Framework/Helpers/IdentityHelpers.ps1
|
Set-StrictMode -Version Latest class IdentityHelpers { static hidden [bool] $hasGraphAccess = $false static hidden [string] $graphAccessToken = $null static hidden [string] $ALTControlEvaluationMethod static hidden [bool] $hasSIPAccess = $false static hidden [string] $dataExplorerAccessToken = $null hidden static [bool] IsAltAccount($SignInName, $graphToken) { $isAltAccount = $false $headers = @{"Authorization"= ("Bearer " + $graphToken); "Content-Type"="application/json"} $uri="" $graphURI = [WebRequestHelper]::GetGraphUrl() if (-not [string]::IsNullOrWhiteSpace($SignInName)) { $uri = [string]::Format('{0}/v1.0/users/{1}?$select=onPremisesExtensionAttributes', $graphURI, $SignInName) } else { return $false } try { $responseObj = [WebRequestHelper]::InvokeGetWebRequest($uri, $headers); if ($null -ne $responseObj -and ($responseObj | Measure-Object).Count -gt 0) { # extensionAttribute contains 15 different values which define unique properties for users. $extensionAttributes = $responseObj.onPremisesExtensionAttributes #"extensionAttribute2" contains the integer values which represents the different types of users. #"extensionAttribute2: -10" => SC-ALT Accounts if($extensionAttributes.extensionAttribute2 -eq "-10") { $isAltAccount = $true } } } catch { return $false; } return $isAltAccount } hidden static [bool] IsServiceAccount($SignInName, $subjectKind, $graphToken) { $isServiceAccount = $false $headers = @{"Authorization"= ("Bearer " + $graphToken); "Content-Type"="application/json"} $uri="" $graphURI = [WebRequestHelper]::GetGraphUrl() if($subjectKind -eq "User") { if (-not [string]::IsNullOrWhiteSpace($SignInName)) { $uri = [string]::Format('{0}/v1.0/users/{1}?$select=onPremisesImmutableId,onPremisesExtensionAttributes', $graphURI, $SignInName) } else { return $false } } else { return $false } try { $responseObj = [WebRequestHelper]::InvokeGetWebRequest($uri, $headers); if ($null -ne $responseObj -and ($responseObj | Measure-Object).Count -gt 0) { # extensionAttribute contains 15 different values which define unique properties for users. $extensionAttributes = $responseObj.onPremisesExtensionAttributes #"extensionAttribute2" contains the integer values which represents the different types of users. #"extensionAttribute2: -9" => Service Accounts if($extensionAttributes.extensionAttribute2 -eq "-9") { $isServiceAccount = $true } } } catch { return $false; } return $isServiceAccount } hidden static [bool] IsADObjectGUID($immutableId){ try { $decodedII = [system.convert]::frombase64string($immutableId) $guid = [GUID]$decodedII } catch { return $false } return $true } static CheckGraphAccess() { # In CA mode, we use azure context to fetch the graph access token, because VSTS authentication is not supported in CA. $useAzContext = $false $scanSource = [AzSKSettings]::GetInstance().GetScanSource(); if ($scanSource -eq 'CICD') { [IdentityHelpers]::hasGraphAccess = $false } else { if ($scanSource -eq "CA") { $useAzContext = $true } $graphUri = [WebRequestHelper]::GetGraphUrl() $uri = $GraphUri + "/v1.0/users?`$top=1" [IdentityHelpers]::graphAccessToken = [ContextHelper]::GetGraphAccessToken($useAzContext) if (-not [string]::IsNullOrWhiteSpace([IdentityHelpers]::graphAccessToken)) { $header = @{ "Authorization"= ("Bearer " + [IdentityHelpers]::graphAccessToken); "Content-Type"="application/json" }; try { $webResponse = [WebRequestHelper]::InvokeGetWebRequest($uri, $header); [IdentityHelpers]::hasGraphAccess = $true; } catch { [IdentityHelpers]::hasGraphAccess = $false; } } } } static CheckSIPAccess() { # In CA mode, we use azure context to fetch the data explorer access token, because VSTS authentication is not supported in CA. $useAzContext = $false $scanSource = [AzSKSettings]::GetInstance().GetScanSource(); if ($scanSource -eq 'CICD') { [IdentityHelpers]::hasSIPAccess = $false } else { if ($scanSource -eq "CA") { $useAzContext = $true } [IdentityHelpers]::dataExplorerAccessToken = [ContextHelper]::GetDataExplorerAccessToken($useAzContext) if (-not [string]::IsNullOrWhiteSpace([IdentityHelpers]::dataExplorerAccessToken)) { $header = @{ "Authorization" = "Bearer " + [IdentityHelpers]::dataExplorerAccessToken } $apiURL = "https://dsresip.kusto.windows.net/v2/rest/query" # making a samlple api call, just to check if user has access to required SIP database. $inputbody = "{`"db`": `"AADUsersData`",`"csl`": `"UsersInfo | take 1`"}" try { $kustoResponse = Invoke-RestMethod -Uri $apiURL -Method Post -ContentType "application/json; charset=utf-8" -Headers $header -Body $inputbody; [IdentityHelpers]::hasSIPAccess = $true; } catch { [IdentityHelpers]::hasSIPAccess = $false; } } } } #This method differentiate human accounts and service account from the list. hidden static [PSObject] DistinguishHumanAndServiceAccount([PSObject] $allMembers, $orgName) { $humanAccount = @(); $serviceAccount = @(); $defaultSvcAcc = @(); #"Account Service ($orgName)" # This is default service account automatically added by ADO. $allMembers | ForEach-Object{ if (-not [string]::IsNullOrEmpty($_.mailAddress)) { $isServiceAccount = [IdentityHelpers]::IsServiceAccount($_.mailAddress, $_.subjectKind, [IdentityHelpers]::graphAccessToken) if ($isServiceAccount) { $serviceAccount += $_ } else { $humanAccount += $_ } } else { $defaultSvcAcc += $_ } } if ($null -ne $defaultSvcAcc -and $defaultSvcAcc.Count -gt 0) { $serviceAccount += $defaultSvcAcc } $adminMembers = @{serviceAccount = $serviceAccount; humanAccount = $humanAccount;}; return $adminMembers } #This method differentiate alt accounts and non-alt account from the list. hidden static [PSObject] DistinguishAltAndNonAltAccount([PSObject] $allMembers) { $altAccount = @(); $nonAltAccount = @(); $allMembers | ForEach-Object{ $isAltAccount = [IdentityHelpers]::IsAltAccount($_.mailAddress, [IdentityHelpers]::graphAccessToken) if ($isAltAccount) { $altAccount += $_ } else { $nonAltAccount += $_ } } $adminMembers = @{altAccount = $altAccount; nonAltAccount = $nonAltAccount;}; return $adminMembers } } # SIG # Begin signature block # MIIoOQYJKoZIhvcNAQcCoIIoKjCCKCYCAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCB+NUGMm2P8+7Hi # yV5tzl2NP9ASTF5pZAJjOfgM4C/fa6CCDYUwggYDMIID66ADAgECAhMzAAADri01 # UchTj1UdAAAAAAOuMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMRMwEQYD # VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNpZ25p # bmcgUENBIDIwMTEwHhcNMjMxMTE2MTkwODU5WhcNMjQxMTE0MTkwODU5WjB0MQsw # CQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9u # ZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYDVQQDExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB # AQD0IPymNjfDEKg+YyE6SjDvJwKW1+pieqTjAY0CnOHZ1Nj5irGjNZPMlQ4HfxXG # yAVCZcEWE4x2sZgam872R1s0+TAelOtbqFmoW4suJHAYoTHhkznNVKpscm5fZ899 # QnReZv5WtWwbD8HAFXbPPStW2JKCqPcZ54Y6wbuWV9bKtKPImqbkMcTejTgEAj82 # 6GQc6/Th66Koka8cUIvz59e/IP04DGrh9wkq2jIFvQ8EDegw1B4KyJTIs76+hmpV # M5SwBZjRs3liOQrierkNVo11WuujB3kBf2CbPoP9MlOyyezqkMIbTRj4OHeKlamd # WaSFhwHLJRIQpfc8sLwOSIBBAgMBAAGjggGCMIIBfjAfBgNVHSUEGDAWBgorBgEE # AYI3TAgBBggrBgEFBQcDAzAdBgNVHQ4EFgQUhx/vdKmXhwc4WiWXbsf0I53h8T8w # VAYDVR0RBE0wS6RJMEcxLTArBgNVBAsTJE1pY3Jvc29mdCBJcmVsYW5kIE9wZXJh # dGlvbnMgTGltaXRlZDEWMBQGA1UEBRMNMjMwMDEyKzUwMTgzNjAfBgNVHSMEGDAW # gBRIbmTlUAXTgqoXNzcitW2oynUClTBUBgNVHR8ETTBLMEmgR6BFhkNodHRwOi8v # d3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NybC9NaWNDb2RTaWdQQ0EyMDExXzIw # MTEtMDctMDguY3JsMGEGCCsGAQUFBwEBBFUwUzBRBggrBgEFBQcwAoZFaHR0cDov # L3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNDb2RTaWdQQ0EyMDEx # XzIwMTEtMDctMDguY3J0MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIB # AGrJYDUS7s8o0yNprGXRXuAnRcHKxSjFmW4wclcUTYsQZkhnbMwthWM6cAYb/h2W # 5GNKtlmj/y/CThe3y/o0EH2h+jwfU/9eJ0fK1ZO/2WD0xi777qU+a7l8KjMPdwjY # 0tk9bYEGEZfYPRHy1AGPQVuZlG4i5ymJDsMrcIcqV8pxzsw/yk/O4y/nlOjHz4oV # APU0br5t9tgD8E08GSDi3I6H57Ftod9w26h0MlQiOr10Xqhr5iPLS7SlQwj8HW37 # ybqsmjQpKhmWul6xiXSNGGm36GarHy4Q1egYlxhlUnk3ZKSr3QtWIo1GGL03hT57 # xzjL25fKiZQX/q+II8nuG5M0Qmjvl6Egltr4hZ3e3FQRzRHfLoNPq3ELpxbWdH8t # Nuj0j/x9Crnfwbki8n57mJKI5JVWRWTSLmbTcDDLkTZlJLg9V1BIJwXGY3i2kR9i # 5HsADL8YlW0gMWVSlKB1eiSlK6LmFi0rVH16dde+j5T/EaQtFz6qngN7d1lvO7uk # 6rtX+MLKG4LDRsQgBTi6sIYiKntMjoYFHMPvI/OMUip5ljtLitVbkFGfagSqmbxK # 7rJMhC8wiTzHanBg1Rrbff1niBbnFbbV4UDmYumjs1FIpFCazk6AADXxoKCo5TsO # zSHqr9gHgGYQC2hMyX9MGLIpowYCURx3L7kUiGbOiMwaMIIHejCCBWKgAwIBAgIK # YQ6Q0gAAAAAAAzANBgkqhkiG9w0BAQsFADCBiDELMAkGA1UEBhMCVVMxEzARBgNV # BAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jv # c29mdCBDb3Jwb3JhdGlvbjEyMDAGA1UEAxMpTWljcm9zb2Z0IFJvb3QgQ2VydGlm # aWNhdGUgQXV0aG9yaXR5IDIwMTEwHhcNMTEwNzA4MjA1OTA5WhcNMjYwNzA4MjEw # OTA5WjB+MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UE # BxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSgwJgYD # VQQDEx9NaWNyb3NvZnQgQ29kZSBTaWduaW5nIFBDQSAyMDExMIICIjANBgkqhkiG # 9w0BAQEFAAOCAg8AMIICCgKCAgEAq/D6chAcLq3YbqqCEE00uvK2WCGfQhsqa+la # UKq4BjgaBEm6f8MMHt03a8YS2AvwOMKZBrDIOdUBFDFC04kNeWSHfpRgJGyvnkmc # 6Whe0t+bU7IKLMOv2akrrnoJr9eWWcpgGgXpZnboMlImEi/nqwhQz7NEt13YxC4D # dato88tt8zpcoRb0RrrgOGSsbmQ1eKagYw8t00CT+OPeBw3VXHmlSSnnDb6gE3e+ # lD3v++MrWhAfTVYoonpy4BI6t0le2O3tQ5GD2Xuye4Yb2T6xjF3oiU+EGvKhL1nk # kDstrjNYxbc+/jLTswM9sbKvkjh+0p2ALPVOVpEhNSXDOW5kf1O6nA+tGSOEy/S6 # A4aN91/w0FK/jJSHvMAhdCVfGCi2zCcoOCWYOUo2z3yxkq4cI6epZuxhH2rhKEmd # X4jiJV3TIUs+UsS1Vz8kA/DRelsv1SPjcF0PUUZ3s/gA4bysAoJf28AVs70b1FVL # 5zmhD+kjSbwYuER8ReTBw3J64HLnJN+/RpnF78IcV9uDjexNSTCnq47f7Fufr/zd # sGbiwZeBe+3W7UvnSSmnEyimp31ngOaKYnhfsi+E11ecXL93KCjx7W3DKI8sj0A3 # T8HhhUSJxAlMxdSlQy90lfdu+HggWCwTXWCVmj5PM4TasIgX3p5O9JawvEagbJjS # 4NaIjAsCAwEAAaOCAe0wggHpMBAGCSsGAQQBgjcVAQQDAgEAMB0GA1UdDgQWBBRI # bmTlUAXTgqoXNzcitW2oynUClTAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTAL # BgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBRyLToCMZBD # uRQFTuHqp8cx0SOJNDBaBgNVHR8EUzBRME+gTaBLhklodHRwOi8vY3JsLm1pY3Jv # c29mdC5jb20vcGtpL2NybC9wcm9kdWN0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFf # MDNfMjIuY3JsMF4GCCsGAQUFBwEBBFIwUDBOBggrBgEFBQcwAoZCaHR0cDovL3d3 # dy5taWNyb3NvZnQuY29tL3BraS9jZXJ0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFf # MDNfMjIuY3J0MIGfBgNVHSAEgZcwgZQwgZEGCSsGAQQBgjcuAzCBgzA/BggrBgEF # BQcCARYzaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9kb2NzL3ByaW1h # cnljcHMuaHRtMEAGCCsGAQUFBwICMDQeMiAdAEwAZQBnAGEAbABfAHAAbwBsAGkA # YwB5AF8AcwB0AGEAdABlAG0AZQBuAHQALiAdMA0GCSqGSIb3DQEBCwUAA4ICAQBn # 8oalmOBUeRou09h0ZyKbC5YR4WOSmUKWfdJ5DJDBZV8uLD74w3LRbYP+vj/oCso7 # v0epo/Np22O/IjWll11lhJB9i0ZQVdgMknzSGksc8zxCi1LQsP1r4z4HLimb5j0b # pdS1HXeUOeLpZMlEPXh6I/MTfaaQdION9MsmAkYqwooQu6SpBQyb7Wj6aC6VoCo/ # KmtYSWMfCWluWpiW5IP0wI/zRive/DvQvTXvbiWu5a8n7dDd8w6vmSiXmE0OPQvy # CInWH8MyGOLwxS3OW560STkKxgrCxq2u5bLZ2xWIUUVYODJxJxp/sfQn+N4sOiBp # mLJZiWhub6e3dMNABQamASooPoI/E01mC8CzTfXhj38cbxV9Rad25UAqZaPDXVJi # hsMdYzaXht/a8/jyFqGaJ+HNpZfQ7l1jQeNbB5yHPgZ3BtEGsXUfFL5hYbXw3MYb # BL7fQccOKO7eZS/sl/ahXJbYANahRr1Z85elCUtIEJmAH9AAKcWxm6U/RXceNcbS # oqKfenoi+kiVH6v7RyOA9Z74v2u3S5fi63V4GuzqN5l5GEv/1rMjaHXmr/r8i+sL # gOppO6/8MO0ETI7f33VtY5E90Z1WTk+/gFcioXgRMiF670EKsT/7qMykXcGhiJtX # cVZOSEXAQsmbdlsKgEhr/Xmfwb1tbWrJUnMTDXpQzTGCGgowghoGAgEBMIGVMH4x # CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRt # b25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01p # Y3Jvc29mdCBDb2RlIFNpZ25pbmcgUENBIDIwMTECEzMAAAOuLTVRyFOPVR0AAAAA # A64wDQYJYIZIAWUDBAIBBQCgga4wGQYJKoZIhvcNAQkDMQwGCisGAQQBgjcCAQQw # HAYKKwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkEMSIEIEIY # /5lYEWauEfPTVua9jXDBSeCE1kKqoCsaa9alrvzWMEIGCisGAQQBgjcCAQwxNDAy # oBSAEgBNAGkAYwByAG8AcwBvAGYAdKEagBhodHRwOi8vd3d3Lm1pY3Jvc29mdC5j # b20wDQYJKoZIhvcNAQEBBQAEggEASyfh9smd5bS5era82THhvjXS2ao9r8iOQi7u # h+ItUXQPGCgqPvbH5poTqFsjmLg7Ggf8uVT7uTaaJApDzDGyPwghqVNXfgmEcs6B # 4U8rcGP0VMOvS2yt93qzID/7SR5udE8ocQkDOoKbO6cIkeidOfr081ki0cPSngty # d2GJVVkVCIwQx5NPts7XlwF1V6gKu8hJFjNwV6bUZeITP7x0ulRYrKt3/OUyVvye # oYCEZLuax78arAjh7ANojaEzx8rRXEEqXqr2PtDoXgtmkTMJwjyRBY480G3nbIuV # cDypwQFasJDNhLTtMcYmapDLY7iZKDhRsXt3MWq69yU2KF/Wz6GCF5QwgheQBgor # BgEEAYI3AwMBMYIXgDCCF3wGCSqGSIb3DQEHAqCCF20wghdpAgEDMQ8wDQYJYIZI # AWUDBAIBBQAwggFSBgsqhkiG9w0BCRABBKCCAUEEggE9MIIBOQIBAQYKKwYBBAGE # WQoDATAxMA0GCWCGSAFlAwQCAQUABCB2noDn0pHuKQhXhhIfzpC5bdfFZMgJr0v9 # HSC9fX47fgIGZbwTrBYaGBMyMDI0MDIxNTA4MzIyMy4zODFaMASAAgH0oIHRpIHO # MIHLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMH # UmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSUwIwYDVQQL # ExxNaWNyb3NvZnQgQW1lcmljYSBPcGVyYXRpb25zMScwJQYDVQQLEx5uU2hpZWxk # IFRTUyBFU046RjAwMi0wNUUwLUQ5NDcxJTAjBgNVBAMTHE1pY3Jvc29mdCBUaW1l # LVN0YW1wIFNlcnZpY2WgghHqMIIHIDCCBQigAwIBAgITMwAAAfI+MtdkrHCRlAAB # AAAB8jANBgkqhkiG9w0BAQsFADB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2Fz # aGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENv # cnBvcmF0aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAx # MDAeFw0yMzEyMDYxODQ1NThaFw0yNTAzMDUxODQ1NThaMIHLMQswCQYDVQQGEwJV # UzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UE # ChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSUwIwYDVQQLExxNaWNyb3NvZnQgQW1l # cmljYSBPcGVyYXRpb25zMScwJQYDVQQLEx5uU2hpZWxkIFRTUyBFU046RjAwMi0w # NUUwLUQ5NDcxJTAjBgNVBAMTHE1pY3Jvc29mdCBUaW1lLVN0YW1wIFNlcnZpY2Uw # ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC85fPLFwppYgxwYxkSEeYv # QBtnYJTtKKj2FKxzHx0fgV6XgIIrmCWmpKl9IOzvOfJ/k6iP0RnoRo5F89Ad29ed # zGdlWbCj1Qyx5HUHNY8yu9ElJOmdgeuNvTK4RW4wu9iB5/z2SeCuYqyX/v8z6Ppv # 29h1ttNWsSc/KPOeuhzSAXqkA265BSFT5kykxvzB0LxoxS6oWoXWK6wx172NRJRY # cINfXDhURvUfD70jioE92rW/OgjcOKxZkfQxLlwaFSrSnGs7XhMrp9TsUgmwsycT # EOBdGVmf1HCD7WOaz5EEcQyIS2BpRYYwsPMbB63uHiJ158qNh1SJXuoL5wGDu/bZ # UzN+BzcLj96ixC7wJGQMBixWH9d++V8bl10RYdXDZlljRAvS6iFwNzrahu4DrYb7 # b8M7vvwhEL0xCOvb7WFMsstscXfkdE5g+NSacphgFfcoftQ5qPD2PNVmrG38DmHD # oYhgj9uqPLP7vnoXf7j6+LW8Von158D0Wrmk7CumucQTiHRyepEaVDnnA2GkiJoe # h/r3fShL6CHgPoTB7oYU/d6JOncRioDYqqRfV2wlpKVO8b+VYHL8hn11JRFx6p69 # mL8BRtSZ6dG/GFEVE+fVmgxYfICUrpghyQlETJPITEBS15IsaUuW0GvXlLSofGf2 # t5DAoDkuKCbC+3VdPmlYVQIDAQABo4IBSTCCAUUwHQYDVR0OBBYEFJVbhwAm6tAx # BM5cH8Bg0+Y64oZ5MB8GA1UdIwQYMBaAFJ+nFV0AXmJdg/Tl0mWnG1M1GelyMF8G # A1UdHwRYMFYwVKBSoFCGTmh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMv # Y3JsL01pY3Jvc29mdCUyMFRpbWUtU3RhbXAlMjBQQ0ElMjAyMDEwKDEpLmNybDBs # BggrBgEFBQcBAQRgMF4wXAYIKwYBBQUHMAKGUGh0dHA6Ly93d3cubWljcm9zb2Z0 # LmNvbS9wa2lvcHMvY2VydHMvTWljcm9zb2Z0JTIwVGltZS1TdGFtcCUyMFBDQSUy # MDIwMTAoMSkuY3J0MAwGA1UdEwEB/wQCMAAwFgYDVR0lAQH/BAwwCgYIKwYBBQUH # AwgwDgYDVR0PAQH/BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4ICAQA9S6eO4HsfB00X # pOgPabcN3QZeyipgilcQSDZ8g6VCv9FVHzdSq9XpAsljZSKNWSClhJEz5Oo3Um/t # aPnobF+8CkAdkcLQhLdkShfr91kzy9vDPrOmlCA2FQ9jVhFaat2QM33z1p+GCP5t # uvirFaUWzUWVDFOpo/O5zDpzoPYtTr0cFg3uXaRLT54UQ3Y4uPYXqn6wunZtUQRM # iJMzxpUlvdfWGUtCvnW3eDBikDkix1XE98VcYIz2+5fdcvrHVeUarGXy4LRtwzmw # psCtUh7tR6whCrVYkb6FudBdWM7TVvji7pGgfjesgnASaD/ChLux66PGwaIaF+xL # zk0bNxsAj0uhd6QdWr6TT39m/SNZ1/UXU7kzEod0vAY3mIn8X5A4I+9/e1nBNpUR # J6YiDKQd5YVgxsuZCWv4Qwb0mXhHIe9CubfSqZjvDawf2I229N3LstDJUSr1vGFB # 8iQ5W8ZLM5PwT8vtsKEBwHEYmwsuWmsxkimIF5BQbSzg9wz1O6jdWTxGG0OUt1cX # WOMJUJzyEH4WSKZHOx53qcAvD9h0U6jEF2fuBjtJ/QDrWbb4urvAfrvqNn9lH7gV # PplqNPDIvQ8DkZ3lvbQsYqlz617e76ga7SY0w71+QP165CPdzUY36et2Sm4pvspE # K8hllq3IYcyX0v897+X9YeecM1Pb1jCCB3EwggVZoAMCAQICEzMAAAAVxedrngKb # SZkAAAAAABUwDQYJKoZIhvcNAQELBQAwgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQI # EwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3Nv # ZnQgQ29ycG9yYXRpb24xMjAwBgNVBAMTKU1pY3Jvc29mdCBSb290IENlcnRpZmlj # YXRlIEF1dGhvcml0eSAyMDEwMB4XDTIxMDkzMDE4MjIyNVoXDTMwMDkzMDE4MzIy # NVowfDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcT # B1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UE # AxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAgUENBIDIwMTAwggIiMA0GCSqGSIb3DQEB # AQUAA4ICDwAwggIKAoICAQDk4aZM57RyIQt5osvXJHm9DtWC0/3unAcH0qlsTnXI # yjVX9gF/bErg4r25PhdgM/9cT8dm95VTcVrifkpa/rg2Z4VGIwy1jRPPdzLAEBjo # YH1qUoNEt6aORmsHFPPFdvWGUNzBRMhxXFExN6AKOG6N7dcP2CZTfDlhAnrEqv1y # aa8dq6z2Nr41JmTamDu6GnszrYBbfowQHJ1S/rboYiXcag/PXfT+jlPP1uyFVk3v # 3byNpOORj7I5LFGc6XBpDco2LXCOMcg1KL3jtIckw+DJj361VI/c+gVVmG1oO5pG # ve2krnopN6zL64NF50ZuyjLVwIYwXE8s4mKyzbnijYjklqwBSru+cakXW2dg3viS # kR4dPf0gz3N9QZpGdc3EXzTdEonW/aUgfX782Z5F37ZyL9t9X4C626p+Nuw2TPYr # bqgSUei/BQOj0XOmTTd0lBw0gg/wEPK3Rxjtp+iZfD9M269ewvPV2HM9Q07BMzlM # jgK8QmguEOqEUUbi0b1qGFphAXPKZ6Je1yh2AuIzGHLXpyDwwvoSCtdjbwzJNmSL # W6CmgyFdXzB0kZSU2LlQ+QuJYfM2BjUYhEfb3BvR/bLUHMVr9lxSUV0S2yW6r1AF # emzFER1y7435UsSFF5PAPBXbGjfHCBUYP3irRbb1Hode2o+eFnJpxq57t7c+auIu # rQIDAQABo4IB3TCCAdkwEgYJKwYBBAGCNxUBBAUCAwEAATAjBgkrBgEEAYI3FQIE # FgQUKqdS/mTEmr6CkTxGNSnPEP8vBO4wHQYDVR0OBBYEFJ+nFV0AXmJdg/Tl0mWn # G1M1GelyMFwGA1UdIARVMFMwUQYMKwYBBAGCN0yDfQEBMEEwPwYIKwYBBQUHAgEW # M2h0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMvRG9jcy9SZXBvc2l0b3J5 # Lmh0bTATBgNVHSUEDDAKBggrBgEFBQcDCDAZBgkrBgEEAYI3FAIEDB4KAFMAdQBi # AEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBTV # 9lbLj+iiXGJo0T2UkFvXzpoYxDBWBgNVHR8ETzBNMEugSaBHhkVodHRwOi8vY3Js # Lm1pY3Jvc29mdC5jb20vcGtpL2NybC9wcm9kdWN0cy9NaWNSb29DZXJBdXRfMjAx # MC0wNi0yMy5jcmwwWgYIKwYBBQUHAQEETjBMMEoGCCsGAQUFBzAChj5odHRwOi8v # d3d3Lm1pY3Jvc29mdC5jb20vcGtpL2NlcnRzL01pY1Jvb0NlckF1dF8yMDEwLTA2 # LTIzLmNydDANBgkqhkiG9w0BAQsFAAOCAgEAnVV9/Cqt4SwfZwExJFvhnnJL/Klv # 6lwUtj5OR2R4sQaTlz0xM7U518JxNj/aZGx80HU5bbsPMeTCj/ts0aGUGCLu6WZn # OlNN3Zi6th542DYunKmCVgADsAW+iehp4LoJ7nvfam++Kctu2D9IdQHZGN5tggz1 # bSNU5HhTdSRXud2f8449xvNo32X2pFaq95W2KFUn0CS9QKC/GbYSEhFdPSfgQJY4 # rPf5KYnDvBewVIVCs/wMnosZiefwC2qBwoEZQhlSdYo2wh3DYXMuLGt7bj8sCXgU # 6ZGyqVvfSaN0DLzskYDSPeZKPmY7T7uG+jIa2Zb0j/aRAfbOxnT99kxybxCrdTDF # NLB62FD+CljdQDzHVG2dY3RILLFORy3BFARxv2T5JL5zbcqOCb2zAVdJVGTZc9d/ # HltEAY5aGZFrDZ+kKNxnGSgkujhLmm77IVRrakURR6nxt67I6IleT53S0Ex2tVdU # CbFpAUR+fKFhbHP+CrvsQWY9af3LwUFJfn6Tvsv4O+S3Fb+0zj6lMVGEvL8CwYKi # excdFYmNcP7ntdAoGokLjzbaukz5m/8K6TT4JDVnK+ANuOaMmdbhIurwJ0I9JZTm # dHRbatGePu1+oDEzfbzL6Xu/OHBE0ZDxyKs6ijoIYn/ZcGNTTY3ugm2lBRDBcQZq # ELQdVTNYs6FwZvKhggNNMIICNQIBATCB+aGB0aSBzjCByzELMAkGA1UEBhMCVVMx # EzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoT # FU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjElMCMGA1UECxMcTWljcm9zb2Z0IEFtZXJp # Y2EgT3BlcmF0aW9uczEnMCUGA1UECxMeblNoaWVsZCBUU1MgRVNOOkYwMDItMDVF # MC1EOTQ3MSUwIwYDVQQDExxNaWNyb3NvZnQgVGltZS1TdGFtcCBTZXJ2aWNloiMK # AQEwBwYFKw4DAhoDFQBri943cFLH2TfQEfB05SLICg74CKCBgzCBgKR+MHwxCzAJ # BgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25k # MR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMTHU1pY3Jv # c29mdCBUaW1lLVN0YW1wIFBDQSAyMDEwMA0GCSqGSIb3DQEBCwUAAgUA6Xe0WjAi # GA8yMDI0MDIxNDIxNTEyMloYDzIwMjQwMjE1MjE1MTIyWjB0MDoGCisGAQQBhFkK # BAExLDAqMAoCBQDpd7RaAgEAMAcCAQACAgOvMAcCAQACAhObMAoCBQDpeQXaAgEA # MDYGCisGAQQBhFkKBAIxKDAmMAwGCisGAQQBhFkKAwKgCjAIAgEAAgMHoSChCjAI # AgEAAgMBhqAwDQYJKoZIhvcNAQELBQADggEBAIxSX27imjK63CaUzaWsFUY6JWFo # 50XIZzEdsAw4VbiiAWzawl26XUgHOMjzm8KAgqDdbOcVOb4DaWrkgAfGo5/arWNQ # Kf4u8AU3/ktAYo2pNbdhNtgZvPq5F7o5xVRkNVsoAFVSrFwT8u2V7aYl5iEBJnuk # 7yT1u88LfP7b/5rLmecohGVIfyUlERkBcxuD83YdrxIuAeIDKLivh93opf3AwO/w # LoGrxE7ndKAhj9qsoSXdItGRG673gB96pL5D0qm7FSi6nsgwW30o+JiahsH+pZ8D # +zwEWJXS/X8GzO6W3ewEiy1UYtvpPr0aHRvLpxUI6oz/Y78ZZFpWaXsZyw4xggQN # MIIECQIBATCBkzB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQ # MA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9u # MSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMAITMwAAAfI+ # MtdkrHCRlAABAAAB8jANBglghkgBZQMEAgEFAKCCAUowGgYJKoZIhvcNAQkDMQ0G # CyqGSIb3DQEJEAEEMC8GCSqGSIb3DQEJBDEiBCDDy70SJEG4lIPKRyWNI/MwtN4P # WITowt3vnm0k8O5AKzCB+gYLKoZIhvcNAQkQAi8xgeowgecwgeQwgb0EIPjaPh0u # MVJc04+Y4Ru5BUUbHE4suZ6nRHSUu0XXSkNEMIGYMIGApH4wfDELMAkGA1UEBhMC # VVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNV # BAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRp # bWUtU3RhbXAgUENBIDIwMTACEzMAAAHyPjLXZKxwkZQAAQAAAfIwIgQgo5cZAZ8N # XK+0AvIrexWlTwx+wsl7tGKk6vf3QLnuV7QwDQYJKoZIhvcNAQELBQAEggIAfx0o # HGmwFmURsbrD3W35OFSW/BRid0dCyBHqtFhlq0+YL5S/dZrgUXJ0rVJahh5NZBzt # JetmBeHFx5Va4SW1aWHGhgJu6c5kfA0YTHZANLo1u5TWw3ImhfYNxYX/drpYGiRE # NCIv/2cb5IdmtDfBHRvseg1DK0MJOQSmFXMXB0hgZ/JPcMx+EqmT+djrQseEstPA # 2lxnvc6uoZcbiMe42qoUCRkFbeR9lji/zWB/i3ywi3iZ1Er6lUwb5vjFj8MhIrtl # 3/iBk2DegdfODKwkUzjYzAnhDcch/ghE1l/eOhKBufGgtTBrEx4rdEkE5p8ZYz/p # mJqQnhwYks/gDul90PDWEq9RliYXLIYqjeO62e68B7JmqryKla+U1DSxvQ0X8Hld # U0K3ENT0R6+p8DDUxxPP3basj6rv1efi4ZRMj3pzvG9kiKwYBZuX2YlKTzoD7Q1E # HwaaDouGaBFyM+a9R7rh+JOr3DsHMc4OubEDmwoA9Bzp6t3RJwd5Wgt9z/GJGXlq # S/+/hXaB/oOakAjLbUD/5eE7yMXuaaXSW/kKkN5O7klTKn8PwtZwmvFR5hw+yfQb # zDe3R9Epg1pG/8NxjwkE/bW0KSsN1e4gIN3vmIPMV6P4Tz/499NWIe2WgxOJQBYH # BiJ0YW+4v0+synIyO8WMcTNh4XYF7gA9P5gBGfI= # SIG # End signature block |