Obs/bin/ObsDep/content/Powershell/Roles/Common/JeaHelper.psm1
|
<###################################################
# # # Copyright (c) Microsoft. All rights reserved. # # # ##################################################> Import-Module -Name "$PSScriptRoot\..\Common\RoleHelpers.psm1" Import-Module -Name "$PSScriptRoot\..\..\Common\Helpers.psm1" Import-LocalizedData LocalizedData -Filename JEA.Strings.psd1 -ErrorAction SilentlyContinue Import-LocalizedData CommonLocalizedData -BaseDirectory "$PSScriptRoot\..\Common" -Filename Roles.Strings.psd1 -ErrorAction SilentlyContinue <# .SYNOPSIS Generate JEA role capabilities for JEA endpoint. Used by both JEA role and JustEnoughAdministrationDSC #> function Get-RoleCapabilityParams { Param ( [Parameter(Mandatory = $true)] [ValidateNotNull()] [System.Xml.XmlLinkedNode] $Whitelist ) Trace-ECEScript "Generate JEA role capabilities for JEA endpoint." { $RoleCapabilityParams = @{ Author = "AzureStack" CompanyName = "Microsoft" } if ($Whitelist.ModulesToImport -and $Whitelist.ModulesToImport.HasChildNodes) { $modules = @() $Whitelist.ModulesToImport.ChildNodes | ? Name -ne '#comment' | % { $module = $_.Name if ($_.Version -or $_.Guid) { $module = @{} $module.Add('ModuleName',$_.Name) if ($_.Version) { $module.Add('ModuleVersion', $_.Version) } if ($_.Guid) { $module.Add('GUID', $_.Guid) } } $modules += $module } if ($modules.Count -gt 0) { $RoleCapabilityParams['ModulesToImport'] = $modules } } if ($Whitelist.VisibleAliases -and $Whitelist.VisibleAliases.HasChildNodes) { $aliases = @() $Whitelist.VisibleAliases.ChildNodes | ? Name -ne '#comment' | % { $aliases += $_.Value } if ($aliases.Count -gt 0) { $RoleCapabilityParams['VisibleAliases'] = $aliases } } if ($Whitelist.VisibleCmdlets -and $Whitelist.VisibleCmdlets.HasChildNodes) { $cmdlets = @() $Whitelist.VisibleCmdlets.ChildNodes | ? Name -ne '#comment' | % { $cmdlet = $_.Name if ($_.Parameter) { $cmdlet = @{} $cmdlet.Add('Name',$_.Name) $p = @{Name=$_.Parameter.Name} if($_.Parameter.ValidateSet) { $p['ValidateSet'] = $_.Parameter.ValidateSet} if($_.Parameter.ValidatePattern) { $p['ValidatePattern'] = $_.Parameter.ValidatePattern} $cmdlet.Add('Parameters',$p) } $cmdlets += $cmdlet } if ($cmdlets.Count -gt 0) { $RoleCapabilityParams['VisibleCmdlets'] = $cmdlets } } if ($Whitelist.VisibleFunctions -and $Whitelist.VisibleFunctions.HasChildNodes) { $functions = @() $Whitelist.VisibleFunctions.ChildNodes | ? Name -ne '#comment' | % { $function = $_.Name if ($_.Parameter) { $function = @{} $function.Add('Name',$_.Name) $p = @{Name=$_.Parameter.Name} if($_.Parameter.ValidateSet) { $p['ValidateSet'] = $_.Parameter.ValidateSet} if($_.Parameter.ValidatePattern) { $p['ValidatePattern'] = $_.Parameter.ValidatePattern} $function.Add('Parameters',$p) } $functions += $function } if ($functions.Count -gt 0) { $RoleCapabilityParams['VisibleFunctions'] = $functions } } if ($Whitelist.VisibleExternalCommands -and $Whitelist.VisibleExternalCommands.HasChildNodes) { $extcmds = @() $Whitelist.VisibleExternalCommands.ChildNodes | ? Name -ne '#comment' | % { $extcmds += $_.Value } if ($extcmds.Count -gt 0) { $RoleCapabilityParams['VisibleExternalCommands'] = $extcmds } } if ($Whitelist.VisibleProviders -and $Whitelist.VisibleProviders.HasChildNodes) { $providers = @() $Whitelist.VisibleProviders.ChildNodes | ? Name -ne '#comment' | % { $providers += $_.Value } if ($providers.Count -gt 0) { $RoleCapabilityParams['VisibleProviders'] = $providers } } if ($Whitelist.AliasDefinitions -and $Whitelist.AliasDefinitions.HasChildNodes) { $aliases = @() $Whitelist.AliasDefinitions.ChildNodes | ? Name -ne '#comment' | % { $aliases += @{Name=$_.Name; Value=$_.Value} } if ($aliases.Count -gt 0) { $RoleCapabilityParams['AliasDefinitions'] = $aliases } } if ($Whitelist.FunctionDefinitions -and $Whitelist.FunctionDefinitions.HasChildNodes) { $functions = @() $Whitelist.FunctionDefinitions.ChildNodes | ? Name -ne '#comment' | % { $functions += @{Name=$_.Name; ScriptBlock=[ScriptBlock]::Create($_.ScriptBlock)} } if ($functions.Count -gt 0) { $RoleCapabilityParams['FunctionDefinitions'] = $functions } } if ($Whitelist.VariableDefinitions -and $Whitelist.VariableDefinitions.HasChildNodes) { $variables = @() $Whitelist.VariableDefinitions.ChildNodes | ? Name -ne '#comment' | % { $variables += @{Name=$_.Name; Value=$_.Value} } if ($variables.Count -gt 0) { $RoleCapabilityParams['VariableDefinitions'] = $variables } } if ($Whitelist.EnvironmentVariables -and $Whitelist.EnvironmentVariables.HasChildNodes) { $variables = @{} $Whitelist.EnvironmentVariables.ChildNodes | ? Name -ne '#comment' | % { $variables += @{$_.Name=$_.Value} } if ($variables.Count -gt 0) { $RoleCapabilityParams['EnvironmentVariables'] = $variables } } if ($Whitelist.AssembliesToLoad -and $Whitelist.AssembliesToLoad.HasChildNodes) { $assemblies = @() $Whitelist.AssembliesToLoad.ChildNodes | ? Name -ne '#comment' | % { $assemblies += $_.Value } if ($assemblies.Count -gt 0) { $RoleCapabilityParams['AssembliesToLoad'] = $assemblies } } } if ($Whitelist.ScriptsToProcess -and $Whitelist.ScriptsToProcess.HasChildNodes) { $scripts = @() $Whitelist.ScriptsToProcess.ChildNodes | ? Name -ne '#comment' | % { $scripts += $_.Value } if ($scripts.Count -gt 0) { $RoleCapabilityParams['ScriptsToProcess'] = $scripts } } return $RoleCapabilityParams } <# .SYNOPSIS Generate session configuration for JEA endpoint. Used by both JEA role and JustEnoughAdministrationDSC #> function Get-SessionConfigurationParams { [CmdletBinding()] Param ( [Parameter(Mandatory = $true)] [ValidateNotNull()] [System.Xml.XmlLinkedNode] $SessionConfig, [Parameter(Mandatory = $true, ParameterSetName = "common")] [ValidateNotNullOrEmpty()] [string] $RunAsAccountUser, [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] [string] $EndpointName, [Parameter(Mandatory = $true, ParameterSetName = "common")] [ValidateNotNull()] [Boolean] $RunAsGmsa, [Parameter(Mandatory = $true, ParameterSetName = "runasvirtual")] [ValidateNotNull()] [Boolean] $RunAsVirtualAccount, [Parameter(Mandatory = $true, ParameterSetName = "runaspassthrough")] [ValidateNotNull()] [Boolean] $RunAsPassThroughCredential, [Parameter(Mandatory = $false)] [ValidateNotNullOrEmpty()] [string] $AdminUser, [Parameter(Mandatory = $false)] [string] $versionExtension ) Trace-ECEScript "Generate session configuration for JEA endpoint." { $SessionConfigParams = @{ Author = "AzureStack" SessionType = "RestrictedRemoteServer" } # JEA Over-The-Shoulder Transcript if ($SessionConfig.EnableTranscript -and ($sessionConfig.EnableTranscript.Value -eq "True")) { $SessionConfigParams['TranscriptDirectory'] = "$env:ProgramData\JEAConfiguration\Transcripts\$EndpointName" } if ($SessionConfig.SessionType) { $SessionConfigParams['SessionType'] = $SessionConfig.SessionType.Value } if ($SessionConfig.LanguageMode) { $SessionConfigParams['LanguageMode'] = $SessionConfig.LanguageMode.Value } # Security Group Mapping if ($SessionConfig.SecurityGroup) { $RoleDefinition = @{} $SessionConfig.SecurityGroup | % { $RoleCapability = @{} $_.Whitelist | ? Name -ne '#comment' | % { if (-not $versionExtension) { $RoleCapability.Add("RoleCapabilities",$_.Value) } else { $RoleCapability.Add("RoleCapabilities",$_.Value + $versionExtension) } } $RoleDefinition.Add($_.Name, $RoleCapability) } # Always handle RunAsGmsa first if ($RunAsGmsa) { $SessionConfigParams['GroupManagedServiceAccount'] = $RunAsAccountUser } elseif ($RunAsVirtualAccount) { $SessionConfigParams['RunAsVirtualAccount'] = $RunAsVirtualAccount } $SessionConfigParams['RoleDefinitions'] = $RoleDefinition } } return $SessionConfigParams } <# .SYNOPSIS If multiple roles share the same node, they can each define their own JEA endpoints. If a node is specified, ensure that we pick up all other roles that live on this node and configure their JEA endpoints as well. #> function Get-RolesWithSharedNode ($Parameters, $NodeName) { Trace-ECEScript "Get roles with shared node" { $roles = @() $Parameters.Roles.Keys | % { $nodeNames = @( $Parameters.Roles.$_.PublicConfiguration.Nodes.Node.Name ) if ($nodeNames -contains $NodeName) { $roles += $_ } } } return $roles } Export-ModuleMember -Function Get-RoleCapabilityParams Export-ModuleMember -Function Get-SessionConfigurationParams Export-ModuleMember -Function Get-RolesWithSharedNode # SIG # Begin signature block # MIIn0QYJKoZIhvcNAQcCoIInwjCCJ74CAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCB5MoLJ71n16Fn+ # gAmc9PTwzyxYepqlaH12C20B+strA6CCDYUwggYDMIID66ADAgECAhMzAAADri01 # UchTj1UdAAAAAAOuMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMRMwEQYD # VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNpZ25p # bmcgUENBIDIwMTEwHhcNMjMxMTE2MTkwODU5WhcNMjQxMTE0MTkwODU5WjB0MQsw # CQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9u # ZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYDVQQDExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB # AQD0IPymNjfDEKg+YyE6SjDvJwKW1+pieqTjAY0CnOHZ1Nj5irGjNZPMlQ4HfxXG # yAVCZcEWE4x2sZgam872R1s0+TAelOtbqFmoW4suJHAYoTHhkznNVKpscm5fZ899 # QnReZv5WtWwbD8HAFXbPPStW2JKCqPcZ54Y6wbuWV9bKtKPImqbkMcTejTgEAj82 # 6GQc6/Th66Koka8cUIvz59e/IP04DGrh9wkq2jIFvQ8EDegw1B4KyJTIs76+hmpV # M5SwBZjRs3liOQrierkNVo11WuujB3kBf2CbPoP9MlOyyezqkMIbTRj4OHeKlamd # WaSFhwHLJRIQpfc8sLwOSIBBAgMBAAGjggGCMIIBfjAfBgNVHSUEGDAWBgorBgEE # AYI3TAgBBggrBgEFBQcDAzAdBgNVHQ4EFgQUhx/vdKmXhwc4WiWXbsf0I53h8T8w # VAYDVR0RBE0wS6RJMEcxLTArBgNVBAsTJE1pY3Jvc29mdCBJcmVsYW5kIE9wZXJh # dGlvbnMgTGltaXRlZDEWMBQGA1UEBRMNMjMwMDEyKzUwMTgzNjAfBgNVHSMEGDAW # gBRIbmTlUAXTgqoXNzcitW2oynUClTBUBgNVHR8ETTBLMEmgR6BFhkNodHRwOi8v # d3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NybC9NaWNDb2RTaWdQQ0EyMDExXzIw # MTEtMDctMDguY3JsMGEGCCsGAQUFBwEBBFUwUzBRBggrBgEFBQcwAoZFaHR0cDov # L3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNDb2RTaWdQQ0EyMDEx # XzIwMTEtMDctMDguY3J0MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIB # AGrJYDUS7s8o0yNprGXRXuAnRcHKxSjFmW4wclcUTYsQZkhnbMwthWM6cAYb/h2W # 5GNKtlmj/y/CThe3y/o0EH2h+jwfU/9eJ0fK1ZO/2WD0xi777qU+a7l8KjMPdwjY # 0tk9bYEGEZfYPRHy1AGPQVuZlG4i5ymJDsMrcIcqV8pxzsw/yk/O4y/nlOjHz4oV # APU0br5t9tgD8E08GSDi3I6H57Ftod9w26h0MlQiOr10Xqhr5iPLS7SlQwj8HW37 # ybqsmjQpKhmWul6xiXSNGGm36GarHy4Q1egYlxhlUnk3ZKSr3QtWIo1GGL03hT57 # xzjL25fKiZQX/q+II8nuG5M0Qmjvl6Egltr4hZ3e3FQRzRHfLoNPq3ELpxbWdH8t # Nuj0j/x9Crnfwbki8n57mJKI5JVWRWTSLmbTcDDLkTZlJLg9V1BIJwXGY3i2kR9i # 5HsADL8YlW0gMWVSlKB1eiSlK6LmFi0rVH16dde+j5T/EaQtFz6qngN7d1lvO7uk # 6rtX+MLKG4LDRsQgBTi6sIYiKntMjoYFHMPvI/OMUip5ljtLitVbkFGfagSqmbxK # 7rJMhC8wiTzHanBg1Rrbff1niBbnFbbV4UDmYumjs1FIpFCazk6AADXxoKCo5TsO # zSHqr9gHgGYQC2hMyX9MGLIpowYCURx3L7kUiGbOiMwaMIIHejCCBWKgAwIBAgIK # YQ6Q0gAAAAAAAzANBgkqhkiG9w0BAQsFADCBiDELMAkGA1UEBhMCVVMxEzARBgNV # BAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jv # c29mdCBDb3Jwb3JhdGlvbjEyMDAGA1UEAxMpTWljcm9zb2Z0IFJvb3QgQ2VydGlm # aWNhdGUgQXV0aG9yaXR5IDIwMTEwHhcNMTEwNzA4MjA1OTA5WhcNMjYwNzA4MjEw # OTA5WjB+MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UE # BxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSgwJgYD # VQQDEx9NaWNyb3NvZnQgQ29kZSBTaWduaW5nIFBDQSAyMDExMIICIjANBgkqhkiG # 9w0BAQEFAAOCAg8AMIICCgKCAgEAq/D6chAcLq3YbqqCEE00uvK2WCGfQhsqa+la # UKq4BjgaBEm6f8MMHt03a8YS2AvwOMKZBrDIOdUBFDFC04kNeWSHfpRgJGyvnkmc # 6Whe0t+bU7IKLMOv2akrrnoJr9eWWcpgGgXpZnboMlImEi/nqwhQz7NEt13YxC4D # dato88tt8zpcoRb0RrrgOGSsbmQ1eKagYw8t00CT+OPeBw3VXHmlSSnnDb6gE3e+ # lD3v++MrWhAfTVYoonpy4BI6t0le2O3tQ5GD2Xuye4Yb2T6xjF3oiU+EGvKhL1nk # kDstrjNYxbc+/jLTswM9sbKvkjh+0p2ALPVOVpEhNSXDOW5kf1O6nA+tGSOEy/S6 # A4aN91/w0FK/jJSHvMAhdCVfGCi2zCcoOCWYOUo2z3yxkq4cI6epZuxhH2rhKEmd # X4jiJV3TIUs+UsS1Vz8kA/DRelsv1SPjcF0PUUZ3s/gA4bysAoJf28AVs70b1FVL # 5zmhD+kjSbwYuER8ReTBw3J64HLnJN+/RpnF78IcV9uDjexNSTCnq47f7Fufr/zd # sGbiwZeBe+3W7UvnSSmnEyimp31ngOaKYnhfsi+E11ecXL93KCjx7W3DKI8sj0A3 # T8HhhUSJxAlMxdSlQy90lfdu+HggWCwTXWCVmj5PM4TasIgX3p5O9JawvEagbJjS # 4NaIjAsCAwEAAaOCAe0wggHpMBAGCSsGAQQBgjcVAQQDAgEAMB0GA1UdDgQWBBRI # bmTlUAXTgqoXNzcitW2oynUClTAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTAL # BgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBRyLToCMZBD # uRQFTuHqp8cx0SOJNDBaBgNVHR8EUzBRME+gTaBLhklodHRwOi8vY3JsLm1pY3Jv # c29mdC5jb20vcGtpL2NybC9wcm9kdWN0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFf # MDNfMjIuY3JsMF4GCCsGAQUFBwEBBFIwUDBOBggrBgEFBQcwAoZCaHR0cDovL3d3 # dy5taWNyb3NvZnQuY29tL3BraS9jZXJ0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFf # MDNfMjIuY3J0MIGfBgNVHSAEgZcwgZQwgZEGCSsGAQQBgjcuAzCBgzA/BggrBgEF # BQcCARYzaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9kb2NzL3ByaW1h # cnljcHMuaHRtMEAGCCsGAQUFBwICMDQeMiAdAEwAZQBnAGEAbABfAHAAbwBsAGkA # YwB5AF8AcwB0AGEAdABlAG0AZQBuAHQALiAdMA0GCSqGSIb3DQEBCwUAA4ICAQBn # 8oalmOBUeRou09h0ZyKbC5YR4WOSmUKWfdJ5DJDBZV8uLD74w3LRbYP+vj/oCso7 # v0epo/Np22O/IjWll11lhJB9i0ZQVdgMknzSGksc8zxCi1LQsP1r4z4HLimb5j0b # pdS1HXeUOeLpZMlEPXh6I/MTfaaQdION9MsmAkYqwooQu6SpBQyb7Wj6aC6VoCo/ # KmtYSWMfCWluWpiW5IP0wI/zRive/DvQvTXvbiWu5a8n7dDd8w6vmSiXmE0OPQvy # CInWH8MyGOLwxS3OW560STkKxgrCxq2u5bLZ2xWIUUVYODJxJxp/sfQn+N4sOiBp # mLJZiWhub6e3dMNABQamASooPoI/E01mC8CzTfXhj38cbxV9Rad25UAqZaPDXVJi # hsMdYzaXht/a8/jyFqGaJ+HNpZfQ7l1jQeNbB5yHPgZ3BtEGsXUfFL5hYbXw3MYb # BL7fQccOKO7eZS/sl/ahXJbYANahRr1Z85elCUtIEJmAH9AAKcWxm6U/RXceNcbS # oqKfenoi+kiVH6v7RyOA9Z74v2u3S5fi63V4GuzqN5l5GEv/1rMjaHXmr/r8i+sL # gOppO6/8MO0ETI7f33VtY5E90Z1WTk+/gFcioXgRMiF670EKsT/7qMykXcGhiJtX # cVZOSEXAQsmbdlsKgEhr/Xmfwb1tbWrJUnMTDXpQzTGCGaIwghmeAgEBMIGVMH4x # CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRt # b25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01p # Y3Jvc29mdCBDb2RlIFNpZ25pbmcgUENBIDIwMTECEzMAAAOuLTVRyFOPVR0AAAAA # A64wDQYJYIZIAWUDBAIBBQCgga4wGQYJKoZIhvcNAQkDMQwGCisGAQQBgjcCAQQw # HAYKKwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkEMSIEIMfg # Q0uPc053wM3hyzNMXYtzupz4I9qioEtn5KRQsNl0MEIGCisGAQQBgjcCAQwxNDAy # oBSAEgBNAGkAYwByAG8AcwBvAGYAdKEagBhodHRwOi8vd3d3Lm1pY3Jvc29mdC5j # b20wDQYJKoZIhvcNAQEBBQAEggEAn5PN9JH88H95QqTgg+FIiP/0ZmE0jraIazaN # wSjPCUxc8GRfqmoWisQBpW99ep34TSsfpvek2Okce/8jDwqd2xdftkKeQGlEOJD4 # hotXGVCUARP4hviIZSd2C/lzYV0VlSXq35VRcJXPG8pYbEEIOn2uWZTtB1kksT5b # 5Q5Y2VBKHc7UXEfWIm1s+2m/OVQyxbirag0dl/Am7Iko8lGA3sgUIWjC27EbfuBA # /5e7BLbC8vbYJ3V35QCiU79+lzC0yuZpB3I8XnN5wmwLAmLfbFyw1vIoMJ+MaGGU # PSMO4saZ6DrA60lPr0ixQuBBya+ND3FAO4Z5HcQrnDZB7mHa4aGCFywwghcoBgor # BgEEAYI3AwMBMYIXGDCCFxQGCSqGSIb3DQEHAqCCFwUwghcBAgEDMQ8wDQYJYIZI # AWUDBAIBBQAwggFZBgsqhkiG9w0BCRABBKCCAUgEggFEMIIBQAIBAQYKKwYBBAGE # WQoDATAxMA0GCWCGSAFlAwQCAQUABCASefB7uAF64lUuJdmQMlhx+Im1FdnXWtG3 # Gg/H+BQSMAIGZdX+rHIdGBMyMDI0MDMxMTE4MTY1My4wOTlaMASAAgH0oIHYpIHV # MIHSMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMH # UmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMS0wKwYDVQQL # EyRNaWNyb3NvZnQgSXJlbGFuZCBPcGVyYXRpb25zIExpbWl0ZWQxJjAkBgNVBAsT # HVRoYWxlcyBUU1MgRVNOOjNCRDQtNEI4MC02OUMzMSUwIwYDVQQDExxNaWNyb3Nv # ZnQgVGltZS1TdGFtcCBTZXJ2aWNloIIRezCCBycwggUPoAMCAQICEzMAAAHlj2rA # 8z20C6MAAQAAAeUwDQYJKoZIhvcNAQELBQAwfDELMAkGA1UEBhMCVVMxEzARBgNV # BAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jv # c29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAg # UENBIDIwMTAwHhcNMjMxMDEyMTkwNzM1WhcNMjUwMTEwMTkwNzM1WjCB0jELMAkG # A1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQx # HjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEtMCsGA1UECxMkTWljcm9z # b2Z0IElyZWxhbmQgT3BlcmF0aW9ucyBMaW1pdGVkMSYwJAYDVQQLEx1UaGFsZXMg # VFNTIEVTTjozQkQ0LTRCODAtNjlDMzElMCMGA1UEAxMcTWljcm9zb2Z0IFRpbWUt # U3RhbXAgU2VydmljZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKl7 # 4Drau2O6LLrJO3HyTvO9aXai//eNyP5MLWZrmUGNOJMPwMI08V9zBfRPNcucreIY # SyJHjkMIUGmuh0rPV5/2+UCLGrN1P77n9fq/mdzXMN1FzqaPHdKElKneJQ8R6cP4 # dru2Gymmt1rrGcNe800CcD6d/Ndoommkd196VqOtjZFA1XWu+GsFBeWHiez/Pllq # cM/eWntkQMs0lK0zmCfH+Bu7i1h+FDRR8F7WzUr/7M3jhVdPpAfq2zYCA8ZVLNgE # izY+vFmgx+zDuuU/GChDK7klDcCw+/gVoEuSOl5clQsydWQjJJX7Z2yV+1KC6G1J # VqpP3dpKPAP/4udNqpR5HIeb8Ta1JfjRUzSv3qSje5y9RYT/AjWNYQ7gsezuDWM/ # 8cZ11kco1JvUyOQ8x/JDkMFqSRwj1v+mc6LKKlj//dWCG/Hw9ppdlWJX6psDesQu # QR7FV7eCqV/lfajoLpPNx/9zF1dv8yXBdzmWJPeCie2XaQnrAKDqlG3zXux9tNQm # z2L96TdxnIO2OGmYxBAAZAWoKbmtYI+Ciz4CYyO0Fm5Z3T40a5d7KJuftF6CTocc # c/Up/jpFfQitLfjd71cS+cLCeoQ+q0n0IALvV+acbENouSOrjv/QtY4FIjHlI5zd # JzJnGskVJ5ozhji0YRscv1WwJFAuyyCMQvLdmPddAgMBAAGjggFJMIIBRTAdBgNV # HQ4EFgQU3/+fh7tNczEifEXlCQgFOXgMh6owHwYDVR0jBBgwFoAUn6cVXQBeYl2D # 9OXSZacbUzUZ6XIwXwYDVR0fBFgwVjBUoFKgUIZOaHR0cDovL3d3dy5taWNyb3Nv # ZnQuY29tL3BraW9wcy9jcmwvTWljcm9zb2Z0JTIwVGltZS1TdGFtcCUyMFBDQSUy # MDIwMTAoMSkuY3JsMGwGCCsGAQUFBwEBBGAwXjBcBggrBgEFBQcwAoZQaHR0cDov # L3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNyb3NvZnQlMjBUaW1l # LVN0YW1wJTIwUENBJTIwMjAxMCgxKS5jcnQwDAYDVR0TAQH/BAIwADAWBgNVHSUB # Af8EDDAKBggrBgEFBQcDCDAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQAD # ggIBADP6whOFjD1ad8GkEJ9oLBuvfjndMyGQ9R4HgBKSlPt3pa0XVLcimrJlDnKG # gFBiWwI6XOgw82hdolDiMDBLLWRMTJHWVeUY1gU4XB8OOIxBc9/Q83zb1c0RWEup # gC48I+b+2x2VNgGJUsQIyPR2PiXQhT5PyerMgag9OSodQjFwpNdGirna2rpV23EU # wFeO5+3oSX4JeCNZvgyUOzKpyMvqVaubo+Glf/psfW5tIcMjZVt0elswfq0qJNQg # oYipbaTvv7xmixUJGTbixYifTwAivPcKNdeisZmtts7OHbAM795ZvKLSEqXiRUjD # YZyeHyAysMEALbIhdXgHEh60KoZyzlBXz3VxEirE7nhucNwM2tViOlwI7EkeU5hu # dctnXCG55JuMw/wb7c71RKimZA/KXlWpmBvkJkB0BZES8OCGDd+zY/T9BnTp8si3 # 6Tql84VfpYe9iHmy7PqqxqMF2Cn4q2a0mEMnpBruDGE/gR9c8SVJ2ntkARy5Sflu # uJ/MB61yRvT1mUx3lyppO22ePjBjnwoEvVxbDjT1jhdMNdevOuDeJGzRLK9HNmTD # C+TdZQlj+VMgIm8ZeEIRNF0oaviF+QZcUZLWzWbYq6yDok8EZKFiRR5otBoGLvaY # FpxBZUE8mnLKuDlYobjrxh7lnwrxV/fMy0F9fSo2JxFmtLgtMIIHcTCCBVmgAwIB # AgITMwAAABXF52ueAptJmQAAAAAAFTANBgkqhkiG9w0BAQsFADCBiDELMAkGA1UE # BhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAc # BgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEyMDAGA1UEAxMpTWljcm9zb2Z0 # IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwMTAwHhcNMjEwOTMwMTgyMjI1 # WhcNMzAwOTMwMTgzMjI1WjB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGlu # Z3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBv # cmF0aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMDCC # AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAOThpkzntHIhC3miy9ckeb0O # 1YLT/e6cBwfSqWxOdcjKNVf2AX9sSuDivbk+F2Az/1xPx2b3lVNxWuJ+Slr+uDZn # hUYjDLWNE893MsAQGOhgfWpSg0S3po5GawcU88V29YZQ3MFEyHFcUTE3oAo4bo3t # 1w/YJlN8OWECesSq/XJprx2rrPY2vjUmZNqYO7oaezOtgFt+jBAcnVL+tuhiJdxq # D89d9P6OU8/W7IVWTe/dvI2k45GPsjksUZzpcGkNyjYtcI4xyDUoveO0hyTD4MmP # frVUj9z6BVWYbWg7mka97aSueik3rMvrg0XnRm7KMtXAhjBcTyziYrLNueKNiOSW # rAFKu75xqRdbZ2De+JKRHh09/SDPc31BmkZ1zcRfNN0Sidb9pSB9fvzZnkXftnIv # 231fgLrbqn427DZM9ituqBJR6L8FA6PRc6ZNN3SUHDSCD/AQ8rdHGO2n6Jl8P0zb # r17C89XYcz1DTsEzOUyOArxCaC4Q6oRRRuLRvWoYWmEBc8pnol7XKHYC4jMYcten # IPDC+hIK12NvDMk2ZItboKaDIV1fMHSRlJTYuVD5C4lh8zYGNRiER9vcG9H9stQc # xWv2XFJRXRLbJbqvUAV6bMURHXLvjflSxIUXk8A8FdsaN8cIFRg/eKtFtvUeh17a # j54WcmnGrnu3tz5q4i6tAgMBAAGjggHdMIIB2TASBgkrBgEEAYI3FQEEBQIDAQAB # MCMGCSsGAQQBgjcVAgQWBBQqp1L+ZMSavoKRPEY1Kc8Q/y8E7jAdBgNVHQ4EFgQU # n6cVXQBeYl2D9OXSZacbUzUZ6XIwXAYDVR0gBFUwUzBRBgwrBgEEAYI3TIN9AQEw # QTA/BggrBgEFBQcCARYzaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9E # b2NzL1JlcG9zaXRvcnkuaHRtMBMGA1UdJQQMMAoGCCsGAQUFBwMIMBkGCSsGAQQB # gjcUAgQMHgoAUwB1AGIAQwBBMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/ # MB8GA1UdIwQYMBaAFNX2VsuP6KJcYmjRPZSQW9fOmhjEMFYGA1UdHwRPME0wS6BJ # oEeGRWh0dHA6Ly9jcmwubWljcm9zb2Z0LmNvbS9wa2kvY3JsL3Byb2R1Y3RzL01p # Y1Jvb0NlckF1dF8yMDEwLTA2LTIzLmNybDBaBggrBgEFBQcBAQROMEwwSgYIKwYB # BQUHMAKGPmh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvY2VydHMvTWljUm9v # Q2VyQXV0XzIwMTAtMDYtMjMuY3J0MA0GCSqGSIb3DQEBCwUAA4ICAQCdVX38Kq3h # LB9nATEkW+Geckv8qW/qXBS2Pk5HZHixBpOXPTEztTnXwnE2P9pkbHzQdTltuw8x # 5MKP+2zRoZQYIu7pZmc6U03dmLq2HnjYNi6cqYJWAAOwBb6J6Gngugnue99qb74p # y27YP0h1AdkY3m2CDPVtI1TkeFN1JFe53Z/zjj3G82jfZfakVqr3lbYoVSfQJL1A # oL8ZthISEV09J+BAljis9/kpicO8F7BUhUKz/AyeixmJ5/ALaoHCgRlCGVJ1ijbC # HcNhcy4sa3tuPywJeBTpkbKpW99Jo3QMvOyRgNI95ko+ZjtPu4b6MhrZlvSP9pEB # 9s7GdP32THJvEKt1MMU0sHrYUP4KWN1APMdUbZ1jdEgssU5HLcEUBHG/ZPkkvnNt # yo4JvbMBV0lUZNlz138eW0QBjloZkWsNn6Qo3GcZKCS6OEuabvshVGtqRRFHqfG3 # rsjoiV5PndLQTHa1V1QJsWkBRH58oWFsc/4Ku+xBZj1p/cvBQUl+fpO+y/g75LcV # v7TOPqUxUYS8vwLBgqJ7Fx0ViY1w/ue10CgaiQuPNtq6TPmb/wrpNPgkNWcr4A24 # 5oyZ1uEi6vAnQj0llOZ0dFtq0Z4+7X6gMTN9vMvpe784cETRkPHIqzqKOghif9lw # Y1NNje6CbaUFEMFxBmoQtB1VM1izoXBm8qGCAtcwggJAAgEBMIIBAKGB2KSB1TCB # 0jELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1Jl # ZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEtMCsGA1UECxMk # TWljcm9zb2Z0IElyZWxhbmQgT3BlcmF0aW9ucyBMaW1pdGVkMSYwJAYDVQQLEx1U # aGFsZXMgVFNTIEVTTjozQkQ0LTRCODAtNjlDMzElMCMGA1UEAxMcTWljcm9zb2Z0 # IFRpbWUtU3RhbXAgU2VydmljZaIjCgEBMAcGBSsOAwIaAxUA942iGuYFrsE4wzWD # d85EpM6RiwqggYMwgYCkfjB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGlu # Z3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBv # cmF0aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMDAN # BgkqhkiG9w0BAQUFAAIFAOmZhn4wIhgPMjAyNDAzMTEyMTMyNDZaGA8yMDI0MDMx # MjIxMzI0NlowdzA9BgorBgEEAYRZCgQBMS8wLTAKAgUA6ZmGfgIBADAKAgEAAgIA # rAIB/zAHAgEAAgIRTzAKAgUA6ZrX/gIBADA2BgorBgEEAYRZCgQCMSgwJjAMBgor # BgEEAYRZCgMCoAowCAIBAAIDB6EgoQowCAIBAAIDAYagMA0GCSqGSIb3DQEBBQUA # A4GBAIgAHeCDxKLqK/XLPfgL0M+GuWTuSzdJB6qLPyzZxGCpgCB9mPiGjjOa/RVN # t/9oszm1E5qBLdvRTY8clHNH71MdmZSUs1beMMGN4tSygaTjKYB4aigZJt3KaIlk # Cfc3Z1x9lQh7Yp1wPxP018ITd68WtyNaskGHepceY+gQkhqmMYIEDTCCBAkCAQEw # gZMwfDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcT # B1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UE # AxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAgUENBIDIwMTACEzMAAAHlj2rA8z20C6MA # AQAAAeUwDQYJYIZIAWUDBAIBBQCgggFKMBoGCSqGSIb3DQEJAzENBgsqhkiG9w0B # CRABBDAvBgkqhkiG9w0BCQQxIgQgmLi6xNKg+iemzJsHGM3c4Ic1w7uEzheXFIEL # tzIStMcwgfoGCyqGSIb3DQEJEAIvMYHqMIHnMIHkMIG9BCAVqdP//qjxGFhe2Ybo # EXeb8I/pAof01CwhbxUH9U697TCBmDCBgKR+MHwxCzAJBgNVBAYTAlVTMRMwEQYD # VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMTHU1pY3Jvc29mdCBUaW1lLVN0YW1w # IFBDQSAyMDEwAhMzAAAB5Y9qwPM9tAujAAEAAAHlMCIEIHLeIT3zielfgWew98Co # TTohktJqX0b2m4aWSu4BtAuGMA0GCSqGSIb3DQEBCwUABIICAF2twDaIzczMU3J0 # CFypcTOG/vafWrZid6LNKWgFkp9DZhX464cWjUj3nIDWbQBHbwjGBH4xKB1j4azW # ic/SurQlGYx+IM1MHkC5cIt10VXZupyhdCpC1Ejpqq2YkxaGukx6gG9qdMYtfvDx # NtdPEGEcVrtB4+z+XQ8qPvZOmZq71uyhTwPldiK7bkrZZn0ik0k/2rhXyj6g5K9Y # 8F+GcUZt/kb9gx0ukogwb8w8n0yQQV3L48lyk3Fszyenz6q6j9Of6dX7Rn2b7L2e # q5iNDUG2ZkLvDDJzKy00+LjL3BkyK8QavaNliOmCkwkFIR4F8tKdKdHg5dcU1E92 # aRXGUpRKRuNwlrrHFd6Mrisfy8pCOFBUoaRhyZanavBwDhLaj+RCFyNus8oFK01L # yP36dL26sT84vcCmCGUjo5DaP+11I55BqqhxwahR1Hcsj0lWV6xa6+M75icutGe7 # Uj0aJOjhaRqLukI44OgAFtR0oV55zy8jxQ4WeOIunOBufCJHPgczBvZtDfY1amPs # nOUE8LU4Dke6uFbwBnEO81rDrt8iuO1gI9skvfVQa1wvh2K3NErn+fi8vkgS6hU1 # BDWIiqhBFcF77sSQVhbu30lcRL2c3ZCz5YzgOOFN3THjbs/uPt2A7+8ASjGHzxZ/ # X4LTVGcqfVM9z3SRfDK/X0ZYdClF # SIG # End signature block |