classes/OSConfig.ps1
|
# Copyright (c) Microsoft Corporation. All rights reserved. function Get-ServerType() { try { $Value = Get-ItemPropertyValue -LiteralPath "HKLM:\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters" -Name "SysvolReady" if (-not [String]::IsNullOrWhiteSpace($Value)) { return "Domain Controller" } } catch { # Ignored. } try { $Value = Get-ItemPropertyValue -LiteralPath "HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" -Name "Domain" if (-not [String]::IsNullOrWhiteSpace($Value)) { return "Member Server" } } catch { # Ignored. } return "Workgroup Member" } function Get-EnvironmentType { $Properties = Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion" if ($Properties.InstallationType -match "Server") { if ($Properties.EditionId -eq "ServerAzureStackHCICor") { $InstallationType = "AzureLocal" if ($Properties.DisplayVersion -eq "24H2") { $Version = "24H2" } elseif ($Properties.DisplayVersion -eq "23H2") { $Version = "23H2" } else { return } } else { $InstallationType = "WindowsServer" # We need to have the necessary update for Windows Server 2022 and Windows Server 23H2 # but not for Windows Server 2025. We can use the UBR (Update Build Revision) to # determine the version. if ($Properties.DisplayVersion -eq "24H2") { $Version = "2025" } elseif (($Properties.DisplayVersion -eq "23H2") -and ($Properties.UBR -ge 1369)) { $Version = "2022" } elseif (($Properties.DisplayVersion -eq "21H2") -and ($Properties.UBR -ge 3091)) { $Version = "2022" } else { return } } } else { return } $Role = (Get-ServerType) -replace " ", "" "$InstallationType\$Version\$Role" } function ConvertFrom-Expression($Expression) { if ($Expression -isnot [String] -or [String]::IsNullOrWhiteSpace($Expression)) { throw [InvalidValueException]::new($Strings.ErrorInvalidExpression -f $Expression) } # JSON object format if ($Expression.TrimStart().StartsWith('{')) { $JsonObj = ConvertFrom-Json -InputObject $Expression -ErrorAction SilentlyContinue if ($null -ne $JsonObj) { $Result = @() foreach ($Property in $JsonObj.PSObject.Properties) { $Result += [PSCustomObject]@{ Name = $Property.Name; Value = $Property.Value } } if ($Result.Count -gt 0) { return , $Result } } } # Semicolon-delimited format $InQuotes = $False $ProcessedExpression = $Expression.Clone() for ($i = 0; $i -lt $Expression.Length; $i++) { if ($Expression[$i] -eq '"') { $InQuotes = -not $InQuotes continue } if ($InQuotes) { continue } if ($Expression[$i] -eq ";") { $ProcessedExpression = $ProcessedExpression.Remove($i, 1).Insert($i, "`n") } } try { $Result = @($ProcessedExpression | ConvertFrom-Csv -Header @("Name", "Value") -Delimiter ":") if (($Result.Count -eq 1) -and (-not $Result.Value)) { $Result[0].Value = $Result[0].Name $Result[0].Name = "*" } , $Result } catch { throw [InvalidValueException]::new($Strings.ErrorInvalidExpression -f $Expression) } } function Find-Rule($Name, $Rules) { # First pass: exact or wildcard match foreach ($Rule in $Rules) { $InclusionRule = -not $Rule.Name.StartsWith("!") $RuleName = if ($InclusionRule) { $Rule.Name } else { $Rule.Name.Substring(1) } if ($Name -like $RuleName) { return $(if ($InclusionRule) { $Rule } else { $null }) } } # Second pass: segment-boundary suffix match foreach ($Rule in $Rules) { $InclusionRule = -not $Rule.Name.StartsWith("!") $RuleName = if ($InclusionRule) { $Rule.Name } else { $Rule.Name.Substring(1) } if ($Name -like "*\$RuleName") { return $(if ($InclusionRule) { $Rule } else { $null }) } } } class OSConfigReason { [DscProperty()] [String] $Code [DscProperty()] [String] $Phrase OSConfigReason() { } OSConfigReason([String] $RuleId, [String] $Severity, [Bool] $IsCompliant, [String] $Reason) { $Status = if ($IsCompliant) { 'BaselineSettingCompliant' } else { 'BaselineSettingNotCompliant' } if ($RuleId) { $Status = "$Status`:$RuleId" } $this.Code = $Status if (-not [String]::IsNullOrWhiteSpace($Severity)) { $this.Phrase = "[$Severity] $Reason" } else { $this.Phrase = $Reason } } } [DscResource()] class OSConfig { [DscProperty()] [String] $RuleId [DscProperty()] [String] $Severity [DscProperty()] [String] $CorrelationGroup [DscProperty(Key)] [String] $Name [DscProperty(Key)] [String] $Type [DscProperty(Key)] [String] $Properties [DscProperty()] [String] $Value [DscProperty()] [String] $ValueType [DscProperty()] [String] $ValueName = 'value' [DscProperty()] [String] $Schema [DscProperty()] [Bool] $ExtendSchema [DscProperty()] [String] $Expression [DscProperty()] [String] $Template [DscProperty()] [Bool] $IsJsonValue = $False [DscProperty()] [String] $RoleFilter [DscProperty()] [String] $VersionFilter [DscProperty(NotConfigurable)] [OSConfigReason[]] $Reasons hidden [Bool] $IsCompliant = $True [OSConfig] Get() { $CurrentState = [OSConfig]::new() $CurrentState.RuleId = $this.RuleId $CurrentState.Severity = $this.Severity $CurrentState.Name = $this.Name $CurrentState.Type = $this.Type $CurrentState.Properties = $this.Properties $CurrentState.Value = $this.Value $CurrentState.Schema = $this.Schema $CurrentState.ExtendSchema = $this.ExtendSchema $CurrentState.ValueType = $this.ValueType $CurrentState.IsJsonValue = $this.IsJsonValue $CurrentState.RoleFilter = $this.RoleFilter $CurrentState.VersionFilter = $this.VersionFilter $CurrentState.Reasons = @() $env:OSCONFIG_LOG_DIR = "$PSScriptRoot\logs" $env:DMOSCONFIG_AUTHORITY = $Script:Constants.Authority.Cloud try { $ErrorActionPreference = 'Stop' if (-not $this.IsApplicable()) { $CurrentState.IsCompliant = $True $CurrentState.Reasons += [OSConfigReason]::new($this.RuleId, $null, $CurrentState.IsCompliant, 'Not applicable') return $CurrentState } $ActualValue = $this.GetActualValue() $ResourceProperties = @{ 'resource' = @{ 'name' = $this.Name 'type' = $this.Type 'properties' = $this.Properties | ConvertFrom-Json } 'template' = $this.GetTemplate($ActualValue) } $ResourceSchema = $this.GetSchema($ActualValue) $ResourceExpression = $this.Expression if ($ResourceExpression) { $ResourceProperties['expression'] = $ResourceExpression } elseif ($ResourceSchema) { $ResourceProperties['schema'] = $ResourceSchema } $Resource = @{ Name = $this.Name Type = 'Common/Test' Properties = $ResourceProperties } $Output = Invoke-Native exec resource --correlation-id $(Get-CorrelationId) --correlation-group $this.CorrelationGroup --mode get --name $Resource.Name --type $Resource.Type --properties (ConvertTo-Json -InputObject $Resource.Properties -Compress -Depth 32) $CurrentState.IsCompliant = $Output.Properties.Compliance.Status -eq 'compliant' $CurrentState.Reasons += [OSConfigReason]::new($this.RuleId, $CurrentState.Severity, $CurrentState.IsCompliant, $Output.Properties.Compliance.Reason) } catch { $CurrentState.IsCompliant = $False $CurrentState.Reasons += [OSConfigReason]::new($this.RuleId, $CurrentState.Severity, $CurrentState.IsCompliant, "$_") Write-Verbose "Error: $_" } return $CurrentState } [Bool] Test() { try { return $this.Get().IsCompliant } catch { Write-Verbose "Error: $_" } return $False } [Void] Set() { try { $env:OSCONFIG_LOG_DIR = "$PSScriptRoot\logs" $env:DMOSCONFIG_AUTHORITY = $Script:Constants.Authority.Cloud if (-not $this.CorrelationGroup) { throw "No correlation group specified." } $ResourceProperties = $this.Properties | ConvertFrom-Json if ($this.ValueName) { $ResourceProperties | Add-Member -MemberType NoteProperty -Name $this.ValueName -Value $this.GetActualValue() } Invoke-Native exec resource --correlation-id $(Get-CorrelationId) --correlation-group $this.CorrelationGroup --mode set --name $this.Name --type $this.type --properties (ConvertTo-Json -InputObject $ResourceProperties -Compress -Depth 32) } catch { Write-Verbose "Error: $_" } } [Bool] IsApplicable() { if (-not [String]::IsNullOrWhiteSpace($this.RoleFilter)) { $CurrentRole = Get-ServerType $AllowedRoles = $this.RoleFilter -split ',' | ForEach-Object { $_.Trim() } if ($AllowedRoles -notcontains $CurrentRole) { return $False } } if (-not [String]::IsNullOrWhiteSpace($this.VersionFilter)) { $CurrentVersion = Get-WindowsServerVersion if (-not $CurrentVersion) { return $False } $AllowedVersions = $this.VersionFilter -split ',' | ForEach-Object { $_.Trim() } if ($AllowedVersions -notcontains $CurrentVersion) { return $False } } if ($this.IsJsonValue -and -not [String]::IsNullOrWhiteSpace($this.Value)) { $JsonObj = ConvertFrom-Json -InputObject $this.Value -ErrorAction SilentlyContinue if ($null -eq $JsonObj) { return $False } $JsonRules = @($JsonObj.PSObject.Properties | ForEach-Object { [PSCustomObject]@{ Name = $_.Name; Value = $_.Value } }) if ($JsonRules.Count -eq 0) { return $False } $Role = (Get-ServerType) -replace " ", "" if ($null -eq (Find-Rule -Name $Role -Rules $JsonRules)) { return $False } } # If there is no schema or expression, there must be a value to generate the compliance reasoning. # Omitting the schema and expression will provide a default compliance reasoning based on the value. if (-not $this.Schema -and -not $this.Expression -and ($null -eq $this.Value)) { if ($this.ValueType -ne 'string[]') { throw "No value, schema, or expression specified to evaluate compliance." } } return $True } [PSCustomObject] GetDefaultSchema([PSCustomObject] $ActualValue) { if ($null -eq $ActualValue) { return @{ 'type' = 'null' } } switch ($this.ValueType) { 'string' { return @{ 'type' = 'string'; 'const' = $ActualValue } } 'string[]' { $ArraySchema = @{ 'type' = 'array' 'items' = @{ 'type' = 'string' 'enum' = $ActualValue } 'minItems' = $ActualValue.Count 'maxItems' = $ActualValue.Count 'uniqueItems' = $True } if ($ActualValue.Count -eq 0) { return @{ 'anyOf' = @( @{ 'type' = 'null' }, $ArraySchema ) } } return $ArraySchema } 'integer' { return @{ 'type' = 'integer'; 'const' = $ActualValue } } 'boolean' { return @{ 'type' = 'boolean'; 'const' = $ActualValue } } } return @{ 'const' = $ActualValue } } [PSCustomObject] GetSchema([PSCustomObject] $ActualValue) { $DefaultSchema = $this.GetDefaultSchema($ActualValue) $CustomSchema = if ($this.Schema) { ConvertFrom-Json -InputObject $this.Schema } if ($this.ExtendSchema -and $CustomSchema) { return @{ 'allOf' = @( $DefaultSchema, $CustomSchema ) } } elseif ($CustomSchema) { return $CustomSchema } else { return $DefaultSchema } } [String] GetTemplate([PSCustomObject] $ActualValue) { if ($this.Template) { return $this.Template } if ($null -eq $ActualValue) { return "The value {value} must be (null)" } return "The value {value} must be $(ConvertTo-Json -InputObject $ActualValue -Compress)." } [PSCustomObject] GetActualValue() { $Rules = if (-not [String]::IsNullOrWhiteSpace($this.Value)) { ConvertFrom-Expression -Expression $this.Value } if ($this.IsJsonValue) { $Role = (Get-ServerType) -replace " ", "" $Rule = Find-Rule -Name $Role -Rules $Rules } else { $EnvironmentType = Get-EnvironmentType $Rule = Find-Rule -Name $EnvironmentType -Rules $Rules } $StringValue = if ($null -ne $Rule) { $Rule.Value } elseif ($this.Value -or ($this.ValueType -eq 'string[]')) { $this.Value } else { (ConvertFrom-Json -InputObject $this.Properties).$($this.ValueName) } if ($null -eq $StringValue) { return $null } try { switch ($this.ValueType) { 'string' { return $StringValue } 'integer' { return [Int64]::Parse($StringValue) } 'boolean' { if ([Int32]::TryParse($StringValue, [ref]$null)) { return [Boolean]::Parse(([Int32]$StringValue -ne 0).ToString()) } else { return [Boolean]::Parse($StringValue) } } 'string[]' { if ([String]::IsNullOrWhiteSpace($StringValue)) { return @() } else { return @($StringValue -split ',' | ForEach-Object { $_.Trim() }) } } } } catch { throw "Unable to convert value '$StringValue' to type '$($this.ValueType)'" } return $StringValue } } # SIG # Begin signature block # MIInSQYJKoZIhvcNAQcCoIInOjCCJzYCAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCBjUrB1pjUauq32 # elK0QDVuorKhKgLY7dO5PN2hoT3UKaCCDLowggX1MIID3aADAgECAhMzAAACHU0Z # yE7XD1dIAAAAAAIdMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNVBAYTAlVTMR4wHAYD # VQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBD # b2RlIFNpZ25pbmcgUENBIDIwMjQwHhcNMjYwNDE2MTg1OTQzWhcNMjcwNDE1MTg1 # OTQzWjB0MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UE # BxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYD # VQQDExVNaWNyb3NvZnQgQ29ycG9yYXRpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IB # DwAwggEKAoIBAQDQvewXxx9gZZFC6Ys1WBay8BJ8kGA4JQnH5CMafqOASlTpK9H8 # o5ZXTXt0caVQTNMUPt445wXYD+dFtaKWTwDn1I52oUSrC9vJin1Gsqt+zyKJL5Dg # 3eQXbQNR61DmMy20GLTIO3SFed9Rfi/ophgCLGFLDR3r0KvHjwMb/jYWS0celV/4 # Lz27LfAekm8v9E5IXaeiXbAUYZKK090n4CVl3JBtbN+9DtI9SNu/yjvozW52/u7R # X/Ttpa/KDlpuokZ+Zcbvmtd9ur9gFLvZzh41o9MsE/clQtdaFWGvuo6Jua/ntpgk # ey3E5/vBFe+MJPG6phdnuo6r57ZudCudiI1bAgMBAAGjggGbMIIBlzAOBgNVHQ8B # Af8EBAMCB4AwHwYDVR0lBBgwFgYKKwYBBAGCN0wIAQYIKwYBBQUHAwMwHQYDVR0O # BBYEFH6QuMwqcPG0hQlQ6c5jCtTTLrVeMEUGA1UdEQQ+MDykOjA4MR4wHAYDVQQL # ExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xFjAUBgNVBAUTDTIzMDAxMis1MDc1NTkw # HwYDVR0jBBgwFoAUf1k/VCHarU/vBeXmo9ctBpQSCDEwYAYDVR0fBFkwVzBVoFOg # UYZPaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jcmwvTWljcm9zb2Z0 # JTIwQ29kZSUyMFNpZ25pbmclMjBQQ0ElMjAyMDI0LmNybDBtBggrBgEFBQcBAQRh # MF8wXQYIKwYBBQUHMAKGUWh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMv # Y2VydHMvTWljcm9zb2Z0JTIwQ29kZSUyMFNpZ25pbmclMjBQQ0ElMjAyMDI0LmNy # dDAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBCwUAA4ICAQBKTbYOjzwTG/DXGaz9 # s6+fQeaTtDcFmMY+5UyVFCyj7Pv+5i37qfX8lSL/tBIfYQfWsMuBQlfZurJD6r4H # VJ2CeH+1fgiq8dcHdVKoZ3Sa2qXoX3cq9iS8cVb06B7+5/XJ7I0OxHH9fDsvJ3T3 # w5V/ZtAIFmLrl+P0CtG+92uzRsn0nTbdFjOkLMLWPLAU3THohKRlSEMgFJpPkm5n # 5UAZ35xX6FWCrDLsSKb555bTifwa8mJBwdlof0bmfYidH+dxZ1FdDxvLnNl9zeKs # A4kejaaIqqIPguhwAti5Ql7BlTNoJNwxCvBmqW2MQLnCkYN/VVUsR3V2x/rcTNzo # Bf/Z/SpROvdaA2ZOOd1uioXJt3tdLQ7vHpqpib0KfWr/FWXW10q38VxfCnRQBqzb # SuztR7nEMuzX7Ck+B/XaPDXd1qh72+QYyB0Z2VzWmO9zsnb9Uq/dwu8LGeQqnyu6 # 7SDGACvnXii2fb9+US492VTnXSnFKyqwgzUyFMtZK1/sHYTv6bG4TtQUygQxTN+Z # V+aJIlKO2MqZ7bKrAnOzS9m6NgoTdWOq11bTOZwKlIEV/EhV9SWkDmdpR/hPPT2v # 6TEj4F8PT/zHjRezIU5c/DGlt/VhY/pK0XkJtEyMmmS1BMtjU/rqBZVMIm3dnxQs # /TBByr+Cf8Z1r7aifQVQ+WSqzjCCBr0wggSloAMCAQICEzMAAAA5O7Y3Gb8GHWcA # AAAAADkwDQYJKoZIhvcNAQEMBQAwgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpX # YXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQg # Q29ycG9yYXRpb24xMjAwBgNVBAMTKU1pY3Jvc29mdCBSb290IENlcnRpZmljYXRl # IEF1dGhvcml0eSAyMDExMB4XDTI0MDgwODIwNTQxOFoXDTM2MDMyMjIyMTMwNFow # VzELMAkGA1UEBhMCVVMxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEo # MCYGA1UEAxMfTWljcm9zb2Z0IENvZGUgU2lnbmluZyBQQ0EgMjAyNDCCAiIwDQYJ # KoZIhvcNAQEBBQADggIPADCCAgoCggIBANgBnB7jOMeqlRYHNa265v4IY9fH8TKh # emHfPINe1gpLaV3dhg324WwH06LcHbpnsBukCDNitryo0dtS/EW6I/yEL/bLSY8h # KpbfQuWusBPr9qazYcDxCW/qnjb5JsI1s8bNOg3bVATvQVL4tcf03aTycsz8QeCd # M0l/yHRObJ9QqazM1r6VPEOJ7LL+uEEb73w6QCuhs89a1uv1zerOYMnsneRRwCbp # yW11IcggU0cRKDDq1pjVJzIbIF6+oiXXbReOsgeI8zu1FyQfK0fVkaya8SmVHQ/t # Of23mZ4W9k0Ri22QW9p3UgSC5OUDktKxxcCmGL6tXLfOGSWHIIV4YrTJTT6PNty5 # REojHJuZHArkF9VnHTERWoTjAzfI3kP+5b4alUdhgAZ7ttOu1bVnXfHaqPYl2rPs # 20ji03LOVWsh/radgE17es5hL+t6lV0eVHrVhsssROWJuz2MXMCt7iw7lFPG9LXK # Gjsmonn2gotGdHIuEg5JnJMJVmixd5LRlkmgYRZKzhxSCwyoGIq0PhaA7Y+VPct5 # pCHkijcIIDm0nlkK+0KyepolcqGm0T/GYQRMhHJlGOOmVQop36wUVUYklUy++vDW # eEgEo4s7hxN6mIbf2MSIQ/iIfMZgJxC69oukMUXCrOC3SkE/xIkgpfl22MM1itkZ # 35nNXkMolU1lAgMBAAGjggFOMIIBSjAOBgNVHQ8BAf8EBAMCAYYwEAYJKwYBBAGC # NxUBBAMCAQAwHQYDVR0OBBYEFH9ZP1Qh2q1P7wXl5qPXLQaUEggxMBkGCSsGAQQB # gjcUAgQMHgoAUwB1AGIAQwBBMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAU # ci06AjGQQ7kUBU7h6qfHMdEjiTQwWgYDVR0fBFMwUTBPoE2gS4ZJaHR0cDovL2Ny # bC5taWNyb3NvZnQuY29tL3BraS9jcmwvcHJvZHVjdHMvTWljUm9vQ2VyQXV0MjAx # MV8yMDExXzAzXzIyLmNybDBeBggrBgEFBQcBAQRSMFAwTgYIKwYBBQUHMAKGQmh0 # dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvY2VydHMvTWljUm9vQ2VyQXV0MjAx # MV8yMDExXzAzXzIyLmNydDANBgkqhkiG9w0BAQwFAAOCAgEAFJQfOChP7onn6fLI # MKrSlN1WYKwDFgAddymOUO3FrM8d7B/W/iQ6DxXsDn7D5W4wMwYeLystcEqfkjz4 # NURRgazyMu5yRzQh4LqjA4tStTcJh1opExo7nn5PuPBYnbu0+THSuVHTe0VTTPVh # ily/piFrDo3axQ9P4C+Ol5yet+2gTfekICS5xS+cYfSIvgn0JksVBVMYVI5QFu/q # hnLhsEFEUzG8fvv0hjgkO+lkpV9ty6GkN4vdnd7ya6Q6aR9y34aiM1qmxaxBi6OU # nyNl6fkuun/diTFnYDLTppOkr/mg5WSfCiDVMNCxtj4wPKC5OmHm1DQIt/MNokbb # H3UGsFP1QbzsLocuSqLCvH09Io3fDPTmscR9Y75G4qX7RTX8AdBPo0I6OEojf39z # uFZt0qOHm65YWQE69cZM2ueE1MB05dNNgHK9gTE7zKvK/fg8B2qjW88MT/WF5V5u # vZGtqa9FSL2RazArA+rDPuf6JGYz4HpgMZHB4S6szWSKYBv0VisCzfxgeU+dquXW # 9bd0auYlOB58DPcOYKdc3Se94g+xL4pcEhbB54JOgAkwYTu/9dLeH2pDqeJZAABV # DWRQCaXfO5LgyKwKCLYXpigrZYCjUSBcr+Ve8PFWMhVTQl0v4q8J/AUmQN5W4n10 # 1cY2L4A7GTQG1h32HHAvfQESWP0xghnlMIIZ4QIBATBuMFcxCzAJBgNVBAYTAlVT # MR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jv # c29mdCBDb2RlIFNpZ25pbmcgUENBIDIwMjQCEzMAAAIdTRnITtcPV0gAAAAAAh0w # DQYJYIZIAWUDBAIBBQCgga4wGQYJKoZIhvcNAQkDMQwGCisGAQQBgjcCAQQwHAYK # KwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkEMSIEIJxbnGl8 # GUblE4HRoATI6bdotd+9uDP+qj3ZEHEqUKQIMEIGCisGAQQBgjcCAQwxNDAyoBSA # EgBNAGkAYwByAG8AcwBvAGYAdKEagBhodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20w # DQYJKoZIhvcNAQEBBQAEggEAQrTbESV5cOdaY6ZWbn/bURV7w2l/p2fBLPT/XiBF # jPlTBxwARsKO5rbp/aSHsU1VtwTAWQR/POXNVwQTFRWB6yeHo4iJyzzvfSx4wjLu # vy0557zhKg/83gjNRHsMGWwqc9J7tO4ff3xT0Kdg5aYx9exQyfXK68nkg9I5tNT5 # ItIid5V2KMk2mRGTEAbu0MXuAHOJRGqWatVz0m8boXx2fIJLUn8+cal1L7LafsmG # N5T3E0xFW/8mZVfF1JGj961hbZQmL07wrLyinJqoCwtvGC5WfvEb9XNR13wt4VGN # Xu4fQQwmrDtRuGSsVsJPDaLin5OdtKqnBkOPesKeHnVpQKGCF5cwgheTBgorBgEE # AYI3AwMBMYIXgzCCF38GCSqGSIb3DQEHAqCCF3AwghdsAgEDMQ8wDQYJYIZIAWUD # BAIBBQAwggFSBgsqhkiG9w0BCRABBKCCAUEEggE9MIIBOQIBAQYKKwYBBAGEWQoD # ATAxMA0GCWCGSAFlAwQCAQUABCDGY48pwWUuPtm30KdR+DomjBGKQmQlZcSR3SZA # dzRcRgIGaefXEB6pGBMyMDI2MDUxOTA3MjAyMy40OTZaMASAAgH0oIHRpIHOMIHL # MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVk # bW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSUwIwYDVQQLExxN # aWNyb3NvZnQgQW1lcmljYSBPcGVyYXRpb25zMScwJQYDVQQLEx5uU2hpZWxkIFRT # UyBFU046OTYwMC0wNUUwLUQ5NDcxJTAjBgNVBAMTHE1pY3Jvc29mdCBUaW1lLVN0 # YW1wIFNlcnZpY2WgghHtMIIHIDCCBQigAwIBAgITMwAAAiY1tD5nQ5P2HwABAAAC # JjANBgkqhkiG9w0BAQsFADB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGlu # Z3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBv # cmF0aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMDAe # Fw0yNjAyMTkxOTQwMDJaFw0yNzA1MTcxOTQwMDJaMIHLMQswCQYDVQQGEwJVUzET # MBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMV # TWljcm9zb2Z0IENvcnBvcmF0aW9uMSUwIwYDVQQLExxNaWNyb3NvZnQgQW1lcmlj # YSBPcGVyYXRpb25zMScwJQYDVQQLEx5uU2hpZWxkIFRTUyBFU046OTYwMC0wNUUw # LUQ5NDcxJTAjBgNVBAMTHE1pY3Jvc29mdCBUaW1lLVN0YW1wIFNlcnZpY2UwggIi # MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC//w+ZZIL5RFFpVI8D3ZyuNu8I # zcAEOD30OLYjh337rXjcrIlOSzpJc4ZeUxEyli6x6F6zm4NR8dbPb9diDp/hOUzH # WGxiA1Z3RXKBb/4F/ojyvN43SEGWqSfVc3I3BlsYT35ecVAJ9kVf90YOv29tFjJB # BZkYvrT/DwwyRLscOyP4p+9/lyJjD+ULs3YXBhVrfZ+MbQB+BYKLqRvBKbj/wR9a # kNrMxQINoGaD5jZO/N/nSsmG2P1zv/cv4gSoMBnWeQIBkjd2I5w1DeXupp2vSiNm # R5sA2ZkBK3yiQWaJvRxODlkfiyHk9Mkk/TrYTjmjPCbhe+uqhHNRy8UlbOvWsCq0 # tRtUykHv39DgqAfJNrE8OSt835rBzDprrcAhwmgfhoVi4AKeqwikY0nUa48K0Qy8 # 0XT4fiEA3ExEZNaRFo9Nq/GwbfgqKqGmc9xhKuRFcjtua4KHZvnAvpWgEFSOCkov # Xs/BcLnkEHM9xZ8iUag5CyhNqXYYE/z0pcXdYaNIkQ68EWmuvLm7g9oofV2vOm5G # VNoghnkWG6nGPo/JwEgmA9oSS0EfvFRMWPA/gpSvF3shArKHnaEpVSSi3DNbyiuY # iEs9Ko0IkZc8xKFeQRaqGRxrB+2r/7B3X81Tps99KhFwg+wD87od22F2MUg1x7tw # t3gaVnFk0IZIwUPCGwIDAQABo4IBSTCCAUUwHQYDVR0OBBYEFF3hn9fYJN2Y/Z9L # VbBPIxAzXHsQMB8GA1UdIwQYMBaAFJ+nFV0AXmJdg/Tl0mWnG1M1GelyMF8GA1Ud # HwRYMFYwVKBSoFCGTmh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMvY3Js # L01pY3Jvc29mdCUyMFRpbWUtU3RhbXAlMjBQQ0ElMjAyMDEwKDEpLmNybDBsBggr # BgEFBQcBAQRgMF4wXAYIKwYBBQUHMAKGUGh0dHA6Ly93d3cubWljcm9zb2Z0LmNv # bS9wa2lvcHMvY2VydHMvTWljcm9zb2Z0JTIwVGltZS1TdGFtcCUyMFBDQSUyMDIw # MTAoMSkuY3J0MAwGA1UdEwEB/wQCMAAwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwgw # DgYDVR0PAQH/BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4ICAQA2Ux0tr9sYCjsq0FRy # iVpx15OurNXv6Qk7iX+ArVPlz3w4tqjcTNm1dt3tTua2wJMpJhPH8n7UXhmT98d5 # Du44Ll4adnse4SQfVg3QL6aRkXHnJUn8y9iftB/Py22n9xnwPFfj3QlDOSgLuHle # u97U0iH2ZaluYabWXJihdiYpK8cPHFlqZOAiot0+GD8dP+RMuvpxt/F2LmYelpoZ # wriiFOUmlxEUV7xJHyZZlDquskeyuq01DTv91N4qM8cfPPhl/2pc4HeMf/nd2Hou # ifJbDQFNd4WPhLzn0Sy3u1Zh3+S3tjQdqN+dyw60RaV+RXCoOLgFZ3MAg/GoDl+f # vb5hy/1a71ctX8wEad1Pf6def2pqfl3wFc++hkF8DXXTZofJN4YVaN3InwbAGQDD # kNK4lqecCixxmSKwidPynGeE5OtvNoK1pkLsm/i8F1RjGczZ/kSF2VDkqG866iQ+ # jVbGOQ6Du3eyyFcFKZoDJ4B5mEAS9aT2SKqllLeybOboH6r67siR5B/2Hnu7+KYu # YZy0BEadtA6ngG4cnSR9JsrkhhsKmb11ujqwgJyNx92MsoGGwNgN1aI0QID8CsjC # FwpfmMzlA44xHKYv3hmjxeqBS4uU5rQeiAnVgpJeaVGKm/lzPDtnppGV+7XhRp5b # 1ZxT/Z7Xxc+I7H7/jCtQDZoaZTCCB3EwggVZoAMCAQICEzMAAAAVxedrngKbSZkA # AAAAABUwDQYJKoZIhvcNAQELBQAwgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpX # YXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQg # Q29ycG9yYXRpb24xMjAwBgNVBAMTKU1pY3Jvc29mdCBSb290IENlcnRpZmljYXRl # IEF1dGhvcml0eSAyMDEwMB4XDTIxMDkzMDE4MjIyNVoXDTMwMDkzMDE4MzIyNVow # fDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1Jl # ZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMd # TWljcm9zb2Z0IFRpbWUtU3RhbXAgUENBIDIwMTAwggIiMA0GCSqGSIb3DQEBAQUA # A4ICDwAwggIKAoICAQDk4aZM57RyIQt5osvXJHm9DtWC0/3unAcH0qlsTnXIyjVX # 9gF/bErg4r25PhdgM/9cT8dm95VTcVrifkpa/rg2Z4VGIwy1jRPPdzLAEBjoYH1q # UoNEt6aORmsHFPPFdvWGUNzBRMhxXFExN6AKOG6N7dcP2CZTfDlhAnrEqv1yaa8d # q6z2Nr41JmTamDu6GnszrYBbfowQHJ1S/rboYiXcag/PXfT+jlPP1uyFVk3v3byN # pOORj7I5LFGc6XBpDco2LXCOMcg1KL3jtIckw+DJj361VI/c+gVVmG1oO5pGve2k # rnopN6zL64NF50ZuyjLVwIYwXE8s4mKyzbnijYjklqwBSru+cakXW2dg3viSkR4d # Pf0gz3N9QZpGdc3EXzTdEonW/aUgfX782Z5F37ZyL9t9X4C626p+Nuw2TPYrbqgS # Uei/BQOj0XOmTTd0lBw0gg/wEPK3Rxjtp+iZfD9M269ewvPV2HM9Q07BMzlMjgK8 # QmguEOqEUUbi0b1qGFphAXPKZ6Je1yh2AuIzGHLXpyDwwvoSCtdjbwzJNmSLW6Cm # gyFdXzB0kZSU2LlQ+QuJYfM2BjUYhEfb3BvR/bLUHMVr9lxSUV0S2yW6r1AFemzF # ER1y7435UsSFF5PAPBXbGjfHCBUYP3irRbb1Hode2o+eFnJpxq57t7c+auIurQID # AQABo4IB3TCCAdkwEgYJKwYBBAGCNxUBBAUCAwEAATAjBgkrBgEEAYI3FQIEFgQU # KqdS/mTEmr6CkTxGNSnPEP8vBO4wHQYDVR0OBBYEFJ+nFV0AXmJdg/Tl0mWnG1M1 # GelyMFwGA1UdIARVMFMwUQYMKwYBBAGCN0yDfQEBMEEwPwYIKwYBBQUHAgEWM2h0 # dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMvRG9jcy9SZXBvc2l0b3J5Lmh0 # bTATBgNVHSUEDDAKBggrBgEFBQcDCDAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMA # QTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBTV9lbL # j+iiXGJo0T2UkFvXzpoYxDBWBgNVHR8ETzBNMEugSaBHhkVodHRwOi8vY3JsLm1p # Y3Jvc29mdC5jb20vcGtpL2NybC9wcm9kdWN0cy9NaWNSb29DZXJBdXRfMjAxMC0w # Ni0yMy5jcmwwWgYIKwYBBQUHAQEETjBMMEoGCCsGAQUFBzAChj5odHRwOi8vd3d3 # Lm1pY3Jvc29mdC5jb20vcGtpL2NlcnRzL01pY1Jvb0NlckF1dF8yMDEwLTA2LTIz # LmNydDANBgkqhkiG9w0BAQsFAAOCAgEAnVV9/Cqt4SwfZwExJFvhnnJL/Klv6lwU # tj5OR2R4sQaTlz0xM7U518JxNj/aZGx80HU5bbsPMeTCj/ts0aGUGCLu6WZnOlNN # 3Zi6th542DYunKmCVgADsAW+iehp4LoJ7nvfam++Kctu2D9IdQHZGN5tggz1bSNU # 5HhTdSRXud2f8449xvNo32X2pFaq95W2KFUn0CS9QKC/GbYSEhFdPSfgQJY4rPf5 # KYnDvBewVIVCs/wMnosZiefwC2qBwoEZQhlSdYo2wh3DYXMuLGt7bj8sCXgU6ZGy # qVvfSaN0DLzskYDSPeZKPmY7T7uG+jIa2Zb0j/aRAfbOxnT99kxybxCrdTDFNLB6 # 2FD+CljdQDzHVG2dY3RILLFORy3BFARxv2T5JL5zbcqOCb2zAVdJVGTZc9d/HltE # AY5aGZFrDZ+kKNxnGSgkujhLmm77IVRrakURR6nxt67I6IleT53S0Ex2tVdUCbFp # AUR+fKFhbHP+CrvsQWY9af3LwUFJfn6Tvsv4O+S3Fb+0zj6lMVGEvL8CwYKiexcd # FYmNcP7ntdAoGokLjzbaukz5m/8K6TT4JDVnK+ANuOaMmdbhIurwJ0I9JZTmdHRb # atGePu1+oDEzfbzL6Xu/OHBE0ZDxyKs6ijoIYn/ZcGNTTY3ugm2lBRDBcQZqELQd # VTNYs6FwZvKhggNQMIICOAIBATCB+aGB0aSBzjCByzELMAkGA1UEBhMCVVMxEzAR # BgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1p # Y3Jvc29mdCBDb3Jwb3JhdGlvbjElMCMGA1UECxMcTWljcm9zb2Z0IEFtZXJpY2Eg # T3BlcmF0aW9uczEnMCUGA1UECxMeblNoaWVsZCBUU1MgRVNOOjk2MDAtMDVFMC1E # OTQ3MSUwIwYDVQQDExxNaWNyb3NvZnQgVGltZS1TdGFtcCBTZXJ2aWNloiMKAQEw # BwYFKw4DAhoDFQCi/fMxFtkqr7XMXdsRyWU0lSKHZ6CBgzCBgKR+MHwxCzAJBgNV # BAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4w # HAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMTHU1pY3Jvc29m # dCBUaW1lLVN0YW1wIFBDQSAyMDEwMA0GCSqGSIb3DQEBCwUAAgUA7bXqMTAiGA8y # MDI2MDUxODE5NDI0MVoYDzIwMjYwNTE5MTk0MjQxWjB3MD0GCisGAQQBhFkKBAEx # LzAtMAoCBQDtteoxAgEAMAoCAQACAhH0AgH/MAcCAQACAhMWMAoCBQDttzuxAgEA # MDYGCisGAQQBhFkKBAIxKDAmMAwGCisGAQQBhFkKAwKgCjAIAgEAAgMHoSChCjAI # AgEAAgMBhqAwDQYJKoZIhvcNAQELBQADggEBAFQhzOuzZwKNRjq4D7fcEVMGh1Ns # WVEtxk9lcQwNkVNpq3KCSCgHM3ItB9/j1xRqf5a6y576vSHsBHE59HX+EP30vFwQ # oj0JFre5k9nZ5M73AiaiJiI4PSXQp2L8LqQI+z2mo9LoOKsIY4eQFZGOjdEX5hr6 # JmZLqg+hPihW5U0BOfyvI2QwwVCyx6SAIBPeKJK/C7ZLO8SpcHQSjbohvALkGDGV # MuBEMeDbExAmbyJ5a+ZGnd49t9gyOED51yNJc3Y3wErgcgAoS8S3PWaR+nyvKVhX # gwqRRbdfPQ1EzShEbfwHtZam0mHEtKBGHgLZFcb7izuH4bP+89akHGif9FQxggQN # MIIECQIBATCBkzB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQ # MA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9u # MSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMAITMwAAAiY1 # tD5nQ5P2HwABAAACJjANBglghkgBZQMEAgEFAKCCAUowGgYJKoZIhvcNAQkDMQ0G # CyqGSIb3DQEJEAEEMC8GCSqGSIb3DQEJBDEiBCCIpnghylVVojiUCNBwWt+ZqsC8 # wlgIfBu587hgmpseWjCB+gYLKoZIhvcNAQkQAi8xgeowgecwgeQwgb0EIMwyXGFn # TNsZRBrs6GN/BbV0okaNP3VBYqLFjUsFnbgqMIGYMIGApH4wfDELMAkGA1UEBhMC # VVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNV # BAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRp # bWUtU3RhbXAgUENBIDIwMTACEzMAAAImNbQ+Z0OT9h8AAQAAAiYwIgQgly+uR5ki # AOcO17BlVZrbiurH6wddj8a8649jtwgREPAwDQYJKoZIhvcNAQELBQAEggIAKHtY # x0Ai9aMLoTzb6UDQUXxNg6gg1/EoRejVSSZWSeBW9NXmLP+ezuWmq32k/uW7YzAQ # va1PWCVPR8zDWwawHVcvCVXR/CgSASYuhAdmY5XKZJpsx7pHYIUuzJe2LlpEBKLs # w21DTHj1gTOktj4zQi2TelVysYbv6wSrbCkC0nPSLa3ERCw4WNd6c3aFOY9T5ES3 # Ztx6hzsG/fz00f67S936NZTwC/EIJ+NrdhgQwEhKDZOmigetRtqNF2C2KNKcFwQ/ # gyN5ILM/vEGRslDcyxgfc9sC6mu0zFCq2c1RVOjWl8VQD/tuQvd+uOqQgE0+lO7j # 5jepZcSTZj5N4ROgHQb09qv3FrXfah4twcKTA9CEHRJU0TQgzcmciQT10GXbvxrr # lmOxY3KM0rZh/7Kf+33rsl+w2EhN0X5WVOxH2gG/JPqEvD3oPqylkGjuK/vF0sGf # /O2fI0gkq8S5ocCMK0fRrDXq0rirVkeLaNdoFeA6j60IPpqpOmKh+rZ4oFPiBOK9 # v2nXo4BD0LQlpFKuEVSC39Vgx4fOQP7QseECqdnV6lNhcP+dsk74496bUMuWZzD/ # ku+WDAOh7Yo+4Xnyj3PyRESnPz9+WktzvGz2LFn7oX0wpnt9C1t/azkjF0Il+w/a # NQzsZ38EkUwD2riBKGSgTCPx1ycSCsgoAsHR+W8= # SIG # End signature block |