Public/Import-ADFSTkMetadata.ps1
|
#Requires -Version 5.1 #Requires -RunAsAdministrator function Import-ADFSTkMetadata { [CmdletBinding(DefaultParameterSetName = 'AllSPs', SupportsShouldProcess = $true)] param ( [Parameter(ParameterSetName = 'SingleSP', Mandatory = $true, ValueFromPipelineByPropertyName = $true, Position = 0)] $EntityId, [Parameter(ParameterSetName = 'SingleSP', Mandatory = $false, ValueFromPipelineByPropertyName = $true, Position = 1)] $EntityBase, [string]$ConfigFile, [string]$LocalMetadataFile, [string[]]$ForcedEntityCategories, [Parameter(ParameterSetName = 'AllSPs')] [switch] $ProcessWholeMetadata, [switch]$ForceUpdate, [Parameter(ParameterSetName = 'AllSPs')] [switch] $AddRemoveOnly, #The time in minutes the chached metadatafile live [int] $CacheTime = 15, #The maximum SPs to add in one run (to prevent throttling). Is used when the script recusrive calls itself [int] $MaxSPAdditions = 80, [switch]$Silent, [switch]$criticalHealthChecksOnly, #If this switch is not provided the memory cache will be deleted [switch] $PreserveMemoryCache ) process { #$CompatibleConfigVersion = "1.3" #Check if we should avoid deleting memory cache if (!$PSBoundParameters.ContainsKey('PreserveMemoryCache') -or ($PSBoundParameters.ContainsKey('PreserveMemoryCache') -and $PreserveMemoryCache -eq $false)) { Remove-ADFSTkCache -AttributeMemoryCache } #Get All paths if ([string]::IsNullOrEmpty($Global:ADFSTkPaths)) { $Global:ADFSTkPaths = Get-ADFSTKPaths } try { # Add some variables $md5 = new-object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider $utf8 = new-object -TypeName System.Text.UTF8Encoding # load configuration file if (!(Test-Path ( $ConfigFile ))) { throw (Get-ADFSTkLanguageText cFileDontExist -f $ConfigFile) } else { [xml]$Settings = Get-Content ($ConfigFile) } # set appropriate logging via EventLog mechanisms if (Verify-ADFSTkEventLogUsage) { #If we evaluated as true, the eventlog is now set up and we link the WriteADFSTklog to it Write-ADFSTkLog -SetEventLogName $Settings.configuration.logging.LogName -SetEventLogSource $Settings.configuration.logging.Source } else { # No Event logging is enabled, just this one to a file Write-ADFSTkLog (Get-ADFSTkLanguageText importEventLogMissingInSettings) -MajorFault } #Check against compatible version #if ([float]$Settings.configuration.ConfigVersion -lt [float]$CompatibleConfigVersion) #{ # Write-ADFSTkLog (Get-ADFSTkLanguageText importIncompatibleInstitutionConfigVersion -f $Settings.configuration.ConfigVersion, $CompatibleConfigVersion) -MajorFault #} if ($PSBoundParameters.ContainsKey('criticalHealthChecksOnly') -and $criticalHealthChecksOnly -ne $false) { $healthCheckResult = Get-ADFSTkHealth -ConfigFile $ConfigFile -HealthCheckMode CriticalOnly } else { $healthCheckResult = Get-ADFSTkHealth -ConfigFile $ConfigFile -HealthCheckMode Full } if ($healthCheckResult -eq $false) { Write-ADFSTkLog "The Health Check of ADFS Toolkit did not pass! Check earlier log entries to see what's wrong." -MajorFault } #region Get static values from configuration file $mypath = $ExecutionContext.SessionState.Path.GetUnresolvedProviderPathFromPSPath('.\') Write-ADFSTkVerboseLog (Get-ADFSTkLanguageText importStarted) -EntryType Information Write-ADFSTkLog (Get-ADFSTkLanguageText importCurrentPath -f $Global:ADFSTkPaths.modulePath) -EventID 1 #endregion #region Get SP Hash if ([string]::IsNullOrEmpty($Settings.configuration.SPHashFile)) { Write-ADFSTkLog (Get-ADFSTkLanguageText importMissingSPHashFileInConfig -f $ConfigFile) -MajorFault } else { $SPHashFile = Join-Path $Global:ADFSTkPaths.cacheDir $Settings.configuration.SPHashFile Write-ADFSTkLog (Get-ADFSTkLanguageText importSettingSPHashFileTo -f $SPHashFile) -EventID 2 } if (Test-Path $SPHashFile) { try { $SPHashList = Import-Clixml $SPHashFile } catch { Write-ADFSTkVerboseLog (Get-ADFSTkLanguageText importCouldNotImportSPHashFile) $SPHashFileItem = Get-ChildItem $SPHashFile Rename-Item -Path $SPHashFile -NewName ("{0}_{1}.{2}" -f $SPHashFileItem.BaseName, ([guid]::NewGuid()).Guid, $SPHashFileItem.Extension) $SPHashList = @{} } } else { $SPHashList = @{} } #endregion #region Getting Metadata #Cached Metadata file #$CachedMetadataFile = Join-Path $Settings.configuration.WorkingPath -ChildPath $Settings.configuration.CacheDir | Join-Path -ChildPath $Settings.configuration.MetadataCacheFile $CachedMetadataFile = Join-Path $Global:ADFSTkPaths.cacheDir $Settings.configuration.MetadataCacheFile Write-ADFSTkLog (Get-ADFSTkLanguageText importSettingCachedMetadataFile -f $CachedMetadataFile) -EventID 3 if ($LocalMetadataFile) { try { $MetadataXML = new-object Xml.XmlDocument $MetadataXML.PreserveWhitespace = $true $MetadataXML.Load($LocalMetadataFile) Write-ADFSTkVerboseLog (Get-ADFSTkLanguageText importSuccessfullyLoadedLocalMetadataFile) -EntryType Information } catch { Write-ADFSTkLog (Get-ADFSTkLanguageText importCouldNotLoadLocalMetadataFile) -MajorFault -EventID 4 } } if ($MetadataXML -eq $null) { # $UseCachedMetadata = $false # if (($CacheTime -eq -1 -or $CacheTime -gt 0) -and (Test-Path $CachedMetadataFile)) #CacheTime = -1 allways use cached metadata if exists # { # if ($CacheTime -eq -1 -or (Get-ChildItem $CachedMetadataFile).LastWriteTime.AddMinutes($CacheTime) -ge (Get-Date)) # { # $UseCachedMetadata = $true # try # { # #[xml]$MetadataXML = Get-Content $CachedMetadataFile # $MetadataXML = new-object Xml.XmlDocument # $MetadataXML.PreserveWhitespace = $true # $MetadataXML.Load($CachedMetadataFile) # # if ([string]::IsNullOrEmpty($MetadataXML)) # { # Write-ADFSTkLog (Get-ADFSTkLanguageText importCachedMetadataEmptyDownloading) -EntryType Error -EventID 5 # $UseCachedMetadata = $false # } # } # catch # { # Write-ADFSTkLog (Get-ADFSTkLanguageText importCachedMetadataCorruptDownloading) -EntryType Error -EventID 6 # $UseCachedMetadata = $false # } # } # else # { # $UseCachedMetadata = $false # Remove-Item $CachedMetadataFile -Confirm:$false # } # } # # if (!$UseCachedMetadata) # { # # #Get Metadata URL from config # if ([string]::IsNullOrEmpty($Settings.configuration.metadataURL)) # { # $metadataURL = 'https://localhost/metadata.xml' #Just for fallback # } # else # { # $metadataURL = $Settings.configuration.metadataURL # } # # Write-ADFSTkVerboseLog (Get-ADFSTkLanguageText importDownloadingMetadataFrom) -EntryType Information # # try # { # Write-ADFSTkVerboseLog (Get-ADFSTkLanguageText importDownloadingFromTo -f $metadataURL, $CachedMetadataFile) -EntryType Information # # $webClient = New-Object System.Net.WebClient # $webClient.Headers.Add("user-agent", "ADFSToolkit") # $webClient.DownloadFile($metadataURL, $CachedMetadataFile) # # Write-ADFSTkVerboseLog (Get-ADFSTkLanguageText importSuccesfullyDownloadedMetadataFrom -f $metadataURL) -EntryType Information # } # catch # { # Write-ADFSTkLog (Get-ADFSTkLanguageText importCouldNotDownloadMetadataFrom -f $metadataURL) -MajorFault -EventID 7 # } # # try # { # Write-ADFSTkVerboseLog (Get-ADFSTkLanguageText importParsingMetadataXML) -EntryType Information # $MetadataXML = new-object Xml.XmlDocument # $MetadataXML.PreserveWhitespace = $true # $MetadataXML.Load($CachedMetadataFile) # #$MetadataXML = [xml]$Metadata.Content # Write-ADFSTkVerboseLog (Get-ADFSTkLanguageText importSuccessfullyParsedMetadataXMLFrom -f $metadataURL) -EntryType Information # } # catch # { # Write-ADFSTkLog (Get-ADFSTkLanguageText importCouldNotParseMetadataFrom -f $metadataURL) -MajorFault -EventID 8 # } # } $MetadataXML = Get-ADFSTkMetadata -CacheTime $CacheTime -CachedMetadataFile $CachedMetadataFile -metadataURL $Settings.configuration.metadataURL } # Assert that the metadata we are about to process is not zero bytes after all this if (Test-Path $CachedMetadataFile) { $MyFileSize = (Get-Item $CachedMetadataFile).length if ((Get-Item $CachedMetadataFile).length -gt 0kb) { Write-ADFSTkLog (Get-ADFSTkLanguageText importMetadataFileSize -f $MyFileSize) -EventID 9 } else { Write-ADFSTkLog (Get-ADFSTkLanguageText importCachedMetadataFileIsZeroBytes -f $CachedMetadataFile) -EventID 10 } } #endregion #Verify Metadata Signing Cert if ($Global:ADFSTkSkipMetadataSignatureCheck -ne $true) { Write-ADFSTkVerboseLog (Get-ADFSTkLanguageText importVerifyingSigningCert) -EntryType Information Write-ADFSTkVerboseLog (Get-ADFSTkLanguageText importEnsuringSHA256) -EntryType Information Update-SHA256AlgXmlDSigSupport if (Verify-ADFSTkSigningCert $MetadataXML.EntitiesDescriptor.Signature.KeyInfo.X509Data.X509Certificate) { Write-ADFSTkVerboseLog (Get-ADFSTkLanguageText importSuccessfullyVerifiedMetadataCert) -EntryType Information } else { Write-ADFSTkLog (Get-ADFSTkLanguageText importMetadataCertIncorrect) -MajorFault -EventID 11 } #Verify Metadata Signature Write-ADFSTkVerboseLog (Get-ADFSTkLanguageText importVerifyingMetadataSignature) -EntryType Information if (Verify-ADFSTkMetadataSignature $MetadataXML) { Write-ADFSTkVerboseLog (Get-ADFSTkLanguageText importSuccessfullyVerifiedMetadataSignature) -EntryType Information } else { Write-ADFSTkLog (Get-ADFSTkLanguageText importMetadataSignatureFailed) -MajorFault -EventID 12 } } #region Read/Create file with $RawAllSPs = $MetadataXML.EntitiesDescriptor.EntityDescriptor | ? { $_.SPSSODescriptor -ne $null } $myRawAllSPsCount = $RawALLSps.count Write-ADFSTkVerboseLog (Get-ADFSTkLanguageText importTotalNumberOfSPs -f $myRawAllSPsCount) if ($ProcessWholeMetadata) { Write-ADFSTkLog (Get-ADFSTkLanguageText importProcessingWholeMetadata) -EntryType Information -EventID 13 $AllSPs = $MetadataXML.EntitiesDescriptor.EntityDescriptor | ? { $_.SPSSODescriptor -ne $null } $myAllSPsCount = $ALLSPs.count Write-ADFSTkVerboseLog (Get-ADFSTkLanguageText importNumberOfSPsAfterFilter -f $myAllSPsCount) Write-ADFSTkVerboseLog (Get-ADFSTkLanguageText importCalculatingChanges) $AllSPs | % { $SwamidSPs = @() $SwamidSPsToProcess = @() } { Write-ADFSTkVerboseLog (Get-ADFSTkLanguageText cWorkingWith -f $_.EntityID) $SwamidSPs += $_.EntityId if (Check-ADFSTkSPHasChanged $_) { $SwamidSPsToProcess += $_ } #else #{ # Write-ADFSTkVerboseLog "Skipped due to no changes in metadata..." #} } { Write-ADFSTkVerboseLog (Get-ADFSTkLanguageText cDone) $n = $SwamidSPsToProcess.Count Write-ADFSTkVerboseLog (Get-ADFSTkLanguageText importFoundXNewChangedSPs -f $n) $batches = [Math]::Ceiling($n / $MaxSPAdditions) Write-ADFSTkVerboseLog (Get-ADFSTkLanguageText importBatchCount -f $batches) if ($n -gt 0) { if ($batches -gt 1) { for ($i = 1; $i -le $batches; $i++) { $ADFSTkModuleBase = Join-Path $Global:ADFSTkPaths.modulePath ADFSToolkit.psm1 Write-ADFSTkLog (Get-ADFSTkLanguageText importWorkingWithBatch -f $i, $batches, $ADFSTkModuleBase) -EventID 14 $runCommand = "-Command & {" if ($Global:ADFSTkSkipNotSignedHealthCheck -eq $true) { $runCommand += '$Global:ADFSTkSkipNotSignedHealthCheck = $true;' } $runCommand += "Import-ADFSTkMetadata -MaxSPAdditions $MaxSPAdditions -CacheTime -1 -ConfigFile '$ConfigFile'" if ($PSBoundParameters.ContainsKey("Silent") -and $Silent -ne $false) { $runCommand += " -Silent" } if ($PSBoundParameters.ContainsKey("criticalHealthChecksOnly") -and $criticalHealthChecksOnly -ne $false) { $runCommand += " -criticalHealthChecksOnly" } if ($PSBoundParameters.ContainsKey("ForceUpdate") -and $ForceUpdate -ne $false) { $runCommand += " -ForceUpdate" } if ($PSBoundParameters.ContainsKey("WhatIf") -and $WhatIf -ne $false) { $runCommand += " -WhatIf" } $runCommand += " ;Exit}" Start-Process -WorkingDirectory $ExecutionContext.SessionState.Path.GetUnresolvedProviderPathFromPSPath('.\') -FilePath "$env:SystemRoot\system32\WindowsPowerShell\v1.0\powershell.exe" -ArgumentList "-NoExit", $runCommand -Wait -NoNewWindow Write-ADFSTkLog (Get-ADFSTkLanguageText cDone) -EventID 15 } } else { $SwamidSPsToProcess | % { Processes-ADFSTkRelyingPartyTrust $_ } } } # Checking if any Relying Party Trusts show be removed $NamePrefix = $Settings.configuration.MetadataPrefix $Sep = $Settings.configuration.MetadataPrefixSeparator $FilterString = "$NamePrefix$Sep" Write-ADFSTkLog (Get-ADFSTkLanguageText importCheckingForRemovedRPsUsingFilter -f $FilterString) -EventID 16 $CurrentSwamidSPs = Get-ADFSRelyingPartyTrust | ? { $_.Name -like "$FilterString*" } | select -ExpandProperty Identifier if ($CurrentSwamidSPs -eq $null) { $CurrentSwamidSPs = @() } #$RemoveSPs = Compare-ADFSTkObject $CurrentSwamidSPs $SwamidSPs | ? SideIndicator -eq "<=" | select -ExpandProperty InputObject $CompareSets = Compare-ADFSTkObject -FirstSet $CurrentSwamidSPs -SecondSet $SwamidSPs -CompareType InFirstSetOnly Write-ADFSTkVerboseLog (Get-ADFSTkLanguageText importFoundRPsToRemove -f $CompareSets.MembersInCompareSet) if ($ForceUpdate) { foreach ($rp in $CompareSets.CompareSet) { Write-ADFSTkVerboseLog (Get-ADFSTkLanguageText cRemoving -f $rp) try { Remove-ADFSRelyingPartyTrust -TargetIdentifier $rp -Confirm:$false -ErrorAction Stop Write-ADFSTkVerboseLog (Get-ADFSTkLanguageText cDone) } catch { Write-ADFSTkLog (Get-ADFSTkLanguageText cCouldNotRemove -f $rp, $_) -EntryType Error -EventID 17 } } } else { foreach ($rp in ($CompareSets.CompareSet | Get-ADFSTkAnswer -Caption (Get-ADFSTkLanguageText importDoYouWantToRemoveRPsNotInMetadata))) { Write-ADFSTkVerboseLog (Get-ADFSTkLanguageText cRemoving -f $rp) try { Remove-ADFSRelyingPartyTrust -TargetIdentifier $rp -Confirm:$false -ErrorAction Stop Write-ADFSTkVerboseLog (Get-ADFSTkLanguageText cDone) } catch { Write-ADFSTkLog (Get-ADFSTkLanguageText importCouldNotRemove -f $rp, $_) -EntryType Error -EventID 18 } } } } } elseif ($PSBoundParameters.ContainsKey('MaxSPAdditions') -and $MaxSPAdditions -gt 0) { Write-ADFSTkLog (Get-ADFSTkLanguageText importProcessingXRPs -f $MaxSPAdditions) -EntryType Information -EventID 19 $AllSPsInMetadata = $MetadataXML.EntitiesDescriptor.EntityDescriptor | ? { $_.SPSSODescriptor -ne $null } $i = 0 $n = 0 $m = $AllSPsInMetadata.Count - 1 $SPsToProcess = @() do { if (Check-ADFSTkSPHasChanged $AllSPsInMetadata[$i]) { $SPsToProcess += $AllSPsInMetadata[$i] $n++ } else { Write-ADFSTkVerboseLog (Get-ADFSTkLanguageText importSkippedNoChanges) } $i++ } until ($n -ge $MaxSPAdditions -or $i -ge $m) $SPsToProcess | % { Processes-ADFSTkRelyingPartyTrust $_ } } elseif (! ([string]::IsNullOrEmpty($EntityID) ) ) { #Enter so that SP: N is checked against the can and ask if you want to force update. Insert the hash! Write-ADFSTkVerboseLog (Get-ADFSTkLanguageText cWorkingWith -f $EntityID) if ([string]::IsNullOrEmpty($EntityBase)) { $sp = $MetadataXML.EntitiesDescriptor.EntityDescriptor | ? { $_.entityId -eq $EntityId } } else { $sp = $MetadataXML.EntitiesDescriptor.EntityDescriptor | ? { $_.entityId -eq $EntityId -and $_.base -eq $EntityBase } } if ($sp.count -gt 1) { $sp = $sp[0] Write-ADFSTkLog (Get-ADFSTkLanguageText importMoreThanOneRPWithEntityID -f $EntityId) -EntryType Warning -EventID 29 } if ([string]::IsNullOrEmpty($sp)) { Write-ADFSTkLog (Get-ADFSTkLanguageText importNoSPsFound) -MajorFault -EventID 20 } else { Processes-ADFSTkRelyingPartyTrust $sp } } else { Write-ADFSTkVerboseLog (Get-ADFSTkLanguageText importNothingToDo) } Write-ADFSTkVerboseLog (Get-ADFSTkLanguageText importScriptEnded) } Catch { Throw $_ } } } # SIG # Begin signature block # MIId2QYJKoZIhvcNAQcCoIIdyjCCHcYCAQExCzAJBgUrDgMCGgUAMGkGCisGAQQB # gjcCAQSgWzBZMDQGCisGAQQBgjcCAR4wJgIDAQAABBAfzDtgWUsITrck0sYpfvNR # AgEAAgEAAgEAAgEAAgEAMCEwCQYFKw4DAhoFAAQUrnpzkJYn9lC3d7CeLU1o2RI0 # 03igghisMIIEfTCCA2WgAwIBAgIDG+cVMA0GCSqGSIb3DQEBCwUAMGMxCzAJBgNV # BAYTAlVTMSEwHwYDVQQKExhUaGUgR28gRGFkZHkgR3JvdXAsIEluYy4xMTAvBgNV # BAsTKEdvIERhZGR5IENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcN # MTQwMTAxMDcwMDAwWhcNMzEwNTMwMDcwMDAwWjCBgzELMAkGA1UEBhMCVVMxEDAO # BgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoTEUdv # RGFkZHkuY29tLCBJbmMuMTEwLwYDVQQDEyhHbyBEYWRkeSBSb290IENlcnRpZmlj # YXRlIEF1dGhvcml0eSAtIEcyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC # AQEAv3FiCPH6WTT3G8kYo/eASVjpIoMTpsUgQwE7hPHmhUmfJ+r2hBtOoLTbcJjH # MgGxBT4HTu70+k8vWTAi56sZVmvigAf88xZ1gDlRe+X5NbZ0TqmNghPktj+pA4P6 # or6KFWp/3gvDthkUBcrqw6gElDtGfDIN8wBmIsiNaW02jBEYt9OyHGC0OPoCjM7T # 3UYH3go+6118yHz7sCtTpJJiaVElBWEaRIGMLKlDliPfrDqBmg4pxRyp6V0etp6e # MAo5zvGIgPtLXcwy7IViQyU0AlYnAZG0O3AqP26x6JyIAX2f1PnbU21gnb8s51ir # uF9G/M7EGwM8CetJMVxpRrPgRwIDAQABo4IBFzCCARMwDwYDVR0TAQH/BAUwAwEB # /zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFDqahQcQZyi27/a9BUFuIMGU2g/e # MB8GA1UdIwQYMBaAFNLEsNKR1EwRcbNhyz2h/t2oatTjMDQGCCsGAQUFBwEBBCgw # JjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZ29kYWRkeS5jb20vMDIGA1UdHwQr # MCkwJ6AloCOGIWh0dHA6Ly9jcmwuZ29kYWRkeS5jb20vZ2Ryb290LmNybDBGBgNV # HSAEPzA9MDsGBFUdIAAwMzAxBggrBgEFBQcCARYlaHR0cHM6Ly9jZXJ0cy5nb2Rh # ZGR5LmNvbS9yZXBvc2l0b3J5LzANBgkqhkiG9w0BAQsFAAOCAQEAWQtTvZKGEack # e+1bMc8dH2xwxbhuvk679r6XUOEwf7ooXGKUwuN+M/f7QnaF25UcjCJYdQkMiGVn # OQoWCcWgOJekxSOTP7QYpgEGRJHjp2kntFolfzq3Ms3dhP8qOCkzpN1nsoX+oYgg # HFCJyNwq9kIDN0zmiN/VryTyscPfzLXs4Jlet0lUIDyUGAzHHFIYSaRt4bNYC8nY # 7NmuHDKOKHAN4v6mF56ED71XcLNa6R+ghlO773z/aQvgSMO3kwvIClTErF0UZzds # yqUvMQg3qm5vjLyb4lddJIGvl5echK1srDdMZvNhkREg5L4wn3qkKQmw4TRfZHcY # QFHfjDCmrzCCBNAwggO4oAMCAQICAQcwDQYJKoZIhvcNAQELBQAwgYMxCzAJBgNV # BAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRow # GAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjExMC8GA1UEAxMoR28gRGFkZHkgUm9v # dCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjAeFw0xMTA1MDMwNzAwMDBaFw0z # MTA1MDMwNzAwMDBaMIG0MQswCQYDVQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTET # MBEGA1UEBxMKU2NvdHRzZGFsZTEaMBgGA1UEChMRR29EYWRkeS5jb20sIEluYy4x # LTArBgNVBAsTJGh0dHA6Ly9jZXJ0cy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5LzEz # MDEGA1UEAxMqR28gRGFkZHkgU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eSAt # IEcyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAueDLENSvdr3Uk2Lr # MGS4gQhswwTZYheOL/8+Zc+PzmLmPFIc2hZFS1WreGtjg2KQzg9pbJnIGhSLTMxF # M+qI3J6jryv+gGGdeVfEzy70PzA8XUf8mha8wzeWQVGOEUtU+Ci+0Iy+8DA4HvOw # JvhmR2Nt3nEmR484R1PRRh2049wA6kWsvbxx2apvANvbzTA6eU9fTEf4He9bwsSd # YDuxskOR2KQzTuqz1idPrSWKpcb01dCmrnQFZFeItURV1C0qOj74uL3pMgoClGTE # FjpQ8Uqu53kzrwwgB3/o3wQ5wmkCbGNS+nfBG8h0h8i5kxhQVDVLaU68O9NJLh/c # wdJS+wIDAQABo4IBGjCCARYwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC # AQYwHQYDVR0OBBYEFEDCvSeOzDSDMKIz1/tss/C0LIDOMB8GA1UdIwQYMBaAFDqa # hQcQZyi27/a9BUFuIMGU2g/eMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYY # aHR0cDovL29jc3AuZ29kYWRkeS5jb20vMDUGA1UdHwQuMCwwKqAooCaGJGh0dHA6 # Ly9jcmwuZ29kYWRkeS5jb20vZ2Ryb290LWcyLmNybDBGBgNVHSAEPzA9MDsGBFUd # IAAwMzAxBggrBgEFBQcCARYlaHR0cHM6Ly9jZXJ0cy5nb2RhZGR5LmNvbS9yZXBv # c2l0b3J5LzANBgkqhkiG9w0BAQsFAAOCAQEACH5skxDIOLiWqZBL/6FfTwTvbD6c # iAbJUI+mc/dXMRu+vOQv2/i601vgtOfmeWIODKLXamNzMbX1qEikOwgtol2Q17R8 # JU8RVjDEtkSdeyyd5V7m7wxhqr/kKhvuhJ64g33BQ85EpxNwDZEf9MgTrYNg2dhy # qHMkHrWsIg7KF4liWEQbq4klAQAPzcQbYttRtNMPUSqb9Lxz/HbONqTN2dgs6q6b # 9SqykNFNdRiKP4pBkCN9W0v+pANYm0ayw2Bgg/h9UEHOwqGQw7vvAi/SFVTuRBXZ # Cq6nijPtsS12NibcBOuf92EfFdyHb+5GliitoSZ9CgmnLgSjjbz4vAQwATCCBP4w # ggPmoAMCAQICEA1CSuC+Ooj/YEAhzhQA8N0wDQYJKoZIhvcNAQELBQAwcjELMAkG # A1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRp # Z2ljZXJ0LmNvbTExMC8GA1UEAxMoRGlnaUNlcnQgU0hBMiBBc3N1cmVkIElEIFRp # bWVzdGFtcGluZyBDQTAeFw0yMTAxMDEwMDAwMDBaFw0zMTAxMDYwMDAwMDBaMEgx # CzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5EaWdpQ2VydCwgSW5jLjEgMB4GA1UEAxMX # RGlnaUNlcnQgVGltZXN0YW1wIDIwMjEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw # ggEKAoIBAQDC5mGEZ8WK9Q0IpEXKY2tR1zoRQr0KdXVNlLQMULUmEP4dyG+RawyW # 5xpcSO9E5b+bYc0VkWJauP9nC5xj/TZqgfop+N0rcIXeAhjzeG28ffnHbQk9vmp2 # h+mKvfiEXR52yeTGdnY6U9HR01o2j8aj4S8bOrdh1nPsTm0zinxdRS1LsVDmQTo3 # VobckyON91Al6GTm3dOPL1e1hyDrDo4s1SPa9E14RuMDgzEpSlwMMYpKjIjF9zBa # +RSvFV9sQ0kJ/SYjU/aNY+gaq1uxHTDCm2mCtNv8VlS8H6GHq756WwogL0sJyZWn # jbL61mOLTqVyHO6fegFz+BnW/g1JhL0BAgMBAAGjggG4MIIBtDAOBgNVHQ8BAf8E # BAMCB4AwDAYDVR0TAQH/BAIwADAWBgNVHSUBAf8EDDAKBggrBgEFBQcDCDBBBgNV # HSAEOjA4MDYGCWCGSAGG/WwHATApMCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LmRp # Z2ljZXJ0LmNvbS9DUFMwHwYDVR0jBBgwFoAU9LbhIB3+Ka7S5GGlsqIlssgXNW4w # HQYDVR0OBBYEFDZEho6kurBmvrwoLR1ENt3janq8MHEGA1UdHwRqMGgwMqAwoC6G # LGh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9zaGEyLWFzc3VyZWQtdHMuY3JsMDKg # MKAuhixodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vc2hhMi1hc3N1cmVkLXRzLmNy # bDCBhQYIKwYBBQUHAQEEeTB3MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdp # Y2VydC5jb20wTwYIKwYBBQUHMAKGQ2h0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNv # bS9EaWdpQ2VydFNIQTJBc3N1cmVkSURUaW1lc3RhbXBpbmdDQS5jcnQwDQYJKoZI # hvcNAQELBQADggEBAEgc3LXpmiO85xrnIA6OZ0b9QnJRdAojR6OrktIlxHBZvhSg # 5SeBpU0UFRkHefDRBMOG2Tu9/kQCZk3taaQP9rhwz2Lo9VFKeHk2eie38+dSn5On # 7UOee+e03UEiifuHokYDTvz0/rdkd2NfI1Jpg4L6GlPtkMyNoRdzDfTzZTlwS/Oc # 1np72gy8PTLQG8v1Yfx1CAB2vIEO+MDhXM/EEXLnG2RJ2CKadRVC9S0yOIHa9GCi # urRS+1zgYSQlT7LfySmoc0NR2r1j1h9bm/cuG08THfdKDXF+l7f0P4TrweOjSaH6 # zqe/Vs+6WXZhiV9+p7SOZ3j5NpjhyyjaW4emii8wggUcMIIEBKADAgECAghlwdCS # Sbw71zANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0Fy # aXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoTEUdvRGFkZHkuY29t # LCBJbmMuMS0wKwYDVQQLEyRodHRwOi8vY2VydHMuZ29kYWRkeS5jb20vcmVwb3Np # dG9yeS8xMzAxBgNVBAMTKkdvIERhZGR5IFNlY3VyZSBDZXJ0aWZpY2F0ZSBBdXRo # b3JpdHkgLSBHMjAeFw0yMTAxMTkxODM3MzZaFw0yMjAzMDgxODU4MDBaMF4xCzAJ # BgNVBAYTAkNBMRAwDgYDVQQIEwdPbnRhcmlvMQ8wDQYDVQQHEwZPdHRhd2ExFTAT # BgNVBAoTDENBTkFSSUUgSW5jLjEVMBMGA1UEAxMMQ0FOQVJJRSBJbmMuMIIBIjAN # BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2YXwoxaok5jdbi6MkosZ8Gjo3/2Q # C/T+kr45QmgQNprraKKxIJ81D/B5ziHLzEYBDD5qWmfHoDPdwZsfXeNcaGq7EKQj # dw4WDqPm931pz7nFbacW7pdjhXj7+t5sP7r6/napL+G/3904PopUG6bDaJ274fTC # hBb/D5/ZKI9Mklfqsc9+D8U1QHuoP/6Xpd/94vX6opQpyBHMeM4P/jSgXjlkTkrO # KF6NyLwY1a7p5s/mLonkq+/E6iBOoQ/CRdqtcCsHzAd/se3RF2QLrPVrSFP6iEwE # 7RHzvUAIK62C+BdTCzfqLEqfJsuXgjo5y00HOO6ue+Fd80IbCB1u8gVy3QIDAQAB # o4IBhTCCAYEwDAYDVR0TAQH/BAIwADATBgNVHSUEDDAKBggrBgEFBQcDAzAOBgNV # HQ8BAf8EBAMCB4AwNQYDVR0fBC4wLDAqoCigJoYkaHR0cDovL2NybC5nb2RhZGR5 # LmNvbS9nZGlnMnM1LTYuY3JsMF0GA1UdIARWMFQwSAYLYIZIAYb9bQEHFwIwOTA3 # BggrBgEFBQcCARYraHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBv # c2l0b3J5LzAIBgZngQwBBAEwdgYIKwYBBQUHAQEEajBoMCQGCCsGAQUFBzABhhho # dHRwOi8vb2NzcC5nb2RhZGR5LmNvbS8wQAYIKwYBBQUHMAKGNGh0dHA6Ly9jZXJ0 # aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeS9nZGlnMi5jcnQwHwYDVR0j # BBgwFoAUQMK9J47MNIMwojPX+2yz8LQsgM4wHQYDVR0OBBYEFFD5zINp5mEvJe65 # msd8HlZK4M+QMA0GCSqGSIb3DQEBCwUAA4IBAQBmmyS7tPYHWB7e2TG6SeNOPGSI # l8FSxPxzXJwKU4ITWh50kojCNsU7Jm6zP5WLJqcBbsLNXNnzAb8g0YJM0f+PkSI6 # ECaS6x8tUAAWJVgCCjKnRZn6rctEAKYCJBjdvrHDMSjFiRjQ/KqdyjPuQvEzU7Dt # ID1X3Wmq19k5izOsiEHIMQ/GGTHdJqnUe63Anm4DHgHRy2D0LvxzNAo96rcxcfwm # c8/dwgJYfA8ecKKnjSYsUDCytvDIVPMujUjeaCpw//BBErnUc18qKMGdjeGCc8sn # uVC/acYZ4gyrOOOMNa+V3I0GA6NdRvGOLqeF1tXBbSzbpR2HCoQJ0O1x7MMTMIIF # MTCCBBmgAwIBAgIQCqEl1tYyG35B5AXaNpfCFTANBgkqhkiG9w0BAQsFADBlMQsw # CQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cu # ZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3Qg # Q0EwHhcNMTYwMTA3MTIwMDAwWhcNMzEwMTA3MTIwMDAwWjByMQswCQYDVQQGEwJV # UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQu # Y29tMTEwLwYDVQQDEyhEaWdpQ2VydCBTSEEyIEFzc3VyZWQgSUQgVGltZXN0YW1w # aW5nIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvdAy7kvNj3/d # qbqCmcU5VChXtiNKxA4HRTNREH3Q+X1NaH7ntqD0jbOI5Je/YyGQmL8TvFfTw+F+ # CNZqFAA49y4eO+7MpvYyWf5fZT/gm+vjRkcGGlV+Cyd+wKL1oODeIj8O/36V+/Oj # uiI+GKwR5PCZA207hXwJ0+5dyJoLVOOoCXFr4M8iEA91z3FyTgqt30A6XLdR4aF5 # FMZNJCMwXbzsPGBqrC8HzP3w6kfZiFBe/WZuVmEnKYmEUeaC50ZQ/ZQqLKfkdT66 # mA+Ef58xFNat1fJky3seBdCEGXIX8RcG7z3N1k3vBkL9olMqT4UdxB08r8/arBD1 # 3ays6Vb/kwIDAQABo4IBzjCCAcowHQYDVR0OBBYEFPS24SAd/imu0uRhpbKiJbLI # FzVuMB8GA1UdIwQYMBaAFEXroq/0ksuCMS1Ri6enIZ3zbcgPMBIGA1UdEwEB/wQI # MAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMBMGA1UdJQQMMAoGCCsGAQUFBwMIMHkG # CCsGAQUFBwEBBG0wazAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQu # Y29tMEMGCCsGAQUFBzAChjdodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGln # aUNlcnRBc3N1cmVkSURSb290Q0EuY3J0MIGBBgNVHR8EejB4MDqgOKA2hjRodHRw # Oi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRBc3N1cmVkSURSb290Q0EuY3Js # MDqgOKA2hjRodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRBc3N1cmVk # SURSb290Q0EuY3JsMFAGA1UdIARJMEcwOAYKYIZIAYb9bAACBDAqMCgGCCsGAQUF # BwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAsGCWCGSAGG/WwHATAN # BgkqhkiG9w0BAQsFAAOCAQEAcZUS6VGHVmnN793afKpjerN4zwY3QITvS4S/ys8D # Av3Fp8MOIEIsr3fzKx8MIVoqtwU0HWqumfgnoma/Capg33akOpMP+LLR2HwZYuhe # giUexLoceywh4tZbLBQ1QwRostt1AuByx5jWPGTlH0gQGF+JOGFNYkYkh2OMkVIs # rymJ5Xgf1gsUpYDXEkdws3XVk4WTfraSZ/tTYYmo9WuWwPRYaQ18yAGxuSh1t5lj # hSKMYcp5lH5Z/IwP42+1ASa2bKXuh1Eh5Fhgm7oMLSttosR+u8QlK0cCCHxJrhO2 # 4XxCQijGGFbPQTS2Zl22dHv1VjMiLyI2skuiSpXY9aaOUjGCBJcwggSTAgEBMIHB # MIG0MQswCQYDVQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2Nv # dHRzZGFsZTEaMBgGA1UEChMRR29EYWRkeS5jb20sIEluYy4xLTArBgNVBAsTJGh0 # dHA6Ly9jZXJ0cy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5LzEzMDEGA1UEAxMqR28g # RGFkZHkgU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyAghlwdCSSbw7 # 1zAJBgUrDgMCGgUAoHgwGAYKKwYBBAGCNwIBDDEKMAigAoAAoQKAADAZBgkqhkiG # 9w0BCQMxDAYKKwYBBAGCNwIBBDAcBgorBgEEAYI3AgELMQ4wDAYKKwYBBAGCNwIB # FTAjBgkqhkiG9w0BCQQxFgQU1IjiCDR0uO9KwGiYuPFHz6MBUnEwDQYJKoZIhvcN # AQEBBQAEggEAySebiaruq8cRXeoBLVYczINuU020y6LLBFrehNYwoYl9Xndd7Yeg # QU1CkX4QIvq5Geas6EI2PJLIFE0Owfg+AdNib8VCWGfTbN2k3Qx9hOvxO/iw0IDE # czxuXM991XN3d4kgwf5avyVI+cPtrn7wgjs/lcx0ui+PWqaeEeZBvElMMldOScNQ # ROIC8FaErOqSmme6WLtZ6X4sFG1A2SUHM1cU/+tE9nBoZ1bFgJEqiYbE1PTwV7ts # w4g3QxCLqAcq7nDxtU8tPy9aVqITJb14eCs7J5B4ZbkLPGlEsP5p4z4m9z95+pC1 # Ul3WfYUT55eLbkf3ba07kDSdx7Tt4ShiyKGCAjAwggIsBgkqhkiG9w0BCQYxggId # MIICGQIBATCBhjByMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5j # MRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMTEwLwYDVQQDEyhEaWdpQ2VydCBT # SEEyIEFzc3VyZWQgSUQgVGltZXN0YW1waW5nIENBAhANQkrgvjqI/2BAIc4UAPDd # MA0GCWCGSAFlAwQCAQUAoGkwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkq # hkiG9w0BCQUxDxcNMjEwMzEwMjIyMzUwWjAvBgkqhkiG9w0BCQQxIgQgLUeRCJJA # ErpJus18UU368svW9s1Zn7W2e6yTRPCf8eAwDQYJKoZIhvcNAQEBBQAEggEAtrkg # o6KF81HJsSbdB65XjFuAE7UkTm2ov5ch/2beejzZWD1hl5swoF9La7ywNAtrfYOy # jbfC11pSWre+EX0ly6RAq26woe8hOCn4EQmReTGG8s+2TDwX9+a2h9APCNI3SgNC # JF5ZHGLZRRzzZ++ptedhikJO6SbKzd9hSRGOTCrNdYJwsdjSj+N12DjrvIFczqoJ # T/qONMS+Z7Rv5Vka4Q1zegEDxHSpzfbkm/6VTrw8DFwpvMFeNDNZ203kbGPUCiCI # 2ZUx4QflmJItF+tsP+PC/poTnyFa9jcwoBsqNh5FuOjidcTGG9610cse/C3h9vj4 # xmqbHBTWAt49gHwIEA== # SIG # End signature block |