DSInternals.Passkeys.psm1
|
# Load PS host-specific assemblies if ($PSVersionTable.PSVersion.Major -ge 6) { # PowerShell Core Add-Type -Path "$PSScriptRoot/net6.0/DSInternals.Win32.WebAuthn.dll" -ErrorAction Stop } else { # PowerShell Desktop Add-Type -Path "$PSScriptRoot/net48/DSInternals.Win32.WebAuthn.dll" -ErrorAction Stop } <# .SYNOPSIS Retrieves creation options required to generate and register a Microsoft Entra ID-compatible passkey. .PARAMETER UserId The unique identifier of user. .PARAMETER ChallengeTimeout Overrides the timeout of the server-generated challenge returned in the request. The default value is 5 minutes, with the accepted range being between 5 minutes and 30 days. .EXAMPLE PS \> Connect-MgGraph -Scopes 'UserAuthenticationMethod.ReadWrite.All' PS \> Get-PasskeyRegistrationOptions -UserId 'AdeleV@contoso.com' .EXAMPLE PS \> Connect-MgGraph -Scopes 'UserAuthenticationMethod.ReadWrite.All' PS \> Get-PasskeyRegistrationOptions -UserId 'AdeleV@contoso.com' -ChallengeTimeout (New-TimeSpan -Minutes 10) .NOTES Self-service operations aren't supported. More info at https://learn.microsoft.com/en-us/graph/api/fido2authenticationmethod-creationoptions #> function Get-PasskeyRegistrationOptions { [CmdletBinding()] [OutputType([DSInternals.Win32.WebAuthn.MicrosoftGraphWebauthnCredentialCreationOptions])] param( [Parameter(Mandatory = $true)] [Alias('User')] [string] $UserId, [Parameter(Mandatory = $false)] [Alias('Timeout')] [timespan] $ChallengeTimeout = (New-TimeSpan -Minutes 5) ) try { # Generate the user-specific URL, e.g., https://graph.microsoft.com/beta/users/af4cf208-16e0-429d-b574-2a09c5f30dea/authentication/fido2Methods/creationOptions [string] $credentialOptionsUrl = '{0}/beta/users/{1}/authentication/fido2Methods/creationOptions' -f (Get-MgGraphEndpoint), [uri]::EscapeDataString($UserId) [string] $response = Invoke-MgGraphRequest -Method GET ` -Uri $credentialOptionsUrl ` -Body @{ challengeTimeoutInMinutes = $ChallengeTimeout.TotalMinutes } ` -OutputType Json # Parse JSON response return [DSInternals.Win32.WebAuthn.MicrosoftGraphWebauthnCredentialCreationOptions]::Create($response) } catch { # TODO: PS Error Record ($PSCmdlet.ThrowTerminatingError()) throw } } <# .SYNOPSIS Registers a new passkey in Microsoft Entra ID. .PARAMETER UserId The unique identifier of user. .PARAMETER Passkey The passkey to be registered. .PARAMETER DisplayName Custom name given to the registered passkey. .PARAMETER ChallengeTimeout Overrides the timeout of the server-generated challenge returned in the request. The default value is 5 minutes, with the accepted range being between 5 minutes and 30 days. .EXAMPLE PS \> Connect-MgGraph -Scopes 'UserAuthenticationMethod.ReadWrite.All' PS \> Register-Passkey -UserId 'AdeleV@contoso.com' -DisplayName 'YubiKey 5 Nano' .EXAMPLE PS \> Connect-MgGraph -Scopes 'UserAuthenticationMethod.ReadWrite.All' PS \> Register-Passkey -UserId 'AdeleV@contoso.com' -DisplayName 'YubiKey 5 Nano' -ChallengeTimeout (New-TimeSpan -Minutes 10) .EXAMPLE PS \> Connect-MgGraph -Scopes 'UserAuthenticationMethod.ReadWrite.All' PS \> Get-PasskeyRegistrationOptions -UserId 'AdeleV@contoso.com' | New-Passkey -DisplayName 'YubiKey 5 Nano' | Register-Passkey -UserId 'AdeleV@contoso.com' .NOTES More info at https://learn.microsoft.com/en-us/graph/api/authentication-post-fido2methods #> function Register-Passkey { [CmdletBinding(DefaultParameterSetName = 'New')] [OutputType([Microsoft.Graph.PowerShell.Models.MicrosoftGraphFido2AuthenticationMethod])] param( [Parameter(Mandatory = $true, ParameterSetName = 'Existing')] [Parameter(Mandatory = $true, ParameterSetName = 'New')] [Alias('User')] [string] $UserId, [Parameter(Mandatory = $true, ParameterSetName = 'Existing', ValueFromPipeline = $true)] [DSInternals.Win32.WebAuthn.MicrosoftGraphWebauthnAttestationResponse] $Passkey, [Parameter(Mandatory = $true, ParameterSetName = 'New')] [string] $DisplayName, [Parameter(Mandatory = $false, ParameterSetName = 'New')] [Alias('Timeout')] [timespan] $ChallengeTimeout = (New-TimeSpan -Minutes 5) ) process { # TODO: Write-Error switch ($PSCmdlet.ParameterSetName) { 'Existing' { [string] $endpoint = Get-MgGraphEndpoint # Generate the user-specific URL, e.g., https://graph.microsoft.com/beta/users/af4cf208-16e0-429d-b574-2a09c5f30dea/authentication/fido2Methods [string] $registrationUrl = '{0}/beta/users/{1}/authentication/fido2Methods' -f $endpoint, [uri]::EscapeDataString($UserId) [string] $response = Invoke-MgGraphRequest ` -Method POST ` -Uri $registrationUrl ` -OutputType Json ` -ContentType 'application/json' ` -Body $Passkey.ToString() return [Microsoft.Graph.PowerShell.Models.MicrosoftGraphFido2AuthenticationMethod]::FromJsonString($response) } 'New' { [DSInternals.Win32.WebAuthn.MicrosoftGraphWebauthnCredentialCreationOptions] $registrationOptions = Get-PasskeyRegistrationOptions -UserId $UserId -ChallengeTimeout $ChallengeTimeout [DSInternals.Win32.WebAuthn.MicrosoftGraphWebauthnAttestationResponse] $passkey = New-Passkey -Options $registrationOptions -DisplayName $DisplayName # Recursive call with the 'Existing' parameter set return Register-Passkey -UserId $UserId -Passkey $passkey } } } } <# .SYNOPSIS Creates a new Microsoft Entra ID-compatible passkey. .PARAMETER Options Options required to generate a Microsoft Entra ID-compatible passkey. .PARAMETER DisplayName Custom name given to the registered passkey. .EXAMPLE PS \> Connect-MgGraph -Scopes 'UserAuthenticationMethod.ReadWrite.All' PS \> Get-PasskeyRegistrationOptions -UserId 'AdeleV@contoso.com' | New-Passkey -DisplayName 'YubiKey 5 Nano' | Register-Passkey -UserId 'AdeleV@contoso.com' #> function New-Passkey { [CmdletBinding()] [OutputType([DSInternals.Win32.WebAuthn.MicrosoftGraphWebauthnAttestationResponse])] param( [Parameter(Mandatory = $true, ValueFromPipeline = $true)] [DSInternals.Win32.WebAuthn.MicrosoftGraphWebauthnCredentialCreationOptions] $Options, [Parameter(Mandatory = $true)] [string] $DisplayName ) process { try { [DSInternals.Win32.WebAuthn.WebAuthnApi] $api = [DSInternals.Win32.WebAuthn.WebAuthnApi]::new() [DSInternals.Win32.WebAuthn.PublicKeyCredential] $credential = $api.AuthenticatorMakeCredential($Options.PublicKeyOptions) return [DSInternals.Win32.WebAuthn.MicrosoftGraphWebauthnAttestationResponse]::new($credential, $DisplayName) } catch { # TODO: PS Error Record (Write-Error) throw } } } <# .SYNOPSIS Retrieves the Microsoft Graph endpoint URL. .NOTES Dynamic URL retrieval is used to support Azure environments, like Azure Public, Azure Government, or Azure China. #> function Get-MgGraphEndpoint { [CmdletBinding()] [OutputType([string])] param() [Microsoft.Graph.PowerShell.Authentication.AuthContext] $context = Get-MgContext -ErrorAction Stop if($null -ne $context) { return (Get-MgEnvironment -Name $context.Environment -ErrorAction Stop).GraphEndpoint } else { # TODO: PS Error Record ($PSCmdlet.ThrowTerminatingError()) throw 'Not connected to Microsoft Graph.' } } New-Alias -Name Register-MgUserAuthenticationFido2Method -Value Register-Passkey Export-ModuleMember -Function 'Get-PasskeyRegistrationOptions','New-Passkey','Register-Passkey' ` -Alias 'Register-MgUserAuthenticationFido2Method' # SIG # Begin signature block # MIItFwYJKoZIhvcNAQcCoIItCDCCLQQCAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCApHwKQAyc76ZAV # 5hiP+0AnzwQCPyPZUyQfScCn4qtUkaCCEg8wggV4MIIDYKADAgECAhBLLDsBAYut # KryMe1s+7ZBXMA0GCSqGSIb3DQEBDAUAMFYxCzAJBgNVBAYTAkdCMRgwFgYDVQQK # Ew9TZWN0aWdvIExpbWl0ZWQxLTArBgNVBAMTJFNlY3RpZ28gUHVibGljIENvZGUg # U2lnbmluZyBSb290IFI0NjAeFw0yMTAzMjIwMDAwMDBaFw00NjAzMjEyMzU5NTla # MFYxCzAJBgNVBAYTAkdCMRgwFgYDVQQKEw9TZWN0aWdvIExpbWl0ZWQxLTArBgNV # BAMTJFNlY3RpZ28gUHVibGljIENvZGUgU2lnbmluZyBSb290IFI0NjCCAiIwDQYJ # KoZIhvcNAQEBBQADggIPADCCAgoCggIBAI3nlBIiBCR0Lv8WIwKSirauNoWsR9Qj # kSs+3H3iMaBRb6yEkeNSirXilt7Qh2MkiYr/7xKTO327toq9vQV/J5trZdOlDGmx # vEk5mvFtbqrkoIMn2poNK1DpS1uzuGQ2pH5KPalxq2Gzc7M8Cwzv2zNX5b40N+OX # G139HxI9ggN25vs/ZtKUMWn6bbM0rMF6eNySUPJkx6otBKvDaurgL6en3G7X6P/a # IatAv7nuDZ7G2Z6Z78beH6kMdrMnIKHWuv2A5wHS7+uCKZVwjf+7Fc/+0Q82oi5P # MpB0RmtHNRN3BTNPYy64LeG/ZacEaxjYcfrMCPJtiZkQsa3bPizkqhiwxgcBdWfe # beljYx42f2mJvqpFPm5aX4+hW8udMIYw6AOzQMYNDzjNZ6hTiPq4MGX6b8fnHbGD # dGk+rMRoO7HmZzOatgjggAVIQO72gmRGqPVzsAaV8mxln79VWxycVxrHeEZ8cKqU # G4IXrIfptskOgRxA1hYXKfxcnBgr6kX1773VZ08oXgXukEx658b00Pz6zT4yRhMg # NooE6reqB0acDZM6CWaZWFwpo7kMpjA4PNBGNjV8nLruw9X5Cnb6fgUbQMqSNenV # etG1fwCuqZCqxX8BnBCxFvzMbhjcb2L+plCnuHu4nRU//iAMdcgiWhOVGZAA6RrV # wobx447sX/TlAgMBAAGjQjBAMB0GA1UdDgQWBBQy65Ka/zWWSC8oQEJwIDaRXBeF # 5jAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQwF # AAOCAgEAdmXC49ciStcdiV7/aV7GFAJNc6bNzSjKsDfqv6fJIaqqX9q/9oNs0IDR # ClwApMvzzDkPnkFxiNU86Ip7jBcj98o0dJFsBq5QPwBZsiY8PBeDVwM+LdEaPdTP # B1SyQwtScqiI9cQX8m/RWKXRaOQ9mAgY7jb0SEia+lRw8IjUcBYwQknQ2T91S0Vx # 2K6iu2EOiIVQV7m6ESs2KR+PIHKeXJ6J0YLaRY1qmdqEcWszpRC7efCX9nSBoD9X # x4aMMIwOOJWuAcYeq9yoH28v1/92Hq4Xc23luXWzYQaolTPCTm+yN/KVvoVUErnI # vWJCdvcq/PU3MQMmV/7R5tvwFgJyg4wIs4SsqeQH+KGIxBNaUEdUQqbt0EE0LJix # PqI0oQxdvaz3f3mnv20MVjKFG0uXuOGs5KQ8cfGj4U5j1vRGuvULCOFjPO2iWS8K # 1CxrI6KeoU3u0RLNGDNQ7UFuy389QWALYwt49XXvQxW3NgsQr9xcGKmY2TbZHdiE # swaKguN7GySnQs7uDz5WXDJ97EveVis7O7r5eljQUbZs1vZYolIkekSGoRxgP0nT # /Pr5hBwFwjS/4ubxGSqZL1ZXNZy19QfDRi/eOD0ZDfuj8d8Tnuepclgxr73q2tfW # bXczM470rP3Bv0mH0nAFZ3QGpvZ4QC0WBJEPH9MWxLh6Fw0kybIwggYaMIIEAqAD # AgECAhBiHW0MUgGeO5B5FSCJIRwKMA0GCSqGSIb3DQEBDAUAMFYxCzAJBgNVBAYT # AkdCMRgwFgYDVQQKEw9TZWN0aWdvIExpbWl0ZWQxLTArBgNVBAMTJFNlY3RpZ28g # UHVibGljIENvZGUgU2lnbmluZyBSb290IFI0NjAeFw0yMTAzMjIwMDAwMDBaFw0z # NjAzMjEyMzU5NTlaMFQxCzAJBgNVBAYTAkdCMRgwFgYDVQQKEw9TZWN0aWdvIExp # bWl0ZWQxKzApBgNVBAMTIlNlY3RpZ28gUHVibGljIENvZGUgU2lnbmluZyBDQSBS # MzYwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQCbK51T+jU/jmAGQ2rA # z/V/9shTUxjIztNsfvxYB5UXeWUzCxEeAEZGbEN4QMgCsJLZUKhWThj/yPqy0iSZ # hXkZ6Pg2A2NVDgFigOMYzB2OKhdqfWGVoYW3haT29PSTahYkwmMv0b/83nbeECbi # MXhSOtbam+/36F09fy1tsB8je/RV0mIk8XL/tfCK6cPuYHE215wzrK0h1SWHTxPb # PuYkRdkP05ZwmRmTnAO5/arnY83jeNzhP06ShdnRqtZlV59+8yv+KIhE5ILMqgOZ # YAENHNX9SJDm+qxp4VqpB3MV/h53yl41aHU5pledi9lCBbH9JeIkNFICiVHNkRmq # 4TpxtwfvjsUedyz8rNyfQJy/aOs5b4s+ac7IH60B+Ja7TVM+EKv1WuTGwcLmoU3F # pOFMbmPj8pz44MPZ1f9+YEQIQty/NQd/2yGgW+ufflcZ/ZE9o1M7a5Jnqf2i2/uM # SWymR8r2oQBMdlyh2n5HirY4jKnFH/9gRvd+QOfdRrJZb1sCAwEAAaOCAWQwggFg # MB8GA1UdIwQYMBaAFDLrkpr/NZZILyhAQnAgNpFcF4XmMB0GA1UdDgQWBBQPKssg # hyi47G9IritUpimqF6TNDDAOBgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB # /wIBADATBgNVHSUEDDAKBggrBgEFBQcDAzAbBgNVHSAEFDASMAYGBFUdIAAwCAYG # Z4EMAQQBMEsGA1UdHwREMEIwQKA+oDyGOmh0dHA6Ly9jcmwuc2VjdGlnby5jb20v # U2VjdGlnb1B1YmxpY0NvZGVTaWduaW5nUm9vdFI0Ni5jcmwwewYIKwYBBQUHAQEE # bzBtMEYGCCsGAQUFBzAChjpodHRwOi8vY3J0LnNlY3RpZ28uY29tL1NlY3RpZ29Q # dWJsaWNDb2RlU2lnbmluZ1Jvb3RSNDYucDdjMCMGCCsGAQUFBzABhhdodHRwOi8v # b2NzcC5zZWN0aWdvLmNvbTANBgkqhkiG9w0BAQwFAAOCAgEABv+C4XdjNm57oRUg # mxP/BP6YdURhw1aVcdGRP4Wh60BAscjW4HL9hcpkOTz5jUug2oeunbYAowbFC2AK # K+cMcXIBD0ZdOaWTsyNyBBsMLHqafvIhrCymlaS98+QpoBCyKppP0OcxYEdU0hps # aqBBIZOtBajjcw5+w/KeFvPYfLF/ldYpmlG+vd0xqlqd099iChnyIMvY5HexjO2A # mtsbpVn0OhNcWbWDRF/3sBp6fWXhz7DcML4iTAWS+MVXeNLj1lJziVKEoroGs9Ml # izg0bUMbOalOhOfCipnx8CaLZeVme5yELg09Jlo8BMe80jO37PU8ejfkP9/uPak7 # VLwELKxAMcJszkyeiaerlphwoKx1uHRzNyE6bxuSKcutisqmKL5OTunAvtONEote # SiabkPVSZ2z76mKnzAfZxCl/3dq3dUNw4rg3sTCggkHSRqTqlLMS7gjrhTqBmzu1 # L90Y1KWN/Y5JKdGvspbOrTfOXyXvmPL6E52z1NZJ6ctuMFBQZH3pwWvqURR8AgQd # ULUvrxjUYbHHj95Ejza63zdrEcxWLDX6xWls/GDnVNueKjWUH3fTv1Y8Wdho698Y # ADR7TNx8X8z2Bev6SivBBOHY+uqiirZtg0y9ShQoPzmCcn63Syatatvx157YK9hl # cPmVoa1oDE5/L9Uo2bC5a4CH2RwwggZxMIIE2aADAgECAhBsg5osz2x/Auy2idY5 # 0JFYMA0GCSqGSIb3DQEBDAUAMFQxCzAJBgNVBAYTAkdCMRgwFgYDVQQKEw9TZWN0 # aWdvIExpbWl0ZWQxKzApBgNVBAMTIlNlY3RpZ28gUHVibGljIENvZGUgU2lnbmlu # ZyBDQSBSMzYwHhcNMjIxMTA0MDAwMDAwWhcNMjUxMTAzMjM1OTU5WjBnMQswCQYD # VQQGEwJDWjEeMBwGA1UECAwVUHJhaGEsIEhsYXZuw60gbcSbc3RvMRswGQYDVQQK # DBJNaWNoYWVsIEdyYWZuZXR0ZXIxGzAZBgNVBAMMEk1pY2hhZWwgR3JhZm5ldHRl # cjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMHVk5c8z27bjQ82tQNj # cU+ilNAnWJwrb0Pa2Z643b7M+wAKi1DhCsavzRWwPYGKKpPLuSWTipw5P7Tag7i9 # H580wR+mxr1jX8Kd7Qr1Eyt3QRsqXLDAwj67ExDrzcOFcIkSK3UKgZFQL+rFy2HB # quQsHaGQQ8Jm2sWjGZod88/cmxOGUO0w7qvsysmY0QzzRNbUPpeJMPyzuq8zo2+P # JYP6qQS535bVGaOaCRcXz3XtpvJt8BMVOUVSjb7cEwfBgDoOL72EP6lqJrMV42TI # VpjR/rB/zT849lJtkvyAEfEr6UiOAiH9o5hm+GahTqPNMAPovb8hDPQRdu2QUpLg # W+KHicuQWwoFABqsMIF7Oo00xDuD+J52VU12LwobKINFDJB3BdU3L2aYQRFt3YJQ # gwH50gh1yNqaTcd78CNb2A5VwNvzTCZ0vhBaKdCK/BsLsu9atLld6FwBI8Pak6iA # NXuFY0W/whPwlVYzMeTdELzr/m53Fk8DQFcd48SvaYt4dbgU3Q3ySbDDnnBgn/TB # 5E+DRg7+tZgMH4ep8XXL8F/0gmIvhFXNJGXX9f8A2ox7G7Drj2Guf34P1UKZYjs7 # D2aJ71aPtZKPmXOPpTacuhNhdSVLX4ciwJOaRcZOt9pg2lwzjQVa5kw/GOs5Epeb # OtHry/SsgiDBiCXVxXxxE9E3AgMBAAGjggGqMIIBpjAfBgNVHSMEGDAWgBQPKssg # hyi47G9IritUpimqF6TNDDAdBgNVHQ4EFgQUnRBKK1Ym2UQhxb0SetlSGK5huJMw # DgYDVR0PAQH/BAQDAgeAMAwGA1UdEwEB/wQCMAAwEwYDVR0lBAwwCgYIKwYBBQUH # AwMwSgYDVR0gBEMwQTA1BgwrBgEEAbIxAQIBAwIwJTAjBggrBgEFBQcCARYXaHR0 # cHM6Ly9zZWN0aWdvLmNvbS9DUFMwCAYGZ4EMAQQBMEkGA1UdHwRCMEAwPqA8oDqG # OGh0dHA6Ly9jcmwuc2VjdGlnby5jb20vU2VjdGlnb1B1YmxpY0NvZGVTaWduaW5n # Q0FSMzYuY3JsMHkGCCsGAQUFBwEBBG0wazBEBggrBgEFBQcwAoY4aHR0cDovL2Ny # dC5zZWN0aWdvLmNvbS9TZWN0aWdvUHVibGljQ29kZVNpZ25pbmdDQVIzNi5jcnQw # IwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLnNlY3RpZ28uY29tMB8GA1UdEQQYMBaB # FGluZm9AZHNpbnRlcm5hbHMuY29tMA0GCSqGSIb3DQEBDAUAA4IBgQAuRlAwdZ32 # WVvW4tsRBmmPtse5BOqYjCP4OkxCYn47Sc+zajMgqDj8M5kGSx6SYexUbBcVssAu # pkpIW7YDGRDo4mGJWY6zFqTXLthtRL14TfiFTTwtpLLSWsRkHbwCbRXbhchpH3nA # pPshTMvd49gKKRT+AtDr5RrPVnh1LMYZdwuvQpWhkPgT/P0OYKTYtiieW5hSebdl # /IaGVx1KJi/FrC9MaXj72nvjAaCk5drri7QSsf8R+ghRy5mUJShX11L1nJrGW80s # hjaRBroT7ktr3WKryuc1cHvkXkKWZq78JosUWfGOtSQ0TJ9AiT+wBAbqtyv1H2X7 # wYNrrcq5cT543yO+SVhiuH+OQZZFjkYdhG5OoZgzABz/mXeHY4VnJHY+SuHJV3oy # kb4NajXiID4+iy3bgQOdghwMARNUMwsdYlpXqw13iD/Li4B4weFq8d/1ZEa1BFtV # DALXqV5+ZB4FJ/8CmonbGFIeHZfjj2PhcPL5rgGeMnFOwBjpZyvW4FUxghpeMIIa # WgIBATBoMFQxCzAJBgNVBAYTAkdCMRgwFgYDVQQKEw9TZWN0aWdvIExpbWl0ZWQx # KzApBgNVBAMTIlNlY3RpZ28gUHVibGljIENvZGUgU2lnbmluZyBDQSBSMzYCEGyD # mizPbH8C7LaJ1jnQkVgwDQYJYIZIAWUDBAIBBQCggYQwGAYKKwYBBAGCNwIBDDEK # MAigAoAAoQKAADAZBgkqhkiG9w0BCQMxDAYKKwYBBAGCNwIBBDAcBgorBgEEAYI3 # AgELMQ4wDAYKKwYBBAGCNwIBFTAvBgkqhkiG9w0BCQQxIgQgRLggu/8rsnDGl0YJ # CSYipkUvdfWmfJSkoRKj+D9MGzkwDQYJKoZIhvcNAQEBBQAEggIAnBfB7TUoBdiN # xhqRBYNJt7+OT4il7T6ZTqBoz3AdUjFp776WuOBAf4hOOZ7GTyRDGWdYcd5HdFew # us1Jvlvls2dJ1qtVJsNVOAsH/B1JeChsNQ1w9z1wFnieUhG4RCDeVwFz8VF8qgG3 # v79JeGQBy+GZcGgdkY6ThJNMZ2LPJv2SmVqJFKkt0UnM0U66K1esgycPl1q1d75K # 2P0u7rfy+0T12N4Au+KGOvagWo/gIntQgM/aZ/TZpyVIrWgzzGCt4P9J+GodJgOT # Yfq6mAPl6+p81tqt//apLCvuWq8rFBw9avvOEb3CosJW7l8BdtRDjy0Gqj/A69U5 # gWdu0lXZVMnXXDFeL49ZJYy7Hm/vhnZNBArvMzzpPaePLKhjgXFqNtGmvAzhqNr6 # 5J0FFlszk/MArTXHJZzTr/PzOhICDquceDv1ToOHkysiGzOC6k4s+MDW9gtaiVuz # jQ0DdXYkCdA0tIetPRP1ALReczIAAz1oG0EFRTdyhjW45kPT3cIF8y7XnWzwJnJt # MDrZqj5uM5O7sJd5Ct8Q+YfUn1csOzViOM63NjhotFVnRyB4ikDtS/S5uIO5yfKo # WXETxHvhZoUn5A5VaixAD5DXKYitoz45MnZW1k3duSw4zzJk0IUWtwE2nK2kel2u # a0i3gb1GS1jm8oVKBnea7T8sZn9cNeKhghdAMIIXPAYKKwYBBAGCNwMDATGCFyww # ghcoBgkqhkiG9w0BBwKgghcZMIIXFQIBAzEPMA0GCWCGSAFlAwQCAQUAMHgGCyqG # SIb3DQEJEAEEoGkEZzBlAgEBBglghkgBhv1sBwEwMTANBglghkgBZQMEAgEFAAQg # zBarg4XjQdw7ZurIGP03kXzouhdADGY3/u0eGyVzrPICEQDaqX6WKLWNcK25zLU0 # F6Q7GA8yMDI0MDgxMzIwMDYyMFqgghMJMIIGwjCCBKqgAwIBAgIQBUSv85SdCDmm # v9s/X+VhFjANBgkqhkiG9w0BAQsFADBjMQswCQYDVQQGEwJVUzEXMBUGA1UEChMO # RGlnaUNlcnQsIEluYy4xOzA5BgNVBAMTMkRpZ2lDZXJ0IFRydXN0ZWQgRzQgUlNB # NDA5NiBTSEEyNTYgVGltZVN0YW1waW5nIENBMB4XDTIzMDcxNDAwMDAwMFoXDTM0 # MTAxMzIzNTk1OVowSDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDkRpZ2lDZXJ0LCBJ # bmMuMSAwHgYDVQQDExdEaWdpQ2VydCBUaW1lc3RhbXAgMjAyMzCCAiIwDQYJKoZI # hvcNAQEBBQADggIPADCCAgoCggIBAKNTRYcdg45brD5UsyPgz5/X5dLnXaEOCdwv # SKOXejsqnGfcYhVYwamTEafNqrJq3RApih5iY2nTWJw1cb86l+uUUI8cIOrHmjsv # lmbjaedp/lvD1isgHMGXlLSlUIHyz8sHpjBoyoNC2vx/CSSUpIIa2mq62DvKXd4Z # GIX7ReoNYWyd/nFexAaaPPDFLnkPG2ZS48jWPl/aQ9OE9dDH9kgtXkV1lnX+3RCh # G4PBuOZSlbVH13gpOWvgeFmX40QrStWVzu8IF+qCZE3/I+PKhu60pCFkcOvV5aDa # Y7Mu6QXuqvYk9R28mxyyt1/f8O52fTGZZUdVnUokL6wrl76f5P17cz4y7lI0+9S7 # 69SgLDSb495uZBkHNwGRDxy1Uc2qTGaDiGhiu7xBG3gZbeTZD+BYQfvYsSzhUa+0 # rRUGFOpiCBPTaR58ZE2dD9/O0V6MqqtQFcmzyrzXxDtoRKOlO0L9c33u3Qr/eTQQ # fqZcClhMAD6FaXXHg2TWdc2PEnZWpST618RrIbroHzSYLzrqawGw9/sqhux7Ujip # mAmhcbJsca8+uG+W1eEQE/5hRwqM/vC2x9XH3mwk8L9CgsqgcT2ckpMEtGlwJw1P # t7U20clfCKRwo+wK8REuZODLIivK8SgTIUlRfgZm0zu++uuRONhRB8qUt+JQofM6 # 04qDy0B7AgMBAAGjggGLMIIBhzAOBgNVHQ8BAf8EBAMCB4AwDAYDVR0TAQH/BAIw # ADAWBgNVHSUBAf8EDDAKBggrBgEFBQcDCDAgBgNVHSAEGTAXMAgGBmeBDAEEAjAL # BglghkgBhv1sBwEwHwYDVR0jBBgwFoAUuhbZbU2FL3MpdpovdYxqII+eyG8wHQYD # VR0OBBYEFKW27xPn783QZKHVVqllMaPe1eNJMFoGA1UdHwRTMFEwT6BNoEuGSWh0 # dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFRydXN0ZWRHNFJTQTQwOTZT # SEEyNTZUaW1lU3RhbXBpbmdDQS5jcmwwgZAGCCsGAQUFBwEBBIGDMIGAMCQGCCsG # AQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wWAYIKwYBBQUHMAKGTGh0 # dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFRydXN0ZWRHNFJTQTQw # OTZTSEEyNTZUaW1lU3RhbXBpbmdDQS5jcnQwDQYJKoZIhvcNAQELBQADggIBAIEa # 1t6gqbWYF7xwjU+KPGic2CX/yyzkzepdIpLsjCICqbjPgKjZ5+PF7SaCinEvGN1O # tt5s1+FgnCvt7T1IjrhrunxdvcJhN2hJd6PrkKoS1yeF844ektrCQDifXcigLiV4 # JZ0qBXqEKZi2V3mP2yZWK7Dzp703DNiYdk9WuVLCtp04qYHnbUFcjGnRuSvExnvP # nPp44pMadqJpddNQ5EQSviANnqlE0PjlSXcIWiHFtM+YlRpUurm8wWkZus8W8oM3 # NG6wQSbd3lqXTzON1I13fXVFoaVYJmoDRd7ZULVQjK9WvUzF4UbFKNOt50MAcN7M # mJ4ZiQPq1JE3701S88lgIcRWR+3aEUuMMsOI5ljitts++V+wQtaP4xeR0arAVeOG # v6wnLEHQmjNKqDbUuXKWfpd5OEhfysLcPTLfddY2Z1qJ+Panx+VPNTwAvb6cKmx5 # AdzaROY63jg7B145WPR8czFVoIARyxQMfq68/qTreWWqaNYiyjvrmoI1VygWy2ny # Mpqy0tg6uLFGhmu6F/3Ed2wVbK6rr3M66ElGt9V/zLY4wNjsHPW2obhDLN9OTH0e # aHDAdwrUAuBcYLso/zjlUlrWrBciI0707NMX+1Br/wd3H3GXREHJuEbTbDJ8WC9n # R2XlG3O2mflrLAZG70Ee8PBf4NvZrZCARK+AEEGKMIIGrjCCBJagAwIBAgIQBzY3 # tyRUfNhHrP0oZipeWzANBgkqhkiG9w0BAQsFADBiMQswCQYDVQQGEwJVUzEVMBMG # A1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSEw # HwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3QgRzQwHhcNMjIwMzIzMDAwMDAw # WhcNMzcwMzIyMjM1OTU5WjBjMQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNl # cnQsIEluYy4xOzA5BgNVBAMTMkRpZ2lDZXJ0IFRydXN0ZWQgRzQgUlNBNDA5NiBT # SEEyNTYgVGltZVN0YW1waW5nIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC # CgKCAgEAxoY1BkmzwT1ySVFVxyUDxPKRN6mXUaHW0oPRnkyibaCwzIP5WvYRoUQV # Ql+kiPNo+n3znIkLf50fng8zH1ATCyZzlm34V6gCff1DtITaEfFzsbPuK4CEiiIY # 3+vaPcQXf6sZKz5C3GeO6lE98NZW1OcoLevTsbV15x8GZY2UKdPZ7Gnf2ZCHRgB7 # 20RBidx8ald68Dd5n12sy+iEZLRS8nZH92GDGd1ftFQLIWhuNyG7QKxfst5Kfc71 # ORJn7w6lY2zkpsUdzTYNXNXmG6jBZHRAp8ByxbpOH7G1WE15/tePc5OsLDnipUjW # 8LAxE6lXKZYnLvWHpo9OdhVVJnCYJn+gGkcgQ+NDY4B7dW4nJZCYOjgRs/b2nuY7 # W+yB3iIU2YIqx5K/oN7jPqJz+ucfWmyU8lKVEStYdEAoq3NDzt9KoRxrOMUp88qq # lnNCaJ+2RrOdOqPVA+C/8KI8ykLcGEh/FDTP0kyr75s9/g64ZCr6dSgkQe1CvwWc # ZklSUPRR8zZJTYsg0ixXNXkrqPNFYLwjjVj33GHek/45wPmyMKVM1+mYSlg+0wOI # /rOP015LdhJRk8mMDDtbiiKowSYI+RQQEgN9XyO7ZONj4KbhPvbCdLI/Hgl27Ktd # RnXiYKNYCQEoAA6EVO7O6V3IXjASvUaetdN2udIOa5kM0jO0zbECAwEAAaOCAV0w # ggFZMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFLoW2W1NhS9zKXaaL3WM # aiCPnshvMB8GA1UdIwQYMBaAFOzX44LScV1kTN8uZz/nupiuHA9PMA4GA1UdDwEB # /wQEAwIBhjATBgNVHSUEDDAKBggrBgEFBQcDCDB3BggrBgEFBQcBAQRrMGkwJAYI # KwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBBBggrBgEFBQcwAoY1 # aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0VHJ1c3RlZFJvb3RH # NC5jcnQwQwYDVR0fBDwwOjA4oDagNIYyaHR0cDovL2NybDMuZGlnaWNlcnQuY29t # L0RpZ2lDZXJ0VHJ1c3RlZFJvb3RHNC5jcmwwIAYDVR0gBBkwFzAIBgZngQwBBAIw # CwYJYIZIAYb9bAcBMA0GCSqGSIb3DQEBCwUAA4ICAQB9WY7Ak7ZvmKlEIgF+ZtbY # IULhsBguEE0TzzBTzr8Y+8dQXeJLKftwig2qKWn8acHPHQfpPmDI2AvlXFvXbYf6 # hCAlNDFnzbYSlm/EUExiHQwIgqgWvalWzxVzjQEiJc6VaT9Hd/tydBTX/6tPiix6 # q4XNQ1/tYLaqT5Fmniye4Iqs5f2MvGQmh2ySvZ180HAKfO+ovHVPulr3qRCyXen/ # KFSJ8NWKcXZl2szwcqMj+sAngkSumScbqyQeJsG33irr9p6xeZmBo1aGqwpFyd/E # jaDnmPv7pp1yr8THwcFqcdnGE4AJxLafzYeHJLtPo0m5d2aR8XKc6UsCUqc3fpNT # rDsdCEkPlM05et3/JWOZJyw9P2un8WbDQc1PtkCbISFA0LcTJM3cHXg65J6t5TRx # ktcma+Q4c6umAU+9Pzt4rUyt+8SVe+0KXzM5h0F4ejjpnOHdI/0dKNPH+ejxmF/7 # K9h+8kaddSweJywm228Vex4Ziza4k9Tm8heZWcpw8De/mADfIBZPJ/tgZxahZrrd # VcA6KYawmKAr7ZVBtzrVFZgxtGIJDwq9gdkT/r+k0fNX2bwE+oLeMt8EifAAzV3C # +dAjfwAL5HYCJtnwZXZCpimHCUcr5n8apIUP/JiW9lVUKx+A+sDyDivl1vupL0QV # SucTDh3bNzgaoSv27dZ8/DCCBY0wggR1oAMCAQICEA6bGI750C3n79tQ4ghAGFow # DQYJKoZIhvcNAQEMBQAwZTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0 # IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEkMCIGA1UEAxMbRGlnaUNl # cnQgQXNzdXJlZCBJRCBSb290IENBMB4XDTIyMDgwMTAwMDAwMFoXDTMxMTEwOTIz # NTk1OVowYjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcG # A1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEhMB8GA1UEAxMYRGlnaUNlcnQgVHJ1c3Rl # ZCBSb290IEc0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAv+aQc2je # u+RdSjwwIjBpM+zCpyUuySE98orYWcLhKac9WKt2ms2uexuEDcQwH/MbpDgW61bG # l20dq7J58soR0uRf1gU8Ug9SH8aeFaV+vp+pVxZZVXKvaJNwwrK6dZlqczKU0RBE # EC7fgvMHhOZ0O21x4i0MG+4g1ckgHWMpLc7sXk7Ik/ghYZs06wXGXuxbGrzryc/N # rDRAX7F6Zu53yEioZldXn1RYjgwrt0+nMNlW7sp7XeOtyU9e5TXnMcvak17cjo+A # 2raRmECQecN4x7axxLVqGDgDEI3Y1DekLgV9iPWCPhCRcKtVgkEy19sEcypukQF8 # IUzUvK4bA3VdeGbZOjFEmjNAvwjXWkmkwuapoGfdpCe8oU85tRFYF/ckXEaPZPfB # aYh2mHY9WV1CdoeJl2l6SPDgohIbZpp0yt5LHucOY67m1O+SkjqePdwA5EUlibaa # RBkrfsCUtNJhbesz2cXfSwQAzH0clcOP9yGyshG3u3/y1YxwLEFgqrFjGESVGnZi # fvaAsPvoZKYz0YkH4b235kOkGLimdwHhD5QMIR2yVCkliWzlDlJRR3S+Jqy2QXXe # eqxfjT/JvNNBERJb5RBQ6zHFynIWIgnffEx1P2PsIV/EIFFrb7GrhotPwtZFX50g # /KEexcCPorF+CiaZ9eRpL5gdLfXZqbId5RsCAwEAAaOCATowggE2MA8GA1UdEwEB # /wQFMAMBAf8wHQYDVR0OBBYEFOzX44LScV1kTN8uZz/nupiuHA9PMB8GA1UdIwQY # MBaAFEXroq/0ksuCMS1Ri6enIZ3zbcgPMA4GA1UdDwEB/wQEAwIBhjB5BggrBgEF # BQcBAQRtMGswJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBD # BggrBgEFBQcwAoY3aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0 # QXNzdXJlZElEUm9vdENBLmNydDBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vY3Js # My5kaWdpY2VydC5jb20vRGlnaUNlcnRBc3N1cmVkSURSb290Q0EuY3JsMBEGA1Ud # IAQKMAgwBgYEVR0gADANBgkqhkiG9w0BAQwFAAOCAQEAcKC/Q1xV5zhfoKN0Gz22 # Ftf3v1cHvZqsoYcs7IVeqRq7IviHGmlUIu2kiHdtvRoU9BNKei8ttzjv9P+Aufih # 9/Jy3iS8UgPITtAq3votVs/59PesMHqai7Je1M/RQ0SbQyHrlnKhSLSZy51PpwYD # E3cnRNTnf+hZqPC/Lwum6fI0POz3A8eHqNJMQBk1RmppVLC4oVaO7KTVPeix3P0c # 2PR3WlxUjG/voVA9/HYJaISfb8rbII01YBwCA8sgsKxYoA5AY8WYIsGyWfVVa88n # q2x2zm8jLfR+cWojayL/ErhULSd+2DrZ8LaHlv1b0VysGMNNn3O3AamfV6peKOK5 # lDGCA3YwggNyAgEBMHcwYzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDkRpZ2lDZXJ0 # LCBJbmMuMTswOQYDVQQDEzJEaWdpQ2VydCBUcnVzdGVkIEc0IFJTQTQwOTYgU0hB # MjU2IFRpbWVTdGFtcGluZyBDQQIQBUSv85SdCDmmv9s/X+VhFjANBglghkgBZQME # AgEFAKCB0TAaBgkqhkiG9w0BCQMxDQYLKoZIhvcNAQkQAQQwHAYJKoZIhvcNAQkF # MQ8XDTI0MDgxMzIwMDYyMFowKwYLKoZIhvcNAQkQAgwxHDAaMBgwFgQUZvArMsLC # yQ+CXc6qisnGTxmcz0AwLwYJKoZIhvcNAQkEMSIEIANKgCAehKwykyNvDXUd/I7i # U3QA9WMbliRIBkCjO4dvMDcGCyqGSIb3DQEJEAIvMSgwJjAkMCIEINL25G3tdCLM # 0dRAV2hBNm+CitpVmq4zFq9NGprUDHgoMA0GCSqGSIb3DQEBAQUABIICAATMvllU # kSaTaIPICiIJYwNv/8GZLpu4X8/M+KugJ1vRpgP8i565eWYgd+CfmkHhTW8A7xLf # ESC2qpJkb5IFtycpLq+2JsqwaIhcNJTRb13pI6SxoU8P+KZB/E3WJQRQDQMIXuW7 # aEe41znzy3ti5aMo3NukCu0jW/F4bhepu3H3KgOKXeGHvy7gKMKAhGZbtSl6g1mI # 3/eetocuWwkyrhErehGkju7/5AvZT5PI0IKfaP45mCXdmsxTE3CaLJ1rGC90VrDL # j8BLPDfpSs/DwovfToYbcjubcePi4kz+LIHT3iINhEYM7DOzi0sneEdkaVR9djOW # wSTkECIOaWOgmtnAh2RX8cwj2obA2Xay7D8rJUR1uI3MqvH+xZNHtBrrNwaX4p4J # 2hqBgJq5E/8enD7iekP1eTOJu5FD2BExv/dzXsRU1wmRcGlQZLsMWEW4yZjNQH8i # DnHbMM7LZSIFlUmjJEK/LcNO2xwY2roDiQIo11fpCvC7JOP7PnXDByAN/yXxE2LC # kJ/WUX1IyzcIFpLkzZUCI63o2YiJdc/mTxGpFgN0KF49/A5mGcW2a3PCCMDgIl3o # u1RRsb33DWw9LEjSdbkgiU/0fiNdvvfSp8wn0MGOoLCHH9RlppTUt2PaVwfRDTrH # tRD3inZ7fmswU13CcE5eJ0p1cLRaXmarXJCn # SIG # End signature block |