Modules/ScubaConfig/ScubaConfig.psm1
|
using module '.\ScubaConfigValidator.psm1' class ScubaConfig { <# .SYNOPSIS ScubaConfig is a class that provides validation to ScubaGear YAML/JSON configuration files .DESCRIPTION ScubaConfig implements a singleton configuration management class that manages configuration state throughout the PowerShell session. It integrates tightly with ScubaConfigValidator to provide validation using JSON Schema and default rules. .EXAMPLE # Basic usage - Get singleton instance and load configuration using module '.\ScubaConfig.psm1' $Config = [ScubaConfig]::GetInstance() $Success = $Config.LoadConfig("C:\MyConfig\scuba-config.yaml") .EXAMPLE # Access default values and configuration schema $DefaultOPAPath = [ScubaConfig]::ScubaDefault('DefaultOPAPath') $AllProducts = [ScubaConfig]::ScubaDefault('AllProductNames') $SupportedEnvironments = [ScubaConfig]::GetSupportedEnvironments() #> # Static properties for singleton instance and cached resources # Singleton pattern ensures only one configuration instance exists per PowerShell session hidden static [ScubaConfig]$_Instance = [ScubaConfig]::new() # Track whether a configuration file has been successfully loaded hidden static [Boolean]$_IsLoaded = $false # Track whether the validator subsystem has been initialized hidden static [Boolean]$_ValidatorInitialized = $false # Cached configuration defaults loaded from JSON file hidden static [object]$_ConfigDefaults = $null # Cached JSON schema used for validation hidden static [object]$_ConfigSchema = $null # Initializes validator subsystem once per session - loads schema/defaults from JSON files, # caches resources in static properties for performance. # This is called automatically when needed and uses lazy loading pattern static [void] InitializeValidator() { # Only initialize if not already done (singleton initialization) if (-not [ScubaConfig]::_ValidatorInitialized) { # Get the directory containing this module file $ModulePath = Split-Path -Parent $PSCommandPath # Initialize the validator with the module path [ScubaConfigValidator]::Initialize($ModulePath) # Cache the loaded defaults and schema for fast access [ScubaConfig]::_ConfigDefaults = [ScubaConfigValidator]::GetDefaults() [ScubaConfig]::_ConfigSchema = [ScubaConfigValidator]::GetSchema() # Mark as initialized to prevent duplicate initialization [ScubaConfig]::_ValidatorInitialized = $true } } # Resolves configuration defaults using naming conventions. "Default" prefix maps to defaults section. # Special processing: DefaultOPAPath expands ~, DefaultOutPath resolves ., wildcard handling for products. # This method provides a unified interface for accessing default values with automatic path resolution static [object]ScubaDefault ([string]$Name){ # Ensure validator is initialized before accessing cached defaults [ScubaConfig]::InitializeValidator() # Dynamically resolve configuration values based on naming conventions # This eliminates the need to maintain static mappings in multiple places # and makes the system more maintainable # Handle special cases that require path processing or expansion if ($Name -eq 'DefaultOPAPath') { # Get the raw path from defaults configuration $Path = [ScubaConfig]::_ConfigDefaults.defaults.OPAPath # Expand tilde (~) to user's home directory if present if ($Path -eq "~/.scubagear/Tools") { try { # Convert Unix-style path to Windows path in user's profile return Join-Path -Path $env:USERPROFILE -ChildPath ".scubagear\Tools" } catch { # Fallback to current directory if home directory expansion fails return "." } } return $Path } elseif ($Name -eq 'DefaultOutPath') { $Path = [ScubaConfig]::_ConfigDefaults.defaults.OutPath if ($Path -eq ".") { return Get-Location | Select-Object -ExpandProperty ProviderPath } return $Path } elseif ($Name -eq 'AllProductNames') { return [ScubaConfig]::_ConfigDefaults.defaults.AllProductNames } elseif ($Name -eq 'DefaultPrivilegedRoles') { return [ScubaConfig]::_ConfigDefaults.privilegedRoles } elseif ($Name.StartsWith('Default')) { # For standard "Default" prefixed names, auto-resolve from defaults section $ConfigKey = $Name.Substring(7) # Remove 'Default' prefix # Check if the property exists in defaults if ([ScubaConfig]::_ConfigDefaults.defaults.PSObject.Properties.Name -contains $ConfigKey) { return [ScubaConfig]::_ConfigDefaults.defaults.$ConfigKey } else { throw "Unknown default configuration key: $Name. Property '$ConfigKey' not found in defaults section." } } else { # If no mapping found, throw error throw "Unknown default configuration key: $Name. Available keys: $((Get-Member -InputObject [ScubaConfig]::_ConfigDefaults -MemberType NoteProperty).Name -join ', ')" } } # Returns default OPA version from configuration. Wrapper around ScubaDefault('DefaultOPAVersion'). static [string]GetOpaVersion() { return [ScubaConfig]::ScubaDefault('DefaultOPAVersion') } static [array]GetCompatibleOpaVersions() { [ScubaConfig]::InitializeValidator() return [ScubaConfig]::_ConfigDefaults.metadata.compatibleOpaVersions } static [string] GetOpaExecutable([string]$OperatingSystem) { [ScubaConfig]::InitializeValidator() if ([string]::IsNullOrWhiteSpace($OperatingSystem)) { throw "OperatingSystem parameter cannot be null or whitespace." } $OPAExecutables = [ScubaConfig]::_ConfigDefaults.defaults.OPAExecutable if ($null -eq $OPAExecutables) { throw "OPAExecutable default configuration does not exist." } $validKeys = @($OPAExecutables.PSObject.Properties.Name) $requestedKey = $OperatingSystem.Trim().ToLower() $matchedKey = $validKeys | Where-Object { $_.ToLower() -eq $requestedKey } | Select-Object -First 1 if (-not $matchedKey) { throw "No OPA executable found for operating system: $OperatingSystem" } return $OPAExecutables.$matchedKey } # Loads configuration file with full validation enabled (delegates to main LoadConfig with SkipValidation=false). [Boolean]LoadConfig([System.IO.FileInfo]$Path){ return $this.LoadConfig($Path, $false) } # Primary config loading method. Resets singleton, validates file format, parses content, applies defaults. # SkipValidation=true allows deferred validation after command-line overrides are applied. # This method implements a two-phase validation approach for flexibility: # Phase 1: Always validate file format (extension, size, YAML syntax) # Phase 2: Optionally validate content (schema, Scuba configuration rules) based on SkipValidation parameter [Boolean]LoadConfig([System.IO.FileInfo]$Path, [Boolean]$SkipValidation){ # First, verify the file exists before attempting to load it # This provides a clear error message rather than letting file operations fail later if (-Not (Test-Path -PathType Leaf $Path)){ throw [System.IO.FileNotFoundException]"Failed to load: $Path" } # Reset the singleton to ensure clean state before loading new configuration # This prevents contamination from previously loaded configurations in the same session [ScubaConfig]::ResetInstance() # Ensure the validator subsystem is ready [ScubaConfig]::InitializeValidator() # Phase 1: Always validate basic file format (extension, size, YAML syntax) # This catches fundamental issues early before processing Write-Debug "Loading configuration file: $Path" # Use the default debug mode from configuration instead of hardcoding false # This allows the debug behavior to be controlled via configuration files $Defaults = [ScubaConfig]::_ConfigDefaults $DefaultDebugMode = if ($Defaults.outputSettings -and $Defaults.outputSettings.debugMode) { $Defaults.outputSettings.debugMode } else { $false } Write-Debug "Using debug mode: $DefaultDebugMode (from configuration default)" # Perform initial validation with Scuba configuration rules skipped (SkipScubaConfigRules=true) # This validates file format, extension, size, and YAML parsing but defers content validation # Schema and content validation happen later in ValidateConfiguration() $ValidationResult = [ScubaConfigValidator]::ValidateYamlFile($Path.FullName, $DefaultDebugMode, $true) # Check for file format errors (extension, size, YAML parsing) # These are fundamental issues that prevent any further processing if (-not $ValidationResult.IsValid) { # Build error message with simple bullet list (no categorization for format errors) $Plural = if ($ValidationResult.ValidationErrors.Count -ne 1) { 's' } else { '' } $ErrorMessage = "Configuration file format validation failed ($($ValidationResult.ValidationErrors.Count) error$Plural):`n" foreach ($ErrorMsg in $ValidationResult.ValidationErrors) { $ErrorMessage += " - $ErrorMsg`n" } throw $ErrorMessage } # Display warnings if any (file size approaching limits, deprecated formats, etc.) # Warnings don't prevent loading but provide important user guidance if ($ValidationResult.Warnings.Count -gt 0) { foreach ($Warning in $ValidationResult.Warnings) { Write-Warning $Warning } } # Use the already parsed content from validation to avoid re-parsing # The validator has already converted YAML to PowerShell objects safely $this.Configuration = $ValidationResult.ParsedContent # Convert to hashtable for compatibility with internal configuration management # PSCustomObjects from YAML parsing need to be converted to hashtables for consistent access patterns if ($this.Configuration -is [PSCustomObject]) { $this.Configuration = [ScubaConfig]::ConvertPSObjectToHashtable($this.Configuration) } # Perform full content validation BEFORE adding defaults to avoid false "unknown property" warnings # This validates the actual YAML content without default values that would trigger warnings if (-not $SkipValidation) { # Validate the complete configuration including schema, Scuba configuration rules, and policy references $this.ValidateConfiguration() } # Apply default values and process special configuration properties # This ensures all required properties have values and handles wildcards, path expansion, etc. $this.SetParameterDefaults() # Mark configuration as successfully loaded [ScubaConfig]::_IsLoaded = $true return [ScubaConfig]::_IsLoaded } # Validates current configuration state after overrides. Performs schema + Scuba configuration rules + policy validation. # Used for deferred validation pattern where config is loaded with SkipValidation=true then validated after overrides. # This allows command-line parameters to override config file values before final validation. # The method implements a comprehensive validation strategy with multiple phases and detailed error reporting. [void]ValidateConfiguration(){ Write-Debug "Validating final configuration state" # Convert internal hashtable representation back to PSCustomObject for validator compatibility # The validator expects PSCustomObject format for consistent property access across different PowerShell object types # This conversion is necessary because the internal configuration uses hashtables for performance $ConfigObject = [PSCustomObject]$this.Configuration # Phase 1: Perform JSON Schema validation (structure, types, constraints) # This validates against the formal schema definition including data types, patterns, and structural requirements # Schema validation catches fundamental issues like wrong data types, missing required fields, invalid formats $SchemaValidation = [ScubaConfigValidator]::ValidateAgainstSchema($ConfigObject, $false) # Phase 2: Perform Scuba configuration rule validation (paths, content quality, cross-field validation) # This layer adds domain-specific validation beyond what JSON Schema can express # Scuba configuration rules include file path existence, cross-field dependencies, and ScubaGear-specific requirements $ScubaConfigValidation = [ScubaConfigValidator]::ValidateScubaConfigRules($ConfigObject, $false) # Collect and display all warnings FIRST # Warnings don't prevent execution but provide important guidance and notices $AllWarnings = @() # Include pre-validation warnings (e.g., wildcard with other products) if ($this.Configuration.ContainsKey('_PreValidationWarnings')) { $AllWarnings += $this.Configuration._PreValidationWarnings } $AllWarnings += $SchemaValidation.Warnings $AllWarnings += $ScubaConfigValidation.Warnings $AllWarnings = $AllWarnings | Select-Object -Unique if ($AllWarnings.Count -gt 0) { $WarningPlural = if ($AllWarnings.Count -ne 1) { 's' } else { '' } $WarningMessage = "Configuration validation found $($AllWarnings.Count) warning$WarningPlural`:`n" foreach ($Warning in $AllWarnings) { $WarningMessage += " - $Warning`n" } Write-Warning $WarningMessage } # Collect all errors from both validation phases (remove duplicates) # This provides a comprehensive view of all configuration issues in a single validation run $AllErrors = @() $AllErrors += $SchemaValidation.Errors $AllErrors += $ScubaConfigValidation.Errors $AllErrors = $AllErrors | Select-Object -Unique # Phase 3: Legacy validation for policy IDs (respect validation flags) # This maintains backward compatibility while allowing selective disabling of policy validation # Validate OmitPolicy entries if present # OmitPolicy allows users to exclude specific policies from assessment if ($this.Configuration.OmitPolicy) { try { # Validate that omitted policy IDs are properly formatted and reference valid products [ScubaConfig]::ValidatePolicyConfiguration($this.Configuration.OmitPolicy, "OmitPolicy", $this.Configuration.ProductNames) } catch { # Capture policy validation errors and add to the overall error collection $AllErrors += $_.Exception.Message } } # Validate AnnotatePolicy entries if present # AnnotatePolicy allows users to add metadata and comments to specific policy results if ($this.Configuration.AnnotatePolicy) { try { # Validate that annotated policy IDs are properly formatted and reference valid products [ScubaConfig]::ValidatePolicyConfiguration($this.Configuration.AnnotatePolicy, "AnnotatePolicy", $this.Configuration.ProductNames) } catch { # Capture policy validation errors and add to the overall error collection $AllErrors += $_.Exception.Message } } # If any validation errors were found, throw a comprehensive error message # This prevents execution with invalid configuration and provides clear guidance for remediation if ($AllErrors.Count -gt 0) { # Categorize errors for better organization $CategorizedErrors = [ScubaConfigValidator]::CategorizeErrors($AllErrors) # Build complete error message with categorized errors and recommended action $Plural = if ($AllErrors.Count -ne 1) { 's' } else { '' } $ErrorMessage = "Configuration validation failed ($($AllErrors.Count) error$Plural):`n" foreach ($ErrorLine in $CategorizedErrors) { $ErrorMessage += "$ErrorLine`n" } # Add recommended action message $ErrorMessage += "`n--- RECOMMENDED ACTION ---`n" foreach ($Line in [ScubaConfig]::_ConfigDefaults.outputSettings.recommendedActionMessage) { $ErrorMessage += "$Line`n" } throw $ErrorMessage } } # Clears configuration data from singleton instance. Used by ResetInstance() for clean state. hidden [void]ClearConfiguration(){ $this.Configuration = $null } # Recursively converts PSCustomObject to hashtable for internal storage compatibility. # YAML parsing creates PSCustomObjects, but internal config uses hashtables for performance. # This conversion is necessary because: # 1. Hashtables provide faster property access than PSCustomObjects # 2. Hashtables have more predictable behavior with dynamic property names # 3. Legacy ScubaGear code expects hashtable interface for configuration access # 4. Hashtables work better with PowerShell's automatic variable expansion hidden static [hashtable] ConvertPSObjectToHashtable([PSCustomObject]$Object) { $Hashtable = @{} # Process each property from the PSCustomObject foreach ($Property in $Object.PSObject.Properties) { # Recursively convert nested PSCustomObjects to nested hashtables # This handles complex configuration structures like exclusion policies if ($Property.Value -is [PSCustomObject]) { $Hashtable[$Property.Name] = [ScubaConfig]::ConvertPSObjectToHashtable($Property.Value) } # Handle arrays that might contain PSCustomObjects (like ProductNames with complex structures) # Arrays in YAML can contain both simple values and complex objects elseif ($Property.Value -is [Array] -or $Property.Value -is [System.Collections.IList]) { $Array = @() foreach ($Item in $Property.Value) { # Convert any PSCustomObjects within the array to hashtables if ($Item -is [PSCustomObject]) { $Array += [ScubaConfig]::ConvertPSObjectToHashtable($Item) } else { # Keep primitive types (strings, numbers, booleans) as-is $Array += $Item } } $Hashtable[$Property.Name] = $Array } else { # For primitive types (string, int, bool), copy directly # No conversion needed for these basic data types $Hashtable[$Property.Name] = $Property.Value } } return $Hashtable } # Validates policy configuration entries for format compliance and product alignment. # This method ensures that OmitPolicy and AnnotatePolicy sections contain valid policy IDs # and that referenced products are actually selected for scanning in ProductNames. # Policy IDs must follow the format: MS.{PRODUCT}.{GROUP}.{NUMBER}v{VERSION} hidden static [void] ValidatePolicyConfiguration([object]$PolicyConfig, [string]$ActionType, [array]$ProductNames) { [ScubaConfig]::InitializeValidator() $Defaults = [ScubaConfig]::_ConfigDefaults # Process each policy ID in the configuration section (OmitPolicy or AnnotatePolicy) foreach ($Policy in $PolicyConfig.Keys) { # Validate policy ID format against the regex pattern from configuration # Pattern ensures proper format: MS.{PRODUCT}.{GROUP}.{NUMBER}v{VERSION} # Example valid IDs: MS.AAD.1.1v1, MS.DEFENDER.2.3v2, MS.EXO.1.4v1 if (-not ($Policy -match $Defaults.validation.policyIdPattern)) { # Try to extract product from malformed policy ID to provide helpful error message # Split on periods to get potential product name for better error guidance $PolicyParts = $Policy -split "\." $ProductInPolicy = if ($PolicyParts.Length -ge 2 -and $PolicyParts[1]) { $PolicyParts[1] } else { $null } # Generate user-friendly format example using the validator's helper method # This provides context-specific guidance (e.g., "MS.AAD.#.#v#" if product detected) $ExampleFormat = [ScubaConfigValidator]::ConvertPatternToExample($Defaults.validation.policyIdPattern, $ProductInPolicy) # Build contextual error message based on the action type # Use proper grammar and terminology for each action type $ErrorMessage = "${ActionType}: '$Policy' is not a valid policy ID. " $ErrorMessage += "Expected format: $ExampleFormat. " #$ErrorMessage += "Policy ID does not match expected format." throw $ErrorMessage } # Extract the product name from the policy ID (second component after splitting on periods) # Policy ID format: MS.{PRODUCT}.{GROUP}.{NUMBER}v{VERSION} # Convert to lowercase for case-insensitive comparison with ProductNames $Product = ($Policy -Split "\.")[1].ToLower() # Determine which products are effectively selected for scanning # Handle wildcard case where all products are selected $EffectiveProducts = $ProductNames if ($ProductNames -contains '*') { # Expand wildcard to all available products from configuration $EffectiveProducts = $Defaults.defaults.AllProductNames } # Verify that the referenced product is actually going to be scanned # Prevents configuration errors where policies are specified for products not being tested if (-not ($EffectiveProducts -Contains $Product)) { # Build error message with proper action prefix and clear explanation $ErrorMessage = "${ActionType}: '$Policy' references product '$Product' which is not in the selected ProductNames: $(($EffectiveProducts -join ', ').ToUpper())." throw $ErrorMessage } } } # Internal configuration storage as hashtable hidden [hashtable]$Configuration # Applies default values and processes special configuration properties (wildcards, path expansion). # This method ensures all required properties have values and handles special cases like path resolution. # It implements a two-phase approach: 1) Apply defaults for missing properties, 2) Process special cases. hidden [void]SetParameterDefaults(){ Write-Debug "Setting ScubaConfig default values from configuration." # Get the defaults section from cached configuration # This contains fallback values for all configurable properties $Defaults = [ScubaConfig]::_ConfigDefaults.defaults # Phase 1: Apply default values for any properties not explicitly set in the configuration file # This ensures the configuration is complete even if the YAML file is minimal or missing properties # Iterate through all default properties and set any missing values foreach ($PropertyName in $Defaults.PSObject.Properties.Name) { # Only set default if the property wasn't explicitly provided in the configuration file # This respects user's explicit choices while filling in gaps with sensible defaults if (-not $this.Configuration.$PropertyName) { Write-Debug "Setting default value for '$PropertyName'" # Copy the default value from the defaults configuration $this.Configuration[$PropertyName] = $Defaults.$PropertyName } } # Phase 2: Special processing for properties that require additional logic beyond simple defaults # These properties need custom handling for wildcards, path resolution, or data transformation # Special handling for ProductNames (wildcard expansion and uniqueness) # ProductNames determines which Microsoft 365 products will be scanned if ($this.Configuration.ProductNames) { # Check for wildcard with other products before expansion # Store warning to display later with validation warnings for consistency # This is a common user mistake that can lead to confusion about which products are scanned if ($this.Configuration.ProductNames.Contains('*') -and $this.Configuration.ProductNames.Count -gt 1) { if (-not $this.Configuration.ContainsKey('_PreValidationWarnings')) { $this.Configuration._PreValidationWarnings = [System.Collections.ArrayList]::new() } [void]$this.Configuration._PreValidationWarnings.Add("ProductNames contains wildcard '*' with other products. Wildcard takes precedence.") } # Handle wildcard '*' by expanding to all supported products # This provides a convenient way to scan all available Microsoft 365 products if ($this.Configuration.ProductNames.Contains('*')) { $this.Configuration.ProductNames = [ScubaConfig]::ScubaDefault('AllProductNames') Write-Debug "Setting ProductNames to all products because of wildcard" } else { # Remove duplicates and sort for consistency # This handles cases where users accidentally specify the same product multiple times Write-Debug "ProductNames provided - ensuring uniqueness." $this.Configuration.ProductNames = @($this.Configuration.ProductNames | Sort-Object -Unique) } } # Special handling for OPAPath (expand Unix-style home directory reference) # Convert tilde (~) to actual Windows user profile path for cross-platform compatibility if ($this.Configuration.OPAPath -eq "~/.scubagear/Tools") { try { # Build the full path using Windows conventions # This allows Unix-style path notation to work on Windows systems $this.Configuration.OPAPath = Join-Path -Path $env:USERPROFILE -ChildPath ".scubagear\Tools" } catch { # Fallback to current directory if profile path resolution fails # This ensures the configuration is still usable even if home directory access fails $this.Configuration.OPAPath = "." } } # Special handling for OutPath (resolve relative current directory reference) # Convert '.' to the actual current working directory path for absolute path consistency if ($this.Configuration.OutPath -eq ".") { # Get the current working directory as an absolute path # This ensures output files are written to a predictable location $this.Configuration.OutPath = Get-Location | Select-Object -ExpandProperty ProviderPath } return } # enforces singleton pattern by preventing direct instantiation. hidden ScubaConfig(){ } # Resets singleton to clean state. Primarily used in testing scenarios for isolation. static [void]ResetInstance(){ [ScubaConfig]::_Instance.ClearConfiguration() [ScubaConfig]::_IsLoaded = $false # Allow reinitialization of the validator when tests call ResetInstance [ScubaConfig]::_ValidatorInitialized = $false # Always: force cleanup for CI runs [GC]::Collect() [GC]::WaitForPendingFinalizers() return } # Returns the singleton instance. Initializes validator subsystem on first access. static [ScubaConfig]GetInstance(){ [ScubaConfig]::InitializeValidator() return [ScubaConfig]::_Instance } # Returns configuration defaults object loaded from ScubaConfigDefaults.json. static [object] GetConfigDefaults() { [ScubaConfig]::InitializeValidator() return [ScubaConfig]::_ConfigDefaults } # Returns JSON Schema object loaded from ScubaConfigSchema.json for configuration validation. static [object] GetConfigSchema() { [ScubaConfig]::InitializeValidator() return [ScubaConfig]::_ConfigSchema } # Validates configuration file without loading it. Returns detailed validation results. static [ValidationResult] ValidateConfigFile([string]$Path) { [ScubaConfig]::InitializeValidator() return [ScubaConfigValidator]::ValidateYamlFile($Path) } # Returns array of all supported product names from defaults configuration. static [array] GetSupportedProducts() { [ScubaConfig]::InitializeValidator() return [ScubaConfig]::_ConfigDefaults.defaults.AllProductNames } # Returns array of supported M365 environment names (commercial, gcc, gcchigh, dod). static [array] GetSupportedEnvironments() { [ScubaConfig]::InitializeValidator() return [ScubaConfig]::_ConfigSchema.properties.M365Environment.enum } # Returns configuration information for specified product (baseline file, capabilities, etc.). static [object] GetProductInfo([string]$ProductName) { [ScubaConfig]::InitializeValidator() # Products are not stored in defaults anymore, return a simple object with the product name # This maintains backward compatibility for code that expects this method to work return @{ name = $ProductName } } # Returns array of privileged administrative roles for security validation. static [array] GetPrivilegedRoles() { [ScubaConfig]::InitializeValidator() return [ScubaConfig]::_ConfigDefaults.privilegedRoles } } # SIG # Begin signature block # MIIu9wYJKoZIhvcNAQcCoIIu6DCCLuQCAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCDtzK+XnXX28hPo # YbJ64TWMD28sVDacHu0Pz2YnIlym3aCCE6MwggWQMIIDeKADAgECAhAFmxtXno4h # MuI5B72nd3VcMA0GCSqGSIb3DQEBDAUAMGIxCzAJBgNVBAYTAlVTMRUwEwYDVQQK # EwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xITAfBgNV # BAMTGERpZ2lDZXJ0IFRydXN0ZWQgUm9vdCBHNDAeFw0xMzA4MDExMjAwMDBaFw0z # ODAxMTUxMjAwMDBaMGIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJ # bmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xITAfBgNVBAMTGERpZ2lDZXJ0 # IFRydXN0ZWQgUm9vdCBHNDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB # AL/mkHNo3rvkXUo8MCIwaTPswqclLskhPfKK2FnC4SmnPVirdprNrnsbhA3EMB/z # G6Q4FutWxpdtHauyefLKEdLkX9YFPFIPUh/GnhWlfr6fqVcWWVVyr2iTcMKyunWZ # anMylNEQRBAu34LzB4TmdDttceItDBvuINXJIB1jKS3O7F5OyJP4IWGbNOsFxl7s # Wxq868nPzaw0QF+xembud8hIqGZXV59UWI4MK7dPpzDZVu7Ke13jrclPXuU15zHL # 2pNe3I6PgNq2kZhAkHnDeMe2scS1ahg4AxCN2NQ3pC4FfYj1gj4QkXCrVYJBMtfb # BHMqbpEBfCFM1LyuGwN1XXhm2ToxRJozQL8I11pJpMLmqaBn3aQnvKFPObURWBf3 # JFxGj2T3wWmIdph2PVldQnaHiZdpekjw4KISG2aadMreSx7nDmOu5tTvkpI6nj3c # AORFJYm2mkQZK37AlLTSYW3rM9nF30sEAMx9HJXDj/chsrIRt7t/8tWMcCxBYKqx # YxhElRp2Yn72gLD76GSmM9GJB+G9t+ZDpBi4pncB4Q+UDCEdslQpJYls5Q5SUUd0 # viastkF13nqsX40/ybzTQRESW+UQUOsxxcpyFiIJ33xMdT9j7CFfxCBRa2+xq4aL # T8LWRV+dIPyhHsXAj6KxfgommfXkaS+YHS312amyHeUbAgMBAAGjQjBAMA8GA1Ud # EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBTs1+OC0nFdZEzf # Lmc/57qYrhwPTzANBgkqhkiG9w0BAQwFAAOCAgEAu2HZfalsvhfEkRvDoaIAjeNk # aA9Wz3eucPn9mkqZucl4XAwMX+TmFClWCzZJXURj4K2clhhmGyMNPXnpbWvWVPjS # PMFDQK4dUPVS/JA7u5iZaWvHwaeoaKQn3J35J64whbn2Z006Po9ZOSJTROvIXQPK # 7VB6fWIhCoDIc2bRoAVgX+iltKevqPdtNZx8WorWojiZ83iL9E3SIAveBO6Mm0eB # cg3AFDLvMFkuruBx8lbkapdvklBtlo1oepqyNhR6BvIkuQkRUNcIsbiJeoQjYUIp # 5aPNoiBB19GcZNnqJqGLFNdMGbJQQXE9P01wI4YMStyB0swylIQNCAmXHE/A7msg # dDDS4Dk0EIUhFQEI6FUy3nFJ2SgXUE3mvk3RdazQyvtBuEOlqtPDBURPLDab4vri # RbgjU2wGb2dVf0a1TD9uKFp5JtKkqGKX0h7i7UqLvBv9R0oN32dmfrJbQdA75PQ7 # 9ARj6e/CVABRoIoqyc54zNXqhwQYs86vSYiv85KZtrPmYQ/ShQDnUBrkG5WdGaG5 # nLGbsQAe79APT0JsyQq87kP6OnGlyE0mpTX9iV28hWIdMtKgK1TtmlfB2/oQzxm3 # i0objwG2J5VT6LaJbVu8aNQj6ItRolb58KaAoNYes7wPD1N1KarqE3fk3oyBIa0H # EEcRrYc9B9F1vM/zZn4wggawMIIEmKADAgECAhAIrUCyYNKcTJ9ezam9k67ZMA0G # CSqGSIb3DQEBDAUAMGIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJ # bmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xITAfBgNVBAMTGERpZ2lDZXJ0 # IFRydXN0ZWQgUm9vdCBHNDAeFw0yMTA0MjkwMDAwMDBaFw0zNjA0MjgyMzU5NTla # MGkxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5EaWdpQ2VydCwgSW5jLjFBMD8GA1UE # AxM4RGlnaUNlcnQgVHJ1c3RlZCBHNCBDb2RlIFNpZ25pbmcgUlNBNDA5NiBTSEEz # ODQgMjAyMSBDQTEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDVtC9C # 0CiteLdd1TlZG7GIQvUzjOs9gZdwxbvEhSYwn6SOaNhc9es0JAfhS0/TeEP0F9ce # 2vnS1WcaUk8OoVf8iJnBkcyBAz5NcCRks43iCH00fUyAVxJrQ5qZ8sU7H/Lvy0da # E6ZMswEgJfMQ04uy+wjwiuCdCcBlp/qYgEk1hz1RGeiQIXhFLqGfLOEYwhrMxe6T # SXBCMo/7xuoc82VokaJNTIIRSFJo3hC9FFdd6BgTZcV/sk+FLEikVoQ11vkunKoA # FdE3/hoGlMJ8yOobMubKwvSnowMOdKWvObarYBLj6Na59zHh3K3kGKDYwSNHR7Oh # D26jq22YBoMbt2pnLdK9RBqSEIGPsDsJ18ebMlrC/2pgVItJwZPt4bRc4G/rJvmM # 1bL5OBDm6s6R9b7T+2+TYTRcvJNFKIM2KmYoX7BzzosmJQayg9Rc9hUZTO1i4F4z # 8ujo7AqnsAMrkbI2eb73rQgedaZlzLvjSFDzd5Ea/ttQokbIYViY9XwCFjyDKK05 # huzUtw1T0PhH5nUwjewwk3YUpltLXXRhTT8SkXbev1jLchApQfDVxW0mdmgRQRNY # mtwmKwH0iU1Z23jPgUo+QEdfyYFQc4UQIyFZYIpkVMHMIRroOBl8ZhzNeDhFMJlP # /2NPTLuqDQhTQXxYPUez+rbsjDIJAsxsPAxWEQIDAQABo4IBWTCCAVUwEgYDVR0T # AQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUaDfg67Y7+F8Rhvv+YXsIiGX0TkIwHwYD # VR0jBBgwFoAU7NfjgtJxXWRM3y5nP+e6mK4cD08wDgYDVR0PAQH/BAQDAgGGMBMG # A1UdJQQMMAoGCCsGAQUFBwMDMHcGCCsGAQUFBwEBBGswaTAkBggrBgEFBQcwAYYY # aHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEEGCCsGAQUFBzAChjVodHRwOi8vY2Fj # ZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRUcnVzdGVkUm9vdEc0LmNydDBDBgNV # HR8EPDA6MDigNqA0hjJodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRU # cnVzdGVkUm9vdEc0LmNybDAcBgNVHSAEFTATMAcGBWeBDAEDMAgGBmeBDAEEATAN # BgkqhkiG9w0BAQwFAAOCAgEAOiNEPY0Idu6PvDqZ01bgAhql+Eg08yy25nRm95Ry # sQDKr2wwJxMSnpBEn0v9nqN8JtU3vDpdSG2V1T9J9Ce7FoFFUP2cvbaF4HZ+N3HL # IvdaqpDP9ZNq4+sg0dVQeYiaiorBtr2hSBh+3NiAGhEZGM1hmYFW9snjdufE5Btf # Q/g+lP92OT2e1JnPSt0o618moZVYSNUa/tcnP/2Q0XaG3RywYFzzDaju4ImhvTnh # OE7abrs2nfvlIVNaw8rpavGiPttDuDPITzgUkpn13c5UbdldAhQfQDN8A+KVssIh # dXNSy0bYxDQcoqVLjc1vdjcshT8azibpGL6QB7BDf5WIIIJw8MzK7/0pNVwfiThV # 9zeKiwmhywvpMRr/LhlcOXHhvpynCgbWJme3kuZOX956rEnPLqR0kq3bPKSchh/j # wVYbKyP/j7XqiHtwa+aguv06P0WmxOgWkVKLQcBIhEuWTatEQOON8BUozu3xGFYH # Ki8QxAwIZDwzj64ojDzLj4gLDb879M4ee47vtevLt/B3E+bnKD+sEq6lLyJsQfmC # XBVmzGwOysWGw/YmMwwHS6DTBwJqakAwSEs0qFEgu60bhQjiWQ1tygVQK+pKHJ6l # /aCnHwZ05/LWUpD9r4VIIflXO7ScA+2GRfS0YW6/aOImYIbqyK+p/pQd52MbOoZW # eE4wggdXMIIFP6ADAgECAhAMM6tnPejLgA9WVhXroQvSMA0GCSqGSIb3DQEBCwUA # MGkxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5EaWdpQ2VydCwgSW5jLjFBMD8GA1UE # AxM4RGlnaUNlcnQgVHJ1c3RlZCBHNCBDb2RlIFNpZ25pbmcgUlNBNDA5NiBTSEEz # ODQgMjAyMSBDQTEwHhcNMjYwMTE0MDAwMDAwWhcNMjcwMTEzMjM1OTU5WjBfMQsw # CQYDVQQGEwJVUzEdMBsGA1UECBMURGlzdHJpY3Qgb2YgQ29sdW1iaWExEzARBgNV # BAcTCldhc2hpbmd0b24xDTALBgNVBAoTBENJU0ExDTALBgNVBAMTBENJU0EwggIi # MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCuXYolNHqlh6smLTE592waXheZ # 8VHzxeds4pMaepGuwmjf8d1jG9wUNuJX9/qb0a1dgGz5D/EAz5NRTIin4SZYQEE8 # qvdl2yQJ5uWxXIjsFbrOyc1fWscUXw0Kt7OPLOafcEkdDoe8K0tO4h2GL3RWRzjp # uLfQhhnAmD6NT1l+ughnfmarV/ODgIn/RFR4YORlu4YP2xQX6KRxeTDslg7F+z6X # +t87/U8m8gQ9XTm5kBmteP4GcE/ytnyI+ScIxNRybzGomWIBm848XDE5yYhlYQ2R # SnCoo6M4CRqp9WFGVyoLkoPP0OlxzryKWaE1/nuPbYG/kf/rUB1OhqxvSSGwmNhs # vkkjsC0Z9H5Jy6heFdoxOu/+ZQksKoP/fMvHxuCCtkIJbV8tk0oT6MQ8EJbgsWDZ # TKhui1wxW6JIZyBOMPWoZUOouOzo2h5Cz7LBPKME5FkcUzcs47lpRlDkJco4PLcj # wJSo4XPnx3G/2DIjNEFNyfKCWfH8uW6nJjmDBiveFZ2j0YvgdQ+7MOjQnw7R/MAD # DTagrKl3rLV60+X2TY6/onKhCUuU3pMAjVbOwZ3PkzDLZnsEGRfm6hgp6014aXml # t8h4nu+uC41U8vUSGHl0vqKuzvmShLmnI+Iv0l95pmnqomuCZzRDrjEoaLPx7OxL # Dy/Id9E7yQDip4jBdQIDAQABo4ICAzCCAf8wHwYDVR0jBBgwFoAUaDfg67Y7+F8R # hvv+YXsIiGX0TkIwHQYDVR0OBBYEFN30sVU+fpfQQfPQWMhkO1qd+MxoMD4GA1Ud # IAQ3MDUwMwYGZ4EMAQQBMCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNl # cnQuY29tL0NQUzAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwMw # gbUGA1UdHwSBrTCBqjBToFGgT4ZNaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0Rp # Z2lDZXJ0VHJ1c3RlZEc0Q29kZVNpZ25pbmdSU0E0MDk2U0hBMzg0MjAyMUNBMS5j # cmwwU6BRoE+GTWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFRydXN0 # ZWRHNENvZGVTaWduaW5nUlNBNDA5NlNIQTM4NDIwMjFDQTEuY3JsMIGUBggrBgEF # BQcBAQSBhzCBhDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29t # MFwGCCsGAQUFBzAChlBodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNl # cnRUcnVzdGVkRzRDb2RlU2lnbmluZ1JTQTQwOTZTSEEzODQyMDIxQ0ExLmNydDAJ # BgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUAA4ICAQA77T42YiOx5wWPItgo+kvB+Gzb # ZFCRHRFfTAZZNQt9o/0CqNmyA2xFklX4t5Z9VNdiIOx14AnmJdQkcRdk3vsU5gby # jKEup7LTWtvcWrl6hQwGNt3l892BgUbPKsPBE+AriktVqn5yMSXVVzeboqsqAG8e # Syei0B54/QdgR4whfHvQ/qpCACsJTlJgAykXVgDPJNKnQ7wc17loLQutqF1JUcbO # XKWt1AA9Zas5q30LDZzZeK4B56yojK68CTQXN7toSRFIuZDMKKDfIZpCX8cmbaaO # DFOOu44/QWMv+Xc6+ISYGkrTTzqWhOqiXgLVBeXGn/WrOJJ8R29mZMneCpBesCLs # YII1gCFOo7Vt6mvOKxAPQ3KhJYBFEHkp+GI65koaQkO2xv50iLS0+/j2YC66uviU # MFe0JEOdXuE7Rn/OmWNSzQ+6kPNYDJQASQ974C3wUejJoMtGZEzoTbly/HufQTrd # rhcL2aC69CxSN+idTXPLC9UT3xo4sFdOw+hXkmbXtoB1GDsd5p1TWFgRbnTXDkbM # YMBWYVB6/Tk1bzwj4iTp4g0YrtB628FXPX/ko+JWZlv0Ea865S23w1uGlnDNVxIi # +8oi74G5DM66Q6ENt6+3WoRGRrdoyE6uCh1haY+oPYSgumb0ozzrp8tw89TRKVrK # KSXGBxlExEvjQ6dYwjGCGqowghqmAgEBMH0waTELMAkGA1UEBhMCVVMxFzAVBgNV # BAoTDkRpZ2lDZXJ0LCBJbmMuMUEwPwYDVQQDEzhEaWdpQ2VydCBUcnVzdGVkIEc0 # IENvZGUgU2lnbmluZyBSU0E0MDk2IFNIQTM4NCAyMDIxIENBMQIQDDOrZz3oy4AP # VlYV66EL0jANBglghkgBZQMEAgEFAKCBhDAYBgorBgEEAYI3AgEMMQowCKACgACh # AoAAMBkGCSqGSIb3DQEJAzEMBgorBgEEAYI3AgEEMBwGCisGAQQBgjcCAQsxDjAM # BgorBgEEAYI3AgEVMC8GCSqGSIb3DQEJBDEiBCAdMAaoUCBrjFy0ZCAaLj3h1U3V # 7XeyjeEsuJvGDsMBDTANBgkqhkiG9w0BAQEFAASCAgASpntCi4zziOeIVHg8svGE # r5di+xhW1NRDdu6cOFX5j/Rbo6J05QFYKnsXBq3kcNien9OeaQ+qOCBi3aOcUaBK # rm3tWvxBXopCS2XYf0hBLUqtDdJfe+ikq5aVwXkf0kpgqAcDumAIpT6GjuM677uy # j70OVIcax2rRr+8S8c+xorIwpVccdgREOEj3nxGfwWs/oiSutH9yIz70uTLDThmL # WimJg49tkgLUHZWH1HAmvjVJxq0zhhQPx63ywll+ROCPZh6jCBU/WErObiCZBKzY # XDY4nZ+evcCpZFPJ3Gx94N2z12qlwGzkSVyUlp5Lq5UefKmb5mtMT3Ii3wVkd6Uh # j+6GELx13yG+Mgb4H/FPLcRmypXIxe0zIT9hdw/VKcaXX4hrD/dJVI3WiC+GcAPV # /b1YqN0wJ5NgzvHDzKqgD8GvVPxDT6Pz6OrKIOtFMoEpSDQaGHL4ic49NqgfT4xB # 2FlWnQMa9B1pQKQvxl2RBRVQmkKgoNKyaTDmAaHtDjC4vZO2cygxOhtVY+RPwj1A # U3uStkZpyIESPXjFPKAfOqjjzcQt2XXB9jGTXC25gaOdISKu1WKax90E5Fh2zy3o # co6vfOO9cmOKN1keG5Gb6c9naOlW+ohfng7DCm+atJPZAyPltUTjAFmq6CfPYQtR # YGgfDqUSMgtPsW4NjECTTqGCF3cwghdzBgorBgEEAYI3AwMBMYIXYzCCF18GCSqG # SIb3DQEHAqCCF1AwghdMAgEDMQ8wDQYJYIZIAWUDBAIBBQAweAYLKoZIhvcNAQkQ # AQSgaQRnMGUCAQEGCWCGSAGG/WwHATAxMA0GCWCGSAFlAwQCAQUABCBHp8e9/Yy6 # lUp2tFdeIhF0YTLGLcD7lKdHdWu4YzptUgIRAMun1UmlhMHliq0x3WWCPrsYDzIw # MjYwMjIwMjEzMjQ1WqCCEzowggbtMIIE1aADAgECAhAKgO8YS43xBYLRxHanlXRo # MA0GCSqGSIb3DQEBCwUAMGkxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5EaWdpQ2Vy # dCwgSW5jLjFBMD8GA1UEAxM4RGlnaUNlcnQgVHJ1c3RlZCBHNCBUaW1lU3RhbXBp # bmcgUlNBNDA5NiBTSEEyNTYgMjAyNSBDQTEwHhcNMjUwNjA0MDAwMDAwWhcNMzYw # OTAzMjM1OTU5WjBjMQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIElu # Yy4xOzA5BgNVBAMTMkRpZ2lDZXJ0IFNIQTI1NiBSU0E0MDk2IFRpbWVzdGFtcCBS # ZXNwb25kZXIgMjAyNSAxMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA # 0EasLRLGntDqrmBWsytXum9R/4ZwCgHfyjfMGUIwYzKomd8U1nH7C8Dr0cVMF3Bs # fAFI54um8+dnxk36+jx0Tb+k+87H9WPxNyFPJIDZHhAqlUPt281mHrBbZHqRK71E # m3/hCGC5KyyneqiZ7syvFXJ9A72wzHpkBaMUNg7MOLxI6E9RaUueHTQKWXymOtRw # JXcrcTTPPT2V1D/+cFllESviH8YjoPFvZSjKs3SKO1QNUdFd2adw44wDcKgH+JRJ # E5Qg0NP3yiSyi5MxgU6cehGHr7zou1znOM8odbkqoK+lJ25LCHBSai25CFyD23DZ # gPfDrJJJK77epTwMP6eKA0kWa3osAe8fcpK40uhktzUd/Yk0xUvhDU6lvJukx7jp # hx40DQt82yepyekl4i0r8OEps/FNO4ahfvAk12hE5FVs9HVVWcO5J4dVmVzix4A7 # 7p3awLbr89A90/nWGjXMGn7FQhmSlIUDy9Z2hSgctaepZTd0ILIUbWuhKuAeNIeW # rzHKYueMJtItnj2Q+aTyLLKLM0MheP/9w6CtjuuVHJOVoIJ/DtpJRE7Ce7vMRHoR # on4CWIvuiNN1Lk9Y+xZ66lazs2kKFSTnnkrT3pXWETTJkhd76CIDBbTRofOsNyEh # zZtCGmnQigpFHti58CSmvEyJcAlDVcKacJ+A9/z7eacCAwEAAaOCAZUwggGRMAwG # A1UdEwEB/wQCMAAwHQYDVR0OBBYEFOQ7/PIx7f391/ORcWMZUEPPYYzoMB8GA1Ud # IwQYMBaAFO9vU0rp5AZ8esrikFb2L9RJ7MtOMA4GA1UdDwEB/wQEAwIHgDAWBgNV # HSUBAf8EDDAKBggrBgEFBQcDCDCBlQYIKwYBBQUHAQEEgYgwgYUwJAYIKwYBBQUH # MAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBdBggrBgEFBQcwAoZRaHR0cDov # L2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0VHJ1c3RlZEc0VGltZVN0YW1w # aW5nUlNBNDA5NlNIQTI1NjIwMjVDQTEuY3J0MF8GA1UdHwRYMFYwVKBSoFCGTmh0 # dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFRydXN0ZWRHNFRpbWVTdGFt # cGluZ1JTQTQwOTZTSEEyNTYyMDI1Q0ExLmNybDAgBgNVHSAEGTAXMAgGBmeBDAEE # AjALBglghkgBhv1sBwEwDQYJKoZIhvcNAQELBQADggIBAGUqrfEcJwS5rmBB7NEI # RJ5jQHIh+OT2Ik/bNYulCrVvhREafBYF0RkP2AGr181o2YWPoSHz9iZEN/FPsLST # wVQWo2H62yGBvg7ouCODwrx6ULj6hYKqdT8wv2UV+Kbz/3ImZlJ7YXwBD9R0oU62 # PtgxOao872bOySCILdBghQ/ZLcdC8cbUUO75ZSpbh1oipOhcUT8lD8QAGB9lctZT # TOJM3pHfKBAEcxQFoHlt2s9sXoxFizTeHihsQyfFg5fxUFEp7W42fNBVN4ueLace # Rf9Cq9ec1v5iQMWTFQa0xNqItH3CPFTG7aEQJmmrJTV3Qhtfparz+BW60OiMEgV5 # GWoBy4RVPRwqxv7Mk0Sy4QHs7v9y69NBqycz0BZwhB9WOfOu/CIJnzkQTwtSSpGG # hLdjnQ4eBpjtP+XB3pQCtv4E5UCSDag6+iX8MmB10nfldPF9SVD7weCC3yXZi/uu # hqdwkgVxuiMFzGVFwYbQsiGnoa9F5AaAyBjFBtXVLcKtapnMG3VH3EmAp/jsJ3FV # F3+d1SVDTmjFjLbNFZUWMXuZyvgLfgyPehwJVxwC+UpX2MSey2ueIu9THFVkT+um # 1vshETaWyQo8gmBto/m3acaP9QsuLj3FNwFlTxq25+T4QwX9xa6ILs84ZPvmpovq # 90K8eWyG2N01c4IhSOxqt81nMIIGtDCCBJygAwIBAgIQDcesVwX/IZkuQEMiDDpJ # hjANBgkqhkiG9w0BAQsFADBiMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNl # cnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSEwHwYDVQQDExhEaWdp # Q2VydCBUcnVzdGVkIFJvb3QgRzQwHhcNMjUwNTA3MDAwMDAwWhcNMzgwMTE0MjM1 # OTU5WjBpMQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xQTA/ # BgNVBAMTOERpZ2lDZXJ0IFRydXN0ZWQgRzQgVGltZVN0YW1waW5nIFJTQTQwOTYg # U0hBMjU2IDIwMjUgQ0ExMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA # tHgx0wqYQXK+PEbAHKx126NGaHS0URedTa2NDZS1mZaDLFTtQ2oRjzUXMmxCqvkb # sDpz4aH+qbxeLho8I6jY3xL1IusLopuW2qftJYJaDNs1+JH7Z+QdSKWM06qchUP+ # AbdJgMQB3h2DZ0Mal5kYp77jYMVQXSZH++0trj6Ao+xh/AS7sQRuQL37QXbDhAkt # VJMQbzIBHYJBYgzWIjk8eDrYhXDEpKk7RdoX0M980EpLtlrNyHw0Xm+nt5pnYJU3 # Gmq6bNMI1I7Gb5IBZK4ivbVCiZv7PNBYqHEpNVWC2ZQ8BbfnFRQVESYOszFI2Wv8 # 2wnJRfN20VRS3hpLgIR4hjzL0hpoYGk81coWJ+KdPvMvaB0WkE/2qHxJ0ucS638Z # xqU14lDnki7CcoKCz6eum5A19WZQHkqUJfdkDjHkccpL6uoG8pbF0LJAQQZxst7V # vwDDjAmSFTUms+wV/FbWBqi7fTJnjq3hj0XbQcd8hjj/q8d6ylgxCZSKi17yVp2N # L+cnT6Toy+rN+nM8M7LnLqCrO2JP3oW//1sfuZDKiDEb1AQ8es9Xr/u6bDTnYCTK # IsDq1BtmXUqEG1NqzJKS4kOmxkYp2WyODi7vQTCBZtVFJfVZ3j7OgWmnhFr4yUoz # ZtqgPrHRVHhGNKlYzyjlroPxul+bgIspzOwbtmsgY1MCAwEAAaOCAV0wggFZMBIG # A1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFO9vU0rp5AZ8esrikFb2L9RJ7MtO # MB8GA1UdIwQYMBaAFOzX44LScV1kTN8uZz/nupiuHA9PMA4GA1UdDwEB/wQEAwIB # hjATBgNVHSUEDDAKBggrBgEFBQcDCDB3BggrBgEFBQcBAQRrMGkwJAYIKwYBBQUH # MAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBBBggrBgEFBQcwAoY1aHR0cDov # L2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0VHJ1c3RlZFJvb3RHNC5jcnQw # QwYDVR0fBDwwOjA4oDagNIYyaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lD # ZXJ0VHJ1c3RlZFJvb3RHNC5jcmwwIAYDVR0gBBkwFzAIBgZngQwBBAIwCwYJYIZI # AYb9bAcBMA0GCSqGSIb3DQEBCwUAA4ICAQAXzvsWgBz+Bz0RdnEwvb4LyLU0pn/N # 0IfFiBowf0/Dm1wGc/Do7oVMY2mhXZXjDNJQa8j00DNqhCT3t+s8G0iP5kvN2n7J # d2E4/iEIUBO41P5F448rSYJ59Ib61eoalhnd6ywFLerycvZTAz40y8S4F3/a+Z1j # EMK/DMm/axFSgoR8n6c3nuZB9BfBwAQYK9FHaoq2e26MHvVY9gCDA/JYsq7pGdog # P8HRtrYfctSLANEBfHU16r3J05qX3kId+ZOczgj5kjatVB+NdADVZKON/gnZruMv # NYY2o1f4MXRJDMdTSlOLh0HCn2cQLwQCqjFbqrXuvTPSegOOzr4EWj7PtspIHBld # NE2K9i697cvaiIo2p61Ed2p8xMJb82Yosn0z4y25xUbI7GIN/TpVfHIqQ6Ku/qjT # Y6hc3hsXMrS+U0yy+GWqAXam4ToWd2UQ1KYT70kZjE4YtL8Pbzg0c1ugMZyZZd/B # dHLiRu7hAWE6bTEm4XYRkA6Tl4KSFLFk43esaUeqGkH/wyW4N7OigizwJWeukcyI # PbAvjSabnf7+Pu0VrFgoiovRDiyx3zEdmcif/sYQsfch28bZeUz2rtY/9TCA6TD8 # dC3JE3rYkrhLULy7Dc90G6e8BlqmyIjlgp2+VqsS9/wQD7yFylIz0scmbKvFoW2j # NrbM1pD2T7m3XDCCBY0wggR1oAMCAQICEA6bGI750C3n79tQ4ghAGFowDQYJKoZI # hvcNAQEMBQAwZTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZ # MBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEkMCIGA1UEAxMbRGlnaUNlcnQgQXNz # dXJlZCBJRCBSb290IENBMB4XDTIyMDgwMTAwMDAwMFoXDTMxMTEwOTIzNTk1OVow # YjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQ # d3d3LmRpZ2ljZXJ0LmNvbTEhMB8GA1UEAxMYRGlnaUNlcnQgVHJ1c3RlZCBSb290 # IEc0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAv+aQc2jeu+RdSjww # IjBpM+zCpyUuySE98orYWcLhKac9WKt2ms2uexuEDcQwH/MbpDgW61bGl20dq7J5 # 8soR0uRf1gU8Ug9SH8aeFaV+vp+pVxZZVXKvaJNwwrK6dZlqczKU0RBEEC7fgvMH # hOZ0O21x4i0MG+4g1ckgHWMpLc7sXk7Ik/ghYZs06wXGXuxbGrzryc/NrDRAX7F6 # Zu53yEioZldXn1RYjgwrt0+nMNlW7sp7XeOtyU9e5TXnMcvak17cjo+A2raRmECQ # ecN4x7axxLVqGDgDEI3Y1DekLgV9iPWCPhCRcKtVgkEy19sEcypukQF8IUzUvK4b # A3VdeGbZOjFEmjNAvwjXWkmkwuapoGfdpCe8oU85tRFYF/ckXEaPZPfBaYh2mHY9 # WV1CdoeJl2l6SPDgohIbZpp0yt5LHucOY67m1O+SkjqePdwA5EUlibaaRBkrfsCU # tNJhbesz2cXfSwQAzH0clcOP9yGyshG3u3/y1YxwLEFgqrFjGESVGnZifvaAsPvo # ZKYz0YkH4b235kOkGLimdwHhD5QMIR2yVCkliWzlDlJRR3S+Jqy2QXXeeqxfjT/J # vNNBERJb5RBQ6zHFynIWIgnffEx1P2PsIV/EIFFrb7GrhotPwtZFX50g/KEexcCP # orF+CiaZ9eRpL5gdLfXZqbId5RsCAwEAAaOCATowggE2MA8GA1UdEwEB/wQFMAMB # Af8wHQYDVR0OBBYEFOzX44LScV1kTN8uZz/nupiuHA9PMB8GA1UdIwQYMBaAFEXr # oq/0ksuCMS1Ri6enIZ3zbcgPMA4GA1UdDwEB/wQEAwIBhjB5BggrBgEFBQcBAQRt # MGswJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBDBggrBgEF # BQcwAoY3aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0QXNzdXJl # ZElEUm9vdENBLmNydDBFBgNVHR8EPjA8MDqgOKA2hjRodHRwOi8vY3JsMy5kaWdp # Y2VydC5jb20vRGlnaUNlcnRBc3N1cmVkSURSb290Q0EuY3JsMBEGA1UdIAQKMAgw # BgYEVR0gADANBgkqhkiG9w0BAQwFAAOCAQEAcKC/Q1xV5zhfoKN0Gz22Ftf3v1cH # vZqsoYcs7IVeqRq7IviHGmlUIu2kiHdtvRoU9BNKei8ttzjv9P+Aufih9/Jy3iS8 # UgPITtAq3votVs/59PesMHqai7Je1M/RQ0SbQyHrlnKhSLSZy51PpwYDE3cnRNTn # f+hZqPC/Lwum6fI0POz3A8eHqNJMQBk1RmppVLC4oVaO7KTVPeix3P0c2PR3WlxU # jG/voVA9/HYJaISfb8rbII01YBwCA8sgsKxYoA5AY8WYIsGyWfVVa88nq2x2zm8j # LfR+cWojayL/ErhULSd+2DrZ8LaHlv1b0VysGMNNn3O3AamfV6peKOK5lDGCA3ww # ggN4AgEBMH0waTELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDkRpZ2lDZXJ0LCBJbmMu # MUEwPwYDVQQDEzhEaWdpQ2VydCBUcnVzdGVkIEc0IFRpbWVTdGFtcGluZyBSU0E0 # MDk2IFNIQTI1NiAyMDI1IENBMQIQCoDvGEuN8QWC0cR2p5V0aDANBglghkgBZQME # AgEFAKCB0TAaBgkqhkiG9w0BCQMxDQYLKoZIhvcNAQkQAQQwHAYJKoZIhvcNAQkF # MQ8XDTI2MDIyMDIxMzI0NVowKwYLKoZIhvcNAQkQAgwxHDAaMBgwFgQU3WIwrIYK # LTBr2jixaHlSMAf7QX4wLwYJKoZIhvcNAQkEMSIEIKOxBwuw405ysM0Pdte3vVdc # LzgqGdHQG9goTchUEp3rMDcGCyqGSIb3DQEJEAIvMSgwJjAkMCIEIEqgP6Is11yE # xVyTj4KOZ2ucrsqzP+NtJpqjNPFGEQozMA0GCSqGSIb3DQEBAQUABIICAFRi5EYm # YkhYS2lH79XMKJ/MJjAzddSPpuReAzBIkUE0ZNhtBh5Fu6rykvZU+2wErroA048C # UVcK9v8YpbhdDI+AEEd5rFWz8TgYTlptSf6aCUYj4A5GDF5JfxpTPszkgIZctB+L # 32+ABfL0Y9Tj2OM+/r2/q9XMgvOL7Yx3ZdFUbQLBQYYGAAJKDoKAdFvkfqj6hdnT # IhwlHzkn2ZUyZmrfJc0c5LR68ysCgbvn86kht172ZysaD/U2BssYckMb1w3zTw6B # vPrHFd7a6uWA1Np1sncW3J6jZX0pdG9vFvCdpIiDLiKB7JC9Wke6Kigo1zWMrNQ6 # x+hBSdD59SDaWUUY5aFdjqd6w1wqkC1oe+glCndpKh38rr3GhmBNxD02ncBpN1ls # dmBVeZjBACttDU63sWFAD2LCmWypD4+OV1/bpklkl4bDSIZzi3oQlmLCdy015ct4 # FOfJDk9ei38KStNgC74UTlLLvF7fCS1kVAd2O6U4WauXQ1OvXsGQYvor6G7Y1WUV # t+7B8e2uIFAS1d8s0Yg2wGTB1Q4qhZl9w1+VEldz//qjpObFh1lTDIQwjtPESfa/ # yRba8RMRFsD/Mn1sxrOPjP7H6kiRvgDzXm9xDXBhlGbVxJde5o3rsmjhc8AbNrL2 # NK8TGpvhrtOgDqnTfU1ZdPFCMU2XHbw+9tVE # SIG # End signature block |