Framework/Helpers/ConfigurationHelper.ps1

Set-StrictMode -Version Latest
#
# ConfigurationHelper.ps1
#
class ConfigurationHelper {
    hidden static [bool] $IsIssueLogged = $false
    hidden static [PSObject] $ServerConfigMetadata = $null
    hidden static [bool] $OfflineMode = $false;
    hidden static [string] $ConfigVersion = ""
    hidden static [bool] $LocalPolicyEnabled = $false
    hidden static [bool] $OssPolicyEnabled = $false
    hidden static [bool] $OnlinePolicyEnabled = $false
    hidden static [string] $OssPolicyUrl = ""
    hidden static [string] $ConfigPath = [string]::Empty
    hidden static [Policy[]] $PolicyCacheContent = @()
    hidden static $NotExtendedTypes = @{} #Used to remember Types we have checked already as to whether they are extended (e.g., Build.ext.ps1) or not.
    hidden static [PSObject] LoadOfflineConfigFile([string] $fileName) {
        return [ConfigurationHelper]::LoadOfflineConfigFile($fileName, $true);
    }
    hidden static [PSObject] LoadOfflineConfigFile([string] $fileName, [bool] $parseJson) {
        $rootConfigPath = [Constants]::AzSKAppFolderPath  ;
        return [ConfigurationHelper]::LoadOfflineConfigFile($fileName, $true, $rootConfigPath);
    }
    hidden static [PSObject] LoadOfflineConfigFile([string] $fileName, [bool] $parseJson, $path) {
        #Load file from AzSK App folder"
        $rootConfigPath = $path ;
        #Split file name and take last, if it is supplied like foldername\filename
        $fileName = $fileName.Split('\')[-1]
        $extension = [System.IO.Path]::GetExtension($fileName);

        $filePath = $null
        if (Test-Path -Path $rootConfigPath) {
            $filePath = (Get-ChildItem $rootConfigPath -Name -Recurse -Include $fileName) | Select-Object -First 1
        }
        #If file not present in App folder load settings from Configurations in Module folder
        if (!$filePath) {

            $basePath = [ConfigurationHelper]::GetBaseFrameworkPath()
            $rootConfigPath = $basePath | Join-Path -ChildPath "Configurations";

            $filePath = (Get-ChildItem $rootConfigPath -Name -Recurse -Include $fileName) | Select-Object -First 1
        }

        if ($filePath) {
            if ($parseJson) {
                if ($extension -eq ".json" -or $extension -eq ".lawsview") {
                    $fileContent = (Get-Content -Raw -Path (Join-Path $rootConfigPath $filePath)) | ConvertFrom-Json
                }
                else {
                    $fileContent = (Get-Content -Raw -Path (Join-Path $rootConfigPath $filePath))
                }
            }
            else {
                $fileContent = (Get-Content -Raw -Path (Join-Path $rootConfigPath $filePath))
            }
        }
        else {
            throw "Unable to find the specified file '$fileName'"
        }
        if (-not $fileContent) {
            throw "The specified file '$fileName' is empty"
        }

        return $fileContent;
    }

    hidden static [PSObject] LoadFrameworkConfigFile([string] $fileName, [bool] $parseJson) {
        #Load file from AzSK App folder"
        $fileName = $fileName.Split('\')[-1]
        $extension = [System.IO.Path]::GetExtension($fileName);

        $basePath = [ConfigurationHelper]::GetBaseFrameworkPath()
        $rootConfigPath = $basePath | Join-Path -ChildPath "Configurations";

        $filePath = (Get-ChildItem $rootConfigPath -Name -Recurse -Include $fileName) | Select-Object -First 1
        if ($filePath) {
            if ($parseJson) {
                if ($extension -eq ".json" -or $extension -eq ".lawsview") {
                    $fileContent = (Get-Content -Raw -Path (Join-Path $rootConfigPath $filePath)) | ConvertFrom-Json
                }
                else {
                    $fileContent = (Get-Content -Raw -Path (Join-Path $rootConfigPath $filePath))
                }
            }
            else {
                $fileContent = (Get-Content -Raw -Path (Join-Path $rootConfigPath $filePath))
            }
        }
        else {
            throw "Unable to find the specified file '$fileName'"
        }
        if (-not $fileContent) {
            throw "The specified file '$fileName' is empty"
        }

        return $fileContent;        
    }

    hidden static [PSObject] LoadServerConfigFile([string] $policyFileName, [bool] $useOnlinePolicyStore, [string] $onlineStoreUri, [bool] $enableAADAuthForOnlinePolicyStore) {
        [PSObject] $fileContent = "";
        if ([string]::IsNullOrWhiteSpace($policyFileName)) {
            throw [System.ArgumentException] ("The argument 'policyFileName' is null");
        }
        $serverFileContent = $null
        #Check if policy is present in cache and fetch the same if present
        $cachedPolicyContent = [ConfigurationHelper]::PolicyCacheContent | Where-Object { $_.Name -eq $policyFileName }
        if ($cachedPolicyContent)
        {
            $fileContent = $cachedPolicyContent.Content
            if ($fileContent)
            {
                return $fileContent
            }
        }

        <#
        if ($onlineStoreUri -match "\{0\}.*\{1\}" -and $useOnlinePolicyStore -eq $true)
        {
            #[EventBase]::PublishGenericCustomMessage(" Org Policy URL not set yet: $onlineStoreUri", [MessageType]::Warning);
        }
        #>


        if ($useOnlinePolicyStore) {

            if ([string]::IsNullOrWhiteSpace($onlineStoreUri)) {
                throw [System.ArgumentException] ("The argument 'onlineStoreUri' is null");
            }

            #Remember if the file we are attempting is SCMD.json
            $bFetchingSCMD = ($policyFileName -eq [Constants]::ServerConfigMetadataFileName)
            if ($bFetchingSCMD -and $null -ne [ConfigurationHelper]::ServerConfigMetadata) {
                return [ConfigurationHelper]::ServerConfigMetadata;
            }
            #First load offline OSS Content
            $fileContent = [ConfigurationHelper]::LoadOfflineConfigFile($policyFileName)
            if ([String]::IsNullOrWhiteSpace([ConfigurationHelper]::OssPolicyUrl)) {
                $moduleAzSKSettings = [ConfigurationHelper]::LoadFrameworkConfigFile("AzSKSettings.json", $true);
                [ConfigurationHelper]::OssPolicyUrl = $moduleAzSKSettings.OnlineOssPolicyStoreUrl
            }
            #Check if policy is listed as present in server config metadata file
            if (-not [ConfigurationHelper]::OfflineMode -and [ConfigurationHelper]::IsPolicyPresentOnServer($policyFileName, $useOnlinePolicyStore, $onlineStoreUri, $enableAADAuthForOnlinePolicyStore)) {
                #Write-Host -ForegroundColor Yellow "**NOT FOUND** $policyFileName"
                try {
                    if ([String]::IsNullOrWhiteSpace([ConfigurationHelper]::ConfigVersion) -and -not [ConfigurationHelper]::LocalPolicyEnabled -and -not [ConfigurationHelper]::OssPolicyEnabled) {
                        try {
                            $Version = [System.Version] ($global:ExecutionContext.SessionState.Module.Version);
                            # Try to fetch the file content from custom org policy
                            $serverFileContent = [ConfigurationHelper]::InvokeControlsAPI($onlineStoreUri, $Version, $policyFileName, $enableAADAuthForOnlinePolicyStore);
                            if (-not [String]::IsNullOrWhiteSpace($serverFileContent)) {
                                [ConfigurationHelper]::OnlinePolicyEnabled = $true
                            }
                            if([String]::IsNullOrWhiteSpace($serverFileContent) -and -not [ConfigurationHelper]::OnlinePolicyEnabled){
                                #If file is not available in custom org policy, Try to fetch the file content from local org policy
                                if (Test-Path $onlineStoreUri) {
                                    [EventBase]::PublishGenericCustomMessage("Running Org-Policy from local policy store location: [$onlineStoreUri]", [MessageType]::Info);
                                    $serverFileContent = [ConfigurationHelper]::LoadOfflineConfigFile($policyFileName, $true, $onlineStoreUri)
                                    [ConfigurationHelper]::LocalPolicyEnabled = $true
                                }
                            }
                            if ([String]::IsNullOrWhiteSpace($serverFileContent) -and -not [ConfigurationHelper]::OnlinePolicyEnabled) {
                                #If file is not available in both custom and local org policy, Fallback to github based oss policy
                                if(-not [String]::IsNullOrWhiteSpace([ConfigurationHelper]::OssPolicyUrl)) {
                                    $serverFileContent = [ConfigurationHelper]::InvokeControlsAPIGitHub([ConfigurationHelper]::OssPolicyUrl, $Version, $policyFileName);
                                    [ConfigurationHelper]::OssPolicyEnabled = $true
                                    [ConfigurationHelper]::ConfigVersion = $Version;
                                }
                            }
                            if ([String]::IsNullOrWhiteSpace($serverFileContent) -and  -not [ConfigurationHelper]::OnlinePolicyEnabled) {
                                #If file is not available in both custom and local org policy, Fallback to github based oss policy
                                $Version = ([ConfigurationHelper]::LoadOfflineConfigFile("AzSK.json")).ConfigSchemaBaseVersion;
                                if(-not [String]::IsNullOrWhiteSpace([ConfigurationHelper]::OssPolicyUrl)) {
                                    $serverFileContent = [ConfigurationHelper]::InvokeControlsAPIGitHub([ConfigurationHelper]::OssPolicyUrl, $Version, $policyFileName);
                                    [ConfigurationHelper]::ConfigVersion = $Version;
                                }
                            }
                        }
                        catch {
                                #If file is not available in both custom and local org policy, Fallback to github based oss policy
                                $Version = ([ConfigurationHelper]::LoadOfflineConfigFile("AzSK.json")).ConfigSchemaBaseVersion;
                                if(-not [String]::IsNullOrWhiteSpace([ConfigurationHelper]::OssPolicyUrl)) {
                                    [EventBase]::PublishGenericCustomMessage("Running Org-Policy from oss policy store", [MessageType]::Info);
                                    $serverFileContent = [ConfigurationHelper]::InvokeControlsAPIGitHub([ConfigurationHelper]::OssPolicyUrl, $Version, $policyFileName);
                                    [ConfigurationHelper]::ConfigVersion = $Version;
                                }
                        }
                    }
                    elseif ([ConfigurationHelper]::LocalPolicyEnabled) {
                        $serverFileContent = [ConfigurationHelper]::LoadOfflineConfigFile($policyFileName, $true, $onlineStoreUri)
                    }
                    elseif ([ConfigurationHelper]::OssPolicyEnabled) {
                        $Version = [ConfigurationHelper]::ConfigVersion;
                        #If file is not available in both custom and local org policy, Fallback to github based oss policy
                        $serverFileContent = [ConfigurationHelper]::InvokeControlsAPIGitHub([ConfigurationHelper]::OssPolicyUrl, $Version, $policyFileName);
                    }
                    else {
                        $Version = [ConfigurationHelper]::ConfigVersion ;
                        #If file is not available in both custom and local org policy, Fallback to github based oss policy
                        $serverFileContent = [ConfigurationHelper]::InvokeControlsAPIGitHub([ConfigurationHelper]::OssPolicyUrl, $Version, $policyFileName);     
                        [ConfigurationHelper]::ConfigVersion = $Version;                
                    }

                    #Completely override offline config if Server Override flag is enabled
                    if ([ConfigurationHelper]::IsOverrideOfflineEnabled($policyFileName)) {
                        $fileContent = $serverFileContent
                    }
                    else {
                        $fileContent = [Helpers]::MergeObjects($fileContent, $serverFileContent)
                    }
                    #Write-Host -ForegroundColor Green "**ADDING TO CACHE** $policyFileName"
                }
                catch {

                    if (-not [ConfigurationHelper]::IsIssueLogged) {
                        if ([Helpers]::CheckMember($_, "Exception.Response.StatusCode") -and $_.Exception.Response.StatusCode.ToString().ToLower() -eq "unauthorized") {
                            [EventBase]::PublishGenericCustomMessage(("Not able to fetch org-specific policy. The current organization is not linked to your org tenant."), [MessageType]::Warning);
                            [ConfigurationHelper]::IsIssueLogged = $true
                        }
                        elseif ($bFetchingSCMD ) {
                            [EventBase]::PublishGenericCustomMessage(("Not able to fetch org-specific policy. Validate if org policy URL is correct."), [MessageType]::Warning);
                            [ConfigurationHelper]::IsIssueLogged = $true
                        }
                        else {
                            [EventBase]::PublishGenericCustomMessage(("Error while fetching the policy [$policyFileName] from online store. " + [Constants]::OfflineModeWarning), [MessageType]::Warning);
                            [EventBase]::PublishGenericException($_);
                            [ConfigurationHelper]::IsIssueLogged = $true
                        }
                    }
                }
            }

            #If we were trying to fetch SCMD and the returned JSON does not have 'OnlinePolicyList' something is wrong!
            #In ADO this happens if ADOScannerPolicy repo does not exist.
            #ADOTOD: Perhaps we should query for repo being present when the OnlinePolicyURL is formed (or first used)
            if ($bFetchingSCMD -and -not [Helpers]::CheckMember($fileContent, "OnlinePolicyList"))
            {
                #[EventBase]::PublishGenericCustomMessage([Constants]::OfflineModeWarning, [MessageType]::Warning);
                $fileContent = [ConfigurationHelper]::LoadOfflineConfigFile($policyFileName)
            }

            if (-not $fileContent) {
                #Fire special event to notify user about switching to offline policy
                [EventBase]::PublishGenericCustomMessage(([Constants]::OfflineModeWarning + " Policy: $policyFileName"), [MessageType]::Warning);
                $fileContent = [ConfigurationHelper]::LoadOfflineConfigFile($policyFileName)
            }
            # return $updateResult
        }
        else {
            [EventBase]::PublishGenericCustomMessage(([Constants]::OfflineModeWarning + " Policy: $policyFileName"), [MessageType]::Warning);
            $fileContent = [ConfigurationHelper]::LoadOfflineConfigFile($policyFileName)
        }
        if (-not $fileContent) {
            throw "The specified file '$policyFileName' is empty"
        }

        #Store policy file content into cache.
        #Note: This will happen only once per file (whether found on server or not).
        #In case of SVT config JSONs, we will overwrite this (only once) right after resolving baselines/dynamic parameters in control recos, etc. (in LoadSVTConfig)

        #ADOTODO: by Sep2020. Do any controlSettings processing here. Revisit after Asim's policy cache changes are integrated.
        if ($policyFileName -match "ControlSettings.json")
        {
            #Compile regex-s once upon load. The Env setting is just to compare perf during dev-test.
            #This code will overwrite the text regex with compiled version. (At point of usage, no change is needed.)
            if ((@($fileContent.Patterns)).Count -gt 0 -and -not $env:AzSKNoCompileRegex)
            {
                $iPat = 0
                $rgxOpt = [Text.RegularExpressions.RegexOptions]::Compiled; #default: case-sensitive match!
                $fileContent.Patterns | % {
                    $regExList = @($_.RegexList)
                    $iReg=0
                    $regExList | % {
                        $txtRegex = $_
                        $compiledRegex = [Text.RegularExpressions.Regex]::new($txtRegex, $rgxOpt)
                        $fileContent.Patterns[$iPat].RegexList[$iReg] = $compiledRegex
                        $iReg++
                    }
                    $iPat++
                }
            }
        }

        $policy = [Policy]@{
            Name    = $policyFileName
            Content = $fileContent
        }
        [ConfigurationHelper]::PolicyCacheContent += $policy

        return $fileContent;
    }

    hidden static [PSObject] LoadServerFileRaw([string] $fileName, [bool] $useOnlinePolicyStore, [string] $onlineStoreUri, [bool] $enableAADAuthForOnlinePolicyStore) {
        [PSObject] $fileContent = "";
        $serverFileContent = $null;
        if ([string]::IsNullOrWhiteSpace($fileName)) {
            throw [System.ArgumentException] ("The argument 'fileName' is null");
        }

        if ([String]::IsNullOrWhiteSpace([ConfigurationHelper]::OssPolicyUrl)) {
            $moduleAzSKSettings = [ConfigurationHelper]::LoadFrameworkConfigFile("AzSKSettings.json", $true);
            [ConfigurationHelper]::OssPolicyUrl = $moduleAzSKSettings.OnlineOssPolicyStoreUrl
        }

        if ($useOnlinePolicyStore) {

            if ([string]::IsNullOrWhiteSpace($onlineStoreUri)) {
                throw [System.ArgumentException] ("The argument 'onlineStoreUri' is null");
            }

            #Check if policy present in server using metadata file
            if (-not [ConfigurationHelper]::OfflineMode -and [ConfigurationHelper]::IsPolicyPresentOnServer($fileName, $useOnlinePolicyStore, $onlineStoreUri, $enableAADAuthForOnlinePolicyStore)) {
                try {
                    if ([String]::IsNullOrWhiteSpace([ConfigurationHelper]::ConfigVersion) -and -not [ConfigurationHelper]::LocalPolicyEnabled -and -not [ConfigurationHelper]::OssPolicyEnabled) {
                        try {
                            $Version = [System.Version] ($global:ExecutionContext.SessionState.Module.Version);
                            $serverFileContent = [ConfigurationHelper]::InvokeControlsAPI($onlineStoreUri, $Version, $fileName, $enableAADAuthForOnlinePolicyStore);
                            if ([String]::IsNullOrWhiteSpace($serverFileContent)) {
                                #If file is not available in custom org policy, Try to fetch the file content from local org policy
                                if (Test-Path $onlineStoreUri) {
                                    [EventBase]::PublishGenericCustomMessage("Running Org-Policy from local policy store location: [$onlineStoreUri]", [MessageType]::Info);
                                    $serverFileContent = [ConfigurationHelper]::LoadOfflineConfigFile($fileName, $true, $onlineStoreUri)
                                    [ConfigurationHelper]::LocalPolicyEnabled = $true
                                }
                            }
                            if ([String]::IsNullOrWhiteSpace($serverFileContent)) {
                                #If file is not available in both custom and local org policy, Fallback to github based oss policy
                                if(-not [String]::IsNullOrWhiteSpace([ConfigurationHelper]::OssPolicyUrl)) {
                                    $serverFileContent = [ConfigurationHelper]::InvokeControlsAPIGitHub([ConfigurationHelper]::OssPolicyUrl, $Version, $fileName);
                                    [ConfigurationHelper]::OssPolicyEnabled = $true
                                    [ConfigurationHelper]::ConfigVersion = $Version;
                                }
                            }
                            if ([String]::IsNullOrWhiteSpace($serverFileContent)) {
                                #If file is not available in both custom and local org policy, Fallback to github based oss policy
                                $Version = ([ConfigurationHelper]::LoadOfflineConfigFile("AzSK.json")).ConfigSchemaBaseVersion;
                                if(-not [String]::IsNullOrWhiteSpace([ConfigurationHelper]::OssPolicyUrl)) {
                                    $serverFileContent = [ConfigurationHelper]::InvokeControlsAPIGitHub([ConfigurationHelper]::OssPolicyUrl, $Version, $fileName);
                                    [ConfigurationHelper]::ConfigVersion = $Version;
                                }
                            }
                        }
                        catch {
                                #If file is not available in both custom and local org policy, Fallback to github based oss policy
                                $Version = ([ConfigurationHelper]::LoadOfflineConfigFile("AzSK.json")).ConfigSchemaBaseVersion;
                                if(-not [String]::IsNullOrWhiteSpace([ConfigurationHelper]::OssPolicyUrl)) {
                                    $serverFileContent = [ConfigurationHelper]::InvokeControlsAPIGitHub([ConfigurationHelper]::OssPolicyUrl, $Version, $fileName);
                                    [ConfigurationHelper]::ConfigVersion = $Version;
                                }
                        }
                    }
                    elseif ([ConfigurationHelper]::LocalPolicyEnabled) {
                        $serverFileContent = [ConfigurationHelper]::LoadOfflineConfigFile($fileName, $true, $onlineStoreUri)
                    }
                    elseif ([ConfigurationHelper]::OssPolicyEnabled) {
                        #If file is not available in both custom and local org policy, Fallback to github based oss policy
                        $serverFileContent = [ConfigurationHelper]::InvokeControlsAPIGitHub([ConfigurationHelper]::OssPolicyUrl, [ConfigurationHelper]::ConfigVersion, $fileName);
                    }
                    else {
                        $Version = [ConfigurationHelper]::ConfigVersion ;
                        #If file is not available in both custom and local org policy, Fallback to github based oss policy
                        $serverFileContent = [ConfigurationHelper]::InvokeControlsAPIGitHub([ConfigurationHelper]::OssPolicyUrl, $Version, $fileName);
                        [ConfigurationHelper]::ConfigVersion = $Version;
                    }

                    $fileContent = $serverFileContent
                }
                catch {

                    if (-not [ConfigurationHelper]::IsIssueLogged) {
                        if ([Helpers]::CheckMember($_, "Exception.Response.StatusCode") -and $_.Exception.Response.StatusCode.ToString().ToLower() -eq "unauthorized") {
                            [EventBase]::PublishGenericCustomMessage(("Not able to fetch org-specific policy. The current organization is not linked to your org tenant."), [MessageType]::Warning);
                            [ConfigurationHelper]::IsIssueLogged = $true
                        }
                        elseif ($fileName -eq [Constants]::ServerConfigMetadataFileName) {
                            [EventBase]::PublishGenericCustomMessage(("Not able to fetch org-specific policy. Validate if org policy URL is correct."), [MessageType]::Warning);
                            [ConfigurationHelper]::IsIssueLogged = $true
                        }
                        else {
                            [EventBase]::PublishGenericCustomMessage(("Error while fetching the policy [$fileName] from online store. " + [Constants]::OfflineModeWarning), [MessageType]::Warning);
                            [EventBase]::PublishGenericException($_);
                            [ConfigurationHelper]::IsIssueLogged = $true
                        }
                    }
                }


            }

        }
        else {
            [EventBase]::PublishGenericCustomMessage(([Constants]::OfflineModeWarning + " Policy: $fileName"), [MessageType]::Warning);
        }

        return $fileContent;
    }

    hidden static [PSObject] InvokeControlsAPI([string] $onlineStoreUri, [string] $configVersion, [string] $policyFileName, [bool] $enableAADAuthForOnlinePolicyStore) {
        #Evaluate all code block in onlineStoreUri.
        #Can use '$FileName' in uri to fill dynamic file name.
        #Revisit
        # We are adding this code in AzSK.Framework for time-being. Need to revisit our strategy to update this code in framework later. This is ADO specific.
        $rmContext = [ContextHelper]::GetCurrentContext();
        $user = "";
        $base64AuthInfo = [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(("{0}:{1}" -f $user, $rmContext.AccessToken)))
        try {
            $FileName = $policyFileName;
            #$ResponseHeaders = $null #The '-ResponseHeadersVariable' param is supported in PS core, we should enable after moving to PS core. Will allow us to check response content-type etc.
            $uri = $global:ExecutionContext.InvokeCommand.ExpandString($onlineStoreUri)
            $webRequestResult = Invoke-RestMethod -Uri $uri -Method Get -ContentType "application/json" -Headers @{Authorization = ("Basic {0}" -f $base64AuthInfo) } #-ResponseHeadersVariable 'ResponseHeaders'
            return $webRequestResult;
        }
        catch {
            return $null;
        }
        return $null;
    }

    # Fetch the configuration file content from github
    hidden static [PSObject] InvokeControlsAPIGitHub([string] $onlineStoreUri, [string] $configVersion, [string] $policyFileName)
     {
        #Evaluate all code block in onlineStoreUri.
        #Can use '$FileName' in uri to fill dynamic file name.
        #Revisit
        $FileName = $policyFileName;
        $Version = $configVersion;
        $uri = $global:ExecutionContext.InvokeCommand.ExpandString($onlineStoreUri)
        [System.Uri] $validatedUri = $null;
        if ([System.Uri]::TryCreate($uri, [System.UriKind]::Absolute, [ref] $validatedUri))
        {
            try {
                $serverFileContent = Invoke-RestMethod `
                    -Method GET `
                    -Uri $validatedUri `
                    -UseBasicParsing
                return $serverFileContent
            }
            catch {
                return $null;
            }
        }
        else
        {
            [EventBase]::PublishGenericCustomMessage(("'UseOnlinePolicyStore' is enabled but the 'OnlinePolicyStoreUrl' is not valid Uri: [$uri]. `r`n" + [Constants]::OfflineModeWarning), [MessageType]::Warning);
        }
        return $null;
    }

    #Need to rethink on this function logic
    hidden static [PSObject] LoadModuleJsonFile([string] $fileName) {
     $basePath = [ConfigurationHelper]::GetBaseFrameworkPath()
     $rootConfigPath = Join-Path $basePath -ChildPath "Configurations";
        $filePath = (Get-ChildItem $rootConfigPath -Name -Recurse -Include $fileName) | Select-Object -First 1
     if ($filePath) {
            $fileContent = (Get-Content -Raw -Path (Join-Path $rootConfigPath $filePath)) | ConvertFrom-Json
        }
        else {
            throw "Unable to find the specified file '$fileName'"
        }
        return $fileContent;
    }

    hidden static [PSObject] LoadModuleRawFile([string] $fileName) {

     $basePath = [ConfigurationHelper]::GetBaseFrameworkPath()
     $rootConfigPath = Join-Path $basePath | Join-Path -ChildPath "Configurations";

        $filePath = (Get-ChildItem $rootConfigPath -Name -Recurse -Include $fileName) | Select-Object -First 1
     if ($filePath) {
            $fileContent = (Get-Content -Raw -Path (Join-Path $rootConfigPath $filePath))
        }
        else {
            throw "Unable to find the specified file '$fileName'"
        }
        return $fileContent;
    }

    hidden static [bool] IsPolicyPresentOnServer([string] $fileName, [bool] $useOnlinePolicyStore, [string] $onlineStoreUri, [bool] $enableAADAuthForOnlinePolicyStore) {
        #Check if Config meta data is null and load the meta data from server
        if ($null -eq [ConfigurationHelper]::ServerConfigMetadata) {
            #if File is meta data file then return true
            if ($fileName -eq [Constants]::ServerConfigMetadataFileName) {
                return $true
            }
            else {
                $filecontent = [ConfigurationHelper]::LoadServerConfigFile([Constants]::ServerConfigMetadataFileName, $useOnlinePolicyStore, $onlineStoreUri, $enableAADAuthForOnlinePolicyStore);
                [ConfigurationHelper]::ServerConfigMetadata = $filecontent;
            }
        }

        if ($null -ne [ConfigurationHelper]::ServerConfigMetadata) {
            if ([ConfigurationHelper]::ServerConfigMetadata.OnlinePolicyList | Where-Object { $_.Name -eq $fileName }) {
                return $true
            }
            else {
                return $false
            }
        }
        else {
            #If Metadata file is not present on server then set offline default meta data..
            [ConfigurationHelper]::ServerConfigMetadata = [ConfigurationHelper]::LoadOfflineConfigFile([Constants]::ServerConfigMetadataFileName);
            return $false
        }
    }

    #Function to check if Override Offline flag is enabled
    hidden static [bool] IsOverrideOfflineEnabled([string] $fileName) {
        if ($fileName -eq [Constants]::ServerConfigMetadataFileName) {
            return $true
        }

        $PolicyMetadata = [ConfigurationHelper]::ServerConfigMetadata.OnlinePolicyList | Where-Object { $_.Name -eq $fileName }
        if (($PolicyMetadata -and [Helpers]::CheckMember($PolicyMetadata, "OverrideOffline") -and $PolicyMetadata.OverrideOffline -eq $true) ) {
            return $true
        }
        else {
            return $false
        }
    }

    #Helper function to get base Framework folder path

    hidden static [PSObject] GetBaseFrameworkPath() {
        $moduleName = $([Constants]::AzSKModuleName)

        #Remove Staging from module name before forming config base path
        $moduleName = $moduleName -replace "Staging", ""

        #Irrespective of whether Dev-Test mode is on or off, base framework path will now remain same as the new source code repo doesn't have AzSK.Framework folder.
        $basePath = (Get-Item $PSScriptRoot).Parent.FullName

        return $basePath
    }
}

#Model to store online policy file content with name.
#Used in ConfigurationHelper to cache online policy files
class Policy {
    [string] $Name
    [PSObject] $Content
}


# SIG # Begin signature block
# MIIn0QYJKoZIhvcNAQcCoIInwjCCJ74CAQExDzANBglghkgBZQMEAgEFADB5Bgor
# BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG
# KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCBtbVOdHU3RxmOe
# fa3qTD4FWcf/S0UQrYxb/p55n38aCKCCDYUwggYDMIID66ADAgECAhMzAAADri01
# UchTj1UdAAAAAAOuMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMRMwEQYD
# VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy
# b3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNpZ25p
# bmcgUENBIDIwMTEwHhcNMjMxMTE2MTkwODU5WhcNMjQxMTE0MTkwODU5WjB0MQsw
# CQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9u
# ZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYDVQQDExVNaWNy
# b3NvZnQgQ29ycG9yYXRpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
# AQD0IPymNjfDEKg+YyE6SjDvJwKW1+pieqTjAY0CnOHZ1Nj5irGjNZPMlQ4HfxXG
# yAVCZcEWE4x2sZgam872R1s0+TAelOtbqFmoW4suJHAYoTHhkznNVKpscm5fZ899
# QnReZv5WtWwbD8HAFXbPPStW2JKCqPcZ54Y6wbuWV9bKtKPImqbkMcTejTgEAj82
# 6GQc6/Th66Koka8cUIvz59e/IP04DGrh9wkq2jIFvQ8EDegw1B4KyJTIs76+hmpV
# M5SwBZjRs3liOQrierkNVo11WuujB3kBf2CbPoP9MlOyyezqkMIbTRj4OHeKlamd
# WaSFhwHLJRIQpfc8sLwOSIBBAgMBAAGjggGCMIIBfjAfBgNVHSUEGDAWBgorBgEE
# AYI3TAgBBggrBgEFBQcDAzAdBgNVHQ4EFgQUhx/vdKmXhwc4WiWXbsf0I53h8T8w
# VAYDVR0RBE0wS6RJMEcxLTArBgNVBAsTJE1pY3Jvc29mdCBJcmVsYW5kIE9wZXJh
# dGlvbnMgTGltaXRlZDEWMBQGA1UEBRMNMjMwMDEyKzUwMTgzNjAfBgNVHSMEGDAW
# gBRIbmTlUAXTgqoXNzcitW2oynUClTBUBgNVHR8ETTBLMEmgR6BFhkNodHRwOi8v
# d3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NybC9NaWNDb2RTaWdQQ0EyMDExXzIw
# MTEtMDctMDguY3JsMGEGCCsGAQUFBwEBBFUwUzBRBggrBgEFBQcwAoZFaHR0cDov
# L3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNDb2RTaWdQQ0EyMDEx
# XzIwMTEtMDctMDguY3J0MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIB
# AGrJYDUS7s8o0yNprGXRXuAnRcHKxSjFmW4wclcUTYsQZkhnbMwthWM6cAYb/h2W
# 5GNKtlmj/y/CThe3y/o0EH2h+jwfU/9eJ0fK1ZO/2WD0xi777qU+a7l8KjMPdwjY
# 0tk9bYEGEZfYPRHy1AGPQVuZlG4i5ymJDsMrcIcqV8pxzsw/yk/O4y/nlOjHz4oV
# APU0br5t9tgD8E08GSDi3I6H57Ftod9w26h0MlQiOr10Xqhr5iPLS7SlQwj8HW37
# ybqsmjQpKhmWul6xiXSNGGm36GarHy4Q1egYlxhlUnk3ZKSr3QtWIo1GGL03hT57
# xzjL25fKiZQX/q+II8nuG5M0Qmjvl6Egltr4hZ3e3FQRzRHfLoNPq3ELpxbWdH8t
# Nuj0j/x9Crnfwbki8n57mJKI5JVWRWTSLmbTcDDLkTZlJLg9V1BIJwXGY3i2kR9i
# 5HsADL8YlW0gMWVSlKB1eiSlK6LmFi0rVH16dde+j5T/EaQtFz6qngN7d1lvO7uk
# 6rtX+MLKG4LDRsQgBTi6sIYiKntMjoYFHMPvI/OMUip5ljtLitVbkFGfagSqmbxK
# 7rJMhC8wiTzHanBg1Rrbff1niBbnFbbV4UDmYumjs1FIpFCazk6AADXxoKCo5TsO
# zSHqr9gHgGYQC2hMyX9MGLIpowYCURx3L7kUiGbOiMwaMIIHejCCBWKgAwIBAgIK
# YQ6Q0gAAAAAAAzANBgkqhkiG9w0BAQsFADCBiDELMAkGA1UEBhMCVVMxEzARBgNV
# BAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jv
# c29mdCBDb3Jwb3JhdGlvbjEyMDAGA1UEAxMpTWljcm9zb2Z0IFJvb3QgQ2VydGlm
# aWNhdGUgQXV0aG9yaXR5IDIwMTEwHhcNMTEwNzA4MjA1OTA5WhcNMjYwNzA4MjEw
# OTA5WjB+MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UE
# BxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSgwJgYD
# VQQDEx9NaWNyb3NvZnQgQ29kZSBTaWduaW5nIFBDQSAyMDExMIICIjANBgkqhkiG
# 9w0BAQEFAAOCAg8AMIICCgKCAgEAq/D6chAcLq3YbqqCEE00uvK2WCGfQhsqa+la
# UKq4BjgaBEm6f8MMHt03a8YS2AvwOMKZBrDIOdUBFDFC04kNeWSHfpRgJGyvnkmc
# 6Whe0t+bU7IKLMOv2akrrnoJr9eWWcpgGgXpZnboMlImEi/nqwhQz7NEt13YxC4D
# dato88tt8zpcoRb0RrrgOGSsbmQ1eKagYw8t00CT+OPeBw3VXHmlSSnnDb6gE3e+
# lD3v++MrWhAfTVYoonpy4BI6t0le2O3tQ5GD2Xuye4Yb2T6xjF3oiU+EGvKhL1nk
# kDstrjNYxbc+/jLTswM9sbKvkjh+0p2ALPVOVpEhNSXDOW5kf1O6nA+tGSOEy/S6
# A4aN91/w0FK/jJSHvMAhdCVfGCi2zCcoOCWYOUo2z3yxkq4cI6epZuxhH2rhKEmd
# X4jiJV3TIUs+UsS1Vz8kA/DRelsv1SPjcF0PUUZ3s/gA4bysAoJf28AVs70b1FVL
# 5zmhD+kjSbwYuER8ReTBw3J64HLnJN+/RpnF78IcV9uDjexNSTCnq47f7Fufr/zd
# sGbiwZeBe+3W7UvnSSmnEyimp31ngOaKYnhfsi+E11ecXL93KCjx7W3DKI8sj0A3
# T8HhhUSJxAlMxdSlQy90lfdu+HggWCwTXWCVmj5PM4TasIgX3p5O9JawvEagbJjS
# 4NaIjAsCAwEAAaOCAe0wggHpMBAGCSsGAQQBgjcVAQQDAgEAMB0GA1UdDgQWBBRI
# bmTlUAXTgqoXNzcitW2oynUClTAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTAL
# BgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBRyLToCMZBD
# uRQFTuHqp8cx0SOJNDBaBgNVHR8EUzBRME+gTaBLhklodHRwOi8vY3JsLm1pY3Jv
# c29mdC5jb20vcGtpL2NybC9wcm9kdWN0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFf
# MDNfMjIuY3JsMF4GCCsGAQUFBwEBBFIwUDBOBggrBgEFBQcwAoZCaHR0cDovL3d3
# dy5taWNyb3NvZnQuY29tL3BraS9jZXJ0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFf
# MDNfMjIuY3J0MIGfBgNVHSAEgZcwgZQwgZEGCSsGAQQBgjcuAzCBgzA/BggrBgEF
# BQcCARYzaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9kb2NzL3ByaW1h
# cnljcHMuaHRtMEAGCCsGAQUFBwICMDQeMiAdAEwAZQBnAGEAbABfAHAAbwBsAGkA
# YwB5AF8AcwB0AGEAdABlAG0AZQBuAHQALiAdMA0GCSqGSIb3DQEBCwUAA4ICAQBn
# 8oalmOBUeRou09h0ZyKbC5YR4WOSmUKWfdJ5DJDBZV8uLD74w3LRbYP+vj/oCso7
# v0epo/Np22O/IjWll11lhJB9i0ZQVdgMknzSGksc8zxCi1LQsP1r4z4HLimb5j0b
# pdS1HXeUOeLpZMlEPXh6I/MTfaaQdION9MsmAkYqwooQu6SpBQyb7Wj6aC6VoCo/
# KmtYSWMfCWluWpiW5IP0wI/zRive/DvQvTXvbiWu5a8n7dDd8w6vmSiXmE0OPQvy
# CInWH8MyGOLwxS3OW560STkKxgrCxq2u5bLZ2xWIUUVYODJxJxp/sfQn+N4sOiBp
# mLJZiWhub6e3dMNABQamASooPoI/E01mC8CzTfXhj38cbxV9Rad25UAqZaPDXVJi
# hsMdYzaXht/a8/jyFqGaJ+HNpZfQ7l1jQeNbB5yHPgZ3BtEGsXUfFL5hYbXw3MYb
# BL7fQccOKO7eZS/sl/ahXJbYANahRr1Z85elCUtIEJmAH9AAKcWxm6U/RXceNcbS
# oqKfenoi+kiVH6v7RyOA9Z74v2u3S5fi63V4GuzqN5l5GEv/1rMjaHXmr/r8i+sL
# gOppO6/8MO0ETI7f33VtY5E90Z1WTk+/gFcioXgRMiF670EKsT/7qMykXcGhiJtX
# cVZOSEXAQsmbdlsKgEhr/Xmfwb1tbWrJUnMTDXpQzTGCGaIwghmeAgEBMIGVMH4x
# CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRt
# b25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01p
# Y3Jvc29mdCBDb2RlIFNpZ25pbmcgUENBIDIwMTECEzMAAAOuLTVRyFOPVR0AAAAA
# A64wDQYJYIZIAWUDBAIBBQCgga4wGQYJKoZIhvcNAQkDMQwGCisGAQQBgjcCAQQw
# HAYKKwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkEMSIEINWF
# oz4QOiuCfgMRAWogoBK5oW/SNGDIcClYU52OXvLCMEIGCisGAQQBgjcCAQwxNDAy
# oBSAEgBNAGkAYwByAG8AcwBvAGYAdKEagBhodHRwOi8vd3d3Lm1pY3Jvc29mdC5j
# b20wDQYJKoZIhvcNAQEBBQAEggEAFnN6DU5n5n68FxV+DxfjmH6L6f7fKPt4LvK/
# Zeuyr9N6mC+9nLexuCcScIMjcu0qTFD0e8ipf7WkulJdtQg+3uKQCM0dbA+YqVmu
# B7VVPJacZhhwL0RmfdrN7GqLfDO69c7DLGACrI9grM242lk6JPvLZ62fFqMrgVZw
# LBJD0jZCbqyJ/xRz19i5sczUoX4gRGVwa+9LjGqIUrt1ZCoJ3W4UyzQlLUTUv9t2
# JeSCGHOgm3+t4SSUrMwpPR4+MHZF7bLHlOnMJ4yU9jnfh4+pjfGuk673s/lt1XgZ
# PwF/8jX4v6+LYGQ8+Rse4kc9zbvTcq/6RIt296E48mPr/J4eWKGCFywwghcoBgor
# BgEEAYI3AwMBMYIXGDCCFxQGCSqGSIb3DQEHAqCCFwUwghcBAgEDMQ8wDQYJYIZI
# AWUDBAIBBQAwggFZBgsqhkiG9w0BCRABBKCCAUgEggFEMIIBQAIBAQYKKwYBBAGE
# WQoDATAxMA0GCWCGSAFlAwQCAQUABCBCjTvDQkUpxFCgpLz0nrvR9CHVkZM9LOzr
# X2EZFFrytAIGZbqj+OqDGBMyMDI0MDIxNTA4MzIyNS41MzZaMASAAgH0oIHYpIHV
# MIHSMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMH
# UmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMS0wKwYDVQQL
# EyRNaWNyb3NvZnQgSXJlbGFuZCBPcGVyYXRpb25zIExpbWl0ZWQxJjAkBgNVBAsT
# HVRoYWxlcyBUU1MgRVNOOjNCRDQtNEI4MC02OUMzMSUwIwYDVQQDExxNaWNyb3Nv
# ZnQgVGltZS1TdGFtcCBTZXJ2aWNloIIRezCCBycwggUPoAMCAQICEzMAAAHlj2rA
# 8z20C6MAAQAAAeUwDQYJKoZIhvcNAQELBQAwfDELMAkGA1UEBhMCVVMxEzARBgNV
# BAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jv
# c29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAg
# UENBIDIwMTAwHhcNMjMxMDEyMTkwNzM1WhcNMjUwMTEwMTkwNzM1WjCB0jELMAkG
# A1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQx
# HjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEtMCsGA1UECxMkTWljcm9z
# b2Z0IElyZWxhbmQgT3BlcmF0aW9ucyBMaW1pdGVkMSYwJAYDVQQLEx1UaGFsZXMg
# VFNTIEVTTjozQkQ0LTRCODAtNjlDMzElMCMGA1UEAxMcTWljcm9zb2Z0IFRpbWUt
# U3RhbXAgU2VydmljZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKl7
# 4Drau2O6LLrJO3HyTvO9aXai//eNyP5MLWZrmUGNOJMPwMI08V9zBfRPNcucreIY
# SyJHjkMIUGmuh0rPV5/2+UCLGrN1P77n9fq/mdzXMN1FzqaPHdKElKneJQ8R6cP4
# dru2Gymmt1rrGcNe800CcD6d/Ndoommkd196VqOtjZFA1XWu+GsFBeWHiez/Pllq
# cM/eWntkQMs0lK0zmCfH+Bu7i1h+FDRR8F7WzUr/7M3jhVdPpAfq2zYCA8ZVLNgE
# izY+vFmgx+zDuuU/GChDK7klDcCw+/gVoEuSOl5clQsydWQjJJX7Z2yV+1KC6G1J
# VqpP3dpKPAP/4udNqpR5HIeb8Ta1JfjRUzSv3qSje5y9RYT/AjWNYQ7gsezuDWM/
# 8cZ11kco1JvUyOQ8x/JDkMFqSRwj1v+mc6LKKlj//dWCG/Hw9ppdlWJX6psDesQu
# QR7FV7eCqV/lfajoLpPNx/9zF1dv8yXBdzmWJPeCie2XaQnrAKDqlG3zXux9tNQm
# z2L96TdxnIO2OGmYxBAAZAWoKbmtYI+Ciz4CYyO0Fm5Z3T40a5d7KJuftF6CTocc
# c/Up/jpFfQitLfjd71cS+cLCeoQ+q0n0IALvV+acbENouSOrjv/QtY4FIjHlI5zd
# JzJnGskVJ5ozhji0YRscv1WwJFAuyyCMQvLdmPddAgMBAAGjggFJMIIBRTAdBgNV
# HQ4EFgQU3/+fh7tNczEifEXlCQgFOXgMh6owHwYDVR0jBBgwFoAUn6cVXQBeYl2D
# 9OXSZacbUzUZ6XIwXwYDVR0fBFgwVjBUoFKgUIZOaHR0cDovL3d3dy5taWNyb3Nv
# ZnQuY29tL3BraW9wcy9jcmwvTWljcm9zb2Z0JTIwVGltZS1TdGFtcCUyMFBDQSUy
# MDIwMTAoMSkuY3JsMGwGCCsGAQUFBwEBBGAwXjBcBggrBgEFBQcwAoZQaHR0cDov
# L3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNyb3NvZnQlMjBUaW1l
# LVN0YW1wJTIwUENBJTIwMjAxMCgxKS5jcnQwDAYDVR0TAQH/BAIwADAWBgNVHSUB
# Af8EDDAKBggrBgEFBQcDCDAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQAD
# ggIBADP6whOFjD1ad8GkEJ9oLBuvfjndMyGQ9R4HgBKSlPt3pa0XVLcimrJlDnKG
# gFBiWwI6XOgw82hdolDiMDBLLWRMTJHWVeUY1gU4XB8OOIxBc9/Q83zb1c0RWEup
# gC48I+b+2x2VNgGJUsQIyPR2PiXQhT5PyerMgag9OSodQjFwpNdGirna2rpV23EU
# wFeO5+3oSX4JeCNZvgyUOzKpyMvqVaubo+Glf/psfW5tIcMjZVt0elswfq0qJNQg
# oYipbaTvv7xmixUJGTbixYifTwAivPcKNdeisZmtts7OHbAM795ZvKLSEqXiRUjD
# YZyeHyAysMEALbIhdXgHEh60KoZyzlBXz3VxEirE7nhucNwM2tViOlwI7EkeU5hu
# dctnXCG55JuMw/wb7c71RKimZA/KXlWpmBvkJkB0BZES8OCGDd+zY/T9BnTp8si3
# 6Tql84VfpYe9iHmy7PqqxqMF2Cn4q2a0mEMnpBruDGE/gR9c8SVJ2ntkARy5Sflu
# uJ/MB61yRvT1mUx3lyppO22ePjBjnwoEvVxbDjT1jhdMNdevOuDeJGzRLK9HNmTD
# C+TdZQlj+VMgIm8ZeEIRNF0oaviF+QZcUZLWzWbYq6yDok8EZKFiRR5otBoGLvaY
# FpxBZUE8mnLKuDlYobjrxh7lnwrxV/fMy0F9fSo2JxFmtLgtMIIHcTCCBVmgAwIB
# AgITMwAAABXF52ueAptJmQAAAAAAFTANBgkqhkiG9w0BAQsFADCBiDELMAkGA1UE
# BhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAc
# BgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEyMDAGA1UEAxMpTWljcm9zb2Z0
# IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwMTAwHhcNMjEwOTMwMTgyMjI1
# WhcNMzAwOTMwMTgzMjI1WjB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGlu
# Z3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBv
# cmF0aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMDCC
# AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAOThpkzntHIhC3miy9ckeb0O
# 1YLT/e6cBwfSqWxOdcjKNVf2AX9sSuDivbk+F2Az/1xPx2b3lVNxWuJ+Slr+uDZn
# hUYjDLWNE893MsAQGOhgfWpSg0S3po5GawcU88V29YZQ3MFEyHFcUTE3oAo4bo3t
# 1w/YJlN8OWECesSq/XJprx2rrPY2vjUmZNqYO7oaezOtgFt+jBAcnVL+tuhiJdxq
# D89d9P6OU8/W7IVWTe/dvI2k45GPsjksUZzpcGkNyjYtcI4xyDUoveO0hyTD4MmP
# frVUj9z6BVWYbWg7mka97aSueik3rMvrg0XnRm7KMtXAhjBcTyziYrLNueKNiOSW
# rAFKu75xqRdbZ2De+JKRHh09/SDPc31BmkZ1zcRfNN0Sidb9pSB9fvzZnkXftnIv
# 231fgLrbqn427DZM9ituqBJR6L8FA6PRc6ZNN3SUHDSCD/AQ8rdHGO2n6Jl8P0zb
# r17C89XYcz1DTsEzOUyOArxCaC4Q6oRRRuLRvWoYWmEBc8pnol7XKHYC4jMYcten
# IPDC+hIK12NvDMk2ZItboKaDIV1fMHSRlJTYuVD5C4lh8zYGNRiER9vcG9H9stQc
# xWv2XFJRXRLbJbqvUAV6bMURHXLvjflSxIUXk8A8FdsaN8cIFRg/eKtFtvUeh17a
# j54WcmnGrnu3tz5q4i6tAgMBAAGjggHdMIIB2TASBgkrBgEEAYI3FQEEBQIDAQAB
# MCMGCSsGAQQBgjcVAgQWBBQqp1L+ZMSavoKRPEY1Kc8Q/y8E7jAdBgNVHQ4EFgQU
# n6cVXQBeYl2D9OXSZacbUzUZ6XIwXAYDVR0gBFUwUzBRBgwrBgEEAYI3TIN9AQEw
# QTA/BggrBgEFBQcCARYzaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9E
# b2NzL1JlcG9zaXRvcnkuaHRtMBMGA1UdJQQMMAoGCCsGAQUFBwMIMBkGCSsGAQQB
# gjcUAgQMHgoAUwB1AGIAQwBBMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/
# MB8GA1UdIwQYMBaAFNX2VsuP6KJcYmjRPZSQW9fOmhjEMFYGA1UdHwRPME0wS6BJ
# oEeGRWh0dHA6Ly9jcmwubWljcm9zb2Z0LmNvbS9wa2kvY3JsL3Byb2R1Y3RzL01p
# Y1Jvb0NlckF1dF8yMDEwLTA2LTIzLmNybDBaBggrBgEFBQcBAQROMEwwSgYIKwYB
# BQUHMAKGPmh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvY2VydHMvTWljUm9v
# Q2VyQXV0XzIwMTAtMDYtMjMuY3J0MA0GCSqGSIb3DQEBCwUAA4ICAQCdVX38Kq3h
# LB9nATEkW+Geckv8qW/qXBS2Pk5HZHixBpOXPTEztTnXwnE2P9pkbHzQdTltuw8x
# 5MKP+2zRoZQYIu7pZmc6U03dmLq2HnjYNi6cqYJWAAOwBb6J6Gngugnue99qb74p
# y27YP0h1AdkY3m2CDPVtI1TkeFN1JFe53Z/zjj3G82jfZfakVqr3lbYoVSfQJL1A
# oL8ZthISEV09J+BAljis9/kpicO8F7BUhUKz/AyeixmJ5/ALaoHCgRlCGVJ1ijbC
# HcNhcy4sa3tuPywJeBTpkbKpW99Jo3QMvOyRgNI95ko+ZjtPu4b6MhrZlvSP9pEB
# 9s7GdP32THJvEKt1MMU0sHrYUP4KWN1APMdUbZ1jdEgssU5HLcEUBHG/ZPkkvnNt
# yo4JvbMBV0lUZNlz138eW0QBjloZkWsNn6Qo3GcZKCS6OEuabvshVGtqRRFHqfG3
# rsjoiV5PndLQTHa1V1QJsWkBRH58oWFsc/4Ku+xBZj1p/cvBQUl+fpO+y/g75LcV
# v7TOPqUxUYS8vwLBgqJ7Fx0ViY1w/ue10CgaiQuPNtq6TPmb/wrpNPgkNWcr4A24
# 5oyZ1uEi6vAnQj0llOZ0dFtq0Z4+7X6gMTN9vMvpe784cETRkPHIqzqKOghif9lw
# Y1NNje6CbaUFEMFxBmoQtB1VM1izoXBm8qGCAtcwggJAAgEBMIIBAKGB2KSB1TCB
# 0jELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1Jl
# ZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEtMCsGA1UECxMk
# TWljcm9zb2Z0IElyZWxhbmQgT3BlcmF0aW9ucyBMaW1pdGVkMSYwJAYDVQQLEx1U
# aGFsZXMgVFNTIEVTTjozQkQ0LTRCODAtNjlDMzElMCMGA1UEAxMcTWljcm9zb2Z0
# IFRpbWUtU3RhbXAgU2VydmljZaIjCgEBMAcGBSsOAwIaAxUA942iGuYFrsE4wzWD
# d85EpM6RiwqggYMwgYCkfjB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGlu
# Z3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBv
# cmF0aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMDAN
# BgkqhkiG9w0BAQUFAAIFAOl3lHMwIhgPMjAyNDAyMTUwMzM1MTVaGA8yMDI0MDIx
# NjAzMzUxNVowdzA9BgorBgEEAYRZCgQBMS8wLTAKAgUA6XeUcwIBADAKAgEAAgID
# +AIB/zAHAgEAAgITJjAKAgUA6Xjl8wIBADA2BgorBgEEAYRZCgQCMSgwJjAMBgor
# BgEEAYRZCgMCoAowCAIBAAIDB6EgoQowCAIBAAIDAYagMA0GCSqGSIb3DQEBBQUA
# A4GBAEPF8M/MNoD45ZGBKw0xpPIu9NsrfUH8ac6df880DomsAtv729JUMLYmLY5u
# s8mDxazuqtXiGgpQz5rk955j/vZbbx0OpN4lcUoRPLo20Rl1IhiDihXTtUJJPCw3
# qVOZGE6noa64svoiAf1/gO1CiHFWYlVaioymlvwueb8U+5i5MYIEDTCCBAkCAQEw
# gZMwfDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcT
# B1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UE
# AxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAgUENBIDIwMTACEzMAAAHlj2rA8z20C6MA
# AQAAAeUwDQYJYIZIAWUDBAIBBQCgggFKMBoGCSqGSIb3DQEJAzENBgsqhkiG9w0B
# CRABBDAvBgkqhkiG9w0BCQQxIgQgNn8aZmWeg5lhyCVMyYGhIrSadGni2ImVLGAe
# 6SDjqBMwgfoGCyqGSIb3DQEJEAIvMYHqMIHnMIHkMIG9BCAVqdP//qjxGFhe2Ybo
# EXeb8I/pAof01CwhbxUH9U697TCBmDCBgKR+MHwxCzAJBgNVBAYTAlVTMRMwEQYD
# VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy
# b3NvZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMTHU1pY3Jvc29mdCBUaW1lLVN0YW1w
# IFBDQSAyMDEwAhMzAAAB5Y9qwPM9tAujAAEAAAHlMCIEILVnBgmprI+GG6P8gyh9
# eD5dz8rCkLZBc+6WmC4QVECoMA0GCSqGSIb3DQEBCwUABIICABQ3vVLT3G1F7wF/
# 7fYmB789UNAuwyAPjckctDyNeZyubDojz7yzQM2s5IKGX7pUhSxa/5IEvqBYgvAW
# HdecOU5INAqG1vOKaj+cFNNgZF2xQkowkiv6Yc4+MYW/IgVwz/LAz3OWbhZ73i7h
# F0gQY0DwLV0fhGF16StOS70wB4KaVeVTW6H1ycl9Jr6aCJVPFSH5ucz4YuAVfX47
# TpLLA6903tSOYckyGoOxv74Ineoh7LqMV7j2apzYIJmQ5RbgBzwAl5eogr1iLT46
# NV8NzZsREg7GLmstKnifUjadhimMlEcJ2y9O4GyAgkJTRnD6rlf7r1wYsW3/tQLH
# Vieqte5S1Jv8fR7Ads1zGxxk69+7bmdDHB/rz0wGA7i2SBxMQi4UamVYb7Ww36/S
# 25qRQEOy7RQT+kXp37eJY8WWCZHgOUYod7qHXm6CTBqR+OIwSss1l98S8G6phICr
# mFfQChN+P3hGtq6hm1c8MMuUhSSyw/NkIrisYje/RVEgYccDEPSxw0yntif556WG
# hbt5mhnprdKH3bKgaCp5Ey0eP9ut7J7JekS7+CaPNzuBlrc/1vuqhlN0m/XpzjaG
# H1mQhdn7BMoSu2A4rBp204t5RVQ8GpSoFk+CuNQE/R39S3Xml+MHpls8nig7qT+/
# MTi1TtCI3OT6OT7iT+fN8w1IGWAE
# SIG # End signature block