Private/Get-ADFSTkMFAConfiguration.ps1
|
function Get-ADFSTkMFAConfiguration { param ( [Parameter(Mandatory = $false, ValueFromPipelineByPropertyName = $true, Position = 0)] [string]$EntityId ) if ([string]::IsNullOrEmpty($Global:ADFSTkManualSPSettings)) { if ([string]::IsNullOrEmpty($Global:ADFSTkAllTransformRules) -or $Global:ADFSTkAllTransformRules.Count -eq 0) { $Global:ADFSTkAllTransformRules = Import-ADFSTkAllTransformRules $AllTransformRules = $Global:ADFSTkAllTransformRules #So we don't need to change anything in the Get-ADFSTkManualSPSettings files } $Global:ADFSTkManualSPSettings = Get-ADFSTkManualSPSettings } $ApplyMFAConfiguration = $null #AllSPs if ($Global:ADFSTkManualSPSettings.ContainsKey('urn:adfstk:allsps') -and ` $Global:ADFSTkManualSPSettings.'urn:adfstk:allsps' -is [System.Collections.Hashtable] -and ` $Global:ADFSTkManualSPSettings.'urn:adfstk:allsps'.ContainsKey('ApplyMFAConfiguration')) { $ApplyMFAConfiguration = $Global:ADFSTkManualSPSettings.'urn:adfstk:allsps'.ApplyMFAConfiguration } #AllEduSPs if ($EntityId -ne $null) { #First remove http:// or https:// $entityDNS = $EntityId.ToLower().Replace('http://', '').Replace('https://', '') #Second get rid of all ending sub paths $entityDNS = $entityDNS -split '/' | select -First 1 #Last fetch the last two words and join them with a . #$entityDNS = ($entityDNS -split '\.' | select -Last 2) -join '.' $settingsDNS = $null foreach ($setting in $Global:ADFSTkManualSPSettings.Keys) { if ($setting.StartsWith('urn:adfstk:entityiddnsendswith:')) { $settingsDNS = $setting -split ':' | select -Last 1 } } if ($entityDNS.EndsWith($settingsDNS) -and ` $Global:ADFSTkManualSPSettings."urn:adfstk:entityiddnsendswith:$settingsDNS" -is [System.Collections.Hashtable] -and ` $Global:ADFSTkManualSPSettings."urn:adfstk:entityiddnsendswith:$settingsDNS".ContainsKey('ApplyMFAConfiguration')) { $ApplyMFAConfiguration = $Global:ADFSTkManualSPSettings."urn:adfstk:entityiddnsendswith:$settingsDNS".ApplyMFAConfiguration } #Manual SP if ($EntityId -ne $null -and ` $Global:ADFSTkManualSPSettings.ContainsKey($EntityId) -and ` $Global:ADFSTkManualSPSettings.$EntityId -is [System.Collections.Hashtable] -and ` $Global:ADFSTkManualSPSettings.$EntityId.ContainsKey('ApplyMFAConfiguration')) { $ApplyMFAConfiguration = $Global:ADFSTkManualSPSettings.$EntityId.ApplyMFAConfiguration } } if ($ApplyMFAConfiguration -ne $null -and $ApplyMFAConfiguration.ContainsKey('azuremfa')) { $mfaRules = @() $mfaRulesText = @() if ($ApplyMFAConfiguration.AzureMFA.ContainsKey('otp') -and $ApplyMFAConfiguration.AzureMFA.otp -eq $true) { $mfaRulesText += "TOTP" $mfaRules += @" @RuleName = "Check RefedsMFA context class after successful Azure MFA with TOTP" c:[Type == "http://schemas.microsoft.com/claims/authnmethodsreferences", Value == "http://schemas.microsoft.com/ws/2012/12/authmethod/otp"] => add(Type = "urn:adfstk:mfalogon", Value = "true"); "@ } if ($ApplyMFAConfiguration.AzureMFA.ContainsKey('smsotp') -and $ApplyMFAConfiguration.AzureMFA.smsotp -eq $true) { $mfaRulesText += "SMS" $mfaRules += @" @RuleName = "Check RefedsMFA context class after successful Azure MFA with SMS" c:[Type == "http://schemas.microsoft.com/claims/authnmethodsreferences", Value == "http://schemas.microsoft.com/ws/2012/12/authmethod/smsotp"] => add(Type = "urn:adfstk:mfalogon", Value = "true"); "@ } if ($ApplyMFAConfiguration.AzureMFA.ContainsKey('phoneappnotification') -and $ApplyMFAConfiguration.AzureMFA.phoneappnotification -eq $true) { $mfaRulesText += "Phone App Notification" $mfaRules += @" @RuleName = "Check RefedsMFA context class after successful Azure MFA with Phone App Notification" c:[Type == "http://schemas.microsoft.com/claims/authnmethodsreferences", Value == "http://schemas.microsoft.com/ws/2012/12/authmethod/phoneappnotification"] => add(Type = "urn:adfstk:mfalogon", Value = "true"); "@ } if ($ApplyMFAConfiguration.AzureMFA.ContainsKey('phoneconfirmation') -and $ApplyMFAConfiguration.AzureMFA.phoneconfirmation -eq $true) { $mfaRulesText += "Phone callback" $mfaRules += @" @RuleName = "Check RefedsMFA context class after successful Azure MFA with Phone callback" c:[Type == "http://schemas.microsoft.com/claims/authnmethodsreferences", Value == "http://schemas.microsoft.com/ws/2012/12/authmethod/phoneconfirmation"] => add(Type = "urn:adfstk:mfalogon", Value = "true"); "@ } if ($ApplyMFAConfiguration.AzureMFA.ContainsKey('phoneotp') -and $ApplyMFAConfiguration.AzureMFA.phoneotp -eq $true) { $mfaRulesText += "Phone OTP" $mfaRules += @" @RuleName = "Check RefedsMFA context class after successful Azure MFA with Phone OTP" c:[Type == "http://schemas.microsoft.com/claims/authnmethodsreferences", Value == "http://schemas.microsoft.com/ws/2012/12/authmethod/phoneotp"] => add(Type = "urn:adfstk:mfalogon", Value = "true"); "@ } $mfaRules += @" @RuleName = "Exists RefedsMFA context class after successful Azure MFA with $($mfaRulesText -join '/')" NOT EXISTS([Type == "urn:adfstk:mfalogon"]) => issue(Type = "http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod", Value = "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"); "@ } else { # Check if the ADFSTK MFA Adapter is installed and add rules if so if ([string]::IsNullOrEmpty($Global:ADFSTKRefedsMFAUsernamePasswordAdapterInstalled)) { $Global:ADFSTKRefedsMFAUsernamePasswordAdapterInstalled = ![string]::IsNullOrEmpty((Get-AdfsAuthenticationProvider -Name RefedsMFAUsernamePasswordAdapter -WarningAction Ignore)) } if ($Global:ADFSTKRefedsMFAUsernamePasswordAdapterInstalled) { $mfaRules += @" @RuleName = "Assert Refeds MFA is compliant with" COUNT([Type == "http://schemas.microsoft.com/claims/authnmethodsproviders"]) == 1 && EXISTS([Type == "http://schemas.microsoft.com/claims/authnmethodsreferences", Value == "https://refeds.org/profile/mfa"]) => issue(Type = "http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod", Value = "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"); "@ } else { $mfaRules = $null } } return $mfaRules } # SIG # Begin signature block # MIIn1AYJKoZIhvcNAQcCoIInxTCCJ8ECAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCDV2sVaDKd3Ayhv # ic6vtRMX07HtMaYNHyLSFknQ14UEt6CCIN0wggXfMIIEx6ADAgECAhBOQOQ3VO3m # jAAAAABR05R/MA0GCSqGSIb3DQEBCwUAMIG+MQswCQYDVQQGEwJVUzEWMBQGA1UE # ChMNRW50cnVzdCwgSW5jLjEoMCYGA1UECxMfU2VlIHd3dy5lbnRydXN0Lm5ldC9s # ZWdhbC10ZXJtczE5MDcGA1UECxMwKGMpIDIwMDkgRW50cnVzdCwgSW5jLiAtIGZv # ciBhdXRob3JpemVkIHVzZSBvbmx5MTIwMAYDVQQDEylFbnRydXN0IFJvb3QgQ2Vy # dGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMjAeFw0yMTA1MDcxNTQzNDVaFw0zMDEx # MDcxNjEzNDVaMGkxCzAJBgNVBAYTAlVTMRYwFAYDVQQKDA1FbnRydXN0LCBJbmMu # MUIwQAYDVQQDDDlFbnRydXN0IENvZGUgU2lnbmluZyBSb290IENlcnRpZmljYXRp # b24gQXV0aG9yaXR5IC0gQ1NCUjEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK # AoICAQCngY/3FEW2YkPy2K7TJV5IT1G/xX2fUBw10dZ+YSqUGW0nRqSmGl33VFFq # gCLGqGZ1TVSDyV5oG6v2W2Swra0gvVTvRmttAudFrnX2joq5Mi6LuHccUk15iF+l # OhjJUCyXJy2/2gB9Y3/vMuxGh2Pbmp/DWiE2e/mb1cqgbnIs/OHxnnBNCFYVb5Cr # +0i6udfBgniFZS5/tcnA4hS3NxFBBuKK4Kj25X62eAUBw2DtTwdBLgoTSeOQm3/d # vfqsv2RR0VybtPVc51z/O5uloBrXfQmywrf/bhy8yH3m6Sv8crMU6UpVEoScRCV1 # HfYq8E+lID1oJethl3wP5bY9867DwRG8G47M4EcwXkIAhnHjWKwGymUfe5SmS1dn # DH5erXhnW1XjXuvH2OxMbobL89z4n4eqclgSD32m+PhCOTs8LOQyTUmM4OEAwjig # nPqEPkHcblauxhpb9GdoBQHNG7+uh7ydU/Yu6LZr5JnexU+HWKjSZR7IH9Vybu5Z # HFc7CXKd18q3kMbNe0WSkUIDTH0/yvKquMIOhvMQn0YupGaGaFpoGHApOBGAYGuK # Q6NzbOOzazf/5p1nAZKG3y9I0ftQYNVc/iHTAUJj/u9wtBfAj6ju08FLXxLq/f0u # DodEYOOp9MIYo+P9zgyEIg3zp3jak/PbOM+5LzPG/wc8Xr5F0wIDAQABo4IBKzCC # AScwDgYDVR0PAQH/BAQDAgGGMBIGA1UdEwEB/wQIMAYBAf8CAQEwHQYDVR0lBBYw # FAYIKwYBBQUHAwMGCCsGAQUFBwMIMDsGA1UdIAQ0MDIwMAYEVR0gADAoMCYGCCsG # AQUFBwIBFhpodHRwOi8vd3d3LmVudHJ1c3QubmV0L3JwYTAzBggrBgEFBQcBAQQn # MCUwIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmVudHJ1c3QubmV0MDAGA1UdHwQp # MCcwJaAjoCGGH2h0dHA6Ly9jcmwuZW50cnVzdC5uZXQvZzJjYS5jcmwwHQYDVR0O # BBYEFIK61j2Xzp/PceiSN6/9s7VpNVfPMB8GA1UdIwQYMBaAFGpyJnrQHu995ztp # UdRsjZ+QEmarMA0GCSqGSIb3DQEBCwUAA4IBAQAfXkEEtoNwJFMsVXMdZTrA7LR7 # BJheWTgTCaRZlEJeUL9PbG4lIJCTWEAN9Rm0Yu4kXsIBWBUCHRAJb6jU+5J+Nzg+ # LxR9jx1DNmSzZhNfFMylcfdbIUvGl77clfxwfREc0yHd0CQ5KcX+Chqlz3t57jpv # 3ty/6RHdFoMI0yyNf02oFHkvBWFSOOtg8xRofcuyiq3AlFzkJg4sit1Gw87kVlHF # VuOFuE2bRXKLB/GK+0m4X9HyloFdaVIk8Qgj0tYjD+uL136LwZNr+vFie1jpUJuX # bheIDeHGQ5jXgWG2hZ1H7LGerj8gO0Od2KIc4NR8CMKvdgb4YmZ6tvf6yK81MIIG # gzCCBGugAwIBAgIQNa+3e500H2r8j4RGqzE1KzANBgkqhkiG9w0BAQ0FADBpMQsw # CQYDVQQGEwJVUzEWMBQGA1UECgwNRW50cnVzdCwgSW5jLjFCMEAGA1UEAww5RW50 # cnVzdCBDb2RlIFNpZ25pbmcgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAt # IENTQlIxMB4XDTIxMDUwNzE5MTk1MloXDTQwMTIyOTIzNTkwMFowYzELMAkGA1UE # BhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xPDA6BgNVBAMTM0VudHJ1c3Qg # RXh0ZW5kZWQgVmFsaWRhdGlvbiBDb2RlIFNpZ25pbmcgQ0EgLSBFVkNTMjCCAiIw # DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAL69pznJpX3sXWXx9Cuph9DnrRrF # GjsYzuGhUY1y+s5YH1y4JEIPRtUxl9BKTeObMMm6l6ic/kU2zyeA53u4bsEkt9+n # dNyF8qMkWEXMlJQ7AuvEjXxG9VxmguOkwdMfrG4MUyMO1Dr62kLxg1RfNTJW8rV4 # m1cASB6pYWEnDnMDQ7bWcJL71IWaMMaz5ppeS+8dKthmqxZG/wvYD6aJSgJRV0E8 # QThOl8dRMm1njmahXk2fNSKv1Wq3f0BfaDXMafrxBfDqhabqMoXLwcHKg2lFSQbc # CWy6SWUZjPm3NyeMZJ414+Xs5wegnahyvG+FOiymFk49nM8I5oL1RH0owL2JrWwv # 3C94eRHXHHBL3Z0ITF4u+o29p91j9n/wUjGEbjrY2VyFRJ5jBmnQhlh4iZuHu1gc # pChsxv5pCpwerBFgal7JaWUu7UMtafF4tzstNfKqT+If4wFvkEaq1agNBFegtKzj # bb2dGyiAJ0bH2qpnlfHRh3vHyCXphAyPiTbSvjPhhcAz1aA8GYuvOPLlk4C/xsOr # e5PEPZ257kV2wNRobzBePLQ2+ddFQuASBoDbpSH85wV6KI20jmB798i1SkesFGaX # oFppcjFXa1OEzWG6cwcVcDt7AfynP4wtPYeM+wjX5S8Xg36Cq08J8inhflV3ZZQF # HVnUCt2TfuMUXeK7AgMBAAGjggErMIIBJzASBgNVHRMBAf8ECDAGAQH/AgEAMB0G # A1UdDgQWBBTOiU+CUaoVooRiyjEjYdJh+/j+eDAfBgNVHSMEGDAWgBSCutY9l86f # z3Hokjev/bO1aTVXzzAzBggrBgEFBQcBAQQnMCUwIwYIKwYBBQUHMAGGF2h0dHA6 # Ly9vY3NwLmVudHJ1c3QubmV0MDEGA1UdHwQqMCgwJqAkoCKGIGh0dHA6Ly9jcmwu # ZW50cnVzdC5uZXQvY3NicjEuY3JsMA4GA1UdDwEB/wQEAwIBhjATBgNVHSUEDDAK # BggrBgEFBQcDAzBEBgNVHSAEPTA7MDAGBFUdIAAwKDAmBggrBgEFBQcCARYaaHR0 # cDovL3d3dy5lbnRydXN0Lm5ldC9ycGEwBwYFZ4EMAQMwDQYJKoZIhvcNAQENBQAD # ggIBAD4AVLgq849mr2EWxFiTZPRBi2RVjRs1M6GbkdirRsqrX7y+fnDk0tcHqJYH # 14bRVwoI0NB4Tfgq37IE85rh13zwwQB6wUCh34qMt8u0HQFh8piapt24gwXKqSwW # 3JwtDv6nl+RQqZeVwUsqjFHjxALga3w1TVO8S5QTi1MYFl6mCqe4NMFssess5DF9 # DCzGfOGkVugtdtWyE3XqgwCuAHfGb6k97mMUgVAW/FtPEhkOWw+N6kvOBkyJS64g # zI5HpnXWZe4vMOhdNI8fgk1cQqbyFExQIJwJonQkXDnYiTKFPK+M5Wqe5gQ6pRP/ # qh3NR0suAgW0ao/rhU+B7wrbfZ8pj6XCP1I4UkGVO7w+W1QwQiMJY95QjYk1Rfqr # uA+Poq17ehGT8Y8ohHtoeUdq6GQpTR/0HS9tHsiUhjzTWpl6a3yrNfcrOUtPuT8W # ku8pjI2rrAEazHFEOctAPiASzghw40f+3IDXCADRC2rqIbV5ZhfpaqpW3c0VeLED # wBStPkcYde0KU0syk83/gLGQ1hPl5EF4Iu1BguUO37DOlSFF5osB0xn39CtVrNlW # c2MQ4LigbctUlpigmSFRBqqmDDorY8t52kO50hLM3o9VeukJ8+Ka0yXBezaS2uDl # UmfN4+ZUCqWd1HOj0y9dBmSFA3d/YNjCvHTJlZFot7d+YRl1MIIGrjCCBJagAwIB # AgIQBzY3tyRUfNhHrP0oZipeWzANBgkqhkiG9w0BAQsFADBiMQswCQYDVQQGEwJV # UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQu # Y29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3QgRzQwHhcNMjIwMzIz # MDAwMDAwWhcNMzcwMzIyMjM1OTU5WjBjMQswCQYDVQQGEwJVUzEXMBUGA1UEChMO # RGlnaUNlcnQsIEluYy4xOzA5BgNVBAMTMkRpZ2lDZXJ0IFRydXN0ZWQgRzQgUlNB # NDA5NiBTSEEyNTYgVGltZVN0YW1waW5nIENBMIICIjANBgkqhkiG9w0BAQEFAAOC # Ag8AMIICCgKCAgEAxoY1BkmzwT1ySVFVxyUDxPKRN6mXUaHW0oPRnkyibaCwzIP5 # WvYRoUQVQl+kiPNo+n3znIkLf50fng8zH1ATCyZzlm34V6gCff1DtITaEfFzsbPu # K4CEiiIY3+vaPcQXf6sZKz5C3GeO6lE98NZW1OcoLevTsbV15x8GZY2UKdPZ7Gnf # 2ZCHRgB720RBidx8ald68Dd5n12sy+iEZLRS8nZH92GDGd1ftFQLIWhuNyG7QKxf # st5Kfc71ORJn7w6lY2zkpsUdzTYNXNXmG6jBZHRAp8ByxbpOH7G1WE15/tePc5Os # LDnipUjW8LAxE6lXKZYnLvWHpo9OdhVVJnCYJn+gGkcgQ+NDY4B7dW4nJZCYOjgR # s/b2nuY7W+yB3iIU2YIqx5K/oN7jPqJz+ucfWmyU8lKVEStYdEAoq3NDzt9KoRxr # OMUp88qqlnNCaJ+2RrOdOqPVA+C/8KI8ykLcGEh/FDTP0kyr75s9/g64ZCr6dSgk # Qe1CvwWcZklSUPRR8zZJTYsg0ixXNXkrqPNFYLwjjVj33GHek/45wPmyMKVM1+mY # Slg+0wOI/rOP015LdhJRk8mMDDtbiiKowSYI+RQQEgN9XyO7ZONj4KbhPvbCdLI/ # Hgl27KtdRnXiYKNYCQEoAA6EVO7O6V3IXjASvUaetdN2udIOa5kM0jO0zbECAwEA # AaOCAV0wggFZMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFLoW2W1NhS9z # KXaaL3WMaiCPnshvMB8GA1UdIwQYMBaAFOzX44LScV1kTN8uZz/nupiuHA9PMA4G # A1UdDwEB/wQEAwIBhjATBgNVHSUEDDAKBggrBgEFBQcDCDB3BggrBgEFBQcBAQRr # MGkwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBBBggrBgEF # BQcwAoY1aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0VHJ1c3Rl # ZFJvb3RHNC5jcnQwQwYDVR0fBDwwOjA4oDagNIYyaHR0cDovL2NybDMuZGlnaWNl # cnQuY29tL0RpZ2lDZXJ0VHJ1c3RlZFJvb3RHNC5jcmwwIAYDVR0gBBkwFzAIBgZn # gQwBBAIwCwYJYIZIAYb9bAcBMA0GCSqGSIb3DQEBCwUAA4ICAQB9WY7Ak7ZvmKlE # IgF+ZtbYIULhsBguEE0TzzBTzr8Y+8dQXeJLKftwig2qKWn8acHPHQfpPmDI2Avl # XFvXbYf6hCAlNDFnzbYSlm/EUExiHQwIgqgWvalWzxVzjQEiJc6VaT9Hd/tydBTX # /6tPiix6q4XNQ1/tYLaqT5Fmniye4Iqs5f2MvGQmh2ySvZ180HAKfO+ovHVPulr3 # qRCyXen/KFSJ8NWKcXZl2szwcqMj+sAngkSumScbqyQeJsG33irr9p6xeZmBo1aG # qwpFyd/EjaDnmPv7pp1yr8THwcFqcdnGE4AJxLafzYeHJLtPo0m5d2aR8XKc6UsC # Uqc3fpNTrDsdCEkPlM05et3/JWOZJyw9P2un8WbDQc1PtkCbISFA0LcTJM3cHXg6 # 5J6t5TRxktcma+Q4c6umAU+9Pzt4rUyt+8SVe+0KXzM5h0F4ejjpnOHdI/0dKNPH # +ejxmF/7K9h+8kaddSweJywm228Vex4Ziza4k9Tm8heZWcpw8De/mADfIBZPJ/tg # ZxahZrrdVcA6KYawmKAr7ZVBtzrVFZgxtGIJDwq9gdkT/r+k0fNX2bwE+oLeMt8E # ifAAzV3C+dAjfwAL5HYCJtnwZXZCpimHCUcr5n8apIUP/JiW9lVUKx+A+sDyDivl # 1vupL0QVSucTDh3bNzgaoSv27dZ8/DCCBsYwggSuoAMCAQICEAp6SoieyZlCkAZj # OE2Gl50wDQYJKoZIhvcNAQELBQAwYzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDkRp # Z2lDZXJ0LCBJbmMuMTswOQYDVQQDEzJEaWdpQ2VydCBUcnVzdGVkIEc0IFJTQTQw # OTYgU0hBMjU2IFRpbWVTdGFtcGluZyBDQTAeFw0yMjAzMjkwMDAwMDBaFw0zMzAz # MTQyMzU5NTlaMEwxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5EaWdpQ2VydCwgSW5j # LjEkMCIGA1UEAxMbRGlnaUNlcnQgVGltZXN0YW1wIDIwMjIgLSAyMIICIjANBgkq # hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuSqWI6ZcvF/WSfAVghj0M+7MXGzj4CUu # 0jHkPECu+6vE43hdflw26vUljUOjges4Y/k8iGnePNIwUQ0xB7pGbumjS0joiUF/ # DbLW+YTxmD4LvwqEEnFsoWImAdPOw2z9rDt+3Cocqb0wxhbY2rzrsvGD0Z/NCcW5 # QWpFQiNBWvhg02UsPn5evZan8Pyx9PQoz0J5HzvHkwdoaOVENFJfD1De1FksRHTA # MkcZW+KYLo/Qyj//xmfPPJOVToTpdhiYmREUxSsMoDPbTSSF6IKU4S8D7n+FAsmG # 4dUYFLcERfPgOL2ivXpxmOwV5/0u7NKbAIqsHY07gGj+0FmYJs7g7a5/KC7CnuAL # S8gI0TK7g/ojPNn/0oy790Mj3+fDWgVifnAs5SuyPWPqyK6BIGtDich+X7Aa3Rm9 # n3RBCq+5jgnTdKEvsFR2wZBPlOyGYf/bES+SAzDOMLeLD11Es0MdI1DNkdcvnfv8 # zbHBp8QOxO9APhk6AtQxqWmgSfl14ZvoaORqDI/r5LEhe4ZnWH5/H+gr5BSyFtaB # ocraMJBr7m91wLA2JrIIO/+9vn9sExjfxm2keUmti39hhwVo99Rw40KV6J67m0uy # 4rZBPeevpxooya1hsKBBGBlO7UebYZXtPgthWuo+epiSUc0/yUTngIspQnL3ebLd # hOon7v59emsCAwEAAaOCAYswggGHMA4GA1UdDwEB/wQEAwIHgDAMBgNVHRMBAf8E # AjAAMBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMIMCAGA1UdIAQZMBcwCAYGZ4EMAQQC # MAsGCWCGSAGG/WwHATAfBgNVHSMEGDAWgBS6FtltTYUvcyl2mi91jGogj57IbzAd # BgNVHQ4EFgQUjWS3iSH+VlhEhGGn6m8cNo/drw0wWgYDVR0fBFMwUTBPoE2gS4ZJ # aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0VHJ1c3RlZEc0UlNBNDA5 # NlNIQTI1NlRpbWVTdGFtcGluZ0NBLmNybDCBkAYIKwYBBQUHAQEEgYMwgYAwJAYI # KwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBYBggrBgEFBQcwAoZM # aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0VHJ1c3RlZEc0UlNB # NDA5NlNIQTI1NlRpbWVTdGFtcGluZ0NBLmNydDANBgkqhkiG9w0BAQsFAAOCAgEA # DS0jdKbR9fjqS5k/AeT2DOSvFp3Zs4yXgimcQ28BLas4tXARv4QZiz9d5YZPvpM6 # 3io5WjlO2IRZpbwbmKrobO/RSGkZOFvPiTkdcHDZTt8jImzV3/ZZy6HC6kx2yqHc # oSuWuJtVqRprfdH1AglPgtalc4jEmIDf7kmVt7PMxafuDuHvHjiKn+8RyTFKWLbf # OHzL+lz35FO/bgp8ftfemNUpZYkPopzAZfQBImXH6l50pls1klB89Bemh2RPPkaJ # FmMga8vye9A140pwSKm25x1gvQQiFSVwBnKpRDtpRxHT7unHoD5PELkwNuTzqmkJ # qIt+ZKJllBH7bjLx9bs4rc3AkxHVMnhKSzcqTPNc3LaFwLtwMFV41pj+VG1/calI # GnjdRncuG3rAM4r4SiiMEqhzzy350yPynhngDZQooOvbGlGglYKOKGukzp123qlz # qkhqWUOuX+r4DwZCnd8GaJb+KqB0W2Nm3mssuHiqTXBt8CzxBxV+NbTmtQyimaXX # FWs1DoXW4CzM4AwkuHxSCx6ZfO/IyMWMWGmvqz3hz8x9Fa4Uv4px38qXsdhH6hyF # 4EVOEhwUKVjMb9N/y77BDkpvIJyu2XMyWQjnLZKhGhH+MpimXSuX4IvTnMxttQ2u # R2M4RxdbbxPaahBuH0m3RFu0CAqHWlkEdhGhp3cCExwwggbzMIIE26ADAgECAhAW # dy8OxRnHb5IdXyBiye3RMA0GCSqGSIb3DQEBCwUAMGMxCzAJBgNVBAYTAlVTMRYw # FAYDVQQKEw1FbnRydXN0LCBJbmMuMTwwOgYDVQQDEzNFbnRydXN0IEV4dGVuZGVk # IFZhbGlkYXRpb24gQ29kZSBTaWduaW5nIENBIC0gRVZDUzIwHhcNMjIwMzI5MjAx # ODAzWhcNMjMwMzI5MjAxODAzWjCBozELMAkGA1UEBhMCQ0ExEDAOBgNVBAgTB09u # dGFyaW8xDzANBgNVBAcTBk90dGF3YTETMBEGCysGAQQBgjc8AgEDEwJDQTEUMBIG # A1UEChMLQ0FOQVJJRSBJTkMxHTAbBgNVBA8TFFByaXZhdGUgT3JnYW5pemF0aW9u # MREwDwYDVQQFEwgyOTAyMDgtNzEUMBIGA1UEAxMLQ0FOQVJJRSBJTkMwggIiMA0G # CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC7QrVGr/0GFSjOKBtAIfg420mYYBts # T/eqfZigZeS4ZW6sykAZBX71qiU+1SqfMpfU+GY2oQAvGGq/1kBaKTukhT+wwEAH # 90wJeaMSzAhpl9Q8vSx0xRfXmKfxGG8cn6kuq9DZb9kKeKP2qWSFPJyS2y0F5pVh # Sp8hDvZxAeAKNAjoTDip55kMJm14/CkqU2biZ35prXMDMh7/29YWuFWX55zKOxEf # VWbbsRKGladcYtKXu1oqSh0XEhhFB1BLXBw1YdN2RgjXAIMxrsvNjQ7q8ZWHEMrg # vA/50X59x9vxQLS4ivT8RRLic+EW6BMoQ7tqlUwedFSLRsGRxs+7tLwt0FYjQQEY # ZEbqUpLCcrdco9QEWSI/xaY4sl7FS/F6HdISYpyeBlKjcsHVy5Cj7azh8UXVZYa4 # k+AeEseIB21/MQpynet1S1EuifGHMs0Zh8axQAbJ+rDlupWsRiO63WTAPt5OsL/u # EH20xZ/50m8sidF9tIZ1QrsLq8JFi99Zm+OncY3ysG2mQAgcsz3x7254Q2mHOSuD # WKDDXx6VCZ7ihmAEtnUbL1rCngdf4evV71tVyhf+4KTebjk03t6mpqYvjO3W7yuO # bH8NOVaAcYgOjUi0G9AN/vYwBZHfBAhikGO8pKxW6U/Krc2oQWaKpmGzKK1OpSVi # 5VZuB6has6Mm3wIDAQABo4IBYDCCAVwwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU # EB15NHKwwcMjbBDrbk8UA+4uHyswHwYDVR0jBBgwFoAUzolPglGqFaKEYsoxI2HS # Yfv4/ngwZwYIKwYBBQUHAQEEWzBZMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5l # bnRydXN0Lm5ldDAyBggrBgEFBQcwAoYmaHR0cDovL2FpYS5lbnRydXN0Lm5ldC9l # dmNzMi1jaGFpbi5wN2MwMQYDVR0fBCowKDAmoCSgIoYgaHR0cDovL2NybC5lbnRy # dXN0Lm5ldC9ldmNzMi5jcmwwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG # AQUFBwMDMEsGA1UdIAREMEIwNwYKYIZIAYb6bAoBAjApMCcGCCsGAQUFBwIBFhto # dHRwczovL3d3dy5lbnRydXN0Lm5ldC9ycGEwBwYFZ4EMAQMwDQYJKoZIhvcNAQEL # BQADggIBAIXuiHbQsWUCEhlA76KAYJCAbtiCXDerGtT1z27L+7/TcVUBOv2luPJ9 # C9qXVuQIwa0CTYNQ/kDKSkhWCJxivk4OPaGi5yONchUlHsLQFXQOLDvSFbIYjeUv # LAvOp30NgLyy7/Sw3SQsiSKmuLrKfSbNTqj0Lf48W+TQk5YD0TzDSSQG8+J4oVfY # yyFxoo4C9kAoh7gTjwtj01p5QLKeLYJG5lpH6EomLDftK9Pe0woz46smPdL+d9df # vA51O3jS/xHt4kBpqWcWOZ2C5ZGxydU6Ru+U7NVlHATRzAM/dxGJGqFCeTs1CpQF # 9vykl8iiSpPjzJ+CdrJbQ8gA0kCa+G7CagqQ3bkSMvRQllexC5HW6CiUKc8rJfZs # CGOpEqtrfuxbiUUZ2og8BOliaFHKZENurT73LtMNygx+yMcbaJkpfEheDJuGK82a # vSh9HFkyuJD3MI2MafN2OtyXyO/MsseiqHwpcRdwDZr0mkOrN9y1YOo62BYRVDVU # ep9X5lQ/MEA9c6iMgrQ4/E8kk4JoLC7pe21qAP1ICIbjS7g5t4cbPfeFBtvSZeMA # NKmlDXQkedoGOOnOxqCuhxc3a0LXB746Q/VF6hookZlTqDXuu6aeIdD3tpLt0Dx8 # D69FY2Si/eMdn6dKDsT7CXYFve0S1DDwrqhTIXI9wPojPbu8ZXPzMYIGTTCCBkkC # AQEwdzBjMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNRW50cnVzdCwgSW5jLjE8MDoG # A1UEAxMzRW50cnVzdCBFeHRlbmRlZCBWYWxpZGF0aW9uIENvZGUgU2lnbmluZyBD # QSAtIEVWQ1MyAhAWdy8OxRnHb5IdXyBiye3RMA0GCWCGSAFlAwQCAQUAoIGEMBgG # CisGAQQBgjcCAQwxCjAIoAKAAKECgAAwGQYJKoZIhvcNAQkDMQwGCisGAQQBgjcC # AQQwHAYKKwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkEMSIE # IDBdOX3pXAonS/JcFnF8N92XAHfcKH83q6rSMag1c7orMA0GCSqGSIb3DQEBAQUA # BIICAAhen20Kwp1vpNmpKqiDXUfqDRQHPnpssQJfq6r7RZin/L0Wmlt0WjS6hMz1 # pojpsTjLy+hTDKrmAZBms7Kgt+a4h4tcocmZIUKQh/XicmLWvAhmI5wBXIX6N9gO # ej1FKg4tWKZV/pQNpkPIbO4eLTV1qdA75qj8unXRJBnq838ixTypE95EcZpjAy5T # NDQy5nict65MA+IHO4ZBsVe1LM0l4sW5DKzE/TybdO5qw8PC7ylX2ez8QGEgczB3 # 6RLcCCRco5IRoZhKVgiFnaXosN7G2ILTF3xbOTgI56y3nTXcG7W8AUGka/RiYD/z # SEh94HXZU3Pmqu6ATXuOMhJHh5/w9psU6ANb/d2jAkn/Wfs79iD2vZAVgWtad91w # NUSzFQQq3NDETL7bewPwyDxEXTHy5mOvb6bu5g3xqmJVJemaZ3E0qtdAEVIFgNtA # 44TBOddS5vXot1L2q5AmV0fTbAaVc+1hoCDLAJW+II3ShjzwfWwHMoK226XOqoE2 # z2uz149rE+9AGDuEe+RlKpU2kh8PLtJk942q5+AsSTUGepmONSrv9xLDbqtI6PPQ # PBdaKIzpXshEv4sUHci7HjvnCmeWD6+jlJ42cP6XOZ+XuZyisuFK60BbpVzPPYJF # qBS7zbs3+ijn8OtuyhYDfI/VrpTHltJn1uyVfi6E+k1WFNGXoYIDIDCCAxwGCSqG # SIb3DQEJBjGCAw0wggMJAgEBMHcwYzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDkRp # Z2lDZXJ0LCBJbmMuMTswOQYDVQQDEzJEaWdpQ2VydCBUcnVzdGVkIEc0IFJTQTQw # OTYgU0hBMjU2IFRpbWVTdGFtcGluZyBDQQIQCnpKiJ7JmUKQBmM4TYaXnTANBglg # hkgBZQMEAgEFAKBpMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcN # AQkFMQ8XDTIyMDUxOTE1NDcwMFowLwYJKoZIhvcNAQkEMSIEIN6M7TrsAAyK+fQ0 # 19hZq+jqr0wMF5be1pCNhyuTmCvFMA0GCSqGSIb3DQEBAQUABIICADQpaYkAunfd # umSTOj4Nsq4sTFccgYF5d5/olWe8ABkWdpUjt/Fv9DuPUjkv4dEWtj1/b48sLwlb # p85uFk9/RsAl3b8j/5IDT8qv/xEj/A+PSSuhW0FVyHakdJSYFKh8B2vciX/VKzap # 1lhq6EFsVy7IcPI6a5bTFQOULZ4QuNuFqAtIZ9wd4y1XrOzYh5IgoFpwHXkyCgMl # 70djW6cWjgcbKOODKeCgzYkQ5jti633EdNTuwUR2ckwoDvRWUik5PzT7nQcjIL2o # 9vMr1Fn6FvFfPzSLABp0LyHHu7T3343A7rg6/261s8eRpVvFs7yYuvzYM+05axQl # GXOphCHIDn6OBrzWDY7t7hXmtRhi1kqvCLhkiR89EDFHBwq5KEuI8dYAUNz6Sz6J # LKl0l4hAefwWDDVGZijE24gCRL37dXQw7ajV1brmiarFYbn6gTh/vIE+fFDXNnlj # kHPq7zlvv34SOMl3H2FuNTMGL9I6AkxqwsEJn8G7e5KbWY95m6XWJxEEW8UW7zgy # p4jb0vNtl7s923pqx8unfNVGS3k7HgL0F3EJKMEK12CXhrdnLBPinP/bpygfbp6D # Jp5+UXRXKicGoe/Ab9lHV+eTtQvalQYS1XX8G99wGem8pz60+kRqdb1iVku677z5 # vyxljkqDDuE+tP7G66VEAM2JVRvBMejx # SIG # End signature block |