlobalVars.md          |   5 +-
 .../Radius/docs/JumpCloud.Radius.md           |  23 +-
 .../automation/Radius/docs/Set-JCRConfig.md   |  13 +-
 .../Radius/docs/Start-DeployUserCerts.md      |   7 +-
 .../Radius/docs/Start-GenerateRootCert.md     |  13 +-
 .../Radius/docs/Start-GenerateUserCerts.md    |   7 +-
 .../docs/Start-MonitorCertDeployment.md       |   3 -
 .../Radius/docs/Start-RadiusDeployment.md     |   3 -
 .../Radius/docs/Update-JCRModule.md           |   5 +-
 .../Radius/en-Us/JumpCloud.Radius-help.xml    | 418 +++---------------
 .../en-Us/about_JumpCloud.Radius.help.txt     |  52 +--
 13 files changed, 172 insertions(+), 548 deletions(-)

diff --git a/scripts/automation/Radius/JumpCloud.Radius.psd1 b/scripts/automation/Radius/JumpCloud.Radius.psd1
index ee9d7e06d..7947ab4ea 100644
--- a/scripts/automation/Radius/JumpCloud.Radius.psd1
+++ b/scripts/automation/Radius/JumpCloud.Radius.psd1
@@ -3,133 +3,133 @@
 #
 # Generated by: JumpCloud Customer Tools Team
 #
-# Generated on: 6/20/2025
+# Generated on: 7/8/2025
 #
 
 @{
 
-    # Script module or binary module file associated with this manifest.
-    RootModule        = 'JumpCloud.Radius.psm1'
+# Script module or binary module file associated with this manifest.
+RootModule = 'JumpCloud.Radius.psm1'
 
-    # Version number of this module.
-    ModuleVersion     = '2.1.0'
+# Version number of this module.
+ModuleVersion = '2.1.0'
 
-    # Supported PSEditions
-    # CompatiblePSEditions = @()
+# Supported PSEditions
+# CompatiblePSEditions = @()
 
-    # ID used to uniquely identify this module
-    GUID              = '71bfaf58-3326-4512-9a7f-a2d9dc19d6b5'
+# ID used to uniquely identify this module
+GUID = '71bfaf58-3326-4512-9a7f-a2d9dc19d6b5'
 
-    # Author of this module
-    Author            = 'JumpCloud Customer Tools Team'
+# Author of this module
+Author = 'JumpCloud Customer Tools Team'
 
-    # Company or vendor of this module
-    CompanyName       = 'JumpCloud'
+# Company or vendor of this module
+CompanyName = 'JumpCloud'
 
-    # Copyright statement for this module
-    Copyright         = '(c) JumpCloud. All rights reserved.'
+# Copyright statement for this module
+Copyright = '(c) JumpCloud. All rights reserved.'
 
-    # Description of the functionality provided by this module
-    Description       = 'Module for managing JumpCloud Radius user certificates.'
+# Description of the functionality provided by this module
+Description = 'Module for managing JumpCloud Radius user certificates.'
 
-    # Minimum version of the PowerShell engine required by this module
-    PowerShellVersion = '7.0.0'
+# Minimum version of the PowerShell engine required by this module
+PowerShellVersion = '7.0.0'
 
-    # Name of the PowerShell host required by this module
-    # PowerShellHostName = ''
+# Name of the PowerShell host required by this module
+# PowerShellHostName = ''
 
-    # Minimum version of the PowerShell host required by this module
-    # PowerShellHostVersion = ''
+# Minimum version of the PowerShell host required by this module
+# PowerShellHostVersion = ''
 
-    # Minimum version of Microsoft .NET Framework required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
-    # DotNetFrameworkVersion = ''
+# Minimum version of Microsoft .NET Framework required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
+# DotNetFrameworkVersion = ''
 
-    # Minimum version of the common language runtime (CLR) required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
-    # ClrVersion = ''
+# Minimum version of the common language runtime (CLR) required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
+# ClrVersion = ''
 
-    # Processor architecture (None, X86, Amd64) required by this module
-    # ProcessorArchitecture = ''
+# Processor architecture (None, X86, Amd64) required by this module
+# ProcessorArchitecture = ''
 
-    # Modules that must be imported into the global environment prior to importing this module
-    RequiredModules   = @('JumpCloud')
+# Modules that must be imported into the global environment prior to importing this module
+RequiredModules = @('JumpCloud')
 
-    # Assemblies that must be loaded prior to importing this module
-    # RequiredAssemblies = @()
+# Assemblies that must be loaded prior to importing this module
+# RequiredAssemblies = @()
 
-    # Script files (.ps1) that are run in the caller's environment prior to importing this module.
-    # ScriptsToProcess = @()
+# Script files (.ps1) that are run in the caller's environment prior to importing this module.
+# ScriptsToProcess = @()
 
-    # Type files (.ps1xml) to be loaded when importing this module
-    # TypesToProcess = @()
+# Type files (.ps1xml) to be loaded when importing this module
+# TypesToProcess = @()
 
-    # Format files (.ps1xml) to be loaded when importing this module
-    # FormatsToProcess = @()
+# Format files (.ps1xml) to be loaded when importing this module
+# FormatsToProcess = @()
 
-    # Modules to import as nested modules of the module specified in RootModule/ModuleToProcess
-    # NestedModules = @()
+# Modules to import as nested modules of the module specified in RootModule/ModuleToProcess
+# NestedModules = @()
 
-    # Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export.
-    FunctionsToExport = 'Get-JCRCertReport', 'Get-JCRGlobalVars', 'Start-DeployUserCerts',
-    'Start-GenerateRootCert', 'Start-GenerateUserCerts',
-    'Start-MonitorCertDeployment', 'Start-RadiusDeployment',
-    'Set-JCRConfig', 'Update-JCRModule'
+# Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export.
+FunctionsToExport = 'Get-JCRCertReport', 'Get-JCRGlobalVars', 'Start-DeployUserCerts', 
+               'Start-GenerateRootCert', 'Start-GenerateUserCerts', 
+               'Start-MonitorCertDeployment', 'Start-RadiusDeployment', 
+               'Set-JCRConfig', 'Update-JCRModule'
 
-    # Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export.
-    CmdletsToExport   = @()
+# Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export.
+CmdletsToExport = @()
 
-    # Variables to export from this module
-    VariablesToExport = '*'
+# Variables to export from this module
+VariablesToExport = '*'
 
-    # Aliases to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no aliases to export.
-    AliasesToExport   = @()
+# Aliases to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no aliases to export.
+AliasesToExport = @()
 
-    # DSC resources to export from this module
-    # DscResourcesToExport = @()
+# DSC resources to export from this module
+# DscResourcesToExport = @()
 
-    # List of all modules packaged with this module
-    # ModuleList = @()
+# List of all modules packaged with this module
+# ModuleList = @()
 
-    # List of all files packaged with this module
-    # FileList = @()
+# List of all files packaged with this module
+# FileList = @()
 
-    # Private data to pass to the module specified in RootModule/ModuleToProcess. This may also contain a PSData hashtable with additional module metadata used by PowerShell.
-    PrivateData       = @{
+# Private data to pass to the module specified in RootModule/ModuleToProcess. This may also contain a PSData hashtable with additional module metadata used by PowerShell.
+PrivateData = @{
 
-        PSData = @{
+    PSData = @{
 
-            # Tags applied to this module. These help with module discovery in online galleries.
-            # Tags = @()
+        # Tags applied to this module. These help with module discovery in online galleries.
+        # Tags = @()
 
-            # A URL to the license for this module.
-            # LicenseUri = ''
+        # A URL to the license for this module.
+        # LicenseUri = ''
 
-            # A URL to the main website for this project.
-            # ProjectUri = ''
+        # A URL to the main website for this project.
+        # ProjectUri = ''
 
-            # A URL to an icon representing this module.
-            # IconUri = ''
+        # A URL to an icon representing this module.
+        # IconUri = ''
 
-            # ReleaseNotes of this module
-            # ReleaseNotes = ''
+        # ReleaseNotes of this module
+        # ReleaseNotes = ''
 
-            # Prerelease string of this module
-            # Prerelease = ''
+        # Prerelease string of this module
+        # Prerelease = ''
 
-            # Flag to indicate whether the module requires explicit user acceptance for install/update/save
-            # RequireLicenseAcceptance = $false
+        # Flag to indicate whether the module requires explicit user acceptance for install/update/save
+        # RequireLicenseAcceptance = $false
 
-            # External dependent modules of this module
-            # ExternalModuleDependencies = @()
+        # External dependent modules of this module
+        # ExternalModuleDependencies = @()
 
-        } # End of PSData hashtable
+    } # End of PSData hashtable
 
-    } # End of PrivateData hashtable
+} # End of PrivateData hashtable
 
-    # HelpInfo URI of this module
-    # HelpInfoURI = ''
+# HelpInfo URI of this module
+# HelpInfoURI = ''
 
-    # Default prefix for commands exported from this module. Override the default prefix using Import-Module -Prefix.
-    # DefaultCommandPrefix = ''
+# Default prefix for commands exported from this module. Override the default prefix using Import-Module -Prefix.
+# DefaultCommandPrefix = ''
 
 }
 
diff --git a/scripts/automation/Radius/docs/Get-JCRCertReport.md b/scripts/automation/Radius/docs/Get-JCRCertReport.md
index 2962f1446..1f267dc1c 100644
--- a/scripts/automation/Radius/docs/Get-JCRCertReport.md
+++ b/scripts/automation/Radius/docs/Get-JCRCertReport.md
@@ -52,17 +52,14 @@ Accept wildcard characters: False
 ```
 
 ### CommonParameters
-
 This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).
 
 ## INPUTS
 
 ### None
-
 ## OUTPUTS
 
 ### System.Object
-
 ## NOTES
 
-## RELATED LINKS
+## RELATED LINKS
diff --git a/scripts/automation/Radius/docs/Get-JCRGlobalVars.md b/scripts/automation/Radius/docs/Get-JCRGlobalVars.md
index 3d4533526..e26102363 100644
--- a/scripts/automation/Radius/docs/Get-JCRGlobalVars.md
+++ b/scripts/automation/Radius/docs/Get-JCRGlobalVars.md
@@ -99,17 +99,14 @@ Accept wildcard characters: False
 ```
 
 ### CommonParameters
-
 This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).
 
 ## INPUTS
 
 ### None
-
 ## OUTPUTS
 
 ### System.Object
-
 ## NOTES
 
-## RELATED LINKS
+## RELATED LINKS
diff --git a/scripts/automation/Radius/docs/JumpCloud.Radius.md b/scripts/automation/Radius/docs/JumpCloud.Radius.md
index ae5c4f3c0..e8df21626 100644
--- a/scripts/automation/Radius/docs/JumpCloud.Radius.md
+++ b/scripts/automation/Radius/docs/JumpCloud.Radius.md
@@ -2,7 +2,7 @@
 Module Name: JumpCloud.Radius
 Module Guid: 71bfaf58-3326-4512-9a7f-a2d9dc19d6b5
 Download Help Link:  
-Help Version: 2.0.0
+Help Version: 2.1.0
 Locale: en-Us
 ---
 
@@ -12,33 +12,30 @@ Module for managing JumpCloud Radius user certificates.
 
 ## JumpCloud.Radius Cmdlets
 ### [Get-JCRCertReport](Get-JCRCertReport.md)
-{{ Fill in the Synopsis }}
+This cmdlet generates a report of RADIUS certificates for JumpCloud devices and their associated users.
 
 ### [Get-JCRGlobalVars](Get-JCRGlobalVars.md)
-{{ Fill in the Synopsis }}
+This function retrieves and updates global variables related to JumpCloud Radius deployment, including user associations and system caches.
 
 ### [Set-JCRConfig](Set-JCRConfig.md)
-{{ Fill in the Synopsis }}
-
-### [Set-JCRConfig](Set-JCRConfig.md)
-{{ Fill in the Synopsis }}
+This function sets the configuration for the JumpCloud Radius module, allowing you to specify various parameters such as certificate subject headers, network SSID, last update timestamp, certificate secret password, OpenSSL binary path, user certificate validity days, radius directory, CA certificate validity days, user group, certificate expiration warning days, and certificate type.
 
 ### [Start-DeployUserCerts](Start-DeployUserCerts.md)
-{{ Fill in the Synopsis }}
+This function initiates the deployment of user certificates for JumpCloud Managed Users.
 
 ### [Start-GenerateRootCert](Start-GenerateRootCert.md)
-{{ Fill in the Synopsis }}
+This function generates a root certificate for the JumpCloud Radius module, allowing you to create or replace the root certificate as needed.
 
 ### [Start-GenerateUserCerts](Start-GenerateUserCerts.md)
-{{ Fill in the Synopsis }}
+This function generates user certificates for JumpCloud Managed Users, allowing you to specify the type of certificate generation and whether to replace existing certificates.
 
 ### [Start-MonitorCertDeployment](Start-MonitorCertDeployment.md)
-{{ Fill in the Synopsis }}
+This function monitors the deployment of certificates for JumpCloud Managed Users, ensuring that the deployment process is tracked and any issues are logged.
 
 ### [Start-RadiusDeployment](Start-RadiusDeployment.md)
-{{ Fill in the Synopsis }}
+This function is the root menu for the GUI portion of the JumpCloud Radius module. It provides a user interface for managing Radius deployments, including generating root certificates, user certificates, and monitoring deployments.
 
 ### [Update-JCRModule](Update-JCRModule.md)
-{{ Fill in the Synopsis }}
+This function updates the JumpCloud Radius module, ensuring that the latest configurations and settings are applied.
 
 
diff --git a/scripts/automation/Radius/docs/Set-JCRConfig.md b/scripts/automation/Radius/docs/Set-JCRConfig.md
index 070120a2f..c871292d1 100644
--- a/scripts/automation/Radius/docs/Set-JCRConfig.md
+++ b/scripts/automation/Radius/docs/Set-JCRConfig.md
@@ -14,10 +14,10 @@ This function sets the configuration for the JumpCloud Radius module, allowing y
 ## SYNTAX
 
 ```
-Set-JCRConfig [-certSubjectHeader <Hashtable>] [-networkSSID <String>]
- [-lastUpdate <String>] [-certSecretPass <String>] [-openSSLBinary <String>] [-userCertValidityDays <Int32>]
- [-radiusDirectory <String>] [-caCertValidityDays <Int32>] [-userGroup <String>]
- [-certExpirationWarningDays <Int32>] [-certType <String>] [<CommonParameters>]
+Set-JCRConfig [-caCertValidityDays <Int32>]
+ [-certSubjectHeader <Hashtable>] [-openSSLBinary <String>] [-lastUpdate <String>] [-networkSSID <String>]
+ [-radiusDirectory <String>] [-certExpirationWarningDays <Int32>] [-userCertValidityDays <Int32>]
+ [-userGroup <String>] [-certType <String>] [-certSecretPass <String>] [<CommonParameters>]
 ```
 
 ## DESCRIPTION
@@ -230,17 +230,14 @@ Accept wildcard characters: False
 ```
 
 ### CommonParameters
-
 This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).
 
 ## INPUTS
 
 ### None
-
 ## OUTPUTS
 
 ### System.Object
-
 ## NOTES
 
-## RELATED LINKS
+## RELATED LINKS
diff --git a/scripts/automation/Radius/docs/Start-DeployUserCerts.md b/scripts/automation/Radius/docs/Start-DeployUserCerts.md
index 49a379420..ffe5a51e7 100644
--- a/scripts/automation/Radius/docs/Start-DeployUserCerts.md
+++ b/scripts/automation/Radius/docs/Start-DeployUserCerts.md
@@ -14,13 +14,11 @@ This function initiates the deployment of user certificates for JumpCloud Manage
 ## SYNTAX
 
 ### gui (Default)
-
 ```
 Start-DeployUserCerts [<CommonParameters>]
 ```
 
 ### cli
-
 ```
 Start-DeployUserCerts -type <String> [-username <String>] [-forceInvokeCommands] [-forceGenerateCommands]
  [<CommonParameters>]
@@ -108,17 +106,14 @@ Accept wildcard characters: False
 ```
 
 ### CommonParameters
-
 This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).
 
 ## INPUTS
 
 ### None
-
 ## OUTPUTS
 
 ### System.Object
-
 ## NOTES
 
-## RELATED LINKS
+## RELATED LINKS
diff --git a/scripts/automation/Radius/docs/Start-GenerateRootCert.md b/scripts/automation/Radius/docs/Start-GenerateRootCert.md
index b8b5c7aa3..c39c1f14a 100644
--- a/scripts/automation/Radius/docs/Start-GenerateRootCert.md
+++ b/scripts/automation/Radius/docs/Start-GenerateRootCert.md
@@ -14,13 +14,11 @@ This function generates a root certificate for the JumpCloud Radius module, allo
 ## SYNTAX
 
 ### gui (Default)
-
 ```
 Start-GenerateRootCert [<CommonParameters>]
 ```
 
 ### cli
-
 ```
 Start-GenerateRootCert [-certKeyPassword <String>] [-generateType <String>] [-force]
  [<CommonParameters>]
@@ -40,12 +38,6 @@ Start-GenerateRootCert -generateType "New" -certKeyPassword "your_password" -for
 
 This command generates a new root certificate for the JumpCloud Radius module, using the specified key password and forcing replacement of any existing certificates.
 
-```powershell
-PS C:\> {{ Add example code here }}
-```
-
-{{ Add example description here }}
-
 ## PARAMETERS
 
 ### -certKeyPassword
@@ -98,17 +90,14 @@ Accept wildcard characters: False
 ```
 
 ### CommonParameters
-
 This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).
 
 ## INPUTS
 
 ### None
-
 ## OUTPUTS
 
 ### System.Object
-
 ## NOTES
 
-## RELATED LINKS
+## RELATED LINKS
diff --git a/scripts/automation/Radius/docs/Start-GenerateUserCerts.md b/scripts/automation/Radius/docs/Start-GenerateUserCerts.md
index b2643ff92..1ac85fb77 100644
--- a/scripts/automation/Radius/docs/Start-GenerateUserCerts.md
+++ b/scripts/automation/Radius/docs/Start-GenerateUserCerts.md
@@ -14,13 +14,11 @@ This function generates user certificates for JumpCloud Managed Users, allowing
 ## SYNTAX
 
 ### gui (Default)
-
 ```
 Start-GenerateUserCerts [<CommonParameters>]
 ```
 
 ### cli
-
 ```
 Start-GenerateUserCerts -type <String> [-username <String>] [-forceReplaceCerts]
  [<CommonParameters>]
@@ -95,17 +93,14 @@ Accept wildcard characters: False
 ```
 
 ### CommonParameters
-
 This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).
 
 ## INPUTS
 
 ### None
-
 ## OUTPUTS
 
 ### System.Object
-
 ## NOTES
 
-## RELATED LINKS
+## RELATED LINKS
diff --git a/scripts/automation/Radius/docs/Start-MonitorCertDeployment.md b/scripts/automation/Radius/docs/Start-MonitorCertDeployment.md
index da8d03740..390ddceeb 100644
--- a/scripts/automation/Radius/docs/Start-MonitorCertDeployment.md
+++ b/scripts/automation/Radius/docs/Start-MonitorCertDeployment.md
@@ -34,17 +34,14 @@ This command starts monitoring the certificate deployment process for JumpCloud
 ## PARAMETERS
 
 ### CommonParameters
-
 This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).
 
 ## INPUTS
 
 ### None
-
 ## OUTPUTS
 
 ### System.Object
-
 ## NOTES
 
 ## RELATED LINKS
diff --git a/scripts/automation/Radius/docs/Start-RadiusDeployment.md b/scripts/automation/Radius/docs/Start-RadiusDeployment.md
index d35fe4903..1adc60942 100644
--- a/scripts/automation/Radius/docs/Start-RadiusDeployment.md
+++ b/scripts/automation/Radius/docs/Start-RadiusDeployment.md
@@ -34,17 +34,14 @@ This command starts the GUI for managing Radius deployments, allowing users to g
 ## PARAMETERS
 
 ### CommonParameters
-
 This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).
 
 ## INPUTS
 
 ### None
-
 ## OUTPUTS
 
 ### System.Object
-
 ## NOTES
 
 ## RELATED LINKS
diff --git a/scripts/automation/Radius/docs/Update-JCRModule.md b/scripts/automation/Radius/docs/Update-JCRModule.md
index e2e440589..347cd3ab0 100644
--- a/scripts/automation/Radius/docs/Update-JCRModule.md
+++ b/scripts/automation/Radius/docs/Update-JCRModule.md
@@ -66,17 +66,14 @@ Accept wildcard characters: False
 ```
 
 ### CommonParameters
-
 This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see [about_CommonParameters](http://go.microsoft.com/fwlink/?LinkID=113216).
 
 ## INPUTS
 
 ### None
-
 ## OUTPUTS
 
 ### System.Object
-
 ## NOTES
 
-## RELATED LINKS
+## RELATED LINKS
diff --git a/scripts/automation/Radius/en-Us/JumpCloud.Radius-help.xml b/scripts/automation/Radius/en-Us/JumpCloud.Radius-help.xml
index a6395ccba..7184359b0 100644
--- a/scripts/automation/Radius/en-Us/JumpCloud.Radius-help.xml
+++ b/scripts/automation/Radius/en-Us/JumpCloud.Radius-help.xml
@@ -6,11 +6,12 @@
       <command:verb>Get</command:verb>
       <command:noun>JCRCertReport</command:noun>
       <maml:description>
-        <maml:para>{{ Fill in the Synopsis }}</maml:para>
+        <maml:para>This cmdlet generates a report of RADIUS certificates for JumpCloud devices and their associated users.</maml:para>
       </maml:description>
     </command:details>
     <maml:description>
-      <maml:para>{{ Fill in the Description }}</maml:para>
+      <maml:para>This cmdlet generates a report of RADIUS certificates for JumpCloud devices and their associated users.</maml:para>
+      <maml:para>The report includes details such as certificate installation status, and user associations.</maml:para>
     </maml:description>
     <command:syntax>
       <command:syntaxItem>
@@ -18,7 +19,7 @@
         <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="none">
           <maml:name>ExportFilePath</maml:name>
           <maml:description>
-            <maml:para>{{ Fill ExportFilePath Description }}</maml:para>
+            <maml:para>Specifies the file path where the report will be exported.</maml:para>
           </maml:description>
           <command:parameterValue required="true" variableLength="false">System.IO.FileInfo</command:parameterValue>
           <dev:type>
@@ -34,7 +35,7 @@
       <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="False" position="0" aliases="none">
         <maml:name>ExportFilePath</maml:name>
         <maml:description>
-          <maml:para>{{ Fill ExportFilePath Description }}</maml:para>
+          <maml:para>Specifies the file path where the report will be exported.</maml:para>
         </maml:description>
         <command:parameterValue required="true" variableLength="false">System.IO.FileInfo</command:parameterValue>
         <dev:type>
@@ -73,9 +74,9 @@
     <command:examples>
       <command:example>
         <maml:title>-------------------------- Example 1 --------------------------</maml:title>
-        <dev:code>PS C:\&gt; {{ Add example code here }}</dev:code>
+        <dev:code>Get-JCRCertReport -ExportFilePath "C:\Reports\RadiusCertReport.csv"</dev:code>
         <dev:remarks>
-          <maml:para>{{ Add example description here }}</maml:para>
+          <maml:para>This command generates a report of RADIUS certificates and exports it to a CSV file at the specified path.</maml:para>
         </dev:remarks>
       </command:example>
     </command:examples>
@@ -92,11 +93,11 @@
       <command:verb>Get</command:verb>
       <command:noun>JCRGlobalVars</command:noun>
       <maml:description>
-        <maml:para>{{ Fill in the Synopsis }}</maml:para>
+        <maml:para>This function retrieves and updates global variables related to JumpCloud Radius deployment, including user associations and system caches.</maml:para>
       </maml:description>
     </command:details>
     <maml:description>
-      <maml:para>{{ Fill in the Description }}</maml:para>
+      <maml:para>This function retrieves and updates global variables related to JumpCloud Radius deployment, including user associations and system caches.</maml:para>
     </maml:description>
     <command:syntax>
       <command:syntaxItem>
@@ -228,9 +229,9 @@
     <command:examples>
       <command:example>
         <maml:title>-------------------------- Example 1 --------------------------</maml:title>
-        <dev:code>PS C:\&gt; {{ Add example code here }}</dev:code>
+        <dev:code>Get-JCRGlobalVars -force</dev:code>
         <dev:remarks>
-          <maml:para>{{ Add example description here }}</maml:para>
+          <maml:para>This command forces an update of all cached users, systems, associations, and RADIUS group members.</maml:para>
         </dev:remarks>
       </command:example>
     </command:examples>
@@ -247,11 +248,11 @@
       <command:verb>Set</command:verb>
       <command:noun>JCRConfig</command:noun>
       <maml:description>
-        <maml:para>{{ Fill in the Synopsis }}</maml:para>
+        <maml:para>This function sets the configuration for the JumpCloud Radius module, allowing you to specify various parameters such as certificate subject headers, network SSID, last update timestamp, certificate secret password, OpenSSL binary path, user certificate validity days, radius directory, CA certificate validity days, user group, certificate expiration warning days, and certificate type.</maml:para>
       </maml:description>
     </command:details>
     <maml:description>
-      <maml:para>{{ Fill in the Description }}</maml:para>
+      <maml:para>This function sets the configuration for the JumpCloud Radius module. It allows you to specify various parameters such as certificate subject headers, network SSID, last update timestamp, certificate secret password, OpenSSL binary path, user certificate validity days, radius directory, CA certificate validity days, user group, certificate expiration warning days, and certificate type.</maml:para>
     </maml:description>
     <command:syntax>
       <command:syntaxItem>
@@ -554,335 +555,26 @@
     <command:examples>
       <command:example>
         <maml:title>-------------------------- Example 1 --------------------------</maml:title>
-        <dev:code>PS C:\&gt; {{ Add example code here }}</dev:code>
-        <dev:remarks>
-          <maml:para>{{ Add example description here }}</maml:para>
-        </dev:remarks>
-      </command:example>
-    </command:examples>
-    <command:relatedLinks>
-      <maml:navigationLink>
-        <maml:linkText>Online Version:</maml:linkText>
-        <maml:uri>/</maml:uri>
-      </maml:navigationLink>
-    </command:relatedLinks>
-  </command:command>
-  <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp">
-    <command:details>
-      <command:name>Set-JCRConfig</command:name>
-      <command:verb>Set</command:verb>
-      <command:noun>JCRConfig</command:noun>
-      <maml:description>
-        <maml:para>{{ Fill in the Synopsis }}</maml:para>
-      </maml:description>
-    </command:details>
-    <maml:description>
-      <maml:para>{{ Fill in the Description }}</maml:para>
-    </maml:description>
-    <command:syntax>
-      <command:syntaxItem>
-        <maml:name>Set-JCRConfig</maml:name>
-        <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
-          <maml:name>caCertValidityDays</maml:name>
-          <maml:description>
-            <maml:para>sets the caCertValidityDays config for the module</maml:para>
-          </maml:description>
-          <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue>
-          <dev:type>
-            <maml:name>System.Int32</maml:name>
-            <maml:uri />
-          </dev:type>
-          <dev:defaultValue>None</dev:defaultValue>
-        </command:parameter>
-        <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
-          <maml:name>certExpirationWarningDays</maml:name>
-          <maml:description>
-            <maml:para>sets the certExpirationWarningDays config for the module</maml:para>
-          </maml:description>
-          <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue>
-          <dev:type>
-            <maml:name>System.Int32</maml:name>
-            <maml:uri />
-          </dev:type>
-          <dev:defaultValue>None</dev:defaultValue>
-        </command:parameter>
-        <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
-          <maml:name>certSecretPass</maml:name>
-          <maml:description>
-            <maml:para>sets the certSecretPass config for the module</maml:para>
-          </maml:description>
-          <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
-          <dev:type>
-            <maml:name>System.String</maml:name>
-            <maml:uri />
-          </dev:type>
-          <dev:defaultValue>None</dev:defaultValue>
-        </command:parameter>
-        <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
-          <maml:name>certSubjectHeader</maml:name>
-          <maml:description>
-            <maml:para>sets the certSubjectHeader config for the module</maml:para>
-          </maml:description>
-          <command:parameterValue required="true" variableLength="false">System.Collections.Hashtable</command:parameterValue>
-          <dev:type>
-            <maml:name>System.Collections.Hashtable</maml:name>
-            <maml:uri />
-          </dev:type>
-          <dev:defaultValue>None</dev:defaultValue>
-        </command:parameter>
-        <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
-          <maml:name>certType</maml:name>
-          <maml:description>
-            <maml:para>sets the certType config for the module</maml:para>
-          </maml:description>
-          <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
-          <dev:type>
-            <maml:name>System.String</maml:name>
-            <maml:uri />
-          </dev:type>
-          <dev:defaultValue>None</dev:defaultValue>
-        </command:parameter>
-        <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
-          <maml:name>lastUpdate</maml:name>
-          <maml:description>
-            <maml:para>sets the lastUpdate config for the module</maml:para>
-          </maml:description>
-          <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
-          <dev:type>
-            <maml:name>System.String</maml:name>
-            <maml:uri />
-          </dev:type>
-          <dev:defaultValue>None</dev:defaultValue>
-        </command:parameter>
-        <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
-          <maml:name>networkSSID</maml:name>
-          <maml:description>
-            <maml:para>sets the networkSSID config for the module</maml:para>
-          </maml:description>
-          <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
-          <dev:type>
-            <maml:name>System.String</maml:name>
-            <maml:uri />
-          </dev:type>
-          <dev:defaultValue>None</dev:defaultValue>
-        </command:parameter>
-        <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
-          <maml:name>openSSLBinary</maml:name>
-          <maml:description>
-            <maml:para>sets the openSSLBinary config for the module</maml:para>
-          </maml:description>
-          <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
-          <dev:type>
-            <maml:name>System.String</maml:name>
-            <maml:uri />
-          </dev:type>
-          <dev:defaultValue>None</dev:defaultValue>
-        </command:parameter>
+        <dev:code>$settings = @{
+    radiusDirectory                   = "/Users/username/RADIUS"
+    certType                          = "UsernameCn"
+    certSubjectHeader @{
+        CountryCode      = "Your_Country_Code"
+        StateCode        = "Your_State_Code"
+        Locality         = "Your_City"
+        Organization     = "Your_Organization_Name"
+        OrganizationUnit = "Your_Organization_Unit"
+        CommonName       = "Your_Common_Name"
+    }
+    certSecretPass                    = "secret1234!"
+    networkSSID                       = "Your_SSID"
+    userGroup                         = "5f3171a9232e1113939dd6a2"
+    openSSLBinary                     = '/opt/homebrew/bin/openssl'
+}
 
-        <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
-          <maml:name>radiusDirectory</maml:name>
-          <maml:description>
-            <maml:para>sets the radiusDirectory config for the module</maml:para>
-          </maml:description>
-          <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
-          <dev:type>
-            <maml:name>System.String</maml:name>
-            <maml:uri />
-          </dev:type>
-          <dev:defaultValue>None</dev:defaultValue>
-        </command:parameter>
-        <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
-          <maml:name>userCertValidityDays</maml:name>
-          <maml:description>
-            <maml:para>sets the userCertValidityDays config for the module</maml:para>
-          </maml:description>
-          <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue>
-          <dev:type>
-            <maml:name>System.Int32</maml:name>
-            <maml:uri />
-          </dev:type>
-          <dev:defaultValue>None</dev:defaultValue>
-        </command:parameter>
-        <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
-          <maml:name>userGroup</maml:name>
-          <maml:description>
-            <maml:para>sets the userGroup config for the module</maml:para>
-          </maml:description>
-          <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
-          <dev:type>
-            <maml:name>System.String</maml:name>
-            <maml:uri />
-          </dev:type>
-          <dev:defaultValue>None</dev:defaultValue>
-        </command:parameter>
-      </command:syntaxItem>
-    </command:syntax>
-    <command:parameters>
-      <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
-        <maml:name>caCertValidityDays</maml:name>
-        <maml:description>
-          <maml:para>sets the caCertValidityDays config for the module</maml:para>
-        </maml:description>
-        <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue>
-        <dev:type>
-          <maml:name>System.Int32</maml:name>
-          <maml:uri />
-        </dev:type>
-        <dev:defaultValue>None</dev:defaultValue>
-      </command:parameter>
-      <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
-        <maml:name>certExpirationWarningDays</maml:name>
-        <maml:description>
-          <maml:para>sets the certExpirationWarningDays config for the module</maml:para>
-        </maml:description>
-        <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue>
-        <dev:type>
-          <maml:name>System.Int32</maml:name>
-          <maml:uri />
-        </dev:type>
-        <dev:defaultValue>None</dev:defaultValue>
-      </command:parameter>
-      <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
-        <maml:name>certSecretPass</maml:name>
-        <maml:description>
-          <maml:para>sets the certSecretPass config for the module</maml:para>
-        </maml:description>
-        <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
-        <dev:type>
-          <maml:name>System.String</maml:name>
-          <maml:uri />
-        </dev:type>
-        <dev:defaultValue>None</dev:defaultValue>
-      </command:parameter>
-      <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
-        <maml:name>certSubjectHeader</maml:name>
-        <maml:description>
-          <maml:para>sets the certSubjectHeader config for the module</maml:para>
-        </maml:description>
-        <command:parameterValue required="true" variableLength="false">System.Collections.Hashtable</command:parameterValue>
-        <dev:type>
-          <maml:name>System.Collections.Hashtable</maml:name>
-          <maml:uri />
-        </dev:type>
-        <dev:defaultValue>None</dev:defaultValue>
-      </command:parameter>
-      <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
-        <maml:name>certType</maml:name>
-        <maml:description>
-          <maml:para>sets the certType config for the module</maml:para>
-        </maml:description>
-        <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
-        <dev:type>
-          <maml:name>System.String</maml:name>
-          <maml:uri />
-        </dev:type>
-        <dev:defaultValue>None</dev:defaultValue>
-      </command:parameter>
-      <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
-        <maml:name>lastUpdate</maml:name>
-        <maml:description>
-          <maml:para>sets the lastUpdate config for the module</maml:para>
-        </maml:description>
-        <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
-        <dev:type>
-          <maml:name>System.String</maml:name>
-          <maml:uri />
-        </dev:type>
-        <dev:defaultValue>None</dev:defaultValue>
-      </command:parameter>
-      <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
-        <maml:name>networkSSID</maml:name>
-        <maml:description>
-          <maml:para>sets the networkSSID config for the module</maml:para>
-        </maml:description>
-        <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
-        <dev:type>
-          <maml:name>System.String</maml:name>
-          <maml:uri />
-        </dev:type>
-        <dev:defaultValue>None</dev:defaultValue>
-      </command:parameter>
-      <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
-        <maml:name>openSSLBinary</maml:name>
-        <maml:description>
-          <maml:para>sets the openSSLBinary config for the module</maml:para>
-        </maml:description>
-        <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
-        <dev:type>
-          <maml:name>System.String</maml:name>
-          <maml:uri />
-        </dev:type>
-        <dev:defaultValue>None</dev:defaultValue>
-      </command:parameter>
-
-      <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
-        <maml:name>radiusDirectory</maml:name>
-        <maml:description>
-          <maml:para>sets the radiusDirectory config for the module</maml:para>
-        </maml:description>
-        <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
-        <dev:type>
-          <maml:name>System.String</maml:name>
-          <maml:uri />
-        </dev:type>
-        <dev:defaultValue>None</dev:defaultValue>
-      </command:parameter>
-      <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
-        <maml:name>userCertValidityDays</maml:name>
-        <maml:description>
-          <maml:para>sets the userCertValidityDays config for the module</maml:para>
-        </maml:description>
-        <command:parameterValue required="true" variableLength="false">System.Int32</command:parameterValue>
-        <dev:type>
-          <maml:name>System.Int32</maml:name>
-          <maml:uri />
-        </dev:type>
-        <dev:defaultValue>None</dev:defaultValue>
-      </command:parameter>
-      <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
-        <maml:name>userGroup</maml:name>
-        <maml:description>
-          <maml:para>sets the userGroup config for the module</maml:para>
-        </maml:description>
-        <command:parameterValue required="true" variableLength="false">System.String</command:parameterValue>
-        <dev:type>
-          <maml:name>System.String</maml:name>
-          <maml:uri />
-        </dev:type>
-        <dev:defaultValue>None</dev:defaultValue>
-      </command:parameter>
-    </command:parameters>
-    <command:inputTypes>
-      <command:inputType>
-        <dev:type>
-          <maml:name>None</maml:name>
-        </dev:type>
-        <maml:description>
-          <maml:para></maml:para>
-        </maml:description>
-      </command:inputType>
-    </command:inputTypes>
-    <command:returnValues>
-      <command:returnValue>
-        <dev:type>
-          <maml:name>System.Object</maml:name>
-        </dev:type>
-        <maml:description>
-          <maml:para></maml:para>
-        </maml:description>
-      </command:returnValue>
-    </command:returnValues>
-    <maml:alertSet>
-      <maml:alert>
-        <maml:para></maml:para>
-      </maml:alert>
-    </maml:alertSet>
-    <command:examples>
-      <command:example>
-        <maml:title>-------------------------- Example 1 --------------------------</maml:title>
-        <dev:code>PS C:\&gt; {{ Add example code here }}</dev:code>
+Set-JCRConfig @settings</dev:code>
         <dev:remarks>
-          <maml:para>{{ Add example description here }}</maml:para>
+          <maml:para>This command sets the required configuration for the JumpCloud Radius module using the specified settings.</maml:para>
         </dev:remarks>
       </command:example>
     </command:examples>
@@ -899,11 +591,11 @@
       <command:verb>Start</command:verb>
       <command:noun>DeployUserCerts</command:noun>
       <maml:description>
-        <maml:para>{{ Fill in the Synopsis }}</maml:para>
+        <maml:para>This function initiates the deployment of user certificates for JumpCloud Managed Users.</maml:para>
       </maml:description>
     </command:details>
     <maml:description>
-      <maml:para>{{ Fill in the Description }}</maml:para>
+      <maml:para>Typically called using a CLI method in scripts this function initiates the deployment of user certificates for JumpCloud Managed Users. It can be used to generate new commands or invoke existing ones based on the specified parameters.</maml:para>
     </maml:description>
     <command:syntax>
       <command:syntaxItem>
@@ -1041,9 +733,9 @@
     <command:examples>
       <command:example>
         <maml:title>-------------------------- Example 1 --------------------------</maml:title>
-        <dev:code>PS C:\&gt; {{ Add example code here }}</dev:code>
+        <dev:code>Start-DeployUserCerts -type "New" -forceInvokeCommands</dev:code>
         <dev:remarks>
-          <maml:para>{{ Add example description here }}</maml:para>
+          <maml:para>This command initiates the deployment of new user certificates and forces the invocation of generated commands on the systems.</maml:para>
         </dev:remarks>
       </command:example>
     </command:examples>
@@ -1060,11 +752,11 @@
       <command:verb>Start</command:verb>
       <command:noun>GenerateRootCert</command:noun>
       <maml:description>
-        <maml:para>{{ Fill in the Synopsis }}</maml:para>
+        <maml:para>This function generates a root certificate for the JumpCloud Radius module, allowing you to create or replace the root certificate as needed.</maml:para>
       </maml:description>
     </command:details>
     <maml:description>
-      <maml:para>{{ Fill in the Description }}</maml:para>
+      <maml:para>This function generates a root certificate for the JumpCloud Radius module. It allows you to specify whether to create a new certificate, replace an existing one, or renew the current certificate. The function can also handle the root certificate key password and force replacement of existing certificates if specified.</maml:para>
     </maml:description>
     <command:syntax>
       <command:syntaxItem>
@@ -1179,9 +871,9 @@
     <command:examples>
       <command:example>
         <maml:title>-------------------------- Example 1 --------------------------</maml:title>
-        <dev:code>PS C:\&gt; {{ Add example code here }}</dev:code>
+        <dev:code>Start-GenerateRootCert -generateType "New" -certKeyPassword "your_password" -force</dev:code>
         <dev:remarks>
-          <maml:para>{{ Add example description here }}</maml:para>
+          <maml:para>This command generates a new root certificate for the JumpCloud Radius module, using the specified key password and forcing replacement of any existing certificates.</maml:para>
         </dev:remarks>
       </command:example>
     </command:examples>
@@ -1198,11 +890,11 @@
       <command:verb>Start</command:verb>
       <command:noun>GenerateUserCerts</command:noun>
       <maml:description>
-        <maml:para>{{ Fill in the Synopsis }}</maml:para>
+        <maml:para>This function generates user certificates for JumpCloud Managed Users, allowing you to specify the type of certificate generation and whether to replace existing certificates.</maml:para>
       </maml:description>
     </command:details>
     <maml:description>
-      <maml:para>{{ Fill in the Description }}</maml:para>
+      <maml:para>This function generates user certificates for JumpCloud Managed Users. It allows you to specify the type of certificate generation, such as generating certificates for all users, new users, by username, or for users with expiring certificates. The function can also replace existing certificates if specified.</maml:para>
     </maml:description>
     <command:syntax>
       <command:syntaxItem>
@@ -1318,9 +1010,9 @@
     <command:examples>
       <command:example>
         <maml:title>-------------------------- Example 1 --------------------------</maml:title>
-        <dev:code>PS C:\&gt; {{ Add example code here }}</dev:code>
+        <dev:code>Start-GenerateUserCerts -type "New"</dev:code>
         <dev:remarks>
-          <maml:para>{{ Add example description here }}</maml:para>
+          <maml:para>This command generates user certificates for users who have not yet had certificates generated.</maml:para>
         </dev:remarks>
       </command:example>
     </command:examples>
@@ -1337,11 +1029,11 @@
       <command:verb>Start</command:verb>
       <command:noun>MonitorCertDeployment</command:noun>
       <maml:description>
-        <maml:para>{{ Fill in the Synopsis }}</maml:para>
+        <maml:para>This function monitors the deployment of certificates for JumpCloud Managed Users, ensuring that the deployment process is tracked and any issues are logged.</maml:para>
       </maml:description>
     </command:details>
     <maml:description>
-      <maml:para>{{ Fill in the Description }}</maml:para>
+      <maml:para>This function monitors the deployment of certificates for JumpCloud Managed Users. It is designed to track the progress of certificate deployment.</maml:para>
     </maml:description>
     <command:syntax>
       <command:syntaxItem>
@@ -1377,9 +1069,9 @@
     <command:examples>
       <command:example>
         <maml:title>-------------------------- Example 1 --------------------------</maml:title>
-        <dev:code>PS C:\&gt; {{ Add example code here }}</dev:code>
+        <dev:code>Start-MonitorCertDeployment</dev:code>
         <dev:remarks>
-          <maml:para>{{ Add example description here }}</maml:para>
+          <maml:para>This command starts monitoring the certificate deployment process for JumpCloud Managed Users.</maml:para>
         </dev:remarks>
       </command:example>
     </command:examples>
@@ -1396,11 +1088,11 @@
       <command:verb>Start</command:verb>
       <command:noun>RadiusDeployment</command:noun>
       <maml:description>
-        <maml:para>{{ Fill in the Synopsis }}</maml:para>
+        <maml:para>This function is the root menu for the GUI portion of the JumpCloud Radius module. It provides a user interface for managing Radius deployments, including generating root certificates, user certificates, and monitoring deployments.</maml:para>
       </maml:description>
     </command:details>
     <maml:description>
-      <maml:para>{{ Fill in the Description }}</maml:para>
+      <maml:para>This function is the root menu for the GUI portion of the JumpCloud Radius module. It provides a user interface for managing Radius deployments, including generating root certificates, user certificates, and monitoring deployments. The GUI allows users to easily navigate through various options related to Radius management without needing to use command-line parameters.</maml:para>
     </maml:description>
     <command:syntax>
       <command:syntaxItem>
@@ -1436,9 +1128,9 @@
     <command:examples>
       <command:example>
         <maml:title>-------------------------- Example 1 --------------------------</maml:title>
-        <dev:code>PS C:\&gt; {{ Add example code here }}</dev:code>
+        <dev:code>Start-RadiusDeployment</dev:code>
         <dev:remarks>
-          <maml:para>{{ Add example description here }}</maml:para>
+          <maml:para>This command starts the GUI for managing Radius deployments, allowing users to generate root certificates, user certificates, and monitor deployments through a user-friendly interface.</maml:para>
         </dev:remarks>
       </command:example>
     </command:examples>
@@ -1455,11 +1147,11 @@
       <command:verb>Update</command:verb>
       <command:noun>JCRModule</command:noun>
       <maml:description>
-        <maml:para>{{ Fill in the Synopsis }}</maml:para>
+        <maml:para>This function updates the JumpCloud Radius module, ensuring that the latest configurations and settings are applied.</maml:para>
       </maml:description>
     </command:details>
     <maml:description>
-      <maml:para>{{ Fill in the Description }}</maml:para>
+      <maml:para>This function will check if there are any updates available for the JumpCloud Radius module and apply them if necessary. It can also bypass user prompts if the `-Force` parameter is specified.</maml:para>
     </maml:description>
     <command:syntax>
       <command:syntaxItem>
@@ -1545,9 +1237,9 @@
     <command:examples>
       <command:example>
         <maml:title>-------------------------- Example 1 --------------------------</maml:title>
-        <dev:code>PS C:\&gt; {{ Add example code here }}</dev:code>
+        <dev:code>Update-JCRModule -Force</dev:code>
         <dev:remarks>
-          <maml:para>{{ Add example description here }}</maml:para>
+          <maml:para>This command forces the update of the JumpCloud Radius module without any user prompts.</maml:para>
         </dev:remarks>
       </command:example>
     </command:examples>
diff --git a/scripts/automation/Radius/en-Us/about_JumpCloud.Radius.help.txt b/scripts/automation/Radius/en-Us/about_JumpCloud.Radius.help.txt
index e36d7cc0d..34d9b7fae 100644
--- a/scripts/automation/Radius/en-Us/about_JumpCloud.Radius.help.txt
+++ b/scripts/automation/Radius/en-Us/about_JumpCloud.Radius.help.txt
@@ -1,52 +1,26 @@
 TOPIC
     about_jumpcloud.radius
 
-    ABOUT TOPIC NOTE:
-    The first header of the about topic should be the topic name.
-    The second header contains the lookup name used by the help system.
-    
-    IE:
-    # Some Help Topic Name
-    ## SomeHelpTopicFileName
-    
-    This will be transformed into the text file
-    as `about_SomeHelpTopicFileName`.
-    Do not include file extensions.
-    The second header should have no spaces.
-
 SHORT DESCRIPTION
-    {{ Short Description Placeholder }}
-
-    ABOUT TOPIC NOTE:
-    About topics can be no longer than 80 characters wide when rendered to text.
-    Any topics greater than 80 characters will be automatically wrapped.
-    The generated about topic will be encoded UTF-8.
+    PowerShell module to generate and manage RADIUS certs for JumpCloud Managed
+    Users.
 
 LONG DESCRIPTION
-    {{ Long Description Placeholder }}
-
-Optional Subtopics
-    {{ Optional Subtopic Placeholder }}
+    This module provides cmdlets for generating and managing RADIUS certificates
+    for users in JumpCloud. It simplifies the process of creating, deploying,
+    and renewing certificates, ensuring secure authentication for clients
+    connecting to JumpCloud Radius-Backed networks.
 
 EXAMPLES
-    {{ Code or descriptive examples of how to leverage the functions described.
-    }}
-
-NOTE
-    {{ Note Placeholder - Additional information that a user needs to know.}}
+    # Open the GUI menu to begin the process of generating and managing RADIUS certs.
+    Start-RadiusDeployment
 
 TROUBLESHOOTING NOTE
-    {{ Troubleshooting Placeholder - Warns users of bugs}}
-    {{ Explains behavior that is likely to change with fixes }}
+    This module requires the JumpCloud Module to be installed and configured.
+    Ensure you have the necessary permissions and API keys set up in your
+    JumpCloud account.
+    Please view the reademe.md for this module for more information on how to
+    set up the environment and prerequisites.
 
 SEE ALSO
-    {{ See also placeholder }}
-    {{ You can also list related articles, blogs, and video URLs. }}
-
 KEYWORDS
-    {{List alternate names or titles for this topic that readers might use.}}
-    - {{ Keyword Placeholder }}
-    - {{ Keyword Placeholder }}
-    - {{ Keyword Placeholder }}
-    - {{ Keyword Placeholder }}
-