AzureValidation/Microsoft.AzureStack.AzureValidation.Internal.psm1
|
<#############################################################
# # # Copyright (C) Microsoft Corporation. All rights reserved. # # # #############################################################> Import-LocalizedData LocalizedData -BaseDirectory $PSScriptRoot -Filename Microsoft.AzureStack.AzureValidation.Strings.psd1 # Call install code to check Service Administrator Function Test-AzsServiceAdministrator { [OutputType([Hashtable])] [CmdletBinding()] Param( [Parameter(Mandatory=$true)] [pscredential] $AADServiceAdministrator, [Parameter(Mandatory=$true)] [string] $AzureEnvironment, [Parameter(Mandatory=$true)] [string] $AADDirectoryTenantName ) $thisFunction = $MyInvocation.MyCommand.Name $null = Import-Module $PSScriptRoot\AzureADConfiguration.psm1 -force $ErrorDetails = @() $err = $null Write-Log -message "Starting: Get-AzureADTenantDetails with credential" -function $thisFunction try { $tenantDetails = Get-AzureADTenantDetails -AzureEnvironment $AzureEnvironment -AADAdminCredential $AADServiceAdministrator -AADDirectoryTenantName $AADDirectoryTenantName } catch { $err = $_ } # MFA should rerun Get-AzureADTenantDetails with no creds so the user is prompted if ($err.exception.innerexception.errorcode -eq 'interaction_required') { try { Write-Log -message "Starting: Get-AzureADTenantDetails with no credential, Multi-Factor Authentication required." -function $thisFunction Clear-Variable err $tenantDetails = Get-AzureADTenantDetails -AzureEnvironment $AzureEnvironment -AADDirectoryTenantName $AADDirectoryTenantName } catch { $err = $_ } } if ($err) { if ($err.ErrorRecord.Exception.Message -match 'is not an administrator of the Azure Active Directory tenant') { $ErrorDetails += ($LocalizedData.NotAdminOfTenant -f $AADServiceAdministrator.UserName,$AADDirectoryTenantName ) Write-Log -message ("Get-AzureADTenantDetails failed with: {0}" -f $LocalizedData.NotAdminOfTenant) -function $thisFunction -type Error $result = 'Fail' } elseif ($err.exception.innerexception.errorcode -eq 'unknown_user_type') { $errorDetails += ($LocalizedData.UnknownUserType -f $credential.UserName, $AzureEnvironment) Write-Log -message ($LocalizedData.UnknownUserType -f $credential.UserName, $AzureEnvironment) -function $thisFunction -type Error $result = 'Fail' } elseif ($err.exception.innerexception.errorcode -eq 'user_password_expired') { $errorDetails += ($LocalizedData.ForceResetPassword -f $credential.UserName) Write-Log -message ($LocalizedData.ForceResetPassword -f $credential.UserName) -function $thisFunction -type Error $result = 'Fail' } elseif ($err.exception.InnerException.ErrorCode -eq 'invalid_grant') { $errorDetails += ($LocalizedData.AccountDisabled -f $credential.UserName) Write-Log -message $errorDetails -function $thisFunction -type Error $result = 'Fail' } else { $errorDetails += ($LocalizedData.testfailed -f $thisFunction, $err.exception) Write-Log -message $errorDetails -function $thisFunction -type Error $result = 'Fail' } } if ($tenantDetails) { $result = 'OK' Write-Log -message "Get-AzureADTenantDetails completed" -function $thisFunction } @{'Test' = 'ServiceAdministrator';'Result' = $result; 'errorDetails' = $errorDetails; 'Assets' = @{'AADServiceAdmin' = $AADServiceAdministrator.UserName; 'AzureEnvironment' = $AzureEnvironment; 'AADDirectoryTenantName' = $AADDirectoryTenantName}} } Function Test-AzsRegistrationAccount { [OutputType([Hashtable])] [CmdletBinding()] Param( [Parameter(Mandatory=$true)] [psobject] $subscription, [Parameter(Mandatory=$true)] [string] $subscriptionId ) $thisFunction = $MyInvocation.MyCommand.Name $errorDetail = @() $supportedSubscriptionTypes = 'EnterpriseAgreement_','CSP_','Sponsored_','Internal_' Write-Log -message ("Testing if subscription {0} is one of type {1}" -f $subscription.subscriptionid,($supportedSubscriptionTypes -join ',')) -function $thisFunction foreach ($supportedSubscriptionType in $supportedSubscriptionTypes) { if ($subscription.subscriptionPolicies.quotaId -match $supportedSubscriptionType) { $supported = $true Write-Log -message ("Success subscription {0} is of type {1}" -f $subscription.subscriptionid,$subscription.subscriptionPolicies.quotaId) -function $thisFunction break } else { $supported = $false Write-Log -message ("Subscription {0} is of type {1}" -f $subscription.subscriptionid,$subscription.subscriptionPolicies.quotaId) -function $thisFunction -type Error } } # If both subscription types don't match, give one failure reason. if ($supported -ne $true) { $errorDetail += ($LocalizedData.SubscriptionNotSupported -f $subscription.subscriptionid,$subscription.subscriptionPolicies.quotaId) Write-Log -message ($LocalizedData.SubscriptionNotSupported -f $subscription.subscriptionid,$subscription.subscriptionPolicies.quotaId) -function $thisFunction -type Error } # Check subscription is enabled if ($subscription.state -eq 'Enabled') { $enabled = $true Write-Log -message ("Subscription {0} is enabled" -f $subscription.subscriptionid) -function $thisFunction } else { $enabled = $false $errorDetail += ($LocalizedData.SubscriptionNotEnabled -f $subscription.subscriptionid) Write-Log -message ($LocalizedData.SubscriptionNotEnabled -f $subscription.subscriptionid) -function $thisFunction } # Check subscriptions match Write-Log -message ("Checking subscription {0} matches given subscription {1}" -f $subscription.subscriptionid, $subscriptionid) -function $thisFunction if ($subscription.subscriptionid -eq $subscriptionid) { $subscriptionMatch = $true Write-Log -message ("Subscription {0} matches given subscription {1}" -f $subscription.subscriptionid, $subscriptionid) -function $thisFunction } Else { $subscriptionMatch = $false $errorDetail += ($LocalizedData.SubscriptionNotMatch -f $subscription.subscriptionid, $subscriptionid) Write-Log -message ($LocalizedData.SubscriptionNotMatch -f $subscription.subscriptionid, $subscriptionid) -function $thisFunction -type Error } if ($supported -AND $enabled -AND $subscriptionMatch) { $result = 'OK' Write-Log -message ("Overall check for subscription {0} is success" -f $subscription.subscriptionid) -function $thisFunction } else { $result = 'Fail' Write-Log -message ("Overall check for subscription {0} is error with detail {1}: " -f $subscription.subscriptionid, ($errorDetail -join ',')) -function $thisFunction -Type Error } @{'Test' = 'RegistrationAccount';'Result' = $result; 'errorDetails' = $errorDetail;'Assets' = @{'SubscriptionId' = $subscription.subscriptionid; 'SubscriptionType' = $subscription.subscriptionPolicies.quotaId; 'Enabled' = $enabled}} } # Get subscription detail via REST so we can see the subscription type (CSP, EA, PAYG etc.) function Get-AzureSubscriptionDetail { [OutputType([Hashtable])] [CmdletBinding()] param ([string]$tenantid, [string]$subscriptionid, [pscredential]$credential, [string]$AzureEnvironment ) $thisFunction = $MyInvocation.MyCommand.Name try { write-log -message ("TenantID: {0}" -f $tenantid) -function $thisFunction Write-Log -message ("SubscriptionId: {0}" -f $subscriptionid) -function $thisFunction $errorDetails = @() # Set well-known client ID for AzurePowerShell $clientId = "1950a258-227b-4e31-a9cf-717495945fc2" # Set redirect URI for Azure PowerShell $redirectUri = "urn:ietf:wg:oauth:2.0:oob" # Set Resource App URI as ARM Write-Log -message ("Retrieving ARMURI for {0}" -f $AzureEnvironment) -function $thisFunction $resourceAppIdURI = (Get-AzureURIs -AzureEnvironment $AzureEnvironment).ARMUri Write-Log -message ("Retrieved ARMURI {0}" -f $resourceAppIdURI) -function $thisFunction # Set Authority to Azure AD Tenant $authority = "{0}{1}" -f (Get-AzureURIs -AzureEnvironment $AzureEnvironment).LoginUri, $tenantid Write-Log -message ("Authority {0}" -f $authority) -function $thisFunction # Create Authentication Context tied to Azure AD Tenant $authContext = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext" -ArgumentList $authority # Acquire token $userCreds = new-object Microsoft.IdentityModel.Clients.ActiveDirectory.UserCredential($credential.userName, $credential.Password) try { $authResult = $authContext.AcquireToken($resourceAppIdURI, $clientId, $userCreds) } catch [Microsoft.IdentityModel.Clients.ActiveDirectory.AdalException] { if ($_.Exception.ErrorCode -eq "interaction_required") { $authResult = $authContext.AcquireToken($resourceAppIdURI, $clientId, $redirectUri, 'Always') } else { throw } } $ApiVersion = '2017-08-01' # Output bearer token $authHeader = $authResult.CreateAuthorizationHeader() $header = @{ 'Content-Type'='application/json' 'Authorization'=$authHeader } # Make Subscription call $URI = $resourceAppIdURI + "subscriptions/${subscriptionId}?api-version=$ApiVersion" Write-Log -message ("Making REST call to uri {0} for subscription details" -f $uri,$header) -function $thisFunction $subscription = Invoke-RestMethod -Uri $URI -Method GET -Headers $header # Make role assignment call for user $principalId = $authResult.UserInfo.UniqueId $roleAssignmentURI = $resourceAppIdURI +"subscriptions/${subscriptionId}/providers/Microsoft.Authorization/roleAssignments?api-version=2017-09-01&`$filter=PrincipalId eq '$principalId'" Write-Log -message ("Making call to uri {0} for role assignments of user" -f $uri) -function $thisFunction $roleAssignment = Invoke-RestMethod -Uri $roleAssignmentURI -Method GET -Headers $header $roleDefinitionIds = $roleAssignment.value.properties.roleDefinitionId Write-Log -message ("RoleAssignment IDs {0} for user" -f ($roleDefinitionIds -join ',')) -function $thisFunction # Make role assignment definition call $roleDefURI = $resourceAppIdURI +"subscriptions/${subscriptionId}/providers/Microsoft.Authorization/roleDefinitions?api-version=2015-07-01" Write-Log -message ("Get all RoleAssignment defintions from uri {0}" -f $roleDefURI) -function $thisFunction $allRoleDefs = Invoke-RestMethod -Uri $roleDefURI -Method GET -Headers $header # filter definitions on users role assignment(s) $roledef = $allRoleDefs.value | ? id -in $roleDefinitionIds Write-Log ("Resolving {0} role definition(s) from user in role definition list." -f ($roleDef.properties.roleName -join ',')) -function $thisFunction # check is role definition on user is owner if ($roleDef.properties.roleName -match 'Owner') { Write-Log ("Success. Owner present. User: {0} role(s): {1}" -f $authResult.UserInfo.DisplayableId,($roleDef.properties.roleName -join ',')) -function $thisFunction } else { Write-Log ("Error. Owner not present. User: {0} role(s): {1}" -f $authResult.UserInfo.DisplayableId,($roleDef.properties.roleName -join ',')) -function $thisFunction throw "unauthorized" } } catch { if ($_.exception.Message -match 'Forbidden|Unauthorized') { $errorDetails += ($LocalizedData.UserNotAuthorizedForSubscription -f $credential.username, $tenantid, $subscriptionid) Write-Log -message ($LocalizedData.UserNotAuthorizedForSubscription -f $credential.username, $tenantid, $subscriptionid) -function $thisFunction -type Error } else { $errorDetails += ("{0} threw an error: {1}" -f $MyInvocation.MyCommand.Name, $_) Write-Log -message ("error: {0}" -f $_) -function $thisFunction -type Error } } @{'Test' = 'GetSubscription'; 'subscription' = $subscription; 'errorDetails' = $errorDetails; 'AADDirectoryTenantName' = $tenantid; 'subscriptionid' = $subscriptionid; 'credential' = $credential.UserName; 'AzureEnvironment' = $AzureEnvironment; 'UserRole' = ($roleDef.properties.roleName -join ',')} } function Write-Log { param([string]$Message, [string]$Type = 'Info', [string]$Function ) $outfile = "$PSScriptRoot\AADChecker.log" $entry = "[{0}] [{1}] [{2}] {3}" -f ([datetime]::now).tostring(), $type, $function, $message $entry | Out-File -FilePath $outfile -Append -Force } # SIG # Begin signature block # MIIkewYJKoZIhvcNAQcCoIIkbDCCJGgCAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCDphDB+gtUnPU8N # ljhBV5HrO1Fe8l2JtWfidSKi9MYvnKCCDYEwggX/MIID56ADAgECAhMzAAABA14l # HJkfox64AAAAAAEDMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMRMwEQYD # VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNpZ25p # bmcgUENBIDIwMTEwHhcNMTgwNzEyMjAwODQ4WhcNMTkwNzI2MjAwODQ4WjB0MQsw # CQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9u # ZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYDVQQDExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB # AQDRlHY25oarNv5p+UZ8i4hQy5Bwf7BVqSQdfjnnBZ8PrHuXss5zCvvUmyRcFrU5 # 3Rt+M2wR/Dsm85iqXVNrqsPsE7jS789Xf8xly69NLjKxVitONAeJ/mkhvT5E+94S # nYW/fHaGfXKxdpth5opkTEbOttU6jHeTd2chnLZaBl5HhvU80QnKDT3NsumhUHjR # hIjiATwi/K+WCMxdmcDt66VamJL1yEBOanOv3uN0etNfRpe84mcod5mswQ4xFo8A # DwH+S15UD8rEZT8K46NG2/YsAzoZvmgFFpzmfzS/p4eNZTkmyWPU78XdvSX+/Sj0 # NIZ5rCrVXzCRO+QUauuxygQjAgMBAAGjggF+MIIBejAfBgNVHSUEGDAWBgorBgEE # AYI3TAgBBggrBgEFBQcDAzAdBgNVHQ4EFgQUR77Ay+GmP/1l1jjyA123r3f3QP8w # UAYDVR0RBEkwR6RFMEMxKTAnBgNVBAsTIE1pY3Jvc29mdCBPcGVyYXRpb25zIFB1 # ZXJ0byBSaWNvMRYwFAYDVQQFEw0yMzAwMTIrNDM3OTY1MB8GA1UdIwQYMBaAFEhu # ZOVQBdOCqhc3NyK1bajKdQKVMFQGA1UdHwRNMEswSaBHoEWGQ2h0dHA6Ly93d3cu # bWljcm9zb2Z0LmNvbS9wa2lvcHMvY3JsL01pY0NvZFNpZ1BDQTIwMTFfMjAxMS0w # Ny0wOC5jcmwwYQYIKwYBBQUHAQEEVTBTMFEGCCsGAQUFBzAChkVodHRwOi8vd3d3 # Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NlcnRzL01pY0NvZFNpZ1BDQTIwMTFfMjAx # MS0wNy0wOC5jcnQwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQsFAAOCAgEAn/XJ # Uw0/DSbsokTYDdGfY5YGSz8eXMUzo6TDbK8fwAG662XsnjMQD6esW9S9kGEX5zHn # wya0rPUn00iThoj+EjWRZCLRay07qCwVlCnSN5bmNf8MzsgGFhaeJLHiOfluDnjY # DBu2KWAndjQkm925l3XLATutghIWIoCJFYS7mFAgsBcmhkmvzn1FFUM0ls+BXBgs # 1JPyZ6vic8g9o838Mh5gHOmwGzD7LLsHLpaEk0UoVFzNlv2g24HYtjDKQ7HzSMCy # RhxdXnYqWJ/U7vL0+khMtWGLsIxB6aq4nZD0/2pCD7k+6Q7slPyNgLt44yOneFuy # bR/5WcF9ttE5yXnggxxgCto9sNHtNr9FB+kbNm7lPTsFA6fUpyUSj+Z2oxOzRVpD # MYLa2ISuubAfdfX2HX1RETcn6LU1hHH3V6qu+olxyZjSnlpkdr6Mw30VapHxFPTy # 2TUxuNty+rR1yIibar+YRcdmstf/zpKQdeTr5obSyBvbJ8BblW9Jb1hdaSreU0v4 # 6Mp79mwV+QMZDxGFqk+av6pX3WDG9XEg9FGomsrp0es0Rz11+iLsVT9qGTlrEOla # P470I3gwsvKmOMs1jaqYWSRAuDpnpAdfoP7YO0kT+wzh7Qttg1DO8H8+4NkI6Iwh # SkHC3uuOW+4Dwx1ubuZUNWZncnwa6lL2IsRyP64wggd6MIIFYqADAgECAgphDpDS # AAAAAAADMA0GCSqGSIb3DQEBCwUAMIGIMQswCQYDVQQGEwJVUzETMBEGA1UECBMK # V2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0 # IENvcnBvcmF0aW9uMTIwMAYDVQQDEylNaWNyb3NvZnQgUm9vdCBDZXJ0aWZpY2F0 # ZSBBdXRob3JpdHkgMjAxMTAeFw0xMTA3MDgyMDU5MDlaFw0yNjA3MDgyMTA5MDla # MH4xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdS # ZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMT # H01pY3Jvc29mdCBDb2RlIFNpZ25pbmcgUENBIDIwMTEwggIiMA0GCSqGSIb3DQEB # AQUAA4ICDwAwggIKAoICAQCr8PpyEBwurdhuqoIQTTS68rZYIZ9CGypr6VpQqrgG # OBoESbp/wwwe3TdrxhLYC/A4wpkGsMg51QEUMULTiQ15ZId+lGAkbK+eSZzpaF7S # 35tTsgosw6/ZqSuuegmv15ZZymAaBelmdugyUiYSL+erCFDPs0S3XdjELgN1q2jz # y23zOlyhFvRGuuA4ZKxuZDV4pqBjDy3TQJP4494HDdVceaVJKecNvqATd76UPe/7 # 4ytaEB9NViiienLgEjq3SV7Y7e1DkYPZe7J7hhvZPrGMXeiJT4Qa8qEvWeSQOy2u # M1jFtz7+MtOzAz2xsq+SOH7SnYAs9U5WkSE1JcM5bmR/U7qcD60ZI4TL9LoDho33 # X/DQUr+MlIe8wCF0JV8YKLbMJyg4JZg5SjbPfLGSrhwjp6lm7GEfauEoSZ1fiOIl # XdMhSz5SxLVXPyQD8NF6Wy/VI+NwXQ9RRnez+ADhvKwCgl/bwBWzvRvUVUvnOaEP # 6SNJvBi4RHxF5MHDcnrgcuck379GmcXvwhxX24ON7E1JMKerjt/sW5+v/N2wZuLB # l4F77dbtS+dJKacTKKanfWeA5opieF+yL4TXV5xcv3coKPHtbcMojyyPQDdPweGF # RInECUzF1KVDL3SV9274eCBYLBNdYJWaPk8zhNqwiBfenk70lrC8RqBsmNLg1oiM # CwIDAQABo4IB7TCCAekwEAYJKwYBBAGCNxUBBAMCAQAwHQYDVR0OBBYEFEhuZOVQ # BdOCqhc3NyK1bajKdQKVMBkGCSsGAQQBgjcUAgQMHgoAUwB1AGIAQwBBMAsGA1Ud # DwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFHItOgIxkEO5FAVO # 4eqnxzHRI4k0MFoGA1UdHwRTMFEwT6BNoEuGSWh0dHA6Ly9jcmwubWljcm9zb2Z0 # LmNvbS9wa2kvY3JsL3Byb2R1Y3RzL01pY1Jvb0NlckF1dDIwMTFfMjAxMV8wM18y # Mi5jcmwwXgYIKwYBBQUHAQEEUjBQME4GCCsGAQUFBzAChkJodHRwOi8vd3d3Lm1p # Y3Jvc29mdC5jb20vcGtpL2NlcnRzL01pY1Jvb0NlckF1dDIwMTFfMjAxMV8wM18y # Mi5jcnQwgZ8GA1UdIASBlzCBlDCBkQYJKwYBBAGCNy4DMIGDMD8GCCsGAQUFBwIB # FjNodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2RvY3MvcHJpbWFyeWNw # cy5odG0wQAYIKwYBBQUHAgIwNB4yIB0ATABlAGcAYQBsAF8AcABvAGwAaQBjAHkA # XwBzAHQAYQB0AGUAbQBlAG4AdAAuIB0wDQYJKoZIhvcNAQELBQADggIBAGfyhqWY # 4FR5Gi7T2HRnIpsLlhHhY5KZQpZ90nkMkMFlXy4sPvjDctFtg/6+P+gKyju/R6mj # 82nbY78iNaWXXWWEkH2LRlBV2AySfNIaSxzzPEKLUtCw/WvjPgcuKZvmPRul1LUd # d5Q54ulkyUQ9eHoj8xN9ppB0g430yyYCRirCihC7pKkFDJvtaPpoLpWgKj8qa1hJ # Yx8JaW5amJbkg/TAj/NGK978O9C9Ne9uJa7lryft0N3zDq+ZKJeYTQ49C/IIidYf # wzIY4vDFLc5bnrRJOQrGCsLGra7lstnbFYhRRVg4MnEnGn+x9Cf43iw6IGmYslmJ # aG5vp7d0w0AFBqYBKig+gj8TTWYLwLNN9eGPfxxvFX1Fp3blQCplo8NdUmKGwx1j # NpeG39rz+PIWoZon4c2ll9DuXWNB41sHnIc+BncG0QaxdR8UvmFhtfDcxhsEvt9B # xw4o7t5lL+yX9qFcltgA1qFGvVnzl6UJS0gQmYAf0AApxbGbpT9Fdx41xtKiop96 # eiL6SJUfq/tHI4D1nvi/a7dLl+LrdXga7Oo3mXkYS//WsyNodeav+vyL6wuA6mk7 # r/ww7QRMjt/fdW1jkT3RnVZOT7+AVyKheBEyIXrvQQqxP/uozKRdwaGIm1dxVk5I # RcBCyZt2WwqASGv9eZ/BvW1taslScxMNelDNMYIWUDCCFkwCAQEwgZUwfjELMAkG # A1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQx # HjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEoMCYGA1UEAxMfTWljcm9z # b2Z0IENvZGUgU2lnbmluZyBQQ0EgMjAxMQITMwAAAQNeJRyZH6MeuAAAAAABAzAN # BglghkgBZQMEAgEFAKCB3jAZBgkqhkiG9w0BCQMxDAYKKwYBBAGCNwIBBDAcBgor # BgEEAYI3AgELMQ4wDAYKKwYBBAGCNwIBFTAvBgkqhkiG9w0BCQQxIgQgVKrygZ4k # NwV+ZzVBPp2lgmmJ8e4wwHuzBgOntaBu01gwcgYKKwYBBAGCNwIBDDFkMGKgSIBG # AE0AaQBjAHIAbwBzAG8AZgB0ACAAQQB6AHUAcgBlAFMAdABhAGMAawAgAFAAYQBy # AHQAbgBlAHIAVABvAG8AbABrAGkAdKEWgBRodHRwOi8vQ29kZVNpZ25JbmZvIDAN # BgkqhkiG9w0BAQEFAASCAQDL+DHL7ZNpG1LENnbOuxab7Vrkvu2i2lkb7pIhrcfK # 68mBOXb97rAy3l9pNzAsN2jviQLJLwm2pXtyt1kSY/OCNjqWxrXU9dDX7Ctz/L2D # CDvN+vJnm9WmSrIFJRO9E6leXiHEEZ9yRntGqvQBG+4T4tVUn3uU782Uu1z35Mtm # K+kCWkyjeXgsGCfokVRzOS4ZXCzTdKKNCnBey8PdMSNZYPoxccjJMzcVS/bDacvb # 3ZHHkIK28tjeIYGoxaWg4FZaGBLds8ylXRbP7ZQkbekLFDy/TgTzed1K8UfHlWIP # S+VeP8bCBWw1ryrkA03M4ARvtqJ4du0Hj3vGTMvDTMGooYITqjCCE6YGCisGAQQB # gjcDAwExghOWMIITkgYJKoZIhvcNAQcCoIITgzCCE38CAQMxDzANBglghkgBZQME # AgEFADCCAVQGCyqGSIb3DQEJEAEEoIIBQwSCAT8wggE7AgEBBgorBgEEAYRZCgMB # MDEwDQYJYIZIAWUDBAIBBQAEICH+LmBZS7Rr5RGrudOTGuGkSe+s4ukYuutmbA5C # /yYRAgZbgF/8v5cYEzIwMTgwOTE4MDMxNDQ5LjE3NVowBwIBAYACAfSggdCkgc0w # gcoxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdS # ZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xJTAjBgNVBAsT # HE1pY3Jvc29mdCBBbWVyaWNhIE9wZXJhdGlvbnMxJjAkBgNVBAsTHVRoYWxlcyBU # U1MgRVNOOkQyMzYtMzdEQS05NzYxMSUwIwYDVQQDExxNaWNyb3NvZnQgVGltZS1T # dGFtcCBTZXJ2aWNloIIPFjCCBnEwggRZoAMCAQICCmEJgSoAAAAAAAIwDQYJKoZI # hvcNAQELBQAwgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAw # DgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24x # MjAwBgNVBAMTKU1pY3Jvc29mdCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAy # MDEwMB4XDTEwMDcwMTIxMzY1NVoXDTI1MDcwMTIxNDY1NVowfDELMAkGA1UEBhMC # VVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNV # BAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRp # bWUtU3RhbXAgUENBIDIwMTAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB # AQCpHQ28dxGKOiDs/BOX9fp/aZRrdFQQ1aUKAIKF++18aEssX8XD5WHCdrc+Zitb # 8BVTJwQxH0EbGpUdzgkTjnxhMFmxMEQP8WCIhFRDDNdNuDgIs0Ldk6zWczBXJoKj # RQ3Q6vVHgc2/JGAyWGBG8lhHhjKEHnRhZ5FfgVSxz5NMksHEpl3RYRNuKMYa+YaA # u99h/EbBJx0kZxJyGiGKr0tkiVBisV39dx898Fd1rL2KQk1AUdEPnAY+Z3/1ZsAD # lkR+79BL/W7lmsqxqPJ6Kgox8NpOBpG2iAg16HgcsOmZzTznL0S6p/TcZL2kAcEg # CZN4zfy8wMlEXV4WnAEFTyJNAgMBAAGjggHmMIIB4jAQBgkrBgEEAYI3FQEEAwIB # ADAdBgNVHQ4EFgQU1WM6XIoxkPNDe3xGG8UzaFqFbVUwGQYJKwYBBAGCNxQCBAwe # CgBTAHUAYgBDAEEwCwYDVR0PBAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0j # BBgwFoAU1fZWy4/oolxiaNE9lJBb186aGMQwVgYDVR0fBE8wTTBLoEmgR4ZFaHR0 # cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9jcmwvcHJvZHVjdHMvTWljUm9vQ2Vy # QXV0XzIwMTAtMDYtMjMuY3JsMFoGCCsGAQUFBwEBBE4wTDBKBggrBgEFBQcwAoY+ # aHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9jZXJ0cy9NaWNSb29DZXJBdXRf # MjAxMC0wNi0yMy5jcnQwgaAGA1UdIAEB/wSBlTCBkjCBjwYJKwYBBAGCNy4DMIGB # MD0GCCsGAQUFBwIBFjFodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vUEtJL2RvY3Mv # Q1BTL2RlZmF1bHQuaHRtMEAGCCsGAQUFBwICMDQeMiAdAEwAZQBnAGEAbABfAFAA # bwBsAGkAYwB5AF8AUwB0AGEAdABlAG0AZQBuAHQALiAdMA0GCSqGSIb3DQEBCwUA # A4ICAQAH5ohRDeLG4Jg/gXEDPZ2joSFvs+umzPUxvs8F4qn++ldtGTCzwsVmyWrf # 9efweL3HqJ4l4/m87WtUVwgrUYJEEvu5U4zM9GASinbMQEBBm9xcF/9c+V4XNZgk # Vkt070IQyK+/f8Z/8jd9Wj8c8pl5SpFSAK84Dxf1L3mBZdmptWvkx872ynoAb0sw # RCQiPM/tA6WWj1kpvLb9BOFwnzJKJ/1Vry/+tuWOM7tiX5rbV0Dp8c6ZZpCM/2pi # f93FSguRJuI57BlKcWOdeyFtw5yjojz6f32WapB4pm3S4Zz5Hfw42JT0xqUKloak # vZ4argRCg7i1gJsiOCC1JeVk7Pf0v35jWSUPei45V3aicaoGig+JFrphpxHLmtgO # R5qAxdDNp9DvfYPw4TtxCd9ddJgiCGHasFAeb73x4QDf5zEHpJM692VHeOj4qEir # 995yfmFrb3epgcunCaw5u+zGy9iCtHLNHfS4hQEegPsbiSpUObJb2sgNVZl6h3M7 # COaYLeqN4DMuEin1wC9UJyH3yKxO2ii4sanblrKnQqLJzxlBTeCG+SqaoxFmMNO7 # dDJL32N79ZmKLxvHIa9Zta7cRDyXUHHXodLFVeNp3lfB0d4wwP3M5k37Db9dT+md # Hhk4L7zPWAUu7w2gUDXa7wknHNWzfjUeCLraNtvTX4/edIhJEjCCBPEwggPZoAMC # AQICEzMAAADJStZ+mE4U1HsAAAAAAMkwDQYJKoZIhvcNAQELBQAwfDELMAkGA1UE # BhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAc # BgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0 # IFRpbWUtU3RhbXAgUENBIDIwMTAwHhcNMTgwODIzMjAyNjEzWhcNMTkxMTIzMjAy # NjEzWjCByjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNV # BAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjElMCMG # A1UECxMcTWljcm9zb2Z0IEFtZXJpY2EgT3BlcmF0aW9uczEmMCQGA1UECxMdVGhh # bGVzIFRTUyBFU046RDIzNi0zN0RBLTk3NjExJTAjBgNVBAMTHE1pY3Jvc29mdCBU # aW1lLVN0YW1wIFNlcnZpY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB # AQDWI2qENlBDwVDU0uFD6S9dT2hDv1BTS7qIFwUSIRATD9GbnVx0dPD0MlpWcGUq # 3YIHAeP4BKacxFAmccgDlKWS0qo++a8QlYkgAbdJXroTgB3l/DBw7+hqGyS+fRjR # 52Y9km8l2RMmCvvsNaBCiSlb9hdm5qbi0sl9EomD9+rq1LT8EHZt667WdmhmvWpU # yv05fqRIig1XFdnSm1U9wiZUr5QYc46dteCBwc8CV+2AAhSHV5UL7iPaQlGhi63v # em/JNShVb3jFgMdeh5H2Lfl7wkKVhl+rZER8JrqW1uen+FzmnpbwoCeS51KRl0/D # rJ711PBAuaPc6dbC44HY55gZAgMBAAGjggEbMIIBFzAdBgNVHQ4EFgQUK4bjCQDz # JRPHNW9lcLh+IA6aeycwHwYDVR0jBBgwFoAU1WM6XIoxkPNDe3xGG8UzaFqFbVUw # VgYDVR0fBE8wTTBLoEmgR4ZFaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9j # cmwvcHJvZHVjdHMvTWljVGltU3RhUENBXzIwMTAtMDctMDEuY3JsMFoGCCsGAQUF # BwEBBE4wTDBKBggrBgEFBQcwAoY+aHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3Br # aS9jZXJ0cy9NaWNUaW1TdGFQQ0FfMjAxMC0wNy0wMS5jcnQwDAYDVR0TAQH/BAIw # ADATBgNVHSUEDDAKBggrBgEFBQcDCDANBgkqhkiG9w0BAQsFAAOCAQEAA9bwE59X # 8uQdpR6ynaYyuZpgs+IrUAk3QiQv26VvLxJuI3Z1vNfB9PLEMLdhjJ2CMat0/7rK # y6w1u7mmK8depfQ8l3hIrONZnxLBKVaQo6qmk9LIceIZnQ+SUYBgphty2vx6pSrY # KFfnercD4AVedjYLqUiubyh+p4ujOa1aYcmG2kkdWvw8QJ+UshNk6UoNV4JcgQVT # 7kHoAMu3SP9Wiz2eJvdoUto/B2xDM45SA6Wj1YMZeF5cX3OXLEeApK+rotwd+Xwz # a5cgMvLkoZsJBb3rvoPP7nOoRtlGcve4wHXBT6qH21shQ4Y44kkjFBoNfxJFAaTP # 2NfIr7gwdlFvbKGCA6gwggKQAgEBMIH6oYHQpIHNMIHKMQswCQYDVQQGEwJVUzET # MBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMV # TWljcm9zb2Z0IENvcnBvcmF0aW9uMSUwIwYDVQQLExxNaWNyb3NvZnQgQW1lcmlj # YSBPcGVyYXRpb25zMSYwJAYDVQQLEx1UaGFsZXMgVFNTIEVTTjpEMjM2LTM3REEt # OTc2MTElMCMGA1UEAxMcTWljcm9zb2Z0IFRpbWUtU3RhbXAgU2VydmljZaIlCgEB # MAkGBSsOAwIaBQADFQBkguCqF2x4isPdPUrBkq8v6DxIF6CB2jCB16SB1DCB0TEL # MAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1v # bmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjElMCMGA1UECxMcTWlj # cm9zb2Z0IEFtZXJpY2EgT3BlcmF0aW9uczEnMCUGA1UECxMebkNpcGhlciBOVFMg # RVNOOjI2NjUtNEMzRi1DNURFMSswKQYDVQQDEyJNaWNyb3NvZnQgVGltZSBTb3Vy # Y2UgTWFzdGVyIENsb2NrMA0GCSqGSIb3DQEBBQUAAgUA30n1UjAiGA8yMDE4MDkx # NzA5NDEzOFoYDzIwMTgwOTE4MDk0MTM4WjB3MD0GCisGAQQBhFkKBAExLzAtMAoC # BQDfSfVSAgEAMAoCAQACAgY+AgH/MAcCAQACAhjiMAoCBQDfS0bSAgEAMDYGCisG # AQQBhFkKBAIxKDAmMAwGCisGAQQBhFkKAwGgCjAIAgEAAgMW42ChCjAIAgEAAgMe # hIAwDQYJKoZIhvcNAQEFBQADggEBAL/gw7cKA5GhNm/KLev5O2434tgaccXNiN8M # Y3ABZK/4XlODgbunX7yuPH/M1NuDi1M4FEAKiOKkr/8OYkBqvyn/9/BXMEtpsSGP # zLYKiQMeUe9PR0uDjccAqqYKinRdRPTmqLBwArRQhnrL6dy7OLK7Bvj2jxfJVY5q # 9/ogfG1+9SOgMhnxVl/8o5gVYBpVztAyAeXfRAyIeQsat7eGVUyCClk0UBOxWkUd # kM6oPsUafvGHyGvTVEuX69aOFvohQC4OBwD/sZnHW+amVYx4oT0UlN6bu3HH06gG # IIl7Y0jpmWJzfgGmwiaA2ZwST8zfNzpYC3mNk6uXUmMIeEp06mYxggL1MIIC8QIB # ATCBkzB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UE # BxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSYwJAYD # VQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMAITMwAAAMlK1n6YThTU # ewAAAAAAyTANBglghkgBZQMEAgEFAKCCATIwGgYJKoZIhvcNAQkDMQ0GCyqGSIb3 # DQEJEAEEMC8GCSqGSIb3DQEJBDEiBCAJ2P0BEyawADEDPlF+xylPhqWi6IariHcA # 6Tb6LrbE3zCB4gYLKoZIhvcNAQkQAgwxgdIwgc8wgcwwgbEEFGSC4KoXbHiKw909 # SsGSry/oPEgXMIGYMIGApH4wfDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hp # bmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jw # b3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAgUENBIDIwMTAC # EzMAAADJStZ+mE4U1HsAAAAAAMkwFgQUGr0OKlktSWA1wk+9ccApLfGNMrwwDQYJ # KoZIhvcNAQELBQAEggEAE6aBEDW80rDud71JtNPR4siJqcY8UcSY7F+J/mqYpBQf # aG6Y0SrXRvyw/6LVgen7rhXHfRWV7u1A1TnlBPpxcYEW7XDOz7yixpRroAhCxu8s # X/ZRXjXTSw0iEIfJDCQ4Vwn+N21wGYQJWujCy9sDQNOIv/h40DtHCKU75saWYANT # 4+nyzQmPqqWMtwjPEPA6U/tD3HmiL8y+r4/Hmqnp0N8iAkw7AFB4b2vgn0rhsrwR # tRJf6u1oc1MC3IQ4jIn8Rz8/2l5GZbpQFKfiOV8OucqhERNPd01kgvPPJcp6f+xY # 1knSnFM9Y7YJ3uRol/rMQdzIRTg1gIvqKu2IgJlrig== # SIG # End signature block |