Private/AzStackHci.Connectivity.Helpers.ps1
|
# //////////////////////////////////////////////////////////////////////////// # Function to test version of PowerShell # This function checks the version of PowerShell and returns an error if the version is greater than 5.1.x Function Test-PowerShellVersion5 { param ( [Parameter(Mandatory = $false)] [bool]$NoVerboseOutput = $false ) begin { # Check if the PowerShell version is 5.1.x $versionMaximum = [version]'5.1.99999.999' # Get the PowerShell version from the PSVersionTable $PowerShellVersion = [version]$PSVersionTable.PSVersion } process { # Compare the PowerShell version with the maximum version if($PowerShellVersion -gt $versionMaximum) { # PowerShell version is greater than 5.1.x, return an error if(-not($NoVerboseOutput)){ Write-Verbose "PowerShell version $($PSVersionTable.PSVersion.ToString()) detected." } # $PowerShell5 = $false $PowerShell5 = $false } else { # PowerShell version is 5.1.x or lower, continue if(-not($NoVerboseOutput)){ Write-Verbose "PowerShell version $($PSVersionTable.PSVersion.ToString()) detected." } # $PowerShell5 = $true $PowerShell5 = $true } } # End of process block end { # Write-Debug "Completed Test-PowerShellVersion5 function" return $PowerShell5 } } # //////////////////////////////////////////////////////////////////////////// # This function converts a hashtable to a string representation Function Convert-HashTableToString { param ( [Parameter(Mandatory = $true)] [System.Collections.Hashtable] $HashTable ) begin { # Write-Verbose "Starting Convert-HashTableToString function" } process { $HashString = "@{" $Keys = $HashTable.keys foreach ($Key in $Keys) { $v = $HashTable[$key] if ($key -match "\s") { $HashString += "`"$key`"" + "=" + "`"$v`"" + ";" } else { $HashString += $key + "=" + "`"$v`"" + ";" } } $HashString += "}" } # End of process block end { # Write-Debug "Completed Convert-HashTableToString function" return $HashString } } # //////////////////////////////////////////////////////////////////////////// # Function to extract domains from URLs Function Get-DomainFromURL { param ( [string]$url ) begin { # Write-Verbose "Starting Get-DomainFromURL function" } process { # Remove the protocol (http:// or https://) and extract the domain and port $url = $url -replace "^https?://", "" # Check if the URL contains a port number # If the URL contains a port number, extract it if ($url -match ":(\d+)$") { $port = [int]($url -replace ".*:(\d+)$", '$1') $url = $url -replace ":(\d+)$", "" } else { $port = $null } $domain = $url -split '/' | Select-Object -First 1 return @{ Domain = $domain; Port = $port } } end { # Write-Debug "Completed Get-DomainFromURL function" } } # //////////////////////////////////////////////////////////////////////////// # Helper function to normalize URL with protocol based on port # This is a private helper function for Test-Layer7Connectivity Function Initialize-WebRequestUrl { param ( [Parameter(Mandatory=$true)] [string]$url, [Parameter(Mandatory=$true)] [int]$port ) # Check if the port is 80 for HTTP or port 443, 8084 or 8443 for HTTPS and update the URL accordingly if ($port -eq $script:PORT_HTTPS -or $port -eq $script:PORT_HTTPS_ALT1 -or $port -eq $script:PORT_HTTPS_ALT2) { if($url -notmatch "^https://") { # If the URL does not start with https://, add it $url = "https://$url" } } elseif($port -eq $script:PORT_HTTP) { if($url -notmatch "^http://") { # If the URL does not start with http://, add it $url = "http://$url" } } else { # For custom ports, use http as the default if($url -notmatch "^http") { Write-Verbose "Custom port $port detected, using http as the default" $url = "http://$url" } } return $url } # //////////////////////////////////////////////////////////////////////////// # Helper function to register a redirected URL into the RedirectedResults array # Prevents duplicates by checking both RedirectedResults and Results arrays. # Called from the redirect-handling section of Test-Layer7Connectivity. Function Add-RedirectedUrlToResults { param ( [Parameter(Mandatory=$true)] [string]$RedirectedURL, [Parameter(Mandatory=$true)] [string]$FullRedirectUrl, [Parameter(Mandatory=$true)] [int]$DestinationPort, [Parameter(Mandatory=$true)] [string]$OriginalURL, [Parameter(Mandatory=$true)] [int]$OriginalPort ) Write-HostAzS "Redirected to '$FullRedirectUrl'" -ForegroundColor Yellow # Update the Note on the original result to show the redirect target (only if not already set) $ResultsToUpdate = $script:Results | Where-Object { $_.url -eq $OriginalURL -and ($_.Port -eq $OriginalPort) } ForEach ($ResultToUpdate in $ResultsToUpdate) { if (-not($ResultToUpdate.Note -like "Redirects to *")) { if ($ResultToUpdate.Note) { $ResultToUpdate.Note = "Redirects to '$($RedirectedURL)' - $($ResultToUpdate.Note)" } else { $ResultToUpdate.Note = "Redirects to '$($RedirectedURL)'" } } } if ([string]::IsNullOrWhiteSpace($RedirectedURL)) { Write-Warning "Redirected URL is null for $FullRedirectUrl, skipping" return } # Check if the URL already exists in the Results array [bool]$RedirectExistsInResults = $false ForEach ($result in $script:Results) { if ((Get-DomainFromURL -url $result.url).Domain -eq $RedirectedURL -and ($result.Port -eq $DestinationPort)) { Write-Debug "Redirected URL already exists in Results array, skipping" $RedirectExistsInResults = $true break } } # Add to RedirectedResults if it doesn't already exist in either array # Note: -notcontains works correctly on an empty @() array, no special first-entry handling needed if (($script:RedirectedResults.url -notcontains $RedirectedURL) -and (-not($RedirectExistsInResults))) { $OriginalResult = $script:Results | Where-Object { ((Get-DomainFromURL -url $_.URL).Domain -eq (Get-DomainFromURL -url $OriginalURL).Domain) -and ($_.Port -eq $OriginalPort) } | Select-Object -First 1 $script:RedirectedResults.Add([PSCustomObject]@{ RowID = 0 url = $RedirectedURL redirect = $FullRedirectUrl Port = $DestinationPort ArcGateway = $false IsWildcard = $false Source = "Redirect for $($OriginalResult.Source)" Note = "Redirected URL from $($OriginalURL) - $($OriginalResult.Note)" TCPStatus = "" IPAddress = "" Layer7Status = "" Layer7Response = "" Layer7ResponseTime = "" CertificateSubject = "" CertificateIssuer = "" CertificateThumbprint = "" IntermediateCertificateIssuer = "" IntermediateCertificateSubject = "" IntermediateCertificateThumbprint = "" RootCertificateIssuer = "" RootCertificateSubject = "" RootCertificateThumbprint = "" }) | Out-Null Write-Debug "Added $($script:RedirectedResults[-1]) to RedirectedResults array" } else { Write-Debug "Redirected URL $RedirectedURL already exists in RedirectedResults or Results array, skipping" } } # //////////////////////////////////////////////////////////////////////////// # Helper function to register a CRL / OCSP dependency URL as its own row in # $script:Results. Called when Get-Layer7CertificateDetails classifies an HTTPS # endpoint as "CRL/OCSP unreachable" (trusted chain, revocation offline). # # Dedupe strategy (two tiers): # - OCSP: skip if ANY existing row already covers the same host+port=80 # (the OCSP protocol uses a single host, so host match = full coverage) # - CRL: fall through to exact-URL match — different .crl files on the same # host can be blocked independently by path-based proxy filtering # When an identical URL was already added by a previous parent, the existing # row's Source is extended to list both parents. # # Rows are appended directly to $script:Results with Layer7Status = "" so the # existing remainingUrls loop in Test-AzureLocalConnectivity picks them up and # tests them as first-class endpoints. Function Add-CrlDependencyRowToResults { [CmdletBinding()] param ( [Parameter(Mandatory=$true)][ValidateSet('CRL','OCSP')][string]$Kind, [Parameter(Mandatory=$true)][string]$DependencyURL, [Parameter(Mandatory=$true)][string]$ParentURL ) if ([string]::IsNullOrWhiteSpace($DependencyURL)) { return } $parentDomain = (Get-DomainFromURL -url $ParentURL).Domain $depDomain = (Get-DomainFromURL -url $DependencyURL).Domain if ([string]::IsNullOrWhiteSpace($depDomain)) { Write-Debug "Add-CrlDependencyRowToResults: cannot parse domain from '$DependencyURL', skipping" return } # Tier 1 — dedupe against existing rows if ($Kind -eq 'OCSP') { # Host-level dedupe is sufficient for OCSP (single-host protocol) $existing = $script:Results | Where-Object { ((Get-DomainFromURL -url $_.URL).Domain -eq $depDomain) -and ($_.Port -eq $script:PORT_HTTP) } | Select-Object -First 1 if ($existing) { Write-Debug "Add-CrlDependencyRowToResults: OCSP host '$depDomain' already in Results (row URL '$($existing.URL)'), skipping duplicate" return } } else { # CRL — exact URL dedupe (different .crl paths on same host can be independently blocked) $existingSame = $script:Results | Where-Object { ($_.URL -eq $DependencyURL) -and ($_.Port -eq $script:PORT_HTTP) } | Select-Object -First 1 if ($existingSame) { # Same CRL URL already added — extend Source to reflect shared parent if ($existingSame.Source -notmatch [regex]::Escape($parentDomain)) { $existingSame.Source = "$($existingSame.Source); $parentDomain" } Write-Debug "Add-CrlDependencyRowToResults: CRL URL '$DependencyURL' already present — appended parent '$parentDomain' to Source" return } } # Tier 2 — append new row (Layer7Status="" so the remaining-URLs loop tests it) $sourcePrefix = if ($Kind -eq 'CRL') { 'CRL dependency for' } else { 'OCSP dependency for' } $script:Results.Add([PSCustomObject]@{ RowID = 0 URL = $DependencyURL Port = $script:PORT_HTTP ArcGateway = $false IsWildcard = $false Source = "$sourcePrefix $parentDomain" Note = "Required for certificate revocation check of https://$parentDomain (HTTP port 80 must be reachable)" TCPStatus = "" IPAddress = "" Layer7Status = "" Layer7Response = "" Layer7ResponseTime = "" CertificateIssuer = "" CertificateSubject = "" CertificateThumbprint = "" IntermediateCertificateIssuer = "" IntermediateCertificateSubject = "" IntermediateCertificateThumbprint = "" RootCertificateIssuer = "" RootCertificateSubject = "" RootCertificateThumbprint = "" }) | Out-Null Write-Debug "Add-CrlDependencyRowToResults: appended $Kind dependency row '$DependencyURL' for parent '$parentDomain'" } # //////////////////////////////////////////////////////////////////////////// # Helper function to initialize ServerCertificateValidationCallback for SSL bypass # This is a private helper function for Test-Layer7Connectivity Function Initialize-CertificateCallback { # IMPORTANT: This sets a PROCESS-WIDE callback on ServicePointManager.ServerCertificateValidationCallback # that accepts all certificates. This is intentional — the module needs to connect to endpoints even when # SSL inspection replaces certificates, so it can detect and report SSL inspection to the user. # The callback is reset to $null in the end block of Test-Layer7Connectivity and Test-AzureLocalConnectivity. # Check if ServerCertificateValidationCallback class is already defined if (-not ([System.Management.Automation.PSTypeName]'ServerCertificateValidationCallback').Type) { # Define the ServerCertificateValidationCallback class # This class is used to bypass SSL certificate validation, to allow for SSL inspection detection $CertCallback = @" using System; using System.Net; using System.Net.Security; using System.Security.Cryptography.X509Certificates; public class ServerCertificateValidationCallback { public static void Ignore() { if(ServicePointManager.ServerCertificateValidationCallback == null) { ServicePointManager.ServerCertificateValidationCallback += delegate ( Object obj, X509Certificate certificate, X509Chain chain, SslPolicyErrors errors ) { return true; }; } } } "@ Add-Type $CertCallback } # Call the Ignore method to bypass SSL certificate validation [ServerCertificateValidationCallback]::Ignore() } # //////////////////////////////////////////////////////////////////////////// # Helper to set all connectivity result fields on a URL object to skip/N/A values. # Used when a URL is skipped, wildcarded, or DNS resolution fails. Function Set-UrlObjectSkipFields { param( [Parameter(Mandatory)][PSCustomObject]$UrlObject, [Parameter(Mandatory)][string]$TCPStatus, [Parameter(Mandatory)][string]$Layer7Status, [string]$IPAddress = "N/A", [string]$Layer7Response = "N/A", [string]$Layer7ResponseTime = "N/A" ) $UrlObject.TCPStatus = $TCPStatus $UrlObject.IPAddress = $IPAddress $UrlObject.Layer7Status = $Layer7Status $UrlObject.Layer7Response = $Layer7Response $UrlObject.Layer7ResponseTime = $Layer7ResponseTime $UrlObject.CertificateIssuer = "N/A" $UrlObject.CertificateSubject = "N/A" $UrlObject.CertificateThumbprint = "N/A" $UrlObject.IntermediateCertificateIssuer = "N/A" $UrlObject.IntermediateCertificateSubject = "N/A" $UrlObject.IntermediateCertificateThumbprint = "N/A" $UrlObject.RootCertificateIssuer = "N/A" $UrlObject.RootCertificateSubject = "N/A" $UrlObject.RootCertificateThumbprint = "N/A" } # //////////////////////////////////////////////////////////////////////////// # Helper to copy connectivity test results from an Invoke-EndpointConnectivityTest # result hashtable to a URL result object. Function Copy-ConnectivityResultsToUrlObject { param( [Parameter(Mandatory)][PSCustomObject]$UrlObject, [Parameter(Mandatory)][hashtable]$TestResult ) $UrlObject.TCPStatus = $TestResult.TCPStatus $UrlObject.IPAddress = $TestResult.IPAddress $UrlObject.Layer7Status = $TestResult.Layer7Status $UrlObject.Layer7Response = $TestResult.Layer7Response $UrlObject.Layer7ResponseTime = $TestResult.Layer7ResponseTime $UrlObject.CertificateIssuer = $TestResult.CertificateIssuer $UrlObject.CertificateSubject = $TestResult.CertificateSubject $UrlObject.CertificateThumbprint = $TestResult.CertificateThumbprint $UrlObject.IntermediateCertificateIssuer = $TestResult.CertificateIntermediateIssuer $UrlObject.IntermediateCertificateSubject = $TestResult.CertificateIntermediateSubject $UrlObject.IntermediateCertificateThumbprint = $TestResult.CertificateIntermediateThumbprint $UrlObject.RootCertificateIssuer = $TestResult.CertificateRootIssuer $UrlObject.RootCertificateSubject = $TestResult.CertificateRootSubject $UrlObject.RootCertificateThumbprint = $TestResult.CertificateRootThumbprint } # SIG # Begin signature block # MIInSQYJKoZIhvcNAQcCoIInOjCCJzYCAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCC287KhyL4lfRMO # uDbzGrIKezcczPO9YeAGLHItjaFzj6CCDLowggX1MIID3aADAgECAhMzAAACHU0Z # yE7XD1dIAAAAAAIdMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNVBAYTAlVTMR4wHAYD # VQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBD # b2RlIFNpZ25pbmcgUENBIDIwMjQwHhcNMjYwNDE2MTg1OTQzWhcNMjcwNDE1MTg1 # OTQzWjB0MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UE # BxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYD # VQQDExVNaWNyb3NvZnQgQ29ycG9yYXRpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IB # DwAwggEKAoIBAQDQvewXxx9gZZFC6Ys1WBay8BJ8kGA4JQnH5CMafqOASlTpK9H8 # o5ZXTXt0caVQTNMUPt445wXYD+dFtaKWTwDn1I52oUSrC9vJin1Gsqt+zyKJL5Dg # 3eQXbQNR61DmMy20GLTIO3SFed9Rfi/ophgCLGFLDR3r0KvHjwMb/jYWS0celV/4 # Lz27LfAekm8v9E5IXaeiXbAUYZKK090n4CVl3JBtbN+9DtI9SNu/yjvozW52/u7R # X/Ttpa/KDlpuokZ+Zcbvmtd9ur9gFLvZzh41o9MsE/clQtdaFWGvuo6Jua/ntpgk # ey3E5/vBFe+MJPG6phdnuo6r57ZudCudiI1bAgMBAAGjggGbMIIBlzAOBgNVHQ8B # Af8EBAMCB4AwHwYDVR0lBBgwFgYKKwYBBAGCN0wIAQYIKwYBBQUHAwMwHQYDVR0O # BBYEFH6QuMwqcPG0hQlQ6c5jCtTTLrVeMEUGA1UdEQQ+MDykOjA4MR4wHAYDVQQL # ExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xFjAUBgNVBAUTDTIzMDAxMis1MDc1NTkw # HwYDVR0jBBgwFoAUf1k/VCHarU/vBeXmo9ctBpQSCDEwYAYDVR0fBFkwVzBVoFOg # UYZPaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jcmwvTWljcm9zb2Z0 # JTIwQ29kZSUyMFNpZ25pbmclMjBQQ0ElMjAyMDI0LmNybDBtBggrBgEFBQcBAQRh # MF8wXQYIKwYBBQUHMAKGUWh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMv # Y2VydHMvTWljcm9zb2Z0JTIwQ29kZSUyMFNpZ25pbmclMjBQQ0ElMjAyMDI0LmNy # dDAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBCwUAA4ICAQBKTbYOjzwTG/DXGaz9 # s6+fQeaTtDcFmMY+5UyVFCyj7Pv+5i37qfX8lSL/tBIfYQfWsMuBQlfZurJD6r4H # VJ2CeH+1fgiq8dcHdVKoZ3Sa2qXoX3cq9iS8cVb06B7+5/XJ7I0OxHH9fDsvJ3T3 # w5V/ZtAIFmLrl+P0CtG+92uzRsn0nTbdFjOkLMLWPLAU3THohKRlSEMgFJpPkm5n # 5UAZ35xX6FWCrDLsSKb555bTifwa8mJBwdlof0bmfYidH+dxZ1FdDxvLnNl9zeKs # A4kejaaIqqIPguhwAti5Ql7BlTNoJNwxCvBmqW2MQLnCkYN/VVUsR3V2x/rcTNzo # Bf/Z/SpROvdaA2ZOOd1uioXJt3tdLQ7vHpqpib0KfWr/FWXW10q38VxfCnRQBqzb # SuztR7nEMuzX7Ck+B/XaPDXd1qh72+QYyB0Z2VzWmO9zsnb9Uq/dwu8LGeQqnyu6 # 7SDGACvnXii2fb9+US492VTnXSnFKyqwgzUyFMtZK1/sHYTv6bG4TtQUygQxTN+Z # V+aJIlKO2MqZ7bKrAnOzS9m6NgoTdWOq11bTOZwKlIEV/EhV9SWkDmdpR/hPPT2v # 6TEj4F8PT/zHjRezIU5c/DGlt/VhY/pK0XkJtEyMmmS1BMtjU/rqBZVMIm3dnxQs # /TBByr+Cf8Z1r7aifQVQ+WSqzjCCBr0wggSloAMCAQICEzMAAAA5O7Y3Gb8GHWcA # AAAAADkwDQYJKoZIhvcNAQEMBQAwgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpX # YXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQg # Q29ycG9yYXRpb24xMjAwBgNVBAMTKU1pY3Jvc29mdCBSb290IENlcnRpZmljYXRl # IEF1dGhvcml0eSAyMDExMB4XDTI0MDgwODIwNTQxOFoXDTM2MDMyMjIyMTMwNFow # VzELMAkGA1UEBhMCVVMxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEo # MCYGA1UEAxMfTWljcm9zb2Z0IENvZGUgU2lnbmluZyBQQ0EgMjAyNDCCAiIwDQYJ # KoZIhvcNAQEBBQADggIPADCCAgoCggIBANgBnB7jOMeqlRYHNa265v4IY9fH8TKh # emHfPINe1gpLaV3dhg324WwH06LcHbpnsBukCDNitryo0dtS/EW6I/yEL/bLSY8h # KpbfQuWusBPr9qazYcDxCW/qnjb5JsI1s8bNOg3bVATvQVL4tcf03aTycsz8QeCd # M0l/yHRObJ9QqazM1r6VPEOJ7LL+uEEb73w6QCuhs89a1uv1zerOYMnsneRRwCbp # yW11IcggU0cRKDDq1pjVJzIbIF6+oiXXbReOsgeI8zu1FyQfK0fVkaya8SmVHQ/t # Of23mZ4W9k0Ri22QW9p3UgSC5OUDktKxxcCmGL6tXLfOGSWHIIV4YrTJTT6PNty5 # REojHJuZHArkF9VnHTERWoTjAzfI3kP+5b4alUdhgAZ7ttOu1bVnXfHaqPYl2rPs # 20ji03LOVWsh/radgE17es5hL+t6lV0eVHrVhsssROWJuz2MXMCt7iw7lFPG9LXK # Gjsmonn2gotGdHIuEg5JnJMJVmixd5LRlkmgYRZKzhxSCwyoGIq0PhaA7Y+VPct5 # pCHkijcIIDm0nlkK+0KyepolcqGm0T/GYQRMhHJlGOOmVQop36wUVUYklUy++vDW # eEgEo4s7hxN6mIbf2MSIQ/iIfMZgJxC69oukMUXCrOC3SkE/xIkgpfl22MM1itkZ # 35nNXkMolU1lAgMBAAGjggFOMIIBSjAOBgNVHQ8BAf8EBAMCAYYwEAYJKwYBBAGC # NxUBBAMCAQAwHQYDVR0OBBYEFH9ZP1Qh2q1P7wXl5qPXLQaUEggxMBkGCSsGAQQB # gjcUAgQMHgoAUwB1AGIAQwBBMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAU # ci06AjGQQ7kUBU7h6qfHMdEjiTQwWgYDVR0fBFMwUTBPoE2gS4ZJaHR0cDovL2Ny # bC5taWNyb3NvZnQuY29tL3BraS9jcmwvcHJvZHVjdHMvTWljUm9vQ2VyQXV0MjAx # MV8yMDExXzAzXzIyLmNybDBeBggrBgEFBQcBAQRSMFAwTgYIKwYBBQUHMAKGQmh0 # dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvY2VydHMvTWljUm9vQ2VyQXV0MjAx # MV8yMDExXzAzXzIyLmNydDANBgkqhkiG9w0BAQwFAAOCAgEAFJQfOChP7onn6fLI # MKrSlN1WYKwDFgAddymOUO3FrM8d7B/W/iQ6DxXsDn7D5W4wMwYeLystcEqfkjz4 # NURRgazyMu5yRzQh4LqjA4tStTcJh1opExo7nn5PuPBYnbu0+THSuVHTe0VTTPVh # ily/piFrDo3axQ9P4C+Ol5yet+2gTfekICS5xS+cYfSIvgn0JksVBVMYVI5QFu/q # hnLhsEFEUzG8fvv0hjgkO+lkpV9ty6GkN4vdnd7ya6Q6aR9y34aiM1qmxaxBi6OU # nyNl6fkuun/diTFnYDLTppOkr/mg5WSfCiDVMNCxtj4wPKC5OmHm1DQIt/MNokbb # H3UGsFP1QbzsLocuSqLCvH09Io3fDPTmscR9Y75G4qX7RTX8AdBPo0I6OEojf39z # uFZt0qOHm65YWQE69cZM2ueE1MB05dNNgHK9gTE7zKvK/fg8B2qjW88MT/WF5V5u # vZGtqa9FSL2RazArA+rDPuf6JGYz4HpgMZHB4S6szWSKYBv0VisCzfxgeU+dquXW # 9bd0auYlOB58DPcOYKdc3Se94g+xL4pcEhbB54JOgAkwYTu/9dLeH2pDqeJZAABV # DWRQCaXfO5LgyKwKCLYXpigrZYCjUSBcr+Ve8PFWMhVTQl0v4q8J/AUmQN5W4n10 # 1cY2L4A7GTQG1h32HHAvfQESWP0xghnlMIIZ4QIBATBuMFcxCzAJBgNVBAYTAlVT # MR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jv # c29mdCBDb2RlIFNpZ25pbmcgUENBIDIwMjQCEzMAAAIdTRnITtcPV0gAAAAAAh0w # DQYJYIZIAWUDBAIBBQCgga4wGQYJKoZIhvcNAQkDMQwGCisGAQQBgjcCAQQwHAYK # KwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkEMSIEIBRlyZLI # //PYDJ/L0pNCUPuMAv9siohu5ZxGClf5uKR6MEIGCisGAQQBgjcCAQwxNDAyoBSA # EgBNAGkAYwByAG8AcwBvAGYAdKEagBhodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20w # DQYJKoZIhvcNAQEBBQAEggEAyMUA24XESWhqb5MEG3cH1fGpZXiAqIXX0CeGlEVW # MBor47VHV8BehW96biuCDkvW6xxbR7eK68rhTV2SJSd/pCuThj/t2VB8JwssbPtn # Oi4hIPQ1lWTd3RInphCygDJN75Smsy4sg/sHv41ayi6bIzvgGVcusCMRtG3ZlVrb # 2d403F+G+eabv7kIUBhjJbX/JaA9nIbqlRViJaGQjzNCXf/xVXhFsnm+hFs8RPMz # W0oT998rASvTWL9bWM6CovUziZ4UOy3zlvUX3Ddru/JnSBhImBePE8V2kHIesW5e # WIgJDYpDrrvg2v02k6NDv+V4e0OQ6pUWBFWkluHaUe7vxKGCF5cwgheTBgorBgEE # AYI3AwMBMYIXgzCCF38GCSqGSIb3DQEHAqCCF3AwghdsAgEDMQ8wDQYJYIZIAWUD # BAIBBQAwggFSBgsqhkiG9w0BCRABBKCCAUEEggE9MIIBOQIBAQYKKwYBBAGEWQoD # ATAxMA0GCWCGSAFlAwQCAQUABCA7h5iXMke7fY/LezQitCUWO0tCWjw/8XCamXHK # bnUcBgIGaeeMXoQeGBMyMDI2MDQyODIxNTI1Mi43NTFaMASAAgH0oIHRpIHOMIHL # MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVk # bW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSUwIwYDVQQLExxN # aWNyb3NvZnQgQW1lcmljYSBPcGVyYXRpb25zMScwJQYDVQQLEx5uU2hpZWxkIFRT # UyBFU046REMwMC0wNUUwLUQ5NDcxJTAjBgNVBAMTHE1pY3Jvc29mdCBUaW1lLVN0 # YW1wIFNlcnZpY2WgghHtMIIHIDCCBQigAwIBAgITMwAAAiQ7hCGwLKxkIgABAAAC # JDANBgkqhkiG9w0BAQsFADB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGlu # Z3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBv # cmF0aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMDAe # Fw0yNjAyMTkxOTM5NTlaFw0yNzA1MTcxOTM5NTlaMIHLMQswCQYDVQQGEwJVUzET # MBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMV # TWljcm9zb2Z0IENvcnBvcmF0aW9uMSUwIwYDVQQLExxNaWNyb3NvZnQgQW1lcmlj # YSBPcGVyYXRpb25zMScwJQYDVQQLEx5uU2hpZWxkIFRTUyBFU046REMwMC0wNUUw # LUQ5NDcxJTAjBgNVBAMTHE1pY3Jvc29mdCBUaW1lLVN0YW1wIFNlcnZpY2UwggIi # MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCj6W3UaQ2Zr4hNvSy7j7UMPFVy # s7aExGB+JFwykzzXg3jayYm9gOLXJ7tNhU2emhrLQCOZcgLvz6FkqmghzQxzmkgK # tLYiKaEzhogO/ce0lThdLNdVtMwQOYgo+XtXAZcViBX4LcHk38RusZiF7wxSa5t/ # Lxic04+Z/hly1gJQpIeFDqp4a9PuLt8rsfH05vW9pU9uriGdDxfJXn/lc49CxbXq # A3EX17L24bc6t+mFuPDAJKKpai3XXqF2nJlpTPfdrA29sWTSNKig9CtBC5tzQj0f # lbsa/4wqO9u+RkuwpZb3b7qnW5FdFrDR1vQmXfjlyUP9ZO38839NwSuiHtvsFCNk # TNIX8OL5XVq1nsKyu//GeIZ9YuxsfLBedqG024PDERyrAs0pvfUWOLapVQajHPoC # nuNSKvbEh7s5IQ0YgupGji+H7rIDx2/mIEI+6Q8WwBtk3Yxyhjj0GXw909i0EkTk # Vyy+1yADjwSC8bw2qM4+Mc4hyytlZzSc0IPUBq1YGnYwCjIwa5/lMW0pFn/HpJdB # 6XeMuTtYTOpaPoo64FjQryLXWjd4ovpw5lOw7X+v3E9kwN9VBC+wJESBECC1gZMC # S5TaVwfE1w4pnXXb1qT9bjgRsPg4dklruUTdon/3SNt0a0Q5Nc2Ul+rMlQxXoP9i # sXwMNnKO5JJkqRDRVQIDAQABo4IBSTCCAUUwHQYDVR0OBBYEFHMfkX1u/zJLCMe0 # gqYitx1tAHeoMB8GA1UdIwQYMBaAFJ+nFV0AXmJdg/Tl0mWnG1M1GelyMF8GA1Ud # HwRYMFYwVKBSoFCGTmh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMvY3Js # L01pY3Jvc29mdCUyMFRpbWUtU3RhbXAlMjBQQ0ElMjAyMDEwKDEpLmNybDBsBggr # BgEFBQcBAQRgMF4wXAYIKwYBBQUHMAKGUGh0dHA6Ly93d3cubWljcm9zb2Z0LmNv # bS9wa2lvcHMvY2VydHMvTWljcm9zb2Z0JTIwVGltZS1TdGFtcCUyMFBDQSUyMDIw # MTAoMSkuY3J0MAwGA1UdEwEB/wQCMAAwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwgw # DgYDVR0PAQH/BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4ICAQA+wHSbmhIpM8CRVZ4t # k624hQ+LdZXE4qoeQui77CeNa3jq1FOzi7MRKkko6diEDHXPNWvAagxastCewPzm # 5TCNh1s4qCHh4R2G/r48wU/Mpc68/WDmJy5CIQn/Fwps1sbNUEu7Bzg004qULIVJ # 963jo/am4xwKgwh+vSVL7/dhsfT7dvhpRddbYLQTHZgwuNB6QhcEEsgogLVwNRj3 # 7VEWZDiwoMdxyC7YYrQu6MCVtizHnOtkSX7FqIoi6jlcfqfo619uDH9r8k2qAOHC # eEAqKXKymIXDMcGGlEdDFbYiDZgPCBM0IHgAeilUSon07wjHu0e0ssBmtBafPb4G # d+5FuRnWG3XGe91NCpLKqmFa/4GkVz9OMzZUg8oczxC/4JT3Hf45JEtszToXwNsk # V3JNCcu2IItr6SJHmi3EDVADDRSNhdzFRpYmplGElPl5GRoPtJiDEvRIbv5MFKIw # 2x9gnehf5IvBjC4ZkBg+4GTpqGE3mmnzF3nIekOkX4ug0/0mN2CSarhuSi9NmHIO # pUN2eQHUtgTb/+Gmq7gktCMwIq/JOCYIiTYqpv1objAGKdWMPCrlSyNAs0jZYzkh # a535158NMx+wBGvsfFoVsCMG5Ocp6vW6CXyuWRbUVqMU1OrQbHfdyzJpbhJC1PbA # ZIyJCbN+VBgDTAzTKY8w4ISSwTCCB3EwggVZoAMCAQICEzMAAAAVxedrngKbSZkA # AAAAABUwDQYJKoZIhvcNAQELBQAwgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpX # YXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQg # Q29ycG9yYXRpb24xMjAwBgNVBAMTKU1pY3Jvc29mdCBSb290IENlcnRpZmljYXRl # IEF1dGhvcml0eSAyMDEwMB4XDTIxMDkzMDE4MjIyNVoXDTMwMDkzMDE4MzIyNVow # fDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1Jl # ZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMd # TWljcm9zb2Z0IFRpbWUtU3RhbXAgUENBIDIwMTAwggIiMA0GCSqGSIb3DQEBAQUA # A4ICDwAwggIKAoICAQDk4aZM57RyIQt5osvXJHm9DtWC0/3unAcH0qlsTnXIyjVX # 9gF/bErg4r25PhdgM/9cT8dm95VTcVrifkpa/rg2Z4VGIwy1jRPPdzLAEBjoYH1q # UoNEt6aORmsHFPPFdvWGUNzBRMhxXFExN6AKOG6N7dcP2CZTfDlhAnrEqv1yaa8d # q6z2Nr41JmTamDu6GnszrYBbfowQHJ1S/rboYiXcag/PXfT+jlPP1uyFVk3v3byN # pOORj7I5LFGc6XBpDco2LXCOMcg1KL3jtIckw+DJj361VI/c+gVVmG1oO5pGve2k # rnopN6zL64NF50ZuyjLVwIYwXE8s4mKyzbnijYjklqwBSru+cakXW2dg3viSkR4d # Pf0gz3N9QZpGdc3EXzTdEonW/aUgfX782Z5F37ZyL9t9X4C626p+Nuw2TPYrbqgS # Uei/BQOj0XOmTTd0lBw0gg/wEPK3Rxjtp+iZfD9M269ewvPV2HM9Q07BMzlMjgK8 # QmguEOqEUUbi0b1qGFphAXPKZ6Je1yh2AuIzGHLXpyDwwvoSCtdjbwzJNmSLW6Cm # gyFdXzB0kZSU2LlQ+QuJYfM2BjUYhEfb3BvR/bLUHMVr9lxSUV0S2yW6r1AFemzF # ER1y7435UsSFF5PAPBXbGjfHCBUYP3irRbb1Hode2o+eFnJpxq57t7c+auIurQID # AQABo4IB3TCCAdkwEgYJKwYBBAGCNxUBBAUCAwEAATAjBgkrBgEEAYI3FQIEFgQU # KqdS/mTEmr6CkTxGNSnPEP8vBO4wHQYDVR0OBBYEFJ+nFV0AXmJdg/Tl0mWnG1M1 # GelyMFwGA1UdIARVMFMwUQYMKwYBBAGCN0yDfQEBMEEwPwYIKwYBBQUHAgEWM2h0 # dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMvRG9jcy9SZXBvc2l0b3J5Lmh0 # bTATBgNVHSUEDDAKBggrBgEFBQcDCDAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMA # QTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBTV9lbL # j+iiXGJo0T2UkFvXzpoYxDBWBgNVHR8ETzBNMEugSaBHhkVodHRwOi8vY3JsLm1p # Y3Jvc29mdC5jb20vcGtpL2NybC9wcm9kdWN0cy9NaWNSb29DZXJBdXRfMjAxMC0w # Ni0yMy5jcmwwWgYIKwYBBQUHAQEETjBMMEoGCCsGAQUFBzAChj5odHRwOi8vd3d3 # Lm1pY3Jvc29mdC5jb20vcGtpL2NlcnRzL01pY1Jvb0NlckF1dF8yMDEwLTA2LTIz # LmNydDANBgkqhkiG9w0BAQsFAAOCAgEAnVV9/Cqt4SwfZwExJFvhnnJL/Klv6lwU # tj5OR2R4sQaTlz0xM7U518JxNj/aZGx80HU5bbsPMeTCj/ts0aGUGCLu6WZnOlNN # 3Zi6th542DYunKmCVgADsAW+iehp4LoJ7nvfam++Kctu2D9IdQHZGN5tggz1bSNU # 5HhTdSRXud2f8449xvNo32X2pFaq95W2KFUn0CS9QKC/GbYSEhFdPSfgQJY4rPf5 # KYnDvBewVIVCs/wMnosZiefwC2qBwoEZQhlSdYo2wh3DYXMuLGt7bj8sCXgU6ZGy # qVvfSaN0DLzskYDSPeZKPmY7T7uG+jIa2Zb0j/aRAfbOxnT99kxybxCrdTDFNLB6 # 2FD+CljdQDzHVG2dY3RILLFORy3BFARxv2T5JL5zbcqOCb2zAVdJVGTZc9d/HltE # AY5aGZFrDZ+kKNxnGSgkujhLmm77IVRrakURR6nxt67I6IleT53S0Ex2tVdUCbFp # AUR+fKFhbHP+CrvsQWY9af3LwUFJfn6Tvsv4O+S3Fb+0zj6lMVGEvL8CwYKiexcd # FYmNcP7ntdAoGokLjzbaukz5m/8K6TT4JDVnK+ANuOaMmdbhIurwJ0I9JZTmdHRb # atGePu1+oDEzfbzL6Xu/OHBE0ZDxyKs6ijoIYn/ZcGNTTY3ugm2lBRDBcQZqELQd # VTNYs6FwZvKhggNQMIICOAIBATCB+aGB0aSBzjCByzELMAkGA1UEBhMCVVMxEzAR # BgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1p # Y3Jvc29mdCBDb3Jwb3JhdGlvbjElMCMGA1UECxMcTWljcm9zb2Z0IEFtZXJpY2Eg # T3BlcmF0aW9uczEnMCUGA1UECxMeblNoaWVsZCBUU1MgRVNOOkRDMDAtMDVFMC1E # OTQ3MSUwIwYDVQQDExxNaWNyb3NvZnQgVGltZS1TdGFtcCBTZXJ2aWNloiMKAQEw # BwYFKw4DAhoDFQCmCPHbmseASfe//bGtX9eQG+0+46CBgzCBgKR+MHwxCzAJBgNV # BAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4w # HAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMTHU1pY3Jvc29m # dCBUaW1lLVN0YW1wIFBDQSAyMDEwMA0GCSqGSIb3DQEBCwUAAgUA7ZtEPDAiGA8y # MDI2MDQyODE0MzU0MFoYDzIwMjYwNDI5MTQzNTQwWjB3MD0GCisGAQQBhFkKBAEx # LzAtMAoCBQDtm0Q8AgEAMAoCAQACAgYBAgH/MAcCAQACAhInMAoCBQDtnJW8AgEA # MDYGCisGAQQBhFkKBAIxKDAmMAwGCisGAQQBhFkKAwKgCjAIAgEAAgMHoSChCjAI # AgEAAgMBhqAwDQYJKoZIhvcNAQELBQADggEBAF9M9cU/nl8uZHWsVLB5p10ciY+2 # V6YWnxlpTGzG4iHM1yQadfZOwii70ZqD1GBvo/p1fbR6rgqn9RvPHtles+DZ6W7J # L3NwBENItoUWjqosnqDnMB8hG+o1ONHaPsXVKyVPxlkDVmHdPPjp+iBsVSNamg+J # suMrZsMOtIdtcspmQoJggkQ3cUT6FNvrqKKV1guIvdDQHAvvCx57qQDPk665EHC2 # uMdd8L2o0xuvZZdQx9opXi8rYgl7Bn7btnR6zNzD8VjIkC3Tq25q9sm291hzva+C # PQZIES7Zvnrw0Lmuf3/DSzfiIU7r8n/zMTwfmbxGEVBdaNYu8lEn1X6u14kxggQN # MIIECQIBATCBkzB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQ # MA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9u # MSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMAITMwAAAiQ7 # hCGwLKxkIgABAAACJDANBglghkgBZQMEAgEFAKCCAUowGgYJKoZIhvcNAQkDMQ0G # CyqGSIb3DQEJEAEEMC8GCSqGSIb3DQEJBDEiBCBYa5JT4BWA0b7JzUCjamZbCbPU # 0dWISreRM+ry2PKNWDCB+gYLKoZIhvcNAQkQAi8xgeowgecwgeQwgb0EIEghPTdq # m/dRyZ0BczXcdloVEqICdcmpVNbH9CEVzWSOMIGYMIGApH4wfDELMAkGA1UEBhMC # VVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNV # BAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRp # bWUtU3RhbXAgUENBIDIwMTACEzMAAAIkO4QhsCysZCIAAQAAAiQwIgQgdx9Dro9T # bf5mRX7bR408PP0JeYZnltOdARP+4WiOkdQwDQYJKoZIhvcNAQELBQAEggIARnaG # 9dy+eKuZrpqiIlEt9vb7BxNpv47c/Gk3l6npyiTsQGjzsp/fjv0Ivo9Gty29loxe # HBVlBUSRqajsFYdWnYLOzwUTnz/mu5iN+Dmn0D51A8W8vK5MvSecSNcDCVKJ0l/p # M9sdp461fghmYfqy8qrZopIW3OOzn3u2Ba4ygmDqTDGb9LW3yZqhGEaJGnIptDOf # JXpzuWLinfHPtFfXTDibU+UdIrdjjEmf/Fzs1SZxnl9lTVsMyTwdh3VEvWjwvBx1 # U6eqFotcv5BgS6XhB3JVjldIGj7SQJUhdUAu57bjEdqSmGflvanIGseWMPPLDmXl # RzJwwJTpGFxqmZx9+3Qa9pwES02Hyv4zBgcdDsZT88TT6NCU2dlKxHk9cn0Pp+iG # n9iMVTkWvADFI9MEwTIkA8g23qfvlmKRR1i2aP2EKQcc4rKeOo4zx+/NbNox49hY # yNNp0t2kM8cLnWh1RoHcPRCNw0h3gTHa5QoWexDdroAOI1Uk7aJpRpxGJ3Tl37Or # 4DiNnq9BLfZQHiJCO+GYKmdLS0ozMlmWZDU6Q1qdxmY+EvqN19gJvrmxpMKwJrKa # bp0h7m09/hRI1OdDSZ/pSjmfWyWlR/z3wMSHBwZlJqkIJhgBsOQ1JB3iYXuJhayt # 2ntxBIRJmb0fivqfZPwHlNokqb+yOWICJgylKdw= # SIG # End signature block |