From 62579dc01925b48470e4f8ece867997768befb59 Mon Sep 17 00:00:00 2001 From: Martijn Dwars Date: Tue, 9 Apr 2019 07:20:13 +0200 Subject: [PATCH 01/80] Use Google repo for testing service --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index e05e2d3..b0df96c 100644 --- a/.travis.yml +++ b/.travis.yml @@ -14,7 +14,7 @@ before_cache: before_install: - nvm i node install: - - npm i -g github:Minishlink/web-push-testing-service#update/deps + - npm install github:GoogleChromeLabs/web-push-testing-service -g before_script: - "export DISPLAY=:99.0" - "sh -e /etc/init.d/xvfb start || echo \"Unable to start virtual display.\"" From 52eb94b62d8b92240aaa6782f5eae4f52b486927 Mon Sep 17 00:00:00 2001 From: Martijn Dwars Date: Tue, 9 Apr 2019 20:46:26 +0200 Subject: [PATCH 02/80] Release 5.0.2 --- README.md | 4 ++-- build.gradle | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 0c79876..f82735f 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,7 @@ A Web Push library for Java 7. Supports payloads and VAPID. For Gradle, add the following dependency to `build.gradle`: ```groovy -compile group: 'nl.martijndwars', name: 'web-push', version: '5.0.2-SNAPSHOT' +compile group: 'nl.martijndwars', name: 'web-push', version: '5.0.2' ``` For Maven, add the following dependency to `pom.xml`: @@ -19,7 +19,7 @@ For Maven, add the following dependency to `pom.xml`:     nl.martijndwars     web-push -    5.0.2-SNAPSHOT +    5.0.2 ``` diff --git a/build.gradle b/build.gradle index 89dc784..0538c7d 100644 --- a/build.gradle +++ b/build.gradle @@ -12,7 +12,7 @@ apply plugin: 'application' apply plugin: 'com.github.johnrengelman.shadow' group 'nl.martijndwars' -version '5.0.2-SNAPSHOT' +version '5.0.2' repositories { mavenLocal() From 83a7521aad7258236c8bedd99b72b6f29ef71936 Mon Sep 17 00:00:00 2001 From: Martijn Dwars Date: Tue, 9 Apr 2019 20:52:58 +0200 Subject: [PATCH 03/80] Set version to 5.0.3-SNAPSHOT --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 0538c7d..48d6eee 100644 --- a/build.gradle +++ b/build.gradle @@ -12,7 +12,7 @@ apply plugin: 'application' apply plugin: 'com.github.johnrengelman.shadow' group 'nl.martijndwars' -version '5.0.2' +version '5.0.3-SNAPSHOT' repositories { mavenLocal() From 630824d91ab57bff4391e1d66a3fb4c1c6367f96 Mon Sep 17 00:00:00 2001 From: Martijn Dwars Date: Thu, 30 May 2019 15:19:20 +0200 Subject: [PATCH 04/80] Add missing BC to classpath when running as CLI --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 48d6eee..e00ce35 100644 --- a/build.gradle +++ b/build.gradle @@ -70,7 +70,7 @@ compileTestJava { mainClassName = 'nl.martijndwars.webpush.cli.Cli' run { - classpath 'bcprov-jdk15on-154.jar' + classpath configurations.shadow.files } test { From e8db7c52c410b5c153230838c8d3e58129fb6b2a Mon Sep 17 00:00:00 2001 From: Martijn Dwars Date: Thu, 30 May 2019 19:54:45 +0200 Subject: [PATCH 05/80] Disable tests for Chrome unstable (#90) WPTS uses a version of ChromeDriver that does not support Chrome 75. --- build.gradle | 1 + .../java/nl/martijndwars/webpush/selenium/SeleniumTests.java | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/build.gradle b/build.gradle index e00ce35..2418fe8 100644 --- a/build.gradle +++ b/build.gradle @@ -79,6 +79,7 @@ test { testLogging { events 'PASSED', 'FAILED', 'SKIPPED' showStandardStreams true + exceptionFormat 'full' } } diff --git a/src/test/java/nl/martijndwars/webpush/selenium/SeleniumTests.java b/src/test/java/nl/martijndwars/webpush/selenium/SeleniumTests.java index 00522bb..de1353e 100644 --- a/src/test/java/nl/martijndwars/webpush/selenium/SeleniumTests.java +++ b/src/test/java/nl/martijndwars/webpush/selenium/SeleniumTests.java @@ -65,14 +65,14 @@ protected Stream getConfigurations() { return Stream.of( new Configuration("chrome", "stable", null, GCM_SENDER_ID), new Configuration("chrome", "beta", null, GCM_SENDER_ID), - new Configuration("chrome", "unstable", null, GCM_SENDER_ID), + //new Configuration("chrome", "unstable", null, GCM_SENDER_ID), See #90 new Configuration("firefox", "stable", null, GCM_SENDER_ID), new Configuration("firefox", "beta", null, GCM_SENDER_ID), new Configuration("chrome", "stable", PUBLIC_KEY_NO_PADDING, null), new Configuration("chrome", "beta", PUBLIC_KEY_NO_PADDING, null), - new Configuration("chrome", "unstable", PUBLIC_KEY_NO_PADDING, null), + //new Configuration("chrome", "unstable", PUBLIC_KEY_NO_PADDING, null), See #90 new Configuration("firefox", "stable", PUBLIC_KEY_NO_PADDING, null), new Configuration("firefox", "beta", PUBLIC_KEY_NO_PADDING, null) From 7dfdfa4e7f14cb609cf5315feb724c4230f706c0 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sat, 1 Jun 2019 10:43:51 +0000 Subject: [PATCH 06/80] Add renovate.json --- renovate.json | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 renovate.json diff --git a/renovate.json b/renovate.json new file mode 100644 index 0000000..f45d8f1 --- /dev/null +++ b/renovate.json @@ -0,0 +1,5 @@ +{ + "extends": [ + "config:base" + ] +} From 5aeceb6f525e38edc276dc4cce967d597c1f8390 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sat, 1 Jun 2019 11:51:40 +0000 Subject: [PATCH 07/80] Update dependency gradle to v5.4.1 --- gradle/wrapper/gradle-wrapper.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties index 6b3851a..f4d7b2b 100644 --- a/gradle/wrapper/gradle-wrapper.properties +++ b/gradle/wrapper/gradle-wrapper.properties @@ -1,5 +1,5 @@ distributionBase=GRADLE_USER_HOME distributionPath=wrapper/dists -distributionUrl=https\://services.gradle.org/distributions/gradle-5.1-bin.zip +distributionUrl=https\://services.gradle.org/distributions/gradle-5.4.1-bin.zip zipStoreBase=GRADLE_USER_HOME zipStorePath=wrapper/dists From da4bf2ccc66bdc10052f437b95d10d21a97e84f4 Mon Sep 17 00:00:00 2001 From: meamruri Date: Sat, 14 Sep 2019 00:54:00 +0300 Subject: [PATCH 08/80] add extra constructor with ttl and key primitives (strings and byte[]) to notification class --- src/main/java/nl/martijndwars/webpush/Notification.java | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/main/java/nl/martijndwars/webpush/Notification.java b/src/main/java/nl/martijndwars/webpush/Notification.java index 8a67e7b..03b5dd0 100644 --- a/src/main/java/nl/martijndwars/webpush/Notification.java +++ b/src/main/java/nl/martijndwars/webpush/Notification.java @@ -50,6 +50,10 @@ public Notification(String endpoint, PublicKey userPublicKey, byte[] userAuth, b this(endpoint, (ECPublicKey) userPublicKey, userAuth, payload, ttl); } + public Notification(String endpoint, String userPublicKey, String userAuth, byte[] payload, int ttl) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeySpecException { + this(endpoint, Utils.loadPublicKey(userPublicKey), Base64Encoder.decode(userAuth), payload, ttl); + } + public Notification(String endpoint, PublicKey userPublicKey, byte[] userAuth, byte[] payload) { this(endpoint, userPublicKey, userAuth, payload, 2419200); } From f0f9b613dedfe1394174e4fa2962900d62c1dee4 Mon Sep 17 00:00:00 2001 From: meamruri Date: Sun, 15 Sep 2019 09:48:16 +0300 Subject: [PATCH 09/80] add builder to notificatino class --- .../nl/martijndwars/webpush/Notification.java | 40 +++++++++++++++++++ 1 file changed, 40 insertions(+) diff --git a/src/main/java/nl/martijndwars/webpush/Notification.java b/src/main/java/nl/martijndwars/webpush/Notification.java index 03b5dd0..cf0df5c 100644 --- a/src/main/java/nl/martijndwars/webpush/Notification.java +++ b/src/main/java/nl/martijndwars/webpush/Notification.java @@ -112,4 +112,44 @@ public String getOrigin() throws MalformedURLException { return url.getProtocol() + "://" + url.getHost(); } + + public static NotificationBuilder builder() { + return new Notification.NotificationBuilder(); + } + + public static class NotificationBuilder { + private String endpoint; + private String userPublicKey; + private String userAuth; + private byte[] payload; + private int ttl; + + private NotificationBuilder() { + } + + public Notification build() throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeySpecException { + return new Notification(endpoint, userPublicKey, userAuth, payload, ttl); + } + + public NotificationBuilder endpoint(String endpoint) { + this.endpoint = endpoint; + return this; + } + public NotificationBuilder userPublicKey(String publicKey) { + this.userPublicKey = publicKey; + return this; + } + public NotificationBuilder userAuth(String userAuth) { + this.userAuth = userAuth; + return this; + } + public NotificationBuilder payload(byte[] payload) { + this.payload = payload; + return this; + } + public NotificationBuilder ttl(int ttl) { + this.ttl = ttl; + return this; + } + } } From 84dd71704470f5c3473f5539eb27b538e5ad863f Mon Sep 17 00:00:00 2001 From: meamruri Date: Sun, 15 Sep 2019 11:05:42 +0300 Subject: [PATCH 10/80] write tests for notification class --- build.gradle | 4 +- .../nl/martijndwars/webpush/Notification.java | 15 ++++--- .../webpush/NotificationTest.java | 43 +++++++++++++++++++ 3 files changed, 54 insertions(+), 8 deletions(-) create mode 100644 src/test/java/nl/martijndwars/webpush/NotificationTest.java diff --git a/build.gradle b/build.gradle index 2418fe8..5af8051 100644 --- a/build.gradle +++ b/build.gradle @@ -59,8 +59,8 @@ wrapper { } compileJava { - sourceCompatibility = 1.7 - targetCompatibility = 1.7 + sourceCompatibility = 1.8 + targetCompatibility = 1.8 } compileTestJava { diff --git a/src/main/java/nl/martijndwars/webpush/Notification.java b/src/main/java/nl/martijndwars/webpush/Notification.java index cf0df5c..209bef7 100644 --- a/src/main/java/nl/martijndwars/webpush/Notification.java +++ b/src/main/java/nl/martijndwars/webpush/Notification.java @@ -1,5 +1,6 @@ package nl.martijndwars.webpush; +import java.time.Duration; import org.bouncycastle.jce.interfaces.ECPublicKey; import java.net.MalformedURLException; @@ -37,6 +38,8 @@ public class Notification { */ private final int ttl; + private static Duration TTL = Duration.ofDays(28); + public Notification(String endpoint, ECPublicKey userPublicKey, byte[] userAuth, byte[] payload, int ttl) { this.endpoint = endpoint; @@ -55,7 +58,7 @@ public Notification(String endpoint, String userPublicKey, String userAuth, byte } public Notification(String endpoint, PublicKey userPublicKey, byte[] userAuth, byte[] payload) { - this(endpoint, userPublicKey, userAuth, payload, 2419200); + this(endpoint, userPublicKey, userAuth, payload, (int) TTL.getSeconds()); } public Notification(String endpoint, String userPublicKey, String userAuth, byte[] payload) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeySpecException { @@ -118,11 +121,11 @@ public static NotificationBuilder builder() { } public static class NotificationBuilder { - private String endpoint; - private String userPublicKey; - private String userAuth; - private byte[] payload; - private int ttl; + private String endpoint = null; + private String userPublicKey = null; + private String userAuth = null; + private byte[] payload = null; + private int ttl = (int) TTL.getSeconds(); private NotificationBuilder() { } diff --git a/src/test/java/nl/martijndwars/webpush/NotificationTest.java b/src/test/java/nl/martijndwars/webpush/NotificationTest.java new file mode 100644 index 0000000..a9d1c6c --- /dev/null +++ b/src/test/java/nl/martijndwars/webpush/NotificationTest.java @@ -0,0 +1,43 @@ +package nl.martijndwars.webpush; + +import java.security.GeneralSecurityException; +import java.security.Security; +import java.time.Duration; +import org.bouncycastle.jce.provider.BouncyCastleProvider; +import org.junit.jupiter.api.BeforeAll; +import org.junit.jupiter.api.Test; + +import static org.junit.jupiter.api.Assertions.assertEquals; + +class NotificationTest { + + private static final String endpoint = "https://the-url.co.uk"; + private static final String publicKey = "BGu3hOwCLOBfdMReXf7-SD2x5tKs_vPapOneyngBOnu6PgNYdgLPKFAodfBnG60MqkXC0McPFehN2Kyuh6TKm14="; + private static int oneDayDurationInSeconds = 86400; + + @BeforeAll + public static void addSecurityProvider() { + Security.addProvider(new BouncyCastleProvider()); + } + + @Test + public void testNotificationBuilder() throws GeneralSecurityException { + Notification notification = Notification.builder() + .endpoint(endpoint) + .userPublicKey(publicKey) + .payload(new byte[16]) + .ttl((int) Duration.ofDays(15).getSeconds()) + .build(); + assertEquals(endpoint, notification.getEndpoint()); + assertEquals(15 * oneDayDurationInSeconds, notification.getTTL()); + } + + @Test + public void testDefaultTtl() throws GeneralSecurityException { + Notification notification = Notification.builder() + .userPublicKey(publicKey) + .payload(new byte[16]) + .build(); + assertEquals(28 * oneDayDurationInSeconds, notification.getTTL()); + } +} From d15cd7c623a234e94ffb6c1716c8559189e44e1f Mon Sep 17 00:00:00 2001 From: meamruri Date: Sun, 15 Sep 2019 11:16:56 +0300 Subject: [PATCH 11/80] add overloads for publicKey and auth setters of builder --- .../nl/martijndwars/webpush/Notification.java | 25 +++++++++++++++---- 1 file changed, 20 insertions(+), 5 deletions(-) diff --git a/src/main/java/nl/martijndwars/webpush/Notification.java b/src/main/java/nl/martijndwars/webpush/Notification.java index 209bef7..a6ba461 100644 --- a/src/main/java/nl/martijndwars/webpush/Notification.java +++ b/src/main/java/nl/martijndwars/webpush/Notification.java @@ -122,15 +122,15 @@ public static NotificationBuilder builder() { public static class NotificationBuilder { private String endpoint = null; - private String userPublicKey = null; - private String userAuth = null; + private ECPublicKey userPublicKey = null; + private byte[] userAuth = null; private byte[] payload = null; private int ttl = (int) TTL.getSeconds(); private NotificationBuilder() { } - public Notification build() throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeySpecException { + public Notification build() { return new Notification(endpoint, userPublicKey, userAuth, payload, ttl); } @@ -138,21 +138,36 @@ public NotificationBuilder endpoint(String endpoint) { this.endpoint = endpoint; return this; } - public NotificationBuilder userPublicKey(String publicKey) { - this.userPublicKey = publicKey; + + public NotificationBuilder userPublicKey(PublicKey publicKey) { + this.userPublicKey = (ECPublicKey) publicKey; + return this; + } + + public NotificationBuilder userPublicKey(String publicKey) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeySpecException { + this.userPublicKey = (ECPublicKey) Utils.loadPublicKey(publicKey); return this; } + public NotificationBuilder userAuth(String userAuth) { + this.userAuth = Base64Encoder.decode(userAuth); + return this; + } + + public NotificationBuilder userAuth(byte[] userAuth) { this.userAuth = userAuth; return this; } + public NotificationBuilder payload(byte[] payload) { this.payload = payload; return this; } + public NotificationBuilder ttl(int ttl) { this.ttl = ttl; return this; } } + } From 7fdc2340515bb8bc085731e6c5c0633a43950a16 Mon Sep 17 00:00:00 2001 From: meamruri Date: Wed, 18 Sep 2019 19:50:29 +0300 Subject: [PATCH 12/80] revert compatibility with java 7 (keep target 7) --- build.gradle | 4 ++-- src/main/java/nl/martijndwars/webpush/Notification.java | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/build.gradle b/build.gradle index 5af8051..2418fe8 100644 --- a/build.gradle +++ b/build.gradle @@ -59,8 +59,8 @@ wrapper { } compileJava { - sourceCompatibility = 1.8 - targetCompatibility = 1.8 + sourceCompatibility = 1.7 + targetCompatibility = 1.7 } compileTestJava { diff --git a/src/main/java/nl/martijndwars/webpush/Notification.java b/src/main/java/nl/martijndwars/webpush/Notification.java index a6ba461..8703388 100644 --- a/src/main/java/nl/martijndwars/webpush/Notification.java +++ b/src/main/java/nl/martijndwars/webpush/Notification.java @@ -1,6 +1,5 @@ package nl.martijndwars.webpush; -import java.time.Duration; import org.bouncycastle.jce.interfaces.ECPublicKey; import java.net.MalformedURLException; @@ -38,7 +37,8 @@ public class Notification { */ private final int ttl; - private static Duration TTL = Duration.ofDays(28); + private static final int ONE_DAY_DURATION_IN_SECONDS = 86400; + private static int DEFAULT_TTL = 28 * ONE_DAY_DURATION_IN_SECONDS; public Notification(String endpoint, ECPublicKey userPublicKey, byte[] userAuth, byte[] payload, int ttl) { @@ -58,7 +58,7 @@ public Notification(String endpoint, String userPublicKey, String userAuth, byte } public Notification(String endpoint, PublicKey userPublicKey, byte[] userAuth, byte[] payload) { - this(endpoint, userPublicKey, userAuth, payload, (int) TTL.getSeconds()); + this(endpoint, userPublicKey, userAuth, payload, DEFAULT_TTL); } public Notification(String endpoint, String userPublicKey, String userAuth, byte[] payload) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeySpecException { @@ -125,7 +125,7 @@ public static class NotificationBuilder { private ECPublicKey userPublicKey = null; private byte[] userAuth = null; private byte[] payload = null; - private int ttl = (int) TTL.getSeconds(); + private int ttl = DEFAULT_TTL; private NotificationBuilder() { } From 87f7507d6f2e2a8265e1efe9dd14d0f8bf0a6c45 Mon Sep 17 00:00:00 2001 From: jamie Date: Wed, 18 Sep 2019 15:21:42 -0300 Subject: [PATCH 13/80] #29: Adding support for urgency --- .../nl/martijndwars/webpush/Notification.java | 26 +++++++++++++++++-- .../nl/martijndwars/webpush/PushService.java | 4 +++ .../java/nl/martijndwars/webpush/Urgency.java | 24 +++++++++++++++++ 3 files changed, 52 insertions(+), 2 deletions(-) create mode 100644 src/main/java/nl/martijndwars/webpush/Urgency.java diff --git a/src/main/java/nl/martijndwars/webpush/Notification.java b/src/main/java/nl/martijndwars/webpush/Notification.java index 8a67e7b..644259a 100644 --- a/src/main/java/nl/martijndwars/webpush/Notification.java +++ b/src/main/java/nl/martijndwars/webpush/Notification.java @@ -32,22 +32,31 @@ public class Notification { */ private final byte[] payload; + /** + * Push Message Urgency + * + * @see Push Message Urgency + * + */ + private Urgency urgency; + /** * Time in seconds that the push message is retained by the push service */ private final int ttl; - public Notification(String endpoint, ECPublicKey userPublicKey, byte[] userAuth, byte[] payload, int ttl) { + public Notification(String endpoint, ECPublicKey userPublicKey, byte[] userAuth, byte[] payload, int ttl, Urgency urgency) { this.endpoint = endpoint; this.userPublicKey = userPublicKey; this.userAuth = userAuth; this.payload = payload; this.ttl = ttl; + this.urgency = urgency; } public Notification(String endpoint, PublicKey userPublicKey, byte[] userAuth, byte[] payload, int ttl) { - this(endpoint, (ECPublicKey) userPublicKey, userAuth, payload, ttl); + this(endpoint, (ECPublicKey) userPublicKey, userAuth, payload, ttl, null); } public Notification(String endpoint, PublicKey userPublicKey, byte[] userAuth, byte[] payload) { @@ -66,6 +75,11 @@ public Notification(Subscription subscription, String payload) throws NoSuchAlgo this(subscription.endpoint, subscription.keys.p256dh, subscription.keys.auth, payload); } + public Notification(Subscription subscription, String payload, Urgency urgency) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeySpecException { + this(subscription.endpoint, subscription.keys.p256dh, subscription.keys.auth, payload); + this.urgency = urgency; + } + public String getEndpoint() { return endpoint; } @@ -86,6 +100,10 @@ public boolean hasPayload() { return getPayload().length > 0; } + public boolean hasUrgency() { + return urgency != null; + } + /** * Detect if the notification is for a GCM-based subscription * @@ -103,6 +121,10 @@ public int getTTL() { return ttl; } + public Urgency getUrgency() { + return urgency; + } + public String getOrigin() throws MalformedURLException { URL url = new URL(getEndpoint()); diff --git a/src/main/java/nl/martijndwars/webpush/PushService.java b/src/main/java/nl/martijndwars/webpush/PushService.java index 60b2d97..98c5544 100644 --- a/src/main/java/nl/martijndwars/webpush/PushService.java +++ b/src/main/java/nl/martijndwars/webpush/PushService.java @@ -190,6 +190,10 @@ public HttpPost preparePost(Notification notification, Encoding encoding) throws HttpPost httpPost = new HttpPost(notification.getEndpoint()); httpPost.addHeader("TTL", String.valueOf(notification.getTTL())); + if (notification.hasUrgency()) { + httpPost.addHeader("urgency", notification.getUrgency().getHeaderValue()); + } + Map headers = new HashMap<>(); if (notification.hasPayload()) { diff --git a/src/main/java/nl/martijndwars/webpush/Urgency.java b/src/main/java/nl/martijndwars/webpush/Urgency.java new file mode 100644 index 0000000..39d5b35 --- /dev/null +++ b/src/main/java/nl/martijndwars/webpush/Urgency.java @@ -0,0 +1,24 @@ +package nl.martijndwars.webpush; + + +/** + * Web Push Message Urgency header field values + * + * @see Push Message Urgency + */ +public enum Urgency { + VERY_LOW("very-low"), + LOW("low"), + NORMAL("normal"), + HIGH("high"); + + private final String headerValue; + + Urgency(String urgency) { + this.headerValue = urgency; + } + + public String getHeaderValue() { + return headerValue; + } +} From 461dfdbc6ba34fdfecd0bbac983ad46dbd3c8016 Mon Sep 17 00:00:00 2001 From: jamie Date: Wed, 18 Sep 2019 15:22:06 -0300 Subject: [PATCH 14/80] #29: Matching capitalization from spec --- src/main/java/nl/martijndwars/webpush/PushService.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/nl/martijndwars/webpush/PushService.java b/src/main/java/nl/martijndwars/webpush/PushService.java index 98c5544..a656937 100644 --- a/src/main/java/nl/martijndwars/webpush/PushService.java +++ b/src/main/java/nl/martijndwars/webpush/PushService.java @@ -191,7 +191,7 @@ public HttpPost preparePost(Notification notification, Encoding encoding) throws httpPost.addHeader("TTL", String.valueOf(notification.getTTL())); if (notification.hasUrgency()) { - httpPost.addHeader("urgency", notification.getUrgency().getHeaderValue()); + httpPost.addHeader("Urgency", notification.getUrgency().getHeaderValue()); } Map headers = new HashMap<>(); From d9478c711ae607e7aeac9ce6b02fd708b3ab0dd0 Mon Sep 17 00:00:00 2001 From: jamie Date: Wed, 18 Sep 2019 15:26:04 -0300 Subject: [PATCH 15/80] #29: Adding urgency to keyed notification --- src/main/java/nl/martijndwars/webpush/Notification.java | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/main/java/nl/martijndwars/webpush/Notification.java b/src/main/java/nl/martijndwars/webpush/Notification.java index 644259a..aa8f6ce 100644 --- a/src/main/java/nl/martijndwars/webpush/Notification.java +++ b/src/main/java/nl/martijndwars/webpush/Notification.java @@ -71,6 +71,11 @@ public Notification(String endpoint, String userPublicKey, String userAuth, Stri this(endpoint, Utils.loadPublicKey(userPublicKey), Base64Encoder.decode(userAuth), payload.getBytes(UTF_8)); } + public Notification(String endpoint, String userPublicKey, String userAuth, String payload, Urgency urgency) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeySpecException { + this(endpoint, Utils.loadPublicKey(userPublicKey), Base64Encoder.decode(userAuth), payload.getBytes(UTF_8)); + this.urgency = urgency; + } + public Notification(Subscription subscription, String payload) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeySpecException { this(subscription.endpoint, subscription.keys.p256dh, subscription.keys.auth, payload); } From 625825aa4178e0a872233b1462c47a176305baa3 Mon Sep 17 00:00:00 2001 From: jamie Date: Wed, 18 Sep 2019 15:21:42 -0300 Subject: [PATCH 16/80] #29: Adding support for urgency --- .../nl/martijndwars/webpush/Notification.java | 26 +++++++++++++++++-- .../nl/martijndwars/webpush/PushService.java | 4 +++ .../java/nl/martijndwars/webpush/Urgency.java | 24 +++++++++++++++++ 3 files changed, 52 insertions(+), 2 deletions(-) create mode 100644 src/main/java/nl/martijndwars/webpush/Urgency.java diff --git a/src/main/java/nl/martijndwars/webpush/Notification.java b/src/main/java/nl/martijndwars/webpush/Notification.java index 8a67e7b..644259a 100644 --- a/src/main/java/nl/martijndwars/webpush/Notification.java +++ b/src/main/java/nl/martijndwars/webpush/Notification.java @@ -32,22 +32,31 @@ public class Notification { */ private final byte[] payload; + /** + * Push Message Urgency + * + * @see Push Message Urgency + * + */ + private Urgency urgency; + /** * Time in seconds that the push message is retained by the push service */ private final int ttl; - public Notification(String endpoint, ECPublicKey userPublicKey, byte[] userAuth, byte[] payload, int ttl) { + public Notification(String endpoint, ECPublicKey userPublicKey, byte[] userAuth, byte[] payload, int ttl, Urgency urgency) { this.endpoint = endpoint; this.userPublicKey = userPublicKey; this.userAuth = userAuth; this.payload = payload; this.ttl = ttl; + this.urgency = urgency; } public Notification(String endpoint, PublicKey userPublicKey, byte[] userAuth, byte[] payload, int ttl) { - this(endpoint, (ECPublicKey) userPublicKey, userAuth, payload, ttl); + this(endpoint, (ECPublicKey) userPublicKey, userAuth, payload, ttl, null); } public Notification(String endpoint, PublicKey userPublicKey, byte[] userAuth, byte[] payload) { @@ -66,6 +75,11 @@ public Notification(Subscription subscription, String payload) throws NoSuchAlgo this(subscription.endpoint, subscription.keys.p256dh, subscription.keys.auth, payload); } + public Notification(Subscription subscription, String payload, Urgency urgency) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeySpecException { + this(subscription.endpoint, subscription.keys.p256dh, subscription.keys.auth, payload); + this.urgency = urgency; + } + public String getEndpoint() { return endpoint; } @@ -86,6 +100,10 @@ public boolean hasPayload() { return getPayload().length > 0; } + public boolean hasUrgency() { + return urgency != null; + } + /** * Detect if the notification is for a GCM-based subscription * @@ -103,6 +121,10 @@ public int getTTL() { return ttl; } + public Urgency getUrgency() { + return urgency; + } + public String getOrigin() throws MalformedURLException { URL url = new URL(getEndpoint()); diff --git a/src/main/java/nl/martijndwars/webpush/PushService.java b/src/main/java/nl/martijndwars/webpush/PushService.java index 60b2d97..98c5544 100644 --- a/src/main/java/nl/martijndwars/webpush/PushService.java +++ b/src/main/java/nl/martijndwars/webpush/PushService.java @@ -190,6 +190,10 @@ public HttpPost preparePost(Notification notification, Encoding encoding) throws HttpPost httpPost = new HttpPost(notification.getEndpoint()); httpPost.addHeader("TTL", String.valueOf(notification.getTTL())); + if (notification.hasUrgency()) { + httpPost.addHeader("urgency", notification.getUrgency().getHeaderValue()); + } + Map headers = new HashMap<>(); if (notification.hasPayload()) { diff --git a/src/main/java/nl/martijndwars/webpush/Urgency.java b/src/main/java/nl/martijndwars/webpush/Urgency.java new file mode 100644 index 0000000..39d5b35 --- /dev/null +++ b/src/main/java/nl/martijndwars/webpush/Urgency.java @@ -0,0 +1,24 @@ +package nl.martijndwars.webpush; + + +/** + * Web Push Message Urgency header field values + * + * @see Push Message Urgency + */ +public enum Urgency { + VERY_LOW("very-low"), + LOW("low"), + NORMAL("normal"), + HIGH("high"); + + private final String headerValue; + + Urgency(String urgency) { + this.headerValue = urgency; + } + + public String getHeaderValue() { + return headerValue; + } +} From 0050cbdadc683f66ac5b09bd7f7803b85102fd61 Mon Sep 17 00:00:00 2001 From: jamie Date: Wed, 18 Sep 2019 15:22:06 -0300 Subject: [PATCH 17/80] #29: Matching capitalization from spec --- src/main/java/nl/martijndwars/webpush/PushService.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/nl/martijndwars/webpush/PushService.java b/src/main/java/nl/martijndwars/webpush/PushService.java index 98c5544..a656937 100644 --- a/src/main/java/nl/martijndwars/webpush/PushService.java +++ b/src/main/java/nl/martijndwars/webpush/PushService.java @@ -191,7 +191,7 @@ public HttpPost preparePost(Notification notification, Encoding encoding) throws httpPost.addHeader("TTL", String.valueOf(notification.getTTL())); if (notification.hasUrgency()) { - httpPost.addHeader("urgency", notification.getUrgency().getHeaderValue()); + httpPost.addHeader("Urgency", notification.getUrgency().getHeaderValue()); } Map headers = new HashMap<>(); From 9cb4f8edeaa54dfd0837e82bde39907666fa62a7 Mon Sep 17 00:00:00 2001 From: jamie Date: Wed, 18 Sep 2019 15:26:04 -0300 Subject: [PATCH 18/80] #29: Adding urgency to keyed notification --- src/main/java/nl/martijndwars/webpush/Notification.java | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/main/java/nl/martijndwars/webpush/Notification.java b/src/main/java/nl/martijndwars/webpush/Notification.java index 644259a..aa8f6ce 100644 --- a/src/main/java/nl/martijndwars/webpush/Notification.java +++ b/src/main/java/nl/martijndwars/webpush/Notification.java @@ -71,6 +71,11 @@ public Notification(String endpoint, String userPublicKey, String userAuth, Stri this(endpoint, Utils.loadPublicKey(userPublicKey), Base64Encoder.decode(userAuth), payload.getBytes(UTF_8)); } + public Notification(String endpoint, String userPublicKey, String userAuth, String payload, Urgency urgency) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeySpecException { + this(endpoint, Utils.loadPublicKey(userPublicKey), Base64Encoder.decode(userAuth), payload.getBytes(UTF_8)); + this.urgency = urgency; + } + public Notification(Subscription subscription, String payload) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeySpecException { this(subscription.endpoint, subscription.keys.p256dh, subscription.keys.auth, payload); } From 16d93ccf341b7923ecd5e61af771701ecc0cf51f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C5=81ukasz=20Tenerowicz?= Date: Wed, 2 Oct 2019 00:38:07 +0200 Subject: [PATCH 19/80] Make VAPID subject claim optional --- .../nl/martijndwars/webpush/PushService.java | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/src/main/java/nl/martijndwars/webpush/PushService.java b/src/main/java/nl/martijndwars/webpush/PushService.java index a656937..d9c805c 100644 --- a/src/main/java/nl/martijndwars/webpush/PushService.java +++ b/src/main/java/nl/martijndwars/webpush/PushService.java @@ -34,7 +34,8 @@ public class PushService { private String gcmApiKey; /** - * Subject used in the JWT payload (for VAPID) + * Subject used in the JWT payload (for VAPID). When left as null, then no subject will be used + * (RFC-8292 2.1 says that it is optional) */ private String subject; @@ -55,15 +56,23 @@ public PushService(String gcmApiKey) { this.gcmApiKey = gcmApiKey; } - public PushService(KeyPair keyPair, String subject) { + public PushService(KeyPair keyPair) { this.publicKey = keyPair.getPublic(); this.privateKey = keyPair.getPrivate(); + } + + public PushService(KeyPair keyPair, String subject) { + this(keyPair); this.subject = subject; } - public PushService(String publicKey, String privateKey, String subject) throws GeneralSecurityException { + public PushService(String publicKey, String privateKey) throws GeneralSecurityException { this.publicKey = Utils.loadPublicKey(publicKey); this.privateKey = Utils.loadPrivateKey(privateKey); + } + + public PushService(String publicKey, String privateKey, String subject) throws GeneralSecurityException { + this(publicKey, privateKey); this.subject = subject; } @@ -226,7 +235,9 @@ public HttpPost preparePost(Notification notification, Encoding encoding) throws JwtClaims claims = new JwtClaims(); claims.setAudience(notification.getOrigin()); claims.setExpirationTimeMinutesInTheFuture(12 * 60); - claims.setSubject(subject); + if (subject != null) { + claims.setSubject(subject); + } JsonWebSignature jws = new JsonWebSignature(); jws.setHeader("typ", "JWT"); From 31d04521d4b3d6fce07c941dedfa111301c0bff5 Mon Sep 17 00:00:00 2001 From: jamie Date: Thu, 10 Oct 2019 15:00:51 -0300 Subject: [PATCH 20/80] Adding support for push notification topics --- .../nl/martijndwars/webpush/Notification.java | 41 +++++++++++++++++-- .../nl/martijndwars/webpush/PushService.java | 4 ++ 2 files changed, 41 insertions(+), 4 deletions(-) diff --git a/src/main/java/nl/martijndwars/webpush/Notification.java b/src/main/java/nl/martijndwars/webpush/Notification.java index 7960c40..e928576 100644 --- a/src/main/java/nl/martijndwars/webpush/Notification.java +++ b/src/main/java/nl/martijndwars/webpush/Notification.java @@ -40,6 +40,14 @@ public class Notification { */ private Urgency urgency; + /** + * Push Message Topic + * + * @see Replacing Push Messages + * + */ + private String topic; + /** * Time in seconds that the push message is retained by the push service */ @@ -48,18 +56,18 @@ public class Notification { private static final int ONE_DAY_DURATION_IN_SECONDS = 86400; private static int DEFAULT_TTL = 28 * ONE_DAY_DURATION_IN_SECONDS; - - public Notification(String endpoint, ECPublicKey userPublicKey, byte[] userAuth, byte[] payload, int ttl, Urgency urgency) { + public Notification(String endpoint, ECPublicKey userPublicKey, byte[] userAuth, byte[] payload, int ttl, Urgency urgency, String topic) { this.endpoint = endpoint; this.userPublicKey = userPublicKey; this.userAuth = userAuth; this.payload = payload; this.ttl = ttl; this.urgency = urgency; + this.topic = topic; } public Notification(String endpoint, PublicKey userPublicKey, byte[] userAuth, byte[] payload, int ttl) { - this(endpoint, (ECPublicKey) userPublicKey, userAuth, payload, ttl, null); + this(endpoint, (ECPublicKey) userPublicKey, userAuth, payload, ttl, null, null); } public Notification(String endpoint, String userPublicKey, String userAuth, byte[] payload, int ttl) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeySpecException { @@ -116,6 +124,10 @@ public boolean hasUrgency() { return urgency != null; } + public boolean hasTopic() { + return topic != null; + } + /** * Detect if the notification is for a GCM-based subscription * @@ -137,6 +149,10 @@ public Urgency getUrgency() { return urgency; } + public String getTopic() { + return topic; + } + public String getOrigin() throws MalformedURLException { URL url = new URL(getEndpoint()); @@ -153,12 +169,14 @@ public static class NotificationBuilder { private byte[] userAuth = null; private byte[] payload = null; private int ttl = DEFAULT_TTL; + private Urgency urgency = null; + private String topic = null; private NotificationBuilder() { } public Notification build() { - return new Notification(endpoint, userPublicKey, userAuth, payload, ttl); + return new Notification(endpoint, userPublicKey, userAuth, payload, ttl, urgency, topic); } public NotificationBuilder endpoint(String endpoint) { @@ -191,10 +209,25 @@ public NotificationBuilder payload(byte[] payload) { return this; } + public NotificationBuilder payload(String payload) { + this.payload = payload.getBytes(UTF_8); + return this; + } + public NotificationBuilder ttl(int ttl) { this.ttl = ttl; return this; } + + public NotificationBuilder urgency(Urgency urgency) { + this.urgency = urgency; + return this; + } + + public NotificationBuilder topic(String topic) { + this.topic = topic; + return this; + } } } diff --git a/src/main/java/nl/martijndwars/webpush/PushService.java b/src/main/java/nl/martijndwars/webpush/PushService.java index d9c805c..883ed8b 100644 --- a/src/main/java/nl/martijndwars/webpush/PushService.java +++ b/src/main/java/nl/martijndwars/webpush/PushService.java @@ -203,6 +203,10 @@ public HttpPost preparePost(Notification notification, Encoding encoding) throws httpPost.addHeader("Urgency", notification.getUrgency().getHeaderValue()); } + if (notification.hasTopic()) { + httpPost.addHeader("Topic", notification.getTopic()); + } + Map headers = new HashMap<>(); if (notification.hasPayload()) { From fca63d78c35c305bc17d70f02b999fb95829a5db Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 10 Dec 2019 20:23:41 +0000 Subject: [PATCH 21/80] Update dependency gradle to v6 --- gradle/wrapper/gradle-wrapper.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties index f4d7b2b..9492014 100644 --- a/gradle/wrapper/gradle-wrapper.properties +++ b/gradle/wrapper/gradle-wrapper.properties @@ -1,5 +1,5 @@ distributionBase=GRADLE_USER_HOME distributionPath=wrapper/dists -distributionUrl=https\://services.gradle.org/distributions/gradle-5.4.1-bin.zip +distributionUrl=https\://services.gradle.org/distributions/gradle-6.0.1-bin.zip zipStoreBase=GRADLE_USER_HOME zipStorePath=wrapper/dists From 0f1a2cf5aa063cde2e5328f6241a6b3c47caf5f6 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 10 Dec 2019 20:25:39 +0000 Subject: [PATCH 22/80] Update dependency com.beust:jcommander to v1.78 --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 2418fe8..e31d73a 100644 --- a/build.gradle +++ b/build.gradle @@ -21,7 +21,7 @@ repositories { dependencies { // For CLI - compile group: 'com.beust', name: 'jcommander', version: '1.72' + compile group: 'com.beust', name: 'jcommander', version: '1.78' // For parsing JSON compile group: 'com.google.code.gson', name: 'gson', version: '2.8.5' From 51e269bfd10d37e6a070d7c4383c431d6c57105a Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 10 Dec 2019 20:34:15 +0000 Subject: [PATCH 23/80] Update dependency com.google.code.gson:gson to v2.8.6 --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index e31d73a..43395a4 100644 --- a/build.gradle +++ b/build.gradle @@ -24,7 +24,7 @@ dependencies { compile group: 'com.beust', name: 'jcommander', version: '1.78' // For parsing JSON - compile group: 'com.google.code.gson', name: 'gson', version: '2.8.5' + compile group: 'com.google.code.gson', name: 'gson', version: '2.8.6' // For making async HTTP requests compile group: 'org.apache.httpcomponents', name: 'httpasyncclient', version: '4.1.4' From c124b97b5a9182d171fcfe3fc76426656e01ab62 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 10 Dec 2019 20:41:39 +0000 Subject: [PATCH 24/80] Update dependency io.codearte.nexus-staging:io.codearte.nexus-staging.gradle.plugin to v0.21.1 --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 43395a4..7effb83 100644 --- a/build.gradle +++ b/build.gradle @@ -5,7 +5,7 @@ plugins { // Used by release.gradle id 'maven-publish' id 'signing' - id 'io.codearte.nexus-staging' version '0.20.0' + id 'io.codearte.nexus-staging' version '0.21.1' } apply plugin: 'application' From 6a9d1d1662dd20304e71ef61042a1cbb728d666b Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 10 Dec 2019 20:44:08 +0000 Subject: [PATCH 25/80] Update dependency com.github.johnrengelman.shadow:com.github.johnrengelman.shadow.gradle.plugin to v5 --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 7effb83..9a5ff2d 100644 --- a/build.gradle +++ b/build.gradle @@ -1,6 +1,6 @@ plugins { id 'application' - id 'com.github.johnrengelman.shadow' version '4.0.3' + id 'com.github.johnrengelman.shadow' version '5.2.0' // Used by release.gradle id 'maven-publish' From 41573a8272f3e6a5ca742ea5403311e511e13cab Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 10 Dec 2019 20:47:11 +0000 Subject: [PATCH 26/80] Update dependency org.bitbucket.b_c:jose4j to v0.7.0 --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 9a5ff2d..a23b2b6 100644 --- a/build.gradle +++ b/build.gradle @@ -33,7 +33,7 @@ dependencies { shadow group: 'org.bouncycastle', name: 'bcprov-jdk15on', version: '1.54' // For creating and signing JWT - compile group: 'org.bitbucket.b_c', name: 'jose4j', version: '0.6.4' + compile group: 'org.bitbucket.b_c', name: 'jose4j', version: '0.7.0' // For making HTTP requests testCompile group: 'org.apache.httpcomponents', name: 'fluent-hc', version: '4.5.6' From 3af5d9118156337bffd368a3d61f0e6d6e371327 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 10 Dec 2019 20:48:45 +0000 Subject: [PATCH 27/80] Update dependency org.apache.httpcomponents:fluent-hc to v4.5.10 --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 9a5ff2d..ecbd06c 100644 --- a/build.gradle +++ b/build.gradle @@ -36,7 +36,7 @@ dependencies { compile group: 'org.bitbucket.b_c', name: 'jose4j', version: '0.6.4' // For making HTTP requests - testCompile group: 'org.apache.httpcomponents', name: 'fluent-hc', version: '4.5.6' + testCompile group: 'org.apache.httpcomponents', name: 'fluent-hc', version: '4.5.10' // For testing, obviously testCompile group: 'org.junit.jupiter', name: 'junit-jupiter-api', version: '5.3.2' From 8dcfefc643513ede16a40b88832dfb077238926d Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 10 Dec 2019 20:50:25 +0000 Subject: [PATCH 28/80] Update dependency org.junit.jupiter:junit-jupiter-engine to v5.5.2 --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index a23b2b6..bf1a8d1 100644 --- a/build.gradle +++ b/build.gradle @@ -42,7 +42,7 @@ dependencies { testCompile group: 'org.junit.jupiter', name: 'junit-jupiter-api', version: '5.3.2' // For running JUnit tests - testRuntime group: 'org.junit.jupiter', name: 'junit-jupiter-engine', version: '5.3.2' + testRuntime group: 'org.junit.jupiter', name: 'junit-jupiter-engine', version: '5.5.2' // For turning InputStream to String testCompile group: 'commons-io', name: 'commons-io', version: '2.6' From 240ae1c21589f7e902e03c68994fcae406c7c1e3 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 10 Dec 2019 20:51:58 +0000 Subject: [PATCH 29/80] Update dependency org.junit.jupiter:junit-jupiter-api to v5.5.2 --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 67d098f..dbd2eb2 100644 --- a/build.gradle +++ b/build.gradle @@ -39,7 +39,7 @@ dependencies { testCompile group: 'org.apache.httpcomponents', name: 'fluent-hc', version: '4.5.10' // For testing, obviously - testCompile group: 'org.junit.jupiter', name: 'junit-jupiter-api', version: '5.3.2' + testCompile group: 'org.junit.jupiter', name: 'junit-jupiter-api', version: '5.5.2' // For running JUnit tests testRuntime group: 'org.junit.jupiter', name: 'junit-jupiter-engine', version: '5.3.2' From a17d6414ff1437991f6490f36a7e56ef49a294f0 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 10 Dec 2019 20:54:58 +0000 Subject: [PATCH 30/80] Update dependency org.bouncycastle:bcpkix-jdk15on to v1.64 --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 9f8eb9c..c79e4d0 100644 --- a/build.gradle +++ b/build.gradle @@ -48,7 +48,7 @@ dependencies { testCompile group: 'commons-io', name: 'commons-io', version: '2.6' // For reading the demo vapid keypair from a pem file - testCompile group: 'org.bouncycastle', name: 'bcpkix-jdk15on', version: '1.57' + testCompile group: 'org.bouncycastle', name: 'bcpkix-jdk15on', version: '1.64' // For verifying Base64Encoder results in unit tests testCompile group: 'com.google.guava', name: 'guava', version: '27.0.1-jre' From cf7e6da9207a79fa1d97bee3cee0d6a33ba274ff Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 10 Dec 2019 21:08:49 +0000 Subject: [PATCH 31/80] Update dependency org.bouncycastle:bcprov-jdk15on to v1.64 --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index c79e4d0..2056df2 100644 --- a/build.gradle +++ b/build.gradle @@ -30,7 +30,7 @@ dependencies { compile group: 'org.apache.httpcomponents', name: 'httpasyncclient', version: '4.1.4' // For cryptographic operations - shadow group: 'org.bouncycastle', name: 'bcprov-jdk15on', version: '1.54' + shadow group: 'org.bouncycastle', name: 'bcprov-jdk15on', version: '1.64' // For creating and signing JWT compile group: 'org.bitbucket.b_c', name: 'jose4j', version: '0.7.0' From d11b0715386e6680e708dc969515141a829a337a Mon Sep 17 00:00:00 2001 From: Martijn Dwars Date: Tue, 10 Dec 2019 21:38:51 +0100 Subject: [PATCH 32/80] Move Gson to testCompile and fix deprecation --- build.gradle | 6 +++--- .../nl/martijndwars/webpush/selenium/TestingService.java | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/build.gradle b/build.gradle index 2056df2..d1c470c 100644 --- a/build.gradle +++ b/build.gradle @@ -23,9 +23,6 @@ dependencies { // For CLI compile group: 'com.beust', name: 'jcommander', version: '1.78' - // For parsing JSON - compile group: 'com.google.code.gson', name: 'gson', version: '2.8.6' - // For making async HTTP requests compile group: 'org.apache.httpcomponents', name: 'httpasyncclient', version: '4.1.4' @@ -35,6 +32,9 @@ dependencies { // For creating and signing JWT compile group: 'org.bitbucket.b_c', name: 'jose4j', version: '0.7.0' + // For parsing JSON + testCompile group: 'com.google.code.gson', name: 'gson', version: '2.8.6' + // For making HTTP requests testCompile group: 'org.apache.httpcomponents', name: 'fluent-hc', version: '4.5.10' diff --git a/src/test/java/nl/martijndwars/webpush/selenium/TestingService.java b/src/test/java/nl/martijndwars/webpush/selenium/TestingService.java index 8d0f7ed..a89f9a9 100644 --- a/src/test/java/nl/martijndwars/webpush/selenium/TestingService.java +++ b/src/test/java/nl/martijndwars/webpush/selenium/TestingService.java @@ -33,7 +33,7 @@ public TestingService(String baseUrl) { public int startTestSuite() throws IOException { String startTestSuite = request(baseUrl + "start-test-suite/"); - JsonElement root = new JsonParser().parse(startTestSuite); + JsonElement root = JsonParser.parseString(startTestSuite); return root .getAsJsonObject() @@ -129,7 +129,7 @@ protected String request(String uri, HttpEntity entity) throws IOException { String json = EntityUtils.toString(httpResponse.getEntity()); if (httpResponse.getStatusLine().getStatusCode() != 200) { - JsonElement root = new JsonParser().parse(json); + JsonElement root = JsonParser.parseString(json); JsonObject error = root.getAsJsonObject().get("error").getAsJsonObject(); String errorId = error.get("id").getAsString(); @@ -150,7 +150,7 @@ protected String request(String uri, HttpEntity entity) throws IOException { * @param response */ protected JsonObject getData(String response) { - JsonElement root = new JsonParser().parse(response); + JsonElement root = JsonParser.parseString(response); return root .getAsJsonObject() From 626923b9abd24631f2be76bfa97ba38e079b1298 Mon Sep 17 00:00:00 2001 From: Martijn Dwars Date: Tue, 10 Dec 2019 22:02:34 +0100 Subject: [PATCH 33/80] Update changelog --- CHANGELOG.md | 6 ++++++ RELEASE.md | 2 ++ 2 files changed, 8 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index b47e891..3b511c4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,9 @@ +# 5.1.0 + +* Improvement: Add support for [urgency](https://tools.ietf.org/html/rfc8030#section-5.3) & [topic](https://tools.ietf.org/html/rfc8030#section-5.4) (contributed by jamie@checkin.tech). +* Maintenance: Upgrade com.beust:jcommander to 1.78. +* Maintenance: Upgrade org.bitbucket.b\_c:jose4j to 0.7.0. + # 5.0.1 * Bugfix: Only verify the VAPID key pair if the keys are actually present (fixes #73). diff --git a/RELEASE.md b/RELEASE.md index 803949d..dfa4724 100644 --- a/RELEASE.md +++ b/RELEASE.md @@ -1,5 +1,7 @@ # Release process +0. Update CHANGELOG.md. Include changes to the source code, changes to the version of compile dependencies, etc. Do NOT include changes to the buildscript, version of test dependencies, etc. + 1. Update version string in `build.gradle` (1x), `README.md` (2x) to the new (non-SNAPSHOT) version. ``` From 9ad3752bfe3657e5c31f2b8c277245e40d4af984 Mon Sep 17 00:00:00 2001 From: Martijn Dwars Date: Tue, 10 Dec 2019 22:04:27 +0100 Subject: [PATCH 34/80] Release 5.1.0 --- README.md | 4 ++-- build.gradle | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index f82735f..3c2bd30 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,7 @@ A Web Push library for Java 7. Supports payloads and VAPID. For Gradle, add the following dependency to `build.gradle`: ```groovy -compile group: 'nl.martijndwars', name: 'web-push', version: '5.0.2' +compile group: 'nl.martijndwars', name: 'web-push', version: '5.1.0' ``` For Maven, add the following dependency to `pom.xml`: @@ -19,7 +19,7 @@ For Maven, add the following dependency to `pom.xml`:     nl.martijndwars     web-push -    5.0.2 +    5.1.0 ``` diff --git a/build.gradle b/build.gradle index d1c470c..0d405b7 100644 --- a/build.gradle +++ b/build.gradle @@ -12,7 +12,7 @@ apply plugin: 'application' apply plugin: 'com.github.johnrengelman.shadow' group 'nl.martijndwars' -version '5.0.3-SNAPSHOT' +version '5.1.0' repositories { mavenLocal() From 84a3c284191fcb463d0bf34b5b489e48df1cdda3 Mon Sep 17 00:00:00 2001 From: Martijn Dwars Date: Tue, 10 Dec 2019 22:21:13 +0100 Subject: [PATCH 35/80] Set version to 5.1.1-SNAPSHOT --- README.md | 4 ++-- build.gradle | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 3c2bd30..c990d47 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,7 @@ A Web Push library for Java 7. Supports payloads and VAPID. For Gradle, add the following dependency to `build.gradle`: ```groovy -compile group: 'nl.martijndwars', name: 'web-push', version: '5.1.0' +compile group: 'nl.martijndwars', name: 'web-push', version: '5.1.1-SNAPSHOT' ``` For Maven, add the following dependency to `pom.xml`: @@ -19,7 +19,7 @@ For Maven, add the following dependency to `pom.xml`:     nl.martijndwars     web-push -    5.1.0 +    5.1.1-SNAPSHOT ``` diff --git a/build.gradle b/build.gradle index 0d405b7..737f443 100644 --- a/build.gradle +++ b/build.gradle @@ -12,7 +12,7 @@ apply plugin: 'application' apply plugin: 'com.github.johnrengelman.shadow' group 'nl.martijndwars' -version '5.1.0' +version '5.1.1-SNAPSHOT' repositories { mavenLocal() From 5efee118d8ba9fda2bbef34f72aefd2c78f8b97d Mon Sep 17 00:00:00 2001 From: Cyrille FEUGANG TCHENDJE Date: Sun, 5 Jan 2020 17:06:41 +0000 Subject: [PATCH 36/80] Adding methods to load Public/Private keys from a decoded byte array. This is useful when cryptographic keys have already been base64-decoded outside of this library's scope. --- .../nl/martijndwars/webpush/Notification.java | 5 +++++ .../java/nl/martijndwars/webpush/Utils.java | 22 +++++++++++++++++++ 2 files changed, 27 insertions(+) diff --git a/src/main/java/nl/martijndwars/webpush/Notification.java b/src/main/java/nl/martijndwars/webpush/Notification.java index e928576..50ab0c9 100644 --- a/src/main/java/nl/martijndwars/webpush/Notification.java +++ b/src/main/java/nl/martijndwars/webpush/Notification.java @@ -194,6 +194,11 @@ public NotificationBuilder userPublicKey(String publicKey) throws NoSuchAlgorith return this; } + public NotificationBuilder userPublicKey(byte[] publicKey) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeySpecException { + this.userPublicKey = (ECPublicKey) Utils.loadPublicKey(publicKey); + return this; + } + public NotificationBuilder userAuth(String userAuth) { this.userAuth = Base64Encoder.decode(userAuth); return this; diff --git a/src/main/java/nl/martijndwars/webpush/Utils.java b/src/main/java/nl/martijndwars/webpush/Utils.java index f5553d6..aa625e5 100644 --- a/src/main/java/nl/martijndwars/webpush/Utils.java +++ b/src/main/java/nl/martijndwars/webpush/Utils.java @@ -46,6 +46,15 @@ public static byte[] encode(ECPrivateKey privateKey) { */ public static PublicKey loadPublicKey(String encodedPublicKey) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidKeySpecException { byte[] decodedPublicKey = Base64Encoder.decode(encodedPublicKey); + return loadPublicKey(decodedPublicKey); + } + + /** + * Load the public key from a byte array. + * + * @param decodedPublicKey + */ + public static PublicKey loadPublicKey(byte[] decodedPublicKey) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidKeySpecException { KeyFactory keyFactory = KeyFactory.getInstance(ALGORITHM, PROVIDER_NAME); ECParameterSpec parameterSpec = ECNamedCurveTable.getParameterSpec(CURVE); ECCurve curve = parameterSpec.getCurve(); @@ -66,6 +75,19 @@ public static PublicKey loadPublicKey(String encodedPublicKey) throws NoSuchProv */ public static PrivateKey loadPrivateKey(String encodedPrivateKey) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidKeySpecException { byte[] decodedPrivateKey = Base64Encoder.decode(encodedPrivateKey); + return loadPrivateKey(decodedPrivateKey); + } + + /** + * Load the private key from a byte array + * + * @param decodedPrivateKey + * @return + * @throws NoSuchProviderException + * @throws NoSuchAlgorithmException + * @throws InvalidKeySpecException + */ + public static PrivateKey loadPrivateKey(byte[] decodedPrivateKey) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidKeySpecException { BigInteger s = BigIntegers.fromUnsignedByteArray(decodedPrivateKey); ECParameterSpec parameterSpec = ECNamedCurveTable.getParameterSpec(CURVE); ECPrivateKeySpec privateKeySpec = new ECPrivateKeySpec(s, parameterSpec); From 9c152ecf4496528d818cb3e6e3d35d8210c9e155 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Fri, 10 Jan 2020 14:09:18 +0000 Subject: [PATCH 37/80] Update dependency com.google.guava:guava to v28 --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 737f443..272e475 100644 --- a/build.gradle +++ b/build.gradle @@ -51,7 +51,7 @@ dependencies { testCompile group: 'org.bouncycastle', name: 'bcpkix-jdk15on', version: '1.64' // For verifying Base64Encoder results in unit tests - testCompile group: 'com.google.guava', name: 'guava', version: '27.0.1-jre' + testCompile group: 'com.google.guava', name: 'guava', version: '28.2-jre' } wrapper { From c796be6ec0aace16af521df425dd6135780ce7fe Mon Sep 17 00:00:00 2001 From: Christophe Maillard Date: Fri, 3 Jul 2020 17:55:48 +0200 Subject: [PATCH 38/80] PushAsyncService --- build.gradle | 9 +- .../webpush/AbstractPushService.java | 334 ++++++++++++++++++ .../nl/martijndwars/webpush/HttpRequest.java | 31 ++ .../webpush/PushAsyncService.java | 80 +++++ .../nl/martijndwars/webpush/PushService.java | 298 +--------------- 5 files changed, 469 insertions(+), 283 deletions(-) create mode 100644 src/main/java/nl/martijndwars/webpush/AbstractPushService.java create mode 100644 src/main/java/nl/martijndwars/webpush/HttpRequest.java create mode 100644 src/main/java/nl/martijndwars/webpush/PushAsyncService.java diff --git a/build.gradle b/build.gradle index 272e475..239fc8f 100644 --- a/build.gradle +++ b/build.gradle @@ -23,9 +23,12 @@ dependencies { // For CLI compile group: 'com.beust', name: 'jcommander', version: '1.78' - // For making async HTTP requests + // For making HTTP requests compile group: 'org.apache.httpcomponents', name: 'httpasyncclient', version: '4.1.4' + // For making async HTTP requests + compile group: 'org.asynchttpclient', name: 'async-http-client', version: '2.10.4' + // For cryptographic operations shadow group: 'org.bouncycastle', name: 'bcprov-jdk15on', version: '1.64' @@ -59,8 +62,8 @@ wrapper { } compileJava { - sourceCompatibility = 1.7 - targetCompatibility = 1.7 + sourceCompatibility = 1.8 + targetCompatibility = 1.8 } compileTestJava { diff --git a/src/main/java/nl/martijndwars/webpush/AbstractPushService.java b/src/main/java/nl/martijndwars/webpush/AbstractPushService.java new file mode 100644 index 0000000..8e2d598 --- /dev/null +++ b/src/main/java/nl/martijndwars/webpush/AbstractPushService.java @@ -0,0 +1,334 @@ +package nl.martijndwars.webpush; + +import org.bouncycastle.jce.ECNamedCurveTable; +import org.bouncycastle.jce.interfaces.ECPublicKey; +import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec; +import org.jose4j.jws.AlgorithmIdentifiers; +import org.jose4j.jws.JsonWebSignature; +import org.jose4j.jwt.JwtClaims; +import org.jose4j.lang.JoseException; + +import java.io.IOException; +import java.security.GeneralSecurityException; +import java.security.InvalidAlgorithmParameterException; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.security.PrivateKey; +import java.security.PublicKey; +import java.security.SecureRandom; +import java.security.spec.InvalidKeySpecException; +import java.util.HashMap; +import java.util.Map; + +public abstract class AbstractPushService> { + private static final SecureRandom SECURE_RANDOM = new SecureRandom(); + public static final String SERVER_KEY_ID = "server-key-id"; + public static final String SERVER_KEY_CURVE = "P-256"; + + /** + * The Google Cloud Messaging API key (for pre-VAPID in Chrome) + */ + private String gcmApiKey; + + /** + * Subject used in the JWT payload (for VAPID). When left as null, then no subject will be used + * (RFC-8292 2.1 says that it is optional) + */ + private String subject; + + /** + * The public key (for VAPID) + */ + private PublicKey publicKey; + + /** + * The private key (for VAPID) + */ + private PrivateKey privateKey; + + public AbstractPushService() { + } + + public AbstractPushService(String gcmApiKey) { + this.gcmApiKey = gcmApiKey; + } + + public AbstractPushService(KeyPair keyPair) { + this.publicKey = keyPair.getPublic(); + this.privateKey = keyPair.getPrivate(); + } + + public AbstractPushService(KeyPair keyPair, String subject) { + this(keyPair); + this.subject = subject; + } + + public AbstractPushService(String publicKey, String privateKey) throws GeneralSecurityException { + this.publicKey = Utils.loadPublicKey(publicKey); + this.privateKey = Utils.loadPrivateKey(privateKey); + } + + public AbstractPushService(String publicKey, String privateKey, String subject) throws GeneralSecurityException { + this(publicKey, privateKey); + this.subject = subject; + } + + /** + * Encrypt the payload. + * + * Encryption uses Elliptic curve Diffie-Hellman (ECDH) cryptography over the prime256v1 curve. + * + * @param payload Payload to encrypt. + * @param userPublicKey The user agent's public key (keys.p256dh). + * @param userAuth The user agent's authentication secret (keys.auth). + * @param encoding + * @return An Encrypted object containing the public key, salt, and ciphertext. + * @throws GeneralSecurityException + */ + public static Encrypted encrypt(byte[] payload, ECPublicKey userPublicKey, byte[] userAuth, Encoding encoding) throws GeneralSecurityException { + KeyPair localKeyPair = generateLocalKeyPair(); + + Map keys = new HashMap<>(); + keys.put(SERVER_KEY_ID, localKeyPair); + + Map labels = new HashMap<>(); + labels.put(SERVER_KEY_ID, SERVER_KEY_CURVE); + + byte[] salt = new byte[16]; + SECURE_RANDOM.nextBytes(salt); + + HttpEce httpEce = new HttpEce(keys, labels); + byte[] ciphertext = httpEce.encrypt(payload, salt, null, SERVER_KEY_ID, userPublicKey, userAuth, encoding); + + return new Encrypted.Builder() + .withSalt(salt) + .withPublicKey(localKeyPair.getPublic()) + .withCiphertext(ciphertext) + .build(); + } + + /** + * Generate the local (ephemeral) keys. + * + * @return + * @throws NoSuchAlgorithmException + * @throws NoSuchProviderException + * @throws InvalidAlgorithmParameterException + */ + private static KeyPair generateLocalKeyPair() throws NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException { + ECNamedCurveParameterSpec parameterSpec = ECNamedCurveTable.getParameterSpec("prime256v1"); + KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("ECDH", "BC"); + keyPairGenerator.initialize(parameterSpec); + + return keyPairGenerator.generateKeyPair(); + } + + protected final HttpRequest prepareRequest(Notification notification, Encoding encoding) throws GeneralSecurityException, IOException, JoseException { + if (getPrivateKey() != null && getPublicKey() != null) { + if (!Utils.verifyKeyPair(getPrivateKey(), getPublicKey())) { + throw new IllegalStateException("Public key and private key do not match."); + } + } + + Encrypted encrypted = encrypt( + notification.getPayload(), + notification.getUserPublicKey(), + notification.getUserAuth(), + encoding + ); + + byte[] dh = Utils.encode((ECPublicKey) encrypted.getPublicKey()); + byte[] salt = encrypted.getSalt(); + + String url = notification.getEndpoint(); + Map headers = new HashMap<>(); + byte[] body = null; + + headers.put("TTL", String.valueOf(notification.getTTL())); + + if (notification.hasUrgency()) { + headers.put("Urgency", notification.getUrgency().getHeaderValue()); + } + + if (notification.hasTopic()) { + headers.put("Topic", notification.getTopic()); + } + + + if (notification.hasPayload()) { + headers.put("Content-Type", "application/octet-stream"); + + if (encoding == Encoding.AES128GCM) { + headers.put("Content-Encoding", "aes128gcm"); + } else if (encoding == Encoding.AESGCM) { + headers.put("Content-Encoding", "aesgcm"); + headers.put("Encryption", "salt=" + Base64Encoder.encodeUrlWithoutPadding(salt)); + headers.put("Crypto-Key", "dh=" + Base64Encoder.encodeUrl(dh)); + } + + body = encrypted.getCiphertext(); + } + + if (notification.isGcm()) { + if (getGcmApiKey() == null) { + throw new IllegalStateException("An GCM API key is needed to send a push notification to a GCM endpoint."); + } + + headers.put("Authorization", "key=" + getGcmApiKey()); + } else if (vapidEnabled()) { + if (encoding == Encoding.AES128GCM) { + if (notification.getEndpoint().startsWith("https://fcm.googleapis.com")) { + url = notification.getEndpoint().replace("fcm/send", "wp"); + } + } + + JwtClaims claims = new JwtClaims(); + claims.setAudience(notification.getOrigin()); + claims.setExpirationTimeMinutesInTheFuture(12 * 60); + if (getSubject() != null) { + claims.setSubject(getSubject()); + } + + JsonWebSignature jws = new JsonWebSignature(); + jws.setHeader("typ", "JWT"); + jws.setHeader("alg", "ES256"); + jws.setPayload(claims.toJson()); + jws.setKey(getPrivateKey()); + jws.setAlgorithmHeaderValue(AlgorithmIdentifiers.ECDSA_USING_P256_CURVE_AND_SHA256); + + byte[] pk = Utils.encode((ECPublicKey) getPublicKey()); + + if (encoding == Encoding.AES128GCM) { + headers.put("Authorization", "vapid t=" + jws.getCompactSerialization() + ", k=" + Base64Encoder.encodeUrlWithoutPadding(pk)); + } else if (encoding == Encoding.AESGCM) { + headers.put("Authorization", "WebPush " + jws.getCompactSerialization()); + } + + if (headers.containsKey("Crypto-Key")) { + headers.put("Crypto-Key", headers.get("Crypto-Key") + ";p256ecdsa=" + Base64Encoder.encodeUrlWithoutPadding(pk)); + } else { + headers.put("Crypto-Key", "p256ecdsa=" + Base64Encoder.encodeUrl(pk)); + } + } else if (notification.isFcm() && getGcmApiKey() != null) { + headers.put("Authorization", "key=" + getGcmApiKey()); + } + + return new HttpRequest(url, headers, body); + } + + /** + * Set the Google Cloud Messaging (GCM) API key + * + * @param gcmApiKey + * @return + */ + public T setGcmApiKey(String gcmApiKey) { + this.gcmApiKey = gcmApiKey; + + return (T) this; + } + + public String getGcmApiKey() { + return gcmApiKey; + } + + public String getSubject() { + return subject; + } + + /** + * Set the JWT subject (for VAPID) + * + * @param subject + * @return + */ + public T setSubject(String subject) { + this.subject = subject; + + return (T) this; + } + + /** + * Set the public and private key (for VAPID). + * + * @param keyPair + * @return + */ + public T setKeyPair(KeyPair keyPair) { + setPublicKey(keyPair.getPublic()); + setPrivateKey(keyPair.getPrivate()); + + return (T) this; + } + + public PublicKey getPublicKey() { + return publicKey; + } + + /** + * Set the public key using a base64url-encoded string. + * + * @param publicKey + * @return + */ + public T setPublicKey(String publicKey) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeySpecException { + setPublicKey(Utils.loadPublicKey(publicKey)); + + return (T) this; + } + + public PrivateKey getPrivateKey() { + return privateKey; + } + + public KeyPair getKeyPair() { + return new KeyPair(publicKey, privateKey); + } + + /** + * Set the public key (for VAPID) + * + * @param publicKey + * @return + */ + public T setPublicKey(PublicKey publicKey) { + this.publicKey = publicKey; + + return (T) this; + } + + /** + * Set the public key using a base64url-encoded string. + * + * @param privateKey + * @return + */ + public T setPrivateKey(String privateKey) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeySpecException { + setPrivateKey(Utils.loadPrivateKey(privateKey)); + + return (T) this; + } + + /** + * Set the private key (for VAPID) + * + * @param privateKey + * @return + */ + public T setPrivateKey(PrivateKey privateKey) { + this.privateKey = privateKey; + + return (T) this; + } + + /** + * Check if VAPID is enabled + * + * @return + */ + protected boolean vapidEnabled() { + return publicKey != null && privateKey != null; + } +} diff --git a/src/main/java/nl/martijndwars/webpush/HttpRequest.java b/src/main/java/nl/martijndwars/webpush/HttpRequest.java new file mode 100644 index 0000000..b871a8a --- /dev/null +++ b/src/main/java/nl/martijndwars/webpush/HttpRequest.java @@ -0,0 +1,31 @@ +package nl.martijndwars.webpush; + +import java.util.Map; + +public class HttpRequest { + + private final String url; + + private final Map headers; + + private final byte[] body; + + public HttpRequest(String url, Map headers, byte[] body) { + this.url = url; + this.headers = headers; + this.body = body; + } + + public String getUrl() { + return url; + } + + public Map getHeaders() { + return headers; + } + + public byte[] getBody() { + return body; + } + +} diff --git a/src/main/java/nl/martijndwars/webpush/PushAsyncService.java b/src/main/java/nl/martijndwars/webpush/PushAsyncService.java new file mode 100644 index 0000000..870a7c9 --- /dev/null +++ b/src/main/java/nl/martijndwars/webpush/PushAsyncService.java @@ -0,0 +1,80 @@ +package nl.martijndwars.webpush; + +import org.asynchttpclient.AsyncHttpClient; +import org.asynchttpclient.BoundRequestBuilder; +import org.asynchttpclient.Response; +import org.jose4j.lang.JoseException; + +import java.io.IOException; +import java.security.GeneralSecurityException; +import java.security.KeyPair; +import java.util.concurrent.CompletableFuture; + +import static org.asynchttpclient.Dsl.asyncHttpClient; + +public class PushAsyncService extends AbstractPushService { + + private final AsyncHttpClient httpClient = asyncHttpClient(); + + public PushAsyncService() { + } + + public PushAsyncService(String gcmApiKey) { + super(gcmApiKey); + } + + public PushAsyncService(KeyPair keyPair) { + super(keyPair); + } + + public PushAsyncService(KeyPair keyPair, String subject) { + super(keyPair, subject); + } + + public PushAsyncService(String publicKey, String privateKey) throws GeneralSecurityException { + super(publicKey, privateKey); + } + + public PushAsyncService(String publicKey, String privateKey, String subject) throws GeneralSecurityException { + super(publicKey, privateKey, subject); + } + + /** + * Send a notification asynchronously. + * + * @param notification + * @param encoding + * @return + * @throws GeneralSecurityException + * @throws IOException + * @throws JoseException + */ + public CompletableFuture send(Notification notification, Encoding encoding) throws GeneralSecurityException, IOException, JoseException { + BoundRequestBuilder httpPost = preparePost(notification, encoding); + return httpPost.execute().toCompletableFuture(); + } + + public CompletableFuture send(Notification notification) throws GeneralSecurityException, IOException, JoseException { + return send(notification, Encoding.AES128GCM); + } + + /** + * Prepare a POST request for AHC. + * + * @param notification + * @param encoding + * @return + * @throws GeneralSecurityException + * @throws IOException + * @throws JoseException + */ + public BoundRequestBuilder preparePost(Notification notification, Encoding encoding) throws GeneralSecurityException, IOException, JoseException { + HttpRequest request = prepareRequest(notification, encoding); + BoundRequestBuilder httpPost = httpClient.preparePost(request.getUrl()); + request.getHeaders().forEach(httpPost::addHeader); + if (request.getBody() != null) { + httpPost.setBody(request.getBody()); + } + return httpPost; + } +} diff --git a/src/main/java/nl/martijndwars/webpush/PushService.java b/src/main/java/nl/martijndwars/webpush/PushService.java index 883ed8b..cd117dc 100644 --- a/src/main/java/nl/martijndwars/webpush/PushService.java +++ b/src/main/java/nl/martijndwars/webpush/PushService.java @@ -23,107 +23,29 @@ import java.util.concurrent.ExecutionException; import java.util.concurrent.Future; -public class PushService { - private static final SecureRandom SECURE_RANDOM = new SecureRandom(); - public static final String SERVER_KEY_ID = "server-key-id"; - public static final String SERVER_KEY_CURVE = "P-256"; - - /** - * The Google Cloud Messaging API key (for pre-VAPID in Chrome) - */ - private String gcmApiKey; - - /** - * Subject used in the JWT payload (for VAPID). When left as null, then no subject will be used - * (RFC-8292 2.1 says that it is optional) - */ - private String subject; - - /** - * The public key (for VAPID) - */ - private PublicKey publicKey; - - /** - * The private key (for VAPID) - */ - private PrivateKey privateKey; +public class PushService extends AbstractPushService { public PushService() { } public PushService(String gcmApiKey) { - this.gcmApiKey = gcmApiKey; + super(gcmApiKey); } public PushService(KeyPair keyPair) { - this.publicKey = keyPair.getPublic(); - this.privateKey = keyPair.getPrivate(); + super(keyPair); } public PushService(KeyPair keyPair, String subject) { - this(keyPair); - this.subject = subject; + super(keyPair, subject); } public PushService(String publicKey, String privateKey) throws GeneralSecurityException { - this.publicKey = Utils.loadPublicKey(publicKey); - this.privateKey = Utils.loadPrivateKey(privateKey); + super(publicKey, privateKey); } public PushService(String publicKey, String privateKey, String subject) throws GeneralSecurityException { - this(publicKey, privateKey); - this.subject = subject; - } - - /** - * Encrypt the payload. - * - * Encryption uses Elliptic curve Diffie-Hellman (ECDH) cryptography over the prime256v1 curve. - * - * @param payload Payload to encrypt. - * @param userPublicKey The user agent's public key (keys.p256dh). - * @param userAuth The user agent's authentication secret (keys.auth). - * @param encoding - * @return An Encrypted object containing the public key, salt, and ciphertext. - * @throws GeneralSecurityException - */ - public static Encrypted encrypt(byte[] payload, ECPublicKey userPublicKey, byte[] userAuth, Encoding encoding) throws GeneralSecurityException { - KeyPair localKeyPair = generateLocalKeyPair(); - - Map keys = new HashMap<>(); - keys.put(SERVER_KEY_ID, localKeyPair); - - Map labels = new HashMap<>(); - labels.put(SERVER_KEY_ID, SERVER_KEY_CURVE); - - byte[] salt = new byte[16]; - SECURE_RANDOM.nextBytes(salt); - - HttpEce httpEce = new HttpEce(keys, labels); - byte[] ciphertext = httpEce.encrypt(payload, salt, null, SERVER_KEY_ID, userPublicKey, userAuth, encoding); - - return new Encrypted.Builder() - .withSalt(salt) - .withPublicKey(localKeyPair.getPublic()) - .withCiphertext(ciphertext) - .build(); - } - - /** - * Generate the local (ephemeral) keys. - * - * @return - * @throws NoSuchAlgorithmException - * @throws NoSuchProviderException - * @throws InvalidAlgorithmParameterException - */ - private static KeyPair generateLocalKeyPair() throws NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException { - ECNamedCurveParameterSpec parameterSpec = ECNamedCurveTable.getParameterSpec("prime256v1"); - KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("ECDH", "BC"); - keyPairGenerator.initialize(parameterSpec); - - return keyPairGenerator.generateKeyPair(); + super(publicKey, privateKey, subject); } /** @@ -155,7 +77,10 @@ public HttpResponse send(Notification notification) throws GeneralSecurityExcept * @throws GeneralSecurityException * @throws IOException * @throws JoseException + * + * @deprecated Use {@link PushAsyncService#send(Notification, Encoding)} instead. */ + @Deprecated public Future sendAsync(Notification notification, Encoding encoding) throws GeneralSecurityException, IOException, JoseException { HttpPost httpPost = preparePost(notification, encoding); @@ -165,6 +90,10 @@ public Future sendAsync(Notification notification, Encoding encodi return closeableHttpAsyncClient.execute(httpPost, new ClosableCallback(closeableHttpAsyncClient)); } + /** + * @deprecated Use {@link PushAsyncService#send(Notification)} instead. + */ + @Deprecated public Future sendAsync(Notification notification) throws GeneralSecurityException, IOException, JoseException { return sendAsync(notification, Encoding.AES128GCM); } @@ -180,203 +109,12 @@ public Future sendAsync(Notification notification) throws GeneralS * @throws JoseException */ public HttpPost preparePost(Notification notification, Encoding encoding) throws GeneralSecurityException, IOException, JoseException { - if (privateKey != null && publicKey != null) { - if (!Utils.verifyKeyPair(privateKey, publicKey)) { - throw new IllegalStateException("Public key and private key do not match."); - } - } - - Encrypted encrypted = encrypt( - notification.getPayload(), - notification.getUserPublicKey(), - notification.getUserAuth(), - encoding - ); - - byte[] dh = Utils.encode((ECPublicKey) encrypted.getPublicKey()); - byte[] salt = encrypted.getSalt(); - - HttpPost httpPost = new HttpPost(notification.getEndpoint()); - httpPost.addHeader("TTL", String.valueOf(notification.getTTL())); - - if (notification.hasUrgency()) { - httpPost.addHeader("Urgency", notification.getUrgency().getHeaderValue()); - } - - if (notification.hasTopic()) { - httpPost.addHeader("Topic", notification.getTopic()); - } - - Map headers = new HashMap<>(); - - if (notification.hasPayload()) { - headers.put("Content-Type", "application/octet-stream"); - - if (encoding == Encoding.AES128GCM) { - headers.put("Content-Encoding", "aes128gcm"); - } else if (encoding == Encoding.AESGCM) { - headers.put("Content-Encoding", "aesgcm"); - headers.put("Encryption", "salt=" + Base64Encoder.encodeUrlWithoutPadding(salt)); - headers.put("Crypto-Key", "dh=" + Base64Encoder.encodeUrl(dh)); - } - - httpPost.setEntity(new ByteArrayEntity(encrypted.getCiphertext())); + HttpRequest request = prepareRequest(notification, encoding); + HttpPost httpPost = new HttpPost(request.getUrl()); + request.getHeaders().forEach(httpPost::addHeader); + if (request.getBody() != null) { + httpPost.setEntity(new ByteArrayEntity(request.getBody())); } - - if (notification.isGcm()) { - if (gcmApiKey == null) { - throw new IllegalStateException("An GCM API key is needed to send a push notification to a GCM endpoint."); - } - - headers.put("Authorization", "key=" + gcmApiKey); - } else if (vapidEnabled()) { - if (encoding == Encoding.AES128GCM) { - if (notification.getEndpoint().startsWith("https://fcm.googleapis.com")) { - httpPost.setURI(URI.create(notification.getEndpoint().replace("fcm/send", "wp"))); - } - } - - JwtClaims claims = new JwtClaims(); - claims.setAudience(notification.getOrigin()); - claims.setExpirationTimeMinutesInTheFuture(12 * 60); - if (subject != null) { - claims.setSubject(subject); - } - - JsonWebSignature jws = new JsonWebSignature(); - jws.setHeader("typ", "JWT"); - jws.setHeader("alg", "ES256"); - jws.setPayload(claims.toJson()); - jws.setKey(privateKey); - jws.setAlgorithmHeaderValue(AlgorithmIdentifiers.ECDSA_USING_P256_CURVE_AND_SHA256); - - byte[] pk = Utils.encode((ECPublicKey) publicKey); - - if (encoding == Encoding.AES128GCM) { - headers.put("Authorization", "vapid t=" + jws.getCompactSerialization() + ", k=" + Base64Encoder.encodeUrlWithoutPadding(pk)); - } else if (encoding == Encoding.AESGCM) { - headers.put("Authorization", "WebPush " + jws.getCompactSerialization()); - } - - if (headers.containsKey("Crypto-Key")) { - headers.put("Crypto-Key", headers.get("Crypto-Key") + ";p256ecdsa=" + Base64Encoder.encodeUrlWithoutPadding(pk)); - } else { - headers.put("Crypto-Key", "p256ecdsa=" + Base64Encoder.encodeUrl(pk)); - } - } else if (notification.isFcm() && gcmApiKey != null) { - headers.put("Authorization", "key=" + gcmApiKey); - } - - for (Map.Entry entry : headers.entrySet()) { - httpPost.addHeader(new BasicHeader(entry.getKey(), entry.getValue())); - } - return httpPost; } - - /** - * Set the Google Cloud Messaging (GCM) API key - * - * @param gcmApiKey - * @return - */ - public PushService setGcmApiKey(String gcmApiKey) { - this.gcmApiKey = gcmApiKey; - - return this; - } - - /** - * Set the JWT subject (for VAPID) - * - * @param subject - * @return - */ - public PushService setSubject(String subject) { - this.subject = subject; - - return this; - } - - /** - * Set the public and private key (for VAPID). - * - * @param keyPair - * @return - */ - public PushService setKeyPair(KeyPair keyPair) { - setPublicKey(keyPair.getPublic()); - setPrivateKey(keyPair.getPrivate()); - - return this; - } - - public PublicKey getPublicKey() { - return publicKey; - } - - /** - * Set the public key using a base64url-encoded string. - * - * @param publicKey - * @return - */ - public PushService setPublicKey(String publicKey) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeySpecException { - setPublicKey(Utils.loadPublicKey(publicKey)); - - return this; - } - - public PrivateKey getPrivateKey() { - return privateKey; - } - - public KeyPair getKeyPair() { - return new KeyPair(publicKey, privateKey); - } - - /** - * Set the public key (for VAPID) - * - * @param publicKey - * @return - */ - public PushService setPublicKey(PublicKey publicKey) { - this.publicKey = publicKey; - - return this; - } - - /** - * Set the public key using a base64url-encoded string. - * - * @param privateKey - * @return - */ - public PushService setPrivateKey(String privateKey) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeySpecException { - setPrivateKey(Utils.loadPrivateKey(privateKey)); - - return this; - } - - /** - * Set the private key (for VAPID) - * - * @param privateKey - * @return - */ - public PushService setPrivateKey(PrivateKey privateKey) { - this.privateKey = privateKey; - - return this; - } - - /** - * Check if VAPID is enabled - * - * @return - */ - protected boolean vapidEnabled() { - return publicKey != null && privateKey != null; - } } From 6dd7db820661648797f717b39fe914e0039a0106 Mon Sep 17 00:00:00 2001 From: Christophe Maillard Date: Mon, 6 Jul 2020 19:21:45 +0200 Subject: [PATCH 39/80] Updating README --- README.md | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index c990d47..4225de2 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # WebPush -A Web Push library for Java 7. Supports payloads and VAPID. +A Web Push library for Java 8. Supports payloads and VAPID. [![Build Status](https://travis-ci.org/web-push-libs/webpush-java.svg?branch=master)](https://travis-ci.org/web-push-libs/webpush-java) [![Maven Central](https://maven-badges.herokuapp.com/maven-central/nl.martijndwars/web-push/badge.svg)](https://search.maven.org/search?q=g:nl.martijndwars%20AND%20a:web-push) @@ -19,7 +19,7 @@ For Maven, add the following dependency to `pom.xml`:     nl.martijndwars     web-push -    5.1.1-SNAPSHOT +    ${web-push.version} ``` @@ -94,7 +94,7 @@ First, make sure you add the BouncyCastle security provider: Security.addProvider(new BouncyCastleProvider()); ``` -Then, create an instance of the push service: +Then, create an instance of the push service, either `nl.martijndwars.webpush.PushService` for synchronous blocking HTTP calls, or `nl.martijndwars.webpush.PushAsyncService` for asynchronous non-blocking HTTP calls: ```java PushService pushService = new PushService(...); @@ -112,12 +112,6 @@ To send a push notification: pushService.send(notification); ``` -Use `sendAsync` instead of `send` to get a `Future`: - -```java -pushService.sendAsync(notification); -``` - See [wiki/Usage-Example](https://github.com/web-push-libs/webpush-java/wiki/Usage-Example) for detailed usage instructions. If you plan on using VAPID, read [wiki/VAPID](https://github.com/web-push-libs/webpush-java/wiki/VAPID). From da5caa8cd421602ae09a3ebe558cecec1b7ebfe4 Mon Sep 17 00:00:00 2001 From: Martijn Dwars Date: Sun, 8 Nov 2020 21:01:50 +0100 Subject: [PATCH 40/80] Update changelog --- CHANGELOG.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3b511c4..f4d77ef 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,8 @@ +# 5.1.1 + +* Target Java 8 instead of Java 7. +* Added an asynchronous version `PushAsyncService` of the `PushService` that performs non-blocking HTTP calls. Uses `async-http-client` under the hood. + # 5.1.0 * Improvement: Add support for [urgency](https://tools.ietf.org/html/rfc8030#section-5.3) & [topic](https://tools.ietf.org/html/rfc8030#section-5.4) (contributed by jamie@checkin.tech). From 3a9762469f08c29092769b5aa1b574ca9ccbdb4b Mon Sep 17 00:00:00 2001 From: Martijn Dwars Date: Sun, 8 Nov 2020 21:02:47 +0100 Subject: [PATCH 41/80] Release 5.1.1 --- README.md | 4 ++-- build.gradle | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 4225de2..b9e31cd 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,7 @@ A Web Push library for Java 8. Supports payloads and VAPID. For Gradle, add the following dependency to `build.gradle`: ```groovy -compile group: 'nl.martijndwars', name: 'web-push', version: '5.1.1-SNAPSHOT' +compile group: 'nl.martijndwars', name: 'web-push', version: '5.1.1' ``` For Maven, add the following dependency to `pom.xml`: @@ -19,7 +19,7 @@ For Maven, add the following dependency to `pom.xml`:     nl.martijndwars     web-push -    ${web-push.version} +    5.1.1 ``` diff --git a/build.gradle b/build.gradle index 239fc8f..5206a03 100644 --- a/build.gradle +++ b/build.gradle @@ -12,7 +12,7 @@ apply plugin: 'application' apply plugin: 'com.github.johnrengelman.shadow' group 'nl.martijndwars' -version '5.1.1-SNAPSHOT' +version '5.1.1' repositories { mavenLocal() From ac647d27e80e7860881c4cbc829bd39779d3a694 Mon Sep 17 00:00:00 2001 From: Martijn Dwars Date: Sun, 8 Nov 2020 21:21:26 +0100 Subject: [PATCH 42/80] Set version to 5.1.2-SNAPSHOT --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 5206a03..56ec819 100644 --- a/build.gradle +++ b/build.gradle @@ -12,7 +12,7 @@ apply plugin: 'application' apply plugin: 'com.github.johnrengelman.shadow' group 'nl.martijndwars' -version '5.1.1' +version '5.1.2-SNAPSHOT' repositories { mavenLocal() From e806b4e58c2acb0d2a6f9c889c77f614329785a4 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sun, 24 Jan 2021 20:03:04 +0000 Subject: [PATCH 43/80] Update junit5 monorepo to v5.7.0 --- build.gradle | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/build.gradle b/build.gradle index 56ec819..92ea945 100644 --- a/build.gradle +++ b/build.gradle @@ -42,10 +42,10 @@ dependencies { testCompile group: 'org.apache.httpcomponents', name: 'fluent-hc', version: '4.5.10' // For testing, obviously - testCompile group: 'org.junit.jupiter', name: 'junit-jupiter-api', version: '5.5.2' + testCompile group: 'org.junit.jupiter', name: 'junit-jupiter-api', version: '5.7.0' // For running JUnit tests - testRuntime group: 'org.junit.jupiter', name: 'junit-jupiter-engine', version: '5.5.2' + testRuntime group: 'org.junit.jupiter', name: 'junit-jupiter-engine', version: '5.7.0' // For turning InputStream to String testCompile group: 'commons-io', name: 'commons-io', version: '2.6' From 31fd3ba3f9ec00834f3e29dd80d83eb895951615 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sun, 31 Jan 2021 09:22:23 +0000 Subject: [PATCH 44/80] Update dependency gradle to v6.8.1 --- gradle/wrapper/gradle-wrapper.jar | Bin 55741 -> 59203 bytes gradle/wrapper/gradle-wrapper.properties | 2 +- gradlew | 53 ++++++++++++++--------- gradlew.bat | 43 ++++++++++-------- 4 files changed, 58 insertions(+), 40 deletions(-) diff --git a/gradle/wrapper/gradle-wrapper.jar b/gradle/wrapper/gradle-wrapper.jar index 457aad0d98108420a977756b7145c93c8910b076..e708b1c023ec8b20f512888fe07c5bd3ff77bb8f 100644 GIT binary patch delta 32671 zcmZ7dV{j%+^zMzuwr$(CZQHnGJNLx4ZQIVowkEc1O_F(^_rK3RXYW(hAG*4$`%AB0 z*RQYY)z<<(JO>V`A`cD$mo$i(golm}2Lb{E0|Ejf3gXZtBq;J7~gnOR#-z;l}qh0Lvare3l&r?ldA)QFy#Tbz1(U z!c#J5i}HC@a}-mh7t)5-Z5LjfcQov)S|%69G-)`zwHiOtXfWL$>r~YeaP|gN$CVaM zz$^3=3m?(7D%TK!mj{*+a{I9RCYnYe+Y6Qy^AvKZPi~sp|SvObH1Rld0@jASg+Aai}GfRt9cxg}b_!68k&aBt61UtmZz#mgdfJOWG1y$61?X2#x9Ll-(HS?AoYb+__h} zM{|+}V^1d2CQxs1|Dvb8y?N;7nRnWC3aM|#raQ}nW9#6RN4$`s9sxY+>XPv$KAnrB zC3B9i-4SbCFxs(<`5cPa>%qn|N#NR^e1^o2iMkHW^ukfg>ioWQIa~4kDgEMJa~x5> ztrd*gY-O3HE5#^N9bZSROQO;cZ8#okk4d%@>kIdm0jLidt`qWWHUlBwYl$d_z&i3z%HRSW?Q@7#*qhFkXRb6!6S+HyrKzllsrO*T<1WxIQaB4`4#|?9N zQT_|K4n#o5tuezmEI%1RoQfDenqx~acBjW^Fpp6#$cwqM$}?D)tmxN4#X1xZIVr*r zpHEMbkLiG^3*CZ4NQFRqY&qklECa#kg=46ddDjU-oT@4*4CaTsjW!3VL0iM{4_3z9 z9uAmdYV(@9D%T*in*ygrE8b`KSE{4a3s&1w18PDV@5@6PAJ|=%`Yy4DYn~SO!}SlE z5E|6sal~jKfFA2Z?i~aL-#z>)zs8KP-;WF?z9%1Epr>Pb7HR<6KDO&1o?P4JN$F9@ zryDNWG%Hi(=dF%Cyj*HIEuKd0u1aaw2K_Q;oKZ~LlW2CasTj+-;?qpgC`i%>dq|&J z0rHcp9V>a(UEixc`N~k}Q@h&GnG)H*eHSDe{I@!&mj{kC_DL)%VkSRYdP z7F;@BD}lSWytUY5Xwo@^yyZja{?op0(zDXOVNcfT`!L^InwqclD0#(Pnd4Qv)mz30 z5WG)ruS}|}^kHR2fYx6#_-h6GsJTgC34BZOj4M)S=4NO|3h@@x_3y}@&C-))5O~Ow zYrmEzC`9%KIh=>4N+-%|Sk}+ZkIfG{Kx{O=XhsxwhcYz7faSwf29ZTrPBDcjp^%)q zhM@R_zD*DsYTpq5SLlV_Z?Jy%4?HN>iQ_NKAfgP=kt~&5O?u9&60R#+$&5zR9q3T# zH}el>tK^5yxA^Bio^HrI$cCghrIei4*ju|jddGawCea5=`aEEMwelbHbG>-{Cr~_9 z^w(=oq565L8?)$61k!U+K_E{oc|3w-gW4Cj3kqd)pV;CaIU?$IDYghBj|;zqXQrS0 z5ep>V0A2jTtaSU_B66|$u_EOZK9EPLH|O|BF}Eylx zG%++%!c(a$6L+_~K;rqPYW2{%_~YEiAH8YY+4~OawTfKxxz79-(f8Fk{>I49Hq@ae zK_>1uzF|qi_iqur7s7xEqV6(G+elO#6`nkeDwlqYWGI2QwGCB^Z0K_ZAI1JCE#dbfB@&&lX;hmRy*uVd!pDFW`xGCXKlmCZymVuMW z^8Y8Z>(Kvc^8aY3KQt_~gr$|KhrN5s3=R>nOmjyaUlZfsjy)IrG?bbQO=|nEc1{Sn zYOU7NI)@+|8=5o~lsdkQV=nui>q9H>Z~V`Fb>q)sWhG<(i&&V|tXD@>OEdWa#- zdOvLcCL6!isWIFG>@a+mMuLNaRzrRu&#bdh7ktoo@O73M46+a9;bv-wp-T~;F#VUT z&{bkN?;U0r`)Gi^(4W);leu~pccd8l-b)C6NvlRzraEz?1`P<_+|9T@MgJnD%4Aak z?P3EV085+r9!pg-8`;x_N6CCo$;5t+r0LlBsaymjx=9d(IOH7MV#)ckLQx}N=ZQ%? z9siU`J#+?YNvKLM*BCYcmzqM`s}Hl60nR90J=oV3v8GMuC7@Ygll`I>%E|9y`+ef2 zSO>;_o)XJJW5aB5}_CIt&(w!9XyE8nc^Yji{j48A=Pjy!1$y=7GP7@Hcg>XsLp_ z+RyzjHpyz9?=XKTV7(zP<$3T?9Qf&&q)DjxeL@ zwp%uW8pLF=l7~n5!<%a77_#M-QD?2Z^pGTD>0Z6{<6TCs|wzKwM5ZD^rA6&e@+6gcDcS@K&Fk&9x@^*#*fCQ-Tp} zyzG;ag_l1J5#eizx%hg+7JCWc6v#`<3>TbwM^%`O8h31BRsEJWv<|oj{8Ke47WD4P z1u1vfmE##UBifNzwJUOG~jr|5SCc(R+AahPnYdBj~YY3PN9SOwj#)Na<;ObMo$kj_g(cqR((l$;Bpr&3a4pDKeKHvFhT_ zZqe$vosEk?#e&#~fv->k^{Ozlq0oeS`04Ne8{-zcm9827L-heD5Dn5y(lVY_B%%g zlwWLP;z~%zMflALo_WoE=e3*}A^ik?L72cWOL{L*7w0n*J!_NyBKZR)fnX*xpoj|g z2HSZu;J|bj*%@OBEk)2dzN!ieG$*??HwcAC_O6BnRRcy;ro z-R}yutaS!3Q?!R}ExuZ$f#&Ctg2Wy(F4NthpOfQQ(HZnO7 zvSil#`Zaws@RWJYI7gUurg2Mxk$kbQ27#E34}K8g^sVs8r7qHCK(J+-Vs;!mqlU{)b>z3`Hsq!3Se%$BIfX-*W8-qqqB9K5 z@j-Tm(!OaR{9cS!^6bcfI6^(z5fPFb@A+O8(Lq!>@c+J46d;pu2agV?Rh$eYwA5k>Q^H57d4CIAmkK}awq+$x0UWvq1THR#rf#gs~vx8AFj69zB zn~A6!8c%y_m)vs4oc|h6QZ7uYpAm7O+@9*iJjSORvgVSp_c`-L578&scbd(QUgLM1&Ci;6&xIe{cb*vVu88jw z8kw=^&hLEsIl=6+K;mhh?mH&Js1&GqzBlsZu=v$uvx_6 z{1Yi7_C1&8C}F9ZA=(_Fw50f1LD6)k?GbpEWK!R_F%8p{*>@GC)m|@g4vT1C?9f=d zKbBk6s4`&8=M+<`8#2nAjge^4;gFY5r_L@b)}_KL7@Ed3DteSdzB$vg57n;f-4v(x ziJJ;cb5irEE8In>c;rJy1U~wvaeJR%^{SruhH=BHg-pfKannBIhUEwn>|>=lp|Ww& z_evh8kjhSyx2b81*QsGjojGibSR?K zK>H!RJrmvVa;|I;!@a)#s=FfkuH8jjJ}O}(-HINQ-pZuopYdK=J9sM_oo$RX6;869HP&xK|&MSY$*;4tB@y=I77FgWB+LqFmoz6B6*O z5?)`zh4ZntFo%xf1MM>Xzw`XwFfC17$7dE*n-VY$%Q-jM02fJ_i)^MBQK6=7?vt`Q z)h62|3HS;`&*2F4xSU4{oKZeMHcV7!Qnw)%Zw`yzE4#xhM!$bSKJ{@IG}}f_u9`}j zSa@i2I6jw-DdVsG3gokb`IloV$W^MZ%IX=($Wu#6X-2U~{3Fp~cuW^M$x;5kwza@fZo4JV{01~^%FdBA5{Gql#@{>liyLuvSu5R*eNwgZ0-@S_0pX@vEgVP zL&H=X6N{e9H!c!!h0NE%7hQ%GHh7N)wWC?p4IM-JX!(=bV4+LH)%Vzt+T0mxWEJ#q`}FM4_1m@#nmls*O@ zM9H!Iz(<@NwweXq><%$9|BPIbiSA4QDDr`ZLPy+SF7+B#g4RKM+1Vi){whSMQYMz? z5hDuqbdaq}fGRAJC_dXEs*AgZ1r*Z2+MLpfjU#(j(4i}Pmh!e;m?}qpVpj7|IE|Kw z1XdK7SiDri0_37V(IWJPXdF>-suZ$%bd>`r5JUfs$(n@1wL^-y_z5o{HeUo{%$^@r z2Id$oN4rz{$f!Ho3=4g71GjuY%=fIIR!p;CNSfpJEO886pz;BQc=cS@SFS|#FUzx4*qH&!Ol7M%Z)lo2R5AxxEhgts?J&C#u38@F4?eV}dX+=5U#M*V@IGy`c5 z{PXU(#wo;@&0=nIA30VcQ0}a8eI@occ{*|Un{?~<0#B}$#_jQZL=zcG) zf~WQDE_V;{6~GD}NtaGp;#?-2rj7$wC>6%H9KCxc(#dZgD#g6487DkLy!fsfh(Lsu zgCt_Xu)qYWcQpP{A~U1AE*Ul}$`i+YKb{*pZ`{MwQA`Kk18zmN9iQ)iulWueS8$v# z3=9GPo8txe!Voqb$S~}#gdt-Gen7q$>~DKBIP>8pK)hbGJ1SEl5J=zG3M|{9qnKDL z*p06aXIts|0k z4!KylLe=(L}O%wXei3V@^1gLD1 zQeGty^uZa?PUMyOIMVj&#rRQ-khOchDuM*UiM3Pi;ZI#Abi|kf6-B!ztK{}u?)^Ot zybq>SM*X}vaB~HDpO`-az#?4J8R*2q17WpvG_TEK`?!B_y5MOyp1_^lJn1%Ap=^iB zCEafGBamP>EYY=Aq||8dMOAz^y@ttxx9(jNI1e(jFz!sv*pL=y?=Gb72)-QL-t*u; z#J;NY_!aQ5l*$Q!3Nqtq6dfC6)tiY%=%~srAXBC z9IpMACuxBTHE(Iq^}^6~^WV+(r+qToPT#RXnu{Ep&$dPZ{x+1%b@4yonCiQPjc8Ne zJp8L~*hCmT4?};&k0mFXgxPZEa*Mi*_veOJ3v=TOF{LNYv3S)zHdBF)ns_5s>>mSa z+5!Y)g&Ri}{$9kx-^a1L@%NwJ2WXbSLX&IE2J>^jQT!}_p=*H$wXh24-h_pS#XyJ> zQ95$${1e1D;P#4uq`z#mj|N+Mp#y1}W6}76-2}_h(X;ADUWWml*#>&GoP{zCeHtAT z4_$sJ+=HdJ_%KEq2ZvGlQuyigG2p(7NnLlCqbmYGr(C8>fevTN`lW$N(jPlwO`p_@ zUUQL4Phsnzm#{V8Q!c07isH!BJ1NLmt0%#&+TxvN^FL2lIiqN0NYgj1eV083QUQRx+t;P>OEK_f-9Y0e_X;@udICoQAbbSw$ ztT}Y^(f&;3sC(=Ja1SkT&Mn`$m0gstHE;U*N;+tc+T3_5f5b;W5~lUD6=av^M08|i z2q=$X>SdI_6qHjkFGAgoajYsYmzy$|avRkEYjo5CjrLSkwP_2|JknySY8j!iS2cSTK)E^pt}IcW*aCb^Pi+;_e4S*Mt&BH3)B-GRH<$eL zd~=rFui)JqHBsRzY`5+)9NunamX(_34R^JkmsU>I%g@{G>Q+a?Xv88LJ~t`7`=fV( z#T}NLeWOC}9}Y&O1z8gBvYU~wBm#jjwB9%dJ2LA+6js8VsxY?vzc_FuI3ig5Fjn|& zaX5k8gcU41lH~4S9ze7huT?j_b(8>w@j8UHXT+w8G(L_TnQv}eNZjDC5n0A%|9 z1c<<#u?xcJ;cSS85_Gv4wYzN$1=nnSa9T*50+1JSYWzP94B1sp7Q*nb)qTk z`8%wM6z_9>*?jR?&@093vw)@vlc;c*5#{S6;-~E=uEjdPJ9_|9GDec-hQGx8r1Ue} zht3fH#nZE!1|0snuKw88Ipn90cU5%GIrcerQeLr4zbq!ZidNMEAk35g88QsmU%3zi z7a&{2Oz*CyGs7e@hp@^#F`9gJ+Kr3TfN=u;K5LQynR2YqB&JUeXP67xzJg)y{PPQP z7J!7#;_ZU%oSpXuCOV<2ZhY^!0l9C*F7*KIst4Z7VA#{WN0l+)V`xE(wu>)-M58GsN=C z4{K}%)7s&a=EG%iyFE+pU;E};z{1W zc|wT?*pEt}yu($L=%#?CxUcvkt)4}x@r5d%syOB}anLGQ$i*z7zi)$~(}T>jje>dM) zK$8OnGiWhKgiEPx?_?GFMV1CoMjAB{P;6jCpL2Mp@*C%CTw6voTmDGTok_2w{wuk|8XA+jwaB3Qu$gY zw&Vrk3v%-Sr2#*N1aP6##^BNE6yD*_RWmHZ_y|DIgn)xETpX6)E%dzolnR2c8*cqi zJHPkdZa$U&eSZ^!5DYfB3q)J%6&~rf%>cZWq%n+FoRy>r<|~IYR&IO4f$+25Mh=RS zx$5$wjFN3Kh}b!-4ejuJd?ptwp0dMc?DmARqxllD(nRsyE*_~5Csy8a#$~vHV9G_+ z<`@|s3iyQdPv2m5;`QneisJ>Wz?*6en}@n&_nIFGNs(hn&s4*$IsX1sIQR8+k@bC&*S#z(s1@aHA zhM+QEpyx!ZgJsiiKf{$2w+xFx?WyCm<`YKt5!G&so-oOv9nuo~Rv{2eT1_q_f6A^{sKb-#J!`z(y@*>tB z78@Or)I&B?*}iwyT){CYC?odrMJ^bfPWVJp>?c}%Vts3Wfw%E9LX`G}$l8bmBc$Mc zJQOCi$g>0R@9hKNIX!n0tIaV>?Du5#xZbdPsOR4jhN3es8)1^*dzx^c_sv1t_timn zRVRPF(+0ZCpA=SA>-w}Pf`-K%SDDHQ|0rV%*nYAZa%nCtk3!)rV;eHpk!1JFY}tZ0 zgoOv1n4nca0*QL@86e4alY@v4rJ(|23vj>T}oe_Yr$(6El&l6*l`awSxYoK9MLQ z!@)Oa8nH1JOu{NOv>EW(|FqsgA{r?$d*7;6ChO$EqWbeq06j8mUlra?ZHtpmQgshc<`mvM zL-^|#4lts!X4bCi&^#Ke9*%lQW%mc#1v^Di`{FXNq9Pj?^Wm*3G#`8vbkaP`YvPcQ z=QIs^E~l5vf0H=>^Nd$5P?~Ea@Z>D+8DClQcj8sJ-0gAwQ{nzMyjDKtBTCbrcKSMP zrn0%8ADHr6+p{<~;q|n%p^uwGd2^|D0x`TioxY!ewJH9h6K<10N?!`@8^#K$yHJSy z7gcGZC^v+!cQi?m5~oP#od$d8Jk8x_;)!o&h3+Fq6?VWpVr0G{G09TPUvQ2-Y#3pz zNXafwmz@MGf&nCfnFK5n!svtLcZK&dluXn?B_M9J^S}QdQB2uUU%0HTV24qd64uCT zDEgxQuTUJ0Id(P|3eHu7ok45reZ8}i>Wg@u2IJ`nYLVM- zoEBcYSY4SDqqtMwf_LPuvjWvo2J+P>2{;<9rLUh`Jl(;^_D*Nu-1jC->Cvl+Q={q+ zct9dJ9PNME(R(BH8nN)29ELqnJ9o8#l^W0W+{f)L>mBO$PMm}{YRk_0ZNfG`1i2FqgZ1U4MM^ny zK>~zjxk;$tcG%p&+B_FZ=#z4h)UR8LYUJE6dk1PgW{(#vkPDFb8at_ESegWh9 z^GK?r-{HgWDTK`;XdP>1<5eChXw?^fLXPl?zjj)p^K2Fip~ox4io;981&B)qe!CRU zFR`>wF)g*9fQJwbd-o;aSS-*~ypL;Z_f^D0c!@kIUhhSLm+jSYstXhrASRoJ3cL(> zyfD>F7o4%9Js(Tk+;oLWL+pyWf3XWDmsr@BZIp``qBRwUee8ik`Er2pyL{diM;o6M?x|Q#gS?o2E9%PQcKXpi>%%4T`8uEn(TakE%P%rx z&#w|2Z8^TT=iRQ`=cS{g=mMM9yax(E&c7W&2KK6;&DD6L8eNaee|c90`)RDmjp-RA z#xSctxb}(-(reDRPd2DM0JiB(?^1^Cj_>s_-;O-sjPAzqzr0J}g1BkDTcX3fW1=Cw zYl1tfbQnNy$HC!5Mfzrw%k%?8TVM2#em)w>^Nn!a3)ABJlz#a=#qcVnhJF)Ugm zkEwylla+HWaF|?tyOdnSmLVhJYN$Q+|sjzP{laet&N7)p67^QZjNq6LMzjQJitT~A60G#Ns zf*Z_nJ2&?zm23biWpo)w9sS;-GlMBEv>vzOM-aX7c2sfJh-;jqGt#A`<${ic>t!{` zM)xE;420yg%wyT)?AuF7~`@rw)ekpDMw2 zBEc?oVpmtAL2d}GFzR?fRJA@;+l3UVhTlvpCg=8ZzOHM(mQ0WWIC3P{lLDLL!t{qsJ~KgS&+d)cyB zh?cQr|KAzI#1NN)nH|kqW%f#?zcZcdMS&v)5UpPV#X#BHIn1LIrJ*0)L1T_DOyKgp z7w$H2KRXz)9l?-HwH>0K!c;ASm3+@q z=H?N7Uh!7CR;0es8Jb{3Gu8lzrRlxLtNSQwz$%)!)#NK=dsglhCc%cYV5FTnM*hGN za@VP>0jWvXJ{DZ26+(;cWyhaWQLBw}tBq9?BX-7>a8&it)g{|7v`Zpwvnw(Gb9Zgc z_?BupxP|t!GlT4+GpnL>&A8arATU{_(cLIr@@J66AR7E=%4R+oqK?=e4N6YBDK? zkKXnq4y?S`87rM?<`&E}UVM)hbr1GgK3lnm17dmN5}uR1+64#jfq&WE@1_}(N)7+zu>D7CbVi;c2r{&Xu`aTmi~>{^VE zKM~ZJhRidclMZFtfUzp2IuFH)MXqTM;FV;~ML!5uJZ*uQOkHL`eO0FQu+Bw4Q^Xa~ zhmp&jr2l1VVSEFc)9cHc&POE1q#>mnwql33G#3We6AXN&1D|AHq`DEm^%;MS*8{3}Xu%9jWg;AcULO81g}93PN5ms^1^46H>f#wX{oYe6AP= z{bM4-EO^q5sX{Z!>8D9!gldYTzZ@#Xq0<-qZC4bq;jq$vJ$bCK0_D<}`)dcY9nE!s7#~D&UmsG^CZF2PN-Ix#PLWjk~SRK$v zNJAk?^RAI{NL$#it{H-SRUGQ1`>xV_3v?vQ*6qa>$Nq}g^*JqS)kzCp5x=TS1~^%9 zZ|pG8vKGw$%z1t9{_TJJt2p<4RulnRJ0yH+3eMn|yxp6KpOb^Z9S@AfDy1YyLLG_> zEn%}L^>K}r?ufW2yEUGnXFfPB+a@?WMZ$&cRgmH~nw!mga>h0qEa|cAMQboi)}Ho8 zyoEhzQ~2ygF`94QB{_=oMsMitB6vGwRCw3Q@2?|J?d>CA?G4FUM7cdW@tX3+-eojT ztdrRn-0syL`YYxQgaH!69E6bi%SfRM&EON8+EP>aYmD)2GcUsmQymX_=NuHr1Da9@N|H5MK<`bxx|YlWWSLr!H;l~?3)?O^Go=4^bLY%Vgk{NXCkRG5u= z_Uu4kwp74sn-TXFaHvtBR@pM$c#zrFG7rbXZCbTZYatIX+WU{s<-QKgI0eNotJ|)8 zmtceBl(UMmA7qeGGhNJJ_{4nyqjEtfWv#6_w9=diY7i!;qwzMWUA*f#Y1?uoGnKm zAU&nlrd<55ED%kys<^zJr!)FCsSU|?(G<48-BP*1fWn4%?u$q|4v6GcEt?@ZR6&uOd=H|_Z|N&H zWE(W?Hs?;>?RMXYWx4a@``lT@XPdL)kSCjH4Pq(H;joo`A)z-JRa+k_=$eq$UXp!Q zYG9w887tDV6N{%6UAR)kE3Tz5RDmfF$qKpUk`k=AUTXr+JwF@=*KU>*tkp`p9)vJC zrCnx10PKNC#}Ied*W)(Jt}_Aq58gvtF#b^4=?q$X_k$N`-m_3)`p4(YKW$>)OF|kC zWnlV48mHZJLK=_rLhcQ4QwkLC>w9YqcCgYO@Wb`T+`&R*Cs*IlybA@2NS%O)bl2z} zAX9$H3?^h1~Nz7UxeclMSl0q_J!?ORq6CtkV%3R|Y59{mpDO%io=W8CO;9 z1PcakRgRD^sn%y=&2CpFQ*2A|?eZSszzJ3WM|IhGv7W59rvIF_$^q-CN>&RXN7rH4 z9stk#!NI$$Iit^)Ugi^Ho)vMOZ%!*+QnOvL;rRpE6r*&y@WH{EWc>nI>-Cw-h9_;R z3`G)COSXnO@NuCnRrwXd%0z=PV@bK9yr+$}r`gx8)ZwCd0AAGo?vTpAmTm0;w7J0X z(s}5FUjuWtX3pFgAndPXi4HX#tx(jTE_cZ8vAyAquXRe=unh_W36NBbxGCnhpH}^li6%qg+o;c$cU3;f2K4865lf7xyN*7~CV7fl~=q zOUSVF^ir~)yqCU09{+$+V>v?!enJR>p6;C%LghE*)^fobF^pD*_!cX2`> z|GodAW5puK6p1R((C`~a!f+U8>Jo2!zXtyA_`!I13Ac*%v>C%Gt+y7y>JSOu}%rYFS6@8xuD)D$uro zy7f^=<_G=$FW2(6aFC@Ta9WyGpayojLc!)C;#*hM3{2ZfmcD^3cnqPQsu-cVZ`Mx7 ze;o)l|3G^ER%*DF(c%q8ueZH(2G1QOFeHyCyBXX+PnZ>I1-6-fvGANjis#dSv3hXVyZnn#4OtDn;|#56J1;{18^D22(K`;iM;`ik6ne)GyF(4TR{^_|fYwh; zJ|iew8Hjgd2J46gymEinf|s6ZU7@R?!C{fZK-tfusm>?u51KW>BvDZ3Q-oa6v1<$?8=^U&paxqcwB zGsD$R_<;!fZ68GUdU&}Qjd?&c*_8;f{usm-9HaQ{)sb8oSlPOS@B#KJ3nP0T2nBz- zC*#R0Hnb1PkdBgu;s;e1LCNtA5B(Ddqbf?yB@D}_(Ui8tbX!J9=7<;U$`kTZA!pTa zh-#tCLK(hEnqf3<+CdzCa7$@YoFbLh+77yF%w6{?@*N{3M8f3 z04HT`1_mhW=;m%}Z!d0RX>Rwwst?mr4VBSFF~aw3I}E#b#25ofiv8vF>Ga{UQATlO zW2q#WSrqRbb;6q)zb71Pe#o6V7bJ=oN938mRL9s`4e_gn_^> zFqI*4aF=6C9VHc-iF=W9dcJ5^1I|Pd*>OBzi0aFGKfMtbAlS6ke`L>X+E#~|KwF?3 z9(vnlD}NoUf4-)b487Lbrw?$`Do|lmrs>-mJ?O9broZjcffN={yVQN(ZgBf|$a;Oo zNaJh@u>k-{Rf|mI#1&>8mKtV+x4PJl_gBNB_IhRX%F{vF+vy{}#(>lQR;%-DLZBB| z`DaeyDsZcv)^vR$|IRt{@_|}u$5zlX^DYFzrdrHOKLSaUpgj2C9rJ(}I)2?c(#q`) zM~$D+k=W_UYCUyOlN!EeluVq|&$81(QV6T(S2Bb>0_eFgo^>H7>?Q%8`ws-={H9uf z2b<;6x^1hV{zUT*csm&>mE&Q0l&S%c-IUC7NMvaQ3 zrn^R1gNiQP+9AYI7K@Y+7$2@*EFSSFolz4|;zLZ9s(9m-UowFo7<&EA(dQXJBr0*r zf%2jzT#9uDsf}E*IS4j|L!?40w7C@pF8m^5!H>onH@uTRjUW2fy@fXAg<@)V(#<1} zrg1wuh`kaZLeepNI?*79CZf02L`>4nx~%d1kzg*46=lSTTjp;PD)w(=`$lij81RwB zny5Q3&tCeU_zBCyR5WG}t{!dr876e-zqy*M5v`j6pBAX0T$lfUL3`{8=3IgS0>Z?Y z!op1jtkZ?{*H~Q@rf%sq^=60)WwA$+A)z;w1~W@Rp}+y7WI$ZGlz&W)ok82{Wra0t zt;1}qtJ4GghslQL!F81sHgubtdiogv2fMnS9qgWf&A`Ai#eZl0S(6k#Fz$<~1Wjy!|ZOeQnuTC-x#9dNIDt9Kxu3EyFJZmLMbCo%|AUZ4% zz$qn}Pi)Fsnt^+?7gEo5PCUEcCL!E!Db1>IaY-z{_b)OobdmifAL5RkVQWBCdSQTC z+S8@xi#4U6*2}o$?UFb|0QZPygjdREL{%_drb{|I_23>mk91ELS7Yhzk+?f;SNfC- z1ZhY+>k^=TuNp{y#I9EC3+N2QgMY!j8<*aNmvkCkqL$y8{ic}s3CiJopW1AfQ2X;zkr<^;&jWD`67 zlRWJ_v~(MwN|R4&sFl)3yCfb_nmwIP0)2CSWj+mKckpVlIi)_oQ36GdraAfrWYQOm zhKN&PiP0>D2}-#~5Dk}l2eoa!P~#dbmhcZ{w<4vkx@X!2FWDXSJXFcEI8qdVMIJ9# zcJ17bJXy-e-VvSP$3(><%xS z#Z=t=0EHi$;+EysOe+qm+PP|_X`6&>O~LfV9S1$lH~ZFqy-o&E zhGsWnPYo2=m|n?{PyJRXV;2W7lVj)FA*MVzNq+VvsZw`&&59}|C$_W5qQ><|1vmt2 za%PMkC4Jqda7XI{-?yumk`iOs9Wtq(VZ)t8#VK`YrB1g7(Az>lh=xXUkaCYOl|1I( zxoGPlyWdv$lSXJP{%Mk9iPzr6l-!!7)dgr=_8BT7OqxrzTu+kl_oxCMJC#|LWJ9QK*pcB5jEZ1-Lw}DcGby3V3jwPSaXREW8e^plYGg+$~ z)hz7rbm!P^$kqus%`nu~PEK8sX=zoO=6STe*UNPH52p`AZ7?n;;~67%m^3nChWWTb zIh!3}^acK(VREuky(0BOlgB(cLgs_?AaY@x$vSjg&?Q!jb zIkApm>~Rf??OTM*B_1-|)BX=W5$6y%AE)yMV zs;yd?jw5p?zmeef6v7{z1T9XfRNP>sE5s-q1a1$DfoBivU@8H?VRn*PgJIpnc*Lqg zL<1T?s8M79#o zb6matQb-hDh8lQ7BwM{mu2agpgv))M8a9fZ7y1Xs4unQ_x&99F)t+@9YdKmnSvCq} zWZ%Y7g+sZKhjHuf*OdJp0PjYLO>y%kDm8DkM$b23C>poD4yIR?Liql|QIc$)^%RSq z)V7NYGm0;_F=`3d9M)ol02L{xMYV_T3dmVP8c$iL!3~VfmuDLURWl^RVn2)&CX|4s zC-lHGhEI`7<|lWtH(yv)SL=ocP$nyegE$%V;Br##=rO(iKb3t2P#s+oF7EE`?h*(Z z+}+(h!QH~egWJV5xVr{-cb5P`f&?dckax-M{{Nrds`u&*MV+~Qy1yeMXS%1S8$35z zzVrlIb(?W|5!#Ijv-_P{vtIT&*eSsi0gK|mt>ov6v?{0MBk&yj=E}|r%)|ipMg*M- zLrJR29>^6U@}2~fI^JRemP>AE~bIUkiERb$icyUp4Hw;ELeo*LOG)dqdQ zspOF}fsm2n44a?cDJa!-vYI*{SEYxMi!W?6BXP5uT2qN_HSssX!{wnnm4{uuqezwx zJ+6GRNIt{5d8Zl99Qs_J~HFSlOwXps^$#zt808Z0Va6x^@*29${ zVH4&Siuq;DN~9g{Dz0H>;gMb#gPC^AL?v#%-hSIXNmi_5*CeDb>>M;L7Db0Uh8$II zZ8L4aq}07(^x2$OT-QLu#V$eQ5t3Z0r5kG7IK=+1`&7l8;x#uvf71E;H8y&WlejwC z*&=5jo|!FfuCFHDfG;O55jz7HIR0x%G?rH(ZBcR)j^#FkeNE^`$rNN?F>Bj!aE2BR zyCXtQSo$Q*LUCIbpAmc4H6buhI@zucfQ>|9nnmQTY=S63p@k3#QVGgy7)L$dPdKP; zwb7WfU;|hh^}W4Y`egf!N!Mhl2QU@co0PE-_iF zAXNPG=QbX5ygr`PK=B14U)M0J&12nU^?5npO9CKd3qVr*ZvKAhkuVD|)+HwMLl^z< z%Idje5`ZT49RHG7d!AaSu)jog{iO3%z@-6`JGNxM=zG!DSMu5yqkdw*!XfFEQr63$ z5d?x#=3^R8rYUi79WN(SPgH`_$RX(<=R2*cQE#BlpdOLGi&KK0;-2H`q6M{g=FVn+ z`~uSZD**cid#?&_Bg-6Cv#NR)Siv!ijdfgcM$cD!31tY6^c(3D+LXkYPMkFE2)g|| z6WQ>i1<^ZmcdOQO*Q$Vx#Vpw#y4nRVy7G;4XgM_3m7^ra4fkB`+4sd2nLf~mZ)a&6 z2$t%Td!gO6{Lx|Gww0mu!na83U-5j0z#>A0P6EJOa9g)5e}DLVMYY6l__@O1ys@oG z-9Acn{UnsR5tol>_n;8Y;*s~a5q6xhhZW}I5181wzM4$@Bi7&(ckbv`B+OeN+ID;eN+dBOicA912)X-bSl+JEjHQRJ!|5r1QmfpL~! zv^yBNa%BGKK#>9@_JCA=MPSj{KA8+|S zd@Lk9BD6qTw|~NI{`@3v(M;TSo_HBa-FDCXGA|Q~>k`K;{nz*43Xj2a<%eWBZ%B;B z=pPIpCTz&P#zRsIh85D*`ZCjz+tOu`FlWQ*ehND4IeKf2WoZ;Cs}?V-A=8~vqev;fPqy%@Hj9K;(W=Pj|^qoJ2#&hifF3TCTme7}cXaj4iVb>yMT&!7>FydoHufSWQ zQdx$yNIu3P>`sE8K|6!zW^2v9yKaxD8vKbgZ74=6@r&Kp00qTRU_S|Yx}{D8p$RK$ zs#pp}T1XUgbTl?jQ`0H<(IQF8dfTM2cW6eDR%jIz2cd}G6~{bPs=gG@;pd?)AS#hp z;1KglhT@urqt+X<^m0C9_`ArNo2#I=czQk-74lT$_op{DnCT-57Pr&l?Ymk&VjF%8 zB{w5GQSXHwXoDYv-V_!x?V{c@j55NO)Z`Ssla}y^NvOx-OAc^>Hm@weZ$L|6Rdu#^ z)EpcAl5GE3NrZy5GVkfi#u0v&1JH_ob8T#o|1s1))ROb_zSW`2=X5#FL!9>eL(TCU z(>=S?pq-X{)XnHlFv%NSd4Abkg`hVbg}(llZ@e@;f6~r1Lo9TPI&4(Fspr@|Do$f; z582QQebz<4^g_tptq2n9DmyM-ft9Jg8Iv1+5tb0j(m5e6a2x}hD82F0yaOOUk)PGB z*{Hlj4rvd0E+plVbt!L*TU4_0a>&0R-`tgWdgEXt(FS7Wa!f3A;eFE3E1!AtS=Jt6%4+y_)5B&IWnBhu$2d|wH&kfb&7k%?y zyS7CN6Xj&GP{u{>a6by^tW1r>&n9;>==E7D+%6_3Q! zsWw8^nX0ri?FZ#;1Rs4%{;diItvYuBPY@Mn9mz*O7_C+Fu$*dqwL+{XabZnmnHyD~ zCC}&Z-SV-3wjWx);R6m}(9J>zzm3$)v`uE0SJ5OoMnOpNr*Q|mr56|k|w^42RFU8Dw$SHQoU$`r?LznERM)Z2CY`%yoLEptx_3UBlUsn4q#p2vWft@JAd zsjqE!<^0eUfIj+m9q4^WRAsa&AiU4(37e8jo8C;F@aIjoALXA>dOfT>-YOn<+Jx^=a{5)^M!pww(g3O;MjatYNJhQK84RTBPeS z25LyHmUU1AA1snD9nV$r9^Kr@t zJQI>RU_BXf;-Jf#ik~*P=LXuF-9X%ROV0GYcYsr(?pa=w-+KopR<>WIlxLB4iz{18AmJb+DIF_7mxaHOF-!#8Kk3nieyL_jz4IV9D<=q*IV1-)Ifo%GErMY2RV@ zFP5JVu*O>gLMl(ObwvTglE&;Mh6Aa%5R+r|LS+Gmpx?qLs9!%MS+-t>f5Wyjrg_v9*#mJI@H8eryr1%T&xA^*C;n3WqpFW#@G?fu&UMO(Vb>&=78dZW za>pk3h+U4UGAYT-0ToGW(XX)|iCT1-JRpb|{mp~YDn0=bvxStqRThzP;9M416@{ky zyOF8W3b#+)Ceb5a$4+U-LX9Ja!eeRrS&G_z8slH4+%Xb_%9A!{5PTocI}l0Fa_4q2 zzd6}(Is~{;F~b;JW||3nGT`McE)!NsRs+k-tfK+r=eJPs4`P_x*Yy=J-r1WJxV6|= z&B_^bqOIx0^vug(U(ULPj}q|`<~j&Cx@8>qadcjmI}N>K!$&=}qK9P*LQ$z89%jI48fJS~mW#q###={vSC_?S)sTUJ02zMZAP zc$>DdwHRau;x>}vIT>>-&5-rn-^vc^O&BaxArdg=S*K@zBtj)DbSt=gslxM0@%B-wWbYz-D8a^OV_M=&7w!Y~# z^AErBw4~^m&RZVxbWjjBTvENK)ke+fo1-Zm7p`8LCLCtFU|e}t?0gAfur--orjJTk zD&|Y2G)ViGgU4Ut{TlXNJ>P=DP{pHwfzg0mJ1BvU%5Z=~0O10*pqU(jmw;j3GCa4t za;C7kOjA0TLPl!hGDmoKoq@wV=!3FZ@oe#Q_IfIJ8#$Xf(c9!In?q5p)<~QJtmcBT z=4S=wt_^<9WLt9FyU(|$KCNe8T~a*upMIUZ-Gp#Ncu8;+TI6R#Q0Udr2TC(sDDR2j znw;Ojux10$O=RP0Ci!vX-0@JRmZ-y8de$-oY{Tzbf`dFYduh*Q;B!nvR0MDbi>U=- zr=*9s>Y3KDE_kzrSWVzq&(HJ1Si|m2@r)82v5Zi57%Lt%NI-5wMplP}6ov>p8BBhR zQ4XIjh~YN}Zd3a!**ZxFQSZ)~(OD6B*vxj5RCNLMwrXR%O_m1`yHQo;d+IW^ObZx} zcfGy$SL0W!m)lpps{>z-uU5BbMJ;av{fEajzPBbY(0j8tN`rY{RQOlXi#6LyG;1X$ zRZVdcQCAD{Hf62uWzQE!~sIA15G*vMeB(k!27Grg>vfKLu|c8(jqlCyx)U zdXxs3adlgy-&c2$8A(!an%dREQrl_l!mnB4G8N=7OC3nGVsPtI=jK-Dji+8-(B zut_&R5VozhXxvgI`Fz*agJ>mc}_3<5w_CzFrf)RZp?BsdE9|2q-SpEIzB5gpi3KWdLVP# zSTlR+sHM}$R9I5fnD>4KB2WomRdMoATE0p@N^=W-#dZL_yB;N;=U$ z;qfs&r3djdu`ej`Z637;fu6F140{#=5lrhR>%$y=fm-IfDxdW>#!Y8uWT6)lFVq(A z@%V@ViV8HQFh@&HrKrcn{t+hHVbtG5gVO-*W7+DdE1$@Kf$5HGf3M z#;@K|;&_f)g1-84JQ|#qJ|BUwhkAo%G9hi#~J08xIwz9nwLA^-7 z(j3p&+fQT3*ALaKi*?^Jl2!l|Q$?<2Wwp1iPfw~lmX?J4?}$G9m|*tT zY;O}k8Q(cz6+pRd5a?=~+gzuR1=vJ5k0^(=TGMOITc}|=7FXLZbAi^h~8%QS0@RpB)ENd)G}_Fw%+v*^lY) zxiVl@p~0Unmq-FuQolefy9p56k1=P8VI%)5)d5Hyzn5_#j(x%fRd->I+_Q40ofkTt z*3I3o@yw_%HpE@9K)`21tu=#vSY$#bEQT$}b(IZ&dO)(APq>nQBs(&gJI#$!g#raD z%5|mjV*`mo+zjba`7{@dR5CCxuAgR5e~QIB^C)}0U|F9mmhYVD$petC?EQ^QOqD;2 zd9L}#8wtyZE7E*8D0rzsBpLGAg0oao#7Ir>bfx}q<6m}HT23XQef7vj0uN>+PqJzV zN(nP+EFCSdYQ-MCg%m9qm=@k1CX0njgGLNF-Q}(^N-w(ZB<$W*_=3%EU`E^Q?P8VRE>c zpD+2^WWTbo@+6pMR?Mha%?7S5+b8{qV%v^|B%R?z6{+~`9%0UPj0%DJz8}NkRN8KH zb5qde)iF-QG`?y%ogunJv}6lPhG&p7>bS;lqP9^VWmoDQ^-%+s(xnMfE}(QSPo7~7 zt^{^q!yInC_(oELu!=EPsEYSCT>8ufbYxIqv#Tf;Yy83lV7&0Dge*XhqM*32&XjsV zZZJXGeRJlNVSaS>>?5unsd8;&g^;}fbo6*LzN_Vn!*+2tq83*QjA{xe#I3s{>vAdz z8IOgrW=als!W~1d0)|Y%t_lj$&(6*tj&>&-dEAP_?=a0lMw1Jy!uQBS;hH;s#Yg>f z%17Z8EbC8KFWAk}k)G4cY7gDB(cWOhFOYxwEd&E5j(R~6AALce$*}$QpzP2h2fRjj zG)Sl+XJVd)K%T{kWZvSej8IptNrnl(q!yvO&Sx>nUUpXk9K zN_$8^;V>K0dMQ|~eLkf@rYdMe1*|^bB=Q(TVsOQw16me4dP; z8*f9I4c}jhzzm$uQ%!LrVKp%jU<1vGUnF-x65v*G|~&<7pIuTF^o>L%L{&l^%#4uy^O|OV0Pv&fd>GhJp{hO>}2I-CYc^ zm3#EmwjwJ?W%C}!fvS6p3vuZ!xis!Nl#F@L*-UH%jn3VPPYVlVwKd5y}~Nu9g_Z3+=#UE7&>Biuo@~{gG9*5$y@x5LcXRZ zIYEePKW4vnI_- z8539BN^||<$I}jCse=5dxyo@f!%w4_hCIu|LCNeZUt9927xB0DRN|Ct%KS&&0$N+* z-*C}daRROm^@VDuzO37=l+9f)G1FM|JF5eC(EtpuN{jQM0uD(Tn-%;g zni<16;?Z&@L6PVruFJZMm8PuYgst<=2KAkIyE26%OI3*FMm*M!+|3EhgU!LF8t@lX z78h2}pAJ+lNZhr*`C{L3Qg{D^yEH=n_9fRZ!VK4n%X(jFSS#=niP#z90UHbDKh=L&$;~d-qsU(XJ=d6`HV7u2ckt< z+7ss!q}Tif?s6#Kc9QJ04}dU>vrRe0V@CKYcdyUu4Tppp$pqxBAvve&pv{CRX^sUdx3z`CgBq@8NRu7&A^t+HT1n6o( z|CfZohnP<#YK|AA@&d+1OY6x-rlC$+ZIA!*cB#+SfB5G|fl`kpsMw&p9TCX!h3@wq zk7)`UxN3wBKtdn%kF!OBf@3ULPTgJTGpgp05!DKSrZ z5$p|y9Xo_To?_wNwfkKs{4=;M&@)xxH>8cq&p1kSfYeVe92@z@AFXv2uJ7H!nb)#yFT~3bq~iqBN8e0 z+3pKE%@>Rxr?Rt{h{f7OH^=Jf^5r+@)HM*Te-Jtz&k8IywrMi4JXBpzwTaK%@gCi9 z(0-G?m>66+<9xnG?w+-%2Hh%Y9H7Xlkj{L}UgvFO;;h~b)2On@_0_DXVVrz|!}E-! zZXHmie@TD11wq4rl$F!aI3I4vyuVStVrGu)QyqMbt^3es-$xFQVNiZcC9!mvnC&8n zRzr*A>^qi~*7C;ckauGCme5PKVg@1zNhdT|Vg@@GAa#k^hqlyu3i z+Pi=-D-qgIRN&#oJiG!CH4fx4Eakw$B2-|{(j-5avS^adeOUb6o2yB#-gX_s3Bh`i zM@Mg;GANOaNE%+D8I#Urqy+Vud9+sx8zHXGeL9mWV?X}aS7T+nipY(MuP{O%HJSmY z#Sd>JSGHWv6ys+fQZCk?Up=*#uL46Jw#-qp7>EiBsm%we4!F3YmmtJN?nWO+;4oKur zia6W$VLBn;%Hgjd!LIH*(je;opg|V$p)g}J)?4%|>Ben3fAR@wZsQ9-*>wN$ z#78`$n_BH_j3YH>#Isjc?itGSvm_$FGw;Wx-*^&QX8zlse8qqJ6_t2?RXK)|+&FzXIafI+?Hyy7fZVG@I z^sT}sNUKF9K?6yomXFrX)Cox{o2Za`a77$6YxAB*RzO>M^e*Oiw&JT_50`orxbNH~ zyR4G0M%Q{Cfcj`2f*I>u$rZQf*7qRR|f@T~qZ&lD|-<{GdkexRbD~j3@uW}h#V`CwkH>0P#ZR=?>S?^ z6w_!Z$%E4s)yiYzLZURNS8XhFjGZkhK*Y`e=>wEmq)XExuO98>qLHv!j$ z_`gjstWbcPEw@e{Iek0BB3w+_|FNQE1acdR0&45L2;a67g&Jq$O(gTDeaG7xZTqZ& zrqS^q)Bx-UWhsP2jt`CHff+h(BxwkMgBFe)8VbESXOy*1BapXOgL+mqL4N$K!iPIw z6rdWC%@=ULSLMy`s#g{&Gm*)dBxoqPP);c9>Mv4Kxau8R@>KJ%MKwU>OM8i_Pmyom z4NJR(U8U!>nqB3y!ZxEcPmeE#WU7DF&>0#MAOXOAA&FxH@9Wq+-9Wv38Xeoo9_!iu zzQeQiz#s+#&3jWBbG6?PE{J75>d@u z9*fT05R26Asbyg!V4X>vx&K_1+#~QBw#=lw_ZQ~@qr!{wxy38D7tqS=z)tL2%by@te%Ai%FSW}1~iWp zF;&o>73l?Qn3a{$&cd*BnH!+dYy3r%BC!xeWX?C6430!ssMjQXp>uk*y2XQJO&^Od z(xRLu?E_5pn(#1QGRMX<9XfgWIeq+|pD(ey$uz0nP|iw=sf!{~V3^`vnZn)jgz}yu zPLx2!u*bj>?O?R0CX#KD4^hSd=wV{-WtpM!kk)0^hb5dtGbb41MNYUocV~$Qg3QO@g%T(C3JZ2@NVK&=~=p`vwaS;%7qIsN=)O&LQJRNCfV+dMm zB=BOus><{_lcFXCjU^roq{^FBcL`Zwjo}r|+ubE+D%KBQhRbY9bXg2p4qYq_LluaA zm{ZcSR3XK7X4|0C&=Q*RU0c>et{baA5*dPvr7$e1~2vWp05jiWkGH z%I-bLJWEc>S6=Gd67eB$nS#15KPZIZoOl82iHjyROITgEP*3E83=)0l7ND$F*R)Ph z@nkgAnWN}^L{B{~^7l>`oUC-HCiL%VnIm)|qQ-Azb@QmV}t<2tY=>vV&0twixk%GJ;nHd`oyu+(GvBjS`el_ci?Kxz&8zIdXR4 z^O-e2m=S7x5&7`VOp6DY%@f$hwQ_1x=d+l^T(*Sfv^A!&EqbLb{0UPCm|krOlpU>< zI*lXZy0}P%{oJSo_$Tyk;@(4Y8^~o=C>{a7fE7Ke42sI`EltgBS>P5S z=x!GrktVAry$};J%~!DhdgB%DcM0*2v|3S-3Yd?e>(31s6Ceq2UQ`PbbR>K*QP3GDuEG3`-w+&lf<$MRLFAw4g&F3iAde&=}-fryN|902ir`$A0=T6n&F~BaAO-mg`>;1+vilD)9F3wmZI>#YJlNEz((ui=ucO z$RnO&XAXn~nq+RZ48^^}Dc-*P2%T}4xWfreZOh*Oc&C02mcz+(@7?Nfn!1QtFK3x8 zcr4w+8wIa!#7>3kQDdq_z_spLCA4s5Ns{>?J&MbP3SdCpk(%OP8-DT7|3++=Ob7A1 zRO_CjZ>6w=j^{ic%YA5rpR{n_I%=>10}k$sp3?zz+`jYo@b^b2{wVyZ{LdeXrS@{F zq-bJ_`)fATBz|10jFc4}UVDR9Ig%w`)HAQqp9_vr??WR3=#cCn%HCtIoA7KR%#9^# zdFV;N!U2+@0xt~FY@N_@wz%E9js`~w=>#jG+q4uZt0{Ax6-#y0!jlVGcu0vR=KT&y zemHC0{p!nUxasl-e0k|Aks}^rFrDWIrJfj|Kv!wE!4?;ucV=r>Xwz#zovols5F(G0 zE^8r+*1!a=jdJ!csSJ&d|ymjyI!Rh1+sL~TK4I_N$j5`BDA?h_|F zg0&{GDY-2Lm7Oni&FKloiash!IeV6R-A~&o<%;S|FSF(tc$H-3gGVQ!B-^#EPM^y1 zPRblNi1h}IxlpP=OV>fr1rkGflQP9v4vI5UCAkkzPcp(lGRB~=$#Eg1^IO2`rz%qj zAQV8SqR1LsIMq)TzF>Hdu8KU`=DjSZeOy3S{7xK?XfY)jgjGf^jVn}6VGXfnSr))g3ZgB+%}{4XSIG-O?ZL%SMI&~rI4C`8bo}LRVSxGApmL6!N3H6 zuhFM-M1TqHLk~=l8MuRcqF@eOE}lWcN&FzeH6V~*^Mgc1gG40`BMZ_<97+MFo8@dE z;b~h~gtUsIm=msmYQ;D2uc$Af`*&|Wd46hcZa2Pq++I@y9)DgpgXvy` zM0tOu&Ik99Ymt(q=T5{F-?5-%buz?gKZt6T5e0Arg2RVKNh~wvL+ITlMi|#X&@f37 zB&bCC+|MO{8!Z`hgrejyU1l&NJl)CoW$`r%7Vn}5j>L5M2H|VqCoeDY-hAIDJR>2) z0NNUZUZDI#Vle2PEahiyu_}|ajw-uU8Tcu5^AjkzkM8M3_8tXqhGvKZl3B(So2cxV z<7WYS+w}Q`eFQ}FQ%(^9Yp#7U15 zX}P$;PhmDzi?TvOrAHp|f#+xtFRI!!)zy8d=dNfhFrZwRwcue{Pr48QM@USPk^<#Mx zyF^?W3u9H`!<)5lXJB~Fut?4t*93C}>>n#>yk0K15wK{er$&-j>}ltMS`QKQ^>WTO zLeoOI^DOQ)zSm=>N`zf7udgZ_uiM6iShfj1Xr`#6YwHS`rPTvleS-FOndmDWTKYHv zF?63)`Fu*p<#pLA=7#b$q z8jOx{80vcIOpYN`_1QR*eY(}P;jc1sa5OIe>6p$-jHMr*)P9VWno)l0zP8xp6#jET z4uNIB0wK>@b2_jPAvss0$5}t`n`8w#AS_EaOCFN~TQdtS|ep$ubg55-;Er8%|08tkd__cE4jA-7`23f5Fmg`4X3T`UZQCkrX z7IF#%q^V&pegC*xYnm&pfKJx@PueadxC&|vwGvKKYaI2NFl(j4iumKi&+!cSlMGdx zb45uG#oZ4!xA&Yj9oV`8Rs56N7L3WNsHdri^7IEIrIOz*-~^k7ZPEn3v;q8gBB#pQ zO+J>z%b?;9wZvMe(me#;8fknKdq%9GAuN}7Nkgj-i=Wu~A=97sl?GNhmN}k(1j%;s z5F8B2~qN=XY>3#N<(V zBNaYLq4NdSSs%mo&J0q<Vgp{5bf4RHQO(`$p;qh(9!Yh%*PLWDFcHl8i8*8)~Dp#+COwu#5VjraT9oi z)4O7IozU#I#ats|1rWRShWl}*s+ zwP7N5AUp`YZxvWqEz%`zJ>jKQy3hd8o))8&<>_s@BVQ#9a1G)vbrJ}-eYUCcHR4x!Z68!p{F8KX0 z0N=EndVgvq`qo8WHf3zDmE5J` zf)U}t(}kgK-3+s3x+*SDzd|Nu7On78Oo|*u34WO|8^Z3LCii#quQ*uIQJtTy%_|Ti zBnM9nXUsG;DsJyK!fB?EP5Qrmjz86!_Hzn*DRZ1w-0T?d4x2;pkPrJxW4_1QowhA3;hjuyz3-2$f6=G+u?f8RL6WTYtd^**q57`O zC+y=ckr7~N3pq$IdkMdOx8)}+2z9xe^0nE=zPVRjdU{|M9Pe+mr)8l$Y>@Jf3Hm1m z0}8K@gLHd%^zRG|6O1F{3XT6z@;RvgR`ShkZT=q$J~#vx zK|)=GSw>M36gl`e*I$lVe`V?gF@av8{IwMX08597A%5cl*M|`>Uy(9E)vqag{|yq~ zgHQG^f!E5ee^>s?Ch<29HtOp@|FymH{Q$kC!DalfZv2tv_dndAvLJvM92n1v{hIan z&404~{`VMc{>mK-2FCn{FeT)_g-Jmp0cA)ehbjn&hWkwer9$NVcNXFQ#``00;vaa9 z@c)thXBtJO{|5LY3)&w52q^ysApakszq34nfsy|q6o&p=sC^XkbrdtBucIg<|4joW zar_^kKY~F20hCVhFCcs}kbe35JOIXzy`tsP1JTC`fiq+Hw2*(FsDA|9`~%2>3B=F- z+M75Qe4xQN90)_58w8F61dL<;6XTDVPJdv$dkf;H`k&taBlN<59n5(lkO1+!|Bb`& z-_!s1hwxxvWPh}oAqs*Z0xG|S`D+3Ia`>QN+5g%K0(`YV4A?;13G{ys;%`q=Ffg9~ zFoVj106N{@{G^k}z`+UPf6Dyf@%V=fqW-^S@czmFhwH{4{Gn#Q`8%|TfpL@2ualk) z%8*<$`8w&z*1zjU^$GrGBL8?Z`UhbAhu=a>Qw0C)z@H|^zXb{cj$J_pNCr^DpnHqx ztJ(2CTS0)l+y93V^54e^gaWLZLV$U_86>#@JEw47#{{s!2cAv6j;Y@bNN$S{thOQe z>mYGWzn-N^o}dcBzlhntiC`arpZ$n{o6|(EC@RkXJetXVzw6%3V7=DWy5IxtW?oyk z0sN-(E~CHFOJ-id1wuhIO5phn(myBV4~yr2h7BqU0%$*h_~}5#Pl8trtJznKu?P^2 z>wk{KUuGLbFff5XKsuv;H;Oh#_RmHe7|L}OK+#9eK%P93fAC`^{O0$bWB4ckA1dD; z`~!)<`A_G_Upt9D|Jup(jNde!d9qiU&u`jUHt_Sj`0MYZBz)k@{OcrL<$`GRK*nS= zV9wm{(@t*TRUWDk=(r&C%3J&UH+b=HKG2#9e3t?9KZCatajHuM4aO6c+*|OE&OMd> zTafS-?Bn7q_;JPW&JpLL12^Y?H@g0tE?oVaPQ66=&w;Z1a z1@gb*wEX8@m%a4b#C$*Steb-4kE*|xL$6I}*Hut&B|yDp`U7!m93;l_*U2Zp{E7uV z4Rl%-dF}r606uVH`E}k_W`HZp!vE~%p9}uqs09HPbD-s)1|$!)nfpLTWet;%JZ2tAv{{g1mJK6vM delta 29482 zcmZ6yV{j%+*sYt%#I|iac`~tW+qRuNv2AB!+jcUsZQJ&F&$mzQz3WuU>EB>zNs6xM2{@>zXdoa^P#_>6f*?GNcXPb|%~TQuWRZ;i4K!y4 zHr+e@0{P#^5yAf3wRbXS{QZB{64uav{ZFkVuwVF?|EE~Rn%U}aa1fAlXb=$kq$RGd;LqzkkT3wS=H_5RFFd%K;Zc_im8KCMKrQ zRHp-7(cs|b^;8EVaznSV(K?WJFz(Vu?c}K&_#W#0-X8j)+X1HaQ?#7HfpF7Ef6O&P zx%-i%$S|>sBs&G>YoZPB)~qZuxF6mdBoi%0rZ0{QuCeyJ8Im_u3kTvSSLK*>T^<9+ zfD149-8#o|?}4_R=xKUpE`#G89S2V4*~B`?+M&h~#gq77xw#y!mFd$Rv4-fQz7d9{ zjMx-}FZXjfB%-SuVi|&W!g}@6$rIOR#-VaQj}_Mn&z>7jZ@=B=7im+Xt1&sD4|+m| zw;l&{O78SAZ36E>v%7kl|DcuqC8J%vU>1+20H&wo3 zmu?gfgY=j~g>+vi}MdoE~TwELFqJNxACOZ$jgd=-fW6^SVew}zvP|0G1# z-oY<nObn=y||!q-I_?!07T0GQqt zH5qFK8N^e$sZQWmD6~$1kGlPPr3XfLMknu;4?X4mzQCn1Hv8#<4PFx#83Ri@{%1XzPp~Qrwy*R@}h_f>4 zY;*Ey1nkBxB|%ow{VXybIGXFmvrYDwwnbQqUSK1B8RAszuw@$aEQv>8$LtOh6qPi7 z+4wQFgtE}w!vg+Nef_e}QHwO!fnRR6;vEJ{Brtce8jFOU#q4(xWl}U^OqJp2C2FwK zJYl?3{v6H#yGX-Dy!EMu@JV_T0y)D{9V>(A5{_F;$id#J-Td`9Fr;8>4d*#pbRStP z(1L+Y=EmE8sJIu&n{Lui7%@mf?mm$_Ku+s}>h;%vBhujG9Dj_T&VV7Ez@Y7b)?d_w zPjvo%uX`gvG%_O6D3uZznNTn8d=qTKFnIQmG};kcb?Gfj00y7@0s1_ba_IoScgnOL zsU-iZGYrK9R{R`2uyExAaqKkl>;;zT*mR0XF5xsw+5F3VoJMHojPi5}Ui_un5D0&l zkx+`7&#DyXaw?8TaF!qkooIC$MNqc4Yb>(Ar%xbxS$gur)1R-?#J_8WAGY%M>nufW zc0sxvI*|>OSE^2a{u{0z!^NVgFdr8cOv6If9*Om8uAfH%s}tEPG(8%C#eK_oHpl+V zb?^!NU+S6&wf}#K=kj!i04^v9h|GV2%l1Fw*#iZgM6-egOi|XAM-@clZKSu+ZP8G- z6+ILd*er01(w|#QkH6%oupAJjiR(-~$=wzaf`*~2!Lp%^km|T02-*{aj_Zy! zk{9Awmd8p4{QSfaZlJRc+%qDN9=>?Kj#aRKl@md(C8^|D-=|?a@nb5-HH>n?mAZCa zS??e=!dGigjqLZu9u-O<-L`@rK%-S!3hLNzmH@*a&XUa!#B4wnPh3fzhDpXMITx}= z>LyjSCBhs}H=LVM-+n;k2@gRC4U*!xW}$l}g{@5m%B(EwB^X}g5d}3;Z&c7M3om%T zbE-1&=@cC z->_geP>#rvn~8Bu#h)RQ608JG*-1y~hC;Jql0%nw!cF*@f)uD?tw_H$5{FU>`~OHx zWydA}q3I{!YnGGuO-Rm8S|{MziOE|g%mx-n*N1qzaWIdi`&fd&xvAeGy}GhK_nJ%U*==pJn4G{Y9n(=4e72psjd*`&l-#YQ+R=Ods7F1<||U zME7HGaG<0KK;?^)z>Yi<#T11s#qw~&QpxUf(pP5%H(4H#QN-p9$z^YIa?s)>uDWV% zmQ;HKY?BBqvvTdcieeQX^9_! zdr{4oUy)XRs_ZMO4;5Np?5Mp218KLo5Pqz|NPe`zE4LfOJh3~9Q#Ul3JIYfxVRhI* zgIz@UPemx{+asib*8?QJNPfi$U`1wa`l}TbVSirv@eKTD$osb`l>DwW@hAGX7CTT` z+D;#E*Gl|}|GnMEpZ+?E#Ic)a_4gad21=oaxR-Yq!}SUK%^ocM3PAm-G5Z$Id6Z>; zkp2Bre)z_?npC>K5aZ|S3k$V$%V>wWv zg@rlqfOxsyV!aipI(f~t`WpdM?l0ozIKE9@>aGDSGas*!N|qjEo6E~_>513sZ4xta zUN=(WMb3J!^I5x-T`g*ePrjg(Gc$y>@f>=b1!tkK$$4F;pA;>0M>O3OE$-Q-AnaV_ zN|Wn)7XcCe%)oA^NRWT#1lE**4`nireP+lC2MV-u3yonuQ7Fmjo9zRW5Ad7i$(tFj z>vHfKx`S~}D1U!@1eWM^#{WZ`(^Y676xjk)j$|4F*fX&vJf=6PX3c8tltiAGcL?~L z|K(0v8^<25!Pr@h=VUp3#`Xu~@}vcC)B_S+*dPZ9uoVlKOU5O!xk%;K<%{mSaK>L) zK%TP+-6)nw000b+=OUobsPvj7Oxj(dv)t8DOQ_8HomTnPc~dcQ)ghIf(*mCI z$szwjliJejrqrE_qLEL>_XZ^6Ejux0!&yQi^fOp9w>H{7-DEdYY;6j$acs2$C4Vcx z0c;v@>s3^p8Yzd5hJ7n}E4R6LGhr<_OZK9vcsHOh7nS`wfh$CJu)!9d zwtc3xJPw)Rzv@HTEcdmup<5lGUBzk5n-tY(NNALChYof#CHpxFpWK?I`NlGDxna&P z06;aoO6qNs^Z2!0cAI#V(A{!EmE0wlHIuA0b`$4}UK|zEB4%@zRy=C3RL(i+z9X~q ztFCqQIT2d4xe6Fufh7Sxa77+0c%|v4mV7yTx>|{OnlcqQEOWjmGyj~^UqEhGbs6u} z+A=Ro+fa$zI^!&H(r~xWB(vystAWd!o?1ESn~G zeIJT_n4g|?7mA-^6n!OR&|2wCmp#0p`cMasnS?1EU!&NdZx_C9DpGdS@Ibq1xJBbL8`E_H{Hlnj z)a8oENtm}W!bvp}J4@sOmReocAL^}{?pg8}@6qTLK_~Cpt{ww$*+v(#q-F}bUZR7cd(fc>&U;HMCyvt_rjv?D8tcWqjMV< z<`QGBq%`c5E%^;3WnytyEXLyT8V~7FF#8e@oQ4un$Klm1cQu^|^_mWgtgh9a`2Kn! zR*aYpI?HQ%{89&FANRJD4h>=U*jud$=*jKzodfo>{ig5uIi3416N|Cn7g zoXl|r_fQc&O(MMLUI=ay>!j?G$6??SjG2(enWD&cHTPX4JgKlT4{fHxrfh;`ZH`9c zR+HvoO;DsZITcVNLsHJlmX0c~Ia+^9$7efMHt!@eLNEExGBA35L#}1)nE_roH5+*w zB_F7HOFTO><}6J?mJ(My-;Eo|jpMZIyf_7&e4-2^7}}O9GcMe8w>#Hu>#ngc*%4h+ z=PC)VgCeqY`S$#PI`*s_u_*Cjx6%4lE*bV$=Hg<*;*JdQ*15p-ZvC+&{BL6z{O!Dy z3@5pHF5OUOgB$p0QQ-;7_bX_ud{H6wN*u6+H7SX~6f45XF7g$bm&rw9lva>7TRP*} zXS{54A6$iREpL?fs4be@TouEL$eKSZjGdN$d~m5?)4|AX#9`s;4;p;EI)|;bfp$0Z zRy{Mm?Rxrl{*NuqnU<5>G^#X>iO0;f5q+Z@G1!LAzjmHwq-xr&8r7gkr{=JACC_t-24npncjOOzja*a7F!Pgr(?Pu$RDSLAgHQETmR%;{sJb|-bJUix#3l>JZ9KAAHxsBe%vEgp z_G|l3a*e~sZOp#;yh#F%atA|(auz=4Uz3_YC*(d5e+4(5AImbVdQ|`LXS*y^m=wqx z4Iab}UAX z9`V$Vq>WQ#ZS5<>X7n2?%$|Tzm^t&xg^?_0CGF_N-NTIPfpolU^T|TU?SW&1_@u+(N-cqCR_D=cuL@S>fD;Q5nkt znij=$lOMI`Oy}TN;x5^rmKrrylr80|3Kx0i%4NFkT=P3B^~IZ)Wp??(iuNOzimZ(q zqFFp>9YI;=3v{q{gGu1ME@aS^>|sm5iLJ@`Zx+Seti0mrRH*S3ef5F{Tcz>!COwenh2y#P+_|uwUNi?| zFYJyqbA?2wFV5*CuAXpLCi+VpcCuoHg=+EU>-_EZtje-Ia)b`U9io;PuQ!z3kwuRy z#?&{#0Aqst_Y{3XADi0jAuV@|1QA{YmS$BXScArvW@8(49xJyjyH+Q?N@sVCo40Qf zg^^i3Lr-t zbIam~cLOXDZrz3M3KO)BKLGE-#KfjSWa-=))u|e^){7O_I8scIn9+Uox#3wUR*5?P_%*xZY-G}o# z3!cYrH!&a%%VVHV93Bp96KvO)*52p=Cj&Y3hbhCc(seE%JHsG$ z@H;?Xc#4lBs&`DBduwLGQ*@ z%x(QI&qou-zqRZ>3NhZl@kT2L!;G>o;hKQZD<2JbQrH_>24D6ZzaIHCJ{#xPym_b8%l8DQe4i@##d>bqhxEwL4hlYaFi(lnz| z-k3scz_bDJ(s%DMCepSyDJ?NMVv(h=yj%a17yML7Wosr&j zZF~gGWYS(zavi{@H}&}!x$Uc9OHM#tH6Qz)@;NFTA|P|UKl(?2j$pTx0>eCgXuluI zTZ{}VDvQ3}!?-RbW)7n>GGUEw(zHJ*`GH#Ml{uB2(A@ME+N^(}3ORSK<4SA>I(daY z-1xQXKL8}Iv(OO&4U)IeAzFu>9tByD9yv(=>)>B*ZV;M270|F%SNbr_s2x`_@d(c0ik4(Ez!ivNo3aCB9<%~11@ z(r-rh1Dz=-F@{rjr904qJ1;$090OCk)r8Mmxb+N}j%XY_NE3raB~2@tiHpV1LpsfE zGty&sZaJenEb*Oj!hir<57R9@&x+-@US|hV&mL==o-KclRrpguT~@TU=sNhE>9X63 zMk8v)9_1m0o5F-#RtdPQ(ks>(4>%oWXnE>+u^xBPr|`B~tT&dJmpcbxJz>&Yjmfrc z3)%IvO1DhXdz%%LbZ`D^F3_#iQa>s)oya#*RI5xXF=mj6iyfKrCt^y5KB(Kw-p2(( z$+Pb?IE$`OFZ0NA`Pr>D*_t{MbrPR9KB$|_sgEBvM;=u(4Ka6^bPkgTbQ2c}cMpp$ zI2P%`!!bpYr%<)eaZ{KzV$!fQO0h$J$MJ(!kL#5cRkr(%+@EGt>YP8ylpdxIz6!Tc zF5Bj8IElMz4Q{wDY>;3fARfxvF^mDFiZxRy39p}aCnx)$Q-Upb=on-(Qv_rNG1+_+ z2h-SmGzHAxOom&-DF-apwH#!6j}>1IcV+y%k>$E-Sway^+UFy{&t{N{lTvMI>6%R% zs*KdvbTZNgTeMSVmgvqlWK8dSVs=Tuz?e7GYzV*!)&j!jWIEYvSIeFPAW4CZ`p~$i zqprWh9ESu5W1+Bcg;{S|dPr_pm#?{18!rM4PK zK3jc&+spv_iX&~0n7(%V2c0R!>TW%}ns}7gVche0-?jiLvX_w_LMve7reLyQy@g60FU*rYd z>DOO?$VNMQ0O$t+O#AUy(0X~s7Cz(%1)~`TulpYr$*Sp4s9YE)dK0QA*Xix7&r-8>Pd3Y!Xn?r8Q}nxwQ_V?TDfX6dN$RmTt)bEje|#r%F*m?eH*-?H z%1T<(u-0TG`Kdc&U=Y}VdgRm8O5yv}o$ooHYNl$(!q%!(F z~Qua~YUiJNWr zxqCUHPZc7JqxHcjqICzT&Ra5mEq@oPP{ae$y)+>MF)(gZssZ4a_#Ly;oXjC&cs@Ro zd@Tu=dt2-(&AxMMzT<|LxVC$sH2#QfQ{LHuEnjBja{UEHuF^~_AVFbfTKiN}bVWzF zr87(D(65NP^CS1)s0iP*0>RZ6JPBa(AoE{q@%nc#v8c3FZEwgyrNs1;E593V+=+3y z27b8@4|?rEgg?;nsW!kQe%CQP2x~(WCweD)$4~^-&Cb^a$_q&y9z?3sV?=fi$lo3UUJcbl6f7 zUWFb&lN1RC68blIurb(xE6SJ`12i5(DK9MS%7Yp@+nE~OBZ{njc z9j4AH;9vPJLp2Y4OzK5b3T2Fk#eP`lFD>-`YgA6bPrRaO`NZYG=+h!VQ1tB3&glYm zL3wbm0TyuP_P{lGf28A(id;U41^$Ykvz&N*$Jcr_h6CQq!H0v)O2UfjmKov`xAdJJ z{=oW@z*d}(Y1L7N?foPu9S-LZ?&o#f>T$k)7r~-CD5%r1?6dNTA`f=+*B!!`B1_AHjWq3Fh6s(>j!(vb$EdFMz8)XTpm&53 z{=w4m;Lv|XVw!r{h&-8Jg#Y7XjV08Bp#K;1k8Io_e}Vx4X~O~mq4^)?f3=DU%+Y}K zL0!TA;ivmJd@#h#AP0?2Z!xu@tU?k7F~)U3;_yHYBRh;o)F!%!b}?eBB$efwFDhm| zvs*8*Tu3ddz8sO1Fkg3xbGhk$u@n2bkxOJpxUKEob@$r&c=p*GZh{vdCIq*;Q9*n$oeXdv^|HzY2^LtU9S~^wPShuX<_nXgZ2^(@}76HW2f4B zKHB~6MZ~2?_qvRBX*)NbcfRQEyO1z`r^9h%cX6tpVEic)Gb*2Wy$W~IpHls`s*eW% zP*}I;7S~`dM1)7zXM#=OQe)|Z!OZq|O|IQ9{nKzi9s7v$`h-+IT7rle8OF$TP zH4Rz>_SRUvuvnKqKN@>cqM1eV_gkQTti^?wPsop*VHDIV^C87c=kI)fcse~diDFP`%7J52 znA(tpM7Tc+K(>-pXtTkQH<#(vShFT~&!VV!3lDd}cyNBTn*#wmC2VTdktGrA0v7sR zj-1Ze#$HVYA?O(hhwVvq+=g!WsUx!P6zY5$u9rh)AdUIwnY>z}$rOj-%Ebd-VNLfK z>xwQalay3xEo!p>sR2<^Jtfp7mu*0Dg6tax@cH$oF@KdqIVd)gjpOUlHVX-gxpE>- z3Z(p9$z_BWV+}it3uF9;vRbw#`uv@Q%|4l$8hxTfc(M+t1>x1{K|y6MNl6!(orV6H>NB4R8RIcv#seU2`O6i@4J8+$(Ak#2lyp}&mr4|y9|t`- zQL%xJE3bu+UbLQXLdLae9USwoEk(3(O`f)N*B!=>v99EM;7$23t(ujDOTVGaw}n}b zc#5&&(2N?WFv#AfHV9?6?0{;w=l}+2kku_4VEg<9EE(c=hhJ<8aheim&kFaoOGCp-urr1IKr(cZhin!Oqnv&NCmJnoees zNo_2RGBg;5t7nI#sHb;~FrAe*%a3^`)FXgg5LFv+t5gAOQbY?>WkM_*GStpnINcQI zqCpga1&Rj0J&QJEiOgQI1dKMJ#1X`!_XNn?5Wc4}HDavS>UGy)t*f_W5~+50vBQc& z*rlbj&;;e^_fgc++fqP~MNHFqqmw&$ibgCm|Ak0#e)504GGY!8u&ymJ_YlCjv# z7eW=LZ{yGh4kl#Sr7^ToUas}b_n`F6=II$)2V5qH@oV()t*haNN89zVtZBM;tNBHx zBmq~fZMsfvb@FyrRI3vSbe7Fy1gF4C#-ZZ+2?m~Y1dqpjdnp|;?%{JW`yH6+>E|DGnVQtOWB-0>e_ zbdg*PH9an_jVeTr4pj#6x^6`@vjyF*&mEU@P#^9u_4IN=m#QZem7{PE6m@}eEO%gt z9LqCQ(RQf%Tayx&eoJgkx_X?kF-_C^=mQ9|hFrCOO*5>dncVKeT`P)_!i=nE;`Uwz zd)BfeVrIHYY8FZlTW@vDFHH~8#^n~*JU1-2@@3zud4^I=GTfvY`;r%426W6#xjU}# zu}gby%MAH-qm3nbr68v!hTVbJ>$33br~&MJC9DoUY?B_$J ztrq_F4u#yK3O9~sEg?@eCrVnwF15VFm=EoqC$#!Fv6&4wkTZFHZ+r}0ZIL)^gMCr7 z&Jpcg;oCcx6^9`n=C$prtb>Q#u{DxE`UtHVuIAf80FzAdq=QF~uO%RSkVd4F&9B`6 z!k|^efXcQk@RX1IY+vvf^^;55cK-OrS`tEHLN=XR(xMRketSy?(0xJNBcc@+T#cxU zb}Ix>7rgyeJVQ9tsG)s=$XcSyJIP5HcDVu*L`?Y?G^sEOh2`@*ZzYB258mRq0dAFj z<&RLFp2!}wCNwkoAX*@Kn^fS7e12xKvzGK%apLmH3z%}5C4JV=rrK~Vk`_mZr$|QL zKp+~%yXU_B(|fmUk_H(7vpKakcW7U2sTQKN&g7pyUx-#sPZT9`dfz-X9qzq1Wt|Tw zZAo2Xwpy_Qz}B7d*hyCsP+L&!>Z1P}gD9NbVu-71gn`YNFbC*{&QNT>JV5kF#<7cG zb9hmV?ry*;cL1{)RqYYH(`eD?%X$48@fvnT#5ZtqNcE)^3oY_04RKD)M<=c*<))2H`l5IZ2Qo$I(Vx2if1@2S;p6e_VzeVu@U#%@bs_)x% zh(juc@vy1y>Fl$@fJmMDXBy2!Q(Z1qb=B{e=4P_#TQAOGeUG$Kn+vEl z%-YqMVJp!@Z0!qMXV@86xqDhIPe?O$m9(KR46fTw*cvdO+6K=myYI-Hx?ri5I%Mj_ zARp|#=9VXtUYNYUN75#zucgsacb%f{E1JFnhEGR~62Iv}Y;RqBl_>wqWgP^g5$YlX zpkBvQ9QbQr?d}GHC$AG{r^irMeEj0oms4s3U_g7;1J zpm~`RQO;2|mXlE)&_hr}h|-mxRaG=g&ncFI86gjAw9(R=8EeTLp}miFCl*jJDWn$x z4(pIAWg1aEiesKCe*RZ)LlW#7c2bcsYElSC_x}~19R&8Cj3Gflppig8Nd6~03#>yX zWv@X2bJX8}c&7M%+n3A>Q^6$x5NRz)#j{hXCf>8lC6M%zv>+COm+_Ri|3>+1o64IA+{<2)(~6?%A(o0`;<}Bmy(iUEr-Ut zP%o}iSz&^!XJt~BCq-MNF;X9w*0$>EKxDkNS+3*m-c}$wO!s4($83mg4#7 z#TK0Wc~*-JK7$-=6ZkaU)^u?wwE^&?4C#qtYG556v=Z0ztQ9ubPE*OQ)G}+^F5m-I z8k(UiSgdhelkrUuKmpLI?Z&#Ual-)- z#$sYZ8XPvqHe0kEF0JnM0`NePdoE=c-N9$2?kTRVh-wBfAF@HqW8AV z&FM-7P~fn(i;`4ti$ZVqy>Z+QFyOW8R0lcMx(GMe9}U7nb5@HD5qspdn`_uULB2rM zSCTH43oK3H)dvypNa5x8*akPQWGp?jreAhPar^@FtUSax_>-*pM;n1K(-s~GGq55Z z4;>eluOXX!QJP-WV3{M_MZ<}K&N#;odV{cSe|OVx{6a9vK*&KB-8$? z+!cyt2|K}j=M8f0bEKtw_*%@q%!~>mO<}3Y_x96+wz1b}!%58+JtL6%m${J0+7;Bn zBP}2o@*wEDUM3&&wohZbA#+zF5=7HtQ9j8_Q;~~G2d$H5p#l`Wm@sVAJgtl$44cSA zVTb)SeKgeWUa+enI>TA!oz#WJo5T!L^?|GL_8(K5!^JcHu2ExW;?TcD(>xW^Nm>Hb z-wK{q0bvU@$GnXRuEZi*9I_(IP?T zt^=B?g`y)huZCxng5dVKv!mKWO<>{Q@~9)*W7Byl4NMkgD9Z>Mfo=~*@O!fh?VAd3 zX&HyaFzBt`e8_n6?rHLy8C|}4!+Bs74DaP#mA=ycgCmZL_6(p{nGqth&lFW|u*S$Y z;o*sLU?Ip5CBu%JCduT1Jo+QWk)LLp{N4xgSZ{lRLvKLH2l7gK7Ezn-Q{E=dFKbUq z@)h3702JWO=7}mnN!1m&y#2!l$yyzp+CsaUT=$8`U(tp`V>k@AT*a7g3vs1`1q?VX=7gR$kee%!b4Df$0abk0^3>0! zlDpm1XBeZECL$8Hr5fN-6i7NWh3k0{Q0rlWK%Ke8gb|k=fYfay5q*23xoRF3qxzjU z0|e9T$f1)>$`b!KLHFm6q#B=u9G{3Eb*U;bqMHAeOqF z|2x7w%wj6~;#UGvph%K`@UR539tGprKbz?;V(4Zo zdNu3jYHfP0l?sbuRRt8HNb9Xg?PgW$YBk&HX211k?Z?W@?-_5_BuN&ie{q{H+q%=d z6F+n>(~bHBJR&0Kp9xtl4-S@M60Ay@iu2LaK(Qp!DXcfVixQz}RgdhL*A(&1!($$7 zT*jEuDO8UFwxms-jMBCwO=<)+j4l?pX=6&Ta{>4i&HH zJQ}Ueeo1-u#jz5Dvodf8#dqwkPm^!A>J3hA3yB^Vw8KB*40`WGyRIyZ(Ql>?dLxm~rY?JdkN4Hb( zNQqMKe1$vHI4CLJq?*zKbdO)4>DAssc=9gDHg6u5r1+!`;BKifE~?)Hbh;$@rc+CV z_NMHt4(Va6?d;6**y!!FD0w@wGC5a(!`1gTNhJeQSC{U0e;BrDY#?xM(sq~uDJzlxztR?+=9xYr2qJ|%_lFU7)A}d^7tpSX+wmO|9ZfhOQ&6PMnj@lZn z&P3|cYdqU5HG)|o+oKqA+|0qyhv=Ve;T#m`yEk?Motg|wzgi$mPWdq>uTE= zOIn~_p5iJ|B99iHIe)@aYEm7 zolbl)2U!}5L33!xV>K=9V8mI4^5bc#SYU4vGGOL}Q~R79$b^i_z@Rh(4L-_x|1j)a z6#Obd#(0ajORm*cj-qZqQ^wh7j`V!MJrFFJ`-S{p5c)f?Bj~=hYgf`PzI6XcTv^vh z!p-<1t}OF3QI(mMcNF&z-~yd}imZvD>;X9$D5%c^@>IgiQ*A($G9a^UY`wyru^QK_ zrO~iNmWLiJEz?pm>Y~pBJO^})Uj&GPIJWo7#$h)!s7B{ztrv2jMd1Fev=)qJS=_aW zZEb;BY~)}FYGrrtf6vTkHZ@j``dxA-+@@t#gCY#T$+Wlb#$a|VxgCZ9s^@$AH*sv0 z!8BK`6n-z)xRBRChyAM23<4vhc|npnD#rC~CwLJ3LY_!{#sH!Lonjl*40sguP5|gk zc7GXNL=(Sv@!8z(`nFQ(lwMKjcFgMYZYR&(wp!UK+_Kb}lJ^Q>z)DpEQ$zmhPni!j z`$q&`YH$)folz`@o#h~JnV-@hhtnGL!_RxN3K#2Zg)oAbivhJISoalu%VHsGu}E0y z@E2k-<@&~u*sGU;g@Qmj3Zzg}_!0=m1~9z?ZEL6X~6a5!Y?P@@oG}-R63iY}RO;GiB^jnD2@!vdHpbh?`ztp^Me|CAFMmRWfnx@b7dE_zj9O0tk0O4k?(`P%Tz@E#7)3&LcYYs^z*jQ~X%}t9DJJ@$C zBfSh6{`Hyh-HqHtyV_{(8Q|$M%RC_|~Ro^(iu?wV+8wB?@RC|JMR6H?vito2R zoh`2wJpuaF_l&2mhk@TI*89YRgp10|S(X#!C3xG9UVYrG{2U7#D9gs%3ahsTpKNTv zf0ZE}O!Se#IH?wD$JLT1>b1zvEhO>Yz$ZDfeStK0H!D4LY^jLvFLn03AiEUc*h^&Y zwX!GT&T!LNxD45ItYK6g;Pr`9!IN>Pc7DnwY8>&FFQqdd-40Mm-8%!F7L_bcqC<2S)Locp_Cu>!{i>~J?5 zaq=z!puijF&mD!7beb^28WcnOr;v{jx2Q*|)$&6eiHM3}m58Q#G*f9vgE4~)Z8Fqv zZs5Q}c4w}Hj~Ev)R!Y#I_II6u7h}3A7X$cH38ln@YgK$%Ok7LZuB8|4Q%dp$Mzl>a z422<7u8{%jwfDdH${cFP5hM42g!{t(mcQm2XmFM~$V@6enYwH4Nk7ZRae>h zB-{WW!qB6ruRH;lK1D3%AeV{Ft%EBBaD`~~^yvWkBmI71fg{P3y!}#DKe2dD2IsdB zW3SL?tC;dnx*shl{M6(2UqZ#>tSNaXl?gkdA)r5)i3<>^nl!ys3ne~4*W%(^X_}u< zeYH1qXg5z`Qeh!*(WO0)zr!v@ivTi5x`%Axc zqoA|9oL13Sf^7FRzSU5z@U{LSl|~uI_R;NOU0ChiNO7uR2%(qWTYq*8^s2wXe+P}* z-xD$~8>0Kr^bXrsep31YA;HZ@P{fN7Uv*Pz>r$ zsb)t?AvYh1nKvPgMtjR2<=@lB3GdNqesb(ZZ+V=m#3QmUk@Lhn)g3=acgYZB9*T#L zBJ>@xWJl$^wg5&3R{`@52fO>$k4Ql5zducx$(A-HUXCEW)*FSuJ%kIm@ORzF!YcvaXc{U!A5mt%*`g-lpVh$VQJmqL!%z8L2M6 z!Zv0`*QNRc>oon}&2EzerZuoRTKhh#DR)IC1>j@Yw?p+4RJ9P!puxY=7}Q$A{0E8t zQVafrgf=(lyul;@9^DTkTsA}Xa4^tTfxF*HM43rQh9JN?O{WIiufoC{y_-JvVOi-3 zBCrn7e%Kp1!CJ8zjYg0vWX;(bX+5LljQw&m5`3C{E1$?pB$ZCF?3jR}d{g+W&omh7 z(_C1yI);6~V+&p#$6WqV=5QR=JmQ8d?UwxL@K6W?7LgNb{dGjoa{LzlrUu-ZimlnS zk0R4$Vp4|)8*MTHZ9E%Zf5U3Q+PLq})&8p+ruwH+9Wp?i9P&%L%n=-$0c}zNl2cq( zwuH9fheq@aIQt24&p*%*@!bTKnT7!hu}u;?=mQT9f-pfaOuWE$UR7M5i%%u*2Lga<4b;Jao{#DIL5~CD6d7 zNX0tEN%0<)xUUhRxZkvySZyuy)sx6k_YV%mbq_%VD7nc0Qgkiw4t>_6eFUxxCW?|BaQHd!2l<7|p3=i^YNZh?3;e)^-HlBrEHqjyP4AH9f z(vjX)qBcJBlr@NAHdwvT(P(UsYS*I?AyOA*l&^C_{D+I-c*t0QdDm#wSJgOFO3 z{NtadN=Ka7CA0f0-#YZ62sb=!H(RP47~+B@%+Y}@gl=pCNfd>yAU_eyPB10MPH-jN zgY0WV{!7>+=_3^2V@wt%S30uO(u6lt5ndD#I1AMkUDM=!xs|MZ7C)LUMfo1)o!!mW zQvUDYky9#C+MB91YlQbdeht6hh{S>s-~{bKUmT$VF>RjVQ`6)oeb*jbQ&icP5QH(m zL9O2ZR%dH2Y z=sa>mDeucDYe93J9|7O;_B>a3DyUvex{~Y4DogXk*G;E!;X+HMe-;c-(QE-J2&@Hu-GgzQFcD&o)^Yow+1S zX?IIC&+a>jfO&K7yJV8E1;+xQjMgbwgW?Mx?sr`XIGe)ARR1M{$$jFFBNEQ zu!QeInarBlGRM#X`+2AkeLVuhZ2@+A;)1x?0oHjvl7%`${s{X{KIy`Enw(e&L|n** zu~ny%&;LMMAB4Fg&%7s(8Ho~7esj*uS6DJ<^YNFxE`>zF`d|--=E99MfDsoy`<2R{%wg&)w}8&YY3d)| z{b(RGgqbgFSWxmPS;0VamVYnhUH&>%bzzA>#O^ID7h)u(w7F^`KAJs3A#Q1$v|x-m zMuYEdSwrNM>&rj2lN2bM5OEY$w}*fOQ5Y*Kaz|7$>Hjm`|3LOSt@Jttbb1{-DgpeN zE1egP9}hr>Jww_SdCyFKWPkk6{SIY$s3&~9haTI!r(Q>XAo^YY5EhT3IQ0aUayqCo z()$NxlOY@L$z=wKn+l)hzqxJrh%@M1a@?mLbJ5V`5SRn#*CnkYMm_y8%;!S!5!yzz z$-kDfj8HbALG%$XwgkX|yH*%2`r$9iAooS!u)9L7S-Ejn%JVAZHfIAq^#*F=foe0q z9>Y~o$Ckq=zz>69c&8Nx4&{k&QO#c8(Z6$xN~@T1*zs^p3xAjl+*yofbM?lpX{I&j zg-aKmg&FB>o%lplWm~dMnJnbkC!s4D>@V|iXzgkQHiHG_w1M5R4VWVyS1`%SiWpS8m4c&3Nn=7;APy@eh(KARO{uvHSOEP@> z;-h*3*!)~<;Pvaz>#|hG4B17E0LBf1PZsRTBm{Iq!n0r^RvElO((cI01Z}t4^7{cb zZeYFI@(Yn|o?zP?(3QN<9}!=$2d+LweijV_i^5&~EH}wKc7#DzYBD@FCJWqqySme1 zWxmVlM$l7|J-G)tS;)}2n6S&f+lXQ88LZ8==D`8^sk1E`Oc&niu^47Y6L5Obh?ZjB zx3%BdQj)!O)+(8i1KV6MCh5N)%$G;KdjM=o;R`lR6b#R!uCj6=?rRY(rDSs9Zs{_o z*tD3Fo7et$OrfJ?D=Wpmr&bH>Y+0z`-fHKhXpHo|qBO-LVj}=UH43YwBI}YjgLqiJ zl+>FOf&RMT?@RZCnyCE13qaN3z2l=lnKf`~T3kz?sOhulAQ&Ay64Q_V$pmqZyi`l> z^};be+Zmg5>eA>03$selHlo4C4$}LyKzi*@z~&&HOFU(M_l|Wj^^QE@(gH zerC3!L;>sZgI6UP7CW~N(v&*>&Q4IMzOS1C|X27iG;(melN8r$+ zRr~xKwKcqcSg$4vBYp~9PI(*3tzaASb7UWvCA0vYrbQ`aj;VT?mpyJ&^FoZVGz5(f z*aRks-QDdqN11E!g_ajoh$s7vqHIS|vI#%7ZF!qs30eszh5Iy8VQ)_&q)S0M!xYp? zL6KjuzrCdh_o3mD?*TZty&7;&kPXO|+VhmZ1*_r{-hbq#@(i-LL^kyd<9LLj@(e53 zA#o%a@9T`@eR$RDpAO@ z?6bj`q($@)Qn>EMm&;P&fI4JP@X7mer&tYy?i{Mhr0oUkbY$`z$>jhVAAu8KWq4RF_XM z22`NdAn5%F#Mx+j-B#U}%K%+q*V<6Fvbm24PH1a(3w&s5Zxz-BXL%hHa(;^OTAXV& zdQb}W*Od78>A>z9X@|qcNMJ-NJ`8JVfD;*BL%J~@frWxQlVZgHt4c@=Tx^j~HzcnH zWN2urv7g)|2kqg2=}6Jgf=4x{wKy|nS;ySrNH+Y4^d0m-IvoMUg_?*zO+7JO`^>E~ zzFh7Xq^DQ^?56WpDFjFR&-{qB6*h9s3otO@x#}VVo!o3e01Krk9a`Ya-Rd`vFW(1p+|;D>l?>=k>E`B%2WJX6hm_+{eB{h%t^`Ov zCuuAX$JYE9Me@>^jsCF|t0h-o;|OpjKi()#3i1V%&dJwqazN*aU&Ax-!$g8Z&t3fpiqHs%^jAo|&rWh9b&h*nx9l*$^_00ILEp<4OMJ{e@@jz2v{U??OXkr;2bdY)s-W{4Na3gv^hW4YRvTb; zGZxd$VZgBPFG4l3Dwxl;YuHXq<7=S0qPS*9hz27VQAfplQp;1tRtU{$nP$tsd>FCT z=XN%xn=6rCKy*84$-6t|bawqd{O;+Z=N(u|_X;VV9q8l&FF5K9X{=RWRDzz6KluWr z8k#Z>K0pA1bFN&3#(%9(GlIWcX0C<2GdH9dI${kK*+cO$bR+RCA9{P80H4I$QkXEMmG=sj?H9^5`B ztBpQS`dBM)8+Ud$BIs|ZIk>b`Coh1;{pG_`6#xSaI!N{T3V3&t(gaCSiT2=7d(aOO zCECynC41TgV`e4V3po3|#8BAG$(gHUH=0t7`fof4s`UzxmZ*@0o4fIq**k*)KBNgd z#)OGUs`;s0F_l*q%c^wP*Et;lrY^=qg8O>R)?>oE0+URsaIi@mzEZH@sQz?Q^La9Z zp8?d?ML5?!ElKPUI(={UYN*Wt%&SGohD-0X%Iv8TX&eWqLq$4ewWd?A7~QG`WRm&C zHtsSYi+N2r?l#I%tPKwst#fNvTc(c(m!h4~<8RvRAPA!G1ylCdZT_xjV8sFa>VEQ`UeiVtR|*9z*Ojbf<%o)AEg zXicl?qB?VVD))?JkiQ!dP1w{qMZz9+0^ss#ACrWLbG!YA;G8zIA+Wo(v`BQ*FF=7O zf31_FbUhG<;FI~@|F`xM?ju#!*yLLJ3 z*w}zC{U6cZ&78tTdj+eYrFec9dBXb&!$}*>CSaaSkEJgknNEN29vD=ips_HvLyZiNIB#yp!@$L2f9Jd11P9=`dj(6N+QT;TrSOdbak13TkC7HW_m1nh z;Pv1*9XzDAB6lpa^Dp4yKvF&d?5h37rbr~9^s*3t;)2RkN^nw&6#5G94+;zHGy zGU|2j_v_xm8hKX9^Bf&HbWb8M15Llp9B{)OIIYFA@Xw5Y;5#S#!pde+8r%=HxCfB> z+SITh64^T$Zkw}nr>x7PHGPru^17)4AHS)h)vi`DqI?bVtU^n-Af;Fc5Jb0z)*3T% z9$JLGP}rUe?Dg6gZz%AZ&?#!l3^j?M1kg;CT6^}&HH z!%rv@TOQoeMd|e+{1l9!6>b{}#*`uw2fnhGj%tsvD&rNteRk-@nr7%#B9S(`uWjT4woPR8_tPgTcqT&iNrDM@ihg(6(WdaRODO-l$>w5CLVudNb8h z1ba#5wT#`TWgkxA8JI9-cpQQ1J6Q3kWjD7e2Bs8P17cV{L`PMCH3doHkLO0`z6zT( zZLUND0mJAH%C;W4$H8J=v!tz_MBXN!>na&){YLy~7g%Q3JZP=N|yy_DJ z#O-WuieGkVEdq&kzYigeyE)m|aq^2cD_=UozqdJYGJaLQwM%VW@FX*HPMv$tTcr}Y zgw<%WqVY=~ATOByo{#@YXt&$QBkZO)Y!q+X^_pc1lCEJn?AvUlZoknJ))rE% zavX=udG=jV=|y&|wh5D4gO7Khn~vz)`c#YK;??GbV@qUNg_%mR#A>rlL#zk21gRlz z4WWasiqKre4cHQt{@w@7`I~C;6;!_CN*-!9cdWcSCZU)lfH#~c1mQfvJ{*s7`-9`< z#wFGzqxchx+pNHs%*%|l;xrsz0-j)WeTZ@YyhX_gmwG>`%E27SfmUSY3^;tR#v2Fi zbZnSKLnba&fpu~})Y2?7Zfu!`!q@e<;~9-uCHjUM6*~#aEZuf?<_DgQ3F|}2uYy1Z znJC5AC2~LdbBbi2)Gq;9*MWW0C?X7E4L7Z87<;U_ngg*X6s2ejV^9C57ro}#3vLA& z7IFcm8gK(ZcG#Y@V#DZ6MtpF*!D+%}LAwh+YZI*M^ZHhuUcA0zMSE=7GlE>BA*E8}<) zF62hRjc)}`N^mAD%;>TlHF~)u;4%qx%sZyJmFY(34g3$Toh&J~FXZw80&VX7>KWCp z18=VYE?$;uwL8^YVGKYu3Hr+Pxqy^}Fl|c9O^AS8I&O5?xp_%Z#L@+Iw!($AF42+k z8Dq;()ZQ_BV3I`bFv`4QgVGWD?rZcx)}m9t=yB4AZnI@ZrZqGAL5@~EJKTmE3Z$a8 zo*|26>IP_3x}xU8$YEh?@~a{PRSM5E+*>FBs+ki_Yi_bExft_cq1y!UK7Wm7g0!5F zkr{Y6c^4Ed&_X!@r|)=fZjJYN312Kb%V#qD@O7yP4QkrTO5a1g?cAbY7P3B(vQ_^Txl*lgt2-?R%W?LVP1$Di_}88Wz|^D z@gA5h9rmlv!+P>IA{^C^sQ0`tYLD$ujP4ezAkq+d9pTdylB}v?3ulIod!wqmItSW; z`=R6zTj4Y~MD8pxWYkup8}ml7TjfR_(9M4HVO95PZVM*gH2YISLK}Y4V$hE&%i@IN zYb*Joam(RyRncYzu6qxxk_!7NF;PB@7(8#%#*$`s1rm?`usC38*kYx`p^fR2#Qus2 zjU$Po{~N8bytRi2WtKB>|Ld2*SosR=?-A4&Zx4QGlR1c40Z#BUs1@6*L(g!H0Ozk& z+MLCW!eXZFY#%VjwI}gu3hCYnyec%`G}@@N&LYpCpmVfi^_XunJ=|qN^;9@ZvWy{VrI^#>9spk z_qXrcGU%(|x&mu$R96`ol=hIYuArJB@yw3sR_hzFXyh7TIk@)WZu1}fuG<0WqmKAl z&TvZvbXI)JI8Cn*f9!Tb!x6SqJHxNjiH`Rj^$quqi@KtD;R!J}jIUSB4d$a>evkfy zly!^6+?VeqEIvdMpf~B39JZ`CO=yGDx@vSE!psm1ycgt*aLN>|^McUoO3ic%#OIWW zj2tgL4c#H1<`=|v4ag#VH|Zu3j{v>yp3+%J=2i7ACi9KpQPW-VCcqB^(jYQ%zEC%% z0Q^gbk-yIjK?guVz+i@yg{tlpk%E9}^1!O`4O1t%O5^>n^Hj;Ew|}0eim6nNKmi$_ z!~zWpset9C_`rU1LVz?$*bCx0ENG+;G5Q7}8i-RB!~s>?bg4%#)$&qgb@Rr;;&Vy0 zBqjqK@_a|Ss&psoU{c3&-A|U@k$$Ney;vqr?Go5Sbep+oS}}QdvKI$vyvT@=oU-3{j5h>MIh+-r}UkIkC1Uho6ZHUvFn6v4`JIB-0Orrdt>2FRMR*JRUTD zJ1&nbh+m@5=8*V$VN*=5M``Qebac^M`wHKj?GF-r_)h`Su(hKYJ1;Jzy##w8A-PYL zDF8A8IGEU%F+KpbA?muY(!kS9zkr9O{&w%Z5*$Cl^}@3iPHen6(Vu8pc--A9SX9(IC`7j)+QFcH-#gJ7 zs};r=y#2Vcb#Z5XGS1m|W6Ht18SmSuIR}UK;w^VwVFm&CQ*brWW^!nw5)UHeB`-w- zE_F6-aE!T6g0m=$jC;duVQ}50&6_+ICnm6)A7XR1cD3*HOpeibAf+l1n57c-d!$1* z@n)2+y*e|;t8&RLLgRf`V9U)V<2J#;6x$RC?nal}QGh}uIX{B`Up^6r8wy-@urE*w-A?v?^$9HAzE&Rx;hZfT**HJ>&xCGU)~`lXlD* zQ$0Ylws}9=%0Uss1?Ft`2}oYSz{8)57f#SzUUwhWP(RCrt)m`jHlO_^{$OgBVYtFk zs*5^ZZNtzqH4uVeu$eu~CUJ$U4Tfb>Dct z)&)!P%+eze$GLyoTX33<;!6LkgsG!rNNgK`)F4~hu(RPlKzu&ia=ME27EO7Sf+iW| z!xNP=4f;y=ch!02k9@UiyfoT@Gld+VW(qihtk7`|+#tl1H9Nmch|en(;Hzt^oV{$y zB#8vlc=g2$aG)gdW~_@1of%L}y9f8fgllIS>M3^1;e}D7zcXUHA|_49rrM40`@(ny zT(u@9O`cV1RkRJWd|-X~1l6j1#;yH8Aof)uXE4b$0G)#Hi?=5)kj#b^Fdyu~mzNjD zC?qEqR#ZwoWA7WI7pIc3=`cN=%j5O+Vz1wb4=<%`NNMCwdHv`+5#3k14>0DQE439? z0=$)60|w#Z^G&mgS~FwzTwmuNn>!Y?QoF9Lxv#uZBMj+BRQTRXWo^B|v!7Dt5lV4= z->smd;OP2pTM~L?9M?5<5)g;p)U8gW_?S!PZ-vij7r{Y(vc!S*YB7f+dA4}LnsK57 zt{MU;Ewg(MPPggo*MeVBGx;L)3w(}s-7SgxME@|FR{C2gOQmn^69b6MUM%$}{R89MK>zQEE`dZIwrs}nQF9!3K zO%i6zA;Bez3E>f!f)H)G9>K&ZPeFje+CC@5HZoqC&@kR6_KO+0tj;$lf|acxqnZ#D6yv;(*T{Z&*|i!?>6qsoJfiA1q%Su%!6 z3#V8~sam&>q4R=qw4K<-OAD*j?x~m+ z$sEe?!WiskYVyfbD@qaSq{B(AR31?Sa%dc-EUl$1Nf3k#>4yXCXAkj8(8K6Q=D2n& znmHD12*N!(5ODF?yXFuq?Sr)H`ESKeS<(c)Ir6`XAFE3&Qj>bZtkuPSFtJL17mI9> z_xYG;U%?BO`yEDI4>Huty+aoQt0R+?r3 zWn#H2O}_*u2;yKw?~!#qtjYx$$9%CNV~Q_SL2_Py(G-2DZz&k1EmA4%)Eeycf(xJc z*g!;v0LcW27&?%BRDY0_s{C}D(}I^LvN53BZUL`G#rVS;z}K-rF2(d%HFHh$#i4?W zzV|mmy>UO#kmq8iE@l~}3F;czm$^byFBcpMBnd|?Nz$vy3R|dZqxS=ps^bOAgUI|P zKJX69Y^qKZlU%AF8MBviP=!^%XNkLZDvhqK&Gw1gyIdw^78qP+l|t1*)lLk>`=_uh zYN>Vh@=OP60uIQf+iXs18^8N{w4R^W?bwyM{NRwS^BRZ}5QuOuB=sCU=GSQQuFya6 zCy7A~L)~0~k5?pMUT53+z$n)#oQ$T}(bs`Cha&nKaYD=gTTP#ycjn7X;XK4QGoPBR zas%{jsrkFr&4fmP-Wi!)NU)i{OcN5Adtk)M+~UPv;(!{;Aa;_oeYD~Ni0#WLkjRQ+lNPtej^KnG$}(t zRAS;4yzJ%ivY_6dQ2dtDJ>{=5>DT6E(UrVMM-(G1a8(FB$bnx(UcxM5O_AStUQ99G zbqv!WW5LSN<_KucQMuW&jSNfCg$ZRK;re@uq}WSAQd^dSWUMlO;A z=^gQ2LH=i>8(8Xy4KmU#w}f4}?q~}R3YLI^mM#epFVHF>J>y=0ZpmIcpc`;_8M_kg z6CD&NC=js!hnoOgEXQS4?95pp!!1?8322} zG9XcIQ^qwXog&sJ9*cQ;#>kVraBn}w0z=t8s49?Et5Ot;f@^8&X{v0F*2qmrD-^zk z(Llt=6fJCS_{wO?gW(Nk5b6j{h^A_+j7*A@^cS0iHT~_loTQB;wJHp@1gR+ac4{q^ z;c_2Mx`OPflYN6tD!dTpbUagnXh70{IMzObXM2ncZLOYJzzAc{*ydOSHHy05RRwb+ zO=~nNq}nJY2A$I6g-~1ygYzhDS^uk2i*1p0n$z7u>>55!WeoL_F7CYrZY~o3ip-+n zKHTfPRhN!3CkEwJ0`q|qw9$oZRYiRXX5oVRULty|LL9sfdgdY2FVq(h=Q5@fHPv23)dHe4dl?M~y1u!6K_v3aR}enHZtb z-ek&V*688mTUC3xIp`?glmVHYuNm`GFABQH6!;kJ1`7-HkCy07Y=_1dxzOetvy6v1 zs|V{V)FAmR=*>oE81M1dt z!YpP)d){|^meM7&{N{BN;qIXTb1{No4~2Xu1+uP^DX}(Ozc^un4J4q9I!U_ApiXug z@7wp&PBC|iTjaFS)9%*v9^aGv)T2l5Q-&MGFtSIg1%ah&hHUbT+R!#dI@u!K?`dUT z3r?zaC>WnCpkypChUo&KlWUiPxdN`2`d2aL`w;||CRUD=Bcl@(Cff+NoRU*=;wP7wflp$=jnI zZ0~!W%m?EPDcmQ=uDBcM;-B+Y_#EsAk$BmfI_#F`b1v@z@Dco<<*Tuf^FIeK*}c81 zFFuqlh%LtM0R3P4;Wn7ar}4F}lfQkVzW0 zHtLjB6wUpDw&)g|q=Pcr8IfbPAo~x*)RWmyT$8oCD=k9YytJIU`o7W>%nw;hymxyk z*6&hzxd4xM2XJ8aE<^^^#UY2JvXYuL0%o*fSg@ zuWWoba>F!kgnPiIInJ3nRClOs7WH;(TbXgnu>;CImI|_I;~SKxCe^3JOQ+3Qrxpir zbG^i>aT?-CFJts@uF(Tbd(TQ55p%YOBG zrK`PE9i3P!@ZGJG<10CmdQ@lMc>kA!4yE4T@epeyluf%iXp%LAH9_Ay1^)} z_}uj^cUZPl&R$Gd$yvi7x4o~cd@Y83E}{)4R>@br#tB0__OtOm_E@MzEqda31iEtt zEanYnI_{Z!#XKA{cGv*RE%5@$y8Pr%sXJ0W)EWx+kOH?z$jaokd2;_M}dlO!t)8%~=5Rf_I8+!I?`$R{W4RGkD*Feii^ zPvlnT9NNe^$25X6*l_;Bu6c=sdXZx%CpqXPwk<2i;ySz`2GxAkQ>XRKGa5{DHL|ng>gvH4FR%+43)WjW#S*`kUo}|tc(?cZ>HsrhE(Mk2SnwL${$s2h zw>RfDK4iDW3(S-^4&!IGFoa`uf*)Ti)Oy6zG2--+kIR@ur{}tg*1*1y z_=S$$eBJC+fn)Ka@BjBKY~d<4u*wVPxoxOaigEh00fE|Of`I@nm9`^;f${!oKu7^g zs&~$4Q}|DdhQK)sC}?j8R5Vc;@d{UzQ*ZtG&pr@raBNsOXYFO&R#0rrw#IBQEeqfoV4y|IeX1fR>YLk1!t5`zK486(ePR*ix%QxjfF1LOsng7jcSp=&$f1$v-` zB46pnbp~__e?`K1JFvhA6DX+aPwDGIFP8?V$L=-Y_YQ7-C(N}44{;T< zsflP!gzu4@@TmZ=wdVpwTYox%yoqE@`NbTbt;6K5Gu@K7xJ&9=ZWBGz1#>Jw(iHH$ zrA8&>JZWy6shsLZp0CxtF>daWoIFK1XF*n`jqeAiiyG$co#A5La3HMeUl;ZYecLLh zV?qoqB;gBnkIv<45V%`650I3RZx?M$2&(bZW%Z- zaC_yK!9^VkF*D4)e0T&bh&KHWI9cjmPa$3^IjDOa=7sz0R%x{>o6wdJ?%$7z?cb61 z=5V*0v(k*8Xw0CeUt{nySrX22saoUIgG9%B(V@>tc=GhA-}#u@mQnJT^*$Q}m`tUZ zTG3eWdwn>!>|<#t7XGNpjOXo+Yu`ClHTxc>0NXXLejOqnN$*hi3)lLJ6@a=|usS85 z?Kp}W96vmCx}GJ2bKyO=J8-=x_tnxM@{YKo!JD``YUwy#E}^9A$v3>NT?i&_$v|Ds z@#{*#j%1YOnA4iJrxrvtwa;$N$@L-|_)SGSIlu&jCX3B2Hijq2pp3f9WNO-6%PG#s zDNYv46jr8&)0f!EwunNl$N<&oBf6#d9D?=h4zWO^#b6nxq;ZC96Y|#VRJKZ$=$#H|V!Zj(1sU0>&EfO%dS}vh$XH)Yn|=y)TlfnzSQak%p>9R(xu4g|=Ab``#*3 zNz9Uu-T@t!V<*JlQq1UcR1pim6|!$7a=DXUz=c35r0FTfS?iadW*d{G5UZ%X84j#3 zMG-7KyWu&m!b!r7W07qDO4!peE12F(HZ=Pmd~Yz@T2j(I0Z#!$b4OtAx7o2`OjFz_<>7o%BxyMg=R))NAVch*;%zR-LOS$uy4OOX;bpT7QF7MeCB)aJ zB_KLky(MD(&7pC*P9zU=9TCX*@dU)1d}(aas@JimLjcYSZz8hPQren@E0M|R2zh70 z>yQ?-HU%wQ%i+q8USR4UNcA-o*NxVmk(ue;n!3PliIv@wY_<=Odk?B|sp36CC_X{b zC5v{iBEJ8IIBj@8Uy%}p3 zsLtcH_XSYZWF%ND$l8F3n9m?Jy+mG__w+-(ET;5qr+zP!9>6-9uC5C%#h^b$)c7L+ zZT>LMu9nt$&u>Rp5!1uy^S~k zuZ87F&s>){^#R!?v@NfWb$*e{zkzw>eg;+PoltcD#8OnQc~FIb@Vv`*@)Hu)09Q58 z>a{HlZI{tNuN-y3mom!>J^TS7v?Z+_o4{IXIA?{F zP+LGSk8|snuPPpdPHW2dSPxzpMY%%_A^0dxIwFaFAcK$dg;83oxv&(=8-atFW#V{I zHuh5HGU>U7IP3RKQO#RPWy4v6WT|0a7+ zpiyzXo^K+h zoG)MhxBJXcJ^5Q@SOo?OdP?K$cNd3qr*)>0ND~0(9qlZ@_W)SiMGR7!>w<>{p_y-C zS3V8Ff?}?O9h-cPW_f(##q+YoFTY%fPn{~DComMyhY$={zfBAp;KP`2(a;Rj_7BNa z{~GCo#Q*W*1rqyxfsDz4={uTP7}DDr85o(_I561QS=$)dIhYyQ(@N3Pj0}xl&<@K; z(pRufF@u4o3|>JWoU!7fg496296--6z|p||@$aSc4OabMTp5w~0`wBHqHlf){7&m{ zA7UWM=QRI!QGg&y>@|p!AqR0ln$afi2KT z{{!-um!7{sq+b0}dUo1_Px)LDzv|{cmn>jl#DD43!Ti#J28PbSJtv@)7#sdSkz}mj z{P`K&KQVuszy(Qz>hO;%6#J*nAPEs@m*hV+sXF_ds}Ld(0~h#t7W+@2zf2JR0Rsjm zOA3;w`wap&_Y4xs@Dp8R4((5nzf7_G1>*STr~E&bSrGoz`RkDQUpiRqzjRQZOT=3R zG;uu-4T{@M>L)#79{Eq4|8{+XfpPqWLm~T9o<|b_xI6z>jr_H#@Gl)E`CmGy|5Nq9 z_fUWq7~lS-6sGc1sn!7hcWEV?{#lQSnm+|(7heHKO#c`8uVu@>kYjazDdPN@<-ceD z{!}>1_?wAMfjik z`fEPrFED5CpNbFRxWDVGaP>J=6aGIL7ppXXrs}V8)n7oqK_K~eK)KDIB^I*wjIkd1 z6XQ+Ff8dut8EY{=8T@%rK$b5U|0?OMKPzp={pJ;~qd#Y{>nHvC^KZID4)VV`G#k%4 z7fHW(D8F+N`jc^z`ilV%T-o>uc205 z@fgp)--zY$Ki`YNZs658_cQO$^8UN;`?J8)dO-hbCg@BhCS Xl$U}8nGXl$9Q3CH>hr|=o}d07!s7Wl diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties index 9492014..28ff446 100644 --- a/gradle/wrapper/gradle-wrapper.properties +++ b/gradle/wrapper/gradle-wrapper.properties @@ -1,5 +1,5 @@ distributionBase=GRADLE_USER_HOME distributionPath=wrapper/dists -distributionUrl=https\://services.gradle.org/distributions/gradle-6.0.1-bin.zip +distributionUrl=https\://services.gradle.org/distributions/gradle-6.8.1-bin.zip zipStoreBase=GRADLE_USER_HOME zipStorePath=wrapper/dists diff --git a/gradlew b/gradlew index af6708f..4f906e0 100755 --- a/gradlew +++ b/gradlew @@ -1,5 +1,21 @@ #!/usr/bin/env sh +# +# Copyright 2015 the original author or authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + ############################################################################## ## ## Gradle start up script for UN*X @@ -28,7 +44,7 @@ APP_NAME="Gradle" APP_BASE_NAME=`basename "$0"` # Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. -DEFAULT_JVM_OPTS='"-Xmx64m"' +DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"' # Use the maximum available, or set MAX_FD != -1 to use that value. MAX_FD="maximum" @@ -66,6 +82,7 @@ esac CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar + # Determine the Java command to use to start the JVM. if [ -n "$JAVA_HOME" ] ; then if [ -x "$JAVA_HOME/jre/sh/java" ] ; then @@ -109,10 +126,11 @@ if $darwin; then GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\"" fi -# For Cygwin, switch paths to Windows format before running java -if $cygwin ; then +# For Cygwin or MSYS, switch paths to Windows format before running java +if [ "$cygwin" = "true" -o "$msys" = "true" ] ; then APP_HOME=`cygpath --path --mixed "$APP_HOME"` CLASSPATH=`cygpath --path --mixed "$CLASSPATH"` + JAVACMD=`cygpath --unix "$JAVACMD"` # We build the pattern for arguments to be converted via cygpath @@ -138,19 +156,19 @@ if $cygwin ; then else eval `echo args$i`="\"$arg\"" fi - i=$((i+1)) + i=`expr $i + 1` done case $i in - (0) set -- ;; - (1) set -- "$args0" ;; - (2) set -- "$args0" "$args1" ;; - (3) set -- "$args0" "$args1" "$args2" ;; - (4) set -- "$args0" "$args1" "$args2" "$args3" ;; - (5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;; - (6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;; - (7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;; - (8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;; - (9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;; + 0) set -- ;; + 1) set -- "$args0" ;; + 2) set -- "$args0" "$args1" ;; + 3) set -- "$args0" "$args1" "$args2" ;; + 4) set -- "$args0" "$args1" "$args2" "$args3" ;; + 5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;; + 6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;; + 7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;; + 8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;; + 9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;; esac fi @@ -159,14 +177,9 @@ save () { for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done echo " " } -APP_ARGS=$(save "$@") +APP_ARGS=`save "$@"` # Collect all arguments for the java command, following the shell quoting and substitution rules eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS "\"-Dorg.gradle.appname=$APP_BASE_NAME\"" -classpath "\"$CLASSPATH\"" org.gradle.wrapper.GradleWrapperMain "$APP_ARGS" -# by default we should be in the correct project dir, but when run from Finder on Mac, the cwd is wrong -if [ "$(uname)" = "Darwin" ] && [ "$HOME" = "$PWD" ]; then - cd "$(dirname "$0")" -fi - exec "$JAVACMD" "$@" diff --git a/gradlew.bat b/gradlew.bat index 0f8d593..ac1b06f 100644 --- a/gradlew.bat +++ b/gradlew.bat @@ -1,3 +1,19 @@ +@rem +@rem Copyright 2015 the original author or authors. +@rem +@rem Licensed under the Apache License, Version 2.0 (the "License"); +@rem you may not use this file except in compliance with the License. +@rem You may obtain a copy of the License at +@rem +@rem https://www.apache.org/licenses/LICENSE-2.0 +@rem +@rem Unless required by applicable law or agreed to in writing, software +@rem distributed under the License is distributed on an "AS IS" BASIS, +@rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +@rem See the License for the specific language governing permissions and +@rem limitations under the License. +@rem + @if "%DEBUG%" == "" @echo off @rem ########################################################################## @rem @@ -13,15 +29,18 @@ if "%DIRNAME%" == "" set DIRNAME=. set APP_BASE_NAME=%~n0 set APP_HOME=%DIRNAME% +@rem Resolve any "." and ".." in APP_HOME to make it shorter. +for %%i in ("%APP_HOME%") do set APP_HOME=%%~fi + @rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. -set DEFAULT_JVM_OPTS="-Xmx64m" +set DEFAULT_JVM_OPTS="-Xmx64m" "-Xms64m" @rem Find java.exe if defined JAVA_HOME goto findJavaFromJavaHome set JAVA_EXE=java.exe %JAVA_EXE% -version >NUL 2>&1 -if "%ERRORLEVEL%" == "0" goto init +if "%ERRORLEVEL%" == "0" goto execute echo. echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. @@ -35,7 +54,7 @@ goto fail set JAVA_HOME=%JAVA_HOME:"=% set JAVA_EXE=%JAVA_HOME%/bin/java.exe -if exist "%JAVA_EXE%" goto init +if exist "%JAVA_EXE%" goto execute echo. echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% @@ -45,28 +64,14 @@ echo location of your Java installation. goto fail -:init -@rem Get command-line arguments, handling Windows variants - -if not "%OS%" == "Windows_NT" goto win9xME_args - -:win9xME_args -@rem Slurp the command line arguments. -set CMD_LINE_ARGS= -set _SKIP=2 - -:win9xME_args_slurp -if "x%~1" == "x" goto execute - -set CMD_LINE_ARGS=%* - :execute @rem Setup the command line set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar + @rem Execute Gradle -"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %CMD_LINE_ARGS% +"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %* :end @rem End local scope for the variables with windows NT shell From 8c197345014803b231f6454ac8bd02a8bc4613cc Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sun, 31 Jan 2021 09:25:01 +0000 Subject: [PATCH 45/80] Update dependency com.google.guava:guava to v30 --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 92ea945..f5110ba 100644 --- a/build.gradle +++ b/build.gradle @@ -54,7 +54,7 @@ dependencies { testCompile group: 'org.bouncycastle', name: 'bcpkix-jdk15on', version: '1.64' // For verifying Base64Encoder results in unit tests - testCompile group: 'com.google.guava', name: 'guava', version: '28.2-jre' + testCompile group: 'com.google.guava', name: 'guava', version: '30.1-jre' } wrapper { From de1e9bcb3d53767aa14419f0915dc71d8dc4674d Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sun, 31 Jan 2021 09:27:07 +0000 Subject: [PATCH 46/80] Update dependency com.beust:jcommander to v1.80 --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index f5110ba..9704aa1 100644 --- a/build.gradle +++ b/build.gradle @@ -21,7 +21,7 @@ repositories { dependencies { // For CLI - compile group: 'com.beust', name: 'jcommander', version: '1.78' + compile group: 'com.beust', name: 'jcommander', version: '1.80' // For making HTTP requests compile group: 'org.apache.httpcomponents', name: 'httpasyncclient', version: '4.1.4' From e4a0fde83e7fdcb607a7e4a49413c2266d91345d Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sun, 31 Jan 2021 09:32:50 +0000 Subject: [PATCH 47/80] Update dependency com.github.johnrengelman.shadow:com.github.johnrengelman.shadow.gradle.plugin to v6 --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 9704aa1..2751548 100644 --- a/build.gradle +++ b/build.gradle @@ -1,6 +1,6 @@ plugins { id 'application' - id 'com.github.johnrengelman.shadow' version '5.2.0' + id 'com.github.johnrengelman.shadow' version '6.1.0' // Used by release.gradle id 'maven-publish' From 213bab43b6d7c1e065d9ec8ce88eb9b0aef1c673 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sun, 31 Jan 2021 09:34:43 +0000 Subject: [PATCH 48/80] Update dependency org.bitbucket.b_c:jose4j to v0.7.6 --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 2751548..0ab18c9 100644 --- a/build.gradle +++ b/build.gradle @@ -33,7 +33,7 @@ dependencies { shadow group: 'org.bouncycastle', name: 'bcprov-jdk15on', version: '1.64' // For creating and signing JWT - compile group: 'org.bitbucket.b_c', name: 'jose4j', version: '0.7.0' + compile group: 'org.bitbucket.b_c', name: 'jose4j', version: '0.7.6' // For parsing JSON testCompile group: 'com.google.code.gson', name: 'gson', version: '2.8.6' From ed5c208e6845affb76f9358b2daf77b233c85b8c Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sun, 31 Jan 2021 09:37:16 +0000 Subject: [PATCH 49/80] Update dependency commons-io:commons-io to v2.8.0 --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 0ab18c9..a03e6ce 100644 --- a/build.gradle +++ b/build.gradle @@ -48,7 +48,7 @@ dependencies { testRuntime group: 'org.junit.jupiter', name: 'junit-jupiter-engine', version: '5.7.0' // For turning InputStream to String - testCompile group: 'commons-io', name: 'commons-io', version: '2.6' + testCompile group: 'commons-io', name: 'commons-io', version: '2.8.0' // For reading the demo vapid keypair from a pem file testCompile group: 'org.bouncycastle', name: 'bcpkix-jdk15on', version: '1.64' From eece5251c90bd303fc1ae7b57d377049b6e449a0 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sun, 31 Jan 2021 09:39:47 +0000 Subject: [PATCH 50/80] Update dependency io.codearte.nexus-staging:io.codearte.nexus-staging.gradle.plugin to v0.22.0 --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index a03e6ce..99ea5cf 100644 --- a/build.gradle +++ b/build.gradle @@ -5,7 +5,7 @@ plugins { // Used by release.gradle id 'maven-publish' id 'signing' - id 'io.codearte.nexus-staging' version '0.21.1' + id 'io.codearte.nexus-staging' version '0.22.0' } apply plugin: 'application' From 4542fa388255c363a1adf4d9506217d82958f497 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sun, 31 Jan 2021 09:41:37 +0000 Subject: [PATCH 51/80] Update dependency org.apache.httpcomponents:fluent-hc to v4.5.13 --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 99ea5cf..3fea53f 100644 --- a/build.gradle +++ b/build.gradle @@ -39,7 +39,7 @@ dependencies { testCompile group: 'com.google.code.gson', name: 'gson', version: '2.8.6' // For making HTTP requests - testCompile group: 'org.apache.httpcomponents', name: 'fluent-hc', version: '4.5.10' + testCompile group: 'org.apache.httpcomponents', name: 'fluent-hc', version: '4.5.13' // For testing, obviously testCompile group: 'org.junit.jupiter', name: 'junit-jupiter-api', version: '5.7.0' From 7be07d9f2fd85d5267bd61d6f66bfa7e951416c8 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sun, 31 Jan 2021 09:43:24 +0000 Subject: [PATCH 52/80] Update dependency org.asynchttpclient:async-http-client to v2.12.2 --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 3fea53f..3c5670b 100644 --- a/build.gradle +++ b/build.gradle @@ -27,7 +27,7 @@ dependencies { compile group: 'org.apache.httpcomponents', name: 'httpasyncclient', version: '4.1.4' // For making async HTTP requests - compile group: 'org.asynchttpclient', name: 'async-http-client', version: '2.10.4' + compile group: 'org.asynchttpclient', name: 'async-http-client', version: '2.12.2' // For cryptographic operations shadow group: 'org.bouncycastle', name: 'bcprov-jdk15on', version: '1.64' From 04533f29cc5d4d8df3e8d69adf5cf7bb5ffff156 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sun, 31 Jan 2021 09:47:49 +0000 Subject: [PATCH 53/80] Update dependency org.bouncycastle:bcpkix-jdk15on to v1.68 --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 3c5670b..77dabf8 100644 --- a/build.gradle +++ b/build.gradle @@ -51,7 +51,7 @@ dependencies { testCompile group: 'commons-io', name: 'commons-io', version: '2.8.0' // For reading the demo vapid keypair from a pem file - testCompile group: 'org.bouncycastle', name: 'bcpkix-jdk15on', version: '1.64' + testCompile group: 'org.bouncycastle', name: 'bcpkix-jdk15on', version: '1.68' // For verifying Base64Encoder results in unit tests testCompile group: 'com.google.guava', name: 'guava', version: '30.1-jre' From 15f79c061ce8b1e33e6acae25147294732fecba4 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sun, 31 Jan 2021 09:50:00 +0000 Subject: [PATCH 54/80] Update dependency org.bouncycastle:bcprov-jdk15on to v1.68 --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 77dabf8..bb3723c 100644 --- a/build.gradle +++ b/build.gradle @@ -30,7 +30,7 @@ dependencies { compile group: 'org.asynchttpclient', name: 'async-http-client', version: '2.12.2' // For cryptographic operations - shadow group: 'org.bouncycastle', name: 'bcprov-jdk15on', version: '1.64' + shadow group: 'org.bouncycastle', name: 'bcprov-jdk15on', version: '1.68' // For creating and signing JWT compile group: 'org.bitbucket.b_c', name: 'jose4j', version: '0.7.6' From 8035a1e0ae3a63d19e1a972606a14a4cd4bdd9de Mon Sep 17 00:00:00 2001 From: Martijn Dwars Date: Sun, 31 Jan 2021 10:50:51 +0100 Subject: [PATCH 55/80] Downgrade com.jbeust:jcommander:1.80 -> 1.78 Version 1.80 is not uploaded in Maven Central, I should not have merged the upgrade. --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index bb3723c..764cef0 100644 --- a/build.gradle +++ b/build.gradle @@ -21,7 +21,7 @@ repositories { dependencies { // For CLI - compile group: 'com.beust', name: 'jcommander', version: '1.80' + compile group: 'com.beust', name: 'jcommander', version: '1.78' // For making HTTP requests compile group: 'org.apache.httpcomponents', name: 'httpasyncclient', version: '4.1.4' From d748bad8f1bcc69c4e4a7e75030ae1d76550ab95 Mon Sep 17 00:00:00 2001 From: Martijn Dwars Date: Sun, 31 Jan 2021 10:54:14 +0100 Subject: [PATCH 56/80] Upgrade deprecated Gradle features --- build.gradle | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/build.gradle b/build.gradle index 764cef0..87be355 100644 --- a/build.gradle +++ b/build.gradle @@ -21,40 +21,40 @@ repositories { dependencies { // For CLI - compile group: 'com.beust', name: 'jcommander', version: '1.78' + implementation group: 'com.beust', name: 'jcommander', version: '1.78' // For making HTTP requests - compile group: 'org.apache.httpcomponents', name: 'httpasyncclient', version: '4.1.4' + implementation group: 'org.apache.httpcomponents', name: 'httpasyncclient', version: '4.1.4' // For making async HTTP requests - compile group: 'org.asynchttpclient', name: 'async-http-client', version: '2.12.2' + implementation group: 'org.asynchttpclient', name: 'async-http-client', version: '2.12.2' // For cryptographic operations shadow group: 'org.bouncycastle', name: 'bcprov-jdk15on', version: '1.68' // For creating and signing JWT - compile group: 'org.bitbucket.b_c', name: 'jose4j', version: '0.7.6' + implementation group: 'org.bitbucket.b_c', name: 'jose4j', version: '0.7.6' // For parsing JSON - testCompile group: 'com.google.code.gson', name: 'gson', version: '2.8.6' + testImplementation group: 'com.google.code.gson', name: 'gson', version: '2.8.6' // For making HTTP requests - testCompile group: 'org.apache.httpcomponents', name: 'fluent-hc', version: '4.5.13' + testImplementation group: 'org.apache.httpcomponents', name: 'fluent-hc', version: '4.5.13' // For testing, obviously - testCompile group: 'org.junit.jupiter', name: 'junit-jupiter-api', version: '5.7.0' + testImplementation group: 'org.junit.jupiter', name: 'junit-jupiter-api', version: '5.7.0' // For running JUnit tests - testRuntime group: 'org.junit.jupiter', name: 'junit-jupiter-engine', version: '5.7.0' + testRuntimeOnly group: 'org.junit.jupiter', name: 'junit-jupiter-engine', version: '5.7.0' // For turning InputStream to String - testCompile group: 'commons-io', name: 'commons-io', version: '2.8.0' + testImplementation group: 'commons-io', name: 'commons-io', version: '2.8.0' // For reading the demo vapid keypair from a pem file - testCompile group: 'org.bouncycastle', name: 'bcpkix-jdk15on', version: '1.68' + testImplementation group: 'org.bouncycastle', name: 'bcpkix-jdk15on', version: '1.68' // For verifying Base64Encoder results in unit tests - testCompile group: 'com.google.guava', name: 'guava', version: '30.1-jre' + testImplementation group: 'com.google.guava', name: 'guava', version: '30.1-jre' } wrapper { From 9798fcd8fddc9a14a4e53c6097eede82510f93fc Mon Sep 17 00:00:00 2001 From: Simon Legner Date: Sat, 6 Feb 2021 23:17:47 +0100 Subject: [PATCH 57/80] Migrate to java.util.Base64 --- .../webpush/AbstractPushService.java | 11 +- .../martijndwars/webpush/Base64Encoder.java | 51 ------- .../java/nl/martijndwars/webpush/HttpEce.java | 3 +- .../nl/martijndwars/webpush/Notification.java | 11 +- .../java/nl/martijndwars/webpush/Utils.java | 5 +- .../cli/handlers/GenerateKeyHandler.java | 6 +- .../webpush/Base64EncoderTest.java | 128 ------------------ .../nl/martijndwars/webpush/HttpEceTest.java | 6 +- .../webpush/selenium/SeleniumTests.java | 6 +- 9 files changed, 28 insertions(+), 199 deletions(-) delete mode 100644 src/main/java/nl/martijndwars/webpush/Base64Encoder.java delete mode 100644 src/test/java/nl/martijndwars/webpush/Base64EncoderTest.java diff --git a/src/main/java/nl/martijndwars/webpush/AbstractPushService.java b/src/main/java/nl/martijndwars/webpush/AbstractPushService.java index 8e2d598..22db83b 100644 --- a/src/main/java/nl/martijndwars/webpush/AbstractPushService.java +++ b/src/main/java/nl/martijndwars/webpush/AbstractPushService.java @@ -19,6 +19,7 @@ import java.security.PublicKey; import java.security.SecureRandom; import java.security.spec.InvalidKeySpecException; +import java.util.Base64; import java.util.HashMap; import java.util.Map; @@ -164,8 +165,8 @@ protected final HttpRequest prepareRequest(Notification notification, Encoding e headers.put("Content-Encoding", "aes128gcm"); } else if (encoding == Encoding.AESGCM) { headers.put("Content-Encoding", "aesgcm"); - headers.put("Encryption", "salt=" + Base64Encoder.encodeUrlWithoutPadding(salt)); - headers.put("Crypto-Key", "dh=" + Base64Encoder.encodeUrl(dh)); + headers.put("Encryption", "salt=" + Base64.getUrlEncoder().withoutPadding().encodeToString(salt)); + headers.put("Crypto-Key", "dh=" + Base64.getUrlEncoder().encodeToString(dh)); } body = encrypted.getCiphertext(); @@ -201,15 +202,15 @@ protected final HttpRequest prepareRequest(Notification notification, Encoding e byte[] pk = Utils.encode((ECPublicKey) getPublicKey()); if (encoding == Encoding.AES128GCM) { - headers.put("Authorization", "vapid t=" + jws.getCompactSerialization() + ", k=" + Base64Encoder.encodeUrlWithoutPadding(pk)); + headers.put("Authorization", "vapid t=" + jws.getCompactSerialization() + ", k=" + Base64.getUrlEncoder().withoutPadding().encodeToString(pk)); } else if (encoding == Encoding.AESGCM) { headers.put("Authorization", "WebPush " + jws.getCompactSerialization()); } if (headers.containsKey("Crypto-Key")) { - headers.put("Crypto-Key", headers.get("Crypto-Key") + ";p256ecdsa=" + Base64Encoder.encodeUrlWithoutPadding(pk)); + headers.put("Crypto-Key", headers.get("Crypto-Key") + ";p256ecdsa=" + Base64.getUrlEncoder().encodeToString(pk)); } else { - headers.put("Crypto-Key", "p256ecdsa=" + Base64Encoder.encodeUrl(pk)); + headers.put("Crypto-Key", "p256ecdsa=" + Base64.getUrlEncoder().encodeToString(pk)); } } else if (notification.isFcm() && getGcmApiKey() != null) { headers.put("Authorization", "key=" + getGcmApiKey()); diff --git a/src/main/java/nl/martijndwars/webpush/Base64Encoder.java b/src/main/java/nl/martijndwars/webpush/Base64Encoder.java deleted file mode 100644 index b9f05ee..0000000 --- a/src/main/java/nl/martijndwars/webpush/Base64Encoder.java +++ /dev/null @@ -1,51 +0,0 @@ -package nl.martijndwars.webpush; - - -import org.apache.commons.codec.binary.Base64; - -/** - * Java 7 compatible Base64 encode/decode functions. Based on Apache Commons Codec. - * - *

- * Note: Once upgrading to Java 8+, replace by native Base64 encoder. - *

- */ -public class Base64Encoder { - - public static byte[] decode(String base64Encoded) { - return Base64.decodeBase64(base64Encoded); - } - - public static String encodeWithoutPadding(byte[] bytes) { - return unpad(Base64.encodeBase64String(bytes)); - } - - public static String encodeUrl(byte[] bytes) { - return pad(Base64.encodeBase64URLSafeString(bytes)); - } - - public static String encodeUrlWithoutPadding(byte[] bytes) { - return Base64.encodeBase64URLSafeString(bytes); - } - - private static String pad(String base64Encoded) { - int m = base64Encoded.length() % 4; - if (m == 2) { - return base64Encoded + "=="; - } else if (m == 3) { - return base64Encoded + "="; - } else { - return base64Encoded; - } - } - - private static String unpad(String base64Encoded) { - if (base64Encoded.endsWith("==")) { - return base64Encoded.substring(0, base64Encoded.length() - 2); - } else if (base64Encoded.endsWith("=")) { - return base64Encoded.substring(0, base64Encoded.length() - 1); - } else { - return base64Encoded; - } - } -} diff --git a/src/main/java/nl/martijndwars/webpush/HttpEce.java b/src/main/java/nl/martijndwars/webpush/HttpEce.java index 4aacdc0..b9e9436 100644 --- a/src/main/java/nl/martijndwars/webpush/HttpEce.java +++ b/src/main/java/nl/martijndwars/webpush/HttpEce.java @@ -12,6 +12,7 @@ import java.nio.ByteBuffer; import java.security.*; import java.util.Arrays; +import java.util.Base64; import java.util.HashMap; import java.util.Map; @@ -437,7 +438,7 @@ private static byte[] intToBytes(int number) { */ private static byte[] log(String info, byte[] array) { if ("1".equals(System.getenv("ECE_KEYLOG"))) { - System.out.println(info + " [" + array.length + "]: " + Base64Encoder.encodeUrlWithoutPadding(array)); + System.out.println(info + " [" + array.length + "]: " + Base64.getUrlEncoder().withoutPadding().encodeToString(array)); } return array; diff --git a/src/main/java/nl/martijndwars/webpush/Notification.java b/src/main/java/nl/martijndwars/webpush/Notification.java index 50ab0c9..6fdc493 100644 --- a/src/main/java/nl/martijndwars/webpush/Notification.java +++ b/src/main/java/nl/martijndwars/webpush/Notification.java @@ -8,6 +8,7 @@ import java.security.NoSuchProviderException; import java.security.PublicKey; import java.security.spec.InvalidKeySpecException; +import java.util.Base64; import static java.nio.charset.StandardCharsets.UTF_8; @@ -71,7 +72,7 @@ public Notification(String endpoint, PublicKey userPublicKey, byte[] userAuth, b } public Notification(String endpoint, String userPublicKey, String userAuth, byte[] payload, int ttl) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeySpecException { - this(endpoint, Utils.loadPublicKey(userPublicKey), Base64Encoder.decode(userAuth), payload, ttl); + this(endpoint, Utils.loadPublicKey(userPublicKey), Base64.getUrlDecoder().decode(userAuth), payload, ttl); } public Notification(String endpoint, PublicKey userPublicKey, byte[] userAuth, byte[] payload) { @@ -79,15 +80,15 @@ public Notification(String endpoint, PublicKey userPublicKey, byte[] userAuth, b } public Notification(String endpoint, String userPublicKey, String userAuth, byte[] payload) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeySpecException { - this(endpoint, Utils.loadPublicKey(userPublicKey), Base64Encoder.decode(userAuth), payload); + this(endpoint, Utils.loadPublicKey(userPublicKey), Base64.getUrlDecoder().decode(userAuth), payload); } public Notification(String endpoint, String userPublicKey, String userAuth, String payload) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeySpecException { - this(endpoint, Utils.loadPublicKey(userPublicKey), Base64Encoder.decode(userAuth), payload.getBytes(UTF_8)); + this(endpoint, Utils.loadPublicKey(userPublicKey), Base64.getUrlDecoder().decode(userAuth), payload.getBytes(UTF_8)); } public Notification(String endpoint, String userPublicKey, String userAuth, String payload, Urgency urgency) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeySpecException { - this(endpoint, Utils.loadPublicKey(userPublicKey), Base64Encoder.decode(userAuth), payload.getBytes(UTF_8)); + this(endpoint, Utils.loadPublicKey(userPublicKey), Base64.getUrlDecoder().decode(userAuth), payload.getBytes(UTF_8)); this.urgency = urgency; } @@ -200,7 +201,7 @@ public NotificationBuilder userPublicKey(byte[] publicKey) throws NoSuchAlgorith } public NotificationBuilder userAuth(String userAuth) { - this.userAuth = Base64Encoder.decode(userAuth); + this.userAuth = Base64.getUrlDecoder().decode(userAuth); return this; } diff --git a/src/main/java/nl/martijndwars/webpush/Utils.java b/src/main/java/nl/martijndwars/webpush/Utils.java index aa625e5..d135f38 100644 --- a/src/main/java/nl/martijndwars/webpush/Utils.java +++ b/src/main/java/nl/martijndwars/webpush/Utils.java @@ -15,6 +15,7 @@ import java.nio.ByteBuffer; import java.security.*; import java.security.spec.InvalidKeySpecException; +import java.util.Base64; import static org.bouncycastle.jce.provider.BouncyCastleProvider.PROVIDER_NAME; @@ -45,7 +46,7 @@ public static byte[] encode(ECPrivateKey privateKey) { * @param encodedPublicKey */ public static PublicKey loadPublicKey(String encodedPublicKey) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidKeySpecException { - byte[] decodedPublicKey = Base64Encoder.decode(encodedPublicKey); + byte[] decodedPublicKey = Base64.getUrlDecoder().decode(encodedPublicKey); return loadPublicKey(decodedPublicKey); } @@ -74,7 +75,7 @@ public static PublicKey loadPublicKey(byte[] decodedPublicKey) throws NoSuchProv * @throws InvalidKeySpecException */ public static PrivateKey loadPrivateKey(String encodedPrivateKey) throws NoSuchProviderException, NoSuchAlgorithmException, InvalidKeySpecException { - byte[] decodedPrivateKey = Base64Encoder.decode(encodedPrivateKey); + byte[] decodedPrivateKey = Base64.getUrlDecoder().decode(encodedPrivateKey); return loadPrivateKey(decodedPrivateKey); } diff --git a/src/main/java/nl/martijndwars/webpush/cli/handlers/GenerateKeyHandler.java b/src/main/java/nl/martijndwars/webpush/cli/handlers/GenerateKeyHandler.java index 68bfd99..6ddf519 100644 --- a/src/main/java/nl/martijndwars/webpush/cli/handlers/GenerateKeyHandler.java +++ b/src/main/java/nl/martijndwars/webpush/cli/handlers/GenerateKeyHandler.java @@ -1,6 +1,5 @@ package nl.martijndwars.webpush.cli.handlers; -import nl.martijndwars.webpush.Base64Encoder; import nl.martijndwars.webpush.Utils; import nl.martijndwars.webpush.cli.commands.GenerateKeyCommand; import org.bouncycastle.jce.ECNamedCurveTable; @@ -15,6 +14,7 @@ import java.io.IOException; import java.io.OutputStreamWriter; import java.security.*; +import java.util.Base64; import static nl.martijndwars.webpush.Utils.ALGORITHM; import static nl.martijndwars.webpush.Utils.CURVE; @@ -42,10 +42,10 @@ public void run() throws InvalidAlgorithmParameterException, NoSuchAlgorithmExce } System.out.println("PublicKey:"); - System.out.println(Base64Encoder.encodeUrl(encodedPublicKey)); + System.out.println(Base64.getUrlEncoder().encodeToString(encodedPublicKey)); System.out.println("PrivateKey:"); - System.out.println(Base64Encoder.encodeUrl(encodedPrivateKey)); + System.out.println(Base64.getUrlEncoder().encodeToString(encodedPrivateKey)); } /** diff --git a/src/test/java/nl/martijndwars/webpush/Base64EncoderTest.java b/src/test/java/nl/martijndwars/webpush/Base64EncoderTest.java deleted file mode 100644 index 962e405..0000000 --- a/src/test/java/nl/martijndwars/webpush/Base64EncoderTest.java +++ /dev/null @@ -1,128 +0,0 @@ -package nl.martijndwars.webpush; - -import org.junit.jupiter.api.Test; - -import static com.google.common.io.BaseEncoding.base64; -import static com.google.common.io.BaseEncoding.base64Url; -import static java.nio.charset.StandardCharsets.UTF_8; -import static nl.martijndwars.webpush.Base64Encoder.*; -import static org.junit.jupiter.api.Assertions.assertEquals; - -class Base64EncoderTest { - - @Test - void decodeTest() { - // first compare with previous guava implementation, make sure non-breaking changes - assertEquals(new String(base64().decode("")), new String(decode(""))); - assertEquals(new String(base64().decode("dw")), new String(decode("dw"))); - assertEquals(new String(base64().decode("dw==")), new String(decode("dw=="))); - assertEquals(new String(base64().decode("d2U")), new String(decode("d2U"))); - assertEquals(new String(base64().decode("d2Vi")), new String(decode("d2Vi"))); - assertEquals(new String(base64().decode("d2ViLQ")), new String(decode("d2ViLQ"))); - assertEquals(new String(base64().decode("d2ViLQ==")), new String(decode("d2ViLQ=="))); - assertEquals(new String(base64().decode("d2ViLXA")), new String(decode("d2ViLXA"))); - assertEquals(new String(base64().decode("d2ViLXA=")), new String(decode("d2ViLXA="))); - assertEquals(new String(base64().decode("d2ViLXB1")), new String(decode("d2ViLXB1"))); - assertEquals(new String(base64().decode("d2ViLXB1cw")), new String(decode("d2ViLXB1cw"))); - assertEquals(new String(base64().decode("d2ViLXB1cw==")), new String(decode("d2ViLXB1cw=="))); - assertEquals(new String(base64().decode("d2ViLXB1c2g")), new String(decode("d2ViLXB1c2g"))); - assertEquals(new String(base64().decode("d2ViLXB1c2g=")), new String(decode("d2ViLXB1c2g="))); - assertEquals(new String(base64().decode("d2ViLXB1c2g/")), new String(decode("d2ViLXB1c2g/"))); - assertEquals(new String(base64Url().decode("d2ViLXB1c2g_")), new String(decode("d2ViLXB1c2g_"))); - - assertEquals("", new String(decode(""))); - assertEquals("w", new String(decode("dw"))); - assertEquals("w", new String(decode("dw=="))); - assertEquals("we", new String(decode("d2U"))); - assertEquals("web", new String(decode("d2Vi"))); - assertEquals("web-", new String(decode("d2ViLQ"))); - assertEquals("web-", new String(decode("d2ViLQ=="))); - assertEquals("web-p", new String(decode("d2ViLXA"))); - assertEquals("web-p", new String(decode("d2ViLXA="))); - assertEquals("web-pu", new String(decode("d2ViLXB1"))); - assertEquals("web-pus", new String(decode("d2ViLXB1cw"))); - assertEquals("web-pus", new String(decode("d2ViLXB1cw=="))); - assertEquals("web-push", new String(decode("d2ViLXB1c2g"))); - assertEquals("web-push", new String(decode("d2ViLXB1c2g="))); - assertEquals("web-push?", new String(decode("d2ViLXB1c2g/"))); - assertEquals("web-push?", new String(decode("d2ViLXB1c2g_"))); - } - - @Test - void encodeWithoutPaddingTest() { - // first verify non breaking changes after removing guava as compile dependency - assertEquals(base64().omitPadding().encode("".getBytes()), encodeWithoutPadding("".getBytes(UTF_8))); - assertEquals(base64().omitPadding().encode("w".getBytes()), encodeWithoutPadding("w".getBytes(UTF_8))); - assertEquals(base64().omitPadding().encode("we".getBytes()), encodeWithoutPadding("we".getBytes(UTF_8))); - assertEquals(base64().omitPadding().encode("web".getBytes()), encodeWithoutPadding("web".getBytes(UTF_8))); - assertEquals(base64().omitPadding().encode("web-".getBytes()), encodeWithoutPadding("web-".getBytes(UTF_8))); - assertEquals(base64().omitPadding().encode("web-p".getBytes()), encodeWithoutPadding("web-p".getBytes(UTF_8))); - assertEquals(base64().omitPadding().encode("web-pu".getBytes()), encodeWithoutPadding("web-pu".getBytes(UTF_8))); - assertEquals(base64().omitPadding().encode("web-pus".getBytes()), encodeWithoutPadding("web-pus".getBytes(UTF_8))); - assertEquals(base64().omitPadding().encode("web-push".getBytes()), encodeWithoutPadding("web-push".getBytes(UTF_8))); - assertEquals(base64().omitPadding().encode("web-push?".getBytes()), encodeWithoutPadding("web-push?".getBytes(UTF_8))); - - assertEquals("", encodeWithoutPadding("".getBytes(UTF_8))); - assertEquals("dw", encodeWithoutPadding("w".getBytes(UTF_8))); - assertEquals("d2U", encodeWithoutPadding("we".getBytes(UTF_8))); - assertEquals("d2Vi", encodeWithoutPadding("web".getBytes(UTF_8))); - assertEquals("d2ViLQ", encodeWithoutPadding("web-".getBytes(UTF_8))); - assertEquals("d2ViLXA", encodeWithoutPadding("web-p".getBytes(UTF_8))); - assertEquals("d2ViLXB1", encodeWithoutPadding("web-pu".getBytes(UTF_8))); - assertEquals("d2ViLXB1cw", encodeWithoutPadding("web-pus".getBytes(UTF_8))); - assertEquals("d2ViLXB1c2g", encodeWithoutPadding("web-push".getBytes(UTF_8))); - assertEquals("d2ViLXB1c2g/", encodeWithoutPadding("web-push?".getBytes(UTF_8))); - } - - @Test - void encodeUrlTest() { - // first verify non breaking changes after removing guava as compile dependency - assertEquals(base64Url().encode("".getBytes()), encodeUrl("".getBytes(UTF_8))); - assertEquals(base64Url().encode("w".getBytes()), encodeUrl("w".getBytes(UTF_8))); - assertEquals(base64Url().encode("we".getBytes()), encodeUrl("we".getBytes(UTF_8))); - assertEquals(base64Url().encode("web".getBytes()), encodeUrl("web".getBytes(UTF_8))); - assertEquals(base64Url().encode("web-".getBytes()), encodeUrl("web-".getBytes(UTF_8))); - assertEquals(base64Url().encode("web-p".getBytes()), encodeUrl("web-p".getBytes(UTF_8))); - assertEquals(base64Url().encode("web-pu".getBytes()), encodeUrl("web-pu".getBytes(UTF_8))); - assertEquals(base64Url().encode("web-pus".getBytes()), encodeUrl("web-pus".getBytes(UTF_8))); - assertEquals(base64Url().encode("web-push".getBytes()), encodeUrl("web-push".getBytes(UTF_8))); - assertEquals(base64Url().encode("web-push?".getBytes()), encodeUrl("web-push?".getBytes(UTF_8))); - - assertEquals("", encodeUrl("".getBytes(UTF_8))); - assertEquals("dw==", encodeUrl("w".getBytes(UTF_8))); - assertEquals("d2U=", encodeUrl("we".getBytes(UTF_8))); - assertEquals("d2Vi", encodeUrl("web".getBytes(UTF_8))); - assertEquals("d2ViLQ==", encodeUrl("web-".getBytes(UTF_8))); - assertEquals("d2ViLXA=", encodeUrl("web-p".getBytes(UTF_8))); - assertEquals("d2ViLXB1", encodeUrl("web-pu".getBytes(UTF_8))); - assertEquals("d2ViLXB1cw==", encodeUrl("web-pus".getBytes(UTF_8))); - assertEquals("d2ViLXB1c2g=", encodeUrl("web-push".getBytes(UTF_8))); - assertEquals("d2ViLXB1c2g_", encodeUrl("web-push?".getBytes(UTF_8))); - } - - @Test - void encodeUrlWithoutPaddingTest() { - // first verify non breaking changes after removing guava as compile dependency - assertEquals(base64Url().omitPadding().encode("".getBytes()), encodeUrlWithoutPadding("".getBytes(UTF_8))); - assertEquals(base64Url().omitPadding().encode("w".getBytes()), encodeUrlWithoutPadding("w".getBytes(UTF_8))); - assertEquals(base64Url().omitPadding().encode("we".getBytes()), encodeUrlWithoutPadding("we".getBytes(UTF_8))); - assertEquals(base64Url().omitPadding().encode("web".getBytes()), encodeUrlWithoutPadding("web".getBytes(UTF_8))); - assertEquals(base64Url().omitPadding().encode("web-".getBytes()), encodeUrlWithoutPadding("web-".getBytes(UTF_8))); - assertEquals(base64Url().omitPadding().encode("web-p".getBytes()), encodeUrlWithoutPadding("web-p".getBytes(UTF_8))); - assertEquals(base64Url().omitPadding().encode("web-pu".getBytes()), encodeUrlWithoutPadding("web-pu".getBytes(UTF_8))); - assertEquals(base64Url().omitPadding().encode("web-pus".getBytes()), encodeUrlWithoutPadding("web-pus".getBytes(UTF_8))); - assertEquals(base64Url().omitPadding().encode("web-push".getBytes()), encodeUrlWithoutPadding("web-push".getBytes(UTF_8))); - assertEquals(base64Url().omitPadding().encode("web-push?".getBytes()), encodeUrlWithoutPadding("web-push?".getBytes(UTF_8))); - - assertEquals("", encodeUrlWithoutPadding("".getBytes(UTF_8))); - assertEquals("dw", encodeUrlWithoutPadding("w".getBytes(UTF_8))); - assertEquals("d2U", encodeUrlWithoutPadding("we".getBytes(UTF_8))); - assertEquals("d2Vi", encodeUrlWithoutPadding("web".getBytes(UTF_8))); - assertEquals("d2ViLQ", encodeUrlWithoutPadding("web-".getBytes(UTF_8))); - assertEquals("d2ViLXA", encodeUrlWithoutPadding("web-p".getBytes(UTF_8))); - assertEquals("d2ViLXB1", encodeUrlWithoutPadding("web-pu".getBytes(UTF_8))); - assertEquals("d2ViLXB1cw", encodeUrlWithoutPadding("web-pus".getBytes(UTF_8))); - assertEquals("d2ViLXB1c2g", encodeUrlWithoutPadding("web-push".getBytes(UTF_8))); - assertEquals("d2ViLXB1c2g_", encodeUrlWithoutPadding("web-push?".getBytes(UTF_8))); - } -} \ No newline at end of file diff --git a/src/test/java/nl/martijndwars/webpush/HttpEceTest.java b/src/test/java/nl/martijndwars/webpush/HttpEceTest.java index fadc408..c3f6884 100644 --- a/src/test/java/nl/martijndwars/webpush/HttpEceTest.java +++ b/src/test/java/nl/martijndwars/webpush/HttpEceTest.java @@ -7,9 +7,9 @@ import org.junit.jupiter.api.Test; import java.security.*; +import java.util.Base64; import java.util.HashMap; -import static nl.martijndwars.webpush.Base64Encoder.decode; import static nl.martijndwars.webpush.Encoding.AES128GCM; import static org.junit.jupiter.api.Assertions.assertArrayEquals; @@ -19,6 +19,10 @@ public static void addSecurityProvider() { Security.addProvider(new BouncyCastleProvider()); } + private byte[] decode(String s) { + return Base64.getUrlDecoder().decode(s); + } + @Test public void testZeroSaltAndKey() throws GeneralSecurityException { HttpEce httpEce = new HttpEce(); diff --git a/src/test/java/nl/martijndwars/webpush/selenium/SeleniumTests.java b/src/test/java/nl/martijndwars/webpush/selenium/SeleniumTests.java index de1353e..1054486 100644 --- a/src/test/java/nl/martijndwars/webpush/selenium/SeleniumTests.java +++ b/src/test/java/nl/martijndwars/webpush/selenium/SeleniumTests.java @@ -1,6 +1,5 @@ package nl.martijndwars.webpush.selenium; -import nl.martijndwars.webpush.Base64Encoder; import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.junit.jupiter.api.AfterAll; import org.junit.jupiter.api.DynamicTest; @@ -8,6 +7,7 @@ import java.io.IOException; import java.security.Security; +import java.util.Base64; import java.util.stream.Stream; import static org.junit.jupiter.api.DynamicTest.dynamicTest; @@ -58,8 +58,8 @@ public Stream dynamicTests() throws IOException { * @return */ protected Stream getConfigurations() { - String PUBLIC_KEY_NO_PADDING = Base64Encoder.encodeWithoutPadding( - Base64Encoder.decode(PUBLIC_KEY) + String PUBLIC_KEY_NO_PADDING = Base64.getUrlEncoder().withoutPadding().encodeToString( + Base64.getUrlDecoder().decode(PUBLIC_KEY) ); return Stream.of( From 961ae363632bbe977082273a398101c457468dc5 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Mon, 8 Feb 2021 08:36:12 +0000 Subject: [PATCH 58/80] Update dependency gradle to v6.8.2 --- gradle/wrapper/gradle-wrapper.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties index 28ff446..2a56324 100644 --- a/gradle/wrapper/gradle-wrapper.properties +++ b/gradle/wrapper/gradle-wrapper.properties @@ -1,5 +1,5 @@ distributionBase=GRADLE_USER_HOME distributionPath=wrapper/dists -distributionUrl=https\://services.gradle.org/distributions/gradle-6.8.1-bin.zip +distributionUrl=https\://services.gradle.org/distributions/gradle-6.8.2-bin.zip zipStoreBase=GRADLE_USER_HOME zipStorePath=wrapper/dists From 4c6f12f5e6ef3f897d77c9f5bd25b365339db79d Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 16 Mar 2021 17:51:08 +0000 Subject: [PATCH 59/80] Update dependency io.codearte.nexus-staging:io.codearte.nexus-staging.gradle.plugin to v0.30.0 --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 87be355..cc5566b 100644 --- a/build.gradle +++ b/build.gradle @@ -5,7 +5,7 @@ plugins { // Used by release.gradle id 'maven-publish' id 'signing' - id 'io.codearte.nexus-staging' version '0.22.0' + id 'io.codearte.nexus-staging' version '0.30.0' } apply plugin: 'application' From bf8b8826f04a04a0cadff3a4fdd409fa93318971 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Fri, 19 Mar 2021 17:47:15 +0000 Subject: [PATCH 60/80] Update dependency com.google.guava:guava to v30.1.1-jre --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 87be355..fbf3fd4 100644 --- a/build.gradle +++ b/build.gradle @@ -54,7 +54,7 @@ dependencies { testImplementation group: 'org.bouncycastle', name: 'bcpkix-jdk15on', version: '1.68' // For verifying Base64Encoder results in unit tests - testImplementation group: 'com.google.guava', name: 'guava', version: '30.1-jre' + testImplementation group: 'com.google.guava', name: 'guava', version: '30.1.1-jre' } wrapper { From 5f8e0d5b124516043820430f222da5fc2dac4d0f Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 19 Oct 2021 01:47:02 +0000 Subject: [PATCH 61/80] Update dependency gradle to v7 --- gradle/wrapper/gradle-wrapper.jar | Bin 59203 -> 59536 bytes gradle/wrapper/gradle-wrapper.properties | 2 +- gradlew | 257 ++++++++++++++--------- 3 files changed, 154 insertions(+), 105 deletions(-) diff --git a/gradle/wrapper/gradle-wrapper.jar b/gradle/wrapper/gradle-wrapper.jar index e708b1c023ec8b20f512888fe07c5bd3ff77bb8f..7454180f2ae8848c63b8b4dea2cb829da983f2fa 100644 GIT binary patch delta 18435 zcmY&<19zBR)MXm8v2EM7ZQHi-#I|kQZfv7Tn#Q)%81v4zX3d)U4d4 zYYc!v@NU%|U;_sM`2z(4BAilWijmR>4U^KdN)D8%@2KLcqkTDW%^3U(Wg>{qkAF z&RcYr;D1I5aD(N-PnqoEeBN~JyXiT(+@b`4Pv`;KmkBXYN48@0;iXuq6!ytn`vGp$ z6X4DQHMx^WlOek^bde&~cvEO@K$oJ}i`T`N;M|lX0mhmEH zuRpo!rS~#&rg}ajBdma$$}+vEhz?JAFUW|iZEcL%amAg_pzqul-B7Itq6Y_BGmOCC zX*Bw3rFz3R)DXpCVBkI!SoOHtYstv*e-May|+?b80ZRh$MZ$FerlC`)ZKt} zTd0Arf9N2dimjs>mg5&@sfTPsRXKXI;0L~&t+GH zkB<>wxI9D+k5VHHcB7Rku{Z>i3$&hgd9Mt_hS_GaGg0#2EHzyV=j=u5xSyV~F0*qs zW{k9}lFZ?H%@4hII_!bzao!S(J^^ZZVmG_;^qXkpJb7OyR*sPL>))Jx{K4xtO2xTr@St!@CJ=y3q2wY5F`77Tqwz8!&Q{f7Dp zifvzVV1!Dj*dxG%BsQyRP6${X+Tc$+XOG zzvq5xcC#&-iXlp$)L=9t{oD~bT~v^ZxQG;FRz|HcZj|^L#_(VNG)k{=_6|6Bs-tRNCn-XuaZ^*^hpZ@qwi`m|BxcF6IWc?_bhtK_cDZRTw#*bZ2`1@1HcB`mLUmo_>@2R&nj7&CiH zF&laHkG~7#U>c}rn#H)q^|sk+lc!?6wg0xy`VPn!{4P=u@cs%-V{VisOxVqAR{XX+ zw}R;{Ux@6A_QPka=48|tph^^ZFjSHS1BV3xfrbY84^=?&gX=bmz(7C({=*oy|BEp+ zYgj;<`j)GzINJA>{HeSHC)bvp6ucoE`c+6#2KzY9)TClmtEB1^^Mk)(mXWYvup02e%Ghm9qyjz#fO3bNGBX} zFiB>dvc1+If!>I10;qZk`?6pEd*(?bI&G*3YLt;MWw&!?=Mf7%^Op?qnyXWur- zwX|S^P>jF?{m9c&mmK-epCRg#WB+-VDe!2d2~YVoi%7_q(dyC{(}zB${!ElKB2D}P z7QNFM!*O^?FrPMGZ}wQ0TrQAVqZy!weLhu_Zq&`rlD39r*9&2sJHE(JT0EY5<}~x@ z1>P0!L2IFDqAB!($H9s2fI`&J_c+5QT|b#%99HA3@zUWOuYh(~7q7!Pf_U3u!ij5R zjFzeZta^~RvAmd_TY+RU@e}wQaB_PNZI26zmtzT4iGJg9U(Wrgrl>J%Z3MKHOWV(? zj>~Ph$<~8Q_sI+)$DOP^9FE6WhO09EZJ?1W|KidtEjzBX3RCLUwmj9qH1CM=^}MaK z59kGxRRfH(n|0*lkE?`Rpn6d^u5J6wPfi0WF(rucTv(I;`aW)3;nY=J=igkjsn?ED ztH&ji>}TW8)o!Jg@9Z}=i2-;o4#xUksQHu}XT~yRny|kg-$Pqeq!^78xAz2mYP9+4 z9gwAoti2ICvUWxE&RZ~}E)#M8*zy1iwz zHqN%q;u+f6Ti|SzILm0s-)=4)>eb5o-0K zbMW8ecB4p^6OuIX@u`f{>Yn~m9PINEl#+t*jqalwxIx=TeGB9(b6jA}9VOHnE$9sC zH`;epyH!k-3kNk2XWXW!K`L_G!%xOqk0ljPCMjK&VweAxEaZ==cT#;!7)X&C|X{dY^IY(e4D#!tx^vV3NZqK~--JW~wtXJ8X19adXim?PdN(|@o(OdgH3AiHts~?#QkolO?*=U_buYC&tQ3sc(O5HGHN~=6wB@dgIAVT$ z_OJWJ^&*40Pw&%y^t8-Wn4@l9gOl`uU z{Uda_uk9!Iix?KBu9CYwW9Rs=yt_lE11A+k$+)pkY5pXpocxIEJe|pTxwFgB%Kpr&tH;PzgOQ&m|(#Otm?@H^r`v)9yiR8v&Uy>d#TNdRfyN4Jk;`g zp+jr5@L2A7TS4=G-#O<`A9o;{En5!I8lVUG?!PMsv~{E_yP%QqqTxxG%8%KxZ{uwS zOT+EA5`*moN8wwV`Z=wp<3?~f#frmID^K?t7YL`G^(X43gWbo!6(q*u%HxWh$$^2EOq`Hj zp=-fS#Av+s9r-M)wGIggQ)b<@-BR`R8l1G@2+KODmn<_$Tzb7k35?e8;!V0G>`(!~ zY~qZz!6*&|TupOcnvsQYPbcMiJ!J{RyfezB^;fceBk znpA1XS)~KcC%0^_;ihibczSxwBuy;^ksH7lwfq7*GU;TLt*WmUEVQxt{ zKSfJf;lk$0XO8~48Xn2dnh8tMC9WHu`%DZj&a`2!tNB`5%;Md zBs|#T0Ktf?vkWQ)Y+q!At1qgL`C|nbzvgc(+28Q|4N6Geq)Il%+I5c@t02{9^=QJ?=h2BTe`~BEu=_u3xX2&?^zwcQWL+)7dI>JK0g8_`W1n~ zMaEP97X>Ok#=G*nkPmY`VoP8_{~+Rp7DtdSyWxI~?TZHxJ&=6KffcO2Qx1?j7=LZA z?GQt`oD9QpXw+s7`t+eeLO$cpQpl9(6h3_l9a6OUpbwBasCeCw^UB6we!&h9Ik@1zvJ`j4i=tvG9X8o34+N|y(ay~ho$f=l z514~mP>Z>#6+UxM<6@4z*|hFJ?KnkQBs_9{H(-v!_#Vm6Z4(xV5WgWMd3mB9A(>@XE292#k(HdI7P zJkQ2)`bQXTKlr}{VrhSF5rK9TsjtGs0Rs&nUMcH@$ZX_`Hh$Uje*)(Wd&oLW($hZQ z_tPt`{O@f8hZ<}?aQc6~|9iHt>=!%We3=F9yIfiqhXqp=QUVa!@UY@IF5^dr5H8$R zIh{=%S{$BHG+>~a=vQ={!B9B=<-ID=nyjfA0V8->gN{jRL>Qc4Rc<86;~aY+R!~Vs zV7MI~gVzGIY`B*Tt@rZk#Lg}H8sL39OE31wr_Bm%mn}8n773R&N)8B;l+-eOD@N$l zh&~Wz`m1qavVdxwtZLACS(U{rAa0;}KzPq9r76xL?c{&GaG5hX_NK!?)iq`t7q*F# zFoKI{h{*8lb>&sOeHXoAiqm*vV6?C~5U%tXR8^XQ9Y|(XQvcz*>a?%HQ(Vy<2UhNf zVmGeOO#v159KV@1g`m%gJ)XGPLa`a|?9HSzSSX{j;)xg>G(Ncc7+C>AyAWYa(k}5B3mtzg4tsA=C^Wfezb1&LlyrBE1~kNfeiubLls{C)!<%#m@f}v^o+7<VZ6!FZ;JeiAG@5vw7Li{flC8q1%jD_WP2ApBI{fQ}kN zhvhmdZ0bb5(qK@VS5-)G+@GK(tuF6eJuuV5>)Odgmt?i_`tB69DWpC~e8gqh!>jr_ zL1~L0xw@CbMSTmQflpRyjif*Y*O-IVQ_OFhUw-zhPrXXW>6X}+73IoMsu2?uuK3lT>;W#38#qG5tDl66A7Y{mYh=jK8Se!+f=N7%nv zYSHr6a~Nxd`jqov9VgII{%EpC_jFCEc>>SND0;}*Ja8Kv;G)MK7?T~h((c&FEBcQq zvUU1hW2^TX(dDCeU@~a1LF-(+#lz3997A@pipD53&Dr@III2tlw>=!iGabjXzbyUJ z4Hi~M1KCT-5!NR#I%!2Q*A>mqI{dpmUa_mW)%SDs{Iw1LG}0y=wbj@0ba-`q=0!`5 zr(9q1p{#;Rv2CY!L#uTbs(UHVR5+hB@m*zEf4jNu3(Kj$WwW|v?YL*F_0x)GtQC~! zzrnZRmBmwt+i@uXnk05>uR5&1Ddsx1*WwMrIbPD3yU*2By`71pk@gt{|H0D<#B7&8 z2dVmXp*;B)SWY)U1VSNs4ds!yBAj;P=xtatUx^7_gC5tHsF#vvdV;NmKwmNa1GNWZ zi_Jn-B4GnJ%xcYWD5h$*z^haku#_Irh818x^KB)3-;ufjf)D0TE#6>|zFf@~pU;Rs zNw+}c9S+6aPzxkEA6R%s*xhJ37wmgc)-{Zd1&mD5QT}4BQvczWr-Xim>(P^)52`@R z9+Z}44203T5}`AM_G^Snp<_KKc!OrA(5h7{MT^$ZeDsSr(R@^kI?O;}QF)OU zQ9-`t^ys=6DzgLcWt0U{Q(FBs22=r zKD%fLQ^5ZF24c-Z)J{xv?x$&4VhO^mswyb4QTIofCvzq+27*WlYm;h@;Bq%i;{hZA zM97mHI6pP}XFo|^pRTuWQzQs3B-8kY@ajLV!Fb?OYAO3jFv*W-_;AXd;G!CbpZt04iW`Ie^_+cQZGY_Zd@P<*J9EdRsc>c=edf$K|;voXRJ zk*aC@@=MKwR120(%I_HX`3pJ+8GMeO>%30t?~uXT0O-Tu-S{JA;zHoSyXs?Z;fy58 zi>sFtI7hoxNAdOt#3#AWFDW)4EPr4kDYq^`s%JkuO7^efX+u#-qZ56aoRM!tC^P6O zP(cFuBnQGjhX(^LJ(^rVe4-_Vk*3PkBCj!?SsULdmVr0cGJM^=?8b0^DuOFq>0*yA zk1g|C7n%pMS0A8@Aintd$fvRbH?SNdRaFrfoAJ=NoX)G5Gr}3-$^IGF+eI&t{I-GT zp=1fj)2|*ur1Td)+s&w%p#E6tDXX3YYOC{HGHLiCvv?!%%3DO$B$>A}aC;8D0Ef#b z{7NNqC8j+%1n95zq8|hFY`afAB4E)w_&7?oqG0IPJZv)lr{MT}>9p?}Y`=n+^CZ6E zKkjIXPub5!82(B-O2xQojW^P(#Q*;ETpEr^+Wa=qDJ9_k=Wm@fZB6?b(u?LUzX(}+ zE6OyapdG$HC& z&;oa*ALoyIxVvB2cm_N&h&{3ZTuU|aBrJlGOLtZc3KDx)<{ z27@)~GtQF@%6B@w3emrGe?Cv_{iC@a#YO8~OyGRIvp@%RRKC?fclXMP*6GzBFO z5U4QK?~>AR>?KF@I;|(rx(rKxdT9-k-anYS+#S#e1SzKPslK!Z&r8iomPsWG#>`Ld zJ<#+8GFHE!^wsXt(s=CGfVz5K+FHYP5T0E*?0A-z*lNBf)${Y`>Gwc@?j5{Q|6;Bl zkHG1%r$r&O!N^><8AEL+=y(P$7E6hd=>BZ4ZZ9ukJ2*~HR4KGvUR~MUOe$d>E5UK3 z*~O2LK4AnED}4t1Fs$JgvPa*O+WeCji_cn1@Tv7XQ6l@($F1K%{E$!naeX)`bfCG> z8iD<%_M6aeD?a-(Qqu61&fzQqC(E8ksa%CulMnPvR35d{<`VsmaHyzF+B zF6a@1$CT0xGVjofcct4SyxA40uQ`b#9kI)& z?B67-12X-$v#Im4CVUGZHXvPWwuspJ610ITG*A4xMoRVXJl5xbk;OL(;}=+$9?H`b z>u2~yd~gFZ*V}-Q0K6E@p}mtsri&%Zep?ZrPJmv`Qo1>94Lo||Yl)nqwHXEbe)!g( zo`w|LU@H14VvmBjjkl~=(?b{w^G$~q_G(HL`>|aQR%}A64mv0xGHa`S8!*Wb*eB}` zZh)&rkjLK!Rqar)UH)fM<&h&@v*YyOr!Xk2OOMV%$S2mCRdJxKO1RL7xP_Assw)bb z9$sQ30bapFfYTS`i1PihJZYA#0AWNmp>x(;C!?}kZG7Aq?zp!B+gGyJ^FrXQ0E<>2 zCjqZ(wDs-$#pVYP3NGA=en<@_uz!FjFvn1&w1_Igvqs_sL>ExMbcGx4X5f%`Wrri@ z{&vDs)V!rd=pS?G(ricfwPSg(w<8P_6=Qj`qBC7_XNE}1_5>+GBjpURPmvTNE7)~r)Y>ZZecMS7Ro2` z0}nC_GYo3O7j|Wux?6-LFZs%1IV0H`f`l9or-8y0=5VGzjPqO2cd$RRHJIY06Cnh- ztg@Pn1OeY=W`1Mv3`Ti6!@QIT{qcC*&vptnX4Pt1O|dWv8u2s|(CkV`)vBjAC_U5` zCw1f&c4o;LbBSp0=*q z3Y^horBAnR)u=3t?!}e}14%K>^562K!)Vy6r~v({5{t#iRh8WIL|U9H6H97qX09xp zjb0IJ^9Lqxop<-P*VA0By@In*5dq8Pr3bTPu|ArID*4tWM7w+mjit0PgmwLV4&2PW z3MnIzbdR`3tPqtUICEuAH^MR$K_u8~-U2=N1)R=l>zhygus44>6V^6nJFbW-`^)f} zI&h$FK)Mo*x?2`0npTD~jRd}5G~-h8=wL#Y-G+a^C?d>OzsVl7BFAaM==(H zR;ARWa^C3J)`p~_&FRsxt|@e+M&!84`eq)@aO9yBj8iifJv0xVW4F&N-(#E=k`AwJ z3EFXWcpsRlB%l_0Vdu`0G(11F7( zsl~*@XP{jS@?M#ec~%Pr~h z2`M*lIQaolzWN&;hkR2*<=!ORL(>YUMxOzj(60rQfr#wTrkLO!t{h~qg% zv$R}0IqVIg1v|YRu9w7RN&Uh7z$ijV=3U_M(sa`ZF=SIg$uY|=NdC-@%HtkUSEqJv zg|c}mKTCM=Z8YmsFQu7k{VrXtL^!Cts-eb@*v0B3M#3A7JE*)MeW1cfFqz~^S6OXFOIP&iL;Vpy z4dWKsw_1Wn%Y;eW1YOfeP_r1s4*p1C(iDG_hrr~-I%kA>ErxnMWRYu{IcG{sAW;*t z9T|i4bI*g)FXPpKM@~!@a7LDVVGqF}C@mePD$ai|I>73B+9!Ks7W$pw;$W1B%-rb; zJ*-q&ljb=&41dJ^*A0)7>Wa@khGZ;q1fL(2qW=|38j43mTl_;`PEEw07VKY%71l6p z@F|jp88XEnm1p~<5c*cVXvKlj0{THF=n3sU7g>Ki&(ErR;!KSmfH=?49R5(|c_*xw z4$jhCJ1gWT6-g5EV)Ahg?Nw=}`iCyQ6@0DqUb%AZEM^C#?B-@Hmw?LhJ^^VU>&phJ zlB!n5&>I>@sndh~v$2I2Ue23F?0!0}+9H~jg7E`?CS_ERu75^jSwm%!FTAegT`6s7 z^$|%sj2?8wtPQR>@D3sA0-M-g-vL@47YCnxdvd|1mPymvk!j5W1jHnVB&F-0R5e-vs`@u8a5GKdv`LF7uCfKncI4+??Z4iG@AxuX7 z6+@nP^TZ5HX#*z(!y+-KJ3+Ku0M90BTY{SC^{ z&y2#RZPjfX_PE<<>XwGp;g4&wcXsQ0T&XTi(^f+}4qSFH1%^GYi+!rJo~t#ChTeAX zmR0w(iODzQOL+b&{1OqTh*psAb;wT*drr^LKdN?c?HJ*gJl+%kEH&48&S{s28P=%p z7*?(xFW_RYxJxxILS!kdLIJYu@p#mnQ(?moGD1)AxQd66X6b*KN?o&e`u9#N4wu8% z^Gw#G!@|>c740RXziOR=tdbkqf(v~wS_N^CS^1hN-N4{Dww1lvSWcBTX*&9}Cz|s@ z*{O@jZ4RVHq19(HC9xSBZI0M)E;daza+Q*zayrX~N5H4xJ33BD4gn5Ka^Hj{995z4 zzm#Eo?ntC$q1a?)dD$qaC_M{NW!5R!vVZ(XQqS67xR3KP?rA1^+s3M$60WRTVHeTH z6BJO$_jVx0EGPXy}XK_&x597 zt(o6ArN8vZX0?~(lFGHRtHP{gO0y^$iU6Xt2e&v&ugLxfsl;GD)nf~3R^ACqSFLQ< zV7`cXgry((wDMJB55a6D4J;13$z6pupC{-F+wpToW%k1qKjUS^$Mo zN3@}T!ZdpiV7rkNvqP3KbpEn|9aB;@V;gMS1iSb@ zwyD7!5mfj)q+4jE1dq3H`sEKgrVqk|y8{_vmn8bMOi873!rmnu5S=1=-DFx+Oj)Hi zx?~ToiJqOrvSou?RVALltvMADodC7BOg7pOyc4m&6yd(qIuV5?dYUpYzpTe!BuWKi zpTg(JHBYzO&X1e{5o|ZVU-X5e?<}mh=|eMY{ldm>V3NsOGwyxO2h)l#)rH@BI*TN; z`yW26bMSp=k6C4Ja{xB}s`dNp zE+41IwEwo>7*PA|7v-F#jLN>h#a`Er9_86!fwPl{6yWR|fh?c%qc44uP~Ocm2V*(* zICMpS*&aJjxutxKC0Tm8+FBz;3;R^=ajXQUB*nTN*Lb;mruQHUE<&=I7pZ@F-O*VMkJbI#FOrBM8`QEL5Uy=q5e2 z_BwVH%c0^uIWO0*_qD;0jlPoA@sI7BPwOr-mrp7y`|EF)j;$GYdOtEPFRAKyUuUZS z(N4)*6R*ux8s@pMdC*TP?Hx`Zh{{Ser;clg&}CXriXZCr2A!wIoh;j=_eq3_%n7V} za?{KhXg2cXPpKHc90t6=`>s@QF-DNcTJRvLTS)E2FTb+og(wTV7?$kI?QZYgVBn)& zdpJf@tZ{j>B;<MVHiPl_U&KlqBT)$ic+M0uUQWK|N1 zCMl~@o|}!!7yyT%7p#G4?T^Azxt=D(KP{tyx^lD_(q&|zNFgO%!i%7T`>mUuU^FeR zHP&uClWgXm6iXgI8*DEA!O&X#X(zdrNctF{T#pyax16EZ5Lt5Z=RtAja!x+0Z31U8 zjfaky?W)wzd+66$L>o`n;DISQNs09g{GAv%8q2k>2n8q)O^M}=5r#^WR^=se#WSCt zQ`7E1w4qdChz4r@v6hgR?nsaE7pg2B6~+i5 zcTTbBQ2ghUbC-PV(@xvIR(a>Kh?{%YAsMV#4gt1nxBF?$FZ2~nFLKMS!aK=(`WllA zHS<_7ugqKw!#0aUtQwd#A$8|kPN3Af?Tkn)dHF?_?r#X68Wj;|$aw)Wj2Dkw{6)*^ zZfy!TWwh=%g~ECDCy1s8tTgWCi}F1BvTJ9p3H6IFq&zn#3FjZoecA_L_bxGWgeQup zAAs~1IPCnI@H>g|6Lp^Bk)mjrA3_qD4(D(65}l=2RzF-8@h>|Aq!2K-qxt(Q9w7c^ z;gtx`I+=gKOl;h=#fzSgw-V*YT~2_nnSz|!9hIxFb{~dKB!{H zSi??dnmr@%(1w^Be=*Jz5bZeofEKKN&@@uHUMFr-DHS!pb1I&;x9*${bmg6=2I4Zt zHb5LSvojY7ubCNGhp)=95jQ00sMAC{IZdAFsN!lAVQDeiec^HAu=8);2AKqNTT!&E zo+FAR`!A1#T6w@0A+o%&*yzkvxsrqbrfVTG+@z8l4+mRi@j<&)U9n6L>uZoezW>qS zA4YfO;_9dQSyEYpkWnsk0IY}Nr2m(ql@KuQjLgY-@g z4=$uai6^)A5+~^TvLdvhgfd+y?@+tRE^AJabamheJFnpA#O*5_B%s=t8<;?I;qJ}j z&g-9?hbwWEez-!GIhqpB>nFvyi{>Yv>dPU=)qXnr;3v-cd`l}BV?6!v{|cHDOx@IG z;TSiQQ(8=vlH^rCEaZ@Yw}?4#a_Qvx=}BJuxACxm(E7tP4hki^jU@8A zUS|4tTLd)gr@T|F$1eQXPY%fXb7u}(>&9gsd3It^B{W#6F2_g40cgo1^)@-xO&R5X z>qKon+Nvp!4v?-rGQu#M_J2v+3e+?N-WbgPQWf`ZL{Xd9KO^s{uIHTJ6~@d=mc7i z+##ya1p+ZHELmi%3C>g5V#yZt*jMv( zc{m*Y;7v*sjVZ-3mBuaT{$g+^sbs8Rp7BU%Ypi+c%JxtC4O}|9pkF-p-}F{Z7-+45 zDaJQx&CNR)8x~0Yf&M|-1rw%KW3ScjWmKH%J1fBxUp(;F%E+w!U470e_3%+U_q7~P zJm9VSWmZ->K`NfswW(|~fGdMQ!K2z%k-XS?Bh`zrjZDyBMu74Fb4q^A=j6+Vg@{Wc zPRd5Vy*-RS4p1OE-&8f^Fo}^yDj$rb+^>``iDy%t)^pHSV=En5B5~*|32#VkH6S%9 zxgIbsG+|{-$v7mhOww#v-ejaS>u(9KV9_*X!AY#N*LXIxor9hDv%aie@+??X6@Et=xz>6ev9U>6Pn$g4^!}w2Z%Kpqpp+M%mk~?GE-jL&0xLC zy(`*|&gm#mLeoRU8IU?Ujsv=;ab*URmsCl+r?%xcS1BVF*rP}XRR%MO_C!a9J^fOe>U;Y&3aj3 zX`3?i12*^W_|D@VEYR;h&b^s#Kd;JMNbZ#*x8*ZXm(jgw3!jyeHo14Zq!@_Q`V;Dv zKik~!-&%xx`F|l^z2A92aCt4x*I|_oMH9oeqsQgQDgI0j2p!W@BOtCTK8Jp#txi}7 z9kz);EX-2~XmxF5kyAa@n_$YYP^Hd4UPQ>O0-U^-pw1*n{*kdX`Jhz6{!W=V8a$0S z9mYboj#o)!d$gs6vf8I$OVOdZu7L5%)Vo0NhN`SwrQFhP3y4iXe2uV@(G{N{yjNG( zKvcN{k@pXkxyB~9ucR(uPSZ7{~sC=lQtz&V(^A^HppuN!@B4 zS>B=kb14>M-sR>{`teApuHlca6YXs6&sRvRV;9G!XI08CHS~M$=%T~g5Xt~$exVk` zWP^*0h{W%`>K{BktGr@+?ZP}2t0&smjKEVw@3=!rSjw5$gzlx`{dEajg$A58m|Okx zG8@BTPODSk@iqLbS*6>FdVqk}KKHuAHb0UJNnPm!(XO{zg--&@#!niF4T!dGVdNif z3_&r^3+rfQuV^8}2U?bkI5Ng*;&G>(O4&M<86GNxZK{IgKNbRfpg>+32I>(h`T&uv zUN{PRP&onFj$tn1+Yh|0AF330en{b~R+#i9^QIbl9fBv>pN|k&IL2W~j7xbkPyTL^ z*TFONZUS2f33w3)fdzr?)Yg;(s|||=aWZV(nkDaACGSxNCF>XLJSZ=W@?$*` z#sUftY&KqTV+l@2AP5$P-k^N`Bme-xcWPS|5O~arUq~%(z8z87JFB|llS&h>a>Som zC34(_uDViE!H2jI3<@d+F)LYhY)hoW6)i=9u~lM*WH?hI(yA$X#ip}yYld3RAv#1+sBt<)V_9c4(SN9Fn#$}_F}A-}P>N+8io}I3mh!}> z*~*N}ZF4Zergb;`R_g49>ZtTCaEsCHiFb(V{9c@X0`YV2O^@c6~LXg2AE zhA=a~!ALnP6aO9XOC^X15(1T)3!1lNXBEVj5s*G|Wm4YBPV`EOhU&)tTI9-KoLI-U zFI@adu6{w$dvT(zu*#aW*4F=i=!7`P!?hZy(9iL;Z^De3?AW`-gYTPALhrZ*K2|3_ zfz;6xQN9?|;#_U=4t^uS2VkQ8$|?Ub5CgKOj#Ni5j|(zX>x#K(h7LgDP-QHwok~-I zOu9rn%y97qrtKdG=ep)4MKF=TY9^n6CugQ3#G2yx;{))hvlxZGE~rzZ$qEHy-8?pU#G;bwufgSN6?*BeA!7N3RZEh{xS>>-G1!C(e1^ zzd#;39~PE_wFX3Tv;zo>5cc=md{Q}(Rb?37{;YPtAUGZo7j*yHfGH|TOVR#4ACaM2 z;1R0hO(Gl}+0gm9Bo}e@lW)J2OU4nukOTVKshHy7u)tLH^9@QI-jAnDBp(|J8&{fKu=_97$v&F67Z zq+QsJ=gUx3_h_%=+q47msQ*Ub=gMzoSa@S2>`Y9Cj*@Op4plTc!jDhu51nSGI z^sfZ(4=yzlR}kP2rcHRzAY9@T7f`z>fdCU0zibx^gVg&fMkcl)-0bRyWe12bT0}<@ z^h(RgGqS|1y#M;mER;8!CVmX!j=rfNa6>#_^j{^C+SxGhbSJ_a0O|ae!ZxiQCN2qA zKs_Z#Zy|9BOw6x{0*APNm$6tYVG2F$K~JNZ!6>}gJ_NLRYhcIsxY1z~)mt#Yl0pvC zO8#Nod;iow5{B*rUn(0WnN_~~M4|guwfkT(xv;z)olmj=f=aH#Y|#f_*d1H!o( z!EXNxKxth9w1oRr0+1laQceWfgi8z`YS#uzg#s9-QlTT7y2O^^M1PZx z3YS7iegfp6Cs0-ixlG93(JW4wuE7)mfihw}G~Uue{Xb+#F!BkDWs#*cHX^%(We}3% zT%^;m&Juw{hLp^6eyM}J({luCL_$7iRFA6^8B!v|B9P{$42F>|M`4Z_yA{kK()WcM zu#xAZWG%QtiANfX?@+QQOtbU;Avr*_>Yu0C2>=u}zhH9VLp6M>fS&yp*-7}yo8ZWB z{h>ce@HgV?^HgwRThCYnHt{Py0MS=Ja{nIj5%z;0S@?nGQ`z`*EVs&WWNwbzlk`(t zxDSc)$dD+4G6N(p?K>iEKXIk>GlGKTH{08WvrehnHhh%tgpp&8db4*FLN zETA@<$V=I7S^_KxvYv$Em4S{gO>(J#(Wf;Y%(NeECoG3n+o;d~Bjme-4dldKukd`S zRVAnKxOGjWc;L#OL{*BDEA8T=zL8^`J=2N)d&E#?OMUqk&9j_`GX*A9?V-G zdA5QQ#(_Eb^+wDkDiZ6RXL`fck|rVy%)BVv;dvY#`msZ}{x5fmd! zInmWSxvRgXbJ{unxAi*7=Lt&7_e0B#8M5a=Ad0yX#0rvMacnKnXgh>4iiRq<&wit93n!&p zeq~-o37qf)L{KJo3!{l9l9AQb;&>)^-QO4RhG>j`rBlJ09~cbfNMR_~pJD1$UzcGp zOEGTzz01j$=-kLC+O$r8B|VzBotz}sj(rUGOa7PDYwX~9Tum^sW^xjjoncxSz;kqz z$Pz$Ze|sBCTjk7oM&`b5g2mFtuTx>xl{dj*U$L%y-xeQL~|i>KzdUHeep-Yd@}p&L*ig< zgg__3l9T=nbM3bw0Sq&Z2*FA)P~sx0h634BXz0AxV69cED7QGTbK3?P?MENkiy-mV zZ1xV5ry3zIpy>xmThBL0Q!g+Wz@#?6fYvzmEczs(rcujrfCN=^!iWQ6$EM zaCnRThqt~gI-&6v@KZ78unqgv9j6-%TOxpbV`tK{KaoBbhc}$h+rK)5h|bT6wY*t6st-4$e99+Egb#3ip+ERbve08G@Ref&hP)qB&?>B94?eq5i3k;dOuU#!y-@+&5>~!FZik=z4&4|YHy=~!F254 zQAOTZr26}Nc7jzgJ;V~+9ry#?7Z0o*;|Q)k+@a^87lC}}1C)S))f5tk+lMNqw>vh( z`A9E~5m#b9!ZDBltf7QIuMh+VheCoD7nCFhuzThlhA?|8NCt3w?oWW|NDin&&eDU6 zwH`aY=))lpWG?{fda=-auXYp1WIPu&3 zwK|t(Qiqvc@<;1_W#ALDJ}bR;3&v4$9rP)eAg`-~iCte`O^MY+SaP!w%~+{{1tMo` zbp?T%ENs|mHP)Lsxno=nWL&qizR+!Ib=9i%4=B@(Umf$|7!WVxkD%hfRjvxV`Co<; zG*g4QG_>;RE{3V_DOblu$GYm&!+}%>G*yO{-|V9GYG|bH2JIU2iO}ZvY>}Fl%1!OE zZFsirH^$G>BDIy`8;R?lZl|uu@qWj2T5}((RG``6*05AWsVVa2Iu>!F5U>~7_Tlv{ zt=Dpgm~0QVa5mxta+fUt)I0gToeEm9eJX{yYZ~3sLR&nCuyuFWuiDIVJ+-lwViO(E zH+@Rg$&GLueMR$*K8kOl>+aF84Hss5p+dZ8hbW$=bWNIk0paB!qEK$xIm5{*^ad&( zgtA&gb&6FwaaR2G&+L+Pp>t^LrG*-B&Hv;-s(h0QTuYWdnUObu8LRSZoAVd7SJ;%$ zh%V?58mD~3G2X<$H7I)@x?lmbeeSY7X~QiE`dfQ5&K^FB#9e!6!@d9vrSt!);@ZQZ zO#84N5yH$kjm9X4iY#f+U`FKhg=x*FiDoUeu1O5LcC2w&$~5hKB9ZnH+8BpbTGh5T zi_nfmyQY$vQh%ildbR7T;7TKPxSs#vhKR|uup`qi1PufMa(tNCjRbllakshQgn1)a8OO-j8W&aBc_#q1hKDF5-X$h`!CeT z+c#Ial~fDsGAenv7~f@!icm(~)a3OKi((=^zcOb^qH$#DVciGXslUwTd$gt{7)&#a`&Lp ze%AnL0#U?lAl8vUkv$n>bxH*`qOujO0HZkPWZnE0;}0DSEu1O!hg-d9#{&#B1Dm)L zvN%r^hdEt1vR<4zwshg*0_BNrDWjo65be1&_82SW8#iKWs7>TCjUT;-K~*NxpG2P% zovXUo@S|fMGudVSRQrP}J3-Wxq;4xIxJJC|Y#TQBr>pwfy*%=`EUNE*dr-Y?9y9xK zmh1zS@z{^|UL}v**LNYY!?1qIRPTvr!gNXzE{%=-`oKclPrfMKwn` zUwPeIvLcxkIV>(SZ-SeBo-yw~{p!<&_}eELG?wxp zee-V59%@BtB+Z&Xs=O(@P$}v_qy1m=+`!~r^aT> zY+l?+6(L-=P%m4ScfAYR8;f9dyVw)@(;v{|nO#lAPI1xDHXMYt~-BGiP&9y2OQsYdh7-Q1(vL<$u6W0nxVn-qh=nwuRk}{d!uACozccRGx6~xZQ;=#JCE?OuA@;4 zadp$sm}jfgW4?La(pb!3f0B=HUI{5A4b$2rsB|ZGb?3@CTA{|zBf07pYpQ$NM({C6Srv6%_{rVkCndT=1nS}qyEf}Wjtg$e{ng7Wgz$7itYy0sWW_$qld);iUm85GBH)fk3b=2|5mvflm?~inoVo zDH_%e;y`DzoNj|NgZ`U%a9(N*=~8!qqy0Etkxo#`r!!{|(NyT0;5= z8nVZ6AiM+SjMG8J@6c4_f-KXd_}{My?Se1GWP|@wROFpD^5_lu?I%CBzpwi(`x~xh B8dv}T delta 17845 zcmV)CK*GO}(F4QI1F(Jx4W$DjNjn4p0N4ir06~)x5+0MO2`GQvQyWzj|J`gh3(E#l zNGO!HfVMRRN~%`0q^)g%XlN*vP!O#;m*h5VyX@j-1N|HN;8S1vqEAj=eCdn`)tUB9 zXZjcT^`bL6qvL}gvXj%9vrOD+x!Gc_0{$Zg+6lTXG$bmoEBV z*%y^c-mV0~Rjzv%e6eVI)yl>h;TMG)Ft8lqpR`>&IL&`>KDi5l$AavcVh9g;CF0tY zw_S0eIzKD?Nj~e4raA8wxiiImTRzv6;b6|LFmw)!E4=CiJ4I%&axSey4zE-MIh@*! z*P;K2Mx{xVYPLeagKA}Hj=N=1VrWU`ukuBnc14iBG?B}Uj>?=2UMk4|42=()8KOnc zrJzAxxaEIfjw(CKV6F$35u=1qyf(%cY8fXaS9iS?yetY{mQ#Xyat*7sSoM9fJlZqq zyasQ3>D>6p^`ck^Y|kYYZB*G})uAbQ#7)Jeb~glGz@2rPu}zBWDzo5K$tP<|meKV% z{Swf^eq6NBioF)v&~9NLIxHMTKe6gJ@QQ^A6fA!n#u1C&n`aG7TDXKM1Jly-DwTB` z+6?=Y)}hj;C#r5>&x;MCM4U13nuXVK*}@yRY~W3X%>U>*CB2C^K6_OZsXD!nG2RSX zQg*0)$G3%Es$otA@p_1N!hIPT(iSE=8OPZG+t)oFyD~{nevj0gZen$p>U<7}uRE`t5Mk1f4M0K*5 zbn@3IG5I2mk;8K>*RZ zPV6iL006)S001s%0eYj)9hu1 z9o)iQT9(v*sAuZ|ot){RrZ0Qw4{E0A+!Yx_M~#Pj&OPUM&i$RU=Uxu}e*6Sr2ror= z&?lmvFCO$)BY+^+21E>ENWe`I0{02H<-lz&?})gIVFyMWxX0B|0b?S6?qghp3lDgz z2?0|ALJU=7s-~Lb3>9AA5`#UYCl!Xeh^i@bxs5f&SdiD!WN}CIgq&WI4VCW;M!UJL zX2};d^sVj5oVl)OrkapV-C&SrG)*x=X*ru!2s04TjZ`pY$jP)4+%)7&MlpiZ`lgoF zo_p>^4qGz^(Y*uB10dY2kcIbt=$FIdYNqk;~47wf@)6|nJp z1cocL3zDR9N2Pxkw)dpi&_rvMW&Dh0@T*_}(1JFSc0S~Ph2Sr=vy)u*=TY$i_IHSo zR+&dtWFNxHE*!miRJ%o5@~GK^G~4$LzEYR-(B-b(L*3jyTq}M3d0g6sdx!X3-m&O% zK5g`P179KHJKXpIAAX`A2MFUA;`nXx^b?mboVbQgigIHTU8FI>`q53AjWaD&aowtj z{XyIX>c)*nLO~-WZG~>I)4S1d2q@&?nwL)CVSWqWi&m1&#K1!gt`g%O4s$u^->Dwq ziKc&0O9KQ7000OG0000%03-m(e&Y`S09YWC4iYDSty&3q8^?8ij|8zxaCt!zCFq1@ z9TX4Hl68`nY>}cQNW4Ullqp$~SHO~l1!CdFLKK}ij_t^a?I?C^CvlvnZkwiVn>dl2 z2$V(JN{`5`-8ShF_ek6HNRPBlPuIPYu>TAeAV5O2)35r3*_k(Q-h1+h5pb(Zu%oJ__pBsW0n5ILw`!&QR&YV`g0Fe z(qDM!FX_7;`U3rxX#QHT{f%h;)Eursw=*#qvV)~y%^Uo^% zi-%sMe^uz;#Pe;@{JUu05zT*i=u7mU9{MkT`ft(vPdQZoK&2mg=tnf8FsaNQ+QcPg zB>vP8Rd6Z0JoH5_Q`zldg;hx4azQCq*rRZThqlqTRMzn1O3_rQTrHk8LQ<{5UYN~` zM6*~lOGHyAnx&#yCK{i@%N1Us@=6cw=UQxpSE;<(LnnES%6^q^QhBYQ-VCSmIu8wh z@_LmwcFDfAhIn>`%h7L{)iGBzu`Md4dj-m3C8mA9+BL*<>q z#$7^ttIBOE-=^|zmG`K8yUKT{yjLu2SGYsreN0*~9yhFxn4U};Nv1XXj1fH*v-g=3 z@tCPc`YdzQGLp%zXwo*o$m9j-+~nSWls#s|?PyrHO%SUGdk**X9_=|b)Y%^j_V$3S z>mL2A-V)Q}qb(uZipEFVm?}HWc+%G6_K+S+87g-&RkRQ8-{0APDil115eG|&>WQhU zufO*|e`hFks^cJJmx_qNx{ltSp3aT|XgD5-VxGGXb7gkiOG$w^qMVBDjR8%!Sbh72niHRDV* ziFy8LE+*$j?t^6aZP9qt-ow;hzkmhvy*Hn-X^6?yVMbtNbyqZQ^rXg58`gk+I%Wv} zn_)dRq+3xjc8D%}EQ%nnTF7L7m}o9&*^jf`_qvUhVKY7w9Zgxr-0YHWFRd3$l_6UX zpXt^U&TiC*qZWx#pOG6k?3Tg)pra*fw(O6_45>lUBN1U5Qmc>^DHt)5b~Ntjsw!NI z1n4{$HWFeIi)*qvgK^ui;(81VQc1(wJ8C#tjR>Dkjf{xYC^_B^#qrdCc)uZxtgua6 zk98UGQF|;;k`c+0_z)tQ&9DwLB~&12@D1!*mTz_!3Mp=cg;B7Oq4cKN>5v&dW7q@H zal=g6Ipe`siZN4NZiBrkJCU*x216gmbV(FymgHuG@%%|8sgD?gR&0*{y4n=pukZnd z4=Nl~_>jVfbIehu)pG)WvuUpLR}~OKlW|)=S738Wh^a&L+Vx~KJU25o6%G7+Cy5mB zgmYsgkBC|@K4Jm_PwPoz`_|5QSk}^p`XV`649#jr4Lh^Q>Ne~#6Cqxn$7dNMF=%Va z%z9Ef6QmfoXAlQ3)PF8#3Y% zadcE<1`fd1&Q9fMZZnyI;&L;YPuy#TQ8b>AnXr*SGY&xUb>2678A+Y z8K%HOdgq_4LRFu_M>Ou|kj4W%sPPaV)#zDzN~25klE!!PFz_>5wCxglj7WZI13U5| zEq_YLKPH;v8sEhyG`dV_jozR);a6dBvkauhC;1dk%mr+J*Z6MMH9jqxFk@)&h{mHl zrf^i_d-#mTF=6-T8Rk?(1+rPGgl$9=j%#dkf@x6>czSc`jk7$f!9SrV{do%m!t8{? z_iAi$Qe&GDR#Nz^#uJ>-_?(E$ns)(3)X3cYY)?gFvU+N>nnCoBSmwB2<4L|xH19+4 z`$u#*Gt%mRw=*&|em}h_Y`Pzno?k^8e*hEwfM`A_yz-#vJtUfkGb=s>-!6cHfR$Mz z`*A8jVcz7T{n8M>ZTb_sl{EZ9Ctau4naX7TX?&g^VLE?wZ+}m)=YW4ODRy*lV4%-0 zG1XrPs($mVVfpnqoSihnIFkLdxG9um&n-U|`47l{bnr(|8dmglO7H~yeK7-wDwZXq zaHT($Qy2=MMuj@lir(iyxI1HnMlaJwpX86je}e=2n|Esb6hB?SmtDH3 z2qH6o`33b{;M{mDa5@@~1or8+Zcio*97pi1Jkx6v5MXCaYsb~Ynq)eWpKnF{n)FXZ z?Xd;o7ESu&rtMFr5(yJ(B7V>&0gnDdL*4MZH&eO+r*t!TR98ssbMRaw`7;`SLI8mT z=)hSAt~F=mz;JbDI6g~J%w!;QI(X14AnOu;uve^4wyaP3>(?jSLp+LQ7uU(iib%IyB(d&g@+hg;78M>h7yAeq$ALRoHGkKXA+E z$Sk-hd$Fs2nL4w9p@O*Y$c;U)W#d~)&8Js;i^Dp^* z0*7*zEGj~VehF4sRqSGny*K_CxeF=T^8;^lb}HF125G{kMRV?+hYktZWfNA^Mp7y8 zK~Q?ycf%rr+wgLaHQ|_<6z^eTG7izr@99SG9Q{$PCjJabSz`6L_QJJe7{LzTc$P&pwTy<&3RRUlSHmK;?}=QAhQaDW3#VWcNAH3 zeBPRTDf3?3mfdI$&WOg(nr9Gyzg`&u^o!f2rKJ57D_>p z6|?Vg?h(@(*X=o071{g^le>*>qSbVam`o}sAK8>b|11%e&;%`~b2OP7--q%0^2YDS z`2M`{2QYr1VC)sIW9WOu8<~7Q>^$*Og{KF+kI;wFegvaIDkB%3*%PWtWKSq7l`1YcDxQQ2@nv{J!xWV?G+w6C zhUUxUYVf%(Q(40_xrZB@rbxL=Dj3RV^{*yHd>4n-TOoHVRnazDOxxkS9kiZyN}IN3 zB^5N=* zRSTO+rA<{*P8-$GZdyUNOB=MzddG$*@q>mM;pUIiQ_z)hbE#Ze-IS)9G}Rt$5PSB{ zZZ;#h9nS7Rf1ecW&n(Gpu9}{vXQZ-f`UHIvD?cTbF`YvH*{rgE(zE22pLAQfhg-`U zuh612EpByB(~{w7svCylrBk%5$LCIyuhrGi=yOfca`=8ltKxHcSNfDRt@62QH^R_0 z&eQL6rRk>Dvf6rjMQv5ZXzg}S`HqV69hJT^pPHtdhqsrPJWs|IT9>BvpQa@*(FX6v zG}TYjreQCnH(slMt5{NgUf)qsS1F&Bb(M>$X}tWI&yt2I&-rJbqveuj?5J$`Dyfa2 z)m6Mq0XH@K)Y2v8X=-_4=4niodT&Y7W?$KLQhjA<+R}WTdYjX9>kD+SRS^oOY1{A= zZTId-(@wF^UEWso($wZtrs%e7t<}YaC_;#@`r0LUzKY&|qPJz*y~RHG`E6bypP5AX zN!p0^AUu8uDR>xM-ALFzBxXM~Q3z=}fHWCIG>0&I6x2Iu7&U)49j7qeMI&?qb$=4I zdMmhAJrO%@0f%YW! z^gLByEGSk+R0v4*d4w*N$Ju6z#j%HBI}6y$2en=-@S3=6+yZX94m&1j@s- z7T6|#0$c~dYq9IkA!P)AGkp~S$zYJ1SXZ#RM0|E~Q0PSm?DsT4N3f^)b#h(u9%_V5 zX*&EIX|gD~P!vtx?ra71pl%v)F!W~X2hcE!h8cu@6uKURdmo1-7icN4)ej4H1N~-C zjXgOK+mi#aJv4;`DZ%QUbVVZclkx;9`2kgbAhL^d{@etnm+5N8pB#fyH)bxtZGCAv z(%t0kPgBS{Q2HtjrfI0B$$M0c?{r~2T=zeXo7V&&aprCzww=i*}Atu7g^(*ivauMz~kkB%Vt{Wydlz%%2c26%>0PAbZO zVHx%tK(uzDl#ZZK`cW8TD2)eD77wB@gum{B2bO_jnqGl~01EF_^jx4Uqu1yfA~*&g zXJ`-N?D-n~5_QNF_5+Un-4&l$1b zVlHFqtluoN85b^C{A==lp#hS9J(npJ#6P4aY41r) zzCmv~c77X5L}H%sj>5t&@0heUDy;S1gSOS>JtH1v-k5l}z2h~i3^4NF6&iMb;ZYVE zMw*0%-9GdbpF1?HHim|4+)Zed=Fk<2Uz~GKc^P(Ig@x0&XuX0<-K(gA*KkN&lY2Xu zG054Q8wbK~$jE32#Ba*Id2vkqmfV{U$Nx9vJ;jeI`X+j1kh7hB8$CBTe@ANmT^tI8 z%U>zrTKuECin-M|B*gy(SPd`(_xvxjUL?s137KOyH>U{z01cBcFFt=Fp%d+BK4U;9 zQG_W5i)JASNpK)Q0wQpL<+Ml#cei41kCHe&P9?>p+KJN>I~`I^vK1h`IKB7k^xi`f z$H_mtr_+@M>C5+_xt%v}{#WO{86J83;VS@Ei3JLtp<*+hsY1oGzo z0?$?OJO$79;{|@aP!fO6t9TJ!?8i&|c&UPWRMbkwT3nEeFH`Yyyh6b%Rm^nBuTt@9 z+$&-4lf!G|@LCo3<8=yN@5dYbc%uq|Hz|0tiiLQKiUoM9g14zyECKGv0}3AWv2WJ zUAXGUhvkNk`0-H%ACsRSmy4fJ@kxBD3ZKSj6g(n1KPw?g{v19phcBr3BEF>J%lL|d zud3LNuL;cR*xS+;X+N^Br+x2{&hDMhb-$6_fKU(Pt0FQUXgNrZvzsVCnsFqv?#L z4-FYsQ-?D>;LdjHu_TT1CHN~aGkmDjWJkJg4G^!+V_APd%_48tErDv6BW5;ji^UDD zRu5Sw7wwplk`w{OGEKWJM&61c-AWn!SeUP8G#+beH4_Ov*)NUV?eGw&GHNDI6G(1Y zTfCv?T*@{QyK|!Q09wbk5koPD>=@(cA<~i4pSO?f(^5sSbdhUc+K$DW#_7^d7i%At z?KBg#vm$?P4h%?T=XymU;w*AsO_tJr)`+HUll+Uk_zx6vNw>G3jT){w3ck+Z=>7f0 zZVkM*!k^Z_E@_pZK6uH#|vzoL{-j1VFlUHP&5~q?j=UvJJNQG ztQdiCF$8_EaN_Pu8+afN6n8?m5UeR_p_6Log$5V(n9^W)-_vS~Ws`RJhQNPb1$C?| zd9D_ePe*`aI9AZ~Ltbg)DZ;JUo@-tu*O7CJ=T)ZI1&tn%#cisS85EaSvpS~c#CN9B z#Bx$vw|E@gm{;cJOuDi3F1#fxWZ9+5JCqVRCz5o`EDW890NUfNCuBn)3!&vFQE{E$L`Cf7FMSSX%ppLH+Z}#=p zSow$)$z3IL7frW#M>Z4|^9T!=Z8}B0h*MrWXXiVschEA=$a|yX9T~o!=%C?T+l^Cc zJx&MB$me(a*@lLLWZ=>PhKs!}#!ICa0! zq%jNgnF$>zrBZ3z%)Y*yOqHbKzEe_P=@<5$u^!~9G2OAzi#}oP&UL9JljG!zf{JIK z++G*8j)K=$#57N)hj_gSA8golO7xZP|KM?elUq)qLS)i(?&lk{oGMJh{^*FgklBY@Xfl<_Q zXP~(}ST6V01$~VfOmD6j!Hi}lsE}GQikW1YmBH)`f_+)KI!t#~B7=V;{F*`umxy#2Wt8(EbQ~ks9wZS(KV5#5Tn3Ia90r{}fI%pfbqBAG zhZ)E7)ZzqA672%@izC5sBpo>dCcpXi$VNFztSQnmI&u`@zQ#bqFd9d&ls?RomgbSh z9a2rjfNiKl2bR!$Y1B*?3Ko@s^L5lQN|i6ZtiZL|w5oq%{Fb@@E*2%%j=bcma{K~9 z*g1%nEZ;0g;S84ZZ$+Rfurh;Nhq0;{t~(EIRt}D@(Jb7fbe+_@H=t&)I)gPCtj*xI z9S>k?WEAWBmJZ|gs}#{3*pR`-`!HJ)1Dkx8vAM6Tv1bHZhH=MLI;iC#Y!$c|$*R>h zjP{ETat(izXB{@tTOAC4nWNhh1_%7AVaf!kVI5D=Jf5I1!?}stbx_Yv23hLf$iUTb z-)WrTtd2X+;vBW_q*Z6}B!10fs=2FA=3gy*dljsE43!G*3Uw(Is>(-a*5E!T4}b-Y zfvOC)-HYjNfcpi`=kG%(X3XcP?;p&=pz+F^6LKqRom~pA}O* zitR+Np{QZ(D2~p_Jh-k|dL!LPmexLM?tEqI^qRDq9Mg z5XBftj3z}dFir4oScbB&{m5>s{v&U=&_trq#7i&yQN}Z~OIu0}G)>RU*`4<}@7bB% zKYxGx0#L#u199YKSWZwV$nZd>D>{mDTs4qDNyi$4QT6z~D_%Bgf?>3L#NTtvX;?2D zS3IT*2i$Snp4fjDzR#<)A``4|dA(}wv^=L?rB!;kiotwU_gma`w+@AUtkSyhwp{M} z!e`jbUR3AG4XvnBVcyIZht6Vi~?pCC!$XF2 z*V~)DBVm8H7$*OZQJYl3482hadhsI2NCz~_NINtpC?|KI6H3`SG@1d%PsDdw{u}hq zN;OU~F7L1jT&KAitilb&Fl3X12zfSuFm;X)xQWOHL&7d)Q5wgn{78QJ6k5J;is+XP zCPO8_rlGMJB-kuQ*_=Yo1TswG4xnZd&eTjc8=-$6J^8TAa~kEnRQ@Zp-_W&B(4r@F zA==}0vBzsF1mB~743XqBmL9=0RSkGn$cvHf*hyc{<2{@hW+jKjbC|y%CNupHY_NC% zivz^btBLP-cDyV8j>u)=loBs>HoI5ME)xg)oK-Q0wAy|8WD$fm>K{-`0|W{H00;;G z000j`0OWQ8aHA9e04^;603eeQIvtaXMG=2tcr1y8Fl-J;AS+=<0%DU8Bp3oEEDhA^ zOY)M8%o5+cF$rC?trfMcty*f)R;^v=f~}||Xe!#;T3eTDZELN&-50xk+J1heP5AQ>h5O#S_uO;O@;~REd*_G$x$hVeE#bchX)otXQy|S5(oB)2a2%Sc(iDHm z=d>V|a!BLp9^#)o7^EQ2kg=K4%nI^sK2w@-kmvB+ARXYdq?xC2age6)e4$^UaY=wn zgLD^{X0A+{ySY+&7RpldwpC6=E zSPq?y(rl8ZN%(A*sapd4PU+dIakIwT0=zxIJEUW0kZSo|(zFEWdETY*ZjIk9uNMUA ze11=mHu8lUUlgRx!hItf0dAF#HfdIB+#aOuY--#QN9Ry zbx|XkG?PrBb@l6Owl{9Oa9w{x^R}%GwcEEfY;L-6OU8|9RXvu`-ECS`jcO1x1MP{P zcr;Bw##*Dod9K@pEx9z9G~MiNi>8v1OU-}vk*HbI)@CM? zn~b=jWUF%HP=CS+VCP>GiAU_UOz$aq3%%Z2laq^Gx`WAEmuNScCN)OlW>YHGYFgV2 z42lO5ZANs5VMXLS-RZTvBJkWy*OeV#L;7HwWg51*E|RpFR=H}h(|N+79g)tIW!RBK ze08bg^hlygY$C2`%N>7bDm`UZ(5M~DTanh3d~dg+OcNdUanr8azO?})g}EfnUB;5- zE1FX=ru?X=zAk4_6@__o1fE+ml1r&u^f1Kb24Jf-)zKla%-dbd>UZ1 zrj3!RR!Jg`ZnllKJ)4Yfg)@z>(fFepeOcp=F-^VHv?3jSxfa}-NB~*qkJ5Uq(yn+( z<8)qbZh{C!xnO@-XC~XMNVnr-Z+paowv!$H7>`ypMwA(X4(knx7z{UcWWe-wXM!d? zYT}xaVy|7T@yCbNOoy)$D=E%hUNTm(lPZqL)?$v+-~^-1P8m@Jm2t^L%4#!JK#Vtg zyUjM+Y*!$);1<)0MUqL00L0*EZcsE&usAK-?|{l|-)b7|PBKl}?TM6~#j9F+eZq25_L&oSl}DOMv^-tacpDI)l*Ws3u+~jO@;t(T)P=HCEZ#s_5q=m zOsVY!QsOJn)&+Ge6Tm)Ww_Bd@0PY(78ZJ)7_eP-cnXYk`>j9q`x2?Xc6O@55wF+6R zUPdIX!2{VGA;FSivN@+;GNZ7H2(pTDnAOKqF*ARg+C54vZ@Ve`i?%nDDvQRh?m&`1 zq46gH)wV=;UrwfCT3F(m!Q5qYpa!#f6qr0wF=5b9rk%HF(ITc!*R3wIFaCcftGwPt z(kzx{$*>g5L<;u}HzS4XD%ml zmdStbJcY@pn`!fUmkzJ8N>*8Y+DOO^r}1f4ix-`?x|khoRvF%jiA)8)P{?$8j2_qN zcl3Lm9-s$xdYN9)>3j6BPFK)Jbovl|Sf_p((CHe!4hx@F)hd&&*Xb&{TBj>%pT;-n z{3+hA^QZYnjXxtF2XwxPZ`S#J8h>5qLwtwM-{5abbEnRS z`9_`Zq8FJiI#0syE_V_3M&trw$P=ezkHosV$8&I5c0(*-9KBE5DJOC-Xv zw}1bq~AD0_Xerm`%ryiG9_$S z5G|btfiAUNdV09SO2l9v+e#(H6HYOdQs=^ z@xwZQU)~;p1L*~ciC}9ao{nQ-@B>rpUzKBxv=cUusOP5Trs3QnvHxGh9e>s7AM{V1|HfYe z3QwH;nHHR49fYzuGc3W3l5xrDAI392SFXx>lWE3V9Ds9il3PyZaN5>oC3>9W-^7vC z3~KZ-@iD?tIkhg+6t{m;RGk2%>@I0&kf)o$+-^ls0(YABNbM(=l#ad@nKp_j=b~Xs ziR;xu_+)lxy6|+af!@}gO2H_x)p;nZ-tYxW5Omq=l`GzMp*GTLr>vZN1?e}^C$t*Z zvzEdIc2|HA2RFN_4#EkzMqKnbbw!?!?%B@M0^^5Z;K?x-%lg?Z>}wMV8zEqHZ$cr~Y#Wv>9+)KMUZatUqbRU8 z8t9qrek(H^C0Tuzq|cP2$WL7tzj+Dj5y^2SF1D154CnsB$xbz`$wV||n-cG%rsT$p z+3RHdadK(3-noj(2L#8c5lODg)V8pv(GEnNb@F>dEHQr>!qge@L>#qg)RAUtiOYqF ziiV_ETExwD)bQ<))?-9$)E(FiRBYyC@}issHS!j9n)~I1tarxnQ2LfjdIJ)*jp{0E z&1oTd%!Qbw$W58s!6ms>F z=p0!~_Mv~8jyaicOS*t(ntw`5uFi0Bc4*mH8kSkk$>!f0;FM zX_t14I55!ZVsg0O$D2iuEDb7(J>5|NKW^Z~kzm@dax z9(|As$U7^}LF%#`6r&UPB*6`!Rf74h~*C=ami6xUxYCwiJxdr$+`z zKSC4A%8!s%R&j*2si(OEc*fy!q)?%=TjDZJ2}O zxT6o>jlKXz_7_Y$N})}IG`*#KfMzs#R(SI#)3*ZEzCv%_tu(VTZ5J| zw2$5kK)xTa>xGFgS0?X(NecjzFVKG%VVn?neu=&eQ+DJ1APlY1E?Q1s!Kk=yf7Uho z>8mg_!U{cKqpvI3ucSkC2V`!d^XMDk;>GG~>6>&X_z75-kv0UjevS5ORHV^e8r{tr z-9z*y&0eq3k-&c_AKw~<`8dtjsP0XgFv6AnG?0eo5P14T{xW#b*Hn2gEnt5-KvN1z zy!TUSi>IRbD3u+h@;fn7fy{F&hAKx7dG4i!c?5_GnvYV|_d&F16p;)pzEjB{zL-zr z(0&AZUkQ!(A>ghC5U-)t7(EXb-3)tNgb=z`>8m8n+N?vtl-1i&*ftMbE~0zsKG^I$ zSbh+rUiucsb!Ax@yB}j>yGeiKIZk1Xj!i#K^I*LZW_bWQIA-}FmJ~^}>p=K$bX9F{}z{s^KWc~OK(zl_X57aB^J9v}yQ5h#BE$+C)WOglV)nd0WWtaF{7`_Ur`my>4*NleQG#xae4fIo(b zW(&|g*#YHZNvDtE|6}yHvu(hDekJ-t*f!2RK;FZHRMb*l@Qwkh*~CqQRNLaepXypX z1?%ATf_nHIu3z6gK<7Dmd;{`0a!|toT0ck|TL$U;7Wr-*piO@R)KrbUz8SXO0vr1K z>76arfrqImq!ny+VkH!4?x*IR$d6*;ZA}Mhro(mzUa?agrFZpHi*)P~4~4N;XoIvH z9N%4VK|j4mV2DRQUD!_-9fmfA2(YVYyL#S$B;vqu7fnTbAFMqH``wS7^B5=|1O&fL z)qq(oV6_u4x(I(**#mD}MnAy(C&B4a1n6V%$&=vrIDq^F_KhE5Uw8_@{V`_#M0vCu zaNUXB=n0HT@D+ppDXi8-vp{tj)?7+k>1j}VvEKRgQ~DWva}8*pp`W8~KRo*kJ*&X} zP!~2fxQr@dM*q0dI|)Fux=pZWBk==RI7i{^BQf`kWlD2%|@R9!JA7& zLbM$uJ12y}_62$|T|{)@OJZtzfpL^t@1nMTYHutrF#D+^?~CN~9`YQ@#&&@c_Zf)( zbC~y8!2LO8jHwQXv>G~1q?c68ipT*%dY&c{8wd_!Y#~tMJ7yk!F8| zt?m_CLVw6cU@@p(#h4cY&Qsfz2Xp3w^4Cg%m03Tmq~9n%hyoMH^KY7{(QkRyn_!YB zzZa!Tgr~5$MAG$x)Fs71#6j}Kvcv3=9VUX8CH< zbP3|fY8f#$K*<5JQ7whM(v=GN2k26Xsh)#0!HKS(koLgAp-;)8z0w&_Z=nG4v6n8u z&Tm0Fi){4_!Y5Kp?!zv$FKfUifQ{%c82uYfrvE{%ejUd72aNYmI*0z3-a-EYr+bB->oH3#t(AY3 zV{Z=(SJr;D#0(`u*dc*~9T7D8Pudw894%!>c4wU&V1m<~0InidR6fbi?yPl(z+sKa zdF*kS>_4^1UO>y4T%Ar>epSr5&vp`$KdY7B(F%P0@VyHk@1fJ=6X0=aGjD-)BrOJD zW}IU@hg~^2r>a1fQvjTtvL*mKJ7q;pfP*U2=URL`VB_Y_JojbZ+MS=vaVN0C6L_MV zG1#5=35-E`KsD%r>-Q_ndvJ2tOYcMMP9f*t0iJ`(Z`^+YP)h>@lR(@Wvrt-`0tHG+ zuP2R@@mx=T@fPoQ1s`e^1I0H*kQPBGDky@!ZQG@8jY-+2ihreG5q$6i{3vmDTg0j$ zzRb*-nKN@{_wD`V6+i*YS)?$XfrA-sW?js?SYU8#vXxxQCc|*K!EbpWfu)3~jwq6_@KC0m;3A%jH^18_a0;ksC2DEwa@2{9@{ z9@T??<4QwR69zk{UvcHHX;`ICOwrF;@U;etd@YE)4MzI1WCsadP=`%^B>xPS-{`=~ zZ+2im8meb#4p~XIL9}ZOBg7D8R=PC8V}ObDcxEEK(4yGKcyCQWUe{9jCs+@k!_y|I z%s{W(&>P4w@hjQ>PQL$zY+=&aDU6cWr#hG)BVCyfP)h>@3IG5I2mk;8K>)Ppba*!h z005B=001VF5fT=Y4_ytCUk`sv8hJckqSy&Gc2Jx^WJ$J~08N{il-M$fz_ML$)Cpil z(nOv_nlZB^c4s&&O3h=OLiCz&(|f0 zxWU_-JZy>hxP*gvR>CLnNeQ1~g;6{g#-}AbkIzWR;j=8=6!AHpKQCbjFYxf9h%bov zVi;eNa1>t-<14KERUW>^KwoF+8zNo`Y*WiQwq}3m0_2RYtL9Wmu`JaRaQMQ)`Si^6+VbM`!rH~T?DX2=(n4nT zf`G`(Rpq*pDk*v~wMYPZ@vMNZDMPnxMYmU!lA{Xfo?n=Ibb4y3eyY1@Dut4|Y^ml& zqs$r}jAo=B(Ml>ogeEjyv(E`=kBzPf2uv9TQtO$~bamD#=Tv`lNy(K|w$J2O6jS51 zzZtOCHDWz7W0=L1XDW5WR5mtLGc~W+>*vX5{e~U@rE~?7e>vKU-v8bj;F4#abtcV(3ZtwXo9ia93HiETyQXwW4a-0){;$OU*l` zW^bjkyZTJ6_DL^0}`*)#EZ|2nvKRzMLH9-~@Z6$v#t8Dm%(qpP+DgzNe6d)1q zBqhyF$jJTyYFvl_=a>#I8jhJ)d6SBNPg#xg2^kZ3NX8kQ74ah(Y5Z8mlXyzTD&}Q8 ziY(pj-N-V2f>&hZQJ`Di%wp2fN(I%F@l)3M8GcSdNy+#HuO{$I8NXubRlFkL)cY@b z#`v{}-^hRXEq*8B_cG=%PZvI$eo(|8Wc(2o8L#0_GX9L$1@yV>%7mGk)QTD1R*OvS z4OW;ym1)%k9Bfem0tOqq3yyAUWp&q|LsN!RDnxa|j;>R|Mm2rIv7=tej5GFaa+`#| z;7u9Z_^XV+vD@2hF8Xe63+Qd`oig6S9jX(*DbjzPb*K-H7c^7E-(~!R6E%TrgW;RvG;WS{Ziv*W*a*`9Bb;$Er3?MyF~5GcXv`k>U)n}lwv$Sp+H@IKA5$mKk0g*4Ln{!tfvITeY zzr%8JJ5BdcEYsR9eGzJ4B&$}4FMmbRU6{8{_w7Kl77@PNe7|Bc#c?5(C5&Z=kJ#(oM90D4`rh2S!|^L!P#e#1hkD5@~-- z`63GV0~*rOZSqw7k^#-Y$Q4z3Oa2SPRURqEahB1B^h{7~+p03SwzqL9QU#$3-X zdYtQ?-K5xDAdfomEd6(yPtZ!yY_<35bMedeq`z2JWorljz5-f9<^93HM-$#+acw%9r!JOM%O<|BR`W& zd-%j_?b^q7Kl6{q^N{cg2u;11rFB5EP+oqG9&pHD#_Mo@aNMj;LUvsl&nK(ca(hT( zzFc2oHC6WQv8g7jo+3ZSwK+9G$cvfRnql)?g=XeQ3+LTh3)79nhEle8OqS3T$qn(> z(=5Bg?EWq-ldEywgzXW965%H(9^ik*rH(8dNdkbcS9|ow&_r`X~R^R?B+(oTiMzzlx8KnHqUi z8Rh-)VAnS-CO+3}yxqm8)X+N+uzieFVm-F#syP#M1p5&$wX3MJ8 z+R@grZ*5G^Uh4I@VT=>C4RJNc^~3mx$kS1F{L?3)BzdduD2MZKdu#jNno&f2&d{?` zW(>$oktzY@GO{|Ln~Bt^A4)(%?l-&(Dm!iL#$K_xOyhwAf=K2<+Bom zw7|hl6E5}B$d%n0sfZvfQRy9Fyz2~ z83#=#LaHnf1th^k*p|ux8!!8pfHE!)x*%=_hAddl)P%4h4%&8!5-W#xqqb}c=H(i|wqcIS&oDQ{ zhI7N-$f$ra3=RjPmMh?-IEkJYQ<}R9Z!}wmp$#~Uc%u1oh#TP}wF*kJJmQX2#27kL z_dz(yKufo<=m71bZfLp^Ll#t3(IHkrgMcvx@~om%Ib(h(<$Da7urTI`x|%`wD--sN zJEEa>4DGSEG?0ulkosfj8IMNN4)B=ZtvGG{|4Fp=Xhg!wPNgYzS>{Bp%%Qa+624X@ X49Luk)baa85H9$5YCsTPT`SVRWMtMW diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties index 2a56324..ffed3a2 100644 --- a/gradle/wrapper/gradle-wrapper.properties +++ b/gradle/wrapper/gradle-wrapper.properties @@ -1,5 +1,5 @@ distributionBase=GRADLE_USER_HOME distributionPath=wrapper/dists -distributionUrl=https\://services.gradle.org/distributions/gradle-6.8.2-bin.zip +distributionUrl=https\://services.gradle.org/distributions/gradle-7.2-bin.zip zipStoreBase=GRADLE_USER_HOME zipStorePath=wrapper/dists diff --git a/gradlew b/gradlew index 4f906e0..1b6c787 100755 --- a/gradlew +++ b/gradlew @@ -1,7 +1,7 @@ -#!/usr/bin/env sh +#!/bin/sh # -# Copyright 2015 the original author or authors. +# Copyright © 2015-2021 the original authors. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,67 +17,101 @@ # ############################################################################## -## -## Gradle start up script for UN*X -## +# +# Gradle start up script for POSIX generated by Gradle. +# +# Important for running: +# +# (1) You need a POSIX-compliant shell to run this script. If your /bin/sh is +# noncompliant, but you have some other compliant shell such as ksh or +# bash, then to run this script, type that shell name before the whole +# command line, like: +# +# ksh Gradle +# +# Busybox and similar reduced shells will NOT work, because this script +# requires all of these POSIX shell features: +# * functions; +# * expansions «$var», «${var}», «${var:-default}», «${var+SET}», +# «${var#prefix}», «${var%suffix}», and «$( cmd )»; +# * compound commands having a testable exit status, especially «case»; +# * various built-in commands including «command», «set», and «ulimit». +# +# Important for patching: +# +# (2) This script targets any POSIX shell, so it avoids extensions provided +# by Bash, Ksh, etc; in particular arrays are avoided. +# +# The "traditional" practice of packing multiple parameters into a +# space-separated string is a well documented source of bugs and security +# problems, so this is (mostly) avoided, by progressively accumulating +# options in "$@", and eventually passing that to Java. +# +# Where the inherited environment variables (DEFAULT_JVM_OPTS, JAVA_OPTS, +# and GRADLE_OPTS) rely on word-splitting, this is performed explicitly; +# see the in-line comments for details. +# +# There are tweaks for specific operating systems such as AIX, CygWin, +# Darwin, MinGW, and NonStop. +# +# (3) This script is generated from the Groovy template +# https://github.com/gradle/gradle/blob/master/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt +# within the Gradle project. +# +# You can find Gradle at https://github.com/gradle/gradle/. +# ############################################################################## # Attempt to set APP_HOME + # Resolve links: $0 may be a link -PRG="$0" -# Need this for relative symlinks. -while [ -h "$PRG" ] ; do - ls=`ls -ld "$PRG"` - link=`expr "$ls" : '.*-> \(.*\)$'` - if expr "$link" : '/.*' > /dev/null; then - PRG="$link" - else - PRG=`dirname "$PRG"`"/$link" - fi +app_path=$0 + +# Need this for daisy-chained symlinks. +while + APP_HOME=${app_path%"${app_path##*/}"} # leaves a trailing /; empty if no leading path + [ -h "$app_path" ] +do + ls=$( ls -ld "$app_path" ) + link=${ls#*' -> '} + case $link in #( + /*) app_path=$link ;; #( + *) app_path=$APP_HOME$link ;; + esac done -SAVED="`pwd`" -cd "`dirname \"$PRG\"`/" >/dev/null -APP_HOME="`pwd -P`" -cd "$SAVED" >/dev/null + +APP_HOME=$( cd "${APP_HOME:-./}" && pwd -P ) || exit APP_NAME="Gradle" -APP_BASE_NAME=`basename "$0"` +APP_BASE_NAME=${0##*/} # Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"' # Use the maximum available, or set MAX_FD != -1 to use that value. -MAX_FD="maximum" +MAX_FD=maximum warn () { echo "$*" -} +} >&2 die () { echo echo "$*" echo exit 1 -} +} >&2 # OS specific support (must be 'true' or 'false'). cygwin=false msys=false darwin=false nonstop=false -case "`uname`" in - CYGWIN* ) - cygwin=true - ;; - Darwin* ) - darwin=true - ;; - MINGW* ) - msys=true - ;; - NONSTOP* ) - nonstop=true - ;; +case "$( uname )" in #( + CYGWIN* ) cygwin=true ;; #( + Darwin* ) darwin=true ;; #( + MSYS* | MINGW* ) msys=true ;; #( + NONSTOP* ) nonstop=true ;; esac CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar @@ -87,9 +121,9 @@ CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar if [ -n "$JAVA_HOME" ] ; then if [ -x "$JAVA_HOME/jre/sh/java" ] ; then # IBM's JDK on AIX uses strange locations for the executables - JAVACMD="$JAVA_HOME/jre/sh/java" + JAVACMD=$JAVA_HOME/jre/sh/java else - JAVACMD="$JAVA_HOME/bin/java" + JAVACMD=$JAVA_HOME/bin/java fi if [ ! -x "$JAVACMD" ] ; then die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME @@ -98,7 +132,7 @@ Please set the JAVA_HOME variable in your environment to match the location of your Java installation." fi else - JAVACMD="java" + JAVACMD=java which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. Please set the JAVA_HOME variable in your environment to match the @@ -106,80 +140,95 @@ location of your Java installation." fi # Increase the maximum file descriptors if we can. -if [ "$cygwin" = "false" -a "$darwin" = "false" -a "$nonstop" = "false" ] ; then - MAX_FD_LIMIT=`ulimit -H -n` - if [ $? -eq 0 ] ; then - if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then - MAX_FD="$MAX_FD_LIMIT" - fi - ulimit -n $MAX_FD - if [ $? -ne 0 ] ; then - warn "Could not set maximum file descriptor limit: $MAX_FD" - fi - else - warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT" - fi +if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then + case $MAX_FD in #( + max*) + MAX_FD=$( ulimit -H -n ) || + warn "Could not query maximum file descriptor limit" + esac + case $MAX_FD in #( + '' | soft) :;; #( + *) + ulimit -n "$MAX_FD" || + warn "Could not set maximum file descriptor limit to $MAX_FD" + esac fi -# For Darwin, add options to specify how the application appears in the dock -if $darwin; then - GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\"" -fi +# Collect all arguments for the java command, stacking in reverse order: +# * args from the command line +# * the main class name +# * -classpath +# * -D...appname settings +# * --module-path (only if needed) +# * DEFAULT_JVM_OPTS, JAVA_OPTS, and GRADLE_OPTS environment variables. # For Cygwin or MSYS, switch paths to Windows format before running java -if [ "$cygwin" = "true" -o "$msys" = "true" ] ; then - APP_HOME=`cygpath --path --mixed "$APP_HOME"` - CLASSPATH=`cygpath --path --mixed "$CLASSPATH"` - - JAVACMD=`cygpath --unix "$JAVACMD"` - - # We build the pattern for arguments to be converted via cygpath - ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null` - SEP="" - for dir in $ROOTDIRSRAW ; do - ROOTDIRS="$ROOTDIRS$SEP$dir" - SEP="|" - done - OURCYGPATTERN="(^($ROOTDIRS))" - # Add a user-defined pattern to the cygpath arguments - if [ "$GRADLE_CYGPATTERN" != "" ] ; then - OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)" - fi +if "$cygwin" || "$msys" ; then + APP_HOME=$( cygpath --path --mixed "$APP_HOME" ) + CLASSPATH=$( cygpath --path --mixed "$CLASSPATH" ) + + JAVACMD=$( cygpath --unix "$JAVACMD" ) + # Now convert the arguments - kludge to limit ourselves to /bin/sh - i=0 - for arg in "$@" ; do - CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -` - CHECK2=`echo "$arg"|egrep -c "^-"` ### Determine if an option - - if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then ### Added a condition - eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"` - else - eval `echo args$i`="\"$arg\"" + for arg do + if + case $arg in #( + -*) false ;; # don't mess with options #( + /?*) t=${arg#/} t=/${t%%/*} # looks like a POSIX filepath + [ -e "$t" ] ;; #( + *) false ;; + esac + then + arg=$( cygpath --path --ignore --mixed "$arg" ) fi - i=`expr $i + 1` + # Roll the args list around exactly as many times as the number of + # args, so each arg winds up back in the position where it started, but + # possibly modified. + # + # NB: a `for` loop captures its iteration list before it begins, so + # changing the positional parameters here affects neither the number of + # iterations, nor the values presented in `arg`. + shift # remove old arg + set -- "$@" "$arg" # push replacement arg done - case $i in - 0) set -- ;; - 1) set -- "$args0" ;; - 2) set -- "$args0" "$args1" ;; - 3) set -- "$args0" "$args1" "$args2" ;; - 4) set -- "$args0" "$args1" "$args2" "$args3" ;; - 5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;; - 6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;; - 7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;; - 8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;; - 9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;; - esac fi -# Escape application args -save () { - for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done - echo " " -} -APP_ARGS=`save "$@"` +# Collect all arguments for the java command; +# * $DEFAULT_JVM_OPTS, $JAVA_OPTS, and $GRADLE_OPTS can contain fragments of +# shell script including quotes and variable substitutions, so put them in +# double quotes to make sure that they get re-expanded; and +# * put everything else in single quotes, so that it's not re-expanded. + +set -- \ + "-Dorg.gradle.appname=$APP_BASE_NAME" \ + -classpath "$CLASSPATH" \ + org.gradle.wrapper.GradleWrapperMain \ + "$@" + +# Use "xargs" to parse quoted args. +# +# With -n1 it outputs one arg per line, with the quotes and backslashes removed. +# +# In Bash we could simply go: +# +# readarray ARGS < <( xargs -n1 <<<"$var" ) && +# set -- "${ARGS[@]}" "$@" +# +# but POSIX shell has neither arrays nor command substitution, so instead we +# post-process each arg (as a line of input to sed) to backslash-escape any +# character that might be a shell metacharacter, then use eval to reverse +# that process (while maintaining the separation between arguments), and wrap +# the whole thing up as a single "set" statement. +# +# This will of course break if any of these variables contains a newline or +# an unmatched quote. +# -# Collect all arguments for the java command, following the shell quoting and substitution rules -eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS "\"-Dorg.gradle.appname=$APP_BASE_NAME\"" -classpath "\"$CLASSPATH\"" org.gradle.wrapper.GradleWrapperMain "$APP_ARGS" +eval "set -- $( + printf '%s\n' "$DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS" | + xargs -n1 | + sed ' s~[^-[:alnum:]+,./:=@_]~\\&~g; ' | + tr '\n' ' ' + )" '"$@"' exec "$JAVACMD" "$@" From 2032286a8977e7650ee573c0f49026cb74093a76 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 19 Oct 2021 01:45:27 +0000 Subject: [PATCH 62/80] Update junit5 monorepo to v5.8.1 --- build.gradle | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/build.gradle b/build.gradle index 5858b3e..1d7cef6 100644 --- a/build.gradle +++ b/build.gradle @@ -42,10 +42,10 @@ dependencies { testImplementation group: 'org.apache.httpcomponents', name: 'fluent-hc', version: '4.5.13' // For testing, obviously - testImplementation group: 'org.junit.jupiter', name: 'junit-jupiter-api', version: '5.7.0' + testImplementation group: 'org.junit.jupiter', name: 'junit-jupiter-api', version: '5.8.1' // For running JUnit tests - testRuntimeOnly group: 'org.junit.jupiter', name: 'junit-jupiter-engine', version: '5.7.0' + testRuntimeOnly group: 'org.junit.jupiter', name: 'junit-jupiter-engine', version: '5.8.1' // For turning InputStream to String testImplementation group: 'commons-io', name: 'commons-io', version: '2.8.0' From 14916c36f3552bcaa28f12e790a5f6b8a86dc384 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Fri, 24 Dec 2021 10:18:07 +0000 Subject: [PATCH 63/80] Update dependency org.apache.httpcomponents:httpasyncclient to v4.1.5 --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 1d7cef6..43905c3 100644 --- a/build.gradle +++ b/build.gradle @@ -24,7 +24,7 @@ dependencies { implementation group: 'com.beust', name: 'jcommander', version: '1.78' // For making HTTP requests - implementation group: 'org.apache.httpcomponents', name: 'httpasyncclient', version: '4.1.4' + implementation group: 'org.apache.httpcomponents', name: 'httpasyncclient', version: '4.1.5' // For making async HTTP requests implementation group: 'org.asynchttpclient', name: 'async-http-client', version: '2.12.2' From 6e84d22fd38d1ca662c40ea344d2646f2dd21921 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Fri, 24 Dec 2021 10:02:51 +0000 Subject: [PATCH 64/80] Update plugin com.github.johnrengelman.shadow to v7 --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 43905c3..cfd9cc7 100644 --- a/build.gradle +++ b/build.gradle @@ -1,6 +1,6 @@ plugins { id 'application' - id 'com.github.johnrengelman.shadow' version '6.1.0' + id 'com.github.johnrengelman.shadow' version '7.1.1' // Used by release.gradle id 'maven-publish' From a22ebaeeeef7be705aa8e33bfb3a00626813c034 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Fri, 24 Dec 2021 10:02:43 +0000 Subject: [PATCH 65/80] Update dependency org.bouncycastle:bcprov-jdk15on to v1.70 --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index cfd9cc7..731872c 100644 --- a/build.gradle +++ b/build.gradle @@ -30,7 +30,7 @@ dependencies { implementation group: 'org.asynchttpclient', name: 'async-http-client', version: '2.12.2' // For cryptographic operations - shadow group: 'org.bouncycastle', name: 'bcprov-jdk15on', version: '1.68' + shadow group: 'org.bouncycastle', name: 'bcprov-jdk15on', version: '1.70' // For creating and signing JWT implementation group: 'org.bitbucket.b_c', name: 'jose4j', version: '0.7.6' From 2501c2bc07d1071b87f70e6e8150820ac3111039 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Fri, 24 Dec 2021 10:02:40 +0000 Subject: [PATCH 66/80] Update dependency org.bouncycastle:bcpkix-jdk15on to v1.70 --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 731872c..a1797f7 100644 --- a/build.gradle +++ b/build.gradle @@ -51,7 +51,7 @@ dependencies { testImplementation group: 'commons-io', name: 'commons-io', version: '2.8.0' // For reading the demo vapid keypair from a pem file - testImplementation group: 'org.bouncycastle', name: 'bcpkix-jdk15on', version: '1.68' + testImplementation group: 'org.bouncycastle', name: 'bcpkix-jdk15on', version: '1.70' // For verifying Base64Encoder results in unit tests testImplementation group: 'com.google.guava', name: 'guava', version: '30.1.1-jre' From dfd407f5b19eb02c11f5783799509cf73153ddf9 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 19 Oct 2021 01:43:52 +0000 Subject: [PATCH 67/80] Update dependency commons-io:commons-io to v2.11.0 --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index a1797f7..a8ab3a2 100644 --- a/build.gradle +++ b/build.gradle @@ -48,7 +48,7 @@ dependencies { testRuntimeOnly group: 'org.junit.jupiter', name: 'junit-jupiter-engine', version: '5.8.1' // For turning InputStream to String - testImplementation group: 'commons-io', name: 'commons-io', version: '2.8.0' + testImplementation group: 'commons-io', name: 'commons-io', version: '2.11.0' // For reading the demo vapid keypair from a pem file testImplementation group: 'org.bouncycastle', name: 'bcpkix-jdk15on', version: '1.70' From 596138fc91b65d9676df3f3bbc8fcdae03e17bc1 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Fri, 24 Dec 2021 10:00:41 +0000 Subject: [PATCH 68/80] Update dependency com.google.code.gson:gson to v2.8.9 --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index a8ab3a2..51c3bb2 100644 --- a/build.gradle +++ b/build.gradle @@ -36,7 +36,7 @@ dependencies { implementation group: 'org.bitbucket.b_c', name: 'jose4j', version: '0.7.6' // For parsing JSON - testImplementation group: 'com.google.code.gson', name: 'gson', version: '2.8.6' + testImplementation group: 'com.google.code.gson', name: 'gson', version: '2.8.9' // For making HTTP requests testImplementation group: 'org.apache.httpcomponents', name: 'fluent-hc', version: '4.5.13' From 16e6d0fcc83bb2dcaec2394ee8a2acc6ca2700ac Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Tue, 19 Oct 2021 01:43:47 +0000 Subject: [PATCH 69/80] Update dependency org.bitbucket.b_c:jose4j to v0.7.9 --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 51c3bb2..167fc3d 100644 --- a/build.gradle +++ b/build.gradle @@ -33,7 +33,7 @@ dependencies { shadow group: 'org.bouncycastle', name: 'bcprov-jdk15on', version: '1.70' // For creating and signing JWT - implementation group: 'org.bitbucket.b_c', name: 'jose4j', version: '0.7.6' + implementation group: 'org.bitbucket.b_c', name: 'jose4j', version: '0.7.9' // For parsing JSON testImplementation group: 'com.google.code.gson', name: 'gson', version: '2.8.9' From 61168c191447041f2b33ddca411fa5fefadce0aa Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Sat, 27 Mar 2021 22:18:31 +0000 Subject: [PATCH 70/80] Update dependency org.asynchttpclient:async-http-client to v2.12.3 --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 167fc3d..be01e94 100644 --- a/build.gradle +++ b/build.gradle @@ -27,7 +27,7 @@ dependencies { implementation group: 'org.apache.httpcomponents', name: 'httpasyncclient', version: '4.1.5' // For making async HTTP requests - implementation group: 'org.asynchttpclient', name: 'async-http-client', version: '2.12.2' + implementation group: 'org.asynchttpclient', name: 'async-http-client', version: '2.12.3' // For cryptographic operations shadow group: 'org.bouncycastle', name: 'bcprov-jdk15on', version: '1.70' From 71052e83a18426535343b2d0b991bfc3ef7ed436 Mon Sep 17 00:00:00 2001 From: Renovate Bot Date: Wed, 3 Mar 2021 08:07:31 +0000 Subject: [PATCH 71/80] Update dependency com.beust:jcommander to v1.81 --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index be01e94..f1c4d44 100644 --- a/build.gradle +++ b/build.gradle @@ -21,7 +21,7 @@ repositories { dependencies { // For CLI - implementation group: 'com.beust', name: 'jcommander', version: '1.78' + implementation group: 'com.beust', name: 'jcommander', version: '1.81' // For making HTTP requests implementation group: 'org.apache.httpcomponents', name: 'httpasyncclient', version: '4.1.5' From 991b65b19370034890980322b77f005fc2fd414a Mon Sep 17 00:00:00 2001 From: Martijn Dwars Date: Fri, 24 Dec 2021 11:37:35 +0100 Subject: [PATCH 72/80] Remove WPTS (deprecated) --- .travis.yml | 12 ------------ build.gradle | 2 ++ 2 files changed, 2 insertions(+), 12 deletions(-) diff --git a/.travis.yml b/.travis.yml index b0df96c..eefe331 100644 --- a/.travis.yml +++ b/.travis.yml @@ -11,21 +11,9 @@ env: before_cache: - rm -f $HOME/.gradle/caches/modules-2/modules-2.lock - rm -fr $HOME/.gradle/caches/*/plugin-resolution/ -before_install: - - nvm i node -install: - - npm install github:GoogleChromeLabs/web-push-testing-service -g -before_script: - - "export DISPLAY=:99.0" - - "sh -e /etc/init.d/xvfb start || echo \"Unable to start virtual display.\"" - - sleep 3 script: - - web-push-testing-service start wpts - ./gradlew clean check - - web-push-testing-service stop wpts cache: directories: - $HOME/.gradle/caches/ - $HOME/.gradle/wrapper/ - - ~/.selenium-assistant - - node_modules diff --git a/build.gradle b/build.gradle index f1c4d44..9197bdc 100644 --- a/build.gradle +++ b/build.gradle @@ -84,6 +84,8 @@ test { showStandardStreams true exceptionFormat 'full' } + + exclude '**/SeleniumTests.class' } task javadocJar(type: Jar) { From c9dad1a1b366db27fc60cb5ff7788ef5cfc34cf8 Mon Sep 17 00:00:00 2001 From: Martijn Dwars Date: Fri, 24 Dec 2021 11:40:42 +0100 Subject: [PATCH 73/80] Upgrade Guava to 31.0.1-jre --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 9197bdc..23dbe59 100644 --- a/build.gradle +++ b/build.gradle @@ -54,7 +54,7 @@ dependencies { testImplementation group: 'org.bouncycastle', name: 'bcpkix-jdk15on', version: '1.70' // For verifying Base64Encoder results in unit tests - testImplementation group: 'com.google.guava', name: 'guava', version: '30.1.1-jre' + testImplementation group: 'com.google.guava', name: 'guava', version: '31.0.1-jre' } wrapper { From 95d01405641fbae910f9ab652a0cfa6463afc7cb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=A9mie=20Bresson?= Date: Thu, 9 Jan 2025 10:38:29 +0100 Subject: [PATCH 74/80] Update org.asynchttpclient:async-http-client to 2.12.4 --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index 23dbe59..a6252d0 100644 --- a/build.gradle +++ b/build.gradle @@ -27,7 +27,7 @@ dependencies { implementation group: 'org.apache.httpcomponents', name: 'httpasyncclient', version: '4.1.5' // For making async HTTP requests - implementation group: 'org.asynchttpclient', name: 'async-http-client', version: '2.12.3' + implementation group: 'org.asynchttpclient', name: 'async-http-client', version: '2.12.4' // For cryptographic operations shadow group: 'org.bouncycastle', name: 'bcprov-jdk15on', version: '1.70' From 939eeb4756834d6d8524d8a8d4c88bf452c51d29 Mon Sep 17 00:00:00 2001 From: Martijn Dwars Date: Mon, 17 Feb 2025 09:36:01 +0100 Subject: [PATCH 75/80] Release 5.1.2 --- README.md | 4 ++-- build.gradle | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index b9e31cd..746878b 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,7 @@ A Web Push library for Java 8. Supports payloads and VAPID. For Gradle, add the following dependency to `build.gradle`: ```groovy -compile group: 'nl.martijndwars', name: 'web-push', version: '5.1.1' +compile group: 'nl.martijndwars', name: 'web-push', version: '5.1.2' ``` For Maven, add the following dependency to `pom.xml`: @@ -19,7 +19,7 @@ For Maven, add the following dependency to `pom.xml`:     nl.martijndwars     web-push -    5.1.1 +    5.1.2 ``` diff --git a/build.gradle b/build.gradle index a6252d0..d369461 100644 --- a/build.gradle +++ b/build.gradle @@ -12,7 +12,7 @@ apply plugin: 'application' apply plugin: 'com.github.johnrengelman.shadow' group 'nl.martijndwars' -version '5.1.2-SNAPSHOT' +version '5.1.2' repositories { mavenLocal() From 9df0157d040838742d489bdd5267d5c756f3b8f6 Mon Sep 17 00:00:00 2001 From: Hadi Zahedian Date: Fri, 21 Feb 2025 20:24:46 +0330 Subject: [PATCH 76/80] Update org.bitbucket.b_c:jose4j to 0.9.4 --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index d369461..d92bdd4 100644 --- a/build.gradle +++ b/build.gradle @@ -33,7 +33,7 @@ dependencies { shadow group: 'org.bouncycastle', name: 'bcprov-jdk15on', version: '1.70' // For creating and signing JWT - implementation group: 'org.bitbucket.b_c', name: 'jose4j', version: '0.7.9' + implementation group: 'org.bitbucket.b_c', name: 'jose4j', version: '0.9.4' // For parsing JSON testImplementation group: 'com.google.code.gson', name: 'gson', version: '2.8.9' From 4a738bff3e8b90cd8118585bb868d600d5587fe0 Mon Sep 17 00:00:00 2001 From: Hadi Zahedian Date: Thu, 13 Mar 2025 16:55:36 +0330 Subject: [PATCH 77/80] Update org.bitbucket.b_c:jose4j to 0.9.6 --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index d92bdd4..37f311b 100644 --- a/build.gradle +++ b/build.gradle @@ -33,7 +33,7 @@ dependencies { shadow group: 'org.bouncycastle', name: 'bcprov-jdk15on', version: '1.70' // For creating and signing JWT - implementation group: 'org.bitbucket.b_c', name: 'jose4j', version: '0.9.4' + implementation group: 'org.bitbucket.b_c', name: 'jose4j', version: '0.9.6' // For parsing JSON testImplementation group: 'com.google.code.gson', name: 'gson', version: '2.8.9' From 290c0d61d0cfee738c1aafa2b44774cd5eeb6650 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 14 Apr 2025 19:07:57 +0000 Subject: [PATCH 78/80] Update dependency com.google.guava:guava to v33 --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index d369461..5afe902 100644 --- a/build.gradle +++ b/build.gradle @@ -54,7 +54,7 @@ dependencies { testImplementation group: 'org.bouncycastle', name: 'bcpkix-jdk15on', version: '1.70' // For verifying Base64Encoder results in unit tests - testImplementation group: 'com.google.guava', name: 'guava', version: '31.0.1-jre' + testImplementation group: 'com.google.guava', name: 'guava', version: '33.4.8-jre' } wrapper { From 93eaccad40c122cc022b3ac9dc6e5a27d1a989c6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=EC=9D=B4=EB=AF=BC=EC=84=9D?= Date: Wed, 21 May 2025 16:02:50 +0000 Subject: [PATCH 79/80] crypto-key header to url-safe header for chrome browser --- .../java/nl/martijndwars/webpush/AbstractPushService.java | 6 +++--- .../webpush/cli/handlers/GenerateKeyHandler.java | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/main/java/nl/martijndwars/webpush/AbstractPushService.java b/src/main/java/nl/martijndwars/webpush/AbstractPushService.java index 22db83b..f3f25ed 100644 --- a/src/main/java/nl/martijndwars/webpush/AbstractPushService.java +++ b/src/main/java/nl/martijndwars/webpush/AbstractPushService.java @@ -166,7 +166,7 @@ protected final HttpRequest prepareRequest(Notification notification, Encoding e } else if (encoding == Encoding.AESGCM) { headers.put("Content-Encoding", "aesgcm"); headers.put("Encryption", "salt=" + Base64.getUrlEncoder().withoutPadding().encodeToString(salt)); - headers.put("Crypto-Key", "dh=" + Base64.getUrlEncoder().encodeToString(dh)); + headers.put("Crypto-Key", "dh=" + Base64.getUrlEncoder().withoutPadding().encodeToString(dh)); } body = encrypted.getCiphertext(); @@ -208,9 +208,9 @@ protected final HttpRequest prepareRequest(Notification notification, Encoding e } if (headers.containsKey("Crypto-Key")) { - headers.put("Crypto-Key", headers.get("Crypto-Key") + ";p256ecdsa=" + Base64.getUrlEncoder().encodeToString(pk)); + headers.put("Crypto-Key", headers.get("Crypto-Key") + ";p256ecdsa=" + Base64.getUrlEncoder().withoutPadding().encodeToString(pk)); } else { - headers.put("Crypto-Key", "p256ecdsa=" + Base64.getUrlEncoder().encodeToString(pk)); + headers.put("Crypto-Key", "p256ecdsa=" + Base64.getUrlEncoder().withoutPadding().encodeToString(pk)); } } else if (notification.isFcm() && getGcmApiKey() != null) { headers.put("Authorization", "key=" + getGcmApiKey()); diff --git a/src/main/java/nl/martijndwars/webpush/cli/handlers/GenerateKeyHandler.java b/src/main/java/nl/martijndwars/webpush/cli/handlers/GenerateKeyHandler.java index 6ddf519..1747adf 100644 --- a/src/main/java/nl/martijndwars/webpush/cli/handlers/GenerateKeyHandler.java +++ b/src/main/java/nl/martijndwars/webpush/cli/handlers/GenerateKeyHandler.java @@ -42,10 +42,10 @@ public void run() throws InvalidAlgorithmParameterException, NoSuchAlgorithmExce } System.out.println("PublicKey:"); - System.out.println(Base64.getUrlEncoder().encodeToString(encodedPublicKey)); + System.out.println(Base64.getUrlEncoder().withoutPadding().encodeToString(encodedPublicKey)); System.out.println("PrivateKey:"); - System.out.println(Base64.getUrlEncoder().encodeToString(encodedPrivateKey)); + System.out.println(Base64.getUrlEncoder().withoutPadding().encodeToString(encodedPrivateKey)); } /** From 6789cf237b3275d26a95661d6a87e5561d4cbf6a Mon Sep 17 00:00:00 2001 From: jihoseo Date: Fri, 4 Jul 2025 15:48:41 +0900 Subject: [PATCH 80/80] set default Encoding as AES128GCM --- src/main/java/nl/martijndwars/webpush/PushService.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/nl/martijndwars/webpush/PushService.java b/src/main/java/nl/martijndwars/webpush/PushService.java index cd117dc..e15647b 100644 --- a/src/main/java/nl/martijndwars/webpush/PushService.java +++ b/src/main/java/nl/martijndwars/webpush/PushService.java @@ -65,7 +65,7 @@ public HttpResponse send(Notification notification, Encoding encoding) throws Ge } public HttpResponse send(Notification notification) throws GeneralSecurityException, IOException, JoseException, ExecutionException, InterruptedException { - return send(notification, Encoding.AESGCM); + return send(notification, Encoding.AES128GCM); } /**