rules/Azure.APIM.Rule.ps1
|
# Copyright (c) Microsoft Corporation. # Licensed under the MIT License. # # Validation rules for API Management # # Synopsis: Enforce HTTPS for communication to API clients. Rule 'Azure.APIM.HTTPEndpoint' -Ref 'AZR-000042' -Type 'Microsoft.ApiManagement/service', 'Microsoft.ApiManagement/service/apis' -Tag @{ release = 'GA'; ruleSet = '2020_06' } { if ($PSRule.TargetType -eq 'Microsoft.ApiManagement/service') { $apis = @(GetSubResources -ResourceType 'Microsoft.ApiManagement/service/apis') if ($apis.Length -eq 0) { return $Assert.Pass(); } foreach ($api in $apis) { $Assert.NotIn($api, 'properties.protocols', @('http')) } } elseif ($PSRule.TargetType -eq 'Microsoft.ApiManagement/service/apis') { $Assert.NotIn($TargetObject, 'properties.protocols', @('http')) } } # Synopsis: APIs should have descriptors set Rule 'Azure.APIM.APIDescriptors' -Ref 'AZR-000043' -Type 'Microsoft.ApiManagement/service', 'Microsoft.ApiManagement/service/apis' -Tag @{ release = 'GA'; ruleSet = '2020_09' } { $apis = @($TargetObject); if ($PSRule.TargetType -eq 'Microsoft.ApiManagement/service') { $apis = @(GetSubResources -ResourceType 'Microsoft.ApiManagement/service/apis'); } if ($apis.Length -eq 0) { return $Assert.Pass(); } foreach ($api in $apis) { $Assert. HasFieldValue($api, 'Properties.displayName'). Reason($LocalizedData.APIMDescriptors, 'API', $api.name, 'displayName'); $Assert. HasFieldValue($api, 'Properties.description'). Reason($LocalizedData.APIMDescriptors, 'API', $api.name, 'description'); } } # Synopsis: Use HTTPS for communication to backend services. Rule 'Azure.APIM.HTTPBackend' -Ref 'AZR-000044' -Type 'Microsoft.ApiManagement/service', 'Microsoft.ApiManagement/service/backends', 'Microsoft.ApiManagement/service/apis' -Tag @{ release = 'GA'; ruleSet = '2020_06' } { $apis = @(); $backends = @(); if ($PSRule.TargetType -eq 'Microsoft.ApiManagement/service') { $backends = @(GetSubResources -ResourceType 'Microsoft.ApiManagement/service/backends' | Where-Object { $Assert.HasField($_, 'properties.url').Result }); $apis = @(GetSubResources -ResourceType 'Microsoft.ApiManagement/service/apis' | Where-Object { $Assert.HasField($_, 'properties.serviceUrl').Result }); } elseif ($PSRule.TargetType -eq 'Microsoft.ApiManagement/service/apis') { if ($Assert.HasField($TargetObject, 'properties.serviceUrl').Result) { $apis = @($TargetObject) } } elseif ($PSRule.TargetType -eq 'Microsoft.ApiManagement/service/backends') { if ($Assert.HasField($TargetObject, 'properties.url').Result) { $backends = @($TargetObject) } } if ($backends.Length -eq 0 -and $apis.Length -eq 0) { return $Assert.Pass(); } foreach ($backend in $backends) { $Assert. NotStartsWith($backend, 'properties.url', 'http://'). Reason($LocalizedData.BackendUrlNotHttps, $backend.name); } foreach ($api in $apis) { $Assert. NotStartsWith($api, 'properties.serviceUrl', 'http://'). Reason($LocalizedData.ServiceUrlNotHttps, $api.name); } } # Synopsis: Encrypt all named values Rule 'Azure.APIM.EncryptValues' -Ref 'AZR-000045' -Type 'Microsoft.ApiManagement/service', 'Microsoft.ApiManagement/service/properties', 'Microsoft.ApiManagement/service/namedValues' -Tag @{ release = 'GA'; ruleSet = '2020_06' } { $properties = @($TargetObject); if ($PSRule.TargetType -eq 'Microsoft.ApiManagement/service') { $properties = @(GetSubResources -ResourceType 'Microsoft.ApiManagement/service/properties', 'Microsoft.ApiManagement/service/namedValues'); } if ($properties.Length -eq 0) { return $Assert.Pass(); } foreach ($property in $properties) { $Assert. HasFieldValue($property, 'properties.secret', $True). WithReason(($LocalizedData.APIMSecretNamedValues -f $property.name), $True); } } # Synopsis: Require subscription for products Rule 'Azure.APIM.ProductSubscription' -Ref 'AZR-000046' -Type 'Microsoft.ApiManagement/service', 'Microsoft.ApiManagement/service/products' -Tag @{ release = 'GA'; ruleSet = '2020_06' } { $products = @($TargetObject); if ($PSRule.TargetType -eq 'Microsoft.ApiManagement/service') { $products = @(GetSubResources -ResourceType 'Microsoft.ApiManagement/service/products'); } if ($products.Length -eq 0) { return $Assert.Pass(); } foreach ($product in $products) { $Assert. HasFieldValue($product, 'Properties.subscriptionRequired', $True). WithReason(($LocalizedData.APIMProductSubscription -f $product.Name), $True); } } # Synopsis: Require approval for products Rule 'Azure.APIM.ProductApproval' -Ref 'AZR-000047' -Type 'Microsoft.ApiManagement/service', 'Microsoft.ApiManagement/service/products' -Tag @{ release = 'GA'; ruleSet = '2020_06' } { $products = @($TargetObject); if ($PSRule.TargetType -eq 'Microsoft.ApiManagement/service') { $products = @(GetSubResources -ResourceType 'Microsoft.ApiManagement/service/products'); } if ($products.Length -eq 0) { return $Assert.Pass(); } foreach ($product in $products) { $Assert. HasFieldValue($product, 'Properties.approvalRequired', $True). WithReason(($LocalizedData.APIMProductApproval -f $product.Name), $True); } } # Synopsis: Remove sample products Rule 'Azure.APIM.SampleProducts' -Ref 'AZR-000048' -Type 'Microsoft.ApiManagement/service', 'Microsoft.ApiManagement/service/products' -Tag @{ release = 'GA'; ruleSet = '2020_06' } { $products = @($TargetObject); if ($PSRule.TargetType -eq 'Microsoft.ApiManagement/service') { $products = @(GetSubResources -ResourceType 'Microsoft.ApiManagement/service/products'); } if ($products.Length -eq 0) { return $Assert.Pass(); } foreach ($product in $products) { $Assert.NotIn($product, 'Name', @('unlimited', 'starter')) } } # Synopsis: Products should have descriptors set Rule 'Azure.APIM.ProductDescriptors' -Ref 'AZR-000049' -Type 'Microsoft.ApiManagement/service', 'Microsoft.ApiManagement/service/products' -Tag @{ release = 'GA'; ruleSet = '2020_09' } { $products = @($TargetObject); if ($PSRule.TargetType -eq 'Microsoft.ApiManagement/service') { $products = @(GetSubResources -ResourceType 'Microsoft.ApiManagement/service/products'); } if ($products.Length -eq 0) { return $Assert.Pass(); } foreach ($product in $products) { $Assert. HasFieldValue($product, 'Properties.displayName'). WithReason(($LocalizedData.APIMDescriptors -f 'product', $product.name, 'displayName'), $True); $Assert. HasFieldValue($product, 'Properties.description'). WithReason(($LocalizedData.APIMDescriptors -f 'product', $product.name, 'description'), $True); } } # Synopsis: Use product terms Rule 'Azure.APIM.ProductTerms' -Ref 'AZR-000050' -Type 'Microsoft.ApiManagement/service', 'Microsoft.ApiManagement/service/products' -Tag @{ release = 'GA'; ruleSet = '2020_09' } { $products = @($TargetObject); if ($PSRule.TargetType -eq 'Microsoft.ApiManagement/service') { $products = @(GetSubResources -ResourceType 'Microsoft.ApiManagement/service/products'); } if ($products.Length -eq 0) { return $Assert.Pass(); } foreach ($product in $products) { $Assert. HasFieldValue($product, 'Properties.terms'). WithReason(($LocalizedData.APIMProductTerms -f $product.name), $True); } } # Synopsis: Renew expired certificates Rule 'Azure.APIM.CertificateExpiry' -Ref 'AZR-000051' -Type 'Microsoft.ApiManagement/service' -Tag @{ release = 'GA'; ruleSet = '2020_06' } { $configurations = @($TargetObject.Properties.hostnameConfigurations | Where-Object { $Null -ne $_.certificate }) if ($configurations.Length -eq 0) { return $Assert.Pass(); } foreach ($configuration in $configurations) { $remaining = ($configuration.certificate.expiry - [DateTime]::Now).Days; $Assert. GreaterOrEqual($remaining, '.', $Configuration.Azure_MinimumCertificateLifetime). WithReason(($LocalizedData.APIMCertificateExpiry -f $configuration.hostName, $configuration.certificate.expiry.ToString('yyyy/MM/dd')), $True); } } -Configure @{ Azure_MinimumCertificateLifetime = 30 } # Synopsis: API management services deployed with Premium SKU should use availability zones in supported regions for high availability. Rule 'Azure.APIM.AvailabilityZone' -Ref 'AZR-000052' -Type 'Microsoft.ApiManagement/service' -If { IsPremiumAPIM } -Tag @{ release = 'GA'; ruleSet = '2021_12' } { $apiManagementServiceProvider = [PSRule.Rules.Azure.Runtime.Helper]::GetResourceType('Microsoft.ApiManagement', 'service'); $configurationZoneMappings = $Configuration.AZURE_APIM_ADDITIONAL_REGION_AVAILABILITY_ZONE_LIST; $providerZoneMappings = $apiManagementServiceProvider.ZoneMappings; $mergedAvailabilityZones = PrependConfigurationZoneWithProviderZone -ConfigurationZone $configurationZoneMappings -ProviderZone $providerZoneMappings; $primaryLocationAvailabilityZones = GetAvailabilityZone -Location $TargetObject.Location -Zone $mergedAvailabilityZones; # Validate primary location availability zones if (-not $primaryLocationAvailabilityZones) { $Assert.Pass(); } else { $hasValidUnits = $Assert.GreaterOrEqual($TargetObject, 'sku.capacity', $TargetObject.zones.Length).Result; $hasValidZones = $Assert.GreaterOrEqual($TargetObject, 'zones', 2).Result; $Assert.Create( ($hasValidUnits -and $hasValidZones), $LocalizedData.APIMAvailabilityZone, $TargetObject.name, $TargetObject.Location, ($primaryLocationAvailabilityZones -join ', ') ) } # Also validate any additional locations that are added to APIM if (-not $Assert.NullOrEmpty($TargetObject, 'Properties.additionalLocations').Result) { foreach ($additionalLocation in $TargetObject.Properties.additionalLocations) { $additionalLocationAvailabilityZones = GetAvailabilityZone -Location $additionalLocation.Location -Zone $mergedAvailabilityZones; if (-not $additionalLocationAvailabilityZones) { $Assert.Pass(); } else { $hasValidUnits = $Assert.GreaterOrEqual($additionalLocation, 'sku.capacity', $additionalLocation.zones.Length).Result; $hasValidZones = $Assert.GreaterOrEqual($additionalLocation, 'zones', 2).Result; $Assert.Create( ($hasValidUnits -and $hasValidZones), $LocalizedData.APIMAvailabilityZone, $TargetObject.name, $additionalLocation.Location, ($additionalLocationAvailabilityZones -join ', ') ); } } } } -Configure @{ AZURE_APIM_ADDITIONAL_REGION_AVAILABILITY_ZONE_LIST = @() } #region Helper functions function global:IsPremiumAPIM { [CmdletBinding()] [OutputType([System.Boolean])] param () process { return $Assert.HasFieldValue($TargetObject, 'sku.name', 'Premium').Result; } } #endregion Helper functions # SIG # Begin signature block # MIInrAYJKoZIhvcNAQcCoIInnTCCJ5kCAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCBQierH5Dleer5r # Krx0abPgUoTEEctGCrtywwLDRsZs8aCCDXYwggX0MIID3KADAgECAhMzAAACy7d1 # OfsCcUI2AAAAAALLMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMRMwEQYD # VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNpZ25p # bmcgUENBIDIwMTEwHhcNMjIwNTEyMjA0NTU5WhcNMjMwNTExMjA0NTU5WjB0MQsw # CQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9u # ZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYDVQQDExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB # AQC3sN0WcdGpGXPZIb5iNfFB0xZ8rnJvYnxD6Uf2BHXglpbTEfoe+mO//oLWkRxA # wppditsSVOD0oglKbtnh9Wp2DARLcxbGaW4YanOWSB1LyLRpHnnQ5POlh2U5trg4 # 3gQjvlNZlQB3lL+zrPtbNvMA7E0Wkmo+Z6YFnsf7aek+KGzaGboAeFO4uKZjQXY5 # RmMzE70Bwaz7hvA05jDURdRKH0i/1yK96TDuP7JyRFLOvA3UXNWz00R9w7ppMDcN # lXtrmbPigv3xE9FfpfmJRtiOZQKd73K72Wujmj6/Su3+DBTpOq7NgdntW2lJfX3X # a6oe4F9Pk9xRhkwHsk7Ju9E/AgMBAAGjggFzMIIBbzAfBgNVHSUEGDAWBgorBgEE # AYI3TAgBBggrBgEFBQcDAzAdBgNVHQ4EFgQUrg/nt/gj+BBLd1jZWYhok7v5/w4w # RQYDVR0RBD4wPKQ6MDgxHjAcBgNVBAsTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEW # MBQGA1UEBRMNMjMwMDEyKzQ3MDUyODAfBgNVHSMEGDAWgBRIbmTlUAXTgqoXNzci # tW2oynUClTBUBgNVHR8ETTBLMEmgR6BFhkNodHRwOi8vd3d3Lm1pY3Jvc29mdC5j # b20vcGtpb3BzL2NybC9NaWNDb2RTaWdQQ0EyMDExXzIwMTEtMDctMDguY3JsMGEG # CCsGAQUFBwEBBFUwUzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQu # Y29tL3BraW9wcy9jZXJ0cy9NaWNDb2RTaWdQQ0EyMDExXzIwMTEtMDctMDguY3J0 # MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIBAJL5t6pVjIRlQ8j4dAFJ # ZnMke3rRHeQDOPFxswM47HRvgQa2E1jea2aYiMk1WmdqWnYw1bal4IzRlSVf4czf # zx2vjOIOiaGllW2ByHkfKApngOzJmAQ8F15xSHPRvNMmvpC3PFLvKMf3y5SyPJxh # 922TTq0q5epJv1SgZDWlUlHL/Ex1nX8kzBRhHvc6D6F5la+oAO4A3o/ZC05OOgm4 # EJxZP9MqUi5iid2dw4Jg/HvtDpCcLj1GLIhCDaebKegajCJlMhhxnDXrGFLJfX8j # 7k7LUvrZDsQniJZ3D66K+3SZTLhvwK7dMGVFuUUJUfDifrlCTjKG9mxsPDllfyck # 4zGnRZv8Jw9RgE1zAghnU14L0vVUNOzi/4bE7wIsiRyIcCcVoXRneBA3n/frLXvd # jDsbb2lpGu78+s1zbO5N0bhHWq4j5WMutrspBxEhqG2PSBjC5Ypi+jhtfu3+x76N # mBvsyKuxx9+Hm/ALnlzKxr4KyMR3/z4IRMzA1QyppNk65Ui+jB14g+w4vole33M1 # pVqVckrmSebUkmjnCshCiH12IFgHZF7gRwE4YZrJ7QjxZeoZqHaKsQLRMp653beB # fHfeva9zJPhBSdVcCW7x9q0c2HVPLJHX9YCUU714I+qtLpDGrdbZxD9mikPqL/To # /1lDZ0ch8FtePhME7houuoPcMIIHejCCBWKgAwIBAgIKYQ6Q0gAAAAAAAzANBgkq # hkiG9w0BAQsFADCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24x # EDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlv # bjEyMDAGA1UEAxMpTWljcm9zb2Z0IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5 # IDIwMTEwHhcNMTEwNzA4MjA1OTA5WhcNMjYwNzA4MjEwOTA5WjB+MQswCQYDVQQG # EwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwG # A1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSgwJgYDVQQDEx9NaWNyb3NvZnQg # Q29kZSBTaWduaW5nIFBDQSAyMDExMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC # CgKCAgEAq/D6chAcLq3YbqqCEE00uvK2WCGfQhsqa+laUKq4BjgaBEm6f8MMHt03 # a8YS2AvwOMKZBrDIOdUBFDFC04kNeWSHfpRgJGyvnkmc6Whe0t+bU7IKLMOv2akr # rnoJr9eWWcpgGgXpZnboMlImEi/nqwhQz7NEt13YxC4Ddato88tt8zpcoRb0Rrrg # OGSsbmQ1eKagYw8t00CT+OPeBw3VXHmlSSnnDb6gE3e+lD3v++MrWhAfTVYoonpy # 4BI6t0le2O3tQ5GD2Xuye4Yb2T6xjF3oiU+EGvKhL1nkkDstrjNYxbc+/jLTswM9 # sbKvkjh+0p2ALPVOVpEhNSXDOW5kf1O6nA+tGSOEy/S6A4aN91/w0FK/jJSHvMAh # dCVfGCi2zCcoOCWYOUo2z3yxkq4cI6epZuxhH2rhKEmdX4jiJV3TIUs+UsS1Vz8k # A/DRelsv1SPjcF0PUUZ3s/gA4bysAoJf28AVs70b1FVL5zmhD+kjSbwYuER8ReTB # w3J64HLnJN+/RpnF78IcV9uDjexNSTCnq47f7Fufr/zdsGbiwZeBe+3W7UvnSSmn # Eyimp31ngOaKYnhfsi+E11ecXL93KCjx7W3DKI8sj0A3T8HhhUSJxAlMxdSlQy90 # lfdu+HggWCwTXWCVmj5PM4TasIgX3p5O9JawvEagbJjS4NaIjAsCAwEAAaOCAe0w # ggHpMBAGCSsGAQQBgjcVAQQDAgEAMB0GA1UdDgQWBBRIbmTlUAXTgqoXNzcitW2o # ynUClTAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTALBgNVHQ8EBAMCAYYwDwYD # VR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBRyLToCMZBDuRQFTuHqp8cx0SOJNDBa # BgNVHR8EUzBRME+gTaBLhklodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL2Ny # bC9wcm9kdWN0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFfMDNfMjIuY3JsMF4GCCsG # AQUFBwEBBFIwUDBOBggrBgEFBQcwAoZCaHR0cDovL3d3dy5taWNyb3NvZnQuY29t # L3BraS9jZXJ0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFfMDNfMjIuY3J0MIGfBgNV # HSAEgZcwgZQwgZEGCSsGAQQBgjcuAzCBgzA/BggrBgEFBQcCARYzaHR0cDovL3d3 # dy5taWNyb3NvZnQuY29tL3BraW9wcy9kb2NzL3ByaW1hcnljcHMuaHRtMEAGCCsG # AQUFBwICMDQeMiAdAEwAZQBnAGEAbABfAHAAbwBsAGkAYwB5AF8AcwB0AGEAdABl # AG0AZQBuAHQALiAdMA0GCSqGSIb3DQEBCwUAA4ICAQBn8oalmOBUeRou09h0ZyKb # C5YR4WOSmUKWfdJ5DJDBZV8uLD74w3LRbYP+vj/oCso7v0epo/Np22O/IjWll11l # hJB9i0ZQVdgMknzSGksc8zxCi1LQsP1r4z4HLimb5j0bpdS1HXeUOeLpZMlEPXh6 # I/MTfaaQdION9MsmAkYqwooQu6SpBQyb7Wj6aC6VoCo/KmtYSWMfCWluWpiW5IP0 # wI/zRive/DvQvTXvbiWu5a8n7dDd8w6vmSiXmE0OPQvyCInWH8MyGOLwxS3OW560 # STkKxgrCxq2u5bLZ2xWIUUVYODJxJxp/sfQn+N4sOiBpmLJZiWhub6e3dMNABQam # ASooPoI/E01mC8CzTfXhj38cbxV9Rad25UAqZaPDXVJihsMdYzaXht/a8/jyFqGa # J+HNpZfQ7l1jQeNbB5yHPgZ3BtEGsXUfFL5hYbXw3MYbBL7fQccOKO7eZS/sl/ah # XJbYANahRr1Z85elCUtIEJmAH9AAKcWxm6U/RXceNcbSoqKfenoi+kiVH6v7RyOA # 9Z74v2u3S5fi63V4GuzqN5l5GEv/1rMjaHXmr/r8i+sLgOppO6/8MO0ETI7f33Vt # Y5E90Z1WTk+/gFcioXgRMiF670EKsT/7qMykXcGhiJtXcVZOSEXAQsmbdlsKgEhr # /Xmfwb1tbWrJUnMTDXpQzTGCGYwwghmIAgEBMIGVMH4xCzAJBgNVBAYTAlVTMRMw # EQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVN # aWNyb3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNp # Z25pbmcgUENBIDIwMTECEzMAAALLt3U5+wJxQjYAAAAAAsswDQYJYIZIAWUDBAIB # BQCgga4wGQYJKoZIhvcNAQkDMQwGCisGAQQBgjcCAQQwHAYKKwYBBAGCNwIBCzEO # MAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkEMSIEIFD2MW9ByJhAPDCoCRaZVTT3 # t42l2iZbQDXAxJV2SK2MMEIGCisGAQQBgjcCAQwxNDAyoBSAEgBNAGkAYwByAG8A # cwBvAGYAdKEagBhodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20wDQYJKoZIhvcNAQEB # BQAEggEAlO2IpdEONwdsrE+Ybr6XEXcqKTZck/PGtiU8lzKKSgiOMCBGDTvLM9me # tvnVrM2TWcsGe0qosmbCcCksZSpW7CiKfm2ah+nS0+93/u69rG3psAbVb45/T17G # HqT+WbeecKIgEjxAoYmkc7NAJN8jDP5LDBuLfuK38sFtNyWna/vZ076DcmePyacA # f8anomyHBcE6LjlX+Z80jaZR6+MtZmvtGVP1By4SVO5bNn1A6gOP19bn8JlRb2tr # u11maCYF/Gtcuvs/BRGFSilbF3mHl2gimaWKhD6pwgTHDHtlGwuirC86MSs9Aygs # RP3L7zB8Uo2ZJcXnYzu1gk/BhMyu+KGCFxYwghcSBgorBgEEAYI3AwMBMYIXAjCC # Fv4GCSqGSIb3DQEHAqCCFu8wghbrAgEDMQ8wDQYJYIZIAWUDBAIBBQAwggFZBgsq # hkiG9w0BCRABBKCCAUgEggFEMIIBQAIBAQYKKwYBBAGEWQoDATAxMA0GCWCGSAFl # AwQCAQUABCAxMslz3Yhrd/0HOfnFHNuuvsQW6KjjxLRWlrOnyZ8ChQIGYt52BTmk # GBMyMDIyMDgxMDE3MDIzMi4zOTlaMASAAgH0oIHYpIHVMIHSMQswCQYDVQQGEwJV # UzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UE # ChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMS0wKwYDVQQLEyRNaWNyb3NvZnQgSXJl # bGFuZCBPcGVyYXRpb25zIExpbWl0ZWQxJjAkBgNVBAsTHVRoYWxlcyBUU1MgRVNO # OkEyNDAtNEI4Mi0xMzBFMSUwIwYDVQQDExxNaWNyb3NvZnQgVGltZS1TdGFtcCBT # ZXJ2aWNloIIRZTCCBxQwggT8oAMCAQICEzMAAAGNelUueHSZKrcAAQAAAY0wDQYJ # KoZIhvcNAQELBQAwfDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24x # EDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlv # bjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAgUENBIDIwMTAwHhcNMjEx # MDI4MTkyNzQ1WhcNMjMwMTI2MTkyNzQ1WjCB0jELMAkGA1UEBhMCVVMxEzARBgNV # BAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jv # c29mdCBDb3Jwb3JhdGlvbjEtMCsGA1UECxMkTWljcm9zb2Z0IElyZWxhbmQgT3Bl # cmF0aW9ucyBMaW1pdGVkMSYwJAYDVQQLEx1UaGFsZXMgVFNTIEVTTjpBMjQwLTRC # ODItMTMwRTElMCMGA1UEAxMcTWljcm9zb2Z0IFRpbWUtU3RhbXAgU2VydmljZTCC # AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANo0SC2YPjulO3S3LsATzAft # LSVM9MBy6ieX+yiV0LE81k6AA1DGFeMVWZ6fZj01qI1Cf5dzuF6noCwzXbhQDm3I # ray8mORw7MQH1Btf9mIpXEpEj+gnDKln7EsFCxl+c5bFShye7b8INusuni5JVHRT # KYqtveE+LiUHV3eTu5hctL1ZGhjxsTVi22cSjc6irRZ1kO4zLWdOV72n5CFmazUx # b/BhqQJR7UbGdQPCg6OiA0hlTWWV20LPnzsDDhqfwc6HfH9WCPBm9qDf5sdnHL3R # q/ZWueUGXlbDOy302hD0MW4AHC4Fg5SD3Jk83AZLBMyzkLEqQc7Kj2liPcpFcOaH # 5q5BSjG6UE+RDJItrLiaFTOcRoHWVp7f7c9NMbmz0ihYuAeCDBVAfZnADVKvXB2i # 7B2wyfgFLFTtKp1Y8M1z2CXkewvwfF9FJelJCHaZWZp3EGUgSt8mUMvqBrLiSlxQ # KtwZcU+pA7oWGLzu4rS6z3mNJJ7rdaypMaJvrourwnbYQn5wIspJ8kQtpZJ6s8/M # dZg5EOUOjsfaev5XbhbqUiTLYLAjzfXyL636aTAxSL0aFC7BznSyY60ZYvHKOTPr # 2Zn9tKE8WLl8zNLW0bqxCcnAeWTG8M57BR8pjpIMsfDnhZ11d3Gq+ObnoyNQdYql # A23kjcZ73M7joXKc8GnJAgMBAAGjggE2MIIBMjAdBgNVHQ4EFgQUeMyRboefRsKU # 7ko7uEk3H5YoZpMwHwYDVR0jBBgwFoAUn6cVXQBeYl2D9OXSZacbUzUZ6XIwXwYD # VR0fBFgwVjBUoFKgUIZOaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9j # cmwvTWljcm9zb2Z0JTIwVGltZS1TdGFtcCUyMFBDQSUyMDIwMTAoMSkuY3JsMGwG # CCsGAQUFBwEBBGAwXjBcBggrBgEFBQcwAoZQaHR0cDovL3d3dy5taWNyb3NvZnQu # Y29tL3BraW9wcy9jZXJ0cy9NaWNyb3NvZnQlMjBUaW1lLVN0YW1wJTIwUENBJTIw # MjAxMCgxKS5jcnQwDAYDVR0TAQH/BAIwADATBgNVHSUEDDAKBggrBgEFBQcDCDAN # BgkqhkiG9w0BAQsFAAOCAgEANa9zs9JRKt1b6XRZYd2AcXOIZ2JAC8mDw2vRTuF4 # KsJAZvC7G/pSt7WxhoKYukCWyt4jNwStDmwXMEWiVQsRixra+ic/YUbpkchfKOJ9 # st2Iir+KJQcTYxUoUhnPRNvSZlYwZi4Jn40aj3P9qw9uauKMOLgN63PXpImrn4Bo # XEgHXpP5fpAEm86ITrf+c9viJYE+Ht2rklM7dhgCnymQdNmQxliingmN6RC49bbo # esn6ziTzyJzuGWS1t74Cmr7S/HuhSWciaAxTHsCefaBC/gCt3tjNiOCBRPZ+i1Uv # G0vVGzFDL6wJVzeWTNiPBnRwfU23yNe1pv/VH+KrufPDyTe7wiY/bPisWal3ObBk # nC4Koj6iG2zUxPvwBGf3k4sXPWC4E8jKmpGSOfcBqo6zjUEmO7tFRA5BBOopM/hU # hUSis6ckm9Fk4DL1sbC725zfAApiEj5wR2GaBrLDwC+36BhihS3QAU0Atj19fVo6 # 38q7IR3YqkpQrKaiBgU8UWh7cjzK6Nwf9uoD3wpdzAt6wtzRquMRpyBw2Rkos1Jh # oPE5EAJaFXVOXSdb/ddII8WsWlK2hoT/CLbRNEVp1OV0af7BmjZg3DMG8h7kqWhb # J90NtTs4rT+AZzebaax2p4AAu46HuM5i55kZwIlHPbEakNm5rDAL1KbDvJ5ThZoj # NS8wggdxMIIFWaADAgECAhMzAAAAFcXna54Cm0mZAAAAAAAVMA0GCSqGSIb3DQEB # CwUAMIGIMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UE # BxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMTIwMAYD # VQQDEylNaWNyb3NvZnQgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgMjAxMDAe # Fw0yMTA5MzAxODIyMjVaFw0zMDA5MzAxODMyMjVaMHwxCzAJBgNVBAYTAlVTMRMw # EQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVN # aWNyb3NvZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMTHU1pY3Jvc29mdCBUaW1lLVN0 # YW1wIFBDQSAyMDEwMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA5OGm # TOe0ciELeaLL1yR5vQ7VgtP97pwHB9KpbE51yMo1V/YBf2xK4OK9uT4XYDP/XE/H # ZveVU3Fa4n5KWv64NmeFRiMMtY0Tz3cywBAY6GB9alKDRLemjkZrBxTzxXb1hlDc # wUTIcVxRMTegCjhuje3XD9gmU3w5YQJ6xKr9cmmvHaus9ja+NSZk2pg7uhp7M62A # W36MEBydUv626GIl3GoPz130/o5Tz9bshVZN7928jaTjkY+yOSxRnOlwaQ3KNi1w # jjHINSi947SHJMPgyY9+tVSP3PoFVZhtaDuaRr3tpK56KTesy+uDRedGbsoy1cCG # MFxPLOJiss254o2I5JasAUq7vnGpF1tnYN74kpEeHT39IM9zfUGaRnXNxF803RKJ # 1v2lIH1+/NmeRd+2ci/bfV+AutuqfjbsNkz2K26oElHovwUDo9Fzpk03dJQcNIIP # 8BDyt0cY7afomXw/TNuvXsLz1dhzPUNOwTM5TI4CvEJoLhDqhFFG4tG9ahhaYQFz # ymeiXtcodgLiMxhy16cg8ML6EgrXY28MyTZki1ugpoMhXV8wdJGUlNi5UPkLiWHz # NgY1GIRH29wb0f2y1BzFa/ZcUlFdEtsluq9QBXpsxREdcu+N+VLEhReTwDwV2xo3 # xwgVGD94q0W29R6HXtqPnhZyacaue7e3PmriLq0CAwEAAaOCAd0wggHZMBIGCSsG # AQQBgjcVAQQFAgMBAAEwIwYJKwYBBAGCNxUCBBYEFCqnUv5kxJq+gpE8RjUpzxD/ # LwTuMB0GA1UdDgQWBBSfpxVdAF5iXYP05dJlpxtTNRnpcjBcBgNVHSAEVTBTMFEG # DCsGAQQBgjdMg30BATBBMD8GCCsGAQUFBwIBFjNodHRwOi8vd3d3Lm1pY3Jvc29m # dC5jb20vcGtpb3BzL0RvY3MvUmVwb3NpdG9yeS5odG0wEwYDVR0lBAwwCgYIKwYB # BQUHAwgwGQYJKwYBBAGCNxQCBAweCgBTAHUAYgBDAEEwCwYDVR0PBAQDAgGGMA8G # A1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAU1fZWy4/oolxiaNE9lJBb186aGMQw # VgYDVR0fBE8wTTBLoEmgR4ZFaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9j # cmwvcHJvZHVjdHMvTWljUm9vQ2VyQXV0XzIwMTAtMDYtMjMuY3JsMFoGCCsGAQUF # BwEBBE4wTDBKBggrBgEFBQcwAoY+aHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3Br # aS9jZXJ0cy9NaWNSb29DZXJBdXRfMjAxMC0wNi0yMy5jcnQwDQYJKoZIhvcNAQEL # BQADggIBAJ1VffwqreEsH2cBMSRb4Z5yS/ypb+pcFLY+TkdkeLEGk5c9MTO1OdfC # cTY/2mRsfNB1OW27DzHkwo/7bNGhlBgi7ulmZzpTTd2YurYeeNg2LpypglYAA7AF # vonoaeC6Ce5732pvvinLbtg/SHUB2RjebYIM9W0jVOR4U3UkV7ndn/OOPcbzaN9l # 9qRWqveVtihVJ9AkvUCgvxm2EhIRXT0n4ECWOKz3+SmJw7wXsFSFQrP8DJ6LGYnn # 8AtqgcKBGUIZUnWKNsIdw2FzLixre24/LAl4FOmRsqlb30mjdAy87JGA0j3mSj5m # O0+7hvoyGtmW9I/2kQH2zsZ0/fZMcm8Qq3UwxTSwethQ/gpY3UA8x1RtnWN0SCyx # TkctwRQEcb9k+SS+c23Kjgm9swFXSVRk2XPXfx5bRAGOWhmRaw2fpCjcZxkoJLo4 # S5pu+yFUa2pFEUep8beuyOiJXk+d0tBMdrVXVAmxaQFEfnyhYWxz/gq77EFmPWn9 # y8FBSX5+k77L+DvktxW/tM4+pTFRhLy/AsGConsXHRWJjXD+57XQKBqJC4822rpM # +Zv/Cuk0+CQ1ZyvgDbjmjJnW4SLq8CdCPSWU5nR0W2rRnj7tfqAxM328y+l7vzhw # RNGQ8cirOoo6CGJ/2XBjU02N7oJtpQUQwXEGahC0HVUzWLOhcGbyoYIC1DCCAj0C # AQEwggEAoYHYpIHVMIHSMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3Rv # bjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0 # aW9uMS0wKwYDVQQLEyRNaWNyb3NvZnQgSXJlbGFuZCBPcGVyYXRpb25zIExpbWl0 # ZWQxJjAkBgNVBAsTHVRoYWxlcyBUU1MgRVNOOkEyNDAtNEI4Mi0xMzBFMSUwIwYD # VQQDExxNaWNyb3NvZnQgVGltZS1TdGFtcCBTZXJ2aWNloiMKAQEwBwYFKw4DAhoD # FQCAc5WTPU0TQ+D4LaS1kGZEj2FXCaCBgzCBgKR+MHwxCzAJBgNVBAYTAlVTMRMw # EQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVN # aWNyb3NvZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMTHU1pY3Jvc29mdCBUaW1lLVN0 # YW1wIFBDQSAyMDEwMA0GCSqGSIb3DQEBBQUAAgUA5p4LqjAiGA8yMDIyMDgxMDE4 # NDkxNFoYDzIwMjIwODExMTg0OTE0WjB0MDoGCisGAQQBhFkKBAExLDAqMAoCBQDm # nguqAgEAMAcCAQACAh7tMAcCAQACAhFNMAoCBQDmn10qAgEAMDYGCisGAQQBhFkK # BAIxKDAmMAwGCisGAQQBhFkKAwKgCjAIAgEAAgMHoSChCjAIAgEAAgMBhqAwDQYJ # KoZIhvcNAQEFBQADgYEAQWvbOWy5KepBd2y0dbols32v9sCM4/yM/lFCQS6z5luF # YRe0cmIQoLjnlaAQaguPpQCAjisZ5pJoVYZzAXv4Mgorn9TJmT1BH2lfHJnG1m8G # zwacxTHV7n4+E1QNKAXc93uC+9WDx2MLs8ybd6yR78IFPDyDuCq7ZoyduyyrAGYx # ggQNMIIECQIBATCBkzB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3Rv # bjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0 # aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMAITMwAA # AY16VS54dJkqtwABAAABjTANBglghkgBZQMEAgEFAKCCAUowGgYJKoZIhvcNAQkD # MQ0GCyqGSIb3DQEJEAEEMC8GCSqGSIb3DQEJBDEiBCAFDTm7rECRpERsHCM5ZDGH # t/hkJPagt85LzZeElJ3N8TCB+gYLKoZIhvcNAQkQAi8xgeowgecwgeQwgb0EIJ6W # ETP6HV5AwJ839rnS+evVvHHxk4MFbnp0PLbSGM1/MIGYMIGApH4wfDELMAkGA1UE # BhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAc # BgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0 # IFRpbWUtU3RhbXAgUENBIDIwMTACEzMAAAGNelUueHSZKrcAAQAAAY0wIgQgztjA # ODD4tqoBYFZxHIMlsiVa4pI4MrNKWcLwPgULh5owDQYJKoZIhvcNAQELBQAEggIA # JjRqFlWEKvwmNlSTsjEfSd2SsDwcafzIO6hSBKQTJFcem9MwPxejEJlP0RncgXkh # 1QhHL7oFVw0prHjgy9mf4uI2vGi5ica+WpekOlbLqGhaIoDm+DtrEsRWlSjwDXi+ # T8WgLRGq5NHHME0NIyoUa8nwjs1pkgHRiNUkwo/xb6uqD4P8n5terdIJyqeTkttp # 0jy/5q6pPdppouMwbxty6/rq2H6uFyN+vFazwTZ9+Dmg+m0aFk5GAZOgI5QutfqT # yQQiwYhM//GUZArqFsCtP2AKbZdLcixuWbOWbBJ97dmlV1jSFuV6tnvvHbfNu0v5 # SDLrzn7o2D1b/QRZnpEN8dL+NGpUza3E62Xl5J1sOLar047R6+YMt97gyZOGwZGE # e6IsCx+Q0+CE495BYkgxF/l94GsFrlxgs8eDQZAy0pXcH61dXiNOiI1AHU/ZpMVV # JoLRSd45qyv26DBghe5kM8K4VI5MNsbIqTxcexneU6ZznPI1uBtu8e0roy3+gw1L # YbxskaJliia4dOtuyIiY13c9hR7BaGNq/xpRY1yR5Njno5U6Xf9Qg+jgZfc5Qj+m # BSX2wPAhv75S2DuChgODyN3032ZVjMDTaPkxq/EiaWs3vr7MJWUngpSzr1d8MZA4 # GwdTGCoXu+/l7vD5cxy3iA32Atedc4CP1++wslxzxrM= # SIG # End signature block |