PSCertificateEnrollment.psm1
|
If ($PSVersionTable.PSEdition -ne "Desktop") { Write-Error -Message "This module is only compatible with the Desktop Edition of Windows PowerShell" return } # https://docs.microsoft.com/en-us/windows/release-information/ New-Variable -Option Constant -Name BUILD_NUMBER_WINDOWS_7 -Value 7601 New-Variable -Option Constant -Name BUILD_NUMBER_WINDOWS_8_1 -Value 9600 New-Variable -Option Constant -Name BUILD_NUMBER_WINDOWS_10 -Value 10240 # https://docs.microsoft.com/en-us/windows/win32/api/certenroll/ne-certenroll-objectidgroupid New-Variable -Option Constant -Name ObjectIdGroupId -Value @{ XCN_CRYPT_ANY_GROUP_ID = 0 XCN_CRYPT_HASH_ALG_OID_GROUP_ID = 1 XCN_CRYPT_FIRST_ALG_OID_GROUP_ID = 1 XCN_CRYPT_ENCRYPT_ALG_OID_GROUP_ID = 2 XCN_CRYPT_PUBKEY_ALG_OID_GROUP_ID = 3 XCN_CRYPT_SIGN_ALG_OID_GROUP_ID = 4 XCN_CRYPT_LAST_ALG_OID_GROUP_ID = 4 XCN_CRYPT_RDN_ATTR_OID_GROUP_ID = 5 XCN_CRYPT_EXT_OR_ATTR_OID_GROUP_ID = 6 XCN_CRYPT_ENHKEY_USAGE_OID_GROUP_ID = 7 XCN_CRYPT_POLICY_OID_GROUP_ID = 8 XCN_CRYPT_TEMPLATE_OID_GROUP_ID = 9 XCN_CRYPT_KDF_OID_GROUP_ID = 10 XCN_CRYPT_LAST_OID_GROUP_ID = 10 XCN_CRYPT_OID_INFO_OID_GROUP_BIT_LEN_SHIFT = 16 XCN_CRYPT_GROUP_ID_MASK = 65535 XCN_CRYPT_OID_INFO_OID_GROUP_BIT_LEN_MASK = 268369920 XCN_CRYPT_OID_DISABLE_SEARCH_DS_FLAG = 0x80000000 XCN_CRYPT_KEY_LENGTH_MASK = 268369920 XCN_CRYPT_OID_PREFER_CNG_ALGID_FLAG = 1073741824 } # https://docs.microsoft.com/en-us/windows/win32/api/certenroll/ne-certenroll-objectidpublickeyflags New-Variable -Option Constant -Name ObjectIdPublicKeyFlags -Value @{ XCN_CRYPT_OID_INFO_PUBKEY_ANY = 0 XCN_CRYPT_OID_INFO_PUBKEY_SIGN_KEY_FLAG = 0x80000000 XCN_CRYPT_OID_INFO_PUBKEY_ENCRYPT_KEY_FLAG = 0x40000000 } # https://docs.microsoft.com/en-us/windows/win32/api/certcli/nf-certcli-icertrequest2-getcaproperty New-Variable -Option Constant -Name PropType -Value @{ PROPTYPE_LONG = 1 PROPTYPE_DATE = 2 PROPTYPE_BINARY = 3 PROPTYPE_STRING = 4 } # https://msdn.microsoft.com/en-us/library/windows/desktop/aa379394.aspx New-Variable -Option Constant -Name X500NameFlags -Value @{ XCN_CERT_NAME_STR_NONE = 0 XCN_CERT_SIMPLE_NAME_STR = 1 XCN_CERT_OID_NAME_STR = 2 XCN_CERT_X500_NAME_STR = 3 XCN_CERT_XML_NAME_STR = 4 XCN_CERT_NAME_STR_SEMICOLON_FLAG = 0x40000000 XCN_CERT_NAME_STR_NO_PLUS_FLAG = 0x20000000 XCN_CERT_NAME_STR_NO_QUOTING_FLAG = 0x10000000 XCN_CERT_NAME_STR_CRLF_FLAG = 0x8000000 XCN_CERT_NAME_STR_COMMA_FLAG = 0x4000000 XCN_CERT_NAME_STR_REVERSE_FLAG = 0x2000000 XCN_CERT_NAME_STR_FORWARD_FLAG = 0x1000000 XCN_CERT_NAME_STR_DISABLE_IE4_UTF8_FLAG = 0x10000 XCN_CERT_NAME_STR_ENABLE_T61_UNICODE_FLAG = 0x20000 XCN_CERT_NAME_STR_ENABLE_UTF8_UNICODE_FLAG = 0x40000 XCN_CERT_NAME_STR_FORCE_UTF8_DIR_STR_FLAG = 0x80000 XCN_CERT_NAME_STR_DISABLE_UTF8_DIR_STR_FLAG = 0x100000 } # https://docs.microsoft.com/en-us/windows/win32/api/certenroll/ne-certenroll-objectidgroupid New-Variable -Option Constant -Name Oid -Value @{ # https://msdn.microsoft.com/en-us/library/windows/desktop/aa379367(v=vs.85).aspx XCN_OID_CRL_DIST_POINTS = '2.5.29.31' XCN_OID_AUTHORITY_INFO_ACCESS = '1.3.6.1.5.5.7.1.1' XCN_OID_ENHANCED_KEY_USAGE = "2.5.29.37" XCN_OID_SUBJECT_ALT_NAME2 = "2.5.29.17" XCN_OID_FRESHEST_CRL = "2.5.29.46" XCN_OID_CERTSRV_CA_VERSION = "1.3.6.1.4.1.311.21.1" XCN_OID_CRL_NEXT_PUBLISH = "1.3.6.1.4.1.311.21.4" # https://msdn.microsoft.com/en-us/library/windows/desktop/aa378132(v=vs.85).aspx XCN_OID_ANY_APPLICATION_POLICY = "1.3.6.1.4.1.311.10.12.1" XCN_OID_AUTO_ENROLL_CTL_USAGE = "1.3.6.1.4.1.311.20.1" XCN_OID_DRM = "1.3.6.1.4.1.311.10.5.1" XCN_OID_DS_EMAIL_REPLICATION = "1.3.6.1.4.1.311.21.19" XCN_OID_EFS_RECOVERY = "1.3.6.1.4.1.311.10.3.4.1" XCN_OID_EMBEDDED_NT_CRYPTO = "1.3.6.1.4.1.311.10.3.8" XCN_OID_ENROLLMENT_AGENT = "1.3.6.1.4.1.311.20.2.1" XCN_OID_IPSEC_KP_IKE_INTERMEDIATE = "1.3.6.1.5.5.8.2.2" XCN_OID_KP_CA_EXCHANGE = "1.3.6.1.4.1.311.21.5" XCN_OID_KP_CTL_USAGE_SIGNING = "1.3.6.1.4.1.311.10.3.1" XCN_OID_KP_DOCUMENT_SIGNING = "1.3.6.1.4.1.311.10.3.12" XCN_OID_KP_EFS = "1.3.6.1.4.1.311.10.3.4" XCN_OID_KP_KEY_RECOVERY = "1.3.6.1.4.1.311.10.3.11" XCN_OID_KP_KEY_RECOVERY_AGENT = "1.3.6.1.4.1.311.21.6" XCN_OID_KP_LIFETIME_SIGNING = "1.3.6.1.4.1.311.10.3.13" XCN_OID_KP_QUALIFIED_SUBORDINATION = "1.3.6.1.4.1.311.10.3.10" XCN_OID_KP_SMARTCARD_LOGON = "1.3.6.1.4.1.311.20.2.2" XCN_OID_KP_TIME_STAMP_SIGNING = "1.3.6.1.4.1.311.10.3.2" XCN_OID_LICENSE_SERVER = "1.3.6.1.4.1.311.10.6.2" XCN_OID_LICENSES = "1.3.6.1.4.1.311.10.6.1" XCN_OID_NT5_CRYPTO = "1.3.6.1.4.1.311.10.3.7" XCN_OID_OEM_WHQL_CRYPTO = "1.3.6.1.4.1.311.10.3.7" XCN_OID_PKIX_KP_CLIENT_AUTH = "1.3.6.1.5.5.7.3.2" XCN_OID_PKIX_KP_CODE_SIGNING = "1.3.6.1.5.5.7.3.3" XCN_OID_PKIX_KP_EMAIL_PROTECTION = "1.3.6.1.5.5.7.3.4" XCN_OID_PKIX_KP_IPSEC_END_SYSTEM = "1.3.6.1.5.5.7.3.5" XCN_OID_PKIX_KP_IPSEC_TUNNEL = "1.3.6.1.5.5.7.3.6" XCN_OID_PKIX_KP_IPSEC_USER = "1.3.6.1.5.5.7.3.7" XCN_OID_PKIX_KP_OCSP_SIGNING = "1.3.6.1.5.5.7.3.9" XCN_OID_PKIX_KP_SERVER_AUTH = "1.3.6.1.5.5.7.3.1" XCN_OID_PKIX_KP_TIMESTAMP_SIGNING = "1.3.6.1.5.5.7.3.8" XCN_OID_ROOT_LIST_SIGNER = "1.3.6.1.4.1.311.10.3.9" XCN_OID_WHQL_CRYPTO = "1.3.6.1.4.1.311.10.3.5" # https://docs.microsoft.com/en-us/windows/win32/api/certenroll/nn-certenroll-ix509extensionsmimecapabilities XCN_OID_OIWSEC_desCBC = "1.3.14.3.2.7" XCN_OID_RSA_DES_EDE3_CBC = "1.2.840.113549.3.7" XCN_OID_RSA_RC2CBC = "1.2.840.113549.3.2" XCN_OID_RSA_RC4 = "1.2.840.113549.3.4" XCN_OID_RSA_SMIMEalgCMS3DESwrap = "1.2.840.113549.1.9.16.3.6" XCN_OID_RSA_SMIMEalgCMSRC2wrap = "1.2.840.113549.1.9.16.3.7" XCN_OID_NIST_AES128_CBC = "2.16.840.1.101.3.4.1.2" XCN_OID_NIST_AES192_CBC = "2.16.840.1.101.3.4.1.22" XCN_OID_NIST_AES256_CBC = "2.16.840.1.101.3.4.1.42" XCN_OID_NIST_AES128_WRAP = "2.16.840.1.101.3.4.1.5" XCN_OID_NIST_AES192_WRAP = "2.16.840.1.101.3.4.1.25" XCN_OID_NIST_AES256_WRAP = "2.16.840.1.101.3.4.1.45" # Own Definition XCN_OID_KP_KDC = "1.3.6.1.5.2.3.5" XCN_OID_KP_RDC = "1.3.6.1.4.1.311.54.1.2" XCN_OID_KP_DOCUMENT_ENCRYPTION = "1.3.6.1.4.1.311.80.1" # https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-gpnap/a48b02b2-2a10-4eb0-bed4-1807a6d2f5ad md5NoSign = "1.2.840.113549.2.5" sha1NoSign = "1.3.14.3.2.26" sha256NoSign = "2.16.840.1.101.3.4.2.1" sha384NoSign = "2.16.840.1.101.3.4.2.2" sha512NoSign = "2.16.840.1.101.3.4.2.3" # https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-winprotlp/e168a474-7de2-421c-b460-91adf87692a3 szOID_NTDS_CA_SECURITY_EXT = "1.3.6.1.4.1.311.25.2" OcspNoRevocationCheck = "1.3.6.1.5.5.7.48.1.5" } # https://docs.microsoft.com/en-us/windows/win32/api/certcli/nf-certcli-icertrequest2-getfullresponseproperty New-Variable -Option Constant -Name FullResponseProperty -Value @{ FR_PROP_NONE = 0 FR_PROP_FULLRESPONSE = 1 FR_PROP_STATUSINFOCOUNT = 2 FR_PROP_BODYPARTSTRING = 3 FR_PROP_STATUS = 4 FR_PROP_STATUSSTRING = 5 FR_PROP_OTHERINFOCHOICE = 6 FR_PROP_FAILINFO = 7 FR_PROP_PENDINFOTOKEN = 8 FR_PROP_PENDINFOTIME = 9 FR_PROP_ISSUEDCERTIFICATEHASH = 10 FR_PROP_ISSUEDCERTIFICATE = 11 FR_PROP_ISSUEDCERTIFICATECHAIN = 12 FR_PROP_ISSUEDCERTIFICATECRLCHAIN = 13 FR_PROP_ENCRYPTEDKEYHASH = 14 FR_PROP_FULLRESPONSENOPKCS7 = 15 FR_PROP_CAEXCHANGECERTIFICATEHASH = 16 FR_PROP_CAEXCHANGECERTIFICATE = 17 FR_PROP_CAEXCHANGECERTIFICATECHAIN = 18 FR_PROP_CAEXCHANGECERTIFICATECRLCHAIN = 19 FR_PROP_ATTESTATIONCHALLENGE = 20 FR_PROP_ATTESTATIONPROVIDERNAME = 21 } # https://docs.microsoft.com/en-us/windows/win32/api/certcli/nf-certcli-icertrequest-submit # https://docs.microsoft.com/en-us/windows/win32/api/certcli/nf-certcli-icertrequest-getcertificate # https://github.com/tpn/winsdk-10/blob/master/Include/10.0.10240.0/um/CertCli.h New-Variable -Option Constant -Name RequestFlags -Value @{ CR_IN_BASE64HEADER = 0 CR_IN_BASE64 = 1 CR_IN_BINARY = 2 CR_IN_ENCODEANY = 0xff CR_IN_MACHINE = 0x100000 CR_OUT_BASE64HEADER = 0 CR_OUT_BASE64 = 1 CR_OUT_BINARY = 2 } # https://docs.microsoft.com/en-us/windows/win32/api/certenroll/ne-certenroll-alternativenametype New-Variable -Option Constant -Name AlternativeNameType -Value @{ XCN_CERT_ALT_NAME_UNKNOWN = 0 XCN_CERT_ALT_NAME_OTHER_NAME = 1 XCN_CERT_ALT_NAME_RFC822_NAME = 2 XCN_CERT_ALT_NAME_DNS_NAME = 3 XCN_CERT_ALT_NAME_DIRECTORY_NAME = 5 XCN_CERT_ALT_NAME_URL = 7 XCN_CERT_ALT_NAME_IP_ADDRESS = 8 XCN_CERT_ALT_NAME_REGISTERED_ID = 9 XCN_CERT_ALT_NAME_GUID = 10 XCN_CERT_ALT_NAME_USER_PRINCIPLE_NAME = 11 } # https://docs.microsoft.com/en-us/windows/win32/api/certcli/nf-certcli-icertrequest-submit New-Variable -Option Constant -Name DispositionType -Value @{ CR_DISP_INCOMPLETE = 0 CR_DISP_ERROR = 1 CR_DISP_DENIED = 2 CR_DISP_ISSUED = 3 CR_DISP_ISSUED_OUT_OF_BAND = 4 CR_DISP_UNDER_SUBMISSION = 5 CR_DISP_REVOKED = 6 } # https://msdn.microsoft.com/en-us/library/windows/desktop/aa374936(v=vs.85).aspx New-Variable -Option Constant -Name EncodingType -Value @{ XCN_CRYPT_STRING_NOCR = [Int]::MinValue XCN_CRYPT_STRING_BASE64HEADER = 0 XCN_CRYPT_STRING_BASE64 = 1 XCN_CRYPT_STRING_BINARY = 2 XCN_CRYPT_STRING_BASE64REQUESTHEADER = 3 XCN_CRYPT_STRING_HEX = 4 XCN_CRYPT_STRING_HEXASCII = 5 XCN_CRYPT_STRING_BASE64_ANY = 6 XCN_CRYPT_STRING_ANY = 7 XCN_CRYPT_STRING_HEX_ANY = 8 XCN_CRYPT_STRING_BASE64X509CRLHEADER = 9 XCN_CRYPT_STRING_HEXADDR = 10 XCN_CRYPT_STRING_HEXASCIIADDR = 11 XCN_CRYPT_STRING_HEXRAW = 12 XCN_CRYPT_STRING_BASE64URI = 13 XCN_CRYPT_STRING_ENCODEMASK = 255 XCN_CRYPT_STRING_CHAIN = 256 XCN_CRYPT_STRING_TEXT = 512 XCN_CRYPT_STRING_PERCENTESCAPE = 134217728 XCN_CRYPT_STRING_HASHDATA = 268435456 XCN_CRYPT_STRING_STRICT = 536870912 XCN_CRYPT_STRING_NOCRLF = 1073741824 } # https://docs.microsoft.com/en-us/windows/win32/api/certenroll/ne-certenroll-x509keyspec New-Variable -Option Constant -Name X509KeySpec -Value @{ XCN_AT_NONE = 0 XCN_AT_KEYEXCHANGE = 1 XCN_AT_SIGNATURE = 2 } # https://docs.microsoft.com/en-us/windows/win32/api/certpol/ne-certpol-x509scepdisposition New-Variable -Option Constant -Name X509SCEPDisposition -Value @{ SCEPDispositionUnknown = -1 SCEPDispositionSuccess = 0 SCEPDispositionFailure = 2 SCEPDispositionPending = 3 SCEPDispositionPendingChallenge = 11 } # https://docs.microsoft.com/en-us/windows/win32/api/certenroll/ne-certenroll-x509privatekeyverify New-Variable -Option Constant -Name X509PrivateKeyVerify -Value @{ VerifyNone = 0 VerifySilent = 1 VerifySmartCardNone = 2 VerifySmartCardSilent = 4 VerifyAllowUI = 8 } # https://docs.microsoft.com/en-us/windows/win32/api/certenroll/ne-certenroll-algorithmflags New-Variable -Option Constant -Name AlgorithmFlags -Value @{ AlgorithmFlagsNone = 0 AlgorithmFlagsWrap = 1 } # https://docs.microsoft.com/en-us/windows/win32/api/certenroll/ne-certenroll-installresponserestrictionflags New-Variable -Option Constant -Name InstallResponseRestrictionFlags -Value @{ AllowNone = 0 AllowNoOutstandingRequest = 1 AllowUntrustedCertificate = 2 AllowUntrustedRoot = 4 } # https://docs.microsoft.com/en-us/windows/win32/api/certcli/ne-certcli-x509enrollmentauthflags # https://docs.microsoft.com/en-us/dotnet/api/microsoft.hpc.scheduler.store.x509enrollmentauthflags # https://gist.github.com/ctkirkman/77729328070ee1e1057fa1e2a64121a5 New-Variable -Option Constant -Name X509EnrollmentAuthFlags -Value @{ X509AuthNone = 0 X509AuthAnonymous = 1 X509AuthKerberos = 2 X509AuthUsername = 4 X509AuthCertificate = 8 } # https://docs.microsoft.com/en-us/windows/win32/api/certenroll/ne-certenroll-x509certificateenrollmentcontext New-Variable -Option Constant -Name X509CertificateEnrollmentContext -Value @{ ContextNone = 0 ContextUser = 1 ContextMachine = 2 ContextAdministratorForceMachine = 3 } # https://docs.microsoft.com/en-us/windows/win32/api/certenroll/nf-certenroll-ix509certificaterequestpkcs10-initializefromcertificate New-Variable -Option Constant -Name X509RequestInheritOptions -Value @{ InheritDefault = 0x00000000 InheritRenewalCertificateFlag = 0x00000020 InheritTemplateFlag = 0x00000040 InheritSubjectFlag = 0x00000080 InheritExtensionsFlag = 0x00000100 InheritSubjectAltNameFlag = 0x00000200 } # https://docs.microsoft.com/en-us/windows/win32/api/certenroll/ne-certenroll-enrollmentenrollstatus New-Variable -Option Constant -Name EnrollmentEnrollStatus -Value @{ Enrolled = 0x00000001 EnrollPended = 0x00000002 EnrollUIDeferredEnrollmentRequired = 0x00000004 EnrollError = 0x00000010 EnrollUnknown = 0x00000020 EnrollSkipped = 0x00000040 EnrollDenied = 0x00000100 } # https://docs.microsoft.com/bs-latn-ba/windows/win32/api/certenroll/ne-certenroll-innerrequestlevel New-Variable -Option Constant -Name InnerRequestLevel -Value @{ LevelInnermost = 0 LevelNext = 1 } # https://docs.microsoft.com/en-us/windows/win32/api/taskschd/ne-taskschd-task_run_flags New-Variable -Option Constant -Name TaskRunFlags -Value @{ TASK_RUN_NO_FLAGS = 0 TASK_RUN_AS_SELF = 1 TASK_RUN_IGNORE_CONSTRAINTS = 2 TASK_RUN_USE_SESSION_ID = 3 TASK_RUN_USER_SID = 4 } # https://tools.ietf.org/html/draft-nourse-scep-23#section-3.1.1.4 New-Variable -Option Constant -Name SCEPFailInfo -Value @( @{ Code = 0 Message = "badAlg" Description = "Unrecognized or unsupported algorithm identifier" } @{ Code = 1 Message = "badMessageCheck" Description = "integrity check failed" } @{ Code = 2 Message = "badRequest" Description = "transaction not permitted or supported" } @{ Code = 3 Message = "badTime" Description = "The signingTime attribute from the PKCS#7 authenticatedAttributes was not sufficiently close to the system time." } @{ Code = 4 Message = "badCertId" Description = "No certificate could be identified matching the provided criteria." } ) # Built from the Error Codes I observed whilst testing Get-NDESCertificate # Stored as String as this gets compared against a text that is returned from the API New-Variable -Option Constant -Name NDESErrorCode -Value @{ CERT_E_WRONG_USAGE = "0x800b0110" TRUST_E_CERT_SIGNATURE = "0x80096004" ERROR_NOT_FOUND = "0x80070490" CERTSRV_E_BAD_REQUESTSUBJECT = "0x80094001" RPC_S_SERVER_UNAVAILABLE = "0x800706ba" } # https://msdn.microsoft.com/en-us/library/windows/desktop/aa378132(v=vs.85).aspx New-Variable -Option Constant -Name EkuNameToOidTable -Value @{ EnrollmentAgent = $Oid.XCN_OID_ENROLLMENT_AGENT ClientAuthentication = $Oid.XCN_OID_PKIX_KP_CLIENT_AUTH CodeSigning = $Oid.XCN_OID_PKIX_KP_CODE_SIGNING LifeTimeSigning = $Oid.XCN_OID_KP_LIFETIME_SIGNING DocumentSigning = $Oid.XCN_OID_KP_DOCUMENT_SIGNING DocumentEncryption = $Oid.XCN_OID_KP_DOCUMENT_ENCRYPTION EncryptingFileSystem = $Oid.XCN_OID_KP_EFS FileRecovery = $Oid.XCN_OID_EFS_RECOVERY IPSecEndSystem = $Oid.XCN_OID_PKIX_KP_IPSEC_END_SYSTEM IPSecIKEIntermediate = $Oid.XCN_OID_IPSEC_KP_IKE_INTERMEDIATE IPSecTunnelEndpoint = $Oid.XCN_OID_PKIX_KP_IPSEC_TUNNEL IPSecUser = $Oid.XCN_OID_PKIX_KP_IPSEC_USER KeyRecovery = $Oid.XCN_OID_KP_KEY_RECOVERY KDCAuthentication = $Oid.XCN_OID_KP_KDC SecureEmail = $Oid.XCN_OID_PKIX_KP_EMAIL_PROTECTION ServerAuthentication = $Oid.XCN_OID_PKIX_KP_SERVER_AUTH SmartCardLogon = $Oid.XCN_OID_KP_SMARTCARD_LOGON TimeStamping = $Oid.XCN_OID_PKIX_KP_TIMESTAMP_SIGNING OCSPSigning = $Oid.XCN_OID_PKIX_KP_OCSP_SIGNING RemoteDesktopAuthentication = $Oid.XCN_OID_KP_RDC PrivateKeyArchival = $Oid.XCN_OID_KP_CA_EXCHANGE } New-Variable -Option Constant -Name SmimeCapabilityToOidTable -Value @{ des = $Oid.XCN_OID_OIWSEC_desCBC des3 = $Oid.XCN_OID_RSA_DES_EDE3_CBC rc2 = $Oid.XCN_OID_RSA_RC2CBC rc4 = $Oid.XCN_OID_RSA_RC4 des3wrap = $Oid.XCN_OID_RSA_SMIMEalgCMS3DESwrap rc2wrap = $Oid.XCN_OID_RSA_SMIMEalgCMSRC2wrap aes128 = $Oid.XCN_OID_NIST_AES128_CBC aes192 = $Oid.XCN_OID_NIST_AES192_CBC aes256 = $Oid.XCN_OID_NIST_AES256_CBC aes128wrap = $Oid.XCN_OID_NIST_AES128_WRAP aes192wrap = $Oid.XCN_OID_NIST_AES192_WRAP aes256wrap = $Oid.XCN_OID_NIST_AES256_WRAP md5 = $Oid.md5noSign sha1 = $Oid.sha1noSign sha256 = $Oid.sha256noSign sha384 = $Oid.sha384noSign sha512 = $Oid.sha512noSign } $ModuleRoot = Split-Path -Path $MyInvocation.MyCommand.Definition -Parent # Import Public Functions . $ModuleRoot\Functions\Get-NDESOTP.ps1 . $ModuleRoot\Functions\Get-SCEPCertificate.ps1 . $ModuleRoot\Functions\Get-KeyStorageProvider.ps1 . $ModuleRoot\Functions\Get-IssuedCertificate.ps1 . $ModuleRoot\Functions\New-CertificateRequest.ps1 . $ModuleRoot\Functions\New-SignedCertificateRequest.ps1 . $ModuleRoot\Functions\Install-IssuedCertificate.ps1 . $ModuleRoot\Functions\Undo-CertificateArchival.ps1 . $ModuleRoot\Functions\Get-RemoteDesktopCertificate.ps1 . $ModuleRoot\Functions\Set-RemoteDesktopCertificate.ps1 . $ModuleRoot\Functions\Invoke-AutoEnrollmentTask.ps1 . $ModuleRoot\Functions\Get-ESTCertificate.ps1 . $ModuleRoot\Functions\Get-ESTCACertificates.ps1 . $ModuleRoot\Functions\Get-XCEPEnrollmentPolicy . $ModuleRoot\Functions\Clear-XCEPEnrollmentPolicyCache.ps1 . $ModuleRoot\Functions\Get-WSTEPResponse.ps1 # Import Private Functions . $ModuleRoot\Functions\Convert-DERToBASE64.ps1 . $ModuleRoot\Functions\Convert-StringToCertificateSerialNumber.ps1 . $ModuleRoot\Functions\Convert-StringToDER.ps1 . $ModuleRoot\Functions\Convert-StringToHex.ps1 . $ModuleRoot\Functions\Get-Asn1LengthOctets.ps1 . $ModuleRoot\Functions\Get-CertificateHash.ps1 . $ModuleRoot\Functions\New-AiaExtension.ps1 . $ModuleRoot\Functions\New-CdpExtension.ps1 . $ModuleRoot\Functions\New-SidExtension.ps1 # SIG # Begin signature block # MIIruQYJKoZIhvcNAQcCoIIrqjCCK6YCAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCBjXoOzsXqNm2Y6 # 4TZTaiMNqGwUVCOZXT+Gp7EA6ZYfpaCCJM8wggVvMIIEV6ADAgECAhBI/JO0YFWU # jTanyYqJ1pQWMA0GCSqGSIb3DQEBDAUAMHsxCzAJBgNVBAYTAkdCMRswGQYDVQQI # DBJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAOBgNVBAcMB1NhbGZvcmQxGjAYBgNVBAoM # EUNvbW9kbyBDQSBMaW1pdGVkMSEwHwYDVQQDDBhBQUEgQ2VydGlmaWNhdGUgU2Vy # dmljZXMwHhcNMjEwNTI1MDAwMDAwWhcNMjgxMjMxMjM1OTU5WjBWMQswCQYDVQQG # EwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMS0wKwYDVQQDEyRTZWN0aWdv # IFB1YmxpYyBDb2RlIFNpZ25pbmcgUm9vdCBSNDYwggIiMA0GCSqGSIb3DQEBAQUA # A4ICDwAwggIKAoICAQCN55QSIgQkdC7/FiMCkoq2rjaFrEfUI5ErPtx94jGgUW+s # hJHjUoq14pbe0IdjJImK/+8Skzt9u7aKvb0Ffyeba2XTpQxpsbxJOZrxbW6q5KCD # J9qaDStQ6Utbs7hkNqR+Sj2pcaths3OzPAsM79szV+W+NDfjlxtd/R8SPYIDdub7 # P2bSlDFp+m2zNKzBenjcklDyZMeqLQSrw2rq4C+np9xu1+j/2iGrQL+57g2extme # me/G3h+pDHazJyCh1rr9gOcB0u/rgimVcI3/uxXP/tEPNqIuTzKQdEZrRzUTdwUz # T2MuuC3hv2WnBGsY2HH6zAjybYmZELGt2z4s5KoYsMYHAXVn3m3pY2MeNn9pib6q # RT5uWl+PoVvLnTCGMOgDs0DGDQ84zWeoU4j6uDBl+m/H5x2xg3RpPqzEaDux5mcz # mrYI4IAFSEDu9oJkRqj1c7AGlfJsZZ+/VVscnFcax3hGfHCqlBuCF6yH6bbJDoEc # QNYWFyn8XJwYK+pF9e+91WdPKF4F7pBMeufG9ND8+s0+MkYTIDaKBOq3qgdGnA2T # OglmmVhcKaO5DKYwODzQRjY1fJy67sPV+Qp2+n4FG0DKkjXp1XrRtX8ArqmQqsV/ # AZwQsRb8zG4Y3G9i/qZQp7h7uJ0VP/4gDHXIIloTlRmQAOka1cKG8eOO7F/05QID # AQABo4IBEjCCAQ4wHwYDVR0jBBgwFoAUoBEKIz6W8Qfs4q8p74Klf9AwpLQwHQYD # VR0OBBYEFDLrkpr/NZZILyhAQnAgNpFcF4XmMA4GA1UdDwEB/wQEAwIBhjAPBgNV # HRMBAf8EBTADAQH/MBMGA1UdJQQMMAoGCCsGAQUFBwMDMBsGA1UdIAQUMBIwBgYE # VR0gADAIBgZngQwBBAEwQwYDVR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC5jb21v # ZG9jYS5jb20vQUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwNAYIKwYBBQUHAQEE # KDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wDQYJKoZI # hvcNAQEMBQADggEBABK/oe+LdJqYRLhpRrWrJAoMpIpnuDqBv0WKfVIHqI0fTiGF # OaNrXi0ghr8QuK55O1PNtPvYRL4G2VxjZ9RAFodEhnIq1jIV9RKDwvnhXRFAZ/ZC # J3LFI+ICOBpMIOLbAffNRk8monxmwFE2tokCVMf8WPtsAO7+mKYulaEMUykfb9gZ # pk+e96wJ6l2CxouvgKe9gUhShDHaMuwV5KZMPWw5c9QLhTkg4IUaaOGnSDip0TYl # d8GNGRbFiExmfS9jzpjoad+sPKhdnckcW67Y8y90z7h+9teDnRGWYpquRRPaf9xH # +9/DUp/mBlXpnYzyOmJRvOwkDynUWICE5EV7WtgwggYUMIID/KADAgECAhB6I67a # U2mWD5HIPlz0x+M/MA0GCSqGSIb3DQEBDAUAMFcxCzAJBgNVBAYTAkdCMRgwFgYD # VQQKEw9TZWN0aWdvIExpbWl0ZWQxLjAsBgNVBAMTJVNlY3RpZ28gUHVibGljIFRp # bWUgU3RhbXBpbmcgUm9vdCBSNDYwHhcNMjEwMzIyMDAwMDAwWhcNMzYwMzIxMjM1 # OTU5WjBVMQswCQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVkMSww # KgYDVQQDEyNTZWN0aWdvIFB1YmxpYyBUaW1lIFN0YW1waW5nIENBIFIzNjCCAaIw # DQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAM2Y2ENBq26CK+z2M34mNOSJjNPv # IhKAVD7vJq+MDoGD46IiM+b83+3ecLvBhStSVjeYXIjfa3ajoW3cS3ElcJzkyZlB # nwDEJuHlzpbN4kMH2qRBVrjrGJgSlzzUqcGQBaCxpectRGhhnOSwcjPMI3G0hedv # 2eNmGiUbD12OeORN0ADzdpsQ4dDi6M4YhoGE9cbY11XxM2AVZn0GiOUC9+XE0wI7 # CQKfOUfigLDn7i/WeyxZ43XLj5GVo7LDBExSLnh+va8WxTlA+uBvq1KO8RSHUQLg # zb1gbL9Ihgzxmkdp2ZWNuLc+XyEmJNbD2OIIq/fWlwBp6KNL19zpHsODLIsgZ+WZ # 1AzCs1HEK6VWrxmnKyJJg2Lv23DlEdZlQSGdF+z+Gyn9/CRezKe7WNyxRf4e4bwU # trYE2F5Q+05yDD68clwnweckKtxRaF0VzN/w76kOLIaFVhf5sMM/caEZLtOYqYad # tn034ykSFaZuIBU9uCSrKRKTPJhWvXk4CllgrwIDAQABo4IBXDCCAVgwHwYDVR0j # BBgwFoAU9ndq3T/9ARP/FqFsggIv0Ao9FCUwHQYDVR0OBBYEFF9Y7UwxeqJhQo1S # gLqzYZcZojKbMA4GA1UdDwEB/wQEAwIBhjASBgNVHRMBAf8ECDAGAQH/AgEAMBMG # A1UdJQQMMAoGCCsGAQUFBwMIMBEGA1UdIAQKMAgwBgYEVR0gADBMBgNVHR8ERTBD # MEGgP6A9hjtodHRwOi8vY3JsLnNlY3RpZ28uY29tL1NlY3RpZ29QdWJsaWNUaW1l # U3RhbXBpbmdSb290UjQ2LmNybDB8BggrBgEFBQcBAQRwMG4wRwYIKwYBBQUHMAKG # O2h0dHA6Ly9jcnQuc2VjdGlnby5jb20vU2VjdGlnb1B1YmxpY1RpbWVTdGFtcGlu # Z1Jvb3RSNDYucDdjMCMGCCsGAQUFBzABhhdodHRwOi8vb2NzcC5zZWN0aWdvLmNv # bTANBgkqhkiG9w0BAQwFAAOCAgEAEtd7IK0ONVgMnoEdJVj9TC1ndK/HYiYh9lVU # acahRoZ2W2hfiEOyQExnHk1jkvpIJzAMxmEc6ZvIyHI5UkPCbXKspioYMdbOnBWQ # Un733qMooBfIghpR/klUqNxx6/fDXqY0hSU1OSkkSivt51UlmJElUICZYBodzD3M # /SFjeCP59anwxs6hwj1mfvzG+b1coYGnqsSz2wSKr+nDO+Db8qNcTbJZRAiSazr7 # KyUJGo1c+MScGfG5QHV+bps8BX5Oyv9Ct36Y4Il6ajTqV2ifikkVtB3RNBUgwu/m # SiSUice/Jp/q8BMk/gN8+0rNIE+QqU63JoVMCMPY2752LmESsRVVoypJVt8/N3qQ # 1c6FibbcRabo3azZkcIdWGVSAdoLgAIxEKBeNh9AQO1gQrnh1TA8ldXuJzPSuALO # z1Ujb0PCyNVkWk7hkhVHfcvBfI8NtgWQupiaAeNHe0pWSGH2opXZYKYG4Lbukg7H # pNi/KqJhue2Keak6qH9A8CeEOB7Eob0Zf+fU+CCQaL0cJqlmnx9HCDxF+3BLbUuf # rV64EbTI40zqegPZdA+sXCmbcZy6okx/SjwsusWRItFA3DE8MORZeFb6BmzBtqKJ # 7l939bbKBy2jvxcJI98Va95Q5JnlKor3m0E7xpMeYRriWklUPsetMSf2NvUQa/E5 # vVyefQIwggYaMIIEAqADAgECAhBiHW0MUgGeO5B5FSCJIRwKMA0GCSqGSIb3DQEB # DAUAMFYxCzAJBgNVBAYTAkdCMRgwFgYDVQQKEw9TZWN0aWdvIExpbWl0ZWQxLTAr # BgNVBAMTJFNlY3RpZ28gUHVibGljIENvZGUgU2lnbmluZyBSb290IFI0NjAeFw0y # MTAzMjIwMDAwMDBaFw0zNjAzMjEyMzU5NTlaMFQxCzAJBgNVBAYTAkdCMRgwFgYD # VQQKEw9TZWN0aWdvIExpbWl0ZWQxKzApBgNVBAMTIlNlY3RpZ28gUHVibGljIENv # ZGUgU2lnbmluZyBDQSBSMzYwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGKAoIB # gQCbK51T+jU/jmAGQ2rAz/V/9shTUxjIztNsfvxYB5UXeWUzCxEeAEZGbEN4QMgC # sJLZUKhWThj/yPqy0iSZhXkZ6Pg2A2NVDgFigOMYzB2OKhdqfWGVoYW3haT29PST # ahYkwmMv0b/83nbeECbiMXhSOtbam+/36F09fy1tsB8je/RV0mIk8XL/tfCK6cPu # YHE215wzrK0h1SWHTxPbPuYkRdkP05ZwmRmTnAO5/arnY83jeNzhP06ShdnRqtZl # V59+8yv+KIhE5ILMqgOZYAENHNX9SJDm+qxp4VqpB3MV/h53yl41aHU5pledi9lC # BbH9JeIkNFICiVHNkRmq4TpxtwfvjsUedyz8rNyfQJy/aOs5b4s+ac7IH60B+Ja7 # TVM+EKv1WuTGwcLmoU3FpOFMbmPj8pz44MPZ1f9+YEQIQty/NQd/2yGgW+ufflcZ # /ZE9o1M7a5Jnqf2i2/uMSWymR8r2oQBMdlyh2n5HirY4jKnFH/9gRvd+QOfdRrJZ # b1sCAwEAAaOCAWQwggFgMB8GA1UdIwQYMBaAFDLrkpr/NZZILyhAQnAgNpFcF4Xm # MB0GA1UdDgQWBBQPKssghyi47G9IritUpimqF6TNDDAOBgNVHQ8BAf8EBAMCAYYw # EgYDVR0TAQH/BAgwBgEB/wIBADATBgNVHSUEDDAKBggrBgEFBQcDAzAbBgNVHSAE # FDASMAYGBFUdIAAwCAYGZ4EMAQQBMEsGA1UdHwREMEIwQKA+oDyGOmh0dHA6Ly9j # cmwuc2VjdGlnby5jb20vU2VjdGlnb1B1YmxpY0NvZGVTaWduaW5nUm9vdFI0Ni5j # cmwwewYIKwYBBQUHAQEEbzBtMEYGCCsGAQUFBzAChjpodHRwOi8vY3J0LnNlY3Rp # Z28uY29tL1NlY3RpZ29QdWJsaWNDb2RlU2lnbmluZ1Jvb3RSNDYucDdjMCMGCCsG # AQUFBzABhhdodHRwOi8vb2NzcC5zZWN0aWdvLmNvbTANBgkqhkiG9w0BAQwFAAOC # AgEABv+C4XdjNm57oRUgmxP/BP6YdURhw1aVcdGRP4Wh60BAscjW4HL9hcpkOTz5 # jUug2oeunbYAowbFC2AKK+cMcXIBD0ZdOaWTsyNyBBsMLHqafvIhrCymlaS98+Qp # oBCyKppP0OcxYEdU0hpsaqBBIZOtBajjcw5+w/KeFvPYfLF/ldYpmlG+vd0xqlqd # 099iChnyIMvY5HexjO2AmtsbpVn0OhNcWbWDRF/3sBp6fWXhz7DcML4iTAWS+MVX # eNLj1lJziVKEoroGs9Mlizg0bUMbOalOhOfCipnx8CaLZeVme5yELg09Jlo8BMe8 # 0jO37PU8ejfkP9/uPak7VLwELKxAMcJszkyeiaerlphwoKx1uHRzNyE6bxuSKcut # isqmKL5OTunAvtONEoteSiabkPVSZ2z76mKnzAfZxCl/3dq3dUNw4rg3sTCggkHS # RqTqlLMS7gjrhTqBmzu1L90Y1KWN/Y5JKdGvspbOrTfOXyXvmPL6E52z1NZJ6ctu # MFBQZH3pwWvqURR8AgQdULUvrxjUYbHHj95Ejza63zdrEcxWLDX6xWls/GDnVNue # KjWUH3fTv1Y8Wdho698YADR7TNx8X8z2Bev6SivBBOHY+uqiirZtg0y9ShQoPzmC # cn63Syatatvx157YK9hlcPmVoa1oDE5/L9Uo2bC5a4CH2RwwggY7MIIEo6ADAgEC # AhB0DwHfMJggnItJs5sO5vT7MA0GCSqGSIb3DQEBDAUAMFQxCzAJBgNVBAYTAkdC # MRgwFgYDVQQKEw9TZWN0aWdvIExpbWl0ZWQxKzApBgNVBAMTIlNlY3RpZ28gUHVi # bGljIENvZGUgU2lnbmluZyBDQSBSMzYwHhcNMjMwMzEzMDAwMDAwWhcNMjYwMzEy # MjM1OTU5WjBSMQswCQYDVQQGEwJERTEPMA0GA1UECAwGQmF5ZXJuMRgwFgYDVQQK # DA9Vd2UgR3JhZGVuZWdnZXIxGDAWBgNVBAMMD1V3ZSBHcmFkZW5lZ2dlcjCCAiIw # DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK8WKgQdO1LSQoL7lLmI8JOgQAc4 # IMJTOsnpfGrL9F57ol8zoAMZBCbJ4dU9Km5+XWBgclFQvGcRCKKmAlMScougIdHl # 8fk4mj5UNnulC58zBFAcWVpkH62yPECWQgky14k1XKNFa326ILpSluO9U25EeIEH # mKwDCb+TrhskWh4tcEi8wgmCBTBweSmPQoiN0q0HwUvfIP7/WSnV4aupZfmqaBg4 # 4YQluOHEBeAP4B6Imv8g6HVYP1vpDg/lMO3VgeFfLBiRugzjHKWeiNqDX9XHTWNK # CnFQZPURUKUd8pSIlsw4r2qiXwTLLiyeXa/TahZVGwYfAAgrEA13LwIEcT8iW7IW # 4XeWYRBYH6jSzxIjn5JEC2bVWo59f2oIxL+oEJSuUvC8RdYZZtEwDUn5DNZeC9ia # oREzv6Mmqa5L9BtxCOyYpMpTubj4pPP49klHkdgxmczz9vadfmOIjB2sWBR/SmuO # 7FtBLGMph+wfrIy3pAKLAX0EL72yWqFHKpEgSvCVZ/hnZBVMB6gxT3nFh6m7AXlA # daxZ7JLq5xy9P/Nwg9g2OltwUzhqIKtTzcG+v20mffy6pG/AkuUIiyfjuC3u1jY9 # TuM74DnaKRh+EgpkiMAzQK9hyl8AS/YZwaWD8b31MLbUnpWNIZ4M5yXhibAHE+jW # Ig2iWVcLmu7LiT7NAgMBAAGjggGJMIIBhTAfBgNVHSMEGDAWgBQPKssghyi47G9I # ritUpimqF6TNDDAdBgNVHQ4EFgQUMk0HbqTvGbbhuicQT46bYGPu3l4wDgYDVR0P # AQH/BAQDAgeAMAwGA1UdEwEB/wQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwMwSgYD # VR0gBEMwQTA1BgwrBgEEAbIxAQIBAwIwJTAjBggrBgEFBQcCARYXaHR0cHM6Ly9z # ZWN0aWdvLmNvbS9DUFMwCAYGZ4EMAQQBMEkGA1UdHwRCMEAwPqA8oDqGOGh0dHA6 # Ly9jcmwuc2VjdGlnby5jb20vU2VjdGlnb1B1YmxpY0NvZGVTaWduaW5nQ0FSMzYu # Y3JsMHkGCCsGAQUFBwEBBG0wazBEBggrBgEFBQcwAoY4aHR0cDovL2NydC5zZWN0 # aWdvLmNvbS9TZWN0aWdvUHVibGljQ29kZVNpZ25pbmdDQVIzNi5jcnQwIwYIKwYB # BQUHMAGGF2h0dHA6Ly9vY3NwLnNlY3RpZ28uY29tMA0GCSqGSIb3DQEBDAUAA4IB # gQB2atmLSet4Oun2a17hRlqzc45VdBntzhZSsnRuzWbQHR+sOFLtU8i0ttaIMlJf # ItJ1YsfOunuTuYnw3HgoefVzZtFQBxl0kNOT2H81NgvOPazW6Ur3rDwRo5pZcOt7 # bdfzGB2U7dXdhnkgmFV8kPpqbYdjVj0N4F/Jih0qIOEe/bEpLoDmsQB88hWwy9zv # CabzYOU4YAUAFQucSzBEGWnOqjchWVU/vdQYrVx26DDVBsZsNB6iS3sNkUgplEe/ # klRY66z6uhqrspwhN9me1evMm+mwFJRPdtJ+kjTu9e9VfB7qkYS5l7opvyGW+mwr # 4vpS/z8r4D+qWT/ZsW+D+ZDnOCE3joTMwH4wH+k9rW4SBGMHm5yt4crBHcaIbQjO # kcrKo9eAU5usaOeKl+L1uQoq0Me8Nppc4s/fwLFTFIhjnAq6bXpZud8BEu3L8sNW # 06vdC1qzBSCDqGKBEUtDDZgRg0b57Ejv5EOk+LJPMHbFj6jjR4hyFB3Se/cNfLiF # hGUwggZdMIIExaADAgECAhA6UmoshM5V5h1l/MwS2OmJMA0GCSqGSIb3DQEBDAUA # MFUxCzAJBgNVBAYTAkdCMRgwFgYDVQQKEw9TZWN0aWdvIExpbWl0ZWQxLDAqBgNV # BAMTI1NlY3RpZ28gUHVibGljIFRpbWUgU3RhbXBpbmcgQ0EgUjM2MB4XDTI0MDEx # NTAwMDAwMFoXDTM1MDQxNDIzNTk1OVowbjELMAkGA1UEBhMCR0IxEzARBgNVBAgT # Ck1hbmNoZXN0ZXIxGDAWBgNVBAoTD1NlY3RpZ28gTGltaXRlZDEwMC4GA1UEAxMn # U2VjdGlnbyBQdWJsaWMgVGltZSBTdGFtcGluZyBTaWduZXIgUjM1MIICIjANBgkq # hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAjdFn9MFIm739OEk6TWGBm8PY3EWlYQQ2 # jQae45iWgPXUGVuYoIa1xjTGIyuw3suUSBzKiyG0/c/Yn++d5mG6IyayljuGT9De # XQU9k8GWWj2/BPoamg2fFctnPsdTYhMGxM06z1+Ft0Bav8ybww21ii/faiy+NhiU # M195+cFqOtCpJXxZ/lm9tpjmVmEqpAlRpfGmLhNdkqiEuDFTuD1GsV3jvuPuPGKU # JTam3P53U4LM0UCxeDI8Qz40Qw9TPar6S02XExlc8X1YsiE6ETcTz+g1ImQ1OqFw # EaxsMj/WoJT18GG5KiNnS7n/X4iMwboAg3IjpcvEzw4AZCZowHyCzYhnFRM4PuNM # VHYcTXGgvuq9I7j4ke281x4e7/90Z5Wbk92RrLcS35hO30TABcGx3Q8+YLRy6o0k # 1w4jRefCMT7b5mTxtq5XPmKvtgfPuaWPkGZ/tbxInyNDA7YgOgccULjp4+D56g2i # uzRCsLQ9ac6AN4yRbqCYsG2rcIQ5INTyI2JzA2w1vsAHPRbUTeqVLDuNOY2gYIoK # BWQsPYVoyzaoBVU6O5TG+a1YyfWkgVVS9nXKs8hVti3VpOV3aeuaHnjgC6He2CCD # L9aW6gteUe0AmC8XCtWwpePx6QW3ROZo8vSUe9AR7mMdu5+FzTmW8K13Bt8GX/YB # FJO7LWzwKAUCAwEAAaOCAY4wggGKMB8GA1UdIwQYMBaAFF9Y7UwxeqJhQo1SgLqz # YZcZojKbMB0GA1UdDgQWBBRo76QySWm2Ujgd6kM5LPQUap4MhTAOBgNVHQ8BAf8E # BAMCBsAwDAYDVR0TAQH/BAIwADAWBgNVHSUBAf8EDDAKBggrBgEFBQcDCDBKBgNV # HSAEQzBBMDUGDCsGAQQBsjEBAgEDCDAlMCMGCCsGAQUFBwIBFhdodHRwczovL3Nl # Y3RpZ28uY29tL0NQUzAIBgZngQwBBAIwSgYDVR0fBEMwQTA/oD2gO4Y5aHR0cDov # L2NybC5zZWN0aWdvLmNvbS9TZWN0aWdvUHVibGljVGltZVN0YW1waW5nQ0FSMzYu # Y3JsMHoGCCsGAQUFBwEBBG4wbDBFBggrBgEFBQcwAoY5aHR0cDovL2NydC5zZWN0 # aWdvLmNvbS9TZWN0aWdvUHVibGljVGltZVN0YW1waW5nQ0FSMzYuY3J0MCMGCCsG # AQUFBzABhhdodHRwOi8vb2NzcC5zZWN0aWdvLmNvbTANBgkqhkiG9w0BAQwFAAOC # AYEAsNwuyfpPNkyKL/bJT9XvGE8fnw7Gv/4SetmOkjK9hPPa7/Nsv5/MHuVus+aX # wRFqM5Vu51qfrHTwnVExcP2EHKr7IR+m/Ub7PamaeWfle5x8D0x/MsysICs00xtS # NVxFywCvXx55l6Wg3lXiPCui8N4s51mXS0Ht85fkXo3auZdo1O4lHzJLYX4RZovl # VWD5EfwV6Ve1G9UMslnm6pI0hyR0Zr95QWG0MpNPP0u05SHjq/YkPlDee3yYOECN # MqnZ+j8onoUtZ0oC8CkbOOk/AOoV4kp/6Ql2gEp3bNC7DOTlaCmH24DjpVgryn8F # MklqEoK4Z3IoUgV8R9qQLg1dr6/BjghGnj2XNA8ujta2JyoxpqpvyETZCYIUjIs6 # 9YiDjzftt37rQVwIZsfCYv+DU5sh/StFL1x4rgNj2t8GccUfa/V3iFFW9lfIJWWs # vtlC5XOOOQswr1UmVdNWQem4LwrlLgcdO/YAnHqY52QwnBLiAuUnuBeshWmfEb5o # ieIYMIIGgjCCBGqgAwIBAgIQNsKwvXwbOuejs902y8l1aDANBgkqhkiG9w0BAQwF # ADCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcT # C0plcnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAs # BgNVBAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcN # MjEwMzIyMDAwMDAwWhcNMzgwMTE4MjM1OTU5WjBXMQswCQYDVQQGEwJHQjEYMBYG # A1UEChMPU2VjdGlnbyBMaW1pdGVkMS4wLAYDVQQDEyVTZWN0aWdvIFB1YmxpYyBU # aW1lIFN0YW1waW5nIFJvb3QgUjQ2MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC # CgKCAgEAiJ3YuUVnnR3d6LkmgZpUVMB8SQWbzFoVD9mUEES0QUCBdxSZqdTkdizI # CFNeINCSJS+lV1ipnW5ihkQyC0cRLWXUJzodqpnMRs46npiJPHrfLBOifjfhpdXJ # 2aHHsPHggGsCi7uE0awqKggE/LkYw3sqaBia67h/3awoqNvGqiFRJ+OTWYmUCO2G # AXsePHi+/JUNAax3kpqstbl3vcTdOGhtKShvZIvjwulRH87rbukNyHGWX5tNK/WA # BKf+Gnoi4cmisS7oSimgHUI0Wn/4elNd40BFdSZ1EwpuddZ+Wr7+Dfo0lcHflm/F # DDrOJ3rWqauUP8hsokDoI7D/yUVI9DAE/WK3Jl3C4LKwIpn1mNzMyptRwsXKrop0 # 6m7NUNHdlTDEMovXAIDGAvYynPt5lutv8lZeI5w3MOlCybAZDpK3Dy1MKo+6aEtE # 9vtiTMzz/o2dYfdP0KWZwZIXbYsTIlg1YIetCpi5s14qiXOpRsKqFKqav9R1R5vj # 3NgevsAsvxsAnI8Oa5s2oy25qhsoBIGo/zi6GpxFj+mOdh35Xn91y72J4RGOJEoq # zEIbW3q0b2iPuWLA911cRxgY5SJYubvjay3nSMbBPPFsyl6mY4/WYucmyS9lo3l7 # jk27MAe145GWxK4O3m3gEFEIkv7kRmefDR7Oe2T1HxAnICQvr9sCAwEAAaOCARYw # ggESMB8GA1UdIwQYMBaAFFN5v1qqK0rPVIDh2JvAnfKyA2bLMB0GA1UdDgQWBBT2 # d2rdP/0BE/8WoWyCAi/QCj0UJTAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUw # AwEB/zATBgNVHSUEDDAKBggrBgEFBQcDCDARBgNVHSAECjAIMAYGBFUdIAAwUAYD # VR0fBEkwRzBFoEOgQYY/aHR0cDovL2NybC51c2VydHJ1c3QuY29tL1VTRVJUcnVz # dFJTQUNlcnRpZmljYXRpb25BdXRob3JpdHkuY3JsMDUGCCsGAQUFBwEBBCkwJzAl # BggrBgEFBQcwAYYZaHR0cDovL29jc3AudXNlcnRydXN0LmNvbTANBgkqhkiG9w0B # AQwFAAOCAgEADr5lQe1oRLjlocXUEYfktzsljOt+2sgXke3Y8UPEooU5y39rAARa # AdAxUeiX1ktLJ3+lgxtoLQhn5cFb3GF2SSZRX8ptQ6IvuD3wz/LNHKpQ5nX8hjsD # LRhsyeIiJsms9yAWnvdYOdEMq1W61KE9JlBkB20XBee6JaXx4UBErc+YuoSb1SxV # f7nkNtUjPfcxuFtrQdRMRi/fInV/AobE8Gw/8yBMQKKaHt5eia8ybT8Y/Ffa6HAJ # yz9gvEOcF1VWXG8OMeM7Vy7Bs6mSIkYeYtddU1ux1dQLbEGur18ut97wgGwDiGin # CwKPyFO7ApcmVJOtlw9FVJxw/mL1TbyBns4zOgkaXFnnfzg4qbSvnrwyj1NiurMp # 4pmAWjR+Pb/SIduPnmFzbSN/G8reZCL4fvGlvPFk4Uab/JVCSmj59+/mB2Gn6G/U # YOy8k60mKcmaAZsEVkhOFuoj4we8CYyaR9vd9PGZKSinaZIkvVjbH/3nlLb0a7SB # IkiRzfPfS9T+JesylbHa1LtRV9U/7m0q7Ma2CQ/t392ioOssXW7oKLdOmMBl14su # VFBmbzrt5V5cQPnwtd3UOTpS9oCG+ZZheiIvPgkDmA8FzPsnfXW5qHELB43ET7HH # FHeRPRYrMBKjkb8/IN7Po0d0hQoF4TeMM+zYAJzoKQnVKOLg8pZVPT8xggZAMIIG # PAIBATBoMFQxCzAJBgNVBAYTAkdCMRgwFgYDVQQKEw9TZWN0aWdvIExpbWl0ZWQx # KzApBgNVBAMTIlNlY3RpZ28gUHVibGljIENvZGUgU2lnbmluZyBDQSBSMzYCEHQP # Ad8wmCCci0mzmw7m9PswDQYJYIZIAWUDBAIBBQCggYQwGAYKKwYBBAGCNwIBDDEK # MAigAoAAoQKAADAZBgkqhkiG9w0BCQMxDAYKKwYBBAGCNwIBBDAcBgorBgEEAYI3 # AgELMQ4wDAYKKwYBBAGCNwIBFTAvBgkqhkiG9w0BCQQxIgQgUbJLnZTgzGYZbxKt # R33rURuy24sMvVsMw62hAiY6vj4wDQYJKoZIhvcNAQEBBQAEggIAVDBp0Sbrz7Q3 # 25xFeFvycGZ8MsoMHruUJ8WCkGZDURN59Q/CWZK2/wOCVSen+g1MvCF2b8lBeVjj # AYj/u848CvAm1RO5acQ8RgrEa4jAoXtDwdZs067+ANPr7MIZ4gwh0/PQtDqo/m5I # PFgxkiiNtF17QAzH0r0kGMkkW0M8MCsTEqoB9GglN3AAzUPmlqNcgByublf2M5W4 # sf/BM8BzCkI29WeggMorIPlK5uCVqpsjLXrER3d1CHLofU0PlOj/ZHdG5sPwBSnv # hsOtUzut87+vj8fSlm+YAIUykE2izb1Zq80VHae+3sf3rA3ZtFfL3D31vW1JjsOj # 3GttM53HUX3Va6XZeev+M5LSbzpTK1spV270JJClCYUCllE8+w7AIoEKJvLW32/o # CB9YPKMEqq8pQ0CJbOgMqX8Y1SsO2jynA7VG53jPv9UfXrMmXyN7dHAyZDv0Xpx3 # Kc4htPjl91T3+PiJYbbLHu7Z1a2p3l1HY93A4I38B9EUM53tjPKvDetCya2hUxp0 # +DGEyf1uiNK5zaEdulUOAGQ6bt04/2nyhf+D0FSoAyA2MKncHnE4D/d02Miblnef # wJ+38p+I81WL3vRVoL/3YgY+55jfKxI2XXD9B9EpbkNnpFW/hsbU+iMmzwGTkErJ # KAlk5S7zKBbWDmnI8TPmshikm0WRsBehggMiMIIDHgYJKoZIhvcNAQkGMYIDDzCC # AwsCAQEwaTBVMQswCQYDVQQGEwJHQjEYMBYGA1UEChMPU2VjdGlnbyBMaW1pdGVk # MSwwKgYDVQQDEyNTZWN0aWdvIFB1YmxpYyBUaW1lIFN0YW1waW5nIENBIFIzNgIQ # OlJqLITOVeYdZfzMEtjpiTANBglghkgBZQMEAgIFAKB5MBgGCSqGSIb3DQEJAzEL # BgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTI1MDIxMTE1MjcxMFowPwYJKoZI # hvcNAQkEMTIEMCKmZggAK/rYCQukFJC3J7PZFSufwEm1KUuxS4MqHHYQg9yA1RMj # kBoiLGFmL+Ga/DANBgkqhkiG9w0BAQEFAASCAgAp1O5oLqL/3QZtKLrgcbHZTFip # lv8oukjcG9h1ONLfnpHiineQhPsy7oI2Np5gFG8DSJbGQcb1BbdprOj0huyVS2d8 # oHuy4eTzEebBHdJrYTP0yUDJQlOaXR7jpEFqTT9WA3CLY14rZijkeja2YKs6c3xV # i64j1EShdo/ctRAfuC0X1V/vZ/uM70sy5RG8XxFak4TDJQsd0TcrOhT4fsHhJCnj # 2gx18nuOYvxl3LmRnkTMwajApy2ZKjZIdi0FQg2JqOl1k/h0wpsJi+nkIGoNVDh3 # /FU1r1GoDwJmLvLjhe1sdWdpAmY8T1NH9Yy70De+cf6ZiFBVTotYwa64gQl9zc4H # M56uMN1roAGhLgsI0p5r9cYV7zB8vRpIgo+r8vhLxskmkCURypD+G6CPeG7f41gQ # jF2R+I/OwYwap8Geak99FlKVegScsN9DDTkjorwB0RnRITGHJNGWDhj+17tnmfBd # xYfq40UvcywtliJk1ZWhzRE2RgEYBlI9jcSSjZDqt2QGGYnFF0LN78/6uKdj/x72 # 31h9llUcfVODEL0LYsDMxIl1odJEFpdSJTbCODHxVUitufCj0MFtnQI6sxPB8NCE # 2iaJt5WLc2r8YztVePIA4HQR1vtbaT/9lcrl4tOsMEiMMqdagKSEXkqrLod7jdAH # Fc+Y3u9He1xRTuCTCw== # SIG # End signature block |