AzureValidation/Microsoft.AzureStack.AzureValidation.Internal.psm1
|
<#############################################################
# # # Copyright (C) Microsoft Corporation. All rights reserved. # # # #############################################################> Import-LocalizedData LocalizedData -BaseDirectory $PSScriptRoot -Filename Microsoft.AzureStack.AzureValidation.Strings.psd1 # Call install code to check Service Administrator Function Test-AzsServiceAdministrator { [OutputType([Hashtable])] [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string] $AADDirectoryTenantName ) $thisFunction = $MyInvocation.MyCommand.Name $null = Import-Module $PSScriptRoot\AzureADConfiguration.psm1 -force $ErrorDetails = @() $err = $null Write-AzsReadinessLog -message "Starting: Get-AzureADTenantDetails" -function $thisFunction try { $tenantDetails = Get-AzureADTenantDetails -AADDirectoryTenantName $AADDirectoryTenantName } catch { $err = $_ } if ($err) { if ($err.Exception.Message -match 'is not an administrator of the Azure Active Directory tenant') { $ErrorDetails += ($LocalizedData.NotAdminOfTenant -f (Get-AzContext).Account.id, $AADDirectoryTenantName ) Write-AzsReadinessLog -message ("Get-AzureADTenantDetails failed with: {0}" -f $LocalizedData.NotAdminOfTenant) -function $thisFunction -type Error $result = 'Fail' } else { $errorDetails += ($LocalizedData.testfailed -f $thisFunction, $err.exception) Write-AzsReadinessLog -message $errorDetails -function $thisFunction -type Error $result = 'Fail' } } if ($tenantDetails) { $result = 'OK' Write-AzsReadinessLog -message "Get-AzureADTenantDetails completed" -function $thisFunction } @{'Test' = 'ServiceAdministrator'; 'Result' = $result; 'errorDetails' = $errorDetails; 'Assets' = @{'AADServiceAdmin' = (Get-AzContext).account.id; 'AzureEnvironment' = (Get-AzContext).environment.name; 'AADDirectoryTenantName' = $AADDirectoryTenantName}} } Function Test-AzsRegistrationAccount { [OutputType([Hashtable])] [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [psobject] $subscription, [Parameter(Mandatory = $true)] [string] $subscriptionId, [Parameter(Mandatory = $true)] [string] $tenantId ) $thisFunction = $MyInvocation.MyCommand.Name $errorDetail = @() $supportedSubscriptionTypes = 'EnterpriseAgreement_', 'CSP_', 'Sponsored_', 'Internal_' Write-AzsReadinessLog -message ("Testing if subscription {0} is one of type {1}" -f $subscription.subscriptionid, ($supportedSubscriptionTypes -join ',')) -function $thisFunction if ($subscription.subscriptionPolicies.quotaId -match ($supportedSubscriptionType -join '|')) { $supported = $true Write-AzsReadinessLog -message ("Success subscription {0} is of type {1}" -f $subscription.subscriptionid, $subscription.subscriptionPolicies.quotaId) -function $thisFunction } else { $supported = $true $errorDetail += ($LocalizedData.SubscriptionNotSupported -f $subscription.subscriptionid, $subscription.subscriptionPolicies.quotaId) Write-AzsReadinessLog -message ($LocalizedData.SubscriptionNotSupported -f $subscription.subscriptionid, $subscription.subscriptionPolicies.quotaId) -function $thisFunction -type Error } # Check subscription is enabled if ($subscription.state -eq 'Enabled') { $enabled = $true Write-AzsReadinessLog -message ("Subscription {0} is enabled" -f $subscription.subscriptionid) -function $thisFunction } else { $enabled = $false $errorDetail += ($LocalizedData.SubscriptionNotEnabled -f $subscription.subscriptionid) Write-AzsReadinessLog -message ($LocalizedData.SubscriptionNotEnabled -f $subscription.subscriptionid) -function $thisFunction } # Check subscriptions match Write-AzsReadinessLog -message ("Checking subscription {0} matches given subscription {1}" -f $subscription.subscriptionid, $subscriptionid) -function $thisFunction if ($subscription.subscriptionid -eq $subscriptionid) { $subscriptionMatch = $true Write-AzsReadinessLog -message ("Subscription {0} matches given subscription {1}" -f $subscription.subscriptionid, $subscriptionid) -function $thisFunction } Else { $subscriptionMatch = $false $errorDetail += ($LocalizedData.SubscriptionNotMatch -f $subscription.subscriptionid, $subscriptionid) Write-AzsReadinessLog -message ($LocalizedData.SubscriptionNotMatch -f $subscription.subscriptionid, $subscriptionid) -function $thisFunction -type Error } ## Test if user account has right permissions and can access Graph API Write-AzsReadinessLog -message ("Testing if user has correct permissions set and can access Graph API." ) -function $thisFunction $azureURIs = Get-Endpoints (Get-AzContext).Environment.ResourceManagerUrl $token = Get-AzAccessToken -Resource (Get-AzContext).Environment.GraphEndpointResourceId -TenantId $tenantId $graphUri = "$($AzureURIs.GraphUri.TrimEnd('/'))/$tenantId/applications?api-version=1.6" $userPermission = $false try { $tenantResponse = Invoke-RestMethod -Method Get -Uri $graphUri -Headers @{Authorization = "Bearer $($token.Token)"} $userPermission = $true Write-AzsReadinessLog -message ("User was able to successfully invoke Graph API." ) -function $thisFunction } catch { $userPermission = $false $errorDetail += ("User does not have permission to access Graph API. Please check your account. Status Code: {0}, Exception: {1}" -f $_.Exception.Response.StatusCode, $_.Exception.Response) Write-AzsReadinessLog -message ( $errorDetail) -function $thisFunction -type Error } ## Add check for userpermission if ($supported -AND $enabled -AND $subscriptionMatch -AND $userPermission) { $result = 'OK' Write-AzsReadinessLog -message ("Overall check for subscription {0} is success" -f $subscription.subscriptionid) -function $thisFunction } else { $result = 'Fail' Write-AzsReadinessLog -message ("Overall check for subscription {0} is error with detail {1}: " -f $subscription.subscriptionid, ($errorDetail -join ',')) -function $thisFunction -Type Error } @{'Test' = 'RegistrationAccount'; 'Result' = $result; 'errorDetails' = $errorDetail; 'Assets' = @{'SubscriptionId' = $subscription.subscriptionid; 'SubscriptionType' = $subscription.subscriptionPolicies.quotaId; 'Enabled' = $enabled}} } # Get subscription detail via REST so we can see the subscription type (CSP, EA, PAYG etc.) function Get-AzureSubscriptionDetail { [OutputType([Hashtable])] [CmdletBinding()] param ([string]$tenantid, [string]$subscriptionid ) $thisFunction = $MyInvocation.MyCommand.Name try { Write-AzsReadinessLog -message ("TenantID: {0}" -f $tenantid) -function $thisFunction Write-AzsReadinessLog -message ("SubscriptionId: {0}" -f $subscriptionid) -function $thisFunction $errorDetails = @() # Set well-known client ID for AzurePowerShell $clientId = "1950a258-227b-4e31-a9cf-717495945fc2" # Set redirect URI for Azure PowerShell $redirectUri = "urn:ietf:wg:oauth:2.0:oob" $azureURIs = Get-Endpoints (Get-AzContext).Environment.ResourceManagerUrl # Set Resource App URI as ARM $resourceAppIdURI = $AzureURIs.ARMUri Write-AzsReadinessLog -message ("Retrieved ARMURI {0}" -f $resourceAppIdURI) -function $thisFunction # Set Authority to Azure AD Tenant $authority = "{0}{1}" -f $AzureURIs.LoginUri, $tenantid Write-AzsReadinessLog -message ("Authority {0}" -f $authority) -function $thisFunction $token = Get-AzAccessToken -TenantId $tenantId $username = (ConvertFrom-JwtToken $token.Token).claims.upn $principalId = (ConvertFrom-JwtToken $token.Token).claims.oid $header = @{ 'Content-Type' = 'application/json' 'Authorization' = "Bearer $($token.Token)" } # Get Subscription detail $ApiVersion = '2017-08-01' $URI = $resourceAppIdURI + "subscriptions/${subscriptionId}?api-version=$ApiVersion" Write-AzsReadinessLog -message ("Making REST call to uri {0} for subscription details" -f $uri, $header) -function $thisFunction $subscription = Invoke-RestMethod -Uri $URI -Method GET -Headers $header $roleAssignmentURI = $resourceAppIdURI + "subscriptions/${subscriptionId}/providers/Microsoft.Authorization/roleAssignments?api-version=2017-09-01&`$filter=PrincipalId eq '$principalId'" Write-AzsReadinessLog -message ("Making call to uri {0} for role assignments of user" -f $uri) -function $thisFunction $roleAssignment = Invoke-RestMethod -Uri $roleAssignmentURI -Method GET -Headers $header $roleDefinitionIds = $roleAssignment.value.properties.roleDefinitionId Write-AzsReadinessLog -message ("RoleAssignment IDs {0} for user" -f ($roleDefinitionIds -join ',')) -function $thisFunction # Make role assignment definition call $roleDefURI = $resourceAppIdURI + "subscriptions/${subscriptionId}/providers/Microsoft.Authorization/roleDefinitions?api-version=2015-07-01" Write-AzsReadinessLog -message ("Get all RoleAssignment defintions from uri {0}" -f $roleDefURI) -function $thisFunction $allRoleDefs = Invoke-RestMethod -Uri $roleDefURI -Method GET -Headers $header # filter definitions on users role assignment(s) $roledef = $allRoleDefs.value | Where-Object id -in $roleDefinitionIds Write-AzsReadinessLog ("Resolving {0} role definition(s) from user in role definition list." -f ($roleDef.properties.roleName -join ',')) -function $thisFunction # check is role definition on user is owner if ($roleDef.properties.roleName -match 'Owner') { Write-AzsReadinessLog ("Success. Owner present. User: {0} role(s): {1}" -f $principalId, ($roleDef.properties.roleName -join ',')) -function $thisFunction } else { $allClassicAdmins = Get-AzureClassicAdmins -resourceAppIdURI $resourceAppIdURI -header $header -subscriptionId $subscriptionId $classicAdmin = $allClassicAdmins | Where-Object {$_.properties.emailaddress -eq $principalId} if ($classicAdmin) { Write-AzsReadinessLog ("Success. Classic Admin present. User: {0} role(s): {1}" -f $username, $classicAdmin.properties.role) -function $thisFunction } else { Write-AzsReadinessLog ("Error. Owner and classic admin not present. User: {0} role(s): {1}" -f $username, ($roleDef.properties.roleName -join ',')) -function $thisFunction throw "NonOwner" } } } catch { if ($_.exception.Message -match 'Forbidden|Unauthorized') { $errorDetails += ($LocalizedData.UserNotAuthorizedForSubscription -f $username, $tenantid, $subscriptionid) Write-AzsReadinessLog -message ($LocalizedData.UserNotAuthorizedForSubscription -f $username, $tenantid, $subscriptionid) -function $thisFunction -type Error } elseif ($_.exception.Message -match 'NonOwner') { $errorDetails += ($LocalizedData.UserNotOwnerForSubscription -f $username, ($roleDef.properties.roleName -join ','), $subscriptionid) Write-AzsReadinessLog -message ($LocalizedData.UserNotOwnerForSubscription -f $username, $tenantid, $subscriptionid) -function $thisFunction -type Error } else { $errorDetails += ("{0} threw an error: {1}" -f $MyInvocation.MyCommand.Name, $_) Write-AzsReadinessLog -message ("error: {0}" -f $_) -function $thisFunction -type Error } } @{'Test' = 'GetSubscription'; 'subscription' = $subscription; 'errorDetails' = $errorDetails; 'AADDirectoryTenantName' = $tenantid; 'subscriptionid' = $subscriptionid; 'credential' = $principalId; 'AzureEnvironment' = $AzureEnvironment; 'UserRole' = ($roleDef.properties.roleName -join ',')} } function Get-AzureClassicAdmins { param ($resourceAppIdURI, $header, $subscriptionId) $thisFunction = $MyInvocation.MyCommand.Name $classicAdminURI = $resourceAppIdURI + "subscriptions/${subscriptionId}/providers/Microsoft.Authorization/classicAdministrators?api-version=2015-06-01" Write-AzsReadinessLog -message ("Get Classic Administrators from uri {0}" -f $classicAdminURI) -function $thisFunction try { $classicAdmins = Invoke-RestMethod -Uri $classicAdminURI -Method GET -Headers $header | Select-Object -ExpandProperty Value } catch { Write-AzsReadinessLog -message ("Unable to retrieve Classic Administrators from uri {0}. Exception {1}" -f $classicAdminURI, $_.exception) -function $thisFunction -Type Error } return $classicAdmins } # SIG # Begin signature block # MIIjgwYJKoZIhvcNAQcCoIIjdDCCI3ACAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCBBKdViOAoi9adr # 4E/JA05JjotlxWlxf/QwFi/PJOxgSqCCDYEwggX/MIID56ADAgECAhMzAAAB32vw # LpKnSrTQAAAAAAHfMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMRMwEQYD # VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNpZ25p # bmcgUENBIDIwMTEwHhcNMjAxMjE1MjEzMTQ1WhcNMjExMjAyMjEzMTQ1WjB0MQsw # CQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9u # ZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYDVQQDExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB # AQC2uxlZEACjqfHkuFyoCwfL25ofI9DZWKt4wEj3JBQ48GPt1UsDv834CcoUUPMn # s/6CtPoaQ4Thy/kbOOg/zJAnrJeiMQqRe2Lsdb/NSI2gXXX9lad1/yPUDOXo4GNw # PjXq1JZi+HZV91bUr6ZjzePj1g+bepsqd/HC1XScj0fT3aAxLRykJSzExEBmU9eS # yuOwUuq+CriudQtWGMdJU650v/KmzfM46Y6lo/MCnnpvz3zEL7PMdUdwqj/nYhGG # 3UVILxX7tAdMbz7LN+6WOIpT1A41rwaoOVnv+8Ua94HwhjZmu1S73yeV7RZZNxoh # EegJi9YYssXa7UZUUkCCA+KnAgMBAAGjggF+MIIBejAfBgNVHSUEGDAWBgorBgEE # AYI3TAgBBggrBgEFBQcDAzAdBgNVHQ4EFgQUOPbML8IdkNGtCfMmVPtvI6VZ8+Mw # UAYDVR0RBEkwR6RFMEMxKTAnBgNVBAsTIE1pY3Jvc29mdCBPcGVyYXRpb25zIFB1 # ZXJ0byBSaWNvMRYwFAYDVQQFEw0yMzAwMTIrNDYzMDA5MB8GA1UdIwQYMBaAFEhu # ZOVQBdOCqhc3NyK1bajKdQKVMFQGA1UdHwRNMEswSaBHoEWGQ2h0dHA6Ly93d3cu # bWljcm9zb2Z0LmNvbS9wa2lvcHMvY3JsL01pY0NvZFNpZ1BDQTIwMTFfMjAxMS0w # Ny0wOC5jcmwwYQYIKwYBBQUHAQEEVTBTMFEGCCsGAQUFBzAChkVodHRwOi8vd3d3 # Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NlcnRzL01pY0NvZFNpZ1BDQTIwMTFfMjAx # MS0wNy0wOC5jcnQwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQsFAAOCAgEAnnqH # tDyYUFaVAkvAK0eqq6nhoL95SZQu3RnpZ7tdQ89QR3++7A+4hrr7V4xxmkB5BObS # 0YK+MALE02atjwWgPdpYQ68WdLGroJZHkbZdgERG+7tETFl3aKF4KpoSaGOskZXp # TPnCaMo2PXoAMVMGpsQEQswimZq3IQ3nRQfBlJ0PoMMcN/+Pks8ZTL1BoPYsJpok # t6cql59q6CypZYIwgyJ892HpttybHKg1ZtQLUlSXccRMlugPgEcNZJagPEgPYni4 # b11snjRAgf0dyQ0zI9aLXqTxWUU5pCIFiPT0b2wsxzRqCtyGqpkGM8P9GazO8eao # mVItCYBcJSByBx/pS0cSYwBBHAZxJODUqxSXoSGDvmTfqUJXntnWkL4okok1FiCD # Z4jpyXOQunb6egIXvkgQ7jb2uO26Ow0m8RwleDvhOMrnHsupiOPbozKroSa6paFt # VSh89abUSooR8QdZciemmoFhcWkEwFg4spzvYNP4nIs193261WyTaRMZoceGun7G # CT2Rl653uUj+F+g94c63AhzSq4khdL4HlFIP2ePv29smfUnHtGq6yYFDLnT0q/Y+ # Di3jwloF8EWkkHRtSuXlFUbTmwr/lDDgbpZiKhLS7CBTDj32I0L5i532+uHczw82 # oZDmYmYmIUSMbZOgS65h797rj5JJ6OkeEUJoAVwwggd6MIIFYqADAgECAgphDpDS # AAAAAAADMA0GCSqGSIb3DQEBCwUAMIGIMQswCQYDVQQGEwJVUzETMBEGA1UECBMK # V2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0 # IENvcnBvcmF0aW9uMTIwMAYDVQQDEylNaWNyb3NvZnQgUm9vdCBDZXJ0aWZpY2F0 # ZSBBdXRob3JpdHkgMjAxMTAeFw0xMTA3MDgyMDU5MDlaFw0yNjA3MDgyMTA5MDla # MH4xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdS # ZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMT # H01pY3Jvc29mdCBDb2RlIFNpZ25pbmcgUENBIDIwMTEwggIiMA0GCSqGSIb3DQEB # AQUAA4ICDwAwggIKAoICAQCr8PpyEBwurdhuqoIQTTS68rZYIZ9CGypr6VpQqrgG # OBoESbp/wwwe3TdrxhLYC/A4wpkGsMg51QEUMULTiQ15ZId+lGAkbK+eSZzpaF7S # 35tTsgosw6/ZqSuuegmv15ZZymAaBelmdugyUiYSL+erCFDPs0S3XdjELgN1q2jz # y23zOlyhFvRGuuA4ZKxuZDV4pqBjDy3TQJP4494HDdVceaVJKecNvqATd76UPe/7 # 4ytaEB9NViiienLgEjq3SV7Y7e1DkYPZe7J7hhvZPrGMXeiJT4Qa8qEvWeSQOy2u # M1jFtz7+MtOzAz2xsq+SOH7SnYAs9U5WkSE1JcM5bmR/U7qcD60ZI4TL9LoDho33 # X/DQUr+MlIe8wCF0JV8YKLbMJyg4JZg5SjbPfLGSrhwjp6lm7GEfauEoSZ1fiOIl # XdMhSz5SxLVXPyQD8NF6Wy/VI+NwXQ9RRnez+ADhvKwCgl/bwBWzvRvUVUvnOaEP # 6SNJvBi4RHxF5MHDcnrgcuck379GmcXvwhxX24ON7E1JMKerjt/sW5+v/N2wZuLB # l4F77dbtS+dJKacTKKanfWeA5opieF+yL4TXV5xcv3coKPHtbcMojyyPQDdPweGF # RInECUzF1KVDL3SV9274eCBYLBNdYJWaPk8zhNqwiBfenk70lrC8RqBsmNLg1oiM # CwIDAQABo4IB7TCCAekwEAYJKwYBBAGCNxUBBAMCAQAwHQYDVR0OBBYEFEhuZOVQ # BdOCqhc3NyK1bajKdQKVMBkGCSsGAQQBgjcUAgQMHgoAUwB1AGIAQwBBMAsGA1Ud # DwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFHItOgIxkEO5FAVO # 4eqnxzHRI4k0MFoGA1UdHwRTMFEwT6BNoEuGSWh0dHA6Ly9jcmwubWljcm9zb2Z0 # LmNvbS9wa2kvY3JsL3Byb2R1Y3RzL01pY1Jvb0NlckF1dDIwMTFfMjAxMV8wM18y # Mi5jcmwwXgYIKwYBBQUHAQEEUjBQME4GCCsGAQUFBzAChkJodHRwOi8vd3d3Lm1p # Y3Jvc29mdC5jb20vcGtpL2NlcnRzL01pY1Jvb0NlckF1dDIwMTFfMjAxMV8wM18y # Mi5jcnQwgZ8GA1UdIASBlzCBlDCBkQYJKwYBBAGCNy4DMIGDMD8GCCsGAQUFBwIB # FjNodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2RvY3MvcHJpbWFyeWNw # cy5odG0wQAYIKwYBBQUHAgIwNB4yIB0ATABlAGcAYQBsAF8AcABvAGwAaQBjAHkA # XwBzAHQAYQB0AGUAbQBlAG4AdAAuIB0wDQYJKoZIhvcNAQELBQADggIBAGfyhqWY # 4FR5Gi7T2HRnIpsLlhHhY5KZQpZ90nkMkMFlXy4sPvjDctFtg/6+P+gKyju/R6mj # 82nbY78iNaWXXWWEkH2LRlBV2AySfNIaSxzzPEKLUtCw/WvjPgcuKZvmPRul1LUd # d5Q54ulkyUQ9eHoj8xN9ppB0g430yyYCRirCihC7pKkFDJvtaPpoLpWgKj8qa1hJ # Yx8JaW5amJbkg/TAj/NGK978O9C9Ne9uJa7lryft0N3zDq+ZKJeYTQ49C/IIidYf # wzIY4vDFLc5bnrRJOQrGCsLGra7lstnbFYhRRVg4MnEnGn+x9Cf43iw6IGmYslmJ # aG5vp7d0w0AFBqYBKig+gj8TTWYLwLNN9eGPfxxvFX1Fp3blQCplo8NdUmKGwx1j # NpeG39rz+PIWoZon4c2ll9DuXWNB41sHnIc+BncG0QaxdR8UvmFhtfDcxhsEvt9B # xw4o7t5lL+yX9qFcltgA1qFGvVnzl6UJS0gQmYAf0AApxbGbpT9Fdx41xtKiop96 # eiL6SJUfq/tHI4D1nvi/a7dLl+LrdXga7Oo3mXkYS//WsyNodeav+vyL6wuA6mk7 # r/ww7QRMjt/fdW1jkT3RnVZOT7+AVyKheBEyIXrvQQqxP/uozKRdwaGIm1dxVk5I # RcBCyZt2WwqASGv9eZ/BvW1taslScxMNelDNMYIVWDCCFVQCAQEwgZUwfjELMAkG # A1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQx # HjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEoMCYGA1UEAxMfTWljcm9z # b2Z0IENvZGUgU2lnbmluZyBQQ0EgMjAxMQITMwAAAd9r8C6Sp0q00AAAAAAB3zAN # BglghkgBZQMEAgEFAKCBrjAZBgkqhkiG9w0BCQMxDAYKKwYBBAGCNwIBBDAcBgor # BgEEAYI3AgELMQ4wDAYKKwYBBAGCNwIBFTAvBgkqhkiG9w0BCQQxIgQg0POMLhsq # zNLBJJ65wDq2MrqcDk9VtDtLPe7uNHTb/P0wQgYKKwYBBAGCNwIBDDE0MDKgFIAS # AE0AaQBjAHIAbwBzAG8AZgB0oRqAGGh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbTAN # BgkqhkiG9w0BAQEFAASCAQCV7VCAt40Yv1mSi3ea2LUIk0ML5TlGSEKcKGVVFYug # NNeQN/gB1FfjO/rRHUqVULppGvcjeKOZ/yfkCVglM8YYWvj8jGgkj0hFN2VzCxQG # IbT86BpkI0pR0JM2OwzP6EpO5e+eGkn9M11ibdW2g6IGOdGXLmmnlZS60Csv7njO # G1OGnx8zlZcMJE8FUJhFaMo978xs5mx4aNf8QV3pDJ8SBzXvmo7VxvYaQlZ5PCPV # skyXh407SV5d62YK+xE/mNqukQrJ6F/Va2QM2+ftzIIKllIt01zJJXKxFTW5Q8eD # +tzV4YuEv26BrnXQIrDABYE7tB5wQbaig1AbaT8/lrHHoYIS4jCCEt4GCisGAQQB # gjcDAwExghLOMIISygYJKoZIhvcNAQcCoIISuzCCErcCAQMxDzANBglghkgBZQME # AgEFADCCAVEGCyqGSIb3DQEJEAEEoIIBQASCATwwggE4AgEBBgorBgEEAYRZCgMB # MDEwDQYJYIZIAWUDBAIBBQAEIBvugZ3xiI1+nvNrnoIGwsqfq9wifj30BnkkJZlh # unHPAgZg+ZvRTFEYEzIwMjEwNzI3MTcxOTA5Ljg2M1owBIACAfSggdCkgc0wgcox # CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRt # b25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xJTAjBgNVBAsTHE1p # Y3Jvc29mdCBBbWVyaWNhIE9wZXJhdGlvbnMxJjAkBgNVBAsTHVRoYWxlcyBUU1Mg # RVNOOjdCRjEtRTNFQS1CODA4MSUwIwYDVQQDExxNaWNyb3NvZnQgVGltZS1TdGFt # cCBTZXJ2aWNloIIOOTCCBPEwggPZoAMCAQICEzMAAAFRw1DnWWyqxqcAAAAAAVEw # DQYJKoZIhvcNAQELBQAwfDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0 # b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3Jh # dGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAgUENBIDIwMTAwHhcN # MjAxMTEyMTgyNjA0WhcNMjIwMjExMTgyNjA0WjCByjELMAkGA1UEBhMCVVMxEzAR # BgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1p # Y3Jvc29mdCBDb3Jwb3JhdGlvbjElMCMGA1UECxMcTWljcm9zb2Z0IEFtZXJpY2Eg # T3BlcmF0aW9uczEmMCQGA1UECxMdVGhhbGVzIFRTUyBFU046N0JGMS1FM0VBLUI4 # MDgxJTAjBgNVBAMTHE1pY3Jvc29mdCBUaW1lLVN0YW1wIFNlcnZpY2UwggEiMA0G # CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCf0ofvqoSuO+84iSNZsem0yRgOOYb4 # kSbOC7Kv9XGNmBn+KDwyTjuOpIk/lHEf+wPKqFi7uM9I7zqyJmHy7sMFf0vwj4AH # 7x88+8Pi6gsoPbYGmgWXgHwXDkrtK6Ju9vEY3tp0vX/Nb6xZeVW+kOEQ8goMgK8R # 02MZMuGS19+2N5+D2W6YExQEnYbj+Dhp3R0O9E2YqIxldd78uXhCD+g9LNcJQRih # JKprkP7kxGKZV7n9hMuPSNWvyIXjlXSFPtUfw4k7hgiZydmGroPDUb7DoAJEZ48W # Y5apby0RnXdIyY6q4mtOTDLLzPI21W20kBft2IUttHRK8yVsllYrQod3AgMBAAGj # ggEbMIIBFzAdBgNVHQ4EFgQUxXf/42hQYpM0aDo4zITp83VE6m0wHwYDVR0jBBgw # FoAU1WM6XIoxkPNDe3xGG8UzaFqFbVUwVgYDVR0fBE8wTTBLoEmgR4ZFaHR0cDov # L2NybC5taWNyb3NvZnQuY29tL3BraS9jcmwvcHJvZHVjdHMvTWljVGltU3RhUENB # XzIwMTAtMDctMDEuY3JsMFoGCCsGAQUFBwEBBE4wTDBKBggrBgEFBQcwAoY+aHR0 # cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9jZXJ0cy9NaWNUaW1TdGFQQ0FfMjAx # MC0wNy0wMS5jcnQwDAYDVR0TAQH/BAIwADATBgNVHSUEDDAKBggrBgEFBQcDCDAN # BgkqhkiG9w0BAQsFAAOCAQEAK/31wBWDmfHRKqO8t9DOa6AyPlwn00TrR25IfUun # EdiKb0uzdR+Jh3u3Qm/ITD+tFMQodvOdXosUuVf76UckwYrNmce1N7Y4jpkcWc2I # WG2DJa5gMmubspDKQ2LUbUtu5WJ70x6Gagr6EGJmeetx9lKcFKiSu87ZARYcLXGd # nnAzzZQSOmsVg6RyFT7pFygKOOYgUZ+BLM2PUwht/iVwnkWhXUyDoXAXjkKKM5cd # VevOSKwxn2m4OkWOMRXpMBjog2AySEt6/8BWjDSwXwx9DO0kiUVh0USRnk0X8jLO # gLZhv2LDhsIp0Gt0PcCzqa+gZI2MILqU53PoR6skrc2EWDCCBnEwggRZoAMCAQIC # CmEJgSoAAAAAAAIwDQYJKoZIhvcNAQELBQAwgYgxCzAJBgNVBAYTAlVTMRMwEQYD # VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24xMjAwBgNVBAMTKU1pY3Jvc29mdCBSb290IENlcnRp # ZmljYXRlIEF1dGhvcml0eSAyMDEwMB4XDTEwMDcwMTIxMzY1NVoXDTI1MDcwMTIx # NDY1NVowfDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNV # BAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQG # A1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAgUENBIDIwMTAwggEiMA0GCSqGSIb3 # DQEBAQUAA4IBDwAwggEKAoIBAQCpHQ28dxGKOiDs/BOX9fp/aZRrdFQQ1aUKAIKF # ++18aEssX8XD5WHCdrc+Zitb8BVTJwQxH0EbGpUdzgkTjnxhMFmxMEQP8WCIhFRD # DNdNuDgIs0Ldk6zWczBXJoKjRQ3Q6vVHgc2/JGAyWGBG8lhHhjKEHnRhZ5FfgVSx # z5NMksHEpl3RYRNuKMYa+YaAu99h/EbBJx0kZxJyGiGKr0tkiVBisV39dx898Fd1 # rL2KQk1AUdEPnAY+Z3/1ZsADlkR+79BL/W7lmsqxqPJ6Kgox8NpOBpG2iAg16Hgc # sOmZzTznL0S6p/TcZL2kAcEgCZN4zfy8wMlEXV4WnAEFTyJNAgMBAAGjggHmMIIB # 4jAQBgkrBgEEAYI3FQEEAwIBADAdBgNVHQ4EFgQU1WM6XIoxkPNDe3xGG8UzaFqF # bVUwGQYJKwYBBAGCNxQCBAweCgBTAHUAYgBDAEEwCwYDVR0PBAQDAgGGMA8GA1Ud # EwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAU1fZWy4/oolxiaNE9lJBb186aGMQwVgYD # VR0fBE8wTTBLoEmgR4ZFaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9jcmwv # cHJvZHVjdHMvTWljUm9vQ2VyQXV0XzIwMTAtMDYtMjMuY3JsMFoGCCsGAQUFBwEB # BE4wTDBKBggrBgEFBQcwAoY+aHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9j # ZXJ0cy9NaWNSb29DZXJBdXRfMjAxMC0wNi0yMy5jcnQwgaAGA1UdIAEB/wSBlTCB # kjCBjwYJKwYBBAGCNy4DMIGBMD0GCCsGAQUFBwIBFjFodHRwOi8vd3d3Lm1pY3Jv # c29mdC5jb20vUEtJL2RvY3MvQ1BTL2RlZmF1bHQuaHRtMEAGCCsGAQUFBwICMDQe # MiAdAEwAZQBnAGEAbABfAFAAbwBsAGkAYwB5AF8AUwB0AGEAdABlAG0AZQBuAHQA # LiAdMA0GCSqGSIb3DQEBCwUAA4ICAQAH5ohRDeLG4Jg/gXEDPZ2joSFvs+umzPUx # vs8F4qn++ldtGTCzwsVmyWrf9efweL3HqJ4l4/m87WtUVwgrUYJEEvu5U4zM9GAS # inbMQEBBm9xcF/9c+V4XNZgkVkt070IQyK+/f8Z/8jd9Wj8c8pl5SpFSAK84Dxf1 # L3mBZdmptWvkx872ynoAb0swRCQiPM/tA6WWj1kpvLb9BOFwnzJKJ/1Vry/+tuWO # M7tiX5rbV0Dp8c6ZZpCM/2pif93FSguRJuI57BlKcWOdeyFtw5yjojz6f32WapB4 # pm3S4Zz5Hfw42JT0xqUKloakvZ4argRCg7i1gJsiOCC1JeVk7Pf0v35jWSUPei45 # V3aicaoGig+JFrphpxHLmtgOR5qAxdDNp9DvfYPw4TtxCd9ddJgiCGHasFAeb73x # 4QDf5zEHpJM692VHeOj4qEir995yfmFrb3epgcunCaw5u+zGy9iCtHLNHfS4hQEe # gPsbiSpUObJb2sgNVZl6h3M7COaYLeqN4DMuEin1wC9UJyH3yKxO2ii4sanblrKn # QqLJzxlBTeCG+SqaoxFmMNO7dDJL32N79ZmKLxvHIa9Zta7cRDyXUHHXodLFVeNp # 3lfB0d4wwP3M5k37Db9dT+mdHhk4L7zPWAUu7w2gUDXa7wknHNWzfjUeCLraNtvT # X4/edIhJEqGCAsswggI0AgEBMIH4oYHQpIHNMIHKMQswCQYDVQQGEwJVUzETMBEG # A1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWlj # cm9zb2Z0IENvcnBvcmF0aW9uMSUwIwYDVQQLExxNaWNyb3NvZnQgQW1lcmljYSBP # cGVyYXRpb25zMSYwJAYDVQQLEx1UaGFsZXMgVFNTIEVTTjo3QkYxLUUzRUEtQjgw # ODElMCMGA1UEAxMcTWljcm9zb2Z0IFRpbWUtU3RhbXAgU2VydmljZaIjCgEBMAcG # BSsOAwIaAxUAoKKvc/E/pEILJUwlIBWgxXrXI16ggYMwgYCkfjB8MQswCQYDVQQG # EwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwG # A1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQg # VGltZS1TdGFtcCBQQ0EgMjAxMDANBgkqhkiG9w0BAQUFAAIFAOSqsaswIhgPMjAy # MTA3MjgwMDI0MTFaGA8yMDIxMDcyOTAwMjQxMVowdDA6BgorBgEEAYRZCgQBMSww # KjAKAgUA5KqxqwIBADAHAgEAAgICKjAHAgEAAgIRVDAKAgUA5KwDKwIBADA2Bgor # BgEEAYRZCgQCMSgwJjAMBgorBgEEAYRZCgMCoAowCAIBAAIDB6EgoQowCAIBAAID # AYagMA0GCSqGSIb3DQEBBQUAA4GBAOzasIasVxCuYyWf7feokbqQ2VOsiCM2T2NT # TQXIBeUfU5UCbIRWKmE13GNdw2d3vps+i845cyxzi6ztQMhJokgrMPANRkIPAFQl # nh/bH88IPBXzRzPXg+2XkIoHgBfGxDuexkNpZs68MpHdl7YyaeSeeXtMn8WjpQiC # aBZsYJKaMYIDDTCCAwkCAQEwgZMwfDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldh # c2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBD # b3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAgUENBIDIw # MTACEzMAAAFRw1DnWWyqxqcAAAAAAVEwDQYJYIZIAWUDBAIBBQCgggFKMBoGCSqG # SIb3DQEJAzENBgsqhkiG9w0BCRABBDAvBgkqhkiG9w0BCQQxIgQg1ULCOAVfoTT3 # uQPsN0Z8cLOSM4gblzAis3KceAjNCwgwgfoGCyqGSIb3DQEJEAIvMYHqMIHnMIHk # MIG9BCAuzVyZiPjWwVkHAKYW+/1Jw/m265SHGy/+3QH1cXrlQTCBmDCBgKR+MHwx # CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRt # b25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMTHU1p # Y3Jvc29mdCBUaW1lLVN0YW1wIFBDQSAyMDEwAhMzAAABUcNQ51lsqsanAAAAAAFR # MCIEIDhZyliShoLcVuQuZoJN3v14B4jpIYejpSgvehIfNWInMA0GCSqGSIb3DQEB # CwUABIIBAFAxA31x2CrjJbJSgSSuWVFWCXDjf09QuYfAKgUM5ofF3vZGri98nOyS # pZ92UW/o+D+17wmWpH+28WNBoMsc9gPll0e0Wb60XPfHrIIicjx2fqKRMQWMA/il # RFi508UOqTyxNIVz4HtVfE9WpyBENGE/9zYbHgPkRShdFVAI/oyzKOk9uItWsA2v # k105CW2Shl7Rr7CcNBvD9ktkfZFpoyvuyPqNn6mNZLm2pVyukkdr09lXzEc2LUc6 # kIGc2q0Up84ushPRfgD3jABrxGK7u+vVvOuO3CGJJyi9/94TRVGIAUSQquBDP07i # vxjBozYaYdyhP50ELh+HvpQhfPJ2En8= # SIG # End signature block |