Return-Path: 
 <security-dev-return-6147-apmail-xml-security-dev-archive=xml.apache.org@xml.apache.org>
Delivered-To: apmail-xml-security-dev-archive@www.apache.org
Received: (qmail 92747 invoked from network); 24 Jul 2007 14:39:14 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2)
  by minotaur.apache.org with SMTP; 24 Jul 2007 14:39:14 -0000
Received: (qmail 24584 invoked by uid 500); 24 Jul 2007 14:39:14 -0000
Delivered-To: apmail-xml-security-dev-archive@xml.apache.org
Received: (qmail 24561 invoked by uid 500); 24 Jul 2007 14:39:14 -0000
Mailing-List: contact security-dev-help@xml.apache.org; run by ezmlm
Precedence: bulk
List-Post: <mailto:security-dev@xml.apache.org>
List-Help: <mailto:security-dev-help@xml.apache.org>
List-Unsubscribe: <mailto:security-dev-unsubscribe@xml.apache.org>
Reply-To: security-dev@xml.apache.org
List-Id: <security-dev.xml.apache.org>
Delivered-To: mailing list security-dev@xml.apache.org
Received: (qmail 24550 invoked by uid 99); 24 Jul 2007 14:39:14 -0000
Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 24 Jul 2007 07:39:14 -0700
X-ASF-Spam-Status: No, hits=0.8 required=10.0
	tests=INFO_TLD,SPF_HELO_PASS,SPF_PASS,UPPERCASE_25_50
X-Spam-Check-By: apache.org
Received-SPF: pass (herse.apache.org: domain of daniele.gagliardi@eng.it
 designates 62.101.90.18 as permitted sender)
Received: from [62.101.90.18] (HELO mail.eng.it) (62.101.90.18)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 24 Jul 2007 07:39:10 -0700
Received: from mail.eng.it (dioscuri-posta-gb [192.168.99.21])
	by deliver.antivirus (Postfix) with SMTP id 1B85918032
	for <security-dev@xml.apache.org>; Tue, 24 Jul 2007 16:38:48 +0200 (CEST)
Received: from [192.168.20.122] (unknown [192.168.20.122])
	by mail.eng.it (Postfix) with ESMTP id 7265918031
	for <security-dev@xml.apache.org>; Tue, 24 Jul 2007 16:38:47 +0200 (CEST)
Message-ID: <46A60EF7.30504@eng.it>
Date: Tue, 24 Jul 2007 16:38:47 +0200
From: Daniele Gagliardi <daniele.gagliardi@eng.it>
User-Agent: Thunderbird 2.0.0.5 (Windows/20070716)
MIME-Version: 1.0
To: security-dev@xml.apache.org
Subject: Strange signature behaviour
Content-Type: multipart/mixed;
 boundary="------------060905030304050203050904"
X-PMX-Version: 5.3.1.294258
X-Virus-Checked: Checked by ClamAV on apache.org

This is a multi-part message in MIME format.
--------------060905030304050203050904
Content-Type: text/plain; charset=ISO-8859-15; format=flowed
Content-Transfer-Encoding: 7bit

I have a strange verification behaviour.
I'm trying to sign portions of a XML document using ds:XPath element,
as follows (the XML documents contains some users info: firstname, 
lastname, age and serial, each of one is represented by a XML element):

//... opening keystore
File keystoreFile= new File(...);
String privateKeyPass = ...;
String privateKeyAlias = ...;
String keystoreType = "pkcs12";
KeyStore ks = KeyStore.getInstance(keystoreType);
FileInputStream fis = new FileInputStream(keystoreFile);
ks.load(fis, keystorePass.toCharArray());
PrivateKey privateKey = (PrivateKey) ks.getKey(privateKeyAlias,
                   privateKeyPass.toCharArray());


// ...loading xml document
File xmlDocument = new File("generic-users.xml");

DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
DocumentBuilder db = dbf.newDocumentBuilder();
	
Document doc = db.parse(xmlDocument);

// ... signing it:
// Init signature file and base URI
File signatureFile = new File("enveloped-signature.xml");
String baseURI = signatureFile.toURL().toString();

// Generate signature element and append it to root
XMLSignature sig = new XMLSignature(doc, baseURI,
  			XMLSignature.ALGO_ID_SIGNATURE_RSA);
doc.getFirstChild().appendChild(sig.getElement());

// Add fragment resolver for uri=""
ResolverFragment fragmentResolver = new ResolverFragment();
sig.addResourceResolver(fragmentResolver);

// Add transform for enveloped signature
Transforms transforms = new Transforms(doc);
transforms.addTransform(Transforms.TRANSFORM_ENVELOPED_SIGNATURE);

// Set XPATH and adding as a transform
XPathContainer xpathContainer = new XPathContainer(doc);
xpathContainer.setXPathNamespaceContext("ds",
			Constants.SignatureSpecNS);

// Setting elements 'lastname' to be signed
String xpath = "/users/user/lastname";
xpathContainer.setXPath(xpath);
transforms.addTransform(Transforms.TRANSFORM_XPATH,
			xpathContainer.getElementPlusReturns());

// Setting 'to be signed' element
sig.addDocument("",transforms,Constants.ALGO_ID_DIGEST_SHA1);

// Adding data for verification
X509Certificate signerCert = (X509Certificate)
			ks.getCertificate(certificateAlias);
sig.addKeyInfo(signerCert);

// ..and finally sign it!
sig.sign(privateKey);

// Saving on a file
FileOutputStream fos = new FileOutputStream(signatureFile);
XMLUtils.outputDOM(doc,fos);
fos.close();


I have different versions of signed file:
1) the original (enveloped-signature.xml);
2) with altered signature (altered-enveloped-signature.xml, see MORDOR 
initial sequence instead of original sequence RdqK3K);
3) with one 'firstname' element content altered;
4) with one 'lastname' element content altered;

When I verify these four files, with the following code:

// loading signed file
File signatureFile = new File(...one of the four files...);
String baseURI = signatureFile.toURL().toString();

// parsing it
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
DocumentBuilder db = dbf.newDocumentBuilder();
db.setErrorHandler(new IgnoreAllErrorHandler());
Document signedDoc = db.parse(signatureFile);

// finding signature element
Element nsContext = XMLUtils.createDSctx(signedDoc, "ds",
				Constants.SignatureSpecNS);
Element signatureElement = (Element)
			XPathAPI.selectSingleNode(signedDoc,
				"//ds:Signature[1]",nsContext);
XMLSignature signature = new XMLSignature(signatureElement,baseURI);

ResolverFragment fragmentResolver = new ResolverFragment();
signature.addResourceResolver(fragmentResolver);

// Loading KeyInfo for verofying it	
KeyInfo ki = signature.getKeyInfo();
boolean result = signature.checkSignatureValue(ki.getX509Certificate());
// printing verification result
logger.info("Signature is " + (result ? "good" : "bad"));



I obtain these results:

1) 'Signature is good' (obviously)
2) 'Signature is bad' (right: the signature was altered)
3) 'Signature is bad' (wrong: I altered the content of one of the 
'firstname' elements, but during signature I was specifying 'lastname' 
elements to be signed)
4) 'Signature is bad' (right: I altered the content of one of the 
'lastname' elements)

If you see signatures and content digests, they are always the same, as 
if I hadn't specified an XPath to select portions of the document 
(wholedocument-enveloped-signature.xml is the same document signed as a 
whole).

What's wrong with my code?

Thanks

Daniele


-- 
-------------------------------------------
Daniele Gagliardi

Engiweb Security - Gruppo Engineering
Corso Stati Uniti 23/I
35127 Padova, Italia

Tel. ++39 0498692507
Fax. ++39 0498692566

http://www.engiweb.com

e-mail:   daniele.gagliardi@eng.it
-------------------------------------------

--------------060905030304050203050904
Content-Type: text/xml;
 name="alteredlastname-enveloped-signature.xml"
Content-Transfer-Encoding: base64
Content-Disposition: inline;
 filename="alteredlastname-enveloped-signature.xml"

PHVzZXJzPg0KICA8dXNlcj4NCiAgICA8Zmlyc3RuYW1lPkJpbGJvPC9maXJzdG5hbWU+DQog
ICAgPGxhc3RuYW1lPlNhY2t2aWxsZTwvbGFzdG5hbWU+DQogICAgPGFnZT41MjwvYWdlPg0K
ICAgIDxzZXJpYWw+WTEwPC9zZXJpYWw+DQogIDwvdXNlcj4NCiAgPHVzZXI+DQogICAgPGZp
cnN0bmFtZT5UaG9yaW48L2ZpcnN0bmFtZT4NCiAgICA8bGFzdG5hbWU+T2FrZW5zaGllbGQ8
L2xhc3RuYW1lPg0KICAgIDxhZ2U+MTk1PC9hZ2U+DQogICAgPHNlcmlhbD5ZNTwvc2VyaWFs
Pg0KICA8L3VzZXI+DQo8ZHM6U2lnbmF0dXJlIHhtbG5zOmRzPSJodHRwOi8vd3d3LnczLm9y
Zy8yMDAwLzA5L3htbGRzaWcjIj4NCjxkczpTaWduZWRJbmZvPg0KPGRzOkNhbm9uaWNhbGl6
YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy9UUi8yMDAxL1JFQy14
bWwtYzE0bi0yMDAxMDMxNSIvPg0KPGRzOlNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0
dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNyc2Etc2hhMSIvPg0KPGRzOlJlZmVy
ZW5jZSBVUkk9IiI+DQo8ZHM6VHJhbnNmb3Jtcz4NCjxkczpUcmFuc2Zvcm0gQWxnb3JpdGht
PSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjZW52ZWxvcGVkLXNpZ25hdHVy
ZSIvPg0KPGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnL1RSLzE5
OTkvUkVDLXhwYXRoLTE5OTkxMTE2Ij4NCjxkczpYUGF0aD4vdXNlcnMvdXNlci9sYXN0bmFt
ZTwvZHM6WFBhdGg+DQo8L2RzOlRyYW5zZm9ybT4NCjwvZHM6VHJhbnNmb3Jtcz4NCjxkczpE
aWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRz
aWcjc2hhMSIvPg0KPGRzOkRpZ2VzdFZhbHVlPmpRWkpyZG9May8xazQvS0d5eUhqUDY2WTFq
cz08L2RzOkRpZ2VzdFZhbHVlPg0KPC9kczpSZWZlcmVuY2U+DQo8L2RzOlNpZ25lZEluZm8+
DQo8ZHM6U2lnbmF0dXJlVmFsdWU+DQpSZHFLM0tQQWtIS1pxc2kyT3MxWEZTVzF3S1hHc1Fy
eWZuVFdKQTRFcmZmNnAwVk1LaXhwbE1RcXZWNW15UG5mQmFpU1JldG9ONGtIDQovV3FzaW5L
MkpIb3d0Zk1vY2NVakwvK01rMjlUTGh0UnNKdlg5OVZJNEo0V2F3Q2cybHUxZjBXUzZPeTFv
bk9uUURqL0s5ZUpFSHJzDQppNnpHQ0FvVk5JdFZ6ODJkcVJBPQ0KPC9kczpTaWduYXR1cmVW
YWx1ZT4NCjxkczpLZXlJbmZvPg0KPGRzOlg1MDlEYXRhPg0KPGRzOlg1MDlDZXJ0aWZpY2F0
ZT4NCk1JSUVCVENDQXUyZ0F3SUJBZ0lCQXpBTkJna3Foa2lHOXcwQkFRVUZBRENCcFRFTE1B
a0dBMVVFQmhNQ1NWUXhDekFKQmdOVkJBZ1QNCkFsQkVNUTh3RFFZRFZRUUhFd1pRWVdSdmRt
RXhJREFlQmdOVkJBb1RGMFZ1WjJsM1pXSWdVMlZqZFhKcGRIa2djeTV5TG13dU1Sc3cNCkdR
WURWUVFMRmhKU2FXTmxjbU5oSUNZZ1UzWnBiSFZ3Y0c4eEVEQU9CZ05WQkFNVEIxSnZiM1Fn
UTBFeEp6QWxCZ2txaGtpRzl3MEINCkNRRVdHR1JoYm1sbGJHVXVaMkZuYkdsaGNtUnBRR1Z1
Wnk1cGREQWVGdzB3TnpBM01EVXhNekUwTlROYUZ3MHdPREEzTURReE16RTANCk5UTmFNSUg4
TVFzd0NRWURWUVFHRXdKSlZERUxNQWtHQTFVRUNCTUNVRVF4RHpBTkJnTlZCQWNUQmxCaFpH
OTJZVEVnTUI0R0ExVUUNCkNoTVhSVzVuYVhkbFlpQlRaV04xY21sMGVTQnpMbkl1YkM0eEh6
QWRCZ05WQkFzVEZsTmxZM1Z5YVhSNUlFSjFjMmx1WlhOeklGVnUNCmFYUXhHekFaQmdOVkJB
TVRFa1JoYmlCMGFHVWdXRTFNSUZOcFoyNWxjakVuTUNVR0NTcUdTSWIzRFFFSkFSWVlaR0Z1
YVdWc1pTNW4NCllXZHNhV0Z5WkdsQVpXNW5MbWwwTVJBd0RnWURWUVFxRXdkRVlXNXBaV3hs
TVJJd0VBWURWUVFFRXdsSFlXZHNhV0Z5WkdreEREQUsNCkJnTlZCQzRUQTJSaGJqRVNNQkFH
QTFVRURCTUpaR1YyWld4dmNHVnlNSUdmTUEwR0NTcUdTSWIzRFFFQkFRVUFBNEdOQURDQmlR
S0INCmdRREUvM0xocW5Dc3NWZnJXaTY1bTR4a0JJdnJ3b24xcnJKTTlnZ3RpeGEzRTU4enha
d2ltZ3ZEYzkvWlNKc2puRXBBOThBYUIxYW4NCkpjMi9OelhKbDZUKzdMTWgrMDd6SENFVTkv
K0JHdEUvRG80TyswZnp2dTNSaG8zUXpDeS93YmRCNk9uYVJZL2twZ2lrWmFoR0dVSWsNCkdn
U2x6eUZvMlhXb29nTm1YMWlxa1FJREFRQUJvMnN3YVRBSkJnTlZIUk1FQWpBQU1BNEdBMVVk
RHdFQi93UUVBd0lHUURBc0JnTlYNCkhSOEVKVEFqTUNHZ0g2QWRoaHRvZEhSd09pOHZaMkZu
YkdsaGNtUnBaQzFrTDJOeWJDNWpjbXd3SGdZSllJWklBWWI0UWdFTkJCRVcNCkQzaGpZU0Jq
WlhKMGFXWnBZMkYwWlRBTkJna3Foa2lHOXcwQkFRVUZBQU9DQVFFQVlydTJUcW44ek45STZZ
R1J0NXBiZzVEdHp4QXANCitsU0hMTThYYm1qM1RFbDZyQ3hlRmRiVVZ5eFdIYjRld1ZCN2VR
Z0FPaU1INWRkMlNyTW5RcU1IeTdRS0lZdFlneEMrMS9CMnROVzQNClJmaXR1WjBPTjFWV0Vj
N0F4U2RHUzZHUlhvRFhCalVwSGo5M1FLNzdUdjdNUDRnbHV0Uy90MWVKS1BwanRYbUJNQ1Bt
L0p6R2NyR0sNCnl1N2pJcDNWOHZqSkZ5Wnp2OUQvUCtIL1hjbGVQR2dBU1BnNjd2b0hpYlk3
OEZURTVsTkladzZoWWM0YjZoWEVIN1dBdHU2MEZZMXMNClY5SVBKeGlIemJnQkZzR09nVis2
SGlYWDFRNm5NT0RYV2FuVWtQeHg2ek94eHRCQ25ueUZZbUV3NnVNbFhuL0UwR0dnc3doWXJy
UEQNClVjaVZ4anBHWXc9PQ0KPC9kczpYNTA5Q2VydGlmaWNhdGU+DQo8L2RzOlg1MDlEYXRh
Pg0KPGRzOktleVZhbHVlPg0KPGRzOlJTQUtleVZhbHVlPg0KPGRzOk1vZHVsdXM+DQp4UDl5
NGFwd3JMRlg2MW91dVp1TVpBU0w2OEtKOWE2eVRQWUlMWXNXdHhPZk04V2NJcG9MdzNQZjJV
aWJJNXhLUVBmQUdnZFdweVhODQp2emMxeVplay91eXpJZnRPOHh3aEZQZi9nUnJSUHc2T0R2
dEg4Nzd0MFlhTjBNd3N2OEczUWVqcDJrV1A1S1lJcEdXb1JobENKQm9FDQpwYzhoYU5sMXFL
SURabDlZcXBFPQ0KPC9kczpNb2R1bHVzPg0KPGRzOkV4cG9uZW50PkFRQUI8L2RzOkV4cG9u
ZW50Pg0KPC9kczpSU0FLZXlWYWx1ZT4NCjwvZHM6S2V5VmFsdWU+DQo8L2RzOktleUluZm8+
DQo8L2RzOlNpZ25hdHVyZT48L3VzZXJzPg==
--------------060905030304050203050904
Content-Type: text/xml;
 name="enveloped-signature.xml"
Content-Transfer-Encoding: base64
Content-Disposition: inline;
 filename="enveloped-signature.xml"

PHVzZXJzPgogIDx1c2VyPgogICAgPGZpcnN0bmFtZT5CaWxibzwvZmlyc3RuYW1lPgogICAg
PGxhc3RuYW1lPkJhZ2dpbnM8L2xhc3RuYW1lPgogICAgPGFnZT41MjwvYWdlPgogICAgPHNl
cmlhbD5ZMTA8L3NlcmlhbD4KICA8L3VzZXI+CiAgPHVzZXI+CiAgICA8Zmlyc3RuYW1lPlRo
b3JpbjwvZmlyc3RuYW1lPgogICAgPGxhc3RuYW1lPk9ha2Vuc2hpZWxkPC9sYXN0bmFtZT4K
ICAgIDxhZ2U+MTk1PC9hZ2U+CiAgICA8c2VyaWFsPlk1PC9zZXJpYWw+CiAgPC91c2VyPgo8
ZHM6U2lnbmF0dXJlIHhtbG5zOmRzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRz
aWcjIj4KPGRzOlNpZ25lZEluZm8+CjxkczpDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29y
aXRobT0iaHR0cDovL3d3dy53My5vcmcvVFIvMjAwMS9SRUMteG1sLWMxNG4tMjAwMTAzMTUi
PjwvZHM6Q2Fub25pY2FsaXphdGlvbk1ldGhvZD4KPGRzOlNpZ25hdHVyZU1ldGhvZCBBbGdv
cml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNyc2Etc2hhMSI+PC9k
czpTaWduYXR1cmVNZXRob2Q+CjxkczpSZWZlcmVuY2UgVVJJPSIiPgo8ZHM6VHJhbnNmb3Jt
cz4KPGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkv
eG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIj48L2RzOlRyYW5zZm9ybT4KPGRzOlRyYW5z
Zm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnL1RSLzE5OTkvUkVDLXhwYXRoLTE5
OTkxMTE2Ij4KPGRzOlhQYXRoPi91c2Vycy91c2VyL2xhc3RuYW1lPC9kczpYUGF0aD4KPC9k
czpUcmFuc2Zvcm0+CjwvZHM6VHJhbnNmb3Jtcz4KPGRzOkRpZ2VzdE1ldGhvZCBBbGdvcml0
aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNzaGExIj48L2RzOkRpZ2Vz
dE1ldGhvZD4KPGRzOkRpZ2VzdFZhbHVlPmpRWkpyZG9May8xazQvS0d5eUhqUDY2WTFqcz08
L2RzOkRpZ2VzdFZhbHVlPgo8L2RzOlJlZmVyZW5jZT4KPC9kczpTaWduZWRJbmZvPgo8ZHM6
U2lnbmF0dXJlVmFsdWU+ClJkcUszS1BBa0hLWnFzaTJPczFYRlNXMXdLWEdzUXJ5Zm5UV0pB
NEVyZmY2cDBWTUtpeHBsTVFxdlY1bXlQbmZCYWlTUmV0b040a0gKL1dxc2luSzJKSG93dGZN
b2NjVWpMLytNazI5VExodFJzSnZYOTlWSTRKNFdhd0NnMmx1MWYwV1M2T3kxb25PblFEai9L
OWVKRUhycwppNnpHQ0FvVk5JdFZ6ODJkcVJBPQo8L2RzOlNpZ25hdHVyZVZhbHVlPgo8ZHM6
S2V5SW5mbz4KPGRzOlg1MDlEYXRhPgo8ZHM6WDUwOUNlcnRpZmljYXRlPgpNSUlFQlRDQ0F1
MmdBd0lCQWdJQkF6QU5CZ2txaGtpRzl3MEJBUVVGQURDQnBURUxNQWtHQTFVRUJoTUNTVlF4
Q3pBSkJnTlZCQWdUCkFsQkVNUTh3RFFZRFZRUUhFd1pRWVdSdmRtRXhJREFlQmdOVkJBb1RG
MFZ1WjJsM1pXSWdVMlZqZFhKcGRIa2djeTV5TG13dU1Sc3cKR1FZRFZRUUxGaEpTYVdObGNt
TmhJQ1lnVTNacGJIVndjRzh4RURBT0JnTlZCQU1UQjFKdmIzUWdRMEV4SnpBbEJna3Foa2lH
OXcwQgpDUUVXR0dSaGJtbGxiR1V1WjJGbmJHbGhjbVJwUUdWdVp5NXBkREFlRncwd056QTNN
RFV4TXpFME5UTmFGdzB3T0RBM01EUXhNekUwCk5UTmFNSUg4TVFzd0NRWURWUVFHRXdKSlZE
RUxNQWtHQTFVRUNCTUNVRVF4RHpBTkJnTlZCQWNUQmxCaFpHOTJZVEVnTUI0R0ExVUUKQ2hN
WFJXNW5hWGRsWWlCVFpXTjFjbWwwZVNCekxuSXViQzR4SHpBZEJnTlZCQXNURmxObFkzVnlh
WFI1SUVKMWMybHVaWE56SUZWdQphWFF4R3pBWkJnTlZCQU1URWtSaGJpQjBhR1VnV0UxTUlG
TnBaMjVsY2pFbk1DVUdDU3FHU0liM0RRRUpBUllZWkdGdWFXVnNaUzVuCllXZHNhV0Z5Wkds
QVpXNW5MbWwwTVJBd0RnWURWUVFxRXdkRVlXNXBaV3hsTVJJd0VBWURWUVFFRXdsSFlXZHNh
V0Z5WkdreEREQUsKQmdOVkJDNFRBMlJoYmpFU01CQUdBMVVFREJNSlpHVjJaV3h2Y0dWeU1J
R2ZNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0R05BRENCaVFLQgpnUURFLzNMaHFuQ3NzVmZyV2k2
NW00eGtCSXZyd29uMXJySk05Z2d0aXhhM0U1OHp4WndpbWd2RGM5L1pTSnNqbkVwQTk4QWFC
MWFuCkpjMi9OelhKbDZUKzdMTWgrMDd6SENFVTkvK0JHdEUvRG80TyswZnp2dTNSaG8zUXpD
eS93YmRCNk9uYVJZL2twZ2lrWmFoR0dVSWsKR2dTbHp5Rm8yWFdvb2dObVgxaXFrUUlEQVFB
Qm8yc3dhVEFKQmdOVkhSTUVBakFBTUE0R0ExVWREd0VCL3dRRUF3SUdRREFzQmdOVgpIUjhF
SlRBak1DR2dINkFkaGh0b2RIUndPaTh2WjJGbmJHbGhjbVJwWkMxa0wyTnliQzVqY213d0hn
WUpZSVpJQVliNFFnRU5CQkVXCkQzaGpZU0JqWlhKMGFXWnBZMkYwWlRBTkJna3Foa2lHOXcw
QkFRVUZBQU9DQVFFQVlydTJUcW44ek45STZZR1J0NXBiZzVEdHp4QXAKK2xTSExNOFhibWoz
VEVsNnJDeGVGZGJVVnl4V0hiNGV3VkI3ZVFnQU9pTUg1ZGQyU3JNblFxTUh5N1FLSVl0WWd4
QysxL0IydE5XNApSZml0dVowT04xVldFYzdBeFNkR1M2R1JYb0RYQmpVcEhqOTNRSzc3VHY3
TVA0Z2x1dFMvdDFlSktQcGp0WG1CTUNQbS9KekdjckdLCnl1N2pJcDNWOHZqSkZ5Wnp2OUQv
UCtIL1hjbGVQR2dBU1BnNjd2b0hpYlk3OEZURTVsTkladzZoWWM0YjZoWEVIN1dBdHU2MEZZ
MXMKVjlJUEp4aUh6YmdCRnNHT2dWKzZIaVhYMVE2bk1PRFhXYW5Va1B4eDZ6T3h4dEJDbm55
RlltRXc2dU1sWG4vRTBHR2dzd2hZcnJQRApVY2lWeGpwR1l3PT0KPC9kczpYNTA5Q2VydGlm
aWNhdGU+CjwvZHM6WDUwOURhdGE+CjxkczpLZXlWYWx1ZT4KPGRzOlJTQUtleVZhbHVlPgo8
ZHM6TW9kdWx1cz4KeFA5eTRhcHdyTEZYNjFvdXVadU1aQVNMNjhLSjlhNnlUUFlJTFlzV3R4
T2ZNOFdjSXBvTHczUGYyVWliSTV4S1FQZkFHZ2RXcHlYTgp2emMxeVplay91eXpJZnRPOHh3
aEZQZi9nUnJSUHc2T0R2dEg4Nzd0MFlhTjBNd3N2OEczUWVqcDJrV1A1S1lJcEdXb1JobENK
Qm9FCnBjOGhhTmwxcUtJRFpsOVlxcEU9CjwvZHM6TW9kdWx1cz4KPGRzOkV4cG9uZW50PkFR
QUI8L2RzOkV4cG9uZW50Pgo8L2RzOlJTQUtleVZhbHVlPgo8L2RzOktleVZhbHVlPgo8L2Rz
OktleUluZm8+CjwvZHM6U2lnbmF0dXJlPjwvdXNlcnM+
--------------060905030304050203050904
Content-Type: text/xml;
 name="altered-enveloped-signature.xml"
Content-Transfer-Encoding: base64
Content-Disposition: inline;
 filename="altered-enveloped-signature.xml"

PHVzZXJzPg0KICA8dXNlcj4NCiAgICA8Zmlyc3RuYW1lPkJpbGJvPC9maXJzdG5hbWU+DQog
ICAgPGxhc3RuYW1lPkJhZ2dpbnM8L2xhc3RuYW1lPg0KICAgIDxhZ2U+NTI8L2FnZT4NCiAg
ICA8c2VyaWFsPlkxMDwvc2VyaWFsPg0KICA8L3VzZXI+DQogIDx1c2VyPg0KICAgIDxmaXJz
dG5hbWU+VGhvcmluPC9maXJzdG5hbWU+DQogICAgPGxhc3RuYW1lPk9ha2Vuc2hpZWxkPC9s
YXN0bmFtZT4NCiAgICA8YWdlPjE5NTwvYWdlPg0KICAgIDxzZXJpYWw+WTU8L3NlcmlhbD4N
CiAgPC91c2VyPg0KPGRzOlNpZ25hdHVyZSB4bWxuczpkcz0iaHR0cDovL3d3dy53My5vcmcv
MjAwMC8wOS94bWxkc2lnIyI+DQo8ZHM6U2lnbmVkSW5mbz4NCjxkczpDYW5vbmljYWxpemF0
aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvVFIvMjAwMS9SRUMteG1s
LWMxNG4tMjAwMTAzMTUiLz4NCjxkczpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRw
Oi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjcnNhLXNoYTEiLz4NCjxkczpSZWZlcmVu
Y2UgVVJJPSIiPg0KPGRzOlRyYW5zZm9ybXM+DQo8ZHM6VHJhbnNmb3JtIEFsZ29yaXRobT0i
aHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3BlZC1zaWduYXR1cmUi
Lz4NCjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy9UUi8xOTk5
L1JFQy14cGF0aC0xOTk5MTExNiI+DQo8ZHM6WFBhdGg+L3VzZXJzL3VzZXIvbGFzdG5hbWU8
L2RzOlhQYXRoPg0KPC9kczpUcmFuc2Zvcm0+DQo8L2RzOlRyYW5zZm9ybXM+DQo8ZHM6RGln
ZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2ln
I3NoYTEiLz4NCjxkczpEaWdlc3RWYWx1ZT5qUVpKcmRvTGsvMWs0L0tHeXlIalA2NlkxanM9
PC9kczpEaWdlc3RWYWx1ZT4NCjwvZHM6UmVmZXJlbmNlPg0KPC9kczpTaWduZWRJbmZvPg0K
PGRzOlNpZ25hdHVyZVZhbHVlPg0KTU9SRE9SUEFrSEtacXNpMk9zMVhGU1cxd0tYR3NRcnlm
blRXSkE0RXJmZjZwMFZNS2l4cGxNUXF2VjVteVBuZkJhaVNSZXRvTjRrSA0KL1dxc2luSzJK
SG93dGZNb2NjVWpMLytNazI5VExodFJzSnZYOTlWSTRKNFdhd0NnMmx1MWYwV1M2T3kxb25P
blFEai9LOWVKRUhycw0KaTZ6R0NBb1ZOSXRWejgyZHFSQT0NCjwvZHM6U2lnbmF0dXJlVmFs
dWU+DQo8ZHM6S2V5SW5mbz4NCjxkczpYNTA5RGF0YT4NCjxkczpYNTA5Q2VydGlmaWNhdGU+
DQpNSUlFQlRDQ0F1MmdBd0lCQWdJQkF6QU5CZ2txaGtpRzl3MEJBUVVGQURDQnBURUxNQWtH
QTFVRUJoTUNTVlF4Q3pBSkJnTlZCQWdUDQpBbEJFTVE4d0RRWURWUVFIRXdaUVlXUnZkbUV4
SURBZUJnTlZCQW9URjBWdVoybDNaV0lnVTJWamRYSnBkSGtnY3k1eUxtd3VNUnN3DQpHUVlE
VlFRTEZoSlNhV05sY21OaElDWWdVM1pwYkhWd2NHOHhFREFPQmdOVkJBTVRCMUp2YjNRZ1Ew
RXhKekFsQmdrcWhraUc5dzBCDQpDUUVXR0dSaGJtbGxiR1V1WjJGbmJHbGhjbVJwUUdWdVp5
NXBkREFlRncwd056QTNNRFV4TXpFME5UTmFGdzB3T0RBM01EUXhNekUwDQpOVE5hTUlIOE1R
c3dDUVlEVlFRR0V3SkpWREVMTUFrR0ExVUVDQk1DVUVReER6QU5CZ05WQkFjVEJsQmhaRzky
WVRFZ01CNEdBMVVFDQpDaE1YUlc1bmFYZGxZaUJUWldOMWNtbDBlU0J6TG5JdWJDNHhIekFk
QmdOVkJBc1RGbE5sWTNWeWFYUjVJRUoxYzJsdVpYTnpJRlZ1DQphWFF4R3pBWkJnTlZCQU1U
RWtSaGJpQjBhR1VnV0UxTUlGTnBaMjVsY2pFbk1DVUdDU3FHU0liM0RRRUpBUllZWkdGdWFX
VnNaUzVuDQpZV2RzYVdGeVpHbEFaVzVuTG1sME1SQXdEZ1lEVlFRcUV3ZEVZVzVwWld4bE1S
SXdFQVlEVlFRRUV3bEhZV2RzYVdGeVpHa3hEREFLDQpCZ05WQkM0VEEyUmhiakVTTUJBR0Ex
VUVEQk1KWkdWMlpXeHZjR1Z5TUlHZk1BMEdDU3FHU0liM0RRRUJBUVVBQTRHTkFEQ0JpUUtC
DQpnUURFLzNMaHFuQ3NzVmZyV2k2NW00eGtCSXZyd29uMXJySk05Z2d0aXhhM0U1OHp4Wndp
bWd2RGM5L1pTSnNqbkVwQTk4QWFCMWFuDQpKYzIvTnpYSmw2VCs3TE1oKzA3ekhDRVU5LytC
R3RFL0RvNE8rMGZ6dnUzUmhvM1F6Q3kvd2JkQjZPbmFSWS9rcGdpa1phaEdHVUlrDQpHZ1Ns
enlGbzJYV29vZ05tWDFpcWtRSURBUUFCbzJzd2FUQUpCZ05WSFJNRUFqQUFNQTRHQTFVZER3
RUIvd1FFQXdJR1FEQXNCZ05WDQpIUjhFSlRBak1DR2dINkFkaGh0b2RIUndPaTh2WjJGbmJH
bGhjbVJwWkMxa0wyTnliQzVqY213d0hnWUpZSVpJQVliNFFnRU5CQkVXDQpEM2hqWVNCalpY
SjBhV1pwWTJGMFpUQU5CZ2txaGtpRzl3MEJBUVVGQUFPQ0FRRUFZcnUyVHFuOHpOOUk2WUdS
dDVwYmc1RHR6eEFwDQorbFNITE04WGJtajNURWw2ckN4ZUZkYlVWeXhXSGI0ZXdWQjdlUWdB
T2lNSDVkZDJTck1uUXFNSHk3UUtJWXRZZ3hDKzEvQjJ0Tlc0DQpSZml0dVowT04xVldFYzdB
eFNkR1M2R1JYb0RYQmpVcEhqOTNRSzc3VHY3TVA0Z2x1dFMvdDFlSktQcGp0WG1CTUNQbS9K
ekdjckdLDQp5dTdqSXAzVjh2akpGeVp6djlEL1ArSC9YY2xlUEdnQVNQZzY3dm9IaWJZNzhG
VEU1bE5JWnc2aFljNGI2aFhFSDdXQXR1NjBGWTFzDQpWOUlQSnhpSHpiZ0JGc0dPZ1YrNkhp
WFgxUTZuTU9EWFdhblVrUHh4NnpPeHh0QkNubnlGWW1FdzZ1TWxYbi9FMEdHZ3N3aFlyclBE
DQpVY2lWeGpwR1l3PT0NCjwvZHM6WDUwOUNlcnRpZmljYXRlPg0KPC9kczpYNTA5RGF0YT4N
CjxkczpLZXlWYWx1ZT4NCjxkczpSU0FLZXlWYWx1ZT4NCjxkczpNb2R1bHVzPg0KeFA5eTRh
cHdyTEZYNjFvdXVadU1aQVNMNjhLSjlhNnlUUFlJTFlzV3R4T2ZNOFdjSXBvTHczUGYyVWli
STV4S1FQZkFHZ2RXcHlYTg0KdnpjMXlaZWsvdXl6SWZ0Tzh4d2hGUGYvZ1JyUlB3Nk9EdnRI
ODc3dDBZYU4wTXdzdjhHM1FlanAya1dQNUtZSXBHV29SaGxDSkJvRQ0KcGM4aGFObDFxS0lE
Wmw5WXFwRT0NCjwvZHM6TW9kdWx1cz4NCjxkczpFeHBvbmVudD5BUUFCPC9kczpFeHBvbmVu
dD4NCjwvZHM6UlNBS2V5VmFsdWU+DQo8L2RzOktleVZhbHVlPg0KPC9kczpLZXlJbmZvPg0K
PC9kczpTaWduYXR1cmU+PC91c2Vycz4=
--------------060905030304050203050904
Content-Type: text/xml;
 name="alteredfirstname-enveloped-signature.xml"
Content-Transfer-Encoding: base64
Content-Disposition: inline;
 filename="alteredfirstname-enveloped-signature.xml"

PHVzZXJzPg0KICA8dXNlcj4NCiAgICA8Zmlyc3RuYW1lPkZyb2RvPC9maXJzdG5hbWU+DQog
ICAgPGxhc3RuYW1lPkJhZ2dpbnM8L2xhc3RuYW1lPg0KICAgIDxhZ2U+NTI8L2FnZT4NCiAg
ICA8c2VyaWFsPlkxMDwvc2VyaWFsPg0KICA8L3VzZXI+DQogIDx1c2VyPg0KICAgIDxmaXJz
dG5hbWU+VGhvcmluPC9maXJzdG5hbWU+DQogICAgPGxhc3RuYW1lPk9ha2Vuc2hpZWxkPC9s
YXN0bmFtZT4NCiAgICA8YWdlPjE5NTwvYWdlPg0KICAgIDxzZXJpYWw+WTU8L3NlcmlhbD4N
CiAgPC91c2VyPg0KPGRzOlNpZ25hdHVyZSB4bWxuczpkcz0iaHR0cDovL3d3dy53My5vcmcv
MjAwMC8wOS94bWxkc2lnIyI+DQo8ZHM6U2lnbmVkSW5mbz4NCjxkczpDYW5vbmljYWxpemF0
aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvVFIvMjAwMS9SRUMteG1s
LWMxNG4tMjAwMTAzMTUiLz4NCjxkczpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRw
Oi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjcnNhLXNoYTEiLz4NCjxkczpSZWZlcmVu
Y2UgVVJJPSIiPg0KPGRzOlRyYW5zZm9ybXM+DQo8ZHM6VHJhbnNmb3JtIEFsZ29yaXRobT0i
aHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3BlZC1zaWduYXR1cmUi
Lz4NCjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy9UUi8xOTk5
L1JFQy14cGF0aC0xOTk5MTExNiI+DQo8ZHM6WFBhdGg+L3VzZXJzL3VzZXIvbGFzdG5hbWU8
L2RzOlhQYXRoPg0KPC9kczpUcmFuc2Zvcm0+DQo8L2RzOlRyYW5zZm9ybXM+DQo8ZHM6RGln
ZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2ln
I3NoYTEiLz4NCjxkczpEaWdlc3RWYWx1ZT5qUVpKcmRvTGsvMWs0L0tHeXlIalA2NlkxanM9
PC9kczpEaWdlc3RWYWx1ZT4NCjwvZHM6UmVmZXJlbmNlPg0KPC9kczpTaWduZWRJbmZvPg0K
PGRzOlNpZ25hdHVyZVZhbHVlPg0KUmRxSzNLUEFrSEtacXNpMk9zMVhGU1cxd0tYR3NRcnlm
blRXSkE0RXJmZjZwMFZNS2l4cGxNUXF2VjVteVBuZkJhaVNSZXRvTjRrSA0KL1dxc2luSzJK
SG93dGZNb2NjVWpMLytNazI5VExodFJzSnZYOTlWSTRKNFdhd0NnMmx1MWYwV1M2T3kxb25P
blFEai9LOWVKRUhycw0KaTZ6R0NBb1ZOSXRWejgyZHFSQT0NCjwvZHM6U2lnbmF0dXJlVmFs
dWU+DQo8ZHM6S2V5SW5mbz4NCjxkczpYNTA5RGF0YT4NCjxkczpYNTA5Q2VydGlmaWNhdGU+
DQpNSUlFQlRDQ0F1MmdBd0lCQWdJQkF6QU5CZ2txaGtpRzl3MEJBUVVGQURDQnBURUxNQWtH
QTFVRUJoTUNTVlF4Q3pBSkJnTlZCQWdUDQpBbEJFTVE4d0RRWURWUVFIRXdaUVlXUnZkbUV4
SURBZUJnTlZCQW9URjBWdVoybDNaV0lnVTJWamRYSnBkSGtnY3k1eUxtd3VNUnN3DQpHUVlE
VlFRTEZoSlNhV05sY21OaElDWWdVM1pwYkhWd2NHOHhFREFPQmdOVkJBTVRCMUp2YjNRZ1Ew
RXhKekFsQmdrcWhraUc5dzBCDQpDUUVXR0dSaGJtbGxiR1V1WjJGbmJHbGhjbVJwUUdWdVp5
NXBkREFlRncwd056QTNNRFV4TXpFME5UTmFGdzB3T0RBM01EUXhNekUwDQpOVE5hTUlIOE1R
c3dDUVlEVlFRR0V3SkpWREVMTUFrR0ExVUVDQk1DVUVReER6QU5CZ05WQkFjVEJsQmhaRzky
WVRFZ01CNEdBMVVFDQpDaE1YUlc1bmFYZGxZaUJUWldOMWNtbDBlU0J6TG5JdWJDNHhIekFk
QmdOVkJBc1RGbE5sWTNWeWFYUjVJRUoxYzJsdVpYTnpJRlZ1DQphWFF4R3pBWkJnTlZCQU1U
RWtSaGJpQjBhR1VnV0UxTUlGTnBaMjVsY2pFbk1DVUdDU3FHU0liM0RRRUpBUllZWkdGdWFX
VnNaUzVuDQpZV2RzYVdGeVpHbEFaVzVuTG1sME1SQXdEZ1lEVlFRcUV3ZEVZVzVwWld4bE1S
SXdFQVlEVlFRRUV3bEhZV2RzYVdGeVpHa3hEREFLDQpCZ05WQkM0VEEyUmhiakVTTUJBR0Ex
VUVEQk1KWkdWMlpXeHZjR1Z5TUlHZk1BMEdDU3FHU0liM0RRRUJBUVVBQTRHTkFEQ0JpUUtC
DQpnUURFLzNMaHFuQ3NzVmZyV2k2NW00eGtCSXZyd29uMXJySk05Z2d0aXhhM0U1OHp4Wndp
bWd2RGM5L1pTSnNqbkVwQTk4QWFCMWFuDQpKYzIvTnpYSmw2VCs3TE1oKzA3ekhDRVU5LytC
R3RFL0RvNE8rMGZ6dnUzUmhvM1F6Q3kvd2JkQjZPbmFSWS9rcGdpa1phaEdHVUlrDQpHZ1Ns
enlGbzJYV29vZ05tWDFpcWtRSURBUUFCbzJzd2FUQUpCZ05WSFJNRUFqQUFNQTRHQTFVZER3
RUIvd1FFQXdJR1FEQXNCZ05WDQpIUjhFSlRBak1DR2dINkFkaGh0b2RIUndPaTh2WjJGbmJH
bGhjbVJwWkMxa0wyTnliQzVqY213d0hnWUpZSVpJQVliNFFnRU5CQkVXDQpEM2hqWVNCalpY
SjBhV1pwWTJGMFpUQU5CZ2txaGtpRzl3MEJBUVVGQUFPQ0FRRUFZcnUyVHFuOHpOOUk2WUdS
dDVwYmc1RHR6eEFwDQorbFNITE04WGJtajNURWw2ckN4ZUZkYlVWeXhXSGI0ZXdWQjdlUWdB
T2lNSDVkZDJTck1uUXFNSHk3UUtJWXRZZ3hDKzEvQjJ0Tlc0DQpSZml0dVowT04xVldFYzdB
eFNkR1M2R1JYb0RYQmpVcEhqOTNRSzc3VHY3TVA0Z2x1dFMvdDFlSktQcGp0WG1CTUNQbS9K
ekdjckdLDQp5dTdqSXAzVjh2akpGeVp6djlEL1ArSC9YY2xlUEdnQVNQZzY3dm9IaWJZNzhG
VEU1bE5JWnc2aFljNGI2aFhFSDdXQXR1NjBGWTFzDQpWOUlQSnhpSHpiZ0JGc0dPZ1YrNkhp
WFgxUTZuTU9EWFdhblVrUHh4NnpPeHh0QkNubnlGWW1FdzZ1TWxYbi9FMEdHZ3N3aFlyclBE
DQpVY2lWeGpwR1l3PT0NCjwvZHM6WDUwOUNlcnRpZmljYXRlPg0KPC9kczpYNTA5RGF0YT4N
CjxkczpLZXlWYWx1ZT4NCjxkczpSU0FLZXlWYWx1ZT4NCjxkczpNb2R1bHVzPg0KeFA5eTRh
cHdyTEZYNjFvdXVadU1aQVNMNjhLSjlhNnlUUFlJTFlzV3R4T2ZNOFdjSXBvTHczUGYyVWli
STV4S1FQZkFHZ2RXcHlYTg0KdnpjMXlaZWsvdXl6SWZ0Tzh4d2hGUGYvZ1JyUlB3Nk9EdnRI
ODc3dDBZYU4wTXdzdjhHM1FlanAya1dQNUtZSXBHV29SaGxDSkJvRQ0KcGM4aGFObDFxS0lE
Wmw5WXFwRT0NCjwvZHM6TW9kdWx1cz4NCjxkczpFeHBvbmVudD5BUUFCPC9kczpFeHBvbmVu
dD4NCjwvZHM6UlNBS2V5VmFsdWU+DQo8L2RzOktleVZhbHVlPg0KPC9kczpLZXlJbmZvPg0K
PC9kczpTaWduYXR1cmU+PC91c2Vycz4=
--------------060905030304050203050904
Content-Type: text/xml;
 name="generic-users.xml"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="generic-users.xml"

<?xml version="1.0" encoding="UTF-8"?>
<users>
  <user>
    <firstname>Bilbo</firstname>
    <lastname>Baggins</lastname>
    <age>52</age>
    <serial>Y10</serial>
  </user>
  <user>
    <firstname>Thorin</firstname>
    <lastname>Oakenshield</lastname>
    <age>195</age>
    <serial>Y5</serial>
  </user>
</users>

--------------060905030304050203050904
Content-Type: text/xml;
 name="wholedocument-enveloped-signature.xml"
Content-Transfer-Encoding: base64
Content-Disposition: inline;
 filename="wholedocument-enveloped-signature.xml"

PHVzZXJzPgogIDx1c2VyPgogICAgPGZpcnN0bmFtZT5CaWxibzwvZmlyc3RuYW1lPgogICAg
PGxhc3RuYW1lPkJhZ2dpbnM8L2xhc3RuYW1lPgogICAgPGFnZT41MjwvYWdlPgogICAgPHNl
cmlhbD5ZMTA8L3NlcmlhbD4KICA8L3VzZXI+CiAgPHVzZXI+CiAgICA8Zmlyc3RuYW1lPlRo
b3JpbjwvZmlyc3RuYW1lPgogICAgPGxhc3RuYW1lPk9ha2Vuc2hpZWxkPC9sYXN0bmFtZT4K
ICAgIDxhZ2U+MTk1PC9hZ2U+CiAgICA8c2VyaWFsPlk1PC9zZXJpYWw+CiAgPC91c2VyPgo8
ZHM6U2lnbmF0dXJlIHhtbG5zOmRzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRz
aWcjIj4KPGRzOlNpZ25lZEluZm8+CjxkczpDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29y
aXRobT0iaHR0cDovL3d3dy53My5vcmcvVFIvMjAwMS9SRUMteG1sLWMxNG4tMjAwMTAzMTUi
PjwvZHM6Q2Fub25pY2FsaXphdGlvbk1ldGhvZD4KPGRzOlNpZ25hdHVyZU1ldGhvZCBBbGdv
cml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNyc2Etc2hhMSI+PC9k
czpTaWduYXR1cmVNZXRob2Q+CjxkczpSZWZlcmVuY2UgVVJJPSIiPgo8ZHM6VHJhbnNmb3Jt
cz4KPGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkv
eG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIj48L2RzOlRyYW5zZm9ybT4KPC9kczpUcmFu
c2Zvcm1zPgo8ZHM6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcv
MjAwMC8wOS94bWxkc2lnI3NoYTEiPjwvZHM6RGlnZXN0TWV0aG9kPgo8ZHM6RGlnZXN0VmFs
dWU+alFaSnJkb0xrLzFrNC9LR3l5SGpQNjZZMWpzPTwvZHM6RGlnZXN0VmFsdWU+CjwvZHM6
UmVmZXJlbmNlPgo8L2RzOlNpZ25lZEluZm8+CjxkczpTaWduYXR1cmVWYWx1ZT4KR2VwaFJE
bnN1RHJ4Rm1obnQycWRvNGR6ZDRKandGYWZMc2xHZHdkbTg1TTV0NmhvS1VBNUVJUzFZWHBS
T2FuSmlOaDNTUHk2dnNoMQptbkt0Ukk3ci91NTB5U090YytBMzhJQ1FHNHpjZ3o0Tytkck5U
Q2MvUFo5K094STlLR2Q1WVBmb3gyc0V1VkV1STY2MjdEV1BJNmVYCjRnRDI5c1JYTktaRDdy
am1yaG89CjwvZHM6U2lnbmF0dXJlVmFsdWU+CjxkczpLZXlJbmZvPgo8ZHM6WDUwOURhdGE+
CjxkczpYNTA5Q2VydGlmaWNhdGU+Ck1JSUVCVENDQXUyZ0F3SUJBZ0lCQXpBTkJna3Foa2lH
OXcwQkFRVUZBRENCcFRFTE1Ba0dBMVVFQmhNQ1NWUXhDekFKQmdOVkJBZ1QKQWxCRU1ROHdE
UVlEVlFRSEV3WlFZV1J2ZG1FeElEQWVCZ05WQkFvVEYwVnVaMmwzWldJZ1UyVmpkWEpwZEhr
Z2N5NXlMbXd1TVJzdwpHUVlEVlFRTEZoSlNhV05sY21OaElDWWdVM1pwYkhWd2NHOHhFREFP
QmdOVkJBTVRCMUp2YjNRZ1EwRXhKekFsQmdrcWhraUc5dzBCCkNRRVdHR1JoYm1sbGJHVXVa
MkZuYkdsaGNtUnBRR1Z1Wnk1cGREQWVGdzB3TnpBM01EVXhNekUwTlROYUZ3MHdPREEzTURR
eE16RTAKTlROYU1JSDhNUXN3Q1FZRFZRUUdFd0pKVkRFTE1Ba0dBMVVFQ0JNQ1VFUXhEekFO
QmdOVkJBY1RCbEJoWkc5MllURWdNQjRHQTFVRQpDaE1YUlc1bmFYZGxZaUJUWldOMWNtbDBl
U0J6TG5JdWJDNHhIekFkQmdOVkJBc1RGbE5sWTNWeWFYUjVJRUoxYzJsdVpYTnpJRlZ1CmFY
UXhHekFaQmdOVkJBTVRFa1JoYmlCMGFHVWdXRTFNSUZOcFoyNWxjakVuTUNVR0NTcUdTSWIz
RFFFSkFSWVlaR0Z1YVdWc1pTNW4KWVdkc2FXRnlaR2xBWlc1bkxtbDBNUkF3RGdZRFZRUXFF
d2RFWVc1cFpXeGxNUkl3RUFZRFZRUUVFd2xIWVdkc2FXRnlaR2t4RERBSwpCZ05WQkM0VEEy
UmhiakVTTUJBR0ExVUVEQk1KWkdWMlpXeHZjR1Z5TUlHZk1BMEdDU3FHU0liM0RRRUJBUVVB
QTRHTkFEQ0JpUUtCCmdRREUvM0xocW5Dc3NWZnJXaTY1bTR4a0JJdnJ3b24xcnJKTTlnZ3Rp
eGEzRTU4enhad2ltZ3ZEYzkvWlNKc2puRXBBOThBYUIxYW4KSmMyL056WEpsNlQrN0xNaCsw
N3pIQ0VVOS8rQkd0RS9EbzRPKzBmenZ1M1JobzNRekN5L3diZEI2T25hUlkva3BnaWtaYWhH
R1VJawpHZ1NsenlGbzJYV29vZ05tWDFpcWtRSURBUUFCbzJzd2FUQUpCZ05WSFJNRUFqQUFN
QTRHQTFVZER3RUIvd1FFQXdJR1FEQXNCZ05WCkhSOEVKVEFqTUNHZ0g2QWRoaHRvZEhSd09p
OHZaMkZuYkdsaGNtUnBaQzFrTDJOeWJDNWpjbXd3SGdZSllJWklBWWI0UWdFTkJCRVcKRDNo
allTQmpaWEowYVdacFkyRjBaVEFOQmdrcWhraUc5dzBCQVFVRkFBT0NBUUVBWXJ1MlRxbjh6
TjlJNllHUnQ1cGJnNUR0enhBcAorbFNITE04WGJtajNURWw2ckN4ZUZkYlVWeXhXSGI0ZXdW
QjdlUWdBT2lNSDVkZDJTck1uUXFNSHk3UUtJWXRZZ3hDKzEvQjJ0Tlc0ClJmaXR1WjBPTjFW
V0VjN0F4U2RHUzZHUlhvRFhCalVwSGo5M1FLNzdUdjdNUDRnbHV0Uy90MWVKS1BwanRYbUJN
Q1BtL0p6R2NyR0sKeXU3aklwM1Y4dmpKRnlaenY5RC9QK0gvWGNsZVBHZ0FTUGc2N3ZvSGli
WTc4RlRFNWxOSVp3NmhZYzRiNmhYRUg3V0F0dTYwRlkxcwpWOUlQSnhpSHpiZ0JGc0dPZ1Yr
NkhpWFgxUTZuTU9EWFdhblVrUHh4NnpPeHh0QkNubnlGWW1FdzZ1TWxYbi9FMEdHZ3N3aFly
clBEClVjaVZ4anBHWXc9PQo8L2RzOlg1MDlDZXJ0aWZpY2F0ZT4KPC9kczpYNTA5RGF0YT4K
PGRzOktleVZhbHVlPgo8ZHM6UlNBS2V5VmFsdWU+CjxkczpNb2R1bHVzPgp4UDl5NGFwd3JM
Rlg2MW91dVp1TVpBU0w2OEtKOWE2eVRQWUlMWXNXdHhPZk04V2NJcG9MdzNQZjJVaWJJNXhL
UVBmQUdnZFdweVhOCnZ6YzF5WmVrL3V5eklmdE84eHdoRlBmL2dSclJQdzZPRHZ0SDg3N3Qw
WWFOME13c3Y4RzNRZWpwMmtXUDVLWUlwR1dvUmhsQ0pCb0UKcGM4aGFObDFxS0lEWmw5WXFw
RT0KPC9kczpNb2R1bHVzPgo8ZHM6RXhwb25lbnQ+QVFBQjwvZHM6RXhwb25lbnQ+CjwvZHM6
UlNBS2V5VmFsdWU+CjwvZHM6S2V5VmFsdWU+CjwvZHM6S2V5SW5mbz4KPC9kczpTaWduYXR1
cmU+PC91c2Vycz4=
--------------060905030304050203050904--