From b30ece5c03ba59f2639d337852af3a10a4fd4356 Mon Sep 17 00:00:00 2001
From: "Tian L." <60599517+tian-lt@users.noreply.github.com>
Date: Tue, 13 Aug 2024 09:52:35 +0800
Subject: [PATCH] eng: Remove PFXs from codebase (#2219)

* Squashed commit of the following:

commit a7d403386e3df430edf67d89ca23f81313022d2d
Author: Tian Liao <tilia@microsoft.com>
Date:   Mon Aug 12 16:58:30 2024 +0800

    remove pfx from ignore list

commit 26ffa46d9a92dcbadc9d9d471715fdec10c6f013
Author: Tian Liao <tilia@microsoft.com>
Date:   Mon Aug 12 16:58:07 2024 +0800

    Remove PFXs

* fix yaml

* fix gh action

* fix gh action
---
 .config/CredScanSuppressions.json             |  13 -------
 .github/workflows/action-ci.yml               |  25 ++++++++-----
 .gitignore                                    |   3 --
 build/pipelines/templates/run-ui-tests.yaml   |  13 ++-----
 build/pipelines/templates/run-unit-tests.yaml |  11 +++---
 build/scripts/SignTestApp.ps1                 |  33 ++++++++++++++++++
 src/Calculator/Calculator.csproj              |   4 +--
 src/Calculator/WindowsDev_TemporaryKey.pfx    | Bin 2603 -> 0 bytes
 .../CalculatorUnitTests.vcxproj               |   4 ---
 .../CalculatorUnitTests.vcxproj.filters       |   3 --
 .../WindowsDev_TemporaryKey.pfx               | Bin 2603 -> 0 bytes
 11 files changed, 59 insertions(+), 50 deletions(-)
 delete mode 100644 .config/CredScanSuppressions.json
 create mode 100644 build/scripts/SignTestApp.ps1
 delete mode 100644 src/Calculator/WindowsDev_TemporaryKey.pfx
 delete mode 100644 src/CalculatorUnitTests/WindowsDev_TemporaryKey.pfx

diff --git a/.config/CredScanSuppressions.json b/.config/CredScanSuppressions.json
deleted file mode 100644
index 07a6e7632..000000000
--- a/.config/CredScanSuppressions.json
+++ /dev/null
@@ -1,13 +0,0 @@
-{
-    "tool": "Credential Scanner",
-    "suppressions": [
-        {
-            "file": "\\src\\Calculator\\WindowsDev_TemporaryKey.pfx",
-            "_justification": "This is an untrusted, self-signed certificate which is used only during development. Its private key is not intended to be secret."
-        },
-        {
-            "file": "\\src\\CalculatorUnitTests\\WindowsDev_TemporaryKey.pfx",
-            "_justification": "This is an untrusted, self-signed certificate which is used only during development. Its private key is not intended to be secret."
-        }
-    ]
-}
diff --git a/.github/workflows/action-ci.yml b/.github/workflows/action-ci.yml
index f356e0f7f..693dc318f 100644
--- a/.github/workflows/action-ci.yml
+++ b/.github/workflows/action-ci.yml
@@ -91,6 +91,10 @@ jobs:
       with:
         name: Build-${{ matrix.platform }}
         path: ${{ github.workspace }}/output
+    - uses: actions/upload-artifact@v4
+      with:
+        name: Tools-${{ matrix.platform }}
+        path: ${{ github.workspace }}/build/scripts/SignTestApp.ps1
 
   unitTests:
     needs: [defineBuilds, build]
@@ -107,10 +111,13 @@ jobs:
       with:
         name: Build-${{ matrix.platform }}
         path: ${{ github.workspace }}/download
+    - uses: actions/download-artifact@v4
+      name: Download tools
+      with:
+        name: Tools-${{ matrix.platform }}
+        path: ${{ github.workspace }}/download/tools
     - run: |
-        ${{ env.testDir }}/Add-AppDevPackage.ps1 `
-          -CertificatePath ${{ env.testDir }}/CalculatorUnitTests.cer `
-          -Force
+        ${{ github.workspace }}/download/tools/SignTestApp.ps1 -AppToSign ${{ env.testDir }}/CalculatorUnitTests.msix
       shell: pwsh
       name: Install test certificate
     - uses: ilammy/msvc-dev-cmd@v1  # this is a workaround because microsoft/vstest-action is broken.
@@ -131,16 +138,18 @@ jobs:
       with:
         name: Build-x64
         path: ${{ github.workspace }}/download
+    - uses: actions/download-artifact@v4
+      name: Download tools
+      with:
+        name: Tools-x64
+        path: ${{ github.workspace }}/download/tools
     - run: |
         Set-DisplayResolution -Width 1920 -Height 1080 -Force
       shell: pwsh
       name: Set screen resolution
     - run: |
-        ${{ env.appDir }}/Add-AppDevPackage.ps1 `
-          -CertificatePath ${{ env.appDir }}/Calculator*.cer `
-          -Force
-        ${{ env.appDir }}/Add-AppDevPackage.ps1 `
-          -Force
+        ${{ github.workspace }}/download/tools/SignTestApp.ps1 -AppToSign '${{ env.appDir }}/Calculator_*.msixbundle'
+        ${{ env.appDir }}/Add-AppDevPackage.ps1 -Force
       shell: powershell
       name: Install app
     - run: |
diff --git a/.gitignore b/.gitignore
index ed4b08c68..4e2ed91b9 100644
--- a/.gitignore
+++ b/.gitignore
@@ -200,7 +200,6 @@ ClientBin/
 *.dbmdl
 *.dbproj.schemaview
 *.jfm
-*.pfx
 *.publishsettings
 orleans.codegen.cs
 
@@ -294,8 +293,6 @@ __pycache__/
 Generated Files/
 src/GraphControl/GraphingImplOverrides.props
 src/CalcViewModel/DataLoaders/DataLoaderConstants.h
-!src/Calculator/WindowsDev_TemporaryKey.pfx
-!src/CalculatorUnitTests/WindowsDev_TemporaryKey.pfx
 !src/x64
 !src/x86
 !src/out
diff --git a/build/pipelines/templates/run-ui-tests.yaml b/build/pipelines/templates/run-ui-tests.yaml
index 231eaef4b..1f9dfccaa 100644
--- a/build/pipelines/templates/run-ui-tests.yaml
+++ b/build/pipelines/templates/run-ui-tests.yaml
@@ -42,17 +42,10 @@ jobs:
       Calculator/AppPackages/**
       publish/**
 
-  - task: PowerShell@2
-    displayName: Install certificate
-    inputs:
-      filePath: $(Pipeline.Workspace)/$(DropName)/Calculator/AppPackages/Calculator_$(Build.BuildNumber)_Test/Add-AppDevPackage.ps1
-      arguments: -CertificatePath $(Pipeline.Workspace)/$(DropName)/Calculator/AppPackages/Calculator_$(Build.BuildNumber)_Test/Calculator_$(Build.BuildNumber)_${{ parameters.platform }}.cer -Force
-
-  - task: PowerShell@2
+  - powershell: |
+      $(Build.SourcesDirectory)/build/scripts/SignTestApp.ps1 -AppToSign '$(Pipeline.Workspace)/$(DropName)/Calculator/AppPackages/Calculator_*_Test/Calculator_*.msixbundle'
+      $(Pipeline.Workspace)/$(DropName)/Calculator/AppPackages/Calculator_*_Test/Add-AppDevPackage.ps1 -Force
     displayName: Install app
-    inputs:
-      filePath: $(Pipeline.Workspace)/$(DropName)/Calculator/AppPackages/Calculator_$(Build.BuildNumber)_Test/Add-AppDevPackage.ps1
-      arguments: -Force
 
   - task: VSTest@2
     displayName: Run CalculatorUITests
diff --git a/build/pipelines/templates/run-unit-tests.yaml b/build/pipelines/templates/run-unit-tests.yaml
index a6503f9cc..84e76ec26 100644
--- a/build/pipelines/templates/run-unit-tests.yaml
+++ b/build/pipelines/templates/run-unit-tests.yaml
@@ -13,18 +13,17 @@ jobs:
     skipComponentGovernanceDetection: true
     UnitTestsDir: $(Pipeline.Workspace)\drop-${{ parameters.platform }}\CalculatorUnitTests\AppPackages\CalculatorUnitTests_Test
   steps:
-  - checkout: none
+  - checkout: self
+    fetchDepth: 1
   
   - download: current
     displayName: Download CalculatorUnitTests
     artifact: drop-${{ parameters.platform }}
     patterns: '**/CalculatorUnitTests_Test/**'
 
-  - task: PowerShell@2
-    displayName: Install Certificate
-    inputs:
-      filePath: $(UnitTestsDir)\Add-AppDevPackage.ps1
-      arguments: -CertificatePath $(UnitTestsDir)\CalculatorUnitTests.cer -Force
+  - powershell: |
+      $(Build.SourcesDirectory)/build/scripts/SignTestApp.ps1 -AppToSign '$(UnitTestsDir)\CalculatorUnitTests.msix'
+    displayName: Sign unit tests
 
   - task: VSTest@2
     displayName: Run CalculatorUnitTests
diff --git a/build/scripts/SignTestApp.ps1 b/build/scripts/SignTestApp.ps1
new file mode 100644
index 000000000..dfb504e6f
--- /dev/null
+++ b/build/scripts/SignTestApp.ps1
@@ -0,0 +1,33 @@
+#requires -RunAsAdministrator
+param(
+    [Parameter(Position = 0, Mandatory = $true)][string]$AppToSign,
+    [string]$SignTool = "C:\Program Files (x86)\Windows Kits\10\bin\10.*\x64\signtool.exe"
+)
+
+$AppToSign = (Resolve-Path -Path $AppToSign)[-1]
+Write-Host "AppToSign: $AppToSign"
+$SignTool = (Resolve-Path -Path $SignTool)[-1]
+Write-Host "SignTool: $SignTool"
+if ((Test-Path -Path $SignTool -PathType Leaf) -ne $true) {
+    Write-Error "signtool is not found with the given argument: $SignTool" -ErrorAction Stop
+}
+
+$codeSignOid = New-Object -TypeName "System.Security.Cryptography.Oid" -ArgumentList @("1.3.6.1.5.5.7.3.3")
+$oidColl = New-Object -TypeName "System.Security.Cryptography.OidCollection"
+$oidColl.Add($codeSignOid) > $null
+$publisher = "CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
+$certReq = New-Object -TypeName "System.Security.Cryptography.X509Certificates.CertificateRequest" `
+    -ArgumentList @($publisher, ([System.Security.Cryptography.ECDsa]::Create()), "SHA256") 
+$certReq.CertificateExtensions.Add((New-Object -TypeName "System.Security.Cryptography.X509Certificates.X509EnhancedKeyUsageExtension" `
+            -ArgumentList @($oidColl, $false)))
+$now = Get-Date
+$cert = $certReq.CreateSelfSigned($now, $now.AddHours(1))
+
+$pfxFile = "$($env:TEMP)\$(New-Guid).pfx"
+[System.IO.File]::WriteAllBytes($pfxFile, $cert.Export("Pfx"))
+Write-Host "Exported PFX: $pfxFile"
+
+& $SignTool sign /fd SHA256 /a /f $pfxFile $AppToSign
+Write-Host "Certificate Thumbprint: $($cert.Thumbprint.ToLower())"
+
+Import-PfxCertificate -CertStoreLocation 'Cert:\LocalMachine\TrustedPeople' -FilePath $pfxFile > $null
diff --git a/src/Calculator/Calculator.csproj b/src/Calculator/Calculator.csproj
index 236428aa3..6c73ba688 100644
--- a/src/Calculator/Calculator.csproj
+++ b/src/Calculator/Calculator.csproj
@@ -24,8 +24,7 @@
     <FileAlignment>512</FileAlignment>
     <ProjectTypeGuids>{A5A43C5B-DE2A-4C0C-9213-0A381AF9435A};{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}</ProjectTypeGuids>
     <WindowsXamlEnableOverview>true</WindowsXamlEnableOverview>
-    <AppxPackageSigningEnabled>True</AppxPackageSigningEnabled>
-    <PackageCertificateKeyFile>WindowsDev_TemporaryKey.pfx</PackageCertificateKeyFile>
+    <AppxPackageSigningEnabled>False</AppxPackageSigningEnabled>
     <AppxSymbolPackageEnabled>False</AppxSymbolPackageEnabled>
     <AppxBundle>Always</AppxBundle>
     <GenerateProjectSpecificOutputFolder>true</GenerateProjectSpecificOutputFolder>
@@ -817,7 +816,6 @@
   </ItemGroup>
   <ItemGroup>
     <Content Include="Assets\CalculatorIcons.ttf" />
-    <None Include="WindowsDev_TemporaryKey.pfx" />
   </ItemGroup>
   <PropertyGroup Condition=" '$(VisualStudioVersion)' == '' or '$(VisualStudioVersion)' &lt; '14.0' ">
     <VisualStudioVersion>14.0</VisualStudioVersion>
diff --git a/src/Calculator/WindowsDev_TemporaryKey.pfx b/src/Calculator/WindowsDev_TemporaryKey.pfx
deleted file mode 100644
index 555456ae0b7252123c5db73f6fc002eddfe6e0ef..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 2603
zcmeHJX;4#H7Jgd-gaBf~zJmyg!b_AzTXtL^4KBzQ6+r<_lmsx+Y_bFe(IJRHv;Z}V
zY_<#%Syezp_Mo7EAd8>@1r^Xn!F^t49H*zN`ftylxu;Imz2A42Q>V`P>Y`kN5d^|0
zSLQWdW_i-4q<J||3KVc<Mi8#dV+`&?xk$u+Q3wO!B7qp}kNGaV?Dtbd0tgGZuo&gS
zqj<u1P(~TM3+_U=un5CjQ7&{%07D=IEmC*sD7`n6CZv@c9@cVon?~h+JOaw%0F*<K
zMP=}?2ZAR-9_|zpswi1V6A51ahxRjA`#5YCWf3Yb0i}pi+X4fE*{lGHHmWH>2t*}U
z#@;aYA$AZ)*O46-!VdH2Ft8KfdH7FwR98igilP+EEKzLGRTZeHr8&A9vws2qqqw-B
z{_hh6;sBTnDgY=KBtTpc1R8yuMZpomaoBojhBvIeF8;J1Z=iFb-?{1Q=WOlG^SL<@
z^@eGIsJ-o&sn3J?R?#3&5iT(9QPZ~WPN?rKgSDSd$jnSL=jhQd{OykWhP4jbrf#Sw
zc+b9D{H=oFnvl}OY2urmD&D(PeZfMBM5xw!7DHAKTPJ5zG)VLGn_e-d$7`heEfftU
z&Nb+t@QQM$<=(EYe_P;0-0#;%O>R?kWxLh5B<9pMc7`p3Lg{o;Dg~FO>sB4ER2@nA
zu;=V^d!yFqXHU`{j4G$|%haULd32EDjBd$oB{-VBFz*PtJJ$^7##vZzi>!>L<%>${
zRR{KV*ShuI#Qhu(LNEw`dE3!#|Evft1rYp(ATT5qkCL!@&@x1bC;=~Rf(LOpDHukH
z5|AX>1fc+`C0WTM$_V)+ekgcVe^L;5i6`e3`9|9NxbTmKiRB#xO0zF9SwXhTqB2_e
zPi{2}M)AiuJ2DP_S`bI6^qh&Yq+fqvas)J88#4tyI5cS)Z28$^_nZsUs{Bh|LUv-V
z@^9h&>U!p#s<Y_9eM9!6yK%*dS%dmFga=Y?Tq%%MHwm@?rWK=I#xixH;yu<rRm;_~
zZ8^s(=<Or15rsnLOXY%d#@7`%`1HykoN98ho<Ry+pyB*6rRnR19@Z0Y!9BuWA*DF<
zj)_&docy@Ld5}$&-@jRUFaBJX_{yh7mwUqZocRx(A1+1qKU{QkjnLD;^b*Gsw4G@(
zle6Zt6c;v?iHf^bx)^=AOX!^(U-llAs;)OMW%yT+dNKO!1xgTV@S|O2lqgv0t_3?g
z3^T6=d-^;pO=2o`Noy`{KyClCiA<qtqktE{09Zf(zy^K+4gtD=JrIJKWab0}0^yh+
z#JCV37@M&G4$8%O{<uOSOSp{)7w3q<wwV9)d+otU<PIiCbr1;rp;a)sD#Dn{81w&T
z`FFEmnE*oTZnh1TuYGT`Zr*DBb9&-!wP;&mn8@KW)tp~Hk(6>qx%7qRMA=-G%t?f6
zJZ=+yLU*Ka>!zM6S<XZ6HfF}W>*{O65&K-~&!NWm=6l#zHZY!T+<e1zon|`!UT`CI
znm~{Jt@FOq&Yd%`p+SE_>Z=VOzjDGUCF89@jP@mHq1QIk(C9eh>5V7c${Yq-R#%RY
zpiL=`cGnJQpC;5%l|^sY;~x2@E2#AqPVF*xQ;Xv5NppR9!YJExg|&Op<CDu{=3KX|
zY8zf^7-?vIA#_L9RbHC^Xbrz7RZ-P<@z%vpzc#;`*{Mezxt(nh|6V1g&~?bs`=Wui
zwOveXbAmmTkO162?&T~P$?)YHSNor^u83<FA5)0{$BvJtH7nOx*Cr?vzrf~SWcNp0
zwg}cTol+X8B8vJx_tqT{Z?_|@Sbx|`;p&rZ8t#E5sw-bUUNv1jn|Sm{D#0bHIm+kY
zg`nAY7A8=M(|KZJHF64{*MECpDtheh%g67(wGB;XilnP@Br(h`93y}1V$WMI>8~9b
z^!2lN;~hJoZt;asv~q`mhQrQ;TS#T3Ix+582fsC4t-{BH?!fVmtt_Q9)KqQQX#3e;
zOVCjuwXY&O+xfZvyVqMBE;`+{%V+j=vwNl#pOPj8ibZp@eE$@>m>AlIoR18Z?P|>!
z?>beMk5_Oo^30ILkZ0Dr<0sWgUP=4mHCcsWjA-}y=STdNoYq*a=2=#M$n%TmD45Xd
zn<{p5Zzq2uzl!G99Gw$eeawUmyW_cduZd}=ql<OO8NHJh%$9z^GJXf#&Ztx#s(3D^
zsaKW9-ZdaZmv&}0ygmyICAZA<F7FnUi^~_3jlH3G634(DN{BzO(oN%0WodzW^PB4*
zGHp1*K}ViW%ZSd;QU)t+zNz#`(cY^TJPpvkhX1=W^5Tp~V7PAk*@~N6-JTh5Uo<KA
zC~IPS;qH(%H-B+fPp%Gu&u=0hj7<->j}ry@>NfO7>O8VE$oX4IgCQxEc>kqgVSB?{
zBI5==fR!Y^YD3dAm6fES+1aTs_A<m8{br@tP3D;RUe$1?e5CE3Rq?#EuXbEF5b3Jy
zR^5MAM4QdK!COcg3E0W308;XdSQ@9z&BF8V-#IL*GhVUkP0$1@?h#<c%yKo-*Uq3V
z!Tl;0=J56H>3N!Gdb;PLYpdiR4~t?RL}nT@n4fFPht?#U<={*IGG(Qpdf5L8XCe<n
q>No%)mrX5|y|X3I@*xsBkA#rjdy*Koh_ufOF|oH;Fa|-=z&`+z$sVQv

diff --git a/src/CalculatorUnitTests/CalculatorUnitTests.vcxproj b/src/CalculatorUnitTests/CalculatorUnitTests.vcxproj
index 371a686a6..24b78e95e 100644
--- a/src/CalculatorUnitTests/CalculatorUnitTests.vcxproj
+++ b/src/CalculatorUnitTests/CalculatorUnitTests.vcxproj
@@ -16,7 +16,6 @@
     <!-- We want to automatic replace of MinVersion/MaxVersionTested for unit tests. -->
     <AppxOSMinVersionReplaceManifestVersion>true</AppxOSMinVersionReplaceManifestVersion>
     <AppxOSMaxVersionTestedReplaceManifestVersion>true</AppxOSMaxVersionTestedReplaceManifestVersion>
-    <PackageCertificateKeyFile>WindowsDev_TemporaryKey.pfx</PackageCertificateKeyFile>
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
   <ItemGroup Label="ProjectConfigurations">
@@ -289,9 +288,6 @@
       <Project>{cc9b4fa7-d746-4f52-9401-0ad1b4d6b16d}</Project>
     </ProjectReference>
   </ItemGroup>
-  <ItemGroup>
-    <None Include="WindowsDev_TemporaryKey.pfx" />
-  </ItemGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
   <ImportGroup Label="ExtensionTargets">
   </ImportGroup>
diff --git a/src/CalculatorUnitTests/CalculatorUnitTests.vcxproj.filters b/src/CalculatorUnitTests/CalculatorUnitTests.vcxproj.filters
index 60cc935c0..54a1bed4b 100644
--- a/src/CalculatorUnitTests/CalculatorUnitTests.vcxproj.filters
+++ b/src/CalculatorUnitTests/CalculatorUnitTests.vcxproj.filters
@@ -79,7 +79,4 @@
       <UniqueIdentifier>{d3ec8922-022d-4531-8744-f65a872f3841}</UniqueIdentifier>
     </Filter>
   </ItemGroup>
-  <ItemGroup>
-    <None Include="WindowsDev_TemporaryKey.pfx" />
-  </ItemGroup>
 </Project>
\ No newline at end of file
diff --git a/src/CalculatorUnitTests/WindowsDev_TemporaryKey.pfx b/src/CalculatorUnitTests/WindowsDev_TemporaryKey.pfx
deleted file mode 100644
index 555456ae0b7252123c5db73f6fc002eddfe6e0ef..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 2603
zcmeHJX;4#H7Jgd-gaBf~zJmyg!b_AzTXtL^4KBzQ6+r<_lmsx+Y_bFe(IJRHv;Z}V
zY_<#%Syezp_Mo7EAd8>@1r^Xn!F^t49H*zN`ftylxu;Imz2A42Q>V`P>Y`kN5d^|0
zSLQWdW_i-4q<J||3KVc<Mi8#dV+`&?xk$u+Q3wO!B7qp}kNGaV?Dtbd0tgGZuo&gS
zqj<u1P(~TM3+_U=un5CjQ7&{%07D=IEmC*sD7`n6CZv@c9@cVon?~h+JOaw%0F*<K
zMP=}?2ZAR-9_|zpswi1V6A51ahxRjA`#5YCWf3Yb0i}pi+X4fE*{lGHHmWH>2t*}U
z#@;aYA$AZ)*O46-!VdH2Ft8KfdH7FwR98igilP+EEKzLGRTZeHr8&A9vws2qqqw-B
z{_hh6;sBTnDgY=KBtTpc1R8yuMZpomaoBojhBvIeF8;J1Z=iFb-?{1Q=WOlG^SL<@
z^@eGIsJ-o&sn3J?R?#3&5iT(9QPZ~WPN?rKgSDSd$jnSL=jhQd{OykWhP4jbrf#Sw
zc+b9D{H=oFnvl}OY2urmD&D(PeZfMBM5xw!7DHAKTPJ5zG)VLGn_e-d$7`heEfftU
z&Nb+t@QQM$<=(EYe_P;0-0#;%O>R?kWxLh5B<9pMc7`p3Lg{o;Dg~FO>sB4ER2@nA
zu;=V^d!yFqXHU`{j4G$|%haULd32EDjBd$oB{-VBFz*PtJJ$^7##vZzi>!>L<%>${
zRR{KV*ShuI#Qhu(LNEw`dE3!#|Evft1rYp(ATT5qkCL!@&@x1bC;=~Rf(LOpDHukH
z5|AX>1fc+`C0WTM$_V)+ekgcVe^L;5i6`e3`9|9NxbTmKiRB#xO0zF9SwXhTqB2_e
zPi{2}M)AiuJ2DP_S`bI6^qh&Yq+fqvas)J88#4tyI5cS)Z28$^_nZsUs{Bh|LUv-V
z@^9h&>U!p#s<Y_9eM9!6yK%*dS%dmFga=Y?Tq%%MHwm@?rWK=I#xixH;yu<rRm;_~
zZ8^s(=<Or15rsnLOXY%d#@7`%`1HykoN98ho<Ry+pyB*6rRnR19@Z0Y!9BuWA*DF<
zj)_&docy@Ld5}$&-@jRUFaBJX_{yh7mwUqZocRx(A1+1qKU{QkjnLD;^b*Gsw4G@(
zle6Zt6c;v?iHf^bx)^=AOX!^(U-llAs;)OMW%yT+dNKO!1xgTV@S|O2lqgv0t_3?g
z3^T6=d-^;pO=2o`Noy`{KyClCiA<qtqktE{09Zf(zy^K+4gtD=JrIJKWab0}0^yh+
z#JCV37@M&G4$8%O{<uOSOSp{)7w3q<wwV9)d+otU<PIiCbr1;rp;a)sD#Dn{81w&T
z`FFEmnE*oTZnh1TuYGT`Zr*DBb9&-!wP;&mn8@KW)tp~Hk(6>qx%7qRMA=-G%t?f6
zJZ=+yLU*Ka>!zM6S<XZ6HfF}W>*{O65&K-~&!NWm=6l#zHZY!T+<e1zon|`!UT`CI
znm~{Jt@FOq&Yd%`p+SE_>Z=VOzjDGUCF89@jP@mHq1QIk(C9eh>5V7c${Yq-R#%RY
zpiL=`cGnJQpC;5%l|^sY;~x2@E2#AqPVF*xQ;Xv5NppR9!YJExg|&Op<CDu{=3KX|
zY8zf^7-?vIA#_L9RbHC^Xbrz7RZ-P<@z%vpzc#;`*{Mezxt(nh|6V1g&~?bs`=Wui
zwOveXbAmmTkO162?&T~P$?)YHSNor^u83<FA5)0{$BvJtH7nOx*Cr?vzrf~SWcNp0
zwg}cTol+X8B8vJx_tqT{Z?_|@Sbx|`;p&rZ8t#E5sw-bUUNv1jn|Sm{D#0bHIm+kY
zg`nAY7A8=M(|KZJHF64{*MECpDtheh%g67(wGB;XilnP@Br(h`93y}1V$WMI>8~9b
z^!2lN;~hJoZt;asv~q`mhQrQ;TS#T3Ix+582fsC4t-{BH?!fVmtt_Q9)KqQQX#3e;
zOVCjuwXY&O+xfZvyVqMBE;`+{%V+j=vwNl#pOPj8ibZp@eE$@>m>AlIoR18Z?P|>!
z?>beMk5_Oo^30ILkZ0Dr<0sWgUP=4mHCcsWjA-}y=STdNoYq*a=2=#M$n%TmD45Xd
zn<{p5Zzq2uzl!G99Gw$eeawUmyW_cduZd}=ql<OO8NHJh%$9z^GJXf#&Ztx#s(3D^
zsaKW9-ZdaZmv&}0ygmyICAZA<F7FnUi^~_3jlH3G634(DN{BzO(oN%0WodzW^PB4*
zGHp1*K}ViW%ZSd;QU)t+zNz#`(cY^TJPpvkhX1=W^5Tp~V7PAk*@~N6-JTh5Uo<KA
zC~IPS;qH(%H-B+fPp%Gu&u=0hj7<->j}ry@>NfO7>O8VE$oX4IgCQxEc>kqgVSB?{
zBI5==fR!Y^YD3dAm6fES+1aTs_A<m8{br@tP3D;RUe$1?e5CE3Rq?#EuXbEF5b3Jy
zR^5MAM4QdK!COcg3E0W308;XdSQ@9z&BF8V-#IL*GhVUkP0$1@?h#<c%yKo-*Uq3V
z!Tl;0=J56H>3N!Gdb;PLYpdiR4~t?RL}nT@n4fFPht?#U<={*IGG(Qpdf5L8XCe<n
q>No%)mrX5|y|X3I@*xsBkA#rjdy*Koh_ufOF|oH;Fa|-=z&`+z$sVQv