Microsoft.AzureStack.ReadinessChecker.Utilities.psm1
|
function ConvertTo-DeploymentData { <# .SYNOPSIS Validate JSON file provided .DESCRIPTION Validate JSON file can parsed. .EXAMPLE Test-ValidationJSON -path .\some.json .INPUTS path to json file .OUTPUTS None - logging only #> [CmdletBinding()] param ($path) $thisFunction = $MyInvocation.MyCommand.Name Try { $deploymentData = Get-Content $path -ErrorAction Stop | ConvertFrom-Json Write-AzsReadinessLog -Message ('Validated JSON: {0}' -f $path) -Type Info -Function $thisFunction } Catch { if ($_.exception -like '*Invalid JSON primitive*') { Write-AzsReadinessLog -Message ('Invalid JSON file provided: {0}' -f $path) -Type Error -Function $thisFunction throw ('Invalid JSON file provided: {0}' -f $path) } else { Write-AzsReadinessLog -Message ('Reading JSON file {0} failed with error: {1}' -f $_.exception.message) -Type Error -Function $thisFunction throw ('Reading JSON file {0} failed with error: {1}' -f $_.exception) } } $deploymentData } function Test-CertificateReuse { <# .SYNOPSIS Checks if certificate validation output contains certificates that are reused. .DESCRIPTION During validation certificate are given a unique id, that unique id is compared against the certificate thumbprints to detect reuse. .EXAMPLE PS C:\> Test-CertificateReuse -validationResult $paasCertificateValidationResult Checks if certificate validation output contains certificates that are reused. #> param ($validationResult) $thisFunction = $MyInvocation.MyCommand.Name Write-AzsReadinessLog -Message 'Certificate Reuse Detection started' -Type Info -Function $thisFunction # Write new property to result with ReuseCount $thumbprintHash = @{} $group = $validationResult | Group-Object Thumbprint, CertificateId | Select-Object Name | ForEach-Object {$_.name.split(',')[0]} | Group-Object | Select-Object Name, Count $group | ForEach-Object { $thumbprintHash[$_.Name] = $_.count} foreach ($key in $thumbprintHash.keys) { $validationResult | Where-Object thumbprint -eq $key | Add-Member -NotePropertyName ReuseCount -NotePropertyValue $thumbprintHash[$key] } if ($thumbprintHash.Values -gt 1) { $duplicateErrorMsg = 'Duplicate Certificate Detected. We recommend using seperate certificates for each endpoint.' Write-AzsReadinessLog -Message "`nWARNING: $duplicateErrorMsg `n" -Type Warning -Function $thisFunction -toScreen foreach ($key in $thumbprintHash.keys) { if ($thumbprintHash[$key] -gt 1) { Write-AzsReadinessLog ("`t Thumbprint {0} : Count {1}" -f $key, $thumbprintHash[$key]) -Type Warning -Function $thisFunction -toScreen #inject warning result and failuredetail on ParsePFX test for certificate, for reporting purposes. $validationResult | Where-Object {$_.Thumbprint -eq $key -and $_.Test -eq 'Parse PFX'} | ForEach-Object {$_.result = 'Warning'} $validationResult | Where-Object {$_.Thumbprint -eq $key -and $_.Test -eq 'Parse PFX'} | ForEach-Object {$_.FailureDetail += $duplicateErrorMsg} } } } Write-AzsReadinessLog -Message 'Certificate Reuse Detection Completed' -Type Info -Function $thisFunction $validationResult } function Test-PasswordLength { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [int] $MinimumCharactersInPassword, [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] [SecureString] $Password, [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] [String] $CredentialDescription ) if ($Password.Length -lt $MinimumCharactersInPassword) { throw ("Password length cannot be fewer than '{0}' characters, for '{1}'" -f $MinimumCharactersInPassword, $CredentialDescription) } return $true } # Test that the Password has only valid characters, does not contain the username, and satisfies the complexity requirements function Test-PasswordComplexity { [CmdletBinding()] param ( [Parameter(Mandatory = $false)] [ValidateNotNullOrEmpty()] [String] $Username, [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] [SecureString] $Password, [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] [String] $CredentialDescription ) $unmanagedString = [System.IntPtr]::Zero; try { $unmanagedString = [Runtime.InteropServices.Marshal]::SecureStringToGlobalAllocUnicode($Password) $plainPassword = [Runtime.InteropServices.Marshal]::PtrToStringUni($unmanagedString) } finally { [Runtime.InteropServices.Marshal]::ZeroFreeGlobalAllocUnicode($unmanagedString) } # Letter, Mark, Symbol, Number, Punctuation allowed if ($plainPassword -cnotmatch "^[\p{L}\p{M}\p{S}\p{N}\p{P}]+$") { throw ("Password contains bad characters. Only Letters, Marks, Symbols, Numbers and Punctuations are allowed. For '{0}'" -f $CredentialDescription) } # Password should not contain the entire username or part of the username if ($Username) { # Passwords may not contain the user's samAccountName (Account Name) value or entire displayName (Full Name value). Both checks are not case sensitive. # The samAccountName is checked in its entirety only to determine whether it is part of the password. # If the samAccountName is less than three characters long, this check is skipped. if ($Username.Length -ge 3 -and $plainPassword.ToLower().Contains($Username.ToLower())) { throw ("Password should not contain username or part of username. For '{0}'" -f $CredentialDescription) } # The displayName is parsed for delimiters: commas, periods, dashes or hyphens, underscores, spaces, pound signs, and tabs. # If any of these delimiters are found, the displayName is split and all parsed sections (tokens) are confirmed to not be included in the password. $usernameTokens = $Username.Split( [char]0x2010, # Hyphen [char]0x0009, # Tab [char]0x002C, # Comma [char]0x002E, # Period [char]0x2012, # Figure Dash [char]0x2013, # EN Dash [char]0x2014, # EM Dash [char]0x2015, # Horizontal bar [char]0x2053, # Swung dash [char]0x002D, # Hyphen-Minus [char]0x005F, # Low line [char]0x0020, # Space [char]0x00A3) # Pound Sign foreach ($usernameToken in $usernameTokens) { # Tokens that are less than three characters are ignored, and substrings of the tokens are not checked. if ($usernameToken.Length -ge 3 -and $plainPassword.ToLower().Contains($usernameToken.ToLower())) { throw ("Password should not contain username or part of username. For '{0}'" -f $CredentialDescription) } } } # Validate that password satisifies at least 3 of 5 categories to meet complexity requirements $category_count = 0, 0, 0, 0, 0 for ($i = 0; $i -lt $plainPassword.length; $i++) { # Uppercase letters of European languages (A through Z, with diacritic marks, Greek and Cyrillic characters) if ($plainPassword[$i] -cmatch "^[\p{Lu}]+$") { $category_count[0]++ } # Lowercase letters of European languages (a through z, sharp-s, with diacritic marks, Greek and Cyrillic characters) if ($plainPassword[$i] -cmatch "^[\p{Ll}]+$") { $category_count[1]++ } # Base 10 digits (0 through 9) if ($plainPassword[$i] -cmatch "^[0-9]+$") { $category_count[2]++ } # Non-alphanumeric characters (special characters) (for example, !, $, #, %) if ($plainPassword[$i] -cmatch "^[\p{P}]+$" -or $plainPassword[$i] -cmatch "^[\p{S}]+$") { $category_count[3]++ } # Any Unicode character that is categorized as an alphabetic character but is not uppercase or lowercase. This includes Unicode characters from Asian languages. if ($plainPassword[$i] -cmatch "^[\p{L}]+$" -and $plainPassword[$i] -cnotmatch "^[\p{Lu}]+$" -and $plainPassword[$i] -cnotmatch "^[\p{Ll}]+$") { $category_count[4]++ } } $plainPassword = "" # reset the value, in case it persists $total_category_count = 0 foreach ($count in $category_count) { if ($count -gt 0) { $total_category_count++ } } if ($total_category_count -lt 3) { throw ("Password does not meet complexity requirements. It should contain at least 3 of the following: Uppercase letter, lowercase letter, numbers from 0-9, special characters, alphabetical character that is neither uppercase nor lowercase. For '{0}'" -f $CredentialDescription) } return $true } function Set-SecurityProtocol { param ([Net.SecurityProtocolType]$securityProtocol) $thisFunction = $MyInvocation.MyCommand.Name if ([Net.ServicePointManager]::SecurityProtocol -notmatch $securityProtocol) { Write-AzsReadinessLog -Message ("{0} not found in current Service Point Manager. Current protocol(s): {1}. Attempting to add for session." -f $securityProtocol, [Net.ServicePointManager]::SecurityProtocol) -Type Info -Function $thisFunction try { [Net.ServicePointManager]::SecurityProtocol = $securityProtocol Write-AzsReadinessLog -Message ("Successfully added {0} to Service Point Manager." -f $securityProtocol) -Type Info -Function $thisFunction } catch { Write-AzsReadinessLog -Message ("Setting {0} failed with {1}. Script will continue with existing Security Protocol: {2}" -f $securityProtocol, $_.exception, [Net.ServicePointManager]::SecurityProtocol) -Type Warning -Function $thisFunction } } else { Write-AzsReadinessLog -Message ("{0} found in current Service Point Manager. No action required." -f $securityProtocol) -Type Info -Function $thisFunction } } # SIG # Begin signature block # MIIjkwYJKoZIhvcNAQcCoIIjhDCCI4ACAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCDQvzceCOm9Pgaj # jwRZ0Z/sXKq07w95o+JnMm7cYedKwKCCDYUwggYDMIID66ADAgECAhMzAAABiK9S # 1rmSbej5AAAAAAGIMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMRMwEQYD # VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNpZ25p # bmcgUENBIDIwMTEwHhcNMjAwMzA0MTgzOTQ4WhcNMjEwMzAzMTgzOTQ4WjB0MQsw # CQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9u # ZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYDVQQDExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB # AQCSCNryE+Cewy2m4t/a74wZ7C9YTwv1PyC4BvM/kSWPNs8n0RTe+FvYfU+E9uf0 # t7nYlAzHjK+plif2BhD+NgdhIUQ8sVwWO39tjvQRHjP2//vSvIfmmkRoML1Ihnjs # 9kQiZQzYRDYYRp9xSQYmRwQjk5hl8/U7RgOiQDitVHaU7BT1MI92lfZRuIIDDYBd # vXtbclYJMVOwqZtv0O9zQCret6R+fRSGaDNfEEpcILL+D7RV3M4uaJE4Ta6KAOdv # V+MVaJp1YXFTZPKtpjHO6d9pHQPZiG7NdC6QbnRGmsa48uNQrb6AfmLKDI1Lp31W # MogTaX5tZf+CZT9PSuvjOCLNAgMBAAGjggGCMIIBfjAfBgNVHSUEGDAWBgorBgEE # AYI3TAgBBggrBgEFBQcDAzAdBgNVHQ4EFgQUj9RJL9zNrPcL10RZdMQIXZN7MG8w # VAYDVR0RBE0wS6RJMEcxLTArBgNVBAsTJE1pY3Jvc29mdCBJcmVsYW5kIE9wZXJh # dGlvbnMgTGltaXRlZDEWMBQGA1UEBRMNMjMwMDEyKzQ1ODM4NjAfBgNVHSMEGDAW # gBRIbmTlUAXTgqoXNzcitW2oynUClTBUBgNVHR8ETTBLMEmgR6BFhkNodHRwOi8v # d3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NybC9NaWNDb2RTaWdQQ0EyMDExXzIw # MTEtMDctMDguY3JsMGEGCCsGAQUFBwEBBFUwUzBRBggrBgEFBQcwAoZFaHR0cDov # L3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNDb2RTaWdQQ0EyMDEx # XzIwMTEtMDctMDguY3J0MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIB # ACnXo8hjp7FeT+H6iQlV3CcGnkSbFvIpKYafgzYCFo3UHY1VHYJVb5jHEO8oG26Q # qBELmak6MTI+ra3WKMTGhE1sEIlowTcp4IAs8a5wpCh6Vf4Z/bAtIppP3p3gXk2X # 8UXTc+WxjQYsDkFiSzo/OBa5hkdW1g4EpO43l9mjToBdqEPtIXsZ7Hi1/6y4gK0P # mMiwG8LMpSn0n/oSHGjrUNBgHJPxgs63Slf58QGBznuXiRaXmfTUDdrvhRocdxIM # i8nXQwWACMiQzJSRzBP5S2wUq7nMAqjaTbeXhJqD2SFVHdUYlKruvtPSwbnqSRWT # GI8s4FEXt+TL3w5JnwVZmZkUFoioQDMMjFyaKurdJ6pnzbr1h6QW0R97fWc8xEIz # LIOiU2rjwWAtlQqFO8KNiykjYGyEf5LyAJKAO+rJd9fsYR+VBauIEQoYmjnUbTXM # SY2Lf5KMluWlDOGVh8q6XjmBccpaT+8tCfxpaVYPi1ncnwTwaPQvVq8RjWDRB7Pa # 8ruHgj2HJFi69+hcq7mWx5nTUtzzFa7RSZfE5a1a5AuBmGNRr7f8cNfa01+tiWjV # Kk1a+gJUBSP0sIxecFbVSXTZ7bqeal45XSDIisZBkWb+83TbXdTGMDSUFKTAdtC+ # r35GfsN8QVy59Hb5ZYzAXczhgRmk7NyE6jD0Ym5TKiW5MIIHejCCBWKgAwIBAgIK # YQ6Q0gAAAAAAAzANBgkqhkiG9w0BAQsFADCBiDELMAkGA1UEBhMCVVMxEzARBgNV # BAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jv # c29mdCBDb3Jwb3JhdGlvbjEyMDAGA1UEAxMpTWljcm9zb2Z0IFJvb3QgQ2VydGlm # aWNhdGUgQXV0aG9yaXR5IDIwMTEwHhcNMTEwNzA4MjA1OTA5WhcNMjYwNzA4MjEw # OTA5WjB+MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UE # BxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSgwJgYD # VQQDEx9NaWNyb3NvZnQgQ29kZSBTaWduaW5nIFBDQSAyMDExMIICIjANBgkqhkiG # 9w0BAQEFAAOCAg8AMIICCgKCAgEAq/D6chAcLq3YbqqCEE00uvK2WCGfQhsqa+la # UKq4BjgaBEm6f8MMHt03a8YS2AvwOMKZBrDIOdUBFDFC04kNeWSHfpRgJGyvnkmc # 6Whe0t+bU7IKLMOv2akrrnoJr9eWWcpgGgXpZnboMlImEi/nqwhQz7NEt13YxC4D # dato88tt8zpcoRb0RrrgOGSsbmQ1eKagYw8t00CT+OPeBw3VXHmlSSnnDb6gE3e+ # lD3v++MrWhAfTVYoonpy4BI6t0le2O3tQ5GD2Xuye4Yb2T6xjF3oiU+EGvKhL1nk # kDstrjNYxbc+/jLTswM9sbKvkjh+0p2ALPVOVpEhNSXDOW5kf1O6nA+tGSOEy/S6 # A4aN91/w0FK/jJSHvMAhdCVfGCi2zCcoOCWYOUo2z3yxkq4cI6epZuxhH2rhKEmd # X4jiJV3TIUs+UsS1Vz8kA/DRelsv1SPjcF0PUUZ3s/gA4bysAoJf28AVs70b1FVL # 5zmhD+kjSbwYuER8ReTBw3J64HLnJN+/RpnF78IcV9uDjexNSTCnq47f7Fufr/zd # sGbiwZeBe+3W7UvnSSmnEyimp31ngOaKYnhfsi+E11ecXL93KCjx7W3DKI8sj0A3 # T8HhhUSJxAlMxdSlQy90lfdu+HggWCwTXWCVmj5PM4TasIgX3p5O9JawvEagbJjS # 4NaIjAsCAwEAAaOCAe0wggHpMBAGCSsGAQQBgjcVAQQDAgEAMB0GA1UdDgQWBBRI # bmTlUAXTgqoXNzcitW2oynUClTAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTAL # BgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBRyLToCMZBD # uRQFTuHqp8cx0SOJNDBaBgNVHR8EUzBRME+gTaBLhklodHRwOi8vY3JsLm1pY3Jv # c29mdC5jb20vcGtpL2NybC9wcm9kdWN0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFf # MDNfMjIuY3JsMF4GCCsGAQUFBwEBBFIwUDBOBggrBgEFBQcwAoZCaHR0cDovL3d3 # dy5taWNyb3NvZnQuY29tL3BraS9jZXJ0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFf # MDNfMjIuY3J0MIGfBgNVHSAEgZcwgZQwgZEGCSsGAQQBgjcuAzCBgzA/BggrBgEF # BQcCARYzaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9kb2NzL3ByaW1h # cnljcHMuaHRtMEAGCCsGAQUFBwICMDQeMiAdAEwAZQBnAGEAbABfAHAAbwBsAGkA # YwB5AF8AcwB0AGEAdABlAG0AZQBuAHQALiAdMA0GCSqGSIb3DQEBCwUAA4ICAQBn # 8oalmOBUeRou09h0ZyKbC5YR4WOSmUKWfdJ5DJDBZV8uLD74w3LRbYP+vj/oCso7 # v0epo/Np22O/IjWll11lhJB9i0ZQVdgMknzSGksc8zxCi1LQsP1r4z4HLimb5j0b # pdS1HXeUOeLpZMlEPXh6I/MTfaaQdION9MsmAkYqwooQu6SpBQyb7Wj6aC6VoCo/ # KmtYSWMfCWluWpiW5IP0wI/zRive/DvQvTXvbiWu5a8n7dDd8w6vmSiXmE0OPQvy # CInWH8MyGOLwxS3OW560STkKxgrCxq2u5bLZ2xWIUUVYODJxJxp/sfQn+N4sOiBp # mLJZiWhub6e3dMNABQamASooPoI/E01mC8CzTfXhj38cbxV9Rad25UAqZaPDXVJi # hsMdYzaXht/a8/jyFqGaJ+HNpZfQ7l1jQeNbB5yHPgZ3BtEGsXUfFL5hYbXw3MYb # BL7fQccOKO7eZS/sl/ahXJbYANahRr1Z85elCUtIEJmAH9AAKcWxm6U/RXceNcbS # oqKfenoi+kiVH6v7RyOA9Z74v2u3S5fi63V4GuzqN5l5GEv/1rMjaHXmr/r8i+sL # gOppO6/8MO0ETI7f33VtY5E90Z1WTk+/gFcioXgRMiF670EKsT/7qMykXcGhiJtX # cVZOSEXAQsmbdlsKgEhr/Xmfwb1tbWrJUnMTDXpQzTGCFWQwghVgAgEBMIGVMH4x # CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRt # b25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01p # Y3Jvc29mdCBDb2RlIFNpZ25pbmcgUENBIDIwMTECEzMAAAGIr1LWuZJt6PkAAAAA # AYgwDQYJYIZIAWUDBAIBBQCgga4wGQYJKoZIhvcNAQkDMQwGCisGAQQBgjcCAQQw # HAYKKwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkEMSIEIExq # fSYs4oHIsaxTgDNu3CyjUyqUzJivvFUmLG80+s9WMEIGCisGAQQBgjcCAQwxNDAy # oBSAEgBNAGkAYwByAG8AcwBvAGYAdKEagBhodHRwOi8vd3d3Lm1pY3Jvc29mdC5j # b20wDQYJKoZIhvcNAQEBBQAEggEAWzzVVsKecZgCSHXM1z36L2GbReuQSTAAXFIg # GCydTO2aN/W3h7ISBOH2Sro1opCwrzT6IB62JJIekcq88efMw/FSxE16pmAacpln # pDfFrXFcCduXN+wTsXuYqJN4KUu95wq7HFPWcxcns3P7VaQpmNi9vhphlmFyaWrv # VRFQM8rjzYBt8zR+E1VtUtbbGz0ms08LN8x0Q23z9pn18e/BDJ7vbiqOzyjZZjKk # dQrgJ/p5Ce6yK5bYNHiPj6jIS42f52f6XRMi3SyQmW3CjXoyVEgJ+i65vv3Y8vEd # 6+ilkSsawaGOznGZUPlDeE+g/t1m7TwEbnYhrh6ribrCotUk+6GCEu4wghLqBgor # BgEEAYI3AwMBMYIS2jCCEtYGCSqGSIb3DQEHAqCCEscwghLDAgEDMQ8wDQYJYIZI # AWUDBAIBBQAwggFVBgsqhkiG9w0BCRABBKCCAUQEggFAMIIBPAIBAQYKKwYBBAGE # WQoDATAxMA0GCWCGSAFlAwQCAQUABCDdNdS3TYQ8pHdXGKOQRSSxyJuMYUcsgm36 # WcgliDGg5QIGXzwI2504GBMyMDIwMDgyNzEwMDkyOS4wNzhaMASAAgH0oIHUpIHR # MIHOMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMH # UmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSkwJwYDVQQL # EyBNaWNyb3NvZnQgT3BlcmF0aW9ucyBQdWVydG8gUmljbzEmMCQGA1UECxMdVGhh # bGVzIFRTUyBFU046Rjc3Ri1FMzU2LTVCQUUxJTAjBgNVBAMTHE1pY3Jvc29mdCBU # aW1lLVN0YW1wIFNlcnZpY2Wggg5BMIIE9TCCA92gAwIBAgITMwAAASroF5b4hqfv # owAAAAABKjANBgkqhkiG9w0BAQsFADB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMK # V2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0 # IENvcnBvcmF0aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0Eg # MjAxMDAeFw0xOTEyMTkwMTE1MDJaFw0yMTAzMTcwMTE1MDJaMIHOMQswCQYDVQQG # EwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwG # A1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSkwJwYDVQQLEyBNaWNyb3NvZnQg # T3BlcmF0aW9ucyBQdWVydG8gUmljbzEmMCQGA1UECxMdVGhhbGVzIFRTUyBFU046 # Rjc3Ri1FMzU2LTVCQUUxJTAjBgNVBAMTHE1pY3Jvc29mdCBUaW1lLVN0YW1wIFNl # cnZpY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCf35WBpIXSbcUr # BwbvZZlxf1F8Txey+OZxIZrXdNSg6LFm2PMueATe/pPQzL86k6D9/b/P2fjbRMyo # /AX+REKBtf6SX6cwiXvNB2asqjKNKEPRLoFWOmDVTWtk9budXfeqtYRZrtXYMbfL # g9oOyKQUHYUtraXN49xxMyr1f78BK+/wXE7sKlB6q6wYB3Pe9XqVUeKOWzSrI4pG # sJjMPQ/7cq03IstxfRqvaRIJPBKiXznQGm5Gp7gFk45ZgYWbUYjvVtahacJ7vRua # lb3TSkSsUHbcTAtOKVhn58cw2nO/oyKped9iBAuUEp72POLMxKccN9UFvy2n0og5 # gLWFh6ZvAgMBAAGjggEbMIIBFzAdBgNVHQ4EFgQUcPTFLXQrP64TdsvRJBOmSPTv # E2kwHwYDVR0jBBgwFoAU1WM6XIoxkPNDe3xGG8UzaFqFbVUwVgYDVR0fBE8wTTBL # oEmgR4ZFaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9jcmwvcHJvZHVjdHMv # TWljVGltU3RhUENBXzIwMTAtMDctMDEuY3JsMFoGCCsGAQUFBwEBBE4wTDBKBggr # BgEFBQcwAoY+aHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9jZXJ0cy9NaWNU # aW1TdGFQQ0FfMjAxMC0wNy0wMS5jcnQwDAYDVR0TAQH/BAIwADATBgNVHSUEDDAK # BggrBgEFBQcDCDANBgkqhkiG9w0BAQsFAAOCAQEAisA09Apx1aOOjlslG6zyI/EC # HH/j04wVWKSoNStg9eWesRLr5n/orOjfII/X9Z5BSAC74fohpMfBoBmv6APSIVzR # BWDzRWh8B2p/1BMNT+k43Wqst3LywvH/MxNQkdS4VzaH6usX6E/RyxhUoPbJDyzN # U0PkQEF/TIoBJvBRZYYbENYhgdd/fcfHfdofSrKahg5zvemfQI+zmw7XVOkaGa7G # ZIkUDZ15p19SPkbsLS7vDDfF4SS0pecKqhzN66mmjL0gCElbSskqcyQuWYfuZCZa # hXUoiB1vEPvEehFhvCC2/T3/sPz8ncit2U5FV1KRQPiYVo3Ms6YVRsPX349GCjCC # BnEwggRZoAMCAQICCmEJgSoAAAAAAAIwDQYJKoZIhvcNAQELBQAwgYgxCzAJBgNV # BAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4w # HAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xMjAwBgNVBAMTKU1pY3Jvc29m # dCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAyMDEwMB4XDTEwMDcwMTIxMzY1 # NVoXDTI1MDcwMTIxNDY1NVowfDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hp # bmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jw # b3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAgUENBIDIwMTAw # ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpHQ28dxGKOiDs/BOX9fp/ # aZRrdFQQ1aUKAIKF++18aEssX8XD5WHCdrc+Zitb8BVTJwQxH0EbGpUdzgkTjnxh # MFmxMEQP8WCIhFRDDNdNuDgIs0Ldk6zWczBXJoKjRQ3Q6vVHgc2/JGAyWGBG8lhH # hjKEHnRhZ5FfgVSxz5NMksHEpl3RYRNuKMYa+YaAu99h/EbBJx0kZxJyGiGKr0tk # iVBisV39dx898Fd1rL2KQk1AUdEPnAY+Z3/1ZsADlkR+79BL/W7lmsqxqPJ6Kgox # 8NpOBpG2iAg16HgcsOmZzTznL0S6p/TcZL2kAcEgCZN4zfy8wMlEXV4WnAEFTyJN # AgMBAAGjggHmMIIB4jAQBgkrBgEEAYI3FQEEAwIBADAdBgNVHQ4EFgQU1WM6XIox # kPNDe3xGG8UzaFqFbVUwGQYJKwYBBAGCNxQCBAweCgBTAHUAYgBDAEEwCwYDVR0P # BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAU1fZWy4/oolxiaNE9 # lJBb186aGMQwVgYDVR0fBE8wTTBLoEmgR4ZFaHR0cDovL2NybC5taWNyb3NvZnQu # Y29tL3BraS9jcmwvcHJvZHVjdHMvTWljUm9vQ2VyQXV0XzIwMTAtMDYtMjMuY3Js # MFoGCCsGAQUFBwEBBE4wTDBKBggrBgEFBQcwAoY+aHR0cDovL3d3dy5taWNyb3Nv # ZnQuY29tL3BraS9jZXJ0cy9NaWNSb29DZXJBdXRfMjAxMC0wNi0yMy5jcnQwgaAG # A1UdIAEB/wSBlTCBkjCBjwYJKwYBBAGCNy4DMIGBMD0GCCsGAQUFBwIBFjFodHRw # Oi8vd3d3Lm1pY3Jvc29mdC5jb20vUEtJL2RvY3MvQ1BTL2RlZmF1bHQuaHRtMEAG # CCsGAQUFBwICMDQeMiAdAEwAZQBnAGEAbABfAFAAbwBsAGkAYwB5AF8AUwB0AGEA # dABlAG0AZQBuAHQALiAdMA0GCSqGSIb3DQEBCwUAA4ICAQAH5ohRDeLG4Jg/gXED # PZ2joSFvs+umzPUxvs8F4qn++ldtGTCzwsVmyWrf9efweL3HqJ4l4/m87WtUVwgr # UYJEEvu5U4zM9GASinbMQEBBm9xcF/9c+V4XNZgkVkt070IQyK+/f8Z/8jd9Wj8c # 8pl5SpFSAK84Dxf1L3mBZdmptWvkx872ynoAb0swRCQiPM/tA6WWj1kpvLb9BOFw # nzJKJ/1Vry/+tuWOM7tiX5rbV0Dp8c6ZZpCM/2pif93FSguRJuI57BlKcWOdeyFt # w5yjojz6f32WapB4pm3S4Zz5Hfw42JT0xqUKloakvZ4argRCg7i1gJsiOCC1JeVk # 7Pf0v35jWSUPei45V3aicaoGig+JFrphpxHLmtgOR5qAxdDNp9DvfYPw4TtxCd9d # dJgiCGHasFAeb73x4QDf5zEHpJM692VHeOj4qEir995yfmFrb3epgcunCaw5u+zG # y9iCtHLNHfS4hQEegPsbiSpUObJb2sgNVZl6h3M7COaYLeqN4DMuEin1wC9UJyH3 # yKxO2ii4sanblrKnQqLJzxlBTeCG+SqaoxFmMNO7dDJL32N79ZmKLxvHIa9Zta7c # RDyXUHHXodLFVeNp3lfB0d4wwP3M5k37Db9dT+mdHhk4L7zPWAUu7w2gUDXa7wkn # HNWzfjUeCLraNtvTX4/edIhJEqGCAs8wggI4AgEBMIH8oYHUpIHRMIHOMQswCQYD # VQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEe # MBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSkwJwYDVQQLEyBNaWNyb3Nv # ZnQgT3BlcmF0aW9ucyBQdWVydG8gUmljbzEmMCQGA1UECxMdVGhhbGVzIFRTUyBF # U046Rjc3Ri1FMzU2LTVCQUUxJTAjBgNVBAMTHE1pY3Jvc29mdCBUaW1lLVN0YW1w # IFNlcnZpY2WiIwoBATAHBgUrDgMCGgMVAOqy5qyh8iDD++nj5d9tcSlCd2F/oIGD # MIGApH4wfDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNV # BAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQG # A1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAgUENBIDIwMTAwDQYJKoZIhvcNAQEF # BQACBQDi8bu1MCIYDzIwMjAwODI3MDg1NzI1WhgPMjAyMDA4MjgwODU3MjVaMHQw # OgYKKwYBBAGEWQoEATEsMCowCgIFAOLxu7UCAQAwBwIBAAICEd8wBwIBAAICEeow # CgIFAOLzDTUCAQAwNgYKKwYBBAGEWQoEAjEoMCYwDAYKKwYBBAGEWQoDAqAKMAgC # AQACAwehIKEKMAgCAQACAwGGoDANBgkqhkiG9w0BAQUFAAOBgQArSf4V/Zf1/yIH # 884T1dhxkdKSnJa1Ulnre85vDJxj3WFPDMN6DDJy6V8Wt8c8oeB7j0DRaxI2+8w2 # jd+J8mN/dMQfxDCXhDxl+epClaIz7IzFZHe/AuQvRr+A+F+bGJmy4y6sqqT+BCpp # 92hLMIfnVP217sfZB4iXcrEzJJlIujGCAw0wggMJAgEBMIGTMHwxCzAJBgNVBAYT # AlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYD # VQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMTHU1pY3Jvc29mdCBU # aW1lLVN0YW1wIFBDQSAyMDEwAhMzAAABKugXlviGp++jAAAAAAEqMA0GCWCGSAFl # AwQCAQUAoIIBSjAaBgkqhkiG9w0BCQMxDQYLKoZIhvcNAQkQAQQwLwYJKoZIhvcN # AQkEMSIEIJgElkFkzFuoDR8zRYWjd2IJjZ1sP98j5K5S0CMRy6ICMIH6BgsqhkiG # 9w0BCRACLzGB6jCB5zCB5DCBvQQgQ5g1hFr3On4bObeFqKOUPhTBQnGiIFeMlD+A # qbgZi5kwgZgwgYCkfjB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3Rv # bjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0 # aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMAITMwAA # ASroF5b4hqfvowAAAAABKjAiBCD/niyMvSQ3QPjwcKlVeojs9bJCsduAGNkWm8HT # +u8lVTANBgkqhkiG9w0BAQsFAASCAQBsqOsD4dCeaXJMwzKfsdc4zL0efvand1tA # fvFVnemBNJl9q5UhR7TAdUWm+SN8y4butvYt+PM479uiNrLJNfaYZoVonMx481w/ # W0EFogUWA6Eb8o76RO8a/T01FoBxX2i9Onw2hvXg4WdnA6kAT8gSRpZ0GbNIdBbH # HeQvdfyT2sGBDpRF6Nq/QKeAC7i92+zDIqG7FxGNxLCHLHAP9tNBmgeGj6VKs5Y0 # x/AIa9JjEFd/AcNX7Ot3EnX2zsBniaitV7WB0rS2EsHBwkm0dg9uBdyr5R53z3DY # Fka2P/KXYtLQFERl/eJd1C8/pHbZzARjijPa8gNz+hBiAsfhU+5J # SIG # End signature block |