Testing/Unit/PowerShell/Providers/AADProvider/Export-Caps.Tests.ps1
|
BeforeAll { $ClassPath = (Join-Path -Path $PSScriptRoot -ChildPath "./../../../../../Modules/Providers/ProviderHelpers/AADConditionalAccessHelper.psm1") Import-Module $ClassPath [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseDeclaredVarsMoreThanAssignments', 'CapHelper')] $CapHelper = Get-CapTracker } Describe "GetIncludedUsers" { BeforeEach { [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseDeclaredVarsMoreThanAssignments', 'Cap')] $Cap = Get-Content (Join-Path -Path $PSScriptRoot -ChildPath "./CapSnippets/Users.json") | ConvertFrom-Json } It "returns 'None' when no users are included" { $Cap.Conditions.Users.IncludeUsers += "None" $UsersIncluded = $($CapHelper.GetIncludedUsers($Cap)) -Join ", " $UsersIncluded | Should -Be "None" } It "handles including single users" { $Cap.Conditions.Users.IncludeUsers += "aaaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa" $UsersIncluded = $($CapHelper.GetIncludedUsers($Cap)) -Join ", " $UsersIncluded | Should -Be "1 specific user" } It "handles including multiple users" { $Cap.Conditions.Users.IncludeUsers += "aaaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa" $Cap.Conditions.Users.IncludeUsers += "baaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa" $UsersIncluded = $($CapHelper.GetIncludedUsers($Cap)) -Join ", " $UsersIncluded | Should -Be "2 specific users" } It "handles including single groups" { $Cap.Conditions.Users.IncludeGroups += "aaaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa" $UsersIncluded = $($CapHelper.GetIncludedUsers($Cap)) -Join ", " $UsersIncluded | Should -Be "1 specific group" } It "handles including multiple groups" { $Cap.Conditions.Users.IncludeGroups += "aaaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa" $Cap.Conditions.Users.IncludeGroups += "baaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa" $UsersIncluded = $($CapHelper.GetIncludedUsers($Cap)) -Join ", " $UsersIncluded | Should -Be "2 specific groups" } It "handles including single roles" { $Cap.Conditions.Users.IncludeRoles += "aaaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa" $UsersIncluded = $($CapHelper.GetIncludedUsers($Cap)) -Join ", " $UsersIncluded | Should -Be "1 specific role" } It "handles including multiple roles" { $Cap.Conditions.Users.IncludeRoles += "aaaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa" $Cap.Conditions.Users.IncludeRoles += "baaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa" $UsersIncluded = $($CapHelper.GetIncludedUsers($Cap)) -Join ", " $UsersIncluded | Should -Be "2 specific roles" } It "handles including users, groups, and roles simultaneously" { $Cap.Conditions.Users.IncludeUsers += "aaaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa" $Cap.Conditions.Users.IncludeRoles += "baaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa" $Cap.Conditions.Users.IncludeRoles += "caaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa" $Cap.Conditions.Users.IncludeGroups += "daaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa" $Cap.Conditions.Users.IncludeGroups += "eaaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa" #gitleaks:allow $Cap.Conditions.Users.IncludeGroups += "faaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa" $UsersIncluded = $($CapHelper.GetIncludedUsers($Cap)) -Join ", " $UsersIncluded | Should -Be "1 specific user, 2 specific roles, 3 specific groups" } It "returns 'All' when all users are included" { $Cap.Conditions.Users.IncludeUsers += "all" $UsersIncluded = $($CapHelper.GetIncludedUsers($Cap)) -Join ", " $UsersIncluded | Should -Be "All" } It "handles including single type of external user" { $Cap.Conditions.Users.IncludeGuestsOrExternalUsers.ExternalTenants.MembershipKind = "all" $Cap.Conditions.Users.IncludeGuestsOrExternalUsers.GuestOrExternalUserTypes = "internalGuest" $UsersIncluded = $($CapHelper.GetIncludedUsers($Cap)) -Join ", " $UsersIncluded | Should -Be "Local guest users" } It "handles including all types of guest users" { $Cap.Conditions.Users.IncludeGuestsOrExternalUsers.ExternalTenants.MembershipKind = "all" $Cap.Conditions.Users.IncludeGuestsOrExternalUsers.GuestOrExternalUserTypes = "b2bCollaborationGuest,b2bCollaborationMember,b2bDirectConnectUser,internalGuest,serviceProvider,otherExternalUser" $UsersIncluded = $($CapHelper.GetIncludedUsers($Cap)) -Join ", " $UsersIncluded | Should -Be "B2B collaboration guest users, B2B collaboration member users, B2B direct connect users, Local guest users, Service provider users, Other external users" } It "handles empty input" { $Cap = @{} $UsersIncluded = $($CapHelper.GetIncludedUsers($Cap) 3>$null) -Join ", " # 3>$null to surpress the warning # message as it is expected in this case $UsersIncluded | Should -Be "" } } Describe "GetExcludedUsers" { BeforeEach { [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseDeclaredVarsMoreThanAssignments', 'Cap')] $Cap = Get-Content (Join-Path -Path $PSScriptRoot -ChildPath "./CapSnippets/Users.json") | ConvertFrom-Json } It "returns 'None' when no users are included" { $UsersExcluded = $($CapHelper.GetExcludedUsers($Cap)) -Join ", " $UsersExcluded | Should -Be "None" } It "handles excluding single users" { $Cap.Conditions.Users.ExcludeUsers += "aaaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa" $UsersExcluded = $($CapHelper.GetExcludedUsers($Cap)) -Join ", " $UsersExcluded | Should -Be "1 specific user" } It "handles excluding multiple users" { $Cap.Conditions.Users.ExcludeUsers += "aaaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa" $Cap.Conditions.Users.ExcludeUsers += "baaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa" $UsersExcluded = $($CapHelper.GetExcludedUsers($Cap)) -Join ", " $UsersExcluded | Should -Be "2 specific users" } It "handles excluding single groups" { $Cap.Conditions.Users.ExcludeGroups += "aaaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa" $UsersExcluded = $($CapHelper.GetExcludedUsers($Cap)) -Join ", " $UsersExcluded | Should -Be "1 specific group" } It "handles excluding multiple groups" { $Cap.Conditions.Users.ExcludeGroups += "aaaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa" $Cap.Conditions.Users.ExcludeGroups += "baaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa" $UsersExcluded = $($CapHelper.GetExcludedUsers($Cap)) -Join ", " $UsersExcluded | Should -Be "2 specific groups" } It "handles excluding single roles" { $Cap.Conditions.Users.ExcludeRoles += "aaaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa" $UsersExcluded = $($CapHelper.GetExcludedUsers($Cap)) -Join ", " $UsersExcluded | Should -Be "1 specific role" } It "handles excluding multiple roles" { $Cap.Conditions.Users.ExcludeRoles += "aaaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa" $Cap.Conditions.Users.ExcludeRoles += "baaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa" $UsersExcluded = $($CapHelper.GetExcludedUsers($Cap)) -Join ", " $UsersExcluded | Should -Be "2 specific roles" } It "handles excluding users, groups, and roles simultaneously" { $Cap.Conditions.Users.ExcludeUsers += "aaaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa" $Cap.Conditions.Users.ExcludeRoles += "baaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa" $Cap.Conditions.Users.ExcludeRoles += "caaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa" $Cap.Conditions.Users.ExcludeGroups += "daaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa" $Cap.Conditions.Users.ExcludeGroups += "eaaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa" #gitleaks:allow $Cap.Conditions.Users.ExcludeGroups += "faaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa" $UsersExcluded = $($CapHelper.GetExcludedUsers($Cap)) -Join ", " $UsersExcluded | Should -Be "1 specific user, 2 specific roles, 3 specific groups" } It "handles excluding all types of external users" { $Cap.Conditions.Users.ExcludeGuestsOrExternalUsers.ExternalTenants.MembershipKind = "all" $Cap.Conditions.Users.ExcludeGuestsOrExternalUsers.GuestOrExternalUserTypes = "b2bCollaborationGuest,b2bCollaborationMember,b2bDirectConnectUser,internalGuest,serviceProvider,otherExternalUser" $UsersExcluded = $($CapHelper.GetExcludedUsers($Cap)) -Join ", " $UsersExcluded | Should -Be "B2B collaboration guest users, B2B collaboration member users, B2B direct connect users, Local guest users, Service provider users, Other external users" } It "handles excluding a single type of external user" { $Cap.Conditions.Users.ExcludeGuestsOrExternalUsers.ExternalTenants.MembershipKind = "all" $Cap.Conditions.Users.ExcludeGuestsOrExternalUsers.GuestOrExternalUserTypes = "serviceProvider" $UsersExcluded = $($CapHelper.GetExcludedUsers($Cap)) -Join ", " $UsersExcluded | Should -Be "Service provider users" } It "handles empty input" { $Cap = @{} $UsersExcluded = $($CapHelper.GetExcludedUsers($Cap) 3>$null) -Join ", " # 3>$null to surpress the warning # message as it is expected in this case $UsersExcluded | Should -Be "" } } Describe "GetApplications" { BeforeEach { [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseDeclaredVarsMoreThanAssignments', 'Cap')] $Cap = Get-Content (Join-Path -Path $PSScriptRoot -ChildPath "./CapSnippets/Apps.json") | ConvertFrom-Json } It "handles including all apps" { $Cap.Conditions.Applications.IncludeApplications += "All" $Apps = $($CapHelper.GetApplications($Cap)) $Apps[0] | Should -Be "Policy applies to: apps" $Apps[1] | Should -Be "Apps included: All" $Apps[2] | Should -Be "Apps excluded: None" } It "handles including/excluding no apps" { $Cap.Conditions.Applications.IncludeApplications += "None" $Apps = $($CapHelper.GetApplications($Cap)) $Apps[0] | Should -Be "Policy applies to: apps" $Apps[1] | Should -Be "Apps included: None" $Apps[2] | Should -Be "Apps excluded: None" } It "handles including/excluding single specific apps" { $Cap.Conditions.Applications.IncludeApplications += "aaaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa" $Cap.Conditions.Applications.ExcludeApplications += "baaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa" $Apps = $($CapHelper.GetApplications($Cap)) $Apps[0] | Should -Be "Policy applies to: apps" $Apps[1] | Should -Be "Apps included: 1 specific app" $Apps[2] | Should -Be "Apps excluded: 1 specific app" } It "handles including/excluding multiple specific apps" { $Cap.Conditions.Applications.IncludeApplications += "aaaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa" $Cap.Conditions.Applications.IncludeApplications += "baaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa" $Cap.Conditions.Applications.IncludeApplications += "caaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa" $Cap.Conditions.Applications.ExcludeApplications += "daaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa" $Cap.Conditions.Applications.ExcludeApplications += "eaaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa" #gitleaks:allow $Apps = $($CapHelper.GetApplications($Cap)) $Apps[0] | Should -Be "Policy applies to: apps" $Apps[1] | Should -Be "Apps included: 3 specific apps" $Apps[2] | Should -Be "Apps excluded: 2 specific apps" } It "handles app filter in include mode" { $Cap.Conditions.Applications.ApplicationFilter.Mode = "include" $Apps = $($CapHelper.GetApplications($Cap)) $Apps[0] | Should -Be "Policy applies to: apps" $Apps[1] | Should -Be "Apps included: custom application filter" $Apps[2] | Should -Be "Apps excluded: None" } It "handles app filter in exclude mode" { $Cap.Conditions.Applications.ApplicationFilter.Mode = "exclude" $Cap.Conditions.Applications.IncludeApplications += "All" $Apps = $($CapHelper.GetApplications($Cap)) $Apps[0] | Should -Be "Policy applies to: apps" $Apps[1] | Should -Be "Apps included: All" $Apps[2] | Should -Be "Apps excluded: custom application filter" } It "handles including app filter and specific apps" { $Cap.Conditions.Applications.ApplicationFilter.Mode = "include" $Cap.Conditions.Applications.IncludeApplications += "aaaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa" $Apps = $($CapHelper.GetApplications($Cap)) $Apps[0] | Should -Be "Policy applies to: apps" $Apps[1] | Should -Be "Apps included: 1 specific app" $Apps[2] | Should -Be "Apps included: custom application filter" $Apps[3] | Should -Be "Apps excluded: None" } It "handles excluding app filter and specific apps" { $Cap.Conditions.Applications.ApplicationFilter.Mode = "exclude" $Cap.Conditions.Applications.IncludeApplications += "All" $Cap.Conditions.Applications.ExcludeApplications += "aaaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa" $Apps = $($CapHelper.GetApplications($Cap)) $Apps[0] | Should -Be "Policy applies to: apps" $Apps[1] | Should -Be "Apps included: All" $Apps[2] | Should -Be "Apps excluded: 1 specific app" $Apps[3] | Should -Be "Apps excluded: custom application filter" } It "handles registering a device" { $Cap.Conditions.Applications.IncludeUserActions += "urn:user:registerdevice" $Apps = $($CapHelper.GetApplications($Cap)) $Apps[0] | Should -Be "Policy applies to: actions" $Apps[1] | Should -Be "User action: Register or join devices" } It "handles registering security info" { $Cap.Conditions.Applications.IncludeUserActions += "urn:user:registersecurityinfo" $Apps = $($CapHelper.GetApplications($Cap)) $Apps[0] | Should -Be "Policy applies to: actions" $Apps[1] | Should -Be "User action: Register security info" } It "handles registering security info" { $Cap.Conditions.Applications.IncludeAuthenticationContextClassReferences += "c1" $Cap.Conditions.Applications.IncludeAuthenticationContextClassReferences += "c3" $Apps = $($CapHelper.GetApplications($Cap)) $Apps | Should -Be "Policy applies to: 2 authentication contexts" } It "handles empty input" { $Cap = @{} $Apps = $($CapHelper.GetApplications($Cap) 3>$null) -Join ", " # 3>$null to surpress the warning # message as it is expected in this case $Apps | Should -Be "" } } Describe "GetConditions" { BeforeEach { [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseDeclaredVarsMoreThanAssignments', 'Cap')] $Cap = Get-Content (Join-Path -Path $PSScriptRoot -ChildPath "./CapSnippets/Conditions.json") | ConvertFrom-Json } It "handles user risk levels" { $Cap.Conditions.UserRiskLevels += "high" $Cap.Conditions.UserRiskLevels += "medium" $Cap.Conditions.UserRiskLevels += "low" $Conditions = $($CapHelper.GetConditions($Cap)) $Conditions[0] | Should -Be "User risk levels: high, medium, low" } It "handles sign-in risk levels" { $Cap.Conditions.SignInRiskLevels += "low" $Conditions = $($CapHelper.GetConditions($Cap)) $Conditions[0] | Should -Be "Sign-in risk levels: low" } It "handles including all device platforms" { $Cap.Conditions.Platforms.ExcludePlatforms = @() $Cap.Conditions.Platforms.IncludePlatforms = @("all") $Conditions = $($CapHelper.GetConditions($Cap)) $Conditions[0] | Should -Be "Device platforms included: all" $Conditions[1] | Should -Be "Device platforms excluded: none" } It "handles including/excluding specific device platforms" { $Cap.Conditions.Platforms.ExcludePlatforms = @("iOS", "macOS", "linux") $Cap.Conditions.Platforms.IncludePlatforms = @("android") $Conditions = $($CapHelper.GetConditions($Cap)) $Conditions[0] | Should -Be "Device platforms included: android" $Conditions[1] | Should -Be "Device platforms excluded: iOS, macOS, linux" } It "handles including all locations" { $Cap.Conditions.Locations.ExcludeLocations = @() $Cap.Conditions.Locations.IncludeLocations = @("All") $Conditions = $($CapHelper.GetConditions($Cap)) $Conditions[0] | Should -Be "Locations included: all locations" $Conditions[1] | Should -Be "Locations excluded: none" } It "handles excluding trusted locations" { $Cap.Conditions.Locations.ExcludeLocations = @("AllTrusted") $Cap.Conditions.Locations.IncludeLocations = @("All") $Conditions = $($CapHelper.GetConditions($Cap)) $Conditions[0] | Should -Be "Locations included: all locations" $Conditions[1] | Should -Be "Locations excluded: all trusted locations" } It "handles including/excluding single custom locations" { $Cap.Conditions.Locations.ExcludeLocations = @("00000000-0000-0000-0000-000000000000") $Cap.Conditions.Locations.IncludeLocations = @("10000000-0000-0000-0000-000000000000") $Conditions = $($CapHelper.GetConditions($Cap)) $Conditions[0] | Should -Be "Locations included: 1 specific location" $Conditions[1] | Should -Be "Locations excluded: 1 specific location" } It "handles including/excluding multiple custom locations" { $Cap.Conditions.Locations.ExcludeLocations = @() $Cap.Conditions.Locations.ExcludeLocations += @("00000000-0000-0000-0000-000000000000") $Cap.Conditions.Locations.ExcludeLocations += @("10000000-0000-0000-0000-000000000000") $Cap.Conditions.Locations.ExcludeLocations += @("20000000-0000-0000-0000-000000000000") $Cap.Conditions.Locations.IncludeLocations = @() $Cap.Conditions.Locations.IncludeLocations += @("30000000-0000-0000-0000-000000000000") $Cap.Conditions.Locations.IncludeLocations += @("40000000-0000-0000-0000-000000000000") $Conditions = $($CapHelper.GetConditions($Cap)) $Conditions[0] | Should -Be "Locations included: 2 specific locations" $Conditions[1] | Should -Be "Locations excluded: 3 specific locations" } It "handles including trusted locations" { $Cap.Conditions.Locations.IncludeLocations = @("AllTrusted") $Conditions = $($CapHelper.GetConditions($Cap)) $Conditions[0] | Should -Be "Locations included: all trusted locations" $Conditions[1] | Should -Be "Locations excluded: none" } It "handles including all client apps" { $Conditions = $($CapHelper.GetConditions($Cap)) $Conditions | Should -Be "Client apps included: all" } It "handles including specific client apps" { $Cap.Conditions.ClientAppTypes = @("exchangeActiveSync", "browser", "mobileAppsAndDesktopClients", "other") $Conditions = $($CapHelper.GetConditions($Cap)) $Conditions | Should -Be "Client apps included: Exchange ActiveSync Clients, Browser, Mobile apps and desktop clients, Other clients" } It "handles custom client app filter in include mode" { $Cap.Conditions.Devices.DeviceFilter.Mode = "include" $Cap.Conditions.Devices.DeviceFilter.Rule = "device.manufacturer -eq 'helloworld'" $Conditions = $($CapHelper.GetConditions($Cap)) $Conditions[1] | Should -Be "Custom device filter in include mode active" } It "handles custom client app filter in exclude mode" { $Cap.Conditions.Devices.DeviceFilter.Mode = "exclude" $Cap.Conditions.Devices.DeviceFilter.Rule = "device.manufacturer -eq 'helloworld'" $Conditions = $($CapHelper.GetConditions($Cap)) $Conditions[1] | Should -Be "Custom device filter in exclude mode active" } It "handles many conditions simultaneously" { $Cap.Conditions.UserRiskLevels += "low" $Cap.Conditions.SignInRiskLevels += "high" $Cap.Conditions.Platforms.ExcludePlatforms = @("android", "iOS", "macOS", "linux") $Cap.Conditions.Platforms.IncludePlatforms = @("all") $Cap.Conditions.Locations.IncludeLocations = @("AllTrusted") $Cap.Conditions.Locations.ExcludeLocations = @() $Cap.Conditions.ClientAppTypes = @("exchangeActiveSync") $Cap.Conditions.Devices.DeviceFilter.Mode = "exclude" $Cap.Conditions.Devices.DeviceFilter.Rule = "device.manufacturer -eq 'helloworld'" $Conditions = $($CapHelper.GetConditions($Cap)) $Conditions[0] | Should -Be "User risk levels: low" $Conditions[1] | Should -Be "Sign-in risk levels: high" $Conditions[2] | Should -Be "Device platforms included: all" $Conditions[3] | Should -Be "Device platforms excluded: android, iOS, macOS, linux" $Conditions[4] | Should -Be "Locations included: all trusted locations" $Conditions[5] | Should -Be "Locations excluded: none" $Conditions[6] | Should -Be "Client apps included: Exchange ActiveSync Clients" $Conditions[7] | Should -Be "Custom device filter in exclude mode active" } It "handles empty input" { $Cap = @{} $Conditions = $($CapHelper.GetConditions($Cap) 3>$null) -Join ", " # 3>$null to surpress the warning # message as it is expected in this case $Conditions | Should -Be "" } } Describe "GetAccessControls" { BeforeEach { [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseDeclaredVarsMoreThanAssignments', 'Cap')] $Cap = Get-Content (Join-Path -Path $PSScriptRoot -ChildPath "./CapSnippets/AccessControls.json") | ConvertFrom-Json } It "handles blocking access" { $Cap.GrantControls.BuiltInControls = @("block") $Controls = $($CapHelper.GetAccessControls($Cap)) $Controls | Should -Be "Block access" } It "handles requiring single control" { $Cap.GrantControls.BuiltInControls = @("mfa") $Controls = $($CapHelper.GetAccessControls($Cap)) $Controls | Should -Be "Allow access but require multifactor authentication" } It "handles requiring terms of use" { $Cap.GrantControls.TermsOfUse = @("aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa") $Controls = $($CapHelper.GetAccessControls($Cap)) $Controls | Should -Be "Allow access but require terms of use" } It "handles requiring multiple controls in AND mode" { $Cap.GrantControls.BuiltInControls = @("mfa", "compliantDevice", "domainJoinedDevice", "approvedApplication", "compliantApplication", "passwordChange") $Cap.GrantControls.Operator = "AND" $Controls = $($CapHelper.GetAccessControls($Cap)) $Controls | Should -Be "Allow access but require multifactor authentication, device to be marked compliant, Hybrid Azure AD joined device, approved client app, app protection policy, AND password change" } It "handles requiring multiple controls in OR mode" { $Cap.GrantControls.BuiltInControls = @("mfa", "compliantDevice", "domainJoinedDevice", "approvedApplication", "compliantApplication", "passwordChange") $Cap.GrantControls.Operator = "OR" $Controls = $($CapHelper.GetAccessControls($Cap)) $Controls | Should -Be "Allow access but require multifactor authentication, device to be marked compliant, Hybrid Azure AD joined device, approved client app, app protection policy, OR password change" } It "handles using authentication strength (phishing resistant MFA)" { $Cap.GrantControls.AuthenticationStrength.DisplayName = "Phishing resistant MFA" $Controls = $($CapHelper.GetAccessControls($Cap)) $Controls | Should -Be "Allow access but require authentication strength (Phishing resistant MFA)" } It "handles using both authentication strength and a traditional control" { $Cap.GrantControls.AuthenticationStrength.DisplayName = "Multi-factor authentication" $Cap.GrantControls.BuiltInControls = @("passwordChange") $Cap.GrantControls.Operator = "AND" $Controls = $($CapHelper.GetAccessControls($Cap)) $Controls | Should -Be "Allow access but require password change, AND authentication strength (Multi-factor authentication)" } It "handles using no access controls" { $Cap.GrantControls.BuiltInControls = $null $Controls = $($CapHelper.GetAccessControls($Cap)) $Controls | Should -Be "None" } It "handles empty input" { $Cap = @{} $Controls = $($CapHelper.GetAccessControls($Cap) 3>$null) -Join ", " # 3>$null to surpress the warning # message as it is expected in this case $Controls | Should -Be "" } } Describe "GetSessionControls" { BeforeEach { [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSUseDeclaredVarsMoreThanAssignments', 'Cap')] $Cap = Get-Content (Join-Path -Path $PSScriptRoot -ChildPath "./CapSnippets/SessionControls.json") | ConvertFrom-Json } It "handles using no session controls" { $Controls = $($CapHelper.GetSessionControls($Cap)) $Controls | Should -Be "None" } It "handles using app enforced restrictions" { $Cap.SessionControls.ApplicationEnforcedRestrictions.IsEnabled = $true $Controls = $($CapHelper.GetSessionControls($Cap)) $Controls | Should -Be "Use app enforced restrictions" } It "handles using conditional access app control with custom policy" { $Cap.SessionControls.CloudAppSecurity.CloudAppSecurityType = "mcasConfigured" $Cap.SessionControls.CloudAppSecurity.IsEnabled = $true $Controls = $($CapHelper.GetSessionControls($Cap)) $Controls | Should -Be "Use Conditional Access App Control (Use custom policy)" } It "handles using conditional access app control in monitor mode" { $Cap.SessionControls.CloudAppSecurity.CloudAppSecurityType = "monitorOnly" $Cap.SessionControls.CloudAppSecurity.IsEnabled = $true $Controls = $($CapHelper.GetSessionControls($Cap)) $Controls | Should -Be "Use Conditional Access App Control (Monitor only)" } It "handles using conditional access app control in block mode" { $Cap.SessionControls.CloudAppSecurity.CloudAppSecurityType = "blockDownloads" $Cap.SessionControls.CloudAppSecurity.IsEnabled = $true $Controls = $($CapHelper.GetSessionControls($Cap)) $Controls | Should -Be "Use Conditional Access App Control (Block downloads)" } It "handles using sign-in frequency every time" { $Cap.SessionControls.SignInFrequency.FrequencyInterval = "everyTime" $Cap.SessionControls.SignInFrequency.IsEnabled = $true $Controls = $($CapHelper.GetSessionControls($Cap)) $Controls | Should -Be "Sign-in frequency (every time)" } It "handles using sign-in frequency time based" { $Cap.SessionControls.SignInFrequency.FrequencyInterval = "timeBased" $Cap.SessionControls.SignInFrequency.Type = "days" $Cap.SessionControls.SignInFrequency.Value = 10 $Cap.SessionControls.SignInFrequency.IsEnabled = $true $Controls = $($CapHelper.GetSessionControls($Cap)) $Controls | Should -Be "Sign-in frequency (every 10 days)" } It "handles using persistent browser session" { $Cap.SessionControls.PersistentBrowser.IsEnabled = $true $Cap.SessionControls.PersistentBrowser.Mode = "never" $Controls = $($CapHelper.GetSessionControls($Cap)) $Controls | Should -Be "Persistent browser session (never persistent)" } It "handles using customized continuous access evaluation" { $Cap.SessionControls.ContinuousAccessEvaluation.Mode = "disabled" $Controls = $($CapHelper.GetSessionControls($Cap)) $Controls | Should -Be "Customize continuous access evaluation" } It "handles disabling resilience defaults" { $Cap.SessionControls.DisableResilienceDefaults = $true $Controls = $($CapHelper.GetSessionControls($Cap)) $Controls | Should -Be "Disable resilience defaults" } It "handles multiple controls simultaneously" { $Cap.SessionControls.PersistentBrowser.IsEnabled = $true $Cap.SessionControls.PersistentBrowser.Mode = "never" $Cap.SessionControls.DisableResilienceDefaults = $true $Controls = $($CapHelper.GetSessionControls($Cap)) $Controls[0] | Should -Be "Persistent browser session (never persistent)" $Controls[1] | Should -Be "Disable resilience defaults" } It "handles empty input" { $Cap = @{} $Controls = $($CapHelper.GetSessionControls($Cap) 3>$null) -Join ", " # 3>$null to surpress the warning # message as it is expected in this case $Controls | Should -Be "" } } # SIG # Begin signature block # MIIuuQYJKoZIhvcNAQcCoIIuqjCCLqYCAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCDlWcHgGlG3bIZc # LYZfoKtKPJeBKqB+rxeIitjBwNFbbaCCE6MwggWQMIIDeKADAgECAhAFmxtXno4h # MuI5B72nd3VcMA0GCSqGSIb3DQEBDAUAMGIxCzAJBgNVBAYTAlVTMRUwEwYDVQQK # EwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xITAfBgNV # BAMTGERpZ2lDZXJ0IFRydXN0ZWQgUm9vdCBHNDAeFw0xMzA4MDExMjAwMDBaFw0z # ODAxMTUxMjAwMDBaMGIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJ # bmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xITAfBgNVBAMTGERpZ2lDZXJ0 # IFRydXN0ZWQgUm9vdCBHNDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB # AL/mkHNo3rvkXUo8MCIwaTPswqclLskhPfKK2FnC4SmnPVirdprNrnsbhA3EMB/z # G6Q4FutWxpdtHauyefLKEdLkX9YFPFIPUh/GnhWlfr6fqVcWWVVyr2iTcMKyunWZ # anMylNEQRBAu34LzB4TmdDttceItDBvuINXJIB1jKS3O7F5OyJP4IWGbNOsFxl7s # Wxq868nPzaw0QF+xembud8hIqGZXV59UWI4MK7dPpzDZVu7Ke13jrclPXuU15zHL # 2pNe3I6PgNq2kZhAkHnDeMe2scS1ahg4AxCN2NQ3pC4FfYj1gj4QkXCrVYJBMtfb # BHMqbpEBfCFM1LyuGwN1XXhm2ToxRJozQL8I11pJpMLmqaBn3aQnvKFPObURWBf3 # JFxGj2T3wWmIdph2PVldQnaHiZdpekjw4KISG2aadMreSx7nDmOu5tTvkpI6nj3c # AORFJYm2mkQZK37AlLTSYW3rM9nF30sEAMx9HJXDj/chsrIRt7t/8tWMcCxBYKqx # YxhElRp2Yn72gLD76GSmM9GJB+G9t+ZDpBi4pncB4Q+UDCEdslQpJYls5Q5SUUd0 # viastkF13nqsX40/ybzTQRESW+UQUOsxxcpyFiIJ33xMdT9j7CFfxCBRa2+xq4aL # T8LWRV+dIPyhHsXAj6KxfgommfXkaS+YHS312amyHeUbAgMBAAGjQjBAMA8GA1Ud # EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBTs1+OC0nFdZEzf # Lmc/57qYrhwPTzANBgkqhkiG9w0BAQwFAAOCAgEAu2HZfalsvhfEkRvDoaIAjeNk # aA9Wz3eucPn9mkqZucl4XAwMX+TmFClWCzZJXURj4K2clhhmGyMNPXnpbWvWVPjS # PMFDQK4dUPVS/JA7u5iZaWvHwaeoaKQn3J35J64whbn2Z006Po9ZOSJTROvIXQPK # 7VB6fWIhCoDIc2bRoAVgX+iltKevqPdtNZx8WorWojiZ83iL9E3SIAveBO6Mm0eB # cg3AFDLvMFkuruBx8lbkapdvklBtlo1oepqyNhR6BvIkuQkRUNcIsbiJeoQjYUIp # 5aPNoiBB19GcZNnqJqGLFNdMGbJQQXE9P01wI4YMStyB0swylIQNCAmXHE/A7msg # dDDS4Dk0EIUhFQEI6FUy3nFJ2SgXUE3mvk3RdazQyvtBuEOlqtPDBURPLDab4vri # RbgjU2wGb2dVf0a1TD9uKFp5JtKkqGKX0h7i7UqLvBv9R0oN32dmfrJbQdA75PQ7 # 9ARj6e/CVABRoIoqyc54zNXqhwQYs86vSYiv85KZtrPmYQ/ShQDnUBrkG5WdGaG5 # nLGbsQAe79APT0JsyQq87kP6OnGlyE0mpTX9iV28hWIdMtKgK1TtmlfB2/oQzxm3 # i0objwG2J5VT6LaJbVu8aNQj6ItRolb58KaAoNYes7wPD1N1KarqE3fk3oyBIa0H # EEcRrYc9B9F1vM/zZn4wggawMIIEmKADAgECAhAIrUCyYNKcTJ9ezam9k67ZMA0G # CSqGSIb3DQEBDAUAMGIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJ # bmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xITAfBgNVBAMTGERpZ2lDZXJ0 # IFRydXN0ZWQgUm9vdCBHNDAeFw0yMTA0MjkwMDAwMDBaFw0zNjA0MjgyMzU5NTla # MGkxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5EaWdpQ2VydCwgSW5jLjFBMD8GA1UE # AxM4RGlnaUNlcnQgVHJ1c3RlZCBHNCBDb2RlIFNpZ25pbmcgUlNBNDA5NiBTSEEz # ODQgMjAyMSBDQTEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDVtC9C # 0CiteLdd1TlZG7GIQvUzjOs9gZdwxbvEhSYwn6SOaNhc9es0JAfhS0/TeEP0F9ce # 2vnS1WcaUk8OoVf8iJnBkcyBAz5NcCRks43iCH00fUyAVxJrQ5qZ8sU7H/Lvy0da # E6ZMswEgJfMQ04uy+wjwiuCdCcBlp/qYgEk1hz1RGeiQIXhFLqGfLOEYwhrMxe6T # SXBCMo/7xuoc82VokaJNTIIRSFJo3hC9FFdd6BgTZcV/sk+FLEikVoQ11vkunKoA # FdE3/hoGlMJ8yOobMubKwvSnowMOdKWvObarYBLj6Na59zHh3K3kGKDYwSNHR7Oh # D26jq22YBoMbt2pnLdK9RBqSEIGPsDsJ18ebMlrC/2pgVItJwZPt4bRc4G/rJvmM # 1bL5OBDm6s6R9b7T+2+TYTRcvJNFKIM2KmYoX7BzzosmJQayg9Rc9hUZTO1i4F4z # 8ujo7AqnsAMrkbI2eb73rQgedaZlzLvjSFDzd5Ea/ttQokbIYViY9XwCFjyDKK05 # huzUtw1T0PhH5nUwjewwk3YUpltLXXRhTT8SkXbev1jLchApQfDVxW0mdmgRQRNY # mtwmKwH0iU1Z23jPgUo+QEdfyYFQc4UQIyFZYIpkVMHMIRroOBl8ZhzNeDhFMJlP # /2NPTLuqDQhTQXxYPUez+rbsjDIJAsxsPAxWEQIDAQABo4IBWTCCAVUwEgYDVR0T # AQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUaDfg67Y7+F8Rhvv+YXsIiGX0TkIwHwYD # VR0jBBgwFoAU7NfjgtJxXWRM3y5nP+e6mK4cD08wDgYDVR0PAQH/BAQDAgGGMBMG # A1UdJQQMMAoGCCsGAQUFBwMDMHcGCCsGAQUFBwEBBGswaTAkBggrBgEFBQcwAYYY # aHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEEGCCsGAQUFBzAChjVodHRwOi8vY2Fj # ZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRUcnVzdGVkUm9vdEc0LmNydDBDBgNV # HR8EPDA6MDigNqA0hjJodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vRGlnaUNlcnRU # cnVzdGVkUm9vdEc0LmNybDAcBgNVHSAEFTATMAcGBWeBDAEDMAgGBmeBDAEEATAN # BgkqhkiG9w0BAQwFAAOCAgEAOiNEPY0Idu6PvDqZ01bgAhql+Eg08yy25nRm95Ry # sQDKr2wwJxMSnpBEn0v9nqN8JtU3vDpdSG2V1T9J9Ce7FoFFUP2cvbaF4HZ+N3HL # IvdaqpDP9ZNq4+sg0dVQeYiaiorBtr2hSBh+3NiAGhEZGM1hmYFW9snjdufE5Btf # Q/g+lP92OT2e1JnPSt0o618moZVYSNUa/tcnP/2Q0XaG3RywYFzzDaju4ImhvTnh # OE7abrs2nfvlIVNaw8rpavGiPttDuDPITzgUkpn13c5UbdldAhQfQDN8A+KVssIh # dXNSy0bYxDQcoqVLjc1vdjcshT8azibpGL6QB7BDf5WIIIJw8MzK7/0pNVwfiThV # 9zeKiwmhywvpMRr/LhlcOXHhvpynCgbWJme3kuZOX956rEnPLqR0kq3bPKSchh/j # wVYbKyP/j7XqiHtwa+aguv06P0WmxOgWkVKLQcBIhEuWTatEQOON8BUozu3xGFYH # Ki8QxAwIZDwzj64ojDzLj4gLDb879M4ee47vtevLt/B3E+bnKD+sEq6lLyJsQfmC # XBVmzGwOysWGw/YmMwwHS6DTBwJqakAwSEs0qFEgu60bhQjiWQ1tygVQK+pKHJ6l # /aCnHwZ05/LWUpD9r4VIIflXO7ScA+2GRfS0YW6/aOImYIbqyK+p/pQd52MbOoZW # eE4wggdXMIIFP6ADAgECAhAP1uYgxSr4joyBpB/eZOIuMA0GCSqGSIb3DQEBCwUA # MGkxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5EaWdpQ2VydCwgSW5jLjFBMD8GA1UE # AxM4RGlnaUNlcnQgVHJ1c3RlZCBHNCBDb2RlIFNpZ25pbmcgUlNBNDA5NiBTSEEz # ODQgMjAyMSBDQTEwHhcNMjUwMjA4MDAwMDAwWhcNMjYwMTE1MjM1OTU5WjBfMQsw # CQYDVQQGEwJVUzEdMBsGA1UECBMURGlzdHJpY3Qgb2YgQ29sdW1iaWExEzARBgNV # BAcTCldhc2hpbmd0b24xDTALBgNVBAoTBENJU0ExDTALBgNVBAMTBENJU0EwggIi # MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCXm3O0IOQzt0tbPPKAv4IrrzOf # QjE4Mb9j1zLL1GehaE35ddnoitE7l8OmVEeTLwPH+UpI7DfynUCjLb8HGcsuHO0H # aUuVFR3FNyvGByYATUTA+bQ9UgcwCoPyL48cDmdqFzheQ/KsC+FhI4uEpYiB/6Jp # Q0UL0SUVfC8O8+1ioUXAwdMt3G8bT3x6WaEmAbGqM5yC5fd7rKZEmpLzpA6bP2Xc # QMwi6Jn1m4AvL/jJrXvPyVUK9UlbjobKjiVg6a/UBgFrq8cU7Q1w/e5ijy6XA+aC # Z7SICqimtCW4wbrvodZL0yFeZIxN9qJ24hvrVGf7P/ANTzkoGHuHLwpMIOjBrpA+ # ig3jBTjY1xE2DYgHWcKHsSHEbOxStk+qHsn2J5i9GK+nwS7GmMqIRaEwy+dbfh6l # Q2jI4PO6kPk0ePnB3jTD/bEkdbRXpuq3aUAMS4ZSESer+CnzeBLEXvHrVVs4yHrf # RPmLOX+T43FEf6iAY7Ta3ahn0icLtCtauJ9/jmMigM/l1IfaAF6E/SoCHc6G6S9F # 1ECU/nBkpThU5u2kufiGWBC8rV2V8D50QERbohnv3yWR5BTG8dX+NYjd7HdctRAj # 9al3sQ/tdyVgOHUp+9KseYJthuNnh8WCoDeho/GX65QJDSJwh5uDcvNUfpeebANU # U1GwatZ4l+EWfOc05QIDAQABo4ICAzCCAf8wHwYDVR0jBBgwFoAUaDfg67Y7+F8R # hvv+YXsIiGX0TkIwHQYDVR0OBBYEFJIsiVnihq62MAlpq96K9lNX9UCGMD4GA1Ud # IAQ3MDUwMwYGZ4EMAQQBMCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93d3cuZGlnaWNl # cnQuY29tL0NQUzAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwMw # gbUGA1UdHwSBrTCBqjBToFGgT4ZNaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0Rp # Z2lDZXJ0VHJ1c3RlZEc0Q29kZVNpZ25pbmdSU0E0MDk2U0hBMzg0MjAyMUNBMS5j # cmwwU6BRoE+GTWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFRydXN0 # ZWRHNENvZGVTaWduaW5nUlNBNDA5NlNIQTM4NDIwMjFDQTEuY3JsMIGUBggrBgEF # BQcBAQSBhzCBhDAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29t # MFwGCCsGAQUFBzAChlBodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNl # cnRUcnVzdGVkRzRDb2RlU2lnbmluZ1JTQTQwOTZTSEEzODQyMDIxQ0ExLmNydDAJ # BgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUAA4ICAQChGHY/dRc2BtvGT6mHR4bqoakC # N9hyjDA+bbxJE73T2HgI5wKVmhu2JmFZ/FHmoXE4ngnLnGS+zMEoeTEfzb/MmAxF # H+Ca/JGMDsbVf+rP+aVc1NkSpUd6u5rsR01Dimcs+pHGwpEUF1HCDFrFcl10Smcj # b8Z+tPbIETe3yvdRyoJL2Lm6k8wvC7xfgPoMzdbKWRzTCEnVQ+B53vHBSLT4D5wW # dq3yv6oj2fQ381wZQm16fLIedmiStUYfp0ZICqI3T6UiQ5w/DXYy05Z/1Njqu3PQ # l2Sy/JLDZc7hBu5YH5ia1G2IFC6S9gN34jm8qhkkoo8kihsxRBbBLiiNB0z/eH7y # jsNgyRR+Vje51Jcgte18zVQH6fRkl+HDp2nMgdgzShlKYXZzVFQvgmMu76x72P5f # bOgzmOxCZNZh0AQUo16DdbnGvloqHCbEND2JA/0QpeB0dlWKkWiotu/MaJE8/4uU # sxw5JSZPj8ya4WnrntJaY73TxXBHSd9CezT7lDShTgB1FkCSAov3aFwqyGH4hC+2 # MGp3Wzn03rkqVCzjmgNSIkCxQzJ+hEIvbk6GVK2yk+Q9eZQCkjRKY+EYwJNDsB9I # w75dWMsi2S9PFBEkKZYZFgxwVaBvnWgrfxlZMOooNADSdmq5fvTH/tjR3vIEd4QP # Dlzb9f7QLX+cvb0MjjGCGmwwghpoAgEBMH0waTELMAkGA1UEBhMCVVMxFzAVBgNV # BAoTDkRpZ2lDZXJ0LCBJbmMuMUEwPwYDVQQDEzhEaWdpQ2VydCBUcnVzdGVkIEc0 # IENvZGUgU2lnbmluZyBSU0E0MDk2IFNIQTM4NCAyMDIxIENBMQIQD9bmIMUq+I6M # gaQf3mTiLjANBglghkgBZQMEAgEFAKCBhDAYBgorBgEEAYI3AgEMMQowCKACgACh # AoAAMBkGCSqGSIb3DQEJAzEMBgorBgEEAYI3AgEEMBwGCisGAQQBgjcCAQsxDjAM # BgorBgEEAYI3AgEVMC8GCSqGSIb3DQEJBDEiBCCUgC+YNdzz/wmCPUBWI96YBig/ # Io9Suv22IomJNJ5+3jANBgkqhkiG9w0BAQEFAASCAgBBUyA4ql0cm/RAluDW3oJK # x9Kz7xQh34Q2zDSouv0bIY+Mfu/FGnO1lPxFz4lac8pbGfLtqUg+le8yUInkBDBZ # DkgU6N0EPYVOac2suel3BSpOQUO2saOba16GMVqZaPVVzQPxr+6SajWqi+e2/mEl # toEMGmiouVwa+DRwDXX0f0jn5PJJLvlrz2Y8YYWnnsacYhVuwtCfi9oZSpGZrZwR # 3Bm1hoX/xeGvReytZnZ4bZ6GwV12WdDFEv0wCCzKqWSKGkIs9/sALypKBsIlnMqP # lCEsVFqcxAc8rmfAQ0lIZ/vxZKDRreBhtyDDxw6mnnYe/375p70yypau+cZgQK4C # 2IyBhG7ncq91SGXHsfJP2kwMlcpVOmxHTLNi04wyjTKbFbdsDwRqlr5iWi9Nyfsn # z3M6Hc13JkS+R4u9iP0Dtv5FSRB1c9S3lLXUGuC5qo4Rep/4iThzF99jzuFOICbD # 4loF+AnVJitYi4nqkJ32X0NVXUA+6AoVq+y43tQ9hOyavCDg8lvPmgCHRn+q4Dzd # qpXSe5IwkqgBJ79Fwvoe1aVAj2WB4A4hVwO3E5PjwAMXoh4K1yiCSBJp5F38wk4p # XKIcoqQBol2Bp2WbT/dGlTe9rpSkko7zcTid0jaOcQsGvYJmJZlL595n1pcrn+iR # FII/J5sXWJsSW+YJjROpIaGCFzkwghc1BgorBgEEAYI3AwMBMYIXJTCCFyEGCSqG # SIb3DQEHAqCCFxIwghcOAgEDMQ8wDQYJYIZIAWUDBAIBBQAwdwYLKoZIhvcNAQkQ # AQSgaARmMGQCAQEGCWCGSAGG/WwHATAxMA0GCWCGSAFlAwQCAQUABCBRhnOiPQvc # DX7WVmZTl/pkZoq94iq0sngV55Q4dNIHYAIQdmfEGIYskUTR5TtPQOvUPhgPMjAy # NTAyMTAyMDUxMTJaoIITAzCCBrwwggSkoAMCAQICEAuuZrxaun+Vh8b56QTjMwQw # DQYJKoZIhvcNAQELBQAwYzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDkRpZ2lDZXJ0 # LCBJbmMuMTswOQYDVQQDEzJEaWdpQ2VydCBUcnVzdGVkIEc0IFJTQTQwOTYgU0hB # MjU2IFRpbWVTdGFtcGluZyBDQTAeFw0yNDA5MjYwMDAwMDBaFw0zNTExMjUyMzU5 # NTlaMEIxCzAJBgNVBAYTAlVTMREwDwYDVQQKEwhEaWdpQ2VydDEgMB4GA1UEAxMX # RGlnaUNlcnQgVGltZXN0YW1wIDIwMjQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw # ggIKAoICAQC+anOf9pUhq5Ywultt5lmjtej9kR8YxIg7apnjpcH9CjAgQxK+CMR0 # Rne/i+utMeV5bUlYYSuuM4vQngvQepVHVzNLO9RDnEXvPghCaft0djvKKO+hDu6O # bS7rJcXa/UKvNminKQPTv/1+kBPgHGlP28mgmoCw/xi6FG9+Un1h4eN6zh926SxM # e6We2r1Z6VFZj75MU/HNmtsgtFjKfITLutLWUdAoWle+jYZ49+wxGE1/UXjWfISD # mHuI5e/6+NfQrxGFSKx+rDdNMsePW6FLrphfYtk/FLihp/feun0eV+pIF496OVh4 # R1TvjQYpAztJpVIfdNsEvxHofBf1BWkadc+Up0Th8EifkEEWdX4rA/FE1Q0rqViT # bLVZIqi6viEk3RIySho1XyHLIAOJfXG5PEppc3XYeBH7xa6VTZ3rOHNeiYnY+V4j # 1XbJ+Z9dI8ZhqcaDHOoj5KGg4YuiYx3eYm33aebsyF6eD9MF5IDbPgjvwmnAalNE # eJPvIeoGJXaeBQjIK13SlnzODdLtuThALhGtyconcVuPI8AaiCaiJnfdzUcb3dWn # qUnjXkRFwLtsVAxFvGqsxUA2Jq/WTjbnNjIUzIs3ITVC6VBKAOlb2u29Vwgfta8b # 2ypi6n2PzP0nVepsFk8nlcuWfyZLzBaZ0MucEdeBiXL+nUOGhCjl+QIDAQABo4IB # izCCAYcwDgYDVR0PAQH/BAQDAgeAMAwGA1UdEwEB/wQCMAAwFgYDVR0lAQH/BAww # CgYIKwYBBQUHAwgwIAYDVR0gBBkwFzAIBgZngQwBBAIwCwYJYIZIAYb9bAcBMB8G # A1UdIwQYMBaAFLoW2W1NhS9zKXaaL3WMaiCPnshvMB0GA1UdDgQWBBSfVywDdw4o # FZBmpWNe7k+SH3agWzBaBgNVHR8EUzBRME+gTaBLhklodHRwOi8vY3JsMy5kaWdp # Y2VydC5jb20vRGlnaUNlcnRUcnVzdGVkRzRSU0E0MDk2U0hBMjU2VGltZVN0YW1w # aW5nQ0EuY3JsMIGQBggrBgEFBQcBAQSBgzCBgDAkBggrBgEFBQcwAYYYaHR0cDov # L29jc3AuZGlnaWNlcnQuY29tMFgGCCsGAQUFBzAChkxodHRwOi8vY2FjZXJ0cy5k # aWdpY2VydC5jb20vRGlnaUNlcnRUcnVzdGVkRzRSU0E0MDk2U0hBMjU2VGltZVN0 # YW1waW5nQ0EuY3J0MA0GCSqGSIb3DQEBCwUAA4ICAQA9rR4fdplb4ziEEkfZQ5H2 # EdubTggd0ShPz9Pce4FLJl6reNKLkZd5Y/vEIqFWKt4oKcKz7wZmXa5VgW9B76k9 # NJxUl4JlKwyjUkKhk3aYx7D8vi2mpU1tKlY71AYXB8wTLrQeh83pXnWwwsxc1Mt+ # FWqz57yFq6laICtKjPICYYf/qgxACHTvypGHrC8k1TqCeHk6u4I/VBQC9VK7iSpU # 5wlWjNlHlFFv/M93748YTeoXU/fFa9hWJQkuzG2+B7+bMDvmgF8VlJt1qQcl7YFU # MYgZU1WM6nyw23vT6QSgwX5Pq2m0xQ2V6FJHu8z4LXe/371k5QrN9FQBhLLISZi2 # yemW0P8ZZfx4zvSWzVXpAb9k4Hpvpi6bUe8iK6WonUSV6yPlMwerwJZP/Gtbu3CK # ldMnn+LmmRTkTXpFIEB06nXZrDwhCGED+8RsWQSIXZpuG4WLFQOhtloDRWGoCwwc # 6ZpPddOFkM2LlTbMcqFSzm4cd0boGhBq7vkqI1uHRz6Fq1IX7TaRQuR+0BGOzISk # cqwXu7nMpFu3mgrlgbAW+BzikRVQ3K2YHcGkiKjA4gi4OA/kz1YCsdhIBHXqBzR0 # /Zd2QwQ/l4Gxftt/8wY3grcc/nS//TVkej9nmUYu83BDtccHHXKibMs/yXHhDXNk # oPIdynhVAku7aRZOwqw6pDCCBq4wggSWoAMCAQICEAc2N7ckVHzYR6z9KGYqXlsw # DQYJKoZIhvcNAQELBQAwYjELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0 # IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEhMB8GA1UEAxMYRGlnaUNl # cnQgVHJ1c3RlZCBSb290IEc0MB4XDTIyMDMyMzAwMDAwMFoXDTM3MDMyMjIzNTk1 # OVowYzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDkRpZ2lDZXJ0LCBJbmMuMTswOQYD # VQQDEzJEaWdpQ2VydCBUcnVzdGVkIEc0IFJTQTQwOTYgU0hBMjU2IFRpbWVTdGFt # cGluZyBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMaGNQZJs8E9 # cklRVcclA8TykTepl1Gh1tKD0Z5Mom2gsMyD+Vr2EaFEFUJfpIjzaPp985yJC3+d # H54PMx9QEwsmc5Zt+FeoAn39Q7SE2hHxc7Gz7iuAhIoiGN/r2j3EF3+rGSs+Qtxn # jupRPfDWVtTnKC3r07G1decfBmWNlCnT2exp39mQh0YAe9tEQYncfGpXevA3eZ9d # rMvohGS0UvJ2R/dhgxndX7RUCyFobjchu0CsX7LeSn3O9TkSZ+8OpWNs5KbFHc02 # DVzV5huowWR0QKfAcsW6Th+xtVhNef7Xj3OTrCw54qVI1vCwMROpVymWJy71h6aP # TnYVVSZwmCZ/oBpHIEPjQ2OAe3VuJyWQmDo4EbP29p7mO1vsgd4iFNmCKseSv6De # 4z6ic/rnH1pslPJSlRErWHRAKKtzQ87fSqEcazjFKfPKqpZzQmiftkaznTqj1QPg # v/CiPMpC3BhIfxQ0z9JMq++bPf4OuGQq+nUoJEHtQr8FnGZJUlD0UfM2SU2LINIs # VzV5K6jzRWC8I41Y99xh3pP+OcD5sjClTNfpmEpYPtMDiP6zj9NeS3YSUZPJjAw7 # W4oiqMEmCPkUEBIDfV8ju2TjY+Cm4T72wnSyPx4JduyrXUZ14mCjWAkBKAAOhFTu # zuldyF4wEr1GnrXTdrnSDmuZDNIztM2xAgMBAAGjggFdMIIBWTASBgNVHRMBAf8E # CDAGAQH/AgEAMB0GA1UdDgQWBBS6FtltTYUvcyl2mi91jGogj57IbzAfBgNVHSME # GDAWgBTs1+OC0nFdZEzfLmc/57qYrhwPTzAOBgNVHQ8BAf8EBAMCAYYwEwYDVR0l # BAwwCgYIKwYBBQUHAwgwdwYIKwYBBQUHAQEEazBpMCQGCCsGAQUFBzABhhhodHRw # Oi8vb2NzcC5kaWdpY2VydC5jb20wQQYIKwYBBQUHMAKGNWh0dHA6Ly9jYWNlcnRz # LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFRydXN0ZWRSb290RzQuY3J0MEMGA1UdHwQ8 # MDowOKA2oDSGMmh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFRydXN0 # ZWRSb290RzQuY3JsMCAGA1UdIAQZMBcwCAYGZ4EMAQQCMAsGCWCGSAGG/WwHATAN # BgkqhkiG9w0BAQsFAAOCAgEAfVmOwJO2b5ipRCIBfmbW2CFC4bAYLhBNE88wU86/ # GPvHUF3iSyn7cIoNqilp/GnBzx0H6T5gyNgL5Vxb122H+oQgJTQxZ822EpZvxFBM # Yh0MCIKoFr2pVs8Vc40BIiXOlWk/R3f7cnQU1/+rT4osequFzUNf7WC2qk+RZp4s # nuCKrOX9jLxkJodskr2dfNBwCnzvqLx1T7pa96kQsl3p/yhUifDVinF2ZdrM8HKj # I/rAJ4JErpknG6skHibBt94q6/aesXmZgaNWhqsKRcnfxI2g55j7+6adcq/Ex8HB # anHZxhOACcS2n82HhyS7T6NJuXdmkfFynOlLAlKnN36TU6w7HQhJD5TNOXrd/yVj # mScsPT9rp/Fmw0HNT7ZAmyEhQNC3EyTN3B14OuSereU0cZLXJmvkOHOrpgFPvT87 # eK1MrfvElXvtCl8zOYdBeHo46Zzh3SP9HSjTx/no8Zhf+yvYfvJGnXUsHicsJttv # FXseGYs2uJPU5vIXmVnKcPA3v5gA3yAWTyf7YGcWoWa63VXAOimGsJigK+2VQbc6 # 1RWYMbRiCQ8KvYHZE/6/pNHzV9m8BPqC3jLfBInwAM1dwvnQI38AC+R2AibZ8GV2 # QqYphwlHK+Z/GqSFD/yYlvZVVCsfgPrA8g4r5db7qS9EFUrnEw4d2zc4GqEr9u3W # fPwwggWNMIIEdaADAgECAhAOmxiO+dAt5+/bUOIIQBhaMA0GCSqGSIb3DQEBDAUA # MGUxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsT # EHd3dy5kaWdpY2VydC5jb20xJDAiBgNVBAMTG0RpZ2lDZXJ0IEFzc3VyZWQgSUQg # Um9vdCBDQTAeFw0yMjA4MDEwMDAwMDBaFw0zMTExMDkyMzU5NTlaMGIxCzAJBgNV # BAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdp # Y2VydC5jb20xITAfBgNVBAMTGERpZ2lDZXJ0IFRydXN0ZWQgUm9vdCBHNDCCAiIw # DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAL/mkHNo3rvkXUo8MCIwaTPswqcl # LskhPfKK2FnC4SmnPVirdprNrnsbhA3EMB/zG6Q4FutWxpdtHauyefLKEdLkX9YF # PFIPUh/GnhWlfr6fqVcWWVVyr2iTcMKyunWZanMylNEQRBAu34LzB4TmdDttceIt # DBvuINXJIB1jKS3O7F5OyJP4IWGbNOsFxl7sWxq868nPzaw0QF+xembud8hIqGZX # V59UWI4MK7dPpzDZVu7Ke13jrclPXuU15zHL2pNe3I6PgNq2kZhAkHnDeMe2scS1 # ahg4AxCN2NQ3pC4FfYj1gj4QkXCrVYJBMtfbBHMqbpEBfCFM1LyuGwN1XXhm2Tox # RJozQL8I11pJpMLmqaBn3aQnvKFPObURWBf3JFxGj2T3wWmIdph2PVldQnaHiZdp # ekjw4KISG2aadMreSx7nDmOu5tTvkpI6nj3cAORFJYm2mkQZK37AlLTSYW3rM9nF # 30sEAMx9HJXDj/chsrIRt7t/8tWMcCxBYKqxYxhElRp2Yn72gLD76GSmM9GJB+G9 # t+ZDpBi4pncB4Q+UDCEdslQpJYls5Q5SUUd0viastkF13nqsX40/ybzTQRESW+UQ # UOsxxcpyFiIJ33xMdT9j7CFfxCBRa2+xq4aLT8LWRV+dIPyhHsXAj6KxfgommfXk # aS+YHS312amyHeUbAgMBAAGjggE6MIIBNjAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud # DgQWBBTs1+OC0nFdZEzfLmc/57qYrhwPTzAfBgNVHSMEGDAWgBRF66Kv9JLLgjEt # UYunpyGd823IDzAOBgNVHQ8BAf8EBAMCAYYweQYIKwYBBQUHAQEEbTBrMCQGCCsG # AQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wQwYIKwYBBQUHMAKGN2h0 # dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEFzc3VyZWRJRFJvb3RD # QS5jcnQwRQYDVR0fBD4wPDA6oDigNoY0aHR0cDovL2NybDMuZGlnaWNlcnQuY29t # L0RpZ2lDZXJ0QXNzdXJlZElEUm9vdENBLmNybDARBgNVHSAECjAIMAYGBFUdIAAw # DQYJKoZIhvcNAQEMBQADggEBAHCgv0NcVec4X6CjdBs9thbX979XB72arKGHLOyF # XqkauyL4hxppVCLtpIh3bb0aFPQTSnovLbc47/T/gLn4offyct4kvFIDyE7QKt76 # LVbP+fT3rDB6mouyXtTP0UNEm0Mh65ZyoUi0mcudT6cGAxN3J0TU53/oWajwvy8L # punyNDzs9wPHh6jSTEAZNUZqaVSwuKFWjuyk1T3osdz9HNj0d1pcVIxv76FQPfx2 # CWiEn2/K2yCNNWAcAgPLILCsWKAOQGPFmCLBsln1VWvPJ6tsds5vIy30fnFqI2si # /xK4VC0nftg62fC2h5b9W9FcrBjDTZ9ztwGpn1eqXijiuZQxggN2MIIDcgIBATB3 # MGMxCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5EaWdpQ2VydCwgSW5jLjE7MDkGA1UE # AxMyRGlnaUNlcnQgVHJ1c3RlZCBHNCBSU0E0MDk2IFNIQTI1NiBUaW1lU3RhbXBp # bmcgQ0ECEAuuZrxaun+Vh8b56QTjMwQwDQYJYIZIAWUDBAIBBQCggdEwGgYJKoZI # hvcNAQkDMQ0GCyqGSIb3DQEJEAEEMBwGCSqGSIb3DQEJBTEPFw0yNTAyMTAyMDUx # MTJaMCsGCyqGSIb3DQEJEAIMMRwwGjAYMBYEFNvThe5i29I+e+T2cUhQhyTVhltF # MC8GCSqGSIb3DQEJBDEiBCDZsVdcti1KQZ9fmO77yQsOtFOUtu9VFqLe/MIg2RfW # IjA3BgsqhkiG9w0BCRACLzEoMCYwJDAiBCB2dp+o8mMvH0MLOiMwrtZWdf7Xc9sF # 1mW5BZOYQ4+a2zANBgkqhkiG9w0BAQEFAASCAgCGi6kENl/lNMGUAEgbhE9RoGaz # 96giwOLryzGAxy+JsuHqEPN6Nm6XVOv26g6VYmpuYirSyue01jhHpy2U7pNyQ88e # Hls5qMeUmrl1zNsscOUQqa0ExU+z+sORBE8nt0t86Irba3oCiUANrYx3tNNJRRID # ViINDGlIPGWBM+/UV+pSHms/kiSUR2a0MH9f5B6jtswEQ9/wUpcaSuooXy4gBC+i # UjAhuyjAZ0zLwAFfGyrbVW3Non0kYuCLJXkJHEfMa5djvaGfswB/W786eN3+Fg9T # Xg283bwZIia8/GnSnQ6GAZbegM/beSk67waqUSk7YavoeasXETUmC9UZh8kvbFu/ # BUwcrpx65ucAAPYIwObUc7YTO4bstblmtnwsqCZYeNOsZMw92hdKBlZ3l9yByg8I # RnbmauxUj5UL3gg1DsqBg83YDi4aW8OWDU8yZYjzhJ9HAwCNnubGo9nuqfYEjyTn # kv1UbalVoSE5YNpMm0N0h2FRS+ndTRBk1ACM59Z9Qgx1T/uW6RzQKssrqT16QUZq # wJUYBGDMXzqQrXuj+or8rGwxzlE9BEWb/KHYZDObswqBXeRhIxwEF+nRU0EhXX5s # 1uVqHLiUFRV/4Cziio3/+vK8Wd2sIy1wnFR9plL2805BT8DcJ2FJL+sWtYQnj/2G # l6kLpKZV/aW5A4oQMA== # SIG # End signature block |