EPM/Approval.ps1
|
$script:StatusApproved = ([KeeperSecurity.Plugins.EPM.EpmApprovalStatus]::Approved).ToString().ToUpperInvariant() $script:StatusDenied = ([KeeperSecurity.Plugins.EPM.EpmApprovalStatus]::Denied).ToString().ToUpperInvariant() $script:StatusExpired = ([KeeperSecurity.Plugins.EPM.EpmApprovalStatus]::Expired).ToString().ToUpperInvariant() function script:ConvertFrom-KeeperEpmApprovalField { Param ([byte[]] $FieldData) if ($null -eq $FieldData -or $FieldData.Length -eq 0) { return '' } try { $text = [System.Text.Encoding]::UTF8.GetString($FieldData) $nonPrintable = 0 foreach ($ch in $text.ToCharArray()) { if ([char]::IsControl($ch) -and $ch -ne "`n" -and $ch -ne "`r" -and $ch -ne "`t") { $nonPrintable++ } } $ratio = if ($text.Length -gt 0) { ($nonPrintable * 100.0 / $text.Length) } else { 100 } if ($ratio -lt 10) { try { $json = $text | ConvertFrom-Json -ErrorAction Stop if ($null -ne $json) { $properties = @($json.PSObject.Properties) if ($properties.Count -gt 0) { $take = [Math]::Min(3, $properties.Count) $parts = [System.Collections.Generic.List[string]]::new() for ($i = 0; $i -lt $take; $i++) { $property = $properties[$i] $parts.Add("$($property.Name): $($property.Value)") } $result = $parts -join ', ' if ($properties.Count -gt 3) { $result += '...' } return $result } } } catch { } if ($text.Length -gt 50) { return $text.Substring(0, 47) + '...' } return $text } } catch { } return "(encrypted, $($FieldData.Length) bytes)" } function script:ConvertFrom-KeeperEpmTimestamp { Param ([long] $Timestamp) if ($Timestamp -le 0) { return [DateTimeOffset]::MinValue } return [DateTimeOffset]::FromUnixTimeMilliseconds($Timestamp) } function script:Get-KeeperEpmApprovalStatusInt { Param ( [Parameter(Mandatory = $true)] $Plugin, [string] $ApprovalUid ) if ([string]::IsNullOrEmpty($ApprovalUid)) { return 0 } try { $s = $Plugin.GetApprovalStatus($ApprovalUid) if ($null -eq $s) { return 0 } return [int]$s } catch { return 0 } } function script:Get-KeeperEpmApprovalStatusDisplay { Param ( [Parameter(Mandatory = $true)] $Plugin, [string] $ApprovalUid ) $statusInt = Get-KeeperEpmApprovalStatusInt -Plugin $Plugin -ApprovalUid $ApprovalUid $enumType = [KeeperSecurity.Plugins.EPM.EpmApprovalStatus] if ([System.Enum]::IsDefined($enumType, $statusInt)) { return ([KeeperSecurity.Plugins.EPM.EpmApprovalStatus]$statusInt).ToString().ToUpperInvariant() } return 'UNKNOWN' } function script:Get-KeeperEpmApprovalTypeName { Param ([int] $ApprovalType) $enumType = [KeeperSecurity.Plugins.EPM.EpmApprovalType] if ([System.Enum]::IsDefined($enumType, $ApprovalType)) { return ([KeeperSecurity.Plugins.EPM.EpmApprovalType]$ApprovalType).ToString() } return 'Other' } function Get-KeeperEpmApprovalList { <# .Synopsis List EPM/PEDM approval requests. .Parameter Type Filter by approval status: approved, denied, pending, expired, escalated. If omitted, lists all approvals. #> [CmdletBinding()] Param ( [Parameter()] [ValidateSet('approved', 'denied', 'pending', 'expired', 'escalated')] [string] $Type ) $plugin = ensureEpmPlugin if (-not $plugin) { Write-Error -Message "EPM plugin is not available. Enterprise admin access is required." -ErrorAction Stop } $approvals = @($plugin.Approvals.GetAll()) $rows = foreach ($appr in ($approvals | Sort-Object -Property ApprovalUid)) { $status = Get-KeeperEpmApprovalStatusDisplay -Plugin $plugin -ApprovalUid $appr.ApprovalUid [PSCustomObject]@{ 'Approval UID' = $appr.ApprovalUid 'Approval Type' = Get-KeeperEpmApprovalTypeName -ApprovalType $appr.ApprovalType 'Status' = $status 'Agent UID' = if ($appr.AgentUid) { $appr.AgentUid } else { '' } 'Account Info' = ConvertFrom-KeeperEpmApprovalField -FieldData $appr.AccountInfo 'Application Info' = ConvertFrom-KeeperEpmApprovalField -FieldData $appr.ApplicationInfo 'Justification' = ConvertFrom-KeeperEpmApprovalField -FieldData $appr.Justification 'Expire In' = if ($appr.ExpireIn -gt 0) { $appr.ExpireIn } else { '' } 'Created' = (ConvertFrom-KeeperEpmTimestamp -Timestamp $appr.Created).ToString('yyyy-MM-dd HH:mm:ss') } } if (-not [string]::IsNullOrEmpty($Type)) { $filterType = $Type.ToUpperInvariant() $rows = @($rows | Where-Object { $_.'Status' -eq $filterType }) } if ($rows.Count -eq 0) { if (-not [string]::IsNullOrEmpty($Type)) { Write-Output "No $Type approvals found." } else { Write-Output 'No approvals found.' } return } $rows | Format-Table -AutoSize } function Get-KeeperEpmApproval { <# .Synopsis View a single EPM approval by UID. .Parameter ApprovalUid The approval record UID. #> [CmdletBinding()] Param ( [Parameter(Mandatory = $true, Position = 0)] [string] $ApprovalUid ) $plugin = ensureEpmPlugin if (-not $plugin) { Write-Error -Message "EPM plugin is not available. Enterprise admin access is required." -ErrorAction Stop } $approval = $plugin.Approvals.GetEntity($ApprovalUid) if (-not $approval) { Write-Error -Message "Approval '$ApprovalUid' not found." -ErrorAction Stop } $status = Get-KeeperEpmApprovalStatusDisplay -Plugin $plugin -ApprovalUid $ApprovalUid $typeName = Get-KeeperEpmApprovalTypeName -ApprovalType $approval.ApprovalType Write-Output "Approval: $ApprovalUid" Write-Output " Type: $typeName" Write-Output " Status: $status" Write-Output " Agent UID: $(if ($approval.AgentUid) { $approval.AgentUid } else { '' })" Write-Output " Account Info: $(ConvertFrom-KeeperEpmApprovalField -FieldData $approval.AccountInfo)" Write-Output " Application Info: $(ConvertFrom-KeeperEpmApprovalField -FieldData $approval.ApplicationInfo)" Write-Output " Justification: $(ConvertFrom-KeeperEpmApprovalField -FieldData $approval.Justification)" if ($approval.ExpireIn -gt 0) { Write-Output " Expire In: $($approval.ExpireIn)" } else { Write-Output ' Expire In: N/A' } Write-Output " Created: $((ConvertFrom-KeeperEpmTimestamp -Timestamp $approval.Created).ToString('yyyy-MM-dd HH:mm:ss'))" } function Approve-KeeperEpmApproval { <# .Synopsis Approve a pending EPM approval. .Parameter ApprovalUid The approval record UID. #> [CmdletBinding()] Param ( [Parameter(Mandatory = $true, Position = 0)] [string] $ApprovalUid ) $plugin = ensureEpmPlugin if (-not $plugin) { Write-Error -Message "EPM plugin is not available. Enterprise admin access is required." -ErrorAction Stop } $approval = $plugin.Approvals.GetEntity($ApprovalUid) if (-not $approval) { Write-Error -Message "Approval '$ApprovalUid' not found." -ErrorAction Stop } $currentStatus = Get-KeeperEpmApprovalStatusDisplay -Plugin $plugin -ApprovalUid $ApprovalUid if ($currentStatus -eq $script:StatusApproved) { Write-Error -Message "Approval '$ApprovalUid' is already $($script:StatusApproved). Cannot approve again." -ErrorAction Stop } if ($currentStatus -eq $script:StatusDenied) { Write-Error -Message "Approval '$ApprovalUid' is already $($script:StatusDenied). Cannot approve a denied request." -ErrorAction Stop } if ($currentStatus -eq $script:StatusExpired) { Write-Error -Message "Approval '$ApprovalUid' is $($script:StatusExpired). Cannot approve an expired request." -ErrorAction Stop } try { $approveStatus = $plugin.ModifyApprovals([string[]]@($ApprovalUid), $null, $null).GetAwaiter().GetResult() if ($approveStatus.AddErrors -and $approveStatus.AddErrors.Count -gt 0) { $err = $approveStatus.AddErrors[0] Write-Error -Message "Failed to approve `"$($err.EntityUid)`": $($err.Message)" -ErrorAction Stop } if ($approveStatus.UpdateErrors -and $approveStatus.UpdateErrors.Count -gt 0) { $err = $approveStatus.UpdateErrors[0] Write-Error -Message "Failed to approve `"$($err.EntityUid)`": $($err.Message)" -ErrorAction Stop } Write-Output "Approval '$ApprovalUid' approved." writeEpmModifyStatus -Status $approveStatus $plugin.SyncDown($false).GetAwaiter().GetResult() | Out-Null } catch { Write-Error -Message "Error approving approval: $($_.Exception.Message)" -ErrorAction Stop } } function Deny-KeeperEpmApproval { <# .Synopsis Deny a pending EPM approval. .Parameter ApprovalUid The approval record UID. #> [CmdletBinding()] Param ( [Parameter(Mandatory = $true, Position = 0)] [string] $ApprovalUid ) $plugin = ensureEpmPlugin if (-not $plugin) { Write-Error -Message "EPM plugin is not available. Enterprise admin access is required." -ErrorAction Stop } $approval = $plugin.Approvals.GetEntity($ApprovalUid) if (-not $approval) { Write-Error -Message "Approval '$ApprovalUid' not found." -ErrorAction Stop } $currentStatus = Get-KeeperEpmApprovalStatusDisplay -Plugin $plugin -ApprovalUid $ApprovalUid if ($currentStatus -eq $script:StatusDenied) { Write-Error -Message "Approval '$ApprovalUid' is already $($script:StatusDenied). Cannot deny again." -ErrorAction Stop } if ($currentStatus -eq $script:StatusApproved) { Write-Error -Message "Approval '$ApprovalUid' is already $($script:StatusApproved). Cannot deny an approved request." -ErrorAction Stop } if ($currentStatus -eq $script:StatusExpired) { Write-Error -Message "Approval '$ApprovalUid' is $($script:StatusExpired). Cannot deny an expired request." -ErrorAction Stop } try { $denyStatus = $plugin.ModifyApprovals($null, [string[]]@($ApprovalUid), $null).GetAwaiter().GetResult() if ($denyStatus.AddErrors -and $denyStatus.AddErrors.Count -gt 0) { $err = $denyStatus.AddErrors[0] Write-Error -Message "Failed to deny `"$($err.EntityUid)`": $($err.Message)" -ErrorAction Stop } if ($denyStatus.UpdateErrors -and $denyStatus.UpdateErrors.Count -gt 0) { $err = $denyStatus.UpdateErrors[0] Write-Error -Message "Failed to deny `"$($err.EntityUid)`": $($err.Message)" -ErrorAction Stop } Write-Output "Approval '$ApprovalUid' denied." writeEpmModifyStatus -Status $denyStatus $plugin.SyncDown($false).GetAwaiter().GetResult() | Out-Null } catch { Write-Error -Message "Error denying approval: $($_.Exception.Message)" -ErrorAction Stop } } function Remove-KeeperEpmApproval { <# .Synopsis Remove an EPM approval record. .Parameter ApprovalUid The approval record UID. .Parameter Force If set, skip confirmation prompt before delete. #> [CmdletBinding(SupportsShouldProcess = $true, ConfirmImpact = 'High')] Param ( [Parameter(Mandatory = $true, Position = 0)] [string] $ApprovalUid, [Parameter()] [switch] $Force ) $plugin = ensureEpmPlugin if (-not $plugin) { Write-Error -Message "EPM plugin is not available. Enterprise admin access is required." -ErrorAction Stop } $approval = $plugin.Approvals.GetEntity($ApprovalUid) if (-not $approval) { Write-Error -Message "Approval '$ApprovalUid' not found." -ErrorAction Stop } if (-not $Force -and -not $PSCmdlet.ShouldProcess("approval '$ApprovalUid'", "Remove")) { return } try { $removeStatus = $plugin.ModifyApprovals($null, $null, [string[]]@($ApprovalUid)).GetAwaiter().GetResult() if ($removeStatus.RemoveErrors -and $removeStatus.RemoveErrors.Count -gt 0) { $err = $removeStatus.RemoveErrors[0] Write-Error -Message "Failed to remove approval `"$($err.EntityUid)`": $($err.Message)" -ErrorAction Stop } if ($removeStatus.Remove -and $removeStatus.Remove.Count -gt 0) { Write-Output "Approval '$ApprovalUid' removed." } else { Write-Warning "Approval '$ApprovalUid' may not have been removed. Check server response." } writeEpmModifyStatus -Status $removeStatus $plugin.SyncDown($false).GetAwaiter().GetResult() | Out-Null } catch { Write-Error -Message "Error removing approval: $($_.Exception.Message)" -ErrorAction Stop } } New-Alias -Name kepm-approval-list -Value Get-KeeperEpmApprovalList -ErrorAction SilentlyContinue New-Alias -Name kepm-approval-view -Value Get-KeeperEpmApproval -ErrorAction SilentlyContinue New-Alias -Name kepm-approval-approve -Value Approve-KeeperEpmApproval -ErrorAction SilentlyContinue New-Alias -Name kepm-approval-deny -Value Deny-KeeperEpmApproval -ErrorAction SilentlyContinue New-Alias -Name kepm-approval-remove -Value Remove-KeeperEpmApproval -ErrorAction SilentlyContinue # SIG # Begin signature block # MIInvgYJKoZIhvcNAQcCoIInrzCCJ6sCAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCAUb3j5ZbvB2og1 # 5ppz03MRa1V8/hoZU4JHPo1B7dWvh6CCITswggWNMIIEdaADAgECAhAOmxiO+dAt # 5+/bUOIIQBhaMA0GCSqGSIb3DQEBDAUAMGUxCzAJBgNVBAYTAlVTMRUwEwYDVQQK # EwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xJDAiBgNV # BAMTG0RpZ2lDZXJ0IEFzc3VyZWQgSUQgUm9vdCBDQTAeFw0yMjA4MDEwMDAwMDBa # Fw0zMTExMDkyMzU5NTlaMGIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2Vy # dCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xITAfBgNVBAMTGERpZ2lD # ZXJ0IFRydXN0ZWQgUm9vdCBHNDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC # ggIBAL/mkHNo3rvkXUo8MCIwaTPswqclLskhPfKK2FnC4SmnPVirdprNrnsbhA3E # MB/zG6Q4FutWxpdtHauyefLKEdLkX9YFPFIPUh/GnhWlfr6fqVcWWVVyr2iTcMKy # unWZanMylNEQRBAu34LzB4TmdDttceItDBvuINXJIB1jKS3O7F5OyJP4IWGbNOsF # xl7sWxq868nPzaw0QF+xembud8hIqGZXV59UWI4MK7dPpzDZVu7Ke13jrclPXuU1 # 5zHL2pNe3I6PgNq2kZhAkHnDeMe2scS1ahg4AxCN2NQ3pC4FfYj1gj4QkXCrVYJB # MtfbBHMqbpEBfCFM1LyuGwN1XXhm2ToxRJozQL8I11pJpMLmqaBn3aQnvKFPObUR # WBf3JFxGj2T3wWmIdph2PVldQnaHiZdpekjw4KISG2aadMreSx7nDmOu5tTvkpI6 # nj3cAORFJYm2mkQZK37AlLTSYW3rM9nF30sEAMx9HJXDj/chsrIRt7t/8tWMcCxB # YKqxYxhElRp2Yn72gLD76GSmM9GJB+G9t+ZDpBi4pncB4Q+UDCEdslQpJYls5Q5S # UUd0viastkF13nqsX40/ybzTQRESW+UQUOsxxcpyFiIJ33xMdT9j7CFfxCBRa2+x # q4aLT8LWRV+dIPyhHsXAj6KxfgommfXkaS+YHS312amyHeUbAgMBAAGjggE6MIIB # NjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTs1+OC0nFdZEzfLmc/57qYrhwP # TzAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYunpyGd823IDzAOBgNVHQ8BAf8EBAMC # AYYweQYIKwYBBQUHAQEEbTBrMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdp # Y2VydC5jb20wQwYIKwYBBQUHMAKGN2h0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNv # bS9EaWdpQ2VydEFzc3VyZWRJRFJvb3RDQS5jcnQwRQYDVR0fBD4wPDA6oDigNoY0 # aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0QXNzdXJlZElEUm9vdENB # LmNybDARBgNVHSAECjAIMAYGBFUdIAAwDQYJKoZIhvcNAQEMBQADggEBAHCgv0Nc # Vec4X6CjdBs9thbX979XB72arKGHLOyFXqkauyL4hxppVCLtpIh3bb0aFPQTSnov # Lbc47/T/gLn4offyct4kvFIDyE7QKt76LVbP+fT3rDB6mouyXtTP0UNEm0Mh65Zy # oUi0mcudT6cGAxN3J0TU53/oWajwvy8LpunyNDzs9wPHh6jSTEAZNUZqaVSwuKFW # juyk1T3osdz9HNj0d1pcVIxv76FQPfx2CWiEn2/K2yCNNWAcAgPLILCsWKAOQGPF # mCLBsln1VWvPJ6tsds5vIy30fnFqI2si/xK4VC0nftg62fC2h5b9W9FcrBjDTZ9z # twGpn1eqXijiuZQwggawMIIEmKADAgECAhAIrUCyYNKcTJ9ezam9k67ZMA0GCSqG # SIb3DQEBDAUAMGIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMx # GTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xITAfBgNVBAMTGERpZ2lDZXJ0IFRy # dXN0ZWQgUm9vdCBHNDAeFw0yMTA0MjkwMDAwMDBaFw0zNjA0MjgyMzU5NTlaMGkx # CzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5EaWdpQ2VydCwgSW5jLjFBMD8GA1UEAxM4 # RGlnaUNlcnQgVHJ1c3RlZCBHNCBDb2RlIFNpZ25pbmcgUlNBNDA5NiBTSEEzODQg # MjAyMSBDQTEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDVtC9C0Cit # eLdd1TlZG7GIQvUzjOs9gZdwxbvEhSYwn6SOaNhc9es0JAfhS0/TeEP0F9ce2vnS # 1WcaUk8OoVf8iJnBkcyBAz5NcCRks43iCH00fUyAVxJrQ5qZ8sU7H/Lvy0daE6ZM # swEgJfMQ04uy+wjwiuCdCcBlp/qYgEk1hz1RGeiQIXhFLqGfLOEYwhrMxe6TSXBC # Mo/7xuoc82VokaJNTIIRSFJo3hC9FFdd6BgTZcV/sk+FLEikVoQ11vkunKoAFdE3 # /hoGlMJ8yOobMubKwvSnowMOdKWvObarYBLj6Na59zHh3K3kGKDYwSNHR7OhD26j # q22YBoMbt2pnLdK9RBqSEIGPsDsJ18ebMlrC/2pgVItJwZPt4bRc4G/rJvmM1bL5 # OBDm6s6R9b7T+2+TYTRcvJNFKIM2KmYoX7BzzosmJQayg9Rc9hUZTO1i4F4z8ujo # 7AqnsAMrkbI2eb73rQgedaZlzLvjSFDzd5Ea/ttQokbIYViY9XwCFjyDKK05huzU # tw1T0PhH5nUwjewwk3YUpltLXXRhTT8SkXbev1jLchApQfDVxW0mdmgRQRNYmtwm # KwH0iU1Z23jPgUo+QEdfyYFQc4UQIyFZYIpkVMHMIRroOBl8ZhzNeDhFMJlP/2NP # TLuqDQhTQXxYPUez+rbsjDIJAsxsPAxWEQIDAQABo4IBWTCCAVUwEgYDVR0TAQH/ # BAgwBgEB/wIBADAdBgNVHQ4EFgQUaDfg67Y7+F8Rhvv+YXsIiGX0TkIwHwYDVR0j # BBgwFoAU7NfjgtJxXWRM3y5nP+e6mK4cD08wDgYDVR0PAQH/BAQDAgGGMBMGA1Ud # JQQMMAoGCCsGAQUFBwMDMHcGCCsGAQUFBwEBBGswaTAkBggrBgEFBQcwAYYYaHR0 # cDovL29jc3AuZGlnaWNlcnQuY29tMEEGCCsGAQUFBzAChjVodHRwOi8vY2FjZXJ0 # cy5kaWdpY2VydC5jb20vRGlnaUNlcnRUcnVzdGVkUm9vdEc0LmNydDBDBgNVHR8E # PDA6MDigNqA0hjJodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRUcnVz # dGVkUm9vdEc0LmNybDAcBgNVHSAEFTATMAcGBWeBDAEDMAgGBmeBDAEEATANBgkq # hkiG9w0BAQwFAAOCAgEAOiNEPY0Idu6PvDqZ01bgAhql+Eg08yy25nRm95RysQDK # r2wwJxMSnpBEn0v9nqN8JtU3vDpdSG2V1T9J9Ce7FoFFUP2cvbaF4HZ+N3HLIvda # qpDP9ZNq4+sg0dVQeYiaiorBtr2hSBh+3NiAGhEZGM1hmYFW9snjdufE5BtfQ/g+ # lP92OT2e1JnPSt0o618moZVYSNUa/tcnP/2Q0XaG3RywYFzzDaju4ImhvTnhOE7a # brs2nfvlIVNaw8rpavGiPttDuDPITzgUkpn13c5UbdldAhQfQDN8A+KVssIhdXNS # y0bYxDQcoqVLjc1vdjcshT8azibpGL6QB7BDf5WIIIJw8MzK7/0pNVwfiThV9zeK # iwmhywvpMRr/LhlcOXHhvpynCgbWJme3kuZOX956rEnPLqR0kq3bPKSchh/jwVYb # KyP/j7XqiHtwa+aguv06P0WmxOgWkVKLQcBIhEuWTatEQOON8BUozu3xGFYHKi8Q # xAwIZDwzj64ojDzLj4gLDb879M4ee47vtevLt/B3E+bnKD+sEq6lLyJsQfmCXBVm # zGwOysWGw/YmMwwHS6DTBwJqakAwSEs0qFEgu60bhQjiWQ1tygVQK+pKHJ6l/aCn # HwZ05/LWUpD9r4VIIflXO7ScA+2GRfS0YW6/aOImYIbqyK+p/pQd52MbOoZWeE4w # gga0MIIEnKADAgECAhANx6xXBf8hmS5AQyIMOkmGMA0GCSqGSIb3DQEBCwUAMGIx # CzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3 # dy5kaWdpY2VydC5jb20xITAfBgNVBAMTGERpZ2lDZXJ0IFRydXN0ZWQgUm9vdCBH # NDAeFw0yNTA1MDcwMDAwMDBaFw0zODAxMTQyMzU5NTlaMGkxCzAJBgNVBAYTAlVT # MRcwFQYDVQQKEw5EaWdpQ2VydCwgSW5jLjFBMD8GA1UEAxM4RGlnaUNlcnQgVHJ1 # c3RlZCBHNCBUaW1lU3RhbXBpbmcgUlNBNDA5NiBTSEEyNTYgMjAyNSBDQTEwggIi # MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC0eDHTCphBcr48RsAcrHXbo0Zo # dLRRF51NrY0NlLWZloMsVO1DahGPNRcybEKq+RuwOnPhof6pvF4uGjwjqNjfEvUi # 6wuim5bap+0lgloM2zX4kftn5B1IpYzTqpyFQ/4Bt0mAxAHeHYNnQxqXmRinvuNg # xVBdJkf77S2uPoCj7GH8BLuxBG5AvftBdsOECS1UkxBvMgEdgkFiDNYiOTx4OtiF # cMSkqTtF2hfQz3zQSku2Ws3IfDReb6e3mmdglTcaarps0wjUjsZvkgFkriK9tUKJ # m/s80FiocSk1VYLZlDwFt+cVFBURJg6zMUjZa/zbCclF83bRVFLeGkuAhHiGPMvS # GmhgaTzVyhYn4p0+8y9oHRaQT/aofEnS5xLrfxnGpTXiUOeSLsJygoLPp66bkDX1 # ZlAeSpQl92QOMeRxykvq6gbylsXQskBBBnGy3tW/AMOMCZIVNSaz7BX8VtYGqLt9 # MmeOreGPRdtBx3yGOP+rx3rKWDEJlIqLXvJWnY0v5ydPpOjL6s36czwzsucuoKs7 # Yk/ehb//Wx+5kMqIMRvUBDx6z1ev+7psNOdgJMoiwOrUG2ZdSoQbU2rMkpLiQ6bG # RinZbI4OLu9BMIFm1UUl9VnePs6BaaeEWvjJSjNm2qA+sdFUeEY0qVjPKOWug/G6 # X5uAiynM7Bu2ayBjUwIDAQABo4IBXTCCAVkwEgYDVR0TAQH/BAgwBgEB/wIBADAd # BgNVHQ4EFgQU729TSunkBnx6yuKQVvYv1Ensy04wHwYDVR0jBBgwFoAU7NfjgtJx # XWRM3y5nP+e6mK4cD08wDgYDVR0PAQH/BAQDAgGGMBMGA1UdJQQMMAoGCCsGAQUF # BwMIMHcGCCsGAQUFBwEBBGswaTAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGln # aWNlcnQuY29tMEEGCCsGAQUFBzAChjVodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5j # b20vRGlnaUNlcnRUcnVzdGVkUm9vdEc0LmNydDBDBgNVHR8EPDA6MDigNqA0hjJo # dHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRUcnVzdGVkUm9vdEc0LmNy # bDAgBgNVHSAEGTAXMAgGBmeBDAEEAjALBglghkgBhv1sBwEwDQYJKoZIhvcNAQEL # BQADggIBABfO+xaAHP4HPRF2cTC9vgvItTSmf83Qh8WIGjB/T8ObXAZz8OjuhUxj # aaFdleMM0lBryPTQM2qEJPe36zwbSI/mS83afsl3YTj+IQhQE7jU/kXjjytJgnn0 # hvrV6hqWGd3rLAUt6vJy9lMDPjTLxLgXf9r5nWMQwr8Myb9rEVKChHyfpzee5kH0 # F8HABBgr0UdqirZ7bowe9Vj2AIMD8liyrukZ2iA/wdG2th9y1IsA0QF8dTXqvcnT # mpfeQh35k5zOCPmSNq1UH410ANVko43+Cdmu4y81hjajV/gxdEkMx1NKU4uHQcKf # ZxAvBAKqMVuqte69M9J6A47OvgRaPs+2ykgcGV00TYr2Lr3ty9qIijanrUR3anzE # wlvzZiiyfTPjLbnFRsjsYg39OlV8cipDoq7+qNNjqFzeGxcytL5TTLL4ZaoBdqbh # OhZ3ZRDUphPvSRmMThi0vw9vODRzW6AxnJll38F0cuJG7uEBYTptMSbhdhGQDpOX # gpIUsWTjd6xpR6oaQf/DJbg3s6KCLPAlZ66RzIg9sC+NJpud/v4+7RWsWCiKi9EO # LLHfMR2ZyJ/+xhCx9yHbxtl5TPau1j/1MIDpMPx0LckTetiSuEtQvLsNz3Qbp7wG # WqbIiOWCnb5WqxL3/BAPvIXKUjPSxyZsq8WhbaM2tszWkPZPubdcMIIG7TCCBNWg # AwIBAgIQCoDvGEuN8QWC0cR2p5V0aDANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQG # EwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xQTA/BgNVBAMTOERpZ2lDZXJ0 # IFRydXN0ZWQgRzQgVGltZVN0YW1waW5nIFJTQTQwOTYgU0hBMjU2IDIwMjUgQ0Ex # MB4XDTI1MDYwNDAwMDAwMFoXDTM2MDkwMzIzNTk1OVowYzELMAkGA1UEBhMCVVMx # FzAVBgNVBAoTDkRpZ2lDZXJ0LCBJbmMuMTswOQYDVQQDEzJEaWdpQ2VydCBTSEEy # NTYgUlNBNDA5NiBUaW1lc3RhbXAgUmVzcG9uZGVyIDIwMjUgMTCCAiIwDQYJKoZI # hvcNAQEBBQADggIPADCCAgoCggIBANBGrC0Sxp7Q6q5gVrMrV7pvUf+GcAoB38o3 # zBlCMGMyqJnfFNZx+wvA69HFTBdwbHwBSOeLpvPnZ8ZN+vo8dE2/pPvOx/Vj8Tch # TySA2R4QKpVD7dvNZh6wW2R6kSu9RJt/4QhguSssp3qome7MrxVyfQO9sMx6ZAWj # FDYOzDi8SOhPUWlLnh00Cll8pjrUcCV3K3E0zz09ldQ//nBZZREr4h/GI6Dxb2Uo # yrN0ijtUDVHRXdmncOOMA3CoB/iUSROUINDT98oksouTMYFOnHoRh6+86Ltc5zjP # KHW5KqCvpSduSwhwUmotuQhcg9tw2YD3w6ySSSu+3qU8DD+nigNJFmt6LAHvH3KS # uNLoZLc1Hf2JNMVL4Q1OpbybpMe46YceNA0LfNsnqcnpJeItK/DhKbPxTTuGoX7w # JNdoRORVbPR1VVnDuSeHVZlc4seAO+6d2sC26/PQPdP51ho1zBp+xUIZkpSFA8vW # doUoHLWnqWU3dCCyFG1roSrgHjSHlq8xymLnjCbSLZ49kPmk8iyyizNDIXj//cOg # rY7rlRyTlaCCfw7aSUROwnu7zER6EaJ+AliL7ojTdS5PWPsWeupWs7NpChUk555K # 096V1hE0yZIXe+giAwW00aHzrDchIc2bQhpp0IoKRR7YufAkprxMiXAJQ1XCmnCf # gPf8+3mnAgMBAAGjggGVMIIBkTAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTkO/zy # Me39/dfzkXFjGVBDz2GM6DAfBgNVHSMEGDAWgBTvb1NK6eQGfHrK4pBW9i/USezL # TjAOBgNVHQ8BAf8EBAMCB4AwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwgwgZUGCCsG # AQUFBwEBBIGIMIGFMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5j # b20wXQYIKwYBBQUHMAKGUWh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdp # Q2VydFRydXN0ZWRHNFRpbWVTdGFtcGluZ1JTQTQwOTZTSEEyNTYyMDI1Q0ExLmNy # dDBfBgNVHR8EWDBWMFSgUqBQhk5odHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGln # aUNlcnRUcnVzdGVkRzRUaW1lU3RhbXBpbmdSU0E0MDk2U0hBMjU2MjAyNUNBMS5j # cmwwIAYDVR0gBBkwFzAIBgZngQwBBAIwCwYJYIZIAYb9bAcBMA0GCSqGSIb3DQEB # CwUAA4ICAQBlKq3xHCcEua5gQezRCESeY0ByIfjk9iJP2zWLpQq1b4URGnwWBdEZ # D9gBq9fNaNmFj6Eh8/YmRDfxT7C0k8FUFqNh+tshgb4O6Lgjg8K8elC4+oWCqnU/ # ML9lFfim8/9yJmZSe2F8AQ/UdKFOtj7YMTmqPO9mzskgiC3QYIUP2S3HQvHG1FDu # +WUqW4daIqToXFE/JQ/EABgfZXLWU0ziTN6R3ygQBHMUBaB5bdrPbF6MRYs03h4o # bEMnxYOX8VBRKe1uNnzQVTeLni2nHkX/QqvXnNb+YkDFkxUGtMTaiLR9wjxUxu2h # ECZpqyU1d0IbX6Wq8/gVutDojBIFeRlqAcuEVT0cKsb+zJNEsuEB7O7/cuvTQasn # M9AWcIQfVjnzrvwiCZ85EE8LUkqRhoS3Y50OHgaY7T/lwd6UArb+BOVAkg2oOvol # /DJgddJ35XTxfUlQ+8Hggt8l2Yv7roancJIFcbojBcxlRcGG0LIhp6GvReQGgMgY # xQbV1S3CrWqZzBt1R9xJgKf47CdxVRd/ndUlQ05oxYy2zRWVFjF7mcr4C34Mj3oc # CVccAvlKV9jEnstrniLvUxxVZE/rptb7IRE2lskKPIJgbaP5t2nGj/ULLi49xTcB # ZU8atufk+EMF/cWuiC7POGT75qaL6vdCvHlshtjdNXOCIUjsarfNZzCCB0kwggUx # oAMCAQICEAHdzU+FVN9jCMv0HhHagNUwDQYJKoZIhvcNAQELBQAwaTELMAkGA1UE # BhMCVVMxFzAVBgNVBAoTDkRpZ2lDZXJ0LCBJbmMuMUEwPwYDVQQDEzhEaWdpQ2Vy # dCBUcnVzdGVkIEc0IENvZGUgU2lnbmluZyBSU0E0MDk2IFNIQTM4NCAyMDIxIENB # MTAeFw0yNjA2MDUwMDAwMDBaFw0yNzA2MDQyMzU5NTlaMIHRMRMwEQYLKwYBBAGC # NzwCAQMTAlVTMRkwFwYLKwYBBAGCNzwCAQITCERlbGF3YXJlMR0wGwYDVQQPDBRQ # cml2YXRlIE9yZ2FuaXphdGlvbjEQMA4GA1UEBRMHMzQwNzk4NTELMAkGA1UEBhMC # VVMxETAPBgNVBAgTCElsbGlub2lzMRAwDgYDVQQHEwdDaGljYWdvMR0wGwYDVQQK # ExRLZWVwZXIgU2VjdXJpdHkgSW5jLjEdMBsGA1UEAxMUS2VlcGVyIFNlY3VyaXR5 # IEluYy4wggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQCb4DRTV0sNQsa1 # 0YRh+bliabmLOVYr6S0+BSVvRJAN3SHP6x52i1Dkpki5xVDIH06ZnnsToVrgvTv+ # QxGwsn9SAPHEZ/PIJRFxbMR4ShDaptYyL4f0u4k/3HwRzIleWE4mTUonYH8BdgLw # /F53B7wa7VTDHtxXltYTibEOwJxYCOi4Zr2FYQhjw14/CHcqS3FSMs6YYU2T56+g # w819hQM3K0YlwTNOFoIm1v7/ZZZiJGH8uGDsvy1makh1Xyyo/wN8EbQ1nbslmePT # roPm9w7WqiP/yiq+CZHiuTk9JK5bEgkWG3ns+v25cI251WidJx3SU7IZnX0OTd6/ # ZdKhprD5Gcfy5GBbJdcYw2WycQRW0PT5BEt55xRE0heufkpDaTUN6RdOuJdXbkl0 # hV91IZIuhueEMCk3h5mDTlU5gImxqj0R/TbAxjSSGTKCeuYFkQIRqytSabdrZZ48 # kW5hOIZMVDY1f4kpPJa8UeEvDZXT3vrtj36aSJrwez2uh4FMNlkCAwEAAaOCAgIw # ggH+MB8GA1UdIwQYMBaAFGg34Ou2O/hfEYb7/mF7CIhl9E5CMB0GA1UdDgQWBBT1 # SmCYU/7Yrz1fX66Ur5nSzlSYOzA9BgNVHSAENjA0MDIGBWeBDAEDMCkwJwYIKwYB # BQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAOBgNVHQ8BAf8EBAMC # B4AwEwYDVR0lBAwwCgYIKwYBBQUHAwMwgbUGA1UdHwSBrTCBqjBToFGgT4ZNaHR0 # cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0VHJ1c3RlZEc0Q29kZVNpZ25p # bmdSU0E0MDk2U0hBMzg0MjAyMUNBMS5jcmwwU6BRoE+GTWh0dHA6Ly9jcmw0LmRp # Z2ljZXJ0LmNvbS9EaWdpQ2VydFRydXN0ZWRHNENvZGVTaWduaW5nUlNBNDA5NlNI # QTM4NDIwMjFDQTEuY3JsMIGUBggrBgEFBQcBAQSBhzCBhDAkBggrBgEFBQcwAYYY # aHR0cDovL29jc3AuZGlnaWNlcnQuY29tMFwGCCsGAQUFBzAChlBodHRwOi8vY2Fj # ZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRUcnVzdGVkRzRDb2RlU2lnbmluZ1JT # QTQwOTZTSEEzODQyMDIxQ0ExLmNydDAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUA # A4ICAQBcavcUHNFEg872HDRq2+hRlnvaghCXv7X/6h9HSzjAQP3rt95BZty3ASqi # 2MYyGQLGdDl4DToe/WhajtEOBOYa83agW6tBvrfcKRrDrwJOMPTbwNYvn+GuiL4T # CKzXaytWiJJbrc5odc7Ecat2ZvJylpPmNainr4Q0LzzH23Gea/Mm/hIJTN4IGgrH # hrXiTIIW/ZUzrY6g8b3RZB4BA497n43wNdSqP+C3ntFw6NiGB4Z25SW4YntIxYPv # Kf37OVhF0xqxLC1sK/XxgK0EGQ6iaj8Ncpr2C5vSNZqfW2MndxOA1W67pgDpg83k # UWG+/YJeGhqOTF82/0kIzQXeI/lIqbnL/IJAJqSm/ROSpsGUKVbzk03cpTD55ZQX # WjM0fLirypBqY05T8gnh1L0fSwxr/SwJZ8OddivgyK1YOMn02nnsEG5kxBt9cMX4 # JCYABhypmAVDRvyYifEVdoFWv2gAXXW+PPRvlNa6E4aMCZrVcoKHiyeMAXOi1IC9 # mHvC2+foTSMFueq3AdnYfeKnZnAiKXKRhXcdHbQYcR2A7AIzIcqahPYr4FNEgb/E # /y/kypAkf0rMHlYl1kNqLs2Nv1UnMEHYT5YmDVLO63+1Trcw4zTZ70zuqIqeID/d # nbOlgtyG6DSRCL7f0E7kP18f4RoX5i1PkfeO4VJHsAuCeNG1qjGCBdkwggXVAgEB # MH0waTELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDkRpZ2lDZXJ0LCBJbmMuMUEwPwYD # VQQDEzhEaWdpQ2VydCBUcnVzdGVkIEc0IENvZGUgU2lnbmluZyBSU0E0MDk2IFNI # QTM4NCAyMDIxIENBMQIQAd3NT4VU32MIy/QeEdqA1TANBglghkgBZQMEAgEFAKCB # hDAYBgorBgEEAYI3AgEMMQowCKACgAChAoAAMBkGCSqGSIb3DQEJAzEMBgorBgEE # AYI3AgEEMBwGCisGAQQBgjcCAQsxDjAMBgorBgEEAYI3AgEVMC8GCSqGSIb3DQEJ # BDEiBCALYZ1XRlmW4tbtcl6GRV18qCOMaMMVrDPBxkvp7XLYDDANBgkqhkiG9w0B # AQEFAASCAYBYcM9SfoCLsOeU3tzfCa+JCv1mmRCaRIACMbE0kt++2yqnuwKAzB/x # zSEYPXESwH2RCop244uP/Drm23HvQJ5jgLPSxk9zXSFCltUXS3JWmWNCbJYhUf35 # hymmHroBZR9+mGdKe00nzcbe86RWUFDF6gxbrKzm1VVTUoKRxEmUVmEoCCOYXVKT # jUVsS5Ghg1sLvnWTl66XafWAakzjSkHjGs1cieajCR455XmGpEvnpAjc4nlD3gH7 # wzUxfjySro0oL5gYhVoZch5QeutjXtMGYIqhqJWSTvbCNBj9j6J/yN86hpJIGvzr # +cF9IDLg15ASH3SWEI1JBUfOyxwqnRoejvCN83pQhNtaEK4acy55Bxp3p7jt4tuM # 4vP7eZLMLfqOb5WcAoZRa9i3h7RwAP3hZNvKvzTWq4y5vpOe8FjWX1P9DwmFQNU/ # kACX/RxKH7iDUfqk/y7PXp5lhJflS/GjiwKbSg9rsPgubnaeEDXSazhFvyAQPNsw # CWl1jDa2OIShggMmMIIDIgYJKoZIhvcNAQkGMYIDEzCCAw8CAQEwfTBpMQswCQYD # VQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xQTA/BgNVBAMTOERpZ2lD # ZXJ0IFRydXN0ZWQgRzQgVGltZVN0YW1waW5nIFJTQTQwOTYgU0hBMjU2IDIwMjUg # Q0ExAhAKgO8YS43xBYLRxHanlXRoMA0GCWCGSAFlAwQCAQUAoGkwGAYJKoZIhvcN # AQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMjYwNjEzMDA1NjM0WjAv # BgkqhkiG9w0BCQQxIgQgiNKSkBfYIRsDBdBCJmCx4DsLSLYFoeu1GJMCEKi72Gww # DQYJKoZIhvcNAQEBBQAEggIASkX6F4YWCPZsFutqnB7TtVKdKrylltzgNWmOeSeC # GEMMeNsNvw1JnhigH3jcLTdf6/NDDZhBeU20YlpcF+25LuWwW13DHfLz+ZBmTPP1 # vezWCKNaglZIgurk9Z1dG8FdIB/SPDWM1JlVCe4AO6s9MmZR5umO8O0r9F5fL10Y # WuNLudhb+6tzMiMfYMWcvO3rMfYKuEfd6pfO4u41Si1cqHgdhoGwISfPN57RxCcu # XQ6ScUpizCMfAbX9DPgIum+K2WhYJ2x4hKK1aHRl+c4v67b/tXc9XT/lx7p3tpA6 # GCc2tO9l5y3ihjPeUKqRrkJdfAJxcNWPmfPaxiyjXst/SEa6+ZqkQtZt9VLiM0S/ # EYPhEJfxllK1+6f9rjzx34FnflfV6yMkpjKnmgJLvIdDd0xaKJvp361wqzSD1Sau # q/YhpGpyOTiwrIG6RIC1dQMoU39CrNVDJbUhl32KMg62Uo1qaslSYcb1+LQ4e45f # Nx9J+zRYJl0+wxpWAsxGZJTqOObWY+NmN09Pu0YZ9iKqo1fhn2H7NArUm5EFfUf9 # lhEGKqPuv2C9ohtj4AjjrLHEliB9felrbzGbcr+dF8JLHgAfIjr0EF5fdA2TX/3/ # E+CCexe4sgHyjQYitH1SWVST1NYdJtcS75l7NKIaV1+unMJel6CQhapWvnT5r4fX # MU8= # SIG # End signature block |