Private/Get-ADFSTkIssuanceTransformRules.ps1
|
function Get-ADFSTkIssuanceTransformRules { param ( [Parameter(Mandatory=$false, ValueFromPipelineByPropertyName=$true, Position=0)] [string[]]$EntityCategories, [Parameter(Mandatory=$false, ValueFromPipelineByPropertyName=$true, Position=1)] [string]$EntityId, [Parameter(Mandatory=$false, ValueFromPipelineByPropertyName=$true, Position=2)] $RequestedAttribute, [Parameter(Mandatory=$false, ValueFromPipelineByPropertyName=$true, Position=3)] $RegistrationAuthority, [Parameter(Mandatory=$false, ValueFromPipelineByPropertyName=$true, Position=4)] $NameIDFormat ) if ([string]::IsNullOrEmpty($Global:ADFSTkAllAttributes) -or $Global:ADFSTkAllAttributes.Count -eq 0) { $Global:ADFSTkAllAttributes = Import-ADFSTkAllAttributes } if ([string]::IsNullOrEmpty($Global:ADFSTkAllTransformRules) -or $Global:ADFSTkAllTransformRules.Count -eq 0) { $Global:ADFSTkAllTransformRules = Import-ADFSTkAllTransformRules } if ([string]::IsNullOrEmpty($AllTransformRules)) { $AllTransformRules = $Global:ADFSTkAllTransformRules #So we don't need to change anything in the Get-ADFSTkManualSPSettings files } $RequestedAttributes = @{} if (![string]::IsNullOrEmpty($RequestedAttribute)) { $RequestedAttribute | % { $RequestedAttributes.($_.Name.trimEnd()) = $_.friendlyName } } else { Write-ADFSTkLog (Get-ADFSTkLanguageText rulesNoRequestedAttributesDetected) } $IssuanceTransformRuleCategories = Import-ADFSTkIssuanceTransformRuleCategories -RequestedAttributes $RequestedAttributes $adfstkConfig = Get-ADFSTkConfiguration $federationDir = Join-Path $Global:ADFSTkPaths.federationDir $adfstkConfig.FederationConfig.Federation.FederationName $fedEntityCategoryFileName = Join-Path $federationDir "$($adfstkConfig.FederationConfig.Federation.FederationName)_entityCategories.ps1" if (Test-Path $fedEntityCategoryFileName) { try { Write-ADFSTkVerboseLog (Get-ADFSTkLanguageText rulesFederationEntityCategoryFile) . $fedEntityCategoryFileName if (Test-Path function:Import-ADFSTkIssuanceTransformRuleCategoriesFromFederation) { $IssuanceTransformRuleCategoriesFromFederation = Import-ADFSTkIssuanceTransformRuleCategoriesFromFederation -RequestedAttributes $RequestedAttributes Write-ADFSTkVerboseLog (Get-ADFSTkLanguageText rulesFederationEntityCategoriesFound -f $IssuanceTransformRuleCategoriesFromFederation.Count) foreach ($entityCategory in $IssuanceTransformRuleCategoriesFromFederation.Keys) { #Add or replace the standard Entoty Category with the federation one if ($IssuanceTransformRuleCategories.ContainsKey($entityCategory)) { Write-ADFSTkVerboseLog (Get-ADFSTkLanguageText rulesFederationEntityCategoryOverwrite -f $entityCategory) } else { Write-ADFSTkVerboseLog (Get-ADFSTkLanguageText rulesFederationEntityCategoryAdd -f $entityCategory) } $IssuanceTransformRuleCategories.$entityCategory = $IssuanceTransformRuleCategoriesFromFederation.$entityCategory } } else { #Write Verbose } } catch { Write-ADFSTkLog (Get-ADFSTkLanguageText rulesFederationEntityCategoryLoadFail) -EntryType Error } } else { #Write Verbose } if ([string]::IsNullOrEmpty($Global:ADFSTkManualSPSettings)) { $Global:ADFSTkManualSPSettings = Get-ADFSTkManualSPSettings } ### Transform Entity Categories $TransformedEntityCategories = @() $AttributesFromStore = @{} $IssuanceTransformRules = [Ordered]@{} $ManualSPTransformRules = $null #Check version of get-ADFSTkLocalManualSpSettings and retrieve the transform rules if ($EntityId -ne $null -and $Global:ADFSTkManualSPSettings.ContainsKey($EntityId)) { if ($Global:ADFSTkManualSPSettings.$EntityId -is [System.Collections.Hashtable] -and ` $Global:ADFSTkManualSPSettings.$EntityId.ContainsKey('TransformRules')) { $ManualSPTransformRules = $Global:ADFSTkManualSPSettings.$EntityId.TransformRules } elseif ($Global:ADFSTkManualSPSettings.$EntityId -is [System.Collections.Specialized.OrderedDictionary]) { $ManualSPTransformRules = $Global:ADFSTkManualSPSettings.$EntityId } else { #Shouldn't be here } } #Add manually added entity categories if any if ($EntityId -ne $null -and ` $Global:ADFSTkManualSPSettings.ContainsKey($EntityId) -and ` $Global:ADFSTkManualSPSettings.$EntityId -is [System.Collections.Hashtable] -and ` $Global:ADFSTkManualSPSettings.$EntityId.ContainsKey('EntityCategories')) { $EntityCategories += $Global:ADFSTkManualSPSettings.$EntityId.EntityCategories } if ($EntityCategories -eq $null) { $TransformedEntityCategories += "NoEntityCategory" } else { foreach ($entityCategory in $IssuanceTransformRuleCategories.Keys) { if ($entityCategory -eq "http://www.swamid.se/category/research-and-education" -and $EntityCategories.Contains($entityCategory)) { if ($EntityCategories.Contains("http://www.swamid.se/category/eu-adequate-protection") -or ` $EntityCategories.Contains("http://www.swamid.se/category/nren-service") -or ` $EntityCategories.Contains("http://www.swamid.se/category/hei-service")) { $TransformedEntityCategories += $entityCategory } } elseif ($EntityCategories.Contains($entityCategory)) { $TransformedEntityCategories += $entityCategory } } if ($TransformedEntityCategories.Count -eq 0) { $TransformedEntityCategories += "NoEntityCategory" } ### } #region Add TransformRules from categories $TransformedEntityCategories | % { if ($_ -ne $null -and $IssuanceTransformRuleCategories.ContainsKey($_)) { foreach ($Rule in $IssuanceTransformRuleCategories[$_].Keys) { if ($IssuanceTransformRuleCategories[$_][$Rule] -ne $null) { $IssuanceTransformRules[$Rule] = Get-ADFSTkEnhancedRule -Rule $IssuanceTransformRuleCategories[$_][$Rule] -EntityId $EntityId foreach ($Attribute in $IssuanceTransformRuleCategories[$_][$Rule].Attribute) { $AttributesFromStore[$Attribute] = $Global:ADFSTkAllAttributes[$Attribute] } } } } } #endregion #AllSPs if ($Global:ADFSTkManualSPSettings.ContainsKey('urn:adfstk:allsps')) { foreach ($Rule in $Global:ADFSTkManualSPSettings['urn:adfstk:allsps'].TransformRules.Keys) { if ($Global:ADFSTkManualSPSettings['urn:adfstk:allsps'].TransformRules[$Rule] -ne $null) { $IssuanceTransformRules[$Rule] = Get-ADFSTkEnhancedRule -Rule $Global:ADFSTkManualSPSettings['urn:adfstk:allsps'].TransformRules[$Rule] -EntityId $EntityId foreach ($Attribute in $Global:ADFSTkManualSPSettings['urn:adfstk:allsps'].TransformRules[$Rule].Attribute) { $AttributesFromStore[$Attribute] = $Global:ADFSTkAllAttributes[$Attribute] } } } } #AllEduSPs if ($EntityId -ne $null) { #First remove http:// or https:// $entityDNS = $EntityId.ToLower().Replace('http://','').Replace('https://','') #Second get rid of all ending sub paths $entityDNS = $entityDNS -split '/' | select -First 1 #Last fetch the last two words and join them with a . #$entityDNS = ($entityDNS -split '\.' | select -Last 2) -join '.' $settingsDNS = $null foreach($setting in $Global:ADFSTkManualSPSettings.Keys) { if ($setting.StartsWith('urn:adfstk:entityiddnsendswith:')) { $settingsDNS = $setting -split ':' | select -Last 1 } } if ($entityDNS.EndsWith($settingsDNS) -and ` $Global:ADFSTkManualSPSettings."urn:adfstk:entityiddnsendswith:$settingsDNS" -is [System.Collections.Hashtable] -and ` $Global:ADFSTkManualSPSettings."urn:adfstk:entityiddnsendswith:$settingsDNS".ContainsKey('TransformRules')) { foreach ($Rule in $Global:ADFSTkManualSPSettings["urn:adfstk:entityiddnsendswith:$settingsDNS"].TransformRules.Keys) { if ($Global:ADFSTkManualSPSettings["urn:adfstk:entityiddnsendswith:$settingsDNS"].TransformRules[$Rule] -ne $null) { $IssuanceTransformRules[$Rule] = Get-ADFSTkEnhancedRule -Rule $Global:ADFSTkManualSPSettings["urn:adfstk:entityiddnsendswith:$settingsDNS"].TransformRules[$Rule] -EntityId $EntityId foreach ($Attribute in $Global:ADFSTkManualSPSettings["urn:adfstk:entityiddnsendswith:$settingsDNS"].TransformRules[$Rule].Attribute) { $AttributesFromStore[$Attribute] = $Global:ADFSTkAllAttributes[$Attribute] } } } } } #Manual SP if ($ManualSPTransformRules -ne $null) { foreach ($Rule in $ManualSPTransformRules.Keys) { if ($ManualSPTransformRules[$Rule] -ne $null) { $IssuanceTransformRules[$Rule] = Get-ADFSTkEnhancedRule -Rule $ManualSPTransformRules[$Rule] -EntityId $EntityId foreach ($Attribute in $ManualSPTransformRules[$Rule].Attribute) { $AttributesFromStore[$Attribute] = $Global:ADFSTkAllAttributes[$Attribute] } } } } #region Add NameID to TransformRules #first check if we already has a NameID in the rules if ([string]::IsNullOrEmpty($IssuanceTransformRules.'transient-id') -and [string]::IsNullOrEmpty($IssuanceTransformRules.'persistent-id') -and [string]::IsNullOrEmpty($IssuanceTransformRules.'eduPersonTargetedID')) { if ([string]::IsNullOrEmpty($NameIDFormat)) { $IssuanceTransformRules.'transient-id' = Get-ADFSTkEnhancedRule -Rule $Global:ADFSTkAllTransformRules.'transient-id' -EntityId $EntityId foreach ($Attribute in $Global:ADFSTkAllTransformRules.'transient-id'.Attribute) { $AttributesFromStore[$Attribute] = $Global:ADFSTkAllAttributes[$Attribute] } } elseif ($NameIDFormat.Contains('urn:oasis:names:tc:SAML:2.0:nameid-format:persistent')) { $IssuanceTransformRules.'persistent-id' = Get-ADFSTkEnhancedRule -Rule $Global:ADFSTkAllTransformRules.'persistent-id' -EntityId $EntityId foreach ($Attribute in $Global:ADFSTkAllTransformRules.'persistent-id'.Attribute) { $AttributesFromStore[$Attribute] = $Global:ADFSTkAllAttributes[$Attribute] } } else { $IssuanceTransformRules.'transient-id' = Get-ADFSTkEnhancedRule -Rule $Global:ADFSTkAllTransformRules.'transient-id' -EntityId $EntityId foreach ($Attribute in $Global:ADFSTkAllTransformRules.'transient-id'.Attribute) { $AttributesFromStore[$Attribute] = $Global:ADFSTkAllAttributes[$Attribute] } } } #endregion ### This is a good place to remove attributes that shouldn't be sent outside a RegistrationAuthority $removeRules = @() foreach ($attr in $AttributesFromStore.values) { $attribute = $Settings.configuration.attributes.attribute | ? type -eq $attr.type if ($attribute -ne $null -and $attribute.allowedRegistrationAuthorities -ne $null) { $allowedRegistrationAuthorities = @() $allowedRegistrationAuthorities += $attribute.allowedRegistrationAuthorities.registrationAuthority if ($allowedRegistrationAuthorities.count -gt 0 -and !$allowedRegistrationAuthorities.contains($RegistrationAuthority)) { $removeRules += $attr } } } $removeRules | % { $AttributesFromStore.Remove($_.type) foreach ($key in $Global:ADFSTkAllTransformRules.Keys) { if ($Global:ADFSTkAllTransformRules.$key.Attribute -eq $_.type) { $currentStoreAttributes = $AttributesFromStore.Values | ? store -eq $store.name if ($currentStoreAttributes.Count -ne $null) { $FirstRule += @" @RuleName = "Retrieve Attributes from AD" c:[Type == "$($store.type)", Issuer == "$($store.issuer)"] => add(store = "$($store.name)", types = ("$($currentStoreAttributes.type -join '","')"), query = ";$($currentStoreAttributes.name -join ',');{0}", param = c.Value); "@ } $IssuanceTransformRules.Remove($key) break } } } ### #region Create Stores if ($AttributesFromStore.Count -ne $null) { $FirstRule = Get-ADFSTkStoreRule -Stores $Settings.configuration.storeConfig.stores.store ` -AttributesFromStore $AttributesFromStore ` -EntityId $EntityId return $FirstRule + $IssuanceTransformRules.Values } else { return $IssuanceTransformRules.Values } #endregion } # SIG # Begin signature block # MIIn1AYJKoZIhvcNAQcCoIInxTCCJ8ECAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCAdLQ/KkGAZqJcN # 7eP2H0eBmE8sA3W+/ijDmJ+Qp6eB6qCCIN0wggXfMIIEx6ADAgECAhBOQOQ3VO3m # jAAAAABR05R/MA0GCSqGSIb3DQEBCwUAMIG+MQswCQYDVQQGEwJVUzEWMBQGA1UE # ChMNRW50cnVzdCwgSW5jLjEoMCYGA1UECxMfU2VlIHd3dy5lbnRydXN0Lm5ldC9s # ZWdhbC10ZXJtczE5MDcGA1UECxMwKGMpIDIwMDkgRW50cnVzdCwgSW5jLiAtIGZv # ciBhdXRob3JpemVkIHVzZSBvbmx5MTIwMAYDVQQDEylFbnRydXN0IFJvb3QgQ2Vy # dGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMjAeFw0yMTA1MDcxNTQzNDVaFw0zMDEx # MDcxNjEzNDVaMGkxCzAJBgNVBAYTAlVTMRYwFAYDVQQKDA1FbnRydXN0LCBJbmMu # MUIwQAYDVQQDDDlFbnRydXN0IENvZGUgU2lnbmluZyBSb290IENlcnRpZmljYXRp # b24gQXV0aG9yaXR5IC0gQ1NCUjEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK # AoICAQCngY/3FEW2YkPy2K7TJV5IT1G/xX2fUBw10dZ+YSqUGW0nRqSmGl33VFFq # gCLGqGZ1TVSDyV5oG6v2W2Swra0gvVTvRmttAudFrnX2joq5Mi6LuHccUk15iF+l # OhjJUCyXJy2/2gB9Y3/vMuxGh2Pbmp/DWiE2e/mb1cqgbnIs/OHxnnBNCFYVb5Cr # +0i6udfBgniFZS5/tcnA4hS3NxFBBuKK4Kj25X62eAUBw2DtTwdBLgoTSeOQm3/d # vfqsv2RR0VybtPVc51z/O5uloBrXfQmywrf/bhy8yH3m6Sv8crMU6UpVEoScRCV1 # HfYq8E+lID1oJethl3wP5bY9867DwRG8G47M4EcwXkIAhnHjWKwGymUfe5SmS1dn # DH5erXhnW1XjXuvH2OxMbobL89z4n4eqclgSD32m+PhCOTs8LOQyTUmM4OEAwjig # nPqEPkHcblauxhpb9GdoBQHNG7+uh7ydU/Yu6LZr5JnexU+HWKjSZR7IH9Vybu5Z # HFc7CXKd18q3kMbNe0WSkUIDTH0/yvKquMIOhvMQn0YupGaGaFpoGHApOBGAYGuK # Q6NzbOOzazf/5p1nAZKG3y9I0ftQYNVc/iHTAUJj/u9wtBfAj6ju08FLXxLq/f0u # DodEYOOp9MIYo+P9zgyEIg3zp3jak/PbOM+5LzPG/wc8Xr5F0wIDAQABo4IBKzCC # AScwDgYDVR0PAQH/BAQDAgGGMBIGA1UdEwEB/wQIMAYBAf8CAQEwHQYDVR0lBBYw # FAYIKwYBBQUHAwMGCCsGAQUFBwMIMDsGA1UdIAQ0MDIwMAYEVR0gADAoMCYGCCsG # AQUFBwIBFhpodHRwOi8vd3d3LmVudHJ1c3QubmV0L3JwYTAzBggrBgEFBQcBAQQn # MCUwIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmVudHJ1c3QubmV0MDAGA1UdHwQp # MCcwJaAjoCGGH2h0dHA6Ly9jcmwuZW50cnVzdC5uZXQvZzJjYS5jcmwwHQYDVR0O # BBYEFIK61j2Xzp/PceiSN6/9s7VpNVfPMB8GA1UdIwQYMBaAFGpyJnrQHu995ztp # UdRsjZ+QEmarMA0GCSqGSIb3DQEBCwUAA4IBAQAfXkEEtoNwJFMsVXMdZTrA7LR7 # BJheWTgTCaRZlEJeUL9PbG4lIJCTWEAN9Rm0Yu4kXsIBWBUCHRAJb6jU+5J+Nzg+ # LxR9jx1DNmSzZhNfFMylcfdbIUvGl77clfxwfREc0yHd0CQ5KcX+Chqlz3t57jpv # 3ty/6RHdFoMI0yyNf02oFHkvBWFSOOtg8xRofcuyiq3AlFzkJg4sit1Gw87kVlHF # VuOFuE2bRXKLB/GK+0m4X9HyloFdaVIk8Qgj0tYjD+uL136LwZNr+vFie1jpUJuX # bheIDeHGQ5jXgWG2hZ1H7LGerj8gO0Od2KIc4NR8CMKvdgb4YmZ6tvf6yK81MIIG # gzCCBGugAwIBAgIQNa+3e500H2r8j4RGqzE1KzANBgkqhkiG9w0BAQ0FADBpMQsw # CQYDVQQGEwJVUzEWMBQGA1UECgwNRW50cnVzdCwgSW5jLjFCMEAGA1UEAww5RW50 # cnVzdCBDb2RlIFNpZ25pbmcgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAt # IENTQlIxMB4XDTIxMDUwNzE5MTk1MloXDTQwMTIyOTIzNTkwMFowYzELMAkGA1UE # BhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xPDA6BgNVBAMTM0VudHJ1c3Qg # RXh0ZW5kZWQgVmFsaWRhdGlvbiBDb2RlIFNpZ25pbmcgQ0EgLSBFVkNTMjCCAiIw # DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAL69pznJpX3sXWXx9Cuph9DnrRrF # GjsYzuGhUY1y+s5YH1y4JEIPRtUxl9BKTeObMMm6l6ic/kU2zyeA53u4bsEkt9+n # dNyF8qMkWEXMlJQ7AuvEjXxG9VxmguOkwdMfrG4MUyMO1Dr62kLxg1RfNTJW8rV4 # m1cASB6pYWEnDnMDQ7bWcJL71IWaMMaz5ppeS+8dKthmqxZG/wvYD6aJSgJRV0E8 # QThOl8dRMm1njmahXk2fNSKv1Wq3f0BfaDXMafrxBfDqhabqMoXLwcHKg2lFSQbc # CWy6SWUZjPm3NyeMZJ414+Xs5wegnahyvG+FOiymFk49nM8I5oL1RH0owL2JrWwv # 3C94eRHXHHBL3Z0ITF4u+o29p91j9n/wUjGEbjrY2VyFRJ5jBmnQhlh4iZuHu1gc # pChsxv5pCpwerBFgal7JaWUu7UMtafF4tzstNfKqT+If4wFvkEaq1agNBFegtKzj # bb2dGyiAJ0bH2qpnlfHRh3vHyCXphAyPiTbSvjPhhcAz1aA8GYuvOPLlk4C/xsOr # e5PEPZ257kV2wNRobzBePLQ2+ddFQuASBoDbpSH85wV6KI20jmB798i1SkesFGaX # oFppcjFXa1OEzWG6cwcVcDt7AfynP4wtPYeM+wjX5S8Xg36Cq08J8inhflV3ZZQF # HVnUCt2TfuMUXeK7AgMBAAGjggErMIIBJzASBgNVHRMBAf8ECDAGAQH/AgEAMB0G # A1UdDgQWBBTOiU+CUaoVooRiyjEjYdJh+/j+eDAfBgNVHSMEGDAWgBSCutY9l86f # z3Hokjev/bO1aTVXzzAzBggrBgEFBQcBAQQnMCUwIwYIKwYBBQUHMAGGF2h0dHA6 # Ly9vY3NwLmVudHJ1c3QubmV0MDEGA1UdHwQqMCgwJqAkoCKGIGh0dHA6Ly9jcmwu # ZW50cnVzdC5uZXQvY3NicjEuY3JsMA4GA1UdDwEB/wQEAwIBhjATBgNVHSUEDDAK # BggrBgEFBQcDAzBEBgNVHSAEPTA7MDAGBFUdIAAwKDAmBggrBgEFBQcCARYaaHR0 # cDovL3d3dy5lbnRydXN0Lm5ldC9ycGEwBwYFZ4EMAQMwDQYJKoZIhvcNAQENBQAD # ggIBAD4AVLgq849mr2EWxFiTZPRBi2RVjRs1M6GbkdirRsqrX7y+fnDk0tcHqJYH # 14bRVwoI0NB4Tfgq37IE85rh13zwwQB6wUCh34qMt8u0HQFh8piapt24gwXKqSwW # 3JwtDv6nl+RQqZeVwUsqjFHjxALga3w1TVO8S5QTi1MYFl6mCqe4NMFssess5DF9 # DCzGfOGkVugtdtWyE3XqgwCuAHfGb6k97mMUgVAW/FtPEhkOWw+N6kvOBkyJS64g # zI5HpnXWZe4vMOhdNI8fgk1cQqbyFExQIJwJonQkXDnYiTKFPK+M5Wqe5gQ6pRP/ # qh3NR0suAgW0ao/rhU+B7wrbfZ8pj6XCP1I4UkGVO7w+W1QwQiMJY95QjYk1Rfqr # uA+Poq17ehGT8Y8ohHtoeUdq6GQpTR/0HS9tHsiUhjzTWpl6a3yrNfcrOUtPuT8W # ku8pjI2rrAEazHFEOctAPiASzghw40f+3IDXCADRC2rqIbV5ZhfpaqpW3c0VeLED # wBStPkcYde0KU0syk83/gLGQ1hPl5EF4Iu1BguUO37DOlSFF5osB0xn39CtVrNlW # c2MQ4LigbctUlpigmSFRBqqmDDorY8t52kO50hLM3o9VeukJ8+Ka0yXBezaS2uDl # UmfN4+ZUCqWd1HOj0y9dBmSFA3d/YNjCvHTJlZFot7d+YRl1MIIGrjCCBJagAwIB # AgIQBzY3tyRUfNhHrP0oZipeWzANBgkqhkiG9w0BAQsFADBiMQswCQYDVQQGEwJV # UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQu # Y29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3QgRzQwHhcNMjIwMzIz # MDAwMDAwWhcNMzcwMzIyMjM1OTU5WjBjMQswCQYDVQQGEwJVUzEXMBUGA1UEChMO # RGlnaUNlcnQsIEluYy4xOzA5BgNVBAMTMkRpZ2lDZXJ0IFRydXN0ZWQgRzQgUlNB # NDA5NiBTSEEyNTYgVGltZVN0YW1waW5nIENBMIICIjANBgkqhkiG9w0BAQEFAAOC # Ag8AMIICCgKCAgEAxoY1BkmzwT1ySVFVxyUDxPKRN6mXUaHW0oPRnkyibaCwzIP5 # WvYRoUQVQl+kiPNo+n3znIkLf50fng8zH1ATCyZzlm34V6gCff1DtITaEfFzsbPu # K4CEiiIY3+vaPcQXf6sZKz5C3GeO6lE98NZW1OcoLevTsbV15x8GZY2UKdPZ7Gnf # 2ZCHRgB720RBidx8ald68Dd5n12sy+iEZLRS8nZH92GDGd1ftFQLIWhuNyG7QKxf # st5Kfc71ORJn7w6lY2zkpsUdzTYNXNXmG6jBZHRAp8ByxbpOH7G1WE15/tePc5Os # LDnipUjW8LAxE6lXKZYnLvWHpo9OdhVVJnCYJn+gGkcgQ+NDY4B7dW4nJZCYOjgR # s/b2nuY7W+yB3iIU2YIqx5K/oN7jPqJz+ucfWmyU8lKVEStYdEAoq3NDzt9KoRxr # OMUp88qqlnNCaJ+2RrOdOqPVA+C/8KI8ykLcGEh/FDTP0kyr75s9/g64ZCr6dSgk # Qe1CvwWcZklSUPRR8zZJTYsg0ixXNXkrqPNFYLwjjVj33GHek/45wPmyMKVM1+mY # Slg+0wOI/rOP015LdhJRk8mMDDtbiiKowSYI+RQQEgN9XyO7ZONj4KbhPvbCdLI/ # Hgl27KtdRnXiYKNYCQEoAA6EVO7O6V3IXjASvUaetdN2udIOa5kM0jO0zbECAwEA # AaOCAV0wggFZMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFLoW2W1NhS9z # KXaaL3WMaiCPnshvMB8GA1UdIwQYMBaAFOzX44LScV1kTN8uZz/nupiuHA9PMA4G # A1UdDwEB/wQEAwIBhjATBgNVHSUEDDAKBggrBgEFBQcDCDB3BggrBgEFBQcBAQRr # MGkwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBBBggrBgEF # BQcwAoY1aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0VHJ1c3Rl # ZFJvb3RHNC5jcnQwQwYDVR0fBDwwOjA4oDagNIYyaHR0cDovL2NybDMuZGlnaWNl # cnQuY29tL0RpZ2lDZXJ0VHJ1c3RlZFJvb3RHNC5jcmwwIAYDVR0gBBkwFzAIBgZn # gQwBBAIwCwYJYIZIAYb9bAcBMA0GCSqGSIb3DQEBCwUAA4ICAQB9WY7Ak7ZvmKlE # IgF+ZtbYIULhsBguEE0TzzBTzr8Y+8dQXeJLKftwig2qKWn8acHPHQfpPmDI2Avl # XFvXbYf6hCAlNDFnzbYSlm/EUExiHQwIgqgWvalWzxVzjQEiJc6VaT9Hd/tydBTX # /6tPiix6q4XNQ1/tYLaqT5Fmniye4Iqs5f2MvGQmh2ySvZ180HAKfO+ovHVPulr3 # qRCyXen/KFSJ8NWKcXZl2szwcqMj+sAngkSumScbqyQeJsG33irr9p6xeZmBo1aG # qwpFyd/EjaDnmPv7pp1yr8THwcFqcdnGE4AJxLafzYeHJLtPo0m5d2aR8XKc6UsC # Uqc3fpNTrDsdCEkPlM05et3/JWOZJyw9P2un8WbDQc1PtkCbISFA0LcTJM3cHXg6 # 5J6t5TRxktcma+Q4c6umAU+9Pzt4rUyt+8SVe+0KXzM5h0F4ejjpnOHdI/0dKNPH # +ejxmF/7K9h+8kaddSweJywm228Vex4Ziza4k9Tm8heZWcpw8De/mADfIBZPJ/tg # ZxahZrrdVcA6KYawmKAr7ZVBtzrVFZgxtGIJDwq9gdkT/r+k0fNX2bwE+oLeMt8E # ifAAzV3C+dAjfwAL5HYCJtnwZXZCpimHCUcr5n8apIUP/JiW9lVUKx+A+sDyDivl # 1vupL0QVSucTDh3bNzgaoSv27dZ8/DCCBsYwggSuoAMCAQICEAp6SoieyZlCkAZj # OE2Gl50wDQYJKoZIhvcNAQELBQAwYzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDkRp # Z2lDZXJ0LCBJbmMuMTswOQYDVQQDEzJEaWdpQ2VydCBUcnVzdGVkIEc0IFJTQTQw # OTYgU0hBMjU2IFRpbWVTdGFtcGluZyBDQTAeFw0yMjAzMjkwMDAwMDBaFw0zMzAz # MTQyMzU5NTlaMEwxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5EaWdpQ2VydCwgSW5j # LjEkMCIGA1UEAxMbRGlnaUNlcnQgVGltZXN0YW1wIDIwMjIgLSAyMIICIjANBgkq # hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuSqWI6ZcvF/WSfAVghj0M+7MXGzj4CUu # 0jHkPECu+6vE43hdflw26vUljUOjges4Y/k8iGnePNIwUQ0xB7pGbumjS0joiUF/ # DbLW+YTxmD4LvwqEEnFsoWImAdPOw2z9rDt+3Cocqb0wxhbY2rzrsvGD0Z/NCcW5 # QWpFQiNBWvhg02UsPn5evZan8Pyx9PQoz0J5HzvHkwdoaOVENFJfD1De1FksRHTA # MkcZW+KYLo/Qyj//xmfPPJOVToTpdhiYmREUxSsMoDPbTSSF6IKU4S8D7n+FAsmG # 4dUYFLcERfPgOL2ivXpxmOwV5/0u7NKbAIqsHY07gGj+0FmYJs7g7a5/KC7CnuAL # S8gI0TK7g/ojPNn/0oy790Mj3+fDWgVifnAs5SuyPWPqyK6BIGtDich+X7Aa3Rm9 # n3RBCq+5jgnTdKEvsFR2wZBPlOyGYf/bES+SAzDOMLeLD11Es0MdI1DNkdcvnfv8 # zbHBp8QOxO9APhk6AtQxqWmgSfl14ZvoaORqDI/r5LEhe4ZnWH5/H+gr5BSyFtaB # ocraMJBr7m91wLA2JrIIO/+9vn9sExjfxm2keUmti39hhwVo99Rw40KV6J67m0uy # 4rZBPeevpxooya1hsKBBGBlO7UebYZXtPgthWuo+epiSUc0/yUTngIspQnL3ebLd # hOon7v59emsCAwEAAaOCAYswggGHMA4GA1UdDwEB/wQEAwIHgDAMBgNVHRMBAf8E # AjAAMBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMIMCAGA1UdIAQZMBcwCAYGZ4EMAQQC # MAsGCWCGSAGG/WwHATAfBgNVHSMEGDAWgBS6FtltTYUvcyl2mi91jGogj57IbzAd # BgNVHQ4EFgQUjWS3iSH+VlhEhGGn6m8cNo/drw0wWgYDVR0fBFMwUTBPoE2gS4ZJ # aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0VHJ1c3RlZEc0UlNBNDA5 # NlNIQTI1NlRpbWVTdGFtcGluZ0NBLmNybDCBkAYIKwYBBQUHAQEEgYMwgYAwJAYI # KwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBYBggrBgEFBQcwAoZM # aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0VHJ1c3RlZEc0UlNB # NDA5NlNIQTI1NlRpbWVTdGFtcGluZ0NBLmNydDANBgkqhkiG9w0BAQsFAAOCAgEA # DS0jdKbR9fjqS5k/AeT2DOSvFp3Zs4yXgimcQ28BLas4tXARv4QZiz9d5YZPvpM6 # 3io5WjlO2IRZpbwbmKrobO/RSGkZOFvPiTkdcHDZTt8jImzV3/ZZy6HC6kx2yqHc # oSuWuJtVqRprfdH1AglPgtalc4jEmIDf7kmVt7PMxafuDuHvHjiKn+8RyTFKWLbf # OHzL+lz35FO/bgp8ftfemNUpZYkPopzAZfQBImXH6l50pls1klB89Bemh2RPPkaJ # FmMga8vye9A140pwSKm25x1gvQQiFSVwBnKpRDtpRxHT7unHoD5PELkwNuTzqmkJ # qIt+ZKJllBH7bjLx9bs4rc3AkxHVMnhKSzcqTPNc3LaFwLtwMFV41pj+VG1/calI # GnjdRncuG3rAM4r4SiiMEqhzzy350yPynhngDZQooOvbGlGglYKOKGukzp123qlz # qkhqWUOuX+r4DwZCnd8GaJb+KqB0W2Nm3mssuHiqTXBt8CzxBxV+NbTmtQyimaXX # FWs1DoXW4CzM4AwkuHxSCx6ZfO/IyMWMWGmvqz3hz8x9Fa4Uv4px38qXsdhH6hyF # 4EVOEhwUKVjMb9N/y77BDkpvIJyu2XMyWQjnLZKhGhH+MpimXSuX4IvTnMxttQ2u # R2M4RxdbbxPaahBuH0m3RFu0CAqHWlkEdhGhp3cCExwwggbzMIIE26ADAgECAhAW # dy8OxRnHb5IdXyBiye3RMA0GCSqGSIb3DQEBCwUAMGMxCzAJBgNVBAYTAlVTMRYw # FAYDVQQKEw1FbnRydXN0LCBJbmMuMTwwOgYDVQQDEzNFbnRydXN0IEV4dGVuZGVk # IFZhbGlkYXRpb24gQ29kZSBTaWduaW5nIENBIC0gRVZDUzIwHhcNMjIwMzI5MjAx # ODAzWhcNMjMwMzI5MjAxODAzWjCBozELMAkGA1UEBhMCQ0ExEDAOBgNVBAgTB09u # dGFyaW8xDzANBgNVBAcTBk90dGF3YTETMBEGCysGAQQBgjc8AgEDEwJDQTEUMBIG # A1UEChMLQ0FOQVJJRSBJTkMxHTAbBgNVBA8TFFByaXZhdGUgT3JnYW5pemF0aW9u # MREwDwYDVQQFEwgyOTAyMDgtNzEUMBIGA1UEAxMLQ0FOQVJJRSBJTkMwggIiMA0G # CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC7QrVGr/0GFSjOKBtAIfg420mYYBts # T/eqfZigZeS4ZW6sykAZBX71qiU+1SqfMpfU+GY2oQAvGGq/1kBaKTukhT+wwEAH # 90wJeaMSzAhpl9Q8vSx0xRfXmKfxGG8cn6kuq9DZb9kKeKP2qWSFPJyS2y0F5pVh # Sp8hDvZxAeAKNAjoTDip55kMJm14/CkqU2biZ35prXMDMh7/29YWuFWX55zKOxEf # VWbbsRKGladcYtKXu1oqSh0XEhhFB1BLXBw1YdN2RgjXAIMxrsvNjQ7q8ZWHEMrg # vA/50X59x9vxQLS4ivT8RRLic+EW6BMoQ7tqlUwedFSLRsGRxs+7tLwt0FYjQQEY # ZEbqUpLCcrdco9QEWSI/xaY4sl7FS/F6HdISYpyeBlKjcsHVy5Cj7azh8UXVZYa4 # k+AeEseIB21/MQpynet1S1EuifGHMs0Zh8axQAbJ+rDlupWsRiO63WTAPt5OsL/u # EH20xZ/50m8sidF9tIZ1QrsLq8JFi99Zm+OncY3ysG2mQAgcsz3x7254Q2mHOSuD # WKDDXx6VCZ7ihmAEtnUbL1rCngdf4evV71tVyhf+4KTebjk03t6mpqYvjO3W7yuO # bH8NOVaAcYgOjUi0G9AN/vYwBZHfBAhikGO8pKxW6U/Krc2oQWaKpmGzKK1OpSVi # 5VZuB6has6Mm3wIDAQABo4IBYDCCAVwwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU # EB15NHKwwcMjbBDrbk8UA+4uHyswHwYDVR0jBBgwFoAUzolPglGqFaKEYsoxI2HS # Yfv4/ngwZwYIKwYBBQUHAQEEWzBZMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5l # bnRydXN0Lm5ldDAyBggrBgEFBQcwAoYmaHR0cDovL2FpYS5lbnRydXN0Lm5ldC9l # dmNzMi1jaGFpbi5wN2MwMQYDVR0fBCowKDAmoCSgIoYgaHR0cDovL2NybC5lbnRy # dXN0Lm5ldC9ldmNzMi5jcmwwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG # AQUFBwMDMEsGA1UdIAREMEIwNwYKYIZIAYb6bAoBAjApMCcGCCsGAQUFBwIBFhto # dHRwczovL3d3dy5lbnRydXN0Lm5ldC9ycGEwBwYFZ4EMAQMwDQYJKoZIhvcNAQEL # BQADggIBAIXuiHbQsWUCEhlA76KAYJCAbtiCXDerGtT1z27L+7/TcVUBOv2luPJ9 # C9qXVuQIwa0CTYNQ/kDKSkhWCJxivk4OPaGi5yONchUlHsLQFXQOLDvSFbIYjeUv # LAvOp30NgLyy7/Sw3SQsiSKmuLrKfSbNTqj0Lf48W+TQk5YD0TzDSSQG8+J4oVfY # yyFxoo4C9kAoh7gTjwtj01p5QLKeLYJG5lpH6EomLDftK9Pe0woz46smPdL+d9df # vA51O3jS/xHt4kBpqWcWOZ2C5ZGxydU6Ru+U7NVlHATRzAM/dxGJGqFCeTs1CpQF # 9vykl8iiSpPjzJ+CdrJbQ8gA0kCa+G7CagqQ3bkSMvRQllexC5HW6CiUKc8rJfZs # CGOpEqtrfuxbiUUZ2og8BOliaFHKZENurT73LtMNygx+yMcbaJkpfEheDJuGK82a # vSh9HFkyuJD3MI2MafN2OtyXyO/MsseiqHwpcRdwDZr0mkOrN9y1YOo62BYRVDVU # ep9X5lQ/MEA9c6iMgrQ4/E8kk4JoLC7pe21qAP1ICIbjS7g5t4cbPfeFBtvSZeMA # NKmlDXQkedoGOOnOxqCuhxc3a0LXB746Q/VF6hookZlTqDXuu6aeIdD3tpLt0Dx8 # D69FY2Si/eMdn6dKDsT7CXYFve0S1DDwrqhTIXI9wPojPbu8ZXPzMYIGTTCCBkkC # AQEwdzBjMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNRW50cnVzdCwgSW5jLjE8MDoG # A1UEAxMzRW50cnVzdCBFeHRlbmRlZCBWYWxpZGF0aW9uIENvZGUgU2lnbmluZyBD # QSAtIEVWQ1MyAhAWdy8OxRnHb5IdXyBiye3RMA0GCWCGSAFlAwQCAQUAoIGEMBgG # CisGAQQBgjcCAQwxCjAIoAKAAKECgAAwGQYJKoZIhvcNAQkDMQwGCisGAQQBgjcC # AQQwHAYKKwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkEMSIE # IOTA8V/QjeKT1PHtBLsbpr83ZmGXwCpJH3reZwJl5KPvMA0GCSqGSIb3DQEBAQUA # BIICAHG1YugMamlfdAoz2FlXVPqYCPtl9VcDjr1NB0tm5AeaHVWWy5oHBEcEakrw # rfNhD9b3rZUSanl/YUzjmdv53s2MuShmkld4loCGOJCEeL1RTDvFZ9y+WrhEJeSV # qbaFP/MF/Q/LOepuB9EbeNLr3OeXkEnHc1rhTG5yqO7mUPmW+8H4ux27NUW33VSn # MyT8AwvJMBytuLR2vZzGlrg7ZauNfmgyCXHuooOgqb/HZo0/2lDX0zTGsvwUAwio # +deXp05VNPZzs4aR8qxX4XbFWDkUepYKxa83TRlix8lxfVriC25Isf1D5eeeH5TF # 7QjlcVkRmospl3OzTX0k2ug1ms9EhjpeV6LcdoZK8IWBImaTyWGZVLyHqjKfZcuU # 6/vF1TYk9OoyHOcRZskXG0zv+dsxVhf1/gA7Kc31PXhDSiE11M5bTX5/yNZRXWdX # 7jvJmk09v5yY43Mpe6OVN4wR30a/FT5VYZzBByvZzBB5jTdPjGuG5e30UN/lQz0N # w6qST3yIy0nIfOunpEj9MaMorw76vud0TE/kC9uDRT/QBViWSGIfXt1CcY0P2xE5 # dl5YwojrQgukImBlO/QO0SV1siJ5AQ5c5eIegfQ+ugrfGQHlHgfnTztYLDeHI25r # MJNZlajJLE1+zMD8QAktStj2148LJP/DiJt2/B2ZPaYwZ1shoYIDIDCCAxwGCSqG # SIb3DQEJBjGCAw0wggMJAgEBMHcwYzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDkRp # Z2lDZXJ0LCBJbmMuMTswOQYDVQQDEzJEaWdpQ2VydCBUcnVzdGVkIEc0IFJTQTQw # OTYgU0hBMjU2IFRpbWVTdGFtcGluZyBDQQIQCnpKiJ7JmUKQBmM4TYaXnTANBglg # hkgBZQMEAgEFAKBpMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcN # AQkFMQ8XDTIyMDUxOTE1NDY1NFowLwYJKoZIhvcNAQkEMSIEIJTER1y1LY3UV4DI # cHN2P4/sOgwQnLP/Cq+IxYaL7HBkMA0GCSqGSIb3DQEBAQUABIICAJFVODkGBuH/ # RRZ1Pa7oX0UiKzAQvkQqU6QB8NbpOa16kxyvoe6Y19rsBllILcQLjxhcwEpABWRZ # NfMEydFngMDhhn9WhSVfdwT6vRIsLlxH+5sZoBfqVLOT2UUhYAWUwTcTEElSU6R+ # gIAIVadPBvauSfs9H9J6/KGd39FS64lB6rfVjwYk86RoHY1sKuTJYuxbks2QvGdp # GyRFa8/Gp0Gufu/hQGEt1p2qW+MwPr6Fh2d+0DxmB4yG22un+xvmQs6TsN+o+kqF # EL5nqMStN3dvYq+BoQjobiO8ThG+kfu/Op5I/+t8wPh5gZAPHFxmyAKzh5QpxXAE # mEp83sTlKainp5ANCMbMukCeQJePyCe5zLjT6YOy90jC3o6eXdPay1ZqByCZYXRh # Mz8Yo/FmyVoQE30EOXDFjsFS29dOZMNU2yJQdMFDQd3vcE4bF0UwUCs4DJcUoWr3 # DAdb0cUjgIu7Xdl/YRADKLhaQy3BEg02DlSquwG649uH2smEHsSB8jJk5H4XmcFi # isxUdrrZCHWvCza6fFEDioC2hMpcgeOpcTI9mFXHmwgB4Kb4DIuT+qSUvUWDVUj2 # 2thRxFQOM82hiXyEikhIh7WRivsslRx+2wDMe5/Wu/dHXW4+mQ7IexSkE5fZEXEn # gSe+b9eKQwt37BwD3KIZqCSfXkzoxlCa # SIG # End signature block |