Public/Import-ADFSTkMetadata.ps1
|
#Requires -Version 5.1 #Requires -RunAsAdministrator function Import-ADFSTkMetadata { [CmdletBinding(DefaultParameterSetName = 'AllSPs', SupportsShouldProcess = $true)] param ( [Parameter(ParameterSetName = 'SingleSP', Mandatory = $true, ValueFromPipelineByPropertyName = $true, Position = 0)] $EntityId, [Parameter(ParameterSetName = 'SingleSP', Mandatory = $false, ValueFromPipelineByPropertyName = $true, Position = 1)] $EntityBase, [string]$ConfigFile, [string]$LocalMetadataFile, [string[]]$ForcedEntityCategories, [Parameter(ParameterSetName = 'AllSPs')] [switch] $ProcessWholeMetadata, [switch]$ForceUpdate, [Parameter(ParameterSetName = 'AllSPs')] [switch] $AddRemoveOnly, #The time in minutes the chached metadatafile live [int] $CacheTime = 15, #The maximum SPs to add in one run (to prevent throttling). Is used when the script recusrive calls itself [int] $MaxSPAdditions = 80, [switch]$Silent, [switch]$criticalHealthChecksOnly, #If this switch is not provided the memory cache will be deleted [switch] $PreserveMemoryCache ) process { #$CompatibleConfigVersion = "1.3" #Check if we should avoid deleting memory cache if (!$PSBoundParameters.ContainsKey('PreserveMemoryCache') -or ($PSBoundParameters.ContainsKey('PreserveMemoryCache') -and $PreserveMemoryCache -eq $false)) { Remove-ADFSTkCache -AttributeMemoryCache } try { # load configuration file if (!(Test-Path ( $ConfigFile ))) { throw (Get-ADFSTkLanguageText cFileDontExist -f $ConfigFile) } else { [xml]$Settings = Get-Content ($ConfigFile) $Global:ADFSTkCurrentInstitutionConfig = $ConfigFile } # set appropriate logging via EventLog mechanisms if (Verify-ADFSTkEventLogUsage) { #If we evaluated as true, the eventlog is now set up and we link the WriteADFSTklog to it Write-ADFSTkLog -SetEventLogName $Settings.configuration.logging.LogName -SetEventLogSource $Settings.configuration.logging.Source } else { # No Event logging is enabled, just this one to a file Write-ADFSTkLog (Get-ADFSTkLanguageText importEventLogMissingInSettings) -MajorFault } #Check against compatible version #if ([float]$Settings.configuration.ConfigVersion -lt [float]$CompatibleConfigVersion) #{ # Write-ADFSTkLog (Get-ADFSTkLanguageText importIncompatibleInstitutionConfigVersion -f $Settings.configuration.ConfigVersion, $CompatibleConfigVersion) -MajorFault #} if ($PSBoundParameters.ContainsKey('criticalHealthChecksOnly') -and $criticalHealthChecksOnly -ne $false) { $healthCheckResult = Get-ADFSTkHealth -ConfigFile $ConfigFile -HealthCheckMode CriticalOnly -Silent } else { $healthCheckResult = Get-ADFSTkHealth -ConfigFile $ConfigFile -Silent } if ($healthCheckResult -eq $false) { Write-ADFSTkLog "The Health Check of ADFS Toolkit did not pass! Check earlier log entries to see what's wrong." -MajorFault } #region Get static values from configuration file $mypath = $ExecutionContext.SessionState.Path.GetUnresolvedProviderPathFromPSPath('.\') Write-ADFSTkVerboseLog (Get-ADFSTkLanguageText importStarted) -EntryType Information Write-ADFSTkLog (Get-ADFSTkLanguageText importCurrentPath -f $Global:ADFSTkPaths.modulePath) -EventID 1 #endregion #region Get SP Hash if ([string]::IsNullOrEmpty($Settings.configuration.SPHashFile)) { Write-ADFSTkLog (Get-ADFSTkLanguageText importMissingSPHashFileInConfig -f $ConfigFile) -MajorFault } else { $SPHashFile = Join-Path $Global:ADFSTkPaths.cacheDir $Settings.configuration.SPHashFile Write-ADFSTkLog (Get-ADFSTkLanguageText importSettingSPHashFileTo -f $SPHashFile) -EventID 2 } if (Test-Path $SPHashFile) { try { $SPHashList = Import-Clixml $SPHashFile } catch { Write-ADFSTkVerboseLog (Get-ADFSTkLanguageText importCouldNotImportSPHashFile) $SPHashFileItem = Get-ChildItem $SPHashFile Rename-Item -Path $SPHashFile -NewName ("{0}_{1}.{2}" -f $SPHashFileItem.BaseName, ([guid]::NewGuid()).Guid, $SPHashFileItem.Extension) $SPHashList = @{} } } else { $SPHashList = @{} } #endregion #region Getting Metadata #Cached Metadata file #$CachedMetadataFile = Join-Path $Settings.configuration.WorkingPath -ChildPath $Settings.configuration.CacheDir | Join-Path -ChildPath $Settings.configuration.MetadataCacheFile $CachedMetadataFile = Join-Path $Global:ADFSTkPaths.cacheDir $Settings.configuration.MetadataCacheFile Write-ADFSTkLog (Get-ADFSTkLanguageText importSettingCachedMetadataFile -f $CachedMetadataFile) -EventID 3 if ($LocalMetadataFile) { try { $MetadataXML = new-object Xml.XmlDocument $MetadataXML.PreserveWhitespace = $true $MetadataXML.Load($LocalMetadataFile) Write-ADFSTkVerboseLog (Get-ADFSTkLanguageText importSuccessfullyLoadedLocalMetadataFile) -EntryType Information } catch { Write-ADFSTkLog (Get-ADFSTkLanguageText importCouldNotLoadLocalMetadataFile) -MajorFault -EventID 4 } } if ($MetadataXML -eq $null) { # $UseCachedMetadata = $false # if (($CacheTime -eq -1 -or $CacheTime -gt 0) -and (Test-Path $CachedMetadataFile)) #CacheTime = -1 allways use cached metadata if exists # { # if ($CacheTime -eq -1 -or (Get-ChildItem $CachedMetadataFile).LastWriteTime.AddMinutes($CacheTime) -ge (Get-Date)) # { # $UseCachedMetadata = $true # try # { # #[xml]$MetadataXML = Get-Content $CachedMetadataFile # $MetadataXML = new-object Xml.XmlDocument # $MetadataXML.PreserveWhitespace = $true # $MetadataXML.Load($CachedMetadataFile) # # if ([string]::IsNullOrEmpty($MetadataXML)) # { # Write-ADFSTkLog (Get-ADFSTkLanguageText importCachedMetadataEmptyDownloading) -EntryType Error -EventID 5 # $UseCachedMetadata = $false # } # } # catch # { # Write-ADFSTkLog (Get-ADFSTkLanguageText importCachedMetadataCorruptDownloading) -EntryType Error -EventID 6 # $UseCachedMetadata = $false # } # } # else # { # $UseCachedMetadata = $false # Remove-Item $CachedMetadataFile -Confirm:$false # } # } # # if (!$UseCachedMetadata) # { # # #Get Metadata URL from config # if ([string]::IsNullOrEmpty($Settings.configuration.metadataURL)) # { # $metadataURL = 'https://localhost/metadata.xml' #Just for fallback # } # else # { # $metadataURL = $Settings.configuration.metadataURL # } # # Write-ADFSTkVerboseLog (Get-ADFSTkLanguageText importDownloadingMetadataFrom) -EntryType Information # # try # { # Write-ADFSTkVerboseLog (Get-ADFSTkLanguageText importDownloadingFromTo -f $metadataURL, $CachedMetadataFile) -EntryType Information # # $webClient = New-Object System.Net.WebClient # $webClient.Headers.Add("user-agent", "ADFSToolkit") # $webClient.DownloadFile($metadataURL, $CachedMetadataFile) # # Write-ADFSTkVerboseLog (Get-ADFSTkLanguageText importSuccesfullyDownloadedMetadataFrom -f $metadataURL) -EntryType Information # } # catch # { # Write-ADFSTkLog (Get-ADFSTkLanguageText importCouldNotDownloadMetadataFrom -f $metadataURL) -MajorFault -EventID 7 # } # # try # { # Write-ADFSTkVerboseLog (Get-ADFSTkLanguageText importParsingMetadataXML) -EntryType Information # $MetadataXML = new-object Xml.XmlDocument # $MetadataXML.PreserveWhitespace = $true # $MetadataXML.Load($CachedMetadataFile) # #$MetadataXML = [xml]$Metadata.Content # Write-ADFSTkVerboseLog (Get-ADFSTkLanguageText importSuccessfullyParsedMetadataXMLFrom -f $metadataURL) -EntryType Information # } # catch # { # Write-ADFSTkLog (Get-ADFSTkLanguageText importCouldNotParseMetadataFrom -f $metadataURL) -MajorFault -EventID 8 # } # } $MetadataXML = Get-ADFSTkMetadata -CacheTime $CacheTime -CachedMetadataFile $CachedMetadataFile -metadataURL $Settings.configuration.metadataURL } # Assert that the metadata we are about to process is not zero bytes after all this if (Test-Path $CachedMetadataFile) { $MyFileSize = (Get-Item $CachedMetadataFile).length if ((Get-Item $CachedMetadataFile).length -gt 0kb) { Write-ADFSTkLog (Get-ADFSTkLanguageText importMetadataFileSize -f $MyFileSize) -EventID 9 } else { Write-ADFSTkLog (Get-ADFSTkLanguageText importCachedMetadataFileIsZeroBytes -f $CachedMetadataFile) -EventID 10 } } #endregion #Verify Metadata Signing Cert if ($Global:ADFSTkSkipMetadataSignatureCheck -ne $true) { Write-ADFSTkVerboseLog (Get-ADFSTkLanguageText importVerifyingSigningCert) -EntryType Information Write-ADFSTkVerboseLog (Get-ADFSTkLanguageText importEnsuringSHA256) -EntryType Information Update-SHA256AlgXmlDSigSupport if (Verify-ADFSTkSigningCert $MetadataXML.EntitiesDescriptor.Signature.KeyInfo.X509Data.X509Certificate) { Write-ADFSTkVerboseLog (Get-ADFSTkLanguageText importSuccessfullyVerifiedMetadataCert) -EntryType Information } else { Write-ADFSTkLog (Get-ADFSTkLanguageText importMetadataCertIncorrect) -MajorFault -EventID 11 } #Verify Metadata Signature Write-ADFSTkVerboseLog (Get-ADFSTkLanguageText importVerifyingMetadataSignature) -EntryType Information if (Verify-ADFSTkMetadataSignature $MetadataXML) { Write-ADFSTkVerboseLog (Get-ADFSTkLanguageText importSuccessfullyVerifiedMetadataSignature) -EntryType Information } else { Write-ADFSTkLog (Get-ADFSTkLanguageText importMetadataSignatureFailed) -MajorFault -EventID 12 } } #region Read/Create file with $RawAllSPs = $MetadataXML.EntitiesDescriptor.EntityDescriptor | ? { $_.SPSSODescriptor -ne $null } $myRawAllSPsCount = $RawALLSps.count Write-ADFSTkVerboseLog (Get-ADFSTkLanguageText importTotalNumberOfSPs -f $myRawAllSPsCount) if ($ProcessWholeMetadata) { Write-ADFSTkLog (Get-ADFSTkLanguageText importProcessingWholeMetadata) -EntryType Information -EventID 13 $AllSPs = $MetadataXML.EntitiesDescriptor.EntityDescriptor | ? { $_.SPSSODescriptor -ne $null } $myAllSPsCount = $ALLSPs.count Write-ADFSTkVerboseLog (Get-ADFSTkLanguageText importNumberOfSPsAfterFilter -f $myAllSPsCount) Write-ADFSTkVerboseLog (Get-ADFSTkLanguageText importCalculatingChanges) $AllSPs | % { $SwamidSPs = @() $SwamidSPsToProcess = @() } { Write-ADFSTkVerboseLog (Get-ADFSTkLanguageText cWorkingWith -f $_.EntityID) $SwamidSPs += $_.EntityId if (Check-ADFSTkSPHasChanged $_) { $SwamidSPsToProcess += $_ } #else #{ # Write-ADFSTkVerboseLog "Skipped due to no changes in metadata..." #} } { Write-ADFSTkVerboseLog (Get-ADFSTkLanguageText cDone) $n = $SwamidSPsToProcess.Count Write-ADFSTkVerboseLog (Get-ADFSTkLanguageText importFoundXNewChangedSPs -f $n) $batches = [Math]::Ceiling($n / $MaxSPAdditions) Write-ADFSTkVerboseLog (Get-ADFSTkLanguageText importBatchCount -f $batches) if ($n -gt 0) { if ($batches -gt 1) { for ($i = 1; $i -le $batches; $i++) { $ADFSTkModuleBase = Join-Path $Global:ADFSTkPaths.modulePath ADFSToolkit.psm1 Write-ADFSTkLog (Get-ADFSTkLanguageText importWorkingWithBatch -f $i, $batches, $ADFSTkModuleBase) -EventID 14 $runCommand = "-Command & {" if ($Global:ADFSTkSkipNotSignedHealthCheck -eq $true) { $runCommand += '$Global:ADFSTkSkipNotSignedHealthCheck = $true;' } $runCommand += "Import-ADFSTkMetadata -MaxSPAdditions $MaxSPAdditions -CacheTime -1 -ConfigFile '$ConfigFile'" if ($PSBoundParameters.ContainsKey("Silent") -and $Silent -ne $false) { $runCommand += " -Silent" } if ($PSBoundParameters.ContainsKey("criticalHealthChecksOnly") -and $criticalHealthChecksOnly -ne $false) { $runCommand += " -criticalHealthChecksOnly" } if ($PSBoundParameters.ContainsKey("ForceUpdate") -and $ForceUpdate -ne $false) { $runCommand += " -ForceUpdate" } if ($PSBoundParameters.ContainsKey("WhatIf") -and $WhatIf -ne $false) { $runCommand += " -WhatIf" } $runCommand += " ;Exit}" Start-Process -WorkingDirectory $ExecutionContext.SessionState.Path.GetUnresolvedProviderPathFromPSPath('.\') -FilePath "$env:SystemRoot\system32\WindowsPowerShell\v1.0\powershell.exe" -ArgumentList "-NoExit", $runCommand -Wait -NoNewWindow Write-ADFSTkLog (Get-ADFSTkLanguageText cDone) -EventID 15 } } else { $SwamidSPsToProcess | % { Processes-ADFSTkRelyingPartyTrust $_ } } } # Checking if any Relying Party Trusts show be removed $NamePrefix = $Settings.configuration.MetadataPrefix $Sep = $Settings.configuration.MetadataPrefixSeparator $FilterString = "$NamePrefix$Sep" Write-ADFSTkLog (Get-ADFSTkLanguageText importCheckingForRemovedRPsUsingFilter -f $FilterString) -EventID 16 $CurrentSwamidSPs = Get-ADFSRelyingPartyTrust | ? { $_.Name -like "$FilterString*" } | select -ExpandProperty Identifier if ($CurrentSwamidSPs -eq $null) { $CurrentSwamidSPs = @() } #$RemoveSPs = Compare-ADFSTkObject $CurrentSwamidSPs $SwamidSPs | ? SideIndicator -eq "<=" | select -ExpandProperty InputObject $CompareSets = Compare-ADFSTkObject -FirstSet $CurrentSwamidSPs -SecondSet $SwamidSPs -CompareType InFirstSetOnly Write-ADFSTkVerboseLog (Get-ADFSTkLanguageText importFoundRPsToRemove -f $CompareSets.MembersInCompareSet) if ($ForceUpdate) { foreach ($rp in $CompareSets.CompareSet) { Write-ADFSTkVerboseLog (Get-ADFSTkLanguageText cRemoving -f $rp) try { Remove-ADFSRelyingPartyTrust -TargetIdentifier $rp -Confirm:$false -ErrorAction Stop Write-ADFSTkVerboseLog (Get-ADFSTkLanguageText cDone) } catch { Write-ADFSTkLog (Get-ADFSTkLanguageText cCouldNotRemove -f $rp, $_) -EntryType Error -EventID 17 } } Remove-ADFSTkEntityHash -EntityIDs $CompareSets.CompareSet } else { $removeSet = $CompareSets.CompareSet | Get-ADFSTkAnswer -Caption (Get-ADFSTkLanguageText importDoYouWantToRemoveRPsNotInMetadata) foreach ($rp in $removeSet) { Write-ADFSTkVerboseLog (Get-ADFSTkLanguageText cRemoving -f $rp) try { Remove-ADFSRelyingPartyTrust -TargetIdentifier $rp -Confirm:$false -ErrorAction Stop Write-ADFSTkVerboseLog (Get-ADFSTkLanguageText cDone) } catch { Write-ADFSTkLog (Get-ADFSTkLanguageText importCouldNotRemove -f $rp, $_) -EntryType Error -EventID 18 } Remove-ADFSTkEntityHash -EntityIDs $removeSet } } } } elseif ($PSBoundParameters.ContainsKey('MaxSPAdditions') -and $MaxSPAdditions -gt 0) { Write-ADFSTkLog (Get-ADFSTkLanguageText importProcessingXRPs -f $MaxSPAdditions) -EntryType Information -EventID 19 $AllSPsInMetadata = $MetadataXML.EntitiesDescriptor.EntityDescriptor | ? { $_.SPSSODescriptor -ne $null } $i = 0 $n = 0 $m = $AllSPsInMetadata.Count - 1 $SPsToProcess = @() do { if (Check-ADFSTkSPHasChanged $AllSPsInMetadata[$i]) { $SPsToProcess += $AllSPsInMetadata[$i] $n++ } else { Write-ADFSTkVerboseLog (Get-ADFSTkLanguageText importSkippedNoChanges) } $i++ } until ($n -ge $MaxSPAdditions -or $i -ge $m) $SPsToProcess | % { Processes-ADFSTkRelyingPartyTrust $_ } } elseif (! ([string]::IsNullOrEmpty($EntityID) ) ) { #Enter so that SP: N is checked against the can and ask if you want to force update. Insert the hash! Write-ADFSTkVerboseLog (Get-ADFSTkLanguageText cWorkingWith -f $EntityID) if ([string]::IsNullOrEmpty($EntityBase)) { $sp = $MetadataXML.EntitiesDescriptor.EntityDescriptor | ? { $_.entityId -eq $EntityId } } else { $sp = $MetadataXML.EntitiesDescriptor.EntityDescriptor | ? { $_.entityId -eq $EntityId -and $_.base -eq $EntityBase } } if ($sp.count -gt 1) { $sp = $sp[0] Write-ADFSTkLog (Get-ADFSTkLanguageText importMoreThanOneRPWithEntityID -f $EntityId) -EntryType Warning -EventID 29 } if ([string]::IsNullOrEmpty($sp)) { Write-ADFSTkLog (Get-ADFSTkLanguageText importNoSPsFound) -MajorFault -EventID 20 } else { Processes-ADFSTkRelyingPartyTrust $sp } } else { Write-ADFSTkVerboseLog (Get-ADFSTkLanguageText importNothingToDo) } Write-ADFSTkVerboseLog (Get-ADFSTkLanguageText importScriptEnded) } Catch { Throw $_ } } } # SIG # Begin signature block # MIId/gYJKoZIhvcNAQcCoIId7zCCHesCAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCD11H4a/c+msRHU # ik3YMZtsmEEWFtsrRPGTiy8+fPkXwqCCGKwwggR9MIIDZaADAgECAgMb5xUwDQYJ # KoZIhvcNAQELBQAwYzELMAkGA1UEBhMCVVMxITAfBgNVBAoTGFRoZSBHbyBEYWRk # eSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28gRGFkZHkgQ2xhc3MgMiBDZXJ0aWZp # Y2F0aW9uIEF1dGhvcml0eTAeFw0xNDAxMDEwNzAwMDBaFw0zMTA1MzAwNzAwMDBa # MIGDMQswCQYDVQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2Nv # dHRzZGFsZTEaMBgGA1UEChMRR29EYWRkeS5jb20sIEluYy4xMTAvBgNVBAMTKEdv # IERhZGR5IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwggEiMA0GCSqG # SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/cWII8fpZNPcbyRij94BJWOkigxOmxSBD # ATuE8eaFSZ8n6vaEG06gtNtwmMcyAbEFPgdO7vT6Ty9ZMCLnqxlWa+KAB/zzFnWA # OVF75fk1tnROqY2CE+S2P6kDg/qivooVan/eC8O2GRQFyurDqASUO0Z8Mg3zAGYi # yI1pbTaMERi307IcYLQ4+gKMztPdRgfeCj7rXXzIfPuwK1OkkmJpUSUFYRpEgYws # qUOWI9+sOoGaDinFHKnpXR62np4wCjnO8YiA+0tdzDLshWJDJTQCVicBkbQ7cCo/ # brHonIgBfZ/U+dtTbWCdvyznWKu4X0b8zsQbAzwJ60kxXGlGs+BHAgMBAAGjggEX # MIIBEzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQU # OpqFBxBnKLbv9r0FQW4gwZTaD94wHwYDVR0jBBgwFoAU0sSw0pHUTBFxs2HLPaH+ # 3ahq1OMwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5n # b2RhZGR5LmNvbS8wMgYDVR0fBCswKTAnoCWgI4YhaHR0cDovL2NybC5nb2RhZGR5 # LmNvbS9nZHJvb3QuY3JsMEYGA1UdIAQ/MD0wOwYEVR0gADAzMDEGCCsGAQUFBwIB # FiVodHRwczovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMA0GCSqGSIb3 # DQEBCwUAA4IBAQBZC1O9koYRpyR77Vsxzx0fbHDFuG6+Trv2vpdQ4TB/uihcYpTC # 434z9/tCdoXblRyMIlh1CQyIZWc5ChYJxaA4l6TFI5M/tBimAQZEkeOnaSe0WiV/ # Orcyzd2E/yo4KTOk3Weyhf6hiCAcUInI3Cr2QgM3TOaI39WvJPKxw9/MtezgmV63 # SVQgPJQYDMccUhhJpG3hs1gLydjs2a4cMo4ocA3i/qYXnoQPvVdws1rpH6CGU7vv # fP9pC+BIw7eTC8gKVMSsXRRnN2zKpS8xCDeqbm+MvJviV10kga+Xl5yErWysN0xm # 82GRESDkvjCfeqQpCbDhNF9kdxhAUd+MMKavMIIE0DCCA7igAwIBAgIBBzANBgkq # hkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0FyaXpvbmExEzAR # BgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoTEUdvRGFkZHkuY29tLCBJbmMuMTEw # LwYDVQQDEyhHbyBEYWRkeSBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcy # MB4XDTExMDUwMzA3MDAwMFoXDTMxMDUwMzA3MDAwMFowgbQxCzAJBgNVBAYTAlVT # MRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRowGAYDVQQK # ExFHb0RhZGR5LmNvbSwgSW5jLjEtMCsGA1UECxMkaHR0cDovL2NlcnRzLmdvZGFk # ZHkuY29tL3JlcG9zaXRvcnkvMTMwMQYDVQQDEypHbyBEYWRkeSBTZWN1cmUgQ2Vy # dGlmaWNhdGUgQXV0aG9yaXR5IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw # ggEKAoIBAQC54MsQ1K92vdSTYuswZLiBCGzDBNliF44v/z5lz4/OYuY8UhzaFkVL # Vat4a2ODYpDOD2lsmcgaFItMzEUz6ojcnqOvK/6AYZ15V8TPLvQ/MDxdR/yaFrzD # N5ZBUY4RS1T4KL7QjL7wMDge87Am+GZHY23ecSZHjzhHU9FGHbTj3ADqRay9vHHZ # qm8A29vNMDp5T19MR/gd71vCxJ1gO7GyQ5HYpDNO6rPWJ0+tJYqlxvTV0KaudAVk # V4i1RFXULSo6Pvi4vekyCgKUZMQWOlDxSq7neTOvDCAHf+jfBDnCaQJsY1L6d8Eb # yHSHyLmTGFBUNUtpTrw700kuH9zB0lL7AgMBAAGjggEaMIIBFjAPBgNVHRMBAf8E # BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUQMK9J47MNIMwojPX+2yz # 8LQsgM4wHwYDVR0jBBgwFoAUOpqFBxBnKLbv9r0FQW4gwZTaD94wNAYIKwYBBQUH # AQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5nb2RhZGR5LmNvbS8wNQYD # VR0fBC4wLDAqoCigJoYkaHR0cDovL2NybC5nb2RhZGR5LmNvbS9nZHJvb3QtZzIu # Y3JsMEYGA1UdIAQ/MD0wOwYEVR0gADAzMDEGCCsGAQUFBwIBFiVodHRwczovL2Nl # cnRzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMA0GCSqGSIb3DQEBCwUAA4IBAQAI # fmyTEMg4uJapkEv/oV9PBO9sPpyIBslQj6Zz91cxG7685C/b+LrTW+C05+Z5Yg4M # otdqY3MxtfWoSKQ7CC2iXZDXtHwlTxFWMMS2RJ17LJ3lXubvDGGqv+QqG+6EnriD # fcFDzkSnE3ANkR/0yBOtg2DZ2HKocyQetawiDsoXiWJYRBuriSUBAA/NxBti21G0 # 0w9RKpv0vHP8ds42pM3Z2Czqrpv1KrKQ0U11GIo/ikGQI31bS/6kA1ibRrLDYGCD # +H1QQc7CoZDDu+8CL9IVVO5EFdkKrqeKM+2xLXY2JtwE65/3YR8V3Idv7kaWKK2h # Jn0KCacuBKONvPi8BDABMIIE/jCCA+agAwIBAgIQDUJK4L46iP9gQCHOFADw3TAN # BgkqhkiG9w0BAQsFADByMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQg # SW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMTEwLwYDVQQDEyhEaWdpQ2Vy # dCBTSEEyIEFzc3VyZWQgSUQgVGltZXN0YW1waW5nIENBMB4XDTIxMDEwMTAwMDAw # MFoXDTMxMDEwNjAwMDAwMFowSDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDkRpZ2lD # ZXJ0LCBJbmMuMSAwHgYDVQQDExdEaWdpQ2VydCBUaW1lc3RhbXAgMjAyMTCCASIw # DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMLmYYRnxYr1DQikRcpja1HXOhFC # vQp1dU2UtAxQtSYQ/h3Ib5FrDJbnGlxI70Tlv5thzRWRYlq4/2cLnGP9NmqB+in4 # 3Stwhd4CGPN4bbx9+cdtCT2+anaH6Yq9+IRdHnbJ5MZ2djpT0dHTWjaPxqPhLxs6 # t2HWc+xObTOKfF1FLUuxUOZBOjdWhtyTI433UCXoZObd048vV7WHIOsOjizVI9r0 # TXhG4wODMSlKXAwxikqMiMX3MFr5FK8VX2xDSQn9JiNT9o1j6BqrW7EdMMKbaYK0 # 2/xWVLwfoYervnpbCiAvSwnJlaeNsvrWY4tOpXIc7p96AXP4Gdb+DUmEvQECAwEA # AaOCAbgwggG0MA4GA1UdDwEB/wQEAwIHgDAMBgNVHRMBAf8EAjAAMBYGA1UdJQEB # /wQMMAoGCCsGAQUFBwMIMEEGA1UdIAQ6MDgwNgYJYIZIAYb9bAcBMCkwJwYIKwYB # BQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAfBgNVHSMEGDAWgBT0 # tuEgHf4prtLkYaWyoiWyyBc1bjAdBgNVHQ4EFgQUNkSGjqS6sGa+vCgtHUQ23eNq # erwwcQYDVR0fBGowaDAyoDCgLoYsaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3No # YTItYXNzdXJlZC10cy5jcmwwMqAwoC6GLGh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNv # bS9zaGEyLWFzc3VyZWQtdHMuY3JsMIGFBggrBgEFBQcBAQR5MHcwJAYIKwYBBQUH # MAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBPBggrBgEFBQcwAoZDaHR0cDov # L2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkFzc3VyZWRJRFRpbWVz # dGFtcGluZ0NBLmNydDANBgkqhkiG9w0BAQsFAAOCAQEASBzctemaI7znGucgDo5n # Rv1CclF0CiNHo6uS0iXEcFm+FKDlJ4GlTRQVGQd58NEEw4bZO73+RAJmTe1ppA/2 # uHDPYuj1UUp4eTZ6J7fz51Kfk6ftQ55757TdQSKJ+4eiRgNO/PT+t2R3Y18jUmmD # gvoaU+2QzI2hF3MN9PNlOXBL85zWenvaDLw9MtAby/Vh/HUIAHa8gQ74wOFcz8QR # cucbZEnYIpp1FUL1LTI4gdr0YKK6tFL7XOBhJCVPst/JKahzQ1HavWPWH1ub9y4b # TxMd90oNcX6Xt/Q/hOvB46NJofrOp79Wz7pZdmGJX36ntI5nePk2mOHLKNpbh6aK # LzCCBRwwggQEoAMCAQICCGXB0JJJvDvXMA0GCSqGSIb3DQEBCwUAMIG0MQswCQYD # VQQGEwJVUzEQMA4GA1UECBMHQXJpem9uYTETMBEGA1UEBxMKU2NvdHRzZGFsZTEa # MBgGA1UEChMRR29EYWRkeS5jb20sIEluYy4xLTArBgNVBAsTJGh0dHA6Ly9jZXJ0 # cy5nb2RhZGR5LmNvbS9yZXBvc2l0b3J5LzEzMDEGA1UEAxMqR28gRGFkZHkgU2Vj # dXJlIENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTIxMDExOTE4MzczNloX # DTIyMDMwODE4NTgwMFowXjELMAkGA1UEBhMCQ0ExEDAOBgNVBAgTB09udGFyaW8x # DzANBgNVBAcTBk90dGF3YTEVMBMGA1UEChMMQ0FOQVJJRSBJbmMuMRUwEwYDVQQD # EwxDQU5BUklFIEluYy4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZ # hfCjFqiTmN1uLoySixnwaOjf/ZAL9P6SvjlCaBA2mutoorEgnzUP8HnOIcvMRgEM # PmpaZ8egM93Bmx9d41xoarsQpCN3DhYOo+b3fWnPucVtpxbul2OFePv63mw/uvr+ # dqkv4b/f3Tg+ilQbpsNonbvh9MKEFv8Pn9koj0ySV+qxz34PxTVAe6g//pel3/3i # 9fqilCnIEcx4zg/+NKBeOWROSs4oXo3IvBjVrunmz+YuieSr78TqIE6hD8JF2q1w # KwfMB3+x7dEXZAus9WtIU/qITATtEfO9QAgrrYL4F1MLN+osSp8my5eCOjnLTQc4 # 7q574V3zQhsIHW7yBXLdAgMBAAGjggGFMIIBgTAMBgNVHRMBAf8EAjAAMBMGA1Ud # JQQMMAoGCCsGAQUFBwMDMA4GA1UdDwEB/wQEAwIHgDA1BgNVHR8ELjAsMCqgKKAm # hiRodHRwOi8vY3JsLmdvZGFkZHkuY29tL2dkaWcyczUtNi5jcmwwXQYDVR0gBFYw # VDBIBgtghkgBhv1tAQcXAjA5MDcGCCsGAQUFBwIBFitodHRwOi8vY2VydGlmaWNh # dGVzLmdvZGFkZHkuY29tL3JlcG9zaXRvcnkvMAgGBmeBDAEEATB2BggrBgEFBQcB # AQRqMGgwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmdvZGFkZHkuY29tLzBABggr # BgEFBQcwAoY0aHR0cDovL2NlcnRpZmljYXRlcy5nb2RhZGR5LmNvbS9yZXBvc2l0 # b3J5L2dkaWcyLmNydDAfBgNVHSMEGDAWgBRAwr0njsw0gzCiM9f7bLPwtCyAzjAd # BgNVHQ4EFgQUUPnMg2nmYS8l7rmax3weVkrgz5AwDQYJKoZIhvcNAQELBQADggEB # AGabJLu09gdYHt7ZMbpJ4048ZIiXwVLE/HNcnApTghNaHnSSiMI2xTsmbrM/lYsm # pwFuws1c2fMBvyDRgkzR/4+RIjoQJpLrHy1QABYlWAIKMqdFmfqty0QApgIkGN2+ # scMxKMWJGND8qp3KM+5C8TNTsO0gPVfdaarX2TmLM6yIQcgxD8YZMd0mqdR7rcCe # bgMeAdHLYPQu/HM0Cj3qtzFx/CZzz93CAlh8Dx5woqeNJixQMLK28MhU8y6NSN5o # KnD/8EESudRzXyoowZ2N4YJzyye5UL9pxhniDKs444w1r5XcjQYDo11G8Y4up4XW # 1cFtLNulHYcKhAnQ7XHswxMwggUxMIIEGaADAgECAhAKoSXW1jIbfkHkBdo2l8IV # MA0GCSqGSIb3DQEBCwUAMGUxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2Vy # dCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xJDAiBgNVBAMTG0RpZ2lD # ZXJ0IEFzc3VyZWQgSUQgUm9vdCBDQTAeFw0xNjAxMDcxMjAwMDBaFw0zMTAxMDcx # MjAwMDBaMHIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAX # BgNVBAsTEHd3dy5kaWdpY2VydC5jb20xMTAvBgNVBAMTKERpZ2lDZXJ0IFNIQTIg # QXNzdXJlZCBJRCBUaW1lc3RhbXBpbmcgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB # DwAwggEKAoIBAQC90DLuS82Pf92puoKZxTlUKFe2I0rEDgdFM1EQfdD5fU1ofue2 # oPSNs4jkl79jIZCYvxO8V9PD4X4I1moUADj3Lh477sym9jJZ/l9lP+Cb6+NGRwYa # VX4LJ37AovWg4N4iPw7/fpX786O6Ij4YrBHk8JkDbTuFfAnT7l3ImgtU46gJcWvg # zyIQD3XPcXJOCq3fQDpct1HhoXkUxk0kIzBdvOw8YGqsLwfM/fDqR9mIUF79Zm5W # YScpiYRR5oLnRlD9lCosp+R1PrqYD4R/nzEU1q3V8mTLex4F0IQZchfxFwbvPc3W # Te8GQv2iUypPhR3EHTyvz9qsEPXdrKzpVv+TAgMBAAGjggHOMIIByjAdBgNVHQ4E # FgQU9LbhIB3+Ka7S5GGlsqIlssgXNW4wHwYDVR0jBBgwFoAUReuir/SSy4IxLVGL # p6chnfNtyA8wEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwEwYD # VR0lBAwwCgYIKwYBBQUHAwgweQYIKwYBBQUHAQEEbTBrMCQGCCsGAQUFBzABhhho # dHRwOi8vb2NzcC5kaWdpY2VydC5jb20wQwYIKwYBBQUHMAKGN2h0dHA6Ly9jYWNl # cnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEFzc3VyZWRJRFJvb3RDQS5jcnQwgYEG # A1UdHwR6MHgwOqA4oDaGNGh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2Vy # dEFzc3VyZWRJRFJvb3RDQS5jcmwwOqA4oDaGNGh0dHA6Ly9jcmwzLmRpZ2ljZXJ0 # LmNvbS9EaWdpQ2VydEFzc3VyZWRJRFJvb3RDQS5jcmwwUAYDVR0gBEkwRzA4Bgpg # hkgBhv1sAAIEMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNv # bS9DUFMwCwYJYIZIAYb9bAcBMA0GCSqGSIb3DQEBCwUAA4IBAQBxlRLpUYdWac3v # 3dp8qmN6s3jPBjdAhO9LhL/KzwMC/cWnww4gQiyvd/MrHwwhWiq3BTQdaq6Z+Cei # Zr8JqmDfdqQ6kw/4stHYfBli6F6CJR7Euhx7LCHi1lssFDVDBGiy23UC4HLHmNY8 # ZOUfSBAYX4k4YU1iRiSHY4yRUiyvKYnleB/WCxSlgNcSR3CzddWThZN+tpJn+1Nh # iaj1a5bA9FhpDXzIAbG5KHW3mWOFIoxhynmUfln8jA/jb7UBJrZspe6HUSHkWGCb # ugwtK22ixH67xCUrRwIIfEmuE7bhfEJCKMYYVs9BNLZmXbZ0e/VWMyIvIjayS6JK # ldj1po5SMYIEqDCCBKQCAQEwgcEwgbQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdB # cml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNv # bSwgSW5jLjEtMCsGA1UECxMkaHR0cDovL2NlcnRzLmdvZGFkZHkuY29tL3JlcG9z # aXRvcnkvMTMwMQYDVQQDEypHbyBEYWRkeSBTZWN1cmUgQ2VydGlmaWNhdGUgQXV0 # aG9yaXR5IC0gRzICCGXB0JJJvDvXMA0GCWCGSAFlAwQCAQUAoIGEMBgGCisGAQQB # gjcCAQwxCjAIoAKAAKECgAAwGQYJKoZIhvcNAQkDMQwGCisGAQQBgjcCAQQwHAYK # KwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkEMSIEIAQpFsS5 # NE+y/uD1QcJAXv+MFX/Pr8mnywlk05CytfH3MA0GCSqGSIb3DQEBAQUABIIBAJ5x # ZUyQwqZZRvUJW0LoPyD04bYy51AmA7GnRAGgBXGVYtZ3b+ExZg5BzDDzGeui28Bd # 0Kd6LxowoRdbBt1vWnrYKkrB7viENnMXZx3Zy5M98+iSo+nSHkFEOLhAiI3ylF8x # uCNuJKiRHSkrSYtpw/ydu8PopaGZfuP/YOP53hSSziaXZmg1GB0QxL/BzroOdQft # ZMvrbUI7N9XjaukHIYS4ZyQf6cRBi52ZtY3waOG/fUsE96nXTugYnd9kXfkzWwl7 # vSmsx6vWcW6AKTrYpa5WFczSKZXcG+Ii3+9FHCVF2EGfWhhQoiDEfJri7DA/7giJ # atJWHkfy3sn7e282gyKhggIwMIICLAYJKoZIhvcNAQkGMYICHTCCAhkCAQEwgYYw # cjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQ # d3d3LmRpZ2ljZXJ0LmNvbTExMC8GA1UEAxMoRGlnaUNlcnQgU0hBMiBBc3N1cmVk # IElEIFRpbWVzdGFtcGluZyBDQQIQDUJK4L46iP9gQCHOFADw3TANBglghkgBZQME # AgEFAKBpMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8X # DTIyMDIwMTIyMTEwOFowLwYJKoZIhvcNAQkEMSIEIIp6FYBwwczTnQun5Km7odvI # R+yrumSKsqjAxmtQ4GamMA0GCSqGSIb3DQEBAQUABIIBAL7P5GXT8HvHXar+JIXH # av7dZwYvZAbIRPL5YtthVHx2ell1f15qcv/8KuI4O+B1cqgTQI4eGjPxkvKd2MDj # o6ygLCki1msGcpXpSmw8EcAizcxZiExhsDpCj23s5YCS8n60SlD4AP7Uaia4nfz7 # SjhyEsYNXfWOud1mCzuORVbe3d3MoLiTZGaINLbIUvMze0/xI8BTOl9YjeuY8ysA # tUuYQXcWA6xGLpp0/9BwXOpONCXZbbj3AzF5y/N/67eh29VpYJCiC8AzmP5WtDiI # 1PMENJIPsEv4iLHIipkZE/kYxRYnSdOa3QwcXAUKaEYn8y1lwUyfXFAwkDXn7OMV # 3L4= # SIG # End signature block |