AzStackHCICloud/AzStackHci.Cloud.Helpers.psm1
|
<#############################################################
# # # Copyright (C) Microsoft Corporation. All rights reserved. # # # #############################################################> Import-LocalizedData -BindingVariable lanTxt -FileName AzStackHci.Cloud.Strings.psd1 function Test-AzStackHciHDD { try { $severity = 'CRITICAL' $hddDisks = Get-PhysicalDisk | Where-Object { $_.MediaType -eq 'HDD' } if ($hddDisks) { $detail = "Found the following HDD(s):" Log-Info $detail foreach ($disk in $hddDisks) { $detail = " - $($disk.FriendlyName)" Log-Info $detail } $status = 'FAILURE' $detail = $lanTxt.HDDNotSupported Log-Info $detail -Type $severity } else { $status = 'SUCCESS' $detail = "HDD check passed. No HDD disks found." Log-Info $detail } $params = @{ Name = 'AzStackHci_CloudValidation_HDDCheck' Title = 'HDD Check' DisplayName = 'HDD Check' Severity = $severity Description = 'Checking for unsupported HDD' Tags = @{} Remediation = 'Remove any HDD from nodes to ensure compliance' TargetResourceID = "Node_PhysicalDisks" TargetResourceName = "Node_PhysicalDisks" TargetResourceType = "Node_PhysicalDisk" Timestamp = [datetime]::UtcNow Status = $Status AdditionalData = @{ Source = $env:computername Resource = 'Node_PhysicalDisks' Detail = $detail Status = $status TimeStamp = [datetime]::UtcNow } HealthCheckSource = $ENV:EnvChkrId } New-AzStackHciResultObject @params } catch { throw ("Error in Test-AzStackHciHDD: $_") } } function Test-AzStackHciSwitchNameCompare { try { # Initialize variables $severity = 'CRITICAL' $Status = 'SUCCESS' # Default to success # Retrieve the external VMSwitch name $switchName = Get-VMSwitch | Where-Object { $_.SwitchType -eq 'External' } | Select-Object -ExpandProperty Name # Extract name if parentheses are present if ($switchName -match '\((?<inside>.*?)\)') { $switchName = $matches['inside'] } # Parse unattend file $unattendFile = Join-Path -Path $env:SystemDrive -ChildPath 'CloudDeployment\DeploymentData' | Join-Path -ChildPath 'Unattended.json' $json = Get-Content -Path $unattendFile -Raw | ConvertFrom-Json $unattendHostNetwork = $json.ScaleUnits.DeploymentData.HostNetwork.Intents # Find the Management network and retrieve the switch name $mgmtIntent = $unattendHostNetwork | Where-Object { $_.TrafficType.Contains("Management") } $mgmtIntentName = $mgmtIntent[0].Name # Compare the switch names if ($switchName -ne $mgmtIntentName) { # Names do not match, log because its not a management cluster $detail = "The switch names do not match, because its not a management cluster" Log-Info $detail } else { # Names match, log and set status to SUCCESS $detail = "The switch names match. Expected: '$mgmtIntentName', Found: '$switchName'" Log-Info $detail } # Prepare the result parameters $params = @{ Name = 'AzStackHci_CloudValidation_SwitchNameCompare' Title = 'Switch Name Compare' DisplayName = "Switch Name Compare" Severity = $severity Description = 'Checking Switch Names on First Server' Tags = @{} Remediation = 'Ensure the Switch name in Unattended.json matches First Server' TargetResourceID = "First_Server_Management_Switch" TargetResourceName = "First_Server_Management_Switch" TargetResourceType = "First_Server_Management_Switch" Timestamp = [datetime]::UtcNow Status = $Status AdditionalData = @{ Source = $env:computername Resource = 'First_Server_Management_Switch' Detail = $detail Status = $status TimeStamp = [datetime]::UtcNow } HealthCheckSource = $ENV:EnvChkrId } New-AzStackHciResultObject @params } catch { throw ("Error in Test-AzStackHciSwitchNameCompare: $_") } } function Test-AzStackHciFirstServer { try { $severity = 'CRITICAL' $Status = 'SUCCESS' # Default to success $unattendFile = Join-Path -Path $env:SystemDrive -ChildPath 'CloudDeployment\DeploymentData' | Join-Path -ChildPath 'Unattended.json' $json = Get-Content -Path $unattendFile -Raw | ConvertFrom-Json $unattendNodes = $json.ScaleUnits.DeploymentData.PhysicalNodes.Name | Sort-Object if ($unattendNodes.Count -gt 1) { $firstServer = $unattendNodes[0] } else { $firstServer = $unattendNodes } # Check if the First Server is hosting a virtual machine if ((Get-ComputerInfo).CsName -ne $firstServer) { $Status = 'FAILURE' $detail = $lanTxt.FirstServer Log-Info $detail -Type $severity } else { $detail = "The Environment Checker is running on the FirstServer: $firstServer" Log-Info $detail # Check if IRVM01 is running on the First Server $vmName = "IRVM01" # Get list of running virtual machines on the First Server $vms = Get-VM -ComputerName $firstServer # Check if VM01 is in the list of VMs on the First Server $vmPresent = $vms | Where-Object { $_.Name -eq $vmName } if ($vmPresent) { $detail = "Cloud Appliance is running on the FirstServer." Log-Info $detail } else { $detail = "Its not a management cluster becasue Cloud Appliance is not running on the First Server." Log-Info $detail } } # Prepare the result parameters $params = @{ Name = 'AzStackHci_CloudValidation_FirstServer' Title = 'First Server Check' DisplayName = 'First Server Check' Severity = $severity Description = 'Checking if First Server is running validation' Tags = @{} Remediation = 'Ensure First Server is running validation' TargetResourceID = "First_Server" TargetResourceName = "First_Server" TargetResourceType = "First_Server" Timestamp = [datetime]::UtcNow Status = $Status AdditionalData = @{ Source = $env:computername Resource = 'First_Server' Detail = $detail Status = $status TimeStamp = [datetime]::UtcNow } HealthCheckSource = $ENV:EnvChkrId } New-AzStackHciResultObject @params } catch { throw ("Error in Test-AzStackHciFirstServer: $_") } } function Test-AzStackHciRootCert { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [System.Management.Automation.Runspaces.PSSession[]] $PsSession, [Parameter(Mandatory = $false)] [string] $DomainFQDN ) try { $url = "https://portal." + $DomainFQDN $rootCertSb = { param($url) $AdditionalData = @() $testResult = $true $status = "SUCCESS" $resource = $null $detail = $null try { $webRequest = [Net.WebRequest]::Create($url) $webRequest.GetResponse() | Out-Null $chain = [System.Security.Cryptography.X509Certificates.X509Chain]::Create() $chain.Build($webRequest.ServicePoint.Certificate) # Collect the certs and file paths in an array $certs = $chain.ChainElements | ForEach-Object { $cert = $_.Certificate $tempPath = Join-Path -Path $env:SystemDrive -ChildPath 'Temp' if (-not (Test-Path -Path $tempPath)) { New-Item -Path $tempPath -ItemType Directory } $path = Join-Path $tempPath -ChildPath "$($cert.Thumbprint).cer" # Export the cert to a .cer file $cert.Export([System.Security.Cryptography.X509Certificates.X509ContentType]::Cert) | Set-Content -Path $path -Encoding Byte [PSCustomObject]@{ Certificate = $cert Path = $path } } $myCerts = foreach ($item in $certs) { $item.Certificate } $certStore = Get-ChildItem -Path 'Cert:\LocalMachine\Root' foreach ($cert in $myCerts) { # Compare the thumbprint in the store $installedCert = $certstore | Where-Object { $_.Thumbprint -eq $cert.Thumbprint } if ($installedCert) { $foundRootCert = $true $testResult = $true $detail = "Root Certificate found" break } } if (-not $foundRootCert) { $testResult = $false $status = 'FAILURE' $detail = $detail = "Root Certificate ending in ***$($cert.Thumbprint[-7..-1] -join '') not found" } } catch { $detail = $_.Exception.Message $resource = "Error occurred in Environment Validator Root Cert test." $testResult = $false $status = 'FAILURE' } finally { $AdditionalData += @{ Pass = [bool]$testResult Status = $status Source = $ENV:COMPUTERNAME Resource = $resource Detail = $detail TimeStamp = [datetime]::UtcNow } } return $AdditionalData } $rootCertResult = @() foreach ($session in $PsSession) { Log-Info "Checking Root Cert on node $($session.ComputerName)" $rootCertificateOnNode = Invoke-Command -Session $session -ScriptBlock $rootCertSb -ArgumentList $url Log-Info "Got Root Cert validation results from $($session.ComputerName)" $rootCertValidationStatus = if($rootCertificateOnNode.Pass -eq $true) { 'SUCCESS' } else { 'FAILURE' } Log-Info "Root Cert validation status is $rootCertValidationStatus" $rootCertValidationDetailMessage = $rootCertificateOnNode.Detail $params = @{ Name = 'AzStackHci_CloudValidation_RootCert' Title = 'Root Certificate Check in Root Cert Store' DisplayName = 'Root Certificate Check in Root Cert Store' Severity = 'CRITICAL' Description = 'Checking for Root Certificate in Root Cert Store' Tags = @{} Remediation = 'Ensure Root Certificate is present in Root Cert Store' TargetResourceID = "Root_Certificate" TargetResourceName = "Root_Certificate" TargetResourceType = "Root_Certificate" Timestamp = [datetime]::UtcNow Status = $rootCertValidationStatus AdditionalData = @{ Source = $session.ComputerName Resource = 'RootCertificateValidation' Detail = $rootCertValidationDetailMessage Status = $rootCertValidationStatus TimeStamp = [datetime]::UtcNow } HealthCheckSource = $ENV:EnvChkrId } $rootCertResult += New-AzStackHciResultObject @params } return $rootCertResult } catch { throw ("Error in Test-AzStackHciRootCert: $_") } } function Test-AzStackHciRootCertFileLocation { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [System.Management.Automation.Runspaces.PSSession[]] $PsSession, [Parameter(Mandatory = $false)] [string] $DomainFQDN, [Parameter(Mandatory = $false)] [string] $RootCertificatePath ) try { $url = "https://portal." + $DomainFQDN $rootCertSb = { param($url, $rootCertificatePath) $AdditionalData = @() $testResult = $true $status = "SUCCESS" $resource = $null $detail = "" try { $webRequest = [Net.WebRequest]::Create($url) $webRequest.GetResponse() | Out-Null $chain = [System.Security.Cryptography.X509Certificates.X509Chain]::Create() $chain.Build($webRequest.ServicePoint.Certificate) # Collect the certs and file paths in an array $certs = $chain.ChainElements | ForEach-Object { $cert = $_.Certificate $tempPath = Join-Path -Path $env:SystemDrive -ChildPath 'Temp' if (-not (Test-Path -Path $tempPath)) { New-Item -Path $tempPath -ItemType Directory } $path = Join-Path $tempPath -ChildPath "$($cert.Thumbprint).cer" # Export the cert to a .cer file $cert.Export([System.Security.Cryptography.X509Certificates.X509ContentType]::Cert) | Set-Content -Path $path -Encoding Byte [PSCustomObject]@{ Certificate = $cert Path = $path } } $myCerts = foreach ($item in $certs) { $item.Certificate } # Get the root certificate from the chain (last element is the root) $aldoRootCert = $myCerts | Select-Object -Last 1 # Check if root cert file exists at the specified path and thumbprint matches if (-not (Test-Path -Path $RootCertificatePath)) { $testResult = $false $status = 'FAILURE' $detail = "Root certificate file not found at path: $RootCertificatePath. Place the Azure Local disconnected operations root certificate file at location '$RootCertificatePath'." } else { # Load the certificate from the file and compare thumbprints try { $fileCert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($RootCertificatePath) } catch { $testResult = $false $status = 'FAILURE' $detail = "Root certificate file at path: $RootCertificatePath is not a valid certificate. Ensure the file at '$RootCertificatePath' is a valid certificate file for the Azure Local disconnected operations root certificate." } if ($fileCert) { if ($fileCert.Thumbprint -ne $aldoRootCert.Thumbprint) { $testResult = $false $status = 'FAILURE' $detail = "Root certificate file thumbprint ($($fileCert.Thumbprint)) does not match expected root certificate thumbprint ($($aldoRootCert.Thumbprint)) at $RootCertificatePath. Correct certificate file as Azure Local disconnected operations root certificate." } else { $detail = "The root certificate file found at path: $RootCertificatePath." } } } } catch { $detail = $_.Exception.Message $resource = "Error occurred in Environment Validator Root Cert File Location test." $testResult = $false $status = 'FAILURE' } finally { $AdditionalData += @{ Pass = [bool]$testResult Status = $status Source = $ENV:COMPUTERNAME Resource = $resource Detail = $detail TimeStamp = [datetime]::UtcNow } } return $AdditionalData } $rootCertResult = @() foreach ($session in $PsSession) { Log-Info "Checking Root Cert on node $($session.ComputerName)" $rootCertificateOnNode = Invoke-Command -Session $session -ScriptBlock $rootCertSb -ArgumentList @($url, $rootCertificatePath) Log-Info "Got Root Cert validation results from $($session.ComputerName)" $rootCertValidationStatus = if($rootCertificateOnNode.Pass -eq $true) { 'SUCCESS' } else { 'FAILURE' } Log-Info "Root Cert validation status is $rootCertValidationStatus" $rootCertValidationDetailMessage = $rootCertificateOnNode.Detail $params = @{ Name = 'AzStackHci_CloudValidation_RootCertFileLocation' Title = 'Root Certificate Check at File Location' DisplayName = 'Root Certificate Check at File Location' Severity = 'INFORMATIONAL' Description = 'Checking for Root Certificate at File Location' Tags = @{} Remediation = 'Ensure Root Certificate is present at the specified file location' TargetResourceID = "Root_Certificate_FileLocation" TargetResourceName = "Root_Certificate_FileLocation" TargetResourceType = "Root_Certificate_FileLocation" Timestamp = [datetime]::UtcNow Status = $rootCertValidationStatus AdditionalData = @{ Source = $session.ComputerName Resource = 'RootCertificateFileLocationValidation' Detail = $rootCertValidationDetailMessage Status = $rootCertValidationStatus TimeStamp = [datetime]::UtcNow } HealthCheckSource = $ENV:EnvChkrId } $rootCertResult += New-AzStackHciResultObject @params } return $rootCertResult } catch { throw ("Error in Test-AzStackHciRootCertFileLocation: $_") } } Export-ModuleMember -Function Test-* # SIG # Begin signature block # MIInRgYJKoZIhvcNAQcCoIInNzCCJzMCAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCAKmV2Vo+jVm6jI # loxjklgLYY0RAAtbAIvYjNQ0IKoLqKCCDLowggX1MIID3aADAgECAhMzAAACHU0Z # yE7XD1dIAAAAAAIdMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNVBAYTAlVTMR4wHAYD # VQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBD # b2RlIFNpZ25pbmcgUENBIDIwMjQwHhcNMjYwNDE2MTg1OTQzWhcNMjcwNDE1MTg1 # OTQzWjB0MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UE # BxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYD # VQQDExVNaWNyb3NvZnQgQ29ycG9yYXRpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IB # DwAwggEKAoIBAQDQvewXxx9gZZFC6Ys1WBay8BJ8kGA4JQnH5CMafqOASlTpK9H8 # o5ZXTXt0caVQTNMUPt445wXYD+dFtaKWTwDn1I52oUSrC9vJin1Gsqt+zyKJL5Dg # 3eQXbQNR61DmMy20GLTIO3SFed9Rfi/ophgCLGFLDR3r0KvHjwMb/jYWS0celV/4 # Lz27LfAekm8v9E5IXaeiXbAUYZKK090n4CVl3JBtbN+9DtI9SNu/yjvozW52/u7R # X/Ttpa/KDlpuokZ+Zcbvmtd9ur9gFLvZzh41o9MsE/clQtdaFWGvuo6Jua/ntpgk # ey3E5/vBFe+MJPG6phdnuo6r57ZudCudiI1bAgMBAAGjggGbMIIBlzAOBgNVHQ8B # Af8EBAMCB4AwHwYDVR0lBBgwFgYKKwYBBAGCN0wIAQYIKwYBBQUHAwMwHQYDVR0O # BBYEFH6QuMwqcPG0hQlQ6c5jCtTTLrVeMEUGA1UdEQQ+MDykOjA4MR4wHAYDVQQL # ExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xFjAUBgNVBAUTDTIzMDAxMis1MDc1NTkw # HwYDVR0jBBgwFoAUf1k/VCHarU/vBeXmo9ctBpQSCDEwYAYDVR0fBFkwVzBVoFOg # UYZPaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jcmwvTWljcm9zb2Z0 # JTIwQ29kZSUyMFNpZ25pbmclMjBQQ0ElMjAyMDI0LmNybDBtBggrBgEFBQcBAQRh # MF8wXQYIKwYBBQUHMAKGUWh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMv # Y2VydHMvTWljcm9zb2Z0JTIwQ29kZSUyMFNpZ25pbmclMjBQQ0ElMjAyMDI0LmNy # dDAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBCwUAA4ICAQBKTbYOjzwTG/DXGaz9 # s6+fQeaTtDcFmMY+5UyVFCyj7Pv+5i37qfX8lSL/tBIfYQfWsMuBQlfZurJD6r4H # VJ2CeH+1fgiq8dcHdVKoZ3Sa2qXoX3cq9iS8cVb06B7+5/XJ7I0OxHH9fDsvJ3T3 # w5V/ZtAIFmLrl+P0CtG+92uzRsn0nTbdFjOkLMLWPLAU3THohKRlSEMgFJpPkm5n # 5UAZ35xX6FWCrDLsSKb555bTifwa8mJBwdlof0bmfYidH+dxZ1FdDxvLnNl9zeKs # A4kejaaIqqIPguhwAti5Ql7BlTNoJNwxCvBmqW2MQLnCkYN/VVUsR3V2x/rcTNzo # Bf/Z/SpROvdaA2ZOOd1uioXJt3tdLQ7vHpqpib0KfWr/FWXW10q38VxfCnRQBqzb # SuztR7nEMuzX7Ck+B/XaPDXd1qh72+QYyB0Z2VzWmO9zsnb9Uq/dwu8LGeQqnyu6 # 7SDGACvnXii2fb9+US492VTnXSnFKyqwgzUyFMtZK1/sHYTv6bG4TtQUygQxTN+Z # V+aJIlKO2MqZ7bKrAnOzS9m6NgoTdWOq11bTOZwKlIEV/EhV9SWkDmdpR/hPPT2v # 6TEj4F8PT/zHjRezIU5c/DGlt/VhY/pK0XkJtEyMmmS1BMtjU/rqBZVMIm3dnxQs # /TBByr+Cf8Z1r7aifQVQ+WSqzjCCBr0wggSloAMCAQICEzMAAAA5O7Y3Gb8GHWcA # AAAAADkwDQYJKoZIhvcNAQEMBQAwgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpX # YXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQg # Q29ycG9yYXRpb24xMjAwBgNVBAMTKU1pY3Jvc29mdCBSb290IENlcnRpZmljYXRl # IEF1dGhvcml0eSAyMDExMB4XDTI0MDgwODIwNTQxOFoXDTM2MDMyMjIyMTMwNFow # VzELMAkGA1UEBhMCVVMxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEo # MCYGA1UEAxMfTWljcm9zb2Z0IENvZGUgU2lnbmluZyBQQ0EgMjAyNDCCAiIwDQYJ # KoZIhvcNAQEBBQADggIPADCCAgoCggIBANgBnB7jOMeqlRYHNa265v4IY9fH8TKh # emHfPINe1gpLaV3dhg324WwH06LcHbpnsBukCDNitryo0dtS/EW6I/yEL/bLSY8h # KpbfQuWusBPr9qazYcDxCW/qnjb5JsI1s8bNOg3bVATvQVL4tcf03aTycsz8QeCd # M0l/yHRObJ9QqazM1r6VPEOJ7LL+uEEb73w6QCuhs89a1uv1zerOYMnsneRRwCbp # yW11IcggU0cRKDDq1pjVJzIbIF6+oiXXbReOsgeI8zu1FyQfK0fVkaya8SmVHQ/t # Of23mZ4W9k0Ri22QW9p3UgSC5OUDktKxxcCmGL6tXLfOGSWHIIV4YrTJTT6PNty5 # REojHJuZHArkF9VnHTERWoTjAzfI3kP+5b4alUdhgAZ7ttOu1bVnXfHaqPYl2rPs # 20ji03LOVWsh/radgE17es5hL+t6lV0eVHrVhsssROWJuz2MXMCt7iw7lFPG9LXK # Gjsmonn2gotGdHIuEg5JnJMJVmixd5LRlkmgYRZKzhxSCwyoGIq0PhaA7Y+VPct5 # pCHkijcIIDm0nlkK+0KyepolcqGm0T/GYQRMhHJlGOOmVQop36wUVUYklUy++vDW # eEgEo4s7hxN6mIbf2MSIQ/iIfMZgJxC69oukMUXCrOC3SkE/xIkgpfl22MM1itkZ # 35nNXkMolU1lAgMBAAGjggFOMIIBSjAOBgNVHQ8BAf8EBAMCAYYwEAYJKwYBBAGC # NxUBBAMCAQAwHQYDVR0OBBYEFH9ZP1Qh2q1P7wXl5qPXLQaUEggxMBkGCSsGAQQB # gjcUAgQMHgoAUwB1AGIAQwBBMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAU # ci06AjGQQ7kUBU7h6qfHMdEjiTQwWgYDVR0fBFMwUTBPoE2gS4ZJaHR0cDovL2Ny # bC5taWNyb3NvZnQuY29tL3BraS9jcmwvcHJvZHVjdHMvTWljUm9vQ2VyQXV0MjAx # MV8yMDExXzAzXzIyLmNybDBeBggrBgEFBQcBAQRSMFAwTgYIKwYBBQUHMAKGQmh0 # dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvY2VydHMvTWljUm9vQ2VyQXV0MjAx # MV8yMDExXzAzXzIyLmNydDANBgkqhkiG9w0BAQwFAAOCAgEAFJQfOChP7onn6fLI # MKrSlN1WYKwDFgAddymOUO3FrM8d7B/W/iQ6DxXsDn7D5W4wMwYeLystcEqfkjz4 # NURRgazyMu5yRzQh4LqjA4tStTcJh1opExo7nn5PuPBYnbu0+THSuVHTe0VTTPVh # ily/piFrDo3axQ9P4C+Ol5yet+2gTfekICS5xS+cYfSIvgn0JksVBVMYVI5QFu/q # hnLhsEFEUzG8fvv0hjgkO+lkpV9ty6GkN4vdnd7ya6Q6aR9y34aiM1qmxaxBi6OU # nyNl6fkuun/diTFnYDLTppOkr/mg5WSfCiDVMNCxtj4wPKC5OmHm1DQIt/MNokbb # H3UGsFP1QbzsLocuSqLCvH09Io3fDPTmscR9Y75G4qX7RTX8AdBPo0I6OEojf39z # uFZt0qOHm65YWQE69cZM2ueE1MB05dNNgHK9gTE7zKvK/fg8B2qjW88MT/WF5V5u # vZGtqa9FSL2RazArA+rDPuf6JGYz4HpgMZHB4S6szWSKYBv0VisCzfxgeU+dquXW # 9bd0auYlOB58DPcOYKdc3Se94g+xL4pcEhbB54JOgAkwYTu/9dLeH2pDqeJZAABV # DWRQCaXfO5LgyKwKCLYXpigrZYCjUSBcr+Ve8PFWMhVTQl0v4q8J/AUmQN5W4n10 # 1cY2L4A7GTQG1h32HHAvfQESWP0xghniMIIZ3gIBATBuMFcxCzAJBgNVBAYTAlVT # MR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jv # c29mdCBDb2RlIFNpZ25pbmcgUENBIDIwMjQCEzMAAAIdTRnITtcPV0gAAAAAAh0w # DQYJYIZIAWUDBAIBBQCgga4wGQYJKoZIhvcNAQkDMQwGCisGAQQBgjcCAQQwHAYK # KwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkEMSIEIIKBW/d6 # iLD/aVT4iuNhH4K3tCn//WHf63TTT4jQFBp0MEIGCisGAQQBgjcCAQwxNDAyoBSA # EgBNAGkAYwByAG8AcwBvAGYAdKEagBhodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20w # DQYJKoZIhvcNAQEBBQAEggEAQ3LEaJyB3LexIaQ1z2+0LW7WyotOQ8fWaQfCqDMd # QRFXAylrfNklx/AYl6t+vySdfKlIXkEjoGQQOq+X5pI3jTbuWP4rDnAa9KFxTM00 # VU17asp8aDy7x+ajFuYJVB1WAVCtBGuB6pIL1knPqLBFu0j02y/ap+O5+2ketxJY # pbWKD40UfXnUtNyaRpW0XfMiTkYcnRMDoILsH/ZDOBQJueVNpXqu4IKZAaXondC9 # oWgtzdjL14OkrTG5FZakHrZj3dBSbe2kokzDxxDjzoblm8jPApuB43GEQ0qafWP/ # P9jUloMbbdvzrt39WZtRkPbOlq0nXMUUeUjWSaENtM5ZdqGCF5QwgheQBgorBgEE # AYI3AwMBMYIXgDCCF3wGCSqGSIb3DQEHAqCCF20wghdpAgEDMQ8wDQYJYIZIAWUD # BAIBBQAwggFSBgsqhkiG9w0BCRABBKCCAUEEggE9MIIBOQIBAQYKKwYBBAGEWQoD # ATAxMA0GCWCGSAFlAwQCAQUABCDQvCsbtBTOrdrQnmEd+PUlerfepKqgx29ZWphK # 1yuadgIGaedeW7IcGBMyMDI2MDUwMzE0MzExMC41MTZaMASAAgH0oIHRpIHOMIHL # MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVk # bW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSUwIwYDVQQLExxN # aWNyb3NvZnQgQW1lcmljYSBPcGVyYXRpb25zMScwJQYDVQQLEx5uU2hpZWxkIFRT # UyBFU046QTQwMC0wNUUwLUQ5NDcxJTAjBgNVBAMTHE1pY3Jvc29mdCBUaW1lLVN0 # YW1wIFNlcnZpY2WgghHqMIIHIDCCBQigAwIBAgITMwAAAijwpYfX88geQAABAAAC # KDANBgkqhkiG9w0BAQsFADB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGlu # Z3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBv # cmF0aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMDAe # Fw0yNjAyMTkxOTQwMDZaFw0yNzA1MTcxOTQwMDZaMIHLMQswCQYDVQQGEwJVUzET # MBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMV # TWljcm9zb2Z0IENvcnBvcmF0aW9uMSUwIwYDVQQLExxNaWNyb3NvZnQgQW1lcmlj # YSBPcGVyYXRpb25zMScwJQYDVQQLEx5uU2hpZWxkIFRTUyBFU046QTQwMC0wNUUw # LUQ5NDcxJTAjBgNVBAMTHE1pY3Jvc29mdCBUaW1lLVN0YW1wIFNlcnZpY2UwggIi # MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCujvbk/sqcCSReZaJfCuf1NwRc # c7XknhE6wkLofkNj1mxEAg35qy2xcFjgjartVvA09W8QHcpyMqVSXOTxNHJsmk0q # P2CDLvUAulWg7aS5oBORpEX1oz3n0R2nPqeH0IHK1zJxjxaHW21AbuZ0Z+wM3WYN # zkBlcHmVe03ZG7rlk28h72r5P5ME8FGpFmYW5Hl7psKbgLEfrYAitpttsb+sZsBU # I+hMKl4uLJYotKyZv1ewOIinBfRU8QosivjofaBezUf9NdV+iGrWh321WnSsK3A/ # Jl6GLtbSWXcJWULgbxuqnobPK+YlB3174TMWTgX4YWjG7o0Otz/pjHNCKBbB788d # ynhLdGY6B08E9+4SGrRpsty4iJHOydHCA5M4i5yYRwsdut+gmvxIpT8yNXJcjJCg # 0vO8mv/nFY9Wytv2qmCtCFFivGUWqU20/sUeRooQZGiQOJQn095Cj3isIsvRP8KU # 7hN/EDI8HVsb/NPzMFLvRznrRnj0TOnDiOTUcnYwmk+XfoS1owskcCCCwHnbC00D # 58z83y7K5ZJB745hcn4CE2nR3e6RGsr42y5qtt6Mdz/s7MTnDS2UmVHWX1X/HZe3 # UlX8gj/t63L50xIPqkRCBEdM1ADNUaSfo9OQiKb/bj1diZCGTfEDUBBLop1mhkwI # F82faplV2busZ+U4kQIDAQABo4IBSTCCAUUwHQYDVR0OBBYEFKrJpYz48tzouvVk # BVthASFpQ93DMB8GA1UdIwQYMBaAFJ+nFV0AXmJdg/Tl0mWnG1M1GelyMF8GA1Ud # HwRYMFYwVKBSoFCGTmh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMvY3Js # L01pY3Jvc29mdCUyMFRpbWUtU3RhbXAlMjBQQ0ElMjAyMDEwKDEpLmNybDBsBggr # BgEFBQcBAQRgMF4wXAYIKwYBBQUHMAKGUGh0dHA6Ly93d3cubWljcm9zb2Z0LmNv # bS9wa2lvcHMvY2VydHMvTWljcm9zb2Z0JTIwVGltZS1TdGFtcCUyMFBDQSUyMDIw # MTAoMSkuY3J0MAwGA1UdEwEB/wQCMAAwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwgw # DgYDVR0PAQH/BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4ICAQCQ6NfLmrRahgVtgWg3 # 83GaS07fHyod6bhcUONt2tet+6BaNuH0r7ABkVHheOpxBdrUrOEYVEaIii9dK3cu # ZLNmp1iUAx/VbmOZYl7xz+tNrjCWqrg1jQmq0oRB8iE4QJpwNhGP67oY5huYIU0D # 4lhDoahqfgKJn/0Bk+9UKDPw5XlUYmreFmJlj9YQzcPPep8MxBXxh/Y5I7vQeRaW # 5SjtiLQOLRk3ggvraDs5Sf49MJV6/BwxXC2rvUfEFX6SUDooqKIE9NgVIRq0RZu7 # Ot0i0Is+HvPP0hB6KwOxMg1SWKOfTtFpWpdo8MJvgKCHkPpXEzgprP+pyIHuO7gV # RlSTsbYBFLh2yId/itM4uYL0R+2SSBBTpSSRthrGuEmElI5BCHMxzMg/oqHSPwZA # IAkM2C4xxi0St7qMuA+m+ZzFYkfoF41QoSJn+HjqhqWYQ0m/SO9/KnJRJJUwMd5T # iMnjZ+E/DJiUry5udiWyQpvfj2hQFI0djhahoAXDazeEciLF2uEnTur9UfjcwOun # /oMY+ULftnOi2jKLMrreV097akzz/JxpnDgYJU/tgU7fQflg7IqiL9+0276+joQH # o21mVeY5YD8Kh/kUaY6Jm/OTM88G7evTz/qnRumxovTjMStvpbAHNRhmSTdIPTV3 # 2CyuxDKS/V5a5iwA+f9ViBo+wjCCB3EwggVZoAMCAQICEzMAAAAVxedrngKbSZkA # AAAAABUwDQYJKoZIhvcNAQELBQAwgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpX # YXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQg # Q29ycG9yYXRpb24xMjAwBgNVBAMTKU1pY3Jvc29mdCBSb290IENlcnRpZmljYXRl # IEF1dGhvcml0eSAyMDEwMB4XDTIxMDkzMDE4MjIyNVoXDTMwMDkzMDE4MzIyNVow # fDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1Jl # ZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMd # TWljcm9zb2Z0IFRpbWUtU3RhbXAgUENBIDIwMTAwggIiMA0GCSqGSIb3DQEBAQUA # A4ICDwAwggIKAoICAQDk4aZM57RyIQt5osvXJHm9DtWC0/3unAcH0qlsTnXIyjVX # 9gF/bErg4r25PhdgM/9cT8dm95VTcVrifkpa/rg2Z4VGIwy1jRPPdzLAEBjoYH1q # UoNEt6aORmsHFPPFdvWGUNzBRMhxXFExN6AKOG6N7dcP2CZTfDlhAnrEqv1yaa8d # q6z2Nr41JmTamDu6GnszrYBbfowQHJ1S/rboYiXcag/PXfT+jlPP1uyFVk3v3byN # pOORj7I5LFGc6XBpDco2LXCOMcg1KL3jtIckw+DJj361VI/c+gVVmG1oO5pGve2k # rnopN6zL64NF50ZuyjLVwIYwXE8s4mKyzbnijYjklqwBSru+cakXW2dg3viSkR4d # Pf0gz3N9QZpGdc3EXzTdEonW/aUgfX782Z5F37ZyL9t9X4C626p+Nuw2TPYrbqgS # Uei/BQOj0XOmTTd0lBw0gg/wEPK3Rxjtp+iZfD9M269ewvPV2HM9Q07BMzlMjgK8 # QmguEOqEUUbi0b1qGFphAXPKZ6Je1yh2AuIzGHLXpyDwwvoSCtdjbwzJNmSLW6Cm # gyFdXzB0kZSU2LlQ+QuJYfM2BjUYhEfb3BvR/bLUHMVr9lxSUV0S2yW6r1AFemzF # ER1y7435UsSFF5PAPBXbGjfHCBUYP3irRbb1Hode2o+eFnJpxq57t7c+auIurQID # AQABo4IB3TCCAdkwEgYJKwYBBAGCNxUBBAUCAwEAATAjBgkrBgEEAYI3FQIEFgQU # KqdS/mTEmr6CkTxGNSnPEP8vBO4wHQYDVR0OBBYEFJ+nFV0AXmJdg/Tl0mWnG1M1 # GelyMFwGA1UdIARVMFMwUQYMKwYBBAGCN0yDfQEBMEEwPwYIKwYBBQUHAgEWM2h0 # dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMvRG9jcy9SZXBvc2l0b3J5Lmh0 # bTATBgNVHSUEDDAKBggrBgEFBQcDCDAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMA # QTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBTV9lbL # j+iiXGJo0T2UkFvXzpoYxDBWBgNVHR8ETzBNMEugSaBHhkVodHRwOi8vY3JsLm1p # Y3Jvc29mdC5jb20vcGtpL2NybC9wcm9kdWN0cy9NaWNSb29DZXJBdXRfMjAxMC0w # Ni0yMy5jcmwwWgYIKwYBBQUHAQEETjBMMEoGCCsGAQUFBzAChj5odHRwOi8vd3d3 # Lm1pY3Jvc29mdC5jb20vcGtpL2NlcnRzL01pY1Jvb0NlckF1dF8yMDEwLTA2LTIz # LmNydDANBgkqhkiG9w0BAQsFAAOCAgEAnVV9/Cqt4SwfZwExJFvhnnJL/Klv6lwU # tj5OR2R4sQaTlz0xM7U518JxNj/aZGx80HU5bbsPMeTCj/ts0aGUGCLu6WZnOlNN # 3Zi6th542DYunKmCVgADsAW+iehp4LoJ7nvfam++Kctu2D9IdQHZGN5tggz1bSNU # 5HhTdSRXud2f8449xvNo32X2pFaq95W2KFUn0CS9QKC/GbYSEhFdPSfgQJY4rPf5 # KYnDvBewVIVCs/wMnosZiefwC2qBwoEZQhlSdYo2wh3DYXMuLGt7bj8sCXgU6ZGy # qVvfSaN0DLzskYDSPeZKPmY7T7uG+jIa2Zb0j/aRAfbOxnT99kxybxCrdTDFNLB6 # 2FD+CljdQDzHVG2dY3RILLFORy3BFARxv2T5JL5zbcqOCb2zAVdJVGTZc9d/HltE # AY5aGZFrDZ+kKNxnGSgkujhLmm77IVRrakURR6nxt67I6IleT53S0Ex2tVdUCbFp # AUR+fKFhbHP+CrvsQWY9af3LwUFJfn6Tvsv4O+S3Fb+0zj6lMVGEvL8CwYKiexcd # FYmNcP7ntdAoGokLjzbaukz5m/8K6TT4JDVnK+ANuOaMmdbhIurwJ0I9JZTmdHRb # atGePu1+oDEzfbzL6Xu/OHBE0ZDxyKs6ijoIYn/ZcGNTTY3ugm2lBRDBcQZqELQd # VTNYs6FwZvKhggNNMIICNQIBATCB+aGB0aSBzjCByzELMAkGA1UEBhMCVVMxEzAR # BgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1p # Y3Jvc29mdCBDb3Jwb3JhdGlvbjElMCMGA1UECxMcTWljcm9zb2Z0IEFtZXJpY2Eg # T3BlcmF0aW9uczEnMCUGA1UECxMeblNoaWVsZCBUU1MgRVNOOkE0MDAtMDVFMC1E # OTQ3MSUwIwYDVQQDExxNaWNyb3NvZnQgVGltZS1TdGFtcCBTZXJ2aWNloiMKAQEw # BwYFKw4DAhoDFQB1rbmFkzS7qAK1Oav08AUnhbNIUqCBgzCBgKR+MHwxCzAJBgNV # BAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4w # HAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMTHU1pY3Jvc29m # dCBUaW1lLVN0YW1wIFBDQSAyMDEwMA0GCSqGSIb3DQEBCwUAAgUA7aGs9jAiGA8y # MDI2MDUwMzExMTYwNloYDzIwMjYwNTA0MTExNjA2WjB0MDoGCisGAQQBhFkKBAEx # LDAqMAoCBQDtoaz2AgEAMAcCAQACAh38MAcCAQACAhOMMAoCBQDtov52AgEAMDYG # CisGAQQBhFkKBAIxKDAmMAwGCisGAQQBhFkKAwKgCjAIAgEAAgMHoSChCjAIAgEA # AgMBhqAwDQYJKoZIhvcNAQELBQADggEBALwsL2mQmgXhEHIN+3Qcb8doncIqs9Mr # R5LeJc+wkC1vv77d0Ywdyl2XNDNCJrzlAaWl+dv/BFHTIdZj/rA4+mYKN96UcizV # KCYsbRZpAX3h7NwDHIk3V2VNYUN4ENO53iI7x+cH5CKCY1x6xuJaGvigL9+2Y+cX # EBcyriNYfcJL++ASqegjjUedxQGwr2bahgUMQrBHMftlij4Ejod7zDvctpBSCx+O # oG7yEOj97UDjR9jGGhsq1I3qWiiqanx87FJ10LBaqw5vk5RxNWWAHrEUOL7/+Ita # qqCscHFzPoMv58mm+csyWjNPB8kVVq98fg3BFEnunuotlQRQFZnl1HExggQNMIIE # CQIBATCBkzB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4G # A1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSYw # JAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMAITMwAAAijwpYfX # 88geQAABAAACKDANBglghkgBZQMEAgEFAKCCAUowGgYJKoZIhvcNAQkDMQ0GCyqG # SIb3DQEJEAEEMC8GCSqGSIb3DQEJBDEiBCCeiFo3rwrHw+GLYaWBGH6LRivccuGN # OrCw/NxVepjHqzCB+gYLKoZIhvcNAQkQAi8xgeowgecwgeQwgb0EIFWxikZRYGNf # 4oEVZK1eT45H+3GQ3/qxV75VwuBt+iLXMIGYMIGApH4wfDELMAkGA1UEBhMCVVMx # EzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoT # FU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRpbWUt # U3RhbXAgUENBIDIwMTACEzMAAAIo8KWH1/PIHkAAAQAAAigwIgQgp4Cb2F6guOZy # DcPwUXJi0s7Mn7qi2o2Z1BZ5LZlH28swDQYJKoZIhvcNAQELBQAEggIAO8RlUbui # BMyOnslYzdEw6kwrT1JPEYXiy+iPLlGFOGi4ci5o0c0pdVINl1UacGW3U/7FEEHr # 9zhK1HGPAznGS4D85C3rUs0tDWiaIx3zJirMN8pjj79r0JBF35d6aEprO20lT6Ra # zDOKXJnB50PkhQ5Y30aUnRVrjlCL6lPZ+tgafSv48/2D0C3nMYK17Sd6u0AtQIEq # vwwl3d7h2cRuefHkR6Okx4WaOFnEHy1kL+t8naYOagi5LGuoUmq/202T73qQ0mM7 # JQ0zkuEAoGpX07/nXnacfoXM0fdNdmgN9R7MCWC4VsCe6lCqVtjlLiG25DQOdpok # v84BIekbaQ29BjPZjc4PO7+OKilOWr8Nj+V4KT+xF4Ogks3Vy/tOd5tl5v9xiOMo # Y91g37wV9SHGvdWhZg0u2cfdX51vIN6Wf4KTFUqw7GfaU8ylxAzDmW4FMFlyFqbo # vHsRgrP5qznlpWQBDYpWHQJxbVjr2JS8mHVt5vP8vNo7EKQ873ivFRWzz2ASkHVz # BPJS3wJdiJnBfyU2xUom1xOyYeexvtrOawvyXd+GrsQRLzUDVJJGTlApvuWQoxY5 # FWGeKPhdPQyNKxX1dG5P46EB24oc68BV6qitxulhkBpnRfrIQr5vEoKkDc7FVPaR # E7tmYwvTvNYoAmNC1v7BK/hJhBTaikbtdp0= # SIG # End signature block |