Public/Get-ADFSTkToolIssuanceTransformRules.ps1
|
function Get-ADFSTkToolsIssuanceTransformRules { param ( [Parameter(Mandatory = $true, Position = 0)] $entityId, [switch]$SelectAttributes ) $configFiles = Get-ADFSTkConfiguration -ConfigFilesOnly if ([string]::IsNullOrEmpty($configFiles)) { Write-ADFSTkHost confNoInstConfFiles -Style Attention } elseif ($configFiles -is [Object[]]) { $configFile = $configFiles | Out-GridView -Title (Get-ADFSTkLanguageText confSelectInstConfFileToHandle) -OutputMode Single } else { $configFile = $configFiles } [xml]$settings = Get-Content $configFile.ConfigFile $rpParams = @{} if ($PSBoundParameters.ContainsKey('SelectAttributes') -and $SelectAttributes -ne $false) { $AllAttributes = Import-ADFSTkAllAttributes $AllTransformRules = Import-ADFSTkAllTransformRules if (Test-Path $Global:ADFSTkPaths.institutionLocalTransformRulesFile) { try { . $Global:ADFSTkPaths.institutionLocalTransformRulesFile if (Test-Path function:Get-ADFSTkLocalTransformRules) { $localTransformRules = Get-ADFSTkLocalTransformRules foreach ($transformRule in $localTransformRules.Keys) { $AllTransformRules.$transformRule = $localTransformRules.$transformRule } } } catch { } } $Attributes = $AllTransformRules.Keys | ` Select @{Label = "Attribute"; Expression = { $_ } }, @{Label = "Example"; Expression = { if ($AllTransformRules.$_.AttributeGroup -eq 'Static attributes') { $Settings.configuration.staticValues.$_ } } } | Sort Attribute | ` Out-GridView -Title "Select one or more attributes to build rules from" -OutputMode Multiple | ` Select -ExpandProperty Attribute $Attributes | % { $TransformRules = [Ordered]@{} } { if ($AllTransformRules.ContainsKey($_)) { $TransformRules.$_ = $AllTransformRules.$_ } } $IssuanceTransformRulesManualSP = @{} $IssuanceTransformRulesManualSP[$EntityId] = $TransformRules $AttributesFromStore = @{} $IssuanceTransformRules = [Ordered]@{} if ($EntityId -ne $null -and $IssuanceTransformRulesManualSP.ContainsKey($EntityId)) { foreach ($Rule in $IssuanceTransformRulesManualSP[$EntityId].Keys) { if ($IssuanceTransformRulesManualSP[$EntityId][$Rule] -ne $null) { $IssuanceTransformRules[$Rule] = $IssuanceTransformRulesManualSP[$EntityId][$Rule].Rule.Replace("[ReplaceWithSPNameQualifier]", $EntityId) foreach ($Attribute in $IssuanceTransformRulesManualSP[$EntityId][$Rule].Attribute) { $AttributesFromStore[$Attribute] = $AllAttributes[$Attribute] } } } } $IssuanceTransformRuleObject = @{ Stores = $null MFARules = $null Rules = $IssuanceTransformRules.Values } if ($AttributesFromStore.Count -ne $null) { $IssuanceTransformRuleObject.Stores = Get-ADFSTkStoreRule -Stores $Settings.configuration.storeConfig.stores.store ` -AttributesFromStore $AttributesFromStore ` -EntityId $EntityId } } else { $MetadataCacheFile = (Join-Path $Global:ADFSTkPaths.cacheDir $settings.configuration.MetadataCacheFile) $metadataURL = $settings.configuration.metadataURL if ([string]::IsNullOrEmpty($Global:ADFSTkToolMetadata)) { $Global:ADFSTkToolMetadata = @{ $MetadataCacheFile = Get-ADFSTkMetadata -CacheTime 60 -CachedMetadataFile $MetadataCacheFile -metadataURL $metadataURL } } elseif (!$Global:ADFSTkToolMetadata.ContainsKey($MetadataCacheFile)) { $Global:ADFSTkToolMetadata = @{ $MetadataCacheFile = Get-ADFSTkMetadata -CacheTime 60 -CachedMetadataFile $MetadataCacheFile -metadataURL $metadataURL } } $sp = ($Global:ADFSTkToolMetadata.$MetadataCacheFile).EntitiesDescriptor.EntityDescriptor | ? { $_.entityId -eq $entityId } $EntityCategories = @() $EntityCategories += $sp.Extensions.EntityAttributes.Attribute | ? Name -eq "http://macedir.org/entity-category" | select -ExpandProperty AttributeValue | % { if ($_ -is [string]) { $_ } elseif ($_ -is [System.Xml.XmlElement]) { $_."#text" } } # Filter Entity Categories that shouldn't be released together $filteredEntityCategories = @() $filteredEntityCategories += foreach ($entityCategory in $EntityCategories) { if ($entityCategory -eq 'https://refeds.org/category/personalized') { if (-not ($EntityCategories.Contains('https://refeds.org/category/pseudonymous') -or ` $EntityCategories.Contains('https://refeds.org/category/anonymous'))) { $entityCategory } } elseif ($entityCategory -eq 'https://refeds.org/category/pseudonymous') { if (-not $EntityCategories.Contains('https://refeds.org/category/anonymous')) { $entityCategory } } else { $entityCategory } } $EntityCategories = $filteredEntityCategories $subjectIDReq = $sp.Extensions.EntityAttributes.Attribute | ? Name -eq "urn:oasis:names:tc:SAML:profiles:subject-id:req" | Select -First 1 -ExpandProperty AttributeValue $IssuanceTransformRuleObject = Get-ADFSTkIssuanceTransformRules $EntityCategories -EntityId $entityID ` -RequestedAttribute $sp.SPSSODescriptor.AttributeConsumingService.RequestedAttribute ` -RegistrationAuthority $sp.Extensions.RegistrationInfo.registrationAuthority ` -NameIdFormat $sp.SPSSODescriptor.NameIDFormat ` -SubjectIDReq $subjectIDReq } $IssuanceTransformRuleObject.MFARules = Get-ADFSTkMFAConfiguration -EntityId $entityID if ([string]::IsNullOrEmpty($IssuanceTransformRuleObject.MFARules)) { $rpParams.IssuanceAuthorizationRules = Get-ADFSTkIssuanceAuthorizationRules -EntityId $entityID $rpParams.IssuanceTransformRules = $IssuanceTransformRuleObject.Stores + $IssuanceTransformRuleObject.Rules } else { $rpParams.AccessControlPolicyName = 'ADFSTk:Permit everyone and force MFA' $rpParams.IssuanceTransformRules = $IssuanceTransformRuleObject.Stores + $IssuanceTransformRuleObject.MFARules + $IssuanceTransformRuleObject.Rules } #region Custom Access Control Policy $CustomACPName = Get-ADFSTkCustomACPConfiguration -EntityId $entityID if (![string]::IsNullOrEmpty($CustomACPName)) { $rpParams.AccessControlPolicyName = $CustomACPName } #endregion return $rpParams } # SIG # Begin signature block # MIItMAYJKoZIhvcNAQcCoIItITCCLR0CAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCC41JtNFV0Oei4F # ADgg3m8sOJn98TzwnAivBBdIL9KL0aCCJjkwggWNMIIEdaADAgECAhAOmxiO+dAt # 5+/bUOIIQBhaMA0GCSqGSIb3DQEBDAUAMGUxCzAJBgNVBAYTAlVTMRUwEwYDVQQK # EwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xJDAiBgNV # BAMTG0RpZ2lDZXJ0IEFzc3VyZWQgSUQgUm9vdCBDQTAeFw0yMjA4MDEwMDAwMDBa # Fw0zMTExMDkyMzU5NTlaMGIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2Vy # dCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xITAfBgNVBAMTGERpZ2lD # ZXJ0IFRydXN0ZWQgUm9vdCBHNDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC # ggIBAL/mkHNo3rvkXUo8MCIwaTPswqclLskhPfKK2FnC4SmnPVirdprNrnsbhA3E # MB/zG6Q4FutWxpdtHauyefLKEdLkX9YFPFIPUh/GnhWlfr6fqVcWWVVyr2iTcMKy # unWZanMylNEQRBAu34LzB4TmdDttceItDBvuINXJIB1jKS3O7F5OyJP4IWGbNOsF # xl7sWxq868nPzaw0QF+xembud8hIqGZXV59UWI4MK7dPpzDZVu7Ke13jrclPXuU1 # 5zHL2pNe3I6PgNq2kZhAkHnDeMe2scS1ahg4AxCN2NQ3pC4FfYj1gj4QkXCrVYJB # MtfbBHMqbpEBfCFM1LyuGwN1XXhm2ToxRJozQL8I11pJpMLmqaBn3aQnvKFPObUR # WBf3JFxGj2T3wWmIdph2PVldQnaHiZdpekjw4KISG2aadMreSx7nDmOu5tTvkpI6 # nj3cAORFJYm2mkQZK37AlLTSYW3rM9nF30sEAMx9HJXDj/chsrIRt7t/8tWMcCxB # YKqxYxhElRp2Yn72gLD76GSmM9GJB+G9t+ZDpBi4pncB4Q+UDCEdslQpJYls5Q5S # UUd0viastkF13nqsX40/ybzTQRESW+UQUOsxxcpyFiIJ33xMdT9j7CFfxCBRa2+x # q4aLT8LWRV+dIPyhHsXAj6KxfgommfXkaS+YHS312amyHeUbAgMBAAGjggE6MIIB # NjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTs1+OC0nFdZEzfLmc/57qYrhwP # TzAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYunpyGd823IDzAOBgNVHQ8BAf8EBAMC # AYYweQYIKwYBBQUHAQEEbTBrMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdp # Y2VydC5jb20wQwYIKwYBBQUHMAKGN2h0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNv # bS9EaWdpQ2VydEFzc3VyZWRJRFJvb3RDQS5jcnQwRQYDVR0fBD4wPDA6oDigNoY0 # aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0QXNzdXJlZElEUm9vdENB # LmNybDARBgNVHSAECjAIMAYGBFUdIAAwDQYJKoZIhvcNAQEMBQADggEBAHCgv0Nc # Vec4X6CjdBs9thbX979XB72arKGHLOyFXqkauyL4hxppVCLtpIh3bb0aFPQTSnov # Lbc47/T/gLn4offyct4kvFIDyE7QKt76LVbP+fT3rDB6mouyXtTP0UNEm0Mh65Zy # oUi0mcudT6cGAxN3J0TU53/oWajwvy8LpunyNDzs9wPHh6jSTEAZNUZqaVSwuKFW # juyk1T3osdz9HNj0d1pcVIxv76FQPfx2CWiEn2/K2yCNNWAcAgPLILCsWKAOQGPF # mCLBsln1VWvPJ6tsds5vIy30fnFqI2si/xK4VC0nftg62fC2h5b9W9FcrBjDTZ9z # twGpn1eqXijiuZQwggXfMIIEx6ADAgECAhBOQOQ3VO3mjAAAAABR05R/MA0GCSqG # SIb3DQEBCwUAMIG+MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNRW50cnVzdCwgSW5j # LjEoMCYGA1UECxMfU2VlIHd3dy5lbnRydXN0Lm5ldC9sZWdhbC10ZXJtczE5MDcG # A1UECxMwKGMpIDIwMDkgRW50cnVzdCwgSW5jLiAtIGZvciBhdXRob3JpemVkIHVz # ZSBvbmx5MTIwMAYDVQQDEylFbnRydXN0IFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRo # b3JpdHkgLSBHMjAeFw0yMTA1MDcxNTQzNDVaFw0zMDExMDcxNjEzNDVaMGkxCzAJ # BgNVBAYTAlVTMRYwFAYDVQQKDA1FbnRydXN0LCBJbmMuMUIwQAYDVQQDDDlFbnRy # dXN0IENvZGUgU2lnbmluZyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0g # Q1NCUjEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCngY/3FEW2YkPy # 2K7TJV5IT1G/xX2fUBw10dZ+YSqUGW0nRqSmGl33VFFqgCLGqGZ1TVSDyV5oG6v2 # W2Swra0gvVTvRmttAudFrnX2joq5Mi6LuHccUk15iF+lOhjJUCyXJy2/2gB9Y3/v # MuxGh2Pbmp/DWiE2e/mb1cqgbnIs/OHxnnBNCFYVb5Cr+0i6udfBgniFZS5/tcnA # 4hS3NxFBBuKK4Kj25X62eAUBw2DtTwdBLgoTSeOQm3/dvfqsv2RR0VybtPVc51z/ # O5uloBrXfQmywrf/bhy8yH3m6Sv8crMU6UpVEoScRCV1HfYq8E+lID1oJethl3wP # 5bY9867DwRG8G47M4EcwXkIAhnHjWKwGymUfe5SmS1dnDH5erXhnW1XjXuvH2OxM # bobL89z4n4eqclgSD32m+PhCOTs8LOQyTUmM4OEAwjignPqEPkHcblauxhpb9Gdo # BQHNG7+uh7ydU/Yu6LZr5JnexU+HWKjSZR7IH9Vybu5ZHFc7CXKd18q3kMbNe0WS # kUIDTH0/yvKquMIOhvMQn0YupGaGaFpoGHApOBGAYGuKQ6NzbOOzazf/5p1nAZKG # 3y9I0ftQYNVc/iHTAUJj/u9wtBfAj6ju08FLXxLq/f0uDodEYOOp9MIYo+P9zgyE # Ig3zp3jak/PbOM+5LzPG/wc8Xr5F0wIDAQABo4IBKzCCAScwDgYDVR0PAQH/BAQD # AgGGMBIGA1UdEwEB/wQIMAYBAf8CAQEwHQYDVR0lBBYwFAYIKwYBBQUHAwMGCCsG # AQUFBwMIMDsGA1UdIAQ0MDIwMAYEVR0gADAoMCYGCCsGAQUFBwIBFhpodHRwOi8v # d3d3LmVudHJ1c3QubmV0L3JwYTAzBggrBgEFBQcBAQQnMCUwIwYIKwYBBQUHMAGG # F2h0dHA6Ly9vY3NwLmVudHJ1c3QubmV0MDAGA1UdHwQpMCcwJaAjoCGGH2h0dHA6 # Ly9jcmwuZW50cnVzdC5uZXQvZzJjYS5jcmwwHQYDVR0OBBYEFIK61j2Xzp/PceiS # N6/9s7VpNVfPMB8GA1UdIwQYMBaAFGpyJnrQHu995ztpUdRsjZ+QEmarMA0GCSqG # SIb3DQEBCwUAA4IBAQAfXkEEtoNwJFMsVXMdZTrA7LR7BJheWTgTCaRZlEJeUL9P # bG4lIJCTWEAN9Rm0Yu4kXsIBWBUCHRAJb6jU+5J+Nzg+LxR9jx1DNmSzZhNfFMyl # cfdbIUvGl77clfxwfREc0yHd0CQ5KcX+Chqlz3t57jpv3ty/6RHdFoMI0yyNf02o # FHkvBWFSOOtg8xRofcuyiq3AlFzkJg4sit1Gw87kVlHFVuOFuE2bRXKLB/GK+0m4 # X9HyloFdaVIk8Qgj0tYjD+uL136LwZNr+vFie1jpUJuXbheIDeHGQ5jXgWG2hZ1H # 7LGerj8gO0Od2KIc4NR8CMKvdgb4YmZ6tvf6yK81MIIGgzCCBGugAwIBAgIQNa+3 # e500H2r8j4RGqzE1KzANBgkqhkiG9w0BAQ0FADBpMQswCQYDVQQGEwJVUzEWMBQG # A1UECgwNRW50cnVzdCwgSW5jLjFCMEAGA1UEAww5RW50cnVzdCBDb2RlIFNpZ25p # bmcgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIENTQlIxMB4XDTIxMDUw # NzE5MTk1MloXDTQwMTIyOTIzNTkwMFowYzELMAkGA1UEBhMCVVMxFjAUBgNVBAoT # DUVudHJ1c3QsIEluYy4xPDA6BgNVBAMTM0VudHJ1c3QgRXh0ZW5kZWQgVmFsaWRh # dGlvbiBDb2RlIFNpZ25pbmcgQ0EgLSBFVkNTMjCCAiIwDQYJKoZIhvcNAQEBBQAD # ggIPADCCAgoCggIBAL69pznJpX3sXWXx9Cuph9DnrRrFGjsYzuGhUY1y+s5YH1y4 # JEIPRtUxl9BKTeObMMm6l6ic/kU2zyeA53u4bsEkt9+ndNyF8qMkWEXMlJQ7AuvE # jXxG9VxmguOkwdMfrG4MUyMO1Dr62kLxg1RfNTJW8rV4m1cASB6pYWEnDnMDQ7bW # cJL71IWaMMaz5ppeS+8dKthmqxZG/wvYD6aJSgJRV0E8QThOl8dRMm1njmahXk2f # NSKv1Wq3f0BfaDXMafrxBfDqhabqMoXLwcHKg2lFSQbcCWy6SWUZjPm3NyeMZJ41 # 4+Xs5wegnahyvG+FOiymFk49nM8I5oL1RH0owL2JrWwv3C94eRHXHHBL3Z0ITF4u # +o29p91j9n/wUjGEbjrY2VyFRJ5jBmnQhlh4iZuHu1gcpChsxv5pCpwerBFgal7J # aWUu7UMtafF4tzstNfKqT+If4wFvkEaq1agNBFegtKzjbb2dGyiAJ0bH2qpnlfHR # h3vHyCXphAyPiTbSvjPhhcAz1aA8GYuvOPLlk4C/xsOre5PEPZ257kV2wNRobzBe # PLQ2+ddFQuASBoDbpSH85wV6KI20jmB798i1SkesFGaXoFppcjFXa1OEzWG6cwcV # cDt7AfynP4wtPYeM+wjX5S8Xg36Cq08J8inhflV3ZZQFHVnUCt2TfuMUXeK7AgMB # AAGjggErMIIBJzASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBTOiU+CUaoV # ooRiyjEjYdJh+/j+eDAfBgNVHSMEGDAWgBSCutY9l86fz3Hokjev/bO1aTVXzzAz # BggrBgEFBQcBAQQnMCUwIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmVudHJ1c3Qu # bmV0MDEGA1UdHwQqMCgwJqAkoCKGIGh0dHA6Ly9jcmwuZW50cnVzdC5uZXQvY3Ni # cjEuY3JsMA4GA1UdDwEB/wQEAwIBhjATBgNVHSUEDDAKBggrBgEFBQcDAzBEBgNV # HSAEPTA7MDAGBFUdIAAwKDAmBggrBgEFBQcCARYaaHR0cDovL3d3dy5lbnRydXN0 # Lm5ldC9ycGEwBwYFZ4EMAQMwDQYJKoZIhvcNAQENBQADggIBAD4AVLgq849mr2EW # xFiTZPRBi2RVjRs1M6GbkdirRsqrX7y+fnDk0tcHqJYH14bRVwoI0NB4Tfgq37IE # 85rh13zwwQB6wUCh34qMt8u0HQFh8piapt24gwXKqSwW3JwtDv6nl+RQqZeVwUsq # jFHjxALga3w1TVO8S5QTi1MYFl6mCqe4NMFssess5DF9DCzGfOGkVugtdtWyE3Xq # gwCuAHfGb6k97mMUgVAW/FtPEhkOWw+N6kvOBkyJS64gzI5HpnXWZe4vMOhdNI8f # gk1cQqbyFExQIJwJonQkXDnYiTKFPK+M5Wqe5gQ6pRP/qh3NR0suAgW0ao/rhU+B # 7wrbfZ8pj6XCP1I4UkGVO7w+W1QwQiMJY95QjYk1RfqruA+Poq17ehGT8Y8ohHto # eUdq6GQpTR/0HS9tHsiUhjzTWpl6a3yrNfcrOUtPuT8Wku8pjI2rrAEazHFEOctA # PiASzghw40f+3IDXCADRC2rqIbV5ZhfpaqpW3c0VeLEDwBStPkcYde0KU0syk83/ # gLGQ1hPl5EF4Iu1BguUO37DOlSFF5osB0xn39CtVrNlWc2MQ4LigbctUlpigmSFR # BqqmDDorY8t52kO50hLM3o9VeukJ8+Ka0yXBezaS2uDlUmfN4+ZUCqWd1HOj0y9d # BmSFA3d/YNjCvHTJlZFot7d+YRl1MIIGrjCCBJagAwIBAgIQBzY3tyRUfNhHrP0o # ZipeWzANBgkqhkiG9w0BAQsFADBiMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGln # aUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSEwHwYDVQQDExhE # aWdpQ2VydCBUcnVzdGVkIFJvb3QgRzQwHhcNMjIwMzIzMDAwMDAwWhcNMzcwMzIy # MjM1OTU5WjBjMQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4x # OzA5BgNVBAMTMkRpZ2lDZXJ0IFRydXN0ZWQgRzQgUlNBNDA5NiBTSEEyNTYgVGlt # ZVN0YW1waW5nIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxoY1 # BkmzwT1ySVFVxyUDxPKRN6mXUaHW0oPRnkyibaCwzIP5WvYRoUQVQl+kiPNo+n3z # nIkLf50fng8zH1ATCyZzlm34V6gCff1DtITaEfFzsbPuK4CEiiIY3+vaPcQXf6sZ # Kz5C3GeO6lE98NZW1OcoLevTsbV15x8GZY2UKdPZ7Gnf2ZCHRgB720RBidx8ald6 # 8Dd5n12sy+iEZLRS8nZH92GDGd1ftFQLIWhuNyG7QKxfst5Kfc71ORJn7w6lY2zk # psUdzTYNXNXmG6jBZHRAp8ByxbpOH7G1WE15/tePc5OsLDnipUjW8LAxE6lXKZYn # LvWHpo9OdhVVJnCYJn+gGkcgQ+NDY4B7dW4nJZCYOjgRs/b2nuY7W+yB3iIU2YIq # x5K/oN7jPqJz+ucfWmyU8lKVEStYdEAoq3NDzt9KoRxrOMUp88qqlnNCaJ+2RrOd # OqPVA+C/8KI8ykLcGEh/FDTP0kyr75s9/g64ZCr6dSgkQe1CvwWcZklSUPRR8zZJ # TYsg0ixXNXkrqPNFYLwjjVj33GHek/45wPmyMKVM1+mYSlg+0wOI/rOP015LdhJR # k8mMDDtbiiKowSYI+RQQEgN9XyO7ZONj4KbhPvbCdLI/Hgl27KtdRnXiYKNYCQEo # AA6EVO7O6V3IXjASvUaetdN2udIOa5kM0jO0zbECAwEAAaOCAV0wggFZMBIGA1Ud # EwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFLoW2W1NhS9zKXaaL3WMaiCPnshvMB8G # A1UdIwQYMBaAFOzX44LScV1kTN8uZz/nupiuHA9PMA4GA1UdDwEB/wQEAwIBhjAT # BgNVHSUEDDAKBggrBgEFBQcDCDB3BggrBgEFBQcBAQRrMGkwJAYIKwYBBQUHMAGG # GGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBBBggrBgEFBQcwAoY1aHR0cDovL2Nh # Y2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0VHJ1c3RlZFJvb3RHNC5jcnQwQwYD # VR0fBDwwOjA4oDagNIYyaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0 # VHJ1c3RlZFJvb3RHNC5jcmwwIAYDVR0gBBkwFzAIBgZngQwBBAIwCwYJYIZIAYb9 # bAcBMA0GCSqGSIb3DQEBCwUAA4ICAQB9WY7Ak7ZvmKlEIgF+ZtbYIULhsBguEE0T # zzBTzr8Y+8dQXeJLKftwig2qKWn8acHPHQfpPmDI2AvlXFvXbYf6hCAlNDFnzbYS # lm/EUExiHQwIgqgWvalWzxVzjQEiJc6VaT9Hd/tydBTX/6tPiix6q4XNQ1/tYLaq # T5Fmniye4Iqs5f2MvGQmh2ySvZ180HAKfO+ovHVPulr3qRCyXen/KFSJ8NWKcXZl # 2szwcqMj+sAngkSumScbqyQeJsG33irr9p6xeZmBo1aGqwpFyd/EjaDnmPv7pp1y # r8THwcFqcdnGE4AJxLafzYeHJLtPo0m5d2aR8XKc6UsCUqc3fpNTrDsdCEkPlM05 # et3/JWOZJyw9P2un8WbDQc1PtkCbISFA0LcTJM3cHXg65J6t5TRxktcma+Q4c6um # AU+9Pzt4rUyt+8SVe+0KXzM5h0F4ejjpnOHdI/0dKNPH+ejxmF/7K9h+8kaddSwe # Jywm228Vex4Ziza4k9Tm8heZWcpw8De/mADfIBZPJ/tgZxahZrrdVcA6KYawmKAr # 7ZVBtzrVFZgxtGIJDwq9gdkT/r+k0fNX2bwE+oLeMt8EifAAzV3C+dAjfwAL5HYC # JtnwZXZCpimHCUcr5n8apIUP/JiW9lVUKx+A+sDyDivl1vupL0QVSucTDh3bNzga # oSv27dZ8/DCCBrwwggSkoAMCAQICEAuuZrxaun+Vh8b56QTjMwQwDQYJKoZIhvcN # AQELBQAwYzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDkRpZ2lDZXJ0LCBJbmMuMTsw # OQYDVQQDEzJEaWdpQ2VydCBUcnVzdGVkIEc0IFJTQTQwOTYgU0hBMjU2IFRpbWVT # dGFtcGluZyBDQTAeFw0yNDA5MjYwMDAwMDBaFw0zNTExMjUyMzU5NTlaMEIxCzAJ # BgNVBAYTAlVTMREwDwYDVQQKEwhEaWdpQ2VydDEgMB4GA1UEAxMXRGlnaUNlcnQg # VGltZXN0YW1wIDIwMjQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC+ # anOf9pUhq5Ywultt5lmjtej9kR8YxIg7apnjpcH9CjAgQxK+CMR0Rne/i+utMeV5 # bUlYYSuuM4vQngvQepVHVzNLO9RDnEXvPghCaft0djvKKO+hDu6ObS7rJcXa/UKv # NminKQPTv/1+kBPgHGlP28mgmoCw/xi6FG9+Un1h4eN6zh926SxMe6We2r1Z6VFZ # j75MU/HNmtsgtFjKfITLutLWUdAoWle+jYZ49+wxGE1/UXjWfISDmHuI5e/6+NfQ # rxGFSKx+rDdNMsePW6FLrphfYtk/FLihp/feun0eV+pIF496OVh4R1TvjQYpAztJ # pVIfdNsEvxHofBf1BWkadc+Up0Th8EifkEEWdX4rA/FE1Q0rqViTbLVZIqi6viEk # 3RIySho1XyHLIAOJfXG5PEppc3XYeBH7xa6VTZ3rOHNeiYnY+V4j1XbJ+Z9dI8Zh # qcaDHOoj5KGg4YuiYx3eYm33aebsyF6eD9MF5IDbPgjvwmnAalNEeJPvIeoGJXae # BQjIK13SlnzODdLtuThALhGtyconcVuPI8AaiCaiJnfdzUcb3dWnqUnjXkRFwLts # VAxFvGqsxUA2Jq/WTjbnNjIUzIs3ITVC6VBKAOlb2u29Vwgfta8b2ypi6n2PzP0n # VepsFk8nlcuWfyZLzBaZ0MucEdeBiXL+nUOGhCjl+QIDAQABo4IBizCCAYcwDgYD # VR0PAQH/BAQDAgeAMAwGA1UdEwEB/wQCMAAwFgYDVR0lAQH/BAwwCgYIKwYBBQUH # AwgwIAYDVR0gBBkwFzAIBgZngQwBBAIwCwYJYIZIAYb9bAcBMB8GA1UdIwQYMBaA # FLoW2W1NhS9zKXaaL3WMaiCPnshvMB0GA1UdDgQWBBSfVywDdw4oFZBmpWNe7k+S # H3agWzBaBgNVHR8EUzBRME+gTaBLhklodHRwOi8vY3JsMy5kaWdpY2VydC5jb20v # RGlnaUNlcnRUcnVzdGVkRzRSU0E0MDk2U0hBMjU2VGltZVN0YW1waW5nQ0EuY3Js # MIGQBggrBgEFBQcBAQSBgzCBgDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGln # aWNlcnQuY29tMFgGCCsGAQUFBzAChkxodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5j # b20vRGlnaUNlcnRUcnVzdGVkRzRSU0E0MDk2U0hBMjU2VGltZVN0YW1waW5nQ0Eu # Y3J0MA0GCSqGSIb3DQEBCwUAA4ICAQA9rR4fdplb4ziEEkfZQ5H2EdubTggd0ShP # z9Pce4FLJl6reNKLkZd5Y/vEIqFWKt4oKcKz7wZmXa5VgW9B76k9NJxUl4JlKwyj # UkKhk3aYx7D8vi2mpU1tKlY71AYXB8wTLrQeh83pXnWwwsxc1Mt+FWqz57yFq6la # ICtKjPICYYf/qgxACHTvypGHrC8k1TqCeHk6u4I/VBQC9VK7iSpU5wlWjNlHlFFv # /M93748YTeoXU/fFa9hWJQkuzG2+B7+bMDvmgF8VlJt1qQcl7YFUMYgZU1WM6nyw # 23vT6QSgwX5Pq2m0xQ2V6FJHu8z4LXe/371k5QrN9FQBhLLISZi2yemW0P8ZZfx4 # zvSWzVXpAb9k4Hpvpi6bUe8iK6WonUSV6yPlMwerwJZP/Gtbu3CKldMnn+LmmRTk # TXpFIEB06nXZrDwhCGED+8RsWQSIXZpuG4WLFQOhtloDRWGoCwwc6ZpPddOFkM2L # lTbMcqFSzm4cd0boGhBq7vkqI1uHRz6Fq1IX7TaRQuR+0BGOzISkcqwXu7nMpFu3 # mgrlgbAW+BzikRVQ3K2YHcGkiKjA4gi4OA/kz1YCsdhIBHXqBzR0/Zd2QwQ/l4Gx # ftt/8wY3grcc/nS//TVkej9nmUYu83BDtccHHXKibMs/yXHhDXNkoPIdynhVAku7 # aRZOwqw6pDCCBsgwggSwoAMCAQICEDVP8/CYmCMy0wHfstCzixQwDQYJKoZIhvcN # AQELBQAwYzELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xPDA6 # BgNVBAMTM0VudHJ1c3QgRXh0ZW5kZWQgVmFsaWRhdGlvbiBDb2RlIFNpZ25pbmcg # Q0EgLSBFVkNTMjAeFw0yNDAzMjIxNDAyMzdaFw0yNTAzMjkxNDAyMzZaMIGjMQsw # CQYDVQQGEwJDQTEQMA4GA1UECBMHT250YXJpbzEPMA0GA1UEBxMGT3R0YXdhMRMw # EQYLKwYBBAGCNzwCAQMTAkNBMRQwEgYDVQQKEwtDQU5BUklFIElOQzEdMBsGA1UE # DxMUUHJpdmF0ZSBPcmdhbml6YXRpb24xETAPBgNVBAUTCDI5MDIwOC03MRQwEgYD # VQQDEwtDQU5BUklFIElOQzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB # AIbar6/W1oMcwPbrTZBOR7XAFQ43Qt/AyPGUT42dOQnfcqWqPlZKN2mreuYTFdaA # knd2pJZC/3b16Yu2O0ElPuqUBwF0CrKapWGjQ5eUvC65Dn5c0hXmPzIV8snCTqRE # m8nGl5BZmlvqMc7MxaDrMh88kHVxNpHevYP3729AD7AoBKmiwglAOtZnXPNVllH5 # qx4ZHYKt9dVCbEz0nGjzs1LobknyvRV8onsmGaRDhIYvYb27sttPmmKSC6yqnwNl # ZV00d3KbUt1jOo9PGlS//4ZIw60rm+atIHWvwCVNXLj8WNYOs29xb3IeM1a0JO/Q # IyQ6n5TZRxns8ateQkuEfsNU9Z5/K9GcyXuiZinGsBjVxvwSQoj2YhXtnlz/ZRzK # absH1ZtQ3ygedVpt4d1TGJbU3uJI2PrynXqRYgxTYoJ0F38EBvbgY33TiC/fzemT # NtqkyYJHAzfE7ksUdYQq6GMSDEy5nZA+vXvTB59aSk63S+mHNTDBRPYBDwg5nn10 # NUh+0TGUu+MKwoDCq4Qy8w8VdooxS10RHzYflMp4/b9FxhXfWd9/qtFUQaZtjEvg # V53s4GpVtsa52ij5L9VSu+ta6ZSZAarxiH/5/ni4bn1n+Q/n7bUfTHk8y8GT3SoX # zKwOZXsSeUVq4my7beGwn13O2efES/cdx1EzxmHZl18NAgMBAAGjggE1MIIBMTAM # BgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQSgPtIskRFyN7+qGdwcp+8w1kGDDAfBgNV # HSMEGDAWgBTOiU+CUaoVooRiyjEjYdJh+/j+eDBnBggrBgEFBQcBAQRbMFkwIwYI # KwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmVudHJ1c3QubmV0MDIGCCsGAQUFBzAChiZo # dHRwOi8vYWlhLmVudHJ1c3QubmV0L2V2Y3MyLWNoYWluLnA3YzAxBgNVHR8EKjAo # MCagJKAihiBodHRwOi8vY3JsLmVudHJ1c3QubmV0L2V2Y3MyLmNybDAOBgNVHQ8B # Af8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwMwIAYDVR0gBBkwFzAHBgVngQwB # AzAMBgpghkgBhvpsCgECMA0GCSqGSIb3DQEBCwUAA4ICAQBd5heW6V8s8owim1XL # vy2aMSMHXB6gjP7suiiyx4WGKZAZn1tY0TWexrjZE66GQI0IxdOrMQQfIXfaTLPy # 3g6qBNf5IazlcanmgKT45dpGVB0ixKmoOnxBCZKtESJvmmBuXe5/QyH1/EECx1y8 # SA1mO6j9uUKhY+/ZG0jHOYQXTuT/X1e2wfEwmJCGKC/OGiLi2iLjRWWHEwEnYXw1 # 3S0cBqcXhuVpjL+Ce9W/N833TFQ8AA3rjN2ZWuti9RMoO5rabeSXbjGXrDWHi5y6 # MbZL3+QYjHPKSTySjIYjENICf6rFcvCdHnrmNbLP3fWd5plzAObhiJSwgXyiBoMO # cP+6ZtNMDR/8U3TwUmWbwPH5ulfgVvmyPhchq1cRksxRj6uz48dHSksmDx+pZHMS # yDj5yITRTwZBa9Q41+giSxPGRxUB/7HyX5slQGZdW6Y4SQHQ06SGvCkrM3dJQ4aG # Ybw3NBtcwUmhA79pYOu3YhrJmpUXUx5mVQDqnTUrpn6P0RhW9tWopBYSlXRJy2qF # 0UvguDm0jqhSMmc0wnLl725zGLbC2/lG1NLIvGtDRsGAq5zMbAVpDRUMm4O04R+W # QeCssBMWFT1HR7PmJyfvUo4cQCkpeZRRS2DL5/AlgBINqTiv+lP2nXKwmkpg6lEX # vNAaRgMSGgtnMNkDbjpU8ldKsTGCBk0wggZJAgEBMHcwYzELMAkGA1UEBhMCVVMx # FjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xPDA6BgNVBAMTM0VudHJ1c3QgRXh0ZW5k # ZWQgVmFsaWRhdGlvbiBDb2RlIFNpZ25pbmcgQ0EgLSBFVkNTMgIQNU/z8JiYIzLT # Ad+y0LOLFDANBglghkgBZQMEAgEFAKCBhDAYBgorBgEEAYI3AgEMMQowCKACgACh # AoAAMBkGCSqGSIb3DQEJAzEMBgorBgEEAYI3AgEEMBwGCisGAQQBgjcCAQsxDjAM # BgorBgEEAYI3AgEVMC8GCSqGSIb3DQEJBDEiBCBwZ6o8tbQF9hWnWlU/kqBzOLuq # q/fD1sTEjYyGUAm9lzANBgkqhkiG9w0BAQEFAASCAgB5sVBoy02IMJBwUa4+oaV0 # gLjeL6wJljOCavoYfdxGJ68LfSE0+RmUt1akEWGmLLyl2vfhKKRGGkDD4mKjUvPh # Ha/wtWK8Mik9bxLSZ7NW7jU/ZnsfhQLyx1fSlOqTVnfJ+bymwDUtSKnbfi6JCmvJ # Nuce8NB5FWCcabFuvWe5nsqRhEUi7/BIQrxSf+SfVq2mc6rl9bVnPjJdfSAVtKbg # 3/w38LTEAQUWaUSf2qjfn+NoyI1f3OQqH9n9B/DbNRG3Yd/t1B3da+ACr1RTTV7F # vnaju6EGQGNw0re+PpCs/66xFsRJvOv7dsCgicGHg+LT37JCRYKWaN+diWaoBipk # 2k/paTI3sKRZLG8ibzTpsLGxJWCv15AynCRjHzBO1nQXKWThEMcxw/moJKFHM4GB # VdCcRFMp0+3kpLMTPICidK0TgM4fHGTpK9F8mvO0e9P8XHktQapxEIwRneAWYS/T # +5ARphzRW6PGufFGYOAn34vET3h9KzsSnUDPlIGHJWOlNWxHzOBMSiwOXuRHurR7 # FNVAr2dj2lBnDTE45jnB4H7B4O9defBzLExi1IqG7vnC5T4/ydecXaj4/HFD2sRP # uKUVEPDZR30gsyE7ogVAi6Jmwb/M7Dl2GFINkhHgdRFcTBNktkr058PmcQ6jrHHU # DL+mDgSDYxRgI1oTDDFO3KGCAyAwggMcBgkqhkiG9w0BCQYxggMNMIIDCQIBATB3 # MGMxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5EaWdpQ2VydCwgSW5jLjE7MDkGA1UE # AxMyRGlnaUNlcnQgVHJ1c3RlZCBHNCBSU0E0MDk2IFNIQTI1NiBUaW1lU3RhbXBp # bmcgQ0ECEAuuZrxaun+Vh8b56QTjMwQwDQYJYIZIAWUDBAIBBQCgaTAYBgkqhkiG # 9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yNDExMTMxNjA1NTla # MC8GCSqGSIb3DQEJBDEiBCBtB/cpRtNU3kfwNbAbhZUbGma6pp9b+6awVzKn11U6 # QTANBgkqhkiG9w0BAQEFAASCAgAjbIZYCsmrgPTdbV90DEPHTc4oadkpENN5nhGk # xPjNFbStduwtJYQWstgUL3jmIIXXxDnRvWojwUfBq5zeuzsIxuV6OQOWpHBBMoI6 # qdd9wgNRKyYCwIW2ed4TbDanE9pYGzcAf/wz9wdwXtRgZSrIIlv8uclOQ9pUXQi8 # a5oeHR8Arq41LWGmKaweAbJoEvr2br4sKwhLA9uzzSXt3Itndonc/sTPqYZgi1fI # 7kBJDcNKsPsDaSYN90tcWwHKVt4PXfVsNEyPjzWCIkl5N7kPp6R68u8Do4ZTISTp # 4de7aVfsH+IO2hLmK4DgcDEaY+wW6rAvEYsKAeiGAVyGzhrh/aIFAWiBWc46ztYq # RrfZNp2qQQ6M7Oz0/zitUlm0xknkWY+qDso28PNh3e9v5hHTQ0krMOcz0ULho94i # Jd3XMs1lU0WkN6/RO0Dwhbf7m0fKbdkrn+ZIR0ARlV16PDDxksfjA5S+Y/ba8GlI # KRolp47SZH/fdOF2p3nLtnUtMS2DxbedVHH5QZ9XlJSIAW/Jv6Vh5dzufpuuZg7A # tBkKY3/KskER801K2kk1vjRN1pTOUpjVHd2mexg4IKmMijzpqfD4VAl+lDc7Xl20 # rsafW+tVQUfxjIRPmlPfVComIQP+dBxIUf62xPjvuy63BHvcHJ8caw1MGRSOMfoz # JNBDKA== # SIG # End signature block |