Private/Import-ADFSTkAllTransformRules.ps1
|
function Import-ADFSTkAllTransformRules { $TransformRules = @{} #region Static values from config $TransformRules.o = [PSCustomObject]@{ Rule=@" @RuleName = "Send static [o]" => issue(type = "urn:oid:2.5.4.10", value = "$($Settings.configuration.StaticValues.o)", Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/attributename"] = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri"); "@ Attribute="" AttributeGroup="Static attributes" } $TransformRules.norEduOrgAcronym = [PSCustomObject]@{ Rule=@" @RuleName = "Send static [norEduOrgAcronym]" => issue(type = "urn:oid:1.3.6.1.4.1.2428.90.1.6", value = "$($Settings.configuration.StaticValues.norEduOrgAcronym)", Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/attributename"] = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri"); "@ Attribute="" AttributeGroup="Static attributes" } $TransformRules.c = [PSCustomObject]@{ Rule=@" @RuleName = "Send static [c]" => issue(type = "urn:oid:2.5.4.6", value = "$($Settings.configuration.StaticValues.c)", Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/attributename"] = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri"); "@ Attribute="" AttributeGroup="Static attributes" } $TransformRules.co = [PSCustomObject]@{ Rule=@" @RuleName = "Send static [co]" => issue(type = "urn:oid:0.9.2342.19200300.100.1.43", value = "$($Settings.configuration.StaticValues.co)", Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/attributename"] = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri"); "@ Attribute="" AttributeGroup="Static attributes" } $TransformRules.schacHomeOrganization = [PSCustomObject]@{ Rule=@" @RuleName = "Send static [schacHomeOrganization]" => issue(type = "urn:oid:1.3.6.1.4.1.25178.1.2.9", value = "$($Settings.configuration.StaticValues.schacHomeOrganization)", Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/attributename"] = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri"); "@ Attribute="" AttributeGroup="Static attributes" } $TransformRules.schacHomeOrganizationType = [PSCustomObject]@{ Rule=@" @RuleName = "Send static [schacHomeOrganizationType]" => issue(type = "urn:oid:1.3.6.1.4.1.25178.1.2.10", value = "$($Settings.configuration.StaticValues.schacHomeOrganizationType)", Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/attributename"] = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri"); "@ Attribute="" AttributeGroup="Static attributes" } #endregion #region ID's # $TransformRules."transient-id" = [PSCustomObject]@{ # Rule=@" # @RuleName = "synthesize transient-id" # c1:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid"] # && # c2:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant"] # => add(store = "_OpaqueIdStore", # types = ("http://$($Settings.configuration.StaticValues.ADFSExternalDNS)/internal/tpid"), # query = "{0};{1};{2};{3};{4}", # param = "useEntropy", # param = "http://$($Settings.configuration.StaticValues.ADFSExternalDNS)/adfs/services/trust![ReplaceWithSPNameQualifier]!" + c1.Value, # param = c1.OriginalIssuer, # param = "", # param = c2.Value); # # @RuleName = "issue transient-id" # c:[Type == "http://$($Settings.configuration.StaticValues.ADFSExternalDNS)/internal/tpid"] # => issue(Type = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", # Value = c.Value, # Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/format"] = "urn:oasis:names:tc:SAML:2.0:nameid-format:transient", # Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/spnamequalifier"] = "[ReplaceWithSPNameQualifier]", # Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/namequalifier"] = "http://$($Settings.configuration.StaticValues.ADFSExternalDNS)/adfs/services/trust"); #"@ # Attribute="" # AttributeGroup="ID's" # } #New way to release nameID $TransformRules."transient-id" = [PSCustomObject]@{ Rule=@" @RuleName = "synthesize transient-id" c1:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid"] && c2:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant"] => add( store = "_OpaqueIdStore", types = ("urn:adfstk:transientid"), query = "{0};{1};{2};{3};{4}", param = "useEntropy", param = c1.Value, param = c1.OriginalIssuer, param = "", param = c2.Value); @RuleName = "issue transient-id" c:[Type == "urn:adfstk:transientid"] => issue( Type = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", Value = c.Value, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/format"] = "urn:oasis:names:tc:SAML:2.0:nameid-format:transient", Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/spnamequalifier"] = "[ReplaceWithSPNameQualifier]", Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/namequalifier"] = "http://$($Settings.configuration.StaticValues.ADFSExternalDNS)/adfs/services/trust"); "@ Attribute="" AttributeGroup="ID's" } $TransformRules."persistent-id" = [PSCustomObject]@{ Rule=@" @RuleName = "synthesize persistent-id" c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid"] => add( store = "_OpaqueIdStore", types = ("urn:adfstk:persistentid"), query = "{0};{1};{2}", param = "ppid", param = c.Value, param = c.OriginalIssuer); @RuleName = "issue persistent-id" c:[Type == "urn:adfstk:persistentid"] => issue( Type = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, Value = c.Value, ValueType = c.ValueType, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/format"] = "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/spnamequalifier"] = "[ReplaceWithSPNameQualifier]", Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/namequalifier"] = "http://$($Settings.configuration.StaticValues.ADFSExternalDNS)"); "@ Attribute="" AttributeGroup="ID's" } # eduPersonPrincipalName # Calculated based off an ADFSTk configuration rule keyed to ADFSTkExtractSubjectUniqueId, default to the Claim 'upn' # # Origin Claim will have only the left hand side being everything prior to the first @ sign # Rest of the string will be surpressed and then it is re-assembled with our SAML2 scope. # $TransformRules.eduPersonPrincipalName = [PSCustomObject]@{ Rule=@" @RuleName = "compose eduPersonPrincipalName" c:[Type == "$(($Settings.configuration.storeConfig.transformRules.rule | ? name -eq "ADFSTkExtractSubjectUniqueId").originClaim )" ] => issue(Type = "urn:oid:1.3.6.1.4.1.5923.1.1.1.6", Value = RegexReplace(c.Value, "@.*$", "") +"@$($Settings.configuration.StaticValues.schacHomeOrganization)", Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/attributename"] = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri"); "@ Attribute="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" AttributeGroup="ID's" } $TransformRules.eduPersonTargetedID = [PSCustomObject]@{ Rule=@" @RuleName = "compose eduPersonTargetedID" c:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name", Value !~ "^.+\\"] => issue(Type = "urn:oid:1.3.6.1.4.1.5923.1.1.1.10", Value = c.Value, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/attributename"] = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri"); "@ Attribute="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" AttributeGroup="ID's" } $TransformRules.eduPersonUniqueID = [PSCustomObject]@{ Rule=@" @RuleName = "compose eduPersonUniqueID" c:[Type == "urn:mace:dir:attribute-def:eduPersonUniqueID"] => issue(Type = "urn:oid:1.3.6.1.4.1.5923.1.1.1.13", Value = RegExReplace(c.Value, "-", "") + "@$($Settings.configuration.StaticValues.schacHomeOrganization)", Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/attributename"] = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri"); "@ Attribute="urn:mace:dir:attribute-def:eduPersonUniqueID" AttributeGroup="ID's" } $TransformRules["LoginName"] = [PSCustomObject]@{ Rule=@" @RuleName = "Transform LoginName" c:[Type == "http://schemas.xmlsoap.org/claims/samaccountname"] => issue(Type = "LOGINNAME", Value = c.Value, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/attributename"] = "urn:oasis:names:tc:SAML:2.0:assertion"); "@ Attribute="http://schemas.xmlsoap.org/claims/samaccountname" AttributeGroup="ID's" } #endregion #region Personal attributes $TransformRules.givenName = Get-ADFSTkTransformRule -Type "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" ` -Oid "urn:oid:2.5.4.42" ` -AttributeName givenName ` -AttributeGroup "Personal attributes" $TransformRules.sn = Get-ADFSTkTransformRule -Type "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" ` -Oid "urn:oid:2.5.4.4" ` -AttributeName sn ` -AttributeGroup "Personal attributes" $TransformRules.displayName = Get-ADFSTkTransformRule -Type "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/displayname" ` -Oid "urn:oid:2.16.840.1.113730.3.1.241" ` -AttributeName displayName ` -AttributeGroup "Personal attributes" $TransformRules.cn = Get-ADFSTkTransformRule -Type "http://schemas.xmlsoap.org/claims/CommonName" ` -Oid "urn:oid:2.5.4.3" ` -AttributeName cn ` -AttributeGroup "Personal attributes" # $TransformRules.cn = [PSCustomObject]@{ # Rule=@" # # @RuleName = "Transform CommonName" # c1:[Type == "http://schemas.xmlsoap.org/claims/CommonName"] && # c2:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"] && # c3:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"] && # => issue(Type = "urn:oid:2.5.4.3", # Value = c2.Value + " " + c3.Value, # Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/attributename"] = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri"); #"@ # # Attribute=@("givenName","sn") # AttributeGroup="Personal attributes" # } $TransformRules.mail = Get-ADFSTkTransformRule -Type "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" ` -Oid "urn:oid:0.9.2342.19200300.100.1.3" ` -AttributeName mail ` -AttributeGroup "Personal attributes" $TransformRules.personalIdentityNumber = [PSCustomObject]@{ Rule=@" @RuleName = "Transform personalIdentityNumber" c:[Type == "urn:mace:dir:attribute-def:personalIdentityNumber", value =~ "^(18|19|20)?[0-9]{2}((0[0-9])|(10|11|12))((([0-2][0-9])|(3[0-1]))|((6[1-9])|([7-8][0-9])|(9[0-1])))[0-9]{4}$"] => issue(Type = "urn:oid:1.2.752.29.4.13", Value = c.Value, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/attributename"] = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri"); "@ Attribute="urn:mace:dir:attribute-def:personalIdentityNumber" AttributeGroup="Personal attributes" } # $TransformRules.schacDateOfBirth = [PSCustomObject]@{ # Rule=@' # # @RuleName = "Transform schacDateOfBirth" # c:[Type == "urn:mace:dir:attribute-def:schacDateOfBirth", # value =~ "^(18|19|20)?[0-9]{2}((0[0-9])|(10|11|12))((([0-2][0-9])|(3[0-1]))|((6[1-9])|([7-8][0-9])|(9[0-1])))[0-9]{4}$"] # => issue(Type = "urn:oid:1.3.6.1.4.1.25178.1.2.3", # Value = regexReplace (c.Value, "(?<start>^.{1,8}).+$", "${start}"), # Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/attributename"] = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri"); #'@ # # Attribute="urn:mace:dir:attribute-def:schacDateOfBirth" # AttributeGroup="Personal attributes" # } $TransformRules.schacDateOfBirth = [PSCustomObject]@{ Rule=@' @RuleName = "Compose schacDateOfBirth start" c:[Type == "urn:mace:dir:attribute-def:schacDateOfBirth", Value =~ "^(18|19|20)?[0-9]{2}((0[0-9])|(10|11|12))((([0-2][0-9])|(3[0-1]))|((6[1-9])|([7-8][0-9])|(9[0-1])))[0-9]{4}$"] => add(Type = "urn:adfstk:schackdateofbirth:start", Value = regexReplace(c.Value, "(?<start>^.{6}).+$", "${start}")); @RuleName = "Compose schacDateOfBirth middle" c:[Type == "urn:mace:dir:attribute-def:schacDateOfBirth", Value =~ "^(18|19|20)?[0-9]{2}((0[0-9])|(10|11|12))((([0-2][0-9])|(3[0-1]))|((6[1-9])|([7-8][0-9])|(9[0-1])))[0-9]{4}$"] => add(Type = "urn:adfstk:schackdateofbirth:middle", Value = regexReplace(c.Value, "^.{6}(?<middle>\d{1}).+$", "${middle}")); @RuleName = "Compose schacDateOfBirth end" c:[Type == "urn:mace:dir:attribute-def:schacDateOfBirth", Value =~ "^(18|19|20)?[0-9]{2}((0[0-9])|(10|11|12))((([0-2][0-9])|(3[0-1]))|((6[1-9])|([7-8][0-9])|(9[0-1])))[0-9]{4}$"] => add(Type = "urn:adfstk:schackdateofbirth:end", Value = regexReplace(c.Value, "^.{7}(?<end>\d{1}).+$", "${end}")); @RuleName = "Transform schacDateOfBirth 6x->0x" c1:[Type == "urn:adfstk:schackdateofbirth:start"] && c2:[Type == "urn:adfstk:schackdateofbirth:middle", Value == "6"] && c3:[Type == "urn:adfstk:schackdateofbirth:end"] => issue(Type = "urn:oid:1.3.6.1.4.1.25178.1.2.3", Value = c1.Value + "0" + c3.Value, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/attributename"] = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri"); @RuleName = "Transform schacDateOfBirth 7x->1x" c1:[Type == "urn:adfstk:schackdateofbirth:start"] && c2:[Type == "urn:adfstk:schackdateofbirth:middle", Value == "7"] && c3:[Type == "urn:adfstk:schackdateofbirth:end"] => issue(Type = "urn:oid:1.3.6.1.4.1.25178.1.2.3", Value = c1.Value + "1" + c3.Value, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/attributename"] = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri"); @RuleName = "Transform schacDateOfBirth 8x->2x" c1:[Type == "urn:adfstk:schackdateofbirth:start"] && c2:[Type == "urn:adfstk:schackdateofbirth:middle", Value == "8"] && c3:[Type == "urn:adfstk:schackdateofbirth:end"] => issue(Type = "urn:oid:1.3.6.1.4.1.25178.1.2.3", Value = c1.Value + "2" + c3.Value, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/attributename"] = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri"); @RuleName = "Transform schacDateOfBirth 9x->3x" c1:[Type == "urn:adfstk:schackdateofbirth:start"] && c2:[Type == "urn:adfstk:schackdateofbirth:middle", Value == "9"] && c3:[Type == "urn:adfstk:schackdateofbirth:end"] => issue(Type = "urn:oid:1.3.6.1.4.1.25178.1.2.3", Value = c1.Value + "3" + c3.Value, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/attributename"] = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri"); @RuleName = "Transform schacDateOfBirth <=3x" c1:[Type == "urn:adfstk:schackdateofbirth:start"] && c2:[Type == "urn:adfstk:schackdateofbirth:middle", Value =~ "[0-3]"] && c3:[Type == "urn:adfstk:schackdateofbirth:end"] => issue(Type = "urn:oid:1.3.6.1.4.1.25178.1.2.3", Value = c1.Value + c2.Value + c3.Value, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/attributename"] = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri"); '@ Attribute="urn:mace:dir:attribute-def:schacDateOfBirth" AttributeGroup="Personal attributes" } #endregion #region eduPerson Attributes $TransformRules.eduPersonScopedAffiliation = Get-ADFSTkTransformRule -Type "urn:mace:dir:attribute-def:eduPersonScopedAffiliation" ` -Oid "urn:oid:1.3.6.1.4.1.5923.1.1.1.9" ` -AttributeName eduPersonScopedAffiliation ` -AttributeGroup "eduPerson attributes" $TransformRules.eduPersonAffiliation = Get-ADFSTkTransformRule -Type "urn:mace:dir:attribute-def:eduPersonAffiliation" ` -Oid "urn:oid:1.3.6.1.4.1.5923.1.1.1.1" ` -AttributeName eduPersonAffiliation ` -AttributeGroup "eduPerson attributes" $TransformRules.eduPersonPrimaryAffiliation = Get-ADFSTkTransformRule -Type "urn:mace:dir:attribute-def:eduPersonPrimaryAffiliation" ` -Oid "urn:oid:1.3.6.1.4.1.5923.1.1.1.5" ` -AttributeName eduPersonPrimaryAffiliation ` -AttributeGroup "eduPerson attributes" $TransformRules.norEduPersonLIN = Get-ADFSTkTransformRule -Type "urn:mace:dir:attribute-def:norEduPersonLIN" ` -Oid "urn:oid:1.3.6.1.4.1.2428.90.1.4" ` -AttributeName norEduPersonLIN ` -AttributeGroup "norEduPerson attributes" $TransformRules.norEduPersonNIN = [PSCustomObject]@{ Rule=@" @RuleName = "Transform norEduPersonNIN" c:[Type == "urn:mace:dir:attribute-def:norEduPersonNIN", value =~ "^(18|19|20)[0-9]{2}((0[1-9])|(10|11|12))(((0[1-9])|([1-2][0-9])|(3[0-1]))|((6[1-9])|([7-8][0-9])|(9[0-1])))(([PTRSUWXJKLMN]{1}[0-9]{3})|([0-9]{4}))$"] => issue(Type = "urn:oid:1.3.6.1.4.1.2428.90.1.5", Value = c.Value, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/attributename"] = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri"); "@ Attribute="urn:mace:dir:attribute-def:norEduPersonNIN" AttributeGroup="eduPerson attributes" } $TransformRules.eduPersonEntitlement = Get-ADFSTkTransformRule -Type "urn:mace:dir:attribute-def:eduPersonEntitlement" ` -Oid "urn:oid:1.3.6.1.4.1.5923.1.1.1.7" ` -AttributeName eduPersonEntitlement ` -AttributeGroup "eduPerson attributes" $TransformRules.eduPersonAssurance = Get-ADFSTkTransformRule -Type "urn:mace:dir:attribute-def:eduPersonAssurance" ` -Oid "urn:oid:1.3.6.1.4.1.5923.1.1.1.11" ` -AttributeName eduPersonAssurance ` -AttributeGroup "eduPerson attributes" $TransformRules.eduPersonOrcid = Get-ADFSTkTransformRule -Type "urn:mace:dir:attribute-def:eduPersonOrcid" ` -Oid "urn:oid:1.3.6.1.4.1.5923.1.1.1.16" ` -AttributeName eduPersonOrcid ` -AttributeGroup "norEduPerson attributes" #endregion $TransformRules } # SIG # Begin signature block # MIIczwYJKoZIhvcNAQcCoIIcwDCCHLwCAQExCzAJBgUrDgMCGgUAMGkGCisGAQQB # gjcCAQSgWzBZMDQGCisGAQQBgjcCAR4wJgIDAQAABBAfzDtgWUsITrck0sYpfvNR # AgEAAgEAAgEAAgEAAgEAMCEwCQYFKw4DAhoFAAQUUEAJqjOuzLFfiDX3C83C10Ur # EhCgghcwMIIEFDCCAvygAwIBAgILBAAAAAABL07hUtcwDQYJKoZIhvcNAQEFBQAw # VzELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNV # BAsTB1Jvb3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xMTA0 # MTMxMDAwMDBaFw0yODAxMjgxMjAwMDBaMFIxCzAJBgNVBAYTAkJFMRkwFwYDVQQK # ExBHbG9iYWxTaWduIG52LXNhMSgwJgYDVQQDEx9HbG9iYWxTaWduIFRpbWVzdGFt # cGluZyBDQSAtIEcyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlO9l # +LVXn6BTDTQG6wkft0cYasvwW+T/J6U00feJGr+esc0SQW5m1IGghYtkWkYvmaCN # d7HivFzdItdqZ9C76Mp03otPDbBS5ZBb60cO8eefnAuQZT4XljBFcm05oRc2yrmg # jBtPCBn2gTGtYRakYua0QJ7D/PuV9vu1LpWBmODvxevYAll4d/eq41JrUJEpxfz3 # zZNl0mBhIvIG+zLdFlH6Dv2KMPAXCae78wSuq5DnbN96qfTvxGInX2+ZbTh0qhGL # 2t/HFEzphbLswn1KJo/nVrqm4M+SU4B09APsaLJgvIQgAIMboe60dAXBKY5i0Eex # +vBTzBj5Ljv5cH60JQIDAQABo4HlMIHiMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMB # Af8ECDAGAQH/AgEAMB0GA1UdDgQWBBRG2D7/3OO+/4Pm9IWbsN1q1hSpwTBHBgNV # HSAEQDA+MDwGBFUdIAAwNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFs # c2lnbi5jb20vcmVwb3NpdG9yeS8wMwYDVR0fBCwwKjAooCagJIYiaHR0cDovL2Ny # bC5nbG9iYWxzaWduLm5ldC9yb290LmNybDAfBgNVHSMEGDAWgBRge2YaRQ2XyolQ # L30EzTSo//z9SzANBgkqhkiG9w0BAQUFAAOCAQEATl5WkB5GtNlJMfO7FzkoG8IW # 3f1B3AkFBJtvsqKa1pkuQJkAVbXqP6UgdtOGNNQXzFU6x4Lu76i6vNgGnxVQ380W # e1I6AtcZGv2v8Hhc4EvFGN86JB7arLipWAQCBzDbsBJe/jG+8ARI9PBw+DpeVoPP # PfsNvPTF7ZedudTbpSeE4zibi6c1hkQgpDttpGoLoYP9KOva7yj2zIhd+wo7AKvg # IeviLzVsD440RZfroveZMzV+y5qKu0VN5z+fwtmK+mWybsd+Zf/okuEsMaL3sCc2 # SI8mbzvuTXYfecPlf5Y1vC0OzAGwjn//UYCAp5LUs0RGZIyHTxZjBzFLY7Df8zCC # BH0wggNloAMCAQICAxvnFTANBgkqhkiG9w0BAQsFADBjMQswCQYDVQQGEwJVUzEh # MB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBE # YWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTE0MDEwMTA3 # MDAwMFoXDTMxMDUzMDA3MDAwMFowgYMxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdB # cml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNv # bSwgSW5jLjExMC8GA1UEAxMoR28gRGFkZHkgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRo # b3JpdHkgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL9xYgjx # +lk09xvJGKP3gElY6SKDE6bFIEMBO4Tx5oVJnyfq9oQbTqC023CYxzIBsQU+B07u # 9PpPL1kwIuerGVZr4oAH/PMWdYA5UXvl+TW2dE6pjYIT5LY/qQOD+qK+ihVqf94L # w7YZFAXK6sOoBJQ7RnwyDfMAZiLIjWltNowRGLfTshxgtDj6AozO091GB94KPutd # fMh8+7ArU6SSYmlRJQVhGkSBjCypQ5Yj36w6gZoOKcUcqeldHraenjAKOc7xiID7 # S13MMuyFYkMlNAJWJwGRtDtwKj9useiciAF9n9T521NtYJ2/LOdYq7hfRvzOxBsD # PAnrSTFcaUaz4EcCAwEAAaOCARcwggETMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P # AQH/BAQDAgEGMB0GA1UdDgQWBBQ6moUHEGcotu/2vQVBbiDBlNoP3jAfBgNVHSME # GDAWgBTSxLDSkdRMEXGzYcs9of7dqGrU4zA0BggrBgEFBQcBAQQoMCYwJAYIKwYB # BQUHMAGGGGh0dHA6Ly9vY3NwLmdvZGFkZHkuY29tLzAyBgNVHR8EKzApMCegJaAj # hiFodHRwOi8vY3JsLmdvZGFkZHkuY29tL2dkcm9vdC5jcmwwRgYDVR0gBD8wPTA7 # BgRVHSAAMDMwMQYIKwYBBQUHAgEWJWh0dHBzOi8vY2VydHMuZ29kYWRkeS5jb20v # cmVwb3NpdG9yeS8wDQYJKoZIhvcNAQELBQADggEBAFkLU72ShhGnJHvtWzHPHR9s # cMW4br5Ou/a+l1DhMH+6KFxilMLjfjP3+0J2hduVHIwiWHUJDIhlZzkKFgnFoDiX # pMUjkz+0GKYBBkSR46dpJ7RaJX86tzLN3YT/KjgpM6TdZ7KF/qGIIBxQicjcKvZC # AzdM5ojf1a8k8rHD38y17OCZXrdJVCA8lBgMxxxSGEmkbeGzWAvJ2OzZrhwyjihw # DeL+pheehA+9V3CzWukfoIZTu+98/2kL4EjDt5MLyApUxKxdFGc3bMqlLzEIN6pu # b4y8m+JXXSSBr5eXnIStbKw3TGbzYZERIOS+MJ96pCkJsOE0X2R3GEBR34wwpq8w # ggSfMIIDh6ADAgECAhIRIdaZp2SXPvH4Qn7pGcxTQRQwDQYJKoZIhvcNAQEFBQAw # UjELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExKDAmBgNV # BAMTH0dsb2JhbFNpZ24gVGltZXN0YW1waW5nIENBIC0gRzIwHhcNMTYwNTI0MDAw # MDAwWhcNMjcwNjI0MDAwMDAwWjBgMQswCQYDVQQGEwJTRzEfMB0GA1UEChMWR01P # IEdsb2JhbFNpZ24gUHRlIEx0ZDEwMC4GA1UEAxMnR2xvYmFsU2lnbiBUU0EgZm9y # IE1TIEF1dGhlbnRpY29kZSAtIEcyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB # CgKCAQEAsBeuotO2BDBWHlgPse1VpNZUy9j2czrsXV6rJf02pfqEw2FAxUa1WVI7 # QqIuXxNiEKlb5nPWkiWxfSPjBrOHOg5D8NcAiVOiETFSKG5dQHI88gl3p0mSl9Rs # kKB2p/243LOd8gdgLE9YmABr0xVU4Prd/4AsXximmP/Uq+yhRVmyLm9iXeDZGayL # V5yoJivZF6UQ0kcIGnAsM4t/aIAqtaFda92NAgIpA6p8N7u7KU49U5OzpvqP0liT # FUy5LauAo6Ml+6/3CGSwekQPXBDXX2E3qk5r09JTJZ2Cc/os+XKwqRk5KlD6qdA8 # OsroW+/1X1H0+QrZlzXeaoXmIwRCrwIDAQABo4IBXzCCAVswDgYDVR0PAQH/BAQD # AgeAMEwGA1UdIARFMEMwQQYJKwYBBAGgMgEeMDQwMgYIKwYBBQUHAgEWJmh0dHBz # Oi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMAkGA1UdEwQCMAAwFgYD # VR0lAQH/BAwwCgYIKwYBBQUHAwgwQgYDVR0fBDswOTA3oDWgM4YxaHR0cDovL2Ny # bC5nbG9iYWxzaWduLmNvbS9ncy9nc3RpbWVzdGFtcGluZ2cyLmNybDBUBggrBgEF # BQcBAQRIMEYwRAYIKwYBBQUHMAKGOGh0dHA6Ly9zZWN1cmUuZ2xvYmFsc2lnbi5j # b20vY2FjZXJ0L2dzdGltZXN0YW1waW5nZzIuY3J0MB0GA1UdDgQWBBTUooRKOFoY # f7pPMFC9ndV6h9YJ9zAfBgNVHSMEGDAWgBRG2D7/3OO+/4Pm9IWbsN1q1hSpwTAN # BgkqhkiG9w0BAQUFAAOCAQEAj6kakW0EpjcgDoOW3iPTa24fbt1kPWghIrX4RzZp # juGlRcckoiK3KQnMVFquxrzNY46zPVBI5bTMrs2SjZ4oixNKEaq9o+/Tsjb8tKFy # v22XY3mMRLxwL37zvN2CU6sa9uv6HJe8tjecpBwwvKu8LUc235IgA+hxxlj2dQWa # NPALWVqCRDSqgOQvhPZHXZbJtsrKnbemuuRQ09Q3uLogDtDTkipbxFm7oW3bPM5E # ncE4Kq3jjb3NCXcaEL5nCgI2ZIi5sxsm7ueeYMRGqLxhM2zPTrmcuWrwnzf+tT1P # mtNN/94gjk6Xpv2fCbxNyhh2ybBNhVDygNIdBvVYBAexGDCCBNAwggO4oAMCAQIC # AQcwDQYJKoZIhvcNAQELBQAwgYMxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6 # b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwg # SW5jLjExMC8GA1UEAxMoR28gRGFkZHkgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3Jp # dHkgLSBHMjAeFw0xMTA1MDMwNzAwMDBaFw0zMTA1MDMwNzAwMDBaMIG0MQswCQYD # VQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEa # MBgGA1UEChMRR29EYWRkeS5jb20sIEluYy4xLTArBgNVBAsTJGh0dHA6Ly9jZXJ0 # cy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5LzEzMDEGA1UEAxMqR28gRGFkZHkgU2Vj # dXJlIENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMIIBIjANBgkqhkiG9w0BAQEF # AAOCAQ8AMIIBCgKCAQEAueDLENSvdr3Uk2LrMGS4gQhswwTZYheOL/8+Zc+PzmLm # PFIc2hZFS1WreGtjg2KQzg9pbJnIGhSLTMxFM+qI3J6jryv+gGGdeVfEzy70PzA8 # XUf8mha8wzeWQVGOEUtU+Ci+0Iy+8DA4HvOwJvhmR2Nt3nEmR484R1PRRh2049wA # 6kWsvbxx2apvANvbzTA6eU9fTEf4He9bwsSdYDuxskOR2KQzTuqz1idPrSWKpcb0 # 1dCmrnQFZFeItURV1C0qOj74uL3pMgoClGTEFjpQ8Uqu53kzrwwgB3/o3wQ5wmkC # bGNS+nfBG8h0h8i5kxhQVDVLaU68O9NJLh/cwdJS+wIDAQABo4IBGjCCARYwDwYD # VR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFEDCvSeOzDSD # MKIz1/tss/C0LIDOMB8GA1UdIwQYMBaAFDqahQcQZyi27/a9BUFuIMGU2g/eMDQG # CCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZ29kYWRkeS5j # b20vMDUGA1UdHwQuMCwwKqAooCaGJGh0dHA6Ly9jcmwuZ29kYWRkeS5jb20vZ2Ry # b290LWcyLmNybDBGBgNVHSAEPzA9MDsGBFUdIAAwMzAxBggrBgEFBQcCARYlaHR0 # cHM6Ly9jZXJ0cy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5LzANBgkqhkiG9w0BAQsF # AAOCAQEACH5skxDIOLiWqZBL/6FfTwTvbD6ciAbJUI+mc/dXMRu+vOQv2/i601vg # tOfmeWIODKLXamNzMbX1qEikOwgtol2Q17R8JU8RVjDEtkSdeyyd5V7m7wxhqr/k # KhvuhJ64g33BQ85EpxNwDZEf9MgTrYNg2dhyqHMkHrWsIg7KF4liWEQbq4klAQAP # zcQbYttRtNMPUSqb9Lxz/HbONqTN2dgs6q6b9SqykNFNdRiKP4pBkCN9W0v+pANY # m0ayw2Bgg/h9UEHOwqGQw7vvAi/SFVTuRBXZCq6nijPtsS12NibcBOuf92EfFdyH # b+5GliitoSZ9CgmnLgSjjbz4vAQwATCCBRwwggQEoAMCAQICCDeMqUwECkf0MA0G # CSqGSIb3DQEBCwUAMIG0MQswCQYDVQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTET # MBEGA1UEBxMKU2NvdHRzZGFsZTEaMBgGA1UEChMRR29EYWRkeS5jb20sIEluYy4x # LTArBgNVBAsTJGh0dHA6Ly9jZXJ0cy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5LzEz # MDEGA1UEAxMqR28gRGFkZHkgU2VjdXJlIENlcnRpZmljYXRlIEF1dGhvcml0eSAt # IEcyMB4XDTIwMDEwODExMjIyNFoXDTIxMDMwODE4NTgwMFowXjELMAkGA1UEBhMC # Q0ExEDAOBgNVBAgTB09udGFyaW8xDzANBgNVBAcTBk90dGF3YTEVMBMGA1UEChMM # Q0FOQVJJRSBJbmMuMRUwEwYDVQQDEwxDQU5BUklFIEluYy4wggEiMA0GCSqGSIb3 # DQEBAQUAA4IBDwAwggEKAoIBAQDZhfCjFqiTmN1uLoySixnwaOjf/ZAL9P6SvjlC # aBA2mutoorEgnzUP8HnOIcvMRgEMPmpaZ8egM93Bmx9d41xoarsQpCN3DhYOo+b3 # fWnPucVtpxbul2OFePv63mw/uvr+dqkv4b/f3Tg+ilQbpsNonbvh9MKEFv8Pn9ko # j0ySV+qxz34PxTVAe6g//pel3/3i9fqilCnIEcx4zg/+NKBeOWROSs4oXo3IvBjV # runmz+YuieSr78TqIE6hD8JF2q1wKwfMB3+x7dEXZAus9WtIU/qITATtEfO9QAgr # rYL4F1MLN+osSp8my5eCOjnLTQc47q574V3zQhsIHW7yBXLdAgMBAAGjggGFMIIB # gTAMBgNVHRMBAf8EAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMDMA4GA1UdDwEB/wQE # AwIHgDA1BgNVHR8ELjAsMCqgKKAmhiRodHRwOi8vY3JsLmdvZGFkZHkuY29tL2dk # aWcyczUtNS5jcmwwXQYDVR0gBFYwVDBIBgtghkgBhv1tAQcXAjA5MDcGCCsGAQUF # BwIBFitodHRwOi8vY2VydGlmaWNhdGVzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkv # MAgGBmeBDAEEATB2BggrBgEFBQcBAQRqMGgwJAYIKwYBBQUHMAGGGGh0dHA6Ly9v # Y3NwLmdvZGFkZHkuY29tLzBABggrBgEFBQcwAoY0aHR0cDovL2NlcnRpZmljYXRl # cy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5L2dkaWcyLmNydDAfBgNVHSMEGDAWgBRA # wr0njsw0gzCiM9f7bLPwtCyAzjAdBgNVHQ4EFgQUUPnMg2nmYS8l7rmax3weVkrg # z5AwDQYJKoZIhvcNAQELBQADggEBAIYabiARaY4KhO6oWgNHPOBjoHuqUH7NwRGN # /ztYJznRBZbdD50smoK5GR0FvUZ8TXhYoZOazXe4NlFM4e6YcudU+EA/OF+sZHFB # Wziz1VS6U3sS+cGyJcxvelSoid0q3W3i9/Zy6Nv2kk/DEJp49O47mPNovpL15yyk # X3Vo26GwC9peo4s/cKMzthmgrcF2uLkT+LW44xKhaL7nBTGDMhjno+a3t00SWCId # 7wzgQadIJ1QlFOKm0xgmuiW3LIqCG0apvaOfvWKTPKq68q+FbDPOO48oKrvw1c9K # /m8gcnBLz6PX1REVIs5u3pvdOYBCz6uXyKxnt+Q5jDEK0NskLu0xggUJMIIFBQIB # ATCBwTCBtDELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcT # ClNjb3R0c2RhbGUxGjAYBgNVBAoTEUdvRGFkZHkuY29tLCBJbmMuMS0wKwYDVQQL # EyRodHRwOi8vY2VydHMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeS8xMzAxBgNVBAMT # KkdvIERhZGR5IFNlY3VyZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMgIIN4yp # TAQKR/QwCQYFKw4DAhoFAKB4MBgGCisGAQQBgjcCAQwxCjAIoAKAAKECgAAwGQYJ # KoZIhvcNAQkDMQwGCisGAQQBgjcCAQQwHAYKKwYBBAGCNwIBCzEOMAwGCisGAQQB # gjcCARUwIwYJKoZIhvcNAQkEMRYEFHZBrIxjrXmSDJI13FKsa3E+1x06MA0GCSqG # SIb3DQEBAQUABIIBAKu9V3rPaEkddSm9Y2Etb42pfQe0GBBOdVqhTS23qlaaEbP+ # SkVe6zI8AUndHMAxn2SiMiTmb3JGP+55P8nZS62fVtCDVjF4b5wJ+fyZzwht+W5u # piBQKzIyF+WuMog/AML+KRr9fVuRvw47c0XPXBR5E8nmxtvMnZG5Ta3yBjN5os/L # ZOlrK+Nm3G83Vf7DCOX3xrKHPUDYmCP5QMx8k47h1bKTCEWo4BxgA68O8B3hXbyW # M9R+l6XkNwZjLxmi8/59aSLC7wy5c8DovK8zPLmQfHNJ6BOCugAAIDoqpSWhWDsW # JddTTIpAxgBxMFMrEwbfgwS/KTzBqVLgPPTNIVKhggKiMIICngYJKoZIhvcNAQkG # MYICjzCCAosCAQEwaDBSMQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2ln # biBudi1zYTEoMCYGA1UEAxMfR2xvYmFsU2lnbiBUaW1lc3RhbXBpbmcgQ0EgLSBH # MgISESHWmadklz7x+EJ+6RnMU0EUMAkGBSsOAwIaBQCggf0wGAYJKoZIhvcNAQkD # MQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMjAwNTEyMTM0MTI0WjAjBgkq # hkiG9w0BCQQxFgQU4H896hJx92gw6y0wxfJUzMT9xT8wgZ0GCyqGSIb3DQEJEAIM # MYGNMIGKMIGHMIGEBBRjuC+rYfWDkJaVBQsAJJxQKTPseTBsMFakVDBSMQswCQYD # VQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTEoMCYGA1UEAxMfR2xv # YmFsU2lnbiBUaW1lc3RhbXBpbmcgQ0EgLSBHMgISESHWmadklz7x+EJ+6RnMU0EU # MA0GCSqGSIb3DQEBAQUABIIBADWiRahm2BowrLekZsVPeEQg1Wt6DtMS6gRMCJJE # vsbeKOuwKPgESyxC/91FKAyFq0GhBUKuLfKfrgC1+CP94GPFcz0tQxkR0ulBVQcU # hlfmpdykHBIn/dUQ7bfCmGzwxEP8LIKsgG+tYFIFMlLwxumXxi9wCpA44I6dLkxg # G4efKVU7kQxDua+fzTjRLC/cAD1QlWL2mDd1kdRDCc5IZNLa885UyOKkn8d6l0Ij # Hz1kGKwsT3CA34mlJpOnfbkEQqox9wZTgywHtP1vkNHIgDjJWQEoTgQaV2Ips6p1 # CfxdR9ltgmGcomO1uXY/BgiZrq4zQ/pCMBJ3dmWTE2ES7jU= # SIG # End signature block |