Framework/Core/SVT/ADO/ADO.User.ps1
|
Set-StrictMode -Version Latest class User: ADOSVTBase { User([string] $organizationName, [SVTResource] $svtResource): Base($organizationName, $svtResource) { } hidden [ControlResult] CheckPATAccessLevel([ControlResult] $controlResult) { $apiURL = "https://vssps.dev.azure.com/{0}/_apis/Token/SessionTokens?displayFilterOption=1&createdByOption=3&sortByOption=3&isSortAscending=false&startRowNumber=1&pageSize=100&api-version=5.0-preview.1" -f $($this.OrganizationContext.OrganizationName); $responseObj = [WebRequestHelper]::InvokeGetWebRequest($apiURL); $controlResult.AddMessage("Currently this control evaluates PATs for all the organizations the user has access to.") try { if ($responseObj.Count -gt 0) { $AccessPATList = $responseObj | Where-Object { $_.validto -gt $(Get-Date -Format "yyyy-MM-dd") } $AccessPATListCount = ($AccessPATList | Measure-Object).Count if ($AccessPATListCount -gt 0) { $controlResult.AddMessage("Total number of active user PATs: $($AccessPATListCount)"); $controlResult.AdditionalInfo += "Total number of active user PATs: " + $AccessPATListCount; $statusSet = $false # Use this variable to check whether scanStaus is already set $fullAccessPATList = $AccessPATList | Where-Object { $_.scope -eq "app_token" } $fullAccessPATListCount = ($fullAccessPATList | Measure-Object).Count if ($fullAccessPATListCount -gt 0) { $controlResult.AddMessage("`nTotal number of PATs configured with full access: $($fullAccessPATListCount)"); $controlResult.AdditionalInfo += "Total number of PATs configured with full access: " + $fullAccessPATListCount; $fullAccessPATNames = $fullAccessPATList | Select-Object displayName, scope $controlResult.AddMessage([VerificationResult]::Failed, "The following PATs have been configured with full access: ", $fullAccessPATNames); $statusSet = $true } $remainingPATList = $AccessPATList | Where-Object { $_.scope -ne "app_token" } $remainingPATListCount = ($remainingPATList | Measure-Object).Count if ($remainingPATListCount -gt 0){ $controlResult.AddMessage("`nTotal number of PATs configured with custom defined access: $remainingPATListCount"); $controlResult.AdditionalInfo += "Total number of PATs configured with custom defined access: " + $remainingPATListCount; $remainingAccessPATNames = $remainingPATList | Select-Object displayName, scope if ($statusSet) { $controlResult.AddMessage("The following PATs have been configured with custom defined access: ", $remainingAccessPATNames) } else { $controlResult.AddMessage([VerificationResult]::Verify, "Verify that the following PATs have minimum required permissions: ", $remainingAccessPATNames) } } } else { $controlResult.AddMessage([VerificationResult]::Passed, "No active PATs found"); } } else { $controlResult.AddMessage([VerificationResult]::Passed, "No PATs found"); } } catch { $controlResult.AddMessage([VerificationResult]::Error, "Could not fetch the list of PATs"); $controlResult.LogException($_) } return $controlResult; } hidden [ControlResult] CheckAltCred([ControlResult] $controlResult) { $apiURL = "https://dev.azure.com/{0}/_apis/Contribution/dataProviders/query?api-version=5.1-preview.1" -f $($this.OrganizationContext.OrganizationName); $inputbody = '{"contributionIds": ["ms.vss-admin-web.alternate-credentials-data-provider","ms.vss-admin-web.action-url-data-provider"]}' | ConvertFrom-Json $responseObj = [WebRequestHelper]::InvokePostWebRequest($apiURL, $inputbody); if ([Helpers]::CheckMember($responseObj, "data"), $responseObj.data.'ms.vss-admin-web.alternate-credentials-data-provider') { if ((-not $responseObj.data.'ms.vss-admin-web.alternate-credentials-data-provider'.alternateCredentialsModel.basicAuthenticationDisabled) -or (-not $responseObj.data.'ms.vss-admin-web.alternate-credentials-data-provider'.alternateCredentialsModel.basicAuthenticationDisabledOnAccount)) { $controlResult.AddMessage([VerificationResult]::Passed, "Alt credential is disabled"); } else { $controlResult.AddMessage([VerificationResult]::Passed, "Alt credential is enabled"); } } else { $controlResult.AddMessage([VerificationResult]::Manual, "Alt credential not found"); } return $controlResult } hidden [ControlResult] ValidatePATExpiryPeriod([ControlResult] $controlResult) { $controlResult.AddMessage("Currently this control evaluates PATs for all the organizations the user has access to.") try { $apiURL = "https://vssps.dev.azure.com/{0}/_apis/Token/SessionTokens?displayFilterOption=1&createdByOption=3&sortByOption=3&isSortAscending=false&startRowNumber=1&pageSize=100&api-version=5.0-preview.1" -f $($this.OrganizationContext.OrganizationName); $responseObj = [WebRequestHelper]::InvokeGetWebRequest($apiURL); if ($responseObj.Count -gt 0) { $AccessPATList = $responseObj | Where-Object { $_.validto -gt $(Get-Date -Format "yyyy-MM-dd") } if (($AccessPATList | Measure-Object).Count -gt 0) { $res = $AccessPATList | Where-Object {(New-Timespan -Start $_.ValidFrom -End $_.ValidTo).Days -gt 180 } if (($res | Measure-Object).Count -gt 0) { $PATList = ($res | Select-Object -Property @{Name = "Name"; Expression = { $_.displayName } }, @{Name = "ValidFrom"; Expression = { $_.validfrom } }, @{Name = "ValidTo"; Expression = { $_.validto } }, @{Name = "ValidationPeriod"; Expression = { (New-Timespan -Start $_.ValidFrom -End $_.ValidTo).Days } }); $controlResult.AddMessage([VerificationResult]::Failed, "The following PATs have validity period of more than 180 days: ", $PATList) $PATListCount = ($PATList | Measure-Object).Count $controlResult.AdditionalInfo += "Total number of PATs that have validity period of more than 180 days: " + $PATListCount; $controlResult.AdditionalInfo += "List of PATs that have validity period of more than 180 days: " + [JsonHelper]::ConvertToJsonCustomCompressed($PATList); } else { $controlResult.AddMessage([VerificationResult]::Passed, "No PATs have been found with validity period of more than 180 days.") } } else { $controlResult.AddMessage([VerificationResult]::Passed, "No active PATs have been found.") } } else { $controlResult.AddMessage([VerificationResult]::Passed, "No PATs have been found."); } } catch { $controlResult.AddMessage([VerificationResult]::Error, "Could not fetch the list of PATs."); $controlResult.LogException($_) } return $controlResult; } hidden [ControlResult] CheckPATExpiration([ControlResult] $controlResult) { $controlResult.AddMessage("Currently this control evaluates PATs for all the organizations the user has access to.") try { $apiURL = "https://vssps.dev.azure.com/{0}/_apis/Token/SessionTokens?displayFilterOption=1&createdByOption=3&sortByOption=3&isSortAscending=false&startRowNumber=1&pageSize=100&api-version=5.0-preview.1" -f $($this.OrganizationContext.OrganizationName); $responseObj = [WebRequestHelper]::InvokeGetWebRequest($apiURL); if ($responseObj.Count -gt 0) { $date = Get-Date; $AccessPATList = $responseObj | Where-Object { $_.validto -gt $(Get-Date -Format "yyyy-MM-dd") } if (($AccessPATList | Measure-Object).Count -gt 0) { $PATExpri7Days = $AccessPATList | Where-Object { (New-Timespan -Start $date -End $_.validto ).Days -lt 8 }; $PATExpri30Days = $AccessPATList | Where-Object { ((New-Timespan -Start $date -End $_.validto).Days -gt 7) -and ((New-Timespan -Start $date -End $_.validto).Days -lt 31) }; $PATOther = $AccessPATList | Where-Object { ((New-Timespan -Start $date -End $_.validto).Days -gt 30) }; if (($PATExpri7Days | Measure-Object).Count -gt 0) { $PAT7List = ($PATExpri7Days | Select-Object -Property @{Name = "Name"; Expression = { $_.displayName } }, @{Name = "ValidFrom"; Expression = { $_.validfrom } }, @{Name = "ValidTo"; Expression = { $_.validto } }, @{Name = "Remaining"; Expression = { (New-Timespan -Start $date -End $_.validto).Days } }); $controlResult.AddMessage("The following PATs expire within 7 days: ", $PAT7List ) $controlResult.AdditionalInfo += "Total number of PATs that will expire within 7 days: " + ($PAT7List | Measure-Object).Count; } if (($PATExpri30Days | Measure-Object).Count -gt 0) { $PAT30List = ($PATExpri30Days | Select-Object -Property @{Name = "Name"; Expression = { $_.displayName } }, @{Name = "ValidFrom"; Expression = { $_.validfrom } }, @{Name = "ValidTo"; Expression = { $_.validto } }, @{Name = "Remaining"; Expression = { (New-Timespan -Start $date -End $_.validto).Days } }); $controlResult.AddMessage("The following PATs expire after 7 days but within 30 days: ", $PAT30List ) $controlResult.AdditionalInfo += "Total number of PATs that will expire after 7 days but within 30 days: " + ($PAT30List | Measure-Object).Count; } if (($PATOther | Measure-Object).Count -gt 0) { $PATOList = ($PATOther | Select-Object -Property @{Name = "Name"; Expression = { $_.displayName } }, @{Name = "ValidFrom"; Expression = { $_.validfrom } }, @{Name = "ValidTo"; Expression = { $_.validto } }, @{Name = "Remaining"; Expression = { (New-Timespan -Start $date -End $_.validto).Days } }); $controlResult.AddMessage("The following PATs expire after 30 days: ", $PATOList ) $controlResult.AdditionalInfo += "Total number of PATs that will expire after 30 days: " + ($PATOList | Measure-Object).Count; } if (($PATExpri7Days | Measure-Object).Count -gt 0) { $controlResult.VerificationResult = [VerificationResult]::Failed } elseif (($PATExpri30Days | Measure-Object).Count -gt 0) { $controlResult.VerificationResult = [VerificationResult]::Verify } else { $controlResult.AddMessage([VerificationResult]::Passed, "No PATs have been found which expire within 30 days.") } } else { $controlResult.AddMessage([VerificationResult]::Passed, "No active PATs have been found.") } } else { $controlResult.AddMessage([VerificationResult]::Passed, "No PATs have been found."); } } catch { $controlResult.AddMessage([VerificationResult]::Error, "Could not fetch the list of PATs."); $controlResult.LogException($_) } return $controlResult; } hidden [ControlResult] CheckPATOrgAccess([ControlResult] $controlResult) { $apiURL = "https://{0}.vssps.visualstudio.com/_apis/Token/SessionTokens?displayFilterOption=1&createdByOption=3&sortByOption=3&isSortAscending=false&startRowNumber=1&pageSize=100&api-version=5.0-preview.1" -f $($this.OrganizationContext.OrganizationName); $responseObj = [WebRequestHelper]::InvokeGetWebRequest($apiURL); $controlResult.AddMessage("Currently this control evaluates PATs for all the organizations the user has access to.") try { if ($responseObj.Count -gt 0) { $AccessPATList = $responseObj | Where-Object { $_.validto -gt $(Get-Date -Format "yyyy-MM-dd") } $AccessPATListCount = ($AccessPATList | Measure-Object).Count $allOrgPATCount = 0; #counter to store number of PATs that are accessible to all orgs. $allOrgPAT = @() #list to capture PAts accessible to all orgs. if ($AccessPATListCount -gt 0) { $controlResult.AddMessage("Total number of active user PATs: $($AccessPATListCount)"); $AccessPATList | ForEach-Object{ if([string]::IsNullOrWhiteSpace($_.targetAccounts)) #if a PAT is tied to a single org, value of targetAccounts is equal to org id. If its accessible to all orgs, this value is null. { $allOrgPATCount ++; $allOrgPAT += $_.DisplayName } } if($allOrgPATCount -gt 0) { $controlResult.AddMessage("Total number of active PATs accessible to all organizations: $($allOrgPATCount)"); $controlResult.AddMessage([VerificationResult]::Failed, "The below active PATs are accessible to all organizations: ", $allOrgPAT); $controlResult.AdditionalInfo += "Total number of active PATs accessible to all organizations: " + $allOrgPATCount; $controlResult.AdditionalInfo += "List of active PATs accessible to all organizations: " + [JsonHelper]::ConvertToJsonCustomCompressed($allOrgPAT); } else { $controlResult.AddMessage([VerificationResult]::Passed, "No active PATs are accessible to all organizations."); } } else { $controlResult.AddMessage([VerificationResult]::Passed, "No active PATs found."); } } else { $controlResult.AddMessage([VerificationResult]::Passed, "No PATs found."); } } catch { $controlResult.AddMessage([VerificationResult]::Error, "Could not fetch the list of PATs"); $controlResult.LogException($_) } return $controlResult; } hidden [ControlResult] CheckPATCriticalPermissions([ControlResult] $controlResult) { $controlResult.AddMessage("Currently this control evaluates PATs for all the organizations the user has access to.") try { $apiURL = "https://vssps.dev.azure.com/{0}/_apis/Token/SessionTokens?displayFilterOption=1&createdByOption=3&sortByOption=3&isSortAscending=false&startRowNumber=1&pageSize=100&api-version=5.0-preview.1" -f $($this.OrganizationContext.OrganizationName); $responseObj = [WebRequestHelper]::InvokeGetWebRequest($apiURL); if(($null -ne $this.ControlSettings) -and [Helpers]::CheckMember($this.ControlSettings, "CriticalPATPermissions")) { $patterns = $this.ControlSettings.CriticalPATPermissions if ($responseObj.Count -gt 0) { $AccessPATList = $responseObj | Where-Object { $_.validto -gt $(Get-Date -Format "yyyy-MM-dd") } $AccessPATListCount = ($AccessPATList | Measure-Object).Count if ($AccessPATListCount -gt 0) { $fullAccessPATList = $AccessPATList | Where-Object { $_.scope -eq "app_token" } $customAccessPATList = $AccessPATList | Where-Object { $_.scope -ne "app_token" } $fullAccessPATListCount = ($fullAccessPATList | Measure-Object).Count $PATWithCriticalAccess = @(); if(($patterns | Measure-Object).Count -gt 0) { $controlResult.AddMessage("`nNote: The following permission scopes are considered as 'critical': `n`t[$($patterns -join ', ')]"); foreach ($pat in $customAccessPATList) { foreach ($item in $patterns) { if($pat.scope.contains($item)) { $PATWithCriticalAccess += $pat break; } } } } $PATWithCriticalAccessCount = ($PATWithCriticalAccess | Measure-Object).Count if (($PATWithCriticalAccessCount -gt 0) -or ($fullAccessPATListCount -gt 0)) { $controlResult.AddMessage([VerificationResult]::Failed, "`nUser has PATs that are configured with critical permissions."); if ($PATWithCriticalAccessCount -gt 0) { $controlResult.AddMessage("`nTotal number of PATs configured with critical permissions: $($PATWithCriticalAccessCount)"); $controlResult.AdditionalInfo += "Total number of PATs configured with critical permissions: " + $PATWithCriticalAccessCount; $criticalPAT = $PATWithCriticalAccess | Select-Object displayName, scope $controlResult.AddMessage("List of PATs configured with critical permissions: ", $criticalPAT); } if ($fullAccessPATListCount -gt 0) { $controlResult.AddMessage([VerificationResult]::Failed, "`nTotal number of PATs configured with full access: $($fullAccessPATListCount)"); $controlResult.AdditionalInfo += "Total number of PATs configured with full access: " + $fullAccessPATListCount; $fullAccessPAT = $fullAccessPATList | Select-Object displayName, scope $controlResult.AddMessage("List of PATs configured with full access: ", $fullAccessPAT); } } else { $controlResult.AddMessage([VerificationResult]::Passed, "No PATs are configured with critical permissions."); $controlResult.AdditionalInfo += "No PATs are configured with critical permissionss."; } } else { $controlResult.AddMessage([VerificationResult]::Passed, "No active PATs found."); } } else { $controlResult.AddMessage([VerificationResult]::Passed, "No PATs found."); } } else { $controlResult.AddMessage([VerificationResult]::Manual, "Critical permission scopes for PAT are not defined in your organization."); } } catch { $controlResult.AddMessage([VerificationResult]::Error, "Could not fetch the list of PATs."); $controlResult.LogException($_) } return $controlResult; } } # SIG # Begin signature block # MIInoAYJKoZIhvcNAQcCoIInkTCCJ40CAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCCtWC76D9V/3Ecc # DlIRztw4fp1oWQ9YtOxj35pNs54Cl6CCDYEwggX/MIID56ADAgECAhMzAAACUosz # qviV8znbAAAAAAJSMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMRMwEQYD # VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNpZ25p # bmcgUENBIDIwMTEwHhcNMjEwOTAyMTgzMjU5WhcNMjIwOTAxMTgzMjU5WjB0MQsw # CQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9u # ZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYDVQQDExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB # AQDQ5M+Ps/X7BNuv5B/0I6uoDwj0NJOo1KrVQqO7ggRXccklyTrWL4xMShjIou2I # sbYnF67wXzVAq5Om4oe+LfzSDOzjcb6ms00gBo0OQaqwQ1BijyJ7NvDf80I1fW9O # L76Kt0Wpc2zrGhzcHdb7upPrvxvSNNUvxK3sgw7YTt31410vpEp8yfBEl/hd8ZzA # v47DCgJ5j1zm295s1RVZHNp6MoiQFVOECm4AwK2l28i+YER1JO4IplTH44uvzX9o # RnJHaMvWzZEpozPy4jNO2DDqbcNs4zh7AWMhE1PWFVA+CHI/En5nASvCvLmuR/t8 # q4bc8XR8QIZJQSp+2U6m2ldNAgMBAAGjggF+MIIBejAfBgNVHSUEGDAWBgorBgEE # AYI3TAgBBggrBgEFBQcDAzAdBgNVHQ4EFgQUNZJaEUGL2Guwt7ZOAu4efEYXedEw # UAYDVR0RBEkwR6RFMEMxKTAnBgNVBAsTIE1pY3Jvc29mdCBPcGVyYXRpb25zIFB1 # ZXJ0byBSaWNvMRYwFAYDVQQFEw0yMzAwMTIrNDY3NTk3MB8GA1UdIwQYMBaAFEhu # ZOVQBdOCqhc3NyK1bajKdQKVMFQGA1UdHwRNMEswSaBHoEWGQ2h0dHA6Ly93d3cu # bWljcm9zb2Z0LmNvbS9wa2lvcHMvY3JsL01pY0NvZFNpZ1BDQTIwMTFfMjAxMS0w # Ny0wOC5jcmwwYQYIKwYBBQUHAQEEVTBTMFEGCCsGAQUFBzAChkVodHRwOi8vd3d3 # Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NlcnRzL01pY0NvZFNpZ1BDQTIwMTFfMjAx # MS0wNy0wOC5jcnQwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQsFAAOCAgEAFkk3 # uSxkTEBh1NtAl7BivIEsAWdgX1qZ+EdZMYbQKasY6IhSLXRMxF1B3OKdR9K/kccp # kvNcGl8D7YyYS4mhCUMBR+VLrg3f8PUj38A9V5aiY2/Jok7WZFOAmjPRNNGnyeg7 # l0lTiThFqE+2aOs6+heegqAdelGgNJKRHLWRuhGKuLIw5lkgx9Ky+QvZrn/Ddi8u # TIgWKp+MGG8xY6PBvvjgt9jQShlnPrZ3UY8Bvwy6rynhXBaV0V0TTL0gEx7eh/K1 # o8Miaru6s/7FyqOLeUS4vTHh9TgBL5DtxCYurXbSBVtL1Fj44+Od/6cmC9mmvrti # yG709Y3Rd3YdJj2f3GJq7Y7KdWq0QYhatKhBeg4fxjhg0yut2g6aM1mxjNPrE48z # 6HWCNGu9gMK5ZudldRw4a45Z06Aoktof0CqOyTErvq0YjoE4Xpa0+87T/PVUXNqf # 7Y+qSU7+9LtLQuMYR4w3cSPjuNusvLf9gBnch5RqM7kaDtYWDgLyB42EfsxeMqwK # WwA+TVi0HrWRqfSx2olbE56hJcEkMjOSKz3sRuupFCX3UroyYf52L+2iVTrda8XW # esPG62Mnn3T8AuLfzeJFuAbfOSERx7IFZO92UPoXE1uEjL5skl1yTZB3MubgOA4F # 8KoRNhviFAEST+nG8c8uIsbZeb08SeYQMqjVEmkwggd6MIIFYqADAgECAgphDpDS # AAAAAAADMA0GCSqGSIb3DQEBCwUAMIGIMQswCQYDVQQGEwJVUzETMBEGA1UECBMK # V2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0 # IENvcnBvcmF0aW9uMTIwMAYDVQQDEylNaWNyb3NvZnQgUm9vdCBDZXJ0aWZpY2F0 # ZSBBdXRob3JpdHkgMjAxMTAeFw0xMTA3MDgyMDU5MDlaFw0yNjA3MDgyMTA5MDla # MH4xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdS # ZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMT # H01pY3Jvc29mdCBDb2RlIFNpZ25pbmcgUENBIDIwMTEwggIiMA0GCSqGSIb3DQEB # AQUAA4ICDwAwggIKAoICAQCr8PpyEBwurdhuqoIQTTS68rZYIZ9CGypr6VpQqrgG # OBoESbp/wwwe3TdrxhLYC/A4wpkGsMg51QEUMULTiQ15ZId+lGAkbK+eSZzpaF7S # 35tTsgosw6/ZqSuuegmv15ZZymAaBelmdugyUiYSL+erCFDPs0S3XdjELgN1q2jz # y23zOlyhFvRGuuA4ZKxuZDV4pqBjDy3TQJP4494HDdVceaVJKecNvqATd76UPe/7 # 4ytaEB9NViiienLgEjq3SV7Y7e1DkYPZe7J7hhvZPrGMXeiJT4Qa8qEvWeSQOy2u # M1jFtz7+MtOzAz2xsq+SOH7SnYAs9U5WkSE1JcM5bmR/U7qcD60ZI4TL9LoDho33 # X/DQUr+MlIe8wCF0JV8YKLbMJyg4JZg5SjbPfLGSrhwjp6lm7GEfauEoSZ1fiOIl # XdMhSz5SxLVXPyQD8NF6Wy/VI+NwXQ9RRnez+ADhvKwCgl/bwBWzvRvUVUvnOaEP # 6SNJvBi4RHxF5MHDcnrgcuck379GmcXvwhxX24ON7E1JMKerjt/sW5+v/N2wZuLB # l4F77dbtS+dJKacTKKanfWeA5opieF+yL4TXV5xcv3coKPHtbcMojyyPQDdPweGF # RInECUzF1KVDL3SV9274eCBYLBNdYJWaPk8zhNqwiBfenk70lrC8RqBsmNLg1oiM # CwIDAQABo4IB7TCCAekwEAYJKwYBBAGCNxUBBAMCAQAwHQYDVR0OBBYEFEhuZOVQ # BdOCqhc3NyK1bajKdQKVMBkGCSsGAQQBgjcUAgQMHgoAUwB1AGIAQwBBMAsGA1Ud # DwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFHItOgIxkEO5FAVO # 4eqnxzHRI4k0MFoGA1UdHwRTMFEwT6BNoEuGSWh0dHA6Ly9jcmwubWljcm9zb2Z0 # LmNvbS9wa2kvY3JsL3Byb2R1Y3RzL01pY1Jvb0NlckF1dDIwMTFfMjAxMV8wM18y # Mi5jcmwwXgYIKwYBBQUHAQEEUjBQME4GCCsGAQUFBzAChkJodHRwOi8vd3d3Lm1p # Y3Jvc29mdC5jb20vcGtpL2NlcnRzL01pY1Jvb0NlckF1dDIwMTFfMjAxMV8wM18y # Mi5jcnQwgZ8GA1UdIASBlzCBlDCBkQYJKwYBBAGCNy4DMIGDMD8GCCsGAQUFBwIB # FjNodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2RvY3MvcHJpbWFyeWNw # cy5odG0wQAYIKwYBBQUHAgIwNB4yIB0ATABlAGcAYQBsAF8AcABvAGwAaQBjAHkA # XwBzAHQAYQB0AGUAbQBlAG4AdAAuIB0wDQYJKoZIhvcNAQELBQADggIBAGfyhqWY # 4FR5Gi7T2HRnIpsLlhHhY5KZQpZ90nkMkMFlXy4sPvjDctFtg/6+P+gKyju/R6mj # 82nbY78iNaWXXWWEkH2LRlBV2AySfNIaSxzzPEKLUtCw/WvjPgcuKZvmPRul1LUd # d5Q54ulkyUQ9eHoj8xN9ppB0g430yyYCRirCihC7pKkFDJvtaPpoLpWgKj8qa1hJ # Yx8JaW5amJbkg/TAj/NGK978O9C9Ne9uJa7lryft0N3zDq+ZKJeYTQ49C/IIidYf # wzIY4vDFLc5bnrRJOQrGCsLGra7lstnbFYhRRVg4MnEnGn+x9Cf43iw6IGmYslmJ # aG5vp7d0w0AFBqYBKig+gj8TTWYLwLNN9eGPfxxvFX1Fp3blQCplo8NdUmKGwx1j # NpeG39rz+PIWoZon4c2ll9DuXWNB41sHnIc+BncG0QaxdR8UvmFhtfDcxhsEvt9B # xw4o7t5lL+yX9qFcltgA1qFGvVnzl6UJS0gQmYAf0AApxbGbpT9Fdx41xtKiop96 # eiL6SJUfq/tHI4D1nvi/a7dLl+LrdXga7Oo3mXkYS//WsyNodeav+vyL6wuA6mk7 # r/ww7QRMjt/fdW1jkT3RnVZOT7+AVyKheBEyIXrvQQqxP/uozKRdwaGIm1dxVk5I # RcBCyZt2WwqASGv9eZ/BvW1taslScxMNelDNMYIZdTCCGXECAQEwgZUwfjELMAkG # A1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQx # HjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEoMCYGA1UEAxMfTWljcm9z # b2Z0IENvZGUgU2lnbmluZyBQQ0EgMjAxMQITMwAAAlKLM6r4lfM52wAAAAACUjAN # BglghkgBZQMEAgEFAKCBsDAZBgkqhkiG9w0BCQMxDAYKKwYBBAGCNwIBBDAcBgor # BgEEAYI3AgELMQ4wDAYKKwYBBAGCNwIBFTAvBgkqhkiG9w0BCQQxIgQgaDl7n3L8 # 1eP918lQTxbd+faUZ+mXwUVMANpGZojVm5kwRAYKKwYBBAGCNwIBDDE2MDSgFIAS # AE0AaQBjAHIAbwBzAG8AZgB0oRyAGmh0dHBzOi8vd3d3Lm1pY3Jvc29mdC5jb20g # MA0GCSqGSIb3DQEBAQUABIIBAEFy7JAxewzrl0gqntEeEY+Yj/yT80xjUzAWq5Kw # BO5bnSEwlW5xQR0xBMvmQ1Fg2esN9DnZaA1lfO3P6c1V95Mxih8emxT8t/dWrNMz # oDIl6AO2Xy4wK1tbR1ZWS3NQ7KVDlcsVHFS2fWcGAn3QOXLI0gpATljEoDl1TFTA # FgxUOhEpzmbqj0dyR169TkHanQg+cCTP18V+iF57a3oaXjgHgXx96G+9SKFOqVNc # n666YJZVl0ZZLWugeCuLsJacnciVkfjnuddGuzcUauodYpvk61xUtYKVduz2iBa5 # WG82oHdq7ohnq4NKYDY8R14h493DlbGxzdg6PzSqXQsejaShghb9MIIW+QYKKwYB # BAGCNwMDATGCFukwghblBgkqhkiG9w0BBwKgghbWMIIW0gIBAzEPMA0GCWCGSAFl # AwQCAQUAMIIBUQYLKoZIhvcNAQkQAQSgggFABIIBPDCCATgCAQEGCisGAQQBhFkK # AwEwMTANBglghkgBZQMEAgEFAAQgkQj0ExHW2EKu1VFXUsCUJJZzbDnL7SdBfCZo # BHlcAKACBmH67Bz8fRgTMjAyMjAyMTUwNzE2NDIuODc3WjAEgAIB9KCB0KSBzTCB # yjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1Jl # ZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjElMCMGA1UECxMc # TWljcm9zb2Z0IEFtZXJpY2EgT3BlcmF0aW9uczEmMCQGA1UECxMdVGhhbGVzIFRT # UyBFU046N0JGMS1FM0VBLUI4MDgxJTAjBgNVBAMTHE1pY3Jvc29mdCBUaW1lLVN0 # YW1wIFNlcnZpY2WgghFUMIIHDDCCBPSgAwIBAgITMwAAAZ8rRTUVCC5LXQABAAAB # nzANBgkqhkiG9w0BAQsFADB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGlu # Z3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBv # cmF0aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMDAe # Fw0yMTEyMDIxOTA1MjJaFw0yMzAyMjgxOTA1MjJaMIHKMQswCQYDVQQGEwJVUzET # MBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMV # TWljcm9zb2Z0IENvcnBvcmF0aW9uMSUwIwYDVQQLExxNaWNyb3NvZnQgQW1lcmlj # YSBPcGVyYXRpb25zMSYwJAYDVQQLEx1UaGFsZXMgVFNTIEVTTjo3QkYxLUUzRUEt # QjgwODElMCMGA1UEAxMcTWljcm9zb2Z0IFRpbWUtU3RhbXAgU2VydmljZTCCAiIw # DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKT1eXxNUbKJkC/Oby0Hh8s/TOcv # zzdgMgbTeOzX9bMJogJcOzSReUnf05RnB4EVr9XyXbuaUGPItkO1ODdbx1A5EO6d # +ftLNkSgWaVdpJhxCHIMxXmCHGLqWHzLc1XVM0cZgvNqhCa0F64VKUQf3CnqsL+x # ErsY+s6fXtcAbOj7/IXLsN9aAhDjdffm63bRNKFR5gOuzkY5Wkenui6pBhFOm76U # BoId+ry2v4sWojKOmS/HFvcdzHpWO17Q08foacgJPzg/FZgrt6hrkDFuxNSpZDKJ # a2sajJDJc/jIgp9NRg+2xMUKLXiK4k2vfJEaOjhTU4dlTbIaZZ4Kt1xwmCRvLqTY # 3kCFFi8oet48+HmhYdjTWDxNyTFXiHiKWiq9ppgaHccM9Y/DgqgrITLtAca5krWo # CSF5aIpfaoTR41Fa6aYIo+F1wXd1xWJUj1opeG3LjMzvq2xSNx0K2cblUgjp5Tp3 # NwvpgWnS8yXsk8jfL0ivH2wESJWZKKAzZMNlThFQhsUi0PrQMljM0fSsa7YO/f0/ # /Q7CjHfs/dl+8HmMB6DoH5IFIPRrCL5/rUkWtVz9Rnzdb7m2Aj/TFwsZYcE10SJt # IXU0V+tXQo8Ip+L2IPYGRCAxiLTYJjwTe6z5TJgDg0VhxYmmNpwEoAF4MF2RjUE9 # 8aDOyRoqEgaF2jH1AgMBAAGjggE2MIIBMjAdBgNVHQ4EFgQUYjTy1R4TFitIDi7o # 39lqx9YdyGEwHwYDVR0jBBgwFoAUn6cVXQBeYl2D9OXSZacbUzUZ6XIwXwYDVR0f # BFgwVjBUoFKgUIZOaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jcmwv # TWljcm9zb2Z0JTIwVGltZS1TdGFtcCUyMFBDQSUyMDIwMTAoMSkuY3JsMGwGCCsG # AQUFBwEBBGAwXjBcBggrBgEFBQcwAoZQaHR0cDovL3d3dy5taWNyb3NvZnQuY29t # L3BraW9wcy9jZXJ0cy9NaWNyb3NvZnQlMjBUaW1lLVN0YW1wJTIwUENBJTIwMjAx # MCgxKS5jcnQwDAYDVR0TAQH/BAIwADATBgNVHSUEDDAKBggrBgEFBQcDCDANBgkq # hkiG9w0BAQsFAAOCAgEAHYooKTw76Rnz6b1s9dAgCaj7rFsoNoqQxHf/zYDxdUAx # r1Gki1gmR2S1r4LpkhUGxkQBEmQqdalgmKLIYFXc+Y+ggw/nMVuvQFgsyiUMlky0 # fcyJ9UEP02Sdg0qD4ZtbJoA+zxVnpQPcJHOOhVnY9sdEf5Q6XZhz9ybUhHcGW+OV # w3DKSnMEZSd0BF5+7ON9FJ8H50HOaUVj50wTz4nc6+94ytohzOdKuWvjoZcyhYYm # 3SEEk1/gbklmrJd7yfzPbJHmmgva6IxHOohdfWvAIheFws8WBIo3+8nGvEeIX0HJ # WKi5/iMJwPw7aY73i2gJKosRG6h1J711DuqspUGicOhhYDH5bRcYBfapqhmaoS6f # tBvyGfI3JWsnYLZ9nABjbKJfdkyAsZSukNGglZ0/61zlJLopnV/DKEv8oCCOI0+9 # QGK7s8XgsfHlNEVTsdle+ClkOfnGS2RdmJ0DhLbo1mwxLKDHRHWddXfJtjcl2U19 # ERO3pIh9B0LFFflhRsjk12+5UyLLmgHduV+E+A0nKjSp2aQcoTak3hzyLD1KtqOd # ZwzRtQTGsOQ2pzBqrXUPPBzSUMZfXiCeMZFuCGXocuwPuPHHT5u7Mkcpk/MZ1Msw # UqhJ0l5XilT+3d09t1TbUdLrQTHYinZN0Z+C1L087NVpMDhS5y6SVuNmRCKF+DYw # ggdxMIIFWaADAgECAhMzAAAAFcXna54Cm0mZAAAAAAAVMA0GCSqGSIb3DQEBCwUA # MIGIMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMH # UmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMTIwMAYDVQQD # EylNaWNyb3NvZnQgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgMjAxMDAeFw0y # MTA5MzAxODIyMjVaFw0zMDA5MzAxODMyMjVaMHwxCzAJBgNVBAYTAlVTMRMwEQYD # VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMTHU1pY3Jvc29mdCBUaW1lLVN0YW1w # IFBDQSAyMDEwMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA5OGmTOe0 # ciELeaLL1yR5vQ7VgtP97pwHB9KpbE51yMo1V/YBf2xK4OK9uT4XYDP/XE/HZveV # U3Fa4n5KWv64NmeFRiMMtY0Tz3cywBAY6GB9alKDRLemjkZrBxTzxXb1hlDcwUTI # cVxRMTegCjhuje3XD9gmU3w5YQJ6xKr9cmmvHaus9ja+NSZk2pg7uhp7M62AW36M # EBydUv626GIl3GoPz130/o5Tz9bshVZN7928jaTjkY+yOSxRnOlwaQ3KNi1wjjHI # NSi947SHJMPgyY9+tVSP3PoFVZhtaDuaRr3tpK56KTesy+uDRedGbsoy1cCGMFxP # LOJiss254o2I5JasAUq7vnGpF1tnYN74kpEeHT39IM9zfUGaRnXNxF803RKJ1v2l # IH1+/NmeRd+2ci/bfV+AutuqfjbsNkz2K26oElHovwUDo9Fzpk03dJQcNIIP8BDy # t0cY7afomXw/TNuvXsLz1dhzPUNOwTM5TI4CvEJoLhDqhFFG4tG9ahhaYQFzymei # XtcodgLiMxhy16cg8ML6EgrXY28MyTZki1ugpoMhXV8wdJGUlNi5UPkLiWHzNgY1 # GIRH29wb0f2y1BzFa/ZcUlFdEtsluq9QBXpsxREdcu+N+VLEhReTwDwV2xo3xwgV # GD94q0W29R6HXtqPnhZyacaue7e3PmriLq0CAwEAAaOCAd0wggHZMBIGCSsGAQQB # gjcVAQQFAgMBAAEwIwYJKwYBBAGCNxUCBBYEFCqnUv5kxJq+gpE8RjUpzxD/LwTu # MB0GA1UdDgQWBBSfpxVdAF5iXYP05dJlpxtTNRnpcjBcBgNVHSAEVTBTMFEGDCsG # AQQBgjdMg30BATBBMD8GCCsGAQUFBwIBFjNodHRwOi8vd3d3Lm1pY3Jvc29mdC5j # b20vcGtpb3BzL0RvY3MvUmVwb3NpdG9yeS5odG0wEwYDVR0lBAwwCgYIKwYBBQUH # AwgwGQYJKwYBBAGCNxQCBAweCgBTAHUAYgBDAEEwCwYDVR0PBAQDAgGGMA8GA1Ud # EwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAU1fZWy4/oolxiaNE9lJBb186aGMQwVgYD # VR0fBE8wTTBLoEmgR4ZFaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9jcmwv # cHJvZHVjdHMvTWljUm9vQ2VyQXV0XzIwMTAtMDYtMjMuY3JsMFoGCCsGAQUFBwEB # BE4wTDBKBggrBgEFBQcwAoY+aHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9j # ZXJ0cy9NaWNSb29DZXJBdXRfMjAxMC0wNi0yMy5jcnQwDQYJKoZIhvcNAQELBQAD # ggIBAJ1VffwqreEsH2cBMSRb4Z5yS/ypb+pcFLY+TkdkeLEGk5c9MTO1OdfCcTY/ # 2mRsfNB1OW27DzHkwo/7bNGhlBgi7ulmZzpTTd2YurYeeNg2LpypglYAA7AFvono # aeC6Ce5732pvvinLbtg/SHUB2RjebYIM9W0jVOR4U3UkV7ndn/OOPcbzaN9l9qRW # qveVtihVJ9AkvUCgvxm2EhIRXT0n4ECWOKz3+SmJw7wXsFSFQrP8DJ6LGYnn8Atq # gcKBGUIZUnWKNsIdw2FzLixre24/LAl4FOmRsqlb30mjdAy87JGA0j3mSj5mO0+7 # hvoyGtmW9I/2kQH2zsZ0/fZMcm8Qq3UwxTSwethQ/gpY3UA8x1RtnWN0SCyxTkct # wRQEcb9k+SS+c23Kjgm9swFXSVRk2XPXfx5bRAGOWhmRaw2fpCjcZxkoJLo4S5pu # +yFUa2pFEUep8beuyOiJXk+d0tBMdrVXVAmxaQFEfnyhYWxz/gq77EFmPWn9y8FB # SX5+k77L+DvktxW/tM4+pTFRhLy/AsGConsXHRWJjXD+57XQKBqJC4822rpM+Zv/ # Cuk0+CQ1ZyvgDbjmjJnW4SLq8CdCPSWU5nR0W2rRnj7tfqAxM328y+l7vzhwRNGQ # 8cirOoo6CGJ/2XBjU02N7oJtpQUQwXEGahC0HVUzWLOhcGbyoYICyzCCAjQCAQEw # gfihgdCkgc0wgcoxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAw # DgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24x # JTAjBgNVBAsTHE1pY3Jvc29mdCBBbWVyaWNhIE9wZXJhdGlvbnMxJjAkBgNVBAsT # HVRoYWxlcyBUU1MgRVNOOjdCRjEtRTNFQS1CODA4MSUwIwYDVQQDExxNaWNyb3Nv # ZnQgVGltZS1TdGFtcCBTZXJ2aWNloiMKAQEwBwYFKw4DAhoDFQB0Xa6YH/LLDEUs # VMLysn0W/1z2t6CBgzCBgKR+MHwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNo # aW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29y # cG9yYXRpb24xJjAkBgNVBAMTHU1pY3Jvc29mdCBUaW1lLVN0YW1wIFBDQSAyMDEw # MA0GCSqGSIb3DQEBBQUAAgUA5bU8GDAiGA8yMDIyMDIxNTA0Mzc0NFoYDzIwMjIw # MjE2MDQzNzQ0WjB0MDoGCisGAQQBhFkKBAExLDAqMAoCBQDltTwYAgEAMAcCAQAC # AhOwMAcCAQACAhJQMAoCBQDlto2YAgEAMDYGCisGAQQBhFkKBAIxKDAmMAwGCisG # AQQBhFkKAwKgCjAIAgEAAgMHoSChCjAIAgEAAgMBhqAwDQYJKoZIhvcNAQEFBQAD # gYEAVAUP0vig5TW5HxmvbI6ML4tpuzn6+l5aMRm5YCc6Qzx+v7+sK92Oqk5RmYa1 # jRe+Ptdl+ujF0pVNNOAS2/jbp7LutZ161nF93HBQa8S5deD+ZxfG9FdVvKMZUzMq # g6CRObNiab+w4xfM9BSL5Ehztrx7K6qNCfyt3L0IhOqc++oxggQNMIIECQIBATCB # kzB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMH # UmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSYwJAYDVQQD # Ex1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMAITMwAAAZ8rRTUVCC5LXQAB # AAABnzANBglghkgBZQMEAgEFAKCCAUowGgYJKoZIhvcNAQkDMQ0GCyqGSIb3DQEJ # EAEEMC8GCSqGSIb3DQEJBDEiBCD9qxeTd+fs9mjJIYLBrajwCm5tcVBslyVfQuIy # bcQAqjCB+gYLKoZIhvcNAQkQAi8xgeowgecwgeQwgb0EIIbxXimiJ4mepedXPA1R # 6N4qAsl8Qfs/6OynLDdLfFzaMIGYMIGApH4wfDELMAkGA1UEBhMCVVMxEzARBgNV # BAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jv # c29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAg # UENBIDIwMTACEzMAAAGfK0U1FQguS10AAQAAAZ8wIgQgRFlWdrg7Cs3YoSLvolLr # nZ3HHy9WhFbskfkmLzlZJeYwDQYJKoZIhvcNAQELBQAEggIADC1DIoUwsQbDFbBy # IM3/RwENN+GpmiQbHQZI1jRrwWvtHTa/SrG5YmM5HMt1kPMYKrDnvDjSIUpYFnp4 # AxoAfcz+rocrdO+VU/ETMizlE0va4RMdbLKscoPWLt/Oser2K0IxeAr4h/2Brc3e # XMp7MszXX2wJGDz+GH31MsQkBWGOfrX+2dHluluK3ueD7E8OVWbSB6LIYbrrLUWN # oLVVZAiZwU2onkiy8IaWokHlHHgQWndL92AVjSwRW9//9HxwsHtFAYMYGQwBVBqQ # dgG2TtdQAqww4XR3BI65PYXYkFGurOX1gD7Ap7UP7nKKXKGZc4zyNpIRPr7L3NVC # sJS6mGN8BUl8l9E7Mfk7TawXDHzRy7MQ3rg0KFow6rq6OG6c94vDgzXMRxEIhlXE # keExr42wgylRaIkj/gZSIIUEDbfJfx4g65w5KO9UdT2ELOd9U5ezK6JUqgp2Nj2k # c/FcEtqrDmP3AcNlGLjYzrk/tGGj3GkBlPZYsW71bEOx+5s2y7yY6Z8zOo2IdJgK # Fer6EkFkXpYqBifYwQCtsFIeR1jM05fAMyxr9zzR+ZI8kMmlch43/R7XiglOkyfn # o0TZ4maYLwoFJ4itnGiZ/ocws1Wjd/y06N0Tir32ZOh0r0lPIimwrYZu0frgXIZz # pQxyquqdm8rtJ+SKAx4rvxs7fS0= # SIG # End signature block |