SVT/SVT.ps1

Set-StrictMode -Version Latest

function Get-AzSKADOSecurityStatus
{
    <#
    .SYNOPSIS
    This command would help in validating the security controls for the Azure resources meeting the specified input criteria.
    .DESCRIPTION
    This command will execute the security controls and will validate their status as 'Success' or 'Failure' based on the security guidance. Refer https://aka.ms/azskossdocs for more information
 
    .PARAMETER OrganizationName
        Organization name for which the security evaluation has to be performed.
 
    .PARAMETER ProjectNames
        Project name for which the security evaluation has to be performed.
 
    .PARAMETER BuildNames
        Build name for which the security evaluation has to be performed.
 
    .PARAMETER ReleaseNames
        Release name for which the security evaluation has to be performed.
 
    .PARAMETER AgentPoolNames
       Agent name for which the security evaluation has to be performed.
 
    .PARAMETER DetailedScan
        Print detailed scan logs for controls.
 
    .NOTES
    This command helps the application team to verify whether their Azure resources are compliant with the security guidance or not
 
    .LINK
    https://aka.ms/azskossdocs
 
    #>


    [OutputType([String])]
    [Alias("Get-AzSKAzureDevOpsSecurityStatus")]
    Param
    (

        [string]
        [Parameter(Position = 0, Mandatory = $true, HelpMessage="OrganizationName for which the security evaluation has to be performed.")]
        [ValidateNotNullOrEmpty()]
        [Alias("oz")]
        $OrganizationName,

        [string]
        [Parameter( HelpMessage="Project names for which the security evaluation has to be performed.")]
        [ValidateNotNullOrEmpty()]
        [Alias("pns", "ProjectName", "pn")]
        $ProjectNames,

        [string]
        [Parameter(HelpMessage="Build names for which the security evaluation has to be performed.")]
        [ValidateNotNullOrEmpty()]
        [Alias("bns", "BuildName","bn")]
        $BuildNames,

        [string]
        [Parameter(HelpMessage="Release names for which the security evaluation has to be performed.")]
        [ValidateNotNullOrEmpty()]
        [Alias("rns", "ReleaseName","rn")]
        $ReleaseNames,

        [string]
        [Parameter(HelpMessage="Agent Pool names for which the security evaluation has to be performed.")]
        [ValidateNotNullOrEmpty()]
        [Alias("aps", "AgentPoolName","ap")]
        $AgentPoolNames,


        [string]
        [Parameter(HelpMessage="Service connection names for which the security evaluation has to be performed.")]
        [ValidateNotNullOrEmpty()]
        [Alias("sc", "ServiceConnectionName", "scs")]
        $ServiceConnectionNames,

        [string]
        [Parameter(HelpMessage="Variable group names for which the security evaluation has to be performed.")]
        [ValidateNotNullOrEmpty()]
        [Alias("vg", "VariableGroupName", "vgs")]
        $VariableGroupNames,

        [string]
        [Parameter(HelpMessage="Repo name for which the security evaluation has to be perform.")]
        [ValidateNotNullOrEmpty()]
        [Alias("rpn", "RepoName","rp")]
        $RepoNames,

        [string]
        [Parameter(HelpMessage="Secure file name for which the security evaluation has to be perform.")]
        [ValidateNotNullOrEmpty()]
        [Alias("sfn", "SecureFileName","sf")]
        $SecureFileNames,

        [string]
        [Parameter(HelpMessage="Feed name for which the security evaluation has to be perform.")]
        [ValidateNotNullOrEmpty()]
        [Alias("fd", "FeedName","fdn")]
        $FeedNames,

        [string]
        [Parameter(HelpMessage="Environment name for which the security evaluation has to be perform.")]
        [ValidateNotNullOrEmpty()]
        [Alias("en", "EnvironmentName","env")]
        $EnvironmentNames,

        [switch]
        [Parameter(HelpMessage="Scan all supported resource types present under organization like build, release, projects etc.")]
        [Alias("sar", "saa" , "ScanAllArtifacts", "sat", "ScanAllResourceTypes")]
        $ScanAllResources,

        [string]
        [Parameter(Mandatory = $false, ParameterSetName = "Default", HelpMessage = "Comma separated control ids to filter the security controls. e.g.: ADO_Organization_AuthN_Use_AAD_Auth, ADO_Organization_SI_Review_InActive_Users etc.")]
        [Parameter(Mandatory = $true, ParameterSetName = "BulkAttestation", HelpMessage="Comma separated control ids to filter the security controls. e.g.: ADO_Organization_AuthN_Use_AAD_Auth, ADO_Organization_SI_Review_InActive_Users etc.")]
        [Parameter(Mandatory = $true, ParameterSetName = "BulkAttestationClear", HelpMessage="Comma separated control ids to filter the security controls. e.g.: ADO_Organization_AuthN_Use_AAD_Auth, ADO_Organization_SI_Review_InActive_Users etc.")]
        [Alias("BulkAttestControlId","cids","bacid")]
        [AllowEmptyString()]
        $ControlIds,

        [string]
        [Parameter(Mandatory = $false)]
        [Alias("ft")]
        $FilterTags,

        [string]
        [Parameter(Mandatory = $false)]
        [Alias("xt")]
        $ExcludeTags,

        [string]
        [Parameter(Mandatory = $false)]
        [Alias("xcids")]
        [AllowEmptyString()]
        $ExcludeControlIds,

        [switch]
        [Parameter(Mandatory = $false)]
        [Alias("ubc")]
        $UseBaselineControls,

        [switch]
        [Parameter(Mandatory = $false)]
        [Alias("upbc")]
        $UsePreviewBaselineControls,

        [string]
        [Parameter(Mandatory = $false, HelpMessage="Specify the severity of controls to be scanned. Example `"High, Medium`"")]
        [Alias("ControlSeverity")]
        $Severity,

        [int]
        [Parameter(Mandatory = $false, HelpMessage="Max # of objects to check. Default is 0 which means scan all.")]
        [Alias("mo")]
        $MaxObj = 0,

        [System.Security.SecureString]
        [Parameter(HelpMessage="Token to run scan in non-interactive mode")]
        [Alias("tk")]
        $PATToken,

        [switch]
        [Parameter(HelpMessage = "Switch to provide personal access token (PAT) using UI.")]
        [Alias("pfp")]
        $PromptForPAT,

        [string]
        [Parameter(Mandatory=$false, HelpMessage="KeyVault URL for PATToken")]
        [Alias("ptu")]
        $PATTokenURL,

        [ResourceTypeName]
        [Alias("rtn")]
        $ResourceTypeName = [ResourceTypeName]::All,

        [switch]
        [Parameter(Mandatory = $false)]
        [Alias("upc")]
        $UsePartialCommits,

        [switch]
        [Parameter(Mandatory = $false)]
        [Alias("dnrr")]
        $DoNotRefetchResources,

        [switch]
        [Parameter(Mandatory = $false)]
        [Alias("dnof")]
        $DoNotOpenOutputFolder,

        [ValidateSet("All","AlreadyAttested","NotAttested","None")]
        [Parameter(Mandatory = $false, ParameterSetName = "Default", HelpMessage="Using this switch, AzSK.ADO enters 'attest' mode immediately after a scan is completed. This ensures that attestation is done on the basis of the most current control statuses.")]
        [Parameter(Mandatory = $true, ParameterSetName = "BulkAttestation", HelpMessage="Using this switch, AzSK.ADO enters 'attest' mode immediately after a scan is completed. This ensures that attestation is done on the basis of the most current control statuses.")]
        [Parameter(Mandatory = $true, ParameterSetName = "BulkAttestationClear", HelpMessage="Using this switch, AzSK.ADO enters 'attest' mode immediately after a scan is completed. This ensures that attestation is done on the basis of the most current control statuses.")]
        [Alias("AttestControls","cta")]
        $ControlsToAttest = [AttestControls]::None,

        [switch]
        [Parameter(Mandatory = $true, ParameterSetName = "BulkAttestationClear", HelpMessage="Use this option if you want to clear the attestation for multiple resources in bulk, for a specified controlId.")]
        [Alias("bc")]
        $BulkClear,

        [string]
        [Parameter(Mandatory = $true, ParameterSetName = "BulkAttestation", HelpMessage="Use this option to provide an apt justification with proper business reason.")]
        [Alias("jt")]
        $JustificationText,

        [ValidateSet("NotAnIssue", "WillNotFix", "WillFixLater","NotApplicable","StateConfirmed","ApprovedException")]
        [Parameter(Mandatory = $true, ParameterSetName = "BulkAttestation", HelpMessage="Attester must select one of the attestation reasons (NotAnIssue, WillNotFix, WillFixLater, NotApplicable, StateConfirmed(if valid for the control))")]
        [Alias("as")]
        $AttestationStatus = [AttestationStatus]::None,

        [switch]
        [Parameter(Mandatory = $false, HelpMessage = "Switch to add approved exceptions.")]
        [Alias("aex")]
        $AddException,

        [Datetime]
        [Parameter(Mandatory = $false, HelpMessage = "Expiry date of approved exception.")]
        [Alias("aee")]
        $ApprovedExceptionExpiryDate,

        [string]
        [Parameter(Mandatory = $false, HelpMessage = "ID of approved exception.")]
        [Alias("aei")]
        $ApprovedExceptionID,

        [string]
        [Parameter(HelpMessage="Project name to store attestation details for organization-specific controls.")]
        [ValidateNotNullOrEmpty()]
        [Alias("atp","HostProjectName")]
        $AttestationHostProjectName,


        [ValidateSet("All","BaselineControls","PreviewBaselineControls", "Custom")]
        [Parameter(Mandatory = $false)]
        [Alias("abl")]
        [string] $AutoBugLog = [BugLogForControls]::All,


        [switch]
        [Parameter(HelpMessage = "Switch to auto-close bugs after the scan.")]
        [Alias("acb")]
        $AutoCloseBugs,

        [string]
        [Parameter(Mandatory=$false)]
        [Alias("apt")]
        $AreaPath,

        [string]
        [Parameter(Mandatory=$false)]
        [Alias("ipt")]
        $IterationPath,

        [string]
        [Parameter(Mandatory = $false, HelpMessage = "Specify the security severity of bugs to be logged.")]
        [Alias("ssv")]
        $SecuritySeverity,

        [string]
        [Parameter(HelpMessage="Specify the custom field reference name for bug description.")]
        [ValidateNotNullOrEmpty()]
        [Alias("bdf")]
        $BugDescriptionField,

        [switch]
        [Parameter(HelpMessage="Allow long running scan.")]
        [Alias("als", "alrs")]
        $AllowLongRunningScan,

        [string]
        [Parameter(Mandatory = $false, HelpMessage="Name of the project hosting organization policy with which the scan should run.")]
        [ValidateNotNullOrEmpty()]
        [Alias("pp")]
        $PolicyProject,

        [switch]
        [Parameter(HelpMessage="Print detailed scan logs for controls.")]
        [Alias("ds")]
        $DetailedScan,

        [string]
        [Parameter(HelpMessage="Service id for which the security evaluation has to be performed.")]
        [ValidateNotNullOrEmpty()]
        [Alias("svcid")]
        $ServiceIds,

        [switch]
        [Parameter(HelpMessage="Include admin controls (organization and project specific controls) in scan.")]
        [Alias("iac")]
        $IncludeAdminControls,

        [switch]
        [Parameter(HelpMessage="Skip organization and user controls.")]
        [Alias("souc")]
        $SkipOrgUserControls,

        [string]
        [Parameter(Mandatory = $false, HelpMessage="Name of the repository containing org policy endpoint.")]
        [ValidateNotNullOrEmpty()]
        [Alias("prn")]
        $PolicyRepoName,

        [ValidateSet("Graph", "RegEx", "GraphThenRegEx")]
        [Parameter(Mandatory = $false, HelpMessage="Evaluation method to evaluate SC-ALT admin controls.")]
        [Alias("acem")]
        [string] $ALTControlEvaluationMethod,
        
        [string]
        [Parameter(Mandatory = $false, HelpMessage="Folder path of builds to be scanned.")]
        [ValidateNotNullOrEmpty()]
        [Alias("bp")]
        $BuildsFolderPath,

        [string]
        [Parameter(Mandatory = $false, HelpMessage="Folder path of releases to be scanned.")]
        [ValidateNotNullOrEmpty()]
        [Alias("rfp")]
        $ReleasesFolderPath,

    
        [switch]
        [Parameter(HelpMessage="Print SARIF logs for the scan.")]
        [Alias("gsl")]
        $GenerateSarifLogs,

        [switch]
        [Parameter(HelpMessage="Switch to reset default logged in user.")]
        [Alias("rc")]
        $ResetCredentials,
        
        [switch]
        [Parameter(HelpMessage="Switch to copy current data object in local folder to facilitate control fix.")]
        [Alias("pcf")]
        $PrepareForControlFix,

        [switch]
        [Parameter(HelpMessage="Scan and generate backup of feeds on which current user has owner access for control fix.")]
        [Alias("coa")]
        $CheckOwnerAccess,

        [switch]
        [Parameter(Mandatory = $false, HelpMessage="Scan only those resource objects modified after immediately previous scan.")]
        [Alias("inc", "ScanIncrementally")]
        $IncrementalScan,

        [switch]
        [Parameter(Mandatory = $false, HelpMessage="Scan only those resource objects modified after immediately previous scan.")]
        [Alias("f")]
        $Force,

        [switch]
        [Parameter()]
        [Alias("bs")]
        $BatchScan,

        [switch]
        [switch]
        [Parameter()]
        [Alias("bsmp")]
        $BatchScanMultipleProjects,

        [string]
        [Parameter()]
        [Alias("fn")]
        $FolderName,

        [DateTime]
        [Parameter(Mandatory = $false, HelpMessage="Date to use as threshold for incremental scanning.")]
        [ValidateNotNullOrEmpty()]
        [Alias("dt", "IncrementDate")]
        $IncrementalDate,

        [switch]
        [Parameter(Mandatory = $false, HelpMessage="Scan attested resources during incremental scan")]
        [Alias("sars")]
        $ScanAttestedResources



    )
    Begin
    {
        [CommandHelper]::BeginCommand($PSCmdlet.MyInvocation);
        [ListenerHelper]::RegisterListeners();
    }

    Process
    {
        try
        {
            [ConfigurationHelper]::PolicyCacheContent = @()
            [ConfigurationHelper]::OnlinePolicyEnabled = $false
            [ConfigurationHelper]::OssPolicyUrl = ""
            [ConfigurationHelper]::OssPolicyEnabled = $false
            [ConfigurationHelper]::LocalPolicyEnabled = $false
            [ConfigurationHelper]::ConfigVersion = ""
            [AzSKSettings]::Instance = $null
            [AzSKConfig]::Instance = $null
            [ConfigurationHelper]::ServerConfigMetadata = $null
            [ControlHelper]::IsGroupDetailsFetchedFromPolicy = $false
            [ControlHelper]::CloudmineDataHelperObj=$null
            [CloudmineDataHelper]::CloudmineDataHelperInstance = $null
            [Build]::YamlBranchPolicies=@()
            [ADOSVTBase]::ResourceApprovalChecks = @()
            #Refresh singlton in different gads commands. (Powershell session keep cach object of the class, so need to make it null befor command run)
      
              [AutoBugLog]::AutoBugInstance = $null
              #Clear the cache of nested groups if the org name is not matching from previous scan in same session
            if ([ControlHelper]::GroupMembersResolutionObj.ContainsKey("OrgName") -and [ControlHelper]::GroupMembersResolutionObj["OrgName"] -ne $OrganizationName) {
                [ControlHelper]::GroupMembersResolutionObj = @{}
                [AdministratorHelper]::isCurrentUserPCA = $false
                [AdministratorHelper]::isCurrentUserPA= $false
                [AdministratorHelper]::AllPCAMembers = @()
                [AdministratorHelper]::AllPAMembers = @()
            }
      
            if ($PrepareForControlFix -eq $true)  {
                if ($UsePartialCommits -ne $true)  {
                    Write-Host "PrepareForControlFix switch requires -UsePartialCommits switch." -ForegroundColor Red
                    return;
                }
                elseif ([String]::IsNullOrEmpty($ControlIds) -or $ControlIds -match ','){
                    Write-Host "PrepareForControlFix switch requires one controlid. Use -ControlIds parameter to provide it." -ForegroundColor Red
                    return;
                }
            }

            if($PromptForPAT -eq $true)
            {
                if($null -ne $PATToken)
                {
                    Write-Host "Parameters '-PromptForPAT' and '-PATToken' can not be used simultaneously in the scan command." -ForegroundColor Red
                    return;
                }
                else
                {
                    $PATToken = Read-Host "Provide PAT for [$OrganizationName] org:" -AsSecureString
                }

            }

            if (-not [String]::IsNullOrEmpty($PATTokenURL))
            {
                # For now, if PAT URL is specified we will trigger an Azure login.
                $Context = @(Get-AzContext -ErrorAction SilentlyContinue )
                if ($Context.count -eq 0)  {
                    Write-Host "No active Azure login session found.`r`nPlease login to Azure tenant hosting the key vault..." -ForegroundColor Yellow
                    Connect-AzAccount -ErrorAction Stop
                    $Context = @(Get-AzContext -ErrorAction SilentlyContinue)
                }

                if ($null -eq $Context)  {
                    Write-Host "Login failed. Azure login context is required to use a key vault-based PAT token.`r`nStopping scan command." -ForegroundColor Red
                    return;
                }
                #Parse the key-vault-URL to determine vaultname, secretname, version
                if ($PATTokenURL -match "^https://(?<kv>[\w]+)(?:[\.\w+]*)/secrets/(?<sn>[\w]+)/?(?<sv>[\w]*)")
                {
                    $kvName = $Matches["kv"]
                    $secretName = $Matches["sn"]
                    $secretVersion = $Matches["sv"]

                    if (-not [String]::IsNullOrEmpty($secretVersion))
                    {
                        $kvSecret = Get-AzKeyVaultSecret -VaultName $kvName -SecretName $secretName -Version $secretVersion
                    }
                    else
                    {
                        $kvSecret = Get-AzKeyVaultSecret -VaultName $kvName -SecretName $secretName
                    }

                    if ($null -eq $kvSecret)
                    {
                        Write-Host "Could not extract PATToken from the given key vault URL.`r`nStopping scan command." -ForegroundColor Red
                        return;
                    }
                    $PATToken = $kvSecret.SecretValue;
                }
                else {
                    Write-Host "Could not extract PATToken from the given key vault URL.`r`nStopping scan command." -ForegroundColor Red
                    return;
                }
            }


            if ($ResetCredentials)
            {
                [ContextHelper]::PromptForLogin = $true
            }
            else
            {
                [ContextHelper]::PromptForLogin =$false
            }

            if(![string]::IsNullOrEmpty($BuildsFolderPath))
            {
                if($ResourceTypeName -notin([ResourceTypeName]::Build_Release,[ResourceTypeName]::Build))
                {
                    Write-Host "Parameter -ResourceTypeName(-rtn) should be Build/Build_Release when the parameter '-BuildsFolderPath' is used in the scan command." -ForegroundColor Red
                    return;
                }
            }

            if(![string]::IsNullOrEmpty($ReleasesFolderPath))
            {
                if($ResourceTypeName -notin([ResourceTypeName]::Build_Release,[ResourceTypeName]::Release))
                {
                    Write-Host "Parameter -ResourceTypeName(-rtn) should be Release/Build_Release when the parameter '-ReleasesFolderPath' is used in the scan command." -ForegroundColor Red
                    return;
                }
            }

            $resolver = [SVTResourceResolver]::new($OrganizationName,$ProjectNames,$BuildNames,$ReleaseNames,$AgentPoolNames, $ServiceConnectionNames, $VariableGroupNames, $MaxObj, $ScanAllResources, $PATToken,$ResourceTypeName, $AllowLongRunningScan, $ServiceIds, $IncludeAdminControls, $SkipOrgUserControls, $RepoNames, $SecureFileNames, $FeedNames, $EnvironmentNames, $BuildsFolderPath,$ReleasesFolderPath,$UsePartialCommits,$DoNotRefetchResources,$BatchScan, $IncrementalScan, $IncrementalDate);

            $secStatus = [ServicesSecurityStatus]::new($OrganizationName, $PSCmdlet.MyInvocation, $resolver);
            if ($secStatus)
            {
                if ($null -ne $secStatus.Resolver.SVTResources) {

                    $secStatus.ControlIdString = $ControlIds;
                    $secStatus.Severity = $Severity;
                    $secStatus.UseBaselineControls = $UseBaselineControls;
                    $secStatus.UsePreviewBaselineControls = $UsePreviewBaselineControls;

                    $secStatus.FilterTags = $FilterTags;
                    $secStatus.ExcludeTags = $ExcludeTags;

                    $secStatus.ExcludeControlIdString = $ExcludeControlIds

                    #build the attestation options object
                    [AttestationOptions] $attestationOptions = [AttestationOptions]::new();
                    $attestationOptions.AttestControls = $ControlsToAttest
                    $attestationOptions.JustificationText = $JustificationText
                    $attestationOptions.AttestationStatus = $AttestationStatus
                    $attestationOptions.IsBulkClearModeOn = $BulkClear
                    $attestationOptions.IsExemptModeOn = $AddException
                    $attestationOptions.ApprovedExceptionExpiryDate =  $ApprovedExceptionExpiryDate
                    $attestationOptions.ApprovedExceptionID = $ApprovedExceptionID
                    $secStatus.AttestationOptions = $attestationOptions;

                    return $secStatus.EvaluateControlStatus();
                }
            }
        }
        catch
        {
            [EventBase]::PublishGenericException($_);
        }
    }

    End
    {
        [ListenerHelper]::UnregisterListeners();
    }
}

# SIG # Begin signature block
# MIInzgYJKoZIhvcNAQcCoIInvzCCJ7sCAQExDzANBglghkgBZQMEAgEFADB5Bgor
# BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG
# KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCCIwKagsUT3UDVm
# omlD5ZspYL2u8hd6Ld9ZLgT2z1zxJqCCDYUwggYDMIID66ADAgECAhMzAAADri01
# UchTj1UdAAAAAAOuMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMRMwEQYD
# VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy
# b3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNpZ25p
# bmcgUENBIDIwMTEwHhcNMjMxMTE2MTkwODU5WhcNMjQxMTE0MTkwODU5WjB0MQsw
# CQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9u
# ZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYDVQQDExVNaWNy
# b3NvZnQgQ29ycG9yYXRpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
# AQD0IPymNjfDEKg+YyE6SjDvJwKW1+pieqTjAY0CnOHZ1Nj5irGjNZPMlQ4HfxXG
# yAVCZcEWE4x2sZgam872R1s0+TAelOtbqFmoW4suJHAYoTHhkznNVKpscm5fZ899
# QnReZv5WtWwbD8HAFXbPPStW2JKCqPcZ54Y6wbuWV9bKtKPImqbkMcTejTgEAj82
# 6GQc6/Th66Koka8cUIvz59e/IP04DGrh9wkq2jIFvQ8EDegw1B4KyJTIs76+hmpV
# M5SwBZjRs3liOQrierkNVo11WuujB3kBf2CbPoP9MlOyyezqkMIbTRj4OHeKlamd
# WaSFhwHLJRIQpfc8sLwOSIBBAgMBAAGjggGCMIIBfjAfBgNVHSUEGDAWBgorBgEE
# AYI3TAgBBggrBgEFBQcDAzAdBgNVHQ4EFgQUhx/vdKmXhwc4WiWXbsf0I53h8T8w
# VAYDVR0RBE0wS6RJMEcxLTArBgNVBAsTJE1pY3Jvc29mdCBJcmVsYW5kIE9wZXJh
# dGlvbnMgTGltaXRlZDEWMBQGA1UEBRMNMjMwMDEyKzUwMTgzNjAfBgNVHSMEGDAW
# gBRIbmTlUAXTgqoXNzcitW2oynUClTBUBgNVHR8ETTBLMEmgR6BFhkNodHRwOi8v
# d3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NybC9NaWNDb2RTaWdQQ0EyMDExXzIw
# MTEtMDctMDguY3JsMGEGCCsGAQUFBwEBBFUwUzBRBggrBgEFBQcwAoZFaHR0cDov
# L3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNDb2RTaWdQQ0EyMDEx
# XzIwMTEtMDctMDguY3J0MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIB
# AGrJYDUS7s8o0yNprGXRXuAnRcHKxSjFmW4wclcUTYsQZkhnbMwthWM6cAYb/h2W
# 5GNKtlmj/y/CThe3y/o0EH2h+jwfU/9eJ0fK1ZO/2WD0xi777qU+a7l8KjMPdwjY
# 0tk9bYEGEZfYPRHy1AGPQVuZlG4i5ymJDsMrcIcqV8pxzsw/yk/O4y/nlOjHz4oV
# APU0br5t9tgD8E08GSDi3I6H57Ftod9w26h0MlQiOr10Xqhr5iPLS7SlQwj8HW37
# ybqsmjQpKhmWul6xiXSNGGm36GarHy4Q1egYlxhlUnk3ZKSr3QtWIo1GGL03hT57
# xzjL25fKiZQX/q+II8nuG5M0Qmjvl6Egltr4hZ3e3FQRzRHfLoNPq3ELpxbWdH8t
# Nuj0j/x9Crnfwbki8n57mJKI5JVWRWTSLmbTcDDLkTZlJLg9V1BIJwXGY3i2kR9i
# 5HsADL8YlW0gMWVSlKB1eiSlK6LmFi0rVH16dde+j5T/EaQtFz6qngN7d1lvO7uk
# 6rtX+MLKG4LDRsQgBTi6sIYiKntMjoYFHMPvI/OMUip5ljtLitVbkFGfagSqmbxK
# 7rJMhC8wiTzHanBg1Rrbff1niBbnFbbV4UDmYumjs1FIpFCazk6AADXxoKCo5TsO
# zSHqr9gHgGYQC2hMyX9MGLIpowYCURx3L7kUiGbOiMwaMIIHejCCBWKgAwIBAgIK
# YQ6Q0gAAAAAAAzANBgkqhkiG9w0BAQsFADCBiDELMAkGA1UEBhMCVVMxEzARBgNV
# BAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jv
# c29mdCBDb3Jwb3JhdGlvbjEyMDAGA1UEAxMpTWljcm9zb2Z0IFJvb3QgQ2VydGlm
# aWNhdGUgQXV0aG9yaXR5IDIwMTEwHhcNMTEwNzA4MjA1OTA5WhcNMjYwNzA4MjEw
# OTA5WjB+MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UE
# BxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSgwJgYD
# VQQDEx9NaWNyb3NvZnQgQ29kZSBTaWduaW5nIFBDQSAyMDExMIICIjANBgkqhkiG
# 9w0BAQEFAAOCAg8AMIICCgKCAgEAq/D6chAcLq3YbqqCEE00uvK2WCGfQhsqa+la
# UKq4BjgaBEm6f8MMHt03a8YS2AvwOMKZBrDIOdUBFDFC04kNeWSHfpRgJGyvnkmc
# 6Whe0t+bU7IKLMOv2akrrnoJr9eWWcpgGgXpZnboMlImEi/nqwhQz7NEt13YxC4D
# dato88tt8zpcoRb0RrrgOGSsbmQ1eKagYw8t00CT+OPeBw3VXHmlSSnnDb6gE3e+
# lD3v++MrWhAfTVYoonpy4BI6t0le2O3tQ5GD2Xuye4Yb2T6xjF3oiU+EGvKhL1nk
# kDstrjNYxbc+/jLTswM9sbKvkjh+0p2ALPVOVpEhNSXDOW5kf1O6nA+tGSOEy/S6
# A4aN91/w0FK/jJSHvMAhdCVfGCi2zCcoOCWYOUo2z3yxkq4cI6epZuxhH2rhKEmd
# X4jiJV3TIUs+UsS1Vz8kA/DRelsv1SPjcF0PUUZ3s/gA4bysAoJf28AVs70b1FVL
# 5zmhD+kjSbwYuER8ReTBw3J64HLnJN+/RpnF78IcV9uDjexNSTCnq47f7Fufr/zd
# sGbiwZeBe+3W7UvnSSmnEyimp31ngOaKYnhfsi+E11ecXL93KCjx7W3DKI8sj0A3
# T8HhhUSJxAlMxdSlQy90lfdu+HggWCwTXWCVmj5PM4TasIgX3p5O9JawvEagbJjS
# 4NaIjAsCAwEAAaOCAe0wggHpMBAGCSsGAQQBgjcVAQQDAgEAMB0GA1UdDgQWBBRI
# bmTlUAXTgqoXNzcitW2oynUClTAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTAL
# BgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBRyLToCMZBD
# uRQFTuHqp8cx0SOJNDBaBgNVHR8EUzBRME+gTaBLhklodHRwOi8vY3JsLm1pY3Jv
# c29mdC5jb20vcGtpL2NybC9wcm9kdWN0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFf
# MDNfMjIuY3JsMF4GCCsGAQUFBwEBBFIwUDBOBggrBgEFBQcwAoZCaHR0cDovL3d3
# dy5taWNyb3NvZnQuY29tL3BraS9jZXJ0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFf
# MDNfMjIuY3J0MIGfBgNVHSAEgZcwgZQwgZEGCSsGAQQBgjcuAzCBgzA/BggrBgEF
# BQcCARYzaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9kb2NzL3ByaW1h
# cnljcHMuaHRtMEAGCCsGAQUFBwICMDQeMiAdAEwAZQBnAGEAbABfAHAAbwBsAGkA
# YwB5AF8AcwB0AGEAdABlAG0AZQBuAHQALiAdMA0GCSqGSIb3DQEBCwUAA4ICAQBn
# 8oalmOBUeRou09h0ZyKbC5YR4WOSmUKWfdJ5DJDBZV8uLD74w3LRbYP+vj/oCso7
# v0epo/Np22O/IjWll11lhJB9i0ZQVdgMknzSGksc8zxCi1LQsP1r4z4HLimb5j0b
# pdS1HXeUOeLpZMlEPXh6I/MTfaaQdION9MsmAkYqwooQu6SpBQyb7Wj6aC6VoCo/
# KmtYSWMfCWluWpiW5IP0wI/zRive/DvQvTXvbiWu5a8n7dDd8w6vmSiXmE0OPQvy
# CInWH8MyGOLwxS3OW560STkKxgrCxq2u5bLZ2xWIUUVYODJxJxp/sfQn+N4sOiBp
# mLJZiWhub6e3dMNABQamASooPoI/E01mC8CzTfXhj38cbxV9Rad25UAqZaPDXVJi
# hsMdYzaXht/a8/jyFqGaJ+HNpZfQ7l1jQeNbB5yHPgZ3BtEGsXUfFL5hYbXw3MYb
# BL7fQccOKO7eZS/sl/ahXJbYANahRr1Z85elCUtIEJmAH9AAKcWxm6U/RXceNcbS
# oqKfenoi+kiVH6v7RyOA9Z74v2u3S5fi63V4GuzqN5l5GEv/1rMjaHXmr/r8i+sL
# gOppO6/8MO0ETI7f33VtY5E90Z1WTk+/gFcioXgRMiF670EKsT/7qMykXcGhiJtX
# cVZOSEXAQsmbdlsKgEhr/Xmfwb1tbWrJUnMTDXpQzTGCGZ8wghmbAgEBMIGVMH4x
# CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRt
# b25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01p
# Y3Jvc29mdCBDb2RlIFNpZ25pbmcgUENBIDIwMTECEzMAAAOuLTVRyFOPVR0AAAAA
# A64wDQYJYIZIAWUDBAIBBQCgga4wGQYJKoZIhvcNAQkDMQwGCisGAQQBgjcCAQQw
# HAYKKwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkEMSIEIFwC
# LE0LjKGjKzYUhdfNLWp7EgOzMZ4hF9oPpIWPQ/X0MEIGCisGAQQBgjcCAQwxNDAy
# oBSAEgBNAGkAYwByAG8AcwBvAGYAdKEagBhodHRwOi8vd3d3Lm1pY3Jvc29mdC5j
# b20wDQYJKoZIhvcNAQEBBQAEggEAWyw0yZXJYf2c78VSqs2QHmMzfIcFlNdREvJb
# uvJibhHEwm+moMUQKriLEVvtmVk/pVHukq2cBHt9DE7SENs4U/+3Zyn4X2TKxf/w
# U6BZyp47VlQ/j0aoytVmZ6kJRVACJWx1kyvUicZ/Yn/O7Hb5oJg51lxn98DVM1qe
# mLqfTQBlApezPnNWwEPmaBE07YZNO16l+hB26sMGqmPQRFNYpZSbB6k9zFrgg09h
# c7vhgh3vTTIrhzg9GuRn14KGCSHVqrJOM8KT+HOu9+L0TbHOrx69qyZ36t1gHtjP
# xcsQVXqAy6uS5fbA/Yh5G6D+5Rvg9t/Fk5wnqilS7rUZcQ+5X6GCFykwghclBgor
# BgEEAYI3AwMBMYIXFTCCFxEGCSqGSIb3DQEHAqCCFwIwghb+AgEDMQ8wDQYJYIZI
# AWUDBAIBBQAwggFZBgsqhkiG9w0BCRABBKCCAUgEggFEMIIBQAIBAQYKKwYBBAGE
# WQoDATAxMA0GCWCGSAFlAwQCAQUABCAXncwzYPTSHI0yjrz5cXn0PDIQvoYbcGJu
# QpA9iLpwpQIGZdXwEMynGBMyMDI0MDMxMTEwNDMzMy40OTFaMASAAgH0oIHYpIHV
# MIHSMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMH
# UmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMS0wKwYDVQQL
# EyRNaWNyb3NvZnQgSXJlbGFuZCBPcGVyYXRpb25zIExpbWl0ZWQxJjAkBgNVBAsT
# HVRoYWxlcyBUU1MgRVNOOjhENDEtNEJGNy1CM0I3MSUwIwYDVQQDExxNaWNyb3Nv
# ZnQgVGltZS1TdGFtcCBTZXJ2aWNloIIReDCCBycwggUPoAMCAQICEzMAAAHj372b
# mhxogyIAAQAAAeMwDQYJKoZIhvcNAQELBQAwfDELMAkGA1UEBhMCVVMxEzARBgNV
# BAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jv
# c29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAg
# UENBIDIwMTAwHhcNMjMxMDEyMTkwNzI5WhcNMjUwMTEwMTkwNzI5WjCB0jELMAkG
# A1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQx
# HjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEtMCsGA1UECxMkTWljcm9z
# b2Z0IElyZWxhbmQgT3BlcmF0aW9ucyBMaW1pdGVkMSYwJAYDVQQLEx1UaGFsZXMg
# VFNTIEVTTjo4RDQxLTRCRjctQjNCNzElMCMGA1UEAxMcTWljcm9zb2Z0IFRpbWUt
# U3RhbXAgU2VydmljZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAL6k
# DWgeRp+fxSBUD6N/yuEJpXggzBeNG5KB8M9AbIWeEokJgOghlMg8JmqkNsB4Wl1N
# EXR7cL6vlPCsWGLMhyqmscQu36/8h2bx6TU4M8dVZEd6V4U+l9gpte+VF91kOI35
# fOqJ6eQDMwSBQ5c9ElPFUijTA7zV7Y5PRYrS4FL9p494TidCpBEH5N6AO5u8wNA/
# jKO94Zkfjgu7sLF8SUdrc1GRNEk2F91L3pxR+32FsuQTZi8hqtrFpEORxbySgiQB
# P3cH7fPleN1NynhMRf6T7XC1L0PRyKy9MZ6TBWru2HeWivkxIue1nLQb/O/n0j2Q
# Vd42Zf0ArXB/Vq54gQ8JIvUH0cbvyWM8PomhFi6q2F7he43jhrxyvn1Xi1pwHOVs
# bH26YxDKTWxl20hfQLdzz4RVTo8cFRMdQCxlKkSnocPWqfV/4H5APSPXk0r8Cc/c
# Mmva3g4EvupF4ErbSO0UNnCRv7UDxlSGiwiGkmny53mqtAZ7NLePhFtwfxp6ATIo
# jl8JXjr3+bnQWUCDCd5Oap54fGeGYU8KxOohmz604BgT14e3sRWABpW+oXYSCyFQ
# 3SZQ3/LNTVby9ENsuEh2UIQKWU7lv7chrBrHCDw0jM+WwOjYUS7YxMAhaSyOahpb
# udALvRUXpQhELFoO6tOx/66hzqgjSTOEY3pu46BFAgMBAAGjggFJMIIBRTAdBgNV
# HQ4EFgQUsa4NZr41FbehZ8Y+ep2m2YiYqQMwHwYDVR0jBBgwFoAUn6cVXQBeYl2D
# 9OXSZacbUzUZ6XIwXwYDVR0fBFgwVjBUoFKgUIZOaHR0cDovL3d3dy5taWNyb3Nv
# ZnQuY29tL3BraW9wcy9jcmwvTWljcm9zb2Z0JTIwVGltZS1TdGFtcCUyMFBDQSUy
# MDIwMTAoMSkuY3JsMGwGCCsGAQUFBwEBBGAwXjBcBggrBgEFBQcwAoZQaHR0cDov
# L3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNyb3NvZnQlMjBUaW1l
# LVN0YW1wJTIwUENBJTIwMjAxMCgxKS5jcnQwDAYDVR0TAQH/BAIwADAWBgNVHSUB
# Af8EDDAKBggrBgEFBQcDCDAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQAD
# ggIBALe+my6p1NPMEW1t70a8Y2hGxj6siDSulGAs4UxmkfzxMAic4j0+GTPbHxk1
# 93mQ0FRPa9dtbRbaezV0GLkEsUWTGF2tP6WsDdl5/lD4wUQ76ArFOencCpK5svE0
# sO0FyhrJHZxMLCOclvd6vAIPOkZAYihBH/RXcxzbiliOCr//3w7REnsLuOp/7vlX
# JAsGzmJesBP/0ERqxjKudPWuBGz/qdRlJtOl5nv9NZkyLig4D5hy9p2Ec1zaotiL
# iHnJ9mlsJEcUDhYj8PnYnJjjsCxv+yJzao2aUHiIQzMbFq+M08c8uBEf+s37YbZQ
# 7XAFxwe2EVJAUwpWjmtJ3b3zSWTMmFWunFr2aLk6vVeS0u1MyEfEv+0bDk+N3jms
# CwbLkM9FaDi7q2HtUn3z6k7AnETc28dAvLf/ioqUrVYTwBrbRH4XVFEvaIQ+i7es
# DQicWW1dCDA/J3xOoCECV68611jriajfdVg8o0Wp+FCg5CAUtslgOFuiYULgcxnq
# zkmP2i58ZEa0rm4LZymHBzsIMU0yMmuVmAkYxbdEDi5XqlZIupPpqmD6/fLjD4ub
# 0SEEttOpg0np0ra/MNCfv/tVhJtz5wgiEIKX+s4akawLfY+16xDB64Nm0HoGs/Gy
# 823ulIm4GyrUcpNZxnXvE6OZMjI/V1AgSAg8U/heMWuZTWVUMIIHcTCCBVmgAwIB
# AgITMwAAABXF52ueAptJmQAAAAAAFTANBgkqhkiG9w0BAQsFADCBiDELMAkGA1UE
# BhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAc
# BgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEyMDAGA1UEAxMpTWljcm9zb2Z0
# IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwMTAwHhcNMjEwOTMwMTgyMjI1
# WhcNMzAwOTMwMTgzMjI1WjB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGlu
# Z3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBv
# cmF0aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMDCC
# AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAOThpkzntHIhC3miy9ckeb0O
# 1YLT/e6cBwfSqWxOdcjKNVf2AX9sSuDivbk+F2Az/1xPx2b3lVNxWuJ+Slr+uDZn
# hUYjDLWNE893MsAQGOhgfWpSg0S3po5GawcU88V29YZQ3MFEyHFcUTE3oAo4bo3t
# 1w/YJlN8OWECesSq/XJprx2rrPY2vjUmZNqYO7oaezOtgFt+jBAcnVL+tuhiJdxq
# D89d9P6OU8/W7IVWTe/dvI2k45GPsjksUZzpcGkNyjYtcI4xyDUoveO0hyTD4MmP
# frVUj9z6BVWYbWg7mka97aSueik3rMvrg0XnRm7KMtXAhjBcTyziYrLNueKNiOSW
# rAFKu75xqRdbZ2De+JKRHh09/SDPc31BmkZ1zcRfNN0Sidb9pSB9fvzZnkXftnIv
# 231fgLrbqn427DZM9ituqBJR6L8FA6PRc6ZNN3SUHDSCD/AQ8rdHGO2n6Jl8P0zb
# r17C89XYcz1DTsEzOUyOArxCaC4Q6oRRRuLRvWoYWmEBc8pnol7XKHYC4jMYcten
# IPDC+hIK12NvDMk2ZItboKaDIV1fMHSRlJTYuVD5C4lh8zYGNRiER9vcG9H9stQc
# xWv2XFJRXRLbJbqvUAV6bMURHXLvjflSxIUXk8A8FdsaN8cIFRg/eKtFtvUeh17a
# j54WcmnGrnu3tz5q4i6tAgMBAAGjggHdMIIB2TASBgkrBgEEAYI3FQEEBQIDAQAB
# MCMGCSsGAQQBgjcVAgQWBBQqp1L+ZMSavoKRPEY1Kc8Q/y8E7jAdBgNVHQ4EFgQU
# n6cVXQBeYl2D9OXSZacbUzUZ6XIwXAYDVR0gBFUwUzBRBgwrBgEEAYI3TIN9AQEw
# QTA/BggrBgEFBQcCARYzaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9E
# b2NzL1JlcG9zaXRvcnkuaHRtMBMGA1UdJQQMMAoGCCsGAQUFBwMIMBkGCSsGAQQB
# gjcUAgQMHgoAUwB1AGIAQwBBMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/
# MB8GA1UdIwQYMBaAFNX2VsuP6KJcYmjRPZSQW9fOmhjEMFYGA1UdHwRPME0wS6BJ
# oEeGRWh0dHA6Ly9jcmwubWljcm9zb2Z0LmNvbS9wa2kvY3JsL3Byb2R1Y3RzL01p
# Y1Jvb0NlckF1dF8yMDEwLTA2LTIzLmNybDBaBggrBgEFBQcBAQROMEwwSgYIKwYB
# BQUHMAKGPmh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvY2VydHMvTWljUm9v
# Q2VyQXV0XzIwMTAtMDYtMjMuY3J0MA0GCSqGSIb3DQEBCwUAA4ICAQCdVX38Kq3h
# LB9nATEkW+Geckv8qW/qXBS2Pk5HZHixBpOXPTEztTnXwnE2P9pkbHzQdTltuw8x
# 5MKP+2zRoZQYIu7pZmc6U03dmLq2HnjYNi6cqYJWAAOwBb6J6Gngugnue99qb74p
# y27YP0h1AdkY3m2CDPVtI1TkeFN1JFe53Z/zjj3G82jfZfakVqr3lbYoVSfQJL1A
# oL8ZthISEV09J+BAljis9/kpicO8F7BUhUKz/AyeixmJ5/ALaoHCgRlCGVJ1ijbC
# HcNhcy4sa3tuPywJeBTpkbKpW99Jo3QMvOyRgNI95ko+ZjtPu4b6MhrZlvSP9pEB
# 9s7GdP32THJvEKt1MMU0sHrYUP4KWN1APMdUbZ1jdEgssU5HLcEUBHG/ZPkkvnNt
# yo4JvbMBV0lUZNlz138eW0QBjloZkWsNn6Qo3GcZKCS6OEuabvshVGtqRRFHqfG3
# rsjoiV5PndLQTHa1V1QJsWkBRH58oWFsc/4Ku+xBZj1p/cvBQUl+fpO+y/g75LcV
# v7TOPqUxUYS8vwLBgqJ7Fx0ViY1w/ue10CgaiQuPNtq6TPmb/wrpNPgkNWcr4A24
# 5oyZ1uEi6vAnQj0llOZ0dFtq0Z4+7X6gMTN9vMvpe784cETRkPHIqzqKOghif9lw
# Y1NNje6CbaUFEMFxBmoQtB1VM1izoXBm8qGCAtQwggI9AgEBMIIBAKGB2KSB1TCB
# 0jELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1Jl
# ZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEtMCsGA1UECxMk
# TWljcm9zb2Z0IElyZWxhbmQgT3BlcmF0aW9ucyBMaW1pdGVkMSYwJAYDVQQLEx1U
# aGFsZXMgVFNTIEVTTjo4RDQxLTRCRjctQjNCNzElMCMGA1UEAxMcTWljcm9zb2Z0
# IFRpbWUtU3RhbXAgU2VydmljZaIjCgEBMAcGBSsOAwIaAxUAPYiXu8ORQ4hvKcuE
# 7GK0COgxWnqggYMwgYCkfjB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGlu
# Z3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBv
# cmF0aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMDAN
# BgkqhkiG9w0BAQUFAAIFAOmY0YcwIhgPMjAyNDAzMTEwODQwMzlaGA8yMDI0MDMx
# MjA4NDAzOVowdDA6BgorBgEEAYRZCgQBMSwwKjAKAgUA6ZjRhwIBADAHAgEAAgIT
# NjAHAgEAAgIRXjAKAgUA6ZojBwIBADA2BgorBgEEAYRZCgQCMSgwJjAMBgorBgEE
# AYRZCgMCoAowCAIBAAIDB6EgoQowCAIBAAIDAYagMA0GCSqGSIb3DQEBBQUAA4GB
# ADOqiAEEIzAugjMMAAEjNQnVDjz7ZtVUtwiV6rjZvmBGmzZSxSTOdtDWds4XmyMp
# 803WP4UWdTUhC9ebCgYxylL2mJGkaVUokw9RR5befF9HqePXhyubw933RlS3dvf1
# M8mimHGOIqTSqvfJVfI0rNEkvf3mteT3c726SQFS/1HxMYIEDTCCBAkCAQEwgZMw
# fDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1Jl
# ZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMd
# TWljcm9zb2Z0IFRpbWUtU3RhbXAgUENBIDIwMTACEzMAAAHj372bmhxogyIAAQAA
# AeMwDQYJYIZIAWUDBAIBBQCgggFKMBoGCSqGSIb3DQEJAzENBgsqhkiG9w0BCRAB
# BDAvBgkqhkiG9w0BCQQxIgQg3qunYxi+7fv6Uu1ioFQW8WaFOHAXJVAyxxjWGlOv
# 9iQwgfoGCyqGSIb3DQEJEAIvMYHqMIHnMIHkMIG9BCAz1COr5bD+ZPdEgQjWvcIW
# uDJcQbdgq8Ndj0xyMuYmKjCBmDCBgKR+MHwxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
# EwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3Nv
# ZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMTHU1pY3Jvc29mdCBUaW1lLVN0YW1wIFBD
# QSAyMDEwAhMzAAAB49+9m5ocaIMiAAEAAAHjMCIEIOD5qV/g+6GTk8PeAmchag+f
# 0NNYXLilFB6AX3LEXPJVMA0GCSqGSIb3DQEBCwUABIICAIAXg1e5tJkSPIexksj8
# 8vbtzbOQBSPtwvvpA+Obw5i5Sy3RWVzGQFFZVB4XrTZYvT7hE/nWFCM6wuCb52u+
# dWLBAppL4aRxWnia0zZlru3QIhKr8SRKpx24X+nrl5+qlb3Jg7WgxE63ezOlo0Tc
# entSyL0jWJLX8A5tHmI9wuskrcaWlDrdJ7dIpF8I/ntrmGLx2LGa7/qOkEVF168+
# utYjIM9EiIhMMwogcXqveENWaIBkxgOeBoIiUg/CXOUmLP8jKlvmW4zW6WR/vx69
# ncAhvnDovf6E2qj1C06hWCX3HhWVagdbarNvnuAaSareI4MCvRqRnXINUcoJhHyK
# pM2gXrCO41zyjm7nuhS3SMvUEx35o30rAsp6vbSG6r/L1tDLcomB8sXof6tfW3NW
# qwK1YFNcwM58oSjn6aMNQTklGVD741PDMEzhgEZE+7ioVvptCVEic9OpAGi9G8UL
# mwqYXE8cwVFjooOQo82Si0mZ6b+dgmCDjqlVH6Wc+F+ugNyWV0PhXv4JmwOTJ7OH
# pq583NKRAlPYZUTRy7yGLnFdT5tt4LLnvDnD520ZEzrJmfPTAKjNsfsAOKq+ysrO
# 5v0EBkoHCQ2AyGBkZd2hQJ2mEqDCr99ZVHQluQ4yRQCtfMMVzublHAf0Hfbz+gAQ
# 7L3rq8HCwKSoSf1bKLVS1Cuh
# SIG # End signature block