classes/OSConfig.ps1
|
# Copyright (c) Microsoft Corporation. All rights reserved. function Get-ServerType() { try { $Value = Get-ItemPropertyValue -LiteralPath "HKLM:\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters" -Name "SysvolReady" if (-not [String]::IsNullOrWhiteSpace($Value)) { return "Domain Controller" } } catch { # Ignored. } try { $Value = Get-ItemPropertyValue -LiteralPath "HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" -Name "Domain" if (-not [String]::IsNullOrWhiteSpace($Value)) { return "Member Server" } } catch { # Ignored. } return "Workgroup Member" } function Get-EnvironmentType { $Properties = Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion" if ($Properties.InstallationType -match "Server") { if ($Properties.EditionId -eq "ServerAzureStackHCICor") { $InstallationType = "AzureLocal" if ($Properties.DisplayVersion -eq "24H2") { $Version = "24H2" } elseif ($Properties.DisplayVersion -eq "23H2") { $Version = "23H2" } else { return } } else { $InstallationType = "WindowsServer" # We need to have the necessary update for Windows Server 2022 and Windows Server 23H2 # but not for Windows Server 2025. We can use the UBR (Update Build Revision) to # determine the version. if ($Properties.DisplayVersion -eq "24H2") { $Version = "2025" } elseif (($Properties.DisplayVersion -eq "23H2") -and ($Properties.UBR -ge 1369)) { $Version = "2022" } elseif (($Properties.DisplayVersion -eq "21H2") -and ($Properties.UBR -ge 3091)) { $Version = "2022" } else { return } } } else { return } $Role = (Get-ServerType) -replace " ", "" "$InstallationType\$Version\$Role" } function ConvertFrom-Expression($Expression) { if ($Expression -isnot [String] -or [String]::IsNullOrWhiteSpace($Expression)) { throw [InvalidValueException]::new($Strings.ErrorInvalidExpression -f $Expression) } $InQuotes = $False $ProcessedExpression = $Expression.Clone() for ($i = 0; $i -lt $Expression.Length; $i++) { if ($Expression[$i] -eq '"') { $InQuotes = -not $InQuotes continue } if ($InQuotes) { continue } if ($Expression[$i] -eq ";") { $ProcessedExpression = $ProcessedExpression.Remove($i, 1).Insert($i, "`n") } } try { $Result = @($ProcessedExpression | ConvertFrom-Csv -Header @("Name", "Value") -Delimiter ":") if (($Result.Count -eq 1) -and (-not $Result.Value)) { $Result[0].Value = $Result[0].Name $Result[0].Name = "*" } , $Result } catch { throw [InvalidValueException]::new($Strings.ErrorInvalidExpression -f $Expression) } } function Find-Rule($Name, $Rules) { foreach ($Rule in $Rules) { $InclusionRule = -not $Rule.Name.StartsWith("!") if ($InclusionRule -and ($Name -like $Rule.Name)) { return $Rule } if (-not $InclusionRule -and ($Name -like $Rule.Name.Substring(1))) { return $null } } } class OSConfigReason { [DscProperty()] [String] $Code [DscProperty()] [String] $Phrase OSConfigReason() { } OSConfigReason([String] $RuleId, [String] $Severity, [Bool] $IsCompliant, [String] $Reason) { $Status = if ($IsCompliant) { 'BaselineSettingCompliant' } else { 'BaselineSettingNotCompliant' } if ($RuleId) { $Status = "$Status`:$RuleId" } $this.Code = $Status if (-not [String]::IsNullOrWhiteSpace($Severity)) { $this.Phrase = "[$Severity] $Reason" } else { $this.Phrase = $Reason } } } [DscResource()] class OSConfig { [DscProperty()] [String] $RuleId [DscProperty()] [String] $Severity [DscProperty()] [String] $CorrelationGroup [DscProperty(Key)] [String] $Name [DscProperty(Key)] [String] $Type [DscProperty(Key)] [String] $Properties [DscProperty()] [String] $Value [DscProperty()] [String] $ValueType [DscProperty()] [String] $ValueName = 'value' [DscProperty()] [String] $Compliance [DscProperty()] [String] $Template [DscProperty()] [String] $RoleFilter [DscProperty()] [String] $VersionFilter [DscProperty(NotConfigurable)] [OSConfigReason[]] $Reasons hidden [Bool] $IsCompliant = $True [OSConfig] Get() { $CurrentState = [OSConfig]::new() $CurrentState.RuleId = $this.RuleId $CurrentState.Severity = $this.Severity $CurrentState.Name = $this.Name $CurrentState.Type = $this.Type $CurrentState.Properties = $this.Properties $CurrentState.Value = $this.Value $CurrentState.Compliance = $this.Compliance $CurrentState.RoleFilter = $this.RoleFilter $CurrentState.VersionFilter = $this.VersionFilter $CurrentState.Reasons = @() $env:CorrelationGroup = $this.CorrelationGroup try { $ErrorActionPreference = 'Stop' if (-not $this.IsApplicable()) { $CurrentState.IsCompliant = $True $CurrentState.Reasons += [OSConfigReason]::new($this.RuleId, $null, $CurrentState.IsCompliant, 'Not applicable') return $CurrentState } $ActualValue = $this.GetActualValue() $Resource = @{ Name = $this.Name Type = 'Microsoft.OSConfig/Test' Properties = @{ 'resource' = @{ 'name' = $this.Name 'type' = $this.Type 'properties' = $this.Properties | ConvertFrom-Json } 'schema' = $this.GetSchema($ActualValue) 'template' = $this.GetTemplate($ActualValue) } } $Output = Invoke-Native resource status show --name $Resource.Name --type $Resource.Type --properties (ConvertTo-Json -InputObject $Resource.Properties -Depth $Script:Constants.MaxJsonDepth -Compress) $CurrentState.IsCompliant = $Output.Properties.Compliance.Status -eq 'compliant' $CurrentState.Reasons += [OSConfigReason]::new($this.RuleId, $CurrentState.Severity, $CurrentState.IsCompliant, $Output.Properties.Compliance.Reason) } catch { $CurrentState.IsCompliant = $False $CurrentState.Reasons += [OSConfigReason]::new($this.RuleId, $CurrentState.Severity, $CurrentState.IsCompliant, "$_") Write-Verbose "Error: $_" } return $CurrentState } [Bool] Test() { try { return $this.Get().IsCompliant } catch { Write-Verbose "Error: $_" } return $False } [Void] Set() { try { $env:CorrelationGroup = $this.CorrelationGroup if (-not $this.CorrelationGroup) { throw "No correlation group specified." } $ResourceProperties = $this.Properties | ConvertFrom-Json if ($this.ValueName) { $ResourceProperties | Add-Member -MemberType NoteProperty -Name $this.ValueName -Value $this.GetActualValue() } $Resource = @{ Group = $this.CorrelationGroup -replace '[{}]', '' Name = $this.Name Type = $this.Type Properties = $ResourceProperties } Invoke-Native resource create --group $Resource.Group --name $Resource.Name --type $Resource.Type --properties (ConvertTo-Json -InputObject $Resource.Properties -Depth $Script:Constants.MaxJsonDepth -Compress) } catch { Write-Verbose "Error: $_" } } [Bool] IsApplicable() { if (-not [String]::IsNullOrWhiteSpace($this.RoleFilter)) { $CurrentRole = Get-ServerType $AllowedRoles = $this.RoleFilter -split ',' | ForEach-Object { $_.Trim() } if ($AllowedRoles -notcontains $CurrentRole) { return $False } } if (-not [String]::IsNullOrWhiteSpace($this.VersionFilter)) { $CurrentVersion = Get-WindowsServerVersion if (-not $CurrentVersion) { return $False } $AllowedVersions = $this.VersionFilter -split ',' | ForEach-Object { $_.Trim() } if ($AllowedVersions -notcontains $CurrentVersion) { return $False } } if (-not $this.Compliance) { $Rules = if (-not [String]::IsNullOrWhiteSpace($this.Value)) { ConvertFrom-Expression -Expression $this.Value } $EnvironmentType = Get-EnvironmentType $Rule = Find-Rule -Name $EnvironmentType -Rules $Rules if ($Rules -and (-not $Rule)) { return $False } } return $True } [PSCustomObject] GetSchema([PSCustomObject] $ActualValue) { if ($this.Compliance) { return ConvertFrom-Json -InputObject $this.Compliance } if ($null -eq $ActualValue) { return @{ 'type' = 'null' } } switch ($this.ValueType) { 'string' { return @{ 'type' = 'string'; 'const' = $ActualValue } } 'string[]' { return @{ 'type' = 'array' 'items' = @{ 'type' = 'string' 'enum' = $ActualValue 'minItems' = $ActualValue.Count 'maxItems' = $ActualValue.Count 'uniqueItems' = $True } } } 'integer' { return @{ 'type' = 'integer'; 'const' = $ActualValue } } 'boolean' { return @{ 'type' = 'boolean'; 'const' = $ActualValue } } } return @{ 'const' = $ActualValue } } [String] GetTemplate([PSCustomObject] $ActualValue) { if ($this.Template) { return $this.Template } if ($null -eq $ActualValue) { return "The value {value} must be (null)" } return "The value {value} must be $(ConvertTo-Json -InputObject $ActualValue -Compress)." } [PSCustomObject] GetActualValue() { $Rules = if (-not [String]::IsNullOrWhiteSpace($this.Value)) { ConvertFrom-Expression -Expression $this.Value } $EnvironmentType = Get-EnvironmentType $Rule = Find-Rule -Name $EnvironmentType -Rules $Rules $StringValue = if ($null -ne $Rule) { $Rule.Value } else { $this.Value } if ($null -eq $StringValue) { return $null } try { switch ($this.ValueType) { 'string' { return $StringValue } 'integer' { return [Int64]::Parse($StringValue) } 'boolean' { if ([Int32]::TryParse($StringValue, [ref]$null)) { return [Boolean]::Parse(([Int32]$StringValue -ne 0).ToString()) } else { return [Boolean]::Parse($StringValue) } } 'string[]' { if ([String]::IsNullOrWhiteSpace($StringValue)) { return @() } else { return @($StringValue -split ',' | ForEach-Object { $_.Trim() }) } } } } catch { throw "Unable to convert value '$StringValue' to type '$($this.ValueType)'" } return $StringValue } } # SIG # Begin signature block # MIIoUgYJKoZIhvcNAQcCoIIoQzCCKD8CAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCAqr1Dwtdi+BwAO # +3D3bgejqmYCnNuETtsrH/dMn6Q546CCDYUwggYDMIID66ADAgECAhMzAAAEhJji # EuB4ozFdAAAAAASEMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMRMwEQYD # VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNpZ25p # bmcgUENBIDIwMTEwHhcNMjUwNjE5MTgyMTM1WhcNMjYwNjE3MTgyMTM1WjB0MQsw # CQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9u # ZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYDVQQDExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB # AQDtekqMKDnzfsyc1T1QpHfFtr+rkir8ldzLPKmMXbRDouVXAsvBfd6E82tPj4Yz # aSluGDQoX3NpMKooKeVFjjNRq37yyT/h1QTLMB8dpmsZ/70UM+U/sYxvt1PWWxLj # MNIXqzB8PjG6i7H2YFgk4YOhfGSekvnzW13dLAtfjD0wiwREPvCNlilRz7XoFde5 # KO01eFiWeteh48qUOqUaAkIznC4XB3sFd1LWUmupXHK05QfJSmnei9qZJBYTt8Zh # ArGDh7nQn+Y1jOA3oBiCUJ4n1CMaWdDhrgdMuu026oWAbfC3prqkUn8LWp28H+2S # LetNG5KQZZwvy3Zcn7+PQGl5AgMBAAGjggGCMIIBfjAfBgNVHSUEGDAWBgorBgEE # AYI3TAgBBggrBgEFBQcDAzAdBgNVHQ4EFgQUBN/0b6Fh6nMdE4FAxYG9kWCpbYUw # VAYDVR0RBE0wS6RJMEcxLTArBgNVBAsTJE1pY3Jvc29mdCBJcmVsYW5kIE9wZXJh # dGlvbnMgTGltaXRlZDEWMBQGA1UEBRMNMjMwMDEyKzUwNTM2MjAfBgNVHSMEGDAW # gBRIbmTlUAXTgqoXNzcitW2oynUClTBUBgNVHR8ETTBLMEmgR6BFhkNodHRwOi8v # d3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NybC9NaWNDb2RTaWdQQ0EyMDExXzIw # MTEtMDctMDguY3JsMGEGCCsGAQUFBwEBBFUwUzBRBggrBgEFBQcwAoZFaHR0cDov # L3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNDb2RTaWdQQ0EyMDEx # XzIwMTEtMDctMDguY3J0MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIB # AGLQps1XU4RTcoDIDLP6QG3NnRE3p/WSMp61Cs8Z+JUv3xJWGtBzYmCINmHVFv6i # 8pYF/e79FNK6P1oKjduxqHSicBdg8Mj0k8kDFA/0eU26bPBRQUIaiWrhsDOrXWdL # m7Zmu516oQoUWcINs4jBfjDEVV4bmgQYfe+4/MUJwQJ9h6mfE+kcCP4HlP4ChIQB # UHoSymakcTBvZw+Qst7sbdt5KnQKkSEN01CzPG1awClCI6zLKf/vKIwnqHw/+Wvc # Ar7gwKlWNmLwTNi807r9rWsXQep1Q8YMkIuGmZ0a1qCd3GuOkSRznz2/0ojeZVYh # ZyohCQi1Bs+xfRkv/fy0HfV3mNyO22dFUvHzBZgqE5FbGjmUnrSr1x8lCrK+s4A+ # bOGp2IejOphWoZEPGOco/HEznZ5Lk6w6W+E2Jy3PHoFE0Y8TtkSE4/80Y2lBJhLj # 27d8ueJ8IdQhSpL/WzTjjnuYH7Dx5o9pWdIGSaFNYuSqOYxrVW7N4AEQVRDZeqDc # fqPG3O6r5SNsxXbd71DCIQURtUKss53ON+vrlV0rjiKBIdwvMNLQ9zK0jy77owDy # XXoYkQxakN2uFIBO1UNAvCYXjs4rw3SRmBX9qiZ5ENxcn/pLMkiyb68QdwHUXz+1 # fI6ea3/jjpNPz6Dlc/RMcXIWeMMkhup/XEbwu73U+uz/MIIHejCCBWKgAwIBAgIK # YQ6Q0gAAAAAAAzANBgkqhkiG9w0BAQsFADCBiDELMAkGA1UEBhMCVVMxEzARBgNV # BAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jv # c29mdCBDb3Jwb3JhdGlvbjEyMDAGA1UEAxMpTWljcm9zb2Z0IFJvb3QgQ2VydGlm # aWNhdGUgQXV0aG9yaXR5IDIwMTEwHhcNMTEwNzA4MjA1OTA5WhcNMjYwNzA4MjEw # OTA5WjB+MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UE # BxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSgwJgYD # VQQDEx9NaWNyb3NvZnQgQ29kZSBTaWduaW5nIFBDQSAyMDExMIICIjANBgkqhkiG # 9w0BAQEFAAOCAg8AMIICCgKCAgEAq/D6chAcLq3YbqqCEE00uvK2WCGfQhsqa+la # UKq4BjgaBEm6f8MMHt03a8YS2AvwOMKZBrDIOdUBFDFC04kNeWSHfpRgJGyvnkmc # 6Whe0t+bU7IKLMOv2akrrnoJr9eWWcpgGgXpZnboMlImEi/nqwhQz7NEt13YxC4D # dato88tt8zpcoRb0RrrgOGSsbmQ1eKagYw8t00CT+OPeBw3VXHmlSSnnDb6gE3e+ # lD3v++MrWhAfTVYoonpy4BI6t0le2O3tQ5GD2Xuye4Yb2T6xjF3oiU+EGvKhL1nk # kDstrjNYxbc+/jLTswM9sbKvkjh+0p2ALPVOVpEhNSXDOW5kf1O6nA+tGSOEy/S6 # A4aN91/w0FK/jJSHvMAhdCVfGCi2zCcoOCWYOUo2z3yxkq4cI6epZuxhH2rhKEmd # X4jiJV3TIUs+UsS1Vz8kA/DRelsv1SPjcF0PUUZ3s/gA4bysAoJf28AVs70b1FVL # 5zmhD+kjSbwYuER8ReTBw3J64HLnJN+/RpnF78IcV9uDjexNSTCnq47f7Fufr/zd # sGbiwZeBe+3W7UvnSSmnEyimp31ngOaKYnhfsi+E11ecXL93KCjx7W3DKI8sj0A3 # T8HhhUSJxAlMxdSlQy90lfdu+HggWCwTXWCVmj5PM4TasIgX3p5O9JawvEagbJjS # 4NaIjAsCAwEAAaOCAe0wggHpMBAGCSsGAQQBgjcVAQQDAgEAMB0GA1UdDgQWBBRI # bmTlUAXTgqoXNzcitW2oynUClTAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTAL # BgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBRyLToCMZBD # uRQFTuHqp8cx0SOJNDBaBgNVHR8EUzBRME+gTaBLhklodHRwOi8vY3JsLm1pY3Jv # c29mdC5jb20vcGtpL2NybC9wcm9kdWN0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFf # MDNfMjIuY3JsMF4GCCsGAQUFBwEBBFIwUDBOBggrBgEFBQcwAoZCaHR0cDovL3d3 # dy5taWNyb3NvZnQuY29tL3BraS9jZXJ0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFf # MDNfMjIuY3J0MIGfBgNVHSAEgZcwgZQwgZEGCSsGAQQBgjcuAzCBgzA/BggrBgEF # BQcCARYzaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9kb2NzL3ByaW1h # cnljcHMuaHRtMEAGCCsGAQUFBwICMDQeMiAdAEwAZQBnAGEAbABfAHAAbwBsAGkA # YwB5AF8AcwB0AGEAdABlAG0AZQBuAHQALiAdMA0GCSqGSIb3DQEBCwUAA4ICAQBn # 8oalmOBUeRou09h0ZyKbC5YR4WOSmUKWfdJ5DJDBZV8uLD74w3LRbYP+vj/oCso7 # v0epo/Np22O/IjWll11lhJB9i0ZQVdgMknzSGksc8zxCi1LQsP1r4z4HLimb5j0b # pdS1HXeUOeLpZMlEPXh6I/MTfaaQdION9MsmAkYqwooQu6SpBQyb7Wj6aC6VoCo/ # KmtYSWMfCWluWpiW5IP0wI/zRive/DvQvTXvbiWu5a8n7dDd8w6vmSiXmE0OPQvy # CInWH8MyGOLwxS3OW560STkKxgrCxq2u5bLZ2xWIUUVYODJxJxp/sfQn+N4sOiBp # mLJZiWhub6e3dMNABQamASooPoI/E01mC8CzTfXhj38cbxV9Rad25UAqZaPDXVJi # hsMdYzaXht/a8/jyFqGaJ+HNpZfQ7l1jQeNbB5yHPgZ3BtEGsXUfFL5hYbXw3MYb # BL7fQccOKO7eZS/sl/ahXJbYANahRr1Z85elCUtIEJmAH9AAKcWxm6U/RXceNcbS # oqKfenoi+kiVH6v7RyOA9Z74v2u3S5fi63V4GuzqN5l5GEv/1rMjaHXmr/r8i+sL # gOppO6/8MO0ETI7f33VtY5E90Z1WTk+/gFcioXgRMiF670EKsT/7qMykXcGhiJtX # cVZOSEXAQsmbdlsKgEhr/Xmfwb1tbWrJUnMTDXpQzTGCGiMwghofAgEBMIGVMH4x # CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRt # b25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01p # Y3Jvc29mdCBDb2RlIFNpZ25pbmcgUENBIDIwMTECEzMAAASEmOIS4HijMV0AAAAA # BIQwDQYJYIZIAWUDBAIBBQCgga4wGQYJKoZIhvcNAQkDMQwGCisGAQQBgjcCAQQw # HAYKKwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkEMSIEIGQL # +PMn2lXdsfNKdzOT/tgOu6J5wvx77zWWOHnM4sU+MEIGCisGAQQBgjcCAQwxNDAy # oBSAEgBNAGkAYwByAG8AcwBvAGYAdKEagBhodHRwOi8vd3d3Lm1pY3Jvc29mdC5j # b20wDQYJKoZIhvcNAQEBBQAEggEAa/iCVugKiCOxMPiOwZts4Bui6GL/C/86FlBt # ope7KlPnDTzx75Z8A/6sqona0quBj4y1ZpGPOwa+ZNZvj1c2vk2Y9EhOWcyTPuRr # AahdFRWI+Qx2648PI3d0v+CkS8DtcYuhjhywxZa0EY2vD/vgInIgsyOuHQB7oRuz # wvzkJhgjJa0FygfnNf6s9y8HdFjJ1InRD2k32QME/eapTHFbMHVDX2FDHSxrYptl # Mz1DepM87CcugqwN67SmpnjpeddAHM0/0UN5wIayZx1Q7sToLCwcThsJINKcIdn6 # MAA4FoK1dkFyvzpSDsnsiSVYkylZXEv1qZYNI/k+fFRgAnOY6qGCF60wghepBgor # BgEEAYI3AwMBMYIXmTCCF5UGCSqGSIb3DQEHAqCCF4YwgheCAgEDMQ8wDQYJYIZI # AWUDBAIBBQAwggFaBgsqhkiG9w0BCRABBKCCAUkEggFFMIIBQQIBAQYKKwYBBAGE # WQoDATAxMA0GCWCGSAFlAwQCAQUABCDhD7YNYj/4T+Wk0+3/qMJhWd7vSXdpMFCS # vco6rSxH5wIGaULsFhGEGBMyMDI2MDExNzAxMDkzNS4yNjhaMASAAgH0oIHZpIHW # MIHTMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMH # UmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMS0wKwYDVQQL # EyRNaWNyb3NvZnQgSXJlbGFuZCBPcGVyYXRpb25zIExpbWl0ZWQxJzAlBgNVBAsT # Hm5TaGllbGQgVFNTIEVTTjo2RjFBLTA1RTAtRDk0NzElMCMGA1UEAxMcTWljcm9z # b2Z0IFRpbWUtU3RhbXAgU2VydmljZaCCEfswggcoMIIFEKADAgECAhMzAAACHAlV # FdfDWQfRAAEAAAIcMA0GCSqGSIb3DQEBCwUAMHwxCzAJBgNVBAYTAlVTMRMwEQYD # VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMTHU1pY3Jvc29mdCBUaW1lLVN0YW1w # IFBDQSAyMDEwMB4XDTI1MDgxNDE4NDgzMVoXDTI2MTExMzE4NDgzMVowgdMxCzAJ # BgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25k # MR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xLTArBgNVBAsTJE1pY3Jv # c29mdCBJcmVsYW5kIE9wZXJhdGlvbnMgTGltaXRlZDEnMCUGA1UECxMeblNoaWVs # ZCBUU1MgRVNOOjZGMUEtMDVFMC1EOTQ3MSUwIwYDVQQDExxNaWNyb3NvZnQgVGlt # ZS1TdGFtcCBTZXJ2aWNlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA # ow0xEAUaFIyyLIXeFzeI8IKyBON2u0Dr02ISE5p9G5CUXfnFu2S0E1gWCMvDWpop # X6lRxjmgnqaL3BtnWlBVTo8xUNRZu23ie4YBMAJB7Ut6mnqnHVwvDJxGO4TD3Snr # Cd+yg35B9QFejq3o4+OByvXjynaypZyukcQaLsKQvoxE8ElHH7zcOXEJWmU3rnXz # aW/S4SH3OPhoUbTTcy6nUgKx5pRWiQ24UEPLYzcxGJjqjkz+GiCWGPFHDMdW86la # WvmCslouQPsN2eBk8dxJcEZmW4l6p4TthoXcfexEA9YdYaMz10aMhZNpdsNaDtDQ # UMDEC3k1D1My69MXSPlUmD9xFyDlkXiVa7BCEp3XcVtqTgzHGwr28JD6oE7zEPYe # uZOiuCBXTZSo/wk3tbDlsESbIPV6inYqrzxiMYqlxfCdzC3Cimh9/NT/Lk9/aU+I # yyc9b3OaT0dZ8wgLaVDCGELRMrqyImdFHv0MudctzW/kPsV3Ja9ufpKWujEiN3CW # //X8hFa9j5ImNeQzcMit3MoSaoGwnbiZJX1IyibIphlqccXFk4oTTSOQBsAUw8U0 # gwOnM5UJD8mBUBd65Np6NBkx2cviJ4I34GyXFCWyy5Ft1QsBYyVfAG3KOhCfPHQf # 8lQzJvLr57YW0bD/xVs4Ag4gTS6KZNyFEfX9jFdRlr0CAwEAAaOCAUkwggFFMB0G # A1UdDgQWBBRa3mOCzB8u7zpvDh8MGKVYLCk7ZDAfBgNVHSMEGDAWgBSfpxVdAF5i # XYP05dJlpxtTNRnpcjBfBgNVHR8EWDBWMFSgUqBQhk5odHRwOi8vd3d3Lm1pY3Jv # c29mdC5jb20vcGtpb3BzL2NybC9NaWNyb3NvZnQlMjBUaW1lLVN0YW1wJTIwUENB # JTIwMjAxMCgxKS5jcmwwbAYIKwYBBQUHAQEEYDBeMFwGCCsGAQUFBzAChlBodHRw # Oi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NlcnRzL01pY3Jvc29mdCUyMFRp # bWUtU3RhbXAlMjBQQ0ElMjAyMDEwKDEpLmNydDAMBgNVHRMBAf8EAjAAMBYGA1Ud # JQEB/wQMMAoGCCsGAQUFBwMIMA4GA1UdDwEB/wQEAwIHgDANBgkqhkiG9w0BAQsF # AAOCAgEAklb6w/deaid3BujQCtWFBe0n9pkyRy+yyWEg70iDwoJ5u0e0O+4GerNz # dZb1zTPsHJ8EGMyo1K7ytL21+pmdFMTl19PC8OJ5Y2p+XKUQy2dD+hggRMmJgDQs # gbOCxHYeO+jg4t+vg61wUrovzzLkH3z0PJXXvoNuBj9Lda9CiNMd60451Kube99A # rSf6ZMj3t0p4rFbgSazDs+8TJ+8KA5GVaYjPHj9rlMuI3WjohEc9apnQ6hMjMck3 # jlHZIwluVYeUQE0qjmApfMtTAEzbMUdY8sLTunL1GkbDSeKn9O7llBGnNtyM1uM9 # Mdv1VyWh0z/IriQKIjntqqGyoF0HvDHOFZCyUDBPLflyiu7Y1zQ/sPounsb96aBf # Qdq3h3LOn6t+m9EnNz/G6MzzWvpJk6YgTHTIqeQN/F/XpiPvbfek3nq/PYbL3au+ # kBfRUHiCFXSvt6lor0HC626vUmz9ZNPOxwEWLuccomxsy3JwWH79vsM/7ARqoG5h # 6d6NahfaOuRP4XI9xtdH3Pa/NCLyQjxKXyLxzwQzjddkX2EpTJnlypuhPmEdea59 # Uz2E303LxyXSnKBvGsAnyWYAfnejr3YAiL9YrN2l2dn198RpA4DCm9QtZYiwC0q2 # fuUvui34PfPIUZByf7wHuuWu50hY9WLx1kOMI8xyo7AI6TaNrnIwggdxMIIFWaAD # AgECAhMzAAAAFcXna54Cm0mZAAAAAAAVMA0GCSqGSIb3DQEBCwUAMIGIMQswCQYD # VQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEe # MBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMTIwMAYDVQQDEylNaWNyb3Nv # ZnQgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgMjAxMDAeFw0yMTA5MzAxODIy # MjVaFw0zMDA5MzAxODMyMjVaMHwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNo # aW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29y # cG9yYXRpb24xJjAkBgNVBAMTHU1pY3Jvc29mdCBUaW1lLVN0YW1wIFBDQSAyMDEw # MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA5OGmTOe0ciELeaLL1yR5 # vQ7VgtP97pwHB9KpbE51yMo1V/YBf2xK4OK9uT4XYDP/XE/HZveVU3Fa4n5KWv64 # NmeFRiMMtY0Tz3cywBAY6GB9alKDRLemjkZrBxTzxXb1hlDcwUTIcVxRMTegCjhu # je3XD9gmU3w5YQJ6xKr9cmmvHaus9ja+NSZk2pg7uhp7M62AW36MEBydUv626GIl # 3GoPz130/o5Tz9bshVZN7928jaTjkY+yOSxRnOlwaQ3KNi1wjjHINSi947SHJMPg # yY9+tVSP3PoFVZhtaDuaRr3tpK56KTesy+uDRedGbsoy1cCGMFxPLOJiss254o2I # 5JasAUq7vnGpF1tnYN74kpEeHT39IM9zfUGaRnXNxF803RKJ1v2lIH1+/NmeRd+2 # ci/bfV+AutuqfjbsNkz2K26oElHovwUDo9Fzpk03dJQcNIIP8BDyt0cY7afomXw/ # TNuvXsLz1dhzPUNOwTM5TI4CvEJoLhDqhFFG4tG9ahhaYQFzymeiXtcodgLiMxhy # 16cg8ML6EgrXY28MyTZki1ugpoMhXV8wdJGUlNi5UPkLiWHzNgY1GIRH29wb0f2y # 1BzFa/ZcUlFdEtsluq9QBXpsxREdcu+N+VLEhReTwDwV2xo3xwgVGD94q0W29R6H # XtqPnhZyacaue7e3PmriLq0CAwEAAaOCAd0wggHZMBIGCSsGAQQBgjcVAQQFAgMB # AAEwIwYJKwYBBAGCNxUCBBYEFCqnUv5kxJq+gpE8RjUpzxD/LwTuMB0GA1UdDgQW # BBSfpxVdAF5iXYP05dJlpxtTNRnpcjBcBgNVHSAEVTBTMFEGDCsGAQQBgjdMg30B # ATBBMD8GCCsGAQUFBwIBFjNodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3Bz # L0RvY3MvUmVwb3NpdG9yeS5odG0wEwYDVR0lBAwwCgYIKwYBBQUHAwgwGQYJKwYB # BAGCNxQCBAweCgBTAHUAYgBDAEEwCwYDVR0PBAQDAgGGMA8GA1UdEwEB/wQFMAMB # Af8wHwYDVR0jBBgwFoAU1fZWy4/oolxiaNE9lJBb186aGMQwVgYDVR0fBE8wTTBL # oEmgR4ZFaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9jcmwvcHJvZHVjdHMv # TWljUm9vQ2VyQXV0XzIwMTAtMDYtMjMuY3JsMFoGCCsGAQUFBwEBBE4wTDBKBggr # BgEFBQcwAoY+aHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9jZXJ0cy9NaWNS # b29DZXJBdXRfMjAxMC0wNi0yMy5jcnQwDQYJKoZIhvcNAQELBQADggIBAJ1Vffwq # reEsH2cBMSRb4Z5yS/ypb+pcFLY+TkdkeLEGk5c9MTO1OdfCcTY/2mRsfNB1OW27 # DzHkwo/7bNGhlBgi7ulmZzpTTd2YurYeeNg2LpypglYAA7AFvonoaeC6Ce5732pv # vinLbtg/SHUB2RjebYIM9W0jVOR4U3UkV7ndn/OOPcbzaN9l9qRWqveVtihVJ9Ak # vUCgvxm2EhIRXT0n4ECWOKz3+SmJw7wXsFSFQrP8DJ6LGYnn8AtqgcKBGUIZUnWK # NsIdw2FzLixre24/LAl4FOmRsqlb30mjdAy87JGA0j3mSj5mO0+7hvoyGtmW9I/2 # kQH2zsZ0/fZMcm8Qq3UwxTSwethQ/gpY3UA8x1RtnWN0SCyxTkctwRQEcb9k+SS+ # c23Kjgm9swFXSVRk2XPXfx5bRAGOWhmRaw2fpCjcZxkoJLo4S5pu+yFUa2pFEUep # 8beuyOiJXk+d0tBMdrVXVAmxaQFEfnyhYWxz/gq77EFmPWn9y8FBSX5+k77L+Dvk # txW/tM4+pTFRhLy/AsGConsXHRWJjXD+57XQKBqJC4822rpM+Zv/Cuk0+CQ1Zyvg # DbjmjJnW4SLq8CdCPSWU5nR0W2rRnj7tfqAxM328y+l7vzhwRNGQ8cirOoo6CGJ/ # 2XBjU02N7oJtpQUQwXEGahC0HVUzWLOhcGbyoYIDVjCCAj4CAQEwggEBoYHZpIHW # MIHTMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMH # UmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMS0wKwYDVQQL # EyRNaWNyb3NvZnQgSXJlbGFuZCBPcGVyYXRpb25zIExpbWl0ZWQxJzAlBgNVBAsT # Hm5TaGllbGQgVFNTIEVTTjo2RjFBLTA1RTAtRDk0NzElMCMGA1UEAxMcTWljcm9z # b2Z0IFRpbWUtU3RhbXAgU2VydmljZaIjCgEBMAcGBSsOAwIaAxUAWmTiA01u5mxq # /nVxiRJLMOskVGeggYMwgYCkfjB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2Fz # aGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENv # cnBvcmF0aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAx # MDANBgkqhkiG9w0BAQsFAAIFAO0U9ecwIhgPMjAyNjAxMTYxNzM3NDNaGA8yMDI2 # MDExNzE3Mzc0M1owdDA6BgorBgEEAYRZCgQBMSwwKjAKAgUA7RT15wIBADAHAgEA # AgIIoTAHAgEAAgISTDAKAgUA7RZHZwIBADA2BgorBgEEAYRZCgQCMSgwJjAMBgor # BgEEAYRZCgMCoAowCAIBAAIDB6EgoQowCAIBAAIDAYagMA0GCSqGSIb3DQEBCwUA # A4IBAQCNIsKd4vHFZPLoNPLRR/oQ6HXPfnROVxtQYJoOuvcACoZIzY15kw3r1e/b # UiT8bCHLEB/yvSNncJydhVWslIB0rcceYw+HQDbzSdohDNhXS7izaGjY+nYXmLz0 # /pHrk9Bm1NU9U/zPkFqgLcDT4SFp6RsVzfTLpv1gQC72vdG3JSap2yafah2C1wPi # 92YXrTZ8ymoljlL8JjXVQhCeH7RnTcgUOPPmtPNKmFyUADYrE7+ykNlqmtw0CM4a # iq/VE/rw9qCJvv5iDfCj2w6/85ZShNBYHq7IHqCYja4IrlzN5gYn4jcS5BHvS+Gw # 8KP4vjfpD+wlzRZ7Jm50JsMK3ewjMYIEDTCCBAkCAQEwgZMwfDELMAkGA1UEBhMC # VVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNV # BAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRp # bWUtU3RhbXAgUENBIDIwMTACEzMAAAIcCVUV18NZB9EAAQAAAhwwDQYJYIZIAWUD # BAIBBQCgggFKMBoGCSqGSIb3DQEJAzENBgsqhkiG9w0BCRABBDAvBgkqhkiG9w0B # CQQxIgQgebeYulGX1J+LIX1gzCMBHLRPxZkZn3k6m8qc7VsEV4EwgfoGCyqGSIb3 # DQEJEAIvMYHqMIHnMIHkMIG9BCCgIGkmNhdo7+KE7dWhI+E2Ctx2RLWoYvvJodCI # ciHHaDCBmDCBgKR+MHwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9u # MRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRp # b24xJjAkBgNVBAMTHU1pY3Jvc29mdCBUaW1lLVN0YW1wIFBDQSAyMDEwAhMzAAAC # HAlVFdfDWQfRAAEAAAIcMCIEIAuN0WNQjRbEaOpw3tOJacL3Lv0DCRG76k867R69 # SZ89MA0GCSqGSIb3DQEBCwUABIICAIgOKHNn6KI+Zu6ZlsF3F4JG1IidQOCsyTC9 # G3cG+OxQT4w3TMYIB8NF4OQ5Et4c7ltWp96LbGj3hs4Uxv2INEv3N00b8hoJweP1 # cPyxtqnBdNoS9ojM/6ShoW4fTHdBmvdeKUsoRZG/om55bmogytuWoaTsARYa0y0k # IvCKaEoPhv/rosmGRcRMfIVA7KD4XKDXjcrfyGaABq1hJXLdvFdCW3MjUoU8Qdn4 # BWxSnytIx5qg8RIvTrrwGqdD/PwtbceUd84lbT0wifmREafe7bCzqpHGADMfLBAg # aWeUk5ONwONpeLnsUgYHGKnC2udKmwNW58FqjlfEElTn+0842jrqIx0I34jdYTar # 5l7lHi9pP0TQpUG6shXTpXo4g73Kfl4G/wPXZQ0kRqkQcyRP7vG2iVhTBtaIkRIR # +OAH5q19kbb6KmzDlA32uMefv39XN5gpOuo9dK/wNkk3cOXsrS8dgccytBbXqEQg # Cf6O9If4lTdo13tdoNMZiXhCOOmedzXxWfkHlgRe14/l0mrVgEcoVsf4KZPqUthq # RWd22+EB98pAvDoaSiiZc43TFeQXUv8YQcomGUeJ4Zbxa0+gr0/I8wHMCS1IHEb+ # 8f3wrFur3UW6bIouRUheC8Gjtder//XDadnAMnuT0aqL21PFaaDA7T4UZNj1T6/E # AV4XAhqy # SIG # End signature block |