Framework/Core/SVT/CommonSVTResourceResolver.ps1
|
Set-StrictMode -Version Latest class CommonSVTResourceResolver { [string] $ResourceType = ""; [ResourceTypeName] $ResourceTypeName = [ResourceTypeName]::All; [string] $organizationName [string] $organizationId [string] $projectId [psobject] $feedDefnsObj = $null [bool] $UseIncrementalScan = $false [bool] $IsAutomatedFixUndoCmd = $false; [DateTime] $IncrementalDate = 0 [PSObject] $organizationContext CommonSVTResourceResolver($organizationName, $organizationId, $projectId, $organizationContext, $IsAutomatedFixUndoCmd) { $this.organizationName = $organizationName; $this.organizationId = $organizationId; $this.projectId = $projectId; $this.organizationContext = $organizationContext $this.IsAutomatedFixUndoCmd = $IsAutomatedFixUndoCmd if($PSCmdlet.MyInvocation.BoundParameters["IncrementalScan"]){ $this.UseIncrementalScan = $true if (-not [string]::IsNullOrWhiteSpace($PSCmdlet.MyInvocation.BoundParameters["IncrementalDate"])) { $this.IncrementalDate = $PSCmdlet.MyInvocation.BoundParameters["IncrementalDate"] } else { $this.IncrementalDate = [datetime] 0 } } } [SVTResource[]] LoadResourcesForScan($projectName, $repoNames, $secureFileNames, $feedNames, $environmentNames, $ResourceTypeName, $MaxObjectsToScan, $isServiceIdBasedScan) { #Get resources [System.Collections.Generic.List[SVTResource]] $SVTResources = @(); if ($repoNames.Count -gt 0 -or ($ResourceTypeName -in ([ResourceTypeName]::Repository, [ResourceTypeName]::All,[ResourceTypeName]::Build_Release_SvcConn_AgentPool_VarGroup_User_CommonSVTResources, [ResourceTypeName]::SvcConn_AgentPool_VarGroup_CommonSVTResources) -and !$isServiceIdBasedScan) ) { #Write-Host "Getting repository configurations..." -ForegroundColor cyan if ($ResourceTypeName -in([ResourceTypeName]::Repository, [ResourceTypeName]::SvcConn_AgentPool_VarGroup_CommonSVTResources) -and $repoNames.Count -eq 0) { $repoNames += "*"; } $repoObjList = @(); #if rtn Build_Release_SvcConn_AgentPool_VarGroup_User_CommonSVTResources and resource name not provided (neither * nor any name) no need to fetch this resource if($repoNames.Count -ne 0){ $repoObjList += $this.FetchRepositories($projectName, $repoNames); } if ($repoObjList.count -gt 0 -and [Helpers]::CheckMember($repoObjList[0], "Id")) { $maxObjScan = $MaxObjectsToScan foreach ($repo in $repoObjList) { $resourceId = "organization/{0}/project/{1}/repository/{2}" -f $this.organizationId, $this.projectId, $repo.id; $SVTResources.Add($this.AddSVTResource($repo.name, $projectName, "ADO.Repository", $resourceId, $repo, $repo.webUrl)); if (--$maxObjScan -eq 0) { break; } } $repoObjList = $null; } } ##Get SecureFiles if ($secureFileNames.Count -gt 0 -or ($ResourceTypeName -in ([ResourceTypeName]::SecureFile, [ResourceTypeName]::All,[ResourceTypeName]::Build_Release_SvcConn_AgentPool_VarGroup_User_CommonSVTResources, [ResourceTypeName]::SvcConn_AgentPool_VarGroup_CommonSVTResources) -and !$isServiceIdBasedScan) ) { if ($ResourceTypeName -in([ResourceTypeName]::SecureFile, [ResourceTypeName]::SvcConn_AgentPool_VarGroup_CommonSVTResources) -and $secureFileNames.Count -eq 0) { $secureFileNames += "*" } # Here we are fetching all the secure files in the project. $secureFileObjList = @(); #if rtn Build_Release_SvcConn_AgentPool_VarGroup_User_CommonSVTResources and resource name not provided (neither * nor any name) no need to fetch this resource if($secureFileNames.Count -ne 0){ $secureFileObjList += $this.FetchSecureFiles($projectName, $secureFileNames); } if ($secureFileObjList.count -gt 0 -and [Helpers]::CheckMember($secureFileObjList[0], "Id")) { $maxObjScan = $MaxObjectsToScan foreach ($securefile in $secureFileObjList) { $resourceId = "organization/{0}/project/{1}/securefile/{2}" -f $this.organizationId, $this.projectId, $securefile.Id; $secureFileLink = "https://dev.azure.com/{0}/{1}/_library?itemType=SecureFiles&view=SecureFileView&secureFileId={2}&path={3}" -f $this.organizationName, $projectName, $securefile.Id, $securefile.Name; $SVTResources.Add($this.AddSVTResource($securefile.Name, $projectName, "ADO.SecureFile", $resourceId, $securefile, $secureFileLink)); if (--$maxObjScan -eq 0) { break; } } $secureFileObjList = $null; } } #Get feeds if ($feedNames.Count -gt 0 -or ($ResourceTypeName -in ([ResourceTypeName]::Feed, [ResourceTypeName]::All,[ResourceTypeName]::Build_Release_SvcConn_AgentPool_VarGroup_User_CommonSVTResources, [ResourceTypeName]::SvcConn_AgentPool_VarGroup_CommonSVTResources) -and !$isServiceIdBasedScan) ) { #Write-Host "Getting feed configurations..." -ForegroundColor cyan if ($ResourceTypeName -in([ResourceTypeName]::Feed, [ResourceTypeName]::SvcConn_AgentPool_VarGroup_CommonSVTResources) -and $feedNames.Count -eq 0) { $feedNames += "*" } $feedObjList = @(); #if rtn Build_Release_SvcConn_AgentPool_VarGroup_User_CommonSVTResources and resource name not provided (neither * nor any name) no need to fetch this resource if($feedNames.Count -ne 0){ $feedObjList += $this.FetchFeeds($projectName, $feedNames); } if ($feedObjList.count -gt 0 -and [Helpers]::CheckMember($feedObjList[0], "Id")) { $maxObjScan = $MaxObjectsToScan foreach ($feed in $feedObjList) { $resourceId = "organization/{0}/project/{1}/feed/{2}" -f $this.organizationId, $this.projectId, $feed.id; $resourceLink = "https://dev.azure.com/{0}/{1}/_packaging?_a=feed&feed={2}" -f $this.organizationName, $projectName, $feed.name; $SVTResources.Add($this.AddSVTResource($feed.name, $projectName, "ADO.Feed", $resourceId, $feed, $resourceLink)); if (--$maxObjScan -eq 0) { break; } } $feedObjList = $null; } } #Get $EnvironmentNames if ($environmentNames.Count -gt 0 -or ($ResourceTypeName -in ([ResourceTypeName]::Environment, [ResourceTypeName]::All, [ResourceTypeName]::Build_Release_SvcConn_AgentPool_VarGroup_User_CommonSVTResources, [ResourceTypeName]::SvcConn_AgentPool_VarGroup_CommonSVTResources) -and !$isServiceIdBasedScan)) { #Write-Host "Getting feed configurations..." -ForegroundColor cyan if ($ResourceTypeName -in([ResourceTypeName]::Environment, [ResourceTypeName]::SvcConn_AgentPool_VarGroup_CommonSVTResources) -and $environmentNames.Count -eq 0) { $environmentNames += "*" } $environmentObjList = @(); #if rtn Build_Release_SvcConn_AgentPool_VarGroup_User_CommonSVTResources and resource name not provided (neither * nor any name) no need to fetch this resource if($environmentNames.Count -ne 0){ $environmentObjList += $this.FetchEnvironments($projectName, $environmentNames, $MaxObjectsToScan); } if ($environmentObjList.count -gt 0 -and [Helpers]::CheckMember($environmentObjList[0], "Id")) { $maxObjScan = $MaxObjectsToScan foreach ($environment in $environmentObjList) { $resourceId = "organization/{0}/project/{1}/environment/{2}" -f $this.organizationId, $this.projectId, $environment.id; $resourceLink = "https://dev.azure.com/{0}/{1}/_environments/{2}?view=resources" -f $this.organizationName, $environment.project.id, $environment.id; $SVTResources.Add($this.AddSVTResource($environment.name, $projectName, "ADO.Environment", $resourceId, $environment, $resourceLink)); if (--$maxObjScan -eq 0) { break; } } $environmentObjList = $null; } } return $SVTResources; } hidden [PSObject] FetchRepositories($projectName, $repoNames) { try { # Here we are fetching all the repositories in the project and then filtering out. $repoDefnURL = ""; $repoDefnURL = "https://dev.azure.com/$($this.organizationName)/$projectName/_apis/git/repositories?api-version=6.1-preview.1" $repoDefnsObj = [WebRequestHelper]::InvokeGetWebRequest($repoDefnURL); if ($repoNames -ne "*") { $repoDefnsObj = $repoDefnsObj | Where-Object { $repoNames -contains $_.name } } else{ if($this.UseIncrementalScan){ $timestamp = (Get-Date) $incrementalScanHelperObj = [IncrementalScanHelper]::new($this.organizationName, $projectName, $this.IncrementalDate, $true, $timestamp) $incrementalScanHelperObj.SetContext($this.projectId, $this.organizationContext) $repoDefnsObj = $incrementalScanHelperObj.GetModifiedCommonSvtFromAudit("GitRepositories",$repoDefnsObj) } } return $repoDefnsObj; } catch { return $null; } } hidden [PSObject] FetchFeeds($projectName, $feedNames) { try { #Fetching project and org scoped feeds if($null -eq $this.feedDefnsObj) { #When controls undo fix is called, resources need to be fetched from deleted list (only for controls ids in RevertDeletedResourcesControlList) if($this.IsAutomatedFixUndoCmd){ $feedDefnURL = 'https://feeds.dev.azure.com/{0}/_apis/Packaging/FeedRecycleBin?api-version=6.0-preview.1&includeUrls=false' -f $this.organizationName } elseif($PSCmdlet.MyInvocation.BoundParameters["CheckOwnerAccess"]){ $feedDefnURL = 'https://feeds.dev.azure.com/{0}/_apis/packaging/feeds?feedRole=administrator&api-version=6.0-preview.1&includeUrls=false' -f $this.organizationName } else{ $feedDefnURL = 'https://feeds.dev.azure.com/{0}/_apis/packaging/feeds?api-version=6.0-preview.1&includeUrls=false' -f $this.organizationName } $this.feedDefnsObj = [WebRequestHelper]::InvokeGetWebRequest($feedDefnURL); } $feedsList = @() #current project scoped feeds $projectScopedFeeds = $this.feedDefnsObj | where-object {"Project" -in $_.PSobject.Properties.name} $feedsList += $projectScopedFeeds | where-object {$_.Project.id -eq $this.projectId} #org scoped feeds - Project property does not exist of org scoped feeds $feedsList += $this.feedDefnsObj | where-object {"Project" -notin $_.PSobject.Properties.name} if ($feedNames -ne "*") { $feedsList = $feedsList | Where-Object { $feedNames -contains $_.name } } else{ if($this.UseIncrementalScan){ $timestamp = (Get-Date) $incrementalScanHelperObj = [IncrementalScanHelper]::new($this.organizationName, $projectName, $this.IncrementalDate, $true, $timestamp) $incrementalScanHelperObj.SetContext($this.projectId, $this.organizationContext) $feedsList = $incrementalScanHelperObj.GetModifiedCommonSvtFromAudit("Feed",$feedsList) } } #Following piece of code is to get a list of all feeds that wont be scanned due to insufficient privileges, will be used only for control fix if($PSCmdlet.MyInvocation.BoundParameters["CheckOwnerAccess"]){ $totalFeedsURL = 'https://feeds.dev.azure.com/{0}/_apis/packaging/feeds?api-version=6.0-preview.1&includeUrls=false' -f $this.organizationName $totalFeedsObj = [WebRequestHelper]::InvokeGetWebRequest($totalFeedsURL); $totalFeeds=@(); $totalFeeds += $totalFeedsObj | where-object {"Project" -in $_.PSobject.Properties.name -and $_.Project.id -eq $this.projectId} $totalFeeds += $totalFeedsObj | where-object {"Project" -notin $_.PSobject.Properties.name} $nonScannedResources = @(); #get all feeds not being scanned $nonScannedResources += ((Compare-Object $totalFeeds $feedsList -Property name,id) | select -ExpandProperty name) #update the list with the corresponding resource links $nonScannedResources = $nonScannedResources | foreach{ $_ = "https://dev.azure.com/{0}/{1}/_packaging?_a=feed&feed={2}" -f $this.organizationName, $projectName, $_; $_; } try{ #saving this in an env variable as we have to access it while saving a list of these resources in logs. $env:nonScannedResources +=$nonScannedResources } catch{ #TODO: in case of higher number of feeds, this env variable may not be stored #in such cases the scan should work properly with owner access feeds even if nonscannedresources.json cannot be formed if($_ -like "Environment variable name or value is too long"){ $env:nonScannedResources = $null; } } if([Helpers]::CheckMember($feedsList[0],"id")){ $feedCntWithOwnerAccess = $feedsList.Count } else{ $feedCntWithOwnerAccess=0 } Write-Host "Found $($totalFeeds.Count) feeds. Current user has owner access on $($feedCntWithOwnerAccess) feeds. $($totalFeeds.Count - $feedCntWithOwnerAccess) feeds will not be scanned due to insufficient permissions." -ForegroundColor Yellow } return $feedsList } catch { return $null; } } hidden [PSObject] FetchSecureFiles($projectName, $secureFileNames) { $secureFileDefnURL = "https://dev.azure.com/$($this.organizationName)/$projectName/_apis/distributedtask/securefiles?api-version=6.1-preview.1" try { $secureFileDefnObj = [WebRequestHelper]::InvokeGetWebRequest($secureFileDefnURL); if ($secureFileNames -ne "*") { $secureFileDefnObj = $secureFileDefnObj | Where-Object { $secureFileNames -contains $_.name } } else{ if($this.UseIncrementalScan){ $timestamp = (Get-Date) $incrementalScanHelperObj = [IncrementalScanHelper]::new($this.organizationName, $projectName, $this.IncrementalDate, $true, $timestamp) $incrementalScanHelperObj.SetContext($this.projectId, $this.organizationContext) $secureFileDefnObj = $incrementalScanHelperObj.GetModifiedCommonSvtFromAudit("SecureFile",$secureFileDefnObj) } } return $secureFileDefnObj; } catch { return $null; } } hidden [PSObject] FetchEnvironments($projectName, $environmentNames, $MaxObjectsToScan) { try { if ($MaxObjectsToScan -eq 0) { $topNQueryString = '&$top=10000' } else { $topNQueryString = '&$top={0}' -f $MaxObjectsToScan } # Here we are fetching all the environments in the project. $environmentDefnURL = ("https://dev.azure.com/{0}/{1}/_apis/distributedtask/environments?api-version=6.0-preview.1" + $topNQueryString) -f $this.organizationName, $projectName; $environmentDefnsObj = [WebRequestHelper]::InvokeGetWebRequest($environmentDefnURL); if ($environmentNames -ne "*") { $environmentDefnsObj = $environmentDefnsObj | Where-Object { $environmentNames -contains $_.name } } else{ if($this.UseIncrementalScan){ $timestamp = (Get-Date) $incrementalScanHelperObj = [IncrementalScanHelper]::new($this.organizationName, $projectName, $this.IncrementalDate, $true, $timestamp) $incrementalScanHelperObj.SetContext($this.projectId, $this.organizationContext) $environmentDefnsObj = $incrementalScanHelperObj.GetModifiedCommonSvtFromAudit("Environment",$environmentDefnsObj) } } return $environmentDefnsObj; } catch { return $null; } } [SVTResource] AddSVTResource([string] $name, [string] $resourceGroupName, [string] $resourceType, [string] $resourceId, [PSObject] $resourceDetailsObj, $resourceLink) { $svtResource = [SVTResource]::new(); $svtResource.ResourceName = $name; if ($resourceGroupName) { $svtResource.ResourceGroupName = $resourceGroupName; } $svtResource.ResourceType = $resourceType; $svtResource.ResourceId = $resourceId; $svtResource.ResourceTypeMapping = ([SVTMapping]::AzSKADOResourceMapping | Where-Object { $_.ResourceType -eq $resourceType } | Select-Object -First 1) if ($resourceDetailsObj) { $svtResource.ResourceDetails = $resourceDetailsObj; $svtResource.ResourceDetails | Add-Member -Name 'ResourceLink' -Type NoteProperty -Value $resourceLink; } else { $svtResource.ResourceDetails = New-Object -TypeName psobject -Property @{ ResourceLink = $resourceLink } } return $svtResource; } } # SIG # Begin signature block # MIInuQYJKoZIhvcNAQcCoIInqjCCJ6YCAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCDUWUBdiXuXolQH # 8o1znBzF1ckIxcWoxRebnWNgdPsDRaCCDYEwggX/MIID56ADAgECAhMzAAACUosz # qviV8znbAAAAAAJSMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMRMwEQYD # VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNpZ25p # bmcgUENBIDIwMTEwHhcNMjEwOTAyMTgzMjU5WhcNMjIwOTAxMTgzMjU5WjB0MQsw # CQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9u # ZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYDVQQDExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB # AQDQ5M+Ps/X7BNuv5B/0I6uoDwj0NJOo1KrVQqO7ggRXccklyTrWL4xMShjIou2I # sbYnF67wXzVAq5Om4oe+LfzSDOzjcb6ms00gBo0OQaqwQ1BijyJ7NvDf80I1fW9O # L76Kt0Wpc2zrGhzcHdb7upPrvxvSNNUvxK3sgw7YTt31410vpEp8yfBEl/hd8ZzA # v47DCgJ5j1zm295s1RVZHNp6MoiQFVOECm4AwK2l28i+YER1JO4IplTH44uvzX9o # RnJHaMvWzZEpozPy4jNO2DDqbcNs4zh7AWMhE1PWFVA+CHI/En5nASvCvLmuR/t8 # q4bc8XR8QIZJQSp+2U6m2ldNAgMBAAGjggF+MIIBejAfBgNVHSUEGDAWBgorBgEE # AYI3TAgBBggrBgEFBQcDAzAdBgNVHQ4EFgQUNZJaEUGL2Guwt7ZOAu4efEYXedEw # UAYDVR0RBEkwR6RFMEMxKTAnBgNVBAsTIE1pY3Jvc29mdCBPcGVyYXRpb25zIFB1 # ZXJ0byBSaWNvMRYwFAYDVQQFEw0yMzAwMTIrNDY3NTk3MB8GA1UdIwQYMBaAFEhu # ZOVQBdOCqhc3NyK1bajKdQKVMFQGA1UdHwRNMEswSaBHoEWGQ2h0dHA6Ly93d3cu # bWljcm9zb2Z0LmNvbS9wa2lvcHMvY3JsL01pY0NvZFNpZ1BDQTIwMTFfMjAxMS0w # Ny0wOC5jcmwwYQYIKwYBBQUHAQEEVTBTMFEGCCsGAQUFBzAChkVodHRwOi8vd3d3 # Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NlcnRzL01pY0NvZFNpZ1BDQTIwMTFfMjAx # MS0wNy0wOC5jcnQwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQsFAAOCAgEAFkk3 # uSxkTEBh1NtAl7BivIEsAWdgX1qZ+EdZMYbQKasY6IhSLXRMxF1B3OKdR9K/kccp # kvNcGl8D7YyYS4mhCUMBR+VLrg3f8PUj38A9V5aiY2/Jok7WZFOAmjPRNNGnyeg7 # l0lTiThFqE+2aOs6+heegqAdelGgNJKRHLWRuhGKuLIw5lkgx9Ky+QvZrn/Ddi8u # TIgWKp+MGG8xY6PBvvjgt9jQShlnPrZ3UY8Bvwy6rynhXBaV0V0TTL0gEx7eh/K1 # o8Miaru6s/7FyqOLeUS4vTHh9TgBL5DtxCYurXbSBVtL1Fj44+Od/6cmC9mmvrti # yG709Y3Rd3YdJj2f3GJq7Y7KdWq0QYhatKhBeg4fxjhg0yut2g6aM1mxjNPrE48z # 6HWCNGu9gMK5ZudldRw4a45Z06Aoktof0CqOyTErvq0YjoE4Xpa0+87T/PVUXNqf # 7Y+qSU7+9LtLQuMYR4w3cSPjuNusvLf9gBnch5RqM7kaDtYWDgLyB42EfsxeMqwK # WwA+TVi0HrWRqfSx2olbE56hJcEkMjOSKz3sRuupFCX3UroyYf52L+2iVTrda8XW # esPG62Mnn3T8AuLfzeJFuAbfOSERx7IFZO92UPoXE1uEjL5skl1yTZB3MubgOA4F # 8KoRNhviFAEST+nG8c8uIsbZeb08SeYQMqjVEmkwggd6MIIFYqADAgECAgphDpDS # AAAAAAADMA0GCSqGSIb3DQEBCwUAMIGIMQswCQYDVQQGEwJVUzETMBEGA1UECBMK # V2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0 # IENvcnBvcmF0aW9uMTIwMAYDVQQDEylNaWNyb3NvZnQgUm9vdCBDZXJ0aWZpY2F0 # ZSBBdXRob3JpdHkgMjAxMTAeFw0xMTA3MDgyMDU5MDlaFw0yNjA3MDgyMTA5MDla # MH4xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdS # ZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMT # H01pY3Jvc29mdCBDb2RlIFNpZ25pbmcgUENBIDIwMTEwggIiMA0GCSqGSIb3DQEB # AQUAA4ICDwAwggIKAoICAQCr8PpyEBwurdhuqoIQTTS68rZYIZ9CGypr6VpQqrgG # OBoESbp/wwwe3TdrxhLYC/A4wpkGsMg51QEUMULTiQ15ZId+lGAkbK+eSZzpaF7S # 35tTsgosw6/ZqSuuegmv15ZZymAaBelmdugyUiYSL+erCFDPs0S3XdjELgN1q2jz # y23zOlyhFvRGuuA4ZKxuZDV4pqBjDy3TQJP4494HDdVceaVJKecNvqATd76UPe/7 # 4ytaEB9NViiienLgEjq3SV7Y7e1DkYPZe7J7hhvZPrGMXeiJT4Qa8qEvWeSQOy2u # M1jFtz7+MtOzAz2xsq+SOH7SnYAs9U5WkSE1JcM5bmR/U7qcD60ZI4TL9LoDho33 # X/DQUr+MlIe8wCF0JV8YKLbMJyg4JZg5SjbPfLGSrhwjp6lm7GEfauEoSZ1fiOIl # XdMhSz5SxLVXPyQD8NF6Wy/VI+NwXQ9RRnez+ADhvKwCgl/bwBWzvRvUVUvnOaEP # 6SNJvBi4RHxF5MHDcnrgcuck379GmcXvwhxX24ON7E1JMKerjt/sW5+v/N2wZuLB # l4F77dbtS+dJKacTKKanfWeA5opieF+yL4TXV5xcv3coKPHtbcMojyyPQDdPweGF # RInECUzF1KVDL3SV9274eCBYLBNdYJWaPk8zhNqwiBfenk70lrC8RqBsmNLg1oiM # CwIDAQABo4IB7TCCAekwEAYJKwYBBAGCNxUBBAMCAQAwHQYDVR0OBBYEFEhuZOVQ # BdOCqhc3NyK1bajKdQKVMBkGCSsGAQQBgjcUAgQMHgoAUwB1AGIAQwBBMAsGA1Ud # DwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFHItOgIxkEO5FAVO # 4eqnxzHRI4k0MFoGA1UdHwRTMFEwT6BNoEuGSWh0dHA6Ly9jcmwubWljcm9zb2Z0 # LmNvbS9wa2kvY3JsL3Byb2R1Y3RzL01pY1Jvb0NlckF1dDIwMTFfMjAxMV8wM18y # Mi5jcmwwXgYIKwYBBQUHAQEEUjBQME4GCCsGAQUFBzAChkJodHRwOi8vd3d3Lm1p # Y3Jvc29mdC5jb20vcGtpL2NlcnRzL01pY1Jvb0NlckF1dDIwMTFfMjAxMV8wM18y # Mi5jcnQwgZ8GA1UdIASBlzCBlDCBkQYJKwYBBAGCNy4DMIGDMD8GCCsGAQUFBwIB # FjNodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2RvY3MvcHJpbWFyeWNw # cy5odG0wQAYIKwYBBQUHAgIwNB4yIB0ATABlAGcAYQBsAF8AcABvAGwAaQBjAHkA # XwBzAHQAYQB0AGUAbQBlAG4AdAAuIB0wDQYJKoZIhvcNAQELBQADggIBAGfyhqWY # 4FR5Gi7T2HRnIpsLlhHhY5KZQpZ90nkMkMFlXy4sPvjDctFtg/6+P+gKyju/R6mj # 82nbY78iNaWXXWWEkH2LRlBV2AySfNIaSxzzPEKLUtCw/WvjPgcuKZvmPRul1LUd # d5Q54ulkyUQ9eHoj8xN9ppB0g430yyYCRirCihC7pKkFDJvtaPpoLpWgKj8qa1hJ # Yx8JaW5amJbkg/TAj/NGK978O9C9Ne9uJa7lryft0N3zDq+ZKJeYTQ49C/IIidYf # wzIY4vDFLc5bnrRJOQrGCsLGra7lstnbFYhRRVg4MnEnGn+x9Cf43iw6IGmYslmJ # aG5vp7d0w0AFBqYBKig+gj8TTWYLwLNN9eGPfxxvFX1Fp3blQCplo8NdUmKGwx1j # NpeG39rz+PIWoZon4c2ll9DuXWNB41sHnIc+BncG0QaxdR8UvmFhtfDcxhsEvt9B # xw4o7t5lL+yX9qFcltgA1qFGvVnzl6UJS0gQmYAf0AApxbGbpT9Fdx41xtKiop96 # eiL6SJUfq/tHI4D1nvi/a7dLl+LrdXga7Oo3mXkYS//WsyNodeav+vyL6wuA6mk7 # r/ww7QRMjt/fdW1jkT3RnVZOT7+AVyKheBEyIXrvQQqxP/uozKRdwaGIm1dxVk5I # RcBCyZt2WwqASGv9eZ/BvW1taslScxMNelDNMYIZjjCCGYoCAQEwgZUwfjELMAkG # A1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQx # HjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEoMCYGA1UEAxMfTWljcm9z # b2Z0IENvZGUgU2lnbmluZyBQQ0EgMjAxMQITMwAAAlKLM6r4lfM52wAAAAACUjAN # BglghkgBZQMEAgEFAKCBsDAZBgkqhkiG9w0BCQMxDAYKKwYBBAGCNwIBBDAcBgor # BgEEAYI3AgELMQ4wDAYKKwYBBAGCNwIBFTAvBgkqhkiG9w0BCQQxIgQgKSYpb1RF # N2wURkGRq7zh5Rvi4YIczh/AQKTuGK6926swRAYKKwYBBAGCNwIBDDE2MDSgFIAS # AE0AaQBjAHIAbwBzAG8AZgB0oRyAGmh0dHBzOi8vd3d3Lm1pY3Jvc29mdC5jb20g # MA0GCSqGSIb3DQEBAQUABIIBAMvmmoFR/BxyorHKEPKOOlDNgfdxAGAWHFvP/9RQ # kSd7Ner9CLob1pp2+06rHJswkv5++eEAuZPvOfsktNSdcwr0ljKJkYvMYeotl0ts # F6jy4fnd50O9nSK1eLvro+aga7MB3GNLmdX+rUv+9NvaKM/YttpoP7hlCe/YHPE1 # DS1HU1qKsa5vwExi9FLr8OxyGoAE0DhaLByFdwlmOKNqTdl4or5DYbn7j784m3pC # 1wfuFquUdJ4vkf5iTfJs1cOYcP8SfRFklnMOMrHqDMvVArYK+z1K01kECyLsvuL7 # kULvcGUlLJfVMxzCI6vrEmXICC1D0vc074GzgOImtaQd4s2hghcWMIIXEgYKKwYB # BAGCNwMDATGCFwIwghb+BgkqhkiG9w0BBwKgghbvMIIW6wIBAzEPMA0GCWCGSAFl # AwQCAQUAMIIBWQYLKoZIhvcNAQkQAQSgggFIBIIBRDCCAUACAQEGCisGAQQBhFkK # AwEwMTANBglghkgBZQMEAgEFAAQg5DVOYQwJB6HhePm6QJH5ek2NIZFWm+lD+VYi # iqYL6eMCBmHCS8FbYRgTMjAyMjAxMTMxMjU0MDQuNTM2WjAEgAIB9KCB2KSB1TCB # 0jELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1Jl # ZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEtMCsGA1UECxMk # TWljcm9zb2Z0IElyZWxhbmQgT3BlcmF0aW9ucyBMaW1pdGVkMSYwJAYDVQQLEx1U # aGFsZXMgVFNTIEVTTjo4NkRGLTRCQkMtOTMzNTElMCMGA1UEAxMcTWljcm9zb2Z0 # IFRpbWUtU3RhbXAgU2VydmljZaCCEWUwggcUMIIE/KADAgECAhMzAAABjAGXYkc2 # dmY7AAEAAAGMMA0GCSqGSIb3DQEBCwUAMHwxCzAJBgNVBAYTAlVTMRMwEQYDVQQI # EwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3Nv # ZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMTHU1pY3Jvc29mdCBUaW1lLVN0YW1wIFBD # QSAyMDEwMB4XDTIxMTAyODE5Mjc0NFoXDTIzMDEyNjE5Mjc0NFowgdIxCzAJBgNV # BAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4w # HAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xLTArBgNVBAsTJE1pY3Jvc29m # dCBJcmVsYW5kIE9wZXJhdGlvbnMgTGltaXRlZDEmMCQGA1UECxMdVGhhbGVzIFRT # UyBFU046ODZERi00QkJDLTkzMzUxJTAjBgNVBAMTHE1pY3Jvc29mdCBUaW1lLVN0 # YW1wIFNlcnZpY2UwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDTSGhM # oRP5IaxrLD70EV2b65n6S8Q8Yt3mwXxeVPdTLhgapPzr4OvwbeTqr+VFqCLFEq+f # 6DYAVEv1W5moLW5O9rt1k30KGKi0ccWbLJBk9qVd0lMLycoituBMxcDCH+ZuGeah # rGwj2MaWK9iCLkY04Tu7pNXhQ62dU/yKiFNR80wqFlol3OZYOOFYLsuM9ciFqb1C # FGRXOuTF8kpzn0CxoYPc++JGSAegbF+l1Yc89pbyKIQeNzg8OYIqW5bcn4h1Tfwf # 4yQo+Z6QLsa1FMtcoEK5YpdLxONlj/CQ1zNY0Sj6Xknc5l0d5WKDGnMKd6yRl9wd # fGsJfaG57uom9auSwVK2Rls4bshiZp9gxCtka6WXvY+dLWgh1B1idHn+eBy9JBvX # UZDSQ0wPOIqxJ37mJ9RphsktnRcTE1XiotcJLrkOP7wXKAKO02+QOIHkez0jsr3P # FmxRvt8opIYRn3IDQmBNZtwA8Jg+24AdUnxQppP3rukmbv6veGBx7fxVTf2yl54c # eBoJLi9et6VMuJQwCXQ62TmdwpApzaQae+7A/ZEJLeQQQUDGifAufynJ53Kt5lNs # ExAGp/WjeSPSKU4nv9/8/dzWudpg7TUYMmia/ui2lvnP7WGtKgizy77p6u4koJOK # F3SL/xtzrsAoXvrCla69b0GFtQxOxaTDDivjZwIDAQABo4IBNjCCATIwHQYDVR0O # BBYEFJbOU4apgiFgiHlWnT6Iyt1Ai1IjMB8GA1UdIwQYMBaAFJ+nFV0AXmJdg/Tl # 0mWnG1M1GelyMF8GA1UdHwRYMFYwVKBSoFCGTmh0dHA6Ly93d3cubWljcm9zb2Z0 # LmNvbS9wa2lvcHMvY3JsL01pY3Jvc29mdCUyMFRpbWUtU3RhbXAlMjBQQ0ElMjAy # MDEwKDEpLmNybDBsBggrBgEFBQcBAQRgMF4wXAYIKwYBBQUHMAKGUGh0dHA6Ly93 # d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMvY2VydHMvTWljcm9zb2Z0JTIwVGltZS1T # dGFtcCUyMFBDQSUyMDIwMTAoMSkuY3J0MAwGA1UdEwEB/wQCMAAwEwYDVR0lBAww # CgYIKwYBBQUHAwgwDQYJKoZIhvcNAQELBQADggIBANdoxUVYwgmp1uVBkrqiSztx # 0JTB48CaYQh52zK6yBQwhCVCpqN8I/2IbnzI4VJHHaTn2PaEAFJkHEWZuRWPCFgQ # LXIk9Cb3jriBTPkb645bnWLy5554HeHaL4OahY0o1K6Ug3J9IaBbo8IMKJGo7eqf # wphXMvOh6Z8+Kv9RXHkICBVwQMAy3FtGtMdcEAFfIJrppDf6O6RYHlpDMvDqqEeH # Pscg5T2r9D1jY2dUEo9/MiXA+NvY2tAZ9CddOyx8UP3w6lEerTtlTHbWDimzxXfe # FJKQna4PCG2nlW0UacX4DHMUGUK9zfcs9OZexzOXLr7JCABHCY0d40DbrZaosskz # zgjPw5LVV8TU3rJgKQuODzX7MZeyO8waaMGWLLFnBdYZYmayi8HpPqHUat+a8wq5 # 04T3YPrtJHfNPcN0DknAv1MDNfxSGLRoZi2fm41QMVvEijMhEyktWk/9g4ueD6va # /yzyXJa/Rp+PBlgcEnrgxZU3Edxo22PORi1CN1nluHKRrp1f4O1AP1uHfOOLRKWt # 9UMgvERvo6PKq18aPuJZm8mtvgCohWAdBoPOC6LERL2J60WKQd9/qn3sLmqhtNNs # rA3QAQ/erm17Ij00g5WUmXSCLkht3nweJ/cks7q+n7nIdeOhIv8yWEWa8a1piZDA # PsrNOb24AMXgHM/+bHa/MIIHcTCCBVmgAwIBAgITMwAAABXF52ueAptJmQAAAAAA # FTANBgkqhkiG9w0BAQsFADCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hp # bmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jw # b3JhdGlvbjEyMDAGA1UEAxMpTWljcm9zb2Z0IFJvb3QgQ2VydGlmaWNhdGUgQXV0 # aG9yaXR5IDIwMTAwHhcNMjEwOTMwMTgyMjI1WhcNMzAwOTMwMTgzMjI1WjB8MQsw # CQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9u # ZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSYwJAYDVQQDEx1NaWNy # b3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMDCCAiIwDQYJKoZIhvcNAQEBBQADggIP # ADCCAgoCggIBAOThpkzntHIhC3miy9ckeb0O1YLT/e6cBwfSqWxOdcjKNVf2AX9s # SuDivbk+F2Az/1xPx2b3lVNxWuJ+Slr+uDZnhUYjDLWNE893MsAQGOhgfWpSg0S3 # po5GawcU88V29YZQ3MFEyHFcUTE3oAo4bo3t1w/YJlN8OWECesSq/XJprx2rrPY2 # vjUmZNqYO7oaezOtgFt+jBAcnVL+tuhiJdxqD89d9P6OU8/W7IVWTe/dvI2k45GP # sjksUZzpcGkNyjYtcI4xyDUoveO0hyTD4MmPfrVUj9z6BVWYbWg7mka97aSueik3 # rMvrg0XnRm7KMtXAhjBcTyziYrLNueKNiOSWrAFKu75xqRdbZ2De+JKRHh09/SDP # c31BmkZ1zcRfNN0Sidb9pSB9fvzZnkXftnIv231fgLrbqn427DZM9ituqBJR6L8F # A6PRc6ZNN3SUHDSCD/AQ8rdHGO2n6Jl8P0zbr17C89XYcz1DTsEzOUyOArxCaC4Q # 6oRRRuLRvWoYWmEBc8pnol7XKHYC4jMYctenIPDC+hIK12NvDMk2ZItboKaDIV1f # MHSRlJTYuVD5C4lh8zYGNRiER9vcG9H9stQcxWv2XFJRXRLbJbqvUAV6bMURHXLv # jflSxIUXk8A8FdsaN8cIFRg/eKtFtvUeh17aj54WcmnGrnu3tz5q4i6tAgMBAAGj # ggHdMIIB2TASBgkrBgEEAYI3FQEEBQIDAQABMCMGCSsGAQQBgjcVAgQWBBQqp1L+ # ZMSavoKRPEY1Kc8Q/y8E7jAdBgNVHQ4EFgQUn6cVXQBeYl2D9OXSZacbUzUZ6XIw # XAYDVR0gBFUwUzBRBgwrBgEEAYI3TIN9AQEwQTA/BggrBgEFBQcCARYzaHR0cDov # L3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9Eb2NzL1JlcG9zaXRvcnkuaHRtMBMG # A1UdJQQMMAoGCCsGAQUFBwMIMBkGCSsGAQQBgjcUAgQMHgoAUwB1AGIAQwBBMAsG # A1UdDwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFNX2VsuP6KJc # YmjRPZSQW9fOmhjEMFYGA1UdHwRPME0wS6BJoEeGRWh0dHA6Ly9jcmwubWljcm9z # b2Z0LmNvbS9wa2kvY3JsL3Byb2R1Y3RzL01pY1Jvb0NlckF1dF8yMDEwLTA2LTIz # LmNybDBaBggrBgEFBQcBAQROMEwwSgYIKwYBBQUHMAKGPmh0dHA6Ly93d3cubWlj # cm9zb2Z0LmNvbS9wa2kvY2VydHMvTWljUm9vQ2VyQXV0XzIwMTAtMDYtMjMuY3J0 # MA0GCSqGSIb3DQEBCwUAA4ICAQCdVX38Kq3hLB9nATEkW+Geckv8qW/qXBS2Pk5H # ZHixBpOXPTEztTnXwnE2P9pkbHzQdTltuw8x5MKP+2zRoZQYIu7pZmc6U03dmLq2 # HnjYNi6cqYJWAAOwBb6J6Gngugnue99qb74py27YP0h1AdkY3m2CDPVtI1TkeFN1 # JFe53Z/zjj3G82jfZfakVqr3lbYoVSfQJL1AoL8ZthISEV09J+BAljis9/kpicO8 # F7BUhUKz/AyeixmJ5/ALaoHCgRlCGVJ1ijbCHcNhcy4sa3tuPywJeBTpkbKpW99J # o3QMvOyRgNI95ko+ZjtPu4b6MhrZlvSP9pEB9s7GdP32THJvEKt1MMU0sHrYUP4K # WN1APMdUbZ1jdEgssU5HLcEUBHG/ZPkkvnNtyo4JvbMBV0lUZNlz138eW0QBjloZ # kWsNn6Qo3GcZKCS6OEuabvshVGtqRRFHqfG3rsjoiV5PndLQTHa1V1QJsWkBRH58 # oWFsc/4Ku+xBZj1p/cvBQUl+fpO+y/g75LcVv7TOPqUxUYS8vwLBgqJ7Fx0ViY1w # /ue10CgaiQuPNtq6TPmb/wrpNPgkNWcr4A245oyZ1uEi6vAnQj0llOZ0dFtq0Z4+ # 7X6gMTN9vMvpe784cETRkPHIqzqKOghif9lwY1NNje6CbaUFEMFxBmoQtB1VM1iz # oXBm8qGCAtQwggI9AgEBMIIBAKGB2KSB1TCB0jELMAkGA1UEBhMCVVMxEzARBgNV # BAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jv # c29mdCBDb3Jwb3JhdGlvbjEtMCsGA1UECxMkTWljcm9zb2Z0IElyZWxhbmQgT3Bl # cmF0aW9ucyBMaW1pdGVkMSYwJAYDVQQLEx1UaGFsZXMgVFNTIEVTTjo4NkRGLTRC # QkMtOTMzNTElMCMGA1UEAxMcTWljcm9zb2Z0IFRpbWUtU3RhbXAgU2VydmljZaIj # CgEBMAcGBSsOAwIaAxUANKLyFOur9DyimnB4bK5ks0Qmr9WggYMwgYCkfjB8MQsw # CQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9u # ZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSYwJAYDVQQDEx1NaWNy # b3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMDANBgkqhkiG9w0BAQUFAAIFAOWKczkw # IhgPMjAyMjAxMTMxNzQ1MjlaGA8yMDIyMDExNDE3NDUyOVowdDA6BgorBgEEAYRZ # CgQBMSwwKjAKAgUA5YpzOQIBADAHAgEAAgIK+jAHAgEAAgIRSzAKAgUA5YvEuQIB # ADA2BgorBgEEAYRZCgQCMSgwJjAMBgorBgEEAYRZCgMCoAowCAIBAAIDB6EgoQow # CAIBAAIDAYagMA0GCSqGSIb3DQEBBQUAA4GBAIOiFJNf0lXzlv6rebTpR9r8utan # jlNyaZ5h1MWnryrIxqMBtXBMo6p556yzsQ1dga8Oha3s1c6QYvaXdRnMBBt4Sb/s # h+q+P464KOh9oXaUSn/iJ8v+zNYkK4MdW/An584u+z1G+p/si7xnNDcUZps+7beM # 8HvkwVPIY5XRS1nwMYIEDTCCBAkCAQEwgZMwfDELMAkGA1UEBhMCVVMxEzARBgNV # BAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jv # c29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAg # UENBIDIwMTACEzMAAAGMAZdiRzZ2ZjsAAQAAAYwwDQYJYIZIAWUDBAIBBQCgggFK # MBoGCSqGSIb3DQEJAzENBgsqhkiG9w0BCRABBDAvBgkqhkiG9w0BCQQxIgQg8AqM # 0VgPkBTdNWuC2xejRVYDpTPHTelmnHRDPXe7A2owgfoGCyqGSIb3DQEJEAIvMYHq # MIHnMIHkMIG9BCDVrYv4FSqQzwZ/xOYhBZ2B4pNOthcjA6h864mIGJhpnjCBmDCB # gKR+MHwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQH # EwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xJjAkBgNV # BAMTHU1pY3Jvc29mdCBUaW1lLVN0YW1wIFBDQSAyMDEwAhMzAAABjAGXYkc2dmY7 # AAEAAAGMMCIEIEsFzk/mHCws+XFm55spfMW5+JrDVKqmOAz1mPlH1G82MA0GCSqG # SIb3DQEBCwUABIICAAqLSqUzKcGHKFcw5QPHNEp7qIClhDk62SjQ48gDWt/MKT1P # EZTU8VRFqFUT1VsjPtFNK68pBtb+iaqPqfxyv1qHxyuqiL6EKMCHNhzGKAlxcPWP # EmWUO1k9shBnE6EW8wF6KWw7fV6Arzex4Hz94+51GpybCb4GAF4pBJ6GDwUEQKIK # JDZ4XxEDU8u8dGrmnmSzen32ZSrSOkLiLDmssKTPihGxzRFhB1745OVLPFpb64iu # jwH7fTQrR3A8mVbzVBg3VgvHhO06zEP3ygTmhDjaS6QoB5ELV17pw/hRC8boQZkL # pKaGgFA3kMtvNZ2oN3GTjlkGTgavWUaspvT20WHg4x511rZPhqN3jlQoLSqNipHM # RepHAFf2fy21SgRtsRclTQsG6nFXFZ0RL7qEda0CQc9l+meuaujQbZqvIQc4WQrm # aRefwpLCD/LTr4tzLPWT2srZzyD1WRuGTAaO882Jl2b1/kAUZU1KOrTrILqOWnlp # aziwBeyJBZzvjJbXR5QHJql6aC8BbHJGV8a5v8j7g3eqNjEPWT6XB4bnkknj66fx # +Ws8lOCUUX8iFxYAEav3vGXhSAI3JApGuNWNf22i0DTy8fPbzQESSpgi4kLpvWwE # G8zRkVg1DOFycl/TbNEUTJaE8MsrEZ+1uaNkkjJeLcknoV+13CXlcCK2TV6P # SIG # End signature block |