Microsoft.Entra.Authentication.psm1
|
# ------------------------------------------------------------------------------ # Copyright (c) Microsoft Corporation. All Rights Reserved. # Licensed under the MIT License. See License in the project root for license information. # ------------------------------------------------------------------------------ Set-StrictMode -Version 5 function Add-EntraEnvironment { [CmdletBinding(DefaultParameterSetName = 'AddQuery')] param ( [Parameter(Mandatory = $true, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)] [System.String] $Name, [Parameter(Mandatory = $true, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)] [System.String] $AzureADEndpoint, [Parameter(Mandatory = $true, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)] [System.String] $GraphEndpoint ) PROCESS{ $params=@{} if ($PSBoundParameters.ContainsKey("Verbose")) { $params["Verbose"] = $PSBoundParameters["Verbose"] } if ($PSBoundParameters.ContainsKey("Debug")) { $params["Debug"] = $PSBoundParameters["Debug"] } if($null -ne $PSBoundParameters["WarningVariable"]) { $params["WarningVariable"] = $PSBoundParameters["WarningVariable"] } if($null -ne $PSBoundParameters["InformationVariable"]) { $params["InformationVariable"] = $PSBoundParameters["InformationVariable"] } if($null -ne $PSBoundParameters["InformationAction"]) { $params["InformationAction"] = $PSBoundParameters["InformationAction"] } if($null -ne $PSBoundParameters["OutVariable"]) { $params["OutVariable"] = $PSBoundParameters["OutVariable"] } if($null -ne $PSBoundParameters["OutBuffer"]) { $params["OutBuffer"] = $PSBoundParameters["OutBuffer"] } if($null -ne $PSBoundParameters["ErrorVariable"]) { $params["ErrorVariable"] = $PSBoundParameters["ErrorVariable"] } if($null -ne $PSBoundParameters["PipelineVariable"]) { $params["PipelineVariable"] = $PSBoundParameters["PipelineVariable"] } if($null -ne $PSBoundParameters["ErrorAction"]) { $params["ErrorAction"] = $PSBoundParameters["ErrorAction"] } if($null -ne $PSBoundParameters["WarningAction"]) { $params["WarningAction"] = $PSBoundParameters["WarningAction"] } if($null -ne $PSBoundParameters["Name"]){ $params["Name"]=$PSBoundParameters["Name"] } if($null -ne $PSBoundParameters["AzureADEndpoint"]){ $params["AzureADEndpoint"]=$PSBoundParameters["AzureADEndpoint"] } if($null -ne $PSBoundParameters["GraphEndpoint"]){ $params["GraphEndpoint"]=$PSBoundParameters["GraphEndpoint"] } Write-Debug("============================ TRANSFORMATIONS ============================") $params.Keys | ForEach-Object { "$_ : $($params[$_])" } | Write-Debug Write-Debug("=========================================================================`n") Add-MgEnvironment @params } } function Connect-Entra { [CmdletBinding(DefaultParameterSetName = 'UserParameterSet', HelpUri = 'https://learn.microsoft.com/powershell/module/microsoft.entra/connect-entra')] param ( [Parameter(ParameterSetName = 'UserParameterSet', Position = 1, HelpMessage = 'An array of delegated permissions to consent to.')] [string[]] $Scopes, [Parameter(ParameterSetName = 'AppCertificateParameterSet', Mandatory = $true, Position = 1, HelpMessage = 'The client ID of your application.')] [Parameter(ParameterSetName = 'UserParameterSet', HelpMessage = 'The client ID of your application.')] [Parameter(ParameterSetName = 'IdentityParameterSet', HelpMessage = 'The client ID to authenticate for a user assigned managed identity. For more information on user assigned managed identities see: https://learn.microsoft.com/entra/identity/managed-identities-azure-resources/overview#how-a-user-assigned-managed-identity-works-with-an-azure-vmId. To use the SystemAssigned identity, leave this field blank.')] [Alias('AppId', 'ApplicationId')] [string] $ClientId, [Parameter(ParameterSetName = 'AppCertificateParameterSet', Position = 2, HelpMessage = 'The subject distinguished name of a certificate. The Certificate will be retrieved from the current user''s certificate store.')] [Alias('CertificateSubject', 'CertificateName')] [string] $CertificateSubjectName, [Parameter(ParameterSetName = 'AppCertificateParameterSet', Position = 3, HelpMessage = 'The thumbprint of your certificate. The Certificate will be retrieved from the current user''s certificate store.')] [string] $CertificateThumbprint, [Parameter(ParameterSetName = 'AppCertificateParameterSet', HelpMessage = 'An X.509 certificate supplied during invocation.')] [System.Security.Cryptography.X509Certificates.X509Certificate2] $Certificate, [Parameter(ParameterSetName = 'AppSecretCredentialParameterSet', HelpMessage = 'The PSCredential object provides the application ID and client secret for service principal credentials. For more information about the PSCredential object, type Get-Help Get-Credential.')] [Alias('SecretCredential', 'Credential')] [pscredential] $ClientSecretCredential, [Parameter(ParameterSetName = 'AccessTokenParameterSet', Mandatory = $true, Position = 1, HelpMessage = 'Specifies a bearer token for Microsoft Graph service. Access tokens do timeout and you''ll have to handle their refresh.')] [securestring] $AccessToken, [Parameter(ParameterSetName = 'AppCertificateParameterSet', HelpMessage = 'The ID of the tenant to connect to. You can also use this parameter to specify your sign-in audience. i.e., common, organizations, or consumers. See https://learn.microsoft.com/entra/identity-platform/msal-client-application-configuration#authority.')] [Parameter(ParameterSetName = 'AppSecretCredentialParameterSet', HelpMessage = 'The ID of the tenant to connect to. You can also use this parameter to specify your sign-in audience. i.e., common, organizations, or consumers. See https://learn.microsoft.com/entra/identity-platform/msal-client-application-configuration#authority.')] [Parameter(ParameterSetName = 'UserParameterSet', Position = 4, HelpMessage = 'The ID of the tenant to connect to. You can also use this parameter to specify your sign-in audience. i.e., common, organizations, or consumers. See https://learn.microsoft.com/entra/identity-platform/msal-client-application-configuration#authority.')] [Alias('Audience', 'Tenant')] [string] $TenantId, [Parameter(ParameterSetName = 'AppCertificateParameterSet', HelpMessage = 'Determines the scope of authentication context. This accepts `Process` for the current process, or `CurrentUser` for all sessions started by user.')] [Parameter(ParameterSetName = 'AppSecretCredentialParameterSet', HelpMessage = 'Determines the scope of authentication context. This accepts `Process` for the current process, or `CurrentUser` for all sessions started by user.')] [Parameter(ParameterSetName = 'UserParameterSet', HelpMessage = 'Determines the scope of authentication context. This accepts `Process` for the current process, or `CurrentUser` for all sessions started by user.')] [Parameter(ParameterSetName = 'IdentityParameterSet', HelpMessage = 'Determines the scope of authentication context. This accepts `Process` for the current process, or `CurrentUser` for all sessions started by user.')] [Parameter(ParameterSetName = 'EnvironmentVariableParameterSet', HelpMessage = 'Determines the scope of authentication context. This accepts `Process` for the current process, or `CurrentUser` for all sessions started by user.')] [Microsoft.Graph.PowerShell.Authentication.ContextScope] $ContextScope, [Parameter(ParameterSetName = 'AppCertificateParameterSet', HelpMessage = 'The name of the national cloud environment to connect to. By default global cloud is used.')] [Parameter(ParameterSetName = 'AppSecretCredentialParameterSet', HelpMessage = 'The name of the national cloud environment to connect to. By default global cloud is used.')] [Parameter(ParameterSetName = 'AccessTokenParameterSet', HelpMessage = 'The name of the national cloud environment to connect to. By default global cloud is used.')] [Parameter(ParameterSetName = 'UserParameterSet', HelpMessage = 'The name of the national cloud environment to connect to. By default global cloud is used.')] [Parameter(ParameterSetName = 'IdentityParameterSet', HelpMessage = 'The name of the national cloud environment to connect to. By default global cloud is used.')] [Parameter(ParameterSetName = 'EnvironmentVariableParameterSet', HelpMessage = 'The name of the national cloud environment to connect to. By default global cloud is used.')] [Alias('EnvironmentName', 'NationalCloud')] [ValidateNotNullOrEmpty()] [string] $Environment, [Parameter(ParameterSetName = 'UserParameterSet', HelpMessage = 'Use device code authentication instead of a browser control.')] [Alias('UseDeviceAuthentication', 'DeviceCode', 'DeviceAuth', 'Device')] [switch] $UseDeviceCode, [Parameter(ParameterSetName = 'AppCertificateParameterSet', HelpMessage = 'Sets the HTTP client timeout in seconds.')] [Parameter(ParameterSetName = 'AppSecretCredentialParameterSet', HelpMessage = 'Sets the HTTP client timeout in seconds.')] [Parameter(ParameterSetName = 'AccessTokenParameterSet', HelpMessage = 'Sets the HTTP client timeout in seconds.')] [Parameter(ParameterSetName = 'UserParameterSet', HelpMessage = 'Sets the HTTP client timeout in seconds.')] [Parameter(ParameterSetName = 'IdentityParameterSet', HelpMessage = 'Sets the HTTP client timeout in seconds.')] [Parameter(ParameterSetName = 'EnvironmentVariableParameterSet', HelpMessage = 'Sets the HTTP client timeout in seconds.')] [ValidateNotNullOrEmpty()] [double] $ClientTimeout, [Parameter(ParameterSetName = 'IdentityParameterSet', Position = 1, HelpMessage = 'Login using a Managed Identity.')] [Alias('ManagedIdentity', 'ManagedServiceIdentity', 'MSI')] [switch] $Identity, [Parameter(ParameterSetName = 'EnvironmentVariableParameterSet', HelpMessage = 'Allows for authentication using environment variables configured on the host machine. See https://github.com/Azure/azure-sdk-for-net/tree/main/sdk/identity/Azure.Identity#environment-variables.')] [switch] $EnvironmentVariable, [Parameter(HelpMessage = 'Hides the welcome message.')] [switch] $NoWelcome, [Parameter(HelpMessage = 'Wait for .NET debugger to attach')] [switch] $Break ) begin { try { $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand('Microsoft.Graph.Authentication\Connect-MgGraph', [System.Management.Automation.CommandTypes]::Cmdlet) $scriptCmd = { & $wrappedCmd @PSBoundParameters } $steppablePipeline = $scriptCmd.GetSteppablePipeline($myInvocation.CommandOrigin) $steppablePipeline.Begin($PSCmdlet) } catch { throw } } process { try { $steppablePipeline.Process($_) } catch { throw } } end { try { $steppablePipeline.End() } catch { throw } } # clean block only supported in PowerShell v7.3+ # clean { # if ($null -ne $steppablePipeline) { # $steppablePipeline.Clean() # } # } } function Disconnect-Entra { [CmdletBinding(DefaultParameterSetName = 'GetQuery')] param () Disconnect-MgGraph } function Find-EntraPermission { [CmdletBinding(DefaultParameterSetName = 'Search')] param ( [parameter(ParameterSetName='Search', position=0, ValueFromPipeline=$true, Mandatory=$true)] [String] $SearchString, [parameter(ParameterSetName='Search')] [Switch] $ExactMatch, [ValidateSet('Any', 'Delegated', 'Application')] [String] $PermissionType = 'Any', [Switch] $Online, [parameter(ParameterSetName='All')] [Switch] $All ) PROCESS { $params = @{} if($null -ne $PSBoundParameters["SearchString"]) { $params["SearchString"]=$PSBoundParameters["SearchString"] } if($null -ne $PSBoundParameters["PermissionType"]) { $params["PermissionType"]=$PSBoundParameters["PermissionType"] } if($null -ne $PSBoundParameters["ExactMatch"]) { $params["ExactMatch"] = $PSBoundParameters["ExactMatch"] } if($PSBoundParameters.ContainsKey("Verbose")) { $params["Verbose"] = $PSBoundParameters["Verbose"] } if($null -ne $PSBoundParameters["All"]) { if($PSBoundParameters["All"]) { $params["All"] = $PSBoundParameters["All"] } } if($null -ne $PSBoundParameters["Online"]) { if($PSBoundParameters["Online"]) { $params["Online"] = $PSBoundParameters["Online"] } } if($PSBoundParameters.ContainsKey("Debug")) { $params["Debug"] = $PSBoundParameters["Debug"] } if($null -ne $PSBoundParameters["WarningVariable"]) { $params["WarningVariable"] = $PSBoundParameters["WarningVariable"] } if($null -ne $PSBoundParameters["InformationVariable"]) { $params["InformationVariable"] = $PSBoundParameters["InformationVariable"] } if($null -ne $PSBoundParameters["InformationAction"]) { $params["InformationAction"] = $PSBoundParameters["InformationAction"] } if($null -ne $PSBoundParameters["OutVariable"]) { $params["OutVariable"] = $PSBoundParameters["OutVariable"] } if($null -ne $PSBoundParameters["OutBuffer"]) { $params["OutBuffer"] = $PSBoundParameters["OutBuffer"] } if($null -ne $PSBoundParameters["ErrorVariable"]) { $params["ErrorVariable"] = $PSBoundParameters["ErrorVariable"] } if($null -ne $PSBoundParameters["PipelineVariable"]) { $params["PipelineVariable"] = $PSBoundParameters["PipelineVariable"] } if($null -ne $PSBoundParameters["ErrorAction"]) { $params["ErrorAction"] = $PSBoundParameters["ErrorAction"] } if($null -ne $PSBoundParameters["WarningAction"]) { $params["WarningAction"] = $PSBoundParameters["WarningAction"] } Write-Debug("============================ TRANSFORMATIONS ============================") $params.Keys | ForEach-Object {"$_ : $($params[$_])" } | Write-Debug Write-Debug("=========================================================================`n") Find-MgGraphPermission @params } } function Get-EntraContext { [CmdletBinding(DefaultParameterSetName = '')] param () PROCESS { $params = @{} $entraPSModuleName = "Microsoft.Entra" if ($null -ne $PSBoundParameters["ErrorAction"]) { $params["ErrorAction"] = $PSBoundParameters["ErrorAction"] } if ($null -ne $PSBoundParameters["PipelineVariable"]) { $params["PipelineVariable"] = $PSBoundParameters["PipelineVariable"] } if ($null -ne $PSBoundParameters["OutVariable"]) { $params["OutVariable"] = $PSBoundParameters["OutVariable"] } if ($null -ne $PSBoundParameters["InformationAction"]) { $params["InformationAction"] = $PSBoundParameters["InformationAction"] } if ($null -ne $PSBoundParameters["WarningVariable"]) { $params["WarningVariable"] = $PSBoundParameters["WarningVariable"] } if ($PSBoundParameters.ContainsKey("Verbose")) { $params["Verbose"] = $PSBoundParameters["Verbose"] } if ($PSBoundParameters.ContainsKey("Debug")) { $params["Debug"] = $PSBoundParameters["Debug"] } if ($null -ne $PSBoundParameters["Confirm"]) { $params["Confirm"] = $PSBoundParameters["Confirm"] } if ($null -ne $PSBoundParameters["ErrorVariable"]) { $params["ErrorVariable"] = $PSBoundParameters["ErrorVariable"] } if ($null -ne $PSBoundParameters["OutBuffer"]) { $params["OutBuffer"] = $PSBoundParameters["OutBuffer"] } if ($null -ne $PSBoundParameters["WarningAction"]) { $params["WarningAction"] = $PSBoundParameters["WarningAction"] } if ($null -ne $PSBoundParameters["WhatIf"]) { $params["WhatIf"] = $PSBoundParameters["WhatIf"] } if ($null -ne $PSBoundParameters["InformationVariable"]) { $params["InformationVariable"] = $PSBoundParameters["InformationVariable"] } Write-Debug("============================ TRANSFORMATIONS ============================") $params.Keys | ForEach-Object { "$_ : $($params[$_])" } | Write-Debug Write-Debug("=========================================================================`n") $response = Get-MgContext @params $module = $ExecutionContext.SessionState.Module $response | Add-Member -MemberType NoteProperty -Name "EntraPSModuleName" -Value $entraPSModuleName -Force if ($null -ne $module) { $entraPSVersion = $module.Version.ToString() $response | Add-Member -MemberType NoteProperty -Name "EntraPSVersion" -Value $entraPSVersion -Force } $response } } function Get-EntraEnvironment{ [CmdletBinding(DefaultParameterSetName = 'GetQuery')] param ( [Parameter(ParameterSetName = "GetQuery", Mandatory = $false, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)] [System.String] $Name) PROCESS{ $params = @{} if ($PSBoundParameters.ContainsKey("Verbose")) { $params["Verbose"] = $PSBoundParameters["Verbose"] } if ($PSBoundParameters.ContainsKey("Debug")) { $params["Debug"] = $PSBoundParameters["Debug"] } if($null -ne $PSBoundParameters["WarningVariable"]) { $params["WarningVariable"] = $PSBoundParameters["WarningVariable"] } if($null -ne $PSBoundParameters["InformationVariable"]) { $params["InformationVariable"] = $PSBoundParameters["InformationVariable"] } if($null -ne $PSBoundParameters["InformationAction"]) { $params["InformationAction"] = $PSBoundParameters["InformationAction"] } if($null -ne $PSBoundParameters["OutVariable"]) { $params["OutVariable"] = $PSBoundParameters["OutVariable"] } if($null -ne $PSBoundParameters["OutBuffer"]) { $params["OutBuffer"] = $PSBoundParameters["OutBuffer"] } if($null -ne $PSBoundParameters["ErrorVariable"]) { $params["ErrorVariable"] = $PSBoundParameters["ErrorVariable"] } if($null -ne $PSBoundParameters["PipelineVariable"]) { $params["PipelineVariable"] = $PSBoundParameters["PipelineVariable"] } if($null -ne $PSBoundParameters["ErrorAction"]) { $params["ErrorAction"] = $PSBoundParameters["ErrorAction"] } if($null -ne $PSBoundParameters["WarningAction"]) { $params["WarningAction"] = $PSBoundParameters["WarningAction"] } if ($null -ne $PSBoundParameters["Name"]) { $params["Name"] = $PSBoundParameters["Name"] } Write-Debug("============================ TRANSFORMATIONS ============================") $params.Keys | ForEach-Object { "$_ : $($params[$_])" } | Write-Debug Write-Debug("=========================================================================`n") Get-MgEnvironment @params } } function Get-EntraUnsupportedCommand { Throw [System.NotSupportedException] "This command is not supported by Microsoft Entra PowerShell." } function New-EntraCustomHeaders { <# .SYNOPSIS Creates a custom header for use in telemetry. .DESCRIPTION The custom header created is a User-Agent with header value "<PowerShell version> EntraPowershell/<EntraPowershell version> <Entra PowerShell command>" .PARAMETER Command The command that is being executed. .EXAMPLE New-EntraCustomHeaders -Command Get-EntraUser #> [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string] $Command ) $psVersion = $global:PSVersionTable.PSVersion $entraVersion = $ExecutionContext.SessionState.Module.Version.ToString() $userAgentHeaderValue = "PowerShell/$psVersion EntraPowershell/$entraVersion $Command" $customHeaders = New-Object 'system.collections.generic.dictionary[string,string]' $customHeaders["User-Agent"] = $userAgentHeaderValue $customHeaders } function Reset-EntraStrongAuthenticationMethodByUpn { [CmdletBinding(DefaultParameterSetName = 'SetAccidentalDeletionThreshold')] param ( [Parameter(Mandatory = $true, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true)][System.String] $UserPrincipalName, [Parameter(ParameterSetName = "SetAccidentalDeletionThreshold", ValueFromPipelineByPropertyName = $true)][System.Guid] $TenantId ) PROCESS { $customHeaders = New-EntraCustomHeaders -Command $MyInvocation.MyCommand if ($null -ne $PSBoundParameters["UserPrincipalName"]) { $userId = $PSBoundParameters.UserPrincipalName } function DeleteAuthMethod($uid, $method){ switch ($method.AdditionalProperties['@odata.type']) { '#microsoft.graph.emailAuthenticationMethod' { Remove-MgUserAuthenticationEmailMethod -UserId $uid -EmailAuthenticationMethodId $method.Id } '#microsoft.graph.phoneAuthenticationMethod' { Remove-MgUserAuthenticationPhoneMethod -UserId $uid -PhoneAuthenticationMethodId $method.Id } '#microsoft.graph.fido2AuthenticationMethod' { Remove-MgUserAuthenticationFido2Method -UserId $uid -Fido2AuthenticationMethodId $method.Id } '#microsoft.graph.softwareOathAuthenticationMethod' { Remove-MgUserAuthenticationSoftwareOathMethod -UserId $uid -SoftwareOathAuthenticationMethodId $method.Id } '#microsoft.graph.temporaryAccessPassAuthenticationMethod' { Remove-MgUserAuthenticationTemporaryAccessPassMethod -UserId $uid -TemporaryAccessPassAuthenticationMethodId $method.Id } '#microsoft.graph.windowsHelloForBusinessAuthenticationMethod' { Remove-MgUserAuthenticationWindowsHelloForBusinessMethod -UserId $uid -WindowsHelloForBusinessAuthenticationMethodId $method.Id } '#microsoft.graph.microsoftAuthenticatorAuthenticationMethod' { Remove-MgUserAuthenticationMicrosoftAuthenticatorMethod -UserId $uid -MicrosoftAuthenticatorAuthenticationMethodId $method.Id } Default { } } return $? # Return true if no error and false if there is an error } $methods = Get-MgUserAuthenticationMethod -UserId $userId -Headers $customHeaders # -1 to account for passwordAuthenticationMethod foreach ($authMethod in $methods) { $deleted = DeleteAuthMethod -uid $userId -method $authMethod if(!$deleted){ # We need to use the error to identify and delete the default method. $defaultMethod = $authMethod } } # Graph API does not support reading default method of a user. # Plus default method can only be deleted when it is the only (last) auth method for a user. # We need to use the error to identify and delete the default method. try { if($null -ne $defaultMethod){ $result = DeleteAuthMethod -uid $userId -method $defaultMethod } } catch {} } } function Revoke-EntraSignedInUserAllRefreshToken { [CmdletBinding(DefaultParameterSetName = '')] param ( ) PROCESS { $params = @{} $customHeaders = New-EntraCustomHeaders -Command $MyInvocation.MyCommand Write-Debug("============================ TRANSFORMATIONS ============================") $params.Keys | ForEach-Object { "$_ : $($params[$_])" } | Write-Debug Write-Debug("=========================================================================`n") $response = (Invoke-GraphRequest -Headers $customHeaders -Uri 'https://graph.microsoft.com/v1.0/me/revokeSignInSessions' -Method POST).value if ($response) { $responseType = New-Object Microsoft.Graph.PowerShell.Models.ComponentsMwc6EoResponsesRevokesigninsessionsresponseContentApplicationJsonSchema $responseType.Value = $response $responseType } } } function Revoke-EntraUserAllRefreshToken { [CmdletBinding(DefaultParameterSetName = '')] param ( [Alias('ObjectId')] [Parameter(Mandatory = $true, ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true, HelpMessage = "The user's unique ID (User Principal Name or UserId)")] [System.String] $UserId ) PROCESS { $params = @{} $customHeaders = New-EntraCustomHeaders -Command $MyInvocation.MyCommand if ($null -ne $PSBoundParameters["OutVariable"]) { $params["OutVariable"] = $PSBoundParameters["OutVariable"] } if ($PSBoundParameters.ContainsKey("Debug")) { $params["Debug"] = $PSBoundParameters["Debug"] } if ($null -ne $PSBoundParameters["PipelineVariable"]) { $params["PipelineVariable"] = $PSBoundParameters["PipelineVariable"] } if ($null -ne $PSBoundParameters["InformationVariable"]) { $params["InformationVariable"] = $PSBoundParameters["InformationVariable"] } if ($null -ne $PSBoundParameters["OutBuffer"]) { $params["OutBuffer"] = $PSBoundParameters["OutBuffer"] } if ($null -ne $PSBoundParameters["WarningVariable"]) { $params["WarningVariable"] = $PSBoundParameters["WarningVariable"] } if ($PSBoundParameters.ContainsKey("Verbose")) { $params["Verbose"] = $PSBoundParameters["Verbose"] } if ($null -ne $PSBoundParameters["ErrorVariable"]) { $params["ErrorVariable"] = $PSBoundParameters["ErrorVariable"] } if ($null -ne $PSBoundParameters["ErrorAction"]) { $params["ErrorAction"] = $PSBoundParameters["ErrorAction"] } if ($null -ne $PSBoundParameters["UserId"]) { $params["UserId"] = $PSBoundParameters["UserId"] } if ($null -ne $PSBoundParameters["InformationAction"]) { $params["InformationAction"] = $PSBoundParameters["InformationAction"] } if ($null -ne $PSBoundParameters["WarningAction"]) { $params["WarningAction"] = $PSBoundParameters["WarningAction"] } if ($null -ne $PSBoundParameters["ProgressAction"]) { $params["ProgressAction"] = $PSBoundParameters["ProgressAction"] } Write-Debug("============================ TRANSFORMATIONS ============================") $params.Keys | ForEach-Object { "$_ : $($params[$_])" } | Write-Debug Write-Debug("=========================================================================`n") $response = Revoke-MgUserSignInSession @params -Headers $customHeaders $response | ForEach-Object { if ($null -ne $_) { Add-Member -InputObject $_ -MemberType AliasProperty -Name ObjectId -Value Id } } $response } } function Enable-EntraAzureADAlias { Set-Alias -Name Revoke-AzureADUserAllRefreshToken -Value Revoke-EntraUserAllRefreshToken -Scope Global -Force Set-Alias -Name Revoke-AzureADSignedInUserAllRefreshToken -Value Revoke-EntraSignedInUserAllRefreshToken -Scope Global -Force Set-Alias -Name Get-CrossCloudVerificationCode -Value Get-EntraUnsupportedCommand -Scope Global -Force Set-Alias -Name Get-AzureADApplicationProxyApplication -Value Get-EntraUnsupportedCommand -Scope Global -Force Set-Alias -Name New-AzureADApplicationProxyConnectorGroup -Value Get-EntraUnsupportedCommand -Scope Global -Force Set-Alias -Name Set-AzureADApplicationProxyApplicationCustomDomainCertificate -Value Get-EntraUnsupportedCommand -Scope Global -Force Set-Alias -Name Get-AzureADMSAdministrativeUnit -Value Get-EntraUnsupportedCommand -Scope Global -Force Set-Alias -Name Get-AzureADApplicationProxyApplicationConnectorGroup -Value Get-EntraUnsupportedCommand -Scope Global -Force Set-Alias -Name Remove-AzureADApplicationProxyApplicationConnectorGroup -Value Get-EntraUnsupportedCommand -Scope Global -Force Set-Alias -Name Remove-AzureADContactManager -Value Get-EntraUnsupportedCommand -Scope Global -Force Set-Alias -Name Remove-AzureADApplicationProxyApplication -Value Get-EntraUnsupportedCommand -Scope Global -Force Set-Alias -Name Set-AzureADMSAdministrativeUnit -Value Get-EntraUnsupportedCommand -Scope Global -Force Set-Alias -Name Restore-AzureADMSDeletedDirectoryObject -Value Get-EntraUnsupportedCommand -Scope Global -Force Set-Alias -Name New-AzureADApplicationProxyApplication -Value Get-EntraUnsupportedCommand -Scope Global -Force Set-Alias -Name Get-AzureADMSAuthorizationPolicy -Value Get-EntraUnsupportedCommand -Scope Global -Force Set-Alias -Name New-AzureADServicePrincipalKeyCredential -Value Get-EntraUnsupportedCommand -Scope Global -Force Set-Alias -Name Get-AzureADApplicationProxyConnectorGroupMember -Value Get-EntraUnsupportedCommand -Scope Global -Force Set-Alias -Name Get-AzureADApplicationProxyConnectorGroup -Value Get-EntraUnsupportedCommand -Scope Global -Force Set-Alias -Name Get-AzureADApplicationProxyConnectorMemberOf -Value Get-EntraUnsupportedCommand -Scope Global -Force Set-Alias -Name Set-AzureADApplicationProxyConnectorGroup -Value Get-EntraUnsupportedCommand -Scope Global -Force Set-Alias -Name Get-AzureADMSScopedRoleMembership -Value Get-EntraUnsupportedCommand -Scope Global -Force Set-Alias -Name Get-AzureADDeviceConfiguration -Value Get-EntraUnsupportedCommand -Scope Global -Force Set-Alias -Name New-AzureADMSAdministrativeUnit -Value Get-EntraUnsupportedCommand -Scope Global -Force Set-Alias -Name Add-AzureADMSAdministrativeUnitMember -Value Get-EntraUnsupportedCommand -Scope Global -Force Set-Alias -Name Get-AzureADApplicationProxyConnector -Value Get-EntraUnsupportedCommand -Scope Global -Force Set-Alias -Name Remove-AzureADApplicationProxyConnectorGroup -Value Get-EntraUnsupportedCommand -Scope Global -Force Set-Alias -Name Set-AzureADApplicationProxyApplicationConnectorGroup -Value Get-EntraUnsupportedCommand -Scope Global -Force Set-Alias -Name Get-AzureADContactThumbnailPhoto -Value Get-EntraUnsupportedCommand -Scope Global -Force Set-Alias -Name Get-AzureADCurrentSessionInfo -Value Get-EntraUnsupportedCommand -Scope Global -Force Set-Alias -Name Set-AzureADApplicationProxyApplication -Value Get-EntraUnsupportedCommand -Scope Global -Force Set-Alias -Name Add-AzureADMSScopedRoleMembership -Value Get-EntraUnsupportedCommand -Scope Global -Force Set-Alias -Name Set-AzureADApplicationProxyApplicationSingleSignOn -Value Get-EntraUnsupportedCommand -Scope Global -Force Set-Alias -Name Get-AzureADMSAdministrativeUnitMember -Value Get-EntraUnsupportedCommand -Scope Global -Force Set-Alias -Name Set-AzureADApplicationProxyConnector -Value Get-EntraUnsupportedCommand -Scope Global -Force Set-Alias -Name Connect-AzureAD -Value Connect-Entra -Scope Global -Force Set-Alias -Name Disconnect-AzureAD -Value Disconnect-Entra -Scope Global -Force } Export-ModuleMember -Function @('Add-EntraEnvironment', 'Connect-Entra', 'Disconnect-Entra', 'Find-EntraPermission', 'Get-EntraContext', 'Get-EntraEnvironment', 'Get-EntraUnsupportedCommand', 'New-EntraCustomHeaders', 'Reset-EntraStrongAuthenticationMethodByUpn', 'Revoke-EntraSignedInUserAllRefreshToken', 'Revoke-EntraUserAllRefreshToken', 'Enable-EntraAzureADAlias') # Typedefs # ------------------------------------------------------------------------------ # Type definitions required for commands inputs # ------------------------------------------------------------------------------ $def = @" namespace Microsoft.Open.AzureAD.Graph.PowerShell.Custom { using System.Linq; public enum KeyType{ Symmetric = 0, AsymmetricX509Cert = 1, } public enum KeyUsage{ Sign = 0, Verify = 1, Decrypt = 2, Encrypt = 3, } } namespace Microsoft.Open.AzureAD.Model { using System.Linq; public class AlternativeSecurityId { public System.String IdentityProvider; public System.Byte[] Key; public System.Nullable<System.Int32> Type; } public class AppRole { public System.Collections.Generic.List<System.String> AllowedMemberTypes; public System.String Description; public System.String DisplayName; public System.String Id; public System.Nullable<System.Boolean> IsEnabled; public System.String Origin; public System.String Value; } public class AssignedLicense { public System.Collections.Generic.List<System.String> DisabledPlans; public System.String SkuId; } public class AssignedLicenses { public System.Collections.Generic.List<Microsoft.Open.AzureAD.Model.AssignedLicense> AddLicenses; public System.Collections.Generic.List<System.String> RemoveLicenses; } public class CertificateAuthorityInformation { public enum AuthorityTypeEnum{ RootAuthority = 0, IntermediateAuthority = 1, } public System.Nullable<AuthorityTypeEnum> AuthorityType; public System.String CrlDistributionPoint; public System.String DeltaCrlDistributionPoint; public System.Byte[] TrustedCertificate; public System.String TrustedIssuer; public System.String TrustedIssuerSki; } public class CrossCloudVerificationCodeBody { public System.String CrossCloudVerificationCode; public CrossCloudVerificationCodeBody() { } public CrossCloudVerificationCodeBody(System.String value) { CrossCloudVerificationCode = value; } } public class GroupIdsForMembershipCheck { public System.Collections.Generic.List<System.String> GroupIds; public GroupIdsForMembershipCheck() { } public GroupIdsForMembershipCheck(System.Collections.Generic.List<System.String> value) { GroupIds = value; } } public class KeyCredential { public System.Byte[] CustomKeyIdentifier; public System.Nullable<System.DateTime> EndDate; public System.String KeyId; public System.Nullable<System.DateTime> StartDate; public System.String Type; public System.String Usage; public System.Byte[] Value; } public class PasswordCredential { public System.Byte[] CustomKeyIdentifier; public System.Nullable<System.DateTime> EndDate; public System.String KeyId; public System.Nullable<System.DateTime> StartDate; public System.String Value; } public class PasswordProfile { public System.String Password; public System.Nullable<System.Boolean> ForceChangePasswordNextLogin; public System.Nullable<System.Boolean> EnforceChangePasswordPolicy; } public class PrivacyProfile { public System.String ContactEmail; public System.String StatementUrl; } public class SignInName { public System.String Type; public System.String Value; } } namespace Microsoft.Open.MSGraph.Model { using System.Linq; public class AddIn { public System.String Id; public System.String Type; public System.Collections.Generic.List<Microsoft.Open.MSGraph.Model.KeyValue> Properties; } public class ApiApplication { public System.Nullable<System.Boolean> AcceptMappedClaims; public System.Collections.Generic.List<System.String> KnownClientApplications; public System.Collections.Generic.List<Microsoft.Open.MSGraph.Model.PreAuthorizedApplication> PreAuthorizedApplications; public System.Nullable<System.Int32> RequestedAccessTokenVersion; public System.Collections.Generic.List<Microsoft.Open.MSGraph.Model.PermissionScope> Oauth2PermissionScopes; } public class AppRole { public System.Collections.Generic.List<System.String> AllowedMemberTypes; public System.String Description; public System.String DisplayName; public System.String Id; public System.Nullable<System.Boolean> IsEnabled; public System.String Origin; public System.String Value; } public class ConditionalAccessApplicationCondition { public System.Collections.Generic.List<System.String> IncludeApplications; public System.Collections.Generic.List<System.String> ExcludeApplications; public System.Collections.Generic.List<System.String> IncludeUserActions; public System.Collections.Generic.List<System.String> IncludeProtectionLevels; } public class ConditionalAccessApplicationEnforcedRestrictions { public System.Nullable<System.Boolean> IsEnabled; public ConditionalAccessApplicationEnforcedRestrictions() { } public ConditionalAccessApplicationEnforcedRestrictions(System.Nullable<System.Boolean> value) { IsEnabled = value; } } public class ConditionalAccessCloudAppSecurity { public enum CloudAppSecurityTypeEnum{ McasConfigured = 0, MonitorOnly = 1, BlockDownloads = 2, } public System.Nullable<CloudAppSecurityTypeEnum> CloudAppSecurityType; public System.Nullable<System.Boolean> IsEnabled; } public class ConditionalAccessConditionSet { public Microsoft.Open.MSGraph.Model.ConditionalAccessApplicationCondition Applications; public Microsoft.Open.MSGraph.Model.ConditionalAccessUserCondition Users; public Microsoft.Open.MSGraph.Model.ConditionalAccessPlatformCondition Platforms; public Microsoft.Open.MSGraph.Model.ConditionalAccessLocationCondition Locations; public enum ConditionalAccessRiskLevel{ Low = 0, Medium = 1, High = 2, Hidden = 3, None = 4, UnknownFutureValue = 5, } public System.Collections.Generic.List<ConditionalAccessRiskLevel> SignInRiskLevels; public enum ConditionalAccessClientApp{ All = 0, Browser = 1, MobileAppsAndDesktopClients = 2, ExchangeActiveSync = 3, EasSupported = 4, Other = 5, } public System.Collections.Generic.List<ConditionalAccessClientApp> ClientAppTypes; } public class ConditionalAccessGrantControls { public System.String _Operator; public enum ConditionalAccessGrantControl{ Block = 0, Mfa = 1, CompliantDevice = 2, DomainJoinedDevice = 3, ApprovedApplication = 4, CompliantApplication = 5, PasswordChange = 6, } public System.Collections.Generic.List<ConditionalAccessGrantControl> BuiltInControls; public System.Collections.Generic.List<System.String> CustomAuthenticationFactors; public System.Collections.Generic.List<System.String> TermsOfUse; } public class ConditionalAccessLocationCondition { public System.Collections.Generic.List<System.String> IncludeLocations; public System.Collections.Generic.List<System.String> ExcludeLocations; } public class ConditionalAccessPersistentBrowser { public enum ModeEnum{ Always = 0, Never = 1, } public System.Nullable<ModeEnum> Mode; public System.Nullable<System.Boolean> IsEnabled; } public class ConditionalAccessPlatformCondition { public enum ConditionalAccessDevicePlatforms{ Android = 0, IOS = 1, Windows = 2, WindowsPhone = 3, MacOS = 4, All = 5, } public System.Collections.Generic.List<ConditionalAccessDevicePlatforms> IncludePlatforms; public System.Collections.Generic.List<ConditionalAccessDevicePlatforms> ExcludePlatforms; } public class ConditionalAccessSessionControls { public Microsoft.Open.MSGraph.Model.ConditionalAccessApplicationEnforcedRestrictions ApplicationEnforcedRestrictions; public Microsoft.Open.MSGraph.Model.ConditionalAccessCloudAppSecurity CloudAppSecurity; public Microsoft.Open.MSGraph.Model.ConditionalAccessSignInFrequency SignInFrequency; public Microsoft.Open.MSGraph.Model.ConditionalAccessPersistentBrowser PersistentBrowser; } public class ConditionalAccessSignInFrequency { public enum TypeEnum{ Days = 0, Hours = 1, } public System.Nullable<TypeEnum> Type; public System.Nullable<System.Int32> Value; public System.Nullable<System.Boolean> IsEnabled; } public class ConditionalAccessUserCondition { public System.Collections.Generic.List<System.String> IncludeUsers; public System.Collections.Generic.List<System.String> ExcludeUsers; public System.Collections.Generic.List<System.String> IncludeGroups; public System.Collections.Generic.List<System.String> ExcludeGroups; public System.Collections.Generic.List<System.String> IncludeRoles; public System.Collections.Generic.List<System.String> ExcludeRoles; } public enum CountriesAndRegion{ AD = 0, AE = 1, AF = 2, AG = 3, AI = 4, AL = 5, AM = 6, AN = 7, AO = 8, AQ = 9, AR = 10, AS = 11, AT = 12, AU = 13, AW = 14, AX = 15, AZ = 16, BA = 17, BB = 18, BD = 19, BE = 20, BF = 21, BG = 22, BH = 23, BI = 24, BJ = 25, BL = 26, BM = 27, BN = 28, BO = 29, BQ = 30, BR = 31, BS = 32, BT = 33, BV = 34, BW = 35, BY = 36, BZ = 37, CA = 38, CC = 39, CD = 40, CF = 41, CG = 42, CH = 43, CI = 44, CK = 45, CL = 46, CM = 47, CN = 48, CO = 49, CR = 50, CU = 51, CV = 52, CW = 53, CX = 54, CY = 55, CZ = 56, DE = 57, DJ = 58, DK = 59, DM = 60, DO = 61, DZ = 62, EC = 63, EE = 64, EG = 65, EH = 66, ER = 67, ES = 68, ET = 69, FI = 70, FJ = 71, FK = 72, FM = 73, FO = 74, FR = 75, GA = 76, GB = 77, GD = 78, GE = 79, GF = 80, GG = 81, GH = 82, GI = 83, GL = 84, GM = 85, GN = 86, GP = 87, GQ = 88, GR = 89, GS = 90, GT = 91, GU = 92, GW = 93, GY = 94, HK = 95, HM = 96, HN = 97, HR = 98, HT = 99, HU = 100, ID = 101, IE = 102, IL = 103, IM = 104, IN = 105, IO = 106, IQ = 107, IR = 108, IS = 109, IT = 110, JE = 111, JM = 112, JO = 113, JP = 114, KE = 115, KG = 116, KH = 117, KI = 118, KM = 119, KN = 120, KP = 121, KR = 122, KW = 123, KY = 124, KZ = 125, LA = 126, LB = 127, LC = 128, LI = 129, LK = 130, LR = 131, LS = 132, LT = 133, LU = 134, LV = 135, LY = 136, MA = 137, MC = 138, MD = 139, ME = 140, MF = 141, MG = 142, MH = 143, MK = 144, ML = 145, MM = 146, MN = 147, MO = 148, MP = 149, MQ = 150, MR = 151, MS = 152, MT = 153, MU = 154, MV = 155, MW = 156, MX = 157, MY = 158, MZ = 159, NA = 160, NC = 161, NE = 162, NF = 163, NG = 164, NI = 165, NL = 166, NO = 167, NP = 168, NR = 169, NU = 170, NZ = 171, OM = 172, PA = 173, PE = 174, PF = 175, PG = 176, PH = 177, PK = 178, PL = 179, PM = 180, PN = 181, PR = 182, PS = 183, PT = 184, PW = 185, PY = 186, QA = 187, RE = 188, RO = 189, RS = 190, RU = 191, RW = 192, SA = 193, SB = 194, SC = 195, SD = 196, SE = 197, SG = 198, SH = 199, SI = 200, SJ = 201, SK = 202, SL = 203, SM = 204, SN = 205, SO = 206, SR = 207, SS = 208, ST = 209, SV = 210, SX = 211, SY = 212, SZ = 213, TC = 214, TD = 215, TF = 216, TG = 217, TH = 218, TJ = 219, TK = 220, TL = 221, TM = 222, TN = 223, TO = 224, TR = 225, TT = 226, TV = 227, TW = 228, TZ = 229, UA = 230, UG = 231, UM = 232, US = 233, UY = 234, UZ = 235, VA = 236, VC = 237, VE = 238, VG = 239, VI = 240, VN = 241, VU = 242, WF = 243, WS = 244, YE = 245, YT = 246, ZA = 247, ZM = 248, ZW = 249, } public class DefaultUserRolePermissions { public System.Nullable<System.Boolean> AllowedToCreateApps; public System.Nullable<System.Boolean> AllowedToCreateSecurityGroups; public System.Nullable<System.Boolean> AllowedToReadOtherUsers; public System.Collections.Generic.List<System.String> PermissionGrantPoliciesAssigned; } public class DelegatedPermissionClassification { public enum ClassificationEnum{ Low = 0, Medium = 1, High = 2, } public System.Nullable<ClassificationEnum> Classification; public System.String Id; public System.String PermissionId; public System.String PermissionName; } public class EmailAddress { public System.String Name; public System.String Address; } public class ImplicitGrantSettings { public System.Nullable<System.Boolean> EnableIdTokenIssuance; public System.Nullable<System.Boolean> EnableAccessTokenIssuance; } public class InformationalUrl { public System.String TermsOfServiceUrl; public System.String MarketingUrl; public System.String PrivacyStatementUrl; public System.String SupportUrl; public System.String LogoUrl; } public class InvitedUserMessageInfo { public System.Collections.Generic.List<Microsoft.Open.MSGraph.Model.Recipient> CcRecipients; public System.String CustomizedMessageBody; public System.String MessageLanguage; } public class IpRange { public System.String CidrAddress; public IpRange() { } public IpRange(System.String value) { CidrAddress = value; } } public class KeyCredential { public System.Byte[] CustomKeyIdentifier; public System.String DisplayName; public System.Nullable<System.DateTime> EndDateTime; public System.String KeyId; public System.Nullable<System.DateTime> StartDateTime; public System.String Type; public System.String Usage; public System.Byte[] Key; } public class KeyValue { public System.String Key; public System.String Value; } public class MsDirectoryObject { public System.String Id; public System.String OdataType; } public class MsRoleMemberInfo { public System.String Id; } public class OptionalClaim { public System.String Name; public System.String Source; public System.Nullable<System.Boolean> Essential; public System.Collections.Generic.List<System.String> AdditionalProperties; } public class OptionalClaims { public System.Collections.Generic.List<Microsoft.Open.MSGraph.Model.OptionalClaim> IdToken; public System.Collections.Generic.List<Microsoft.Open.MSGraph.Model.OptionalClaim> AccessToken; public System.Collections.Generic.List<Microsoft.Open.MSGraph.Model.OptionalClaim> Saml2Token; } public class ParentalControlSettings { public enum LegalAgeGroupRuleEnum{ Allow = 0, RequireConsentForPrivacyServices = 1, RequireConsentForMinors = 2, RequireConsentForKids = 3, BlockMinors = 4, } public System.Nullable<LegalAgeGroupRuleEnum> LegalAgeGroupRule; public System.Collections.Generic.List<System.String> CountriesBlockedForMinors; } public class PasswordCredential { public System.Byte[] CustomKeyIdentifier; public System.Nullable<System.DateTime> EndDateTime; public System.String DisplayName; public System.String KeyId; public System.Nullable<System.DateTime> StartDateTime; public System.String SecretText; public System.String Hint; } public class PermissionScope { public System.String AdminConsentDescription; public System.String AdminConsentDisplayName; public System.String Id; public System.Nullable<System.Boolean> IsEnabled; public System.String Type; public System.String UserConsentDescription; public System.String UserConsentDisplayName; public System.String Value; } public class PreAuthorizedApplication { public System.String AppId; public System.Collections.Generic.List<System.String> DelegatedPermissionIds; } public class PublicClientApplication { public System.Collections.Generic.List<System.String> RedirectUris; public PublicClientApplication() { } public PublicClientApplication(System.Collections.Generic.List<System.String> value) { RedirectUris = value; } } public class Recipient { public Microsoft.Open.MSGraph.Model.EmailAddress EmailAddress; public Recipient() { } public Recipient(Microsoft.Open.MSGraph.Model.EmailAddress value) { EmailAddress = value; } } public class RequiredResourceAccess { public System.String ResourceAppId; public System.Collections.Generic.List<Microsoft.Open.MSGraph.Model.ResourceAccess> ResourceAccess; } public class ResourceAccess { public System.String Id; public System.String Type; } public class RolePermission { public System.Collections.Generic.List<System.String> AllowedResourceActions; public System.String Condition; } public class SetVerifiedPublisherRequest { public System.String VerifiedPublisherId; public SetVerifiedPublisherRequest() { } public SetVerifiedPublisherRequest(System.String value) { VerifiedPublisherId = value; } } public class User { public System.String Id; public System.String OdataType; } public class WebApplication { public System.String HomePageUrl; public System.String LogoutUrl; public System.Collections.Generic.List<System.String> RedirectUris; public Microsoft.Open.MSGraph.Model.ImplicitGrantSettings ImplicitGrantSettings; } } "@ try { Add-Type -TypeDefinition $def -ErrorAction SilentlyContinue } catch { # No error message will be displayed, and type will be added if it doesn't exist } # ------------------------------------------------------------------------------ # End of Type definitions required for commands inputs # ------------------------------------------------------------------------------ # SIG # Begin signature block # MIIoOwYJKoZIhvcNAQcCoIIoLDCCKCgCAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCCf64Hqg4ei8SMN # l31nhoPUHyjF+KkCAXELQrLdcWzX9qCCDYUwggYDMIID66ADAgECAhMzAAAEA73V # lV0POxitAAAAAAQDMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMRMwEQYD # VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNpZ25p # bmcgUENBIDIwMTEwHhcNMjQwOTEyMjAxMTEzWhcNMjUwOTExMjAxMTEzWjB0MQsw # CQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9u # ZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYDVQQDExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB # AQCfdGddwIOnbRYUyg03O3iz19XXZPmuhEmW/5uyEN+8mgxl+HJGeLGBR8YButGV # LVK38RxcVcPYyFGQXcKcxgih4w4y4zJi3GvawLYHlsNExQwz+v0jgY/aejBS2EJY # oUhLVE+UzRihV8ooxoftsmKLb2xb7BoFS6UAo3Zz4afnOdqI7FGoi7g4vx/0MIdi # kwTn5N56TdIv3mwfkZCFmrsKpN0zR8HD8WYsvH3xKkG7u/xdqmhPPqMmnI2jOFw/ # /n2aL8W7i1Pasja8PnRXH/QaVH0M1nanL+LI9TsMb/enWfXOW65Gne5cqMN9Uofv # ENtdwwEmJ3bZrcI9u4LZAkujAgMBAAGjggGCMIIBfjAfBgNVHSUEGDAWBgorBgEE # AYI3TAgBBggrBgEFBQcDAzAdBgNVHQ4EFgQU6m4qAkpz4641iK2irF8eWsSBcBkw # VAYDVR0RBE0wS6RJMEcxLTArBgNVBAsTJE1pY3Jvc29mdCBJcmVsYW5kIE9wZXJh # dGlvbnMgTGltaXRlZDEWMBQGA1UEBRMNMjMwMDEyKzUwMjkyNjAfBgNVHSMEGDAW # gBRIbmTlUAXTgqoXNzcitW2oynUClTBUBgNVHR8ETTBLMEmgR6BFhkNodHRwOi8v # d3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NybC9NaWNDb2RTaWdQQ0EyMDExXzIw # MTEtMDctMDguY3JsMGEGCCsGAQUFBwEBBFUwUzBRBggrBgEFBQcwAoZFaHR0cDov # L3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNDb2RTaWdQQ0EyMDEx # XzIwMTEtMDctMDguY3J0MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIB # AFFo/6E4LX51IqFuoKvUsi80QytGI5ASQ9zsPpBa0z78hutiJd6w154JkcIx/f7r # EBK4NhD4DIFNfRiVdI7EacEs7OAS6QHF7Nt+eFRNOTtgHb9PExRy4EI/jnMwzQJV # NokTxu2WgHr/fBsWs6G9AcIgvHjWNN3qRSrhsgEdqHc0bRDUf8UILAdEZOMBvKLC # rmf+kJPEvPldgK7hFO/L9kmcVe67BnKejDKO73Sa56AJOhM7CkeATrJFxO9GLXos # oKvrwBvynxAg18W+pagTAkJefzneuWSmniTurPCUE2JnvW7DalvONDOtG01sIVAB # +ahO2wcUPa2Zm9AiDVBWTMz9XUoKMcvngi2oqbsDLhbK+pYrRUgRpNt0y1sxZsXO # raGRF8lM2cWvtEkV5UL+TQM1ppv5unDHkW8JS+QnfPbB8dZVRyRmMQ4aY/tx5x5+ # sX6semJ//FbiclSMxSI+zINu1jYerdUwuCi+P6p7SmQmClhDM+6Q+btE2FtpsU0W # +r6RdYFf/P+nK6j2otl9Nvr3tWLu+WXmz8MGM+18ynJ+lYbSmFWcAj7SYziAfT0s # IwlQRFkyC71tsIZUhBHtxPliGUu362lIO0Lpe0DOrg8lspnEWOkHnCT5JEnWCbzu # iVt8RX1IV07uIveNZuOBWLVCzWJjEGa+HhaEtavjy6i7MIIHejCCBWKgAwIBAgIK # YQ6Q0gAAAAAAAzANBgkqhkiG9w0BAQsFADCBiDELMAkGA1UEBhMCVVMxEzARBgNV # BAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jv # c29mdCBDb3Jwb3JhdGlvbjEyMDAGA1UEAxMpTWljcm9zb2Z0IFJvb3QgQ2VydGlm # aWNhdGUgQXV0aG9yaXR5IDIwMTEwHhcNMTEwNzA4MjA1OTA5WhcNMjYwNzA4MjEw # OTA5WjB+MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UE # BxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSgwJgYD # VQQDEx9NaWNyb3NvZnQgQ29kZSBTaWduaW5nIFBDQSAyMDExMIICIjANBgkqhkiG # 9w0BAQEFAAOCAg8AMIICCgKCAgEAq/D6chAcLq3YbqqCEE00uvK2WCGfQhsqa+la # UKq4BjgaBEm6f8MMHt03a8YS2AvwOMKZBrDIOdUBFDFC04kNeWSHfpRgJGyvnkmc # 6Whe0t+bU7IKLMOv2akrrnoJr9eWWcpgGgXpZnboMlImEi/nqwhQz7NEt13YxC4D # dato88tt8zpcoRb0RrrgOGSsbmQ1eKagYw8t00CT+OPeBw3VXHmlSSnnDb6gE3e+ # lD3v++MrWhAfTVYoonpy4BI6t0le2O3tQ5GD2Xuye4Yb2T6xjF3oiU+EGvKhL1nk # kDstrjNYxbc+/jLTswM9sbKvkjh+0p2ALPVOVpEhNSXDOW5kf1O6nA+tGSOEy/S6 # A4aN91/w0FK/jJSHvMAhdCVfGCi2zCcoOCWYOUo2z3yxkq4cI6epZuxhH2rhKEmd # X4jiJV3TIUs+UsS1Vz8kA/DRelsv1SPjcF0PUUZ3s/gA4bysAoJf28AVs70b1FVL # 5zmhD+kjSbwYuER8ReTBw3J64HLnJN+/RpnF78IcV9uDjexNSTCnq47f7Fufr/zd # sGbiwZeBe+3W7UvnSSmnEyimp31ngOaKYnhfsi+E11ecXL93KCjx7W3DKI8sj0A3 # T8HhhUSJxAlMxdSlQy90lfdu+HggWCwTXWCVmj5PM4TasIgX3p5O9JawvEagbJjS # 4NaIjAsCAwEAAaOCAe0wggHpMBAGCSsGAQQBgjcVAQQDAgEAMB0GA1UdDgQWBBRI # bmTlUAXTgqoXNzcitW2oynUClTAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTAL # BgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBRyLToCMZBD # uRQFTuHqp8cx0SOJNDBaBgNVHR8EUzBRME+gTaBLhklodHRwOi8vY3JsLm1pY3Jv # c29mdC5jb20vcGtpL2NybC9wcm9kdWN0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFf # MDNfMjIuY3JsMF4GCCsGAQUFBwEBBFIwUDBOBggrBgEFBQcwAoZCaHR0cDovL3d3 # dy5taWNyb3NvZnQuY29tL3BraS9jZXJ0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFf # MDNfMjIuY3J0MIGfBgNVHSAEgZcwgZQwgZEGCSsGAQQBgjcuAzCBgzA/BggrBgEF # BQcCARYzaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9kb2NzL3ByaW1h # cnljcHMuaHRtMEAGCCsGAQUFBwICMDQeMiAdAEwAZQBnAGEAbABfAHAAbwBsAGkA # YwB5AF8AcwB0AGEAdABlAG0AZQBuAHQALiAdMA0GCSqGSIb3DQEBCwUAA4ICAQBn # 8oalmOBUeRou09h0ZyKbC5YR4WOSmUKWfdJ5DJDBZV8uLD74w3LRbYP+vj/oCso7 # v0epo/Np22O/IjWll11lhJB9i0ZQVdgMknzSGksc8zxCi1LQsP1r4z4HLimb5j0b # pdS1HXeUOeLpZMlEPXh6I/MTfaaQdION9MsmAkYqwooQu6SpBQyb7Wj6aC6VoCo/ # KmtYSWMfCWluWpiW5IP0wI/zRive/DvQvTXvbiWu5a8n7dDd8w6vmSiXmE0OPQvy # CInWH8MyGOLwxS3OW560STkKxgrCxq2u5bLZ2xWIUUVYODJxJxp/sfQn+N4sOiBp # mLJZiWhub6e3dMNABQamASooPoI/E01mC8CzTfXhj38cbxV9Rad25UAqZaPDXVJi # hsMdYzaXht/a8/jyFqGaJ+HNpZfQ7l1jQeNbB5yHPgZ3BtEGsXUfFL5hYbXw3MYb # BL7fQccOKO7eZS/sl/ahXJbYANahRr1Z85elCUtIEJmAH9AAKcWxm6U/RXceNcbS # oqKfenoi+kiVH6v7RyOA9Z74v2u3S5fi63V4GuzqN5l5GEv/1rMjaHXmr/r8i+sL # gOppO6/8MO0ETI7f33VtY5E90Z1WTk+/gFcioXgRMiF670EKsT/7qMykXcGhiJtX # cVZOSEXAQsmbdlsKgEhr/Xmfwb1tbWrJUnMTDXpQzTGCGgwwghoIAgEBMIGVMH4x # CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRt # b25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01p # Y3Jvc29mdCBDb2RlIFNpZ25pbmcgUENBIDIwMTECEzMAAAQDvdWVXQ87GK0AAAAA # BAMwDQYJYIZIAWUDBAIBBQCgga4wGQYJKoZIhvcNAQkDMQwGCisGAQQBgjcCAQQw # HAYKKwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkEMSIEILzc # 6rcs6g45P6x2ECpDZ6bB9tzquNPl1PF+zV0TERx4MEIGCisGAQQBgjcCAQwxNDAy # oBSAEgBNAGkAYwByAG8AcwBvAGYAdKEagBhodHRwOi8vd3d3Lm1pY3Jvc29mdC5j # b20wDQYJKoZIhvcNAQEBBQAEggEAe3YGJUyWVr0sM7hVWME8Ztd54CGCe31TIyH1 # URsNaUofIlZiQSCikVK8PS+HR9ue9Z6li7WOPL8ep/pvu7LO//BMZWORqFJsTgrz # yebKUz1vu5BUi4xZx7Fs5JsHImLWpC1KdkqsE5DPmkVu8RrKV9ZBd0/SWc4Zmfj6 # szSWvzLVW7PQqn0L0WF/MbO7IQ5fwHtv+nI4JoTh6S8MFaZ7KmJt625XeDmLRrAV # AfEyx2Be3QyBa6p48rsASONXu5BlF11uRh5jS4xvPYMjOo+gNhC5vw801v9MR5ia # T+fwO0W+UFtMiHny61ssgCQ6JlwtzMsFLFruPg4dCHxPJ5sdVKGCF5YwgheSBgor # BgEEAYI3AwMBMYIXgjCCF34GCSqGSIb3DQEHAqCCF28wghdrAgEDMQ8wDQYJYIZI # AWUDBAIBBQAwggFSBgsqhkiG9w0BCRABBKCCAUEEggE9MIIBOQIBAQYKKwYBBAGE # WQoDATAxMA0GCWCGSAFlAwQCAQUABCB2sF3Qi85j2F9as3ZMXB4vHxISCm7szkix # BC0Kmlz9AQIGZ63qoDbjGBMyMDI1MDIxMzE0MTk1MS4xNThaMASAAgH0oIHRpIHO # MIHLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMH # UmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSUwIwYDVQQL # ExxNaWNyb3NvZnQgQW1lcmljYSBPcGVyYXRpb25zMScwJQYDVQQLEx5uU2hpZWxk # IFRTUyBFU046QTAwMC0wNUUwLUQ5NDcxJTAjBgNVBAMTHE1pY3Jvc29mdCBUaW1l # LVN0YW1wIFNlcnZpY2WgghHsMIIHIDCCBQigAwIBAgITMwAAAevgGGy1tu847QAB # AAAB6zANBgkqhkiG9w0BAQsFADB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2Fz # aGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENv # cnBvcmF0aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAx # MDAeFw0yMzEyMDYxODQ1MzRaFw0yNTAzMDUxODQ1MzRaMIHLMQswCQYDVQQGEwJV # UzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UE # ChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSUwIwYDVQQLExxNaWNyb3NvZnQgQW1l # cmljYSBPcGVyYXRpb25zMScwJQYDVQQLEx5uU2hpZWxkIFRTUyBFU046QTAwMC0w # NUUwLUQ5NDcxJTAjBgNVBAMTHE1pY3Jvc29mdCBUaW1lLVN0YW1wIFNlcnZpY2Uw # ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDBFWgh2lbgV3eJp01oqiaF # BuYbNc7hSKmktvJ15NrB/DBboUow8WPOTPxbn7gcmIOGmwJkd+TyFx7KOnzrxnoB # 3huvv91fZuUugIsKTnAvg2BU/nfN7Zzn9Kk1mpuJ27S6xUDH4odFiX51ICcKl6EG # 4cxKgcDAinihT8xroJWVATL7p8bbfnwsc1pihZmcvIuYGnb1TY9tnpdChWr9EARu # Co3TiRGjM2Lp4piT2lD5hnd3VaGTepNqyakpkCGV0+cK8Vu/HkIZdvy+z5EL3ojT # dFLL5vJ9IAogWf3XAu3d7SpFaaoeix0e1q55AD94ZwDP+izqLadsBR3tzjq2RfrC # NL+Tmi/jalRto/J6bh4fPhHETnDC78T1yfXUQdGtmJ/utI/ANxi7HV8gAPzid9TY # jMPbYqG8y5xz+gI/SFyj+aKtHHWmKzEXPttXzAcexJ1EH7wbuiVk3sErPK9MLg1X # b6hM5HIWA0jEAZhKEyd5hH2XMibzakbp2s2EJQWasQc4DMaF1EsQ1CzgClDYIYG6 # rUhudfI7k8L9KKCEufRbK5ldRYNAqddr/ySJfuZv3PS3+vtD6X6q1H4UOmjDKdjo # W3qs7JRMZmH9fkFkMzb6YSzr6eX1LoYm3PrO1Jea43SYzlB3Tz84OvuVSV7NcidV # tNqiZeWWpVjfavR+Jj/JOQIDAQABo4IBSTCCAUUwHQYDVR0OBBYEFHSeBazWVcxu # 4qT9O5jT2B+qAerhMB8GA1UdIwQYMBaAFJ+nFV0AXmJdg/Tl0mWnG1M1GelyMF8G # A1UdHwRYMFYwVKBSoFCGTmh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMv # Y3JsL01pY3Jvc29mdCUyMFRpbWUtU3RhbXAlMjBQQ0ElMjAyMDEwKDEpLmNybDBs # BggrBgEFBQcBAQRgMF4wXAYIKwYBBQUHMAKGUGh0dHA6Ly93d3cubWljcm9zb2Z0 # LmNvbS9wa2lvcHMvY2VydHMvTWljcm9zb2Z0JTIwVGltZS1TdGFtcCUyMFBDQSUy # MDIwMTAoMSkuY3J0MAwGA1UdEwEB/wQCMAAwFgYDVR0lAQH/BAwwCgYIKwYBBQUH # AwgwDgYDVR0PAQH/BAQDAgeAMA0GCSqGSIb3DQEBCwUAA4ICAQCDdN8voPd8C+VW # ZP3+W87c/QbdbWK0sOt9Z4kEOWng7Kmh+WD2LnPJTJKIEaxniOct9wMgJ8yQywR8 # WHgDOvbwqdqsLUaM4NrertI6FI9rhjheaKxNNnBZzHZLDwlkL9vCEDe9Rc0dGSVd # 5Bg3CWknV3uvVau14F55ESTWIBNaQS9Cpo2Opz3cRgAYVfaLFGbArNcRvSWvSUbe # I2IDqRxC4xBbRiNQ+1qHXDCPn0hGsXfL+ynDZncCfszNrlgZT24XghvTzYMHcXio # LVYo/2Hkyow6dI7uULJbKxLX8wHhsiwriXIDCnjLVsG0E5bR82QgcseEhxbU2d1R # VHcQtkUE7W9zxZqZ6/jPmaojZgXQO33XjxOHYYVa/BXcIuu8SMzPjjAAbujwTawp # azLBv997LRB0ZObNckJYyQQpETSflN36jW+z7R/nGyJqRZ3HtZ1lXW1f6zECAeP+ # 9dy6nmcCrVcOqbQHX7Zr8WPcghHJAADlm5ExPh5xi1tNRk+i6F2a9SpTeQnZXP50 # w+JoTxISQq7vBij2nitAsSLaVeMqoPi+NXlTUNZ2NdtbFr6Iir9ZK9ufaz3FxfvD # Zo365vLOozmQOe/Z+pu4vY5zPmtNiVIcQnFy7JZOiZVDI5bIdwQRai2quHKJ6ltU # dsi3HjNnieuE72fT4eWhxtmnN5HYCDCCB3EwggVZoAMCAQICEzMAAAAVxedrngKb # SZkAAAAAABUwDQYJKoZIhvcNAQELBQAwgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQI # EwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3Nv # ZnQgQ29ycG9yYXRpb24xMjAwBgNVBAMTKU1pY3Jvc29mdCBSb290IENlcnRpZmlj # YXRlIEF1dGhvcml0eSAyMDEwMB4XDTIxMDkzMDE4MjIyNVoXDTMwMDkzMDE4MzIy # NVowfDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcT # B1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UE # AxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAgUENBIDIwMTAwggIiMA0GCSqGSIb3DQEB # AQUAA4ICDwAwggIKAoICAQDk4aZM57RyIQt5osvXJHm9DtWC0/3unAcH0qlsTnXI # yjVX9gF/bErg4r25PhdgM/9cT8dm95VTcVrifkpa/rg2Z4VGIwy1jRPPdzLAEBjo # YH1qUoNEt6aORmsHFPPFdvWGUNzBRMhxXFExN6AKOG6N7dcP2CZTfDlhAnrEqv1y # aa8dq6z2Nr41JmTamDu6GnszrYBbfowQHJ1S/rboYiXcag/PXfT+jlPP1uyFVk3v # 3byNpOORj7I5LFGc6XBpDco2LXCOMcg1KL3jtIckw+DJj361VI/c+gVVmG1oO5pG # ve2krnopN6zL64NF50ZuyjLVwIYwXE8s4mKyzbnijYjklqwBSru+cakXW2dg3viS # kR4dPf0gz3N9QZpGdc3EXzTdEonW/aUgfX782Z5F37ZyL9t9X4C626p+Nuw2TPYr # bqgSUei/BQOj0XOmTTd0lBw0gg/wEPK3Rxjtp+iZfD9M269ewvPV2HM9Q07BMzlM # jgK8QmguEOqEUUbi0b1qGFphAXPKZ6Je1yh2AuIzGHLXpyDwwvoSCtdjbwzJNmSL # W6CmgyFdXzB0kZSU2LlQ+QuJYfM2BjUYhEfb3BvR/bLUHMVr9lxSUV0S2yW6r1AF # emzFER1y7435UsSFF5PAPBXbGjfHCBUYP3irRbb1Hode2o+eFnJpxq57t7c+auIu # rQIDAQABo4IB3TCCAdkwEgYJKwYBBAGCNxUBBAUCAwEAATAjBgkrBgEEAYI3FQIE # FgQUKqdS/mTEmr6CkTxGNSnPEP8vBO4wHQYDVR0OBBYEFJ+nFV0AXmJdg/Tl0mWn # G1M1GelyMFwGA1UdIARVMFMwUQYMKwYBBAGCN0yDfQEBMEEwPwYIKwYBBQUHAgEW # M2h0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMvRG9jcy9SZXBvc2l0b3J5 # Lmh0bTATBgNVHSUEDDAKBggrBgEFBQcDCDAZBgkrBgEEAYI3FAIEDB4KAFMAdQBi # AEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBTV # 9lbLj+iiXGJo0T2UkFvXzpoYxDBWBgNVHR8ETzBNMEugSaBHhkVodHRwOi8vY3Js # Lm1pY3Jvc29mdC5jb20vcGtpL2NybC9wcm9kdWN0cy9NaWNSb29DZXJBdXRfMjAx # MC0wNi0yMy5jcmwwWgYIKwYBBQUHAQEETjBMMEoGCCsGAQUFBzAChj5odHRwOi8v # d3d3Lm1pY3Jvc29mdC5jb20vcGtpL2NlcnRzL01pY1Jvb0NlckF1dF8yMDEwLTA2 # LTIzLmNydDANBgkqhkiG9w0BAQsFAAOCAgEAnVV9/Cqt4SwfZwExJFvhnnJL/Klv # 6lwUtj5OR2R4sQaTlz0xM7U518JxNj/aZGx80HU5bbsPMeTCj/ts0aGUGCLu6WZn # OlNN3Zi6th542DYunKmCVgADsAW+iehp4LoJ7nvfam++Kctu2D9IdQHZGN5tggz1 # bSNU5HhTdSRXud2f8449xvNo32X2pFaq95W2KFUn0CS9QKC/GbYSEhFdPSfgQJY4 # rPf5KYnDvBewVIVCs/wMnosZiefwC2qBwoEZQhlSdYo2wh3DYXMuLGt7bj8sCXgU # 6ZGyqVvfSaN0DLzskYDSPeZKPmY7T7uG+jIa2Zb0j/aRAfbOxnT99kxybxCrdTDF # NLB62FD+CljdQDzHVG2dY3RILLFORy3BFARxv2T5JL5zbcqOCb2zAVdJVGTZc9d/ # HltEAY5aGZFrDZ+kKNxnGSgkujhLmm77IVRrakURR6nxt67I6IleT53S0Ex2tVdU # CbFpAUR+fKFhbHP+CrvsQWY9af3LwUFJfn6Tvsv4O+S3Fb+0zj6lMVGEvL8CwYKi # excdFYmNcP7ntdAoGokLjzbaukz5m/8K6TT4JDVnK+ANuOaMmdbhIurwJ0I9JZTm # dHRbatGePu1+oDEzfbzL6Xu/OHBE0ZDxyKs6ijoIYn/ZcGNTTY3ugm2lBRDBcQZq # ELQdVTNYs6FwZvKhggNPMIICNwIBATCB+aGB0aSBzjCByzELMAkGA1UEBhMCVVMx # EzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoT # FU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjElMCMGA1UECxMcTWljcm9zb2Z0IEFtZXJp # Y2EgT3BlcmF0aW9uczEnMCUGA1UECxMeblNoaWVsZCBUU1MgRVNOOkEwMDAtMDVF # MC1EOTQ3MSUwIwYDVQQDExxNaWNyb3NvZnQgVGltZS1TdGFtcCBTZXJ2aWNloiMK # AQEwBwYFKw4DAhoDFQCABol1u1wwwYgUtUowMnqYvbul3qCBgzCBgKR+MHwxCzAJ # BgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25k # MR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMTHU1pY3Jv # c29mdCBUaW1lLVN0YW1wIFBDQSAyMDEwMA0GCSqGSIb3DQEBCwUAAgUA61hpITAi # GA8yMDI1MDIxMzEyNTA0MVoYDzIwMjUwMjE0MTI1MDQxWjB2MDwGCisGAQQBhFkK # BAExLjAsMAoCBQDrWGkhAgEAMAkCAQACAQgCAf8wBwIBAAICEbowCgIFAOtZuqEC # AQAwNgYKKwYBBAGEWQoEAjEoMCYwDAYKKwYBBAGEWQoDAqAKMAgCAQACAwehIKEK # MAgCAQACAwGGoDANBgkqhkiG9w0BAQsFAAOCAQEAE6rG0u/w6v+IyGRUUDiaP8rG # FFG6AxXmXhRgL/5c2sjl7eDpdvARWzzkepAnDuIyJjMtaJKw0ErLMlbWc7yDGkaS # WWmIHvdV3bUqkUt6ld8XzGEMTpKalcZXR8BqsPUbTge3pyNdCpFSYgCKcL1LlYbd # edV7PlUkByVNKPtgcGqxjdaHA0vFehanev5TkxckOPI+SMuvzXtxMI3Pnu4VMSSZ # IqoTNogtbFAZad7zIKialj4XD/H/DbKsnnl96CHM/EYzeOsG4mxaB5a1t/cflzwl # G2cxXhEveeO42yaIpJPdQzWUTD1jdHgYOQ5nBdADa9BiobdsfPBUalS5tpW5xjGC # BA0wggQJAgEBMIGTMHwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9u # MRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRp # b24xJjAkBgNVBAMTHU1pY3Jvc29mdCBUaW1lLVN0YW1wIFBDQSAyMDEwAhMzAAAB # 6+AYbLW27zjtAAEAAAHrMA0GCWCGSAFlAwQCAQUAoIIBSjAaBgkqhkiG9w0BCQMx # DQYLKoZIhvcNAQkQAQQwLwYJKoZIhvcNAQkEMSIEIKz4F4XzYMAtRwgT9/Mv9N7T # 52P6qNnVUhTAczeyxv2UMIH6BgsqhkiG9w0BCRACLzGB6jCB5zCB5DCBvQQgzrdr # vl9pA+F/xIENO2TYNJSAht2LNezPvqHUl2EsLPgwgZgwgYCkfjB8MQswCQYDVQQG # EwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwG # A1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQg # VGltZS1TdGFtcCBQQ0EgMjAxMAITMwAAAevgGGy1tu847QABAAAB6zAiBCA9kYcH # +VG+xUTi6/dru5cF2a1m3fOAH07g39WllRZyljANBgkqhkiG9w0BAQsFAASCAgA7 # T8Nwx90m7X/htmR9nlJmbvbS8GnxE/JTjKPZgsCrjOElqA0eZCiJyfrzrQhflYQ3 # k0rlM4V0MdVSstOBc2N6wENbOJttkPMyhb9x5v+QBg1ZZC6VQ3q4cTFJhVBjm/HB # rxqA8MEMXfAsc10Kj1UgpkbSSWtCjR1UF3U/qrvUZfbDQbn92shR771+hUE341lJ # ndYqOcB17wkqWgeVNwfgmMn1dr+YKzZqCctV5ytbOhqNvWmFvsbeRfMX4W+S9uF8 # /A5tjpcTxIu37lploXnTS1XQHxLyD66Sk33OHznjAnDshJCmgqOTzFBv68xGylsD # F5W4ho3Hljx5/Vc62f/QPgr7hQIjd0o42NBN1/kXtCSV08Q7C0vxANaVHK/cRAVX # pcl7kCCj1kvd/7pwVImybUtMFZgkfz2c1YDM5S7BZB6Okt1jDzxsVEGrRhltqLoo # Abal1P5Ny6Sdi1Lyzme2HOmS+ALIqZBEo9ZdMtZLpQtO98oeDBJkjh3fZRdITt4A # VsXWzPyu8B54x5YllNK3E/hAiNYFJ2AQ08AfpXnU6Nsb7MHWQsmuj+/47b1+ZEdB # mKnO0Y66vVfw/RfrhagVmeqAtXKKuqCYcouILagZ00olymudjRBx2w29RisJaioN # DPoMiFwwxVW6zwxz0MquiBTuhWKqosJQNkF+KMYx4A== # SIG # End signature block |