Private/AzStackHci.Layer7.Helpers.ps1
|
# //////////////////////////////////////////////////////////////////////////// # Helper function to get certificate details for an endpoint # # Certificate chain validation flow: # 1. If HTTPS: calls Get-SslCertificateChain to retrieve the full X509 chain (leaf, intermediate, root) # 2. Validates the leaf certificate using Test-Certificate -Policy SSL # 3. Then validates the leaf certificate against the specific DNS name # 4. If either validation fails: marks as SSL Inspection detected (sets $script:SSLInspectionDetected) # 5. Extracts Subject, Issuer, and Thumbprint for all three chain levels # 6. If HTTP (port 80): skips all cert checks and fills fields with "Port 80 - SSL not required" # 7. If cert retrieval fails: fills fields with "Error retrieving certificates" # # This is a private helper function for Test-Layer7Connectivity Function Get-Layer7CertificateDetails { param ( [Parameter(Mandatory=$true)] [string]$url, [Parameter(Mandatory=$true)] [string]$Layer7Status, [Parameter(Mandatory=$false)] [string]$ReturnLayer7Response = "" ) # Initialize return hashtable $CertDetails = @{ Layer7Status = $Layer7Status ReturnLayer7Response = $ReturnLayer7Response ReturnCertIssuer = "" ReturnCertSubject = "" ReturnCertThumbprint = "" ReturnCertIntIssuer = "" ReturnCertIntSubject = "" ReturnCertIntThumbprint = "" ReturnCertRootIssuer = "" ReturnCertRootSubject = "" ReturnCertRootThumbprint = "" } try { # Check if the URL is HTTPS if($url -match "https://"){ # Get the certificate chain for the URL # The function will check for SSL inspection, and return the certificate issuer # The function will return the certificate issuer, thumbprint, and subject $Certificates = Get-SslCertificateChain -url $url -AllowAutoRedirect $false -ErrorAction SilentlyContinue # Retry once if cert retrieval failed (intermittent backend pool server issues can cause TLS handshake timeouts) if(-not $Certificates){ Write-Debug "Certificate retrieval failed for '$url', retrying once..." $Certificates = Get-SslCertificateChain -url $url -AllowAutoRedirect $false -ErrorAction SilentlyContinue } } else { # No certificate required for HTTP (port 80) $NoCertificatesRequired = $true Write-Verbose "Port 80: SSL certificate checks not required." } # Get Certificate details if($Certificates){ # Get the certificate chain elements array with bounds safety $chainCerts = $Certificates.ChainElements.Certificate [int]$chainCount = if ($chainCerts) { @($chainCerts).Count } else { 0 } # Check if the certificate chain is not null if($chainCount -gt 0){ Write-Verbose "Certificates Chain found with $chainCount parts" } else { # No certificate found Write-HostAzS "Error: No SSL Certificates found" -ForegroundColor Red } # Leaf certificate (index 0) - only access if chain has at least 1 element if($chainCount -ge 1){ # Check if the certificate subject is not null if(-not([string]::IsNullOrWhiteSpace($chainCerts[0].Subject))){ # Set the certificate subject to the variable $CertDetails.ReturnCertSubject = $chainCerts[0].Subject # Check the certificate using Test-Certificate, to check if the certificate is trusted for SSL # Check if the certificate is trusted for SSL if(Test-Certificate -Cert $chainCerts[0] -Policy SSL -ErrorAction SilentlyContinue -ErrorVariable certError){ # Certificate is valid for SSL Write-Verbose "Certificate is trusted for SSL: $($CertDetails.ReturnCertSubject)" # Check if the certificate is valid for the URL if(Test-Certificate -Cert $chainCerts[0] -Policy SSL -DNSName (Get-DomainFromURL -url $url).Domain -ErrorAction SilentlyContinue -ErrorVariable certError){ # Certificate is a valid for URL Write-Verbose "Certificate is a valid for endpoint: $url" } else { # Certificate is not valid for URL Write-HostAzS "Certificate is not valid for endpoint: $url" -ForegroundColor Red Write-HostAzS "Possible SSL Inspection detected, certificate is not trusted." -ForegroundColor Yellow Write-HostAzS "Returned certificate subject: '$($CertDetails.ReturnCertSubject)'" -ForegroundColor Yellow $CertDetails.Layer7Status = "Failed" $CertDetails.ReturnLayer7Response = $CertDetails.ReturnLayer7Response + " - SSL Inspection detected" $script:SSLInspectionDetected = $true $script:SSLInspectedURLs.Add($url) | Out-Null } } else { # Certificate is not valid for SSL Write-HostAzS "Certificate is not trusted for SSL: $($CertDetails.ReturnCertSubject)" -ForegroundColor Red # SSL inspection detected Write-HostAzS "Possible SSL Inspection detected, certificate is not trusted." -ForegroundColor Yellow $CertDetails.Layer7Status = "Failed" $CertDetails.ReturnLayer7Response = $CertDetails.ReturnLayer7Response + " - SSL Inspection detected" $script:SSLInspectionDetected = $true $script:SSLInspectedURLs.Add($url) | Out-Null } } else { # No certificate subject found $CertDetails.ReturnCertSubject = "No certificate common name found" } # Check if the certificate issuer is not null if(-not([string]::IsNullOrWhiteSpace($chainCerts[0].Issuer))){ # Set the certificate issuer to the variable $CertDetails.ReturnCertIssuer = $chainCerts[0].Issuer } else { # No certificate issuer found $CertDetails.ReturnCertIssuer = "No certificate issuer found" } # Check if the certificate thumbprint is not null if(-not([string]::IsNullOrWhiteSpace($chainCerts[0].Thumbprint))){ # Set the certificate thumbprint to the variable $CertDetails.ReturnCertThumbprint = $chainCerts[0].Thumbprint } else { # No certificate thumbprint found $CertDetails.ReturnCertThumbprint = "No certificate thumbprint found" } } else { $CertDetails.ReturnCertSubject = "No leaf certificate found in chain" $CertDetails.ReturnCertIssuer = "No leaf certificate found in chain" $CertDetails.ReturnCertThumbprint = "No leaf certificate found in chain" } # Intermediate certificate (index 1) - only access if chain has at least 2 elements if($chainCount -ge 2){ # Check if the intermediate certificate subject is not null if(-not([string]::IsNullOrWhiteSpace($chainCerts[1].Subject))){ # Set the certificate issuer to the variable $CertDetails.ReturnCertIntSubject = $chainCerts[1].Subject } else { # No intermediate certificate Subject found $CertDetails.ReturnCertIntSubject = "No intermediate certificate common name found" } # Check if the intermediate certificate issuer is not null if(-not([string]::IsNullOrWhiteSpace($chainCerts[1].Issuer))){ # Set the certificate issuer to the variable $CertDetails.ReturnCertIntIssuer = $chainCerts[1].Issuer } else { # No intermediate certificate issuer found $CertDetails.ReturnCertIntIssuer = "No intermediate certificate issuer found" } # Check if the intermediate certificate thumbprint is not null if(-not([string]::IsNullOrWhiteSpace($chainCerts[1].Thumbprint))){ # Set the certificate thumbprint to the variable $CertDetails.ReturnCertIntThumbprint = $chainCerts[1].Thumbprint } else { # No intermediate certificate thumbprint found $CertDetails.ReturnCertIntThumbprint = "No intermediate certificate thumbprint found" } } else { $CertDetails.ReturnCertIntSubject = "No intermediate certificate in chain" $CertDetails.ReturnCertIntIssuer = "No intermediate certificate in chain" $CertDetails.ReturnCertIntThumbprint = "No intermediate certificate in chain" } # Root certificate (index 2) - only access if chain has at least 3 elements if($chainCount -ge 3){ # Check if the root certificate subject is not null if(-not([string]::IsNullOrWhiteSpace($chainCerts[2].Subject))){ # Set the certificate issuer to the variable $CertDetails.ReturnCertRootSubject = $chainCerts[2].Subject } else { # No root certificate Subject found $CertDetails.ReturnCertRootSubject = "No root certificate common name found" } # Check if the root certificate issuer is not null if(-not([string]::IsNullOrWhiteSpace($chainCerts[2].Issuer))){ # Set the certificate issuer to the variable $CertDetails.ReturnCertRootIssuer = $chainCerts[2].Issuer } else { # No root certificate issuer found $CertDetails.ReturnCertRootIssuer = "No root certificate issuer found" } # Check if the root certificate thumbprint is not null if(-not([string]::IsNullOrWhiteSpace($chainCerts[2].Thumbprint))){ # Set the certificate thumbprint to the variable $CertDetails.ReturnCertRootThumbprint = $chainCerts[2].Thumbprint } else { # No root certificate thumbprint found $CertDetails.ReturnCertRootThumbprint = "No root certificate thumbprint found" } } else { $CertDetails.ReturnCertRootSubject = "No root certificate in chain" $CertDetails.ReturnCertRootIssuer = "No root certificate in chain" $CertDetails.ReturnCertRootThumbprint = "No root certificate in chain" } } elseif($NoCertificatesRequired){ # No certificate found, as the port is 80 $CertDetails.ReturnCertIssuer = "Port 80 - SSL not required" $CertDetails.ReturnCertSubject = "Port 80 - SSL not required" $CertDetails.ReturnCertThumbprint = "Port 80 - SSL not required" $CertDetails.ReturnCertIntIssuer = "Port 80 - SSL not required" $CertDetails.ReturnCertIntSubject = "Port 80 - SSL not required" $CertDetails.ReturnCertIntThumbprint = "Port 80 - SSL not required" $CertDetails.ReturnCertRootIssuer = "Port 80 - SSL not required" $CertDetails.ReturnCertRootSubject = "Port 80 - SSL not required" $CertDetails.ReturnCertRootThumbprint = "Port 80 - SSL not required" Write-Verbose "Port 80: SSL certificate checks not required." } else { # No certificate found, but expected $CertDetails.ReturnCertIssuer = "Error retrieving certificates" $CertDetails.ReturnCertSubject = "Error retrieving certificates" $CertDetails.ReturnCertThumbprint = "Error retrieving certificates" $CertDetails.ReturnCertIntIssuer = "Error retrieving certificates" $CertDetails.ReturnCertIntSubject = "Error retrieving certificates" $CertDetails.ReturnCertIntThumbprint = "Error retrieving certificates" $CertDetails.ReturnCertRootIssuer = "Error retrieving certificates" $CertDetails.ReturnCertRootSubject = "Error retrieving certificates" $CertDetails.ReturnCertRootThumbprint = "Error retrieving certificates" Write-HostAzS "Error retrieving certificates..." -ForegroundColor Red } } catch { # Catch any unexpected errors during certificate chain processing Write-HostAzS "Error processing certificate details for '$url': $($_.Exception.Message)" -ForegroundColor Red $CertDetails.ReturnCertIssuer = "Error: $($_.Exception.Message)" $CertDetails.ReturnCertSubject = "Error: $($_.Exception.Message)" $CertDetails.ReturnCertThumbprint = "Error: $($_.Exception.Message)" $CertDetails.ReturnCertIntIssuer = "Error: $($_.Exception.Message)" $CertDetails.ReturnCertIntSubject = "Error: $($_.Exception.Message)" $CertDetails.ReturnCertIntThumbprint = "Error: $($_.Exception.Message)" $CertDetails.ReturnCertRootIssuer = "Error: $($_.Exception.Message)" $CertDetails.ReturnCertRootSubject = "Error: $($_.Exception.Message)" $CertDetails.ReturnCertRootThumbprint = "Error: $($_.Exception.Message)" } return $CertDetails } # //////////////////////////////////////////////////////////////////////////// # Helper function to get certificate details for failed endpoints # This is a private helper function for Test-Layer7Connectivity Function Get-FailedEndpointCertificateDetails { param ( [Parameter(Mandatory=$true)] [string]$url ) # Initialize return hashtable $CertDetails = @{ ReturnCertIssuer = "" ReturnCertSubject = "" ReturnCertThumbprint = "" ReturnCertIntIssuer = "" ReturnCertIntSubject = "" ReturnCertIntThumbprint = "" ReturnCertRootIssuer = "" ReturnCertRootSubject = "" ReturnCertRootThumbprint = "" } # Check if the URL is HTTPS if($url -match "https://"){ # Do not attempt to check the certificate, as the Layer7Status is not "Success" Write-Debug "Unable to check certificates, as Layer7Status is 'Failed'" $CertDetails.ReturnCertIssuer = "Failed - Certificate not checked" $CertDetails.ReturnCertSubject = "Failed - Certificate not checked" $CertDetails.ReturnCertThumbprint = "Failed - Certificate not checked" $CertDetails.ReturnCertIntIssuer = "Failed - Certificate not checked" $CertDetails.ReturnCertIntSubject = "Failed - Certificate not checked" $CertDetails.ReturnCertIntThumbprint = "Failed - Certificate not checked" $CertDetails.ReturnCertRootIssuer = "Failed - Certificate not checked" $CertDetails.ReturnCertRootSubject = "Failed - Certificate not checked" $CertDetails.ReturnCertRootThumbprint = "Failed - Certificate not checked" } else { # No certificate required for HTTP (port 80) $CertDetails.ReturnCertIssuer = "Failed - (But Certificate not required for port 80)" $CertDetails.ReturnCertSubject = "Failed - (But Certificate not required for port 80)" $CertDetails.ReturnCertThumbprint = "Failed - (But Certificate not required for port 80)" $CertDetails.ReturnCertIntIssuer = "Failed - (But Certificate not required for port 80)" $CertDetails.ReturnCertIntSubject = "Failed - (But Certificate not required for port 80)" $CertDetails.ReturnCertIntThumbprint = "Failed - (But Certificate not required for port 80)" $CertDetails.ReturnCertRootIssuer = "Failed - (But Certificate not required for port 80)" $CertDetails.ReturnCertRootSubject = "Failed - (But Certificate not required for port 80)" $CertDetails.ReturnCertRootThumbprint = "Failed - (But Certificate not required for port 80)" } return $CertDetails } # //////////////////////////////////////////////////////////////////////////// # Helper function to interpret HTTP status codes and exception responses # This is a private helper function for Test-Layer7Connectivity # It determines whether a failed web request should be treated as "Success" (endpoint reachable) # or "Failed" (endpoint unreachable) based on the response string, server headers, and endpoint URL. # Documentation: https://developer.mozilla.org/en-US/docs/Web/HTTP/Status Function Get-HttpStatusInterpretation { param ( [Parameter(Mandatory=$true)] [string]$Layer7Response, [Parameter(Mandatory=$false)] [object]$IwrError, [Parameter(Mandatory=$false)] [string]$OriginalURL ) # Check if the response is a known value if($Layer7Response -eq "Unable to connect to the remote server"){ # Overwrite the Layer7Status to "Failed". return "Failed" } elseif($Layer7Response -eq "The operation has timed out"){ # Overwrite the Layer7Status to "Failed". return "Failed" } elseif($Layer7Response -like "The remote name could not be resolved*"){ # Overwrite the Layer7Status to "Failed". return "Failed" } elseif($Layer7Response -eq "(400) Bad Request"){ # Request was successful, but it was a bad request return "Success" } elseif($Layer7Response -eq "(401) Unauthorized"){ # Request was successful, but the request was not authorized return "Success" } elseif($Layer7Response -eq "(404) Not Found"){ # Request was successful, but the remote server returned no content from the root of the web server (404 page not found). return "Success" # Exception handling for 403 Forbidden responses } elseif($Layer7Response -eq "(403) Forbidden"){ # Additional connectivity test for 403 Forbidden, to check if the URL is accessible if($($IwrError.ErrorRecord.Exception.Response.Server) -like "Microsoft-IIS*") { # Microsoft IIS Server detected, valid connection return "Success" } elseif($($IwrError.ErrorRecord.Exception.Response.Server) -like "Microsoft-HTTPAPI*") { # Microsoft HTTPAPI Server detected, valid connection return "Success" } elseif($($IwrError.ErrorRecord.Exception.Response.Server) -like "AkamaiGHost*") { # AkamaiGHost detected, valid connection return "Success" } elseif($($IwrError.ErrorRecord.Exception.Response.Server) -like "AkamaiNetStorage*") { # AkamaiNetStorage detected, valid connection return "Success" } elseif($($IwrError.ErrorRecord.Exception.Response.Server) -like "Qwilt*") { # Qwilt detected, valid connection return "Success" } elseif($($IwrError.ErrorRecord.Exception.Response.Server) -like "AzureContainerRegistry") { # AzureContainerRegistry detected, valid connection return "Success" } elseif(($($IwrError.ErrorRecord.Exception.Response.Server) -eq "nginx") -and ($OriginalURL -eq "tlu.dl.delivery.mp.microsoft.com")) { # Windows Update endpoint 'tlu.dl.delivery.mp.microsoft.com', with Server "nginx" can intermittently return a 403 response # Set status to successful connection return "Success" } elseif(($($IwrError.ErrorRecord.Exception.Response.Server) -like "Amazon*") -and ($OriginalURL -eq "download.hitachivantara.com")) { # SBE endpoint: download.hitachivantara.com detected has Server "AmazonS3" # Set status to successful connection return "Success" } elseif($($IwrError.ErrorRecord.Exception.Response.StatusDescription) -eq "Forbidden - unexpected URL format") { # "Forbidden - unexpected URL format" detected, valid connection # Example URL: tlu.dl.delivery.mp.microsoft.com on port 80, which intermittently changes between "AkamaiGHost" and a null value for "$_.Exception.Response.Server" return "Success" } elseif($($IwrError.ErrorRecord.Exception.Response.Headers) -contains "x-azure-ref") { # Azure Front Door response detected, valid connection return "Success" } elseif($($IwrError.ErrorRecord.Exception.Response.Headers) -contains "X-MSEdge-Ref") { # Microsoft Edge response detected, valid connection return "Success" } elseif($($IwrError.ErrorRecord.Exception.Response.Headers) -contains "x-ms-request-id") { # Microsoft Edge response detected, valid connection return "Success" } elseif($($IwrError.ErrorRecord.Exception.Response.Headers) -contains "Location") { # Additional check for "Location" header in the response # This is used by some Microsoft services to indicate a redirect if($($IwrError.ErrorRecord.Exception.Response.Headers["Location"]) -like "*mscom.errorpage.failover.com*") { # Microsoft web server response detected, valid connection return "Success" } # Location header present but not a known Microsoft redirect - fall through to default Failed return "Failed" } elseif($($IwrError.ErrorRecord.Exception.Response.Server) -like "Zscaler*") { # Zscaler response detected, invalid connection # Known firewall / proxy device intercepting requests # Set status to Failed return "Failed" } elseif($IwrError.Message.ToString().Contains("You do not have permission to view this directory or page using the credentials that you supplied.")){ # Expected response from a couple of endpoints # Response: "403 - Forbidden: Access is denied." # Server Error # Server example: 'https://azurewatsonanalysis-prod.core.windows.net' and key vaults # Response: "403 - Forbidden: Access is denied. You do not have permission to view this directory or page using the credentials that you supplied." # You do not have permission to view this directory or page using the credentials that you supplied. return "Success" } else { # ////// All other 403 Forbidden responses /////// # Unknown, set Layer7Status to "Failed" return "Failed" } } elseif($Layer7Response -eq "(405) Method Not Allowed"){ # Overwrite the Layer7Status to "Failed". # https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/405 if(($($IwrError.ErrorRecord.Exception.Response.Server) -like "Microsoft*")) { # https://dataonsbe.azurewebsites.net/download returns a 405, valid connection return "Success" } else { return "Failed" } } elseif($Layer7Response -eq "(408) Request Timeout"){ # Overwrite the Layer7Status to "Failed". # https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/408 return "Failed" } elseif($Layer7Response -eq "(429) Too Many Requests"){ # Overwrite the Layer7Status to "Success", as this the server is responding with a "429" Too Many Requests # https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/429 return "Success" } elseif($Layer7Response -eq "(500) Internal Server Error"){ # The server returned a 500 error, but connectivity to the endpoint was established successfully. # This indicates the endpoint is reachable (firewall/proxy rules are correct), even though the service has an internal error. # https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/500 return "Success" } elseif($Layer7Response -eq "(502) Bad Gateway"){ # Overwrite the Layer7Status to "Failed", another device can respond. # https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/502 # Additional check for 502 Bad Gateway, to check for "Microsoft-Azure-Application-Gateway/v2" in the response if($($IwrError.ErrorRecord.Exception.Response.Server) -like 'Microsoft-Azure-Application-Gateway*') { Write-Verbose "Azure Application Gateway response detected, valid connection" return "Success" # Additional check for Arc Gateway response } elseif($IwrError.Message.ToString().Contains("Our services aren't available right now") -and (($OriginalURL -like "*.gw.arc.azure.com") -or ($OriginalURL -eq "dp.stackhci.azure.com"))) { Write-Verbose "Azure Front Door response detected, valid connection" return "Success" } elseif($($IwrError.ErrorRecord.Exception.Response.Headers) -contains "x-azure-ref") { # Azure Front Door response detected, valid connection even though the response is 502 Bad Gateway Write-Verbose "Azure Front Door response detected, valid connection" return "Success" } else { return "Failed" } } elseif($Layer7Response -eq "(503) Server Unavailable"){ # Overwrite the Layer7Status to "Success". # 503 status code indicates that the server is not ready to handle the request. # This can be due to the server being overloaded or down for maintenance. # https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Status/503 return "Success" # Could not 'Could not establish trust relationship for the SSL/TLS secure channel' } elseif($Layer7Response -like "*Could not establish trust relationship for the SSL/TLS secure channel"){ # Overwrite the Layer7Status to "Failed" return "Failed" # ////// All other / unhandled exceptions treat as Failed ////// } else { # Overwrite the Layer7Status to "Failed" return "Failed" } } # //////////////////////////////////////////////////////////////////////////// # Helper function to resolve HTTP redirects # This is a private helper function for Test-Layer7Connectivity Function Resolve-Layer7Redirect { param ( [Parameter(Mandatory=$true)] [object]$IwrResult, [Parameter(Mandatory=$true)] [string]$url, [Parameter(Mandatory=$true)] [int]$RedirectCount ) # Initialize return hashtable $RedirectInfo = @{ RedirectsComplete = $false NextUrl = $url Layer7Status = "Success" ReturnLayer7Response = "" } # Check if the response contains a redirect (HTTP 301 or 302) if ($IwrResult.StatusCode -eq 301 -or $IwrResult.StatusCode -eq 302) { # Redirect detected Write-Verbose "Redirect detected to: $($IwrResult.Headers.Location)" # Check if the redirect count is less than 10 if($RedirectCount -lt 10){ # Set the URL to the redirected URL $RedirectInfo.NextUrl = $IwrResult.Headers.Location # Add the redirected URL to the RedirectedResults array $script:RedirectedResults.Add($IwrResult.Headers.Location) | Out-Null # Set the Layer7Status to Success, as the redirect was successful $RedirectInfo.Layer7Status = "Success" if($IwrResult.StatusCode -eq 301){ $RedirectInfo.ReturnLayer7Response = "HTTP 301 redirect" } else { $RedirectInfo.ReturnLayer7Response = "HTTP 302 redirect" } # Continue with the redirect $RedirectInfo.RedirectsComplete = $false } else { # Redirect count is greater than or equal to 10 Write-HostAzS "Redirect count is greater than or equal to 10, stopping redirects." -ForegroundColor Yellow $RedirectInfo.Layer7Status = "Failed" $RedirectInfo.ReturnLayer7Response = "Too many redirects (10+)" $RedirectInfo.RedirectsComplete = $true } } else { # No redirect detected $RedirectInfo.RedirectsComplete = $true $RedirectInfo.Layer7Status = "Success" $RedirectInfo.ReturnLayer7Response = "HTTP $($IwrResult.StatusCode) $($IwrResult.StatusDescription)" } return $RedirectInfo } # SIG # Begin signature block # MIIoVQYJKoZIhvcNAQcCoIIoRjCCKEICAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCAsRKCMrxzEkCIE # t19+PV6tuPjsbIceVgSaPKKd+MB8DqCCDYUwggYDMIID66ADAgECAhMzAAAEhJji # EuB4ozFdAAAAAASEMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMRMwEQYD # VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNpZ25p # bmcgUENBIDIwMTEwHhcNMjUwNjE5MTgyMTM1WhcNMjYwNjE3MTgyMTM1WjB0MQsw # CQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9u # ZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYDVQQDExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB # AQDtekqMKDnzfsyc1T1QpHfFtr+rkir8ldzLPKmMXbRDouVXAsvBfd6E82tPj4Yz # aSluGDQoX3NpMKooKeVFjjNRq37yyT/h1QTLMB8dpmsZ/70UM+U/sYxvt1PWWxLj # MNIXqzB8PjG6i7H2YFgk4YOhfGSekvnzW13dLAtfjD0wiwREPvCNlilRz7XoFde5 # KO01eFiWeteh48qUOqUaAkIznC4XB3sFd1LWUmupXHK05QfJSmnei9qZJBYTt8Zh # ArGDh7nQn+Y1jOA3oBiCUJ4n1CMaWdDhrgdMuu026oWAbfC3prqkUn8LWp28H+2S # LetNG5KQZZwvy3Zcn7+PQGl5AgMBAAGjggGCMIIBfjAfBgNVHSUEGDAWBgorBgEE # AYI3TAgBBggrBgEFBQcDAzAdBgNVHQ4EFgQUBN/0b6Fh6nMdE4FAxYG9kWCpbYUw # VAYDVR0RBE0wS6RJMEcxLTArBgNVBAsTJE1pY3Jvc29mdCBJcmVsYW5kIE9wZXJh # dGlvbnMgTGltaXRlZDEWMBQGA1UEBRMNMjMwMDEyKzUwNTM2MjAfBgNVHSMEGDAW # gBRIbmTlUAXTgqoXNzcitW2oynUClTBUBgNVHR8ETTBLMEmgR6BFhkNodHRwOi8v # d3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NybC9NaWNDb2RTaWdQQ0EyMDExXzIw # MTEtMDctMDguY3JsMGEGCCsGAQUFBwEBBFUwUzBRBggrBgEFBQcwAoZFaHR0cDov # L3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNDb2RTaWdQQ0EyMDEx # XzIwMTEtMDctMDguY3J0MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIB # AGLQps1XU4RTcoDIDLP6QG3NnRE3p/WSMp61Cs8Z+JUv3xJWGtBzYmCINmHVFv6i # 8pYF/e79FNK6P1oKjduxqHSicBdg8Mj0k8kDFA/0eU26bPBRQUIaiWrhsDOrXWdL # m7Zmu516oQoUWcINs4jBfjDEVV4bmgQYfe+4/MUJwQJ9h6mfE+kcCP4HlP4ChIQB # UHoSymakcTBvZw+Qst7sbdt5KnQKkSEN01CzPG1awClCI6zLKf/vKIwnqHw/+Wvc # Ar7gwKlWNmLwTNi807r9rWsXQep1Q8YMkIuGmZ0a1qCd3GuOkSRznz2/0ojeZVYh # ZyohCQi1Bs+xfRkv/fy0HfV3mNyO22dFUvHzBZgqE5FbGjmUnrSr1x8lCrK+s4A+ # bOGp2IejOphWoZEPGOco/HEznZ5Lk6w6W+E2Jy3PHoFE0Y8TtkSE4/80Y2lBJhLj # 27d8ueJ8IdQhSpL/WzTjjnuYH7Dx5o9pWdIGSaFNYuSqOYxrVW7N4AEQVRDZeqDc # fqPG3O6r5SNsxXbd71DCIQURtUKss53ON+vrlV0rjiKBIdwvMNLQ9zK0jy77owDy # XXoYkQxakN2uFIBO1UNAvCYXjs4rw3SRmBX9qiZ5ENxcn/pLMkiyb68QdwHUXz+1 # fI6ea3/jjpNPz6Dlc/RMcXIWeMMkhup/XEbwu73U+uz/MIIHejCCBWKgAwIBAgIK # YQ6Q0gAAAAAAAzANBgkqhkiG9w0BAQsFADCBiDELMAkGA1UEBhMCVVMxEzARBgNV # BAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jv # c29mdCBDb3Jwb3JhdGlvbjEyMDAGA1UEAxMpTWljcm9zb2Z0IFJvb3QgQ2VydGlm # aWNhdGUgQXV0aG9yaXR5IDIwMTEwHhcNMTEwNzA4MjA1OTA5WhcNMjYwNzA4MjEw # OTA5WjB+MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UE # BxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSgwJgYD # VQQDEx9NaWNyb3NvZnQgQ29kZSBTaWduaW5nIFBDQSAyMDExMIICIjANBgkqhkiG # 9w0BAQEFAAOCAg8AMIICCgKCAgEAq/D6chAcLq3YbqqCEE00uvK2WCGfQhsqa+la # UKq4BjgaBEm6f8MMHt03a8YS2AvwOMKZBrDIOdUBFDFC04kNeWSHfpRgJGyvnkmc # 6Whe0t+bU7IKLMOv2akrrnoJr9eWWcpgGgXpZnboMlImEi/nqwhQz7NEt13YxC4D # dato88tt8zpcoRb0RrrgOGSsbmQ1eKagYw8t00CT+OPeBw3VXHmlSSnnDb6gE3e+ # lD3v++MrWhAfTVYoonpy4BI6t0le2O3tQ5GD2Xuye4Yb2T6xjF3oiU+EGvKhL1nk # kDstrjNYxbc+/jLTswM9sbKvkjh+0p2ALPVOVpEhNSXDOW5kf1O6nA+tGSOEy/S6 # A4aN91/w0FK/jJSHvMAhdCVfGCi2zCcoOCWYOUo2z3yxkq4cI6epZuxhH2rhKEmd # X4jiJV3TIUs+UsS1Vz8kA/DRelsv1SPjcF0PUUZ3s/gA4bysAoJf28AVs70b1FVL # 5zmhD+kjSbwYuER8ReTBw3J64HLnJN+/RpnF78IcV9uDjexNSTCnq47f7Fufr/zd # sGbiwZeBe+3W7UvnSSmnEyimp31ngOaKYnhfsi+E11ecXL93KCjx7W3DKI8sj0A3 # T8HhhUSJxAlMxdSlQy90lfdu+HggWCwTXWCVmj5PM4TasIgX3p5O9JawvEagbJjS # 4NaIjAsCAwEAAaOCAe0wggHpMBAGCSsGAQQBgjcVAQQDAgEAMB0GA1UdDgQWBBRI # bmTlUAXTgqoXNzcitW2oynUClTAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTAL # BgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBRyLToCMZBD # uRQFTuHqp8cx0SOJNDBaBgNVHR8EUzBRME+gTaBLhklodHRwOi8vY3JsLm1pY3Jv # c29mdC5jb20vcGtpL2NybC9wcm9kdWN0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFf # MDNfMjIuY3JsMF4GCCsGAQUFBwEBBFIwUDBOBggrBgEFBQcwAoZCaHR0cDovL3d3 # dy5taWNyb3NvZnQuY29tL3BraS9jZXJ0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFf # MDNfMjIuY3J0MIGfBgNVHSAEgZcwgZQwgZEGCSsGAQQBgjcuAzCBgzA/BggrBgEF # BQcCARYzaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9kb2NzL3ByaW1h # cnljcHMuaHRtMEAGCCsGAQUFBwICMDQeMiAdAEwAZQBnAGEAbABfAHAAbwBsAGkA # YwB5AF8AcwB0AGEAdABlAG0AZQBuAHQALiAdMA0GCSqGSIb3DQEBCwUAA4ICAQBn # 8oalmOBUeRou09h0ZyKbC5YR4WOSmUKWfdJ5DJDBZV8uLD74w3LRbYP+vj/oCso7 # v0epo/Np22O/IjWll11lhJB9i0ZQVdgMknzSGksc8zxCi1LQsP1r4z4HLimb5j0b # pdS1HXeUOeLpZMlEPXh6I/MTfaaQdION9MsmAkYqwooQu6SpBQyb7Wj6aC6VoCo/ # KmtYSWMfCWluWpiW5IP0wI/zRive/DvQvTXvbiWu5a8n7dDd8w6vmSiXmE0OPQvy # CInWH8MyGOLwxS3OW560STkKxgrCxq2u5bLZ2xWIUUVYODJxJxp/sfQn+N4sOiBp # mLJZiWhub6e3dMNABQamASooPoI/E01mC8CzTfXhj38cbxV9Rad25UAqZaPDXVJi # hsMdYzaXht/a8/jyFqGaJ+HNpZfQ7l1jQeNbB5yHPgZ3BtEGsXUfFL5hYbXw3MYb # BL7fQccOKO7eZS/sl/ahXJbYANahRr1Z85elCUtIEJmAH9AAKcWxm6U/RXceNcbS # oqKfenoi+kiVH6v7RyOA9Z74v2u3S5fi63V4GuzqN5l5GEv/1rMjaHXmr/r8i+sL # gOppO6/8MO0ETI7f33VtY5E90Z1WTk+/gFcioXgRMiF670EKsT/7qMykXcGhiJtX # cVZOSEXAQsmbdlsKgEhr/Xmfwb1tbWrJUnMTDXpQzTGCGiYwghoiAgEBMIGVMH4x # CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRt # b25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01p # Y3Jvc29mdCBDb2RlIFNpZ25pbmcgUENBIDIwMTECEzMAAASEmOIS4HijMV0AAAAA # BIQwDQYJYIZIAWUDBAIBBQCgga4wGQYJKoZIhvcNAQkDMQwGCisGAQQBgjcCAQQw # HAYKKwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkEMSIEIAZT # d+nbwTpVSDHZBNVe5KZT7e87FQ36U/eO0+u9EFzUMEIGCisGAQQBgjcCAQwxNDAy # oBSAEgBNAGkAYwByAG8AcwBvAGYAdKEagBhodHRwOi8vd3d3Lm1pY3Jvc29mdC5j # b20wDQYJKoZIhvcNAQEBBQAEggEAD9cL8pL0pMWJGnEtYP0xmCB+zKjKrnwUbOR1 # F9BBikcSGZnV3w/c2JqjyUmDUzME3Xcz0mWdRANTJMFiK7JWEoPiw/VK0tOrQ9cT # pRf9EcQ7jO3MypIrFBMfNdh8ElPesYnPGYbq/bRmV95PQf15CT0qA+vDhuf/FbEs # kFIxdK1CDdk3hEspob99fTnj7SpiIjrduB3DFu9+7Z+qL/R7XaP40TyN/qkmq3Yz # PxuyzP3XvTQl2/Cp5BP+ZTpJ+zADnE/1HhtHaf2vxbF2ANyAIiTTi4bj5ZInyaSW # GahXvZtlfNt9GnlknNewE/i9kqp7K4VHiw1YQHbxPAxSmlnC0qGCF7AwghesBgor # BgEEAYI3AwMBMYIXnDCCF5gGCSqGSIb3DQEHAqCCF4kwgheFAgEDMQ8wDQYJYIZI # AWUDBAIBBQAwggFaBgsqhkiG9w0BCRABBKCCAUkEggFFMIIBQQIBAQYKKwYBBAGE # WQoDATAxMA0GCWCGSAFlAwQCAQUABCC2JgnxpGIXlCDBVrYuT2qls0bJkguQmsTa # 8pjJuz9TJQIGabzyhbxuGBMyMDI2MDQyMDE3MTU1Ny4zNDNaMASAAgH0oIHZpIHW # MIHTMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMH # UmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMS0wKwYDVQQL # EyRNaWNyb3NvZnQgSXJlbGFuZCBPcGVyYXRpb25zIExpbWl0ZWQxJzAlBgNVBAsT # Hm5TaGllbGQgVFNTIEVTTjo2NTFBLTA1RTAtRDk0NzElMCMGA1UEAxMcTWljcm9z # b2Z0IFRpbWUtU3RhbXAgU2VydmljZaCCEf4wggcoMIIFEKADAgECAhMzAAACFRgD # 04EHJnxTAAEAAAIVMA0GCSqGSIb3DQEBCwUAMHwxCzAJBgNVBAYTAlVTMRMwEQYD # VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMTHU1pY3Jvc29mdCBUaW1lLVN0YW1w # IFBDQSAyMDEwMB4XDTI1MDgxNDE4NDgyMFoXDTI2MTExMzE4NDgyMFowgdMxCzAJ # BgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25k # MR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xLTArBgNVBAsTJE1pY3Jv # c29mdCBJcmVsYW5kIE9wZXJhdGlvbnMgTGltaXRlZDEnMCUGA1UECxMeblNoaWVs # ZCBUU1MgRVNOOjY1MUEtMDVFMC1EOTQ3MSUwIwYDVQQDExxNaWNyb3NvZnQgVGlt # ZS1TdGFtcCBTZXJ2aWNlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA # w3HV3hVxL0lEYPV03XeNKZ517VIbgexhlDPdpXwDS0BYtxPwi4XYpZR1ld0u6cr2 # Xjuugdg50DUx5WHL0QhY2d9vkJSk02rE/75hcKt91m2Ih287QRxRMmFu3BF6466k # 8qp5uXtfe6uciq49YaS8p+dzv3uTarD4hQ8UT7La95pOJiRqxxd0qOGLECvHLEXP # XioNSx9pyhzhm6lt7ezLxJeFVYtxShkavPoZN0dOCiYeh4KgoKoyagzMuSiLCiMU # W4Ue4Qsm658FJNGTNh7V5qXYVA6k5xjw5WeWdKOz0i9A5jBcbY9fVOo/cA8i1byt # zcDTxb3nctcly8/OYeNstkab/Isq3Cxe1vq96fIHE1+ZGmJjka1sodwqPycVp/2t # b+BjulPL5D6rgUXTPF84U82RLKHV57bB8fHRpgnjcWBQuXPgVeSXpERWimt0NF2l # COLzqgrvS/vYqde5Ln9YlKKhAZ/xDE0TLIIr6+I/2JTtXP34nfjTENVqMBISWcak # IxAwGb3RB5yHCxynIFNVLcfKAsEdC5U2em0fAvmVv0sonqnv17cuaYi2eCLWhoK1 # Ic85Dw7s/lhcXrBpY4n/Rl5l3wHzs4vOIhu87DIy5QUaEupEsyY0NWqgI4BWl6v1 # wgse+l8DWFeUXofhUuCgVTuTHN3K8idoMbn8Q3edUIECAwEAAaOCAUkwggFFMB0G # A1UdDgQWBBSJIXfxcqAwFqGj9jdwQtdSqadj1zAfBgNVHSMEGDAWgBSfpxVdAF5i # XYP05dJlpxtTNRnpcjBfBgNVHR8EWDBWMFSgUqBQhk5odHRwOi8vd3d3Lm1pY3Jv # c29mdC5jb20vcGtpb3BzL2NybC9NaWNyb3NvZnQlMjBUaW1lLVN0YW1wJTIwUENB # JTIwMjAxMCgxKS5jcmwwbAYIKwYBBQUHAQEEYDBeMFwGCCsGAQUFBzAChlBodHRw # Oi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NlcnRzL01pY3Jvc29mdCUyMFRp # bWUtU3RhbXAlMjBQQ0ElMjAyMDEwKDEpLmNydDAMBgNVHRMBAf8EAjAAMBYGA1Ud # JQEB/wQMMAoGCCsGAQUFBwMIMA4GA1UdDwEB/wQEAwIHgDANBgkqhkiG9w0BAQsF # AAOCAgEAd42HtV+kGbvxzLBTC5O7vkCIBPy/BwpjCzeL53hAiEOebp+VdNnwm9GV # CfYq3KMfrj4UvKQTUAaS5Zkwe1gvZ3ljSSnCOyS5OwNu9dpg3ww+QW2eOcSLkyVA # WFrLn6Iig3TC/zWMvVhqXtdFhG2KJ1lSbN222csY3E3/BrGluAlvET9gmxVyyxNy # 59/7JF5zIGcJibydxs94JL1BtPgXJOfZzQ+/3iTc6eDtmaWT6DKdnJocp8wkXKWP # IsBEfkD6k1Qitwvt0mHrORah75SjecOKt4oWayVLkPTho12e0ongEg1cje5fxSZG # thrMrWKvI4R7HEC7k8maH9ePA3ViH0CVSSOefaPTGMzIhHCo5p3jG5SMcyO3eA9u # EaYQJITJlLG3BwwGmypY7C/8/nj1SOhgx1HgJ0ywOJL9xfP4AOcWmCfbsqgGbCaC # 7WH5sINdzfMar8V7YNFqkbCGUKhc8GpIyE+MKnyVn33jsuaGAlNRg7dVRUSoYLJx # vUsw9GOwyBpBwbE9sqOLm+HsO00oF23PMio7WFXcFTZAjp3ujihBAfLrXICgGOHP # dkZ042u1LZqOcnlr3XzvgMe+mPPyasW8f0rtzJj3V5E/EKiyQlPxj9Mfq2x9himn # lXWGZCVPeEBROrNbDYBfazTyLNCOTsRtksOSV3FBtPnpQtLN754wggdxMIIFWaAD # AgECAhMzAAAAFcXna54Cm0mZAAAAAAAVMA0GCSqGSIb3DQEBCwUAMIGIMQswCQYD # VQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEe # MBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMTIwMAYDVQQDEylNaWNyb3Nv # ZnQgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgMjAxMDAeFw0yMTA5MzAxODIy # MjVaFw0zMDA5MzAxODMyMjVaMHwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNo # aW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29y # cG9yYXRpb24xJjAkBgNVBAMTHU1pY3Jvc29mdCBUaW1lLVN0YW1wIFBDQSAyMDEw # MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA5OGmTOe0ciELeaLL1yR5 # vQ7VgtP97pwHB9KpbE51yMo1V/YBf2xK4OK9uT4XYDP/XE/HZveVU3Fa4n5KWv64 # NmeFRiMMtY0Tz3cywBAY6GB9alKDRLemjkZrBxTzxXb1hlDcwUTIcVxRMTegCjhu # je3XD9gmU3w5YQJ6xKr9cmmvHaus9ja+NSZk2pg7uhp7M62AW36MEBydUv626GIl # 3GoPz130/o5Tz9bshVZN7928jaTjkY+yOSxRnOlwaQ3KNi1wjjHINSi947SHJMPg # yY9+tVSP3PoFVZhtaDuaRr3tpK56KTesy+uDRedGbsoy1cCGMFxPLOJiss254o2I # 5JasAUq7vnGpF1tnYN74kpEeHT39IM9zfUGaRnXNxF803RKJ1v2lIH1+/NmeRd+2 # ci/bfV+AutuqfjbsNkz2K26oElHovwUDo9Fzpk03dJQcNIIP8BDyt0cY7afomXw/ # TNuvXsLz1dhzPUNOwTM5TI4CvEJoLhDqhFFG4tG9ahhaYQFzymeiXtcodgLiMxhy # 16cg8ML6EgrXY28MyTZki1ugpoMhXV8wdJGUlNi5UPkLiWHzNgY1GIRH29wb0f2y # 1BzFa/ZcUlFdEtsluq9QBXpsxREdcu+N+VLEhReTwDwV2xo3xwgVGD94q0W29R6H # XtqPnhZyacaue7e3PmriLq0CAwEAAaOCAd0wggHZMBIGCSsGAQQBgjcVAQQFAgMB # AAEwIwYJKwYBBAGCNxUCBBYEFCqnUv5kxJq+gpE8RjUpzxD/LwTuMB0GA1UdDgQW # BBSfpxVdAF5iXYP05dJlpxtTNRnpcjBcBgNVHSAEVTBTMFEGDCsGAQQBgjdMg30B # ATBBMD8GCCsGAQUFBwIBFjNodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3Bz # L0RvY3MvUmVwb3NpdG9yeS5odG0wEwYDVR0lBAwwCgYIKwYBBQUHAwgwGQYJKwYB # BAGCNxQCBAweCgBTAHUAYgBDAEEwCwYDVR0PBAQDAgGGMA8GA1UdEwEB/wQFMAMB # Af8wHwYDVR0jBBgwFoAU1fZWy4/oolxiaNE9lJBb186aGMQwVgYDVR0fBE8wTTBL # oEmgR4ZFaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9jcmwvcHJvZHVjdHMv # TWljUm9vQ2VyQXV0XzIwMTAtMDYtMjMuY3JsMFoGCCsGAQUFBwEBBE4wTDBKBggr # BgEFBQcwAoY+aHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9jZXJ0cy9NaWNS # b29DZXJBdXRfMjAxMC0wNi0yMy5jcnQwDQYJKoZIhvcNAQELBQADggIBAJ1Vffwq # reEsH2cBMSRb4Z5yS/ypb+pcFLY+TkdkeLEGk5c9MTO1OdfCcTY/2mRsfNB1OW27 # DzHkwo/7bNGhlBgi7ulmZzpTTd2YurYeeNg2LpypglYAA7AFvonoaeC6Ce5732pv # vinLbtg/SHUB2RjebYIM9W0jVOR4U3UkV7ndn/OOPcbzaN9l9qRWqveVtihVJ9Ak # vUCgvxm2EhIRXT0n4ECWOKz3+SmJw7wXsFSFQrP8DJ6LGYnn8AtqgcKBGUIZUnWK # NsIdw2FzLixre24/LAl4FOmRsqlb30mjdAy87JGA0j3mSj5mO0+7hvoyGtmW9I/2 # kQH2zsZ0/fZMcm8Qq3UwxTSwethQ/gpY3UA8x1RtnWN0SCyxTkctwRQEcb9k+SS+ # c23Kjgm9swFXSVRk2XPXfx5bRAGOWhmRaw2fpCjcZxkoJLo4S5pu+yFUa2pFEUep # 8beuyOiJXk+d0tBMdrVXVAmxaQFEfnyhYWxz/gq77EFmPWn9y8FBSX5+k77L+Dvk # txW/tM4+pTFRhLy/AsGConsXHRWJjXD+57XQKBqJC4822rpM+Zv/Cuk0+CQ1Zyvg # DbjmjJnW4SLq8CdCPSWU5nR0W2rRnj7tfqAxM328y+l7vzhwRNGQ8cirOoo6CGJ/ # 2XBjU02N7oJtpQUQwXEGahC0HVUzWLOhcGbyoYIDWTCCAkECAQEwggEBoYHZpIHW # MIHTMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMH # UmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMS0wKwYDVQQL # EyRNaWNyb3NvZnQgSXJlbGFuZCBPcGVyYXRpb25zIExpbWl0ZWQxJzAlBgNVBAsT # Hm5TaGllbGQgVFNTIEVTTjo2NTFBLTA1RTAtRDk0NzElMCMGA1UEAxMcTWljcm9z # b2Z0IFRpbWUtU3RhbXAgU2VydmljZaIjCgEBMAcGBSsOAwIaAxUAj6eTejbuYE1I # fjbfrt6tXevCUSCggYMwgYCkfjB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2Fz # aGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENv # cnBvcmF0aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAx # MDANBgkqhkiG9w0BAQsFAAIFAO2QTSIwIhgPMjAyNjA0MjAwNjU4NDJaGA8yMDI2 # MDQyMTA2NTg0MlowdzA9BgorBgEEAYRZCgQBMS8wLTAKAgUA7ZBNIgIBADAKAgEA # AgIVKgIB/zAHAgEAAgIUbjAKAgUA7ZGeogIBADA2BgorBgEEAYRZCgQCMSgwJjAM # BgorBgEEAYRZCgMCoAowCAIBAAIDB6EgoQowCAIBAAIDAYagMA0GCSqGSIb3DQEB # CwUAA4IBAQBseGiGIIQLDepAgxPaVnST7khDuOj1107/xcncStkG3D8ARJdmjm7J # l4reSa6OK6rgSWrXMX7/ukvMM6cqHvEXlyvfY9l9nI+Egkr8WkGJ7F24VRqpAgxA # amqVLnwjOOuMV0bFhMkHWwWQ1EwchYkYs4yk9N69I7D98Y/uv6EchBc2M2uibuzb # HcukbdYIRcAKw/lrulfs6TJXeIzZWJ2IL2N+XVsoYV49zQjOIdFj4UxLYwoqmcPZ # Von0+hOoYheKRP9F2E35iBKNj9BTBtOuf/oQ+t/HyUbQ3B78n+ssTSOYDVslAEzi # r4m1n1p5IXnnMoSVzkm6Z5BqveOaBBZLMYIEDTCCBAkCAQEwgZMwfDELMAkGA1UE # BhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAc # BgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0 # IFRpbWUtU3RhbXAgUENBIDIwMTACEzMAAAIVGAPTgQcmfFMAAQAAAhUwDQYJYIZI # AWUDBAIBBQCgggFKMBoGCSqGSIb3DQEJAzENBgsqhkiG9w0BCRABBDAvBgkqhkiG # 9w0BCQQxIgQg/o/yAf/evUCPpwZ1fKMDcNB/Z0ucnqMwbpxLDkQIOOcwgfoGCyqG # SIb3DQEJEAIvMYHqMIHnMIHkMIG9BCBwEPR2PDrTFLcrtQsKrUi7oz5JNRCF/KRH # MihSNe7sijCBmDCBgKR+MHwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5n # dG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9y # YXRpb24xJjAkBgNVBAMTHU1pY3Jvc29mdCBUaW1lLVN0YW1wIFBDQSAyMDEwAhMz # AAACFRgD04EHJnxTAAEAAAIVMCIEIDEH0jWM8CWtylHzVlpNeXwB9g2Ca2DcwjBe # SavBoFbiMA0GCSqGSIb3DQEBCwUABIICAID5FJ5odBUpgGqQHPTzDMRmwReIMjZT # VIIl3HNNEkpMOW2nzGYtJDuR1ubWhsufgrpcIZ66X0OodrIsenGzMUSGJx4dERa/ # OUnpPA4IpO6DPnn2sO+7qJVZDNjvvh6bpO2xaTLbS31uNH630OEbpGfsmyxmochE # /kQeD+wK/wZFy/ay11UnnDPGQH1VHXk8L8mpT5ET/3DRfEyI9uKzrq2Jb+rkKomQ # GD8CZcHncOfzPMTBzzprQMn5rGtNJTjMhyHjWUKItDaG9f637ktNAhry4Angyopl # QpM/rvrUSPaLRZrGqVwfRO1ZzT6INNMJDjLfKw35kBYCVrv63r8TI9C2JYoL4ArV # T3k5xBqmTMsnInpplTvmDP1rmozM9yUBRDinsC/lxrDObCqTBHLEJ8rxTEU1Xz0v # DHnWz7o8Ii5tx9XEscNN6x3Eg5+BfTRgJl7BnebsfxZkvi/2YbhG48ZIv9+z86rV # JdKB79QPnq0GzD8wPUyBJS7JO/VNxg38QRuYXmtbi4qrg4Zysqih6UPLP4H74cjU # pMiyCH9lwajHy6nsiadeK7ZIhUiLRgYJF5LXBNmRz/naetaQyxqWo1zlCNVPiulV # mNC7z1yMjWT2paApXEO4wBqAd4+2V5E5ryn5e/8hdf8rmYhmtpY+xp2/jCQeBbOb # +crgnh69ggGm # SIG # End signature block |