PSCertificateEnrollment.psm1
|
If ($PSVersionTable.PSEdition -ne "Desktop") { Write-Error -Message "This module is only compatible with the Desktop Edition of Windows PowerShell" return } # https://docs.microsoft.com/en-us/windows/release-information/ New-Variable -Option Constant -Name BUILD_NUMBER_WINDOWS_7 -Value 7601 New-Variable -Option Constant -Name BUILD_NUMBER_WINDOWS_8_1 -Value 9600 New-Variable -Option Constant -Name BUILD_NUMBER_WINDOWS_10 -Value 10240 # https://docs.microsoft.com/en-us/windows/win32/api/certenroll/ne-certenroll-objectidgroupid New-Variable -Option Constant -Name ObjectIdGroupId -Value @{ XCN_CRYPT_ANY_GROUP_ID = 0 XCN_CRYPT_HASH_ALG_OID_GROUP_ID = 1 XCN_CRYPT_FIRST_ALG_OID_GROUP_ID = 1 XCN_CRYPT_ENCRYPT_ALG_OID_GROUP_ID = 2 XCN_CRYPT_PUBKEY_ALG_OID_GROUP_ID = 3 XCN_CRYPT_SIGN_ALG_OID_GROUP_ID = 4 XCN_CRYPT_LAST_ALG_OID_GROUP_ID = 4 XCN_CRYPT_RDN_ATTR_OID_GROUP_ID = 5 XCN_CRYPT_EXT_OR_ATTR_OID_GROUP_ID = 6 XCN_CRYPT_ENHKEY_USAGE_OID_GROUP_ID = 7 XCN_CRYPT_POLICY_OID_GROUP_ID = 8 XCN_CRYPT_TEMPLATE_OID_GROUP_ID = 9 XCN_CRYPT_KDF_OID_GROUP_ID = 10 XCN_CRYPT_LAST_OID_GROUP_ID = 10 XCN_CRYPT_OID_INFO_OID_GROUP_BIT_LEN_SHIFT = 16 XCN_CRYPT_GROUP_ID_MASK = 65535 XCN_CRYPT_OID_INFO_OID_GROUP_BIT_LEN_MASK = 268369920 XCN_CRYPT_OID_DISABLE_SEARCH_DS_FLAG = 0x80000000 XCN_CRYPT_KEY_LENGTH_MASK = 268369920 XCN_CRYPT_OID_PREFER_CNG_ALGID_FLAG = 1073741824 } # https://docs.microsoft.com/en-us/windows/win32/api/certenroll/ne-certenroll-objectidpublickeyflags New-Variable -Option Constant -Name ObjectIdPublicKeyFlags -Value @{ XCN_CRYPT_OID_INFO_PUBKEY_ANY = 0 XCN_CRYPT_OID_INFO_PUBKEY_SIGN_KEY_FLAG = 0x80000000 XCN_CRYPT_OID_INFO_PUBKEY_ENCRYPT_KEY_FLAG = 0x40000000 } # https://docs.microsoft.com/en-us/windows/win32/api/certcli/nf-certcli-icertrequest2-getcaproperty New-Variable -Option Constant -Name PropType -Value @{ PROPTYPE_LONG = 1 PROPTYPE_DATE = 2 PROPTYPE_BINARY = 3 PROPTYPE_STRING = 4 } # https://msdn.microsoft.com/en-us/library/windows/desktop/aa379394.aspx New-Variable -Option Constant -Name X500NameFlags -Value @{ XCN_CERT_NAME_STR_NONE = 0 XCN_CERT_SIMPLE_NAME_STR = 1 XCN_CERT_OID_NAME_STR = 2 XCN_CERT_X500_NAME_STR = 3 XCN_CERT_XML_NAME_STR = 4 XCN_CERT_NAME_STR_SEMICOLON_FLAG = 0x40000000 XCN_CERT_NAME_STR_NO_PLUS_FLAG = 0x20000000 XCN_CERT_NAME_STR_NO_QUOTING_FLAG = 0x10000000 XCN_CERT_NAME_STR_CRLF_FLAG = 0x8000000 XCN_CERT_NAME_STR_COMMA_FLAG = 0x4000000 XCN_CERT_NAME_STR_REVERSE_FLAG = 0x2000000 XCN_CERT_NAME_STR_FORWARD_FLAG = 0x1000000 XCN_CERT_NAME_STR_DISABLE_IE4_UTF8_FLAG = 0x10000 XCN_CERT_NAME_STR_ENABLE_T61_UNICODE_FLAG = 0x20000 XCN_CERT_NAME_STR_ENABLE_UTF8_UNICODE_FLAG = 0x40000 XCN_CERT_NAME_STR_FORCE_UTF8_DIR_STR_FLAG = 0x80000 XCN_CERT_NAME_STR_DISABLE_UTF8_DIR_STR_FLAG = 0x100000 } # https://docs.microsoft.com/en-us/windows/win32/api/certenroll/ne-certenroll-objectidgroupid New-Variable -Option Constant -Name Oid -Value @{ # https://msdn.microsoft.com/en-us/library/windows/desktop/aa379367(v=vs.85).aspx XCN_OID_CRL_DIST_POINTS = '2.5.29.31' XCN_OID_AUTHORITY_INFO_ACCESS = '1.3.6.1.5.5.7.1.1' XCN_OID_ENHANCED_KEY_USAGE = "2.5.29.37" XCN_OID_SUBJECT_ALT_NAME2 = "2.5.29.17" XCN_OID_FRESHEST_CRL = "2.5.29.46" XCN_OID_CERTSRV_CA_VERSION = "1.3.6.1.4.1.311.21.1" XCN_OID_CRL_NEXT_PUBLISH = "1.3.6.1.4.1.311.21.4" # https://msdn.microsoft.com/en-us/library/windows/desktop/aa378132(v=vs.85).aspx XCN_OID_ANY_APPLICATION_POLICY = "1.3.6.1.4.1.311.10.12.1" XCN_OID_AUTO_ENROLL_CTL_USAGE = "1.3.6.1.4.1.311.20.1" XCN_OID_DRM = "1.3.6.1.4.1.311.10.5.1" XCN_OID_DS_EMAIL_REPLICATION = "1.3.6.1.4.1.311.21.19" XCN_OID_EFS_RECOVERY = "1.3.6.1.4.1.311.10.3.4.1" XCN_OID_EMBEDDED_NT_CRYPTO = "1.3.6.1.4.1.311.10.3.8" XCN_OID_ENROLLMENT_AGENT = "1.3.6.1.4.1.311.20.2.1" XCN_OID_IPSEC_KP_IKE_INTERMEDIATE = "1.3.6.1.5.5.8.2.2" XCN_OID_KP_CA_EXCHANGE = "1.3.6.1.4.1.311.21.5" XCN_OID_KP_CTL_USAGE_SIGNING = "1.3.6.1.4.1.311.10.3.1" XCN_OID_KP_DOCUMENT_SIGNING = "1.3.6.1.4.1.311.10.3.12" XCN_OID_KP_EFS = "1.3.6.1.4.1.311.10.3.4" XCN_OID_KP_KEY_RECOVERY = "1.3.6.1.4.1.311.10.3.11" XCN_OID_KP_KEY_RECOVERY_AGENT = "1.3.6.1.4.1.311.21.6" XCN_OID_KP_LIFETIME_SIGNING = "1.3.6.1.4.1.311.10.3.13" XCN_OID_KP_QUALIFIED_SUBORDINATION = "1.3.6.1.4.1.311.10.3.10" XCN_OID_KP_SMARTCARD_LOGON = "1.3.6.1.4.1.311.20.2.2" XCN_OID_KP_TIME_STAMP_SIGNING = "1.3.6.1.4.1.311.10.3.2" XCN_OID_LICENSE_SERVER = "1.3.6.1.4.1.311.10.6.2" XCN_OID_LICENSES = "1.3.6.1.4.1.311.10.6.1" XCN_OID_NT5_CRYPTO = "1.3.6.1.4.1.311.10.3.7" XCN_OID_OEM_WHQL_CRYPTO = "1.3.6.1.4.1.311.10.3.7" XCN_OID_PKIX_KP_CLIENT_AUTH = "1.3.6.1.5.5.7.3.2" XCN_OID_PKIX_KP_CODE_SIGNING = "1.3.6.1.5.5.7.3.3" XCN_OID_PKIX_KP_EMAIL_PROTECTION = "1.3.6.1.5.5.7.3.4" XCN_OID_PKIX_KP_IPSEC_END_SYSTEM = "1.3.6.1.5.5.7.3.5" XCN_OID_PKIX_KP_IPSEC_TUNNEL = "1.3.6.1.5.5.7.3.6" XCN_OID_PKIX_KP_IPSEC_USER = "1.3.6.1.5.5.7.3.7" XCN_OID_PKIX_KP_OCSP_SIGNING = "1.3.6.1.5.5.7.3.9" XCN_OID_PKIX_KP_SERVER_AUTH = "1.3.6.1.5.5.7.3.1" XCN_OID_PKIX_KP_TIMESTAMP_SIGNING = "1.3.6.1.5.5.7.3.8" XCN_OID_ROOT_LIST_SIGNER = "1.3.6.1.4.1.311.10.3.9" XCN_OID_WHQL_CRYPTO = "1.3.6.1.4.1.311.10.3.5" # https://docs.microsoft.com/en-us/windows/win32/api/certenroll/nn-certenroll-ix509extensionsmimecapabilities XCN_OID_OIWSEC_desCBC = "1.3.14.3.2.7" XCN_OID_RSA_DES_EDE3_CBC = "1.2.840.113549.3.7" XCN_OID_RSA_RC2CBC = "1.2.840.113549.3.2" XCN_OID_RSA_RC4 = "1.2.840.113549.3.4" XCN_OID_RSA_SMIMEalgCMS3DESwrap = "1.2.840.113549.1.9.16.3.6" XCN_OID_RSA_SMIMEalgCMSRC2wrap = "1.2.840.113549.1.9.16.3.7" XCN_OID_NIST_AES128_CBC = "2.16.840.1.101.3.4.1.2" XCN_OID_NIST_AES192_CBC = "2.16.840.1.101.3.4.1.22" XCN_OID_NIST_AES256_CBC = "2.16.840.1.101.3.4.1.42" XCN_OID_NIST_AES128_WRAP = "2.16.840.1.101.3.4.1.5" XCN_OID_NIST_AES192_WRAP = "2.16.840.1.101.3.4.1.25" XCN_OID_NIST_AES256_WRAP = "2.16.840.1.101.3.4.1.45" # Own Definition XCN_OID_KP_KDC = "1.3.6.1.5.2.3.5" XCN_OID_KP_RDC = "1.3.6.1.4.1.311.54.1.2" XCN_OID_KP_DOCUMENT_ENCRYPTION = "1.3.6.1.4.1.311.80.1" # https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-gpnap/a48b02b2-2a10-4eb0-bed4-1807a6d2f5ad md5NoSign = "1.2.840.113549.2.5" sha1NoSign = "1.3.14.3.2.26" sha256NoSign = "2.16.840.1.101.3.4.2.1" sha384NoSign = "2.16.840.1.101.3.4.2.2" sha512NoSign = "2.16.840.1.101.3.4.2.3" # https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-winprotlp/e168a474-7de2-421c-b460-91adf87692a3 szOID_NTDS_CA_SECURITY_EXT = "1.3.6.1.4.1.311.25.2" } # https://docs.microsoft.com/en-us/windows/win32/api/certcli/nf-certcli-icertrequest2-getfullresponseproperty New-Variable -Option Constant -Name FullResponseProperty -Value @{ FR_PROP_NONE = 0 FR_PROP_FULLRESPONSE = 1 FR_PROP_STATUSINFOCOUNT = 2 FR_PROP_BODYPARTSTRING = 3 FR_PROP_STATUS = 4 FR_PROP_STATUSSTRING = 5 FR_PROP_OTHERINFOCHOICE = 6 FR_PROP_FAILINFO = 7 FR_PROP_PENDINFOTOKEN = 8 FR_PROP_PENDINFOTIME = 9 FR_PROP_ISSUEDCERTIFICATEHASH = 10 FR_PROP_ISSUEDCERTIFICATE = 11 FR_PROP_ISSUEDCERTIFICATECHAIN = 12 FR_PROP_ISSUEDCERTIFICATECRLCHAIN = 13 FR_PROP_ENCRYPTEDKEYHASH = 14 FR_PROP_FULLRESPONSENOPKCS7 = 15 FR_PROP_CAEXCHANGECERTIFICATEHASH = 16 FR_PROP_CAEXCHANGECERTIFICATE = 17 FR_PROP_CAEXCHANGECERTIFICATECHAIN = 18 FR_PROP_CAEXCHANGECERTIFICATECRLCHAIN = 19 FR_PROP_ATTESTATIONCHALLENGE = 20 FR_PROP_ATTESTATIONPROVIDERNAME = 21 } # https://docs.microsoft.com/en-us/windows/win32/api/certcli/nf-certcli-icertrequest-submit # https://docs.microsoft.com/en-us/windows/win32/api/certcli/nf-certcli-icertrequest-getcertificate # https://github.com/tpn/winsdk-10/blob/master/Include/10.0.10240.0/um/CertCli.h New-Variable -Option Constant -Name RequestFlags -Value @{ CR_IN_BASE64HEADER = 0 CR_IN_BASE64 = 1 CR_IN_BINARY = 2 CR_IN_ENCODEANY = 0xff CR_IN_MACHINE = 0x100000 CR_OUT_BASE64HEADER = 0 CR_OUT_BASE64 = 1 CR_OUT_BINARY = 2 } # https://docs.microsoft.com/en-us/windows/win32/api/certenroll/ne-certenroll-alternativenametype New-Variable -Option Constant -Name AlternativeNameType -Value @{ XCN_CERT_ALT_NAME_UNKNOWN = 0 XCN_CERT_ALT_NAME_OTHER_NAME = 1 XCN_CERT_ALT_NAME_RFC822_NAME = 2 XCN_CERT_ALT_NAME_DNS_NAME = 3 XCN_CERT_ALT_NAME_DIRECTORY_NAME = 5 XCN_CERT_ALT_NAME_URL = 7 XCN_CERT_ALT_NAME_IP_ADDRESS = 8 XCN_CERT_ALT_NAME_REGISTERED_ID = 9 XCN_CERT_ALT_NAME_GUID = 10 XCN_CERT_ALT_NAME_USER_PRINCIPLE_NAME = 11 } # https://docs.microsoft.com/en-us/windows/win32/api/certcli/nf-certcli-icertrequest-submit New-Variable -Option Constant -Name DispositionType -Value @{ CR_DISP_INCOMPLETE = 0 CR_DISP_ERROR = 1 CR_DISP_DENIED = 2 CR_DISP_ISSUED = 3 CR_DISP_ISSUED_OUT_OF_BAND = 4 CR_DISP_UNDER_SUBMISSION = 5 CR_DISP_REVOKED = 6 } # https://msdn.microsoft.com/en-us/library/windows/desktop/aa374936(v=vs.85).aspx New-Variable -Option Constant -Name EncodingType -Value @{ XCN_CRYPT_STRING_NOCR = [Int]::MinValue XCN_CRYPT_STRING_BASE64HEADER = 0 XCN_CRYPT_STRING_BASE64 = 1 XCN_CRYPT_STRING_BINARY = 2 XCN_CRYPT_STRING_BASE64REQUESTHEADER = 3 XCN_CRYPT_STRING_HEX = 4 XCN_CRYPT_STRING_HEXASCII = 5 XCN_CRYPT_STRING_BASE64_ANY = 6 XCN_CRYPT_STRING_ANY = 7 XCN_CRYPT_STRING_HEX_ANY = 8 XCN_CRYPT_STRING_BASE64X509CRLHEADER = 9 XCN_CRYPT_STRING_HEXADDR = 10 XCN_CRYPT_STRING_HEXASCIIADDR = 11 XCN_CRYPT_STRING_HEXRAW = 12 XCN_CRYPT_STRING_BASE64URI = 13 XCN_CRYPT_STRING_ENCODEMASK = 255 XCN_CRYPT_STRING_CHAIN = 256 XCN_CRYPT_STRING_TEXT = 512 XCN_CRYPT_STRING_PERCENTESCAPE = 134217728 XCN_CRYPT_STRING_HASHDATA = 268435456 XCN_CRYPT_STRING_STRICT = 536870912 XCN_CRYPT_STRING_NOCRLF = 1073741824 } # https://docs.microsoft.com/en-us/windows/win32/api/certenroll/ne-certenroll-x509keyspec New-Variable -Option Constant -Name X509KeySpec -Value @{ XCN_AT_NONE = 0 XCN_AT_KEYEXCHANGE = 1 XCN_AT_SIGNATURE = 2 } # https://docs.microsoft.com/en-us/windows/win32/api/certpol/ne-certpol-x509scepdisposition New-Variable -Option Constant -Name X509SCEPDisposition -Value @{ SCEPDispositionUnknown = -1 SCEPDispositionSuccess = 0 SCEPDispositionFailure = 2 SCEPDispositionPending = 3 SCEPDispositionPendingChallenge = 11 } # https://docs.microsoft.com/en-us/windows/win32/api/certenroll/ne-certenroll-x509privatekeyverify New-Variable -Option Constant -Name X509PrivateKeyVerify -Value @{ VerifyNone = 0 VerifySilent = 1 VerifySmartCardNone = 2 VerifySmartCardSilent = 4 VerifyAllowUI = 8 } # https://docs.microsoft.com/en-us/windows/win32/api/certenroll/ne-certenroll-algorithmflags New-Variable -Option Constant -Name AlgorithmFlags -Value @{ AlgorithmFlagsNone = 0 AlgorithmFlagsWrap = 1 } # https://docs.microsoft.com/en-us/windows/win32/api/certenroll/ne-certenroll-installresponserestrictionflags New-Variable -Option Constant -Name InstallResponseRestrictionFlags -Value @{ AllowNone = 0 AllowNoOutstandingRequest = 1 AllowUntrustedCertificate = 2 AllowUntrustedRoot = 4 } # https://docs.microsoft.com/en-us/windows/win32/api/certcli/ne-certcli-x509enrollmentauthflags # https://docs.microsoft.com/en-us/dotnet/api/microsoft.hpc.scheduler.store.x509enrollmentauthflags # https://gist.github.com/ctkirkman/77729328070ee1e1057fa1e2a64121a5 New-Variable -Option Constant -Name X509EnrollmentAuthFlags -Value @{ X509AuthNone = 0 X509AuthAnonymous = 1 X509AuthKerberos = 2 X509AuthUsername = 4 X509AuthCertificate = 8 } # https://docs.microsoft.com/en-us/windows/win32/api/certenroll/ne-certenroll-x509certificateenrollmentcontext New-Variable -Option Constant -Name X509CertificateEnrollmentContext -Value @{ ContextNone = 0 ContextUser = 1 ContextMachine = 2 ContextAdministratorForceMachine = 3 } # https://docs.microsoft.com/en-us/windows/win32/api/certenroll/nf-certenroll-ix509certificaterequestpkcs10-initializefromcertificate New-Variable -Option Constant -Name X509RequestInheritOptions -Value @{ InheritDefault = 0x00000000 InheritRenewalCertificateFlag = 0x00000020 InheritTemplateFlag = 0x00000040 InheritSubjectFlag = 0x00000080 InheritExtensionsFlag = 0x00000100 InheritSubjectAltNameFlag = 0x00000200 } # https://docs.microsoft.com/en-us/windows/win32/api/certenroll/ne-certenroll-enrollmentenrollstatus New-Variable -Option Constant -Name EnrollmentEnrollStatus -Value @{ Enrolled = 0x00000001 EnrollPended = 0x00000002 EnrollUIDeferredEnrollmentRequired = 0x00000004 EnrollError = 0x00000010 EnrollUnknown = 0x00000020 EnrollSkipped = 0x00000040 EnrollDenied = 0x00000100 } # https://docs.microsoft.com/bs-latn-ba/windows/win32/api/certenroll/ne-certenroll-innerrequestlevel New-Variable -Option Constant -Name InnerRequestLevel -Value @{ LevelInnermost = 0 LevelNext = 1 } # https://docs.microsoft.com/en-us/windows/win32/api/taskschd/ne-taskschd-task_run_flags New-Variable -Option Constant -Name TaskRunFlags -Value @{ TASK_RUN_NO_FLAGS = 0 TASK_RUN_AS_SELF = 1 TASK_RUN_IGNORE_CONSTRAINTS = 2 TASK_RUN_USE_SESSION_ID = 3 TASK_RUN_USER_SID = 4 } # https://tools.ietf.org/html/draft-nourse-scep-23#section-3.1.1.4 New-Variable -Option Constant -Name SCEPFailInfo -Value @( @{ Code = 0 Message = "badAlg" Description = "Unrecognized or unsupported algorithm identifier" } @{ Code = 1 Message = "badMessageCheck" Description = "integrity check failed" } @{ Code = 2 Message = "badRequest" Description = "transaction not permitted or supported" } @{ Code = 3 Message = "badTime" Description = "The signingTime attribute from the PKCS#7 authenticatedAttributes was not sufficiently close to the system time." } @{ Code = 4 Message = "badCertId" Description = "No certificate could be identified matching the provided criteria." } ) # Built from the Error Codes I observed whilst testing Get-NDESCertificate # Stored as String as this gets compared against a text that is returned from the API New-Variable -Option Constant -Name NDESErrorCode -Value @{ CERT_E_WRONG_USAGE = "0x800b0110" TRUST_E_CERT_SIGNATURE = "0x80096004" ERROR_NOT_FOUND = "0x80070490" CERTSRV_E_BAD_REQUESTSUBJECT = "0x80094001" RPC_S_SERVER_UNAVAILABLE = "0x800706ba" } # https://msdn.microsoft.com/en-us/library/windows/desktop/aa378132(v=vs.85).aspx New-Variable -Option Constant -Name EkuNameToOidTable -Value @{ EnrollmentAgent = $Oid.XCN_OID_ENROLLMENT_AGENT ClientAuthentication = $Oid.XCN_OID_PKIX_KP_CLIENT_AUTH CodeSigning = $Oid.XCN_OID_PKIX_KP_CODE_SIGNING LifeTimeSigning = $Oid.XCN_OID_KP_LIFETIME_SIGNING DocumentSigning = $Oid.XCN_OID_KP_DOCUMENT_SIGNING DocumentEncryption = $Oid.XCN_OID_KP_DOCUMENT_ENCRYPTION EncryptingFileSystem = $Oid.XCN_OID_KP_EFS FileRecovery = $Oid.XCN_OID_EFS_RECOVERY IPSecEndSystem = $Oid.XCN_OID_PKIX_KP_IPSEC_END_SYSTEM IPSecIKEIntermediate = $Oid.XCN_OID_IPSEC_KP_IKE_INTERMEDIATE IPSecTunnelEndpoint = $Oid.XCN_OID_PKIX_KP_IPSEC_TUNNEL IPSecUser = $Oid.XCN_OID_PKIX_KP_IPSEC_USER KeyRecovery = $Oid.XCN_OID_KP_KEY_RECOVERY KDCAuthentication = $Oid.XCN_OID_KP_KDC SecureEmail = $Oid.XCN_OID_PKIX_KP_EMAIL_PROTECTION ServerAuthentication = $Oid.XCN_OID_PKIX_KP_SERVER_AUTH SmartCardLogon = $Oid.XCN_OID_KP_SMARTCARD_LOGON TimeStamping = $Oid.XCN_OID_PKIX_KP_TIMESTAMP_SIGNING OCSPSigning = $Oid.XCN_OID_PKIX_KP_OCSP_SIGNING RemoteDesktopAuthentication = $Oid.XCN_OID_KP_RDC PrivateKeyArchival = $Oid.XCN_OID_KP_CA_EXCHANGE } New-Variable -Option Constant -Name SmimeCapabilityToOidTable -Value @{ des = $Oid.XCN_OID_OIWSEC_desCBC des3 = $Oid.XCN_OID_RSA_DES_EDE3_CBC rc2 = $Oid.XCN_OID_RSA_RC2CBC rc4 = $Oid.XCN_OID_RSA_RC4 des3wrap = $Oid.XCN_OID_RSA_SMIMEalgCMS3DESwrap rc2wrap = $Oid.XCN_OID_RSA_SMIMEalgCMSRC2wrap aes128 = $Oid.XCN_OID_NIST_AES128_CBC aes192 = $Oid.XCN_OID_NIST_AES192_CBC aes256 = $Oid.XCN_OID_NIST_AES256_CBC aes128wrap = $Oid.XCN_OID_NIST_AES128_WRAP aes192wrap = $Oid.XCN_OID_NIST_AES192_WRAP aes256wrap = $Oid.XCN_OID_NIST_AES256_WRAP md5 = $Oid.md5noSign sha1 = $Oid.sha1noSign sha256 = $Oid.sha256noSign sha384 = $Oid.sha384noSign sha512 = $Oid.sha512noSign } $ModuleRoot = Split-Path -Path $MyInvocation.MyCommand.Definition -Parent # Import Public Functions . $ModuleRoot\Functions\Get-NDESOTP.ps1 . $ModuleRoot\Functions\Get-NDESCertificate.ps1 . $ModuleRoot\Functions\Get-KeyStorageProvider.ps1 . $ModuleRoot\Functions\Get-IssuedCertificate.ps1 . $ModuleRoot\Functions\New-CertificateRequest.ps1 . $ModuleRoot\Functions\New-SignedCertificateRequest.ps1 . $ModuleRoot\Functions\Install-IssuedCertificate.ps1 . $ModuleRoot\Functions\Undo-CertificateArchival.ps1 . $ModuleRoot\Functions\Get-RemoteDesktopCertificate.ps1 . $ModuleRoot\Functions\Set-RemoteDesktopCertificate.ps1 . $ModuleRoot\Functions\Invoke-AutoEnrollmentTask.ps1 # Import Private Functions . $ModuleRoot\Functions\Convert-DERToBASE64.ps1 . $ModuleRoot\Functions\Convert-StringToCertificateSerialNumber.ps1 . $ModuleRoot\Functions\Convert-StringToDER.ps1 . $ModuleRoot\Functions\Convert-StringToHex.ps1 . $ModuleRoot\Functions\Get-Asn1LengthOctets.ps1 . $ModuleRoot\Functions\Get-CertificateHash.ps1 . $ModuleRoot\Functions\New-AiaExtension.ps1 . $ModuleRoot\Functions\New-CdpExtension.ps1 . $ModuleRoot\Functions\New-SidExtension.ps1 # SIG # Begin signature block # MIIk6gYJKoZIhvcNAQcCoIIk2zCCJNcCAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCCAj86O1HEhy/Hg # Jy/KkI4HRoZSmVTEtqwiSB+oAP4F2KCCHqwwggVAMIIEKKADAgECAhEAjyqX/F4u # bPBaKM2QGtlbKTANBgkqhkiG9w0BAQsFADB8MQswCQYDVQQGEwJHQjEbMBkGA1UE # CBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRgwFgYDVQQK # Ew9TZWN0aWdvIExpbWl0ZWQxJDAiBgNVBAMTG1NlY3RpZ28gUlNBIENvZGUgU2ln # bmluZyBDQTAeFw0yMDExMjAwMDAwMDBaFw0yMzExMjAyMzU5NTlaMIGHMQswCQYD # VQQGEwJERTEOMAwGA1UEEQwFOTE2MDIxHTAbBgNVBAcMFETDvHJyd2FuZ2VuIEhh # bHNiYWNoMRUwEwYDVQQJDAxXZWloZXJ3ZWcgMTUxGDAWBgNVBAoMD1V3ZSBHcmFk # ZW5lZ2dlcjEYMBYGA1UEAwwPVXdlIEdyYWRlbmVnZ2VyMIIBIjANBgkqhkiG9w0B # AQEFAAOCAQ8AMIIBCgKCAQEA53wYl/2oLVZBtzGBVrhekovOH+jLXaqR8bcrXUEt # GzZS5mhld6V58oliKsdanM2WGRtGga/ew1QKAqlEO3LPWQd/6O+T6ewH1IJy0xxy # Zv3zsEDySr+2iAZaOqUdxAV8ROuW/fPGJCR3nrRO2vH047z+aAi9S5sZbiO21634 # BRXw94cl4JArB62gSfehtyCqO5oBLjWdz9/41pfrCQPyIoalfL4Ksdt+WEAJqy9T # JyEF/8GWbGxko/yx/p1k03QjtNT2SM7kDw2JYCnsn2hPPS18q4ca6sZqqUAxBQl0 # P1E0POzP4I3XD8uNuSF8lrCegjxdHuDycgE4fZ1/5giY9QIDAQABo4IBrzCCAasw # HwYDVR0jBBgwFoAUDuE6qFM6MdWKvsG7rWcaA4WtNA4wHQYDVR0OBBYEFCmcAsJF # JdY/qAsyvvsYLFw96N2aMA4GA1UdDwEB/wQEAwIHgDAMBgNVHRMBAf8EAjAAMBMG # A1UdJQQMMAoGCCsGAQUFBwMDMBEGCWCGSAGG+EIBAQQEAwIEEDBKBgNVHSAEQzBB # MDUGDCsGAQQBsjEBAgEDAjAlMCMGCCsGAQUFBwIBFhdodHRwczovL3NlY3RpZ28u # Y29tL0NQUzAIBgZngQwBBAEwQwYDVR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC5z # ZWN0aWdvLmNvbS9TZWN0aWdvUlNBQ29kZVNpZ25pbmdDQS5jcmwwcwYIKwYBBQUH # AQEEZzBlMD4GCCsGAQUFBzAChjJodHRwOi8vY3J0LnNlY3RpZ28uY29tL1NlY3Rp # Z29SU0FDb2RlU2lnbmluZ0NBLmNydDAjBggrBgEFBQcwAYYXaHR0cDovL29jc3Au # c2VjdGlnby5jb20wHQYDVR0RBBYwFIESdXdlQGdyYWRlbmVnZ2VyLmV1MA0GCSqG # SIb3DQEBCwUAA4IBAQCEQ6MLH2xJoylM/1EVGcnHx1yfR4N0KTpMZmUHeDKHbhVa # 75UQJRd3/Wy9knpqk8NGnPaS8XNOUgR8A5EoO5djvZfp4JLtUVOM28TI0U+avrtP # olQHtCRrpb12kCqG5/E5DQNFL9qTK0/cngkXQFiJncjF+AAfWOL+5e4zIPWMVJaw # PKFIyT47S6BjD5NopviPxcJY3uQ3y5WFqpeYMWL1cpMpC26tvEQbecJLGW51m3l8 # MiaPtxieiuEje8YplJdBOOBDVO+NTJvhiOhOhM2Nnp/PcdqYAuiLpAcv2ekcHp6Q # svBWxRbwb23mjni1DipueBqn98FCTQkNDQLb6KRuMIIFgTCCBGmgAwIBAgIQOXJE # Ovkit1HX02wQ3TE1lTANBgkqhkiG9w0BAQwFADB7MQswCQYDVQQGEwJHQjEbMBkG # A1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRowGAYD # VQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UEAwwYQUFBIENlcnRpZmljYXRl # IFNlcnZpY2VzMB4XDTE5MDMxMjAwMDAwMFoXDTI4MTIzMTIzNTk1OVowgYgxCzAJ # BgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5MRQwEgYDVQQHEwtKZXJzZXkg # Q2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBOZXR3b3JrMS4wLAYDVQQDEyVV # U0VSVHJ1c3QgUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjANBgkqhkiG # 9w0BAQEFAAOCAg8AMIICCgKCAgEAgBJlFzYOw9sIs9CsVw127c0n00ytUINh4qog # TQktZAnczomfzD2p7PbPwdzx07HWezcoEStH2jnGvDoZtF+mvX2do2NCtnbyqTsr # kfjib9DsFiCQCT7i6HTJGLSR1GJk23+jBvGIGGqQIjy8/hPwhxR79uQfjtTkUcYR # Z0YIUcuGFFQ/vDP+fmyc/xadGL1RjjWmp2bIcmfbIWax1Jt4A8BQOujM8Ny8nkz+ # rwWWNR9XWrf/zvk9tyy29lTdyOcSOk2uTIq3XJq0tyA9yn8iNK5+O2hmAUTnAU5G # U5szYPeUvlM3kHND8zLDU+/bqv50TmnHa4xgk97Exwzf4TKuzJM7UXiVZ4vuPVb+ # DNBpDxsP8yUmazNt925H+nND5X4OpWaxKXwyhGNVicQNwZNUMBkTrNN9N6frXTps # NVzbQdcS2qlJC9/YgIoJk2KOtWbPJYjNhLixP6Q5D9kCnusSTJV882sFqV4Wg8y4 # Z+LoE53MW4LTTLPtW//e5XOsIzstAL81VXQJSdhJWBp/kjbmUZIO8yZ9HE0XvMns # QybQv0FfQKlERPSZ51eHnlAfV1SoPv10Yy+xUGUJ5lhCLkMaTLTwJUdZ+gQek9Qm # RkpQgbLevni3/GcV4clXhB4PY9bpYrrWX1Uu6lzGKAgEJTm4Diup8kyXHAc/DVL1 # 7e8vgg8CAwEAAaOB8jCB7zAfBgNVHSMEGDAWgBSgEQojPpbxB+zirynvgqV/0DCk # tDAdBgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/BAQDAgGG # MA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0gBAowCDAGBgRVHSAAMEMGA1UdHwQ8MDow # OKA2oDSGMmh0dHA6Ly9jcmwuY29tb2RvY2EuY29tL0FBQUNlcnRpZmljYXRlU2Vy # dmljZXMuY3JsMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29j # c3AuY29tb2RvY2EuY29tMA0GCSqGSIb3DQEBDAUAA4IBAQAYh1HcdCE9nIrgJ7cz # 0C7M7PDmy14R3iJvm3WOnnL+5Nb+qh+cli3vA0p+rvSNb3I8QzvAP+u431yqqcau # 8vzY7qN7Q/aGNnwU4M309z/+3ri0ivCRlv79Q2R+/czSAaF9ffgZGclCKxO/WIu6 # pKJmBHaIkU4MiRTOok3JMrO66BQavHHxW/BBC5gACiIDEOUMsfnNkjcZ7Tvx5Dq2 # +UUTJnWvu6rvP3t3O9LEApE9GQDTF1w52z97GA1FzZOFli9d31kWTz9RvdVFGD/t # So7oBmF0Ixa1DVBzJ0RHfxBdiSprhTEUxOipakyAvGp4z7h/jnZymQyd/teRCBah # o1+VMIIF9TCCA92gAwIBAgIQHaJIMG+bJhjQguCWfTPTajANBgkqhkiG9w0BAQwF # ADCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcT # C0plcnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAs # BgNVBAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcN # MTgxMTAyMDAwMDAwWhcNMzAxMjMxMjM1OTU5WjB8MQswCQYDVQQGEwJHQjEbMBkG # A1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRgwFgYD # VQQKEw9TZWN0aWdvIExpbWl0ZWQxJDAiBgNVBAMTG1NlY3RpZ28gUlNBIENvZGUg # U2lnbmluZyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIYijTKF # ehifSfCWL2MIHi3cfJ8Uz+MmtiVmKUCGVEZ0MWLFEO2yhyemmcuVMMBW9aR1xqkO # UGKlUZEQauBLYq798PgYrKf/7i4zIPoMGYmobHutAMNhodxpZW0fbieW15dRhqb0 # J+V8aouVHltg1X7XFpKcAC9o95ftanK+ODtj3o+/bkxBXRIgCFnoOc2P0tbPBrRX # BbZOoT5Xax+YvMRi1hsLjcdmG0qfnYHEckC14l/vC0X/o84Xpi1VsLewvFRqnbyN # VlPG8Lp5UEks9wO5/i9lNfIi6iwHr0bZ+UYc3Ix8cSjz/qfGFN1VkW6KEQ3fBiSV # fQ+noXw62oY1YdMCAwEAAaOCAWQwggFgMB8GA1UdIwQYMBaAFFN5v1qqK0rPVIDh # 2JvAnfKyA2bLMB0GA1UdDgQWBBQO4TqoUzox1Yq+wbutZxoDha00DjAOBgNVHQ8B # Af8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHSUEFjAUBggrBgEFBQcD # AwYIKwYBBQUHAwgwEQYDVR0gBAowCDAGBgRVHSAAMFAGA1UdHwRJMEcwRaBDoEGG # P2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9VU0VSVHJ1c3RSU0FDZXJ0aWZpY2F0 # aW9uQXV0aG9yaXR5LmNybDB2BggrBgEFBQcBAQRqMGgwPwYIKwYBBQUHMAKGM2h0 # dHA6Ly9jcnQudXNlcnRydXN0LmNvbS9VU0VSVHJ1c3RSU0FBZGRUcnVzdENBLmNy # dDAlBggrBgEFBQcwAYYZaHR0cDovL29jc3AudXNlcnRydXN0LmNvbTANBgkqhkiG # 9w0BAQwFAAOCAgEATWNQ7Uc0SmGk295qKoyb8QAAHh1iezrXMsL2s+Bjs/thAIia # G20QBwRPvrjqiXgi6w9G7PNGXkBGiRL0C3danCpBOvzW9Ovn9xWVM8Ohgyi33i/k # lPeFM4MtSkBIv5rCT0qxjyT0s4E307dksKYjalloUkJf/wTr4XRleQj1qZPea3FA # mZa6ePG5yOLDCBaxq2NayBWAbXReSnV+pbjDbLXP30p5h1zHQE1jNfYw08+1Cg4L # BH+gS667o6XQhACTPlNdNKUANWlsvp8gJRANGftQkGG+OY96jk32nw4e/gdREmaD # JhlIlc5KycF/8zoFm/lv34h/wCOe0h5DekUxwZxNqfBZslkZ6GqNKQQCd3xLS81w # vjqyVVp4Pry7bwMQJXcVNIr5NsxDkuS6T/FikyglVyn7URnHoSVAaoRXxrKdsbwc # Ctp8Z359LukoTBh+xHsxQXGaSynsCz1XUNLK3f2eBVHlRHjdAd6xdZgNVCT98E7j # 4viDvXK6yz067vBeF5Jobchh+abxKgoLpbn0nu6YMgWFnuv5gynTxix9vTp3Los3 # QqBqgu07SqqUEKThDfgXxbZaeTMYkuO1dfih6Y4KJR7kHvGfWocj/5+kUZ77OYAR # zdu1xKeogG/lU9Tg46LC0lsa+jImLWpXcBw8pFguo/NbSwfcMlnzh6cabVgwggbs # MIIE1KADAgECAhAwD2+s3WaYdHypRjaneC25MA0GCSqGSIb3DQEBDAUAMIGIMQsw # CQYDVQQGEwJVUzETMBEGA1UECBMKTmV3IEplcnNleTEUMBIGA1UEBxMLSmVyc2V5 # IENpdHkxHjAcBgNVBAoTFVRoZSBVU0VSVFJVU1QgTmV0d29yazEuMCwGA1UEAxMl # VVNFUlRydXN0IFJTQSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xOTA1MDIw # MDAwMDBaFw0zODAxMTgyMzU5NTlaMH0xCzAJBgNVBAYTAkdCMRswGQYDVQQIExJH # cmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1NhbGZvcmQxGDAWBgNVBAoTD1Nl # Y3RpZ28gTGltaXRlZDElMCMGA1UEAxMcU2VjdGlnbyBSU0EgVGltZSBTdGFtcGlu # ZyBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMgbAa/ZLH6ImX0B # mD8gkL2cgCFUk7nPoD5T77NawHbWGgSlzkeDtevEzEk0y/NFZbn5p2QWJgn71TJS # eS7JY8ITm7aGPwEFkmZvIavVcRB5h/RGKs3EWsnb111JTXJWD9zJ41OYOioe/M5Y # SdO/8zm7uaQjQqzQFcN/nqJc1zjxFrJw06PE37PFcqwuCnf8DZRSt/wflXMkPQEo # vA8NT7ORAY5unSd1VdEXOzQhe5cBlK9/gM/REQpXhMl/VuC9RpyCvpSdv7QgsGB+ # uE31DT/b0OqFjIpWcdEtlEzIjDzTFKKcvSb/01Mgx2Bpm1gKVPQF5/0xrPnIhRfH # uCkZpCkvRuPd25Ffnz82Pg4wZytGtzWvlr7aTGDMqLufDRTUGMQwmHSCIc9iVrUh # cxIe/arKCFiHd6QV6xlV/9A5VC0m7kUaOm/N14Tw1/AoxU9kgwLU++Le8bwCKPRt # 2ieKBtKWh97oaw7wW33pdmmTIBxKlyx3GSuTlZicl57rjsF4VsZEJd8GEpoGLZ8D # Xv2DolNnyrH6jaFkyYiSWcuoRsDJ8qb/fVfbEnb6ikEk1Bv8cqUUotStQxykSYtB # ORQDHin6G6UirqXDTYLQjdprt9v3GEBXc/Bxo/tKfUU2wfeNgvq5yQ1TgH36tjlY # Mu9vGFCJ10+dM70atZ2h3pVBeqeDAgMBAAGjggFaMIIBVjAfBgNVHSMEGDAWgBRT # eb9aqitKz1SA4dibwJ3ysgNmyzAdBgNVHQ4EFgQUGqH4YRkgD8NBd0UojtE1XwYS # BFUwDgYDVR0PAQH/BAQDAgGGMBIGA1UdEwEB/wQIMAYBAf8CAQAwEwYDVR0lBAww # CgYIKwYBBQUHAwgwEQYDVR0gBAowCDAGBgRVHSAAMFAGA1UdHwRJMEcwRaBDoEGG # P2h0dHA6Ly9jcmwudXNlcnRydXN0LmNvbS9VU0VSVHJ1c3RSU0FDZXJ0aWZpY2F0 # aW9uQXV0aG9yaXR5LmNybDB2BggrBgEFBQcBAQRqMGgwPwYIKwYBBQUHMAKGM2h0 # dHA6Ly9jcnQudXNlcnRydXN0LmNvbS9VU0VSVHJ1c3RSU0FBZGRUcnVzdENBLmNy # dDAlBggrBgEFBQcwAYYZaHR0cDovL29jc3AudXNlcnRydXN0LmNvbTANBgkqhkiG # 9w0BAQwFAAOCAgEAbVSBpTNdFuG1U4GRdd8DejILLSWEEbKw2yp9KgX1vDsn9Fqg # uUlZkClsYcu1UNviffmfAO9Aw63T4uRW+VhBz/FC5RB9/7B0H4/GXAn5M17qoBwm # WFzztBEP1dXD4rzVWHi/SHbhRGdtj7BDEA+N5Pk4Yr8TAcWFo0zFzLJTMJWk1vSW # Vgi4zVx/AZa+clJqO0I3fBZ4OZOTlJux3LJtQW1nzclvkD1/RXLBGyPWwlWEZuSz # xWYG9vPWS16toytCiiGS/qhvWiVwYoFzY16gu9jc10rTPa+DBjgSHSSHLeT8AtY+ # dwS8BDa153fLnC6NIxi5o8JHHfBd1qFzVwVomqfJN2Udvuq82EKDQwWli6YJ/9Gh # lKZOqj0J9QVst9JkWtgqIsJLnfE5XkzeSD2bNJaaCV+O/fexUpHOP4n2HKG1qXUf # cb9bQ11lPVCBbqvw0NP8srMftpmWJvQ8eYtcZMzN7iea5aDADHKHwW5NWtMe6vBE # 5jJvHOsXTpTDeGUgOw9Bqh/poUGd/rG4oGUqNODeqPk85sEwu8CgYyz8XBYAqNDE # f+oRnR4GxqZtMl20OAkrSQeq/eww2vGnL8+3/frQo4TZJ577AWZ3uVYQ4SBuxq6x # +ba6yDVdM3aO8XwgDCp3rrWiAoa6Ke60WgCxjKvj+QrJVF3UuWp0nr1Irpgwggb2 # MIIE3qADAgECAhEAkDl/mtJKOhPyvZFfCDipQzANBgkqhkiG9w0BAQwFADB9MQsw # CQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQH # EwdTYWxmb3JkMRgwFgYDVQQKEw9TZWN0aWdvIExpbWl0ZWQxJTAjBgNVBAMTHFNl # Y3RpZ28gUlNBIFRpbWUgU3RhbXBpbmcgQ0EwHhcNMjIwNTExMDAwMDAwWhcNMzMw # ODEwMjM1OTU5WjBqMQswCQYDVQQGEwJHQjETMBEGA1UECBMKTWFuY2hlc3RlcjEY # MBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMSwwKgYDVQQDDCNTZWN0aWdvIFJTQSBU # aW1lIFN0YW1waW5nIFNpZ25lciAjMzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC # AgoCggIBAJCycT954dS5ihfMw5fCkJRy7Vo6bwFDf3NaKJ8kfKA1QAb6lK8KoYO2 # E+RLFQZeaoogNHF7uyWtP1sKpB8vbH0uYVHQjFk3PqZd8R5dgLbYH2DjzRJqiB/G # /hjLk0NWesfOA9YAZChWIrFLGdLwlslEHzldnLCW7VpJjX5y5ENrf8mgP2xKrdUA # T70KuIPFvZgsB3YBcEXew/BCaer/JswDRB8WKOFqdLacRfq2Os6U0R+9jGWq/fzD # POgNnDhm1fx9HptZjJFaQldVUBYNS3Ry7qAqMfwmAjT5ZBtZ/eM61Oi4QSl0AT8N # 4BN3KxE8+z3N0Ofhl1tV9yoDbdXNYtrOnB786nB95n1LaM5aKWHToFwls6UnaKNY # /fUta8pfZMdrKAzarHhB3pLvD8Xsq98tbxpUUWwzs41ZYOff6Bcio3lBYs/8e/OS # 2q7gPE8PWsxu3x+8Iq+3OBCaNKcL//4dXqTz7hY4Kz+sdpRBnWQd+oD9AOH++DrU # w167aU1ymeXxMi1R+mGtTeomjm38qUiYPvJGDWmxt270BdtBBcYYwFDk+K3+rGNh # R5G8RrVGU2zF9OGGJ5OEOWx14B0MelmLLsv0ZCxCR/RUWIU35cdpp9Ili5a/xq3g # vbE39x/fQnuq6xzp6z1a3fjSkNVJmjodgxpXfxwBws4cfcz7lhXFAgMBAAGjggGC # MIIBfjAfBgNVHSMEGDAWgBQaofhhGSAPw0F3RSiO0TVfBhIEVTAdBgNVHQ4EFgQU # JS5oPGuaKyQUqR+i3yY6zxSm8eAwDgYDVR0PAQH/BAQDAgbAMAwGA1UdEwEB/wQC # MAAwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwgwSgYDVR0gBEMwQTA1BgwrBgEEAbIx # AQIBAwgwJTAjBggrBgEFBQcCARYXaHR0cHM6Ly9zZWN0aWdvLmNvbS9DUFMwCAYG # Z4EMAQQCMEQGA1UdHwQ9MDswOaA3oDWGM2h0dHA6Ly9jcmwuc2VjdGlnby5jb20v # U2VjdGlnb1JTQVRpbWVTdGFtcGluZ0NBLmNybDB0BggrBgEFBQcBAQRoMGYwPwYI # KwYBBQUHMAKGM2h0dHA6Ly9jcnQuc2VjdGlnby5jb20vU2VjdGlnb1JTQVRpbWVT # dGFtcGluZ0NBLmNydDAjBggrBgEFBQcwAYYXaHR0cDovL29jc3Auc2VjdGlnby5j # b20wDQYJKoZIhvcNAQEMBQADggIBAHPa7Whyy8K5QKExu7QDoy0UeyTntFsVfajp # /a3Rkg18PTagadnzmjDarGnWdFckP34PPNn1w3klbCbojWiTzvF3iTl/qAQF2jTD # FOqfCFSr/8R+lmwr05TrtGzgRU0ssvc7O1q1wfvXiXVtmHJy9vcHKPPTstDrGb4V # LHjvzUWgAOT4BHa7V8WQvndUkHSeC09NxKoTj5evATUry5sReOny+YkEPE7jghJi # 67REDHVBwg80uIidyCLxE2rbGC9ueK3EBbTohAiTB/l9g/5omDTkd+WxzoyUbNsD # bSgFR36bLvBk+9ukAzEQfBr7PBmA0QtwuVVfR745ZM632iNUMuNGsjLY0imGyRVd # gJWvAvu00S6dOHw14A8c7RtHSJwialWC2fK6CGUD5fEp80iKCQFMpnnyorYamZTr # lyjhvn0boXztVoCm9CIzkOSEU/wq+sCnl6jqtY16zuTgS6Ezqwt2oNVpFreOZr9f # +h/EqH+noUgUkQ2C/L1Nme3J5mw2/ndDmbhpLXxhL+2jsEn+W75pJJH/k/xXaZJL # 2QU/bYZy06LQwGTSOkLBGgP70O2aIbg/r6ayUVTVTMXKHxKNV8Y57Vz/7J8mdq1k # ZmfoqjDg0q23fbFqQSduA4qjdOCKCYJuv+P2t7yeCykYaIGhnD9uFllLFAkJmuau # v2AV3Yb1MYIFlDCCBZACAQEwgZEwfDELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdy # ZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEYMBYGA1UEChMPU2Vj # dGlnbyBMaW1pdGVkMSQwIgYDVQQDExtTZWN0aWdvIFJTQSBDb2RlIFNpZ25pbmcg # Q0ECEQCPKpf8Xi5s8FoozZAa2VspMA0GCWCGSAFlAwQCAQUAoIGEMBgGCisGAQQB # gjcCAQwxCjAIoAKAAKECgAAwGQYJKoZIhvcNAQkDMQwGCisGAQQBgjcCAQQwHAYK # KwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkEMSIEIDpCfKgm # ltawWuLRYK+B9ES49ALeCmOb39dcEhyaE4NMMA0GCSqGSIb3DQEBAQUABIIBAIuO # LQygaudqbfiRvPtYPJ4uAn4lZFrcIQsWSIGuuUtdZ5ELJ1r5iwC7X6Vea9+te79y # G+Rt508sOTmV+KhFfhnz3jLPYRA7O5vp0HuWMCIjDVOHtk/bNFAIDat70BQ/kDq1 # HfOHySc+214IUlShwJ9zh+s9textpw0E8f6aj93zM8QK7GkPs+o7X1Teri2VTYxt # gh95//msYzj23E9BoFXST8DrnpFYn4GtER4sAlhmyLoxChTGX71AQkX+kPQA4L1R # 05tY5TpExRqbwuP/fxoeRDf5X3eCJx2MIxM06etilWYs8aGwmqkGGfDY0CgFUluO # uwY5VaOeozD1h6Z6teqhggNMMIIDSAYJKoZIhvcNAQkGMYIDOTCCAzUCAQEwgZIw # fTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G # A1UEBxMHU2FsZm9yZDEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMSUwIwYDVQQD # ExxTZWN0aWdvIFJTQSBUaW1lIFN0YW1waW5nIENBAhEAkDl/mtJKOhPyvZFfCDip # QzANBglghkgBZQMEAgIFAKB5MBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJ # KoZIhvcNAQkFMQ8XDTIyMTIxOTE2NDc0OFowPwYJKoZIhvcNAQkEMTIEMPx71QHs # sj/l0Y31M+AMaZeb5SzuX1AsAkoNZfg3AoPJv6lp40zgiApSTEXH1PpFeDANBgkq # hkiG9w0BAQEFAASCAgA+fbDKQBtDlxM7RBeFXzOQndgb4/9Tk/Xyjjpb0yFSX3U2 # wX7uC8xyVwyPnYKMkALS8m0ssOE3LdQwxkVVRztwxm+a5W93RAg4iP7eE1QNBn3E # f4WkPYHzFKjMfPcx0feVQytYJkwtnkWnqWbElkR5AtE2vWxjsuk7yc1vaz+Tpz4l # bLjit2mCtwMc7uvjl0vd+Sjmo/BvYFTYd3XUAPyegFZA9yXBBW36LgiHTJzgXNxj # pP3PkS/bZL13gTV/rM+ipu3yG4Mwl/MK1hCDLssZ+fd6VB4SAjKXbY00qTEJY6fR # UrFpGlQ9MXjnKLMcwjY8kcmr+wPjUEJMMUxqinvF2DM4AM5wPuf+KXKgTZqNBaAi # zKjiU6neOb4xJAbCMJLhxQBvd5W0VPPvnZzs+G4rqhxpswTKiKboqpit/WFmyRIR # sC8Cp3c3Ly+kamNyIE937qbd9jkFueowRTMW6C1h9WoKRBquUGlcrewri7kxSxrU # JtMrvnN2Z6HHaitVSufFW2sVzkqrcyv3DJdbcSa17eTGbEX8auUxeKRLZ1t4YWPp # bvg4w46FP9B9UcQ0s4Xeeg8Tv1UAnBCxi5t2b+nPDRLLJJQgbF+4ky30SDrQXewN # 4F9zNco6oM9lknXoLMJa470OE08c1DQbqb6lQMf7mDkW1cIxiBdSQfDVhsh1qQ== # SIG # End signature block |