From 46b3a5d007210b5790a05cbfe8ce3581a808d14a Mon Sep 17 00:00:00 2001
From: "LAPTOP-SB56SG4Q\\86185" <hugh@fanruan.com>
Date: Mon, 28 Feb 2022 16:24:10 +0800
Subject: [PATCH] =?UTF-8?q?=E6=8F=90=E4=BA=A4=E5=BC=80=E6=BA=90=E4=BB=BB?=
 =?UTF-8?q?=E5=8A=A1=E6=9D=90=E6=96=99?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 JSD-7565需求确认书.docx                  | Bin 0 -> 40146 bytes
 README.md                                     |   5 +-
 plugin.xml                                    |  18 +
 .../com/fr/plugin/nfsq/sso/DesECBUtil.java    |  64 +++
 .../java/com/fr/plugin/nfsq/sso/HttpUtil.java | 479 ++++++++++++++++
 .../java/com/fr/plugin/nfsq/sso/Params.java   |  40 ++
 .../com/fr/plugin/nfsq/sso/SsoFilter.java     | 537 ++++++++++++++++++
 .../fr/plugin/nfsq/sso/SsoHttpHandler.java    | 103 ++++
 .../nfsq/sso/SsoRequestHandlerBridge.java     |  19 +
 .../nfsq/sso/SsoRequestURLAliasBridge.java    |  18 +
 10 files changed, 1282 insertions(+), 1 deletion(-)
 create mode 100644 JSD-7565需求确认书.docx
 create mode 100644 plugin.xml
 create mode 100644 src/main/java/com/fr/plugin/nfsq/sso/DesECBUtil.java
 create mode 100644 src/main/java/com/fr/plugin/nfsq/sso/HttpUtil.java
 create mode 100644 src/main/java/com/fr/plugin/nfsq/sso/Params.java
 create mode 100644 src/main/java/com/fr/plugin/nfsq/sso/SsoFilter.java
 create mode 100644 src/main/java/com/fr/plugin/nfsq/sso/SsoHttpHandler.java
 create mode 100644 src/main/java/com/fr/plugin/nfsq/sso/SsoRequestHandlerBridge.java
 create mode 100644 src/main/java/com/fr/plugin/nfsq/sso/SsoRequestURLAliasBridge.java

diff --git a/JSD-7565需求确认书.docx b/JSD-7565需求确认书.docx
new file mode 100644
index 0000000000000000000000000000000000000000..1b2e2937efeb31d7d6dba03fd562d77084950a2d
GIT binary patch
literal 40146
zcmaI7W0WY(vMt)SZQI?eZQHiHSKGF2o2zZxwr$(?UEe<A+;{fAXT17TRhcoevLb5E
z$cV_2mjVWX0{G_$mEGt6=ltIX<lhTpTO)Y~TRTU3`M+W)e;XkFC1!bz1!n;W0N@D(
z0D$m6#SHB1=-jNWvJ<9c2N)27Zp1r<l05g>t=~(k6d>&c<;y5}h$hxp(Za3Qz?y7h
zg%q%>H(h=o&K&3rY}Hv7(l^RlG)0+b3?WkGTb991xM}f_Hn2P7RAjVh?lJM^N8YSn
z!B$qWnso`Ig9bTFwBBvgK-d@b#dI*QQn7nlb6pEr!VBNLDDDQL<>FGw-P2?uaC<1T
zEQhxN9Q?AsJNkjHYC3&rYdJR-)CWU#DL%qmlfo~NvAp6UKu2Bv^ov2|p9Z~btiqi*
zgBWcKs^3e2#wQyxlO^W|1LBrKjah&hZG+;TfKSOJ<M%i%3Y7HRR;?Ej9r1UtHXwG3
zGzpt}?sSGYq<Td6YON}J6#5C%`>A0UZ%yo8!=QVYKJen4<gC><k){THF?h0S*%q$h
zyKpaIhW#PPp81{lLjKM^Uh-m+Aa`uSgoo-}Um%iWETR$BppkNP1T~5PV$g++lB@cT
z3=NFgY=D$X+F<+dcFEBL$d>zS7uUabLHwU~F|u_q`NuHc2?}xp1Sr8fGN16UH?*@V
zN)i)DES?VGb6C-~AlJ>qK(M>*U!EH_6~D0X=}&IAfM3uavTX`z+4Z!Ph%yjR{Nq)Z
zOmzxUEf7yA?gcPNu`Kh1J#WpX>FJ@?n9OmxIX42JSzb%YF=vdm3S=N?2UaIw&Gr(v
z4Ls~kveEMCx3F3SeZp9Flj1BZ2_Z-WdVv{i$cZ?KlC$EjN-RbF5-_l4^#ewj^Itcx
zd(D4Nf)zL%&p9tQzGX&QPpnAc_Yb$<JeXW`Qk@zYMRRlaTaE@EUKd+g2lOQPJLMg$
zM*aXJ@{92J;jU*Vt*mW%H}P|mQifATOQ<4_*JBbNcJ-34+<gOZ*H#|LsltVn;f2gW
z;HP|Ts<M=B@XXYh`>5>h^rJ}QPyLWf86^yx>&9orM-`on$pY{;y4F^O;_fqdU~b5Q
z8$CIyyrTcR_AB1J7r*~%-S@8rkpE5l&W=vD*8c)V+>}KS1BS>;aJSGXFIh2rb{MB}
z_L|e2U`azN$uz`qD9O6ySqB@_*P82_Js;f3w&6>)D1+1qc%f7p83<5W8)6`D>g|&o
zzZQhoY2&GAp$R1V*<N*f7iCU%-F&cs2Lj@H>Mc^h6yx(Jk;+LT#zorWa2eg;LU!HR
zhyTR#t%L+F1F3P~+hL%>==c6^a_Y=pkGR3B#fjX=kmy$VYY2UwngIgor&&X>^{)iN
z_TR9Q5}L#=BiD#)NP?E@II9ES$Uq&uN)S#ZhEF4@C1I$@@K4N9`y@KTGlck8nef#G
zB!v_*iLD0xt1e2rJ(azDP%8dvEf)?;|5Dfg&NZNa)#YmIVEi9EQ%H#gbP5LmAZ7~y
z0RP`2j!y1YCXWATb4y3gaZ?<%M`_4aehLy!*YkT-R-0>0a+p<O&v<IxV1`FARxJDv
z9!WIri8QK+eE~ba0*)Ur`R;J|{zfg$8(OE&R@L08oYWVYy|w+CI#$=WbI;5B%1x7|
zE#J?+4vu>Z_mp6~H2A;_92lOQ7h=%Zl+*3|yVuQJ?}S4N2n`ZsF5I;{>+Am5OV7*O
zmPE>q823Y-KM7a(*O`9$Nk!t<*QDNknn`Xrs@(2Ku((mmfQd%~e#7IHN7G59+t9ro
zo~VIO4<9ExJJzY`pi`}EBJ$RtF3x+|=pa!l5xHR<gm?81Ba%73HmN(+r}JbY4&sXv
zo&dgZ0_}i`sb*wZRUblXalF<Bfz81vx9bY{rR<+RDpcMXrdkP{vgr{T=?K%1L`|XK
zeO}<9tBSpwiDG^)H$UIxcSi2oC-n*)N$gRYaza*hEsZ;(tP&a(Q!wzjub8hybhdEu
zHEy8Pc5GQNx!zo$z1(|HEird8`h^K)y>sf%6KxXr<E`x4N%#RvJ7zNixcsUUxkMVA
zUV5oFu><-nleYyL<0Jf;M;^+v-|l67zYP%Jo^!prV|5sR&~ySelHmfm{2g`5Gyto@
zofG813yISdZ)x;C4{?6?JL%hW%BC3f_UPUpIu8S<dB68j<Au%)5bQdLo_p5lX&2{<
z8+1#9$KqdPqWAkw1XkeqnN%nWD4=C^J-kVJu=ajW>Kk%hKoPhY<JxErV{1U-*^)?G
zyd__Hld#-VDx_pdT;GLw`*}QXHgY&vAum;e*=At8m>Z(gV&{zs0pjwa%qrmLC5T`*
z`gVFE$GX_=+Z!Ptng1axz0YEReC<GUZJuE6sL&~1<GW&-sy0nEf5z&NZUA02$)L4K
zHD|5++fy8K$sw9*oj;@fN~?QYr_lZ->a6@$a;es`qD<QET}(B1#i$Z)<69=_<SC_6
zu%T9tG?g=dtYb0vs0#o|(uQnH6Eun(??``gvq_=><bbi>JfZ4UE!@$Jz)vU3ZH)s~
zCBQM70=B_i{;Eu$7^8!UKi(_x)-}T*YGIWR%asaPL5{Xf)TvPt2gw2|WZlo*c7!NA
zh6fE4M+#NK9SSlA*?RjYiQWxr4c8Tkz74s`pF+Adwep~?ut@DPgk&TUfE=!>MReVL
z9d){I`At#uJijn-5GFx~eBm&_y*YjMI0D_^Sd>z+*Rwf>NH)&%$i`#vLU&}`9xcL&
z-k2pmJaHJY$dj@npJK~Bh|pZ3f3%Urz)v%QLDs}_oV|&}AnTuN+BNR!@rdQ*MObU-
z6X!HBn@X<8pv@b5hv|x2GJ{%fC*nODKTYtbkPz1~MVG|-rTIiH8rjwvVY?fhju6UV
z6jIK9clN-Tkg;~p)}}Kv63Q6OQ6%lAI8t^?!i~#nYwaH-LD;r9-W%KwXAe#fIjIcC
zrks=MX`i8jrU>=y&uf(Dt}GB%I#;~n+5*J>`(rYkuhZnHiy{H-->+a>)}(8rZ5&sk
zvSs7;SuFNqj}XsnI$=da<heUFZcqxRTI9bu&=p9o-Skskv`IyY)BPJCAE@L+ppQEG
zSJ4U^+?tFv(m2cylzX`DbnBB7cTGUFzUf4jC+64iI;p}szoj(O51g030&CtrLuIqQ
zeZKDdJ)sQT9Pp7rAj5HqrUk`_loW~V3i*-(o_M7RI1p_lNXEa@c4j~WSNQ4N=_Pdq
znL=#&9Ax9V4e!PoeFPUR(_UTU!a2xtC_a=@LYTH(u_|0TEr0hZCS+Hg*tXuF`4bXI
zqm>n>=nOZ%>PszJtE?e87rKygMq+d>S#6*<y{wKZwp$syo;7HJl#Eal#nUY#jtT!F
zmd2_>B!kruzF;3K?Gn{6EKzVt<wc$fYPIoiX1a@=XCR=20;SXx6o`nBk1N1OA)zku
z)avO>N^M;4>ewM#?HbcV9|UQ5BW=u1m5(zNL;16c2ukT9ED(XK@c-T7<a&73`8_3x
z>XF(<$Vly@OpGVxj!?5xByMvJ5n3!~iF}4|Tpv-4O(@eG`V+@DX1&(V0JcH$!wM%+
zh^!%8C8nv3E8J~XzDEg2LY_FRzl^s(>n?7LrhM8DB!m3!6H=IR(8*RL&(h>{M%<=x
zys<D}yF9hpY2N#@p8Cmu*-1;R7CrG4v--N4aNTn#&>9nMv98^s#F6-oK&!hA>0cwG
zby*?i53*IS>(UHA!l%V1GJd7>;k&uTJIuWJJ%G7Z{cZHI_`NZmZ1$!9L2I>G^kcMP
zGe?QD_H?>%vC8TinPf`t!QMQz3uG8dxJqU}_YFs4p!9?0-M^d!e<D7rY|t<iBIYVm
zmu@6f+EK6?rD(FOQ>RVgqE@-BZ3*tM$$+;J61J(^iBD1;)WxyQTRlxYDb_XSqn5W_
z*+VUF`@Vx%y2DvZ9Tpt~#kvIDU#-qcMO8c7<!ZESgpG~L-zs_ow#c{0T3$Ge!}@D!
z1&S(SivOu8Ai}Ugc0*HOs2<TA)UvT6I%@^$JTGf36Y5ZUTbbbZeK8P6A{*jpbY~d>
zt15+Cwcxfg4K^E!y2;<3wbOh6s(*U3JHsKj;-{pY?~4moVU)>j{|?THDu|0ESY)U$
zni+BQKgL2GP46t@pFWfUaUiy(3X4XC%BhHBL!B6g1y%j0ht-3^Z~UKL@|zSj2b~W4
zm_r$nI?PhpZDo{9=k>p%i4fXSrTlVN^8eqbiE>|TxYnA#yU6rc#OhHVAbBhk;!t**
zc7%xcZ<B%*Sa~8F>X2zR>tDhD|JgwVcb2KM+EB1J{qq9YJShAo_hdkAiLMiKjj?~5
zP%{0`|Cyae$zT1b|MTF#%KE=A2<kv)OBMIa9oc_#G!shjpIJv^L&?(qBO(e9Dxcno
z2oaH!T#+@VsILx+5W{zLTQ%iW%cO@mfvh0^Ag$`SAToK|hpv7sJw7(mxtp#9R&+RC
zH1ya9`q^*hIKIg3o+pc6NvE_ntb-B8<u1;Os&Ev}*4@U4E}ssc5!h|XSV}`)v{0q#
zu+Zm>A;dAD_Bs6_IS4bpc&6zP-IMlDJDcy%QqRv5_FH4_68?~V=TRBWaEQ^;4P5=p
z5Ulq(jVE7X@YSLa*^Gfal+4b-*!BfAWP`s?&t_&<Ld&syg$<|v+4hnWk1`H13}(}|
zK}kOoF%6+wb5u2*fh^7xCQA87Jx1iUJ5a7qrfvqY(`}Q9y;SaoOWmc`v|3G`Mip;&
zyB`q|rmhL~@dT7TgT<Q+Ci|9K0D0*u5bt9^1*7g*Iq^c@9%DjI=c@&6B&?u4oQ{!D
zrK9`DzRQNQg$<L~;+u4Sstm`R>iVjK<8LD=XZQ@#bmL76q$_de#8WEKjS_Rayxd92
zc7%fFgl<LE3>f>mtKX!LwHe9H<PBxFquY(BA)D_*lcn|Qjt1hCrcgowz&35e!?43c
zBs;DC?PAWrDufN@rWW`lZGGYkXJYm4)5q#<$lolEeEX5wNQ;sHY`mQP(*bakiSm<>
zK1uLpdV7YDN#F||ZtvHBcopoSdj>#@150iJ$rm+g)jL~LxU1-rzHWQ89wR;S*UxL6
z$In5+OsS_T;f*Wy`T*x$BI|BX>YFAXWR96sTj+a&-D~|S>Jaq33>|TsGNeXSnH|lc
z+$bDj;Sp=6wC_)79nVfOCxdn0anp3Zkpd+2d^%xyY$Hi82qUZVrjD_}vL0Y3^mq=L
zFJz=hK$XGp!?irvE8o<<sO=?tb~8nAgn46?xuJb0-B7xW%c5Q!>H=g1!p);Xl%4Q8
zjU+{xs^6U<7I41HKj9c1>GoaTQ25UKjx(|1bk)zJ+LN+_dNdbXli5)K&+KJfk0Si1
zkdX_*WKPR4Tl!|{kQZpwih^Zw2GnxGr8bP+N_VJJa|CE5uF98eVN9m`3>C3G@+Xm+
z+tJcY&It7AM>8)$(d9{-WO6gjj7kqK?xBjW0Z}MVy_A(YCV{0<gYhg@1jb@4^mw3W
zlc8+~H^ozi6n{;p;x}Ey;WcJ;<-#o%!x}>%oM(nxW-w~fYn<j+mfGX3$HZE?(5U2F
zvl<D}{m!Ml6(O3Bd!Dv%aUpzQ9UWlBTt9{zf3kB<_EgBmgldrBr5Tx4gswhIOhg;E
zzk=YLb^U{>tR8D>Md~<peP=@(2l^ZCg3_ocNMY$-6BV|hsT(UpMeHVj7bU1I^w-1g
ztr_>g7E@(m?1uR559DffcO$FZg*%PPudJ+5hs+ZLl(GtGVFUU0q#rRz-bh6`-UxLm
ziH8W;J=L?fud8L8rqh~V>aW$tus`d~Dm>sHw<W$_AEA04JD*oAJKs<A<D<0gwDgi0
z)m+XW_82}B5>^8hCA18kKi{7()dLH;FMPAN83$mia;4Mmo6J>SgUT!^Oa>#;E0&qZ
zTr3Od^;uaY&1d>R5-hE5_P@atXb=cK<z$mu%4NjuCQ|rITe{Bc<}N_ap(0OHz_+C!
z<RXydmJH6{x}|2<n7?A-;AY@{ONOo~l0CC4eTDsk+55UW@&Ih`=48jt$;r*JSaJfP
z?ov^T)%$)J(erwJxarKV_+_cGrXyJ6r%CQe@*&rwx2lExM8R)qbXX3HyT9I)uf|ms
z{gdh4)_opwrdNblbsb*O&ayDOq_ZwuW>cO<J9GXK8Cy@ktfls}seW-jtD;6WM@_Yc
z{a)90;Ht~_v;|w0ORV;F+Ew{p{;9J#vs_>kt|9s)|MEVOUgGrUMT$Bym+UcwxrFeu
zX{J;1m{?E4z((n=^Il3)8%vtEJ$o6f_6Vp6QJ}S6cDzv)xAru9+2*QUPSnFD>3+Kk
z9B%I^eVk1?L|bM*4>*<;GHY8gAP%iRd(Qr%BGbckrEw!Hk~~OgqXT<mV%Ukn=nkj(
zp~!<dG5Ol6^>TpEmv(2UAVVQ~810~N;9+E)c)aGe@x@l~N@2h>qFrr<L>eKL=MDeg
z(+r|gny)%w002;ba}56^dHxkQJDNB-ncMvSS6JMHv0<~p`sm&J-8ZY7s+m+ueGJ!b
ze-&pnv}rTbC_JJ~qL63YF}89epV}%R8(}zbkMy>AbGRqR=WBDmByp-+?qU?r*4%_-
zT}HLGZBr?SzoueV_3qz-TBAbEy4-bImAm8fvn6-Ziar2f`~@Z4=)IYQeZc^u)2aJ%
zB*5J1TgW*F<WS=@0RCELy8^r7I&xjEEHeV$me_=Iy%J;nu}mXsU0G;zpfRXIELG*v
zgbyQC`Ru6?@wU^S-y?D}m|k(e8s>t*Qr%SA2e$MKzV;N^c)TMCj1C_ex3H4M&hjMa
zO7^@$@!NGqQY{u|$1um>w2?|=M<^h}!=Yub-Wx^e6j~rQ-v>BfSFU|U6r~o~^Rr!j
zdxicr-bzlRGlgsFDan)qz(_=C_{LVN=&d@WfD_rGD>%YKzFZ^wK=u?V0pti{eR-XL
z>M0Y;Va=7L=cm_Jq&!AGUNZu3R1U|A5P1)7GT3k$_UpN{Dc_Tvy|>#xj*_L5pz=83
zEe}v5!vRpDAUK0An6fCkX_eynQym`v&4#PgMnNnawCW8r;Vv>|DOV7_{_v^!fYc97
zasREMC9&`(DFwb9*DYJm4f=HHBiIO$XO7-buh50;?8x6zH=wZL9Y)zqg`P>~w*^HO
z{75rSjFIo8m(fIq)uVokzNBwEUSh)mi>*{0sG3FmHawA<n0Uq8yOip{UP7N`pB&NA
zk&fQOcU)RH6H)Aw*whh5EF{Bm$LnU_<{I9i&#Mp&1B$4o?w9vvsO4IOtKc?X$P2A-
zXU@@M0P4!8E^cVNO9s=1xvYO6t!>^q*(tZDjWQ_>KW>wk!fXv|kU?7c^am5`3@YU)
z>L0BrFq_a1tbk=Wtv7;%=6BT2IEJZWh#ybrZc{%q88e?y%FnxQWNEuFqRE>dv9+{c
zsuS0uf;(p~)}UK=J(P(bU9)-o_X3;z8xmF1Mp-2`KQ$gJCvH^8N;h`ws$cha;4tB&
zU(MMkgQk5+z(Ov4tKHf4ZAUo<X|~`T!$LUpRDvkT^FdR;uFIH5>NG?d@kZ>;{2p2t
zW8^oo{J=0RGLbzLt_wUIW}xk$q4;hwhYu8M?2u6oIC5eo9lhBmn3Bl<xCdxnF^yX-
z0-b-DYwFLJ;tNw|fMTs1u*08~Xyg$Z&{<&1m|y2L&%s>tJV5x8RT0?W<u@}XC@E)%
z;UMMDbIT7XN@E>X-OfSXS<f`jS$&X<A~Az?pA>Om0rL^0M?M6_NXc(}F4_Za25{Ti
z`2wAXz-6=%koX5`A_(I>%&LQz<sPtLwUao^(FiY2XT8b0Wh_8g6`EBN=hmV$5kOH;
z&z=g$XEQKwC?KtJoSP?sTD8gZG*snb_I(+!PGPEYg$qTZJds0o5%6CSgl|#^GL~J*
zd$s?eGeJC;J6}T-;$nXiN7ze?6HGSz{!=Dpwb?vr1UKZyG$VJ5VJv@7s0prdnurta
zoRR=hvz?VT0MbAZD*B|`7gyj0dXNB;-Q|7^0*H07GSk*i2(zN}N(VjHPzNEtU(lsP
zvN+(GPhqB;*NhsB-dc)hI^Z61oYclFr2xHaN9MNDFzN`g?npyOBkVY?xMO-MY&aPR
z{B9x(`AF~dmB!H;oF*FFA%>j!bRVeOJt^X_B%L}N#l}VZc0Np#XLn=0pWQ8G(y{9b
zl!AIkYU;U3J6cfzImgynjY$IrZRpe(PQ6O&P=`OX%%;7gdpM1P6|8Fbb5TgsFa`Mq
zZDq9e=c>}3O$PzpIcQ!Z$7;`IhvxRXb%RcumL^^=PrvEo>rZs=6DjwJn_o-lU4i!$
zeMhoc4X^doklL+}xW^dV^1vR|$CTZGO3kv?gE66v+lmbK+I5Om<vI<<U@hz|G}?5>
z-N^NFy8U!mpdJ|8_im9rTImVA5Q8_+(x<(D8}wvXuRde$=_%+jEyE4a13CtGcGdx~
z_N_DR2G^=#iX8AxMZ4;6g)S{W><dscC_&%dY(M2pQZy>rA!2}gb|6(xjg_Ku)XwJ5
z-eEq=AnVG$P6Tsj@QNh>%TG$yKhzIdAZa|6Gq+H80OB7bi~}WZ1-i8JyGYDCfy*;V
zyqbWPe3woYN;JF!{j^l(C}rxZus1pUYN+@GEeCCl;+bjrlKPI`=Y{^0vFf%zfdB4`
z_PP)sB7p$_1pcOV|0x9h%NLoM7#N#4F#eOFEmD=T*<e7}LO;a?xi*rh%O(>}&XdU?
z;Fkya!tpDnh>U&(l+YThJ|#N^Z8v8Vk(-5nWR;oIauWBxT=aj?Qpb|`WxMTlcH((b
z5OF-IUTqvQFAzXPRyN+2WqSJ6F%WHyq9JB1OGT;?LYF4u*&&z9U1Oh~2~k-z)KrW~
zmA$|oLra@Z;6lL8GG5*fTZ&Xi1tqJYO`SNBDUkspfi05Wv}=(&%28Juj9g(R`3tfe
z$^^vTC2x`$Z7^%<5iHMg|20T$QwPAMeyOh%W-4lsHa|Kij;#+i|9M#>Et$gRc0(PH
zf)iP~eV3875(rLmJ>fzG170K$VIpSUO9#PG!P%opR*d@lJ?=&^5Ln29VhG3%^g6`&
zFgm_8gZuTJuKb<PFryN>xGF64lw&iv-#Hf-S)ldO052t@=&<+zmCVwy1M}Szl7E1i
z$CN)ND&ve7Zwf!ug=WTshHvpjKgFsl$n*xZmg&P*sz5_dY~w54SrP|9%ww~?8oa3)
zm}*0$p4t11Aw&+E7zHvSwnPz=sf?hR6IaBUGv?DTPe)ygQ(IQ1waXbDHPV8cTqUGg
z;Zl#2sqU)lL(pJ8UEsD9HHZuAI?7{9cI4Ll%p*Bl#%`t0nX1vy7?Knh-d14^ub&e*
z$*u1k_-d9)we`8srXP~Ai5L>mY|><iG}6Ils{^Lb=4F0Dm-DQMO&5yna#NrdktcM4
z02ek9r1DfGB&6{7z#RMSQW`2~;k8O3RJxRF0^@0$AGj9EVR+9wh*=i3hXqm2Z!_eS
z1`?q0`;UtnzFc}@x4F~Vl?P%Wr?InqKu~=6zJ($-@`#+ZXFqi(QP=g&?u?9Jf+Zh`
z!=$cSEFge=86Xzjlb<@>RKYuI+^Na)&uu)v<HaeMKq~*By_I>OGW?{Dk^|0+tXzju
z1z^}Rbv?S;r#B0ku#<V^ljBQWwb-u%7T?5(3n5(<UK!mO7*oUkJe^5<JSgE>=MWA}
zk7OX_9savdbsBGoR%nWwp^!R)*G`6ht$s*k0WBd%LB7yq5{&h)Vcnf|IH=wHhUMXQ
z;$q=L&|NT;JT#ERw{Yt*C#qhnJ-)D8jMHY^s}21(%tIf|uBZ<}FwF6JopnY&<#`Qt
zVA9myAjAt@b=eHn;bMgV+GUy;@Qj=9ujjk-ladPhRJ9%7AW)PrKrHzHTqw0y;MNcL
ze+RBa2Mf0JU*N|4t@8c{aGCxKxD&G2j3`@b=X~l7<iCLZ6(d0u%n*>u5oY1-xMhb8
zKjW^9`_Yv}bQ&Y8+s_Lwz6Cy58ofkocw&RVf>(%gxbC`6ay}L>FQ<k5i~j*Gy(E`J
zP}(1=1BcDX?OgcfW@2O9cudM9<F3<$HM5qV`ytuzhe?9k6tvWg=Yma+=!4byEJ#DH
z0Hwl8tTs3mBGp2~5*oVXvHd3!nSejh1(TX~O>&1xtEC~x6aPZ4=s3i_l~}qxO;}sn
zDGUF~;2j}-YX``safQD^mzg0+HDpy&P$y(H#8T{VKaGfe=+5{(|6I8KJZNm40jQn)
z{IT}TfEyK7P#RlOaYaB{M8O=j^SaLcO2}s%77m7@Amy>2l$|RHaYdA{!cpIftM1Yd
z;)1aXgR=;?@WdV=ip_^r8brSd^h4t!4GG(pwqZR}%SC<<Ismiuf+N`BY-za7!Q7|2
znb>{7(7n(Xgz4C_qS><ofK-ET3i6aD=lZo=rP971`}}^2$r@$TmAnRhLhzXsn_+7P
zwurdA7jw#ZoB?26vN?M48QDEB(vyMpnO#=eExThXs1RvRLIJw9n7uDKSoArQ*&;05
zIF_S^-I)Av71xbOEoIkZadM2-*`icm&=d|0r10-rt%YmR1V7ZSOA+iXHS8^!8+f}l
zv%ykNtumn4N9TG-54znxSs?e*8A&ds$3cP|f88JwM1+H<7Cm1+AAa*HfgKrm*g1|8
zVBi;Ctbh^d9~^2Ag9{U`8Ha|p8~g{0)<5er;W!OE75?2N$nzz4R6jFM?FbRJh|G)=
z4R*c&8A@!7Fcu(4A$l^<f11zma$+{j96b8-1yPy*7^>9u&i}4pCCHIb$?S0S)Z%%r
zY3YQ8t_JU<@Ji^6`is2LJe5fWv~i(-keA_^j98i@c;>Z+MhA3_GwxYuKmw5y9d(;h
zTY=cf%uM#^U?v@qzjSl?P<53DfQMyiUCCuENk9+4mIshbkR}~#EmN!jXzKVQ5VXSI
za{YS;B=Ux!CGp&36OLh2KIynr%q#Ct1H%u;zkv5lL#{$>q(sTV1QY$G{O~<BQ^VH7
zx8wEmcyd1SluA7_4r<doQj=-dzoPu}AK_b+Y<9xQ-wJX0-<s$DMV_gxt<!(I%%q8b
zT&Bni=si5p3mWN&1Tdik!m4<@j(;P5?`)EYu$P}uxN~=RVaXO1!~JR+S{cX7bW})-
ztFJODOTRxeC%Ji6oVb~di{g#r{m06{eu(gH`gYy8S$tw3fJ007s|$90e+NV%i*et5
zR?_xHl;UoYJd7b}+b?}6e8<94N~keV*x{>FCW*xBT;~vIfTVSXEd~N$*(vj3sA$b#
z`v~{2=nbWzO(|=1@s`Pn-x?CW{4NeWhSIVYB@KPEhD?hg#$EXan8cejk!(&Mqg8uN
zNb9Z<i{Vf_7_dc+Bh0)~11J-7ijH*QqACZTeZ>{&+e!DH9<|Oi`qVMKnAg#Um+u5B
zPtIl^o|or8gUlSMle6(?jP7o+!M-eF<Pj1)2E1w+iTlNBzsP@Ec3gJfAo~rOzmNNU
z+7&k|@v8bnKbPu}sd6pi+ofpFC<ej<nl}6>Gf|Uqp|P^K6*f;cgkuYa1qP>G>=ALK
zcRwcV&oPDxNBoZUw8rtQW@w44E{M|=x$=u+(ba1Hcspx98pEeT46Za#k?lraw~_1`
zz$Jevni)GMJ9E{+-@}V~_B(-T9c10)8nc5CQr)&>_dZrn`K}G@zbLK8@w;s|=g4;G
z5mRVV>064id<kN^djF3?H=z06^gnd0|NqkQum7UsEt>@fly0$o+=9&-iDefU%QI$H
zPMM6^#%ORm+!n@2U*nD`mrw+xeau~4KhMF1+YdAxE<S7XCF{$A>2Sws*Y1ak>nptn
zqBI5TG!*kRr+tRJfYGRM39Rl;9Gj~U|2lQ!*0_M;Jy@2#@7=q?E~KM$xL!>RWvYab
zwk9Z%ctVb&RVQ|0O)QRPTq1Xp5hGDEWyx%j4SOU{33G{3#@%y-NK94(*b%k4KLtQu
z(M89r88M5AVMg98Dq4QkwI;->44%NNce2353wGt8<&f4*L0ORH|B$g@jd0ztt%*Cy
zSdx-K*NFH65WBd6L-Db}C;h+3*fcXB?d~rbtITWNt%P``V&Rx;|3k*qc9se8Dx#gG
z_q*p@HRnBH5}lN3?L=?|M|S8?6TH}DIKSrlKlLoo5;7mv(yS)0ns07E0YDcX;{Z99
z9m?0;P&_f#!&@!tHsyB$H98xRGTP94$1n8`)#p-Tm_n6|NcsBFT3SssTqI36g%=}@
z4c-%MKyr^o4SFFt(;>?4O8r*H|DY#H@Yw+)!RcF5`evE`wAQkL!b&m^h+tiZ#CLd!
zWJJaX2?TXOR8j%ks<82#QVk0Cfxt4EUYcO_KReAgsB&5tIg-00dsrLTgB)T#ThCt%
zGpfgDGG9LDIC*-{2oQ4ODH-OfmG{!RW4#E>cyO;O5yWnuVNfSYI1~e?6cJkS`Ev|@
z9SpSS-RyvJHG#P^axJSLMZvImxz6b`YqWACAC50VyXCx@X72F5FZDvYrx`KkgNp)s
z=jjy5<;#5IpF0zxtg!Ye*G!LG0aA!wDl3&DibMFY(8jHcc6xHA%ne>f2?SG_i4PSU
z`WH>8TKnN9ma|?sc2wfEt&rLl29yy}L#2|CgJUW17R*w;lRO;tjjGGgj%ANyD9_|O
zRbQa<x@~eKJs5t9>pSr*Z))^^!{rs_Gv=py8ySLBbvMtrx^w}#nN=pUKBr0Iu>-aO
zf|i1ay17_bFhxT#WPZF5b$YZr^L3D^dx5uQE0Y(x_z8p*FpKf*3sF}3qsILLl%`;P
z?q$$sVVX})!2NuCeLqS4%gJ3|-%kw#jd+-|oAtNkpL|%Kp#QND@=@Yz`b)=_|1TZ?
z*Fq?1MmC56Vfcou8~Dtd@|90`IS@OV4fzSsqJ?Iud7&}5-PU#js3T&n(j#9!ZO3Z|
zX5k_eo-!c?b3!1QLhe@*gNVV{Qn@hwjB5jRlDgPp0)%{}u%+qT)aUEzI(qUii7?gX
z+l-V_7g=-+EzMsNR#Y4;`uPr&pyB!D>?W&$8vBVfGwoc~eoU4^<yr-rh6=HXN?2ya
zg4Iw_B-6$Es_IA&+ou};L@Lzin^nME9T*Jq1;eEU=*-xlLve=0rFtO{e>cAgZOa@2
znGvTu=!pJZreN`}Wn5H6_sj<jdBiPV|C*Cz^g40&VI5=B<oyE<E#zf3gvQ?YB_DM}
zCLSS!Yv|je^Cdgk;BERIBRp8ThXASP2q#IhXEFF$#mqG{HA61>y!`y<qsJA1Q+mM{
z>~NdEP>e6*C-ymSTTB(_T#sUcj%@j|1|V_Gw>;dm5XagU`+}b?jF@=EGuOjfsr)_A
z`1kw05{|BQpgfWJU9F=2Xa&T!mru&;CwDk-!13Pd{MON&(?p^cbjoW1X@PJm#K;sI
zrxiwbxz6SwA&uzZ6TtAw%zzR*)k*HZn^^SQMqA_Wj<~hINz?!Exc^12DpHP_3<%w>
z#XtUYb-#}H2E!*Xm@qf)4&zu8TU&IE5%R!zL=zOU^z{4zI!K+f4+D%Xdq%G74PBn3
zB})Va4Mm9&T6ygdWYi<f@%;bpN|{4pR}{$TPf$Sd$4%I!`u;R89*~9{$t#0lkt33)
z7!sOEl<<d0qU#ISPcRvm!MIaT*#mLU2w%kh@ZY&?)rU-&7oQ@m$^)Ur#jIzHDV-Zn
zBaoL!4c{b|=eB+ut#vHD1xr=Gf@$%co2!Me0)^EQD%_Tbg{;bVIYTgv8=`JUYttV~
zAt=WZk;|KR(^p1IyIF9f&y=V;rBNA4C>38DGRMn;e|%4pJL?nVx7Ms9$C>R?j9Ls3
zH@}d7aot(!!36$MXR;Qvh}a&WMEhR6%t8n=mwV`*$3bCBgUQ0Fx@vXrfrn^KFOG#7
zm8_+`dDwe3vTAuOJ1Gx+hn@b66tK9L0SR35r6CaO!lgUWD#Os=2ldpgYN}{+LSEM;
z0bfARaz8eM2ZEF6-^gMDWGfnz0Y8a>Ba`JJAYffdkyh#0jPwXp5(`D8A!f+XmYtz1
z)(fP(-A`W$TE_@X|5ZNOxdO4xeF^ES+=1i_lgc6=+LLe%@Bbj!WVK0zHCHKp0*XRb
zxmD%5nYNX;+1aex8QuU_rfe9UqvFjMk}xnB<ls+&gbH-`^<;6zK0QM}y>)NU)cN*p
z=h{_$bpW?Q(s1$-+A53#RXWSBr+z^C$31mLiZR3Y0_dtPVx+0GEYAH~4Q8$}kPSdd
zN$a+I`uPO%iPc}m{G!Q#5x@AA?Vr!^f8Xy0{olC~Co>aklmA!@M4yqp1OEM1X)pl*
zQ2$-<U*iADtXyfx*kZFGbfKU6s$X`+8($1C5rH?8j96cige9SHD0VE;5nnq9D7rX7
zCnzc8@%uN9<^x9PdQe1wnfZZT<^L4X;ruy^J&mKT5)Uuu+Z93>d=}X6PIu2D+=;uW
zSivJ(<QmjQNNN5YPp-e&W7a2>C`|Ef>G>E7xq%FyM^H%FPvPt9?`eLz6H}Wjj<OHn
zsg)Zdvv{jZS~D#p0m2a7hnld1nhA*_7w=cYOBRfY>9rM<vOIF=N+L*j*Ns53^R#3q
z0et@Uc^b*Y&-r>fm3n<>F=cE=0V+}~_4m8aiSVNpiiQ<K4MsqoE8gT1Zafldjl+Gq
z6FT!mfrNzD^wIcvEvl*@ZRB7na0sq4Sg~<sTklZnC=+1UTwru(rU+22XtMC`xUB(H
zraNelw&~KM|1<}H0!lNV9(rC=w^S=p2Tt;Jdc9`myg-Gvebv+3@6=K1LDLO%_*o+T
zytcuvH``;O7+FcVZOT5D9eJ)1;OOoSvQ28?S_(PR3pA9RpF?WbuBd7G-9SqqB>Iwd
zYg*O5p`OW^Td2>1QXv(LQLkLBX$k4k`$`9Z5=SJVC@0IrEeuF=yu#;u_x{4y<&89?
zC?b%Fff@Ud&rbte=9dG(K4v`eLnBnnbu25V+r{bgdH;H6J0h2Z!}mS(XtQ>e&&+hS
z{r&pXGlTE`^ZEX@QL=NGkABxbNS~+|G@#35=KZn%G=WY&)9vxFpcMLI9Ro(zDThSU
znfW@}F@ThoHywiu0RQ?%^Ug?AJmi7}nM8y-wAVvz1nun@K;f|KQky;EiPJa;+R5vq
zk9a-gMH4=75Y1la2Oc$tJDjc2ns10{ejU3oiklTHvxyr7r&G5<(Nw;P`<tL(@TeZw
zDDv1kLNS~u%kZr1w^dM`k;@BY-Mt4t&@>3P<PGng3xa*|A33mPiwx|mc#v}@d&D3Q
ztu~I<lPiYv3}<lsb@5f~FwW5z#-@2U+-OosZMqMNeAE7y_$VC`Ph`Bb*6KL<GYF+)
zXCa!PiDR_TH!P7JfBx<)6TZB}K~V<@QM%lZFh=AxgF=_6gvsEmcxKkR+z3P(g~Kh=
zc~Cz6XE=qOd^idnjcZR3ts`C?*z16hjHF{|VIE9JG1?j<)2f~AAUMQjMPMjfNLRu6
z1!Zn{JC1i)D);*>NARPGIja^U>OJxkr3-7>tPK-efkL%CwB)uaH}P$6gX=td59|S5
z^=nytr?)`5kDD&Kn)R8~nqfykFl*J5-p}5u*qyQQg_k(_^+e=|mtbB$Xfv)oIv6T0
zZ@{4;YnsTt!u2tP-hL4rbL`k(ZyfRV^rDzJ+tl3-Na1A{;%=D8cIJx%vO7?6BV&Nj
z4^qF23h2_>+#pC!4vsV#;n2a-3ooMIM9S@I)<oa?xrp<uW`z17OcT{z<IE<(R1zMa
zuo8|5@_)Nf(qzD)VUK@RDofG$X)2(yqr2N>SiCh+rTHOhXCe&cmn-R>YdAYI(l^Xk
zB$!wEF?H^yRr|RYWky_#pOvj0NnODtH;ZFTOp)dPD)dYXQwS@mP>Rk89(K3f%1T`<
zC{bjb3Kl4=yYr=?)3mJBS_I3;kQ7k5DLq<Qv8*))N^1Hf)ZX4RO6XfhJm-!y1EKE+
z8he2CMKl@v3v-fv?mbN>2Nv<L!OcPv^EZok5lpjk7GcMVN`HdRhQka3>KiN$igq1i
zZk&Do3==j{<>H5$yxTTa_FRjH$iQS$Y@s$!d$&W_)3hCd+Chux2uXc$kk0+G!!;Pl
z&Lo;3tL|?!tOaG4sg?i_*rS6mQ^pJz6s1YW)|C5zm~Yj?-dEP_UnGm-V~vP#L`(Wp
ze>ArmPq8>clXYI4h?6;lm``{X6j7I0wx~=+(wh8(wRJ1Uuq#a|LtM;VUbWlNNn1D;
z+JhYh=ST_mM80u!USMGR@>t<b6_lb<P1MbwoffZg8z6H8uV`fY<-gu1uLQRv@b+N9
z1JTbv^;=pk49wWM)Xt?Zd=1ln^z{S53Gi^;lDUc%4}tOpwEi;@4=xlVBuNDTaPsg!
zio$>Y-f*@yv2pq*g1quJPsAQc-hGK){qZvsn@nX5r`j}=S@8ep_8+d>wo^uh;s*p(
z&M&u<wF-h$N*PWlts|WvHXq@njUFI7sud#=QT(Luh&Fvl{ORwUtn8oDA?V1Ish7yd
z1d$i(p7e6<_DX-7;lp+nnTS(U7C67MnM*CBh2A;%(>`l?ZIc|aCzV4RS<cwSNi50Z
z<7(Mop~cs6&-XLJ7wdA4#CCemGX+H8aXu}6?9!r{L3X2FMYXcu5#`ZFZ5Q!J684IT
z+__4zkkGEvnS|20BD#R`Q%aR2Mop!ZzV|UCs=X-i0xy(o%nSb9LR>O+ZgC=EzR?A<
z=vN#)pi}xBh$;f8HBc>ODxm2478XSpZkIsnF|447i+JE8ePNJ8B|6ztLV^G;aI0uV
zf8;D!SxGa9`&@K`U?5#{6d5f3a=3vS^EUQa<AJ*O16^(qm_RTlASD_=tp6_o(QK6S
z2oU(NZs>BnU^gVc3Iv!|9nsS%Y?tO3y8MV@yb$H=U-Cj|Dx9%RU-_*~2H(2nieT{`
zIDp|4^ZYq%VrY2qnw2Z*1A+<O5h)7QMmkDzpu1_8=$cWJGnvE{{{H0>TLguSj;)1r
zr}yHj^o~3_@iY?n)-C;oBKfpZsT<)eo(cW6M32_OTr|Y%<^n+V&Y(`{)Jx>2TEqAn
zpx$Ln1AsSLqFe=j2>W^bm<f@e00Mg>FeTO+a~;-jIWU;^u93j7qtvI>sJ)2d0C49o
z;kS7sW?uXOY93hKm}U}rz_jk&d<ZCbwP07nwDZ9beiK~Mv6d1MMRcW__O8&H{yuLf
zJqdZG=ApPO@I0gRbSnAOkzT4mt+#O$e+co9f=#71w(2>|Qx_~9Ihtu`c91-rdkK6L
zl3L;P$obO4nP&~V0O$ozPHCZuBjzc9(FBc+oq*ZwbYo4Tq-18v1*1BNrON#p^__IR
z)#Ka!$R%)`JpZtFCYm!V>vkBrwrw^}LADN%K6MO}0yYA<+(4+OE2I_ok5(1NnX_Hl
zDT0yw>h;86;1g}EvztX!1VI=P@a1kyb-~Ks$A-;W5Ij`rh3*7?6{ZML)P>q^s2!#c
z2tjP5ghfl#_Ai^HLIae)+^m00qhnb3;`=<gy#9?=62nTz6P0HJp{?$Jq5%rU#MSy6
zs3dbRm<HqdX>J^YdWuwD{0|NA5u-CWqFNAN?FSVS(JP=1g+8D@e^NrPVtElcsHSwy
z*awOTR+C#XT$BW|h6bIVWQF`<e~h9cZrlJ2GbF_LWfZm~x_2NiZ@<MPocy(caRZ&?
zL`1oWTbZQ*pGyl$9%;xlOkz1$ScqD*n!HIl3Di?9LBy+|c|D*)oxTD50pF%SaZNbS
zgqiEaMI#5};S&MH=WnnAYQOH<Fd&G?-*2RKp-z!8L;)7olQDZMaPK*msVdf{#rdLK
zPzv%ih7-7~dHc2qGPA7hywITvTczH4h$X{1nXoPD;I##3$Nb3*ryQt~einc<4^icB
z%Kn6TcnzYb=gD6iYWSZY9q>NBPq)KY1K2xLKHj!J)8ybiZ_otbIR$dT6b6e<jziP;
zyWBv&bF5vVoV?5W0RF-dTtdDp{My5mR~o~V=L475w(z=N8IQNS2YmRS*J|LoK0dd7
zEkCUf%a>O@xIXVsU-aFf=%zQ_&bJemA8b2hUn92LoUf13ANb$*yHly~ygrW4?@Mb>
zT4ZhlX_}^(ld7D*00RjtAQVf*h1>k+L-F;)i}k?;IIe8Uz5omTveArq;*9C9><DDS
z=y7D(2$l+H_zY5W5el0-iu`5zo@w*^pM!{iH3**}G0{y+$lv(iv4PN}2cQ3_w8Q9I
z1K*chivF429s9)UDcX>eZfVnK3J@V1M&H<DSY=7s<4jWnfqVVk8u$pLI^TmqjQJWY
zsl<vQE}oYech2jBUJHz-xI{L}#Q?JdHxTd$&-_gqZ)?VtRM`bmm{dI55maN1H)GP`
zXs?ubh`a8Cxn*v^)pg*oTM;k6qInC!ldcP7ITh=AjP_YnO{LRstIbsT88gZ3?v>li
zaj!oy4-g%)=HPlk-cB^|5_be%P?|wxKo8*Kh{WDq&Jb*~W`-{Eh2l%3%#3}&`8+O3
z$a4B3!TX6`@f!#C-tp{Lkk3lNoq57Dxp$#9qz<^3znMM4%UGR7clPmY)ga$jP_gd)
zkyrOF1Re1kB-@>fx~F%q^NZD(u9T5b^JVEF)bXc(m}kFLtX0z@!&Zfq1Fu3g1qWxc
zEjpR%Ha#0~qJN<u;BrS-r&UcysQ~NJ=(EShb>*<=QC(&5)k3wlOtS-{3LQ0O4VlSj
zR0j*~P{FqT8rot4;t(#r4CY1LMO0EdPZVG~cmX*=1Dg<Lm3RqoyfTsA>a~>N!nMs?
zax3}4^-%@pPg?Y0CtMj44H~z#dn~OoG3@W@e6Ucf?!{3hoiS7uMt+G=n+~J$E>*|%
zjSU0a`m6IMb6rPU+thSZ$-K{nD~tLqwGzn@T)I}WC#;(%YC-PhvN`u$vsmY^ZI28(
zR3jD`c}#SpHMixARXTM>|4%>VT>4{TkoCllGEEdZZ+}E0SumbKkosgYnq+)ca#?V#
z95YhRgg$_>GWy@NEJ1mbn(3MadL|d{<674*<l!;CHN(b+eJ*6nuxi<XbyL|VpNb<`
z$^~<q+a#sSN}A~}q_`ZG^NiQ(jJ;(#+2uB4N70n!J*x>9`PYrw=Obm0jmnDbbL+RZ
zwzlL@`G9&#htq#((942+_i0<YRI5lU7<0~wwG}x|UP2jq{b?B^9#~^VlcCcaskfEd
zS(=i}Di+M>j&7Zr<jJQ(0+dBcr56;mXiqDifMYD?&0*Iqx(xHDk3tby&T(5Uj9}~*
zC2x`!%{{oAp;5~YX@6}~B}++rdgZ6evQ;%XnXTIjM^f6-UD-=7X)o`UNLiTDybvk5
zYQecHDT`qZdpXwy0=AFqE^RHhyLThlHEP)?T)8(md3J0+2tS;av(rA_OGZ$uV_$`L
zFv47O7%8xhQ28GZmaVmA(NeTyT2g1YqC+NM<cDv~DSGv>Z%L=7D^|>1OP8OSl5xsD
zg2y}Y;TvpTlH^z@L`|exfN^$5WvCTwHX>mi{lc814q<6hk$yj-u*u(2ZI)@cD<?X7
zUZ;yq8S_BiYNbvp<oy0#&1qrTJi5xD&&J>iTr!|#Die=TPbSjzpx>`>Exuk=uNV~S
zj^Pg1_X|&;ok!eM;=LJvskElU5&xsZDrd7wp^A$;#2P+`!I2qDov6<nPowc-=ru>0
zdemGo=A38{e-J@DzT=3Zq=OH3x}6BEt3{sy4IU(^M$M9iOS>7XPU^~>vRN%r=+v!F
zGfz1kfANy;L5^+j$@HDXwJU3p15%=>S%i%kawL(rGz9R0SuBY@NSJvpnNxo{R<>Qq
zwNs2K*O7o5>=>*-g<?kZcKfE8q&2#yH-WFxddtQygs1_Q91I<N$0egkL6&TBWsbLn
z<So9h{3-`!j|{J9OLanZB5FdKb}vI@BR0J87}C`mtStj6igYGDpFG95f$NimhO|^S
zdAu>U{v4MLR@8VZ!*nIe#|fiRwUOgiQi-}R!NFuRzwGb}6-QQ)gYMLYbsd9%MX|`I
z?ig?OJIr=GnW;{K)l8*CBDiiS%aBW%-d|frNwZ2-p;fXy6GO?f&(B+v%FZgt;=??X
z^Y+>MGw*5`z!EQ$Mez~79kU483gkclUERi(Y3Y{rD5|&d9hGe1Y{l4MclX7ivr5$&
zo=l(_)jkr@nHy6igqLN$@@3-bofYgfc0M}adA7mw%*-XuehyWwF&oqP#cHG4Z2o|&
zdj4}`TA=Jq#FQBMe&9Fa_s6)hM;KszS0}^|wx@!<a>bvE)s(@BH|;T8>9;Qf`lVyh
zXmt)<hc?IV;?r`nQXtg00z}^uc3Be3___uRbJ&gPC|KYq`Cu;&TA3;vIon-a`vX~a
zR0%enFM;Y@rz7vA^U8LRA&$jP!?>8(&%RZP#0c^N2jwKxRJOTNv5iFg{0fLcahCFh
zE5&@ZY1OT60b*REb4WER6uIawUJkS50L;2lamflp<N-o~O9xD??wsXyz!P?i=W%}l
zd&Q@Z?8;q3N4QNvXQH7i8Cwo98U4%DEY|FBk31r>geyX|XSb_h#bQ0or{d|n`Ad-|
zH~TCF$7p#XRVVO{K0(S}X~m7|pc-T6b;e!^_rpUl8X?zY<&^_D=!h;AIZ^G#L*-NR
z4a*j?rWhinuPcYyB@sacC_jWsjE`YIR3nX;QKqyvG^S@lVV3(7@D_k?AWC6DVIHOa
z;J(PwA%NTdi(Xo0dmbVXx;No~lSuXe=(%6EMYH3`M{zQRME*z?CcAFb(7df`bt59I
z8CYbVr(D)fT>j?)imM|6J$BG@@CWeD_TMc|jIK%Y=xUcPc?%XIip(})him|*C;a>k
zeiEUQb0s|kPl|bkT`p*vs_1b7_}Eoigpz4xO~h{sy#S>J!yuUuNZ$+L`xivaI4?*D
zvx-5Tnon<;-&h`U!2Q?&WAJw8p<JUcjd_@0c68VXETMjU4s>O?`}V7Lq3pT4uKnUD
zn@Wd1g|}#UNCRQ&0CL!5MC%E&3tiTqAkn!YT!QF0dWT5?p5>5O_d|2Q=HS6iG(srk
zesg9z{J`)kVEB3h2Jc%{V3gH;j;iZ0C2Rv{BlxoLuE(3kqz4k*5XpA{$kF`h1F}xe
z+=89FVFqY3?!wvu3LJny-n=6E`VnT01AS@P+J0_%8S+*GjhGL0_YKg>9TXUpdRhEU
zna^%k@UY}!gh{m!zPaqO){csJukerR*noU!r7o*iF0t5xW9;%*b)HXlDV-0s{48*?
z1?)|TOQMXp4H!*RVG4x+C_(wW-dh0!zO()4<kHr2!#<FpU-q+SWnh&naX04Rl@hhE
zLv8V#`YzM-(^jXXkKW7}mc=76p>fVjEFXLCdt2D>yzTG1&pm{&%lA*pvu0wp*!jnQ
zf7n*W6Yk6}iERB_4Z7l%ar;Pbh7Ars2;L=aSqL_riUI4M%Z|j`RWU)?h0SH@jXbt<
zjr&MD87fSSq5y%qkJ5|hsEQISRjaiLW_rLDU!m)p-B}U9Q`sbO=>SQZEY|fWLAHRb
z_i;sKrm*?5EYXUcxw#NjsKQL{v+mXy4Rlo{V{8}TTL50k;&tPsU{P{We<2>VexVDg
z=y?ZCB5v(En`$j~u(;}%OC>8K--Xkk;to1ha|2MX$LS8xai<KlS{TqnR${-%B_Ybq
z@ae7&;3+s22$ys0M1L&XSW@Rkm~fXGT%G~-=vdUc>g*OIsM-sl)f~^GUT3<buK4F+
z!6U?aF<~ns&OsR$Q@~o)3Kbu<%49v+Vmi@z18Yv16|;2A(7OM~aZZ#3$%MKfP*KFi
z53pWi8u5wD`%9To(T1u`xNyR)la>Ql8pb2vL-B#Lzs{aDE8_h*>rU5j95rF=ur@nY
z`^c(=)>D!w>P0F>oNlof;31&}zZh55M^gemE84mVQO-lqzPetg>}}IuzHc3#^Z6Al
z8zQ`(`iSm?y2-2d7mR#eEe1ZxebwkH-Ep!-81cb+SH$Q$5#I9p16YfgnQ}H%mGGh$
zZzz=`LdD%1cQ;BDFYc}0{~_!hgG33ocFneJ+ctOGwr$(Ct=+b5+qP}n?!Nn+nfPYz
zjhL7p^{X<fVr67ztX1oM-ok%GI~?>L+8hzc0nr(v%~IVSPUfq_Z46~P=o8X-1#1~|
zuFcshd@%%_kSwp)Cp)3~3(U!DVzyQ^dx6a+)Lq2pN@XL~baBAafdp?W_9Y9$kSPIA
z*tLjDRtlUMv^;<i76s2FQn8Y?0@a=<Gqqf`^0j6p_0bt)O^_A-UTop0^&t1J32Czo
zX4Je}d#pbrH~?VP(<LuK-R#=YzggnJ|LIP@k2{>K-;neaq5-}NO$x%O7Ki%YM5VZ1
zR;d~XI`FQ^kYMn+V{UT=$zCw7SSluXC1jxZ`c!%^-Lc@pk#$&3K1h9Ek#_}JX`%ux
z`lepEi#lKdQT<s+YJzd!=)82f`a(j8Z0-e}50VKT_3cY2Ixx8GTJg6zq%>uoKccy9
zU~Q8YjoJ1xJn1?pfmJn5Xs=y6%-&w0jtxt}YI$?bRTH~KpHXyvTT+7B{n)UR(V4`3
z%S6kH$jsAnsjz6%Hzr@{zJXee7Utz6qC`wzt66eERqlPXN6^9icIf+$S}=h{y<VM6
z;Il6s(!VB1GC6T6X2?)k<ayB=1kf{7tN~fhb@IO)I)_~gS3YEBZ8F6x#YQGlSu@+b
zNXYFXdBSqBD$Po1+qo*<AOocpT_T8AO-T~8m0^tRLJ>j!l76_6SAp^)qeXrz0gWl2
zZaJ&uE78i!5*K7$zZ9j&aoMuxd<V@^c^AFj5i2uSm`b~FN8)N&j0J2gmh9fMQybW@
z=wbVbP3<C?h?P7Tky#@go=pijjQPNxN@F&;<TC<Ln2LfeTM}H|t4DeIgiE?8_fc^v
z2g87&Z$2%`!F7*JZ4s+k?F=H_h#Soh=sxZDUBRCGDtl?-Foly7W-cvFNTJRMkfCsH
zC<1!2IWJd1sZc)}mu;IZO(%a;hgBtoVpKj5lL}@o#qHCYu^kt&SzPk6y=zdp#G+DO
zldqfhKBr*$0?*|U2KN$%%bG;}o~cJ+1Pl99Y(2j%n-+{LFzW_(t5}{j9I#}RQ;hp$
z+*VErSf;$C^H@2DuF0~0DHu&e7u%`j9~GXeI4;VCk6&p`h+55n+$!_XsjX4XZo<>7
zJfz|R>u3QpmvmuV>^~`6Zd6G-=P>+<*iP3D<=C2O-<sv+>n39jzg7Q4Fa#$##gg&F
zn9~=2zj=gZ;}(qNwYg%W7F0?R3sQ$`Yf?*iPnkNXWw4FJj`JQ@Sy$G1Nds~nP8Ev-
zg7qyP^S+)n&0Qw;0`^?jI;8eRWJ@Tf1k5W~X-IoT4>TZ@AK4wB^TAV11ro}tM<Ab&
zDao5I#nNs`k_#)L85R>sN!E~k-BxMMi&wL;p>b(Hkd)TF%@=bdSy(~4cFPUCAP)x$
ztyI4)2h+Lfszs@F@h({2GRt@&?j1(&76wJ?Mai29L!Kt^=f=h?`(3#E!ln|i0G>x#
zs)V4Ed^KIPoS(dNTe|&)3D^L^mZ4aYP@yJftC_*1u{g0?zQXX5Bx~KB83h$wLIWCV
zQMhpw{9Lmxt?bz$)o4(<j#$Z|hXj^shmpH^^^h}l3xcH~dy1g%J~<7xeZ*Hz*3x8I
zniY3;IAv{#R^q3ic{RLI0P$oxnW<1#9mXD|fi%<`BUqQRwR2FC%*xIktYsiiO+IVc
zI#(poiRR3bx6vPvXhPsE14PG&QFy>;i5UW13C&lJ`c#WOwFv}4hGP2H@k|X?gG1;^
zS_@M=m{<iqWGD7i{!7(OWDotFS#w=G()SWs4y>=(zC(h9r)fzLxCk(7O{Xx5+La5{
z@^88!Y`4To29GEq5^AVAV=T+)T<LmrFXEM6MDQSu9Fs!7&%{Tbm@$}Fd59=U7i1g5
zJrqD0pV%Et2g3oh+g>++?$Z9|uz%k&pF<axNYgXJ!@F>Pj4@L34j?5%>K(>jBAJe$
z!!YhODGQti?mniFb>f-{TgOiH2s&V}Q!GlBD@zX+{>aeq-~c%;0j~wYNmEsW2YxYD
zPVSk_U3-7&dSYPA7q9pDFc=^9SKj(pX${}K_kd$fyEgxN-(%DJv1q=Em?C(!I*oaB
zK|eP|B}M~|D7Uf17=0wtsr_Q|=K0-1S&;{%IHxY1K^TAK<gx$wLNh4=NtgD(zH1w0
z=k|%Z-awD$fNkTVZd|r&HT}LiEnxbDE%)_2G({P`dk1FE3OzEw!#TZ$n)t)#Pq!Sr
zZhOEP*X*4h0qIiZY(m?@>u?aUx%M9d<P4`s8oV{N&Ng@ddR8@-Hr|*JQldE)RT4UY
zFLgq`YBl)R`3p34DKN}^b53Q%)1o;%Y45CW-zz%Fp4a_99^x4RtB9ToR6P!IxvBo0
z5S}h>mx)59<l3qGY&2r`0QC8e#=LpFrsBJMAsC{#U4dHmU+wr0y#@*lH`ye>5M5uO
z)eESE-}s7<;stQJrNF5dD1RsOKh0rrCoTz5^KWvRX{asgfbOb_8D(cRF%qMLx$u3u
z4!q2$V>z->Q|D(RCA!Gq_Yk>QgBkU5m5^wcq!`uv^eF+mnnKICX!j^(1aw0Ht!Gf2
zylW}#^qpY=7H&L@#*VeAh$7|1x|V`({Yes47vO|=s<v7<b#xaxQ#R}N6jIkyHrY~P
znX$_m3RVjdy$RZ35~gZYvTW5qoCBpv4sbL)XDIr@(BrIJa^`IiN1vJkVYs0YvTNhZ
zb@vRakgs*C47H3S7z#-h!U6B;55xyE9MlsAu;d@AE6r#CMoAsg4pL6GLi|Mr#<U2K
z@>}AE2cI2@W+})jFibQD7OEIP(&|N5^vS{SNIkA>^Pgp9)P;5`jnMybD|3c(1(O75
z+)LKo`IElWgFsUH%?iD;HoLEOeqO(Ny*%#kDSlh;_QOL$*m<^FNP!GWPX;0mP*1qm
zn1mxKzb5rxc9Z*?c00cxcyBm!WJx7w0xcd9zpo=<@@ISWxwALg+zy1w2Zg=(U2d0%
z$9T(jRgiJ7pOklCbvbe<8Ffp`#@C-pM;Ys#cDuh9naqx`Oc<l}ZVR#JH2N8VPGp?!
zclVRvem>7XrK|9@e)WErab8W3pXWFMJ>uU-PDVR0VvhwL*4U4sTf#@X>Eaua9*6qV
zZFAUna??H8m2kijf9QppBg2!*h_^@Qe4v$(-;LN%Ki&9vz27gG8IeAs{o93<PqC-?
zhYsJ1*UK(@cX~gyh(L(0(hStqd)&&E`30NYT{b#U#4q8<Y5*At?`i5a7;2X({935`
z?zACK>CGDQpCUaphYbG;X+AkhQxm=SUz03j-Pel9gX)r6cOewUq-debuB&q{u7Mh2
zsAgqqJ96T`T^`(7gF94Ce0w}DB?NMo?ypf1v8m3?`Iav1^229W8ce2L=HhufKBoVJ
zq%|{-S9sm8>EUg4v=|Agr$Es&5o0YVd<s9=JAQ)^yQU$)Px5oT^PaTly-ViiuRgTE
z?Yg|~`cuL2fA`C^{D;q+3Y*yBxOMH>a;5%kYVS8@ySyiuN6*6TyxlkqoYJMnNaIy2
z;!KaD8JqGl`!`a=8#0t6vRweZuzCo042_I>`FeNZhjgs{{#35p>9zl!VAnwpt>Z*5
zmPI9TE0^MX6yPSu9Fbs_EP0qfKo1Yr&AR2Jl8O|TPc9wTn=mtl@aW2=A2rWwVplgO
z^Eo<F^7eN`FvCXSd3#>|h^^-SO>%1ZvE9mz`D~<Pc4F3KQe09+nwKS0H{bXir$Wm2
zRnX2gk_3UR6NloOnw`1_@M;h*1UOQmK-yTh`1eXlATp);50HNg_<-6!lrf@*u`R5B
zX>vB{{aGgAt8SqGASfAbjRH?b>k^x-dW)_6VaOAYEGsoq=(QH%*7+CjNY2Mpwv00o
zK<zR5$i?GB^rQ<nI}wOfEvy~DAcyl-J4v%QtFwEY*>}Wa<TQ)RPV!O7cqTKMoXOkz
z1#2A7J~LsiC-G6XbIY{+j^&uC^E#ARq7F+vVBcTKYR*QnTVa~aZU=+pf?7T2w?77Q
zGQSGf$6>k<-776wZ?M7h%T=a^`(XVL>Uqc@86e~bQIuC=qc8E=bIYmwr19E}#kG<R
zT4Ob7_62xE)=Wc<S_mw03cfndx{upRJoITi)L31NS0@qo=NmrE@7MeH^LCb>wdjUj
z*b7XUIQ9&aB2?x+)Ogn4IE?+r_wLheB?$(Tt6?e7+ZIi`ivyZY`YVI{5*?G$OKb&x
z<H}5r&-_G*Fo%^)hdv$|WLguFsS5KxcV?Z@pNJjYZU$~wJY)O|;o^IqVK|`>Qtn!}
zda12|BU;mCcV_Kq?+RB_2ciY+%j4yAA?X_am;>_bv`nbUtyriJi+n6`B<QJd1TT^o
zH=T4%M>D_?>LpkdJ4#$X_qnu1_jrj2s?$2l5fD}p-?UOoR#bsG?6Vy43FS#EGP59-
zr=O9+pFMgT^@C}H#3w&hVOd=aJ4hDijH`obXNgo)A8)Y%mlZrNtS6->Z^g!2q)|to
zjgbXe54nDl7@gJvTMx0k9F<c@vQOFUkJhATY=*H7e6Ep{6BCl{QcwEN)>Q$h*J>6W
zb&UDyarzpm4)lXd18tb}(hHd|e~JE73vh;)k69KuU_o^-glq{jo8>Q%n1`(Bz^U3b
zGEWesy(rb62t-Ic!|5>h()1ti1kFY+<VcQtNH`BQYG7!mkgGFi_wUU0?N@dW2@XJ$
z92fhNY2g@_ac0yWbE7$QX8Q4ymDf)l3D$!BGMpqB5_Xf8>C(lMwIkAR49DW!4ySH1
zOMmwl^FKc*m!tolK|cA$V@oiblN$V=ML<ILqU@6~Iw1w*(o49(Ot6vum{>=-6Muyn
zZ=IA1V*M)k_Ws!QgRe3-KUFH2pE#P;-OVo`#*BUxazTidjl29!uM93zy~+7>ClNen
z-&lvcQH0Tz*LleEyk9p{dYW!nr|@Z(1=7Y5YE$?!D?Sjj!IwGsBPjCBzVq|92Yio{
zLlIq!@&Ga#eFJl+>>IlBC4uDJ%X?2^={TELIcHHEplx^%O<FR??hb1A&^;<}7EQ(Q
zxmesoNPcYGxQ=$TWA(m0_oD>;gA=uFC6vUX<SrFGlMX#TGlVi6h6^n8MbSO77_?Uh
zuhUnyd@EQ9Ize87iHmBao&yS*jt8ZO1bHNClmglIKG_*aw%z#vmr??G|BRVlw|NW4
zeD2^~A=zHP7^?aFREcYhXniLSdT(sYSm$7l4#J5M-N23m6*gc#t}4%A&YL?%z=>8g
zV4Cg}Tn8uuMzT*X%hbOIQL5ZUJt4UFiT|JTnX$**RoG>in;lJT`D&{Sr>B?2_izGG
zR-~NM=Jo{?kHkH+OTbfP2;3fjMvrq2EWy7vZa?`yP4XRBO4=T-Zo1t``7KpGQQ$#A
z9VmsbL^fUD`cvy)bUhsI3J_cmD}Z+4L4{V=%uFWP8c-<X{i05oO;L))TB2x*hlwEy
zWn*;?9W_h!xgR!fIi=GfArUE_HMh{P62Ontd_tgQ7l{CT`>(O2l93x#g|mkW(&;!F
zkMhZ<94^i$%Ga>OpgogVIR2Pe)hgI~aDk-+rI=@CM||6SHMh0-(~r0kFudctMMhrJ
z0kL`xXC&^^JDb0N&hr_NSocsHJvTR>WS6GS)djCcDO6mctf4B1$9tOySXV|yDxu3i
zH>x@VqwwR2P#cRU!xGs3c!g&~M$yOEi9ljP3$j)H>0qkmXHbPZ&T~q_ogU|r6c<5-
z&I;3MH6?N|*)3lTAY$ep%7C{7&8m&G%5gQDu~vm*@ju!r4Ew`}F&BYA&<qWcx%5`c
z9+j|6h_IGT9!-k~mw<IFcj~_?LzxQo-b#HJAl(rZGQ2s#1_5mJ8Nigv8G&#$Y`ap+
zic=soe5o|QOZeg&QctAZ?*{K4lMj#O$EUzutrs|8fL}ve@EYK90Yp^v%ut2<%vY-6
zj#N-H4vk>F^OkJMaw7|nld~eYlV^SIhj}iz+u{07;$n4OC7f27cHyrTkt{7QE4jQ+
zMXn75u?8-p8H-*rQd1gUJK3z^;~zx%-W1jvBVdM|kHVl;^m+=T9ZS{c;JcN?pdLuN
z>K>?22(NgA6UyUBj|*rOAB;_10^6vxZB-$;c@L_v)#hhC?M&L?mla&XW%DXHf-_h{
zxiJBFbQ(9M)Ea#nR+J6a=y4iL?}Mn-urouszg>Qh$KbU-JYI(`(400edmGJzUb|_G
zEO(2Ln6K7lYzZo_?~@hhE09*|rXm1xge%w@JZx`5A8_MmjY%rA&;*scy~UFk`|P#b
zzenBQnYaFXcweKP=)&4O*bY8N0G39Y&%kIj@a)w)==|DtJr?1Y&-ie)eozOVZ_D)X
zyPns9;gxR0HP{Z>ah-Uq$)06xp5>={+GhAZMNyYm7p<SIer~^?d^0tE?u^FEQZ~je
z#FeKcl~0fKm7lx4rIQywuX<OzKi~fp1dZI4Vc?gC&82*n&kNWZ+hZ4;;}zHMe^nmq
zXo9m%)qV@0>(T>Q!6eA$kBc$ZGQJ5?50fAJQrG`1e(fietp!!u&F=UZ{qFqw-0hE=
zR(pX_4Zj?ep#-&1CrGccK8UXX#TwxCPG2tiiRA!*j#DZAsSK*cW9{t5Vd_D!(Zp`o
zg%rvdM$1)xjLF+33Ogn|7nqbPPHpsADFLU=O=#5KD<}pZpMJ`VI#Ck{E5j;E{IfYk
zNHF2Z1lBHm)tmM0lHrtt=Ozm{XDD7=exb8a6Ydd1aW_v^Yf5uwK@uM#V(JRwK!KNz
z5NKBKF@i9|1$6falvfmY!nKE70{}5&W54!XMB+XV(De|QWUUU!04qQ0gl|ulk@N2F
zR~THkO^ZFQE`<Ib0Ktydt|SQ0nod%gkF{3-s<klCp3$l08RJ>xJwCS&3nJqX6<PQv
z(ghx01Y@t*<K*wQaY4)$FpfT|Q9OJyP1V&clVqv?5g-=fQvQ1xGY=T4JB>_h$FnoS
z75sUlbLa&hJ1`t-uAN-KnHnAwzNs@`aJdAR+?qF|m{o?SL(!;IL4f5S@6*op=G|%A
z9ymz9MlHWgozIh>uwIr&{uPQZ3VJvXnZ3VpYFh210*bQ-U~Ea$oW8P9-^3_d3}Drz
zCUoTUQ@710L}L+u3JLJ~2++wj*+CH5&Y=(aj4m=60$qy%i5{TiV^`=|$_HOnKO);~
z3Q2SsNCQ}R7)kS)*Cd3&-YyHuglHPzv%|S-$fLbG#O&Fs&E}`4*9))k*-Qx-qkz;|
z_q%RLATTG;fcHlmy5$ea1>O*GUF@&7zwvoDdf!Vw{kpsTPG^oMQ>%${R0zPgG*3AN
zP>XV0^1@fhYV(PkqQtBGM(lBFD}+bfMh_XwnuFYWvUEPb@ZEMYbbhb)Vs2mj-YoyA
zIN)`EU_D$!5dEJ8Jo!5f3rL>K#83|gpRcYqD#364f-XiX&@OViKjF-^%oqE;b`wh*
zwRZ9T<>-60wKKL`89u)|`)av^e=fV`J4$>HGmmo;*z@hEvA()%^S$g37?j=ql}qyT
z``xdm_}`;Ghd*7(9=Z5(Lc03A15dlX-zHiqp5VD#0e83pFz+_8(b*}RreJ|@YECU-
zUEZmfvsP+9#|e3=xQf6@lW<vZTCcHtRxw76B!Y3oUMKx1&|e7zh~&%f1htMwmSVk9
zNS<TexjA~Jan8m%C#PKw7XX(4g*LFF%I{`tIKh=qc~&f=GCYGVeH{^ic1=e(?+-^L
zns*4Q>_|o&#-f#D?B=!)hZ=SBznrC#{Q>HV@a{`&y}scoOEp=|fY3=_;fz;Gjr$A@
zoL`63;J4cx?w2Xx_}#w0Vf1|**Sp?cuCKL?yFJ~0m#dBJyE)q)9<JBB@r+)d-=DQR
zTx~Cz-<!KR2_We3z~K1af@B`!1n?blzVX=_uXf)KzbATdyg$es+>PvW1lBLLejMJ{
zH$j`dd|f}F1d(|+$!lxDEPrW^MDF*|xfbr0Q-!cNggvaA46D>Ue+03@;HQO{80x|;
z_x4}~=jR>X8qkmG(mm8mAIENg-{TmLk!FxtneE6F1W7EQjF;T4eqT;s`8<yAZuR)y
zmRXC&`Xv0Y3rN|2ekW^d#)>?$CXCQZA7(!7n<^`9^XP^qzx`sx&d4!;b?N}wGr0dq
z6wEl7jtGQ4PyKNN(nrsC+B*Z!?S0(a{dIbIXSa`}xVrbbyU&HRyWQ=PtOCcvJ@wE~
zWXb4|*1=2a#t4`+;CFx9UTviBA#yXd`~A;}nveKsrDj(9ySnv(WAfrLYp)(BP6OH4
zJ%(c)@1bFJxc$!^%BHr5?)}~P9r?HuqfPzH&bs_0I)F8kH@g7~mka+dIgIUki@LLF
zuNS-sr|)ZJkQ|@h{Ny9rcbWS0`%#xj!N^8aI45T=OVBj$&&S<JYDb*??e?JDZpOBU
zi|ZqqVg^Sfgzb0#?hfDAa_-)IKX)(Z+h8h1^y~6z<La;LKf%&iko#?Ihur<c^7m$M
zj?TBEt|~st{@uydj>;W1|0&+i=iAR}Z|E{w82b*nB{o1J!r6D6?M%%N?D;W#PuBJ)
zz#0yixV^+2$cBa;5?HwIARs-^ML+l|zW0llV&Tumt$uh2QDxBuG8}^}!*o=5knv8m
zI5~yypO)fW(~{f=$en<Ma)H?IU~Kch7Vil1iz(AmQSZ_1n<<>4h20}Jm<*PBt+NoW
zXVPqB9&kvI&V^4;t^@|fA0W)YR{@M?19X^bKiL1@RKtH*2c!Rb9jn_|{~u5TSD~70
z%YW|w-{#2w&o~Qb6Py1c4cYNB(1H92p|=9R2I*ckSi<3zVKirG%BS%zG6H7kW-_0z
zkcRkS5E+|OlaEsj23xDBo#mmDF+hJtK}+N>s)j24A1zwdfr&E>|Egl8_;(V87rxUJ
z@wXVeWEZiS1c6BK8&pGb+;+^I!*C+C&pawt2v4@Cnz!G2O7RM3l0y+=e@Te#yALZ!
zc$qil&jS7~KiIh&v~>HdLp6?SGc%cx?JaZ)>5Msjqry;=jSt<u?h3>I@2ruLkeA5u
zzc9uAg^BUMO~-%2{I8e#e`7U?Q?LqR_-Dio{t556%PM-gWJuE_dv>{|UrVUF=`S%f
zw88kYi_VVW?9-9u)wavox}md-pl#o<U=GF-NytwtP5vCwziEYyhM+#`G74Up&=0P;
zwj2kqV%Cc5w#CJ~Kc5fvCHUcCjp2P`k$!5k6D*N+Jt(6+S66gSC>>=gl>10yHF*RL
zlv~X+!o<PNZVOp|5FNQW7G2i8o+;sQdhAS8a$DRt60VW&N)mBMPGpK-yR!`Nym9*a
z0qW&Ny=wVL@~imQB;xP<Khqv13&}2*H$e6uJ^~k!pL#W)N3U<#|9xtPS<=Jw{xPn-
zumAu^|EA`@ULm$FHijmS|D3D-qfxF_`yaOu7(fkY#LGiD9AZfX5}AD>ibysd09pk!
z!~_)a3E36UNW9`G?Me#IC^!kJAIL~rH>33<@0~6Wp$T*~IhM<*`uO0+x%<wX#eSLt
zMuWz=_ZNFNE=Mj!LbSqYW*n|rbuP73yIpOXk*Yi;n!Y+<#xxxI2MTA!;)nXn35sEq
zaXQk3y+rZ~Y=?^n5<)~*bnPMAz4x5=ztDIFl!P;|hE62eCLA5uF{fz)HNnu4$ybhy
zPLxP-BEC@bPDNwM#=<;8)^_Tl`}s-`Y`Q>P)c_W$^`K4O$#{mPkr`bpkAKBLho#e_
zYx*$t_oPcm^it;8u#(gM#-GTDOj)RI&^q?^Ce>1T<l=2XHTkPn0o?>w5)!w_vNZlV
z`>E;Zz@2~1h}3Wu4l8500ybbaiwGtfs9?A*(;!C|J;3nsL+Bc#=HTR{+X&`St$#Ac
z^Pj@b7}uhg!9&qEbM7sn7?lkZJsgjA2q?iM(0u!jRV{LYECtPwB$Y4XMQv)lw?Ybw
zHIq&wVZ54FK;v5N?$6tO{4=^d(=>+CKI)Xk^XIg!Y2HjUbh?36iDh<TdKzF|+YZ6~
z%=k{Fe`%m@2Czg1E-XvFxY6#gAJR>%a+rb?M#_5-y5uPw!?-~_aY5>YV!#y>iD$2L
z;(2y*^51vX&)Qu+KjlyS!Ug)lh=$37#<}B2?wRCZo3S!MaN_bBQh|+;5FHy3xiNzr
ztEnEzrd}cES>T-AT@W;Wo_SN&#V4&wmmK!*U+`JRSO}3xWi8>HHyvoel}m^z+JImS
zLJM7?Qg#+tImAqX)hj!xqlLDdCk%23Wwp`ve7plK&Uf15<a<!GS9MC7io_LGC#0^*
zl~)><rCpk4{Iqw#>NG{EY3l>{*#6%Tr6H;`>^m=)Y$W5qbj`YpRD5d}%etUXnrL%n
zjlQ@a%XupS__3OGyLOO2D$g)*s&adS4wdlPj*2gae)iIUun(9kta%!|{QytC_JDUK
zYZqMR$+H@`AENIdr#7LlRitlf$IM*nyxrG9uJrGHyHToFnLt=aPP(i9rteQPFWCAV
zqOCRB?sEQAdrG~NYt*jOh6T4okBUk;Bl_ib7qG2;TT{)pCpI7rSnQwwY^>@2Phw!U
z-GQq4-*#mD=OOn$+tJj{)>+xW(E7hW3piH$e?jMs92OnUsJNEgMDcTUZ-}e57cDD>
zoohD}c>d5ss0WE=`ddN%sepiX{q@_<+ZoBC7bBn%6)og13E#)uyYJqwJ5qnWN`<MY
z+(+SG<8KjjA_$KUV}GwKJWG$gB#n57+V_eMa}kesxx0KWZ@PGpw5j1woR&>BMsv-1
zY`_C1$bt=;$xDI<2NU99tlp?c0S6z9*}9V;*@iRV%w?Z75D1%Y=@-Uq8p7wpO^?Kl
znMK=L9)Tqs$0*t|=E|uWrd!9^&>cBah=?Wob2M%q7^UBtWH4$;4Ox-|BNBFkra^2)
z0wh2eg^c~`w_ep(d^t`84+P-WrU%#fv;j`1H*uIDc#EScZquf^M*|IP!KE3|BZC=E
zP)>32MeJ`2!7K|fcoDxMzx#|Q$keF{Qh^ho;}{CxH4szSYH|6BxiV4im1xQ}(lQIr
zFz}|909?G?Nh!`-kak4|Vs`_>+tCsr(2nWy!m^juMX%DPPU?jQSXhk+fIQF|uegB4
z@>zv_vwGiuj&(p02mt~B{Oj7J0?e;d0Rzl5+ulfVLXCsX+I7PW>eog<VH7G;GS0AI
z`u1WNh8QTTzz3c33MqwDB88pm+fr&3N#vV^NFse|d&FCBp#@QlBq8f13$G#PL32)u
zDTK?wy~Aw+(ug7|ponRN1g6UsZ~9$>+u+T`UU75t6#+tdg%ed9TSdczWP%y2`BN{5
zLMB0`Eh{b#UQb&yFAo6f+9EpY>=-ZB8(bM!G{0HSOSdZ-f>-6yeHfFH#fj5Vv&8xF
z;b^d<)km5+`iJ7hd!QAELTt5{Mp)wy#xb$O9}dg~Yasyr5lH!?A$~}0_0&2=%Y~I)
zVtUI>6n@#O5Ph;11By_i#cej5J^;4Llp_{iH1tUGx>i+)B9k(x3_9*iQWyZ8Y!oAM
z@pXT{o~nVuGOu!U8W*<9g=LWU_3!ZJ?}dL~^{?^*Zpv6-NPjeduZ_Tv0;tdQtC}0v
zMl4qs!#4~qvOqTUT#y)(y-?_hODxm@)ib6Qg^pPc@=P7R-aLOUCr5X0^#Y2^_zTVE
z?ISg=D<^zhZHApg4WGLZT|O-ecWE-l8$xW2C<ZdjpMp8=JG2+k8!c_yz%1Y9{k_mf
zYo}vaG(`sEhqcwNmzfl&VVfpm3ZE$IJ=of&z)AQ>Gfd&2vM!A{N&?4Q$rZ>+ZYbJa
zMYk6sZ$%|&@X+I}9kH=>Qm389Bk7rI1Do!SF7E!Dj{N^Hr#2?W76$)EdWLuXrkhI&
z0MPaC`XA=>{~BmvV_;^&NM~<r7NTh)k3F*p2jW(W0tM1~pt%Lyk1KgEPl30!9odOS
zF}zKQl8UsoU5%1@@bRz3n(JYAVr*yYCTHemmm|)K>R}z-`k$mo3y`J|5P%@Br)7Cg
zURR1}8*6YCs$WA$7fPXEvh_EG|AVHS1`=Rt#DF)0sCVHkR^P`Az`yUfH@ePL;`n|;
z;)JO3wBTI-{J<6}2q?LF+5m2*7NxnOxVV{f={Ic_5+Kh^DL!H8fr0BM^umxMUh(KI
zoelyLH-vdSx-3_dSdp<^(9j$zwqEtp)aubUe!)~$;EjuG#qH)%eWYcM?c;fYKC2^p
z1j=x}95kEJhZafWqZSl|uTNm<OhCT~k~%fB`9f7XSB08CTH7At%eQNIqWJqnf93Oh
z=*_fR#p{m@H4z7gdd8819x5s-D~=Sx$=Ml%Sn8;Uj9}*7&5bPraY%e#-kvPPwI6T;
zt{WR0+X18zr7m(6`97a%%I|P6k)!SiR7OU>+$YO~$^`;w!s;^r6~)*;QH)`}h<cW~
zzN=4|uk3QKUE25l?X>-ie4jK^r07|tX5P}q%(_c#X6Z50*rFB2k%rDQrBYfvKQlhe
zUwIhO*DdSq+Q)dR=k+Map0`W#j8UZ%{3zn<vOAjmk@(22B&iH0?|tFk-yf9~ogRnB
zl{2K@?fBc;Y;S|te3y9_wB^Fy2q}(i*xmq;iPk3(Ze$f}$UQ&6I))Ch@iA~=50n0x
z)-IPnA6LiIF;fAxQKLkbav(WRLzuPp$(LDV&`}~V#QLC`DM8e{@1o@-?iA;zutDUq
zkTIz!^S0P8hTHWHuQrR3BT(8OhlUBQ>@!uz%KA&?W-(<qgY1u8P(7MApQ=!AJj3qy
zl>PnPI!XN~>G%-(-EzG&HS)a(nO#nd$G+Q+P~aRcZBTk<r!x4(rHAyj-??oGc)AL;
zIHv~cb(^IoOWP+(lCaFInYP~NvJ5&%0aPNE;!|_E;?&!eUC@vpgz)Nu=-MJ`B>m^O
zZ=D~TYacnK(@V_xN9@?DHVd47lwqo5yCjHibd3=7pp2<O(RM+sJAwOEK#~?u-g8m&
zBMZ00Xs`=F$(725MN^bBjxgLZoqT7oZfu_5@_bhxQ5H-qXhS9%D$^*t)~GU*@Q^a_
z7EpSi?RxAmvDn;0pP|SEuaie1GJ*nbJaHJbbmWMdB@jCKHf})$E*(EFKU<B)&WpQl
z<rO=1g4T3p2;Ve>$JEuc_s*ufFhz_+q{cLd;Wq=nDX0s@k4+ZH3J_e9e?D9+Ev(Q5
z4ILnegpf$e%7>$6M#sVZRdS^|f*;7GjLq*#M_2y-O?FuMo>czAJ8rm<xPh({Bsyd<
z@O+lLU!T@>&}U#&T3+3L_p)K~B6Q#~awv;ZbD7yKub3>?*v}TwD^q(;!9Q1nWRRhi
znA{g2v3_+JGij_GkzuFav`7~wWVL0g(j!LMPdf<epSd!)M@TmniZ=7V*SQSZyz4Ys
zO<m*DBp~vBDMG&yJWe_lBiaq2xJ`Z8%qCez%)@Y|SQqKH%O8AQoj2_EzW9uT$&3xm
z?b^YaQIS1;XhipOVlEp=(@@vP!o@vy<(Z?RrI&NmdtJsw-YC>JHI=Q?vQ?B<jg^p<
z_{W&Sjbcu{WhD`g(DvE&4v<{=CgKdw*ZY$L2MDvW>{gxso}IBNBt>~ZgEA{Agu9m=
zziCr6S%Vm$eZ3LVy8foBp4pO*bN76CIjAFhO`aB=CXNykP*{J$-kSm}v>5U~#YVqW
zt5R-EpIv`S(6%b3Yv?&uf({$@wjJC-m_6|?D$#K(f3!+VT%xjNsW|3=R$p}ch4rns
z1FaTVZg3))a>jRNlX_Hd{f==t-t9UDIUX-x$n5QVJW5PRRUS(J0hA{~GTQaj8~b*T
z;FW#i()pfZqt71SRR?EqW*yRmy}k3naEMD$22g>h@^~6C`m3z^(A@cvc{DRUosHv(
zr^-gnGo|9A`IpXvQkwZd7tQf(>~R{7*PB{D7q)_W=9$@^Tj#SyH0lp7$(;%21<o@~
z^l1<2+P2U4qH6%l@yW)t3CEYf8j%FzV40qUIbE8S1E}4K_F;a-hA4p>m^*d3z=AVz
z+Glhrzi0)(ZRW@OvxG%m9vul*VH0WLg5bT(;inwTS&DlL*Q2yC5B>~Ag_76f{CRut
z;@jXKZx=t@@^z;L4PWwg8}73EdUmE|Oc{VCKZN69_npWC`K9IM=Rkdia^~r+w-Toe
zFca>VJakt0Eh%YV1hgI45!5L9;38O&y+zSi^9Sx<%ywlv_??<s>DC-NtYp$}<NC#*
zamK*WP`_#_81?3cdI>5j!+2jS6!BoS5K5Ih%E%+1gCA!`59RpV1o~2+-?M;`!~B4K
zwV?#m$B>DTa>$eSXW6l>tG{3VEuojffs?*j#yvauVbw(tLEG$Y#dV{Zfekn+i5#)P
z=*@n*iVZsF=wWSo2UoJ&QcWX0-!jZU%0v3YELJt-{d;T7s>wZ$+y=cI31VGY*~Uad
z1)uti7ZXMX`F8_#pLchMhIFIT=@>HxB(gd@_3h>6`p*eGK_op~T0{DkI`sMHt|s^s
z+XFiGN(Dx}Ij0wd(iaypijm&?KN_9xQNyndLBhts5l-}QUTt&_H6iT!w66iHo)vv2
zb=3TWAjx7jLmilsmP7B)L`GX-`$~pIc$vkkVg<ouPM*1&)Al#BMkpD|+<$DvJU2;@
z{~Wd-j0g=5_O?JCC<xnq5J4K{1(>4K-jrIsm`2&;Jj))H<BV_`vcW6?2o;6r2qi+c
zqK4M<7$ZG-kknvZ4UUyqOi(TH&jgq^kYFhffy5T(1S&+;vx!v|?Kl`ISOU%)f(2lI
zxJhq$&~!OJBGy+>9-Ru5QBjgx6patA#Xn?E#!cVpRdRbwG6QAX`dX6nP2xD-hT6p@
znw9r>J0G0^!Pri0YQrC5&Eoj#shF2mLE)5U?d5(oiZ&U)2|X7LQ;)?r>Pi-GH}9Ag
z19`@qC%o!6J@W6DEnt4<yxF2ix+7|Zr%3LTUiSj)vpE1o59@#)QJ;p>{3~g`b)^c(
z8bdyXcw_xE$|?$ts^N8x2YGcu{e@zY_vNzc0b9wu&-oz*T1Ph@`G`>30+qv0Eq}Wi
z&@|uGcaG_D91tJXJqv}cTLxH+dWWqQ8@(kt0*O`i0G3!rqfeH8>~If}Fx~X<Ut=S#
zED|e(1Pan4HLXttJA3<K8kYM|PRCI8m7*od$~GxnlbcXTya00K9y0Hs+Q{gwJ>QbB
z;>W48OmxYABXG{3Pw5EgeH>#iEPzhrJlG?#>zzHnITn>zW}NhDS>aDT`EN6`a(>#v
z-dqGyVZ+l>$tu~HSc*7gICyw+#=#N2)N%Yao%}j+(V4OD>MM<6hlMeKg+$C#%S<k*
zFT=ftPKFu6`hqBxWdH<F$H|V+Om1H-Qw`nLL)m*%Dk>|fZ3%J;8Cm^fyu}fLFm1LB
z=T>o<o<MlHx%S{V4O~23BX-7+n3bEB`(XO6*6mV+^;A(G9kp_?X1<?9FlxTuS!==_
z{@R2y6s7cJ#ZwpQ03n0|-E3}g4GVe~j5WzT|2r)#lBS}KM0BB;#KAojVtv5eu<!Qz
zo9vBSF;^bZ*(jzbDq^@}-md?ijSTB;Sfg9=Uwa2jpE&_Y?MLwns&F8v4T0?7JKG)k
zOpO*QTsqjQYAOzJqR7DW18nP_?<Z;3OzD%K9Tyii|9WG2N%R^W<U=#mt0J3?3MFbp
zlO0-+>OyUx5gA+$&IzmowvK{B=kZi|<R%J$IY1${y4dCluoniUeY|`>jtodwOqWMu
z!2w!TGaKeB?m&XxPN@U-*Hq1_h3L|{MfKTJ3GF@wAPnrz4|fbq6n<VM?N53JON%ni
z(lvTwdc!ym!cAV?&YjOw$zSX?MznIX{fYhivo?%mqF2*JYnRY<x&7#BmMwlj@qNZZ
zZ>NuAzKc&9%`BewoWOg#_Vi=%w)zCGnb_Bb*s#rloq~sW><dw~$(YVZO&Dm;FAI6A
znewMHFQmm%_C)H&NzFz7&;<R$eA}Zh<4q#bI$}zF`Q3h@OL9Yb7@O3!Dt!VA1dyo7
z?+E!gH)wf&iXol?P2!W(>ei6?;6m6=HS2gLgyIocdt?aD8j?}w38Lg-0Nn6NQ~w{<
zLRutGv1n{a&>&6hoF;r$SI~o+#=7XI)?iEU_oqrMCA#j&S6=f<G+gQK9a-ZYQ`KPm
zO){#H>AiZQ7Old4!sF;h#P<LMN(wFC`0Xu2NN^*7%~>*lo+aFKxNN?n{GPzs@ka3-
zR&z}as*o~MK5}Upnp}JBx_5n@ORMqk)#$@~d5EC)PyVdTt+#=h)@$w0sDrAnyS;Ca
z^TcrN!P5TB#g)6OW9?`*N^K`A-qiv)^sfy9FjZIvkAk&7;;$a)Gn}DnHV_1Rpu8?W
z{{8OQqmA=SJ<hy|*1KXz1Rm}0=wraPc@Cp&cFjv>^YH{kVZ_>rORou!E*YU~vMp$m
zKyVJ-@r`SQ6CuhUy#7bt0lf!&$1b?E;$8j3hDSK@gP15D<+}6L@%Xy)bYcAx+~gEB
zhgr8}hV{duk@1u8swnVlzaKScu}<cmQr5HF$9tve$V$n>$WpDsI4deX1*$FUA8^;d
z8f;_=3wpX@XyW=00(VIAd1ZHA+(T3T74MxnDk$GKWoL|yqCPqJ-5}!$@<e8K)J!>k
zHhn9kj_q<%YSq==&>T9JjiISdj@!S(so=o#knpWhYe!7CpRcw><d)8{WS`6Qx^Un~
z+lK?CM4O6P0woFJ-y&YaSEhE}7{H9|--PP0gA^nLD-g!E@+sp~bisOYe0aZai2!54
z6hrCRBh)shA32pvH^J=e%JZ^~YsFRB)?`_7LIeB5T*{y8yLGxL-|efqyH50M9>of)
zJGHVQYkSIs`!YQ<7Ttn+vzr}_+#g5gpx25<z38p@aSWY%qx7Q?P4r%Bx^AP@jw=be
ztEGLosVOT|61}Ibz#@c@?IYQ;NZ^x1<ozs=ajCPt_x?^0SNsj`JTL7mzkY>46K!xo
zWf`10(R^d?^FKtLl0+~2l@=sPTuK5!eEyRU!{JQQtb2seXY$Z;^iIZ+_HlksEjAF-
z6i6uRWrGQ?&G;8>fAo>9qD^2{ElMk&qUm*?t*_@OTE-nHqc)~!N0zy+k>gGzs_jtz
zl5|`0h<^5J$6d;j^f{6Ljy-Lcr(0)afD4R{Dl~8$u{VSmH&h((DR2QbaB5T$-QZA6
zD&h<+ajx)KJ0ar?nWeAr*kqbv(Q0hrpsnnXaE4pdL4|izxcvDpstT2nGa4+J?oPpI
zSCjU(NfIiH;p%w7;0F3jiu09o`!aS43~e3`k=c17I*Z|(cd=izOTSWpai9iptiEIo
zYzo}wx1}jALHJEF8LPz)3rPb1fC2NwpMKk8R49tsSOdb#><Gfijj0kZL?dpTtuFN=
zF~!i)BczTZszox4chNFtZr|R*?VbvPX0}L&!$mdshOu4*;j8!HWal3l^E*Zt!^6%z
zZH^I~devU7J~v_7{BW`hPrn{q+9;Jgv{S9N>0{5ln7zB6+c;gFDi%gYiJiPO8W7kY
znvrEFX!gFZp-w*34TTB}6#g1(o<&ki0MKAim~Z3KTSz81HL_J8a?n1RJ;ZSgRR?KY
zXv$Osu|Eo56R|W$EQZubW+FB@$XK*dFxhw@C^NwF9u!zS{~?ex<>J3ysUl>+Rq1=O
zxdV%e_<Qf|o>z_&hM-9QYDU_<OIeoTOePG^dcTO>;}1@GYpxXo%s>V6J05-{*q?;7
z&ra)zO4zL|C0Y|aNVprrB^2P^l`=`hLQDLw<(`umC7@je+@2SeBq9BULnu83xee`}
zv_FFSJ&eQYp%9u=7+P(MDIH;qm<%L;YJF`gO=V^{gq>A}Av1=o1L&%ezlvo4@s?t%
z#Bx4zuzu6&fQ%_GxS0?~T-Z^6J>g52R2tkA#F7+)^5<Fyy}*GE(pq#p1^$9WethO8
z4;HMUQ%+KHAi`sM*n;WQ&uv+vOPg9=NcZkvb-DDEC{~*(j%O<iT60%@#x-*TU)ktb
z_J^MQ*odVK9%x?WF-w&B9b=6&rQ@GERY%JHrCv-tcU=;L?2zw9ns3y^W?{3QkmMB4
z)k<nBU@f6#>N7BdB;qc7-ND(OrehZ4tSC7i#K4YbKZZPUIQ?@TP`FQ9cXa{j&`ukQ
zX6Y%x7IR|=lIrPw+q5HN*g1%0BA7EEqT5Fg7{;D?!|B-%&Enk_dFZ=49Xsj0n=*z!
zd4kL-0NV6^<MV`95lK4hi!PNY;=rrPmk4=RRxPQf{+8zN!(Y*_wjuK3;oUK^k<cOY
zlSY$`UPQq4;1GFCeIf$9QB*xOLquVroNl8r5-g&6Fq}wkWOP&^CiYPWCu)z<1@i|a
z*>g}cB)k5bB+x5RRvc1p<Ydka@VU^;(11)isICCrHMvRxWff%?S@xe@w8Ol0csM1<
zh`x<FG^cPF*W{x2(+|$ha)bHee=QHj1bv@=KNe5Bmq@{X=P!W(`gFW*JKU*on*-ge
zVy*xN;IFypDmUStwkGqV@e}ZMvwa-4qCsJ<IaOb}w#=NV)rJNZF&?DOI&C|(IZ{6i
zX{Kcmwp<&v=-s)aCreHbJ7r(j6CvV254>Qa1^Jgwkhn}xn#qs{y@pWmx|2Jgx*}5X
z+9z5wB)bf_%=17WWPi}Hv|`1p?1H4$?j;q)0B~|eU8pTRiDT6M4Xn@n-cx8V-M_L`
zo?Q)e>%AAXcrHpdJFRJ}q9J%I(mE-7wh9;%t$FviF_wXzbjbh7hDBk%njGf@iz?c;
z=82CRC5!NLY_i!sHcht=S3;!|-9y4939+``o+3U2SN4$~a1SotpwmhD;1q~}?8^R9
z2Zk{2y0bzF!r-1nuYeY1M&xz7G3+`=VdKddpeKn6p<urB7}|tMUyb_E@v0LWbTIX9
z5uf@q+#u_0f7sN{<9#y-whsBvz<Lj-XC3%UPDpPKs-cJSz&t^R0F5vY7cK>^k9*sY
zPDG#^2H))phxK;5ICHP+tP-bOM47B+9?mNZjV}`4b)BVFvJAH^IHl`DjRlCwibB)6
z*mQ#KtDZtvXC4>HZj8&SKMzFQfG%EgaeHT&^em1WhuEEORG-z|p0TCeZLzi?@p8GP
zJM4Q%l`6TA^85QOt42@_NzY!=)VgO@hWOnhp%5$K-lZEjW>)HH0I8U3hUsa<!Yl6q
zSVr^+FIhHk=k~Ru$`5R!O7B;u7N7B+SC}2q*x{4mel3NFv&5l+f>VaWc?d`pBeU(f
zRT>in|9nYQAy9Jd(rbIWA(m^e)>z#00(T>SryZ+zD;;tm=wYS(PqQSZOazAH5P4Gw
zh$e+@A%W;@+9a|*!Ec{l@(d)bz1AMj-MV`>!M1baoKv5@k*G*-QTpG&;M`0>X|~zQ
z8uej9(CcU}cv9F&H&MyEJxthDzhhnob>csMNIH5^9M{^v@{|fUB1KfvJX6D)tMnEl
z*BrT|LM)Gwf5P7dH;7k1N>Tg_8>kaNxaGNW`~WC@bqB<uk`u<13%%e{OJ2Z(74^?a
z!xD~n>)W`}%D!%fQCne+KGDUodoY*e*GxuaUbYBd9^H<y2fNSH9{4(hx<^PMqnCI2
zD`ux9bK(XUJ1yFG7fP*<#?}$sFznp)zOIl(YM`s>KNgTA4OW?n8~4vM62(|HuT5|P
zgQ|&s{{H(zbnt~1av4#T%j>r9h6!KzmP|ClErUcF$ZZ{Z@!<^+o`T=HqI?wi0;=m+
zezQWWH|tOp@xUxr>KJ+bnVhRJgC>ixkLl6mQ~#ThR|Hfny1+3(r|8dZ6C33OH2EEP
zkL}r+MGB!)iX-zqqM5x^sP2(}e(vR!ch`_h<ftRYY-`PXb+0C0)22I-1Y;3lAJfpf
z#g}-Go(d__s7X;1E>_-5V<G{QIQg3My(Y4O)SiC%ug9cca6}kl`4E2ihz1~9w#1;z
zm$VE<!wan@TRN34zau8hr3RF7pqo0z>iw4!QVH7mphTOfPd1w3MYyA^J*~(v8jsI8
z0{uMUBmR(3$Yfn?3BSiZ{TCW?kM>GhCJ$!u(ESHGt_jofAseN%AS=_Xkq93|lF7^d
z22v1!2<NiWHFPe(O_A>%R-kmA=7z(uPL-QJ>@uHhiJt)P*_Jhw3rk*EiKZlhhO<%=
zHR+$VU~gQ$m8LQXPU6bGF-$X>5e1Vmh4$&1k*kxF)-N@WEH=}Vd(ow^C1&#Z(B!E&
z$gvF<^7HPjYj5RSq6vbeau}Je)M*sudLi_nDfW}sJNIwGdfm05q<7{w=y^J<0o&AT
z{xSb_VFCz_gNlT!V9!h|Hx#&Q)297ZVhmviL4R->fG=T4E6K7m+LG{m85G)5T=@C;
zYk5GBC-(^XF*4Vy<jpw+IUy;ve^fFswuxOm1u=IGZnon}IZ|(v?*3{z{i+%W*To%w
zCKHTjS$^QY9Vd`+cqIXM_3gb9_-=r%dQp7H#VDmCX_}|(vg*!|<7W<kiulU|mHe`7
z_zZXNmFqMy$9*|nl7CoQVB=HWp7!r7_`*Q)g`)xnEhKV=siLUP(@4GtubfLB!i$Lt
zQ!2ASHe`xA33JXc!~|i~kQO`YkspkGYUq9d2+ncza-H>U(%<C;3na48Zoy7#<p5n*
zu15o_yt1(eL|m<*J#|b)0sF-5Jsts}A}2vPn5NT#cET@?^cRP%f*12SK~=eo%#0sS
z<6}MZa?*QMx69iWMS4;>*7n|iY~1Y?oh?qJ%l@ql$ggI-120T+>h+DWBlLAiPwv8n
zXQsN3Vdl`GUTmhAD_}a`5N?HZl#Jz9^Vi2}PaO2GzZH@`@X5}fHwQh%2_Ct8E@kMt
z*YbV0=SG1aFK`dXj!XI@>J2Nj(+u<qr2G?0@?{;bNR;v<TV85pX!~g=pWx|>?QFDB
ziXw)%uf(x>)r+l?_o8>KWK-Lsd&ua$1m_+j!OYA*ESVd?4TN!5xW`?~W5mV3!l7Hn
z2lV+^v_%t&aWsct56(h05}@6}!Raqk_tV(2cGxW-YfoFaUW-tUYc}Tzv(bMxcg0(b
z&FK>qp+Sq!u{;D1fz&^X3WMIyt~btf21x|G4}ZW(?<JYbawnOLf{<UDWs2*|avLa|
zrA)0kTDHAD5nsE>DO!Pl`Po1P<31F>(9bmF@J;e|sN8xjQ0s-kqHW8_^Q~xQyZb~Z
zwXYpt3I9$2R>jd+b@1fa9!ChUGj>R=%riQ7Dhcj)G==-z;!*!)??v_7)ynW1RPv#f
zuG@#4CLekesyaFW6}kK{_Y3N35hyIv4^*S)<+JXwe{c?t5-WgEz%4wiQ$FU66I65C
zB+{9+4|esvQr#L|CSE4CO^3ezXt;05mIa3d+W{et8|sKn9vRRfJWjQ^Fpyq6RDyKW
z-@O#`I_h&Nxdjb=tnT#&qJ(78NH;t;8=F77QNpTf==t!~1Xg7A_bc~I%4G_{I!lV}
z29;r#&IR31OAEmgiI(GLhF)g5-fC5aQ14+rCV_xBxcSLQTvH7)sP#`P4RsBqpxQt;
zM$R*pOG78@0=VRs7_0#xA#a8{m`H<zGpuSAikpgoE|HKLTbyGACjdwcJ?F%B(M=;p
zmi0WM1wW_JR%YjVCg#>!=*UMCdL(DX@~bh$TCdSZW^syR?<9}+f`1DnJ#e?86P?lO
zRCRNz70EHVhmAopSna$@z}_JUq0e0_S6~y{XD)kQEGoZo*b;QdTh~4@&_4cneoI^d
z&;(HWh@rU+*XaMsW!DO~X<NhvP?i@a(UT*SReA#3=F+%=fKn7kpc$=VZy6JG>9IJ>
z;Q~{ZLL9k3^#9ON!Sh&US)E(1nj2N)JHD^5eK2gf3mbkE9C~N8WPlgih^M1msDU-T
z9aiznKbx`p5L~;OH@UUwbXi9nLsd`7mujS2D=@YbPmq+wvQ*fNd`V(}CdWHf7XT1j
zDY&SHs5D_oOBR$hC~)WXGb>d5+U7uy)5iH<<z01H)8E?$NdYNoq!CAl0!oLHN+XPJ
zL_nI+AfQM$0)o=rAmWz+(k&?#2uO!C((rx;>fA1V-}m?T`<_2`?b^=$Jm);8o^9ve
z-3acc=cl3gW<>r}cy}N$H1JYXShBCHKB`~FGU!7U@m+GdYcDHj7%YZIFDnUN_sv<%
zo74DSYFv|dr$r)aA@Z4PkTUQ^-&XVeE&CQPMeS@HB?tSlMA{#63gInt=?^<|E8~+g
z)P6R2ZD>JP=5<_eQIt%DhwpuOwL|1BS`;$s%QF3;Qm@s)Obv2;*T;mu8)W%P`>L;Q
zN2XSF@?~kE_3BC~cFw%g9u)$5XAAc)Mlv#QG(TQY*#7>tO_s>~F^SXLcbiEUXo-v;
z*zKdu=M6yhe9RwioZRb&EUYFfK^cb>Tb~}M)#QOoCPg=FmUO()UJfo|*LY`&eRAu6
zW)u0GN?EAC>P1kk0ZMIhePXZsd-dh`0<N)Fm=E7R5G2|y@J_wjblA)^rTI9G>n7io
zWjsG@x7eYW_B}RL<#l>e%}(8q@>&ac<hW(3D%mW4Y(YCerAeFW4@upJwKMOSNEe}a
ze5L}^GK%Athu9l$-Sy)T7Uv9BbN5o%icVw5TcNX4lSFL-P2vx;%;RW*Y$jy|njQtj
zn2l!tD5X_X<H6y3wMt(WcsC~YNS$phCbs9e{m39lmRHxx3>7CshJn({Xe*B_hQR8(
z6SW3^iGuaca(@qbLrS=4Mf0|9n)_~lqQ$XO1SU6lb5S~ZaYFThu7?9#l>1{2rhz4I
zJgqqe)1ZH}TUohhdC2HeOmYW;gX;yqU9!ERE-Ngzwray^p1R`|)S0XOiZts=Mf}}n
zM@f^g{0ccsrTkt<QYOf`K{qAjD>^4uZD>P?eQEjiwu<6ix>-`)t(o9{Y2i<+N?Vqk
zR>SQqo&A{Jk8pKjdS*gR=UBO$=B*%lB`YcUm^EI-I7IyYy+oq2-V3cWHHYteGHCnA
zyv?`QL(qp8hd?4Y9}m0fFIrnjiyw{Za0*VESkX?K%{AK^#)(CST4^$*I)VNvdszfE
z-06K2r1eBSfH52L?NzX1P{~_ug2$hGxrlHZ#+Px%)2TYUo~y-bH)Vn7Xrz>VD;87K
zhwwBxY?@<H2Fm%5mse)p^`+Csi5>CsA7pRJ=vMjTJZl*QU*hGa6jxskd=_D@d+YwK
zZ1uTkk8WokYK>5!3-NDb#|Ya>S3I%OPX3(V6Hp{AXwg7pm<AqEe>u;H`!FX8Qg7|4
z(b47Vo4BN@Qj4dCegGM!6ro}NrqAiVo<@*!hd?W?^<Y<?j3o%|L?pX>pWnKVb11$>
zuf8Z!owqb}<B+M^07`Sk=hODAJ?ms*58W55^o-osiDRsUw}w*NRG{^r3iO%=Ak@`W
zLr}Z;iLB3nBoMTSq{56*+kL&zceK|fsLXr(`Wxv+Q+cDOKCFCXiI2LMr`@X59{Gv{
zR8OU#=e#`*Q+(G?ZfZm!NDTZAX+O>$9fu{8;c!*APjlba8ZGMesHC4u-Hlk3n*N@C
z`9wD!Mj=yf7CJE{6=GF+g^`1ODwE1drddW_w%sJkSo9k!<-~8Fe2Ezzd{KcDB=18c
z!dWQU4-TPDuwj#n4c2^W>)cno>PwptusY@>l!m#<Ifd_$Fb-YNiqg+1W`7Wy4ITTZ
zN|sj2ATu0V77+J9F=sY7Kf1t&MhwLLbcx@8)ic?@p>bb)rfD@BvZ{YKC?wxUxSC?I
zc(7$pdwlNFqqZX2<^&}IhZw(n!&ko4mbuKO)VQ40V>ua13ni}=)w!OBvekBzPGipx
z6j4uP*M$kB?5Bdi94Ux6SGJ9C6|4}ra`Xyln@#eN%uV{KatG=&S6!VNq0gsrc_%$0
z*UBnoz9YF_Ew524%H=tf0L8o<S9G``iY`Z>q+M$h8L}Rj-q7%FNMMD?rT+(oA|LNM
z_FOwPxhSJd5Z9Z*1(l;>>B?}B`iLU$hnmKIZ=0<32=Zb(F2gpgsTQ4@d<@4M^OU$d
zYuu`YOa@dO!rpo}KTEc$F_){ZvCFwj7OLTpm;7iF$s0Q8pYHzX!HY|TB_w93h?W#_
z|9LlbVlnc0F^!ge*S%auvJ)=+HtntS7v*ojh8L4Y(MPdlH6t%KDd0^PbxV#f)Bu{!
zEf{0A!Y=*?p82~$T9x)B^cxCOB_6NQ`_@Sp&@Y0oV>Nqv&fY-(5no>k9#o28y4YCI
z)jb*=(B8ZekX<?0kWjNY6S>}F9d7jP(qqHk4i+Ez??2@~PzuU%2XfpF3HBOb&+F1T
zdeg9UMeaUShJE_|jedne+Fdg(?<^L7{t+n)`EY@nBWDiu`1_4GHPP4B2uFe??6WM1
zzZ?6@K~#RC9!E&&<*Qv2U&1BNOG4e3@_D+HCTHw2xuay06`&H{7+pFZQ0j0@?|LL&
z0D7YpcQ34<CQ5VLLZiav%8%9um`!77e8p;`oo$%8MyOC>_WcZ!bcr8|Dx+1yxwu$8
zlQco1#@A(KS%^6pIHfL+qOp~M$pI=JZosQ*3>qpstG$+kmEHS#hnsO`_h+XkX=GUs
zwx-=C%PU$O9+-Cw_?nErd-NicV)AOlQ=*=ZEj{9c(U_SS-(}Y*>`+3c&sLJrQEIIe
zXj>cO&b1nzAYty+{KVF6bp8-EFsXqt&+V3kyYk0Qx$Wz&d1m+^2pC%yhXEoxQj53x
zVo-4z|FWqGi38rZapOdGF~<Px@9UCVRh}88Ym~Dijau}o5C};J(F~~oN$6n%iu4Ix
z7xuO91LN!Dtxn4OJ1biDq!N<%@8l?SG0&f%{O61LfS3S^p`*Et6Vk0OR7OU+BjCMB
zKpg`nNpMz&3s$o@W=sK%m+;9d#yCTdx8PSc#z7mq+w-Y%-hK>8W0%Gbqwc=;_6+c?
zDJ!X4bL6vp@8#6t;p80PmL6xjhLfOq$sdZ}wy)H<xnk^q%Xr-*Kzc1};x?r~?@a4{
zFy=I0oF{c9h)axpK4~g74!kqXqs0)zohrZ_q}Mgv`OG7drc+aYyklz!Ejc>(6BUM)
zb&2G%Qn}6XSK+GS56*O3jnQ+#q>e?P_lZI#7^Mu9R$^F%{&<eb7A|7FtIri=!!Rkc
z@q@{D<5P&g#w-h}7`t=y?dkJkRf*6&@H*5GaW>m{+9N{Tc2m}Q`_=9Js9QDeF9~|d
zW3G7j%${CcKmQUPOg{upT{thM&f>Q`pg=7UzyP2<r}iJZ!)chG^fiWD;Kjq7sGSgw
z8%=%hMi{-|1}1|B*G#;2=DXf%rJfAh|4F9I&aupUaql>5OuVURCGoTRjeZS&P*{Wq
zoh+L8-0BB1lF;zFRMw2g*Z7ueXEH=5ZL&Gmr!N;~+!o*o&Pp9wX2DBfSD@%NOS@7O
z#}_FChP-B4bkVnSKDL$EF)om{qo>=)9NtS(*f<fm6ad-1vqHwxMMv~yOdF)v<kb^b
z(;*NE!h{;Ry-6+@#r?;6yWMvT_dn0KKk^pm1t^;d0}n=zs0U`{6(B&TJb<%`fB#|m
zX?R|1c0X+9A%v3e6Ugl7R1f74n9Ql+yd@*|&|KaQ(20p2$v!^da+zW_iVJldB}z`B
zkuU81DeKxONb&Vye8tT$ZIpt3^TNeA?`b=TGDjImgH@=Q-keFhy7!Ttz-s@+tb5f~
zp45b)6|B~T2juT<2mD9`hDAX-`Bl*u@^A33-dVr;a6+D>`0cG3qtBF<W$fw}t~1wh
zH_ETgbdUa1@a2Mm3$L6?4Si#@7b+2sI$F+hY0A5s%$Z@_o@sc8?s-)*JhGS7>l_!v
z4GhH{7D~Mr1?jtnj&r|!J_%4hnmJ6J^IcW<ed}v^T)4C(e4y;Ls4J1RU=qA}LP<;b
zku<E%Bd@ASZ@D%W%p<KtUf#z%Ouu6U3N<CUKJ6?i{bgK)4Kq~7XK?EU0W;oS*an%T
zkX_KnyBrZT-n^CZ`C?g(eLktn<cLI!0v7yw7!`*B7zAp>0r*S0^=x`ZO2XoQXXnYN
zWRF-v>K#yPg<$%GtsFj&oGG}4>Y_a7_7A2Gmd6s$H^omxbLdVE*?d^d$+aavR?$Cm
z;fW~rUz+hexyVRv7GQ0pR;K#Y;gk24rB3;<s)1flhT2VbZG~V%HH*5a_R&B&y%)Eb
zBeP$2c0JpFnlPPi8_6en-N?;2q!T0;yC9)gt=)T4*(@S_FE`Cs#KAo?>b({O!=yrk
z#ElQ1&iLc)YWg69dJ%z9B#qktwY#S}Pyc_qd#ZW#f2O+$-v~2d`d!L^a^7WNGV4kM
z6b3-^z)-{8-rPwaMk{JfP*k1*xK=xIn{<qJvf;RL*y%YOe&F|IAYxt9@hUQ(&U*9t
zhB=|^fxOGFFIly+sL{@OwYR%YcmAm5Z>4U@sw@2De#-*m=0d#dW{7C7Pk0G9TIJ@|
zFo;SyDYL8ak%K@|@r5k^VJ=OZ#}tolDm$Xy&l<$C-^%$pfRpw0=A2}Q7B7|$FRh`&
z0*!w&kp+Q3>Zmkl0%m9s!~?1%<#>OzxS=~QB$zNP;Q}kD&(1xUt7b1j>1$7KUo9!o
z-7hhRp&m{Ttwl2X%Hy(ZzGpqbUzoGZ5!bL7#tD%nT7Od(m(p!6W%sIhlB!WmhHlXP
zt!E&Ow&6z|{|!g0d}sxKuMeSW^LxB3>vt)bf{B;hGf47O=i3v+q<nXCR*P2d*%Yky
zEpr@5>>ARM+Ra(bi&zR4fTa|wSc_S8E!nHSzFtng!v7;Z$&J@=-n%g1#J_3;D{u|l
zVK;g8SyVW|v>~1WX7ldz@is$0m1_&Ww$L{x+m_en8^}-4kLWreiU${>t5?^xB&_Qo
z#KiP!fzF3`)N@Bf_U02Ls8r*1Zdp?o*Jgzd4TnG3L_u%i-xCLt8Pp3TC?vp$Vxt5p
zeV0HUXW$JK;0`(PSP^sXsGk`){}hMiLuUnco_B}-&U}!aBIidi%$d{GKbX^%^l#42
zngD~sobl=Xok08>4p#fDz@CwY|Bd^7t|G<=IrV^{&zdWJ4jM5LLGC&-UlVRi2cZXl
ztRNdeW<tUZNb3LH6+~X-zXb$X;lIl7&;a?uDWwufYY`)1y+Vcm5ZDzwfyDNA<+Dg!
z15EsZ8Qa^#HV9<&OGA`YWdIEU&;UE?w49+EfLH&ZP3;^{c~Z#m!aeWdV*um}REBLy
zuyO_$1^8BQ_$gBs?*II$igAVq9%22kLI0I6{ac)1+1FWtL4+d^QY_@gB4=YT;8|nM
z5P?9u|A@)_HRs_g6#1NmTbhYPXaaJQf!w73Y-l*@97FKq`@c8T9DR-<_`!&52w7bR
z-nF;9zYP5y9%MK&)ea6{GX4ceAl@P4ktKuScvFTy_&)-|$Y^;ag-bYkg9QP78c1X`
zvUnmK{Q-o4K8+qSda{maGZdKglECCfT!%bVztDfp24pm{NIBg10u2KC+?FG2>cY`(
zObF<|T7Lc-L|jn)=D*Otc~pp74>FSq?sg9m2<KHH_Zyih4L6}@@XI#>ZyFgdqo}j1
z51es0!0v;%e`Nu$oPOSNGIw?cSl3SQ?FYV)Gg+xF%;N(bb~_Xl0+?^0oNWn_zqcPJ
zXLlR(zrg=Z-1OLg`TnhWh!{6y)kC<~Cx}3}2BL~0#_37UfWm;njE#bl7zYFW4|h{%
AMgRZ+

literal 0
HcmV?d00001

diff --git a/README.md b/README.md
index 344f3a2..df53d49 100644
--- a/README.md
+++ b/README.md
@@ -1,3 +1,6 @@
 # open-JSD-7565
 
-JSD-7565 第三方token交换fine_auth_token
\ No newline at end of file
+JSD-7565 第三方token交换fine_auth_token\
+免责说明：该源码为第三方爱好者提供，不保证源码和方案的可靠性，也不提供任何形式的源码教学指导和协助！\
+仅作为开发者学习参考使用！禁止用于任何商业用途！\
+为保护开发者隐私，开发者信息已隐去！若原开发者希望公开自己的信息，可联系hugh处理。
\ No newline at end of file
diff --git a/plugin.xml b/plugin.xml
new file mode 100644
index 0000000..4890a75
--- /dev/null
+++ b/plugin.xml
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<plugin>
+    <id>com.fr.plugin.nfsq.sso</id>
+    <name><![CDATA[获取token]]></name>
+    <active>yes</active>
+    <version>1.19</version>
+    <env-version>10.0</env-version>
+    <jartime>2018-07-31</jartime>
+    <vendor>fr.open</vendor>
+    <description><![CDATA[获取token]]></description>
+    <change-notes><![CDATA[]]></change-notes>
+    <extra-decision>
+        <GlobalRequestFilterProvider class="com.fr.plugin.nfsq.sso.SsoFilter"/>
+        <HttpHandlerProvider class="com.fr.plugin.nfsq.sso.SsoRequestHandlerBridge"/>
+        <URLAliasProvider class="com.fr.plugin.nfsq.sso.SsoRequestURLAliasBridge" />
+    </extra-decision>
+    <function-recorder class="com.fr.plugin.nfsq.sso.SsoRequestHandlerBridge"/>
+</plugin>
\ No newline at end of file
diff --git a/src/main/java/com/fr/plugin/nfsq/sso/DesECBUtil.java b/src/main/java/com/fr/plugin/nfsq/sso/DesECBUtil.java
new file mode 100644
index 0000000..34afd35
--- /dev/null
+++ b/src/main/java/com/fr/plugin/nfsq/sso/DesECBUtil.java
@@ -0,0 +1,64 @@
+package com.fr.plugin.nfsq.sso;
+
+import com.fr.third.org.apache.commons.codec.binary.Base64;
+
+import javax.crypto.Cipher;
+import javax.crypto.spec.SecretKeySpec;
+import java.security.Key;
+
+/**
+ * @author fr.open
+ * @date 2019/1/18
+ */
+public class DesECBUtil {
+    /**
+     * 加密数据
+     *
+     * @param encryptString
+     * @param encryptKey
+     * @return
+     * @throws Exception
+     */
+    public static String encryptDES(String encryptString, String encryptKey) throws Exception {
+        Cipher cipher = Cipher.getInstance("DES/ECB/PKCS5Padding");
+        cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(getKey(encryptKey), "DES"));
+        byte[] encryptedData = cipher.doFinal(encryptString.getBytes("UTF-8"));
+        return Base64.encodeBase64String(encryptedData);
+    }
+
+    /**
+     * key 不足8位补位
+     *
+     * @param
+     */
+    public static byte[] getKey(String keyRule) {
+        Key key = null;
+        byte[] keyByte = keyRule.getBytes();
+        // 创建一个空的八位数组,默认情况下为0 
+        byte[] byteTemp = new byte[8];
+        // 将用户指定的规则转换成八位数组 
+        for (int i = 0; i < byteTemp.length && i < keyByte.length; i++) {
+            byteTemp[i] = keyByte[i];
+        }
+        key = new SecretKeySpec(byteTemp, "DES");
+        return key.getEncoded();
+    }
+
+    /***
+     * 解密数据
+     * @param decryptString
+     * @param decryptKey
+     * @return
+     * @throws Exception
+     */
+
+    public static String decryptDES(String decryptString, String decryptKey) throws Exception {
+        byte[] sourceBytes = Base64.decodeBase64(decryptString);
+        Cipher cipher = Cipher.getInstance("DES/ECB/PKCS5Padding");
+        cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(getKey(decryptKey), "DES"));
+        byte[] decoded = cipher.doFinal(sourceBytes);
+        return new String(decoded, "UTF-8");
+
+    }
+} 
+
diff --git a/src/main/java/com/fr/plugin/nfsq/sso/HttpUtil.java b/src/main/java/com/fr/plugin/nfsq/sso/HttpUtil.java
new file mode 100644
index 0000000..0b3f04f
--- /dev/null
+++ b/src/main/java/com/fr/plugin/nfsq/sso/HttpUtil.java
@@ -0,0 +1,479 @@
+package com.fr.plugin.nfsq.sso;
+
+import com.fr.json.JSONObject;
+import com.fr.log.FineLoggerFactory;
+import com.fr.stable.StringUtils;
+import com.fr.third.org.apache.http.HttpResponse;
+import com.fr.third.org.apache.http.HttpStatus;
+import com.fr.third.org.apache.http.NameValuePair;
+import com.fr.third.org.apache.http.client.HttpClient;
+import com.fr.third.org.apache.http.client.entity.UrlEncodedFormEntity;
+import com.fr.third.org.apache.http.client.methods.HttpPost;
+import com.fr.third.org.apache.http.client.methods.HttpPut;
+import com.fr.third.org.apache.http.config.Registry;
+import com.fr.third.org.apache.http.config.RegistryBuilder;
+import com.fr.third.org.apache.http.conn.socket.ConnectionSocketFactory;
+import com.fr.third.org.apache.http.conn.socket.LayeredConnectionSocketFactory;
+import com.fr.third.org.apache.http.conn.socket.PlainConnectionSocketFactory;
+import com.fr.third.org.apache.http.conn.ssl.SSLConnectionSocketFactory;
+import com.fr.third.org.apache.http.conn.ssl.SSLContexts;
+import com.fr.third.org.apache.http.conn.ssl.TrustStrategy;
+import com.fr.third.org.apache.http.entity.StringEntity;
+import com.fr.third.org.apache.http.impl.client.CloseableHttpClient;
+import com.fr.third.org.apache.http.impl.client.HttpClientBuilder;
+import com.fr.third.org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
+import com.fr.third.org.apache.http.message.BasicNameValuePair;
+import com.fr.third.org.apache.http.util.EntityUtils;
+
+import javax.net.ssl.*;
+import java.io.*;
+import java.net.HttpURLConnection;
+import java.net.URL;
+import java.net.URLEncoder;
+import java.security.KeyManagementException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.CertificateException;
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.stream.Collectors;
+
+/**
+ * @author fr.open
+ * @date 2019/4/2
+ */
+public class HttpUtil {
+
+    private static HostnameVerifier hv = new HostnameVerifier() {
+        @Override
+        public boolean verify(String urlHostName, SSLSession session) {
+            System.out.println("Warning: URL Host: " + urlHostName + " vs. "
+                    + session.getPeerHost());
+            return true;
+        }
+    };
+
+    /**
+     * 发送get请求
+     *
+     * @param url
+     * @param param
+     * @param header
+     * @return
+     * @throws IOException
+     */
+    public static String sendGet(String url, Map<String, Object> param, Map<String, Object> header, String charset) {
+        String result = "";
+        BufferedReader in = null;
+        String urlNameString = url;
+        try {
+            if (param != null && !param.isEmpty()) {
+                urlNameString += "?";
+                urlNameString += param.entrySet()
+                        .stream()
+                        .map(entry -> entry.getKey() + "=" + entry.getValue().toString())
+                        .collect(Collectors.joining("&"));
+            }
+
+            URL realUrl = new URL(urlNameString);
+            // 打开和URL之间的连接
+            HttpURLConnection connection;
+            if (url.startsWith("https")) {
+                trustAllHttpsCertificates();
+                HttpsURLConnection.setDefaultHostnameVerifier(hv);
+                connection = (HttpURLConnection) realUrl.openConnection();
+            } else {
+                connection = (HttpURLConnection) realUrl.openConnection();
+            }
+            //设置超时时间
+            connection.setDoInput(true);
+            connection.setRequestMethod("GET");
+            connection.setConnectTimeout(5000);
+            connection.setReadTimeout(15000);
+            // 设置通用的请求属性
+            if (header != null) {
+                Iterator<Map.Entry<String, Object>> it = header.entrySet().iterator();
+                while (it.hasNext()) {
+                    Map.Entry<String, Object> entry = it.next();
+                    System.out.println(entry.getKey() + ":::" + entry.getValue());
+                    connection.setRequestProperty(entry.getKey(), entry.getValue().toString());
+                }
+            }
+            connection.setRequestProperty("accept", "*/*");
+            connection.setRequestProperty("connection", "Keep-Alive");
+            connection.setRequestProperty("user-agent", "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;SV1)");
+            // 建立实际的连接
+            connection.connect();
+            if(connection.getResponseCode() == 200){
+                // 定义 BufferedReader输入流来读取URL的响应，设置utf8防止中文乱码
+                in = new BufferedReader(new InputStreamReader(connection.getInputStream(), charset == null ? "utf-8" : charset));
+                String line;
+                while ((line = in.readLine()) != null) {
+                    result += line;
+                }
+                if (in != null) {
+                    in.close();
+                }
+            }else {
+                in = new BufferedReader(new InputStreamReader(connection.getErrorStream(), charset == null ? "utf-8" : charset));
+                String line;
+                while ((line = in.readLine()) != null) {
+                    result += line;
+                }
+                if (in != null) {
+                    in.close();
+                }
+                FineLoggerFactory.getLogger().error("Http post form code is {},message is {}",connection.getResponseCode(),result);
+                return StringUtils.EMPTY;
+            }
+
+        } catch (Exception e) {
+            FineLoggerFactory.getLogger().error(e, "get url error ,url is:{},error is {}", urlNameString, e.getMessage());
+        }
+        return result;
+    }
+
+    public static String sendPost(String url, Map<String, Object> header, JSONObject body) {
+        PrintWriter out = null;
+        BufferedReader in = null;
+        String result = null;
+        String res = null;
+        try {
+            String urlNameString = url;
+
+            URL realUrl = new URL(urlNameString);
+            // 打开和URL之间的连接
+            HttpURLConnection conn;
+            if (url.startsWith("https")) {
+                trustAllHttpsCertificates();
+                HttpsURLConnection.setDefaultHostnameVerifier(hv);
+                conn = (HttpURLConnection) realUrl.openConnection();
+            } else {
+                conn = (HttpURLConnection) realUrl.openConnection();
+            }
+            // 设置通用的请求属性
+            conn.setRequestProperty("accept", "*/*");
+            conn.setRequestProperty("connection", "Keep-Alive");
+//            conn.setRequestProperty("user-agent",
+//                    "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;SV1)");
+            conn.setRequestProperty("Content-Type", "application/json;charset=UTF-8");
+            if (header != null) {
+                header.forEach((k, v) -> {
+                    conn.setRequestProperty(k, String.valueOf(v));
+                });
+            }
+            // 发送POST请求必须设置如下两行
+            conn.setDoOutput(true);
+            conn.setDoInput(true);
+            //获取请求头
+
+            // 获取URLConnection对象对应的输出流
+            out = new PrintWriter(conn.getOutputStream());
+            // 发送请求参数
+            if (body != null) {
+                FineLoggerFactory.getLogger().error("content data: {}", body.toString());
+                FineLoggerFactory.getLogger().error("content cover data: {}", new String(body.toString().getBytes("UTF-8"), "UTF-8"));
+                out.print(new String(body.toString().getBytes("UTF-8"), "UTF-8"));
+            }
+            // flush输出流的缓冲
+            out.flush();
+            // 定义BufferedReader输入流来读取URL的响应
+            in = new BufferedReader(
+                    new InputStreamReader(conn.getInputStream()));
+            String line;
+            while ((line = in.readLine()) != null) {
+                result += line;
+            }
+            res = result;
+            if (res.startsWith("null")) {
+                res = res.replace("null", "");
+            }
+        } catch (Exception e) {
+            FineLoggerFactory.getLogger().error(e.getMessage(), e);
+        }
+        //使用finally块来关闭输出流、输入流
+        finally {
+            try {
+                if (out != null) {
+                    out.close();
+                }
+                if (in != null) {
+                    in.close();
+                }
+            } catch (IOException e) {
+                FineLoggerFactory.getLogger().error(e.getMessage(), e);
+            }
+        }
+        return res;
+    }
+
+
+    public static String doJSONPost(String url, Map<String, Object> header, JSONObject json, Map<String, Object> param, String chartset) {
+        HttpClient client = getHttpsClient();
+        /*if (url.startsWith("https")) {
+            SSLContext sslcontext = createIgnoreVerifySSL();
+            Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create()
+                    .register("http", PlainConnectionSocketFactory.INSTANCE)
+                    .register("https", new SSLConnectionSocketFactory(sslcontext))
+                    .build();
+            PoolingHttpClientConnectionManager connManager = new PoolingHttpClientConnectionManager(socketFactoryRegistry);
+            HttpClients.custom().setConnectionManager(connManager);
+            client = HttpClients.custom().setConnectionManager(connManager).build();
+        }*/
+        if (param != null && !param.isEmpty()) {
+            url += "?";
+            url += param.entrySet()
+                    .stream()
+                    .map(entry -> entry.getKey() + "=" + entry.getValue())
+                    .collect(Collectors.joining("&"));
+        }
+        HttpPost post = new HttpPost(url);
+        post.setHeader("accept", "*/*");
+        post.setHeader("connection", "Keep-Alive");
+        post.setHeader("Content-Type", "application/json");
+        if (header != null) {
+            header.forEach((k, v) -> {
+                post.setHeader(k, v.toString());
+            });
+        }
+        try {
+            StringEntity s = new StringEntity(json.toString(), chartset == null ? "UTF-8" : chartset);
+            s.setContentEncoding("UTF-8");
+            s.setContentType("application/json; charset=UTF-8");//发送json数据需要设置contentType
+            post.setEntity(s);
+            HttpResponse res = client.execute(post);
+            if (res.getStatusLine().getStatusCode() == HttpStatus.SC_OK) {
+                String result = EntityUtils.toString(res.getEntity());// 返回json格式：
+                return result;
+            } else {
+                FineLoggerFactory.getLogger().error("Http post form code is {},message is {}", res.getStatusLine().getStatusCode(), EntityUtils.toString(res.getEntity()));
+            }
+        } catch (Exception e) {
+            FineLoggerFactory.getLogger().error(e.getMessage(), e);
+        }
+        return null;
+    }
+
+    public static String doJSONPut(String url, Map<String, Object> header, JSONObject json, Map<String, Object> param, String chartset) {
+        HttpClient client = getHttpsClient();
+        /*if (url.startsWith("https")) {
+            SSLContext sslcontext = createIgnoreVerifySSL();
+            Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create()
+                    .register("http", PlainConnectionSocketFactory.INSTANCE)
+                    .register("https", new SSLConnectionSocketFactory(sslcontext))
+                    .build();
+            PoolingHttpClientConnectionManager connManager = new PoolingHttpClientConnectionManager(socketFactoryRegistry);
+            HttpClients.custom().setConnectionManager(connManager);
+            client = HttpClients.custom().setConnectionManager(connManager).build();
+        }*/
+        if (param != null && !param.isEmpty()) {
+            url += "?";
+            url += param.entrySet()
+                    .stream()
+                    .map(entry -> entry.getKey() + "=" + entry.getValue())
+                    .collect(Collectors.joining("&"));
+        }
+        HttpPut post = new HttpPut(url);
+        post.setHeader("accept", "*/*");
+        post.setHeader("connection", "Keep-Alive");
+        post.setHeader("Content-Type", "application/json");
+        if (header != null) {
+            header.forEach((k, v) -> {
+                post.setHeader(k, v.toString());
+            });
+        }
+        try {
+            StringEntity s = new StringEntity(json.toString(), chartset == null ? "UTF-8" : chartset);
+            s.setContentEncoding("UTF-8");
+            s.setContentType("application/json; charset=UTF-8");//发送json数据需要设置contentType
+            post.setEntity(s);
+            HttpResponse res = client.execute(post);
+            if (res.getStatusLine().getStatusCode() == HttpStatus.SC_OK) {
+                String result = EntityUtils.toString(res.getEntity());// 返回json格式：
+                return result;
+            } else {
+                FineLoggerFactory.getLogger().error("Http post form code is {},message is {}", res.getStatusLine().getStatusCode(), EntityUtils.toString(res.getEntity()));
+            }
+        } catch (Exception e) {
+            FineLoggerFactory.getLogger().error(e.getMessage(), e);
+        }
+        return null;
+    }
+
+
+    public static String doFormPost(String url,Map<String, Object> header, Map<String, Object> map, String chartset) {
+        //声明返回结果
+        String result = "";
+        UrlEncodedFormEntity entity = null;
+        HttpResponse httpResponse = null;
+        HttpClient httpClient = null;
+        try {
+            // 创建连接
+            httpClient = getHttpsClient();
+            ;
+            /*if (url.startsWith("https")) {
+                SSLContext sslcontext = createIgnoreVerifySSL();
+                Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create()
+                        .register("http", PlainConnectionSocketFactory.INSTANCE)
+                        .register("https", new SSLConnectionSocketFactory(sslcontext))
+                        .build();
+                PoolingHttpClientConnectionManager connManager = new PoolingHttpClientConnectionManager(socketFactoryRegistry);
+                HttpClients.custom().setConnectionManager(connManager);
+                httpClient = HttpClients.custom().setConnectionManager(connManager).build();
+            }*/
+            // 设置请求头和报文
+            HttpPost httpPost = new HttpPost(url);
+            if (header != null) {
+                header.forEach((k, v) -> {
+                    httpPost.setHeader(k, v.toString());
+                });
+            }
+            //设置参数
+            List<NameValuePair> list = new ArrayList<NameValuePair>();
+            Iterator iterator = map.entrySet().iterator();
+            while (iterator.hasNext()) {
+                Map.Entry<String, String> elem = (Map.Entry<String, String>) iterator.next();
+                list.add(new BasicNameValuePair(elem.getKey(), elem.getValue()));
+            }
+            entity = new UrlEncodedFormEntity(list, chartset == null ? "UTF-8" : chartset);
+            httpPost.setEntity(entity);
+            //执行发送，获取相应结果
+            httpResponse = httpClient.execute(httpPost);
+            if (httpResponse.getStatusLine().getStatusCode() == HttpStatus.SC_OK) {
+                result = EntityUtils.toString(httpResponse.getEntity());
+            } else {
+                FineLoggerFactory.getLogger().error("Http post form code is {},message is {}", httpResponse.getStatusLine().getStatusCode(), EntityUtils.toString(httpResponse.getEntity()));
+            }
+        } catch (Exception e) {
+            FineLoggerFactory.getLogger().error(e.getMessage(), e);
+        }
+        return result;
+
+    }
+
+    private static void trustAllHttpsCertificates() throws Exception {
+        TrustManager[] trustAllCerts = new TrustManager[1];
+        TrustManager tm = new miTM();
+        trustAllCerts[0] = tm;
+        SSLContext sc = SSLContext.getInstance("SSL", "SunJSSE");
+        sc.init(null, trustAllCerts, null);
+        HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
+    }
+
+
+    /**
+     * encode url by UTF-8
+     *
+     * @param url url before encoding
+     * @return url after encoding
+     */
+    public static String encodeUrl(String url) {
+        String eurl = url;
+        try {
+            eurl = URLEncoder.encode(url, "UTF-8");
+        } catch (UnsupportedEncodingException e) {
+        }
+        return eurl;
+    }
+
+    private static class miTM implements TrustManager,
+            X509TrustManager {
+        @Override
+        public java.security.cert.X509Certificate[] getAcceptedIssuers() {
+            return null;
+        }
+
+        public boolean isServerTrusted(
+                java.security.cert.X509Certificate[] certs) {
+            return true;
+        }
+
+        public boolean isClientTrusted(
+                java.security.cert.X509Certificate[] certs) {
+            return true;
+        }
+
+        @Override
+        public void checkServerTrusted(
+                java.security.cert.X509Certificate[] certs, String authType)
+                throws CertificateException {
+            return;
+        }
+
+        @Override
+        public void checkClientTrusted(
+                java.security.cert.X509Certificate[] certs, String authType)
+                throws CertificateException {
+            return;
+        }
+    }
+
+    public static SSLContext createIgnoreVerifySSL() {
+        try {
+            SSLContext sc = SSLContext.getInstance("TLSv1.2");
+
+            // 实现一个X509TrustManager接口，用于绕过验证，不用修改里面的方法
+            X509TrustManager trustManager = new X509TrustManager() {
+                @Override
+                public void checkClientTrusted(
+                        java.security.cert.X509Certificate[] paramArrayOfX509Certificate,
+                        String paramString) throws CertificateException {
+                }
+
+                @Override
+                public void checkServerTrusted(
+                        java.security.cert.X509Certificate[] paramArrayOfX509Certificate,
+                        String paramString) throws CertificateException {
+                }
+
+                @Override
+                public java.security.cert.X509Certificate[] getAcceptedIssuers() {
+                    return null;
+                }
+            };
+
+            sc.init(null, new TrustManager[]{trustManager}, null);
+            return sc;
+        } catch (Exception e) {
+            FineLoggerFactory.getLogger().error(e.getMessage(), e);
+        }
+        return null;
+    }
+
+    private static CloseableHttpClient getHttpsClient() {
+        RegistryBuilder<ConnectionSocketFactory> registryBuilder = RegistryBuilder.<ConnectionSocketFactory>create();
+        ConnectionSocketFactory plainSF = new PlainConnectionSocketFactory();
+        registryBuilder.register("http", plainSF);
+        // 指定信任密钥存储对象和连接套接字工厂
+        try {
+            KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
+            // 信任任何链接
+            TrustStrategy anyTrustStrategy = new TrustStrategy() {
+
+                @Override
+                public boolean isTrusted(java.security.cert.X509Certificate[] arg0, String arg1) throws CertificateException {
+                    // TODO Auto-generated method stub
+                    return true;
+                }
+            };
+            SSLContext sslContext = SSLContexts.custom().useTLS().loadTrustMaterial(trustStore, anyTrustStrategy).build();
+            LayeredConnectionSocketFactory sslSF = new SSLConnectionSocketFactory(sslContext, SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
+            registryBuilder.register("https", sslSF);
+        } catch (KeyStoreException e) {
+            throw new RuntimeException(e);
+        } catch (KeyManagementException e) {
+            throw new RuntimeException(e);
+        } catch (NoSuchAlgorithmException e) {
+            throw new RuntimeException(e);
+        }
+        Registry<ConnectionSocketFactory> registry = registryBuilder.build();
+        // 设置连接管理器
+        PoolingHttpClientConnectionManager connManager = new PoolingHttpClientConnectionManager(registry);
+        // 构建客户端
+        return HttpClientBuilder.create().setConnectionManager(connManager).build();
+
+    }
+}
diff --git a/src/main/java/com/fr/plugin/nfsq/sso/Params.java b/src/main/java/com/fr/plugin/nfsq/sso/Params.java
new file mode 100644
index 0000000..d38cf13
--- /dev/null
+++ b/src/main/java/com/fr/plugin/nfsq/sso/Params.java
@@ -0,0 +1,40 @@
+package com.fr.plugin.nfsq.sso;
+
+/**
+ * @Author fr.open
+ * @Date 2021/5/10
+ * @Description
+ **/
+public class Params {
+
+    private String username;
+
+    private String accessToken;
+
+    private String refreshToken;
+
+    public String getUsername() {
+        return username;
+    }
+
+    public void setUsername(String username) {
+        this.username = username;
+    }
+
+    public String getAccessToken() {
+        return accessToken;
+    }
+
+    public void setAccessToken(String accessToken) {
+        this.accessToken = accessToken;
+    }
+
+    public String getRefreshToken() {
+        return refreshToken;
+    }
+
+    public void setRefreshToken(String refreshToken) {
+        this.refreshToken = refreshToken;
+    }
+
+}
diff --git a/src/main/java/com/fr/plugin/nfsq/sso/SsoFilter.java b/src/main/java/com/fr/plugin/nfsq/sso/SsoFilter.java
new file mode 100644
index 0000000..554d33e
--- /dev/null
+++ b/src/main/java/com/fr/plugin/nfsq/sso/SsoFilter.java
@@ -0,0 +1,537 @@
+package com.fr.plugin.nfsq.sso;
+
+import com.fr.base.TemplateUtils;
+import com.fr.data.NetworkHelper;
+import com.fr.decision.authority.data.User;
+import com.fr.decision.fun.impl.AbstractGlobalRequestFilterProvider;
+import com.fr.decision.mobile.terminal.TerminalHandler;
+import com.fr.decision.webservice.bean.authentication.LoginRequestInfoBean;
+import com.fr.decision.webservice.exception.user.UserNotExistException;
+import com.fr.decision.webservice.utils.DecisionServiceConstants;
+import com.fr.decision.webservice.utils.DecisionStatusService;
+import com.fr.decision.webservice.v10.login.LoginService;
+import com.fr.decision.webservice.v10.login.TokenResource;
+import com.fr.decision.webservice.v10.user.UserService;
+import com.fr.general.http.HttpRequest;
+import com.fr.general.http.HttpToolbox;
+import com.fr.io.utils.ResourceIOUtils;
+import com.fr.json.JSONObject;
+import com.fr.log.FineLoggerFactory;
+import com.fr.plugin.transform.FunctionRecorder;
+import com.fr.stable.StringUtils;
+import com.fr.stable.web.Device;
+import com.fr.web.utils.WebUtils;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.UnsupportedEncodingException;
+import java.net.URLEncoder;
+import java.time.Instant;
+import java.util.*;
+import java.util.regex.Pattern;
+import java.util.stream.Collectors;
+import java.util.stream.Stream;
+
+/**
+ * @Author fr.open
+ * @Date 2020/9/10
+ * @Description
+ **/
+@FunctionRecorder
+public class SsoFilter extends AbstractGlobalRequestFilterProvider {
+
+    private final String CODE_KEY = "90bb6046";
+
+    @Override
+    public String filterName() {
+        return "nongfu";
+    }
+
+    @Override
+    public String[] urlPatterns() {
+        return new String[]{"/*"};
+    }
+
+    private static final String[] NOT_FILTER = {
+            "/decision/file",
+            "/decision/resources",
+            "/system",
+            "/materials.min.js.map",
+            "/remote",
+            "/login",
+            "/login/config",
+            "/getFineToken"
+    };
+
+    private String apiAuthorize;
+
+    private String apiAuthorizeResponseType;
+
+    private String apiClientId;
+
+    private String apiGetUser;
+
+    private String apiRefreshToken;
+
+    private String state;
+
+    public SsoFilter() {
+        InputStream in = ResourceIOUtils.read("/resources/xplatform.properties");
+        Properties properties = new Properties();
+        try {
+            properties.load(in);
+        } catch (IOException e) {
+            FineLoggerFactory.getLogger().error(e.getMessage(),e);
+        }
+        this.apiAuthorize = properties.getProperty("api.authorize");
+        this.apiClientId = properties.getProperty("api.authorize.client_id");
+        this.apiAuthorizeResponseType = properties.getProperty("api.authorize.response_type");
+        this.apiGetUser = properties.getProperty("api.get-user");
+        this.apiRefreshToken = properties.getProperty("api.refresh-token");
+        this.state = properties.getProperty("api.authorize.state");
+    }
+
+
+    @Override
+    public void doFilter(HttpServletRequest req, HttpServletResponse res, FilterChain filterChain) {
+        String thisUrl = req.getRequestURL().toString();
+        FineLoggerFactory.getLogger().info("This request [{}] login status is [{}]", thisUrl, isLogin(req));
+        if (req.getRequestURI().endsWith("auth")) {
+            executeGetAuth(req, res);
+            return;
+        }
+        String code = req.getParameter("sign");
+        if (StringUtils.isNotBlank(code)) {
+            loginFromCode(code, req, res);
+            filter(req, res, filterChain);
+            return;
+        }
+        if (Stream.of(NOT_FILTER).anyMatch(thisUrl::contains) || isLogin(req) || isMobileDevice(req)) {
+            filter(req, res, filterChain);
+            return;
+        }
+        String prefix = null;
+        try {
+            prefix = TemplateUtils.render("${fineServletURL}");
+            if (req.getRequestURI().endsWith(prefix + "/login")) {
+                if (handlerWeChat(req, res)) {
+                    return;
+                }
+                filter(req, res, filterChain);
+                return;
+            }
+
+        }catch (IllegalAccessException e){
+            redirectAuth(req, res);
+            return;
+        }catch (Exception e) {
+            FineLoggerFactory.getLogger().error(e.getMessage(), e);
+        }
+        Params params = null;
+        try {
+            params = getUsername(req);
+        } catch (IllegalAccessException e) {
+            redirectAuth(req, res);
+            return;
+        }
+        FineLoggerFactory.getLogger().info("Getted username is [{}]", params.getUsername());
+        if (StringUtils.isNotBlank(params.getUsername())) {
+            Cookie at = new Cookie("access_token", params.getAccessToken());
+            at.setDomain("xxxx");
+            at.setMaxAge(7200);
+            Cookie rt = new Cookie("refresh_token", params.getRefreshToken());
+            rt.setDomain("xxxx");
+            rt.setMaxAge(7200);
+            res.addCookie(at);
+            res.addCookie(rt);
+            loginFromToken(req, res, params.getUsername());
+            try {
+                res.sendRedirect(getRedirectUriWithCachedParams(req));
+            } catch (IOException e) {
+                FineLoggerFactory.getLogger().error(e.getMessage(), e);
+            }
+            return;
+        }
+        redirectAuth(req, res);
+    }
+
+    private void redirectAuth(HttpServletRequest req, HttpServletResponse res) {
+        try {
+            res.sendRedirect(getAuthorizeUrl(req,res));
+        } catch (IOException e) {
+            FineLoggerFactory.getLogger().error(e.getMessage(),e);
+        }
+    }
+
+    private boolean handlerWeChat(HttpServletRequest request, HttpServletResponse res) throws IOException, IllegalAccessException {
+        // 有帆软的登录信息
+        if (isLogin(request)) {
+            FineLoggerFactory.getLogger().info("/decision请求特殊处理 >>> 已登录");
+            String token = getAccessToken(request);
+            FineLoggerFactory.getLogger().info("/decision请求特殊处理 >>> token value is [{}]", token);
+            // 没有获取到access_token
+            if (StringUtils.isBlank(token)) {
+                FineLoggerFactory.getLogger().info("/decision请求特殊处理 >>> token value is empty, 不做处理");
+                return false;
+            }
+            // 获取到了access_token, 比对帆软已登录的用户名和access_token对应的用户名
+            String username = getUsername(request, token).getUsername();
+            FineLoggerFactory.getLogger().info("/decision请求特殊处理 >>> token 对应的用户名[{}]", username);
+            String username1 = LoginService.getInstance().getUserNameFromRequestCookie(request);
+            FineLoggerFactory.getLogger().info("/decision请求特殊处理 >>> 已登录的用户名[{}]", username1);
+            if (Objects.equals(username1, username)) {
+                FineLoggerFactory.getLogger().info("/decision请求特殊处理 >>> 两个用户名相同, 不做处理");
+                return false;
+            }
+            // 不一样的话使用access_token对应的用户名重新登录
+            FineLoggerFactory.getLogger().info("/decision请求特殊处理 >>> 两个用户名不相同, 使用[{}]重新登录", username);
+            loginFromToken(request, res, username);
+            return false;
+        }
+
+        // 没有登录信息
+        FineLoggerFactory.getLogger().info("/decision请求特殊处理 >>> 未登录");
+        String token = getAccessToken(request);
+        FineLoggerFactory.getLogger().info("/decision请求特殊处理 >>> token value is [{}]", token);
+        if (StringUtils.isNotBlank(token)) {
+            FineLoggerFactory.getLogger().info("/decision请求特殊处理 >>> token value is not empty, 处理自动登录逻辑");
+            Params params = getUsername(request, token);
+            FineLoggerFactory.getLogger().info("/decision请求特殊处理 >>> 获取到的用户名[{}]", params.getUsername());
+            if (StringUtils.isNotBlank(params.getUsername()) && exist(params.getUsername())) {
+                Cookie at = new Cookie("access_token", params.getAccessToken());
+                at.setDomain("yst.com.cn");
+                Cookie rt = new Cookie("refresh_token", params.getRefreshToken());
+                rt.setDomain("yst.com.cn");
+                loginFromToken(request, res, params.getUsername());
+                res.sendRedirect(getRedirectUriWithCachedParams(request));
+                return true;
+            }
+        }
+        FineLoggerFactory.getLogger().info("/decision请求特殊处理 >>> token value is empty, 跳转到sso登录页");
+        res.sendRedirect(getAuthorizeUrl(request, res));
+        return true;
+    }
+
+    private String getAuthorizeUrl(HttpServletRequest request, HttpServletResponse res) throws UnsupportedEncodingException {
+        String urlPattern = "%s?response_type=%s&client_id=%s&redirect_uri=%s&_=%s&state=%s";
+        String state = cacheParams(request);
+        res.addCookie(new Cookie("FINE_REDIRECT_PARAM",state));
+        if (StringUtils.isNotBlank(state)) {
+            urlPattern += "&target=" + state;
+        }
+        String url = String.format(urlPattern,
+                apiAuthorize,
+                apiAuthorizeResponseType,
+                apiClientId,
+                URLEncoder.encode(request.getRequestURL().toString(), "utf-8"),
+                Instant.now().toEpochMilli(),
+                this.state
+        );
+        FineLoggerFactory.getLogger().info("授权登录页面[{}]", url);
+        return url;
+    }
+
+    private String cacheParams(HttpServletRequest request) {
+        Enumeration<String> names = request.getParameterNames();
+        Map<String, String> value = new HashMap<>();
+        while (names.hasMoreElements()) {
+            String name = names.nextElement();
+            value.put(name, request.getParameter(name));
+        }
+        if (value.isEmpty()) {
+            return StringUtils.EMPTY;
+        }
+        String key = UUID.randomUUID().toString();
+        try {
+            DecisionStatusService.originUrlStatusService().put(key, value);
+        } catch (Exception e) {
+            FineLoggerFactory.getLogger().error(e.getMessage(), e);
+        }
+        return key;
+    }
+
+    /**
+     * 登录成功后将缓存中存储的url参数拼接入对应地址
+     *
+     * @param request
+     * @return
+     */
+
+
+    private String getRedirectUriWithCachedParams(HttpServletRequest request) {
+        String redirectUri = request.getRequestURL().toString();
+        String key = request.getParameter("target");
+        if(StringUtils.isBlank(key)){
+            key = getCookieValue(request, "FINE_REDIRECT_PARAM");
+        }
+        if(StringUtils.isBlank(key)){
+            return redirectUri;
+        }
+        Map<String, String> value = new HashMap<>();
+        try {
+            value = DecisionStatusService.originUrlStatusService().get(key);
+            if (com.fr.stable.StringUtils.isNotBlank(key) && !value.isEmpty()) {
+                DecisionStatusService.originUrlStatusService().delete(key);
+                Map<String, String> finalValue = value;
+                redirectUri += "?" + value.keySet().stream().map(k -> String.format("%s=%s", k, finalValue.get(k))).collect(Collectors.joining("&"));
+            }
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+        return redirectUri;
+    }
+
+
+    private boolean exist(String username) {
+        User user = null;
+        try {
+            user = UserService.getInstance().getUserByUserName(username);
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+        return user != null;
+    }
+
+    private Params getUsername(HttpServletRequest request) throws IllegalAccessException {
+        String token = getAccessToken(request);
+        if(StringUtils.isBlank(token)){
+            FineLoggerFactory.getLogger().info("token is null");
+            return new Params();
+        }
+        return getUsername(request, token);
+    }
+
+    private Params getUsername(HttpServletRequest request, String accessToken) throws IllegalAccessException {
+        String url = apiGetUser + "?access_token=" + accessToken;
+        FineLoggerFactory.getLogger().info("Get user api address is [{}]", url);
+        try {
+            String res = HttpToolbox.executeAndParse(HttpRequest.custom().url(url)
+                    .get()
+                    .build());
+            FineLoggerFactory.getLogger().info("获取用户信息接口返回内容 ==> {}", res);
+            JSONObject body = new JSONObject(res);
+            if (body.getBoolean("success") && body.has("data")) {
+                body = body.getJSONObject("data");
+                if (body.has("account")) {
+                    Params params = new Params();
+                    params.setRefreshToken(getRefreshToken(request));
+                    params.setUsername(body.getString("account"));
+                    params.setAccessToken(accessToken);
+                    return params;
+                }
+            }
+            if (body.has("message") && "token不合法".equals(body.getString("message"))) {
+                FineLoggerFactory.getLogger().info("Access Token [{}] 不合法, 使用Refresh Token[{}]重新获取", accessToken, getRefreshToken(request));
+                accessToken = getAccessTokenWithRefreshToken(request);
+                return getUsername(request, accessToken);
+            }
+            throw new IllegalAccessException();
+        }catch (IllegalAccessException e){
+            throw new IllegalAccessException();
+        }catch (Exception e) {
+            FineLoggerFactory.getLogger().error("获取用户名失败", e);
+            throw new RuntimeException(e);
+        }
+    }
+
+    private String getAccessTokenWithRefreshToken(HttpServletRequest request) throws Exception {
+        String url = apiRefreshToken + String.format("?refresh_token=%s&client_id=%s&grant_type=refresh_token", getRefreshToken(request), apiClientId);
+        FineLoggerFactory.getLogger().info("Refresh Token api address is [{}]", url);
+        String res = HttpToolbox.executeAndParse(HttpRequest.custom().url(url)
+                .get()
+                .build());
+        FineLoggerFactory.getLogger().info("刷新token接口返回内容 ==> {}", res);
+        JSONObject body = new JSONObject(res);
+        if (body.getBoolean("success") && body.has("data")) {
+            body = body.getJSONObject("data");
+            if (body.has("access_token")) {
+                return body.getString("access_token");
+            }
+        }
+        throw new IllegalAccessException();
+    }
+
+    private String getRefreshToken(HttpServletRequest request) {
+        return getValueFromRequest(request, "refresh_token");
+    }
+
+    private String getAccessToken(HttpServletRequest request) {
+        return getValueFromRequest(request, "access_token");
+    }
+
+    private String getValueFromRequest(HttpServletRequest request, String key) {
+        try {
+            String value = request.getParameter(key);
+            if (StringUtils.isEmpty(value)) {
+                value = getCookieValue(request, key);
+            }
+            if (StringUtils.isEmpty(value)) {
+                String params = request.getParameter("app");
+                params = params.substring(params.indexOf("#") + 1);
+                Map<String, String> values = Pattern.compile("&").splitAsStream(params).map(e -> e.split("=")).collect(Collectors.toMap(e -> e[0], e -> e[1]));
+                value = values.get(key);
+            }
+            return value;
+        } catch (Exception e) {
+            FineLoggerFactory.getLogger().error("Failed to get \"{}\" value from this request, cause by: ", key, e.getMessage());
+            FineLoggerFactory.getLogger().error("", e);
+        }
+        return "";
+    }
+
+    private String getCookieValue(HttpServletRequest request, String key) {
+        Cookie[] cookies = request.getCookies();
+        for (Cookie c : cookies) {
+            if (StringUtils.equals(c.getName(), key)) {
+                return c.getValue();
+            }
+        }
+        return StringUtils.EMPTY;
+    }
+
+    private void loginFromCode(String code, HttpServletRequest req, HttpServletResponse res) {
+        FineLoggerFactory.getLogger().info("ssoFilter >>> inside login code param is {}", code);
+        try {
+            code = DesECBUtil.decryptDES(code, CODE_KEY);
+        } catch (Exception e) {
+            FineLoggerFactory.getLogger().error(e.getMessage(), e);
+        }
+        FineLoggerFactory.getLogger().info("ssoFilter >>> inside login code decode is {}", code);
+        String[] arr = code.split("_");
+        loginFromToken(req, res, arr[0]);
+    }
+
+    private void executeGetAuth(HttpServletRequest req, HttpServletResponse res) {
+        String uri = WebUtils.getHTTPRequestParameter(req, "redirect_uri");
+        String currentUsername = null;
+        try {
+            User user= null;
+            try {
+                user = UserService.getInstance().getUserByRequest(req);
+            }catch (Exception e){
+
+            }
+            if(user == null){
+                user = UserService.getInstance().getUserByRequestCookie(req);
+            }
+            currentUsername = user.getUserName();
+            String encryptDES = DesECBUtil.encryptDES(String.format("%s_%d", currentUsername, Instant.now().toEpochMilli()), CODE_KEY);
+            encryptDES = URLEncoder.encode(encryptDES, "UTF-8");
+            uri = uri.indexOf("?") == -1 ? uri + "?sign=" + encryptDES : uri + "&sign=" + encryptDES;
+            res.sendRedirect(uri);
+            FineLoggerFactory.getLogger().info("ssoFilter >>> inside redirect url is {}", uri);
+        } catch (Exception e) {
+            FineLoggerFactory.getLogger().error(e.getMessage(), e);
+        }
+    }
+
+    private boolean notExistUser(String username) {
+        User user = null;
+        try {
+            user = UserService.getInstance().getUserByUserName(username);
+            if (user == null) {
+                return true;
+            }
+        } catch (Exception e) {
+            FineLoggerFactory.getLogger().error(e.getMessage(), e);
+        }
+        return false;
+    }
+
+    private boolean hasCookie(HttpServletRequest req) {
+        if (req.getCookies() == null) {
+            return false;
+        }
+        return Stream.of(req.getCookies()).anyMatch(e -> "IAM_SESSION".equalsIgnoreCase(e.getName()));
+    }
+
+    public LoginRequestInfoBean getLoginInfo(HttpServletRequest req) {
+        try {
+            BufferedReader br = req.getReader();
+            String str = "";
+            String listString = "";
+            while ((str = br.readLine()) != null) {
+                listString += str;
+            }
+            JSONObject jsonObject = new JSONObject(listString);
+            LoginRequestInfoBean info = jsonObject.mapTo(LoginRequestInfoBean.class);
+            //info.setPassword(TransmissionTool.decrypt(info.isEncrypted(),info.getPassword()));
+            return info;
+        } catch (Exception e) {
+            FineLoggerFactory.getLogger().error(e.getMessage(), e);
+        }
+        return null;
+
+    }
+
+    private boolean loginFromToken(HttpServletRequest req, HttpServletResponse res, String username) {
+        try {
+            if (StringUtils.isNotEmpty(username)) {
+                FineLoggerFactory.getLogger().info("current username:" + username);
+                User user = UserService.getInstance().getUserByUserName(username);
+                FineLoggerFactory.getLogger().info("get user:" + user);
+                if (user == null) {
+                    throw new UserNotExistException();
+                }
+                String token = LoginService.getInstance().login(req, res, username);
+                FineLoggerFactory.getLogger().info("get login token:" + token);
+                req.setAttribute(DecisionServiceConstants.FINE_AUTH_TOKEN_NAME, token);
+                FineLoggerFactory.getLogger().info("username:" + username + "login success");
+                return true;
+            } else {
+                FineLoggerFactory.getLogger().warn("username is null!");
+                return false;
+            }
+        } catch (Exception e) {
+            FineLoggerFactory.getLogger().error(e.getMessage(), e);
+        }
+        return false;
+    }
+
+    private void filter(HttpServletRequest req, HttpServletResponse res, FilterChain filterChain) {
+        try {
+            filterChain.doFilter(req, res);
+        } catch (IOException e) {
+            FineLoggerFactory.getLogger().error(e.getMessage(), e);
+        } catch (ServletException e) {
+            FineLoggerFactory.getLogger().error(e.getMessage(), e);
+        }
+    }
+
+    private boolean isLogin(HttpServletRequest request) {
+        String oldToken = TokenResource.COOKIE.getToken(request);
+        return oldToken != null && checkTokenValid(request, (String) oldToken);
+    }
+
+    private boolean checkTokenValid(HttpServletRequest req, String token) {
+        try {
+            Device device = NetworkHelper.getDevice(req);
+            LoginService.getInstance().loginStatusValid(token, TerminalHandler.getTerminal(req, device));
+            return true;
+        } catch (Exception ignore) {
+        }
+        return false;
+    }
+
+    public boolean isMobileDevice(HttpServletRequest request) {
+        String requestHeader = request.getHeader("user-agent");
+        String[] deviceArray = new String[]{"android", "iphone", "ios", "windows phone"};
+        if (requestHeader == null) {
+            return false;
+        }
+        requestHeader = requestHeader.toLowerCase();
+        for (int i = 0; i < deviceArray.length; i++) {
+            if (requestHeader.contains(deviceArray[i]) && request.getRequestURI().endsWith("/login")) {
+                FineLoggerFactory.getLogger().info("current request:{} is mobile request!", request.getRequestURI());
+                return true;
+            }
+        }
+        return false;
+    }
+}
diff --git a/src/main/java/com/fr/plugin/nfsq/sso/SsoHttpHandler.java b/src/main/java/com/fr/plugin/nfsq/sso/SsoHttpHandler.java
new file mode 100644
index 0000000..4ee2691
--- /dev/null
+++ b/src/main/java/com/fr/plugin/nfsq/sso/SsoHttpHandler.java
@@ -0,0 +1,103 @@
+package com.fr.plugin.nfsq.sso;
+
+import com.fr.decision.authority.data.User;
+import com.fr.decision.fun.impl.BaseHttpHandler;
+import com.fr.decision.webservice.v10.login.LoginService;
+import com.fr.decision.webservice.v10.user.UserService;
+import com.fr.general.PropertiesUtils;
+import com.fr.json.JSONObject;
+import com.fr.log.FineLoggerFactory;
+import com.fr.record.analyzer.EnableMetrics;
+import com.fr.stable.StringUtils;
+import com.fr.third.springframework.web.bind.annotation.RequestMethod;
+import com.fr.web.utils.WebUtils;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ * @author fr.open
+ * @since 2020/08/28
+ */
+@EnableMetrics
+public class SsoHttpHandler extends BaseHttpHandler {
+
+    private String apiUser = "";
+
+    public SsoHttpHandler() {
+        apiUser = PropertiesUtils.getProperties("xplatform").getProperty("api.get-user");
+    }
+
+    @Override
+    public RequestMethod getMethod() {
+        return RequestMethod.GET;
+    }
+
+    @Override
+    public String getPath() {
+        return "/getFineToken";
+    }
+
+    @Override
+    public boolean isPublic() {
+        return true;
+    }
+
+    @Override
+    public void handle(HttpServletRequest request, HttpServletResponse response) throws Exception {
+        if (StringUtils.isBlank(apiUser)) {
+            sendError(response, "apiUser config is null");
+            return;
+        }
+        String token = request.getParameter("access_token");
+        if (StringUtils.isBlank(token)) {
+            sendError(response, "token is null");
+            return;
+        }
+        String userName = getUsername(token);
+        if (StringUtils.isBlank(userName)) {
+            sendError(response, "get user is null");
+            return;
+        }
+        User user = UserService.getInstance().getUserByUserName(userName);
+        FineLoggerFactory.getLogger().info("get user:" + user);
+        if (user == null) {
+            sendError(response, "user not exist");
+        }
+        String fineToken = LoginService.getInstance().login(request, response, userName);
+        JSONObject jsonObject = new JSONObject("{\"codeDesc\":\"success\",\"success\":true,\"codeNum\":0}");
+        jsonObject.put("value", JSONObject.create().put("fine_oath_token", fineToken));
+        response.setContentType("application/json;charset=UTF-8");
+        WebUtils.printAsJSON(response, jsonObject);
+    }
+
+    private String getUsername(String accessToken) {
+        String url = apiUser + "?access_token=" + accessToken;
+        FineLoggerFactory.getLogger().info("Get user api address is [{}]", url);
+        try {
+            String res = HttpUtil.sendGet(url, null, null, null);
+            FineLoggerFactory.getLogger().info("获取用户信息接口返回内容 ==> {}", res);
+            JSONObject body = new JSONObject(res);
+            if (body.getBoolean("success") && body.has("data")) {
+                body = body.getJSONObject("data");
+                if (body.has("account")) {
+                    return body.getString("account");
+                }
+            }
+            throw new IllegalAccessException();
+        } catch (Exception e) {
+            FineLoggerFactory.getLogger().error("获取用户名失败", e);
+            throw new RuntimeException(e);
+        }
+    }
+
+    protected void sendError(HttpServletResponse response, String errorCode) {
+        JSONObject jsonObject = new JSONObject("{\"codeDesc\":\"" + errorCode + "\",\"success\":false,\"codeNum\":70}");
+        try {
+            response.setContentType("application/json;charset=UTF-8");
+            WebUtils.printAsJSON(response, jsonObject);
+        } catch (Exception e) {
+            FineLoggerFactory.getLogger().error("输出响应错误失败", e);
+        }
+    }
+}
diff --git a/src/main/java/com/fr/plugin/nfsq/sso/SsoRequestHandlerBridge.java b/src/main/java/com/fr/plugin/nfsq/sso/SsoRequestHandlerBridge.java
new file mode 100644
index 0000000..2173b60
--- /dev/null
+++ b/src/main/java/com/fr/plugin/nfsq/sso/SsoRequestHandlerBridge.java
@@ -0,0 +1,19 @@
+package com.fr.plugin.nfsq.sso;
+
+import com.fr.decision.fun.HttpHandler;
+import com.fr.decision.fun.impl.AbstractHttpHandlerProvider;
+import com.fr.plugin.transform.FunctionRecorder;
+
+/**
+ * @author fr.open
+ * @since 2020/08/28
+ */
+@FunctionRecorder
+public class SsoRequestHandlerBridge extends AbstractHttpHandlerProvider {
+    @Override
+    public HttpHandler[] registerHandlers() {
+        return new HttpHandler[]{
+                new SsoHttpHandler(),
+        };
+    }
+}
diff --git a/src/main/java/com/fr/plugin/nfsq/sso/SsoRequestURLAliasBridge.java b/src/main/java/com/fr/plugin/nfsq/sso/SsoRequestURLAliasBridge.java
new file mode 100644
index 0000000..78b9b71
--- /dev/null
+++ b/src/main/java/com/fr/plugin/nfsq/sso/SsoRequestURLAliasBridge.java
@@ -0,0 +1,18 @@
+package com.fr.plugin.nfsq.sso;
+
+import com.fr.decision.fun.impl.AbstractURLAliasProvider;
+import com.fr.decision.webservice.url.alias.URLAlias;
+import com.fr.decision.webservice.url.alias.URLAliasFactory;
+
+/**
+ * @author fr.open
+ * @since 2020/08/28
+ */
+public class SsoRequestURLAliasBridge extends AbstractURLAliasProvider {
+    @Override
+    public URLAlias[] registerAlias() {
+        return new URLAlias[]{
+                URLAliasFactory.createPluginAlias("/getFineToken", "/getFineToken", true),
+        };
+    }
+}