????
Your IP : 18.188.246.41
param(
[parameter(Mandatory = $false)]
$siteName,
[parameter(Mandatory = $false)]
$sitePhysicalPath,
[parameter(Mandatory = $false)]
$siteAppPoolName,
[parameter(Mandatory = $false)]
[int]$sitePort,
[parameter(Mandatory = $false)]
$deploymentUserName,
[parameter(Mandatory = $false)]
$deploymentUserPassword,
[parameter(Mandatory = $false)]
$managedRunTimeVersion,
[parameter(Mandatory = $false)]
$publishSettingSavePath,
[parameter(Mandatory = $false)]
$publishSettingFileName
)
Import-LocalizedData -BindingVariable Resources -FileName Resources.psd1
# ==================================
#constants
$SCRIPTERROR = 0
$WARNING = 1
$INFO = 2
$logfile = ".\HostingLog-$(get-date -format MMddyyHHmmss).log"
$template = @"
<?xml version="1.0" encoding="utf-8"?>
<publishData>
<publishProfile
publishUrl=""
msdeploySite=""
destinationAppUrl=""
mySQLDBConnectionString=""
SQLServerDBConnectionString=""
profileName="Default Settings"
publishMethod="MSDeploy"
userName=""
userPWD=""
savePWD="True"
/>
</publishData>
"@
#the order is important. Check for apppool name first. Its possible that
#the user gave just a sitename to set permissions. In this case leave apppool emtpy.
#else give a default name to the apppool.
if(!$siteAppPoolName)
{
if(!$siteName)
{
$siteAppPoolName = "WDeployAppPool"
}
}
else
{
$siteAppPoolName = $siteAppPoolName.Trim()
}
#now the sitename check. If its empty give it a default name
if(!$siteName)
{
$siteName = "WDeploySite"
}
else
{
$siteName = $siteName.Trim()
}
if(!$sitePhysicalPath)
{
$sitePhysicalPath = $env:SystemDrive + "\inetpub\WDeploySite"
}
else
{
$sitePhysicalPath = $sitePhysicalPath.Trim()
}
#global variable. Because we need to return two values from MWA from one function. [REF] has bugs. Hence global
$global:sitePath = $sitePhysicalPath
$global:publishURL = $null
# this function does logging
function write-log([int]$type, [string]$info){
$message = $info -f $args
$logMessage = get-date -format HH:mm:ss
Switch($type)
{
$SCRIPTERROR
{
$logMessage = $logMessage + "`t" + $Resources.Error + "`t" + $message
write-host -foregroundcolor white -backgroundcolor red $logMessage
}
$WARNING
{
$logMessage = $logMessage + "`t" + $Resources.Warning + "`t" + $message
write-host -foregroundcolor black -backgroundcolor yellow $logMessage
}
default
{
$logMessage = $logMessage + "`t" + $Resources.Info + "`t" + $message
write-host -foregroundcolor black -backgroundcolor green $logMessage
}
}
$logMessage >> $logfile
}
function GetPublishSettingSavePath()
{
if(!$publishSettingFileName)
{
$publishSettingFileName = "WDeploy.PublishSettings"
}
if(!$publishSettingSavePath)
{
$publishSettingSavePath = [System.Environment]::GetFolderPath("Desktop")
}
if((test-path $publishSettingSavePath) -eq $false)
{
write-log $SCRIPTERROR $Resources.FailedToAccessScriptsFolder $publishSettingSavePath
return $null
}
return Join-Path $publishSettingSavePath $publishSettingFileName
}
# returns false if OS is not server SKU
function NotServerOS
{
$sku = $((gwmi win32_operatingsystem).OperatingSystemSKU)
# To account for future new SKUs, we instead keep a list of SKUs that we know are not Server SKUs
# See https://msdn.microsoft.com/en-us/library/aa394239(v=vs.85).aspx for the list of Windows SKUs
$non_server_skus = @(1, 2, 3, 4, 6, 11, 27, 28, 97, 101, 103, 104, 123)
return ($non_server_skus -contains $sku)
}
# gives a user access to an IIS site's scope
function GrantAccessToSiteScope($username, $websiteName)
{
trap [Exception]
{
write-log $SCRIPTERROR $Resources.FailedToGrantUserAccessToSite $username $websiteName
return $false
}
foreach($mInfo in [Microsoft.Web.Management.Server.ManagementAuthorization]::GetAuthorizedUsers($websiteName, $false, 0,[int]::MaxValue))
{
if($mInfo.Name -eq $username)
{
write-log $INFO $Resources.UserHasAccessToSite $username $websiteName
return $true
}
}
[Microsoft.Web.Management.Server.ManagementAuthorization]::Grant($username, $websiteName, $FALSE) | out-null
write-log $INFO $Resources.GrantedUserAccessToSite $username $websiteName
return $true
}
# gives a user permissions to a file on disk
function GrantPermissionsOnDisk($username, $type, $options)
{
trap [Exception]
{
write-log $SCRIPTERROR $Resources.NotGrantedPermissions $type $username $global:sitePath
}
$acl = (Get-Item $global:sitePath).GetAccessControl("Access")
$accessrule = New-Object system.security.AccessControl.FileSystemAccessRule($username, $type, $options, "None", "Allow")
$acl.AddAccessRule($accessrule)
set-acl -aclobject $acl $global:sitePath
write-log $INFO $Resources.GrantedPermissions $type $username $global:sitePath
}
function AddUser($username, $password)
{
if(-not (CheckLocalUserExists($username) -eq $true))
{
$comp = [adsi] "WinNT://$env:computername,computer"
$user = $comp.Create("User", $username)
$user.SetPassword($password)
$user.SetInfo()
write-log $INFO $Resources.CreatedUser $username
}
}
function CheckLocalUserExists($username)
{
$objComputer = [ADSI]("WinNT://$env:computername")
$colUsers = ($objComputer.psbase.children | Where-Object {$_.psBase.schemaClassName -eq "User"} | Select-Object -expand Name)
$blnFound = $colUsers -contains $username
if ($blnFound)
{
return $true
}
else
{
return $false
}
}
function CheckIfUserIsAdmin($username)
{
$computer = [ADSI]("WinNT://$env:computername,computer")
$group = $computer.psbase.children.find("Administrators")
$colMembers = $group.psbase.invoke("Members") | %{$_.GetType().InvokeMember("Name",'GetProperty',$null,$_,$null)}
$bIsMember = $colMembers -contains $username
if($bIsMember)
{
return $true
}
else
{
return $false
}
}
function CreateLocalUser($username, $password, $isAdmin)
{
AddUser $username $password
if($isAdmin)
{
if(-not(CheckIfUserIsAdmin($username) -eq $true))
{
$group = [ADSI]"WinNT://$env:computername/Administrators,group"
$group.add("WinNT://$env:computername/$username")
write-log $INFO $Resources.AddedUserAsAdmin $username
}
else
{
write-log $INFO $Resources.IsAdmin $username
}
}
return $true
}
function Initialize
{
trap [Exception]
{
write-log $SCRIPTERROR $Resources.CheckIIS7Installed
break
}
$inetsrvPath = ${env:windir} + "\system32\inetsrv\"
[System.Reflection.Assembly]::LoadFrom( $inetsrvPath + "Microsoft.Web.Administration.dll" ) > $null
[System.Reflection.Assembly]::LoadFrom( $inetsrvPath + "Microsoft.Web.Management.dll" ) > $null
}
function GetPublicHostname()
{
$ipProperties = [System.Net.NetworkInformation.IPGlobalProperties]::GetIPGlobalProperties()
if($ipProperties.DomainName -eq "")
{
return $ipProperties.HostName
}
else
{
return "{0}.{1}" -f $ipProperties.HostName, $ipProperties.DomainName
}
}
function GenerateStrongPassword()
{
[System.Reflection.Assembly]::LoadWithPartialName("System.Web") > $null
return [System.Web.Security.Membership]::GeneratePassword(16,6)
}
function GetPublishURLFromBindingInfo($bindingInfo, $protocol, $hostname)
{
$port = 80
trap [Exception]
{
#return defaults
return "http://$hostname"
}
if(($bindingInfo -match "(.*):(\d*):([^:]*)$") -and
($Matches.Count -eq 4 ))
{
$port = $Matches[2]
$header = $Matches[3]
$ipaddress = $Matches[1]
if($header)
{
$hostname = $header
}
elseif(($ipaddress) -AND (-not($ipaddress -eq "*")))
{
$bracketsArray = @('[',']')
$hostname = $ipaddress.Trim($bracketsArray)
}
if(-not($port -eq 80))
{
$hostname = $hostname + ":" + $port
}
}
return $protocol + "://" + $hostname
}
function GetUnusedPortForSiteBinding()
{
[int[]] $portArray = $null
$serverManager = (New-Object Microsoft.Web.Administration.ServerManager)
foreach($site in $serverManager.Sites)
{
foreach($binding in $site.Bindings)
{
if($binding.IsIPPortHostBinding)
{
if($binding.Protocol -match "https?")
{
if(($binding.BindingInformation -match "(.*):(\d*):([^:]*)$") -and
($Matches.Count -eq 4 ))
{
$portArray = $portArray + $Matches[2]
}
}
}
}
}
if(-not($portArray -eq $null))
{
$testPortArray = 8080..8200
foreach($port in $testPortArray)
{
if($portArray -notcontains $port)
{
return $port
}
}
}
return 8081 #default
}
function CreateSite($name, $appPoolName, $port, $dotnetVersion)
{
trap [Exception]
{
write-log $SCRIPTERROR $Resources.SiteCreationFailed
return $false
}
$hostname = GetPublicHostName
$global:publishURL = "http://$hostname"
if(-not($port -eq 80))
{
$global:publishURL = $global:publishURL + ":" + $port
}
$configHasChanges = $false
$serverManager = (New-Object Microsoft.Web.Administration.ServerManager)
#appPool might be empty. WHen the user gave just a site name to
#set the permissions on. As long as the sitename is not empty
if($appPoolName)
{
$appPool = $serverManager.ApplicationPools[$appPoolName]
if ($appPool -eq $null)
{
$appPool = $serverManager.ApplicationPools.Add($appPoolName)
$appPool.Enable32BitAppOnWin64 = $true
if( ($dotnetVersion) -and
(CheckVersionWithinAllowedRange $dotnetVersion) )
{
$appPool.ManagedRuntimeVersion = $dotnetVersion
}
$configHasChanges = $true
write-log $INFO $Resources.AppPoolCreated $appPoolName
}
else
{
write-log $WARNING $Resources.AppPoolExists $appPoolName
}
}
$newSite = $serverManager.Sites[$name]
if ($newSite -eq $null)
{
$newSite = $serverManager.Sites.Add($name,$global:sitePath, $port)
if($appPool)
{
$newSite.Applications[0].ApplicationPoolName = $appPool.Name
}
if((test-path $global:sitePath) -eq $false)
{
[System.IO.Directory]::CreateDirectory($global:sitePath)
}
else
{
write-log $WARNING $Resources.SiteVirtualDirectoryExists $global:sitePath
}
$newSite.ServerAutoStart = $true
$configHasChanges = $true
write-log $INFO $Resources.SiteCreated $name
}
else
{
#get virtual directory and siteport
$global:sitePath = [System.Environment]::ExpandEnvironmentVariables($newSite.Applications["/"].VirtualDirectories["/"].PhysicalPath)
foreach($binding in $newSite.Bindings)
{
if($binding.IsIPPortHostBinding)
{
if($binding.Protocol -match "https?")
{
$global:publishURL = GetPublishURLFromBindingInfo $binding.BindingInformation $binding.Protocol $hostname
}
}
}
if($appPoolName)
{
if (-not($newSite.Applications[0].ApplicationPoolName -eq $appPool.Name ))
{
$newSite.Applications[0].ApplicationPoolName = $appPool.Name
$configHasChanges = $true
write-log $INFO $Resources.SiteAppPoolUpdated $name $appPoolName
}
else
{
write-log $INFO $Resources.SiteExists $name $appPoolName
}
}
else
{
write-log $INFO $Resources.SiteExists $name $newSite.Applications[0].ApplicationPoolName
}
}
if ($configHasChanges)
{
$serverManager.CommitChanges()
}
return $true
}
function CheckUserViaLogon($username, $password)
{
$signature = @'
[DllImport("advapi32.dll")]
public static extern int LogonUser(
string lpszUserName,
string lpszDomain,
string lpszPassword,
int dwLogonType,
int dwLogonProvider,
ref IntPtr phToken);
'@
$type = Add-Type -MemberDefinition $signature -Name Win32Utils -Namespace LogOnUser -PassThru
[IntPtr]$token = [IntPtr]::Zero
$value = $type::LogOnUser($username, $env:computername, $password, 2, 0, [ref] $token)
if($value -eq 0)
{
return $false
}
return $true
}
function CheckUsernamePasswordCombination($user, $password)
{
if(($user) -AND ($password))
{
if(CheckLocalUserExists($user) -eq $true)
{
if(CheckUserViaLogon $user $password)
{
return $true
}
else
{
write-Log $SCRIPTERROR $Resources.FailedToValidateUserWithSpecifiedPassword $user
return $false
}
}
}
return $true
}
function CreateProfileXml([string]$nameofSite, [string]$username, $password, [string]$hostname, $pathToSaveFile)
{
trap [Exception]
{
write-log $SCRIPTERROR $Resources.FailedToWritePublishSettingsFile $pathToSaveFile
return
}
$xml = New-Object xml
if(Test-Path $pathToSaveFile)
{
$xml.Load($pathToSaveFile)
}
else
{
$xml.LoadXml($template)
}
$newProfile = (@($xml.publishData.publishProfile)[0])
$newProfile.publishUrl = $hostname
$newProfile.msdeploySite = $nameofSite
$newProfile.destinationAppUrl = $global:publishURL.ToString()
$newProfile.userName = $username
if(-not ($password -eq $null))
{
$newProfile.userPWD = $password.ToString()
}
else
{
write-log $WARNING $Resources.NoPasswordForExistingUserForPublish
}
$xml.Save($pathToSaveFile)
write-log $INFO $Resources.SavingPublishXmlToPath $pathToSaveFile
}
function CheckVersionWithinAllowedRange($managedVersion)
{
trap [Exception]
{
return $false
}
$KeyPath = "HKLM:\Software\Microsoft\.NETFramework"
$key = Get-ItemProperty -path $KeyPath
$path = $key.InstallRoot
$files = [System.IO.Directory]::GetFiles($path, "mscorlib.dll", [System.IO.SearchOption]::AllDirectories)
foreach($file in $files)
{
if($file -match "\\(v\d\.\d).\d*\\")
{
if($Matches[1] -eq $managedVersion)
{
return $true
}
}
}
return $false
}
#================= Main Script =================
if(NotServerOS)
{
write-log $SCRIPTERROR $Resources.NotServerOS
break
}
Initialize
if(CheckUsernamePasswordCombination $deploymentUserName $deploymentUserPassword)
{
if(!$sitePort)
{
$sitePort = GetUnusedPortForSiteBinding
}
if(CreateSite $siteName $siteAppPoolName $sitePort $managedRunTimeVersion)
{
if(!$deploymentUserName)
{
$idx = $siteName.IndexOf(' ')
if( ($idx -gt 0) -or ($siteName.Length -gt 16))
{
$deploymentUserName = "WDeployuser"
}
else
{
$deploymentUserName = $siteName + "user"
}
}
if( (CheckLocalUserExists($deploymentUserName) -eq $true))
{
$deploymentUserPassword = $null
}
else
{
if(!$deploymentUserPassword)
{
$deploymentUserPassword = GenerateStrongPassword
}
}
if(CreateLocalUser $deploymentUserName $deploymentUserPassword $false)
{
GrantPermissionsOnDisk $deploymentUserName "FullControl" "ContainerInherit,ObjectInherit"
if(GrantAccessToSiteScope ($env:computername + "\" + $deploymentUserName) $siteName)
{
$hostname = GetPublicHostName
$savePath = GetPublishSettingSavePath
if($savePath)
{
CreateProfileXml $siteName $deploymentUserName $deploymentUserPassword $hostname $savePath
}
}
}
}
}
# SIG # Begin signature block
# MIInvwYJKoZIhvcNAQcCoIInsDCCJ6wCAQExDzANBglghkgBZQMEAgEFADB5Bgor
# BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG
# KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCCe7RjUKImB7L07
# lgWkLd54tojtN1Q2KIMrHri7aOe8Z6CCDXYwggX0MIID3KADAgECAhMzAAADrzBA
# DkyjTQVBAAAAAAOvMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMRMwEQYD
# VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy
# b3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNpZ25p
# bmcgUENBIDIwMTEwHhcNMjMxMTE2MTkwOTAwWhcNMjQxMTE0MTkwOTAwWjB0MQsw
# CQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9u
# ZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYDVQQDExVNaWNy
# b3NvZnQgQ29ycG9yYXRpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
# AQDOS8s1ra6f0YGtg0OhEaQa/t3Q+q1MEHhWJhqQVuO5amYXQpy8MDPNoJYk+FWA
# hePP5LxwcSge5aen+f5Q6WNPd6EDxGzotvVpNi5ve0H97S3F7C/axDfKxyNh21MG
# 0W8Sb0vxi/vorcLHOL9i+t2D6yvvDzLlEefUCbQV/zGCBjXGlYJcUj6RAzXyeNAN
# xSpKXAGd7Fh+ocGHPPphcD9LQTOJgG7Y7aYztHqBLJiQQ4eAgZNU4ac6+8LnEGAL
# go1ydC5BJEuJQjYKbNTy959HrKSu7LO3Ws0w8jw6pYdC1IMpdTkk2puTgY2PDNzB
# tLM4evG7FYer3WX+8t1UMYNTAgMBAAGjggFzMIIBbzAfBgNVHSUEGDAWBgorBgEE
# AYI3TAgBBggrBgEFBQcDAzAdBgNVHQ4EFgQURxxxNPIEPGSO8kqz+bgCAQWGXsEw
# RQYDVR0RBD4wPKQ6MDgxHjAcBgNVBAsTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEW
# MBQGA1UEBRMNMjMwMDEyKzUwMTgyNjAfBgNVHSMEGDAWgBRIbmTlUAXTgqoXNzci
# tW2oynUClTBUBgNVHR8ETTBLMEmgR6BFhkNodHRwOi8vd3d3Lm1pY3Jvc29mdC5j
# b20vcGtpb3BzL2NybC9NaWNDb2RTaWdQQ0EyMDExXzIwMTEtMDctMDguY3JsMGEG
# CCsGAQUFBwEBBFUwUzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQu
# Y29tL3BraW9wcy9jZXJ0cy9NaWNDb2RTaWdQQ0EyMDExXzIwMTEtMDctMDguY3J0
# MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIBAISxFt/zR2frTFPB45Yd
# mhZpB2nNJoOoi+qlgcTlnO4QwlYN1w/vYwbDy/oFJolD5r6FMJd0RGcgEM8q9TgQ
# 2OC7gQEmhweVJ7yuKJlQBH7P7Pg5RiqgV3cSonJ+OM4kFHbP3gPLiyzssSQdRuPY
# 1mIWoGg9i7Y4ZC8ST7WhpSyc0pns2XsUe1XsIjaUcGu7zd7gg97eCUiLRdVklPmp
# XobH9CEAWakRUGNICYN2AgjhRTC4j3KJfqMkU04R6Toyh4/Toswm1uoDcGr5laYn
# TfcX3u5WnJqJLhuPe8Uj9kGAOcyo0O1mNwDa+LhFEzB6CB32+wfJMumfr6degvLT
# e8x55urQLeTjimBQgS49BSUkhFN7ois3cZyNpnrMca5AZaC7pLI72vuqSsSlLalG
# OcZmPHZGYJqZ0BacN274OZ80Q8B11iNokns9Od348bMb5Z4fihxaBWebl8kWEi2O
# PvQImOAeq3nt7UWJBzJYLAGEpfasaA3ZQgIcEXdD+uwo6ymMzDY6UamFOfYqYWXk
# ntxDGu7ngD2ugKUuccYKJJRiiz+LAUcj90BVcSHRLQop9N8zoALr/1sJuwPrVAtx
# HNEgSW+AKBqIxYWM4Ev32l6agSUAezLMbq5f3d8x9qzT031jMDT+sUAoCw0M5wVt
# CUQcqINPuYjbS1WgJyZIiEkBMIIHejCCBWKgAwIBAgIKYQ6Q0gAAAAAAAzANBgkq
# hkiG9w0BAQsFADCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24x
# EDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlv
# bjEyMDAGA1UEAxMpTWljcm9zb2Z0IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5
# IDIwMTEwHhcNMTEwNzA4MjA1OTA5WhcNMjYwNzA4MjEwOTA5WjB+MQswCQYDVQQG
# EwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwG
# A1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSgwJgYDVQQDEx9NaWNyb3NvZnQg
# Q29kZSBTaWduaW5nIFBDQSAyMDExMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
# CgKCAgEAq/D6chAcLq3YbqqCEE00uvK2WCGfQhsqa+laUKq4BjgaBEm6f8MMHt03
# a8YS2AvwOMKZBrDIOdUBFDFC04kNeWSHfpRgJGyvnkmc6Whe0t+bU7IKLMOv2akr
# rnoJr9eWWcpgGgXpZnboMlImEi/nqwhQz7NEt13YxC4Ddato88tt8zpcoRb0Rrrg
# OGSsbmQ1eKagYw8t00CT+OPeBw3VXHmlSSnnDb6gE3e+lD3v++MrWhAfTVYoonpy
# 4BI6t0le2O3tQ5GD2Xuye4Yb2T6xjF3oiU+EGvKhL1nkkDstrjNYxbc+/jLTswM9
# sbKvkjh+0p2ALPVOVpEhNSXDOW5kf1O6nA+tGSOEy/S6A4aN91/w0FK/jJSHvMAh
# dCVfGCi2zCcoOCWYOUo2z3yxkq4cI6epZuxhH2rhKEmdX4jiJV3TIUs+UsS1Vz8k
# A/DRelsv1SPjcF0PUUZ3s/gA4bysAoJf28AVs70b1FVL5zmhD+kjSbwYuER8ReTB
# w3J64HLnJN+/RpnF78IcV9uDjexNSTCnq47f7Fufr/zdsGbiwZeBe+3W7UvnSSmn
# Eyimp31ngOaKYnhfsi+E11ecXL93KCjx7W3DKI8sj0A3T8HhhUSJxAlMxdSlQy90
# lfdu+HggWCwTXWCVmj5PM4TasIgX3p5O9JawvEagbJjS4NaIjAsCAwEAAaOCAe0w
# ggHpMBAGCSsGAQQBgjcVAQQDAgEAMB0GA1UdDgQWBBRIbmTlUAXTgqoXNzcitW2o
# ynUClTAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTALBgNVHQ8EBAMCAYYwDwYD
# VR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBRyLToCMZBDuRQFTuHqp8cx0SOJNDBa
# BgNVHR8EUzBRME+gTaBLhklodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL2Ny
# bC9wcm9kdWN0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFfMDNfMjIuY3JsMF4GCCsG
# AQUFBwEBBFIwUDBOBggrBgEFBQcwAoZCaHR0cDovL3d3dy5taWNyb3NvZnQuY29t
# L3BraS9jZXJ0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFfMDNfMjIuY3J0MIGfBgNV
# HSAEgZcwgZQwgZEGCSsGAQQBgjcuAzCBgzA/BggrBgEFBQcCARYzaHR0cDovL3d3
# dy5taWNyb3NvZnQuY29tL3BraW9wcy9kb2NzL3ByaW1hcnljcHMuaHRtMEAGCCsG
# AQUFBwICMDQeMiAdAEwAZQBnAGEAbABfAHAAbwBsAGkAYwB5AF8AcwB0AGEAdABl
# AG0AZQBuAHQALiAdMA0GCSqGSIb3DQEBCwUAA4ICAQBn8oalmOBUeRou09h0ZyKb
# C5YR4WOSmUKWfdJ5DJDBZV8uLD74w3LRbYP+vj/oCso7v0epo/Np22O/IjWll11l
# hJB9i0ZQVdgMknzSGksc8zxCi1LQsP1r4z4HLimb5j0bpdS1HXeUOeLpZMlEPXh6
# I/MTfaaQdION9MsmAkYqwooQu6SpBQyb7Wj6aC6VoCo/KmtYSWMfCWluWpiW5IP0
# wI/zRive/DvQvTXvbiWu5a8n7dDd8w6vmSiXmE0OPQvyCInWH8MyGOLwxS3OW560
# STkKxgrCxq2u5bLZ2xWIUUVYODJxJxp/sfQn+N4sOiBpmLJZiWhub6e3dMNABQam
# ASooPoI/E01mC8CzTfXhj38cbxV9Rad25UAqZaPDXVJihsMdYzaXht/a8/jyFqGa
# J+HNpZfQ7l1jQeNbB5yHPgZ3BtEGsXUfFL5hYbXw3MYbBL7fQccOKO7eZS/sl/ah
# XJbYANahRr1Z85elCUtIEJmAH9AAKcWxm6U/RXceNcbSoqKfenoi+kiVH6v7RyOA
# 9Z74v2u3S5fi63V4GuzqN5l5GEv/1rMjaHXmr/r8i+sLgOppO6/8MO0ETI7f33Vt
# Y5E90Z1WTk+/gFcioXgRMiF670EKsT/7qMykXcGhiJtXcVZOSEXAQsmbdlsKgEhr
# /Xmfwb1tbWrJUnMTDXpQzTGCGZ8wghmbAgEBMIGVMH4xCzAJBgNVBAYTAlVTMRMw
# EQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVN
# aWNyb3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNp
# Z25pbmcgUENBIDIwMTECEzMAAAOvMEAOTKNNBUEAAAAAA68wDQYJYIZIAWUDBAIB
# BQCgga4wGQYJKoZIhvcNAQkDMQwGCisGAQQBgjcCAQQwHAYKKwYBBAGCNwIBCzEO
# MAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkEMSIEILsxzUIINoouHCnQ8a653oLQ
# /lgE0Lv2i3jSDv/LJwogMEIGCisGAQQBgjcCAQwxNDAyoBSAEgBNAGkAYwByAG8A
# cwBvAGYAdKEagBhodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20wDQYJKoZIhvcNAQEB
# BQAEggEAxmo90Wbgvm+hvswCaFTUngK5kdSOQV0oYcg9ur7hZC5OUCIFihpNik8M
# /1vAwvY+voPk69mCrjxx6loTie/n3sBz3WwEigsvZKrVJobnwb/fsaff4AerAebu
# eDIcK8hMohJtuTQKevNTA4CPCBqkvIFHa6kUYCJlLn+QI65VVoYGLdpFtWV4eEtX
# W5Qv0byNFnlRnfYIIHX/S/cg1I8Lm60yfDXM57PainvyU7Ab0aREzkv8Xxb+S3dM
# gomfA28evnw3Y6aY0OBbvkTyJeO+FBVmZrSwkD5oZTrhmhJysLieEiMcf/w6N/rG
# V+j5ELVXSIvr3dwyjxJ5ycg2NU8GuKGCFykwghclBgorBgEEAYI3AwMBMYIXFTCC
# FxEGCSqGSIb3DQEHAqCCFwIwghb+AgEDMQ8wDQYJYIZIAWUDBAIBBQAwggFZBgsq
# hkiG9w0BCRABBKCCAUgEggFEMIIBQAIBAQYKKwYBBAGEWQoDATAxMA0GCWCGSAFl
# AwQCAQUABCDS+BxVKoc6wYWcDbOnuLKnlhkiiQ4VFjsOtqCl0+Sa5wIGZdXlAukA
# GBMyMDI0MDIyODIxMTAzOS4xMzNaMASAAgH0oIHYpIHVMIHSMQswCQYDVQQGEwJV
# UzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UE
# ChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMS0wKwYDVQQLEyRNaWNyb3NvZnQgSXJl
# bGFuZCBPcGVyYXRpb25zIExpbWl0ZWQxJjAkBgNVBAsTHVRoYWxlcyBUU1MgRVNO
# OjA4NDItNEJFNi1DMjlBMSUwIwYDVQQDExxNaWNyb3NvZnQgVGltZS1TdGFtcCBT
# ZXJ2aWNloIIReDCCBycwggUPoAMCAQICEzMAAAHajtXJWgDREbEAAQAAAdowDQYJ
# KoZIhvcNAQELBQAwfDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24x
# EDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlv
# bjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAgUENBIDIwMTAwHhcNMjMx
# MDEyMTkwNjU5WhcNMjUwMTEwMTkwNjU5WjCB0jELMAkGA1UEBhMCVVMxEzARBgNV
# BAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jv
# c29mdCBDb3Jwb3JhdGlvbjEtMCsGA1UECxMkTWljcm9zb2Z0IElyZWxhbmQgT3Bl
# cmF0aW9ucyBMaW1pdGVkMSYwJAYDVQQLEx1UaGFsZXMgVFNTIEVTTjowODQyLTRC
# RTYtQzI5QTElMCMGA1UEAxMcTWljcm9zb2Z0IFRpbWUtU3RhbXAgU2VydmljZTCC
# AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJOQBgh2tVFR1j8jQA4NDf8b
# cVrXSN080CNKPSQo7S57sCnPU0FKF47w2L6qHtwm4EnClF2cruXFp/l7PpMQg25E
# 7X8xDmvxr8BBE6iASAPCfrTebuvAsZWcJYhy7prgCuBf7OidXpgsW1y8p6Vs7sD2
# aup/0uveYxeXlKtsPjMCplHkk0ba+HgLho0J68Kdji3DM2K59wHy9xrtsYK+X9er
# bDGZ2mmX3765aS5Q7/ugDxMVgzyj80yJn6ULnknD9i4kUQxVhqV1dc/DF6UBeuzf
# ukkMed7trzUEZMRyla7qhvwUeQlgzCQhpZjz+zsQgpXlPczvGd0iqr7lACwfVGog
# 5plIzdExvt1TA8Jmef819aTKwH1IVEIwYLA6uvS8kRdA6RxvMcb//ulNjIuGceyy
# kMAXEynVrLG9VvK4rfrCsGL3j30Lmidug+owrcCjQagYmrGk1hBykXilo9YB8Qyy
# 5Q1KhGuH65V3zFy8a0kwbKBRs8VR4HtoPYw9z1DdcJfZBO2dhzX3yAMipCGm6Smv
# mvavRsXhy805jiApDyN+s0/b7os2z8iRWGJk6M9uuT2493gFV/9JLGg5YJJCJXI+
# yxkO/OXnZJsuGt0+zWLdHS4XIXBG17oPu5KsFfRTHREloR2dI6GwaaxIyDySHYOt
# vIydla7u4lfnfCjY/qKTAgMBAAGjggFJMIIBRTAdBgNVHQ4EFgQUoXyNyVE9ZhOV
# izEUVwhNgL8PX0UwHwYDVR0jBBgwFoAUn6cVXQBeYl2D9OXSZacbUzUZ6XIwXwYD
# VR0fBFgwVjBUoFKgUIZOaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9j
# cmwvTWljcm9zb2Z0JTIwVGltZS1TdGFtcCUyMFBDQSUyMDIwMTAoMSkuY3JsMGwG
# CCsGAQUFBwEBBGAwXjBcBggrBgEFBQcwAoZQaHR0cDovL3d3dy5taWNyb3NvZnQu
# Y29tL3BraW9wcy9jZXJ0cy9NaWNyb3NvZnQlMjBUaW1lLVN0YW1wJTIwUENBJTIw
# MjAxMCgxKS5jcnQwDAYDVR0TAQH/BAIwADAWBgNVHSUBAf8EDDAKBggrBgEFBQcD
# CDAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQADggIBALmDVdTtuI0jAEt4
# 1O2OM8CU237TGMyhrGr7FzKCEFaXxtoqk/IObQriq1caHVh2vyuQ24nz3TdOBv7r
# cs/qnPjOxnXFLyZPeaWLsNuARVmUViyVYXjXYB5DwzaWZgScY8GKL7yGjyWrh78W
# JUgh7rE1+5VD5h0/6rs9dBRqAzI9fhZz7spsjt8vnx50WExbBSSH7rfabHendpeq
# bTmW/RfcaT+GFIsT+g2ej7wRKIq/QhnsoF8mpFNPHV1q/WK/rF/ChovkhJMDvlqt
# ETWi97GolOSKamZC9bYgcPKfz28ed25WJy10VtQ9P5+C/2dOfDaz1RmeOb27Kbeg
# ha0SfPcriTfORVvqPDSa3n9N7dhTY7+49I8evoad9hdZ8CfIOPftwt3xTX2RhMZJ
# CVoFlabHcvfb84raFM6cz5EYk+x1aVEiXtgK6R0xn1wjMXHf0AWlSjqRkzvSnRKz
# FsZwEl74VahlKVhI+Ci9RT9+6Gc0xWzJ7zQIUFE3Jiix5+7KL8ArHfBY9UFLz4sn
# boJ7Qip3IADbkU4ZL0iQ8j8Ixra7aSYfToUefmct3dM69ff4Eeh2Kh9NsKiiph58
# 9Ap/xS1jESlrfjL/g/ZboaS5d9a2fA598mubDvLD5x5PP37700vm/Y+PIhmp2fTv
# uS2sndeZBmyTqcUNHRNmCk+njV3nMIIHcTCCBVmgAwIBAgITMwAAABXF52ueAptJ
# mQAAAAAAFTANBgkqhkiG9w0BAQsFADCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgT
# Cldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29m
# dCBDb3Jwb3JhdGlvbjEyMDAGA1UEAxMpTWljcm9zb2Z0IFJvb3QgQ2VydGlmaWNh
# dGUgQXV0aG9yaXR5IDIwMTAwHhcNMjEwOTMwMTgyMjI1WhcNMzAwOTMwMTgzMjI1
# WjB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMH
# UmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSYwJAYDVQQD
# Ex1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMDCCAiIwDQYJKoZIhvcNAQEB
# BQADggIPADCCAgoCggIBAOThpkzntHIhC3miy9ckeb0O1YLT/e6cBwfSqWxOdcjK
# NVf2AX9sSuDivbk+F2Az/1xPx2b3lVNxWuJ+Slr+uDZnhUYjDLWNE893MsAQGOhg
# fWpSg0S3po5GawcU88V29YZQ3MFEyHFcUTE3oAo4bo3t1w/YJlN8OWECesSq/XJp
# rx2rrPY2vjUmZNqYO7oaezOtgFt+jBAcnVL+tuhiJdxqD89d9P6OU8/W7IVWTe/d
# vI2k45GPsjksUZzpcGkNyjYtcI4xyDUoveO0hyTD4MmPfrVUj9z6BVWYbWg7mka9
# 7aSueik3rMvrg0XnRm7KMtXAhjBcTyziYrLNueKNiOSWrAFKu75xqRdbZ2De+JKR
# Hh09/SDPc31BmkZ1zcRfNN0Sidb9pSB9fvzZnkXftnIv231fgLrbqn427DZM9itu
# qBJR6L8FA6PRc6ZNN3SUHDSCD/AQ8rdHGO2n6Jl8P0zbr17C89XYcz1DTsEzOUyO
# ArxCaC4Q6oRRRuLRvWoYWmEBc8pnol7XKHYC4jMYctenIPDC+hIK12NvDMk2ZItb
# oKaDIV1fMHSRlJTYuVD5C4lh8zYGNRiER9vcG9H9stQcxWv2XFJRXRLbJbqvUAV6
# bMURHXLvjflSxIUXk8A8FdsaN8cIFRg/eKtFtvUeh17aj54WcmnGrnu3tz5q4i6t
# AgMBAAGjggHdMIIB2TASBgkrBgEEAYI3FQEEBQIDAQABMCMGCSsGAQQBgjcVAgQW
# BBQqp1L+ZMSavoKRPEY1Kc8Q/y8E7jAdBgNVHQ4EFgQUn6cVXQBeYl2D9OXSZacb
# UzUZ6XIwXAYDVR0gBFUwUzBRBgwrBgEEAYI3TIN9AQEwQTA/BggrBgEFBQcCARYz
# aHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9Eb2NzL1JlcG9zaXRvcnku
# aHRtMBMGA1UdJQQMMAoGCCsGAQUFBwMIMBkGCSsGAQQBgjcUAgQMHgoAUwB1AGIA
# QwBBMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFNX2
# VsuP6KJcYmjRPZSQW9fOmhjEMFYGA1UdHwRPME0wS6BJoEeGRWh0dHA6Ly9jcmwu
# bWljcm9zb2Z0LmNvbS9wa2kvY3JsL3Byb2R1Y3RzL01pY1Jvb0NlckF1dF8yMDEw
# LTA2LTIzLmNybDBaBggrBgEFBQcBAQROMEwwSgYIKwYBBQUHMAKGPmh0dHA6Ly93
# d3cubWljcm9zb2Z0LmNvbS9wa2kvY2VydHMvTWljUm9vQ2VyQXV0XzIwMTAtMDYt
# MjMuY3J0MA0GCSqGSIb3DQEBCwUAA4ICAQCdVX38Kq3hLB9nATEkW+Geckv8qW/q
# XBS2Pk5HZHixBpOXPTEztTnXwnE2P9pkbHzQdTltuw8x5MKP+2zRoZQYIu7pZmc6
# U03dmLq2HnjYNi6cqYJWAAOwBb6J6Gngugnue99qb74py27YP0h1AdkY3m2CDPVt
# I1TkeFN1JFe53Z/zjj3G82jfZfakVqr3lbYoVSfQJL1AoL8ZthISEV09J+BAljis
# 9/kpicO8F7BUhUKz/AyeixmJ5/ALaoHCgRlCGVJ1ijbCHcNhcy4sa3tuPywJeBTp
# kbKpW99Jo3QMvOyRgNI95ko+ZjtPu4b6MhrZlvSP9pEB9s7GdP32THJvEKt1MMU0
# sHrYUP4KWN1APMdUbZ1jdEgssU5HLcEUBHG/ZPkkvnNtyo4JvbMBV0lUZNlz138e
# W0QBjloZkWsNn6Qo3GcZKCS6OEuabvshVGtqRRFHqfG3rsjoiV5PndLQTHa1V1QJ
# sWkBRH58oWFsc/4Ku+xBZj1p/cvBQUl+fpO+y/g75LcVv7TOPqUxUYS8vwLBgqJ7
# Fx0ViY1w/ue10CgaiQuPNtq6TPmb/wrpNPgkNWcr4A245oyZ1uEi6vAnQj0llOZ0
# dFtq0Z4+7X6gMTN9vMvpe784cETRkPHIqzqKOghif9lwY1NNje6CbaUFEMFxBmoQ
# tB1VM1izoXBm8qGCAtQwggI9AgEBMIIBAKGB2KSB1TCB0jELMAkGA1UEBhMCVVMx
# EzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoT
# FU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEtMCsGA1UECxMkTWljcm9zb2Z0IElyZWxh
# bmQgT3BlcmF0aW9ucyBMaW1pdGVkMSYwJAYDVQQLEx1UaGFsZXMgVFNTIEVTTjow
# ODQyLTRCRTYtQzI5QTElMCMGA1UEAxMcTWljcm9zb2Z0IFRpbWUtU3RhbXAgU2Vy
# dmljZaIjCgEBMAcGBSsOAwIaAxUAQqIfIYljHUbNoY0/wjhXRn/sSA2ggYMwgYCk
# fjB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMH
# UmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSYwJAYDVQQD
# Ex1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMDANBgkqhkiG9w0BAQUFAAIF
# AOmJnM8wIhgPMjAyNDAyMjgxOTUxNDNaGA8yMDI0MDIyOTE5NTE0M1owdDA6Bgor
# BgEEAYRZCgQBMSwwKjAKAgUA6YmczwIBADAHAgEAAgIIGDAHAgEAAgIQaDAKAgUA
# 6YruTwIBADA2BgorBgEEAYRZCgQCMSgwJjAMBgorBgEEAYRZCgMCoAowCAIBAAID
# B6EgoQowCAIBAAIDAYagMA0GCSqGSIb3DQEBBQUAA4GBADS1uOra4qwuphiTNChW
# wotEeJCwExBuJWdCslz9TsJLO8kAzY6TtQstHtsUU0+GL16C+lHc7XlG0q2TOhA+
# fHtowjtLe8EyTcESsAp1Ll0sUhqVZx2zi1ZVG15S8sURgIjZ7oNHGlKU0cgEGKYF
# u4Vr6wpzBwCPu/WiJ2TyUpoAMYIEDTCCBAkCAQEwgZMwfDELMAkGA1UEBhMCVVMx
# EzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoT
# FU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRpbWUt
# U3RhbXAgUENBIDIwMTACEzMAAAHajtXJWgDREbEAAQAAAdowDQYJYIZIAWUDBAIB
# BQCgggFKMBoGCSqGSIb3DQEJAzENBgsqhkiG9w0BCRABBDAvBgkqhkiG9w0BCQQx
# IgQgOtUaPZkkA2f5P5DblVnbSYRJWzUaht265SMB+4G/pAowgfoGCyqGSIb3DQEJ
# EAIvMYHqMIHnMIHkMIG9BCAipaNpYsDvnqTe95Dj1C09020I5ljibrW/ndICOxg9
# xjCBmDCBgKR+MHwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAw
# DgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24x
# JjAkBgNVBAMTHU1pY3Jvc29mdCBUaW1lLVN0YW1wIFBDQSAyMDEwAhMzAAAB2o7V
# yVoA0RGxAAEAAAHaMCIEIH9pNgadE8IgjYwa2JzGsL4tT+JkAhr5XZRGKF8sdeHv
# MA0GCSqGSIb3DQEBCwUABIICAC4GUmmuvAxxX/HhhjWAW4ac6Vegm2ZHhRYsuPBg
# dc4bZiVeTJjOUO+ZhuC7zNOWPtMi0rwaPwYcQiduBiVq4oJetuW04gF7WHyz6uma
# MWpHXR/kmkJIijrI26SbY9TKFtI69CExNPULNCneO2WCH83zBFcneGSCxsVIUnWi
# /57PhB48MJeH7fth4X+7b4LSjn0Nj3tQNfc1yS44XVBr8k2G88nxcNHHhzlKQ+Pn
# sB7LTaCmVJOJg4in0kBDhLB+tdO4WcveuzlTb/rWkTs26FKnPEkONPoOnWs3hDC4
# 0T0PKNxzOPaGn3eZ5KYYDVYX77DSnamTFo2KYzqkCFEs8OrN9WKC25Gp7OD7Z/nh
# vHHfDEkl/TLiOncggl46o+Zsh7KveBDLfP2ro01dv2B1gKDSo4AiQkqGzS5AxGWF
# TI0BbM5KAfZL74hWzXk19AsVHg/uF5DgRtOJ4TAn7p0BHYoGn+BUFc3y7fBppkUi
# R4Ut902qfmdDL2FZxh1Salv1irIZ76ey1/AU1d5Jv/cH+7uUXclv2Wl+Y+2mEMJO
# gjmyQ1LdS7Rykgw9k0BVipyjCKlu9soBj9zvmr1fgXI99tRDg6+FU0bsZ4ZF1xWd
# NmpPxSxuX3dSCP792THfGD9O+Ch3+mjDFP2LFeyWhAUoMJNn/Dfd5XuDAJxUBUf5
# HnGS
# SIG # End signature block