2atMonitoring.psm1

#Requires -Version 4.0 -Modules 2atWeb,2atGeneral,2atSql

$PSDefaultParameterValues.Clear()
Set-StrictMode -Version 2.0

$ErrorActionPreference = 'Stop'

Add-Type -Assembly System.Web
Import-Module 2atGeneral
Import-Module 2atWeb
Import-Module 2atSql

Import-Module (Join-Path -Path $PSScriptRoot -ChildPath HtmlAgilityPack.dll)
[HtmlAgilityPack.HtmlNode]::ElementsFlags.Remove("form") | Out-Null

Function RelToAbs {
    Param(
        [Parameter(Mandatory=$true)]
        [ValidateScript({(New-Object System.Uri $_)})]
        [string]$BaseUrl,
        
        [Parameter(Mandatory=$true)]
        [string]$RelativeUrl,
        
        [switch]$NoHtmlDecode
    )
    if (! $NoHtmlDecode) { $RelativeUrl = [System.Web.HttpUtility]::HtmlDecode($RelativeUrl) }

    if ([System.Uri]::IsWellFormedUriString($RelativeUrl,[System.UriKind]::Absolute)) { return $RelativeUrl }
    
    if ([System.Uri]::IsWellFormedUriString($RelativeUrl,[System.UriKind]::Relative)) {
        $l = (New-Object System.Uri((New-Object System.Uri $BaseUrl), $RelativeUrl)).AbsoluteUri
        Write-Verbose "Absolute URL is $l"
        return $l
    }
    
    if ($NoHtmlDecode -and ([Uri]$RelativeUrl).IsAbsoluteUri) {
        Write-Warning "RelativeUrl is not correctly URL encoded '$RelativeUrl'. If this is a HTTP REDIRECT Location header, this is incorrect server behavior. Retrying with encoded URL."
        return ([Uri]$RelativeUrl).AbsoluteUri
    }    
    
    throw "RelativeUrl is not a valid (absolute or relative) url: '$RelativeUrl'"
}

Function Step {
    Param(
        [Parameter(Mandatory=$true)]
        [ValidateScript({(New-Object System.Uri $_)})]
        [string]$Url,

        [Parameter(Mandatory=$true)]
        [PSCustomObject]$Session,
        
        [string]$Method = 'GET',
        
        [ValidateScript({ $_ -is [HashTable] -or $_ -is [System.Collections.Generic.Dictionary[string,string]] })]
        [object]$FormData
    )
    
    $res = Get-WebResponse -Url $Url -Method $Method -FormData $FormData -HostIPs $Session.HostIPs -CookieContainer $Session.CookieContainer -Proxy $Session.Proxy -UserAgent 'Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; 2AT Monitoring; +http://2at.nl)' -Credentials $Session.Credentials
    
    if ($Session.History | ?{ $Url -eq $_.Url -and $Method -eq $_.Method -and $res.ResponseBody -eq $_.ResponseBody }) {
        $res.WebRequestStatus='LoopDetected'
        $res.WebRequestStatusDescription="The same URL was already visited on the same Step and received the same ResponseBody. ($Url)"
    }
    
    $Session.History += $res
    
    if ($res.WebRequestStatus -eq [System.Net.WebExceptionStatus]::Success) {
        if ($res.HTTPStatus -In (301, 302, 303, 307)) {
            $l = RelToAbs -BaseUrl $url -RelativeUrl $res.ResponseHeaders['Location'] -NoHtmlDecode
            Write-Verbose "REDIRECT ($($res.HTTPStatus)) -> $l"
            Step -Url $l -Session $Session
            return
        }
        
        if ($res.HTTPStatus -eq 200) {
            if ($res.ResponseBody.EndsWith('<noscript><p>Script is disabled. Click Submit to continue.</p><input type="submit" value="Submit" /></noscript></form><script language="javascript">window.setTimeout(''document.forms[0].submit()'', 0);</script></body></html>')) {
                Write-Verbose "ADFS auto POST"
                ProcessForm -Previous $res -Session $Session
                return
            }
            
            $u = (new-object System.Uri $res.Url).GetLeftPart([System.UriPartial]::Path)
            if ($Session.LoginSteps[$u]) {
                RunStep -Step $Session.LoginSteps[$u] -Previous $res -Session $Session
                return
            }
        }
    }
}

Function ProcessForm {
    Param(
        [HashTable]$FormData,

        [string]$FormId,

        [Parameter(Mandatory=$true)]
        [PSCustomObject]$Previous,
        
        [Parameter(Mandatory=$true)]
        [PSCustomObject]$Session
    )
    
    $htmldoc = New-Object HtmlAgilityPack.HtmlDocument
    $htmldoc.LoadHtml($Previous.ResponseBody)
    if ($FormId) {
        $form = $htmldoc.DocumentNode.SelectNodes("//form[@id='$FormId']")[0]
        if (!$form) { throw "No form with id='$FormId' found" }
    } else {
        $forms = $htmldoc.DocumentNode.SelectNodes('//form')
        if (!$forms) { throw 'No forms found' }
        if ($forms.Count -gt 1) {
            Write-Warning "Found $($forms.Count) forms but no FormId was specified, selecting the first"
        }
        $form=$forms[0]
    }
    $l = RelToAbs $Previous.Url $form.Attributes['action'].Value

    $b = New-Object 'System.Collections.Generic.Dictionary[string,string]'
    $form.SelectNodes('//input') | ?{ $_.Attributes['name'] -And $_.Attributes['value'] } | %{ 
        $b[$_.Attributes['name'].Value] = [System.Web.HttpUtility]::HtmlDecode($_.Attributes['value'].Value)
    }
    if ($FormData) { $FormData.Keys | %{ $b[$_]=$FormData[$_] } }
    
    Write-Verbose "FORM: $(($b.Keys | %{ $_ + '=' + $b[$_] } ) -join [Environment]::NewLine)"
    Step -Url $l -Method $form.Attributes['method'].Value -FormData $b -Session $Session
}

Function ProcessLink {
    Param(
        [Parameter(Mandatory=$true)]
        [string]$LinkText,

        [Parameter(Mandatory=$true)]
        [PSCustomObject]$Previous,
        
        [Parameter(Mandatory=$true)]
        [PSCustomObject]$Session
    )
    
    $htmldoc = New-Object HtmlAgilityPack.HtmlDocument
    $htmldoc.LoadHtml($Previous.ResponseBody)
    $links = $htmldoc.DocumentNode.SelectNodes('//a[@href]') | ?{ $_ -and $_.InnerText.Trim() -eq $LinkText } | %{ $_.Attributes['href'].Value } | select -Unique

    $c = ($links | measure).Count
    if ($c -ne 1) { 
        Write-Warning "Found $c links matching '$LinkText', expected exactly one."
        $Previous.WebRequestStatus='LinkFailed'
        $Previous.WebRequestStatusDescription="Found $c links matching '$LinkText', expected exactly one."
        return
    }

    $l = RelToAbs $Previous.Url $links
    Write-Verbose "LINK: $l"
    
    Step -url $l -Session $Session
}

Function ProcessScript {
    Param(
        [Parameter(Mandatory=$true)]
        [string]$ScriptId,

        [Parameter(Mandatory=$true)]
        [string]$ScriptRegEx,

        [Parameter(Mandatory=$true)]
        [PSCustomObject]$Previous,
        
        [Parameter(Mandatory=$true)]
        [PSCustomObject]$Session
    )
    
    $htmldoc = New-Object HtmlAgilityPack.HtmlDocument
    $htmldoc.LoadHtml($Previous.ResponseBody)
    $s = $htmldoc.DocumentNode.SelectNodes('//script') | ?{ $_ -and $_.InnerText.Trim() -match [Regex]::Escape($ScriptId) }
    
    if (!$s) { throw "No script block matching '$ScriptId' found (using literal match)" }
    
    if ($s -is [HtmlAgilityPack.HtmlNodeCollection]) {
        Write-Warning 'Multiple matching script blocks found, using the first'
        $s = $s[0]
    }
    
    if (!($s.InnerText.Trim() -match $ScriptRegEx)) {
        throw "No url could be found: Script block doesn't match '$ScriptRegEx'"
    }
    
    if ($Matches['link']) {
        $l = RelToAbs $Previous.Url $Matches['link']
    } else {
        if ($Matches.Count -eq 1) {
            Write-Warning 'No match groups found, using full match as link to follow'
            $l = RelToAbs $Previous.Url $Matches[0]
        } else {
            if ($Matches.Count -gt 2) {
                Write-Warning 'Found multiple match groups, using first (create a named group ''link'' to specify witch group to use)'
            }
            $l = RelToAbs $Previous.Url $Matches[1]
        }
    }
    
    Step -url $l -Session $Session
}

Function UpdateSession {
    Param(
        [Parameter(Mandatory=$true)]    
        [HashTable]$Step,
        
        [Parameter(Mandatory=$true)]    
        [PSCustomObject]$Session,
        
        [PSCustomObject]$TMGInfo,
        
        [Switch]$IsNewSession
    )
    Write-Debug "Updating $(if($IsNewSession) {'NEW'})session"
    
    if (!$IsNewSession -and ($Step['SqlConnection'] -or $Step['Name'])) { throw 'Specifying a SqlConnection or Name is only supported for new sessions' }

    if ($Step['Proxy']) { $Session.Proxy = New-Object System.Net.WebProxy $Step.Proxy    }
    if ($Step['LoginSteps']) { $Session.LoginSteps = $Step.LoginSteps }
    if ($Step['Servers']) { SetSessionCookies -Session $Session -TMGInfo $TMGInfo -Servers $Step.Servers }
    if ($Step['TargetServer']) { $Session.TargetServer = $Step.TargetServer }
    if ($Step['NextLogMinutes']) { $Session.NextLogMinutes = $Step.NextLogMinutes }
    if ($Step['HostIPs']) { $Session.HostIPs = $Step.HostIPs }
    if ($Step['Credentials']) {
        if ($Step.Credentials -is [PSCredential]) {
            $Session.Credentials = $Step.Credentials.GetNetworkCredential()
        } elseif ($Step.Credentials -is [System.Net.ICredentials]) {
            $Session.Credentials = $Step.Credentials
        } else {
            throw "Session credentials specified are of an unsupported type: $($Step.Credentials.GetType().FullName), please use either a PSCredential or a NetworkCredential"
        }
    }
    
    if ($IsNewSession) { $Session }
}

Function NewSession {
    Param(
             [Parameter(Mandatory=$true)]     
             [HashTable]$Step,
             
             [PSCustomObject]$TMGInfo
       )
       
       $Session = @{
            Id=-1
            Name=$Step['Name']
            HostIPs=@{}
            CookieContainer = New-Object System.Net.CookieContainer
            Proxy=$null
            SqlConnection=$Step['SqlConnection']
            WSConnection=$Step['WSConnection']
            ReportingConnection = $Step['ReportingConnection']
            LoginSteps=@{}
            Credentials=$null
            History=@()
            RequestNumber=1
            TargetServer=$null
            NextLogMinutes=10
       }      


    if ($Session.SqlConnection) {
        Write-Verbose "NEWSESSION: Connecting to SQL '$($Step.SqlConnection)'"
                
        Set-SqlData -ConnectionString $Session.SqlConnection -CommandText 'ops.LogJob' -Parameters @{ Job='HTTPMonitor'; Title='Job started' }
        $MonitorSession = Get-SqlData -ConnectionString $Session.SqlConnection -CommandText 'ops.SaveMonitorSession' -Parameters @{ Name=$Session.Name; Servers=($Step['Servers'] -Join ' / ') }
        $Session.Id = $MonitorSession.SessionId
    }

    if (!$Step['Servers']) { Write-Verbose 'NEWSESSION: New session created without cookies' }
    
    UpdateSession -Step $Step -Session ([PSCustomObject]$Session) -TMGInfo $TMGInfo -IsNewSession
}

Function SetSessionCookies {
    Param(
        [Parameter(Mandatory=$true)]
        [PSCustomObject]$Session,

        [Parameter(Mandatory=$true)]
        [PSCustomObject]$TMGInfo,

        [Parameter(Mandatory=$true)]
        [string[]]$Servers
    )

    $TMGInfo.CookieIndex | %{
        $cookieName = $_.Cookie
        $Url = New-Object System.Uri $_.Url

        $rule = $TMGInfo.Rules[$cookieName.SubString(7)]

        if (! $rule) {
            Write-Warning "Unable to add cookie to session. No matching rule found for cookie '$cookieName' ($Url). Possible cause is an outdated TMGRuleGUIDs.xml file." 
            return
        }
        
        foreach($server in $Servers) {
            $entry = $rule.ServerFarm | ?{ $_.HostName -Match $server }
            if ($entry) { break }
        }
        if (! $entry) { 
            Write-Warning "Unable to add cookie to session. No matching server found for rule '$($rule.Name)' ($Url)"
            return
        }
        
        $cookie = New-Object System.Net.Cookie $cookieName, $entry.GUID, '/', $Url.Host
        $cookie.HttpOnly = $true
        
        $Session.CookieContainer.Add($Url, $cookie)

        Write-Verbose "Added cookie to session: $cookieName=$($entry.GUID) ($Url)"
    }
}

Function ValidateResponse {
    Param(
        [Parameter(Mandatory=$true)]
        [PSCustomObject]$Response,
        
        [Parameter(Mandatory=$true)]
        [PSCustomObject]$Validate
    )

    if ($Response.WebRequestStatus -ne [System.Net.WebExceptionStatus]::Success) { 
        Write-Verbose "Skipped validation because request already marked as failed ($($Response.WebRequestStatus)"
        return
    }
    
    if ($Validate['Url']) {
        if ($Response.Url.TrimEnd('/') -ne $Validate.Url.TrimEnd('/')) {
            $Response.WebRequestStatus='UrlValidationFailed'
            $Response.WebRequestStatusDescription="Url validation failed, found '$($Response.Url)', expected '$($Validate.Url)'"
            Write-Warning $Response.WebRequestStatusDescription
            return
        } else {
            Write-Verbose 'Url validation succeeded'
        }
    }
    if ($Validate['ContentMatch']) {
        if (! ($Response.ResponseBody -match $Validate.ContentMatch)) {
            $Response.WebRequestStatus='ContentValidationFailed'
            $Response.WebRequestStatusDescription="Content validation failed, page '$($Response.Url)' does not match '$($Validate.ContentMatch)'"
            Write-Warning $Response.WebRequestStatusDescription
        } else {
            Write-Verbose "Content validation succeeded '$($Validate.ContentMatch)'"
        }
    }
    if ($Validate['Time']) {
        if (! ([int]$Response.TimeToFirstByte.TotalMilliseconds -le [int]$Validate.Time)) {
            $Response.WebRequestStatus='ContentValidationFailed'
            $Response.WebRequestStatusDescription="Time exceeded, page took $([int]$Response.TimeToFirstByte.TotalMilliseconds)ms, maximum was set at $([int]$Validate.Time)ms ($($Response.Url))"
            Write-Warning $Response.WebRequestStatusDescription
        } else {
            Write-Verbose "Time validation succeeded ($([int]$Response.TimeToFirstByte.TotalMilliseconds)ms < $([int]$Validate.Time)ms)"
        }
    }
}

Function PostEntityUpdate {
    Param
    (
        [Parameter(Mandatory=$true)]
        [PSCustomObject]$Session,

        [string]$Monitor
    )
    
    $lr = $Session.History[$Session.History.Length-1]

    $FormData = @{
        Name = "$Monitor-$($Session.TargetServer)";
        nextLogTime = $lr.DateTime.AddMinutes($Session.NextLogMinutes).ToUniversalTime().ToString('u');
        stateId = if ($lr.WebRequestStatus -ne 'Success') { 
            4 
        } elseif ( $Session.TargetServer -and ($Session.TargetServer -eq (GetServer -WebResponse $lr) )) { 
            1 
        } else { 5 };
        logTime = $lr.DateTime.ToUniversalTime().ToString('u');
    }

    if ($FormData.stateId -ne 1) {
        $information =  @{
            WebRequestStatusDescription = $lr.WebRequestStatusDescription
        }
        
        if($FormData.stateId -eq 5){
            $information.Add("TargetServer", $Session.TargetServer)
            $information.Add("ResponseServer", (GetServer -WebResponse $lr))
        }

        $FormData.information = New-Object PSObject -Property $information | ConvertTo-Xml -NoTypeInformation -as String
    }

    try {
        Invoke-RestMethod -Uri $Session.WSConnection -Method 'POST' -Body $FormData -TimeoutSec 5
        Write-Verbose "Posting to $($Session.WSConnection)"                               
    } catch {
        #TODO This should become Write-Error once the new monitoring becomes permanent
        Write-Warning "Entity endpoint unavailable $($_.Exception.Message)"                      
    }
}

Function PostEntityReportData {
    Param
    (
        [Parameter(Mandatory=$true)]
        [ValidateScript({(New-Object System.Uri $_)})]
        [string]$entityReportingUrl,
        
        [Parameter(Mandatory=$true)]     
        [string]$entityName,

        [Parameter(Mandatory=$false)]         
        [datetime]$logTime,

        [Parameter(Mandatory=$true)]
        [string]$propertyName,

        [Parameter(Mandatory=$true)]
        [int]$propertyValue
    )
        

    $FormData = @{ 
        Name = $entityName;
        LogTime = $logTime.ToUniversalTime().ToString('u');
        PropertyName = $propertyName;
        PropertyValue = $propertyValue;
    }

    try {
        Write-Verbose "Posting reportingData to $entityReportingUrl"
        Invoke-RestMethod -Uri $entityReportingUrl -Method 'POST' -Body $FormData -TimeoutSec 5
    } catch {
        #TODO This may need to become Write-Error once the new monitoring becomes permanent
        Write-Warning "Entity reporting endpoint unavailable $($_.Exception.Message)"                      
    }
}

Function GetServer {
    Param
    (
        [Parameter(Mandatory=$true)]
        [PSCustomObject]$WebResponse
    )

    if ($WebResponse.ResponseHeaders['X-WFE']) { $WebResponse.ResponseHeaders['X-WFE'] } else { $WebResponse.ResponseHeaders['X-Powered-by-server'] }
}

Function LogSteps {
       Param(
             [Parameter(Mandatory=$true)]
             [PSCustomObject]$Session,
             
             [int]
             $StepNumber,
             
             [string]$Monitor,
             
             [switch]
             $PassThru
       )
       
       $i=1
       foreach($WebResponse in $Session.History) {
             $u = New-Object System.Uri $WebResponse.Url
             $hostname = "$($u.Host)"
             if ($u.Port -ne 80) { $hostname+=":$($u.Port)"}
             if ($u.Query.Length -ne 0) { $query=$u.Query.Substring(1) } else { $query='' } 

             $p = @{
                    LogDateTime=$WebResponse.DateTime
                    Host=$hostname
                    UriStem=$u.AbsolutePath
                    UriQuery=$query
                    Method=$WebResponse.Method
                    HTTPStatus=[int]$WebResponse.HTTPStatus
                     TimeTaken=[int]$WebResponse.TimeToFirstByte.TotalMilliseconds
                    RequestStatus=[string]$WebResponse.WebRequestStatus
                     RequestStatusDescription=$WebResponse.WebRequestStatusDescription
                    Url=$WebResponse.Url
                    SessionId=$Session.Id
                    Monitor=$Monitor
                    TargetServer=$Session.TargetServer
                    NextLogMinutes=$Session.NextLogMinutes
                    StepNumber=$StepNumber
                    RequestNumber=$Session.RequestNumber++
                    IsStepResult=($i -eq $Session.History.Count)
             }

             if ($WebResponse.FormData) {
                    $p.FormData=(($WebResponse.FormData.Keys | %{ $_ + '=' + $WebResponse.FormData[$_] } ) -join [Environment]::NewLine)
             }
             
             if ($WebResponse.ResponseHeaders) {
                    $p.Server=GetServer -WebResponse $WebResponse
                    
                    $p.XSharePointHealthScore=$WebResponse.ResponseHeaders['X-SharePointHealthScore']
                  $p.SPIisLatency=$WebResponse.ResponseHeaders['SPIisLatency']
             $p.SPRequestDuration=$WebResponse.ResponseHeaders['SPRequestDuration']
                    $p.RequestGuid=$WebResponse.ResponseHeaders['request-id']
                    $p.RawResponse=Get-WebResponseString -WebResponse $WebResponse
             }
             
             Write-Debug "Writing data"
             if ($Session.SqlConnection) {
            Write-Verbose "Writing data to the database"
                    Set-SqlData -ConnectionString $Session.SqlConnection -CommandText 'ops.SaveMonitorResult' -Parameters $p
             }
            

            if (!$Session.SqlConnection -And !$Session.WSConnection) {
                        if ($p.HTTPStatus) {
                            Write-Host "$(Get-Date) $($p.Server) ($($p.XSharePointHealthScore)) $($p.HTTPStatus) $($p.Method) $($u.GetLeftPart([System.UriPartial]::Path))"
                        } else {
                            Write-Host "$(Get-Date) $($p.RequestStatus) $($u.GetLeftPart([System.UriPartial]::Path))"
                        }
            }

            if ($PassThru) { $WebResponse }
            $i++
       }
       
       if ($Session.WSConnection) {
            Write-Verbose "Posting data to the entity endpoint"

            PostEntityUpdate -Session $Session -Monitor $Monitor
        }
    
    if ($Session.ReportingConnection) {
        Write-Verbose "Posting data to the reporting endpoint"
        $lastIndex = $Session.History.Length-1
        if($Session.History[$lastIndex].WebRequestStatus -eq "Success"){
            $logTime = $Session.History[$lastIndex].DateTime
            $propertyName="Response time"
            $propertyValue=[int]$Session.History[$lastIndex].TimeToFirstByte.TotalMilliseconds

            PostEntityReportData -entityReportingUrl $Session.ReportingConnection -entityName "$Monitor-$($Session.TargetServer)" -logTime $LogTime -propertyName $propertyName -propertyValue $propertyValue
        }
    }
}

Function RunStep {
    Param(
        [Parameter(Mandatory=$true)]
        [HashTable]$Step,
        
        [PSCustomObject]$Previous,
        
        [Parameter(Mandatory=$true)]
        [PSCustomObject]$Session
    )
        
    switch ($Step.Action)
    {
        'Url' {
            Write-Debug "URL: $($Step.Url)"
            Step -Url $Step.Url -Session $Session
        }
        'Link' {
            Write-Debug "LINK: $($Step.LinkText)"
            ProcessLink -LinkText $Step.LinkText -Previous $Previous -Session $Session
        }
        'Form' {
            Write-Debug "FORM"
            ProcessForm -FormId $Step['FormId'] -FormData $Step['FormData'] -Previous $Previous -Session $Session
        }
        'Script' {
            Write-Debug 'SCRIPT'
            ProcessScript -ScriptId $Step['ScriptId'] -ScriptRegEx $Step['ScriptRegEx'] -Previous $Previous -Session $Session
        }
        default {
            throw "Unrecognized step $($CurrentStep.Action)"
        }
    }

    if ($Step['Validate']) {
        ValidateResponse -Response $Session.History[$Session.History.Length-1] -Validate $Step.Validate
    }
}

Function Invoke-Monitoring {
    Param(
        [Parameter(Mandatory=$true)]
        [System.Array]$Steps,

        [PSCustomObject]$TMGInfo
    )
    Get-CallerPreference -Cmdlet $PSCmdlet -SessionState $ExecutionContext.SessionState
    
    $i=0
    foreach($CurrentStep in $Steps) {
        switch ($CurrentStep.Action) {
            'NewSession' {
                Write-Progress -Activity 'Initializing session' -PercentComplete (100*$i/$Steps.Count)
                Write-Debug 'NEWSESSION'
                
                $Session = NewSession -Step $CurrentStep -TMGInfo $TMGInfo                                
                $Previous = $null
            }
            'UpdateSession' {
                Write-Progress -Activity 'Updating session' -PercentComplete (100*$i/$Steps.Count)
                Write-Debug 'UPDATESESSION'

                UpdateSession -Step $CurrentStep -TMGInfo $TMGInfo -Session $Session
            }
            default {
                Write-Progress -Activity 'Retreiving webpage' -CurrentOperation $CurrentStep.Url -PercentComplete (100*$i/$Steps.Count)

                RunStep -Step $CurrentStep -Previous $Previous -Session $Session
                LogSteps -Session $Session -StepNumber ($i+1) -Monitor $CurrentStep['Monitor'] -PassThru
                $Previous = $Session.History | Select -Last 1
                $Session.History=@()
            }
        }
        
        $i++
    }
}

Export-ModuleMember -Function Invoke-*

# SIG # Begin signature block
# MIIWcAYJKoZIhvcNAQcCoIIWYTCCFl0CAQExDzANBglghkgBZQMEAgEFADB5Bgor
# BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG
# KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCBy6UVVb6XP/8UO
# gt1t/pxQmXME1kDH1eAU3t9pyibAd6CCCxswggUzMIIEG6ADAgECAhEAgNHe/U3D
# BzyckFGAgIDcJDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQGEwJHQjEbMBkGA1UE
# CBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQK
# ExFDT01PRE8gQ0EgTGltaXRlZDEjMCEGA1UEAxMaQ09NT0RPIFJTQSBDb2RlIFNp
# Z25pbmcgQ0EwHhcNMTcwMTEzMDAwMDAwWhcNMjAwMTEzMjM1OTU5WjCBgDELMAkG
# A1UEBhMCTkwxEDAOBgNVBBEMBzM1NDIgRFoxEDAOBgNVBAgMB1V0cmVjaHQxEDAO
# BgNVBAcMB1V0cmVjaHQxFTATBgNVBAkMDEVuZXJnaWV3ZWcgMTERMA8GA1UECgwI
# MkFUIEIuVi4xETAPBgNVBAMMCDJBVCBCLlYuMIIBIjANBgkqhkiG9w0BAQEFAAOC
# AQ8AMIIBCgKCAQEAzB3KZ2CBenaD2WDwOsy0cHE6mLIeIYqWP718FuWeUZ5eejvw
# 8BozajbtBWgISZ2IMsTYZ1I7KFBzHgXXkNglmyboa6++x7j2Ws+T0hmHCUZ64AFb
# OkXjqYsOBCPhi3yuKIRLwc4snA3F3DCH24mBpDYymrU22+0vMIlDqpzRXBNEeIhG
# ss3jehu86l85fWVS54F5KGeDYQ2BT0Tc0UO6hMlcpCEVKIbthLm36q1/oSchRYjH
# B4JCT1KqACRhD0hJcQmTcJZvhpgOrglUVlj1ClS5xfWgHq3ySShOOZMecl0VNMtY
# xNi5TF1Ae+sie4044ioyGB6dGItGXwhObIk/9wIDAQABo4IBqDCCAaQwHwYDVR0j
# BBgwFoAUKZFg/4pN+uv5pmq4z/nmS71JzhIwHQYDVR0OBBYEFDHc2o80OMg8zNfF
# WMH8QB57E7rnMA4GA1UdDwEB/wQEAwIHgDAMBgNVHRMBAf8EAjAAMBMGA1UdJQQM
# MAoGCCsGAQUFBwMDMBEGCWCGSAGG+EIBAQQEAwIEEDBGBgNVHSAEPzA9MDsGDCsG
# AQQBsjEBAgEDAjArMCkGCCsGAQUFBwIBFh1odHRwczovL3NlY3VyZS5jb21vZG8u
# bmV0L0NQUzBDBgNVHR8EPDA6MDigNqA0hjJodHRwOi8vY3JsLmNvbW9kb2NhLmNv
# bS9DT01PRE9SU0FDb2RlU2lnbmluZ0NBLmNybDB0BggrBgEFBQcBAQRoMGYwPgYI
# KwYBBQUHMAKGMmh0dHA6Ly9jcnQuY29tb2RvY2EuY29tL0NPTU9ET1JTQUNvZGVT
# aWduaW5nQ0EuY3J0MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5j
# b20wGQYDVR0RBBIwEIEOc3VwcG9ydEAyYXQubmwwDQYJKoZIhvcNAQELBQADggEB
# AHGDJyOKLJwzdt4Y8ow7H4ZKZXs9Hopf0GhizzhcPWyWL7GI6QHhKHzFWYGsFhh2
# vesuY7p89jthK5YqSn1u2KUQuLWzQZQj3cZCK2BwSz6FpgmmjqIo49qCfKIB5IrE
# DcZAQPC9wxaXPI+R3B32JmTllBpkFQNTIJVcB7jR/Ft991iV17tMMq0GssMAHnVd
# /yvTWlUaE7XNtgtNYQ5v/8HxxNtdBXsIbdjiv/A8GjUmyPN8Dum9CW82hUqOE7U9
# AXHZIBWy9yrooSieo26GA1OzrBvnDc+L42JZnjvwdhBqSnbQrSS7L6VjVHU+Ct84
# Fnb5u23Jypdmj9123Hw9qJwwggXgMIIDyKADAgECAhAufIfMDpNKUv6U/Ry3zTSv
# MA0GCSqGSIb3DQEBDAUAMIGFMQswCQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRl
# ciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFDT01PRE8g
# Q0EgTGltaXRlZDErMCkGA1UEAxMiQ09NT0RPIFJTQSBDZXJ0aWZpY2F0aW9uIEF1
# dGhvcml0eTAeFw0xMzA1MDkwMDAwMDBaFw0yODA1MDgyMzU5NTlaMH0xCzAJBgNV
# BAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcTB1Nh
# bGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMSMwIQYDVQQDExpDT01P
# RE8gUlNBIENvZGUgU2lnbmluZyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
# AQoCggEBAKaYkGN3kTR/itHd6WcxEevMHv0xHbO5Ylc/k7xb458eJDIRJ2u8UZGn
# z56eJbNfgagYDx0eIDAO+2F7hgmz4/2iaJ0cLJ2/cuPkdaDlNSOOyYruGgxkx9hC
# oXu1UgNLOrCOI0tLY+AilDd71XmQChQYUSzm/sES8Bw/YWEKjKLc9sMwqs0oGHVI
# wXlaCM27jFWM99R2kDozRlBzmFz0hUprD4DdXta9/akvwCX1+XjXjV8QwkRVPJA8
# MUbLcK4HqQrjr8EBb5AaI+JfONvGCF1Hs4NB8C4ANxS5Eqp5klLNhw972GIppH4w
# vRu1jHK0SPLj6CH5XkxieYsCBp9/1QsCAwEAAaOCAVEwggFNMB8GA1UdIwQYMBaA
# FLuvfgI9+qbxPISOre44mOzZMjLUMB0GA1UdDgQWBBQpkWD/ik366/mmarjP+eZL
# vUnOEjAOBgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADATBgNVHSUE
# DDAKBggrBgEFBQcDAzARBgNVHSAECjAIMAYGBFUdIAAwTAYDVR0fBEUwQzBBoD+g
# PYY7aHR0cDovL2NybC5jb21vZG9jYS5jb20vQ09NT0RPUlNBQ2VydGlmaWNhdGlv
# bkF1dGhvcml0eS5jcmwwcQYIKwYBBQUHAQEEZTBjMDsGCCsGAQUFBzAChi9odHRw
# Oi8vY3J0LmNvbW9kb2NhLmNvbS9DT01PRE9SU0FBZGRUcnVzdENBLmNydDAkBggr
# BgEFBQcwAYYYaHR0cDovL29jc3AuY29tb2RvY2EuY29tMA0GCSqGSIb3DQEBDAUA
# A4ICAQACPwI5w+74yjuJ3gxtTbHxTpJPr8I4LATMxWMRqwljr6ui1wI/zG8Zwz3W
# GgiU/yXYqYinKxAa4JuxByIaURw61OHpCb/mJHSvHnsWMW4j71RRLVIC4nUIBUzx
# t1HhUQDGh/Zs7hBEdldq8d9YayGqSdR8N069/7Z1VEAYNldnEc1PAuT+89r8dRfb
# 7Lf3ZQkjSR9DV4PqfiB3YchN8rtlTaj3hUUHr3ppJ2WQKUCL33s6UTmMqB9wea1t
# QiCizwxsA4xMzXMHlOdajjoEuqKhfB/LYzoVp9QVG6dSRzKp9L9kR9GqH1NOMjBz
# wm+3eIKdXP9Gu2siHYgL+BuqNKb8jPXdf2WMjDFXMdA27Eehz8uLqO8cGFjFBnfK
# S5tRr0wISnqP4qNS4o6OzCbkstjlOMKo7caBnDVrqVhhSgqXtEtCtlWdvpnncG1Z
# +G0qDH8ZYF8MmohsMKxSCZAWG/8rndvQIMqJ6ih+Mo4Z33tIMx7XZfiuyfiDFJN2
# fWTQjs6+NX3/cjFNn569HmwvqI8MBlD7jCezdsn05tfDNOKMhyGGYf6/VXThIXcD
# Cmhsu+TJqebPWSXrfOxFDnlmaOgizbjvmIVNlhE8CYrQf7woKBP7aspUjZJczcJl
# mAaezkhb1LU3k0ZBfAfdz/pD77pnYf99SeC7MH1cgOPmFjlLpzGCCqswggqnAgEB
# MIGSMH0xCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIx
# EDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMSMw
# IQYDVQQDExpDT01PRE8gUlNBIENvZGUgU2lnbmluZyBDQQIRAIDR3v1Nwwc8nJBR
# gICA3CQwDQYJYIZIAWUDBAIBBQCgfDAQBgorBgEEAYI3AgEMMQIwADAZBgkqhkiG
# 9w0BCQMxDAYKKwYBBAGCNwIBBDAcBgorBgEEAYI3AgELMQ4wDAYKKwYBBAGCNwIB
# FTAvBgkqhkiG9w0BCQQxIgQgcVbshE1UFPqX7aUdqp8HCZHMuR8ZFaJjHrbw+Ctu
# 7GYwDQYJKoZIhvcNAQEBBQAEggEApiqN9bGIAP0Jme1IoExYjzO2EwiuEum880xc
# ILWGlI09XJu6VPr9JnLT7kl0PtVC6iABZWVRgWGW3D/pFoAS4l95PE3k8hN8haD8
# tRaePMjFm4PIvnTYxxRsBAmObZe0ISaG41yi7QBYeLFPlvou0IppdK/PSTzu5JZU
# oqBV2pzbUTjr3WFFW3AP3zYdI3jixfnzV+kKR7m2cB9VmHud0oOXS0V4VuNk3ESw
# Fi57xxsu+agoxFg1omNOYulOisXPFi7Km0HjAxwc7ZyAJAC8iyo3ZsrG7833P2kw
# 7JTsGyYtpxIlM6HWf0Fo5OlAF0iZBV/Ur9SMet/hB8X2PFUJR6GCCGswgghnBgor
# BgEEAYI3AwMBMYIIVzCCCFMGCSqGSIb3DQEHAqCCCEQwgghAAgEDMQ8wDQYJYIZI
# AWUDBAIBBQAwggEPBgsqhkiG9w0BCRABBKCB/wSB/DCB+QIBAQYKKwYBBAGyMQIB
# ATAxMA0GCWCGSAFlAwQCAQUABCDhMGFuAcL2EyJMNK5jJmTzhBA4Hef4pqDPkHnR
# BM+0GQIVAJBhYkCWxcY6CzQ0y5IypsDR2HbQGA8yMDE4MDQxOTEyNTIwMlqggYyk
# gYkwgYYxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIx
# EDAOBgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMSww
# KgYDVQQDEyNDT01PRE8gU0hBLTI1NiBUaW1lIFN0YW1waW5nIFNpZ25lcqCCBKAw
# ggScMIIDhKADAgECAhBOsIePzCQ1NrLYyfe/OVV3MA0GCSqGSIb3DQEBCwUAMIGV
# MQswCQYDVQQGEwJVUzELMAkGA1UECBMCVVQxFzAVBgNVBAcTDlNhbHQgTGFrZSBD
# aXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxITAfBgNVBAsTGGh0
# dHA6Ly93d3cudXNlcnRydXN0LmNvbTEdMBsGA1UEAxMUVVROLVVTRVJGaXJzdC1P
# YmplY3QwHhcNMTUxMjMxMDAwMDAwWhcNMTkwNzA5MTg0MDM2WjCBhjELMAkGA1UE
# BhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2Fs
# Zm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxLDAqBgNVBAMTI0NPTU9E
# TyBTSEEtMjU2IFRpbWUgU3RhbXBpbmcgU2lnbmVyMIIBIjANBgkqhkiG9w0BAQEF
# AAOCAQ8AMIIBCgKCAQEAzrx0t3CAT17zP5iqLsvUEgEjNWkLIrzm/QlsKOQTEqy7
# ui3l1d0i7nO2LPjSpHHnSSV4qyW3kBCgm4t3Jt1A6kGj/YjNcqaJO1BXHHolJCIC
# UUA1Z4oxaQ3lOXNJOZuVAYVS8isUiZpOBKS8QK45pt1AAuA6df49fVWUW/FOJHzI
# uFgZysDavlgTmuYc59HBO/Bdj0kIIZ7Q877W1GZPXHI2e8OC05gIlK+rRE8YxxTa
# FrEeMg4SOMC1PHbsdVAAIAQRGe3G/99O/giBJzFPcXRuAwxwJ4FVappDkqR/2/0/
# xRceQbvO6Kd/jJX5/X/4YYiJAD7/CwHb/dW1pOSREQIDAQABo4H0MIHxMB8GA1Ud
# IwQYMBaAFNrtZHQUnBQ8q92Zqb1bKE2LPMnYMB0GA1UdDgQWBBR9v5HXp2xaR2ZE
# e5DUjpByQY8XwjAOBgNVHQ8BAf8EBAMCBsAwDAYDVR0TAQH/BAIwADAWBgNVHSUB
# Af8EDDAKBggrBgEFBQcDCDBCBgNVHR8EOzA5MDegNaAzhjFodHRwOi8vY3JsLnVz
# ZXJ0cnVzdC5jb20vVVROLVVTRVJGaXJzdC1PYmplY3QuY3JsMDUGCCsGAQUFBwEB
# BCkwJzAlBggrBgEFBQcwAYYZaHR0cDovL29jc3AudXNlcnRydXN0LmNvbTANBgkq
# hkiG9w0BAQsFAAOCAQEAULD131+tM9zDU1hYvMITdXsgHVTKuj9QP7qK9GsJY8Bb
# XYvWdRpzvYv/R/EV3FEWIxky5m6STdHGLloeiEIUyXLl1whQimr1ZEBWriTjYZcV
# QvAsSK6D5jU8i1vCj66OzDRSNOD7/sr9sSRo0aQRIxAG/bLCJCfH1+lKHI8/Ps/t
# 63V5bI5f9yG2UOYloc1mlBJsv9uzrofYaANyIALCftqU83IHPFfoVSTnBaAdxIEB
# gksfPw+dM5vwT8yd1oWBz8vn/Urpkrj3DXJzLel3+W+PKHo+Hr0IhtyNHhFf91u7
# h3bGnkxUYdBn25OE2jGHA5Lnn+Ppz1pWyGjgUkmUXDGCAnEwggJtAgEBMIGqMIGV
# MQswCQYDVQQGEwJVUzELMAkGA1UECBMCVVQxFzAVBgNVBAcTDlNhbHQgTGFrZSBD
# aXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxITAfBgNVBAsTGGh0
# dHA6Ly93d3cudXNlcnRydXN0LmNvbTEdMBsGA1UEAxMUVVROLVVTRVJGaXJzdC1P
# YmplY3QCEE6wh4/MJDU2stjJ9785VXcwDQYJYIZIAWUDBAIBBQCggZgwGgYJKoZI
# hvcNAQkDMQ0GCyqGSIb3DQEJEAEEMBwGCSqGSIb3DQEJBTEPFw0xODA0MTkxMjUy
# MDJaMCsGCyqGSIb3DQEJEAIMMRwwGjAYMBYEFDZSfU+iamj560WW8dmauywOp236
# MC8GCSqGSIb3DQEJBDEiBCAfGu5EXU9vHIcyu94DSidkh18j0JW4NcaH80W2uC9f
# cDANBgkqhkiG9w0BAQEFAASCAQAatCOB10Rh37BhKntcXb5dlQ/W7AuQbOy+n0ag
# C1siLZoiL87iN6lv3xltZQ3RaJTaiYzvY938KmhOCECTxNp+3WhC4wv3zUZwZE8C
# aeXxA/Ffs6f6he/t6CmOjeFPK5b7xOeTSQOid/ljdoxeZc4eJy8JriwOzVIBB+Kl
# u+zmVWIcH16X+gB0LyjSfdpNaLqFX6vCmNT7u3PdQs3a3OlxuP12sUN2HkpBJjkI
# x/4nSyTJxi1rLF7ZBb6WJTUCn9FoidhPwz3WAA1dMoKbBWj9IzfKSuj17eoMIpqH
# Nwh7RmykkDdNiNjpnrPoXkEEjZ7KAgBgXnjc+KRJvGLk2v/6
# SIG # End signature block