AzureValidation/Microsoft.AzureStack.AzureValidation.Internal.psm1
|
<#############################################################
# # # Copyright (C) Microsoft Corporation. All rights reserved. # # # #############################################################> Import-LocalizedData LocalizedData -BaseDirectory $PSScriptRoot -Filename Microsoft.AzureStack.AzureValidation.Strings.psd1 # Call install code to check Service Administrator Function Test-AzsServiceAdministrator { [OutputType([Hashtable])] [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [pscredential] $AADServiceAdministrator, [Parameter(Mandatory = $true)] [string] $AzureEnvironment, [Parameter(Mandatory = $false)] [string] $CustomCloudARMEndpoint, [Parameter(Mandatory = $true)] [string] $AADDirectoryTenantName ) $thisFunction = $MyInvocation.MyCommand.Name $null = Import-Module $PSScriptRoot\AzureADConfiguration.psm1 -force $ErrorDetails = @() $err = $null Write-AzsReadinessLog -message "Starting: Get-AzureADTenantDetails with credential" -function $thisFunction try { $tenantDetails = Get-AzureADTenantDetails -AzureEnvironment $AzureEnvironment -AADAdminCredential $AADServiceAdministrator -AADDirectoryTenantName $AADDirectoryTenantName -CustomCloudARMEndpoint $CustomCloudARMEndpoint } catch { $err = $_ } # MFA should rerun Get-AzureADTenantDetails with no creds so the user is prompted if ($err.exception.innerexception.errorcode -eq 'interaction_required') { try { Write-AzsReadinessLog -message "Starting: Get-AzureADTenantDetails with no credential, Multi-Factor Authentication required." -function $thisFunction Clear-Variable err $tenantDetails = Get-AzureADTenantDetails -AzureEnvironment $AzureEnvironment -AADDirectoryTenantName $AADDirectoryTenantName -CustomCloudARMEndpoint $CustomCloudARMEndpoint } catch { $err = $_ } } if ($err) { if ($err.Exception.Message -match 'is not an administrator of the Azure Active Directory tenant') { $ErrorDetails += ($LocalizedData.NotAdminOfTenant -f $AADServiceAdministrator.UserName, $AADDirectoryTenantName ) Write-AzsReadinessLog -message ("Get-AzureADTenantDetails failed with: {0}" -f $LocalizedData.NotAdminOfTenant) -function $thisFunction -type Error $result = 'Fail' } elseif ($err.exception.innerexception.errorcode -eq 'unknown_user_type') { $errorDetails += ($LocalizedData.UnknownUserType -f $credential.UserName, $AzureEnvironment) Write-AzsReadinessLog -message ($LocalizedData.UnknownUserType -f $credential.UserName, $AzureEnvironment) -function $thisFunction -type Error $result = 'Fail' } elseif ($err.exception.innerexception.errorcode -eq 'user_password_expired') { $errorDetails += ($LocalizedData.ForceResetPassword -f $credential.UserName) Write-AzsReadinessLog -message ($LocalizedData.ForceResetPassword -f $credential.UserName) -function $thisFunction -type Error $result = 'Fail' } elseif ($err.exception.InnerException.ErrorCode -eq 'invalid_grant') { $errorDetails += ($LocalizedData.AccountDisabled -f $credential.UserName) Write-AzsReadinessLog -message $errorDetails -function $thisFunction -type Error $result = 'Fail' } elseif ($err.exception.InnerException.ErrorCode -eq 'authentication_canceled') { $errorDetails += $LocalizedData.UserCancelledLogon Write-AzsReadinessLog -message $errorDetails -function $thisFunction -type Error $result = 'Fail' } else { $errorDetails += ($LocalizedData.testfailed -f $thisFunction, $err.exception) Write-AzsReadinessLog -message $errorDetails -function $thisFunction -type Error $result = 'Fail' } } if ($tenantDetails) { $result = 'OK' Write-AzsReadinessLog -message "Get-AzureADTenantDetails completed" -function $thisFunction } @{'Test' = 'ServiceAdministrator'; 'Result' = $result; 'errorDetails' = $errorDetails; 'Assets' = @{'AADServiceAdmin' = $AADServiceAdministrator.UserName; 'AzureEnvironment' = $AzureEnvironment; 'AADDirectoryTenantName' = $AADDirectoryTenantName}} } Function Test-AzsRegistrationAccount { [OutputType([Hashtable])] [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [psobject] $subscription, [Parameter(Mandatory = $true)] [string] $subscriptionId, [Parameter(Mandatory = $true)] [string] $tenantId, [Parameter(Mandatory = $true)] [pscredential] $Credential, [Parameter(Mandatory = $true)] [string] $AzureEnvironment, [Parameter(Mandatory=$false)] [string] $CustomCloudARMEndpoint ) $thisFunction = $MyInvocation.MyCommand.Name $errorDetail = @() $supportedSubscriptionTypes = 'EnterpriseAgreement_', 'CSP_', 'Sponsored_', 'Internal_' Write-AzsReadinessLog -message ("Testing if subscription {0} is one of type {1}" -f $subscription.subscriptionid, ($supportedSubscriptionTypes -join ',')) -function $thisFunction foreach ($supportedSubscriptionType in $supportedSubscriptionTypes) { if ($subscription.subscriptionPolicies.quotaId -match $supportedSubscriptionType) { $supported = $true Write-AzsReadinessLog -message ("Success subscription {0} is of type {1}" -f $subscription.subscriptionid, $subscription.subscriptionPolicies.quotaId) -function $thisFunction break } else { $supported = $false Write-AzsReadinessLog -message ("Subscription {0} is of type {1}" -f $subscription.subscriptionid, $subscription.subscriptionPolicies.quotaId) -function $thisFunction -type Error } } # If both subscription types don't match, give one failure reason. if ($supported -ne $true) { $errorDetail += ($LocalizedData.SubscriptionNotSupported -f $subscription.subscriptionid, $subscription.subscriptionPolicies.quotaId) Write-AzsReadinessLog -message ($LocalizedData.SubscriptionNotSupported -f $subscription.subscriptionid, $subscription.subscriptionPolicies.quotaId) -function $thisFunction -type Error } # Check subscription is enabled if ($subscription.state -eq 'Enabled') { $enabled = $true Write-AzsReadinessLog -message ("Subscription {0} is enabled" -f $subscription.subscriptionid) -function $thisFunction } else { $enabled = $false $errorDetail += ($LocalizedData.SubscriptionNotEnabled -f $subscription.subscriptionid) Write-AzsReadinessLog -message ($LocalizedData.SubscriptionNotEnabled -f $subscription.subscriptionid) -function $thisFunction } # Check subscriptions match Write-AzsReadinessLog -message ("Checking subscription {0} matches given subscription {1}" -f $subscription.subscriptionid, $subscriptionid) -function $thisFunction if ($subscription.subscriptionid -eq $subscriptionid) { $subscriptionMatch = $true Write-AzsReadinessLog -message ("Subscription {0} matches given subscription {1}" -f $subscription.subscriptionid, $subscriptionid) -function $thisFunction } Else { $subscriptionMatch = $false $errorDetail += ($LocalizedData.SubscriptionNotMatch -f $subscription.subscriptionid, $subscriptionid) Write-AzsReadinessLog -message ($LocalizedData.SubscriptionNotMatch -f $subscription.subscriptionid, $subscriptionid) -function $thisFunction -type Error } ## Test if user account has right permissions and can access Graph API Write-AzsReadinessLog -message ("Testing if user has correct permissions set and can access Graph API." ) -function $thisFunction $azureURIs = Get-AzureURIs -AzureEnvironment $AzureEnvironment -CustomCloudARMEndpoint $CustomCloudARMEndpoint $UserId = "" $token = Get-AADToken -ResourceUri $azureURIs.GraphUri -TenantId $tenantId -Credential $Credential -PromptBehavior never -AzureURIs $azureURIs $graphUri = "$($AzureURIs.GraphUri.TrimEnd('/'))/$tenantId/applications?api-version=1.6" $userPermission = $false try { $tenantResponse = Invoke-RestMethod -Method Get -Uri $graphUri -Headers @{Authorization = "Bearer $($token.AccessToken)"} $userPermission = $true Write-AzsReadinessLog -message ("User was able to successfully invoke Graph API." ) -function $thisFunction } catch { $userPermission = $false $errorDetail += ("User does not have permission to access Graph API. Please check your account. Status Code: {0}, Exception: {1}" -f $_.Exception.Response.StatusCode, $_.Exception.Response) Write-AzsReadinessLog -message ( $errorDetail) -function $thisFunction -type Error } ## Add check for userpermission if ($supported -AND $enabled -AND $subscriptionMatch -AND $userPermission) { $result = 'OK' Write-AzsReadinessLog -message ("Overall check for subscription {0} is success" -f $subscription.subscriptionid) -function $thisFunction } else { $result = 'Fail' Write-AzsReadinessLog -message ("Overall check for subscription {0} is error with detail {1}: " -f $subscription.subscriptionid, ($errorDetail -join ',')) -function $thisFunction -Type Error } @{'Test' = 'RegistrationAccount'; 'Result' = $result; 'errorDetails' = $errorDetail; 'Assets' = @{'SubscriptionId' = $subscription.subscriptionid; 'SubscriptionType' = $subscription.subscriptionPolicies.quotaId; 'Enabled' = $enabled}} } # Get subscription detail via REST so we can see the subscription type (CSP, EA, PAYG etc.) function Get-AzureSubscriptionDetail { [OutputType([Hashtable])] [CmdletBinding()] param ([string]$tenantid, [string]$subscriptionid, [pscredential]$credential, [string]$AzureEnvironment, [string]$CustomCloudARMEndpoint ) $thisFunction = $MyInvocation.MyCommand.Name try { Write-AzsReadinessLog -message ("TenantID: {0}" -f $tenantid) -function $thisFunction Write-AzsReadinessLog -message ("SubscriptionId: {0}" -f $subscriptionid) -function $thisFunction $errorDetails = @() # Set well-known client ID for AzurePowerShell $clientId = "1950a258-227b-4e31-a9cf-717495945fc2" # Set redirect URI for Azure PowerShell $redirectUri = "urn:ietf:wg:oauth:2.0:oob" $AzureURIs = Get-AzureURIs -AzureEnvironment $AzureEnvironment -CustomCloudARMEndpoint $CustomCloudARMEndpoint # Set Resource App URI as ARM Write-AzsReadinessLog -message ("Retrieving ARMURI for {0}" -f $AzureEnvironment) -function $thisFunction $resourceAppIdURI = $AzureURIs.ARMUri Write-AzsReadinessLog -message ("Retrieved ARMURI {0}" -f $resourceAppIdURI) -function $thisFunction # Set Authority to Azure AD Tenant $authority = "{0}{1}" -f $AzureURIs.LoginUri, $tenantid Write-AzsReadinessLog -message ("Authority {0}" -f $authority) -function $thisFunction # Create Authentication Context tied to Azure AD Tenant $authContext = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext" -ArgumentList $authority # Acquire token $userCreds = new-object Microsoft.IdentityModel.Clients.ActiveDirectory.UserCredential($credential.userName, $credential.Password) try { $authResult = $authContext.AcquireToken($resourceAppIdURI, $clientId, $userCreds) } catch [Microsoft.IdentityModel.Clients.ActiveDirectory.AdalException] { if ($_.Exception.ErrorCode -eq "interaction_required") { $authResult = $authContext.AcquireToken($resourceAppIdURI, $clientId, $redirectUri, 'Always') } else { throw } } $ApiVersion = '2017-08-01' # Output bearer token $authHeader = $authResult.CreateAuthorizationHeader() $header = @{ 'Content-Type' = 'application/json' 'Authorization' = $authHeader } # Make Subscription call $URI = $resourceAppIdURI + "subscriptions/${subscriptionId}?api-version=$ApiVersion" Write-AzsReadinessLog -message ("Making REST call to uri {0} for subscription details" -f $uri, $header) -function $thisFunction $subscription = Invoke-RestMethod -Uri $URI -Method GET -Headers $header # Make role assignment call for user $principalId = $authResult.UserInfo.UniqueId $roleAssignmentURI = $resourceAppIdURI + "subscriptions/${subscriptionId}/providers/Microsoft.Authorization/roleAssignments?api-version=2017-09-01&`$filter=PrincipalId eq '$principalId'" Write-AzsReadinessLog -message ("Making call to uri {0} for role assignments of user" -f $uri) -function $thisFunction $roleAssignment = Invoke-RestMethod -Uri $roleAssignmentURI -Method GET -Headers $header $roleDefinitionIds = $roleAssignment.value.properties.roleDefinitionId Write-AzsReadinessLog -message ("RoleAssignment IDs {0} for user" -f ($roleDefinitionIds -join ',')) -function $thisFunction # Make role assignment definition call $roleDefURI = $resourceAppIdURI + "subscriptions/${subscriptionId}/providers/Microsoft.Authorization/roleDefinitions?api-version=2015-07-01" Write-AzsReadinessLog -message ("Get all RoleAssignment defintions from uri {0}" -f $roleDefURI) -function $thisFunction $allRoleDefs = Invoke-RestMethod -Uri $roleDefURI -Method GET -Headers $header # filter definitions on users role assignment(s) $roledef = $allRoleDefs.value | ? id -in $roleDefinitionIds Write-AzsReadinessLog ("Resolving {0} role definition(s) from user in role definition list." -f ($roleDef.properties.roleName -join ',')) -function $thisFunction # check is role definition on user is owner if ($roleDef.properties.roleName -match 'Owner') { Write-AzsReadinessLog ("Success. Owner present. User: {0} role(s): {1}" -f $authResult.UserInfo.DisplayableId, ($roleDef.properties.roleName -join ',')) -function $thisFunction } else { $allClassicAdmins = Get-AzureClassicAdmins -resourceAppIdURI $resourceAppIdURI -header $header -subscriptionId $subscriptionId $classicAdmin = $allClassicAdmins | Where-Object {$_.properties.emailaddress -eq $authResult.UserInfo.DisplayableId} if ($classicAdmin) { Write-AzsReadinessLog ("Success. Classic Admin present. User: {0} role(s): {1}" -f $authResult.UserInfo.DisplayableId, $classicAdmin.properties.role) -function $thisFunction } else { Write-AzsReadinessLog ("Error. Owner and classic admin not present. User: {0} role(s): {1}" -f $authResult.UserInfo.DisplayableId, ($roleDef.properties.roleName -join ',')) -function $thisFunction throw "NonOwner" } } } catch { if ($_.exception.Message -match 'Forbidden|Unauthorized') { $errorDetails += ($LocalizedData.UserNotAuthorizedForSubscription -f $credential.username, $tenantid, $subscriptionid) Write-AzsReadinessLog -message ($LocalizedData.UserNotAuthorizedForSubscription -f $credential.username, $tenantid, $subscriptionid) -function $thisFunction -type Error } elseif ($_.exception.Message -match 'NonOwner') { $errorDetails += ($LocalizedData.UserNotOwnerForSubscription -f $credential.username, ($roleDef.properties.roleName -join ','), $subscriptionid) Write-AzsReadinessLog -message ($LocalizedData.UserNotOwnerForSubscription -f $credential.username, $tenantid, $subscriptionid) -function $thisFunction -type Error } else { $errorDetails += ("{0} threw an error: {1}" -f $MyInvocation.MyCommand.Name, $_) Write-AzsReadinessLog -message ("error: {0}" -f $_) -function $thisFunction -type Error } } @{'Test' = 'GetSubscription'; 'subscription' = $subscription; 'errorDetails' = $errorDetails; 'AADDirectoryTenantName' = $tenantid; 'subscriptionid' = $subscriptionid; 'credential' = $credential.UserName; 'AzureEnvironment' = $AzureEnvironment; 'UserRole' = ($roleDef.properties.roleName -join ',')} } function Get-RegistrationTenantId { [CmdletBinding()] param ( [string]$subscriptionid, [pscredential]$credential, [string]$AzureEnvironment, [string]$CustomCloudARMEndpoint ) $thisFunction = $MyInvocation.MyCommand.Name try { Write-AzsReadinessLog -message ("Getting TenantId for subscription {0}" -f $subscriptionid) -function $thisFunction if ($AzureEnvironment -eq 'CustomCloud') { # Read custom Environment Write-AzsReadinessLog -message ("Getting custom azure environment from {0}" -f $CustomCloudARMEndpoint) -function $thisFunction $AzureURIs = Get-AzureURIs -AzureEnvironment $AzureEnvironment -CustomCloudARMEndpoint $CustomCloudARMEndpoint $tempAzureEnvName = "ReadinessCheckerTempEnvironment" Write-AzsReadinessLog -message ("Adding custom Azure Environment {0}" -f $tempAzureEnvName) -function $thisFunction Add-AzureRmEnvironment -Name $tempAzureEnvName ` -ActiveDirectoryEndpoint $AzureURIs.LoginUri ` -ActiveDirectoryServiceEndpointResourceId (Invoke-RestMethod "$($AzureURIs.ARMUri)/metadata/endpoints?api-version=2015-01-01").authentication.audiences[0] ` -ResourceManagerEndpoint $AzureURIs.ARMUri ` -GraphEndpoint $AzureURIs.GraphUri Write-AzsReadinessLog -message ("Trying login to custom Azure Environment {0}" -f $tempAzureEnvName) -function $thisFunction $tenantId = (Login-AzureRmAccount -Credential $credential -Subscription $subscriptionid -Environment $tempAzureEnvName -errorAction Stop).Context.Tenant.TenantId } else { $tenantId = (Login-AzureRmAccount -Credential $credential -Subscription $subscriptionid -Environment $AzureEnvironment -errorAction Stop).Context.Tenant.TenantId } Write-AzsReadinessLog -message ("Resolved TenantId {0} for subscription {1}" -f $tenantId, $subscriptionid) -function $thisFunction } catch { if ($_.Exception.InnerException.ErrorCode -eq "interaction_required") { Write-AzsReadinessLog -message ("Account is MFA enabled, prompting user for MFA." -f $credential.username) -function $thisFunction try { if ($AzureEnvironment -eq 'CustomCloud') { $tenantId = (Login-AzureRmAccount -Subscription $subscriptionid -Environment $tempAzureEnvName -errorAction Stop).Context.Tenant.TenantId } else { $tenantId = (Login-AzureRmAccount -Subscription $subscriptionid -Environment $AzureEnvironment -ErrorAction Stop).Context.Tenant.TenantId } } catch { if ($_.Exception.InnerException.ErrorCode -eq 'authentication_canceled') { $errorDetails += $LocalizedData.UserCancelledLogon Write-AzsReadinessLog -message $LocalizedData.UserCancelledLogon -function $thisFunction -type Error } elseif ($_.Exception.InnerException.ErrorCode -eq 'unknown_user_type') { $errorDetails += ($LocalizedData.UnknownUserType -f $credential.UserName, $AzureEnvironment) Write-AzsReadinessLog -message ($LocalizedData.UnknownUserType -f $credential.UserName, $AzureEnvironment) -function $thisFunction -type Error } elseif ($_.Exception.InnerException.ErrorCode -eq 'user_password_expired') { $errorDetails += ($LocalizedData.ForceResetPassword -f $credential.UserName) Write-AzsReadinessLog -message ($LocalizedData.ForceResetPassword -f $credential.UserName) -function $thisFunction -type Error } elseif ($_.Exception.InnerException.ErrorCode -eq 'invalid_grant') { $errorDetails += ($LocalizedData.AccountDisabled -f $credential.UserName) Write-AzsReadinessLog -message $errorDetails -function $thisFunction -type Error } else { $errorDetails = ("Retrieving TenantId for subscription {0} using account {1} failed with: {2}" -f $subscriptionid, $credential.username, $_.exception.message) Write-AzsReadinessLog -message $errorDetails -function $thisFunction -Type Error } } } elseif ($_.Exception.InnerException.ErrorCode -eq 'unknown_user_type') { $errorDetails += ($LocalizedData.UnknownUserType -f $credential.UserName, $AzureEnvironment) Write-AzsReadinessLog -message ($LocalizedData.UnknownUserType -f $credential.UserName, $AzureEnvironment) -function $thisFunction -type Error } elseif ($_.Exception.InnerException.ErrorCode -eq 'user_password_expired') { $errorDetails += ($LocalizedData.ForceResetPassword -f $credential.UserName) Write-AzsReadinessLog -message ($LocalizedData.ForceResetPassword -f $credential.UserName) -function $thisFunction -type Error } elseif ($_.Exception.InnerException.ErrorCode -eq 'invalid_grant') { $errorDetails += ($LocalizedData.AccountDisabled -f $credential.UserName) Write-AzsReadinessLog -message $errorDetails -function $thisFunction -type Error } else { $errorDetails = ("Retrieving TenantId for subscription {0} using account {1} failed with: {2}" -f $subscriptionid, $credential.username, $_.exception.message) Write-AzsReadinessLog -message $errorDetails -function $thisFunction -Type Error } } finally { if ($AzureEnvironment -eq 'Custom') { Write-AzsReadinessLog -message ("Removing custom Azure Environment {0}" -f $tempAzureEnvName) -function $thisFunction Remove-AzureRmEnvironment -name $tempAzureEnvName -Scope Process -ErrorAction SilentlyContinue } } @{'Test' = 'GetTenantId'; 'errorDetails' = $errorDetails; 'tenantId' = $tenantid} } function Get-AzureClassicAdmins { param ($resourceAppIdURI, $header, $subscriptionId) $thisFunction = $MyInvocation.MyCommand.Name $classicAdminURI = $resourceAppIdURI + "subscriptions/${subscriptionId}/providers/Microsoft.Authorization/classicAdministrators?api-version=2015-06-01" Write-AzsReadinessLog -message ("Get Classic Administrators from uri {0}" -f $classicAdminURI) -function $thisFunction try { $classicAdmins = Invoke-RestMethod -Uri $classicAdminURI -Method GET -Headers $header | Select-Object -ExpandProperty Value } catch { Write-AzsReadinessLog -message ("Unable to retrieve Classic Administrators from uri {0}. Exception {1}" -f $classicAdminURI, $_.exception) -function $thisFunction -Type Error } return $classicAdmins } # SIG # Begin signature block # MIIjlgYJKoZIhvcNAQcCoIIjhzCCI4MCAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCBLDwibtiV8o7yU # iQx819dEYioKmgOei3jJensoIud2YqCCDYUwggYDMIID66ADAgECAhMzAAABiK9S # 1rmSbej5AAAAAAGIMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMRMwEQYD # VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNpZ25p # bmcgUENBIDIwMTEwHhcNMjAwMzA0MTgzOTQ4WhcNMjEwMzAzMTgzOTQ4WjB0MQsw # CQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9u # ZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYDVQQDExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB # AQCSCNryE+Cewy2m4t/a74wZ7C9YTwv1PyC4BvM/kSWPNs8n0RTe+FvYfU+E9uf0 # t7nYlAzHjK+plif2BhD+NgdhIUQ8sVwWO39tjvQRHjP2//vSvIfmmkRoML1Ihnjs # 9kQiZQzYRDYYRp9xSQYmRwQjk5hl8/U7RgOiQDitVHaU7BT1MI92lfZRuIIDDYBd # vXtbclYJMVOwqZtv0O9zQCret6R+fRSGaDNfEEpcILL+D7RV3M4uaJE4Ta6KAOdv # V+MVaJp1YXFTZPKtpjHO6d9pHQPZiG7NdC6QbnRGmsa48uNQrb6AfmLKDI1Lp31W # MogTaX5tZf+CZT9PSuvjOCLNAgMBAAGjggGCMIIBfjAfBgNVHSUEGDAWBgorBgEE # AYI3TAgBBggrBgEFBQcDAzAdBgNVHQ4EFgQUj9RJL9zNrPcL10RZdMQIXZN7MG8w # VAYDVR0RBE0wS6RJMEcxLTArBgNVBAsTJE1pY3Jvc29mdCBJcmVsYW5kIE9wZXJh # dGlvbnMgTGltaXRlZDEWMBQGA1UEBRMNMjMwMDEyKzQ1ODM4NjAfBgNVHSMEGDAW # gBRIbmTlUAXTgqoXNzcitW2oynUClTBUBgNVHR8ETTBLMEmgR6BFhkNodHRwOi8v # d3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NybC9NaWNDb2RTaWdQQ0EyMDExXzIw # MTEtMDctMDguY3JsMGEGCCsGAQUFBwEBBFUwUzBRBggrBgEFBQcwAoZFaHR0cDov # L3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNDb2RTaWdQQ0EyMDEx # XzIwMTEtMDctMDguY3J0MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIB # ACnXo8hjp7FeT+H6iQlV3CcGnkSbFvIpKYafgzYCFo3UHY1VHYJVb5jHEO8oG26Q # qBELmak6MTI+ra3WKMTGhE1sEIlowTcp4IAs8a5wpCh6Vf4Z/bAtIppP3p3gXk2X # 8UXTc+WxjQYsDkFiSzo/OBa5hkdW1g4EpO43l9mjToBdqEPtIXsZ7Hi1/6y4gK0P # mMiwG8LMpSn0n/oSHGjrUNBgHJPxgs63Slf58QGBznuXiRaXmfTUDdrvhRocdxIM # i8nXQwWACMiQzJSRzBP5S2wUq7nMAqjaTbeXhJqD2SFVHdUYlKruvtPSwbnqSRWT # GI8s4FEXt+TL3w5JnwVZmZkUFoioQDMMjFyaKurdJ6pnzbr1h6QW0R97fWc8xEIz # LIOiU2rjwWAtlQqFO8KNiykjYGyEf5LyAJKAO+rJd9fsYR+VBauIEQoYmjnUbTXM # SY2Lf5KMluWlDOGVh8q6XjmBccpaT+8tCfxpaVYPi1ncnwTwaPQvVq8RjWDRB7Pa # 8ruHgj2HJFi69+hcq7mWx5nTUtzzFa7RSZfE5a1a5AuBmGNRr7f8cNfa01+tiWjV # Kk1a+gJUBSP0sIxecFbVSXTZ7bqeal45XSDIisZBkWb+83TbXdTGMDSUFKTAdtC+ # r35GfsN8QVy59Hb5ZYzAXczhgRmk7NyE6jD0Ym5TKiW5MIIHejCCBWKgAwIBAgIK # YQ6Q0gAAAAAAAzANBgkqhkiG9w0BAQsFADCBiDELMAkGA1UEBhMCVVMxEzARBgNV # BAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jv # c29mdCBDb3Jwb3JhdGlvbjEyMDAGA1UEAxMpTWljcm9zb2Z0IFJvb3QgQ2VydGlm # aWNhdGUgQXV0aG9yaXR5IDIwMTEwHhcNMTEwNzA4MjA1OTA5WhcNMjYwNzA4MjEw # OTA5WjB+MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UE # BxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSgwJgYD # VQQDEx9NaWNyb3NvZnQgQ29kZSBTaWduaW5nIFBDQSAyMDExMIICIjANBgkqhkiG # 9w0BAQEFAAOCAg8AMIICCgKCAgEAq/D6chAcLq3YbqqCEE00uvK2WCGfQhsqa+la # UKq4BjgaBEm6f8MMHt03a8YS2AvwOMKZBrDIOdUBFDFC04kNeWSHfpRgJGyvnkmc # 6Whe0t+bU7IKLMOv2akrrnoJr9eWWcpgGgXpZnboMlImEi/nqwhQz7NEt13YxC4D # dato88tt8zpcoRb0RrrgOGSsbmQ1eKagYw8t00CT+OPeBw3VXHmlSSnnDb6gE3e+ # lD3v++MrWhAfTVYoonpy4BI6t0le2O3tQ5GD2Xuye4Yb2T6xjF3oiU+EGvKhL1nk # kDstrjNYxbc+/jLTswM9sbKvkjh+0p2ALPVOVpEhNSXDOW5kf1O6nA+tGSOEy/S6 # A4aN91/w0FK/jJSHvMAhdCVfGCi2zCcoOCWYOUo2z3yxkq4cI6epZuxhH2rhKEmd # X4jiJV3TIUs+UsS1Vz8kA/DRelsv1SPjcF0PUUZ3s/gA4bysAoJf28AVs70b1FVL # 5zmhD+kjSbwYuER8ReTBw3J64HLnJN+/RpnF78IcV9uDjexNSTCnq47f7Fufr/zd # sGbiwZeBe+3W7UvnSSmnEyimp31ngOaKYnhfsi+E11ecXL93KCjx7W3DKI8sj0A3 # T8HhhUSJxAlMxdSlQy90lfdu+HggWCwTXWCVmj5PM4TasIgX3p5O9JawvEagbJjS # 4NaIjAsCAwEAAaOCAe0wggHpMBAGCSsGAQQBgjcVAQQDAgEAMB0GA1UdDgQWBBRI # bmTlUAXTgqoXNzcitW2oynUClTAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTAL # BgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBRyLToCMZBD # uRQFTuHqp8cx0SOJNDBaBgNVHR8EUzBRME+gTaBLhklodHRwOi8vY3JsLm1pY3Jv # c29mdC5jb20vcGtpL2NybC9wcm9kdWN0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFf # MDNfMjIuY3JsMF4GCCsGAQUFBwEBBFIwUDBOBggrBgEFBQcwAoZCaHR0cDovL3d3 # dy5taWNyb3NvZnQuY29tL3BraS9jZXJ0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFf # MDNfMjIuY3J0MIGfBgNVHSAEgZcwgZQwgZEGCSsGAQQBgjcuAzCBgzA/BggrBgEF # BQcCARYzaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9kb2NzL3ByaW1h # cnljcHMuaHRtMEAGCCsGAQUFBwICMDQeMiAdAEwAZQBnAGEAbABfAHAAbwBsAGkA # YwB5AF8AcwB0AGEAdABlAG0AZQBuAHQALiAdMA0GCSqGSIb3DQEBCwUAA4ICAQBn # 8oalmOBUeRou09h0ZyKbC5YR4WOSmUKWfdJ5DJDBZV8uLD74w3LRbYP+vj/oCso7 # v0epo/Np22O/IjWll11lhJB9i0ZQVdgMknzSGksc8zxCi1LQsP1r4z4HLimb5j0b # pdS1HXeUOeLpZMlEPXh6I/MTfaaQdION9MsmAkYqwooQu6SpBQyb7Wj6aC6VoCo/ # KmtYSWMfCWluWpiW5IP0wI/zRive/DvQvTXvbiWu5a8n7dDd8w6vmSiXmE0OPQvy # CInWH8MyGOLwxS3OW560STkKxgrCxq2u5bLZ2xWIUUVYODJxJxp/sfQn+N4sOiBp # mLJZiWhub6e3dMNABQamASooPoI/E01mC8CzTfXhj38cbxV9Rad25UAqZaPDXVJi # hsMdYzaXht/a8/jyFqGaJ+HNpZfQ7l1jQeNbB5yHPgZ3BtEGsXUfFL5hYbXw3MYb # BL7fQccOKO7eZS/sl/ahXJbYANahRr1Z85elCUtIEJmAH9AAKcWxm6U/RXceNcbS # oqKfenoi+kiVH6v7RyOA9Z74v2u3S5fi63V4GuzqN5l5GEv/1rMjaHXmr/r8i+sL # gOppO6/8MO0ETI7f33VtY5E90Z1WTk+/gFcioXgRMiF670EKsT/7qMykXcGhiJtX # cVZOSEXAQsmbdlsKgEhr/Xmfwb1tbWrJUnMTDXpQzTGCFWcwghVjAgEBMIGVMH4x # CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRt # b25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01p # Y3Jvc29mdCBDb2RlIFNpZ25pbmcgUENBIDIwMTECEzMAAAGIr1LWuZJt6PkAAAAA # AYgwDQYJYIZIAWUDBAIBBQCgga4wGQYJKoZIhvcNAQkDMQwGCisGAQQBgjcCAQQw # HAYKKwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkEMSIEIJhP # jRfejErFz1EDL861l06cwECS3T2jbEd4TjCAlBMNMEIGCisGAQQBgjcCAQwxNDAy # oBSAEgBNAGkAYwByAG8AcwBvAGYAdKEagBhodHRwOi8vd3d3Lm1pY3Jvc29mdC5j # b20wDQYJKoZIhvcNAQEBBQAEggEANUJuXLNIzIsRnPFCoP706BAXP3SLVEirH7pt # JVPSwx9Owky2ape7oVWN9UIG1FU0Hlp0pI7Cu86XIZGuxMgiYrQuOijLkyL3/gzD # UoWWH/L7MvMGtqr5pMrb5L/BKJNMH5/mHTMrr4zXhyg7tvkSedxnQlmbW1oY0jvB # PX8IYv8w24DSn1QHzQizXawMaix6OSLU2gVafLf6srqpfLHj43PmkpkOXkbisJ6S # kHuNo9/JuvzseySqLupqYVp3W7S0muV/PCJv155WDLdEJE4beKM0hkbNZ8Pcrtmh # 2ThtYSnCjzCbHHtkHhiWtMLqoUOOEHmfmc9QMNnfaWue+V9ASKGCEvEwghLtBgor # BgEEAYI3AwMBMYIS3TCCEtkGCSqGSIb3DQEHAqCCEsowghLGAgEDMQ8wDQYJYIZI # AWUDBAIBBQAwggFVBgsqhkiG9w0BCRABBKCCAUQEggFAMIIBPAIBAQYKKwYBBAGE # WQoDATAxMA0GCWCGSAFlAwQCAQUABCAyVt+CYaf8ZZ2KJfJQSk/2paMR2uwIQXuu # xndUmWObZQIGXzwINrOqGBMyMDIwMDgyNzEwMDc1OC42MzdaMASAAgH0oIHUpIHR # MIHOMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMH # UmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSkwJwYDVQQL # EyBNaWNyb3NvZnQgT3BlcmF0aW9ucyBQdWVydG8gUmljbzEmMCQGA1UECxMdVGhh # bGVzIFRTUyBFU046NEQyRi1FM0RELUJFRUYxJTAjBgNVBAMTHE1pY3Jvc29mdCBU # aW1lLVN0YW1wIFNlcnZpY2Wggg5EMIIE9TCCA92gAwIBAgITMwAAASuT0O2OCvfw # RwAAAAABKzANBgkqhkiG9w0BAQsFADB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMK # V2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0 # IENvcnBvcmF0aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0Eg # MjAxMDAeFw0xOTEyMTkwMTE1MDJaFw0yMTAzMTcwMTE1MDJaMIHOMQswCQYDVQQG # EwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwG # A1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSkwJwYDVQQLEyBNaWNyb3NvZnQg # T3BlcmF0aW9ucyBQdWVydG8gUmljbzEmMCQGA1UECxMdVGhhbGVzIFRTUyBFU046 # NEQyRi1FM0RELUJFRUYxJTAjBgNVBAMTHE1pY3Jvc29mdCBUaW1lLVN0YW1wIFNl # cnZpY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCW+ouPwFlaV40A # JbnYADRwEUhcsxI5bau1HbMObEmaOvDfKFpC/kCs/ONkaiIoIE5bZunR2BXJgdWE # UajHV+mO4CU/UqfBVSNdBcRheSOnegbUAowwXNv7NYodBNddUgDZffeQ/BYGPHmu # btZ6hKJpQgW43aKmMtwDxE9oQAaSDOoXMCGsQr3froJiZx0j/j8SP/EcSYfI0/xh # Uc5C9cMv5A9ojJe9dQs4Nwy/8gB17rKksPeYWZltprS+xzb0s9OK4n42cN0J2D8C # IuOgkot+Cq/afXQdVVe/vmaPUpoHY5rxnhYx9ibYd8RMT5KFC2lq7yG6nKTrPRO7 # AFCUwbAdAgMBAAGjggEbMIIBFzAdBgNVHQ4EFgQUIu9odLhSA7l0lmFj89B3kojA # kwUwHwYDVR0jBBgwFoAU1WM6XIoxkPNDe3xGG8UzaFqFbVUwVgYDVR0fBE8wTTBL # oEmgR4ZFaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9jcmwvcHJvZHVjdHMv # TWljVGltU3RhUENBXzIwMTAtMDctMDEuY3JsMFoGCCsGAQUFBwEBBE4wTDBKBggr # BgEFBQcwAoY+aHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9jZXJ0cy9NaWNU # aW1TdGFQQ0FfMjAxMC0wNy0wMS5jcnQwDAYDVR0TAQH/BAIwADATBgNVHSUEDDAK # BggrBgEFBQcDCDANBgkqhkiG9w0BAQsFAAOCAQEAZz/52KWmPm6VbOIyZR+0rBJV # eHDr3aZwp4Pl6MbWZzYVW6EEJaS6+zkP5uDnO/O9O0RfKJ8l00liTLxw1YQQ++Kh # rmNyhZqlhsODBqhi6hAlJ1B//8bX4WTzHYsbjAwZmO0rapFFLl+U0UVYe8zXVaku # 5hPhsxFHncyNp3U1RibQVCO93FO8FHvJXnyBJ18yn8bMnE8VKLNJ1CNmKChp/PWV # jykv2OJt+VhN2Iq5kzIyueweQOihBkgZPb6sqxjYrxBqKiTfpjDfGVCySSjrRS84 # MVYO5s+XPyYLDET7xcGVPeoVnC4KzVeQ93zQJ1pogiwjI4iPDfCELM2bwBKcyDCC # BnEwggRZoAMCAQICCmEJgSoAAAAAAAIwDQYJKoZIhvcNAQELBQAwgYgxCzAJBgNV # BAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4w # HAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xMjAwBgNVBAMTKU1pY3Jvc29m # dCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAyMDEwMB4XDTEwMDcwMTIxMzY1 # NVoXDTI1MDcwMTIxNDY1NVowfDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hp # bmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jw # b3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAgUENBIDIwMTAw # ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpHQ28dxGKOiDs/BOX9fp/ # aZRrdFQQ1aUKAIKF++18aEssX8XD5WHCdrc+Zitb8BVTJwQxH0EbGpUdzgkTjnxh # MFmxMEQP8WCIhFRDDNdNuDgIs0Ldk6zWczBXJoKjRQ3Q6vVHgc2/JGAyWGBG8lhH # hjKEHnRhZ5FfgVSxz5NMksHEpl3RYRNuKMYa+YaAu99h/EbBJx0kZxJyGiGKr0tk # iVBisV39dx898Fd1rL2KQk1AUdEPnAY+Z3/1ZsADlkR+79BL/W7lmsqxqPJ6Kgox # 8NpOBpG2iAg16HgcsOmZzTznL0S6p/TcZL2kAcEgCZN4zfy8wMlEXV4WnAEFTyJN # AgMBAAGjggHmMIIB4jAQBgkrBgEEAYI3FQEEAwIBADAdBgNVHQ4EFgQU1WM6XIox # kPNDe3xGG8UzaFqFbVUwGQYJKwYBBAGCNxQCBAweCgBTAHUAYgBDAEEwCwYDVR0P # BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAU1fZWy4/oolxiaNE9 # lJBb186aGMQwVgYDVR0fBE8wTTBLoEmgR4ZFaHR0cDovL2NybC5taWNyb3NvZnQu # Y29tL3BraS9jcmwvcHJvZHVjdHMvTWljUm9vQ2VyQXV0XzIwMTAtMDYtMjMuY3Js # MFoGCCsGAQUFBwEBBE4wTDBKBggrBgEFBQcwAoY+aHR0cDovL3d3dy5taWNyb3Nv # ZnQuY29tL3BraS9jZXJ0cy9NaWNSb29DZXJBdXRfMjAxMC0wNi0yMy5jcnQwgaAG # A1UdIAEB/wSBlTCBkjCBjwYJKwYBBAGCNy4DMIGBMD0GCCsGAQUFBwIBFjFodHRw # Oi8vd3d3Lm1pY3Jvc29mdC5jb20vUEtJL2RvY3MvQ1BTL2RlZmF1bHQuaHRtMEAG # CCsGAQUFBwICMDQeMiAdAEwAZQBnAGEAbABfAFAAbwBsAGkAYwB5AF8AUwB0AGEA # dABlAG0AZQBuAHQALiAdMA0GCSqGSIb3DQEBCwUAA4ICAQAH5ohRDeLG4Jg/gXED # PZ2joSFvs+umzPUxvs8F4qn++ldtGTCzwsVmyWrf9efweL3HqJ4l4/m87WtUVwgr # UYJEEvu5U4zM9GASinbMQEBBm9xcF/9c+V4XNZgkVkt070IQyK+/f8Z/8jd9Wj8c # 8pl5SpFSAK84Dxf1L3mBZdmptWvkx872ynoAb0swRCQiPM/tA6WWj1kpvLb9BOFw # nzJKJ/1Vry/+tuWOM7tiX5rbV0Dp8c6ZZpCM/2pif93FSguRJuI57BlKcWOdeyFt # w5yjojz6f32WapB4pm3S4Zz5Hfw42JT0xqUKloakvZ4argRCg7i1gJsiOCC1JeVk # 7Pf0v35jWSUPei45V3aicaoGig+JFrphpxHLmtgOR5qAxdDNp9DvfYPw4TtxCd9d # dJgiCGHasFAeb73x4QDf5zEHpJM692VHeOj4qEir995yfmFrb3epgcunCaw5u+zG # y9iCtHLNHfS4hQEegPsbiSpUObJb2sgNVZl6h3M7COaYLeqN4DMuEin1wC9UJyH3 # yKxO2ii4sanblrKnQqLJzxlBTeCG+SqaoxFmMNO7dDJL32N79ZmKLxvHIa9Zta7c # RDyXUHHXodLFVeNp3lfB0d4wwP3M5k37Db9dT+mdHhk4L7zPWAUu7w2gUDXa7wkn # HNWzfjUeCLraNtvTX4/edIhJEqGCAtIwggI7AgEBMIH8oYHUpIHRMIHOMQswCQYD # VQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEe # MBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSkwJwYDVQQLEyBNaWNyb3Nv # ZnQgT3BlcmF0aW9ucyBQdWVydG8gUmljbzEmMCQGA1UECxMdVGhhbGVzIFRTUyBF # U046NEQyRi1FM0RELUJFRUYxJTAjBgNVBAMTHE1pY3Jvc29mdCBUaW1lLVN0YW1w # IFNlcnZpY2WiIwoBATAHBgUrDgMCGgMVAEQMNpIP5/9J+tA+3hsvelmHQ0+moIGD # MIGApH4wfDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNV # BAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQG # A1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAgUENBIDIwMTAwDQYJKoZIhvcNAQEF # BQACBQDi8RJPMCIYDzIwMjAwODI2MjA1NDM5WhgPMjAyMDA4MjcyMDU0MzlaMHcw # PQYKKwYBBAGEWQoEATEvMC0wCgIFAOLxEk8CAQAwCgIBAAICMbYCAf8wBwIBAAIC # EYowCgIFAOLyY88CAQAwNgYKKwYBBAGEWQoEAjEoMCYwDAYKKwYBBAGEWQoDAqAK # MAgCAQACAwehIKEKMAgCAQACAwGGoDANBgkqhkiG9w0BAQUFAAOBgQCLCFA4viEs # 7KPla+upqKnBB5In/wRUgnvWUBTz4n6mhBda/qHdOeCZ7M28P2SIn5uBAbu/fI+8 # IVhpBwmACGfjwdfuy8WXJIb3Y1p0T7lwMZxU7/3g0btlR3NRyRS3OWrCVGfu/+To # TxOgqY0fQ+5cWhaX7U6JYHLGGhPLrnnaqTGCAw0wggMJAgEBMIGTMHwxCzAJBgNV # BAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4w # HAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMTHU1pY3Jvc29m # dCBUaW1lLVN0YW1wIFBDQSAyMDEwAhMzAAABK5PQ7Y4K9/BHAAAAAAErMA0GCWCG # SAFlAwQCAQUAoIIBSjAaBgkqhkiG9w0BCQMxDQYLKoZIhvcNAQkQAQQwLwYJKoZI # hvcNAQkEMSIEIDZHBJ07E8OaiicP6rFofoJt+VOVtj68Ad/AOeh/8fCDMIH6Bgsq # hkiG9w0BCRACLzGB6jCB5zCB5DCBvQQgZCc55kqFwlMsXNx72IziKljHRui+rUwI # NyrC2l0bz18wgZgwgYCkfjB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGlu # Z3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBv # cmF0aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMAIT # MwAAASuT0O2OCvfwRwAAAAABKzAiBCCOzckrrfc3GFbwfyYfpRYv6pOzQqlYtid9 # akRFC/TlojANBgkqhkiG9w0BAQsFAASCAQCH3XhWbe2pqACNS5DlQsWlDS2UfsNe # NNbjD99hUpxcbCfBdlR3s0xjX93nWR8U+9jkdTRbzj0JtjBPzX7dXTjxs2JIHZIG # YnXChQ6xZck9LpBQ06hI6QDAn5x+M8c66Pt952DmVJ9BkUlGNrxzpOsR/zGTr/fj # qCoW9fHtvgOzlrUzNI9QPqZk/AO0IJVsSEr5DhIXQ35jix+NeWkH/caZqvO+sTQv # jnUMLVXJowqcCVluGKA3l7O6X4ctOeBIknaMLAjzgUjBl/d/v1/mB0YZ8ML0f3xJ # 4mxMN5LPTSQU/kbCD5pfIpOtji2v2+4u+18/7H1T0IzGLwNZGreqzmEN # SIG # End signature block |