AzureValidation/Microsoft.AzureStack.AzureValidation.Internal.psm1
|
<#############################################################
# # # Copyright (C) Microsoft Corporation. All rights reserved. # # # #############################################################> Import-LocalizedData LocalizedData -BaseDirectory $PSScriptRoot -Filename Microsoft.AzureStack.AzureValidation.Strings.psd1 # Call install code to check Service Administrator Function Test-AzsServiceAdministrator { [OutputType([Hashtable])] [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string] $AADDirectoryTenantName ) $thisFunction = $MyInvocation.MyCommand.Name $null = Import-Module $PSScriptRoot\AzureADConfiguration.psm1 -force $ErrorDetails = @() $err = $null Write-AzsReadinessLog -message "Starting: Get-AzureADTenantDetails" -function $thisFunction try { $tenantDetails = Get-AzureADTenantDetails -AADDirectoryTenantName $AADDirectoryTenantName } catch { $err = $_ } if ($err) { if ($err.Exception.Message -match 'is not an administrator of the Azure Active Directory tenant') { $ErrorDetails += ($LocalizedData.NotAdminOfTenant -f (Get-AzContext).Account.id, $AADDirectoryTenantName ) Write-AzsReadinessLog -message ("Get-AzureADTenantDetails failed with: {0}" -f $LocalizedData.NotAdminOfTenant) -function $thisFunction -type Error $result = 'Fail' } else { $errorDetails += ($LocalizedData.testfailed -f $thisFunction, $err.exception) Write-AzsReadinessLog -message $errorDetails -function $thisFunction -type Error $result = 'Fail' } } if ($tenantDetails) { $result = 'OK' Write-AzsReadinessLog -message "Get-AzureADTenantDetails completed" -function $thisFunction } @{'Test' = 'ServiceAdministrator'; 'Result' = $result; 'errorDetails' = $errorDetails; 'Assets' = @{'AADServiceAdmin' = (Get-AzContext).account.id; 'AzureEnvironment' = (Get-AzContext).environment.name; 'AADDirectoryTenantName' = $AADDirectoryTenantName}} } Function Test-AzsRegistrationAccount { [OutputType([Hashtable])] [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [psobject] $subscription, [Parameter(Mandatory = $true)] [string] $subscriptionId, [Parameter(Mandatory = $true)] [string] $tenantId ) $thisFunction = $MyInvocation.MyCommand.Name $errorDetail = @() $supportedSubscriptionTypes = 'EnterpriseAgreement_', 'CSP_', 'Sponsored_', 'Internal_' Write-AzsReadinessLog -message ("Testing if subscription {0} is one of type {1}" -f $subscription.subscriptionid, ($supportedSubscriptionTypes -join ',')) -function $thisFunction if ($subscription.subscriptionPolicies.quotaId -match ($supportedSubscriptionType -join '|')) { $supported = $true Write-AzsReadinessLog -message ("Success subscription {0} is of type {1}" -f $subscription.subscriptionid, $subscription.subscriptionPolicies.quotaId) -function $thisFunction } else { $supported = $true $errorDetail += ($LocalizedData.SubscriptionNotSupported -f $subscription.subscriptionid, $subscription.subscriptionPolicies.quotaId) Write-AzsReadinessLog -message ($LocalizedData.SubscriptionNotSupported -f $subscription.subscriptionid, $subscription.subscriptionPolicies.quotaId) -function $thisFunction -type Error } # Check subscription is enabled if ($subscription.state -eq 'Enabled') { $enabled = $true Write-AzsReadinessLog -message ("Subscription {0} is enabled" -f $subscription.subscriptionid) -function $thisFunction } else { $enabled = $false $errorDetail += ($LocalizedData.SubscriptionNotEnabled -f $subscription.subscriptionid) Write-AzsReadinessLog -message ($LocalizedData.SubscriptionNotEnabled -f $subscription.subscriptionid) -function $thisFunction } # Check subscriptions match Write-AzsReadinessLog -message ("Checking subscription {0} matches given subscription {1}" -f $subscription.subscriptionid, $subscriptionid) -function $thisFunction if ($subscription.subscriptionid -eq $subscriptionid) { $subscriptionMatch = $true Write-AzsReadinessLog -message ("Subscription {0} matches given subscription {1}" -f $subscription.subscriptionid, $subscriptionid) -function $thisFunction } Else { $subscriptionMatch = $false $errorDetail += ($LocalizedData.SubscriptionNotMatch -f $subscription.subscriptionid, $subscriptionid) Write-AzsReadinessLog -message ($LocalizedData.SubscriptionNotMatch -f $subscription.subscriptionid, $subscriptionid) -function $thisFunction -type Error } ## Test if user account has right permissions and can access Graph API Write-AzsReadinessLog -message ("Testing if user has correct permissions set and can access Graph API." ) -function $thisFunction $azureURIs = Get-Endpoints (Get-AzContext).Environment.ResourceManagerUrl $token = Get-AzAccessToken -Resource (Get-AzContext).Environment.GraphEndpointResourceId -TenantId $tenantId $graphUri = "$($AzureURIs.GraphUri.TrimEnd('/'))/$tenantId/applications?api-version=1.6" $userPermission = $false try { $tenantResponse = Invoke-RestMethod -Method Get -Uri $graphUri -Headers @{Authorization = "Bearer $($token.Token)"} $userPermission = $true Write-AzsReadinessLog -message ("User was able to successfully invoke Graph API." ) -function $thisFunction } catch { $userPermission = $false $errorDetail += ("User does not have permission to access Graph API. Please check your account. Status Code: {0}, Exception: {1}" -f $_.Exception.Response.StatusCode, $_.Exception.Response) Write-AzsReadinessLog -message ( $errorDetail) -function $thisFunction -type Error } ## Add check for userpermission if ($supported -AND $enabled -AND $subscriptionMatch -AND $userPermission) { $result = 'OK' Write-AzsReadinessLog -message ("Overall check for subscription {0} is success" -f $subscription.subscriptionid) -function $thisFunction } else { $result = 'Fail' Write-AzsReadinessLog -message ("Overall check for subscription {0} is error with detail {1}: " -f $subscription.subscriptionid, ($errorDetail -join ',')) -function $thisFunction -Type Error } @{'Test' = 'RegistrationAccount'; 'Result' = $result; 'errorDetails' = $errorDetail; 'Assets' = @{'SubscriptionId' = $subscription.subscriptionid; 'SubscriptionType' = $subscription.subscriptionPolicies.quotaId; 'Enabled' = $enabled}} } # Get subscription detail via REST so we can see the subscription type (CSP, EA, PAYG etc.) function Get-AzureSubscriptionDetail { [OutputType([Hashtable])] [CmdletBinding()] param ([string]$tenantid, [string]$subscriptionid ) $thisFunction = $MyInvocation.MyCommand.Name try { Write-AzsReadinessLog -message ("TenantID: {0}" -f $tenantid) -function $thisFunction Write-AzsReadinessLog -message ("SubscriptionId: {0}" -f $subscriptionid) -function $thisFunction $errorDetails = @() # Set well-known client ID for AzurePowerShell $clientId = "1950a258-227b-4e31-a9cf-717495945fc2" # Set redirect URI for Azure PowerShell $redirectUri = "urn:ietf:wg:oauth:2.0:oob" $azureURIs = Get-Endpoints (Get-AzContext).Environment.ResourceManagerUrl # Set Resource App URI as ARM $resourceAppIdURI = $AzureURIs.ARMUri Write-AzsReadinessLog -message ("Retrieved ARMURI {0}" -f $resourceAppIdURI) -function $thisFunction # Set Authority to Azure AD Tenant $authority = "{0}{1}" -f $AzureURIs.LoginUri, $tenantid Write-AzsReadinessLog -message ("Authority {0}" -f $authority) -function $thisFunction $token = Get-AzAccessToken -TenantId $tenantId $username = (ConvertFrom-JwtToken $token.Token).claims.upn $principalId = (ConvertFrom-JwtToken $token.Token).claims.oid $header = @{ 'Content-Type' = 'application/json' 'Authorization' = "Bearer $($token.Token)" } # Get Subscription detail $ApiVersion = '2017-08-01' $URI = $resourceAppIdURI + "subscriptions/${subscriptionId}?api-version=$ApiVersion" Write-AzsReadinessLog -message ("Making REST call to uri {0} for subscription details" -f $uri, $header) -function $thisFunction $subscription = Invoke-RestMethod -Uri $URI -Method GET -Headers $header $roleAssignmentURI = $resourceAppIdURI + "subscriptions/${subscriptionId}/providers/Microsoft.Authorization/roleAssignments?api-version=2017-09-01&`$filter=PrincipalId eq '$principalId'" Write-AzsReadinessLog -message ("Making call to uri {0} for role assignments of user" -f $uri) -function $thisFunction $roleAssignment = Invoke-RestMethod -Uri $roleAssignmentURI -Method GET -Headers $header $roleDefinitionIds = $roleAssignment.value.properties.roleDefinitionId Write-AzsReadinessLog -message ("RoleAssignment IDs {0} for user" -f ($roleDefinitionIds -join ',')) -function $thisFunction # Make role assignment definition call $roleDefURI = $resourceAppIdURI + "subscriptions/${subscriptionId}/providers/Microsoft.Authorization/roleDefinitions?api-version=2015-07-01" Write-AzsReadinessLog -message ("Get all RoleAssignment defintions from uri {0}" -f $roleDefURI) -function $thisFunction $allRoleDefs = Invoke-RestMethod -Uri $roleDefURI -Method GET -Headers $header # filter definitions on users role assignment(s) $roledef = $allRoleDefs.value | Where-Object id -in $roleDefinitionIds Write-AzsReadinessLog ("Resolving {0} role definition(s) from user in role definition list." -f ($roleDef.properties.roleName -join ',')) -function $thisFunction # check is role definition on user is owner if ($roleDef.properties.roleName -match 'Owner') { Write-AzsReadinessLog ("Success. Owner present. User: {0} role(s): {1}" -f $principalId, ($roleDef.properties.roleName -join ',')) -function $thisFunction } else { $allClassicAdmins = Get-AzureClassicAdmins -resourceAppIdURI $resourceAppIdURI -header $header -subscriptionId $subscriptionId $classicAdmin = $allClassicAdmins | Where-Object {$_.properties.emailaddress -eq $principalId} if ($classicAdmin) { Write-AzsReadinessLog ("Success. Classic Admin present. User: {0} role(s): {1}" -f $username, $classicAdmin.properties.role) -function $thisFunction } else { Write-AzsReadinessLog ("Error. Owner and classic admin not present. User: {0} role(s): {1}" -f $username, ($roleDef.properties.roleName -join ',')) -function $thisFunction throw "NonOwner" } } } catch { if ($_.exception.Message -match 'Forbidden|Unauthorized') { $errorDetails += ($LocalizedData.UserNotAuthorizedForSubscription -f $username, $tenantid, $subscriptionid) Write-AzsReadinessLog -message ($LocalizedData.UserNotAuthorizedForSubscription -f $username, $tenantid, $subscriptionid) -function $thisFunction -type Error } elseif ($_.exception.Message -match 'NonOwner') { $errorDetails += ($LocalizedData.UserNotOwnerForSubscription -f $username, ($roleDef.properties.roleName -join ','), $subscriptionid) Write-AzsReadinessLog -message ($LocalizedData.UserNotOwnerForSubscription -f $username, $tenantid, $subscriptionid) -function $thisFunction -type Error } else { $errorDetails += ("{0} threw an error: {1}" -f $MyInvocation.MyCommand.Name, $_) Write-AzsReadinessLog -message ("error: {0}" -f $_) -function $thisFunction -type Error } } @{'Test' = 'GetSubscription'; 'subscription' = $subscription; 'errorDetails' = $errorDetails; 'AADDirectoryTenantName' = $tenantid; 'subscriptionid' = $subscriptionid; 'credential' = $principalId; 'AzureEnvironment' = $AzureEnvironment; 'UserRole' = ($roleDef.properties.roleName -join ',')} } function Get-AzureClassicAdmins { param ($resourceAppIdURI, $header, $subscriptionId) $thisFunction = $MyInvocation.MyCommand.Name $classicAdminURI = $resourceAppIdURI + "subscriptions/${subscriptionId}/providers/Microsoft.Authorization/classicAdministrators?api-version=2015-06-01" Write-AzsReadinessLog -message ("Get Classic Administrators from uri {0}" -f $classicAdminURI) -function $thisFunction try { $classicAdmins = Invoke-RestMethod -Uri $classicAdminURI -Method GET -Headers $header | Select-Object -ExpandProperty Value } catch { Write-AzsReadinessLog -message ("Unable to retrieve Classic Administrators from uri {0}. Exception {1}" -f $classicAdminURI, $_.exception) -function $thisFunction -Type Error } return $classicAdmins } # SIG # Begin signature block # MIInkgYJKoZIhvcNAQcCoIIngzCCJ38CAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCBBKdViOAoi9adr # 4E/JA05JjotlxWlxf/QwFi/PJOxgSqCCDXYwggX0MIID3KADAgECAhMzAAADTrU8 # esGEb+srAAAAAANOMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMRMwEQYD # VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNpZ25p # bmcgUENBIDIwMTEwHhcNMjMwMzE2MTg0MzI5WhcNMjQwMzE0MTg0MzI5WjB0MQsw # CQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9u # ZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYDVQQDExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB # AQDdCKiNI6IBFWuvJUmf6WdOJqZmIwYs5G7AJD5UbcL6tsC+EBPDbr36pFGo1bsU # p53nRyFYnncoMg8FK0d8jLlw0lgexDDr7gicf2zOBFWqfv/nSLwzJFNP5W03DF/1 # 1oZ12rSFqGlm+O46cRjTDFBpMRCZZGddZlRBjivby0eI1VgTD1TvAdfBYQe82fhm # WQkYR/lWmAK+vW/1+bO7jHaxXTNCxLIBW07F8PBjUcwFxxyfbe2mHB4h1L4U0Ofa # +HX/aREQ7SqYZz59sXM2ySOfvYyIjnqSO80NGBaz5DvzIG88J0+BNhOu2jl6Dfcq # jYQs1H/PMSQIK6E7lXDXSpXzAgMBAAGjggFzMIIBbzAfBgNVHSUEGDAWBgorBgEE # AYI3TAgBBggrBgEFBQcDAzAdBgNVHQ4EFgQUnMc7Zn/ukKBsBiWkwdNfsN5pdwAw # RQYDVR0RBD4wPKQ6MDgxHjAcBgNVBAsTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEW # MBQGA1UEBRMNMjMwMDEyKzUwMDUxNjAfBgNVHSMEGDAWgBRIbmTlUAXTgqoXNzci # tW2oynUClTBUBgNVHR8ETTBLMEmgR6BFhkNodHRwOi8vd3d3Lm1pY3Jvc29mdC5j # b20vcGtpb3BzL2NybC9NaWNDb2RTaWdQQ0EyMDExXzIwMTEtMDctMDguY3JsMGEG # CCsGAQUFBwEBBFUwUzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQu # Y29tL3BraW9wcy9jZXJ0cy9NaWNDb2RTaWdQQ0EyMDExXzIwMTEtMDctMDguY3J0 # MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIBAD21v9pHoLdBSNlFAjmk # mx4XxOZAPsVxxXbDyQv1+kGDe9XpgBnT1lXnx7JDpFMKBwAyIwdInmvhK9pGBa31 # TyeL3p7R2s0L8SABPPRJHAEk4NHpBXxHjm4TKjezAbSqqbgsy10Y7KApy+9UrKa2 # kGmsuASsk95PVm5vem7OmTs42vm0BJUU+JPQLg8Y/sdj3TtSfLYYZAaJwTAIgi7d # hzn5hatLo7Dhz+4T+MrFd+6LUa2U3zr97QwzDthx+RP9/RZnur4inzSQsG5DCVIM # pA1l2NWEA3KAca0tI2l6hQNYsaKL1kefdfHCrPxEry8onJjyGGv9YKoLv6AOO7Oh # JEmbQlz/xksYG2N/JSOJ+QqYpGTEuYFYVWain7He6jgb41JbpOGKDdE/b+V2q/gX # UgFe2gdwTpCDsvh8SMRoq1/BNXcr7iTAU38Vgr83iVtPYmFhZOVM0ULp/kKTVoir # IpP2KCxT4OekOctt8grYnhJ16QMjmMv5o53hjNFXOxigkQWYzUO+6w50g0FAeFa8 # 5ugCCB6lXEk21FFB1FdIHpjSQf+LP/W2OV/HfhC3uTPgKbRtXo83TZYEudooyZ/A # Vu08sibZ3MkGOJORLERNwKm2G7oqdOv4Qj8Z0JrGgMzj46NFKAxkLSpE5oHQYP1H # tPx1lPfD7iNSbJsP6LiUHXH1MIIHejCCBWKgAwIBAgIKYQ6Q0gAAAAAAAzANBgkq # hkiG9w0BAQsFADCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24x # EDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlv # bjEyMDAGA1UEAxMpTWljcm9zb2Z0IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5 # IDIwMTEwHhcNMTEwNzA4MjA1OTA5WhcNMjYwNzA4MjEwOTA5WjB+MQswCQYDVQQG # EwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwG # A1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSgwJgYDVQQDEx9NaWNyb3NvZnQg # Q29kZSBTaWduaW5nIFBDQSAyMDExMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC # CgKCAgEAq/D6chAcLq3YbqqCEE00uvK2WCGfQhsqa+laUKq4BjgaBEm6f8MMHt03 # a8YS2AvwOMKZBrDIOdUBFDFC04kNeWSHfpRgJGyvnkmc6Whe0t+bU7IKLMOv2akr # rnoJr9eWWcpgGgXpZnboMlImEi/nqwhQz7NEt13YxC4Ddato88tt8zpcoRb0Rrrg # OGSsbmQ1eKagYw8t00CT+OPeBw3VXHmlSSnnDb6gE3e+lD3v++MrWhAfTVYoonpy # 4BI6t0le2O3tQ5GD2Xuye4Yb2T6xjF3oiU+EGvKhL1nkkDstrjNYxbc+/jLTswM9 # sbKvkjh+0p2ALPVOVpEhNSXDOW5kf1O6nA+tGSOEy/S6A4aN91/w0FK/jJSHvMAh # dCVfGCi2zCcoOCWYOUo2z3yxkq4cI6epZuxhH2rhKEmdX4jiJV3TIUs+UsS1Vz8k # A/DRelsv1SPjcF0PUUZ3s/gA4bysAoJf28AVs70b1FVL5zmhD+kjSbwYuER8ReTB # w3J64HLnJN+/RpnF78IcV9uDjexNSTCnq47f7Fufr/zdsGbiwZeBe+3W7UvnSSmn # Eyimp31ngOaKYnhfsi+E11ecXL93KCjx7W3DKI8sj0A3T8HhhUSJxAlMxdSlQy90 # lfdu+HggWCwTXWCVmj5PM4TasIgX3p5O9JawvEagbJjS4NaIjAsCAwEAAaOCAe0w # ggHpMBAGCSsGAQQBgjcVAQQDAgEAMB0GA1UdDgQWBBRIbmTlUAXTgqoXNzcitW2o # ynUClTAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTALBgNVHQ8EBAMCAYYwDwYD # VR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBRyLToCMZBDuRQFTuHqp8cx0SOJNDBa # BgNVHR8EUzBRME+gTaBLhklodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL2Ny # bC9wcm9kdWN0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFfMDNfMjIuY3JsMF4GCCsG # AQUFBwEBBFIwUDBOBggrBgEFBQcwAoZCaHR0cDovL3d3dy5taWNyb3NvZnQuY29t # L3BraS9jZXJ0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFfMDNfMjIuY3J0MIGfBgNV # HSAEgZcwgZQwgZEGCSsGAQQBgjcuAzCBgzA/BggrBgEFBQcCARYzaHR0cDovL3d3 # dy5taWNyb3NvZnQuY29tL3BraW9wcy9kb2NzL3ByaW1hcnljcHMuaHRtMEAGCCsG # AQUFBwICMDQeMiAdAEwAZQBnAGEAbABfAHAAbwBsAGkAYwB5AF8AcwB0AGEAdABl # AG0AZQBuAHQALiAdMA0GCSqGSIb3DQEBCwUAA4ICAQBn8oalmOBUeRou09h0ZyKb # C5YR4WOSmUKWfdJ5DJDBZV8uLD74w3LRbYP+vj/oCso7v0epo/Np22O/IjWll11l # hJB9i0ZQVdgMknzSGksc8zxCi1LQsP1r4z4HLimb5j0bpdS1HXeUOeLpZMlEPXh6 # I/MTfaaQdION9MsmAkYqwooQu6SpBQyb7Wj6aC6VoCo/KmtYSWMfCWluWpiW5IP0 # wI/zRive/DvQvTXvbiWu5a8n7dDd8w6vmSiXmE0OPQvyCInWH8MyGOLwxS3OW560 # STkKxgrCxq2u5bLZ2xWIUUVYODJxJxp/sfQn+N4sOiBpmLJZiWhub6e3dMNABQam # ASooPoI/E01mC8CzTfXhj38cbxV9Rad25UAqZaPDXVJihsMdYzaXht/a8/jyFqGa # J+HNpZfQ7l1jQeNbB5yHPgZ3BtEGsXUfFL5hYbXw3MYbBL7fQccOKO7eZS/sl/ah # XJbYANahRr1Z85elCUtIEJmAH9AAKcWxm6U/RXceNcbSoqKfenoi+kiVH6v7RyOA # 9Z74v2u3S5fi63V4GuzqN5l5GEv/1rMjaHXmr/r8i+sLgOppO6/8MO0ETI7f33Vt # Y5E90Z1WTk+/gFcioXgRMiF670EKsT/7qMykXcGhiJtXcVZOSEXAQsmbdlsKgEhr # /Xmfwb1tbWrJUnMTDXpQzTGCGXIwghluAgEBMIGVMH4xCzAJBgNVBAYTAlVTMRMw # EQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVN # aWNyb3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNp # Z25pbmcgUENBIDIwMTECEzMAAANOtTx6wYRv6ysAAAAAA04wDQYJYIZIAWUDBAIB # BQCgga4wGQYJKoZIhvcNAQkDMQwGCisGAQQBgjcCAQQwHAYKKwYBBAGCNwIBCzEO # MAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkEMSIEINDzjC4bKszSwSSeucA6tjK6 # nA5PVbQ7Sz3u7jR02/z9MEIGCisGAQQBgjcCAQwxNDAyoBSAEgBNAGkAYwByAG8A # cwBvAGYAdKEagBhodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20wDQYJKoZIhvcNAQEB # BQAEggEAf8m4Z5anm02MDQ9zOu8nA1rX2bhvyqvPiZlm3GAQU1hufk6J2NSiDyNw # bhocOlnVnD21TU5DoBmhZIaqQZyH7tkq2T3SXzDZ3l9HvikXKqplRAb+/cf+cQ8w # 3TjUY4VUcbZsJI3dB97hQ5l8IEtZgL3cOqbLKDQoiRvR0/+UsY62QycVm9LZYvZr # fNIvb4i9UZlWI1uv8kUiVqlBc0KXw2RkJcTOEFNFz9OXFSpdQ3g7dlLOUaXsUPx1 # Atepx4NE+i8Yhp+U86uQzPAYvUsYZqjXhv4Q0MWYdg5HZCpklfTYevCzn+7GrtVV # 6iJXjJChcA1qHjEirHdcZIN6YvRYH6GCFvwwghb4BgorBgEEAYI3AwMBMYIW6DCC # FuQGCSqGSIb3DQEHAqCCFtUwghbRAgEDMQ8wDQYJYIZIAWUDBAIBBQAwggFQBgsq # hkiG9w0BCRABBKCCAT8EggE7MIIBNwIBAQYKKwYBBAGEWQoDATAxMA0GCWCGSAFl # AwQCAQUABCAzjRQSXb9Ezh1vndMWQsy8N/SCHRCiOckPzg3agHO7ZgIGZMl2ojpS # GBIyMDIzMDgwMzA4MjExNi42MVowBIACAfSggdCkgc0wgcoxCzAJBgNVBAYTAlVT # MRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQK # ExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xJTAjBgNVBAsTHE1pY3Jvc29mdCBBbWVy # aWNhIE9wZXJhdGlvbnMxJjAkBgNVBAsTHVRoYWxlcyBUU1MgRVNOOkREOEMtRTMz # Ny0yRkFFMSUwIwYDVQQDExxNaWNyb3NvZnQgVGltZS1TdGFtcCBTZXJ2aWNloIIR # VDCCBwwwggT0oAMCAQICEzMAAAHFA83NIaH07zkAAQAAAcUwDQYJKoZIhvcNAQEL # BQAwfDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcT # B1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UE # AxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAgUENBIDIwMTAwHhcNMjIxMTA0MTkwMTMy # WhcNMjQwMjAyMTkwMTMyWjCByjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hp # bmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jw # b3JhdGlvbjElMCMGA1UECxMcTWljcm9zb2Z0IEFtZXJpY2EgT3BlcmF0aW9uczEm # MCQGA1UECxMdVGhhbGVzIFRTUyBFU046REQ4Qy1FMzM3LTJGQUUxJTAjBgNVBAMT # HE1pY3Jvc29mdCBUaW1lLVN0YW1wIFNlcnZpY2UwggIiMA0GCSqGSIb3DQEBAQUA # A4ICDwAwggIKAoICAQCrSF2zvR5fbcnulqmlopdGHP5NPsknc69V/f43x82nFGzm # NjiES/cFX/DkRZdtl07ibfGPTWVMj/EOSr7K2O6I97zEZexnEOe2/svUTMx3mMhK # on55i7ySBXTnqaqzx0GjnnFk889zF/m7X3OfThoxAXk9dX8LhktKMVr0gU1yuJt0 # 6beUZbWtBEVraNSy6nqC/rfirlTAfT1YYa7TPz1Fu1vIznm+YGBZXx53ptkJmtyh # giMwvwVFO8aXOeqboe3Bl1czAodPdr+QtRI+IYCysiATPPs2kGl46yCz1OvDJZNk # E1sHDIgAKZDfiP65Hh63aFmT40fj0qEQnJgPb504hoMYHYRQ0VJhzLUySC1m3V5G # oEHSb5g9jPseOhw/KQpg1BntO/7OCU598KJrHWM5vS7ohgLlfUmvwDBNyxoPK7eo # CHHxwVA30MOCJVnD5REVnyjKgOTqwhXWfHnNkvL6E21qR49f1LtjyfWpZ8COhc8T # orT91tPDzsQ4kv8GUkZwqgVPK2vTM+D8w0lJvp/Zr/AORegYIZYmJCsZPGM4/5H3 # r+cggbTl4TUumTLYU51gw8HgOFbu0F1lq616lNO5KGaCf4YoRHwCgDWBJKTUQLll # fhymlWeAmluUwG7yv+0KF8dV1e+JjqENKEfBAKZmpl5uBJgeceXi6sT7grpkLwID # AQABo4IBNjCCATIwHQYDVR0OBBYEFFTquzi/WbE1gb+u2kvCtXB6TQVrMB8GA1Ud # IwQYMBaAFJ+nFV0AXmJdg/Tl0mWnG1M1GelyMF8GA1UdHwRYMFYwVKBSoFCGTmh0 # dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMvY3JsL01pY3Jvc29mdCUyMFRp # bWUtU3RhbXAlMjBQQ0ElMjAyMDEwKDEpLmNybDBsBggrBgEFBQcBAQRgMF4wXAYI # KwYBBQUHMAKGUGh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMvY2VydHMv # TWljcm9zb2Z0JTIwVGltZS1TdGFtcCUyMFBDQSUyMDIwMTAoMSkuY3J0MAwGA1Ud # EwEB/wQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwgwDQYJKoZIhvcNAQELBQADggIB # AIyo3nx+swc5JxyIr4J2evp0rx9OyBAN5n1u9CMK7E0glkn3b7Gl4pEJ/derjup1 # HKSQpSdkLp0eEvC3V+HDKLL8t91VD3J/WFhn9GlNL7PSGdqgr4/8gMCJQ2bfY1cu # EMG7Q/hJv+4JXiM641RyYmGmkFCBBWEXH/nsliTUsJ2Mh57/8atx9uRC2Jihv05r # 3cNKNuwPWOpqJwSeRyVQ3+YSb1mycKcDX785AOn/xDhw98f3gszgnpfQ200F5XLC # 9YfTC4xo4nMeAMsJ4lSQUT0cTywENV52aPrM8kAj7ujMuNirDuLhEVuJK19ZlIaP # C36UslBlFZQJxPdodi9OjVhYNmySiFaDvvD18XZBuI70N+eqhntCjMeLtGI+luOC # QkwCGuGl5N/9q3Z734diQo5tSaA8CsfVaOK/CbV3s9haxqsvu7mpm6TfoZvWYRNL # WgDZdff4LeuC3NGiE/z2plV/v2VW+OaDfg20gIr+kyT31IG62CG2KkVIxB1tdSdL # ah4u31wq6/Uwm76AnzepdM2RDZCqHG01G9sT1CqaolDDlVb/hJnN7Wk9fHI5M7nI # Or6JEhS5up5DOZRwKSLI24IsdaHw4sIjmYg4LWIu1UN/aXD15auinC7lIMm1P9nC # ohTWpvZT42OQ1yPWFs4MFEQtpNNZ33VEmJQj2dwmQaD+MIIHcTCCBVmgAwIBAgIT # MwAAABXF52ueAptJmQAAAAAAFTANBgkqhkiG9w0BAQsFADCBiDELMAkGA1UEBhMC # VVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNV # BAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEyMDAGA1UEAxMpTWljcm9zb2Z0IFJv # b3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwMTAwHhcNMjEwOTMwMTgyMjI1WhcN # MzAwOTMwMTgzMjI1WjB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3Rv # bjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0 # aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMDCCAiIw # DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAOThpkzntHIhC3miy9ckeb0O1YLT # /e6cBwfSqWxOdcjKNVf2AX9sSuDivbk+F2Az/1xPx2b3lVNxWuJ+Slr+uDZnhUYj # DLWNE893MsAQGOhgfWpSg0S3po5GawcU88V29YZQ3MFEyHFcUTE3oAo4bo3t1w/Y # JlN8OWECesSq/XJprx2rrPY2vjUmZNqYO7oaezOtgFt+jBAcnVL+tuhiJdxqD89d # 9P6OU8/W7IVWTe/dvI2k45GPsjksUZzpcGkNyjYtcI4xyDUoveO0hyTD4MmPfrVU # j9z6BVWYbWg7mka97aSueik3rMvrg0XnRm7KMtXAhjBcTyziYrLNueKNiOSWrAFK # u75xqRdbZ2De+JKRHh09/SDPc31BmkZ1zcRfNN0Sidb9pSB9fvzZnkXftnIv231f # gLrbqn427DZM9ituqBJR6L8FA6PRc6ZNN3SUHDSCD/AQ8rdHGO2n6Jl8P0zbr17C # 89XYcz1DTsEzOUyOArxCaC4Q6oRRRuLRvWoYWmEBc8pnol7XKHYC4jMYctenIPDC # +hIK12NvDMk2ZItboKaDIV1fMHSRlJTYuVD5C4lh8zYGNRiER9vcG9H9stQcxWv2 # XFJRXRLbJbqvUAV6bMURHXLvjflSxIUXk8A8FdsaN8cIFRg/eKtFtvUeh17aj54W # cmnGrnu3tz5q4i6tAgMBAAGjggHdMIIB2TASBgkrBgEEAYI3FQEEBQIDAQABMCMG # CSsGAQQBgjcVAgQWBBQqp1L+ZMSavoKRPEY1Kc8Q/y8E7jAdBgNVHQ4EFgQUn6cV # XQBeYl2D9OXSZacbUzUZ6XIwXAYDVR0gBFUwUzBRBgwrBgEEAYI3TIN9AQEwQTA/ # BggrBgEFBQcCARYzaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9Eb2Nz # L1JlcG9zaXRvcnkuaHRtMBMGA1UdJQQMMAoGCCsGAQUFBwMIMBkGCSsGAQQBgjcU # AgQMHgoAUwB1AGIAQwBBMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB8G # A1UdIwQYMBaAFNX2VsuP6KJcYmjRPZSQW9fOmhjEMFYGA1UdHwRPME0wS6BJoEeG # RWh0dHA6Ly9jcmwubWljcm9zb2Z0LmNvbS9wa2kvY3JsL3Byb2R1Y3RzL01pY1Jv # b0NlckF1dF8yMDEwLTA2LTIzLmNybDBaBggrBgEFBQcBAQROMEwwSgYIKwYBBQUH # MAKGPmh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvY2VydHMvTWljUm9vQ2Vy # QXV0XzIwMTAtMDYtMjMuY3J0MA0GCSqGSIb3DQEBCwUAA4ICAQCdVX38Kq3hLB9n # ATEkW+Geckv8qW/qXBS2Pk5HZHixBpOXPTEztTnXwnE2P9pkbHzQdTltuw8x5MKP # +2zRoZQYIu7pZmc6U03dmLq2HnjYNi6cqYJWAAOwBb6J6Gngugnue99qb74py27Y # P0h1AdkY3m2CDPVtI1TkeFN1JFe53Z/zjj3G82jfZfakVqr3lbYoVSfQJL1AoL8Z # thISEV09J+BAljis9/kpicO8F7BUhUKz/AyeixmJ5/ALaoHCgRlCGVJ1ijbCHcNh # cy4sa3tuPywJeBTpkbKpW99Jo3QMvOyRgNI95ko+ZjtPu4b6MhrZlvSP9pEB9s7G # dP32THJvEKt1MMU0sHrYUP4KWN1APMdUbZ1jdEgssU5HLcEUBHG/ZPkkvnNtyo4J # vbMBV0lUZNlz138eW0QBjloZkWsNn6Qo3GcZKCS6OEuabvshVGtqRRFHqfG3rsjo # iV5PndLQTHa1V1QJsWkBRH58oWFsc/4Ku+xBZj1p/cvBQUl+fpO+y/g75LcVv7TO # PqUxUYS8vwLBgqJ7Fx0ViY1w/ue10CgaiQuPNtq6TPmb/wrpNPgkNWcr4A245oyZ # 1uEi6vAnQj0llOZ0dFtq0Z4+7X6gMTN9vMvpe784cETRkPHIqzqKOghif9lwY1NN # je6CbaUFEMFxBmoQtB1VM1izoXBm8qGCAsswggI0AgEBMIH4oYHQpIHNMIHKMQsw # CQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9u # ZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSUwIwYDVQQLExxNaWNy # b3NvZnQgQW1lcmljYSBPcGVyYXRpb25zMSYwJAYDVQQLEx1UaGFsZXMgVFNTIEVT # TjpERDhDLUUzMzctMkZBRTElMCMGA1UEAxMcTWljcm9zb2Z0IFRpbWUtU3RhbXAg # U2VydmljZaIjCgEBMAcGBSsOAwIaAxUAIQAa9hdkkrtxSjrb4u8RhATHv+eggYMw # gYCkfjB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UE # BxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSYwJAYD # VQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMDANBgkqhkiG9w0BAQUF # AAIFAOh1Rl0wIhgPMjAyMzA4MDMwNTE3MTdaGA8yMDIzMDgwNDA1MTcxN1owdDA6 # BgorBgEEAYRZCgQBMSwwKjAKAgUA6HVGXQIBADAHAgEAAgITNTAHAgEAAgITTDAK # AgUA6HaX3QIBADA2BgorBgEEAYRZCgQCMSgwJjAMBgorBgEEAYRZCgMCoAowCAIB # AAIDB6EgoQowCAIBAAIDAYagMA0GCSqGSIb3DQEBBQUAA4GBAEpOxwXAAJlaaHG3 # +9gMFx5KrswaEY+U/3cs2kv/hO+7toWFotviirnomMCz6bmCmsNmnmuxHsjZz9U2 # J957wUaXhlNDE1pQ6eIUe8NGVlyKV5Qn7CWsj4gNgwwn6e3I7z2AMOUOhisPjG2n # GA+4Crt26UJls1y7iwYgPN/4Eif1MYIEDTCCBAkCAQEwgZMwfDELMAkGA1UEBhMC # VVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNV # BAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRp # bWUtU3RhbXAgUENBIDIwMTACEzMAAAHFA83NIaH07zkAAQAAAcUwDQYJYIZIAWUD # BAIBBQCgggFKMBoGCSqGSIb3DQEJAzENBgsqhkiG9w0BCRABBDAvBgkqhkiG9w0B # CQQxIgQgp9fvh6zfDgZos1YgYeGUANmc967T7kpUx2KjF9Of38kwgfoGCyqGSIb3 # DQEJEAIvMYHqMIHnMIHkMIG9BCAZAbGR9iR3TAr5XT3A7Sw76ybyAAzKPkS4o+q8 # 1D98sTCBmDCBgKR+MHwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9u # MRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRp # b24xJjAkBgNVBAMTHU1pY3Jvc29mdCBUaW1lLVN0YW1wIFBDQSAyMDEwAhMzAAAB # xQPNzSGh9O85AAEAAAHFMCIEICm7C13nXK9EL3+9sEcTBxPK0hKlHN2XyuVbSABN # dcNVMA0GCSqGSIb3DQEBCwUABIICAIsWoJ54wT1WYLw+EstfKHRp5DPlTLBX5uDH # brBbqzrFbFD66gC8i3DYw0OxDVPUFpO4szFhBmjxevw8wJ7oRN3M+Yd8sy0KJ+JA # edfmvbgXzhh99h9H8AeHzJScjM2e8sdc+vS2i8K3dHOOVWdAsjAReWv/C+O8lgCH # /sie/Q/b1AtQSgpz1+9R+Kw7A6jLsOtFj7JjM9XPGjgDfq7wBvxwq853WG7oW9XJ # fJ78/s1oihfH7XgOEp5Y1q9K//GaUzI8X0p2aO2q+h7q+NTVm1DGGP58ibl3uI8+ # pvMBSYzCZPifJWXiKuF7tkDrEY5LICiAxoehVgbtA5xKzk47fzcK2nPJ1kLBrg7I # TiCP58gDJMHhXO2Pa3XBBdzcN0m5NuYH6jm3SE3XM7DM79EaGCWT+9Fm/6RnMXC2 # n6UdjGz5273juR9zfxeeqCCtGxVa/Ngq+nx3zoC+Y4mk5Ug8J+rXHOZAbPA2UyW8 # O8fRL4zAsKOpAx9birMiOKmS9E7F+ywrcSnhw2Hs/ozhZ0nF7qPcE5GiOdYz3QC5 # W5ptpBuuaoNtdwAKtro/tX88CjQgI/PMze2XIkKeemrc+o+TBqfPVkLrAlR+ZBNm # Va/rKg59DAEf4ljPN8IcbTgt5Q2MT3riFrCWAr5mFematFCb9yjm+5UCWyHmrOuJ # qONPwkrr # SIG # End signature block |