Private/AzStackHci.Constants.ps1
|
# //////////////////////////////////////////////////////////////////////////// # Module Constants # Centralized configuration values for the AzStackHci.DiagnosticSettings module. # All constant numbers and hardcoded values are defined here for easy maintenance. # //////////////////////////////////////////////////////////////////////////// # --- Memory Dump Settings --- # Default dedicated dump file size for systems with less than the large memory threshold [uint32]$script:DUMP_FILE_SIZE_DEFAULT_MIB = 65536 # 64 GiB # Dedicated dump file size for large memory systems (>= $LARGE_MEMORY_THRESHOLD_BYTES) [uint32]$script:DUMP_FILE_SIZE_LARGE_MIB = 131072 # 128 GiB # RAM threshold (in bytes) above which the large dump file size is used [uint64]$script:LARGE_MEMORY_THRESHOLD_BYTES = 768GB # Disk space reserve percentage for dedicated dump file validation [double]$script:DUMP_DISK_RESERVE_PERCENT = 0.1 # 10% # --- Page File Settings --- # Minimum fixed page file size in MiB [uint32]$script:PAGE_FILE_MINIMUM_SIZE_MIB = 4096 # 4 GiB # --- Cluster Performance Log Collection --- # Minimum free disk space (in MiB) required before starting log collection [uint32]$script:LOG_COLLECTION_MIN_DISK_MIB = 10240 # 10 GiB # Disk space reserve percentage for log collection [double]$script:LOG_COLLECTION_DISK_RESERVE_PERCENT = 0.05 # 5% # --- DNS Settings --- # Maximum number of DNS resolution retry attempts [int]$script:DNS_MAX_RETRIES = 3 # Base delay in seconds for exponential backoff between DNS retries [int]$script:DNS_RETRY_BASE_DELAY_SEC = 1 # --- HTTP / Layer 7 Settings --- # Maximum number of HTTP redirect hops before giving up [int]$script:HTTP_MAX_REDIRECTS = 10 # Initial timeout in seconds for Invoke-WebRequest connectivity tests. Picked to # accommodate slow links and proxy paths where some Azure data-plane endpoints # (notably guestnotificationservice.azure.com/urls/allowlist) take longer than # 60 s to assemble a response. [int]$script:HTTP_TIMEOUT_INITIAL_SEC = 90 # Extended timeout (seconds) used for a single retry when an endpoint returns # 'The operation has timed out.' on the first attempt. Each endpoint gets at # most one retry; there is no per-run budget cap, so a customer with a slow # link will still get every endpoint retried fairly. [int]$script:HTTP_TIMEOUT_RETRY_SEC = 120 # Certificate-capture timeout in ticks (15 seconds = 150,000,000 ticks) # Intentionally shorter than the connectivity timeout (90 seconds) to limit impact of unresponsive backend pool servers [long]$script:CERT_CAPTURE_TIMEOUT_TICKS = 150000000 # --- Network Ports --- # Well-known ports used for protocol inference [int]$script:PORT_HTTP = 80 [int]$script:PORT_HTTPS = 443 [int]$script:PORT_HTTPS_ALT1 = 8084 [int]$script:PORT_HTTPS_ALT2 = 8443 [int]$script:PORT_NTP = 123 # --- Animation / UI --- # Spinner animation frame interval in milliseconds [int]$script:ANIMATION_FRAME_MS = 125 # Maximum time (in seconds) to wait for a background job before giving up [int]$script:JOB_ANIMATION_TIMEOUT_SEC = 600 # 10 minutes # --- SSL Inspection Detection --- # Known trusted root CA thumbprints for Microsoft services. # Used by Test-AzStackHciSSLInspection to verify the certificate chain # is not being intercepted by an SSL inspection appliance. # These are the root CAs that Microsoft and its CDN partners use. [string[]]$script:TRUSTED_ROOT_CA_THUMBPRINTS = @( # DigiCert Global Root G2 'DF3C24F9BFD666761B268073FE06D1CC8D4F82A4', # DigiCert Global Root CA 'A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436', # Baltimore CyberTrust Root 'D4DE20D05E66FC53FE1A50882C78DB2852CAE474', # Microsoft RSA Root Certificate Authority 2017 '73A5E64A3BFF8316FF0EDCCC618A906E4EAE4D74', # Microsoft ECC Root Certificate Authority 2017 '999A64C37FF47D9FAB95F14769891460EEC4C3C5' ) # Expected certificate issuer organization strings (for string-based fallback check) [string[]]$script:EXPECTED_CERT_ISSUERS = @( 'O=Microsoft Corporation', 'O=DigiCert Inc' ) # --- CRL / OCSP Revocation Check Classification --- # X509Chain / Test-Certificate status tokens that indicate the chain is TRUSTED but the # revocation check (CRL / OCSP) could not be completed because the relevant endpoint is # unreachable from this host. These cases are NOT SSL inspection — they indicate an # egress/firewall issue to the CA's revocation infrastructure. [string[]]$script:CERT_CHAIN_STATUS_REVOCATION_OFFLINE = @( 'RevocationStatusUnknown', 'OfflineRevocation', 'CERT_TRUST_REVOCATION_STATUS_UNKNOWN', 'CERT_TRUST_IS_OFFLINE_REVOCATION' ) # X.509 extension OIDs used to extract CRL Distribution Points and OCSP responder URLs. [string]$script:CRL_DP_OID = '2.5.29.31' # CRL Distribution Points [string]$script:AIA_OID = '1.3.6.1.5.5.7.1.1' # Authority Information Access (OCSP) # Cap how many revocation-dependency rows we append per leaf certificate. # 1 CRL + 1 OCSP is sufficient to catch real-world path-based proxy blocking without # bloating the result table for certs that list 4+ distribution points. [int]$script:CRL_MAX_DP_PER_CERT = 1 [int]$script:CRL_MAX_OCSP_PER_CERT = 1 # --- Critical Arc Service Private Link Endpoints --- # Endpoints that MUST NOT resolve to RFC1918 addresses (Arc Private Link Scopes not supported for Azure Local) # Reference: https://learn.microsoft.com/en-us/azure/azure-local/concepts/firewall-requirements [string[]]$script:PRIVATE_LINK_CRITICAL_ENDPOINTS = @( 'gbl.his.arc.azure.com', '*.his.arc.azure.com', '*.guestconfiguration.azure.com', '*.dp.kubernetesconfiguration.azure.com' ) # --- PaaS Services Supporting Private Link --- # Endpoints that CAN use Private Link but must be added to proxy bypass/exception list when a proxy is in use. # Traffic to these must route via ExpressRoute or Site-to-Site VPN to reach private endpoints. [string[]]$script:PRIVATE_LINK_PROXY_BYPASS_ENDPOINTS = @( '*.vault.azure.net', '*.vaultcore.azure.net', '*.blob.core.windows.net', '*.azurecr.io', '*.database.windows.net', '*.siterecovery.windowsazure.com', '*.backup.windowsazure.com', '*.servicebus.windows.net' ) # --- Azure Region Endpoint URLs --- # GitHub raw URLs for downloading region-specific required endpoint lists. # Used by Test-AzureLocalConnectivity to fetch the latest endpoint definitions. [hashtable]$script:REGION_ENDPOINT_URLS = @{ "EastUS" = "https://raw.githubusercontent.com/Azure/AzureStack-Tools/master/HCI/EastUSendpoints/eastus-hci-endpoints.md" "WestEurope" = "https://raw.githubusercontent.com/Azure/AzureStack-Tools/master/HCI/WestEuropeendpoints/westeurope-hci-endpoints.md" "AustraliaEast" = "https://raw.githubusercontent.com/Azure/AzureStack-Tools/master/HCI/AustraliaEastendpoints/AustraliaEast-hci-endpoints.md" "CanadaCentral" = "https://raw.githubusercontent.com/Azure/AzureStack-Tools/master/HCI/CanadaCentralEndpoints/canadacentral-hci-endpoints.md" "CentralIndia" = "https://raw.githubusercontent.com/Azure/AzureStack-Tools/refs/heads/master/HCI/IndiaCentralEndpoints/IndiaCentral-hci-endpoints.md" "JapanEast" = "https://raw.githubusercontent.com/Azure/AzureStack-Tools/refs/heads/master/HCI/JapanEastEndpoints/japaneast-hci-endpoints.md" "SouthCentral" = "https://raw.githubusercontent.com/Azure/AzureStack-Tools/refs/heads/master/HCI/SouthCentralUSEndpoints/southcentralus-hci-endpoints.md" "SouthEastAsia" = "https://raw.githubusercontent.com/Azure/AzureStack-Tools/refs/heads/master/HCI/SouthEastAsiaEndpoints/southeastasia-hci-endpoints.md" "USGovVirginia" = "https://raw.githubusercontent.com/Azure/AzureStack-Tools/refs/heads/master/HCI/usgovvirginia-hci-endpoints/usgovvirginia-hci-endpoints.md" } # --- OEM SBE Endpoint URLs --- # GitHub raw URLs for hardware OEM Solution Builder Extension (SBE) endpoint lists. # Used by Get-HardwareOEMUrlContent to fetch OEM-specific required endpoints. [hashtable]$script:OEM_ENDPOINT_URLS = @{ "DataOn" = "https://raw.githubusercontent.com/Azure/AzureStack-Tools/refs/heads/master/HCI/OEMEndpoints/DataOn/DataOnAzureLocalEndpoints.md" "Dell" = "https://raw.githubusercontent.com/Azure/AzureStack-Tools/refs/heads/master/HCI/OEMEndpoints/Dell/DellAzureLocalEndpoints.md" "HPE" = "https://raw.githubusercontent.com/Azure/AzureStack-Tools/refs/heads/master/HCI/OEMEndpoints/HPE/HPEAzureLocalEndpoints.md" "Hitachi" = "https://raw.githubusercontent.com/Azure/AzureStack-Tools/refs/heads/master/HCI/OEMEndpoints/Hitachi/HitachiAzureLocalEndpoints.md" "Lenovo" = "https://raw.githubusercontent.com/Azure/AzureStack-Tools/refs/heads/master/HCI/OEMEndpoints/Lenovo/LenovoAzureLocalEndpoints.md" } # --- Manually Defined Wildcard Subdomains --- # Static list of known subdomains used to validate connectivity for wildcard endpoints. # Defined here so the total count is available before the main testing loop for unified progress tracking. $script:MANUAL_SUBDOMAINS = @( @{ Wildcard = "*.blob.core.windows.net"; Subdomains = @("mystorageaccount.blob.core.windows.net","eus2azreplstore214.blob.core.windows.net") }, @{ Wildcard = "*.download.windowsupdate.com"; Subdomains = @("1a.au.download.windowsupdate.com") }, @{ Wildcard = "*.update.microsoft.com"; Subdomains = @("fe2.update.microsoft.com") }, @{ Wildcard = "*.windowsupdate.com"; Subdomains = @("ctldl.windowsupdate.com") }, @{ Wildcard = "*.endpoint.security.microsoft.com"; Subdomains = @("edr-neu3.eu.endpoint.security.microsoft.com") }, @{ Wildcard = "*.prod.hot.ingest.monitor.core.windows.net"; Subdomains = @("prod5.prod.hot.ingest.monitor.core.windows.net") }, @{ Wildcard = "*.servicebus.windows.net"; Subdomains = @("azgn-southcentralus-public-1p-sn-vazr0002.servicebus.windows.net") } ) # Pre-calculated total subdomain count for progress tracking [int]$script:MANUAL_SUBDOMAIN_COUNT = ($script:MANUAL_SUBDOMAINS | ForEach-Object { $_.Subdomains.Count } | Measure-Object -Sum).Sum # --- Module State Initialization --- # Central initialization of all module-scoped state variables. # This makes the shared surface explicit and enables clean reset between runs. function Initialize-ModuleState { <# .SYNOPSIS Resets all module-scoped state variables to their default values. .DESCRIPTION Called during module load and can be called between test runs to ensure clean state. All $script: variables used for cross-function communication are initialized here. #> $script:SilentMode = $false $script:Proxy = $null [System.Collections.ArrayList]$script:Results = @() [System.Collections.ArrayList]$script:RedirectedResults = @() $script:SSLInspectionDetected = $false [System.Collections.ArrayList]$script:SSLInspectedURLs = @() # Endpoints whose certificate chain is TRUSTED but whose CRL/OCSP revocation check # could not be completed (CRL/OCSP endpoint unreachable). Tracked separately from # SSLInspectedURLs so the summary output differentiates the two failure modes. [System.Collections.ArrayList]$script:CRLOfflineURLs = @() $script:PrivateLinkDetected = $false $script:PrivateLinkDetectedArray = @() $script:PrivateLinkCriticalArray = @() $script:PrivateLinkProxyBypassArray = @() $script:PrivateLinkCriticalEndpoints = $script:PRIVATE_LINK_CRITICAL_ENDPOINTS $script:PrivateLinkProxyBypassEndpoints = $script:PRIVATE_LINK_PROXY_BYPASS_ENDPOINTS $script:DedicatedDumpFileSize = 0 $script:MinimumRequiredDiskSpace = 0 $script:PageFileAutoManaged = $false $script:PageFileConfiguration = $null $script:PageFileAllocatedBaseSize = 0 $script:PageFileCurrentUsage = 0 $script:PageFilePeakUsage = 0 $script:CurrentDumpFile = $null $script:CurrentSettings = $null $script:DateFormatted = $null $script:OutputFolderPath = $null $script:OutputFile = $null $script:OutputFileExtension = $null $script:CsvFile = $null $script:TranscriptFile = $null $script:UpdatedKeyVaultURL = $null $script:UpdatedArcGatewayURL = $null $script:HardwareOEM = $null $script:PreArcGatewayRemoval = $null $script:job = $null } # Initialize state on module load Initialize-ModuleState # SIG # Begin signature block # MIInSQYJKoZIhvcNAQcCoIInOjCCJzYCAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCAF2wAWMU7MPuwg # lo0g4vxl6gtK14LwtrllHEf+wEN1nKCCDLowggX1MIID3aADAgECAhMzAAACHU0Z # yE7XD1dIAAAAAAIdMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNVBAYTAlVTMR4wHAYD # VQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBD # b2RlIFNpZ25pbmcgUENBIDIwMjQwHhcNMjYwNDE2MTg1OTQzWhcNMjcwNDE1MTg1 # OTQzWjB0MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UE # BxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYD # VQQDExVNaWNyb3NvZnQgQ29ycG9yYXRpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IB # DwAwggEKAoIBAQDQvewXxx9gZZFC6Ys1WBay8BJ8kGA4JQnH5CMafqOASlTpK9H8 # o5ZXTXt0caVQTNMUPt445wXYD+dFtaKWTwDn1I52oUSrC9vJin1Gsqt+zyKJL5Dg # 3eQXbQNR61DmMy20GLTIO3SFed9Rfi/ophgCLGFLDR3r0KvHjwMb/jYWS0celV/4 # Lz27LfAekm8v9E5IXaeiXbAUYZKK090n4CVl3JBtbN+9DtI9SNu/yjvozW52/u7R # X/Ttpa/KDlpuokZ+Zcbvmtd9ur9gFLvZzh41o9MsE/clQtdaFWGvuo6Jua/ntpgk # ey3E5/vBFe+MJPG6phdnuo6r57ZudCudiI1bAgMBAAGjggGbMIIBlzAOBgNVHQ8B # Af8EBAMCB4AwHwYDVR0lBBgwFgYKKwYBBAGCN0wIAQYIKwYBBQUHAwMwHQYDVR0O # BBYEFH6QuMwqcPG0hQlQ6c5jCtTTLrVeMEUGA1UdEQQ+MDykOjA4MR4wHAYDVQQL # ExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xFjAUBgNVBAUTDTIzMDAxMis1MDc1NTkw # HwYDVR0jBBgwFoAUf1k/VCHarU/vBeXmo9ctBpQSCDEwYAYDVR0fBFkwVzBVoFOg # UYZPaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jcmwvTWljcm9zb2Z0 # JTIwQ29kZSUyMFNpZ25pbmclMjBQQ0ElMjAyMDI0LmNybDBtBggrBgEFBQcBAQRh # MF8wXQYIKwYBBQUHMAKGUWh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMv # Y2VydHMvTWljcm9zb2Z0JTIwQ29kZSUyMFNpZ25pbmclMjBQQ0ElMjAyMDI0LmNy # dDAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBCwUAA4ICAQBKTbYOjzwTG/DXGaz9 # s6+fQeaTtDcFmMY+5UyVFCyj7Pv+5i37qfX8lSL/tBIfYQfWsMuBQlfZurJD6r4H # VJ2CeH+1fgiq8dcHdVKoZ3Sa2qXoX3cq9iS8cVb06B7+5/XJ7I0OxHH9fDsvJ3T3 # w5V/ZtAIFmLrl+P0CtG+92uzRsn0nTbdFjOkLMLWPLAU3THohKRlSEMgFJpPkm5n # 5UAZ35xX6FWCrDLsSKb555bTifwa8mJBwdlof0bmfYidH+dxZ1FdDxvLnNl9zeKs # A4kejaaIqqIPguhwAti5Ql7BlTNoJNwxCvBmqW2MQLnCkYN/VVUsR3V2x/rcTNzo # Bf/Z/SpROvdaA2ZOOd1uioXJt3tdLQ7vHpqpib0KfWr/FWXW10q38VxfCnRQBqzb # SuztR7nEMuzX7Ck+B/XaPDXd1qh72+QYyB0Z2VzWmO9zsnb9Uq/dwu8LGeQqnyu6 # 7SDGACvnXii2fb9+US492VTnXSnFKyqwgzUyFMtZK1/sHYTv6bG4TtQUygQxTN+Z # V+aJIlKO2MqZ7bKrAnOzS9m6NgoTdWOq11bTOZwKlIEV/EhV9SWkDmdpR/hPPT2v # 6TEj4F8PT/zHjRezIU5c/DGlt/VhY/pK0XkJtEyMmmS1BMtjU/rqBZVMIm3dnxQs # /TBByr+Cf8Z1r7aifQVQ+WSqzjCCBr0wggSloAMCAQICEzMAAAA5O7Y3Gb8GHWcA # AAAAADkwDQYJKoZIhvcNAQEMBQAwgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpX # YXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQg # Q29ycG9yYXRpb24xMjAwBgNVBAMTKU1pY3Jvc29mdCBSb290IENlcnRpZmljYXRl # IEF1dGhvcml0eSAyMDExMB4XDTI0MDgwODIwNTQxOFoXDTM2MDMyMjIyMTMwNFow # VzELMAkGA1UEBhMCVVMxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEo # MCYGA1UEAxMfTWljcm9zb2Z0IENvZGUgU2lnbmluZyBQQ0EgMjAyNDCCAiIwDQYJ # KoZIhvcNAQEBBQADggIPADCCAgoCggIBANgBnB7jOMeqlRYHNa265v4IY9fH8TKh # emHfPINe1gpLaV3dhg324WwH06LcHbpnsBukCDNitryo0dtS/EW6I/yEL/bLSY8h # KpbfQuWusBPr9qazYcDxCW/qnjb5JsI1s8bNOg3bVATvQVL4tcf03aTycsz8QeCd # M0l/yHRObJ9QqazM1r6VPEOJ7LL+uEEb73w6QCuhs89a1uv1zerOYMnsneRRwCbp # yW11IcggU0cRKDDq1pjVJzIbIF6+oiXXbReOsgeI8zu1FyQfK0fVkaya8SmVHQ/t # Of23mZ4W9k0Ri22QW9p3UgSC5OUDktKxxcCmGL6tXLfOGSWHIIV4YrTJTT6PNty5 # REojHJuZHArkF9VnHTERWoTjAzfI3kP+5b4alUdhgAZ7ttOu1bVnXfHaqPYl2rPs # 20ji03LOVWsh/radgE17es5hL+t6lV0eVHrVhsssROWJuz2MXMCt7iw7lFPG9LXK # Gjsmonn2gotGdHIuEg5JnJMJVmixd5LRlkmgYRZKzhxSCwyoGIq0PhaA7Y+VPct5 # pCHkijcIIDm0nlkK+0KyepolcqGm0T/GYQRMhHJlGOOmVQop36wUVUYklUy++vDW # eEgEo4s7hxN6mIbf2MSIQ/iIfMZgJxC69oukMUXCrOC3SkE/xIkgpfl22MM1itkZ # 35nNXkMolU1lAgMBAAGjggFOMIIBSjAOBgNVHQ8BAf8EBAMCAYYwEAYJKwYBBAGC # NxUBBAMCAQAwHQYDVR0OBBYEFH9ZP1Qh2q1P7wXl5qPXLQaUEggxMBkGCSsGAQQB # gjcUAgQMHgoAUwB1AGIAQwBBMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAU # ci06AjGQQ7kUBU7h6qfHMdEjiTQwWgYDVR0fBFMwUTBPoE2gS4ZJaHR0cDovL2Ny # bC5taWNyb3NvZnQuY29tL3BraS9jcmwvcHJvZHVjdHMvTWljUm9vQ2VyQXV0MjAx # MV8yMDExXzAzXzIyLmNybDBeBggrBgEFBQcBAQRSMFAwTgYIKwYBBQUHMAKGQmh0 # dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvY2VydHMvTWljUm9vQ2VyQXV0MjAx # MV8yMDExXzAzXzIyLmNydDANBgkqhkiG9w0BAQwFAAOCAgEAFJQfOChP7onn6fLI # MKrSlN1WYKwDFgAddymOUO3FrM8d7B/W/iQ6DxXsDn7D5W4wMwYeLystcEqfkjz4 # NURRgazyMu5yRzQh4LqjA4tStTcJh1opExo7nn5PuPBYnbu0+THSuVHTe0VTTPVh # ily/piFrDo3axQ9P4C+Ol5yet+2gTfekICS5xS+cYfSIvgn0JksVBVMYVI5QFu/q # hnLhsEFEUzG8fvv0hjgkO+lkpV9ty6GkN4vdnd7ya6Q6aR9y34aiM1qmxaxBi6OU # nyNl6fkuun/diTFnYDLTppOkr/mg5WSfCiDVMNCxtj4wPKC5OmHm1DQIt/MNokbb # H3UGsFP1QbzsLocuSqLCvH09Io3fDPTmscR9Y75G4qX7RTX8AdBPo0I6OEojf39z # uFZt0qOHm65YWQE69cZM2ueE1MB05dNNgHK9gTE7zKvK/fg8B2qjW88MT/WF5V5u # vZGtqa9FSL2RazArA+rDPuf6JGYz4HpgMZHB4S6szWSKYBv0VisCzfxgeU+dquXW # 9bd0auYlOB58DPcOYKdc3Se94g+xL4pcEhbB54JOgAkwYTu/9dLeH2pDqeJZAABV # DWRQCaXfO5LgyKwKCLYXpigrZYCjUSBcr+Ve8PFWMhVTQl0v4q8J/AUmQN5W4n10 # 1cY2L4A7GTQG1h32HHAvfQESWP0xghnlMIIZ4QIBATBuMFcxCzAJBgNVBAYTAlVT # MR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jv # c29mdCBDb2RlIFNpZ25pbmcgUENBIDIwMjQCEzMAAAIdTRnITtcPV0gAAAAAAh0w # DQYJYIZIAWUDBAIBBQCgga4wGQYJKoZIhvcNAQkDMQwGCisGAQQBgjcCAQQwHAYK # KwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkEMSIEIMnaGNk3 # KTL9iS+QnA8YyFI65tSrnu5wOk/BelzxYBqBMEIGCisGAQQBgjcCAQwxNDAyoBSA # EgBNAGkAYwByAG8AcwBvAGYAdKEagBhodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20w # DQYJKoZIhvcNAQEBBQAEggEAzjgOQxnOvMCymGrUcFhm88IpSNtWq30R0eLgjEfx # 3+sBcExSMvmxviXVG+RZgyCxWbiKLhb9cK3h56bcuqn09M6VJGd+/sMd8uEFI70Q # Ic5nFXhMf8uWDWood/akchv6aFk951R9IcpZbPd21ww8ni1kyrNiFNZnuNG4M3S9 # CQD9O3+HZYHryhpOv/RdCmYDs/gUWs3BPHfAIOOPZ1YrsmQb/uxGaVaISK7/LdAm # +J27ztfHxjk/ZInKds7b16APCL75w6CJHdjaddbrFcXcLDWIRZBYa1EA5aj63DJM # efc932mUYcsuQfX7xb2gXQUav+wE2usvNI6W68IQW7Q6AKGCF5cwgheTBgorBgEE # AYI3AwMBMYIXgzCCF38GCSqGSIb3DQEHAqCCF3AwghdsAgEDMQ8wDQYJYIZIAWUD # BAIBBQAwggFSBgsqhkiG9w0BCRABBKCCAUEEggE9MIIBOQIBAQYKKwYBBAGEWQoD # ATAxMA0GCWCGSAFlAwQCAQUABCAjcT28gN4fyMJZEthzK3jwId2r+/664cVdyik6 # e1YONQIGaeewiSGaGBMyMDI2MDQyODIxNTI1My44NzlaMASAAgH0oIHRpIHOMIHL # MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVk # bW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSUwIwYDVQQLExxN # aWNyb3NvZnQgQW1lcmljYSBPcGVyYXRpb25zMScwJQYDVQQLEx5uU2hpZWxkIFRT # UyBFU046ODkwMC0wNUUwLUQ5NDcxJTAjBgNVBAMTHE1pY3Jvc29mdCBUaW1lLVN0 # YW1wIFNlcnZpY2WgghHtMIIHIDCCBQigAwIBAgITMwAAAiJB0vaq/8i1/wABAAAC # IjANBgkqhkiG9w0BAQsFADB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGlu # Z3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBv # cmF0aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMDAe # Fw0yNjAyMTkxOTM5NTZaFw0yNzA1MTcxOTM5NTZaMIHLMQswCQYDVQQGEwJVUzET # MBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMV # TWljcm9zb2Z0IENvcnBvcmF0aW9uMSUwIwYDVQQLExxNaWNyb3NvZnQgQW1lcmlj # YSBPcGVyYXRpb25zMScwJQYDVQQLEx5uU2hpZWxkIFRTUyBFU046ODkwMC0wNUUw # LUQ5NDcxJTAjBgNVBAMTHE1pY3Jvc29mdCBUaW1lLVN0YW1wIFNlcnZpY2UwggIi # MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC1ueKJukIuUsAAJo/AY5DZRqH7 # bhgv7CWGNlEdbRGoITrdE6Wsn57NaNu1BTdjBbFcv7Rfixte0x+HRvXSqsD+WeSX # /6/y9wE0Mz+xRPTGIY20K7aQDa68OyzVyUeUCypyZC/gW/3ytO/ZOnU9H2ri77kJ # P8ABrqyy1UxX/OseEgvHsj8yikWT0ARtrjWbXMHFzSOo5hQcfUmMXKqWWz6+N0+U # ynhGy1n+doW4WZgpH8Y5W7hpSokWj1M/Lu4wi3o6Dz9vVWukcgUFGjLAl4YZpOha # h7HuiC/alXImMQf8C3A8q/6/1hFoeIZB4UGkywxB/OSTOSsL6+39pDqzM7CgOpf4 # V799kN94yM9uXJI5T/SiA5MdIZIhEW0+bh85RqDh5YW3/oav54RPxw5OPlH64QV6 # KJkl0FIElMVoLNo8UWRQcMD179x7WASjC6LsaNZ7yK0qcESIsL1wiQmdfQBxcqrF # CpIQfnmQFkOp9IyXUWqza8tmpz8E6aXg9b1eiAT3PVTgrOlPi/hYZCfPxX/6jGty # Pjy1CiwOmJamohmSU//COAenfRT2G2HMRUpCX1zs+AmDmdQM1XRab4YSALLAlDzG # CsgI77nnuJjoXAliJmv7NfrvWAcA5KqCUOWQ6kSPt5r28MfKXWJJpSXtFeS/MkDz # Jy/iJRVyHcFy/B+MtwIDAQABo4IBSTCCAUUwHQYDVR0OBBYEFFkHwGoDJ5ZbEEiu # 8KstiusqaozQMB8GA1UdIwQYMBaAFJ+nFV0AXmJdg/Tl0mWnG1M1GelyMF8GA1Ud # HwRYMFYwVKBSoFCGTmh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMvY3Js # L01pY3Jvc29mdCUyMFRpbWUtU3RhbXAlMjBQQ0ElMjAyMDEwKDEpLmNybDBsBggr # BgEFBQcBAQRgMF4wXAYIKwYBBQUHMAKGUGh0dHA6Ly93d3cubWljcm9zb2Z0LmNv # bS9wa2lvcHMvY2VydHMvTWljcm9zb2Z0JTIwVGltZS1TdGFtcCUyMFBDQSUyMDIw # MTAoMSkuY3J0MAwGA1UdEwEB/wQCMAAwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwgw # DgYDVR0PAQH/BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4ICAQBiAM+nqrpwG29txSXv # 42o+CsTe2C4boaRfFju9JaWkLTHwq7pknNONL3n+UG3x/B083EKXiFYrAmul7BTH # CGXU63/xRsZ2wj3ZmR0A4d9nf9saCJVm4juPVFBai/oktOOYH2j+1+zM70woN5on # gB/pvy7X8AfY6JB4XPvb80Qz7fY5eddbnwjzg1sZhUPFbbcweWeACINrzqFK62mM # eXKmhtufMraoogJeJXfWY3x4/pbubgENT3+pXT65203CPF9kfdKE7GKAIRYy3xkB # TDvFd8dufjOpCn38nK6qMlVtnBjDhWQG0PM3E/oxBs5UBrI6pBYkmIHtbjifDquH # T+ThaVV7xHc6InoSc3aNzX49JHUgQmuvDdMjLkbYXeA0/1q5IxSg2U+ycZBOvAi3 # udZPKhA5VzODjf/ucu/vFtXrYcRkmGKN3jujaK3/yMZi2Ju5NEL3ISWorwp7RjeZ # g+JMIK0fosuVj+YCm5r64LH/D9QJDAj+XfZaNeFdv90K5A0QRRGP/poB9yTIVjEX # j/uJzp8L4Dd44sAquqDOiHdkLgxfK8nPqpCSWPZ9G+RCPm85o9cAfxENtrSuOwcp # yKzxsRCYCL+PK4+98orit9EVJ/LLoCeG+jLlj0KaD4Qy6sZe4rWMr1brQLosTBZN # wFnXxNjInCWBd0i7is1yTS/4qTCCB3EwggVZoAMCAQICEzMAAAAVxedrngKbSZkA # AAAAABUwDQYJKoZIhvcNAQELBQAwgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpX # YXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQg # Q29ycG9yYXRpb24xMjAwBgNVBAMTKU1pY3Jvc29mdCBSb290IENlcnRpZmljYXRl # IEF1dGhvcml0eSAyMDEwMB4XDTIxMDkzMDE4MjIyNVoXDTMwMDkzMDE4MzIyNVow # fDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1Jl # ZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMd # TWljcm9zb2Z0IFRpbWUtU3RhbXAgUENBIDIwMTAwggIiMA0GCSqGSIb3DQEBAQUA # A4ICDwAwggIKAoICAQDk4aZM57RyIQt5osvXJHm9DtWC0/3unAcH0qlsTnXIyjVX # 9gF/bErg4r25PhdgM/9cT8dm95VTcVrifkpa/rg2Z4VGIwy1jRPPdzLAEBjoYH1q # UoNEt6aORmsHFPPFdvWGUNzBRMhxXFExN6AKOG6N7dcP2CZTfDlhAnrEqv1yaa8d # q6z2Nr41JmTamDu6GnszrYBbfowQHJ1S/rboYiXcag/PXfT+jlPP1uyFVk3v3byN # pOORj7I5LFGc6XBpDco2LXCOMcg1KL3jtIckw+DJj361VI/c+gVVmG1oO5pGve2k # rnopN6zL64NF50ZuyjLVwIYwXE8s4mKyzbnijYjklqwBSru+cakXW2dg3viSkR4d # Pf0gz3N9QZpGdc3EXzTdEonW/aUgfX782Z5F37ZyL9t9X4C626p+Nuw2TPYrbqgS # Uei/BQOj0XOmTTd0lBw0gg/wEPK3Rxjtp+iZfD9M269ewvPV2HM9Q07BMzlMjgK8 # QmguEOqEUUbi0b1qGFphAXPKZ6Je1yh2AuIzGHLXpyDwwvoSCtdjbwzJNmSLW6Cm # gyFdXzB0kZSU2LlQ+QuJYfM2BjUYhEfb3BvR/bLUHMVr9lxSUV0S2yW6r1AFemzF # ER1y7435UsSFF5PAPBXbGjfHCBUYP3irRbb1Hode2o+eFnJpxq57t7c+auIurQID # AQABo4IB3TCCAdkwEgYJKwYBBAGCNxUBBAUCAwEAATAjBgkrBgEEAYI3FQIEFgQU # KqdS/mTEmr6CkTxGNSnPEP8vBO4wHQYDVR0OBBYEFJ+nFV0AXmJdg/Tl0mWnG1M1 # GelyMFwGA1UdIARVMFMwUQYMKwYBBAGCN0yDfQEBMEEwPwYIKwYBBQUHAgEWM2h0 # dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMvRG9jcy9SZXBvc2l0b3J5Lmh0 # bTATBgNVHSUEDDAKBggrBgEFBQcDCDAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMA # QTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBTV9lbL # j+iiXGJo0T2UkFvXzpoYxDBWBgNVHR8ETzBNMEugSaBHhkVodHRwOi8vY3JsLm1p # Y3Jvc29mdC5jb20vcGtpL2NybC9wcm9kdWN0cy9NaWNSb29DZXJBdXRfMjAxMC0w # Ni0yMy5jcmwwWgYIKwYBBQUHAQEETjBMMEoGCCsGAQUFBzAChj5odHRwOi8vd3d3 # Lm1pY3Jvc29mdC5jb20vcGtpL2NlcnRzL01pY1Jvb0NlckF1dF8yMDEwLTA2LTIz # LmNydDANBgkqhkiG9w0BAQsFAAOCAgEAnVV9/Cqt4SwfZwExJFvhnnJL/Klv6lwU # tj5OR2R4sQaTlz0xM7U518JxNj/aZGx80HU5bbsPMeTCj/ts0aGUGCLu6WZnOlNN # 3Zi6th542DYunKmCVgADsAW+iehp4LoJ7nvfam++Kctu2D9IdQHZGN5tggz1bSNU # 5HhTdSRXud2f8449xvNo32X2pFaq95W2KFUn0CS9QKC/GbYSEhFdPSfgQJY4rPf5 # KYnDvBewVIVCs/wMnosZiefwC2qBwoEZQhlSdYo2wh3DYXMuLGt7bj8sCXgU6ZGy # qVvfSaN0DLzskYDSPeZKPmY7T7uG+jIa2Zb0j/aRAfbOxnT99kxybxCrdTDFNLB6 # 2FD+CljdQDzHVG2dY3RILLFORy3BFARxv2T5JL5zbcqOCb2zAVdJVGTZc9d/HltE # AY5aGZFrDZ+kKNxnGSgkujhLmm77IVRrakURR6nxt67I6IleT53S0Ex2tVdUCbFp # AUR+fKFhbHP+CrvsQWY9af3LwUFJfn6Tvsv4O+S3Fb+0zj6lMVGEvL8CwYKiexcd # FYmNcP7ntdAoGokLjzbaukz5m/8K6TT4JDVnK+ANuOaMmdbhIurwJ0I9JZTmdHRb # atGePu1+oDEzfbzL6Xu/OHBE0ZDxyKs6ijoIYn/ZcGNTTY3ugm2lBRDBcQZqELQd # VTNYs6FwZvKhggNQMIICOAIBATCB+aGB0aSBzjCByzELMAkGA1UEBhMCVVMxEzAR # BgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1p # Y3Jvc29mdCBDb3Jwb3JhdGlvbjElMCMGA1UECxMcTWljcm9zb2Z0IEFtZXJpY2Eg # T3BlcmF0aW9uczEnMCUGA1UECxMeblNoaWVsZCBUU1MgRVNOOjg5MDAtMDVFMC1E # OTQ3MSUwIwYDVQQDExxNaWNyb3NvZnQgVGltZS1TdGFtcCBTZXJ2aWNloiMKAQEw # BwYFKw4DAhoDFQC7ycXVZx3bsDpJkr7VucgpksozuKCBgzCBgKR+MHwxCzAJBgNV # BAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4w # HAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMTHU1pY3Jvc29m # dCBUaW1lLVN0YW1wIFBDQSAyMDEwMA0GCSqGSIb3DQEBCwUAAgUA7ZtobzAiGA8y # MDI2MDQyODE3MTAwN1oYDzIwMjYwNDI5MTcxMDA3WjB3MD0GCisGAQQBhFkKBAEx # LzAtMAoCBQDtm2hvAgEAMAoCAQACAgvBAgH/MAcCAQACAhIHMAoCBQDtnLnvAgEA # MDYGCisGAQQBhFkKBAIxKDAmMAwGCisGAQQBhFkKAwKgCjAIAgEAAgMHoSChCjAI # AgEAAgMBhqAwDQYJKoZIhvcNAQELBQADggEBAJqZhPIEV89Q5PmFIaVBnsMRCsnB # W1gfghArDpvbfRpfW43JwcFV0xxM5cjm/+K3bJB2DLXlHEOn1fCKqr9s1HDErjSF # W80bpeBE2XxXVym8fjgHRmav2WEGlX6eGUo5rQiR+LG5Mzb8Ys5cpjF/475mcBUU # FJdN/VM3OfyW4jw5Oy8Oq6QKdkv/A1m0H/X/tg1+zkKBRryRKSkMa564ckvpD7TH # DghpYGvqwvxwLCmBEDIgfG2oosiCUqtIsf2sbZryYikfVDknXKUdbdQfIE//w+IL # //CUzIg+3WrC3Gkcc+9htjs9mJWE73XS1nRf7JrssfeU6OS+pfPYeSfSc8kxggQN # MIIECQIBATCBkzB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQ # MA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9u # MSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMAITMwAAAiJB # 0vaq/8i1/wABAAACIjANBglghkgBZQMEAgEFAKCCAUowGgYJKoZIhvcNAQkDMQ0G # CyqGSIb3DQEJEAEEMC8GCSqGSIb3DQEJBDEiBCA/mGuWlDPTWTCwekR8UQA8Q3Jg # o/uwfQNV0KZrHHjv8TCB+gYLKoZIhvcNAQkQAi8xgeowgecwgeQwgb0EIAVgXQEK # BOfGgjNskmDOmbcEIOnHGNwA+QcRufDR5AkTMIGYMIGApH4wfDELMAkGA1UEBhMC # VVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNV # BAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRp # bWUtU3RhbXAgUENBIDIwMTACEzMAAAIiQdL2qv/Itf8AAQAAAiIwIgQgOXqPkNNP # EN+eHSsJfgdoFTQ4/ZKw1VQ4iHgsWsdek7wwDQYJKoZIhvcNAQELBQAEggIAFuCW # qFPASHBo/9ggLW1DNdk1eZb8noMQ+StLZNKSOK4MttMr/zWpH1WR6WjSrFfO5lnG # OlgSz7S9rZDBBoGyAFGKbHqCOnMTVa2Y+tkkkgrnr4Bv6p51yS+uPIYhgJyevoWM # +9gS81DDFFrNxZ7+zsKxIe1N1+73kyISKz3zCheKvk6W9b8GEzjS4YHAZVeVi5UW # RBi9mVVrgo2S0HcimOJ5ofW0xM4dG/SXHkB5UJn81zSBiBcSZbJDjU6iQQ3I2s3d # p+mxbWa7/Uck4L34hz6unHJubFL7ke7a8b+iQ0G0r9zXp/NBaTySu+lSHshvRIdG # YVV9AfOgiR1QDumK+/O/P4T7Gxk9/D8j9qOadfZ++WI+Ylw5Wvf9bxYiB2sTQ8zM # IvKlVvIu87KN/mwPsLJRJ6XlfPamBMD75OLH6L3ZvAoGMMQebC0mk1jL9wNagvsL # 7prvZCR+bV5MMDp6iki7c+vFMeN3Utx7LhTll+C7MFXh6n2oAnjw5IYczMxUxE/P # rw3Tbx/5wSZ5ZyfefW+vSP+lEM0DN55qv+zk6eBwbtguKv4xshfklzExTKn8Uj5G # zJ6G8NiiV+tp/TSiRh8Pnl4n8hG/xLNHDwlCU+EFIzybHVhjSQ91q2ZKkBTgqJI4 # jNi+BogqeG4zv5wlOVJceQeZZijESVx01QoanJI= # SIG # End signature block |