Obs/bin/ObsDep/content/Powershell/Roles/Common/JeaHelper.psm1

<###################################################
 # #
 # Copyright (c) Microsoft. All rights reserved. #
 # #
 ##################################################>


Import-Module -Name "$PSScriptRoot\..\Common\RoleHelpers.psm1"
Import-Module -Name "$PSScriptRoot\..\..\Common\Helpers.psm1"
Import-LocalizedData LocalizedData -Filename JEA.Strings.psd1 -ErrorAction SilentlyContinue
Import-LocalizedData CommonLocalizedData -BaseDirectory "$PSScriptRoot\..\Common" -Filename Roles.Strings.psd1 -ErrorAction SilentlyContinue

<#
.SYNOPSIS
    Generate JEA role capabilities for JEA endpoint. Used by both JEA role and JustEnoughAdministrationDSC
#>

function Get-RoleCapabilityParams
{
    Param
    (
        [Parameter(Mandatory = $true)]
        [ValidateNotNull()]
        [System.Xml.XmlLinkedNode]
        $Whitelist
    )

    Trace-ECEScript "Generate JEA role capabilities for JEA endpoint." {
        $RoleCapabilityParams =
        @{
            Author =
                "AzureStack"
            CompanyName =
                "Microsoft"
        }

        if ($Whitelist.ModulesToImport -and $Whitelist.ModulesToImport.HasChildNodes)
        {
            $modules = @()
            $Whitelist.ModulesToImport.ChildNodes | ? Name -ne '#comment' | % {
                $module = $_.Name
                if ($_.Version -or $_.Guid)
                {
                    $module = @{}
                    $module.Add('ModuleName',$_.Name)
                    if ($_.Version) { $module.Add('ModuleVersion', $_.Version) }
                    if ($_.Guid) { $module.Add('GUID', $_.Guid) }
                }
                $modules += $module
            }
            if ($modules.Count -gt 0)
            {
                $RoleCapabilityParams['ModulesToImport'] = $modules
            }
        }
        if ($Whitelist.VisibleAliases -and $Whitelist.VisibleAliases.HasChildNodes)
        {
            $aliases = @()
            $Whitelist.VisibleAliases.ChildNodes | ? Name -ne '#comment' | % { $aliases += $_.Value }
            if ($aliases.Count -gt 0)
            {
                $RoleCapabilityParams['VisibleAliases'] = $aliases
            }
        }
        if ($Whitelist.VisibleCmdlets -and $Whitelist.VisibleCmdlets.HasChildNodes)
        {
            $cmdlets = @()
            $Whitelist.VisibleCmdlets.ChildNodes | ? Name -ne '#comment' |
            % {
                $cmdlet = $_.Name
                if ($_.Parameter)
                {
                    $cmdlet = @{}
                    $cmdlet.Add('Name',$_.Name)
                    $p = @{Name=$_.Parameter.Name}
                    if($_.Parameter.ValidateSet) { $p['ValidateSet'] = $_.Parameter.ValidateSet}
                    if($_.Parameter.ValidatePattern) { $p['ValidatePattern'] = $_.Parameter.ValidatePattern}
                    $cmdlet.Add('Parameters',$p)
                }
                $cmdlets += $cmdlet
            }
            if ($cmdlets.Count -gt 0)
            {
                $RoleCapabilityParams['VisibleCmdlets'] = $cmdlets
            }
        }
        if ($Whitelist.VisibleFunctions -and $Whitelist.VisibleFunctions.HasChildNodes)
        {
            $functions = @()
            $Whitelist.VisibleFunctions.ChildNodes | ? Name -ne '#comment' |
            % {
                $function = $_.Name
                if ($_.Parameter)
                {
                    $function = @{}
                    $function.Add('Name',$_.Name)
                    $p = @{Name=$_.Parameter.Name}
                    if($_.Parameter.ValidateSet) { $p['ValidateSet'] = $_.Parameter.ValidateSet}
                    if($_.Parameter.ValidatePattern) { $p['ValidatePattern'] = $_.Parameter.ValidatePattern}
                    $function.Add('Parameters',$p)
                }
                $functions += $function
            }
            if ($functions.Count -gt 0)
            {
                $RoleCapabilityParams['VisibleFunctions'] = $functions
            }
        }
        if ($Whitelist.VisibleExternalCommands -and $Whitelist.VisibleExternalCommands.HasChildNodes)
        {
            $extcmds = @()
            $Whitelist.VisibleExternalCommands.ChildNodes | ? Name -ne '#comment' | % { $extcmds += $_.Value }
            if ($extcmds.Count -gt 0)
            {
                $RoleCapabilityParams['VisibleExternalCommands'] = $extcmds
            }
        }
        if ($Whitelist.VisibleProviders -and $Whitelist.VisibleProviders.HasChildNodes)
        {
            $providers = @()
            $Whitelist.VisibleProviders.ChildNodes | ? Name -ne '#comment' | % { $providers += $_.Value }
            if ($providers.Count -gt 0)
            {
                $RoleCapabilityParams['VisibleProviders'] = $providers
            }
        }
        if ($Whitelist.AliasDefinitions -and $Whitelist.AliasDefinitions.HasChildNodes)
        {
            $aliases = @()
            $Whitelist.AliasDefinitions.ChildNodes | ? Name -ne '#comment' | % { $aliases += @{Name=$_.Name; Value=$_.Value} }
            if ($aliases.Count -gt 0)
            {
                $RoleCapabilityParams['AliasDefinitions'] = $aliases
            }
        }
        if ($Whitelist.FunctionDefinitions -and $Whitelist.FunctionDefinitions.HasChildNodes)
        {
            $functions = @()
            $Whitelist.FunctionDefinitions.ChildNodes | ? Name -ne '#comment' | % { $functions += @{Name=$_.Name; ScriptBlock=[ScriptBlock]::Create($_.ScriptBlock)} }
            if ($functions.Count -gt 0)
            {
                $RoleCapabilityParams['FunctionDefinitions'] = $functions
            }
        }
        if ($Whitelist.VariableDefinitions -and $Whitelist.VariableDefinitions.HasChildNodes)
        {
            $variables = @()
            $Whitelist.VariableDefinitions.ChildNodes | ? Name -ne '#comment' | % { $variables += @{Name=$_.Name; Value=$_.Value} }
            if ($variables.Count -gt 0)
            {
                $RoleCapabilityParams['VariableDefinitions'] = $variables
            }
        }
        if ($Whitelist.EnvironmentVariables -and $Whitelist.EnvironmentVariables.HasChildNodes)
        {
            $variables = @{}
            $Whitelist.EnvironmentVariables.ChildNodes | ? Name -ne '#comment' | % { $variables += @{$_.Name=$_.Value} }
            if ($variables.Count -gt 0)
            {
                $RoleCapabilityParams['EnvironmentVariables'] = $variables
            }
        }
        if ($Whitelist.AssembliesToLoad -and $Whitelist.AssembliesToLoad.HasChildNodes)
        {
            $assemblies = @()
            $Whitelist.AssembliesToLoad.ChildNodes | ? Name -ne '#comment' | % { $assemblies += $_.Value }
            if ($assemblies.Count -gt 0)
            {
                $RoleCapabilityParams['AssembliesToLoad'] = $assemblies
            }
        }
    }

    if ($Whitelist.ScriptsToProcess -and $Whitelist.ScriptsToProcess.HasChildNodes)
    {
        $scripts = @()
        $Whitelist.ScriptsToProcess.ChildNodes | ? Name -ne '#comment' | % { $scripts += $_.Value }
        if ($scripts.Count -gt 0)
        {
            $RoleCapabilityParams['ScriptsToProcess'] = $scripts
        }
    }
    
    return $RoleCapabilityParams
}

<#
.SYNOPSIS
    Generate session configuration for JEA endpoint. Used by both JEA role and JustEnoughAdministrationDSC
#>

function Get-SessionConfigurationParams
{
    [CmdletBinding()]
    Param (
        [Parameter(Mandatory = $true)]
        [ValidateNotNull()]
        [System.Xml.XmlLinkedNode]
        $SessionConfig,

        [Parameter(Mandatory = $true, ParameterSetName = "common")]
        [ValidateNotNullOrEmpty()]
        [string]
        $RunAsAccountUser,

        [Parameter(Mandatory = $true)]
        [ValidateNotNullOrEmpty()]
        [string]
        $EndpointName,

        [Parameter(Mandatory = $true, ParameterSetName = "common")]
        [ValidateNotNull()]
        [Boolean]
        $RunAsGmsa,

        [Parameter(Mandatory = $true, ParameterSetName = "runasvirtual")]
        [ValidateNotNull()]
        [Boolean]
        $RunAsVirtualAccount,

        [Parameter(Mandatory = $false)]
        [ValidateNotNullOrEmpty()]
        [string]
        $AdminUser,

        [Parameter(Mandatory = $false)]
        [string]
        $versionExtension
    )

    Trace-ECEScript "Generate session configuration for JEA endpoint." {
        $SessionConfigParams =
        @{
            Author =
                "AzureStack"
            SessionType =
                "RestrictedRemoteServer"
        }

        # JEA Over-The-Shoulder Transcript
        if ($SessionConfig.EnableTranscript -and ($sessionConfig.EnableTranscript.Value -eq "True"))
        {
            $SessionConfigParams['TranscriptDirectory'] = "$env:ProgramData\JEAConfiguration\Transcripts\$EndpointName"
        }

        if ($SessionConfig.SessionType)
        {
            $SessionConfigParams['SessionType'] = $SessionConfig.SessionType.Value
        }
        
        if ($SessionConfig.LanguageMode)
        {
            $SessionConfigParams['LanguageMode'] = $SessionConfig.LanguageMode.Value
        }

        # Security Group Mapping
        if ($SessionConfig.SecurityGroup)
        {
            $RoleDefinition = @{}
            $SessionConfig.SecurityGroup |
            % {
                $RoleCapability = @{}
                $_.Whitelist | ? Name -ne '#comment' |
                % {
                    if (-not $versionExtension)
                    {
                        $RoleCapability.Add("RoleCapabilities",$_.Value)
                    }
                    else
                    {
                        $RoleCapability.Add("RoleCapabilities",$_.Value + $versionExtension)
                    }
                }
                $RoleDefinition.Add($_.Name, $RoleCapability)
            }

            if ($RunAsVirtualAccount)
            {
                $SessionConfigParams['RunAsVirtualAccount'] = $RunAsVirtualAccount
            }
            elseif ($RunAsGmsa)
            {
                $SessionConfigParams['GroupManagedServiceAccount'] = $RunAsAccountUser
            }
            else
            {
                # RunAsAccount requires access to RoleCapability if not gMSA
                $RoleDefinition.Add($RunAsAccountUser, $RoleCapability)
            }
            $SessionConfigParams['RoleDefinitions'] = $RoleDefinition
        }
    }

    return $SessionConfigParams
}

<#
.SYNOPSIS
    If multiple roles share the same node, they can each define their own JEA endpoints. If a node is specified,
    ensure that we pick up all other roles that live on this node and configure their JEA endpoints as well.
#>

function Get-RolesWithSharedNode ($Parameters, $NodeName)
{
    Trace-ECEScript "Get roles with shared node" {
        $roles = @()
        $Parameters.Roles.Keys | % {
            $nodeNames = @( $Parameters.Roles.$_.PublicConfiguration.Nodes.Node.Name )
            if ($nodeNames -contains $NodeName)
            {
                $roles += $_
            }
        }
    }

    return $roles
}

Export-ModuleMember -Function Get-RoleCapabilityParams
Export-ModuleMember -Function Get-SessionConfigurationParams
Export-ModuleMember -Function Get-RolesWithSharedNode
# SIG # Begin signature block
# MIIoLAYJKoZIhvcNAQcCoIIoHTCCKBkCAQExDzANBglghkgBZQMEAgEFADB5Bgor
# BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG
# KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCAjEZoKUaP38MDy
# ZuL0K72z9a4sQ9oSxm+M2PYt9l+EzKCCDXYwggX0MIID3KADAgECAhMzAAADTrU8
# esGEb+srAAAAAANOMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMRMwEQYD
# VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy
# b3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNpZ25p
# bmcgUENBIDIwMTEwHhcNMjMwMzE2MTg0MzI5WhcNMjQwMzE0MTg0MzI5WjB0MQsw
# CQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9u
# ZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYDVQQDExVNaWNy
# b3NvZnQgQ29ycG9yYXRpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
# AQDdCKiNI6IBFWuvJUmf6WdOJqZmIwYs5G7AJD5UbcL6tsC+EBPDbr36pFGo1bsU
# p53nRyFYnncoMg8FK0d8jLlw0lgexDDr7gicf2zOBFWqfv/nSLwzJFNP5W03DF/1
# 1oZ12rSFqGlm+O46cRjTDFBpMRCZZGddZlRBjivby0eI1VgTD1TvAdfBYQe82fhm
# WQkYR/lWmAK+vW/1+bO7jHaxXTNCxLIBW07F8PBjUcwFxxyfbe2mHB4h1L4U0Ofa
# +HX/aREQ7SqYZz59sXM2ySOfvYyIjnqSO80NGBaz5DvzIG88J0+BNhOu2jl6Dfcq
# jYQs1H/PMSQIK6E7lXDXSpXzAgMBAAGjggFzMIIBbzAfBgNVHSUEGDAWBgorBgEE
# AYI3TAgBBggrBgEFBQcDAzAdBgNVHQ4EFgQUnMc7Zn/ukKBsBiWkwdNfsN5pdwAw
# RQYDVR0RBD4wPKQ6MDgxHjAcBgNVBAsTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEW
# MBQGA1UEBRMNMjMwMDEyKzUwMDUxNjAfBgNVHSMEGDAWgBRIbmTlUAXTgqoXNzci
# tW2oynUClTBUBgNVHR8ETTBLMEmgR6BFhkNodHRwOi8vd3d3Lm1pY3Jvc29mdC5j
# b20vcGtpb3BzL2NybC9NaWNDb2RTaWdQQ0EyMDExXzIwMTEtMDctMDguY3JsMGEG
# CCsGAQUFBwEBBFUwUzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQu
# Y29tL3BraW9wcy9jZXJ0cy9NaWNDb2RTaWdQQ0EyMDExXzIwMTEtMDctMDguY3J0
# MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIBAD21v9pHoLdBSNlFAjmk
# mx4XxOZAPsVxxXbDyQv1+kGDe9XpgBnT1lXnx7JDpFMKBwAyIwdInmvhK9pGBa31
# TyeL3p7R2s0L8SABPPRJHAEk4NHpBXxHjm4TKjezAbSqqbgsy10Y7KApy+9UrKa2
# kGmsuASsk95PVm5vem7OmTs42vm0BJUU+JPQLg8Y/sdj3TtSfLYYZAaJwTAIgi7d
# hzn5hatLo7Dhz+4T+MrFd+6LUa2U3zr97QwzDthx+RP9/RZnur4inzSQsG5DCVIM
# pA1l2NWEA3KAca0tI2l6hQNYsaKL1kefdfHCrPxEry8onJjyGGv9YKoLv6AOO7Oh
# JEmbQlz/xksYG2N/JSOJ+QqYpGTEuYFYVWain7He6jgb41JbpOGKDdE/b+V2q/gX
# UgFe2gdwTpCDsvh8SMRoq1/BNXcr7iTAU38Vgr83iVtPYmFhZOVM0ULp/kKTVoir
# IpP2KCxT4OekOctt8grYnhJ16QMjmMv5o53hjNFXOxigkQWYzUO+6w50g0FAeFa8
# 5ugCCB6lXEk21FFB1FdIHpjSQf+LP/W2OV/HfhC3uTPgKbRtXo83TZYEudooyZ/A
# Vu08sibZ3MkGOJORLERNwKm2G7oqdOv4Qj8Z0JrGgMzj46NFKAxkLSpE5oHQYP1H
# tPx1lPfD7iNSbJsP6LiUHXH1MIIHejCCBWKgAwIBAgIKYQ6Q0gAAAAAAAzANBgkq
# hkiG9w0BAQsFADCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24x
# EDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlv
# bjEyMDAGA1UEAxMpTWljcm9zb2Z0IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5
# IDIwMTEwHhcNMTEwNzA4MjA1OTA5WhcNMjYwNzA4MjEwOTA5WjB+MQswCQYDVQQG
# EwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwG
# A1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSgwJgYDVQQDEx9NaWNyb3NvZnQg
# Q29kZSBTaWduaW5nIFBDQSAyMDExMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
# CgKCAgEAq/D6chAcLq3YbqqCEE00uvK2WCGfQhsqa+laUKq4BjgaBEm6f8MMHt03
# a8YS2AvwOMKZBrDIOdUBFDFC04kNeWSHfpRgJGyvnkmc6Whe0t+bU7IKLMOv2akr
# rnoJr9eWWcpgGgXpZnboMlImEi/nqwhQz7NEt13YxC4Ddato88tt8zpcoRb0Rrrg
# OGSsbmQ1eKagYw8t00CT+OPeBw3VXHmlSSnnDb6gE3e+lD3v++MrWhAfTVYoonpy
# 4BI6t0le2O3tQ5GD2Xuye4Yb2T6xjF3oiU+EGvKhL1nkkDstrjNYxbc+/jLTswM9
# sbKvkjh+0p2ALPVOVpEhNSXDOW5kf1O6nA+tGSOEy/S6A4aN91/w0FK/jJSHvMAh
# dCVfGCi2zCcoOCWYOUo2z3yxkq4cI6epZuxhH2rhKEmdX4jiJV3TIUs+UsS1Vz8k
# A/DRelsv1SPjcF0PUUZ3s/gA4bysAoJf28AVs70b1FVL5zmhD+kjSbwYuER8ReTB
# w3J64HLnJN+/RpnF78IcV9uDjexNSTCnq47f7Fufr/zdsGbiwZeBe+3W7UvnSSmn
# Eyimp31ngOaKYnhfsi+E11ecXL93KCjx7W3DKI8sj0A3T8HhhUSJxAlMxdSlQy90
# lfdu+HggWCwTXWCVmj5PM4TasIgX3p5O9JawvEagbJjS4NaIjAsCAwEAAaOCAe0w
# ggHpMBAGCSsGAQQBgjcVAQQDAgEAMB0GA1UdDgQWBBRIbmTlUAXTgqoXNzcitW2o
# ynUClTAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTALBgNVHQ8EBAMCAYYwDwYD
# VR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBRyLToCMZBDuRQFTuHqp8cx0SOJNDBa
# BgNVHR8EUzBRME+gTaBLhklodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL2Ny
# bC9wcm9kdWN0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFfMDNfMjIuY3JsMF4GCCsG
# AQUFBwEBBFIwUDBOBggrBgEFBQcwAoZCaHR0cDovL3d3dy5taWNyb3NvZnQuY29t
# L3BraS9jZXJ0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFfMDNfMjIuY3J0MIGfBgNV
# HSAEgZcwgZQwgZEGCSsGAQQBgjcuAzCBgzA/BggrBgEFBQcCARYzaHR0cDovL3d3
# dy5taWNyb3NvZnQuY29tL3BraW9wcy9kb2NzL3ByaW1hcnljcHMuaHRtMEAGCCsG
# AQUFBwICMDQeMiAdAEwAZQBnAGEAbABfAHAAbwBsAGkAYwB5AF8AcwB0AGEAdABl
# AG0AZQBuAHQALiAdMA0GCSqGSIb3DQEBCwUAA4ICAQBn8oalmOBUeRou09h0ZyKb
# C5YR4WOSmUKWfdJ5DJDBZV8uLD74w3LRbYP+vj/oCso7v0epo/Np22O/IjWll11l
# hJB9i0ZQVdgMknzSGksc8zxCi1LQsP1r4z4HLimb5j0bpdS1HXeUOeLpZMlEPXh6
# I/MTfaaQdION9MsmAkYqwooQu6SpBQyb7Wj6aC6VoCo/KmtYSWMfCWluWpiW5IP0
# wI/zRive/DvQvTXvbiWu5a8n7dDd8w6vmSiXmE0OPQvyCInWH8MyGOLwxS3OW560
# STkKxgrCxq2u5bLZ2xWIUUVYODJxJxp/sfQn+N4sOiBpmLJZiWhub6e3dMNABQam
# ASooPoI/E01mC8CzTfXhj38cbxV9Rad25UAqZaPDXVJihsMdYzaXht/a8/jyFqGa
# J+HNpZfQ7l1jQeNbB5yHPgZ3BtEGsXUfFL5hYbXw3MYbBL7fQccOKO7eZS/sl/ah
# XJbYANahRr1Z85elCUtIEJmAH9AAKcWxm6U/RXceNcbSoqKfenoi+kiVH6v7RyOA
# 9Z74v2u3S5fi63V4GuzqN5l5GEv/1rMjaHXmr/r8i+sLgOppO6/8MO0ETI7f33Vt
# Y5E90Z1WTk+/gFcioXgRMiF670EKsT/7qMykXcGhiJtXcVZOSEXAQsmbdlsKgEhr
# /Xmfwb1tbWrJUnMTDXpQzTGCGgwwghoIAgEBMIGVMH4xCzAJBgNVBAYTAlVTMRMw
# EQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVN
# aWNyb3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNp
# Z25pbmcgUENBIDIwMTECEzMAAANOtTx6wYRv6ysAAAAAA04wDQYJYIZIAWUDBAIB
# BQCgga4wGQYJKoZIhvcNAQkDMQwGCisGAQQBgjcCAQQwHAYKKwYBBAGCNwIBCzEO
# MAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkEMSIEINYn7wqJGiP+crvOrxy7BgNX
# wCfggfzceS3h3BsNwSdXMEIGCisGAQQBgjcCAQwxNDAyoBSAEgBNAGkAYwByAG8A
# cwBvAGYAdKEagBhodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20wDQYJKoZIhvcNAQEB
# BQAEggEAYVWRIjBaNiMfxnAJicL9P7YlvDqOibCtj5Ew6U7f9ynZ0xTu+I7KJw1V
# HZCXvparE/2UJlvXkVEw26JzNSCjW6fsim3RHIchSGaNHfOp/VPnj2DTaUt0B4M7
# Tg/TrYWzz1dTqZV35iiq2+GgYRH2gxhze4HiqUqMEas8kbrndhE/zDBulkdSIVJn
# XVif4cTItU3TkgjS4SdLpAVRSMcpuPwJg7dgm8/EIj5BYH9IUxOIxBiVITj/Y90n
# avPT6DjkqycHxu8i7qjKGt3XQWjuggpJg0Z7PFxM4f/881dUe6qVlhaswmAzUGG6
# 0KYX8pYiysHeezqnTMxaNrE2LR7W+aGCF5YwgheSBgorBgEEAYI3AwMBMYIXgjCC
# F34GCSqGSIb3DQEHAqCCF28wghdrAgEDMQ8wDQYJYIZIAWUDBAIBBQAwggFRBgsq
# hkiG9w0BCRABBKCCAUAEggE8MIIBOAIBAQYKKwYBBAGEWQoDATAxMA0GCWCGSAFl
# AwQCAQUABCCO+1Cz6lD/EEhh10UFOitL5UiE8d8i27L0eBacMThjrAIGZQPkWMOS
# GBIyMDIzMDkyMjA4MzA1Ny42MlowBIACAfSggdGkgc4wgcsxCzAJBgNVBAYTAlVT
# MRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQK
# ExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xJTAjBgNVBAsTHE1pY3Jvc29mdCBBbWVy
# aWNhIE9wZXJhdGlvbnMxJzAlBgNVBAsTHm5TaGllbGQgVFNTIEVTTjo5MjAwLTA1
# RTAtRDk0NzElMCMGA1UEAxMcTWljcm9zb2Z0IFRpbWUtU3RhbXAgU2VydmljZaCC
# Ee0wggcgMIIFCKADAgECAhMzAAABz1I2vnFLzUjKAAEAAAHPMA0GCSqGSIb3DQEB
# CwUAMHwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQH
# EwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xJjAkBgNV
# BAMTHU1pY3Jvc29mdCBUaW1lLVN0YW1wIFBDQSAyMDEwMB4XDTIzMDUyNTE5MTIx
# MVoXDTI0MDIwMTE5MTIxMVowgcsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNo
# aW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29y
# cG9yYXRpb24xJTAjBgNVBAsTHE1pY3Jvc29mdCBBbWVyaWNhIE9wZXJhdGlvbnMx
# JzAlBgNVBAsTHm5TaGllbGQgVFNTIEVTTjo5MjAwLTA1RTAtRDk0NzElMCMGA1UE
# AxMcTWljcm9zb2Z0IFRpbWUtU3RhbXAgU2VydmljZTCCAiIwDQYJKoZIhvcNAQEB
# BQADggIPADCCAgoCggIBALg9y37XlNjKtSN7nneXMFCh2CZ3kHPta4fxJ0ekChbP
# 7TVOscTEFK5owqfG9UyzJi1qzmHpqilQYBLlYpUtkC9S0frZMqYATQkr6LWFp+IJ
# Jctk9xF7HF5GQ6p5l58sHNenSe50w5dRRpvffdKzwuSgriXctjGbURuyvdvY5OjZ
# 5uwCg0niRLGZW48zsL5EOEa1UpH8SYexD0ZzAaaW67nhuqJUV3SgAUFvDi3FNTWa
# u4gZY/+L6yCI2q91X/BqH9BysqIaWlaI6v1rloaslo9JAPbGAQN09utJ+VjGxEx1
# kIkjy/O86/oGW49w88YZUsRpTs6zN1iMrl/hnlK7+U8rV5JPk8LhEWxVw6JLgvSw
# jggVnLAh0MkegqB2pZGnpDm8QOTyS9nPodYWdgs6Ue6owRi9Auvo6CihhT3PQDlw
# wscQgdhXXGJoHPHYRGJFj0xQ9aiGH5OllYRRmVSb+r1qddVE3S6N6Obo6xRUUOyw
# gyzNE0KoSi0kbC0cebnGsIq4mQWvwZ/A16UWX5cOgdetBgv3Njs2n5+uxNdCkpE2
# eYjVqyFyfkQL7DFS38RkiyRbN7AR+3T/7/SDf7xi0yRR1pATn7x7sLxQyJc4eQwr
# bmM01CosJ52UnAUh/2Kv1KkxzvY1H7WPpR5uLP9k9Xvh2jeN1W+rsOI8WVNv3ZQr
# AgMBAAGjggFJMIIBRTAdBgNVHQ4EFgQUNp4o+2nR5NJV0b6BlzkEORptODgwHwYD
# VR0jBBgwFoAUn6cVXQBeYl2D9OXSZacbUzUZ6XIwXwYDVR0fBFgwVjBUoFKgUIZO
# aHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jcmwvTWljcm9zb2Z0JTIw
# VGltZS1TdGFtcCUyMFBDQSUyMDIwMTAoMSkuY3JsMGwGCCsGAQUFBwEBBGAwXjBc
# BggrBgEFBQcwAoZQaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0
# cy9NaWNyb3NvZnQlMjBUaW1lLVN0YW1wJTIwUENBJTIwMjAxMCgxKS5jcnQwDAYD
# VR0TAQH/BAIwADAWBgNVHSUBAf8EDDAKBggrBgEFBQcDCDAOBgNVHQ8BAf8EBAMC
# B4AwDQYJKoZIhvcNAQELBQADggIBAFCCbimcDTGR3/24pckzN0xjLFR9Sb9m6xQF
# rfYwRldC4wanbSlK5fZVb3+2lMyjluRol0FWhTJ3YNsOw1vWSOv/fqe1PSO8vcCh
# ZK0AWFkHKmak9vH4E8rj1mV6OUzh3l6lfrry1FEZ8WKn1OKX3IpF9cGtecz+rrgi
# Kc3vNcRDcUVCF0kzO3yJtcKU7t4UD7UeLBk9bKxhY9v9k4Whs8Qy9eJ74aYRtMpu
# ETm3N7pGsD1p6OM/6/Wi4WgPlsyPlCD7B9lep76F9gqkx3xA6dDJ7P42WPWK3Kc5
# lZ/AdVHt1XBXTItKU9P7Icg7yD7d9aIDCmg7XtsNye1Jntg4GWNesiBp3hbiBf7i
# 2nV4GxzpdYghM8E3PFANllHEPitfM4HpdGURUl1hlDyBtc6KuD9029LYbFxHnRB0
# 5cMC6Z0QdoY0dvrLYiclp0I+naJPlAsLgyfNH5hmejVvyZakJ051Gz2DbVBtusjT
# qIuT0oPrWfHsrlF5K5y5Lln2duQgFotTEN6wWGvXCZ3XKd/QdDnVLCvKHtgjtNdP
# SOvzWZu+8j3G2iqMW8iE0GwgJ0J9NH3XKUlMfxa1SWkOESBKpa3eDM0s9NK9cDFd
# Okgznzexl137/ZgYAMx5aa3w+4xx7oawhwsI4XY2JhnXRJcdlLkdGsusKG7N50NG
# Kxaki7m5MIIHcTCCBVmgAwIBAgITMwAAABXF52ueAptJmQAAAAAAFTANBgkqhkiG
# 9w0BAQsFADCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAO
# BgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEy
# MDAGA1UEAxMpTWljcm9zb2Z0IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIw
# MTAwHhcNMjEwOTMwMTgyMjI1WhcNMzAwOTMwMTgzMjI1WjB8MQswCQYDVQQGEwJV
# UzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UE
# ChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGlt
# ZS1TdGFtcCBQQ0EgMjAxMDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB
# AOThpkzntHIhC3miy9ckeb0O1YLT/e6cBwfSqWxOdcjKNVf2AX9sSuDivbk+F2Az
# /1xPx2b3lVNxWuJ+Slr+uDZnhUYjDLWNE893MsAQGOhgfWpSg0S3po5GawcU88V2
# 9YZQ3MFEyHFcUTE3oAo4bo3t1w/YJlN8OWECesSq/XJprx2rrPY2vjUmZNqYO7oa
# ezOtgFt+jBAcnVL+tuhiJdxqD89d9P6OU8/W7IVWTe/dvI2k45GPsjksUZzpcGkN
# yjYtcI4xyDUoveO0hyTD4MmPfrVUj9z6BVWYbWg7mka97aSueik3rMvrg0XnRm7K
# MtXAhjBcTyziYrLNueKNiOSWrAFKu75xqRdbZ2De+JKRHh09/SDPc31BmkZ1zcRf
# NN0Sidb9pSB9fvzZnkXftnIv231fgLrbqn427DZM9ituqBJR6L8FA6PRc6ZNN3SU
# HDSCD/AQ8rdHGO2n6Jl8P0zbr17C89XYcz1DTsEzOUyOArxCaC4Q6oRRRuLRvWoY
# WmEBc8pnol7XKHYC4jMYctenIPDC+hIK12NvDMk2ZItboKaDIV1fMHSRlJTYuVD5
# C4lh8zYGNRiER9vcG9H9stQcxWv2XFJRXRLbJbqvUAV6bMURHXLvjflSxIUXk8A8
# FdsaN8cIFRg/eKtFtvUeh17aj54WcmnGrnu3tz5q4i6tAgMBAAGjggHdMIIB2TAS
# BgkrBgEEAYI3FQEEBQIDAQABMCMGCSsGAQQBgjcVAgQWBBQqp1L+ZMSavoKRPEY1
# Kc8Q/y8E7jAdBgNVHQ4EFgQUn6cVXQBeYl2D9OXSZacbUzUZ6XIwXAYDVR0gBFUw
# UzBRBgwrBgEEAYI3TIN9AQEwQTA/BggrBgEFBQcCARYzaHR0cDovL3d3dy5taWNy
# b3NvZnQuY29tL3BraW9wcy9Eb2NzL1JlcG9zaXRvcnkuaHRtMBMGA1UdJQQMMAoG
# CCsGAQUFBwMIMBkGCSsGAQQBgjcUAgQMHgoAUwB1AGIAQwBBMAsGA1UdDwQEAwIB
# hjAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFNX2VsuP6KJcYmjRPZSQW9fO
# mhjEMFYGA1UdHwRPME0wS6BJoEeGRWh0dHA6Ly9jcmwubWljcm9zb2Z0LmNvbS9w
# a2kvY3JsL3Byb2R1Y3RzL01pY1Jvb0NlckF1dF8yMDEwLTA2LTIzLmNybDBaBggr
# BgEFBQcBAQROMEwwSgYIKwYBBQUHMAKGPmh0dHA6Ly93d3cubWljcm9zb2Z0LmNv
# bS9wa2kvY2VydHMvTWljUm9vQ2VyQXV0XzIwMTAtMDYtMjMuY3J0MA0GCSqGSIb3
# DQEBCwUAA4ICAQCdVX38Kq3hLB9nATEkW+Geckv8qW/qXBS2Pk5HZHixBpOXPTEz
# tTnXwnE2P9pkbHzQdTltuw8x5MKP+2zRoZQYIu7pZmc6U03dmLq2HnjYNi6cqYJW
# AAOwBb6J6Gngugnue99qb74py27YP0h1AdkY3m2CDPVtI1TkeFN1JFe53Z/zjj3G
# 82jfZfakVqr3lbYoVSfQJL1AoL8ZthISEV09J+BAljis9/kpicO8F7BUhUKz/Aye
# ixmJ5/ALaoHCgRlCGVJ1ijbCHcNhcy4sa3tuPywJeBTpkbKpW99Jo3QMvOyRgNI9
# 5ko+ZjtPu4b6MhrZlvSP9pEB9s7GdP32THJvEKt1MMU0sHrYUP4KWN1APMdUbZ1j
# dEgssU5HLcEUBHG/ZPkkvnNtyo4JvbMBV0lUZNlz138eW0QBjloZkWsNn6Qo3GcZ
# KCS6OEuabvshVGtqRRFHqfG3rsjoiV5PndLQTHa1V1QJsWkBRH58oWFsc/4Ku+xB
# Zj1p/cvBQUl+fpO+y/g75LcVv7TOPqUxUYS8vwLBgqJ7Fx0ViY1w/ue10CgaiQuP
# Ntq6TPmb/wrpNPgkNWcr4A245oyZ1uEi6vAnQj0llOZ0dFtq0Z4+7X6gMTN9vMvp
# e784cETRkPHIqzqKOghif9lwY1NNje6CbaUFEMFxBmoQtB1VM1izoXBm8qGCA1Aw
# ggI4AgEBMIH5oYHRpIHOMIHLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGlu
# Z3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBv
# cmF0aW9uMSUwIwYDVQQLExxNaWNyb3NvZnQgQW1lcmljYSBPcGVyYXRpb25zMScw
# JQYDVQQLEx5uU2hpZWxkIFRTUyBFU046OTIwMC0wNUUwLUQ5NDcxJTAjBgNVBAMT
# HE1pY3Jvc29mdCBUaW1lLVN0YW1wIFNlcnZpY2WiIwoBATAHBgUrDgMCGgMVAOrz
# HNVfAuC5q4BCPWusnj9PIQyboIGDMIGApH4wfDELMAkGA1UEBhMCVVMxEzARBgNV
# BAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jv
# c29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAg
# UENBIDIwMTAwDQYJKoZIhvcNAQELBQACBQDot50RMCIYDzIwMjMwOTIyMDQ1NjQ5
# WhgPMjAyMzA5MjMwNDU2NDlaMHcwPQYKKwYBBAGEWQoEATEvMC0wCgIFAOi3nREC
# AQAwCgIBAAICDC4CAf8wBwIBAAICFDEwCgIFAOi47pECAQAwNgYKKwYBBAGEWQoE
# AjEoMCYwDAYKKwYBBAGEWQoDAqAKMAgCAQACAwehIKEKMAgCAQACAwGGoDANBgkq
# hkiG9w0BAQsFAAOCAQEATjRimnVfMKAZvtZ2DDApenLiV66yc31qk6rnoriva0x/
# hqZ6iOgFinHAhTAS8/vANosEzsMafRV43eGtjfLlm4V1un4HVvWKSz5Tg8WDkhK5
# o6YnOkwGnuXMyIaesycNlXvun8FzHljVDMzR9CPJ2L9K8ZvRF6JzP5w9nHQf7YKW
# LSPPAfBde7ns+aGnALCbWVbJgcLaGoWNjoQ1TeHUCsHbM7YPYbM+EskM/cwaQ0Cw
# kZnfmtbPVNA1ZKZJ5F5t0RT0fFh6dhZpvXE1jvB6CDCZYj7BFWNDz8P8Ufi6Tqic
# nkT5yuQkIKbSdNZzmTJdFRjSOR7iQrj1gh4DObdsajGCBA0wggQJAgEBMIGTMHwx
# CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRt
# b25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMTHU1p
# Y3Jvc29mdCBUaW1lLVN0YW1wIFBDQSAyMDEwAhMzAAABz1I2vnFLzUjKAAEAAAHP
# MA0GCWCGSAFlAwQCAQUAoIIBSjAaBgkqhkiG9w0BCQMxDQYLKoZIhvcNAQkQAQQw
# LwYJKoZIhvcNAQkEMSIEIP052xmaDQ+OHI0bZ1NKENNvh/Fvzg+0d/4XSkb3B4mk
# MIH6BgsqhkiG9w0BCRACLzGB6jCB5zCB5DCBvQQgs+mwup41Lg25hcTZUmUy69B5
# ZUDzRkMWGk4+NLOE9r8wgZgwgYCkfjB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMK
# V2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0
# IENvcnBvcmF0aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0Eg
# MjAxMAITMwAAAc9SNr5xS81IygABAAABzzAiBCDBgSukfcZawpLQ+F78UZsi+CrN
# xOunQPASblHXcH4ogzANBgkqhkiG9w0BAQsFAASCAgB1bMszlGIJtQxYnZ6Zk4RP
# KAmeaJEL5jAJ+nQf38c/eUuShftuFqPucSlSFjL770tk5PsN4UWeFDHXekNnpCk6
# K7CO4Q2M4skxml7T8PVRhSY380YwsyDb2VoaG+vBrP55RxLgTjWyJJ6+df0Ee5oM
# 4hK72izWsEyPZnFU5BGzMjTBZmLIUA/QRsPqUts0tbnImtjhF/GSZCAd1GgZPb4+
# gp11CNZADfefgGIK/WFg0CvnTQU7uEG4Ukf8NhIkGP1d6eLM2qV/67ZXe7xwoZrT
# 4L4gI4b3ykDPnd9X82NOAIafxm7Su9qG6zrQe9YCxo0p+55Q3N59JNUkAogFkXda
# ijV97C/k4MSIE7Pr94cnUG1j6jsVwFwNz+spgTdBZ9u84ReSQcwrvEXJ+7+sCesS
# D56KqQ6DJJiOba2xrMKtIFMdbYvNv63QADrL0nujDGWIYQi5No67WbtRO7J5UxV+
# 8uwViIoKa968YzoqBXyFeC1m7QqSK6pDI7Pmsv2e4ecl2QvYLJbOmyldFFRKwux2
# nNS/KisWn1uuo87UL3a9ClWB+LGAaeinL7W/HxcERISdZWduKOnGaRbLESGNvGDJ
# YQS0JlWJJFFGVst9z2fEaRzgcdOw+ZAzW+ZVjybjdYUw8/KFx7QnXOEnzlHAXHbX
# w2KUbEALffpkFcR2lTTcqw==
# SIG # End signature block