From users-return-118313-archive-asf-public=cust-asf.ponee.io@httpd.apache.org Tue Jan 8 17:06:54 2019 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx-eu-01.ponee.io (Postfix) with SMTP id B3D58180652 for ; Tue, 8 Jan 2019 17:06:52 +0100 (CET) Received: (qmail 13045 invoked by uid 500); 8 Jan 2019 16:06:46 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 13035 invoked by uid 99); 8 Jan 2019 16:06:46 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd1-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 08 Jan 2019 16:06:46 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id 148BACC014 for ; Tue, 8 Jan 2019 16:06:46 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -0.301 X-Spam-Level: X-Spam-Status: No, score=-0.301 tagged_above=-999 required=6.31 tests=[HTML_MESSAGE=2, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=disabled Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024) with ESMTP id RVMUL7z5je56 for ; Tue, 8 Jan 2019 16:06:43 +0000 (UTC) Received: from smtp26.renault.fr (smtp26.renault.fr [193.194.133.49]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTPS id 364D75FB63 for ; Tue, 8 Jan 2019 16:06:43 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.56,454,1539640800"; d="png'150?scan'150,208,217,150";a="359688127" From: "MARASOIU Nicolae-dumitru (renexter)" To: "users@httpd.apache.org" Thread-Topic: JWT could not be decrypted Thread-Index: AdSnai40DuZasEGAScqwu1F9pE5gJw== Date: Tue, 8 Jan 2019 16:06:36 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: x-originating-ip: [81.196.110.131] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1;VI1PR05MB4126;6:/aUO2dWadFNuJQhFTAtrKE37MD+qB3S2No//Q850a7AZ0jWESXjuseVdyLmlBEmBLZ0FFyINI30evoOCRKw1eYCKhm4U1yFvsWxaU5mn9VHsFWpEG85VIK2qKKUdsV1F8oO7fwFHrVOgwXlysuLHyDEmtn/Na2bW/JQz+auJxKNiNGiSUOt4/I1SCSGNjmqSvf8HDcLDEgtxlikDIaj3epc4Ibn7G5pjWSoQdkqyY/wmpO7ZGDEyVzqvMpKCjJGTsRfb6sCQKtrkBPKQCcgRr/5BrrgNYBe/D7VAU1J8gUrn9ssAZdvhrQZENhPywrxtmwLN54EI/J4TXssl3GB8u+ZOk3PguVEK0Ma0fHcHUPYw+K6bBdKKZDXJDg9BB3te+bxd+cf8EprOjEORPunJ4Pn0NZ1ndttYdrOs3sQP8PXJhYG/c1YGcHPfbb1bU0KFMvgoK8LIj5Hv2ORXZ1WNcw==;5:JYCEoZSLtnMGNp6rspipMFXy6+mG/pNV1q28TNGBoxcft43X8yk+0TyEz6STHjGGbaN3nz/hwOZCFU0I1h6hHHW9voUcDiWwP4N5l18ZxUZewuqU8+g9RWJq6WTwPzY4Rjb5t9b/F26juB1uigD5oE+TVDT7c7xm+g4h85/5aMmEAIIDSC0pdtXPGZkuFW3/AheugpJ7j+1cFmmk4Q5NwA==;7:VOuVaxVsMvNBuGCjcA+qq9N+GJTnxtPW7wh9rBpMCJ6eYD94duddilxuopXqilyAIqshmUwbUYtFwkawZv5YrEAgn85znPXw/EGcEfphZ7S8VAqGisge5DxGspTWVS1PYPbY2m1G7S1JrBiJyYlsZQ== x-ms-exchange-antispam-srfa-diagnostics: SOS; x-ms-office365-filtering-correlation-id: 91982056-10d9-4edb-c736-08d675834432 x-microsoft-antispam: BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600109)(711020)(2017052603328)(7153060)(49563074)(7193020);SRVR:VI1PR05MB4126; x-ms-traffictypediagnostic: VI1PR05MB4126: x-microsoft-antispam-prvs: x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:(8211001083)(3230021)(908002)(999002)(5005026)(102415395)(6040522)(8220060)(2401047)(8121501046)(93006095)(93001095)(10201501046)(3002001)(3231475)(944501520)(4983020)(4982022)(52105112)(6041310)(20161123560045)(20161123558120)(20161123564045)(20161123562045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(201708071742011)(7699051)(76991095);SRVR:VI1PR05MB4126;BCL:0;PCL:0;RULEID:;SRVR:VI1PR05MB4126; x-forefront-prvs: 0911D5CE78 x-forefront-antispam-report: SFV:NSPM;SFS:(10019020)(366004)(376002)(136003)(396003)(346002)(39860400002)(53754006)(189003)(199004)(8936002)(3846002)(790700001)(476003)(316002)(486006)(55016002)(2501003)(81166006)(236005)(8676002)(5660300001)(6116002)(81156014)(1730700003)(186003)(733005)(53936002)(25786009)(861006)(54556002)(4743002)(66066001)(9686003)(26005)(54896002)(6306002)(606006)(6916009)(6436002)(66574012)(5640700003)(14454004)(7696005)(2906002)(86362001)(33656002)(478600001)(7736002)(97736004)(6506007)(105586002)(106356001)(71200400001)(99286004)(99936001)(68736007)(102836004)(2351001)(74316002)(14444005)(71190400001)(256004);DIR:OUT;SFP:1102;SCL:1;SRVR:VI1PR05MB4126;H:VI1PR05MB4368.eurprd05.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;MX:1;A:1; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: RHkkdm4Od88mkv3nVtpSH/3Aqj6DH6iZeGyoDprNlN+NvBO5OdFW3AM6TkgqURBVrOAAA/xmy5+OIlwrMkbClYh3yAHnwUWRD3vPKt/TPKJy0fdlyQ2KxKMGhonU/d4YT1kSnA25fTS6OMp/tW1AevFD6GxG9TgpcaPcQ7BY3ZGb/c08ztRy+iqNLQWXyh8JVXd9FxuOht2qiD1nVD2nbZ6arinsWZGxeDIKzaYf8NjzgVqjF1Gb4YzIls/MUbGC+r3WQ2wXluL0cOSJf+rwC0EWiOZrDTXtBLkNmt/KpPW++RMt6U3KERViOKsBAZrg spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: multipart/related; boundary="_004_VI1PR05MB43682426280A21E1DADADB2CE48A0VI1PR05MB4368eurp_"; type="multipart/alternative" MIME-Version: 1.0 X-OriginatorOrg: renault.com X-MS-Exchange-CrossTenant-Network-Message-Id: 91982056-10d9-4edb-c736-08d675834432 X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Jan 2019 16:06:36.3176 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: d6b0bbee-7cd9-4d60-bce6-4a67b543e2ae X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR05MB4126 Subject: [users@httpd] JWT could not be decrypted --_004_VI1PR05MB43682426280A21E1DADADB2CE48A0VI1PR05MB4368eurp_ Content-Type: multipart/alternative; boundary="_000_VI1PR05MB43682426280A21E1DADADB2CE48A0VI1PR05MB4368eurp_" --_000_VI1PR05MB43682426280A21E1DADADB2CE48A0VI1PR05MB4368eurp_ Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Hi all, We receive this error in the log file, "JWT could not be decrypted", and I = give details below, we would need a bit of help to figure out the cause of = the error. In my understanding the IdP exposes an http endpoint called jwks where the = set of keys and associated encryption types (symmetric or asymettric) and a= lgorithms (e.g. RSA with SHA256). Then when e.g. the token endpoint responds with some JWT tokens (id, access= , refresh), then httpd oidc module tries the keys with algos until one succ= eeds. Our jwks endpoint returns: { "keys": [ { "kty": "RSA", "use": "sig", "alg": "RS256", "n": "..", "e": ".." } ] } All the errors in the log are, in order: [auth_openidc:error] oidc_util_jwt_verify: parsing JWT failed: [src/jose.c:= 694: oidc_jwe_decrypt_impl]: encrypted JWT could not be decrypted with any = of the 1 keys: error for last tried key is: crypto error [file: jwe.c, func= tion: _cjose_jwe_decrypt_dat_a256gcm, line: 1031] [auth_openidc:error] oidc_authorization_response_match_state: unable to res= tore state [auth_openidc:error] oidc_handle_authorization_response: invalid authorizat= ion response state and no default SSO URL is set, sending an error.. As a side note, we are behind a corporate firewall with basic auth and I co= nfigured it with ProxtRemote and sending Authorization Basic header manuall= y on all requests. It seems to be passed over the previous errr (connection= timeout) so I think it connects well to IdP. As another side note, I am doing part of the flow in browser and part of it= in curl (because in some requests I need to go through an http proxy, whil= e in others I need to use the proxy, and the browser is forced into proxy u= sage for security reasons). So there may be some cookies or other things mi= ssing, as a potential cause. Could you help me how to investigate the cause of the error below? Thank you very much, Nicolae MARASOIU Technical Leader [http://group.renault.com/RCW_BINARIES/signature_renault/EMAIL_LOGOS_Groupe= _Renault.png] DSIRo API : ROBUCWGD315 Mob. : +40 724746655 www.groupe.renault.com -- Disclaimer ------------------------------------ = Ce message ainsi que les eventuelles pieces jointes constituent une corresp= ondance privee et confidentielle a l'attention exclusive du destinataire de= signe ci-dessus. Si vous n'etes pas le destinataire du present message ou u= ne personne susceptible de pouvoir le lui delivrer, il vous est signifie qu= e toute divulgation, distribution ou copie de cette transmission est strict= ement interdite. Si vous avez recu ce message par erreur, nous vous remerci= ons d'en informer l'expediteur par telephone ou de lui retourner le present= message, puis d'effacer immediatement ce message de votre systeme. *** This e-mail and any attachments is a confidential correspondence intend= ed only for use of the individual or entity named above. If you are not the= intended recipient or the agent responsible for delivering the message to = the intended recipient, you are hereby notified that any disclosure, distri= bution or copying of this communication is strictly prohibited. If you have= received this communication in error, please notify the sender by phone or= by replying this message, and then delete this message from your system. --_000_VI1PR05MB43682426280A21E1DADADB2CE48A0VI1PR05MB4368eurp_ Content-Type: text/html; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable

Hi all,

We receive this error in the log file, „JWT co= uld not be decrypted”, and I give details below, we would need a bit = of help to figure out the cause of the error.

 

In my understanding the IdP exposes an http endpoint= called jwks where the set of keys and associated encryption types (symmetr= ic or asymettric) and algorithms (e.g. RSA with SHA256).

Then when e.g. the token endpoint responds with some= JWT tokens (id, access, refresh), then httpd oidc module tries the keys wi= th algos until one succeeds.

 

Our jwks endpoint returns:

{
  "keys": [
    {
      "kty": "RSA",
      "use": "sig",
      "alg": "RS256",
      "n": "..",
      "e": ".."
    }
  ]
}

 

All the errors in the log are, in order:<= /p>

 

[auth_openidc:error] oidc_util_jwt_verify: parsing J= WT failed: [src/jose.c:694: oidc_jwe_decrypt_impl]: encrypted JWT could not= be decrypted with any of the 1 keys: error for last tried key is: crypto e= rror [file: jwe.c, function: _cjose_jwe_decrypt_dat_a256gcm, line: 1031]

 

[auth_openidc:error] oidc_authorization_response_mat= ch_state: unable to restore state

 

[auth_openidc:error] oidc_handle_authorization_respo= nse: invalid authorization response state and no default SSO URL is set, se= nding an error..

 

As a side note, we are behind a corporate firewall w= ith basic auth and I configured it with ProxtRemote and sending Authorizati= on Basic header manually on all requests. It seems to be passed over the pr= evious errr (connection timeout) so I think it connects well to IdP.

As another side note, I am doing part of the flow in= browser and part of it in curl (because in some requests I need to go thro= ugh an http proxy, while in others I need to use the proxy, and the browser= is forced into proxy usage for security reasons). So there may be some cookies or other things missing, as a poten= tial cause.

 

Could you help me how to investigate the cause of th= e error below?

Thank you very muc= h,


Nicolae MARASOIU

Technical Leader


3D"http=

DSIRo

API : ROBUCWG= D315=
Mob. : = +40 724746655

www.groupe.renault.com

 

-- Disclaimer ------------------------------------
Ce message ainsi que les eventuelles pieces jointes constituent une corresp= ondance privee et confidentielle a l'attention exclusive du destinataire de= signe ci-dessus. Si vous n'etes pas le destinataire du present message ou u= ne personne susceptible de pouvoir le lui delivrer, il vous est signifie qu= e toute divulgation, distribution ou copie de cette transmission est strict= ement interdite. Si vous avez recu ce message par erreur, nous vous remerci= ons d'en informer l'expediteur par telephone ou de lui retourner le present= message, puis d'effacer immediatement ce message de votre systeme.

*** This e-mail and any attachments is a confidential correspondence int= ended only for use of the individual or entity named above. If you are not = the intended recipient or the agent responsible for delivering the message = to the intended recipient, you are hereby notified that any disclosure, dis= tribution or copying of this communication is strictly prohibited. If you h= ave received this communication in error, please notify the sender by phone= or by replying this message, and then delete this message from your system= .

--_000_VI1PR05MB43682426280A21E1DADADB2CE48A0VI1PR05MB4368eurp_-- --_004_VI1PR05MB43682426280A21E1DADADB2CE48A0VI1PR05MB4368eurp_ Content-Type: image/png; name="image001.png" Content-Description: image001.png Content-Disposition: inline; filename="image001.png"; size=5598; creation-date="Tue, 08 Jan 2019 16:06:35 GMT"; modification-date="Tue, 08 Jan 2019 16:06:35 GMT" Content-ID: Content-Transfer-Encoding: base64 iVBORw0KGgoAAAANSUhEUgAAAMgAAAAVCAYAAAAD+KFvAAAAAXNSR0IArs4c6QAAAAlwSFlzAAAO xAAADsQBlSsOGwAAABl0RVh0U29mdHdhcmUATWljcm9zb2Z0IE9mZmljZX/tNXEAABVeSURBVHhe 1ZsLlBTVmYBvVT/mDYwEDcLwWkJOVoKgrAaDGF+LioExEHZNsiF6Bg8hHKP70MRNZpyJ68aYHIlR F2HAYI67cQMJyBJRk12N2UWNGF/EiIKSEVEeDo8Zema6u2q//96q6urqnp5pxE32zunp6qr7+O9/ //f/V7y1tVX5rfmvW5KqW81XtpqrsmqyslSlctURFVMvKEc9pF5Xm9peac0GA7hoXtAyRqXUZ7h0 GOeGn+lrh3uOOqgq1EttG1pfLngeutE8p2Uic3yWWxcwpoH1bT4H+DwFPOvaNrf+T3Q8Yy6g1zTu 9zGmgu8n6PebYE8fa7HVBLWA36Pol2EvcZVmH5tbX5c+jD+D+xdw2VsEdot7R/i8ps5UT7W15fbO vuvZ9+cYG+N54b79yRxvFxXAv651T6n9r1ix4tRkMi77l/kK5nQch3vOe4mE2r5o0ZIXonMtX758 SG1t9edt205qzPff2Jdjx2IV6xctWtSxdu3aYel0r4zTe2GdON87m5queSg8RXt7+xTGXUy/Pvok Mhln85IlS14ttkx7+8p53J9A34wmA3M2W5qamgpogPXHZbO9jUrZWW/tdzo69jwIbQZ7aG9fcYZS 8QtsW/XK2sz4u6amJVtk7paWloqxYxu+yGW1j7tYLPFv7O1APvwrZrDGJ4Gp8Kwjm/DgOCSI0K35 0pYbYI7Pqlo1XaNWtiXkIceUUGfwfZX6iPp186ktX2j7ZevuYL5edZqqU3dAKLkjlXHhJiyVUpnm uS2bVVItg1DeiiKV9Zexzq1ssQ4CDpPHRxgzQx1T10PMK3h6bduPW6WHaZb6khqh/ob5laris0/9 E/8DBlGnQ8Bd6gY1HBKXUYbk9/JfMwhttvoQ6/YE8+WDJvuXZy+obc2NLUth8md0h5QayZHfpY8k T2REdibrCS671Uv8L8kg8bia6LrucsuKItDMycHKf5VOO9n29nsfUyr2FQhul79ibW3tyRDOPREI iv50XYt5Ur/jYUcqlTolkYjd5XeMxWwI2j28du3ySYsWXbcvN4FzUSwW+y4waliSSYSXUgUMwrhh 0Ooq5hlBV91iMUtls9nJXH4pChDMOYX57jD9YvRztk+aNGk9P/v8vjyfDV5ulbVNH/UTnmkGGTly ZI3rOt+zLLtOfksf9vQkl3kMwu8FjP1beT5QExwAx37NIM2fbpkPcd2mZWGXQOkNz3CsFaoG4jQE W6dmQgz3NJ/VMq/tmVYtGfQmjnJXJKn0kbE13hM5Z+FV+dhI7lo1Tx1SQyH0y5DgQtK6wRyXoat+ 4BGvIfQeTc4Z7ldpmGSuIWoJxC2b/mawQQsYRcYLEQs6s5pVou2I7iMQC4zZHOIRBj3qsDdWRons rfTWE0Hh770KBjumNjbPbjmv7ZHWHcyVBaZjfFdrgSLw+ePCq8t9gcspKdH9EWkOr4+PQKGbYQrT 5GC9w40h7C9xnOyDaI0Lr7vuOtkdrQdWTRxB+g3xx/THbDKP49iaUuLxeBYC6+aef3KKcUOz2erZ PP5RaDs9zO3DILcDAg5vOZ2uPZ0ND4fAgtsGDms62qISye6LI3+XopGksy39gENOJK/xtMeyzNre noQqwqjpZA+aQWjd7MmnzzAM7DPAob4fZZYcvrSQ6otD7HGO7htaAxzlIwSexSRSahnEtA3y+Svu 3ayfyHNLXYbE/iRXT0Q3oefIIiUPK5FiGfoO53seRPdRjUo5xgr1KUh4DlfrZDxmXYJ5b9LrCtpQ nnyvY+3vcNWlzZgYz4UFDel/FUl+H5I8kJwFcBzvDREXfepZGPpBDYmtPg4cCzXzd3OnRn0YOL7G 1dWwrasZTpoR+H3AJ2aPr6dyzzhT9l1w6AOByeHtg26+D49kuK5H6l/OAU42xI3tZtnTq6urG5nn /n7mEoZ7HprLh8l0hvfsQ6VgQEov5HmYQQYC2XvuzAJOO0x8HmFPTKfTp9Fp2yAnOqHdwN+bsMSz fLSNQkOkWVMFF95CvR6+HL6hSGtPHGKfgmyfGshd6eqof27b1Ppjb9AtzZe3fJwDXqiJXKT7MTWL /4UMIkTuqLfQDrf6O2u+sOVOyONR1vhzTVDSJ6bO479mENXJ+gl1ttYy8iyt/gAs12DGdXpzfBMN N4X15+o+leixHphUYd6c6GbWfxb4vxvAP6fladB3B/uyNAPb6hI04BD6iQYxzeCsE5ZpVLvUu9qL Crcd9JjE7jcMHmBPkr2LHxDgEh/le/F47GGeTfeJz7YtwWV/DHIYP+Eze2nRlSdNUvYO0YP9NEPQ 7qz29rvGNzUte2OwkOMPWA0No2dKf08bPMXlh/mM41MBs4tw/aMwCH7Nv7D2Kn1atIaGho9xKSaz ULW0d8HXpaBLRLk+3ThHd7a2o0U7yEGLwZRQP81DiKseps9C7WaJGdGDZO2/JdAKFfgJ2hGC0Pdg Qv0rWuQWfRzGHDkpGB7Hv4nzJ89EgmfVr0LM4XfbxP25+ofW1OqsEuu/v0ci68OtXq3BLPw7mLfB c5tFK04A3sNa2+WaNqZ0EKOtAIRSXkopeOOYUFWYUFp34hAfwFFei/CbnhvkfKjEBFZVVVUaZ7fY +gPChBIYYllJcbaXDxap+AMwg3ummPkek29k7Dlcj5M5YLxz+bpzsPOdyH7gQUzKwH8Fl3k4EOsO fPWF8RXn0Kfpg5fjNSbSH2CCtyOAPY7lf4P4h5p9Yur3ZQFuY7L5fpGRujkb1EK2CmMIgxhH33ee w0u8oSW2mDpmS+PFNAz5QWWBU1bnjIZ1H/hp8LwIC1hrgPlQkXmCoEdZa5TVOYNmzfklHFzEns+f DGf1OGCy2Jsr9nwMZ30+WuHOcESpFLjxuP0XPBchIszgoDG2YQ0SPAjs/bMkaoYfUgx/ZWHiBHT2 vW09lShNvvLwJT/GBxErI533YknnqV5Mjjd5cvugAIILMTPypZNNLMk3R8z3K8FclkGebjLKxkSJ NgdiFLIUI8ww2nBMQ5Hf/ZoIg4J1MJ3iOtR9SiBE8PEYJh5JtGUx/t4bzJTl9BkxYkQeLrGjpxjJ bBABAUokqr/m9PT0lAWTZxY9yoRj+ZzNCmdhikzl+rnBwW2dK+AZE9A6euRI9wuEnkeFxo4meibz PT64+f64vUSDnKQJ09cgOMbRXEeZIDoYIJbCskPKV0DI4pBfqRWbmGfHtKu+IZjTJbblazCBQ6JK 0ZbQMS3Js/h0IUahRHqKRazKBDfS3Y3kQzrVNciU0RpHRt4c4PdOvk8JRorZ6BJj61Zt+CfCPDkR L9E7B5FxpvoheZSB44t54FhOJpPRcz3wwAPJ3t7URRDwVfLbELIi4mX/rMSGa+rqalrJSfgGtN8V wWjv7ujoWFNMM0Dc78CIrxJNPZtlwLMrZtaADIKmiTc0jML/sHz/41XMw32YMuQ+HKGAhHHebfFR Hn9/B/V/M1p8EN9BMStaOQIhpDmL4x2pE2x+cyATB0PrTfVoASOZMOoknv4Hjr3I2lMYO9WLjDnM IiHaG4MkXXOLBdoTeSkxws8FWzcOcZi4hDmCUOgJQ5XRYGdA5NdzJdpVNN/ngpVNgOJnbQ+1HiWS NjLAimHwGlj9xjzrRwATKPeTl9mio0GD1nieEz6WHMFD7e2rYEF3BOPP8KSzrCiaobmpafGLJfZf DUH+QzTUK78Jwb5ArgF/pjD8LCFeQqo/gZBv4joGLI0Q/80Qf6nkozi945lOR9lkDZx8ieqpRKLr tXS6ihyQ8UNos8SZ93yCE3Z8H8REQgS+8WPmN3aYaQn1dY79krxot4xI4SdMgHhe0VmCXDN5kKGY Gn+pb5oEoZH6FtnolFpKDuE/I2Ny6xkWKDyEDDPkO8Qiy8OG+InBjZBvggBAJR/fivF1lFjkh9lx pfq2XixFj3yYcsnVMDRmnj6w6IpWLbPVEoq92IzR+QEvD6B2Q7ySJPz5QPOVSIr1TpgwoR+NZiU7 OvY+PXr0qBeh82msMRnix7dwiuY9fBhs25mB5qn114RJdLRq167OI6NHV28n4jbOezbNOPM6Yfsn 3YTccwRp0JVzUoQExJgRchTDwTeFTIKoOHIlgXYYHWIYLQFBVXu9x6Gr7iNk20YIeXWAlbBmMMRU SPjxCBMb1ispzY4L6/7+BANyLR+Tl+nFMNzE768VqwLwmCmNuPitDmSEhUyvxqdk0cs0r/QOpLpE zCMZHoPgaj0f4VR+r8R0uQ0m+UGJvUoe5LdF8iBoBeelLVu2qBkzqL4oaK5I9/SqVfdSamJNE7MI lF8B8RcLoASjHcc6zy8CYN2+dNrWIkE0BbAS7nXF3JY2nESeRCIlwvUn3cQ+NjZ/7viSzai/NhMS ewxFfhDDIMnBX8rvCo8sixOniUa9TJ9GrrJci1HyRcZ+XY9NqDHcu506pkeE0MQmh2H68shfTLho k7hZOq+XMGhJaXZcWBf40+p5QgIbNLwZbW6+BfySG9HmQtEmLJ3RJk8jujVUmsGdOuBGe7DXshja mFIS0bPm4If0QFAVEPWVEGszsyZ5Porft5EbebS/eij6SR5kfpE8iNbaEG5Jky+ZdDdkMvrskpKk RJu1m3qwAoGlJByNv/OJkMY6QOlM39q1K8amKDNKJu0OScLLWGnALrm0/wcMYiHvTXjXZ5IhZD1i mAMZJP1tgkhs8uEQ/e+5m58jiFKLMZbSXtTLf/oN/JFzYI7zNSvGlBT5ncPVv3sdugNzxiQaxZXP bykYTfLagl6jX8S0649BjkdSm/VEW6QoStwcquAsAKafG1JW6bD3SDGn7l2+acUgjcw0jvTOkK1+ y6pVKz+BqTLHs/OrCKsKLosWDMokJfIgA+5s1669L+J3PAM9i1M9Eb9lJoxpDNFIq6ysJOlGtV6u 4TM5vybGEEsk4Acd/cs7mpni1A/EpAMC+QF3EJn5tjYCRFYaAj+VyJO4ljnp0glC6gulRn+kEk4U 6j6WZq7zdSTLMMHoYKwbkrjyrDcUHfI7JfFrHKA0YWj5HGCUSfiEzRn5bUdMtEn0eC5i3vTnvRjZ WFoIlD6Q48g5lJrQtevr60VghKJ1LhEhyzdVZPCEUjMcXx7EzCgRLiJgEiUTBqmEOa7QGC7S0HAw qhtmHIlYDSvW19Myp+GHCOw7vFONds3jJrSXlH+Uxv4H8FSITojXNLP+KFiDaITaHqxXB4FakWhX OcBYIWkv6A1n0l2kn8+KJss+scjU43V60i9Vyag3giShq0sZTTPMMzRvvNR7noyhk2t+CWI5Oxhs 30FHqQY7YbQfRJcX2paIU6m50CDvEyZ7I2bVzTCHThz2txZRr/MK4j0FBJ3L3wB3DWYXeRbNIH4o xxyjRcg80qQWLXJroBD/gJUCgzkDKfF4LihlE9JJ6jK8BVzlGCSuPq/ddZHZxxM7ciK5BTfPjHoO GKSw0ZSbWGoWJt0wzJxDwQZc9Wl9NCaMLBoobLTsDNx1g5L8MpQR1ABJtt7P9QgsMNhgkFNmH4Es qYs/CxsVXJisZfohxde3MVRzktQU1fXbXDRIUkyZaA9CvNRi7cgMlCEnCLBz9eqVT3Iwl/UnwfGD 6jH1wHsAl9gjSyGWvTCXphg0ACfgzIX4v+zzTTbrfopHhL97doM6IXg/AjYBuD/Kb7Slabg+MzEt Q9uwB6rmSLyfffsLSR7kGfi3E8ao13LeSGl592I311u53wiB3RiYN2VSjdldJKFnhSRRHRGeLl6I qkCNm2reMTBiO+vfznUXMFwJjJdrFpNj7iGelMFL8ltGPQlsffRJeibcTN47uY3+99NfNF+b/vYT lSn1NPnh19Ujx7ORfsaYROFJrLURbWXYPNwSQPAbdTe37nv/q0rCLTc97m6BPxBaYyjFjT/FjyiA qafnmCT1VtC3fSCYIOh1ELYUiBZtmFenc8g5s1lZvGy1eE20My89HSU8vUTw4/lQM0iAVnR07N9N SHmbFF5696tdN3sP/W+iL8EP+wusf77PoHxDDVZ+uiB/sSo02g/HjBnVI6+uhB+lUl2JsWNH3cC9 Xw60b3keR1IfwIlejVL7e12waIh0KCQsh5mCcKv0EimI1YUIdWa1zCZ1sGHz0QneGFHy8hORrFsh q5/rmU3F8HzWm6c1SyV/ck/kpMTE0ur75FKCUneuX4aZ7scAaNLwC0KS1I1l1bXAKmHmmN6TeBbG vfw2kvyEqN8AC8Z3kbWmF/XUzNoNZWKtn+42DBLWIKQn+2/4AcBUBCgvXDxuMDARCXsEDbGfuYIX oPLH5crbvQz/88Xm7erqeb2urno/z072ihn/LJU6Ohktto0w8B3sizCxyfcQWT6X7yfo28u9qlz1 srzI5N67eHFTzsIpXAyKtSR/I+ZapBFLcXTSdVDNqF6Xt/Deo+zcRooPxZTyiz1qIEkh2kMUMFqq leertYV/UA3TXoppSYgzpplIZNnBiA9g+uzVxC2EYrTAxZTBn0TVrq4TIlr2sH6jMMmbfUP4M9Je ehr4hAQkbnWU90zq1LcKdlYFQxzRoYV5GgYZX+WZcYIgsWi7idYRskQg5OsOm36yJ9mzuMMHShJc buk4exazU/JEAwVwjYwvZQr584pjSwjXlGoQNRrGg7wjpvZKMtJ+pSzEZF0kr+oS6qXAtJI1nCHh l6wKcOXd8AhRw0QYmUhTrMZfN5PJ5vkAMjfO+n/xktbCiJmlzwd6bpQ38PwMOgT8fLF1Ozs799fU VO9Eq8EgwgQSPo5fTt9tmHIb16xZeSOh4Fbgr/TmEqrSlR6yJ3kHBpz8qLv7mGiWcBPQ63W6ZhDN 5HWCfaNtDIoJPddj2uVNojfo2fuzKS05DeK6SvwAbTKkMb1S6hcQzt14JAex5qv5L0h9zzPIhDi2 Q3xf5Vuksphs+6PFjhDfJmb6ikckQk7VuoTFlEvo1vZw691ogi0wwgJmupD1ReLGgGU/cGyFuNcD 59Zi+yen0sn9RjTRhfS9AlhEktczh5So7Gb9XzDvehjyzYLxGYpADmCQiW/SpUMBpYr/csN7dBZ4 KdpN8FE6vNKFaOhTvxro7Mg5vBaPW9dKSNS2Xd4adKGpzrxwdizW9Vhvb/US8965fguvmnyD1IW9 3dXVtY/CwC9zV1hyALbNVlBFgm8BBVZVvUNJy1KYjTWzcdZ/rRBW+2ZemSXZZ2t4CColcC+e2rp1 a5yarXsh6AqhX2COJxKJovkN8XdWrlz5j8wz1czjJKH7YK2rr77mO5hVm5hnPkvg9BMwggag34NI fdZ21i9evOS/o7CR5+nmnfTruV8jMJTCswe378O+xZ6XCa8CB28z2l11dXvyClH/F0YtRsdd5M7V AAAAAElFTkSuQmCC --_004_VI1PR05MB43682426280A21E1DADADB2CE48A0VI1PR05MB4368eurp_--