ReportCommands/ActionReport.ps1
|
#requires -Version 5.1 function Get-KeeperActionReport { <# .SYNOPSIS Run an action report based on user activity. .DESCRIPTION Generates a report of enterprise users based on their activity (or lack thereof) and can optionally apply administrative actions (lock, delete, transfer) to those users. Mirrors the Commander 'action-report' command. Alias: action-report .PARAMETER Target Target user status to filter by: no-logon - Users who haven't logged in within the specified period no-update - Users who haven't added or updated records locked - Users who have been locked for the specified period invited - Users who have been invited but haven't accepted no-recovery - Users who haven't set up account recovery .PARAMETER DaysSince Number of days since the event of interest. Default: 30 (or 90 for locked). .PARAMETER Node Filter users by node name or ID. Includes child nodes. .PARAMETER ApplyAction Admin action to apply to matched users: none - Report only (default) lock - Lock the user accounts delete - Delete the user accounts transfer - Transfer accounts to another user .PARAMETER TargetUser Username/email of the account to transfer users to. Required when -ApplyAction is 'transfer'. .PARAMETER DryRun Preview the action without actually executing it. .PARAMETER Force Skip the confirmation prompt for destructive actions. .PARAMETER Columns Comma-separated list of columns to display: user_id, email, name, status, transfer_status, node, 2fa_enabled, team_count, teams, role_count, roles .PARAMETER Format Output format: table (default), json, or csv. .PARAMETER Output File path to write the report output to. .PARAMETER SyntaxHelp Display detailed syntax help with examples. .EXAMPLE Get-KeeperActionReport Shows users who haven't logged in for 30 days (default). .EXAMPLE Get-KeeperActionReport -Target no-logon -DaysSince 60 Shows users inactive for 60 days. .EXAMPLE Get-KeeperActionReport -Target locked -ApplyAction delete -DryRun Preview deleting locked users without executing. .EXAMPLE Get-KeeperActionReport -Target no-logon -ApplyAction lock -Node "Sales" Lock inactive users in the Sales node. .EXAMPLE Get-KeeperActionReport -Target locked -ApplyAction transfer -TargetUser admin@company.com Transfer locked user accounts to admin@company.com. .EXAMPLE Get-KeeperActionReport -Target invited -DaysSince 14 -Format csv -Output "invited_users.csv" Export invited users older than 14 days to CSV. #> [CmdletBinding()] Param( [Parameter(Position = 0)] [ValidateSet('no-logon', 'no-update', 'locked', 'invited', 'no-recovery')] [string] $Target = 'no-logon', [Parameter()] [int] $DaysSince, [Parameter()] [string] $Node, [Parameter()] [ValidateSet('none', 'lock', 'delete', 'transfer')] [string] $ApplyAction = 'none', [Parameter()] [string] $TargetUser, [Parameter()] [switch] $DryRun, [Parameter()] [switch] $Force, [Parameter()] [string] $Columns, [Parameter()] [ValidateSet('table', 'csv', 'json')] [string] $Format = 'table', [Parameter()] [string] $Output, [Parameter()] [switch] $SyntaxHelp ) if ($SyntaxHelp) { Write-ActionReportSyntaxHelp return } try { [Enterprise]$enterprise = getEnterprise } catch { Write-Error "Failed to load enterprise context: $($_.Exception.Message)" -ErrorAction Stop } $auth = $enterprise.loader.Auth if ($ApplyAction -eq 'transfer' -and [string]::IsNullOrEmpty($TargetUser)) { Write-Error "-TargetUser is required when using -ApplyAction transfer" -ErrorAction Stop } $allowedActionsMap = @{ 'no-logon' = @('none', 'lock') 'no-update' = @('none') 'locked' = @('none', 'delete', 'transfer') 'invited' = @('none', 'delete') 'no-recovery' = @('none') } if ($ApplyAction -ne 'none') { $allowed = $allowedActionsMap[$Target] if ($ApplyAction -notin $allowed) { Write-Error "Action '$ApplyAction' is not allowed for target '$Target'. Allowed: $($allowed -join ', ')" -ErrorAction Stop } } $targetStatusMap = @{ 'no-logon' = [KeeperSecurity.Enterprise.ActionReportTargetStatus]::NoLogon 'no-update' = [KeeperSecurity.Enterprise.ActionReportTargetStatus]::NoUpdate 'locked' = [KeeperSecurity.Enterprise.ActionReportTargetStatus]::Locked 'invited' = [KeeperSecurity.Enterprise.ActionReportTargetStatus]::Invited 'no-recovery' = [KeeperSecurity.Enterprise.ActionReportTargetStatus]::NoRecovery } $adminActionMap = @{ 'none' = [KeeperSecurity.Enterprise.ActionReportAdminAction]::None 'lock' = [KeeperSecurity.Enterprise.ActionReportAdminAction]::Lock 'delete' = [KeeperSecurity.Enterprise.ActionReportAdminAction]::Delete 'transfer' = [KeeperSecurity.Enterprise.ActionReportAdminAction]::Transfer } $options = New-Object KeeperSecurity.Enterprise.ActionReportOptions $options.TargetStatus = $targetStatusMap[$Target] $options.Node = $Node $options.TargetUser = $TargetUser $options.DryRun = [bool]$DryRun $options.Force = [bool]$Force if ($PSBoundParameters.ContainsKey('DaysSince')) { $options.DaysSince = $DaysSince } $effectiveDays = if ($PSBoundParameters.ContainsKey('DaysSince')) { $DaysSince } else { if ($Target -eq 'locked') { 90 } else { 30 } } $needsConfirmation = $ApplyAction -in @('delete', 'transfer') -and -not $Force -and -not $DryRun $actionCancelled = $false $invokeReport = { param($opts) [KeeperSecurity.Enterprise.ActionReportExtensions]::RunActionReport( $enterprise.enterpriseData, $auth, $opts, $enterprise.roleData ).GetAwaiter().GetResult() } $syncEnterprise = { try { $enterprise.loader.Load().GetAwaiter().GetResult() | Out-Null } catch { Write-Warning "Failed to sync enterprise data: $($_.Exception.Message)" } } if ($needsConfirmation) { $options.ApplyAction = [KeeperSecurity.Enterprise.ActionReportAdminAction]::None } else { $options.ApplyAction = $adminActionMap[$ApplyAction] } try { $result = & $invokeReport $options } catch { Write-Error "Failed to run action report: $($_.Exception.Message)" -ErrorAction Stop } if (-not [string]::IsNullOrEmpty($result.ErrorMessage)) { Write-Error "Action report error: $($result.ErrorMessage)" -ErrorAction Stop } if ($needsConfirmation -and $result.Users.Count -gt 0) { Write-Host "" Write-Host "ALERT!" -ForegroundColor Red Write-Host "" Write-Host "You are about to $ApplyAction the following accounts:" $idx = 1 foreach ($u in ($result.Users | Sort-Object -Property Username)) { Write-Host "$idx) $($u.Username)" $idx++ } Write-Host "" Write-Host "This action cannot be undone." Write-Host "" $confirmation = Read-Host "Do you wish to proceed? (y/n)" if ($confirmation -notin @('y', 'yes')) { $actionCancelled = $true } else { $options.ApplyAction = $adminActionMap[$ApplyAction] $options.Force = $true try { $actionResult = & $invokeReport $options $result.ActionApplied = $actionResult.ActionApplied $result.ActionStatus = $actionResult.ActionStatus $result.AffectedCount = $actionResult.AffectedCount if (-not [string]::IsNullOrEmpty($actionResult.ErrorMessage)) { Write-Warning "Action error: $($actionResult.ErrorMessage)" } } catch { Write-Warning "Failed to apply action: $($_.Exception.Message)" } & $syncEnterprise } } elseif (-not $needsConfirmation -and $ApplyAction -ne 'none' -and -not $DryRun -and $result.Users.Count -gt 0) { & $syncEnterprise } $statusDescMap = @{ 'no-logon' = 'No-logon' 'no-update' = 'No-update' 'locked' = 'Locked' 'invited' = 'Invited' 'no-recovery' = 'No-recovery' } Write-Host "" Write-Host "Admin Action Taken:" if ($actionCancelled -or $ApplyAction -eq 'none') { $reason = if ($actionCancelled) { "Cancelled by user" } else { "No action specified" } Write-Host "`tCOMMAND: NONE ($reason)" Write-Host "`tSTATUS: n/a" Write-Host "`tSERVER MESSAGE: n/a" Write-Host "`tAFFECTED: 0" } else { $actionApplied = if ($result.ActionApplied) { $result.ActionApplied } else { 'none' } $actionStatus = if ($result.ActionStatus) { $result.ActionStatus } else { 'n/a' } Write-Host "`tCOMMAND: $actionApplied" Write-Host "`tSTATUS: $actionStatus" Write-Host "`tSERVER MESSAGE: n/a" Write-Host "`tAFFECTED: $($result.AffectedCount)" } Write-Host "" Write-Host "Note: the following reflects data prior to any administrative action being applied" $statusDesc = $statusDescMap[$Target] $nodeInfo = if (-not [string]::IsNullOrEmpty($Node)) { " in Node `"$Node`"" } else { '' } Write-Host "$($result.Users.Count) User(s) With `"$statusDesc`" Status Older Than $effectiveDays Day(s)${nodeInfo}:" if ($result.Users.Count -eq 0) { Write-Host "" return } $enrichedUsers = [System.Collections.Generic.List[PSCustomObject]]::new() foreach ($user in $result.Users) { $teamUids = $enterprise.enterpriseData.GetTeamsForUser($user.UserId) $teamNames = [System.Collections.Generic.List[string]]::new() foreach ($uid in $teamUids) { $teamObj = $null if ($enterprise.enterpriseData.TryGetTeam($uid, [ref]$teamObj)) { $teamNames.Add($teamObj.Name) } } $roleNames = [System.Collections.Generic.List[string]]::new() foreach ($roleId in $enterprise.roleData.GetRolesForUser($user.UserId)) { $roleObj = $null if ($enterprise.roleData.TryGetRole($roleId, [ref]$roleObj)) { $roleNames.Add($roleObj.DisplayName) } } $euObj = $null $twoFa = $false if ($enterprise.enterpriseData.TryGetUserById($user.UserId, [ref]$euObj)) { $twoFa = $euObj.TwoFactorEnabled } $enrichedUsers.Add([PSCustomObject]@{ UserId = $user.UserId Username = $user.Username DisplayName = $user.DisplayName Status = $user.Status TransferStatus = $user.TransferStatus NodePath = $user.NodePath TwoFactorEnabled = $twoFa TeamCount = $teamUids.Length Teams = $teamNames RoleCount = $roleNames.Count Roles = $roleNames }) } $allColumns = [ordered]@{ 'user_id' = @{ Header = 'User ID'; Value = { param($u) $u.UserId } } 'email' = @{ Header = 'Email'; Value = { param($u) $u.Username } } 'name' = @{ Header = 'Name'; Value = { param($u) if ($u.DisplayName) { $u.DisplayName } else { '' } } } 'status' = @{ Header = 'Status'; Value = { param($u) $u.Status.ToString() } } 'transfer_status' = @{ Header = 'Transfer Status'; Value = { param($u) if ($u.TransferStatus) { $u.TransferStatus } else { '' } } } 'node' = @{ Header = 'Node'; Value = { param($u) if ($u.NodePath) { $u.NodePath } else { '' } } } '2fa_enabled' = @{ Header = '2FA Enabled'; Value = { param($u) $u.TwoFactorEnabled.ToString() } } 'team_count' = @{ Header = 'Team Count'; Value = { param($u) $u.TeamCount.ToString() } } 'teams' = @{ Header = 'Teams'; Value = { param($u) if ($u.Teams.Count) { $u.Teams -join ', ' } else { '' } } } 'role_count' = @{ Header = 'Role Count'; Value = { param($u) $u.RoleCount.ToString() } } 'roles' = @{ Header = 'Roles'; Value = { param($u) if ($u.Roles.Count) { $u.Roles -join ', ' } else { '' } } } } $defaultColumnKeys = @('user_id', 'email', 'name', 'status', 'transfer_status', 'node') if ([string]::IsNullOrEmpty($Columns)) { $selectedKeys = $defaultColumnKeys } else { $requestedKeys = $Columns.Split(',') | ForEach-Object { $_.Trim().ToLowerInvariant().Replace(' ', '_') } $invalidKeys = $requestedKeys | Where-Object { -not $allColumns.Contains($_) } if ($invalidKeys) { Write-Warning "Unsupported column(s): $($invalidKeys -join ', '). Supported: $($allColumns.Keys -join ', ')" } $selectedKeys = $requestedKeys | Where-Object { $allColumns.Contains($_) } if ('email' -notin $selectedKeys) { $selectedKeys = @('email') + $selectedKeys } } $sortedUsers = $enrichedUsers | Sort-Object -Property Username $rows = [System.Collections.Generic.List[PSCustomObject]]::new() foreach ($user in $sortedUsers) { $props = [ordered]@{} foreach ($key in $selectedKeys) { $colDef = $allColumns[$key] $props[$colDef.Header] = & $colDef.Value $user } $rows.Add([PSCustomObject]$props) } Write-ActionReportOutput -Rows $rows -Format $Format -Output $Output } function Script:Write-ActionReportOutput { param( [Parameter(Mandatory)] [System.Collections.Generic.List[PSCustomObject]] $Rows, [Parameter()] [string] $Format = 'table', [Parameter()] [string] $Output ) $content = $null switch ($Format) { 'json' { $content = $Rows | ConvertTo-Json -Depth 5 } 'csv' { $content = ($Rows | ConvertTo-Csv -NoTypeInformation) -join "`n" } default { if (-not [string]::IsNullOrEmpty($Output)) { $content = ($Rows | Format-Table -AutoSize | Out-String).Trim() } else { $Rows | Format-Table -AutoSize return } } } if (-not [string]::IsNullOrEmpty($Output)) { try { $content | Out-File -FilePath $Output -Encoding utf8 Write-Host "Report written to: $Output" } catch { Write-Error "Failed to write report to '$Output': $($_.Exception.Message)" } } else { Write-Output $content } } function Script:Write-ActionReportSyntaxHelp { Write-Host @" Action Report Command Syntax Description: This command generates a report of users based on their activity (or lack thereof) and can optionally apply administrative actions to those users. Target Statuses (-Target): no-logon Users who haven't logged in within the specified period Allowed actions: none, lock no-update Users who haven't added or updated records Allowed actions: none locked Users who have been locked for the specified period Allowed actions: none, delete, transfer invited Users who have been invited but haven't accepted Allowed actions: none, delete no-recovery Users who haven't set up account recovery Allowed actions: none Options: -Target <status> Target user status (default: no-logon) -DaysSince <days> Number of days since event (default: 30, or 90 for locked) -Node <name|id> Filter users by node (includes child nodes) -ApplyAction <action> Admin action: none, lock, delete, transfer -TargetUser <email> Target user for transfer action -DryRun Preview action without executing -Force Skip confirmation for destructive actions -Columns <cols> Columns to display (comma-separated) -Format <format> Output format: table, csv, json -Output <path> Write report to file Examples: Get-KeeperActionReport Users who haven't logged in (30 days) Get-KeeperActionReport -Target no-logon -DaysSince 60 Users inactive for 60 days Get-KeeperActionReport -Target locked -ApplyAction delete -DryRun Preview deleting locked users Get-KeeperActionReport -Target no-logon -ApplyAction lock -Node "Sales" Lock inactive users in Sales node Get-KeeperActionReport -Target locked -ApplyAction transfer -TargetUser admin@company.com Transfer locked user accounts action-report -Target invited -DaysSince 14 -Format csv -Output "invited.csv" Export invited users to CSV "@ } New-Alias -Name action-report -Value Get-KeeperActionReport # SIG # Begin signature block # MIInvgYJKoZIhvcNAQcCoIInrzCCJ6sCAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCBALTIVewvVONuC # sqQdqNHqDOwP7w5rVzXVpN1Eas4MMaCCITswggWNMIIEdaADAgECAhAOmxiO+dAt # 5+/bUOIIQBhaMA0GCSqGSIb3DQEBDAUAMGUxCzAJBgNVBAYTAlVTMRUwEwYDVQQK # EwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xJDAiBgNV # BAMTG0RpZ2lDZXJ0IEFzc3VyZWQgSUQgUm9vdCBDQTAeFw0yMjA4MDEwMDAwMDBa # Fw0zMTExMDkyMzU5NTlaMGIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2Vy # dCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xITAfBgNVBAMTGERpZ2lD # ZXJ0IFRydXN0ZWQgUm9vdCBHNDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC # ggIBAL/mkHNo3rvkXUo8MCIwaTPswqclLskhPfKK2FnC4SmnPVirdprNrnsbhA3E # MB/zG6Q4FutWxpdtHauyefLKEdLkX9YFPFIPUh/GnhWlfr6fqVcWWVVyr2iTcMKy # unWZanMylNEQRBAu34LzB4TmdDttceItDBvuINXJIB1jKS3O7F5OyJP4IWGbNOsF # xl7sWxq868nPzaw0QF+xembud8hIqGZXV59UWI4MK7dPpzDZVu7Ke13jrclPXuU1 # 5zHL2pNe3I6PgNq2kZhAkHnDeMe2scS1ahg4AxCN2NQ3pC4FfYj1gj4QkXCrVYJB # MtfbBHMqbpEBfCFM1LyuGwN1XXhm2ToxRJozQL8I11pJpMLmqaBn3aQnvKFPObUR # WBf3JFxGj2T3wWmIdph2PVldQnaHiZdpekjw4KISG2aadMreSx7nDmOu5tTvkpI6 # nj3cAORFJYm2mkQZK37AlLTSYW3rM9nF30sEAMx9HJXDj/chsrIRt7t/8tWMcCxB # YKqxYxhElRp2Yn72gLD76GSmM9GJB+G9t+ZDpBi4pncB4Q+UDCEdslQpJYls5Q5S # UUd0viastkF13nqsX40/ybzTQRESW+UQUOsxxcpyFiIJ33xMdT9j7CFfxCBRa2+x # q4aLT8LWRV+dIPyhHsXAj6KxfgommfXkaS+YHS312amyHeUbAgMBAAGjggE6MIIB # NjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTs1+OC0nFdZEzfLmc/57qYrhwP # TzAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYunpyGd823IDzAOBgNVHQ8BAf8EBAMC # AYYweQYIKwYBBQUHAQEEbTBrMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdp # Y2VydC5jb20wQwYIKwYBBQUHMAKGN2h0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNv # bS9EaWdpQ2VydEFzc3VyZWRJRFJvb3RDQS5jcnQwRQYDVR0fBD4wPDA6oDigNoY0 # aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0QXNzdXJlZElEUm9vdENB # LmNybDARBgNVHSAECjAIMAYGBFUdIAAwDQYJKoZIhvcNAQEMBQADggEBAHCgv0Nc # Vec4X6CjdBs9thbX979XB72arKGHLOyFXqkauyL4hxppVCLtpIh3bb0aFPQTSnov # Lbc47/T/gLn4offyct4kvFIDyE7QKt76LVbP+fT3rDB6mouyXtTP0UNEm0Mh65Zy # oUi0mcudT6cGAxN3J0TU53/oWajwvy8LpunyNDzs9wPHh6jSTEAZNUZqaVSwuKFW # juyk1T3osdz9HNj0d1pcVIxv76FQPfx2CWiEn2/K2yCNNWAcAgPLILCsWKAOQGPF # mCLBsln1VWvPJ6tsds5vIy30fnFqI2si/xK4VC0nftg62fC2h5b9W9FcrBjDTZ9z # twGpn1eqXijiuZQwggawMIIEmKADAgECAhAIrUCyYNKcTJ9ezam9k67ZMA0GCSqG # SIb3DQEBDAUAMGIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMx # GTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xITAfBgNVBAMTGERpZ2lDZXJ0IFRy # dXN0ZWQgUm9vdCBHNDAeFw0yMTA0MjkwMDAwMDBaFw0zNjA0MjgyMzU5NTlaMGkx # CzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5EaWdpQ2VydCwgSW5jLjFBMD8GA1UEAxM4 # RGlnaUNlcnQgVHJ1c3RlZCBHNCBDb2RlIFNpZ25pbmcgUlNBNDA5NiBTSEEzODQg # MjAyMSBDQTEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDVtC9C0Cit # eLdd1TlZG7GIQvUzjOs9gZdwxbvEhSYwn6SOaNhc9es0JAfhS0/TeEP0F9ce2vnS # 1WcaUk8OoVf8iJnBkcyBAz5NcCRks43iCH00fUyAVxJrQ5qZ8sU7H/Lvy0daE6ZM # swEgJfMQ04uy+wjwiuCdCcBlp/qYgEk1hz1RGeiQIXhFLqGfLOEYwhrMxe6TSXBC # Mo/7xuoc82VokaJNTIIRSFJo3hC9FFdd6BgTZcV/sk+FLEikVoQ11vkunKoAFdE3 # /hoGlMJ8yOobMubKwvSnowMOdKWvObarYBLj6Na59zHh3K3kGKDYwSNHR7OhD26j # q22YBoMbt2pnLdK9RBqSEIGPsDsJ18ebMlrC/2pgVItJwZPt4bRc4G/rJvmM1bL5 # OBDm6s6R9b7T+2+TYTRcvJNFKIM2KmYoX7BzzosmJQayg9Rc9hUZTO1i4F4z8ujo # 7AqnsAMrkbI2eb73rQgedaZlzLvjSFDzd5Ea/ttQokbIYViY9XwCFjyDKK05huzU # tw1T0PhH5nUwjewwk3YUpltLXXRhTT8SkXbev1jLchApQfDVxW0mdmgRQRNYmtwm # KwH0iU1Z23jPgUo+QEdfyYFQc4UQIyFZYIpkVMHMIRroOBl8ZhzNeDhFMJlP/2NP # TLuqDQhTQXxYPUez+rbsjDIJAsxsPAxWEQIDAQABo4IBWTCCAVUwEgYDVR0TAQH/ # BAgwBgEB/wIBADAdBgNVHQ4EFgQUaDfg67Y7+F8Rhvv+YXsIiGX0TkIwHwYDVR0j # BBgwFoAU7NfjgtJxXWRM3y5nP+e6mK4cD08wDgYDVR0PAQH/BAQDAgGGMBMGA1Ud # JQQMMAoGCCsGAQUFBwMDMHcGCCsGAQUFBwEBBGswaTAkBggrBgEFBQcwAYYYaHR0 # cDovL29jc3AuZGlnaWNlcnQuY29tMEEGCCsGAQUFBzAChjVodHRwOi8vY2FjZXJ0 # cy5kaWdpY2VydC5jb20vRGlnaUNlcnRUcnVzdGVkUm9vdEc0LmNydDBDBgNVHR8E # PDA6MDigNqA0hjJodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRUcnVz # dGVkUm9vdEc0LmNybDAcBgNVHSAEFTATMAcGBWeBDAEDMAgGBmeBDAEEATANBgkq # hkiG9w0BAQwFAAOCAgEAOiNEPY0Idu6PvDqZ01bgAhql+Eg08yy25nRm95RysQDK # r2wwJxMSnpBEn0v9nqN8JtU3vDpdSG2V1T9J9Ce7FoFFUP2cvbaF4HZ+N3HLIvda # qpDP9ZNq4+sg0dVQeYiaiorBtr2hSBh+3NiAGhEZGM1hmYFW9snjdufE5BtfQ/g+ # lP92OT2e1JnPSt0o618moZVYSNUa/tcnP/2Q0XaG3RywYFzzDaju4ImhvTnhOE7a # brs2nfvlIVNaw8rpavGiPttDuDPITzgUkpn13c5UbdldAhQfQDN8A+KVssIhdXNS # y0bYxDQcoqVLjc1vdjcshT8azibpGL6QB7BDf5WIIIJw8MzK7/0pNVwfiThV9zeK # iwmhywvpMRr/LhlcOXHhvpynCgbWJme3kuZOX956rEnPLqR0kq3bPKSchh/jwVYb # KyP/j7XqiHtwa+aguv06P0WmxOgWkVKLQcBIhEuWTatEQOON8BUozu3xGFYHKi8Q # xAwIZDwzj64ojDzLj4gLDb879M4ee47vtevLt/B3E+bnKD+sEq6lLyJsQfmCXBVm # zGwOysWGw/YmMwwHS6DTBwJqakAwSEs0qFEgu60bhQjiWQ1tygVQK+pKHJ6l/aCn # HwZ05/LWUpD9r4VIIflXO7ScA+2GRfS0YW6/aOImYIbqyK+p/pQd52MbOoZWeE4w # gga0MIIEnKADAgECAhANx6xXBf8hmS5AQyIMOkmGMA0GCSqGSIb3DQEBCwUAMGIx # CzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3 # dy5kaWdpY2VydC5jb20xITAfBgNVBAMTGERpZ2lDZXJ0IFRydXN0ZWQgUm9vdCBH # NDAeFw0yNTA1MDcwMDAwMDBaFw0zODAxMTQyMzU5NTlaMGkxCzAJBgNVBAYTAlVT # MRcwFQYDVQQKEw5EaWdpQ2VydCwgSW5jLjFBMD8GA1UEAxM4RGlnaUNlcnQgVHJ1 # c3RlZCBHNCBUaW1lU3RhbXBpbmcgUlNBNDA5NiBTSEEyNTYgMjAyNSBDQTEwggIi # MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC0eDHTCphBcr48RsAcrHXbo0Zo # dLRRF51NrY0NlLWZloMsVO1DahGPNRcybEKq+RuwOnPhof6pvF4uGjwjqNjfEvUi # 6wuim5bap+0lgloM2zX4kftn5B1IpYzTqpyFQ/4Bt0mAxAHeHYNnQxqXmRinvuNg # xVBdJkf77S2uPoCj7GH8BLuxBG5AvftBdsOECS1UkxBvMgEdgkFiDNYiOTx4OtiF # cMSkqTtF2hfQz3zQSku2Ws3IfDReb6e3mmdglTcaarps0wjUjsZvkgFkriK9tUKJ # m/s80FiocSk1VYLZlDwFt+cVFBURJg6zMUjZa/zbCclF83bRVFLeGkuAhHiGPMvS # GmhgaTzVyhYn4p0+8y9oHRaQT/aofEnS5xLrfxnGpTXiUOeSLsJygoLPp66bkDX1 # ZlAeSpQl92QOMeRxykvq6gbylsXQskBBBnGy3tW/AMOMCZIVNSaz7BX8VtYGqLt9 # MmeOreGPRdtBx3yGOP+rx3rKWDEJlIqLXvJWnY0v5ydPpOjL6s36czwzsucuoKs7 # Yk/ehb//Wx+5kMqIMRvUBDx6z1ev+7psNOdgJMoiwOrUG2ZdSoQbU2rMkpLiQ6bG # RinZbI4OLu9BMIFm1UUl9VnePs6BaaeEWvjJSjNm2qA+sdFUeEY0qVjPKOWug/G6 # X5uAiynM7Bu2ayBjUwIDAQABo4IBXTCCAVkwEgYDVR0TAQH/BAgwBgEB/wIBADAd # BgNVHQ4EFgQU729TSunkBnx6yuKQVvYv1Ensy04wHwYDVR0jBBgwFoAU7NfjgtJx # XWRM3y5nP+e6mK4cD08wDgYDVR0PAQH/BAQDAgGGMBMGA1UdJQQMMAoGCCsGAQUF # BwMIMHcGCCsGAQUFBwEBBGswaTAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGln # aWNlcnQuY29tMEEGCCsGAQUFBzAChjVodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5j # b20vRGlnaUNlcnRUcnVzdGVkUm9vdEc0LmNydDBDBgNVHR8EPDA6MDigNqA0hjJo # dHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRUcnVzdGVkUm9vdEc0LmNy # bDAgBgNVHSAEGTAXMAgGBmeBDAEEAjALBglghkgBhv1sBwEwDQYJKoZIhvcNAQEL # BQADggIBABfO+xaAHP4HPRF2cTC9vgvItTSmf83Qh8WIGjB/T8ObXAZz8OjuhUxj # aaFdleMM0lBryPTQM2qEJPe36zwbSI/mS83afsl3YTj+IQhQE7jU/kXjjytJgnn0 # hvrV6hqWGd3rLAUt6vJy9lMDPjTLxLgXf9r5nWMQwr8Myb9rEVKChHyfpzee5kH0 # F8HABBgr0UdqirZ7bowe9Vj2AIMD8liyrukZ2iA/wdG2th9y1IsA0QF8dTXqvcnT # mpfeQh35k5zOCPmSNq1UH410ANVko43+Cdmu4y81hjajV/gxdEkMx1NKU4uHQcKf # ZxAvBAKqMVuqte69M9J6A47OvgRaPs+2ykgcGV00TYr2Lr3ty9qIijanrUR3anzE # wlvzZiiyfTPjLbnFRsjsYg39OlV8cipDoq7+qNNjqFzeGxcytL5TTLL4ZaoBdqbh # OhZ3ZRDUphPvSRmMThi0vw9vODRzW6AxnJll38F0cuJG7uEBYTptMSbhdhGQDpOX # gpIUsWTjd6xpR6oaQf/DJbg3s6KCLPAlZ66RzIg9sC+NJpud/v4+7RWsWCiKi9EO # LLHfMR2ZyJ/+xhCx9yHbxtl5TPau1j/1MIDpMPx0LckTetiSuEtQvLsNz3Qbp7wG # WqbIiOWCnb5WqxL3/BAPvIXKUjPSxyZsq8WhbaM2tszWkPZPubdcMIIG7TCCBNWg # AwIBAgIQCoDvGEuN8QWC0cR2p5V0aDANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQG # EwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xQTA/BgNVBAMTOERpZ2lDZXJ0 # IFRydXN0ZWQgRzQgVGltZVN0YW1waW5nIFJTQTQwOTYgU0hBMjU2IDIwMjUgQ0Ex # MB4XDTI1MDYwNDAwMDAwMFoXDTM2MDkwMzIzNTk1OVowYzELMAkGA1UEBhMCVVMx # FzAVBgNVBAoTDkRpZ2lDZXJ0LCBJbmMuMTswOQYDVQQDEzJEaWdpQ2VydCBTSEEy # NTYgUlNBNDA5NiBUaW1lc3RhbXAgUmVzcG9uZGVyIDIwMjUgMTCCAiIwDQYJKoZI # hvcNAQEBBQADggIPADCCAgoCggIBANBGrC0Sxp7Q6q5gVrMrV7pvUf+GcAoB38o3 # zBlCMGMyqJnfFNZx+wvA69HFTBdwbHwBSOeLpvPnZ8ZN+vo8dE2/pPvOx/Vj8Tch # TySA2R4QKpVD7dvNZh6wW2R6kSu9RJt/4QhguSssp3qome7MrxVyfQO9sMx6ZAWj # FDYOzDi8SOhPUWlLnh00Cll8pjrUcCV3K3E0zz09ldQ//nBZZREr4h/GI6Dxb2Uo # yrN0ijtUDVHRXdmncOOMA3CoB/iUSROUINDT98oksouTMYFOnHoRh6+86Ltc5zjP # KHW5KqCvpSduSwhwUmotuQhcg9tw2YD3w6ySSSu+3qU8DD+nigNJFmt6LAHvH3KS # uNLoZLc1Hf2JNMVL4Q1OpbybpMe46YceNA0LfNsnqcnpJeItK/DhKbPxTTuGoX7w # JNdoRORVbPR1VVnDuSeHVZlc4seAO+6d2sC26/PQPdP51ho1zBp+xUIZkpSFA8vW # doUoHLWnqWU3dCCyFG1roSrgHjSHlq8xymLnjCbSLZ49kPmk8iyyizNDIXj//cOg # rY7rlRyTlaCCfw7aSUROwnu7zER6EaJ+AliL7ojTdS5PWPsWeupWs7NpChUk555K # 096V1hE0yZIXe+giAwW00aHzrDchIc2bQhpp0IoKRR7YufAkprxMiXAJQ1XCmnCf # gPf8+3mnAgMBAAGjggGVMIIBkTAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTkO/zy # Me39/dfzkXFjGVBDz2GM6DAfBgNVHSMEGDAWgBTvb1NK6eQGfHrK4pBW9i/USezL # TjAOBgNVHQ8BAf8EBAMCB4AwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwgwgZUGCCsG # AQUFBwEBBIGIMIGFMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5j # b20wXQYIKwYBBQUHMAKGUWh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdp # Q2VydFRydXN0ZWRHNFRpbWVTdGFtcGluZ1JTQTQwOTZTSEEyNTYyMDI1Q0ExLmNy # dDBfBgNVHR8EWDBWMFSgUqBQhk5odHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGln # aUNlcnRUcnVzdGVkRzRUaW1lU3RhbXBpbmdSU0E0MDk2U0hBMjU2MjAyNUNBMS5j # cmwwIAYDVR0gBBkwFzAIBgZngQwBBAIwCwYJYIZIAYb9bAcBMA0GCSqGSIb3DQEB # CwUAA4ICAQBlKq3xHCcEua5gQezRCESeY0ByIfjk9iJP2zWLpQq1b4URGnwWBdEZ # D9gBq9fNaNmFj6Eh8/YmRDfxT7C0k8FUFqNh+tshgb4O6Lgjg8K8elC4+oWCqnU/ # ML9lFfim8/9yJmZSe2F8AQ/UdKFOtj7YMTmqPO9mzskgiC3QYIUP2S3HQvHG1FDu # +WUqW4daIqToXFE/JQ/EABgfZXLWU0ziTN6R3ygQBHMUBaB5bdrPbF6MRYs03h4o # bEMnxYOX8VBRKe1uNnzQVTeLni2nHkX/QqvXnNb+YkDFkxUGtMTaiLR9wjxUxu2h # ECZpqyU1d0IbX6Wq8/gVutDojBIFeRlqAcuEVT0cKsb+zJNEsuEB7O7/cuvTQasn # M9AWcIQfVjnzrvwiCZ85EE8LUkqRhoS3Y50OHgaY7T/lwd6UArb+BOVAkg2oOvol # /DJgddJ35XTxfUlQ+8Hggt8l2Yv7roancJIFcbojBcxlRcGG0LIhp6GvReQGgMgY # xQbV1S3CrWqZzBt1R9xJgKf47CdxVRd/ndUlQ05oxYy2zRWVFjF7mcr4C34Mj3oc # CVccAvlKV9jEnstrniLvUxxVZE/rptb7IRE2lskKPIJgbaP5t2nGj/ULLi49xTcB # ZU8atufk+EMF/cWuiC7POGT75qaL6vdCvHlshtjdNXOCIUjsarfNZzCCB0kwggUx # oAMCAQICEAe0P3SLJmcoVNrErUyxTt0wDQYJKoZIhvcNAQELBQAwaTELMAkGA1UE # BhMCVVMxFzAVBgNVBAoTDkRpZ2lDZXJ0LCBJbmMuMUEwPwYDVQQDEzhEaWdpQ2Vy # dCBUcnVzdGVkIEc0IENvZGUgU2lnbmluZyBSU0E0MDk2IFNIQTM4NCAyMDIxIENB # MTAeFw0yNTEyMzEwMDAwMDBaFw0yOTAxMDIyMzU5NTlaMIHRMRMwEQYLKwYBBAGC # NzwCAQMTAlVTMRkwFwYLKwYBBAGCNzwCAQITCERlbGF3YXJlMR0wGwYDVQQPDBRQ # cml2YXRlIE9yZ2FuaXphdGlvbjEQMA4GA1UEBRMHMzQwNzk4NTELMAkGA1UEBhMC # VVMxETAPBgNVBAgTCElsbGlub2lzMRAwDgYDVQQHEwdDaGljYWdvMR0wGwYDVQQK # ExRLZWVwZXIgU2VjdXJpdHkgSW5jLjEdMBsGA1UEAxMUS2VlcGVyIFNlY3VyaXR5 # IEluYy4wggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQCUcNMoSVmxAi0a # vG+StFJMNFFTUIOo3HdBZ+0gqA1XpNgUx11vB1vCZrvFsD9m5oA58tdp4gZN3LmQ # aMvCl2ANUT7MilI02Hf1RWlygBzon6iE0GpU3lgRrwrk1dhtLpGsR6dbMKUUHprc # vKpXk90/VN+vhzY1uik1tCTxkDCPu/AYJg7m9+tR2KqvMuYMaMLhii66eWUAGsBC # h/uZxjkGoJF6qZ0DgFd7rW7VYljbfYSNPeZNGTDgB0J/wOsKl0mn612DTseIvAKt # 4vra/FLFukyEyStnfQ8lWYDcLLCMCjNVrzGipmT5E2iyx7Y1RZCIpNwVogp3Ixbk # Gbq5A/41YNOLLd4cFewyB2F037RevBCRsUODZEt1qBf7Jbu3DiYo1G+zTj9E0R1s # FzyijcfdsTm6X5ble+yCJeGkX5XgsyPnZpyz/FX9Fr0N9pMPGWwW2PKyHEnSytXm # 0Dxdq2P4mA4CBUxq7YoV26L2PF6QEh9BQdXTPcnLysUv7SI/a0ECAwEAAaOCAgIw # ggH+MB8GA1UdIwQYMBaAFGg34Ou2O/hfEYb7/mF7CIhl9E5CMB0GA1UdDgQWBBRG # 4H6CH8pvNX632bsdnrda4MtJLDA9BgNVHSAENjA0MDIGBWeBDAEDMCkwJwYIKwYB # BQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAOBgNVHQ8BAf8EBAMC # B4AwEwYDVR0lBAwwCgYIKwYBBQUHAwMwgbUGA1UdHwSBrTCBqjBToFGgT4ZNaHR0 # cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0VHJ1c3RlZEc0Q29kZVNpZ25p # bmdSU0E0MDk2U0hBMzg0MjAyMUNBMS5jcmwwU6BRoE+GTWh0dHA6Ly9jcmw0LmRp # Z2ljZXJ0LmNvbS9EaWdpQ2VydFRydXN0ZWRHNENvZGVTaWduaW5nUlNBNDA5NlNI # QTM4NDIwMjFDQTEuY3JsMIGUBggrBgEFBQcBAQSBhzCBhDAkBggrBgEFBQcwAYYY # aHR0cDovL29jc3AuZGlnaWNlcnQuY29tMFwGCCsGAQUFBzAChlBodHRwOi8vY2Fj # ZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRUcnVzdGVkRzRDb2RlU2lnbmluZ1JT # QTQwOTZTSEEzODQyMDIxQ0ExLmNydDAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUA # A4ICAQA1Wlq0WzJa3N6DgjgBU7nagIJBab1prPARXZreX1MOv9VjnS5o0CrfQLr6 # z3bmWHw7xT8dt6bcSwRixqvPJtv4q8Rvo80O3eUMvMxQzqmi7z1zf+HG+/3G4F+2 # IYegvPc8Ui151XCV9rjA8tvFWRLRMX0ZRxY1zfT027HMw0iYL20z44+Cky//FAnL # iRwoNDGiRkZiHbB9YOftPAYNMG3gm1z3zOW5RdfKPrqvMuijE+dfyLIAA6Immpzu # FMH+Wgn8NnSlot9b4YKycaqqdjd7wXDjPub/oQ7VShuCSBWj+UNOTVh0vcZGackc # H1DLVgwp2dcKlxJiQKtkHT/T6LloY6LTe6+8wkVkr8EAv1W+q/+M1a4Ao+ykFbIA # 2LBEmA9qdgoLtenAYIiEg+48SjMPgyBbVPE3bhL1vIqjEIxYCfdmi6wx33oYX7HB # +bJ7zitHw4GgtpfPV8y8QRZImKmeDOKyXjQPDmQM/Eglm/Ns0GzBkVXM8h6UI34b # WZrHz9sbLSE20m5Svmxftvw5zju+I3WsmS/stNfWlOkwU0niUgwPHaz21kjXEA5A # g+aqv26wodqZcnGOlChoWDvSJ8KKgdOFbeAYKAMp1NY7iWV315zpGH19RipCR1NH # 0ND8iIubk3WGNf2rzEfqlOi3h2ywqVkU6AKXHdO5JV4otSKKEDGCBdkwggXVAgEB # MH0waTELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDkRpZ2lDZXJ0LCBJbmMuMUEwPwYD # VQQDEzhEaWdpQ2VydCBUcnVzdGVkIEc0IENvZGUgU2lnbmluZyBSU0E0MDk2IFNI # QTM4NCAyMDIxIENBMQIQB7Q/dIsmZyhU2sStTLFO3TANBglghkgBZQMEAgEFAKCB # hDAYBgorBgEEAYI3AgEMMQowCKACgAChAoAAMBkGCSqGSIb3DQEJAzEMBgorBgEE # AYI3AgEEMBwGCisGAQQBgjcCAQsxDjAMBgorBgEEAYI3AgEVMC8GCSqGSIb3DQEJ # BDEiBCANnYN9cM5Ar42WEhFHeBvLGkc7zaW9S/aQug1tmk0AvzANBgkqhkiG9w0B # AQEFAASCAYAx4N1SaH5DFbMkIyzFCDSk5SxuRMJBZaHy7dQUnMDsmh2NrJYWiCTJ # y1m5tPInM+b/ILhb1lqmYE/dahgVRQEKXTuBKlgYijrDbo2R+7HBO/YcQGMr5uPc # hhzA8ezRfUCdqodUnPpQ8LHEp28zFiFZ1rR+pkv5+9DaNZ4yQ/mQ6ZT0xeiHcQ4o # kltl8bSYvp0LkW5XqWZCTFvGrIu/rajeM5S4SY+NBw0YroN8WWDabhWOI8fVhCqc # 9jtMMrLwtr/mwa696pEkk+B3vO03VCIW1mS6AMOZodovVzawgHjjNPC+Jl/cJneV # S7CAclGfQJeH+vsqt32cHrUxWNZv4DGn3P6X1D43BgNx1fIDTDAegUejs63Opbch # 7DugUTZ/WKerxeulmGIz5XMqjorJGbej4bv2Nt5x3061a5EBA0HWs5tW9824RuNY # KuuXOQKWf0R4frrf2qyZTH4+URwcp0nW5EnsaOEvaSo5sNZN4zTuc8R3sCWmYum8 # kJLzV+ipo9qhggMmMIIDIgYJKoZIhvcNAQkGMYIDEzCCAw8CAQEwfTBpMQswCQYD # VQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xQTA/BgNVBAMTOERpZ2lD # ZXJ0IFRydXN0ZWQgRzQgVGltZVN0YW1waW5nIFJTQTQwOTYgU0hBMjU2IDIwMjUg # Q0ExAhAKgO8YS43xBYLRxHanlXRoMA0GCWCGSAFlAwQCAQUAoGkwGAYJKoZIhvcN # AQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMjYwNTA1MTgxNzEwWjAv # BgkqhkiG9w0BCQQxIgQgCV4W+ICydpblym7VD3qep44dfw9l/IeZmVSXIN15ch8w # DQYJKoZIhvcNAQEBBQAEggIAv2gd5NNwGN8k2/2eJXfSas+GR/K4md+0H2zDtW+H # trbSSyNQka1uPS0lc1OYtMnWssa0/8RZ1/FpTzM5nDobYFZGDz60omuShL5sisuH # zMBL/WBUOg2CrToM/akcKAGSZuUiBP+pz2dNMH1RPjmD1ScFWI1frc7LOHpETmaU # vnWVPrW2oqJ28s9hZLjq5WDdlpOeiTx/JOAFgO4jE1E2WdTzk+PvdEhb9C4kq9aD # yPvjhDzNfNQWGWGUBJscKBJn/sBuL7iD9MHR0nlFvuQugz3trSLTjYv+AxAfoUnB # 8RFzde0mYDLtuuTHy48UbADclmaCcS9U+1j9RTJF352NwmXRIu1S/wJoyC7rN+EQ # a8oiqEcK8TnedodYfr8N6s146TLzzk08c474r6bF7bJ3A+zLTkiUXDZ1uARQoXos # llD1t86pA8rXqXYeueQMDZWiu+MeJ9tm/OdVR7hWr7h4c9NXq9UIlq7wQlzdF8Y4 # jbU4wUidGU3Lnr3lP6U1m9bHFy8q3Ujl8zN31oIgFhX/eOAq3C6tOaKNFaXb2Y7/ # 5DmIYkJy3UHMx8io+osYHPRCwlF8FA2un0sHLCzvIx9qNCS0xA51TgvxhpHjM4gK # WJyfzNj4MPgjopwccaBMmXp4DNlDErCOVyT0J9KCWM/p0vxDBoJxPWRlNUNko46v # YCs= # SIG # End signature block |