Obs/bin/ObsDep/content/Powershell/Roles/Common/JeaHelper.psm1
<###################################################
# # # Copyright (c) Microsoft. All rights reserved. # # # ##################################################> Import-Module -Name "$PSScriptRoot\..\Common\RoleHelpers.psm1" Import-Module -Name "$PSScriptRoot\..\..\Common\Helpers.psm1" Import-LocalizedData LocalizedData -Filename JEA.Strings.psd1 -ErrorAction SilentlyContinue Import-LocalizedData CommonLocalizedData -BaseDirectory "$PSScriptRoot\..\Common" -Filename Roles.Strings.psd1 -ErrorAction SilentlyContinue <# .SYNOPSIS Generate JEA role capabilities for JEA endpoint. Used by both JEA role and JustEnoughAdministrationDSC #> function Get-RoleCapabilityParams { Param ( [Parameter(Mandatory = $true)] [ValidateNotNull()] [System.Xml.XmlLinkedNode] $Whitelist ) Trace-ECEScript "Generate JEA role capabilities for JEA endpoint." { $RoleCapabilityParams = @{ Author = "AzureStack" CompanyName = "Microsoft" } if ($Whitelist.ModulesToImport -and $Whitelist.ModulesToImport.HasChildNodes) { $modules = @() $Whitelist.ModulesToImport.ChildNodes | ? Name -ne '#comment' | % { $module = $_.Name if ($_.Version -or $_.Guid) { $module = @{} $module.Add('ModuleName',$_.Name) if ($_.Version) { $module.Add('ModuleVersion', $_.Version) } if ($_.Guid) { $module.Add('GUID', $_.Guid) } } $modules += $module } if ($modules.Count -gt 0) { $RoleCapabilityParams['ModulesToImport'] = $modules } } if ($Whitelist.VisibleAliases -and $Whitelist.VisibleAliases.HasChildNodes) { $aliases = @() $Whitelist.VisibleAliases.ChildNodes | ? Name -ne '#comment' | % { $aliases += $_.Value } if ($aliases.Count -gt 0) { $RoleCapabilityParams['VisibleAliases'] = $aliases } } if ($Whitelist.VisibleCmdlets -and $Whitelist.VisibleCmdlets.HasChildNodes) { $cmdlets = @() $Whitelist.VisibleCmdlets.ChildNodes | ? Name -ne '#comment' | % { $cmdlet = $_.Name if ($_.Parameter) { $cmdlet = @{} $cmdlet.Add('Name',$_.Name) $p = @{Name=$_.Parameter.Name} if($_.Parameter.ValidateSet) { $p['ValidateSet'] = $_.Parameter.ValidateSet} if($_.Parameter.ValidatePattern) { $p['ValidatePattern'] = $_.Parameter.ValidatePattern} $cmdlet.Add('Parameters',$p) } $cmdlets += $cmdlet } if ($cmdlets.Count -gt 0) { $RoleCapabilityParams['VisibleCmdlets'] = $cmdlets } } if ($Whitelist.VisibleFunctions -and $Whitelist.VisibleFunctions.HasChildNodes) { $functions = @() $Whitelist.VisibleFunctions.ChildNodes | ? Name -ne '#comment' | % { $function = $_.Name if ($_.Parameter) { $function = @{} $function.Add('Name',$_.Name) $p = @{Name=$_.Parameter.Name} if($_.Parameter.ValidateSet) { $p['ValidateSet'] = $_.Parameter.ValidateSet} if($_.Parameter.ValidatePattern) { $p['ValidatePattern'] = $_.Parameter.ValidatePattern} $function.Add('Parameters',$p) } $functions += $function } if ($functions.Count -gt 0) { $RoleCapabilityParams['VisibleFunctions'] = $functions } } if ($Whitelist.VisibleExternalCommands -and $Whitelist.VisibleExternalCommands.HasChildNodes) { $extcmds = @() $Whitelist.VisibleExternalCommands.ChildNodes | ? Name -ne '#comment' | % { $extcmds += $_.Value } if ($extcmds.Count -gt 0) { $RoleCapabilityParams['VisibleExternalCommands'] = $extcmds } } if ($Whitelist.VisibleProviders -and $Whitelist.VisibleProviders.HasChildNodes) { $providers = @() $Whitelist.VisibleProviders.ChildNodes | ? Name -ne '#comment' | % { $providers += $_.Value } if ($providers.Count -gt 0) { $RoleCapabilityParams['VisibleProviders'] = $providers } } if ($Whitelist.AliasDefinitions -and $Whitelist.AliasDefinitions.HasChildNodes) { $aliases = @() $Whitelist.AliasDefinitions.ChildNodes | ? Name -ne '#comment' | % { $aliases += @{Name=$_.Name; Value=$_.Value} } if ($aliases.Count -gt 0) { $RoleCapabilityParams['AliasDefinitions'] = $aliases } } if ($Whitelist.FunctionDefinitions -and $Whitelist.FunctionDefinitions.HasChildNodes) { $functions = @() $Whitelist.FunctionDefinitions.ChildNodes | ? Name -ne '#comment' | % { $functions += @{Name=$_.Name; ScriptBlock=[ScriptBlock]::Create($_.ScriptBlock)} } if ($functions.Count -gt 0) { $RoleCapabilityParams['FunctionDefinitions'] = $functions } } if ($Whitelist.VariableDefinitions -and $Whitelist.VariableDefinitions.HasChildNodes) { $variables = @() $Whitelist.VariableDefinitions.ChildNodes | ? Name -ne '#comment' | % { $variables += @{Name=$_.Name; Value=$_.Value} } if ($variables.Count -gt 0) { $RoleCapabilityParams['VariableDefinitions'] = $variables } } if ($Whitelist.EnvironmentVariables -and $Whitelist.EnvironmentVariables.HasChildNodes) { $variables = @{} $Whitelist.EnvironmentVariables.ChildNodes | ? Name -ne '#comment' | % { $variables += @{$_.Name=$_.Value} } if ($variables.Count -gt 0) { $RoleCapabilityParams['EnvironmentVariables'] = $variables } } if ($Whitelist.AssembliesToLoad -and $Whitelist.AssembliesToLoad.HasChildNodes) { $assemblies = @() $Whitelist.AssembliesToLoad.ChildNodes | ? Name -ne '#comment' | % { $assemblies += $_.Value } if ($assemblies.Count -gt 0) { $RoleCapabilityParams['AssembliesToLoad'] = $assemblies } } } if ($Whitelist.ScriptsToProcess -and $Whitelist.ScriptsToProcess.HasChildNodes) { $scripts = @() $Whitelist.ScriptsToProcess.ChildNodes | ? Name -ne '#comment' | % { $scripts += $_.Value } if ($scripts.Count -gt 0) { $RoleCapabilityParams['ScriptsToProcess'] = $scripts } } return $RoleCapabilityParams } <# .SYNOPSIS Generate session configuration for JEA endpoint. Used by both JEA role and JustEnoughAdministrationDSC #> function Get-SessionConfigurationParams { [CmdletBinding()] Param ( [Parameter(Mandatory = $true)] [ValidateNotNull()] [System.Xml.XmlLinkedNode] $SessionConfig, [Parameter(Mandatory = $true, ParameterSetName = "common")] [ValidateNotNullOrEmpty()] [string] $RunAsAccountUser, [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] [string] $EndpointName, [Parameter(Mandatory = $true, ParameterSetName = "common")] [ValidateNotNull()] [Boolean] $RunAsGmsa, [Parameter(Mandatory = $true, ParameterSetName = "runasvirtual")] [ValidateNotNull()] [Boolean] $RunAsVirtualAccount, [Parameter(Mandatory = $false)] [ValidateNotNullOrEmpty()] [string] $AdminUser, [Parameter(Mandatory = $false)] [string] $versionExtension ) Trace-ECEScript "Generate session configuration for JEA endpoint." { $SessionConfigParams = @{ Author = "AzureStack" SessionType = "RestrictedRemoteServer" } # JEA Over-The-Shoulder Transcript if ($SessionConfig.EnableTranscript -and ($sessionConfig.EnableTranscript.Value -eq "True")) { $SessionConfigParams['TranscriptDirectory'] = "$env:ProgramData\JEAConfiguration\Transcripts\$EndpointName" } if ($SessionConfig.SessionType) { $SessionConfigParams['SessionType'] = $SessionConfig.SessionType.Value } if ($SessionConfig.LanguageMode) { $SessionConfigParams['LanguageMode'] = $SessionConfig.LanguageMode.Value } # Security Group Mapping if ($SessionConfig.SecurityGroup) { $RoleDefinition = @{} $SessionConfig.SecurityGroup | % { $RoleCapability = @{} $_.Whitelist | ? Name -ne '#comment' | % { if (-not $versionExtension) { $RoleCapability.Add("RoleCapabilities",$_.Value) } else { $RoleCapability.Add("RoleCapabilities",$_.Value + $versionExtension) } } $RoleDefinition.Add($_.Name, $RoleCapability) } if ($RunAsVirtualAccount) { $SessionConfigParams['RunAsVirtualAccount'] = $RunAsVirtualAccount } elseif ($RunAsGmsa) { $SessionConfigParams['GroupManagedServiceAccount'] = $RunAsAccountUser } else { # RunAsAccount requires access to RoleCapability if not gMSA $RoleDefinition.Add($RunAsAccountUser, $RoleCapability) } $SessionConfigParams['RoleDefinitions'] = $RoleDefinition } } return $SessionConfigParams } <# .SYNOPSIS If multiple roles share the same node, they can each define their own JEA endpoints. If a node is specified, ensure that we pick up all other roles that live on this node and configure their JEA endpoints as well. #> function Get-RolesWithSharedNode ($Parameters, $NodeName) { Trace-ECEScript "Get roles with shared node" { $roles = @() $Parameters.Roles.Keys | % { $nodeNames = @( $Parameters.Roles.$_.PublicConfiguration.Nodes.Node.Name ) if ($nodeNames -contains $NodeName) { $roles += $_ } } } return $roles } Export-ModuleMember -Function Get-RoleCapabilityParams Export-ModuleMember -Function Get-SessionConfigurationParams Export-ModuleMember -Function Get-RolesWithSharedNode # SIG # Begin signature block # MIIoLAYJKoZIhvcNAQcCoIIoHTCCKBkCAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCAjEZoKUaP38MDy # ZuL0K72z9a4sQ9oSxm+M2PYt9l+EzKCCDXYwggX0MIID3KADAgECAhMzAAADTrU8 # esGEb+srAAAAAANOMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMRMwEQYD # VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNpZ25p # bmcgUENBIDIwMTEwHhcNMjMwMzE2MTg0MzI5WhcNMjQwMzE0MTg0MzI5WjB0MQsw # CQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9u # ZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYDVQQDExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB # AQDdCKiNI6IBFWuvJUmf6WdOJqZmIwYs5G7AJD5UbcL6tsC+EBPDbr36pFGo1bsU # p53nRyFYnncoMg8FK0d8jLlw0lgexDDr7gicf2zOBFWqfv/nSLwzJFNP5W03DF/1 # 1oZ12rSFqGlm+O46cRjTDFBpMRCZZGddZlRBjivby0eI1VgTD1TvAdfBYQe82fhm # WQkYR/lWmAK+vW/1+bO7jHaxXTNCxLIBW07F8PBjUcwFxxyfbe2mHB4h1L4U0Ofa # +HX/aREQ7SqYZz59sXM2ySOfvYyIjnqSO80NGBaz5DvzIG88J0+BNhOu2jl6Dfcq # jYQs1H/PMSQIK6E7lXDXSpXzAgMBAAGjggFzMIIBbzAfBgNVHSUEGDAWBgorBgEE # AYI3TAgBBggrBgEFBQcDAzAdBgNVHQ4EFgQUnMc7Zn/ukKBsBiWkwdNfsN5pdwAw # RQYDVR0RBD4wPKQ6MDgxHjAcBgNVBAsTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEW # MBQGA1UEBRMNMjMwMDEyKzUwMDUxNjAfBgNVHSMEGDAWgBRIbmTlUAXTgqoXNzci # tW2oynUClTBUBgNVHR8ETTBLMEmgR6BFhkNodHRwOi8vd3d3Lm1pY3Jvc29mdC5j # b20vcGtpb3BzL2NybC9NaWNDb2RTaWdQQ0EyMDExXzIwMTEtMDctMDguY3JsMGEG # CCsGAQUFBwEBBFUwUzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQu # Y29tL3BraW9wcy9jZXJ0cy9NaWNDb2RTaWdQQ0EyMDExXzIwMTEtMDctMDguY3J0 # MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIBAD21v9pHoLdBSNlFAjmk # mx4XxOZAPsVxxXbDyQv1+kGDe9XpgBnT1lXnx7JDpFMKBwAyIwdInmvhK9pGBa31 # TyeL3p7R2s0L8SABPPRJHAEk4NHpBXxHjm4TKjezAbSqqbgsy10Y7KApy+9UrKa2 # kGmsuASsk95PVm5vem7OmTs42vm0BJUU+JPQLg8Y/sdj3TtSfLYYZAaJwTAIgi7d # hzn5hatLo7Dhz+4T+MrFd+6LUa2U3zr97QwzDthx+RP9/RZnur4inzSQsG5DCVIM # pA1l2NWEA3KAca0tI2l6hQNYsaKL1kefdfHCrPxEry8onJjyGGv9YKoLv6AOO7Oh # JEmbQlz/xksYG2N/JSOJ+QqYpGTEuYFYVWain7He6jgb41JbpOGKDdE/b+V2q/gX # UgFe2gdwTpCDsvh8SMRoq1/BNXcr7iTAU38Vgr83iVtPYmFhZOVM0ULp/kKTVoir # IpP2KCxT4OekOctt8grYnhJ16QMjmMv5o53hjNFXOxigkQWYzUO+6w50g0FAeFa8 # 5ugCCB6lXEk21FFB1FdIHpjSQf+LP/W2OV/HfhC3uTPgKbRtXo83TZYEudooyZ/A # Vu08sibZ3MkGOJORLERNwKm2G7oqdOv4Qj8Z0JrGgMzj46NFKAxkLSpE5oHQYP1H # tPx1lPfD7iNSbJsP6LiUHXH1MIIHejCCBWKgAwIBAgIKYQ6Q0gAAAAAAAzANBgkq # hkiG9w0BAQsFADCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24x # EDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlv # bjEyMDAGA1UEAxMpTWljcm9zb2Z0IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5 # IDIwMTEwHhcNMTEwNzA4MjA1OTA5WhcNMjYwNzA4MjEwOTA5WjB+MQswCQYDVQQG # EwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwG # A1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSgwJgYDVQQDEx9NaWNyb3NvZnQg # Q29kZSBTaWduaW5nIFBDQSAyMDExMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC # CgKCAgEAq/D6chAcLq3YbqqCEE00uvK2WCGfQhsqa+laUKq4BjgaBEm6f8MMHt03 # a8YS2AvwOMKZBrDIOdUBFDFC04kNeWSHfpRgJGyvnkmc6Whe0t+bU7IKLMOv2akr # rnoJr9eWWcpgGgXpZnboMlImEi/nqwhQz7NEt13YxC4Ddato88tt8zpcoRb0Rrrg # OGSsbmQ1eKagYw8t00CT+OPeBw3VXHmlSSnnDb6gE3e+lD3v++MrWhAfTVYoonpy # 4BI6t0le2O3tQ5GD2Xuye4Yb2T6xjF3oiU+EGvKhL1nkkDstrjNYxbc+/jLTswM9 # sbKvkjh+0p2ALPVOVpEhNSXDOW5kf1O6nA+tGSOEy/S6A4aN91/w0FK/jJSHvMAh # dCVfGCi2zCcoOCWYOUo2z3yxkq4cI6epZuxhH2rhKEmdX4jiJV3TIUs+UsS1Vz8k # A/DRelsv1SPjcF0PUUZ3s/gA4bysAoJf28AVs70b1FVL5zmhD+kjSbwYuER8ReTB # w3J64HLnJN+/RpnF78IcV9uDjexNSTCnq47f7Fufr/zdsGbiwZeBe+3W7UvnSSmn # Eyimp31ngOaKYnhfsi+E11ecXL93KCjx7W3DKI8sj0A3T8HhhUSJxAlMxdSlQy90 # lfdu+HggWCwTXWCVmj5PM4TasIgX3p5O9JawvEagbJjS4NaIjAsCAwEAAaOCAe0w # ggHpMBAGCSsGAQQBgjcVAQQDAgEAMB0GA1UdDgQWBBRIbmTlUAXTgqoXNzcitW2o # ynUClTAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTALBgNVHQ8EBAMCAYYwDwYD # VR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBRyLToCMZBDuRQFTuHqp8cx0SOJNDBa # BgNVHR8EUzBRME+gTaBLhklodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL2Ny # bC9wcm9kdWN0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFfMDNfMjIuY3JsMF4GCCsG # AQUFBwEBBFIwUDBOBggrBgEFBQcwAoZCaHR0cDovL3d3dy5taWNyb3NvZnQuY29t # L3BraS9jZXJ0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFfMDNfMjIuY3J0MIGfBgNV # HSAEgZcwgZQwgZEGCSsGAQQBgjcuAzCBgzA/BggrBgEFBQcCARYzaHR0cDovL3d3 # dy5taWNyb3NvZnQuY29tL3BraW9wcy9kb2NzL3ByaW1hcnljcHMuaHRtMEAGCCsG # AQUFBwICMDQeMiAdAEwAZQBnAGEAbABfAHAAbwBsAGkAYwB5AF8AcwB0AGEAdABl # AG0AZQBuAHQALiAdMA0GCSqGSIb3DQEBCwUAA4ICAQBn8oalmOBUeRou09h0ZyKb # C5YR4WOSmUKWfdJ5DJDBZV8uLD74w3LRbYP+vj/oCso7v0epo/Np22O/IjWll11l # hJB9i0ZQVdgMknzSGksc8zxCi1LQsP1r4z4HLimb5j0bpdS1HXeUOeLpZMlEPXh6 # I/MTfaaQdION9MsmAkYqwooQu6SpBQyb7Wj6aC6VoCo/KmtYSWMfCWluWpiW5IP0 # wI/zRive/DvQvTXvbiWu5a8n7dDd8w6vmSiXmE0OPQvyCInWH8MyGOLwxS3OW560 # STkKxgrCxq2u5bLZ2xWIUUVYODJxJxp/sfQn+N4sOiBpmLJZiWhub6e3dMNABQam # ASooPoI/E01mC8CzTfXhj38cbxV9Rad25UAqZaPDXVJihsMdYzaXht/a8/jyFqGa # J+HNpZfQ7l1jQeNbB5yHPgZ3BtEGsXUfFL5hYbXw3MYbBL7fQccOKO7eZS/sl/ah # XJbYANahRr1Z85elCUtIEJmAH9AAKcWxm6U/RXceNcbSoqKfenoi+kiVH6v7RyOA # 9Z74v2u3S5fi63V4GuzqN5l5GEv/1rMjaHXmr/r8i+sLgOppO6/8MO0ETI7f33Vt # Y5E90Z1WTk+/gFcioXgRMiF670EKsT/7qMykXcGhiJtXcVZOSEXAQsmbdlsKgEhr # /Xmfwb1tbWrJUnMTDXpQzTGCGgwwghoIAgEBMIGVMH4xCzAJBgNVBAYTAlVTMRMw # EQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVN # aWNyb3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNp # Z25pbmcgUENBIDIwMTECEzMAAANOtTx6wYRv6ysAAAAAA04wDQYJYIZIAWUDBAIB # BQCgga4wGQYJKoZIhvcNAQkDMQwGCisGAQQBgjcCAQQwHAYKKwYBBAGCNwIBCzEO # MAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkEMSIEINYn7wqJGiP+crvOrxy7BgNX # wCfggfzceS3h3BsNwSdXMEIGCisGAQQBgjcCAQwxNDAyoBSAEgBNAGkAYwByAG8A # cwBvAGYAdKEagBhodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20wDQYJKoZIhvcNAQEB # BQAEggEAYVWRIjBaNiMfxnAJicL9P7YlvDqOibCtj5Ew6U7f9ynZ0xTu+I7KJw1V # HZCXvparE/2UJlvXkVEw26JzNSCjW6fsim3RHIchSGaNHfOp/VPnj2DTaUt0B4M7 # Tg/TrYWzz1dTqZV35iiq2+GgYRH2gxhze4HiqUqMEas8kbrndhE/zDBulkdSIVJn # XVif4cTItU3TkgjS4SdLpAVRSMcpuPwJg7dgm8/EIj5BYH9IUxOIxBiVITj/Y90n # avPT6DjkqycHxu8i7qjKGt3XQWjuggpJg0Z7PFxM4f/881dUe6qVlhaswmAzUGG6 # 0KYX8pYiysHeezqnTMxaNrE2LR7W+aGCF5YwgheSBgorBgEEAYI3AwMBMYIXgjCC # F34GCSqGSIb3DQEHAqCCF28wghdrAgEDMQ8wDQYJYIZIAWUDBAIBBQAwggFRBgsq # hkiG9w0BCRABBKCCAUAEggE8MIIBOAIBAQYKKwYBBAGEWQoDATAxMA0GCWCGSAFl # AwQCAQUABCCO+1Cz6lD/EEhh10UFOitL5UiE8d8i27L0eBacMThjrAIGZQPkWMOS # GBIyMDIzMDkyMjA4MzA1Ny42MlowBIACAfSggdGkgc4wgcsxCzAJBgNVBAYTAlVT # MRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQK # ExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xJTAjBgNVBAsTHE1pY3Jvc29mdCBBbWVy # aWNhIE9wZXJhdGlvbnMxJzAlBgNVBAsTHm5TaGllbGQgVFNTIEVTTjo5MjAwLTA1 # RTAtRDk0NzElMCMGA1UEAxMcTWljcm9zb2Z0IFRpbWUtU3RhbXAgU2VydmljZaCC # Ee0wggcgMIIFCKADAgECAhMzAAABz1I2vnFLzUjKAAEAAAHPMA0GCSqGSIb3DQEB # CwUAMHwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQH # EwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xJjAkBgNV # BAMTHU1pY3Jvc29mdCBUaW1lLVN0YW1wIFBDQSAyMDEwMB4XDTIzMDUyNTE5MTIx # MVoXDTI0MDIwMTE5MTIxMVowgcsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNo # aW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29y # cG9yYXRpb24xJTAjBgNVBAsTHE1pY3Jvc29mdCBBbWVyaWNhIE9wZXJhdGlvbnMx # JzAlBgNVBAsTHm5TaGllbGQgVFNTIEVTTjo5MjAwLTA1RTAtRDk0NzElMCMGA1UE # AxMcTWljcm9zb2Z0IFRpbWUtU3RhbXAgU2VydmljZTCCAiIwDQYJKoZIhvcNAQEB # BQADggIPADCCAgoCggIBALg9y37XlNjKtSN7nneXMFCh2CZ3kHPta4fxJ0ekChbP # 7TVOscTEFK5owqfG9UyzJi1qzmHpqilQYBLlYpUtkC9S0frZMqYATQkr6LWFp+IJ # Jctk9xF7HF5GQ6p5l58sHNenSe50w5dRRpvffdKzwuSgriXctjGbURuyvdvY5OjZ # 5uwCg0niRLGZW48zsL5EOEa1UpH8SYexD0ZzAaaW67nhuqJUV3SgAUFvDi3FNTWa # u4gZY/+L6yCI2q91X/BqH9BysqIaWlaI6v1rloaslo9JAPbGAQN09utJ+VjGxEx1 # kIkjy/O86/oGW49w88YZUsRpTs6zN1iMrl/hnlK7+U8rV5JPk8LhEWxVw6JLgvSw # jggVnLAh0MkegqB2pZGnpDm8QOTyS9nPodYWdgs6Ue6owRi9Auvo6CihhT3PQDlw # wscQgdhXXGJoHPHYRGJFj0xQ9aiGH5OllYRRmVSb+r1qddVE3S6N6Obo6xRUUOyw # gyzNE0KoSi0kbC0cebnGsIq4mQWvwZ/A16UWX5cOgdetBgv3Njs2n5+uxNdCkpE2 # eYjVqyFyfkQL7DFS38RkiyRbN7AR+3T/7/SDf7xi0yRR1pATn7x7sLxQyJc4eQwr # bmM01CosJ52UnAUh/2Kv1KkxzvY1H7WPpR5uLP9k9Xvh2jeN1W+rsOI8WVNv3ZQr # AgMBAAGjggFJMIIBRTAdBgNVHQ4EFgQUNp4o+2nR5NJV0b6BlzkEORptODgwHwYD # VR0jBBgwFoAUn6cVXQBeYl2D9OXSZacbUzUZ6XIwXwYDVR0fBFgwVjBUoFKgUIZO # aHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jcmwvTWljcm9zb2Z0JTIw # VGltZS1TdGFtcCUyMFBDQSUyMDIwMTAoMSkuY3JsMGwGCCsGAQUFBwEBBGAwXjBc # BggrBgEFBQcwAoZQaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0 # cy9NaWNyb3NvZnQlMjBUaW1lLVN0YW1wJTIwUENBJTIwMjAxMCgxKS5jcnQwDAYD # VR0TAQH/BAIwADAWBgNVHSUBAf8EDDAKBggrBgEFBQcDCDAOBgNVHQ8BAf8EBAMC # B4AwDQYJKoZIhvcNAQELBQADggIBAFCCbimcDTGR3/24pckzN0xjLFR9Sb9m6xQF # rfYwRldC4wanbSlK5fZVb3+2lMyjluRol0FWhTJ3YNsOw1vWSOv/fqe1PSO8vcCh # ZK0AWFkHKmak9vH4E8rj1mV6OUzh3l6lfrry1FEZ8WKn1OKX3IpF9cGtecz+rrgi # Kc3vNcRDcUVCF0kzO3yJtcKU7t4UD7UeLBk9bKxhY9v9k4Whs8Qy9eJ74aYRtMpu # ETm3N7pGsD1p6OM/6/Wi4WgPlsyPlCD7B9lep76F9gqkx3xA6dDJ7P42WPWK3Kc5 # lZ/AdVHt1XBXTItKU9P7Icg7yD7d9aIDCmg7XtsNye1Jntg4GWNesiBp3hbiBf7i # 2nV4GxzpdYghM8E3PFANllHEPitfM4HpdGURUl1hlDyBtc6KuD9029LYbFxHnRB0 # 5cMC6Z0QdoY0dvrLYiclp0I+naJPlAsLgyfNH5hmejVvyZakJ051Gz2DbVBtusjT # qIuT0oPrWfHsrlF5K5y5Lln2duQgFotTEN6wWGvXCZ3XKd/QdDnVLCvKHtgjtNdP # SOvzWZu+8j3G2iqMW8iE0GwgJ0J9NH3XKUlMfxa1SWkOESBKpa3eDM0s9NK9cDFd # Okgznzexl137/ZgYAMx5aa3w+4xx7oawhwsI4XY2JhnXRJcdlLkdGsusKG7N50NG # Kxaki7m5MIIHcTCCBVmgAwIBAgITMwAAABXF52ueAptJmQAAAAAAFTANBgkqhkiG # 9w0BAQsFADCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAO # BgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEy # MDAGA1UEAxMpTWljcm9zb2Z0IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIw # MTAwHhcNMjEwOTMwMTgyMjI1WhcNMzAwOTMwMTgzMjI1WjB8MQswCQYDVQQGEwJV # UzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UE # ChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGlt # ZS1TdGFtcCBQQ0EgMjAxMDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB # AOThpkzntHIhC3miy9ckeb0O1YLT/e6cBwfSqWxOdcjKNVf2AX9sSuDivbk+F2Az # /1xPx2b3lVNxWuJ+Slr+uDZnhUYjDLWNE893MsAQGOhgfWpSg0S3po5GawcU88V2 # 9YZQ3MFEyHFcUTE3oAo4bo3t1w/YJlN8OWECesSq/XJprx2rrPY2vjUmZNqYO7oa # ezOtgFt+jBAcnVL+tuhiJdxqD89d9P6OU8/W7IVWTe/dvI2k45GPsjksUZzpcGkN # yjYtcI4xyDUoveO0hyTD4MmPfrVUj9z6BVWYbWg7mka97aSueik3rMvrg0XnRm7K # MtXAhjBcTyziYrLNueKNiOSWrAFKu75xqRdbZ2De+JKRHh09/SDPc31BmkZ1zcRf # NN0Sidb9pSB9fvzZnkXftnIv231fgLrbqn427DZM9ituqBJR6L8FA6PRc6ZNN3SU # HDSCD/AQ8rdHGO2n6Jl8P0zbr17C89XYcz1DTsEzOUyOArxCaC4Q6oRRRuLRvWoY # WmEBc8pnol7XKHYC4jMYctenIPDC+hIK12NvDMk2ZItboKaDIV1fMHSRlJTYuVD5 # C4lh8zYGNRiER9vcG9H9stQcxWv2XFJRXRLbJbqvUAV6bMURHXLvjflSxIUXk8A8 # FdsaN8cIFRg/eKtFtvUeh17aj54WcmnGrnu3tz5q4i6tAgMBAAGjggHdMIIB2TAS # BgkrBgEEAYI3FQEEBQIDAQABMCMGCSsGAQQBgjcVAgQWBBQqp1L+ZMSavoKRPEY1 # Kc8Q/y8E7jAdBgNVHQ4EFgQUn6cVXQBeYl2D9OXSZacbUzUZ6XIwXAYDVR0gBFUw # UzBRBgwrBgEEAYI3TIN9AQEwQTA/BggrBgEFBQcCARYzaHR0cDovL3d3dy5taWNy # b3NvZnQuY29tL3BraW9wcy9Eb2NzL1JlcG9zaXRvcnkuaHRtMBMGA1UdJQQMMAoG # CCsGAQUFBwMIMBkGCSsGAQQBgjcUAgQMHgoAUwB1AGIAQwBBMAsGA1UdDwQEAwIB # hjAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFNX2VsuP6KJcYmjRPZSQW9fO # mhjEMFYGA1UdHwRPME0wS6BJoEeGRWh0dHA6Ly9jcmwubWljcm9zb2Z0LmNvbS9w # a2kvY3JsL3Byb2R1Y3RzL01pY1Jvb0NlckF1dF8yMDEwLTA2LTIzLmNybDBaBggr # BgEFBQcBAQROMEwwSgYIKwYBBQUHMAKGPmh0dHA6Ly93d3cubWljcm9zb2Z0LmNv # bS9wa2kvY2VydHMvTWljUm9vQ2VyQXV0XzIwMTAtMDYtMjMuY3J0MA0GCSqGSIb3 # DQEBCwUAA4ICAQCdVX38Kq3hLB9nATEkW+Geckv8qW/qXBS2Pk5HZHixBpOXPTEz # tTnXwnE2P9pkbHzQdTltuw8x5MKP+2zRoZQYIu7pZmc6U03dmLq2HnjYNi6cqYJW # AAOwBb6J6Gngugnue99qb74py27YP0h1AdkY3m2CDPVtI1TkeFN1JFe53Z/zjj3G # 82jfZfakVqr3lbYoVSfQJL1AoL8ZthISEV09J+BAljis9/kpicO8F7BUhUKz/Aye # ixmJ5/ALaoHCgRlCGVJ1ijbCHcNhcy4sa3tuPywJeBTpkbKpW99Jo3QMvOyRgNI9 # 5ko+ZjtPu4b6MhrZlvSP9pEB9s7GdP32THJvEKt1MMU0sHrYUP4KWN1APMdUbZ1j # dEgssU5HLcEUBHG/ZPkkvnNtyo4JvbMBV0lUZNlz138eW0QBjloZkWsNn6Qo3GcZ # KCS6OEuabvshVGtqRRFHqfG3rsjoiV5PndLQTHa1V1QJsWkBRH58oWFsc/4Ku+xB # Zj1p/cvBQUl+fpO+y/g75LcVv7TOPqUxUYS8vwLBgqJ7Fx0ViY1w/ue10CgaiQuP # Ntq6TPmb/wrpNPgkNWcr4A245oyZ1uEi6vAnQj0llOZ0dFtq0Z4+7X6gMTN9vMvp # e784cETRkPHIqzqKOghif9lwY1NNje6CbaUFEMFxBmoQtB1VM1izoXBm8qGCA1Aw # ggI4AgEBMIH5oYHRpIHOMIHLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGlu # Z3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBv # cmF0aW9uMSUwIwYDVQQLExxNaWNyb3NvZnQgQW1lcmljYSBPcGVyYXRpb25zMScw # JQYDVQQLEx5uU2hpZWxkIFRTUyBFU046OTIwMC0wNUUwLUQ5NDcxJTAjBgNVBAMT # HE1pY3Jvc29mdCBUaW1lLVN0YW1wIFNlcnZpY2WiIwoBATAHBgUrDgMCGgMVAOrz # HNVfAuC5q4BCPWusnj9PIQyboIGDMIGApH4wfDELMAkGA1UEBhMCVVMxEzARBgNV # BAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jv # c29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAg # UENBIDIwMTAwDQYJKoZIhvcNAQELBQACBQDot50RMCIYDzIwMjMwOTIyMDQ1NjQ5 # WhgPMjAyMzA5MjMwNDU2NDlaMHcwPQYKKwYBBAGEWQoEATEvMC0wCgIFAOi3nREC # AQAwCgIBAAICDC4CAf8wBwIBAAICFDEwCgIFAOi47pECAQAwNgYKKwYBBAGEWQoE # AjEoMCYwDAYKKwYBBAGEWQoDAqAKMAgCAQACAwehIKEKMAgCAQACAwGGoDANBgkq # hkiG9w0BAQsFAAOCAQEATjRimnVfMKAZvtZ2DDApenLiV66yc31qk6rnoriva0x/ # hqZ6iOgFinHAhTAS8/vANosEzsMafRV43eGtjfLlm4V1un4HVvWKSz5Tg8WDkhK5 # o6YnOkwGnuXMyIaesycNlXvun8FzHljVDMzR9CPJ2L9K8ZvRF6JzP5w9nHQf7YKW # LSPPAfBde7ns+aGnALCbWVbJgcLaGoWNjoQ1TeHUCsHbM7YPYbM+EskM/cwaQ0Cw # kZnfmtbPVNA1ZKZJ5F5t0RT0fFh6dhZpvXE1jvB6CDCZYj7BFWNDz8P8Ufi6Tqic # nkT5yuQkIKbSdNZzmTJdFRjSOR7iQrj1gh4DObdsajGCBA0wggQJAgEBMIGTMHwx # CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRt # b25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMTHU1p # Y3Jvc29mdCBUaW1lLVN0YW1wIFBDQSAyMDEwAhMzAAABz1I2vnFLzUjKAAEAAAHP # MA0GCWCGSAFlAwQCAQUAoIIBSjAaBgkqhkiG9w0BCQMxDQYLKoZIhvcNAQkQAQQw # LwYJKoZIhvcNAQkEMSIEIP052xmaDQ+OHI0bZ1NKENNvh/Fvzg+0d/4XSkb3B4mk # MIH6BgsqhkiG9w0BCRACLzGB6jCB5zCB5DCBvQQgs+mwup41Lg25hcTZUmUy69B5 # ZUDzRkMWGk4+NLOE9r8wgZgwgYCkfjB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMK # V2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0 # IENvcnBvcmF0aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0Eg # MjAxMAITMwAAAc9SNr5xS81IygABAAABzzAiBCDBgSukfcZawpLQ+F78UZsi+CrN # xOunQPASblHXcH4ogzANBgkqhkiG9w0BAQsFAASCAgB1bMszlGIJtQxYnZ6Zk4RP # KAmeaJEL5jAJ+nQf38c/eUuShftuFqPucSlSFjL770tk5PsN4UWeFDHXekNnpCk6 # K7CO4Q2M4skxml7T8PVRhSY380YwsyDb2VoaG+vBrP55RxLgTjWyJJ6+df0Ee5oM # 4hK72izWsEyPZnFU5BGzMjTBZmLIUA/QRsPqUts0tbnImtjhF/GSZCAd1GgZPb4+ # gp11CNZADfefgGIK/WFg0CvnTQU7uEG4Ukf8NhIkGP1d6eLM2qV/67ZXe7xwoZrT # 4L4gI4b3ykDPnd9X82NOAIafxm7Su9qG6zrQe9YCxo0p+55Q3N59JNUkAogFkXda # ijV97C/k4MSIE7Pr94cnUG1j6jsVwFwNz+spgTdBZ9u84ReSQcwrvEXJ+7+sCesS # D56KqQ6DJJiOba2xrMKtIFMdbYvNv63QADrL0nujDGWIYQi5No67WbtRO7J5UxV+ # 8uwViIoKa968YzoqBXyFeC1m7QqSK6pDI7Pmsv2e4ecl2QvYLJbOmyldFFRKwux2 # nNS/KisWn1uuo87UL3a9ClWB+LGAaeinL7W/HxcERISdZWduKOnGaRbLESGNvGDJ # YQS0JlWJJFFGVst9z2fEaRzgcdOw+ZAzW+ZVjybjdYUw8/KFx7QnXOEnzlHAXHbX # w2KUbEALffpkFcR2lTTcqw== # SIG # End signature block |