Public/DGateway.ps1
|
. "$PSScriptRoot/../Private/CertificateHelper.ps1" . "$PSScriptRoot/../Private/PlatformHelper.ps1" . "$PSScriptRoot/../Private/TokenHelper.ps1" $script:DGatewayConfigFileName = 'gateway.json' $script:DGatewayCertificateFileName = 'server.crt' $script:DGatewayPrivateKeyFileName = 'server.key' $script:DGatewayProvisionerPublicKeyFileName = 'provisioner.pem' $script:DGatewayProvisionerPrivateKeyFileName = 'provisioner.key' $script:DGatewayDelegationPublicKeyFileName = 'delegation.pem' $script:DGatewayDelegationPrivateKeyFileName = 'delegation.key' $script:DGatewayCustomUsersFileName = 'users.txt' function Get-DGatewayVersion { param( [Parameter(Mandatory = $true, Position = 0)] [ValidateSet('PSModule', 'Installed')] [string] $Type ) if ($Type -eq 'PSModule') { $ManifestPath = "$PSScriptRoot/../DevolutionsGateway.psd1" $Manifest = Import-PowerShellDataFile -Path $ManifestPath $DGatewayVersion = $Manifest.ModuleVersion } elseif ($Type -eq 'Installed') { if ($IsWindows) { $UninstallReg = Get-ChildItem 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' ` | ForEach-Object { Get-ItemProperty $_.PSPath } | Where-Object { $_ -Match 'Devolutions Gateway' } if ($UninstallReg) { $DGatewayVersion = '20' + $UninstallReg.DisplayVersion } } elseif ($IsMacOS) { throw 'not supported' } elseif ($IsLinux) { $PackageName = 'devolutions-gateway' $DpkgStatus = $(dpkg -s $PackageName 2>$null) $DpkgMatches = $($DpkgStatus | Select-String -AllMatches -Pattern 'version: (\S+)').Matches if ($DpkgMatches) { $VersionQuad = $DpkgMatches.Groups[1].Value $VersionTriple = $VersionQuad -Replace '^(\d+)\.(\d+)\.(\d+)\.(\d+)$', "`$1.`$2.`$3" $DGatewayVersion = $VersionTriple } } } $DGatewayVersion } class DGatewayListener { [string] $InternalUrl [string] $ExternalUrl DGatewayListener() { } DGatewayListener([string] $InternalUrl, [string] $ExternalUrl) { $this.InternalUrl = $InternalUrl $this.ExternalUrl = $ExternalUrl } } function New-DGatewayListener() { [CmdletBinding()] param( [Parameter(Mandatory = $true, Position = 0)] [string] $ListenerUrl, [Parameter(Mandatory = $true, Position = 1)] [string] $ExternalUrl ) return [DGatewayListener]::new($ListenerUrl, $ExternalUrl) } class DGatewaySubProvisionerKey { [Parameter(Mandatory)] [ValidateNotNullOrEmpty()] [string] $Id [Parameter(Mandatory)] [ValidateNotNullOrEmpty()] [string] $Value [ValidateNotNullOrEmpty()] [ValidateSet('Spki','Rsa')] [string] $Format [ValidateNotNullOrEmpty()] [ValidateSet('Multibase','Base64', 'Base64Pad', 'Base64Url', 'Base64UrlPad')] [string] $Encoding DGatewaySubProvisionerKey( [string] $Id, [string] $Value, [string] $Format = 'Spki', [string] $Encoding = 'Multibase' ) { $this.Id = $Id $this.Value = $Value $this.Format = $Format $this.Encoding = $Encoding } DGatewaySubProvisionerKey([PSCustomObject] $object) { $this.Id = $object.Id $this.Value = $object.Value $this.Format = $object.Format $this.Encoding = $object.Encoding } DGatewaySubProvisionerKey([Hashtable] $table) { $this.Id = $table.Id $this.Value = $table.Value $this.Format = $table.Format $this.Encoding = $table.Encoding } } class DGatewaySubscriber { [Parameter(Mandatory)] [ValidateNotNullOrEmpty()] [System.Uri] $Url [Parameter(Mandatory)] [ValidateNotNullOrEmpty()] [string] $Token DGatewaySubscriber( [System.Uri] $Url, [string] $Token ) { $this.Url = $Url $this.Token = $Token } DGatewaySubscriber([PSCustomObject] $object) { $this.Url = $object.Url $this.Token = $object.Token } DGatewaySubscriber([Hashtable] $table) { $this.Url = $table.Url $this.Token = $table.Token } } class DGatewayNgrokTunnel { [string] $Proto [string] $Metadata [string[]] $AllowCidrs [string[]] $DenyCidrs # HTTP tunnel [string] $Domain [System.Nullable[System.Single]] $CircuitBreaker [System.Nullable[System.Boolean]] $Compression # TCP tunnel [string] $RemoteAddr DGatewayNgrokTunnel() { } } class DGatewayNgrokConfig { [string] $AuthToken [System.Nullable[System.UInt32]] $HeartbeatInterval [System.Nullable[System.UInt32]] $HeartbeatTolerance [string] $Metadata [string] $ServerAddr [PSCustomObject] $Tunnels DGatewayNgrokConfig() { } } function New-DGatewayNgrokTunnel() { [CmdletBinding(DefaultParameterSetName = 'http')] param( [Parameter(Mandatory = $false, ParameterSetName = 'http', HelpMessage = "HTTP tunnel")] [switch] $Http, [Parameter(Mandatory = $false, ParameterSetName = 'tcp', HelpMessage = "TCP tunnel")] [switch] $Tcp, [Parameter(Mandatory = $false, HelpMessage = "User-defined metadata that appears when listing tunnel sessions with ngrok")] [string] $Metadata, [ValidateScript({ $_ -match '^((\d{1,3}\.){3}\d{1,3}\/\d{1,2}|([\dA-Fa-f]{0,4}:){2,7}[\dA-Fa-f]{0,4}\/\d{1,3})$' })] [Parameter(Mandatory = $false, HelpMessage = "Reject connections that do not match the given CIDRs")] [string[]] $AllowCidrs, [ValidateScript({ $_ -match '^((\d{1,3}\.){3}\d{1,3}\/\d{1,2}|([\dA-Fa-f]{0,4}:){2,7}[\dA-Fa-f]{0,4}\/\d{1,3})$' })] [Parameter(Mandatory = $false, HelpMessage = "Reject connections that match the given CIDRs")] [string[]] $DenyCidrs, [ValidateScript({ $_ -match '^(\*\.)?([a-zA-Z0-9](-?[a-zA-Z0-9])*\.)*[a-zA-Z]{2,}$' })] [Parameter(Mandatory = $false, ParameterSetName = 'http', HelpMessage = "Any valid domain or hostname previously registered with ngrok")] [string] $Domain, [ValidateRange(0.0, 1.0)] [Parameter(Mandatory = $false, ParameterSetName = 'http', HelpMessage = "Reject requests when 5XX responses exceed this ratio")] [System.Single] $CircuitBreaker, [Parameter(Mandatory = $false, ParameterSetName = 'http', HelpMessage = "Use gzip compression on HTTP responses")] [System.Boolean] $Compression, [ValidateScript({ $_ -match '^([a-zA-Z0-9](-?[a-zA-Z0-9])*\.)*[a-zA-Z]{2,}:\d{1,5}$' })] [Parameter(Mandatory = $false, ParameterSetName = 'tcp', HelpMessage = "The remote TCP address and port to bind. For example: remote_addr: 2.tcp.ngrok.io:21746")] [string] $RemoteAddr ) $tunnel = [DGatewayNgrokTunnel]::new() if ($Tcp) { $tunnel.Proto = "tcp" } else { $tunnel.Proto = "http" } $properties = [DGatewayNgrokTunnel].GetProperties() | ForEach-Object { $_.Name } foreach ($param in $PSBoundParameters.GetEnumerator()) { if ($properties -Contains $param.Key) { $tunnel.($param.Key) = $param.Value } } $tunnel } function New-DGatewayNgrokConfig() { [CmdletBinding()] param( [Parameter(Mandatory = $true)] [string] $AuthToken ) $ngrok = [DGatewayNgrokConfig]::new() $ngrok.AuthToken = $AuthToken $ngrok } class DGatewayWebAppConfig { [bool] $Enabled [string] $Authentication [System.Nullable[System.UInt32]] $AppTokenMaximumLifetime [System.Nullable[System.UInt32]] $LoginLimitRate [string] $UsersFile DGatewayWebAppConfig() { } } function New-DGatewayWebAppConfig() { [CmdletBinding()] param( [Parameter(Mandatory = $true)] [bool] $Enabled, [Parameter(Mandatory = $true)] [ValidateSet("None", "Custom")] [string] $Authentication ) $webapp = [DGatewayWebAppConfig]::new() $webapp.Enabled = $Enabled $webapp.Authentication = $Authentication $webapp } enum VerbosityProfile { Default Debug Tls All Quiet } class DGatewayConfig { [System.Nullable[Guid]] $Id [string] $Hostname [string] $RecordingPath [string] $TlsCertificateFile [string] $TlsPrivateKeyFile [string] $TlsPrivateKeyPassword [string] $TlsCertificateSource [string] $TlsCertificateSubjectName [string] $TlsCertificateStoreName [string] $TlsCertificateStoreLocation [string] $ProvisionerPublicKeyFile [string] $ProvisionerPrivateKeyFile [string] $DelegationPublicKeyFile [string] $DelegationPrivateKeyFile [DGatewaySubProvisionerKey] $SubProvisionerPublicKey [DGatewayListener[]] $Listeners [DGatewaySubscriber] $Subscriber [DGatewayNgrokConfig] $Ngrok [DGatewayWebAppConfig] $WebApp [string] $LogDirective [string] $VerbosityProfile } function Remove-NullObjectProperties { [CmdletBinding()] param( [Parameter(ValueFromPipeline, Mandatory)] [object[]] $InputObject ) process { foreach ($OldObj in $InputObject) { $NonNullProperties = $OldObj.PSObject.Properties | Where-Object { ($_.Value -is [Array] -and $_.Value.Count -gt 0) -or (-Not [string]::IsNullOrEmpty($_.Value)) } | Select-Object -ExpandProperty Name $NewObj = $OldObj | Select-Object $NonNullProperties $NewObj.PSObject.Properties | Where-Object { $_.TypeNameOfValue.EndsWith('PSCustomObject') } | ForEach-Object { $NewObj."$($_.Name)" = $NewObj."$($_.Name)" | Remove-NullObjectProperties } $NewObj } } } function Save-DGatewayConfig { [CmdletBinding()] param( [string] $ConfigPath, [Parameter(Mandatory = $true)] [DGatewayConfig] $Config ) $ConfigPath = Find-DGatewayConfig -ConfigPath:$ConfigPath $ConfigFile = Join-Path $ConfigPath $DGatewayConfigFileName $ConfigClean = $Config | ConvertTo-Json -Depth 4 | ConvertFrom-Json # drop class type info $ConfigData = $ConfigClean | Remove-NullObjectProperties | ConvertTo-Json -Depth 4 [System.IO.File]::WriteAllLines($ConfigFile, $ConfigData, $(New-Object System.Text.UTF8Encoding $False)) } function Set-DGatewayConfig { [CmdletBinding()] param( [string] $ConfigPath, [string] $Force, [Guid] $Id, [string] $Hostname, [string] $RecordingPath, [DGatewayListener[]] $Listeners, [DGatewaySubscriber] $Subscriber, [string] $TlsCertificateFile, [string] $TlsPrivateKeyFile, [string] $TlsPrivateKeyPassword, [ValidateSet("External", "System")] [string] $TlsCertificateSource, [string] $TlsCertificateSubjectName, [string] $TlsCertificateStoreName, [ValidateSet("CurrentUser", "LocalMachine", "CurrentService")] [string] $TlsCertificateStoreLocation, [string] $ProvisionerPublicKeyFile, [string] $ProvisionerPrivateKeyFile, [string] $DelegationPublicKeyFile, [string] $DelegationPrivateKeyFile, [DGatewaySubProvisionerKey] $SubProvisionerPublicKey, [DGatewayNgrokConfig] $Ngrok, [DGatewayWebAppConfig] $WebApp, [VerbosityProfile] $VerbosityProfile ) $ConfigPath = Find-DGatewayConfig -ConfigPath:$ConfigPath if (-Not (Test-Path -Path $ConfigPath -PathType 'Container')) { New-Item -Path $ConfigPath -ItemType 'Directory' | Out-Null } $ConfigFile = Join-Path $ConfigPath $DGatewayConfigFileName if (-Not (Test-Path -Path $ConfigFile -PathType 'Leaf')) { $config = [DGatewayConfig]::new() } else { $config = Get-DGatewayConfig -ConfigPath:$ConfigPath -NullProperties } $properties = [DGatewayConfig].GetProperties() | ForEach-Object { $_.Name } foreach ($param in $PSBoundParameters.GetEnumerator()) { if ($properties -Contains $param.Key) { $config.($param.Key) = $param.Value } } Save-DGatewayConfig -ConfigPath:$ConfigPath -Config:$Config } function Get-DGatewayConfig { [CmdletBinding()] [OutputType('DGatewayConfig')] param( [string] $ConfigPath, [switch] $NullProperties, [switch] $Expand ) $ConfigPath = Find-DGatewayConfig -ConfigPath:$ConfigPath $ConfigFile = Join-Path $ConfigPath $DGatewayConfigFileName $config = [DGatewayConfig]::new() if (-Not (Test-Path -Path $ConfigFile -PathType 'Leaf')) { if ($NullProperties) { return $config } } $ConfigData = Get-Content -Path $ConfigFile -Encoding UTF8 $json = $ConfigData | ConvertFrom-Json [DGatewayConfig].GetProperties() | ForEach-Object { $Name = $_.Name if ($json.PSObject.Properties[$Name]) { $Property = $json.PSObject.Properties[$Name] $Value = $Property.Value $config.$Name = $Value } } if ($Expand) { Expand-DGatewayConfig $config } if (-Not $NullProperties) { $Properties = $Config.PSObject.Properties.Name $NonNullProperties = $Properties.Where( { -Not [string]::IsNullOrEmpty($Config.$_) }) $Config = $Config | Select-Object $NonNullProperties } return $config } function Expand-DGatewayConfig { param( [DGatewayConfig] $Config ) } function Find-DGatewayConfig { [CmdletBinding()] param( [string] $ConfigPath ) if (-Not $ConfigPath) { $CurrentPath = Get-Location $ConfigFile = Join-Path $CurrentPath $DGatewayConfigFileName if (Test-Path -Path $ConfigFile -PathType 'Leaf') { $ConfigPath = $CurrentPath } } if (-Not $ConfigPath) { $ConfigPath = Get-DGatewayPath } if ($Env:DGATEWAY_CONFIG_PATH) { $ConfigPath = $Env:DGATEWAY_CONFIG_PATH } return $ConfigPath } function Enter-DGatewayConfig { [CmdletBinding()] param( [string] $ConfigPath, [switch] $ChangeDirectory ) if ($ConfigPath) { $ConfigPath = Resolve-Path $ConfigPath $Env:DGATEWAY_CONFIG_PATH = $ConfigPath } $ConfigPath = Find-DGatewayConfig -ConfigPath:$ConfigPath if ($ChangeDirectory) { Set-Location $ConfigPath } } function Exit-DGatewayConfig { Remove-Item Env:DGATEWAY_CONFIG_PATH } function Get-DGatewayPath() { [CmdletBinding()] param( [Parameter(Position = 0)] [ValidateSet('ConfigPath')] [string] $PathType = 'ConfigPath' ) $DisplayName = 'Gateway' $CompanyName = 'Devolutions' if ($IsWindows) { $ConfigPath = $Env:ProgramData + "\${CompanyName}\${DisplayName}" } elseif ($IsMacOS) { $ConfigPath = "/Library/Application Support/${CompanyName} ${DisplayName}" } elseif ($IsLinux) { $ConfigPath = '/etc/devolutions-gateway' } switch ($PathType) { 'ConfigPath' { $ConfigPath } default { throw("Invalid path type: $PathType") } } } function Get-DGatewayRecordingPath { [CmdletBinding()] param( [string] $ConfigPath ) $ConfigPath = Find-DGatewayConfig -ConfigPath:$ConfigPath $Config = Get-DGatewayConfig -ConfigPath:$ConfigPath -NullProperties $RecordingPath = $Config.RecordingPath if ([string]::IsNullOrEmpty($RecordingPath)) { $RecordingPath = Join-Path $ConfigPath "recordings" } $RecordingPath } function Set-DGatewayRecordingPath { [CmdletBinding()] param( [string] $ConfigPath, [Parameter(Mandatory = $true, Position = 0)] [string] $RecordingPath ) $Config = Get-DGatewayConfig -ConfigPath:$ConfigPath -NullProperties $Config.RecordingPath = $RecordingPath Save-DGatewayConfig -ConfigPath:$ConfigPath -Config:$Config } function Reset-DGatewayRecordingPath { [CmdletBinding()] param( [string] $ConfigPath ) $Config = Get-DGatewayConfig -ConfigPath:$ConfigPath -NullProperties $Config.RecordingPath = $null Save-DGatewayConfig -ConfigPath:$ConfigPath -Config:$Config } function Get-DGatewayHostname { [CmdletBinding()] param( [string] $ConfigPath ) $(Get-DGatewayConfig -ConfigPath:$ConfigPath -NullProperties).Hostname } function Set-DGatewayHostname { [CmdletBinding()] param( [string] $ConfigPath, [Parameter(Mandatory = $true, Position = 0)] [string] $Hostname ) $Config = Get-DGatewayConfig -ConfigPath:$ConfigPath -NullProperties $Config.Hostname = $Hostname Save-DGatewayConfig -ConfigPath:$ConfigPath -Config:$Config } function Get-DGatewayListeners { [CmdletBinding()] [OutputType('DGatewayListener[]')] param( [string] $ConfigPath ) $ConfigPath = Find-DGatewayConfig -ConfigPath:$ConfigPath $Config = Get-DGatewayConfig -ConfigPath:$ConfigPath -NullProperties $Config.Listeners } function Set-DGatewayListeners { [CmdletBinding()] param( [string] $ConfigPath, [Parameter(Mandatory = $true, Position = 0)] [AllowEmptyCollection()] [DGatewayListener[]] $Listeners ) $ConfigPath = Find-DGatewayConfig -ConfigPath:$ConfigPath $Config = Get-DGatewayConfig -ConfigPath:$ConfigPath -NullProperties $Config.Listeners = $Listeners Save-DGatewayConfig -ConfigPath:$ConfigPath -Config:$Config } function New-DGatewayCertificate { [CmdletBinding()] param( [string] $ConfigPath, [string] $Hostname, [switch] $Force ) if (-Not $IsWindows) { throw "unsupported platform" } $ConfigPath = Find-DGatewayConfig -ConfigPath:$ConfigPath $Config = Get-DGatewayConfig -ConfigPath:$ConfigPath -NullProperties if ([string]::IsNullOrEmpty($Hostname)) { $Hostname = $Config.Hostname } if ([string]::IsNullOrEmpty($Hostname)) { $Hostname = [System.Environment]::MachineName } Set-DGatewayHostname -ConfigPath:$ConfigPath $Hostname $Password = "cert123!" # dummy password (it's just a self-signed certificate) $SecurePassword = ConvertTo-SecureString -String $Password -Force -AsPlainText # Create a self-signed certificate for the specified hostname and export to a .pfx file $NotBefore = Get-Date $ExtendedKeyUsage = "2.5.29.37={text}1.3.6.1.5.5.7.3.1" $Params = @{ DnsName = $Hostname CertStoreLocation = "cert:\CurrentUser\My" KeyExportPolicy = "Exportable" KeyAlgorithm = "RSA" KeyLength = 2048 HashAlgorithm = 'SHA256' TextExtension = @($ExtendedKeyUsage) KeyUsageProperty = "All" KeyUsage = 'CertSign', 'DigitalSignature', 'KeyEncipherment' NotBefore = $NotBefore.AddHours(-1) NotAfter = $NotBefore.AddYears(5) } $Certificate = New-SelfSignedCertificate @Params $PfxCertificateFile = Join-Path ([System.IO.Path]::GetTempPath()) "gateway-$Hostname.pfx" Export-PfxCertificate -Cert $Certificate -FilePath $PfxCertificateFile -Password $securePassword | Out-Null Remove-Item -Path ("cert:\CurrentUser\My\" + $Certificate.Thumbprint) | Out-Null Import-DGatewayCertificate -ConfigPath:$ConfigPath -CertificateFile $PfxCertificateFile -Password $Password Remove-Item $PfxCertificateFile | Out-Null # remove temporary .pfx file } function Import-DGatewayCertificate { [CmdletBinding()] param( [string] $ConfigPath, [string] $CertificateFile, [string] $PrivateKeyFile, [string] $Password ) $ConfigPath = Find-DGatewayConfig -ConfigPath:$ConfigPath $Config = Get-DGatewayConfig -ConfigPath:$ConfigPath -NullProperties $result = Get-PemCertificate -CertificateFile:$CertificateFile ` -PrivateKeyFile:$PrivateKeyFile -Password:$Password $CertificateData = $result.Certificate $PrivateKeyData = $result.PrivateKey New-Item -Path $ConfigPath -ItemType 'Directory' -Force | Out-Null $CertificateFile = Join-Path $ConfigPath $DGatewayCertificateFileName $PrivateKeyFile = Join-Path $ConfigPath $DGatewayPrivateKeyFileName Set-Content -Path $CertificateFile -Value $CertificateData -Force Set-Content -Path $PrivateKeyFile -Value $PrivateKeyData -Force $Config.TlsCertificateFile = $DGatewayCertificateFileName $Config.TlsPrivateKeyFile = $DGatewayPrivateKeyFileName Save-DGatewayConfig -ConfigPath:$ConfigPath -Config:$Config } function New-DGatewayProvisionerKeyPair { [CmdletBinding()] param( [string] $ConfigPath, [int] $KeySize = 2048, [switch] $Force ) $ConfigPath = Find-DGatewayConfig -ConfigPath:$ConfigPath $Config = Get-DGatewayConfig -ConfigPath:$ConfigPath -NullProperties if (-Not (Test-Path -Path $ConfigPath)) { New-Item -Path $ConfigPath -ItemType 'Directory' -Force | Out-Null } $PublicKeyFile = Join-Path $ConfigPath $DGatewayProvisionerPublicKeyFileName $PrivateKeyFile = Join-Path $ConfigPath $DGatewayProvisionerPrivateKeyFileName if ((Test-Path -Path $PublicKeyFile) -Or (Test-Path -Path $PrivateKeyFile)) { if (-Not $Force) { throw "$PublicKeyFile or $PrivateKeyFile already exists, use -Force to overwrite" } Remove-Item $PublicKeyFile -Force | Out-Null Remove-Item $PrivateKeyFile -Force | Out-Null } $KeyPair = New-RsaKeyPair -KeySize:$KeySize $PublicKeyData = $KeyPair.PublicKey $Config.ProvisionerPublicKeyFile = $DGatewayProvisionerPublicKeyFileName Set-Content -Path $PublicKeyFile -Value $PublicKeyData -Force $PrivateKeyData = $KeyPair.PrivateKey $Config.ProvisionerPrivateKeyFile = $DGatewayProvisionerPrivateKeyFileName Set-Content -Path $PrivateKeyFile -Value $PrivateKeyData -Force Save-DGatewayConfig -ConfigPath:$ConfigPath -Config:$Config } function Import-DGatewayProvisionerKey { [CmdletBinding()] param( [string] $ConfigPath, [string] $PublicKeyFile, [string] $PrivateKeyFile ) $ConfigPath = Find-DGatewayConfig -ConfigPath:$ConfigPath $Config = Get-DGatewayConfig -ConfigPath:$ConfigPath -NullProperties if ($PublicKeyFile) { if (-Not (Test-Path -Path $PublicKeyFile)) { throw "$PublicKeyFile doesn't exist" } $PublicKeyData = Get-Content -Path $PublicKeyFile -Encoding UTF8 if (!$PublicKeyData) { throw "$PublicKeyFile appears to be empty" } $OutputFile = Join-Path $ConfigPath $DGatewayProvisionerPublicKeyFileName $Config.ProvisionerPublicKeyFile = $DGatewayProvisionerPublicKeyFileName New-Item -Path $ConfigPath -ItemType 'Directory' -Force | Out-Null Set-Content -Path $OutputFile -Value $PublicKeyData -Force } if ($PrivateKeyFile) { if (-Not (Test-Path -Path $PrivateKeyFile)) { throw "$PrivateKeyFile doesn't exist" } $PrivateKeyData = Get-Content -Path $PrivateKeyFile -Encoding UTF8 if (!$PrivateKeyData) { throw "$PrivateKeyFile appears to be empty" } $OutputFile = Join-Path $ConfigPath $DGatewayProvisionerPrivateKeyFileName $Config.ProvisionerPrivateKeyFile = $DGatewayProvisionerPrivateKeyFileName New-Item -Path $ConfigPath -ItemType 'Directory' -Force | Out-Null Set-Content -Path $OutputFile -Value $PrivateKeyData -Force } Save-DGatewayConfig -ConfigPath:$ConfigPath -Config:$Config } function New-DGatewayDelegationKeyPair { [CmdletBinding()] param( [string] $ConfigPath, [int] $KeySize = 2048, [switch] $Force ) $ConfigPath = Find-DGatewayConfig -ConfigPath:$ConfigPath $Config = Get-DGatewayConfig -ConfigPath:$ConfigPath -NullProperties if (-Not (Test-Path -Path $ConfigPath)) { New-Item -Path $ConfigPath -ItemType 'Directory' -Force | Out-Null } $PublicKeyFile = Join-Path $ConfigPath $DGatewayDelegationPublicKeyFileName $PrivateKeyFile = Join-Path $ConfigPath $DGatewayDelegationPrivateKeyFileName if ((Test-Path -Path $PublicKeyFile) -Or (Test-Path -Path $PrivateKeyFile)) { if (-Not $Force) { throw "$PublicKeyFile or $PrivateKeyFile already exists, use -Force to overwrite" } Remove-Item $PublicKeyFile -Force | Out-Null Remove-Item $PrivateKeyFile -Force | Out-Null } $KeyPair = New-RsaKeyPair -KeySize:$KeySize $PublicKeyData = $KeyPair.PublicKey $Config.DelegationPublicKeyFile = $DGatewayDelegationPublicKeyFileName Set-Content -Path $PublicKeyFile -Value $PublicKeyData -Force $PrivateKeyData = $KeyPair.PrivateKey $Config.DelegationPrivateKeyFile = $DGatewayDelegationPrivateKeyFileName Set-Content -Path $PrivateKeyFile -Value $PrivateKeyData -Force Save-DGatewayConfig -ConfigPath:$ConfigPath -Config:$Config } function Import-DGatewayDelegationKey { [CmdletBinding()] param( [string] $ConfigPath, [string] $PublicKeyFile, [string] $PrivateKeyFile ) $ConfigPath = Find-DGatewayConfig -ConfigPath:$ConfigPath $Config = Get-DGatewayConfig -ConfigPath:$ConfigPath -NullProperties if ($PublicKeyFile) { $PublicKeyData = Get-Content -Path $PublicKeyFile -Encoding UTF8 $OutputFile = Join-Path $ConfigPath $DGatewayDelegationPublicKeyFileName $Config.DelegationPublicKeyFile = $DGatewayDelegationPublicKeyFileName New-Item -Path $ConfigPath -ItemType 'Directory' -Force | Out-Null Set-Content -Path $OutputFile -Value $PublicKeyData -Force } if ($PrivateKeyFile) { $PrivateKeyData = Get-Content -Path $PrivateKeyFile -Encoding UTF8 $OutputFile = Join-Path $ConfigPath $DGatewayDelegationPrivateKeyFileName $Config.DelegationPrivateKeyFile = $DGatewayDelegationPrivateKeyFileName New-Item -Path $ConfigPath -ItemType 'Directory' -Force | Out-Null Set-Content -Path $OutputFile -Value $PrivateKeyData -Force } Save-DGatewayConfig -ConfigPath:$ConfigPath -Config:$Config } function New-DGatewayToken { [CmdletBinding()] param( [string] $ConfigPath, [ValidateSet('ASSOCIATION', 'SCOPE', 'BRIDGE', 'JMUX', 'JREC')] [Parameter(Mandatory = $true)] [string] $Type, # token type # public common claims [DateTime] $ExpirationTime, # exp [DateTime] $NotBefore, # nbf [DateTime] $IssuedAt, # iat # private association claims [string] $AssociationId, # jet_aid [ValidateSet('unknown', 'wayk', 'rdp', 'ard', 'vnc', 'ssh', 'ssh-pwsh', 'sftp', 'scp', 'winrm-http-pwsh', 'winrm-https-pwsh', 'http', 'https', 'ldap', 'ldaps')] [string] $ApplicationProtocol, # jet_ap [ValidateSet('fwd', 'rdv')] [string] $ConnectionMode, # jet_cm [string] $DestinationHost, # dst_hst # private jrec claims [ValidateSet('push', 'pull')] [string] $RecordingOperation = 'push', # jet_rop # private scope claims [string] $Scope, # scope # private bridge claims [string] $Target, # target # signature parameters [string] $PrivateKeyFile ) $ConfigPath = Find-DGatewayConfig -ConfigPath:$ConfigPath $Config = Get-DGatewayConfig -ConfigPath:$ConfigPath -NullProperties if (-Not $PrivateKeyFile) { if (-Not $Config.ProvisionerPrivateKeyFile) { throw "Config file is missing ``ProvisionerPrivateKeyFile``. Alternatively, use -PrivateKeyFile argument." } if ([System.IO.Path]::IsPathRooted($Config.ProvisionerPrivateKeyFile)) { $PrivateKeyFile = $Config.ProvisionerPrivateKeyFile } else { $PrivateKeyFile = Join-Path $ConfigPath $Config.ProvisionerPrivateKeyFile } } if (-Not (Test-Path -Path $PrivateKeyFile -PathType 'Leaf')) { throw "$PrivateKeyFile cannot be found." } $PrivateKey = ConvertTo-RsaPrivateKey $(Get-Content $PrivateKeyFile -Raw) $CurrentTime = Get-Date if (-Not $NotBefore) { $NotBefore = $CurrentTime } if (-Not $IssuedAt) { $IssuedAt = $CurrentTime } if (-Not $ExpirationTime) { $ExpirationTime = $CurrentTime.AddMinutes(2) } $iat = [System.DateTimeOffset]::new($IssuedAt).ToUnixTimeSeconds() $nbf = [System.DateTimeOffset]::new($NotBefore).ToUnixTimeSeconds() $exp = [System.DateTimeOffset]::new($ExpirationTime).ToUnixTimeSeconds() $jti = (New-Guid).ToString() $Header = [PSCustomObject]@{ alg = 'RS256' typ = 'JWT' cty = $Type } $Payload = [PSCustomObject]@{ iat = $iat nbf = $nbf exp = $exp jti = $jti } if ($Type -eq 'ASSOCIATION') { if (-Not $ApplicationProtocol) { if ($ConnectionMode -eq 'fwd') { $ApplicationProtocol = 'rdp' } else { $ApplicationProtocol = 'wayk' } } $Payload | Add-Member -MemberType NoteProperty -Name 'jet_ap' -Value $ApplicationProtocol if (-Not $ConnectionMode) { if ($DestinationHost) { $ConnectionMode = 'fwd' } else { $ConnectionMode = 'rdv' } } $Payload | Add-Member -MemberType NoteProperty -Name 'jet_cm' -Value $ConnectionMode if (-Not $AssociationId) { $AssociationId = New-Guid } $Payload | Add-Member -MemberType NoteProperty -Name 'jet_aid' -Value $AssociationId if ($DestinationHost) { $Payload | Add-Member -MemberType NoteProperty -Name 'dst_hst' -Value $DestinationHost } } if ($Type -eq 'JMUX') { if (-Not $DestinationHost) { throw "DestinationHost is required" } if ($ApplicationProtocol) { $Payload | Add-Member -MemberType NoteProperty -Name 'jet_ap' -Value $ApplicationProtocol } if (-Not $AssociationId) { $AssociationId = New-Guid } $Payload | Add-Member -MemberType NoteProperty -Name 'jet_aid' -Value $AssociationId $Payload | Add-Member -MemberType NoteProperty -Name 'dst_hst' -Value $DestinationHost } if ($Type -eq 'JREC') { if (-Not $RecordingOperation) { throw "RecordingOperation is required" } if ($ApplicationProtocol) { $Payload | Add-Member -MemberType NoteProperty -Name 'jet_ap' -Value $ApplicationProtocol } $Payload | Add-Member -MemberType NoteProperty -Name 'jet_rop' -Value $RecordingOperation.ToLower() if (-Not $AssociationId) { $AssociationId = New-Guid } $Payload | Add-Member -MemberType NoteProperty -Name 'jet_aid' -Value $AssociationId if ($DestinationHost) { $Payload | Add-Member -MemberType NoteProperty -Name 'dst_hst' -Value $DestinationHost } } if (($Type -eq 'SCOPE') -and ($Scope)) { $Payload | Add-Member -MemberType NoteProperty -Name 'scope' -Value $Scope } if (($Type -eq 'BRIDGE') -and ($Target)) { $Payload | Add-Member -MemberType NoteProperty -Name 'target' -Value $Target } New-JwtRs256 -Header $Header -Payload $Payload -PrivateKey $PrivateKey } function ConvertTo-DGatewayHash { [CmdletBinding()] param( [Parameter(Mandatory=$true, Position=0)] [string] $Password ) $parameters = [Devolutions.Picky.Argon2Params]::New.Invoke(@()) $algorithm = [Devolutions.Picky.Argon2Algorithm]::Argon2id $argon2 = [Devolutions.Picky.Argon2]::New.Invoke(@($algorithm, $parameters)) $argon2.HashPassword($Password) } function Get-DGatewayUsersFilePath { [CmdletBinding()] param( [string] $ConfigPath ) $ConfigPath = Find-DGatewayConfig -ConfigPath:$ConfigPath $Config = Get-DGatewayConfig -ConfigPath:$ConfigPath -NullProperties if ($Config.WebApp.UsersFile) { $fileName = $Config.WebApp.UsersFile } else { $fileName = $script:DGatewayCustomUsersFileName } $filePath = Join-Path -Path $ConfigPath -ChildPath $fileName return $filePath } function Set-DGatewayUser { [CmdletBinding()] param( [string] $ConfigPath, [Parameter(Mandatory=$true, Position=0)] [string] $Username, [Parameter(Mandatory=$true, Position=1)] [string] $Password ) $ConfigPath = Find-DGatewayConfig -ConfigPath:$ConfigPath $filePath = Get-DGatewayUsersFilePath -ConfigPath $ConfigPath $hash = ConvertTo-DGatewayHash -Password $Password $fileContent = @() if (Test-Path $filePath) { try { $fileContent = [System.IO.File]::ReadLines($filePath) } catch { Write-Host "Error reading file: $_" return } } $entry = "$Username`:$hash" $updated = $false $fileContentList = New-Object System.Collections.Generic.List[System.String] foreach ($line in $fileContent) { $fileContentList.Add($line) } for ($i = 0; $i -lt $fileContentList.Count; $i++) { if ((-Not [string]::IsNullOrEmpty($fileContentList[$i])) -And $fileContentList[$i].StartsWith("${Username}:")) { $fileContentList[$i] = $entry $updated = $true break } } if (-Not $updated) { $fileContentList.Add($entry) } [System.IO.File]::WriteAllLines($filePath, $fileContentList) } function Remove-DGatewayUser { [CmdletBinding()] param( [string] $ConfigPath, [Parameter(Mandatory=$true, Position=0)] [string] $Username ) $ConfigPath = Find-DGatewayConfig -ConfigPath:$ConfigPath $filePath = Get-DGatewayUsersFilePath -ConfigPath $ConfigPath $fileContent = Get-Content $filePath $newContent = $fileContent | Where-Object { $_ -notmatch "^${Username}:" } Set-Content -Path $filePath -Value $newContent } function Get-DGatewayUser { [CmdletBinding()] param( [string] $ConfigPath, [string] $Username ) $ConfigPath = Find-DGatewayConfig -ConfigPath:$ConfigPath $filePath = Get-DGatewayUsersFilePath -ConfigPath $ConfigPath $fileContent = Get-Content $filePath $users = @() foreach ($line in $fileContent) { # Splitting at the first ':' character $splitIndex = $line.IndexOf(':') if ($splitIndex -lt 0) { continue } $user = $line.Substring(0, $splitIndex) $hash = $line.Substring($splitIndex + 1) $users += New-Object PSObject -Property @{ User = $user Hash = $hash } } if ($Username) { $user = $users | Where-Object { $_.User -eq $Username } return $user } else { return $users } } function Get-DGatewayPackage { [CmdletBinding()] param( [string] $RequiredVersion, [ValidateSet('Windows', 'Linux')] [string] $Platform ) $Version = Get-DGatewayVersion 'PSModule' if ($RequiredVersion) { $Version = $RequiredVersion } if (-Not $Platform) { if ($IsWindows) { $Platform = 'Windows' } else { $Platform = 'Linux' } } $GitHubDownloadUrl = 'https://github.com/Devolutions/devolutions-gateway/releases/download/' if ($Platform -eq 'Windows') { $Architecture = 'x86_64' $PackageFileName = "DevolutionsGateway-${Architecture}-${Version}.msi" } elseif ($Platform -eq 'Linux') { $Architecture = 'amd64' $PackageFileName = "devolutions-gateway_${Version}.0_${Architecture}.deb" } $DownloadUrl = "${GitHubDownloadUrl}v${Version}/$PackageFileName" [PSCustomObject]@{ Url = $DownloadUrl; Version = $Version; } } function Install-DGatewayPackage { [CmdletBinding()] param( [string] $RequiredVersion, [switch] $Quiet, [switch] $Force ) $Version = Get-DGatewayVersion 'PSModule' if ($RequiredVersion) { $Version = $RequiredVersion } $InstalledVersion = Get-DGatewayVersion 'Installed' if (($InstalledVersion -eq $Version) -and (-Not $Force)) { Write-Host "Devolutions Gateway is already installed ($Version)" return } $TempPath = Join-Path $([System.IO.Path]::GetTempPath()) "dgateway-${Version}" New-Item -ItemType Directory -Path $TempPath -ErrorAction SilentlyContinue | Out-Null $Package = Get-DGatewayPackage -RequiredVersion $Version $DownloadUrl = $Package.Url $DownloadFile = Split-Path -Path $DownloadUrl -Leaf $DownloadFilePath = Join-Path $TempPath $DownloadFile Write-Host "Downloading $DownloadUrl" $WebClient = [System.Net.WebClient]::new() $WebClient.DownloadFile($DownloadUrl, $DownloadFilePath) $WebClient.Dispose() $DownloadFilePath = Resolve-Path $DownloadFilePath if ($IsWindows) { $Display = '/passive' if ($Quiet) { $Display = '/quiet' } $InstallLogFile = Join-Path $TempPath 'DGateway_Install.log' $MsiArgs = @( '/i', "`"$DownloadFilePath`"", $Display, '/norestart', '/log', "`"$InstallLogFile`"" ) Start-Process 'msiexec.exe' -ArgumentList $MsiArgs -Wait -NoNewWindow Remove-Item -Path $InstallLogFile -Force -ErrorAction SilentlyContinue } elseif ($IsMacOS) { throw 'unsupported platform' } elseif ($IsLinux) { $DpkgArgs = @( '-i', $DownloadFilePath ) if ((id -u) -eq 0) { Start-Process 'dpkg' -ArgumentList $DpkgArgs -Wait } else { $DpkgArgs = @('dpkg') + $DpkgArgs Start-Process 'sudo' -ArgumentList $DpkgArgs -Wait } } Remove-Item -Path $TempPath -Force -Recurse } function Uninstall-DGatewayPackage { [CmdletBinding()] param( [switch] $Quiet ) if ($IsWindows) { $UninstallReg = Get-ChildItem 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall' ` | ForEach-Object { Get-ItemProperty $_.PSPath } | Where-Object { $_ -Match 'Devolutions Gateway' } if ($UninstallReg) { $UninstallString = $($UninstallReg.UninstallString ` -Replace 'msiexec.exe', '' -Replace '/I', '' -Replace '/X', '').Trim() $Display = '/passive' if ($Quiet) { $Display = '/quiet' } $MsiArgs = @( '/X', $UninstallString, $Display ) Start-Process 'msiexec.exe' -ArgumentList $MsiArgs -Wait } } elseif ($IsMacOS) { throw 'unsupported platform' } elseif ($IsLinux) { if (Get-DGatewayVersion 'Installed') { $AptArgs = @( '-y', 'remove', 'devolutions-gateway', '--purge' ) if ((id -u) -eq 0) { Start-Process 'apt-get' -ArgumentList $AptArgs -Wait } else { $AptArgs = @('apt-get') + $AptArgs Start-Process 'sudo' -ArgumentList $AptArgs -Wait } } } } function Start-DGateway { [CmdletBinding()] param( [string]$ServiceName ) if (-Not [String]::IsNullOrWhiteSpace($ServiceName)) { $DGatewayService = $ServiceName } elseif ($IsWindows) { $DGatewayService = 'devolutionsgateway' } elseif ($IsLinux) { $DGatewayService = 'devolutions-gateway.service' } else { throw 'Service name is empty' } if ($IsWindows) { Start-Service -Name $DGatewayService } elseif ($IsLinux) { & systemctl start $DGatewayService } else { throw 'Not implemented' } } function Stop-DGateway { [CmdletBinding()] param( [string]$ServiceName ) if (-Not [String]::IsNullOrWhiteSpace($serviceName)) { $DGatewayService = $ServiceName } elseif ($IsWindows) { $DGatewayService = 'devolutionsgateway' } elseif ($IsLinux) { $DGatewayService = 'devolutions-gateway.service' } else { throw 'Service name is empty' } if ($IsWindows) { Stop-Service -Name $DGatewayService } elseif ($IsLinux) { & systemctl stop $DGatewayService } else { throw 'Not implemented' } } function Restart-DGateway { [CmdletBinding()] param( [string]$ServiceName ) if (-Not [String]::IsNullOrWhiteSpace($ServiceName)) { $DGatewayService = $ServiceName } elseif ($IsWindows) { $DGatewayService = 'devolutionsgateway' } elseif ($IsLinux) { $DGatewayService = 'devolutions-gateway.service' } else { throw 'Service name is empty' } if ($IsWindows) { Restart-Service -Name $DGatewayService } elseif ($IsLinux) { & systemctl restart $DGatewayService } else { throw 'Not implemented' } } function Get-DGatewayService { [CmdletBinding()] param( [string]$ServiceName ) if (-Not [String]::IsNullOrWhiteSpace($ServiceName)) { $DGatewayService = $ServiceName } elseif ($IsWindows) { $DGatewayService = 'devolutionsgateway' } elseif ($IsLinux) { $DGatewayService = 'devolutions-gateway.service' } else { throw 'Service name is empty' } if ($IsWindows) { $Result = Get-Service -Name $DGatewayService If ($Result) { [PSCustomObject]@{ "Name" = $Result.Name "Status" = $Result.Status } } else { throw 'Service not found' } } elseif ($IsLinux) { $Result = & systemctl list-units --type=service --all --no-pager $DGatewayService --no-legend if ($Result) { $ID, $Load, $Active, $Status, $Description = ($Result.Trim()) -Split '\s+', 5 If ($ID -And $Active) { [PSCustomObject]@{ "Name" = $ID "Status" = if ($Active -EQ 'active') { 'Running' } else { 'Stopped' } } } else { throw 'Unable to return service status' } } else { throw 'Service not found' } } else { throw 'Not implemented' } } # SIG # Begin signature block # MIIvWQYJKoZIhvcNAQcCoIIvSjCCL0YCAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCBBHjWyEQITjpBI # qd6ytOEhV0T9Mg4WMkhIA0CwwTJ116CCFBcwggVyMIIDWqADAgECAhB2U/6sdUZI # k/Xl10pIOk74MA0GCSqGSIb3DQEBDAUAMFMxCzAJBgNVBAYTAkJFMRkwFwYDVQQK # ExBHbG9iYWxTaWduIG52LXNhMSkwJwYDVQQDEyBHbG9iYWxTaWduIENvZGUgU2ln # bmluZyBSb290IFI0NTAeFw0yMDAzMTgwMDAwMDBaFw00NTAzMTgwMDAwMDBaMFMx # CzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMSkwJwYDVQQD # EyBHbG9iYWxTaWduIENvZGUgU2lnbmluZyBSb290IFI0NTCCAiIwDQYJKoZIhvcN # AQEBBQADggIPADCCAgoCggIBALYtxTDdeuirkD0DcrA6S5kWYbLl/6VnHTcc5X7s # k4OqhPWjQ5uYRYq4Y1ddmwCIBCXp+GiSS4LYS8lKA/Oof2qPimEnvaFE0P31PyLC # o0+RjbMFsiiCkV37WYgFC5cGwpj4LKczJO5QOkHM8KCwex1N0qhYOJbp3/kbkbuL # ECzSx0Mdogl0oYCve+YzCgxZa4689Ktal3t/rlX7hPCA/oRM1+K6vcR1oW+9YRB0 # RLKYB+J0q/9o3GwmPukf5eAEh60w0wyNA3xVuBZwXCR4ICXrZ2eIq7pONJhrcBHe # OMrUvqHAnOHfHgIB2DvhZ0OEts/8dLcvhKO/ugk3PWdssUVcGWGrQYP1rB3rdw1G # R3POv72Vle2dK4gQ/vpY6KdX4bPPqFrpByWbEsSegHI9k9yMlN87ROYmgPzSwwPw # jAzSRdYu54+YnuYE7kJuZ35CFnFi5wT5YMZkobacgSFOK8ZtaJSGxpl0c2cxepHy # 1Ix5bnymu35Gb03FhRIrz5oiRAiohTfOB2FXBhcSJMDEMXOhmDVXR34QOkXZLaRR # kJipoAc3xGUaqhxrFnf3p5fsPxkwmW8x++pAsufSxPrJ0PBQdnRZ+o1tFzK++Ol+ # A/Tnh3Wa1EqRLIUDEwIrQoDyiWo2z8hMoM6e+MuNrRan097VmxinxpI68YJj8S4O # JGTfAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0G # A1UdDgQWBBQfAL9GgAr8eDm3pbRD2VZQu86WOzANBgkqhkiG9w0BAQwFAAOCAgEA # Xiu6dJc0RF92SChAhJPuAW7pobPWgCXme+S8CZE9D/x2rdfUMCC7j2DQkdYc8pzv # eBorlDICwSSWUlIC0PPR/PKbOW6Z4R+OQ0F9mh5byV2ahPwm5ofzdHImraQb2T07 # alKgPAkeLx57szO0Rcf3rLGvk2Ctdq64shV464Nq6//bRqsk5e4C+pAfWcAvXda3 # XaRcELdyU/hBTsz6eBolSsr+hWJDYcO0N6qB0vTWOg+9jVl+MEfeK2vnIVAzX9Rn # m9S4Z588J5kD/4VDjnMSyiDN6GHVsWbcF9Y5bQ/bzyM3oYKJThxrP9agzaoHnT5C # JqrXDO76R78aUn7RdYHTyYpiF21PiKAhoCY+r23ZYjAf6Zgorm6N1Y5McmaTgI0q # 41XHYGeQQlZcIlEPs9xOOe5N3dkdeBBUO27Ql28DtR6yI3PGErKaZND8lYUkqP/f # obDckUCu3wkzq7ndkrfxzJF0O2nrZ5cbkL/nx6BvcbtXv7ePWu16QGoWzYCELS/h # AtQklEOzFfwMKxv9cW/8y7x1Fzpeg9LJsy8b1ZyNf1T+fn7kVqOHp53hWVKUQY9t # W76GlZr/GnbdQNJRSnC0HzNjI3c/7CceWeQIh+00gkoPP/6gHcH1Z3NFhnj0qinp # J4fGGdvGExTDOUmHTaCX4GUT9Z13Vunas1jHOvLAzYIwggboMIIE0KADAgECAhB3 # vQ4Ft1kLth1HYVMeP3XtMA0GCSqGSIb3DQEBCwUAMFMxCzAJBgNVBAYTAkJFMRkw # FwYDVQQKExBHbG9iYWxTaWduIG52LXNhMSkwJwYDVQQDEyBHbG9iYWxTaWduIENv # ZGUgU2lnbmluZyBSb290IFI0NTAeFw0yMDA3MjgwMDAwMDBaFw0zMDA3MjgwMDAw # MDBaMFwxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTIw # MAYDVQQDEylHbG9iYWxTaWduIEdDQyBSNDUgRVYgQ29kZVNpZ25pbmcgQ0EgMjAy # MDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMsg75ceuQEyQ6BbqYoj # /SBerjgSi8os1P9B2BpV1BlTt/2jF+d6OVzA984Ro/ml7QH6tbqT76+T3PjisxlM # g7BKRFAEeIQQaqTWlpCOgfh8qy+1o1cz0lh7lA5tD6WRJiqzg09ysYp7ZJLQ8LRV # X5YLEeWatSyyEc8lG31RK5gfSaNf+BOeNbgDAtqkEy+FSu/EL3AOwdTMMxLsvUCV # 0xHK5s2zBZzIU+tS13hMUQGSgt4T8weOdLqEgJ/SpBUO6K/r94n233Hw0b6nskEz # IHXMsdXtHQcZxOsmd/KrbReTSam35sOQnMa47MzJe5pexcUkk2NvfhCLYc+YVaMk # oog28vmfvpMusgafJsAMAVYS4bKKnw4e3JiLLs/a4ok0ph8moKiueG3soYgVPMLq # 7rfYrWGlr3A2onmO3A1zwPHkLKuU7FgGOTZI1jta6CLOdA6vLPEV2tG0leis1Ult # 5a/dm2tjIF2OfjuyQ9hiOpTlzbSYszcZJBJyc6sEsAnchebUIgTvQCodLm3HadNu # twFsDeCXpxbmJouI9wNEhl9iZ0y1pzeoVdwDNoxuz202JvEOj7A9ccDhMqeC5LYy # AjIwfLWTyCH9PIjmaWP47nXJi8Kr77o6/elev7YR8b7wPcoyPm593g9+m5XEEofn # GrhO7izB36Fl6CSDySrC/blTAgMBAAGjggGtMIIBqTAOBgNVHQ8BAf8EBAMCAYYw # EwYDVR0lBAwwCgYIKwYBBQUHAwMwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4E # FgQUJZ3Q/FkJhmPF7POxEztXHAOSNhEwHwYDVR0jBBgwFoAUHwC/RoAK/Hg5t6W0 # Q9lWULvOljswgZMGCCsGAQUFBwEBBIGGMIGDMDkGCCsGAQUFBzABhi1odHRwOi8v # b2NzcC5nbG9iYWxzaWduLmNvbS9jb2Rlc2lnbmluZ3Jvb3RyNDUwRgYIKwYBBQUH # MAKGOmh0dHA6Ly9zZWN1cmUuZ2xvYmFsc2lnbi5jb20vY2FjZXJ0L2NvZGVzaWdu # aW5ncm9vdHI0NS5jcnQwQQYDVR0fBDowODA2oDSgMoYwaHR0cDovL2NybC5nbG9i # YWxzaWduLmNvbS9jb2Rlc2lnbmluZ3Jvb3RyNDUuY3JsMFUGA1UdIAROMEwwQQYJ # KwYBBAGgMgECMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24u # Y29tL3JlcG9zaXRvcnkvMAcGBWeBDAEDMA0GCSqGSIb3DQEBCwUAA4ICAQAldaAJ # yTm6t6E5iS8Yn6vW6x1L6JR8DQdomxyd73G2F2prAk+zP4ZFh8xlm0zjWAYCImbV # YQLFY4/UovG2XiULd5bpzXFAM4gp7O7zom28TbU+BkvJczPKCBQtPUzosLp1pnQt # pFg6bBNJ+KUVChSWhbFqaDQlQq+WVvQQ+iR98StywRbha+vmqZjHPlr00Bid/XSX # hndGKj0jfShziq7vKxuav2xTpxSePIdxwF6OyPvTKpIz6ldNXgdeysEYrIEtGiH6 # bs+XYXvfcXo6ymP31TBENzL+u0OF3Lr8psozGSt3bdvLBfB+X3Uuora/Nao2Y8nO # ZNm9/Lws80lWAMgSK8YnuzevV+/Ezx4pxPTiLc4qYc9X7fUKQOL1GNYe6ZAvytOH # X5OKSBoRHeU3hZ8uZmKaXoFOlaxVV0PcU4slfjxhD4oLuvU/pteO9wRWXiG7n9dq # cYC/lt5yA9jYIivzJxZPOOhRQAyuku++PX33gMZMNleElaeEFUgwDlInCI2Oor0i # xxnJpsoOqHo222q6YV8RJJWk4o5o7hmpSZle0LQ0vdb5QMcQlzFSOTUpEYck08T7 # qWPLd0jV+mL8JOAEek7Q5G7ezp44UCb0IXFl1wkl1MkHAHq4x/N36MXU4lXQ0x72 # f1LiSY25EXIMiEQmM2YBRN/kMw4h3mKJSAfa9TCCB7EwggWZoAMCAQICDHPTwzYD # /4u0QiTyXjANBgkqhkiG9w0BAQsFADBcMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQ # R2xvYmFsU2lnbiBudi1zYTEyMDAGA1UEAxMpR2xvYmFsU2lnbiBHQ0MgUjQ1IEVW # IENvZGVTaWduaW5nIENBIDIwMjAwHhcNMjMxMDMwMTc1MTE4WhcNMjYxMDMwMTc1 # MTE4WjCB8TEdMBsGA1UEDwwUUHJpdmF0ZSBPcmdhbml6YXRpb24xEzARBgNVBAUT # CjExNjI1NDQ2ODkxEzARBgsrBgEEAYI3PAIBAxMCQ0ExFzAVBgsrBgEEAYI3PAIB # AhMGUXVlYmVjMQswCQYDVQQGEwJDQTEPMA0GA1UECBMGUXVlYmVjMRIwEAYDVQQH # EwlMYXZhbHRyaWUxGDAWBgNVBAoTD0Rldm9sdXRpb25zIEluYzEYMBYGA1UEAxMP # RGV2b2x1dGlvbnMgSW5jMScwJQYJKoZIhvcNAQkBFhhzZWN1cml0eUBkZXZvbHV0 # aW9ucy5uZXQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCfDk6c1eCL # 9rTvq1D1lq1GmU08ZKyYQJQ7Eb/mRFpRXqpOFiySnf8BysYbZ4y4MnIl7M2Wjc5n # 1JcXR9BPWmkJLnI7rFTwpq/O5xKUwW20/EYyOuF7TasRq6olljm73dcLjrt5z/a2 # u2gO+vMS8LVY6UXKAGZGIigMoPS92f2MkkKmdEmA5dpwbALUfvH9sy0qknUfQY6d # slpI8PbjTCx9GY5xqCTMtBQcWB5sBn/I0YAlp5yuOn+2ga4vUcucAZTVseoRI/Js # n5KWWb0iM9wrbv+DOCzcAtBF+Yj2Kp8wHRWfMCumu4YuYcwTY3hbIuNRoUi8j4nL # ptjGaz7R3UfAr4b/rH4Vg8/l9ufP61Z7bpSkZbIlnh3Gjy9UJCjw5wguQucnllSb # NNg5ZBd7v3DRUKwKvzF9TYoOERwGdeY8uS4fnSYP7XuGF9b+coZ/D5guGaebiJJE # odRJkGdiP5P+6jLO43dzgmB4hmWbuF5wofRYXd1ihFOf4aBH2qzHnFkDvp5zeclM # lgoLuxJVb4mU36Z84KnJuT7fPThK9RbNEoqPPzd1BYcCcRmVaLCYHw+6AgmVXm3b # gCsv4zM/DqkycfPX11sBXedYdTJ4tihtFo1eRqfQsXEivN+XYwUIJ/EdfHUmaHU+ # 7eYhgSPVynPm9Fq1mAAC3KqH+6RtIpEmpQIDAQABo4IB2zCCAdcwDgYDVR0PAQH/ # BAQDAgeAMIGfBggrBgEFBQcBAQSBkjCBjzBMBggrBgEFBQcwAoZAaHR0cDovL3Nl # Y3VyZS5nbG9iYWxzaWduLmNvbS9jYWNlcnQvZ3NnY2NyNDVldmNvZGVzaWduY2Ey # MDIwLmNydDA/BggrBgEFBQcwAYYzaHR0cDovL29jc3AuZ2xvYmFsc2lnbi5jb20v # Z3NnY2NyNDVldmNvZGVzaWduY2EyMDIwMFUGA1UdIAROMEwwQQYJKwYBBAGgMgEC # MDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9z # aXRvcnkvMAcGBWeBDAEDMAkGA1UdEwQCMAAwRwYDVR0fBEAwPjA8oDqgOIY2aHR0 # cDovL2NybC5nbG9iYWxzaWduLmNvbS9nc2djY3I0NWV2Y29kZXNpZ25jYTIwMjAu # Y3JsMCMGA1UdEQQcMBqBGHNlY3VyaXR5QGRldm9sdXRpb25zLm5ldDATBgNVHSUE # DDAKBggrBgEFBQcDAzAfBgNVHSMEGDAWgBQlndD8WQmGY8Xs87ETO1ccA5I2ETAd # BgNVHQ4EFgQU+cpn+IPqWRnE5rHeI+bO8b/X89owDQYJKoZIhvcNAQELBQADggIB # ABr7ukUZYHuRYKb0JdoVh9Lwngn45m/BBg90jTL5CF6ZP4xYB2kaKN366sfAbvmK # ThbgfcIvN26NjS1/cFXad5af6s5OzGUic+mAFZOhbpX81GedsAnxl1D4BKJs2+iW # h/eK2vba/K3J5V2Z7S7YFgHqF0vlmDtNxnBQ8jsI30zrbcuYJowft8WLjfW4hr0S # dAIk2F4X1CTGhtJVMuPcxyUuvrmknp1g2y99jc5eXA6qp0CiUbFC1R3C1kpZYT4s # xiu86B3kbY6JqTO2f08tjvpih36UeFCC/ByZBzb1D8FFIaKiErjlDHVMIBCY1XrE # EDEJpIyMRyobXsIuisyn4TpK8JqRb0C0opDzvE8BlKvqlqmHfafbOUXFH5gz/F9a # iJAMfHyh4ddUg9nFcF+YKWKp8hpdaIW+5ptlsC2LSS5tztMUXRisUf/zCTeLQ2MA # Xc7Vl0sc8ZD9Uqb9wm+tmK3ZGvnDKCikwE8YU+y96ogFUybGcEWXUYk3QvuXKeS0 # 9/v6QOwbgY3o5EkrNQyPUugI2HsyWtmLhTdDM/Pnj+O2NDNkPXvGiss2b0O8yUMV # kh9C0HG4WS3L/ExoM1keN1Yd54FaFhk1zQv3KQaC7MJU8uZrmrIJLPNdEPGKiFfI # 8CLIV/04jAIrR+A4SDaCpDTz+XDZF7kP42KGybJiSD1qMYIamDCCGpQCAQEwbDBc # MQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEyMDAGA1UE # AxMpR2xvYmFsU2lnbiBHQ0MgUjQ1IEVWIENvZGVTaWduaW5nIENBIDIwMjACDHPT # wzYD/4u0QiTyXjANBglghkgBZQMEAgEFAKCBhDAYBgorBgEEAYI3AgEMMQowCKAC # gAChAoAAMBkGCSqGSIb3DQEJAzEMBgorBgEEAYI3AgEEMBwGCisGAQQBgjcCAQsx # DjAMBgorBgEEAYI3AgEVMC8GCSqGSIb3DQEJBDEiBCDZgbBZlpVgf/YII6b3bVLt # lmEX2/GG1cfgMbt1ICLBYTANBgkqhkiG9w0BAQEFAASCAgA8ulS97QMMA0vUNLHk # /XDn4ACaE3Jfj2G4QEEiMBnqDO3nEQdoBkSoXrn1s5wRUigsnkE2y2JXMByDdH+p # FB2UMzOq45lMv6ZJr7m4xC//F8mGsQd56efMc63RH0iPn1FwIP6q35TXjzYagLbt # lDtdEZpzww/uczghUd1p6fKc7k9iTWqFGjK/UyxUIUd37L+0IP5gS0bXltlyW7Rz # Xkc8nQ+IaXx6suyUiv/nLOzmZVMyJrmqSsqafUd7BeZeBAZqbDd4j434tWfwMJZw # BkX8tJlGUB5GR6EaHyYd+DMPP5nm/EW/WMwhJcDcTiqyqskFzIjUyc1B/PbfL+1k # EpZ/A6u0crs8nbH4mGhUMSfjxbK38O9A/YL4fICjy69+uRCaXxn7LqlVswqbFL/a # fCMwfP6IjX1daKNWVCeZhtkWEGc61sqTTuLEJgM/VgxshvzmFbVMCM8YzaB+SYPZ # piJb1ylRSzpei96Y0dG3aDb8t/Kh02dtm38MR/Xp/MshQoU+9Vjx4X56ZVXj/5YY # ++4PG1Uipbk3ArPNLBoYbeQSXgLjk+LfBm8MXGU+jsq79xAEB7pfMtQ3AnVWeI2s # 1gF2lo1Gyp1948ClTQDb00SPXv7iXDPe+RPsQmRCtpxAYUgO/QingkkQZ32OZOlx # W+zDyBFcei9rRfMAc3GQESggW6GCF3YwghdyBgorBgEEAYI3AwMBMYIXYjCCF14G # CSqGSIb3DQEHAqCCF08wghdLAgEDMQ8wDQYJYIZIAWUDBAIBBQAwdwYLKoZIhvcN # AQkQAQSgaARmMGQCAQEGCWCGSAGG/WwHATAxMA0GCWCGSAFlAwQCAQUABCAzlHyw # tg8qo3Q+eQWIzGIsu+qPJ3F/F36RwvjnatjSDgIQfka3jC0LHUnJ75c8VtcCdhgP # MjAyNjAyMjMxNjMzMDRaoIITOjCCBu0wggTVoAMCAQICEAqA7xhLjfEFgtHEdqeV # dGgwDQYJKoZIhvcNAQELBQAwaTELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDkRpZ2lD # ZXJ0LCBJbmMuMUEwPwYDVQQDEzhEaWdpQ2VydCBUcnVzdGVkIEc0IFRpbWVTdGFt # cGluZyBSU0E0MDk2IFNIQTI1NiAyMDI1IENBMTAeFw0yNTA2MDQwMDAwMDBaFw0z # NjA5MDMyMzU5NTlaMGMxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5EaWdpQ2VydCwg # SW5jLjE7MDkGA1UEAxMyRGlnaUNlcnQgU0hBMjU2IFJTQTQwOTYgVGltZXN0YW1w # IFJlc3BvbmRlciAyMDI1IDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC # AQDQRqwtEsae0OquYFazK1e6b1H/hnAKAd/KN8wZQjBjMqiZ3xTWcfsLwOvRxUwX # cGx8AUjni6bz52fGTfr6PHRNv6T7zsf1Y/E3IU8kgNkeECqVQ+3bzWYesFtkepEr # vUSbf+EIYLkrLKd6qJnuzK8Vcn0DvbDMemQFoxQ2Dsw4vEjoT1FpS54dNApZfKY6 # 1HAldytxNM89PZXUP/5wWWURK+IfxiOg8W9lKMqzdIo7VA1R0V3Zp3DjjANwqAf4 # lEkTlCDQ0/fKJLKLkzGBTpx6EYevvOi7XOc4zyh1uSqgr6UnbksIcFJqLbkIXIPb # cNmA98Oskkkrvt6lPAw/p4oDSRZreiwB7x9ykrjS6GS3NR39iTTFS+ENTqW8m6TH # uOmHHjQNC3zbJ6nJ6SXiLSvw4Smz8U07hqF+8CTXaETkVWz0dVVZw7knh1WZXOLH # gDvundrAtuvz0D3T+dYaNcwafsVCGZKUhQPL1naFKBy1p6llN3QgshRta6Eq4B40 # h5avMcpi54wm0i2ePZD5pPIssoszQyF4//3DoK2O65Uck5Wggn8O2klETsJ7u8xE # ehGifgJYi+6I03UuT1j7FnrqVrOzaQoVJOeeStPeldYRNMmSF3voIgMFtNGh86w3 # ISHNm0IaadCKCkUe2LnwJKa8TIlwCUNVwppwn4D3/Pt5pwIDAQABo4IBlTCCAZEw # DAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU5Dv88jHt/f3X85FxYxlQQ89hjOgwHwYD # VR0jBBgwFoAU729TSunkBnx6yuKQVvYv1Ensy04wDgYDVR0PAQH/BAQDAgeAMBYG # A1UdJQEB/wQMMAoGCCsGAQUFBwMIMIGVBggrBgEFBQcBAQSBiDCBhTAkBggrBgEF # BQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMF0GCCsGAQUFBzAChlFodHRw # Oi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRUcnVzdGVkRzRUaW1lU3Rh # bXBpbmdSU0E0MDk2U0hBMjU2MjAyNUNBMS5jcnQwXwYDVR0fBFgwVjBUoFKgUIZO # aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0VHJ1c3RlZEc0VGltZVN0 # YW1waW5nUlNBNDA5NlNIQTI1NjIwMjVDQTEuY3JsMCAGA1UdIAQZMBcwCAYGZ4EM # AQQCMAsGCWCGSAGG/WwHATANBgkqhkiG9w0BAQsFAAOCAgEAZSqt8RwnBLmuYEHs # 0QhEnmNAciH45PYiT9s1i6UKtW+FERp8FgXRGQ/YAavXzWjZhY+hIfP2JkQ38U+w # tJPBVBajYfrbIYG+Dui4I4PCvHpQuPqFgqp1PzC/ZRX4pvP/ciZmUnthfAEP1HSh # TrY+2DE5qjzvZs7JIIgt0GCFD9ktx0LxxtRQ7vllKluHWiKk6FxRPyUPxAAYH2Vy # 1lNM4kzekd8oEARzFAWgeW3az2xejEWLNN4eKGxDJ8WDl/FQUSntbjZ80FU3i54t # px5F/0Kr15zW/mJAxZMVBrTE2oi0fcI8VMbtoRAmaaslNXdCG1+lqvP4FbrQ6IwS # BXkZagHLhFU9HCrG/syTRLLhAezu/3Lr00GrJzPQFnCEH1Y58678IgmfORBPC1JK # kYaEt2OdDh4GmO0/5cHelAK2/gTlQJINqDr6JfwyYHXSd+V08X1JUPvB4ILfJdmL # +66Gp3CSBXG6IwXMZUXBhtCyIaehr0XkBoDIGMUG1dUtwq1qmcwbdUfcSYCn+Own # cVUXf53VJUNOaMWMts0VlRYxe5nK+At+DI96HAlXHAL5SlfYxJ7La54i71McVWRP # 66bW+yERNpbJCjyCYG2j+bdpxo/1Cy4uPcU3AWVPGrbn5PhDBf3Froguzzhk++am # i+r3Qrx5bIbY3TVzgiFI7Gq3zWcwgga0MIIEnKADAgECAhANx6xXBf8hmS5AQyIM # OkmGMA0GCSqGSIb3DQEBCwUAMGIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdp # Q2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xITAfBgNVBAMTGERp # Z2lDZXJ0IFRydXN0ZWQgUm9vdCBHNDAeFw0yNTA1MDcwMDAwMDBaFw0zODAxMTQy # MzU5NTlaMGkxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5EaWdpQ2VydCwgSW5jLjFB # MD8GA1UEAxM4RGlnaUNlcnQgVHJ1c3RlZCBHNCBUaW1lU3RhbXBpbmcgUlNBNDA5 # NiBTSEEyNTYgMjAyNSBDQTEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC # AQC0eDHTCphBcr48RsAcrHXbo0ZodLRRF51NrY0NlLWZloMsVO1DahGPNRcybEKq # +RuwOnPhof6pvF4uGjwjqNjfEvUi6wuim5bap+0lgloM2zX4kftn5B1IpYzTqpyF # Q/4Bt0mAxAHeHYNnQxqXmRinvuNgxVBdJkf77S2uPoCj7GH8BLuxBG5AvftBdsOE # CS1UkxBvMgEdgkFiDNYiOTx4OtiFcMSkqTtF2hfQz3zQSku2Ws3IfDReb6e3mmdg # lTcaarps0wjUjsZvkgFkriK9tUKJm/s80FiocSk1VYLZlDwFt+cVFBURJg6zMUjZ # a/zbCclF83bRVFLeGkuAhHiGPMvSGmhgaTzVyhYn4p0+8y9oHRaQT/aofEnS5xLr # fxnGpTXiUOeSLsJygoLPp66bkDX1ZlAeSpQl92QOMeRxykvq6gbylsXQskBBBnGy # 3tW/AMOMCZIVNSaz7BX8VtYGqLt9MmeOreGPRdtBx3yGOP+rx3rKWDEJlIqLXvJW # nY0v5ydPpOjL6s36czwzsucuoKs7Yk/ehb//Wx+5kMqIMRvUBDx6z1ev+7psNOdg # JMoiwOrUG2ZdSoQbU2rMkpLiQ6bGRinZbI4OLu9BMIFm1UUl9VnePs6BaaeEWvjJ # SjNm2qA+sdFUeEY0qVjPKOWug/G6X5uAiynM7Bu2ayBjUwIDAQABo4IBXTCCAVkw # EgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQU729TSunkBnx6yuKQVvYv1Ens # y04wHwYDVR0jBBgwFoAU7NfjgtJxXWRM3y5nP+e6mK4cD08wDgYDVR0PAQH/BAQD # AgGGMBMGA1UdJQQMMAoGCCsGAQUFBwMIMHcGCCsGAQUFBwEBBGswaTAkBggrBgEF # BQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEEGCCsGAQUFBzAChjVodHRw # Oi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRUcnVzdGVkUm9vdEc0LmNy # dDBDBgNVHR8EPDA6MDigNqA0hjJodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGln # aUNlcnRUcnVzdGVkUm9vdEc0LmNybDAgBgNVHSAEGTAXMAgGBmeBDAEEAjALBglg # hkgBhv1sBwEwDQYJKoZIhvcNAQELBQADggIBABfO+xaAHP4HPRF2cTC9vgvItTSm # f83Qh8WIGjB/T8ObXAZz8OjuhUxjaaFdleMM0lBryPTQM2qEJPe36zwbSI/mS83a # fsl3YTj+IQhQE7jU/kXjjytJgnn0hvrV6hqWGd3rLAUt6vJy9lMDPjTLxLgXf9r5 # nWMQwr8Myb9rEVKChHyfpzee5kH0F8HABBgr0UdqirZ7bowe9Vj2AIMD8liyrukZ # 2iA/wdG2th9y1IsA0QF8dTXqvcnTmpfeQh35k5zOCPmSNq1UH410ANVko43+Cdmu # 4y81hjajV/gxdEkMx1NKU4uHQcKfZxAvBAKqMVuqte69M9J6A47OvgRaPs+2ykgc # GV00TYr2Lr3ty9qIijanrUR3anzEwlvzZiiyfTPjLbnFRsjsYg39OlV8cipDoq7+ # qNNjqFzeGxcytL5TTLL4ZaoBdqbhOhZ3ZRDUphPvSRmMThi0vw9vODRzW6AxnJll # 38F0cuJG7uEBYTptMSbhdhGQDpOXgpIUsWTjd6xpR6oaQf/DJbg3s6KCLPAlZ66R # zIg9sC+NJpud/v4+7RWsWCiKi9EOLLHfMR2ZyJ/+xhCx9yHbxtl5TPau1j/1MIDp # MPx0LckTetiSuEtQvLsNz3Qbp7wGWqbIiOWCnb5WqxL3/BAPvIXKUjPSxyZsq8Wh # baM2tszWkPZPubdcMIIFjTCCBHWgAwIBAgIQDpsYjvnQLefv21DiCEAYWjANBgkq # hkiG9w0BAQwFADBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5j # MRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBB # c3N1cmVkIElEIFJvb3QgQ0EwHhcNMjIwODAxMDAwMDAwWhcNMzExMTA5MjM1OTU5 # WjBiMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQL # ExB3d3cuZGlnaWNlcnQuY29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJv # b3QgRzQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC/5pBzaN675F1K # PDAiMGkz7MKnJS7JIT3yithZwuEppz1Yq3aaza57G4QNxDAf8xukOBbrVsaXbR2r # snnyyhHS5F/WBTxSD1Ifxp4VpX6+n6lXFllVcq9ok3DCsrp1mWpzMpTREEQQLt+C # 8weE5nQ7bXHiLQwb7iDVySAdYyktzuxeTsiT+CFhmzTrBcZe7FsavOvJz82sNEBf # sXpm7nfISKhmV1efVFiODCu3T6cw2Vbuyntd463JT17lNecxy9qTXtyOj4DatpGY # QJB5w3jHtrHEtWoYOAMQjdjUN6QuBX2I9YI+EJFwq1WCQTLX2wRzKm6RAXwhTNS8 # rhsDdV14Ztk6MUSaM0C/CNdaSaTC5qmgZ92kJ7yhTzm1EVgX9yRcRo9k98FpiHaY # dj1ZXUJ2h4mXaXpI8OCiEhtmmnTK3kse5w5jrubU75KSOp493ADkRSWJtppEGSt+ # wJS00mFt6zPZxd9LBADMfRyVw4/3IbKyEbe7f/LVjHAsQWCqsWMYRJUadmJ+9oCw # ++hkpjPRiQfhvbfmQ6QYuKZ3AeEPlAwhHbJUKSWJbOUOUlFHdL4mrLZBdd56rF+N # P8m800ERElvlEFDrMcXKchYiCd98THU/Y+whX8QgUWtvsauGi0/C1kVfnSD8oR7F # wI+isX4KJpn15GkvmB0t9dmpsh3lGwIDAQABo4IBOjCCATYwDwYDVR0TAQH/BAUw # AwEB/zAdBgNVHQ4EFgQU7NfjgtJxXWRM3y5nP+e6mK4cD08wHwYDVR0jBBgwFoAU # Reuir/SSy4IxLVGLp6chnfNtyA8wDgYDVR0PAQH/BAQDAgGGMHkGCCsGAQUFBwEB # BG0wazAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEMGCCsG # AQUFBzAChjdodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRBc3N1 # cmVkSURSb290Q0EuY3J0MEUGA1UdHwQ+MDwwOqA4oDaGNGh0dHA6Ly9jcmwzLmRp # Z2ljZXJ0LmNvbS9EaWdpQ2VydEFzc3VyZWRJRFJvb3RDQS5jcmwwEQYDVR0gBAow # CDAGBgRVHSAAMA0GCSqGSIb3DQEBDAUAA4IBAQBwoL9DXFXnOF+go3QbPbYW1/e/ # Vwe9mqyhhyzshV6pGrsi+IcaaVQi7aSId229GhT0E0p6Ly23OO/0/4C5+KH38nLe # JLxSA8hO0Cre+i1Wz/n096wwepqLsl7Uz9FDRJtDIeuWcqFItJnLnU+nBgMTdydE # 1Od/6Fmo8L8vC6bp8jQ87PcDx4eo0kxAGTVGamlUsLihVo7spNU96LHc/RzY9Hda # XFSMb++hUD38dglohJ9vytsgjTVgHAIDyyCwrFigDkBjxZgiwbJZ9VVrzyerbHbO # byMt9H5xaiNrIv8SuFQtJ37YOtnwtoeW/VvRXKwYw02fc7cBqZ9Xql4o4rmUMYID # fDCCA3gCAQEwfTBpMQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIElu # Yy4xQTA/BgNVBAMTOERpZ2lDZXJ0IFRydXN0ZWQgRzQgVGltZVN0YW1waW5nIFJT # QTQwOTYgU0hBMjU2IDIwMjUgQ0ExAhAKgO8YS43xBYLRxHanlXRoMA0GCWCGSAFl # AwQCAQUAoIHRMBoGCSqGSIb3DQEJAzENBgsqhkiG9w0BCRABBDAcBgkqhkiG9w0B # CQUxDxcNMjYwMjIzMTYzMzA0WjArBgsqhkiG9w0BCRACDDEcMBowGDAWBBTdYjCs # hgotMGvaOLFoeVIwB/tBfjAvBgkqhkiG9w0BCQQxIgQgCu+bCnk2osxqnvzVWK/p # zDtV5RofDltSM/VjI5YvWMcwNwYLKoZIhvcNAQkQAi8xKDAmMCQwIgQgSqA/oizX # XITFXJOPgo5na5yuyrM/420mmqM08UYRCjMwDQYJKoZIhvcNAQEBBQAEggIAKSn/ # 9T0Ea5ecgycqnPVkN6ERHHsyrVLUZebZ1nggXe4ISPieW6wz4TD6Qx1LlZDMmPjQ # mGowuZsriG/CoAWTnzd7tx8Hu2Im1IQmmgQy/zV98HvO2QdHtz9Jv/TBVWDc9ChD # b2bMkTBYbrjhwWCo0wEqf1HuIpizV5tGEhDIA3ETbXadFb7mf10hmnd9QL12cRr6 # 1prTeweQlZvAarMRUuB50KOKqHn0Vbc3klDEJtXwDgr+Iw0NmexAGMEQ2kvt0v81 # 7wVm22VSFIELfcwGS4YgzNg5Y35LGFZn4F8MiRKfe9t2nJzcYI+LmTPiXGAqvzWD # T07ceR2lrmgynjKfDSvm1/WmLw1UnRe7YwDyMQNtAvg4jsTC27joSRqAQkp/c7Do # c5EZK5A8Wd5QKPMGfnd93Ib8M31gTYwZ+QW2de76GZC2/Y7W3qv/J+7IphQLGlkG # 1FzyzPHFncperxDatLw0c3cLE0xy9kfLfWPg3F2SSkqxtmw33ZcQthsZz4AwaW6B # NkWUBPtiwHALPNTi81mVsEtVFmcEhodGOFS1AzY0qH8AsU1g6XdIjftcXO6V2ltO # AC/wD6g0RyJLCKsou07uMTejaiXCW67kvW+b66ESR+zH0Sqap/c9fole8Qoiukg0 # 2IeLarvU+WBKCemFLLwH3TMytkTV4eFtpxt20f8= # SIG # End signature block |