SignPath.psm1
|
#Requires -Version 3.0 # Also requires .NET Version 4.7.2 or above $ServiceUnavailableRetryTimeoutInSeconds = 30 $WaitForCompletionRetryTimeoutInSeconds = 5 $DefaultHttpClientTimeoutInSeconds = 100 function Submit-SigningRequest( # The URL to the API, e.g. 'https://app.signpath.io/api/'. [Parameter()] [ValidateNotNullOrEmpty()] [string] $ApiUrl = "https://app.signpath.io/api/", # The API token you retrieve when adding a new CI user. [Parameter(Mandatory)] [ValidateNotNullOrEmpty()] [string] $CIUserToken, # The ID of the organization containing the signing policy. # Go to "Project > Signing policy" in the web client and copy the first ID from the url to retrieve this value (e.g. https://app.signpath.io/<OrganizationId>/SigningPolicies/<SigningPolicyId>). [Parameter(Mandatory)] [ValidateNotNullOrEmpty()] [string] $OrganizationId, # If you use IDs to reference the artifact configuration and signing policy: this is the ID of the artifact configuration you want to use for # signing. If not given, the default artifact configuration will be used instead. # Go to "Project -> Artifact configuration" in the web client and copy the last ID from the url to retrieve this value (e.g. https://app.signpath.io/<OrganizationId>/ArtifactConfigurations/<ArtifactConfigurationId>). [Parameter()] [string] $ArtifactConfigurationId, # If you use IDs to reference the artifact configuration and signing policy: this is the ID of the signing policy you want to use for signing. # Go to "Project > Signing policy" in the web client and copy the last ID from the url to retrieve this value (e.g. https://app.signpath.io/<OrganizationId>/SigningPolicies/<SigningPolicyId>). [Parameter()] [string] $SigningPolicyId, # If you use keys to reference the artifact configuration and signing policy: this is the project in which the artifact configuration and signing # policy reside in. [Parameter()] [string] $ProjectKey, # If you use keys to reference the artifact configuration and signing policy: this is the key of the artifact configuration you want to use for # signing. If not given, the default artifact configuration will be used instead. [Parameter()] [string] $ArtifactConfigurationKey, # If you use keys to reference the artifact configuration and signing policy: this is the key of the signing policy you want to use for signing. [Parameter()] [string] $SigningPolicyKey, # Specifies the path of the artifact that you want to be signed. [Parameter(Mandatory)] [ValidateNotNullOrEmpty()] [string] $InputArtifactPath, # An optional description of the uploaded artifact that could be helpful to the approver. [Parameter()] [string] $Description, # The total time in seconds that the cmdlet will wait for a single service call to succeed (across several retries). Defaults to 600 seconds. [Parameter()] [int] $ServiceUnavailableTimeoutInSeconds = 600, # The HTTP timeout used for upload and download HTTP requests. Defaults to 300 seconds. [Parameter()] [int] $UploadAndDownloadRequestTimeoutInSeconds = 300, [Parameter(ParameterSetName="WaitForCompletion")] [switch] $WaitForCompletion, # Specifies the path of the downloaded signed artifact (result file). If this is not given, the InputArtifactPath with an added ".signed" extension is used (e.g. "Input.dll" => "Input.signed.dll"). [Parameter(ParameterSetName="WaitForCompletion")] [ValidateNotNullOrEmpty()] [string] $OutputArtifactPath, # The maximum time in seconds that the cmdlet will wait for the signing request to complete (upload and download have no specific timeouts). Defaults to 600 seconds. [Parameter(ParameterSetName="WaitForCompletion")] [int] $WaitForCompletionTimeoutInSeconds = 600, # Allows the cmdlet to overwrite the file at OutputArtifactPath. [Parameter(ParameterSetName="WaitForCompletion")] [switch] $Force) { <# .SYNOPSIS Submits a signing request via the SignPath REST API. .DESCRIPTION The Submit-SigningRequest cmdlet submits a signing request with the specified InputArtifactPath via the SignPath REST API. When passing the -WaitForCompletion switch the command also waits for the signing request to complete, downloads the signed file and stores it in the path specified by the OutputArtifactPath argument. Otherwise the result of the submitted signing request can be downloaded with the Get-SignedArtifact command. To tweak http related timing issues use the parameters ServiceUnavailableNumberOfRetries and ServiceUnavailableRetryTimeoutInSeconds .EXAMPLE Submit-SigningRequest -InputArtifactPath Program.exe -CIUserToken /Joe3s2m7hkhVyoba4H4weqj9UxIk6nKRXGhGbH7nv4= -OrganizationId 1c0ab26c-12f3-4c6e-a043-2568e133d2de -SigningPolicyId 711960ed-bdb8-41cd-a6bf-a10d0ae3cfcd .OUTPUTS When using the -WaitForCompletion switch the command returns nothing, but downloads the signed artifact and stores it in the given OutputArtifactPath. Otherwise returns the SigningRequestId which can be used with Get-SignedArtifact .NOTES Author: SignPath GmbH #> Set-StrictMode -Version 2.0 $ApiUrl = GetVersionedApiUrl($ApiUrl) $InputArtifactPath = PrepareInputArtifactPath $InputArtifactPath CreateAndUseAuthorizedHttpClient $CIUserToken -Timeout $DefaultHttpClientTimeoutInSeconds { Param ([System.Net.Http.HttpClient] $defaultHttpClient) CreateAndUseAuthorizedHttpClient $CIUserToken -Timeout $UploadAndDownloadRequestTimeoutInSeconds { Param ([System.Net.Http.HttpClient] $uploadAndDownloadHttpClient) if(-not $OutputArtifactPath) { $extension = [System.IO.Path]::GetExtension($InputArtifactPath) $OutputArtifactPath = [System.IO.Path]::ChangeExtension($InputArtifactPath, "signed$extension") } $OutputArtifactPath = PrepareOutputArtifactPath $Force $OutputArtifactPath $submitUrl = [string]::Join("/", @($ApiUrl.Trim("/"), $OrganizationId, "SigningRequests")) $getUrl = SubmitVia ` -HttpClient $uploadAndDownloadHttpClient ` -Url $submitUrl ` -ArtifactConfigurationId $ArtifactConfigurationId ` -SigningPolicyId $SigningPolicyId ` -ProjectKey $ProjectKey ` -ArtifactConfigurationKey $ArtifactConfigurationKey ` -SigningPolicyKey $SigningPolicyKey ` -InputArtifactPath $InputArtifactPath ` -Description $Description if($WaitForCompletion.IsPresent) { $downloadUrl = WaitForCompletion ` -HttpClient $defaultHttpClient ` -Url $getUrl ` -WaitForCompletionTimeoutInSeconds $WaitForCompletionTimeoutInSeconds ` -ServiceUnavailableRetryTimeoutInSeconds $ServiceUnavailableRetryTimeoutInSeconds DownloadArtifact ` -HttpClient $uploadAndDownloadHttpClient ` -Url $downloadUrl ` -Path $OutputArtifactPath ` -ServiceUnavailableRetryTimeoutInSeconds $ServiceUnavailableRetryTimeoutInSeconds ` -UploadAndDownloadRequestTimeoutInSeconds $UploadAndDownloadRequestTimeoutInSeconds } else { $guidRegex = "[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}" $pattern = [regex]"SigningRequests/($guidRegex)" $succeeded = $getUrl -match $pattern $wholeMatch = $matches[0] $signingRequestId = $matches[1] return $signingRequestId } } } } function Get-SignedArtifact( # The URL to the API, e.g. https://app.signpath.io/api/. [Parameter()] [ValidateNotNullOrEmpty()] [string] $ApiUrl = "https://app.signpath.io/api/", # The API token you retrieve when adding a new CI user. [Parameter(Mandatory)] [ValidateNotNullOrEmpty()] [string] $CIUserToken, # The ID of the organization containing the signing policy. # Go to "Project > Signing policy" in the web client and copy the first ID from the url to retrieve this value (e.g. https://app.signpath.io/<OrganizationId>/SigningPolicies/<SigningPolicyId>). [Parameter(Mandatory)] [ValidateNotNullOrEmpty()] [string] $OrganizationId, # The ID of the SigningRequest that contains the desired artifact [Parameter(Mandatory)] [ValidateNotNullOrEmpty()] [string] $SigningRequestId, # Specifies the path of the downloaded signed artifact (result file). [Parameter(Mandatory)] [ValidateNotNullOrEmpty()] [string] $OutputArtifactPath, # The total time in seconds that the cmdlet will wait for a service call to succeed (across several retries). Defaults to 600 seconds. [Parameter()] [int] $ServiceUnavailableTimeoutInSeconds = 600, # The HTTP timeout used for upload and download HTTP requests. Defaults to 300 seconds. [Parameter()] [int] $UploadAndDownloadRequestTimeoutInSeconds = 300, # The maximum time in seconds that the cmdlet will wait for the signing request to complete (upload and download have no specific timeouts). Defaults to 60 seconds. [Parameter()] [int] $WaitForCompletionTimeoutInSeconds = 600, # Allows the cmdlet to overwrite the file at OutputArtifactPath. [Parameter()] [switch] $Force) { <# .SYNOPSIS Tries to download a signed artifact based on a SigningRequestId. .DESCRIPTION Waits for a given signing request until its processing has finished and downloads the resultiung artifact. If the request couldn't be downloaded in time, because the processing took to long or the request is invalid, this function throws exceptions. To tweak timing issues use the parameters ServiceUnavailableNumberOfRetries, ServiceUnavailableRetryTimeoutInSeconds and WaitForCompletionTimeoutInSeconds .EXAMPLE Get-SignedArtifact -OutputArtifactPath Program.exe -CIUserToken /Joe3s2m7hkhVyoba4H4weqj9UxIk6nKRXGhGbH7nv4= -OrganizationId 1c0ab26c-12f3-4c6e-a043-2568e133d2de -SigningRequestId 711960ed-bdb8-41cd-a6bf-a10d0ae3cfcd .OUTPUTS Returns void but creates a file in the given OutputArtifactPath on success. .NOTES Author: SignPath GmbH #> Set-StrictMode -Version 2.0 $ApiUrl = GetVersionedApiUrl($ApiUrl) $OutputArtifactPath = PrepareOutputArtifactPath $Force $OutputArtifactPath CreateAndUseAuthorizedHttpClient $CIUserToken -Timeout $DefaultHttpClientTimeoutInSeconds { Param ([System.Net.Http.HttpClient] $defaultHttpClient) CreateAndUseAuthorizedHttpClient $CIUserToken -Timeout $UploadAndDownloadRequestTimeoutInSeconds { Param ([System.Net.Http.HttpClient] $uploadAndDownloadHttpClient) $expectedSigningRequestUrl = [string]::Join("/", @($ApiUrl.Trim("/"), $OrganizationId, "SigningRequests", $SigningRequestId)) $downloadUrl = WaitForCompletion ` -httpClient $defaultHttpClient ` -url $expectedSigningRequestUrl ` -WaitForCompletionTimeoutInSeconds $WaitForCompletionTimeoutInSeconds ` -ServiceUnavailableRetryTimeoutInSeconds $ServiceUnavailableRetryTimeoutInSeconds DownloadArtifact ` -HttpClient $uploadAndDownloadHttpClient ` -Url $downloadUrl ` -Path $OutputArtifactPath ` -ServiceUnavailableRetryTimeoutInSeconds $ServiceUnavailableRetryTimeoutInSeconds ` -UploadAndDownloadRequestTimeoutInSeconds $UploadAndDownloadRequestTimeoutInSeconds } } } function GetVersionedApiUrl([string] $ApiUrl) { $supportedApiVersion = "v1" return [string]::Join("/", @($ApiUrl.Trim("/"), $supportedApiVersion)) } function SubmitVia( [System.Net.Http.HttpClient] $HttpClient, [string] $Url, [string] $ArtifactConfigurationId, [string] $SigningPolicyId, [string] $ProjectKey, [string] $ArtifactConfigurationKey, [string] $SigningPolicyKey, [string] $InputArtifactPath, [string] $Description) { # Copy variables to local scope to allow capturing them in a closure $local:ArtifactConfigurationId = $ArtifactConfigurationId $local:SigningPolicyId = $SigningPolicyId $local:ProjectKey = $ProjectKey $local:ArtifactConfigurationKey = $ArtifactConfigurationKey $local:SigningPolicyKey = $SigningPolicyKey $local:Description = $Description $local:InputArtifactPath = $InputArtifactPath $requestFactory = { $content = New-Object System.Net.Http.MultipartFormDataContent if($ArtifactConfigurationId) { $artifactConfigurationIdContent = New-Object System.Net.Http.StringContent $ArtifactConfigurationId $content.Add($artifactConfigurationIdContent, "ArtifactConfigurationId") } if($SigningPolicyId) { $signingPolicyIdContent = New-Object System.Net.Http.StringContent $SigningPolicyId $content.Add($signingPolicyIdContent, "SigningPolicyId") } if($ProjectKey) { $projectKeyContent = New-Object System.Net.Http.StringContent $ProjectKey $content.Add($projectKeyContent, "ProjectKey") } if($ArtifactConfigurationKey) { $artifactConfigurationKeyContent = New-Object System.Net.Http.StringContent $ArtifactConfigurationKey $content.Add($artifactConfigurationKeyContent, "ArtifactConfigurationKey") } if($SigningPolicyKey) { $signingPolicyKeyContent = New-Object System.Net.Http.StringContent $SigningPolicyKey $content.Add($signingPolicyKeyContent, "SigningPolicyKey") } $descriptionContent = New-Object System.Net.Http.StringContent $Description $content.Add($descriptionContent, "Description") $packageFileStream = New-Object System.IO.FileStream ($InputArtifactPath, [System.IO.FileMode]::Open) $streamContent = New-Object System.Net.Http.StreamContent $packageFileStream # PLANNED SIGN-986 This shouldn't be needed anymore $streamContent.Headers.ContentType = New-Object System.Net.Http.Headers.MediaTypeHeaderValue "application/octet-stream" $fileName = [System.IO.Path]::GetFileName($InputArtifactPath) $content.Add($streamContent, "Artifact", $fileName) $request = New-Object System.Net.Http.HttpRequestMessage Post, $Url $request.Content = $content Write-Host "Requesting Url: " $Url return $request }.GetNewClosure() $submitResponse = $null try { $submitResponse = SendWithRetry ` -HttpClient $HttpClient ` -RequestFactory $requestFactory ` -ServiceUnavailableRetryTimeoutInSeconds $ServiceUnavailableRetryTimeoutInSeconds CheckResponse $submitResponse $getUrl = $submitResponse.Headers.Location.AbsoluteUri Write-Host "Submitted signing request at '$getUrl'" return $getUrl } finally { if((Test-Path variable:submitResponse) -and $submitResponse -ne $null) { $submitResponse.Dispose() } } } function GetWithRetry([System.Net.Http.HttpClient] $HttpClient, [string] $Url, [int] $ServiceUnavailableRetryTimeoutInSeconds) { $response = SendWithRetry ` -HttpClient $HttpClient ` -RequestFactory { New-Object System.Net.Http.HttpRequestMessage Get, $Url }.GetNewClosure() ` -ServiceUnavailableRetryTimeoutInSeconds $ServiceUnavailableRetryTimeoutInSeconds return $response } function SendWithRetry( [System.Net.Http.HttpClient] $HttpClient, [ScriptBlock] $RequestFactory, [int] $ServiceUnavailableRetryTimeoutInSeconds) { $sw = [System.Diagnostics.Stopwatch]::StartNew() $retry = 0 while($true) { $retryReason = $null if($retry -gt 0) { Write-Host "Retry $retry..." } try { $request = & $RequestFactory $response = $HttpClient.SendAsync($request).GetAwaiter().GetResult() if(503 -eq $response.StatusCode) { $retryReason = "SignPath REST API is temporarily unavailable. Please try again in a few moments." } elseif(500 -le $response.StatusCode -and 600 -gt $response.StatusCode) { $retryReason = "SignPath REST API returned an unexpected status code ($($response.StatusCode))" } else { return $response } } catch [System.Net.Http.HttpRequestException] { $retryReason = $_ Write-Host "URL: " $request.RequestUri Write-Host "EXCEPTION: " $_.Exception } catch [System.Threading.Tasks.TaskCanceledException] { $retryReason = "SignPath REST API answer time exceeded the timeout ($($HttpClient.Timeout))" Write-Host "URL: " $request.RequestUri Write-Host "EXCEPTION: " $_.Exception } if(($sw.Elapsed.TotalSeconds + $ServiceUnavailableRetryTimeoutInSeconds) -lt $ServiceUnavailableTimeoutInSeconds) { Write-Host "SignPath REST API call failed. Retrying in ${ServiceUnavailableRetryTimeoutInSeconds}s..." Start-Sleep -Seconds $ServiceUnavailableRetryTimeoutInSeconds } else { Write-Host "SignPath REST API could not be called successfully in $($retry + 1) tries. Aborting" throw $retryReason } $retry++ } } function DownloadArtifact( [System.Net.Http.HttpClient] $HttpClient, [string] $Url, [string] $Path, [int] $ServiceUnavailableRetryTimeoutInSeconds, [int] $UploadAndDownloadRequestTimeoutInSeconds) { $downloadResponse = $null $streamToWriteTo = $null try { Write-Host "Downloading signed artifact..." $downloadResponse = GetWithRetry ` -HttpClient $HttpClient ` -Url $Url ` -ServiceUnavailableRetryTimeoutInSeconds $ServiceUnavailableRetryTimeoutInSeconds CheckResponse $downloadResponse $pathWithoutFile = [System.IO.Path]::GetDirectoryName($Path) [System.IO.Directory]::CreateDirectory($pathWithoutFile) $stream = $downloadResponse.Content.ReadAsStreamAsync().GetAwaiter().GetResult() $streamToWriteTo = [System.IO.File]::Open($path, 'Create') $stream.CopyToAsync($streamToWriteTo).GetAwaiter().GetResult() | Out-Null Write-Host "Downloaded signed artifact and saved at '$Path'" } finally { if((Test-Path variable:downloadResponse) -and $downloadResponse -ne $null) { $downloadResponse.Dispose() } if((Test-Path variable:stream) -and $stream -ne $null) { $stream.Dispose() } if((Test-Path variable:streamToWriteTo) -and $streamToWriteTo -ne $null) { $streamToWriteTo.Dispose() } } } function WaitForCompletion( [System.Net.Http.HttpClient] $HttpClient, [string] $Url, [int] $WaitForCompletionTimeoutInSeconds, [int] $ServiceUnavailableRetryTimeoutInSeconds) { $StatusComplete = "Completed" $StatusFailed = "Failed" $StatusDenied = "Denied" $StatusCanceled = "Canceled" $getResponse = $null try { $resultJson = $null $status = $null $sw = [System.Diagnostics.Stopwatch]::StartNew() do { Write-Host "Checking status... " -NoNewline $getResponse = GetWithRetry -HttpClient $HttpClient -Url $Url -ServiceUnavailableRetryTimeoutInSeconds $ServiceUnavailableRetryTimeoutInSeconds CheckResponse $getResponse $resultJson = $getResponse.Content.ReadAsStringAsync().GetAwaiter().GetResult() | ConvertFrom-Json $status = $resultJson.status Write-Host $status if($status -eq $StatusComplete -or $status -eq $StatusFailed -or $status -eq $StatusDenied -or $status -eq $StatusCanceled){ break } Start-Sleep -Seconds $WaitForCompletionRetryTimeoutInSeconds } while($sw.Elapsed.TotalSeconds -lt $WaitForCompletionTimeoutInSeconds) $timeoutExpired = $sw.Elapsed.TotalSeconds -ge $WaitForCompletionTimeoutInSeconds if($status -ne $StatusComplete) { if($timeoutExpired) { throw "Timeout expired while waiting for signing request to complete" } elseif($status -eq $StatusFailed) { throw "Terminating because signing request failed" } elseif($status -eq $StatusDenied) { throw "Terminating because signing request was denied" } elseif($status -eq $StatusCanceled) { throw "Terminating because signing request was canceled" } else { throw "Terminating because of unexpected signing request status: $status" } } return $resultJson.signedArtifactLink } finally { if((Test-Path variable:getResponse) -and $getResponse -ne $null) { $getResponse.Dispose() } } } function CreateAndUseAuthorizedHttpClient([string] $CIUserToken, [int] $Timeout, [ScriptBlock] $ScriptBlock) { Add-Type -AssemblyName System.IO Add-Type -AssemblyName System.Net.Http $previousSecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls12 $httpClient = New-Object System.Net.Http.HttpClient $httpClient.Timeout = [TimeSpan]::FromSeconds($Timeout) $httpClient.DefaultRequestHeaders.Authorization = New-Object System.Net.Http.Headers.AuthenticationHeaderValue @("Bearer", $CIUserToken) try { & $ScriptBlock $httpClient } finally { if($httpClient -ne $null) { $httpClient.Dispose() } [System.Net.ServicePointManager]::SecurityProtocol = $previousSecurityProtocol } } function PrepareInputArtifactPath([string] $InputArtifactPath) { $InputArtifactPath = NormalizePath $InputArtifactPath if(-not (Test-Path -Path $InputArtifactPath)) { throw "The input artifact path '$InputArtifactPath' does not exist" } return $InputArtifactPath } function PrepareOutputArtifactPath([bool] $Force, [string] $OutputArtifactPath) { $OutputArtifactPath = NormalizePath $OutputArtifactPath if(-not $Force -and (Test-Path -Path $OutputArtifactPath)){ throw "There is already a file at '$OutputArtifactPath'. If you want to overwrite it use the -Force switch" } return $OutputArtifactPath } function NormalizePath([string] $Path) { if(-not [System.IO.Path]::IsPathRooted($Path)) { return Join-Path $PWD $Path } return $Path } function CheckResponse([System.Net.Http.HttpResponseMessage] $Response) { if (-not $Response.IsSuccessStatusCode) { $responseBody = $Response.Content.ReadAsStringAsync().GetAwaiter().GetResult() $additionalReason = ""; if(401 -eq $Response.StatusCode) { $additionalReason = " Did you provide the correct CIUserToken?"; } elseif(403 -eq $Response.StatusCode) { $additionalReason = " Did you add the CI user to the list of submitters in the specified signing policy? Did you provide the correct OrganizationId?"; } $serverMessage = ""; if($responseBody -ne "") { $serverMessage = " (Server reported the following message: '" + $responseBody + "')"; } $errorMessage = "Error {0} {1}.{2}{3}" -f $Response.StatusCode.value__, $Response.ReasonPhrase, $additionalReason, $serverMessage throw [System.Net.Http.HttpRequestException] $errorMessage } } Export-ModuleMember Submit-SigningRequest Export-ModuleMember Get-SignedArtifact # SIG # Begin signature block # MIIhxQYJKoZIhvcNAQcCoIIhtjCCIbICAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCDvBiz0DQoTZGrg # GOqGfJOHX/HIeTONaKqS9KTH95HYu6CCEAIwggPFMIICraADAgECAhACrFwmagtA # m48LefKuRiV3MA0GCSqGSIb3DQEBBQUAMGwxCzAJBgNVBAYTAlVTMRUwEwYDVQQK # EwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xKzApBgNV # BAMTIkRpZ2lDZXJ0IEhpZ2ggQXNzdXJhbmNlIEVWIFJvb3QgQ0EwHhcNMDYxMTEw # MDAwMDAwWhcNMzExMTEwMDAwMDAwWjBsMQswCQYDVQQGEwJVUzEVMBMGA1UEChMM # RGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSswKQYDVQQD # EyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5jZSBFViBSb290IENBMIIBIjANBgkqhkiG # 9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxszlc+b71LvlLS0ypt/lgT/JzSVJtnEqw9WU # NGeiChywX2mmQLHEt7KP0JikqUFZOtPclNY823Q4pErMTSWC90qlUxI47vNJbXGR # fmO2q6Zfw6SE+E9iUb74xezbOJLjBuUIkQzEKEFV+8taiRV+ceg1v01yCT2+OjhQ # W3cxG42zxyRFmqesbQAUWgS3uhPrUQqYQUEiTmVhh4FBUKZ5XIneGUpX1S7mXRxT # LH6YzRoGFqRoc9A0BBNcoXHTWnxV215k4TeHMFYE5RG0KYAS8Xk5iKICEXwnZreI # t3jyygqoOKsKZMK/Zl2VhMGhJR6HXRpQCyASzEG7bgtROLhLywIDAQABo2MwYTAO # BgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUsT7DaQP4 # v0cB1JgmGggC72NkK8MwHwYDVR0jBBgwFoAUsT7DaQP4v0cB1JgmGggC72NkK8Mw # DQYJKoZIhvcNAQEFBQADggEBABwaBpfc15yfPIhmBghXIdshR/gqZ6q/GDJ2QBBX # wYrzetkRZY41+p78RbWe2UwxS7iR6EMsjrN4ztvjU3lx1uUhlAHaVYeaJGT2imbM # 3pw3zag0sWmbI8ieeCIrcEPjVUcxYRnvWMWFL04w9qAxFiPI5+JlFjPLvxoboD34 # yl6LMYtgCIktDAZcUrfE+QqY0RVfnxK+fDZjOL1EpH/kJisKxJdpDemM4sAQV7jI # dhKRVfJIadi8KgJbD0TUIDHb9LpwJl2QYJ68SxcJL7TLHkNoyQcnwdJc9+ohuWgS # nDycv578gFybY83sR6olJ2egN/MAgn1U16n46S4To3foH0owggV1MIIEXaADAgEC # AhAN1/X/PWGIuZu8TJ/zTOTxMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNVBAYTAlVT # MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j # b20xKzApBgNVBAMTIkRpZ2lDZXJ0IEVWIENvZGUgU2lnbmluZyBDQSAoU0hBMikw # HhcNMTcxMDA0MDAwMDAwWhcNMjAxMDA4MTIwMDAwWjCBkzETMBEGCysGAQQBgjc8 # AgEDEwJBVDEdMBsGA1UEDwwUUHJpdmF0ZSBPcmdhbml6YXRpb24xETAPBgNVBAUT # CDQ3NTUwNiB6MQswCQYDVQQGEwJBVDENMAsGA1UEBxMEV2llbjEWMBQGA1UEChMN # U2lnblBhdGggR21iSDEWMBQGA1UEAxMNU2lnblBhdGggR21iSDCCASIwDQYJKoZI # hvcNAQEBBQADggEPADCCAQoCggEBANUCuRw5UqO5xlTdf6eNsPSdi2Weflkqa4LT # 14Y7Pjmq/5ROLD7Wrq5DRUOt2EiqUbXts4ws5XRit3+aaqo4Yhs51sCDomyzqKLx # YlNaz3xNeaP9wjbQvaJkzj+FMw2EhfZmgcEO644C7wNPnKSg4M2Bpi1Sh6F8Lgjp # l0qmemnMNwHVeMKONQeq2Wv/ejDeeRv4ZYYgHjmoxKwJtRkjKuIr9akHCWHMKWSo # 3WS47/M3Q0FbYufa0wXe/jIwoSsqZdb1VJtlS+TUcOf4YD3OjYq7/5GMLo6hAO0c # n95cCmASxFoDq/0Okq/kZ48RQYWxFR91GtuQFmC+k8dwbXK18qECAwEAAaOCAekw # ggHlMB8GA1UdIwQYMBaAFI/ofvBtMmoABSPHcJdqOpD/a+rUMB0GA1UdDgQWBBS2 # QDSwXWyNi+1kzdWtsZv0aycxITAmBgNVHREEHzAdoBsGCCsGAQUFBwgDoA8wDQwL # QVQtNDc1NTA2IHowDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMD # MHsGA1UdHwR0MHIwN6A1oDOGMWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9FVkNv # ZGVTaWduaW5nU0hBMi1nMS5jcmwwN6A1oDOGMWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0 # LmNvbS9FVkNvZGVTaWduaW5nU0hBMi1nMS5jcmwwSwYDVR0gBEQwQjA3BglghkgB # hv1sAwIwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQ # UzAHBgVngQwBAzB+BggrBgEFBQcBAQRyMHAwJAYIKwYBBQUHMAGGGGh0dHA6Ly9v # Y3NwLmRpZ2ljZXJ0LmNvbTBIBggrBgEFBQcwAoY8aHR0cDovL2NhY2VydHMuZGln # aWNlcnQuY29tL0RpZ2lDZXJ0RVZDb2RlU2lnbmluZ0NBLVNIQTIuY3J0MAwGA1Ud # EwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggEBAAwA3lVWGyFuJumCqI/xuWR8uMtN # ZvX87eX0aigbQMyJ8TrzBEqwgZCUNOs/6PpJO87OEhoALFyFa3BIy9dV/C2ezl8E # dpaLKds/GT7qiEFYVXiZOYpSOoj9M0qfmgyWrJQpkI79LH9FlkpO3J+or6nnxNpY # QLh5mWEJxn8t92Z2jKktHhog8bVvE4piXb5PqHLkc/UfPYmON9qFFukyKOuGZ+20 # nlL/YWtRqmpVWONIwQZ6lhOGscXUaHU/0fVjpmOWV0+fgV2o9LNzCc8MMJ6HywyV # rDo2yqdHMYCfQkLr3NAMmya+P+vnJ7AOshk8PyOPsVt/7xj5URYakKwJOBMwgga8 # MIIFpKADAgECAhAD8bThXzqC8RSWeLPX2EdcMA0GCSqGSIb3DQEBCwUAMGwxCzAJ # BgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5k # aWdpY2VydC5jb20xKzApBgNVBAMTIkRpZ2lDZXJ0IEhpZ2ggQXNzdXJhbmNlIEVW # IFJvb3QgQ0EwHhcNMTIwNDE4MTIwMDAwWhcNMjcwNDE4MTIwMDAwWjBsMQswCQYD # VQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGln # aWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBFViBDb2RlIFNpZ25pbmcgQ0Eg # KFNIQTIpMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp1P6D7K1E/Fk # z4SA/K6ANdG218ejLKwaLKzxhKw6NRI6kpG6V+TEyfMvqEg8t9Zu3JciulF5Ya9D # Lw23m7RJMa5EWD6koZanh08jfsNsZSSQVT6hyiN8xULpxHpiRZt93mN0y55jJfiE # mpqtRU+ufR/IE8t1m8nh4Yr4CwyY9Mo+0EWqeh6lWJM2NL4rLisxWGa0MhCfnfBS # oe/oPtN28kBa3PpqPRtLrXawjFzuNrqD6jCoTN7xCypYQYiuAImrA9EWgiAidute # VDgSYuHScCTb7R9w0mQJgC3itp3OH/K7IfNs29izGXuKUJ/v7DYKXJq3StMIoDl5 # /d2/PToJJQIDAQABo4IDWDCCA1QwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8B # Af8EBAMCAYYwEwYDVR0lBAwwCgYIKwYBBQUHAwMwfwYIKwYBBQUHAQEEczBxMCQG # CCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wSQYIKwYBBQUHMAKG # PWh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEhpZ2hBc3N1cmFu # Y2VFVlJvb3RDQS5jcnQwgY8GA1UdHwSBhzCBhDBAoD6gPIY6aHR0cDovL2NybDMu # ZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUVWUm9vdENBLmNybDBA # oD6gPIY6aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3Vy # YW5jZUVWUm9vdENBLmNybDCCAcQGA1UdIASCAbswggG3MIIBswYJYIZIAYb9bAMC # MIIBpDA6BggrBgEFBQcCARYuaHR0cDovL3d3dy5kaWdpY2VydC5jb20vc3NsLWNw # cy1yZXBvc2l0b3J5Lmh0bTCCAWQGCCsGAQUFBwICMIIBVh6CAVIAQQBuAHkAIAB1 # AHMAZQAgAG8AZgAgAHQAaABpAHMAIABDAGUAcgB0AGkAZgBpAGMAYQB0AGUAIABj # AG8AbgBzAHQAaQB0AHUAdABlAHMAIABhAGMAYwBlAHAAdABhAG4AYwBlACAAbwBm # ACAAdABoAGUAIABEAGkAZwBpAEMAZQByAHQAIABDAFAALwBDAFAAUwAgAGEAbgBk # ACAAdABoAGUAIABSAGUAbAB5AGkAbgBnACAAUABhAHIAdAB5ACAAQQBnAHIAZQBl # AG0AZQBuAHQAIAB3AGgAaQBjAGgAIABsAGkAbQBpAHQAIABsAGkAYQBiAGkAbABp # AHQAeQAgAGEAbgBkACAAYQByAGUAIABpAG4AYwBvAHIAcABvAHIAYQB0AGUAZAAg # AGgAZQByAGUAaQBuACAAYgB5ACAAcgBlAGYAZQByAGUAbgBjAGUALjAdBgNVHQ4E # FgQUj+h+8G0yagAFI8dwl2o6kP9r6tQwHwYDVR0jBBgwFoAUsT7DaQP4v0cB1Jgm # GggC72NkK8MwDQYJKoZIhvcNAQELBQADggEBABkzSgyBMzfbrTbJ5Mk6u7UbLnqi # 4vRDQheev06hTeGx2+mB3Z8B8uSI1en+Cf0hwexdgNLw1sFDwv53K9v515EzzmzV # shk75i7WyZNPiECOzeH1fvEPxllWcujrakG9HNVG1XxJymY4FcG/4JFwd4fcyY0x # yQwpojPtjeKHzYmNPxv/1eAal4t82m37qMayOmZrewGzzdimNOwSAauVWKXEU1eo # YObnAhKguSNkok27fIElZCG+z+5CGEOXu6U3Bq9N/yalTWFL7EZBuGXOuHmeCJYL # gYyKO4/HmYyjKm6YbV5hxpa3irlhLZO46w4EQ9f1/qbwYtSZaqXBwfBklIAxghEZ # MIIRFQIBATCBgDBsMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5j # MRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBF # ViBDb2RlIFNpZ25pbmcgQ0EgKFNIQTIpAhAN1/X/PWGIuZu8TJ/zTOTxMA0GCWCG # SAFlAwQCAQUAoIGeMBkGCSqGSIb3DQEJAzEMBgorBgEEAYI3AgEEMBwGCisGAQQB # gjcCAQsxDjAMBgorBgEEAYI3AgEVMC8GCSqGSIb3DQEJBDEiBCABvwdjWenWYYYK # KHaiY6YXnlcgZ4nDVZMRQd3QwmnGcDAyBgorBgEEAYI3AgEMMSQwIqAcgBoAUwBp # AGcAbgBQAGEAdABoAC4AcABzAG0AMaECgAAwDQYJKoZIhvcNAQEBBQAEggEAW9wY # XTN/BATB9/CxKA4uvNmH6PxPl+pIYLdVNxgOEjxUQ8iz8rQ9qkpNExHt3wtKac5E # A/IqljqtEvmaf1wmC3C9JeF+dRh0oNMIysn/lrZh8qtOA+2NifHB62QFN11LtiMD # Ej4KdHrwvsvSDYn2a33osu7YzBN15vm8AhDOtfdUcLuKrW9wU+8J3RBmzZtS8Vbe # r7e9VS5B7XQlNjKiOIu8QHEVKPOMz4t8LGVcH+IAz5at0yaxdn9aCycAVwDlLL32 # yo76SOP7AuoUh66BnlTLHaz2dS0Pk2OiNfr5XJG9SVJNXpOKKDMQkl9Qbc3lH1kt # l1TTSRol2v+as33KXKGCDsgwgg7EBgorBgEEAYI3AwMBMYIOtDCCDrAGCSqGSIb3 # DQEHAqCCDqEwgg6dAgEDMQ8wDQYJYIZIAWUDBAIBBQAwdwYLKoZIhvcNAQkQAQSg # aARmMGQCAQEGCWCGSAGG/WwHATAxMA0GCWCGSAFlAwQCAQUABCCBG4S9zzmDmwpn # 8xgrNq12KiG+Xif/8P4IjibO6a5ZngIQHqlCrUSst66+k6BclfC73BgPMjAxOTA4 # MTQxMDExMDFaoIILuzCCBoIwggVqoAMCAQICEAnA/EbIBEITtVmLryhPTkEwDQYJ # KoZIhvcNAQELBQAwcjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IElu # YzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTExMC8GA1UEAxMoRGlnaUNlcnQg # U0hBMiBBc3N1cmVkIElEIFRpbWVzdGFtcGluZyBDQTAeFw0xNzAxMDQwMDAwMDBa # Fw0yODAxMTgwMDAwMDBaMEwxCzAJBgNVBAYTAlVTMREwDwYDVQQKEwhEaWdpQ2Vy # dDEqMCgGA1UEAxMhRGlnaUNlcnQgU0hBMiBUaW1lc3RhbXAgUmVzcG9uZGVyMIIB # IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnpWYajQ7cxuofvzHvilpicdo # JkZfPY1ic4eBo6Gc8LdbJDdaktT0Wdd2ieTc1Sfw1Wa8Cu60KzFnrFjFSpFZK0Ue # CQHWZLNZ7o1mTfsjXswQDQuKZ+9SrqAIkMJS9/WotW6bLHud57U++3jNMlAYv0C1 # TIy7V/SgTxFFbEJCueWv1t/0p3wKaJYP0l8pV877HTL/9BGhEyL7Esvv11PS65fL # oqwbHZ1YIVGCwsLe6is/LCKE0EPsOzs/R8T2VtxFN5i0a3S1Wa94V2nIDwkCeN3Y # U8GZ22DEnequr+B+hkpcqVhhqF50igEoaHJOp4adtQJSh3BmSNOO74EkzNzYZQID # AQABo4IDODCCAzQwDgYDVR0PAQH/BAQDAgeAMAwGA1UdEwEB/wQCMAAwFgYDVR0l # AQH/BAwwCgYIKwYBBQUHAwgwggG/BgNVHSAEggG2MIIBsjCCAaEGCWCGSAGG/WwH # ATCCAZIwKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMw # ggFkBggrBgEFBQcCAjCCAVYeggFSAEEAbgB5ACAAdQBzAGUAIABvAGYAIAB0AGgA # aQBzACAAQwBlAHIAdABpAGYAaQBjAGEAdABlACAAYwBvAG4AcwB0AGkAdAB1AHQA # ZQBzACAAYQBjAGMAZQBwAHQAYQBuAGMAZQAgAG8AZgAgAHQAaABlACAARABpAGcA # aQBDAGUAcgB0ACAAQwBQAC8AQwBQAFMAIABhAG4AZAAgAHQAaABlACAAUgBlAGwA # eQBpAG4AZwAgAFAAYQByAHQAeQAgAEEAZwByAGUAZQBtAGUAbgB0ACAAdwBoAGkA # YwBoACAAbABpAG0AaQB0ACAAbABpAGEAYgBpAGwAaQB0AHkAIABhAG4AZAAgAGEA # cgBlACAAaQBuAGMAbwByAHAAbwByAGEAdABlAGQAIABoAGUAcgBlAGkAbgAgAGIA # eQAgAHIAZQBmAGUAcgBlAG4AYwBlAC4wCwYJYIZIAYb9bAMVMB8GA1UdIwQYMBaA # FPS24SAd/imu0uRhpbKiJbLIFzVuMB0GA1UdDgQWBBThpzJK7gEhKH1U1fIHkm60 # Bw89hzBxBgNVHR8EajBoMDKgMKAuhixodHRwOi8vY3JsMy5kaWdpY2VydC5jb20v # c2hhMi1hc3N1cmVkLXRzLmNybDAyoDCgLoYsaHR0cDovL2NybDQuZGlnaWNlcnQu # Y29tL3NoYTItYXNzdXJlZC10cy5jcmwwgYUGCCsGAQUFBwEBBHkwdzAkBggrBgEF # BQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tME8GCCsGAQUFBzAChkNodHRw # Oi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEyQXNzdXJlZElEVGlt # ZXN0YW1waW5nQ0EuY3J0MA0GCSqGSIb3DQEBCwUAA4IBAQAe8EGCMq7t8bQ1E9xQ # wtWXriIinQ4OrzPTTP18v28BEaeUZSJcxiKhyIlSa5qMc1zZXj8y3hZgTIs2/TGZ # Cr3BhLeNHe+JJhMFVvNHzUdbrYSyOK9qI7VF4x6IMkaA0remmSL9wXjP9YvYDIwF # Ce5E5oDVbXDMn1MeJ90qSN7ak2WtbmWjmafCQA5zzFhPj0Uo5byciOYozmBdLSVd # i3MupQ1bUdqaTv9QBYko2vJ4u9JYeI1Ep6w6AJF4aYlkBNNdlt8qv/mlTCyT/+aK # 3YKs8dKzooaawVWJVmpHP/rWM5VDNYkFeFo6adoiuARD029oNTZ6FD5F6Zhkhg8T # DCZKMIIFMTCCBBmgAwIBAgIQCqEl1tYyG35B5AXaNpfCFTANBgkqhkiG9w0BAQsF # ADBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQL # ExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElE # IFJvb3QgQ0EwHhcNMTYwMTA3MTIwMDAwWhcNMzEwMTA3MTIwMDAwWjByMQswCQYD # VQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGln # aWNlcnQuY29tMTEwLwYDVQQDEyhEaWdpQ2VydCBTSEEyIEFzc3VyZWQgSUQgVGlt # ZXN0YW1waW5nIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvdAy # 7kvNj3/dqbqCmcU5VChXtiNKxA4HRTNREH3Q+X1NaH7ntqD0jbOI5Je/YyGQmL8T # vFfTw+F+CNZqFAA49y4eO+7MpvYyWf5fZT/gm+vjRkcGGlV+Cyd+wKL1oODeIj8O # /36V+/OjuiI+GKwR5PCZA207hXwJ0+5dyJoLVOOoCXFr4M8iEA91z3FyTgqt30A6 # XLdR4aF5FMZNJCMwXbzsPGBqrC8HzP3w6kfZiFBe/WZuVmEnKYmEUeaC50ZQ/ZQq # LKfkdT66mA+Ef58xFNat1fJky3seBdCEGXIX8RcG7z3N1k3vBkL9olMqT4UdxB08 # r8/arBD13ays6Vb/kwIDAQABo4IBzjCCAcowHQYDVR0OBBYEFPS24SAd/imu0uRh # pbKiJbLIFzVuMB8GA1UdIwQYMBaAFEXroq/0ksuCMS1Ri6enIZ3zbcgPMBIGA1Ud # EwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMBMGA1UdJQQMMAoGCCsGAQUF # BwMIMHkGCCsGAQUFBwEBBG0wazAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGln # aWNlcnQuY29tMEMGCCsGAQUFBzAChjdodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5j # b20vRGlnaUNlcnRBc3N1cmVkSURSb290Q0EuY3J0MIGBBgNVHR8EejB4MDqgOKA2 # hjRodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRBc3N1cmVkSURSb290 # Q0EuY3JsMDqgOKA2hjRodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRB # c3N1cmVkSURSb290Q0EuY3JsMFAGA1UdIARJMEcwOAYKYIZIAYb9bAACBDAqMCgG # CCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMAsGCWCGSAGG # /WwHATANBgkqhkiG9w0BAQsFAAOCAQEAcZUS6VGHVmnN793afKpjerN4zwY3QITv # S4S/ys8DAv3Fp8MOIEIsr3fzKx8MIVoqtwU0HWqumfgnoma/Capg33akOpMP+LLR # 2HwZYuhegiUexLoceywh4tZbLBQ1QwRostt1AuByx5jWPGTlH0gQGF+JOGFNYkYk # h2OMkVIsrymJ5Xgf1gsUpYDXEkdws3XVk4WTfraSZ/tTYYmo9WuWwPRYaQ18yAGx # uSh1t5ljhSKMYcp5lH5Z/IwP42+1ASa2bKXuh1Eh5Fhgm7oMLSttosR+u8QlK0cC # CHxJrhO24XxCQijGGFbPQTS2Zl22dHv1VjMiLyI2skuiSpXY9aaOUjGCAk0wggJJ # AgEBMIGGMHIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAX # BgNVBAsTEHd3dy5kaWdpY2VydC5jb20xMTAvBgNVBAMTKERpZ2lDZXJ0IFNIQTIg # QXNzdXJlZCBJRCBUaW1lc3RhbXBpbmcgQ0ECEAnA/EbIBEITtVmLryhPTkEwDQYJ # YIZIAWUDBAIBBQCggZgwGgYJKoZIhvcNAQkDMQ0GCyqGSIb3DQEJEAEEMBwGCSqG # SIb3DQEJBTEPFw0xOTA4MTQxMDExMDFaMCsGCyqGSIb3DQEJEAIMMRwwGjAYMBYE # FEABkUdcmIkd66EEr0cJG1621MvLMC8GCSqGSIb3DQEJBDEiBCCCCwe2rnmDZZg6 # fYAyueYUNTglM+gXSAQuhiOvYwtlqTANBgkqhkiG9w0BAQEFAASCAQAFqeWLgCpA # M66r1LKlSM99bSUVUtS8bTOKvf4QFKlZkv2bFlwo/UvFjFJf2942+EXTYhjQcluY # YZzYlRV3UfQZanlwOBIKI2NM3MKFX3Jh5UbaTlre4VUN5l2Ec5AgbHJ09EzDcvYf # l9pCoSd8J65wwRiApyeB+/h38p/+fQLRSDUaca9ZbZvTwjP4MHxB7L09j3Hqtic8 # 39Q+MFOBfjBdP00gG9O1fChApz+MeT1hJ/5LJBTaQutXqIgGoQu+1c+aqRqWIAEd # Z1QeIEEW4AylHT5cdYLC/iwyjrkowO2Fw0VoRUiPAWUAneSA2dhizfUrY61ekEdq # QSX51Vgdb4vk # SIG # End signature block |