ExoHelper.psm1
|
#region Public commands function Get-ExoDefaultClientId { [CmdletBinding()] param ( ) process { 'fb78d390-0c51-40cd-8e17-fdbfab77341b' } } function Get-ExoToken { <# .SYNOPSIS Retrieves access token for authentication with EXO REST API .DESCRIPTION Retrieves access token for authentication with EXO REST API via authentication factory .OUTPUTS Hash table with authorization header containing access token, ready to be passed as headers to web request .EXAMPLE Get-ExoToken Description ----------- Retieve authorizatin header for calling EXO REST API #> param ( [Parameter()] #Connection context as returned by New-ExoConnection #When not specified, uses most recently created connection context $Connection = $script:ConnectionContext, #Forces reauthentication #Usefiu when want to continue working after PIN JIT re-elevation [switch]$ForceRefresh ) begin { if($null -eq $Connection ) { throw 'Call New-ExoConnection first' } } process { if($Connection.IsIPPS) { $Scopes = "https://ps.compliance.protection.outlook.com/.default" } else { $Scopes = "https://outlook.office365.com/.default" } Get-AadToken -Factory $Connection.AuthenticationFactory -Scopes $scopes -ForceRefresh:$ForceRefresh } } function Invoke-ExoCommand { <# .SYNOPSIS Invokes EXO REST API to execute command provided .DESCRIPTION Invokes EXO REST API to execute command provided along with parameters for the command and optional list of properties to return if full object is not desired .OUTPUTS Data returned by executed command .EXAMPLE Invoke-ExoCommand -Name 'Get-Mailbox' -Parameters @{Identity = 'JohnDoe'} -PropertiesToLoad 'netId' Description ----------- This command retrieves mailbox of user JohnDoe and returns just netId property .EXAMPLE $connection = New-AadAuthenticationFactory -ClientId (Get-ExoDefaultClientId) -TenantId 'mydomain.onmicrosoft.com' -AuthMode Interactive | New-ExoConnection -IPPS Invoke-ExoCommand -Connection $connection -Name 'Get-Label' -PropertiesToLoad 'ImmutableId','DisplayName' -RemoveOdataProperties -ShowWarnings Description ----------- This command creates connection for IPPS REST API, retrieves list of sensitivity labels returning only ImmutableId and DisplayName properties, and shows any warnings returned by IPPS REST API #> param ( [Parameter(Mandatory)] [string] #Name of the command to execute $Name, [Parameter()] [hashtable] #Hashtable with parameters of the command $Parameters = @{}, [Parameter()] [string[]] #List of properties to return if not interested in full object $PropertiesToLoad, [Parameter()] [int] #Max retries when throttling occurs #Default: DefaultRetryCount on EXO connection $MaxRetries = -1, [Parameter()] [int] #Max results to return #1000 is a minimum, and min increment is 1000 $ResultSize = [int]::MaxValue, [Parameter()] [int] #Max results to return in single request #Default is 100 $PageSize = 100, [Parameter()] [System.Nullable[timespan]] #Timeout for the command execution #Default is timeout of the connection #If specified, must be lower than default connection timeout #See also https://makolyte.com/csharp-how-to-change-the-httpclient-timeout-per-request/ for more details on timeouts of http client $Timeout, [Parameter()] #Status codes that are considered retryable [System.Net.HttpStatusCode[]]$RetryableStatusCodes, [switch] #If we want to write any warnings returned by EXO REST API $ShowWarnings, [switch] #If we want to remove odata type descriptor properties from the output $RemoveOdataProperties, [switch] # If we want to include rate limits reported by REST API to verbose output # Requires verbose output to be enabled $ShowRateLimits, [Parameter()] #Connection context as returned by New-ExoConnection #When not specified, uses most recently created connection context $Connection = $script:ConnectionContext ) begin { if($null -ne $Timeout) { $cts = new-object System.Threading.CancellationTokenSource($Timeout) } else { $cts = new-object System.Threading.CancellationTokenSource($Connection.HttpClient.Timeout) } $body = @{} if($PageSize -gt 1000) { $batchSize = 1000 } if($PageSize -le 0) { $batchSize = 100 } $batchSize = $pageSize $uri = $Connection.ConnectionUri if($PropertiesToLoad.Count -gt 0) { $props = $PropertiesToLoad -join ',' $uri = "$uri`?`$select=$props" } if($MaxRetries -eq -1) { $MaxRetries = $Connection.DefaultRetryCount } if($RetryableStatusCodes.Count -eq 0) { $RetryableStatusCodes = @('ServiceUnavailable', 'GatewayTimeout', 'RequestTimeout') if($PSVersionTable.PSEdition -eq 'Core') { #this is not available in .NET Frameworl $RetryableStatusCodes += 'TooManyRequests' } } } process { $headers = @{} $headers['X-CmdletName'] = $Name $headers['Prefer'] = "odata.maxpagesize=$batchSize" $headers['connection-id'] = $Connection.connectionId $headers['X-AnchorMailbox'] = $Connection.anchorMailbox $headers['X-ClientApplication'] ='ExoHelper' #make sure that hashTable in parameters is properly decorated $keys = @() $Parameters.Keys | ForEach-Object { $keys += $_ } foreach($key in $Keys) { if($Parameters[$key] -is [hashtable]) { $Parameters[$key]['@odata.type'] = '#Exchange.GenericHashTable' } if($Parameters[$key] -is [System.Security.SecureString]) { $cred = new-object System.Net.NetworkCredential -ArgumentList @($null, $Parameters[$key]) $Parameters[$key] = EncryptValue -UnsecureString $cred.Password } } $body['CmdletInput'] = @{ CmdletName = $Name Parameters = $Parameters } $retries = 0 $resultsRetrieved = 0 $pageUri = $uri $shouldContinue = $true #to support ErrorAction = SilentlyContinue that does not throw do { try { #new request id for each request $headers['client-request-id'] = [Guid]::NewGuid().ToString() #provide up to date token for each request of commands returning paged results that may take long to complete $headers['Authorization'] = (Get-ExoToken -Connection $Connection).CreateAuthorizationHeader() $requestMessage = GetRequestMessage -Uri $pageUri -Headers $headers -Body ($body | ConvertTo-Json -Depth 9) $response = $Connection.HttpClient.SendAsync($requestMessage, $cts.Token).GetAwaiter().GetResult() $requestMessage.Dispose() if($null -ne $response.Content -and $response.StatusCode -ne [System.Net.HttpStatusCode]::NoContent) { $payload = $response.Content.ReadAsStringAsync().GetAwaiter().GetResult() if($response.content.Headers.ContentType.MediaType -eq 'application/json') { try { $responseData = $Payload | ConvertFrom-Json } catch { Write-Warning "Received unexpected non-JSON response with http staus $($response.StatusCode): $payload" $responseData = $payload } } else { Write-Warning "Received non-JSON response with http status $($response.StatusCode): $($response.content.Headers.ContentType.MediaType)" $responseData = $payload } } else { $responseData = $null } if($response.IsSuccessStatusCode) { if($null -ne $responseData) { if($responseData -is [string]) { #we did not receive JSON response - return it and finish $shouldContinue = $false $responseData } else { #we have parsed json response if($ShowWarnings -and $null -ne $responseData.'@adminapi.warnings') { foreach($warning in $responseData.'@adminapi.warnings') { Write-Warning $warning } } $resultsRetrieved+=$responseData.value.Count if($RemoveOdataProperties) { $responseData.value | RemoveExoOdataProperties } else { $responseData.value } Write-Verbose "$([DateTime]::UtcNow.ToString('o'))`tResults:$resultsRetrieved`tRequestId: $($headers['client-request-id'])`tUri: $pageUri" $pageUri = $responseData.'@odata.nextLink' } } } else { #request failed $ex = $null $exceptionType = $null $response.Headers.TryGetValues('X-ExceptionType', [ref]$exceptionType) | out-null if($response.StatusCode -notin $RetryableStatusCodes ` -and $exceptionType -notin @('UnableToWriteToAadException') ` -and $responseData -notlike 'You have reached the maximum number of concurrent requests per tenant. Please wait and try again*' ` -and $responseData -notlike '*issue may be transient*' ` ) { $shouldContinue = $false $ex = $responseData | Get-ExoException -httpCode $response.StatusCode -exceptionType $exceptionType } else { #we wait on http 429 or throttling message if($retries -ge $MaxRetries) { $shouldContinue = $false $ex = New-Object ExoHelper.ExoException($response.StatusCode, 'ExoTooManyRequests', $exceptionType, 'Max retry count for request exceeded') } } if($null -ne $ex) { switch($ErrorActionPreference) { 'Stop' { throw $ex } 'Continue' { Write-Error -Exception $ex; return } default { return } } } #TooManyRequests --> let's wait and retry #$headers = @{} #$response.Headers | ForEach-Object { $headers[$_.Key] = $_.Value } #$headersObject = [PSCustomObject]$headers $retries++ $val = $null if($response.Headers.TryGetValues('Retry-After', [ref]$val)) { $retryAfter = [int]($val[0]) } else { $retryAfter = 3 * $retries } switch($WarningPreference) { 'Continue' { Write-Warning "Retry #$retries after $retryAfter seconds" break; } 'SilentlyContinue' { Write-Verbose "Retry #$retries after $retryAfter seconds" break; } } #wait some time Start-Sleep -Seconds $retryAfter } } catch { $shouldContinue = $false throw } finally { if($ShowRateLimits) { $val = $null if($response.Headers.TryGetValues('Rate-Limit-Remaining', [ref]$val)) { $rateLimitRemaining = $val if($response.Headers.TryGetValues('Rate-Limit-Reset', [ref]$val)) { $rateLimitReset = $val Write-Verbose "Rate limit remaining: $rateLimitRemaining`tRate limit reset: $rateLimitReset" } } } $response.Dispose() } }while($null -ne $pageUri -and ($resultsRetrieved -lt $ResultSize) -and $shouldContinue) } end { if($null -ne $cts) { $cts.Dispose() } } } function New-ExoConnection { <# .SYNOPSIS Initializes EXO connection .DESCRIPTION Initializes EXO connection .OUTPUTS None .EXAMPLE $factory = New-AadAuthenticationFactory -ClientId (Get-ExoDefaultClientId) -TenantId 'mydomain.onmicrosoft.com' -AuthMode WAM New-ExoConnection -authenticationfactory $factory Description ----------- This command initializes connection to EXO REST API. It uses instance of AADAuthenticationFactory for authentication with EXO REST API .EXAMPLE New-AadAuthenticationFactory -ClientId (Get-ExoDefaultClientId) -TenantId 'mydomain.onmicrosoft.com' -AuthMode Interactive | New-ExoConnection -IPPS Description ----------- This command initializes connection to IPPS REST API. It uses instance of AADAuthenticationFactory for authentication with IPPS REST API passed via pipeline #> param ( [Parameter(Mandatory, ValueFromPipeline)] #AAD authentication factory created via New-AadAuthenticationFactory #for user context, user factory created with clientId = fb78d390-0c51-40cd-8e17-fdbfab77341b (clientId of ExchangeOnlineManagement module) or your app with appropriate scopes assigned $AuthenticationFactory, [Parameter()] #Tenant ID when not the same as specified for factory #Must be tenant native domain (xxx.onmicrosoft.com) [string] $TenantId, [Parameter()] #UPN of anchor mailbox #Default: UPN of caller or static system mailbox (for app-only context) [string] $AnchorMailbox, [Parameter()] [timespan] #Default timeout for the EXO command execution $DefaultTimeout = [timespan]::FromMinutes(60), [Parameter()] [int] #Default retry count for the EXO command execution $DefaultRetryCount = 10, [switch] #Connection is specialized to call IPPS commands #If not present, connection is specialized to call Exchange Online commands $IPPS ) process { $Connection = [PSCustomObject]@{ PSTypeName = "ExoHelper.Connection" AuthenticationFactory = $AuthenticationFactory ConnectionId = [Guid]::NewGuid().ToString() TenantId = $null AnchorMailbox = $null ConnectionUri = $null IsIPPS = $IPPS.IsPresent HttpClient = new-object System.Net.Http.HttpClient DefaultRetryCount = $DefaultRetryCount } $Connection.HttpClient.DefaultRequestHeaders.Add("User-Agent", "ExoHelper") $Connection.HttpClient.Timeout = $DefaultTimeout #explicitly authenticate when establishing connection to catch any authentication problems early Get-ExoToken -Connection $Connection | Out-Null if([string]::IsNullOrEmpty($TenantId)) { $TenantId = $AuthenticationFactory.TenantId } if([string]::IsNullOrEmpty($TenantId)) { throw (new-object ExoHelper.ExoException([System.Net.HttpStatusCode]::BadRequest, 'ExoMissingTenantId', 'ExoInitializationError', 'TenantId is not specified and cannot be determined automatically - please specify TenantId parameter')) } $Connection.TenantId = $TenantId if($IPPS) { $Connection.ConnectionUri = "https://eur02b.ps.compliance.protection.outlook.com/adminapi/beta/$($Connection.TenantId)/InvokeCommand" } else { $Connection.ConnectionUri = "https://outlook.office365.com/adminapi/beta/$($Connection.TenantId)/InvokeCommand" } if([string]::IsNullOrEmpty($AnchorMailbox)) { if($null -ne $claims.upn) { #using caller's mailbox $Connection.AnchorMailbox = "UPN:$($claims.upn)" } else { #likely app-only context - use same static anchor mailbox as ExchangeOnlineManagement module uses $Connection.AnchorMailbox = "UPN:DiscoverySearchMailbox{D919BA05-46A6-415f-80AD-7E09334BB852}@$tenantId" } } else { $Connection.AnchorMailbox = "UPN:$AnchorMailbox" } $script:ConnectionContext = $Connection $script:ConnectionContext } } #endregion Public commands #region Internal commands #encrypts data using MS provided public key #key stored in module private data #MS rotates the key regularly; at least one version back is supported function EncryptValue { [CmdletBinding()] param( [Parameter(Mandatory, ValueFromPipeline)] [AllowEmptyString()] [AllowNull()] $UnsecureString, [Parameter()] [string]$Key = $script:PublicKey ) process { # Handling public key unavailability in client module for protection gracefully if ([string]::IsNullOrWhiteSpace($Key)) { # Error out if we are not in a position to protect the sensitive data before sending it over wire. throw 'Public key not loaded. Cannot encrypt sensitive data.'; } if (-not [string]::IsNullOrWhiteSpace($UnsecureString)) { $RSA = New-Object -TypeName System.Security.Cryptography.RSACryptoServiceProvider; $RSA.FromXmlString($Key); $bytes = [System.Text.Encoding]::UTF8.GetBytes($UnsecureString); $result = [byte[]]$RSA.Encrypt($bytes, $false); $RSA.Dispose(); $result = [System.Convert]::ToBase64String($result); return $result; } return $UnsecureString; } } function Get-ExoException { param ( [Parameter(Mandatory, ValueFromPipeline)] [object] $ErrorRecord, [Parameter()] $httpCode, [Parameter()] $exceptionType ) process { if($ErrorRecord -is [string]) { if([string]::IsNullOrEmpty($exceptionType)) { return new-object ExoHelper.ExoException -ArgumentList @($httpCode, 'ExoErrorWithPlainText', '', $ErrorRecord) } else { return new-object ExoHelper.ExoException -ArgumentList @($httpCode, $exceptionType, '', $ErrorRecord) } } #structured error if($null -ne $errorRecord.error.details.message) { $message = $errorRecord.error.details.message $errorData = $message.split('|') if($errorData.count -eq 3) { return new-object ExoHelper.ExoException -ArgumentList @($httpCode, $errorData[0], $errorData[1], $errorData[2]) } else { return new-object ExoHelper.ExoException -ArgumentList @($httpCode, 'ExoErrorWithUnknownDetail', $exceptionType, $message) } } if($null -ne $errorRecord.error.innerError.internalException) { return new-object ExoHelper.ExoException -ArgumentList @($httpCode, 'ExoErrorWithInternalException', $errorRecord.error.innerError.type, $errorRecord.error.innerError.internalException.Message) } if($null -ne $errorRecord.error) { return new-object ExoHelper.ExoException -ArgumentList @($httpCode, 'ExoErrorWithMissingDetail', $exceptionType, "$($errorRecord.error)") } return new-object ExoHelper.ExoException -ArgumentList @($httpCode, 'ExoUnknownError', $exceptionType, "$($errorRecord.error)") } } function GetRequestMessage { [CmdletBinding()] param ( [Parameter(Mandatory)] [string] $Uri, [Parameter()] [hashtable] $Headers, [Parameter()] [string] $Body ) begin { $ContentType = 'application/json' $Method = [System.Net.Http.HttpMethod]::Post } process { $request = [System.Net.Http.HttpRequestMessage]::new([System.Net.Http.HttpMethod]::$Method, (new-object System.Uri($Uri))) if($null -ne $Headers) { foreach($header in $Headers.Keys) { $request.Headers.TryAddWithoutValidation($header, $Headers[$header]) | Out-Null } } if($null -ne $Body) { $payload = ([System.Text.Encoding]::UTF8.GetBytes($Body)); $request.Content = [System.Net.Http.ByteArrayContent]::new($payload) $request.Content.headers.Add('Content-Encoding','utf-8') $request.Content.headers.Add('Content-Type','application/json') } $request.Method = $Method $request } } Function Init { param() process { #Add JIT compiled helpers. Load only if not loaded previously $referencedAssemblies=@() $helpers = 'ExoException', 'StringExtensions' foreach($helper in $helpers) { #compiled helpers are in ExoHelper namespace if($null -eq ("ExoHelper.$helper" -as [type])) { $helperDefinition = Get-Content "$PSScriptRoot\Helpers\$helper.cs" -Raw Add-Type -TypeDefinition $helperDefinition -ReferencedAssemblies $referencedAssemblies -WarningAction SilentlyContinue -IgnoreWarnings } } #refresh cached public key, if needed $PublicKeyConfig = $MyInvocation.MyCommand.Module.PrivateData.Configuration.ExoPublicKey $cacheFile = [System.IO.Path]::Combine($env:TEMP, $PublicKeyConfig.LocalFile) $needsRefresh = $false if(-not [System.IO.File]::Exists($cacheFile)) { $needsRefresh = $true } else { # local file exists $fileInfo = [System.IO.FileInfo]::new($cacheFile) if($fileInfo.LastWriteTime -lt (Get-Date).AddDays(-7)) { $needsRefresh = $true } } if($needsRefresh) { try { Invoke-WebRequest -Uri $PublicKeyConfig.Link -OutFile $cacheFile -ErrorAction Stop } catch { write-warning 'Local copy of public key file is ooutdated or does not exist and failed to download public key. Module may not work correctly.' $script:PublicKey = $null return } } $script:PublicKey = [System.IO.File]::ReadAllText($cacheFile) } } #removes odata type descriptor properties from the object function RemoveExoOdataProperties { [CmdletBinding()] param ( [Parameter(Mandatory, ValueFromPipeline)] [PSCustomObject] $Object ) begin { $propsToRemove = $null } process { if($null -eq $propsToRemove) { $propsToRemove = $Object.PSObject.Properties | Where-Object { $_.Name.IndexOf('@') -ge 0 } } foreach($prop in $propsToRemove) { $Object.PSObject.Properties.Remove($prop.Name) } $Object } } #endregion Internal commands #region Module initialization Init #endregion Module initialization # SIG # Begin signature block # MIIt9gYJKoZIhvcNAQcCoIIt5zCCLeMCAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCAncIa7cAeaSRS2 # X8erGLBDDcya9bWG4jGidguvWpMJjqCCE2AwggWQMIIDeKADAgECAhAFmxtXno4h # MuI5B72nd3VcMA0GCSqGSIb3DQEBDAUAMGIxCzAJBgNVBAYTAlVTMRUwEwYDVQQK # EwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xITAfBgNV # BAMTGERpZ2lDZXJ0IFRydXN0ZWQgUm9vdCBHNDAeFw0xMzA4MDExMjAwMDBaFw0z # ODAxMTUxMjAwMDBaMGIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJ # bmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xITAfBgNVBAMTGERpZ2lDZXJ0 # IFRydXN0ZWQgUm9vdCBHNDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB # AL/mkHNo3rvkXUo8MCIwaTPswqclLskhPfKK2FnC4SmnPVirdprNrnsbhA3EMB/z # G6Q4FutWxpdtHauyefLKEdLkX9YFPFIPUh/GnhWlfr6fqVcWWVVyr2iTcMKyunWZ # anMylNEQRBAu34LzB4TmdDttceItDBvuINXJIB1jKS3O7F5OyJP4IWGbNOsFxl7s # Wxq868nPzaw0QF+xembud8hIqGZXV59UWI4MK7dPpzDZVu7Ke13jrclPXuU15zHL # 2pNe3I6PgNq2kZhAkHnDeMe2scS1ahg4AxCN2NQ3pC4FfYj1gj4QkXCrVYJBMtfb # BHMqbpEBfCFM1LyuGwN1XXhm2ToxRJozQL8I11pJpMLmqaBn3aQnvKFPObURWBf3 # JFxGj2T3wWmIdph2PVldQnaHiZdpekjw4KISG2aadMreSx7nDmOu5tTvkpI6nj3c # AORFJYm2mkQZK37AlLTSYW3rM9nF30sEAMx9HJXDj/chsrIRt7t/8tWMcCxBYKqx # YxhElRp2Yn72gLD76GSmM9GJB+G9t+ZDpBi4pncB4Q+UDCEdslQpJYls5Q5SUUd0 # viastkF13nqsX40/ybzTQRESW+UQUOsxxcpyFiIJ33xMdT9j7CFfxCBRa2+xq4aL # T8LWRV+dIPyhHsXAj6KxfgommfXkaS+YHS312amyHeUbAgMBAAGjQjBAMA8GA1Ud # EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBTs1+OC0nFdZEzf # Lmc/57qYrhwPTzANBgkqhkiG9w0BAQwFAAOCAgEAu2HZfalsvhfEkRvDoaIAjeNk # aA9Wz3eucPn9mkqZucl4XAwMX+TmFClWCzZJXURj4K2clhhmGyMNPXnpbWvWVPjS # PMFDQK4dUPVS/JA7u5iZaWvHwaeoaKQn3J35J64whbn2Z006Po9ZOSJTROvIXQPK # 7VB6fWIhCoDIc2bRoAVgX+iltKevqPdtNZx8WorWojiZ83iL9E3SIAveBO6Mm0eB # cg3AFDLvMFkuruBx8lbkapdvklBtlo1oepqyNhR6BvIkuQkRUNcIsbiJeoQjYUIp # 5aPNoiBB19GcZNnqJqGLFNdMGbJQQXE9P01wI4YMStyB0swylIQNCAmXHE/A7msg # dDDS4Dk0EIUhFQEI6FUy3nFJ2SgXUE3mvk3RdazQyvtBuEOlqtPDBURPLDab4vri # RbgjU2wGb2dVf0a1TD9uKFp5JtKkqGKX0h7i7UqLvBv9R0oN32dmfrJbQdA75PQ7 # 9ARj6e/CVABRoIoqyc54zNXqhwQYs86vSYiv85KZtrPmYQ/ShQDnUBrkG5WdGaG5 # nLGbsQAe79APT0JsyQq87kP6OnGlyE0mpTX9iV28hWIdMtKgK1TtmlfB2/oQzxm3 # i0objwG2J5VT6LaJbVu8aNQj6ItRolb58KaAoNYes7wPD1N1KarqE3fk3oyBIa0H # EEcRrYc9B9F1vM/zZn4wggawMIIEmKADAgECAhAIrUCyYNKcTJ9ezam9k67ZMA0G # CSqGSIb3DQEBDAUAMGIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJ # bmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xITAfBgNVBAMTGERpZ2lDZXJ0 # IFRydXN0ZWQgUm9vdCBHNDAeFw0yMTA0MjkwMDAwMDBaFw0zNjA0MjgyMzU5NTla # MGkxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5EaWdpQ2VydCwgSW5jLjFBMD8GA1UE # AxM4RGlnaUNlcnQgVHJ1c3RlZCBHNCBDb2RlIFNpZ25pbmcgUlNBNDA5NiBTSEEz # ODQgMjAyMSBDQTEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDVtC9C # 0CiteLdd1TlZG7GIQvUzjOs9gZdwxbvEhSYwn6SOaNhc9es0JAfhS0/TeEP0F9ce # 2vnS1WcaUk8OoVf8iJnBkcyBAz5NcCRks43iCH00fUyAVxJrQ5qZ8sU7H/Lvy0da # E6ZMswEgJfMQ04uy+wjwiuCdCcBlp/qYgEk1hz1RGeiQIXhFLqGfLOEYwhrMxe6T # SXBCMo/7xuoc82VokaJNTIIRSFJo3hC9FFdd6BgTZcV/sk+FLEikVoQ11vkunKoA # FdE3/hoGlMJ8yOobMubKwvSnowMOdKWvObarYBLj6Na59zHh3K3kGKDYwSNHR7Oh # D26jq22YBoMbt2pnLdK9RBqSEIGPsDsJ18ebMlrC/2pgVItJwZPt4bRc4G/rJvmM # 1bL5OBDm6s6R9b7T+2+TYTRcvJNFKIM2KmYoX7BzzosmJQayg9Rc9hUZTO1i4F4z # 8ujo7AqnsAMrkbI2eb73rQgedaZlzLvjSFDzd5Ea/ttQokbIYViY9XwCFjyDKK05 # huzUtw1T0PhH5nUwjewwk3YUpltLXXRhTT8SkXbev1jLchApQfDVxW0mdmgRQRNY # mtwmKwH0iU1Z23jPgUo+QEdfyYFQc4UQIyFZYIpkVMHMIRroOBl8ZhzNeDhFMJlP # /2NPTLuqDQhTQXxYPUez+rbsjDIJAsxsPAxWEQIDAQABo4IBWTCCAVUwEgYDVR0T # AQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUaDfg67Y7+F8Rhvv+YXsIiGX0TkIwHwYD # VR0jBBgwFoAU7NfjgtJxXWRM3y5nP+e6mK4cD08wDgYDVR0PAQH/BAQDAgGGMBMG # A1UdJQQMMAoGCCsGAQUFBwMDMHcGCCsGAQUFBwEBBGswaTAkBggrBgEFBQcwAYYY # aHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEEGCCsGAQUFBzAChjVodHRwOi8vY2Fj # ZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRUcnVzdGVkUm9vdEc0LmNydDBDBgNV # HR8EPDA6MDigNqA0hjJodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRU # cnVzdGVkUm9vdEc0LmNybDAcBgNVHSAEFTATMAcGBWeBDAEDMAgGBmeBDAEEATAN # BgkqhkiG9w0BAQwFAAOCAgEAOiNEPY0Idu6PvDqZ01bgAhql+Eg08yy25nRm95Ry # sQDKr2wwJxMSnpBEn0v9nqN8JtU3vDpdSG2V1T9J9Ce7FoFFUP2cvbaF4HZ+N3HL # IvdaqpDP9ZNq4+sg0dVQeYiaiorBtr2hSBh+3NiAGhEZGM1hmYFW9snjdufE5Btf # Q/g+lP92OT2e1JnPSt0o618moZVYSNUa/tcnP/2Q0XaG3RywYFzzDaju4ImhvTnh # OE7abrs2nfvlIVNaw8rpavGiPttDuDPITzgUkpn13c5UbdldAhQfQDN8A+KVssIh # dXNSy0bYxDQcoqVLjc1vdjcshT8azibpGL6QB7BDf5WIIIJw8MzK7/0pNVwfiThV # 9zeKiwmhywvpMRr/LhlcOXHhvpynCgbWJme3kuZOX956rEnPLqR0kq3bPKSchh/j # wVYbKyP/j7XqiHtwa+aguv06P0WmxOgWkVKLQcBIhEuWTatEQOON8BUozu3xGFYH # Ki8QxAwIZDwzj64ojDzLj4gLDb879M4ee47vtevLt/B3E+bnKD+sEq6lLyJsQfmC # XBVmzGwOysWGw/YmMwwHS6DTBwJqakAwSEs0qFEgu60bhQjiWQ1tygVQK+pKHJ6l # /aCnHwZ05/LWUpD9r4VIIflXO7ScA+2GRfS0YW6/aOImYIbqyK+p/pQd52MbOoZW # eE4wggcUMIIE/KADAgECAhAP9xCe9qf4ax3LBs7uih/sMA0GCSqGSIb3DQEBCwUA # MGkxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5EaWdpQ2VydCwgSW5jLjFBMD8GA1UE # AxM4RGlnaUNlcnQgVHJ1c3RlZCBHNCBDb2RlIFNpZ25pbmcgUlNBNDA5NiBTSEEz # ODQgMjAyMSBDQTEwHhcNMjMxMTA4MDAwMDAwWhcNMjYxMDAxMjM1OTU5WjCBnDET # MBEGCysGAQQBgjc8AgEDEwJDWjEdMBsGA1UEDwwUUHJpdmF0ZSBPcmdhbml6YXRp # b24xETAPBgNVBAUTCDA0OTIzNjkzMQswCQYDVQQGEwJDWjEOMAwGA1UEBxMFUHJh # aGExGjAYBgNVBAoTEUdyZXlDb3JiZWwgcy5yLm8uMRowGAYDVQQDExFHcmV5Q29y # YmVsIHMuci5vLjCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAJ8t/Qga # dJKtGC7EqH4pmIU73fInH+j1scmVnrJtXL8tGlKzWZ7qlWDWOJBR3owF9CVqL4IX # BGImH8Miowj6RKKqhEe9UtxiH5ipV6msnzAjTFkwqR9vjfEm9vrU1JuXWvAWAfYx # qYg92oyCEBDQxpURpZmqAVSBy9U/ScDwE4NykZGzb0oYSPtzStd8RJvtUkc4126w # YKMbVe/kdY1mDbKO9DLfpbSIj3vghrH6XeHwEb7/jAVYI7Vl+jUyyqfmYHD7FldQ # X2fZfwvoGSibY1uWvvP0/vm0yd6uDbDjCDOTQW8Lxl5wvlXEf5ewn2oaPSoa6ov3 # 1XmnxL5iT8c1LM06JFCwfHS9e0NSyNr86IiKaxQO9/MANrYciTicObtD3cBcSRDO # pEUfhc4TvA5DQZaakSduVJWPdMhxQs9iWeYMOzh5NDTB3xAx8eLBn7Uj++hjI3FQ # WGEPw4Ew6WoDsJShU0HemlDJGTPW9EZSWHGdNFr1BxXEPb4F7DbjJZn33QIDAQAB # o4ICAjCCAf4wHwYDVR0jBBgwFoAUaDfg67Y7+F8Rhvv+YXsIiGX0TkIwHQYDVR0O # BBYEFP2yViJvcgO05qXIH6aJSXB/QcEhMD0GA1UdIAQ2MDQwMgYFZ4EMAQMwKTAn # BggrBgEFBQcCARYbaHR0cDovL3d3dy5kaWdpY2VydC5jb20vQ1BTMA4GA1UdDwEB # /wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzCBtQYDVR0fBIGtMIGqMFOgUaBP # hk1odHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRUcnVzdGVkRzRDb2Rl # U2lnbmluZ1JTQTQwOTZTSEEzODQyMDIxQ0ExLmNybDBToFGgT4ZNaHR0cDovL2Ny # bDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0VHJ1c3RlZEc0Q29kZVNpZ25pbmdSU0E0 # MDk2U0hBMzg0MjAyMUNBMS5jcmwwgZQGCCsGAQUFBwEBBIGHMIGEMCQGCCsGAQUF # BzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wXAYIKwYBBQUHMAKGUGh0dHA6 # Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFRydXN0ZWRHNENvZGVTaWdu # aW5nUlNBNDA5NlNIQTM4NDIwMjFDQTEuY3J0MAkGA1UdEwQCMAAwDQYJKoZIhvcN # AQELBQADggIBADCe9Fh40HN9RneCehz5MrBy4O9WYsYCMJ7qJ9DsBT+Hed98UOKB # k/XjgSLfsj5eZRHRmz3HzhGDK1PaRI+yIUVQx96a4qL7adktmrHex3fW39Iq+tPB # rHtiEIp9rwunATeZpk+876u0AXYD1VDRWCtkL8zwZU0oqL6U/mWEIXzkryCB5N3x # xtE54jMmW7MKi1+To4yQcrK3zQ394e2dr50L+aF2fgJ5mo1/YJvzyLLhigbqpoYG # U/gjZonhNJXUaYogpHSTgUaBRlIKZ5xCnrFfJlOsbkhex4QAcdkU6XC+XyYfEQka # 7ERwgxmEoRT3NlZ8/EbrQxJP4S1H8Z29M4D3L6rXNXXmv0IbfA9FQcqEco3Y3tRW # dgdcFEwJmYTo0mCZrYTJHgkKW8xDvQ5BJISAp/ydOX5tSa71ojx1/Kp7qizqjBN/ # W77jdqJ89N1y+N/SOiHOCH9NO5pDLsHpTWW/arvjZT0I8dVYkqK0V39rh95XELI+ # NwBZvV4AsKLirjrkZU3pwCz6O99VmPkBqp9TA5wl13NdTpDHuQ6QyVT7hbC8LF5p # z6x/xO/+tEGxG+1A31UTJPmkxhhUlR+NE3ZXiXhcG72CFHYUUvqwlThPkFYe4Ygf # j9ADmss08k0JhVU5rkbrC2h+549HPlFu/XOSIrps4SXzInjHPEYuBETzMYIZ7DCC # GegCAQEwfTBpMQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4x # QTA/BgNVBAMTOERpZ2lDZXJ0IFRydXN0ZWQgRzQgQ29kZSBTaWduaW5nIFJTQTQw # OTYgU0hBMzg0IDIwMjEgQ0ExAhAP9xCe9qf4ax3LBs7uih/sMA0GCWCGSAFlAwQC # AQUAoIGEMBgGCisGAQQBgjcCAQwxCjAIoAKAAKECgAAwGQYJKoZIhvcNAQkDMQwG # CisGAQQBgjcCAQQwHAYKKwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwLwYJKoZI # hvcNAQkEMSIEIP86LDRmgHdopWwUcr5YUw41beSEZeiEr9QzanhQZKX+MA0GCSqG # SIb3DQEBAQUABIIBgGEEzgq3MMLxPd8WktzBPeiSUpxOm+oiYencfHJFotOY0yI/ # MsE708sG01Q3OrC4SaOLMGqwcD76R+2zN1LYOFsCVvymxEOlR0tUTf9sntZCUCtd # KzUCs6DtMQsanK6rdKebALwTdJPVtQnJcNBIG0H19cFAP0fM69p7J0GtN/lDaXnW # L4gEbDYl9TiW/xp4OYdNLH5g+Qobqpjgv88q04GoWWcD2PckRgNEVnOQj3yqf02Q # lLhijcecKunkzK7s98sm3c/AIMOjHmP5txmuEP66kpweB8szTteehSiMIAa2E8UH # NuKYpHeW5BS9coLtxwQqoP8YE/rXQBeBWSnDPAT1LKG8W3G2BXprXltmi5YFIeau # rgcXzCPnHfg3cnlQxV2rn2is8ahd7AJtJsRH2LED0/QkkHgkwAtWbqGNW56S6/wS # m/JsTnMwAsDT25kKNfMrtMut+5pqBJJpcWDFEkk0cTmQVTaaVwMh9QVkOpOfyvV9 # UbdCP9hCZM/zS01oBqGCFzkwghc1BgorBgEEAYI3AwMBMYIXJTCCFyEGCSqGSIb3 # DQEHAqCCFxIwghcOAgEDMQ8wDQYJYIZIAWUDBAIBBQAwdwYLKoZIhvcNAQkQAQSg # aARmMGQCAQEGCWCGSAGG/WwHATAxMA0GCWCGSAFlAwQCAQUABCBrym3tLDBpVf9k # 3Q+GlOgD0gkMc94E8kEoy5fR3SyOIQIQB8xgpKB3SfZMjGtP4NAxsBgPMjAyNTAx # MjQwNzM2MDFaoIITAzCCBrwwggSkoAMCAQICEAuuZrxaun+Vh8b56QTjMwQwDQYJ # KoZIhvcNAQELBQAwYzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDkRpZ2lDZXJ0LCBJ # bmMuMTswOQYDVQQDEzJEaWdpQ2VydCBUcnVzdGVkIEc0IFJTQTQwOTYgU0hBMjU2 # IFRpbWVTdGFtcGluZyBDQTAeFw0yNDA5MjYwMDAwMDBaFw0zNTExMjUyMzU5NTla # MEIxCzAJBgNVBAYTAlVTMREwDwYDVQQKEwhEaWdpQ2VydDEgMB4GA1UEAxMXRGln # aUNlcnQgVGltZXN0YW1wIDIwMjQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK # AoICAQC+anOf9pUhq5Ywultt5lmjtej9kR8YxIg7apnjpcH9CjAgQxK+CMR0Rne/ # i+utMeV5bUlYYSuuM4vQngvQepVHVzNLO9RDnEXvPghCaft0djvKKO+hDu6ObS7r # JcXa/UKvNminKQPTv/1+kBPgHGlP28mgmoCw/xi6FG9+Un1h4eN6zh926SxMe6We # 2r1Z6VFZj75MU/HNmtsgtFjKfITLutLWUdAoWle+jYZ49+wxGE1/UXjWfISDmHuI # 5e/6+NfQrxGFSKx+rDdNMsePW6FLrphfYtk/FLihp/feun0eV+pIF496OVh4R1Tv # jQYpAztJpVIfdNsEvxHofBf1BWkadc+Up0Th8EifkEEWdX4rA/FE1Q0rqViTbLVZ # Iqi6viEk3RIySho1XyHLIAOJfXG5PEppc3XYeBH7xa6VTZ3rOHNeiYnY+V4j1XbJ # +Z9dI8ZhqcaDHOoj5KGg4YuiYx3eYm33aebsyF6eD9MF5IDbPgjvwmnAalNEeJPv # IeoGJXaeBQjIK13SlnzODdLtuThALhGtyconcVuPI8AaiCaiJnfdzUcb3dWnqUnj # XkRFwLtsVAxFvGqsxUA2Jq/WTjbnNjIUzIs3ITVC6VBKAOlb2u29Vwgfta8b2ypi # 6n2PzP0nVepsFk8nlcuWfyZLzBaZ0MucEdeBiXL+nUOGhCjl+QIDAQABo4IBizCC # AYcwDgYDVR0PAQH/BAQDAgeAMAwGA1UdEwEB/wQCMAAwFgYDVR0lAQH/BAwwCgYI # KwYBBQUHAwgwIAYDVR0gBBkwFzAIBgZngQwBBAIwCwYJYIZIAYb9bAcBMB8GA1Ud # IwQYMBaAFLoW2W1NhS9zKXaaL3WMaiCPnshvMB0GA1UdDgQWBBSfVywDdw4oFZBm # pWNe7k+SH3agWzBaBgNVHR8EUzBRME+gTaBLhklodHRwOi8vY3JsMy5kaWdpY2Vy # dC5jb20vRGlnaUNlcnRUcnVzdGVkRzRSU0E0MDk2U0hBMjU2VGltZVN0YW1waW5n # Q0EuY3JsMIGQBggrBgEFBQcBAQSBgzCBgDAkBggrBgEFBQcwAYYYaHR0cDovL29j # c3AuZGlnaWNlcnQuY29tMFgGCCsGAQUFBzAChkxodHRwOi8vY2FjZXJ0cy5kaWdp # Y2VydC5jb20vRGlnaUNlcnRUcnVzdGVkRzRSU0E0MDk2U0hBMjU2VGltZVN0YW1w # aW5nQ0EuY3J0MA0GCSqGSIb3DQEBCwUAA4ICAQA9rR4fdplb4ziEEkfZQ5H2Edub # Tggd0ShPz9Pce4FLJl6reNKLkZd5Y/vEIqFWKt4oKcKz7wZmXa5VgW9B76k9NJxU # l4JlKwyjUkKhk3aYx7D8vi2mpU1tKlY71AYXB8wTLrQeh83pXnWwwsxc1Mt+FWqz # 57yFq6laICtKjPICYYf/qgxACHTvypGHrC8k1TqCeHk6u4I/VBQC9VK7iSpU5wlW # jNlHlFFv/M93748YTeoXU/fFa9hWJQkuzG2+B7+bMDvmgF8VlJt1qQcl7YFUMYgZ # U1WM6nyw23vT6QSgwX5Pq2m0xQ2V6FJHu8z4LXe/371k5QrN9FQBhLLISZi2yemW # 0P8ZZfx4zvSWzVXpAb9k4Hpvpi6bUe8iK6WonUSV6yPlMwerwJZP/Gtbu3CKldMn # n+LmmRTkTXpFIEB06nXZrDwhCGED+8RsWQSIXZpuG4WLFQOhtloDRWGoCwwc6ZpP # ddOFkM2LlTbMcqFSzm4cd0boGhBq7vkqI1uHRz6Fq1IX7TaRQuR+0BGOzISkcqwX # u7nMpFu3mgrlgbAW+BzikRVQ3K2YHcGkiKjA4gi4OA/kz1YCsdhIBHXqBzR0/Zd2 # QwQ/l4Gxftt/8wY3grcc/nS//TVkej9nmUYu83BDtccHHXKibMs/yXHhDXNkoPId # ynhVAku7aRZOwqw6pDCCBq4wggSWoAMCAQICEAc2N7ckVHzYR6z9KGYqXlswDQYJ # KoZIhvcNAQELBQAwYjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IElu # YzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEhMB8GA1UEAxMYRGlnaUNlcnQg # VHJ1c3RlZCBSb290IEc0MB4XDTIyMDMyMzAwMDAwMFoXDTM3MDMyMjIzNTk1OVow # YzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDkRpZ2lDZXJ0LCBJbmMuMTswOQYDVQQD # EzJEaWdpQ2VydCBUcnVzdGVkIEc0IFJTQTQwOTYgU0hBMjU2IFRpbWVTdGFtcGlu # ZyBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMaGNQZJs8E9cklR # VcclA8TykTepl1Gh1tKD0Z5Mom2gsMyD+Vr2EaFEFUJfpIjzaPp985yJC3+dH54P # Mx9QEwsmc5Zt+FeoAn39Q7SE2hHxc7Gz7iuAhIoiGN/r2j3EF3+rGSs+QtxnjupR # PfDWVtTnKC3r07G1decfBmWNlCnT2exp39mQh0YAe9tEQYncfGpXevA3eZ9drMvo # hGS0UvJ2R/dhgxndX7RUCyFobjchu0CsX7LeSn3O9TkSZ+8OpWNs5KbFHc02DVzV # 5huowWR0QKfAcsW6Th+xtVhNef7Xj3OTrCw54qVI1vCwMROpVymWJy71h6aPTnYV # VSZwmCZ/oBpHIEPjQ2OAe3VuJyWQmDo4EbP29p7mO1vsgd4iFNmCKseSv6De4z6i # c/rnH1pslPJSlRErWHRAKKtzQ87fSqEcazjFKfPKqpZzQmiftkaznTqj1QPgv/Ci # PMpC3BhIfxQ0z9JMq++bPf4OuGQq+nUoJEHtQr8FnGZJUlD0UfM2SU2LINIsVzV5 # K6jzRWC8I41Y99xh3pP+OcD5sjClTNfpmEpYPtMDiP6zj9NeS3YSUZPJjAw7W4oi # qMEmCPkUEBIDfV8ju2TjY+Cm4T72wnSyPx4JduyrXUZ14mCjWAkBKAAOhFTuzuld # yF4wEr1GnrXTdrnSDmuZDNIztM2xAgMBAAGjggFdMIIBWTASBgNVHRMBAf8ECDAG # AQH/AgEAMB0GA1UdDgQWBBS6FtltTYUvcyl2mi91jGogj57IbzAfBgNVHSMEGDAW # gBTs1+OC0nFdZEzfLmc/57qYrhwPTzAOBgNVHQ8BAf8EBAMCAYYwEwYDVR0lBAww # CgYIKwYBBQUHAwgwdwYIKwYBBQUHAQEEazBpMCQGCCsGAQUFBzABhhhodHRwOi8v # b2NzcC5kaWdpY2VydC5jb20wQQYIKwYBBQUHMAKGNWh0dHA6Ly9jYWNlcnRzLmRp # Z2ljZXJ0LmNvbS9EaWdpQ2VydFRydXN0ZWRSb290RzQuY3J0MEMGA1UdHwQ8MDow # OKA2oDSGMmh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFRydXN0ZWRS # b290RzQuY3JsMCAGA1UdIAQZMBcwCAYGZ4EMAQQCMAsGCWCGSAGG/WwHATANBgkq # hkiG9w0BAQsFAAOCAgEAfVmOwJO2b5ipRCIBfmbW2CFC4bAYLhBNE88wU86/GPvH # UF3iSyn7cIoNqilp/GnBzx0H6T5gyNgL5Vxb122H+oQgJTQxZ822EpZvxFBMYh0M # CIKoFr2pVs8Vc40BIiXOlWk/R3f7cnQU1/+rT4osequFzUNf7WC2qk+RZp4snuCK # rOX9jLxkJodskr2dfNBwCnzvqLx1T7pa96kQsl3p/yhUifDVinF2ZdrM8HKjI/rA # J4JErpknG6skHibBt94q6/aesXmZgaNWhqsKRcnfxI2g55j7+6adcq/Ex8HBanHZ # xhOACcS2n82HhyS7T6NJuXdmkfFynOlLAlKnN36TU6w7HQhJD5TNOXrd/yVjmScs # PT9rp/Fmw0HNT7ZAmyEhQNC3EyTN3B14OuSereU0cZLXJmvkOHOrpgFPvT87eK1M # rfvElXvtCl8zOYdBeHo46Zzh3SP9HSjTx/no8Zhf+yvYfvJGnXUsHicsJttvFXse # GYs2uJPU5vIXmVnKcPA3v5gA3yAWTyf7YGcWoWa63VXAOimGsJigK+2VQbc61RWY # MbRiCQ8KvYHZE/6/pNHzV9m8BPqC3jLfBInwAM1dwvnQI38AC+R2AibZ8GV2QqYp # hwlHK+Z/GqSFD/yYlvZVVCsfgPrA8g4r5db7qS9EFUrnEw4d2zc4GqEr9u3WfPww # ggWNMIIEdaADAgECAhAOmxiO+dAt5+/bUOIIQBhaMA0GCSqGSIb3DQEBDAUAMGUx # CzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3 # dy5kaWdpY2VydC5jb20xJDAiBgNVBAMTG0RpZ2lDZXJ0IEFzc3VyZWQgSUQgUm9v # dCBDQTAeFw0yMjA4MDEwMDAwMDBaFw0zMTExMDkyMzU5NTlaMGIxCzAJBgNVBAYT # AlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2Vy # dC5jb20xITAfBgNVBAMTGERpZ2lDZXJ0IFRydXN0ZWQgUm9vdCBHNDCCAiIwDQYJ # KoZIhvcNAQEBBQADggIPADCCAgoCggIBAL/mkHNo3rvkXUo8MCIwaTPswqclLskh # PfKK2FnC4SmnPVirdprNrnsbhA3EMB/zG6Q4FutWxpdtHauyefLKEdLkX9YFPFIP # Uh/GnhWlfr6fqVcWWVVyr2iTcMKyunWZanMylNEQRBAu34LzB4TmdDttceItDBvu # INXJIB1jKS3O7F5OyJP4IWGbNOsFxl7sWxq868nPzaw0QF+xembud8hIqGZXV59U # WI4MK7dPpzDZVu7Ke13jrclPXuU15zHL2pNe3I6PgNq2kZhAkHnDeMe2scS1ahg4 # AxCN2NQ3pC4FfYj1gj4QkXCrVYJBMtfbBHMqbpEBfCFM1LyuGwN1XXhm2ToxRJoz # QL8I11pJpMLmqaBn3aQnvKFPObURWBf3JFxGj2T3wWmIdph2PVldQnaHiZdpekjw # 4KISG2aadMreSx7nDmOu5tTvkpI6nj3cAORFJYm2mkQZK37AlLTSYW3rM9nF30sE # AMx9HJXDj/chsrIRt7t/8tWMcCxBYKqxYxhElRp2Yn72gLD76GSmM9GJB+G9t+ZD # pBi4pncB4Q+UDCEdslQpJYls5Q5SUUd0viastkF13nqsX40/ybzTQRESW+UQUOsx # xcpyFiIJ33xMdT9j7CFfxCBRa2+xq4aLT8LWRV+dIPyhHsXAj6KxfgommfXkaS+Y # HS312amyHeUbAgMBAAGjggE6MIIBNjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW # BBTs1+OC0nFdZEzfLmc/57qYrhwPTzAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYun # pyGd823IDzAOBgNVHQ8BAf8EBAMCAYYweQYIKwYBBQUHAQEEbTBrMCQGCCsGAQUF # BzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wQwYIKwYBBQUHMAKGN2h0dHA6 # Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEFzc3VyZWRJRFJvb3RDQS5j # cnQwRQYDVR0fBD4wPDA6oDigNoY0aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0Rp # Z2lDZXJ0QXNzdXJlZElEUm9vdENBLmNybDARBgNVHSAECjAIMAYGBFUdIAAwDQYJ # KoZIhvcNAQEMBQADggEBAHCgv0NcVec4X6CjdBs9thbX979XB72arKGHLOyFXqka # uyL4hxppVCLtpIh3bb0aFPQTSnovLbc47/T/gLn4offyct4kvFIDyE7QKt76LVbP # +fT3rDB6mouyXtTP0UNEm0Mh65ZyoUi0mcudT6cGAxN3J0TU53/oWajwvy8Lpuny # NDzs9wPHh6jSTEAZNUZqaVSwuKFWjuyk1T3osdz9HNj0d1pcVIxv76FQPfx2CWiE # n2/K2yCNNWAcAgPLILCsWKAOQGPFmCLBsln1VWvPJ6tsds5vIy30fnFqI2si/xK4 # VC0nftg62fC2h5b9W9FcrBjDTZ9ztwGpn1eqXijiuZQxggN2MIIDcgIBATB3MGMx # CzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5EaWdpQ2VydCwgSW5jLjE7MDkGA1UEAxMy # RGlnaUNlcnQgVHJ1c3RlZCBHNCBSU0E0MDk2IFNIQTI1NiBUaW1lU3RhbXBpbmcg # Q0ECEAuuZrxaun+Vh8b56QTjMwQwDQYJYIZIAWUDBAIBBQCggdEwGgYJKoZIhvcN # AQkDMQ0GCyqGSIb3DQEJEAEEMBwGCSqGSIb3DQEJBTEPFw0yNTAxMjQwNzM2MDFa # MCsGCyqGSIb3DQEJEAIMMRwwGjAYMBYEFNvThe5i29I+e+T2cUhQhyTVhltFMC8G # CSqGSIb3DQEJBDEiBCAw2QwpmsHkuUxCrIjqjGrs92g2rpzeA0qTeecnzCc7kjA3 # BgsqhkiG9w0BCRACLzEoMCYwJDAiBCB2dp+o8mMvH0MLOiMwrtZWdf7Xc9sF1mW5 # BZOYQ4+a2zANBgkqhkiG9w0BAQEFAASCAgAY5AA03fcgKZj3twrV9yfftAPuxKlv # NiZUffe+fNz4h32hg9MJLdwLe2N5nzrPCMhIf2SbOiV4RkhZsG7kjNRpccxAFdGp # aED7t35f0DqYGTmbBvjqjp1ShPzPKsZBJ0VT45493o+XL3HLU0Xav8ypRHF1IQQd # XqsDCYXrYX4pDKSLrcIhzc3e4s+yUxWQ/kH80SU91CgJC6+AI/KLqpC8/JXdVRbp # q9TEvg2Vqj0ovlAXnrUCEdKyxQRe5ws4yi7ypew/AYOONexOBOOl5yPjLegGo/kG # uonwSfdMC5xo+3gJ7WDIlJCHrbpf0c3rkVxA5qp84ZCXcTisYVFBD7wdu9OnkvtI # nzNTtvrtBUvV8UGo/UPfTn1mxjGtOaTAPgQxMMuDPJU92acXTOwEuyXNFRvC0m7F # /EOaNdkTNm0aksx2ykBlm3raPxILPhlFbOz4QqhvfOMRlPapQKZkw4MhCt3Kbb+L # WhcvsZ8XXy17uUsMFMm36JEmRZXYncyRWzTTt/pZykagxHMnwxJNWXXMs6iuP27f # 8Okkn2V6xR3CrJpLertLCaMRe9XhAAyXh2jdC+VZxxursyh/YUC+iIIXNjIqZL04 # bQyYj35E1qT/fhUT0GE/K/N8gdYI2ecF3bGq+hy6xqLNWBTDkbtWgKBliixEEDyd # xraeN8SzbSK6Cg== # SIG # End signature block |