Framework/Helpers/ContextHelper.ps1
|
<#
.Description # Context class for indenity details. # Provides functionality to login, create context, get token for api calls #> using namespace Microsoft.IdentityModel.Clients.ActiveDirectory class ContextHelper { static hidden [Context] $currentContext; static hidden [bool] $IsOAuthScan; static hidden [bool] $PromptForLogin; #This will be used to carry current org under current context. static hidden [string] $orgName; static hidden [bool] $IsBatchScan; static hidden [int] $PSVersion = $null; static hidden $appObj = $null; static hidden $Account = $null; static hidden $IsPATUsed = $false; ContextHelper() { if(-not [string]::IsNullOrWhiteSpace($env:RefreshToken) -and -not [string]::IsNullOrWhiteSpace($env:ClientSecret)) # this if block will be executed for OAuth based scan { [ContextHelper]::IsOAuthScan = $true } if (![ContextHelper]::PSVersion) { [ContextHelper]::PSVersion = ($global:PSVersionTable).PSVersion.major } } ContextHelper([bool] $IsBatchScan) { if(-not [string]::IsNullOrWhiteSpace($env:RefreshToken) -and -not [string]::IsNullOrWhiteSpace($env:ClientSecret)) # this if block will be executed for OAuth based scan { [ContextHelper]::IsOAuthScan = $true } [ContextHelper]::IsBatchScan=$true; if (![ContextHelper]::PSVersion) { [ContextHelper]::PSVersion = ($global:PSVersionTable).PSVersion.major } } hidden static [PSObject] GetCurrentContext() { return [ContextHelper]::GetCurrentContext($false); } hidden static [PSObject] GetCurrentContext([bool]$authNRefresh) { if( (-not [ContextHelper]::currentContext) -or $authNRefresh -or [ContextHelper]::PromptForLogin) { [ContextHelper]::IsPATUsed = $false $clientId = [Constants]::DefaultClientId ; $replyUri = [Constants]::DefaultReplyUri; $adoResourceId = [Constants]::DefaultADOResourceId; [AuthenticationContext] $ctx = $null; $ctx = [AuthenticationContext]::new("https://login.windows.net/common"); $result = $null; if([ContextHelper]::IsOAuthScan) { # this if block will be executed for OAuth based scan $tokenInfo = [ContextHelper]::GetOAuthAccessToken() [ContextHelper]::ConvertToContextObject($tokenInfo) } else { if ([ContextHelper]::PSVersion -gt 5) { [string[]] $Scopes = "$adoResourceId/.default"; [Microsoft.Identity.Client.IPublicClientApplication] $app = [Microsoft.Identity.Client.PublicClientApplicationBuilder]::Create($ClientId).Build(); if(![ContextHelper]::appObj) { [ContextHelper]::appObj = $app } if (![ContextHelper]::Account) { [ContextHelper]::Account = $app.GetAccountsAsync().GetAwaiter().GetResult() | Select-Object -First 1 } $tokenSource = New-Object System.Threading.CancellationTokenSource $taskAuthenticationResult=$null try { if ( !$authNRefresh -and [ContextHelper]::PromptForLogin) { if ([ContextHelper]::PromptForLogin) { $AquireTokenParameters = $app.AcquireTokenInteractive($Scopes) $taskAuthenticationResult = $AquireTokenParameters.ExecuteAsync($tokenSource.Token) } else { $AquireTokenParameters = $app.AcquireTokenSilent($Scopes, [ContextHelper]::Account) $taskAuthenticationResult = $AquireTokenParameters.ExecuteAsync($tokenSource.Token) if ($taskAuthenticationResult.exception.message -like "*errors occurred*") { $AquireTokenParameters = $app.AcquireTokenInteractive($Scopes) $taskAuthenticationResult = $AquireTokenParameters.ExecuteAsync($tokenSource.Token) } } } else { if ([ContextHelper]::appObj) { $AquireTokenParameters = [ContextHelper]::appObj.AcquireTokenSilent($Scopes, [ContextHelper]::Account) } else { $AquireTokenParameters = $app.AcquireTokenSilent($Scopes, [ContextHelper]::Account) } $taskAuthenticationResult = $AquireTokenParameters.ExecuteAsync($tokenSource.Token) if ($taskAuthenticationResult.exception.message -like "*errors occurred*") { $AquireTokenParameters = $app.AcquireTokenInteractive($Scopes) $taskAuthenticationResult = $AquireTokenParameters.ExecuteAsync($tokenSource.Token) } } } catch { $AquireTokenParameters = $app.AcquireTokenInteractive($Scopes) $taskAuthenticationResult = $AquireTokenParameters.ExecuteAsync($tokenSource.Token) } if ($taskAuthenticationResult.Result) { $result = $taskAuthenticationResult.Result; } if (![ContextHelper]::Account) { [ContextHelper]::Account = $app.GetAccountsAsync().GetAwaiter().GetResult() | Select-Object -First 1 } [ContextHelper]::appObj = $app; } else { if ( !$authNRefresh -and [ContextHelper]::PromptForLogin) { if ([ContextHelper]::PromptForLogin) { $PromptBehavior = [Microsoft.IdentityModel.Clients.ActiveDirectory.PromptBehavior]::Always $PlatformParameters = New-Object Microsoft.IdentityModel.Clients.ActiveDirectory.PlatformParameters -ArgumentList $PromptBehavior $result = $ctx.AcquireTokenAsync($adoResourceId, $clientId, [Uri]::new($replyUri),$PlatformParameters).Result; [ContextHelper]::PromptForLogin = $false } else { $PromptBehavior = [Microsoft.IdentityModel.Clients.ActiveDirectory.PromptBehavior]::Auto $PlatformParameters = New-Object Microsoft.IdentityModel.Clients.ActiveDirectory.PlatformParameters -ArgumentList $PromptBehavior $result = $ctx.AcquireTokenAsync($adoResourceId, $clientId, [Uri]::new($replyUri),$PlatformParameters).Result; } } else { $PromptBehavior = [Microsoft.IdentityModel.Clients.ActiveDirectory.PromptBehavior]::Auto $PlatformParameters = New-Object Microsoft.IdentityModel.Clients.ActiveDirectory.PlatformParameters -ArgumentList $PromptBehavior $result = $ctx.AcquireTokenAsync($adoResourceId, $clientId, [Uri]::new($replyUri),$PlatformParameters).Result; } } [ContextHelper]::ConvertToContextObject($result) } } return [ContextHelper]::currentContext } hidden static [PSObject] GetCurrentContext([System.Security.SecureString] $PATToken) { if(-not [ContextHelper]::currentContext) { [ContextHelper]::IsPATUsed = $true; [ContextHelper]::ConvertToContextObject($PATToken) } return [ContextHelper]::currentContext } hidden static [PSObject] GetOAuthAccessToken() { $tokenInfo = @{}; try{ $url = "https://app.vssps.visualstudio.com/oauth2/token" # exchange refresh token with new access token $body = "client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer&client_assertion=$($env:ClientSecret)&grant_type=refresh_token&assertion=$($env:RefreshToken)&redirect_uri=https://localhost/" $res = Invoke-WebRequest -Uri $url -ContentType "application/x-www-form-urlencoded" -Method POST -Body $body $response = $res.Content | ConvertFrom-Json $tokenInfo['AccessToken'] = $response.access_token $expiry = $response.expires_in $request_time = get-date $tokenInfo['ExpiresOn'] = $request_time.AddSeconds($expiry) $refreshToken = ConvertTo-SecureString $response.refresh_token -AsPlainText -Force #Update refresh token if it is expiring in next 1 day $updateTokenInKV = $false $secretName = "RefreshTokenForADOScan" $tokenSecret = Get-AzKeyVaultSecret -VaultName $env:KeyVaultName -Name $secretName if (-not [string]::IsNullOrEmpty($tokenSecret) -and [Helpers]::CheckMember($tokenSecret,"Expires")) { if ($tokenSecret.Expires -le [DateTime]::Now.AddDays(1)) { $updateTokenInKV = $true } } else { $updateTokenInKV = $true } if ($updateTokenInKV -eq $true) { $RefreshTokenExpiresInDays = [Constants]::RefreshTokenExpiresInDays; $ExpiryDate = [DateTime]::Now.AddDays($RefreshTokenExpiresInDays) Set-AzKeyVaultSecret -VaultName $env:KeyVaultName -Name $secretName -SecretValue $refreshToken -Expires $ExpiryDate | out-null } } catch{ write-Host "Error fetching OAuth access token" Write-Host $_ return $null } return $tokenInfo } static [string] GetAccessToken([string] $resourceAppIdUri) { return [ContextHelper]::GetAccessToken() } static [string] GetAccessToken() { if([ContextHelper]::currentContext) { # Validate if token is PAT using lenght (PAT has lengh of 52), if PAT dont go to refresh login session. #TODO: Change code to find token type supplied PAT or login session token #if token expiry is within 2 min, refresh. ([ContextHelper]::currentContext.AccessToken.length -ne 52) if ( [ContextHelper]::IsPATUsed -eq $false -and ([ContextHelper]::currentContext.TokenExpireTimeLocal -le [DateTime]::Now.AddMinutes(2))) { [ContextHelper]::GetCurrentContext($true); } return [ContextHelper]::currentContext.AccessToken } else { return $null } } static [string] GetAccessToken([string] $Uri, [string] $tenantId) { $rmContext = Get-AzContext if (-not $rmContext) { throw ([SuppressedException]::new(("No Azure login found"), [SuppressedExceptionType]::InvalidOperation)) } if ([string]::IsNullOrEmpty($tenantId) -and [Helpers]::CheckMember($rmContext,"Tenant")) { $tenantId = $rmContext.Tenant.Id } $authResult = [Microsoft.Azure.Commands.Common.Authentication.AzureSession]::Instance.AuthenticationFactory.Authenticate( $rmContext.Account, $rmContext.Environment, $tenantId, [System.Security.SecureString] $null, "Never", $null, $Uri); if (-not ($authResult -and (-not [string]::IsNullOrWhiteSpace($authResult.AccessToken)))) { throw ([SuppressedException]::new(("Unable to get access token. Authentication Failed."), [SuppressedExceptionType]::Generic)) } return $authResult.AccessToken; } static [string] GetGraphAccessToken($useAzContext) { $accessToken = '' try { Write-Host "Graph access is required to evaluate some controls. Attempting to acquire graph token." -ForegroundColor Cyan # In CA mode, we use azure context to fetch the graph access token. if ($useAzContext) { #getting azure context because graph access token requires azure environment details. $Context = @(Get-AzContext -ErrorAction SilentlyContinue ) if ($Context.count -eq 0) { Connect-AzAccount -ErrorAction Stop $Context = @(Get-AzContext -ErrorAction SilentlyContinue) } if ($null -eq $Context) { throw "Unable to acquire Graph token. The signed-in account may not have Graph permission. Control results for controls that depend on AAD group expansion may not be accurate." } else { $graphUri = "https://graph.microsoft.com" $authResult = [Microsoft.Azure.Commands.Common.Authentication.AzureSession]::Instance.AuthenticationFactory.Authenticate( $Context.Account, $Context.Environment, $Context.Tenant.Id, [System.Security.SecureString] $null, "Never", $null, $graphUri); if (-not ($authResult -and (-not [string]::IsNullOrWhiteSpace($authResult.AccessToken)))) { throw ([SuppressedException]::new(("Unable to acquire Graph token. The signed-in account may not have Graph permission. Control results for controls that depend on AAD group expansion may not be accurate."), [SuppressedExceptionType]::Generic)) } $accessToken = $authResult.AccessToken; } } else { # generating graph access token using default VSTS client. $clientId = [Constants]::DefaultClientId; $replyUri = [Constants]::DefaultReplyUri; $adoResourceId = "https://graph.microsoft.com/"; if ([ContextHelper]::PSVersion -gt 5) { $result = [ContextHelper]::GetGraphAccess() } else { [AuthenticationContext] $ctx = [AuthenticationContext]::new("https://login.windows.net/common"); [AuthenticationResult] $result = $null; $PromptBehavior = [Microsoft.IdentityModel.Clients.ActiveDirectory.PromptBehavior]::Auto $PlatformParameters = New-Object Microsoft.IdentityModel.Clients.ActiveDirectory.PlatformParameters -ArgumentList $PromptBehavior $result = $ctx.AcquireTokenAsync($adoResourceId, $clientId, [Uri]::new($replyUri),$PlatformParameters).Result; } $accessToken = $result.AccessToken } Write-Host "Successfully acquired graph access token." -ForegroundColor Cyan } catch { Write-Host "Unable to acquire Graph token. The signed-in account may not have Graph permission. Control results for controls that depend on AAD group expansion may not be accurate." -ForegroundColor Red Write-Host "Continuing without graph access." -ForegroundColor Yellow return $null } return $accessToken; } static [string] GetDataExplorerAccessToken($useAzContext) { $accessToken = '' try { Write-Host "Graph access is required to evaluate some controls. Attempting to acquire graph token." -ForegroundColor Cyan # generating graph access token using default VSTS client. if ($useAzContext) { #getting azure context because graph access token requires azure environment details. $Context = @(Get-AzContext -ErrorAction SilentlyContinue ) if ($Context.count -eq 0) { Connect-AzAccount -ErrorAction Stop $Context = @(Get-AzContext -ErrorAction SilentlyContinue) } if ($null -eq $Context) { throw "Unable to acquire Graph token. The signed-in account may not have Graph permission. Control results for controls that depend on AAD group expansion may not be accurate." } else { $graphUri = "https://help.kusto.windows.net" $authResult = [Microsoft.Azure.Commands.Common.Authentication.AzureSession]::Instance.AuthenticationFactory.Authenticate( $Context.Account, $Context.Environment, $Context.Tenant.Id, [System.Security.SecureString] $null, "Never", $null, $graphUri); if (-not ($authResult -and (-not [string]::IsNullOrWhiteSpace($authResult.AccessToken)))) { throw ([SuppressedException]::new(("Unable to acquire Graph token. The signed-in account may not have Graph permission. Control results for controls that depend on AAD group expansion may not be accurate."), [SuppressedExceptionType]::Generic)) } $accessToken = $authResult.AccessToken; } } else{ $clientId = [Constants]::DefaultClientId; $replyUri = [Constants]::DefaultReplyUri; $adoResourceId = "https://help.kusto.windows.net"; if ([ContextHelper]::PSVersion -gt 5) { $result = [ContextHelper]::GetGraphAccessForDataExplorer() $accessToken = $result.AccessToken } else { # generating data explorer token using default VSTS client. # this will generate token for local user and generates popup for user login. $clientId = [Constants]::DefaultClientId; $replyUri = [Constants]::DefaultReplyUri; $adoResourceId = "https://help.kusto.windows.net"; if ([ContextHelper]::PSVersion -gt 5) { $result = [ContextHelper]::GetGraphAccess() } else { [AuthenticationContext] $ctx = [AuthenticationContext]::new("https://login.windows.net/common"); [AuthenticationResult] $result = $null; $PromptBehavior = [Microsoft.IdentityModel.Clients.ActiveDirectory.PromptBehavior]::Always $PlatformParameters = New-Object Microsoft.IdentityModel.Clients.ActiveDirectory.PlatformParameters -ArgumentList $PromptBehavior $result = $ctx.AcquireTokenAsync($adoResourceId, $clientId, [Uri]::new($replyUri),$PlatformParameters).Result; [ContextHelper]::PromptForLogin = $false } $accessToken = $result.AccessToken } } } catch { return $null } return $accessToken; } static [string] GetLAWSAccessToken() { $accessToken = '' try { #getting azure context because graph access token requires azure environment details. $Context = @(Get-AzContext -ErrorAction SilentlyContinue ) if ($Context.count -eq 0) { Connect-AzAccount -ErrorAction Stop $Context = @(Get-AzContext -ErrorAction SilentlyContinue) } if ($null -eq $Context) { throw "Unable to acquire Graph token. The signed-in account may not have Graph permission. Control results for controls that depend on AAD group expansion may not be accurate." } else { $authResult = [Microsoft.Azure.Commands.Common.Authentication.AzureSession]::Instance.AuthenticationFactory.Authenticate( $Context.Account, $Context.Environment, $Context.Tenant.Id, [System.Security.SecureString] $null, "Never", $null, "https://api.loganalytics.io/"); if (-not ($authResult -and (-not [string]::IsNullOrWhiteSpace($authResult.AccessToken)))) { throw ([SuppressedException]::new(("Unable to acquire Graph token. The signed-in account may not have Graph permission. Control results for controls that depend on AAD group expansion may not be accurate."), [SuppressedExceptionType]::Generic)) } $accessToken = $authResult.AccessToken; } } catch { Write-Host "Unable to acquire Graph token. The signed-in account may not have Graph permission. Control results for controls that depend on AAD group expansion may not be accurate." -ForegroundColor Red Write-Host "Continuing without graph access." -ForegroundColor Yellow return $null } return $accessToken; } hidden static [PSobject] GetGraphAccess() { $rootConfigPath = [Constants]::AzSKAppFolderPath; $azskSettings = (Get-Content -Raw -Path (Join-Path $rootConfigPath "AzSKSettings.json")) | ConvertFrom-Json if ([ContextHelper]::IsPATUsed -and $azskSettings -and $azskSettings.LASource -ne "CICD") { $Context = @(Get-AzContext -ErrorAction SilentlyContinue) if ($null -eq $Context -or $Context.count -eq 0) { Connect-AzAccount -ErrorAction Stop $Context = @(Get-AzContext -ErrorAction SilentlyContinue) } if ($null -eq $Context) { throw } else { $graphUri = "https://graph.microsoft.com" $authResult = [Microsoft.Azure.Commands.Common.Authentication.AzureSession]::Instance.AuthenticationFactory.Authenticate( $Context.Account, $Context.Environment, $Context.Tenant.Id, [System.Security.SecureString] $null, "Never", $null, $graphUri); return $authResult; } } else { $ClientId = [Constants]::DefaultClientId [Microsoft.Identity.Client.IPublicClientApplication] $appGrapth = [Microsoft.Identity.Client.PublicClientApplicationBuilder]::Create($ClientId).Build(); if (![ContextHelper]::Account) { [ContextHelper]::Account = $appGrapth.GetAccountsAsync().GetAwaiter().GetResult() | Select-Object -First 1 } $tokenSource = New-Object System.Threading.CancellationTokenSource $taskAuthenticationResult=$null $AquireTokenParameters = $null; [string[]] $Scopes = "https://graph.microsoft.com/.default"; $AquireTokenParameters = [ContextHelper]::appObj.AcquireTokenSilent($Scopes, [ContextHelper]::Account) try { $taskAuthenticationResult = $AquireTokenParameters.ExecuteAsync($tokenSource.Token) if ( [Helpers]::CheckMember($taskAuthenticationResult, "exception.message") -and ($taskAuthenticationResult.exception.message -like "*errors occurred*")) { $AquireTokenParameters = $appGrapth.AcquireTokenInteractive($Scopes) $taskAuthenticationResult = $AquireTokenParameters.ExecuteAsync($tokenSource.Token) } } catch { $AquireTokenParameters = $appGrapth.AcquireTokenInteractive($Scopes) $taskAuthenticationResult = $AquireTokenParameters.ExecuteAsync($tokenSource.Token) } } return $taskAuthenticationResult.result; } hidden static [PSobject] GetGraphAccessForDataExplorer() { $rootConfigPath = [Constants]::AzSKAppFolderPath; $azskSettings = (Get-Content -Raw -Path (Join-Path $rootConfigPath "AzSKSettings.json")) | ConvertFrom-Json if ([ContextHelper]::IsPATUsed -and $azskSettings -and $azskSettings.LASource -ne "CICD") { $Context = @(Get-AzContext -ErrorAction SilentlyContinue) if ($null -eq $Context -or $Context.count -eq 0) { Connect-AzAccount -ErrorAction Stop $Context = @(Get-AzContext -ErrorAction SilentlyContinue) } if ($null -eq $Context) { throw } else { $graphUri = "https://help.kusto.windows.net" $authResult = [Microsoft.Azure.Commands.Common.Authentication.AzureSession]::Instance.AuthenticationFactory.Authenticate( $Context.Account, $Context.Environment, $Context.Tenant.Id, [System.Security.SecureString] $null, "Never", $null, $graphUri); return $authResult; } } else { $ClientId = [Constants]::DefaultClientId [Microsoft.Identity.Client.IPublicClientApplication] $appGrapth = [Microsoft.Identity.Client.PublicClientApplicationBuilder]::Create($ClientId).Build(); if (![ContextHelper]::Account) { [ContextHelper]::Account = $appGrapth.GetAccountsAsync().GetAwaiter().GetResult() | Select-Object -First 1 } $tokenSource = New-Object System.Threading.CancellationTokenSource $taskAuthenticationResult=$null $AquireTokenParameters = $null; [string[]] $Scopes = "https://help.kusto.windows.net"; $AquireTokenParameters = [ContextHelper]::appObj.AcquireTokenSilent($Scopes, [ContextHelper]::Account) try { $taskAuthenticationResult = $AquireTokenParameters.ExecuteAsync($tokenSource.Token) if ( [Helpers]::CheckMember($taskAuthenticationResult, "exception.message") -and ($taskAuthenticationResult.exception.message -like "*errors occurred*")) { $AquireTokenParameters = $appGrapth.AcquireTokenInteractive($Scopes) $taskAuthenticationResult = $AquireTokenParameters.ExecuteAsync($tokenSource.Token) } } catch { $AquireTokenParameters = $appGrapth.AcquireTokenInteractive($Scopes) $taskAuthenticationResult = $AquireTokenParameters.ExecuteAsync($tokenSource.Token) } } return $taskAuthenticationResult.result; } hidden [OrganizationContext] SetContext([string] $organizationName) { if((-not [string]::IsNullOrEmpty($organizationName))) { $OrganizationContext = [OrganizationContext]@{ OrganizationId = $organizationName; Scope = "/Organization/$organizationName"; OrganizationName = $organizationName; }; # $organizationId contains the organization name (due to framework). [ContextHelper]::orgName = $organizationName; [ContextHelper]::GetCurrentContext() } else { throw [SuppressedException] ("OrganizationName name [$organizationName] is either malformed or incorrect.") } return $OrganizationContext; } hidden [OrganizationContext] SetContext([string] $organizationName, [System.Security.SecureString] $PATToken) { if((-not [string]::IsNullOrEmpty($organizationName))) { $OrganizationContext = [OrganizationContext]@{ OrganizationId = $organizationName; Scope = "/Organization/$organizationName"; OrganizationName = $organizationName; }; # $organizationId contains the organization name (due to framework). [ContextHelper]::orgName = $organizationName; [ContextHelper]::GetCurrentContext($PATToken) } else { throw [SuppressedException] ("OrganizationName name [$organizationName] is either malformed or incorrect.") } return $OrganizationContext; } static [void] ResetCurrentContext() { } hidden static ConvertToContextObject([PSObject] $context) { $contextObj = [Context]::new() # We do not get ADO organization id as part of current context. Hence appending org name to both id and name param. $contextObj.Organization = [Organization]::new() $contextObj.Organization.Id = [ContextHelper]::orgName $contextObj.Organization.Name = [ContextHelper]::orgName if([ContextHelper]::IsOAuthScan) { # this if block will be executed for OAuth based scan $contextObj.Account.Id = [ContextHelper]::GetOAuthUserIdentity($context.AccessToken, $contextObj.Organization.Name) $contextObj.AccessToken = $context.AccessToken $contextObj.TokenExpireTimeLocal = $context.ExpiresOn } else { if ([ContextHelper]::PSVersion -gt 5) { $contextObj.Account.Id = $context.Account.username } else { $contextObj.Account.Id = $context.UserInfo.DisplayableId } $contextObj.Tenant.Id = $context.TenantId $contextObj.AccessToken = $context.AccessToken $contextObj.TokenExpireTimeLocal = $context.ExpiresOn.LocalDateTime #$contextObj.AccessToken = ConvertTo-SecureString -String $context.AccessToken -asplaintext -Force } [ContextHelper]::currentContext = $contextObj } hidden static [string] GetOAuthUserIdentity($accessToken, $orgName) { $apiURL = "https://dev.azure.com/{0}/_apis/connectionData" -f $orgName $headers =@{ Authorization = "Bearer $accesstoken"; "Content-Type"="application/json" }; try{ $responseObj = Invoke-RestMethod -Method Get -Uri $apiURL -Headers $headers -UseBasicParsing $descriptor = $responseObj.authenticatedUser.descriptor $userId = ($descriptor -split '\\')[-1] return $userId } catch{ return "" } } hidden static ConvertToContextObject([System.Security.SecureString] $patToken) { $contextObj = [Context]::new() $contextObj.Account.Id = [string]::Empty $contextObj.Tenant.Id = [string]::Empty $contextObj.AccessToken = [System.Net.NetworkCredential]::new("", $patToken).Password # We do not get ADO organization Id as part of current context. Hence appending org name to both Id and Name param. $contextObj.Organization = [Organization]::new() $contextObj.Organization.Id = [ContextHelper]::orgName $contextObj.Organization.Name = [ContextHelper]::orgName #$contextObj.AccessToken = $patToken #$contextObj.AccessToken = ConvertTo-SecureString -String $context.AccessToken -asplaintext -Force [ContextHelper]::currentContext = $contextObj try { $apiURL = "https://dev.azure.com/{0}/_apis/connectionData" -f [ContextHelper]::orgName #Note: cannot use this WRH method below due to ordering constraints during load in Framework.ps1 #$header = [WebRequestHelper]::GetAuthHeaderFromUri($apiURL); $user = "" $base64AuthInfo = [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(("{0}:{1}" -f $user, $contextObj.AccessToken))) $headers = @{ "Authorization"= ("Basic " + $base64AuthInfo); "Content-Type"="application/json" }; $responseObj = Invoke-RestMethod -Method Get -Uri $apiURL -Headers $headers -UseBasicParsing #If the token is valid, we get: "descriptor"="Microsoft.IdentityModel.Claims.ClaimsIdentity;72f988bf-86f1-41af-91ab-2d7cd011db47\xyz@microsoft.com" #Note that even for guest users, we get the host tenant (and not their native tenantId). E.g., "descriptor...;72f...47\pqr@live.com" #If the token is invalid, we get a diff object: "descriptor":"System:PublicAccess;aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa" $authNUserInfo = @(($responseObj.authenticatedUser.descriptor -split ';') -split '\\') #Check if the above split resulted in 3 elements (valid token case) if ($authNUserInfo.Count -eq 3) { $contextObj.Tenant.Id = $authNUserInfo[1] $contextObj.Account.Id = $authNUserInfo[2] } elseif ([Helpers]::CheckMember($responseObj.authenticatedUser,"customDisplayName")) { $contextObj.Account.Id = $responseObj.authenticatedUser.customDisplayName; } } catch { Write-Host "Organization not found: Incorrect organization name or account does not have necessary permission to access the organization. Use -ResetCredentials parameter in command to login with another account." -ForegroundColor Yellow throw [SuppressedException] "The remote server returned an error: (404) Not Found."; } } static [string] GetCurrentSessionUser() { $context = [ContextHelper]::GetCurrentContext() if ($null -ne $context) { return $context.Account.Id } else { return "NO_ACTIVE_SESSION" } } } # SIG # Begin signature block # MIIoKQYJKoZIhvcNAQcCoIIoGjCCKBYCAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCCydutU5ezsBoIe # MeCmOhe37H9nc7HK1lL/wQONbGGH9KCCDXYwggX0MIID3KADAgECAhMzAAADrzBA # DkyjTQVBAAAAAAOvMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMRMwEQYD # VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNpZ25p # bmcgUENBIDIwMTEwHhcNMjMxMTE2MTkwOTAwWhcNMjQxMTE0MTkwOTAwWjB0MQsw # CQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9u # ZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYDVQQDExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB # AQDOS8s1ra6f0YGtg0OhEaQa/t3Q+q1MEHhWJhqQVuO5amYXQpy8MDPNoJYk+FWA # hePP5LxwcSge5aen+f5Q6WNPd6EDxGzotvVpNi5ve0H97S3F7C/axDfKxyNh21MG # 0W8Sb0vxi/vorcLHOL9i+t2D6yvvDzLlEefUCbQV/zGCBjXGlYJcUj6RAzXyeNAN # xSpKXAGd7Fh+ocGHPPphcD9LQTOJgG7Y7aYztHqBLJiQQ4eAgZNU4ac6+8LnEGAL # go1ydC5BJEuJQjYKbNTy959HrKSu7LO3Ws0w8jw6pYdC1IMpdTkk2puTgY2PDNzB # tLM4evG7FYer3WX+8t1UMYNTAgMBAAGjggFzMIIBbzAfBgNVHSUEGDAWBgorBgEE # AYI3TAgBBggrBgEFBQcDAzAdBgNVHQ4EFgQURxxxNPIEPGSO8kqz+bgCAQWGXsEw # RQYDVR0RBD4wPKQ6MDgxHjAcBgNVBAsTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEW # MBQGA1UEBRMNMjMwMDEyKzUwMTgyNjAfBgNVHSMEGDAWgBRIbmTlUAXTgqoXNzci # tW2oynUClTBUBgNVHR8ETTBLMEmgR6BFhkNodHRwOi8vd3d3Lm1pY3Jvc29mdC5j # b20vcGtpb3BzL2NybC9NaWNDb2RTaWdQQ0EyMDExXzIwMTEtMDctMDguY3JsMGEG # CCsGAQUFBwEBBFUwUzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQu # Y29tL3BraW9wcy9jZXJ0cy9NaWNDb2RTaWdQQ0EyMDExXzIwMTEtMDctMDguY3J0 # MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIBAISxFt/zR2frTFPB45Yd # mhZpB2nNJoOoi+qlgcTlnO4QwlYN1w/vYwbDy/oFJolD5r6FMJd0RGcgEM8q9TgQ # 2OC7gQEmhweVJ7yuKJlQBH7P7Pg5RiqgV3cSonJ+OM4kFHbP3gPLiyzssSQdRuPY # 1mIWoGg9i7Y4ZC8ST7WhpSyc0pns2XsUe1XsIjaUcGu7zd7gg97eCUiLRdVklPmp # XobH9CEAWakRUGNICYN2AgjhRTC4j3KJfqMkU04R6Toyh4/Toswm1uoDcGr5laYn # TfcX3u5WnJqJLhuPe8Uj9kGAOcyo0O1mNwDa+LhFEzB6CB32+wfJMumfr6degvLT # e8x55urQLeTjimBQgS49BSUkhFN7ois3cZyNpnrMca5AZaC7pLI72vuqSsSlLalG # OcZmPHZGYJqZ0BacN274OZ80Q8B11iNokns9Od348bMb5Z4fihxaBWebl8kWEi2O # PvQImOAeq3nt7UWJBzJYLAGEpfasaA3ZQgIcEXdD+uwo6ymMzDY6UamFOfYqYWXk # ntxDGu7ngD2ugKUuccYKJJRiiz+LAUcj90BVcSHRLQop9N8zoALr/1sJuwPrVAtx # HNEgSW+AKBqIxYWM4Ev32l6agSUAezLMbq5f3d8x9qzT031jMDT+sUAoCw0M5wVt # CUQcqINPuYjbS1WgJyZIiEkBMIIHejCCBWKgAwIBAgIKYQ6Q0gAAAAAAAzANBgkq # hkiG9w0BAQsFADCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24x # EDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlv # bjEyMDAGA1UEAxMpTWljcm9zb2Z0IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5 # IDIwMTEwHhcNMTEwNzA4MjA1OTA5WhcNMjYwNzA4MjEwOTA5WjB+MQswCQYDVQQG # EwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwG # A1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSgwJgYDVQQDEx9NaWNyb3NvZnQg # Q29kZSBTaWduaW5nIFBDQSAyMDExMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC # CgKCAgEAq/D6chAcLq3YbqqCEE00uvK2WCGfQhsqa+laUKq4BjgaBEm6f8MMHt03 # a8YS2AvwOMKZBrDIOdUBFDFC04kNeWSHfpRgJGyvnkmc6Whe0t+bU7IKLMOv2akr # rnoJr9eWWcpgGgXpZnboMlImEi/nqwhQz7NEt13YxC4Ddato88tt8zpcoRb0Rrrg # OGSsbmQ1eKagYw8t00CT+OPeBw3VXHmlSSnnDb6gE3e+lD3v++MrWhAfTVYoonpy # 4BI6t0le2O3tQ5GD2Xuye4Yb2T6xjF3oiU+EGvKhL1nkkDstrjNYxbc+/jLTswM9 # sbKvkjh+0p2ALPVOVpEhNSXDOW5kf1O6nA+tGSOEy/S6A4aN91/w0FK/jJSHvMAh # dCVfGCi2zCcoOCWYOUo2z3yxkq4cI6epZuxhH2rhKEmdX4jiJV3TIUs+UsS1Vz8k # A/DRelsv1SPjcF0PUUZ3s/gA4bysAoJf28AVs70b1FVL5zmhD+kjSbwYuER8ReTB # w3J64HLnJN+/RpnF78IcV9uDjexNSTCnq47f7Fufr/zdsGbiwZeBe+3W7UvnSSmn # Eyimp31ngOaKYnhfsi+E11ecXL93KCjx7W3DKI8sj0A3T8HhhUSJxAlMxdSlQy90 # lfdu+HggWCwTXWCVmj5PM4TasIgX3p5O9JawvEagbJjS4NaIjAsCAwEAAaOCAe0w # ggHpMBAGCSsGAQQBgjcVAQQDAgEAMB0GA1UdDgQWBBRIbmTlUAXTgqoXNzcitW2o # ynUClTAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTALBgNVHQ8EBAMCAYYwDwYD # VR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBRyLToCMZBDuRQFTuHqp8cx0SOJNDBa # BgNVHR8EUzBRME+gTaBLhklodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL2Ny # bC9wcm9kdWN0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFfMDNfMjIuY3JsMF4GCCsG # AQUFBwEBBFIwUDBOBggrBgEFBQcwAoZCaHR0cDovL3d3dy5taWNyb3NvZnQuY29t # L3BraS9jZXJ0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFfMDNfMjIuY3J0MIGfBgNV # HSAEgZcwgZQwgZEGCSsGAQQBgjcuAzCBgzA/BggrBgEFBQcCARYzaHR0cDovL3d3 # dy5taWNyb3NvZnQuY29tL3BraW9wcy9kb2NzL3ByaW1hcnljcHMuaHRtMEAGCCsG # AQUFBwICMDQeMiAdAEwAZQBnAGEAbABfAHAAbwBsAGkAYwB5AF8AcwB0AGEAdABl # AG0AZQBuAHQALiAdMA0GCSqGSIb3DQEBCwUAA4ICAQBn8oalmOBUeRou09h0ZyKb # C5YR4WOSmUKWfdJ5DJDBZV8uLD74w3LRbYP+vj/oCso7v0epo/Np22O/IjWll11l # hJB9i0ZQVdgMknzSGksc8zxCi1LQsP1r4z4HLimb5j0bpdS1HXeUOeLpZMlEPXh6 # I/MTfaaQdION9MsmAkYqwooQu6SpBQyb7Wj6aC6VoCo/KmtYSWMfCWluWpiW5IP0 # wI/zRive/DvQvTXvbiWu5a8n7dDd8w6vmSiXmE0OPQvyCInWH8MyGOLwxS3OW560 # STkKxgrCxq2u5bLZ2xWIUUVYODJxJxp/sfQn+N4sOiBpmLJZiWhub6e3dMNABQam # ASooPoI/E01mC8CzTfXhj38cbxV9Rad25UAqZaPDXVJihsMdYzaXht/a8/jyFqGa # J+HNpZfQ7l1jQeNbB5yHPgZ3BtEGsXUfFL5hYbXw3MYbBL7fQccOKO7eZS/sl/ah # XJbYANahRr1Z85elCUtIEJmAH9AAKcWxm6U/RXceNcbSoqKfenoi+kiVH6v7RyOA # 9Z74v2u3S5fi63V4GuzqN5l5GEv/1rMjaHXmr/r8i+sLgOppO6/8MO0ETI7f33Vt # Y5E90Z1WTk+/gFcioXgRMiF670EKsT/7qMykXcGhiJtXcVZOSEXAQsmbdlsKgEhr # /Xmfwb1tbWrJUnMTDXpQzTGCGgkwghoFAgEBMIGVMH4xCzAJBgNVBAYTAlVTMRMw # EQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVN # aWNyb3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNp # Z25pbmcgUENBIDIwMTECEzMAAAOvMEAOTKNNBUEAAAAAA68wDQYJYIZIAWUDBAIB # BQCgga4wGQYJKoZIhvcNAQkDMQwGCisGAQQBgjcCAQQwHAYKKwYBBAGCNwIBCzEO # MAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkEMSIEIC7n8IWUnnc/rT75kENYxxNr # /0YnIMyS57msEe1bACwxMEIGCisGAQQBgjcCAQwxNDAyoBSAEgBNAGkAYwByAG8A # cwBvAGYAdKEagBhodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20wDQYJKoZIhvcNAQEB # BQAEggEAeBNG6jiqqvqEVOcweTPK5UB/JT0i3q03gSWAFxLjCZqPgFaoKeIC6DHQ # qn3a0hEkp+gZKe1lRj2AWF5gfT9Ar34cRTRDg8qIpq44GlT9kTlK6ldJWn/6byHc # JHh/foK02N5cML/VCccxDCGHcUUyap7bMB/uadvkWbgaoGftqYP3gtWavSegjyCu # +1U9P2IhrOHcFMRia4DtxNEwrVYHglaILLz7Yu3eGrWuInORRQhlVl3tmgy3yntX # Q/IrkT1DjgRWp8Kpn4Q0sJpaVx7oyzwgPaPU1kg+GfWBxko7BpU9VrKLNW63NA6N # 0hNVIR6UVDiDUOsPt25ziRADM5dUyaGCF5MwghePBgorBgEEAYI3AwMBMYIXfzCC # F3sGCSqGSIb3DQEHAqCCF2wwghdoAgEDMQ8wDQYJYIZIAWUDBAIBBQAwggFRBgsq # hkiG9w0BCRABBKCCAUAEggE8MIIBOAIBAQYKKwYBBAGEWQoDATAxMA0GCWCGSAFl # AwQCAQUABCAVNjAtIkTKD+N7y2nDNXlnA67ev6wKNTPtMdC18DbGBAIGZeentX/G # GBIyMDI0MDMxMTEwNDM0Mi4yOVowBIACAfSggdGkgc4wgcsxCzAJBgNVBAYTAlVT # MRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQK # ExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xJTAjBgNVBAsTHE1pY3Jvc29mdCBBbWVy # aWNhIE9wZXJhdGlvbnMxJzAlBgNVBAsTHm5TaGllbGQgVFNTIEVTTjo4RDAwLTA1 # RTAtRDk0NzElMCMGA1UEAxMcTWljcm9zb2Z0IFRpbWUtU3RhbXAgU2VydmljZaCC # EeowggcgMIIFCKADAgECAhMzAAAB88UKQ64DzB0xAAEAAAHzMA0GCSqGSIb3DQEB # CwUAMHwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQH # EwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xJjAkBgNV # BAMTHU1pY3Jvc29mdCBUaW1lLVN0YW1wIFBDQSAyMDEwMB4XDTIzMTIwNjE4NDYw # MloXDTI1MDMwNTE4NDYwMlowgcsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNo # aW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29y # cG9yYXRpb24xJTAjBgNVBAsTHE1pY3Jvc29mdCBBbWVyaWNhIE9wZXJhdGlvbnMx # JzAlBgNVBAsTHm5TaGllbGQgVFNTIEVTTjo4RDAwLTA1RTAtRDk0NzElMCMGA1UE # AxMcTWljcm9zb2Z0IFRpbWUtU3RhbXAgU2VydmljZTCCAiIwDQYJKoZIhvcNAQEB # BQADggIPADCCAgoCggIBAP6fptrhK4H2JI7lYyFueCpgBv7Pch/M2lkhZL+yB9eG # UtiYaexS2sZfc5VyD7ySsl2LG41Qw7tkA6oJmxdSM7PzNyfVpQPkPavY+HNUqMe2 # K9YaAaPjHnCpZ7VCi/e8zPxYewqx9p0iVaN8EydUpWiY7JtDv7aNzhp/OPZclBBK # YT2NBGgGiAPCaplqR5icjHQSY665w+vrvhPr9hpM+IhiUZ/5dXa7qhAcCQwbnrFg # 9CKSK1COM1YcAN8GpsERqqmlqy3GlE1ziJ3ZLXFVDFxAZeOcCB55Vts9sCgQuFvD # 7PdV61HC4QUlHNPqFtYSC/P0sxg9JuKgcvzD5mJajfG7DdHt8myp7umqyePC+eI/ # ux8TW61+LuTQ1Bkym+I6z//bf0fp4Dog5W0XzDrqKkTvURitxI2s4aVObm6qr6zI # 7W51k54ozTFjvbw1wYMWqeO4U9sQSbr561kp+1T2PEsJLOpc5U7N2oDw7ldrcTjW # PezsyVMXhDsFitCZunGqFO9+4iVjAjYDN47c6K9x7MnAGPYVCBOJUdpy8xAOBIDs # Tm/K1qTT4wsGbQBxbgg96vwDiA4YP2hKmubIC7UnrAWQGt/ZKOf6J42roXHS1aPw # imDe5C9y6DfuNJp0XqrWtQRqg8hqNkIZWT6jnCfqu35zB0nf1ERTjdpYLCfQL5fH # AgMBAAGjggFJMIIBRTAdBgNVHQ4EFgQUw2QV9qURUQyMDcCmhTH2oOsNCiQwHwYD # VR0jBBgwFoAUn6cVXQBeYl2D9OXSZacbUzUZ6XIwXwYDVR0fBFgwVjBUoFKgUIZO # aHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jcmwvTWljcm9zb2Z0JTIw # VGltZS1TdGFtcCUyMFBDQSUyMDIwMTAoMSkuY3JsMGwGCCsGAQUFBwEBBGAwXjBc # BggrBgEFBQcwAoZQaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0 # cy9NaWNyb3NvZnQlMjBUaW1lLVN0YW1wJTIwUENBJTIwMjAxMCgxKS5jcnQwDAYD # VR0TAQH/BAIwADAWBgNVHSUBAf8EDDAKBggrBgEFBQcDCDAOBgNVHQ8BAf8EBAMC # B4AwDQYJKoZIhvcNAQELBQADggIBAN/EHI/80f7v29zeWI7hzudcz9QoVwCbnDrU # XFHE/EJdFeWI2NnuwOo0/QPNRMFT21LkOqSpFKIhXXmPurx7p6WDz9wPdu/Sxbga # j0AwviWEDkwGDfDMp2KF8nQT8cipwdfXWbC1ulOILayABSHv45mdv1PAkTulsQE8 # lBTHG4KJLn+vSzZBWKkGaL/wwRbZ4iLiYn68cjkMJoAaihPgDXn/ug2P3PLNEAFN # QgI02tLX0p+vIQ3l2HmSo4bhCBxr3DovsIv5K65NmLRJnxmrrmIraFDwgwA5XF7A # KkPiVkvo0OxU1LAE1c5SWzE4A7cbTA1P5wG6D8cPjcHsTah1V+zofYRgJnFRLWuB # F4Z3a6pDGBDbCsy5NvnKQ76p37ieFp//1I3eB62ia1CfkjOF8KStpPUqdkXxMjfJ # 7Vnemd6vQKf+nXkfvA3AOQECJn7aLP01QR5gt8wab28SsNUENEyMawT8eqpjtBNJ # O0O9Tv7NnBE8aOJhhQVdP5WCR90eIWkrDjZeybQx8vlo5rfUXIIzXv+k9MgpNGIq # wMXfvRLAjBkCNXOIP/1CEQUG72miMVQs5m/O4vmJIQkhyqilUDB1s12uhmLYc3yd # 8OPMlrwIxORB5J9CxCkqvzc6EGYTcwXazPyCp7eWhzTkNbwk29nfbwmmzcskIAu3 # StA8lic7MIIHcTCCBVmgAwIBAgITMwAAABXF52ueAptJmQAAAAAAFTANBgkqhkiG # 9w0BAQsFADCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAO # BgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEy # MDAGA1UEAxMpTWljcm9zb2Z0IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIw # MTAwHhcNMjEwOTMwMTgyMjI1WhcNMzAwOTMwMTgzMjI1WjB8MQswCQYDVQQGEwJV # UzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UE # ChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGlt # ZS1TdGFtcCBQQ0EgMjAxMDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB # AOThpkzntHIhC3miy9ckeb0O1YLT/e6cBwfSqWxOdcjKNVf2AX9sSuDivbk+F2Az # /1xPx2b3lVNxWuJ+Slr+uDZnhUYjDLWNE893MsAQGOhgfWpSg0S3po5GawcU88V2 # 9YZQ3MFEyHFcUTE3oAo4bo3t1w/YJlN8OWECesSq/XJprx2rrPY2vjUmZNqYO7oa # ezOtgFt+jBAcnVL+tuhiJdxqD89d9P6OU8/W7IVWTe/dvI2k45GPsjksUZzpcGkN # yjYtcI4xyDUoveO0hyTD4MmPfrVUj9z6BVWYbWg7mka97aSueik3rMvrg0XnRm7K # MtXAhjBcTyziYrLNueKNiOSWrAFKu75xqRdbZ2De+JKRHh09/SDPc31BmkZ1zcRf # NN0Sidb9pSB9fvzZnkXftnIv231fgLrbqn427DZM9ituqBJR6L8FA6PRc6ZNN3SU # HDSCD/AQ8rdHGO2n6Jl8P0zbr17C89XYcz1DTsEzOUyOArxCaC4Q6oRRRuLRvWoY # WmEBc8pnol7XKHYC4jMYctenIPDC+hIK12NvDMk2ZItboKaDIV1fMHSRlJTYuVD5 # C4lh8zYGNRiER9vcG9H9stQcxWv2XFJRXRLbJbqvUAV6bMURHXLvjflSxIUXk8A8 # FdsaN8cIFRg/eKtFtvUeh17aj54WcmnGrnu3tz5q4i6tAgMBAAGjggHdMIIB2TAS # BgkrBgEEAYI3FQEEBQIDAQABMCMGCSsGAQQBgjcVAgQWBBQqp1L+ZMSavoKRPEY1 # Kc8Q/y8E7jAdBgNVHQ4EFgQUn6cVXQBeYl2D9OXSZacbUzUZ6XIwXAYDVR0gBFUw # UzBRBgwrBgEEAYI3TIN9AQEwQTA/BggrBgEFBQcCARYzaHR0cDovL3d3dy5taWNy # b3NvZnQuY29tL3BraW9wcy9Eb2NzL1JlcG9zaXRvcnkuaHRtMBMGA1UdJQQMMAoG # CCsGAQUFBwMIMBkGCSsGAQQBgjcUAgQMHgoAUwB1AGIAQwBBMAsGA1UdDwQEAwIB # hjAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFNX2VsuP6KJcYmjRPZSQW9fO # mhjEMFYGA1UdHwRPME0wS6BJoEeGRWh0dHA6Ly9jcmwubWljcm9zb2Z0LmNvbS9w # a2kvY3JsL3Byb2R1Y3RzL01pY1Jvb0NlckF1dF8yMDEwLTA2LTIzLmNybDBaBggr # BgEFBQcBAQROMEwwSgYIKwYBBQUHMAKGPmh0dHA6Ly93d3cubWljcm9zb2Z0LmNv # bS9wa2kvY2VydHMvTWljUm9vQ2VyQXV0XzIwMTAtMDYtMjMuY3J0MA0GCSqGSIb3 # DQEBCwUAA4ICAQCdVX38Kq3hLB9nATEkW+Geckv8qW/qXBS2Pk5HZHixBpOXPTEz # tTnXwnE2P9pkbHzQdTltuw8x5MKP+2zRoZQYIu7pZmc6U03dmLq2HnjYNi6cqYJW # AAOwBb6J6Gngugnue99qb74py27YP0h1AdkY3m2CDPVtI1TkeFN1JFe53Z/zjj3G # 82jfZfakVqr3lbYoVSfQJL1AoL8ZthISEV09J+BAljis9/kpicO8F7BUhUKz/Aye # ixmJ5/ALaoHCgRlCGVJ1ijbCHcNhcy4sa3tuPywJeBTpkbKpW99Jo3QMvOyRgNI9 # 5ko+ZjtPu4b6MhrZlvSP9pEB9s7GdP32THJvEKt1MMU0sHrYUP4KWN1APMdUbZ1j # dEgssU5HLcEUBHG/ZPkkvnNtyo4JvbMBV0lUZNlz138eW0QBjloZkWsNn6Qo3GcZ # KCS6OEuabvshVGtqRRFHqfG3rsjoiV5PndLQTHa1V1QJsWkBRH58oWFsc/4Ku+xB # Zj1p/cvBQUl+fpO+y/g75LcVv7TOPqUxUYS8vwLBgqJ7Fx0ViY1w/ue10CgaiQuP # Ntq6TPmb/wrpNPgkNWcr4A245oyZ1uEi6vAnQj0llOZ0dFtq0Z4+7X6gMTN9vMvp # e784cETRkPHIqzqKOghif9lwY1NNje6CbaUFEMFxBmoQtB1VM1izoXBm8qGCA00w # ggI1AgEBMIH5oYHRpIHOMIHLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGlu # Z3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBv # cmF0aW9uMSUwIwYDVQQLExxNaWNyb3NvZnQgQW1lcmljYSBPcGVyYXRpb25zMScw # JQYDVQQLEx5uU2hpZWxkIFRTUyBFU046OEQwMC0wNUUwLUQ5NDcxJTAjBgNVBAMT # HE1pY3Jvc29mdCBUaW1lLVN0YW1wIFNlcnZpY2WiIwoBATAHBgUrDgMCGgMVAG76 # BizYtGFrmkU7v2DcuR/ApGcooIGDMIGApH4wfDELMAkGA1UEBhMCVVMxEzARBgNV # BAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jv # c29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAg # UENBIDIwMTAwDQYJKoZIhvcNAQELBQACBQDpmL2UMCIYDzIwMjQwMzEwMjMxNTMy # WhgPMjAyNDAzMTEyMzE1MzJaMHQwOgYKKwYBBAGEWQoEATEsMCowCgIFAOmYvZQC # AQAwBwIBAAICBPQwBwIBAAICE4MwCgIFAOmaDxQCAQAwNgYKKwYBBAGEWQoEAjEo # MCYwDAYKKwYBBAGEWQoDAqAKMAgCAQACAwehIKEKMAgCAQACAwGGoDANBgkqhkiG # 9w0BAQsFAAOCAQEAihOPIeglYSCItTRIDRes54biWiaxZsjQrEuxDlJHF9xAmC1p # orD9anhsov6RNNhr9duJGWTSZVtOQ+BMcVXl3xRSJNVe3uyMV5dWTeg6bWZWrPLA # N46qaMlwGZKIGOXH1svVjj+8cmg3BUKIKk38KsEEnAk4/sNLZm3+NPO9WEpkXNPv # hhQpCMjD+/5KHiFDzqq5jskP9iKfjwlftZl+6Z1n8Cyb+ji6eVygVOXQ85dBLahq # 8Of+T8narmSv/6b+fVaSh5Ht7epCmou4AyWiZlFVd6ig2BO+60OGTXOdlXlICzzr # GLb7EyssuICBMYXPllqoU9UIupgYAFOUSTuqbTGCBA0wggQJAgEBMIGTMHwxCzAJ # BgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25k # MR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMTHU1pY3Jv # c29mdCBUaW1lLVN0YW1wIFBDQSAyMDEwAhMzAAAB88UKQ64DzB0xAAEAAAHzMA0G # CWCGSAFlAwQCAQUAoIIBSjAaBgkqhkiG9w0BCQMxDQYLKoZIhvcNAQkQAQQwLwYJ # KoZIhvcNAQkEMSIEIOPqJOl1iJKf6vCwgFzH8CWSSaBbJ1Ob9uTXrIf0RwD4MIH6 # BgsqhkiG9w0BCRACLzGB6jCB5zCB5DCBvQQgGLzZNIu24bhWSnzAGYmT9P5ECHzj # Wwb9oM7DGDo7YugwgZgwgYCkfjB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2Fz # aGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENv # cnBvcmF0aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAx # MAITMwAAAfPFCkOuA8wdMQABAAAB8zAiBCCvBEKd5K0GPn25+Auay+t9Zy7+MEnu # o0x1KddcZi9qLzANBgkqhkiG9w0BAQsFAASCAgCZMOPx4OEiuVeQtE/FaN98cOjQ # NSUZv4jcNOD4Sp6YxXInvDT1zpeTVJzMmvroniKcd4bTtQVK7956yz6voYb2R9pv # Azdj8Odf6KQcZqlqV/NkNZdZV+eAGJ+JKnOlxCIvzSscC2Uuh+xbxrtMk8nOciIh # 0eWMKM1033pFYTGVdCZuk/4ohzc6UHZPhJaadJ8/BQSZlt9mqW00qHf0xJvm9NU+ # OgYL2yaUBJjsUTWkHHzTDyhY+7mrUneWuZ3xi/Xe8XBwpD3XDsHo+jsikrXZjxj4 # 6fHOC1DUPPZNWlEQNDU5EPlfOoCFfPbSgiFz3AgjC39LZHKB/isaS/bz0XxxvMiZ # VAy0wM8AeB/twsirr85CuJ+ut+LPTBvD9CnujmG0gNKDFbSqh64gl3cOuYSDOTQb # ShBP+qVMi21w1ap1Y7QMbYtDp2t7ne5X3AlscwUjps1pfk6KyOMY9bXRKdjaxQI+ # VQIB3xVnH+zVVb0oP4tjbB2l6ysxA19ehJ+RHcLpTjs/LCH69gQfzUyHbuKZ6wd2 # JeTHcxGSZLpdnj73dvvvAqOWSsm5dKPrfjUP8Ue054/bQE0HR/h+ZrD8V6yuOzQJ # qO5y9Ld8Gyy0WS8bQxH8IqfCPQgCnP/mVzN9CSmMfhiyBT9FAEf41dK2qHejjGAm # itTdcqsbpq9D8RsW1A== # SIG # End signature block |