Obs/bin/ObsDep/content/Powershell/Roles/Common/DscHelper.psm1
|
<###################################################
# # # Copyright (c) Microsoft. All rights reserved. # # # ##################################################> Import-Module -ErrorAction Stop -Name "$PSScriptRoot\..\..\Common\Helpers.psm1" -DisableNameChecking -Verbose:$false | Out-Null Import-Module -ErrorAction Stop -Name "$PSScriptRoot\RoleHelpers.psm1" -DisableNameChecking -Verbose:$false | Out-Null # This certificate is used for encyrpting credentials passed in a DSC MOF. function GetDscEncryptionCert { $ErrorActionPreference = 'Stop' # If the cert exists, return it. If not, create it and then return it. $cert = Get-ChildItem Cert:\LocalMachine\My | % {if ($_.Subject -like '*DscEncryptionCert*') {$_}} if (!$cert) { $cert = New-SelfSignedCertificate -Type DocumentEncryptionCertLegacyCsp -DnsName 'DscEncryptionCert' -HashAlgorithm SHA256 -CertStoreLocation "Cert:\LocalMachine\My" -KeyLength '4096' } return $cert } # This certificate is used for signing DSC MOFs. Security best practices (and, indeed, the # certificate management infrastructure) insist that you use different certificates for # encryption and signing. function GetDscSigningCert { $ErrorActionPreference = 'Stop' # If the cert exists, return it. If not, create it and then return it. $cert = Get-ChildItem Cert:\LocalMachine\My | % {if ($_.Subject -like '*DscSigningCert*') {$_}} if (!$cert) { $cert = New-SelfSignedCertificate -Type CodeSigningCert -DnsName 'DscSigningCert' -HashAlgorithm SHA256 -KeyLength '4096' } return $cert } <# This function exports the DSC Encryption and signing certificates, as PFX files with the private keys. This is necessary because the DSC engine insists that the private key be on the target node, with the public key used for encryption or signing. The assumption is that this will be generated on the target node and then the cert will be sent back to the machine generating the target state MOFs. This would be fine, except that we need to use the MOFs we're generating before the machines running DSC connect to a network. So we're generating the cert in the DVM or the Seed Ring, and then writing it into the image that will then boot later. To do this, we need to encrypt the PFX file using a password. We can't use AD to deliver the secret, again because the target node won't have connected to a network before this is used. This function writes the relatively random string used as the password. We delete both the PFX files and the password used before the images attach to a network, but just to be sure that there is no attack path, we use a different password for every deployment, P&U cycle, scale-out, etc. #> function ExportDscDecryptionCert { param ( [Parameter(Mandatory)] [string] $DestinationPath ) $ErrorActionPreference = 'Stop' $certPassword = [String]::Empty 1..16 | % {$certPassword += ([char](get-random -Minimum 33 -Maximum 126))} $certSecurePassword = ConvertTo-SecureString -String $certPassword -AsPlainText -Force $destinationFile = Join-Path -Path $DestinationPath -ChildPath DscCertPassword.txt $certPassword | Set-Content -Path $destinationFile -Force $cert = GetDscEncryptionCert Write-Verbose -Verbose "Exporting DSC Encryption Certificate with Private key to $DestinationPath" $destinationFile = Join-Path -Path $DestinationPath -ChildPath DscEncryption.pfx Export-PfxCertificate -Cert $cert -FilePath $destinationFile -Password $certSecurePassword -Force $cert = GetDscSigningCert Write-Verbose -Verbose "Exporting DSC Signing Certificate with Private key to $DestinationPath" $destinationFile = Join-Path -Path $DestinationPath -ChildPath DscSigning.pfx Export-PfxCertificate -Cert $cert -FilePath $destinationFile -Password $certSecurePassword -Force } function RemoveExportedDscDecryptionCert { param ( [Parameter(Mandatory)] [string] $Path ) $ErrorActionPreference = "Stop" Remove-Item -Path "$Path\DscCertPassword.txt" -Force -ErrorAction SilentlyContinue Remove-Item -Path "$Path\DscEncryption.pfx" -Force -ErrorAction SilentlyContinue Remove-Item -Path "$Path\DscSigning.pfx" -Force -ErrorAction SilentlyContinue } # This function signs a Configuration which is expressed as a MOF. function SignDscConfiguration { param ( [Parameter(Mandatory)] [string] $MofPath ) $ErrorActionPreference = 'Stop' Write-Verbose -Verbose "Signing $MofPath" $dscSigningCert = GetDscSigningCert $null = Set-AuthenticodeSignature -Certificate $dscSigningCert ` -HashAlgorithm SHA256 ` -FilePath $MofPath ` -Force } # This function returns a password, encrypted with the DSC Encryption key function GetEncryptedPassword { param ( [Parameter(Mandatory)] [pscredential] $Credential ) $ErrorActionPreference = 'Stop' $cleartext = $Credential.GetNetworkCredential().Password $cleartext | Protect-CmsMessage -To "CN=DscEncryptionCert" } # This function builds the right files in an image to finish a DSC configuration # when the machine boots for the first time. function PrepareDSCFirstBoot { param ( [Parameter(Mandatory)] [System.String] $MountPath, [Parameter(Mandatory = $false)] [psobject[]] $PartialConfigList, [switch] $WaitForTimeSyncBeforeDSC ) $ErrorActionPreference = "Stop" # Install a SetupComplete.cmd which will force DSC to resolve secondary partial configurations. $setupDir = Join-Path -Path $MountPath -ChildPath "Windows\Setup" New-Item -Path $setupDir -ItemType Directory -Force $scriptsDir = Join-Path -Path $setupDir -ChildPath Scripts New-Item -Path $scriptsDir -ItemType Directory -Force Write-Verbose -Verbose "Placing SetupComplete.cmd in $scriptsDir" Copy-Item -Path (Join-Path -Path "$PSScriptRoot\..\Common" -ChildPath SetupComplete.cmd) ` -Destination (Join-Path -Path $scriptsDir -ChildPath SetupComplete.cmd) ` -Force # Make a directory full of stuff necessary for applying all the DSC partial configs. $dscDirectory = Join-Path -Path $MountPath -ChildPath DSCConfigs New-Item -Path $dscDirectory -ItemType Directory -Force Write-Verbose -Verbose "Placing DSC collateral in $dscDirectory" Copy-Item -Path $PSScriptRoot\..\Common\CompleteBootDSC.ps1 -Destination $dscDirectory -Force Copy-Item -Path $PSScriptRoot\..\Common\DscMetaconfig.psm1 -Destination $dscDirectory -Force Copy-Item -Path $PSScriptRoot\..\..\Common\Helpers.psm1 -Destination $dscDirectory -Force Copy-Item -Path $PSScriptRoot\..\..\Common\Tracer.psm1 -Destination $dscDirectory -Force if ($WaitForTimeSyncBeforeDSC) { Copy-Item -Path $PSScriptRoot\..\Common\WaitForTimeSyncBeforeDSC.ps1 -Destination $dscDirectory -Force } # Get the DSC Encryption Cert and place it in the image. ExportDscDecryptionCert -DestinationPath $dscDirectory if ($PSBoundParameters.ContainsKey('PartialConfigList')) { # Write the partial config list where the machine will find it. $partialConfigListFile = Join-Path -Path $dscDirectory -ChildPath DscPartialConfigList.xml Write-Verbose -Verbose "Writing list of $($partialConfigList.Count) partial configs into $partialConfigListFile" $xmlString = "<PartialConfigurations>" foreach($partialConfig in $PartialConfigList) { $xmlString += "<PartialConfiguration Name=`"$($partialConfig.Name)`" Phase=`"$($partialConfig.Phase)`" />" } $xmlString += "</PartialConfigurations>" $xmlString | Set-Content -Path $partialConfigListFile -Force } } # Helper function to write a DSC status configuration file. This file will be used to find out where the # status file will be written. The status file and its contents help deployment/update determine if DSC configuration is complete # on a remote machine. function Add-DSCStatusConfigFile { param( [Parameter(Mandatory=$True)] [string] $Version, [Parameter(Mandatory=$True)] [string] $DSCStatusConfigFolder ) $ErrorActionPreference = "Stop" Write-Verbose "Injecting DSC status configuration file in $DSCStatusConfigFolder" $configString = @" <Configuration> <TargetShares> <TargetShare PrimaryPath="C:\CompleteBootDSCStatus" /> </TargetShares> <Version>$Version</Version> </Configuration> "@ if((Test-Path -Path $DSCStatusConfigFolder) -eq $false) { $null = New-Item -Path $DSCStatusConfigFolder -ItemType Directory -Force } $configFilePath = Join-Path -Path $DSCStatusConfigFolder -ChildPath "CompleteBootDscStatusConfig.xml" $configString | Out-File $configFilePath -Force } <# .Synopsis Function to wait for ping, CIM, recent OS installation (with a deployment artifact) and WinRM to be available on a machine .Parameter StartTime The start time of the operation, used to check that OS boot time was strictly after the wait period. .Parameter StopTime The stop time for the wait operation after which the operation is considered failed. .Parameter NodeArray A list of physical/Virtual machine nodes to wait. .Parameter Version Current version being deployed or the version to which the stamp is being updated .Parameter DSCStatusFolder Folder where the DSC completion status will be written .Parameter TargetNodeNotInDomain Indicates that the target node is not domain-joined, so we cannot check its DSC status file using the default mechanism of admin SMB share path (\\node\C$\CompleteBootDSCStatus\node.version.xml). #> function Wait-ForDSCComplete { [CmdletBinding()] param ( [Parameter(Mandatory=$true)] [DateTime] $StartTime, [Parameter(Mandatory=$true)] [DateTime] $StopTime, [Parameter(Mandatory=$true)] [string[]] $NodeArray, [Parameter(Mandatory=$true)] [string] $Version, [Parameter(Mandatory=$false)] [string] $DSCStatusFolder = "C:\CompleteBootDSCStatus", [Parameter(Mandatory=$false)] [bool] $TargetNodeNotInDomain = $false, [Parameter(Mandatory=$false)] [pscredential] $Credential ) $ErrorActionPreference = "Stop" $remainingNodes = $NodeArray $failedNodes = [System.Collections.Generic.Dictionary[string, string[]]]::new() do { foreach ($node in $NodeArray) { $dscStatusFileName = $node + "." + $Version + ".xml" $dscStatusFilePath = Join-Path -Path $DSCStatusFolder -ChildPath $dscStatusFileName $remoteDscStatusFilePath = Join-Path -Path "\\$node" -ChildPath ($dscStatusFilePath.Replace(":","$")) # Check if the SetupComplete is still processing. # If the DSC status file exists for this specific version, then skip and move on to the next node $statusFilePresent = $false $statusFilePresentOnHost = $false # In case of VMs where AD is not set up, the status file is accessed via remote session with explicit credentials. # For example this will be applicable to DC VM on one node. if($TargetNodeNotInDomain) { Trace-Execution "Testing for presence of $dscStatusFilePath on $env:COMPUTERNAME" $statusFilePresentOnHost = Test-Path -Path $dscStatusFilePath $statusFilePresent = $statusFilePresentOnHost if(-not $statusFilePresent) { Trace-Execution "Testing for presence of $dscStatusFilePath on $node" try { $currentVM = Get-VM -Name $node -ComputerName $env:COMPUTERNAME if($currentVM.State -eq "Running") { $statusFilePresent = Invoke-Command -VMName $node -Credential $Credential -ScriptBlock { Test-Path -Path $using:dscStatusFilePath } -ErrorAction Stop } } catch { Trace-Warning "Failed to get the DSC Status file from: $node. Reporting this as a warning as the node might not be up. Failure details: $_" } } } else { try { $remoteDscStatusFilePathParent = Split-Path $remoteDscStatusFilePath -Parent Trace-Execution "Creating PS drive 'DscStatusFileTempPSDrive' with root $remoteDscStatusFilePathParent and user $($Credential.UserName)." New-PSDrive -Name DscStatusFileTempPSDrive -PSProvider FileSystem -Root $remoteDscStatusFilePathParent -Credential $Credential -ErrorAction Stop } catch { Trace-Warning "Could not create PS drive 'DscStatusFileTempPSDrive' with root '$remoteDscStatusFilePathParent'. Failure details: $_" } $StatusFile = Get-ChildItem -Path $remoteDscStatusFilePathParent -ErrorAction Ignore if($StatusFile) { $statusFilePresent = $true } else { $statusFilePresent = $false } } # If status file is not present, keep loopin, else read the contents of the file if (!$statusFilePresent) { Trace-Execution "$node is still being deployed. It will be reachable once OS deployment is complete and execution of SetupComplete script has ended." } else { $statusXml = $null # If the file exists, check the status in the file # If the completed file was previously copied on to the host, read the status from there. # Avoid going over PSDirect as the local admin account might have been disabled. if($TargetNodeNotInDomain) { $statusXml = [xml] ( Invoke-Command -VMName $node -ScriptBlock { Get-Content -Path $using:dscStatusFilePath } -Credential $Credential) } else { $statusfileName = Get-ChildItem -Path $remoteDscStatusFilePathParent $statusXml = [xml] ( Get-Content -Path $statusfileName.FullName ) } $status = $statusXml.DeploymentDSC.Status if($status -eq "Started") { Trace-Execution "$node has finished OS deployment, but is still processing SetupComplete." } elseif(($status -eq "Completed") -or ($status -eq 'Failed')) { Trace-Execution "$node has finished SetupComplete with status: $status" # Create copy of the file locally. This is to avoid reaching out to the VM again in case of consistency check if($TargetNodeNotInDomain) { Trace-Execution "Creating copy of the file locally" New-Item -Type Directory -Path (Split-Path $dscStatusFilePath) -Force | Out-Null $statusXml.InnerXml | Out-File $dscStatusFilePath -Force } $remainingNodes = $remainingNodes -ne $node if ($status -eq 'Failed') { if ($null -eq $statusXml.DeploymentDSC.ResourcesNotInDesiredState.ResourceId) { Trace-Error "DSC failed to converge on $node, but no additional details were found in the status XML. Check C:\Windows\SetupComplete.log on $node to determine whether DSC was configured and started properly." } $failedNodes[$node] = $statusXml.DeploymentDSC.ResourcesNotInDesiredState.ResourceId } else { # Test binary hashes at First Boot end Test-BinaryHash -FileSystemRoot "\\$node\c$" -OutputFileName 'firstBootEndHash.json' -BaselineFileName 'baselineHash.json' } } else { Trace-Execution "Unknown status reported for $node . The expected values are Started, Completed and Failed. Value reported was: $status" } } Trace-Execution "Removing PS drive 'DscStatusFileTempPSDrive'." Get-PSDrive -Name DscStatusFileTempPSDrive -ErrorAction SilentlyContinue | Remove-PSDrive } if (-not $remainingNodes) { break } $NodeArray = $remainingNodes Start-Sleep -Seconds 30 } until ([DateTime]::Now -gt $StopTime) if ($failedNodes.Count -ne 0) { $stringBuilder = [System.Text.StringBuilder]::new("DSC failed to converge on one or more nodes.") foreach ($node in $failedNodes.Keys) { $stringBuilder.AppendLine("Resources not in desired state on ${node}: " + [string]::Join((", ", $failedNodes[$node]))) } Trace-Error $stringBuilder.ToString() } $totalBmdWaitTimeMinutes = [int]($StopTime - $StartTime).TotalMinutes if ($remainingNodes) { Trace-Error "Deployment failed to complete in $totalBmdWaitTimeMinutes minutes - $(($remainingNodes) -join ',') ." } else { $nodesString = $NodeArray -join "," Trace-Execution "Deployment has completed on all nodes: $nodesString" } } # Tests if DSC has completed and completed status has been written on at least one of the orchestrators. function Test-ForDSCComplete { [CmdletBinding()] param ( [Parameter(Mandatory=$true)] [pscredential] $Credential, [Parameter(Mandatory=$true)] [string] $NodeName, [Parameter(Mandatory=$true)] [string] $Version, [Parameter(Mandatory=$false)] [string] $DSCStatusFolder = "C:\CompleteBootDSCStatus" ) $statusFilePresent = $false $dscStatusFileName = $NodeName + "." + $Version + ".xml" $dscStatusFilePath = Join-Path -Path $DSCStatusFolder -ChildPath $dscStatusFileName $remoteDscStatusFilePath = Join-Path -Path "\\$NodeName" -ChildPath ($dscStatusFilePath.Replace(":","$")) Trace-Execution "DSC status file path on node: $remoteDscStatusFilePath" $statusFilePresent = Test-Path -Path $remoteDscStatusFilePath -ErrorAction Ignore try { if ($statusFilePresent) { $statusXml = [xml] ( Get-Content -Path $remoteDscStatusFilePath ) $status = $statusXml.DeploymentDSC.Status if ($status -eq "Completed") { Trace-Execution "Status for the node was set to Completed. The node was already created with expected version hence returning True." return $true } } } catch { Trace-Execution "Encountered an exception reading status file from path: $remoteDscStatusFilePath. Exception: $_" } return $false } <# .Synopsis Revoke access to the CompleteBootDSCShare .Parameter ComputerName The computer that is to be granted access. .Parameter DomainAdminCredentials Credentials for the domain admin #> function Revoke-CompleteBootDSCShareAccess { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string[]] $ComputerName, [Parameter(Mandatory = $true)] [CloudEngine.Configurations.EceInterfaceParameters] $Parameters ) $cloudRole = $Parameters.Roles["Cloud"].PublicConfiguration $securityInfo = $cloudRole.PublicInfo.SecurityInfo $domainAdminUser = $securityInfo.DomainUsers.User | Where-Object Role -EQ "DomainAdmin" $domainAdminCredential = $Parameters.GetCredential($domainAdminUser.Credential) Start-ParallelWorkAndWait -ComputerName $ComputerName -Credential $domainAdminCredential -ScriptBlock { $DSCStatusFileShareAccessRules = Get-SmbShareAccess -Name "CompleteBootDSCStatus" foreach($DSCStatusFileShareAccessRule in $DSCStatusFileShareAccessRules) { $accessPermission = $DSCStatusFileShareAccessRule.AccessRight if ($accessPermission -eq "Change" -or $accessPermission -eq "Read" -or $accessPermission -eq "Full") { Revoke-SmbShareAccess -Name $DSCStatusFileShareAccessRule.Name -AccountName $DSCStatusFileShareAccessRule.AccountName -Force } } } } <# .Synopsis Remove the DSC status file for a specific computer with a specific build installed .Parameter ComputerName The computer that is to be removed the DSC status file. .Parameter Version The build version #> function Remove-DSCStatusFile { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [string] $ComputerName, [Parameter(Mandatory=$true)] [string] $Version ) $ErrorActionPreference = "Stop" $dscStatusFileName = $ComputerName + "." + $Version + ".xml" $remoteDscStatusFilePath = "\\$ComputerName\C$\CompleteBootDSCStatus\$dscStatusFileName" try { if(Test-Path $remoteDscStatusFilePath -ErrorAction Ignore) { Remove-Item -Path $remoteDscStatusFilePath -Force -Confirm:$false } } catch { Trace-Warning "Could not remove $remoteDscStatusFilePath. Error: $_" } } <# .SYNOPSIS Reset partial configurations on all nodes to clean up any stale references to Script resources in existing configurations. #> function Reset-PartialConfigurationsOnNode { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [CloudEngine.Configurations.EceInterfaceParameters] $Parameters ) $ErrorActionPreference = "Stop" $nodeName = @( Get-ExecutionContextNodeName -Parameters $Parameters ) if (-not $nodeName -or $nodeName.Count -gt 1) { throw "Invalid node information specified in the execution context: [$nodeName]" } Trace-Execution "Checking for presence of DscMetaconfig.psm1 on $nodeName." $modulePath = "\\$nodeName\C$\DSCConfigs\DscMetaconfig.psm1" if (-not (Test-Path $modulePath)) { Trace-Execution "Copying DscMetaconfig.psm1 to $nodeName." Copy-Item $PSScriptRoot\DscMetaConfig.psm1 $modulePath -Force } Trace-Execution "Cleaning up configuration on $nodeName." Invoke-Command -ComputerName $nodeName -ScriptBlock ${function:Reset-PartialConfigurations} } <# .SYNOPSIS Clean up of partial configurations is done by updating the meta configuration. We set the meta config to point to a single known resource that works, and start the DSC configuration, which removes all other partial configs from the store. Then we reset the partial configuration list in the meta configuration to ensure new configs pushed to the node are valid. This function is intended to be invoked in a remote session to a target node. #> function Reset-PartialConfigurations { $ErrorActionPreference = "Stop" $VerbosePreference = "Continue" # Helper function to update meta configuration. function Set-MetaConfig ($CertThumbprint, $PartialList) { Import-Module C:\DSCConfigs\DscMetaconfig.psm1 $metaMofPath = Join-Path ([IO.Path]::GetTempPath()) ([IO.Path]::GetRandomFileName()) Trace-Execution "Creating new temp path for meta configuration: $metaMofPath" New-Item -Path $metaMofPath -Type Directory -Force Trace-Execution "Generating meta configuration to only reference $PartialList configuration." MetaMof -OutputPath $metaMofPath -CredentialEncryptionThumbprint $CertThumbprint -PartialConfigList $PartialList $lcmConfig = $false $timeout = (Get-Date).AddMinutes(10) do { try { Trace-Execution "Setting LCM configuration from $metaMofPath" Set-DscLocalConfigurationManager -Path $metaMofPath -Force -ErrorAction Stop $lcmConfig = $true } catch { $errorMessage = $_.Exception.Message Trace-Execution "Error setting LCM configuration : '$errorMessage'" Start-Sleep 30 } } until ($lcmConfig -or (Get-Date) -gt $timeout) if (-not $lcmConfig) { throw "Failed to set LCM configuration. Last error: $errorMessage" } } # Collect current LCM settings, which will be used to set/reset the meta configuration. $lcm = Get-DscLocalConfigurationManager $encryptionThumbprint = $lcm.CertificateID if (-not $encryptionThumbprint) { Write-Warning "CertificateID on the LCM was not set. Retrieving Thumbprint of certificate in the local store." $encryptionThumbprint = Get-ChildItem Cert:\LocalMachine\My | ? Subject -match "DscEncryptionCertificate" | select -First 1 | % Thumbprint if (-not $encryptionThumbprint) { throw "Failed to get thumpbrint of DSC encryption certificate from LCM or the local store." } } Trace-Execution "Got encryption certificate thumbprint: $encryptionThumbprint." Trace-Execution "Resetting configuration." Set-MetaConfig -CertThumbprint $encryptionThumbprint -PartialList $null } Export-ModuleMember -Function Add-DSCStatusConfigFile Export-ModuleMember -Function ExportDscDecryptionCert Export-ModuleMember -Function GetDscEncryptionCert Export-ModuleMember -Function GetEncryptedPassword Export-ModuleMember -Function PrepareDSCFirstBoot Export-ModuleMember -Function Remove-DSCStatusFile Export-ModuleMember -Function RemoveExportedDscDecryptionCert Export-ModuleMember -Function Reset-PartialConfigurationsOnNode Export-ModuleMember -Function Revoke-CompleteBootDSCShareAccess Export-ModuleMember -Function SignDscConfiguration Export-ModuleMember -Function Test-ForDSCComplete Export-ModuleMember -Function Wait-ForDSCComplete # SIG # Begin signature block # MIIoRgYJKoZIhvcNAQcCoIIoNzCCKDMCAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCCsVFz3ZvYILEYe # oe7/QEloWAK6kHZCKP4fcpgQH0yiGaCCDXYwggX0MIID3KADAgECAhMzAAADrzBA # DkyjTQVBAAAAAAOvMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMRMwEQYD # VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNpZ25p # bmcgUENBIDIwMTEwHhcNMjMxMTE2MTkwOTAwWhcNMjQxMTE0MTkwOTAwWjB0MQsw # CQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9u # ZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYDVQQDExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB # AQDOS8s1ra6f0YGtg0OhEaQa/t3Q+q1MEHhWJhqQVuO5amYXQpy8MDPNoJYk+FWA # hePP5LxwcSge5aen+f5Q6WNPd6EDxGzotvVpNi5ve0H97S3F7C/axDfKxyNh21MG # 0W8Sb0vxi/vorcLHOL9i+t2D6yvvDzLlEefUCbQV/zGCBjXGlYJcUj6RAzXyeNAN # xSpKXAGd7Fh+ocGHPPphcD9LQTOJgG7Y7aYztHqBLJiQQ4eAgZNU4ac6+8LnEGAL # go1ydC5BJEuJQjYKbNTy959HrKSu7LO3Ws0w8jw6pYdC1IMpdTkk2puTgY2PDNzB # tLM4evG7FYer3WX+8t1UMYNTAgMBAAGjggFzMIIBbzAfBgNVHSUEGDAWBgorBgEE # AYI3TAgBBggrBgEFBQcDAzAdBgNVHQ4EFgQURxxxNPIEPGSO8kqz+bgCAQWGXsEw # RQYDVR0RBD4wPKQ6MDgxHjAcBgNVBAsTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEW # MBQGA1UEBRMNMjMwMDEyKzUwMTgyNjAfBgNVHSMEGDAWgBRIbmTlUAXTgqoXNzci # tW2oynUClTBUBgNVHR8ETTBLMEmgR6BFhkNodHRwOi8vd3d3Lm1pY3Jvc29mdC5j # b20vcGtpb3BzL2NybC9NaWNDb2RTaWdQQ0EyMDExXzIwMTEtMDctMDguY3JsMGEG # CCsGAQUFBwEBBFUwUzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQu # Y29tL3BraW9wcy9jZXJ0cy9NaWNDb2RTaWdQQ0EyMDExXzIwMTEtMDctMDguY3J0 # MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIBAISxFt/zR2frTFPB45Yd # mhZpB2nNJoOoi+qlgcTlnO4QwlYN1w/vYwbDy/oFJolD5r6FMJd0RGcgEM8q9TgQ # 2OC7gQEmhweVJ7yuKJlQBH7P7Pg5RiqgV3cSonJ+OM4kFHbP3gPLiyzssSQdRuPY # 1mIWoGg9i7Y4ZC8ST7WhpSyc0pns2XsUe1XsIjaUcGu7zd7gg97eCUiLRdVklPmp # XobH9CEAWakRUGNICYN2AgjhRTC4j3KJfqMkU04R6Toyh4/Toswm1uoDcGr5laYn # TfcX3u5WnJqJLhuPe8Uj9kGAOcyo0O1mNwDa+LhFEzB6CB32+wfJMumfr6degvLT # e8x55urQLeTjimBQgS49BSUkhFN7ois3cZyNpnrMca5AZaC7pLI72vuqSsSlLalG # OcZmPHZGYJqZ0BacN274OZ80Q8B11iNokns9Od348bMb5Z4fihxaBWebl8kWEi2O # PvQImOAeq3nt7UWJBzJYLAGEpfasaA3ZQgIcEXdD+uwo6ymMzDY6UamFOfYqYWXk # ntxDGu7ngD2ugKUuccYKJJRiiz+LAUcj90BVcSHRLQop9N8zoALr/1sJuwPrVAtx # HNEgSW+AKBqIxYWM4Ev32l6agSUAezLMbq5f3d8x9qzT031jMDT+sUAoCw0M5wVt # CUQcqINPuYjbS1WgJyZIiEkBMIIHejCCBWKgAwIBAgIKYQ6Q0gAAAAAAAzANBgkq # hkiG9w0BAQsFADCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24x # EDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlv # bjEyMDAGA1UEAxMpTWljcm9zb2Z0IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5 # IDIwMTEwHhcNMTEwNzA4MjA1OTA5WhcNMjYwNzA4MjEwOTA5WjB+MQswCQYDVQQG # EwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwG # A1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSgwJgYDVQQDEx9NaWNyb3NvZnQg # Q29kZSBTaWduaW5nIFBDQSAyMDExMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC # CgKCAgEAq/D6chAcLq3YbqqCEE00uvK2WCGfQhsqa+laUKq4BjgaBEm6f8MMHt03 # a8YS2AvwOMKZBrDIOdUBFDFC04kNeWSHfpRgJGyvnkmc6Whe0t+bU7IKLMOv2akr # rnoJr9eWWcpgGgXpZnboMlImEi/nqwhQz7NEt13YxC4Ddato88tt8zpcoRb0Rrrg # OGSsbmQ1eKagYw8t00CT+OPeBw3VXHmlSSnnDb6gE3e+lD3v++MrWhAfTVYoonpy # 4BI6t0le2O3tQ5GD2Xuye4Yb2T6xjF3oiU+EGvKhL1nkkDstrjNYxbc+/jLTswM9 # sbKvkjh+0p2ALPVOVpEhNSXDOW5kf1O6nA+tGSOEy/S6A4aN91/w0FK/jJSHvMAh # dCVfGCi2zCcoOCWYOUo2z3yxkq4cI6epZuxhH2rhKEmdX4jiJV3TIUs+UsS1Vz8k # A/DRelsv1SPjcF0PUUZ3s/gA4bysAoJf28AVs70b1FVL5zmhD+kjSbwYuER8ReTB # w3J64HLnJN+/RpnF78IcV9uDjexNSTCnq47f7Fufr/zdsGbiwZeBe+3W7UvnSSmn # Eyimp31ngOaKYnhfsi+E11ecXL93KCjx7W3DKI8sj0A3T8HhhUSJxAlMxdSlQy90 # lfdu+HggWCwTXWCVmj5PM4TasIgX3p5O9JawvEagbJjS4NaIjAsCAwEAAaOCAe0w # ggHpMBAGCSsGAQQBgjcVAQQDAgEAMB0GA1UdDgQWBBRIbmTlUAXTgqoXNzcitW2o # ynUClTAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTALBgNVHQ8EBAMCAYYwDwYD # VR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBRyLToCMZBDuRQFTuHqp8cx0SOJNDBa # BgNVHR8EUzBRME+gTaBLhklodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL2Ny # bC9wcm9kdWN0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFfMDNfMjIuY3JsMF4GCCsG # AQUFBwEBBFIwUDBOBggrBgEFBQcwAoZCaHR0cDovL3d3dy5taWNyb3NvZnQuY29t # L3BraS9jZXJ0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFfMDNfMjIuY3J0MIGfBgNV # HSAEgZcwgZQwgZEGCSsGAQQBgjcuAzCBgzA/BggrBgEFBQcCARYzaHR0cDovL3d3 # dy5taWNyb3NvZnQuY29tL3BraW9wcy9kb2NzL3ByaW1hcnljcHMuaHRtMEAGCCsG # AQUFBwICMDQeMiAdAEwAZQBnAGEAbABfAHAAbwBsAGkAYwB5AF8AcwB0AGEAdABl # AG0AZQBuAHQALiAdMA0GCSqGSIb3DQEBCwUAA4ICAQBn8oalmOBUeRou09h0ZyKb # C5YR4WOSmUKWfdJ5DJDBZV8uLD74w3LRbYP+vj/oCso7v0epo/Np22O/IjWll11l # hJB9i0ZQVdgMknzSGksc8zxCi1LQsP1r4z4HLimb5j0bpdS1HXeUOeLpZMlEPXh6 # I/MTfaaQdION9MsmAkYqwooQu6SpBQyb7Wj6aC6VoCo/KmtYSWMfCWluWpiW5IP0 # wI/zRive/DvQvTXvbiWu5a8n7dDd8w6vmSiXmE0OPQvyCInWH8MyGOLwxS3OW560 # STkKxgrCxq2u5bLZ2xWIUUVYODJxJxp/sfQn+N4sOiBpmLJZiWhub6e3dMNABQam # ASooPoI/E01mC8CzTfXhj38cbxV9Rad25UAqZaPDXVJihsMdYzaXht/a8/jyFqGa # J+HNpZfQ7l1jQeNbB5yHPgZ3BtEGsXUfFL5hYbXw3MYbBL7fQccOKO7eZS/sl/ah # XJbYANahRr1Z85elCUtIEJmAH9AAKcWxm6U/RXceNcbSoqKfenoi+kiVH6v7RyOA # 9Z74v2u3S5fi63V4GuzqN5l5GEv/1rMjaHXmr/r8i+sLgOppO6/8MO0ETI7f33Vt # Y5E90Z1WTk+/gFcioXgRMiF670EKsT/7qMykXcGhiJtXcVZOSEXAQsmbdlsKgEhr # /Xmfwb1tbWrJUnMTDXpQzTGCGiYwghoiAgEBMIGVMH4xCzAJBgNVBAYTAlVTMRMw # EQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVN # aWNyb3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNp # Z25pbmcgUENBIDIwMTECEzMAAAOvMEAOTKNNBUEAAAAAA68wDQYJYIZIAWUDBAIB # BQCgga4wGQYJKoZIhvcNAQkDMQwGCisGAQQBgjcCAQQwHAYKKwYBBAGCNwIBCzEO # MAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkEMSIEIF31rr1LW7o98t04beM3J2eG # NRREdAd4EObJZHY0M+ITMEIGCisGAQQBgjcCAQwxNDAyoBSAEgBNAGkAYwByAG8A # cwBvAGYAdKEagBhodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20wDQYJKoZIhvcNAQEB # BQAEggEAWckDKpmiDxNXtF5/RgqxBNC9xjvL/AtjfocXHwyGKxE+78WYh8g2fbGF # S0qF787wLAUVzeptKs0b5eJPMTFmd1nC02qIZ+6eRIEPnDMLz813zJe5tp/l1eVf # Gkfoh1g2oruMb+2ss1Jy4Xjdiy3C60B9mI3jSHVslGurxgEYiQFDDF/RPG5Gzck/ # gAE65atKb6mjlQ6/BaFsPNkUyiLKy0uOn+KvMoA7nZQKXLhcnK5xAA/qbnNssodE # 3e0lZf0LaBZkRa2CPwWPbQm+ph+Iu8FrzgITIrKzhzbam7U+K9RfvC7eke6+rUDO # b1jZU5VbnfA7jJbJmKKrshANHyFX2aGCF7AwghesBgorBgEEAYI3AwMBMYIXnDCC # F5gGCSqGSIb3DQEHAqCCF4kwgheFAgEDMQ8wDQYJYIZIAWUDBAIBBQAwggFaBgsq # hkiG9w0BCRABBKCCAUkEggFFMIIBQQIBAQYKKwYBBAGEWQoDATAxMA0GCWCGSAFl # AwQCAQUABCAjh64FMujTOYJYwbuR4QMbeg8xw4Dcg9q2SL3PXQg1GQIGZr3/TCsO # GBMyMDI0MDgxOTE3Mjg1MS4zOTdaMASAAgH0oIHZpIHWMIHTMQswCQYDVQQGEwJV # UzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UE # ChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMS0wKwYDVQQLEyRNaWNyb3NvZnQgSXJl # bGFuZCBPcGVyYXRpb25zIExpbWl0ZWQxJzAlBgNVBAsTHm5TaGllbGQgVFNTIEVT # Tjo0MDFBLTA1RTAtRDk0NzElMCMGA1UEAxMcTWljcm9zb2Z0IFRpbWUtU3RhbXAg # U2VydmljZaCCEf4wggcoMIIFEKADAgECAhMzAAAB/tCowns0IQsBAAEAAAH+MA0G # CSqGSIb3DQEBCwUAMHwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9u # MRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRp # b24xJjAkBgNVBAMTHU1pY3Jvc29mdCBUaW1lLVN0YW1wIFBDQSAyMDEwMB4XDTI0 # MDcyNTE4MzExOFoXDTI1MTAyMjE4MzExOFowgdMxCzAJBgNVBAYTAlVTMRMwEQYD # VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24xLTArBgNVBAsTJE1pY3Jvc29mdCBJcmVsYW5kIE9w # ZXJhdGlvbnMgTGltaXRlZDEnMCUGA1UECxMeblNoaWVsZCBUU1MgRVNOOjQwMUEt # MDVFMC1EOTQ3MSUwIwYDVQQDExxNaWNyb3NvZnQgVGltZS1TdGFtcCBTZXJ2aWNl # MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvLwhFxWlqA43olsE4PCe # gZ4mSfsH2YTSKEYv8Gn3362Bmaycdf5T3tQxpP3NWm62YHUieIQXw+0u4qlay4AN # 3IonI+47Npi9fo52xdAXMX0pGrc0eqW8RWN3bfzXPKv07O18i2HjDyLuywYyKA9F # mWbePjahf9Mwd8QgygkPtwDrVQGLyOkyM3VTiHKqhGu9BCGVRdHW9lmPMrrUlPWi # YV9LVCB5VYd+AEUtdfqAdqlzVxA53EgxSqhp6JbfEKnTdcfP6T8Mir0HrwTTtV2h # 2yDBtjXbQIaqycKOb633GfRkn216LODBg37P/xwhodXT81ZC2aHN7exEDmmbiWss # jGvFJkli2g6dt01eShOiGmhbonr0qXXcBeqNb6QoF8jX/uDVtY9pvL4j8aEWS49h # KUH0mzsCucIrwUS+x8MuT0uf7VXCFNFbiCUNRTofxJ3B454eGJhL0fwUTRbgyCbp # LgKMKDiCRub65DhaeDvUAAJT93KSCoeFCoklPavbgQyahGZDL/vWAVjX5b8Jzhly # 9gGCdK/qi6i+cxZ0S8x6B2yjPbZfdBVfH/NBp/1Ln7xbeOETAOn7OT9D3UGt0q+K # iWgY42HnLjyhl1bAu5HfgryAO3DCaIdV2tjvkJay2qOnF7Dgj8a60KQT9QgfJfwX # nr3ZKibYMjaUbCNIDnxz2ykCAwEAAaOCAUkwggFFMB0GA1UdDgQWBBRvznuJ9SU2 # g5l/5/b+5CBibbHF3TAfBgNVHSMEGDAWgBSfpxVdAF5iXYP05dJlpxtTNRnpcjBf # BgNVHR8EWDBWMFSgUqBQhk5odHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3Bz # L2NybC9NaWNyb3NvZnQlMjBUaW1lLVN0YW1wJTIwUENBJTIwMjAxMCgxKS5jcmww # bAYIKwYBBQUHAQEEYDBeMFwGCCsGAQUFBzAChlBodHRwOi8vd3d3Lm1pY3Jvc29m # dC5jb20vcGtpb3BzL2NlcnRzL01pY3Jvc29mdCUyMFRpbWUtU3RhbXAlMjBQQ0El # MjAyMDEwKDEpLmNydDAMBgNVHRMBAf8EAjAAMBYGA1UdJQEB/wQMMAoGCCsGAQUF # BwMIMA4GA1UdDwEB/wQEAwIHgDANBgkqhkiG9w0BAQsFAAOCAgEAiT4NUvO2lw+0 # dDMtsBuxmX2o3lVQqnQkuITAGIGCgI+sl7ZqZOTDd8LqxsH4GWCPTztc3tr8AgBv # sYIzWjFwioCjCQODq1oBMWNzEsKzckHxAzYo5Sze7OPkMA3DAxVq4SSR8y+TRC2G # cOd0JReZ1lPlhlPl9XI+z8OgtOPmQnLLiP9qzpTHwFze+sbqSn8cekduMZdLyHJk # 3Niw3AnglU/WTzGsQAdch9SVV4LHifUnmwTf0i07iKtTlNkq3bx1iyWg7N7jGZAB # RWT2mX+YAVHlK27t9n+WtYbn6cOJNX6LsH8xPVBRYAIRVkWsMyEAdoP9dqfaZzwX # GmjuVQ931NhzHjjG+Efw118DXjk3Vq3qUI1re34zMMTRzZZEw82FupF3viXNR3DV # OlS9JH4x5emfINa1uuSac6F4CeJCD1GakfS7D5ayNsaZ2e+sBUh62KVTlhEsQRHZ # RwCTxbix1Y4iJw+PDNLc0Hf19qX2XiX0u2SM9CWTTjsz9SvCjIKSxCZFCNv/zpKI # lsHx7hQNQHSMbKh0/wwn86uiIALEjazUszE0+X6rcObDfU4h/O/0vmbF3BMR+45r # AZMAETJsRDPxHJCo/5XGhWdg/LoJ5XWBrODL44YNrN7FRnHEAAr06sflqZ8eeV3F # uDKdP5h19WUnGWwO1H/ZjUzOoVGiV3gwggdxMIIFWaADAgECAhMzAAAAFcXna54C # m0mZAAAAAAAVMA0GCSqGSIb3DQEBCwUAMIGIMQswCQYDVQQGEwJVUzETMBEGA1UE # CBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9z # b2Z0IENvcnBvcmF0aW9uMTIwMAYDVQQDEylNaWNyb3NvZnQgUm9vdCBDZXJ0aWZp # Y2F0ZSBBdXRob3JpdHkgMjAxMDAeFw0yMTA5MzAxODIyMjVaFw0zMDA5MzAxODMy # MjVaMHwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQH # EwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xJjAkBgNV # BAMTHU1pY3Jvc29mdCBUaW1lLVN0YW1wIFBDQSAyMDEwMIICIjANBgkqhkiG9w0B # AQEFAAOCAg8AMIICCgKCAgEA5OGmTOe0ciELeaLL1yR5vQ7VgtP97pwHB9KpbE51 # yMo1V/YBf2xK4OK9uT4XYDP/XE/HZveVU3Fa4n5KWv64NmeFRiMMtY0Tz3cywBAY # 6GB9alKDRLemjkZrBxTzxXb1hlDcwUTIcVxRMTegCjhuje3XD9gmU3w5YQJ6xKr9 # cmmvHaus9ja+NSZk2pg7uhp7M62AW36MEBydUv626GIl3GoPz130/o5Tz9bshVZN # 7928jaTjkY+yOSxRnOlwaQ3KNi1wjjHINSi947SHJMPgyY9+tVSP3PoFVZhtaDua # Rr3tpK56KTesy+uDRedGbsoy1cCGMFxPLOJiss254o2I5JasAUq7vnGpF1tnYN74 # kpEeHT39IM9zfUGaRnXNxF803RKJ1v2lIH1+/NmeRd+2ci/bfV+AutuqfjbsNkz2 # K26oElHovwUDo9Fzpk03dJQcNIIP8BDyt0cY7afomXw/TNuvXsLz1dhzPUNOwTM5 # TI4CvEJoLhDqhFFG4tG9ahhaYQFzymeiXtcodgLiMxhy16cg8ML6EgrXY28MyTZk # i1ugpoMhXV8wdJGUlNi5UPkLiWHzNgY1GIRH29wb0f2y1BzFa/ZcUlFdEtsluq9Q # BXpsxREdcu+N+VLEhReTwDwV2xo3xwgVGD94q0W29R6HXtqPnhZyacaue7e3Pmri # Lq0CAwEAAaOCAd0wggHZMBIGCSsGAQQBgjcVAQQFAgMBAAEwIwYJKwYBBAGCNxUC # BBYEFCqnUv5kxJq+gpE8RjUpzxD/LwTuMB0GA1UdDgQWBBSfpxVdAF5iXYP05dJl # pxtTNRnpcjBcBgNVHSAEVTBTMFEGDCsGAQQBgjdMg30BATBBMD8GCCsGAQUFBwIB # FjNodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL0RvY3MvUmVwb3NpdG9y # eS5odG0wEwYDVR0lBAwwCgYIKwYBBQUHAwgwGQYJKwYBBAGCNxQCBAweCgBTAHUA # YgBDAEEwCwYDVR0PBAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAU # 1fZWy4/oolxiaNE9lJBb186aGMQwVgYDVR0fBE8wTTBLoEmgR4ZFaHR0cDovL2Ny # bC5taWNyb3NvZnQuY29tL3BraS9jcmwvcHJvZHVjdHMvTWljUm9vQ2VyQXV0XzIw # MTAtMDYtMjMuY3JsMFoGCCsGAQUFBwEBBE4wTDBKBggrBgEFBQcwAoY+aHR0cDov # L3d3dy5taWNyb3NvZnQuY29tL3BraS9jZXJ0cy9NaWNSb29DZXJBdXRfMjAxMC0w # Ni0yMy5jcnQwDQYJKoZIhvcNAQELBQADggIBAJ1VffwqreEsH2cBMSRb4Z5yS/yp # b+pcFLY+TkdkeLEGk5c9MTO1OdfCcTY/2mRsfNB1OW27DzHkwo/7bNGhlBgi7ulm # ZzpTTd2YurYeeNg2LpypglYAA7AFvonoaeC6Ce5732pvvinLbtg/SHUB2RjebYIM # 9W0jVOR4U3UkV7ndn/OOPcbzaN9l9qRWqveVtihVJ9AkvUCgvxm2EhIRXT0n4ECW # OKz3+SmJw7wXsFSFQrP8DJ6LGYnn8AtqgcKBGUIZUnWKNsIdw2FzLixre24/LAl4 # FOmRsqlb30mjdAy87JGA0j3mSj5mO0+7hvoyGtmW9I/2kQH2zsZ0/fZMcm8Qq3Uw # xTSwethQ/gpY3UA8x1RtnWN0SCyxTkctwRQEcb9k+SS+c23Kjgm9swFXSVRk2XPX # fx5bRAGOWhmRaw2fpCjcZxkoJLo4S5pu+yFUa2pFEUep8beuyOiJXk+d0tBMdrVX # VAmxaQFEfnyhYWxz/gq77EFmPWn9y8FBSX5+k77L+DvktxW/tM4+pTFRhLy/AsGC # onsXHRWJjXD+57XQKBqJC4822rpM+Zv/Cuk0+CQ1ZyvgDbjmjJnW4SLq8CdCPSWU # 5nR0W2rRnj7tfqAxM328y+l7vzhwRNGQ8cirOoo6CGJ/2XBjU02N7oJtpQUQwXEG # ahC0HVUzWLOhcGbyoYIDWTCCAkECAQEwggEBoYHZpIHWMIHTMQswCQYDVQQGEwJV # UzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UE # ChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMS0wKwYDVQQLEyRNaWNyb3NvZnQgSXJl # bGFuZCBPcGVyYXRpb25zIExpbWl0ZWQxJzAlBgNVBAsTHm5TaGllbGQgVFNTIEVT # Tjo0MDFBLTA1RTAtRDk0NzElMCMGA1UEAxMcTWljcm9zb2Z0IFRpbWUtU3RhbXAg # U2VydmljZaIjCgEBMAcGBSsOAwIaAxUAhGNHD/a7Q0bQLWVG9JuGxgLRXseggYMw # gYCkfjB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UE # BxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSYwJAYD # VQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMDANBgkqhkiG9w0BAQsF # AAIFAOptw5YwIhgPMjAyNDA4MTkxMzEzNThaGA8yMDI0MDgyMDEzMTM1OFowdzA9 # BgorBgEEAYRZCgQBMS8wLTAKAgUA6m3DlgIBADAKAgEAAgIQjgIB/zAHAgEAAgIT # azAKAgUA6m8VFgIBADA2BgorBgEEAYRZCgQCMSgwJjAMBgorBgEEAYRZCgMCoAow # CAIBAAIDB6EgoQowCAIBAAIDAYagMA0GCSqGSIb3DQEBCwUAA4IBAQChXAS483RL # NhvWjmqx1bVA9exW8pw7rTb9nCXYnAeiNEparolYgj99SFSPQejdNcxQW7VJEUr8 # u1y4CA30RsFMUco/ccAtAJT17dHJSThkT3C36VNvNslZeTOUfIvzlafEOc33/hH1 # MLHrZyFJBzP3eDafal+INyQC35VRoNl5JF+C03g9SrqJgklFVz78MyYOIH2UmcHV # Lynv/fG2k+0+OCEdbA4tMUHEnI26ZEe3xaQYlq0fsaeQJ5AvfyZ5S5J7kqgcIsme # jWptfAg9olTWiQuwJMhqVgD6GNsl/7ZNxDekhvhQENlwviq2t/zErOsJCkDmFkNh # jeOaNp6DBmeCMYIEDTCCBAkCAQEwgZMwfDELMAkGA1UEBhMCVVMxEzARBgNVBAgT # Cldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29m # dCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAgUENB # IDIwMTACEzMAAAH+0KjCezQhCwEAAQAAAf4wDQYJYIZIAWUDBAIBBQCgggFKMBoG # CSqGSIb3DQEJAzENBgsqhkiG9w0BCRABBDAvBgkqhkiG9w0BCQQxIgQg/Yv/Jsv6 # pvMrf0SCEoNvyTrI+++8MAgHUQnNleBj6FEwgfoGCyqGSIb3DQEJEAIvMYHqMIHn # MIHkMIG9BCARhczd/FPInxjR92m2hPWqc+vGOG1+/I0WtkCstyh0eTCBmDCBgKR+ # MHwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdS # ZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMT # HU1pY3Jvc29mdCBUaW1lLVN0YW1wIFBDQSAyMDEwAhMzAAAB/tCowns0IQsBAAEA # AAH+MCIEIFcrka7UyBhic4GcmXbI0TWIxmbgEeCWRdMgC44sDIRtMA0GCSqGSIb3 # DQEBCwUABIICAIxjMHAQLS/JM3MMoQ/i0RXXzXotI+Ch9LIBKQG1Ryb/GWWYTqQo # 6xUDPY5hNhpvQgU1YQHT07gM0lx3Z8kw+wyClOvqlhGHxHUhoVrcE/o8Kf47dFt8 # bNa1mU61gA1/5ErugvF0Yoe0XdzEelKx7IkUrkTPQ1kSk6HHRwFKs7tAl/qzYfSR # oSRYDXoJ7AOG9sy5kVOJppIcZ6yZae/yCvuo2CBgQRQTRqgV4HDzwEW9eu+UXNtB # xWExtecuMFmVFl4NtaedNP5SdvwsSxSJ8Xq0PBkYQjDjWDVzim9o61CP8tV5cTwo # IieWvOG4sr11gCmprgteZmaHx6fJCFRD1n2OPu3Qfx09XSzuVUni/C2ogDsOaLDU # DckJjy3S7NIUN0nIwclpS+wBBVIyhhIQfo0c2vn+wLWLjaUOoi+bqca+PlB3y9Yc # WPQxCC+zAH26dHouP0CjdwXc8pTxjG3QvnZwkxwoyRMmbw+IFSO0B8S0VeK2u8Ou # 3BwAR26KaaM3c3kFN5RvUGr09aryPh49Z2o1C41f4U/nWhfyo6WrE8pvxVpbybpf # 44S6E/xFglqkdPokwVb2LMTlm0mUFvJf0/95tGH+4DMbpWjAseXjU1/nMtCxJAxM # PsVk9Q3WR9usyKsJzA0lJMFsUM22CfEyGKDMrxbPIyVvLEDqPxZpEllf # SIG # End signature block |