c_meyer/pxt-calliope
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
c6fa997f02
pxt-calliope/clients/win10/app/AppPackages/latest/Add-AppDevPackage.ps1

730 lines
60 KiB
PowerShell
Raw Normal View History

added build of windows app
2016-04-08 22:49:53 +02:00
<EFBFBD><EFBFBD>#
# Add-AppxDevPackage.ps1 is a PowerShell script designed to install app
# packages created by Visual Studio for developers. To run this script from
# Explorer, right-click on its icon and choose "Run with PowerShell".
#
# Visual Studio supplies this script in the folder generated with its
# "Prepare Package" command. The same folder will also contain the app
# package (a .appx file), the signing certificate (a .cer file), and a
# "Dependencies" subfolder containing all the framework packages used by the
# app.
#
# This script simplifies installing these packages by automating the
# following functions:
# 1. Find the app package and signing certificate in the script directory
# 2. Prompt the user to acquire a developer license and to install the
# certificate if necessary
# 3. Find dependency packages that are applicable to the operating system's
# CPU architecture
# 4. Install the package along with all applicable dependencies
#
# All command line parameters are reserved for use internally by the script.
# Users should launch this script from Explorer.
#
# .Link
# http://go.microsoft.com/fwlink/?LinkId=243053
param(
[switch]$Force = $false,
[switch]$GetDeveloperLicense = $false,
[string]$CertificatePath = $null
)
$ErrorActionPreference = "Stop"
# The language resources for this script are placed in the
# "Add-AppDevPackage.resources" subfolder alongside the script. Since the
# current working directory might not be the directory that contains the
# script, we need to create the full path of the resources directory to
# pass into Import-LocalizedData
$ScriptPath = $null
try
{
$ScriptPath = (Get-Variable MyInvocation).Value.MyCommand.Path
$ScriptDir = Split-Path -Parent $ScriptPath
}
catch {}
if (!$ScriptPath)
{
PrintMessageAndExit $UiStrings.ErrorNoScriptPath $ErrorCodes.NoScriptPath
}
$LocalizedResourcePath = Join-Path $ScriptDir "Add-AppDevPackage.resources"
Import-LocalizedData -BindingVariable UiStrings -BaseDirectory $LocalizedResourcePath
$ErrorCodes = Data {
ConvertFrom-StringData @'
Success = 0
NoScriptPath = 1
NoPackageFound = 2
ManyPackagesFound = 3
NoCertificateFound = 4
ManyCertificatesFound = 5
BadCertificate = 6
PackageUnsigned = 7
CertificateMismatch = 8
ForceElevate = 9
LaunchAdminFailed = 10
GetDeveloperLicenseFailed = 11
InstallCertificateFailed = 12
AddPackageFailed = 13
ForceDeveloperLicense = 14
CertUtilInstallFailed = 17
CertIsCA = 18
BannedEKU = 19
NoBasicConstraints = 20
NoCodeSigningEku = 21
InstallCertificateCancelled = 22
BannedKeyUsage = 23
ExpiredCertificate = 24
'@
}
function PrintMessageAndExit($ErrorMessage, $ReturnCode)
{
Write-Host $ErrorMessage
if (!$Force)
{
Pause
}
exit $ReturnCode
}
#
# Warns the user about installing certificates, and presents a Yes/No prompt
# to confirm the action. The default is set to No.
#
function ConfirmCertificateInstall
{
$Answer = $host.UI.PromptForChoice(
"",
$UiStrings.WarningInstallCert,
[System.Management.Automation.Host.ChoiceDescription[]]@($UiStrings.PromptYesString, $UiStrings.PromptNoString),
1)
return $Answer -eq 0
}
#
# Validates whether a file is a valid certificate using CertUtil.
# This needs to be done before calling Get-PfxCertificate on the file, otherwise
# the user will get a cryptic "Password: " prompt for invalid certs.
#
function ValidateCertificateFormat($FilePath)
{
# certutil -verify prints a lot of text that we don't need, so it's redirected to $null here
certutil.exe -verify $FilePath > $null
if ($LastExitCode -lt 0)
{
PrintMessageAndExit ($UiStrings.ErrorBadCertificate -f $FilePath, $LastExitCode) $ErrorCodes.BadCertificate
}
# Check if certificate is expired
$cert = Get-PfxCertificate $FilePath
if (($cert.NotBefore -gt (Get-Date)) -or ($cert.NotAfter -lt (Get-Date)))
{
PrintMessageAndExit ($UiStrings.ErrorExpiredCertificate -f $FilePath) $ErrorCodes.ExpiredCertificate
}
}
#
# Verify that the developer certificate meets the following restrictions:
# - The certificate must contain a Basic Constraints extension, and its
# Certificate Authority (CA) property must be false.
# - The certificate's Key Usage extension must be either absent, or set to
# only DigitalSignature.
# - The certificate must contain an Extended Key Usage (EKU) extension with
# Code Signing usage.
# - The certificate must NOT contain any other EKU except Code Signing and
# Lifetime Signing.
#
# These restrictions are enforced to decrease security risks that arise from
# trusting digital certificates.
#
function CheckCertificateRestrictions
{
Set-Variable -Name BasicConstraintsExtensionOid -Value "2.5.29.19" -Option Constant
Set-Variable -Name KeyUsageExtensionOid -Value "2.5.29.15" -Option Constant
Set-Variable -Name EkuExtensionOid -Value "2.5.29.37" -Option Constant
Set-Variable -Name CodeSigningEkuOid -Value "1.3.6.1.5.5.7.3.3" -Option Constant
Set-Variable -Name LifetimeSigningEkuOid -Value "1.3.6.1.4.1.311.10.3.13" -Option Constant
$CertificateExtensions = (Get-PfxCertificate $CertificatePath).Extensions
$HasBasicConstraints = $false
$HasCodeSigningEku = $false
foreach ($Extension in $CertificateExtensions)
{
# Certificate must contain the Basic Constraints extension
if ($Extension.oid.value -eq $BasicConstraintsExtensionOid)
{
# CA property must be false
if ($Extension.CertificateAuthority)
{
PrintMessageAndExit $UiStrings.ErrorCertIsCA $ErrorCodes.CertIsCA
}
$HasBasicConstraints = $true
}
# If key usage is present, it must be set to digital signature
elseif ($Extension.oid.value -eq $KeyUsageExtensionOid)
{
if ($Extension.KeyUsages -ne "DigitalSignature")
{
PrintMessageAndExit ($UiStrings.ErrorBannedKeyUsage -f $Extension.KeyUsages) $ErrorCodes.BannedKeyUsage
}
}
elseif ($Extension.oid.value -eq $EkuExtensionOid)
{
# Certificate must contain the Code Signing EKU
$EKUs = $Extension.EnhancedKeyUsages.Value
if ($EKUs -contains $CodeSigningEkuOid)
{
$HasCodeSigningEKU = $True
}
# EKUs other than code signing and lifetime signing are not allowed
foreach ($EKU in $EKUs)
{
if ($EKU -ne $CodeSigningEkuOid -and $EKU -ne $LifetimeSigningEkuOid)
{
PrintMessageAndExit ($UiStrings.ErrorBannedEKU -f $EKU) $ErrorCodes.BannedEKU
}
}
}
}
if (!$HasBasicConstraints)
{
PrintMessageAndExit $UiStrings.ErrorNoBasicConstraints $ErrorCodes.NoBasicConstraints
}
if (!$HasCodeSigningEKU)
{
PrintMessageAndExit $UiStrings.ErrorNoCodeSigningEku $ErrorCodes.NoCodeSigningEku
}
}
#
# Performs operations that require administrative privileges:
# - Prompt the user to obtain a developer license
# - Install the developer certificate (if -Force is not specified, also prompts the user to confirm)
#
function DoElevatedOperations
{
if ($GetDeveloperLicense)
{
Write-Host $UiStrings.GettingDeveloperLicense
if ($Force)
{
PrintMessageAndExit $UiStrings.ErrorForceDeveloperLicense $ErrorCodes.ForceDeveloperLicense
}
try
{
Show-WindowsDeveloperLicenseRegistration
}
catch
{
$Error[0] # Dump details about the last error
PrintMessageAndExit $UiStrings.ErrorGetDeveloperLicenseFailed $ErrorCodes.GetDeveloperLicenseFailed
}
}
if ($CertificatePath)
{
Write-Host $UiStrings.InstallingCertificate
# Make sure certificate format is valid and usage constraints are followed
ValidateCertificateFormat $CertificatePath
CheckCertificateRestrictions
# If -Force is not specified, warn the user and get consent
if ($Force -or (ConfirmCertificateInstall))
{
# Add cert to store
certutil.exe -addstore TrustedPeople $CertificatePath
if ($LastExitCode -lt 0)
{
PrintMessageAndExit ($UiStrings.ErrorCertUtilInstallFailed -f $LastExitCode) $ErrorCodes.CertUtilInstallFailed
}
}
else
{
PrintMessageAndExit $UiStrings.ErrorInstallCertificateCancelled $ErrorCodes.InstallCertificateCancelled
}
}
}
#
# Checks whether the machine is missing a valid developer license.
#
function CheckIfNeedDeveloperLicense
{
$Result = $true
try
{
$Result = (Get-WindowsDeveloperLicense | Where-Object { $_.IsValid }).Count -eq 0
}
catch {}
return $Result
}
#
# Launches an elevated process running the current script to perform tasks
# that require administrative privileges. This function waits until the
# elevated process terminates, and checks whether those tasks were successful.
#
function LaunchElevated
{
# Set up command line arguments to the elevated process
$RelaunchArgs = '-ExecutionPolicy Unrestricted -file "' + $ScriptPath + '"'
if ($Force)
{
$RelaunchArgs += ' -Force'
}
if ($NeedDeveloperLicense)
{
$RelaunchArgs += ' -GetDeveloperLicense'
}
if ($NeedInstallCertificate)
{
$RelaunchArgs += ' -CertificatePath "' + $DeveloperCertificatePath.FullName + '"'
}
# Launch the process and wait for it to finish
try
{
$AdminProcess = Start-Process "$PsHome\PowerShell.exe" -Verb RunAs -ArgumentList $RelaunchArgs -PassThru
}
catch
{
$Error[0] # Dump details about the last error
PrintMessageAndExit $UiStrings.ErrorLaunchAdminFailed $ErrorCodes.LaunchAdminFailed
}
while (!($AdminProcess.HasExited))
{
Start-Sleep -Seconds 2
}
# Check if all elevated operations were successful
if ($NeedDeveloperLicense)
{
if (CheckIfNeedDeveloperLicense)
{
PrintMessageAndExit $UiStrings.ErrorGetDeveloperLicenseFailed $ErrorCodes.GetDeveloperLicenseFailed
}
else
{
Write-Host $UiStrings.AcquireLicenseSuccessful
}
}
if ($NeedInstallCertificate)
{
$Signature = Get-AuthenticodeSignature $DeveloperPackagePath -Verbose
if ($Signature.Status -ne "Valid")
{
PrintMessageAndExit ($UiStrings.ErrorInstallCertificateFailed -f $Signature.Status) $ErrorCodes.InstallCertificateFailed
}
else
{
Write-Host $UiStrings.InstallCertificateSuccessful
}
}
}
#
# Finds all applicable dependency packages according to OS architecture, and
# installs the developer package with its dependencies. The expected layout
# of dependencies is:
#
# <current dir>
# \Dependencies
# <Architecture neutral dependencies>.appx
# \x86
# <x86 dependencies>.appx
# \x64
# <x64 dependencies>.appx
# \arm
# <arm dependencies>.appx
#
function InstallPackageWithDependencies
{
$DependencyPackagesDir = (Join-Path $ScriptDir "Dependencies")
$DependencyPackages = @()
if (Test-Path $DependencyPackagesDir)
{
# Get architecture-neutral dependencies
$DependencyPackages += Get-ChildItem (Join-Path $DependencyPackagesDir "*.appx") | Where-Object { $_.Mode -NotMatch "d" }
# Get architecture-specific dependencies
if (($Env:Processor_Architecture -eq "x86" -or $Env:Processor_Architecture -eq "amd64") -and (Test-Path (Join-Path $DependencyPackagesDir "x86")))
{
$DependencyPackages += Get-ChildItem (Join-Path $DependencyPackagesDir "x86\*.appx") | Where-Object { $_.Mode -NotMatch "d" }
}
if (($Env:Processor_Architecture -eq "amd64") -and (Test-Path (Join-Path $DependencyPackagesDir "x64")))
{
$DependencyPackages += Get-ChildItem (Join-Path $DependencyPackagesDir "x64\*.appx") | Where-Object { $_.Mode -NotMatch "d" }
}
if (($Env:Processor_Architecture -eq "arm") -and (Test-Path (Join-Path $DependencyPackagesDir "arm")))
{
$DependencyPackages += Get-ChildItem (Join-Path $DependencyPackagesDir "arm\*.appx") | Where-Object { $_.Mode -NotMatch "d" }
}
}
Write-Host $UiStrings.InstallingPackage
$AddPackageSucceeded = $False
try
{
if ($DependencyPackages.FullName.Count -gt 0)
{
Write-Host $UiStrings.DependenciesFound
$DependencyPackages.FullName
Add-AppxPackage -Path $DeveloperPackagePath.FullName -DependencyPath $DependencyPackages.FullName -ForceApplicationShutdown
}
else
{
Add-AppxPackage -Path $DeveloperPackagePath.FullName -ForceApplicationShutdown
}
$AddPackageSucceeded = $?
}
catch
{
$Error[0] # Dump details about the last error
}
if (!$AddPackageSucceeded)
{
if ($NeedInstallCertificate)
{
PrintMessageAndExit $UiStrings.ErrorAddPackageFailedWithCert $ErrorCodes.AddPackageFailed
}
else
{
PrintMessageAndExit $UiStrings.ErrorAddPackageFailed $ErrorCodes.AddPackageFailed
}
}
}
#
# Main script logic when the user launches the script without parameters.
#
function DoStandardOperations
{
# List all .appx files in the script directory
$PackagePath = Get-ChildItem (Join-Path $ScriptDir "*.appx") | Where-Object { $_.Mode -NotMatch "d" }
# List all .appxbundle files in the script directory
$BundlePath = Get-ChildItem (Join-Path $ScriptDir "*.appxbundle") | Where-Object { $_.Mode -NotMatch "d" }
$NumberOfPackages = $PackagePath.Count + $BundlePath.Count;
# There must be exactly 1 package/bundle
if ($NumberOfPackages -lt 1)
{
PrintMessageAndExit $UiStrings.ErrorNoPackageFound $ErrorCodes.NoPackageFound
}
elseif ($NumberOfPackages -gt 1)
{
PrintMessageAndExit $UiStrings.ErrorManyPackagesFound $ErrorCodes.ManyPackagesFound
}
if ($PackagePath.Count -eq 1)
{
$DeveloperPackagePath = $PackagePath
Write-Host ($UiStrings.PackageFound -f $DeveloperPackagePath.FullName)
}
else
{
$DeveloperPackagePath = $BundlePath
Write-Host ($UiStrings.BundleFound -f $DeveloperPackagePath.FullName)
}
# The package must be signed
$PackageSignature = Get-AuthenticodeSignature $DeveloperPackagePath
$PackageCertificate = $PackageSignature.SignerCertificate
if (!$PackageCertificate)
{
PrintMessageAndExit $UiStrings.ErrorPackageUnsigned $ErrorCodes.PackageUnsigned
}
# Test if the package signature is trusted. If not, the corresponding certificate
# needs to be present in the current directory and needs to be installed.
$NeedInstallCertificate = ($PackageSignature.Status -ne "Valid")
if ($NeedInstallCertificate)
{
# List all .cer files in the script directory
$DeveloperCertificatePath = Get-ChildItem (Join-Path $ScriptDir "*.cer") | Where-Object { $_.Mode -NotMatch "d" }
# There must be exactly 1 certificate
if ($DeveloperCertificatePath.Count -lt 1)
{
PrintMessageAndExit $UiStrings.ErrorNoCertificateFound $ErrorCodes.NoCertificateFound
}
elseif ($DeveloperCertificatePath.Count -gt 1)
{
PrintMessageAndExit $UiStrings.ErrorManyCertificatesFound $ErrorCodes.ManyCertificatesFound
}
Write-Host ($UiStrings.CertificateFound -f $DeveloperCertificatePath.FullName)
# The .cer file must have the format of a valid certificate
ValidateCertificateFormat $DeveloperCertificatePath
# The package signature must match the certificate file
if ($PackageCertificate -ne (Get-PfxCertificate $DeveloperCertificatePath))
{
PrintMessageAndExit $UiStrings.ErrorCertificateMismatch $ErrorCodes.CertificateMismatch
}
}
$NeedDeveloperLicense = CheckIfNeedDeveloperLicense
# Relaunch the script elevated with the necessary parameters if needed
if ($NeedDeveloperLicense -or $NeedInstallCertificate)
{
Write-Host $UiStrings.ElevateActions
if ($NeedDeveloperLicense)
{
Write-Host $UiStrings.ElevateActionDevLicense
}
if ($NeedInstallCertificate)
{
Write-Host $UiStrings.ElevateActionCertificate
}
$IsAlreadyElevated = ([Security.Principal.WindowsIdentity]::GetCurrent().Groups.Value -contains "S-1-5-32-544")
if ($IsAlreadyElevated)
{
if ($Force -and $NeedDeveloperLicense)
{
PrintMessageAndExit $UiStrings.ErrorForceDeveloperLicense $ErrorCodes.ForceDeveloperLicense
}
if ($Force -and $NeedInstallCertificate)
{
Write-Warning $UiStrings.WarningInstallCert
}
}
else
{
if ($Force)
{
PrintMessageAndExit $UiStrings.ErrorForceElevate $ErrorCodes.ForceElevate
}
else
{
Write-Host $UiStrings.ElevateActionsContinue
Pause
}
}
LaunchElevated
}
InstallPackageWithDependencies
}
#
# Main script entry point
#
if ($GetDeveloperLicense -or $CertificatePath)
{
DoElevatedOperations
}
else
{
DoStandardOperations
PrintMessageAndExit $UiStrings.Success $ErrorCodes.Success
}
# SIG # Begin signature block
# MIIiBAYJKoZIhvcNAQcCoIIh9TCCIfECAQExDzANBglghkgBZQMEAgEFADB5Bgor
# BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG
# KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCDr6TQeGU6q8Gc6
# 4UyJ3BErCSyDb5bOOr9muAPuxnPhgKCCC4MwggULMIID86ADAgECAhMzAAAAe6KB
# C4cRq+f8AAAAAAB7MA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMRMwEQYD
# VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy
# b3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNpZ25p
# bmcgUENBIDIwMTAwHhcNMTQxMDAxMTgwNjM4WhcNMTYwMTAxMTgwNjM4WjCBgzEL
# MAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1v
# bmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjENMAsGA1UECxMETU9Q
# UjEeMBwGA1UEAxMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMIIBIjANBgkqhkiG9w0B
# AQEFAAOCAQ8AMIIBCgKCAQEAvQcxxth2EB1eNeHpmIf/xHv5hBJHStPFJ2Zp22w2
# nNOhA3CXNR09AyJfXIEL50eYNUaSPv035IjaKWFTJMd9iXVt9WcwDtqZ40mvXhVE
# IyRFFgVmHcDac0t+/HxA4SPZKYlGHAvdNz8gd97MD7tIaeAXcx/qOxYqkhsujIJJ
# OKAqkfCh2w/3fWqRLgVrimZlJghs5DJOT5DL6br8nBYxqgjIsp4c8QsCsBZdlXxK
# m+7DAolGOmGJ8GwTtg1m3hcURkrTyXnyx34N2x22kH5gItwtcNicDAMnN6xc8ydI
# WviJIaR0Gj4Da8UiqTd9s2dNxuScWaOIuy/Ev/9DUf1zPQIDAQABo4IBejCCAXYw
# HwYDVR0lBBgwFgYIKwYBBQUHAwMGCisGAQQBgjc9BgEwHQYDVR0OBBYEFE8LE+6Q
# o6azvj+qlES88piRTzIdMFEGA1UdEQRKMEikRjBEMQ0wCwYDVQQLEwRNT1BSMTMw
# MQYDVQQFEyozODA3Nis2OGQyZjhiYi0wYTNiLTQwYjQtOWYyNC1lYjdlOTQxOWQx
# NjAwHwYDVR0jBBgwFoAU5vxfe7siAFjkck619CF0IzLm76wwVgYDVR0fBE8wTTBL
# oEmgR4ZFaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9jcmwvcHJvZHVjdHMv
# TWljQ29kU2lnUENBXzIwMTAtMDctMDYuY3JsMFoGCCsGAQUFBwEBBE4wTDBKBggr
# BgEFBQcwAoY+aHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9jZXJ0cy9NaWND
# b2RTaWdQQ0FfMjAxMC0wNy0wNi5jcnQwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0B
# AQsFAAOCAQEAL1QbJw93iIl4XlutFtrDwEs8JT/kMaquI7SOYeIwgVH+SI71MCMZ
# TcveYIhzmIcEQz3gi+6gC28dVa6Y0GeuADG+vu3thnUKkko63nE4tGH3wDvhMRbx
# /L8wYXp13zaEV3R/HaYCiukoMfWMkN+qWdGepYUmp+PAXFTl3dVd/4oxMTdbLf4t
# lx1QqOyGSAyRrbJmPB57RWEJrGfhfYInTwr8Sy7UF/mVMxF7qCYBPJJD5pngvKsK
# TXNRW3YSyiaJ1TXHutME/dy4jipqbcZXUUA9qjRIICpPnoFxyk1VhBpKePeG96WJ
# MV0lBi+tzLVoWe5RSzxIKyI2qxzQho7SiTCCBnAwggRYoAMCAQICCmEMUkwAAAAA
# AAMwDQYJKoZIhvcNAQELBQAwgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNo
# aW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29y
# cG9yYXRpb24xMjAwBgNVBAMTKU1pY3Jvc29mdCBSb290IENlcnRpZmljYXRlIEF1
# dGhvcml0eSAyMDEwMB4XDTEwMDcwNjIwNDAxN1oXDTI1MDcwNjIwNTAxN1owfjEL
# MAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1v
# bmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEoMCYGA1UEAxMfTWlj
# cm9zb2Z0IENvZGUgU2lnbmluZyBQQ0EgMjAxMDCCASIwDQYJKoZIhvcNAQEBBQAD
# ggEPADCCAQoCggEBAOkOZFB5Z7XE4/0JAEyelKz3VmjqRNjPxVhPqaV2fG1FutM5
# krSkHvn5ZYLkF9KP/UScCOhlk84sVYS/fQjjLiuoQSsYt6JLbklMaxUH3tHSwoke
# cZTNtX9LtK8I2MyI1msXlDqTziY/7Ob+NJhX1R1dSfayKi7VhbtZP/iQtCuDdMor
# sztG4/BGScEXZlTJHL0dxFViV3L4Z7klIDTeXaallV6rKIDN1bKe5QO1Y9OyFMjB
# yIomCll/B+z/Du2AEjVMEqa+Ulv1ptrgiwtId9aFR9UQucboqu6Lai0FXGDGtCpb
# nCMcX0XjGhQebzfLGTOAaolNo2pmY3iT1TDPlR8CAwEAAaOCAeMwggHfMBAGCSsG
# AQQBgjcVAQQDAgEAMB0GA1UdDgQWBBTm/F97uyIAWORyTrX0IXQjMubvrDAZBgkr
# BgEEAYI3FAIEDB4KAFMAdQBiAEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUw
# AwEB/zAfBgNVHSMEGDAWgBTV9lbLj+iiXGJo0T2UkFvXzpoYxDBWBgNVHR8ETzBN
# MEugSaBHhkVodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL2NybC9wcm9kdWN0
# cy9NaWNSb29DZXJBdXRfMjAxMC0wNi0yMy5jcmwwWgYIKwYBBQUHAQEETjBMMEoG
# CCsGAQUFBzAChj5odHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL2NlcnRzL01p
# Y1Jvb0NlckF1dF8yMDEwLTA2LTIzLmNydDCBnQYDVR0gBIGVMIGSMIGPBgkrBgEE
# AYI3LgMwgYEwPQYIKwYBBQUHAgEWMWh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9Q
# S0kvZG9jcy9DUFMvZGVmYXVsdC5odG0wQAYIKwYBBQUHAgIwNB4yIB0ATABlAGcA
# YQBsAF8AUABvAGwAaQBjAHkAXwBTAHQAYQB0AGUAbQBlAG4AdAAuIB0wDQYJKoZI
# hvcNAQELBQADggIBABp071dPKXvEFoV4uFDTIvwJnayCl/g0/yosl5US5eS/z7+T
# yOM0qduBuNweAL7SNW+v5X95lXflAtTx69jNTh4bYaLCWiMa8IyoYlFFZwjjPzwe
# k/gwhRfIOUCm1w6zISnlpaFpjCKTzHSY56FHQ/JTrMAPMGl//tIlIG1vYdPfB9XZ
# cgAsaYZ2PVHbpjlIyTdhbQfdUxnLp9Zhwr/ig6sP4GubldZ9KFGwiUpRpJpsyLcf
# ShoOaanX3MF+0Ulwqratu3JHYxf6ptaipobsqBBEm2O2smmJBsdGhnoYP+jFHSHV
# e/kCIy3FQcu/HUzIFu+xnH/8IktJim4V46Z/dlvRU3mRhZ3V0ts9czXzPK5UslJH
# asCqE5XSjhHamWdeMoz7N4XR3HWFnIfGWleFwr/dDY+Mmy3rtO7PJ9O1Xmn6pBYE
# AackZ3PPTU+23gVWl3r36VJN9HcFT4XG2Avxju1CCdENduMjVngiJja+yrGMbqod
# 5IXaRzNij6TJkTNfcR5Ar5hlySLoQiElihwtYNk3iUGJKhYP12E8lGhgUu/WR5mg
# gEDuFYF3PpzgUxgaUB04lZseZjMTJzkXeIc2zk7DX7L1PUdTtuDl2wthPSrXkizO
# N1o+QEIxpB8QCMJWnL8kXVECnWp50hfT2sGUjgd7JXFEqwZq5tTG3yOalnXFMYIV
# 1zCCFdMCAQEwgZUwfjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24x
# EDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlv
# bjEoMCYGA1UEAxMfTWljcm9zb2Z0IENvZGUgU2lnbmluZyBQQ0EgMjAxMAITMwAA
# AHuigQuHEavn/AAAAAAAezANBglghkgBZQMEAgEFAKCBwjAZBgkqhkiG9w0BCQMx
# DAYKKwYBBAGCNwIBBDAcBgorBgEEAYI3AgELMQ4wDAYKKwYBBAGCNwIBFTAvBgkq
# hkiG9w0BCQQxIgQgg/pZZeE/1C2B77fYHkoDT3MzZQ2kNQTNDAPsgcHASjMwVgYK
# KwYBBAGCNwIBDDFIMEagLIAqAEEAZABkAC0AQQBwAHAARABlAHYAUABhAGMAawBh
# AGcAZQAuAHAAcwAxoRaAFGh0dHA6Ly9taWNyb3NvZnQuY29tMA0GCSqGSIb3DQEB
# AQUABIIBAKDQ+pcbeSwP16osA/t0G2lHZOz4OTxlSF1Zz6lJdmVbZsllR71Ilu9f
# cawPoLXB2btJ1LG+Zdv2gy7pKPauY6Lj/LX3OPDErxeNx7PbQyBU4TXy4sxlz+ID
# 3E+g9IkghAHWEtvcHYSme9zX36ror8PEki6/fZpOXSEj60hy/tfxqJbQrvO5acxa
# TdJFUjJ0CxfxvWOXJrV12rdmCHadYClHekXfzs+TIFCNe4numqSUFioKtThD2kN5
# sMAZV42cA7oq7vZL0Y5QQtEAW7xl4ILB85BEfiZ0WoYaXiFmct/f2ksjmECD6X76
# uLI++TsuALzUhiZM8dbXeJsTxgVI0Y6hghNNMIITSQYKKwYBBAGCNwMDATGCEzkw
# ghM1BgkqhkiG9w0BBwKgghMmMIITIgIBAzEPMA0GCWCGSAFlAwQCAQUAMIIBPQYL
# KoZIhvcNAQkQAQSgggEsBIIBKDCCASQCAQEGCisGAQQBhFkKAwEwMTANBglghkgB
# ZQMEAgEFAAQga3GLIhcT+cLJR1a9038fzP+iV0W2u/5VFNdNCAkiFIMCBlV8Mf53
# rhgTMjAxNTA3MDcwNzI3MTYuMjAyWjAHAgEBgAIB9KCBuaSBtjCBszELMAkGA1UE
# BhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAc
# BgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjENMAsGA1UECxMETU9QUjEnMCUG
# A1UECxMebkNpcGhlciBEU0UgRVNOOjMxQzUtMzBCQS03QzkxMSUwIwYDVQQDExxN
# aWNyb3NvZnQgVGltZS1TdGFtcCBTZXJ2aWNloIIO0DCCBnEwggRZoAMCAQICCmEJ
# gSoAAAAAAAIwDQYJKoZIhvcNAQELBQAwgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
# EwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3Nv
# ZnQgQ29ycG9yYXRpb24xMjAwBgNVBAMTKU1pY3Jvc29mdCBSb290IENlcnRpZmlj
# YXRlIEF1dGhvcml0eSAyMDEwMB4XDTEwMDcwMTIxMzY1NVoXDTI1MDcwMTIxNDY1
# NVowfDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcT
# B1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UE
# AxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAgUENBIDIwMTAwggEiMA0GCSqGSIb3DQEB
# AQUAA4IBDwAwggEKAoIBAQCpHQ28dxGKOiDs/BOX9fp/aZRrdFQQ1aUKAIKF++18
# aEssX8XD5WHCdrc+Zitb8BVTJwQxH0EbGpUdzgkTjnxhMFmxMEQP8WCIhFRDDNdN
# uDgIs0Ldk6zWczBXJoKjRQ3Q6vVHgc2/JGAyWGBG8lhHhjKEHnRhZ5FfgVSxz5NM
# ksHEpl3RYRNuKMYa+YaAu99h/EbBJx0kZxJyGiGKr0tkiVBisV39dx898Fd1rL2K
# Qk1AUdEPnAY+Z3/1ZsADlkR+79BL/W7lmsqxqPJ6Kgox8NpOBpG2iAg16HgcsOmZ
# zTznL0S6p/TcZL2kAcEgCZN4zfy8wMlEXV4WnAEFTyJNAgMBAAGjggHmMIIB4jAQ
# BgkrBgEEAYI3FQEEAwIBADAdBgNVHQ4EFgQU1WM6XIoxkPNDe3xGG8UzaFqFbVUw
# GQYJKwYBBAGCNxQCBAweCgBTAHUAYgBDAEEwCwYDVR0PBAQDAgGGMA8GA1UdEwEB
# /wQFMAMBAf8wHwYDVR0jBBgwFoAU1fZWy4/oolxiaNE9lJBb186aGMQwVgYDVR0f
# BE8wTTBLoEmgR4ZFaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9jcmwvcHJv
# ZHVjdHMvTWljUm9vQ2VyQXV0XzIwMTAtMDYtMjMuY3JsMFoGCCsGAQUFBwEBBE4w
# TDBKBggrBgEFBQcwAoY+aHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9jZXJ0
# cy9NaWNSb29DZXJBdXRfMjAxMC0wNi0yMy5jcnQwgaAGA1UdIAEB/wSBlTCBkjCB
# jwYJKwYBBAGCNy4DMIGBMD0GCCsGAQUFBwIBFjFodHRwOi8vd3d3Lm1pY3Jvc29m
# dC5jb20vUEtJL2RvY3MvQ1BTL2RlZmF1bHQuaHRtMEAGCCsGAQUFBwICMDQeMiAd
# AEwAZQBnAGEAbABfAFAAbwBsAGkAYwB5AF8AUwB0AGEAdABlAG0AZQBuAHQALiAd
# MA0GCSqGSIb3DQEBCwUAA4ICAQAH5ohRDeLG4Jg/gXEDPZ2joSFvs+umzPUxvs8F
# 4qn++ldtGTCzwsVmyWrf9efweL3HqJ4l4/m87WtUVwgrUYJEEvu5U4zM9GASinbM
# QEBBm9xcF/9c+V4XNZgkVkt070IQyK+/f8Z/8jd9Wj8c8pl5SpFSAK84Dxf1L3mB
# ZdmptWvkx872ynoAb0swRCQiPM/tA6WWj1kpvLb9BOFwnzJKJ/1Vry/+tuWOM7ti
# X5rbV0Dp8c6ZZpCM/2pif93FSguRJuI57BlKcWOdeyFtw5yjojz6f32WapB4pm3S
# 4Zz5Hfw42JT0xqUKloakvZ4argRCg7i1gJsiOCC1JeVk7Pf0v35jWSUPei45V3ai
# caoGig+JFrphpxHLmtgOR5qAxdDNp9DvfYPw4TtxCd9ddJgiCGHasFAeb73x4QDf
# 5zEHpJM692VHeOj4qEir995yfmFrb3epgcunCaw5u+zGy9iCtHLNHfS4hQEegPsb
# iSpUObJb2sgNVZl6h3M7COaYLeqN4DMuEin1wC9UJyH3yKxO2ii4sanblrKnQqLJ
# zxlBTeCG+SqaoxFmMNO7dDJL32N79ZmKLxvHIa9Zta7cRDyXUHHXodLFVeNp3lfB
# 0d4wwP3M5k37Db9dT+mdHhk4L7zPWAUu7w2gUDXa7wknHNWzfjUeCLraNtvTX4/e
# dIhJEjCCBNowggPCoAMCAQICEzMAAABVbp3aWqbzHFsAAAAAAFUwDQYJKoZIhvcN
# AQELBQAwfDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNV
# BAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQG
# A1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAgUENBIDIwMTAwHhcNMTUwMzIwMTcz
# MjI4WhcNMTYwNjIwMTczMjI4WjCBszELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldh
# c2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBD
# b3Jwb3JhdGlvbjENMAsGA1UECxMETU9QUjEnMCUGA1UECxMebkNpcGhlciBEU0Ug
# RVNOOjMxQzUtMzBCQS03QzkxMSUwIwYDVQQDExxNaWNyb3NvZnQgVGltZS1TdGFt
# cCBTZXJ2aWNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1/j0bMVw
# Mfdo8G+OG7hP8ABk900fyishbHIEvu1LeWVAAcxS+06/sZTTeegnxAg1E6U+67+V
# V3hlntvik+5zJk4mHpiCXIN1EXfPKYHaybbypADOdOwv/d3A6VnwmgXy7njIFkmu
# LI9/gu73mRNVVO0XH0fY/Q3KEjxIfopZQcodSGQTBb1auzNgT9jV3kBv3hEJk2Rq
# EPhH6TguzZCsEl2VrHfUAqn1OQHF2TYhEo3Hdc5J5tkuk2RPhtA27ioIgFFGsXFz
# K8E6Ox+QWJ7lJQkPBZuGCAMelxxjtV9xB81KWnJJx1BLavTQUtcXsyn/wGft79It
# MpMhiuWJKiF8hQIDAQABo4IBGzCCARcwHQYDVR0OBBYEFNh/BAqfB0hvgXCe2iFn
# ZGwg8fFuMB8GA1UdIwQYMBaAFNVjOlyKMZDzQ3t8RhvFM2hahW1VMFYGA1UdHwRP
# ME0wS6BJoEeGRWh0dHA6Ly9jcmwubWljcm9zb2Z0LmNvbS9wa2kvY3JsL3Byb2R1
# Y3RzL01pY1RpbVN0YVBDQV8yMDEwLTA3LTAxLmNybDBaBggrBgEFBQcBAQROMEww
# SgYIKwYBBQUHMAKGPmh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvY2VydHMv
# TWljVGltU3RhUENBXzIwMTAtMDctMDEuY3J0MAwGA1UdEwEB/wQCMAAwEwYDVR0l
# BAwwCgYIKwYBBQUHAwgwDQYJKoZIhvcNAQELBQADggEBAE3KrSoIJv63eF2rk5BI
# zqMNoLWz3Zq8ZmpWt74xtWn/mRCPdPpzp5FU7UHRQPWTi0KfPdCyIzL/7aT2xwD1
# DsKHWq5cZM8wk148WdNcL5lzaSUYV1Pa+N1k8PHKW6twShJNwemdXpAs6Qf42qG8
# zdT1Q1oMTVD/htsEZMgXsAYbLcPt2qObj+hBeBjrwXincK5+OP9IDZwfilDjwrMy
# xgEYslXK5FV/20OsDXXdd04Cy4iER2/6ZQZbDw2jVsBBXojHovcha9Mo1rF/LRho
# Cu/8+2gZRhO5XFBlnG5HHzhu6FfLiY9QqAWrPQzlCXL57cgwDuAEE2EFglNrZhxq
# bsihggN5MIICYQIBATCB46GBuaSBtjCBszELMAkGA1UEBhMCVVMxEzARBgNVBAgT
# Cldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29m
# dCBDb3Jwb3JhdGlvbjENMAsGA1UECxMETU9QUjEnMCUGA1UECxMebkNpcGhlciBE
# U0UgRVNOOjMxQzUtMzBCQS03QzkxMSUwIwYDVQQDExxNaWNyb3NvZnQgVGltZS1T
# dGFtcCBTZXJ2aWNloiUKAQEwCQYFKw4DAhoFAAMVAFHpRafJtX+xSpIXeJVCW0wt
# TWbOoIHCMIG/pIG8MIG5MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3Rv
# bjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0
# aW9uMQ0wCwYDVQQLEwRNT1BSMScwJQYDVQQLEx5uQ2lwaGVyIE5UUyBFU046NTdG
# Ni1DMUUwLTU1NEMxKzApBgNVBAMTIk1pY3Jvc29mdCBUaW1lIFNvdXJjZSBNYXN0
# ZXIgQ2xvY2swDQYJKoZIhvcNAQEFBQACBQDZRZrdMCIYDzIwMTUwNzA3MDAyNTAx
# WhgPMjAxNTA3MDgwMDI1MDFaMHcwPQYKKwYBBAGEWQoEATEvMC0wCgIFANlFmt0C
# AQAwCgIBAAICBQ4CAf8wBwIBAAICGGQwCgIFANlG7F0CAQAwNgYKKwYBBAGEWQoE
# AjEoMCYwDAYKKwYBBAGEWQoDAaAKMAgCAQACAxbjYKEKMAgCAQACAwehIDANBgkq
# hkiG9w0BAQUFAAOCAQEAEHwQjcul/gWoMwu1rC5yuuS5nKZOPSzxwXrea7NZuW5Q
# wLej7PJZD9BKIFRBMB4neHuDrztS1j6yO2Xiz5L+v81Qo1QbJo9y2HZ+qsmGW0tD
# AhVEj9osTqOr/lAQaSdzNkDLwpeXZ2p+IqkR9bqNZHU1+5HLVDSMUWp/vpLcBM8c
# 1ZUpoDO4cfF2hYZFoatfVTaZm1E1hAgwwTGrjYe1HXfhAMYNHldvQY8K25fD6qX0
# QVIAK8bauoR5DmLEy7JkgcPLuBJkuhVWf61BdRlpRLXGvtjKaORM1GeonCEiQMGx
# epOmIXdc3Yi8evU7SfU8tGY5Uz3KPTDqdCOMBQd5FDGCAvUwggLxAgEBMIGTMHwx
# CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRt
# b25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMTHU1p
# Y3Jvc29mdCBUaW1lLVN0YW1wIFBDQSAyMDEwAhMzAAAAVW6d2lqm8xxbAAAAAABV
# MA0GCWCGSAFlAwQCAQUAoIIBMjAaBgkqhkiG9w0BCQMxDQYLKoZIhvcNAQkQAQQw
# LwYJKoZIhvcNAQkEMSIEIC1j9DNnBuluvmahADk9fGuYYc43oe0b/jS33DaxpIJL
# MIHiBgsqhkiG9w0BCRACDDGB0jCBzzCBzDCBsQQUUelFp8m1f7FKkhd4lUJbTC1N
# Zs4wgZgwgYCkfjB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQ
# MA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9u
# MSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMAITMwAAAFVu
# ndpapvMcWwAAAAAAVTAWBBSYIfH+TGx9K25tT4ewfGEfRSTMiDANBgkqhkiG9w0B
# AQsFAASCAQCbE0yZfHlpYX+qONo65NWGRclIcQoZdLgofXWyCrKLs/wN1S4tPeRR
# xWV+ehi7CVdpbh3aqg2YEdhzTv78trYbJdRh/xNIrGkXtYYxtAYVbUQahee56EQk
# ajnTeLvC37+KzLnvQBC22V9Sze32MRVdBAPea3t5WwdIBmiYyp/9XkMcBFfieecz
# wd+PFLfsphBmB7vYriY/ncx3gtY2/R0i4uSXaCC45PCFu6V2bU0AJNU+/5J8KpEz
# oVcfzSlPf1JApyaGOG9mhwqwtK+VjyDuWIQcJnl/SHt8VJdcmmRrPiFSjJ59b4DC
# gtDErCEDM1/xIa7qaBg3S1hh1KJTHIyg
# SIG # End signature block
Reference in New Issue Copy Permalink