2atMonitoring.psm1

#Requires -Version 4.0 -Modules 2atWeb,2atGeneral,2atSql

$PSDefaultParameterValues.Clear()
Set-StrictMode -Version 2.0

$ErrorActionPreference = 'Stop'

Add-Type -Assembly System.Web
Import-Module 2atGeneral
Import-Module 2atWeb
Import-Module 2atSql

Import-Module (Join-Path -Path $PSScriptRoot -ChildPath HtmlAgilityPack.dll)
[HtmlAgilityPack.HtmlNode]::ElementsFlags.Remove("form") | Out-Null

Function RelToAbs {
    Param(
        [Parameter(Mandatory=$true)]
        [ValidateScript({(New-Object System.Uri $_)})]
        [string]$BaseUrl,
        
        [Parameter(Mandatory=$true)]
        [string]$RelativeUrl,
        
        [switch]$NoHtmlDecode
    )
    if (! $NoHtmlDecode) { $RelativeUrl = [System.Web.HttpUtility]::HtmlDecode($RelativeUrl) }

    if ([System.Uri]::IsWellFormedUriString($RelativeUrl,[System.UriKind]::Absolute)) { return $RelativeUrl }
    
    if ([System.Uri]::IsWellFormedUriString($RelativeUrl,[System.UriKind]::Relative)) {
        $l = (New-Object System.Uri((New-Object System.Uri $BaseUrl), $RelativeUrl)).AbsoluteUri
        Write-Verbose "Absolute URL is $l"
        return $l
    }
    
    if ($NoHtmlDecode -and ([Uri]$RelativeUrl).IsAbsoluteUri) {
        Write-Warning "RelativeUrl is not correctly URL encoded '$RelativeUrl'. If this is a HTTP REDIRECT Location header, this is incorrect server behavior. Retrying with encoded URL."
        return ([Uri]$RelativeUrl).AbsoluteUri
    }    
    
    throw "RelativeUrl is not a valid (absolute or relative) url: '$RelativeUrl'"
}

Function Step {
    Param(
        [Parameter(Mandatory=$true)]
        [ValidateScript({(New-Object System.Uri $_)})]
        [string]$Url,

        [Parameter(Mandatory=$true)]
        [PSCustomObject]$Session,
        
        [string]$Method = 'GET',
        
        [ValidateScript({ $_ -is [HashTable] -or $_ -is [System.Collections.Generic.Dictionary[string,string]] })]
        [object]$FormData
    )
    
    $res = Get-WebResponse -Url $Url -Method $Method -FormData $FormData -HostIPs $Session.HostIPs -CookieContainer $Session.CookieContainer -Proxy $Session.Proxy -UserAgent 'Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; 2AT Monitoring; +http://2at.nl)' -Credentials $Session.Credentials
    
    if ($Session.History | ?{ $Url -eq $_.Url -and $Method -eq $_.Method -and $res.ResponseBody -eq $_.ResponseBody }) {
        $res.WebRequestStatus='LoopDetected'
        $res.WebRequestStatusDescription="The same URL was already visited on the same Step and received the same ResponseBody. ($Url)"
    }
    
    $Session.History += $res
    
    if ($res.WebRequestStatus -eq [System.Net.WebExceptionStatus]::Success) {
        if ($res.HTTPStatus -In (301, 302, 303, 307)) {
            $l = RelToAbs -BaseUrl $url -RelativeUrl $res.ResponseHeaders['Location'] -NoHtmlDecode
            Write-Verbose "REDIRECT ($($res.HTTPStatus)) -> $l"
            Step -Url $l -Session $Session
            return
        }
        
        if ($res.HTTPStatus -eq 200) {
            if ($res.ResponseBody.EndsWith('<noscript><p>Script is disabled. Click Submit to continue.</p><input type="submit" value="Submit" /></noscript></form><script language="javascript">window.setTimeout(''document.forms[0].submit()'', 0);</script></body></html>')) {
                Write-Verbose "ADFS auto POST"
                ProcessForm -Previous $res -Session $Session
                return
            }
            
            $u = (new-object System.Uri $res.Url).GetLeftPart([System.UriPartial]::Path)
            if ($Session.LoginSteps[$u]) {
                RunStep -Step $Session.LoginSteps[$u] -Previous $res -Session $Session
                return
            }
        }
    }
}

Function ProcessForm {
    Param(
        [HashTable]$FormData,

        [string]$FormId,

        [Parameter(Mandatory=$true)]
        [PSCustomObject]$Previous,
        
        [Parameter(Mandatory=$true)]
        [PSCustomObject]$Session
    )
    
    $htmldoc = New-Object HtmlAgilityPack.HtmlDocument
    $htmldoc.LoadHtml($Previous.ResponseBody)
    if ($FormId) {
        $form = $htmldoc.DocumentNode.SelectNodes("//form[@id='$FormId']")[0]
        if (!$form) { throw "No form with id='$FormId' found" }
    } else {
        $forms = $htmldoc.DocumentNode.SelectNodes('//form')
        if (!$forms) { throw 'No forms found' }
        if ($forms.Count -gt 1) {
            Write-Warning "Found $($forms.Count) forms but no FormId was specified, selecting the first"
        }
        $form=$forms[0]
    }
    $l = RelToAbs $Previous.Url $form.Attributes['action'].Value

    $b = New-Object 'System.Collections.Generic.Dictionary[string,string]'
    $form.SelectNodes('//input') | ?{ $_.Attributes['name'] -And $_.Attributes['value'] } | %{ 
        $b[$_.Attributes['name'].Value] = [System.Web.HttpUtility]::HtmlDecode($_.Attributes['value'].Value)
    }
    if ($FormData) { $FormData.Keys | %{ $b[$_]=$FormData[$_] } }
    
    Write-Verbose "FORM: $(($b.Keys | %{ $_ + '=' + $b[$_] } ) -join [Environment]::NewLine)"
    Step -Url $l -Method $form.Attributes['method'].Value -FormData $b -Session $Session
}

Function ProcessLink {
    Param(
        [Parameter(Mandatory=$true)]
        [string]$LinkText,

        [Parameter(Mandatory=$true)]
        [PSCustomObject]$Previous,
        
        [Parameter(Mandatory=$true)]
        [PSCustomObject]$Session
    )
    
    $htmldoc = New-Object HtmlAgilityPack.HtmlDocument
    $htmldoc.LoadHtml($Previous.ResponseBody)
    $links = $htmldoc.DocumentNode.SelectNodes('//a[@href]') | ?{ $_ -and $_.InnerText.Trim() -eq $LinkText } | %{ $_.Attributes['href'].Value } | select -Unique

    $c = ($links | measure).Count
    if ($c -ne 1) { 
        Write-Warning "Found $c links matching '$LinkText', expected exactly one."
        $Previous.WebRequestStatus='LinkFailed'
        $Previous.WebRequestStatusDescription="Found $c links matching '$LinkText', expected exactly one."
        return
    }

    $l = RelToAbs $Previous.Url $links
    Write-Verbose "LINK: $l"
    
    Step -url $l -Session $Session
}

Function ProcessScript {
    Param(
        [Parameter(Mandatory=$true)]
        [string]$ScriptId,

        [Parameter(Mandatory=$true)]
        [string]$ScriptRegEx,

        [Parameter(Mandatory=$true)]
        [PSCustomObject]$Previous,
        
        [Parameter(Mandatory=$true)]
        [PSCustomObject]$Session
    )
    
    $htmldoc = New-Object HtmlAgilityPack.HtmlDocument
    $htmldoc.LoadHtml($Previous.ResponseBody)
    $s = $htmldoc.DocumentNode.SelectNodes('//script') | ?{ $_ -and $_.InnerText.Trim() -match [Regex]::Escape($ScriptId) }
    
    if (!$s) { throw "No script block matching '$ScriptId' found (using literal match)" }
    
    if ($s -is [HtmlAgilityPack.HtmlNodeCollection]) {
        Write-Warning 'Multiple matching script blocks found, using the first'
        $s = $s[0]
    }
    
    if (!($s.InnerText.Trim() -match $ScriptRegEx)) {
        throw "No url could be found: Script block doesn't match '$ScriptRegEx'"
    }
    
    if ($Matches['link']) {
        $l = RelToAbs $Previous.Url $Matches['link']
    } else {
        if ($Matches.Count -eq 1) {
            Write-Warning 'No match groups found, using full match as link to follow'
            $l = RelToAbs $Previous.Url $Matches[0]
        } else {
            if ($Matches.Count -gt 2) {
                Write-Warning 'Found multiple match groups, using first (create a named group ''link'' to specify witch group to use)'
            }
            $l = RelToAbs $Previous.Url $Matches[1]
        }
    }
    
    Step -url $l -Session $Session
}

Function UpdateSession {
    Param(
        [Parameter(Mandatory=$true)]    
        [HashTable]$Step,
        
        [Parameter(Mandatory=$true)]    
        [PSCustomObject]$Session,
        
        [PSCustomObject]$TMGInfo,
        
        [Switch]$IsNewSession
    )
    Write-Debug "Updating $(if($IsNewSession) {'NEW'})session"
    
    if (!$IsNewSession -and ($Step['SqlConnection'] -or $Step['Name'])) { throw 'Specifying a SqlConnection or Name is only supported for new sessions' }

    if ($Step['Proxy']) { $Session.Proxy = New-Object System.Net.WebProxy $Step.Proxy    }
    if ($Step['LoginSteps']) { $Session.LoginSteps = $Step.LoginSteps }
    if ($Step['Servers']) { SetSessionCookies -Session $Session -TMGInfo $TMGInfo -Servers $Step.Servers }
    if ($Step['TargetServer']) { $Session.TargetServer = $Step.TargetServer }
    if ($Step['NextLogMinutes']) { $Session.NextLogMinutes = $Step.NextLogMinutes }
    if ($Step['HostIPs']) { $Session.HostIPs = $Step.HostIPs }
    if ($Step['Credentials']) {
        if ($Step.Credentials -is [PSCredential]) {
            $Session.Credentials = $Step.Credentials.GetNetworkCredential()
        } elseif ($Step.Credentials -is [System.Net.ICredentials]) {
            $Session.Credentials = $Step.Credentials
        } else {
            throw "Session credentials specified are of an unsupported type: $($Step.Credentials.GetType().FullName), please use either a PSCredential or a NetworkCredential"
        }
    }
    
    if ($IsNewSession) { $Session }
}

Function NewSession {
    Param(
             [Parameter(Mandatory=$true)]     
             [HashTable]$Step,
             
             [PSCustomObject]$TMGInfo
       )
       
       $Session = @{
             Id=-1
             Name=$Step['Name']
             HostIPs=@{}
             CookieContainer = New-Object System.Net.CookieContainer
             Proxy=$null
             SqlConnection=$Step['SqlConnection']
        WSConnection=$Step['WSConnection']
             LoginSteps=@{}
             Credentials=$null
             History=@()
             RequestNumber=1
             TargetServer=$null
             NextLogMinutes=10
       }      


    if ($Session.SqlConnection) {
        Write-Verbose "NEWSESSION: Connecting to SQL '$($Step.SqlConnection)'"
                
        Set-SqlData -ConnectionString $Session.SqlConnection -CommandText 'ops.LogJob' -Parameters @{ Job='HTTPMonitor'; Title='Job started' }
        $MonitorSession = Get-SqlData -ConnectionString $Session.SqlConnection -CommandText 'ops.SaveMonitorSession' -Parameters @{ Name=$Session.Name; Servers=($Step['Servers'] -Join ' / ') }
        $Session.Id = $MonitorSession.SessionId
    }

    if (!$Step['Servers']) { Write-Verbose 'NEWSESSION: New session created without cookies' }
    
    UpdateSession -Step $Step -Session ([PSCustomObject]$Session) -TMGInfo $TMGInfo -IsNewSession
}

Function SetSessionCookies {
    Param(
        [Parameter(Mandatory=$true)]
        [PSCustomObject]$Session,

        [Parameter(Mandatory=$true)]
        [PSCustomObject]$TMGInfo,

        [Parameter(Mandatory=$true)]
        [string[]]$Servers
    )

    $TMGInfo.CookieIndex | %{
        $cookieName = $_.Cookie
        $Url = New-Object System.Uri $_.Url

        $rule = $TMGInfo.Rules[$cookieName.SubString(7)]

        if (! $rule) {
            Write-Warning "Unable to add cookie to session. No matching rule found for cookie '$cookieName' ($Url). Possible cause is an outdated TMGRuleGUIDs.xml file." 
            return
        }
        
        foreach($server in $Servers) {
            $entry = $rule.ServerFarm | ?{ $_.HostName -Match $server }
            if ($entry) { break }
        }
        if (! $entry) { 
            Write-Warning "Unable to add cookie to session. No matching server found for rule '$($rule.Name)' ($Url)"
            return
        }
        
        $cookie = New-Object System.Net.Cookie $cookieName, $entry.GUID, '/', $Url.Host
        $cookie.HttpOnly = $true
        
        $Session.CookieContainer.Add($Url, $cookie)

        Write-Verbose "Added cookie to session: $cookieName=$($entry.GUID) ($Url)"
    }
}

Function ValidateResponse {
    Param(
        [Parameter(Mandatory=$true)]
        [PSCustomObject]$Response,
        
        [Parameter(Mandatory=$true)]
        [PSCustomObject]$Validate
    )

    if ($Response.WebRequestStatus -ne [System.Net.WebExceptionStatus]::Success) { 
        Write-Verbose "Skipped validation because request already marked as failed ($($Response.WebRequestStatus)"
        return
    }
    
    if ($Validate['Url']) {
        if ($Response.Url.TrimEnd('/') -ne $Validate.Url.TrimEnd('/')) {
            $Response.WebRequestStatus='UrlValidationFailed'
            $Response.WebRequestStatusDescription="Url validation failed, found '$($Response.Url)', expected '$($Validate.Url)'"
            Write-Warning $Response.WebRequestStatusDescription
            return
        } else {
            Write-Verbose 'Url validation succeeded'
        }
    }
    if ($Validate['ContentMatch']) {
        if (! ($Response.ResponseBody -match $Validate.ContentMatch)) {
            $Response.WebRequestStatus='ContentValidationFailed'
            $Response.WebRequestStatusDescription="Content validation failed, page '$($Response.Url)' does not match '$($Validate.ContentMatch)'"
            Write-Warning $Response.WebRequestStatusDescription
        } else {
            Write-Verbose "Content validation succeeded '$($Validate.ContentMatch)'"
        }
    }
    if ($Validate['Time']) {
        if (! ([int]$Response.TimeToFirstByte.TotalMilliseconds -le [int]$Validate.Time)) {
            $Response.WebRequestStatus='ContentValidationFailed'
            $Response.WebRequestStatusDescription="Time exceeded, page took $([int]$Response.TimeToFirstByte.TotalMilliseconds)ms, maximum was set at $([int]$Validate.Time)ms ($($Response.Url))"
            Write-Warning $Response.WebRequestStatusDescription
        } else {
            Write-Verbose "Time validation succeeded ($([int]$Response.TimeToFirstByte.TotalMilliseconds)ms < $([int]$Validate.Time)ms)"
        }
    }
}

Function PostEntityUpdate {
    Param
    (
             [Parameter(Mandatory=$true)]
             [ValidateScript({(New-Object System.Uri $_)})]
             [string]$entityUrl,
             
             [Parameter(Mandatory=$true)]     
             [string]$entityName,
             
        [Parameter(Mandatory=$true)]          
             [datetime]$nextLogTime,
             
             [Parameter(Mandatory=$true)]            
             [int]$stateId,
             
             [Parameter(Mandatory=$false)]           
             [object]$information = @{},

        [Parameter(Mandatory=$false)]         
             [datetime]$logTime
       )
        
    $InformationXml = New-Object PSObject -Property $information

    $FormData = @{}
    $FormData.Name = $entityName
    $FormData.nextLogTime = $nextLogTime.ToString('dd/MM/yyyy HH:mm:ss')
    $FormData.stateId = $stateId
    $FormData.information = $InformationXml | ConvertTo-Xml -NoTypeInformation -as String
    $FormData.logTime = $logTime.ToString('dd/MM/yyyy HH:mm:ss')

       try {
           Invoke-RestMethod -Uri $entityUrl -Method 'POST' -Body $FormData -UserAgent 'Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; 2AT Monitoring; +http://2at.nl)'                                              
        Write-Verbose "Loading $entityUrl"                               
    } catch {
             Write-Warning "Entity endpoint unavailable $($_.Exception.Message)"                      
    }
}

Function LogSteps {
       Param(
             [Parameter(Mandatory=$true)]
             [PSCustomObject]$Session,
             
             [int]
             $StepNumber,
             
             [string]$Monitor,
             
             [switch]
             $PassThru
       )
       
       $i=1
       foreach($WebResponse in $Session.History) {
             $u = New-Object System.Uri $WebResponse.Url
             $hostname = "$($u.Host)"
             if ($u.Port -ne 80) { $hostname+=":$($u.Port)"}
             if ($u.Query.Length -ne 0) { $query=$u.Query.Substring(1) } else { $query='' } 

             $p = @{
                    LogDateTime=$WebResponse.DateTime
                    Host=$hostname
                    UriStem=$u.AbsolutePath
                    UriQuery=$query
                    Method=$WebResponse.Method
                    HTTPStatus=[int]$WebResponse.HTTPStatus
                 TimeTaken=[int]$WebResponse.TimeToFirstByte.TotalMilliseconds
                    RequestStatus=[string]$WebResponse.WebRequestStatus
             RequestStatusDescription=$WebResponse.WebRequestStatusDescription
                    Url=$WebResponse.Url
                    SessionId=$Session.Id
                    Monitor=$Monitor
                    TargetServer=$Session.TargetServer
                    NextLogMinutes=$Session.NextLogMinutes
                    StepNumber=$StepNumber
                    RequestNumber=$Session.RequestNumber++
                    IsStepResult=($i -eq $Session.History.Count)
             }

             if ($WebResponse.FormData) {
                    $p.FormData=(($WebResponse.FormData.Keys | %{ $_ + '=' + $WebResponse.FormData[$_] } ) -join [Environment]::NewLine)
             }
             
             if ($WebResponse.ResponseHeaders) {
                    $p.Server = $WebResponse.ResponseHeaders['X-WFE']
                    if (! $p.Server) { $p.Server = $WebResponse.ResponseHeaders['X-Powered-by-server'] }
                    
                    $p.XSharePointHealthScore=$WebResponse.ResponseHeaders['X-SharePointHealthScore']
                  $p.SPIisLatency=$WebResponse.ResponseHeaders['SPIisLatency']
             $p.SPRequestDuration=$WebResponse.ResponseHeaders['SPRequestDuration']
                    $p.RequestGuid=$WebResponse.ResponseHeaders['request-id']
                    $p.RawResponse=Get-WebResponseString -WebResponse $WebResponse
             }
             
             Write-Debug "Writing data"
             if ($Session.SqlConnection) {
            Write-Verbose "Writing data to the database"
                    Set-SqlData -ConnectionString $Session.SqlConnection -CommandText 'ops.SaveMonitorResult' -Parameters $p
             }
        if ($Session.WSConnection) {
            Write-Verbose "Posting data to the entity endpoint"
            #state logic is taken from the sproc saveMonitorResult
            $state = if($p.RequestStatus -eq "Success"){ 1 } else { 4 }
            $information = @{
                rawInfo = $p.RequestStatusDescription
            }
            
            PostEntityUpdate -entityUrl $Session.WSConnection -entityName $Monitor -nextLogTime $p.LogDateTime.ToUniversalTime().AddMinutes($Session.NextLogMinutes) -stateId $state -information $information -logTime $p.LogDateTime.ToUniversalTime()

        }

        if (!$Session.SqlConnection -And !$Session.WSConnection) {
                    if ($p.HTTPStatus) {
                          Write-Host "$(Get-Date) $($p.Server) ($($p.XSharePointHealthScore)) $($p.HTTPStatus) $($p.Method) $($u.GetLeftPart([System.UriPartial]::Path))"
                    } else {
                          Write-Host "$(Get-Date) $($p.RequestStatus) $($u.GetLeftPart([System.UriPartial]::Path))"
                    }
             }

             if ($PassThru) { $WebResponse }
             $i++
       }
}

Function RunStep {
    Param(
        [Parameter(Mandatory=$true)]
        [HashTable]$Step,
        
        [PSCustomObject]$Previous,
        
        [Parameter(Mandatory=$true)]
        [PSCustomObject]$Session
    )
        
    switch ($Step.Action)
    {
        'Url' {
            Write-Debug "URL: $($Step.Url)"
            Step -Url $Step.Url -Session $Session
        }
        'Link' {
            Write-Debug "LINK: $($Step.LinkText)"
            ProcessLink -LinkText $Step.LinkText -Previous $Previous -Session $Session
        }
        'Form' {
            Write-Debug "FORM"
            ProcessForm -FormId $Step['FormId'] -FormData $Step['FormData'] -Previous $Previous -Session $Session
        }
        'Script' {
            Write-Debug 'SCRIPT'
            ProcessScript -ScriptId $Step['ScriptId'] -ScriptRegEx $Step['ScriptRegEx'] -Previous $Previous -Session $Session
        }
        default {
            throw "Unrecognized step $($CurrentStep.Action)"
        }
    }

    if ($Step['Validate']) {
        ValidateResponse -Response $Session.History[$Session.History.Length-1] -Validate $Step.Validate
    }
}

Function Invoke-Monitoring {
    Param(
        [Parameter(Mandatory=$true)]
        [System.Array]$Steps,

        [PSCustomObject]$TMGInfo
    )
    Get-CallerPreference -Cmdlet $PSCmdlet -SessionState $ExecutionContext.SessionState
    
    $i=0
    foreach($CurrentStep in $Steps) {
        switch ($CurrentStep.Action) {
            'NewSession' {
                Write-Progress -Activity 'Initializing session' -PercentComplete (100*$i/$Steps.Count)
                Write-Debug 'NEWSESSION'
                
                $Session = NewSession -Step $CurrentStep -TMGInfo $TMGInfo                                
                $Previous = $null
            }
            'UpdateSession' {
                Write-Progress -Activity 'Updating session' -PercentComplete (100*$i/$Steps.Count)
                Write-Debug 'UPDATESESSION'

                UpdateSession -Step $CurrentStep -TMGInfo $TMGInfo -Session $Session
            }
            default {
                Write-Progress -Activity 'Retreiving webpage' -CurrentOperation $CurrentStep.Url -PercentComplete (100*$i/$Steps.Count)

                RunStep -Step $CurrentStep -Previous $Previous -Session $Session
                LogSteps -Session $Session -StepNumber ($i+1) -Monitor $CurrentStep['Monitor'] -PassThru
                $Previous = $Session.History | Select -Last 1
                $Session.History=@()
            }
        }
        
        $i++
    }
}

Export-ModuleMember -Function Invoke-*

# SIG # Begin signature block
# MIIWbwYJKoZIhvcNAQcCoIIWYDCCFlwCAQExDzANBglghkgBZQMEAgEFADB5Bgor
# BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG
# KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCCtC4axVAEH8OTY
# 1cyeqIModOj6iANH7xhlnG2Ntq352KCCCxswggUzMIIEG6ADAgECAhEAgNHe/U3D
# BzyckFGAgIDcJDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQGEwJHQjEbMBkGA1UE
# CBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQK
# ExFDT01PRE8gQ0EgTGltaXRlZDEjMCEGA1UEAxMaQ09NT0RPIFJTQSBDb2RlIFNp
# Z25pbmcgQ0EwHhcNMTcwMTEzMDAwMDAwWhcNMjAwMTEzMjM1OTU5WjCBgDELMAkG
# A1UEBhMCTkwxEDAOBgNVBBEMBzM1NDIgRFoxEDAOBgNVBAgMB1V0cmVjaHQxEDAO
# BgNVBAcMB1V0cmVjaHQxFTATBgNVBAkMDEVuZXJnaWV3ZWcgMTERMA8GA1UECgwI
# MkFUIEIuVi4xETAPBgNVBAMMCDJBVCBCLlYuMIIBIjANBgkqhkiG9w0BAQEFAAOC
# AQ8AMIIBCgKCAQEAzB3KZ2CBenaD2WDwOsy0cHE6mLIeIYqWP718FuWeUZ5eejvw
# 8BozajbtBWgISZ2IMsTYZ1I7KFBzHgXXkNglmyboa6++x7j2Ws+T0hmHCUZ64AFb
# OkXjqYsOBCPhi3yuKIRLwc4snA3F3DCH24mBpDYymrU22+0vMIlDqpzRXBNEeIhG
# ss3jehu86l85fWVS54F5KGeDYQ2BT0Tc0UO6hMlcpCEVKIbthLm36q1/oSchRYjH
# B4JCT1KqACRhD0hJcQmTcJZvhpgOrglUVlj1ClS5xfWgHq3ySShOOZMecl0VNMtY
# xNi5TF1Ae+sie4044ioyGB6dGItGXwhObIk/9wIDAQABo4IBqDCCAaQwHwYDVR0j
# BBgwFoAUKZFg/4pN+uv5pmq4z/nmS71JzhIwHQYDVR0OBBYEFDHc2o80OMg8zNfF
# WMH8QB57E7rnMA4GA1UdDwEB/wQEAwIHgDAMBgNVHRMBAf8EAjAAMBMGA1UdJQQM
# MAoGCCsGAQUFBwMDMBEGCWCGSAGG+EIBAQQEAwIEEDBGBgNVHSAEPzA9MDsGDCsG
# AQQBsjEBAgEDAjArMCkGCCsGAQUFBwIBFh1odHRwczovL3NlY3VyZS5jb21vZG8u
# bmV0L0NQUzBDBgNVHR8EPDA6MDigNqA0hjJodHRwOi8vY3JsLmNvbW9kb2NhLmNv
# bS9DT01PRE9SU0FDb2RlU2lnbmluZ0NBLmNybDB0BggrBgEFBQcBAQRoMGYwPgYI
# KwYBBQUHMAKGMmh0dHA6Ly9jcnQuY29tb2RvY2EuY29tL0NPTU9ET1JTQUNvZGVT
# aWduaW5nQ0EuY3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5j
# b20wGQYDVR0RBBIwEIEOc3VwcG9ydEAyYXQubmwwDQYJKoZIhvcNAQELBQADggEB
# AHGDJyOKLJwzdt4Y8ow7H4ZKZXs9Hopf0GhizzhcPWyWL7GI6QHhKHzFWYGsFhh2
# vesuY7p89jthK5YqSn1u2KUQuLWzQZQj3cZCK2BwSz6FpgmmjqIo49qCfKIB5IrE
# DcZAQPC9wxaXPI+R3B32JmTllBpkFQNTIJVcB7jR/Ft991iV17tMMq0GssMAHnVd
# /yvTWlUaE7XNtgtNYQ5v/8HxxNtdBXsIbdjiv/A8GjUmyPN8Dum9CW82hUqOE7U9
# AXHZIBWy9yrooSieo26GA1OzrBvnDc+L42JZnjvwdhBqSnbQrSS7L6VjVHU+Ct84
# Fnb5u23Jypdmj9123Hw9qJwwggXgMIIDyKADAgECAhAufIfMDpNKUv6U/Ry3zTSv
# MA0GCSqGSIb3DQEBDAUAMIGFMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRl
# ciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8g
# Q0EgTGltaXRlZDErMCkGA1UEAxMiQ09NT0RPIFJTQSBDZXJ0aWZpY2F0aW9uIEF1
# dGhvcml0eTAeFw0xMzA1MDkwMDAwMDBaFw0yODA1MDgyMzU5NTlaMH0xCzAJBgNV
# BAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1Nh
# bGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMSMwIQYDVQQDExpDT01P
# RE8gUlNBIENvZGUgU2lnbmluZyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
# AQoCggEBAKaYkGN3kTR/itHd6WcxEevMHv0xHbO5Ylc/k7xb458eJDIRJ2u8UZGn
# z56eJbNfgagYDx0eIDAO+2F7hgmz4/2iaJ0cLJ2/cuPkdaDlNSOOyYruGgxkx9hC
# oXu1UgNLOrCOI0tLY+AilDd71XmQChQYUSzm/sES8Bw/YWEKjKLc9sMwqs0oGHVI
# wXlaCM27jFWM99R2kDozRlBzmFz0hUprD4DdXta9/akvwCX1+XjXjV8QwkRVPJA8
# MUbLcK4HqQrjr8EBb5AaI+JfONvGCF1Hs4NB8C4ANxS5Eqp5klLNhw972GIppH4w
# vRu1jHK0SPLj6CH5XkxieYsCBp9/1QsCAwEAAaOCAVEwggFNMB8GA1UdIwQYMBaA
# FLuvfgI9+qbxPISOre44mOzZMjLUMB0GA1UdDgQWBBQpkWD/ik366/mmarjP+eZL
# vUnOEjAOBgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADATBgNVHSUE
# DDAKBggrBgEFBQcDAzARBgNVHSAECjAIMAYGBFUdIAAwTAYDVR0fBEUwQzBBoD+g
# PYY7aHR0cDovL2NybC5jb21vZG9jYS5jb20vQ09NT0RPUlNBQ2VydGlmaWNhdGlv
# bkF1dGhvcml0eS5jcmwwcQYIKwYBBQUHAQEEZTBjMDsGCCsGAQUFBzAChi9odHRw
# Oi8vY3J0LmNvbW9kb2NhLmNvbS9DT01PRE9SU0FBZGRUcnVzdENBLmNydDAkBggr
# BgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2EuY29tMA0GCSqGSIb3DQEBDAUA
# A4ICAQACPwI5w+74yjuJ3gxtTbHxTpJPr8I4LATMxWMRqwljr6ui1wI/zG8Zwz3W
# GgiU/yXYqYinKxAa4JuxByIaURw61OHpCb/mJHSvHnsWMW4j71RRLVIC4nUIBUzx
# t1HhUQDGh/Zs7hBEdldq8d9YayGqSdR8N069/7Z1VEAYNldnEc1PAuT+89r8dRfb
# 7Lf3ZQkjSR9DV4PqfiB3YchN8rtlTaj3hUUHr3ppJ2WQKUCL33s6UTmMqB9wea1t
# QiCizwxsA4xMzXMHlOdajjoEuqKhfB/LYzoVp9QVG6dSRzKp9L9kR9GqH1NOMjBz
# wm+3eIKdXP9Gu2siHYgL+BuqNKb8jPXdf2WMjDFXMdA27Eehz8uLqO8cGFjFBnfK
# S5tRr0wISnqP4qNS4o6OzCbkstjlOMKo7caBnDVrqVhhSgqXtEtCtlWdvpnncG1Z
# +G0qDH8ZYF8MmohsMKxSCZAWG/8rndvQIMqJ6ih+Mo4Z33tIMx7XZfiuyfiDFJN2
# fWTQjs6+NX3/cjFNn569HmwvqI8MBlD7jCezdsn05tfDNOKMhyGGYf6/VXThIXcD
# Cmhsu+TJqebPWSXrfOxFDnlmaOgizbjvmIVNlhE8CYrQf7woKBP7aspUjZJczcJl
# mAaezkhb1LU3k0ZBfAfdz/pD77pnYf99SeC7MH1cgOPmFjlLpzGCCqowggqmAgEB
# MIGSMH0xCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIx
# EDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMSMw
# IQYDVQQDExpDT01PRE8gUlNBIENvZGUgU2lnbmluZyBDQQIRAIDR3v1Nwwc8nJBR
# gICA3CQwDQYJYIZIAWUDBAIBBQCgfDAQBgorBgEEAYI3AgEMMQIwADAZBgkqhkiG
# 9w0BCQMxDAYKKwYBBAGCNwIBBDAcBgorBgEEAYI3AgELMQ4wDAYKKwYBBAGCNwIB
# FTAvBgkqhkiG9w0BCQQxIgQgpVdsGGsz7ZR0knoo3RrfEaCYddilLrEkT9xVwQJ3
# +9kwDQYJKoZIhvcNAQEBBQAEggEAGUoZpU71tWxxfNWBktRsLVZyVNXbejpOMCSY
# +i5TcIjazCUr7KOxPQGc6+UDCzCn+ev4IZC8btLmWM2UaHL9WNjx0dqV58JrSvps
# H/P1G3Ne1vj5dXfINPWyGoKEjjStY0K7POxhbq2FbDVoy/jTZqj3U3Ulgh7Z/BEb
# KB8/6KK9NLU1l2DyjrTJf1HTPbZwZZwKwNLPGkuzW40DLF3f7pRXD21+QQgofktN
# T0G9E4hZbPLIxCpXLm6VFFSoeJZg0rMIjevb37XwjK2fZmV1zToPySnpLYIilKkO
# 8cScWrNLIe3X0m8jSz0XPZk7fyamnB0QnsximYHD5d+WwJYttKGCCGowgghmBgor
# BgEEAYI3AwMBMYIIVjCCCFIGCSqGSIb3DQEHAqCCCEMwggg/AgEDMQ8wDQYJYIZI
# AWUDBAIBBQAwggEOBgsqhkiG9w0BCRABBKCB/gSB+zCB+AIBAQYKKwYBBAGyMQIB
# ATAxMA0GCWCGSAFlAwQCAQUABCAfka+TWx+POMYjqDaE0bc6sb91Pe20YTeDVXGP
# s0ltkwIUJaqK5H1zCqlhozfwJ7oEnpRg/+kYDzIwMTgwMzE5MTQzODE3WqCBjKSB
# iTCBhjELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQ
# MA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxLDAq
# BgNVBAMTI0NPTU9ETyBTSEEtMjU2IFRpbWUgU3RhbXBpbmcgU2lnbmVyoIIEoDCC
# BJwwggOEoAMCAQICEE6wh4/MJDU2stjJ9785VXcwDQYJKoZIhvcNAQELBQAwgZUx
# CzAJBgNVBAYTAlVTMQswCQYDVQQIEwJVVDEXMBUGA1UEBxMOU2FsdCBMYWtlIENp
# dHkxHjAcBgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0d29yazEhMB8GA1UECxMYaHR0
# cDovL3d3dy51c2VydHJ1c3QuY29tMR0wGwYDVQQDExRVVE4tVVNFUkZpcnN0LU9i
# amVjdDAeFw0xNTEyMzEwMDAwMDBaFw0xOTA3MDkxODQwMzZaMIGGMQswCQYDVQQG
# EwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxm
# b3JkMRowGAYDVQQKExFDT01PRE8gQ0EgTGltaXRlZDEsMCoGA1UEAxMjQ09NT0RP
# IFNIQS0yNTYgVGltZSBTdGFtcGluZyBTaWduZXIwggEiMA0GCSqGSIb3DQEBAQUA
# A4IBDwAwggEKAoIBAQDOvHS3cIBPXvM/mKouy9QSASM1aQsivOb9CWwo5BMSrLu6
# LeXV3SLuc7Ys+NKkcedJJXirJbeQEKCbi3cm3UDqQaP9iM1ypok7UFcceiUkIgJR
# QDVnijFpDeU5c0k5m5UBhVLyKxSJmk4EpLxArjmm3UAC4Dp1/j19VZRb8U4kfMi4
# WBnKwNq+WBOa5hzn0cE78F2PSQghntDzvtbUZk9ccjZ7w4LTmAiUr6tETxjHFNoW
# sR4yDhI4wLU8dux1UAAgBBEZ7cb/307+CIEnMU9xdG4DDHAngVVqmkOSpH/b/T/F
# Fx5Bu87op3+Mlfn9f/hhiIkAPv8LAdv91bWk5JERAgMBAAGjgfQwgfEwHwYDVR0j
# BBgwFoAU2u1kdBScFDyr3ZmpvVsoTYs8ydgwHQYDVR0OBBYEFH2/kdenbFpHZkR7
# kNSOkHJBjxfCMA4GA1UdDwEB/wQEAwIGwDAMBgNVHRMBAf8EAjAAMBYGA1UdJQEB
# /wQMMAoGCCsGAQUFBwMIMEIGA1UdHwQ7MDkwN6A1oDOGMWh0dHA6Ly9jcmwudXNl
# cnRydXN0LmNvbS9VVE4tVVNFUkZpcnN0LU9iamVjdC5jcmwwNQYIKwYBBQUHAQEE
# KTAnMCUGCCsGAQUFBzABhhlodHRwOi8vb2NzcC51c2VydHJ1c3QuY29tMA0GCSqG
# SIb3DQEBCwUAA4IBAQBQsPXfX60z3MNTWFi8whN1eyAdVMq6P1A/uor0awljwFtd
# i9Z1GnO9i/9H8RXcURYjGTLmbpJN0cYuWh6IQhTJcuXXCFCKavVkQFauJONhlxVC
# 8CxIroPmNTyLW8KPro7MNFI04Pv+yv2xJGjRpBEjEAb9ssIkJ8fX6Uocjz8+z+3r
# dXlsjl/3IbZQ5iWhzWaUEmy/27Ouh9hoA3IgAsJ+2pTzcgc8V+hVJOcFoB3EgQGC
# Sx8/D50zm/BPzJ3WhYHPy+f9SumSuPcNcnMt6Xf5b48oej4evQiG3I0eEV/3W7uH
# dsaeTFRh0Gfbk4TaMYcDkuef4+nPWlbIaOBSSZRcMYICcTCCAm0CAQEwgaowgZUx
# CzAJBgNVBAYTAlVTMQswCQYDVQQIEwJVVDEXMBUGA1UEBxMOU2FsdCBMYWtlIENp
# dHkxHjAcBgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0d29yazEhMB8GA1UECxMYaHR0
# cDovL3d3dy51c2VydHJ1c3QuY29tMR0wGwYDVQQDExRVVE4tVVNFUkZpcnN0LU9i
# amVjdAIQTrCHj8wkNTay2Mn3vzlVdzANBglghkgBZQMEAgEFAKCBmDAaBgkqhkiG
# 9w0BCQMxDQYLKoZIhvcNAQkQAQQwHAYJKoZIhvcNAQkFMQ8XDTE4MDMxOTE0Mzgx
# N1owKwYLKoZIhvcNAQkQAgwxHDAaMBgwFgQUNlJ9T6JqaPnrRZbx2Zq7LA6nbfow
# LwYJKoZIhvcNAQkEMSIEIIxB4iBtbO8tYfDsiwbvoDAHMO0HeDbTMOYAg7XIoRtR
# MA0GCSqGSIb3DQEBAQUABIIBABOSfponUAX9m4VH082kam24ZP0MlYV1c+Lfx5fj
# 6tklMixwwDk4s6d8seo/9oDc4SM6erTfJcB30zGhW7CZALvQyegfkmu5mrXhaD5m
# PZlIluxvlf3hlGYeRuMAin3JukGEVpU/vJ4yCS2NC1oPFut3bDWCH/cwf4hQDaBQ
# 58pQoauk/O2koJpNS7FcZTmh3526cY4E50WJrikorvalhf1SJycQczuYC3kGcR8B
# HuYy0eNROzzyygaMP4B4BZRnEMwlCAvyRcnse63DaTuyvj+nwj6xs/exta6bQhMQ
# 9Ym2DF5HdG4MUme3t4fmXzgXSDPkfujnnvyt6yz0/POjLow=
# SIG # End signature block