Client/Convert-PemToPfx.ps1
|
function Convert-PemToPfx { <# .ExternalHelp PSPKI.Help.xml #> [OutputType('[System.Security.Cryptography.X509Certificates.X509Certificate2]')] [CmdletBinding()] param( [Parameter(Mandatory = $true, Position = 0)] [Alias('CertificatePath', 'CertPath')] [string]$InputPath, [string]$KeyPath, [string]$OutputPath, [SysadminsLV.PKI.Cryptography.X509Certificates.X509KeySpecFlags]$KeySpec = "AT_KEYEXCHANGE", [Security.SecureString]$Password, [string]$ProviderName = "Microsoft Software Key Storage Provider", [Security.Cryptography.X509Certificates.StoreLocation]$StoreLocation = "CurrentUser", [switch]$Install ) if ($PSBoundParameters["Verbose"]) {$VerbosePreference = "continue"} if ($PSBoundParameters["Debug"]) {$DebugPreference = "continue"} $ErrorActionPreference = "Stop" # PSCore needs extra assembly import if ($PsIsCore) { Add-Type -AssemblyName "System.Security.Cryptography.X509Certificates" } # global variables Write-Verbose "Determining key storage flags..." $KeyStorageFlags = [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable if ($Install) { if ($StoreLocation -eq "CurrentUser") { $KeyStorageFlags = $KeyStorageFlags -bor [Security.Cryptography.X509Certificates.X509KeyStorageFlags]::UserKeySet } else { $KeyStorageFlags = $KeyStorageFlags -bor [Security.Cryptography.X509Certificates.X509KeyStorageFlags]::MachineKeySet } } else { $KeyStorageFlags = $KeyStorageFlags -bor [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::EphemeralKeySet } Write-Verbose "Resulting storage flags: $KeyStorageFlags" $script:AlgFamily = "" [System.Collections.Generic.List[object]]$Disposables = @() # returns: X509Certificate2 function __extractCert([string]$Text) { Write-Verbose "Reading certificate.." if ($Text -match "(?msx).*-{5}BEGIN\sCERTIFICATE-{5}(.+)-{5}END\sCERTIFICATE-{5}") { $CertRawData = [Convert]::FromBase64String($matches[1]) $Cert = New-Object Security.Cryptography.X509Certificates.X509Certificate2 -ArgumentList (,$CertRawData) Write-Verbose "Public key algorithm: $($Cert.PublicKey.Oid.FriendlyName) ($($Cert.PublicKey.Oid.Value))" switch ($Cert.PublicKey.Oid.Value) { $([SysadminsLV.PKI.Cryptography.AlgorithmOid]::RSA) { $script:AlgFamily = "RSA" } $([SysadminsLV.PKI.Cryptography.AlgorithmOid]::ECC) { $script:AlgFamily = "ECC" } } $Cert } else { throw "Missing certificate file." } } # returns: AsymmetricKey (RSACng or ECDsaCng) function __extractPrivateKey([string]$Text) { Write-Verbose "Reading private key..." $bin = if ($Text -match "(?msx).*-{5}BEGIN\sPRIVATE\sKEY-{5}(.+)-{5}END\sPRIVATE\sKEY-{5}") { Write-Verbose "Found private key in PKCS#8 format." [convert]::FromBase64String($matches[1]) } elseif ($Text -match "(?msx).*-{5}BEGIN\sRSA\sPRIVATE\sKEY-{5}(.+)-{5}END\sRSA\sPRIVATE\sKEY-{5}") { Write-Verbose "Found RSA private key in PKCS#1 format." [convert]::FromBase64String($matches[1]) } else { throw "The data is invalid." } if ($AlgFamily -eq "RSA") { Write-Verbose "Converting RSA PKCS#1 to PKCS#8..." # RSA can be in PKCS#1 format, which is not supported by CngKey. $rsa = New-Object SysadminsLV.PKI.Cryptography.RsaPrivateKey (,$bin) $bin = $rsa.Export("Pkcs8") $rsa.Dispose() } Write-Verbose "Using provider: $ProviderName" $prov = [System.Security.Cryptography.CngProvider]::new($ProviderName) $blobType = [System.Security.Cryptography.CngKeyBlobFormat]::Pkcs8PrivateBlob # make it exportable $cngProp = New-Object System.Security.Cryptography.CngProperty("Export Policy", [BitConverter]::GetBytes(3), "None") $cng = [System.Security.Cryptography.CngKey]::Import($bin, $blobType, $prov) $Disposables.Add($cng) $cng.SetProperty($cngProp) switch ($AlgFamily) { "RSA" { New-Object System.Security.Cryptography.RSACng $cng } "ECC" { New-Object System.Security.Cryptography.ECDsaCng $cng } default { throw "Specified algorithm is not supported" } } } # returns: X509Certificate2 with associated private key function __associatePrivateKey($Cert, $AsymmetricKey) { Write-Verbose "Merging public certificate with private key..." switch ($AlgFamily) { "RSA" { if ($csp.IsLegacy) { $NewCert = New-Object Security.Cryptography.X509Certificates.X509Certificate2 -ArgumentList (,$Cert.RawData) $cspParams = New-Object System.Security.Cryptography.CspParameters $csp.Type, $ProviderName, ("pspki-" + [guid]::NewGuid()) $cspParams.KeyNumber = [int]$KeySpec if ($Install) { if ($StoreLocation -eq "LocalMachine") { $cspParams.Flags = 1 } } else { #$cspParams.Flags = 128 } $legacyRsa = New-Object System.Security.Cryptography.RSACryptoServiceProvider $cspParams $legacyRsa.ImportParameters($AsymmetricKey.ExportParameters($true)) $NewCert.PrivateKey = $legacyRsa $NewCert } else { [System.Security.Cryptography.X509Certificates.RSACertificateExtensions]::CopyWithPrivateKey($Cert, $AsymmetricKey) } } "ECC" {[System.Security.Cryptography.X509Certificates.ECDsaCertificateExtensions]::CopyWithPrivateKey($Cert, $AsymmetricKey)} } Write-Verbose "Public certificate and private key are successfully merged." } function __duplicateCertWithKey($CertWithKey) { $PfxBytes = $CertWithKey.Export("pfx") New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 -ArgumentList $PfxBytes, "", $KeyStorageFlags } function __installCert($CertWithKey) { if (!$Install) { $CertWithKey return } Write-Verbose "Installing certificate to certificate store: $StoreLocation" # $CertWithKey cert has ephemeral key which cannot be installed into cert store as is. # so export it into PFX in memory and re-import back with storage flags $NewCert = __duplicateCertWithKey $CertWithKey # dispose ephemeral cert received from params, we have a persisted cert to return $CertWithKey.Dispose() $store = New-Object Security.Cryptography.X509Certificates.X509Store "my", $StoreLocation $store.Open("ReadWrite") $Disposables.Add($store) $store.Add($NewCert) $store.Close() Write-Verbose "Certificate is installed." # dispose this temporary cert $NewCert } function __exportPfx($CertWithKey) { if ([string]::IsNullOrWhiteSpace($OutputPath)) { return } Write-Verbose "Saving PFX to a file: $OutputPath" if (!$Password) { $Password = Read-Host -Prompt "Enter PFX password" -AsSecureString } $pfxBytes = $CertWithKey.Export("pfx", $Password) Export-Binary $OutputPath $pfxBytes Write-Verbose "PFX is saved." } # Determine CSP $csp = Get-CryptographicServiceProvider -Name $ProviderName if (!$csp) { throw "Specified provider name is invalid." } # parse content $Text = Get-Content -Path $InputPath -Raw -ErrorAction Stop Write-Debug "Extracting certificate information..." $Cert = __extractCert $Text if ($KeyPath) { $Text = Get-Content -Path $KeyPath -Raw -ErrorAction Stop } $PrivateKey = __extractPrivateKey $Text $Disposables.Add($PrivateKey) $PfxCert = __associatePrivateKey $Cert $PrivateKey __exportPfx $PfxCert $PfxCert = __installCert $PfxCert # release unmanaged resources $Disposables | %{$_.Dispose()} $PfxCert } # SIG # Begin signature block # MIIvJQYJKoZIhvcNAQcCoIIvFjCCLxICAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCCcuch2oPSDeNbh # ASduY8N18YyXwEThMXZLjtuS4vn0EKCCFA4wggWQMIIDeKADAgECAhAFmxtXno4h # MuI5B72nd3VcMA0GCSqGSIb3DQEBDAUAMGIxCzAJBgNVBAYTAlVTMRUwEwYDVQQK # EwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xITAfBgNV # BAMTGERpZ2lDZXJ0IFRydXN0ZWQgUm9vdCBHNDAeFw0xMzA4MDExMjAwMDBaFw0z # ODAxMTUxMjAwMDBaMGIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJ # bmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xITAfBgNVBAMTGERpZ2lDZXJ0 # IFRydXN0ZWQgUm9vdCBHNDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB # AL/mkHNo3rvkXUo8MCIwaTPswqclLskhPfKK2FnC4SmnPVirdprNrnsbhA3EMB/z # G6Q4FutWxpdtHauyefLKEdLkX9YFPFIPUh/GnhWlfr6fqVcWWVVyr2iTcMKyunWZ # anMylNEQRBAu34LzB4TmdDttceItDBvuINXJIB1jKS3O7F5OyJP4IWGbNOsFxl7s # Wxq868nPzaw0QF+xembud8hIqGZXV59UWI4MK7dPpzDZVu7Ke13jrclPXuU15zHL # 2pNe3I6PgNq2kZhAkHnDeMe2scS1ahg4AxCN2NQ3pC4FfYj1gj4QkXCrVYJBMtfb # BHMqbpEBfCFM1LyuGwN1XXhm2ToxRJozQL8I11pJpMLmqaBn3aQnvKFPObURWBf3 # JFxGj2T3wWmIdph2PVldQnaHiZdpekjw4KISG2aadMreSx7nDmOu5tTvkpI6nj3c # AORFJYm2mkQZK37AlLTSYW3rM9nF30sEAMx9HJXDj/chsrIRt7t/8tWMcCxBYKqx # YxhElRp2Yn72gLD76GSmM9GJB+G9t+ZDpBi4pncB4Q+UDCEdslQpJYls5Q5SUUd0 # viastkF13nqsX40/ybzTQRESW+UQUOsxxcpyFiIJ33xMdT9j7CFfxCBRa2+xq4aL # T8LWRV+dIPyhHsXAj6KxfgommfXkaS+YHS312amyHeUbAgMBAAGjQjBAMA8GA1Ud # EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBTs1+OC0nFdZEzf # Lmc/57qYrhwPTzANBgkqhkiG9w0BAQwFAAOCAgEAu2HZfalsvhfEkRvDoaIAjeNk # aA9Wz3eucPn9mkqZucl4XAwMX+TmFClWCzZJXURj4K2clhhmGyMNPXnpbWvWVPjS # PMFDQK4dUPVS/JA7u5iZaWvHwaeoaKQn3J35J64whbn2Z006Po9ZOSJTROvIXQPK # 7VB6fWIhCoDIc2bRoAVgX+iltKevqPdtNZx8WorWojiZ83iL9E3SIAveBO6Mm0eB # cg3AFDLvMFkuruBx8lbkapdvklBtlo1oepqyNhR6BvIkuQkRUNcIsbiJeoQjYUIp # 5aPNoiBB19GcZNnqJqGLFNdMGbJQQXE9P01wI4YMStyB0swylIQNCAmXHE/A7msg # dDDS4Dk0EIUhFQEI6FUy3nFJ2SgXUE3mvk3RdazQyvtBuEOlqtPDBURPLDab4vri # RbgjU2wGb2dVf0a1TD9uKFp5JtKkqGKX0h7i7UqLvBv9R0oN32dmfrJbQdA75PQ7 # 9ARj6e/CVABRoIoqyc54zNXqhwQYs86vSYiv85KZtrPmYQ/ShQDnUBrkG5WdGaG5 # nLGbsQAe79APT0JsyQq87kP6OnGlyE0mpTX9iV28hWIdMtKgK1TtmlfB2/oQzxm3 # i0objwG2J5VT6LaJbVu8aNQj6ItRolb58KaAoNYes7wPD1N1KarqE3fk3oyBIa0H # EEcRrYc9B9F1vM/zZn4wggawMIIEmKADAgECAhAIrUCyYNKcTJ9ezam9k67ZMA0G # CSqGSIb3DQEBDAUAMGIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJ # bmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xITAfBgNVBAMTGERpZ2lDZXJ0 # IFRydXN0ZWQgUm9vdCBHNDAeFw0yMTA0MjkwMDAwMDBaFw0zNjA0MjgyMzU5NTla # MGkxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5EaWdpQ2VydCwgSW5jLjFBMD8GA1UE # AxM4RGlnaUNlcnQgVHJ1c3RlZCBHNCBDb2RlIFNpZ25pbmcgUlNBNDA5NiBTSEEz # ODQgMjAyMSBDQTEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDVtC9C # 0CiteLdd1TlZG7GIQvUzjOs9gZdwxbvEhSYwn6SOaNhc9es0JAfhS0/TeEP0F9ce # 2vnS1WcaUk8OoVf8iJnBkcyBAz5NcCRks43iCH00fUyAVxJrQ5qZ8sU7H/Lvy0da # E6ZMswEgJfMQ04uy+wjwiuCdCcBlp/qYgEk1hz1RGeiQIXhFLqGfLOEYwhrMxe6T # SXBCMo/7xuoc82VokaJNTIIRSFJo3hC9FFdd6BgTZcV/sk+FLEikVoQ11vkunKoA # FdE3/hoGlMJ8yOobMubKwvSnowMOdKWvObarYBLj6Na59zHh3K3kGKDYwSNHR7Oh # D26jq22YBoMbt2pnLdK9RBqSEIGPsDsJ18ebMlrC/2pgVItJwZPt4bRc4G/rJvmM # 1bL5OBDm6s6R9b7T+2+TYTRcvJNFKIM2KmYoX7BzzosmJQayg9Rc9hUZTO1i4F4z # 8ujo7AqnsAMrkbI2eb73rQgedaZlzLvjSFDzd5Ea/ttQokbIYViY9XwCFjyDKK05 # huzUtw1T0PhH5nUwjewwk3YUpltLXXRhTT8SkXbev1jLchApQfDVxW0mdmgRQRNY # mtwmKwH0iU1Z23jPgUo+QEdfyYFQc4UQIyFZYIpkVMHMIRroOBl8ZhzNeDhFMJlP # /2NPTLuqDQhTQXxYPUez+rbsjDIJAsxsPAxWEQIDAQABo4IBWTCCAVUwEgYDVR0T # AQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUaDfg67Y7+F8Rhvv+YXsIiGX0TkIwHwYD # VR0jBBgwFoAU7NfjgtJxXWRM3y5nP+e6mK4cD08wDgYDVR0PAQH/BAQDAgGGMBMG # A1UdJQQMMAoGCCsGAQUFBwMDMHcGCCsGAQUFBwEBBGswaTAkBggrBgEFBQcwAYYY # aHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEEGCCsGAQUFBzAChjVodHRwOi8vY2Fj # ZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRUcnVzdGVkUm9vdEc0LmNydDBDBgNV # HR8EPDA6MDigNqA0hjJodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRU # cnVzdGVkUm9vdEc0LmNybDAcBgNVHSAEFTATMAcGBWeBDAEDMAgGBmeBDAEEATAN # BgkqhkiG9w0BAQwFAAOCAgEAOiNEPY0Idu6PvDqZ01bgAhql+Eg08yy25nRm95Ry # sQDKr2wwJxMSnpBEn0v9nqN8JtU3vDpdSG2V1T9J9Ce7FoFFUP2cvbaF4HZ+N3HL # IvdaqpDP9ZNq4+sg0dVQeYiaiorBtr2hSBh+3NiAGhEZGM1hmYFW9snjdufE5Btf # Q/g+lP92OT2e1JnPSt0o618moZVYSNUa/tcnP/2Q0XaG3RywYFzzDaju4ImhvTnh # OE7abrs2nfvlIVNaw8rpavGiPttDuDPITzgUkpn13c5UbdldAhQfQDN8A+KVssIh # dXNSy0bYxDQcoqVLjc1vdjcshT8azibpGL6QB7BDf5WIIIJw8MzK7/0pNVwfiThV # 9zeKiwmhywvpMRr/LhlcOXHhvpynCgbWJme3kuZOX956rEnPLqR0kq3bPKSchh/j # wVYbKyP/j7XqiHtwa+aguv06P0WmxOgWkVKLQcBIhEuWTatEQOON8BUozu3xGFYH # Ki8QxAwIZDwzj64ojDzLj4gLDb879M4ee47vtevLt/B3E+bnKD+sEq6lLyJsQfmC # XBVmzGwOysWGw/YmMwwHS6DTBwJqakAwSEs0qFEgu60bhQjiWQ1tygVQK+pKHJ6l # /aCnHwZ05/LWUpD9r4VIIflXO7ScA+2GRfS0YW6/aOImYIbqyK+p/pQd52MbOoZW # eE4wggfCMIIFqqADAgECAhAGA4KnHGNGeWNwwL64+8bqMA0GCSqGSIb3DQEBCwUA # MGkxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5EaWdpQ2VydCwgSW5jLjFBMD8GA1UE # AxM4RGlnaUNlcnQgVHJ1c3RlZCBHNCBDb2RlIFNpZ25pbmcgUlNBNDA5NiBTSEEz # ODQgMjAyMSBDQTEwHhcNMjQwMjE2MDAwMDAwWhcNMjcwMjE3MjM1OTU5WjCByjET # MBEGCysGAQQBgjc8AgEDEwJVUzEZMBcGCysGAQQBgjc8AgECEwhEZWxhd2FyZTEd # MBsGA1UEDwwUUHJpdmF0ZSBPcmdhbml6YXRpb24xEDAOBgNVBAUTBzcxODYwNjgx # CzAJBgNVBAYTAlVTMQ8wDQYDVQQIEwZPcmVnb24xETAPBgNVBAcTCFBvcnRsYW5k # MRowGAYDVQQKExFQS0kgU29sdXRpb25zIExMQzEaMBgGA1UEAxMRUEtJIFNvbHV0 # aW9ucyBMTEMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDB3dy7mO4+ # NTSZ/VJqwaAzkrjTkgetLDeXsxLmPzz1dRSJJjMe82xTXkMz8ogSJYDzstAKD5Wi # HgRs+OSK2nwtHHV+pG32kEWvZtxQrUA/e0VILxyfA3UrSV/O3NZ1icR5kaKkuB2o # EG+Fi6Rmk6a7a4uIx667wbxFkKJ88DXYlL9l5gw38ELmQSHx5qZO4RypZx15jhJi # gLkVEYso8jvZpSPZkoKpCWBsmXvA3x9B0azWkpZznspdpWZr38ZyPc6asBXi7woZ # /yVA9TpxD3hPe7a0P6fNGCyErwOcXlaEgxofwHWvPfwMQlYDdR1JlvhjZ1nlOqM7 # t7mBhFdka9NCDHX1P1ZxpQZuzlZDfsWbVTjNSm0Ru+ZzCTVTMu8LQoxmHgmX6SgU # Axa6k9tXecCLBUj5BeqATwN3uW/MPSLzMlLXTFDcGibaqQUSsxQrsD9XYM6fkC4n # sWi1aKF8A8X2zFNOxkiMBJ9vcahYC1ipkobRLkPKXa25nthXdPijlf/62O7EGMPX # X38BSp1+XFp6xh8yru2BtBRmwqGYESUKO3hac6G3qFOQcxAigh+n2Gs4MbF+Y8p6 # 2V6yISNtiZzRLUDGkEU7FyEPFj1bfq6W141g0atqakH70Qvgtqv3JHFJI4wQXmj4 # at5bIz70emJTA9LUsl4VpXihgdhJqY8jnwIDAQABo4ICAjCCAf4wHwYDVR0jBBgw # FoAUaDfg67Y7+F8Rhvv+YXsIiGX0TkIwHQYDVR0OBBYEFC1EF5EaZJGlny3kLKBz # rF05hbECMD0GA1UdIAQ2MDQwMgYFZ4EMAQMwKTAnBggrBgEFBQcCARYbaHR0cDov # L3d3dy5kaWdpY2VydC5jb20vQ1BTMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAK # BggrBgEFBQcDAzCBtQYDVR0fBIGtMIGqMFOgUaBPhk1odHRwOi8vY3JsMy5kaWdp # Y2VydC5jb20vRGlnaUNlcnRUcnVzdGVkRzRDb2RlU2lnbmluZ1JTQTQwOTZTSEEz # ODQyMDIxQ0ExLmNybDBToFGgT4ZNaHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0Rp # Z2lDZXJ0VHJ1c3RlZEc0Q29kZVNpZ25pbmdSU0E0MDk2U0hBMzg0MjAyMUNBMS5j # cmwwgZQGCCsGAQUFBwEBBIGHMIGEMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5k # aWdpY2VydC5jb20wXAYIKwYBBQUHMAKGUGh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0 # LmNvbS9EaWdpQ2VydFRydXN0ZWRHNENvZGVTaWduaW5nUlNBNDA5NlNIQTM4NDIw # MjFDQTEuY3J0MAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggIBAF/iLNlb6YAZ # mTBeY2r6vGsSzw5GmYYVyZVNx9JIPAL0c4maTStNWOmz0qbcA418mu1CVLiCxVlu # IjSbu14ido3SBLRMukQKu08wJGyVn0sKk/A+TG8pmxKRdhFgia3UyIdVU7+a32uw # wB03/rOlqj2EsM8CQKes3i/h1hB7AkaPXonIrHYXadTyEbr6T7INib9zwaA4DxDa # d12vxXfmhQBofc84ZlulZOI3A10VRuQ9IMvg1HtkEnZKPpkaNQ8RHJJ2uuXw0uI5 # BTRRCAbT1ffLSUABG/Oo8Vcbehq4+HPPQnOIo5ApAAoz9d2lMyHwmTLxLKK4Jz9A # rI9ObJrbcG28Iemurjw/NykxolHrVJQkZRIushQnjTn2fvcD8a5kv5gHNK7S8Uw8 # zN4boJCjXYqskZ2Vbwu+AV6BJZhDGfo++H+OBxmo3U4+dPpFfN98ScXTjHKBDKy8 # LBRDCOgx0n5Nqy5c0jatqY/ew/irNkNNgNLiFGufjdz8KQeiMTM/gIF0pDv+wAiN # ZsxYQPRhWczn+zD7SPpKF4zkG9xfhOLFgyxeYmiyiyG64nbSCScX/mN9cjmM/xw1 # r54L5Q8GBCdBffSliqiVyyLuZPXUQ9wfpDgDDpaUoiKaGyCUon63vRyCut5JwfB/ # UmoQVy/g6B40cYLXZp4oBIVdeE2rtVuUMYIabTCCGmkCAQEwfTBpMQswCQYDVQQG # EwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xQTA/BgNVBAMTOERpZ2lDZXJ0 # IFRydXN0ZWQgRzQgQ29kZSBTaWduaW5nIFJTQTQwOTYgU0hBMzg0IDIwMjEgQ0Ex # AhAGA4KnHGNGeWNwwL64+8bqMA0GCWCGSAFlAwQCAQUAoIGEMBgGCisGAQQBgjcC # AQwxCjAIoAKAAKECgAAwGQYJKoZIhvcNAQkDMQwGCisGAQQBgjcCAQQwHAYKKwYB # BAGCNwIBCzEOMAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkEMSIEIOecuaTCX9Sv # 2/2C0UI8LDUXVLiQVN6UBg45nxeiDIYaMA0GCSqGSIb3DQEBAQUABIICALNuTU5E # 717lhHvrfr09rzF7ZZQoWzwU49b0KfLsypo3Je1ByJZUVLM8268u/HLSlj4z3I0K # nS/OWFcnQKVXerYacqfjSJo3sng/Z7DRq+HqhdRc6JWe3nw5RDMC75GzJPgUpMSw # 2nx/f/a0bfFzUgk1NR58Bzh1yT2XHopruh4s/R5ukjTmcbBuAbEHGY9uPCT+QhDJ # rGQ3p6UGe1dfcAo7dl/nltBBXjkkROwQyzcog6n7wareUL3MA2maS71gfM6UA+J6 # o5dJiMATnucWq++fXEodh11Jasbfg8TW+kMrU7yy9nKFmDKz+8meHaiBOnSPfi95 # tUirpb4bLvwh+VkVQydE2g025TprfWqClTnzPlidO2TAckJFEAKqTlEOJjzjc7xH # 1b5uQz9+KpDHjlhI2up32T5WFYY2jsm3wgMfnJPCxgeQVJT/VmA4CIriD4Q5tT2m # Ffo/6oS0YbeCHKKLKGXOggRf+IYS2aqma+vGYxO50nrLzyY/xl1/f2HhGPo09nlF # DRxcRRjDxOyu/PnZ+KYfn5ikfUgMFYjYxkW1n00ls6FzuQ1WLkrykXRroSFbt/2W # tZDz/Y4mq8Va06jkqUTkk3wSIRzMu5ojFs6pTBQK4t6ogXxPqZdlois1vj0sE9MU # IDCwvyEQ8pcYudWWmnIl55GHjUjrK283bry7oYIXOjCCFzYGCisGAQQBgjcDAwEx # ghcmMIIXIgYJKoZIhvcNAQcCoIIXEzCCFw8CAQMxDzANBglghkgBZQMEAgEFADB4 # BgsqhkiG9w0BCRABBKBpBGcwZQIBAQYJYIZIAYb9bAcBMDEwDQYJYIZIAWUDBAIB # BQAEIJC/rhYFYh9xLK8txKA9G37f4iw3Fk2lcAzjj6SckGmJAhEA70qnJL5iX4pQ # hs+H9mgl/RgPMjAyNTA0MDIwNzQyMTNaoIITAzCCBrwwggSkoAMCAQICEAuuZrxa # un+Vh8b56QTjMwQwDQYJKoZIhvcNAQELBQAwYzELMAkGA1UEBhMCVVMxFzAVBgNV # BAoTDkRpZ2lDZXJ0LCBJbmMuMTswOQYDVQQDEzJEaWdpQ2VydCBUcnVzdGVkIEc0 # IFJTQTQwOTYgU0hBMjU2IFRpbWVTdGFtcGluZyBDQTAeFw0yNDA5MjYwMDAwMDBa # Fw0zNTExMjUyMzU5NTlaMEIxCzAJBgNVBAYTAlVTMREwDwYDVQQKEwhEaWdpQ2Vy # dDEgMB4GA1UEAxMXRGlnaUNlcnQgVGltZXN0YW1wIDIwMjQwggIiMA0GCSqGSIb3 # DQEBAQUAA4ICDwAwggIKAoICAQC+anOf9pUhq5Ywultt5lmjtej9kR8YxIg7apnj # pcH9CjAgQxK+CMR0Rne/i+utMeV5bUlYYSuuM4vQngvQepVHVzNLO9RDnEXvPghC # aft0djvKKO+hDu6ObS7rJcXa/UKvNminKQPTv/1+kBPgHGlP28mgmoCw/xi6FG9+ # Un1h4eN6zh926SxMe6We2r1Z6VFZj75MU/HNmtsgtFjKfITLutLWUdAoWle+jYZ4 # 9+wxGE1/UXjWfISDmHuI5e/6+NfQrxGFSKx+rDdNMsePW6FLrphfYtk/FLihp/fe # un0eV+pIF496OVh4R1TvjQYpAztJpVIfdNsEvxHofBf1BWkadc+Up0Th8EifkEEW # dX4rA/FE1Q0rqViTbLVZIqi6viEk3RIySho1XyHLIAOJfXG5PEppc3XYeBH7xa6V # TZ3rOHNeiYnY+V4j1XbJ+Z9dI8ZhqcaDHOoj5KGg4YuiYx3eYm33aebsyF6eD9MF # 5IDbPgjvwmnAalNEeJPvIeoGJXaeBQjIK13SlnzODdLtuThALhGtyconcVuPI8Aa # iCaiJnfdzUcb3dWnqUnjXkRFwLtsVAxFvGqsxUA2Jq/WTjbnNjIUzIs3ITVC6VBK # AOlb2u29Vwgfta8b2ypi6n2PzP0nVepsFk8nlcuWfyZLzBaZ0MucEdeBiXL+nUOG # hCjl+QIDAQABo4IBizCCAYcwDgYDVR0PAQH/BAQDAgeAMAwGA1UdEwEB/wQCMAAw # FgYDVR0lAQH/BAwwCgYIKwYBBQUHAwgwIAYDVR0gBBkwFzAIBgZngQwBBAIwCwYJ # YIZIAYb9bAcBMB8GA1UdIwQYMBaAFLoW2W1NhS9zKXaaL3WMaiCPnshvMB0GA1Ud # DgQWBBSfVywDdw4oFZBmpWNe7k+SH3agWzBaBgNVHR8EUzBRME+gTaBLhklodHRw # Oi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRUcnVzdGVkRzRSU0E0MDk2U0hB # MjU2VGltZVN0YW1waW5nQ0EuY3JsMIGQBggrBgEFBQcBAQSBgzCBgDAkBggrBgEF # BQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMFgGCCsGAQUFBzAChkxodHRw # Oi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRUcnVzdGVkRzRSU0E0MDk2 # U0hBMjU2VGltZVN0YW1waW5nQ0EuY3J0MA0GCSqGSIb3DQEBCwUAA4ICAQA9rR4f # dplb4ziEEkfZQ5H2EdubTggd0ShPz9Pce4FLJl6reNKLkZd5Y/vEIqFWKt4oKcKz # 7wZmXa5VgW9B76k9NJxUl4JlKwyjUkKhk3aYx7D8vi2mpU1tKlY71AYXB8wTLrQe # h83pXnWwwsxc1Mt+FWqz57yFq6laICtKjPICYYf/qgxACHTvypGHrC8k1TqCeHk6 # u4I/VBQC9VK7iSpU5wlWjNlHlFFv/M93748YTeoXU/fFa9hWJQkuzG2+B7+bMDvm # gF8VlJt1qQcl7YFUMYgZU1WM6nyw23vT6QSgwX5Pq2m0xQ2V6FJHu8z4LXe/371k # 5QrN9FQBhLLISZi2yemW0P8ZZfx4zvSWzVXpAb9k4Hpvpi6bUe8iK6WonUSV6yPl # MwerwJZP/Gtbu3CKldMnn+LmmRTkTXpFIEB06nXZrDwhCGED+8RsWQSIXZpuG4WL # FQOhtloDRWGoCwwc6ZpPddOFkM2LlTbMcqFSzm4cd0boGhBq7vkqI1uHRz6Fq1IX # 7TaRQuR+0BGOzISkcqwXu7nMpFu3mgrlgbAW+BzikRVQ3K2YHcGkiKjA4gi4OA/k # z1YCsdhIBHXqBzR0/Zd2QwQ/l4Gxftt/8wY3grcc/nS//TVkej9nmUYu83BDtccH # HXKibMs/yXHhDXNkoPIdynhVAku7aRZOwqw6pDCCBq4wggSWoAMCAQICEAc2N7ck # VHzYR6z9KGYqXlswDQYJKoZIhvcNAQELBQAwYjELMAkGA1UEBhMCVVMxFTATBgNV # BAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEhMB8G # A1UEAxMYRGlnaUNlcnQgVHJ1c3RlZCBSb290IEc0MB4XDTIyMDMyMzAwMDAwMFoX # DTM3MDMyMjIzNTk1OVowYzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDkRpZ2lDZXJ0 # LCBJbmMuMTswOQYDVQQDEzJEaWdpQ2VydCBUcnVzdGVkIEc0IFJTQTQwOTYgU0hB # MjU2IFRpbWVTdGFtcGluZyBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC # ggIBAMaGNQZJs8E9cklRVcclA8TykTepl1Gh1tKD0Z5Mom2gsMyD+Vr2EaFEFUJf # pIjzaPp985yJC3+dH54PMx9QEwsmc5Zt+FeoAn39Q7SE2hHxc7Gz7iuAhIoiGN/r # 2j3EF3+rGSs+QtxnjupRPfDWVtTnKC3r07G1decfBmWNlCnT2exp39mQh0YAe9tE # QYncfGpXevA3eZ9drMvohGS0UvJ2R/dhgxndX7RUCyFobjchu0CsX7LeSn3O9TkS # Z+8OpWNs5KbFHc02DVzV5huowWR0QKfAcsW6Th+xtVhNef7Xj3OTrCw54qVI1vCw # MROpVymWJy71h6aPTnYVVSZwmCZ/oBpHIEPjQ2OAe3VuJyWQmDo4EbP29p7mO1vs # gd4iFNmCKseSv6De4z6ic/rnH1pslPJSlRErWHRAKKtzQ87fSqEcazjFKfPKqpZz # QmiftkaznTqj1QPgv/CiPMpC3BhIfxQ0z9JMq++bPf4OuGQq+nUoJEHtQr8FnGZJ # UlD0UfM2SU2LINIsVzV5K6jzRWC8I41Y99xh3pP+OcD5sjClTNfpmEpYPtMDiP6z # j9NeS3YSUZPJjAw7W4oiqMEmCPkUEBIDfV8ju2TjY+Cm4T72wnSyPx4JduyrXUZ1 # 4mCjWAkBKAAOhFTuzuldyF4wEr1GnrXTdrnSDmuZDNIztM2xAgMBAAGjggFdMIIB # WTASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBS6FtltTYUvcyl2mi91jGog # j57IbzAfBgNVHSMEGDAWgBTs1+OC0nFdZEzfLmc/57qYrhwPTzAOBgNVHQ8BAf8E # BAMCAYYwEwYDVR0lBAwwCgYIKwYBBQUHAwgwdwYIKwYBBQUHAQEEazBpMCQGCCsG # AQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wQQYIKwYBBQUHMAKGNWh0 # dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFRydXN0ZWRSb290RzQu # Y3J0MEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9E # aWdpQ2VydFRydXN0ZWRSb290RzQuY3JsMCAGA1UdIAQZMBcwCAYGZ4EMAQQCMAsG # CWCGSAGG/WwHATANBgkqhkiG9w0BAQsFAAOCAgEAfVmOwJO2b5ipRCIBfmbW2CFC # 4bAYLhBNE88wU86/GPvHUF3iSyn7cIoNqilp/GnBzx0H6T5gyNgL5Vxb122H+oQg # JTQxZ822EpZvxFBMYh0MCIKoFr2pVs8Vc40BIiXOlWk/R3f7cnQU1/+rT4osequF # zUNf7WC2qk+RZp4snuCKrOX9jLxkJodskr2dfNBwCnzvqLx1T7pa96kQsl3p/yhU # ifDVinF2ZdrM8HKjI/rAJ4JErpknG6skHibBt94q6/aesXmZgaNWhqsKRcnfxI2g # 55j7+6adcq/Ex8HBanHZxhOACcS2n82HhyS7T6NJuXdmkfFynOlLAlKnN36TU6w7 # HQhJD5TNOXrd/yVjmScsPT9rp/Fmw0HNT7ZAmyEhQNC3EyTN3B14OuSereU0cZLX # JmvkOHOrpgFPvT87eK1MrfvElXvtCl8zOYdBeHo46Zzh3SP9HSjTx/no8Zhf+yvY # fvJGnXUsHicsJttvFXseGYs2uJPU5vIXmVnKcPA3v5gA3yAWTyf7YGcWoWa63VXA # OimGsJigK+2VQbc61RWYMbRiCQ8KvYHZE/6/pNHzV9m8BPqC3jLfBInwAM1dwvnQ # I38AC+R2AibZ8GV2QqYphwlHK+Z/GqSFD/yYlvZVVCsfgPrA8g4r5db7qS9EFUrn # Ew4d2zc4GqEr9u3WfPwwggWNMIIEdaADAgECAhAOmxiO+dAt5+/bUOIIQBhaMA0G # CSqGSIb3DQEBDAUAMGUxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJ # bmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xJDAiBgNVBAMTG0RpZ2lDZXJ0 # IEFzc3VyZWQgSUQgUm9vdCBDQTAeFw0yMjA4MDEwMDAwMDBaFw0zMTExMDkyMzU5 # NTlaMGIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNV # BAsTEHd3dy5kaWdpY2VydC5jb20xITAfBgNVBAMTGERpZ2lDZXJ0IFRydXN0ZWQg # Um9vdCBHNDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAL/mkHNo3rvk # XUo8MCIwaTPswqclLskhPfKK2FnC4SmnPVirdprNrnsbhA3EMB/zG6Q4FutWxpdt # HauyefLKEdLkX9YFPFIPUh/GnhWlfr6fqVcWWVVyr2iTcMKyunWZanMylNEQRBAu # 34LzB4TmdDttceItDBvuINXJIB1jKS3O7F5OyJP4IWGbNOsFxl7sWxq868nPzaw0 # QF+xembud8hIqGZXV59UWI4MK7dPpzDZVu7Ke13jrclPXuU15zHL2pNe3I6PgNq2 # kZhAkHnDeMe2scS1ahg4AxCN2NQ3pC4FfYj1gj4QkXCrVYJBMtfbBHMqbpEBfCFM # 1LyuGwN1XXhm2ToxRJozQL8I11pJpMLmqaBn3aQnvKFPObURWBf3JFxGj2T3wWmI # dph2PVldQnaHiZdpekjw4KISG2aadMreSx7nDmOu5tTvkpI6nj3cAORFJYm2mkQZ # K37AlLTSYW3rM9nF30sEAMx9HJXDj/chsrIRt7t/8tWMcCxBYKqxYxhElRp2Yn72 # gLD76GSmM9GJB+G9t+ZDpBi4pncB4Q+UDCEdslQpJYls5Q5SUUd0viastkF13nqs # X40/ybzTQRESW+UQUOsxxcpyFiIJ33xMdT9j7CFfxCBRa2+xq4aLT8LWRV+dIPyh # HsXAj6KxfgommfXkaS+YHS312amyHeUbAgMBAAGjggE6MIIBNjAPBgNVHRMBAf8E # BTADAQH/MB0GA1UdDgQWBBTs1+OC0nFdZEzfLmc/57qYrhwPTzAfBgNVHSMEGDAW # gBRF66Kv9JLLgjEtUYunpyGd823IDzAOBgNVHQ8BAf8EBAMCAYYweQYIKwYBBQUH # AQEEbTBrMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wQwYI # KwYBBQUHMAKGN2h0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEFz # c3VyZWRJRFJvb3RDQS5jcnQwRQYDVR0fBD4wPDA6oDigNoY0aHR0cDovL2NybDMu # ZGlnaWNlcnQuY29tL0RpZ2lDZXJ0QXNzdXJlZElEUm9vdENBLmNybDARBgNVHSAE # CjAIMAYGBFUdIAAwDQYJKoZIhvcNAQEMBQADggEBAHCgv0NcVec4X6CjdBs9thbX # 979XB72arKGHLOyFXqkauyL4hxppVCLtpIh3bb0aFPQTSnovLbc47/T/gLn4offy # ct4kvFIDyE7QKt76LVbP+fT3rDB6mouyXtTP0UNEm0Mh65ZyoUi0mcudT6cGAxN3 # J0TU53/oWajwvy8LpunyNDzs9wPHh6jSTEAZNUZqaVSwuKFWjuyk1T3osdz9HNj0 # d1pcVIxv76FQPfx2CWiEn2/K2yCNNWAcAgPLILCsWKAOQGPFmCLBsln1VWvPJ6ts # ds5vIy30fnFqI2si/xK4VC0nftg62fC2h5b9W9FcrBjDTZ9ztwGpn1eqXijiuZQx # ggN2MIIDcgIBATB3MGMxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5EaWdpQ2VydCwg # SW5jLjE7MDkGA1UEAxMyRGlnaUNlcnQgVHJ1c3RlZCBHNCBSU0E0MDk2IFNIQTI1 # NiBUaW1lU3RhbXBpbmcgQ0ECEAuuZrxaun+Vh8b56QTjMwQwDQYJYIZIAWUDBAIB # BQCggdEwGgYJKoZIhvcNAQkDMQ0GCyqGSIb3DQEJEAEEMBwGCSqGSIb3DQEJBTEP # Fw0yNTA0MDIwNzQyMTNaMCsGCyqGSIb3DQEJEAIMMRwwGjAYMBYEFNvThe5i29I+ # e+T2cUhQhyTVhltFMC8GCSqGSIb3DQEJBDEiBCB7w28RJY7AGuinSgpSnDrgtlZ3 # 0QYxBw8kvMDzeI0dpTA3BgsqhkiG9w0BCRACLzEoMCYwJDAiBCB2dp+o8mMvH0ML # OiMwrtZWdf7Xc9sF1mW5BZOYQ4+a2zANBgkqhkiG9w0BAQEFAASCAgBjCc8L/jMa # hV9DfalbOIelksQYIxM+QcHMhM+Bc4bZsvrgQ7xBqiRMJYORCAOXtT56i5KDdMKj # cVAu7SQeYpgx1ySNa6gNzsvoA8CSFr17TUs0VbfT/lnqMTuUAcoyZlr5L43Vmwiw # WMPRwmxEFevjRgfsCxmvJYESpN1Fdlz6YkxFh0jYmSboff5UnfNr/wGFmamNrzBQ # +vGkZYSNJg7m1AxMQ5IvW4paDgF1bBAFq1mhlVW+Vfurs1jYhiXo2vN2Bz0vKQaC # +877lEaTrtkr1DjqYqDWVSnq8bO+Fm8vJEFNWuykl/85OsNuiUYB1e4fr+8MJP0T # 5u1fzei3C5pq5Q4KFimwj6yZs0rfK8tW31/4vXTQTv3MBqzxgVu0Cw6g8UJGKlBd # gsklR/MlKUG3WHiZvC2DI+EJ7rKIyCtEGi/wyqv8g5eg1fzx9UNHxz4jO7XrVhvQ # 8zQFcw9xi4cA7K5YFsF+oVgceym1+AIoEa3NCeEqn5bFHpkQ87oTUHX6hR7dk6cZ # XZoZtW0BX3lH5p3DjAYSmDn/RpLAekKBwV42mpRhOhhAbM1D4WJ+cP5t1f12lfFb # ne4Otv77mZtcPfoFiETVjtXx+YNkZkraj5w2NRXcJnaw5+H9uJAKfeUmZcxvZxEl # eI6tMwRpsph9bH5TsUXIVmfM45LBgbBLMg== # SIG # End signature block |