Digitalni potpis

Kako bi se osigurala neporecivost određenih akcija ili određenih medicinskih informacija koje se spremaju u centralni repozitorij kliničkih dokumenata CEZIH sustava FHIR poruke i FHIR dokumenti se moraju potpisati digitalnim certifikatom koji se nalazi na pametnoj kartici krajnjeg korisnika koji je autor određenog kliničkog dokumenta ili koji je inicirao određenu akciju na CEZIH sustavu (npr. kreiranje novog slučaja ili izmjene podataka o slučaju na usluzi upravljanja slučajevima)

Za potpisivanje FHIR poruka odnosno FHIR dokumenata koristi se tzv. Enveloped potpis budući da se potpisuje cijeli FHIR resurs Bundle koji definira FHIR poruku (FHIR poruka), odnosno FHIR dokument (FHIR dokument), a da se sam digitalni potpis nalazi unutar elemena "signature" tog FHIR resursa.

Sam digitalni potpis mora biti izrađen sukladno specifikaciji JSON Web Signature (JWS) i JSON Canonicalization Scheme (JCS).

Budući da se sam potpis nalazi unutar FHIR resursa Bundle koji se potpisuje prilikom izrade i provjere potpisa element Bundle.signature.data mora biti izuzet

Sukladno JWS specifikaciji serializiran digitalni potpis se sastoji od 3 djela

• JOSE zaglavlja
• JWS payload
• JWS signature

JOSE zaglavlje mora uključivati minimalno atribute alg, jwk i x5c i sve ostale atribute koji su obavezni sukladno JWS specifikaciji.

Algoritmi potpisa koji moraju biti podržani su RS256, RS384, RS512 no preporuča se korištenje algoritma RS512. Kako je definirano JWS specifikacijom u jwk parametru potrebno je slati javni ključ koji odgovara privatnom ključu koji je korišten prilikom potpisivanja. Javni ključ mora biti u JSON Web Key (JWK) obliku.

U x5c atributu JOSE zaglavlja potrebno je slati digitalni certifikat krajnjeg korisnika čiji privatni ključ je korišten za potpisivanje.

Primjer JOSE zaglavlja

{
	"alg": "RS1",
	"jwk": {
		"kty": "RSA",
		"x5t#S256": "GUwIOcnHTSU2mxkcVB5WpJvZwUJgGlBTEDNTzggO0sY",
		"nbf": 1704799276,
		"e": "AQAB",
		"kid": "1698077855",
		"x5c": [
			"MIIEEjCCAvqgAwIBAgIEZTacnzANBgkqhkiG9w0BAQUFADAdMQswCQYDVQQGEwJocjEOMAwGA1UEChMFY2V6aWgwHhcNMjQwMTA5MTEyMTE2WhcNMjUwMTMxMjI1OTU5WjBIMQswCQYDVQQGEwJocjEOMAwGA1UEChMFY2V6aWgxDjAMBgNVBAsTBWNlemloMRkwFwYKCZImiZPyLGQBARMJOTkwMDAwMDIzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD12aKeFT8CotWHRfTvLZeivv9txui0ZcGWp+NUnNC5FSTii8dKwE9JjqON7eItlQrutY6ZAAe6hlufBxmQQ6p6iaP1RlLqnJjhNQOX9mZdtGPOgubPFRKxASoCvkkroQT7eabZ7eETV+v1RlueNmzhi+ff6Uw2EzOZyWli7yWdgwIDAQABo4IBsTCCAa0wCwYDVR0PBAQDAgXgMCkGA1UdJQQiMCAGCCsGAQUFBwMCBggrBgEFBQcDBAYKKwYBBAGCNxQCAjBBBgNVHREEOjA4gRI5OTAwMDAwMjNAY2V6aWguaHKgIgYKKwYBBAGCNxQCA6AUDBI5OTAwMDAwMjNAY2V6aWguaHIwgbcGA1UdHwSBrzCBrDA2oDSgMqQwMC4xCzAJBgNVBAYTAmhyMQ4wDAYDVQQKEwVjZXppaDEPMA0GA1UEAxMGQ1JMNDQ0MHKgcKBuhihodHRwOi8vZHAuY2V6aWguaHIvQ1JML2NlemloX2NybGZpbGUuY3JshkJsZGFwOi8vZHAuY2V6aWguaHIvbz1jZXppaCxjPWhyP2NlcnRpZmljYXRlUmV2b2NhdGlvbkxpc3QlM0JiaW5hcnkwKwYDVR0QBCQwIoAPMjAyNDAxMDkxMTIxMTZagQ8yMDI1MDEzMTIyNTk1OVowHwYDVR0jBBgwFoAUocGXkKRCFw9N1QwVlIHBhqsfBcEwHQYDVR0OBBYEFIAJ6QoppwZ5AG1byaN1OySHuQNdMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQEFBQADggEBAE5JohdJ8rSGEJUFCTPx+pYKE79i1I2ycW4EcghUuWX3cUvNzrSa4LjC2EigQH2ufUIt9YeEsbz9aoPba7HTj5XaFQLi3A2ZuVNXYAFPtfMz5Gr6WagXWsfSSosXwx0G1pkCzATYCiwGwzMSl+XoQxF+6G/P4AZ5xy0E2wJxvwEZbZ6a7yyEY14KZi/DGHo2A4Jg623+DgyftxGRgcFNwHctH+zDF13xMygEdLEdY3gsWLoN1q88ws8s9tTaT+Fv0qQfxGWkglqdYHALRUPDN7oJevt4x1PzWJtjIUJHE19NLpNFbt+kSLi9g3pFm/z+8j70JQVCOYl+X9YCVPwlStc="
		],
		"exp": 1738364399,
		"n": "9dminhU_AqLVh0X07y2Xor7_bcbotGXBlqfjVJzQuRUk4ovHSsBPSY6jje3iLZUK7rWOmQAHuoZbnwcZkEOqeomj9UZS6pyY4TUDl_ZmXbRjzoLmzxUSsQEqAr5JK6EE-3mm2e3hE1fr9UZbnjZs4Yvn3-lMNhMzmclpYu8lnYM"
	}
}

Sukladno JWS specifikaciji JWS paylod sadrži B64URL enkodirani kanonikalizirani oblik JSONa koji se potpisuje. Kako je objašnjeno ranije potpisuje se FHIR resurs bundle Dokumenta ili poruke.

Primjer

eyJyZXNvdXJjZVR5cGUiOiJCdW5kbGUiLCJpZCI6IjEwYmIxMDFmLWExMjEtNDI2NC1hOTIwLTY3YmU5Y2I4MmM3NCIsIm1ldGEiOnsidmVyc2lvbklkIjoiNSIsImxhc3RVcGRhdGVkIjoiMjAyMi0wOS0yN1QxNDozMjoxNi4xMzcrMDA6MDAiLCJzb3VyY2UiOiIjODdjMjlkNjczOWE1OGVhMyJ9LCJ0eXBlIjoibWVzc2FnZSIsInRpbWVzdGFtcCI6IjIwMjItMDctMTRUMTE6MTU6MzMrMDI6MDAiLCJlbnRyeSI6W3siZnVsbFVybCI6InVybjp1dWlkOjI2N2IxOGNlLTNkMzctNDU4MS05YmFhLTZmYWRhMzM4MDM4YiIsInJlc291cmNlIjp7InJlc291cmNlVHlwZSI6Ik1lc3NhZ2VIZWFkZXIiLCJldmVudENvZGluZyI6eyJzeXN0ZW0iOiJodHRwOi8vZW50LmhyL2ZoaXIvQ29kZVN5c3RlbS9laGUtbWVzc2FnZS10eXBlcyIsImNvZGUiOiIxLjEifSwic2VuZGVyIjp7InR5cGUiOiJPcmdhbml6YXRpb24iLCJpZGVudGlmaWVyIjp7InN5c3RlbSI6Imh0dHA6Ly9maGlyLmNlemloLmhyL2lkZW50aWZpa2F0b3JpL0haWk8tc2lmcmEtemRyYXZzdHZlbmUtb3JnYW5pemFjaWplIiwidmFsdWUiOiIxMjM0In19LCJhdXRob3IiOnsidHlwZSI6IlByYWN0aXRpb25lciIsImlkZW50aWZpZXIiOnsic3lzdGVtIjoiaHR0cDovL2ZoaXIuY2V6aWguaHIvaWRlbnRpZmlrYXRvcmkvSFpKWi1icm9qLXpkcmF2c3R2ZW5vZy1kamVsYXRuaWthIiwidmFsdWUiOiIxMjM0NTY3In19LCJzb3VyY2UiOnsiZW5kcG9pbnQiOiJ1cm46b2lkOjEuMi4zLjQuNS42In0sImZvY3VzIjpbeyJyZWZlcmVuY2UiOiJ1cm46dXVpZDoyNmNjZDg0NS1mN2M0LTRkZjUtOGIyNC0yNzNiODRkOWVlNDYifV19fSx7ImZ1bGxVcmwiOiJ1cm46dXVpZDoyNmNjZDg0NS1mN2M0LTRkZjUtOGIyNC0yNzNiODRkOWVlNDYiLCJyZXNvdXJjZSI6eyJyZXNvdXJjZVR5cGUiOiJFbmNvdW50ZXIiLCJleHRlbnNpb24iOlt7InVybCI6Imh0dHA6Ly9maGlyLmNlemloLmhyL3NwZWNpZmlrYWNpamUvU3RydWN0dXJlRGVmaW5pdGlvbi9oci10cm9za292aS1zdWRqZWxvdmFuamUiLCJleHRlbnNpb24iOlt7InVybCI6Im96bmFrYSIsInZhbHVlQ29kaW5nIjp7InN5c3RlbSI6Imh0dHA6Ly9maGlyLmNlemloLmhyL3NwZWNpZmlrYWNpamUvQ29kZVN5c3RlbS9zdWRqZWxvdmFuamUtdS10cm9za292aW1hIiwiY29kZSI6Ik4ifX0seyJ1cmwiOiJzaWZyYS1vc2xvYm9kamVuamEiLCJ2YWx1ZUNvZGluZyI6eyJzeXN0ZW0iOiJodHRwOi8vZmhpci5jZXppaC5oci9zcGVjaWZpa2FjaWplL0NvZGVTeXN0ZW0vc2lmcmEtb3Nsb2JvZGplbmphLW9kLXN1ZGplbG92YW5qYS11LXRyb3Nrb3ZpbWEiLCJjb2RlIjoiNTUifX1dfV0sInN0YXR1cyI6ImluLXByb2dyZXNzIiwiY2xhc3MiOnsic3lzdGVtIjoiaHR0cDovL2ZoaXIuY2V6aWguaHIvc3BlY2lmaWthY2lqZS9Db2RlU3lzdGVtL25hY2luLXByaWplbWEiLCJjb2RlIjoiOSIsImRpc3BsYXkiOiJJbnRlcm5hdXB1dG5pY2EifSwic3ViamVjdCI6eyJ0eXBlIjoiUGF0aWVudCIsImlkZW50aWZpZXIiOnsic3lzdGVtIjoiaHR0cDovL2ZoaXIuY2V6aWguaHIvaWRlbnRpZmlrYXRvcmkvTUJPIiwidmFsdWUiOiIxODAyMjMwNjk4NiJ9fSwicGFydGljaXBhbnQiOlt7ImluZGl2aWR1YWwiOnsidHlwZSI6IlByYWN0aXRpb25lciIsImlkZW50aWZpZXIiOnsic3lzdGVtIjoiaHR0cDovL2ZoaXIuY2V6aWguaHIvaWRlbnRpZmlrYXRvcmkvSFpKWi1icm9qLXpkcmF2c3R2ZW5vZy1kamVsYXRuaWthIiwidmFsdWUiOiIxMjM0NTY3In19fV0sInBlcmlvZCI6eyJzdGFydCI6IjIwMjItMDEtMjBUMTI6MzA6MDJaIn0sInNlcnZpY2VQcm92aWRlciI6eyJ0eXBlIjoiT3JnYW5pemF0aW9uIiwiaWRlbnRpZmllciI6eyJzeXN0ZW0iOiJodHRwOi8vZmhpci5jZXppaC5oci9pZGVudGlmaWthdG9yaS9IWlpPLXNpZnJhLXpkcmF2c3R2ZW5lLW9yZ2FuaXphY2lqZSIsInZhbHVlIjoiMTIzNCJ9fX19XSwic2lnbmF0dXJlIjp7InR5cGUiOlt7InN5c3RlbSI6InVybjppc28tYXN0bTpFMTc2Mi05NToyMDEzIiwiY29kZSI6IjEuMi44NDAuMTAwNjUuMS4xMi4xLjEifV0sIndoZW4iOiIyMDIyLTA3LTE0VDExOjE1OjM0KzAyOjAwIiwid2hvIjp7InR5cGUiOiJQcmFjdGl0aW9uZXIiLCJpZGVudGlmaWVyIjp7InN5c3RlbSI6Imh0dHA6Ly9maGlyLmNlemloLmhyL2lkZW50aWZpa2F0b3JpL0haSlotYnJvai16ZHJhdnN0dmVub2ctZGplbGF0bmlrYSIsInZhbHVlIjoiMTIzNDU2NyJ9fSwiZGF0YSI6IiJ9fQ

Budući da se koristi digitalni potpis tipa enveloped (digitalni potpis se nalazi unutar JSONa koji se potpisuje) JWS payload je opcionalan u digitalnom potpisu (može se slati, ali i ne mora).

Primjer digitalnog potpisa sukladnog JWS specifikaciji

eyJhbGciOiJSUzEiLCJqd2siOnsia3R5IjoiUlNBIiwieDV0I1MyNTYiOiJHVXdJT2NuSFRTVTJteGtjVkI1V3BKdlp3VUpnR2xCVEVETlR6Z2dPMHNZIiwibmJmIjoxNzA0Nzk5Mjc2LCJlIjoiQVFBQiIsImtpZCI6IjE2OTgwNzc4NTUiLCJ4NWMiOlsiTUlJRUVqQ0NBdnFnQXdJQkFnSUVaVGFjbnpBTkJna3Foa2lHOXcwQkFRVUZBREFkTVFzd0NRWURWUVFHRXdKb2NqRU9NQXdHQTFVRUNoTUZZMlY2YVdnd0hoY05NalF3TVRBNU1URXlNVEUyV2hjTk1qVXdNVE14TWpJMU9UVTVXakJJTVFzd0NRWURWUVFHRXdKb2NqRU9NQXdHQTFVRUNoTUZZMlY2YVdneERqQU1CZ05WQkFzVEJXTmxlbWxvTVJrd0Z3WUtDWkltaVpQeUxHUUJBUk1KT1Rrd01EQXdNREl6TUlHZk1BMEdDU3FHU0liM0RRRUJBUVVBQTRHTkFEQ0JpUUtCZ1FEMTJhS2VGVDhDb3RXSFJmVHZMWmVpdnY5dHh1aTBaY0dXcCtOVW5OQzVGU1RpaThkS3dFOUpqcU9ON2VJdGxRcnV0WTZaQUFlNmhsdWZCeG1RUTZwNmlhUDFSbExxbkpqaE5RT1g5bVpkdEdQT2d1YlBGUkt4QVNvQ3Zra3JvUVQ3ZWFiWjdlRVRWK3YxUmx1ZU5temhpK2ZmNlV3MkV6T1p5V2xpN3lXZGd3SURBUUFCbzRJQnNUQ0NBYTB3Q3dZRFZSMFBCQVFEQWdYZ01Da0dBMVVkSlFRaU1DQUdDQ3NHQVFVRkJ3TUNCZ2dyQmdFRkJRY0RCQVlLS3dZQkJBR0NOeFFDQWpCQkJnTlZIUkVFT2pBNGdSSTVPVEF3TURBd01qTkFZMlY2YVdndWFIS2dJZ1lLS3dZQkJBR0NOeFFDQTZBVURCSTVPVEF3TURBd01qTkFZMlY2YVdndWFISXdnYmNHQTFVZEh3U0JyekNCckRBMm9EU2dNcVF3TUM0eEN6QUpCZ05WQkFZVEFtaHlNUTR3REFZRFZRUUtFd1ZqWlhwcGFERVBNQTBHQTFVRUF4TUdRMUpNTkRRME1IS2djS0J1aGlob2RIUndPaTh2WkhBdVkyVjZhV2d1YUhJdlExSk1MMk5sZW1sb1gyTnliR1pwYkdVdVkzSnNoa0pzWkdGd09pOHZaSEF1WTJWNmFXZ3VhSEl2YnoxalpYcHBhQ3hqUFdoeVAyTmxjblJwWm1sallYUmxVbVYyYjJOaGRHbHZia3hwYzNRbE0wSmlhVzVoY25rd0t3WURWUjBRQkNRd0lvQVBNakF5TkRBeE1Ea3hNVEl4TVRaYWdROHlNREkxTURFek1USXlOVGsxT1Zvd0h3WURWUjBqQkJnd0ZvQVVvY0dYa0tSQ0Z3OU4xUXdWbElIQmhxc2ZCY0V3SFFZRFZSME9CQllFRklBSjZRb3Bwd1o1QUcxYnlhTjFPeVNIdVFOZE1Ba0dBMVVkRXdRQ01BQXdEUVlKS29aSWh2Y05BUUVGQlFBRGdnRUJBRTVKb2hkSjhyU0dFSlVGQ1RQeCtwWUtFNzlpMUkyeWNXNEVjZ2hVdVdYM2NVdk56clNhNExqQzJFaWdRSDJ1ZlVJdDlZZUVzYno5YW9QYmE3SFRqNVhhRlFMaTNBMlp1Vk5YWUFGUHRmTXo1R3I2V2FnWFdzZlNTb3NYd3gwRzFwa0N6QVRZQ2l3R3d6TVNsK1hvUXhGKzZHL1A0QVo1eHkwRTJ3Snh2d0VaYlo2YTd5eUVZMTRLWmkvREdIbzJBNEpnNjIzK0RneWZ0eEdSZ2NGTndIY3RIK3pERjEzeE15Z0VkTEVkWTNnc1dMb04xcTg4d3M4czl0VGFUK0Z2MHFRZnhHV2tnbHFkWUhBTFJVUERON29KZXZ0NHgxUHpXSnRqSVVKSEUxOU5McE5GYnQra1NMaTlnM3BGbS96KzhqNzBKUVZDT1lsK1g5WUNWUHdsU3RjPSJdLCJleHAiOjE3MzgzNjQzOTksIm4iOiI5ZG1pbmhVX0FxTFZoMFgwN3kyWG9yN19iY2JvdEdYQmxxZmpWSnpRdVJVazRvdkhTc0JQU1k2amplM2lMWlVLN3JXT21RQUh1b1pibndjWmtFT3Flb21qOVVaUzZweVk0VFVEbF9abVhiUmp6b0xtenhVU3NRRXFBcjVKSzZFRS0zbW0yZTNoRTFmcjlVWmJualpzNFl2bjMtbE1OaE16bWNscFl1OGxuWU0ifX0..pP9A34pU5qttQem9DtKJNzuKKR1poptQibgjDxMk_ntnURKQkYx9lCqEzkuo_OnBx9Jy59aKFFnQSsabzMcSH45rK3YXc5RWEyGgpHZwKp-0rHld-Nmsm2AE4a4Wz_faIOnuT8mp_viEJQJZ6KeellRI9ePDjcgjYcYMHp9eU_k

U primjeru je prazan JWS payload. Elementi su razdvojeni točkom ([header-base64url].[payload-base64url].[signature-base64url]).

Napomena - prije stavljanja digitalnog potpisa u FHIR dokument, odnosno poruku, cijeli digitalni potpis je potrebno još jednom Base64 enkodirati kako bi bio u skladu sa standardom.

Primjer digitalnog potpisa nakon dodatnog enkodiranja. Ovakav potpis ide u element signature.data.

ZXlKaGJHY2lPaUpTVXpFaUxDSnFkMnNpT25zaWEzUjVJam9pVWxOQklpd2llRFYwSTFNeU5UWWlPaUpIVlhkSlQyTnVTRlJUVlRKdGVHdGpWa0kxVjNCS2RscDNWVXBuUjJ4Q1ZFVkVUbFI2WjJkUE1ITlpJaXdpYm1KbUlqb3hOekEwTnprNU1qYzJMQ0psSWpvaVFWRkJRaUlzSW10cFpDSTZJakUyT1Rnd056YzROVFVpTENKNE5XTWlPbHNpVFVsSlJVVnFRME5CZG5GblFYZEpRa0ZuU1VWYVZHRmpibnBCVGtKbmEzRm9hMmxIT1hjd1FrRlJWVVpCUkVGa1RWRnpkME5SV1VSV1VWRkhSWGRLYjJOcVJVOU5RWGRIUVRGVlJVTm9UVVpaTWxZMllWZG5kMGhvWTA1TmFsRjNUVlJCTlUxVVJYbE5WRVV5VjJoalRrMXFWWGROVkUxNFRXcEpNVTlVVlRWWGFrSkpUVkZ6ZDBOUldVUldVVkZIUlhkS2IyTnFSVTlOUVhkSFFURlZSVU5vVFVaWk1sWTJZVmRuZUVScVFVMUNaMDVXUWtGelZFSlhUbXhsYld4dlRWSnJkMFozV1V0RFdrbHRhVnBRZVV4SFVVSkJVazFLVDFScmQwMUVRWGROUkVsNlRVbEhaazFCTUVkRFUzRkhVMGxpTTBSUlJVSkJVVlZCUVRSSFRrRkVRMEpwVVV0Q1oxRkVNVEpoUzJWR1ZEaERiM1JYU0ZKbVZIWk1XbVZwZG5ZNWRIaDFhVEJhWTBkWGNDdE9WVzVPUXpWR1UxUnBhVGhrUzNkRk9VcHFjVTlPTjJWSmRHeFJjblYwV1RaYVFVRmxObWhzZFdaQ2VHMVJVVFp3Tm1saFVERlNiRXh4YmtwcWFFNVJUMWc1YlZwa2RFZFFUMmQxWWxCR1VrdDRRVk52UTNacmEzSnZVVlEzWldGaVdqZGxSVlJXSzNZeFVteDFaVTV0ZW1ocEsyWm1ObFYzTWtWNlQxcDVWMnhwTjNsWFpHZDNTVVJCVVVGQ2J6UkpRbk5VUTBOQllUQjNRM2RaUkZaU01GQkNRVkZFUVdkWVowMURhMGRCTVZWa1NsRlJhVTFEUVVkRFEzTkhRVkZWUmtKM1RVTkNaMmR5UW1kRlJrSlJZMFJDUVZsTFMzZFpRa0pCUjBOT2VGRkRRV3BDUWtKblRsWklVa1ZGVDJwQk5HZFNTVFZQVkVGM1RVUkJkMDFxVGtGWk1sWTJZVmRuZFdGSVMyZEpaMWxMUzNkWlFrSkJSME5PZUZGRFFUWkJWVVJDU1RWUFZFRjNUVVJCZDAxcVRrRlpNbFkyWVZkbmRXRklTWGRuWW1OSFFURlZaRWgzVTBKeWVrTkNja1JCTW05RVUyZE5jVkYzVFVNMGVFTjZRVXBDWjA1V1FrRlpWRUZ0YUhsTlVUUjNSRUZaUkZaUlVVdEZkMVpxV2xod2NHRkVSVkJOUVRCSFFURlZSVUY0VFVkUk1VcE5Ua1JSTUUxSVMyZGpTMEoxYUdsb2IyUklVbmRQYVRoMldraEJkVmt5VmpaaFYyZDFZVWhKZGxFeFNrMU1NazVzWlcxc2IxZ3lUbmxpUjFwd1lrZFZkVmt6U25Ob2EwcHpXa2RHZDA5cE9IWmFTRUYxV1RKV05tRlhaM1ZoU0VsMllub3hhbHBZY0hCaFEzaHFVRmRvZVZBeVRteGpibEp3V20xc2FsbFlVbXhWYlZZeVlqSk9hR1JIYkhaaWEzaHdZek5SYkUwd1NtbGhWelZvWTI1cmQwdDNXVVJXVWpCUlFrTlJkMGx2UVZCTmFrRjVUa1JCZUUxRWEzaE5WRWw0VFZSYVlXZFJPSGxOUkVreFRVUkZlazFVU1hsT1ZHc3hUMVp2ZDBoM1dVUldVakJxUWtKbmQwWnZRVlZ2WTBkWWEwdFNRMFozT1U0eFVYZFdiRWxJUW1oeGMyWkNZMFYzU0ZGWlJGWlNNRTlDUWxsRlJrbEJTalpSYjNCd2QxbzFRVWN4WW5saFRqRlBlVk5JZFZGT1pFMUJhMGRCTVZWa1JYZFJRMDFCUVhkRVVWbEtTMjlhU1doMlkwNUJVVVZHUWxGQlJHZG5SVUpCUlRWS2IyaGtTamh5VTBkRlNsVkdRMVJRZUN0d1dVdEZOemxwTVVreWVXTlhORVZqWjJoVmRWZFlNMk5WZGs1NmNsTmhORXhxUXpKRmFXZFJTREoxWmxWSmREbFpaVVZ6WW5vNVlXOVFZbUUzU0ZScU5WaGhSbEZNYVROQk1scDFWazVZV1VGR1VIUm1UWG8xUjNJMlYyRm5XRmR6WmxOVGIzTllkM2d3UnpGd2EwTjZRVlJaUTJsM1IzZDZUVk5zSzFodlVYaEdLelpITDFBMFFWbzFlSGt3UlRKM1NuaDJkMFZhWWxvMllUZDVlVVZaTVRSTFdta3ZSRWRJYnpKQk5FcG5Oakl6SzBSbmVXWjBlRWRTWjJOR1RuZElZM1JJSzNwRVJqRXplRTE1WjBWa1RFVmtXVE5uYzFkTWIwNHhjVGc0ZDNNNGN6bDBWR0ZVSzBaMk1IRlJabmhIVjJ0bmJIRmtXVWhCVEZKVlVFUk9OMjlLWlhaME5IZ3hVSHBYU25ScVNWVktTRVV4T1U1TWNFNUdZblFyYTFOTWFUbG5NM0JHYlM5Nkt6aHFOekJLVVZaRFQxbHNLMWc1V1VOV1VIZHNVM1JqUFNKZExDSmxlSEFpT2pFM016Z3pOalF6T1Rrc0ltNGlPaUk1WkcxcGJtaFZYMEZ4VEZab01GZ3dOM2t5V0c5eU4xOWlZMkp2ZEVkWVFteHhabXBXU25wUmRWSlZhelJ2ZGtoVGMwSlFVMWsyYW1wbE0ybE1XbFZMTjNKWFQyMVJRVWgxYjFwaWJuZGpXbXRGVDNGbGIyMXFPVlZhVXpad2VWazBWRlZFYkY5YWJWaGlVbXA2YjB4dGVuaFZVM05SUlhGQmNqVktTelpGUlMwemJXMHlaVE5vUlRGbWNqbFZXbUp1YWxwek5GbDJiak10YkUxT2FFMTZiV05zY0ZsMU9HeHVXVTBpZlgwLi5wUDlBMzRwVTVxdHRRZW05RHRLSk56dUtLUjFwb3B0UWliZ2pEeE1rX250blVSS1FrWXg5bENxRXprdW9fT25CeDlKeTU5YUtGRm5RU3NhYnpNY1NINDVySzNZWGM1UldFeUdncEhad0twLTBySGxkLU5tc20yQUU0YTRXel9mYUlPbnVUOG1wX3ZpRUpRSlo2S2VlbGxSSTllUERqY2dqWWNZTUhwOWVVX2s=