Framework/Helpers/WebRequestHelper.ps1
|
Set-StrictMode -Version Latest class WebRequestHelper { hidden static [string] $AzureManagementUri = "https://management.azure.com/"; hidden static [string] $GraphApiUri = "https://graph.microsoft.com"; hidden static [string] $ClassicManagementUri = "https://management.core.windows.net/"; static [System.Object[]] InvokeGetWebRequest([string] $uri, [Hashtable] $headers) { return [WebRequestHelper]::InvokeWebRequest([Microsoft.PowerShell.Commands.WebRequestMethod]::Get, $uri, $headers, $null); } static [System.Object[]] InvokeGetWebRequest([string] $uri) { return [WebRequestHelper]::InvokeGetWebRequest($uri, [WebRequestHelper]::GetAuthHeaderFromUri($uri)); } hidden static [string] GetApplicationInsightsEndPoint() { $rmContext = [ContextHelper]::GetCurrentContext(); $azureEnv= $rmContext.Environment.Name if($azureEnv -eq "AzureUSGovernment") { return "https://dc.applicationinsights.us/v2/track" } elseif ($azureEnv -eq "AzureChinaCloud" ) { return "https://dc.applicationinsights.azure.cn/v2/track" } else { return "https://dc.services.visualstudio.com/v2/track" } } hidden static [string] GetLADataCollectorAPI() { $rmContext = [ContextHelper]::GetCurrentContext(); $azureEnv= $rmContext.Environment.Name if($azureEnv -eq "AzureUSGovernment") { return ".ods.opinsights.azure.us" } elseif ($azureEnv -eq "AzureChinaCloud" ) { return ".ods.opinsights.azure.cn" } else { return ".ods.opinsights.azure.com" } } hidden static [string] GetGraphUrl() { $rmContext = [ContextHelper]::GetCurrentContext(); $azureEnv= $rmContext.Environment.Name if(-not [string]::IsNullOrWhiteSpace($azureEnv) -and ($azureEnv -ne [Constants]::DefaultAzureEnvironment)) { return [ContextHelper]::GetCurrentContext().Environment.GraphUrl } return "https://graph.microsoft.com" } hidden static [string] GetResourceManagerUrl() { $rmContext = [ContextHelper]::GetCurrentContext(); $azureEnv= $rmContext.Environment.Name if(-not [string]::IsNullOrWhiteSpace($azureEnv) -and ($azureEnv -ne [Constants]::DefaultAzureEnvironment)) { return [ContextHelper]::GetCurrentContext().Environment.ResourceManagerUrl } return "https://management.azure.com/" } hidden static [string] GetServiceManagementUrl() { $rmContext = [ContextHelper]::GetCurrentContext(); $azureEnv= $rmContext.Environment.Name if(-not [string]::IsNullOrWhiteSpace($azureEnv) -and ($azureEnv -ne [Constants]::DefaultAzureEnvironment)) { return [ContextHelper]::GetCurrentContext().Environment.ServiceManagementUrl } return "https://management.core.windows.net/" } hidden static [Hashtable] GetAuthHeaderFromUri([string] $uri) { [System.Uri] $validatedUri = $null; if([System.Uri]::TryCreate($uri, [System.UriKind]::Absolute, [ref] $validatedUri)) { $token = [ContextHelper]::GetAccessToken($validatedUri.GetLeftPart([System.UriPartial]::Authority)); # Validate if token is PAT using lenght (PAT has lengh of 52) else go with default bearer token if($token.length -eq 52) { $user = "" $base64AuthInfo = [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(("{0}:{1}" -f $user,$token))) return @{ "Authorization"= ("Basic " + $base64AuthInfo); "Content-Type"="application/json" }; } else { return @{ "Authorization"= ("Bearer " + $token); "Content-Type"="application/json" }; } } return @{ "Content-Type"="application/json" }; } hidden static [Hashtable] GetAuthHeaderFromUri([string] $uri, [bool] $isPatTokenGiven) { [System.Uri] $validatedUri = $null; if([System.Uri]::TryCreate($uri, [System.UriKind]::Absolute, [ref] $validatedUri)) { $token = [ContextHelper]::GetAccessToken(); # Validate if token is PAT using lenght (PAT has lengh of 52) else go with default bearer token if($token.length -eq 52) { $user = "" $base64AuthInfo = [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(("{0}:{1}" -f $user,$token))) return @{ "Authorization"= ("Basic " + $base64AuthInfo); "Content-Type"="application/json" }; } else { return @{ "Authorization"= ("Bearer " + $token); "Content-Type"="application/json" }; } } return @{ "Content-Type"="application/json" }; } hidden static [Hashtable] GetAuthHeaderFromUriPatch([string] $uri) { [System.Uri] $validatedUri = $null; if ([System.Uri]::TryCreate($uri, [System.UriKind]::Absolute, [ref] $validatedUri)) { $token = [ContextHelper]::GetAccessToken($validatedUri.GetLeftPart([System.UriPartial]::Authority)); $user = "" $base64AuthInfo = [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(("{0}:{1}" -f $user, $token))) return @{ "Authorization" = ("Basic " + $base64AuthInfo) }; } return @{}; } static [System.Object[]] InvokePostWebRequest([string] $uri, [Hashtable] $headers, [System.Object] $body) { return [WebRequestHelper]::InvokeWebRequest([Microsoft.PowerShell.Commands.WebRequestMethod]::Post, $uri, $headers, $body); } static [System.Object[]] InvokePostWebRequest([string] $uri, [System.Object] $body) { return [WebRequestHelper]::InvokePostWebRequest($uri, [WebRequestHelper]::GetAuthHeaderFromUri($uri), $body); } static [System.Object[]] InvokeWebRequest([Microsoft.PowerShell.Commands.WebRequestMethod] $method, [string] $uri, [System.Object] $body) { return [WebRequestHelper]::InvokeWebRequest($method, $uri, [WebRequestHelper]::GetAuthHeaderFromUri($uri), $body); } static [System.Object[]] InvokeWebRequest([Microsoft.PowerShell.Commands.WebRequestMethod] $method, [string] $uri, [Hashtable] $headers, [System.Object] $body) { return [WebRequestHelper]::InvokeWebRequest($method, $uri, $headers, $body, $Null); } static [System.Object[]] InvokeWebRequest([Microsoft.PowerShell.Commands.WebRequestMethod] $method, [string] $uri, [Hashtable] $headers, [System.Object] $body, [string] $contentType) { return [WebRequestHelper]::InvokeWebRequest($method, $uri, $headers, $body, $contentType, $false, $false) } static [System.Object[]] InvokeWebRequest([Microsoft.PowerShell.Commands.WebRequestMethod] $method, [string] $uri, [Hashtable] $headers, [System.Object] $body, [string] $contentType, [Hashtable] $propertiesToReplace) { $outputValues = @(); [System.Uri] $validatedUri = $null; $orginalUri = ""; while ([System.Uri]::TryCreate($uri, [System.UriKind]::Absolute, [ref] $validatedUri)) { if([string]::IsNullOrWhiteSpace($orginalUri)) { $orginalUri = $validatedUri.AbsoluteUri; } [int] $retryCount = 3 $success = $false; while($retryCount -gt 0 -and -not $success) { $retryCount = $retryCount -1; try { $requestResult = $null; if ($method -eq [Microsoft.PowerShell.Commands.WebRequestMethod]::Get) { $requestResult = Invoke-WebRequest -Method $method -Uri $validatedUri -Headers $headers -UseBasicParsing } elseif ($method -eq [Microsoft.PowerShell.Commands.WebRequestMethod]::Post -or $method -eq [Microsoft.PowerShell.Commands.WebRequestMethod]::Put) { if($uri.EndsWith("`$batch")) { $requestResult = Invoke-WebRequest -Method $method -Uri $validatedUri -Headers $headers -Body $body -ContentType $contentType -UseBasicParsing $success = $true $uri = [string]::Empty } else { $requestResult = Invoke-WebRequest -Method $method -Uri $validatedUri -Headers $headers -Body ($body | ConvertTo-Json -Depth 10 -Compress) -UseBasicParsing } } else { throw [System.ArgumentException] ("The web request method type '$method' is not supported.") } if ($null -ne $requestResult -and $requestResult.StatusCode -ge 200 -and $requestResult.StatusCode -le 399) { if (!$success -and $null -ne $requestResult.Content) { $resultContent = $requestResult.Content if($propertiesToReplace.Keys.Count -gt 0) { $propertiesToReplace.Keys | Foreach-Object { $resultContent = $resultContent.ToString().Replace($_, $propertiesToReplace[$_]) } } $json = ConvertFrom-Json $resultContent if ($null -ne $json) { if (($json | Get-Member -Name "value") -and $json.value) { $outputValues += $json.value; } else { $outputValues += $json; } if (($json | Get-Member -Name "nextLink") -and $json.nextLink) { $uri = $json.nextLink } elseif (($json | Get-Member -Name "@odata.nextLink") -and $json."@odata.nextLink") { $uri = $json."@odata.nextLink" } elseif($requestResult.Headers.ContainsKey('x-ms-continuation-NextPartitionKey')) { $nPKey = $requestResult.Headers["x-ms-continuation-NextPartitionKey"] $uri= $orginalUri + "&NextPartitionKey=$nPKey" } else { $uri = [string]::Empty; } } } } $success = $true; } catch { #eat the exception until it is in retry mode and throw once the retry is done if($retryCount -eq 0) { if([Helpers]::CheckMember($_,"Exception.Response.StatusCode") -and $_.Exception.Response.StatusCode -eq "Forbidden"){ throw ([SuppressedException]::new(("You do not have permission to view the requested resource."), [SuppressedExceptionType]::InvalidOperation)) } elseif ([Helpers]::CheckMember($_,"Exception.Message")){ throw ([SuppressedException]::new(($_.Exception.Message.ToString()), [SuppressedExceptionType]::InvalidOperation)) } else { throw; } } } } } return $outputValues; } #method to get the raw response in a GET method static [System.Object[]] InvokeGetWebRequestRaw($url){ return [WebRequestHelper]::InvokeWebRequest([Microsoft.PowerShell.Commands.WebRequestMethod]::Get, $url, [WebRequestHelper]::GetAuthHeaderFromUri($url), $null, $null, $false, $true); } static [System.Object[]] InvokeWebRequest([Microsoft.PowerShell.Commands.WebRequestMethod] $method, [string] $uri, [Hashtable] $headers, [System.Object] $body, [string] $contentType, [bool] $isRetryRequired, [bool] $returnRawResponse) { $outputValues = @(); [System.Uri] $validatedUri = $null; $orginalUri = ""; $skipCount = 0 while ([System.Uri]::TryCreate($uri, [System.UriKind]::Absolute, [ref] $validatedUri)) { [int] $retryCount = 1 if($isRetryRequired) { $retryCount = 3 } if([string]::IsNullOrWhiteSpace($orginalUri)) { $orginalUri = $validatedUri.AbsoluteUri; } $success = $false; while($retryCount -gt 0 -and -not $success) { $retryCount = $retryCount -1; try { $requestResult = $null; #before making API call, check if previous API call was throttled and if we have any retry after value. Wait before making any new API call if required [RateLimitHelper]::WaitIfNeeded($validatedUri); if ($method -eq [Microsoft.PowerShell.Commands.WebRequestMethod]::Get) { $requestResult = Invoke-WebRequest -Method $method -Uri $validatedUri -Headers $headers -UseBasicParsing } elseif ($method -eq [Microsoft.PowerShell.Commands.WebRequestMethod]::Post -or $method -eq [Microsoft.PowerShell.Commands.WebRequestMethod]::Put -or [Microsoft.PowerShell.Commands.WebRequestMethod]::Patch) { if($uri.EndsWith("`$batch")) { $requestResult = Invoke-WebRequest -Method $method -Uri $validatedUri -Headers $headers -Body $body -ContentType $contentType -UseBasicParsing $success = $true $uri = [string]::Empty } elseif($uri.Contains("mspim") -or $uri.Contains("genevareference") -or $uri.Contains("loganalytics.io") -or $uri.Contains("1es.kusto.windows")) { $requestResult = Invoke-WebRequest -Method $method -Uri $validatedUri -Headers $headers -Body $body -ContentType $contentType -UseBasicParsing } else { $requestResult = Invoke-WebRequest -Method $method -Uri $validatedUri -Headers $headers -Body ($body | ConvertTo-Json -Depth 10 -Compress) -UseBasicParsing } } else { throw [System.ArgumentException] ("The web request method type '$method' is not supported.") } if($returnRawResponse) { return $requestResult } if ($null -ne $requestResult -and $requestResult.StatusCode -ge 200 -and $requestResult.StatusCode -le 399) { if (!$success -and $null -ne $requestResult.Content) { #check if this API call was throttled, store any appropriate headers for rate limiting for next API calls [RateLimitHelper]::UpdateRateLimitEntity($requestResult, $validatedUri); $json = ConvertFrom-Json $requestResult.Content if ($null -ne $json) { if (($json | Get-Member -Name "value") -and $json.value) { $outputValues += $json.value; } else { $outputValues += $json; } if (($json | Get-Member -Name "nextLink") -and $json.nextLink) { $uri = $json.nextLink } elseif($requestResult.Headers.ContainsKey('x-ms-continuation-NextPartitionKey')) { $nPKey = $requestResult.Headers["x-ms-continuation-NextPartitionKey"] $uri= $orginalUri + "&NextPartitionKey=$nPKey" if($requestResult.Headers.ContainsKey('x-ms-continuation-NextRowKey')) { $nxtPKey = $requestResult.Headers["x-ms-continuation-NextRowKey"] $uri+="&NextRowKey=$nxtPKey" } } elseif($requestResult.Headers.ContainsKey('x-ms-continuationtoken')) { $nPKey = $requestResult.Headers["x-ms-continuationtoken"] #Azure devops API calls for different resource behave independently w.r.t continuationToken, we need to handle them separately # Pagination for build definitions always contains queryOrder if ($uri.Contains("build/definitions") -and $uri.Contains('queryOrder')) { # Handle the pagination for builds $skipCount = $skipCount+10000 $uri= $orginalUri +"&%24skip="+$skipCount+ "&continuationToken="+$nPKey } # Pagination for release definitions don't need queryOrder for pagination # $uri with $top returns continuation token, it should not continue further elseif ($uri.Contains("release/definitions") -and -not $uri.Contains('$top')){ $uri= $orginalUri + "&continuationToken="+$nPKey } elseif ($uri.Contains("projects")){ $uri= $orginalUri + "&continuationToken="+$nPKey } elseif($uri.Contains("auditservice")){ $uri = $orginalUri+"&continuationToken="+$json.continuationToken } elseif($uri.Contains("testplan/plans") -or $uri.Contains("distributedtask/environments")){ $uri = $orginalUri+"&continuationToken="+$nPKey } else { $uri = [string]::Empty; } } else { $uri = [string]::Empty; } } } } $success = $true; } catch { #eat the exception until it is in retry mode and throw once the retry is done if($retryCount -eq 0) { if ($uri.Contains("mspim") -and [Helpers]::CheckMember($_,"ErrorDetails.Message")) { if( -not $returnRawResponse) { $err = $_.ErrorDetails.Message| ConvertFrom-Json throw ([SuppressedException]::new(($err), [SuppressedExceptionType]::Generic)) } else { throw $_; } } elseif([Helpers]::CheckMember($_,"Exception.Response.StatusCode") -and $_.Exception.Response.StatusCode -eq "Forbidden"){ if($uri.Contains("auditservice") -and $PSCmdlet.MyInvocation.BoundParameters.ContainsKey('IncrementalScan')){ Write-Host "You do not have the permissions to view audit logs. Results from incremental scan may not be accurate." -ForegroundColor Yellow } throw ([SuppressedException]::new(("You do not have permission to view the requested resource."), [SuppressedExceptionType]::InvalidOperation)) } elseif ([Helpers]::CheckMember($_,"Exception.Message")){ throw ([SuppressedException]::new(($_.Exception.Message.ToString()), [SuppressedExceptionType]::InvalidOperation)) } else { throw; } } } } } return $outputValues; } #only for builds and releases as of now static [System.Object[]] InvokeWebRequestForResourcesInBatch([string] $validatedUri,[string]$originalUri,[int] $skipCount,[string] $resourceType){ $outputValues = @(); $success = $false; [int] $retryCount=3; while($retryCount -gt 0 -and -not $success){ $retryCount=$retryCount-1; try{ $headers=[WebRequestHelper]::GetAuthHeaderFromUri($validatedUri) $requestResult = Invoke-WebRequest -Method Get -Uri $validatedUri -Headers $headers -UseBasicParsing if ($null -ne $requestResult -and $requestResult.StatusCode -ge 200 -and $requestResult.StatusCode -le 399) { if ($null -ne $requestResult.Content) { $json = ConvertFrom-Json $requestResult.Content if ($null -ne $json) { if (($json | Get-Member -Name "value") -and $json.value) { $outputValues += $json.value; } else { $outputValues += $json; } if($requestResult.Headers.ContainsKey('x-ms-continuationtoken')){ $nPKey = $requestResult.Headers["x-ms-continuationtoken"] if($resourceType -eq "build"){ $originalUri= $originalUri +"&%24skip="+$skipCount+ "&continuationToken="+$nPKey } else { $originalUri= $originalUri +"&continuationToken="+$nPKey } } else { $originalUri = [string]::Empty; } } } } $success=$true; } catch{ if ($originalUri.Contains("mspim") -and [Helpers]::CheckMember($_, "ErrorDetails.Message")) { $err = $_.ErrorDetails.Message | ConvertFrom-Json throw ([SuppressedException]::new(($err), [SuppressedExceptionType]::Generic)) } elseif ([Helpers]::CheckMember($_, "Exception.Response.StatusCode") -and $_.Exception.Response.StatusCode -eq "Forbidden") { throw ([SuppressedException]::new(("You do not have permission to view the requested resource."), [SuppressedExceptionType]::InvalidOperation)) } elseif ([Helpers]::CheckMember($_, "Exception.Message")) { throw ([SuppressedException]::new(($_.Exception.Message.ToString()), [SuppressedExceptionType]::InvalidOperation)) } else { throw; } } } return $outputValues,$originalUri; } static [System.Object[]] InvokeWebRequestForContinuationToken([string] $validatedUri,[string] $originalUri,$skipCount,$resourceType){ $success = $false; [int] $retryCount=3; $continuationToken=$null; $outputValues=@(); while($retryCount -gt 0 -and -not $success){ $retryCount=$retryCount-1; try{ $headers=[WebRequestHelper]::GetAuthHeaderFromUri($validatedUri,$true) $requestResult = Invoke-WebRequest -Method Get -Uri $validatedUri -Headers $headers -UseBasicParsing if ($null -ne $requestResult -and $requestResult.StatusCode -ge 200 -and $requestResult.StatusCode -le 399) { if ($null -ne $requestResult.Content) { $json = ConvertFrom-Json $requestResult.Content if ($null -ne $json) { if( $null -eq $skipCount){ if (($json | Get-Member -Name "value") -and $json.value) { $outputValues += $json.value; } else { $outputValues += $json; } } if($requestResult.Headers.ContainsKey('x-ms-continuationtoken')){ $nPKey = $requestResult.Headers["x-ms-continuationtoken"] $continuationToken=$nPKey; if($resourceType -eq "build" -and $null -ne $skipCount ){ $originalUri= $originalUri +"&%24skip="+$skipCount+ "&continuationToken="+$nPKey } elseif($resourceType -eq "release") { $originalUri= $originalUri +"&continuationToken="+$nPKey } } else { $originalUri = [string]::Empty; $continuationToken=""; } } } } $success=$true; } catch{ if ($originalUri.Contains("mspim") -and [Helpers]::CheckMember($_, "ErrorDetails.Message")) { $err = $_.ErrorDetails.Message | ConvertFrom-Json throw ([SuppressedException]::new(($err), [SuppressedExceptionType]::Generic)) } elseif ([Helpers]::CheckMember($_, "Exception.Response.StatusCode") -and $_.Exception.Response.StatusCode -eq "Forbidden") { throw ([SuppressedException]::new(("You do not have permission to view the requested resource."), [SuppressedExceptionType]::InvalidOperation)) } elseif ([Helpers]::CheckMember($_, "Exception.Message")) { throw ([SuppressedException]::new(($_.Exception.Message.ToString()), [SuppressedExceptionType]::InvalidOperation)) } else { throw; } } } return $continuationToken,$originalUri,$outputValues; } } # SIG # Begin signature block # MIIjkgYJKoZIhvcNAQcCoIIjgzCCI38CAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCDeIklDmHLUwGZE # f2l8lofsdYbWA7KE+eRGpr8eYKsI5KCCDYEwggX/MIID56ADAgECAhMzAAACUosz # qviV8znbAAAAAAJSMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMRMwEQYD # VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNpZ25p # bmcgUENBIDIwMTEwHhcNMjEwOTAyMTgzMjU5WhcNMjIwOTAxMTgzMjU5WjB0MQsw # CQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9u # ZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYDVQQDExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB # AQDQ5M+Ps/X7BNuv5B/0I6uoDwj0NJOo1KrVQqO7ggRXccklyTrWL4xMShjIou2I # sbYnF67wXzVAq5Om4oe+LfzSDOzjcb6ms00gBo0OQaqwQ1BijyJ7NvDf80I1fW9O # L76Kt0Wpc2zrGhzcHdb7upPrvxvSNNUvxK3sgw7YTt31410vpEp8yfBEl/hd8ZzA # v47DCgJ5j1zm295s1RVZHNp6MoiQFVOECm4AwK2l28i+YER1JO4IplTH44uvzX9o # RnJHaMvWzZEpozPy4jNO2DDqbcNs4zh7AWMhE1PWFVA+CHI/En5nASvCvLmuR/t8 # q4bc8XR8QIZJQSp+2U6m2ldNAgMBAAGjggF+MIIBejAfBgNVHSUEGDAWBgorBgEE # AYI3TAgBBggrBgEFBQcDAzAdBgNVHQ4EFgQUNZJaEUGL2Guwt7ZOAu4efEYXedEw # UAYDVR0RBEkwR6RFMEMxKTAnBgNVBAsTIE1pY3Jvc29mdCBPcGVyYXRpb25zIFB1 # ZXJ0byBSaWNvMRYwFAYDVQQFEw0yMzAwMTIrNDY3NTk3MB8GA1UdIwQYMBaAFEhu # ZOVQBdOCqhc3NyK1bajKdQKVMFQGA1UdHwRNMEswSaBHoEWGQ2h0dHA6Ly93d3cu # bWljcm9zb2Z0LmNvbS9wa2lvcHMvY3JsL01pY0NvZFNpZ1BDQTIwMTFfMjAxMS0w # Ny0wOC5jcmwwYQYIKwYBBQUHAQEEVTBTMFEGCCsGAQUFBzAChkVodHRwOi8vd3d3 # Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NlcnRzL01pY0NvZFNpZ1BDQTIwMTFfMjAx # MS0wNy0wOC5jcnQwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQsFAAOCAgEAFkk3 # uSxkTEBh1NtAl7BivIEsAWdgX1qZ+EdZMYbQKasY6IhSLXRMxF1B3OKdR9K/kccp # kvNcGl8D7YyYS4mhCUMBR+VLrg3f8PUj38A9V5aiY2/Jok7WZFOAmjPRNNGnyeg7 # l0lTiThFqE+2aOs6+heegqAdelGgNJKRHLWRuhGKuLIw5lkgx9Ky+QvZrn/Ddi8u # TIgWKp+MGG8xY6PBvvjgt9jQShlnPrZ3UY8Bvwy6rynhXBaV0V0TTL0gEx7eh/K1 # o8Miaru6s/7FyqOLeUS4vTHh9TgBL5DtxCYurXbSBVtL1Fj44+Od/6cmC9mmvrti # yG709Y3Rd3YdJj2f3GJq7Y7KdWq0QYhatKhBeg4fxjhg0yut2g6aM1mxjNPrE48z # 6HWCNGu9gMK5ZudldRw4a45Z06Aoktof0CqOyTErvq0YjoE4Xpa0+87T/PVUXNqf # 7Y+qSU7+9LtLQuMYR4w3cSPjuNusvLf9gBnch5RqM7kaDtYWDgLyB42EfsxeMqwK # WwA+TVi0HrWRqfSx2olbE56hJcEkMjOSKz3sRuupFCX3UroyYf52L+2iVTrda8XW # esPG62Mnn3T8AuLfzeJFuAbfOSERx7IFZO92UPoXE1uEjL5skl1yTZB3MubgOA4F # 8KoRNhviFAEST+nG8c8uIsbZeb08SeYQMqjVEmkwggd6MIIFYqADAgECAgphDpDS # AAAAAAADMA0GCSqGSIb3DQEBCwUAMIGIMQswCQYDVQQGEwJVUzETMBEGA1UECBMK # V2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0 # IENvcnBvcmF0aW9uMTIwMAYDVQQDEylNaWNyb3NvZnQgUm9vdCBDZXJ0aWZpY2F0 # ZSBBdXRob3JpdHkgMjAxMTAeFw0xMTA3MDgyMDU5MDlaFw0yNjA3MDgyMTA5MDla # MH4xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdS # ZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMT # H01pY3Jvc29mdCBDb2RlIFNpZ25pbmcgUENBIDIwMTEwggIiMA0GCSqGSIb3DQEB # AQUAA4ICDwAwggIKAoICAQCr8PpyEBwurdhuqoIQTTS68rZYIZ9CGypr6VpQqrgG # OBoESbp/wwwe3TdrxhLYC/A4wpkGsMg51QEUMULTiQ15ZId+lGAkbK+eSZzpaF7S # 35tTsgosw6/ZqSuuegmv15ZZymAaBelmdugyUiYSL+erCFDPs0S3XdjELgN1q2jz # y23zOlyhFvRGuuA4ZKxuZDV4pqBjDy3TQJP4494HDdVceaVJKecNvqATd76UPe/7 # 4ytaEB9NViiienLgEjq3SV7Y7e1DkYPZe7J7hhvZPrGMXeiJT4Qa8qEvWeSQOy2u # M1jFtz7+MtOzAz2xsq+SOH7SnYAs9U5WkSE1JcM5bmR/U7qcD60ZI4TL9LoDho33 # X/DQUr+MlIe8wCF0JV8YKLbMJyg4JZg5SjbPfLGSrhwjp6lm7GEfauEoSZ1fiOIl # XdMhSz5SxLVXPyQD8NF6Wy/VI+NwXQ9RRnez+ADhvKwCgl/bwBWzvRvUVUvnOaEP # 6SNJvBi4RHxF5MHDcnrgcuck379GmcXvwhxX24ON7E1JMKerjt/sW5+v/N2wZuLB # l4F77dbtS+dJKacTKKanfWeA5opieF+yL4TXV5xcv3coKPHtbcMojyyPQDdPweGF # RInECUzF1KVDL3SV9274eCBYLBNdYJWaPk8zhNqwiBfenk70lrC8RqBsmNLg1oiM # CwIDAQABo4IB7TCCAekwEAYJKwYBBAGCNxUBBAMCAQAwHQYDVR0OBBYEFEhuZOVQ # BdOCqhc3NyK1bajKdQKVMBkGCSsGAQQBgjcUAgQMHgoAUwB1AGIAQwBBMAsGA1Ud # DwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFHItOgIxkEO5FAVO # 4eqnxzHRI4k0MFoGA1UdHwRTMFEwT6BNoEuGSWh0dHA6Ly9jcmwubWljcm9zb2Z0 # LmNvbS9wa2kvY3JsL3Byb2R1Y3RzL01pY1Jvb0NlckF1dDIwMTFfMjAxMV8wM18y # Mi5jcmwwXgYIKwYBBQUHAQEEUjBQME4GCCsGAQUFBzAChkJodHRwOi8vd3d3Lm1p # Y3Jvc29mdC5jb20vcGtpL2NlcnRzL01pY1Jvb0NlckF1dDIwMTFfMjAxMV8wM18y # Mi5jcnQwgZ8GA1UdIASBlzCBlDCBkQYJKwYBBAGCNy4DMIGDMD8GCCsGAQUFBwIB # FjNodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2RvY3MvcHJpbWFyeWNw # cy5odG0wQAYIKwYBBQUHAgIwNB4yIB0ATABlAGcAYQBsAF8AcABvAGwAaQBjAHkA # XwBzAHQAYQB0AGUAbQBlAG4AdAAuIB0wDQYJKoZIhvcNAQELBQADggIBAGfyhqWY # 4FR5Gi7T2HRnIpsLlhHhY5KZQpZ90nkMkMFlXy4sPvjDctFtg/6+P+gKyju/R6mj # 82nbY78iNaWXXWWEkH2LRlBV2AySfNIaSxzzPEKLUtCw/WvjPgcuKZvmPRul1LUd # d5Q54ulkyUQ9eHoj8xN9ppB0g430yyYCRirCihC7pKkFDJvtaPpoLpWgKj8qa1hJ # Yx8JaW5amJbkg/TAj/NGK978O9C9Ne9uJa7lryft0N3zDq+ZKJeYTQ49C/IIidYf # wzIY4vDFLc5bnrRJOQrGCsLGra7lstnbFYhRRVg4MnEnGn+x9Cf43iw6IGmYslmJ # aG5vp7d0w0AFBqYBKig+gj8TTWYLwLNN9eGPfxxvFX1Fp3blQCplo8NdUmKGwx1j # NpeG39rz+PIWoZon4c2ll9DuXWNB41sHnIc+BncG0QaxdR8UvmFhtfDcxhsEvt9B # xw4o7t5lL+yX9qFcltgA1qFGvVnzl6UJS0gQmYAf0AApxbGbpT9Fdx41xtKiop96 # eiL6SJUfq/tHI4D1nvi/a7dLl+LrdXga7Oo3mXkYS//WsyNodeav+vyL6wuA6mk7 # r/ww7QRMjt/fdW1jkT3RnVZOT7+AVyKheBEyIXrvQQqxP/uozKRdwaGIm1dxVk5I # RcBCyZt2WwqASGv9eZ/BvW1taslScxMNelDNMYIVZzCCFWMCAQEwgZUwfjELMAkG # A1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQx # HjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEoMCYGA1UEAxMfTWljcm9z # b2Z0IENvZGUgU2lnbmluZyBQQ0EgMjAxMQITMwAAAlKLM6r4lfM52wAAAAACUjAN # BglghkgBZQMEAgEFAKCBrjAZBgkqhkiG9w0BCQMxDAYKKwYBBAGCNwIBBDAcBgor # BgEEAYI3AgELMQ4wDAYKKwYBBAGCNwIBFTAvBgkqhkiG9w0BCQQxIgQgM+IsTo5l # JKudPSHb91L8oPvAtavxOD/3TYfl2sgBNFgwQgYKKwYBBAGCNwIBDDE0MDKgFIAS # AE0AaQBjAHIAbwBzAG8AZgB0oRqAGGh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbTAN # BgkqhkiG9w0BAQEFAASCAQBNeGM9GcIAX58jVFJs6A636JVUY5rrJIURzq5qkYx8 # qSiWiNLXt6eP42kZ2LeYZRmtQhRZeo1+jHUbGjysB/GMKecQtyImmS0/akjHaGSl # A6yfp4slF3McBXmrAADErbHR9IAsxs+vtuxPmvsGAuJRExLIEiWFKH6WjjHfCa6U # 7gNGKxAdocGn4trTmjhYJCe9QSrnOksyAZ4/23ziuCoekMq4TJ3z5NXPefBMvCA7 # gsc47e5oS4i5KcmxMUf9BZp44IKm2iMR2AKYQr+F4mCBcNTiHA9tF70cbXRo+Tnr # VDOr6O2RQm8IfwrzADkJlJn3an3BVD1C/x2guTNQUKmsoYIS8TCCEu0GCisGAQQB # gjcDAwExghLdMIIS2QYJKoZIhvcNAQcCoIISyjCCEsYCAQMxDzANBglghkgBZQME # AgEFADCCAVUGCyqGSIb3DQEJEAEEoIIBRASCAUAwggE8AgEBBgorBgEEAYRZCgMB # MDEwDQYJYIZIAWUDBAIBBQAEIC+tzaWbD713l5Hw4KaovWBd+KANc3WJZVTIC6K5 # pYWwAgZiD/W7BYEYEzIwMjIwMzExMDkyMTE1LjcwMVowBIACAfSggdSkgdEwgc4x # CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRt # b25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xKTAnBgNVBAsTIE1p # Y3Jvc29mdCBPcGVyYXRpb25zIFB1ZXJ0byBSaWNvMSYwJAYDVQQLEx1UaGFsZXMg # VFNTIEVTTjpGODdBLUUzNzQtRDdCOTElMCMGA1UEAxMcTWljcm9zb2Z0IFRpbWUt # U3RhbXAgU2VydmljZaCCDkQwggT1MIID3aADAgECAhMzAAABY4tkxsmFlmV2AAAA # AAFjMA0GCSqGSIb3DQEBCwUAMHwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNo # aW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29y # cG9yYXRpb24xJjAkBgNVBAMTHU1pY3Jvc29mdCBUaW1lLVN0YW1wIFBDQSAyMDEw # MB4XDTIxMDExNDE5MDIyM1oXDTIyMDQxMTE5MDIyM1owgc4xCzAJBgNVBAYTAlVT # MRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQK # ExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xKTAnBgNVBAsTIE1pY3Jvc29mdCBPcGVy # YXRpb25zIFB1ZXJ0byBSaWNvMSYwJAYDVQQLEx1UaGFsZXMgVFNTIEVTTjpGODdB # LUUzNzQtRDdCOTElMCMGA1UEAxMcTWljcm9zb2Z0IFRpbWUtU3RhbXAgU2Vydmlj # ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK1xF/YSncl0YpL/qN2F # nfwjf0i8a+C4ELz5UZy3JOU54XH+rHv1y3LgKYGu3wrtNSEY4Hz5z6PRlEJvv7aK # 2tm7WvFSes7iLFhQ08DV4hVx5zF6ll5uN2ti2fJNZ6JDjMSVYuY/waYdNFo7N4l8 # x87/1STIob3PDiaqAoEZ1hEbmuRr44EKP/3RDgo/AY0o01zAF4k5Hvyrfz03GaJI # Z6EIIgbYbE6E2LX2cJZ963aNYPZLYVbNnTviO7p2eGHtaAkn08QrzW9pz1aGCTUl # DLRULnMiQVLNigaU1v8OTzv7alAInTlRfFLvPIV0JJ2SPq+wVLxPGhiVswErX98/ # szUCAwEAAaOCARswggEXMB0GA1UdDgQWBBQJNcrxdnJn7j8xWp9Gx5A+1989KTAf # BgNVHSMEGDAWgBTVYzpcijGQ80N7fEYbxTNoWoVtVTBWBgNVHR8ETzBNMEugSaBH # hkVodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL2NybC9wcm9kdWN0cy9NaWNU # aW1TdGFQQ0FfMjAxMC0wNy0wMS5jcmwwWgYIKwYBBQUHAQEETjBMMEoGCCsGAQUF # BzAChj5odHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL2NlcnRzL01pY1RpbVN0 # YVBDQV8yMDEwLTA3LTAxLmNydDAMBgNVHRMBAf8EAjAAMBMGA1UdJQQMMAoGCCsG # AQUFBwMIMA0GCSqGSIb3DQEBCwUAA4IBAQACiEGCB9eO4lPOjjICYfsTqam9IqdR # tMj20UBBVLhufvP9xvloI8LZ9wOPq4sCoJSdhMLawUWZd67vFlM/iBP+7Xkq109T # aeQSE4Nc9ueM15flEvao4ZtzGoWTcxpC+alYY0kVGIj6SxBSxnCkoZesT44WVITB # QL/43PmHxVAFD0C1cDzza5nv1CSiDvnZ4qNxpP6af9IYfKbJB4bJxBq52FZVQqR4 # dA6Na7H4sThh1AY/qYc6kzmSphUvEzCq5xPZ8+TlsoNNZYz6TAR6qnefT2D/3Dsn # 7XmO+wNjIi6AEWQJHaqwB7R5OWO7QJ7p07Rl/4TvkNMzvZl8BBSfX7YjMIIGcTCC # BFmgAwIBAgIKYQmBKgAAAAAAAjANBgkqhkiG9w0BAQsFADCBiDELMAkGA1UEBhMC # VVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNV # BAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEyMDAGA1UEAxMpTWljcm9zb2Z0IFJv # b3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwMTAwHhcNMTAwNzAxMjEzNjU1WhcN # MjUwNzAxMjE0NjU1WjB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3Rv # bjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0 # aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMDCCASIw # DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKkdDbx3EYo6IOz8E5f1+n9plGt0 # VBDVpQoAgoX77XxoSyxfxcPlYcJ2tz5mK1vwFVMnBDEfQRsalR3OCROOfGEwWbEw # RA/xYIiEVEMM1024OAizQt2TrNZzMFcmgqNFDdDq9UeBzb8kYDJYYEbyWEeGMoQe # dGFnkV+BVLHPk0ySwcSmXdFhE24oxhr5hoC732H8RsEnHSRnEnIaIYqvS2SJUGKx # Xf13Hz3wV3WsvYpCTUBR0Q+cBj5nf/VmwAOWRH7v0Ev9buWayrGo8noqCjHw2k4G # kbaICDXoeByw6ZnNPOcvRLqn9NxkvaQBwSAJk3jN/LzAyURdXhacAQVPIk0CAwEA # AaOCAeYwggHiMBAGCSsGAQQBgjcVAQQDAgEAMB0GA1UdDgQWBBTVYzpcijGQ80N7 # fEYbxTNoWoVtVTAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTALBgNVHQ8EBAMC # AYYwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBTV9lbLj+iiXGJo0T2UkFvX # zpoYxDBWBgNVHR8ETzBNMEugSaBHhkVodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20v # cGtpL2NybC9wcm9kdWN0cy9NaWNSb29DZXJBdXRfMjAxMC0wNi0yMy5jcmwwWgYI # KwYBBQUHAQEETjBMMEoGCCsGAQUFBzAChj5odHRwOi8vd3d3Lm1pY3Jvc29mdC5j # b20vcGtpL2NlcnRzL01pY1Jvb0NlckF1dF8yMDEwLTA2LTIzLmNydDCBoAYDVR0g # AQH/BIGVMIGSMIGPBgkrBgEEAYI3LgMwgYEwPQYIKwYBBQUHAgEWMWh0dHA6Ly93 # d3cubWljcm9zb2Z0LmNvbS9QS0kvZG9jcy9DUFMvZGVmYXVsdC5odG0wQAYIKwYB # BQUHAgIwNB4yIB0ATABlAGcAYQBsAF8AUABvAGwAaQBjAHkAXwBTAHQAYQB0AGUA # bQBlAG4AdAAuIB0wDQYJKoZIhvcNAQELBQADggIBAAfmiFEN4sbgmD+BcQM9naOh # IW+z66bM9TG+zwXiqf76V20ZMLPCxWbJat/15/B4vceoniXj+bzta1RXCCtRgkQS # +7lTjMz0YBKKdsxAQEGb3FwX/1z5Xhc1mCRWS3TvQhDIr79/xn/yN31aPxzymXlK # kVIArzgPF/UveYFl2am1a+THzvbKegBvSzBEJCI8z+0DpZaPWSm8tv0E4XCfMkon # /VWvL/625Y4zu2JfmttXQOnxzplmkIz/amJ/3cVKC5Em4jnsGUpxY517IW3DnKOi # PPp/fZZqkHimbdLhnPkd/DjYlPTGpQqWhqS9nhquBEKDuLWAmyI4ILUl5WTs9/S/ # fmNZJQ96LjlXdqJxqgaKD4kWumGnEcua2A5HmoDF0M2n0O99g/DhO3EJ3110mCII # YdqwUB5vvfHhAN/nMQekkzr3ZUd46PioSKv33nJ+YWtvd6mBy6cJrDm77MbL2IK0 # cs0d9LiFAR6A+xuJKlQ5slvayA1VmXqHczsI5pgt6o3gMy4SKfXAL1QnIffIrE7a # KLixqduWsqdCosnPGUFN4Ib5KpqjEWYw07t0MkvfY3v1mYovG8chr1m1rtxEPJdQ # cdeh0sVV42neV8HR3jDA/czmTfsNv11P6Z0eGTgvvM9YBS7vDaBQNdrvCScc1bN+ # NR4Iuto229Nfj950iEkSoYIC0jCCAjsCAQEwgfyhgdSkgdEwgc4xCzAJBgNVBAYT # AlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYD # VQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xKTAnBgNVBAsTIE1pY3Jvc29mdCBP # cGVyYXRpb25zIFB1ZXJ0byBSaWNvMSYwJAYDVQQLEx1UaGFsZXMgVFNTIEVTTjpG # ODdBLUUzNzQtRDdCOTElMCMGA1UEAxMcTWljcm9zb2Z0IFRpbWUtU3RhbXAgU2Vy # dmljZaIjCgEBMAcGBSsOAwIaAxUA7SxgHt1J3SqTTSqzLcrMGZQBYe+ggYMwgYCk # fjB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMH # UmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSYwJAYDVQQD # Ex1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMDANBgkqhkiG9w0BAQUFAAIF # AOXVehMwIhgPMjAyMjAzMTExMTM0NDNaGA8yMDIyMDMxMjExMzQ0M1owdzA9Bgor # BgEEAYRZCgQBMS8wLTAKAgUA5dV6EwIBADAKAgEAAgIXaQIB/zAHAgEAAgIRCjAK # AgUA5dbLkwIBADA2BgorBgEEAYRZCgQCMSgwJjAMBgorBgEEAYRZCgMCoAowCAIB # AAIDB6EgoQowCAIBAAIDAYagMA0GCSqGSIb3DQEBBQUAA4GBAKi8SRCMXdvK4JU7 # uzvook203/Rt2Qzez9foJ97+MmBkXIR89KP7euV8//8+kJXrQjHsowgH7EFC0lY5 # XoA7p/XqoAho5P8eYjT8NvZnnImMTr1qe/RqQNyXXu76pFXy+9EggPg7oMCDaf8d # IhRA/ancWNpM0o6QUKh+zwLOM/cnMYIDDTCCAwkCAQEwgZMwfDELMAkGA1UEBhMC # VVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNV # BAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRp # bWUtU3RhbXAgUENBIDIwMTACEzMAAAFji2TGyYWWZXYAAAAAAWMwDQYJYIZIAWUD # BAIBBQCgggFKMBoGCSqGSIb3DQEJAzENBgsqhkiG9w0BCRABBDAvBgkqhkiG9w0B # CQQxIgQgvREcSXrGOJjxBzj1PTIzLU7Zj0gMg/PqR+lWkNRROsowgfoGCyqGSIb3 # DQEJEAIvMYHqMIHnMIHkMIG9BCCcWd2XHaFjoSikKbi4y9AYBIpLBy9Rb16ns1Gr # EfQjajCBmDCBgKR+MHwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9u # MRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRp # b24xJjAkBgNVBAMTHU1pY3Jvc29mdCBUaW1lLVN0YW1wIFBDQSAyMDEwAhMzAAAB # Y4tkxsmFlmV2AAAAAAFjMCIEIElsCNKci/ozNQePlfiUBykM5uCj0p4X7oyPyJWf # HLZ2MA0GCSqGSIb3DQEBCwUABIIBAJ7YemhDcr5o6PV9/V6LkdW7uzYEIFM78ud5 # TbvR9ukns96nDC5Ra4EU1O7HO8XveTsMViQ6wkGQ5zOBAMtwr8TfiNl5dMSrtfst # f6KSTnF1zhuQXWQpfmkeSv7K2vSnWh/oqnt+7yf1Q+edma8X6SPDfylj25Dge4vr # 99d+zy1Kg8xP38c7adYdOY2Tvbhgp+fC3Mh97PN3sCu4sGZUpP3E6aqWMAabRssZ # CBQc0T5hI2r6lZLNJ1k9yX7Oatd0rJqg58pIZ10qM5coKo3h33GZLsZqTXpuDnZ/ # Inwi0gsrBuR52GxnE2FGhEwAMJ100AzMSppD230XnD0KUMN+qtc= # SIG # End signature block |