Private/Import-ADFSTkAllTransformRules.ps1
|
function Import-ADFSTkAllTransformRules { $TransformRules = @{} #region Static values from config $TransformRules.o = [PSCustomObject]@{ Rule=@" @RuleName = "Send static [o]" => issue(type = "urn:oid:2.5.4.10", value = "$($Settings.configuration.StaticValues.o)", Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/attributename"] = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri"); "@ Attribute="" AttributeGroup="Static attributes" } $TransformRules.norEduOrgAcronym = [PSCustomObject]@{ Rule=@" @RuleName = "Send static [norEduOrgAcronym]" => issue(type = "urn:oid:1.3.6.1.4.1.2428.90.1.6", value = "$($Settings.configuration.StaticValues.norEduOrgAcronym)", Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/attributename"] = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri"); "@ Attribute="" AttributeGroup="Static attributes" } $TransformRules.c = [PSCustomObject]@{ Rule=@" @RuleName = "Send static [c]" => issue(type = "urn:oid:2.5.4.6", value = "$($Settings.configuration.StaticValues.c)", Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/attributename"] = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri"); "@ Attribute="" AttributeGroup="Static attributes" } $TransformRules.co = [PSCustomObject]@{ Rule=@" @RuleName = "Send static [co]" => issue(type = "urn:oid:0.9.2342.19200300.100.1.43", value = "$($Settings.configuration.StaticValues.co)", Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/attributename"] = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri"); "@ Attribute="" AttributeGroup="Static attributes" } $TransformRules.schacHomeOrganization = [PSCustomObject]@{ Rule=@" @RuleName = "Send static [schacHomeOrganization]" => issue(type = "urn:oid:1.3.6.1.4.1.25178.1.2.9", value = "$($Settings.configuration.StaticValues.schacHomeOrganization)", Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/attributename"] = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri"); "@ Attribute="" AttributeGroup="Static attributes" } $TransformRules.schacHomeOrganizationType = [PSCustomObject]@{ Rule=@" @RuleName = "Send static [schacHomeOrganizationType]" => issue(type = "urn:oid:1.3.6.1.4.1.25178.1.2.10", value = "$($Settings.configuration.StaticValues.schacHomeOrganizationType)", Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/attributename"] = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri"); "@ Attribute="" AttributeGroup="Static attributes" } #endregion #region ID's # $TransformRules."transient-id" = [PSCustomObject]@{ # Rule=@" # @RuleName = "synthesize transient-id" # c1:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid"] # && # c2:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant"] # => add(store = "_OpaqueIdStore", # types = ("http://$($Settings.configuration.StaticValues.ADFSExternalDNS)/internal/tpid"), # query = "{0};{1};{2};{3};{4}", # param = "useEntropy", # param = "http://$($Settings.configuration.StaticValues.ADFSExternalDNS)/adfs/services/trust![ReplaceWithSPNameQualifier]!" + c1.Value, # param = c1.OriginalIssuer, # param = "", # param = c2.Value); # # @RuleName = "issue transient-id" # c:[Type == "http://$($Settings.configuration.StaticValues.ADFSExternalDNS)/internal/tpid"] # => issue(Type = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", # Value = c.Value, # Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/format"] = "urn:oasis:names:tc:SAML:2.0:nameid-format:transient", # Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/spnamequalifier"] = "[ReplaceWithSPNameQualifier]", # Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/namequalifier"] = "http://$($Settings.configuration.StaticValues.ADFSExternalDNS)/adfs/services/trust"); #"@ # Attribute="" # AttributeGroup="ID's" # } #New way to release nameID $TransformRules."transient-id" = [PSCustomObject]@{ Rule=@" @RuleName = "synthesize transient-id" c1:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid"] && c2:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant"] => add( store = "_OpaqueIdStore", types = ("urn:adfstk:transientid"), query = "{0};{1};{2};{3};{4}", param = "useEntropy", param = c1.Value, param = c1.OriginalIssuer, param = "", param = c2.Value); @RuleName = "issue transient-id" c:[Type == "urn:adfstk:transientid"] => issue( Type = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", Value = c.Value, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/format"] = "urn:oasis:names:tc:SAML:2.0:nameid-format:transient", Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/spnamequalifier"] = "[ReplaceWithSPNameQualifier]", Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/namequalifier"] = "http://$($Settings.configuration.StaticValues.ADFSExternalDNS)/adfs/services/trust"); "@ Attribute="" AttributeGroup="ID's" } $TransformRules."persistent-id" = [PSCustomObject]@{ Rule=@" @RuleName = "synthesize persistent-id" c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid"] => add( store = "_OpaqueIdStore", types = ("urn:adfstk:persistentid"), query = "{0};{1};{2}", param = "ppid", param = c.Value, param = c.OriginalIssuer); @RuleName = "issue persistent-id" c:[Type == "urn:adfstk:persistentid"] => issue( Type = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, Value = c.Value, ValueType = c.ValueType, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/format"] = "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/spnamequalifier"] = "[ReplaceWithSPNameQualifier]", Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/namequalifier"] = "http://$($Settings.configuration.StaticValues.ADFSExternalDNS)"); "@ Attribute="" AttributeGroup="ID's" } # eduPersonPrincipalName # Calculated based off an ADFSTk configuration rule keyed to ADFSTkExtractSubjectUniqueId, default to the Claim 'upn' # # Origin Claim will have only the left hand side being everything prior to the first @ sign # Rest of the string will be surpressed and then it is re-assembled with our SAML2 scope. # $TransformRules.eduPersonPrincipalName = [PSCustomObject]@{ Rule=@" @RuleName = "compose eduPersonPrincipalName" c:[Type == "$(($Settings.configuration.transformRules.rule | ? name -eq "ADFSTkExtractSubjectUniqueId").originClaim )" ] => issue(Type = "urn:oid:1.3.6.1.4.1.5923.1.1.1.6", Value = RegexReplace(c.Value, "@.*$", "") +"@$($Settings.configuration.StaticValues.schacHomeOrganization)", Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/attributename"] = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri"); "@ Attribute="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" AttributeGroup="ID's" } $TransformRules.eduPersonTargetedID = [PSCustomObject]@{ Rule=@" @RuleName = "compose eduPersonTargetedID" c:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name", Value !~ "^.+\\"] => issue(Type = "urn:oid:1.3.6.1.4.1.5923.1.1.1.10", Value = c.Value, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/attributename"] = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri"); "@ Attribute="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" AttributeGroup="ID's" } $TransformRules.eduPersonUniqueID = [PSCustomObject]@{ Rule=@" @RuleName = "compose eduPersonUniqueID" c:[Type == "urn:mace:dir:attribute-def:eduPersonUniqueID"] => issue(Type = "urn:oid:1.3.6.1.4.1.5923.1.1.1.13", Value = RegExReplace(c.Value, "-", "") + "@$($Settings.configuration.StaticValues.schacHomeOrganization)", Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/attributename"] = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri"); "@ Attribute="urn:mace:dir:attribute-def:eduPersonUniqueID" AttributeGroup="ID's" } $TransformRules["LoginName"] = [PSCustomObject]@{ Rule=@" @RuleName = "Transform LoginName" c:[Type == "http://schemas.xmlsoap.org/claims/samaccountname"] => issue(Type = "LOGINNAME", Value = c.Value, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/attributename"] = "urn:oasis:names:tc:SAML:2.0:assertion"); "@ Attribute="http://schemas.xmlsoap.org/claims/samaccountname" AttributeGroup="ID's" } #endregion #region Personal attributes $TransformRules.givenName = Get-ADFSTkTransformRule -Type "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" ` -Oid "urn:oid:2.5.4.42" ` -AttributeName givenName ` -AttributeGroup "Personal attributes" $TransformRules.sn = Get-ADFSTkTransformRule -Type "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" ` -Oid "urn:oid:2.5.4.4" ` -AttributeName sn ` -AttributeGroup "Personal attributes" $TransformRules.displayName = Get-ADFSTkTransformRule -Type "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/displayname" ` -Oid "urn:oid:2.16.840.1.113730.3.1.241" ` -AttributeName displayName ` -AttributeGroup "Personal attributes" $TransformRules.cn = Get-ADFSTkTransformRule -Type "http://schemas.xmlsoap.org/claims/CommonName" ` -Oid "urn:oid:2.5.4.3" ` -AttributeName cn ` -AttributeGroup "Personal attributes" # $TransformRules.cn = [PSCustomObject]@{ # Rule=@" # # @RuleName = "Transform CommonName" # c1:[Type == "http://schemas.xmlsoap.org/claims/CommonName"] && # c2:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"] && # c3:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"] && # => issue(Type = "urn:oid:2.5.4.3", # Value = c2.Value + " " + c3.Value, # Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/attributename"] = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri"); #"@ # # Attribute=@("givenName","sn") # AttributeGroup="Personal attributes" # } $TransformRules.mail = Get-ADFSTkTransformRule -Type "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" ` -Oid "urn:oid:0.9.2342.19200300.100.1.3" ` -AttributeName mail ` -AttributeGroup "Personal attributes" $TransformRules.personalIdentityNumber = [PSCustomObject]@{ Rule=@" @RuleName = "Transform personalIdentityNumber" c:[Type == "urn:mace:dir:attribute-def:personalIdentityNumber", value =~ "^(18|19|20)?[0-9]{2}((0[0-9])|(10|11|12))((([0-2][0-9])|(3[0-1]))|((6[1-9])|([7-8][0-9])|(9[0-1])))[0-9]{4}$"] => issue(Type = "urn:oid:1.2.752.29.4.13", Value = c.Value, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/attributename"] = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri"); "@ Attribute="urn:mace:dir:attribute-def:personalIdentityNumber" AttributeGroup="Personal attributes" } # $TransformRules.schacDateOfBirth = [PSCustomObject]@{ # Rule=@' # # @RuleName = "Transform schacDateOfBirth" # c:[Type == "urn:mace:dir:attribute-def:schacDateOfBirth", # value =~ "^(18|19|20)?[0-9]{2}((0[0-9])|(10|11|12))((([0-2][0-9])|(3[0-1]))|((6[1-9])|([7-8][0-9])|(9[0-1])))[0-9]{4}$"] # => issue(Type = "urn:oid:1.3.6.1.4.1.25178.1.2.3", # Value = regexReplace (c.Value, "(?<start>^.{1,8}).+$", "${start}"), # Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/attributename"] = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri"); #'@ # # Attribute="urn:mace:dir:attribute-def:schacDateOfBirth" # AttributeGroup="Personal attributes" # } $TransformRules.schacDateOfBirth = [PSCustomObject]@{ Rule=@' @RuleName = "Compose schacDateOfBirth start" c:[Type == "urn:mace:dir:attribute-def:schacDateOfBirth", Value =~ "^(18|19|20)?[0-9]{2}((0[0-9])|(10|11|12))((([0-2][0-9])|(3[0-1]))|((6[1-9])|([7-8][0-9])|(9[0-1])))[0-9]{4}$"] => add(Type = "urn:adfstk:schackdateofbirth:start", Value = regexReplace(c.Value, "(?<start>^.{6}).+$", "${start}")); @RuleName = "Compose schacDateOfBirth middle" c:[Type == "urn:mace:dir:attribute-def:schacDateOfBirth", Value =~ "^(18|19|20)?[0-9]{2}((0[0-9])|(10|11|12))((([0-2][0-9])|(3[0-1]))|((6[1-9])|([7-8][0-9])|(9[0-1])))[0-9]{4}$"] => add(Type = "urn:adfstk:schackdateofbirth:middle", Value = regexReplace(c.Value, "^.{6}(?<middle>\d{1}).+$", "${middle}")); @RuleName = "Compose schacDateOfBirth end" c:[Type == "urn:mace:dir:attribute-def:schacDateOfBirth", Value =~ "^(18|19|20)?[0-9]{2}((0[0-9])|(10|11|12))((([0-2][0-9])|(3[0-1]))|((6[1-9])|([7-8][0-9])|(9[0-1])))[0-9]{4}$"] => add(Type = "urn:adfstk:schackdateofbirth:end", Value = regexReplace(c.Value, "^.{7}(?<end>\d{1}).+$", "${end}")); @RuleName = "Transform schacDateOfBirth 6x->0x" c1:[Type == "urn:adfstk:schackdateofbirth:start"] && c2:[Type == "urn:adfstk:schackdateofbirth:middle", Value == "6"] && c3:[Type == "urn:adfstk:schackdateofbirth:end"] => issue(Type = "urn:oid:1.3.6.1.4.1.25178.1.2.3", Value = c1.Value + "0" + c3.Value, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/attributename"] = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri"); @RuleName = "Transform schacDateOfBirth 7x->1x" c1:[Type == "urn:adfstk:schackdateofbirth:start"] && c2:[Type == "urn:adfstk:schackdateofbirth:middle", Value == "7"] && c3:[Type == "urn:adfstk:schackdateofbirth:end"] => issue(Type = "urn:oid:1.3.6.1.4.1.25178.1.2.3", Value = c1.Value + "1" + c3.Value, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/attributename"] = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri"); @RuleName = "Transform schacDateOfBirth 8x->2x" c1:[Type == "urn:adfstk:schackdateofbirth:start"] && c2:[Type == "urn:adfstk:schackdateofbirth:middle", Value == "8"] && c3:[Type == "urn:adfstk:schackdateofbirth:end"] => issue(Type = "urn:oid:1.3.6.1.4.1.25178.1.2.3", Value = c1.Value + "2" + c3.Value, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/attributename"] = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri"); @RuleName = "Transform schacDateOfBirth 9x->3x" c1:[Type == "urn:adfstk:schackdateofbirth:start"] && c2:[Type == "urn:adfstk:schackdateofbirth:middle", Value == "9"] && c3:[Type == "urn:adfstk:schackdateofbirth:end"] => issue(Type = "urn:oid:1.3.6.1.4.1.25178.1.2.3", Value = c1.Value + "3" + c3.Value, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/attributename"] = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri"); @RuleName = "Transform schacDateOfBirth <=3x" c1:[Type == "urn:adfstk:schackdateofbirth:start"] && c2:[Type == "urn:adfstk:schackdateofbirth:middle", Value =~ "[0-3]"] && c3:[Type == "urn:adfstk:schackdateofbirth:end"] => issue(Type = "urn:oid:1.3.6.1.4.1.25178.1.2.3", Value = c1.Value + c2.Value + c3.Value, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/attributename"] = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri"); '@ Attribute="urn:mace:dir:attribute-def:schacDateOfBirth" AttributeGroup="Personal attributes" } #endregion #region eduPerson Attributes $TransformRules.eduPersonScopedAffiliation = Get-ADFSTkTransformRule -Type "urn:mace:dir:attribute-def:eduPersonScopedAffiliation" ` -Oid "urn:oid:1.3.6.1.4.1.5923.1.1.1.9" ` -AttributeName eduPersonScopedAffiliation ` -AttributeGroup "eduPerson attributes" $TransformRules.eduPersonAffiliation = Get-ADFSTkTransformRule -Type "urn:mace:dir:attribute-def:eduPersonAffiliation" ` -Oid "urn:oid:1.3.6.1.4.1.5923.1.1.1.1" ` -AttributeName eduPersonAffiliation ` -AttributeGroup "eduPerson attributes" $TransformRules.eduPersonPrimaryAffiliation = Get-ADFSTkTransformRule -Type "urn:mace:dir:attribute-def:eduPersonPrimaryAffiliation" ` -Oid "urn:oid:1.3.6.1.4.1.5923.1.1.1.5" ` -AttributeName eduPersonPrimaryAffiliation ` -AttributeGroup "eduPerson attributes" $TransformRules.norEduPersonLIN = Get-ADFSTkTransformRule -Type "urn:mace:dir:attribute-def:norEduPersonLIN" ` -Oid "urn:oid:1.3.6.1.4.1.2428.90.1.4" ` -AttributeName norEduPersonLIN ` -AttributeGroup "norEduPerson attributes" $TransformRules.norEduPersonNIN = [PSCustomObject]@{ Rule=@" @RuleName = "Transform norEduPersonNIN" c:[Type == "urn:mace:dir:attribute-def:norEduPersonNIN", value =~ "^(18|19|20)[0-9]{2}((0[1-9])|(10|11|12))(((0[1-9])|([1-2][0-9])|(3[0-1]))|((6[1-9])|([7-8][0-9])|(9[0-1])))(([PTRSUWXJKLMN]{1}[0-9]{3})|([0-9]{4}))$"] => issue(Type = "urn:oid:1.3.6.1.4.1.2428.90.1.5", Value = c.Value, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/attributename"] = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri"); "@ Attribute="urn:mace:dir:attribute-def:norEduPersonNIN" AttributeGroup="eduPerson attributes" } $TransformRules.eduPersonEntitlement = Get-ADFSTkTransformRule -Type "urn:mace:dir:attribute-def:eduPersonEntitlement" ` -Oid "urn:oid:1.3.6.1.4.1.5923.1.1.1.7" ` -AttributeName eduPersonEntitlement ` -AttributeGroup "eduPerson attributes" $TransformRules.eduPersonAssurance = Get-ADFSTkTransformRule -Type "urn:mace:dir:attribute-def:eduPersonAssurance" ` -Oid "urn:oid:1.3.6.1.4.1.5923.1.1.1.11" ` -AttributeName eduPersonAssurance ` -AttributeGroup "eduPerson attributes" $TransformRules.eduPersonOrcid = Get-ADFSTkTransformRule -Type "urn:mace:dir:attribute-def:eduPersonOrcid" ` -Oid "urn:oid:1.3.6.1.4.1.5923.1.1.1.16" ` -AttributeName eduPersonOrcid ` -AttributeGroup "norEduPerson attributes" #endregion #region Load local institution transform rules if they exists if (Test-Path $Global:ADFSTkPaths.institutionLocalTransformRulesFile) { Write-ADFSTkVerboseLog (Get-ADFSTkLanguageText rulesFederationLocalTransformRulesFoundFile) try { Write-ADFSTkVerboseLog (Get-ADFSTkLanguageText rulesFederationLocalTransformRulesFile) . $Global:ADFSTkPaths.institutionLocalTransformRulesFile if (Test-Path function:Get-ADFSTkLocalTransformRules) { $localTransformRules = Get-ADFSTkLocalTransformRules Write-ADFSTkVerboseLog (Get-ADFSTkLanguageText rulesFederationLocalTransformRulesFound -f $localTransformRules.Count) foreach ($transformRule in $localTransformRules.Keys) { #Add or replace the standard Entoty Category with the federation one if ($TransformRules.ContainsKey($transformRule)) { Write-ADFSTkVerboseLog (Get-ADFSTkLanguageText rulesFederationLocalTransformRulesOverwrite -f $transformRule) } else { Write-ADFSTkVerboseLog (Get-ADFSTkLanguageText rulesFederationLocalTransformRulesAdd -f $transformRule) } $TransformRules.$transformRule = $localTransformRules.$transformRule } } else { Write-ADFSTkLog (Get-ADFSTkLanguageText rulesFederationLocalTransformRulesLoadFail) -EntryType Error } } catch { Write-ADFSTkLog (Get-ADFSTkLanguageText rulesFederationLocalTransformRulesLoadFail) -EntryType Error } } else { Write-ADFSTkVerboseLog (Get-ADFSTkLanguageText rulesFederationLocalTransformRulesFileNotFound) } #endregion $TransformRules } # SIG # Begin signature block # MIId2QYJKoZIhvcNAQcCoIIdyjCCHcYCAQExCzAJBgUrDgMCGgUAMGkGCisGAQQB # gjcCAQSgWzBZMDQGCisGAQQBgjcCAR4wJgIDAQAABBAfzDtgWUsITrck0sYpfvNR # AgEAAgEAAgEAAgEAAgEAMCEwCQYFKw4DAhoFAAQUbRKYzLAajlkuYYBigDYd2rqv # exagghisMIIEfTCCA2WgAwIBAgIDG+cVMA0GCSqGSIb3DQEBCwUAMGMxCzAJBgNV # BAYTAlVTMSEwHwYDVQQKExhUaGUgR28gRGFkZHkgR3JvdXAsIEluYy4xMTAvBgNV # BAsTKEdvIERhZGR5IENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcN # MTQwMTAxMDcwMDAwWhcNMzEwNTMwMDcwMDAwWjCBgzELMAkGA1UEBhMCVVMxEDAO # BgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoTEUdv # RGFkZHkuY29tLCBJbmMuMTEwLwYDVQQDEyhHbyBEYWRkeSBSb290IENlcnRpZmlj # YXRlIEF1dGhvcml0eSAtIEcyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC # AQEAv3FiCPH6WTT3G8kYo/eASVjpIoMTpsUgQwE7hPHmhUmfJ+r2hBtOoLTbcJjH # MgGxBT4HTu70+k8vWTAi56sZVmvigAf88xZ1gDlRe+X5NbZ0TqmNghPktj+pA4P6 # or6KFWp/3gvDthkUBcrqw6gElDtGfDIN8wBmIsiNaW02jBEYt9OyHGC0OPoCjM7T # 3UYH3go+6118yHz7sCtTpJJiaVElBWEaRIGMLKlDliPfrDqBmg4pxRyp6V0etp6e # MAo5zvGIgPtLXcwy7IViQyU0AlYnAZG0O3AqP26x6JyIAX2f1PnbU21gnb8s51ir # uF9G/M7EGwM8CetJMVxpRrPgRwIDAQABo4IBFzCCARMwDwYDVR0TAQH/BAUwAwEB # /zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFDqahQcQZyi27/a9BUFuIMGU2g/e # MB8GA1UdIwQYMBaAFNLEsNKR1EwRcbNhyz2h/t2oatTjMDQGCCsGAQUFBwEBBCgw # JjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZ29kYWRkeS5jb20vMDIGA1UdHwQr # MCkwJ6AloCOGIWh0dHA6Ly9jcmwuZ29kYWRkeS5jb20vZ2Ryb290LmNybDBGBgNV # HSAEPzA9MDsGBFUdIAAwMzAxBggrBgEFBQcCARYlaHR0cHM6Ly9jZXJ0cy5nb2Rh # ZGR5LmNvbS9yZXBvc2l0b3J5LzANBgkqhkiG9w0BAQsFAAOCAQEAWQtTvZKGEack # e+1bMc8dH2xwxbhuvk679r6XUOEwf7ooXGKUwuN+M/f7QnaF25UcjCJYdQkMiGVn # OQoWCcWgOJekxSOTP7QYpgEGRJHjp2kntFolfzq3Ms3dhP8qOCkzpN1nsoX+oYgg # HFCJyNwq9kIDN0zmiN/VryTyscPfzLXs4Jlet0lUIDyUGAzHHFIYSaRt4bNYC8nY # 7NmuHDKOKHAN4v6mF56ED71XcLNa6R+ghlO773z/aQvgSMO3kwvIClTErF0UZzds # yqUvMQg3qm5vjLyb4lddJIGvl5echK1srDdMZvNhkREg5L4wn3qkKQmw4TRfZHcY # QFHfjDCmrzCCBNAwggO4oAMCAQICAQcwDQYJKoZIhvcNAQELBQAwgYMxCzAJBgNV # BAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRow # GAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjExMC8GA1UEAxMoR28gRGFkZHkgUm9v # dCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjAeFw0xMTA1MDMwNzAwMDBaFw0z # MTA1MDMwNzAwMDBaMIG0MQswCQYDVQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTET # MBEGA1UEBxMKU2NvdHRzZGFsZTEaMBgGA1UEChMRR29EYWRkeS5jb20sIEluYy4x # LTArBgNVBAsTJGh0dHA6Ly9jZXJ0cy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5LzEz # MDEGA1UEAxMqR28gRGFkZHkgU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eSAt # IEcyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAueDLENSvdr3Uk2Lr # MGS4gQhswwTZYheOL/8+Zc+PzmLmPFIc2hZFS1WreGtjg2KQzg9pbJnIGhSLTMxF # M+qI3J6jryv+gGGdeVfEzy70PzA8XUf8mha8wzeWQVGOEUtU+Ci+0Iy+8DA4HvOw # JvhmR2Nt3nEmR484R1PRRh2049wA6kWsvbxx2apvANvbzTA6eU9fTEf4He9bwsSd # YDuxskOR2KQzTuqz1idPrSWKpcb01dCmrnQFZFeItURV1C0qOj74uL3pMgoClGTE # FjpQ8Uqu53kzrwwgB3/o3wQ5wmkCbGNS+nfBG8h0h8i5kxhQVDVLaU68O9NJLh/c # wdJS+wIDAQABo4IBGjCCARYwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC # AQYwHQYDVR0OBBYEFEDCvSeOzDSDMKIz1/tss/C0LIDOMB8GA1UdIwQYMBaAFDqa # hQcQZyi27/a9BUFuIMGU2g/eMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYY # aHR0cDovL29jc3AuZ29kYWRkeS5jb20vMDUGA1UdHwQuMCwwKqAooCaGJGh0dHA6 # Ly9jcmwuZ29kYWRkeS5jb20vZ2Ryb290LWcyLmNybDBGBgNVHSAEPzA9MDsGBFUd # IAAwMzAxBggrBgEFBQcCARYlaHR0cHM6Ly9jZXJ0cy5nb2RhZGR5LmNvbS9yZXBv # c2l0b3J5LzANBgkqhkiG9w0BAQsFAAOCAQEACH5skxDIOLiWqZBL/6FfTwTvbD6c # iAbJUI+mc/dXMRu+vOQv2/i601vgtOfmeWIODKLXamNzMbX1qEikOwgtol2Q17R8 # JU8RVjDEtkSdeyyd5V7m7wxhqr/kKhvuhJ64g33BQ85EpxNwDZEf9MgTrYNg2dhy # qHMkHrWsIg7KF4liWEQbq4klAQAPzcQbYttRtNMPUSqb9Lxz/HbONqTN2dgs6q6b # 9SqykNFNdRiKP4pBkCN9W0v+pANYm0ayw2Bgg/h9UEHOwqGQw7vvAi/SFVTuRBXZ # Cq6nijPtsS12NibcBOuf92EfFdyHb+5GliitoSZ9CgmnLgSjjbz4vAQwATCCBP4w # ggPmoAMCAQICEA1CSuC+Ooj/YEAhzhQA8N0wDQYJKoZIhvcNAQELBQAwcjELMAkG # A1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRp # Z2ljZXJ0LmNvbTExMC8GA1UEAxMoRGlnaUNlcnQgU0hBMiBBc3N1cmVkIElEIFRp # bWVzdGFtcGluZyBDQTAeFw0yMTAxMDEwMDAwMDBaFw0zMTAxMDYwMDAwMDBaMEgx # CzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5EaWdpQ2VydCwgSW5jLjEgMB4GA1UEAxMX # RGlnaUNlcnQgVGltZXN0YW1wIDIwMjEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw # ggEKAoIBAQDC5mGEZ8WK9Q0IpEXKY2tR1zoRQr0KdXVNlLQMULUmEP4dyG+RawyW # 5xpcSO9E5b+bYc0VkWJauP9nC5xj/TZqgfop+N0rcIXeAhjzeG28ffnHbQk9vmp2 # h+mKvfiEXR52yeTGdnY6U9HR01o2j8aj4S8bOrdh1nPsTm0zinxdRS1LsVDmQTo3 # VobckyON91Al6GTm3dOPL1e1hyDrDo4s1SPa9E14RuMDgzEpSlwMMYpKjIjF9zBa # +RSvFV9sQ0kJ/SYjU/aNY+gaq1uxHTDCm2mCtNv8VlS8H6GHq756WwogL0sJyZWn # jbL61mOLTqVyHO6fegFz+BnW/g1JhL0BAgMBAAGjggG4MIIBtDAOBgNVHQ8BAf8E # BAMCB4AwDAYDVR0TAQH/BAIwADAWBgNVHSUBAf8EDDAKBggrBgEFBQcDCDBBBgNV # HSAEOjA4MDYGCWCGSAGG/WwHATApMCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LmRp # Z2ljZXJ0LmNvbS9DUFMwHwYDVR0jBBgwFoAU9LbhIB3+Ka7S5GGlsqIlssgXNW4w # HQYDVR0OBBYEFDZEho6kurBmvrwoLR1ENt3janq8MHEGA1UdHwRqMGgwMqAwoC6G # LGh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9zaGEyLWFzc3VyZWQtdHMuY3JsMDKg # MKAuhixodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc2hhMi1hc3N1cmVkLXRzLmNy # bDCBhQYIKwYBBQUHAQEEeTB3MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdp # Y2VydC5jb20wTwYIKwYBBQUHMAKGQ2h0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNv # bS9EaWdpQ2VydFNIQTJBc3N1cmVkSURUaW1lc3RhbXBpbmdDQS5jcnQwDQYJKoZI # hvcNAQELBQADggEBAEgc3LXpmiO85xrnIA6OZ0b9QnJRdAojR6OrktIlxHBZvhSg # 5SeBpU0UFRkHefDRBMOG2Tu9/kQCZk3taaQP9rhwz2Lo9VFKeHk2eie38+dSn5On # 7UOee+e03UEiifuHokYDTvz0/rdkd2NfI1Jpg4L6GlPtkMyNoRdzDfTzZTlwS/Oc # 1np72gy8PTLQG8v1Yfx1CAB2vIEO+MDhXM/EEXLnG2RJ2CKadRVC9S0yOIHa9GCi # urRS+1zgYSQlT7LfySmoc0NR2r1j1h9bm/cuG08THfdKDXF+l7f0P4TrweOjSaH6 # zqe/Vs+6WXZhiV9+p7SOZ3j5NpjhyyjaW4emii8wggUcMIIEBKADAgECAghlwdCS # Sbw71zANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0Fy # aXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoTEUdvRGFkZHkuY29t # LCBJbmMuMS0wKwYDVQQLEyRodHRwOi8vY2VydHMuZ29kYWRkeS5jb20vcmVwb3Np # dG9yeS8xMzAxBgNVBAMTKkdvIERhZGR5IFNlY3VyZSBDZXJ0aWZpY2F0ZSBBdXRo # b3JpdHkgLSBHMjAeFw0yMTAxMTkxODM3MzZaFw0yMjAzMDgxODU4MDBaMF4xCzAJ # BgNVBAYTAkNBMRAwDgYDVQQIEwdPbnRhcmlvMQ8wDQYDVQQHEwZPdHRhd2ExFTAT # BgNVBAoTDENBTkFSSUUgSW5jLjEVMBMGA1UEAxMMQ0FOQVJJRSBJbmMuMIIBIjAN # BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2YXwoxaok5jdbi6MkosZ8Gjo3/2Q # C/T+kr45QmgQNprraKKxIJ81D/B5ziHLzEYBDD5qWmfHoDPdwZsfXeNcaGq7EKQj # dw4WDqPm931pz7nFbacW7pdjhXj7+t5sP7r6/napL+G/3904PopUG6bDaJ274fTC # hBb/D5/ZKI9Mklfqsc9+D8U1QHuoP/6Xpd/94vX6opQpyBHMeM4P/jSgXjlkTkrO # KF6NyLwY1a7p5s/mLonkq+/E6iBOoQ/CRdqtcCsHzAd/se3RF2QLrPVrSFP6iEwE # 7RHzvUAIK62C+BdTCzfqLEqfJsuXgjo5y00HOO6ue+Fd80IbCB1u8gVy3QIDAQAB # o4IBhTCCAYEwDAYDVR0TAQH/BAIwADATBgNVHSUEDDAKBggrBgEFBQcDAzAOBgNV # HQ8BAf8EBAMCB4AwNQYDVR0fBC4wLDAqoCigJoYkaHR0cDovL2NybC5nb2RhZGR5 # LmNvbS9nZGlnMnM1LTYuY3JsMF0GA1UdIARWMFQwSAYLYIZIAYb9bQEHFwIwOTA3 # BggrBgEFBQcCARYraHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBv # c2l0b3J5LzAIBgZngQwBBAEwdgYIKwYBBQUHAQEEajBoMCQGCCsGAQUFBzABhhho # dHRwOi8vb2NzcC5nb2RhZGR5LmNvbS8wQAYIKwYBBQUHMAKGNGh0dHA6Ly9jZXJ0 # aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeS9nZGlnMi5jcnQwHwYDVR0j # BBgwFoAUQMK9J47MNIMwojPX+2yz8LQsgM4wHQYDVR0OBBYEFFD5zINp5mEvJe65 # msd8HlZK4M+QMA0GCSqGSIb3DQEBCwUAA4IBAQBmmyS7tPYHWB7e2TG6SeNOPGSI # l8FSxPxzXJwKU4ITWh50kojCNsU7Jm6zP5WLJqcBbsLNXNnzAb8g0YJM0f+PkSI6 # ECaS6x8tUAAWJVgCCjKnRZn6rctEAKYCJBjdvrHDMSjFiRjQ/KqdyjPuQvEzU7Dt # ID1X3Wmq19k5izOsiEHIMQ/GGTHdJqnUe63Anm4DHgHRy2D0LvxzNAo96rcxcfwm # c8/dwgJYfA8ecKKnjSYsUDCytvDIVPMujUjeaCpw//BBErnUc18qKMGdjeGCc8sn # uVC/acYZ4gyrOOOMNa+V3I0GA6NdRvGOLqeF1tXBbSzbpR2HCoQJ0O1x7MMTMIIF # MTCCBBmgAwIBAgIQCqEl1tYyG35B5AXaNpfCFTANBgkqhkiG9w0BAQsFADBlMQsw # CQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cu # ZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3Qg # Q0EwHhcNMTYwMTA3MTIwMDAwWhcNMzEwMTA3MTIwMDAwWjByMQswCQYDVQQGEwJV # UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQu # Y29tMTEwLwYDVQQDEyhEaWdpQ2VydCBTSEEyIEFzc3VyZWQgSUQgVGltZXN0YW1w # aW5nIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvdAy7kvNj3/d # qbqCmcU5VChXtiNKxA4HRTNREH3Q+X1NaH7ntqD0jbOI5Je/YyGQmL8TvFfTw+F+ # CNZqFAA49y4eO+7MpvYyWf5fZT/gm+vjRkcGGlV+Cyd+wKL1oODeIj8O/36V+/Oj # uiI+GKwR5PCZA207hXwJ0+5dyJoLVOOoCXFr4M8iEA91z3FyTgqt30A6XLdR4aF5 # FMZNJCMwXbzsPGBqrC8HzP3w6kfZiFBe/WZuVmEnKYmEUeaC50ZQ/ZQqLKfkdT66 # mA+Ef58xFNat1fJky3seBdCEGXIX8RcG7z3N1k3vBkL9olMqT4UdxB08r8/arBD1 # 3ays6Vb/kwIDAQABo4IBzjCCAcowHQYDVR0OBBYEFPS24SAd/imu0uRhpbKiJbLI # FzVuMB8GA1UdIwQYMBaAFEXroq/0ksuCMS1Ri6enIZ3zbcgPMBIGA1UdEwEB/wQI # MAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMBMGA1UdJQQMMAoGCCsGAQUFBwMIMHkG # CCsGAQUFBwEBBG0wazAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQu # Y29tMEMGCCsGAQUFBzAChjdodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGln # aUNlcnRBc3N1cmVkSURSb290Q0EuY3J0MIGBBgNVHR8EejB4MDqgOKA2hjRodHRw # Oi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRBc3N1cmVkSURSb290Q0EuY3Js # MDqgOKA2hjRodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRBc3N1cmVk # SURSb290Q0EuY3JsMFAGA1UdIARJMEcwOAYKYIZIAYb9bAACBDAqMCgGCCsGAQUF # BwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAsGCWCGSAGG/WwHATAN # BgkqhkiG9w0BAQsFAAOCAQEAcZUS6VGHVmnN793afKpjerN4zwY3QITvS4S/ys8D # Av3Fp8MOIEIsr3fzKx8MIVoqtwU0HWqumfgnoma/Capg33akOpMP+LLR2HwZYuhe # giUexLoceywh4tZbLBQ1QwRostt1AuByx5jWPGTlH0gQGF+JOGFNYkYkh2OMkVIs # rymJ5Xgf1gsUpYDXEkdws3XVk4WTfraSZ/tTYYmo9WuWwPRYaQ18yAGxuSh1t5lj # hSKMYcp5lH5Z/IwP42+1ASa2bKXuh1Eh5Fhgm7oMLSttosR+u8QlK0cCCHxJrhO2 # 4XxCQijGGFbPQTS2Zl22dHv1VjMiLyI2skuiSpXY9aaOUjGCBJcwggSTAgEBMIHB # MIG0MQswCQYDVQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2Nv # dHRzZGFsZTEaMBgGA1UEChMRR29EYWRkeS5jb20sIEluYy4xLTArBgNVBAsTJGh0 # dHA6Ly9jZXJ0cy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5LzEzMDEGA1UEAxMqR28g # RGFkZHkgU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyAghlwdCSSbw7 # 1zAJBgUrDgMCGgUAoHgwGAYKKwYBBAGCNwIBDDEKMAigAoAAoQKAADAZBgkqhkiG # 9w0BCQMxDAYKKwYBBAGCNwIBBDAcBgorBgEEAYI3AgELMQ4wDAYKKwYBBAGCNwIB # FTAjBgkqhkiG9w0BCQQxFgQUEGMVwq+Qe1MO8ZetwucjJuxIByAwDQYJKoZIhvcN # AQEBBQAEggEAh142oFpF4eR0oFA7G2AkYZjyQyJb8Z9poLY0/iD7RcQ7wos4uVvX # p8SgVUHPKpMS6re46t8Hs8TwZ2wnLkN42vo66wsNVjsRmZWutsJjn7S/fNjZlVOe # fcWuPXi742+Rw+BlCKsMCHKJPfmnWrQagc4Dvex3oX4rEV84mxfTzYMaJOj8f3wS # 4LkNS1XzovKgLnDUeqk6Qq+pSBjj+5vADju6QKuX7VD0R944vWDCSjQZFiJ8sGVi # jB3X5BTLHYDVM0JAs0Mdehr120tSLDCtY9hop/r4DoPKPDYBKi3cnfhoVLjkvTLX # pSpdVwSSHJbqT89djWfVOBCF1O0w33aNiKGCAjAwggIsBgkqhkiG9w0BCQYxggId # MIICGQIBATCBhjByMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5j # MRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMTEwLwYDVQQDEyhEaWdpQ2VydCBT # SEEyIEFzc3VyZWQgSUQgVGltZXN0YW1waW5nIENBAhANQkrgvjqI/2BAIc4UAPDd # MA0GCWCGSAFlAwQCAQUAoGkwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkq # hkiG9w0BCQUxDxcNMjEwMzEwMjIyMzQ2WjAvBgkqhkiG9w0BCQQxIgQgqAKe6tiI # 5BBV4EJgrLmGlM+p+ufO+BtHEYVvEFhBVJAwDQYJKoZIhvcNAQEBBQAEggEAtXSY # UVtgmk3JzSrA/aGhyFn5IUuOUXq1Rrkwprrftk7PMax0RSbEQPsZVeDW1lS8Pvpy # LlCrLp1o3GwfKWvc38+T1XNkg6ymqz5D7+liK0W/CFCwo/Ww770XY6qUNjnOqN+5 # +FimZ9B1PNKGkSUDsX9jwBeWCDQr2vfG0czVVLnKXEPBKvyVZSrT2s2vfz60Hp0J # /e1b44aI5TQJUBWcoVo90ZG282JVNPTFKsaIumDe30XaqRBi0dBO/1BAiv26gj0/ # hOZWNqF1e+rq7gU+u2DVRFrXeLcuoouYiRLkMAwB8glPmCuA8QyP3s1KxRkM00FV # 3S4U0i4I1BxkB/+hiA== # SIG # End signature block |