InternalSmtpClient.psm1
|
using module .\Logger.psm1 Add-Type -AssemblyName System.IO Add-Type -AssemblyName System.Net class InternalSmtpClient { hidden [System.Net.Sockets.TcpClient]$TcpClient hidden [int]$TimeoutMs hidden [System.IO.StreamReader]$Reader hidden [System.IO.StreamWriter]$Writer hidden [string[]]$SessionCapabilities hidden [string]$LastSmtpResponse hidden [Logger]$Logger [int]$TimeoutSec = 60 [int]$ResponseCode = -1 InternalSmtpClient ([Logger]$logger) { $this.Logger = $logger } [void] Connect([string]$smtpServer, [int]$port, [bool]$useSsl, [bool]$acceptUntrustedCertificates, [System.Security.Cryptography.X509Certificates.X509Certificate]$clientCertificate, $enabledSslProtocols) { [bool]$useClientCert = $false $this.TimeoutMs = $this.TimeoutSec * 1000 if ($null -ne $clientCertificate) { $useClientCert = $true } $this.logger.LogMessage("# Tcp Client Timeout Settings", "Information", $true, $true) $this.logger.LogMessage("TcpClientReceiveTimeOut: $($this.TimeoutSec)s", "Information", $true, $true) $this.logger.LogMessage("TcpClientSendTimeOut: $($this.TimeoutSec)s", "Information", $true, $true) $this.logger.LogMessage("", "Information", $true, $true) $this.logger.LogMessage("[Connecting to $SmtpServer" + ":$Port]", "Information", "Yellow", $false, $true) $this.TcpClient = New-Object -TypeName System.Net.Sockets.TcpClient $this.TcpClient.ReceiveTimeout = $this.TimeoutMs $this.TcpClient.SendTimeout = $this.TimeoutMs $result = $this.TcpClient.BeginConnect($SmtpServer, $Port, $null, $null) $result.AsyncWaitHandle.WaitOne($this.TimeoutMs) | Out-Null $this.TcpClient.EndConnect($result) if (-not $this.TcpClient.Connected) { # If not connected exception *should* be thrown in EndConnect() $this.Logger.LogError("Connection to remote host $($SmtpServer + ":$Port") failed!") } $this.Logger.LogMessage("[Connected]", "Information", "Green", $false, $true) $this.Reader = New-Object -TypeName System.IO.StreamReader -ArgumentList ($this.TcpClient.GetStream(), [System.Text.Encoding]::ASCII) $this.Writer = New-Object -TypeName System.IO.StreamWriter -ArgumentList ($this.TcpClient.GetStream(), [System.Text.Encoding]::ASCII) $this.ReadResponse($false) $this.SendEhlo() if ($useSsl) { $this.Logger.LogMessage("Starting TLS...", "Verbose", $false, $true) if ($this.SessionCapabilities.Contains("STARTTLS")) { $this.SmtpCmd("STARTTLS") if ($this.ResponseCode -eq 220) { $this.Logger.LogMessage("* Starting TLS negotiation") if ($AcceptUntrustedCertificates) { $this.Logger.LogMessage("Ignoring certificate validation results.", "Verbose", $false, $true) $sslstream = New-Object -TypeName System.Net.Security.SslStream -ArgumentList ($this.TcpClient.GetStream(), $false, ({ $true } -as [Net.Security.RemoteCertificateValidationCallback])) } else { $sslstream = New-Object -TypeName System.Net.Security.SslStream -ArgumentList ($this.TcpClient.GetStream()) } $certcol = $null if ($useClientCert) { $certcol = New-Object -TypeName System.Security.Cryptography.X509Certificates.X509CertificateCollection $certcol.Add($clientCertificate) } <# If enabledSslProtocols is null, don't specify an ssl protocol to use. AuthenticateAsClient will use the OS preferred TLS version This avoids ArgumentException when using NONE and OS settings disable default tls versions. https://referencesource.microsoft.com/#System/net/System/Net/SecureProtocols/_SslState.cs,164 #> if ($null -eq $enabledSslProtocols) { $sslstream.AuthenticateAsClient($SmtpServer, $certcol, $true) } else { $sslstream.AuthenticateAsClient($SmtpServer, $certcol, $enabledSslProtocols, $true) } $this.Writer = New-Object -TypeName System.IO.StreamWriter -ArgumentList ($sslstream, [System.Text.Encoding]::ASCII) $this.Reader = New-Object -TypeName System.IO.StreamReader -ArgumentList ($sslstream, [System.Text.Encoding]::ASCII) $this.Logger.LogMessage("* TLS negotiation completed. IgnoreCertValidation:$AcceptUntrustedCertificates CipherAlgorithm:$($sslstream.CipherAlgorithm) HashAlgorithm:$($sslstream.HashAlgorithm) TlsVersion:$($sslstream.SslProtocol)") $this.Logger.LogMessage("* RemoteCertificate: '<S>$($sslstream.RemoteCertificate.Subject)<I>$($sslstream.RemoteCertificate.Issuer)' NotBefore:$($sslstream.RemoteCertificate.GetEffectiveDateString()) NotAfter:$($sslstream.RemoteCertificate.GetExpirationDateString())") if ($useClientCert) { $this.Logger.LogMessage("* ClientCertificate: '<S>$($sslstream.LocalCertificate.Subject)<I>$($sslstream.LocalCertificate.Issuer)' NotBefore:$($sslstream.LocalCertificate.GetEffectiveDateString()) NotAfter:$($sslstream.LocalCertificate.GetExpirationDateString())") } # Warn if using unsupported versions of TLS # Intentionally not setting TLS to 1.2 or greater to expose default TLS behavior if ($sslstream.SslProtocol -eq "Tls" -or $sslstream.SslProtocol -eq "Tls11") { Write-Warning "TLS version is either 1.0 or 1.1. Consider enabling TLS 1.2 or greater." } $rawCert = "`n-----BEGIN CERTIFICATE-----" $rawCert += "`n" + [Convert]::ToBase64String($sslstream.RemoteCertificate.GetRawCertData(), [System.Base64FormattingOptions]::InsertLineBreaks) $rawCert += "`n-----END CERTIFICATE----- " $this.Logger.LogMessage("Remote Certificate:", "Verbose", $false, $true) $this.Logger.LogMessage($rawCert, "Verbose", $false, $true) # Rediscover session capabilities $this.SendEhlo() } else { throw "Failed to start tls session with remote host." } } # STARTTLS verb not found else { throw "Session capabilities do not support STARTTLS." } } } [void] ReadResponse([bool]$readAllLines) { $this.ResponseCode = - 1 $resp = @() # Bail if not connected if (-not $this.TcpClient.Connected) { throw "Client is not connected." } $line = $this.Reader.ReadLine() $resp += $line # Parse response code $this.ResponseCode = [System.Int32]::Parse($line.Substring(0, 3)) if ($readAllLines){ while ($line -like "250-*") { Write-Debug "StreamReader: Reading more lines..." $line = $this.Reader.ReadLine() # Truncate response code and join all server capabilties $resp += $line.Substring(4) } $resp = $resp -join ',' } $this.LastSmtpResponse = $resp $this.Logger.LogMessage("< " + $resp) } [void] SendEhlo() { $this.SmtpCmd("EHLO " + ([System.Environment]::MachineName)) if ($this.ResponseCode -ne 250) { throw "Unexpected response on EHLO command. Response Code:$($this.ResponseCode)" } $lines = $this.LastSmtpResponse.Split(',') | Where-Object { ($_) -and ($_ -notcontains "250") } $this.SessionCapabilities = $lines } [void] SmtpCmd([string]$command) { $this.SmtpCmd($command, $false) } [void] SmtpCmd([string]$command, [bool]$redactCmd) { if ($redactCmd) { $this.Logger.LogMessage("Sending command: *REDACTED*", "Verbose", $false, $true) $this.Logger.LogMessage("> *REDACTED*") } else { $this.Logger.LogMessage("Sending command: $command", "Verbose", $false, $true) $this.Logger.LogMessage("> " + $command) } $this.Writer.WriteLine($command) $this.Writer.Flush() if (($command -ne "QUIT") -and (!$command.StartsWith("BDAT"))) { $this.ReadResponse($false) } if ($command -like "EHLO *") { $this.ReadResponse($true) } } [bool] ContainsCapability([string] $c) { foreach ($cap in $this.SessionCapabilities) { if ($cap.ToLower().Contains($c.ToLower())) { return $true } } return $false } [bool] AuthLogin([pscredential]$Credential) { if ($this.ContainsCapability("AUTH LOGIN")) { $this.SmtpCmd("AUTH LOGIN") if ($this.ResponseCode -eq 334) { $message = [System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String($this.LastSmtpResponse.Substring(4))).ToLower() if ($message -eq "username:") { $this.SmtpCmd([System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($Credential.UserName))) } # Decode the response $message = [System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String($this.LastSmtpResponse.Substring(4))).ToLower() # If username accepted continue if (($this.ResponseCode -eq 334) -and ($message -eq "password:")) { $this.SmtpCmd([System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($Credential.GetNetworkCredential().Password)), $true) } else { $this.Logger.LogError("SMTP Authentication Failed. Invalid user name.") return $false } if ($this.ResponseCode -eq 535 -and $($this.LastSmtpResponse.Substring(4)).StartsWith("5.7.139")) { $this.Logger.LogError("SMTP Authentication Failed. Basic authentication disabled or blocked by policy.") return $false } if ($this.ResponseCode -eq 421) { $this.Logger.LogError("SMTP Authentication Failed. Check your TLS version is at least 1.2.") return $false } if ($this.ResponseCode -ne 235) { $this.Logger.LogError("SMTP Authentication Failed. Check user name and password.") return $false } return $true } else { $this.Logger.LogError("Unexpected response code on AUTH LOGIN.") } } else { $this.Logger.LogError("Session capabilities do not support AUTH LOGIN") } return $false } [bool] XOAUTH2Login([string]$userName, [string]$token) { if ([System.String]::IsNullOrEmpty($token)) { $this.Logger.LogError("AccessToken is null or empty") return $false } # Build the auth blob $authBlob = "user=" + $UserName + "$([char]0x01)auth=Bearer " + $token + "$([char]0x01)$([char]0x01)" if ($this.ContainsCapability("XOAUTH2")) { $this.SmtpCmd("AUTH XOAUTH2") if ($this.ResponseCode -eq 334) { $this.SmtpCmd([System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($authBlob))) if ($this.ResponseCode -eq 421) { $this.Logger.LogError("SMTP Authentication Failed. Check your TLS version is at least 1.2.") return $false } if ($this.ResponseCode -eq 235) { return $true } else { $this.Logger.LogError("SMTP Authentication Failed. Check your OAUTH token is valid.") return $false } } else { $this.Logger.LogError("Unexpected response code on AUTH XOAUTH2.") return $false } } else { $this.Logger.LogError("Session capabilities do not support AUTH XOAUTH2.") return $false } } [void] SendMail([string]$From, [string]$To) { $this.SmtpCmd("MAIL FROM: <$From>") if ($this.ResponseCode -ne 250) { $this.Logger.LogError("Unexpected response code on MAIL FROM command.") $this.SmtpCmd("QUIT") return } $this.SmtpCmd("RCPT TO: <$To>") if ($this.ResponseCode -ne 250) { $this.Logger.LogError("Unexpected response code on RCPT TO command.") $this.SmtpCmd("QUIT") return } $message = "From: `"$From`" <$From>" $message += "`nTo: `"$To`" <$To>" $message += "`nSubject: SMTP Client Submission Test" $message += "`nContent-Type: text/plain" $message += "`n" $message += "`nThis is a test message." # Check if server supports CHUNKING and send using BDAT command if ($this.ContainsCapability("CHUNKING")) { $this.SendContentUsingBdat($message) } # If capability not found send using DATA command else { $this.SendContentUsingData($message) } $this.ReadResponse($false) if ($this.ResponseCode -eq 430 -and $($this.LastSmtpResponse.Substring(4)).StartsWith("4.2.0 STOREDRV; mailbox logon failure;")) { $this.Logger.LogError("Failed to submit message. Verify that the authenticated user or application has the correct permission to logon to the mailbox.") } elseif ($this.ResponseCode -ne 250) { $this.Logger.LogError("Failed to submit message.") } $this.SmtpCmd("QUIT") } [void] SendContentUsingBdat($message) { $byteCount = [System.Text.Encoding]::ASCII.GetByteCount($message) $command = "BDAT $byteCount LAST" $this.SmtpCmd($command) $this.Logger.LogMessage("Writing message to stream...", "Verbose", $false, $true) $this.Writer.Write($message) $this.Writer.Flush() } [void] SendContentUsingData($message) { $command = "DATA" $this.SmtpCmd($command) $this.Logger.LogMessage("Writing message to stream...", "Verbose", $false, $true) $this.Writer.Write($message) $this.Logger.LogMessage("Writing terminator '<CRLF>.<CRLF>' to stream.", "Verbose", $false, $true) $this.Writer.Write("`r`n.`r`n") $this.Writer.Flush() } [void] DisposeResources() { if ($this.Writer) { $this.Writer.Dispose() } if ($this.Reader) { $this.Reader.Dispose() } if ($this.TcpClient) { $this.TcpClient.Dispose() } } } # SIG # Begin signature block # MIInEgYJKoZIhvcNAQcCoIInAzCCJv8CAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCDkE/4XJi+Cl5jI # a28KGivXNjaqh77ZGetSNYUVXg6bIqCCIJUwggWNMIIEdaADAgECAhAOmxiO+dAt # 5+/bUOIIQBhaMA0GCSqGSIb3DQEBDAUAMGUxCzAJBgNVBAYTAlVTMRUwEwYDVQQK # EwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xJDAiBgNV # BAMTG0RpZ2lDZXJ0IEFzc3VyZWQgSUQgUm9vdCBDQTAeFw0yMjA4MDEwMDAwMDBa # Fw0zMTExMDkyMzU5NTlaMGIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2Vy # dCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xITAfBgNVBAMTGERpZ2lD # ZXJ0IFRydXN0ZWQgUm9vdCBHNDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC # ggIBAL/mkHNo3rvkXUo8MCIwaTPswqclLskhPfKK2FnC4SmnPVirdprNrnsbhA3E # MB/zG6Q4FutWxpdtHauyefLKEdLkX9YFPFIPUh/GnhWlfr6fqVcWWVVyr2iTcMKy # unWZanMylNEQRBAu34LzB4TmdDttceItDBvuINXJIB1jKS3O7F5OyJP4IWGbNOsF # xl7sWxq868nPzaw0QF+xembud8hIqGZXV59UWI4MK7dPpzDZVu7Ke13jrclPXuU1 # 5zHL2pNe3I6PgNq2kZhAkHnDeMe2scS1ahg4AxCN2NQ3pC4FfYj1gj4QkXCrVYJB # MtfbBHMqbpEBfCFM1LyuGwN1XXhm2ToxRJozQL8I11pJpMLmqaBn3aQnvKFPObUR # WBf3JFxGj2T3wWmIdph2PVldQnaHiZdpekjw4KISG2aadMreSx7nDmOu5tTvkpI6 # nj3cAORFJYm2mkQZK37AlLTSYW3rM9nF30sEAMx9HJXDj/chsrIRt7t/8tWMcCxB # YKqxYxhElRp2Yn72gLD76GSmM9GJB+G9t+ZDpBi4pncB4Q+UDCEdslQpJYls5Q5S # UUd0viastkF13nqsX40/ybzTQRESW+UQUOsxxcpyFiIJ33xMdT9j7CFfxCBRa2+x # q4aLT8LWRV+dIPyhHsXAj6KxfgommfXkaS+YHS312amyHeUbAgMBAAGjggE6MIIB # NjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTs1+OC0nFdZEzfLmc/57qYrhwP # TzAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYunpyGd823IDzAOBgNVHQ8BAf8EBAMC # AYYweQYIKwYBBQUHAQEEbTBrMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdp # Y2VydC5jb20wQwYIKwYBBQUHMAKGN2h0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNv # bS9EaWdpQ2VydEFzc3VyZWRJRFJvb3RDQS5jcnQwRQYDVR0fBD4wPDA6oDigNoY0 # aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0QXNzdXJlZElEUm9vdENB # LmNybDARBgNVHSAECjAIMAYGBFUdIAAwDQYJKoZIhvcNAQEMBQADggEBAHCgv0Nc # Vec4X6CjdBs9thbX979XB72arKGHLOyFXqkauyL4hxppVCLtpIh3bb0aFPQTSnov # Lbc47/T/gLn4offyct4kvFIDyE7QKt76LVbP+fT3rDB6mouyXtTP0UNEm0Mh65Zy # oUi0mcudT6cGAxN3J0TU53/oWajwvy8LpunyNDzs9wPHh6jSTEAZNUZqaVSwuKFW # juyk1T3osdz9HNj0d1pcVIxv76FQPfx2CWiEn2/K2yCNNWAcAgPLILCsWKAOQGPF # mCLBsln1VWvPJ6tsds5vIy30fnFqI2si/xK4VC0nftg62fC2h5b9W9FcrBjDTZ9z # twGpn1eqXijiuZQwggauMIIElqADAgECAhAHNje3JFR82Ees/ShmKl5bMA0GCSqG # SIb3DQEBCwUAMGIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMx # GTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xITAfBgNVBAMTGERpZ2lDZXJ0IFRy # dXN0ZWQgUm9vdCBHNDAeFw0yMjAzMjMwMDAwMDBaFw0zNzAzMjIyMzU5NTlaMGMx # CzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5EaWdpQ2VydCwgSW5jLjE7MDkGA1UEAxMy # RGlnaUNlcnQgVHJ1c3RlZCBHNCBSU0E0MDk2IFNIQTI1NiBUaW1lU3RhbXBpbmcg # Q0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDGhjUGSbPBPXJJUVXH # JQPE8pE3qZdRodbSg9GeTKJtoLDMg/la9hGhRBVCX6SI82j6ffOciQt/nR+eDzMf # UBMLJnOWbfhXqAJ9/UO0hNoR8XOxs+4rgISKIhjf69o9xBd/qxkrPkLcZ47qUT3w # 1lbU5ygt69OxtXXnHwZljZQp09nsad/ZkIdGAHvbREGJ3HxqV3rwN3mfXazL6IRk # tFLydkf3YYMZ3V+0VAshaG43IbtArF+y3kp9zvU5EmfvDqVjbOSmxR3NNg1c1eYb # qMFkdECnwHLFuk4fsbVYTXn+149zk6wsOeKlSNbwsDETqVcplicu9Yemj052FVUm # cJgmf6AaRyBD40NjgHt1biclkJg6OBGz9vae5jtb7IHeIhTZgirHkr+g3uM+onP6 # 5x9abJTyUpURK1h0QCirc0PO30qhHGs4xSnzyqqWc0Jon7ZGs506o9UD4L/wojzK # QtwYSH8UNM/STKvvmz3+DrhkKvp1KCRB7UK/BZxmSVJQ9FHzNklNiyDSLFc1eSuo # 80VgvCONWPfcYd6T/jnA+bIwpUzX6ZhKWD7TA4j+s4/TXkt2ElGTyYwMO1uKIqjB # Jgj5FBASA31fI7tk42PgpuE+9sJ0sj8eCXbsq11GdeJgo1gJASgADoRU7s7pXche # MBK9Rp6103a50g5rmQzSM7TNsQIDAQABo4IBXTCCAVkwEgYDVR0TAQH/BAgwBgEB # /wIBADAdBgNVHQ4EFgQUuhbZbU2FL3MpdpovdYxqII+eyG8wHwYDVR0jBBgwFoAU # 7NfjgtJxXWRM3y5nP+e6mK4cD08wDgYDVR0PAQH/BAQDAgGGMBMGA1UdJQQMMAoG # CCsGAQUFBwMIMHcGCCsGAQUFBwEBBGswaTAkBggrBgEFBQcwAYYYaHR0cDovL29j # c3AuZGlnaWNlcnQuY29tMEEGCCsGAQUFBzAChjVodHRwOi8vY2FjZXJ0cy5kaWdp # Y2VydC5jb20vRGlnaUNlcnRUcnVzdGVkUm9vdEc0LmNydDBDBgNVHR8EPDA6MDig # NqA0hjJodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRUcnVzdGVkUm9v # dEc0LmNybDAgBgNVHSAEGTAXMAgGBmeBDAEEAjALBglghkgBhv1sBwEwDQYJKoZI # hvcNAQELBQADggIBAH1ZjsCTtm+YqUQiAX5m1tghQuGwGC4QTRPPMFPOvxj7x1Bd # 4ksp+3CKDaopafxpwc8dB+k+YMjYC+VcW9dth/qEICU0MWfNthKWb8RQTGIdDAiC # qBa9qVbPFXONASIlzpVpP0d3+3J0FNf/q0+KLHqrhc1DX+1gtqpPkWaeLJ7giqzl # /Yy8ZCaHbJK9nXzQcAp876i8dU+6WvepELJd6f8oVInw1YpxdmXazPByoyP6wCeC # RK6ZJxurJB4mwbfeKuv2nrF5mYGjVoarCkXJ38SNoOeY+/umnXKvxMfBwWpx2cYT # gAnEtp/Nh4cku0+jSbl3ZpHxcpzpSwJSpzd+k1OsOx0ISQ+UzTl63f8lY5knLD0/ # a6fxZsNBzU+2QJshIUDQtxMkzdwdeDrknq3lNHGS1yZr5Dhzq6YBT70/O3itTK37 # xJV77QpfMzmHQXh6OOmc4d0j/R0o08f56PGYX/sr2H7yRp11LB4nLCbbbxV7HhmL # NriT1ObyF5lZynDwN7+YAN8gFk8n+2BnFqFmut1VwDophrCYoCvtlUG3OtUVmDG0 # YgkPCr2B2RP+v6TR81fZvAT6gt4y3wSJ8ADNXcL50CN/AAvkdgIm2fBldkKmKYcJ # RyvmfxqkhQ/8mJb2VVQrH4D6wPIOK+XW+6kvRBVK5xMOHds3OBqhK/bt1nz8MIIG # sDCCBJigAwIBAgIQCK1AsmDSnEyfXs2pvZOu2TANBgkqhkiG9w0BAQwFADBiMQsw # CQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cu # ZGlnaWNlcnQuY29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3QgRzQw # HhcNMjEwNDI5MDAwMDAwWhcNMzYwNDI4MjM1OTU5WjBpMQswCQYDVQQGEwJVUzEX # MBUGA1UEChMORGlnaUNlcnQsIEluYy4xQTA/BgNVBAMTOERpZ2lDZXJ0IFRydXN0 # ZWQgRzQgQ29kZSBTaWduaW5nIFJTQTQwOTYgU0hBMzg0IDIwMjEgQ0ExMIICIjAN # BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA1bQvQtAorXi3XdU5WRuxiEL1M4zr # PYGXcMW7xIUmMJ+kjmjYXPXrNCQH4UtP03hD9BfXHtr50tVnGlJPDqFX/IiZwZHM # gQM+TXAkZLON4gh9NH1MgFcSa0OamfLFOx/y78tHWhOmTLMBICXzENOLsvsI8Irg # nQnAZaf6mIBJNYc9URnokCF4RS6hnyzhGMIazMXuk0lwQjKP+8bqHPNlaJGiTUyC # EUhSaN4QvRRXXegYE2XFf7JPhSxIpFaENdb5LpyqABXRN/4aBpTCfMjqGzLmysL0 # p6MDDnSlrzm2q2AS4+jWufcx4dyt5Big2MEjR0ezoQ9uo6ttmAaDG7dqZy3SvUQa # khCBj7A7CdfHmzJawv9qYFSLScGT7eG0XOBv6yb5jNWy+TgQ5urOkfW+0/tvk2E0 # XLyTRSiDNipmKF+wc86LJiUGsoPUXPYVGUztYuBeM/Lo6OwKp7ADK5GyNnm+960I # HnWmZcy740hQ83eRGv7bUKJGyGFYmPV8AhY8gyitOYbs1LcNU9D4R+Z1MI3sMJN2 # FKZbS110YU0/EpF23r9Yy3IQKUHw1cVtJnZoEUETWJrcJisB9IlNWdt4z4FKPkBH # X8mBUHOFECMhWWCKZFTBzCEa6DgZfGYczXg4RTCZT/9jT0y7qg0IU0F8WD1Hs/q2 # 7IwyCQLMbDwMVhECAwEAAaOCAVkwggFVMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYD # VR0OBBYEFGg34Ou2O/hfEYb7/mF7CIhl9E5CMB8GA1UdIwQYMBaAFOzX44LScV1k # TN8uZz/nupiuHA9PMA4GA1UdDwEB/wQEAwIBhjATBgNVHSUEDDAKBggrBgEFBQcD # AzB3BggrBgEFBQcBAQRrMGkwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2lj # ZXJ0LmNvbTBBBggrBgEFBQcwAoY1aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29t # L0RpZ2lDZXJ0VHJ1c3RlZFJvb3RHNC5jcnQwQwYDVR0fBDwwOjA4oDagNIYyaHR0 # cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0VHJ1c3RlZFJvb3RHNC5jcmww # HAYDVR0gBBUwEzAHBgVngQwBAzAIBgZngQwBBAEwDQYJKoZIhvcNAQEMBQADggIB # ADojRD2NCHbuj7w6mdNW4AIapfhINPMstuZ0ZveUcrEAyq9sMCcTEp6QRJ9L/Z6j # fCbVN7w6XUhtldU/SfQnuxaBRVD9nL22heB2fjdxyyL3WqqQz/WTauPrINHVUHmI # moqKwba9oUgYftzYgBoRGRjNYZmBVvbJ43bnxOQbX0P4PpT/djk9ntSZz0rdKOtf # JqGVWEjVGv7XJz/9kNF2ht0csGBc8w2o7uCJob054ThO2m67Np375SFTWsPK6Wrx # oj7bQ7gzyE84FJKZ9d3OVG3ZXQIUH0AzfAPilbLCIXVzUstG2MQ0HKKlS43Nb3Y3 # LIU/Gs4m6Ri+kAewQ3+ViCCCcPDMyu/9KTVcH4k4Vfc3iosJocsL6TEa/y4ZXDlx # 4b6cpwoG1iZnt5LmTl/eeqxJzy6kdJKt2zyknIYf48FWGysj/4+16oh7cGvmoLr9 # Oj9FpsToFpFSi0HASIRLlk2rREDjjfAVKM7t8RhWByovEMQMCGQ8M4+uKIw8y4+I # Cw2/O/TOHnuO77Xry7fwdxPm5yg/rBKupS8ibEH5glwVZsxsDsrFhsP2JjMMB0ug # 0wcCampAMEhLNKhRILutG4UI4lkNbcoFUCvqShyepf2gpx8GdOfy1lKQ/a+FSCH5 # Vzu0nAPthkX0tGFuv2jiJmCG6sivqf6UHedjGzqGVnhOMIIGvDCCBKSgAwIBAgIQ # C65mvFq6f5WHxvnpBOMzBDANBgkqhkiG9w0BAQsFADBjMQswCQYDVQQGEwJVUzEX # MBUGA1UEChMORGlnaUNlcnQsIEluYy4xOzA5BgNVBAMTMkRpZ2lDZXJ0IFRydXN0 # ZWQgRzQgUlNBNDA5NiBTSEEyNTYgVGltZVN0YW1waW5nIENBMB4XDTI0MDkyNjAw # MDAwMFoXDTM1MTEyNTIzNTk1OVowQjELMAkGA1UEBhMCVVMxETAPBgNVBAoTCERp # Z2lDZXJ0MSAwHgYDVQQDExdEaWdpQ2VydCBUaW1lc3RhbXAgMjAyNDCCAiIwDQYJ # KoZIhvcNAQEBBQADggIPADCCAgoCggIBAL5qc5/2lSGrljC6W23mWaO16P2RHxjE # iDtqmeOlwf0KMCBDEr4IxHRGd7+L660x5XltSVhhK64zi9CeC9B6lUdXM0s71EOc # Re8+CEJp+3R2O8oo76EO7o5tLuslxdr9Qq82aKcpA9O//X6QE+AcaU/byaCagLD/ # GLoUb35SfWHh43rOH3bpLEx7pZ7avVnpUVmPvkxT8c2a2yC0WMp8hMu60tZR0Cha # V76Nhnj37DEYTX9ReNZ8hIOYe4jl7/r419CvEYVIrH6sN00yx49boUuumF9i2T8U # uKGn9966fR5X6kgXj3o5WHhHVO+NBikDO0mlUh902wS/Eeh8F/UFaRp1z5SnROHw # SJ+QQRZ1fisD8UTVDSupWJNstVkiqLq+ISTdEjJKGjVfIcsgA4l9cbk8Smlzddh4 # EfvFrpVNnes4c16Jidj5XiPVdsn5n10jxmGpxoMc6iPkoaDhi6JjHd5ibfdp5uzI # Xp4P0wXkgNs+CO/CacBqU0R4k+8h6gYldp4FCMgrXdKWfM4N0u25OEAuEa3Jyidx # W48jwBqIJqImd93NRxvd1aepSeNeREXAu2xUDEW8aqzFQDYmr9ZONuc2MhTMizch # NULpUEoA6Vva7b1XCB+1rxvbKmLqfY/M/SdV6mwWTyeVy5Z/JkvMFpnQy5wR14GJ # cv6dQ4aEKOX5AgMBAAGjggGLMIIBhzAOBgNVHQ8BAf8EBAMCB4AwDAYDVR0TAQH/ # BAIwADAWBgNVHSUBAf8EDDAKBggrBgEFBQcDCDAgBgNVHSAEGTAXMAgGBmeBDAEE # AjALBglghkgBhv1sBwEwHwYDVR0jBBgwFoAUuhbZbU2FL3MpdpovdYxqII+eyG8w # HQYDVR0OBBYEFJ9XLAN3DigVkGalY17uT5IfdqBbMFoGA1UdHwRTMFEwT6BNoEuG # SWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFRydXN0ZWRHNFJTQTQw # OTZTSEEyNTZUaW1lU3RhbXBpbmdDQS5jcmwwgZAGCCsGAQUFBwEBBIGDMIGAMCQG # CCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wWAYIKwYBBQUHMAKG # TGh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFRydXN0ZWRHNFJT # QTQwOTZTSEEyNTZUaW1lU3RhbXBpbmdDQS5jcnQwDQYJKoZIhvcNAQELBQADggIB # AD2tHh92mVvjOIQSR9lDkfYR25tOCB3RKE/P09x7gUsmXqt40ouRl3lj+8QioVYq # 3igpwrPvBmZdrlWBb0HvqT00nFSXgmUrDKNSQqGTdpjHsPy+LaalTW0qVjvUBhcH # zBMutB6HzeledbDCzFzUy34VarPnvIWrqVogK0qM8gJhh/+qDEAIdO/KkYesLyTV # OoJ4eTq7gj9UFAL1UruJKlTnCVaM2UeUUW/8z3fvjxhN6hdT98Vr2FYlCS7Mbb4H # v5swO+aAXxWUm3WpByXtgVQxiBlTVYzqfLDbe9PpBKDBfk+rabTFDZXoUke7zPgt # d7/fvWTlCs30VAGEsshJmLbJ6ZbQ/xll/HjO9JbNVekBv2Tgem+mLptR7yIrpaid # RJXrI+UzB6vAlk/8a1u7cIqV0yef4uaZFORNekUgQHTqddmsPCEIYQP7xGxZBIhd # mm4bhYsVA6G2WgNFYagLDBzpmk9104WQzYuVNsxyoVLObhx3RugaEGru+SojW4dH # PoWrUhftNpFC5H7QEY7MhKRyrBe7ucykW7eaCuWBsBb4HOKRFVDcrZgdwaSIqMDi # CLg4D+TPVgKx2EgEdeoHNHT9l3ZDBD+XgbF+23/zBjeCtxz+dL/9NWR6P2eZRi7z # cEO1xwcdcqJsyz/JceENc2Sg8h3KeFUCS7tpFk7CrDqkMIIG2jCCBMKgAwIBAgIQ # CvHxqYHQ0Os7oc4FauGTPjANBgkqhkiG9w0BAQsFADBpMQswCQYDVQQGEwJVUzEX # MBUGA1UEChMORGlnaUNlcnQsIEluYy4xQTA/BgNVBAMTOERpZ2lDZXJ0IFRydXN0 # ZWQgRzQgQ29kZSBTaWduaW5nIFJTQTQwOTYgU0hBMzg0IDIwMjEgQ0ExMB4XDTIz # MDMxMTAwMDAwMFoXDTI1MDMxMzIzNTk1OVowYjELMAkGA1UEBhMCVVMxDjAMBgNV # BAgTBVRleGFzMQ8wDQYDVQQHEwZJcnZpbmcxGDAWBgNVBAoTD1JpY2hhcmQgRmFq # YXJkbzEYMBYGA1UEAxMPUmljaGFyZCBGYWphcmRvMIIBojANBgkqhkiG9w0BAQEF # AAOCAY8AMIIBigKCAYEAwwfyxeNRtSukSoMEQzm+125PW4S6uPTGanxJ400Jm+Km # xzutnh3qwruClz1+xmTCfoFV5ACKn2EEDTfGY0rSwF04XMCyTWYdK9lsViJ+/t9v # 1scNBSK8p/KQhpmBmYP+0P6+f8WDWpQ6/r98yEH4fjNuL0ufzEnL0uiQYmFc2PA1 # rUxd81b5BMpqHcF77YMB1t+SYSN8f2Qh8FBeaJpdGG/LRKswOfresaTWcwGc77t+ # 8OAOGX3/MjxxkE8dyf+TKX90qLdGCa4XFE+467hXeNkMzTP4dVyG4GD9ZOM4omEC # bxac3xAlYf2jRn9eH4uMab4Bmk6Wh5dIcERQ3/fESy1uWbuoQtT9C90uqO0RHntG # AQq8PqisoUQoNdBeq06dN6k08HGaTmrEPSq/FMGk0lzl/GSteM8A7tsz8D0Tm9M0 # DvIk3upF11qr3VBBHzp60LH5Ekb2LUUWWaO8oOyFezxzXu68NHevL3oVeH1jBAbc # jAp+9//WmSXmok1d1Zm9AgMBAAGjggIDMIIB/zAfBgNVHSMEGDAWgBRoN+Drtjv4 # XxGG+/5hewiIZfROQjAdBgNVHQ4EFgQUboi26VjBspaY0CVArYlw8c9QajQwDgYD # VR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMDMIG1BgNVHR8Ega0wgaow # U6BRoE+GTWh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFRydXN0ZWRH # NENvZGVTaWduaW5nUlNBNDA5NlNIQTM4NDIwMjFDQTEuY3JsMFOgUaBPhk1odHRw # Oi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaUNlcnRUcnVzdGVkRzRDb2RlU2lnbmlu # Z1JTQTQwOTZTSEEzODQyMDIxQ0ExLmNybDA+BgNVHSAENzA1MDMGBmeBDAEEATAp # MCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwgZQGCCsG # AQUFBwEBBIGHMIGEMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5j # b20wXAYIKwYBBQUHMAKGUGh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdp # Q2VydFRydXN0ZWRHNENvZGVTaWduaW5nUlNBNDA5NlNIQTM4NDIwMjFDQTEuY3J0 # MAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQADggIBAGtIE/qXdVRUQo5AD7nwDbPy # Cnjyy4nul9wV21ClYodGOrRXrX6f7U+Cvb958Wa0TFjR933uP/PBt0sCT2SoBLiN # i5HhaTV2LjaYQPWVCSJE51QUp83vOrYsmkoLlYcK+wTlLOCh7kqrtvxMvJVJ/ZSW # lyx6f2rNDVllxIOZUh+6IaQYRDh9qSFzHEv0SGjjx/B6lmekCvSRDv9JBU30ym3h # SRVpFRUqtCSNMkfFbUMZNorBRvbFEy2db9uPgRJwcA30lgiOvlSm0JTKDlEVmfV+ # dQe2rrWQN3BGoD8b7CCWBYBRaZqv2kYo7utzTuIXyKog/KysxXPwJaeeRld8knpv # Dkl4CKd7kZNDRHJ/Y/48X1HIhBISnsju4MFZdUgGKKe308gLfPp+QcqxUDtbjDHZ # 9py9MIMb4qaecZnQSoi7Df2d7a1FYJY5sqqzcuwQs32x2iLjf86EX9CPrS7dL6h/ # 4RqnDFS5C6hWETy0cU2mS6QQ0nordJRZIbftGPVvKWlGqAgscaGxQpIK1MKK4HrX # mzhxPQnNdSG6LPqyahmqX4J/L8DsEi99lTpKm5x+3hnaCbh76j2wb/epNBJEMgHr # Uer3YZ4Q683HvzQT1Gn2JHb8XmCCxjFBDeFDE1B8YVAY0DbU5yQg3Y/tNrLGM2a8 # prV8aHrVVh3peqxSXMj6MYIF0zCCBc8CAQEwfTBpMQswCQYDVQQGEwJVUzEXMBUG # A1UEChMORGlnaUNlcnQsIEluYy4xQTA/BgNVBAMTOERpZ2lDZXJ0IFRydXN0ZWQg # RzQgQ29kZSBTaWduaW5nIFJTQTQwOTYgU0hBMzg0IDIwMjEgQ0ExAhAK8fGpgdDQ # 6zuhzgVq4ZM+MA0GCWCGSAFlAwQCAQUAoIGEMBgGCisGAQQBgjcCAQwxCjAIoAKA # AKECgAAwGQYJKoZIhvcNAQkDMQwGCisGAQQBgjcCAQQwHAYKKwYBBAGCNwIBCzEO # MAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkEMSIEIN/7JlYWQeUZ6nlpvGcFepJK # kqoti4di3YJOVVgahwRsMA0GCSqGSIb3DQEBAQUABIIBgJCOm60wgmkw/llnN2F6 # chWD7z68JFUH2PQfrT0sDz3U2RTVlJEyalPT+HBSV+N8yE45gXCJAIpioYHLM0Fa # CvjbX4UsJeGOB8H9j4ZY+rp8c3aGS4YkheSEsHcGGRxjegmOk0nfIvNv4f4qq5rz # RmKK4M6nhfKMUX9kR8z1i+mLKB1dMwt1f4ErHMrhu92kvVOrrPfHxAfoL7ZlY0AO # aINW/tEm+Ki3lN5PZ39BHyx73v24NstFXDB2FQxV4fw3G65Ds5o226GUbg+RA3s6 # DHW4kkZ33TKN0UcNFQyz18gUrx2Lzp0Ez7TOkEB2bfrBVj8dz1ZkF3T66Do2V7E2 # s6fU24vCtMeGmHep6WlFG73KoFoNiQZR4aleWJZ5awp8EJntf4PdNLvgUWtmq08j # l9oX1aE0SGekqwrHtZXuFWo+u+YPaHTrCKFO10dLb78/yf32id4cspBwiFXBwAIi # nwbwsjFEkHFKi7GkLmzV+tsuMBqWGJ0Lf4C8ZxByfG53GKGCAyAwggMcBgkqhkiG # 9w0BCQYxggMNMIIDCQIBATB3MGMxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5EaWdp # Q2VydCwgSW5jLjE7MDkGA1UEAxMyRGlnaUNlcnQgVHJ1c3RlZCBHNCBSU0E0MDk2 # IFNIQTI1NiBUaW1lU3RhbXBpbmcgQ0ECEAuuZrxaun+Vh8b56QTjMwQwDQYJYIZI # AWUDBAIBBQCgaTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJ # BTEPFw0yNDExMjgwMzA4NDVaMC8GCSqGSIb3DQEJBDEiBCDWLfLgZ9du1U+ad/kS # obqZtmAljDv4aeclnPBOvUnRyDANBgkqhkiG9w0BAQEFAASCAgAcYVR/v3GgmwZJ # c+iJOFArLxwvcpNIIpCAECcmRiDwCc+qCOdZJ1W9Zxe+OWmujQqHdbJ0E6j/HhR2 # Y/82bE+np1if7MAOeCYppCFB0YBlvl2PAKLViVDLd7rAbs7tALUDUSMdovCe+ikN # sQOfsqeHB383axQ6E0tGJdEk3ywxdgH7vBrwUmI/V6WoWkEdsZGFTyceqakTWCxd # zym8ZCT+C7z3iC4pZUly4Z4WoTsabpeGzGyFj34Nw7dmUjanIIASVqfNNt6nimVU # C44hM77SW9q/PWh3FlEW53zWlmoUNTYDuyB2FJlDA1XUUkNHuXk7bwqslxYvC2yz # /pQgpz0zJz23RUh4F/D1T1ASt7b8HsEPOnFt8XBNqyaNbSz8N8jBN7mLPsZA41cr # lk38jbTKOL54mOS2WBTGHIaS+ygvNDItV3JOkATI/01Pvy/Nf34CUrGmDxRr5WEu # orf97a5rnYGVYG8vMopkLAGgrfHAzuqybrJkFL6vWeX/V0Q45qauNJpLbYC1rMIq # 8W+ghudohaYCAqk65TU+KaKVNcbsfCrNI0qBIY4nr8pzU7iqkEfbTv8tN+17Drq1 # 6QWQv6aiiS6I4mmcskJzkMLqS+apElVafb0LFO8/iR0YlBuahqA9kox702XKJtB9 # 4aLztRYd2/AZb9DAflsqNkBc+ijgEQ== # SIG # End signature block |