From f8f9b1c794dca7e9b8316e40196a9dac59b3ce86 Mon Sep 17 00:00:00 2001
From: Jan Philipp Timme <jan.philipp@timme.it>
Date: Thu, 1 Nov 2018 15:37:24 +0100
Subject: [PATCH] Autosave

---
 MA-Inhalt.tex       |   9 +++++----
 img/Deployment.asta | Bin 7449 -> 7461 bytes
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/MA-Inhalt.tex b/MA-Inhalt.tex
index e83f72c..a4d3254 100644
--- a/MA-Inhalt.tex
+++ b/MA-Inhalt.tex
@@ -302,7 +302,7 @@ Damit die VPN-Serverkomponente die jeweils aktuelle CRL der PKI über HTTP abruf
 \section{Gesamtkonzept des VPN-Dienstes} \label{sct:whole_abstract_concept}
 Die geplante Konfiguration des VPN-Servers und dessen Platzierung im DMZ-Netz der Abteilung Informatik wurde in Kapitel~\ref{sct:vpn_concept} bereits dargelegt.
 Ein Konzept für die Installation der PKI auf einem separaten Server im Mitarbeiter-Netz wurde in Kapitel~\ref{sct:user_concept} erläutert.
-Abbildung~\ref{fig:vpn_service_concept} zeigt das Ergebnis der in diesem Kapitel geschaffenen Konzepte für den VPN-Dienst.
+Abbildung~\ref{fig:vpn_service_concept} zeigt die in diesem Kapitel geschaffenen Konzepte 
 
 \begin{figure}[ht]
 \centering
@@ -311,9 +311,10 @@ Abbildung~\ref{fig:vpn_service_concept} zeigt das Ergebnis der in diesem Kapitel
 \label{fig:vpn_service_concept}
 \end{figure}
 
-Wer aktualisiert die CRL? PKI oder Cronjob? Lösungsabhängig?
-Öffentliche Daten der PKI sind via HTTP abrufbar, VPN-Server ruft die aktuelle CRL via HTTP ab.
-Warum HTTP? Weil öffentliche Daten öffentlich sind, Zertifikate sind signiert.
+VPN-Serverkomponente wird auf VPN-Server in DMZ-Netz installiert.
+VPN-Clientkomponente baut Sitzung zu VPN-Serverkomponente auf und benötigt dafür Firewallfreigabe.
+VPN-Serverkomponente aktualisiert selbst, oder über einen Cronjob, über HTTP ihre Kopie der CRL via Zugriff auf den PKI-Server im Mitarbeiter-Netz und benötigt dafür eine Firewallfreigabe.
+Die aktuelle CRL wird über den Webserver auf dem PKI-Server bereitgestellt und durch die PKI (beziehungsweise einen Cronjob) automatisiert aktualisiert.
 
 
 \chapter{Auswahl der VPN-Software} \label{cpt:choosing_vpn_software}
diff --git a/img/Deployment.asta b/img/Deployment.asta
index d7d0f5e4ebcc59a3d71c35b291abf5f7d94e63b5..2ba0973fbeba960cc6fcc09fbd6f7abe8f926f38 100644
GIT binary patch
literal 7461
zcmY+pRZtuZ(=>`Z1PdBqfhD-RyDn}aSa5d>?vO=->tbP%Ai;fccXxLW65RQp_v(D7
z=VGR+yXLa1x>_BCh(rj7hK2_B!QWH`?*9PuzgyPH!`8z`%fs2ta^DEkpK!h<Zymb|
zjk@hyDC36+<K+ZYbiD9>5dbbgN+LIMIcIrY(aZX?aNY3dD-_9T3`bj8f5XxMz3{gZ
zow>3_aEXnhB**}nO}!>mAB60OsXr>ZnVFe0cy3|+oxmxuv-L$F^YNhVAn0xLdx!f$
zc4m7Xff2Y9kB?d=Hc#j5#zj>hO-K|d%UQqmXEzjD$2O$l(Itr5BM1aN9Vso0w%^>8
zDz@h8ze975^c8Qe!=<SqA6>I$Jrqm?yoeGh0LZwU#*xK#82}^28=NFO$3iA(C!eh+
zxS)qp2#6n0eljG-#V=9Yv4(60HVsHF2X}ayMyF{_SRf^0^2W%BGg|3cAhd8Rc8mYm
z)0lfhAjY>HArUknXu&|Im-h|@4B&>3`&qmbe05>Lk2{{w440<@pM;mF3U0Ek$8|of
zbfsPhq4^;vl5Q!Kh2H#%WsahRipyXIvPsB3*s>wKLtq5}@;DlXra(KVS!wE8Ql<Dm
zLCz1-&Pnk?Xa;nN)Eullm2nk}h&>!i^;nCG=o|u;BzNsiM{D%G7Z6kVM=6I^g&Vg0
z&~A=V@VH?Ag#RH@Vl^?LbUuGSUuit1caCOES{;oNSKe-)in*Gn=*`3zUauZwSr5qy
zJUb`A!WIEsT%4>AJoXYgZh5(XuV?|k13^@73FE0v{M?_C&n-2)=%}8B7*Mku%$i?Z
zLl?%k{Zp<@Dd%+rjZDy103WK&9NdvE?`?2eTsT-H=IfW_Twj25LXdr)x6^s<bQa$C
zbbQi61KjC6I2GUNJlxQN=%K4=777|fWlTnzw=PGaGVrNXeLBvxwofq52$Ut{w`i;w
zO_`SDi;#|sX<83nP7#{!VNZ)i0+II&VuSDS{q0ZU!28h;m#iPQAbO<$?R%di0pJ6v
z@o>kG*&PX@Ac1y|=9hkV@=mhWc~uJ?yjO*^eHqQzG|geY5&rpgmFHo(NX+5G<y^Qh
znv`jgaZR36+qC^m%D9hxxWm;@ntU7fFfh0bfS+7$rE}=pY^XhM*aB%Ofwb81x{oR(
z{;@rnj)=hgnu1NSgSTpfVe9gNOvhdfu5vCk?L;t-h@=FWb(C8V397J1uR{j+fha<U
z3=mzTkOG`Q-x@cvaiB~wRnrcFAFi(-CY%bG&IT)`(FH_sOwuY#b0!$mCy7zj8dw1S
z$edHAWtP`>pl_S&e{*~=YN}Yh+-s~*TaJn?l9}XSb_tP#l%XYbC_xPh%%ab*kYxdP
zf<0HJz)I|pnQA)b_%U}(kCH?W)T7>j3$dd%|4Mk$x+0m+6s5NhiSy7zN#Fw-A1)0i
zm$QiMY|0O&Ts>_m80HWZziLor8mN=P&o~(~(Uzog9EWWaX(6J88xBqi2gojO&AB^6
zo>$+f*oT?Ad^5HWO03W^`mktJ&!qaoEus;20zCft8`<2(Sh^|=$;6_$j88e)QkxDU
z2$vas?O92cmw_N-jOFK#lTd?Cz7|~J;vMy|$2o|)-;-IyaVLzMFAY3;NM}eE<H{05
zt>QB)XLGp`vw=_gEf~M3<kN6Ymyy|3d>R=F(MB^N3H7a#lZ{7_2Yj;9D$U5th+f*j
z8O+!K;<tA_yIfIEj3U{<gXE+73bcx4Lqk4&jdF7uC(S&}=HNmt<#F@Zqe3HE(2mXH
z;gZKy)V_cloB=o#M<mV`-;HF4I+f~A5ab-#Ol<R5W9XHX!l1wR%t&P>=KB|NrL5Yy
zTv>A<t!xT+m31!DriJ@hdVc$jLD}bys9~5Ixv30l{<J5I0_g+7@kCYaw;4cvypCsZ
znbd2I*p2*?3&?GO+ioq9NW|uS-|(%;dCdg1ZjE-uQ}4tNSSI)Ecf?e0Br@lYaKc1J
z8sf?gzn31>ms03kFFT!5N16ut)O#NlWngUQeM+HBD*Ys7flGZ|p~buTcyL(N5lb;t
z(u(qUD^H|){OHiE8RqcsRr1WF0KpRU#U7?<y?jEyp}#bWZS34Lr&CBifNytVUAe&P
zu-f3uWhXHAuCaDgJrqJdEyX@B6^A7Um&9b0S9fN1K>Mz1Fd{Dgs`_>jcf&4Ol!9mU
z%CmbNV=0sVITHUB%<iQ53)BKfmd?<NTdO$MpEMkWnH3S&5Fz@IwYnJ?u(0XWNFbU9
zmDHZY)3Q}p^vJg{zWIVLT2t@?A6`fOSwYmD?qdZSrIn7Wcf$N?FS3uSi3|)99+Ig*
z_|@Y3zLX<!cZBpjzDALWL^?4&L35|!@tYg-PaEisk>nxssKxKXFTvLdA%cdqx+IAt
z1oZMG>w8Z&Y#HCuTETaFVYJH>Gm4b9P~iL@a1wC4)1Fy`(M_o7u5!KLuMGPfP1)q{
zMg{VYFZ{#(L>75f<aDKJ;Mh>vSsG?q*mhw3%rdkiSbnR3r<Td;Nh3lEKC<GAl4ec^
zrQ}{q*qJt)XE!UYL9x@;Vg3q}YN_O)PCQ=EY2v7LZzTPIbjWqB-XaQV2@R%^ma<T8
zQ$@S)Eyz$C%~N-Jn#<}sfXXq*dbMPBXc9vAj8NiOH?QE{E6Go>(sqy9Tea$XAZ96p
zO}k_(!o(sI%S9>y@^>|h_L0w7YQH$%{6ROH0+7X~8v4E9EatfwnRV~%wnezO`vfou
z-W4bpEbM=@EEsL(xGE!NYkl#Gr;l8u>D7<yl6}ug6)Nj2b|?TQHJ@jkHUy+~Kwi7T
zyS-X0(;78n-d$Z*uWBkl15{*F0fRgL)9vUlRzL01@?W?)KKJgU<^|gGsVxDHNgB!-
z+vJSJ?qmyVcfZNJfi`_?!W&9_&%NhsBAI6k(B-y}Xt!>>sL!YL?IRDN)k(;C0|lpf
zy4cP3li9al+-g8UIk;Y<udrWOD_5%%{KmPo9c-uLo8*5ZRstD06B5mXG4pvDr!jej
z48pSNLc5w$+qmLJ@=WrvrTfMnysr3s-h#E)+`7@Vv_F*_O6&r#6NW+_&T=}RuK%(k
zvYWp6h8I$IMCT3z2BZWbTz88q6=DyAyd^(j`FvMM3X;L4!zC)GVSZvnY7q)iGSHE}
zmw~kGa(2P*rlp+xYsA#E1{0b}iC>pcwP_e;lvyff^p4p8lI=FOC-c*D&=}k;LWdgp
zNLx)Roh^;WMZ0V#*)VQNKjM=1N$sp+D3P4&Qh9_#_1>%fz=>}<1h&0RL3`?K6wX-Y
zNjP2I&Kw`hyBoC;CK3^2s)C#$Kw;Fnhi@HdqB>IcQQD=@+`!ps4R$>+Pkbo>_n1?b
z6w?<wH(cI8lx&WT6fPnFm%Q3o%gMU{S!F$p<H1@NK1zr}|544R<0k|QzWr)`g7|Nh
z#Vct&uI)R|)Q4Zsvb1RQq+73r3QNpP2?Hf=iAQ{82(L;Y+P1Tk`EufdTVr4=hNzF?
zV~q>C=|jIeD_{qM*x+S>8Pp-Tbrn!8Xx&@4npOKV30!VQp}Kul)feQGwa2jJP@}BF
zLk7R!nbt`EmYwV1Q_E~Kz002SjkklRuf{Wb)h0;YF%yV2g^2qn#v0i8{WC4~@<=oK
zMS61`t7T`8yg~12X8k-I^dc4%)LhG~vXFkkV(jL+CQ7z2nv|j^K5}>_L*bOR!<FR$
z6N@Rva(^S$nh;-o6m(9~fw8m|)+VSyLPCUr9hRL>r?i_DZqz7bKs@43BQq0qrBbXZ
z9;}qspfxPA=ib6Ui*)@&=wsWkY|UkDuF~11=dqLJRI5UEM#az@DoE0swlz(F_Er~y
zd~3$TG~KzCy}Hpc$=MSEemUQp_6%9$bmJDT-!}GQ^vCu0RNlA1LQ@n)yIhs1)*=GZ
zM=?wvo~`^<Hzy?#qR;Tq>`t?h$0{L$!x~?&1ov5!GtwAGJ$kygNM|4<z4Q7N`|u6&
z6YQK&c(BH!m$BS#)pnt)iZOmotQ^mIiB06o5%IUt)XJjC=>0w7FJ3%v?dHnx@cHv@
z!KPDtjk>hg*CeuKT5Wn7zsX~f<A1Y)ff{?IBm?p+as3>-&b*c{a}$#fI9Iy`1;hP}
z5C6!|)0P&}eJ!TyQ%{3~e4|bVQ9moZ#N6&$4r22oHi~HmVQ$xrv^d)NcDx?7^}sB$
z{j$_Nsjo0jg@1m}(}||4=>Z1m#ok_O7$GViNw=4ZJqRU>kuWcbu?14vPtPt-aYo;h
z0^`VnWSW7gRi26u;_~M##w=<p4$dQdN}BHfu9qhEPGk;UmF63eg?j3Sn?=Z#(K~Cn
z@hDFZ8cyKeFrr*lM;xAh?fHc+d?cVdQM~3aq32NI5tWRS8Cc4dSfmsPXI^y;3Z@;e
zE-E`K#8tMmjYRJuMaN@fMGlws9@)jqsScL|!os)EDRy{hCCnh2l+G65d=A!zfpj~2
z!_*+go6*yF(Hq_MJ;*}K?~6yTyqaf?PKN{;!=K;y_BV9rPj<vR&iY5TT)lB~O>T9u
zDW+MSRy?ehM}#*!n~e40S)k?W&Gp{JH2aZm{Cth((saKu@}$hR)~mF-{I#fEOSf;%
z7nU#ZtKOk+a^WqK_^v8>bq)i`V{D7j7sg*X9v7}f9Jq#ad%+e%D%>T)RO0DG20P%H
zy$*V*M*4gBU*AY2S!BhVUEo3w0p66M#6XkxM4W2R-e&9O+Cg3mK82kGLD8<ZTcUvo
zTX<b#r1vrS=R6)bd!rUD{lA3BV+>IrGS2o>;IA9PSG8>Oxqbk=DG*WQofVq>lW-EH
ztQP|xeEtR1PrUsd8!l+E#!bXZ0^9FcX7}j0U+HBCR)4a$xvv!jS&qk27DuJ$)mOLu
z5xo@3!-+2ra-Mxz?|7@I6L-5<HNwIvmW1x`zCWC@iyrFHZR?;vtLy2{eJU38HGlmx
zKTY1T3Mva5dTLSS_9Zv&4nO+Lg*%jaPGtKT*D64;`dpk)hQcl&)_L^l5$L}f1bJ#q
z7fN=v*GO>s5~%t)&@P@nJ^F%}HE8XlSe}o!&o-L3NNM`7#CfKu2T$wEO+Go@D2j5X
z$fDh<?h8%Do8Sr^?~nkxY3^XNw7R()b+COIuy)G>-tD8zS2*Tt8{2?3m?qT;H^Hf{
z<;Y#Mb1lcX)v_@)`82uR2{3=9)_pC<iqW5~VRO*!*%m83CYNh~bE`Z1%Y^Prfc&Iv
z$!jcr(d#+vwGyNjv@x%9Z)LT(4;oRI2}3Gh(ivxmos*?;m@heqlh$+k8Ay`wN+D0r
z#~kZ2vUgR|{H2rxMwSW#IOvN4a4|0zGAw02I1e2<r8I^tr|YmtXEF%4{4FTFog};1
z5aZY%u)Q?!esXAc{l#UX{+G5e?E#dX=HmQ!dAIg`!`8ZEd3pDd%mzJ7#x_dWs{XHj
z$D!z#+uAkS^~pdm4H=M=6`n3$l^AcMXHGQ<+{bZKpl4_-=%+O+eEJ=?0u;zMpD3Hg
zXGu<n!Dbq0{2m!elzy?)?_^o<gW3=)DXzPyG(TWofS{an;}a0S(H}jduBM9tWkKhy
zO6~RcQ>B(l6^%wP-uo@V+lUGjL^41j($a(gZ=T?R#*r`e-H*U38e`~(D-VNuP7{!4
z2XXOCZSL&m^$c`mc7sov@Ffl<_r3lFu#NxJ#(nB1P7%#unc#s1FvbMQYNG5-)&$pI
zRmD-X-A8m(o@90he5q5Tv7QBJkkqzVn4g`qPuP)|{ZH?yd$;o0UQ_*$?TMFfU-?s(
zo6VsoYNd#3y{c<a?P1sM4_tVxBnFOv_nP9zu&Bz9FEvzW-VUg61?e7G9NAOwT^1Ny
z3pNRY6sVa6`-Ar?Fy(sH^J$OGQsS3iWWI`onUc;MS4+doWcKz68MMg*0JSmaNn-}V
z`+IE`!|-kE^S8>e6}}<|u~W#u0^;XqD&$p*gp%_MilUf}zfT()BIjCOjQg?JTK-PP
z#){j`%{@G(j<Mi(>*}}fLe-Uz`<+#P{f3UOoPD=H+_`f|+WhB1v#HxRspc0QJds`1
zcaX1IS~=XhH<vBRpJTamf1@5`wD~iu`3a$oCm;VJHLmfV)oQ}4OkEV$eRv(*K>47=
zu0c<4rNGDuiJN)U(ahj;GsQg35k_kvI0iI54%BQy+z&U6=F}#fNewVg91}cv+>qNM
z7&CFC&b{@AZVhXlgJ$6up_o)yLQNOk5~}PPzaJVRIkohQGs58KvJ1snXL%={TM{aC
zntmJ%371k|38CpqUka`Xv;l@2;X*|c+OfNnU7`=M{iG+Y`Bi0qGTp^ZP8PJ~_PqGd
z=|A=-Gca`~Kok;@DWfOYb0vuP?TuSBn8rg>np(nEI{43%{+NB+N!l4xv29fE<$csB
zcC^E&Fx-mRR9gHgActdT875Qb_waB!w?c)}U7>6<1tr*&epV4gNSlPH3EgRVNpev7
z`ZEst+E7x?E#J#%VGS^%gt<@=?a<TT1u)j<{!l5p^~gSt7Q}upLZ!#e?t)>-)05+i
zaVy%6RA~z7yg}vo6;^zQQpmIoe@NUq5tiML<!j~+79r^r(!KXL%%`9*g%!T$?+7E6
zSwq!D?Q!PQk0lx`PxG9HPyBxWNA@8xy%Yj@OUPItlrO*f-a72+889Q8jDDs))>5JA
z_TNaRY?@Ia@q6LZf5Ys4vSB>o#(RFwxyl4DBQ(vG0Q7oB18W?|T}{SAFulv?V{qFF
zZE*h8E~l++wDnb4=oIhgt}L+M8@u@E8a{Bl{)I2(LWzQvRj{GHH`EtqVi<$GnjQ(O
zJ7KIf#>=BBgSG2YYGjtr{YVZM+G=n*w{uDaBB(somjP&E;M&V(D>Z0bM6xEw%D6CH
z2kZOOjpXWNl{^-Y0#6pfWEYiR7HFC9a<=-Ix}1+<#2srsp`>!Qx}zc>O1s^&Qdq8j
z+;ebhqVKju!sm<Zv)-K?$XhTvX_|3W0Zook$dbHbxd1v_O6(nFIeaoN+WB<e*Wvuh
z)90i$kgvfXVTL&j*f7qNg3M8gH%I~At=V%@3SE;$A2M3Y9ICK0SMGUsJk}I(__-64
z3>9dLoYbW(@{U07cjPZpbiE_Cr%(IG%uAR~$Edj$O8@;Q!^SSo3TuX*D<?XXT~*?S
zE+_9u(T9Z(AK`n7FXihw^YbjD0Mos4T62S$NtJlzO7wDZy54d?QHN}IjZ7_vdJgEs
z2Q~o$G9Fr1jL-{J%~p$bH<oL71me$aW&}Uk3lrS_{OCY`y5TSm6VFbGUdQZSD2ZPG
zy=-0NZh~@&Kbth)1Yy)UA3tRqMbz*%NRfo<f0ui*ABN3F<U}66&gbYlVyPTQDOSI3
zBRK>Wa@QE?OwM7ys!>0DO^Hy0oYj(Lg!We%)BRH+1NRjCXYkxSsZ5IpQ-mS$(#=58
zDUeE*!Ax#0uL(&IXKSq}eNpL>pLmWEw!mddIg>r+exMI?=ma3DNfZ?$2s5;4HXICb
zaRg}I$rmC`LwvqbFujcOEdB+FXYIoL35ghv=>FZwOKcwk1oGHqh+xlm!AJf=xGnvV
zfWyC(i+`&I|Lk<YA@eBgI7S8cbOuX6ip@2D425Rp|0`0pQTF=Bo4eNZ+WK=ipp~^z
zEi*+X&rL`&&kf3b%SeR$Ptaj9@>hJ1so$p8()!fPRGs@8J>z0o-M9C<8oJ9F+%RD2
zI<|Uw2%~VQw&aSEb8ql+lmKW^JZ?dbbcwi(*+q1wy@d#7(H4u3T=laeY3aEce;S}z
zU&+O5!QvfJN?X8kvWPqM1bvGv1vO^-zE_V57eAWar$-imQ4|N^H0L&gl|#04U!k`G
zWU1cMPq3b|UAGgQ7JZZo5s{tseKg##LUXtplUXgeLa9z0qfy-Qm<6Maf-3JHX=5%8
zH@-d_HJe@9RgyED!Fos1ns64mfzvP)+|!tai`FUM`j^W?vPcr3BYYCflTNrVG66!j
zEOe?*C~LJ6HEaL67YJ?GsX`o-J%B;}i%bk$KNd|>&4OU4uek^oH%W~PR=?w7TXS+$
z{3wuar{jcvef?2Eey5_GKS*RO+?@6}>o6zjD1N2aJBcTU5+(HS*E)C=Q|@}6T6OQF
zMWV|)mn}5+POcg~RDrPDYCOrFVzgFM;_`e$OU&8FtSKgNZ+q6@>VOsrJIUL=Dxatv
zpqE3bTM!l+aaeuK?(KM8bWCsVGNuMU_&lft;A9`g`-z_#6;s$bvk<%(cyv4Shs0z{
z#mTY|9Jh<Eb+!7~%>1p0TI!}8WlA7OGQ|87(mEixzb0-Ow@Y}O;+a~2O5;Fa)@9ou
zzm!Aqg~nCXA1q<V7+w6R-+4p&&8RK_^ro4VTukCIjeeo&n)GKVmL3s{k%Pq_bLuWs
z0ZW_v+NFC1Znwx3^*?{3;gldi?!bXE+f@4|VnxNK-+*DK(sQR$ORPMYG!%2PB$aZ(
z7c_HBn~u}6Fv%~VV`0Mv1pi_k;)-~(pXp*aW$p3QE6RFlk<NstN#-W=?ApVwn4Ye+
zbIMYN66rzCxA+?o6k++F?H`nKxxWEnt^erxwrIy(3-+R9KD^+mvcEx%*90QKNjz^h
zH8>2}SiGpcH4UaAaqY89x=q1yxooOyPlUh7f2d_s`zxCfMsY~R``OZT@YE*eXJv!C
zW)|h`)=PK;9*pEwLvVhj6)+}Nt8fgPC;8m<AEc{08C`xaPrP!6=HZmWA#XF=+L`0b
zEKV$=Q4w4x96326`;tvjiz1_DCK!?bcK#!0%RcCwX2vZl!FoZBYy>YTl!}!^DQ@>9
zu);HAA`MjEA;rVavFPbP;Ok4tjJj|NW&6E>;zyWl+`$i{7OQ#22u#|6WS8vkInx)g
zz`Tdyv@OBiGhNph+*;wz_zkACq-F}z^?@jH)uxx}!L`!k+lw2DX}L@*pk;{Alc1bh
zUI^^3J^X>30~vmZ;ap@yf(sb*r6S}$IRtL8&_m&KLsHqFi;A0<kf((!p#NWdo!SNO
z=hucI5<M@io@|fl=TphJ21hb?r)~jNo>t}w>~8^8w+KQtWt;*FYe$v#Bw^xGlf6xs
zW9NwL6>pGf{SaMumPTD4UziQyXHKKf#|=Fu)t3ESdZ&S|+3*C{46CfOMDU|_3!I2Z
zp9za-V@WVKaRc;U^1ZZ*7L(Ul$eirh!(8GljnZ<vPEIF0(1s{uH-Jq=sa8+ryofLX
z#M=>Qh9mdcf`Kr>*@AE33d8G8eMpq%b#_R1?}|DwnG1@Ot4O-l`c?f1K`Yvoy6&W$
z$xffYW#2=Bynb#nB7^8bmF38`<Lm3yxQ)YQk~tak!c&$uU)hJKx{M5gk-|QWXaf0R
zwNG^Ht|?Lkx#T?ju5!px1<F&gIor1?0hd`JJv0O^6F}s51pOD!<#q9g?d!>pJ%ehG
z#km|S$%BF3nZ#{1EC0}PKLi&nO5CBx;>M8g1*F}HVqcwBQe4ifqP88)orltb%{o7X
zTDnAU;(@;zV7h}Ia$dbrfA5M6b%c7SG7L47#w~Q=$qWboDQx<^bK%+j_8C>iO9boR
zLGQF#b1*$$wRy&Gtnjl3^5#oAtY;0h%QdV&O-)U5sAJO9BWEKe%VJ_e*^$<6jqg3z
zKo_Kt`j(pyF1I|{I~OBem0HgkC_Y7B<;0tx`~><(A5HVhUO9lz*x9Pi03LRi@4;h%
zcoyZU8loXhwLK@Qeu$q$3$U&n6GQ_i8xZescLJ(N7bW2YcE5}&85o;>qc*;j%eG7S
zR%{h^vVtmU;VszGu8=7<MDlSv>z!B~go;K<?=F+`2@cK^3<swUf=3{P`~P~)|I7Wa
d*ZlwE|FoRyAY_#Pk?{YG;D3AJzlU&e{}0@`eLVmG

literal 7449
zcmY+JMN}M28>R8!?iQpWxDy~~<L>V6?ht}o<L>S*0U8Ms+&#FvyF+Lu-)!ceTZ^i5
z?me}57w@yU%5t!9xKN0Qh*0vbCJIphBb0w{2}gGucONx(Cs&ID0~BxEg|7S!G)fR=
z-y6->TWnv8JK6yXrbFnUKrHN(bQ4djul%Ez6XsT5SKv}25Ti7$<rr5_Q+3y>W~Ox|
zYM+U)7<Kh#<f^F%Dk_vemlik_E{+R+aB}j;Z;Vb|(yse$83-v_Lfj1R_<KG+{!VAQ
zS$YNl@2MfO%b^tP4*t3G{d_i*+xH2$gEPTRnJAG{hfq?p{zsyS1W8OQ;!6#Nj$8A?
zRszra;RF}rzG&=!aF7vfGzVPL=72#v%P-<_`M4qj-b7hdRxs{p>~tdGEs3@ulhqOr
zU>vf~ae*{yr33BSh=B0u*8^s(5Y#nwLpf9%bd}~DS90n|{RS~WxGcLE)!uZr6moYM
zAifA4r>#I*ZD@oqYotY5oBR+dI71xs>lNk474eQXfYdDq4>7(Ma{);u*R}io_4AK|
z1+3~VPs~SKs`2SWb?y@&(Gq565vw$c(3Dcx%L)t3$110C0<4rt%9=8FD_<|g3Up}%
zPbcSP(9&oGX=rV@G){&hvDWZn9)bxXjc(A{8605_2kQ4t9p6{hy~T-^Vn0f-0RTb6
zIY=bZVjyl^)vA!w2yiY@s(j2ntFSuo(xq4_QLT+dqch>MTSh-TkJ0&1@5^sePxD&1
zi0Ijj-MWVZ6&EMzgM_w>gvn^oy#t*{0tO90{YjZ@ma^4UPwqU<3WfQm3a{Kag}_vS
zbp2~FkA(A~BTCS-PgBku(KI4o5-reCLk+|F#5sYkA;W|0#0L5n;hE<#vYbGW-Gy`a
z(v>RK9fj(3uUv-p6-V6p5B7=zm)s{A;dz;;NMYyfINjYSii^?^E{%h7*q?NI+cp@*
z@sX$MxW5z^^dn21#jW6j7gib~QD<P3d<!(+vbyv99x-}+KX2VS*X5=ni+c26k$r;y
z+|Rh8)S4kUBr*k;+OV$izE1X$^>abdd<k1jChb66H6}&1A3VyFx>NSUoTMNA;Epst
zABe?ZlV?ev_252o%Y-qEY?@%Mt&*tRoDLKh*T4kbuD*Eqkh5TDa4OYVl2=*g=}vaa
zsshgVz1<57gCtgFfaHy_WeEsYa}~PL(9Wg!&Fa&G&A&yMt#$H-s4yjp*b3*Myc_6h
z=Af`*B#M~)6``CALmGXQ!(o-*;Q{k=v~nU(5^husI%%j_q5|=3Xp%tRFzK({l)ofi
z#bozm5+?LZ9~2NjFTC3J3w!s!#`Y|OA7uCw!8wGOrtni+l4=Y7KP$tJx5_e1`Ne=(
zkw4-R{0QT0#0t3VN2~gHI^e%8OLn~9_fmRYdKvO=M8&MQQbnWl`1+05&W=!E`w@~L
zCK4L4#TMC&iKV8=vr=zJ?B8?L4=c<9xVwxcg9vhcXtI-n(5$n}1(Gr0KtJ0kB$l`T
zxH*B}*1Gdq###D&GY$_c(2<Y_P^ly@g2nx*B%p7Ez6F%=d9OvMvdfN$#$3CR%{bCi
znheA6R~cBWuWE!zWWggdl@v}AQU;#t)Zb!a9fuf^uln9jttIj)ihYeYS;L>Nr9{XS
z#Z>?}M%J^jkB!)AW6wsr(rYOcQmL3~ptWeCTkMN4z_G<hc4=i7Nfq~D#<f(cGsP%L
z*gFlI$k$_mg0_F~zEB)l{A~^_#Sz~v%xvn14ydaUZ(ll!V|6}^pO#>VCH)LWf<t>)
zn753X#uLY0SetI-LgcqL`FpMd+hkd!SCxDxUf!PN#ygpdgm0Txcbw^?jgWZf-q=!}
zu=1NpU#|SHE*iV*%wFFe(S{Fp(Xjm@zsz?nNCbAQ3E=?bBrXVlH0OPkxZBc7o+{4R
z=k-}r!<uk0!bJLWo!o@4WDNgY@Y_X??!X76b?aw{&Qy#$S=uW(s45Xc-hu2ufblRP
zWgtO9&E_~1|Cb{%BU3pZ%$4K{-LHC};>QZwx>fDhyE0}V`bjU1fXSitx&C8{C%)$v
z+mnL&l6ap7Rfo6qsA)$wwt4XJQ%gv!Z3?qN`H5_9YOCO@WWNZHcbALWQj#N~Tt#Jm
z`=9lWi{7;{mHt9V{O)0>IQn{|qHjCCt2x`>1oe~GoDG5|!k5-nRmjVU7xIU*wKfq$
zX_EBQtbDRk4dAtfGv!#!&m|egp!a3AO`Iq^;lh+WEoGS1Ug+B*zURl4qwihIOF-A6
zqB)CHNJS)d*<3;RvD9qmaWy4^u@nXkOjW^SqVFLwgDRH5MAgAHg<V1f%5~1~NOv+M
zSkA-@$HWb8v{mF_l!z*tBH7-+Itocz=K!C%_k#t(S@Dy3;E^4JMY(xF{#^njOrJ!P
zFfjv{T8eOEpL<rnpn=1Q{(>G(iUW2|hTNtT;87Eq1laDeV-%qFqpEkAtV8lNrLe_X
zI8xIqA=#?#**8V`IlYvhq%J2e*;{0jn2NP=t*m=uuVVC@`dWop2d~MmLKG<652mB3
zR5Y@L^0_qTPnCOj9v?}o6n^%p07t3W&bTa?g<i|<->x+5fNqtyJ2_TcfC#o7VRiHj
zWYcSl1|9c!EDVv~sz<DenqKna!96VweMtLOlj%R8|A6^yOC$;dv(X(l-$Puq&Ut;}
zIf}xu&gIGR@By?Ls0B3LyzGOWI6})UM<*Z1GG+9NQNEi-(hkdhev?CX`K$ZC>FWj_
zfMBR$mqi!pXcWdTny!@l8ay>^*OrIHd&G$*wc^`FA7rv*3r64LRIuZWye1xoddH1M
z+gSrr3>-5L4E`_&Z1p%Cq|{l=qoYnQyU6{Q^Q^tAd3o<2k1|+;c<(^Ux3qube3kwt
zb733Bnw%d01FQ0UnIQ3lV_%Z1Pgl3qI_p%sKb0>LPHP8FtM^1fbfU0j5tUWc1Pw(f
zR%%JOmaO{_6h^{wXp#;=rrb|^^8gYx<9X&g)d<wTcDP~&co|dJz8wr8O2$F6gf5nd
zv-~-;M{}IAh1t^F9pf!z+Y%)~0Qodt?4#ZOg|2Kn2*xR^;MHso90C$kB*Naj=>@zW
z!Rtx-fo{f8WySpP1e1X=VXj;j0t*7wjvx7sQVxGUw<HcLA;ZWkNZPL&uirI#Gl<Iq
zuv=&kc{=t5evJB{;SH@j8->a{;mOfUSekuS1{Fv*H8g9QmA(bRJrv=MYDuX@`v>Q%
zH4KsymC4A72YtactaItWLz{xRFerKyYO>FY(j^=;smF)uO?s*)sy;KYJ=GIlW$!+C
zEzKy>mBK<>oA)uVAyV2W->26{wd43baD40wNGH65MM>7Ir3<DeTk~~TTg**%;*b6W
zGjgS#st-7%RWht?p^N{DiFvyXmEz@OQEXeo-KwYf*_N#7`#v-d4!Vik&qsGttTpr4
z%BMlcrehgT{@cx2k*)Ykf>?^2lKiJcDwFy;N#f!$iK35C+xzMY#5=HDI!kW+pYN6D
z45-^Q2g7|9p*sZQErF5M`t~OztgLUA_0=culkFt=8=HA%DWL`nXD-O;PTY|3HGovF
zWwd2g(JUg})<Lsi<I%nOc(R&8G`Z2>?y3zQFwWs{UGgo&b{t?Fco|~+gNeGai<Jmz
zRC7q)yM7?oLFNrlp_#igPeuog;&m$HK7tXWY~-~nw{(0;sY|ZkS0@Sg><gFAn{q^U
zZQBHGu4A%<S~%ZF4E<65#aj-~D1!#Rf91~vrHmj*Hcj_I=WVvwR;>pm0x`gZpvS<}
zSVXoGb%qNy<yXKuD)C!Cpmxck6d!3~hbpexo*{cSq9R|1eK_X9!UCxQBBr+Z`AV)P
z9+6ag`xuKvxN%~`1g#3CtJv^}qS1Cg{!5Li*K!)E@ib(y#a3ger>T4+T77~-W~znW
z&Fhh}3d3=GHZtOJ>KFZ;b_RT;GbEV)i1m?X%Ix8s=BjLARSbVELrC^-?3OfFz3<r@
ziBdpbNTgE&;Ao>+H)FNSzVpgR0+}p2eFDUBU5nqr7IqG1w={2!eg6=BY#1h9v3hj*
z$@6|v=;WoqvY23y29SDWTZkADGDcVO^>eRN!u4T@x-p3kVV`);EQ{&szT)goC-s?h
z=5Uen-^;~b3s)8<=llNPyPa=X^z9bn2MU;t>pXAUvHZO#b?QXvr^(l9ke}ry+*r`I
zQsotow4-4V8N8b&#F?9H5R~88#}ptP^LVXd@Q!pW)>J9v{gxy|$hgeO;ty>%JHIl+
zAN528h$9Th=21B~)5U+CzTua1O0;qSw;mDFjJ7|++Z(xhP~q_5o$kVr?W~CF=b@E_
zZY`%H#(UhkdO+oindT&O<O*@z<Q3RyfW!rDU_L#-NrKA0jHHebZr~iR!bUh-@Lys$
zm$ZY;TXJz>Mr$V7fV|8seRz0*4T$kR0!28BGm+vw6aqzJIhJtJ@@ivuv0UtgMWu_+
zvJSCwx2zz4pZ>&8o7OD#SGw-Ibxs(0x45V2Xh{v#7uAoQB(}fw|9;`=)W+dOR_fbh
z+Nvt=?^saCR;<(harWJ-Ra!1k!W|DeU2|If%ZBnL7))+oF`&MqCXL$pof2t+2M@;x
zoVUEtvhA?jVg#0#%pd`nEaikT9zueBW?D{v5u~RW1%yW!(DI=WC8BoNAb1?j<IkE}
zp{hi!KZTCw?F&KOH)9PT--n<qo2{Yrx?u{iLccw!2Re|C3-)UW6;U<;u|p;*p${Dz
z*;wR}8mdmNr%4+EN}#ltPIKpM%MpzwW$b_3za=5mRC4}FmPJYR!3%~ZWaIT!=sRGo
z#H9DO-H0$sfk-U{Pb-r1=XhabjZz@}l4aS(t$Q_-5}nvg)fVGqAYe)7=5)=VG8CHY
zd;OXB`%IoeAnUG6A=--@?M(MN@%wb0sxuoJHeUUpl+oH#j#+J}7Mi`diH(X|#_n<K
zLnBBayD?XbOnh<pA#--E&6ZZWHQ7JllC)Kt6N0&xf`al90{y2DEdBzniC6mF`W{i~
z^u3$)1&j}0>3L9YvHRu8&$az|^FB4cP1NcqdL2_Ya-PyDjkS4;CYAr4%-`1RL=C^;
zsx*_6<>>3T1<cHbR^<AIdP;<6l?jHlEF4tV3vThRIV`}sU^*0I8**mm1g-Q_u^)#f
z8&xu^hBp`ZWh+c;jONq`K!sd@x}Ikor*&H2k?PwIs@D7==l0{wWYYet=^roZ4_lt7
z+EJ_1bSkS(lL~g-ey`E)T6bqUCyePDMUe<dnvHT<M&>)*H6}w1E94|TQd8g}OxsXf
zs*UIqP3rpJbu{PXK)_Iy9tGQ%(pXHn>&*;2@iLy}eaGa-pcO6kdXY>zz4r6HQurC-
zt4$$+lOdZ29q+&PT`mP2TB2-<wxD>k=Fqn|=u84XuW6x|$*GB>vqBnF>{1%XytS9@
zu`io03$-KsDK4jCxU&=>TO>Lk(W=O6{4!5$aX?hzXNkSr+e*9Dt<{E*W8KF)ojCiS
zMS{b0D$YnZJm_`~7w+6-d|N%PyV{}Az&ZZ5=GMm=Vk;Bwp<f~5eVTO8ZVbePgTFhf
zAn%n|&j}AzCmH}`w%wl3d#r}k9iffu5VK#^SZoL~^-wrWo=;pRV;UktF@-=#N3cb2
z^`_Uxz4hHxS&u)wL5v|4?Cq_|$6dbW#TWg)?bgG9D=Rb1Qq-hP=m9&EO6j@4zkI|A
zERa<CV$UA70SzA3h9lJ}_I-O|0J7NE^o`lJvvqnjvH$WVD`S>x;tI&8>k|1xWjQe>
zYUt;krdNYfk#(7uJpzqSiLjAS2r_UPlmR_md+*pw43H5ePk~O@z*#xpPlSrc@Wwyk
zob9+qaw3B!cB+cMTk2DEjB&1A@j-$y)Wujq6r8sYXXHX)5i<ugY&UaN!hKMf;0g-O
zA%r|WJeuwA#KzXb%9^Dni=}~E!0j&EmY8uiD)z#ASG(!S*~t~@(4LS*w(4aH=HL+?
zZVH}KEWJF|BDmo>0O2g49Omqz=QTh2JGpa*U$)_M@jI71=0933ky`NnxEWb{qs1az
z47xi#J990MBo}g$gsAWN*cvM`&^6ySm#5DNq#<V&YP8z>-Xiq1ypBag_k3JuZv#(g
zPWK1&>1ibART|qgk<}zw%uRaTSSg=?3?mMC0tcsIt&m9xK~Kx^6l7(mkdoF!#$9Il
z(R*xHDK$~Y-#-PFTCO~p1>Ybe^WTMF_wTViqKxban@TLA+6hG_Wp3v=PS_1+!t851
zgt@dfWziCs#GFas^7~^WD6~<5LL-}@+XT+O!f-1ycPlY!Dmb!T^T;T4_2q31m@S$n
zC#X>jOl7ikKS#u7!%AQ7??os1c^FDit2#DB9RfHGlWOM5o@oX%vgghV!|iU1<<~r9
znq3nK{HqO;U1IeAj3Iz5->zquDm;WqWA!p;3M7VmBJ#3b;h6H-^W90S>_dzN?wgV0
z9%cjtDw>4JW!RC+3E}%Tv?KF#mc72r`jUUmT%33LM&?Egk;71=;EnPiiW9PqeVYJO
z()SRbsJ}!LZ%~|EQmVNsyL7=U>>#Q;Ws8*x#LFR9Ia}>SpPka7sUyftiw!;@tM|l-
zJjC#+8<oN=q}5&-rVH+C{xd;H>d!JVuF5UCT!PO)(7VBcwF*9}Q#>*AorN%FP3&n1
zUH+gDqT@MijvpD^=_~U?X5{;Z(2M+leUP53IwsSOh450>A#cOsZ}`roQwhXJ`Yf?d
zbMO~0Ox7DlmDH2Y>c+F`4J(5@4XY1%(sqo>7+_JIt=-gM05h{q8BBWe#)c3)Y1yTm
zy~<a&`C0qcnPkaje-`w$w?8-{8iFlzywlKVOnw-_Pt;5TRVyhKW;-!}7|&rvkP~B%
zP~+C)b82MJzd3vD$~>E0dD3UY_#=N6v|cC^^NE`!#^!#a&xYu5jqBAkt+UsCPve(-
zqDhm28?$5Z9V%<p=^Ix`iTt`!7jE2HqyR?B+MxgD;2V_woLV8d@o;vPhWc`0l3q^p
z-lU`PB3+D{v=6RS#{b<W|8+y9wSYEj{Q@cB7ae+g^c!}&hC__3cRjO4R78zRCnaUn
z-XJIyD@rR<dEHYX3fC&2y{;t5sJ5_;NhWC*->+?4{AMECrWNzM5g!e$$bC4kxY6np
zC@-PjR1XcBs4!2j=W48x1Bu|E&K0CrEs6Sfezi8k!55VJL+ca;msE}h1y<I_P*7>X
z0qM&=xJKheoZy~lad^d<JBUR-@bzp@Il#fFsJk&((0qfxM&~IPsdCu>bDd13u{MiL
z^V=s&URHKyl^@mlI%k`mkYEA0Fail8K$VA8Nl#i0zrnhdw~+jX*}`N&3X4qO1^-^d
zdr<d)r-ooM&wV`bx(N{_z!BVID~^rd<5)YuV}po{@o&9P7N}S0w}z;~38C*K-P5u1
zIb6#7m@WpIoLiia4ds;3np{EL@wxr3lIvE_nN!|MYZ1SN02YTx>Hbo{Ih7z{r3Uy=
zsCr5Q;Aby*AZH>s!%YS#-G5(1m%{oRxPYvn7ET!C54hm@N>TH|Usp(xQzbBodNo^a
ztCud!&%SfIm!xzBKx{isI9v!1VhPeWTAxU!HX>r9Q^D9#maYjk5wKH7Cd^Nq*&kyu
zaIYz5F0Uz1ud4Z`Dwx^*k3h_QI#MvkWzY{aG7N!VGe2TnYXu*;1-ipC6}kY0KhTt`
zcVzg3)m6r1o%#b;K!nkY!k|BrM9T!#c20tGUG2pB9EOsh;3YDHq~*6r?0;ZuE#lxa
zXYvjkr7mVVTEZN8b%iYIjDtx7t_sHaEBE|{x?Sjs{t+xt{>nyVj54FrsE%B$c$Zbn
z$f)y&t>YcE*3rnqr+VM-G%y1cCuAZ_%l81N$~ji8C60kpSC90k>+wx?3payYSfh@c
zkt^e>rT?3{r<8&EDcz%Q02}#maQc*U@lD_38s$F>T|&uhb|iI~ifP*6o1N91-6L`|
z3G+5iNeM}~YXk_H+IlBe{{t<E!p&Jwlm5|4sbDKPFvf6hqw0J=(dDV3$;OJpI?nwM
za~9rmhl!C4wjlWW6yh=Q3q|=;%lk}!Z9H`hDz?Wi@E5!nMa<z@aL!1JvwzQxfCikP
zU@V1S^Xw)$kgZ0?zSc~~6B}`p&-#!cH~!LfRv0o1Vup{#3PzBr(O6QB=Ekg1K&u8p
z_x9l||4HxgeCxh9Q{ly@4chBc10-am??+04#s*5~jBM0?R}0_!+GyT$UZc0ls)`Rc
zhRVEL_)T!v&tX#D0%5Il;+3~EP=Vjz3TonfFxO#w$q|Ln8QpT|+pY~})H47=iEY^3
zK#CSziFv<brPtv4x|O;#;iUZ%dISUaK0Wmu03*k|w6GX5DoQ?dvmh%r^`8j={eszP
zZ=2=s<=_@+)FtsCjF4kw;!;CE2-O~qVA18P^+N}yD+*b#^e1<$p-QanWW?C9FM95Y
z-KEu~_egb;(A_gt(O<P=hvc^47dD5j9cY>4`j0>!qwEc*!<GAOgB`ppwzR;h`tg7S
zU!<#^xIX1%Za<1?9Xf0x$G;wE&k)xMI(Vu?P*2av;OF^hqH;o&q@gXwMd+~P!b4+T
zFgsvo){A)K6n}<pW)P&4PvyRM?ZFuuFB5Y@6*FUI$k3ZU)XMJu3kOU4^;)`^q{R})
ze>_pG;JxC&S{7jcLhCcZHr@T_FZNjNXNWnss=wm>ED)~%%8x?9VIuK$m2YjE-;^AC
zqqbIB3HDn>`L;C9PrE%-&?4Q%!SbZ4ZP}-a1HqC4MhdO+B<Q(4F@?`!*+V4uk#Mq1
z)J28K@@>cKlGz-bkd1>gS7P%9DV39h@5Op%INu|;sp;!BK)Q+$dycW9{PcS<4M`Fv
zG=X|HPKjq)6%ueFFq})A#C98z1SSB9j(>>M|037?tg@&prMR*<-t7LKsBpX+%h<8M
zjFNn0{#PR=Hah!B75BB!+||))D*9-NrfTX#S8ATH@|I*?=#_qv>{nu^fDC*h*zr10
zb~4K=o8ZVSSix+HnQ$1p>DTW1b?=iTYXMFzadFXP>}5wd`}5nKfFHv2xzNnUX+2Rb
zo;CNdshvhad9<X-?z}~~AtNe+o+eXB3psH=5gU8_&kYU-tcDs(GENa=QI&5Kk+ava
zi{*n`);t=%f}@i~J7td?h)33o7H3E`-N*6~f#<!)3a(zdHf24!oCVRGqV-HsD_`dw
zyIMGB9c!hkVmY`ZNiyiTr-=v!z$6kJ^whiCnJLiS+3;a39HoQ=T-DuGMP(kzdWxT#
zfpS0e6HY>v27>eOvli-SVulb{`KlU=YI|fXs9!OKqm!OhEC=FMiG^iN{?ftU6ys)J
zuNSo6a56-FrZM953@6}08@hr+2E}ag#pC+PS>N!adO@}$riHaow*(K?KK-^<B7f^e
zX8l`dI}GbB1QpjI;)x&`Sz3FGF88)qdmCLxHkU<_Fd1HK%Dal(>&nY)t6`|U1|xM1
z_V4tXzhNI?5fvcpD^m!gUf#?^;D4UGW^BIsu69%2VXT(Cmyfw!nVP*_0nM@vLUXF_
zM8m}hy<pQE+WOt_Iap+s4z_nZ5&F(L(lwdG7HmX9q*xzTW7u~GaE1$NuDwUp7epw3
zj^=3C`Xkh+VQ7<vfYC<UU^R)py-im2xI{^`nf|Rjb*8gp0~%xh;z-0Zo1^LrGDTom
zuIEXy-WbIe!pa_xKEH7j)aFfA8Z`8Fj1dE)gJ&37n0GIUOQ(i^Y!+JFIW+}G-V41-
z8OEGzzu)i&jI!J(#N=?)vP4oSDCbBhC}lZl7+k3T*Jb{%_g|O!|LcF6O=UTFg#S$F
Pe~0hiJ@)TID5(DfH=#Yp