Framework/Helpers/Constants.ps1
Set-StrictMode -Version Latest class Constants { #All constant used across all modules Defined Here. static [string] $DoubleDashLine = "================================================================================" static [string] $HashLine = "################################################################################" static [string] $GTLine = ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>" static [string] $SingleDashLine = "--------------------------------------------------------------------------------" static [string] $UnderScoreLineLine= "________________________________________________________________________________" static [string] $RemediationMsg = "** Next steps **`r`n" + "Look at the individual control evaluation status in the CSV file.`r`n" + " a) If the control has passed, no action is necessary.`r`n" + " b) If the control has failed, look at the control evaluation detail in the LOG file to understand why.`r`n" + " c) If the control status says 'Verify', it means that human judgement is required to determine the final control status. Look at the control evaluation output in the LOG file to make a determination.`r`n" + " d) If the control status says 'Manual', it means that AzSK.ADO (currently) does not cover the control via automation OR AzSK.ADO is not able to fetch the data. You need to manually implement/verify it.`r`n" + "`r`nNote: The 'Recommendation' column in the CSV file provides basic (generic) guidance that can help you fix a failed control. You can also use standard ADO product documentation. You should carefully consider the implications of making the required change in the context of your application. `r`n" static [string] $BugLogMsg="** Bugs have been logged as per below: ** `r`n"+ " a) New bugs have been logged for fresh control failures.`r`n"+ " b) For control failures for which bugs were already present, the respective bugs have been marked 'Active' `r`n" static [string] $CentralCAMsg="** Next steps **`r`n" + "Provide 'Get,List' permissions on key vault to user assigned managed identity using any one of below ways:`r`n" + " a) Go to key vault resource -> Access policies -> Add access policy -> Enter client Id of the identity -> Provide Get,list permissions on secret -> Save`r`n"+ " b) Run command: Set-AzKeyVaultAccessPolicy -VaultName <KeyVaultName> -ObjectId <ObjectId of Identity> -PermissionsToSecrets Get,List `r`n" static [string] $RemediationMsgForARMChekcer = "** Next steps **`r`n" + "Look at the individual control evaluation status in the CSV file.`r`n" + " a) If the control has passed, no action is necessary.`r`n" + " b) If the control has failed, look at the control evaluation detail in the CSV file (LineNumber, ExpectedValue, CurrentValue, etc.) and fix the issue.`r`n" + " c) If the control status says 'Skipped', it means that you have chosen to skip certain controls using the '-SkipControlsFromFile' parameter.`r`n" static [string] $DefaultInfoCmdMsg = "This command provides overall information about different components of the AzSK.ADO which includes organization information, security controls information, attestation information, host information. 'Get-AzSKADOInfo' command can be used with 'InfoType' parameter to fetch information.`r`n" + "`r`nFollowing InfoType parameter values are currently supported by Get-AzSKADOInfo cmdlet.`r`n" + "`tOrganizationInfo : To get version details about different component of AzSK.ADO configured in organization.`r`n" + "`tControlInfo : To get baseline, severity, description, rationale etc information about security controls.`r`n" + "`tAttestationInfo : To get statistics, attestation justification, expiry etc information about controls attestation.`r`n" + "`tHostInfo : To get information about machine details.`r`n" + "`r`n`r`nExamples:`r`n" + "`tGet-AzSKADOInfo -InfoType OrganizationInfo -OrganizationName <YourOrganizationName> `r`n" + "`tGet-AzSKADOInfo -InfoType ControlInfo -ResourceTypeName All -UseBaselineControls `r`n" + "`tGet-AzSKADOInfo -InfoType AttestationInfo -OrganizationName <YourOrganizationName> -ResourceTypeName All -UseBaselineControls `r`n" + "`tGet-AzSKADOInfo -InfoType HostInfo `r`n"; static [string] $DefaultControlInfoCmdMsg = "Run 'Get-AzSKADOInfo' command with below combination of parameter to get information about Azure services security control(s).`r`n`r`n" + " All controls : Get-AzSKADOInfo -InfoType ControlInfo `r`n" + " Baseline controls information : Get-AzSKADOInfo -InfoType ControlInfo -UseBaselineControls `r`n" + " Controls for specific resource type : Get-AzSKADOInfo -InfoType ControlInfo -ResourceTypeName AppService `r`n" + " Controls with specific severity : Get-AzSKADOInfo -InfoType ControlInfo -ControlSeverity 'High' `r`n" + " Controls with specific tag(s) : Get-AzSKADOInfo -InfoType ControlInfo -FilterTags 'Automated, FunctionApp' `r`n" + " Controls with specific keyword : Get-AzSKADOInfo -InfoType ControlInfo -ControlIdContains 'AppService_AuthZ_' `r`n" + " Control(s) with specific controlId(s) : Get-AzSKADOInfo -InfoType ControlInfo -ResourceTypeName AppService -ControlIds 'Azure_AppService_AuthZ_Grant_Min_RBAC_Access, Azure_AppService_DP_Use_CNAME_With_SSL' `r`n" + " Get information on PS console : Use any of above command with additional -Verbose argument`r`n"; static [string] $OfflineModeWarning = "Running in offline policy mode. Commands will run using local policy files..." #Constants for AzSKConfig static [string] $AzSKADORGName = "ADOScannerRG" static [string] $AzSKADORGLocation = "eastus2" static [string] $SupportDL = "AzSKADOSup@microsoft.com" #Constants for SVTs static [string] $ParentFolder = "Org_" static [string] $ModuleStartHeading = [Constants]::DoubleDashLine + "`r`nStarting analysis: [FeatureName: {0}] [ParentGroupName: {1}] [ResourceName: {2}] `r`n" + [Constants]::SingleDashLine static [string] $ModuleStartHeadingSub = [Constants]::DoubleDashLine + "`r`nStarting analysis: [FeatureName: {0}] [OrgName: {1}] [OrgId: {2}] `r`n" + [Constants]::SingleDashLine static [string] $AnalysingControlHeading = "Checking: [{0}]-[{1}]" static [string] $AnalysingControlHeadingSub = "Checking: [{0}]-[{1}]" static [string] $CompletedAnalysis = [Constants]::SingleDashLine + "`r`nCompleted analysis: [FeatureName: {0}] [ParentGroupName: {1}] [ResourceName: {2}] `r`n" + [Constants]::DoubleDashLine static [string] $CompletedAnalysisSub = [Constants]::SingleDashLine + "`r`nCompleted analysis: [FeatureName: {0}] [OrgName: {1}] [OrgId: {2}] `r`n" + [Constants]::DoubleDashLine static [string] $PIMAPIUri="https://api.azrbac.mspim.azure.com/api/v2/privilegedAccess/azureResources/resources"; static [string] $BaselineConfigurationMsg = [Constants]::HashLine + "`r`nControl status evaluated to be failing. Attempting fix for resource {0} `r`n" + [Constants]::HashLine static [string] $BaselineConfigurationErrorMsgOrg = "The organization seems to be an operationally working environment. Hence, stopping baseline configurations. If you think this is a new ADO organization or you still wish to configure baseline settings use the '-force' switch with the command. `n" static [string] $BaselineConfigurationErrorMsgProj = "The project {0} seems to be an operationally working project. Hence, skipping baseline configurations for this project. If you think this is a new ADO project or you still wish to configure baseline settings use the '-force' switch with the command. `n" #Constants for Attestation static [string] $ModuleAttestStartHeading = [Constants]::DoubleDashLine + "`r`nInfo: Starting attestation [{3}/{4}]- [FeatureName: {0}] [ParentGroupName: {1}] [ResourceName: {2}] `r`n" + [Constants]::SingleDashLine static [string] $ModuleAttestStartHeadingSub = [Constants]::DoubleDashLine + "`r`nInfo: Starting attestation - [FeatureName: {0}] [OrgName: {1}] [OrgId: {2}] `r`n" + [Constants]::SingleDashLine static [string] $CompletedAttestAnalysis = [Constants]::SingleDashLine + "`r`nCompleted attestation: [FeatureName: {0}] [ParentGroupName: {1}] [ResourceName: {2}] `r`n" + [Constants]::DoubleDashLine static [string] $CompletedAttestAnalysisSub = [Constants]::SingleDashLine + "`r`nCompleted attestation: [FeatureName: {0}] [OrgName: {1}] [OrgId: {2}] `r`n" + [Constants]::DoubleDashLine static [System.Version] $AzSKCurrentModuleVersion=[System.Version]::new() static [string] $AzSKModuleName = "AzSK.ADO"; static [string] $AttestationDataContainerName = "attestation-data" static [string] $CAMultiSubScanConfigContainerName = "ca-multisubscan-config" static [string] $CAScanProgressSnapshotsContainerName = "ado-scan-checkpoints" static [string] $CAScanLogsContainerName = "ado-scan-logs" static [string] $ResourceScanTrackerBlobName = "ResourceScanTracker.json" static [string] $ResourceScanTrackerCMBlobName = "ResourceScanTracker_CentralMode.json" static [string] $IncrementalScanTimeStampFile = "IncrementalScanTimestamp.json" static [string] $BatchScanTrackerBlobName = "BatchScanTracker.json" static [hashtable] $AttestationStatusHashMap = @{ [AttestationStatus]::NotAnIssue ="1"; [AttestationStatus]::WillNotFix ="2"; [AttestationStatus]::WillFixLater ="3"; [AttestationStatus]::ApprovedException ="4"; [AttestationStatus]::NotApplicable ="5"; [AttestationStatus]::StateConfirmed ="6"; } #This is the number of hex-chars used for attestation hash index entries (and file names). static [int] $AttestationHashLen = 12; #This is the length of tag for auto-logged bugs (used to search if a bug exists for a given (resourceId,controlId) pair) static [int] $AutoBugLogTagLen = 12; #Ext Storage static [string] $StorageUri = "https://extmgmt.dev.azure.com/{0}/_apis/extensionmanagement/installedextensions/azsdktm/ADOSecurityScanner/Data/Scopes/Default/Current/Collections/{1}/Documents/{2}?api-version=6.0-preview.1" static [string] $AttRepoStorageUri = "https://dev.azure.com/{0}/{1}/_apis/git/repositories/{2}/pushes?api-version=6.0" static [string] $GetAttRepoStorageUri = "https://dev.azure.com/{0}/{1}/_apis/git/repositories/{2}/Items?path=%2F{3}&recursionLevel=0&includeContentMetadata=true&versionDescriptor.version={4}&versionDescriptor.versionOptions=0&versionDescriptor.versionType=0&includeContent=true&resolveLfs=true&api-version=6.0" static [string] $AutoUpdateMessage = "Auto-update for AzSK.ADO is currently not enabled for your machine." static [string] $AttestationRepo = "ADOScannerAttestation"; static [string] $AttestationDefaultBranch = "master"; static [string] $OrgPolicyRepo = "ADOScannerPolicy"; static [string] $OrgPolicyDefaultBranch = "master"; static [string] $OrgPolicyRepoCSEO = "RM-ESP-EEE-ADOScannerPolicy"; static [string] $CSEOOrg = "MicrosoftIT"; static [string] $OrgAttPrjExtFile = "Org_Config"; static [string] $ModuleAutoUpdateAvailableMsg = "A new version of AzSK.ADO is available. Starting the auto-update workflow...`nTo prepare for auto-update, please:`n`t a) Save your work from all active PS sessions including the current one and`n`t b) Close all PS sessions other than the current one. "; static [string] $AttestedControlsScanMsg = "You are almost done...we will perform a quick scan of controls attested within the last 24 hrs so that the backend will get the latest control status." static [string] $LongRunningScanStopMsg = "`nThe set of parameters provided would result in scanning a large number of objects (> {0}). `nIf this is not what you intended, use a parameter set that would narrow down your target set. `nIf you would still like to scan all objects, rerun this command with the '-AllowLongRunningScan' switch."; static [string] $LongRunningScanStopByPolicyMsg = "`nScans involving larger number of project components is prohibited in your project by project administrator. `nContact project administrator to allow long running scan by setting flag 'IsAllowLongRunningScan' true."; static [string] $StorageAccountPreName= "azsk" static [string] $AzSKAppFolderPath = [Environment]::GetFolderPath('LocalApplicationData') + "/Microsoft/" + [Constants]::AzSKModuleName static [string] $AzSKLogFolderPath = [Environment]::GetFolderPath('LocalApplicationData') + "/Microsoft/" static [string] $AzSKTempFolderPath = [Environment]::GetFolderPath('LocalApplicationData') + "/Temp" + "/" + [Constants]::AzSKModuleName + "/" static [string] $AzSKExtensionsFolderPath = [Environment]::GetFolderPath('LocalApplicationData') + "/Microsoft/" + [Constants]::AzSKModuleName + "/Extensions" static [string] $ARMManagementUri = "https://management.azure.com/"; static [string] $VersionCheckMessage = "A newer version of AzSK.ADO is available: Version {0} `r`nTo update, run the command below in a fresh PS window:`r`n" ; static [string] $VersionWarningMessage = ("Using the latest version ensures that AzSK.ADO security commands you run use the latest, most up-to-date controls. `r`nResults from the current version should not be considered towards compliance requirements.`r`n" + [Constants]::DoubleDashLine); static [string] $UsageTelemetryKey = "59545085-0620-4106-a7bb-13ee2f5eb7a0"; static [string] $LAWSRequestURI = "https://management.azure.com/{0}?api-version=2015-03-20"; static [string] $NewStorageSku = "Standard_LRS"; static [string] $NewStorageKind = "BlobStorage"; static [string] $ARMControlsFileURI = "https://azsdkossepstaging.azureedge.net/1.0.0/ARMControls.json"; static [string] $RecommendationURI = "https://azsdkossep.azureedge.net/recmnds/r.json "; static [string] $AttestationReadMsg = "`r`nControl results may not reflect attestation if you do not have permissions to read attestation data from " static [string] $graphWarningMessage = "`nWarning: Control is evaluated using an identity without Graph access. Control results may be inaccurate." #V1 alert RG name constant is temporary and added for backward compatibility static [string] $AlertActionGroupName = "AzSKAlertActionGroup" static [string] $CriticalAlertActionGroupName = "AzSKCriticalAlertActionGroup" static [string] $ResourceDeploymentActionGroupName = "ResourceDeploymentActionGroup" # Append recommendation when control require elevated permission static [string] $RequireOwnerPermMessage = "(The status for this control has been marked as 'Manual' because elevated (Co-Admin/Owner/Contributor) permission is required to check security configuration for this resource. You can re-run the control with the appropriate privilege.) " static [string] $OwnerAccessTagName = "OwnerAccess" static [string] $BlankSubscriptionId = "00000000-0000-0000-0000-000000000000" static [string] $BlankSubscriptionName = "DevOpsKitForX" static [string] $BlankScope = "/subscriptions/00000000-0000-0000-0000-000000000000"; static [string] $DefaultAzureEnvironment = "AzureCloud"; static [string] $NoActionRequiredMessage ="No Action Required" static [int] $DefaultControlExpiryInDays = 90 static [int] $PartialScanMaxRetryCount = 3 static [string] $CommandNameChangeWarning = "The command {0} shall be renamed to {1} in a future release ('SDK' shall be replaced with 'SK')."; static [string] $MultipleModulesWarning = "Found multiple modules ({0} and {1}) loaded in the PS session.`r`n"+ "Stopping cmdlet execution.`r`n"+ "Recommendation: Please start a fresh PS session and run 'Import-Module {2}' first to avoid getting into this situation.`r`n" #Constants for Org Policy static [string] $OrgPolicyTagPrefix = "AzSKOrgName_" static [int] $SASTokenExpiryReminderInDays = 30 static [string] $InstallOrgPolicyInstructionMsg = "This command will perform 4 important operations. It will:`r`n" + " [1] Create resources needed to support org policy `r`n" + " [2] Upload (default/base) policies to the policy server `r`n" + " [3] Generate an org-specific installer ('iwr' command) for your org `r`n" + " [4] Create a monitoring dashboard for AzSK.ADO setup/operational health across your org `r`n" static [string] $UpdateOrgPolicyInstructionMsg = "This command will perform 2 important operations. It will:`r`n" + " [1] Upload policies to the policy server `r`n" + " [2] Generate an org-specific installer ('iwr' command) for your org `r`n" # Local Subscription Report Constants #static [string] $ComplianceReportContainerName = "compliance-state" static [string] $ComplianceReportTableName = "ComplianceState" static [DateTime] $AzSKDefaultDateTime = '1900-01-01T00:00:00' static [int] $ControlResultComplianceInDays = 3 static [string] $ComplianceReportPath = [Constants]::AzSKAppFolderPath + "\TempState\ComplianceData" static [string] $ServerConfigMetadataFileName = "ServerConfigMetadata.json" static [int] $RefreshTokenExpiresInDays = 30 #Constants for ADO static [string] $DefaultClientId = "872cd9fa-d31f-45e0-9eab-6e460a02d1f1" static [string] $DefaultReplyUri = "urn:ietf:wg:oauth:2.0:oob" static [string] $DefaultADOResourceId = "499b84ac-1321-427f-aa17-267ca6975798" #Constants for Debug mode static [bool] $AzSKDebugModeOn = $false static [void] SetAzSKModuleName($moduleName) { if(-not [string]::IsNullOrWhiteSpace($moduleName)) { [Constants]::AzSKModuleName = $moduleName.Replace("azsk","AzSK"); [Constants]::AzSKAppFolderPath = Join-Path $([Environment]::GetFolderPath('LocalApplicationData')) -ChildPath "Microsoft" |Join-Path -ChildPath $([Constants]::AzSKModuleName) [Constants]::AzSKLogFolderPath = Join-Path $([Environment]::GetFolderPath('LocalApplicationData')) "Microsoft" [Constants]::AzSKTempFolderPath = Join-Path $([Environment]::GetFolderPath('LocalApplicationData')) -ChildPath "Temp" |Join-Path -ChildPath $([Constants]::AzSKModuleName) [Constants]::AzSKExtensionsFolderPath = Join-Path $([Environment]::GetFolderPath('LocalApplicationData')) -ChildPath "Microsoft" |Join-Path -ChildPath $([Constants]::AzSKModuleName) |Join-Path -ChildPath "Extensions" } } static [void] SetAzSKCurrentModuleVersion($moduleVersion) { if(-not [string]::IsNullOrWhiteSpace($moduleVersion)) { [Constants]::AzSKCurrentModuleVersion = $moduleVersion; } } static [void] SetAzSKCurrentEnvironmentMode($moduleVersion) { #1.0.0.0 is hard-coded version for Dev-Test , which means kit is running in Debug mode if(-not [string]::IsNullOrWhiteSpace($moduleVersion) -and ($moduleVersion -eq "1.0.0.0")) { [Constants]::AzSKDebugModeOn = $true; } } # LogAnalytics view file name static [string] $LogAnalyticsGenericView = "AZSK.AM.LogAnalytics.GenericView.V6.lawsview" static [string] $LogAnalyticsGenericViewWorkbook = "ADOScannerLAWorkbook.json" static [string] $WorkbookData = "WorkbookSerializedData.json" #constants for cloudmine (CM) controls static [object] $OrgsSupportingCMControls = @("MicrosoftIT") static [string] $ResourceActivityDetailsTable = "ResourceActivity" static [string] $CMErrorMessage = "Data for the given organization and project does not exist in the storage." } # SIG # Begin signature block # MIIjkgYJKoZIhvcNAQcCoIIjgzCCI38CAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCCUAh089o2KJcb6 # jRdlvl0LC+yPieJwbB6XCtkLSEJ1w6CCDYEwggX/MIID56ADAgECAhMzAAACUosz # qviV8znbAAAAAAJSMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMRMwEQYD # VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNpZ25p # bmcgUENBIDIwMTEwHhcNMjEwOTAyMTgzMjU5WhcNMjIwOTAxMTgzMjU5WjB0MQsw # CQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9u # ZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYDVQQDExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB # AQDQ5M+Ps/X7BNuv5B/0I6uoDwj0NJOo1KrVQqO7ggRXccklyTrWL4xMShjIou2I # sbYnF67wXzVAq5Om4oe+LfzSDOzjcb6ms00gBo0OQaqwQ1BijyJ7NvDf80I1fW9O # L76Kt0Wpc2zrGhzcHdb7upPrvxvSNNUvxK3sgw7YTt31410vpEp8yfBEl/hd8ZzA # v47DCgJ5j1zm295s1RVZHNp6MoiQFVOECm4AwK2l28i+YER1JO4IplTH44uvzX9o # RnJHaMvWzZEpozPy4jNO2DDqbcNs4zh7AWMhE1PWFVA+CHI/En5nASvCvLmuR/t8 # q4bc8XR8QIZJQSp+2U6m2ldNAgMBAAGjggF+MIIBejAfBgNVHSUEGDAWBgorBgEE # AYI3TAgBBggrBgEFBQcDAzAdBgNVHQ4EFgQUNZJaEUGL2Guwt7ZOAu4efEYXedEw # UAYDVR0RBEkwR6RFMEMxKTAnBgNVBAsTIE1pY3Jvc29mdCBPcGVyYXRpb25zIFB1 # ZXJ0byBSaWNvMRYwFAYDVQQFEw0yMzAwMTIrNDY3NTk3MB8GA1UdIwQYMBaAFEhu # ZOVQBdOCqhc3NyK1bajKdQKVMFQGA1UdHwRNMEswSaBHoEWGQ2h0dHA6Ly93d3cu # bWljcm9zb2Z0LmNvbS9wa2lvcHMvY3JsL01pY0NvZFNpZ1BDQTIwMTFfMjAxMS0w # Ny0wOC5jcmwwYQYIKwYBBQUHAQEEVTBTMFEGCCsGAQUFBzAChkVodHRwOi8vd3d3 # Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NlcnRzL01pY0NvZFNpZ1BDQTIwMTFfMjAx # MS0wNy0wOC5jcnQwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQsFAAOCAgEAFkk3 # uSxkTEBh1NtAl7BivIEsAWdgX1qZ+EdZMYbQKasY6IhSLXRMxF1B3OKdR9K/kccp # kvNcGl8D7YyYS4mhCUMBR+VLrg3f8PUj38A9V5aiY2/Jok7WZFOAmjPRNNGnyeg7 # l0lTiThFqE+2aOs6+heegqAdelGgNJKRHLWRuhGKuLIw5lkgx9Ky+QvZrn/Ddi8u # TIgWKp+MGG8xY6PBvvjgt9jQShlnPrZ3UY8Bvwy6rynhXBaV0V0TTL0gEx7eh/K1 # o8Miaru6s/7FyqOLeUS4vTHh9TgBL5DtxCYurXbSBVtL1Fj44+Od/6cmC9mmvrti # yG709Y3Rd3YdJj2f3GJq7Y7KdWq0QYhatKhBeg4fxjhg0yut2g6aM1mxjNPrE48z # 6HWCNGu9gMK5ZudldRw4a45Z06Aoktof0CqOyTErvq0YjoE4Xpa0+87T/PVUXNqf # 7Y+qSU7+9LtLQuMYR4w3cSPjuNusvLf9gBnch5RqM7kaDtYWDgLyB42EfsxeMqwK # WwA+TVi0HrWRqfSx2olbE56hJcEkMjOSKz3sRuupFCX3UroyYf52L+2iVTrda8XW # esPG62Mnn3T8AuLfzeJFuAbfOSERx7IFZO92UPoXE1uEjL5skl1yTZB3MubgOA4F # 8KoRNhviFAEST+nG8c8uIsbZeb08SeYQMqjVEmkwggd6MIIFYqADAgECAgphDpDS # AAAAAAADMA0GCSqGSIb3DQEBCwUAMIGIMQswCQYDVQQGEwJVUzETMBEGA1UECBMK # V2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0 # IENvcnBvcmF0aW9uMTIwMAYDVQQDEylNaWNyb3NvZnQgUm9vdCBDZXJ0aWZpY2F0 # ZSBBdXRob3JpdHkgMjAxMTAeFw0xMTA3MDgyMDU5MDlaFw0yNjA3MDgyMTA5MDla # MH4xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdS # ZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMT # H01pY3Jvc29mdCBDb2RlIFNpZ25pbmcgUENBIDIwMTEwggIiMA0GCSqGSIb3DQEB # AQUAA4ICDwAwggIKAoICAQCr8PpyEBwurdhuqoIQTTS68rZYIZ9CGypr6VpQqrgG # OBoESbp/wwwe3TdrxhLYC/A4wpkGsMg51QEUMULTiQ15ZId+lGAkbK+eSZzpaF7S # 35tTsgosw6/ZqSuuegmv15ZZymAaBelmdugyUiYSL+erCFDPs0S3XdjELgN1q2jz # y23zOlyhFvRGuuA4ZKxuZDV4pqBjDy3TQJP4494HDdVceaVJKecNvqATd76UPe/7 # 4ytaEB9NViiienLgEjq3SV7Y7e1DkYPZe7J7hhvZPrGMXeiJT4Qa8qEvWeSQOy2u # M1jFtz7+MtOzAz2xsq+SOH7SnYAs9U5WkSE1JcM5bmR/U7qcD60ZI4TL9LoDho33 # X/DQUr+MlIe8wCF0JV8YKLbMJyg4JZg5SjbPfLGSrhwjp6lm7GEfauEoSZ1fiOIl # XdMhSz5SxLVXPyQD8NF6Wy/VI+NwXQ9RRnez+ADhvKwCgl/bwBWzvRvUVUvnOaEP # 6SNJvBi4RHxF5MHDcnrgcuck379GmcXvwhxX24ON7E1JMKerjt/sW5+v/N2wZuLB # l4F77dbtS+dJKacTKKanfWeA5opieF+yL4TXV5xcv3coKPHtbcMojyyPQDdPweGF # RInECUzF1KVDL3SV9274eCBYLBNdYJWaPk8zhNqwiBfenk70lrC8RqBsmNLg1oiM # CwIDAQABo4IB7TCCAekwEAYJKwYBBAGCNxUBBAMCAQAwHQYDVR0OBBYEFEhuZOVQ # BdOCqhc3NyK1bajKdQKVMBkGCSsGAQQBgjcUAgQMHgoAUwB1AGIAQwBBMAsGA1Ud # DwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFHItOgIxkEO5FAVO # 4eqnxzHRI4k0MFoGA1UdHwRTMFEwT6BNoEuGSWh0dHA6Ly9jcmwubWljcm9zb2Z0 # LmNvbS9wa2kvY3JsL3Byb2R1Y3RzL01pY1Jvb0NlckF1dDIwMTFfMjAxMV8wM18y # Mi5jcmwwXgYIKwYBBQUHAQEEUjBQME4GCCsGAQUFBzAChkJodHRwOi8vd3d3Lm1p # Y3Jvc29mdC5jb20vcGtpL2NlcnRzL01pY1Jvb0NlckF1dDIwMTFfMjAxMV8wM18y # Mi5jcnQwgZ8GA1UdIASBlzCBlDCBkQYJKwYBBAGCNy4DMIGDMD8GCCsGAQUFBwIB # FjNodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2RvY3MvcHJpbWFyeWNw # cy5odG0wQAYIKwYBBQUHAgIwNB4yIB0ATABlAGcAYQBsAF8AcABvAGwAaQBjAHkA # XwBzAHQAYQB0AGUAbQBlAG4AdAAuIB0wDQYJKoZIhvcNAQELBQADggIBAGfyhqWY # 4FR5Gi7T2HRnIpsLlhHhY5KZQpZ90nkMkMFlXy4sPvjDctFtg/6+P+gKyju/R6mj # 82nbY78iNaWXXWWEkH2LRlBV2AySfNIaSxzzPEKLUtCw/WvjPgcuKZvmPRul1LUd # d5Q54ulkyUQ9eHoj8xN9ppB0g430yyYCRirCihC7pKkFDJvtaPpoLpWgKj8qa1hJ # Yx8JaW5amJbkg/TAj/NGK978O9C9Ne9uJa7lryft0N3zDq+ZKJeYTQ49C/IIidYf # wzIY4vDFLc5bnrRJOQrGCsLGra7lstnbFYhRRVg4MnEnGn+x9Cf43iw6IGmYslmJ # aG5vp7d0w0AFBqYBKig+gj8TTWYLwLNN9eGPfxxvFX1Fp3blQCplo8NdUmKGwx1j # NpeG39rz+PIWoZon4c2ll9DuXWNB41sHnIc+BncG0QaxdR8UvmFhtfDcxhsEvt9B # xw4o7t5lL+yX9qFcltgA1qFGvVnzl6UJS0gQmYAf0AApxbGbpT9Fdx41xtKiop96 # eiL6SJUfq/tHI4D1nvi/a7dLl+LrdXga7Oo3mXkYS//WsyNodeav+vyL6wuA6mk7 # r/ww7QRMjt/fdW1jkT3RnVZOT7+AVyKheBEyIXrvQQqxP/uozKRdwaGIm1dxVk5I # RcBCyZt2WwqASGv9eZ/BvW1taslScxMNelDNMYIVZzCCFWMCAQEwgZUwfjELMAkG # A1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQx # HjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEoMCYGA1UEAxMfTWljcm9z # b2Z0IENvZGUgU2lnbmluZyBQQ0EgMjAxMQITMwAAAlKLM6r4lfM52wAAAAACUjAN # BglghkgBZQMEAgEFAKCBrjAZBgkqhkiG9w0BCQMxDAYKKwYBBAGCNwIBBDAcBgor # BgEEAYI3AgELMQ4wDAYKKwYBBAGCNwIBFTAvBgkqhkiG9w0BCQQxIgQgIEGi8mEL # msSlsCEAetNHvMN+9kfOSGMrMw8dxD/SZtAwQgYKKwYBBAGCNwIBDDE0MDKgFIAS # AE0AaQBjAHIAbwBzAG8AZgB0oRqAGGh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbTAN # BgkqhkiG9w0BAQEFAASCAQAk8K6tMfy5H2joJmS0q2CQ83IdwxJxeEwaFTwEJ/TE # ayoN/U8HvItjsd1LZM3QXtSLu33/jU6WcGpPUTQXlPbIBZh9dxsQjZp8MRItTljK # L9aQ+h+sDvU40eoLNu9HpesVoMt7zR6WHuNDRqtG1mz7nJvM/Gruvr9v7l6ZTy8C # MX6ljSBHreT0EQvUbHutCbvnK58Gi1dEKKuONbIWw58RTTSLMcHwbI21s9TUaRYq # +qwJsmW6afngqNQgc3363WsxTs8eAGhbP6CBKYFud0kEf2kRwAaCoxbtpTyzfu6s # ljit3wr+5EAVmmT9gZKoLxtnzYSMie8LfwIGGpirIAVSoYIS8TCCEu0GCisGAQQB # gjcDAwExghLdMIIS2QYJKoZIhvcNAQcCoIISyjCCEsYCAQMxDzANBglghkgBZQME # AgEFADCCAVUGCyqGSIb3DQEJEAEEoIIBRASCAUAwggE8AgEBBgorBgEEAYRZCgMB # MDEwDQYJYIZIAWUDBAIBBQAEIPlujx+00oBnSkev3BepA/AhvoS4Fk36MqFZ2Lvp # kY/5AgZiD/Zn9x0YEzIwMjIwMzE0MTA0MzU0LjY4OVowBIACAfSggdSkgdEwgc4x # CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRt # b25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xKTAnBgNVBAsTIE1p # Y3Jvc29mdCBPcGVyYXRpb25zIFB1ZXJ0byBSaWNvMSYwJAYDVQQLEx1UaGFsZXMg # VFNTIEVTTjo0RDJGLUUzREQtQkVFRjElMCMGA1UEAxMcTWljcm9zb2Z0IFRpbWUt # U3RhbXAgU2VydmljZaCCDkQwggT1MIID3aADAgECAhMzAAABX8OuZVblU1jsAAAA # AAFfMA0GCSqGSIb3DQEBCwUAMHwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNo # aW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29y # cG9yYXRpb24xJjAkBgNVBAMTHU1pY3Jvc29mdCBUaW1lLVN0YW1wIFBDQSAyMDEw # MB4XDTIxMDExNDE5MDIxOVoXDTIyMDQxMTE5MDIxOVowgc4xCzAJBgNVBAYTAlVT # MRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQK # ExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xKTAnBgNVBAsTIE1pY3Jvc29mdCBPcGVy # YXRpb25zIFB1ZXJ0byBSaWNvMSYwJAYDVQQLEx1UaGFsZXMgVFNTIEVTTjo0RDJG # LUUzREQtQkVFRjElMCMGA1UEAxMcTWljcm9zb2Z0IFRpbWUtU3RhbXAgU2Vydmlj # ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALw9efmC2WQ9uaaw7k4g # xHSSCEoJLk22FTAaF8jYbAMkQC6DQF0WPnIheLM1ERTuQ9FWbglf0mXbDd2KjezR # Nlz53ycJIReiGUQOnw5vd4TgjLUxL17g3K0MP2nNhY/LyP98Ml/40X905egDbiIn # dZdtHiDb1xfY17a7v1j9o3muc+MCgFt9fO+U4CDNUpMMMQJFr/9QlU4YdJawjbyK # fK3Ltvqfq3lvgK0/HphiDtX5ch3beGNBKowKSTXhft8pwuXQProutWgB5PZmAN8X # ZhACo4jWi/a0zgAJJcBqoXvS6InrWcH/Eqi/qVaj8Vs56/Z/6kaYZZu/1mSzLn5E # ALMCAwEAAaOCARswggEXMB0GA1UdDgQWBBQl7OnTlc0rgZ7Fd7qlDFguYTU49TAf # BgNVHSMEGDAWgBTVYzpcijGQ80N7fEYbxTNoWoVtVTBWBgNVHR8ETzBNMEugSaBH # hkVodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL2NybC9wcm9kdWN0cy9NaWNU # aW1TdGFQQ0FfMjAxMC0wNy0wMS5jcmwwWgYIKwYBBQUHAQEETjBMMEoGCCsGAQUF # BzAChj5odHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL2NlcnRzL01pY1RpbVN0 # YVBDQV8yMDEwLTA3LTAxLmNydDAMBgNVHRMBAf8EAjAAMBMGA1UdJQQMMAoGCCsG # AQUFBwMIMA0GCSqGSIb3DQEBCwUAA4IBAQAOgtfZLJYSbsE3W73nd0hLnqQqHSFl # 2spHxzeXxM4uJT2uAVk/SLVzzjvZemUDBeOedKeXG8hctprpoQMpU3gbsNUnUaDe # sDcmR+eELCwYa+VBkUCqsIGJmQlDwuDwNa67kyCEPyPW59Yu2w/djNrwNWSjtuRw # fUFoDkjYyDjnXD0josi67qxJgW8rRqjl9a62hGzlzgE+aVLTT5IhK5z2X62Lph8j # 9f4XjtCPnyeFKFmgBWHPY1HbbjUHfg91StCLxueH2LjZoQETWOJ+pxElicXwVP5B # 0wlWkiauwug3rTKnDb5WKUb2llsnQgaegV+MQjMI7K6v+spvsMgRjPlhMIIGcTCC # BFmgAwIBAgIKYQmBKgAAAAAAAjANBgkqhkiG9w0BAQsFADCBiDELMAkGA1UEBhMC # VVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNV # BAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEyMDAGA1UEAxMpTWljcm9zb2Z0IFJv # b3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwMTAwHhcNMTAwNzAxMjEzNjU1WhcN # MjUwNzAxMjE0NjU1WjB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3Rv # bjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0 # aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMDCCASIw # DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKkdDbx3EYo6IOz8E5f1+n9plGt0 # VBDVpQoAgoX77XxoSyxfxcPlYcJ2tz5mK1vwFVMnBDEfQRsalR3OCROOfGEwWbEw # RA/xYIiEVEMM1024OAizQt2TrNZzMFcmgqNFDdDq9UeBzb8kYDJYYEbyWEeGMoQe # dGFnkV+BVLHPk0ySwcSmXdFhE24oxhr5hoC732H8RsEnHSRnEnIaIYqvS2SJUGKx # Xf13Hz3wV3WsvYpCTUBR0Q+cBj5nf/VmwAOWRH7v0Ev9buWayrGo8noqCjHw2k4G # kbaICDXoeByw6ZnNPOcvRLqn9NxkvaQBwSAJk3jN/LzAyURdXhacAQVPIk0CAwEA # AaOCAeYwggHiMBAGCSsGAQQBgjcVAQQDAgEAMB0GA1UdDgQWBBTVYzpcijGQ80N7 # fEYbxTNoWoVtVTAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTALBgNVHQ8EBAMC # AYYwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBTV9lbLj+iiXGJo0T2UkFvX # zpoYxDBWBgNVHR8ETzBNMEugSaBHhkVodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20v # cGtpL2NybC9wcm9kdWN0cy9NaWNSb29DZXJBdXRfMjAxMC0wNi0yMy5jcmwwWgYI # KwYBBQUHAQEETjBMMEoGCCsGAQUFBzAChj5odHRwOi8vd3d3Lm1pY3Jvc29mdC5j # b20vcGtpL2NlcnRzL01pY1Jvb0NlckF1dF8yMDEwLTA2LTIzLmNydDCBoAYDVR0g # AQH/BIGVMIGSMIGPBgkrBgEEAYI3LgMwgYEwPQYIKwYBBQUHAgEWMWh0dHA6Ly93 # d3cubWljcm9zb2Z0LmNvbS9QS0kvZG9jcy9DUFMvZGVmYXVsdC5odG0wQAYIKwYB # BQUHAgIwNB4yIB0ATABlAGcAYQBsAF8AUABvAGwAaQBjAHkAXwBTAHQAYQB0AGUA # bQBlAG4AdAAuIB0wDQYJKoZIhvcNAQELBQADggIBAAfmiFEN4sbgmD+BcQM9naOh # IW+z66bM9TG+zwXiqf76V20ZMLPCxWbJat/15/B4vceoniXj+bzta1RXCCtRgkQS # +7lTjMz0YBKKdsxAQEGb3FwX/1z5Xhc1mCRWS3TvQhDIr79/xn/yN31aPxzymXlK # kVIArzgPF/UveYFl2am1a+THzvbKegBvSzBEJCI8z+0DpZaPWSm8tv0E4XCfMkon # /VWvL/625Y4zu2JfmttXQOnxzplmkIz/amJ/3cVKC5Em4jnsGUpxY517IW3DnKOi # PPp/fZZqkHimbdLhnPkd/DjYlPTGpQqWhqS9nhquBEKDuLWAmyI4ILUl5WTs9/S/ # fmNZJQ96LjlXdqJxqgaKD4kWumGnEcua2A5HmoDF0M2n0O99g/DhO3EJ3110mCII # YdqwUB5vvfHhAN/nMQekkzr3ZUd46PioSKv33nJ+YWtvd6mBy6cJrDm77MbL2IK0 # cs0d9LiFAR6A+xuJKlQ5slvayA1VmXqHczsI5pgt6o3gMy4SKfXAL1QnIffIrE7a # KLixqduWsqdCosnPGUFN4Ib5KpqjEWYw07t0MkvfY3v1mYovG8chr1m1rtxEPJdQ # cdeh0sVV42neV8HR3jDA/czmTfsNv11P6Z0eGTgvvM9YBS7vDaBQNdrvCScc1bN+ # NR4Iuto229Nfj950iEkSoYIC0jCCAjsCAQEwgfyhgdSkgdEwgc4xCzAJBgNVBAYT # AlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYD # VQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xKTAnBgNVBAsTIE1pY3Jvc29mdCBP # cGVyYXRpb25zIFB1ZXJ0byBSaWNvMSYwJAYDVQQLEx1UaGFsZXMgVFNTIEVTTjo0 # RDJGLUUzREQtQkVFRjElMCMGA1UEAxMcTWljcm9zb2Z0IFRpbWUtU3RhbXAgU2Vy # dmljZaIjCgEBMAcGBSsOAwIaAxUA+gfSqjdAndOFEaXOQyBCdupmQoeggYMwgYCk # fjB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMH # UmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSYwJAYDVQQD # Ex1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMDANBgkqhkiG9w0BAQUFAAIF # AOXZb1UwIhgPMjAyMjAzMTQxMTM3NTdaGA8yMDIyMDMxNTExMzc1N1owdzA9Bgor # BgEEAYRZCgQBMS8wLTAKAgUA5dlvVQIBADAKAgEAAgIJywIB/zAHAgEAAgIRUjAK # AgUA5drA1QIBADA2BgorBgEEAYRZCgQCMSgwJjAMBgorBgEEAYRZCgMCoAowCAIB # AAIDB6EgoQowCAIBAAIDAYagMA0GCSqGSIb3DQEBBQUAA4GBAFvZ/J4v8x1fH9MP # WzijpH9ciYJ1PuPXVA9/1BNdz3pr22J5ggq8sSmeVAsCVmiVlW9PDbRGLZP5nCkc # eTbAofyQHx5rbGQGSf1uhOUam9qqhv7T6amNO2FZwDATSyanHI1yiTM0ARQTbIJi # y4KZjiiwAJV4O4Fxj2CGw9q6Ntb6MYIDDTCCAwkCAQEwgZMwfDELMAkGA1UEBhMC # VVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNV # BAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRp # bWUtU3RhbXAgUENBIDIwMTACEzMAAAFfw65lVuVTWOwAAAAAAV8wDQYJYIZIAWUD # BAIBBQCgggFKMBoGCSqGSIb3DQEJAzENBgsqhkiG9w0BCRABBDAvBgkqhkiG9w0B # CQQxIgQgzRFBLbSlSRmrUTvA9ZE/ikE3jQTgPfhnBiNxEo0A2w8wgfoGCyqGSIb3 # DQEJEAIvMYHqMIHnMIHkMIG9BCDQzXq1KxGsLuj0szktrnlhIRqmbwp5bVGc6Bu6 # hglMXDCBmDCBgKR+MHwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9u # MRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRp # b24xJjAkBgNVBAMTHU1pY3Jvc29mdCBUaW1lLVN0YW1wIFBDQSAyMDEwAhMzAAAB # X8OuZVblU1jsAAAAAAFfMCIEID5ph3ea/40FdP7VEGn7yMwazrG1k0xFbK1rIMCd # sV+DMA0GCSqGSIb3DQEBCwUABIIBAAkb2kVrRRkozNACvUmLljFhT8GaW3rbEdB9 # OHnQNr0oIK0t1b1BVUOwbj6Bq3mnJfT10BVXsYp6RXioTo4O9vNu3RI8M63GPdLa # sWDdOJOMv2dZB6edmXQP0NmFzRubYrTEBoaPsXpaC8MhEWwj3uReqwnz+AxziyIs # w+0XO1TehQiWT4/7zHr1LW1AYQ+E0KJ71pIueH5ri0t/RDTuetNLvZFItaRaWP1i # 9N5CA5BVKWNfZ4L42icG5Wh7UYqOQd3mWb2NMzOgFPBqAiolKJ5Z2YFmZHLS8hyL # exy6Tai3zsg3jBH4Q+pfnLqsgNBbvtTOSa/6DplObWQ2AMjUaPU= # SIG # End signature block |