scripts/helpers.ps1
|
# HPE Nimble PowerShell Toolkit. # File: helpers.ps1 # Description: This file contains common helper routines. These functions are called by generated SDK Cmdlet functions. # # © Copyright 2017 Hewlett Packard Enterprise Development LP. function Connect-NSGroup { <# .SYNOPSIS Connects to a Nimble Storage group. .DESCRIPTION Connect-NSGroup is an advanced function that provides the initial connection to a Nimble Storage array so that other subsequent commands can be run without having to authenticate individually. It is recommended to ignore the server certificate validation (-IgnoreServerCertificate param) since Nimble uses an untrusted SSL certificate. .PARAMETER Group The DNS name or IP address of the Nimble group. .PARAMETER Credential Specifies a user account that has permission to perform this action. Type a user name, such as User01 or enter a PSCredential object, such as one generated by the Get-Credential cmdlet. If you type a user name, this function prompts you for a password. .PARAMETER IgnoreServerCertificate Ignore the server SSL certificate. .EXAMPLE Connect-NSGroup -Group nimblegroup.yourdns.local -Credential admin -IgnoreServerCertificate *Note: IgnoreServerCertificate parameter is not available with PowerShell Core .EXAMPLE Connect-NSGroup -Group 192.168.1.50 -Credential admin -IgnoreServerCertificate *Note: IgnoreServerCertificate parameter is not available with PowerShell Core .EXAMPLE Connect-NSGroup -Group nimblegroup.yourdns.local -Credential admin -ImportServerCertificate .EXAMPLE Connect-NSGroup -Group 192.168.1.50 -Credential admin -ImportServerCertificate .INPUTS None .OUTPUTS None .NOTES #> [cmdletbinding(DefaultParameterSetName='IgnoreServerCertificate')] param ( [Parameter(Mandatory,position=0)] [string]$Group, [Parameter(Mandatory,position=1)] $Credential=$null, [Parameter(ParameterSetName='ImportServerCertificate')] [switch]$ImportServerCertificate ) DynamicParam { if ($PSEdition -ne 'Core'){ $IgnoreServerCertificateAttribute = New-Object System.Management.Automation.ParameterAttribute $IgnoreServerCertificateAttribute.Mandatory = $false #$IgnoreServerCertificateAttribute.Position = 3 $IgnoreServerCertificateAttribute.ParameterSetName = 'IgnoreServerCertificate' $attributeCollection = New-Object System.Collections.ObjectModel.Collection[System.Attribute] $attributeCollection.Add($IgnoreServerCertificateAttribute) $IgnoreServerCertificateParam = New-Object System.Management.Automation.RuntimeDefinedParameter('IgnoreServerCertificate', [Switch],$attributeCollection) $paramDictionary = New-Object System.Management.Automation.RuntimeDefinedParameterDictionary $paramDictionary.Add('IgnoreServerCertificate', $IgnoreServerCertificateParam) return $paramDictionary } } Process{ if ($Credential -is [String]) { $Credential = Get-Credential $Credential } $global:Group=$Group if ($PSBoundParameters.IgnoreServerCertificate) { $Global:NimbleStorageIgnoreServerCertificate = $true; IgnoreServerCertificate} else { $Global:NimbleStorageIgnoreServerCertificate = $false $Global:GlobalImportServerCertificate = $ImportServerCertificate ValidateServerCertificate $group } Import-LocalizedData -BaseDirectory (Split-Path $PSScriptRoot -parent) -FileName "HPENimblePowerShellToolkit.psd1" -BindingVariable "ModuleData" $PSTKVersion = $ModuleData.moduleversion $Global:NimbleAppName = "HPENimblePowerShellToolkitV" + $PSTKVersion $Global:NimbleStoragePort = 5392 $Global:BaseUri = "https://$($global:Group):$($NimbleStoragePort)" try{ $Global:NimbleStorageTokenData = Invoke-RestMethod -Uri "$BaseUri/v1/tokens" -Method Post -Body ((@{data = @{username = $Credential.UserName;password = $Credential.GetNetworkCredential().password;app_name = $NimbleAppName}}) | ConvertTo-Json) Write-Host "Successfully connected to array $group `n`n" } catch{ Write-error "Failed to connect with array $group `n`n $_.Exception.Message" -ErrorAction Stop } $Global:RestVersion = (Invoke-RestMethod -Uri "$BaseUri/versions").data.name $Global:NimbleStorageSession_token = $NimbleStorageTokenData.data.session_token $Global:NimbleStorageArray = $group $Global:NimbleStorageCommonPSParams=@('Debug','Verbose','ErrorAction','ErrorVariable','InformationAction','InformationVariable','OutBuffer','OutVariable','PipelineVariable','Verbose','WarningAction','WarningVariable','WhatIf','Confim','ItemType') } } function Disconnect-NSGroup { <# .SYNOPSIS Disconnects from a Nimble SAN. .DESCRIPTION Disconnect-NSGroup is an advanced function that disconnects the established connection with Nimble Storage array. .EXAMPLE Disconnect-NSGroup .INPUTS None .OUTPUTS None .NOTES #> [CmdletBinding()] param ( ) if (Get-Variable NimbleStorageTokenData -Scope Global -ErrorAction SilentlyContinue) { Remove-NSToken -id $NimbleStorageTokenData.data.id remove-Variable -Scope "Global" NimbleStoragePort Remove-Variable -Scope "Global" BaseUri Remove-Variable -Scope "Global" NimbleStorageTokenData Remove-Variable -Scope "Global" RestVersion Remove-Variable -Scope "Global" NimbleStorageSession_token Remove-Variable -Scope "Global" NimbleStorageArray Remove-Variable -Scope "Global" NimbleStorageCommonPSParams } } function IgnoreServerCertificate { [CmdletBinding()] param() <# [System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true} [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 add-type @" using System.Net; using System.Security.Cryptography.X509Certificates; public class IDontCarePolicy : ICertificatePolicy { public IDontCarePolicy() {} public bool CheckValidationResult( ServicePoint sPoint, X509Certificate cert, WebRequest wRequest, int certProb) { return true; } } "@ [System.Net.ServicePointManager]::CertificatePolicy = new-object IDontCarePolicy write-verbose 'Server certificate ignored' #> if (-not ([System.Management.Automation.PSTypeName]'CustomCertificateValidationCallback').Type) { add-type @" using System.Net; using System.Net.Security; using System.Security.Cryptography.X509Certificates; public static class CustomCertificateValidationCallback { public static void Install() { ServicePointManager.ServerCertificateValidationCallback += CustomCertificateValidationCallback.CheckValidationResult; } public static bool CheckValidationResult( object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) { // please don't do this. do some real validation with explicit exceptions. return true; } } "@ } [CustomCertificateValidationCallback]::Install() } function Invoke-NimbleStorageRestAPI () { param( [Parameter(Mandatory=$true)][string] $ResourcePath, [string] $APIVersion = 'v1', [string] $Method = 'GET', [hashtable] $RequestParams = @{} ) if (!(Get-Variable NimbleStorageTokenData -Scope Global -ErrorAction SilentlyContinue)) { Write-Error -Message "Authentication Info missing. Please use Connect-NSGroup to login." -ErrorAction Stop } if ( $NimbleStorageIgnoreServerCertificate ) { IgnoreServerCertificate } # Form the parameters to Invoke-RestMethod call. $WebRequestParams = @{ Uri = "$BaseUri/$APIVersion/$ResourcePath" Header = @{'X-Auth-Token' = $NimbleStorageSession_token} Method = $Method } # Copy request params to different variable. We may need to specifically process few of them. $RequestData = @{} foreach ($key in $RequestParams.keys) { # PowerShell serializes Booleans in JSON as True/False. We need all lowercase for Nimble Array's REST Server. if ($RequestParams.$key.getType() -eq [bool]) { $RequestData.Add($key, $RequestParams.$key.ToString().ToLower()) } elseif ($key -eq 'fields' -and $Method -eq 'GET') { # Array of fields. Convert to comma separated list. $RequestData.Add('fields', ($RequestParams['fields'] | Select-Object -unique) -join ',') } else { $RequestData.Add($key, $RequestParams.$key); } } switch($Method) { 'GET' { # Hashmap supplied in Body for GET request gets converted to query params automatically. $WebRequestParams.Add('Body',$RequestData) } 'POST' { # Encapsulate request payload in 'data'.. $RequestDataForNimbleAPI = @{ data = $RequestData } $WebRequestParams.Add('Body',($RequestDataForNimbleAPI | ConvertTo-Json -Depth 10)) } 'PUT'{ $RequestDataForNimbleAPI = @{ data = $RequestData } $WebRequestParams.Add('Body',($RequestDataForNimbleAPI | ConvertTo-Json -Depth 10)) } 'DELETE' { # Do nothing. No Body expected/required for delete request. } } Write-Verbose ($WebRequestParams | ConvertTo-Json -Depth 50) $max_retry_count = 5 $retry_count = 0 do { try { if ($retry_count -ne 0) { Start-Sleep -Milliseconds 30 } $JsonResponse = (Invoke-RestMethod @WebRequestParams | ConvertTo-Json -Depth 50) Write-Verbose "Server Response: $JsonResponse" # # The Invoke-Restmethod was successful we should exit the retry loop. # To do that we will force the retry count max surpass the max. # $retry_count = $max_retry_count + 1 } catch { if ($_.Exception.Response -ne $null) { APIExceptionHandler } else { # if the Error response buffer is null then we will go for retries. # if we exhaust the retries we will thrown and error. $retry_count = $retry_count + 1 if ($retry_count -gt $max_retry_count) { Write-Verbose $_.exception Write-Error "Error occoured while invoking restapi method, Please retry" -ErrorAction Stop } } } }until ($retry_count -gt $max_retry_count) return ($JsonResponse | ConvertFrom-Json) } function Get-NimbleStorageAPIObject() { param( [Parameter(Mandatory=$true)][string] $ObjectName, [Parameter(Mandatory=$true)][string] $APIPath, [Parameter(Mandatory=$true)][string] $Id, [System.Collections.ArrayList] $Fields ) $Params = @{ ResourcePath = $APIPath + "/$Id" Method = 'GET' } if ($Fields) { $Params.Add('RequestParams', @{ fields = ($Fields | Select-Object) -join ','}) } $APIObject = (Invoke-NimbleStorageRestAPI @Params).data $DataSetType = "NimbleStorage.$ObjectName" $APIObject.PSTypeNames.Insert(0,$DataSetType) $DataSetType = $DataSetType + ".TypeName" $APIObject.PSObject.TypeNames.Insert(0,$DataSetType) return $APIObject } function Get-NimbleStorageAPIObjectList() { param( [Parameter(Mandatory=$true)][string] $ObjectName, [Parameter(Mandatory=$true)][string] $APIPath, [hashtable] $Filters, [System.Collections.ArrayList] $Fields ) # First fetch all the objects (only id and name) matching the given filter. # Then for each of the objects, retrieve either all the details or given fields. $Params = @{ ResourcePath = $APIPath Method = 'GET' RequestParams = $Filters } # Get the list of objects matching given criteria $JSONResponseObject = (Invoke-NimbleStorageRestAPI @Params) [System.Collections.ArrayList] $APIObjects = $JSONResponseObject.data # We are expecting a list. If total items/objects on the array for this query are more than 1024, # array will send back only first 1024 objects along with total count of objects in 'totalRows'. if ($JSONResponseObject.endRow -and $JSONResponseObject.totalRows -and ($JSONResponseObject.endRow -lt $JSONResponseObject.totalRows)) { # There are more objects. Keep getting those until we reach the end. while ($JSONResponseObject.endRow -lt $JSONResponseObject.totalRows) { $Params.RequestParams.startRow = $JSONResponseObject.endRow $JSONResponseObject = Invoke-NimbleStorageRestAPI @Params $APIObjects.AddRange($JSONResponseObject.data) | out-null } } [System.Collections.ArrayList] $APIObjectsDetailed = @() # Fetch needed detailes of all the objects. foreach ($APIObject in $APIObjects) { $Params = @{ ObjectName = $ObjectName APIPath = $APIPath Id = $APIObject.id } if ($Fields) { $Params.Add('Fields', $Fields) } $APIObject = (Get-NimbleStorageAPIObject @Params) $DataSetType = "NimbleStorage.$ObjectName" $APIObject.PSTypeNames.Insert(0,$DataSetType) $DataSetType = $DataSetType + ".TypeName" $APIObject.PSObject.TypeNames.Insert(0,$DataSetType) $APIObjectsDetailed.Add($APIObject) | out-null } Write-Verbose ("Found " + $APIObjectsDetailed.Count + " objects.") return ,$APIObjectsDetailed } function New-NimbleStorageAPIObject() { param( [Parameter(Mandatory=$true)][string] $ObjectName, [Parameter(Mandatory=$true)][string] $APIPath, [Parameter(Mandatory=$true)][hashtable] $Properties ) $Params = @{ ResourcePath = $APIPath Method = 'POST' RequestParams = $Properties } $ResponseObject = (Invoke-NimbleStorageRestAPI @Params) $APIObject = $ResponseObject.data if ($APIObject) {$DataSetType = "NimbleStorage.$ObjectName" $APIObject.PSTypeNames.Insert(0,$DataSetType) $DataSetType = $DataSetType + ".TypeName" $APIObject.PSObject.TypeNames.Insert(0,$DataSetType) } else { $APIObject = $ResponseObject $DataSetType = "NimbleStorage.Messages" $APIObject.PSTypeNames.Insert(0,$DataSetType) $DataSetType = $DataSetType + ".TypeName" $APIObject.PSObject.TypeNames.Insert(0,$DataSetType) } return $APIObject } function Set-NimbleStorageAPIObject() { param( [Parameter(Mandatory=$true)][string] $ObjectName, [Parameter(Mandatory=$true)][string] $APIPath, [Parameter(Mandatory=$true)][string] $Id, [Parameter(Mandatory=$true)][hashtable] $Properties ) $Params = @{ ResourcePath = $APIPath + "/$Id" Method = 'PUT' RequestParams = $Properties } $ResponseObject = (Invoke-NimbleStorageRestAPI @Params) $APIObject = $ResponseObject.data if ($APIObject) {$DataSetType = "NimbleStorage.$ObjectName" $APIObject.PSTypeNames.Insert(0,$DataSetType) $DataSetType = $DataSetType + ".TypeName" $APIObject.PSObject.TypeNames.Insert(0,$DataSetType) } else { $APIObject = $ResponseObject $DataSetType = "NimbleStorage.Messages" $APIObject.PSTypeNames.Insert(0,$DataSetType) $DataSetType = $DataSetType + ".TypeName" $APIObject.PSObject.TypeNames.Insert(0,$DataSetType) } return $APIObject } function Remove-NimbleStorageAPIObject() { param( [Parameter(Mandatory=$true)][string] $ObjectName, [Parameter(Mandatory=$true)][string] $APIPath, [Parameter(Mandatory=$true)][string] $Id ) $Params = @{ ResourcePath = $APIPath + "/$Id" Method = 'DELETE' } $APIObject = (Invoke-NimbleStorageRestAPI @Params).data } function Invoke-NimbleStorageAPIAction() { param( [Parameter(Mandatory=$true)][string] $APIPath, [Parameter(Mandatory=$true)][string] $Action, [Parameter(Mandatory=$true)][hashtable] $Arguments, [Parameter(Mandatory=$true)][string] $ReturnType ) $Params = @{ ResourcePath = $APIPath + "/actions/$Action" Method = 'POST' RequestParams = $Arguments } if ($Arguments.id) { $id = $($Arguments.id) $Params.ResourcePath = $APIPath + "/$id/actions/$Action" $Arguments.Remove('id') } $ResponseObject = (Invoke-NimbleStorageRestAPI @Params) if ($ReturnType -eq "void") { # Return empty object return $ResponseObject } $APIObject = $ResponseObject.data $DataSetType = "NimbleStorage.$ReturnType" $APIObject.PSTypeNames.Insert(0,$DataSetType) $DataSetType = $DataSetType + ".TypeName" $APIObject.PSObject.TypeNames.Insert(0,$DataSetType) return $APIObject } function ValidateServerCertificate() { param( [Parameter(Mandatory,Position=0)] [string]$Group ) $Code = @' using System; using System.Collections.Generic; using System.Net.Http; using System.Net.Security; using System.Security.Cryptography.X509Certificates; namespace CertificateCapture { public class Utility { public static Func<HttpRequestMessage,X509Certificate2,X509Chain,SslPolicyErrors,Boolean> ValidationCallback = (message, cert, chain, errors) => { var newCert = new X509Certificate2(cert); var newChain = new X509Chain(); newChain.Build(newCert); CapturedCertificates.Add(new CapturedCertificate(){ Certificate = newCert, CertificateChain = newChain, PolicyErrors = errors, URI = message.RequestUri }); return true; }; public static List<CapturedCertificate> CapturedCertificates = new List<CapturedCertificate>(); } public class CapturedCertificate { public X509Certificate2 Certificate { get; set; } public X509Chain CertificateChain { get; set; } public SslPolicyErrors PolicyErrors { get; set; } public Uri URI { get; set; } } } '@ if ($PSEdition -ne 'Core'){ $webrequest=[net.webrequest]::Create("https://$Group") try { $response=$webrequest.getresponse() } catch {} $cert=$webrequest.servicepoint.certificate if($cert -ne $null){ $Thumbprint = $webrequest.ServicePoint.Certificate.GetCertHashString() $bytes=$cert.export([security.cryptography.x509certificates.x509contenttype]::cert) $tfile=[system.io.path]::getTempFileName() set-content -value $bytes -encoding byte -path $tfile $certdetails = $cert | select * | ft -AutoSize | Out-String if ($($GlobalImportServerCertificate)) { try{ $output =import-certificate -filepath $tfile -certStoreLocation 'Cert:\localmachine\Root' $certdetails = $output | select -Property Thumbprint,subject | ft -AutoSize | Out-String } catch{ Write-Error "Failed to import the server certificate `n`n $_.Exception.Message" -ErrorAction Stop } Write-Host "Successfully imported the server certificate `n $certdetails" } else{ if((Get-ChildItem -Path Cert:\LocalMachine\root | Where-Object {$_.Thumbprint -eq $Thumbprint})){ } else{ write-Error "The security certificate presented by host $Group was not issued by a trusted certificate authority. Please verify the certificate details shown below and use ImportServerCertificate command line parameter to proceed. `n $certdetails `n`n" -ErrorAction Stop } } ResolveIPtoHost $cert.subject $Group } else{ Write-Error "Failed to import the server certificate `n`n" -ErrorAction Stop } }else { Add-Type $Code $Certs = [CertificateCapture.Utility]::CapturedCertificates $Handler = [System.Net.Http.HttpClientHandler]::new() $Handler.ServerCertificateCustomValidationCallback = [CertificateCapture.Utility]::ValidationCallback $Client = [System.Net.Http.HttpClient]::new($Handler) $Url = "https://$Group" $Result = $Client.GetAsync($Url).Result $cert= $Certs[-1].Certificate if($certs -ne $null){ $certdetails = $cert | select -Property Thumbprint,subject | ft -AutoSize | Out-String if ($($GlobalImportServerCertificate)) { $bytes=$cert.export([security.cryptography.x509certificates.x509contenttype]::cert) $OpenFlags = [System.Security.Cryptography.X509Certificates.OpenFlags] $store = new-object system.security.cryptography.X509Certificates.X509Store -argumentlist "Root","LocalMachine" try{ $Store.Open($OpenFlags::ReadWrite) $Store.Add($Cert) $Store.Close() Write-Host "Successfully imported the server certificate `n $certdetails" } catch{ Write-Error "Failed to import the server certificate `n`n $_.Exception.Message" -ErrorAction Stop } } else { if((Get-ChildItem -Path Cert:\LocalMachine\root | Where-Object {$_.Thumbprint -eq $cert.Thumbprint})){ } else{ write-Error "The security certificate presented by host $Group was not issued by a trusted certificate authority. Please verify the certificate details shown below and use ImportServerCertificate command line parameter to proceed. `n $certdetails `n`n" -ErrorAction Stop } } ResolveIPtoHost $cert.subject $Group } else{ Write-Error "Failed to import the server certificate `n`n" -ErrorAction Stop } } } function ResolveIPtoHost{ param( [Parameter(Mandatory)] [string]$CertSubject, [Parameter(Mandatory)] [string]$Group ) # we will check if the host name given as input matches the host name in the certificate. # if IP is given as input and the certificate has hostname (FQDN) then we will use the hostname name but # before that we will ensurelookup from hostname to IP works. $cert_hostname = ($CertSubject.Substring(($CertSubject.IndexOf("=")+1),($CertSubject.IndexOf(",")-3))).trim() # check if the input and cert hostname matches, if yes we are good to go # Else the input must have ben the IP address, we will if cert hostname can be resolved to match the input hostname (IP). if ($Group -ne $cert_hostname) { # we will look up the DNS to resolve the cert_hostname. # we could do this with either cert hostname or ibput hostname(IP), but cert hostname has better chance of getting resolved. try { $resolved_name = [System.Net.DNS]::GetHostEntry($cert_hostname).AddressList $resolved_name = $resolved_name | select -ExpandProperty IPAddressToString # $Group = $resolved_name # will come here if the host got resolved. Write-Verbose " $cert_hostname is host-name for provided input $Group IP address" if ($resolved_name -ne $Group) { # most probably this will not happen, just to be defensive adding this code. # this is the same host as the certificate hostname got resolved to the input hostname(IP) # we will start using the cert hostname for all the calls from this point in this session. Write-Error "Unable to resolve the certificate hostname to match the provided input hostname/IP. `n`n $_.Exception.Message" -ErrorAction Stop } else { # we are good to go. Write-Verbose " Resolved name and input name matches: $Group IP address" $global:Group = $cert_hostname } } catch { # unable to resolve the cert hostname. Host not reachable. Error out!. Write-Error "Unable to resolve the certificate hostname. Host not reachable. `n`n $_.Exception.Message" -ErrorAction Stop } } else { # we are good to go. Write-Verbose "Host-name given as input matches with certificate name" } } Function APIExceptionHandler { #Exception message handle differently for core and non core environment #GetResponseStream method does not work in core environment if(Get-Member -inputobject $_.Exception.Response -name "GetResponseStream" -Membertype Method) { $JsonResponse = $_.Exception.Response.GetResponseStream() $reader = New-Object System.IO.StreamReader($JsonResponse) $reader.BaseStream.Position = 0 $reader.DiscardBufferedData() $responseBody = $reader.ReadToEnd(); if (($responseBody | ConvertFrom-Json).messages -ne $null) { foreach( $errorMsg in ($responseBody | ConvertFrom-Json).messages) { if($errorMsg.text -ne $null) {$exceptionString += $errorMsg.text + " "} } throw [System.Exception] $exceptionString } else { throw $_.Exception } } else { $responseBody = $_.ErrorDetails if (($responseBody | ConvertFrom-Json).messages -ne $null) { foreach( $errorMsg in ($responseBody | ConvertFrom-Json).messages) { if($errorMsg.text -ne $null) {$exceptionString += $errorMsg.text + " "} } throw [System.Exception] $exceptionString } else { throw $_.Exception } } } # SIG # Begin signature block # MIIeLgYJKoZIhvcNAQcCoIIeHzCCHhsCAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCDidTDS8U60Ltza # 425ucKonwVu33bD4r6ZjtGmnBlXjaqCCGSUwggPuMIIDV6ADAgECAhB+k+v7fMZO # WepLmnfUBvw7MA0GCSqGSIb3DQEBBQUAMIGLMQswCQYDVQQGEwJaQTEVMBMGA1UE # CBMMV2VzdGVybiBDYXBlMRQwEgYDVQQHEwtEdXJiYW52aWxsZTEPMA0GA1UEChMG # VGhhd3RlMR0wGwYDVQQLExRUaGF3dGUgQ2VydGlmaWNhdGlvbjEfMB0GA1UEAxMW # VGhhd3RlIFRpbWVzdGFtcGluZyBDQTAeFw0xMjEyMjEwMDAwMDBaFw0yMDEyMzAy # MzU5NTlaMF4xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3Jh # dGlvbjEwMC4GA1UEAxMnU3ltYW50ZWMgVGltZSBTdGFtcGluZyBTZXJ2aWNlcyBD # QSAtIEcyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsayzSVRLlxwS # CtgleZEiVypv3LgmxENza8K/LlBa+xTCdo5DASVDtKHiRfTot3vDdMwi17SUAAL3 # Te2/tLdEJGvNX0U70UTOQxJzF4KLabQry5kerHIbJk1xH7Ex3ftRYQJTpqr1SSwF # eEWlL4nO55nn/oziVz89xpLcSvh7M+R5CvvwdYhBnP/FA1GZqtdsn5Nph2Upg4XC # YBTEyMk7FNrAgfAfDXTekiKryvf7dHwn5vdKG3+nw54trorqpuaqJxZ9YfeYcRG8 # 4lChS+Vd+uUOpyyfqmUg09iW6Mh8pU5IRP8Z4kQHkgvXaISAXWp4ZEXNYEZ+VMET # fMV58cnBcQIDAQABo4H6MIH3MB0GA1UdDgQWBBRfmvVuXMzMdJrU3X3vP9vsTIAu # 3TAyBggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9vY3NwLnRoYXd0 # ZS5jb20wEgYDVR0TAQH/BAgwBgEB/wIBADA/BgNVHR8EODA2MDSgMqAwhi5odHRw # Oi8vY3JsLnRoYXd0ZS5jb20vVGhhd3RlVGltZXN0YW1waW5nQ0EuY3JsMBMGA1Ud # JQQMMAoGCCsGAQUFBwMIMA4GA1UdDwEB/wQEAwIBBjAoBgNVHREEITAfpB0wGzEZ # MBcGA1UEAxMQVGltZVN0YW1wLTIwNDgtMTANBgkqhkiG9w0BAQUFAAOBgQADCZuP # ee9/WTCq72i1+uMJHbtPggZdN1+mUp8WjeockglEbvVt61h8MOj5aY0jcwsSb0ep # rjkR+Cqxm7Aaw47rWZYArc4MTbLQMaYIXCp6/OJ6HVdMqGUY6XlAYiWWbsfHN2qD # IQiOQerd2Vc/HXdJhyoWBl6mOGoiEqNRGYN+tjCCBKMwggOLoAMCAQICEA7P9DjI # /r81bgTYapgbGlAwDQYJKoZIhvcNAQEFBQAwXjELMAkGA1UEBhMCVVMxHTAbBgNV # BAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMTAwLgYDVQQDEydTeW1hbnRlYyBUaW1l # IFN0YW1waW5nIFNlcnZpY2VzIENBIC0gRzIwHhcNMTIxMDE4MDAwMDAwWhcNMjAx # MjI5MjM1OTU5WjBiMQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29y # cG9yYXRpb24xNDAyBgNVBAMTK1N5bWFudGVjIFRpbWUgU3RhbXBpbmcgU2Vydmlj # ZXMgU2lnbmVyIC0gRzQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCi # Yws5RLi7I6dESbsO/6HwYQpTk7CY260sD0rFbv+GPFNVDxXOBD8r/amWltm+YXkL # W8lMhnbl4ENLIpXuwitDwZ/YaLSOQE/uhTi5EcUj8mRY8BUyb05Xoa6IpALXKh7N # S+HdY9UXiTJbsF6ZWqidKFAOF+6W22E7RVEdzxJWC5JH/Kuu9mY9R6xwcueS51/N # ELnEg2SUGb0lgOHo0iKl0LoCeqF3k1tlw+4XdLxBhircCEyMkoyRLZ53RB9o1qh0 # d9sOWzKLVoszvdljyEmdOsXF6jML0vGjG/SLvtmzV4s73gSneiKyJK4ux3DFvk6D # Jgj7C72pT5kI4RAocqrNAgMBAAGjggFXMIIBUzAMBgNVHRMBAf8EAjAAMBYGA1Ud # JQEB/wQMMAoGCCsGAQUFBwMIMA4GA1UdDwEB/wQEAwIHgDBzBggrBgEFBQcBAQRn # MGUwKgYIKwYBBQUHMAGGHmh0dHA6Ly90cy1vY3NwLndzLnN5bWFudGVjLmNvbTA3 # BggrBgEFBQcwAoYraHR0cDovL3RzLWFpYS53cy5zeW1hbnRlYy5jb20vdHNzLWNh # LWcyLmNlcjA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vdHMtY3JsLndzLnN5bWFu # dGVjLmNvbS90c3MtY2EtZzIuY3JsMCgGA1UdEQQhMB+kHTAbMRkwFwYDVQQDExBU # aW1lU3RhbXAtMjA0OC0yMB0GA1UdDgQWBBRGxmmjDkoUHtVM2lJjFz9eNrwN5jAf # BgNVHSMEGDAWgBRfmvVuXMzMdJrU3X3vP9vsTIAu3TANBgkqhkiG9w0BAQUFAAOC # AQEAeDu0kSoATPCPYjA3eKOEJwdvGLLeJdyg1JQDqoZOJZ+aQAMc3c7jecshaAba # tjK0bb/0LCZjM+RJZG0N5sNnDvcFpDVsfIkWxumy37Lp3SDGcQ/NlXTctlzevTcf # Q3jmeLXNKAQgo6rxS8SIKZEOgNER/N1cdm5PXg5FRkFuDbDqOJqxOtoJcRD8HHm0 # gHusafT9nLYMFivxf1sJPZtb4hbKE4FtAC44DagpjyzhsvRaqQGvFZwsL0kb2yK7 # w/54lFHDhrGCiF3wPbRRoXkzKy57udwgCRNx62oZW8/opTBXLIlJP7nPf8m/PiJo # Y1OavWl0rMUdPH+S4MO8HNgEdTCCBVEwggQ5oAMCAQICECqVMhjhC0t7b9FLKp7D # DSYwDQYJKoZIhvcNAQELBQAwgb0xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJp # U2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazE6MDgG # A1UECxMxKGMpIDIwMDggVmVyaVNpZ24sIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1 # c2Ugb25seTE4MDYGA1UEAxMvVmVyaVNpZ24gVW5pdmVyc2FsIFJvb3QgQ2VydGlm # aWNhdGlvbiBBdXRob3JpdHkwHhcNMTYwNTEyMDAwMDAwWhcNMjYwNTExMjM1OTU5 # WjCBkTELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9u # MR8wHQYDVQQLExZTeW1hbnRlYyBUcnVzdCBOZXR3b3JrMUIwQAYDVQQDEzlTeW1h # bnRlYyBDbGFzcyAzIEV4dGVuZGVkIFZhbGlkYXRpb24gQ29kZSBTaWduaW5nIENB # IC0gRzMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClkJSyzhW9r1AZ # 4MTOCmjo+GgcPOUrzgtLV96hvRp2z8efNLEAbXj5JuXMmax0xp7gbOEtkSCTh2tu # hGzVLlIX0I/Z6uz87CDyDdo/bZwl0dv7IOzw0P9LELa5ORGN9gyiTE+4Hfd90OXP # 91wzgGak1iJve+N4FwYF9MbGlLf+y1Yqfg/6GPNIA02nbha3FRt93C/bQw4pHtF4 # b2gYG7eCy35Yj9jSmH+QTbvHCzxx/szEy/ajQhCsHcqD/JG+LKqAr7eZaUZx05Ug # mc1RLpX4rBIefOK0ImkuC8AXfKD97VymLiIrZf99zTGkY6zfIuWTfKJOgsITLL8c # iyI9q2btAgMBAAGjggF1MIIBcTAuBggrBgEFBQcBAQQiMCAwHgYIKwYBBQUHMAGG # Emh0dHA6Ly9zLnN5bWNkLmNvbTASBgNVHRMBAf8ECDAGAQH/AgEAMGAGA1UdIARZ # MFcwVQYFZ4EMAQMwTDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9j # cHMwJQYIKwYBBQUHAgIwGRoXaHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwNgYDVR0f # BC8wLTAroCmgJ4YlaHR0cDovL3Muc3ltY2IuY29tL3VuaXZlcnNhbC1yb290LmNy # bDAWBgNVHSUBAf8EDDAKBggrBgEFBQcDAzAOBgNVHQ8BAf8EBAMCAQYwKQYDVR0R # BCIwIKQeMBwxGjAYBgNVBAMTEVN5bWFudGVjUEtJLTItMzg4MB0GA1UdDgQWBBSr # ixFJCyoCYnVKm8UCIKCE0kv43jAfBgNVHSMEGDAWgBS2d/ppSEefUxLVwuoHMnYH # 0ZcHGTANBgkqhkiG9w0BAQsFAAOCAQEAMDGoEX4Zrh0009LXzLAcygGhShZfaMXK # TQVZAfT8hQqnzx+wHCBkCUEYErTj3TIzcpkTK0hdSZYRIue5xG8FME1srDO+TU8i # YtbxZyoWe8aMjg65lgCdDmQBkmTqN/gEfhFib4wsnF0LuP/df0DM6IjynSY0SbQf # vflbP3hzLoH6aRrzlI+VMH7CtNiVJdJ6/oo46LBv9m858M76hFYQf1anxRRgtE9a # OYFKrOEyYEsOFKD1HqFIQ5dZkb0daGaYMACLwlnUfvaFG3p/uttlaA6tbnO2VDn0 # aAOFfKG8U7M7oYI/eCQ1AqSuhYbCBeeAdVwFkXntqo2HaSaKF4HnwzCCBY0wggN1 # oAMCAQICCmEtI8sAAAAAACEwDQYJKoZIhvcNAQEFBQAwfzELMAkGA1UEBhMCVVMx # EzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoT # FU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEpMCcGA1UEAxMgTWljcm9zb2Z0IENvZGUg # VmVyaWZpY2F0aW9uIFJvb3QwHhcNMTEwMjIyMTk0NjM5WhcNMjEwMjIyMTk1NjM5 # WjCBvTELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYD # VQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwOCBW # ZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MTgwNgYDVQQD # Ey9WZXJpU2lnbiBVbml2ZXJzYWwgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0 # eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMdhN16xATTbYtcVm/9Y # WowjI9ZgjpHXkJiDeuZYGTiMxfblZIW0onH77b252s1NALTILXOlx2lxlR85PLJE # B5zoDvpNSsQh3ylhjzIiYYLFhx9ujHxfFiBRRNFwT1fq4xzjzHnuWNgOwrNFk8As # 55oXK3sAN3pBM3jhM+LzEBp/hyy+9vX3QuLlv4diiV8AS9/F3eR1RDJBOh5xbmnL # C3VGCNHK0iuV0M/7uUBrZIxXTfwTEXmE7V5U9jSfCAHzECUGF0ra8R16ZmuYYGak # 2e/SLoLx8O8J6kTJFWriA24z06yfVQDH9ghqlLlf3OAz8YRg+VsnEbT8FvK7VmqA # JY0CAwEAAaOByzCByDARBgNVHSAECjAIMAYGBFUdIAAwDwYDVR0TAQH/BAUwAwEB # /zALBgNVHQ8EBAMCAYYwHQYDVR0OBBYEFLZ3+mlIR59TEtXC6gcydgfRlwcZMB8G # A1UdIwQYMBaAFGL7CiFbf0NuEdoJVFBr9dKWcfGeMFUGA1UdHwROMEwwSqBIoEaG # RGh0dHA6Ly9jcmwubWljcm9zb2Z0LmNvbS9wa2kvY3JsL3Byb2R1Y3RzL01pY3Jv # c29mdENvZGVWZXJpZlJvb3QuY3JsMA0GCSqGSIb3DQEBBQUAA4ICAQBZR1KaNEM9 # sBPEMrj4N9lVUA0qpGdnM5TJ/9j1DKyNWjmDSG2yu0OPewvzW680ek+etwjn/gE4 # Ed4vO5w+lguyUILmtVW0YJYTSO0nLSUCcjiz82VZimIzdtVs+ZX0nTVMg6DBZ/yD # tXaTxuhSG1m5uoWUCjvRKAUbGQzzIxdlRngO2XNKwLw9wEjhpPiH5RbhVodlOOEA # F6IeRCv2T1opPLAbuF9lS0jrapgpXlfi9WLYQ0ezLmoTQad9OCMGDfdc5n+6zWUE # klJSJmCoozwiDa23ukwyb1Leq5txyZ7ovp9epq13120llVYqGEPCzMFu4c7fRe/+ # t1EqfJi0/maDn2ts7HTVnzIfJDtDOtEEHQBKW6XSbWZMyMFN7MMBNcG4ef3gxvao # KaCSjT1Dd3imHkzCOARY6zqDNATGNE4TRbJbci9yak/lGnwYa0TjyFgfjnEMgGtO # K3s8+Erjk5LEsJq8pmG303zKcPX6/80HotnoEcxsRFCfcbCC0jamWXO9twtbaYZ7 # pR/HncHSCt0uTMIxtocqjRB6+qd+PF/wsKD1RQXeeRJ6AoXxHorTmYcXKVy+dVjW # eQEGlWM5+wUWxz1JUaz6a5gtzJdurLPDb4KcAJZ/JA3pWUBhs2TbuflBobnu2ViN # /wRXztj+6v9nW84T/Jz89uFmzaOg3XcRsjCCBaIwggSKoAMCAQICECgySelARPT/ # zK7u5NtdMXYwDQYJKoZIhvcNAQELBQAwgZExCzAJBgNVBAYTAlVTMR0wGwYDVQQK # ExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3Qg # TmV0d29yazFCMEAGA1UEAxM5U3ltYW50ZWMgQ2xhc3MgMyBFeHRlbmRlZCBWYWxp # ZGF0aW9uIENvZGUgU2lnbmluZyBDQSAtIEczMB4XDTE4MTExOTAwMDAwMFoXDTIx # MTExODIzNTk1OVowggEjMRMwEQYLKwYBBAGCNzwCAQMTAlVTMRkwFwYLKwYBBAGC # NzwCAQIMCERlbGF3YXJlMRkwFwYLKwYBBAGCNzwCAQEMCFNhbiBKb3NlMR0wGwYD # VQQPExRQcml2YXRlIE9yZ2FuaXphdGlvbjEQMA4GA1UEBRMHNTY5OTI2NTELMAkG # A1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExETAPBgNVBAcMCFNhbiBKb3Nl # MSswKQYDVQQKDCJIZXdsZXR0IFBhY2thcmQgRW50ZXJwcmlzZSBDb21wYW55MRYw # FAYDVQQLDA1OaW1ibGVzdG9yYWdlMSswKQYDVQQDDCJIZXdsZXR0IFBhY2thcmQg # RW50ZXJwcmlzZSBDb21wYW55MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC # AQEApZKrB2yQ1oxnRf02qfhEqvYFzXfVlTmlLcVbIEY9G6ZLawW0JNp+t1n2LXFA # vR0Xcpw0cUUECeQz8iDj5Q05H9MiUAPuyycPE3F9gbTsZfE+YCWiCgjazoJZDWaY # uNmgk8dwapwGyMq+f2zD85nVu46MH1I8GfTayHdLYvt0WeVDUu4kNhqwvQGU7PJ7 # 2V5LKy+rKEPAyxi/crvA2nIujGLsR7jP9kG6kxljctjwXtEyDpbZocrPOoNo/9fz # ruYuod50HporzRpBjcLgxUV86qIsdAUgbv+BVrXpo7hTWrwcNRmzBHEh6JEw5oeN # 7xVF2G1ZRTZT4JALj9FHHUYuwwIDAQABo4IBXzCCAVswCQYDVR0TBAIwADAOBgNV # HQ8BAf8EBAMCB4AwKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3JoLnN5bWNiLmNv # bS9yaC5jcmwwYAYDVR0gBFkwVzBVBgVngQwBAzBMMCMGCCsGAQUFBwIBFhdodHRw # czovL2Quc3ltY2IuY29tL2NwczAlBggrBgEFBQcCAjAZDBdodHRwczovL2Quc3lt # Y2IuY29tL3JwYTAWBgNVHSUBAf8EDDAKBggrBgEFBQcDAzAfBgNVHSMEGDAWgBSr # ixFJCyoCYnVKm8UCIKCE0kv43jAdBgNVHQ4EFgQULA5bT8p6B+zgEwzg4yivfm+c # 6NMwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vcmguc3ltY2Qu # Y29tMCYGCCsGAQUFBzAChhpodHRwOi8vcmguc3ltY2IuY29tL3JoLmNydDANBgkq # hkiG9w0BAQsFAAOCAQEAcUxJyMwdcdcm/pxmPQrCHVSmHDYN+gsvmvN05h3S9Pw8 # fdZTdbB8myyqxTovG88hCVWPvnPvc+h6B0Ngs4fY1F/EwZi7D1G77g+8ESNakk55 # XePmszzK5tyAXq3CfqGQNsjkax9orswmCi9c6CXMq5XuYKQkwdvwsNOo8TqZP3MN # RHthFpq+HFX1iKIKdTtEtl3sfC2Ym/KAX/GTImD5dihOiVDDtkS0FVtRJxtd0OYk # 7QFalaWQAX6AyYgGVx2hnsC/B/gN1B2n4qIMpGUwVOCnR8nu7N9NkNg/7IRiy3/X # A2MJq/DwSgAtqRpy3v9JH/HVY/SFHmoAun+ODiB2ojGCBF8wggRbAgEBMIGmMIGR # MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAd # BgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxQjBABgNVBAMTOVN5bWFudGVj # IENsYXNzIDMgRXh0ZW5kZWQgVmFsaWRhdGlvbiBDb2RlIFNpZ25pbmcgQ0EgLSBH # MwIQKDJJ6UBE9P/Mru7k210xdjANBglghkgBZQMEAgEFAKB8MBAGCisGAQQBgjcC # AQwxAjAAMBkGCSqGSIb3DQEJAzEMBgorBgEEAYI3AgEEMBwGCisGAQQBgjcCAQsx # DjAMBgorBgEEAYI3AgEVMC8GCSqGSIb3DQEJBDEiBCDtPNeAq5twppV5CGqlA6P9 # 3qr5K1V8miepL/NXADZFtjANBgkqhkiG9w0BAQEFAASCAQA0v+m7KkLq6+n42OSO # EFXGlpbsM8MezE8Ram4aOG90wmtmJ02e80GYMqegcYb8t+7csdDXzgNdu7YRwDUp # /kiyyMhgpynL+HTF1/ggejArTHuuPam+mScuOil2ZycbPs8JEOTIp91KjIWG1QVG # YlbRrMl6Mf6xPvoMGFvGhAZreZfxUaH8WaWfyc3FK3Wz8y310VEBTN7Kv2xq5TFa # pJlE+AZhz0a1QRh6DqHJs7KORAofE1AXqWKVOWRafuuUhdWsnaRPcpCIYtXSAGN0 # ke9Vf0/I4bBbSV0NXMrSkZmGf3U5DyfC4RPZJlpfcZXhmj+FW83MJPE22fuO+rsN # 61AQoYICCzCCAgcGCSqGSIb3DQEJBjGCAfgwggH0AgEBMHIwXjELMAkGA1UEBhMC # VVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMTAwLgYDVQQDEydTeW1h # bnRlYyBUaW1lIFN0YW1waW5nIFNlcnZpY2VzIENBIC0gRzICEA7P9DjI/r81bgTY # apgbGlAwCQYFKw4DAhoFAKBdMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJ # KoZIhvcNAQkFMQ8XDTE5MDQxMDExMTUzOFowIwYJKoZIhvcNAQkEMRYEFK1pVd7M # W2pb2lar7ZOhYduKgMILMA0GCSqGSIb3DQEBAQUABIIBAFtboIvr8PtuRhXzzl4Z # BXNqmyHnnBgYy0H+wRdNwFFMf+SyGXj9pVKQ/oonlp3P5PyHwJz1b8oSkQE7D1Js # jRgPSt35p3RjN3FDFJafj2p4D9aYSu3ZaceRr6iVZ4ImC/cO74/9JvkDDP4U8DN8 # AFrVGImV/QVtotBV6OZp3zlI+aXY1oMJyrbTPYMvGmTiWLBff1uFmssaNVgRoHl2 # 6RWm6O3xXZ1SNAqqJpRPxiVCrtxqbpi+Y4HQpOPPiA9XNwfCI7fZosnBkMJ5umD7 # lz47JunNsv/jFz0Zbz8CO0rWqV4fZ5hlYVYYx+oyw7tC3hYrTBu10Eb9EdxMk4eE # PKs= # SIG # End signature block |