From 7a3ede6617172710b220615d4a3c3a61571fab06 Mon Sep 17 00:00:00 2001
From: Jean-Pierre Fortune <jean-pierre.fortune@ialto.com>
Date: Thu, 8 Feb 2024 13:45:10 +0100
Subject: [PATCH 01/13] feat: add initial interfaces

---
 .gitattributes                                |  50 +++++
 .gitignore                                    |  44 ++++
 CHANGELOG.md                                  |   9 +
 CODE_OF_CONDUCT.md                            |  93 ++++++++
 CONTRIBUTING.md                               |  43 ++++
 Jenkinsfile                                   |  83 +++++++
 LICENSE                                       |  21 ++
 NOTICE.md                                     |  34 +++
 PUBLISHERS.yml                                |  18 ++
 README.md                                     |  25 ++-
 SECURITY.md                                   |   9 +
 build.gradle.kts                              |  59 +++++
 gradle.properties                             |  15 ++
 gradle/wrapper/gradle-wrapper.jar             | Bin 0 -> 59203 bytes
 gradle/wrapper/gradle-wrapper.properties      |   5 +
 gradlew                                       | 185 ++++++++++++++++
 gradlew.bat                                   |  89 ++++++++
 scripts/check_version.sh                      |  12 +
 scripts/prepare_javadoc.sh                    |  52 +++++
 settings.gradle.kts                           |   1 +
 .../CalypsoCertificateApiFactory.java         |  64 ++++++
 .../CalypsoCertificateApiProperties.java      |  28 +++
 .../certificate/ca/CaCertificateManager.java  |  25 +++
 .../certificate/ca/CaCertificateSettings.java |  18 ++
 .../ca/CaCertificateSettingsV1.java           | 206 ++++++++++++++++++
 .../calypso/certificate/ca/package-info.java  |   6 +
 .../ca/spi/CaCertificateSignerSpi.java        |  54 +++++
 .../certificate/ca/spi/package-info.java      |   6 +
 .../card/CardCertificateManager.java          |  34 +++
 .../card/CardCertificateSettings.java         |  18 ++
 .../card/CardCertificateSettingsV1.java       | 133 +++++++++++
 .../certificate/card/package-info.java        |   6 +
 .../card/spi/CardCertificateSignerSpi.java    |  54 +++++
 .../certificate/card/spi/package-info.java    |   6 +
 .../calypso/certificate/package-info.java     |   6 +
 src/main/javadoc/overview.html                |  15 ++
 .../CalypsoCertificateApiPropertiesTest.java  |  42 ++++
 37 files changed, 1566 insertions(+), 2 deletions(-)
 create mode 100644 .gitattributes
 create mode 100644 .gitignore
 create mode 100644 CHANGELOG.md
 create mode 100644 CODE_OF_CONDUCT.md
 create mode 100644 CONTRIBUTING.md
 create mode 100644 Jenkinsfile
 create mode 100644 LICENSE
 create mode 100644 NOTICE.md
 create mode 100644 PUBLISHERS.yml
 create mode 100644 SECURITY.md
 create mode 100644 build.gradle.kts
 create mode 100644 gradle.properties
 create mode 100644 gradle/wrapper/gradle-wrapper.jar
 create mode 100644 gradle/wrapper/gradle-wrapper.properties
 create mode 100644 gradlew
 create mode 100644 gradlew.bat
 create mode 100644 scripts/check_version.sh
 create mode 100644 scripts/prepare_javadoc.sh
 create mode 100644 settings.gradle.kts
 create mode 100644 src/main/java/org/eclipse/keypop/calypso/certificate/CalypsoCertificateApiFactory.java
 create mode 100644 src/main/java/org/eclipse/keypop/calypso/certificate/CalypsoCertificateApiProperties.java
 create mode 100644 src/main/java/org/eclipse/keypop/calypso/certificate/ca/CaCertificateManager.java
 create mode 100644 src/main/java/org/eclipse/keypop/calypso/certificate/ca/CaCertificateSettings.java
 create mode 100644 src/main/java/org/eclipse/keypop/calypso/certificate/ca/CaCertificateSettingsV1.java
 create mode 100644 src/main/java/org/eclipse/keypop/calypso/certificate/ca/package-info.java
 create mode 100644 src/main/java/org/eclipse/keypop/calypso/certificate/ca/spi/CaCertificateSignerSpi.java
 create mode 100644 src/main/java/org/eclipse/keypop/calypso/certificate/ca/spi/package-info.java
 create mode 100644 src/main/java/org/eclipse/keypop/calypso/certificate/card/CardCertificateManager.java
 create mode 100644 src/main/java/org/eclipse/keypop/calypso/certificate/card/CardCertificateSettings.java
 create mode 100644 src/main/java/org/eclipse/keypop/calypso/certificate/card/CardCertificateSettingsV1.java
 create mode 100644 src/main/java/org/eclipse/keypop/calypso/certificate/card/package-info.java
 create mode 100644 src/main/java/org/eclipse/keypop/calypso/certificate/card/spi/CardCertificateSignerSpi.java
 create mode 100644 src/main/java/org/eclipse/keypop/calypso/certificate/card/spi/package-info.java
 create mode 100644 src/main/java/org/eclipse/keypop/calypso/certificate/package-info.java
 create mode 100644 src/main/javadoc/overview.html
 create mode 100644 src/test/java/org/eclipse/keypop/calypso/certificate/CalypsoCertificateApiPropertiesTest.java

diff --git a/.gitattributes b/.gitattributes
new file mode 100644
index 0000000..6225757
--- /dev/null
+++ b/.gitattributes
@@ -0,0 +1,50 @@
+###############################
+# Git Line Endings            #
+###############################
+
+* text=auto
+
+# CRLF for Windows files.
+*.{cmd,[cC][mM][dD]} text eol=crlf
+*.{bat,[bB][aA][tT]} text eol=crlf
+*.cs                 text eol=crlf diff=csharp
+
+# LF for Linux files.
+*.sh text eol=lf
+
+# Common files
+*.java   text eol=lf diff=java
+*.html   text eol=lf diff=html
+*.css    text eol=lf
+*.js     text eol=lf
+*.sql    text eol=lf
+
+###############################
+# Git Large File System (LFS) #
+###############################
+
+# Archives
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.br filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.tar filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+
+# Documents
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.docx diff=astextplain merge=lfs -text
+
+# Images
+*.gif filter=lfs diff=lfs merge=lfs -text
+*.ico filter=lfs diff=lfs merge=lfs -text
+*.jpg filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.psd filter=lfs diff=lfs merge=lfs -text
+*.webp filter=lfs diff=lfs merge=lfs -text
+
+# Fonts
+*.woff2 filter=lfs diff=lfs merge=lfs -text
+
+# Other
+*.exe filter=lfs diff=lfs merge=lfs -text
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..01ddf38
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,44 @@
+# Java class files
+*.class
+
+# Generated files
+gen/
+out/
+release/
+
+# Gradle
+.gradle/
+build/
+LICENSE_HEADER
+
+# Eclipse
+.classpath
+.project
+.settings/
+bin/
+
+# IntelliJ IDEA
+.idea/
+*.iml
+*.iws
+*.ipr
+
+# Visual Studio Code
+.vscode/*
+!.vscode/settings.json
+!.vscode/tasks.json
+!.vscode/launch.json
+!.vscode/extensions.json
+
+# MacOS
+.DS_Store
+
+# Linux
+*~
+
+# Windows
+Thumbs.db
+Thumbs.db:encryptable
+ehthumbs.db
+ehthumbs_vista.db
+*.stackdump
\ No newline at end of file
diff --git a/CHANGELOG.md b/CHANGELOG.md
new file mode 100644
index 0000000..913757e
--- /dev/null
+++ b/CHANGELOG.md
@@ -0,0 +1,9 @@
+# Changelog
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [Unreleased]
+
+[unreleased]: https://github.com/eclipse-keypop/keypop-calypso-certificate-java-api/compare/0.1.0...HEAD
\ No newline at end of file
diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md
new file mode 100644
index 0000000..faa735b
--- /dev/null
+++ b/CODE_OF_CONDUCT.md
@@ -0,0 +1,93 @@
+# Community Code of Conduct
+
+**Version 2.0  
+January 1, 2023**
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as community members, contributors, Committers[^1], and Project Leads (collectively "Contributors") pledge to make participation in our projects and our community a harassment-free and inclusive experience for everyone.
+
+This Community Code of Conduct ("Code") outlines our behavior expectations as members of our community in all Eclipse Foundation activities, both offline and online. It is not intended to govern scenarios or behaviors outside of the scope of Eclipse Foundation activities. Nor is it intended to replace or supersede the protections offered to all our community members under the law. Please follow both the spirit and letter of this Code and encourage other Contributors to follow these principles into our work. Failure to read or acknowledge this Code does not excuse a Contributor from compliance with the Code.
+
+## Our Standards
+
+Examples of behavior that contribute to creating a positive and professional environment include:
+
+- Using welcoming and inclusive language;
+- Actively encouraging all voices;
+- Helping others bring their perspectives and listening actively. If you find yourself dominating a discussion, it is especially important to encourage other voices to join in;
+- Being respectful of differing viewpoints and experiences;
+- Gracefully accepting constructive criticism;
+- Focusing on what is best for the community;
+- Showing empathy towards other community members;
+- Being direct but professional; and
+- Leading by example by holding yourself and others accountable
+
+Examples of unacceptable behavior by Contributors include:
+
+- The use of sexualized language or imagery;
+- Unwelcome sexual attention or advances;
+- Trolling, insulting/derogatory comments, and personal or political attacks;
+- Public or private harassment, repeated harassment;
+- Publishing others' private information, such as a physical or electronic address, without explicit permission;
+- Violent threats or language directed against another person;
+- Sexist, racist, or otherwise discriminatory jokes and language;
+- Posting sexually explicit or violent material;
+- Sharing private content, such as emails sent privately or non-publicly, or unlogged forums such as IRC channel history;
+- Personal insults, especially those using racist or sexist terms;
+- Excessive or unnecessary profanity;
+- Advocating for, or encouraging, any of the above behavior; and
+- Other conduct which could reasonably be considered inappropriate in a professional setting
+
+## Our Responsibilities
+
+With the support of the Eclipse Foundation employees, consultants, officers, and directors (collectively, the "Staff"), Committers, and Project Leads, the Eclipse Foundation Conduct Committee (the "Conduct Committee") is responsible for clarifying the standards of acceptable behavior. The Conduct Committee takes appropriate and fair corrective action in response to any instances of unacceptable behavior.
+
+## Scope
+
+This Code applies within all Project, Working Group, and Interest Group spaces and communication channels of the Eclipse Foundation (collectively, "Eclipse spaces"), within any Eclipse-organized event or meeting, and in public spaces when an individual is representing an Eclipse Foundation Project, Working Group, Interest Group, or their communities. Examples of representing a Project or community include posting via an official social media account, personal accounts, or acting as an appointed representative at an online or offline event. Representation of Projects, Working Groups, and Interest Groups may be further defined and clarified by Committers, Project Leads, or the Staff.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the Conduct Committee via conduct@eclipse-foundation.org. All complaints will be reviewed and investigated and will result in a response that is deemed necessary and appropriate to the circumstances. Without the explicit consent of the reporter, the Conduct Committee is obligated to maintain confidentiality with regard to the reporter of an incident. The Conduct Committee is further obligated to ensure that the respondent is provided with sufficient information about the complaint to reply. If such details cannot be provided while maintaining confidentiality, the Conduct Committee will take the respondent‘s inability to provide a defense into account in its deliberations and decisions. Further details of enforcement guidelines may be posted separately.
+
+Staff, Committers and Project Leads have the right to report, remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code, or to block temporarily or permanently any Contributor for other behaviors that they deem inappropriate, threatening, offensive, or harmful. Any such actions will be reported to the Conduct Committee for transparency and record keeping.
+
+Any Staff (including officers and directors of the Eclipse Foundation), Committers, Project Leads, or Conduct Committee members who are the subject of a complaint to the Conduct Committee will be recused from the process of resolving any such complaint.
+
+## Responsibility
+
+The responsibility for administering this Code rests with the Conduct Committee, with oversight by the Executive Director and the Board of Directors. For additional information on the Conduct Committee and its process, please write to <conduct@eclipse-foundation.org>.
+
+## Investigation of Potential Code Violations
+
+All conflict is not bad as a healthy debate may sometimes be necessary to push us to do our best. It is, however, unacceptable to be disrespectful or offensive, or violate this Code. If you see someone engaging in objectionable behavior violating this Code, we encourage you to address the behavior directly with those involved. If for some reason, you are unable to resolve the matter or feel uncomfortable doing so, or if the behavior is threatening or harassing, please report it following the procedure laid out below.
+
+Reports should be directed to <conduct@eclipse-foundation.org>. It is the Conduct Committee’s role to receive and address reported violations of this Code and to ensure a fair and speedy resolution.
+
+The Eclipse Foundation takes all reports of potential Code violations seriously and is committed to confidentiality and a full investigation of all allegations. The identity of the reporter will be omitted from the details of the report supplied to the accused. Contributors who are being investigated for a potential Code violation will have an opportunity to be heard prior to any final determination. Those found to have violated the Code can seek reconsideration of the violation and disciplinary action decisions. Every effort will be made to have all matters disposed of within 60 days of the receipt of the complaint.
+
+## Actions
+Contributors who do not follow this Code in good faith may face temporary or permanent repercussions as determined by the Conduct Committee.
+
+This Code does not address all conduct. It works in conjunction with our [Communication Channel Guidelines](https://www.eclipse.org/org/documents/communication-channel-guidelines/), [Social Media Guidelines](https://www.eclipse.org/org/documents/social_media_guidelines.php), [Bylaws](https://www.eclipse.org/org/documents/eclipse-foundation-be-bylaws-en.pdf), and [Internal Rules](https://www.eclipse.org/org/documents/ef-be-internal-rules.pdf) which set out additional protections for, and obligations of, all contributors. The Foundation has additional policies that provide further guidance on other matters.
+
+It’s impossible to spell out every possible scenario that might be deemed a violation of this Code. Instead, we rely on one another’s good judgment to uphold a high standard of integrity within all Eclipse Spaces. Sometimes, identifying the right thing to do isn’t an easy call. In such a scenario, raise the issue as early as possible.
+
+## No Retaliation
+
+The Eclipse community relies upon and values the help of Contributors who identify potential problems that may need to be addressed within an Eclipse Space. Any retaliation against a Contributor who raises an issue honestly is a violation of this Code. That a Contributor has raised a concern honestly or participated in an investigation, cannot be the basis for any adverse action, including threats, harassment, or discrimination. If you work with someone who has raised a concern or provided information in an investigation, you should continue to treat the person with courtesy and respect. If you believe someone has retaliated against you, report the matter as described by this Code. Honest reporting does not mean that you have to be right when you raise a concern; you just have to believe that the information you are providing is accurate.
+
+False reporting, especially when intended to retaliate or exclude, is itself a violation of this Code and will not be accepted or tolerated.
+
+Everyone is encouraged to ask questions about this Code. Your feedback is welcome, and you will get a response within three business days. Write to <conduct@eclipse-foundation.org>.
+
+## Amendments
+
+The Eclipse Foundation Board of Directors may amend this Code from time to time and may vary the procedures it sets out where appropriate in a particular case.
+
+### Attribution
+
+This Code was inspired by the [Contributor Covenant](https://www.contributor-covenant.org/), version 1.4, available [here](https://www.contributor-covenant.org/version/1/4/code-of-conduct/).
+
+[^1]: Capitalized terms used herein without definition shall have the meanings assigned to them in the Bylaws.
\ No newline at end of file
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
new file mode 100644
index 0000000..4609d01
--- /dev/null
+++ b/CONTRIBUTING.md
@@ -0,0 +1,43 @@
+# Contributing to 'Eclipse Keypop'
+
+**Welcome to the Eclipse Keypop Community!**
+
+We are thrilled to have you onboard and look forward to your contributions. Whether you're a coder, designer, 
+documenter, or enthusiast, your involvement is invaluable to us. Here's how you can start contributing to Eclipse 
+Keypop:
+
+## Quick Start
+
+1. **Read the Contribution Guidelines**: Before starting, please visit our detailed contributing guide at the
+[Eclipse Keypop Contribution Guide](https://eclipse-keypop.github.io/keypop-website/community/contributing/). 
+This guide covers all the necessary information about contributing to the project.
+
+2. **Join the mailing list**: Connect with other contributors on our 
+[mailing list](https://accounts.eclipse.org/mailing-list/keypop-dev/). 
+It's a great place to ask questions, share ideas, and collaborate.
+
+3. **Explore Open Issues**: Check out the issues tab in our GitHub repository.
+
+## How to Contribute
+
+- **Code**: Submit pull requests with bug fixes, new features, and improvements. Make sure to follow the code style and 
+testing guidelines.
+
+- **Documentation**: Help us improve our documentation by fixing errors, adding examples, or writing tutorials.
+
+- **Feedback**: Share your experience using Eclipse Keypop. Feedback on usability, features, and your overall experience 
+is incredibly valuable.
+
+- **Community Support**: Answer questions on the community forums, help with user support, and participate in 
+discussions.
+
+## Need Help?
+
+If you have any questions or need assistance, please reach out on the 
+[mailing list](https://accounts.eclipse.org/mailing-list/keypop-dev/).
+
+---
+
+_Your contribution is the key to the success of Eclipse Keypop. Let's build something amazing together!_
+
+---
\ No newline at end of file
diff --git a/Jenkinsfile b/Jenkinsfile
new file mode 100644
index 0000000..012a641
--- /dev/null
+++ b/Jenkinsfile
@@ -0,0 +1,83 @@
+#!groovy
+pipeline {
+  environment {
+    PROJECT_NAME = "keypop-calypso-certificate-java-api"
+    PROJECT_BOT_NAME = "Eclipse Keypop Bot"
+  }
+  agent { kubernetes { yaml javaBuilder('1.0') } }
+  stages {
+    stage('Import keyring') {
+      when { expression { env.GIT_URL.startsWith('https://github.com/eclipse-keypop/keypop-') && env.CHANGE_ID == null } }
+      steps { container('java-builder') {
+        withCredentials([file(credentialsId: 'secret-subkeys.asc', variable: 'KEYRING')]) { sh 'import_gpg "${KEYRING}"' }
+      } }
+    }
+    stage('Prepare settings') { steps { container('java-builder') {
+      script {
+        env.KEYPOP_VERSION = sh(script: 'grep version gradle.properties | cut -d= -f2 | tr -d "[:space:]"', returnStdout: true).trim()
+        env.GIT_COMMIT_MESSAGE = sh(script: 'git log --format=%B -1 | head -1 | tr -d "\n"', returnStdout: true)
+        echo "Building version ${env.KEYPOP_VERSION} in branch ${env.GIT_BRANCH}"
+        deployRelease = env.GIT_URL == "https://github.com/eclipse-keypop/${env.PROJECT_NAME}.git" && (env.GIT_BRANCH == "main" || env.GIT_BRANCH == "release-${env.KEYPOP_VERSION}") && env.CHANGE_ID == null && env.GIT_COMMIT_MESSAGE.startsWith("Release ${env.KEYPOP_VERSION}")
+        deploySnapshot = !deployRelease && env.GIT_URL == "https://github.com/eclipse-keypop/${env.PROJECT_NAME}.git" && (env.GIT_BRANCH == "main" || env.GIT_BRANCH == "release-${env.KEYPOP_VERSION}") && env.CHANGE_ID == null
+      }
+      sh "chmod +x ./gradlew ./scripts/*.sh"
+    } } }
+    stage('Check version') {
+      steps { container('java-builder') {
+        sh "./scripts/check_version.sh ${env.KEYPOP_VERSION}"
+      } }
+    }
+    stage('Build and Test') {
+      when { expression { !deploySnapshot && !deployRelease } }
+      steps { container('java-builder') {
+        sh './gradlew clean build test --no-build-cache --info --stacktrace'
+        junit testResults: 'build/test-results/test/*.xml', allowEmptyResults: true
+      } }
+    }
+    stage('Build and Publish Snapshot') {
+      when { expression { deploySnapshot } }
+      steps { container('java-builder') {
+        configFileProvider([configFile(fileId: 'gradle.properties', targetLocation: '/home/jenkins/agent/gradle.properties')]) {
+          sh './gradlew clean build test publish --info --stacktrace'
+        }
+        junit testResults: 'build/test-results/test/*.xml', allowEmptyResults: true
+      } }
+    }
+    stage('Build and Publish Release') {
+      when { expression { deployRelease } }
+      steps { container('java-builder') {
+        configFileProvider([configFile(fileId: 'gradle.properties', targetLocation: '/home/jenkins/agent/gradle.properties')]) {
+          sh './gradlew clean build test release --info --stacktrace'
+        }
+        junit testResults: 'build/test-results/test/*.xml', allowEmptyResults: true
+      } }
+    }
+    stage('Update GitHub Pages') {
+      when { expression { deploySnapshot || deployRelease } }
+      steps { container('java-builder') {
+        sh "./scripts/prepare_javadoc.sh ${env.PROJECT_NAME} ${env.KEYPOP_VERSION} ${deploySnapshot}"
+        dir("${env.PROJECT_NAME}") {
+          withCredentials([usernamePassword(credentialsId: 'github-bot', passwordVariable: 'GIT_PASSWORD', usernameVariable: 'GIT_USERNAME')]) {
+            sh '''
+            git add -A
+            git config user.email "${PROJECT_NAME}-bot@eclipse.org"
+            git config user.name "${PROJECT_BOT_NAME}"
+            git commit --allow-empty -m "docs: update documentation ${JOB_NAME}-${BUILD_NUMBER}"
+            git log --graph --abbrev-commit --date=relative -n 5
+            git push "https://${GIT_USERNAME}:${GIT_PASSWORD}@github.com/eclipse-keypop/${PROJECT_NAME}.git" HEAD:gh-pages
+            '''
+          }
+        }
+      } }
+    }
+    stage('Publish packaging to Eclipse') {
+      when { expression { deploySnapshot || deployRelease } }
+      steps { container('java-builder') { sshagent(['projects-storage.eclipse.org-bot-ssh']) { sh 'publish_packaging' } } }
+    }
+  }
+  post { always { container('java-builder') {
+    archiveArtifacts artifacts: 'build*/libs/**', allowEmptyArchive: true
+    archiveArtifacts artifacts: 'build*/reports/tests/**', allowEmptyArchive: true
+    archiveArtifacts artifacts: 'build*/reports/jacoco/test/html/**', allowEmptyArchive: true
+  } } }
+}
diff --git a/LICENSE b/LICENSE
new file mode 100644
index 0000000..4958beb
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024 Calypso Networks Association
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/NOTICE.md b/NOTICE.md
new file mode 100644
index 0000000..2a51d9e
--- /dev/null
+++ b/NOTICE.md
@@ -0,0 +1,34 @@
+# Notices for 'Eclipse Keypop' Java implementation
+
+This content is produced and maintained by the Eclipse Keypop project.
+
+* Project home: https://projects.eclipse.org/projects/iot.keypop
+ 
+## Supported platforms
+
+* Java SE 1.6 compact2
+* Android 4.4 KitKat API level 19
+
+## Trademarks
+ 
+* Eclipse Keypop and the Eclipse Keypop project are Trademarks of the Eclipse Foundation, Inc.
+* Eclipse® is a Trademark of the Eclipse Foundation, Inc.
+* Eclipse Foundation is a Trademark of the Eclipse Foundation, Inc.
+ 
+## Copyright
+
+All content is the property of the respective authors or their employers.
+For more information regarding authorship of content, please consult the
+listed source code repository logs.
+
+## Declared Project Licenses
+
+This program and the accompanying materials are made available under the terms
+of the MIT License which is available at
+https://opensource.org/license/mit/
+
+SPDX-License-Identifier: MIT
+   
+## Third-party Content
+
+No third-party content.
\ No newline at end of file
diff --git a/PUBLISHERS.yml b/PUBLISHERS.yml
new file mode 100644
index 0000000..43a920a
--- /dev/null
+++ b/PUBLISHERS.yml
@@ -0,0 +1,18 @@
+url: https://github.com/eclipse-keypop/keypop-calypso-certificate-java-api
+organization:
+  name: Eclipse Keypop
+  url: https://keypop.org/
+licenses:
+  - name: MIT license
+    url: https://opensource.org/license/mit/
+    distribution: repo
+developers:
+  - name: Keypop Contributors
+    email: keypop-dev@eclipse.org
+scm:
+  connection: scm:git:git://github.com/eclipse-keypop/keypop-calypso-certificate-java-api.git
+  developerConnection: scm:git:https://github.com/eclipse-keypop/keypop-calypso-certificate-java-api.git
+  url: https://github.com/eclipse-keypop/keypop-calypso-certificate-java-api
+ciManagement:
+  system: Jenkins
+  url: https://ci.eclipse.org/keypop/job/Keypop/job/keypop-calypso-certificate-java-api/
diff --git a/README.md b/README.md
index ef2136b..de92af5 100644
--- a/README.md
+++ b/README.md
@@ -1,2 +1,23 @@
-# keypop-calypso-certificate-java-api
-Eclipse Keypop project repository containing a Java implementation of the 'Calypso Certificate API' standardized by the Calypso Networks association for ticketing terminal processing smart card
+# Keypop Calypso Certificate Java API
+
+## Overview
+
+This repository contains a Java implementation aligned with the **Terminal Calypso Certificate** specifications
+proposed by the [Calypso Networks Association](https://www.calypsonet.org). It defines the generic interfaces required
+to create Calypso certificates.
+
+## Documentation & Contribution Guide
+
+The full documentation, including the **user guide**, **download information** and **contribution guide**, is available
+on the Keyple website [keypop.org](https://eclipse-keypop.github.io/keypop-website/).
+
+## API documentation
+
+API Javadoc is available [here](https://eclipse-keypop.github.io/keypop-calypso-certificate-java-api).
+
+API documentation and class diagram is available
+[here](https://terminal-api.calypsonet.org/apis/calypsonet-terminal-calypso-certificate-api/).
+
+## About the source code
+
+The code is built with **Gradle** and is compliant with **Java 1.6** in order to address a wide range of applications.
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..d0a3a3d
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,9 @@
+# Security Policy
+
+This project implements the Eclipse Foundation Security Policy
+
+* https://www.eclipse.org/security
+
+## Reporting a Vulnerability
+
+Please report vulnerabilities to the Eclipse Foundation Security Team at security@eclipse.org
\ No newline at end of file
diff --git a/build.gradle.kts b/build.gradle.kts
new file mode 100644
index 0000000..22a2101
--- /dev/null
+++ b/build.gradle.kts
@@ -0,0 +1,59 @@
+///////////////////////////////////////////////////////////////////////////////
+//  GRADLE CONFIGURATION
+///////////////////////////////////////////////////////////////////////////////
+plugins {
+    java
+    id("com.diffplug.spotless") version "5.10.2"
+}
+buildscript {
+    repositories {
+        mavenLocal()
+        mavenCentral()
+    }
+    dependencies {
+        classpath("org.eclipse.keypop:keypop-gradle:0.1.+") { isChanging = true }
+    }
+}
+apply(plugin = "org.eclipse.keypop")
+
+///////////////////////////////////////////////////////////////////////////////
+//  APP CONFIGURATION
+///////////////////////////////////////////////////////////////////////////////
+repositories {
+    mavenLocal()
+    mavenCentral()
+}
+dependencies {
+    testImplementation("junit:junit:4.13.2")
+    testImplementation("org.assertj:assertj-core:3.15.0")
+}
+
+val javaSourceLevel: String by project
+val javaTargetLevel: String by project
+java {
+    sourceCompatibility = JavaVersion.toVersion(javaSourceLevel)
+    targetCompatibility = JavaVersion.toVersion(javaTargetLevel)
+    println("Compiling Java $sourceCompatibility to Java $targetCompatibility.")
+    withJavadocJar()
+    withSourcesJar()
+}
+
+///////////////////////////////////////////////////////////////////////////////
+//  TASKS CONFIGURATION
+///////////////////////////////////////////////////////////////////////////////
+tasks {
+    spotless {
+        java {
+            target("src/**/*.java")
+            licenseHeaderFile("${project.rootDir}/LICENSE_HEADER")
+            importOrder("java", "javax", "org", "com", "")
+            removeUnusedImports()
+            googleJavaFormat()
+        }
+    }
+    test {
+        testLogging {
+            events("passed", "skipped", "failed")
+        }
+    }
+}
diff --git a/gradle.properties b/gradle.properties
new file mode 100644
index 0000000..4f4aa52
--- /dev/null
+++ b/gradle.properties
@@ -0,0 +1,15 @@
+group = org.eclipse.keypop
+title = Keypop Calypso Certificate API
+description = API dedicated to the creation of Calypso Certificates
+version = 0.1.0
+
+javaSourceLevel = 1.6
+javaTargetLevel = 1.6
+
+# UTF-8 required by javadoc for special characters (ex. copyright) with Java 11+.
+org.gradle.jvmargs="-Dfile.encoding=UTF-8"
+
+javadoc.logo = <span></span>
+javadoc.copyright = Copyright \u00a9 Calypso Networks Association https://calypsonet.org/
+
+sonatype.url = https://oss.sonatype.org
\ No newline at end of file
diff --git a/gradle/wrapper/gradle-wrapper.jar b/gradle/wrapper/gradle-wrapper.jar
new file mode 100644
index 0000000000000000000000000000000000000000..e708b1c023ec8b20f512888fe07c5bd3ff77bb8f
GIT binary patch
literal 59203
zcma&O1CT9Y(k9%tZQHhO+qUh#ZQHhO+qmuS+qP|E@9xZO?0h@l{(r>DQ>P;GjjD{w
zH}lENr;dU&FbEU?00aa80D$0M0RRB{U*7-#kbjS|qAG&4l5%47zyJ#WrfA#1$1Ctx
zf&Z_d{GW=lf^w2#qRJ|CvSJUi(^E3iv~=^Z(zH}F)3Z%V3`@+rNB7gT<C4E+e^X1+
z079LInxq~UYf-kNla?M9Qw5`wqM;O{-8tPk0sfaO{=LZmzBQ1)zwMpO|F66HKXsu0
zsblVBXkugf|5Qc(cU5;MLk9;_r~hk73h82L2Ot0dCNKa1{eNB}WN+`{?DBWLtf8fy
zvWuaUi>VU{Bb~90p|f+0(v;nz01EG7yDMX9@S~__vVgv%rS$+?IH+oZ03D5zYrv|^
zC1J)SruYHmCki$jLBlTaE5&dFG9-kq3!^i>^UQL`%gn6)jz54$WDmeYdsBE9;PqZ_
zoGd=P4+|(-u4U1dbAVQrFWoNgNd;0nrghPFbQrJctO>nwDdI`Q^i0XJDUYm|T|RWc
zZ3^Qgo_Qk$%Fvjj-G}1NB#ZJqIkh;kX%V{THPqOyiq)d)0+(r9o(qKlSp*hmK#iIY
zA^)Vr$-Hz<#SF=0@tL@;dCQsm`V9s1vYNq}K1B)!XSK?=I1)tX+bUV52$YQu*<ra!
z!v%7ZiKpO7g;NmE(;dSwu}#Qr14TWb<rzbgaS}{2FVDKaeCbmIt`T?_&=oa1ox)Gi
zqwS3lX?Fkmj%*6-JQ8ia`$(tFUJ#ol59+HHQxhli%Jb#vc@r`6ZP-EsfP2S!rwy#d
z;DP`C{cFdu2M4~`pHtE1KsUc1?BTR?&fOjbQh0|PcMiZgx_Kq$bLD%;`Ig2_LE~#`
zt32~lMNxY>0%fnWEukW>mxkz+%3-S!oguE8u#MGzST8_Dy^#U?fA@S#K$<FiPyhgu
zzq^L^|GyXf(+AWxl#$gjesG=F>S@9msUiX!gd_ow>08w5)nX{-KxqMOo7d?k2&?Vf
z&diGDtZr(0cwPe9z9FAUSD9KC)7(n^lMWuayCfxzy8EZsns%OEblHFSzP=cL6}?J|
z0U$H!4S_<U3#TVDkQ!s%Ox_BnFc2H6iNU0q=!|+Z9mk`Nbw?whndl6tI(Fj=$tl!^
zIOq<7BPlTvwG$fSu#@_%M(FvF2tpewu1-c35x~(IN{;#g5`-28n}V56vUKDyHalgc
zVFs4DD7(uszamXg!+b}p?!s)SZXGtIED*Jww1@^#7%op*kD~rw8S#!ebx(C|Oi-ci
zN~c@b8rVJSYHe*Cyn5uEa+-wenYQT6aAn!pd*%?%r>TVjj<`6dy^2j`V`)mC;cB%*
z8{>_%E1^FH!*{>4a7*C1v>~1*@TMcLK{7nEQ!_igZC}ikJ$*<$yHy>7)oy79A~#xE
zWavoJOIOC$5b6*q*F_qN1>2#MY)AXVyr$6x4b=$x^*aqF*L?vmj>Mgv+|ITnw_BoW
zO?jwHvNy^prH{9$rrik1#fhyU^MpFqF2fYEt(;4`Q&XWOGDH8k6<goGkkqwiLLr*g
z5z6x8$sF`?<e^h`j@COy$E+qY=Oj=v!b*KAnIYc*AP7qC0C#dwjl&srabEh<e-#E9
zv&sl%zw~Grb~0?}V1_A9--Q~b&NxawFDL54EJtT<qO4Z~5p7>M=%@fics4ajI;st#
zCU^r1CK&|jzUhRMv;+W~6N;u<;#DI6cCw-<Kad;hI?@=R3TXw!Cr}=BbI5m+uEl-w
zqErRfdJ>otsc@IsN3MoSD^O`eNflIoR~l4*&-%RBYk@gb^|-JXs&~KuSEmMxB}xSb
z@K76cXD=Y|=I&SNC2E+>Zg?R6E%DGCH5J1nU!A|@eX9oS(WPaMm==k2s_ueCqdZw|
z&hqHp)47`c{BgwgvY2{xz%OIkY1xDwkw!<0veB#yF4ZKJyabhyyVS`gZepcFIk%e2
zTcrmt2@-8`7i-@5Nz>oQWFuMC_KlroCl(PLSodswHqJ3fn<;gxg9=}~3x_L3P`9Sn
zChIf}8vCHvTriz~T2~FamRi?rh?>3bX1j}%bLH+uFX+p&+^aXbOK7clZxdU~6Uxgy
z8R=obwO4dL%pmVo*Ktf=lH6hnl<C=NTH%5`gfxBHGJj`iNz(A#<w&(&isR(NdjRau
zf|I4<<<u=|XXZxd2JFGs>z_5k3cG;m8lgaPp~?eD!Yn2kf)tU6PF{kLyn|oI@eQ`F
z3IF7~Blqg8-uwUuWZScRKn%c2_}dXB6Dx_&xR*n9M9LXasJhtZdr$vBY!rP{c@=)&
z#!?L$2UrkvClwQO>U*fSMs67oSj2mxiJ$t;E|>q%Kh_GzzWWO&3;ufU%2z%ucBU8H
z3WIwr$n)cfCXR&>tyB7BcSInK>=ByZA%;cVEJhcg<#6N{aZC4>K41XF>ZgjG`z_u&
zGY?;Ad?-sgiOnI`oppF1o1Gurqbi*;#x2>+SSV6|1^G@ooVy<y93LDm;wIOTj=5c$
zC-QhzvAl0y_;%{)gWRy`;Bf=?TtTe*SY!MP@9W|edu{l86Kr1<Cmr((Tem3gt4{#y
z3D<WVud@WzG8_>@fg?wyf@0Y!UZ4!}nGuLeC^l)6pwkh|oRY`s1Pm$>zZ3u-83T|9
z<QZfPf@8vDvzJ5u4A^A<#$7q&=f7lp3&n5W!oLxA;ja+?=SVAJ?`~&fZ)ozb9P1k`
z3pL1q5VB*z+Ct?<9|-*itS69vS4hVra5Z!lDKSySn;jjmUpRtte+Bax7QXjI?`90S
zA4?c)l!1W6+}k;06I}~wRC@!%R<xI9L>GaKJIV3_x+u1>cRibsaJpJqhcm%?0-L;2
zitBrdRxNmb0OO2J%Y&Ym(6*`_P3&&5Bw157{o7LFguvxC$4&zTy#U=W*l&(Q2MNO}
zfaUwYm{<Z#B+303&8&j|1AYBZQ1ef~@-GzfzfBY|H8XUzarxJ|f|I?ulc}?_jHR=S
zshz3QKN3ud>XtILD$3864IA_nn34oVa_g^FRuHL5wdUd)+W-p-iWCKe8m_cMHk+=?
zeKX)M?Dt(|{r5t7IenkAXo%&EXIb-i^w+0CX0D=xApC=|Xy(`xy+QG^UyF<x+1@YN
z-ZMAue9y-N{P;V-w=mmGh-1)C76Xu!U?t<}ByuZz$q|bl4S<l@37Jh~Glu1WLl}(l
zthb2~6ne4Q83FI<<Ay4c4`8D(It&am2#(!Ony)app0o62Q+)KCL_LQOA)tF@50mMJ
z<<yYk$({rlv3BkbtJ+SuacOk#dTZz@Qrop4gQ~UO=spb=-piAtn0x3U*bMbJdwI>e
z+#J6h_&T5i#sV)hj3D4WN%z;2+jJcZxcI3*CHXGmOF3^)JD5j&wfX)e?-|V0GPuA+
zQFot%aEqGNJJHn$!_}#PaAvQ^{3-Ye7b}rWwrUmX53(|~i0v{}G_sI9uDch_brX&6
zWl5Ndj-AYg(W9CGfQf<6!YmY>Ey)+uYd<oGrQ)76s0B|$EDBcWW*bGf!XzhAcke;%
zrh(E+RSxuWf~{)Nc=B!JS!X`$2DA4*+k72=D%60mnI%QDRarAyE}--rmK`Z^V+Yae
z&vDIckd3^cYT8wuAh(uIoqyu^LYf=&(`lZI>_J<fvopl!qQMd6Z#ZYajSPWAp}`qN
zjM~mJhn3N452gfOT)3x7am8MT`AA+VSSTZ}v@@8Ef-MrsX1vV|`Qx}Yh}~|pD;qlf
zbIL{96T!~st%_2?)f30K4Wp&xR_;627NS?#a?ONO1)C^TbaxNEe^u!aMYPy7;-Hq3
z8kFD}u19!l+a?p#Hl9<7(I=E6f85Gdi%U@U>NXH=>|`OH-CDCmcH(0%iD_aLlNHKH
z7bcW-^5+QV$jK?R*)wZ>r9t}loM@XN&M-Pw=F#xn(;u3!(3SXXY^@=aoj70;_=QE9
zGghsG3e<X)8z!NOUQ-K7Tg*M~$*Lq1YL~>kq#N||u{4We_25U=y#T*S{4I{++Ku)>
zQ!DZW;pVcn>b;&g2;YE#+V`v*Bl&Y-i@X6D*OpNA{G@JAXho&aOk(_j^weW{#3X5Y
z%$q_wpb07EYPdmyH(1^09i$ca<gJ(BN8tBcV!2)N5jxRqNZX(-f?Oe`25b>{O<}7)
zRWncXdSPgBE%BM#by!E>tdnc$8RwUJg1*x($6$}ae$e9Knj8gvVZe#bLi!<+&BkFj
zg@nOpDneyc+hU9P-;jmOSMN|*H#>^Ez#?;%C3hg_65leSUm;iz)UkW)jX#p)e&S&M
z1|a?wDzV5NVnlhRBCd_;F87wp>6c<&nkgvC+!@KGiIqWY4l}=&1w7|r6{oBN8xyzh
zG$b#2=RJp_iq6)#t5%yLkKx(0@D=C3w+oiXtSuaQ%I1WIb-eiE$d~!)b@|4XLy!CZ
z9p=t=%3ad@Ep+<9003D2KZ5VyP~_n$=;~r&YUg5UZ0KVD&tR1DHy9x)qWtKJp#Kq#
zP*8p#W(8JJ_*h_3W}FlvRam?<4Z+<U)YVE|@-H{P0L;lgD=4M+K83d`J=;XZ6cLXJ
z^Pb^7ai96hX*$t^`}X?;F@T^K^_U|s%%#VBR44vL@CQr;#z>-H77^$Lvi+#vmhL9J
zJ<1SV45xi;SrO2f=-OB(7#iNA5)x1uNC-yNxUw|!00vcW2PufRm>e~<GrW@0xg&;k
zL?iysf{CN}V{o=!B5cYHv{+Y1t=R-R>toH;M0Q85MQLWd?3O{i8H+5VkR@l9Dg-ma
ze2fZ%>G(u5(k9EHj2L6!;(KZ8%8|*-1V|B#EagbF(rc+5iL_5;Eu)L4Z-V;0HfK4d
z*{utLse_rvHZeQ>V5H=f78M3Ntg1BPxFCVD{HbNA6?9*^YIq;B-DJd{Ca2L#)qWP?
zvX^NhFmX?CTWw&Ns}lgs;r3i+Bq@y}Ul+U%pzOS0Fcv9~aB(0!>GT0)NO?p=25LjN
z2bh>6RhgqD7bQj#k-KOm@JLgMa6>%-ok1WpOe<hhSU`7#vu9^7%H57&(`pARdXnZM
z;eION-Jf1cVd1-MCh?1mFC&L}n&D)2PEzUHkSiE_t+j1!E~K#qcYI-`hc5a+<MQay
z<1}>)FS^XOU{c?d5shG(lIn3GiVBxmg`u%-j=)^v&pX1JecJics3&jvPI)mDut52?
z3jEA)DM%}BYbxxKrizVYwq?(P&19EXlwD9^-6J+4!}9{ywR9Gk42jjAURAF&EO|~N
z)?s>$Da@ikI4|^z0e{r`J8zIs>SpM~Vn^{3fArRu;?+43>lD+^XtUcY1HidJwnR6+
z!;oG2=B6Z_=M%*{z-RaHc(n|1RTKQdNjjV!Pn9lFt^4w|AeN06*j}Zyhq<HLE#a+A
zJ{@Y`FHfEI5bv;8o$ZEGCqCOp4`6-5eeTUyKzzSKd~k>Z^!-=cyGP_ShV1rGxkx8t
zB;8`h!S{LD%ot``700d0@Grql(DTt4Awgmi+Yr0@#jbe=2#UkK%rv=OLqF)9D7D1j
z!~McAwMYkeaL$~kI~90)5vBhBzWYc3Cj1WI0RS`z000R8-@ET0dA~*r(gS<U)h`aD
zLE6Dn5Q+3O*c2B9elF29G1VrakVK+eBtDr^Gf}-iF&NZnZ$t<sha>iCJmQMN&4%1D
zyVNf0?}sBH8zNbBLn>~(W{d3%@kL_eQ6jEcR{l><V*L*c8i9aN^J3k5@LC4D{kHc*
ztiPGM*MYdYK5-%KXLXp`;*IAihHn*4Pn*cYN8uZA$oHJE-8(VkYwPa2amx3wu)oxf
z;@K?9yEDA%g1*No{aF{@JJ45(#kW@dSB%B?ig4GNH`G^-kpE2q*E={oZNZKA>C|JK
z(R-fA!z|TTRG40|zv}7E@PqCAXP3n`;%|SCQ|ZS%ym$I{`}t3KPL&^l5`3>yah4*6
zifO#{VNz3)?<E9P2g)v<M^QTEwJXCARf%0EK}z-2B8QN$*7-J-mD@w9d6fzs+FVv4
zrJ6y#^xsh;O&ToHBFf~MC54(~Sb2j}sCotWQt($NS~kJz72WH?<eo8;ekt}!o;CT~
zFlF~#@UZt@DeNAn7u||SULov|N<ot`RP2<Gm?2rbIJ;;m_J~Yu)ZL<c+N#@?_iQO`
zRo%izIfJ9RLf%!Awp2T%_jV~S<vv}L?&aO;G&bt(!h60lS`2vX)v@WhGFXzOtRK;c
zyr@kt8OV3(72@wS&Pz;*6SWo#Z2jYhpl6$h+sV9U!&ep>ZL$be;NEaAk9b#{tV?V7
zP|wf5YA*1;s<)9A4~l3BHzG&HH`1xNr#%){4xZ!jq%o=7nN*wMuXlFV{HaiQLJ`5G
zBhDi#D(m`Q1pLh@Tq+L;OwuC52RdW7b8}~60WCOK5iYMUad9}7aWBuILb({5=z~YF
zt<!zJa=c$qO%0sJrsowK;!t%<S=X7Y&Jxn+nGDY&f(=_-CL}c~4K|D7ux0QbLt&^f
zSr24bBRsz?=*UjQu7gZoZ09|ewuhGV`hI~v^swhOT82+78;Tj2xT>?*Jr<A3W3T-3
z<1&Nz$ui_+E7n$IbPK2Rrimn|(;7EPx1h6Fi)-3?>5NG+WadM{mDL>GyiByCuR)hd
zA=HM?J6l1Xv0Dl+LW@w$OTcEoOda^nFCw*Sy^I@$sSuneMl{4ys)|RY#9&NxW4S)9
zq|%83IpslTLoz~&vTo!Ga@?rj_kw{|k{nv+w&Ku?fyk4Ki4I?);M|5Axm)t+BaE)D
zm(`AQ#k^DWrjbuXoJf2{Aj<e%564WZLSS(Vd#ROb?}iRVX%`%#SRY^TSh{u=kI84e
z3Ow&PB(uhOFrXgEsH|%j)I-Ug(1-{oj6dcgiDH#{Xclz$DM?xphY_S^6Z_M-j<Q{M
z3m5`Vg`@HsKN#jbtysG34Af*<`=E}BAe7{&&983YEEQfM{J8#P!otJO%!Ug4=|diY
zavSVyOcEEa#lU9-1SEeUY5cJ=<Ds##5c*EUsRi@fN(`2}Y5bh+k`b9uFL%rwlbF%M
zdSW_2pP9rtReb`cMyUFd*B2fwpi645^+_wI6EzB|mef<{4KFd8`yOM9scKF$vrUM|
zCoNlGyffVj5PnZZrY&Y5n|uW=PHnHX<YXTSdl@8HE*;J7fEIy#D!|gwR}m6V5SwWq
z(a}Z41Prc!Wk&AE!j3s3VBd*3Lw?gbM3E&oKBI9kltN8F1T6wcC{`?P4s@QUU>^KT
zFb1zMSqxq|vceV+Mf-)$oPflsO$@*A0n0Z!R{&(xh8s}=;t(lIy<Pl3uQSpJ4S8Y>
zv$S8x>m;vQNHuRzoaOo?eiWFe{0;$s`Bc+Osz~}Van${u;g(su`3lJ^TEfo~nERfP
z)?aFzpDgnLYiER<rBlW-W;>sKPu<X=38r|I{0&8J8r0^`tKAAKA8jUsvBhopXc14T
zgUW&TYxF3i;mZl;v5E+2qh>|0tq4l2wT)Atr6Qb%m-AUn6HnCue*yWICp7TjW$@sO
zm5rm4aTcPQ(rfi7a`xP7cKCFrJD}*&_~xgLyr^-bmsL}y;A5P|al8J3WUoBSjqu%v
zxC;mK!g(7r6RRJ852Z~feoC&sD3(6}^5-uLK8o)9{8L_%%rItZK9C){UxB|;G>JbP
zsRRtS4-3B*5c+K2kvmgZK8472%l>3cntWUO<l-B0`McQr%h#X$@@JrQb8#@ppQUG9
z)`zI{d#E;id*aB>VHxB|{Ay~aOg5RN<wtviA9uMGSHMzxbdkCR`SfK34yQ^bEpjN~
zPf^Bz$`=daT8!L25oqT&4i=+dRE^=E#-D#x^n<}e%YqXyp_!ut)H)b@E0UPjTon!Z
zEyxi=e>;{PJgeVD*H%ac+y!h#wi%o2bF2Ca8IyMyH{>4#{E_8u^@+l-+n=V}Sq?$O
z{091@v%Bd*<G_U#2l9N@Y9~(ygCl-h&9i8Yj9_3cV?DM!lxf11kY_LYnfWL$a@7F3
zk0$$mP<ka_iUf&lMdUX}1{nJ-EWCBw#je~5Smwg)p`tEv>3pk0^2UtiF9Z+(a@wy6
zUdw8J*ze$K#=$48IBi1U%;hmhO>lu!uU;+RS}p&6@rQila7WftH->*A4=5W|Fmtze
z)7E}jh@cbmr9iup^i%*(uF%LG&!+Fyl@LFA-}Ca#bxRfDJAiR2dt6644TaYw1Ma79
zt8&DYj31j^5WPNf5P&{)J?WlCe@<3u^78wnd(Ja4^a>{^Tw}W>|Cjt^If|7l^l)^Q
zbz|7~CF(k_9~n|h;ysZ+jHzkXf<NcXr7lv4BLC0%brrpzF{-obsvQr%!_>(*O*@5m
zLzUmbHp=x!Q|!9NVXyipZ3)^GuIG$k;D)EK!a5=8MFLI_lpf`HPKl=-Ww%z8H_0$j
ztJ||IfFG1lE9nmQ<au0Ml%cF(=R}3nZqu!gn~ulcq{4`|I}2tuFXsdOn=eq9Qz{LW
zP^cfInuhA7QFIUcH%13E<=O+Vy|WwD8Y7tHV5z9{b#53O<eDk6+LD+O<*lHC*Sh-<
zQQ*d{QylAFdIrjkp%D|@{O_AHu^XIETj$pt=r^Iy${cPPEHt@N92tqR6yn>0+jPQy
zCBdKkjArH@K7jVcMNz);Q(Q^R{d5G?-kk;Uu_IXSyWB)~KGIizZL(^&qF;|1PI7!E
zTP`%l)gpX|OFn&)M%txpQ2F!hdA~hX1Cm5)IrdljqzRg!f{mN%G~H1&oqe`5eJCIF
zHdD7O;AX-{XEV(a`gBFJ9ews#CVS2y!&>Cm_dm3C8*n3MA*e67(WC?uP@8TXuMroq
z{#<dYp{{+xCUwQw6)w9(r^`^0<F6$P{m>w$%z@CBIkRM7?}Xib+>hRjy?%G!fiw8!
z8(gB+8J~KOU}yO7UGm&1g_MDJ$IXS!`+*b*QW2x)9>K<JF7b%^NJe_9Fs0_(5~kP{
zjLlh(Gb|iDD!%2k=};N1Ay-P7$Wu_KP|<Nv<px9DnR*Bhp`@^|=#?&n9#0)w-FDC^
zYYwq=gkfiuN_5CjVN9Ao)scz%pogt!6S`BY&a-LBZ0vR8Hs`uYWwn}-oY<_#H(3U4
z+C^OQlGq~g8s<Q&bZc>~Y*E&bYMnjl6h!{17_8d!%&9D`a7r&LKZjC<&XOvTRaKJ1
zUY@hl5^R&kZl3lU3njk`3dPzxj$2foOL26r(9zsVF3n_F#<NB6ex9*oBW}l?xfbxx
zL%E!#nXs+R%q=x9ZnSy_@kOHMCrx3@5&BuHZd_<OOwDuA?g-PK!m67qWTCZlm0wKU
zv#i7p-7isYt{yv)OR8I5o;!7xop*Zm6Rp~J_EdjQW~sUFuwoyaW1U&NaV|M4U1?nR
z@)EUG9kIA_lYfhiyvI%HWy;Ge%?fKvOXHCrMb%0xeab5(rJo188D&|PUo17GFJ{-P
zs?t#M)7w#0RHw{KaZQP;u<ZWKm`x0&oP9ITEjmgxyDYbPrK*U@Usmmw0c2<WSXv-G
zvb6FvJhqfc@v@g(G}B*mRq{2pTwn0X@yc3sxqx=5S4D&>v)s5vv3<FgSd?p+)!kNm
zTv$3*E<J6vu2~)lp%4nMdtWE@=#AViY%^W&8R2_<v(+Qa%Mf{$Tn~RH;PHc?^uW;B
zl33*<G2>@dgs|lP#eylq62{<-vczqP!RpVBTgI>@O6&sU>W|do17+#OzQ7o5A$ICH
z?GqwqnK^n2%LR;$^oZM;)+>$X3s2n}2jZ7CdWIW0lnGK-<n4*9i9?XprV!b-2yz1y
z82;&r=GhqHm&zBz3e~(LKRa(8ZwPt%3TYt5`IuWWTX+)iO!EB5qiR4W$RDCd`g{-j
zZuyRBvdZnk><gEOlAyZgBQiT7{>b#EG01)P@aU`pg}th&J-TrU`tIpb5t((0eu|!u
zQz+3ZiOQ^?RxxK4;zs=l8q!-n7X{@jSwK(iqNFiRColuEOg}!7cyZi`iBX4g1pNBj
zAPzL?P^Ljhn;1$r8?bc=#n|Ed7wB&oHcw()&*k#SS#h}jO?ZB246EGItsz*;^&tzp
zu^YJ0=lwsi`eP_pU8}6JA7MS<SY@ZXteVGu2D;{e_dFnzL(OQbWI#IL1J(@}vxKG~
z{>;9pfD;DsSsLo~ogzMNP70@@;Fm8f0^;>$Z>~<d_jp#pvX)$*IF^kRoeC(j+t)Ur
zPx*FO4h)ZG=iqY;QK6W@ekh%ILEiXbr05ou^~><kZopq=@-e)e2pdVj4ZJKNAd~~=
zIWD3^k4g6+ly88l1dUP7-<u$%X=hfWc{o8z>}GWRw!W5J3tNX*^2+1f3hz{~rIzJo
z6W%J(H!g-eI_J1>0juX$X4Cl6i+3wbc~k146UIX&G22}WE<iA2ePZPFMn_vlC3@`(
zC;LX5HFTJ@i$J`Hbx0sRaj^uiUmU^s{mchNU>>0ga#WLsn9tY(&29zBvH1$`iWtTe
zG2jYl@P!P)eb<5DsR72BdI7-zP&cZNI{7q3e@?N8IKc4DE#UVr->|-ryuJXk^u^>4
z$3wE~=q390;XuOQP~TNoDR?#|NSPJ%sTMInA6*rJ%go|=YjGe!B>z6u$IhgQSwoV*
zjy3F2#I>uK{42{&IqP59)Y(1*Z>>#W8rCf4_eVsH)`v!P#^;BgzKDR`ARGEZzkNX+
zJUQu=*-ol=Xqqt5=`=pA@BIn@6a9G8C{c&`i^(i+BxQO9?YZ3iu%$$da&Kb?2kCCo
zo7t$UpSFWqmydXf@l3bVJ=%K?SSw)|?srhJ-1ZdFu*5QhL$~-IQS!K1s@XzAtv6*Y
zl8@(5BlWYL<vlUo^g==w+bwzmrMIfe1OGTk=p=b_r!$VPWnqI4+K-Q0Kn&YY_INtV
ze5P(@!H@m0AM%dGQN5FSnZ`He_+j(1bNGu}ee2>t1yAWy?rMD&bwze8bC3-GfNH=p
zynNFCdxyX?K&G(ZZ)afguQ2|<I|ToEQs5dh02L^JB6>r;XoV^=^(;Cku#qYn4<V}b
zA&FlaPRwlltsTXe9~a58?uH)L#hLx*;|`>Lus`UeKt6rAlFo_rU`|Rq<F_mt<XG?>
z&G?~iWMB<P-m~>io<78of-2X(ZYHx~=U0Vz4btyXkctMKdc9UM!vYr~B-(>)(Hc|D
zMzkN4!PBg%tZoh+=Gba!0++d193gbMk2&krfDgcbx0jI92cq?FFESVg0D$>F+bil}
zY~$)|>1HZsX=5sAZ2WgPB5P=8X#TI+NQ(M~GqyVB53c6IdX=k>Wu@A0Svf5#?uHaF
zsYn|koIi3$(%GZ2+G+7Fv^lHTb#5b8sAHSTnL^qWZLM<(1|9|QFw9pnRU{svj}_Al
zL)b9>fN{QiA($8peNEJyy`(a{&uh-T4_kdZFIVsKKVM(?05}76E<BOuTKNZ>Ez?#W
za^fiZOAd14IJ4zLX-n7Lq0qlQ^lW8Cvz4U<X+>KkV9~P}>sq0?xD3vg+$4vLm~C(+
zM{-3Z#qnZ09bJ>}j?6ry^h+@PfaD7*jZxBEY4)UG&daWb??6)TP+|3#Z&?GL?<NWw
zpo!n^_Mnx`#l`Mtp<H71ndq}LH(ZXJlzYuNAHINUglm=WWXJLtuPRY2?rIWUs=h@;
z1r9;ol65y`xO*SzvRa8o!D+_s;~<Bb-h5u71zg5ymFjIboenFkEakiwkF#l0c-sut
znM=(poO3Xq&}pnDV!O6|+_sscTBqqe%{pj$E^ku;b!#-zj>1i+280CFsE|vIXQbm|
zM}Pk!U`U5NsNbyKzkrul-DzwB{X?n3E6?TUHr{M&+R*2%yOiXdW-_2Yd6?38M9Vy^
z*lE%gA{wwoSR~vN0=no}tP2Ul5Gk5M(Xq`<W>$nw#ndFk`tcpd5A=Idue`XZ!FS>Q
zG^0w#>P4pPG<EP*xHW9WCTGn>+*NC9gLP4x2m=cKP}YuS!l^?sHSFf<ssGXChcP9X
za)*XSF8xSAX6O&AkMIyXtB<sR`J2gFTR8ck#bl<tOy9ZU%W%Jooi$>tZy{4CoQrb_
z^20(NnG`wAhMI=eq)SsIE~&Gp9Ne0nD4%Xiu|0Fj1UFk?6avDqjdXz{O1nKao*46y
zT8~iA%Exu=G#{x=KD;_C&M+Zx4+n`sHT>^>=-1YM;H<72k>$py1?F3#T1*ef9mLZw
z5naLQr?n7K;2l+{_uIw*_1nsTn~I|kkCgrn;|G~##hM;9l7Jy$yJfmk+&}W@JeKcF
zx@@Woiz8qdi|D%aH3XTx5*wDlbs?dC1_nrFpm^QbG@wM=i2?Zg;$VK!c^Dp8<}BTI
zyRhAq@#%2pGV49*Y5_mV4+OICP|%I(dQ7x=6Ob}>EjnB_-_18*xrY?b%-yEDT(wrO
z9RY2QT0`_OpGfMObKHV;QLVnrK%mc?$WAdIT`kJQT^n%GuzE7|9@k3ci5fYOh(287
zuIbg!GB3xLg$YN=n)^pHGB0jH+_iIiC=nUcD;G6LuJsjn2VI1cyZx=a?ShCsF==QK
z;q~*m&}L<-cb+mDDXzv<F>vrRsybcgQ;Vg21P(uLv5I+eGc7o7tc6`;OA9{soHFOz
zT~2?>Ts}gprIX$wRBb4yE>ot<8+*Bv`qbSDv*VtRi|cyWS>)Fjs>fkNOH-+PX&4(~
z&)T8Zam2L6puQl?;5zg9h<}k4#|yH9czHw;1jw-pwBM*O2hUR6yvHATrI%^mvs9q_
z&ccT0>f#eDG<^WG^q@oVqlJrhxH)dcq2cty@l3~|5#UDdExyXUmLQ}f4#;6fI{f^t
zDCsgIJ~0`af%YR%Ma<z>5VQq-p21k`vaBu6WE?66+5=XUd%Ay%D$irN>5LhluRWt7
zov-=f>QbMk*G##&DTQyou$s7UqjjW@k6=!I@!k+S{pP8R(2=e@io;N8E`EOB;OGoI
zw6Q+{X1_I{OO0HPpBz!X!@`5YQ2)t{+!?M_iH25X(d~-Zx~cXnS9z>u?+If|iNJbx
zyFU2d1!ITX64D|lE0Z{dLRqL1Ajj=CCMfC4lD3&mYR_R_VZ>_7_~|<^o*%_&jevU+
zQ4|qzci=0}Jydw|LXLCrO<tY^5#SIaz%jR-X`&*7)+bTVSc1BE2BLn%vVH`Mbz1R-
z>l1_P6Xf@c0$ieK2^7@A9UbF{@V_0p%lqW|L?5k>bVM8|p5v&2g;~r>B8uo<4N+`B
zH{J)h;SYiIVx@#jI&p-v3dwL5QNV1oxPr8J%ooezTnLW>i*3Isb49%5i!&ac_dEXv
zvXmVUck^QHmyrF8>CGXijC_R-y(Qr{3Zt~EmW)-nC!tiH`wlw5D*W7Pip;T?&j%kX
z6DkZX4&}iw>hE(boLyjOoupf6JpvBG8}jIh!!VhnD0>}KSMMo{1#uU6kiFcA04~|7
zVO8eI&x1`g4CZ<2cYUI(n#wz2MtVFHx47yE5eL~8bot~>EHbevSt}LLMQX?odD{Ux
zJMnam{d)W4da{l7&y-JrgiU~qY3$~}_F#G7|MxT)e;G{U`In&?`j<5D->}cb{}<s=
z)!EcZ!rs<Y#@^oA)#0D)Gvy7r4FLpRXcD*RfTd(<C=@A5lICI1^#y3rLIVLJon(Px
z9#Jw)(4Yq5v4TSV<tUJH3ExZMzKTk&i(qL2_(Map=flfs&WkPnAHQ!Ph9FQ-#b`+n
zGGm<qkbNX1D53P^JDqBMk-0!hNJ&trQIk`mzGOz)`{-cJ&~H;?Q%CleBz;+Wy0Yj`
zyHSagKdo#qV6?6Vcv+pcT%^1Q-l@v({R}QyX*+WEw%BJmI(}Q@j4m`CawF`x{MPHL
za$h&MF~4nMuyWgQrt}RgV#pg|Y^CiI*j!3z!tB-Jp4;1uuh(==9iU5dSb3$ZFATE!
z>{T(4DF0BOk<QYr>-=1195KB-E*o@c?`>y#4=dMtYtSY=&L{!TAjFVcq0y@AH`vH!
z$41+u!Ld&}F^COPgL(EE{0X7LY&%D7-(?!kjFF7=qw<;`V{nwWBq<)1QiGJgUc^Vz
ztMUlq1bZqKn17|6x6iAHbWc~l1HcmAxr%$Puv!znW)!JiukwIrqQ00|H$Z)OmGG@=
zv%A8*4cq}(?qn4rN6o`$Y))(MyXr8R<2S^J+v(wmFmtac!%VOfN?&(8Nr!T@kV`N;
z*Q33V3t`^rN&aBiHet)18wy{*wi1=W!B%B-Q6}SCrUl$~Hl{@!95ydml@FK8P=u4s
z4e*7gV2s=YxEvskw2Ju!2%{8h01<bQ)d%wXmu1Zpj%~-&jsiWxq+->rx-3`NCPc(O
zH&J0VH5etNB2KY6k4R@2Wvl^Ck$MoR3=)|SEclT2ccJ!RI9Nuter7u9@;<u*AgOz(
zn=C13+36e?Wp?2OIME<hmtjrXzJ<Zd*?$>sWf-%um;GfI!=eEIQ2l2p_YWUd{|6EG
ze{yO6;lMc>;2tPrsNdi@&1K6(1;|$xe8vLgiouj%QD%gYk`4p{Ktv9|j+!OF-P?@p
z;}SV|<w!@0*CQ5@xp9@`8c_*)IC@^rAGd{(#wPf?$`(^V&!%1qI&#?UztvBAF!4M;
z_oxBXB0!;X3yhd^D}+Xx4sUHZH*0n|si;UgfM!*1c|d1h4nY076_94CJP`FR$D}_!
zDgwP#mZV0tbmF7vmG7Log$Afqr(GuMl<urHsSR(EhO7^7wNPIUT%rDwjj%sGil746
zDLtAZLp-7)K|QJh+bT3@0I$b@q3|9LuBZk*!Xn-Gb?+~>oIK)iwlBs+`ROXkhd&NK
zzo__r!B>tOXpBJMDcv!Mq54P+n4(@dijL^EpO1wdg~q+!DT3lB<>9AA<tf}r`cy*Y
zjhdtI5OMNT6H0#L@X?3Sm%kGA7Vl5JMh4bZuEy3uPM@!CETCEPH`bN;-XzRi=Uj<*
zy1%%&-XKAU$eorwmA2>NSe!T1XgC=J^)IP0XEZ()_vpu!!3HQyJhwh?r`Ae%Yr~b%
zO*NY9t9#qWa@GCPYOF9aron7thfWT`eujS4`t2uG6)~JRTI;f(ZuoRQwjZjp5Pg34
z)rp$)Kr?R+KdJ;IO;pM{$6|2y<ydqUT>=k_siqvp%)2||cHTe|b5Ht8&A{wazGNca
zX$Ol?H)E_R@SDi~4{d-|8nGFhZPW;Cts1;08TwUvLLv&_2$O6Vt=M)X;g%HUr$&06
zISZb(6)Q3%?;3r~*3~USIg=HcJhFtHhIV(siOwV&QkQe#J%H9&E21!C*d@ln3E@J*
zVqRO^<)V^ky-R|%{(9`l-(JXq9J)1r$`uQ8a}$vr9E^nNiI*thK8=&UZ0dsFN_eSl
z(q~lnD?EymWLsNa3|1{CRPW60>DSkY9YQ;$4o3W7Ms&@&lv9eH!tk~N&dhqX&>K@}
zi1g~GqglxkZ5pEFkllJ)Ta<O6(=j@N_YA4+m(2{`eegY!ZQ2^vALR<RgI6}@oJ;#Q
znz8Q+-c~%`4rP2NC%pl75Va8USgVLiZL*d#F+vsZ>1I^c&Bt6#r(QLQ02yHTaJB~-
zCcE=5tmi`UA>@P=1LBfBiqk)HB4t8D?02;9eXj~kVPwv?m{5&!&TFY<knKM4n)!Ph
zud#tQR<C%y^0~@DM`a6)LueXb{y5yQ{QdB(pAh_Nx5%(@`(@LGcfv~*Wnh>hu>3=_
zsGmYZ^mo*-j69-42y&Jj0cBLLEulNRZ9vXE)8~mt9C#;tZs;=#M=1*hebkS;7(aGf
zcs7zH(I8Eui9UU4L--))yy<O?Y9%&u#eL}xwSxY`c_7W7JcW|iGpGkga)aNR1NtnV
zsQ!z$?wFhYyP2W>`&d&$In&VA2?DAEss4LAPCLd>-$i?lpXvn!gu^JJ$(DoUlc<UX
zkfN^{^6VUfk4qkMm$Kwn8iV7sNct*PLMd9WvC5vZDv+`U&Q-ZGnQrAf`3aDr3@9ll
zcH!Spxa>6wE98VLZ*z`QGQov5l4Fm_h?V-;mHLYDVOwKz7>e4+%AzeO>P6v}ndPW|
zM>m#6Tnp7K?0mbK=>gV}=@k*0Mr_PVAgGMu$j+pWxzq4MAa&jpCDU&-5eH27Iz>m^
zax1?*HhG%pJ((tkR(V(O(L%7v7L%!_X->IjS3H5kuXQT2!ow(;%FDE>16&3r){!ex
zhf==oJ!}YU89C9@mfDq!P3S4yx$aGB?rbtVH?sHpg?J5C->!_FHM%Hl3#D4eplxzQ
zRA+<@LD%LKSkTk2NyWCg7u=$%F#;SIL44~S_OGR}JqX}X+=bc@swpiClB`Zbz|f!4
z7Ysah7OkR8liXfI`}IIwtEoL}(URrGe;IM8%{>b1SsqXh)~w}P>yiFRaE>}rEnNkT
z!HXZUtxUp1NmFm)Dm@-{FI^aRQqpSkz}ZSyKR%Y}Y<Q&WCZ#r6E1BX>HNzBk)ZIp}
zMtS=aMvkgWKm9&oTcU0?S|L~CDqA+sHpOxwnswF-fEG)cXCzUR?ps@tZa$=O)=L+5
zf%m58cq8g_o}3?Bhh+c!w4(7AjxwQ3>WnVi<{{38g7yFboo>q|+7qs<$8CPXUFAN<
zG&}BHbbyQ5n|qqSr?U~GY{@GJ{(Jny{bMaOG{|IkUj7tj^9pa9|FB_<+KHLxSxR;@
zHpS$4V)PP+tx}22fWx(Ku9y+}Ap;VZqD0AZW4gCDTPCG=zgJmF{|x;(rvdM<f^n;1
zK8nxqYR0vKH0j_lDlpPKZ&MGwB{uMn`Y?-pX_!Y3B)-jRTo&O^8pthSIE0&!0lK-e
z!icB)w$6c%`*wHe1Fz?U<?TZjyK8JuG0UC$ZCke^hB6%|%?F1X$1uXP^O6o2PCxRi
zb_5>|2|9a}cex6xrMkERnkE;}jvU-kmzd%_J50$M`lIPCKf+^*zL=@LW`1SaEc%=m
zQ+lT06Gw+wVwvQ9fZ~#qd430v2HndFsBa9WjD0P}K(rZYdAt^5WQIvb%D^Q|pkVE^
z<umx#lsJRB+%c;<9rnPd8EZLPtdXF8y%S2H@ouSr1qOSZk)i$^f3$XJg9S<yWHU+7
zyJJ%uaeqUu9^B#_n2Ir_nIYz}G3SZ_C|5(`c6Umw#_yBgS{UuH<_&oA!pzsBV%g@=
zbOzA1`OA)5@fUbFgE?}SVsAWLGVW?bLByY#LXc_UE*PeNYf={+;y-vKh@$+ue#tsu
zvCKGNIefnaDUw~m>te$&#~zmULFACGfS#g=2OLOnIf2Of-k!(BIHjs77nr!5Q1*I9
z1%?=~#Oss!rV~?-6Gm~BWJiA4mJ5TY&iPm_$)H1_rTltuU1F3<q3^BkZ&_=uH2O^K
z_@P51{S(`LSn2c$B(%yIo=USrBfbZd`d}}bPg&0tq#f2!iBZc9Z>I(qTQ^U$S>%$l
z)Wx1}R?ij0idp@8w-p!Oz{&*W;v*IA;JFHA9%nUvVDy7Q8woheC#|8QuDZb-L_5@R
zOqHwrh|mVL9b=+$nJxM`3eE{O$sCt$UK<z2Kci>^2@L$R(r^-_+z?lOo+me-VW=Zw
z-Bn>$4ovfWd%S<yVaGCiuR4}{b|0tZrdZYdj>PY`ab-u9{INc*k2h+yH%toDHIyqQ
zO68=u`N}RIIs7lsn1D){)~%>ByF<>i@qFb<-axvu(Z+6t7v<^z&gm9McRB~BIaDn$
z#xSGT!rzgad8o>~kyj#h1?7g96tOcCJniQ+*#=b7wPio>|6a1Z?_(TS{)KrPe}(8j
z!#&A=k(&Pj^F;r)CI=Z{LVu>uj!_W1q4b`N1}<u;U_b=ty|*S;DXz*F-)!)F0Pv+Q
zRm=!T^zTn*A6)$bH1cl>E(i%;BWjbEcnD=mv$FL$l?zS6bW!{$7j1GR5ocn94P2u{
z70tAAcpqtQo<@cXw~@i-@6B23;317|l~S>CB?hR5qJ%J3EFgyBdJd^fH<ao26B*v)
zGUaiB1_W^rk+d9W+h~_tj2D}FfPY~B-BL~)lzp|oFVck~{r8sIIlCCz*!+vHo}=OE
zgW`_*^W8W`lLWY+AcSs_rDfwxzeg23BqYRWi$p*e3{sqP3719K#C&l{6X2y_TO;0c
zk>Zu7AzHF(BQ!tyAz<BOKd)9J&U=CXtSstlZ^pj1MMKG$H~T%~{<Zzl`|=?>^L0`X
z23S4Fe{2X$W0$zu9gm%rg~A>ijaE#GlYlrF9$ds^QtaszE#4M(OLVP2O-;XdT(XIC
zatwzF*)1c+t~c{L=fMG8Z=k5lv>U0;C{caN1NItnuSMp)6G3mbahu>E#sj&oy94KC
zpH}8oEw{G@N3pvHhp{^-YaZeH;K+T_1AUv;IKD<=mv^&Ueegrb!yf`4VlRl$M?wsl
zZyFol(2|_QM`e_2lYSABpKR{{NlxlDSYQNkS;J66aT#MSiTx~;tUmvs-b*CrR4w=f
z8+0;*th6kfZ3|5!Icx3RV11sp=?`0Jy3Fs0N4GZQMN=8HmT6%x9@{Dza)k}UwL6JT
zHRDh;%!XwXr6yuuy`4;Xsn0zlR$k%r%9abS1;_v?`HX_hI|+EibVnlyE@3aL5vhQq
zlIG?tN^w@0(v9M*&L+{_+RQZw=o|&BRPGB>e5=ys7H`nc8nx)|-g;s7mRc7hg{GJC
zAe^vCIJhaj<rU9d-Ny$?&}6qolDp7MDNB|ftJI`wi&EhaNhHyV!qQfb_Q>mm7C6g!
zL&!WAQ~5d_5)00?w_*|*H>3$loHrvFbitw#WvLB!JASO?#5Ig5$Ys10n>e4|3d;tS
zELJ0|R4n3Az(Fl3-r^QiV_C;)lQ1_CW{5bKS15U|E9?ZgLec@%kXr84>5jV2a5v=w
z?pB1GPdxD$IQL4)G||B_lI+A=08MUFFR4MxfGOu07vfIm+j=z9tp~5i_6jb`tR>qV
z$#`=BQ*jpCjm$F<t%->0+F)L%xRlnS%#&gro6PiRfu^l!EVan|r3y}AHJQOORGx4~
z&<)3=K-tx518DZyp%|!EqpU!+X3Et7n2AaC5(AtrkW>_57i}$eqs$rupubg0a1+WO
zGHZ<ibB|u&Jk?tUGE|?~tl5Wk^jlF-{lPR;A5i_2TUJp0F;38(es)rx!d-0-m4P-!
z$~|tV-l!W$kj%u&D~eY>KLN2L0D;ab%{_S1Pl<uJj0^JDir_rTS5CizT^_%RU3Cwc
zfrHnUz@7T<9U{4O%SD*qhHiuSo|}zv3Hju=+>m|hx8R?O14*w*f&2&bB050n!R2by
zw!@XOQx$SqZ5I<(Qu$V6g>o#A!JVwErWv#(Pjx=KeS0@hxr4?13zj#oWwPS(7Ro|v
z>Mp@Kmxo79q|}!5qtX2-O@U&&@6s~!I&)1WQIl?lTnh6UdKT_1R640S4~f=_xoN3-
zI+O)$R@RjV$F=>Ti7BlnG1-cFKCC(<Cu6MUX_IBo_X35UX_<48O%CsD25V#~38R@v
zrtYIkXvf1CPBiwCyX%=srhV;xX%`i(ICDDA6?ULc$>t|Qjm{SalS~V-t<tWc<BV1;
zl_jTzT9WFjJ~QeHdyK~l8BJDMnzlnWR?wVpES%e_)7o6AC7w~n8DW>X#+2ekRhwmN
zZr`8{QF6y~Z!D|{=1*2D-JUa<(1Z=;!Ei!KiRNH?o{p5o3crFF=_pX9O-YyJchr$~
zRC`+G+8kx~fD2k*ZIiiIGR<8r&M@3H?%JVOfE>)})7ScOd&?OjgAGT@WVNSCZ8N(p
zuQ<bOx+QY5+%zcISi3vNjYInP2!bhID0f~o9vf+-rhLL{z1^Ck(#`qsgx*#5swyXT
zW>G~76GE3%(%h1*vUXg$vH{ua0b`sQ4f0*y=u~lgyb^!#CcPJa2mkSEHGLsnO^kb$
zru5_l#nu=Y{rSMWiYx?nO{8I!gH+?wEj~UM?IrG}E|bRIBUM>UlY<`T1EHpRr36vv
zBi&dG8oxS|J$!zoaq{+JpJy+O^W(nt*|#g32bd&K^w-t>!Vu9N!k9eA8r!Xc{utY>
zg9aZ(D2E0gL#W0MdjwES-7~Wa8iubPrd?8-$C4BP?*wok&O8+ykOx{P=Izx+G~hM8
z*9?BYz!T8~dzcZr#ux8kS7u7r@A#DogBH8km8Ry4slyie^n|GrTbO|cLhpqgMdsjX
zJ_LdmM<k-VT(PJj^o5EU9N}k~N8WtTC-IGZ`@y!j$sb^<J0;G@Qw2FyCS!3I_NA$4
z1f*^zNnJ-2I0{osRtQts^V?d(XVo8U_KxuKrC4_(t;qw3T5EIb1gaTiFo3yT&HyFL
z)1@c>#I&4LqqsOUIXK8gW;V0B(7^$y#h3h>J0k^WJfAMeYek%Y-Dcb_+0zPJez!GM
zAmJ1u;*rK=FNM0Nf}Y!!P9c4)HIkMnq^b;JFd!S3?_Qi2G#LIQ)TF|iHl~WKK6JmK
zbv7rPE6VkYr_%_BT}CK8h=?%pk@3cz(UrZ{@h40%XgT<XHMp$hv;h9Ymj#=odkk`i
zIQae`_=X#DiyU&N400<DsTZGknpd*i59`VZ(hlvyF={mwt^rqfpTI2&<T<g_&ag;)
zGmdv3$7_Umm3*d1pC<tD4&^z@fB#qeFKt~J{6LxaG(+}hgg|*Exu--o{)yT#JuFbk
z1;57xTR<^av=7#O$H&Fm{_yrRCu{yYJoJ}c0L{yx#X=<de!)a1JlNVp083z$!k1?|
zV)^ps1(-LWXGsXjQ$H~1;~fb%PNBhFP?}VP6a;UunlMt9FKF=Z7zjl{Vm5wAE|rFq
z1-k1JTp~NHKqro%r!pzCx_v|wc?QzZb;2~gF~c_e(7kI?gTf@Sl;&2zZGHBdXMu10
ze@7*&Fo`5Se_O_wf2XJaP0LvFpQz-YM_~(7W9xrFv6N(8d1OJ9&>hP*-Oeo`T0eq9
zA8BnWZKzCy5e&&_GEsU4*;_k}(8l_&al5K-V*B<vk;3_5Y5GsaQRXITZ7En5+1cr}
zoEOfUwTvx(fB#P)g+XFq$3s&MIR%RGTY*w)u1F^x)_4KQF{~iPr`KL;JvOUA!)Bl1
z9p@=a4SF1Po>FM=O~;MgRkYsOs%9eOY6s6AtE*<7GQAR2ulC3RAJrG_P1iQK5Z~&B
z&f8X<>yJV6)oDGIlS$Y*D^Rj(cszTy5c81a5IwBr`BtnC6_e`ArI8CaTX_%rx7;cn
zR-0?J_LFg*?(#n~G8cXut(1nV<GD8u>F0Oka$A<Xrs+39Fcy_UX4+wJsyL;Ad#|W_
zoZzvm=HX_}HyBFXw08LR4`!>$1FGcERU<^ggx;p@CZc?3UB41RY+wLS`LWFNSs~YP
zuw1@DNN3lTd|jDL7gjBsd9}wIw}4xT2+8dBQzI00m<@?c2L%>}QLfK5%r!a-iII`p
zX@`VEUH)uj^$;7jVUYdADQ2k*!1O3WdfgF?OMtUXNpQ1}QINamBTKDuv19^{$`8A1
zeq%q*O0mi@(%sZU>Xdb0Ru96CFqk9-L3pzLVsMQ`Xpa~N6CR{9Rm2)A|CI21L(%GW
zh&)Y$BNHa=FD+=mBw3{qTgw)j0b!Eahs!rZnpu)z!!E$*eXE~##yaXz`KE5(nQM`s
zD<pRzTt9Ga7_+7V*(vgeNjPLq#T#Hzh4oMyk4m^&mDHa-;LXM`BMlpNPVXZiWB!7-
zsrLYk0v?{Pinwui>!$vW9XH)iMxu9R>r$VlLk9oIR%HxpUiW=BK@4U)|1WNQ=mz9a
z^!KkO=>GaJ!GBXm{KJj^;kh-MkUlEQ%lza`-G&}C5y1>La1sR6hT=d*NeCnuK%_LV
zOXt$}iP6(YJKc<sy3IAHEj2Y-R)3MS?rC66If(_;`nr~Onw70}P1hEBm+!itUy1C`
zNpHpki6_MC$7{&PcGt_M^XxtUNv`)v*iXj|1|scVAGjs`iL^4oZ_EXmgi;5b%!&n+
ziIZl66eo#;Grax0|H0Th2FKohS;Mhy+qQFJ+qP}z#I|iaIk9cqPEKq)Z~pVlJTr68
zJXP<9U-g%+tE>9j-Fxq~*ItVUqljQ8?oaysB-EYtFQp9oxZ|5m0^Hq(qV!S+hq#g(
z?|i*H2MIr^Kxgz+3vIljQ*Feejy6S4v~jKEPTF~Qhq!(ms5>NGtRgO5vfPPc4Z^AM
zTj!`5xEreIN)vaNxa|q6qWdg>+T`Ol0Uz)ckXBXEGvPNEL3R8hB3=C5`@=SYgAju1
z!)UBr{2~=~xa{b8>x2@C7weRAEuatC)3pkRhT#pMPTpSbA|tan%U7NGMvzmF?c!V8
z=pEWxbdXbTAGtWTyI?Fml%lEr-^AE}w#l(<7OIw;ctw}imYax&vR4UYNJZK6P7ZOd
zP87XfhnUHxCUHhM@b*NbTi#<F%^Z|eYk;z2_lk&RVh7s<F5xO2t#&+J(_Y0MwZqrY
zicy(G9z6&?{09>(-8|wcv%3BGNs#zRCVV(W?1Qj6^PPQa<{yaBwZ`+<`w|;rqUY_C
z&AeyKwwf*q#OW-F()lir=T^<^wjK65Lif$puuU5+tk$;e_EJ;Lu+pH>=-8=PDhkBg
z8cWt%@$Sc#C6F$Vd+0507;{OOyT7Hs%nKS88q-W!$f~9*WGBpHGgNp}=C*7!RiZ5s
zn1L_DbKF@B8kwhDiLKRB@lsXVVLK|ph=w%_`#owlf@s@V(pa`GY$8h%;-#h@<I6M_
zmQBeLGoxDbjVm1w<bC@g^^f(C!^JL|q^~JGpu4s;6B8qK+5^Y5Qq9@Z$yi1AO_ivY
zEj2e_U?RYgY($+y4MYyPw@#Znh;BBeSCVn{gx>TsO|Y8V=n@*!Rog7<7Cid%apR|x
zOjhHCy<N%=9>fbIt%+*PCveTEcuiDi%Wx;O;+K=W?OF<?k#V0K7HZbJn*d3I+eoH#
zh7<l$XDBh2e3X@S)0xR1RL*X3v}anZNmTRLP100Vjg6lZsj8M4WV<xI)QGou52W;l
zuhA|fVCliO=-1Jr275Sx<Y+M^NR?|nFbw_$)30P*nj@^6+|ZdgJZ18l!}qu2UJUSH
z1R0|V6_~e{(m?E}wM3qUG_Q$t&XB<F<iQ0B?7yghy}e3`PL?Jnn_FH7zs7FvV}ZNC
zg-k1nj;~OaAd0bVj&A17jIs@8j;@`1Da87%aS+QW)3w-0g!{V<Z8Jk0K;t-e-m_}H
z#$DpTS=ZJ!079fqU)_vsqe{Hxz{t*PFrYaR_X{Idl~pteGXU-!HXH+n-Nm@~!Nn|q
zjK^|6Bi^u9r}}mzbV)k27Kxg2T1S^j^-m&I%;>UV%)%~6;gl?<0%)?snDDqIvkHF{
zyI02)+lI9ov42^hL>ZRrh*HhjF9B$A@=H94iaBESBF=eC_KT$8A@uB^6$~o?3W<f9
zYtSca#$B|92$2MdaDc&Gb6a^9xjGKojcdPg>m5t1OIaqF^~><2?4e3c&)@wKn9bD?
zoeCs;H>b8DL^F&>Xw-xjZEUFFTv>JD^O#1E#)CMBaG4DX9bD(Wtc8Rzq}9soQ8`jf
zeSnHOL}<+WVSKp4kkq&?SbETjq6yr@4%SAqOG=9E(3YeLG9dtV+8vmzq+6PFPk{L;
z(&d++iu=^F%b+ea$i2UeTC{R*0Isk;vFK!no<;L+(`y`3&H-~VTdKROkdyowo1iqR
zbVW(3`+(PQ2>TKY>N!jGm<sD6AnGF=)0Re*7@0HIc_nG=Iw;>Go7oeoB8O|P_!Ic@
zZ^;3dnuXo;WJ?S+)%P>{Hcg!Jz#2SI(s&dY4QAy_vRlmOh)QHvs_7c&zkJCmJGVvV
zX;Mtb>QE+xp`KyciG$Cn*0?AK%-a|=o!+7x&&yzHQOS>8=B*R=niSnta^Pxp1`=md
z#;$pS$4WCT?mbiCYU?FcHGZ#)kHVJTTBt^%XE(Q};aaO=Zik0UgLcc0I(tUpt(>|&
zcxB_|fxCF7>&~5eJ=Dpn&5Aj{A^cV^^}(7w#p;HG&Q)EaN~~EqrE1qKrMAc&W<U9$
z+^)SZeHD%7BgO}J?hdzGer@n(wj6EYe>XIE;>@<&)5;gD2?={Xf@Mvn@OJKw=8Mgn
z!JUFMwD+s==JpjhroT&d{$kQAy%+d`a*XxDEVxy3`NHzmITrE`o!;5ClXNPb4t*8P
zzAivdr{j_v!=9!^?T3y?gzmqDWX6mkzhIzJ-3S{T5bcCFMr&RPDryMcdwbBuZbsgN
zGrp@^i?rcfN7v0NKGzDPGE#4yszxu=I_`MI%Z|10nFjU-UjQXXA?k8Pk|OE<(?ae)
zE%vG#eZAlj*E7_3dx#Zz4kMLj>H^;}33UAankJiDy5ZvEhrjr`!9eMD8COp}U*hP+
zF}KIYx@pkccIgyxFm#LNw~<U{`Via^B{gMVX)!#|jCh_xM6ikcrvnXbWa+dwBKVSS
zK-4G%y><Bux_?U*2>G&`;o&5)2`5aogs`1~7cMZQ7zj!%L4E`2yzlQN6REX20&O<9
zKV6fyr)TSc<e)zOh9v0_vMgh>JPPzNTC2gL+0x#=u>(({{D7j)c-%tvqls3#Y?Z1m
zV5WUE)zdJ{$p>yX;^P!UcXP?UD~YM;IRa#Rs5~l+*$&nO(;Ers`G=0D!twR(0GF@c
zHl9E5DQI}Oz7<JMjFG_&ureTdMV@FLw-eP(lgkhig$ECHD*ei9Xc()#hw||V#@>4n
zfKP>&$q0($T4y$6w(p=ERAFh+>n%iaeRA%!T%<^+p<H-<uJNd-sy)}Y@~CN#3u5W*
zjI&ROZ_Rx}0(a!_QCcJ9_!&~Uc}E0JQd?M`bT;-C9-Z?5E@UMa&Fe8b7GLT8{XPb5
zyf%i|Q0Xl+SI;QD#Yg>g?M)@ucY<&59$x9M#n+V&>}=nO9wCV{O~lg&v#+jcUj(tQ
z`0u1YH)-`U$15a{pBkGyPL0THv1P|4e@pf@3IBZS4dVJPo#H>pWq%Lr0YS-SeWash
z8R7=jb28KPMI|_lo#GEO|5B?N_e``H*23{~a!AmUJ+fb4HX-%QI@lSEUxKlGV7z7Q
zSKw@-TR>@1RL%w{x}dW#k1NgW+q4yt2Xf1J62Bx*O^WG8OJ|FqI4&@d3_o8Id@*)4
zYrk=>@!wv~mh7YWv*bZhxqSmFh2Xq)o=m;%n$I?GSz49l1$xRpPu_^N(vZ>*>Z<04
z2+rP70oM=NDysd!@fQdM2OcyT?3T^Eb@lIC-UG=Bw{BjQ&P`KCv$AcJ;?`vdZ4){d
z&gkoUK{$!$$K`3*O-j<Zi{jTPO?eI9$VNEqKns5`DQpeK-2u;%g&U>yM1~<ZC)5l@
zIkr@87e@uhA6MH$K<@Z>p-7T*qb)Ys>Myt^;<CgA4AYJg%~h2T>#1&a%O@x8A+E>!
zY<A2w=yT8AF-EkBw>8=eD`ZG)LVagDLBeHg>=atOG?Kr%h4B%E6m@J^C+U|y)XX@f
z8oyJDW|9g=<#f<{JRr{y#~euMnv)`7j=%cHWLc}ngjq~7k**6%4u>Px&W%4D94(r*
z+akunK}O0DC2A%Xo9jyF;DobX?!1I(7%}@7F>i%&nk*LMO)bMGg2N+1iqtg+r(70q
zF5{Msgsm5GS7DT`kBsjMvOrkx&|EU!{{~gL4d2MWrAT=KBQ-^zQCUq{5PD1orxlIL
zq;CvlWx#f1NWvh`hg011I%?T_s!e38l*lWVt|~z-PO4~~1g)SrJ|>*tXh=QfXT)%(
z+ex+inPvD&O4Ur;JGz>$sUOnWdpSLcm1X%aQDw4{dB!cnj`^muI$CJ2%p&-kULVCE
z>$eMR36kN$wCPR+OFDM3-U(VOrp9k3)lI&YVFqd;Kpz~K)@Fa<T;^H>&FRw}L(SoD
z9B4a+hQzZT-BnVltst&=kq6Y(f^S4hIGNKYBgMxGJ^;2yrO}P3;r)(-I-CZ)26Y6?
z&rzHI_1GCvGkgy-t1E;r^3Le30|%$ebDRu2+gdLG)r=A~Qz`}~&L@aGJ{}vVs_GE*
zVUjFnzHiXfKQbpv&bR&}l2bzIjAooB)=-XNcYmrGmBh(&iu@o!^hn0^#}m2yZZUK8
zufVm7Gq0y`Mj;9b>`c?&PZkU0j4>IL=UL&-Lp3j<Z6B(#r?G=5OTIVqppQV7;$oUZ
z_*bfNYVfkU+>&47B5pAW4JceG{!XCA)kT<%2nqCxj<)uy6XR_uws~>_MEKPOpAQ!H
zkn>FKh)<9DwwS*|Y(q?$^N!6<o$@lIm`~9<Ur$vhpA3&|(gF`!3*mR7y8%R>(51O0
z^JM~Ax{AI1Oj$fs-S5d4T7Z_i1?{%0SsIuQ&r8#(JA=2iLcTN+?>wOL532%&dMYkT
z*T5xepC+V6zxhS@vNbMoi|i)=rpli@R9~P!39tWbSSb904ekv7D#quKbgFEMTb48P
zuq(VJ+&L8aWU(_FCD$3^uD!YM%O^K(dvy~Wm2hUuh6bD|#(I39Xt>N1Y{ZqXL`Fg6
zKQ?T2htHN!(Bx;tV2bfTtIj7e)liN-29s1kew>v(D^@)#v;}C4-G=7x#;-dM4yRWm
zyY`cS21ulzMK{PoaQ6xChEZ}o_#}X-o}<&0)$1#3we?+QeLt;aVCjeA)hn!}UaKt<
zat1fHEx13y-rXNMvpUUmCVzocPmN~-Y4(YJvQ#db)4|%B!rBsgAe+*yor~}FrNH08
z3V!97S}D7d$zbSD{$z;@IYMxM6aHdypIuS*pr_U6;#Y!_?0i<Th%7C5rAWptzT;+8
z^q+L14xti*_qZw!_5cZk%7|55dKPFjM~R1_=~fye=uVS6nDqhi)PszECfuz7L#WMP
z!r+BR+k)}Z4nk;GJ*^~}T(1)9OIq4cSY?CPrYrC|{k3|*qwa%HsQZRC>|&yU*@16l
z*dcMqDQgfNBf}?quiu4e>H)yTVfsp#f+Du0@=Kc41QockXkCkvu>FBd6Q+@FL!(Yx
z2`YuX#eMEiLEDhp+9uFqME_E^faV&~9qjBHJkIp~%$x^bN=N)K@kvSVEMdDuzA0sn
z88CBG?`RX1@#hQNd`o^V{37)!w|nA)QfiYBE^m=yQKv-fQF+UCMcuEe1d4BH7$?>b
zJl-r9@0^Ie=)guO1vOd=i$_4sz>y3x^R7n4ED!5o<f!284U3o`_8>XL3@5**h<Hcp
z@=-jpH@#|<>(xr%Hv)_gILarO46q+MaDOF%ChaymKoI6JU5Pg;7#2n9-18|S1;AK+
zgsn6;k6-%!QD>D?cFy}8F;r@z8H9xN1jsOBw2vQONVqBVEbkiNUqgw~*!^##ht>w0
zUOykwH=$LwX<q*Afk5R&Mctbiz>2j&nLy=@{hr)2O&-wm-NyjW7n~Zs9UlH;P7iP3
zI}S(r0YFVYacnKH(+{*)Tbw)@;6>%=&Th=+Z6NHo_tR|JCI8TJiXv2N7ei7M^Q+RM
z?9o`meH$5Yi;@9XaNR#jIK^&{N|DYNNbtdb)XW1Lv2k{E>;?F`#Pq|&_;gm~&~Zc9
zf+6ZE%{x4|{YdtE?a^gKyzr}dA>OxQv+pq|@IXL%WS0CiX!V<r8QLM#*MRM`MfrL^
z$oozeKu(Nq#u9g*IQ%|9o}%#$^xUC(KN(HGggqLu?YF|WP9UQsZcqciD65u58u(o>
zm$fCePA%lU{%pTKD7|5NJHeXg=I0jL@$tOF@K*MI$)f?om)D63K*M|r`gb9edD1~Y
zc|w7N)Y%do7=0{RC|AziW7#am$)9jciRJ?IWl9PE{G3U+$%FcyKs_0Cgq`=K3@ttV
z9g;M!3z~f_?P%y3-ph%vBM<NK?r_G3UHy@sF~h!`(w;SXKRHdJ%HcvAvAAT4Qk5qo
zMgavqbI6bm$F8YQRbu-Q60TKKDjBrG#E!{k)-_O9;f|9i`Bf)1frR1W)S8zwM~^w3
zgTV=3ki=7ABU#jjo~7zOCe&Y02bU{vhUnu>eS@p7P&Ea8M@97+%XEj*(1E6vHj==d
zjsoviB>j^$_^OI_DEPvFkVo(BGRo%cJeD){6Uckei=~1}>sp299|IRjhXe)%?uP0I
zF5+>?0#Ye}T^Y$u_rc4=lPcq4K^D(TZG-w30-YiEM=dcK+4#o*>lJ8&JLi+3UcpZk
z!^?95S^C0ja^jwP`|{<+3cBVo<?ZqT?*63G^-kLfa79`_!t|3XN?#4oHPT!4lKDlS
z&|`dJ%anWz)cD{Izk)|S%W;K%rEUv+1C{y)t{{-Ax56UAAwT>g$(mRdQmadS+Vh~z
zS@|P}=|z3P6uS+&@QsMp0no9Od&27O&14zHXGAOEy<!&qoA;BoYe5Gd6XaoKZz3O>
zh~OKpymK5C%;LLb467@KgIiVwYbYd6wFxI{0-~MOGf<ue$0Kq0FKpj=H%&N{0wz|#
zv3H@VVff^)dR)T~U^4qB#5GIMnxWTKM_`%1WhbW1RX5wx$kbFST`O+(C#(QYZ1qYr
zH@an#>Tq$nBTB!{SrW<fHPfZ<Irz+G=%+OcFrK=FGzu_OrmZYz+$?F}3ABX2OV4Ts
zsD|%iq->mL9H<Tr^2xz>s}C&l&l#m?s*{tA?BHS4mVKHAVMqm63H<|c5n0~k)-kbg
zXidai&9ZUy0~WFYYKT;oe~rytRk?)r8bptITsWj(@HLI;@=v5|XUnSls7$uaxFRL+
zRVMGuL3w}NbV1`^=Pw*0?>bm8+xfeY(1PikW*PB>>Tq(FR`91N0c2&>lL2sZo5=VD
zQY{>7dh_TX98L2)n{2OV=T10~*YzX27i2Q7W<Ntl33%|cp7@_XQ%`!?JFZGy3th+(
z9`69=1diKn`u=0X>86M4$?gZIXZaBq#sA*{PH8){|GUi;oM>e?ua7eF4WFuFYZSG|
zze?srg|5Ti8Og{<A|-y4P^Vw-HZz`B)6iIj60J8RmoI9z56$O?KklBRh#A8wwXksP
zIQ{KLcY4jo=L=|_hbacrV%Qq6!Kf@BT^Q2N;#Sl~J=F}P(ian;6LK=Pia-a<t*`EG
zsvh#5MX1PG_H?pP{~kcN#Yl5&$-{v%{fm#~)VR&aYV*QjB+l!bVIL2ZIK*(o)mg>O
zeFx<XJQO~(UxB;12D)?%fz2kHQ0)}w{#l!~t+-NWg^{L<(tn&kN>uw9!U+zhyk?@w
zjsA6(oKD=Ka;A>Ca)oPORxK+kxH#O@<!C?nm{!PyX#FIJ5Fce^7Glx51z4q!IF-9T
z(}u{s9F?k?->zhC!!XS4@=swnuMk>t+JmLmFiE^1aX3f<)D@`%K0FGK^gg1a1j>zi
z2KhV>sjU7AX3F$SEqrXSC}fRx64GDoc%!u2Yag68Lw@w9v;xOONf@o)Lc|Uh3<2<E
zaTlN?EK~WL>1ctTYu-mFZuHk*+R{GjXHIGq3p)tFtQp%TYqD=j1&y)>@zxoxUJ!G@
zgI0XKmP6MNzw>n<q>RxK$-Gbzs}dyfFzt>#5;f6oR27ql!%+{tr+(`(>%51|k`ML}
zY4eE)Lxq|JMas(;JibNQds1bUB&r}ydMQXBY4x(^&fY_&LlQC)3hylc$~8&~|06-D
z#T+%66rYbHX%^KuqJED_wuGB+=h`nWA!>1n0)3wZrBG3%`b^Ozv6__dNa@%V14|!D
zQ?o$z5u0^8`giv%qE!B<jmp7|q6krbi_G>zZ!3j;BlDlJDk)h@9{nSQeEk!z9RGW)
z${RSF3phEM*ce*>Xdp}585vj$|40=&S{S-GTiE?Op*vY&Lvr9}BO$XWy80IF+6@%n
z5*2ueT_g@ofP#u5pxb7n*fv^Xtt7&?SRc{*2Ka-*!BuOpf}neHGCiHy$@Ka1^Dint
z;DkmIL$-e)rj4o2WQV%Gy;Xg(_Bh#qeOsTM2f@KEe~4kJ8kNLQ+;(!j^b<yk)2Ga*
z`Da!i<uGd>gJMcNhvklP5Z6I+9Fq@c&D~8Fb-4rmDT!MB5QC{Dsb;BharP*O;SF4&
zc$wj-7Oep7#$WZN!1nznc@Vb<_Dn%ga-O#J(l=OGB`dy=Sy&$(5<R7(thvp%XRU@s
zvD!RD|Ap4-iUR15Zc?p`W5PfYcwl?pqP=!?Ly8YQJV-_=LA<5F14$ueWH9bhJ%_)w
z7V5=v(sMJKH%(v>-n3zzu%d7E#^8`T@}V+5B;PP8J14#4cCPw-SQTdGa2gWL0*zKM
z#DfSXs_iWOMt<QB?xsXtvjwXo?shW#x+{vW<m&Lb0}Ev3ll-+Cv)H2yx72H2vfbao
z)&}#dlu-#QrCe#mI_dwQZ8aV{yR-kuQpUpp0FeFvxZ;1G7pk86VlScc8cAV!@aPt-
zLbAEaXYm_LG-m+FWTqvpGKKfn>)0*+Y>Lkd=LlyoHjublNLefhKBv@JoC>P7N1_#>
zv=mLWe96%EY;!ZGSQDbZ<UL<`wO?;KrMew|zF)HM0NF!*C)o2Xb2C86^s8tmic{Un
z9|@ov+&qEN=O7wL#??)8qe;19z|E|XhPC!>Wb#;tzqAGgx~uk+-$+2_8U`!ypbwXl
z^2E-FkM1?lY@yt8=J3%QK+xaZ6ok=-y%=KXCD^0r!5vUneW>95PzCkOPO*t}p$;->
ze5j-BLT_;)cZQzR2CEsm@rU7GZfFtdp*a|g4wDr%8?2QkIGasRfDWT-Dvy*U{?IHT
z*}wGnzdlSptl#ZF^sf)KT|BJs&kLG91^A6ls{CzFprZ6-Y!V0Xysh%9p%iMd7HLsS
zN+^Un$<a&ma`v<=_o?VGrwUGJw=O>tDV)T@i!v?3o0Fsx2qI(AX_$dDkBzQ@fRM%n
zRXk6hb9Py#JXUs+7)w@eo;g%QQ95Yq!K_<hHRNS7N*hWtqjDKgW@A%kX02U4KOU=O
zvdAz#;kT}}XkJ!QzU;bHk8JAq+{_%?pw^sYL|x|PeydT9?IGU9Y51^30i-q1#6m%s
zrcB|gv?mw<4R{=sU0@i6UC;{u0I&8wO=u?6r+b>d=z{0dGS+pToEI6=Bo8+{k$7&Z
zo4>PH(`ce8E-Ps&uv`NQ;U$%t;w~|@E3WVOCi~R4oj5wP?%<*1C%}Jq%a^q~T7u>K
zML5AKfQDv6>PuT`{SrKHRAF+^&edg6+5R_#H?Lz3iGoWo#PCEd0DS;)2U({{X#zU^
zw_xv{4x7|t!S)>44J;KfA|DC?;uQ($l+5Vp7oeqf7{GBF9356nx|&B~gs+@N^gSdd
zvb*>&W)|u#F{Z_b`f#GV<S^Bd2~Pyg*5%eHlTUz}@u5PV*7l^~{G24{Qqrx`@++o~
ztboMW3urCbjTB~&;i*a|(eC0qz31>tQ`pYv3#||N{xj1NgB<#=Odt6{eB%#9RLt5v
zIi|0u70`#ai}9fJjKv7dE!9ZrOIX!3{$z_K5FBd-Kp-&e4(J$LD-)NMTp^_pB`RT;
zftVVlK2g@+1Ahv2$D){@Y#cL#dUj<nH(n~Edj4!|Skt}P+Crb$TxBzD_v2O|_fXDf
zyOhDlptC3q?wEW8BD4DYDy}&OXN4=Gin3Clovb(?fZbl&a4@HKR2*IMYDM~#=eox}
zr@@VgW<o#eD*<OYTh-Dp*Y9Q~ulW+qlsH#Z{CRf%{8T(JHO1!sg=2L#MeC>9*&%#6
zd2m9{1NYp>)6=oAvqdCn5#cx{AJ%S8skUgMglu2*IAtd+z1>B&`MuEAS(D(<6X#Lj
z?f4CFx$)M&$=7*>9v1ER4b6!SIz-m0e{o0BfkySREchp?WdVPpQCh!q$t>?rL!&Jg
zd#heM;&~A}VEm8Dvy&P|J*eAV&w!&Nx6HFV&B8jJFVTmgLaswn!cx$&%JbTsloz!3
zMEz1d`k==`Ueub_JAy_&`!ogbwx27^ZXgFNAbx=g_I~5nO^r)}&myw~+yY*cJl4$I
znNJ32M&K=0(2Dj_>@39`3=FX!v3nZHno_@q^!y}%(yw0PqOo=);6Y@&ylVe>nMOZ~
zd>j#QQSBn3oaWd;qy<AH3+eYXyF}9Xqs&`j)Js;7`deezzO@(if{@wtUbaD%FKTU}
z5w@ZwEG`RDwK>$&5(5H$Ayi)0haAYO6TH<z?6tyk$+6-5SvI&DI1q3_)(4fdZ5Se9
zBbX2Qt9$@_(SU-uL9$`(89L9b^PH`sRc(S;t{a+9w+wmDT>>FR?rhqHmNOO+(})NB
zLI@B@v0)eq!ug`>G<@htRlp3n!EpU|n+G+AvXFrWSUsLMBfL*ZB`CRsIVHNTR&b?K
zxBg<HRwQH-Pd9_*;+0`Ns@&d6=NP#dv8(oIe;Q1jESZF+juys7ECR&=R-98_-67uO
z3$~aVQBexDk*n5GG0IbgeygBsp6J9Ak`^z@J>sN0BjfB>UVcJ|x%=-zb%OV7lmZc&
zxiupadZVF7)6QuhoY;;FK2b*qL0J-Rn-8!X4ZY$-ZSUXV5DFd7`T41c(#lAeLMoeT
z4%g655v@7AqT!i@)Edt5JMbN(=Q-6{=L4iG8RA%}w;&pKmtWvI4?G9pVRp|RTw`g0
zD5c12B&A2&P6Ng~8WM2eIW<Jfbv|J{U>=wxd?r7A*N+&!Be7PX3s|7~z=APxm=A?5
z<Ct?-npDR`F>t>xB4WG|*Td@VX{Rs)PV0|yK`oI3^xn(4c_j&vgxk_Y3o(-`_5o`V
zRTghg6%l@(qodXN;dB#+OKJEEvhfcnc#BeO2|E(5df-!fKDZ!%9!^BJ_4)9P+9Dq5
zK1=(v?KmIp34r?z{NEWnLB3Px{XYwy-akun4F7xTRr2^zeYW{gcK9)>aJDdU5;w5@
zak=<+-PLH-|04pelTb%ULpuuuJC7DgyT@D|p{!V!0v3KpDnRjANN12q6SUR3mb9<-
z>2r~IApQGhst<D{{Vf5G$!J9FyJ-E-*A*EoNl_C#=MT@p=Xle}_jo(=^L>Z!3*?5V
z8#)hJ0TdZ<kpQa~V_Tj9(@ze|2#~^ENp?G7Jt@Eflo`qt*qnbcmXouacBm8O7C@Os
z{Du2beNd5?Za)HL!ZE%zpwg!kyVuKIF9N=(m23`w*$5>g0M-BK#nGFP>$i=qk82DO
z7h;Ft!D5E15OgW)&%lej*?^1~2=*Z5$2VX>V{x8SC+{i10BbtUk9@I#Vi&hX)q<DD
zB<)Sw)<~oUy)n6wE>Q!LwySI{Bnv%Sm)yh{^sSVJ8&h_D-BJ_YZe5eCaAWU9b$O2c
z$T|{vWVRtOL!xC0DTc(Qbe`ItNtt5hr<)VijD0{U;T#bUEp381_y`%ZIav?kuY<v6
zX67v2C6cbIOG)5k!|qC-WsWgOfACm-q$QibFt!z9&vuM4Ra<@t5?aicE~iV+3AvjG
zIg1RVRV7=ipka+$YiU^iebt34R#X_ZP(5j+8#<1x%dt8dn8LWW*;+`tjJbED5GP+(
z;WzH$-`*O}!b)z&?E7%4&3EtV-<sTj?CD<=L+<P?A5!5CSPGi)w4A<JPgzq;6rR*O
zXNdyY$eTaKl$~z~drmdabQ@3giDtf2>G{iyYdEBPW=*xNSc;Rlt6~F4M`5G+VtOjc
z*0qGzCb@gME5udTjJA-9O<&TWd~}ysBd(eVT1-H82-doyH9RST)|+Pb{o*;$j9Tjs
zhU!IlsPsj8=(x3bAKJTopW3^6AKROHR^7wZ185wJGVhA~hEc|LP;k7NEz-@4p5o}F
z`AD6naG3(n=NF9HTH81=F+Q|JOz$7wm9I<+#BSmB@o_cLt2GkW9|?7mM;r!JZp89l
zbo!Hp8=n!XH1{GwaDU+k)pGp`C|cXkCU5%vcH)+v@0eK>%7gWxmuMu9YLlChA|_D@
zi#5zovN_!a-0?~pUV-Rj*1P)KwdU-LguR>YM&*Nen+ln8Q$?WFCJg%DY%K}2!!1FE
zDv-A%Cbwo^p(lzac&_TZ-l#9kq`mhLcY3h9ZTUVCM(Ad&=EriQY5{jJv<5K&g|*Lk
zgV%ILnf1%8V2B0E&;Sp4sYbYOvvMebLwYwzkRQ#F8GpTQq#uv=J`uaSJ34OW<hi?`
zP14gpnLmL&7H`p4L%8;nC1<^Sv9p;w<Wt?|_#g6*20U1pM3nHRfS>ITeSGo6+-8Xw
znCk*n{kdDEi)Hi&u^)~cs@iyCkFWB2SWZU|Uc%^43ZIZQ-vWNExCCtDW<BUzywAz*
z=(vxHv4d&65KOllAq-#$@U{@M^Tie>jqHs;;tWf$v{}0{p0Rvxkq``)*>+Akq%|Na
zA`@~-Vfe|+(AIlqru+7Ceh4nsVmO9p9jc8}HX^W&ViBDXT+uXbT#R#idPn&L>+#b6
zflC-4C5-X;kUnR~L>PSLh*gvL68}RBsu#2l`s_9KjUWRhiqF`j)`y`2`YU(>3bdBj
z?>iyjEhe-~$^I5!nn%B6Wh+I`FvLNv<KrLHuL|CB_`07?lkcY;`F}7N|9w?h$j;W(
z!pz0d;6Gc;=tP?z1|!0VS^mTNfuvL}h&K?b1^iwS6ciDpxQaBY5Gc}49BtNL@wSAH
zN-`fR84|MY8{n7xC}ub4B$LcEGUf*6``pjVtH+rgy&k|kpb4%YlJ~9w&{2Xuzeu1M
zq`UMUPdX@*+$axeLs?$}*bD{+cnrR~Y#}m-O=_R~Wti_#iWT_s(=ymH^VTEl)dozx
zf?Q;WOl1sf3*~dyaUWrzpj(B{DD^$`<1{1iWu+66OaaANG(C3>auve~eX<+Ipl&04
zT}};W&1a3%W?dJ2=N#0t?e+aK+%t}5q%jSLvp3jZ%?&F}nOOWr>+{GFIa%wO_2`et
z=JzoRR~}iKuuR+azPI8;Gf9)z3kyA4EIOSl!sRR$DlW}0>&?Gb<F6G*f~S_Xmd?&<
zcTp7FM31gIFJU_kMTKVvYfdLV&qNi%10o_cXO}T8c0JA~S7IvYJW{2Mc@QfYQPg<B
zM^$g#zoTZ3_m+CrHFauLo}15?s=HP)?JB{H_0#&&1l#xC0PUJEil&(!l3&4$4Oabl
z(t*+m#j)cGDV4roRR~6gh^^UTE<ORsZfX<yztwQw%!x#Q2cf-H-Ei*R_oEBu0*M}r
zaR*fDOfo;PPv!PbT7OdxPFjDUG&0BrIox?s;EQMl0XBMs85AAF!I(xegz)j_*&}F&
zVxM4&whWS?c~-!t@$rAV{-U7+LEraxy0yVT-$%W;DztTaLwSHk;hmJtJCfzd$8ZUU
zM49WF9Y$VtKqVmyl%^86>gPojmj<IO9KHY)gcrh=qY_}jG!}())PpS;BXBA!e*hSR
zilZbQ&4Xd81)(e#05gdbS)_Rc7=w(fM<O8%<WUPqvy2OZsgKBL!XxkiWU2;{7$;C6
z9R+3;R|H$*pUT7|00m@1wlw|z2Pi1^Q3j9tQwHGtFdr%Y_fp{BLtn(*#K`48rPtM-
zeUXnbzjJ6`4-eFtz^q{qhyCKLVL%|Li&oS2mxY?F!w9Q6rOe*>mnln;cTqCt=ADbE
zZ8GAnoM+S1(5$i8^O4t`ue;vO4i}z0wz-QEIVe5_u03;}-!G1NyY8;h^}y;tzY}i5
zqQr#Ur3Fy8sSa$Q0ys+f`!`+>9WbvU_I`Sj;$4{S>O3?#inLHCrtLy~!s#WXV=oVP
zeE93*Nc`PBi4q@%Ao$x4lw9vLHM!6mn3-b_cebF|n-2vt-zYVF_&sDE--J-P;2WHo
z+@n2areE0o$LjvjlV2X7ZU@j+`{*8zq`JR3gKF#EW|#+{nMyo-a>nFFTg&vhyT=b}
zDa8+v0(Dgx0yRL@ZXOYIlV<CBxH&myw-{Mgw|3Z>SZ0|MFizy0VPW8;AfA5|pe!#j
zX}Py^8fl5SyS4g1WSKKtnyP+_PoOwMMw<ZOz9;D51vwfT?(7P{J9uC+df4xbrr2zV
zB?xsPrQn{*Mv;KOgSS&5@+LuXkea1)Zq>u`(i@Z)diJp~U54*-miOchy7Z35eL>^M
z4p<-aIxH4VUZgS783@H%M7P9hX>t{|<kmOhY+3PLOlAj^>RU7$n4T(brCG#h9e9p!
z+o`i;EGGq3&pF;~5V~eBD}lC)>if$w%Vf}AFxGqO88|ApfHf&Bvu+xdG)@vuF}Yvk
z)o;~k-%+0K0g+L`Wal<EEr#pT9&cB!85zTR)doGHYQA;Y4iG{j=~O<Gh^(9@<v8&o
z)RDtDdQW7hx3ZX>a!$=ZV|z$e%>f0%XoLib%)!R^RoS+{!#X?h-<kGFCJU+*P>6uu
zF&&KxORdZU&EwQFITIRLo(7TA3W}y6X{?Y%y2j0It!ekU#<)$qghZtpcS>L3uh`Uj
z7GY;6f$9qKynP#oS3$$a{p^{D+0oJQ71`1?OAn_m8)UGZmj3l*ZI)`V-a>MKGGFG<
z&^jg#Ok%(hhm>hSrZ5;Qga4u(?^i>GiW_j9%_7M>j(^|Om$#{k+^*UL<NK}BVp#gd
zBD%KcbS)b{|CXjYx_P3_eGPFMMz1_Nk540?Us_HPBMy;cERLy0SxfOpX5xzV&cl#)
zt&&6pjk~F}sDOyA9s+XeyTf%9%I=S3nCcDp2Af;QpT#R>nEgzW_1gCICtAD^WpC`A
z{9&DXkG#01Xo)U$OC(L5Y$DQ|Q4C6CjUKk1UkPj$nXH##J{c8e#K|&{mA*;b$r0E4
zUNo0jthwA(c&N1l=PEe8Rw_8cEl|-eya9z&H3#n`B$t#+aJ03RFMzrV@gowbe8v(c
zIFM60^0&lCFO10NU4w@|61xiZ4CVXeaKjd;d?sv<gv6;u6elr3xr~p;CLrK1=+ZBw
z$Y<W|q#kt(G{*D&Qkw-trQSG}>52XM*lS8XiVjgWpRB;&U_C0g+`6B5V&w|O6B*_q
zsATxL!M}+$He)1eOWECce#eS@2n^xhlB4<_Nn?yCVEQWDs(r`|@2GqLe<#(|&P0U?
z$7V5IgpWf09uIf_RazRwC?qEqRaHyL?iiS05UiGesJy%^>-C{{ypTBI&B0-iUYhk>
zIk<5xpsuV@g|z(AZD+C-;A!fTG=df1=<%nxy(a(IS+U{ME4ZbDEBtcD_3V=icT6*_
z)>|J<Y(kIYsG`z6gyX&}qOiN*?9OL086m5X{hq6Ig4#W@iNENBRsw2^%kU7#L2|pp
zfdZ~o%7N|AM$3+2Q82nCBw2dK>?>&6%nvHhZERBtjK+s4xnut*@>G<VN!iYC0JC0F
z7C4lQZ~9^GNSctWumcZ#1X037wz24bZkA{*jo3r`%UXDS^K_+8hV8{gw8t#vVSJ;%
z9c?Ez0!rvl#uwpap|4<*d9UuKSjWn24OFIi&rE}!=sVnu59lQ~@4HIl&h;AmLia?2
zUL-?{m1bz0QDnL&$JD)qE4*iTL#%6dSw8A41Gt4doXWr-`$rleCkVKi0#mfRM!)mY
zIRoubkmw30NIQhtCJYLo7$LOA<y9EL8N*i`%g_PIUD8SHni$er{_LTTN*Wqfx<buS
zb$(_9;wX-c*`xTSvy6C@PDNyy2YoKV;`dWQKiLwa26g^kXh`=t6PlPNT~Q9So~U*X
z3nx6eVXazyi3=nJQw6@jVna;b;RTqKnF0f_=;<}6<0^@)YUgQHPBXXoP$FjaOB^=t
zP%99lNT=pyPA&53Wj%hQT>AmA5m*OTp$!^CHTr}vM4n(X1Q*;{e-Rd2BCF-u@1ZGm
z!S8hJ6L=Gl4T_SDa7Xx|-{4mxveJg=ctf`BJ*fy!yF6Dz&?w(Q_6B}WQVtNI!BVBC
zKfX<>7vd6C96}XAQmF-Jd?1Q4eTfRB3q7hCh0f!(JkdWT5<{iAE#dKy*Jxq&3a1@~
z8C||Dn2mFNyrUV|<-)C^_y7@8c2Fz+2jrae9deBDu;U}tJ{^xAdxCD248(k;dCJ%o
z`y3sADe>U%s<JWQeHbE;y_*tD>uxwwv~8A1+R$VB=Q?%U?4joI$um;aH+eCrBqpn-
z%79D_7rb;R-;-9RTrwi9dPlg8&@tfWhhZ(Vx<DUpdj8XcHW`q{6yqiIzcmGmhsxE(
z@-zez1_>&1PQ+6(huX`;M9x~LrW~~#3{j0Bh2kDU$}@!fFQej4VGkJv?M4rU^x!RU
zEwhu$!CA_iDjFjrJa`aocySDX16?~;+wgav;}Zut6Mg%C4><PTsD!{kIiIRy9=1Aw
zY;M8Eqj=FH#bx<r<6@cBrQ0UMw6e8^v|*8L6vZKlp_PoKF*td|-B1-bh(bXl;KGoy
ze|2jEKeeu5MGO@KpjsEha>}8FL?8)Kgwc(Qlj{@#2Pt0?G`$h7<q&K~4OS{ORv@L7
z>P#M+qoXtlV@d}%c&OzO+QYKK`kyXaK{U(O^2DyIXCZlNQjt0^8~8JzNGrIxhj}}M
z&~QZlbx%t;MJ(Vux;2tgNKGlAqphLq%pd}JG9uoVHUo?|hN{pLQ6Em%r*+7t^<);X
zm~6=qChlNAVXNN*Sow->*4;}T;l;D1I-5T{Bif@4_}=>l`tK;qqDdt5zvisCKhMAH
z#r}`)7VW?LZqfdmXQ%zo5bJ00{Xb9^YKrk0Nf|oIW*K@(=`o2Vndz}ZDyk{!u}PVx
zzd--+_WC*U{~DH3{?GI64IB+@On&@9X>EUAo&L+G{L^dozaI4C3G#2wr~hseW@K&g
zKWs{uHu-9Je!3;4pE>eBltKUXb^*hG8I&413)$J&{D4N%7PcloU6bn%jPxJyQL?g*
z9g+YFFEDiE`8rW^laCNzQmi7CTnPfwyg3VDHRAl>h=In6jeaVOP@!-CP60j3+#vpL
zEYmh_oP0{-gTe7Or`L6x)6w?77QVi~<VDx`fw;L`VTJ3A_($%0y%60sa5-^3a6v=d
zmmak>jD8lWN@3RHcm80iV%M1A!+Y6iHM)05iC64tb$X2lV_%Txk@0l^hZqi^%Z?#-
zE;LE0uFx)R08_S-#(wC=dS&}vj6P4>5ZWjhthP=*Hht&TdLtKDR;rXEX4*z0h74FA
zMCINqrh3Vq;s%3MC1YL`{WjIAPk<IG3Wg4CtfDQ*vr2eaPwC^O8I68!!&nV4u+r_F
z?Axith|qN&KZ99L>VL#3rj^9Pj9Ss7>7duy!9H0vYF%>1jh)EPqvlr6h%R%CxDsk|
z!BACz7E%j?bm=pH6Eaw{+suniuY7C9Ut~1cWfOX9KW9=H><&kQlinPV3h9R>3nJvK
z4L9(DRM=x;R&d#a@oFY7mB|m8h4692U5eYfcw|QKwqRsshN(q^v$4$)HgPpAJDJ`I
zkqj<O$?%~S@(l(Nhxp_sGA`$A%xJ7kG%+@Mg|5Rt6m|$*ZUs_O&tJj;*GHA8ccUky
ztdHVq5%mDvVz0+qo6-yO?&N>q(8Cd!K!+wCd=d@w%~e$=gdUgD&wj$LQ1r>-E=O@c
ze+Z$x{>6(JA-fNVr)X;*)40Eym1TtUZI1Pwwx1hUi+G1Jlk~vCYeXMNYtr)1?qwyg
zsX_e*$h?380O0<gk^3K^_@6N5|2rtFRkhT9jP1T;nZ|k<{vtt&=cCpw1{DoTNi|6*
zNR~&3M3w}sVsT4{Fd&%jPlD{py<BN_zia9hI9Ip7U3}jPq_+H)r9(in7-!PpJihq-
zw0+F|?s|8=Bj*cv!`7|95cO>0ou?0R@7-Fc59o$UvyVs4cUbujHUA>sH!}L54>`e`
zHUx#Q+Hn&Og#YVOuo*niy*GU3rH;%f``nk#NN5-xrZ34NeH$l`4@t);4(+0|Z#I>Y
z)~Kzs#exIAaf--65L0U<!Yaeav3)qH(`Lb>HT_SvV8O2WYeD>Mq^Y6L!Xu8%vnp<f
zF-ML?EA-QLj_KdFHPDT9@{&CgOfV=>ofG@w!}R7M28?i1*T&zp3X4^OMCY6(Dg<-!
zXmcGQrRgHXGYre7GfTJ)rhl|rs%abKT_Nt24_Q``XH{88NVPW+`x4ZdrMuO0iZ0g`
z%p}y};~T5gbb9SeL8BSc`SO#ixC$@QhXxZ=B}L`tP}&k?1oSPS=4%{UOHe0<_XWln
zwbl5cn(j-qK`)vGHY5B5C|QZd5)W7c@{bNVXqJ!<MH|d3P$j9&VqkPfJu|wcu=-=7
zLO~2}`PnP-On3_NOs4{hJ&4M7x*M^%g^_s4zus|ykus<=xkIi<3#(~DK73KtIuaza
zq3Ok{j4$g8v7e>!n$^ufc?N9C-BF2QK1(kv++h!>$QbAjq)_b$$PcJdV+F7hz0Hu@
zqj+}m0qn{t^tD3DfBb~0B36|Q`bs*xs|$i^G4uNUEBl4g;op-;Wl~iThgga?+dL7s
zUP(8lMO?g{GcYpDS{NM!UA8Hco?#}eNEioRBHy4`mq!Pd-9@-97|k$hpEX>xoX+dY
zDr$wfm^P&}Wu{!%?)U_(%Mn79$(ywvu*kJ9r4u|MyYLI_67U7%6Gd_vb##Nerf@>&
z8W11z$$~xEZt$dPG}+*IZky+os5Ju2eRi;1=rUEeIn>t-AzC_IGM-<V%6qUamagiO
zojXi&7L8*IWlJ}@8}`JxyIBN$u|oRzm@w!)u;`JJ^U^Jm{ZDgyeTstN3t7NGnWGqQ
z+EIa8gC_h)Zo3JN!q<7m%o03s)htD&NG?lXEop9Gx?#VaLBB3SgcFmh3F=U430hIe
z6>IXWK3^6QNU+2pe=MBn4I*R@A%-iLD<B3fBYdI`-^xCP#WQb@1Qb6Wc1|7$rrI$0
zS^}=1l87G|X!N)P#&2-ZEFApzIK5kn5Gfb61a_<ma9;3$9f;mz8FokB;4w(Y@!^ya
zu;TjxPaQyO7n{FcIlqEr<3P?P4i)3rOGc5I4};xC;qQa&0^@jzv_HUBAQxZ^AEFm5
zBTlS@?>COHTE-O^wo$sL_h{dcPl=^muAQb`_BRm};=cy{qSkui;`WSsj9%c^+bIDQ
z0`_?KX0<-=o!t{u(Ln)v><gH1Bl$-3LHEdi^mWSpxtdQaHDvah(~iGD|9egFyL#F~
z?1$GP^^-sUm)!YZ{+<LJ&0K7L{O*24r%mkt6Kzb6pOOS-L<yFAV=ioJ*0iBM>%VGL
z0pC=GB7*AQ?N7N{ut*a%MH-tdtNmNC+Yf$|KS)BW(g<Pdkm%)j?It(+K5~xj$IK!{
zp+6C1gYJS33v`?Xo$~~77W&2eyGU19<m6FlNMw~43kikpZyKWVZ@N_*wAeJPS%sqH
z40>QJ*z$d{+{j?(e&hgTy^2|AR9vx1Xre2fagGv0YXWqtNkg*v%40v?BJBt|f9wX5
z{QTlCM}b-0{mV?IG>TW_BdviUKhtosrBqdfq&Frdz>cF~yK{P@(w{Vr7z2qKFwLhc
zQuogKO@~YwyS9%+d-zD7mJG~@?EFJLSn!a&mhE5$_4xBl&6QHMzL?CdzEnC~C3$X@
zvY!{_GR06ep5;<#cKCSJ%srxX=+pn?ywDwtJ2{TV;0DKBO2t++B(tIO4)Wh`rD13P
z4fE$#%zkd=UzOB<aY_AGMe|>7<sX$yw1SM(554I3!t(H9Z3X!Z5et+k4_h&Thynx!
ziTh5;c|GaYsH@W32G0xdhr&KvFp@Nsj=Jm7RQGd8dhSlG9l$e(+pLSdq<w-kZ7W-l
z4}DfW=)F=&(6?c$=|K`W>4gi=-*CuID&Z3zI^-`4<B}t|X$V`AU_-K%EPFL_9twl_
zImK{&j6sLpH7WP2;B>U^S?dHxK8fP*;fE|a(KYMgMUo`T<LMf=xb>HIS1f!*6dOI2
zFjC3<eBkTsS?s~jirYF@Nrja2AilB1Grgok(Q{J!-yMdCbS>O=-AL`<v=HnY;qaP=
z%r%pyN;W|G{!13k5HgL{&1MZLLmT$ii@iPy4pvmSTAaNGh_&&=IOx}7|G?LkOre&5
ze$)ZX{wLMvAK$Ose+l($RV_DU6^yOKl5CcA-LOWBeC<Ob3qkCr#=PoHO}Zi7*=4i{
zhy`P5@RD?fbbG{Ww-4~nmy*sK0y=*cjfuaB@ZGQIADDEhtuw}4>6=9pp;`CYPTdVX
z8(*?V&%QoipuH0>WKlL8<OkjufLT@|_$itWfOgQQ1sL1my9jh5H&Aqu0?B`H1h6nM
zGosuE%;~qrp)5qiJt5TkvuY!P5&J7R#=`qhgmgE%$-tyU1wv>A*zTKckD!paN@~hh
zmXzm~qZhMGV<pYA7aBO1=rl8ewvtPYii`7)>dQGd=AG8&20HW0RGV8X{$9LldFZYm
zE?}`Q3i?xJRz43S?VFMmqRyvWaS#(~Lempg9nTM$EFDP(Gzx#$r)W&lpFKqc<y(GB
zQ)iBAS`N=DS_sKSXI55P(lHkwH)@Q89oTUc{-vd@Ue^>AoJh-AxEw$-bjW>`_+gEi
z2w`99#UbFZGiQjS8kj~@PGqpsPX`T{YO<m!OQBo2H4HfqK(14BF?XJ?$*LTUG|=XE
z%mXZ(W0fCU1)eodty#XEHD<Wgj8lxa(h;^9fW-UTt2UUeP&QC*>j`CaEqTFag;$jY
z8_{Wzz>HXx&G*Dx<5skhpETxIdhKH?DtY@b9l8$l?UkM#J-Snmts7bd7xayKTFJ(u
zyAT&@6cAYcs{PBfpqZa%sxhJ5nSZBPji?Zlf&}#L?t)vC4X5VLp%~fz2Sx<*oN<7`
z?ge=k<=X7r<~F7Tvp9#HB{!mA!QWBOf%EiSJ6KIF8QZNjg&x~-%e*tflL(ji_S^sO
ztmib1rp09uon}RcsFi#k)oLs@$?vs(i>5k3YN%$T(5Or(TZ5JW9mA6mIMD08=749$
z!d+l*iu{Il7^Yu}H;lgw=En1sJpCKPSqTCHy4(f&NPelr31^*l%KHq^QE>z>Ks_bH
zjbD?({~8Din7IvZeJ>8Ey=e;I?thpzD=zE5UHeO|neioJwG;IyLk?xOz(yO&0DTU~
z^#)xcs|s>Flgmp;SmYJ4g(|HMu3v7#<SE)AQQ4Qptn#EiMmi^p+Ei-7DkP+HtEnTf
z=ihEK*Qz1Ztg&vmf~iSIJvy;UM*1)`@_lXyy`^7!LwVESw8;X~PDDY`x##uAQg`Ks
z=exD#_B;<%p^vKWmo{iCKEmMLveyeSGEVy6BOKJM`)TA4((F&!tIH99l|b!Je=-ox
zTnV0#B=>;c*Aa8iF#UZo7CvDq4>8#qLJ|YdZ!AsH%^_7N1IQjCro<P>K7UpUK$>l@
zw`1S}(D?mUXu_C{wupRS-jiX~w=Uqqhf|Vb3Cm9L=<ElBA0am3@5~_j4>T+w91Cu^
z*&Ty%sN?x*h~mJc4g~k{xD4ZmF%FXZNC;oVDwLZ_WvrnzY|{v8hc1nmx4^<U$9gKZ
zXD;2On@pVz(zumYHw-cDICc(jj*0Lh@n}B_NB#b3S3Y`joU*Hg4D^tTlnR`X)wKiE
z<1(Wo3^4=KAZ|hOq%hItOAv2Yuv6FZW5>}Z;yriXsAf+Lp+OFLbR!&Ox?x<j>ABwl
zu8w&|5pCxmu#$?Cv2_-Vghl2LZ6m7}VLEfR5o2Ou$x02uA-%QB2$c(c1rH3R9hesc
zfpn#oqpbKuVsdfV#cv@5pV4^f_!WS+F>SV6N0JQ9E!T90EX((_{bSSFv9ld%I0&}9
zH&Jd4MEX1e0iqDtq~h?DBrxQX1iI0lIs<|kB$Yrh&cpeK0-^K%=FBsCBT46@h<vzQ
zR*F0_2h6Z11Y9Zzju}{_b;!1TT<IfdPup&BfzJrm?bo16`)8Tm1upGj;JDjh>#<Oy
z8t{(&!50W|bIsS-1avP5+*F7gID<ta6$a=EvLN_Gn#i|E*V;GvV|e9HOQ9zf{;k4c
z6E1|)o(`{GoSr=usmv~(8ivQq9h)k@J&LDI;_p0b!?ZsmFktoKIgcIE+yq!s*%$%)
z#ay6sWeCZZ>yi!AyDq1V(#V}^;{{V<B^hU0(%wtueKZDT`@J-_3mSLDBmaq~d|XD<
z7XM`Dzdz4EMpggFBJu`~KkDTFp@A11CGaoLc9C!MrY0!YzwKdGfx7t=5D@|7VVCk+
z^B@Uld)n>*@T4WJ&U-NTq43w=|K>z8%pr_nC>%C(Wa_l78Ufib$r8Od)IIN=u>417
z`Hl{9A$mI5A(;+-Q&$F&h-@;NR>Z<2U;Y21>>Z;s@0V@SbkMQQj%_;~+qTuQ?c|AV
zcWm3XZQHhP&R%QWarS%mJ!9R^&!_)*s(v+VR@I#QrAT}`17Y+l<`b-nvmDNW`De%y
zrwTZ9EJrj1AFA>B`1jYDow}~*dfPs}IZMO3=a{Fy#IOILc8F0;JS4x(k-NSpbN@qM
z`@aE_e}5{!$v3+qVs7u?sOV(y@1Os*Fgu`fCW9=G@F_#VQ%xf$hj0~wnnP0$hFI+@
zkQj~v#V>xn)u??YutKsX><O0LtJ*CTAYt%cbdwrkH)-u>pxKCl^p!C-o?+9;!Nug^
z{rP!|+KsP5%uF;ZCa5F;O^9TGac=<e#17!Ngq|n{jbexb$Js+_Pf5VvAs8ZxqWBs8
zB0&S13$r1<F)VBk$e5stmC}hMzOSHBA0t(kR!@rbH|QU6*IH0=h|_OeT6wpDmdv23
z34f|!XhwEd(Kkc%FUYK@H{gz+bBn7dd5Fl+jfYh}4;N_qJ7#NlT2O+)R4Pxe>M|=V
z_H(PfkV1rz4jl?gJ(ArXMyWT4y(86d3`$iI4^l9`vLdZkzpznSd5Ikfrs8qcSy&>z
zTIZgWZGXw0n9ibQxYWE@gI0(3#KA-dAdPcsL_|hg2@~C!VZDM}5;v_Nykfq!*@*Zf
zE_wVgx82GMDryKO{U{D>vSzSc%B~|cjDQrt5BN=Ugpsf8H8f1lR4SGo#hCuXPL;QQ
z#~<Fi-k$qL|7RVJ1Mm1Ag<$gB0(}Grl3S(KpYI)5f?u3vC7#V;7XHhGB(-?~L6q0H
z3n(8fq$!!dl{5-8`7Oj@C;&S?r8OD`wLCHxqX2ux!ard>b?C4MoepT3X`qdW2dNn&
z<Us;@%o6IHN`m_LE5@ycr7sZ5iN)2(z?4TB28{O!&JjxPf+H!xrjo)qWAjZifsc&}
zRUE<g)K;7gXjcN#UR5gfzb2nN2z_KhXjz-ToEUcM{^o{zAJg2QnR<7bsn(YUNIKF@
z%f>o8)K}%Lpu>0tQei+{<z4bzXqy$)s2?v=pRVAvTjJpopW)-K>>*VGErz|qjbK#9
zvtd8rcHplw%YyQCKR{kyo6fgg!)6tHUYT(L>B7er5)41iG`j$qe*kSh$fY!PehLcD
zWeKZHn<492B34*JUQh=CY1R~jT9Jt=k=jCU2=SL&&y5QI2uAG2?L8qd2U(^AW#{(x
zThSy=C#>k+QMo^7caQcpU?Qn}j-`s?1vXuzG#j8(A+RUAY})F@=r&F(8nI&HspAy4
z4>(M>hI9c7?DCW8rw6|23?qQMSq?*Vx?v30U%luBo)B-k2mkL)Ljk5xUha3pK>EEj
z@(;tH|M@xkuN?gsz;*bygizwYR!6=(Xgcg^>WlGtRYCozY<<HB2ZgQ)h*70uL|pZ2
z>rFX2E>kaZo)O<^J7a`MX8Pf`gBd4vrtD|qKn&B)C&wp0O-x*@-|m*0egT=-t@%dD
zgP2D+#WPptnc;_ugD6%zN}Z+X4=c61XNLb7L1gWd8;NHrBXwJ7s0ce#lWnnFUMTR&
z1_R9Fin4!d17d4jpKcfh?MKRxxQk$@)*hradH2$3)nyXep<KqaI3?gC#eK%i>5Z;B
z?yX+-Bd=TqO2!11?MDtG0n(*T^!CIiF@ZQymqq1wPM_X$Iu9-P=^}v7npvvPBu!d$
z7K?@CsA8H38+zjA@{;{kG)#AHME>Ix<711_iQ@WWMObXyVO)a&^qE1GqpP47Q|_AG
zP`(AD&r!V^MXQ^e+*n5~Lp9!B+#y3#f8J^5!iC@3Y@P`;FoUH{G*pj*q7MVV)29+j
z>BC`a|1@U_v%%o9VH_HsSnM`jZ-&CDvbiqDg)tQEnV>b%Ptm)T|1?TrpIl)Y$LnG_
zzKi5j2Fx^K^PG1=*?GhK;$(UCF-tM~^=Z*+Wp{FSuy7iHt9#4n(sUuH<I4zjuT^*g
zTOj)T0YzMUS}8lWAh=#M-<;W0su6sG+MC}XSqZj-`H_&HD?2Z|qE8QdIM(X#NffsX
zuwQ<4gm=;OFM%U76&;OT!|+5x?B#F>K??@v+6*|10Csdnyg9hAsC5_OrSL;jVkLlf
zHXIPukLqbhs~-*oa^gqgvtpgTk_7Gy<tuXYyQ=x)UZpuI%V@LXq4|I6hehHuRD*Qk
z+@3~62V_$Rc&ax*Fe`-_r5e~NV8Dh7^Qkc47_lIobqdmfrCP}{2YGKf1@Bh!U!R!l
zVh{a+_vh}x%?yACZT@@6M}$iwzkin{Cukrb?*D6_{O__PU~FPz|81A`Ki4JuH6?`4
zsEYmO+F8y*acunUpGD%Hp$-=5%jS}CI-%I;>pwH><53riYYL*M=Q@F-yEPLqQ&1Sc
zZB%w}T~RO|#jFjMWcKMZccxm-SL)s_ig?OC?y_~gLFj{n8D$J_Kw%{r0oB8?@dWzn
zB528d-wUBQzrrS<hDznyNCgL-qOb|p_nS%fSb5_Ze4V1&Bgk3Vp>SL<Uo&kY+&uyM
z)HW-LQUfYYW$q$nSg9;!DvA>q?fR!K%59Zv9J4yCQhhDGwhptpA5O5U?Hjqt>8nOD
zi{)0CI|&Gu%zunGI*XFZh(ix)q${jT8wnnzbBMPYVJc4HX*9d^mz|21$=R$J$(y7V
zo0dxdbX3N#=F$zjstTf*t8vL)2*{XH!+<2IJ1VVFa67|{?LP<VPiuN~9#0c!YR12a
zo;Lj{EKN(4nyG=Ui#tn@dJ(*;md5Ze)kd6mTF$dEZFv=nYr2Lr(==N%ad&FBajgz2
z6_^{6U)eu_=!Ix#bP)AA_tuIc?3=_Mq548F*;t3>&P41h$2i2;?N~RA30LV`BsUcj
zfO9#Pg1$t}7zpv#&)8`mis3~o+P(DxOMgz-V*(?wWaxi?R=NhtW}<#^Z?(BhSwyar
zG|A#Q7wh4OfK<|DAcl9THc-W4*>J4nTevsD%dkj`U~wSUCh15?_N@uMdF^Kw+{agk
zJ`im^wDqj`Ev)W3k3stasP`88-M0ZBs7;B6{-tSm3>I@_e-QfT?7|n0D~0RRqDb^G
zyHb=is;IwuQ&ITzL4KsP@Z`b$d%B0W<OzS}HhQ;U8}SDa=0^@=1zh?Ebwi(h3u<mG
zLDfZ57#t!A)c-~Y!O{*PdxzDz>uhioo1CWttW8yhsER1ZUZzA{F*K=wmi-sb#Ju+j
z-l@In^IKnb{bQG}Ps>+Vu_W#grNKNGto+yjA)<V{IjYd_d3*YH={C)J_}OyeI6i_H
zu|j9WcfZFU?Sgyac7umALud#l=-0F(fRl)O28qU<%HpKBh#im&8;uWW953cFj~Iy&
zlr`ZkkzG;HtUSI4CRZRj#8C;N*{hU?ezHzcM|gV*@iklj`$SU@402&viLPBGiWFL2
zQ6uyKx<>?>0?~X`4I3T@5G1)RqGUZuP^NJCq&^HykuYtMDD8qq+l8RcZNJsvN(10{
zQ1$XcGt}QH-U^WU!-wRR1d--{B$%vY{JLWIV%P<Wi12|;({s?oRC80?)@wj6UxV~n
zk2qyqDc_<v8oEujhH&m^Jq#Lrp)Z$Oj#rxlpUicHLpt@6dZF=U?wW~T_o?IN;ie!I
zV-bY1+kei0nc9KpW>4-KQuxxDeJaF#{eu&&r!3Qu{w}0f--8^H|KwE>)ORrcR+2Qf
zb})DRcH>k0zWK8@{RX}NYvTF;E~phK{+F;MkIP$)T$93Ba2R2TvKc>`D??#mv9wg$
zd~|-`Qx5LwwsZ2hb*Rt4S9dsF%Cny5<1fscy~)d;0m2r$f=83<->c~!GNyb!U)PA;
zq^!`@@)UaG)Ew(9V?5ZBq#c%dCWZrplmuM`o~TyHjAIMh0*#1{B>K4po-dx$Tk-Cq
z=WZDkP5x2W&Os`N8KiYHRH#UY*n|nvd<ovggige3u`1qGi1+Y8X!3s{W#*m=tX&CV
zNWQ(*z*>(U>yO=MFI-2BEp?x@=N<~CbLJBf6P)}vLS?xJXYJ2^<3KJUdrwKnJnTp{
zjIi|R=L7rn9b*D#Xxr4*R<3T5AuOS+#U8hNlfo&^9JO{VbH!v9^JbK=TCGR-5EWR@
zN8T-_I|&@<P6ysJp1u%bVccl?q?sU4Onn?IFII0`6;jp*_+1Vcjf$mX{%JA^!$Gkf
z>A}(hKeL4_*eb!1G8p~&_Im8|wc>Cdir+gg90n1dw?QaXcx6Op_W1r=axR<Rt0$d-
z&gdORS`9;Z%6j=d$PU%VL0xT-jF-dHo&#w}>w>4;rM*UOpT#Eb9xU1IiWo@h?|5uP
zka>-XW0Ikp@dIe;MN8B01a7+5V@h3WN{J=HJ*pe0uwQ3S&MyWFni47X32Q7SyCTNQ
z+sR!_9IZa5!&GTf&V$`q!%H8ci!a|RMx5}5MA_kr+bhtQy{-^)(hCVa@I!^TV4RBi
zAFa!Nsi3y37I5EK;0cqu|9MR<Vh>j<^r&h1lF}u0KpKQD^5Y+LvFEwM<n%Y4Ns0&r
z#Pgp7tfaM#i}k;d-@gi@qNBc}@xL(OgxbkB%Zc*U!8(yY_d_z4QrJ%DIL^_}pG(C;
zxV&Dt0*#6mW+VnKpUKH&)*t(_EhJ1#-d4~Kom-)N+kGAW3vl$z=E{EB!4#iw1#JGZ
zpZv7B?(+0N;`4s@&;+D$6BOaTPLlV-MY35`gn~5zS!mCgh|W$2sr@*jRa}74{|6)>
zLU@@v4_Na#Axy6tn3P%sD^5P#<7F;sd$f4a7L<t5V42bo`*JV+&3HWm9OI@30?%Oh
z5o+B(*v(C-H_!6}Lzhp-kE~j|H(u&BA@KX~k?60QV5NR)N2OJYIOG(f(FG`kmvdU7
zwM#zp&<w6$6785wBe4}t?5yT4MP5N47S8;*P_q6hn|Wj2S~%IPE(O9P2?RAKY>BMk
zGU^RZHBcxSA%kCx*eH&wgA?Qwazm8>9SCSz_!;MqY-QX<1@p$*T8lc?@`ikEqJ>#w
zcG``^CoFMAhdEXT9qt47g0IZkaU)4R7wkGs^Ax}usqJ5HfDYAV$!=6?>J6+Ha1I<5
z|6=9<InPN?WUE(MBZF{EDJ@lH!7KCH_7xC@JvfZL@&nc!7K2v>soU4>E))tW$<#>F
ziZ$6>K<f#VmS*<VCLk5Snrr-`d{Bp+A{=r<v#~0tw_zC-WYWg-s*<dPsHVYZm|7R#
z>Jf0bPfbx_)7-}tMINlc=}|H+$uX)mhC6-Hz+XZxsKd^b?RFB6et}O#+>Wmw9Ec9)
z{q}XFWp{3@qmyK*Jvzpyqv57LIR;hPXKsrh{G?&dRjF%Zt5<eso5q2Qq7|ChevXoo
zUUuocw%BMFdbc16MLS>&m20Ll?Oy<ul%w2Zua&zkQjQpssgWs#RKAL}6i`eHUzx7p
zSoNx{P@%ayUjixVqBLi(th$z4mR4dC*OaQENb9y_y<R>fUYC3WRn{cgQ?^V~UAv+5
z&_m#&nIwffgX1*Z2#5^Kl4DbE#NrD&Hi4|7SPqZ}(>_+JMz=s|k77aEL}<=0Zfb)a
z%F(*L3zCA<=xO)2U3B|pcTqDbBoFp>QyAEU(jMu8(jLA61-H!ucI804+B!$E^cQQa
z)_ERrW3g!B9iLb3nn3dlkvD7KsY?sRvls3QC0qPi>o<)GHx%4Xb$5a3GBTJ(k@`e@
z$RUa^%S15^1oLEmA=sayrP5;9qtf!Z1*?e$ORVPsXpL{j<cf(aoOxSwSjBR1mea0e
z^c3Q=wn8)%*koW31D%}j9dO0gR7Y@b_00J@vMv~iauOuPVkQGKG^LpkGueXj*z<(H
zv6PsTl$Bd^g^4yr-LK|PFHGhgs2bdrT$8)TR7nc(mnkPw6vrbaA_vA0JdMNVsoX7X
zzI)+QrS1A&rLp4hm_yCc#tP)G{!hBfUV@*{)uh;EQVyvIbs@16JE!9Psq3UaXMGQ^
zJ^Y2zHl3Zl1idw?=a56!^Y{sB%B-k(>L<6E)0sj&swP3}NPmR%FM?O>SQgN5XfHE<
zo(4#Cv11(%Nnw_{_Ro}r6=gKd{k?NebJ~<~Kv0r(r0qe4n3LFx$5%x(BKvrz$m?LG
zjLIc;hbj0FMdb9aH9Lpsof#yG$(0sG2%RL;d(n>;#jb!R_+dad+K;Ccw!|RY?uS(a
zj~?=&M!4C(5LnlH6k%aYvz@7?xRa^2gml%vn&eKl$R_lJ+e|xsNfXzr#xuh(>`}9g
zLHSyiFwK^-p!;p$yt7$F|3*IfO3Mlu9e>Dpx8O`37?fA`cj`C0B-m9uRhJjs^mRp#
zWB;Aj6|G^1V6`jg7#7V9UFvnB4((nIwG?k%c7h`?0tS8J3Bn0t#pb#SA}N-|45$-j
z$R>%7cc2ebAClXc(&0UtHX<>pd)akR3Kx_cK+n<}FhzmTx!8e9^u2e4%x{>T6pQ`6
zO182bh$-W5A3^wos0SV_TgPmF4WUP-+D25KjbC{y_6W_9I2_vNKwU(^qSdn&>^=*t
z&uvp*@c8#2*paD!ZMCi3;K<prH4a&u_&GPH7Wp*~+CzWZpzTbL&)4k=HC|E1=uT#O
zPuYcj5Jbb}c9+j=4foN!N-fSV`(c<30`iukl213!u4qI^cD3Ytg!~P3N1S(`-3^yF
zlFzoPUGJT0f@f{`ZDabbR@mNt3*M;G<P@?W{8}}Lg`Hvy7&Jmu=04fd1erYTPEwb=
z15%g^dl!<DS<}y*RUs*g6?{>{Na;I4Q35zw$YrW5U@Kk~)&rw;G?d7Q&c9|x<<Maw
zgBLn8*CoGPVj_^rpPn~ENvB}-`?vqbUaC%e+l73U+D^-Cb&Pj13W#6g!+x^$_tX)*
z@cs9Wk+{Dzx8NJw-G7(M|EOb>Hg|CNMsxovmfth*|E*GHezPTWa^Hd^F4!B3sF;)?
z(NaPyAhocu1jUe(!5Cy|dh|W2=!@fNmuNOzxi^tE_jAtzNJ0JR-avc_H|ve#KO}#S
z#a(8secu|^Tx553d4r@3#6^MHbH)vmiBpn0X^29xEv!Vuh1n(Sr5I0V&`jA2;WS|Y
zbf0e}X|)wA-Pf5gBZ>r4YX3Mav1kKY(ulAJ0Q*jB)YhviHK)w!TJsi3^dMa$L@^{`
z_De`fF4;M87vM3Ph9SzCoCi$#Fsd38u!^0#*sPful^p5oI(xGU?yeYjn;Hq1!wzFk
zG&2w}W3`AX4bxoVm03y>ts{KaDf!}b&7$(P4KAMP=vK5?1In^-YYNtx1f#}+2QK@h
zeSeAI@E6<gTYtZud5<DeMJ>Z8a?)>sZ`fbq9_snl6LCu6g>o)rO;ijp3|$vig+4t}
zylEo7$SEW<_U+qgVcaVhk+4k+C9THI5V10qV*dOV<w;)q>6pPtAI$)QN{!JRBKh-D
zk2^{j@bZ}yqW?<#VVuI_27*cI-V~sJiqQv&m07+10XF+#ZnIJdr8t`9s_EE;T2V;B
z4UnQUH9EdX%zwh-5&wflY#ve!IWt0UE-My3?L#^Bh%kcgP1q{<CvcqqQ2utk7s%sV
zoGl}#Zl)W@RNSAAf;w-DBO+*e0HO2%x-G=Z;*Pl$zHy^xW)%na$gbyTIw>&26eXLn
zTkjJ*w+(|_>Pq0v8{%nX$QZbf)tbJaLY$03;MO=Ic-uqYUmUCuXD>J>o6BCRF=xa%
z3R4SK9#t1!K4I_d>tZgE>&+kZ?Q}1qo4&h%U$GfY058s%*=!kac{0Z+4Hwm!)pFLR
zJ+5*OpgWUrm0FPI2ib4NPJ+Sk07j(`diti^i#kh&f}i>P4~|d?RFb#!JN)~<!~Z`*
zivNy#7kzu<{{tyjD6d)1{g;-B-EK2+0;|?2Nj`=2hUDsRiVj-}RAJN{d@x~38|)#_
zx&F#UxFFdbXxE(|#84p;-%dtBDbgEpl>D@)beox}bw?4VCf^y*`2{4`-@%SFTry2h
z>9VBc9#JxEs1+0i2^LR@B1J`B9Ac=#FW=(?2;5;#U$0E0UNag_!jY$&2diQk_n)bT
zl5Me_SUvqUjwCqmVcyb`igygB_4YUB*m$h5oeKv3uIF0s<pxU7XrV;DR{UhyjHRs5
zb+8Qf7A65FfQ?d1ZT2w}F_l*Eb)?ah<8c%Yy;Eal4{xBsX^nN@Pe5CxcymxUwL?eh
zv9_Z0XXBqZl6EhcKDo~Ou&%?PpG{{$wPe(7oy?yZ1mnWmr0b~pN$igR!(Rx*QN$iy
z=-Re}qI2g(ku?t~HgBj3V=|H$hiN2{j!P%zCB+1x34pnjx#?&{ENcU`o_2tynp}0U
zKI9mTgI{WS`?XY!3FH!0Q>k}~es!{D>4r%PC*F~FN3owq5e0|Y<Du-bB4EU)q{6=q
z#<0gBE8S|!ZrmQeH3JgM^AxLU0k8cAwCY-9?0w8gxwWKqzGP>eUTSG#Vq%&Gk7uwW
z0lDo#_wvflqHeRm*}l?}o;EILszBt|EW*zNPmq#?4A<L0#2f-Fpgzo6i9m?Cv{^Fe
z9>+&i0xx^?9obLyY4xx=Y9&^G;xYXYPxG)DOpPg!i_Ccl#3L}6xAAZzNhPK1XaC_~
z!A|mlo?Be*8Nn=a+FhgpOj@G7yYs(Qk(8&|h@_>w8Y^r<TLc~8#)=w@0;xlrL@mM3
zg*K(X)@-O)lt;P?5e(;WTL%O;a;rQNAE5;DqERSyAXc1biP%NUWXy?=-B^)wQ=+I4
zU%qA-ghSXXn27E3w8NMG!5XHJY>&5nCqe0V60rRz?b5%J;GYeBqSAjo|K692GxD4`
zRZyM2FdI+-jK2}WAZTZ()w_)V{n5tEb@>+JYluDozCb$fA4H)$bzg(Ux{*hXurjO^
zwAxc+UXu=&JV*E59}h3kzQPG4M)X8E*<G*nR0cBsK+3(q5`<{N)Z$_eT#;miD(s%h
z{fdYdgo~K&tWs<DY?yIi#?k!bT;M<ZDoV|<xhf7jcRFXDXl`LtGFz=LPAW$(hAEz}
zq@oGhJoeM0w4KvLTg%>}#_&}w*KEg<F5P|-B$Y<3$zfM|>tX)cU{vm9b$atHa;s>|
z+L6&cn8xUL*OSjx4YGjf6{Eq+Q3{!ZyhrL&^6Vz@jGbI%cAM9GkmFlamTbcQGvOlL
zmJ?(FI)c86=JEs|*;?h~o)88>12nXlpMR4@yh%qdwFNpct;vMlc=;{FSo*apJ;p}!
zAX~t;3tb~VuP|ZW;<Q&V!o{~5>z$=IHf->F@Ml)&-&Bnb{iQyE#;GZ@C$PzE<QuI)
zv_|vm%I_n1Dpq6lr--l%%tq7K!<v~?55k`WhA?y(q<f`<c6%@dUw9u~aA?j^`pueW
zW?_3n{u)d4@AQyf;UHiIRxp16RoWg&F+uwIJYB{!Spu!Z6TFEXau<!8UfawC4vbZv
zJTpZLC-RhzHO9xSd6HqYzkfjT+8e>f6~q}4D>9jic@mTO5x76ulDz@+XAcm35!VSu
zT*Gs>;f0b2TNpjU_BjHZ&S6Sqk6V1370+!eppV2H+FY!q*n=GHQ!9Rn6MjY!Jc77A
zG7Y!lFp8?TIHN!LXO?gCnsYM-gQxsm=Ek**V<u>mZu7vnuufD7K~GIxfxbsQ@qv2T
zPa`tvHB$fFCyZl>3oYg?_wW)C>^_iDOc^B7klnTOoytQH18WkOk)L2BSD0r%xgRSW
zQS9elF^?O=_@|58zKLK;(f77l-Zzu}4{fXed2saq!5k#UZAoDBqYQS{sn@j@Vtp|$
zG%gnZ$U|9@u#w1@11Sjl8ze^Co=)7yS(}=;68a3~g;NDe_X^}yJj;~s8xq9ahQ5_r
zxAlTMnep*)w1e(TG%tWsjo3RR;yVGPEO4V{Zp?=a_0R#=V^ioQu4YL=BO4r0$$XTX
zZfnw#_$V}sDAIDrezGQ+h?q24St0QNug_?{s-pI(^jg`#JRxM1YBV;a@@JQvH8*>>
zIJvku74E0NlXkYe_624>znU0J@L<-c=G#F3k4A_)*;ky!C(^uZfj%WB3-*{*B$?9+
zDm$WFp=0(xnt6`vDQV3Jl5f&R(Mp};;q8d3I%Kn>Kx=^;uSVCw0L=gw53%Bp==8Sw
zxtx=cs!^-_+i{2OK`Q;913+AXc_&Z5$@z3<)So0CU3;JAv=H?@Zpi~riQ{z-zLtVL
z!oF<}@IgJp)Iyz1zVJ42!SPHSkjYNS4%ulVVIXdRuiZ@5Mx8LJS}J#qD^Zi_xQ<pa
zK0_C<`%bp5M~CVCk7hV^j*M;Wzcj7kCsCfgg5CJ~2`y3|66=yp|GC7FJNP7A_Wc+(
zejiW#M^nRp{rUgmIRC{MB`ST%d>@>DKDr-_e#>5h3dtje*NcwH_h;i{Sx7}dkdpuW
z(yUCjckQsagv*QGMSi9u1`Z|V^}Wjf7B@q%j2DQXyd0nOyqg%m{CK_lAoKlJ7#8M}
z%IvR?Vh$6aDWK2W!=i?*<77q&B8O&3?zP(Cs@kapc)&p7En?J;t-TX9abGT#H?TW?
ztO5(lPKRuC7fs}zwcUKbRh=7E8wzTsa#Z{a`WR}?UZ%!HohN}d&xJ=JQhpO1PI#>X
zHkb>pW04pU%Bj_mf~U}1F1=wxdBZu1790>3Dm44bQ#F=T4V3&HlOLsGH)+AK$cHk6
zia$=$kog?)07HCL*PI6}DRhpM^*%I*kHM<#1Se+AQ!!xyhcy6j7`iDX7Z-2i73_n#
zas*?7LkxS<P{ZTB#tR|&N^U;Moy2#JwwW4RFPddYtD_bw0R1|Eo=5;j>-XSqv;YBa
zW_n*32D(HTYQ0$feV_Fru1ZxW0g&iwqixPX3=9t4o)o|kOo79V$?$uh?#8<F`E$a_
zutly1{7L1J@Y@6Vp*~KB!yXMF2QHqby@+ZG8+ND)X+s9is!(NOe)h&%h+bxjPFhwq
z$60~SJQ<aykcGl3;BUCZ>Q8e>4e)V6;_(x&ViUVxma+i25qea;d-oK7ouuDsB^ab{
zu1qjQ%`n56VtxBE#0qAzb7lph`Eb-}TYpXB!H-}3Ykqyp`otprp<BVE0iW(NxIg}T
zHQz%!Kt^1I=QqGS(r32Y=&DuF_0#yaLgW`I>7{VEuW*^IR2n$Fb99*nAtqT&oOFIf
z@w*6>YvOGw@Ja?Pp1=whZqydzx@9X4n^2!n83C5{C?G@|E?&$?p*g68)kNvUTJ)I6
z1Q|(#UuP6p<iHaJ>j78GUxq11m-GSszc+)X{C2eo-?8ud9sB=3(D47v?`JAa{V(IF
zPZQ_0AY*9M97>Jf<<kmA6!?J&2x7=_q{>o%#O_%Wq}8>YM=q0|tGY+hlXcpE=Z4Od
z`NT7Hu2hnvRoqOw@g1f=bv`+nba{GwA$Ak0INlqI1k<9!x_!sL()h?hEWoWrdU3w`
zZ%%)VR+Bc@_v!C#koM1p-3v_^L6)_Ktj4HE>aUh%2XZE@JFMOn)J~c`_7VWNb9c-N
z2b|SZMR4Z@E7j&q&9(6H3yjEu6HV7{2!1t0lgizD;mZ9$r(r7W5G$ky@w(T_dFnOD
z*p#+z$@pKE+>o@%eT(2-p_C}wbQ5s(%Sn_{$HDN@MB+Ev?t@3dPy`%TZ!z}AThZSu
zN<1i$s<Qod+!u+1TpqzHMAR;(P|C33h|NdU1+@toT{?QhAJAzzUDj;ch>iJhXFdjV
zP*y|V<`V8t=h#XTRUR~5`c`Z9^-`*BZf?WAehGdg)E2Je)hqFa!k{V(u+(hTf^Yq&
zoruUh2(^3pe)2{bvt4&4Y9CY3js<F>)PUHtd4rVG57}uFJL)D(JfSIo^{P=7liFXG
zq5yqgof0V8paQcP!gy+;^pp-DA5pj=gbMN0eW=-eY+N8~y+G>t+x}oa!5r>tW$xhI
zPQSv=pi;~653Gvf6~*JcQ%t1xOrH2l3Zy@8AoJ+wz@daW@m7?%LXkr!bw9GY@ns3e
zSfuWF_gkWnesv?s3I`@}NgE2xwgs&rj?k<VL?gG5MC{Nmj1vZX?3e8O$&f`#KcfCT
zD|dGfAH<9vQYUE_U}e#K2epdwK03De5{_327SI@sw~J+|<wi@;rZX!9Y2MH7_L7?E
z^an@e4GxaY9F(p#Ot=#L(YG%x=Gq!vNbxtM=IXzPyPmYSGU#`>H-FEy82=O8`+szN
ziHch`vvS`zNfap14!&#i9H@wF7}yIPm=UB%(o(}F{wsZ(wA0nJ2aD^@B41>>o-_U6
zUqD~vdo48S8~FTb^+%#zcbQiiYoDKYcj&$#^;Smmb+Ljp(L=1Kt_J!;0s%1|JK}Wi
z;={~oL!foo5n8=}rs6MmUW~R&;SIJO3TL4Ky?kh+b2rT9B1Jl4<n8E`j>>#Uh-Bec
z`Hsp<==#UEW6pGPhNk8H!!DUQR~#F9jEMI6T*OWfN^Ze&X(4nV$wa8QUJ>oTkruH#
zm~O<`J7Wxseo@FqaZMl#Y(mrFW9AHM9Kb|XBMqaZ2a)DvJgYipkDD_VUF_PKd~dT7
z#02}bBfPn9a!X!O#83=lbJSK#E}K&yx-HI#T6ua)6o0{|={*HFusCkHzs|Fn&|C3H
zBck1cmfcWVUN&i>X$YU^Sn6k2H;r3zuXbJFz)r5~3$d$tUj(l1?o={MM){kjgqXRO
zc5R*#{;V7AQh|G|)jLM@wGAK&rm2~@{Pewv#06pHbKn#wL0P6F1!^qw9g&cW3Z=9}
zj)POhOlwsh@eF=>z?#sIs*C-Nl(yU!#DaiaxhEs#iJqQ8w%(?+6lU02MYSeDkr!B-
zPjMv+on6OLXgGnAtl(ao>|X2Y8*Hb}GRW5}-IzXnoo-d0!m4Vy$GS!XOLy>3_+UGs
z2D|YcQx@M#M|}TDOetGi{9lGo9m-=0-^+nKE^*?$^uHkxZh}I{#UTQd;X!L+W@jm(
zDg@N4+lUqI92o_rNk{3P>1gxAL=&O;x)ZT=q1mk0kLlE$WeWuY<p^lk9k<q+rcOGG
zY)G$sy1c;kpqg0vV-}_XHLMzubt5&Y+X3Q{3Wa&iSOY9S8qUS1LUsYa--u3<U|kYH
zfL}q@Sl3A;lg32U^*mSX!dr5wpp#<9G)=5WC=&Cv)mW|a!muj?rXU0JHBrQ<`Qqt}
zCgYqLnoe5^we#~H-+!p+9n;rMDHiXMi5YFyOWW{wi{Tnu%1mqAov`>_$0`0jY-Kkt
zP*|m3AF}Ubd=`<>(Xg0har*_@x2YH}bn0Wk*OZz3*e5;Zc;2<o%?~}~ck-Gk+}B1o
z7H(amz-SpgFI})ialV|e<4!f0)HG}_n?GAIDeiC%vdRTJZ<WeGYT+p)vyz_FBWtO$
zz2K9gb9XN8(>uBdnl8?&XjupbkOeNZsNh6pvsq_ydmJI+*z**{<vBKXP!vVq<!p_e
z&dE_6Lim}RGRF|DDL<W_^>I{0K)-;p1~k8cpJXL$^t!-`E}=*4G^-E8>H!LjTPxSx
zcF<xkt%17w#Nu8CTO5_pkM9Mxb}Wf0;14cP1{yv5#7uIFNY2eGhq{_*hEBSbjQA$U
znAZkjT-yd=I_R8ZJ?H07yh5z>+cS`ommfKMhNSbas^<U&=a>@YbTpH1*RFrBuATUR
zt{oFWSk^$xU&kbFQ;MCX22RAN5F6eq9UfR$ut`Jw--p2YX)A*J69m^!oYfj2y7<PW
z+v>NYcH6&r+0~_sH^c^nzeN1AU4Ga7=FlR{S|Mm~MpzY0$Z+p2W(a={b-pR9EO1Rs
zB%KY|@wLcAA@)KXi!d2_Bxr<pdgvLNQgZmCJz&c*%>khDn`DT1=Dec}V!okd{$+wK
z4E{n8R*xKyci1(CnNdhf$Dp2(Jpof0-0%-38X=Dd9PQgT+w%Lshx9+loPS~MOm%ZT
zt%2B2iL_KU_ita<m0BJ>%N>xjB!<T714UjSOi9+HnppU8HTO6Xys3~>#71_3=3c}o
zgeW~^U_ZTJQ2!PqXulQd=3b=XOQhwATK$y(9$#1jOQ4}4?~l#&nek)H(04f(Sr=s|
zWv7Lu1=%WGk4FSw^;;!8&YPM)pQ<cfOEqZOX3qg|bi6Y+6raTouS~FCMLV)D&#=5p
zIeXB!ZqEvR`rjuFN1ix6GoI%|3=23*fhels&m^Kl7$Xb)d4}z-AG?ZOEDO)5!dX$;
zxo;%86BwnKIVK{n#wbp)z+DlG`Eo;!p1qmI5u}Dr3ERkBC^gA;rI=Ohq{XCvK{N9A
zv&z##C1k^|5<I!-;+MCJN#mX7#cD{4PE)89nNv$gm~ronTcb2Mq~#~4^M!^C-1#M(
z=1UT>DCY9DhU`hMty1@sq1=Tj7bFsOOBZOFlpR`W>-J$-(kezWJj;`?x-v>ev{*8V
z8p|KXJPV$HyQr1A(9LVrM47<GkZ=yfPF+Dq%S|w=MijcJ6`g68YLr!qXVkqpG~JGH
zv`>u-XpcrIyO`yWvx1pVYc&?154aneRpLqg<bQ>x)EMvRaa#|9?Wwqs2+W8n5~79G
z(}iCiLk;?enn}ew`HzhG+tu+Ru@T+K5juvZN)wY;x6HjvqD!&!)$$;1VAh~7fg0K|
zEha#aN=Yv|3^~YFH}cc38ovVb%L|g@9W6fo(JtT6$fa?zf@Ct88e}m?i)b*Jgc{fl
zExfdvw-BYDmH6>(4QMt#p0;FUIQqkhD}aH?a7)_%JtA~soqj{ppP_82yi9kaxuK>~
ze_)Zt>1?q=ZH*kF{1iq9sr*tVuy=u>Zev}!gEZx@O6-fjyu9X00gpIl-fS_pzjpqJ
z1yqBmf9NF!jaF<+YxgH6oXBdK)sH(>VZ)1siyA$P<#KDt;8NT*l_0{xit~5j1P)FN
zI8hhYK<Ctos5a2iSB6E;K{q?&ab{FphO?zxIqqf}%h}LQupBY+8nGBng;9rl>hQ)i
z37^aP<qpGiOwA$)u%NPBnx5-dJ?eaKuJ|k=(U7<z&!E=Ex{~rH$w*MsBugwy8}mlc
z@Cp`bIFkJ)nD=}RT7wXAD(8ljk?9q}6wNph<*7S`FnAlTK859*a=phG5gBZhql8^1
zqKXJBJSm<4{Im$>13B~u65?sg+_@2Kr^iWHN=U;EDSZ@2W2!5ALhGNWXnFBY%7W?1
z=HI9JzQ-pLKZDYTv<0-lt|6c-RwhxZ)mU2Os{bsX_i^@*fKUj8*aDO5pks=qn3Dv6
zwggpKLuyRCTVPwmw1r}B#AS}?X7b837UlXwp~E2|PJw2SGVueL7){Y&z!jL!XN=0i
zU^Eig`S2`{+<wl==2w=5|F9xM-02N5`F*r(R=yBH;xL${JnA$s&UywB#{_0RS^+hX
z*x9l+ftTA)(qqfU_K+4UB=w=A|0J9m!!ePjqBV0F7$&R=n`+yR@2tk2NwHhL{|&cH
z$fXb3^<M+ME~B<-d*&_qT19T_sRLwwvu;hmu)Vt+WHH@$?DQ6m2&aLvtcbK<MgTBu
zp(SQPX~F@0CgG?+)(jWG3Oc!+oEMIunjIDK0w|m6;WzWCMpr#dq3I<GeN7c@71Fqq
zf&ADs4Jz}_R;T_`?S9~(wB(9e>gU$68aRdWx?BZ{sU_f=8sn~>s~M?GU~`fH5kCc;
z8ICp+INM3(3{#k32RZdv6b9MQYdZXNuk<tNnM*Zj3!<Rmy`SQx3idGTVVW@OzSywq
z<sw@>7ed8;G?S2nT+NZBG=Tar^KFl2SvhW$bGW#kdWL-I)s_IqVnCDDM9fm8g;P;8
z7t4yZn3^*NQfx7SwmkzP$=fwdC}bafQSEF@pd&P8@H#`swGy_rz;Z?Ty5mkS%>m#%
zp_!m9e<()sfKiY(nF<1zBz&&`ZlJf6QLvLhl`_``%RW&{+O>Xhp;lwSsyRqGf=RWd
zpftiR`={2(siiPAS|p}@q=NhVc0ELprt%=fMXO3B)4ryC2LT(o=sLM7hJC!}T1@)E
zA3^J$3&1*M6Xq>03FX`R&w*NkrZE?FwU+Muut;>qNhj@bX17ZJxnOlPSZ=Zeiz~T_
zOu#yc3t6ONHB;?|r4w+pI)~KGN;HOGC)txxiUN8#m<I|Y6ES5NY<qwYy-|}EoiBmM
zzK&og-IJMpwjbL8IAA?{APd++5KnIBFcmKwZzO~h`v>exj+W(cz%9a4sx|IRG=}ia
zuEBuba3AHsV2feqw-3MvuL`I+2|`Ud4~7ZkN=JZ;L20|Oxna5vx1qbIh#k2O4$RQF
zo`tL()zxaqibg^GbB+BS5#U{@K;WWQj~GcB1zb}zJkPwH|5hZ9iH2308!>_;%msji
zJHSL~s)YHBR=Koa1mLEOHos*`gp=<n)R&-+66xg`pqUXP#0Zm{sf^MKJnR>s8KA-C
zu0aE+W!#iJ*0xqKm3A`fUGy#O+X+5W36myS>Uh2!R*s$aCU^`K&KKLCCDkejX2p=5
z%o7-fl03x`gaSNyr?3_JLv?2RLS3F*8ub>Jd@^Cc17)v8vYEK4aqo?OS@W9mt%ITJ
z9=S2%R8M){CugT@k~~0x`}Vl!svYqX=E)c_oU6o}#Hb^%G1l3BudxA{F*tbjG<UG_
z<Vo0tRnGPd)K5|7jd0}T-wQdZZG$TREj=4*<4bR;^};Y7orbT=`ITOz*@g<Y=x;1T
zesE`pc}OxPz?01Be<R|c+WT7B<35I5;~ham;Y6hY?F{PCSdwf@9qXBZn%JBWfW6@H
zxqGR{o+TW^4T&@lZ$GVT-8s0{R3MmXsMGGDxgNTZ8|S`+<Qxcf#Ei_^nsS}Yt*PB*
z5#h+HDAU+!GmbOJ#d(J8|6Rt?+U5gR1>;W_>=xV73pKY53v%>I)@D36I_@&p$h|Aw
zonQS`07z_F#@T-%@-Tb|)7;;anoD_WH>9ewFy(ZcEOM$#Y)8>qi7rCnsH9GO-_7zF
zu*C87{Df1P4TEOsnzZ@H%&lvV(3V@;Q!%+OYRp`g05PjY^gL$^$-t<lOaPfbWQ29U
ziQLZAEqJX}(BXW*YUz0#v0~iKqbJ35-`aw1m+YA~k)TQVyq!wOKDE%}gHJ%Woa=@J
z_G3Z9VfhbWs>0Y>H*CDDs?FZly*oZ&dxvsxaUWF!{em4{A>n@vpXg$dwvt@_rgmHF
z-MER`ABa8R-t_H*kv>}CzOpz;!>p^^9ztHMsHL|SRnS<-y5Z*r(_}c4=fXF`l<Xkw
zEy6TsVDdDoV_TNG(<WvkK8TcvFZ^8LA2wsz%Sl;DbLS}my*l(?>^-i}>e7v!qs_jv
zqvWhX^F=2sDNWA9c@P0?lUlr6ecrTKM%pNQ^?*Lq?p-0~?_j50xV%^(+H>sMul#Tw
zeciF*1=?a7cI(}352%>LO96pD+?9!fNyl^9v3^v&Y4L)mNGK0FN43&Xf8jUlxW1Bw
zyiu2;qW-aGNhs=zbuoxnxiwZ3{PFZM#Kw)9H@(hgX23h(`Wm~m4&TvoZoYp{plb^>
z_#?vXcxd>r7K+1HKJvhed>gtK`TAbJUazUWQY6T~t2af%#<+Veyr%7-#<!`u7=6z<
z@9(d@bkwuJK`;AXMIasQ=4>*A#@&*;@g58{i|E%6yC_InGXCOd{L0;$)z#?n7M`re
zh!kO{6=>7I?*}czyF7_frt#)s1CFJ_XE&VrDA?Dp3XbvF{qsEJgb&OLSNz_5g?HpK
z9)8rsr4JN!Af3G9!#Qn(6zaUDqLN(g2g8*M)Djap?WMK9NKlkC)E2|-g|#-rp%!Gz
zAHd%`iq|81efi93m3yTBw3g0j#;Yb2X{mhRAI?&KDmbGqou(2xiRNb^sV}%%Wu0?<
z?($L>(#BO*)^)<q1<y(%o-D>rSgyNRni$i`R4v;GhlCZ8$@e^ROX(p=2_v6Y!%^As
zu022)fHdv_-~Yu_H6WVPLpHQx!W%^6j)cBhS`O3QBW#x(eX54d&I22op(N59b*&$v
zFiSRY6r<ogkg`lB4Kzk}79-1@4WexUMjw+78PVxKkpJ}l$#uYSKRni~wAs(LFQ`S~
z)6H^=SsBl_=gtAZcCb%LqI~={V0L=Y2XD)_)<%!{eY=Ch6CuBtAu<8uk=VNIh~<**
z4}OE-7;4DiEfmH5r(r_l!C{NrR4GiA;)KB7^Z5GJe5Gi4jN{kozWVvza9J%ysu#}1
zV05Y-@;(u_e>Oc^(dgSV1<S;M;fP~XvG?H2UWU4_zajZjOwrCC*tclCC;-DiooNK0
zKT=dwZdL_ATeNsapPF;r>>a7-5C;(5S5MvKcM2Jm-LD9TGqDpP097%52V+0>Xqq!!
zq4e3vj53SE6i8J`XcQB|MZPP8j;PAOnpGnllH6#Ku~vS42xP*Nz@~y%db7Xi8s09P
z1)e%8ys6&M8D=Dt6&t`iKG_4X=!kgRQoh%Z`dc&mlOUqXk-k`jKv9@(a^2-Upw>?<
zt5*^DV~6Zedbec4NVl(<J^HBK@2E4@wD3MtdV(xxnq%Vbc}WuHo}5QftrZiThWddC
z`SqHbMkXtVXKo79381*cF)4R%emsAj0XSNL+PDEL#FejmgEu5hh1&sJBWank<?5||
zFa70^J_fIcXV;YE%H5TE-LegY#;Q{2+X5ec9PUkBc$GBoPD$f3kMxcc{GCuyqMnT@
zoFpa`18N8o#cD|?wHX2`2uRGD5<2)(v9&spIF?JOuSy<x-3h*1uo<tmXh9c!`+f(x
zJ!3;pKi`8)fAw>$2T{&b)zA@b#dUyd>`2JC0=xa_fIm8<d`*pjaOx{pV5Pe7q{O1W
zAT5c_%T(D{?pE<afMwAc3^p*w8J|rwP_Jm84rW1XYj_z!4LWkm8d^QnYM3TAJ00M}
zVy+@IpL$^~2r+Bvv<<LIU<+tp*%PbBjNTe&Z{H48g3%crRya-=a)qRylf)#ctNvw?
zlFff;8hFwWk7>{5u<t#%K`^*tgQ@!!adiD7YiKBgV_c5|kR2YSiy*0+0NhSocT-E<
zLsbh?CBfxQ!F7|i4p=%MX(y=Km3GT?bty_*CZh1*xF8v|8xjqfoni!cQE1EFLyy>m
zr-!ApXZhC8@=vC2WyxO|!@0Km)h8ep*`^he92$@YwP>VcdoS5OC^s38e#7RPsg4j+
zbVGG}WRSET&ZfrcR(x~k8n1rTP%CnfUNKUonD$P?FtNFF#cn!wEIab-;jU=B1dHK@
z(;(yAQJ`O$sMn>h;pf^8{JISW%d+@v6@CnXh9n5TXGC}?FI9i-D0OMaIg&mAg=0Kn
zNJ7oz5*ReJukD55fU<geid?Ih<u$lD<ZaBChRKMH%^g0f>sMuaP+H4tDN&V9zfqF@
zr=#ecUk9wu{0;!+gl;3Bw=Vn^)z$ahVhhw)io!na&9}LmWurLb0zubxK=UEnU*{5P
z+SP}&*(iBKSO4{alBHaY^)5Q=mZ+2OwIooJ7*Q5XJ+2|q`9#f?6myq!&oz?klihLq
z4C)$XP!BNS0G_Z1&TM>?Jk{S~{F3n83ioli=IO6f%wkvCl(RFFw~j0tb{Gv<R+ryT
zRX%I@y>XTx>*sB0McY0s&SNvj4+^h`9nJ_wM>F!Uc>X}9PifQekn0sKI2SAJP!a4h
z5cyGTuCj3ZBM^&{dRelIlT^9zcfaAuL5Y~bl!ppSf`wZbK$z#6U~rdclk``e+!qhe
z6Qspo*%<)eu6?C;Bp<^VuW6JI|Ncvyn+LlSl;Mp22Bl7ARQ0Xc24%29(<s4_N=u??
z$t{gru-VXd6Kxbxv5Bt?Z$yc1w+D)_3NsUN5!&<3)ieB&Nu@~@oJ<S*(@c3&Pewi0
z%9!QRq|vABdor|x%wu0~=1Z5hOOpQi`0!iyJhFLc128BQmq$$|x}WJU?iN}7Kl;!3
z&fH)Q*P121qPNW?v_ooy8Sm4CFA(z37NUr<`Xy>ZrdsIPw&-=yHQ7_Vle|5h>AST0
zUGX2Zk34vp?U~IHT|;$U86T+UUHl_NE4m|}>E~6q``7hccCaT^#y+?wD##Q%HwPd8
zV3x4L4|qqu`B<QDcIkg$mi~*?H~RNY_Wx4D`}Y)A)!YT!6xCZ~ZTPl7{FKBwUP;<e
zGwA>$4(LXqDJngNy-{&@aFBvVsywt@X^}iH7P%>bR?ciC$I^U-4Foa<B~H&?t+Qu`
zYwLM1`)@`@%8{2TvE*VigXq!t`qQLW_S5DOEz|2z2j3@V_m6j4f9Dj+Tf}F*MS{?9
z%5n(*$y|Ke#xMg=rzn#aJmhAj==f%8S}Mvc)f)j&X?h~FezLP0LfVpNB_5sLG5z-3
z-35pyFHV0nPmuu&M8{s3y}I4c7J41@C$_+Wqk&1f`MvOF;v`)pAYGN4MEXuFe)LY2
z=&C(w{X1B@m%`@ul3h(Gtch>`YKI^qDyGK7k%E%c_P=yzAi`YnxGA%DeNd++j3*h^
z=rn>oBd0|~lZ<6YvmkKY*ZJlJ;Im0tqgWu&E92eqt;+NYdxx`eS(4Hw_Jb5|yVvBg
z*tbdY^!AN;luEyN4VRhS@-_DC{({ziH{&Z}iGElSV~qvT>L<HMHzj7J-Kpa!p!c29
zr8L!oM5$VXc*@gwRrKuo*h${B7BEkfln@c=6oRf(*M;GdM=)m;H&XnLvs%-2b*+hr
z7OLt;wv$AG{1d5A_3iuPkRtq^Z3(lga~pLocX)JXz8xtPuFH$tb1E#7^Np@GfB#l+
z&L?_OtoPwP5<R)d%5@nIE}~}{W{Q)eZmHbhg7xXREu-ZQD=)K37HlG2J>-8G%+yEL
zX#MFOhj{InyKG=mvW-<1B@c-}x$vA(nU?>S>0*eN#!SLzQ)Ex7fvQ)S4D<8|I#N$3
zT5Ei`Z?cxBODHX8(Xp73v`IsAYC@9b;t}z0wxVuQSY1J^GRwDPN@qbM-ZF48T$GZ<
z8WU+;Pqo?{ghI-KZ-i*ydXu`Ep0Xw^McH_KE9J0S7G;x8Fe`DVG?j3Pv=0YzJ}yZR
z%2=oqHiUjvuk0~Ca>Kol4CFi0_xQT~;_F?=u+!kIDl-9g`#ZNZ9HCy17Ga1v^Jv9#
z{T4Kb1-AzUxq*MutfOWWZgD*HnFfyYg0&e9f(5tZ>krPF6{VikNeHoc{linPPt#Si
z&*g>(c54V8rT_AX!J&bNm-!umPvOR}vDai#`CX___J#=zeB*{4<&2WpaDncZsOkp*
zsg<%@@rbrMkR_ux9?LsQxzoBa1s%$BBn6<mos5IdgH=dhp$~J!{0^n6tTjg;U5Diz
zxn*0gDh2*1rZJV&&gt&fW9znj@{DqJLV4eBUx+J-d4%cpr)wD1@Vx?X)?B*tGi&A=
zu5vL>vk#{&&zUwcfzeCBJUwFYSF$08qDsB;gWQN*g!p8pxjofWbqNSZOEKOaTx@+*
zwdt5*Q47@EOZ~EZL9s?1o?A%9TJT=Ob_13yyugvPg*e&ZU(r6^k4=2+D-@n=Hv5vu
zSXG|hM(>h9^zn=eQ=$6`JO&70&2|%V5Lsx>)(%#;pcOfu>*nk_3HB_BNaH$`jM<^S
zcSftDU<V-inKL>1?nL;jy)+sfonQN}(}gUW?d_ikr*3=^{G)=tjBtEPe>TO|0ddVB
zTklrSHiW+!#26frPXQQ(YN8DG$PZo?(<o9TOVxrss2Tawf48g5GCBiDSDE3#UTp|k
z0pKVwU|jx{+EQY()yCur&pg1mIZ@qM8XqZ|+FwhjuUu?KF@3ju{(}}|suk~@HhJ@t
zQ#Y9~FZ`d#%R!jufJh!!RQMg1{%cNgteq&qcX<80AJGOV1RA*AhOQap$U?Y%h(E_|
z8KTI5C~yZDX7BVzv96*H*$a>po(QUCCf_OJC`pw*uey00%gmH!`WJkrKXj2!<hVw7
zGRWHF)G~HffGg-$(O!{Pk3Jwp$~FflQ(t@$&I&M44Aeq=eh)c85(&68I*-`m6uoK%
zdl?LKwDh&L2fOllfoB@M_mp%O$0z3aZY$k-iHXr}^=#M>#6?`T25mTu9OJp2L8z3!
z=arrL$ZqxuE{%yV)14Kd>k}j7pxZ6#$Dz8$@WV5p8kTqN<-7W)Q7Gt2{KoOPK_tZ|
zf2WG~O5@{qPI+W<4f_;reuFVdO^5`ADC1!JQE|N`s3cq@(0WB!n0uh@*c{=LAd;~}
zyGK@hbF-Oo+!nN)@i*O(`@FA#u?o=~e{`4O#5}z&=UkU*50fOrzi11D^&FOqe>wii
z?*k+2|EcUs;Gx{!@KBT~>PAwLrIDT7Th=Utu?~?np@t^gFs?zgX=D${RwOY^WGh-+
z+#4$066I<rp}NtcF5!lhZvD^1^l^-7{>Sh8eYW#FXWp~S`<*%O^ZuItL1Tyqt8#tZ
zY120E;^VG`!lZn&3sPd$RkdHpU#|w+bYV)pJC|SH9g%|5IkxVTQcBA4CL0}$&}ef@
zW^Vtj%M;;_1xxP9x#ex17&4N*{ksO*_4O}xYu(p*JkL#yr}@7b)t5X?%CY<+s5_MJ
zuiqt+N_;A(_)%lumoyRFixWa-M7qK_9s6<1X?JDa9fP!+_6u~~M$5L=ipB=7(j#f<
zZ<k8E`Rwou;l+s_T|L^56YmSu4%^`QFTOq==C$v}z48r)V)i|8HET~j$njp}R%Tx6
z6z1$DcJ|+-rK;8O+M4D2OI&h9Z=KBOt2kjcN}lMJQdr(sa_4xJa;t^b;+K^1J9dTU
z7E3oumY>34J%=bs549%~_mA(|={uZNs_0?o7;-LBP(ZRnkd{-^|2|=4vUTmtByHL8
zEph`(LSEzQj68a+`d$V<45J7cyv^#|^|%fD#si1Nx!4NW*`l*{->HEWNh6-|g>-=r
zXmQ|-i}Ku$ndUeHQ^&ieT!Lf}vf6GaqW9$DJ2NWrqwPY%%4nip$@vK$nRp*_C-v<|
zuKz~ZyN&<%!NS26&x?jhy+@awJipMQ-8(X4#Ae5??U<1QMt1l9R=w9fAnEF}NYu$2
z>6<Remz*?TALWUbsLm^V8JpOI8Qrv^I{Uf`UiQ}=bwlT?m7XzzYl?d75*MLY>}Vkc
zIb*A?G*z8^IvibmBKn_u^5&T_1oey0gZS2~obf(#xk=erZGTEdQnt3DMGM+0oPwss
zj5zXD;(oWhB_T@~Ig#9@v)AKtXu3>Inmgf@A|-lD-1U>cNyl3h?ADD9)GG4}zUGPk
zZzaXe!~Kf?<~@$G?Uql3t8jy9{2!doq4=J}j9ktTxss{p6!9Ud<L0{JvuM8zT}59}
zy?q<PQ`(o7I;|2vYuA@mlwTC2VWpG0`?f+&<cL+^MokC9tZR;`s@;M`H_iw&h5ar5
zCVhp4@v?m@Lrzz?2Z>jyDERlA*xZ!=Q)KDs5O)phz>Vq3BNGoM(H|=1*Q4$^2fTZw
z(%nq1P|5Rt81}SYJpEEzMPl5VJsV5&4e)ZWKDyo<HF@#^TWD2$%#hJqrPwhn_I`~h
zrl9TX+98FE%rR>Z>1EwpkHx-AQVQc8%JMz;{H~p{=FXV>jIxvm4X*qv52e?Y-f%DJ
zxEA165GikEASQ^fH6K#d!Tpu2HP{sFs%E=e$gYd$aj$+xue6N+Wc(rAz~wUsk2`(b
z8Kvmyz%bKQxpP}~baG-rwYcYCv<u@FIev&XxIE!%Ztbxbt-Y%ng;He-ByR+Lk{8!A
z+z_?%ukrIgzuh|^o09LLIM$E(jD2g{U~B*3O~s^?p1O(7xg6;i3B@l87#4eO$$oiS
znHnuA9vGDnw~@NpSw1YYZjoo+HWTzC%$-J_E}3wK-(9hvP0Ct}242U82Wv+8>kHOi
zlkR<=>ZBTU*8RF_d#Bl@zZsRIhx<%~Z@Z<pYsoy05ZE@HkOT*OyM_H}bO0QHT>=ik
z>adw3!DK(8R|q$vy{FTxw%#xliD~6qXmY^7_9kthVPTF~Xy1CfBqbU~?1QmxmU=+k
z(ggxvEuA;0e&+ci-zQR{-f7aO{O(Pz_OsEjLh_K>MbvoZ4nxtk5u{g@nPv)cgW_R}
z9}EA4K4@z0?7ue}Z(o~R(X&FjejUI2g~08PH1E4w>9o{)S(?1>Z0XMvTb|;&EuyOE
z<Uf?|k(eh=|5A0k%+DyPOynyZIUEys#os=5y;pE3-eqjU+vfn|kx^`PvS0aFgK5k7
z_Ws8b<tF{v{r8Xc%Ra(S^vGriKjcqYF_IFKBCZ&>GvWNpYX)Nv<8|a^;<iw`qCF!m
zJCer*R!Lka?@SE&ch5f_idG-0J0#H0t`-WqI6fU-<8)0T>1>bh#&znEcl-r!T#pn=
z4$?Yudha6F%4b>*8@=BdtXXY4N+`U4Dmx$}>HeVJk-QdTG@t!tVT#0(LeV0gvqyyw
z2sEp^9eY0N`u10Tm4n8No&A=)IeEC|gnmEXoNSzu!1<4R<%-9kY_8~5Ej?zReg<ow
z_S`;&)5*<v9D*b@Pp375jJ+bUt(~O-SF0ZSb>Mn78wuMs#;i&eUA0Zk_RXQ3b&TT}
z;SCI<r<Tr9OC%fOR>=7-FUB@*&;8|n>(_g^HGf3@QODE3LpmX~ELnymQm{Sx9xrKS
zK29p~?v@R$0=v6Dr5aW>-!{+h@?Q58|Kz8{{W`%J+lDAdb&M5VHrX_m<yIVSusgG)
z`wE|gu8*tGFN+9LZP$c*%%oTIyT7Y#Uu$+WtVYvbCQ+Do^ID=OntZUS+AP2A;pDLp
zQ|q{WRobah5mlF}4!P`?SD*ypcWDw;D;8QgDGN?GxP&*+636N@_L%TF<fCxBbhCW%
zM%&xYBGf(}%YX|$hc1=>DY;1-JLnf)ezmPau$)1;=`-FU=-r-83tX=C`S#}GZufju
zQ>sXNT0Ny=k@nc%cFnvA_i4SC)?_ORXHq8B4D%el1uPX`c~uG#S1M7C+*MMqLw78E
zhY2dI8@+N^qrM<pEkuRyo-$3h*azHIX|CuJeg6U1uTYr#f1L)jm7pty!Nt_EpVqGj
zXVf`s*T3XSv0ipIVh~5QdLCYp1wi6^@nTR33ob<X9tfmOm*uFzZ-27JIbc;RY)sW`
zt!7sXsMOap1pmxDHwCgCeJ^w>I1+;TUd<Y7V_}N3cTlx9g%Oxl!1(@Fz@fhB!X!Qg
zzGte&a;gDDb7s`2pRO@2w9ly`vje6Ilj<$_c7{OhbUJ}K%$c%`!Wu9kSA#`Xja47q
z=~M~uTQ&ejWO4`vDE9|h6MO?f*d<f1pCzFOx6YSGxl|H(I2h0=%!FyILZ_|=bX<Z@
zIXy76kKLDpG=TR2T<cl5;7+F|gWhKYZ346vNMyq9`PzDJfsBPN=&eq$MKd*arcmkB
zATW410h$o^5JE{IECTR`<Q+_;Q1BqjI5Ciw%m8kGTdmE2GB82|h<4gEtNm!8e#?mt
z;D<+GLqmLk>a(vGqGSRyU{Fnm`aqrr7bz4<dKN=G5TxM1z~0~yR6MN!z}y8FQ<9oh
z=+qK`&H;`)dq`^^SX>2c5xsOO-~oZpkzorD1g}Y<6rk&3>PsSGy}W?MtqFky@A(X#
zIuNZK0cK?^=;PUAu>j0#HtjbHCV*6?jzA&OoE$*Jlga*}LF`SF?WLhv1O|zqC<>*>
zYB;#lsYKx0&kH@BFpW8n*yDcc6?;_zaJs<-jPSkCsSX-!aV=P5kUgF@Nu<{a%#K*F
z134Q{9|YX7X(v$62_cY3^G%t~rD>Q0z@)1|zs)vjJ6Jq9;7#Ki`w+eS**En?7;n&7
zu==V3T&eFboN3ZiMx3D8qYc;VjFUk_H-WWCau(VFXSQf~viH0L$<p$oTrv;PAp(HR
zxGYwoQ{`RRg4u%PEm#VL7~lyq<6`h+F9OK~tPR1wo}q|fJ3M>gwD$<h61N|-us1_A
zl+PEzjP+uR3A<ynvirg<hO=WL=vh8&(Wl2haO~h*nJ_e*eGq{@?#~H&b}m8~6;8Z^
zpbmt5cVjrE;ei2}0ANsjD@<R3Rp?ZF=p4ZLJsD20%)C2Oh4~(z31DYTGiF#ITp7;7
z!>UfFHqNcgN`x}M+YQ6RnN<+@t>JUp#)9YOkqst-Ga?{FsDpEeX0(5v{0J~SEbWiL
zXC2}M4?UH@u&|;%0y`eb33ldo4~z-x8zY!oVmV=c+f$m?RfDC35mdQ2E>Pze7KWP-
z>!Bh<&57I+O_^s}9Tg^k)h7{xx@0a0IA~GAOt2yy!X%Q$1rt~LbTB6@Du!_0%HV>N
zlf)QI1&gvERKwso23mJ!Ou6ZS#zCS5W`gxE5T>C#E|{i<1D35C222I33?Njaz`On7
zi<+VWFP6D{e-{yiN#M|Jgk<44u1TiMI78S5W`Sdb5f+{zu34s{CfWN7a3Cf^@L%!&
zN$?|!!9j2c)j$~+R6n#891w-z8(!oBpL2K=+%a$r2|~8-(vQj5_XT`<0Ksf;oP+tz
z9CObS!0m)Tgg`K#xBM8B(|Z)Wb&DYL{WTYv`;A=q6~Nnx2+!lTIXtj8J7dZE!P_{z
z#f8w6F}^!?^KE#+ZDv+xd5O&3EmomZzsv?>E-~ygGum45fk!SBN&|eo1rKw^?aZJ4
E2O(~oYXATM

literal 0
HcmV?d00001

diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties
new file mode 100644
index 0000000..442d913
--- /dev/null
+++ b/gradle/wrapper/gradle-wrapper.properties
@@ -0,0 +1,5 @@
+distributionBase=GRADLE_USER_HOME
+distributionPath=wrapper/dists
+distributionUrl=https\://services.gradle.org/distributions/gradle-6.8.3-bin.zip
+zipStoreBase=GRADLE_USER_HOME
+zipStorePath=wrapper/dists
diff --git a/gradlew b/gradlew
new file mode 100644
index 0000000..4f906e0
--- /dev/null
+++ b/gradlew
@@ -0,0 +1,185 @@
+#!/usr/bin/env sh
+
+#
+# Copyright 2015 the original author or authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+##############################################################################
+##
+##  Gradle start up script for UN*X
+##
+##############################################################################
+
+# Attempt to set APP_HOME
+# Resolve links: $0 may be a link
+PRG="$0"
+# Need this for relative symlinks.
+while [ -h "$PRG" ] ; do
+    ls=`ls -ld "$PRG"`
+    link=`expr "$ls" : '.*-> \(.*\)$'`
+    if expr "$link" : '/.*' > /dev/null; then
+        PRG="$link"
+    else
+        PRG=`dirname "$PRG"`"/$link"
+    fi
+done
+SAVED="`pwd`"
+cd "`dirname \"$PRG\"`/" >/dev/null
+APP_HOME="`pwd -P`"
+cd "$SAVED" >/dev/null
+
+APP_NAME="Gradle"
+APP_BASE_NAME=`basename "$0"`
+
+# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
+DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
+
+# Use the maximum available, or set MAX_FD != -1 to use that value.
+MAX_FD="maximum"
+
+warn () {
+    echo "$*"
+}
+
+die () {
+    echo
+    echo "$*"
+    echo
+    exit 1
+}
+
+# OS specific support (must be 'true' or 'false').
+cygwin=false
+msys=false
+darwin=false
+nonstop=false
+case "`uname`" in
+  CYGWIN* )
+    cygwin=true
+    ;;
+  Darwin* )
+    darwin=true
+    ;;
+  MINGW* )
+    msys=true
+    ;;
+  NONSTOP* )
+    nonstop=true
+    ;;
+esac
+
+CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
+
+
+# Determine the Java command to use to start the JVM.
+if [ -n "$JAVA_HOME" ] ; then
+    if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
+        # IBM's JDK on AIX uses strange locations for the executables
+        JAVACMD="$JAVA_HOME/jre/sh/java"
+    else
+        JAVACMD="$JAVA_HOME/bin/java"
+    fi
+    if [ ! -x "$JAVACMD" ] ; then
+        die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME
+
+Please set the JAVA_HOME variable in your environment to match the
+location of your Java installation."
+    fi
+else
+    JAVACMD="java"
+    which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
+
+Please set the JAVA_HOME variable in your environment to match the
+location of your Java installation."
+fi
+
+# Increase the maximum file descriptors if we can.
+if [ "$cygwin" = "false" -a "$darwin" = "false" -a "$nonstop" = "false" ] ; then
+    MAX_FD_LIMIT=`ulimit -H -n`
+    if [ $? -eq 0 ] ; then
+        if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then
+            MAX_FD="$MAX_FD_LIMIT"
+        fi
+        ulimit -n $MAX_FD
+        if [ $? -ne 0 ] ; then
+            warn "Could not set maximum file descriptor limit: $MAX_FD"
+        fi
+    else
+        warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT"
+    fi
+fi
+
+# For Darwin, add options to specify how the application appears in the dock
+if $darwin; then
+    GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\""
+fi
+
+# For Cygwin or MSYS, switch paths to Windows format before running java
+if [ "$cygwin" = "true" -o "$msys" = "true" ] ; then
+    APP_HOME=`cygpath --path --mixed "$APP_HOME"`
+    CLASSPATH=`cygpath --path --mixed "$CLASSPATH"`
+
+    JAVACMD=`cygpath --unix "$JAVACMD"`
+
+    # We build the pattern for arguments to be converted via cygpath
+    ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null`
+    SEP=""
+    for dir in $ROOTDIRSRAW ; do
+        ROOTDIRS="$ROOTDIRS$SEP$dir"
+        SEP="|"
+    done
+    OURCYGPATTERN="(^($ROOTDIRS))"
+    # Add a user-defined pattern to the cygpath arguments
+    if [ "$GRADLE_CYGPATTERN" != "" ] ; then
+        OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)"
+    fi
+    # Now convert the arguments - kludge to limit ourselves to /bin/sh
+    i=0
+    for arg in "$@" ; do
+        CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -`
+        CHECK2=`echo "$arg"|egrep -c "^-"`                                 ### Determine if an option
+
+        if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then                    ### Added a condition
+            eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"`
+        else
+            eval `echo args$i`="\"$arg\""
+        fi
+        i=`expr $i + 1`
+    done
+    case $i in
+        0) set -- ;;
+        1) set -- "$args0" ;;
+        2) set -- "$args0" "$args1" ;;
+        3) set -- "$args0" "$args1" "$args2" ;;
+        4) set -- "$args0" "$args1" "$args2" "$args3" ;;
+        5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;;
+        6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;;
+        7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;;
+        8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;;
+        9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;;
+    esac
+fi
+
+# Escape application args
+save () {
+    for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done
+    echo " "
+}
+APP_ARGS=`save "$@"`
+
+# Collect all arguments for the java command, following the shell quoting and substitution rules
+eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS "\"-Dorg.gradle.appname=$APP_BASE_NAME\"" -classpath "\"$CLASSPATH\"" org.gradle.wrapper.GradleWrapperMain "$APP_ARGS"
+
+exec "$JAVACMD" "$@"
diff --git a/gradlew.bat b/gradlew.bat
new file mode 100644
index 0000000..107acd3
--- /dev/null
+++ b/gradlew.bat
@@ -0,0 +1,89 @@
+@rem
+@rem Copyright 2015 the original author or authors.
+@rem
+@rem Licensed under the Apache License, Version 2.0 (the "License");
+@rem you may not use this file except in compliance with the License.
+@rem You may obtain a copy of the License at
+@rem
+@rem      https://www.apache.org/licenses/LICENSE-2.0
+@rem
+@rem Unless required by applicable law or agreed to in writing, software
+@rem distributed under the License is distributed on an "AS IS" BASIS,
+@rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+@rem See the License for the specific language governing permissions and
+@rem limitations under the License.
+@rem
+
+@if "%DEBUG%" == "" @echo off
+@rem ##########################################################################
+@rem
+@rem  Gradle startup script for Windows
+@rem
+@rem ##########################################################################
+
+@rem Set local scope for the variables with windows NT shell
+if "%OS%"=="Windows_NT" setlocal
+
+set DIRNAME=%~dp0
+if "%DIRNAME%" == "" set DIRNAME=.
+set APP_BASE_NAME=%~n0
+set APP_HOME=%DIRNAME%
+
+@rem Resolve any "." and ".." in APP_HOME to make it shorter.
+for %%i in ("%APP_HOME%") do set APP_HOME=%%~fi
+
+@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
+set DEFAULT_JVM_OPTS="-Xmx64m" "-Xms64m"
+
+@rem Find java.exe
+if defined JAVA_HOME goto findJavaFromJavaHome
+
+set JAVA_EXE=java.exe
+%JAVA_EXE% -version >NUL 2>&1
+if "%ERRORLEVEL%" == "0" goto execute
+
+echo.
+echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
+echo.
+echo Please set the JAVA_HOME variable in your environment to match the
+echo location of your Java installation.
+
+goto fail
+
+:findJavaFromJavaHome
+set JAVA_HOME=%JAVA_HOME:"=%
+set JAVA_EXE=%JAVA_HOME%/bin/java.exe
+
+if exist "%JAVA_EXE%" goto execute
+
+echo.
+echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
+echo.
+echo Please set the JAVA_HOME variable in your environment to match the
+echo location of your Java installation.
+
+goto fail
+
+:execute
+@rem Setup the command line
+
+set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
+
+
+@rem Execute Gradle
+"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %*
+
+:end
+@rem End local scope for the variables with windows NT shell
+if "%ERRORLEVEL%"=="0" goto mainEnd
+
+:fail
+rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of
+rem the _cmd.exe /c_ return code!
+if  not "" == "%GRADLE_EXIT_CONSOLE%" exit 1
+exit /b 1
+
+:mainEnd
+if "%OS%"=="Windows_NT" endlocal
+
+:omega
diff --git a/scripts/check_version.sh b/scripts/check_version.sh
new file mode 100644
index 0000000..4417fc0
--- /dev/null
+++ b/scripts/check_version.sh
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+version=$1
+echo "Input version : '$version'"
+
+echo "Fetch tags..."
+git fetch --tags
+
+if [ $(git tag -l "$version") ]; then
+  echo "ERROR: version '$version' has already been released"
+  exit 1
+fi
diff --git a/scripts/prepare_javadoc.sh b/scripts/prepare_javadoc.sh
new file mode 100644
index 0000000..12f479b
--- /dev/null
+++ b/scripts/prepare_javadoc.sh
@@ -0,0 +1,52 @@
+#!/bin/sh
+
+echo "Compute the current API version..."
+
+repository_name=$1
+version=$2
+is_snapshot=$3
+
+if [ "$is_snapshot" = true ]
+then
+  version="$version-SNAPSHOT"
+fi
+
+echo "Computed current API version: $version"
+
+echo "Clone $repository_name..."
+git clone https://github.com/eclipse-keypop/$repository_name.git
+
+cd $repository_name
+
+echo "Checkout gh-pages branch..."
+git checkout -f gh-pages
+
+echo "Delete existing SNAPSHOT directory..."
+rm -rf *-SNAPSHOT
+
+echo "Delete existing RC directories in case of final release..."
+rm -rf $version-rc*
+
+echo "Create target directory $version..."
+mkdir $version
+
+echo "Copy javadoc files..."
+cp -rf ../build/docs/javadoc/* $version/
+
+echo "Update versions list..."
+echo "| Version | Documents |" > list_versions.md
+echo "|:---:|---|" >> list_versions.md
+for directory in `ls -rd [0-9]*/ | cut -f1 -d'/'`
+do
+  echo "| $directory | [API documentation]($directory) |" >> list_versions.md
+done
+
+echo "Computed all versions:"
+cat list_versions.md
+
+cd ..
+
+echo "Local docs update finished."
+
+
+
diff --git a/settings.gradle.kts b/settings.gradle.kts
new file mode 100644
index 0000000..631416c
--- /dev/null
+++ b/settings.gradle.kts
@@ -0,0 +1 @@
+rootProject.name = "keypop-calypso-certificate-java-api"
\ No newline at end of file
diff --git a/src/main/java/org/eclipse/keypop/calypso/certificate/CalypsoCertificateApiFactory.java b/src/main/java/org/eclipse/keypop/calypso/certificate/CalypsoCertificateApiFactory.java
new file mode 100644
index 0000000..acead4c
--- /dev/null
+++ b/src/main/java/org/eclipse/keypop/calypso/certificate/CalypsoCertificateApiFactory.java
@@ -0,0 +1,64 @@
+/* ******************************************************************************
+ * Copyright (c) 2024 Calypso Networks Association https://calypsonet.org/
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the MIT License which is available at
+ * https://opensource.org/licenses/MIT.
+ *
+ * SPDX-License-Identifier: MIT
+ ****************************************************************************** */
+package org.eclipse.keypop.calypso.certificate;
+
+import org.eclipse.keypop.calypso.certificate.ca.CaCertificateManager;
+import org.eclipse.keypop.calypso.certificate.ca.CaCertificateSettings;
+import org.eclipse.keypop.calypso.certificate.card.CardCertificateManager;
+import org.eclipse.keypop.calypso.certificate.card.CardCertificateSettings;
+
+/**
+ * Factory of {@link CaCertificateSettings}, {@link CaCertificateManager}, {@link
+ * CardCertificateSettings} and {@link CardCertificateManager}.
+ *
+ * @since 0.1.0
+ */
+public interface CalypsoCertificateApiFactory {
+
+  /**
+   * Returns a new instance of the specified CA certificate settings class.
+   *
+   * @param <T> The type of the lowest level child object.
+   * @param classOfT The `Class` object of the desired CA certificate settings type. This type must
+   *     extend {@link CaCertificateSettings}.
+   * @return A non-null reference.
+   * @since 0.1.0
+   */
+  <T extends CaCertificateSettings> T createCaCertificateSettings(Class<T> classOfT);
+
+  /**
+   * Returns a new instance of the specified card certificate settings class.
+   *
+   * @param <T> The type of the lowest level child object.
+   * @param classOfT The `Class` object of the desired card certificate settings type. This type
+   *     must extend {@link CardCertificateSettings}.
+   * @return A non-null reference.
+   * @since 0.1.0
+   */
+  <T extends CardCertificateSettings> T createCardCertificateSettings(Class<T> classOfT);
+
+  /**
+   * Returns a new instance of {@link CaCertificateManager}.
+   *
+   * @param settings The CA certificate settings to use.
+   * @return A non-null reference.
+   * @since 0.1.0
+   */
+  CaCertificateManager createCaCertificateManager(CaCertificateSettings settings);
+
+  /**
+   * Returns a new instance of {@link CardCertificateManager}.
+   *
+   * @param settings The card certificate settings to use.
+   * @return A non-null reference.
+   * @since 0.1.0
+   */
+  CardCertificateManager createCardCertificateManager(CardCertificateSettings settings);
+}
diff --git a/src/main/java/org/eclipse/keypop/calypso/certificate/CalypsoCertificateApiProperties.java b/src/main/java/org/eclipse/keypop/calypso/certificate/CalypsoCertificateApiProperties.java
new file mode 100644
index 0000000..52bf030
--- /dev/null
+++ b/src/main/java/org/eclipse/keypop/calypso/certificate/CalypsoCertificateApiProperties.java
@@ -0,0 +1,28 @@
+/* ******************************************************************************
+ * Copyright (c) 2024 Calypso Networks Association https://calypsonet.org/
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the MIT License which is available at
+ * https://opensource.org/licenses/MIT.
+ *
+ * SPDX-License-Identifier: MIT
+ ****************************************************************************** */
+package org.eclipse.keypop.calypso.certificate;
+
+/**
+ * API properties.
+ *
+ * @since 0.1.0
+ */
+public final class CalypsoCertificateApiProperties {
+
+  /**
+   * API version: {@value}
+   *
+   * @since 0.1.0
+   */
+  public static final String VERSION = "0.1";
+
+  /** Private constructor */
+  private CalypsoCertificateApiProperties() {}
+}
diff --git a/src/main/java/org/eclipse/keypop/calypso/certificate/ca/CaCertificateManager.java b/src/main/java/org/eclipse/keypop/calypso/certificate/ca/CaCertificateManager.java
new file mode 100644
index 0000000..bb0d729
--- /dev/null
+++ b/src/main/java/org/eclipse/keypop/calypso/certificate/ca/CaCertificateManager.java
@@ -0,0 +1,25 @@
+/* ******************************************************************************
+ * Copyright (c) 2024 Calypso Networks Association https://calypsonet.org/
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the MIT License which is available at
+ * https://opensource.org/licenses/MIT.
+ *
+ * SPDX-License-Identifier: MIT
+ ****************************************************************************** */
+package org.eclipse.keypop.calypso.certificate.ca;
+
+/**
+ * Provides a method to create a CA certificate.
+ *
+ * @since 0.1.0
+ */
+public interface CaCertificateManager {
+  /**
+   * Returns a byte array containing the data to be stored in a card.
+   *
+   * @return A 384-byte byte array.
+   * @since 0.1.0
+   */
+  byte[] createCertificate();
+}
diff --git a/src/main/java/org/eclipse/keypop/calypso/certificate/ca/CaCertificateSettings.java b/src/main/java/org/eclipse/keypop/calypso/certificate/ca/CaCertificateSettings.java
new file mode 100644
index 0000000..4f9849d
--- /dev/null
+++ b/src/main/java/org/eclipse/keypop/calypso/certificate/ca/CaCertificateSettings.java
@@ -0,0 +1,18 @@
+/* ******************************************************************************
+ * Copyright (c) 2024 Calypso Networks Association https://calypsonet.org/
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the MIT License which is available at
+ * https://opensource.org/licenses/MIT.
+ *
+ * SPDX-License-Identifier: MIT
+ ****************************************************************************** */
+package org.eclipse.keypop.calypso.certificate.ca;
+
+/**
+ * Settings for a CA certificate. It is used in conjunction with the CaCertificateManager class for
+ * managing and creating certificates .
+ *
+ * @since 0.1.0
+ */
+public interface CaCertificateSettings {}
diff --git a/src/main/java/org/eclipse/keypop/calypso/certificate/ca/CaCertificateSettingsV1.java b/src/main/java/org/eclipse/keypop/calypso/certificate/ca/CaCertificateSettingsV1.java
new file mode 100644
index 0000000..c701f21
--- /dev/null
+++ b/src/main/java/org/eclipse/keypop/calypso/certificate/ca/CaCertificateSettingsV1.java
@@ -0,0 +1,206 @@
+/* ******************************************************************************
+ * Copyright (c) 2024 Calypso Networks Association https://calypsonet.org/
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the MIT License which is available at
+ * https://opensource.org/licenses/MIT.
+ *
+ * SPDX-License-Identifier: MIT
+ ****************************************************************************** */
+package org.eclipse.keypop.calypso.certificate.ca;
+
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import org.eclipse.keypop.calypso.certificate.ca.spi.CaCertificateSignerSpi;
+
+/**
+ * Extends {@link CaCertificateSettings} to manage and generate CA certificates, conforming to
+ * version 1 of the CA certificate format.
+ *
+ * @since 0.1.0
+ */
+public interface CaCertificateSettingsV1 extends CaCertificateSettings {
+  /**
+   * Sets the external signer to be used for generating signed CA certificates.
+   *
+   * @param caCertificateSigner The external signer for ca certificate generation.
+   * @return The current instance.
+   * @throws IllegalArgumentException If the provided signer is null, invalid, or not compatible
+   *     with the required signature formats.
+   * @throws IllegalStateException If an internal signer has already been configured using {@link
+   *     #useInternalSigner(PrivateKey, byte[])}.
+   * @since 0.1.0
+   */
+  CaCertificateSettingsV1 useExternalSigner(CaCertificateSignerSpi caCertificateSigner);
+
+  /**
+   * Configures the settings to use the internal signer for generating signed CA certificates.
+   *
+   * <p>The internal signer will use the provided 2048 bits RSA private key with a public exponent
+   * of 65537 and the specified public key reference for signing operations.
+   *
+   * @param issuerPrivateKey The RSA private key of the issuer (2048 bits, public exponent 65537).
+   * @param issuerPublicKeyReference A 29-byte byte array representing a reference to the issuer's
+   *     public key.
+   * @return The current instance.
+   * @throws IllegalArgumentException If any of the provided arguments are null, invalid, or have
+   *     incompatible formats.
+   * @throws IllegalStateException If an external signer has already been set using {@link
+   *     #useExternalSigner(CaCertificateSignerSpi)}.
+   * @since 0.1.0
+   */
+  CaCertificateSettingsV1 useInternalSigner(
+      PrivateKey issuerPrivateKey, byte[] issuerPublicKeyReference);
+
+  /**
+   * Sets the public key of the CA, provided as a 64-byte raw array.
+   *
+   * <p>This key is expected to be a 2048 bits RSA public key with a public exponent equal to 65537.
+   * It will be used for the verification of card certificates.
+   *
+   * <p>The associated reference is a 29-byte byte array.
+   *
+   * @param caPublicKey The RSA public key of the CA (2048 bits, public exponent 65537).
+   * @param caPublicKeyReference The CA public key reference.
+   * @return The current instance.
+   * @throws IllegalArgumentException If one of the provided argument is null or invalid.
+   * @since 0.1.0
+   */
+  CaCertificateSettingsV1 setCaPublicKey(PublicKey caPublicKey, byte[] caPublicKeyReference);
+
+  /**
+   * Sets the validity period of the certificate's public key. This defines the timeframe when the
+   * certificate can be considered trusted.
+   *
+   * <p>If neither start nor end date is set, the certificate will have open-ended validity.
+   *
+   * @param startDateYear The year of the start date (e.g., 2024). Valid range: 1900-2100.
+   * @param startDateMonth The month of the start date (1-12).
+   * @param startDateDay The day of the start date (1-31).
+   * @param endDateYear The year of the end date (e.g., 2025). Valid range: 1900-2100.
+   * @param endDateMonth The month of the end date (1-12).
+   * @param endDateDay The day of the end date.
+   * @return The current instance.
+   * @throws IllegalArgumentException If any date parameter is out of range.
+   * @since 0.1.0
+   */
+  CaCertificateSettingsV1 setValidityPeriod(
+      int startDateYear,
+      int startDateMonth,
+      int startDateDay,
+      int endDateYear,
+      int endDateMonth,
+      int endDateDay);
+
+  /**
+   * Sets the AID (Application Identifier) of the card certificates for which the certificate is
+   * applicable.
+   *
+   * <p>If the AID is not set, the certificate will be applicable to any card certificates.
+   *
+   * @param aid The AID value as a 5 to 16 bytes byte array.
+   * @return The current instance.
+   * @throws IllegalArgumentException If the provided argument is null or out of range.
+   * @since 0.1.0
+   */
+  CaCertificateSettingsV1 setAid(byte[] aid);
+
+  /**
+   * Sets the CA rights for this card certificate, controlling which types of certificates the card
+   * can be used to authenticate.
+   *
+   * <p>The provided <code>caRights</code> byte defines the following permissions:
+   *
+   * <ul>
+   *   <li><b>Bits b7-b4:</b> Reserved for future use (RFU). Must be set to 0. <br>
+   *       Attempting to set non-zero values in these bits will throw an {@link
+   *       IllegalArgumentException}.
+   *   <li><b>Bits b3-b2:</b> Card key certificates authentication right:
+   *       <ul>
+   *         <li>%00: CardCert authentication right not specified.
+   *         <li>%01: CardCert authentication forbidden.
+   *         <li>%10: CardCert authentication allowed.
+   *         <li>%11: Reserved for future use.
+   *       </ul>
+   *   <li><b>Bits b1-b0:</b> CA key certificates authentication right:
+   *       <ul>
+   *         <li>%00: CACert authentication right not specified.
+   *         <li>%01: CACert authentication forbidden.
+   *         <li>%10: CACert authentication allowed.
+   *         <li>%11: Reserved for future use.
+   *       </ul>
+   * </ul>
+   *
+   * @param caRights The byte representing the CA rights for this card certificate.
+   * @return The current instance.
+   * @throws IllegalArgumentException If the provided byte contains invalid values, including
+   *     non-zero values in reserved bits.
+   * @since 0.1.0
+   */
+  CaCertificateSettingsV1 setCaRights(byte caRights);
+
+  /**
+   * Sets the CA scope for this card certificate, defining the context in which the CA key pair can
+   * be used.
+   *
+   * <p>The provided <code>caScope</code> byte specifies the allowed usage context:
+   *
+   * <ul>
+   *   <li>%00: Scope restrictions not specified.
+   *   <li>%01: Allowed only for development, tests, pilots, etc. (limited scope).
+   *   <li>%FF: No scope restriction (full scope).
+   *   <li>Other values: Reserved for future use (RFU).
+   * </ul>
+   *
+   * Choosing an appropriate scope is crucial for security and proper certificate management. Select
+   * a scope that aligns with the intended use of the CA key pair to avoid potential misuse.
+   *
+   * @param caScope The byte representing the CA scope for this card certificate.
+   * @return The current instance.
+   * @throws IllegalArgumentException If the provided byte contains an invalid value, including
+   *     non-standard or reserved values.
+   * @since 0.1.0
+   */
+  CaCertificateSettingsV1 setCaScope(byte caScope);
+
+  /**
+   * Sets the CA operating mode, controlling how the target Calypso Prime PKI application AID should
+   * be verified during card certificate validation.
+   *
+   * <p>The provided <code>caOperatingMode</code> byte defines the following behavior:
+   *
+   * <ul>
+   *   <li><b>Bits b7-b1:</b> Reserved for future use (RFU). Must be set to 0. <br>
+   *       Attempting to set non-zero values in these bits will throw an {@link
+   *       IllegalArgumentException}.
+   *   <li><b>Bit b0:</b> Target Calypso Prime PKI application AID matching:
+   *       <ul>
+   *         <li><b>%0:</b> Truncation forbidden:
+   *             <ul>
+   *               <li>The size of the card AID in the card certificate must be equal to the size of
+   *                   the target AID specified in this certificate.
+   *               <li>The corresponding number of first (leftmost) bytes of the card AID value in
+   *                   the card certificate and the target AID value in this certificate must be
+   *                   equal.
+   *             </ul>
+   *         <li><b>%1:</b> Truncation allowed:
+   *             <ul>
+   *               <li>The size of the card AID in the card certificate can be equal to or greater
+   *                   than the size of the target AID specified in this certificate.
+   *               <li>The specified size first (leftmost) bytes of the card AID value in the card
+   *                   certificate and the target AID value in this certificate must be equal.
+   *             </ul>
+   *       </ul>
+   * </ul>
+   *
+   * Choosing an appropriate operating mode is crucial for secure and verified certificate issuance.
+   * Refer to the Calypso Prime PKI specifications for further details and guidelines.
+   *
+   * @param caOperatingMode The byte representing the CA operating mode for this card certificate.
+   * @return The current instance.
+   * @throws IllegalArgumentException If the provided byte contains invalid values, including
+   *     non-zero values in reserved bits.
+   * @since 0.1.0
+   */
+  CaCertificateSettingsV1 setCaOperatingMode(byte caOperatingMode);
+}
diff --git a/src/main/java/org/eclipse/keypop/calypso/certificate/ca/package-info.java b/src/main/java/org/eclipse/keypop/calypso/certificate/ca/package-info.java
new file mode 100644
index 0000000..887d03c
--- /dev/null
+++ b/src/main/java/org/eclipse/keypop/calypso/certificate/ca/package-info.java
@@ -0,0 +1,6 @@
+/**
+ * Calypso Certification Authority certificates management.
+ *
+ * @since 0.2.0
+ */
+package org.eclipse.keypop.calypso.certificate.ca;
diff --git a/src/main/java/org/eclipse/keypop/calypso/certificate/ca/spi/CaCertificateSignerSpi.java b/src/main/java/org/eclipse/keypop/calypso/certificate/ca/spi/CaCertificateSignerSpi.java
new file mode 100644
index 0000000..99f2434
--- /dev/null
+++ b/src/main/java/org/eclipse/keypop/calypso/certificate/ca/spi/CaCertificateSignerSpi.java
@@ -0,0 +1,54 @@
+/* ******************************************************************************
+ * Copyright (c) 2024 Calypso Networks Association https://calypsonet.org/
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the MIT License which is available at
+ * https://opensource.org/licenses/MIT.
+ *
+ * SPDX-License-Identifier: MIT
+ ****************************************************************************** */
+package org.eclipse.keypop.calypso.certificate.ca.spi;
+
+/**
+ * Signer for a Calypso CA certificate.
+ *
+ * <p>Implementations of this interface provide the cryptographic signing functionality used to
+ * generate signed CA certificates.
+ *
+ * @since 0.1.0
+ */
+public interface CaCertificateSignerSpi {
+
+  /**
+   * Gets the reference to the issuer's public key.
+   *
+   * @return A 29-byte byte array.
+   * @since 0.1.0
+   */
+  byte[] getIssuerPublicKeyReference();
+
+  /**
+   * Generates a signed CA certificate based on the provided data.
+   *
+   * @param allData The byte array containing all the data to be included in the certificate. This
+   *     typically includes information about the subject, validity period, and other certificate
+   *     attributes.
+   * @return The signed card certificate, represented as a byte array.
+   * @since 0.1.0
+   */
+  byte[] generateSignedCertificate(byte[] allData);
+
+  /**
+   * Generates a signed CA certificate based on the provided data and recoverable data. This method
+   * is similar to {@link #generateSignedCertificate(byte[])}, but allows for separate handling of
+   * non-recoverable and recoverable data during signing.
+   *
+   * @param data The byte array containing the non-recoverable data for the certificate.
+   * @param recoverableData The byte array containing the recoverable data for the certificate. This
+   *     might be encrypted or protected data that shouldn't be included in the final certificate
+   *     but is needed for signature generation.
+   * @return The signed card certificate, represented as a byte array.
+   * @since 0.1.0
+   */
+  byte[] generateSignedCertificate(byte[] data, byte[] recoverableData);
+}
diff --git a/src/main/java/org/eclipse/keypop/calypso/certificate/ca/spi/package-info.java b/src/main/java/org/eclipse/keypop/calypso/certificate/ca/spi/package-info.java
new file mode 100644
index 0000000..08349ec
--- /dev/null
+++ b/src/main/java/org/eclipse/keypop/calypso/certificate/ca/spi/package-info.java
@@ -0,0 +1,6 @@
+/**
+ * Calypso Certification Authority certificates external signing.
+ *
+ * @since 0.2.0
+ */
+package org.eclipse.keypop.calypso.certificate.ca.spi;
diff --git a/src/main/java/org/eclipse/keypop/calypso/certificate/card/CardCertificateManager.java b/src/main/java/org/eclipse/keypop/calypso/certificate/card/CardCertificateManager.java
new file mode 100644
index 0000000..7b3b2d4
--- /dev/null
+++ b/src/main/java/org/eclipse/keypop/calypso/certificate/card/CardCertificateManager.java
@@ -0,0 +1,34 @@
+/* ******************************************************************************
+ * Copyright (c) 2024 Calypso Networks Association https://calypsonet.org/
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the MIT License which is available at
+ * https://opensource.org/licenses/MIT.
+ *
+ * SPDX-License-Identifier: MIT
+ ****************************************************************************** */
+package org.eclipse.keypop.calypso.certificate.card;
+
+/**
+ * Provides methods to create a card certificate and get the associated card public key.
+ *
+ * @since 0.1.0
+ */
+public interface CardCertificateManager {
+
+  /**
+   * Based on provided settings, generates the certificate data to be stored in a card.
+   *
+   * @return A 384-byte byte array.
+   * @since 0.1.0
+   */
+  byte[] createCertificate();
+
+  /**
+   * Based on provided settings, extracts the public key data.
+   *
+   * @return A 64-byte byte array.
+   * @since 0.1.0
+   */
+  byte[] getCardPublicKeyData();
+}
diff --git a/src/main/java/org/eclipse/keypop/calypso/certificate/card/CardCertificateSettings.java b/src/main/java/org/eclipse/keypop/calypso/certificate/card/CardCertificateSettings.java
new file mode 100644
index 0000000..8271e15
--- /dev/null
+++ b/src/main/java/org/eclipse/keypop/calypso/certificate/card/CardCertificateSettings.java
@@ -0,0 +1,18 @@
+/* ******************************************************************************
+ * Copyright (c) 2024 Calypso Networks Association https://calypsonet.org/
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the MIT License which is available at
+ * https://opensource.org/licenses/MIT.
+ *
+ * SPDX-License-Identifier: MIT
+ ****************************************************************************** */
+package org.eclipse.keypop.calypso.certificate.card;
+
+/**
+ * Settings for a card certificate. It is used in conjunction with the CaCertificateManager class
+ * for managing and creating certificates.
+ *
+ * @since 0.1.0
+ */
+public interface CardCertificateSettings {}
diff --git a/src/main/java/org/eclipse/keypop/calypso/certificate/card/CardCertificateSettingsV1.java b/src/main/java/org/eclipse/keypop/calypso/certificate/card/CardCertificateSettingsV1.java
new file mode 100644
index 0000000..8e888ed
--- /dev/null
+++ b/src/main/java/org/eclipse/keypop/calypso/certificate/card/CardCertificateSettingsV1.java
@@ -0,0 +1,133 @@
+/* ******************************************************************************
+ * Copyright (c) 2024 Calypso Networks Association https://calypsonet.org/
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the MIT License which is available at
+ * https://opensource.org/licenses/MIT.
+ *
+ * SPDX-License-Identifier: MIT
+ ****************************************************************************** */
+package org.eclipse.keypop.calypso.certificate.card;
+
+import java.security.PrivateKey;
+import org.eclipse.keypop.calypso.certificate.card.spi.CardCertificateSignerSpi;
+
+/**
+ * Extends {@link CardCertificateSettings} to manage and generate card certificates, conforming to
+ * version 1 of the card certificate format.
+ *
+ * @since 0.1.0
+ */
+public interface CardCertificateSettingsV1 extends CardCertificateSettings {
+
+  /**
+   * Sets the external signer to be used for generating signed card certificates.
+   *
+   * @param cardCertificateSigner The external signer for card certificate generation.
+   * @return The current instance.
+   * @throws IllegalArgumentException If the provided signer is null, invalid, or not compatible
+   *     with the required signature formats.
+   * @throws IllegalStateException If an internal signer has already been configured using {@link
+   *     #useInternalSigner(PrivateKey, byte[])}.
+   * @since 0.1.0
+   */
+  CardCertificateSettingsV1 useExternalSigner(CardCertificateSignerSpi cardCertificateSigner);
+
+  /**
+   * Configures the settings to use the internal signer for generating signed card certificates.
+   *
+   * <p>The internal signer will use the provided 2048 bits RSA private key with a public exponent
+   * of 65537 and the specified public key reference for signing operations.
+   *
+   * @param issuerPrivateKey The RSA private key of the issuer (2048 bits, public exponent 65537).
+   * @param issuerPublicKeyReference A 29-byte byte array representing a reference to the issuer's
+   *     public key.
+   * @return The current instance.
+   * @throws IllegalArgumentException If any of the provided arguments are null, invalid, or have
+   *     incompatible formats.
+   * @throws IllegalStateException If an external signer has already been set using {@link
+   *     #useExternalSigner(CardCertificateSignerSpi)}.
+   * @since 0.1.0
+   */
+  CardCertificateSettingsV1 useInternalSigner(
+      PrivateKey issuerPrivateKey, byte[] issuerPublicKeyReference);
+
+  /**
+   * Sets the public key of the card, provided as a 64-byte raw array.
+   *
+   * <p>This key is expected to be on the <strong>secp256r1</strong> elliptic curve. It will be used
+   * for the verification of card signatures.
+   *
+   * @param cardPublicKey The 64-byte raw array representing the public key on the
+   *     <strong>secp256r1</strong> curve.
+   * @return The current instance.
+   * @throws IllegalArgumentException If the provided key is null or has an invalid length (not 64).
+   * @since 0.1.0
+   */
+  CardCertificateSettingsV1 setCardPublicKey(byte[] cardPublicKey);
+
+  /**
+   * Sets the validity period of the certificate's public key. This defines the timeframe when the
+   * certificate can be considered trusted.
+   *
+   * <p>If neither start nor end date is set, the certificate will have open-ended validity.
+   *
+   * @param startDateYear The year of the start date (e.g., 2024). Valid range: 1900-2100.
+   * @param startDateMonth The month of the start date (1-12).
+   * @param startDateDay The day of the start date (1-31).
+   * @param endDateYear The year of the end date (e.g., 2025). Valid range: 1900-2100.
+   * @param endDateMonth The month of the end date (1-12).
+   * @param endDateDay The day of the end date.
+   * @return The current instance.
+   * @throws IllegalArgumentException If any date parameter is out of range.
+   * @since 0.1.0
+   */
+  CardCertificateSettingsV1 setValidityPeriod(
+      int startDateYear,
+      int startDateMonth,
+      int startDateDay,
+      int endDateYear,
+      int endDateMonth,
+      int endDateDay);
+
+  /**
+   * Sets the AID (Application Identifier) associated with the certificate.
+   *
+   * @param aid The AID value as a 5 to 16 bytes byte array.
+   * @return The current instance.
+   * @throws IllegalArgumentException If the provided argument is null or out of range.
+   * @since 0.1.0
+   */
+  CardCertificateSettingsV1 setAid(byte[] aid);
+
+  /**
+   * Sets the serial number of the card for which the certificate is being generated.
+   *
+   * @param serialNumber The serial number of the card as a 8-byte byte array.
+   * @return The current instance.
+   * @throws IllegalArgumentException If the provided argument is null or out of range.
+   * @since 0.1.0
+   */
+  CardCertificateSettingsV1 setCardSerialNumber(byte[] serialNumber);
+
+  /**
+   * Sets the startup info for the card certificate.
+   *
+   * @param startupInfo The 7-byte byte array representing the startup info for the card
+   *     certificate.
+   * @return The current instance.
+   * @throws IllegalArgumentException If the provided argument is null or out of range.
+   * @since 0.1.0
+   */
+  CardCertificateSettingsV1 setCardStartupInfo(byte[] startupInfo);
+
+  /**
+   * Sets the index used to differentiate two card certificates generated with the same issuer
+   * public key reference for the same card.
+   *
+   * @param index The index of the card certificate.
+   * @return The current instance.
+   * @since 0.1.0
+   */
+  CardCertificateSettingsV1 setIndex(int index);
+}
diff --git a/src/main/java/org/eclipse/keypop/calypso/certificate/card/package-info.java b/src/main/java/org/eclipse/keypop/calypso/certificate/card/package-info.java
new file mode 100644
index 0000000..5f785db
--- /dev/null
+++ b/src/main/java/org/eclipse/keypop/calypso/certificate/card/package-info.java
@@ -0,0 +1,6 @@
+/**
+ * Calypso card certificates management.
+ *
+ * @since 0.2.0
+ */
+package org.eclipse.keypop.calypso.certificate.card;
diff --git a/src/main/java/org/eclipse/keypop/calypso/certificate/card/spi/CardCertificateSignerSpi.java b/src/main/java/org/eclipse/keypop/calypso/certificate/card/spi/CardCertificateSignerSpi.java
new file mode 100644
index 0000000..22faf74
--- /dev/null
+++ b/src/main/java/org/eclipse/keypop/calypso/certificate/card/spi/CardCertificateSignerSpi.java
@@ -0,0 +1,54 @@
+/* ******************************************************************************
+ * Copyright (c) 2024 Calypso Networks Association https://calypsonet.org/
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the MIT License which is available at
+ * https://opensource.org/licenses/MIT.
+ *
+ * SPDX-License-Identifier: MIT
+ ****************************************************************************** */
+package org.eclipse.keypop.calypso.certificate.card.spi;
+
+/**
+ * Signer for a Calypso card certificate.
+ *
+ * <p>Implementations of this interface provide the cryptographic signing functionality used to
+ * generate signed card certificates.
+ *
+ * @since 0.1.0
+ */
+public interface CardCertificateSignerSpi {
+
+  /**
+   * Gets the reference to the issuer's public key.
+   *
+   * @return A 29-byte byte array.
+   * @since 0.1.0
+   */
+  byte[] getIssuerPublicKeyReference();
+
+  /**
+   * Generates a signed card certificate based on the provided data.
+   *
+   * @param allData The byte array containing all the data to be included in the certificate. This
+   *     typically includes information about the subject, validity period, and other certificate
+   *     attributes.
+   * @return The signed card certificate, represented as a byte array.
+   * @since 0.1.0
+   */
+  byte[] generateSignedCertificate(byte[] allData);
+
+  /**
+   * Generates a signed card certificate based on the provided data and recoverable data. This
+   * method is similar to {@link #generateSignedCertificate(byte[])}, but allows for separate
+   * handling of non-recoverable and recoverable data during signing.
+   *
+   * @param data The byte array containing the non-recoverable data for the certificate.
+   * @param recoverableData The byte array containing the recoverable data for the certificate. This
+   *     might be encrypted or protected data that shouldn't be included in the final certificate
+   *     but is needed for signature generation.
+   * @return The signed card certificate, represented as a byte array.
+   * @since 0.1.0
+   */
+  byte[] generateSignedCertificate(byte[] data, byte[] recoverableData);
+}
diff --git a/src/main/java/org/eclipse/keypop/calypso/certificate/card/spi/package-info.java b/src/main/java/org/eclipse/keypop/calypso/certificate/card/spi/package-info.java
new file mode 100644
index 0000000..cd85713
--- /dev/null
+++ b/src/main/java/org/eclipse/keypop/calypso/certificate/card/spi/package-info.java
@@ -0,0 +1,6 @@
+/**
+ * Calypso card certificate external signing.
+ *
+ * @since 0.2.0
+ */
+package org.eclipse.keypop.calypso.certificate.card.spi;
diff --git a/src/main/java/org/eclipse/keypop/calypso/certificate/package-info.java b/src/main/java/org/eclipse/keypop/calypso/certificate/package-info.java
new file mode 100644
index 0000000..ce0d140
--- /dev/null
+++ b/src/main/java/org/eclipse/keypop/calypso/certificate/package-info.java
@@ -0,0 +1,6 @@
+/**
+ * Calypso Certification Authority and card certificates management.
+ *
+ * @since 0.2.0
+ */
+package org.eclipse.keypop.calypso.certificate;
diff --git a/src/main/javadoc/overview.html b/src/main/javadoc/overview.html
new file mode 100644
index 0000000..bc50404
--- /dev/null
+++ b/src/main/javadoc/overview.html
@@ -0,0 +1,15 @@
+<html>
+<body>
+<p>
+    Welcome to the Java documentation of the <strong>Keypop Calypso Certificate Java API</strong>,
+    part of the <a href="https://keypop.org">Keypop</a> open-source project hosted by the
+    <a href="https://www.eclipse.org">Eclipse Foundation</a>.
+</p>
+<p>
+    Aligned with the <strong>Terminal Calypso Certificate</strong> UML specifications proposed by
+    the <a href="https://www.calypsonet.org">Calypso Networks Association</a> (available
+    <a href="https://calypsonet.github.io/calypsonet-terminal-calypso-certificate-uml-api/">here</a>),
+    it defines the generic interfaces required to create Calypso certificates.
+</p>
+</body>
+</html>
\ No newline at end of file
diff --git a/src/test/java/org/eclipse/keypop/calypso/certificate/CalypsoCertificateApiPropertiesTest.java b/src/test/java/org/eclipse/keypop/calypso/certificate/CalypsoCertificateApiPropertiesTest.java
new file mode 100644
index 0000000..bb339d2
--- /dev/null
+++ b/src/test/java/org/eclipse/keypop/calypso/certificate/CalypsoCertificateApiPropertiesTest.java
@@ -0,0 +1,42 @@
+/* ******************************************************************************
+ * Copyright (c) 2024 Calypso Networks Association https://calypsonet.org/
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the MIT License which is available at
+ * https://opensource.org/licenses/MIT.
+ *
+ * SPDX-License-Identifier: MIT
+ ****************************************************************************** */
+package org.eclipse.keypop.calypso.certificate;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+import java.io.FileInputStream;
+import java.io.InputStream;
+import java.util.Properties;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+public class CalypsoCertificateApiPropertiesTest {
+
+  private static String libVersion;
+
+  @BeforeClass
+  public static void beforeClass() throws Exception {
+    InputStream inputStream = new FileInputStream("gradle.properties");
+    try {
+      Properties properties = new Properties();
+      properties.load(inputStream);
+      libVersion = properties.getProperty("version");
+    } finally {
+      inputStream.close();
+    }
+  }
+
+  @Test
+  public void versionIsCorrectlyWritten() {
+    String apiVersion = CalypsoCertificateApiProperties.VERSION;
+    assertThat(apiVersion).matches("\\d+\\.\\d+");
+    assertThat(libVersion).startsWith(apiVersion);
+  }
+}

From 3a2c30eb0384efa60595f7aae184206fbb15c4f8 Mon Sep 17 00:00:00 2001
From: Jean-Pierre Fortune <jean-pierre.fortune@ialto.com>
Date: Wed, 14 Feb 2024 15:11:52 +0100
Subject: [PATCH 02/13] refactor: update certificates builder

---
 .../CalypsoCertificateApiFactory.java         | 41 ++++---------------
 .../certificate/ca/CaCertificateSettings.java | 18 --------
 ...nager.java => CalypsoCaCertificateV1.java} |  9 ++--
 ...ava => CalypsoCaCertificateV1Builder.java} | 33 +++++++++------
 ...ava => CalypsoCaCertificateSignerSpi.java} |  4 +-
 ...ngs.java => CalypsoCardCertificateV1.java} | 14 +++++--
 ...a => CalypsoCardCertificateV1Builder.java} | 33 +++++++++------
 .../card/CardCertificateManager.java          | 34 ---------------
 ...a => CalypsoCardCertificateSignerSpi.java} |  4 +-
 9 files changed, 67 insertions(+), 123 deletions(-)
 delete mode 100644 src/main/java/org/eclipse/keypop/calypso/certificate/ca/CaCertificateSettings.java
 rename src/main/java/org/eclipse/keypop/calypso/certificate/ca/{CaCertificateManager.java => CalypsoCaCertificateV1.java} (75%)
 rename src/main/java/org/eclipse/keypop/calypso/certificate/ca/{CaCertificateSettingsV1.java => CalypsoCaCertificateV1Builder.java} (90%)
 rename src/main/java/org/eclipse/keypop/calypso/certificate/ca/spi/{CaCertificateSignerSpi.java => CalypsoCaCertificateSignerSpi.java} (95%)
 rename src/main/java/org/eclipse/keypop/calypso/certificate/card/{CardCertificateSettings.java => CalypsoCardCertificateV1.java} (66%)
 rename src/main/java/org/eclipse/keypop/calypso/certificate/card/{CardCertificateSettingsV1.java => CalypsoCardCertificateV1Builder.java} (83%)
 delete mode 100644 src/main/java/org/eclipse/keypop/calypso/certificate/card/CardCertificateManager.java
 rename src/main/java/org/eclipse/keypop/calypso/certificate/card/spi/{CardCertificateSignerSpi.java => CalypsoCardCertificateSignerSpi.java} (95%)

diff --git a/src/main/java/org/eclipse/keypop/calypso/certificate/CalypsoCertificateApiFactory.java b/src/main/java/org/eclipse/keypop/calypso/certificate/CalypsoCertificateApiFactory.java
index acead4c..f7e03b4 100644
--- a/src/main/java/org/eclipse/keypop/calypso/certificate/CalypsoCertificateApiFactory.java
+++ b/src/main/java/org/eclipse/keypop/calypso/certificate/CalypsoCertificateApiFactory.java
@@ -9,56 +9,29 @@
  ****************************************************************************** */
 package org.eclipse.keypop.calypso.certificate;
 
-import org.eclipse.keypop.calypso.certificate.ca.CaCertificateManager;
-import org.eclipse.keypop.calypso.certificate.ca.CaCertificateSettings;
-import org.eclipse.keypop.calypso.certificate.card.CardCertificateManager;
-import org.eclipse.keypop.calypso.certificate.card.CardCertificateSettings;
+import org.eclipse.keypop.calypso.certificate.ca.CalypsoCaCertificateV1Builder;
+import org.eclipse.keypop.calypso.certificate.card.CalypsoCardCertificateV1Builder;
 
 /**
- * Factory of {@link CaCertificateSettings}, {@link CaCertificateManager}, {@link
- * CardCertificateSettings} and {@link CardCertificateManager}.
+ * Factory of CA and card certificate builders.
  *
  * @since 0.1.0
  */
 public interface CalypsoCertificateApiFactory {
 
   /**
-   * Returns a new instance of the specified CA certificate settings class.
+   * Returns a builder of Calypso CA certificate version 1.
    *
-   * @param <T> The type of the lowest level child object.
-   * @param classOfT The `Class` object of the desired CA certificate settings type. This type must
-   *     extend {@link CaCertificateSettings}.
    * @return A non-null reference.
    * @since 0.1.0
    */
-  <T extends CaCertificateSettings> T createCaCertificateSettings(Class<T> classOfT);
+  CalypsoCaCertificateV1Builder createCalypsoCaCertificateV1Builder();
 
   /**
-   * Returns a new instance of the specified card certificate settings class.
+   * Returns a builder of Calypso card certificate version 1.
    *
-   * @param <T> The type of the lowest level child object.
-   * @param classOfT The `Class` object of the desired card certificate settings type. This type
-   *     must extend {@link CardCertificateSettings}.
    * @return A non-null reference.
    * @since 0.1.0
    */
-  <T extends CardCertificateSettings> T createCardCertificateSettings(Class<T> classOfT);
-
-  /**
-   * Returns a new instance of {@link CaCertificateManager}.
-   *
-   * @param settings The CA certificate settings to use.
-   * @return A non-null reference.
-   * @since 0.1.0
-   */
-  CaCertificateManager createCaCertificateManager(CaCertificateSettings settings);
-
-  /**
-   * Returns a new instance of {@link CardCertificateManager}.
-   *
-   * @param settings The card certificate settings to use.
-   * @return A non-null reference.
-   * @since 0.1.0
-   */
-  CardCertificateManager createCardCertificateManager(CardCertificateSettings settings);
+  CalypsoCardCertificateV1Builder createCalypsoCardCertificateV1Builder();
 }
diff --git a/src/main/java/org/eclipse/keypop/calypso/certificate/ca/CaCertificateSettings.java b/src/main/java/org/eclipse/keypop/calypso/certificate/ca/CaCertificateSettings.java
deleted file mode 100644
index 4f9849d..0000000
--- a/src/main/java/org/eclipse/keypop/calypso/certificate/ca/CaCertificateSettings.java
+++ /dev/null
@@ -1,18 +0,0 @@
-/* ******************************************************************************
- * Copyright (c) 2024 Calypso Networks Association https://calypsonet.org/
- *
- * This program and the accompanying materials are made available under the
- * terms of the MIT License which is available at
- * https://opensource.org/licenses/MIT.
- *
- * SPDX-License-Identifier: MIT
- ****************************************************************************** */
-package org.eclipse.keypop.calypso.certificate.ca;
-
-/**
- * Settings for a CA certificate. It is used in conjunction with the CaCertificateManager class for
- * managing and creating certificates .
- *
- * @since 0.1.0
- */
-public interface CaCertificateSettings {}
diff --git a/src/main/java/org/eclipse/keypop/calypso/certificate/ca/CaCertificateManager.java b/src/main/java/org/eclipse/keypop/calypso/certificate/ca/CalypsoCaCertificateV1.java
similarity index 75%
rename from src/main/java/org/eclipse/keypop/calypso/certificate/ca/CaCertificateManager.java
rename to src/main/java/org/eclipse/keypop/calypso/certificate/ca/CalypsoCaCertificateV1.java
index bb0d729..2a24b2d 100644
--- a/src/main/java/org/eclipse/keypop/calypso/certificate/ca/CaCertificateManager.java
+++ b/src/main/java/org/eclipse/keypop/calypso/certificate/ca/CalypsoCaCertificateV1.java
@@ -10,16 +10,17 @@
 package org.eclipse.keypop.calypso.certificate.ca;
 
 /**
- * Provides a method to create a CA certificate.
+ * A Calypso CA certificate version 1.
  *
  * @since 0.1.0
  */
-public interface CaCertificateManager {
+public interface CalypsoCaCertificateV1 {
+
   /**
-   * Returns a byte array containing the data to be stored in a card.
+   * Returns a byte array corresponding to the certificate as it is stored in the card.
    *
    * @return A 384-byte byte array.
    * @since 0.1.0
    */
-  byte[] createCertificate();
+  byte[] getRawData();
 }
diff --git a/src/main/java/org/eclipse/keypop/calypso/certificate/ca/CaCertificateSettingsV1.java b/src/main/java/org/eclipse/keypop/calypso/certificate/ca/CalypsoCaCertificateV1Builder.java
similarity index 90%
rename from src/main/java/org/eclipse/keypop/calypso/certificate/ca/CaCertificateSettingsV1.java
rename to src/main/java/org/eclipse/keypop/calypso/certificate/ca/CalypsoCaCertificateV1Builder.java
index c701f21..b6a6da2 100644
--- a/src/main/java/org/eclipse/keypop/calypso/certificate/ca/CaCertificateSettingsV1.java
+++ b/src/main/java/org/eclipse/keypop/calypso/certificate/ca/CalypsoCaCertificateV1Builder.java
@@ -11,15 +11,14 @@
 
 import java.security.PrivateKey;
 import java.security.PublicKey;
-import org.eclipse.keypop.calypso.certificate.ca.spi.CaCertificateSignerSpi;
+import org.eclipse.keypop.calypso.certificate.ca.spi.CalypsoCaCertificateSignerSpi;
 
 /**
- * Extends {@link CaCertificateSettings} to manage and generate CA certificates, conforming to
- * version 1 of the CA certificate format.
+ * Builds CA certificates conforming to version 1 of the Calypso CA certificate format.
  *
  * @since 0.1.0
  */
-public interface CaCertificateSettingsV1 extends CaCertificateSettings {
+public interface CalypsoCaCertificateV1Builder {
   /**
    * Sets the external signer to be used for generating signed CA certificates.
    *
@@ -31,7 +30,8 @@ public interface CaCertificateSettingsV1 extends CaCertificateSettings {
    *     #useInternalSigner(PrivateKey, byte[])}.
    * @since 0.1.0
    */
-  CaCertificateSettingsV1 useExternalSigner(CaCertificateSignerSpi caCertificateSigner);
+  CalypsoCaCertificateV1Builder useExternalSigner(
+      CalypsoCaCertificateSignerSpi caCertificateSigner);
 
   /**
    * Configures the settings to use the internal signer for generating signed CA certificates.
@@ -46,10 +46,10 @@ public interface CaCertificateSettingsV1 extends CaCertificateSettings {
    * @throws IllegalArgumentException If any of the provided arguments are null, invalid, or have
    *     incompatible formats.
    * @throws IllegalStateException If an external signer has already been set using {@link
-   *     #useExternalSigner(CaCertificateSignerSpi)}.
+   *     #useExternalSigner(CalypsoCaCertificateSignerSpi)}.
    * @since 0.1.0
    */
-  CaCertificateSettingsV1 useInternalSigner(
+  CalypsoCaCertificateV1Builder useInternalSigner(
       PrivateKey issuerPrivateKey, byte[] issuerPublicKeyReference);
 
   /**
@@ -66,7 +66,7 @@ CaCertificateSettingsV1 useInternalSigner(
    * @throws IllegalArgumentException If one of the provided argument is null or invalid.
    * @since 0.1.0
    */
-  CaCertificateSettingsV1 setCaPublicKey(PublicKey caPublicKey, byte[] caPublicKeyReference);
+  CalypsoCaCertificateV1Builder setCaPublicKey(PublicKey caPublicKey, byte[] caPublicKeyReference);
 
   /**
    * Sets the validity period of the certificate's public key. This defines the timeframe when the
@@ -84,7 +84,7 @@ CaCertificateSettingsV1 useInternalSigner(
    * @throws IllegalArgumentException If any date parameter is out of range.
    * @since 0.1.0
    */
-  CaCertificateSettingsV1 setValidityPeriod(
+  CalypsoCaCertificateV1Builder setValidityPeriod(
       int startDateYear,
       int startDateMonth,
       int startDateDay,
@@ -103,7 +103,7 @@ CaCertificateSettingsV1 setValidityPeriod(
    * @throws IllegalArgumentException If the provided argument is null or out of range.
    * @since 0.1.0
    */
-  CaCertificateSettingsV1 setAid(byte[] aid);
+  CalypsoCaCertificateV1Builder setAid(byte[] aid);
 
   /**
    * Sets the CA rights for this card certificate, controlling which types of certificates the card
@@ -137,7 +137,7 @@ CaCertificateSettingsV1 setValidityPeriod(
    *     non-zero values in reserved bits.
    * @since 0.1.0
    */
-  CaCertificateSettingsV1 setCaRights(byte caRights);
+  CalypsoCaCertificateV1Builder setCaRights(byte caRights);
 
   /**
    * Sets the CA scope for this card certificate, defining the context in which the CA key pair can
@@ -161,7 +161,7 @@ CaCertificateSettingsV1 setValidityPeriod(
    *     non-standard or reserved values.
    * @since 0.1.0
    */
-  CaCertificateSettingsV1 setCaScope(byte caScope);
+  CalypsoCaCertificateV1Builder setCaScope(byte caScope);
 
   /**
    * Sets the CA operating mode, controlling how the target Calypso Prime PKI application AID should
@@ -202,5 +202,12 @@ CaCertificateSettingsV1 setValidityPeriod(
    *     non-zero values in reserved bits.
    * @since 0.1.0
    */
-  CaCertificateSettingsV1 setCaOperatingMode(byte caOperatingMode);
+  CalypsoCaCertificateV1Builder setCaOperatingMode(byte caOperatingMode);
+
+  /**
+   * TODO
+   *
+   * @return
+   */
+  CalypsoCaCertificateV1 build();
 }
diff --git a/src/main/java/org/eclipse/keypop/calypso/certificate/ca/spi/CaCertificateSignerSpi.java b/src/main/java/org/eclipse/keypop/calypso/certificate/ca/spi/CalypsoCaCertificateSignerSpi.java
similarity index 95%
rename from src/main/java/org/eclipse/keypop/calypso/certificate/ca/spi/CaCertificateSignerSpi.java
rename to src/main/java/org/eclipse/keypop/calypso/certificate/ca/spi/CalypsoCaCertificateSignerSpi.java
index 99f2434..dd704bc 100644
--- a/src/main/java/org/eclipse/keypop/calypso/certificate/ca/spi/CaCertificateSignerSpi.java
+++ b/src/main/java/org/eclipse/keypop/calypso/certificate/ca/spi/CalypsoCaCertificateSignerSpi.java
@@ -13,11 +13,11 @@
  * Signer for a Calypso CA certificate.
  *
  * <p>Implementations of this interface provide the cryptographic signing functionality used to
- * generate signed CA certificates.
+ * generate signed Calypso CA certificates.
  *
  * @since 0.1.0
  */
-public interface CaCertificateSignerSpi {
+public interface CalypsoCaCertificateSignerSpi {
 
   /**
    * Gets the reference to the issuer's public key.
diff --git a/src/main/java/org/eclipse/keypop/calypso/certificate/card/CardCertificateSettings.java b/src/main/java/org/eclipse/keypop/calypso/certificate/card/CalypsoCardCertificateV1.java
similarity index 66%
rename from src/main/java/org/eclipse/keypop/calypso/certificate/card/CardCertificateSettings.java
rename to src/main/java/org/eclipse/keypop/calypso/certificate/card/CalypsoCardCertificateV1.java
index 8271e15..84ac954 100644
--- a/src/main/java/org/eclipse/keypop/calypso/certificate/card/CardCertificateSettings.java
+++ b/src/main/java/org/eclipse/keypop/calypso/certificate/card/CalypsoCardCertificateV1.java
@@ -10,9 +10,17 @@
 package org.eclipse.keypop.calypso.certificate.card;
 
 /**
- * Settings for a card certificate. It is used in conjunction with the CaCertificateManager class
- * for managing and creating certificates.
+ * A Calypso card certificate version 1.
  *
  * @since 0.1.0
  */
-public interface CardCertificateSettings {}
+public interface CalypsoCardCertificateV1 {
+
+  /**
+   * Returns a byte array corresponding to the certificate as it is stored in the card.
+   *
+   * @return A 316-byte byte array.
+   * @since 0.1.0
+   */
+  byte[] getRawData();
+}
diff --git a/src/main/java/org/eclipse/keypop/calypso/certificate/card/CardCertificateSettingsV1.java b/src/main/java/org/eclipse/keypop/calypso/certificate/card/CalypsoCardCertificateV1Builder.java
similarity index 83%
rename from src/main/java/org/eclipse/keypop/calypso/certificate/card/CardCertificateSettingsV1.java
rename to src/main/java/org/eclipse/keypop/calypso/certificate/card/CalypsoCardCertificateV1Builder.java
index 8e888ed..b487961 100644
--- a/src/main/java/org/eclipse/keypop/calypso/certificate/card/CardCertificateSettingsV1.java
+++ b/src/main/java/org/eclipse/keypop/calypso/certificate/card/CalypsoCardCertificateV1Builder.java
@@ -10,15 +10,14 @@
 package org.eclipse.keypop.calypso.certificate.card;
 
 import java.security.PrivateKey;
-import org.eclipse.keypop.calypso.certificate.card.spi.CardCertificateSignerSpi;
+import org.eclipse.keypop.calypso.certificate.card.spi.CalypsoCardCertificateSignerSpi;
 
 /**
- * Extends {@link CardCertificateSettings} to manage and generate card certificates, conforming to
- * version 1 of the card certificate format.
+ * Builds a card certificate conforming to version 1 of the Calypso card certificate format.
  *
  * @since 0.1.0
  */
-public interface CardCertificateSettingsV1 extends CardCertificateSettings {
+public interface CalypsoCardCertificateV1Builder {
 
   /**
    * Sets the external signer to be used for generating signed card certificates.
@@ -31,7 +30,8 @@ public interface CardCertificateSettingsV1 extends CardCertificateSettings {
    *     #useInternalSigner(PrivateKey, byte[])}.
    * @since 0.1.0
    */
-  CardCertificateSettingsV1 useExternalSigner(CardCertificateSignerSpi cardCertificateSigner);
+  CalypsoCardCertificateV1Builder useExternalSigner(
+      CalypsoCardCertificateSignerSpi cardCertificateSigner);
 
   /**
    * Configures the settings to use the internal signer for generating signed card certificates.
@@ -46,10 +46,10 @@ public interface CardCertificateSettingsV1 extends CardCertificateSettings {
    * @throws IllegalArgumentException If any of the provided arguments are null, invalid, or have
    *     incompatible formats.
    * @throws IllegalStateException If an external signer has already been set using {@link
-   *     #useExternalSigner(CardCertificateSignerSpi)}.
+   *     #useExternalSigner(CalypsoCardCertificateSignerSpi)}.
    * @since 0.1.0
    */
-  CardCertificateSettingsV1 useInternalSigner(
+  CalypsoCardCertificateV1Builder useInternalSigner(
       PrivateKey issuerPrivateKey, byte[] issuerPublicKeyReference);
 
   /**
@@ -64,7 +64,7 @@ CardCertificateSettingsV1 useInternalSigner(
    * @throws IllegalArgumentException If the provided key is null or has an invalid length (not 64).
    * @since 0.1.0
    */
-  CardCertificateSettingsV1 setCardPublicKey(byte[] cardPublicKey);
+  CalypsoCardCertificateV1Builder setCardPublicKey(byte[] cardPublicKey);
 
   /**
    * Sets the validity period of the certificate's public key. This defines the timeframe when the
@@ -82,7 +82,7 @@ CardCertificateSettingsV1 useInternalSigner(
    * @throws IllegalArgumentException If any date parameter is out of range.
    * @since 0.1.0
    */
-  CardCertificateSettingsV1 setValidityPeriod(
+  CalypsoCardCertificateV1Builder setValidityPeriod(
       int startDateYear,
       int startDateMonth,
       int startDateDay,
@@ -98,7 +98,7 @@ CardCertificateSettingsV1 setValidityPeriod(
    * @throws IllegalArgumentException If the provided argument is null or out of range.
    * @since 0.1.0
    */
-  CardCertificateSettingsV1 setAid(byte[] aid);
+  CalypsoCardCertificateV1Builder setAid(byte[] aid);
 
   /**
    * Sets the serial number of the card for which the certificate is being generated.
@@ -108,7 +108,7 @@ CardCertificateSettingsV1 setValidityPeriod(
    * @throws IllegalArgumentException If the provided argument is null or out of range.
    * @since 0.1.0
    */
-  CardCertificateSettingsV1 setCardSerialNumber(byte[] serialNumber);
+  CalypsoCardCertificateV1Builder setCardSerialNumber(byte[] serialNumber);
 
   /**
    * Sets the startup info for the card certificate.
@@ -119,7 +119,7 @@ CardCertificateSettingsV1 setValidityPeriod(
    * @throws IllegalArgumentException If the provided argument is null or out of range.
    * @since 0.1.0
    */
-  CardCertificateSettingsV1 setCardStartupInfo(byte[] startupInfo);
+  CalypsoCardCertificateV1Builder setCardStartupInfo(byte[] startupInfo);
 
   /**
    * Sets the index used to differentiate two card certificates generated with the same issuer
@@ -129,5 +129,12 @@ CardCertificateSettingsV1 setValidityPeriod(
    * @return The current instance.
    * @since 0.1.0
    */
-  CardCertificateSettingsV1 setIndex(int index);
+  CalypsoCardCertificateV1Builder setIndex(int index);
+
+  /**
+   * TODO
+   *
+   * @return
+   */
+  CalypsoCardCertificateV1 build();
 }
diff --git a/src/main/java/org/eclipse/keypop/calypso/certificate/card/CardCertificateManager.java b/src/main/java/org/eclipse/keypop/calypso/certificate/card/CardCertificateManager.java
deleted file mode 100644
index 7b3b2d4..0000000
--- a/src/main/java/org/eclipse/keypop/calypso/certificate/card/CardCertificateManager.java
+++ /dev/null
@@ -1,34 +0,0 @@
-/* ******************************************************************************
- * Copyright (c) 2024 Calypso Networks Association https://calypsonet.org/
- *
- * This program and the accompanying materials are made available under the
- * terms of the MIT License which is available at
- * https://opensource.org/licenses/MIT.
- *
- * SPDX-License-Identifier: MIT
- ****************************************************************************** */
-package org.eclipse.keypop.calypso.certificate.card;
-
-/**
- * Provides methods to create a card certificate and get the associated card public key.
- *
- * @since 0.1.0
- */
-public interface CardCertificateManager {
-
-  /**
-   * Based on provided settings, generates the certificate data to be stored in a card.
-   *
-   * @return A 384-byte byte array.
-   * @since 0.1.0
-   */
-  byte[] createCertificate();
-
-  /**
-   * Based on provided settings, extracts the public key data.
-   *
-   * @return A 64-byte byte array.
-   * @since 0.1.0
-   */
-  byte[] getCardPublicKeyData();
-}
diff --git a/src/main/java/org/eclipse/keypop/calypso/certificate/card/spi/CardCertificateSignerSpi.java b/src/main/java/org/eclipse/keypop/calypso/certificate/card/spi/CalypsoCardCertificateSignerSpi.java
similarity index 95%
rename from src/main/java/org/eclipse/keypop/calypso/certificate/card/spi/CardCertificateSignerSpi.java
rename to src/main/java/org/eclipse/keypop/calypso/certificate/card/spi/CalypsoCardCertificateSignerSpi.java
index 22faf74..5aa6797 100644
--- a/src/main/java/org/eclipse/keypop/calypso/certificate/card/spi/CardCertificateSignerSpi.java
+++ b/src/main/java/org/eclipse/keypop/calypso/certificate/card/spi/CalypsoCardCertificateSignerSpi.java
@@ -13,11 +13,11 @@
  * Signer for a Calypso card certificate.
  *
  * <p>Implementations of this interface provide the cryptographic signing functionality used to
- * generate signed card certificates.
+ * generate signed Calypso card certificates.
  *
  * @since 0.1.0
  */
-public interface CardCertificateSignerSpi {
+public interface CalypsoCardCertificateSignerSpi {
 
   /**
    * Gets the reference to the issuer's public key.

From ce3d3577c2d1f5aaf61da2a6501311933aa983f4 Mon Sep 17 00:00:00 2001
From: Jean-Pierre Fortune <jean-pierre.fortune@ialto.com>
Date: Thu, 15 Feb 2024 17:24:44 +0100
Subject: [PATCH 03/13] wip

---
 README.md                                          |  2 +-
 .../certificate/CalypsoCertificateApiFactory.java  |  4 ++--
 .../certificate/ca/CalypsoCaCertificateV1.java     |  2 +-
 .../ca/CalypsoCaCertificateV1Builder.java          | 14 ++++++++------
 .../certificate/card/CalypsoCardCertificateV1.java |  2 +-
 .../card/CalypsoCardCertificateV1Builder.java      | 11 ++++++-----
 6 files changed, 19 insertions(+), 16 deletions(-)

diff --git a/README.md b/README.md
index de92af5..3cf4eb3 100644
--- a/README.md
+++ b/README.md
@@ -9,7 +9,7 @@ to create Calypso certificates.
 ## Documentation & Contribution Guide
 
 The full documentation, including the **user guide**, **download information** and **contribution guide**, is available
-on the Keyple website [keypop.org](https://eclipse-keypop.github.io/keypop-website/).
+on the Keypop website [keypop.org](https://eclipse-keypop.github.io/keypop-website/).
 
 ## API documentation
 
diff --git a/src/main/java/org/eclipse/keypop/calypso/certificate/CalypsoCertificateApiFactory.java b/src/main/java/org/eclipse/keypop/calypso/certificate/CalypsoCertificateApiFactory.java
index f7e03b4..b626c7b 100644
--- a/src/main/java/org/eclipse/keypop/calypso/certificate/CalypsoCertificateApiFactory.java
+++ b/src/main/java/org/eclipse/keypop/calypso/certificate/CalypsoCertificateApiFactory.java
@@ -20,7 +20,7 @@
 public interface CalypsoCertificateApiFactory {
 
   /**
-   * Returns a builder of Calypso CA certificate version 1.
+   * Returns a new builder of Calypso CA certificate version 1.
    *
    * @return A non-null reference.
    * @since 0.1.0
@@ -28,7 +28,7 @@ public interface CalypsoCertificateApiFactory {
   CalypsoCaCertificateV1Builder createCalypsoCaCertificateV1Builder();
 
   /**
-   * Returns a builder of Calypso card certificate version 1.
+   * Returns a new builder of Calypso card certificate version 1.
    *
    * @return A non-null reference.
    * @since 0.1.0
diff --git a/src/main/java/org/eclipse/keypop/calypso/certificate/ca/CalypsoCaCertificateV1.java b/src/main/java/org/eclipse/keypop/calypso/certificate/ca/CalypsoCaCertificateV1.java
index 2a24b2d..5293c53 100644
--- a/src/main/java/org/eclipse/keypop/calypso/certificate/ca/CalypsoCaCertificateV1.java
+++ b/src/main/java/org/eclipse/keypop/calypso/certificate/ca/CalypsoCaCertificateV1.java
@@ -14,7 +14,7 @@
  *
  * @since 0.1.0
  */
-public interface CalypsoCaCertificateV1 {
+public interface CalypsoCaCertificateV1 extends CaCertificate {
 
   /**
    * Returns a byte array corresponding to the certificate as it is stored in the card.
diff --git a/src/main/java/org/eclipse/keypop/calypso/certificate/ca/CalypsoCaCertificateV1Builder.java b/src/main/java/org/eclipse/keypop/calypso/certificate/ca/CalypsoCaCertificateV1Builder.java
index b6a6da2..08027d4 100644
--- a/src/main/java/org/eclipse/keypop/calypso/certificate/ca/CalypsoCaCertificateV1Builder.java
+++ b/src/main/java/org/eclipse/keypop/calypso/certificate/ca/CalypsoCaCertificateV1Builder.java
@@ -11,6 +11,9 @@
 
 import java.security.PrivateKey;
 import java.security.PublicKey;
+import java.security.interfaces.RSAPrivateKey;
+import java.security.interfaces.RSAPublicKey;
+
 import org.eclipse.keypop.calypso.certificate.ca.spi.CalypsoCaCertificateSignerSpi;
 
 /**
@@ -24,17 +27,16 @@ public interface CalypsoCaCertificateV1Builder {
    *
    * @param caCertificateSigner The external signer for ca certificate generation.
    * @return The current instance.
-   * @throws IllegalArgumentException If the provided signer is null, invalid, or not compatible
-   *     with the required signature formats.
+   * @throws IllegalArgumentException If the provided signer is null.
    * @throws IllegalStateException If an internal signer has already been configured using {@link
-   *     #useInternalSigner(PrivateKey, byte[])}.
+   *     #useInternalSigner(RSAPrivateKey, byte[])}.
    * @since 0.1.0
    */
   CalypsoCaCertificateV1Builder useExternalSigner(
       CalypsoCaCertificateSignerSpi caCertificateSigner);
 
   /**
-   * Configures the settings to use the internal signer for generating signed CA certificates.
+   * Configures the builder to use the internal signer for generating signed CA certificates.
    *
    * <p>The internal signer will use the provided 2048 bits RSA private key with a public exponent
    * of 65537 and the specified public key reference for signing operations.
@@ -50,7 +52,7 @@ CalypsoCaCertificateV1Builder useExternalSigner(
    * @since 0.1.0
    */
   CalypsoCaCertificateV1Builder useInternalSigner(
-      PrivateKey issuerPrivateKey, byte[] issuerPublicKeyReference);
+          RSAPrivateKey issuerPrivateKey, byte[] issuerPublicKeyReference);
 
   /**
    * Sets the public key of the CA, provided as a 64-byte raw array.
@@ -66,7 +68,7 @@ CalypsoCaCertificateV1Builder useInternalSigner(
    * @throws IllegalArgumentException If one of the provided argument is null or invalid.
    * @since 0.1.0
    */
-  CalypsoCaCertificateV1Builder setCaPublicKey(PublicKey caPublicKey, byte[] caPublicKeyReference);
+  CalypsoCaCertificateV1Builder setCaPublicKey(RSAPublicKey caPublicKey, byte[] caPublicKeyReference);
 
   /**
    * Sets the validity period of the certificate's public key. This defines the timeframe when the
diff --git a/src/main/java/org/eclipse/keypop/calypso/certificate/card/CalypsoCardCertificateV1.java b/src/main/java/org/eclipse/keypop/calypso/certificate/card/CalypsoCardCertificateV1.java
index 84ac954..f2a879b 100644
--- a/src/main/java/org/eclipse/keypop/calypso/certificate/card/CalypsoCardCertificateV1.java
+++ b/src/main/java/org/eclipse/keypop/calypso/certificate/card/CalypsoCardCertificateV1.java
@@ -14,7 +14,7 @@
  *
  * @since 0.1.0
  */
-public interface CalypsoCardCertificateV1 {
+public interface CalypsoCardCertificateV1 extends CardCertificate {
 
   /**
    * Returns a byte array corresponding to the certificate as it is stored in the card.
diff --git a/src/main/java/org/eclipse/keypop/calypso/certificate/card/CalypsoCardCertificateV1Builder.java b/src/main/java/org/eclipse/keypop/calypso/certificate/card/CalypsoCardCertificateV1Builder.java
index b487961..b8415aa 100644
--- a/src/main/java/org/eclipse/keypop/calypso/certificate/card/CalypsoCardCertificateV1Builder.java
+++ b/src/main/java/org/eclipse/keypop/calypso/certificate/card/CalypsoCardCertificateV1Builder.java
@@ -10,6 +10,8 @@
 package org.eclipse.keypop.calypso.certificate.card;
 
 import java.security.PrivateKey;
+import java.security.interfaces.RSAPrivateKey;
+
 import org.eclipse.keypop.calypso.certificate.card.spi.CalypsoCardCertificateSignerSpi;
 
 /**
@@ -24,17 +26,16 @@ public interface CalypsoCardCertificateV1Builder {
    *
    * @param cardCertificateSigner The external signer for card certificate generation.
    * @return The current instance.
-   * @throws IllegalArgumentException If the provided signer is null, invalid, or not compatible
-   *     with the required signature formats.
+   * @throws IllegalArgumentException If the provided signer is null.
    * @throws IllegalStateException If an internal signer has already been configured using {@link
-   *     #useInternalSigner(PrivateKey, byte[])}.
+   *     #useInternalSigner(RSAPrivateKey, byte[])}.
    * @since 0.1.0
    */
   CalypsoCardCertificateV1Builder useExternalSigner(
       CalypsoCardCertificateSignerSpi cardCertificateSigner);
 
   /**
-   * Configures the settings to use the internal signer for generating signed card certificates.
+   * Configures the builder to use the internal signer for generating signed card certificates.
    *
    * <p>The internal signer will use the provided 2048 bits RSA private key with a public exponent
    * of 65537 and the specified public key reference for signing operations.
@@ -50,7 +51,7 @@ CalypsoCardCertificateV1Builder useExternalSigner(
    * @since 0.1.0
    */
   CalypsoCardCertificateV1Builder useInternalSigner(
-      PrivateKey issuerPrivateKey, byte[] issuerPublicKeyReference);
+          RSAPrivateKey issuerPrivateKey, byte[] issuerPublicKeyReference);
 
   /**
    * Sets the public key of the card, provided as a 64-byte raw array.

From 37746250295b6566594b8f9e83e794158ab23d2a Mon Sep 17 00:00:00 2001
From: Jean-Pierre Fortune <jean-pierre.fortune@ialto.com>
Date: Fri, 16 Feb 2024 12:14:00 +0100
Subject: [PATCH 04/13] wip

---
 build.gradle.kts                              |   1 +
 .../CertificateSigningException.java          |  37 +++++
 .../ca/CalypsoCaCertificateV1.java            |   5 +
 .../ca/CalypsoCaCertificateV1Builder.java     | 151 ++++++++----------
 .../calypso/certificate/ca/package-info.java  |   4 +-
 .../ca/spi/CalypsoCaCertificateSignerSpi.java |  20 +--
 .../certificate/ca/spi/package-info.java      |   4 +-
 .../card/CalypsoCardCertificateV1.java        |   5 +
 .../card/CalypsoCardCertificateV1Builder.java | 120 +++++++-------
 .../certificate/card/package-info.java        |   4 +-
 .../spi/CalypsoCardCertificateSignerSpi.java  |  20 +--
 .../certificate/card/spi/package-info.java    |   4 +-
 .../calypso/certificate/package-info.java     |   4 +-
 13 files changed, 194 insertions(+), 185 deletions(-)
 create mode 100644 src/main/java/org/eclipse/keypop/calypso/certificate/CertificateSigningException.java

diff --git a/build.gradle.kts b/build.gradle.kts
index 22a2101..d3ab0b0 100644
--- a/build.gradle.kts
+++ b/build.gradle.kts
@@ -24,6 +24,7 @@ repositories {
     mavenCentral()
 }
 dependencies {
+    implementation("org.eclipse.keypop:keypop-calypso-card-java-api:2.1.0-SNAPSHOT") { isChanging = true }
     testImplementation("junit:junit:4.13.2")
     testImplementation("org.assertj:assertj-core:3.15.0")
 }
diff --git a/src/main/java/org/eclipse/keypop/calypso/certificate/CertificateSigningException.java b/src/main/java/org/eclipse/keypop/calypso/certificate/CertificateSigningException.java
new file mode 100644
index 0000000..59e3507
--- /dev/null
+++ b/src/main/java/org/eclipse/keypop/calypso/certificate/CertificateSigningException.java
@@ -0,0 +1,37 @@
+/* ******************************************************************************
+ * Copyright (c) 2024 Calypso Networks Association https://calypsonet.org/
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the MIT License which is available at
+ * https://opensource.org/licenses/MIT.
+ *
+ * SPDX-License-Identifier: MIT
+ ****************************************************************************** */
+package org.eclipse.keypop.calypso.certificate;
+
+/**
+ * Exception that is thrown when an error occurs during the certificate signing process.
+ *
+ * @since 0.1.0
+ */
+public class CertificateSigningException extends RuntimeException {
+
+  /**
+   * @param message Message to identify the exception context.
+   * @since 0.1.0
+   */
+  public CertificateSigningException(String message) {
+    super(message);
+  }
+
+  /**
+   * Encapsulates a lower level exception.
+   *
+   * @param message Message to identify the exception context.
+   * @param cause The cause.
+   * @since 0.1.0
+   */
+  public CertificateSigningException(String message, Throwable cause) {
+    super(message, cause);
+  }
+}
diff --git a/src/main/java/org/eclipse/keypop/calypso/certificate/ca/CalypsoCaCertificateV1.java b/src/main/java/org/eclipse/keypop/calypso/certificate/ca/CalypsoCaCertificateV1.java
index 5293c53..186b6a9 100644
--- a/src/main/java/org/eclipse/keypop/calypso/certificate/ca/CalypsoCaCertificateV1.java
+++ b/src/main/java/org/eclipse/keypop/calypso/certificate/ca/CalypsoCaCertificateV1.java
@@ -9,9 +9,14 @@
  ****************************************************************************** */
 package org.eclipse.keypop.calypso.certificate.ca;
 
+import org.eclipse.keypop.calypso.card.transaction.spi.CaCertificate;
+
 /**
  * A Calypso CA certificate version 1.
  *
+ * <p>It can be used for certificate generation and card transaction security settings.
+ *
+ * @see CaCertificate
  * @since 0.1.0
  */
 public interface CalypsoCaCertificateV1 extends CaCertificate {
diff --git a/src/main/java/org/eclipse/keypop/calypso/certificate/ca/CalypsoCaCertificateV1Builder.java b/src/main/java/org/eclipse/keypop/calypso/certificate/ca/CalypsoCaCertificateV1Builder.java
index 08027d4..9d654df 100644
--- a/src/main/java/org/eclipse/keypop/calypso/certificate/ca/CalypsoCaCertificateV1Builder.java
+++ b/src/main/java/org/eclipse/keypop/calypso/certificate/ca/CalypsoCaCertificateV1Builder.java
@@ -9,94 +9,69 @@
  ****************************************************************************** */
 package org.eclipse.keypop.calypso.certificate.ca;
 
-import java.security.PrivateKey;
-import java.security.PublicKey;
 import java.security.interfaces.RSAPrivateKey;
 import java.security.interfaces.RSAPublicKey;
-
+import org.eclipse.keypop.calypso.certificate.CertificateSigningException;
 import org.eclipse.keypop.calypso.certificate.ca.spi.CalypsoCaCertificateSignerSpi;
 
 /**
- * Builds CA certificates conforming to version 1 of the Calypso CA certificate format.
+ * Builds a {@link CalypsoCaCertificateV1} conforming to version 1 of the Calypso CA certificate
+ * format.
  *
  * @since 0.1.0
  */
 public interface CalypsoCaCertificateV1Builder {
-  /**
-   * Sets the external signer to be used for generating signed CA certificates.
-   *
-   * @param caCertificateSigner The external signer for ca certificate generation.
-   * @return The current instance.
-   * @throws IllegalArgumentException If the provided signer is null.
-   * @throws IllegalStateException If an internal signer has already been configured using {@link
-   *     #useInternalSigner(RSAPrivateKey, byte[])}.
-   * @since 0.1.0
-   */
-  CalypsoCaCertificateV1Builder useExternalSigner(
-      CalypsoCaCertificateSignerSpi caCertificateSigner);
 
   /**
-   * Configures the builder to use the internal signer for generating signed CA certificates.
+   * Sets the public key of the CA.
    *
-   * <p>The internal signer will use the provided 2048 bits RSA private key with a public exponent
-   * of 65537 and the specified public key reference for signing operations.
+   * <p>This key is expected to be a 2048 bits RSA public key with a public exponent equal to 65537.
+   * It will be used for the verification of card certificates.
    *
-   * @param issuerPrivateKey The RSA private key of the issuer (2048 bits, public exponent 65537).
-   * @param issuerPublicKeyReference A 29-byte byte array representing a reference to the issuer's
-   *     public key.
+   * <p>The associated reference is a 29-byte byte array.
+   *
+   * @param caPublicKey The RSA public key of the CA (2048 bits, public exponent 65537).
+   * @param caPublicKeyReference A 29-byte byte array representing a reference to the CA's public
+   *     key.
    * @return The current instance.
-   * @throws IllegalArgumentException If any of the provided arguments are null, invalid, or have
-   *     incompatible formats.
-   * @throws IllegalStateException If an external signer has already been set using {@link
-   *     #useExternalSigner(CalypsoCaCertificateSignerSpi)}.
+   * @throws IllegalArgumentException If one of the provided argument is null or invalid.
    * @since 0.1.0
    */
-  CalypsoCaCertificateV1Builder useInternalSigner(
-          RSAPrivateKey issuerPrivateKey, byte[] issuerPublicKeyReference);
+  CalypsoCaCertificateV1Builder withCaPublicKey(
+      RSAPublicKey caPublicKey, byte[] caPublicKeyReference);
 
   /**
-   * Sets the public key of the CA, provided as a 64-byte raw array.
+   * Sets the start date of the validity period of the certificate's public key.
    *
-   * <p>This key is expected to be a 2048 bits RSA public key with a public exponent equal to 65537.
-   * It will be used for the verification of card certificates.
+   * <p>No consistency test is performed on the values supplied, as they will be coded in BCD
+   * YYYYMMDD format in the certificate.
    *
-   * <p>The associated reference is a 29-byte byte array.
-   *
-   * @param caPublicKey The RSA public key of the CA (2048 bits, public exponent 65537).
-   * @param caPublicKeyReference The CA public key reference.
+   * @param year The year of the start date (0-9999).
+   * @param month The month of the start date (1-99).
+   * @param day The day of the start date (1-99).
    * @return The current instance.
-   * @throws IllegalArgumentException If one of the provided argument is null or invalid.
+   * @throws IllegalArgumentException If any date parameter is out of range.
    * @since 0.1.0
    */
-  CalypsoCaCertificateV1Builder setCaPublicKey(RSAPublicKey caPublicKey, byte[] caPublicKeyReference);
+  CalypsoCaCertificateV1Builder withStartDate(int year, int month, int day);
 
   /**
-   * Sets the validity period of the certificate's public key. This defines the timeframe when the
-   * certificate can be considered trusted.
+   * Sets the end date of the validity period of the certificate's public key.
    *
-   * <p>If neither start nor end date is set, the certificate will have open-ended validity.
+   * <p>No consistency test is performed on the values supplied, as they will be coded in BCD
+   * YYYYMMDD format in the certificate.
    *
-   * @param startDateYear The year of the start date (e.g., 2024). Valid range: 1900-2100.
-   * @param startDateMonth The month of the start date (1-12).
-   * @param startDateDay The day of the start date (1-31).
-   * @param endDateYear The year of the end date (e.g., 2025). Valid range: 1900-2100.
-   * @param endDateMonth The month of the end date (1-12).
-   * @param endDateDay The day of the end date.
+   * @param year The year of the start date (0-9999).
+   * @param month The month of the start date (1-99).
+   * @param day The day of the start date (1-99).
    * @return The current instance.
    * @throws IllegalArgumentException If any date parameter is out of range.
    * @since 0.1.0
    */
-  CalypsoCaCertificateV1Builder setValidityPeriod(
-      int startDateYear,
-      int startDateMonth,
-      int startDateDay,
-      int endDateYear,
-      int endDateMonth,
-      int endDateDay);
+  CalypsoCaCertificateV1Builder withEndDate(int year, int month, int day);
 
   /**
-   * Sets the AID (Application Identifier) of the card certificates for which the certificate is
-   * applicable.
+   * Restricts certificate validity to cards whose AID begins with the bytes provided.
    *
    * <p>If the AID is not set, the certificate will be applicable to any card certificates.
    *
@@ -105,18 +80,16 @@ CalypsoCaCertificateV1Builder setValidityPeriod(
    * @throws IllegalArgumentException If the provided argument is null or out of range.
    * @since 0.1.0
    */
-  CalypsoCaCertificateV1Builder setAid(byte[] aid);
+  CalypsoCaCertificateV1Builder withAid(byte[] aid);
 
   /**
-   * Sets the CA rights for this card certificate, controlling which types of certificates the card
-   * can be used to authenticate.
+   * Sets the CA rights for this card certificate, controlling which types of certificates can be
+   * authenticated.
    *
-   * <p>The provided <code>caRights</code> byte defines the following permissions:
+   * <p>The provided byte defines the following permissions:
    *
    * <ul>
-   *   <li><b>Bits b7-b4:</b> Reserved for future use (RFU). Must be set to 0. <br>
-   *       Attempting to set non-zero values in these bits will throw an {@link
-   *       IllegalArgumentException}.
+   *   <li><b>Bits b7-b4:</b> Reserved for future use (RFU). Must be set to 0.
    *   <li><b>Bits b3-b2:</b> Card key certificates authentication right:
    *       <ul>
    *         <li>%00: CardCert authentication right not specified.
@@ -135,17 +108,16 @@ CalypsoCaCertificateV1Builder setValidityPeriod(
    *
    * @param caRights The byte representing the CA rights for this card certificate.
    * @return The current instance.
-   * @throws IllegalArgumentException If the provided byte contains invalid values, including
-   *     non-zero values in reserved bits.
+   * @throws IllegalArgumentException If the provided byte contains RFU values.
    * @since 0.1.0
    */
-  CalypsoCaCertificateV1Builder setCaRights(byte caRights);
+  CalypsoCaCertificateV1Builder withCaRights(byte caRights);
 
   /**
    * Sets the CA scope for this card certificate, defining the context in which the CA key pair can
    * be used.
    *
-   * <p>The provided <code>caScope</code> byte specifies the allowed usage context:
+   * <p>The provided byte specifies the allowed usage context:
    *
    * <ul>
    *   <li>%00: Scope restrictions not specified.
@@ -154,27 +126,21 @@ CalypsoCaCertificateV1Builder setValidityPeriod(
    *   <li>Other values: Reserved for future use (RFU).
    * </ul>
    *
-   * Choosing an appropriate scope is crucial for security and proper certificate management. Select
-   * a scope that aligns with the intended use of the CA key pair to avoid potential misuse.
-   *
    * @param caScope The byte representing the CA scope for this card certificate.
    * @return The current instance.
-   * @throws IllegalArgumentException If the provided byte contains an invalid value, including
-   *     non-standard or reserved values.
+   * @throws IllegalArgumentException If the provided byte contains RFU values.
    * @since 0.1.0
    */
-  CalypsoCaCertificateV1Builder setCaScope(byte caScope);
+  CalypsoCaCertificateV1Builder withCaScope(byte caScope);
 
   /**
    * Sets the CA operating mode, controlling how the target Calypso Prime PKI application AID should
    * be verified during card certificate validation.
    *
-   * <p>The provided <code>caOperatingMode</code> byte defines the following behavior:
+   * <p>The provided byte defines the following behavior:
    *
    * <ul>
-   *   <li><b>Bits b7-b1:</b> Reserved for future use (RFU). Must be set to 0. <br>
-   *       Attempting to set non-zero values in these bits will throw an {@link
-   *       IllegalArgumentException}.
+   *   <li><b>Bits b7-b1:</b> Reserved for future use (RFU). Must be set to 0.
    *   <li><b>Bit b0:</b> Target Calypso Prime PKI application AID matching:
    *       <ul>
    *         <li><b>%0:</b> Truncation forbidden:
@@ -200,16 +166,37 @@ CalypsoCaCertificateV1Builder setValidityPeriod(
    *
    * @param caOperatingMode The byte representing the CA operating mode for this card certificate.
    * @return The current instance.
-   * @throws IllegalArgumentException If the provided byte contains invalid values, including
-   *     non-zero values in reserved bits.
+   * @throws IllegalArgumentException If the provided byte contains RFU values.
    * @since 0.1.0
    */
-  CalypsoCaCertificateV1Builder setCaOperatingMode(byte caOperatingMode);
+  CalypsoCaCertificateV1Builder withCaOperatingMode(byte caOperatingMode);
 
   /**
-   * TODO
+   * Checks the consistency of the parameters, signs the certificate using the provided private key
+   * and returns a new instance of {@link CalypsoCaCertificateV1}.
    *
-   * @return
+   * <p>The internal signer will use the provided 2048 bits RSA private key with a public exponent
+   * of 65537 and the specified public key reference for signing operations.
+   *
+   * @param issuerPrivateKey The RSA private key of the issuer (2048 bits, public exponent 65537).
+   * @param issuerPublicKeyReference A 29-byte byte array representing a reference to the issuer's
+   *     public key.
+   * @return A non-null reference.
+   * @throws IllegalArgumentException If one of the provided arguments is null.
+   * @throws CertificateSigningException If an error occurs during the signing process.
+   * @since 0.1.0
+   */
+  CalypsoCaCertificateV1 build(RSAPrivateKey issuerPrivateKey, byte[] issuerPublicKeyReference);
+
+  /**
+   * Checks the consistency of the parameters, signs the certificate using the provided signer and
+   * returns a new instance of {@link CalypsoCaCertificateV1}.
+   *
+   * @param caCertificateSigner The external signer to use for signing the CA certificate.
+   * @return A non-null reference.
+   * @throws IllegalArgumentException If the provided signer is null.
+   * @throws CertificateSigningException If an error occurs during the signing process.
+   * @since 0.1.0
    */
-  CalypsoCaCertificateV1 build();
+  CalypsoCaCertificateV1 build(CalypsoCaCertificateSignerSpi caCertificateSigner);
 }
diff --git a/src/main/java/org/eclipse/keypop/calypso/certificate/ca/package-info.java b/src/main/java/org/eclipse/keypop/calypso/certificate/ca/package-info.java
index 887d03c..e839c6f 100644
--- a/src/main/java/org/eclipse/keypop/calypso/certificate/ca/package-info.java
+++ b/src/main/java/org/eclipse/keypop/calypso/certificate/ca/package-info.java
@@ -1,6 +1,6 @@
 /**
- * Calypso Certification Authority certificates management.
+ * Interfaces related to Calypso CA certificates.
  *
- * @since 0.2.0
+ * @since 0.1.0
  */
 package org.eclipse.keypop.calypso.certificate.ca;
diff --git a/src/main/java/org/eclipse/keypop/calypso/certificate/ca/spi/CalypsoCaCertificateSignerSpi.java b/src/main/java/org/eclipse/keypop/calypso/certificate/ca/spi/CalypsoCaCertificateSignerSpi.java
index dd704bc..6f0e4e0 100644
--- a/src/main/java/org/eclipse/keypop/calypso/certificate/ca/spi/CalypsoCaCertificateSignerSpi.java
+++ b/src/main/java/org/eclipse/keypop/calypso/certificate/ca/spi/CalypsoCaCertificateSignerSpi.java
@@ -20,7 +20,7 @@
 public interface CalypsoCaCertificateSignerSpi {
 
   /**
-   * Gets the reference to the issuer's public key.
+   * Returns the reference to the issuer's public key.
    *
    * @return A 29-byte byte array.
    * @since 0.1.0
@@ -28,26 +28,14 @@ public interface CalypsoCaCertificateSignerSpi {
   byte[] getIssuerPublicKeyReference();
 
   /**
-   * Generates a signed CA certificate based on the provided data.
-   *
-   * @param allData The byte array containing all the data to be included in the certificate. This
-   *     typically includes information about the subject, validity period, and other certificate
-   *     attributes.
-   * @return The signed card certificate, represented as a byte array.
-   * @since 0.1.0
-   */
-  byte[] generateSignedCertificate(byte[] allData);
-
-  /**
-   * Generates a signed CA certificate based on the provided data and recoverable data. This method
-   * is similar to {@link #generateSignedCertificate(byte[])}, but allows for separate handling of
-   * non-recoverable and recoverable data during signing.
+   * Generates a signed CA certificate based on the provided data and recoverable data.
    *
    * @param data The byte array containing the non-recoverable data for the certificate.
    * @param recoverableData The byte array containing the recoverable data for the certificate. This
    *     might be encrypted or protected data that shouldn't be included in the final certificate
    *     but is needed for signature generation.
-   * @return The signed card certificate, represented as a byte array.
+   * @return The signed CA certificate, a 384-byte byte array containing the data followed by the
+   *     signature.
    * @since 0.1.0
    */
   byte[] generateSignedCertificate(byte[] data, byte[] recoverableData);
diff --git a/src/main/java/org/eclipse/keypop/calypso/certificate/ca/spi/package-info.java b/src/main/java/org/eclipse/keypop/calypso/certificate/ca/spi/package-info.java
index 08349ec..455d880 100644
--- a/src/main/java/org/eclipse/keypop/calypso/certificate/ca/spi/package-info.java
+++ b/src/main/java/org/eclipse/keypop/calypso/certificate/ca/spi/package-info.java
@@ -1,6 +1,6 @@
 /**
- * Calypso Certification Authority certificates external signing.
+ * SPIs to be implemented by end user applications related to Calypso CA certificates signing.
  *
- * @since 0.2.0
+ * @since 0.1.0
  */
 package org.eclipse.keypop.calypso.certificate.ca.spi;
diff --git a/src/main/java/org/eclipse/keypop/calypso/certificate/card/CalypsoCardCertificateV1.java b/src/main/java/org/eclipse/keypop/calypso/certificate/card/CalypsoCardCertificateV1.java
index f2a879b..10b1f2a 100644
--- a/src/main/java/org/eclipse/keypop/calypso/certificate/card/CalypsoCardCertificateV1.java
+++ b/src/main/java/org/eclipse/keypop/calypso/certificate/card/CalypsoCardCertificateV1.java
@@ -9,9 +9,14 @@
  ****************************************************************************** */
 package org.eclipse.keypop.calypso.certificate.card;
 
+import org.eclipse.keypop.calypso.card.transaction.spi.CardCertificate;
+
 /**
  * A Calypso card certificate version 1.
  *
+ * <p>It can be used for certificate generation and external certificate validation.
+ *
+ * @see CardCertificate
  * @since 0.1.0
  */
 public interface CalypsoCardCertificateV1 extends CardCertificate {
diff --git a/src/main/java/org/eclipse/keypop/calypso/certificate/card/CalypsoCardCertificateV1Builder.java b/src/main/java/org/eclipse/keypop/calypso/certificate/card/CalypsoCardCertificateV1Builder.java
index b8415aa..bb364f1 100644
--- a/src/main/java/org/eclipse/keypop/calypso/certificate/card/CalypsoCardCertificateV1Builder.java
+++ b/src/main/java/org/eclipse/keypop/calypso/certificate/card/CalypsoCardCertificateV1Builder.java
@@ -9,110 +9,86 @@
  ****************************************************************************** */
 package org.eclipse.keypop.calypso.certificate.card;
 
-import java.security.PrivateKey;
 import java.security.interfaces.RSAPrivateKey;
-
+import org.eclipse.keypop.calypso.certificate.CertificateSigningException;
 import org.eclipse.keypop.calypso.certificate.card.spi.CalypsoCardCertificateSignerSpi;
 
 /**
- * Builds a card certificate conforming to version 1 of the Calypso card certificate format.
+ * Builds a {@link CalypsoCardCertificateV1} conforming to version 1 of the Calypso card certificate
+ * format.
  *
  * @since 0.1.0
  */
 public interface CalypsoCardCertificateV1Builder {
 
   /**
-   * Sets the external signer to be used for generating signed card certificates.
-   *
-   * @param cardCertificateSigner The external signer for card certificate generation.
-   * @return The current instance.
-   * @throws IllegalArgumentException If the provided signer is null.
-   * @throws IllegalStateException If an internal signer has already been configured using {@link
-   *     #useInternalSigner(RSAPrivateKey, byte[])}.
-   * @since 0.1.0
-   */
-  CalypsoCardCertificateV1Builder useExternalSigner(
-      CalypsoCardCertificateSignerSpi cardCertificateSigner);
-
-  /**
-   * Configures the builder to use the internal signer for generating signed card certificates.
+   * Sets the public key of the card, provided as a 64-byte raw array.
    *
-   * <p>The internal signer will use the provided 2048 bits RSA private key with a public exponent
-   * of 65537 and the specified public key reference for signing operations.
+   * <p>This key is expected to be on the <strong>secp256r1</strong> elliptic curve. It will be used
+   * for the verification of card signatures.
    *
-   * @param issuerPrivateKey The RSA private key of the issuer (2048 bits, public exponent 65537).
-   * @param issuerPublicKeyReference A 29-byte byte array representing a reference to the issuer's
-   *     public key.
+   * @param cardPublicKey The 64-byte raw array representing the public key on the
+   *     <strong>secp256r1</strong> curve.
    * @return The current instance.
-   * @throws IllegalArgumentException If any of the provided arguments are null, invalid, or have
-   *     incompatible formats.
-   * @throws IllegalStateException If an external signer has already been set using {@link
-   *     #useExternalSigner(CalypsoCardCertificateSignerSpi)}.
+   * @throws IllegalArgumentException If the provided key is null or has an invalid length (not 64).
    * @since 0.1.0
    */
-  CalypsoCardCertificateV1Builder useInternalSigner(
-          RSAPrivateKey issuerPrivateKey, byte[] issuerPublicKeyReference);
+  CalypsoCardCertificateV1Builder withCardPublicKey(byte[] cardPublicKey);
 
   /**
-   * Sets the public key of the card, provided as a 64-byte raw array.
+   * Sets the start date of the validity period of the certificate's public key.
    *
-   * <p>This key is expected to be on the <strong>secp256r1</strong> elliptic curve. It will be used
-   * for the verification of card signatures.
+   * <p>No consistency test is performed on the values supplied, as they will be coded in BCD
+   * YYYYMMDD format in the certificate.
    *
-   * @param cardPublicKey The 64-byte raw array representing the public key on the
-   *     <strong>secp256r1</strong> curve.
+   * @param year The year of the start date (0-9999).
+   * @param month The month of the start date (1-99).
+   * @param day The day of the start date (1-99).
    * @return The current instance.
-   * @throws IllegalArgumentException If the provided key is null or has an invalid length (not 64).
+   * @throws IllegalArgumentException If any date parameter is out of range.
    * @since 0.1.0
    */
-  CalypsoCardCertificateV1Builder setCardPublicKey(byte[] cardPublicKey);
+  CalypsoCardCertificateV1Builder withStartDate(int year, int month, int day);
 
   /**
-   * Sets the validity period of the certificate's public key. This defines the timeframe when the
-   * certificate can be considered trusted.
+   * Sets the end date of the validity period of the certificate's public key.
    *
-   * <p>If neither start nor end date is set, the certificate will have open-ended validity.
+   * <p>No consistency test is performed on the values supplied, as they will be coded in BCD
+   * YYYYMMDD format in the certificate.
    *
-   * @param startDateYear The year of the start date (e.g., 2024). Valid range: 1900-2100.
-   * @param startDateMonth The month of the start date (1-12).
-   * @param startDateDay The day of the start date (1-31).
-   * @param endDateYear The year of the end date (e.g., 2025). Valid range: 1900-2100.
-   * @param endDateMonth The month of the end date (1-12).
-   * @param endDateDay The day of the end date.
+   * @param year The year of the start date (0-9999).
+   * @param month The month of the start date (1-99).
+   * @param day The day of the start date (1-99).
    * @return The current instance.
    * @throws IllegalArgumentException If any date parameter is out of range.
    * @since 0.1.0
    */
-  CalypsoCardCertificateV1Builder setValidityPeriod(
-      int startDateYear,
-      int startDateMonth,
-      int startDateDay,
-      int endDateYear,
-      int endDateMonth,
-      int endDateDay);
+  CalypsoCardCertificateV1Builder withEndDate(int year, int month, int day);
 
   /**
-   * Sets the AID (Application Identifier) associated with the certificate.
+   * Restricts certificate validity to cards whose AID begins with the bytes provided.
+   *
+   * <p>If the AID is not set, the certificate will be applicable to any card certificates.
    *
    * @param aid The AID value as a 5 to 16 bytes byte array.
    * @return The current instance.
    * @throws IllegalArgumentException If the provided argument is null or out of range.
    * @since 0.1.0
    */
-  CalypsoCardCertificateV1Builder setAid(byte[] aid);
+  CalypsoCardCertificateV1Builder withAid(byte[] aid);
 
   /**
    * Sets the serial number of the card for which the certificate is being generated.
    *
-   * @param serialNumber The serial number of the card as a 8-byte byte array.
+   * @param serialNumber The serial number of the card as an 8-byte byte array.
    * @return The current instance.
    * @throws IllegalArgumentException If the provided argument is null or out of range.
    * @since 0.1.0
    */
-  CalypsoCardCertificateV1Builder setCardSerialNumber(byte[] serialNumber);
+  CalypsoCardCertificateV1Builder withCardSerialNumber(byte[] serialNumber);
 
   /**
-   * Sets the startup info for the card certificate.
+   * Sets the startup info of the card for which the certificate is being generated.
    *
    * @param startupInfo The 7-byte byte array representing the startup info for the card
    *     certificate.
@@ -120,7 +96,7 @@ CalypsoCardCertificateV1Builder setValidityPeriod(
    * @throws IllegalArgumentException If the provided argument is null or out of range.
    * @since 0.1.0
    */
-  CalypsoCardCertificateV1Builder setCardStartupInfo(byte[] startupInfo);
+  CalypsoCardCertificateV1Builder withCardStartupInfo(byte[] startupInfo);
 
   /**
    * Sets the index used to differentiate two card certificates generated with the same issuer
@@ -130,12 +106,34 @@ CalypsoCardCertificateV1Builder setValidityPeriod(
    * @return The current instance.
    * @since 0.1.0
    */
-  CalypsoCardCertificateV1Builder setIndex(int index);
+  CalypsoCardCertificateV1Builder withIndex(int index);
 
   /**
-   * TODO
+   * Checks the consistency of the parameters, signs the certificate using the provided private key
+   * and returns a new instance of {@link CalypsoCardCertificateV1}.
    *
-   * @return
+   * <p>The internal signer will use the provided 2048 bits RSA private key with a public exponent
+   * of 65537 and the specified public key reference for signing operations.
+   *
+   * @param issuerPrivateKey The RSA private key of the issuer (2048 bits, public exponent 65537).
+   * @param issuerPublicKeyReference A 29-byte byte array representing a reference to the issuer's
+   *     public key.
+   * @return A non-null reference.
+   * @throws IllegalArgumentException If one of the provided arguments is null.
+   * @throws CertificateSigningException If an error occurs during the signing process.
+   * @since 0.1.0
+   */
+  CalypsoCardCertificateV1 build(RSAPrivateKey issuerPrivateKey, byte[] issuerPublicKeyReference);
+
+  /**
+   * Checks the consistency of the parameters, signs the certificate using the provided signer and
+   * returns a new instance of {@link CalypsoCardCertificateV1}.
+   *
+   * @param cardCertificateSigner The external signer for card certificate generation.
+   * @return A non-null reference.
+   * @throws IllegalArgumentException If the provided signer is null.
+   * @throws CertificateSigningException If an error occurs during the signing process.
+   * @since 0.1.0
    */
-  CalypsoCardCertificateV1 build();
+  CalypsoCardCertificateV1 build(CalypsoCardCertificateSignerSpi cardCertificateSigner);
 }
diff --git a/src/main/java/org/eclipse/keypop/calypso/certificate/card/package-info.java b/src/main/java/org/eclipse/keypop/calypso/certificate/card/package-info.java
index 5f785db..3239034 100644
--- a/src/main/java/org/eclipse/keypop/calypso/certificate/card/package-info.java
+++ b/src/main/java/org/eclipse/keypop/calypso/certificate/card/package-info.java
@@ -1,6 +1,6 @@
 /**
- * Calypso card certificates management.
+ * Interfaces related to Calypso card certificates.
  *
- * @since 0.2.0
+ * @since 0.1.0
  */
 package org.eclipse.keypop.calypso.certificate.card;
diff --git a/src/main/java/org/eclipse/keypop/calypso/certificate/card/spi/CalypsoCardCertificateSignerSpi.java b/src/main/java/org/eclipse/keypop/calypso/certificate/card/spi/CalypsoCardCertificateSignerSpi.java
index 5aa6797..15ed3c5 100644
--- a/src/main/java/org/eclipse/keypop/calypso/certificate/card/spi/CalypsoCardCertificateSignerSpi.java
+++ b/src/main/java/org/eclipse/keypop/calypso/certificate/card/spi/CalypsoCardCertificateSignerSpi.java
@@ -20,7 +20,7 @@
 public interface CalypsoCardCertificateSignerSpi {
 
   /**
-   * Gets the reference to the issuer's public key.
+   * Returns the reference to the issuer's public key.
    *
    * @return A 29-byte byte array.
    * @since 0.1.0
@@ -28,26 +28,14 @@ public interface CalypsoCardCertificateSignerSpi {
   byte[] getIssuerPublicKeyReference();
 
   /**
-   * Generates a signed card certificate based on the provided data.
-   *
-   * @param allData The byte array containing all the data to be included in the certificate. This
-   *     typically includes information about the subject, validity period, and other certificate
-   *     attributes.
-   * @return The signed card certificate, represented as a byte array.
-   * @since 0.1.0
-   */
-  byte[] generateSignedCertificate(byte[] allData);
-
-  /**
-   * Generates a signed card certificate based on the provided data and recoverable data. This
-   * method is similar to {@link #generateSignedCertificate(byte[])}, but allows for separate
-   * handling of non-recoverable and recoverable data during signing.
+   * Generates a signed card certificate based on the provided data and recoverable data.
    *
    * @param data The byte array containing the non-recoverable data for the certificate.
    * @param recoverableData The byte array containing the recoverable data for the certificate. This
    *     might be encrypted or protected data that shouldn't be included in the final certificate
    *     but is needed for signature generation.
-   * @return The signed card certificate, represented as a byte array.
+   * @return The signed card certificate, a 316-byte byte array containing the data followed by the
+   *     signature.
    * @since 0.1.0
    */
   byte[] generateSignedCertificate(byte[] data, byte[] recoverableData);
diff --git a/src/main/java/org/eclipse/keypop/calypso/certificate/card/spi/package-info.java b/src/main/java/org/eclipse/keypop/calypso/certificate/card/spi/package-info.java
index cd85713..b3efe25 100644
--- a/src/main/java/org/eclipse/keypop/calypso/certificate/card/spi/package-info.java
+++ b/src/main/java/org/eclipse/keypop/calypso/certificate/card/spi/package-info.java
@@ -1,6 +1,6 @@
 /**
- * Calypso card certificate external signing.
+ * SPIs to be implemented by end user applications related to Calypso card certificates signing.
  *
- * @since 0.2.0
+ * @since 0.1.0
  */
 package org.eclipse.keypop.calypso.certificate.card.spi;
diff --git a/src/main/java/org/eclipse/keypop/calypso/certificate/package-info.java b/src/main/java/org/eclipse/keypop/calypso/certificate/package-info.java
index ce0d140..4abf674 100644
--- a/src/main/java/org/eclipse/keypop/calypso/certificate/package-info.java
+++ b/src/main/java/org/eclipse/keypop/calypso/certificate/package-info.java
@@ -1,6 +1,6 @@
 /**
- * Calypso Certification Authority and card certificates management.
+ * Interfaces related to Calypso certificates.
  *
- * @since 0.2.0
+ * @since 0.1.0
  */
 package org.eclipse.keypop.calypso.certificate;

From f891d1df2bc234e6cfcdeb39b3efb6a318bcce4b Mon Sep 17 00:00:00 2001
From: Jean-Pierre Fortune <jean-pierre.fortune@ialto.com>
Date: Fri, 16 Feb 2024 17:39:02 +0100
Subject: [PATCH 05/13] wip

---
 .../ca/CalypsoCaCertificateV1Builder.java     | 76 ++++++++-----------
 .../card/CalypsoCardCertificateV1Builder.java | 25 ++++--
 2 files changed, 51 insertions(+), 50 deletions(-)

diff --git a/src/main/java/org/eclipse/keypop/calypso/certificate/ca/CalypsoCaCertificateV1Builder.java b/src/main/java/org/eclipse/keypop/calypso/certificate/ca/CalypsoCaCertificateV1Builder.java
index 9d654df..3ccf050 100644
--- a/src/main/java/org/eclipse/keypop/calypso/certificate/ca/CalypsoCaCertificateV1Builder.java
+++ b/src/main/java/org/eclipse/keypop/calypso/certificate/ca/CalypsoCaCertificateV1Builder.java
@@ -46,6 +46,9 @@ CalypsoCaCertificateV1Builder withCaPublicKey(
    * <p>No consistency test is performed on the values supplied, as they will be coded in BCD
    * YYYYMMDD format in the certificate.
    *
+   * <p>The start date is optional. If it is not defined, the certificate is not subject to a start
+   * date constraint.
+   *
    * @param year The year of the start date (0-9999).
    * @param month The month of the start date (1-99).
    * @param day The day of the start date (1-99).
@@ -61,6 +64,9 @@ CalypsoCaCertificateV1Builder withCaPublicKey(
    * <p>No consistency test is performed on the values supplied, as they will be coded in BCD
    * YYYYMMDD format in the certificate.
    *
+   * <p>The end date is optional. If it is not defined, the certificate is not subject to an end
+   * date constraint.
+   *
    * @param year The year of the start date (0-9999).
    * @param month The month of the start date (1-99).
    * @param day The day of the start date (1-99).
@@ -71,16 +77,32 @@ CalypsoCaCertificateV1Builder withCaPublicKey(
   CalypsoCaCertificateV1Builder withEndDate(int year, int month, int day);
 
   /**
-   * Restricts certificate validity to cards whose AID begins with the bytes provided.
+   * Restricts certificate validity to cards whose Application Identifier (AID) begins with the
+   * bytes provided.
+   *
+   * <p>This method allows you to specify an AID value to limit the applicability of the
+   * certificate. The certificate will only be valid for cards whose AID starts with the provided
+   * bytes.
+   *
+   * <p>The AID is optional. When not set, no restriction related to the card AID will be applied.
+   *
+   * <p><b>Important:</b>
+   *
+   * <p>The <b>aid</b> field cannot contain only zero bytes.
    *
-   * <p>If the AID is not set, the certificate will be applicable to any card certificates.
+   * <p>The <b>isTruncated</b> field indicates whether the provided AID is truncated. If set to
+   * <b>true</b>, the certificate will be valid for cards whose AID starts with the provided bytes,
+   * even if the card's full AID is longer. If set to <b>false</b>, the certificate will only be
+   * valid for cards whose full AID exactly matches the provided bytes.
    *
-   * @param aid The AID value as a 5 to 16 bytes byte array.
+   * @param aid The AID value as a 5 to 16 bytes byte array. Must not contain only zero bytes.
+   * @param isTruncated true if the provided AID is truncated, false otherwise.
    * @return The current instance.
-   * @throws IllegalArgumentException If the provided argument is null or out of range.
+   * @throws IllegalArgumentException If the provided AID is null, out of range, or contains only
+   *     zero bytes.
    * @since 0.1.0
    */
-  CalypsoCaCertificateV1Builder withAid(byte[] aid);
+  CalypsoCaCertificateV1Builder withAid(byte[] aid, boolean isTruncated);
 
   /**
    * Sets the CA rights for this card certificate, controlling which types of certificates can be
@@ -106,6 +128,8 @@ CalypsoCaCertificateV1Builder withCaPublicKey(
    *       </ul>
    * </ul>
    *
+   * The CA rights byte is optional. If not set, the default value is 0.
+   *
    * @param caRights The byte representing the CA rights for this card certificate.
    * @return The current instance.
    * @throws IllegalArgumentException If the provided byte contains RFU values.
@@ -126,6 +150,8 @@ CalypsoCaCertificateV1Builder withCaPublicKey(
    *   <li>Other values: Reserved for future use (RFU).
    * </ul>
    *
+   * The CA scope byte is optional. If not set, the default value is 0.
+   *
    * @param caScope The byte representing the CA scope for this card certificate.
    * @return The current instance.
    * @throws IllegalArgumentException If the provided byte contains RFU values.
@@ -133,44 +159,6 @@ CalypsoCaCertificateV1Builder withCaPublicKey(
    */
   CalypsoCaCertificateV1Builder withCaScope(byte caScope);
 
-  /**
-   * Sets the CA operating mode, controlling how the target Calypso Prime PKI application AID should
-   * be verified during card certificate validation.
-   *
-   * <p>The provided byte defines the following behavior:
-   *
-   * <ul>
-   *   <li><b>Bits b7-b1:</b> Reserved for future use (RFU). Must be set to 0.
-   *   <li><b>Bit b0:</b> Target Calypso Prime PKI application AID matching:
-   *       <ul>
-   *         <li><b>%0:</b> Truncation forbidden:
-   *             <ul>
-   *               <li>The size of the card AID in the card certificate must be equal to the size of
-   *                   the target AID specified in this certificate.
-   *               <li>The corresponding number of first (leftmost) bytes of the card AID value in
-   *                   the card certificate and the target AID value in this certificate must be
-   *                   equal.
-   *             </ul>
-   *         <li><b>%1:</b> Truncation allowed:
-   *             <ul>
-   *               <li>The size of the card AID in the card certificate can be equal to or greater
-   *                   than the size of the target AID specified in this certificate.
-   *               <li>The specified size first (leftmost) bytes of the card AID value in the card
-   *                   certificate and the target AID value in this certificate must be equal.
-   *             </ul>
-   *       </ul>
-   * </ul>
-   *
-   * Choosing an appropriate operating mode is crucial for secure and verified certificate issuance.
-   * Refer to the Calypso Prime PKI specifications for further details and guidelines.
-   *
-   * @param caOperatingMode The byte representing the CA operating mode for this card certificate.
-   * @return The current instance.
-   * @throws IllegalArgumentException If the provided byte contains RFU values.
-   * @since 0.1.0
-   */
-  CalypsoCaCertificateV1Builder withCaOperatingMode(byte caOperatingMode);
-
   /**
    * Checks the consistency of the parameters, signs the certificate using the provided private key
    * and returns a new instance of {@link CalypsoCaCertificateV1}.
@@ -183,6 +171,7 @@ CalypsoCaCertificateV1Builder withCaPublicKey(
    *     public key.
    * @return A non-null reference.
    * @throws IllegalArgumentException If one of the provided arguments is null.
+   * @throws IllegalStateException If one of the required parameters is wrong or missing.
    * @throws CertificateSigningException If an error occurs during the signing process.
    * @since 0.1.0
    */
@@ -195,6 +184,7 @@ CalypsoCaCertificateV1Builder withCaPublicKey(
    * @param caCertificateSigner The external signer to use for signing the CA certificate.
    * @return A non-null reference.
    * @throws IllegalArgumentException If the provided signer is null.
+   * @throws IllegalStateException If one of the required parameters is wrong or missing.
    * @throws CertificateSigningException If an error occurs during the signing process.
    * @since 0.1.0
    */
diff --git a/src/main/java/org/eclipse/keypop/calypso/certificate/card/CalypsoCardCertificateV1Builder.java b/src/main/java/org/eclipse/keypop/calypso/certificate/card/CalypsoCardCertificateV1Builder.java
index bb364f1..b35799e 100644
--- a/src/main/java/org/eclipse/keypop/calypso/certificate/card/CalypsoCardCertificateV1Builder.java
+++ b/src/main/java/org/eclipse/keypop/calypso/certificate/card/CalypsoCardCertificateV1Builder.java
@@ -22,15 +22,15 @@
 public interface CalypsoCardCertificateV1Builder {
 
   /**
-   * Sets the public key of the card, provided as a 64-byte raw array.
+   * Sets the public key of the card, provided as a 64-byte array.
    *
    * <p>This key is expected to be on the <strong>secp256r1</strong> elliptic curve. It will be used
    * for the verification of card signatures.
    *
-   * @param cardPublicKey The 64-byte raw array representing the public key on the
+   * @param cardPublicKey The 64-byte array representing the public key on the
    *     <strong>secp256r1</strong> curve.
    * @return The current instance.
-   * @throws IllegalArgumentException If the provided key is null or has an invalid length (not 64).
+   * @throws IllegalArgumentException If the provided key is null or out of range.
    * @since 0.1.0
    */
   CalypsoCardCertificateV1Builder withCardPublicKey(byte[] cardPublicKey);
@@ -41,6 +41,9 @@ public interface CalypsoCardCertificateV1Builder {
    * <p>No consistency test is performed on the values supplied, as they will be coded in BCD
    * YYYYMMDD format in the certificate.
    *
+   * <p>The start date is optional. If it is not defined, the certificate is not subject to a start
+   * date constraint.
+   *
    * @param year The year of the start date (0-9999).
    * @param month The month of the start date (1-99).
    * @param day The day of the start date (1-99).
@@ -56,6 +59,9 @@ public interface CalypsoCardCertificateV1Builder {
    * <p>No consistency test is performed on the values supplied, as they will be coded in BCD
    * YYYYMMDD format in the certificate.
    *
+   * <p>The end date is optional. If it is not defined, the certificate is not subject to an end
+   * date constraint.
+   *
    * @param year The year of the start date (0-9999).
    * @param month The month of the start date (1-99).
    * @param day The day of the start date (1-99).
@@ -66,13 +72,14 @@ public interface CalypsoCardCertificateV1Builder {
   CalypsoCardCertificateV1Builder withEndDate(int year, int month, int day);
 
   /**
-   * Restricts certificate validity to cards whose AID begins with the bytes provided.
+   * Sets the AID of the autonomous PKI application of the target card.
    *
-   * <p>If the AID is not set, the certificate will be applicable to any card certificates.
+   * <p>The <b>aid</b> field cannot contain only zero bytes.
    *
-   * @param aid The AID value as a 5 to 16 bytes byte array.
+   * @param aid The AID value as a 5 to 16 bytes byte array. Must not contain only zero bytes.
    * @return The current instance.
-   * @throws IllegalArgumentException If the provided argument is null or out of range.
+   * @throws IllegalArgumentException If the provided AID is null, out of range, or contains only
+   *     zero bytes.
    * @since 0.1.0
    */
   CalypsoCardCertificateV1Builder withAid(byte[] aid);
@@ -102,6 +109,8 @@ public interface CalypsoCardCertificateV1Builder {
    * Sets the index used to differentiate two card certificates generated with the same issuer
    * public key reference for the same card.
    *
+   * <p>The index is optional. By default, it is set to 0.
+   *
    * @param index The index of the card certificate.
    * @return The current instance.
    * @since 0.1.0
@@ -120,6 +129,7 @@ public interface CalypsoCardCertificateV1Builder {
    *     public key.
    * @return A non-null reference.
    * @throws IllegalArgumentException If one of the provided arguments is null.
+   * @throws IllegalStateException If one of the required parameters is wrong or missing.
    * @throws CertificateSigningException If an error occurs during the signing process.
    * @since 0.1.0
    */
@@ -132,6 +142,7 @@ public interface CalypsoCardCertificateV1Builder {
    * @param cardCertificateSigner The external signer for card certificate generation.
    * @return A non-null reference.
    * @throws IllegalArgumentException If the provided signer is null.
+   * @throws IllegalStateException If one of the required parameters is wrong or missing.
    * @throws CertificateSigningException If an error occurs during the signing process.
    * @since 0.1.0
    */

From 863423ea19733109acbd8590c00aa25c51fbb921 Mon Sep 17 00:00:00 2001
From: Jean-Pierre Fortune <jean-pierre.fortune@ialto.com>
Date: Tue, 20 Feb 2024 17:53:21 +0100
Subject: [PATCH 06/13] wip

---
 .../CalypsoCertificateApiFactory.java         |  84 ++++++++++-
 .../certificate/CalypsoCertificateStore.java  | 130 ++++++++++++++++++
 .../CertificateConsistencyException.java      |  37 +++++
 .../certificate/ca/CalypsoCaCertificate.java  |  28 ++++
 .../ca/CalypsoCaCertificateV1.java            |  11 +-
 .../ca/CalypsoCaCertificateV1Builder.java     |  25 +---
 .../card/CalypsoCardCertificate.java          |  28 ++++
 .../card/CalypsoCardCertificateV1.java        |  11 +-
 .../card/CalypsoCardCertificateV1Builder.java |  30 +---
 .../CalypsoCertificateSignerSpi.java}         |  19 +--
 .../{card => }/spi/package-info.java          |   4 +-
 11 files changed, 321 insertions(+), 86 deletions(-)
 create mode 100644 src/main/java/org/eclipse/keypop/calypso/certificate/CalypsoCertificateStore.java
 create mode 100644 src/main/java/org/eclipse/keypop/calypso/certificate/CertificateConsistencyException.java
 create mode 100644 src/main/java/org/eclipse/keypop/calypso/certificate/ca/CalypsoCaCertificate.java
 create mode 100644 src/main/java/org/eclipse/keypop/calypso/certificate/card/CalypsoCardCertificate.java
 rename src/main/java/org/eclipse/keypop/calypso/certificate/{card/spi/CalypsoCardCertificateSignerSpi.java => spi/CalypsoCertificateSignerSpi.java} (69%)
 rename src/main/java/org/eclipse/keypop/calypso/certificate/{card => }/spi/package-info.java (50%)

diff --git a/src/main/java/org/eclipse/keypop/calypso/certificate/CalypsoCertificateApiFactory.java b/src/main/java/org/eclipse/keypop/calypso/certificate/CalypsoCertificateApiFactory.java
index b626c7b..1a68741 100644
--- a/src/main/java/org/eclipse/keypop/calypso/certificate/CalypsoCertificateApiFactory.java
+++ b/src/main/java/org/eclipse/keypop/calypso/certificate/CalypsoCertificateApiFactory.java
@@ -11,6 +11,7 @@
 
 import org.eclipse.keypop.calypso.certificate.ca.CalypsoCaCertificateV1Builder;
 import org.eclipse.keypop.calypso.certificate.card.CalypsoCardCertificateV1Builder;
+import org.eclipse.keypop.calypso.certificate.spi.CalypsoCertificateSignerSpi;
 
 /**
  * Factory of CA and card certificate builders.
@@ -20,18 +21,93 @@
 public interface CalypsoCertificateApiFactory {
 
   /**
-   * Returns a new builder of Calypso CA certificate version 1.
+   * Returns the store where Calypso Certificate Authority (CA) certificates and optionally the
+   * private keys are injected and made available for certificate generation processes.
    *
+   * <p>The store contains the necessary certificates and private keys required for generating
+   * Calypso CA and card certificates.
+   *
+   * <p>Use the methods provided by this store to inject the appropriate certificates and private
+   * keys before creating the certificate builders.
+   *
+   * @return A non-null reference.
+   * @since 0.1.0
+   */
+  CalypsoCertificateStore getCalypsoCertificateStore();
+
+  /**
+   * Creates a new builder for Calypso CA certificates (version 1) using the internal signer.
+   *
+   * <p>The builder is used to configure and build signed Calypso CA certificates.
+   *
+   * <p>This method must be called after the issuer certificate and its associated private key have
+   * been injected into the store using the specified issuer public key reference.
+   *
+   * @param issuerPublicKeyReference The reference to issuer's public key in the store.
+   * @throws IllegalStateException If the provided reference is unknown or the issuer's private key
+   *     is missing.
+   * @throws CertificateConsistencyException If the provided reference doesn't designate a valid
+   *     certification for the operation.
+   * @return A non-null reference.
+   * @since 0.1.0
+   */
+  CalypsoCaCertificateV1Builder createCalypsoCaCertificateV1Builder(
+      byte[] issuerPublicKeyReference);
+
+  /**
+   * Creates a new builder for Calypso CA certificates (version 1) using an external signer.
+   *
+   * <p>The builder is used to configure and build signed Calypso CA certificates.
+   *
+   * <p>This method must be called after the issuer certificate of the signer using the specified
+   * issuer public key reference.
+   *
+   * @param issuerPublicKeyReference The reference to issuer's public key in the store.
+   * @param caCertificateSigner The external signer to use for signing the CA certificate.
+   * @throws IllegalStateException If the provided reference is unknown.
+   * @throws CertificateConsistencyException If the provided reference doesn't designate a valid
+   *     certification for the operation.
+   * @return A non-null reference.
+   * @since 0.1.0
+   */
+  CalypsoCaCertificateV1Builder createCalypsoCaCertificateV1Builder(
+      byte[] issuerPublicKeyReference, CalypsoCertificateSignerSpi caCertificateSigner);
+
+  /**
+   * Creates a new builder for Calypso card certificates (version 1) using the internal signer.
+   *
+   * <p>The builder is used to configure and build signed Calypso card certificates.
+   *
+   * <p>This method must be called after the issuer certificate and its associated private key have
+   * been injected into the store using the specified issuer public key reference.
+   *
+   * @param issuerPublicKeyReference The reference to issuer's public key in the store.
+   * @throws IllegalStateException If the provided reference is unknown or the issuer's private key
+   *     is missing.
+   * @throws CertificateConsistencyException If the provided reference doesn't designate a valid
+   *     certification for the operation.
    * @return A non-null reference.
    * @since 0.1.0
    */
-  CalypsoCaCertificateV1Builder createCalypsoCaCertificateV1Builder();
+  CalypsoCardCertificateV1Builder createCalypsoCardCertificateV1Builder(
+      byte[] issuerPublicKeyReference);
 
   /**
-   * Returns a new builder of Calypso card certificate version 1.
+   * Creates a new builder for Calypso card certificates (version 1) using an external signer.
+   *
+   * <p>The builder is used to configure and build signed Calypso card certificates.
+   *
+   * <p>This method must be called after the issuer certificate of the signer using the specified
+   * issuer public key reference.
    *
+   * @param issuerPublicKeyReference The reference to issuer's public key in the store.
+   * @param cardCertificateSigner The external signer to use for signing the card certificate.
+   * @throws IllegalStateException If the provided reference is unknown.
+   * @throws CertificateConsistencyException If the provided reference doesn't designate a valid
+   *     certification for the operation.
    * @return A non-null reference.
    * @since 0.1.0
    */
-  CalypsoCardCertificateV1Builder createCalypsoCardCertificateV1Builder();
+  CalypsoCardCertificateV1Builder createCalypsoCardCertificateV1Builder(
+      byte[] issuerPublicKeyReference, CalypsoCertificateSignerSpi cardCertificateSigner);
 }
diff --git a/src/main/java/org/eclipse/keypop/calypso/certificate/CalypsoCertificateStore.java b/src/main/java/org/eclipse/keypop/calypso/certificate/CalypsoCertificateStore.java
new file mode 100644
index 0000000..594ddce
--- /dev/null
+++ b/src/main/java/org/eclipse/keypop/calypso/certificate/CalypsoCertificateStore.java
@@ -0,0 +1,130 @@
+/* ******************************************************************************
+ * Copyright (c) 2024 Calypso Networks Association https://calypsonet.org/
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the MIT License which is available at
+ * https://opensource.org/licenses/MIT.
+ *
+ * SPDX-License-Identifier: MIT
+ ****************************************************************************** */
+package org.eclipse.keypop.calypso.certificate;
+
+import java.security.interfaces.RSAPrivateKey;
+import java.security.interfaces.RSAPublicKey;
+import org.eclipse.keypop.calypso.certificate.ca.CalypsoCaCertificate;
+
+/**
+ * Provides a store for managing Calypso Certificate Authority (CA) certificates and keys.
+ *
+ * <p>This interface offers methods for adding the following to the store:
+ *
+ * <ul>
+ *   <li>PCA public keys and key pairs
+ *   <li>Calypso CA certificates
+ *   <li>Calypso CA certificates with their associated private keys
+ * </ul>
+ *
+ * <p>The stored certificates and keys are used for verifying and creating Calypso CA certificates
+ * within the certificate infrastructure.
+ *
+ * <p>Certificates and keys must be added to the store in a specific trust order to ensure a proper
+ * chain of trust within the certificate infrastructure. This order reflects the trust relationships
+ * between different authorities, allowing certificates to verify their validity up to a trusted
+ * root.
+ *
+ * @since 0.1.0
+ */
+public interface CalypsoCertificateStore {
+
+  /**
+   * Adds a Primary Certification Authority (PCA) public key and its reference.
+   *
+   * <p>This method expects a 2048-bit RSA public key with an exponent of 65537.
+   *
+   * <p>The provided public key reference will be used for identifying the key when creating
+   * certificates within the certificate infrastructure.
+   *
+   * <p>This method is typically used for scenarios where the need is to verify Calypso CA
+   * certificates. By providing both the public and private keys, the store has the necessary
+   * information for these operations.
+   *
+   * <p>The key reference is to be used when creating certificates according to the desired
+   * infrastructure.
+   *
+   * <p>This method is suitable for providing means to verify CA certificates.
+   *
+   * @param publicKeyReference The reference to the public key.
+   * @param publicKey The public key.
+   * @return The current instance.
+   * @throws IllegalArgumentException If one of the argument is null or if the key is not a 2048-bit
+   *     RSA key.
+   * @since 0.1.0
+   */
+  CalypsoCertificateStore addPcaPublicKey(byte[] publicKeyReference, RSAPublicKey publicKey);
+
+  /**
+   * Adds a Primary Certification Authority (PCA) public key, its reference, and the associated
+   * private key.
+   *
+   * <p>This method expects a 2048-bit RSA key with an exponent of 65537. Both the public part of
+   * the key and its associated private part must be provided.
+   *
+   * <p>The provided public key reference will be used for identifying the key when creating
+   * certificates within the certificate infrastructure.
+   *
+   * <p>This method is typically used for scenarios where the need is to verify and/or create
+   * Calypso CA certificates. By providing both the public and private keys, the store has the
+   * necessary information for these operations.
+   *
+   * @param publicKeyReference The reference to the public key.
+   * @param publicKey The public key.
+   * @param privateKey The associated private key corresponding to the provided public key.
+   * @return The current instance.
+   * @throws IllegalArgumentException If one of the argument is null or if the provided key pair is
+   *     not a valid 2048-bit RSA key pair.
+   * @since 0.1.0
+   */
+  CalypsoCertificateStore addPcaKeyPair(
+      byte[] publicKeyReference, RSAPublicKey publicKey, RSAPrivateKey privateKey);
+
+  /**
+   * Adds a Calypso Certificate Authority (CA) certificate to the store.
+   *
+   * <p>This method adds the provided certificate to the store. The certificate must be valid
+   * (signed by an already referenced authority) and issued by a trusted authority previously
+   * referenced in the store.
+   *
+   * <p>This method is typically used to add an intermediate CA certificates necessary for
+   * validating other certificates within the infrastructure.
+   *
+   * @param caCertificate The Calypso CA certificate to add.
+   * @return The current instance.
+   * @throws IllegalArgumentException If the certificate is null.
+   * @throws CertificateConsistencyException If the certificate is not trusted.
+   * @since 0.1.0
+   */
+  CalypsoCertificateStore addCalypsoCaCertificate(CalypsoCaCertificate caCertificate);
+
+  /**
+   * Adds a Calypso Certificate Authority (CA) certificate and its associated private key to the
+   * store.
+   *
+   * <p>This method adds the provided certificate and its associated private key to the store. Both
+   * the certificate must be valid (signed by an already referenced authority) and the private key
+   * must correspond to the certificate.
+   *
+   * <p>This method is typically used for scenarios where you need to issue Calypso CA or card
+   * certificates. By providing both the certificate and its private key, the store has the
+   * necessary information to sign new certificates.
+   *
+   * @param caCertificate The Calypso CA certificate to add.
+   * @param caPrivateKey The private key associated with the provided certificate.
+   * @return The current instance.
+   * @throws IllegalArgumentException If either the certificate or the private key is null or
+   *     invalid, or if they do not correspond to each other.
+   * @throws CertificateConsistencyException If the certificate is not trusted.
+   * @since 0.1.0
+   */
+  CalypsoCertificateStore addCalypsoCaCertificate(
+      CalypsoCaCertificate caCertificate, RSAPrivateKey caPrivateKey);
+}
diff --git a/src/main/java/org/eclipse/keypop/calypso/certificate/CertificateConsistencyException.java b/src/main/java/org/eclipse/keypop/calypso/certificate/CertificateConsistencyException.java
new file mode 100644
index 0000000..a0eeab8
--- /dev/null
+++ b/src/main/java/org/eclipse/keypop/calypso/certificate/CertificateConsistencyException.java
@@ -0,0 +1,37 @@
+/* ******************************************************************************
+ * Copyright (c) 2024 Calypso Networks Association https://calypsonet.org/
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the MIT License which is available at
+ * https://opensource.org/licenses/MIT.
+ *
+ * SPDX-License-Identifier: MIT
+ ****************************************************************************** */
+package org.eclipse.keypop.calypso.certificate;
+
+/**
+ * Exception that is thrown when an error occurs during the certificate validation process.
+ *
+ * @since 0.1.0
+ */
+public class CertificateConsistencyException extends RuntimeException {
+
+  /**
+   * @param message Message to identify the exception context.
+   * @since 0.1.0
+   */
+  public CertificateConsistencyException(String message) {
+    super(message);
+  }
+
+  /**
+   * Encapsulates a lower level exception.
+   *
+   * @param message Message to identify the exception context.
+   * @param cause The cause.
+   * @since 0.1.0
+   */
+  public CertificateConsistencyException(String message, Throwable cause) {
+    super(message, cause);
+  }
+}
diff --git a/src/main/java/org/eclipse/keypop/calypso/certificate/ca/CalypsoCaCertificate.java b/src/main/java/org/eclipse/keypop/calypso/certificate/ca/CalypsoCaCertificate.java
new file mode 100644
index 0000000..55f9275
--- /dev/null
+++ b/src/main/java/org/eclipse/keypop/calypso/certificate/ca/CalypsoCaCertificate.java
@@ -0,0 +1,28 @@
+/* ******************************************************************************
+ * Copyright (c) 2024 Calypso Networks Association https://calypsonet.org/
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the MIT License which is available at
+ * https://opensource.org/licenses/MIT.
+ *
+ * SPDX-License-Identifier: MIT
+ ****************************************************************************** */
+package org.eclipse.keypop.calypso.certificate.ca;
+
+import org.eclipse.keypop.calypso.card.transaction.spi.CaCertificate;
+
+/**
+ * CA Certificate compliant with the 384-byte format supported by the Calypso cards.
+ *
+ * @since 0.1.0
+ */
+public interface CalypsoCaCertificate extends CaCertificate {
+
+  /**
+   * Returns a byte array corresponding to the certificate as it is stored in the card.
+   *
+   * @return A 384-byte byte array.
+   * @since 0.1.0
+   */
+  byte[] getRawData();
+}
diff --git a/src/main/java/org/eclipse/keypop/calypso/certificate/ca/CalypsoCaCertificateV1.java b/src/main/java/org/eclipse/keypop/calypso/certificate/ca/CalypsoCaCertificateV1.java
index 186b6a9..a1bd824 100644
--- a/src/main/java/org/eclipse/keypop/calypso/certificate/ca/CalypsoCaCertificateV1.java
+++ b/src/main/java/org/eclipse/keypop/calypso/certificate/ca/CalypsoCaCertificateV1.java
@@ -19,13 +19,4 @@
  * @see CaCertificate
  * @since 0.1.0
  */
-public interface CalypsoCaCertificateV1 extends CaCertificate {
-
-  /**
-   * Returns a byte array corresponding to the certificate as it is stored in the card.
-   *
-   * @return A 384-byte byte array.
-   * @since 0.1.0
-   */
-  byte[] getRawData();
-}
+public interface CalypsoCaCertificateV1 extends CalypsoCaCertificate {}
diff --git a/src/main/java/org/eclipse/keypop/calypso/certificate/ca/CalypsoCaCertificateV1Builder.java b/src/main/java/org/eclipse/keypop/calypso/certificate/ca/CalypsoCaCertificateV1Builder.java
index 3ccf050..10e8a20 100644
--- a/src/main/java/org/eclipse/keypop/calypso/certificate/ca/CalypsoCaCertificateV1Builder.java
+++ b/src/main/java/org/eclipse/keypop/calypso/certificate/ca/CalypsoCaCertificateV1Builder.java
@@ -9,10 +9,9 @@
  ****************************************************************************** */
 package org.eclipse.keypop.calypso.certificate.ca;
 
-import java.security.interfaces.RSAPrivateKey;
 import java.security.interfaces.RSAPublicKey;
+import org.eclipse.keypop.calypso.certificate.CertificateConsistencyException;
 import org.eclipse.keypop.calypso.certificate.CertificateSigningException;
-import org.eclipse.keypop.calypso.certificate.ca.spi.CalypsoCaCertificateSignerSpi;
 
 /**
  * Builds a {@link CalypsoCaCertificateV1} conforming to version 1 of the Calypso CA certificate
@@ -163,30 +162,12 @@ CalypsoCaCertificateV1Builder withCaPublicKey(
    * Checks the consistency of the parameters, signs the certificate using the provided private key
    * and returns a new instance of {@link CalypsoCaCertificateV1}.
    *
-   * <p>The internal signer will use the provided 2048 bits RSA private key with a public exponent
-   * of 65537 and the specified public key reference for signing operations.
-   *
-   * @param issuerPrivateKey The RSA private key of the issuer (2048 bits, public exponent 65537).
-   * @param issuerPublicKeyReference A 29-byte byte array representing a reference to the issuer's
-   *     public key.
    * @return A non-null reference.
    * @throws IllegalArgumentException If one of the provided arguments is null.
    * @throws IllegalStateException If one of the required parameters is wrong or missing.
+   * @throws CertificateConsistencyException If the provided parameters are inconsistent.
    * @throws CertificateSigningException If an error occurs during the signing process.
    * @since 0.1.0
    */
-  CalypsoCaCertificateV1 build(RSAPrivateKey issuerPrivateKey, byte[] issuerPublicKeyReference);
-
-  /**
-   * Checks the consistency of the parameters, signs the certificate using the provided signer and
-   * returns a new instance of {@link CalypsoCaCertificateV1}.
-   *
-   * @param caCertificateSigner The external signer to use for signing the CA certificate.
-   * @return A non-null reference.
-   * @throws IllegalArgumentException If the provided signer is null.
-   * @throws IllegalStateException If one of the required parameters is wrong or missing.
-   * @throws CertificateSigningException If an error occurs during the signing process.
-   * @since 0.1.0
-   */
-  CalypsoCaCertificateV1 build(CalypsoCaCertificateSignerSpi caCertificateSigner);
+  CalypsoCaCertificateV1 build();
 }
diff --git a/src/main/java/org/eclipse/keypop/calypso/certificate/card/CalypsoCardCertificate.java b/src/main/java/org/eclipse/keypop/calypso/certificate/card/CalypsoCardCertificate.java
new file mode 100644
index 0000000..519f0e1
--- /dev/null
+++ b/src/main/java/org/eclipse/keypop/calypso/certificate/card/CalypsoCardCertificate.java
@@ -0,0 +1,28 @@
+/* ******************************************************************************
+ * Copyright (c) 2024 Calypso Networks Association https://calypsonet.org/
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the MIT License which is available at
+ * https://opensource.org/licenses/MIT.
+ *
+ * SPDX-License-Identifier: MIT
+ ****************************************************************************** */
+package org.eclipse.keypop.calypso.certificate.card;
+
+import org.eclipse.keypop.calypso.card.transaction.spi.CaCertificate;
+
+/**
+ * Card Certificate compliant with the 316-byte format supported by the Calypso cards.
+ *
+ * @since 0.1.0
+ */
+public interface CalypsoCardCertificate extends CaCertificate {
+
+  /**
+   * Returns a byte array corresponding to the certificate as it is stored in the card.
+   *
+   * @return A 316-byte byte array.
+   * @since 0.1.0
+   */
+  byte[] getRawData();
+}
diff --git a/src/main/java/org/eclipse/keypop/calypso/certificate/card/CalypsoCardCertificateV1.java b/src/main/java/org/eclipse/keypop/calypso/certificate/card/CalypsoCardCertificateV1.java
index 10b1f2a..9a5f2e9 100644
--- a/src/main/java/org/eclipse/keypop/calypso/certificate/card/CalypsoCardCertificateV1.java
+++ b/src/main/java/org/eclipse/keypop/calypso/certificate/card/CalypsoCardCertificateV1.java
@@ -19,13 +19,4 @@
  * @see CardCertificate
  * @since 0.1.0
  */
-public interface CalypsoCardCertificateV1 extends CardCertificate {
-
-  /**
-   * Returns a byte array corresponding to the certificate as it is stored in the card.
-   *
-   * @return A 316-byte byte array.
-   * @since 0.1.0
-   */
-  byte[] getRawData();
-}
+public interface CalypsoCardCertificateV1 extends CalypsoCardCertificate {}
diff --git a/src/main/java/org/eclipse/keypop/calypso/certificate/card/CalypsoCardCertificateV1Builder.java b/src/main/java/org/eclipse/keypop/calypso/certificate/card/CalypsoCardCertificateV1Builder.java
index b35799e..c6c44b1 100644
--- a/src/main/java/org/eclipse/keypop/calypso/certificate/card/CalypsoCardCertificateV1Builder.java
+++ b/src/main/java/org/eclipse/keypop/calypso/certificate/card/CalypsoCardCertificateV1Builder.java
@@ -9,9 +9,8 @@
  ****************************************************************************** */
 package org.eclipse.keypop.calypso.certificate.card;
 
-import java.security.interfaces.RSAPrivateKey;
+import org.eclipse.keypop.calypso.certificate.CertificateConsistencyException;
 import org.eclipse.keypop.calypso.certificate.CertificateSigningException;
-import org.eclipse.keypop.calypso.certificate.card.spi.CalypsoCardCertificateSignerSpi;
 
 /**
  * Builds a {@link CalypsoCardCertificateV1} conforming to version 1 of the Calypso card certificate
@@ -118,33 +117,16 @@ public interface CalypsoCardCertificateV1Builder {
   CalypsoCardCertificateV1Builder withIndex(int index);
 
   /**
-   * Checks the consistency of the parameters, signs the certificate using the provided private key
-   * and returns a new instance of {@link CalypsoCardCertificateV1}.
+   * Checks the consistency of the parameters, signs the certificate either using the provided
+   * private key or the provided signer and returns a new instance of {@link
+   * CalypsoCardCertificateV1}.
    *
-   * <p>The internal signer will use the provided 2048 bits RSA private key with a public exponent
-   * of 65537 and the specified public key reference for signing operations.
-   *
-   * @param issuerPrivateKey The RSA private key of the issuer (2048 bits, public exponent 65537).
-   * @param issuerPublicKeyReference A 29-byte byte array representing a reference to the issuer's
-   *     public key.
    * @return A non-null reference.
    * @throws IllegalArgumentException If one of the provided arguments is null.
    * @throws IllegalStateException If one of the required parameters is wrong or missing.
+   * @throws CertificateConsistencyException If the provided parameters are inconsistent.
    * @throws CertificateSigningException If an error occurs during the signing process.
    * @since 0.1.0
    */
-  CalypsoCardCertificateV1 build(RSAPrivateKey issuerPrivateKey, byte[] issuerPublicKeyReference);
-
-  /**
-   * Checks the consistency of the parameters, signs the certificate using the provided signer and
-   * returns a new instance of {@link CalypsoCardCertificateV1}.
-   *
-   * @param cardCertificateSigner The external signer for card certificate generation.
-   * @return A non-null reference.
-   * @throws IllegalArgumentException If the provided signer is null.
-   * @throws IllegalStateException If one of the required parameters is wrong or missing.
-   * @throws CertificateSigningException If an error occurs during the signing process.
-   * @since 0.1.0
-   */
-  CalypsoCardCertificateV1 build(CalypsoCardCertificateSignerSpi cardCertificateSigner);
+  CalypsoCardCertificateV1 build();
 }
diff --git a/src/main/java/org/eclipse/keypop/calypso/certificate/card/spi/CalypsoCardCertificateSignerSpi.java b/src/main/java/org/eclipse/keypop/calypso/certificate/spi/CalypsoCertificateSignerSpi.java
similarity index 69%
rename from src/main/java/org/eclipse/keypop/calypso/certificate/card/spi/CalypsoCardCertificateSignerSpi.java
rename to src/main/java/org/eclipse/keypop/calypso/certificate/spi/CalypsoCertificateSignerSpi.java
index 15ed3c5..b6233da 100644
--- a/src/main/java/org/eclipse/keypop/calypso/certificate/card/spi/CalypsoCardCertificateSignerSpi.java
+++ b/src/main/java/org/eclipse/keypop/calypso/certificate/spi/CalypsoCertificateSignerSpi.java
@@ -7,25 +7,17 @@
  *
  * SPDX-License-Identifier: MIT
  ****************************************************************************** */
-package org.eclipse.keypop.calypso.certificate.card.spi;
+package org.eclipse.keypop.calypso.certificate.spi;
 
 /**
- * Signer for a Calypso card certificate.
+ * Signer for a Calypso certificate.
  *
  * <p>Implementations of this interface provide the cryptographic signing functionality used to
- * generate signed Calypso card certificates.
+ * generate signed Calypso CA and card certificates.
  *
  * @since 0.1.0
  */
-public interface CalypsoCardCertificateSignerSpi {
-
-  /**
-   * Returns the reference to the issuer's public key.
-   *
-   * @return A 29-byte byte array.
-   * @since 0.1.0
-   */
-  byte[] getIssuerPublicKeyReference();
+public interface CalypsoCertificateSignerSpi {
 
   /**
    * Generates a signed card certificate based on the provided data and recoverable data.
@@ -34,8 +26,7 @@ public interface CalypsoCardCertificateSignerSpi {
    * @param recoverableData The byte array containing the recoverable data for the certificate. This
    *     might be encrypted or protected data that shouldn't be included in the final certificate
    *     but is needed for signature generation.
-   * @return The signed card certificate, a 316-byte byte array containing the data followed by the
-   *     signature.
+   * @return The signed certificate, a byte array containing the data followed by the signature.
    * @since 0.1.0
    */
   byte[] generateSignedCertificate(byte[] data, byte[] recoverableData);
diff --git a/src/main/java/org/eclipse/keypop/calypso/certificate/card/spi/package-info.java b/src/main/java/org/eclipse/keypop/calypso/certificate/spi/package-info.java
similarity index 50%
rename from src/main/java/org/eclipse/keypop/calypso/certificate/card/spi/package-info.java
rename to src/main/java/org/eclipse/keypop/calypso/certificate/spi/package-info.java
index b3efe25..4babe86 100644
--- a/src/main/java/org/eclipse/keypop/calypso/certificate/card/spi/package-info.java
+++ b/src/main/java/org/eclipse/keypop/calypso/certificate/spi/package-info.java
@@ -1,6 +1,6 @@
 /**
- * SPIs to be implemented by end user applications related to Calypso card certificates signing.
+ * SPIs to be implemented by end user applications related to Calypso certificates signing.
  *
  * @since 0.1.0
  */
-package org.eclipse.keypop.calypso.certificate.card.spi;
+package org.eclipse.keypop.calypso.certificate.spi;

From b60d41c47815b10ab6251f17cd7c5257a41fdfec Mon Sep 17 00:00:00 2001
From: Jean-Pierre Fortune <jean-pierre.fortune@ialto.com>
Date: Thu, 22 Feb 2024 19:34:31 +0100
Subject: [PATCH 07/13] wip

---
 ...a => CalypsoCaCertificateV1Generator.java} | 33 ++++----
 ...=> CalypsoCardCertificateV1Generator.java} | 33 ++++----
 .../CalypsoCertificateApiFactory.java         | 52 ++-----------
 .../certificate/CalypsoCertificateStore.java  | 76 ++-----------------
 .../certificate/ca/CalypsoCaCertificate.java  | 28 -------
 .../ca/CalypsoCaCertificateV1.java            | 22 ------
 .../calypso/certificate/ca/package-info.java  |  6 --
 .../ca/spi/CalypsoCaCertificateSignerSpi.java | 42 ----------
 .../certificate/ca/spi/package-info.java      |  6 --
 .../card/CalypsoCardCertificate.java          | 28 -------
 .../card/CalypsoCardCertificateV1.java        | 22 ------
 .../certificate/card/package-info.java        |  6 --
 12 files changed, 43 insertions(+), 311 deletions(-)
 rename src/main/java/org/eclipse/keypop/calypso/certificate/{ca/CalypsoCaCertificateV1Builder.java => CalypsoCaCertificateV1Generator.java} (85%)
 rename src/main/java/org/eclipse/keypop/calypso/certificate/{card/CalypsoCardCertificateV1Builder.java => CalypsoCardCertificateV1Generator.java} (78%)
 delete mode 100644 src/main/java/org/eclipse/keypop/calypso/certificate/ca/CalypsoCaCertificate.java
 delete mode 100644 src/main/java/org/eclipse/keypop/calypso/certificate/ca/CalypsoCaCertificateV1.java
 delete mode 100644 src/main/java/org/eclipse/keypop/calypso/certificate/ca/package-info.java
 delete mode 100644 src/main/java/org/eclipse/keypop/calypso/certificate/ca/spi/CalypsoCaCertificateSignerSpi.java
 delete mode 100644 src/main/java/org/eclipse/keypop/calypso/certificate/ca/spi/package-info.java
 delete mode 100644 src/main/java/org/eclipse/keypop/calypso/certificate/card/CalypsoCardCertificate.java
 delete mode 100644 src/main/java/org/eclipse/keypop/calypso/certificate/card/CalypsoCardCertificateV1.java
 delete mode 100644 src/main/java/org/eclipse/keypop/calypso/certificate/card/package-info.java

diff --git a/src/main/java/org/eclipse/keypop/calypso/certificate/ca/CalypsoCaCertificateV1Builder.java b/src/main/java/org/eclipse/keypop/calypso/certificate/CalypsoCaCertificateV1Generator.java
similarity index 85%
rename from src/main/java/org/eclipse/keypop/calypso/certificate/ca/CalypsoCaCertificateV1Builder.java
rename to src/main/java/org/eclipse/keypop/calypso/certificate/CalypsoCaCertificateV1Generator.java
index 10e8a20..15afd2f 100644
--- a/src/main/java/org/eclipse/keypop/calypso/certificate/ca/CalypsoCaCertificateV1Builder.java
+++ b/src/main/java/org/eclipse/keypop/calypso/certificate/CalypsoCaCertificateV1Generator.java
@@ -7,19 +7,17 @@
  *
  * SPDX-License-Identifier: MIT
  ****************************************************************************** */
-package org.eclipse.keypop.calypso.certificate.ca;
+package org.eclipse.keypop.calypso.certificate;
 
 import java.security.interfaces.RSAPublicKey;
-import org.eclipse.keypop.calypso.certificate.CertificateConsistencyException;
-import org.eclipse.keypop.calypso.certificate.CertificateSigningException;
 
 /**
- * Builds a {@link CalypsoCaCertificateV1} conforming to version 1 of the Calypso CA certificate
+ * Generates a certificate as a byte array conforming to version 1 of the Calypso CA certificate
  * format.
  *
  * @since 0.1.0
  */
-public interface CalypsoCaCertificateV1Builder {
+public interface CalypsoCaCertificateV1Generator {
 
   /**
    * Sets the public key of the CA.
@@ -29,15 +27,15 @@ public interface CalypsoCaCertificateV1Builder {
    *
    * <p>The associated reference is a 29-byte byte array.
    *
-   * @param caPublicKey The RSA public key of the CA (2048 bits, public exponent 65537).
    * @param caPublicKeyReference A 29-byte byte array representing a reference to the CA's public
    *     key.
+   * @param caPublicKey The RSA public key of the CA (2048 bits, public exponent 65537).
    * @return The current instance.
    * @throws IllegalArgumentException If one of the provided argument is null or invalid.
    * @since 0.1.0
    */
-  CalypsoCaCertificateV1Builder withCaPublicKey(
-      RSAPublicKey caPublicKey, byte[] caPublicKeyReference);
+  CalypsoCaCertificateV1Generator withCaPublicKey(
+      byte[] caPublicKeyReference, RSAPublicKey caPublicKey);
 
   /**
    * Sets the start date of the validity period of the certificate's public key.
@@ -55,7 +53,7 @@ CalypsoCaCertificateV1Builder withCaPublicKey(
    * @throws IllegalArgumentException If any date parameter is out of range.
    * @since 0.1.0
    */
-  CalypsoCaCertificateV1Builder withStartDate(int year, int month, int day);
+  CalypsoCaCertificateV1Generator withStartDate(int year, int month, int day);
 
   /**
    * Sets the end date of the validity period of the certificate's public key.
@@ -73,7 +71,7 @@ CalypsoCaCertificateV1Builder withCaPublicKey(
    * @throws IllegalArgumentException If any date parameter is out of range.
    * @since 0.1.0
    */
-  CalypsoCaCertificateV1Builder withEndDate(int year, int month, int day);
+  CalypsoCaCertificateV1Generator withEndDate(int year, int month, int day);
 
   /**
    * Restricts certificate validity to cards whose Application Identifier (AID) begins with the
@@ -101,7 +99,7 @@ CalypsoCaCertificateV1Builder withCaPublicKey(
    *     zero bytes.
    * @since 0.1.0
    */
-  CalypsoCaCertificateV1Builder withAid(byte[] aid, boolean isTruncated);
+  CalypsoCaCertificateV1Generator withAid(byte[] aid, boolean isTruncated);
 
   /**
    * Sets the CA rights for this card certificate, controlling which types of certificates can be
@@ -134,7 +132,7 @@ CalypsoCaCertificateV1Builder withCaPublicKey(
    * @throws IllegalArgumentException If the provided byte contains RFU values.
    * @since 0.1.0
    */
-  CalypsoCaCertificateV1Builder withCaRights(byte caRights);
+  CalypsoCaCertificateV1Generator withCaRights(byte caRights);
 
   /**
    * Sets the CA scope for this card certificate, defining the context in which the CA key pair can
@@ -156,18 +154,17 @@ CalypsoCaCertificateV1Builder withCaPublicKey(
    * @throws IllegalArgumentException If the provided byte contains RFU values.
    * @since 0.1.0
    */
-  CalypsoCaCertificateV1Builder withCaScope(byte caScope);
+  CalypsoCaCertificateV1Generator withCaScope(byte caScope);
 
   /**
-   * Checks the consistency of the parameters, signs the certificate using the provided private key
-   * and returns a new instance of {@link CalypsoCaCertificateV1}.
+   * Checks the consistency of the parameters, signs the certificate using the provided signer and
+   * returns a byte array representing the certificate ready to be injected into a card.
    *
-   * @return A non-null reference.
-   * @throws IllegalArgumentException If one of the provided arguments is null.
+   * @return A 384-byte byte array.
    * @throws IllegalStateException If one of the required parameters is wrong or missing.
    * @throws CertificateConsistencyException If the provided parameters are inconsistent.
    * @throws CertificateSigningException If an error occurs during the signing process.
    * @since 0.1.0
    */
-  CalypsoCaCertificateV1 build();
+  byte[] generate();
 }
diff --git a/src/main/java/org/eclipse/keypop/calypso/certificate/card/CalypsoCardCertificateV1Builder.java b/src/main/java/org/eclipse/keypop/calypso/certificate/CalypsoCardCertificateV1Generator.java
similarity index 78%
rename from src/main/java/org/eclipse/keypop/calypso/certificate/card/CalypsoCardCertificateV1Builder.java
rename to src/main/java/org/eclipse/keypop/calypso/certificate/CalypsoCardCertificateV1Generator.java
index c6c44b1..e194ddc 100644
--- a/src/main/java/org/eclipse/keypop/calypso/certificate/card/CalypsoCardCertificateV1Builder.java
+++ b/src/main/java/org/eclipse/keypop/calypso/certificate/CalypsoCardCertificateV1Generator.java
@@ -7,18 +7,15 @@
  *
  * SPDX-License-Identifier: MIT
  ****************************************************************************** */
-package org.eclipse.keypop.calypso.certificate.card;
-
-import org.eclipse.keypop.calypso.certificate.CertificateConsistencyException;
-import org.eclipse.keypop.calypso.certificate.CertificateSigningException;
+package org.eclipse.keypop.calypso.certificate;
 
 /**
- * Builds a {@link CalypsoCardCertificateV1} conforming to version 1 of the Calypso card certificate
+ * Generates a certificate as a byte array conforming to version 1 of the Calypso card certificate
  * format.
  *
  * @since 0.1.0
  */
-public interface CalypsoCardCertificateV1Builder {
+public interface CalypsoCardCertificateV1Generator {
 
   /**
    * Sets the public key of the card, provided as a 64-byte array.
@@ -32,7 +29,7 @@ public interface CalypsoCardCertificateV1Builder {
    * @throws IllegalArgumentException If the provided key is null or out of range.
    * @since 0.1.0
    */
-  CalypsoCardCertificateV1Builder withCardPublicKey(byte[] cardPublicKey);
+  CalypsoCardCertificateV1Generator withCardPublicKey(byte[] cardPublicKey);
 
   /**
    * Sets the start date of the validity period of the certificate's public key.
@@ -50,7 +47,7 @@ public interface CalypsoCardCertificateV1Builder {
    * @throws IllegalArgumentException If any date parameter is out of range.
    * @since 0.1.0
    */
-  CalypsoCardCertificateV1Builder withStartDate(int year, int month, int day);
+  CalypsoCardCertificateV1Generator withStartDate(int year, int month, int day);
 
   /**
    * Sets the end date of the validity period of the certificate's public key.
@@ -68,7 +65,7 @@ public interface CalypsoCardCertificateV1Builder {
    * @throws IllegalArgumentException If any date parameter is out of range.
    * @since 0.1.0
    */
-  CalypsoCardCertificateV1Builder withEndDate(int year, int month, int day);
+  CalypsoCardCertificateV1Generator withEndDate(int year, int month, int day);
 
   /**
    * Sets the AID of the autonomous PKI application of the target card.
@@ -81,7 +78,7 @@ public interface CalypsoCardCertificateV1Builder {
    *     zero bytes.
    * @since 0.1.0
    */
-  CalypsoCardCertificateV1Builder withAid(byte[] aid);
+  CalypsoCardCertificateV1Generator withCardAid(byte[] aid);
 
   /**
    * Sets the serial number of the card for which the certificate is being generated.
@@ -91,7 +88,7 @@ public interface CalypsoCardCertificateV1Builder {
    * @throws IllegalArgumentException If the provided argument is null or out of range.
    * @since 0.1.0
    */
-  CalypsoCardCertificateV1Builder withCardSerialNumber(byte[] serialNumber);
+  CalypsoCardCertificateV1Generator withCardSerialNumber(byte[] serialNumber);
 
   /**
    * Sets the startup info of the card for which the certificate is being generated.
@@ -102,7 +99,7 @@ public interface CalypsoCardCertificateV1Builder {
    * @throws IllegalArgumentException If the provided argument is null or out of range.
    * @since 0.1.0
    */
-  CalypsoCardCertificateV1Builder withCardStartupInfo(byte[] startupInfo);
+  CalypsoCardCertificateV1Generator withCardStartupInfo(byte[] startupInfo);
 
   /**
    * Sets the index used to differentiate two card certificates generated with the same issuer
@@ -114,19 +111,17 @@ public interface CalypsoCardCertificateV1Builder {
    * @return The current instance.
    * @since 0.1.0
    */
-  CalypsoCardCertificateV1Builder withIndex(int index);
+  CalypsoCardCertificateV1Generator withIndex(int index);
 
   /**
-   * Checks the consistency of the parameters, signs the certificate either using the provided
-   * private key or the provided signer and returns a new instance of {@link
-   * CalypsoCardCertificateV1}.
+   * Checks the consistency of the parameters, signs the certificate using the provided signer and
+   * returns a byte array representing the certificate ready to be injected into a card.
    *
-   * @return A non-null reference.
-   * @throws IllegalArgumentException If one of the provided arguments is null.
+   * @return A 316-byte byte array.
    * @throws IllegalStateException If one of the required parameters is wrong or missing.
    * @throws CertificateConsistencyException If the provided parameters are inconsistent.
    * @throws CertificateSigningException If an error occurs during the signing process.
    * @since 0.1.0
    */
-  CalypsoCardCertificateV1 build();
+  byte[] generate();
 }
diff --git a/src/main/java/org/eclipse/keypop/calypso/certificate/CalypsoCertificateApiFactory.java b/src/main/java/org/eclipse/keypop/calypso/certificate/CalypsoCertificateApiFactory.java
index 1a68741..a591519 100644
--- a/src/main/java/org/eclipse/keypop/calypso/certificate/CalypsoCertificateApiFactory.java
+++ b/src/main/java/org/eclipse/keypop/calypso/certificate/CalypsoCertificateApiFactory.java
@@ -9,8 +9,6 @@
  ****************************************************************************** */
 package org.eclipse.keypop.calypso.certificate;
 
-import org.eclipse.keypop.calypso.certificate.ca.CalypsoCaCertificateV1Builder;
-import org.eclipse.keypop.calypso.certificate.card.CalypsoCardCertificateV1Builder;
 import org.eclipse.keypop.calypso.certificate.spi.CalypsoCertificateSignerSpi;
 
 /**
@@ -36,28 +34,9 @@ public interface CalypsoCertificateApiFactory {
   CalypsoCertificateStore getCalypsoCertificateStore();
 
   /**
-   * Creates a new builder for Calypso CA certificates (version 1) using the internal signer.
+   * Creates a new generator for Calypso CA certificates (version 1) using an external signer.
    *
-   * <p>The builder is used to configure and build signed Calypso CA certificates.
-   *
-   * <p>This method must be called after the issuer certificate and its associated private key have
-   * been injected into the store using the specified issuer public key reference.
-   *
-   * @param issuerPublicKeyReference The reference to issuer's public key in the store.
-   * @throws IllegalStateException If the provided reference is unknown or the issuer's private key
-   *     is missing.
-   * @throws CertificateConsistencyException If the provided reference doesn't designate a valid
-   *     certification for the operation.
-   * @return A non-null reference.
-   * @since 0.1.0
-   */
-  CalypsoCaCertificateV1Builder createCalypsoCaCertificateV1Builder(
-      byte[] issuerPublicKeyReference);
-
-  /**
-   * Creates a new builder for Calypso CA certificates (version 1) using an external signer.
-   *
-   * <p>The builder is used to configure and build signed Calypso CA certificates.
+   * <p>The generator is used to configure and generate signed Calypso CA certificates.
    *
    * <p>This method must be called after the issuer certificate of the signer using the specified
    * issuer public key reference.
@@ -70,32 +49,13 @@ CalypsoCaCertificateV1Builder createCalypsoCaCertificateV1Builder(
    * @return A non-null reference.
    * @since 0.1.0
    */
-  CalypsoCaCertificateV1Builder createCalypsoCaCertificateV1Builder(
+  CalypsoCaCertificateV1Generator createCalypsoCaCertificateV1Generator(
       byte[] issuerPublicKeyReference, CalypsoCertificateSignerSpi caCertificateSigner);
 
   /**
-   * Creates a new builder for Calypso card certificates (version 1) using the internal signer.
-   *
-   * <p>The builder is used to configure and build signed Calypso card certificates.
-   *
-   * <p>This method must be called after the issuer certificate and its associated private key have
-   * been injected into the store using the specified issuer public key reference.
-   *
-   * @param issuerPublicKeyReference The reference to issuer's public key in the store.
-   * @throws IllegalStateException If the provided reference is unknown or the issuer's private key
-   *     is missing.
-   * @throws CertificateConsistencyException If the provided reference doesn't designate a valid
-   *     certification for the operation.
-   * @return A non-null reference.
-   * @since 0.1.0
-   */
-  CalypsoCardCertificateV1Builder createCalypsoCardCertificateV1Builder(
-      byte[] issuerPublicKeyReference);
-
-  /**
-   * Creates a new builder for Calypso card certificates (version 1) using an external signer.
+   * Creates a new generator for Calypso card certificates (version 1) using an external signer.
    *
-   * <p>The builder is used to configure and build signed Calypso card certificates.
+   * <p>The generator is used to configure and generate signed Calypso card certificates.
    *
    * <p>This method must be called after the issuer certificate of the signer using the specified
    * issuer public key reference.
@@ -108,6 +68,6 @@ CalypsoCardCertificateV1Builder createCalypsoCardCertificateV1Builder(
    * @return A non-null reference.
    * @since 0.1.0
    */
-  CalypsoCardCertificateV1Builder createCalypsoCardCertificateV1Builder(
+  CalypsoCardCertificateV1Generator createCalypsoCardCertificateV1Generator(
       byte[] issuerPublicKeyReference, CalypsoCertificateSignerSpi cardCertificateSigner);
 }
diff --git a/src/main/java/org/eclipse/keypop/calypso/certificate/CalypsoCertificateStore.java b/src/main/java/org/eclipse/keypop/calypso/certificate/CalypsoCertificateStore.java
index 594ddce..345d184 100644
--- a/src/main/java/org/eclipse/keypop/calypso/certificate/CalypsoCertificateStore.java
+++ b/src/main/java/org/eclipse/keypop/calypso/certificate/CalypsoCertificateStore.java
@@ -9,20 +9,10 @@
  ****************************************************************************** */
 package org.eclipse.keypop.calypso.certificate;
 
-import java.security.interfaces.RSAPrivateKey;
 import java.security.interfaces.RSAPublicKey;
-import org.eclipse.keypop.calypso.certificate.ca.CalypsoCaCertificate;
 
 /**
- * Provides a store for managing Calypso Certificate Authority (CA) certificates and keys.
- *
- * <p>This interface offers methods for adding the following to the store:
- *
- * <ul>
- *   <li>PCA public keys and key pairs
- *   <li>Calypso CA certificates
- *   <li>Calypso CA certificates with their associated private keys
- * </ul>
+ * Provides a store for managing Calypso Certificate Authority (CA) certificates and public keys.
  *
  * <p>The stored certificates and keys are used for verifying and creating Calypso CA certificates
  * within the certificate infrastructure.
@@ -44,48 +34,20 @@ public interface CalypsoCertificateStore {
    * <p>The provided public key reference will be used for identifying the key when creating
    * certificates within the certificate infrastructure.
    *
-   * <p>This method is typically used for scenarios where the need is to verify Calypso CA
-   * certificates. By providing both the public and private keys, the store has the necessary
-   * information for these operations.
-   *
    * <p>The key reference is to be used when creating certificates according to the desired
    * infrastructure.
    *
    * <p>This method is suitable for providing means to verify CA certificates.
    *
-   * @param publicKeyReference The reference to the public key.
-   * @param publicKey The public key.
+   * @param pcaPublicKeyReference The reference to the PCA public key.
+   * @param pcaPublicKey The PCA public key.
    * @return The current instance.
    * @throws IllegalArgumentException If one of the argument is null or if the key is not a 2048-bit
    *     RSA key.
+   * @throws IllegalStateException If the reference to the public key already in the store.
    * @since 0.1.0
    */
-  CalypsoCertificateStore addPcaPublicKey(byte[] publicKeyReference, RSAPublicKey publicKey);
-
-  /**
-   * Adds a Primary Certification Authority (PCA) public key, its reference, and the associated
-   * private key.
-   *
-   * <p>This method expects a 2048-bit RSA key with an exponent of 65537. Both the public part of
-   * the key and its associated private part must be provided.
-   *
-   * <p>The provided public key reference will be used for identifying the key when creating
-   * certificates within the certificate infrastructure.
-   *
-   * <p>This method is typically used for scenarios where the need is to verify and/or create
-   * Calypso CA certificates. By providing both the public and private keys, the store has the
-   * necessary information for these operations.
-   *
-   * @param publicKeyReference The reference to the public key.
-   * @param publicKey The public key.
-   * @param privateKey The associated private key corresponding to the provided public key.
-   * @return The current instance.
-   * @throws IllegalArgumentException If one of the argument is null or if the provided key pair is
-   *     not a valid 2048-bit RSA key pair.
-   * @since 0.1.0
-   */
-  CalypsoCertificateStore addPcaKeyPair(
-      byte[] publicKeyReference, RSAPublicKey publicKey, RSAPrivateKey privateKey);
+  CalypsoCertificateStore addPcaPublicKey(byte[] pcaPublicKeyReference, RSAPublicKey pcaPublicKey);
 
   /**
    * Adds a Calypso Certificate Authority (CA) certificate to the store.
@@ -97,34 +59,12 @@ CalypsoCertificateStore addPcaKeyPair(
    * <p>This method is typically used to add an intermediate CA certificates necessary for
    * validating other certificates within the infrastructure.
    *
-   * @param caCertificate The Calypso CA certificate to add.
+   * @param caCertificate A 384-byte byte array containing the Calypso CA certificate to add.
    * @return The current instance.
    * @throws IllegalArgumentException If the certificate is null.
+   * @throws IllegalStateException If the reference to the public key already in the store.
    * @throws CertificateConsistencyException If the certificate is not trusted.
    * @since 0.1.0
    */
-  CalypsoCertificateStore addCalypsoCaCertificate(CalypsoCaCertificate caCertificate);
-
-  /**
-   * Adds a Calypso Certificate Authority (CA) certificate and its associated private key to the
-   * store.
-   *
-   * <p>This method adds the provided certificate and its associated private key to the store. Both
-   * the certificate must be valid (signed by an already referenced authority) and the private key
-   * must correspond to the certificate.
-   *
-   * <p>This method is typically used for scenarios where you need to issue Calypso CA or card
-   * certificates. By providing both the certificate and its private key, the store has the
-   * necessary information to sign new certificates.
-   *
-   * @param caCertificate The Calypso CA certificate to add.
-   * @param caPrivateKey The private key associated with the provided certificate.
-   * @return The current instance.
-   * @throws IllegalArgumentException If either the certificate or the private key is null or
-   *     invalid, or if they do not correspond to each other.
-   * @throws CertificateConsistencyException If the certificate is not trusted.
-   * @since 0.1.0
-   */
-  CalypsoCertificateStore addCalypsoCaCertificate(
-      CalypsoCaCertificate caCertificate, RSAPrivateKey caPrivateKey);
+  CalypsoCertificateStore addCalypsoCaCertificate(byte[] caCertificate);
 }
diff --git a/src/main/java/org/eclipse/keypop/calypso/certificate/ca/CalypsoCaCertificate.java b/src/main/java/org/eclipse/keypop/calypso/certificate/ca/CalypsoCaCertificate.java
deleted file mode 100644
index 55f9275..0000000
--- a/src/main/java/org/eclipse/keypop/calypso/certificate/ca/CalypsoCaCertificate.java
+++ /dev/null
@@ -1,28 +0,0 @@
-/* ******************************************************************************
- * Copyright (c) 2024 Calypso Networks Association https://calypsonet.org/
- *
- * This program and the accompanying materials are made available under the
- * terms of the MIT License which is available at
- * https://opensource.org/licenses/MIT.
- *
- * SPDX-License-Identifier: MIT
- ****************************************************************************** */
-package org.eclipse.keypop.calypso.certificate.ca;
-
-import org.eclipse.keypop.calypso.card.transaction.spi.CaCertificate;
-
-/**
- * CA Certificate compliant with the 384-byte format supported by the Calypso cards.
- *
- * @since 0.1.0
- */
-public interface CalypsoCaCertificate extends CaCertificate {
-
-  /**
-   * Returns a byte array corresponding to the certificate as it is stored in the card.
-   *
-   * @return A 384-byte byte array.
-   * @since 0.1.0
-   */
-  byte[] getRawData();
-}
diff --git a/src/main/java/org/eclipse/keypop/calypso/certificate/ca/CalypsoCaCertificateV1.java b/src/main/java/org/eclipse/keypop/calypso/certificate/ca/CalypsoCaCertificateV1.java
deleted file mode 100644
index a1bd824..0000000
--- a/src/main/java/org/eclipse/keypop/calypso/certificate/ca/CalypsoCaCertificateV1.java
+++ /dev/null
@@ -1,22 +0,0 @@
-/* ******************************************************************************
- * Copyright (c) 2024 Calypso Networks Association https://calypsonet.org/
- *
- * This program and the accompanying materials are made available under the
- * terms of the MIT License which is available at
- * https://opensource.org/licenses/MIT.
- *
- * SPDX-License-Identifier: MIT
- ****************************************************************************** */
-package org.eclipse.keypop.calypso.certificate.ca;
-
-import org.eclipse.keypop.calypso.card.transaction.spi.CaCertificate;
-
-/**
- * A Calypso CA certificate version 1.
- *
- * <p>It can be used for certificate generation and card transaction security settings.
- *
- * @see CaCertificate
- * @since 0.1.0
- */
-public interface CalypsoCaCertificateV1 extends CalypsoCaCertificate {}
diff --git a/src/main/java/org/eclipse/keypop/calypso/certificate/ca/package-info.java b/src/main/java/org/eclipse/keypop/calypso/certificate/ca/package-info.java
deleted file mode 100644
index e839c6f..0000000
--- a/src/main/java/org/eclipse/keypop/calypso/certificate/ca/package-info.java
+++ /dev/null
@@ -1,6 +0,0 @@
-/**
- * Interfaces related to Calypso CA certificates.
- *
- * @since 0.1.0
- */
-package org.eclipse.keypop.calypso.certificate.ca;
diff --git a/src/main/java/org/eclipse/keypop/calypso/certificate/ca/spi/CalypsoCaCertificateSignerSpi.java b/src/main/java/org/eclipse/keypop/calypso/certificate/ca/spi/CalypsoCaCertificateSignerSpi.java
deleted file mode 100644
index 6f0e4e0..0000000
--- a/src/main/java/org/eclipse/keypop/calypso/certificate/ca/spi/CalypsoCaCertificateSignerSpi.java
+++ /dev/null
@@ -1,42 +0,0 @@
-/* ******************************************************************************
- * Copyright (c) 2024 Calypso Networks Association https://calypsonet.org/
- *
- * This program and the accompanying materials are made available under the
- * terms of the MIT License which is available at
- * https://opensource.org/licenses/MIT.
- *
- * SPDX-License-Identifier: MIT
- ****************************************************************************** */
-package org.eclipse.keypop.calypso.certificate.ca.spi;
-
-/**
- * Signer for a Calypso CA certificate.
- *
- * <p>Implementations of this interface provide the cryptographic signing functionality used to
- * generate signed Calypso CA certificates.
- *
- * @since 0.1.0
- */
-public interface CalypsoCaCertificateSignerSpi {
-
-  /**
-   * Returns the reference to the issuer's public key.
-   *
-   * @return A 29-byte byte array.
-   * @since 0.1.0
-   */
-  byte[] getIssuerPublicKeyReference();
-
-  /**
-   * Generates a signed CA certificate based on the provided data and recoverable data.
-   *
-   * @param data The byte array containing the non-recoverable data for the certificate.
-   * @param recoverableData The byte array containing the recoverable data for the certificate. This
-   *     might be encrypted or protected data that shouldn't be included in the final certificate
-   *     but is needed for signature generation.
-   * @return The signed CA certificate, a 384-byte byte array containing the data followed by the
-   *     signature.
-   * @since 0.1.0
-   */
-  byte[] generateSignedCertificate(byte[] data, byte[] recoverableData);
-}
diff --git a/src/main/java/org/eclipse/keypop/calypso/certificate/ca/spi/package-info.java b/src/main/java/org/eclipse/keypop/calypso/certificate/ca/spi/package-info.java
deleted file mode 100644
index 455d880..0000000
--- a/src/main/java/org/eclipse/keypop/calypso/certificate/ca/spi/package-info.java
+++ /dev/null
@@ -1,6 +0,0 @@
-/**
- * SPIs to be implemented by end user applications related to Calypso CA certificates signing.
- *
- * @since 0.1.0
- */
-package org.eclipse.keypop.calypso.certificate.ca.spi;
diff --git a/src/main/java/org/eclipse/keypop/calypso/certificate/card/CalypsoCardCertificate.java b/src/main/java/org/eclipse/keypop/calypso/certificate/card/CalypsoCardCertificate.java
deleted file mode 100644
index 519f0e1..0000000
--- a/src/main/java/org/eclipse/keypop/calypso/certificate/card/CalypsoCardCertificate.java
+++ /dev/null
@@ -1,28 +0,0 @@
-/* ******************************************************************************
- * Copyright (c) 2024 Calypso Networks Association https://calypsonet.org/
- *
- * This program and the accompanying materials are made available under the
- * terms of the MIT License which is available at
- * https://opensource.org/licenses/MIT.
- *
- * SPDX-License-Identifier: MIT
- ****************************************************************************** */
-package org.eclipse.keypop.calypso.certificate.card;
-
-import org.eclipse.keypop.calypso.card.transaction.spi.CaCertificate;
-
-/**
- * Card Certificate compliant with the 316-byte format supported by the Calypso cards.
- *
- * @since 0.1.0
- */
-public interface CalypsoCardCertificate extends CaCertificate {
-
-  /**
-   * Returns a byte array corresponding to the certificate as it is stored in the card.
-   *
-   * @return A 316-byte byte array.
-   * @since 0.1.0
-   */
-  byte[] getRawData();
-}
diff --git a/src/main/java/org/eclipse/keypop/calypso/certificate/card/CalypsoCardCertificateV1.java b/src/main/java/org/eclipse/keypop/calypso/certificate/card/CalypsoCardCertificateV1.java
deleted file mode 100644
index 9a5f2e9..0000000
--- a/src/main/java/org/eclipse/keypop/calypso/certificate/card/CalypsoCardCertificateV1.java
+++ /dev/null
@@ -1,22 +0,0 @@
-/* ******************************************************************************
- * Copyright (c) 2024 Calypso Networks Association https://calypsonet.org/
- *
- * This program and the accompanying materials are made available under the
- * terms of the MIT License which is available at
- * https://opensource.org/licenses/MIT.
- *
- * SPDX-License-Identifier: MIT
- ****************************************************************************** */
-package org.eclipse.keypop.calypso.certificate.card;
-
-import org.eclipse.keypop.calypso.card.transaction.spi.CardCertificate;
-
-/**
- * A Calypso card certificate version 1.
- *
- * <p>It can be used for certificate generation and external certificate validation.
- *
- * @see CardCertificate
- * @since 0.1.0
- */
-public interface CalypsoCardCertificateV1 extends CalypsoCardCertificate {}
diff --git a/src/main/java/org/eclipse/keypop/calypso/certificate/card/package-info.java b/src/main/java/org/eclipse/keypop/calypso/certificate/card/package-info.java
deleted file mode 100644
index 3239034..0000000
--- a/src/main/java/org/eclipse/keypop/calypso/certificate/card/package-info.java
+++ /dev/null
@@ -1,6 +0,0 @@
-/**
- * Interfaces related to Calypso card certificates.
- *
- * @since 0.1.0
- */
-package org.eclipse.keypop.calypso.certificate.card;

From da1dcc81e86c53d38ec18d63a9e1eee2eae20330 Mon Sep 17 00:00:00 2001
From: Jean-Pierre Fortune <jean-pierre.fortune@ialto.com>
Date: Sun, 25 Feb 2024 18:31:10 +0100
Subject: [PATCH 08/13] wip

---
 build.gradle.kts | 1 -
 1 file changed, 1 deletion(-)

diff --git a/build.gradle.kts b/build.gradle.kts
index d3ab0b0..22a2101 100644
--- a/build.gradle.kts
+++ b/build.gradle.kts
@@ -24,7 +24,6 @@ repositories {
     mavenCentral()
 }
 dependencies {
-    implementation("org.eclipse.keypop:keypop-calypso-card-java-api:2.1.0-SNAPSHOT") { isChanging = true }
     testImplementation("junit:junit:4.13.2")
     testImplementation("org.assertj:assertj-core:3.15.0")
 }

From 6021a9992c3f9793692e4736c0e227ff3c3b980d Mon Sep 17 00:00:00 2001
From: Jean-Pierre Fortune <jean-pierre.fortune@ialto.com>
Date: Tue, 5 Mar 2024 17:22:53 +0100
Subject: [PATCH 09/13] wip

---
 .../certificate/CalypsoCertificateStore.java  | 26 ++++++++++++++++++-
 1 file changed, 25 insertions(+), 1 deletion(-)

diff --git a/src/main/java/org/eclipse/keypop/calypso/certificate/CalypsoCertificateStore.java b/src/main/java/org/eclipse/keypop/calypso/certificate/CalypsoCertificateStore.java
index 345d184..3843a32 100644
--- a/src/main/java/org/eclipse/keypop/calypso/certificate/CalypsoCertificateStore.java
+++ b/src/main/java/org/eclipse/keypop/calypso/certificate/CalypsoCertificateStore.java
@@ -49,6 +49,30 @@ public interface CalypsoCertificateStore {
    */
   CalypsoCertificateStore addPcaPublicKey(byte[] pcaPublicKeyReference, RSAPublicKey pcaPublicKey);
 
+  /**
+   * Adds a Primary Certification Authority (PCA) public key from it modulus and its reference.
+   *
+   * <p>This method expects the 256-byte modulus of a 2048-bit RSA public key with an exponent of
+   * 65537.
+   *
+   * <p>The provided public key reference will be used for identifying the key when creating
+   * certificates within the certificate infrastructure.
+   *
+   * <p>The key reference is to be used when creating certificates according to the desired
+   * infrastructure.
+   *
+   * <p>This method is suitable for providing means to verify CA certificates.
+   *
+   * @param pcaPublicKeyReference The reference to the PCA public key.
+   * @param pcaPublicKeyModulus The modulus of the PCA public key as a 256-byte byte array.
+   * @return The current instance.
+   * @throws IllegalArgumentException If one of the argument is null or if the key modulus is not
+   *     256 bytes long.
+   * @throws IllegalStateException If the reference to the public key already in the store.
+   * @since 0.1.0
+   */
+  CalypsoCertificateStore addPcaPublicKey(byte[] pcaPublicKeyReference, byte[] pcaPublicKeyModulus);
+
   /**
    * Adds a Calypso Certificate Authority (CA) certificate to the store.
    *
@@ -61,7 +85,7 @@ public interface CalypsoCertificateStore {
    *
    * @param caCertificate A 384-byte byte array containing the Calypso CA certificate to add.
    * @return The current instance.
-   * @throws IllegalArgumentException If the certificate is null.
+   * @throws IllegalArgumentException If the certificate is null or its format is unknown.
    * @throws IllegalStateException If the reference to the public key already in the store.
    * @throws CertificateConsistencyException If the certificate is not trusted.
    * @since 0.1.0

From 329ff86f107934936bcf0c84658fca74fc999ae8 Mon Sep 17 00:00:00 2001
From: Jean-Pierre Fortune <jean-pierre.fortune@ialto.com>
Date: Fri, 8 Mar 2024 16:30:04 +0100
Subject: [PATCH 10/13] wip

---
 .../calypso/certificate/CertificateConsistencyException.java    | 2 +-
 .../keypop/calypso/certificate/CertificateSigningException.java | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/main/java/org/eclipse/keypop/calypso/certificate/CertificateConsistencyException.java b/src/main/java/org/eclipse/keypop/calypso/certificate/CertificateConsistencyException.java
index a0eeab8..4fdeaf9 100644
--- a/src/main/java/org/eclipse/keypop/calypso/certificate/CertificateConsistencyException.java
+++ b/src/main/java/org/eclipse/keypop/calypso/certificate/CertificateConsistencyException.java
@@ -10,7 +10,7 @@
 package org.eclipse.keypop.calypso.certificate;
 
 /**
- * Exception that is thrown when an error occurs during the certificate validation process.
+ * Indicated that an error occurred during the certificate validation process.
  *
  * @since 0.1.0
  */
diff --git a/src/main/java/org/eclipse/keypop/calypso/certificate/CertificateSigningException.java b/src/main/java/org/eclipse/keypop/calypso/certificate/CertificateSigningException.java
index 59e3507..ee92184 100644
--- a/src/main/java/org/eclipse/keypop/calypso/certificate/CertificateSigningException.java
+++ b/src/main/java/org/eclipse/keypop/calypso/certificate/CertificateSigningException.java
@@ -10,7 +10,7 @@
 package org.eclipse.keypop.calypso.certificate;
 
 /**
- * Exception that is thrown when an error occurs during the certificate signing process.
+ * Indicates that an error occurred during the certificate signing process.
  *
  * @since 0.1.0
  */

From 21c0e301e64abb8190da9cc9b821991b4a65542d Mon Sep 17 00:00:00 2001
From: Jean-Pierre Fortune <jean-pierre.fortune@ialto.com>
Date: Sat, 16 Mar 2024 21:05:12 +0100
Subject: [PATCH 11/13] wip

---
 .../certificate/CalypsoCertificateStore.java    | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/src/main/java/org/eclipse/keypop/calypso/certificate/CalypsoCertificateStore.java b/src/main/java/org/eclipse/keypop/calypso/certificate/CalypsoCertificateStore.java
index 3843a32..56592b3 100644
--- a/src/main/java/org/eclipse/keypop/calypso/certificate/CalypsoCertificateStore.java
+++ b/src/main/java/org/eclipse/keypop/calypso/certificate/CalypsoCertificateStore.java
@@ -41,13 +41,12 @@ public interface CalypsoCertificateStore {
    *
    * @param pcaPublicKeyReference The reference to the PCA public key.
    * @param pcaPublicKey The PCA public key.
-   * @return The current instance.
    * @throws IllegalArgumentException If one of the argument is null or if the key is not a 2048-bit
    *     RSA key.
    * @throws IllegalStateException If the reference to the public key already in the store.
    * @since 0.1.0
    */
-  CalypsoCertificateStore addPcaPublicKey(byte[] pcaPublicKeyReference, RSAPublicKey pcaPublicKey);
+  void addPcaPublicKey(byte[] pcaPublicKeyReference, RSAPublicKey pcaPublicKey);
 
   /**
    * Adds a Primary Certification Authority (PCA) public key from it modulus and its reference.
@@ -65,16 +64,17 @@ public interface CalypsoCertificateStore {
    *
    * @param pcaPublicKeyReference The reference to the PCA public key.
    * @param pcaPublicKeyModulus The modulus of the PCA public key as a 256-byte byte array.
-   * @return The current instance.
    * @throws IllegalArgumentException If one of the argument is null or if the key modulus is not
    *     256 bytes long.
    * @throws IllegalStateException If the reference to the public key already in the store.
+   * @throws CertificateConsistencyException If the certificate is not trusted.
    * @since 0.1.0
    */
-  CalypsoCertificateStore addPcaPublicKey(byte[] pcaPublicKeyReference, byte[] pcaPublicKeyModulus);
+  void addPcaPublicKey(byte[] pcaPublicKeyReference, byte[] pcaPublicKeyModulus);
 
   /**
-   * Adds a Calypso Certificate Authority (CA) certificate to the store.
+   * Adds a Calypso Certificate Authority (CA) certificate to the store and returns its public key
+   * reference.
    *
    * <p>This method adds the provided certificate to the store. The certificate must be valid
    * (signed by an already referenced authority) and issued by a trusted authority previously
@@ -84,11 +84,12 @@ public interface CalypsoCertificateStore {
    * validating other certificates within the infrastructure.
    *
    * @param caCertificate A 384-byte byte array containing the Calypso CA certificate to add.
-   * @return The current instance.
+   * @return The public key reference of the added certificate.
    * @throws IllegalArgumentException If the certificate is null or its format is unknown.
-   * @throws IllegalStateException If the reference to the public key already in the store.
+   * @throws IllegalStateException If the reference to the public key already in the store or the
+   *     parent certificate was not found.
    * @throws CertificateConsistencyException If the certificate is not trusted.
    * @since 0.1.0
    */
-  CalypsoCertificateStore addCalypsoCaCertificate(byte[] caCertificate);
+  byte[] addCalypsoCaCertificate(byte[] caCertificate);
 }

From feb0180014a43de2e8bdf5964d4bd289ef56e537 Mon Sep 17 00:00:00 2001
From: Jean-Pierre Fortune <jean-pierre.fortune@ialto.com>
Date: Mon, 1 Dec 2025 14:04:43 +0100
Subject: [PATCH 12/13] refactor: remove legacy scripts and update configs

---
 .github/workflows/build-and-test.yml          |   9 +
 .github/workflows/publish-release.yml         |  10 +
 .github/workflows/publish-snapshot.yml        |  10 +
 .gitignore                                    |   1 -
 CONTRIBUTING.md                               |   2 +-
 Jenkinsfile                                   |  83 ------
 LICENSE_HEADER                                |  11 +
 NOTICE.md                                     |   4 +-
 README.md                                     |   2 +-
 build.gradle.kts                              | 206 +++++++++++---
 gradle.properties                             |  42 ++-
 gradle/wrapper/gradle-wrapper.jar             | Bin 59203 -> 61624 bytes
 gradle/wrapper/gradle-wrapper.properties      |   3 +-
 gradlew                                       | 269 +++++++++++-------
 gradlew.bat                                   |  15 +-
 scripts/check_version.sh                      |  12 -
 scripts/prepare_javadoc.sh                    |  52 ----
 settings.gradle.kts                           |  17 +-
 .../CalypsoCaCertificateV1Generator.java      |  12 +-
 .../CalypsoCardCertificateV1Generator.java    |  12 +-
 .../CalypsoCertificateApiFactory.java         |  12 +-
 .../CalypsoCertificateApiProperties.java      |  12 +-
 .../certificate/CalypsoCertificateStore.java  |  12 +-
 .../CertificateConsistencyException.java      |  12 +-
 .../CertificateSigningException.java          |  12 +-
 .../spi/CalypsoCertificateSignerSpi.java      |  12 +-
 .../CalypsoCertificateApiPropertiesTest.java  |  18 +-
 27 files changed, 505 insertions(+), 357 deletions(-)
 create mode 100644 .github/workflows/build-and-test.yml
 create mode 100644 .github/workflows/publish-release.yml
 create mode 100644 .github/workflows/publish-snapshot.yml
 delete mode 100644 Jenkinsfile
 create mode 100644 LICENSE_HEADER
 delete mode 100644 scripts/check_version.sh
 delete mode 100644 scripts/prepare_javadoc.sh

diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml
new file mode 100644
index 0000000..50885d2
--- /dev/null
+++ b/.github/workflows/build-and-test.yml
@@ -0,0 +1,9 @@
+name: Build and Test
+
+on:
+  pull_request:
+    branches: [main]
+
+jobs:
+  build-and-test:
+    uses: eclipse-keypop/keypop-actions/.github/workflows/reusable-build-and-test.yml@main # NOSONAR - Same organization, trusted source
diff --git a/.github/workflows/publish-release.yml b/.github/workflows/publish-release.yml
new file mode 100644
index 0000000..b4776c4
--- /dev/null
+++ b/.github/workflows/publish-release.yml
@@ -0,0 +1,10 @@
+name: Publish Release package
+
+on:
+  release:
+    types: [published]
+
+jobs:
+  publish-release:
+    uses: eclipse-keypop/keypop-actions/.github/workflows/reusable-publish-release.yml@main # NOSONAR - Same organization, trusted source
+    secrets: inherit # NOSONAR - Same organization, trusted source
diff --git a/.github/workflows/publish-snapshot.yml b/.github/workflows/publish-snapshot.yml
new file mode 100644
index 0000000..85cdaa5
--- /dev/null
+++ b/.github/workflows/publish-snapshot.yml
@@ -0,0 +1,10 @@
+name: Publish Snapshot package
+
+on:
+  push:
+    branches: [main]
+
+jobs:
+  publish-snapshot:
+    uses: eclipse-keypop/keypop-actions/.github/workflows/reusable-publish-snapshot.yml@main # NOSONAR - Same organization, trusted source
+    secrets: inherit # NOSONAR - Same organization, trusted source
diff --git a/.gitignore b/.gitignore
index 01ddf38..fc74077 100644
--- a/.gitignore
+++ b/.gitignore
@@ -9,7 +9,6 @@ release/
 # Gradle
 .gradle/
 build/
-LICENSE_HEADER
 
 # Eclipse
 .classpath
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 4609d01..e20bf5e 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -9,7 +9,7 @@ Keypop:
 ## Quick Start
 
 1. **Read the Contribution Guidelines**: Before starting, please visit our detailed contributing guide at the
-[Eclipse Keypop Contribution Guide](https://eclipse-keypop.github.io/keypop-website/community/contributing/). 
+[Eclipse Keypop Contribution Guide](https://keypop.org/community/contributing/). 
 This guide covers all the necessary information about contributing to the project.
 
 2. **Join the mailing list**: Connect with other contributors on our 
diff --git a/Jenkinsfile b/Jenkinsfile
deleted file mode 100644
index 012a641..0000000
--- a/Jenkinsfile
+++ /dev/null
@@ -1,83 +0,0 @@
-#!groovy
-pipeline {
-  environment {
-    PROJECT_NAME = "keypop-calypso-certificate-java-api"
-    PROJECT_BOT_NAME = "Eclipse Keypop Bot"
-  }
-  agent { kubernetes { yaml javaBuilder('1.0') } }
-  stages {
-    stage('Import keyring') {
-      when { expression { env.GIT_URL.startsWith('https://github.com/eclipse-keypop/keypop-') && env.CHANGE_ID == null } }
-      steps { container('java-builder') {
-        withCredentials([file(credentialsId: 'secret-subkeys.asc', variable: 'KEYRING')]) { sh 'import_gpg "${KEYRING}"' }
-      } }
-    }
-    stage('Prepare settings') { steps { container('java-builder') {
-      script {
-        env.KEYPOP_VERSION = sh(script: 'grep version gradle.properties | cut -d= -f2 | tr -d "[:space:]"', returnStdout: true).trim()
-        env.GIT_COMMIT_MESSAGE = sh(script: 'git log --format=%B -1 | head -1 | tr -d "\n"', returnStdout: true)
-        echo "Building version ${env.KEYPOP_VERSION} in branch ${env.GIT_BRANCH}"
-        deployRelease = env.GIT_URL == "https://github.com/eclipse-keypop/${env.PROJECT_NAME}.git" && (env.GIT_BRANCH == "main" || env.GIT_BRANCH == "release-${env.KEYPOP_VERSION}") && env.CHANGE_ID == null && env.GIT_COMMIT_MESSAGE.startsWith("Release ${env.KEYPOP_VERSION}")
-        deploySnapshot = !deployRelease && env.GIT_URL == "https://github.com/eclipse-keypop/${env.PROJECT_NAME}.git" && (env.GIT_BRANCH == "main" || env.GIT_BRANCH == "release-${env.KEYPOP_VERSION}") && env.CHANGE_ID == null
-      }
-      sh "chmod +x ./gradlew ./scripts/*.sh"
-    } } }
-    stage('Check version') {
-      steps { container('java-builder') {
-        sh "./scripts/check_version.sh ${env.KEYPOP_VERSION}"
-      } }
-    }
-    stage('Build and Test') {
-      when { expression { !deploySnapshot && !deployRelease } }
-      steps { container('java-builder') {
-        sh './gradlew clean build test --no-build-cache --info --stacktrace'
-        junit testResults: 'build/test-results/test/*.xml', allowEmptyResults: true
-      } }
-    }
-    stage('Build and Publish Snapshot') {
-      when { expression { deploySnapshot } }
-      steps { container('java-builder') {
-        configFileProvider([configFile(fileId: 'gradle.properties', targetLocation: '/home/jenkins/agent/gradle.properties')]) {
-          sh './gradlew clean build test publish --info --stacktrace'
-        }
-        junit testResults: 'build/test-results/test/*.xml', allowEmptyResults: true
-      } }
-    }
-    stage('Build and Publish Release') {
-      when { expression { deployRelease } }
-      steps { container('java-builder') {
-        configFileProvider([configFile(fileId: 'gradle.properties', targetLocation: '/home/jenkins/agent/gradle.properties')]) {
-          sh './gradlew clean build test release --info --stacktrace'
-        }
-        junit testResults: 'build/test-results/test/*.xml', allowEmptyResults: true
-      } }
-    }
-    stage('Update GitHub Pages') {
-      when { expression { deploySnapshot || deployRelease } }
-      steps { container('java-builder') {
-        sh "./scripts/prepare_javadoc.sh ${env.PROJECT_NAME} ${env.KEYPOP_VERSION} ${deploySnapshot}"
-        dir("${env.PROJECT_NAME}") {
-          withCredentials([usernamePassword(credentialsId: 'github-bot', passwordVariable: 'GIT_PASSWORD', usernameVariable: 'GIT_USERNAME')]) {
-            sh '''
-            git add -A
-            git config user.email "${PROJECT_NAME}-bot@eclipse.org"
-            git config user.name "${PROJECT_BOT_NAME}"
-            git commit --allow-empty -m "docs: update documentation ${JOB_NAME}-${BUILD_NUMBER}"
-            git log --graph --abbrev-commit --date=relative -n 5
-            git push "https://${GIT_USERNAME}:${GIT_PASSWORD}@github.com/eclipse-keypop/${PROJECT_NAME}.git" HEAD:gh-pages
-            '''
-          }
-        }
-      } }
-    }
-    stage('Publish packaging to Eclipse') {
-      when { expression { deploySnapshot || deployRelease } }
-      steps { container('java-builder') { sshagent(['projects-storage.eclipse.org-bot-ssh']) { sh 'publish_packaging' } } }
-    }
-  }
-  post { always { container('java-builder') {
-    archiveArtifacts artifacts: 'build*/libs/**', allowEmptyArchive: true
-    archiveArtifacts artifacts: 'build*/reports/tests/**', allowEmptyArchive: true
-    archiveArtifacts artifacts: 'build*/reports/jacoco/test/html/**', allowEmptyArchive: true
-  } } }
-}
diff --git a/LICENSE_HEADER b/LICENSE_HEADER
new file mode 100644
index 0000000..efc0ba1
--- /dev/null
+++ b/LICENSE_HEADER
@@ -0,0 +1,11 @@
+/* **************************************************************************************
+ * Copyright (c) $YEAR Calypso Networks Association https://calypsonet.org/
+ *
+ * See the NOTICE file(s) distributed with this work for additional information
+ * regarding copyright ownership.
+ *
+ * This program and the accompanying materials are made available under the terms of the
+ * MIT License which is available at https://opensource.org/licenses/MIT
+ *
+ * SPDX-License-Identifier: MIT
+ ************************************************************************************** */
\ No newline at end of file
diff --git a/NOTICE.md b/NOTICE.md
index 2a51d9e..6d3755f 100644
--- a/NOTICE.md
+++ b/NOTICE.md
@@ -6,8 +6,8 @@ This content is produced and maintained by the Eclipse Keypop project.
  
 ## Supported platforms
 
-* Java SE 1.6 compact2
-* Android 4.4 KitKat API level 19
+* Java 1.8
+* Android 7.0 Nougat API Level 24
 
 ## Trademarks
  
diff --git a/README.md b/README.md
index 3cf4eb3..b0c7e5e 100644
--- a/README.md
+++ b/README.md
@@ -9,7 +9,7 @@ to create Calypso certificates.
 ## Documentation & Contribution Guide
 
 The full documentation, including the **user guide**, **download information** and **contribution guide**, is available
-on the Keypop website [keypop.org](https://eclipse-keypop.github.io/keypop-website/).
+on the Keypop website [keypop.org](https://keypop.org/).
 
 ## API documentation
 
diff --git a/build.gradle.kts b/build.gradle.kts
index 22a2101..29814c0 100644
--- a/build.gradle.kts
+++ b/build.gradle.kts
@@ -1,59 +1,193 @@
 ///////////////////////////////////////////////////////////////////////////////
 //  GRADLE CONFIGURATION
 ///////////////////////////////////////////////////////////////////////////////
+
 plugins {
-    java
-    id("com.diffplug.spotless") version "5.10.2"
-}
-buildscript {
-    repositories {
-        mavenLocal()
-        mavenCentral()
-    }
-    dependencies {
-        classpath("org.eclipse.keypop:keypop-gradle:0.1.+") { isChanging = true }
-    }
+  java
+  `maven-publish`
+  signing
+  id("com.diffplug.spotless") version "6.25.0"
 }
-apply(plugin = "org.eclipse.keypop")
 
 ///////////////////////////////////////////////////////////////////////////////
 //  APP CONFIGURATION
 ///////////////////////////////////////////////////////////////////////////////
-repositories {
-    mavenLocal()
-    mavenCentral()
-}
+
 dependencies {
-    testImplementation("junit:junit:4.13.2")
-    testImplementation("org.assertj:assertj-core:3.15.0")
+  testImplementation(platform("org.junit:junit-bom:5.12.2"))
+  testImplementation("org.junit.jupiter:junit-jupiter")
+  testRuntimeOnly("org.junit.platform:junit-platform-launcher")
+  testImplementation("org.assertj:assertj-core:3.25.3")
+}
+
+///////////////////////////////////////////////////////////////////////////////
+//  STANDARD CONFIGURATION FOR JAVA PROJECTS
+///////////////////////////////////////////////////////////////////////////////
+
+if (project.hasProperty("releaseTag")) {
+  project.version = project.property("releaseTag") as String
+  println("Release mode: version set to ${project.version}")
+} else {
+  println("Development mode: version is ${project.version}")
 }
 
 val javaSourceLevel: String by project
 val javaTargetLevel: String by project
+
 java {
-    sourceCompatibility = JavaVersion.toVersion(javaSourceLevel)
-    targetCompatibility = JavaVersion.toVersion(javaTargetLevel)
-    println("Compiling Java $sourceCompatibility to Java $targetCompatibility.")
-    withJavadocJar()
-    withSourcesJar()
+  sourceCompatibility = JavaVersion.toVersion(javaSourceLevel)
+  targetCompatibility = JavaVersion.toVersion(javaTargetLevel)
+  println("Compiling Java $sourceCompatibility to Java $targetCompatibility.")
+  withJavadocJar()
+  withSourcesJar()
+}
+
+fun copyLicenseFiles() {
+  val metaInfDir = File(layout.buildDirectory.get().asFile, "resources/main/META-INF")
+  val licenseFile = File(project.rootDir, "LICENSE")
+  val noticeFile = File(project.rootDir, "NOTICE.md")
+  metaInfDir.mkdirs()
+  licenseFile.copyTo(File(metaInfDir, "LICENSE"), overwrite = true)
+  noticeFile.copyTo(File(metaInfDir, "NOTICE.md"), overwrite = true)
 }
 
-///////////////////////////////////////////////////////////////////////////////
-//  TASKS CONFIGURATION
-///////////////////////////////////////////////////////////////////////////////
 tasks {
-    spotless {
-        java {
-            target("src/**/*.java")
-            licenseHeaderFile("${project.rootDir}/LICENSE_HEADER")
-            importOrder("java", "javax", "org", "com", "")
-            removeUnusedImports()
-            googleJavaFormat()
+  spotless {
+    java {
+      target("src/**/*.java")
+      licenseHeaderFile("${project.rootDir}/LICENSE_HEADER")
+      importOrder("java", "javax", "org", "com", "")
+      removeUnusedImports()
+      googleJavaFormat()
+    }
+    kotlinGradle {
+      target("**/*.kts")
+      ktfmt()
+    }
+  }
+  test {
+    useJUnitPlatform()
+    testLogging { events("passed", "skipped", "failed") }
+  }
+  javadoc {
+    dependsOn(processResources)
+    val javadocLogo = project.findProperty("javadoc.logo") as String
+    val javadocCopyright = project.findProperty("javadoc.copyright") as String
+    val titleProperty = project.findProperty("title") as String
+    (options as StandardJavadocDocletOptions).apply {
+      overview = "src/main/javadoc/overview.html"
+      windowTitle = "$titleProperty - ${project.version}"
+      header(
+          "<div style=\"margin-top: 7px\">$javadocLogo $titleProperty - ${project.version}</div>")
+      docTitle("$titleProperty - ${project.version}")
+      use(true)
+      bottom(javadocCopyright)
+      encoding = "UTF-8"
+      charSet = "UTF-8"
+      if (JavaVersion.current().isJava11Compatible) {
+        addBooleanOption("html5", true)
+        addStringOption("Xdoclint:none", "-quiet")
+      }
+    }
+    doFirst { println("Generating Javadoc for ${project.name} version ${project.version}") }
+  }
+  jar {
+    dependsOn(processResources)
+    doFirst { copyLicenseFiles() }
+    manifest {
+      attributes(
+          mapOf(
+              "Implementation-Title" to (project.findProperty("title") as String),
+              "Implementation-Version" to project.version,
+              "Implementation-Vendor" to (project.findProperty("organization.name") as String),
+              "Implementation-URL" to (project.findProperty("project.url") as String),
+              "Specification-Title" to (project.findProperty("title") as String),
+              "Specification-Version" to project.version,
+              "Specification-Vendor" to (project.findProperty("organization.name") as String),
+              "Created-By" to
+                  "${System.getProperty("java.version")} (${System.getProperty("java.vendor")})",
+              "Build-Jdk" to System.getProperty("java.version")))
+    }
+  }
+  named<Jar>("sourcesJar") {
+    doFirst { copyLicenseFiles() }
+    manifest {
+      attributes(
+          mapOf(
+              "Implementation-Title" to "${project.findProperty("title") as String} Sources",
+              "Implementation-Version" to project.version))
+    }
+  }
+  named<Jar>("javadocJar") {
+    dependsOn(javadoc)
+    doFirst { copyLicenseFiles() }
+    manifest {
+      attributes(
+          mapOf(
+              "Implementation-Title" to "${project.findProperty("title") as String} Documentation",
+              "Implementation-Version" to project.version))
+    }
+  }
+}
+
+publishing {
+  publications {
+    create<MavenPublication>("mavenJava") {
+      from(components["java"])
+      pom {
+        name.set(project.findProperty("title") as String)
+        description.set(project.findProperty("description") as String)
+        url.set(project.findProperty("project.url") as String)
+        licenses {
+          license {
+            name.set(project.findProperty("license.name") as String)
+            url.set(project.findProperty("license.url") as String)
+            distribution.set(project.findProperty("license.distribution") as String)
+          }
+        }
+        developers {
+          developer {
+            name.set(project.findProperty("developer.name") as String)
+            email.set(project.findProperty("developer.email") as String)
+          }
+        }
+        organization {
+          name.set(project.findProperty("organization.name") as String)
+          url.set(project.findProperty("organization.url") as String)
+        }
+        scm {
+          connection.set(project.findProperty("scm.connection") as String)
+          developerConnection.set(project.findProperty("scm.developerConnection") as String)
+          url.set(project.findProperty("scm.url") as String)
         }
+        ciManagement {
+          system.set(project.findProperty("ci.system") as String)
+          url.set(project.findProperty("ci.url") as String)
+        }
+        properties.set(
+            mapOf(
+                "project.build.sourceEncoding" to "UTF-8",
+                "maven.compiler.source" to javaSourceLevel,
+                "maven.compiler.target" to javaTargetLevel))
+      }
     }
-    test {
-        testLogging {
-            events("passed", "skipped", "failed")
+  }
+  repositories {
+    maven {
+      if (project.hasProperty("sonatypeURL")) {
+        url = uri(project.property("sonatypeURL") as String)
+        credentials {
+          username = project.property("sonatypeUsername") as String
+          password = project.property("sonatypePassword") as String
         }
+      }
     }
+  }
+}
+
+signing {
+  if (project.hasProperty("releaseTag")) {
+    useGpgCmd()
+    sign(publishing.publications["mavenJava"])
+  }
 }
diff --git a/gradle.properties b/gradle.properties
index 4f4aa52..98c65e7 100644
--- a/gradle.properties
+++ b/gradle.properties
@@ -1,15 +1,41 @@
+# Project Configuration
 group = org.eclipse.keypop
 title = Keypop Calypso Certificate API
 description = API dedicated to the creation of Calypso Certificates
-version = 0.1.0
+version = 0.1.0-SNAPSHOT
 
-javaSourceLevel = 1.6
-javaTargetLevel = 1.6
+# Java Configuration
+javaSourceLevel = 1.8
+javaTargetLevel = 1.8
 
-# UTF-8 required by javadoc for special characters (ex. copyright) with Java 11+.
-org.gradle.jvmargs="-Dfile.encoding=UTF-8"
+# UTF-8 required by javadoc for special characters (ex. copyright) with Java 11+
+org.gradle.jvmargs = "-Dfile.encoding=UTF-8"
 
-javadoc.logo = <span></span>
-javadoc.copyright = Copyright \u00a9 Calypso Networks Association https://calypsonet.org/
+# Documentation Configuration
+javadoc.logo = <a target="_parent" href="https://keypop.org/"><img src="https://keypop.org/media/logo-bg-white.svg" height="20px" style="background-color: white; padding: 3px; margin: 0 10px -7px 3px;"/></a>
+javadoc.copyright = Copyright &copy; Eclipse Foundation, Inc. All Rights Reserved.
 
-sonatype.url = https://oss.sonatype.org
\ No newline at end of file
+# Project URLs
+project.url = https://github.com/eclipse-keypop/keypop-calypso-crypto-asymmetric-java-api
+
+# Organization
+organization.name = Eclipse Keypop
+organization.url = https://keypop.org/
+
+# License
+license.name = MIT license
+license.url = https://opensource.org/license/mit/
+license.distribution = repo
+
+# Developers
+developer.name = Keypop Contributors
+developer.email = keypop-dev@eclipse.org
+
+# Source Control Management
+scm.connection = scm:git:git://github.com/eclipse-keypop/keypop-calypso-crypto-asymmetric-java-api.git
+scm.developerConnection = scm:git:https://github.com/eclipse-keypop/keypop-calypso-crypto-asymmetric-java-api.git
+scm.url = https://github.com/eclipse-keypop/keypop-calypso-crypto-asymmetric-java-api
+
+# Continuous Integration
+ci.system = GitHub Actions
+ci.url = https://github.com/eclipse-keypop/keypop-calypso-crypto-asymmetric-java-api/actions
diff --git a/gradle/wrapper/gradle-wrapper.jar b/gradle/wrapper/gradle-wrapper.jar
index e708b1c023ec8b20f512888fe07c5bd3ff77bb8f..afba109285af78dbd2a1d187e33ac4f87c76e392 100644
GIT binary patch
delta 39359
zcmZs?V{j&2*fpAoZQHh;iEZ1qlL_uP6Wg|}JGO04JhAO>-cw(_b)Hk_M^|-qU%h{=
zz1He$?Q3ub47dkYPxk{M>}1uG3Kj&!01E_!HmSfAGwE^-3y`A)<%_pW@MS>%et17D
zI-`OqlRebP1`iWB1OpR$xdusrn3}W{lBjnP#Xx$Ry-1^AWi5-9<2L`pZ9$l;K$H{s
zV`Jfmy>)>PQpa;{@{^BeW3}^|1EBZt^w0O_v+pdDkoUD82xrtItU>v{%T}?-aMa<Q
zNqd)AzpT2N6u=3>pmg^L*5T;@!@o-f)SzU4*(-*q?d4VnqE1zr3g!Ifm-h=KM%z9o
zL|c{CVbD(bzPwkH**j)?mpY@Psx#Cd#x&2DTLqy%CHo3px}kkO=v|uq?`qZk@9ONk
zV6cMah02W`V4gJG$D`Y{nYSbuL?e=itCB~F36nq~G=TqBQ6cK{#Ak72++J7YyHjr@
z)QvMnULO?(fBCK|t<J4A2G>5Dzpn-=|KaE$tRR(;5ED{w{yvIt1FYdd5iDU+x?w6k
z%ol7AZCYK$3vW-se%4EBkYm;FT|UsL&bJL-(i}-73BLDOkLRm%{tch}-ZIbLpTsUX
z{yL5k=Ya9O)N=db#6dprzinCL$u(4$qQCg<p+jWG_;}wpf05=8@CZI?Cs!dpxjh}{
zPr~I>h+*)Vj;D9a=F@MvN%gHdAS&y~lc%yjm7$FyR2d2paup~3%_kHp)@5m*1@(K9
zqNk{5G|?Gk7)%vJ=h7LW_j6mS*XhW<H1=#$i~~?uCo}aM28!>Il~D36xZ9?GoC(B2
zEYTm+xyj~l4FAqx@G*4`E?X{29T(-ZC?*&C*&w%g^&6$lM6FE)Qb^<YoCiCur8z4i
zBo{w%gwV-ptlVWzE|-!_y1pfy_!p-+UIZAAvN!xj+1QvUi{vHt!7<4~0$Z}A<imy<
ziY}mItcA&bbf00-$+~RvoH*r@6Ro+4)BzDm);!HyoMazAv6d3<l;0G-)IRCOw(AB7
z%Vb=vSV&<gY%!Hl9@Q!{uv&m9rTL4*l^%!dkt8t1z)XN(-4*B03|ny6IVZ%9IqHe1
z=<t<=*ubAy8oBU+oT=)RJyI>_uO)N$2`qpH9;5L6s5WFRStCt4`$cN7p8!8v^hhMA
z(SzN>%IqOLnF2La({t9Pvp~ujv%&?(;&_3=qzeII%VU4i`-5`X7`m^bk*n7eJFT+&
zbM|kG2^<ca(i-8xnlf<;h;C_Evp?ST>5)}o{`gBy=&QEeQEa%e2k<$}x;Qp3g8qP?
z-&meMC@=MR5k!TTbg=AAGvT>n>owRvkcCukfMG-jR6{%zO8&G2Y<7VR-;z1DFEsw8
zd&e)KL54Oj82;1rnF=!w0vrRxHZKVNRlA<J{&7N9+!4n%+%YT&&isn~L>wP5fR!7p
zj}-kub))D?{qkK$+^<-G6x5fhQ3XKrcI*{74y(iU>?Xh=uDL`-B8bLJn({kw5)Cwl
zaLi|oMwOFm!Fx(@wF7V<{ewZM!YWU;-MV94ruAF-H+4vQSp=(u&Wl((C9N1w)*^=-
zs%^|qb-@UwkUY0S6_iTK%8=6EubJhT9FgVAVmZ*%g$8JFLn4%`@JC{8a#R2*Ltg7q
zREaC4JHz6LVHLO?7}~lB3R3F&Dt$#tc|LZtxiRnq9Nc7aZW%zRLb?X^c@lD&+)0Qz
zrARRT@6pF(6dS!Pn=Q5Y<nGZrHb{GUdW^|p;8CPjK}5<vsCWo_1MF(k<&@rKrWV5l
z#(aJRhY7=?YPG6Z5#<2t8aW^-ls-sNyFkT)4ezKqnt#>mH8yFRoser3ky4RTJEL25
z(OMp8%}CZTFvZ%v<mxorSID*cY%ypY8GTa0Y0I6%ocLr{dGw;8AWubkypb5DX%n3d
zaWvy+RJ-DZc)`zFrdn@{gy->fp~cF<CnE_=>^6qJ$PkU1IT-M0ECN(mG1d3UMt40H
zUvjP!g6^4MKJ=fhTMF453F9*oMmdlHfo8cgr>x4dOf6V{s8+(i)9^wy-|s|HY9{KR
z@t)GHb1p1RnHO7KN6i_U!!6T)mEb7Do+c1>5%X{69BkkmO?eUA@iJJQ#)1qx@lQJ8
z-^!RPqFl}0@ZaNt#R9S+6;-2{uBQp<qmHe(ns^zRsve^iPA_ZM%1Xwsk~16{#DU&g
z8JkVWr82cQ+xcT+b4TjhP0{l}MkaQR$d}ClSD03+*^%~y1v-vJrLynN(nYJRqTq-P
z;||BdWz~r?Y!y0-JbRjvbrueVT+~7LIN$zuEH1$>8K6R5B48)6jMtQlvP|l#Hmeh+
z6O5v<$f-|kP0fB0hh04V&Y+8YNBfg3m4}k4HP+MYr7)N*>^`1Fq2!U9pqZIyC#Qig
zvz8KcQ(44vx7Ek%`!`gK<{{><IT`sanoP65<C8(Ec4{SdYfcu*1=6aRf60>E^U-BW
z?AhK4-C5OxA_11h(z9iT+;C-o3(H2_MirP|s_)6Ucvhzok`xJPb3e&KG@mbNz2YR~
z?#+HBYu4T@%ZJy)-Z4o9APHYcGJzvHaUrR18K$(Y0<R}GSDlEaH&+K{9R(?Xgrvox
zy+OT4(+BCEZNV<-wxM9~d)9g!SU<pknY}68LAJleO#rtbDVd6ErfAer)p-GqL}_=Q
zN#)qs;R|PQZ>%>&h;I|KMK1aDN*Dw;5Y1MQ_iW|4kgHNoHQ+?KVgxi`HAnp}(z-+s
z9G3O@EheCFx+(c0R>S0&DCW+PvaHaM-i^)6vuNKVF!V{AM>Q#Ul=X$`2$eY1b~TwH
z*w7k~i~#76Aa$H-+|e@)hH_5D!ob~p&Ik@La>CIK=jtpmGVgFUtIQ`cB1|Xy;)B8F
zZkT1QxZ$+`jJ4lU4KUll_#eRExf?;IYp`HxyYQ`h>sG_^YY|xuaBW6h4wf%h1BCpM
z-LaZ^*S`=IM_UxMi1rq*um$uZ!t?KK2`L1|BmsX|l9m6EL$ZifS2>YUWE-)^_75;i
zVAFuX3^@^?Pek99`b3lT;1Kv?QjA?<PACqT6+4WUU=P!jPU%|_yGJIp5Uhh*=iW1<
z$VXzorrov$I@l1dA!`XCzPXVRT!E|{|0pF;zl_%l<kgE<{>?2BrpFok%c)0!S7M^>
zAQq5N={ssM>@fY;1S7a-{L{0Rn#|{(wQ=GWdu-n>R$Ld;v0*96PUq!&piew-8pjT2
zba?op(E9@Oc<nYO$NZT)hc~YG^9SYP3OwWZ?gD(PzBkohNy>TNpF$VFJW>xx#z~`9
zdo9wy!0n!Upl^OP4{u<r^F@2FH|XVaz9?W<kGyK-kF#5jEB7jKz$GwRdOlR)m+V<<
ztTEVRO;{+V(fo4LVJe&QfLzLCI==pcHW!-6*`KMK<@hTcFG|nH;;tXFg-_efXONWO
zP*_Rx0)B|!tNp8GM(=3lYEGu*k_AfYf+bCmNZjin)pm&gq~CEERMNElbbJ@K;z<*{
zHrauG67CIpc%(krw{*LGVO&Ae3TH?qa*t1d&O%p1?vb4I&_GoAU`-RBfGtknJvGN@
zPpTU014~I34E&#;goXwI0TBk-9AR{3`gh0n?;-<9irb<{VsJ;pUkYTMj6#KjRf%$o
zVndBmQ3XcI+{>`Ks@k`M#N#H-ZGku0xKE;hpS)Q2Ch>$T0d%?R8I&rC|De!`FeL{;
zYbpIW(xHY<-0dyVKNnf2*cA7L$Q#h?6AP9x`6#>1h<2WF2wYKV#YX+ko}9{d?BU^K
z^YQ=sy2JQMluFJ{s-Y-a7eYBiJ~V$UE_CG#@3e)LNdkjEh>yfALGE>{6ci$fAICF-
zZ8NQDBe*s>2S`|ov7@&g%g9ERJziQ1>1m;`%_y#<iE2#Hj0V?^E6=nMG)q5o;r!kl
zK(&m#K;5o_&xH{vVrGZwADCI`FsU9p=Sc)l{G~HfGZ9An1W_P4XAb0kT2PCYULMPu
z<U5Cug4~HNr5O=Zm^sF1#C1Ew=7$O2e<+P(Py}Y)0i>{T-R#$s5!hPnD?3J5`seKG
z>@|zoVa~-hT}1sEMqL_HV;Hi+D$UW35*;l6ny(G@GvH}EJDYnw9Jx*AN@0Yi(vB&-
zKefg{$9ENT9Us}Bt2*%;ukokRJH>K1m`9$=*J1CQoR~suxW)?WtawH@vsOetSTi)8
zqIe#O0zj~QZ;CPwDv*-W_tT$@A)DYY6*LE#FQg9JTPsdGH(*}pG^CFP)%DPZ{?a56
z5KO5DIMx*Z*2pmO09CfeaD=FVU@69i{HhqKj2M67Zl%MMv6f3g_p@Zeo$x!R=jDL0
zBb#93$<erb-Bn^Tw+3K@&fBM*##a0_QByA*0LXx=&1essozP!lS3Dw6*c0Y5U^>&Q
z?9jqoUP^cW#h+*Zo~r3~xvD>Q+sylO?>I_-<wELNIenj-kXj0h^L@@`ovhA&_|Ml`
z9firdG0iC^cq}%1E?&Te3JqYuN<QuREBavRSlOZTaz^2DLNUn}rkK?fllkZkVD#xI
z19nJo2Ho#0ih7E$Lc;&f&p`nN`_W#baj|*|JV@RM0>N%tn61x5?1&zHpyF2$clF^U
zt<IweX>p(E8-pZ%1~iDXH&Ha#TS7NtM9GYKxQLmfx6KKo51nz==%G7-3vZERD<rN2
zeu~5wtuQfn!kVcTV{mUp<`PI6(&ewo=_JtkA4V2s^<}icYTrhwr*B2P$LL@S0Ojtv
z+wF@jHSnYz=6n~)_G$xeR_7zQAxZvdI+GI<>N*!P8dx|-`{<<?@th`nf&6!O0^N=B
zlC~q|0j=f4f|}rgbWQ=0q$6TCB;*+Ka}vsi^q0ztwLTU;)c)YTQB35@((JcjF9p#}
zt4-O>hkfakoor1_y&3B{n_nM~mrwyXTg>^ULqBngw#j2osd1%D2Kvb92~>GYaab|x
z42}zRTtcRqweHNOE2RzG?W^{ASI8LgJlvgE0hYNW?u#g~fGA@x_CJ2rQ}KEamEf~9
zgLf8w)2VT<nX;)x6m<jJtZA_eqNWRgBX;b@wpBk}LEi(uT&1%_<W@a5?;_(Qo68vd
z2pn>f@WOYRbKjg^!zN8%#?R7(0>|cu%-*BaN%3i&+Y&OHd($d-7)D##_EzyQLParT
z0Ivo1uPhffT81~ZK^rKSaIIVM=7!~0ALB0^MS7ooMUISKR;?2?UEeM%a)LCRR79uI
z+qKhtq~;nL4y9ED0yDVahJE{qNWWQSzxkcNY!$Rqq`}p=wPy1OqND0z?OJbW4J2Kj
zg@elo7j4BRQ)j@`VfQH(IsD2WI3q}|fG2pia7TnU-vh-I<Kjz+=gvBjY@)$%g_tiQ
zT*{5`?@R|>y*FR)mS3KeX<bv>@;-T3`O%;PY1Y3)Pf?Tv#8t4^mo3dsNiGGgai?*T
zE`PE`8OE<sst=;z#t{qi<rPJB2lN||O16HL^4)Pmf+r5JzWsw1bWVx3w{=7ufI%bD
z&WL|tP6s}Qo(gmXL?JvHsyVoj?3rNPQv99`m3FXJ(I?>iNBx|e{SQ|XC232k1u4O(
zdy-!y)$2-2`<lg5`jrJ5Ymf_5F~v5`V-iW(nxTf!-kxKU!-^Th1of8!ID#=|={C+P
z*zmFP(pW6$X6*PEU1D4i>28X=^fBFs?uma@r5~>?_wlD8AjZm0k>-ZDqj&y`S17t(
z^3SCC7#V=drUvp?ECY8eJ?a4@>c#@^68H@Sm~`J-2sm^*I#ijvi0wiaJ-TLpDqG{$
zA;ufDUzA%ZK_YAShi%#QoTPP`4>{Du8u8+|+&_WH73kdY-)Pzp`hGpd0&(>sKcHVI
zv(idt31OGi2n(UW!O=r7!CB?5jhcoXtyJnH5e1C!j!uI(IB%soLlI42_d!Z3NML8-
zd&l~~e?F~B2=ERvr&ehnsjaJc(*BaE!meo1X{pTQ;~8AKuF%kLYb@?IOAqUwa<W~}
z{d7l=>{={L%h@oAU$Noi9mFA7vs07pa5rR7mqMLcW^ZXM(Ft4Q3QY`{WNxk$s?>gy
z9|TlxhDuaeCkeNkW_Gk_D4)CMEG^^`7wID?7Yko1wZQS@G%&+2O$F8Hczi|JFUiHm
z;XrP;oJS$rH?|05_*DBBmC{yfD`417GEc56j3;wFAZ~{A*XfuG>xT=xd2mSPNx5KM
z{jk5c-&CuMMS@3aRZ4Mu<7Uj#BM`<eSOIukS1M-5O)49$`H^`a5e!r(`Se(_nWSS3
z;)^z?`M|prtkknl;3UKk67Vht`9K`A6dGY4b6>HMD-KlvKYsRO3huqA38QSnqc90#
z@DEwSN9E=crgvIgR;*L7%@Vm6?}CniS2E%3OY&(oOvF?=Y@E-scV|FhWm1w&;{&8M
zq?q<8jm%8C1X-q$dF57oPaA62@eOH|lu-#e!XRejIb)%%fbW6zvco1{y%^yJAnlBr
zxs|DZ5Kqd3+mm`dewqC_{bjcgl!3<+P%kzhN~yNVG^mqYWP1QIKHlV(=@}wymKT>}
z{~nm5%&*i~u@8%?VcwSWc5hR6`wcKsCdR&o=;wsG#j!Je-gKz$3S3y!srNZzf8a%>
zJx<P4PqEUz2)f_9l_N;LDq!>s?G@^hw*7|lN_+o~>KKx)CKc&kL~hZeM@Jpb((r!~
zV}KgmZ0?lz5t^2v|045k@G?RAy0*R^<YUjpw6r7iv-=^OI?_pwSIV|9N)1>KYbw-{
zVGToaYOsD}a(bArz7nM!L9;{h%W5Fn^$GkMl64~T7bPZ(k?J*F!N_|<-18e7=C%)J
zS<uYAHqFNtWcZ9`69+WjfEEbAe|5w;vG9;~FZ?=hM~e@5BWwrPB~904nMh?BsU_*J
zC7aZ!V9@i-H}nuD_^HVfC=Cdr*HCS~BasrSz(zH5MdykiV&^EKp_1C!8FP`s4{Rbq
z4s4oMx-X`ipCY(gBk}wkVD8-Kj%}xfisfnPJH{WyPs4v2I%BQnHnjZH&=Bx!Z6F@d
zV-z-UPa<;<B!4@E-(NzUg;p&95zFg>oQJS<!Ya(0*(DnfpSAuHNhJ7&_%Acu*x#Va
zf`WitgM)xbBsKUGBpK~NC8;Jd0Gd9v%5^IsDhr`WWqQpDm`0kdmnbRa&m>g_-kS-|
zb{jXR93lY2-*Z@o%(wk77mlPSIot9Gm^BedIef0iTdvnUIiLQwM|1(WHaO{PGe*Kp
zH2h1GWN3W6`s~V_$}Gy}Qe4G!!IYwfTD)dbtzCgeT4z$4U4(fLA-uZ+fN<8=*wy11
z5>1u712a}HD!;H8%xCe<$I$c1pSh6^`Ne#8-c)3@Ub{4qRhJziE%;aOL9hmH{2a~U
zkx2N)&ji+JPa&OP+m8&IJxZId)aURPLj3dCe8V#=LPxEG+XVz9=S>+ZSvFnD!~&j%
z=NUib>THYch~r|hv6sy{0Y9#L0mG6FC$igr9%99X%4aQP?9t*xZ}ckO-7mXtjpK~p
z4d>va^m*L8nOFAl0GSr}Qlno-TBaIKN#(5ij@57bB})siY?mJH38C<{+H0Zq#z>r^
zSDv(RlUgjoJ%aB$fG1QR^54cswBqo(_uD2~u{+~|tAri7s2xIsfHMq7iQf2OnoMI?
zLV<SU1uO~mhiM99tGpAl`SH>*>e7ikW8cD<K>8Z%9J6Dff)5?25sY`FoGvyNod^}p
zU%F*B^2~Fh1f9GSKNpd8v9aV;Xpcbl_rPdjyD*f-)S`)W^=l1fXuc!oBoD}GqdiOq
zv{@bYc^>*yABE3rlcCSNIsG7$R=w9SwG@9#Da9{RQoNSQKzyw@>0A|d6R5RiM0C<V
zw-xj&<KQc_HTc`-28<CXAj*tm{5Hi|V^}9{uI>xWf8nNE<b$;c2?9ci0s<oNf8j=!
zM4UnZC~p?8!K7n^ACE^YW^=b#2zu{fD*wHLpaib0rlea9%qb$|;{U?PJ=odZD}SDm
zTc8MR_Pv|*alGn$e@is{e!as3nSN1|U~ouN4(B7^qA9}0lZ7d~ZH!3cW`Z$rlh~#w
z!4b{_7abwBOHdB0@s$yuGlWFLBtsZ0AJP8+Sj#$@tC=tdk>Ie{B{dLu-cJj#I`nl%
zdl`a1vmFMqZvBSx_LdqL^!<c36w(PBy$J{z&3J%;QIzqL`Pl%eH^|zlzsa10noBa)
z0fYQz$0fh*AZs04#0M%*keXvBv!O#;!ZoZap_;Y4Q<o8eIJi`|YA4x-rC8jnM|>d*
zK-O}DRmlshpWHv_<0sGkJp?X7O5?0Iy-dL`yVL`_4UcR^UwsbltKqIBTe3cJ7t64b
zzmn_`qox|Z2XxciuqT(Fmfsxmx=lV$`SO%uOOg-VW|(p)F~)U>>g(CS`BhV22Fqt*
zF|zsy9kNjkuI&j~<W};|b^0W~QHm}MpyjOwrk>5)1^0p(ja{;hsi)Y=+m1c7WFCIX
z!qLU&CG%71T2$r8J)f7-Il0@{`kY(fZv0L?(oC3CFv27mY4flF3v_Sd!OXn$INj7!
z5jV2Fj5eQ9IJ^31tlEl!tydbe+=cj3rxzutOh?qN3~h>Ss}LoH@LqdUzJH4WiVDra
z)$upkA;%P5#5ecfLdUSCO!s$<R+}mYskaMLlP(4tP6P_UU_4!$GMmnyI>BJN8NrKV
zr}?`s)raQceOtF@4lVZfd}-W<-Q~L`dWFQ15)krQl}0$381$p!u(g9afotQ-<K+F7
z_Ra#o&+c|RNW`BjcPN%KDHLJ=ne}dx91NQ7Ej1mL88(#OcoiHmRM#Eyx)0pePpAeK
zj~=vM5S`!}t(ld7gmxWf6DveBixAgV@)PFJ&MYQ14yaJJsrS?&>WsC7p*AqOVq0MU
z^y$Dj!s@BbZRUg>C^5diicmt;7#SFFpMPLFUp6X8DnmG$wuK15KJ60#Ag)c)g8aM`
z`~73ZWG#7*aMet;S7LdKH{Y5wi2B}P5gQ+gb_b;mo+rioNjzR8U$h3OKy3>4m7TC9
z!5IaobE)U}r)_e@*r|}JjV0`b^Zh9~7?cFMHN@?`x+XUCw^#HgO9Kso`4Bdx^BW&C
z!U$<A%)=dqMPEMFxzde*0#h5|d8ctU;=e~(B2)Y&S<-E@Ny`cXfV;_nJ{?k)P+qby
z3t@<u-z#bpxDyI6xD|<e)%$M(<~pw)uy*Mlc|tiWx~0Ph9S8IVttK>&yR8{B$z8eG
zHfjoCbEZ+*spCoi9CXi3^#sle6<)?eymNG?Hf3lbmDjiW(#jE_2c)X8VS+skh9wGn
z9lthPEPLGEg!s`Kv6o7!_|)EVW#y<8f=?g;8^BIY?$Kgj0=0sdZQ)Ake7%xkv_cM&
zu=cB$BfX}Xq6}7d#85!#6ibreGo3~lB95C^{U-U|1J~`3LetEqHDb_N#Edu)-dM-l
z7xfS}=pvs;h@u&wDLJf+E*@6^e5Mv5qmCGnK#pCB`x(g@O^lkO*tbAN7>B8YB?3C6
zOO4`~uh$jhZNgPKM3_zWWD?;8rHMKNo5xl=upHoNA|L8$q94_TW~+OVqqT#)-L{wc
zvr~XPw4tN0DBf^1$dvlLMoGlbRKwBv!8N3_x9_5e`(P8WMm@o{>grN=s)vdvDvq*(
zR@5FIVcK9Rj^PbvB1G;Sz%KOL=Jtoq5J_`X96ubb->EiSM?LInqC?dwzR0{c+-Vo&
zWne3wz-1r>xgzdx#$ftv;^-I;_DHp9`Gq-Cp1W5gYSX&!Ee-9krPA<kDy>@_h#*ZL
zpa=!AfIcX|db*iSg*@Ja8ZV1^a5xPOTO3p(hzM4&dv2_aB#6Lr2eHT^sIrG_cII3P
z6YFcBDY{t0{lyIKM1UjGwQF!>t|uC9W*Xew_$xm;VRc?xNWvp&&D)LJaF>t%ERrL7
zKM3sm>!?YaUxJ4t*3$#Bt|JPAbSd-SL+Q~4=Q03i(h>5GN$m?F%dLR;Bh(g+|4{r3
z4Bzl9HfHY}-6@wZMeG68EuTLs!0RhAQPD%?kB3Tj)Gda0Z4_(D{k_-jASQpDJ5X>e
z2m*Rk;U?)k42?R)>0qav_s1|_wk{%Vb5@X(J!NUKU3^i)Ti9zs5wc_{xLsP=&#1T*
zc^(5CE+}!bA}VTJob%wq1m`GCcHgt%8uB7&JpP`xf__&~Y!>eFvUiMTL+t%tTKwh(
zPp&4WIHg2Bso-w}=NmVvFQorUU6sI({o;Sl>fxW<@&B*0V#+1}=qoN7p^tuB;%%>B
z;L!fAlM`EqYYc>jwkdo;JrF~Kr}TR4%hX;Jps=?*9KmyZ==36q5ZMnU>O(T;SJeF*
zKoM*%?K!jP>VMpFnb+Iv50>7a7>f?eyFgv4O-tjhA_>X0yq=smAuUJ6B087Nu;XHe
z+6EoW1ooQZB(SItcnoz!jkZ+DylQ0NpM8LCQXj2JJFhKYxA0zUotRW8A~CD6k!E|q
z69U!Vr}kv9etm|ye>DIJ<q$DhuW%Lwn{X;wUt`{0H5vSyw5V>Wx@J4jl1xZI`QeFK
z#`iFA$1l4gdI;7=sNOOs5EYxNC(}yO$|bj=C)72ne7F1z*bk=O6j_<9>X~$q4RsgM
z1G=Z|BxHs7OA`L9_WbD<@U-$7O{R(8PDJZ!)Pux#^haQ-A4FTSHG@BuqgKFBOV%Xy
zrnM}>^Em^tmGr5hka02O_5g_dpk8+Bkf})DLNO?5SE|Ma4^Ldh*oJVzZEl1}2Kl$a
zXqS``2N*mLAjgDp?PfqRz9avnn9A-73~9K!B$mTB<u)!-O>OJ_`HT6IVN=bR_7%-B
zim<tGow-DD%-vNYcE`ZlzwS1vxU@epEIkuB55Dm!xdr>%GO{^btKk9dmO#VQ4v{mi
zsVrRZu0R#d^2LsueN;OYSqfJ6gD*S*x&vFd#l#v55aGy>JMt{NX^&qsJnuw^1&Zh>
zJ>)%e%LDd+1t9K;>RC8sY`zY6$^+G7WVhRUBg;;7OEsZ49I*oL!J<glFq&cU#(ryO
z7<GfobT~>MT!!W#Izfqa^}X-)>u@P!lA2!yu?z_#VT8*aXo0@_&2V5m`1F%6JaOHo
zs=nKp=Ro)%#f^X~D3TI%mVXsKnxucQqED)vNee<$X{QdhwqCFlWPM5Kzi<vW05wkf
zk*7ioblwM&Cv)melq45pmDw-+r0I5|!4StNAchd9b<7${a?N7^^mSwJOWDpPBy_UG
z5FX%CGFSBf)EG{N#9*U!!8J)&S5|V)Au({zly_K-Otoi?#w1XlU52RRn9^%8KFW33
z%WPQ|N~Z|>{k-6^_)2(!sP~>9e_}q_+QkQtL>08xf0twqX}(;c+z4~JX2n5Q>NP@#
za0ic`L+hB_USE6(;KRsZ6g?Ynwd8r4K*Z|N89yK#estgD9JUGWtd$0a_R%kPXPoFK
z$$zz)BvN$w!4J-f-C_WyT@f5sT`3f`Jp8Qhctq2qI^=+KQVh-)2&00;zlo%u{Fyp-
zqvJ}~6|>G(OnWXhrRaDVlsQ)Et&2MpW~IalV94FGN3vr9{@Dx8XoIwW-M0pUBE<=0
zwJg%%rp%5)Eh9N(fd&=ow}bG(-CHV`oP!Uy+|TFY2upnO<HAi`fPq|AxldVp^(}L3
zq}=-lJD=F1RG+z{g#7-p+FPB=emun+R>$V4UOA2StV-D&+?gu%MfXKl?~dUN(=Az^
z2Ho$YFTyqe=efQO)iEx@2o2do`_ic>?m&LFBXLGDnqn?9I&R?)=4_HGso%^s(qx@*
z7WH+|II5k{fV<hC8I^4F{00{CHSVynv_kBhf=B+jKhiPC&IWz;vt3fHV&c&kSky#_
zucYWulO8u>h~A{Y-?HeIz-W{_ODI2kwf>iAX5~k~{6r7Q9b$z*dDcQA$^`!#VT8aC
zr=RNkn!j#Eg*0TUWb(Af2_~XDT+fyIMisO<VTD>3vc#se;UJF=f()6$Y?I7y6UbWX
zyKhsYOk@_Fdvcc|{iqYi|6&rpG0C9wAH`PwqgbwgL5ZV_C6lF#v6)>`w?9f!{yssH
zbRic+?`U~mbW><y3@AbdeeXfp4-k+dFc1*#|A&+F_Ysn$ON7CY{cxIMN`ihM@X%9T
zRQy}B72;p`^1mfs2k?LtwQmJ9VdSr;UzaHdR<<a};^OoRgbb1>fFP@C78cU<eC!WL
zYo?={U#nXL5=6sPH-=K+sPeubL=)Vd4A9Ne1=5z57M4A)78aXA0KgX{bGW4+c0ff^
z`bvU`a(W55h1*s@iLpj_SRt}G$=^gEoyjrB*6K|F$w)A-s0YA13-C8}vb&=N6CzgA
z&`9cKdhAv}1(RSlA{D#zF2^}1cYrro=hl`}^w;|BMM};{DM8mkRxJbVtNK;#eIJU)
zW`%^V!kAI@L=XcutD$!;ftns+80WUmq`y+z*^j#RR&{rRs(mipt*QuAM{nc};VUyi
zj`+&Wc{nP&jt{^&tfNxS<f}-V1k?(t!RJF57X<+V5>8^mPRGj4@4d(Nx2x$oddni;
z42(khA$-v*esB2CE}fP^X3gBZk_VZupv997V9(!caP{{RvQ*}+KxQ%(cs-GkpP0cS
z{G9O;Vd-fykeKyj%r2PEudxR!7kzzb^f<r>7D$QyRc1ix9*yX!NEZ(4_pK&Z+og@$
zggZLNyieG}%Du_QFYH@lSRw9t%t58JX-vU|q~qz*%jMq=Z2^dyotC(#UQDFeWqF2?
z{vEI}Nfy#N8qw)9zz2jNLRxJ+v*8oDtnl9%i|<O)`+{q^as-Liw0&yj^s$1eKO?QN
zDZjnw5Xb;PSSk5rV->Ve^aX3YOV)zsK=FI1CA$xh2uJL92>SzMY2&Aaym@DkPd<q_
z#y3U%3l)Dk7a3^!QdvR?xVGs7UOx`%q-%~hQ<HuDW*9BE$UdMqi0L!16I104T%{{C
z86{`OhN@0QU!6E>aafev$8v#Waav>S_9wesGn8=QUMv3ZIhS-X`lKNOId|qFg;~}?
z8VfX39btnBP>Cadbe%^5y+8%N0!7N#|Bo37`BrvLNkXnv1(Zx;(u$}z2Wb_QjH&#D
zrXh*{*VL&@Uy47mr_O2wUL<Za+!_WZaWQp!1&W~+X?|0h`Znn*)9V}*-1|>)UHe_1
zPx-$-eUSx-SD#23ON29GAwVEB@v2RY9~Fdox67|A)#n%d3nJR|`L>LdV224HTh1=E
z;RoF}TXI{G0G<rr?Q8DTY%0&01M4U~3<nM>2+x-RB%OZf8@Zd%ew+5{-GgL%QFHe=
z(V6Eu{>v!BMko$7SFa3BM^OT!tXZ-4s832jpT>2zJ*d>Y-VT*eVOt3ljvSgLq@f08
zg1y!$Z0*x&bX&KPsLB+Icf!8mC(;Py3m<<e?x#CRz|VCzGW2Op#UW+S4cVABPo!!K
zt^X;<#UyjuF`mSr;Q@5_#eZY5i&h%9>7lfiAf5wE77^`7KWP5^y1u|ulX3L2@3j_a
zJ+fNQ^|-%_{{dzVCad*t2N*XojaEWeXX0r&7==GIEc=jAz7d;^N`sk>v6}fGPuIWY
zVVwX}8no!c=Bt)W($BsX=O~=%+c2&qXTuye%zD|h@;%FfjpGd}U>QS8tbUUw(UWDR
z3qS!R5l8<~b;hBz*%+4zNUd=)ebSv95+F>(+o;M7Qrr(r-VaWFJ^h_SN7<EXZgfeN
z+>6SSb{ma+X$GpCX^jV!LWGJ>O)LU;rvxwy`2rH=1<O-wnu%1{w@7_YLVqhKX2s*M
zK|$V)2gFI(8eq8NPS73Tc2J$hzXOWq$`GEoEv%Ut8rOR*v+1(WY+rF#g=mhITFU0-
zPtRY&gXQ#ECC1X2nenePG)km;LYQm9Wybu#`alDQ(`;xu2@M?I5;raa6+E)<Xh_jn
zME-<?SVCH5lFDFzBmS4rtKmoRA(FnUg#h}F3r6Vv3N+|&uD(F|<56Vi;0ERGoPI0P
z`JoUyS?12QZ8-L7S#R4v9unV4Tz{<gLxuW?%=sNBDe=gqlAe4YcxJt4yf=3M{$HR@
z0jV+Um7J{Q7PmtZ2#O3BTIFc0OaiCkb<h>R4nmAPf(m4{E`KcubYVa1KMFti%>a@+
z`hUJqiFotol24yZ!NIhf7Kms*lA<`XejCVWy8EJpG4|TIgK@Y>$iVxp;=JT8!i<=b
zgm;LlXlBtmqQRQpmR!3O7Z$}OU`Y+=bo($0!i-|M96pd9jVpIL%Z&ZnqadePlB&w?
zN6`S~8MY`8rl$Pj*e-L;oU-op$_C&#ti;0|8WS@O_hfL*F8IJ6q94}a>#R{+EMeXA
zJDwMD3JQ@eeL>0B`}Bw60<Zb~&d%A=Q*$Yi;IxC(0R)^+y7F+-{7*{F^@?k{7Mz5a
zJ07ub$5+Ip`1HLVBJQ_NtC<v%{cO?V?A(inj^-%A+Ixm{V1C-n53oOh!+?ar)U{Gi
zK;O$q?2oKGoSb4-my2UGkWKYIGYaYvF^X0g>8vVv`EB}=p23e_!4_nt+KR+5@)s%2
zP(vZMKs>aaLCRy8=ei}1gY@gHiPq9&WfASUWF)FkrZwE828+l^)n5ymzZSegYJk<K
z2Sf*)oASjk)0`S|S#+%p{iIKUVOWiTAOD5NX3BTq_CIa5g#rN)`rltFK%FK`4W1z!
zm&4WxR?|*h1t?76ThEmtDhSAFQbHpWz}rY|x&7O3d}?ca8bXA)k9u;9bUm0FWdIkG
zLk1KVe2`QjG0SX>8O?%HWUD;Ly<&K!Cdi$prnJ=tf+Ilr%=TQxwyIUIrbokY^VwHc
zv&J4n`;G5k57HtrD&o`hisw1|+V@x&aLngvAo%rQ48nF)f!}<fcy?>~_!1Qh_~o0w
zCraSpn}1OEB6WPT!~UT^DCBZWDY#N_fJVT>UAU)8FzC#VHR{BV_3jje6i8WU8gAxI
zp*u?LY`wq2qQP%4ztpKI;DR1nTO{k!ZBm|Ke8!>|6MZ8?Xr7Q@FurP*9Bcg&z&B|n
z59@}$4^|g#OlP`mnys^^8mEd52v)_|xjkbM9=EQ^N{<?3jX=U*9jYr*QCKu<j9q6H
zPpZh2TV&BxSXHK2#4s<Q6z9cUfK{n3(wSD1iJ&auO{EQU94D_!o~Ko*wV>@{6}@x`
z)3m63lGC3_)UMR57+-JKqG{@8l}w^t&Z+XqIZk<%d4Mp`F8_mNtx{tOVDO$a!M9XQ
zor9BUYGGAKDlyP5RpXN!HFv2!`&W!>o`3J&{xkJlh0fhTTiEynRl8y`)FnalZ26E@
zo)Ht9W3L`Z9~E}U#6phQLR^v`8)kL1sNd;4aqMsGPj=)uF%E5p^k#BoHroLfHhj2|
z;IypI2ypMGvj=xu@B>BwVp}+w?%>nm#7}k$iSvU%V8uAa)@@MI6bG~fFMJ&a`Vyom
zi-Y~FhNNx{&6&zJDp%2ym0Xg0(EQ36Prntt!Opr=J15k@v|0U{U4+=Q|3PN8B2NA<
zTVflFi%#MAEEXpkF1fZ;qov4{DjSU@`|7G%{Z?o5$4d1{#!586OX|NaAYu7QG?XZY
za?|pbMguEync7}^5DJR!+OWPfA=yH?Ef_)Zcm+~x7})I$HHTg*58tdm0>nTK24`^l
zB-#8*<cd{3kC_I0Xb=X>b}H0hDZ|AU#32tWGOT#(3S?WxG>j`uvbm)80nXR{RCxt0
zZ{f=3f)V{3Hmfy2Y_`jY8{3e0jFH~N4VWsHDNiBfS$V#-WhJ3WBO?5DC#6c<%!`ar
z`8<?Q_Xm^wcs!4!*4_^G{7Olne?9aZ@=SLrFSw<eCkBb<kn^!yg#d~Z)Nj3&k`0F!
z526WfvE1f_iQ;9hm5n|SEfpi1qdZX+YKW)ZYs!huG%FTRVT>%6m{1CTM%)7qQ_DGz
zqlYJbkwc(_FTqzaKz(w;)D<k5jlNV98c|J0q}MGsJYohZrYXrvolSp*yiXeto}jJD
zr`o4eIc^?wBx)c?PNi@riy|UM8ep=#*AtSV!yS;I`f`R@gfZ2dS};<NmX#p?$@bc`
zNR@C|QJxRzdj-=PV*OF}C)%|?BZKTd43q}<YMwlwG#Gc7DHcNKRMD_QvXYM%d(HzD
zg)v$R(k(VtENj||)$&4_LQitZu0byze_R&L!JE1CaN2>Z^EYZ5lt|9jl6}~L@?+1G
z0~{-fYb8guhB)s5EhYhl*}!eUn%$loWt3~;U@;CLmxMjkHQWlVbv+Ag6I}IebDkx!
z>`C>6+{`s+$!P#Ey4(aQ#D%|Ny-+TlL<#P*S}GO)gR71?W<F7h+Kf~C$1eIJBJmOB
z8J%Mp*;?d?yjkJROlEY6?*ahnjohMC20_u(QZ~wE2KWPyq19r^gW)V-mOt<vdxlOU
zRr>@`osfxNsFKH5qMA_wm6<uEWp`GM!v?+x3ndvyN;t2*Y4K2#U89l9lbixJ5lJ4!
z6B+7Bn6_TlZa{Pz&Dp@I@|)iRq|9Y_w6A8(e3x>|Zg;ZsS$#_)<ZN@l>t}V$rj-fq
z0%;B8)rcSHw^2P`0Mz10JSU6`)Os=DWzYmbI1X?0OrZwRx^X?eUJU*;o*_(3oJ0n2
zjDwn{fZOr!)XJoJRleOE!6KYu3rdqA9i6V{=?4Nun45GNiRM^Jm>z{Do=c1!l^Z%^
zGzJCr-!v?|JBW4-6n)Dv#C2(}=D*9$nZug(QR;Fg)pnxZEC+%Jz{KVCMk{tyj>BI7
ziifp8YZQ2ns%Vt6NAdRlc)TM@Q3s8%mqa_RL(JDkl1{TSl7Ax+qCKRB9EY64mAyNV
zLyaVDlLYkD_(m$jBd$39`WPJYZ|Y7X$diRV=OL_@IcLskB!)?yNivl6Y+DYTRG@L%
zJYs)8nOMRuQU!1-)g+4o8AGSwBUE|;frk6`qE`u7;LL~TE_M0Km2;vjfUfC>d+1w9
zosXDik1l%bCn|*<m+$seX8$U;$XC;x7#3GqDkM4%)HS;W4Hf|L-?$J_{Vy-#l^KVn
zvtli5m%NMlLw~Tkaj-DoqP+YH)BgBw+Isy(lf?m?TYJ+QlAYvqlAT1Tig|Vb9X6p!
z*T{!|OJBT0%9LrgvU-vu-CMY}PceqB*!0TJ-@`V?7PQH<#oA))5>JYGm|0gyD!oce
z@a&$iS>Bc5(|=tkhCP!-du_+aXiqCs!3XxFwur186w2-EN{m6Jb>Fh=GPU@TW8T{!
z5A45A%@-#TwgT`tyqDrf4}CHL{I#f#QAXRyJR4z-ks${^elZ}QS;2)=D6p>`I@%P4
zXVOE>Q*2Gza4Il;Pc79C$|d=QU1$bHGwJo-R6Y`DYJ`tHpSf2UtdAfJi-+-(C@z!-
zOE5&eiwC13{8G+iqmD}2UJp;yp5gk{KQ#+L!iC++JGAYqE+}{khyxP^h{t~AL4%j%
z9h0&rn^N50i;Rz-5~wisB4Jlg#veT!<6zKCI+UGp1y6x4?qyKepsK#@CRiQ73|+Ka
z<2))AcG2N#wfa;C<<N~{VCGcs-{%znQRDjEFoWeb(~ML=jQau0{nGLTZ`<|}s8XK~
zTWTjrDcW7kv@~4JfLz4}XdA9!qOQKsGd?$WGfq(T&TiwGTQ0xan)kYU(^NW9@~Txg
zL~M1t<35v&e*lNEfy6#B)HFQc*;y+6NH3ac7OTcYU*X1_98}{jtEgWQ4h0+qUA#b;
zdzrAAo1M!}M3Zc-z57+q1?^e5W_5IQmaD|LSjIHjbU+Ad;KE`8_}c&8U*%+R$CzN1
z!_`t5nNvFtCOk_|2sGY~kX6`v6cn8d>P~ahl?mRucb>s!z?Sioux;TwHVq_0j>UwW
zlkOFR-P2DL<4z{~uGhfoD0oH+l=aR09iQ5@j*;NyTLE7dd_C2!>ya+!&Jy%ep(1T0
zvLaU$u$>v4t`sc*%>KkI4Of6r@qA0bIkg3lC_m}gjARz}A6m8|KC&3M22Y5x2bFDK
zG$MO@?U>pB#2KvFkFj{x+2NqaWok3D2VCCN+e(Iib{Aep=3eaygYbN2jd+y}T}DxO
z%9gXOr1EpW;lxqxB8##)3+LUpn@vY+OWqWPyI0XiuO}n}JcPzx9&&?f%H930Oq)YW
z47%0RxH51!8`D-dqW<za)ym)DC5*^_)`*N*ahmp*uV;6ZRe)a~hO7*oG&64GB`hKW
z@ORmpiwFbo%E~L#y6N5V!gpmgzA?YNSlZs&DmfjqJ4EmNu&upxkMBKt7=Cj4WHSna
zXgV`(AwcZ{ykWK9t5ZC0Dw-fH`a{=&NdkkVqxvtno3`E!JMyr@wt~9iS*m(2$T~<}
zab@XV)#8)%kfwHp;9$#}!9LvI?oax5*GJb5Tax`_?C+LpENOOn-DB1#p?{P<$Quz!
zG@U?3e!y2<4&Q|BtMCM%xKo73kK%<)9`lAI1a02|BF~QCatF(4Ju_yvgXcSsl=Jv{
z^Px;V$m+06@s<{x-M3ws!u<re&AAjvN@nHvRehLyCJyc&j6h*(N&Cg3^0$s>vUY-{
zQwXyf1JM1&t6tfOcJ$J;Z50m+UE8f1TTa-cR*n?n6KiHKrRU{0;%I!7ex6kn{|VkQ
zkSn4CD0~a1#g|VMEj@W78vnw)6p*;RBll=79>jzBqn;^VK|x)|a4t@QgK>oQoG*rw
z_K>gEa!}PJ=!i7oLAG-&Un#5X)P&1e=c@S^{g66I{bJb8W|*ratygB&tb$7Gj3)KS
zozJ!SeJHM@A-++n0~qn@AcrT%C|<0~n5Dc5@bi_>Mw+4a+loZSP<&UOI1a@Qk75pu
zP>NCKCc?UJ$Nf=l?4lRM$Zo{9!iurNa<y_GY}c0rME?$p@j^)3(=7Hyig|&`bON1b
zg)fa3kCOXY^)gQ>zD90Yq<@Bz=)Ojug`9xsHnzM*%0)(tL_!&N^GRcuVmU{_v<vGE
zz*rr-ZqOI(Lwto^oh$<i#~zec)0dV;eo8VYx_CPY5$@hA$PIASr*%WI4B#$OXBf|_
zU}h;CI3(T5`@(e$)yFscB#2hv)@U<5PfI^U-k=ha=1AaNv>4btk#z9<6>i~=acnx)
zSWli3e0th7w%Fo+1?vgEX5}gybEG~76ixMxCZ0Md`^5<y1$vM1#iAnc;CfiCd7?M5
zN8jaf_+2QYH+sTz_}ZNC%0$E(^`l4}P;oPyL-SvhnztjUy{`j;{2TVHFeTAdtcGjL
z;`KkggwQv{_Z;O#Nf-*koR<C_a4~Y`)85+a+t=X_CCmy1R&<UuJi<C68d=x_r1jVL
zWHdcWI{Wl@Hzw5>oo1`=k||y9rs(kpw6(RG7N>!Lwg+Sjn6n8x<bkzDa7cApGuq4k
z^=+y@Ojl7y;}57-SWNb;2|%u3dkQ~K5>rzIzwXo?&AVLjaVk=wy=k~tzJTCEVIEbj
zj@%$>`bSo@TnQ!)g||6E?=Uie%`uHrjuG`Q_GVizjX`6<(7!L(s&SR`ev-_&Q9X(k
z3`u4}vzO3=cOFa@T*>%-`1=kRw_Xlld#-<eOx4lJ{`l7;$!GZ05Z|h+c0}7Wr7V6U
zi+zZ(EUPtS+Ek%ohnW-uQ4kVIAx$YeZiYi5+|+*f;)1HDQDp$S=^iQwz^H{{UO#pR
zEfeJqpXy+#aO^PJeTWG6{qy09w9kJff?|Wdi4|{q`v;8S+ZPe&%Om)S%s8g;z~)=~
z5%h8NL{}u5!`UJOps0`(52H90Tb7lo!~kN9spE_3mt-{*rdDGEi^*EdN*c#V^sE@#
zz<FBOze!h{${oiv(5k=zj{?B-iD?@7v(`)-3}l|wLqij~lNn-1CkpNjIK{1jbi1{*
z$WhzhGO!gczkdjhD59_dD2ps8o={kx$)<d_C)_%ta9o94|1uZd5R9zU;pkr<Xn!P-
zNn-Pk-h$2FiteA??+-??5;BdGerTm0m}>{-Ax|145WG}u1#2Dw+`AYZcaQI6KL#Qn
z^|2McWFwZv1g_qg{rjv|fY+BVB>qEI{zR&`{Fbi39q=xr`I=(%?c|X`KX^D6jw=@$
zgP}Ne!O6{We&cKNkC1{KvbsHtk7Vt=q~ja5tAv=0g&56<RYsW)`dcri`>O`Aul2;P
z+{DA<A#R^=L#HXg-&?uJQM~5ziB>$85AaIV^`~oG3tgCJ%0>90WAiyE1*`JrH%DzT
zNtV3yU*Kh^!g0o3p>;)#igQv|{<1%2qEh;%4vjGdT`wod(o5zvHHqrbjy5Fi1ng$7
zhjqfHJ9Jiq60!Eig#g~SB-M&_Ma&G!lIrbL7s3iOqBetoOci%d!^&Ula2<+W!`K^Z
z;nqj6^wcp}j?S}fG$(u^S%&vZ{%J2ygtwPmS|K|oEdG+8-*lmlCDn*K{eW_|$m7>K
zAgIQ*{+o*Nnn~@aqHLV_VLjbvbmIwNQbU>rvDOs3!ng)M)B-0^qUt-uWvy)H`uFqp
z*6PSRv0oX0-Wgcj`fw9;A)^^+J78ePz~D4p?V?M3t&ptRW1zPZPb5{G*ZD<^i<BQB
zo*9(&_poan;4h?;+@j+%*GeUfcA?m`INWqlYM{nhe)bB&xtyxQobI12M=$#$Vlr`3
zJ#(n=x%!NHv(cX-%6C^0J4Wc<?G+C08Ogf6w~-R?hNpAmsW;qyegkvq8RGp#Gk;87
z^rSTbS2S;t!|E`D*mNhA!y2wyHnlfI(-hUC_L|DC+I(=M12wL!#{83tpg%coPcRIW
zE)yqF^{(s1v9#7tMYCQ#R+Vzbzj#OASYrd{a^$-_r~L(R3qXu&dNX9t#`^9(m|+dc
z!SM$4D(YuoYO@6}^>#y%5W?3w02}lAl0T-QQ2ap|z^)a%-Np|vJLydmoNkaX$BE|q
zpI}$~QHJA5HJV(u2k7*Z?V~UCTAf>S?3k!JYwX$@E=_zwWk*x&>h|BYS~Z)x!!A8s
z2xp$)?CQ*Ya_Hdr)~?7uAMJXrNRG0+#*;wr6`PiZ{vswI!eb);zf&r6CU-Y$J0`Gy
zlRE&M|DPAu4sPZy4#xje@!vieuA$#n+`kA*^k44vKLbMln|uA=7611`C1W=$H5X$K
za~D@*J5eihQ(JQvMpHXuSJxCZS)WZYbOE&W1UovvazF^BH4LdAxkkhirpj1w;(n=;
z(_%nUa<egub7`xNHY*tq2_5H0#0ygWDX13kbr<aEgIe%v%;5~P>1UMpmd|mntKr-E
zwc$626T!}5LTK73kKVHLbe}uH_0g^1-@7>{(HueMn}UsF1bXUDaWL7luY`^*_M3)4
zbN62JT>u&w1y~zG^`SFV-rpOXE868_$euZ63v7csQK9zn{AqM99M%#mP3CO+_W~_@
z4v!GMW4<5K)h=pB{gi1v9nT>d#aE;720V!zb(F6T#9bQuP`N~uB4PYDD_$ywX}*eM
z=};vd<$@S43H{NprUh<QUBdp1v&nfk0#^|H)d24lu{UG;h8IVaA7K^U98z2=(q50J
z0)H+N_>M;L_Nusxf}IFiv#TVG2R@m5E@hSFNxkbQo<DFEKd8;dUT?vKwql+R*k#S~
z>ckkdF+6=k*#xO2H22cE<J#n=^2eATQC}R8f8!!KjO$d94455tR$6%^Y@N#9HeZf<
zU;`*P+c3PdCT+HN&^Wax!1xk9l6LJ<pwdiyPanT#&<bl0awF8YH0Nw7dxkpUr`T>&
z_WN4pxlfJz#URcpYpFluWpkVDS2-FAnlsNG7SBpdRv)n+s68+WW98A1oRmjbDO+#m
zhREV8dcH{on!c-04EA;ypg0Z>q&U3>m;plhT5%I~Q2aneNX*O)-RFZ82{xX5)Df68
z7!1w|Hf*Ld#hSVAMz!Nc(jNPWdfEjE7BS$a&!XZdv4U7|ffCwyW^|?qZAh(fW~iG-
zxq2Aq|KaKzcr=T)ZM$sSwr$(CZJS?Lb=kJ<sxI5MZQJJUd-8IVcapvTz+O8uV~sgL
zJu<aXO4uJvN-gmroZ`93f$+r+vOmbfdZSgw08^3?y)4!4)yP8Tmh<OJ77$9*DR<#W
zjr&Kga*d4;L#6S=5eUO4wk5B$UFrl<Boy-lZapP=>@(&v<ybX_@e}twcUr+TzgS;k
z7GAeRV?i{3^~4W3RT4gdM#nwJ&=TF7aR-IUjP=CTu+eGguQT4^Mw)Y#us0@!Zv))K
zUvX|ur?7aEEZ(4;Hzcg9H2~8)s2JEJF#?7K<t>zMv1ZL2gMD-Cm@Yx0k+q#&I=A4I
zaO@<)h-sAy=(4!F&#`7HPu+SF#Dy$1j$0Lna`>5MAyx6pn5;4~swO;#VlVHsaeyQ(
z@?^rh-VX#3UV48pJxRt0ejzcF@{ZNT6iL<>m<e8#4oXnPtfm21Duh+GoXq7nNCO^_
z5hNVp1Zpz#KSB2DKb~9YKiLx9kWh&o%VdCJwH*~4HPml=_Dr};IY|-W{8?aaYsjQL
zb=3LgW<gfgBx%Yp^=z^>xn@0gr-p!UIKSI+2ERFqQig8Ve}s+fM+wW9&F51Ai#zWN
zvcD@dCtl)M8^_D0OZQF3$>o;C48Rw7m(DkzB>Y8tHiXG&IC$*LbUM^YXhf`&KnMVx
zIyi2Ir@@HSM_R&q$mW|z5`iF+nnEbR4V{L5ToHl=x57Hf9Aw*~eS|NfG51ulR$-xT
zo1^zKxukY&7CE180;$nDRar8FHI3isG_U7jyHch5vRN^5@l>Gp(ncZ@TkGvR<&5*R
z#kWc0GGbu})-T||l>&(0vwnvJt_6T{)%7A~InoR^HCb|fYMYp)`#c=i%h7}v=&)ab
zEi?@N92?KpYPp5vNcm6Lu6`S(V?_mu90b`dUt|H(;|^Us0!#}FrPMOI6CB>7-$kcf
zD?0mUQ|PzZS0<|lzAmHNgzdexE$1ht#Yhdqx=zi*QuIO--o>s}zp%3}Spk2#6Ln3a
zkcHo-quSP0vygSOvz61-^qn8bp;Q+(G_Q_APU26FGQxN5JSV2m%}cLS-YOj0;QyZH
zCDL)&o+qUCo9a`040`x2Z0BR`6t*@LrEY=`9n$qNw<lU?{=z;Tb_2QMw9f;{2A9v9
z=+%NnsWgHkz)BMt6BL-nd<1NERvT^i!qHl4qUOY&X(HrJISSXTyFRY9g&gS6_^wbP
zrn34P@2dQptXTHeuUSMd0u}NFFSq8Y4iC)P)4Mc{9Dfqf(aw1vt@1;yJKAAMro<C0
z7xneS0c*SR=_laNT=WxL1x(HivovoxN2=v_%d#DP77j{B3&CFj8vq<iN-ss`{j?lT
z)KU|Hrniif8kx{I^bMEEv;wLmw1=A0d|{!-xO!uywe}cJmdAO!G|;=?z@Ssi_HX0@
zD@)k0?tCW6Z~H7#pNMa|g?3>R<_4$~tW7~emPR15LR-RDN%5yRyHM$8jfgKex>r1=
zPa#PFGX5#W!CdIVJ)m7qT9@1cm`l**e2RR#1#%7p^Tw|2hb_jeJM<prQP#o75rul~
z0|BvkNRapuq)}||8_S6aHsOJ(p9oSt!qg2Kd#&fR{wK5Uo5*cuZU!?%^Op%N<(gR-
zOa4_o&IpdAjQas5p@ZNw_)#}eMx|oH9lLhPNu|`AR-!Y14Zy<toqY~@<!ZewLz!R~
zmI<b0(ZNyKQNCPfHr&1Qhlv=7)?Ar7dtan6rc!{YeX-o0`1vs&lwb%msw8R!5nL0K
zX*tlo#3V?Jaa>zU7?lfs05wvE>Lg4zYScoiECRP{Mf|peR@PrbUq8awnOu}gSrv2q
z6b(*1$aM~GPHmA*qC(V_Szqb>`f1Z8(X#7d2|dP+=x)pYOoSN6hNo!pB*RjwlVlFK
zNLI8va^)y9m7V}qD*v0||3?tw)=HxV{}6=#zX`+oe-nm!1rw00X6K?JhU))J{z%?}
zgKb=_TBRDER%Dkz+&xRIsI187_t!yDJK$<c-uuqmp|kDpBf=XNo}7|7uD}^A;5Qb8
z;t0YwkicvB-lg5T)VzE|w(CpQ)=3uM375qSzxVgT%rE&u(_KpOLe?zy*-(#UZ}Nzj
z+wO#a;DBfv8xt_l8sh?90F5{#ft0235NxkI7!)Iegi4&Y=(Hw?P=hJCYjSjjf~Vo8
zYjS$OQf<vV!>H)m<y><ao<Qe<lT)Tzl$z<vfxCfL>;#<CfIA^D!<cp+Cd<GS1Y<A7
z{D?{?A-~eCo46gQ*<eMc<SJ*x05zlRZNgL~oY$o_(*<bZQhHb^KF}$-)r$=<aKk-A
zvsJ2=?my(g%ig^By?@Oh14x<V(5+o;v}l7L7*lQc)bOQqj(K$X_%kX}Rq%OjTS*Fx
zqr-W$*?FTSpDu_5{8n?e4m<a&M>81}V7rZRjG<D1d{}Xy5(1O`c9FJcDOl^yP#dBY
zf&!6;6$S8WIZnTiC{ByHvNcl!$F1Gt9ASE-DIaAD#=>jB%{7WK!H3~S=Sp$Z8-a^4
z+cZ73nfX+ns+XBR(CnkeOWBgkK5#Mfj67h!W*ppr!-BWi@B}+@5oF^8T~=)*ACV%(
zs{g4az>K-hnQdm8jh6~hlvW}rwa-X2STaqHLI<$ZL@cuNEp4jOg_7#Tsb(Ec>|(-C
zO;2rVnsYwY`)3xAR$!b&G%n(zRU<}lT)=Lf7hJMC-N1J@O~rZ`hMzOYs;F0v&GE8X
zKK~O#Z}?5MT;gsaJoQrsiP(!P`^0YJ$Q3><Zar*emqavi7FQ@Ki|RHEq&IcUKkDGJ
zrvSo0cIc{L9Qq#y$@yf<AEg5_{Bs@Eq0h)*=Xo|I9M~d9mgtD7K;`tP&kt9mctkS9
z8{)CvfwawG@*SiW7zIr*jDC-J{t?F?1()BY%NVF=z`_3}qmy-^Q;~S(!F>lum(p`P
z9h!WZ#V5Q+oI9e!6mfH<;DmD<^dB^W>jC6hSifpSU4cZl^p{BZi)ieRK8ld0gi4%y
zn!$9vP_1g*KtPonD$HSky=Dvh3KPVYKEip2G`xaTzM^>CV#t0*Lw`dhj4Ae3o(^r8
zq7gsRb&4R9WI7c|DhDlMmzSLVKsKH*x;@(de1pXP;l#COWRwCY8qzSggt7gn2@`5T
zf-9BAF0rl?#1>*N6Q-}5JdmTjA*$HKT(d%@{~97e)h8%nc<%YHD?w<T>igEejrVV=
z#5^Plz?3$W@Bc2nyC<C;$T^6x2pPi|sb!uai4B33kdYxx`(%N^RXa&J#(GW3r#Fq9
zs$uNaDwme4YnJAhi!IH7#fRt%nyUBb<#axtyH}pIcD~>B?cN1Ww$~Dv=3m}Fnm#An
zPJB;zPBu~#U)OJPed5DX?q}}HgZxkOV^3cI_>;p-jNt)j(+_c(c=+BC*<hE(9zc9!
z5typM4=|D@v7v#wgyz~ne0{;t7*Js#9`~$FsFC@iMzx{RUhSHbhy$`hd8$WR`-`^8
ze$X>_v%LIc11@i-2zV!6#%T<*pT?X+B6hwN{iRf$y&{ob`Jw1{#0Xsjkwfn3nB!`I
zn%h|&U8)djCe_G%ao8q&?@Wc4TV#Fe5EfMZlKXUg?db_U(r+{rv|DKXvwV&>+T;sf
z-I>b4{3YOe?LF||nP){39#wt`-<7a@r6ck?y-MeXSM)F(9aMdaRXv6fbtYTH0dc0r
z@O(X3JZKN<PN^dozQqAL;otPhAo$pTWBX(u)$OW#bRa$j%f=OvuTHfiJN$RD+}e9E
zXah>Y4Yh7bGrjy&)a|`J{%egjL=RX>-m=@caiL_7icXoMxbcC&k-9v5B`?vVNVS*>
zT$MFdu9|y$C&$=+AGGa}qNb1m@kXkm5o7Tvt8Z-+!PwBrrg*+RMbVob)M!|Mc(i5}
z9VQDLA+s0IdWVDDCN6Wod7T0W$uIefv(?qPwqlcy<Kr4Z8w-fpb@%g*r}a2|{3^J#
zIYZC7oboy<<d}5t)y=BV{gClgMmo)n&H9qkY9Aj7mzR|3n&^!VosCQ$pZ1oPmgc4=
z@QloVI{@&s)+M3F*0l1xzoo^1;x-$fJU1H_L9;>C#_~!RJq;Jax-KieS4T)1mNt?2
zKB2x_DZBVn!z)A88w9K-pMv+%Fr;d`#7sk}zIG7;c0{-|JNAOVhNP3Kyv$O!=ejSx
zSvig_PPPQc1FJv<Sg7mS=2T?%;37>|?~rl#Abovx_QQpSyOWn&YKd$BPOSOgJQ4jN
zZ4}5`OL(~K#7-y$wa_7d%t2I4)==wnN1u)|)3fB_{Y7r^VR7*8_VC0Tb#{=LgThJt
zye%8>;Ub#gTr)(3B)#ud$AM?$ehj9y!E74diTAb??F|!3FjCDZS-O-A_{V_hTb)n?
zcCDMcSsIwoB^hsdNw8J`smI-T6`?4EzM$eM&d<@LXsWpv-?BO$*Q-{K=}(D7{ma2X
zDmNR!F8A!g3~H~;!3-AG0!#r4tK~Im^MU|b(k#d!D0QS}zsH%;UMOp+I<KQ#6$NHU
z{ErEZq(c|_KsQ3pFjbDffum6ulqizcJyW>S@mF)B_Dy_x)z3qKK1n+nMpMZx8gD=k
z;x8&j95l0nov`%2IzJDkXDv{dhi!fnQQLh-rv!7GRn`I{z95jhG$cJ1%hhCPr!EqH
zM#2ig?PhUA_>s^K*gn$$ET$*LOeB2PP-c7P_e8?&-;3$A<Z|(?gaNcrdcSMe(rsJv
zIYW?6454wE!*UV;+wh|A?pP(+dn%J4Gej)@R?@xGtz5_)`CcLf!|wWwS<+Ukc5oK<
z)J%T8r{N*wr?u7kdo-xs%6ke_zRCR>G`@1sT%)WGfkxvL)IW!`f`$gGi!bJPxEL!*
z{oc{uw5uF*DB~{J{`Cn#FrM$qHk`3_+BTkqfz9Tj_$(;^1{?U7vHhkpS_!*}rF>Kb
z>=HN1b^A0Cq%==?aQ#J0$N=r?CJ5iDxKSzHA#L%74+0*5$P}=<xkaN^Y)BxmjXAh_
zNeJnF1gvPwBekr#Syr5$PUhzCu^KaKp|P{bP}hZ1DXaa(&E;`)9cy~p4MI22)Pn5a
ztlL!=rksp`Dar}2KN7v{ID7tc@aUQ_9jVk(4#kGol9T7{_auL1cQY(^;w*>W-x29y
zQnLKHRph2WQ_jiAH6A;=IFF!2_viRU26-yXkvqh9tz9Yn<oCX?4MtXM9vS%x=J;F{
zVP{r1wO6WFOhj6hZE@#c!Mm0AGFiV_cdG8_d@F|mxqBOFB`1_8*gMlLR-an$iU&M{
zm-64Z*mG2av#09sQQ|FgP1sxVjAmb`qcHsWQV;{5UeWwA9+s{gTX}O0u8{m}rWqt`
zB*ZV!F4n#nJJFk@d4E|k-*Y1F504EHJ0$je*t%nT^6tJqe-9%F^E?7aTR)1t#}6ai
z4M_d~#&8!YS<2^f)63(aSy)_;Q(6r$!+Of@3P01tZ{~flze4zfqQM51<{8+&kqKsB
zCqB`ld#FQ3-k_p$4@+6Uu?bXPt)g@HYHdDgcQRPhB}22z^Gxo^f*)_@Ouq9Z7w2BX
ztR7b&&qGn=EqTX7+4%csnBx0QumxruqcDO1?k51@3h_hvsElDxMpBb@QYkFKA3;{;
z%avC#e(I1^#NclrJnpmFhs@>dZ|1)baEEhynr*vRnWG}<Of`2cK_`AXunaJ0xF`)8
zgSXV+S+DS&P7%1#MXBb^Fl;bEEbOH%k|Cewg8~H-CLsp1MFw-Vb7C?c^RH~*^b6kr
zI-7QGZJy;fA7kPAr>(8bPv(P<29<7sK=SR{(EP`=xlr)F-0AZ`$@+?Sr_mmH?~)#Z
zZhW}wFqkatpOUx$Uxt{WK*e%_9AeBep;s8^c*|Slj^0)}a#rtL|C+m(*AMKTX$QhL
zn0y;i$`#h}`}{j6e-!@|dT7Wrs5cG3LCdS%27qOTUNW1qK0?@Ikhw#SqJfq2GiF#|
zmp~Z6w?(%^!}g8z!wJLS<?0>d-FJvF+r{P+D#FGSxc8mW)Lx$H>CCD%Lvm(9(%Rdo
zX(MVvn!}A@`mP7xHT>xlcsz^h4m13@7j_mqBq2^rxNrkuOK@KU7&vx6-Le6g#bfhC
zYMvFd;<S#{u=f`O3hp|HYs}ut*6c7)ru5guj5C^W<wcSttA;D|@F(kg+i58%=%SYB
zquwUahtH1yM_4M+I|sSMJV%n=)ix?!r(-HdgJh@6icZiC&_G2BwK_(?7Z_wL&V2I;
zdo~t5q{~6}@D&qVkY?nKj^F@qb9u`N=j`izOVijV-0bv*?9pewxAu_Vkbh)LEK<#u
zx2r7bs0o&UK)!^f(9s2-v?>xftr?5+=4l^`_C*`Gi$=Jkx=MVhY{g*kQX((iNtdkJ
z`Yyyl_-iuC>r{XmHoQi{PBS!8<oLO<5+1&z0re88r^a}Hgkd6`>k<KpuWKqEqAGUu
zn#52gd{+Go_q<F4jU6z9a^e?h!4x-f*Le~^jaki{R^g8<6MUVO0+_*-t&?GoeW>#H
z#YCSb_XE?ZA!c0`gZfCDv{`4LF65i(Pf_>6IrInnoce#7|6I%bIG-j0Uep2)p8d*q
zYPcp2U797gt6oZX#byB#>Yr2NijvO*GM&thbhy2;-6(sD)vY|#2FW$`cG1RKS!ngn
zm55JDr@U>`&j1)|Vp>caIS)q22VDe0Nu@W5R%&}G_5EMxGQ7*IK^uct3lyD9?6!y=
z9nYdjD`C2l3)F7MAFF8rz`{s_Wt9x5;o&dMtFQ;>=P2H7Yt;bNFVIh1Ayy;+eHGV`
z`_N)df^?B``WvH7p2H|&v1FgGAE~)^gB)e-vn<9kdim*QD^Y|aPzjxqpQC1Xjkx?M
zo69Hn<Bz+n<CVDQY5poGfmDTk<xo`>T>otPctWrD#6v?wr~`AxmuzrC(9h}$-6!Y)
zITYj&dG6}TAt#{0Za#fdhn#QS0<ejngamsNa~b$GJ)R$Br_!NLEdUeDcFl6c5aA+4
z=^xD6Qe{QmgQ6erKhOa|JZH3()vE@-C$PMCafV8rPspSvgnvKB=1O<`5l$IfGw|-+
zPSn&Le>^LPb)jJ5=Q8|`ejl+yeXM_Hn7p%b#ju@q9|^!<zZGD(yXnWCQJjqY)e(9<
z<Vm2uF)AnTTdJn&toCFy&LbP6<jhZp;0II)VNk&0Xp6NKs}&q9k1+e^zSe7j6o=L#
zFrJqSrHYd@Kh#$EPf^_Khk+D$e)_bMvm9wtV1!jMY11Tk9I;x$e;(sRWEP@alonpu
zSVIJW=vn|?-*pL-^Gi&^ym~z06XX#~lLj79?5+bBIhZU%{IZgkUl4RUvTD#6Yl+5f
zH?Lqu)2~NJG#<-|fIAIpgnjwa!#34>O$F-eg5bssc4ZK^*|h|KKp8`k*rS-YtaEF4
zw<yG|niZd)*7`BceF!hkMP+aO^L79B!Kw{__(bAR?G!3F2e;JOnffuQNm;UxmkSSn
zB>xgFv?<`nKay_(sGGdnX;v9l56q^Ou0ccXBa2^SY~OeTJqA{XweQlVm=+G*TfPAX
zFd@VBo8;(MN+BeJtCSQQ&X4@)N&T9)cKuV-)UwTQntg{Ow8F#cGG5UInhJ!uDCk_k
z1L9QGZ5uq2MwF73gV_@06t`#tjd?plJi@5Ud=^82Zxmf#H+;iWTwb#IEcoDzxVEgF
zs@zp0C_A!pbxT=sk#<IcwUu;5F;#g=Ns+d-44HZV#U|E0-BiNO#j95e{F;#AZeuT1
zt!K)r&pc8_CIkabd}ZR%Ii?&=p;s3GjaT{sAyI%%J>GOrH$w)9x)6V?TdZ!={Kx4m
z$;$;s((|IMdLG|dle}DdmI{j7O(s}z+v=>Wfu0{BW<K(5IqAe)=YtXNZ}kgq^xok^
z0;US)14hCiu1`MHUFeQW>z@nV<WMW2K=kFd5lf{TOuB2Zy?Q0;o7*-NRizU^RoNpE
zkZQlLnp?!oS@km&RK*=vKD<Gobz<Uz-!v#)xl3}=+=F#CwYp5I&%FlfVJ+ojo3C}?
z^r>D>?hB!wV_FK?>7-AYV^qqEw?@?bcwsRZ%frhB4YV}OQA^#w5u44H1vvRCGMZ@k
znf9@Y3Bsa*7P5CIGb{#^DBA|eE%7fgu?PrN!bk0dR-bJzL0R9n#l)Yxkeyzhn>1E)
z3!UKRU2}^e;ueY@rjg&QgR;Ru>2zK&HkfMO*bVUt;rNbI+VN_0(7gmlw9ax|oi5A*
zknl<oETdoVeJwvg_{IF`JX$gQ<z0y${gHg-Ak+z_3V}=$h$@7mwWI+&@yYH)-Xgaz
zM&}{L&2x}fd69d;N`^z09O<rPLrON!{S7Zf@C?NiXUv`#M~`;zsHZojxp~Z8vEz>|
zz3*Vu^AN6Vev&J{6TftYR-EYcW+qO>^`$uOsN2(L#LbZLT{(Eg2A3kkFu{@zTv55y
z!H!_gaKh4j9g#~MjE@080v)G1d78g!LQc&lp@~L35MgS2NBE1hz0qjIUe)GFm>T$y
zStdvxT7ljUIu3s!*yg%9@%hDeBfz2EDSKyc{{}=ba>;`o5UQ0ah6~$4<7u4A1#c^#
z+68aNr@Mr$hD#DiP|5}mAzw7kJ2BQC4vG-rhel~-nmYUywh;%QzV~q=t2)txeh?@!
zMv08Z7RDpRR=oPvW;@V_=7_;p;ukjSFLt{R&j#emf7<rXw7s5T7x(rxGo7D3+1KC}
z(@B`+eauz4S{&tc{A$aT56;|lNUc^Oda8Uh2{(Y#;4-!#;t2myD8a$}hv(e!y^+Nc
z%Nz26S*I_`Lc9Pu&(G?CrJ#0QsjOIt8;FQ%+YgEHt^r}W=SuCf5qPAbuKZaPDlZ^;
zPlSsfh@4(Q=J{doO12t>vn4*sA*$FmlEr_)->Gm(5lS`YXH2~@d_}Z+3V}7<#ies6
z0v`FlHs>iqFYCQv7MuBmFq$;Ho<Of|pSkq&zCp3@)V2XYfAL+7w=Qns!G2Y_sIxr(
zfm+u(L2g3N?9-Ph_Rt6v7F>Nph9ejp3*+QU@S8t5)LnIxx2lO0`wr^5H++;UgEKl8
zw(%nCPKlw;!xDZ|QbI5%ky;V_ZpaI8L1NZJbb>7ZkPbRkgOty&eaH`3>wTqpx7kz_
zDV^IfJO%}rvLpBI^aYB{{srrRUOKrsBVfD`E_eeo@0YNbI(tVi*Ld8MB>s{70mTmv
zp`miXJ;a-jMiT5nWkSRcec@Cg{6&f?;V;(H%=ZRW6~vTjS{*g64JFq&VMg0_S;j5?
z5HF!n&j-m?+tx}iWZrZn1hMCE_lJt0KBFZyz9I(Dm#Z%%?UyWyEcGF;BAr8iwgbCq
z_Bd1jmK93+BsA`!=q6AAUU|`f>=4&Nn@jcACxeHyvLmsodF&|1R_M6|G=9Qw%q&}_
zhC!-Y&)Lt)`s!I<y-Hf5Z#YV@wl^2+G`IuIdy8KqPvfo)q|4eYuVqy)Sg0Hxw`2mL
zB;yx=CPP2e)xppo_t_Ig=@DIeWWyB*S+-rPePDT%Rq~r*zW*U^^GD6P2pjBlr$}6V
z!TjB0jkc)}?E_&_x7C8{i^BZcIQcvBdxPDUuA7*+Skx+H6S<YKaLQ@UfozZWoq+3`
zff|(vjBBs|HB?6C4!jkbUI1aIG9bUt2Hy?j<Oissf@lmn5p@kQvB(4^F_?V>jt;y^
zU+-VMX2L(7jQBsKx8OQNV%8cYAX~%B7gYoAr~8s=!W7twG9SkhhpJhIP)oQC86E~|
z$P$tjNH|Z7yko#TVJ+RwJw=eOtl3(};UanYqo103$Q&hteH%ji!Y^{U(7Nk_;8|tp
z{bTBqyd#s0?D%2K=VAL}tLNtCWjp8NMg##wGZ-)}1Vf9j%-fj;kr~PgK!}M_Hzmc5
zN9wN&Dr7b_^>m8rv4`6u<LycE&>tR{@Zy{vuwzc}434tzObFdL*@f?n=+UP;U~5g3
zx=wK7(8uY&NPB!D>I^XJQX0;@HQ)A<A-nF=Nx!x0^z|V#_LLyo_oP4|A=;eScp3A=
z*rqGYt(M&9<L%Vw{}A>B03Zn<_x=$1N{XZKPeKqFSy7Psst#*!G9-o)B;GnfQIPox
z=e>tn)3Q~iSzoTGaGZybGq$)W@)d}?(Trcf0Vm6%tSrcP*uzZD)Y^6l9Gs@Kjj)ra
z%T9$~pIsA{Or+78r-wd?4y&ij8)}uBQ4~PwMB`|?uBxk0O~pI|yj^sNsO~~#mL6ft
zDwnIS#z?`edCfws$qV>I4aviZPGL{aifO>mQy1oqO7NB#)9efF&!^1;c!*h$&>`|S
zsc$aGc-Xei&3wQ<?bNdh_-j=-nrdY04H`Tuzp_Fz<mD&ymzKS<Hy#^Ofu%#O5<ErZ
zO4+pa+5S+-WR6(@1f&XR)g)4q$u;Kq>YIV+*h%*iYc9*PBT4BPI^vRo#^jmV!buFW
z_J~hy`ikabvNvLe8&&B?oRynGSvN>(nc3)a>{~+Q29ys5TXXAD)Ddj1iZxYmX_m_I
z=3x6txD2kON?l0Sr5Z_Fn>k%al;3WbQfKXH;YZB(tIwSPi>tHnY)AEyuSr2F$oPad
z6mkkOoOF&}{Au>$9?uBYOv`+w5(;S*iGQWGQqDlZz!lvFnVYNA<r|{|N6*JsNnSLu
zcuKs4#!pJZ#~@iZCew_Hp`>|OEqWtlUK;};m?{i$>{aWKGEr@h_q<w#`p|9FW<%V;
zHsZ;&f-6t~QAVk~{mNnXQ>Ws(4QNpZQGub3DfjE9a8$3bwJiq?(D=hafirivUfUnQ
z-DSHnul0eoyOqe@CA$}#rMoz<B|#FXzA&-Wuk7Tcz7l;NcYFbYD$-4OU^^oSqh-9m
zBt7_OKJ$YJs9u>|zCZ<%Z&|<uMi@}DMi|gOp<}54uWbH>yDe2e9+HUW>ue$}Y1y|D
zNG+Epq^C}w`uzl`pGXRnuPEPDy9}>1NU1>NL={uxn0MX_&gU%0)!r33&}G|yEs^Db
z^X=v2bj)d_zHoRxJw8SH64MaNG9&aohFu?v*r}3C#ON;%2^n(AHKly0%t33ikXV6N
z^o+v+$B8*MdW+4G69F01i{hb$N(c3qzDc@~&;_a<PQ^j%Y1QR1Ivv1tW;}Ll_*~Tj
zZ^WCVmB<+lGG?`1+;Ns$#pF%%)LHFtn$1#nMNG;iSMnR<eOZ_yF-LY#x+qjD&oUn#
z#X0sfAX99q@9K&QKJL>bJS~r<bR-9s9jX?9-@t{##@ZS570Iq@WafTgXdO(E(^)DT
zlhzuOMa^l6U1JY5#@qL8v@<#x6Tqe~xH3H0dPn?I%`gmMdWY#E-&WT3z2_HN4<%YQ
z^dW<v%-oPtRQgy!Ctyc$!cg$TZTX7K7|BWkZU$1m8drba+M`K^5Q5B#9SS>jDs$NY
zc}FgrR%FQZnvuQP9fsz>9<K%clqey|Y0P$TnaxhmC2ofx^?SsA_SA;?uZJf~WJomN
z@DxO%O$txl8wIImQd;Q3u2&72di}g#cZl;8I0kk_x4b)u;o{he3wrBH=XU-J+4ta8
zCLq`rCcWSHR~@<@kMB}@K4rU79C-SGi?x(Y`o0w5K?CWD2^vcyFr4oji$<CV+;yS)
zMNl-&Bh|zVJJh$B+nOwTyR;TXg&tRJp=TmZy(tBv-^WvJ>G-18vJS)^B^L2K3mxJ9
zB=4sHo*acuyvHU2v^dM|W}`Ps(SZmhRaVxR{uRXM*!~?v_$cC8MEDruRYq{Y8Bjr0
zFN`HDvVi0Qj8#=JU&3#BSD<SQn*s<h0jSfc$JY=<Lq0S%3#4-!Pee4WNiLW+2iW9o
z>9K+eb9y+fNt{9thO77bR$I`ER0}1RK=XCP&NIA8f{`O0^(d1*NMY8c9Pa2~R)cu4
zw9^Z3zI?V9;rra*J1ybM-%hlEb8X(hd@MOlUMt~Bfy<e2<bzgb32hfNBvx}LHY78p
z8$ABdq0ldjy1~%8okVvzhwXhQT01v|T$)*INQmiO?Eoa({n`sqJ_eEMK4dZ^Wn}n-
z%p5i@vAtc+l&2g|b7BgvI583Q2`z%Jg}sPPq2SWyJ5cy0aA{EqsUiyi5lpSt8J%C7
znM-^>aI=~%5>=;v0wM0`#$KT(ZD~-Qi@kJ8>+-zE6{ori|MKCz(#nN>4tHde->2IU
z=CYh%*dJml<;TM98{-Rm+I%M%;-DRLVF!x6mQco~Sj7zmOX=BZM)zILy$g5YRjJLO
zh120e(I-sz1(a3{1*2SmW*Glp{Es1ZT*M8>NX{@3VyI}=@_zB2Rstp`c&9r^zUmnh
zL0))0-f*Ei2H0>5Lsd}2wpV`GbXIy|x(=u*3aBTaviVO^0N3-pMqCjdVfF{)LC~!(
zp6DRTX`xDhkrTnv8qhu;{dM1zYBoPF*|{SOd_vNL=9M)3uGk=;7_rO4J**&qUY_L;
zW|e}7H2=eDvbtSJ_csaYqd_k)6cf~4=^Q&{{@G6Jn}DW->TKAQLLj_`Lp~x|C$i`w
zos=S<#ouq$HEDI;z$}PFV@q7eGdI}w2SnHxTByYPUyHN)Fr7X2>sJAv|COr}fF<w<
z<@3+fiuF&-NB4iI1Xhq3P`&f2RxGIltplBbID{z`MlQx+ow2)B2Ww_zHD+J=P2$ix
zD_Sr&D8ulnG|bYlfglaXDmOE^mi@wYvzET~FJs~pSh3Fp#0k|bO+k@ztd4L&49|><
z9!oN>z$CrT($jYYjX@_g(5SwBX2)g1N((23CTBKS@46LF!4`T4Z~~_t52fDPxmIUw
zH)F+anT%g!%xJ*&#qP27#AifM)=1Uqmip0si?w`ju@r1QVWSxUb@68;HYUg-IBAnG
z`rPuO8jqS;%`Ic!?Zi>X)8VbTQn$(Wdb#anl((~tz+LXbf25hpNOLOp+A-_=u2g=(
zO28xyD=^BkLf(7>-~+FQTN=3c>bA$#5wmI(b_{casoccgg24W!w3^hXM$uO6oSvW5
z!>C(NOfcamC<d%P@(Y$An%+_?aCsO!n_p<mUZ<i~zeE<hNqwXtn07<JFcR5#AG;<q
zZIBFwT$vn}RBm$^503`c1;f>JAKZTYHjHTN<=NcFVAU=JaQ0)eNWK(b%t0;0pbv_5
z_S+oGDs&k1=n&pjm`W!=oTc|Q{1u(X|IfEpIlW5M1dlDchNV4trK1`X?AjrvaC|f&
zsyq@f2hy6M<Z1z}^Z{yeF6DHtAWe!q;@A9uX&I;{6t<3FAf0i77IZqCY1%NI;1p?A
zdAcpTuz>eHz$hJqb=;?XU&FE|-zGOtEcQ&;wb#b1*M=JOpOGIn{?H{Qr<bn+`?e|$
zgJk3HL4HmHNEYU`4173&;c-;jB&<N)+&-?kL|7pPiooTSr@<#){KFs>S<Z#sb6#3D
z1^hEttuc^Q)5qf&F{Isp2mWxw8jl<7p#J(5M)&I%;s5(F;Q-ZIP`<iqO9B)Ponwz~
zGMUXH7~q!cRdO$8$`Mu>^GU39au^F0w+Wr3APqqr4(mbG)?#2nN^7P{h(pxG%6U>U
zzXJ(*!dn0QCN3b(q{$QP`Dt@7XO_~py121P{Mhc8(E9lo9_oPa_m5Wyv*hnVDbnLr
z$}qMfmtxV%paKM23eV$G<f{Bp9bRC~xhDF4>k@*#hsEO2&v1-W*hMMkq8epsBbC&6
zptUl$(Zwzb*Cl_LV5@<2G>fx8p^iQQJ>#r_pU30X@ID^f@b%KkyXz+m_R@~SxZ5XO
zx<h``rJiE8A}%~7TmkiL8>X1JjUe>PQiz{M0Bcpxp#l8S9jOG?Wgw{(dsi{r&mfdL
z4*6A^d}4*o0d56VyU<D{InfKBeNntdICUm$QAleCe@lM0R&|FS-2(nP0AwE@V<)6N
zwo&{h8JBYqYyHU-JrlRW^2Ze$M@W038oLF|s!P#e;tGiUs8A#$Y&ctJeNqow;*T$S
zE}a~$qz<5%0>9{rm#!Dei@Z1-v@LT6st)ZCbt5?I7_VS{`q#^7g9a$K#(|#DIdY}@
z-H61T&L@=B^ulYRP{c!N;HT9#okQuw<&33o_i!$pvNXEpCzsZf*W7C$VHaKZX~MBx
zx8ebVr7u$AcAVszIIa4MS#x$ZKT3%j28%Kk%MbunTdk+v-Q}Q!MV*b+VSTmE`Jp7_
zNzTHyY^yP(yzGwFBvc8H1vz_Zsu@krb(t}`Mh3bosB0*!c<PtI<Y6os506}=m9@$I
zdDV4e)N`6v*8+2Uhg@a55}dJF9$y;^k_`5hEXyW2d)0UpOsf6BbwzO4-Ex{D|D0W4
z$R~hH(=}^t0bQoFfM;@PE=_A=*}O#gA}T1~w9>s$5wHqIcw&GrCwhe@OF;AWtBYSV
zkt9;DIe1Jb)s`cDm|YyjT!nkvT00XKHUc8SPTV%qNbHDb;jF2n;C7Q$V>+gm$gggS
z8E!)tO>RwgLYHmzoOf?F#?oS)`O=bENd<7s$(K=uo*727em{~v9+QE}Y7OB-v!0Q1
zGo>D76(z!Nw7!(d!EPw+^qq7}Z}MF*G<C+g@S0ZEP3`dS%NBGvd2%fDlW2P#hpFvW
zL7k{6(NHYrO}86&)2-9()R8$FyHC_74I2dNFs`P=^mTdx=W22%NvG>PG7cVr8v-iX
zw&sZHXji)v#um(;^8}!G+$lrAoIuB1Lj}ieWptD}TD<XQp)6}6+%u?f8hP=6|Lo(g
zgot{qgHtSo$uu@S_kV=gF`@-_k^n6vAt_g@CWIAc+7(`1x{0^+rw^xEewsx;TYjRI
zNb$(htj}dS^hJ-6#<{ICR!dM{MF3J^<t>g+$io=92w*EGRWs49+<h<YVzp=8vqT6E
z{+<t)F^kL+b&+F*?vca6rEOo^&IX0j>GG>yqOoBE+!Uu|U#b5p?{A6~lc4bw?1$OX
zU30?8Gp=7YBB>}+$&xLoXO;sSC#@~mHLsa>U_%Y!$_g*l@#NgAy+CO*x&bbq^Htcq
zL1i-vv!Mp$bqx7mAREOsK?J4J-Te^iEFyt8($sk~q@_R!!9!L46o3T|QMLI)sG5I>
zFIajcSdH5&lw9HJqg^aX(b%sxXY583y#>g7&>(x|FmY%~Nlnl!%%zDy@leZQatVn~
z67ALTV>GdG{ZyjCLDe<RZvhy+zmw+R<IWTATH^&j&(e|_nUzZKiW#j~o7ggX*}?Vr
zip@6i)R~t|A#b5KrqZa+mYx41kXx5GuIm$$bpzY!DUL7$T|#Ya-3LK9uAKgBv&iP;
zfR2v!h;Hyjc%2Ngdpgd_gN-U)8Z~}mE^s$Ag{LS!a}=l7liV~ts|L(mq>@sp76R9g
zdAVMooVBJ;+~bqwYlNBfwXIcgc@+_+KXUJ6FWyHCgwyYN{X0*PbGxzY?M~SdR*PBY
zH>_DbB8Upc4vBy{6ch|lxTB18my>C;bJs2EhL7_fi+Y;Vbebt%t78P|zlueUJ9Q1p
zt<GahT3W)9L9_QJ6o4dyP%|q!e&%Wt^Ge!kGU3W|O-nl*-A+~XTz}NaST+@mM_SCo
zdfC=RTo&Z}0Vmav#m=^oDtdK@%q95v@TJL4E@rt>ic_iVZ{gZgSB9<9g_|?6Z2Y27
z*LPY!`O=x$H}0ne|7`kwn%>v63VkitVtI^t4A*yFy}Y{>S3q|}?eZITxB5Zt#0ZCL
zcTDZdTc$6c^(=zm2QQKPpXr@_2a#Z3xOmcxl|}V@$N4w$Z+K?0Z%ci|Kfta>e4l#R
zJtG`vpMKrKCz)>$lA70MQNt~#pCa9ACtbdo(=88p^Op;4v9(KWx%!6O52|DioIQ(>
zGxSnZ@GTTmssPUT#(^?VJCY1YoN#^FhB`h9GKguY6^rNdx@=evLkh@DzSU)uu05|d
zuPztGVp!;w?k8H;i_TnxQ(uaIFUHRB<J<sr{9ZP2q$%fjk5t~nmT&AZgj;v&jfu98
zY4ng=2$`r$d#Ijzz<unif3|&|!`bJrAI%d8BjxLL0I``$qnz2DWBq`gRqMcSmkk9<
zsU%YEU-m0pPK6wsW|xcu)g|eW8{(Zh5n;E}Wm{~er1|m~>b$ldSnSv=yc<uKj69om
zWPfL`;Y4Ef_l^V`sX^wr(w#6_Y0*?UGXmFBG!f_>Qpt=40xi>dAzi85(~tJxX|O{5
zY-zHQ0ScT$o487}Sq6lmN;_ixWaSB>?D-+Z+{r|xJSP*)ve{Tl`atQ9)zs(`u&1Ah
z29fWUhz2+dP(0WiE^bkvTmO8h;0+GdW>{Sbfo}dm`m=9J{<0?{M^{jsaXG1Jkj>&K
z>73}m3I!3Ix?t>}TWc!8wbe8^qGN|z^_KC|00E(@fN>S>pQPO7Hw)lbsq17Sl~J<?
z_hHv>t{-8@FXapaI3;QguJccuzhN4eR7%g8myP*odDAnajaUS_pw^#N(>+HguKxPY
zCx`J|<R*dl?WWwzHN+5R%*Kp56rmjuFh`CO^ASO0Kb?7ZH?H4ZoZ>Pi$E1o()}IB_
z0Kjf4>v!Qa!$Yp?H_H#$08jS2@`=W4EqBj&ZGMp(U7@RYqQS}=oYP_EXG>ME#G*X+
zkDl|3fa^C!Ptilq;MPJ2kI7e@v7@v<_cQ^rz^BgUeTw|eEWp)2(*YP8p$Cd_ihtZ2
z^2ozoGZ6df_|rsS(Za7*H|2qPVG)57AbD~?)>AcE*jPRxeeD_(ZxW);R`w(@IEEN{
zq}C#fvL&tTmJoN})tE1oV-N1qp(jMOX|*oWM4+L~{^@NtUMJ;+fsP`hS4-J1QO~o0
zHR7E8D6ln!3WuVTUFm!dr@siw#NZ+4^8KS*2iLT&M027q^&UMbRlEE&S>hM~&_g#I
z1e&d>`Qr#&LxdqNzxE4ELP)4sr~nRo+NCXolBb_79)r>b!`IG0i=0E@?Am=G1sfI*
z{?OO%uPHR&_p_|1r_98mw)N+%ZF!B7#M&6!pBAa1Vz?U2`vcu2D-SAL7=^#txaFlO
z%h6f69ltAhJKgOUK-`&WLeb@x03#iCS^i&m))tBsWk`d~v5j?=uWjpoIg8g69T9Gi
zC%g{S-t<)$0TdFNv?mrVbq49O>ySW&K6ude<{NdkcfFcaAK1~Zz(WB|%YrkoFB{o?
zlw)Ts0xr$C>|dvDcbO-7^zpbF=f*N^h)&l+S(mCC8Pdb^%~W^%wo?9`fHXe&VTPoM
z+NJ5_WlurJAndut3fpKHAM7i^MJb7H0BEEWV#%~5DN31=NepYEv>v^_Dr?c;Jh6Ru
zA-F?&W48FB_*cM`;E=gKd2Uu}UdZ;ayi-pRqCX0FD07S1JWgDhovMcML@d-83H>su
zSk1(?@bQxU>XNE4X10_lVC^P<BXB{7#KT}MP%7IzmRhkv!##gMUt<(aw%)~3ZY{Ec
z``WY{E?qdsYFX)T)tIugyXBhZp}doe%XO@l7YG}5CL6g2aWziDPd)GbN$WkNDS}nP
z+&%fC8<si?@t|nE`rK}GIdMKG#Bsi>aPgZwj(0hG^MquzjJCNSU@~fe$B>QM=y^4L
zX3u{72nkNz#h&y*;X9(+*|0yX{K_LS*d!&HIcpSM;*_dTM69A=lR#jj%^3l1-(^ru
z+pT*jWOEgd9?_TQuT;7#@Kpgb@x4+Qzf>-9iNZnUZ+DgWO~c(T$r_f$hX>aHZ+%IF
zUKikFeNl|UFXC=~02s7BuSLp>iqYFIFr5hT=+e*+sU3;J37Y44b^W&3&m*-D%SrvA
zJsHbb5`lFuO)WVTD}GZ=K^9A*Y|+S5<ftSb*0YI6G~y?6=D*%3<<N_nqentF8fVIn
zVXPlilGr&k)bEy;+^h!~<2QLso>&BTA)S7zsCQ!~!h^BjfH|U{Uvjoo2yY_Y;}I49
z)YpYlFY|{wp<`{R-1Hzv*rV-PCG%sh#MuRhx(ALEV{L)-g%d>alRbeopvi=d@7Ps`
zee2Hc5jDZ)D)}cXXE<qY#Bzlfx5uRyf7c_EcLuR>ukrj|-5<dioxSFgzEHI}1V@@w
z9~TzMXN+%N0Zy(Og!?ql=(-XM6~f*88O^IYmtVvA95f>Q3QS2^-6yj$YJRLH2xmw=
zok5=vG#{t0VIIHx>AqZr2T!yv8J<HsUp56@Mi%npT2^~@JHK3wMPaP`ToYcrvC;0M
zGdCnyT0(s1)#{&o1#Y+=i|R7nXo7HI4zhrO6!Nv70FRUncKODQJbBCVlc!*=)4`D*
zb9awU8FIOK(%c9a?gMGLeHB}(u_xG^%}_O4&@IjVf46??F#LM461)<A)GPQ#aqBG-
zV~y;V<LKukn*D^o3ZUw^`_{wMF0}hK_rgeB)4_X^F>ywYiERW%y;GW*e3@HFFiRKL
z7A{{*00@l0_-BKwZp3)BAIJzU!UNXo5$|BlsG7UN-s;1?BEju8uUal+xaE%?X%RQ_
zPc^qveSwe0-yioEoQFyh$vZ=No7fXFP+0=XnCcxEEKt7LQeECJx7}7a`Y7L5k5VOe
z(hJS6*b~VCVJ-drOG)U#zrr6f@fbdn6y(8P4Zs}6V6H^8E|dRaHv8%f4U%&7+Z0X@
zq`J2F>Gyv6uRStp12Us&b3Evhs%`k*X0SYG@+~Qly0!AUPd&`1`7O+qWHYl%{HXA&
z;e-=CXdBntRu3!kDhc8jzjRJN)Tlu|H#G!hJ1;YVsaVfSQbr72xrg6#!8(!XR?^iG
z#{hH&Zgh^8*NP0C-)c%M`#5=IbVLRMbbPHGq1+M+4nhSuR;Y?hNcd>7lYs&lyKPDK
zrOAt>ta?DtG66*d<)G{lDYIXmiA5@@3*9mJisAq20wrM<H)7QocS@8gelS2Ew!R4Y
zlICs^bCBC?AS|(r>4?Y5j;Xa{M()Wiy8wC8x}Gz}6rhoQ9J5f!{twx+Ja5$VG$QLj
z+Dd}*qkINjo5c`<Kk{i<RIo8=z#Nl*?o#K3MqN4j&jPY!PUbwp{NY$I<_8`jQGc6q
ziLID#;`T~A*$Yh<%g^wgA_dcox<Ho8OoR*wMdJ@442ZITZs%<NA{Qu0I6Zjv3k2l2
z8vg=+q?x-JF?SkQJKW+COw^%{;9pc|x@fift={~4Q__yEFh}j#Rff+WdZEGbvQRGn
ztpDdSdUC-Ltr|bCi4Me7JJOfqd7<6kI)X5>Hnf_fH{_e2yNe9jGmbp8u^?JLC<u7U
zZ?O|iOG&n~+zLU?Wz@cp<~j81aSy<6{qF|9pU>zHY4^MN&%Q(i|GESL3g-TtgvH}r
zx=+3wlkzfHqZS{7*tw%&YczSjALg<@=(7*($I(IB9Vy`}O2n*6-Khf8ixud^%$e;w
znEQ@_(bq%XBTi9=#cuM6(3MuuxdT$c43GxHuh||DRRdN0D{$SGd0a&w>0p2^)F~gF
zy&h|}Ke!`!uN8^q53ptUtkt8;>`Op>u0I^S{_N7-a}@B$7Z>biZ6MYV<NQto^yQFb
zbk9^kR}OH1$S%(4JEnjecJ<;ZSM;*AB*`QFlwj_!zD$8|(|L2*HEwR$`WX>C3X+@<
zhVXJIv0;DfuITmmvaY`cqnCifm`oQQM@6|e5>tOID}gbsgm|6M?H&~&Z9+iE7-Ba@
zyEJiSxnevkLF}|!GJ<lt#n7Ylr5i;O&8C`sF2e3pqQ>)7<=9Evn=b<K6_~7n=R;l9
zJv8PQ+NFN6(<64^l^d#pLobxWysj@pNsDuzdPq7TFV%3HIEk_z!3$7VgG=36C0aX{
z-Wl>;BujscCztb5CRr%(@aQ2}B>3H#R1S1K;DM+@kDo`s_EjjiIx&NMh@aPB2E%kj
zH>}7*AMWHVQw%C*EI^j8Kgd9^HA;bua`Njd7CtU`R;nrJ^UL%_g}WfR^4&;6@}e{w
z8Hdlu(v>uCTR7m44?I8*DyB<W9Cci#3{h$YCd)$+*qQ9Nq!+sJpPlFvdsXWWmo{q>
zXZX2)j#7MQG<Ox!NM!mvvdesxRhg&DLN?qyJKQ4p<@`BI>D~0<hR~5&dVGo8!@EYD
z8JOG7u*jrx4&W2AMcC3#=nq<<x4Vpr!sh%KU%Z;RUOMoXPdUKe=YG~4LrITCb7SNg
z0rW{QCI7e7Phe)f){NGhLlx@EVgmRak^y$t6F%J%CA=;H@WZEKoREcRVG9(S@Xm(n
zD*?5ln6Q21Dy;iI)XA(fxH3n<NQZSJMzx{}v>|V!b=eg%tg2oPe7(sRst<x`L3sBF
zYwuD)eq?<AfC|8#A<7tDQ1q8AP3I+XKw%iO(gnWQDPW}+`e*H9cPh2KpT)eKxG5Jt
zXD{~Y>rlSD^hu5IQap76@+Qb}F|Nd~G<}&Jr>V1p0GBcAF;=P(h2&A0-3!Yzigb*s
z>3b?883tP&*oGbZw*a1`fLh7UyOwo?H2xd=MIZSk(E`u}*~}V>mj%DC%$W3RN_70>
z())~|&r^XMZJ)i{_Kk8C2fBtQX7AkvUilRjc@Sn%OG9?zh&rkS{X0RW6x2|!R33`Z
zm(<N7`&I51YrurXH-!6dZ}t=fkJ9QPQP2nxyIxe^bt8faEVZDk3BN)wkWk!pUw{z?
zJgiW%*dgT35-&=J@!n5^k46VD*cq~6T1+C3wgO;o*|Ue{Rk0EiaR*fhRfv+BGO*ij
zqj(EDv0ZLyMp+S*;PaP&bk-L7U+ORh78mp5$*eU$AAlEFUCbM;GUiNgUl4mDeTm*A
zW2@SlG`(q}QQhJ$2XCBH9fQc<HM%RQp}6gYc-dyGW0)?vF3Y#5zP0GeKq8HVcure`
z<X`~z(NP?;KUK}`Z4^zp6UP~;+nO;Za}%F-scBpGD5vo)e1T-yR$PmApf<bo-wH6c
zp~`$ndo&03VCWbx<(>R@G&mI*fsk1^e>qYEmE$a5qqmQ0t@A>S*|1)zO?9+6Ape;J
zwyB4>zN%3ER{VKKy-B939|L?SCTd~)r9eQTvxq7(ct@Ur(_XEWW|4yI+>G{Z6L^F#
zU05fa_<OzS2UNC7s2snBFE~vNZy$9Hf1f|2>dY)|y<2^PB^>NNGDwov=`17y5c&K;
zdibMoq%pz378{V4o(vj+(G~z+A@i^a>(mXq9Ry3<pKN1i%%dlcE()6`gxAZj;twI!
zeDd3Wd7|?6nt4F~860Wg{}m4Xhrs65#RbrjOdNm>N!9&D8G`ytJBBU=mBd*j+8mBX
z%kw0j{cBnhdm>Si#W-c~OdiSxhVDaI`X%MMgiJXC#`k7t@&2NV#bk`#Ie@|8+Q(&w
z?<B|LWcuT!l)xW$my;j*08?EXNg_UUiBVM-KG7{W6dAz`37g@9w>->~H;TRLHUiL>
zf)zNVz!Qa7bAQi<zbvYYP>8bwd!X~`j=5tL%Gr(6|I+`;p96V-?BBbbNNj)mP|o;%
z$BHl$=BYmDLc~ij{L3G+KX&yE3}63HP{90xf><AV&y3vwYHtZqA7;<(86Yy432dJ^
z|KR+uADK>MYAvP02Ds>dOHwtZ*a31wsC7S=m+5!q;YY!3;cG`@>6e4|o1eDk?^VA?
z7tP)(vZ%+jnb`j6llRMhKQrmE&}lWGA0<>no^lHCxY!%pc6V16T8;)M)EiO{7wMZL
za70y<;;YI)2cK48zMGLbL|1}Gw>#+x-X>L)FIxdYm~3>l%!HtWy^cHrivg~(l-bPI
z=}%Bi^rw?iOD5Xr$3w<l9OfLVE0PX-lk8Dd=o=Q<L~2w~N!;|C)o0=$&F)#lG%S?<
zHp?{O+BDx7y+{dHm5FV{t$Dbfx*)~)9@A=0e=bu3XM|WmQxYa6%9&}KM~i?#Uu4*Y
z)HF0+%N}B|K2*V2i}lK0HUJ<#$nI^GQ48#n$jw}mY3FB~V%UYO+S|IS(n@qyhnEVB
zwg0EA^MHn9`{OvP3$f}di`6^Pd+#=gUP2^F^cJg=MHWev$Qx0D)k)EN^d2M;LbTOe
zBnX}!690{ty!X8SoU`ZNx$~Ldow9q*&fNR^enH=Cc})5-F>bboPW7$aXDVMCd!jLS
zM1@pxpod-$<SJ7v_|ZzLBatwaEPT+ee}J}}SB|`}#LkR+Oi)vtdGh<y{1lZh#0(#X
zUgBGH;fhe}R~lccPPgT}8H|L)8@J3#x9|l;52$os2X)d&>&LD_``W*PBwJ~fvqe2K
zM?5*ox7lgG)m1SrFjHym)S=23l}LDev+rl?=`1mmKz8n<Vnu~+QBe%nw@EgmvKMSg
z#O{m|1Q_dL+@9yqQ{5d@YHJtKO;1MI?Re0%rED|R-Hi(*fS&#N<ULZ<;K5NAYHmr9
z5}B0LQ-fm{aEiLGtcRUmA-EuN^b*x}%T}entL&<%iEC}zuwY@|=&W<B(P@_JclCBO
zw-YR<zEaNJJ;mC*u6cuLWYd`K#b<NGlNVAi+-NZm8~w#QE0uF<`Wqg+Krwph9`O|0
zIy9_(D%8*Na`t|*%_fC>X4zb%D><;@Bc{g%F?;u{)OL8!JyGr~Z-#tTT-GZMld{^p
zc+k@zaQSY>R;pTeOaR>)nmIvabJQlV#5H#dv6{?B5%Yl*6w@~3yk!QF7KP8fUG^E7
zZ4(;GJ0Uk>@{<jrPVHjWm!Rj7g*RU9)-btYL`P=U9=ST_r%r)%UC&(nk$rdh;9>kO
z{4I5^LsM~^yZR+x3!l)Z%2M67LM|4hRhkQ+$~ad8Im_*#sLJ@JD(Mv05QUxF?^-Iw
z+T7O08!pLN*9~(;^g)tq(`heHqU2ZR+@@Z=Gj9}0aZP-aFegB;;(J{<U4HQut%4ll
z79>*>nio1O+L&;R9KP4&3j%%3wYo$l(H8h7jGod9;i%m(K5SADIBMw9oP8U<yp-?k
z+)T)ZZg`Lq^e1=NmVAbxJmyq_C1(d_O{qzwicB!i`zoanAs*o%8b5DIHmVlD=)m%}
zm>7J;hXehr(@q`6WH<)SOr+p(0~>ym23s#$luDwchw4m`_cW>x_~qEMB=(M6pXI%b
z!59!qg>zuS4n21LOB@|ceDG%AijnA><e}s1ulCt>mS8Ki9AoMehIxsPQSLf&vIdQr
z>$0=$GTglR=8b429rpSmVJ7GPKZj?<j<aD|y?yfPr1-pvC_hJne&7c$nvVOO<w%DN
z<=$LpEB^s<+~)+r0ZIK)0dG^4zG^rx3{qSjifg*{Wsi`VKgvPWs3=gr2pS@E`hJ_Z
zS^FgDlTN`Wx{zx8px1~$hQ3J+wJq})6S>Ju_!m4}3kkr(gFo&<m}@Kfva{x4{$zVN
zp0tI__<qP%DM45-JR*sLT57i`gOfOqLR`l1$dhvzIW7thr2rITgLyI@%bidP%4|UT
zFRS%EK#g=F9UkpFP4#n)XWgH+>KQ&cnN@{VqPO?WMEe+z>yp=H<r-p%ok%xp+KkF(
z{A;|zx>TwA9Y`R={axQFrasqoTi{Y0l1%lBhUykuO7&~|?IDySdB%b7Kj3C$l0%0^
zy*W@MUUIeuLx7P1<v^~lb&Ee?OAyT?N-dnw$_*MogB9YpBWq*Lb_$`SOijCNE3Y8;
z-h`g+t0}u0>JM)=nll`s^#^@E;j7m_nd}bmiK#g)kD9ve`ZcTr%qS762@d=pyv)N6
zh?}X<&J&wVxdoHHaf<sgh?<d;D3eUm*2QEJp6`Tw@0MJ?vsTAAun>?!B2%sCuu1^e
zh=DQ}31qUZ$%qO~%zHK0DXO)=V;V}DsT>W}Yq)VkbfxA#*6j@5Y014*9@N~rPQ7!>
z(SsAdy_b*?$^$zdR5>$V&dsvU)t{QTlqN^^-p|>!;oc-TPy@&CfE38vt6}k-F*q5x
z6M1hwNjSPr(9ILPlb6`|kVFj=QHhMO91+BfzCa3H7e|2d3;kBA+1FnPu|A2*z-Q0e
zx9u?|>7GW%<c+V8j_t`|4h<^b6LZSf^E(d=OobGF<b;I{3)}EC-U-#->4tZmBA!W_
z<vUTsG(kUv^v5>@BRdeQX%QmMqt|GJT^k$c+|12(uRWK7!j?>3p#nu(*)96n;YC*X
zVo0v8k~jV)&m~QdKbQ&&o0{C+TFuNwj(!m`$&EO=ywK?Osi}<PkHHEERoz69OJh@P
zRWF0UVK}u#z)T>dKImOP!dvA1REx@3*9^0Bh<wo%uYIBDYx@gsT5K<OJ4zc?Z}f!U
zw|B};XG<h6rmqbVXhl43)q7@N^VY=QFdq+@F|Y5Gej}0?xT1M8MO-)JDADP;e&(wO
zyCGJy{i&op+E3Jump^u3qKHNBQ>QKK#5FnzBoIbEe#!hTv{pk$#Rf$~?qDk4GrXDr
zZ@I-QN!fc#4MnV>sq<mA=j^nW?aMnKiWi^0JSPv_ZX#RK7HY@w@BWBW7<i}ijjl*>
zGg4vIsk<FYs8&w8B%x&Hn|-rY;5$Bh4<TkAu>T=NJSaC`a?cnc`XOdvEAfp`JTU({
z4Tlv?sdh#zSL_qW817ub-iY>Lx-CjwfZiPhL`SBQ_VBvB$7Aj~`xU7xAcWA`92S{9
zUvZ~|glbirJ4j@k{GO!;LXEvrKdD&kAz!R@9Nvt?TXayRYk<WitwtVMf=MLd;VNq-
zYaI;2_uHcc{Zu)Xuw_Zk?OF<*PCTo{sQ3!lx=qqaSP~_jBc5bNxXK?aeR#q;5d{5r
zR8x*&xO9#X$yZ7+J_?Q1D156VMd3bmC7mRK;Do2r;VQifN!l{)H<A|0$@-L}Ada*w
zhY?r(!@Grb7$l!4!S*Qbu{5u`jGg^Qi@x46GZ;gHgHu9_gTo6{x?pv5+`(9>d72g4
zGySTJNiyK36epOt(LUKJknN!n7`#I4BxzAiB5^arKnieltgap$yyH^ZWA0AzSy$+w
zu5^^{x(8csksigv(w420)~%DG+O2T$jX^I$_}Rp9;$iDt)7;@Ea2CAhizBe(%^>o4
z=L7ggQ4Xm{s&9D|>@siCHYsv8xG>%#dfSbm+{g!V<7EyV5$)R!T!wO!D-a^L2fIo?
zn$gO!NAurLgYit}=sPol!o;_lqn*9U7d#b|+Oz9pw=c8I^)C|z2gslTcaFfwS?12r
zAcfBCSoI*0M_UfF`3j*Ly(j8NI4=?L(vJizqxsB3o;vdc9dv+MobDlSr!A<9u`Kz<
z^b<KLl-(pZ5IgQ74OrkH`({MI+Qmn}`r1|Mh=d@!oku;$SnbWKqg#&hD_<YjBt~3e
zVh-zeGlv<URKCK=Htk<scisKH%jC{MvM0mjPA%0Jsr1R_Qm0K%>!KXEr6pm7ulkFT
zd)Ev$Fjp!*s@q)Cy6TA?oo)W}#Y^nC?+n%Imd*irF=5Dwya1(QvR(svFmkiyyYyuW
z&L;U#A|eG&F6VUFnJRKck=)5j?DW|5gVseQD|5TWDSOAhnvmF$E0|z?sHCg7{Ox$G
zy@!+a(&kc%)YD<ip`~@=V6AsxuYOeVP1m|xw?AK7N^^ajnXzBff}E^abGJU>L}<L}
z$i7_ZSB@4Q5(QoI5YyJJer2m=zQuPnacwL@s<Sbs>1|EQWRVqN`HX%Y<_Y`<o1#s7
zE2;Xrab3#n$I_K)Kgsp@l3V4e6*X#b<hT%qTQ$!?A0762I%CYQj0kjqQcd)hSEkOu
z&H)+`46lA%oXNy@1=*M5q|*Rvd`p@1ar2<#2PYAyH(d#W&y?$-u_;Vs$;2_Q&^;gY
z0a_!5fH}D3hoftV8LS3;Z8HR?RJC}jUqx+tlt0;VWypTKV|C}O!7KD5$Bav{;5OCb
z@EH%>(KaaJ>LkOAY}41%q(5w8)8j=v^IfM3vQyT_CWPNr`6J=od^uK2j-L6C$c#IE
zU|cmySt=yET4CGojp$lmT#JC#m9BD5D#T8IBE09eRJG=@l5+g{Wg~4<xwb>{N2O1L
z5LZ*y5z_Q({nAMyzE^^}t_E%HgYdVP?PS^DZG|efH<NP$bcny+4i;0=*44K1whpL&
z{GQsqpFvNrpuq(BY?pt)i6AbiVi^gcOJ6H>BpD{X>-=ikwv2aQjaGgqm}=AF+tm{g
z(#v>9GwcE5-Tu`dYGYE|`}WLwIt_A~dh?G(jk&A#KAe8&d#3xQ#8rE*#nf8hS&^P)
z3&(V?X&8guEmyn3K?J(6a4~(&VmN_?wq?ykw4>3D-e^Y>8J2~L5BU<5pE7P1hBs&G
zE8u0ZBa~v=J6t?T&ENVCI(N$+NKJb>v_=T0<u(f&@0ciG41HTP>$Yr6LooArJG=;M
zpE!?mmPDd#uclaArC3z!9%17`*SE*I#1kJB`!IXa*|c4$G)1AgU(iu28uF@5^WaEk
zT8t;U%c6n@i7d0v4Bxp#cM3n%>nRUDV2Zz%$|SVj&OnFEc-Z8NnRL8^5t<p8o&Hlo
zpKj+mZClrt*=eLWR~#h+(sYOC)T-Cc^pqB9vV)yH-K%VNddZp7V@;GJkDoo1ER?+p
zKKH3WTdBA>K~$YJf!@llX^@-BX^_1<;CZ;!b<Dai(m3BRP{ePo9p&`Z*Q=AtyPRkt
zYG5G6=fRe~)mY%O6Lan3>l|VVA}OQzZfo}FQIE6U#mx}|+9T--?l!Cq>FTOL`HL8r
zW7~e41X>7VG2fH0Q43Rt*+;LaqNqcp%B!1lqUtSWGzPMPf}!WkT7#6u%Pp5;7bBWz
zoQGACk?1NtsvE`0o_+6&@bh#Jv^G97g^4Pn*4=c~_!V<^2~1y)(<|Cm)r~mBiKKj>
zu6o{wzC$IaPo#qwlG5aoG;O_fJh*DjJ+2Wx$Mu%-s`J%=?oPkCspT|@9n7LF*PYEU
zR-S5)?e&(s^$MS#)JOY!wt7FciW$h;4t*_?1t42rjbEFB-}Vg8j7F{1rWKbtWapFq
z(UA6o<z23F45@VmLsrd{+Dm@K&^HG3ewelQehFk)?z5Gh&N`FAI#*5WaCK|)m@V3$
z=2mO43(M*o?RW(9u%#h#%a|TEsA}!0M*c1$g+WJM{2AlJ=$FNmX{tUhjFKZsk4PIl
z_xzFcsrK^WW}m=lt{it!Q+#Nwpv!{^8nr`*4l=jcPQ7{2w+t^53k_7Vv}Ukr&jP7N
zLXM*&#N8wuk>(}aeR>VIH^9xt0_2E8d9^|)Gx5;i^9hMBBtgQsc0N$@%5Gnj!_JaR
zJRlXjeN({~v}^zRzF0yLpG2H%kP?N7<rQQ?3ZEe2fKE2F)ZV+YIxx37kTRH8EIKah
z9oOJ0S5)P@$)?fCrmGu5{s(!3vsJE1&Wo{?71|BAUoAbAX}WzZVV)U=@_0DU24w@7
zi#=5F!pmWoFl!Y1dT+a)EPuPa*!Xm@l{D2sa%D`CCSEeF+j`@*9JIR@<*S%m^12Jz
zkoe=CH_c!?<v^E9Z}kpz;fo1<uOF_c0}<T5H{FEGW(NDNg1F#m6o0;6QQLt8w@WIk
z*xpLgb(EE+1CwlROPoUZF?FV4GW_+BOtgTDGuO%}O_>6tNVJ?F`<U+i>%869`SQKN
zj8gKJWj9o9P!d|YB4gb6pUG1C9IFkGFL5>#DG!5;fQ)Vy4VTV^L_V8+{A9}p2Sy8T
z?6?@4sI6jxJHL2Ys_B|K2dxg@l5l{Tk9gTIhsi>HrogTedlgrlbH(lZ3Kezo=(J9`
zZ?>WIdK8b|XkK&IH8(N(8l7B~V<i+_igrZtWo5Y7=r{;OR<ls%V(g`NgL@;9w+e!<
z_*6@4=tJ2PAH~~3^RDU}&FFp`UV2^n{)t4DKN}D8xW(Av{nvPG<9Jk8m#23(zaGP~
z%N0C=E)&JYdgqe)hCN}s7X>{*aeQx-j9l5F8;D<L<ztt{P3L5F=G)SboLI=@Uv;Ao
zo>0@HC)l84pzdYaD6A%Z-tq`ahvb!msUkv@8wpGNswJ_?X1M&zdQ5_bbTJR9)PvA#
zW${=k;hN~A7t94H)(>8WU}uh<jbn+IRB3??Y0^~EyW>5Jr92gpjC~{?3dXo$FNqq;
zh;1zJ%Q)sC4eckk^F%JRG@5#as<go$pQ^y;CETn*+SJ9ASE06H#I=<&9%chZ&rO-(
zI=bMeYNUf)Z?Ami9B&3+@_{&gp3!J~O`TJhC+w+dJ7vQW9Ke&cj3d+?=OO~DvQXV;
zKsim*mT;9d#ohXn|83r+G!O1Y+Gu-+w_Sf_L(zC4HB>RzUFge)FJIUfdZNzIXCUC~
zD74yclmVAKW^Fu>hZG0r1_TF(ABg_Q32aXAKry|-z9Lw4)}IQk9N5qAr64l?67Xo+
z5OjJ8n4dNSX_5ibGx8t=88GiJ4uEIDK>Z9O=<G6fl>yk8F#uIi0}IJez;ad<q(ysP
z9lT3%4vx(-f{N(Qn=a2ufi|GnDhJ>?2Z62~xwgTvk9BR>zo_!Rd&ZUpk>kwgP}>|o
zw88&ob{=->IXCtt>CdD5y%a=-vi*Vx0E#$rKyDsPKqSz{`5iEvrv-U&o^Sk~zywUr
zfuY-;+f;CDlr5}crPl8d*s>t9hxZ)ZotK1OFn+%PAq23HGGMq2hF-ADy#VEjoktSM
zWCAu9!1#ZekuK7KawN~&Rf-7#iEO&_ApbRm{2iwtvQXx4xO5SQ|I-W-7{&&vmH)e4
zw~+EY$ORY3-x087L1dNUFPI7_o&iJ8jrFi6AB44wRJ;I|sQd!SfVm|Y^xWDE3pQY{
zlGp_>Q~exNT4sY@Fu1w^?P#7u$a0qR<NMp-iVu7DE`S2MSdbkcUAY1pybf%4^8%KO
zU;weg2*Nl3Nh_A1v)cgMkiz-b=hHBl?Dx(Eks~g^{;>S{h99G3Y(J%n|60H}o2o@_
z|0gpHY>qOY>lXh*jr~6*@{brX92Z1`hy9rlV{<TZRB`^RV*IN&>@}uv|G&=u73SZX
z#)N-~8UvII5I_L;-)FOhRnPy(2ef<?1MT}@t5zVp03cG37HA~~pWnF)BCEgq#+C(<
zYJtDNpPH+Z&<k3L7r>Fwzd`<SUg$p>Y&bY<7r@uZUm!6MH+}`Q^vB<;Q{yV25#W6F
z4Lb~YIt2!9O)!F{o?@GrfV2rtYz8YM2%U9KXil<1FC?*E=;S{79QrG#l^*&tvE=W(
zk_#YL@!#OaBnMRP-}C%0fa}kHfzlx2w)1M@6!h1aSNRkzsHWq*QNe~BSexR7UKnq=
z5Gbwd7f21zFMt6@3?pcM;Jm5cf%#_>^q<#I*esX}`)<EK2Mwl)fI$~(fP5MZz3}XP
d0X7=>1w&{Eu=zAUZDFNxu2AFP+?n~g_CJK<G3)>U

delta 36880
zcmZ5`19K(}&}6u=ZQHhO+qU^cPi)(^?PO!ywy`lc$=-WkU0u~()%=6$?&;~7&O`9w
zIq*h0(3WpUHE4t~a8emQ2oR7BC=d{ll%PG#ltfRM6hAL2;I0~;2Kv8Udrr9NU#im7
zsqKO791ybAnysaE4nfw|)M?7db-WoToc298N0#8<c%KJqMxVt>ibj5yvCykouL@S5
zSnn^zY`i7MAw<XHv25|@hC@;nfy*pexxR0?zH@h8g0E+TLPY!E_wakHDC2N1)`KuK
zzse>u$raZQfvHi;-c6t|xk=eAlyfGPpu^ZKi5&OIQPhU<xmiJ<nG+`J(NDj|;PsiA
z=a5}`U3K2!2>|m<71M%DJfwXmPhpUU6;D%{CY5wBQmFu9?082n=M6nqf`kmlPs2^D
zG}*m+h#`%7Uo5{SYv0wWF`PrJFg)f){KJA)13vCqptE2XT+n#%O_nJ%5`f}pE49PG
zrHEIE?n_4SI<cJR4x@{0)L&0<J@wFduAbQ)F@~=93W86<veA{XP7JX@9fBu!D{j5$
zU!-K2OsZ|W=s<|Ag>`(7g^H=Q%vr;uM82m)Vn2J*bZq=oF1#V_BnW&QQVveB#C%zy
zh+*d`&^Vr!Z_2nHDg&h?RJoUP49gaWid@U952KeJ)-YWy*vA#2rcL|BznOoF?Xvfm
zlkeru`@~DJHnjab1*U`grs--C4PZoJw9JzW!f+tZBfCi<`kJ=oKx2~1PA+}%h5H+I
zVJJYqbs@SBb8ErTgou|OUqYzqit9c)3<jMZh(CrBvzKFqAg|jQN&~*U^hlfLfwu+!
zH+8LOse-E7(Re-vp+r2F<vu%X-DPtKuhafOA$;cF1usQk6qlf{26`25UjoY>ysoNe
zrT=(Gm|=C>A6EPtgk;f@hex=h+iK?+(&d&>XU)9ykR(8)A<4Z%hkQuKL|!%aZ_zv@
z;8{CwJppmWyXRn}nX9!_ZhPGd<+-1e434>NTuwL(V}xkV`T8mRsjF*vD<EfUtx0Zn
zL88M1e*_CR`*dXCWt~1Ed@V5-Pj}dSKLMN^X=$1Ml0)~n3Zqf|j#ad(-@=;40q2l!
zswTyp&ONyx<qoTIJi~fKEA*M;FeqRONVLmcTEE>nWMNB{B-UE7S$o)*0PP<%SpS)G
zXR351W?e8S@6i^nRhZHXfKyQo&n6=p%uGL1LP?Qh!nrGE1e=sqt3@0l{y;Ez-A7&X
zO5J@6eFp!$CsRD28fBEog>eYkCC(RBZNd{r(h;*=ubF#UG>pJZXiLoAYrs7PLUBxO
zW@cU87>fAMxS#!c4h?{liqzpQ`W*qD>?UdyCevybaaT+ddZ{j2LAxipT=)Z1%y#<;
zi+i`PasV#AP+j%_aV7mDFYz6Q`$QLi$kqH$hAKen7tk02Sfw71)+I?=P%iG#oaz2(
zvzmD$>7$c|uEv*@TAo}T!s$GxAGj(ESVT~nwhL}f-h0rNx$a*C49ApQZt>M@v_zjF
zaq1GOEdJ~jt&ZDSyYN>mh>qy{2qsXi3NaZ7PN;>S{Z^I(hkykEfrbY8Pg+10yA^Nf
z!9hR<eu03n|6id&@WcI2Xi!zq{~3s5txH5Ht38o%fU7J2U1C>bnG&T?UcRviBiI=-
z&`n<fR$5(y=H*@%l{5KXAla5*?qJ}EOT|U_&Iz1*&3)&!oEswk1bjglLo-QuFHjZd
zGZ8*(kp&X3{}P8cl^#$)0ege#JRNXgyo>CNF@ciA?;KxM0W|}X{xQ=Jg+ubLh5=Or
z6NT3>t1izzhQ~16M-34urNRjBj;y9}>x$zT)lOVrGIx=B4$U=8Mo7DZlkDlLx17Y{
zc&@vh%<ZbTF3(O>*fmbHWLIDjwc*LpfM!Epj8kW}n3!xu-C;kGmt+ZE{wz;lJ2iis
zgeZYmpc#!-eJ=+(lFRv3*R!|-{FAgE^>`|2EbrZsEu1aA_sF=IhN5Mrb!oA=5H#da
zCPawUlrC(-ZQ*`rYDE5KbDWA=Z*d)~))-(Ht9Y9s{Urr}a?k^ZzdZ-R8R^VtLzUG&
z^>-)i0?RE3{lzZp9VrDyD3>{i2BU<6!c1p^_yiw!sv!?NU2#`sAs2s$RfUSSkd8Dl
z6xJUC!^E)#w?F{(LcV-;^PxHD3bm+pwq+u3EfE`_6+8IXPa`JwkjpA{o%L<%yhuNi
z%Edz=cOP~O@1(oAr^kyrzT`zDrux*w6l_)*J9d_#h3&(b-4RORpEjx;DqmJRAxd54
zKCe7H-pdUP&L{hNAgMcISiFdN@m1<pl0^R%tkh9OlpQGxW6Nhpi#OU*wSC693Mkr1
zb$>@cfD|)0<s>z^D)QLOWQWg^-stPs@X5ec;xXkIVbY$)DG5gO!MYv<Vl+PZLWI+`
z!X=lwNR<Jx+TThy7R2q+EWTnb?`w=f7lJvHJq3X$VFygDEh+l1=PD1NuU?UfnpsjB
z=0rnNjQD*3^&Sb`$I8tR_U$)>e$|Yph12?7vE3a(eLDYdfc{pPZ^XO)UekrEpu@8_
zxDm+_-_AQIQ9v;f6!bCH(YwRLGg=07ZfCe+w5u7aK`G17=b}P(92<kW%Wie#x5y6U
z)tGdgs0bOkLzrXZa?heOH1)}0c821CNdVk_jArue$bcApJ?b$bq8rb}eih+iR5|ef
z<rO)|WWX^J2#7Xu%07?^Sf>l)jW_NQkO0vn=L`@*rML*SAV5c2NcKohw@)f2m+lo$
zOr_CD)*46-g)}`J6-CeEj=!CVx~2BCr*g?Hcg*>(xRY|BQzf=#6DI0*IWJM(q_>}?
z6IvCN*87qh|G{Gt3yZccH++U}W^p;~`98%1Ewy}(rL>I5iWz`kwGo=jcYq6Q{~G+h
z4)LeI#UJ2dKMP`xpJXiW?FXM`X+I-kK-qnj%X#!qHzbWEBkv2Q%O1i{u<tbMAKk|9
zIP0G^v7Sp`*zY`1;9U{#ClnGx(Vg$b^mBsgXMy<BJneT(gkdRA<6?j0$zk!U$9fNC
z7U+E;_gp~u$prj#TKrPtQU51gM&xrL#a_Z(HAA>HLSaGvvx2PQOw+^vEWxO@d214;
zA${N~LZh`&;v5#yzSyC@c7Gzfs9vSdkk28iS~p~vIU6J1qRlQRu11wzR;)vbTQD?@
zVOaDii*$RgYagmr)w?A|1&EspNOMvJ)D`Z*S3L3}ApjqJ(zv`Yu6tEZeZsh4R70lX
zXt`*fal&#0@DDK4oKRRf>3Ss&^)&XXA34)HYI?;^^M=L@M15<f9BB8;A05-)D*bw<
zyefOO=<T&S#SZ=Db(smdYU4BW<#A=oIsV3?2w=3lWuZM}R!M!*yREP$Pu5#6aSlwJ
zKwj>g>;Y2+EJtpwwL27$YoL4)-<}C?c{o-!iC|w}1M98{zianUmyb&rNVcQLq_#6@
z`DVPA){b8j3FUBTy;wC`k^b!OZvtu2`NL75<f5*ks;V1)zX=1asNJiNiOn;jBL}<V
z_ww`S;z6ysIgoGu+z{Y%uM*r`!G`m)v@nH^;sNb4{l4>j-!LqUUB_n@Rhkko49YpS
zSZyzpG8b7*E~7$C+T15)w5yGGN)qto37^B^>2NrX<vF4NKh}(t=aPRy%-<Xqy;t^z
zR}6m#LO%6z6*SvKPOh3r8k>7)u{%DOjw#`-1qSe1LjTJ#5#TJ<Q(^IpWb~zvCT`H3
zFb8H@Gg@yZwCuih$EBID38E4x=#1^$Bs((IVacbF=phwcuA$92u0)n#MyV7e;c?xh
z5B?OEP}sKLB#gmVi7b+#nBc0`Bx2BDvm|@6|GB89)sKO=;K$-bHARiFYvv7c*={`Y
zfrnF-8Q$Wv<<^OVE>Mh%ja;GT*+U$CSOI$fCW)<WRM1QCz<E&drB_NunM{61Ce4~{
zL}a5-C$_#vxY12_^2CCraSRPpX-q77F5kRN#1S;x0AF+&mfz$#9@L6vQ8RE1>7(IG
zYDW1bMl|j&gKnFCVj1%AB|}k_fE}V~AOEj=3w^KQ9yAPz7GM26aVWxVMx}h!4Gh>~
zQ~#uefh?Nhq9>$f>?RvoCHB1aV$ROb#m0$&@a0Dpg?=CEW=5V6smm;A3I?WhEo1g~
zZO&VJZ7KYdlt&kS)>aaMuVvzj^M(bD#4vx{3Wtov+HP_t$cT;HEnRC8zD~6EM!+8l
zGpI*)q5VZSuNxx<ww?l@|3R1>%LjbK-es*>(8=x)CH2e56`ttMv;{>vRG06F8_cCz
z!%WaTY%e=MLd9E!2vy9)^gL!jrkW12aq(AyAr!%5JwkDDS2zEKIIuRScxvs)mKAj5
z%9f?HV;82vo}ZZ2JQPl?DJ+f|1tuCVnXmx4$X~Pwbtw`@Sez<}q!wM}018Ccdt<aB
zCU@<SBr1Nw^^eULh8VNwLy?9)LCw+XlsY!-jyA<ao7}`H9}x99FQ^sOC>WAr|8t%=
z2F_pkfK0S{q2nW4BKMp;=Jm*Y&!*RUi|P|A9bf~__ejD3l${Ww%s$55AEjdNmbZ!9
zE95%VGI4H!FCC-$Kv$fBv<I%gJFamEGGsHGS>H#FmGGB4s~`Km$Bwa>yq)8msf$B4
z>r{n0h@;2b*}DeYs33a#xLwAz@Yf6q6;XWy;J}A&LWkaL?OjyOa!@o?-)qOvau?on
zBWJR`KqXctcE0SDB+Qz9Y+JHLo)fgsI*pEH`jy!4#2)@ixpT8ET>(4TSUCcO`e^LC
ziPG|oByfQsXkUTWg4Df_g%<+k*%54Xf)M+Rfx&@kI%I!cXoXGoPKv*mkbgUTqIIXS
ze~D5VRIF!Bng7`M<rA6k0^OZ}N{#1%KxP_GcW2|mc_x-sBk1aYr&^Pb7w+6V_95=%
z@0L!QRP%WTA<Pe?384GElrpa7v%Bm)#Fsw{cqDB)MTv8nP?{PxY@uWr?{f6sxo{_+
zS*Rq_vPPWH4AJ7dN&q||W)7mTIsF17sP6IjM~U=|&W1$TtO$1;)BSjE=)6%6V@EM9
zcn`QG<xYIQ-@V2=OkBZ9!Z0ud{BMqz?H9U`!9a#VcO^6_8}I}2MgL&Oo8FlhHv!`H
zvfWXM5*}abzLtO44h`AZO5SdKbvWCcH>to$;w$@EN&L16@(5Gm^SJz0sT>ss&6YG^
zff6+SM@($@zK2V#8??fm&0Aed`o`^EpZtRj7bpr61aUE-169vqbu!@WVaY8hr!r$s
z?8fW8Ku3Iy3T)J>RcfzQ`n+DJ+CJG=02ssxO%{OVVu)lP^zS%0t%?$N<GdB=HB(#&
z6Dk&)dJ)?He)k|Diai3{e0c0?ApZohOy^GM%VnSoxMv~$`@LH|YC$Q4M<s&Q7(E2S
zl)jbnNN=>DpgMK)bKbiENDjZn4~f*?Yby*?nyN&%1$w}Z#Mam~NBrDiYzYKVqP8VJ
zk^<o^EOM5BJaab&s9`EX|E~VjFa?-lxM^%S@(VdnpHI+tQu{X51RU?7|M}YzzomWB
zul2=HhB-|Dm=g)!2KXy)kx*PG;rGEB(oE!)0UT+1bz^+VM@ZW}Ull+CU`5+0_VK2!
z5;|f`fC?hrlU1?@E%$z&`re0A%A>ws>^QjsJWos?{$LTV>GZUs;Q=t3+8Q^ev3*=W
z*j;cmn@`|QZl1K8EWd1q$|c<X<VPUFY+9gcu1KoV+>0ptY<Ufn25;ZHCU6{PW})Ai
zn6e@+&fZ;0-r;{axV`7WeTaTl=kdwoVk(y71LdX1)5z|N?lVaSR7L(3X0@{Q34(Mk
zFG~nkUJ%IO9AzSF^zSc8jh`a$J>(~Q2~xZR^(bpSO9G#@T@?k*cirjDYQ+UnR{Va;
znCg{t!WJ%a70d!Of>OlmxsTR<%MrK0hMKiB=y;*)xcTj6`_ViZ?xgQpBhE#R&1YL7
z1AiMx<huABvQPD0!9=tvZ5{p9GiV}+o`<Hp=EIZ~Ny2EkbNPd^jJtlzqlvNkg^<z{
z=UBYz9-ApoOGUJqD*BHeC2awMp~8(l3vWN-;qT+v-T3=Y?*kNbK%wysMuXXf?<iiD
zpWqGugKAg>RBysU#9{zMi3lwjR{kkM9B^laU&2o&8lcXaUg$uQ=2$eoU^l_Mbo{LH
zk=LP5Yr2V6Eo-hsO_xT?$W5Cc3j1K;EjEmv#?Ee7z7&2oePVmx#i*t;%-$7&ms2j?
zB~ObzW%bfPDdC3|v8G4jMW?aIsVl#I*h|ow?<t$pZb^P_zm?cx6SCtNbt6FT07Mlq
z$%9kx)#Y8=rKzLPy?oIxie9f8syPJYRhL(}W>!>Q!D_(e$d)N+s4C*EE;#Cnbjabg
z&iIUnQ$2));~t(REUPV~xwuv7>+GhMXS1&oIw1SL&N*_DbrQ_|5e62Z-^|lbI@D+9
zms^!K+kQg$qtXdcq_O0Q{@bi=1}?Rnq!+mBbw%h+<2Ec5vokn)C@m)++En9(AC;-K
z){dVmrZlXsE?l@NEV{l2NYos;0kl3-+3Oy=Y`KOOIOdk`+{!M?*P6F{d?Xw+My+o>
zl|JI59|_X>Sqrkub0Ru2GWeCoFmyA@Ukb`8m==HCjj^vPEti`xm2w%@0Bf{W0}S_7
zRJ3Rc(mc{)s%(0{vgVV+Y34ty@=H#WEpICA-)XDj3Rg9H<w3bP{;n)hoZ8p|OwMfN
z(|nv{mMx7oJyiWIY_^vC@_cfZ-LK)?8#Pd1D{Qv!(H-9YNG~fk%^U1#J}<4Dsg+-}
z+tsa(hEa<~HhgYTc=t!|0gF2<w)#c|-#;7-NeZ&W-(|KUUy1nxplQ6Z^>?K=1j#Lh
zI8>l*_yXB+#MvX5ebHC=Y_K_iTm%)&yAovXU>-o!Ha}P!AFd^qSZm1(z>Hs*q)qnN
z1p+TP9_lkecSgS)rauy0e*#26&e$bE^l&yrLy0c{O$VPir$ad!*s%<82NoRp1;7L}
zhXtey#&N*5?kmkNS|ysmT)e{=OY%JDm(3TS2fdQNKJ#lBGl~d>8B)AHB7E9>;+Svn
zxwH8rCZi{5Z2F1MPf9(rerONzT|Pa#sl(!J=;)1YUqF5WysM&fF0d}JlJbhB`(-fL
zlr^gsY{NY1o*~14{gn$bu>LYdOmyz5+B1y8bMUK76Qjx3XWcm14d|!f@3Y1UkSQnf
zO`>{aum-uH?JMYJ&Od>Wv+$e%G6KMAW%Rrh;=m4)5FEB`e);Y&g3Z>jwd435;@9iZ
zdc4s%`fbk!hr-{8J}BIZivtdwvjAfQE6_)Nh^gUL%neE)m_F2?UDNeEi3J3Z%^w4F
z(l{|kTdT2K+|Sch`9cEf=8augs<Gn3!`0xC&^A=ThW88KrkT218C_xTk3Hl|p(Cy{
z^Rwj@)B<x%I8JB)dN*N+FHr;qmNiY|DiWM0__w7}oB$8<b_#ft0DBk&&EQp@y9DWT
z$|D5L2dD;+xH-n{X9uD@<I;Al06#>P%aU=x!QX~=Y4_w-No|5p`I8o*+@`W((pNq9
z&fSDx|B3)HXyeM(a)wB5`C*N<U|K7D(rmaaZm(y_9SnZ_w<Hyl>FKU%nPKPB`H|^P
z9V1TtGME5L11dycLOk*NH+Lw}0NZiNFYj<=McOH#3C=5?aI0rgYJ8#crwX<ibsUs3
zCQ>nT=<h$lQ0YNt*@i)(Ah35D&-#V*CF>Wsq};!VtgMlaZa#3oQGLEaa*QOEPA0-~
z8<?bjA0a|SeqelRY*6#>NK>#W8__OfLq2<`fLB;13e@AnK*;>p*yrw)$$1m<;I2))
zF_cZ<ZCv54O}C<5U@l#*-{41k%P(y^cB{uz(q_98Q%19^6M#PoXfMRJk?5>Hq%(kr
zNsaTocAvfl2a8er%kD9t2sAlBAcF>DM5vU~=1xYwU&M*mGXPIk+%*3_erSmCF0+-B
zw)SN&q<!^NfQ-;$FVnlT@0g<+p80Vf1J@IHsDg<rnH?IwEBK6Fz{g(886Ix8qhOtS
zwtx|Bl<TGh!0|K;3tR5A?hBUNt*H!Ncb3*q@#V{8nb^$1gBo(0n6QQ(ahmD_xX6E{
z@8lqj|KmCl7)_x4r1Y^!Y{?726X4<oO4<Gx;KPPa8_^u-ewFk@cdc@hkNktwMqq||
z`(pav`9KQe4Q@*49@>9tK6DFyN+K*mmKi5k1q=uX0wxFu?f>L&ilDeaZ}f4DAE><6
zidE7gv|DRIGhr%~P?}#cmLxDT&cwoCq|Sk-t<q3l9i~nR$=m{p6r-hEQOjt21geV7
z7{q<teQ#IKdt#{LlR`Ze%W068({Dvxd0b9ETIYQ@gn+L@IuOk$NZ9-$Q?~pn(b1NZ
zdwZUpx&t0sTJkQid5wD@Kji$|F=RlmGU{B7H;UoSxZIa_Rj{x6itL!Keqs!h+JkGa
z=pdcOjQeDR>VxeLoylFwu-(bMF2>uj2dv@UINq0c32YD-jdx3Qn0HJxq<2klN0l}`
z=$~<LSi<MyTiPM-h-j}PgU9P#SMLP;z3XuaA;zl8k-sNj-?W0jK&0vkW9?CBLe&Rm
zNen;fK?{s)7l~1W&a3f=)9{4%2Ng)7lmeoRm;&Vo8NX`Sf-x&}eo`JGIue;5d_krN
zrpkBH{?eoA_vqk;>W%mYn3=1M?Ilbbq2`7P|GT8QKY6!O-Cl2=9(SnF;))j)FXf&2
z_|{iVb=t1RAp<KwO}4D&m(o6?gbIWp<;mCf*S++5X<t3W3dZSXD<dsmr+D6mK;7ml
zQ!{#;7B0BdFuYf|ciq_l*_x=4<gt49qfC>RtMQ|7^`+RWhwpBTlqdQ{E2J@1Fgen4
zjs<q(%Ws#G%h)m`1RPDZ2sVL(InS#m^0-HecRFS^zseP$xm33!0&>HgnU3%*sna?`
zkZlH;C8tBoC_=p^k`5)-ZDvw3I_M~?LJx!FUNp(BEY6p9W`h+wp`9%U8jQduQ{3+D
zJ#r<hEu|8gw4=6OZ_&B_6entrTk#`^?sz+j7)!(r_VGE%QqpokN5ajrszjrElAY03
z{OEtvV@VN+Wk-~D%Z}FCLh6VJFKuz|BSCUR?`ouwz7(()S?-YX71R5UgzhTS(NPeG
zTh9aAKX-8P{XOc4+)1O4oj8;gTX!Yvnr5gxvZstcw^b|p!CD?BxAEm-S+>HEfg&^P
zxYf}SV;AgthK1}qN8#{oKS%f&`iSa~v5C8`R>cWCe&=M%yK(BEAOEQmXeSitQX_J8
zH5}xE&<vxBw~eaSqinmBBvJRBX~p2!dCu2y?bnnJk_ShM<b0B6b-en<eJz$6MoU^V
zCM!FnzF1!nuMi#PdSLkc{jSU!LFsmn1KX_VwwYc5)9II}Q+T-j9v^&X`%c)el&=PM
zTCoIV8OGH92IBJ}2n`@{d_fCo-lHKT997H|KZvbVRs6ycM-UpG$M_N*W_qAQVBwb-
zMpm@p4yvGiZwuc)=m2x$pSemt<t98o^u(G|K22LH`c3zIfc?*Lm(X6OEEb|=EZOgO
z#xN1Yl|W`kvu2sSV(ITp=Xw#~NC8Ca7k@EO=Fc3)@u}j_kItYG`xgdq`Q8g>2Y8Sj
z4m`r09?qMAvr7`z7)%Eq?z`@r!TyvSx_oIB5tEFdOQhNiQB7f}6v0TmXDM-Ui#)G*
zE8Zwj-D(d_FrXT#+lr>?zQ?Np6x3l9jNNMT<+D92_Y0F?!kN+2&K)CvU<tVDl-Gb%
zBx@fFF4OX%#r87e&#5TYM!D5SDv1%h<BHfSdT44AZRlDhkv7?t82_!mHm1Bwwd`Di
z2iciHcF~ztQ97oaY^o3#EK+E06fXHQNTLu8zSLziAM{bjtdII7r+kWQv)()WEldE`
z$>9xwH6qL~Jj&%%+8O!_-uX2EcqH(TepOCn1PyCtg>G$-`;hb&T2=aR+V`WkJ+T7|
z4_3xXr>dDb6SWubqj}wfeHLIl_h>*=z<A^1*7Q}ohuWc7wtXDVK2Ka@PRs;yb3vIM
zEAtP9<R0IWXG|@2kTVN}f1~r!A2~d4VnlQ=(GKKV8k?dN+w-trSTC7N#@@jFW!o5w
z6wmkY0YgZSS~@^IW~!1@peeWJ!n2s6%`weT-DbX>A;o%<Tg<se`37VhVdAJmbqWr8
zhE@x2`Pqn9`O=81s&0oj{%)q$*_nKI(=%f)1)ce3*)(6eC61Vj!5&sE`p0?%6@~%R
z%;%&-nU?KXm13QTLd7EIG&}HGBImLn1T&tdz*M>})4#qd(`s1zvY#>Hn()KW<xaxy
zDzz}a0oCdCWlj4d5`EHu!VOEI!&{0I9rFnqF4KWmqAya-kk9Izuf}VEb$-IP<d^`b
zKmVfeP=7m4%|<{GYIfq>>+fcGc!>GIqS6KY&Mo1d&`Hxcohuvvt1M7qCqB*mY;x=d
zpR-z()0o@i_d+QP+*1||0d<+G&Gt-xf3AF5=~2I$s?jCZYhDxKNfpa((_)OE$?cp+
z6-CPNNlb9GRl$xSR$F}Vy4DE0Qh9`T9}JQGMnVqBzYK_bl1OMzQDZDCHRVx&*Pi~d
zpVwY*_>%zO$>#nkhYRQt-&e~1pmpET>w>Mu$V2~^Ta$YP`PFSj{}=uM+PhwqAU-)3
zSB!6^I);swlrp9cFW9~!;%Seh$|4th*(TPr#eop=bDEK)g^^BSb;Uf^f)8tEw#W;2
zmt=B<%wv$simO#&7r!>++Zv>Q9FDwGJ@#O%B}HYTE=zQlc@{8j@CH6uq<+Tc73zCh
zidjqXj6;hNZ}7{Kqmnb;RK%#!6+PJOpj_A*n=8T8#Arb%RxiBC8a)Q4l|1CrrKN*x
zpef%Fae3jFx*3h73C@`r&zdnLZ&UJKZ(6+e?D?!Nb|->W6QPnA+n+JXT&q|{W4QXl
zRhQkwYeM{?JVoG*<Oe^myq6|v2-#P*C`?AAJGMpY6R|r!**YOPiiD6sK&t+)csBfB
zd4ho=)Ttg&4e=2;<4-F`5Q?a`U@tLbgU;jxJYbZ+KVBy!d1Py8mRNaR(GUB_gol}N
zr5aNOXOh#;lEw&B6-EOcD#f7E7yN8i<gs8e(*mD7R#<?tX-xgK18tkF)uvzRUH=#{
zDc0kAPpVzNz(hBABGc*j>7@?g)1RCq3TYZyL-Zn=s<G?&kQ_A;;~N&~cS_vzR(iM!
zEgN}5IB;rb584TkjBU-)um7ea9>3P0FXC?`4vzh0)<Xr)@ylrHYN&0pg3t?h8Q0*g
zJSDNm=)?w2R<Cl#zQ!QBBBWRma4zZ*zyq^Nwo!jUeN~%GK~$O$C@u2m7cvibMQwQ~
z&ny1Yx!Ri;SasgF$vv!%=bJymZ@VkiuzDa5m^G{Js!=*KV(|0DsP%<UgZ%^RL4#gB
zC1tgCAV`H22pJbt4d1>SbLn`(b2(9{RxJ?Bcsa(^+^hViRvW}K)8^vE=<K?Hq5F#^
z!t}j(Hd?0uLroz1R=lC8(&UCZer}S#^NK##m{zX7;vZ5<e%?C_k3IU4=6}c4@RWjl
zTA((-58Vsn-%s;6eG2H3vM82yj;_5M(;;o>u&5}D11d2|C`4)A4Pp*S3)}S#eUOi`
zL!DILb(&9swnW*6z3AfDUtzmGr$x;=DS>OES2YQLCrhr)U3wapg8830ukXFT{cnF2
z=DyF1B0y`0gw9OB=^c}IdK2+-a?rWrV}Y2Z6!=LfLy@5+tmdTv*I22Jh<nmMMl*Cw
zhi7Fw_~&PcI555Pl3a#!vw2U>ScZcoJr=#F4W`Lj)7}VwU=G{lKf93)=bQJ4kK?@2
z8hX3%-;NmM-!=35>+n^2`|w$MLvj|8{~VusO?hMOF_<ORNgoL8^lA<L74-%}69J(Q
zLrDCjCD8<D@Q6%osL1`)$9Q*`mSKb_506n5W#2=EM^RR_O|(^3u@_RfF2gAs3y&Lp
z#N#eBL(lObr?M!^D{?t^F||{3Hb0HG78zRBIm<KUXQQ4yJJ6Ob<T2Z3#C-T2YUHVu
zw@o%5q<1vU!ZC50R?Ssg$oviWvw=#oUx%g~0%BLyZPz|aFhR0PSw-0o(nu(oE~e1D
zVm`K`vO%Y1t*tpUQXKH*+od_(EfNRy*_+UCdCIoweAg62w&kmBzK~yanz6n8jbdDF
z_3oz1EpL?}_z_cxh|`9vYk+)%=O-G-RL^DdhwyA!8}>fi^pslba<RWMs6dIT;_`Ox
z&gef$ZHP9DCNKr=7D^5J<kmc!AEo5-o~V;F_#dY5SRy5(YO>p2jzYMr$(z{IFsp=X
z_6dIdRW?oPIUJ_A>9}NLphLQ{0;O#jW(qE~<`JIaY|shr@32a|w|Gg2#T0`YVfB3J
zGhGeck)CQreC^10UxZR|h(NDunGA`c3i90Kdk`Hy3m@4bo1kg8Id`&dxBEs+i`^%m
z=gul#o17JgJefo*5DO`Ghwbc3aox$N+WJrd*Mzk8lI-(Ref#XpSmBo4SX|BM!j&o>
zF-`fQ3Jm^87RYUvlwgI8T4Ok_`QbR&cGH|-%~qO?Ao$5CtukZ$9w0<Ix|qA3E|+O`
zoiW&dCOxzTeVx)yd(g_eAG|>0o|zKEFFt4fX$$LK0@7$G1H%u}DD9pD(rBCqa({q}
zg1`7c&s%-4gN5dh54Jz%4hAASx%!s+T`)jc@)Sh4yGG{_iQ-FoFd^%j>b)wofaaYi
zpy+@<pz1)&TYm8P9oQDU-}tjns+eiB3_ok)IYb25X--Hgq`K#W`K@&i^`$bH@}3eb
zbj&2K50)8PsY&NBQmrsurI^!kJ!vajXggl4$PN?Q&B0-j#X$bj;CJx*@D4VAsB~b-
z=FX!+K}yM5O>|SsJv8s;<g|r?&W33$b|9@KSn}XgPJU5;0oYO&Gv#T*tGt+HXzj&L
ztDm0tlx(MxpOJ2;PgBHcYgc`IRzDD)oYrn0m#b3X$DvPtKF(p4F;(&UC|nH4$X<wU
zasK2q-lR-R8p}qt@ETLaJR8AwrFW7!*veM5_}v+hab4Apzo73{<p}wbYIQE!>~?KD
z#kv&VF6R+G0c5dduP(bN)|JuH@SD?8K4dvl&T6sE(Qz2Iw}s>RVCUJ>n9<`+F9XDw
zWkuZNo6$&>)a+Djdj3E*#VDRFe6VvQS-se<^#bOy;YgY)LlH$)ldXOo0$gZHl><Xq
z7^%@`EGSl#_O(#=HTv2WJ6seF!He489a8z$vaLL<ftT1`+7F#@Yhcb+OqrVl1pSrF
z(V-@z6$*OO<qp|BHn%(x_Px@1IiA|ooE*K~6J}uphs2@OZ#4UF+Rx4OveSN%^}e1h
zF_~6^grcA7hc(rc`|}v$#Yy2S>KUG?wmJLmJ-MJ<ji7OEEXIZIAB-9VeLl(m2&a6P
zW<%F~fbAA<6dTD2?{YK%9!Nax!LfgTac-lF!99}cITT?u1r18it|a=&dg&_U@D3@|
zmopUMCIlhqXy0idlz&rfFNaLrUMiftKGVDU`fx3B6(<Dn-TNImRxE-{5vu?V48F0&
z4TiC&u5iZ>YT*8kA2h&0jUiXUL5(BV;zc}z09DctEp0<akZMO5Rx}rJWrU%+LA*w?
zFGL2Fz_!Q)`t?wZ1uPzQLO-tw#dUr?&58aYlIr48W6d<`3e1Mbj9>1_(DcXA=Zt=N
z!BLMd&ccLX^1+LtbOu-rLtrM5iW{s}Eo+N@W8j2F1=ti&wLS_;|DfIf<y_to3bHVm
z21>E;*T76y$Xh=|eCw!~f@xXG&^3?-kHObd7Q<Kf&Dv@EZ2*7GKakwKl^Sekw0MKj
z>F(^F!?r>U1+jH18l&d`-1`d8Eh;IrOH0F3Lqpu<=d){zot?qj{HcEUveNJ;3K>Iu
z)}(~C>?a&k0k(Kb2kq&?Nf*#j&-CVpz%;tPDkeS$M&-=$_Gkvuu$l_!p`cs>!AB_p
z$WWy7aPulVhPWEa#_*%2_W8VA-WZQ>{%%uzE_u<&5K@xlXO=rJ77wm^mwyo|A*-Qx
z9HA9$7ez>a{n_!zd&gn+$wD8GL+|)tcBx?YD`0jLQ2U9<W&~s^18{FmVH`29fi5u{
z;fPHH21mr6F%YlG<&GvLQacF(NBBOYWE)g-B}V)~pbzM;F~Fn1&Oki_d7@zX&kPf;
zSL9$NRmGQNPoc^BaYI~4nWcc|BnMDQ56r(DM=sCH^#hTe8LoCh4}@562Ov5(!^_2}
zOamgxu7n8nCm=T9=*4fZj$}%ez}6-B53pAmXqk(EUvOvp(w;n`LkE!b>BwowzQ5`s
zDA>Q@pnl?@RYb@*g<yEqo6?pT|CAAsI^qVqa)-QB$XYfWp_nT%Q-p7kWEhT{bP$Cf
z{-H1~PLWJ&Z3o>m;;MTU{vrB*Ur#pRlga(SKtOQ*d+7pY_@7J(_y;P*pn{ZzA%M8p
zPfm|k4>lWl6k8^iQi6$D;oea@yt(mv!m;Lu%&Buhym)a$j_FHfjIBjZFQu^p9XLb=
z?s8(Gt*A^raW7m>#~bac&ygrBGmaag^77tKXUJ(AY|`pCvhOx+qs@e`#a|8wwd1m#
zzk%65U(-s8R_hGtv%PKQuP`jr@ac>m^wW6L+wtf?4D+vD>b`H+|MPdqYGcMw{d@|c
z!4{IT7KzY_Gt4S1HOvrqb+H}yFHqgQ_GV@D+S5VF+vy{}MxVp}k7noj1b=Vk`kefA
zz;-*0$;L$fopa{Z1C`>gjetewT?o8&wWy_D1fm9hdGO&o#vu<>{DxJerQ030Dj$O*
zk<*jqM(Usj6<p0IsThf`MW?xhAZAZsGK4)m=!FojRUrq=7Cx@~4+O>h7EsmSgVkbb
z!=_b0Z=!h@yq%PU((x!gN=2W|gw$e4cxeRv&y}{7c6Tuu8d@jAuvobJ`gTqqnMnsW
z<-Y`#9Q8r?J{1_B2hs^?DE4V-K6XlKDz8E`*-c*dY|t^K5igw|yytmY4n-EmyG9uO
ziY}bmA%sz8^OO*10B0bx2QVJFGiu_O*bt+I3hsF2mvq1fx^BO7^hE|Dr5MFPc~KJ%
z`3Ak@X0GTQ1grcJVxcAK+=@IWUJ;SNN8^ke?rER;4_)j2LYvY;F_k;X*0D#^xE(FT
zehCmh>4YtvaFAUC!CP}8Ch2xV#%TUnAQ#(`B4WfX^EWXi+c%PZqm(yj4EV@mP1K#2
zXD{7P{Dj3(Dk_r)XOGqlBO27-Tn(0p)-C@}bCgidtN#y*C!S!=CFmd^j0_+k#Qz70
z2*5fW7(eyZRUxXDUK4Nns8D8mL}_9=6Dcs$6l8L2FbaBvl`FZ&<k%V1{azLrgVs8X
zwz@i9+y6YU!9{RgCAl^2)|RebhOL8LUC%C7kN;LcK$*h7^Zu+!asc%E-}kV;dp&PE
zZu5^q=lQ<p5&ydGuu&Kee?!?Yoy(~a&jN9l<de#s@w2Oz&?nDZiPK!Ak1q+23iz>0
ziRTlWvX*9GAMFLzvYivp?{|m^4q8gHDqLI=%kTY)j0#<30_8&7u`+D*2}>{aQA&Hd
zRDCd~^wN46mb_gOhwxz^Q4MiRc?~HGrpt6lW~Uz9W9Jd?Y2#`vygd^4rtM0fa)BTX
zY3E%c0Z{7@otlzY;-4O(+C-(KhC~NXCtV`P;ly<(akvFUr5f6Zd2vhj$>lQd_UTo6
zU|))to7FBYW7}Z80t0-dW>$%|9|lXU5SM_xvIobweTD`sh)cf!r9{rhFkB<_(%B(@
zGCWYnv;<BYP1_y9(p!7m9h4KrKfq*4)Y7~qH<v_DH|hc36Pz?li$pVgBxllzUB5~0
zc5WKlO;E+jCsmY6spCCjk0_0vPAC4pIo~os!`L01YHUs^;5TxB@bNTzKfiSPg5eNR
zDhv^-g%Exz*9d~aQtzOa^%qK9gZUEPk<50a<aPH<yTBEjqppVvSr&VWJg~^)<=U>D
z%dyAVK<uf#4xw$kgTvmj+gWb59YG#44ht^>S3`wtPiNI$FUkAdwj9O-<`ApH3wtpY
z=fGe7$GW&>xi!<0ow9bWT5;MsAzMQreR0=8S0m0AnGO6lD&L#kq?K*flgwT_gD^v*
z8=<G>7wMR8$q=A^JCvb|9hk|!d*cvOo}45%`;t_tv%F?WnUWLRS!7=0daMi_f-ycf
zLW`2RX_LRB0l@X`>87N_7<7kB>Sb7SWl?fS9$Bi<uG#8t!^1~Ip*l#qN0>;Q@a<l<
z^^o50$gign7>Ruv=UCvjcQGcnW@&cWHZB8(iU^YCQY|);#Qi*~fXC0$#j^IK_14n_
zR<r^ZnhTW#(|Sp3seVo!#qwwbuP)2=Tm5aI<Y8Upvj$_yr*zqBEahL7mHmuX%EvVe
zyWHJ5Hk&ea{7y6UwY8H|*QA=7l_q%}ZSVEc9e%^<15uj{%gMM#2pz_a3>aYmH;8;a
z)?~RVy=Uf;(_h9lK#tW#lE#^BgXxn?R^LUUASb?+U;qomBz=U)lD(V`N>76=+5(Jq
zeT;jy3|=ok0a(b;O*O*9pVYWCc{0kywJoSSy!JtM#2W&b%<{OTYE2o^c*pj*c7dE&
z$1t|IhQ;?1Tz{S81Qvz9l~z&$|1Qj(Y-tdk^Moaz+NFALpv<wmp`&9kv_zM&wiV@e
zt#rq+nUn8GaC-{D4|akkhh!>FFyb{r6gE7Uhxx#>hgC2ozwJ?Wl4*lM-NSgqs(eHP
zDjm(7fg!7AQwnYT#F}aR@&QE2tRjvIWSYyQ_>?W1hHxyGZ_g~}w!IcvP-TcrC9dbV
zTK$!v2%Iz(@Rm@fdXY@KlxGQt>n1g96e}-u9or6sT4uTa4)WEW<p6UzS|V8{3S{KK
z+EJNZsgavu`z~<Ge%}`NR*_X<>ozJiZ?s0&$A2gqr@aokSA|^Y{?bu`be`o5la9ou
zixVS?H@7ir3C9e^d;}i_F{eePhxZ!DQ9=?=QK!xYjLny09RyW1AjM=miWDLchoK|z
zz%_zPkxb?zbFnvDSXEQ)hO?zeRtN`i((l3HpxD)Ad<88^m#?~oR6U|wScCMSM;j0{
z>(I-;2l<2hjmxMw`X*WUkX7%JehpfH(^1!7i<TP1(gv$jYbZ%xHweCoPcoQn(#%s~
z#9Gn_jD~KGcFkNJS7Twz*%FYYcj}?}8`I8}LK`zy|3^4ksOW(TbhTaF%Sf@@R9E{b
zdvM3Xt?*Y106mjmg~en+xje7KdXcnTalMYQh3N-KS<|~Gu|%J4IoXIlEe`vJz(p2z
zO}oiUGi=?(tn2m}>v~-Y-+)1N?y+Q_a@eK{^w!8nY%my3nNOd*;}4sx$gz3y$v|vq
zmethp-;$m{sCcl^jKRul@6IH!*TmV2ijs%ySDtY9i6vaW^m_KqBP@jS@X0b<y!3r;
zRMc9Ka{om3*RBY_UAV;UM}#ZTT%}E^U%#a7)~%qkDH!9r_@dcsc&hl2j1wXwf^zQ%
zMmep0wD_^vPIL(WH8pwV$#Xi?D-x{_k9<2r;7FtPbMKE6N+_Hsn1wNQ4y^a%1B#q8
zJ!ZK7uo_i7iTuF2CivnMKWKUU-~tWK#rz`X_79w7-74lHJ|y$*im|d7d6g#d<`^)B
z;G$FDhHhclaN?<Mm}xb)BS(fMdy&k6nC<JKr7dBHpU;MP?P!OH=8uh=F%CRiScbV}
z*Lsn(X4;*zbyy{O=RF^Uc?r(H=fM4-mLaLoN&7re<;aJcI;eu?q&^Je?v??Gzeigi
zPH<zc;pH+dJ&<~4z|Q}EWGWU^Y<mO*60Lk}Gt+q8CN@(omAm?KFCKDo?3fGyyKdd0
zk4GOc1Gm#CEuX`BV&!I?Yi!1b+flC5Nr`vRntCuX$5$^0qQh<(hb7Izu{zg&;D&ZJ
z!O(8|nV&CG+VCSa%SpPK1rS5R%fMizl9jhnuLn<WSt;zbks0!!f*9NMeSA8HWk-yO
zwq+?s(G*$QmC@nOF*{9GtX2<!N9Hd4DaymD22+X4c`p`v-HNrEhM+mlakQ^v@E2bM
z{U|T9%>C`<N1o)Cme<HI-4V(d@K*b{)2yH5kk?-ZJ}T#T55v4bqdmeP@Jq<3C}TVF
z{CG2ydvJA7s_H_?LOwUz`!<hJRB8Y}T?W(oM?@rtGeG@(9Q*KZC`bUX+Sg(n-F34!
zk0lQ{q6Aw~QTp)!UDljdFsBqF(QB#{)m&gcA*t!i`%its^0x;{#lyUNKsd1esU?{&
zX6!7p6=v!RwaU6D8b7rwa!@`G?++oP`!E4a4KMx2ITo%^#naOfHbas=w$y0F103(~
z2_~Db=DCLZ8s2}&z_3FgVTItz$NCpu9&q}%n9P+f%H^}wPv0C6S?VY0Uux5RX0yWi
zI{C}D&JMp@D;j4)<$3vO`QZ*p(?6pT0^sT;(X&$CzcC{)Sf$*rEX-U}g3x9jHu}NX
zWS7ZHqA@l>t@<gS6q_+U{6IICWIe?*=dCph3ZLBL{gI?qc-v<n%LB`h3Qrs3GJ1!q
zdLBsW4Wo^9Vnxp2j-!M!m{<0z^et6JYJ5Lt7H2f|d9jIX)b*<9ySb-T_q}_4(B4{}
z>>zd1DuB9X?;cVP*?sdmjc(7gh;zxdqBhqT@{((bsug#=C4C6eQ!5Y!imRs@aR{bU
zQvaFz6bv072{H}%>w(j{bK~^0@R@v_&#<u8;J&S=UEMKOb@w)$p$&@{f8t}SIEvio
z>-IA8K0S5HL-l8ZzN%hmd^-wZxI;LM0-+xJ@tA+r#*4;&I@^?w2X>yi3Qw+}kGq<?
z$<y%!lrJesEQb8rY?o89?gz1rtTJU8+p=d|cSGaLezqT|ZTsq`Kg#>^l*fg$33u&t
zFv)^B{kh3-V}}NVM`G;mBucVokC)Csm`Q$WSdtW7Lfy!Tdy#b;K*xqpq2r%kI-goH
zp=5yd8vt{KGU-CW*q#~#fBrKxsmM_`Db8+@gL+p|elixbd2RmX;%d{j*A+bl1u<TU
zB2z!T(%uNHSVR=h^LX?Xqi4YxTETe`$8WP)NwTz!nhuMK4lmW#9hvo5xxY<ZGZVL8
zA=rRdw?8v~EY5}Cc*OL`{(Bl)>os<-{FyH21CH7jcSUPAYeNE<3Ck><P{`UI&do;X
z$(DsjTZ*E75^&XX_R*To(<oO~t=Le5U769)y9foYqr1K&U*PM=y%uH1^JF>6bq88y
z17+pv=bT+Vtv9t#7@d9HUZpB?gH~yCI4FG**AOOwSsbo5`s)kGL6&!C@o2`~BD<oL
z1n^yk(_yl%eH@RX_Np04JE@H`pOrWvddP6c$CeFwKlrx=_F#*~jOVb6MBB&ut`Xr$
z9B07C8d|M&lyzUK;Kl~1?HCz1Yo;{Rqy*7t(C*kw#&In||3ui6InX;uSJ0w-ttG*i
z-st+VC-?<JF(Qe-EPe)vh=%;<X$T9Q%_6Yv=&|z^Qop2yMA4?E5)w5vT|&Ps(xj}9
zOxlLV7Zs_5wz@KL%4ys&%`>H1s<54&E_H#isXY9bXwNdFFO;lJK4?{sD>)OVB6l9{
z0zTr|CFtY`^KGZ!>^5lGlL{7Z3*x;eTE1d?0koB`lgF{PLZ4KjUm@&eW%MUVAGA|+
zP?e1Z<$}@@Uh&B-=)CDcZjk16r8up~$xN!Qj?S9XQ(ftfg-Rl%M0LgA&o<65ORT_d
zl-CzyM;!lf$8bxw!gH%jx58{WwoA<3k4w#&SJN|x%#h>G5~TgOeh|r5EO|cJB83q4
zzB0c+OLl;!_Y>7}2iR)AsMB5@dkgEybww6kZ`ht*_>V5iBLKGOq&7tCclAxhCX`IW
z>$Kd&KVb=>Je^yDQs-%q*{WB7<~tDXo8+!(+eSqYA*?s-r;LbO)~%*3aZSkz;8gNJ
zvVS7+&F*A1L1i$?*Kq$dSVU#s_2DHtA>+=O2M0P|hWqkN-Evzf+Df2YgNBYGd~Vw5
zjg%*&qASdT%^DBDtSch7)KO13|0Sz}_OhUORi=4W;t0~3um>mHPt<rF76oL|qPz=~
zfdfflTEH^NMfMJe>W5eJJpLwzuUll)RWur`>~sXKas0ikVP+qK6)-AkpxbOH6?2C&
zcPxIoz&kh^y|TN^ai@BR(auQXglG?ld$m<BT{OVmoyFZ1d#0Q<Y*<Vh08$g}<A!~3
z&#qVgQOIT<O8aI{3_nBm{sfBuuzD}7s{@!AjCqCCU}byX)NEoZia)5+2+AJ$SX6^%
z+~~q-rH}xB%EAB;k+9hbs;h4zt=8yC@bvv^lf?a*O2-QU5I#mQac?9C^}moCidL}&
zkT7@Qef2|;yEQLs$Y-`{#RgMXw^cSck@OjheJ=$!ZuqqWkV_0dF@a+q7CJaRL}sQv
zGABHWCUNl!LW)nueJGXy5MFM}50Z3rsZ|X@c@7H<@Yd2TJsOhkXG&f8R>p0eMtwEd
zbgmBX#irt}QLW7#u$Abc)qWA(P1Hw(g-s;<xuf|-fKYl*(iquA`M?56w@i^GO}-U4
zTid`y8?E{GJK|DD5wHMhh3=BiJLOp|qfLxJpj5TASElo<s^hM@QLr|d`X3y;8^;%+
zK(2>he)M5nNGq(07K4q=3#e|$cs8YVU#n^^z&;EuHmrZ!CLZDll?r;EN7zR~x+i1p
zED6nzNi){-&-&m$WcUCm^zUB^;DK1+Lp8*@40~K4p*ZJ^<v>4-U%1p6i*J`G)F6}1
z(T?(b{DE0VXT7y<dHH`A$zU^5te|D&ry<5z;sOGN!lNwV76djyPfcYi5{~|vJ$JS^
z3<L&He2Q&w&It(b4Tq?&s2bkKgH~^jD1@kQAN?-4(&dM|K6nZCdB?9e+UFNO=K=VE
zKXSV&4}<CoNdxipeqDZHemLS6DuA!3$MyE(wC{o8eg3`7V^|G}sG=^#u=g;fK)3!=
zah5lcV0z@B0A*7?><MMqq=sMS^`aKzeuIh>)}&<}(u#+_Z{RE<)F)*eDJ5jEp@c;c
z&KU;XSYzGevlmEyG~kS-AmK|?D**j>HzDr{o0<>;;x|xXHBg7axDAcD8(Mo4+(}<j
zXyA)#@KOch!t8!B<=~Y&@C)KKj>yEw8+PEE#qviS(2D208?}1@6DxC%5%NP*yC%^h
z?18hUFROQHqwL$X_wlUuiR0&nU|mpDP~s%S{}*1MX5dE|6CA0kQBnjB{#!Jt54qBZ
z5$@Fo76KUF=tz8Q_O)uGUbFaw>#&lje8D{{SpYJaBPaeJt;zYQLI+<VeOL^{-4EqV
zZGD1VQg!c&+XHN!=$V-RR*~JsoIDXe;!llv2BE&;ME<yCzUd5n^H{`IAx5;~@+y>O
zsLw=CfQtI$Q=*<s-qBrZBn%-Z-)W}TFzZE1odYT7w{$Qz5YJO-gf(Y$!Nd_0wc6Km
zCeC@>!=OmsQKd5wV%W7t-{cy<rnTQOM%HTXN12i=fnjxjFmy$M6OzU(m4>64SYUH%
z+o@1)XCaU4vO#G&Lbav))IyP9XcJFP*_De<fVCXsWUAj-Wpbevjh*64FCi-wqaq_B
zkHFF9;hQ7^%HRxYa8DL0%Oj{t>C~FU1c;UE3dhi)<q&t6qX}Ca7Ea+w&}J2eu->IK
z*bk@+)u^ic5ca{S`uxP#fx#lB$>P2x9A&2>kjJJB#(_B}5#AX47x*D6Rrx=|jIB&|
z1C)Vr7fjgScnanJMCt<w#y+58-;{VGet;Q!BLBcDfFbM16xy8#D2Qm!g5<f=8)90G
z8Lx)`hWzy=B^+P68`gw9$mM@1m^~mps|6Pv-hQmMu|j4HGJfk;asC3|9DU0MNH`GB
z>xa`taHPcl5UYBpFn-zmE1$&ei|6K3)W97LPt^QhT)k6xWnI`TnvQMTwr$(CZEM9&
zIyO4C?T&5Rw$tIx-se33Ip4mRcjK8?wPw|-x854fxY-ks9c<pginO?1NyA5QeHVZp
z+DK?6EbO2Y-$HZa$VvVNJmU`#a>r++HEXb%p?|B+AaX}#r{*nHx7)HPG}LO{D;|!g
zY(OsT4JtFY`eo9Z@bP&gD*P9$Nfi0o8L|(Y0v0n2)7k}?&pjeq1(<5nHr6v9*0czO
zI-=jD=QRV=!}oDAcCIr{)Q3j-6cB*j>I19%3nm%b>XZ}{2LxD+W&h?uSTf;NqQGE0
zB-S^Dbu4ULIx`7(iyU0TpoJWu8e(--{;`?sD!1^zMzLdFmrfa%0?lLkf)g3KIr5tR
zYLo3V?#PJ(l_@)O(7qqH-7o|<`3r|AyG~Xt4uNi@bl`^O*(SW<dR$zk6@oIUDnQxU
z4dg&PJZ5qM!PE;U+P=Jo2glRAFJ{~8Ie8OK6m|V5o&{M<t2r-FF+yH~Y^Q-2FEo=r
zj?SwxHzJqvL?=7Ha)ZYmHUW(gy`8{t($cjQvA=+TZhl;M&L5i-BMIk*Gzq#N7I24t
z;{irsjRrErAr_A=L`h8<)MK|%Y#%GNRuTm$HbnBh1^J+Ka@QHGAnci(%*bGIF@L%G
zJVF!vHKA3+m=hR`WoNE8*{NyhXw#6QJ5D~}*xu*hMR>3)7-n3mK`k{DznzjG`;3|D
z@+tRe`I+5EHO$t>sGOR>X}zNw0^mMKiD&lbs=2?-rYUz~I3v|)7-BTHCeto8EzTL`
zG`@u|lq@qI)u9uj+c?r(3hvl%Rs{8k;>Z#Pqu^~{FMWf9Q?U^Un}ze&BQ;Pt&Ys(R
zd(mlJl&JlK6u8h<T~Pq@(L<(_c|sH{h5+KoSG3omX-xTHfDgq)EsVbu3^<S$QAGjg
zDK&69s<qNAR*;>W(Y|d4kMgC9=z<e}YcPd?(o+nV^C$g=P2D;DJMQ3aD1cpIVF|A#
z)gshn14}Z9Xr|u5+HVpN`RHj*+&x>cI^yXdC#b)o{EtEtA#Y%TynIryc4HQ2l<|&c
z?MuGrJJi-_ew8XFaix?y9fw3O1L42Zk){(@PmZ5fjfAAy0d{~4wimB{!73EHyJEJW
zsZ>iQkX%-J@+x!W-v&L0#h+aKylAdyCQ~D+yOoU9g78afjn$d3Mn^Py5o&AEMC+Fv
zUGFvzOR6mq#_OM#YoCsrO_wx}lh5}njvZh}=<h^Ffn^>>Xt{nh-6TosJH=xm45Qm;
zaE4qYBkB0MX&wN&j5{X$%nDgVTi-?&uWjUOTS%~{dOyXj6jYvZs1h&6a48w@?-|L_
zy++zC)H|+R0R|&ThTGeM2!@DPV@!iYM^pp&1DdK2HT<7&kAcM*4zWJ;K^Cn)O^ieM
z9Uj!q&`bJYHDeFKFv9CC9TEc!C!@(>in4a2t;z&fi#gyF_%NoX@>o@>o^}b@@wLDI
z-{a)t`u+Z6|N2n-<>UJPys-ImP{8P<+EGU$HI+A0vm}uBT~$C0l}M|tSgS^IVj=Wt
zu0gtwtG9Kze?_Myb!cLTZTYcS;UqSGjCm3MoHVsi2sx`>;|!GL@7NkhNLef}<%^6t
zSGQ%V6IFnV)L4pY%gmt$s>(rgFIL?On=v1=N%~N-1-09NDm%L>3tR2##mQJDvsI?)
zsi1AGRm-x9>Q(ohW^{AE_h#1E295R{6WTH#&s&Z9?_QE!+{O=k)L(Q)+SsUw(^RS4
zm5zi1U_noV@(YZka0@z-9}v~PXNfIDhV;+Vm)!sa0Uc9)*U5RYA#I9C<5Q`Z=DPWN
zM-8oJ+Tya3<^t<A;4nTinJJzUbBE%F&TsNhL;H#2bK6c{DnUYmcaMB|hvOwU0e+$h
zHX(F$J2C)WrR{6zyh(-GK?irYRb|If7~h}HIb=$1;V|P<jUbExq#YE!W|aw;3_sz&
zdwKwNnWuv7Ir3XLY7is=R6?X{QnD$z(b2D8*18cuC+YC?*l`&eUP(~^1+CZzC@d6D
z$ziN)v^x?ks}IfLBv0vK>SHtBDB7*7tx;zGAPv()r9V2`lg9IN(qK!;cPh*Ou>9qP
zq{d#sYRPY9uzHQp)Vhdw7vCAYhhLi`c18iObp90kFU-e`3K;xZ{)&SHrXNUXShaf!
z%wI7pV2|yW;~^QDi&0ox>d~@SaO&xTDOO9MxVB2afWdJ(VdCs<%-mM;L{!35s72id
z;%Zd-#M%4?>I?P9VpyK-oU=lDcjd4)UMpjI>o+!R>EG<_VNUI?bC|dL@hVVyspbJW
zZe<8@7_2ITJ7yojC~ScM<u&Kf>_}xaaW<Os(-qeP@VhHJPL{OJisLIjooN5^JkQ@R
z>F^`sSujtADj?aeHnj}P4ZB$>YXIVz64#1~`WM&FPvrx1a~vLiT$}SLx&ZaAPSLB$
zgHr}x_?IT$-p+-cEn;b_DCaT7hz@`ymByl(3W{UV)0Bg#>~=T#=J!H-S52Z*Z@gE5
zuk$z1)y7-@ra;#<MntUhHw+gJ*bsS};pIJPCpz`(vT%J&>jJ?<ldNIalEt6;#wL4g
zjy8i1q>CbsUkMClSuPrw4PYMky#vn9JaR9Jv<vI>0OAj0r97wP#HElEwHLtJoQw~Q
z??l5=1ID1&!k?Hmop(g7e2!^KzU=^a*xg`GxL*VXYB>8%U$-@GiT;Z$Qt%7-&5GDF
zbLak<V41;p*dZ&rOTT9+=U`z;0!Td5N!L{Ry=3PnfmHbak`#?~AcG8|IQ*#&oR@0~
zpv=b=gAms(63K1(J&3$ujBEvveNT5tB1<^Vx)VjaVgqfsGllD0d(|umo6Y#kKB)FZ
zqboAPUbKYGZAGRrhjvzCL?|eN#>e)U3w3>pzgmd1R(K&jHk?1p4qpQg3L(t)sCK>$
zODt*v`=NN94@4jyR1iN%KCC-K@11>-yH&KROZc1nmiE&lQ_*{uP(&HPlS8-Add@0l
z9`#622nh-$F$^n3G+%U+P5=|F{wq^qFw*ed?oq?3ENq|=&VcvL1piZ71zI6-PKCa^
z4ML^VqraHA4H?DE+rwzNcxBjtI`40#Yn(!y#C1n(AT1Vdwp?O!XDd?^HlgwW8}1pO
z{t#cvC3{?rxHzT8$aNcFRD$YEsoy5#hBr3pl(f}{YL6uO-o!NLAD<u*<lMt|p(f#b
z4r+lI?cACPDTB$-lX=&)Kko0&O963bNMU(W9=i|lTP=g)Bwb&>NJyp5m;C%RBw1DD
zD-pF#4W}Czm#DT}KJmybA{s5%gdK!VvWwhmor?jol}t(Ov^!9M*8SBNgx(|X0Yrqu
zix>A;dN67!${K0u@wUr=DX*3kJVb5{@p7Gi1TVN37O8;QkJjvpL3Ae333dYy)*M(c
zC5iB-v}YP~?M|2JoG1qA2OuFOm~cO?-ko)cGUB$m5+m0VJHhO|URYL=5=(h3O|+6Q
zyW<?N6;WsN^;Yo`6Z~;@wz)W*Zsv3=jeJEh{c%O^P>ZeMMk3V@{7Wwe7ZfidiRrgK
zAHUIBC8IrO=~UkS&c}KK;eCTN?vCSw!By~;Bh>xq9)TZD{eQv+v9}OOT(>BI*d#jz
z6d}YBi~Ps+18JE&P+wp)D}=owXlP<6Ni|tC5isPPc)IK($@av~N^*Z{Ia2bTTaefM
z7#0thWV5Vva+XGxhrG|L>!+C=gWg|%fG4<rVpqFHz{iP(f?~lEP@b}TycuB33ZuMa
zjb(j_;4_$*5OD;a@`Wgzc4>V8#j6OwajFf(^7AtIGRxKz+w}%)gOWmYr(9(mTPxK|
z_emd7u&_sk|0vA^%+oXz$W^5avRnb>c`O4@4N4W`DMN|}=AeEPLS1eRSIuXQ%Vu3S
zLf0Jhi~Y^RGW-j!cC;xir>igck@kj-w%l)mCfkeX5e0eMnf2I@=$3cDn3X%PJZ(gl
z{d(V9agv3!*}qFG1AA<Gy=$W7Y*uP+?JwKSBb)Jm701G7*0t8It{V3-lsv>w?s~5g
zJB>w!=Lc&pr~WU*6`})TVzlR1ajg!$uBX=$Y8bpSrA&VyS1@B}@I#NQ-g^9EW={5&
zde^n}YSms^E|#jhSF#)cmEfj^>3!+K9eZ!T9GWqUrkNj8{(+kstp@OB0A~<M;=~tH
zseJ!aBODnbv1O0D`~)JutxfFz*1&zUBo_AzL4T{d<=T7b#}Li~7C({T398haWO?M6
z%KJNM`%N`CY5RfN#3&!)bnin+Af^-YtH~?EsOTUb);yXqOhE7tz!6b59Oo2EymgQq
z-Ma!VT|n^Lou8H-6k|Wo<<1ThV;}AEy3pR`4fPQQm2Xo1&#^pbKBikF6zW{}>@doz
z6B;Rbuq?IEbw3}Pq%1g9;qc`zVFVEz1!^HyEK_kPX9Ku`F+!KJ@<*UC=y)o!(Lb=v
zwV+hxLf~fcVvDp-ia=vf@eRnNM8UioLFv}<A+QZmna%iwUcZ>DL8ZnC)yPIc*d&#~
z*951s@Cm_wF{4<UfB*WgSd{oELqPl4&cgl4Fi`%V{6g$48X!gE1%Psb^_@%i@9;pA
z8Qc~YX*eL>78Vqerf4;Ne_5p2HiD>{OUB||aG9zUWfwJbZr-(s#x67d+I2P~9o-h2
zBOhhm^``sX;&9>FYn!JiiIehE=*Bzu<^A%6ulxQ6!vMSv>^t!;B1S^QQ&tFVoBF^G
zI*7AWuz%y<A;1ai26FF*M2mM}x2yl4D^R9~yD)DT8WK$}A)okoc@iMpoJ14s?n#yS
zGln4CeW2#~rfVpK-@?wEczLpi{J#BAA_v515FqTK@B$LU6+&-uXY!8sSeW^7`cE_i
zVJ5%4z&s9Ms`fFwp2+n5xI${{-ey<^V3<q1{By??0HbYXhCDsvhqY9a2gt$t>Wsl!
zU>dhii2BL1b-g@XoU>a@tgBl)9L%h<EQy$>3a)Ul@G_7uxGVD3S6FmB+qq42Bs@Jj
z{U7oyS*^`gev%WYu28XNKzQ$odiWvE#>P9lLI_S?SWI4yJEN&~8xn~k-N>nUXYw(m
z5bqEj0BR(@WN1z@iwv%<1~@(jqw+%UK6d7-$bGKz-amtGe@ElLU~uIJY)|-{7K<h?
z)0yavM1EVvw*J=9<}Pf_YiPpVvJtqP%n2$rv}!RjKU3aHw@S!9@E+fG&}7YAP7bM_
zbH3dma?e>-0qYPq43uY)%cQ$xYVbBNa#n2x2Q(`!vu&D`G))psF?-(NH*D4D-cz0J
z0h3e1=HxXsFGlLqoorXGnV7=))P_8vX}@*a4-i2i>s7vximjX_=eqDA)=|JZ`%dI!
zw6R*8aZSy?;CM+_%>f6)YK4V}&B4V5RN1#8z`42z-kbMHrwFSRP>O-wGarwN%B;)-
z1LkoXm|clXtj|Iy=!C^nk+oLHqut}@w$^m}+~YhZUc+M2OuJ;S30CZCy^C;ilEL(a
zdEdTGBdcH#;(zj;5)SnA0!8-pEwaOD%SM^(XQfBpY%Ma4wp++f(3Z=bS~@2r!O4uc
zl2CH3D3nHHWe8t%<NX?F(D4KAv)QCsfRlvxO+!Vys_5;iO>hA}wN~TOH&*erJ(nB#
zg!#90_0i2!U7j1rvj_&&(Rl(|#r)E8$~Z~LTvJIb4XRqodbx>fwtFvQy0uDDF?62h
zwxR-J_6A6(sqaqrQD}#H=?L{(o(*=7&ich`RoMM3()HSojAuIhFjZfio%~@vK!ewx
z_~uxtZcS@sZM_^~vfEKiDip0=_Fn!(cB?G5s|f$h3Ja1HIjBlNGEYj>&At!q6*gNQ
zPZd5|?ZAZ^?q3@<T+vqOSU0|)Lh71>cT&<TswH^3+RE2o`br5SQfLCEQf9bNQ@M(F
zB*(8zC>Py>hd<32N)3$V`xNlQ04p>BGxjGUlC&bq)3}g4rl%7#P>5Fy*;g`@bKed!
zuet?V)A@dx%>v?5UtH^qr2c%IHI-gvrx?3WHjr=dUbQ<O{ZD*}a;4&lOv^Ada)P{2
zKN79YIH}rF4i8?x-(nv^Lj-peXn<o`%n>ClfYP1DhurXv+6TyYa$W5VASOcecQ*57
z<S3Nic%&zPX=x0Th=N2+RV@{Vb8w<js7C&w>hiL@&xi8KLehjUC#O+HY4%Iy;Kq%R
zrm9vI^73nsgV|P)x4B#L2zEk~SAB6uP5z0ia^t5@Xlo~T<kgP*`6oBtn09)tuOYg`
zgaPMqMWtsL=R;XkVNbz1;NE{S1u?sj<AJ+$g2pqtS+MAXP6~R9+xQUINqW1}i4wj|
z#)-Xtqjkr)C=|mQiaaB8_8(aK%nhU;kEvZL2)Y24^p4|`*mF@*7FCC!5$t+NS@2K_
zf%%7}Gg)Ga(hdU1F=Pod`NpE>g+-FBEK)BWzpd!{=GjW09Q&&qK)lx?^>KWozXN^e
zcNDZpedZU@WFbJf+48UcrbOq;Yz=glW$#R*f%rT8j6c{F58u05)6UHr$3o9Uqd_!d
ztBrPeyGeA0H|NxYlskfVWaDr5oU(khSw;vePk6O~ddDYPU>8XEnF4e4`=)@4(m5mD
zaM0Ka7bpkB*=9^i0C1cLdeibMtniHSKV0kZ0qI?`Nt~KEvRc8Mp^r*hT6OwD?NLoZ
z7DSR5&dk~4gr)P$1k^5N6uC!3ZsFqhGvNUF5|c(v!M`w2o^xijan1VToantV9h_D!
z_zJ^1wT4oc$V%o)0>Q<`So*^Yu&FZzM&Pm2YtScEQrXq6fN6Cu3y*|wViwISTy~yt
z8&H#ImzHHN9g68?13{BK#{uvWI45_J4O(LjhQu!<-cSofH@w+EF;;tGo8{T>p(#z_
z?+lz%1T)YL%94#pXM`a?i0ct~Sz`?RA^VQrG{om!-s>S4)b9{Sqkv}_C&=(nnbNai
zMnd&VNvSGMfJjA%Oj^OY0I0HDUy>5pLa%yeq3d`pZ|sjGVyv{ZCpsDO87-_{;c}p~
zpwG7lw{vYsaJB%yTDVh|93W=S327tvfSQxNM~M?1c7B51r{@jeNYt;AgPgClOdY%C
zn4=dgB^mUqDjNgYhb0ExyDh=8?SUsl-)4=b3qNrLywqvh=M1%sPo9&Zy(vmSCo|hL
zR|aKix#4F(15VqR^T>&H8l2%b!pA^f9*1=->Vo}w7zED_+T}o-QcagIj%o@P4^^v+
z6=?~jj1tupTu7$m4t1AFh+TEg%sFd08DpA23njfoRA-3xUq>ZfA|5jfI!qo586aBW
zTW2Q$%c0q-n`&AkBfR*K?fCJGzXrN@uD22HKgTByawq!sj}AEZ-l#>u!ML8Q;~uv<
zf$i?V$7A>~q9x@8<>P;|Xv(%vM(E_|4C%t5*eOdwk-(^!%3^ZyN_wCvZxDxrMZrfP
z=kWLFf;_jaVMh%W1EJX#!*MB~heaWaP)5)L#w98Aia<hCuLzsph}Lomw_^q?RhlZ0
z(@XUxPb@J|n?<o?LmRy`{t!9BvB3qNE!#l0$k+1zUf0Y<_SU8*b7C<HWJHx!^6-rC
zbqb^9j6U*APdq~^5IDXwkx@!ZEug2Xq3_Bh27NXm*_O5Vm0${8VIZbCoMA}kltbq&
z!Xjif*_tUz(#dhk-mnL>@)g^nzn3<`hi^}PK7V*lyhj)Gz4s0LUn#X{77au2Q#pzE
z^N;`~;p~tlO~IhR9#T_J(Tq*XH6H;3#bY<3!_FXqlA@XWB%R?Y0;u@v=oA$ZZz9n0
z>6*Zh>H>sQqEVrRq;7Xw^e%+g$Tq}$!Sebw{)z@m8-JAEWyCm5+Xou!v|u8CXHQIK
zJM?hzu=x0Yechw|B~&M6C7G8LQ5A+EMmENLG=_ZP4CA_nnJNQ~V~T^oJwWbCPbS<W
z8X<|J0{{I_nhvx87O*9?H7e#DmOVw2Agdos`dCe;H9@W>r<EETWIQ<Lt-GY^l4#Vj
zvi9KsBa=;6AN^9z)P~}%Ze)oRRGd@YWXzki;FZ`!_7szCkOZf887<uUXTs6xyto{b
zr9z2O!((1d5`3qtgi4&40RtLZE0)t4R<%E$vpd6N0$M`_9{?qiR8yVVU{ul~r?$e0
z3|sxY?k*;sRHy$)&T+WnOv+%>K3ZW_rcJL;f97JYA0~%;Zc0KyUjzHQC)<7vr95#~
zS!~T}XS)UIS7O@aaY2`zA9UOZY}QF4*mV7Hm8?^DWE2s3m{6D?-3exqn%~GMB};{5
zUL14QFDDKDCcs`0f`5}U@0}5NBd!bo<N=jP+QJfJ3>UIjjh*$6;YLKjU0Lqi7G)E(
zN=(*J7#vD{i?@XO$wr=@BdDrftRrM21xppS2dJpmHg4dPzZws7W-hUg>TAS+JL+*k
z&&dRBK|0FF9-|BuHe{97;#L(gdR#N>Fsb+lsg_b!2S5R)KFKy_eoS_cQS}xXOAoh@
z5yPEWY?TjrZc(n~3U{Wp<8DU35tj3-Rc|7ge(@m&D1gwjw|%=Y?KS=>i1t6Fd%Upl
z@3quustA^GWtde+aCd2{EnLHZ^$VfFguW@f=DX6fEUni%U8Ox=!|k%g$0NNU#9KQ+
zt^rz(0=&VGVb&yZ;5^}V6K=99fC~J5g1Wx7SnRxo%Ps!8vE%_VKu9Pd8hxH?^8m8?
z1loR5OmFG=5)oU-6;q$JL@~5Qs<wr?q74PosV@VyqmWP~cZAsz6{@md7#I5$j`SC=
z|BT2AWR(Gwlh;3RO@}m#xccv&`r{?1_wN8>7HzVc*94k4eqf7bYRe%8bs}eq>(-rq
z%)e%trDJw1e2v^v&cVl7_D~*RA-#d}gN(p;JyAsPcdJoIZg<SlM(bDoz*ADKj}ZU;
zB^G0e7AD0K$pM<m2>CTY18E!sqKJn@Z;43J<l@CWjT)LPxVo=1uJT`zKInVmMakv{
z5q86wr}bx?=MzCpGB2kmr@ze2J?!5fR$2*w%$+s@;*>zFV%(BgYYHt1Bc(u8>Re?n
z(v3z{yS#Ivt;dkq2NcJW*ec1rmYS=hE;JR|ZC96y{Q!AjVT*VYoL_oj3H6>Ycg!Nr
zW0lCfrLZ&`PjWi^2U+x5^2uG$9uvCU(g?9qfC(!`)0^%`yMKqVH=e@f6T+*`V@I)J
zausfj&ZOq?A-HkZrBx4ZU;YdFPwkIc;$dI)^E6+nI`kN9HcM%7WpptPjHGQ<<%jF&
zSl+xyLV(kBvs0V#sj{Y16*wHcQ9R=zjJaX;lbg_g7QFTQkpfGmU*m@LDt32w1qrUY
zCYt>Hcq1kjLHx7sB};;O9KOkPu)`ItbTrQ*5>G>dSu@EMjM1<S)@`|B9I$vCn8zk(
zHv7%D+mY}Z9G<I*QB0)==IE`AGmKtU;HK%E(||RWN&H^6(}!3AwXnGs9KOpQXeWPI
z0&cc9fMvQR!Iw>kozvOF(b9P^p20n{N9&b{egHG{qi)F=T(N}U6RMQntZH6Dad?wN
zkrk_jYzxE`t-p|Qnkrm3>oc(sPhMek^?)JHXoB6Jvp8OP;J~7~82{2)0^t)&b$#u9
z6F_tdG0ti<q=*d@YeP0XW-uoPGyVd6RNSTq=}Ppm1*vM7ULHIU&9AyySG!*>M2b=;
zQuC5M0Ww71OjT=&i~AZylYSNX>Z|DUlaWQ%O{3yT*&3k+@Ln%t5<?0ZLwt2xAXqhG
z%(Bg#RIp$pB}Fut@XXjy?)t@9z_J|_Ikdz4_uL{6YejD_EKUi>LBNL#j}Vr|z{3vz
z#cNEo9Lh&hAgMIKc|#TPE3W#mtzn+KL<)y+7ra!;H`2u>Yt>37Q9lv~V-q~vISFm4
ztiCvocA*FO_g|f4taMc7*{|R|JWo{2XGweG75PKPoV}U$%eBV$t5Uwo&xbq%e-Os-
zaAtXvJ5V?o=CHcagd`#(Epha;fwrJZT!N@6=#dJ=PI8f-;6@w{(dJ<r*#SF$B2$1{
zTvrSwJ0~=*2i9ATLyWg?m=UeRT8iwDdTXV(cqMiQTcx_n)K!<!xrbV3%?8)JKD+Ed
zd%vU0yuqg%oJQAHL0Z<jY5a1PUCv%IqAjbn*;Y?!Y9(ppF`ZnseMJk=vs^yuE;DTP
zIRc$duhA;Nt#p-=!;YD<RZgXKrNX+qCTYEZVboJY1l3BDNAXHn-hvhuBvs2*b%To6
z9d_dIHN<FE$EW9XmPkh@>7T@Tt9405W{T`wJzQhrMY8Nak()X>%%BQAq(!&YLI;cX
zH_^n_TX;(y%MEjHw=M_Iy3h*Yg%PE-!!yW!$mSM+i-g~$ziu4yz%<Sn%{QX?)+P*Z
z4$?ps<}v1e_ohjFwEDm@rG=<4yvM05%r#o}P(+YX_FmgaJU@Er{=FYq)@$+s3mBO#
z)8NOe>Mc+n3++Ge4u|XXWt2u4^IX15$v&<aC{+U{QUs4WV-0M!E!P@>rAKr8Y@5s&
zHWyNW9$9yKT0ni|-P<6m$RVK?%#lRLv7>LbpqQ5DA}0O6uqJ;=!GSG=5It&ijBg#M
zQ?U3G=c7pLi>m;5o^+lsn^KA6yc!AexYEJ8Z56TeC#A89lCvl89~FeZ;)`(OHU6;V
z7-Jn46-Wtd2V7x|wq?Y*1HCYjtl^;}1_2331r55>N3?Z9%-dsk@4Xlv$D!n_2J6(2
zC#faLca|^LQi)70rspKUom%ui!#{V{czqwpYkKYt0JMMimdW6aP#Z7u{B(B@5hE#e
zS)qvvE;=)I$#v>9A<S2iCJGS6OP07JeFQ%L>JmASavDCK8$m}j$GD{*3p<N>WReE7
z?A4T|CdTZ6WIJeo!r=O`R{F$CkD+de?TGJ7faVqoJh6BJF(8dglg!_wKMhj!NVp<6
zQ%P+&20f-&_+V0sDM<J3t5T)Y^Gldw1T#D%(iKY-X=pp}xqu)m?vSJz%7C&&E2R!#
z>WD|_iO1;`w>U0^_Us0(hu0VbC;hn9RV9{ag6aOsP(`E1lr==LR@Txi_VIze2?z0<
z!lfjHz!q8g=#m-*8J(N;AlGl9M(iit@}AW1aa_%REp$h4ALxCIn*(63SK3e4+d^Kf
z^u;223{(4I2<0EzNZ$@=6BprUAXO3&Mf1AA=fEtSAPVxP_f4n*7%ab(6Tfl6{`+BQ
zqOR1I`>~#HelAK7PclNoONu`MPx3z?2NbL5{aDYad>-%himl2M;Zej9YL-Iio=hbn
zWpc8ai@%FPUh?tIciqz_?IQt0-+!YS(q9dIp9!$;4yLccgT-w2MNXzSxn4GX<ShgM
z-?vDA$=PA*l&B0RX}LDpCirk<$h&O|%}s`esfl`vebMYtm?xI>gj<kY$&3n$0lxoy
zXLpjkB`&?Psak{LZrwxGkF&`e=V;K7k8y~T<ph%b%ZS}bHxktSYmpuiLeZ7}K*=w>
z6x(|e!;)d}T7h+(JU5+s&tG|to7oz?>McAK&*m?tASJs6ZAB{Z4$nJZ2;xGmp!m<o
z#Xs%IHjlCO85IEo22Qbnv-KPr01Y+kI~0g3s2d5VUH;_oDsv|t-K#wDIc5CW<?MEw
zzxzmv?H6Momb2W1j|^r*?pn_O5o2TC=>Rg#5vgWAk5-rKcI`^2n}P$cM@z>gv#_jN
z&7*Kp9mo2xbs;Vsp^A6Pab=Ci!QbCb0pDvbmyv}1i(*lb(S=*YvL!dB01C_J4?&rQ
zJVw91EG7oi4_G-(OtBgJ)sIjoG=Phi<}d|6m#;Gy@`&ygUzJB!z2YI8L*gS?n%4~}
zknEqygqTpPdUMxQ6ECwT(2T40*3l`vEWhXU#*FlGTf|2+FK)5Gp1ynnCL6kPS*<C1
zY!;_d=9>HIeJotv0k`7}TRC#>qy2f4YXHgBcfbuZZgg{s!f5sV4d}mv-Uv$aD``WB
zW97tf-0H<&9jk#EppNV|@ITD_f<-&{x}h0!fTtUI(z<$0?U6Ag2f`5h3Ho2)`Cckd
z&;D#zk|O~D@%<0*8fdryRZU{m=rr`OWAX4sEN<rWK{(f)5mAy#jv`JNyvkL(-kS*D
zVJEK~o}B01EJ;Onz*heb(_XeWJzk#303Q!etw7p$p)uZ@WQD&xWZEReso0ZIL=VhJ
z7@YKxyG~;|q=cD+enExBh^^8V0_(gcM;X=ulhcZ0Cn`nz{98x`?2eZWJA#rh8?REE
z;9MVMy_;>uKw#eWLE;;aK0|K?g?o94_80noVj2kO2U67O^(V=`C5QZE3`qWHiqsfo
zbl2FWOF_*bnO=cH`nhM8*n1SQj?Cc&rqWNyw~*S=CCuyWQxz5uVB;=Mil!Nzb6B+$
zZbVbe8&DxWlR?q~xZ%nbL{`!6aO;2~DTtW@<0Z#&HC)`FW>A`Ig&9CVGovrKf90v+
zEh}5KG&I;WvR5@1>5(kWn{m=_rMzHEskkh#GwJglc^7}@%ukxi7<%9|>R6?RZIC<u
z@ek9dxh~(2%gDHc^8?O@rx9At8KUGn>x=F1t88Hsi?5&u(9{&av2N_%0AV^qz&fiv
zVJ~1a`Bjs9ec$gxqmq-&jHRyGQ!E5`oI&gA<lStCWrVR8nEg{bYD7sFi@2lPT30mO
zvW*Kh@8o+^Pg6zG)D|$wXiVzx2|hlgrK)yl8(@i}3|Hp%DW8<#8rPk`o4sllDyJ0D
z=VZzAI!nR;ToKZcb`ctdhhTvDzki?TI$fIS>!;f4jZZM^YkO%;Pe9iUSUD1gzi3<W
z)EGE88dg3yW^&=7>PDt?U81IERbIPqEVnpCJ}k*V(+`<J7g(y#1{Fi6=BxEN>lW;a
zS0P2@Xy?cxSFK~O1eehx)MP2U*1qW}SL^IAmP5$^JX9B))igE=Dl^N?6I(O1Rp`A|
z>^G}Mq#D!ipetKt`YKoH>Ke9GpZbVAbW&yU=5XCcTf$;PauqqWTCfE|PtBofsaAuP
z!1PX4>o9CkyW-f8w-MWl%33?&M)Gy<A3|l}wfnk)9GATaoUZDpMU}wb?@B^iQM+P2
zP`jc5ThQ>kd|)>&r0X3ER4ae5CmP%rk+zmgr#=Yz6>o`jzLEHI58ZloQGNU2zftp~
zUUdcO)On%d_v-!@TdbmhX_snEB}E*g2Cz+)(Lu6K7nOinm#$Ql!JSl8EiBnhHQQpp
z4#8;u)G=01-QX@dTEVGQL9m_oreUO$UUZfK&{5&ifI*D)^MB@3DjgZF5WHGBiw_jN
zu#i<`$SP$l#+K-+a}kyb#Z?KH$$t{4v8JhOb{0xf97_MbS-t#YvFb+C=B?qG-Z!I3
zRYtf@Ka-_89V-_<GK1u68MVsbZSM>?h@PqFGV-fPkV3#3Y5Q%aO!*e{VxZ<H@&!`|
zAjhecb;&?%j7XT;JC_>F*dzy^4>-Q{2@=iRc6av^@z<_fK#ANe6e6mxw4>o`n%-s2
zVu|#rod#_r{}nN~3{kyjTTI8Lx61r=9xUC<iG4aEi&fz{I9DE3n%%na=fOSGZCl<2
zQB}c}z7Gv@LHZzxPy@-7;`5cNu$!G45LZCz4O{#vfy5ouV0j7IKQ~MgUmz!e7&%R0
z_|NFK1Wq*!(Jy0$@j-mms1+uKu0ZU11dNDJP2%mrrI5z{lNcLEy4@U2mAxFz737=2
z^;B<)We(97yf*sTYr4dKO};s%QJ?x<OzOAF<XMjNC4--O$i3}a#&^o;H+uFk!1&}-
z_J<93+R(6)T9DhI<u%d1=DC)V$aa7yMk1$RX76upCq%n_5!a~Syf77hXIe1cb<itG
z_LXP2!ed}CXTBiZAa)#{>mV|cxvXK05=?nyzmr@TqqIg8w`TPDPi9TY%p3phyQoHs
zC=Oxd8V*^YLh4`bL8k;fx<VB-1LmhC69m^O)>cEX<b#}Jh<}mvA%NxSTOMv8_Q}^d
zNGNd#sqG}3pu3Vr!vK!7#FcG2d>g<XbFl}!wv9wi1&6^-EP@*992JMhE>7)nDLSPt
zdAW5dZ~4%l1~Z2p=lTHO_iMEHrP<?qIaz&`KNl82Hec`d0_N*^PZrf10J!^{$59T5
zC_5^ufWLhE5-|~Zbuu3@N_Q~biT(plcRc>cfL#rz{s)a@--hV>maKi<sDs0H{BhOk
z8I(YTjXDq;CzW_G7{s`oLyDCt3MKlz)LtbQ<R}l$USw6vR`9)bQCX@rLJ5;txd#ym
zB6tO;RhnF2JAQTcBhyWE9n{#Eo<EkRRWMQF!&mxqx8(#L@iE9%FR$B?<TG$agS&qc
zt~F-;og%&~9B1Wsx+i;>g{7_u;l4Nq`x=S<3H+DmNC$fgihl&w;}6&I{twUXGUEg6
z6c!XwN4`C9wwBSbs3U&Mimrh)z$FlsK~0BaQe+x3_Gw@&Pi9`DJMa|T#X3ALyb2?S
z4r2HN2_)ZbwoLw#0iQ^`&fakGKdHaU>+SUiNgqm#19j$39Ho$=rgYPmfaX|Qi%E=f
zN<K(8o6V-1aTdjG#SAley_ccaQ>g)XZ?a&;lnSReSi7vS>4mjtlHd%59lCAM+OMnE
zpR;D^F509rg7l7&#FIriuOO#-<mD$`LB#8rM5yI(AF&j{YG_Zvsr2mQu;*mgaAj@k
zAIvLzdtyFpYbRfix=gsy%|XUbG$5%r&+<gq<f=+{j0xDM7fCU+Nhmcmd-wvfFzo2D
zhtw1jH<ayjh{nxCjyw*@2mX-26E1fWb_l*-_>Uve#H}Kva5L^eY&qZH9UBHTk#Ni6
zM{+OaPE`*vjog;hM!q~#z3U+TQ&di49yoN;#e7sNCF7VHNnKBzBVlK$zykjX@TP5m
zyJj;p{$>I}qs45CkO99o<c$M}h5h?VjWBv6{WMGG^8&#l_iha~I>#J<!p^DN`~;i-
zv~pN0fmRvM_0)0gMXN5M;ti8!urNKnN-285=999<CbfzvgPI#-v{I0ao&`|PJR^=_
z_!D=CScgms9V^{$_5=C+EOlh(H_rXVwU7#8prS3@;fe{J9YU-)g6RZA_}M(Lb|AED
z_06s0!kswvoy?|&WLu!-G5<CEf+*<3q?El8e)orb85=PJ9$>d;9Hf$>pc1|}iwWQL
zF$$6bE5SVo&(Gs=mTk!&bC1K)g;PQ^Ku}6PxcI(WNa1-80)0O}i22L-w^&G}4P6*N
z(Tvq{6@PU)-!u~s&7EDucHW^YvF0GmU@rM4qc}4VYS5CC43p^zjK&D`{9UadZJq*^
zFz5CEa=uhSW%w(8@I3f~=l@T)-SR;sO&_8sy|Y0P7CG&=ktVb2j*}Hp$!*E33sQAE
zQlW{V<r9L5Q9Iy_B$2Yy0S3D{kw?pC8L2&1RJ~)$M@@7?<DkHjs8MBUD9a*D)P<D#
z+`>ZkShF^3QfN0!M^kZ?7#6{5*(QVL>Yx?c9jDgM2_}(67JaPR+cWS_;dS5t#Gjf?
zv~=;nB0Tin8veV37BO8aS89+tTeW1XEb$z!gu91L#tr76*43PU2IL@R(2Kl{wODXH
zkHcg1Xs;dM4>h}Oun$=Wch*R?h5n^=>CQOSQ<3{>u}&oG@`D{v?0JmpJq`tLy$Eff
zpzZ8o{mLeq6w@Q$L@P?=d=4`qKqQSL_36dXa~zgfxGasWe@b_FM^m1Vm%%*FB#U)j
zIkPG+BZ^E8TS#A+1^iaQwl~)7>k8A+RIDpAf|`JJ3CyVKx|OXrhgzX&t?*Abs!P+U
z*fLM&#y|1zE(_EyrQ))DK2}&&2^#~HR|j>%n)JEkX4%a+O*$iVWJ6*5o@3W8;dkAE
z*4~Owd`y_Cb(D83mhWvc%C1aJP0iBb^9^?=qjWwQT;Dj^02;T8-JNS}8R--AXNtuM
z<`Kb<d_l^Svpw%akn)MJfd;S|q(dMVGUqAW`&^&Vi2R%}_7uLfX0@UkX;s;SNGFUU
ze66D9u(W4Du5uP3kxsy1-zTF@WmHx3UV}!%MS3WQ`tI>~=R|TT>GzR`u;@t+9xngX
z#!{c>A(2<`1GLvTM0bd~A<R^?nT0b(wn^H<UrQV+2sRvO*wn`UmLQre;B^d%Y!%e{
zq&!0l7yd@2)`whkpC{pzsFb%NJ@sNoE=Z4~LHhSS$0QcPS<OP~T&Nel`hVG8>14Z;
zoj+i$_yH@&&(Ord*@D5s*~rv3$qo(a|NPVa-@rZRlmPo4E;ER2Wao+nhC4JDNiY3L
zq8I*L>Bad!U+n*VF!u;435J&u1lkX`k)Jo{7hJ*ci&*8)`&+<(fLQ*2NAUnh<39@@
zprT4h(M=K)N`rZX*fz2;kmQu$-#RsE&Ys;i*YJhE_fcLMNP#2C`2%i>e)8*xwn@TC
z)7O*Jz7JEA*Pm|>pA-Q<TXtdsvN?lIaja3obj6H?2iUZ5johrLp_DL8Y5jJ4Jhgi@
zVLq@>_{*3L6B{2St-RMORm}iS*Uxoe5rx@^t-qyH1s9!n$OEc9TeVxtnih&QLQ6)N
zn(lrUW~Du6Ar7x4ClRuNQ{8U(9l{P+OP&+4m@#S@bx<PbFgqUoQ6q(;`6@PCkT&Xc
zhiWtRwlmGtLfzA!6_R(E;Rz_m^1~{>&N5L1TnfWR1Zr=&kJ{52T&V#~0J`JnaE&ga
zGt0J__^9CH`Y;Gsh8a~44}Y^YoTG&*L^GmeOlONolhcEiD^aByUICfCln<`Xxq3%G
zx>YE<lXjXg#?3HB5@A?f!C^u4U}0WX#sF9*h7?#@!vv#4z-B2=jfR^r$nQGSUG8B_
zOfG}I^so`wVwXGf(GS3Y!Pchx<!kcUs7-+n!dcCU*!vUZu@P>!%K=?jK70~gS1HX5
z4%|pB@|HZjU5WbC;{2VxD5LxggPej!zPmDmRT>&y2^*DN@SkYub#N;vZHP$`(#bQw
zGIJ*aTZJ(AF-A1QNAL6?{Zzrsa!m4fPZn5`HrUY|$$>+8Qe}Xp!h&USWDz`V=FT7U
zB#6_0LG=Vb3C{#%Ylbx}I*8d`<HyrKH;aArLlmT?_<=*LV*{4^EuOl?z2Ii|)#3!?
z<kw=+0b-SovY8N!?!PN-h_NW*6Xl9x%09$tJX7u~fY-9=@rBoT@ZxruH*Gs`IYb9U
zD~Yh}$HOA@;FGu{O_ke1%h}CU&+H{mNz74@wT1M@fyIw}QL&%!bc5ts@(swJF#ao5
zEQFjIl9PG`RRE!8FlhPI+JaTH%BEC=A<2l6D2e21veuH1?8$Oky6$7wsjszv$FkD&
zy95g&=PCh7Og(Egl<3uWvt9znSuZ^=ZsxtdKHo@xiPc>nO~k|LG2py@V5>Sgc9an2
z)h@TZSobG?FkZJ+kLM=_b04Y)-n@UM11rL|(VW{72Y9CaZeMkwWYK-V?q5Uep*!F#
z4})<38^6W{Z#PpN-gCuHvprXTD|Y%1R(#2gu6I9zunw|S{o$iz?Qy8bBm-`Q9m<Dv
z({JrE;}&FMM$e#p@()`<MCSCNP58cOdYogHIfT~rG-`$GaCAiq={x=3qi5nsL|jjQ
zNzUhc34q|5Dj#aBhQgo|?^Vh$k59Nd39W|(v>IGAQrk&gaYJ%;ufE~vCroC3uRVtz
zQcDs11;BU#+HT~hCc*pV5=T|K)`zaw$Zo^ANmirN%WE_sFgcKn*2Z(PZY{|~3{-sy
zj+UcN<bCkG2ML7_vEiU7P{|Z?zW2dg^K%Bq6;P}xK^vBEv1pur{;4oa=0w|yg)cf2
zX1{J)%cA+mqcqqkK))QCKD5{}o;Zn?BrCle2p|DJf><q;aR@zsh=T`YZx}+GbUzp_
zAd=5pr^Xvz&=XkF6Ix+A`H5X!wx)7gc#ehKmBW{GO@(az4zh@G2^>kBpJYc}AR0Sz
z259`1`<GCGc!Ev#f&Z{Q4w>LDvVvGhDvz9r@O)?J2GSVaCed${cCwf~`lU(YaG%5S
z!$5h8Sh;63@QW&M@91Hy-y>RNUBc{aIv=2RasDT#Hs4}Ns^P-g!%0pFYz@5V$$AWy
zB_M5wd4K(6=X!!5kod#H6LN;-8cdRJB#3?u9Lh<0cKj}(`V&!q^Iw!2%K58-Ce?}v
z0CpVa6;Z$BsZe2D0yY-8(2zJVahAHVV#tx@WJk?|)&{oeXY1&XmN(tSzbOoS=LR9Z
zfxamZ+Uc^k2!%46P9%CCa&EFWzP=tFFakiD>`av!6GZ5KkFcM68XJuW2gm#DNild!
zjk0ErfHva9==NLBBwg?QGu^E~Fy3`30nEdM^$VbnFWj+OiI?h2Qg&fbyQ&EwBT+=(
z6uGLcU>Kd=Pq;HEnpji~j(X(e-*9aiG9x(`@sPSbsd|MgW=1f8q>-TE`NebzA}`}~
zv)oB>_Qac%5>P3`@l2rzZ^JMUV&xBOAHl}eA&;VFg_7rIziPPVO<FORUhO-X1KPAi
zh~mQoyAa>Kw|Ql5sN$(cakv`lWLB+ckG+=XB<y_srOUn%G7VpXUD#ZAyx$f%%o*+Y
z<dD$sK`Za5ZLeE((6z-b^KFgt>RKmldDnZdaN(vmjYK&${jWmS_xEa8W#WP?(jzQA
zD|)xjiNPDkd)49J8Vpa-0vv-$0O54?Q`cVscd>XN>;f*_Qe>#B4CFv9l>uYYigA(D
zwkV148d#YfYGc0P|DLd?v}GF;1d%gWJ44wJQECq4WqmQSvMDw@Rac@+dTMDlq^Sx+
z8j7fH6kzfi*-A{NP}7vX8`8WRJOjd=wAh9P`sG@(MsKt1s?ymtY!BEsi0I%Lj{fh6
zgyWPZ+|~~x+x$eS1^$PT8N@ZAQg94lIP5o185-lo%Yoq#3;7_>k%540seU}j|Mws)
zAV<r}P<JTdOFA=y!`r*XY^{OM&~^{xB9*D7?ns3n2up@NwLSr1Qqwz89DgPv1F3~m
zxUC;44l&LU1vt<!95kri6ee&@uB{(=^cs0}s=;V2m@fd1$QEd1#Q$?UYi{xsEAm6p
zL%~DMP0ej-Wl5nH&*vF2K<i!=pZl&JVEv`R*1J-Vo@e<Q49~zncSrSA=JLh@_g%WD
z@b49le<l9_2G8qNdB6yd<nF{5w{On(a)fCKcO?W>Bl?w0Vgz$+X|T|w%ky(zrI&5#
z6-_KRPOspd%wP($0xREK{LKv2EdjVUX1Pdl#MQSy$1H~2#4ULjr5Ck6&8Y$lP|HbP
zM*ashyXY{tDl<}AA^IlSmzN=Fb+?Q>$!$@xp1kxtokoQ<qhgE|@4>7iPMb?kX?nIu
zbi~+ONZM_&JO!I-p-6Ycne5gs<1h`{Ta0>1I>n%3iJnExrGvil5SA^odMw+wDiymo
zyL?QSExWX(>S@Ba_yxF^R<#!cVAY^0!2&jcjC&+`?g=_xWsX%lrrb-b;!d|xuclr$
zr{&M3<8^|ocWzcpe=<(p%c_Wy8_s&(puPNh#M|7ao<ts~L=c%?Z?<R1Yd;Kjpzc8?
zJSV9_j2_j*5Pf|LJscEiDVyXLG&T|B)X0y_L2{=^>>8ONM@m`OzVL4vfFa8%(7=bh
zg;kHS0&3#KvYZS_E-Sa}GUB38*CNEYZuSN&q$EO#f3o~+tyi_BT|nn%2gPDOGt6d%
z9@A_-4L!6US#oW+Xd}TmFa7JMjLULzGIPb$Wc-&KPcRdU$&OsmM@;0@CgYY)5L4w!
zRi(jJTXTJl(a<uR+r@G<Ky!l<vg#aGAGzvUKBRw%sc~ylt(!dkk9xwtASET8wPHRg
ztit&+oFKiTF&pS+iJ-`9Ogi0!_Kv?_Sn%TOm3F@#G{j7<maggzZC0!7p~5ThHq=9j
zOR6tF#FDwVG2taV*hAbis^dCA$KRNieTTiA%qCgU@R%-E?iG340CcwVkv(Afl9ct5
z@jA-mE|0X)Et%4Q>&4Y>lPoNqQb@4S$^yE++c!hnB7dHwTv3UL#8ThTj+Vyqs#cj;
zP>WPsY+DDb7SQNwHaU2*!&cajA})I42q_x(=Jc`IHR5!gL~*s52jwUP2c7}t)w?Rg
z=Xh~>9MqHKeHM~xK#U!}EMG8TW(@0*BE}OL>8x$R!WfR*^E4bal*yK?5vr>h&5bj$
zJ@`3#VUnAgNLHHFYTIPM>6tWmXx50HurAmwB(%-iG-{nDTf1VN_3GsS_uv=^m2iY3
zFr_{QmSnmWSukjOXstbz_SA<Bjy-H=B-U19&X_?CzkEw6pdbhu10ES^1~i+TMJSAg
z*#aFFLYeh)&a^TLRy&zf0N?h+3w&OosHQUdmmLMtUVntS;K{0G)lv+Z%W$sRxZBVq
z`vqho3z*e-HS|zQPy5Cce!(DFpCbpyQ)Ysw?5Dobi&#cH*Hosu?%Z`ql$ZuwhGQ3@
zyC!E2)qd3>;D<@fDdmp3jNU^0uH$y;`xb2lI>hgrXoKYi*>|R3IX*m&a#<d`_xel6
z#4<tI*2KH6W5O^UVWj6l>7v61%%jnO?3u2BmGujHxUXD6b-JsQgi*J(qVE<nOmF&F
zBD2bs2U@E;tL5;fLxgbXn$;KG?aqT{x&k3U=_yqJxmuU@3EH?NN(MZ|DjDSvI@*(-
zzU$c;EMN;VVd8<x`g2^J=J1ZwYS|XB;Vz0=38+j8k+%$lS$<g;a&y<3Fg7HiqX*zp
z70S-An^8Kjn*lg*n^odFeOIDofppVQ!#r)V<aA+8QC7P?Z3>FKsF(1GeN9Y7a_jBE
zu4Q3>R^6%il~^0M(l#EpHG4@-cTD7jG9o=^CM2@=Ti8gb0mjmX`S=i580zp%rtVu+
z96jOH>Z(oGy?(l*u*>8&qRyg`c$p(+5&AS5NIbIWgJSrh{t9N19wH6u0tam86kR#b
zrsbsu?IF9iP_-BqjrQV-7^ggN-LZ39F<Nv$ES7VuviHYs6J)54+A!o*hk6amp^kGm
z5eKEjCZz_ZbCT~yeAbb*h<)Ex*d}!=);%5>_4_9HPy<oxgol=9``@CdSPbTAH@!(#
zubQBRa4mE=UW#O!8^x)duuU=#idfe=mWC}`H{jn|T(Wy>zcEF6C|*p{l`*2hd{CJI
zETq&?a9zOwM$=YZh5#a;Lw%7Rh8Iicyg-g4h_KDPp<G}a5q!nH;|%;f{ILjboL_MN
z@^x)TgYOYvGVJl@eq)N=?Hdmnjt)={4Y!-*ko%y0@~eYdks;Ps@nM=nt#t=`7*}+e
zS(#+%^O|`3iaSy2<HC+i8rmp0(cG*9BG$Bvn_lakA4tMJM2m&58VpI1<xnAXbfOEb
zx`gh<6Itlk<#>@|$f7*Lknx6Cs4Y~nUeRk-4oky$sefDDv!uW)^_3V&)5eMS^9|9>
zNfKj5DbCfz8HOAW3eyeI;qlg^hiPWtl|MIhRI^m{FdJSCtQ<OtJkyAgr`qcO41JGl
zCeHhleTGUF%bYJ#8<a(I<0;M-iA*BNUJ{8S!+iN?aFhol_2&m7JzhLo43}2`Ij|5R
z3b*2UEWEUMkER6n{1yV6U}y#>Ud*_4Gro^$dFk6^PtXtneclC{C;Y^P@}^9e>PhDD
zT8JFXjgCJfSRhL#7r(x?ZgxIEp|n#}&3xZb(+qXt7*~GLqo|waE~wg{ii?p>fvolh
zKTNanS%k)Xf~-=VPBi%CATxQ&qX#FfW3m}xzBKNjJ8>6{{<oSw?+KK8{}?(dHyUji
zcTk^}@-#=<1m9$|l(ytxoF$*H{cA(cT(NjwDC9*1=UD^$p5cwwVv!txiGG)l&SvCN
zL8A8xvU>>h2`dVFNBV6VuZ~`?O^hqMihN6t!zAu75BCL1&=09)b}k05izJ;dIW2c)
zmFVo66z3b3Z_N2_bwA{6Q2N(+yT1jghaq$5n&th0EW`v5XL^66wpH*qY{}N;VksK5
z+T_=jJC0+plUzl@)5rqO0zNE@n6Rbr4Fkn8SWQCb8Cvy(Camo1PtaG}yE3qNuj(y5
zR>I=fOBwktmePRHELg(ittp5b1xdUvv~2k8)iK}!U=56XuGsP3R==ku4c<FL?^m2z
zwvl1T1pM8~DZX?ulETkGcibCCgbx!yqTz&&U~8i|I<_4A?CJoPADjN&|EsGrkB4&W
z12|Jk!i;q;p2*l4+m-C3Ug;u|B~;dgaP1+>n95ML^q{hglx#OUNs-;yL$bVChZ##`
z#+HQM$K3SZxo1A}IotR7oioqp%=zQ|mb1gwNXR;NY~#{hY?R;D5jbPpydA&z8?i5^
z(7~S?$Efi$Er}$}@rWkY^RpwG%kJ~3eC0)x1g^otGKD|&FWP*>Q*||&E-QXE)j00T
zXILxVn9Jv;s1$mwTxHm3^{S|fC@IbW%-J2$ZF5zg&U!qOdP^(+;4=C4Af|Dy0$*pB
z_(3jn)kj*rls5t?kzerWIk0{fH!1GE?YT>>_K5Sc2x~aFUN*hVkv%1lx)k`$ox@j+
z=sUs~)Uh??sm(B<)E3-GthrOzBl!3LoJ=&1XH63foceR)616%EE|v5$a*@Z=*7}>S
zYb|Bj<OtQ;NCwR~?Sayd!0<1%3KmUtmPYM-{YFsH<aypZs^aRX-4e8wI5Y~ctzLAS
zSrfMNW@u%Mb)6%$k;_=rB242*VUm+a8@VWJ4i)xQHAQD5Z`U<Gw()YV{}faDmQ)&1
zRg#CCzWMyA&~zHl=ew<8zCyVNYE|7-j8V?@hD0z#v2+kgStoLHVy+n9{)1Q7qW*G8
z2@-S<J?YFLb)Tn@w->fes%|4{B^$YbZueXK3-mry)w8(;C|ei(!OZ3XElJe+iHpm+
z;W|01lExuev}nP)RQZ8-+Ffl~Z(F6TwO#ZLHEKw0MIX@y-B~pSWkO=y<~CM?F}`|N
z#$#AMn!H>;yj`0&iivBC&~cNqXgGi4O+nvf@KRFl70aFD<bLVhi#K_O7M`F2^t17t
z)*pjB@rxR}L~V4A+{2=x@^|nLQT>J-^Mi@q9;1OC*PZ2!i-*1RqVMNQm^N%^8rgFi
z>2WQTu*>*pe_CgDJn(87w)T|olB386doCwWCBar+&A6k~p<&E@yJ=L7VaL}Jw#?^D
zgg$8z`;MTBb}83Kj{fJQ)JaAjkHqgfbKN{A@vJ{mt{R5yJRjX|+e|Xu4L_toQd?{5
zd~H77tTJ=viWH_^d4;bC)S14eh7<7feVih_A=Ki!Kx%?}>wJ2vzz3Ow0$Q=AgXw3x
zSwoWF4Eys3rrpLIrXu|BIVpz!CtmYLWw*_`--M=%`Ta{$^TNKNbCfN&k=)@<HKBzW
z>&5A|zsjVZgaJ#f2~T{uW<)e^XDX=Vc6{HIQtobXYWJ_o3vcb4PPdM@?Ibz$Ab08p
z+xG<fc${KOxl63hZO-`kXZS+gRsFm^2ef*Z>o#XD8NelAnkvv$*o7nUnayVGK=)Ma
zX_msSRaW254VSFmLi62MC%F3orMogksA~_RH6)3~NRCU2C-J3v(T`rar+<1$Av0W8
zPExTHETGN|2F29q;SWFQ&>Od|e0TqvF+TB*c2`dW&b>DF`-H`sL;Tay{zJmC#r_I;
zXNAr5<a<T~G23^_uvYj+GuY0Q1o=EMzx$e9(`(g)*&6KZyF{0qwT$!K5?Q@!-K(2J
zhOBFnT4q*n_zugW*Oj=oC}>$@e3sUS_k003vnjQn3u|t31C(^!><G&kl_}?#Y58}!
z6Y2^36w@cM>i6CnjV0R!LVjtTaC<?Ys+1tjx+j!s%p?QvNz0swYIw|COgK7cIc4CM
zv~1u2=Qa=p{jcKnLti~s7rQRiVudisvr6GEOFwOi;5>2J!1nn2#4_7Bz+;GK%REG|
zJ}F{?Eq%+IH*%?I21|O@&`J1uXgktHs99|^QhGq9R9<A_VeMg?DFfpmSTJKPe3mS|
z^(2-V6VUYX;z^mMP-%Yjl6ZdN^9;)wi+am21e>yLYm}oK(AA&pXkA#-8>P(qw(?s$
zPvmScp73AtmC9aG*M$~!{u9M0xA)&pyoh$Ke&>D1GfCx6&B*k*3ciGiF4daJd*-aR
z9c>rqk_bUZ6h0X8iItZKxj)X-CA-|6uLSvgRWN=t;jLrBts`E1c0XcgDU5gmAziJ@
zUJaKS6K{twv`d23h?Y~!&<!$Wti=Wz;ZhpZ)KT0JNvuY=n0P)oBPcL8d00d$L~Ti|
z!-t?B-T(gg!+{syW=<nx$KeWW^1jLmAsM$Hq2DNHk8}bQAEBnx=i=U8iGFnNPAbdb
zHH@wInqf`rg&q(|RSC+lMm)%+%B;*fri{j@Sg8l+QCEXN>)Fb(v!t}b_F}WtZCS<c
z@u_81m(Dqp_RWx6X3j%wzXb!8#y4wUI20w@*E!f=gKA(~lT2*NgPWc)bIiP)XW-M<
zP-Ii13W~qc7a#TZv=$b?x!Xw$trU0{6G@o48uptX_kR}_xXR4%VXfnYaA%!VzTX7|
zG-EpKu*Ke_f--FngW@!WvHY|fwYiJBwoFZKt2mYbq?hUQQN8c+bxoVq-V99z+^W6d
zI^#sVmswvRvwR&%cE_Z-Jn)`NT@&Z{D?_S$#g83syhREBwtjzbvTb(Q(CN}-OzdA#
z=q?+BcVE#ODGydt)->9mVKQr1HV+2HJ67PXtHHW`VHvMB3>O?Ge*a+*IuV2Mqi8jk
zo8eW>$1nJ}n*JG=+veACXV}_w=847U%2Q*XlT5JT9-eYFZGUKaeb7A!w-<={ok?D{
zeSL6oUBW@yt8)EWSi+ePiRb+aqXIE4aXWc#mLFFb@A6BdhYjo0#VvA9H9O6d^3OTG
z53y8Eau2S<>1k1fTZtm$;zH#YerRcZJ>ve<qz|V<^euv}gjVd-c8SO6&U||q9HJV)
z;?(CbCT&|3U$Sy;OgidfRfq7bWp%Pk{)%jHlq+GfN-ka`?|Ou>c5J>~eF!&3&+>$l
zXfE$2b$Js$d%fs-F}rcK>es%PRSoGC8Y7(^vpv^#O|~B$^)udRYRvdncQr7@VX>?2
zd*%R_+r3KIK^BdW(hMZlMM$&S#Nmd+=JA`FOn#Kh`4Rdnuf^mDR;cvtUeq^c)1&VC
z93~F=Rs@$T$V_i!c|vLCd+i==^@ew8L^+2#a7S)KOE9A*<8^Eup}a1Ahi9=)w_Rk!
zu6;Lcv3O;MQla6)Hec+FIW}*}C1pz`?dX*ETqd*g?+oia<AD@ST+nyVQ-`K(a+Y=S
za06c-6=WsRdFrr>(G#H)0<Z%N;He3qJbsLi5ri-BgAGt1q*DuLVIl`W4j*}tZyo^>
z7WiRt%utmFx&jjcGJi$@FAkvo(10vBhoMt1T}bGD%Eo#h`3W8YLj%S3o(KBg7%!qB
z-BvxM6g#m`LU}fph5Z-I7Wx|)LPh|h4DI35a0Uje;|vVKbZ|7sPnh{(#34{}Q5set
zyx#%>ATMpMj~4l1sVG`=+oAz1ONv%BW;_JSFNp$l7kAPLcSipNk>K(;0yJCVhnb%Q
zb#r;a-VAnVFa+@HiYVv|4@LK^wh9Cu14oyTz(22XfWqhhO4--}9SD*KwZ9+$x&ZsX
zkiGYjb{c{J5cfp^7J7*`q3$mLKo_Zsj+eBdK@rPrpv1By@GDFbJ9NZI2Ohoh6V!s?
zoM^>?Wm$kO3<MpY;!1=5jtU_H(7Dvpfr;)vK_qBMVh89Q#{N%cV;B7)_c0TgQ2^*M
zVF61H0GlQ>V9fy!C$GXxg1`r?d|=R|F^nM$oRS2<IW8pleNq~h5>Bgz^T5IMNd#EI
zi(uWCnT_4R&^pI?Ss@kyZUO)7)WkuZBH;QI@^8;H1d$ge5d|g^CBX|sF<{S~<{5Nq
zD-Nw+rG1f5o{jCi4?%hW&3^$}vjImTD;hfBT^vnvp{M|;FpU7{?3w96?uQU~j<%@j
zY)|Q+mL!_A)oC<9XShQLQPOCT?TidSXAMCIE#tukRVm0QLLB(F7J8q{#;#>SkQ!}H
zbXw<q0?M<o2Va1F8tNc?1_99No9Q6NT-tC4$pAo8<3TSo2vSOG(Lp=;G{~7O&h)ny
z<pG%ow)m3vYd)Rf*c;;D-T^weOy-51DyFq7oE4-EO?O^SC-qht1fsx{Sq0cYGYHI~
zzy+u{)ddx;U`)NBfQu$=xirr4!$$f*$mMIVD*5lNa$jaP_T>k<jZ<bq5!l-)_fs}@
bmmUb6IL6HcZDtG%C!x;*v>}`s*sJ{ypihjA

diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties
index 442d913..c7d437b 100644
--- a/gradle/wrapper/gradle-wrapper.properties
+++ b/gradle/wrapper/gradle-wrapper.properties
@@ -1,5 +1,6 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-6.8.3-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-7.6.4-bin.zip
+networkTimeout=10000
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists
diff --git a/gradlew b/gradlew
index 4f906e0..65dcd68 100644
--- a/gradlew
+++ b/gradlew
@@ -1,7 +1,7 @@
-#!/usr/bin/env sh
+#!/bin/sh
 
 #
-# Copyright 2015 the original author or authors.
+# Copyright © 2015-2021 the original authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -17,67 +17,101 @@
 #
 
 ##############################################################################
-##
-##  Gradle start up script for UN*X
-##
+#
+#   Gradle start up script for POSIX generated by Gradle.
+#
+#   Important for running:
+#
+#   (1) You need a POSIX-compliant shell to run this script. If your /bin/sh is
+#       noncompliant, but you have some other compliant shell such as ksh or
+#       bash, then to run this script, type that shell name before the whole
+#       command line, like:
+#
+#           ksh Gradle
+#
+#       Busybox and similar reduced shells will NOT work, because this script
+#       requires all of these POSIX shell features:
+#         * functions;
+#         * expansions «$var», «${var}», «${var:-default}», «${var+SET}»,
+#           «${var#prefix}», «${var%suffix}», and «$( cmd )»;
+#         * compound commands having a testable exit status, especially «case»;
+#         * various built-in commands including «command», «set», and «ulimit».
+#
+#   Important for patching:
+#
+#   (2) This script targets any POSIX shell, so it avoids extensions provided
+#       by Bash, Ksh, etc; in particular arrays are avoided.
+#
+#       The "traditional" practice of packing multiple parameters into a
+#       space-separated string is a well documented source of bugs and security
+#       problems, so this is (mostly) avoided, by progressively accumulating
+#       options in "$@", and eventually passing that to Java.
+#
+#       Where the inherited environment variables (DEFAULT_JVM_OPTS, JAVA_OPTS,
+#       and GRADLE_OPTS) rely on word-splitting, this is performed explicitly;
+#       see the in-line comments for details.
+#
+#       There are tweaks for specific operating systems such as AIX, CygWin,
+#       Darwin, MinGW, and NonStop.
+#
+#   (3) This script is generated from the Groovy template
+#       https://github.com/gradle/gradle/blob/HEAD/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
+#       within the Gradle project.
+#
+#       You can find Gradle at https://github.com/gradle/gradle/.
+#
 ##############################################################################
 
 # Attempt to set APP_HOME
+
 # Resolve links: $0 may be a link
-PRG="$0"
-# Need this for relative symlinks.
-while [ -h "$PRG" ] ; do
-    ls=`ls -ld "$PRG"`
-    link=`expr "$ls" : '.*-> \(.*\)$'`
-    if expr "$link" : '/.*' > /dev/null; then
-        PRG="$link"
-    else
-        PRG=`dirname "$PRG"`"/$link"
-    fi
+app_path=$0
+
+# Need this for daisy-chained symlinks.
+while
+    APP_HOME=${app_path%"${app_path##*/}"}  # leaves a trailing /; empty if no leading path
+    [ -h "$app_path" ]
+do
+    ls=$( ls -ld "$app_path" )
+    link=${ls#*' -> '}
+    case $link in             #(
+      /*)   app_path=$link ;; #(
+      *)    app_path=$APP_HOME$link ;;
+    esac
 done
-SAVED="`pwd`"
-cd "`dirname \"$PRG\"`/" >/dev/null
-APP_HOME="`pwd -P`"
-cd "$SAVED" >/dev/null
 
-APP_NAME="Gradle"
-APP_BASE_NAME=`basename "$0"`
+# This is normally unused
+# shellcheck disable=SC2034
+APP_BASE_NAME=${0##*/}
+APP_HOME=$( cd "${APP_HOME:-./}" && pwd -P ) || exit
 
 # Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
 DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
 
 # Use the maximum available, or set MAX_FD != -1 to use that value.
-MAX_FD="maximum"
+MAX_FD=maximum
 
 warn () {
     echo "$*"
-}
+} >&2
 
 die () {
     echo
     echo "$*"
     echo
     exit 1
-}
+} >&2
 
 # OS specific support (must be 'true' or 'false').
 cygwin=false
 msys=false
 darwin=false
 nonstop=false
-case "`uname`" in
-  CYGWIN* )
-    cygwin=true
-    ;;
-  Darwin* )
-    darwin=true
-    ;;
-  MINGW* )
-    msys=true
-    ;;
-  NONSTOP* )
-    nonstop=true
-    ;;
+case "$( uname )" in                #(
+  CYGWIN* )         cygwin=true  ;; #(
+  Darwin* )         darwin=true  ;; #(
+  MSYS* | MINGW* )  msys=true    ;; #(
+  NONSTOP* )        nonstop=true ;;
 esac
 
 CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
@@ -87,9 +121,9 @@ CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
 if [ -n "$JAVA_HOME" ] ; then
     if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
         # IBM's JDK on AIX uses strange locations for the executables
-        JAVACMD="$JAVA_HOME/jre/sh/java"
+        JAVACMD=$JAVA_HOME/jre/sh/java
     else
-        JAVACMD="$JAVA_HOME/bin/java"
+        JAVACMD=$JAVA_HOME/bin/java
     fi
     if [ ! -x "$JAVACMD" ] ; then
         die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME
@@ -98,7 +132,7 @@ Please set the JAVA_HOME variable in your environment to match the
 location of your Java installation."
     fi
 else
-    JAVACMD="java"
+    JAVACMD=java
     which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
 
 Please set the JAVA_HOME variable in your environment to match the
@@ -106,80 +140,105 @@ location of your Java installation."
 fi
 
 # Increase the maximum file descriptors if we can.
-if [ "$cygwin" = "false" -a "$darwin" = "false" -a "$nonstop" = "false" ] ; then
-    MAX_FD_LIMIT=`ulimit -H -n`
-    if [ $? -eq 0 ] ; then
-        if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then
-            MAX_FD="$MAX_FD_LIMIT"
-        fi
-        ulimit -n $MAX_FD
-        if [ $? -ne 0 ] ; then
-            warn "Could not set maximum file descriptor limit: $MAX_FD"
-        fi
-    else
-        warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT"
-    fi
+if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then
+    case $MAX_FD in #(
+      max*)
+        # In POSIX sh, ulimit -H is undefined. That's why the result is checked to see if it worked.
+        # shellcheck disable=SC3045 
+        MAX_FD=$( ulimit -H -n ) ||
+            warn "Could not query maximum file descriptor limit"
+    esac
+    case $MAX_FD in  #(
+      '' | soft) :;; #(
+      *)
+        # In POSIX sh, ulimit -n is undefined. That's why the result is checked to see if it worked.
+        # shellcheck disable=SC3045 
+        ulimit -n "$MAX_FD" ||
+            warn "Could not set maximum file descriptor limit to $MAX_FD"
+    esac
 fi
 
-# For Darwin, add options to specify how the application appears in the dock
-if $darwin; then
-    GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\""
-fi
+# Collect all arguments for the java command, stacking in reverse order:
+#   * args from the command line
+#   * the main class name
+#   * -classpath
+#   * -D...appname settings
+#   * --module-path (only if needed)
+#   * DEFAULT_JVM_OPTS, JAVA_OPTS, and GRADLE_OPTS environment variables.
 
 # For Cygwin or MSYS, switch paths to Windows format before running java
-if [ "$cygwin" = "true" -o "$msys" = "true" ] ; then
-    APP_HOME=`cygpath --path --mixed "$APP_HOME"`
-    CLASSPATH=`cygpath --path --mixed "$CLASSPATH"`
-
-    JAVACMD=`cygpath --unix "$JAVACMD"`
-
-    # We build the pattern for arguments to be converted via cygpath
-    ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null`
-    SEP=""
-    for dir in $ROOTDIRSRAW ; do
-        ROOTDIRS="$ROOTDIRS$SEP$dir"
-        SEP="|"
-    done
-    OURCYGPATTERN="(^($ROOTDIRS))"
-    # Add a user-defined pattern to the cygpath arguments
-    if [ "$GRADLE_CYGPATTERN" != "" ] ; then
-        OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)"
-    fi
+if "$cygwin" || "$msys" ; then
+    APP_HOME=$( cygpath --path --mixed "$APP_HOME" )
+    CLASSPATH=$( cygpath --path --mixed "$CLASSPATH" )
+
+    JAVACMD=$( cygpath --unix "$JAVACMD" )
+
     # Now convert the arguments - kludge to limit ourselves to /bin/sh
-    i=0
-    for arg in "$@" ; do
-        CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -`
-        CHECK2=`echo "$arg"|egrep -c "^-"`                                 ### Determine if an option
-
-        if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then                    ### Added a condition
-            eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"`
-        else
-            eval `echo args$i`="\"$arg\""
+    for arg do
+        if
+            case $arg in                                #(
+              -*)   false ;;                            # don't mess with options #(
+              /?*)  t=${arg#/} t=/${t%%/*}              # looks like a POSIX filepath
+                    [ -e "$t" ] ;;                      #(
+              *)    false ;;
+            esac
+        then
+            arg=$( cygpath --path --ignore --mixed "$arg" )
         fi
-        i=`expr $i + 1`
+        # Roll the args list around exactly as many times as the number of
+        # args, so each arg winds up back in the position where it started, but
+        # possibly modified.
+        #
+        # NB: a `for` loop captures its iteration list before it begins, so
+        # changing the positional parameters here affects neither the number of
+        # iterations, nor the values presented in `arg`.
+        shift                   # remove old arg
+        set -- "$@" "$arg"      # push replacement arg
     done
-    case $i in
-        0) set -- ;;
-        1) set -- "$args0" ;;
-        2) set -- "$args0" "$args1" ;;
-        3) set -- "$args0" "$args1" "$args2" ;;
-        4) set -- "$args0" "$args1" "$args2" "$args3" ;;
-        5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;;
-        6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;;
-        7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;;
-        8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;;
-        9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;;
-    esac
 fi
 
-# Escape application args
-save () {
-    for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done
-    echo " "
-}
-APP_ARGS=`save "$@"`
+# Collect all arguments for the java command;
+#   * $DEFAULT_JVM_OPTS, $JAVA_OPTS, and $GRADLE_OPTS can contain fragments of
+#     shell script including quotes and variable substitutions, so put them in
+#     double quotes to make sure that they get re-expanded; and
+#   * put everything else in single quotes, so that it's not re-expanded.
+
+set -- \
+        "-Dorg.gradle.appname=$APP_BASE_NAME" \
+        -classpath "$CLASSPATH" \
+        org.gradle.wrapper.GradleWrapperMain \
+        "$@"
+
+# Stop when "xargs" is not available.
+if ! command -v xargs >/dev/null 2>&1
+then
+    die "xargs is not available"
+fi
+
+# Use "xargs" to parse quoted args.
+#
+# With -n1 it outputs one arg per line, with the quotes and backslashes removed.
+#
+# In Bash we could simply go:
+#
+#   readarray ARGS < <( xargs -n1 <<<"$var" ) &&
+#   set -- "${ARGS[@]}" "$@"
+#
+# but POSIX shell has neither arrays nor command substitution, so instead we
+# post-process each arg (as a line of input to sed) to backslash-escape any
+# character that might be a shell metacharacter, then use eval to reverse
+# that process (while maintaining the separation between arguments), and wrap
+# the whole thing up as a single "set" statement.
+#
+# This will of course break if any of these variables contains a newline or
+# an unmatched quote.
+#
 
-# Collect all arguments for the java command, following the shell quoting and substitution rules
-eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS "\"-Dorg.gradle.appname=$APP_BASE_NAME\"" -classpath "\"$CLASSPATH\"" org.gradle.wrapper.GradleWrapperMain "$APP_ARGS"
+eval "set -- $(
+        printf '%s\n' "$DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS" |
+        xargs -n1 |
+        sed ' s~[^-[:alnum:]+,./:=@_]~\\&~g; ' |
+        tr '\n' ' '
+    )" '"$@"'
 
 exec "$JAVACMD" "$@"
diff --git a/gradlew.bat b/gradlew.bat
index 107acd3..93e3f59 100644
--- a/gradlew.bat
+++ b/gradlew.bat
@@ -14,7 +14,7 @@
 @rem limitations under the License.
 @rem
 
-@if "%DEBUG%" == "" @echo off
+@if "%DEBUG%"=="" @echo off
 @rem ##########################################################################
 @rem
 @rem  Gradle startup script for Windows
@@ -25,7 +25,8 @@
 if "%OS%"=="Windows_NT" setlocal
 
 set DIRNAME=%~dp0
-if "%DIRNAME%" == "" set DIRNAME=.
+if "%DIRNAME%"=="" set DIRNAME=.
+@rem This is normally unused
 set APP_BASE_NAME=%~n0
 set APP_HOME=%DIRNAME%
 
@@ -40,7 +41,7 @@ if defined JAVA_HOME goto findJavaFromJavaHome
 
 set JAVA_EXE=java.exe
 %JAVA_EXE% -version >NUL 2>&1
-if "%ERRORLEVEL%" == "0" goto execute
+if %ERRORLEVEL% equ 0 goto execute
 
 echo.
 echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
@@ -75,13 +76,15 @@ set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
 
 :end
 @rem End local scope for the variables with windows NT shell
-if "%ERRORLEVEL%"=="0" goto mainEnd
+if %ERRORLEVEL% equ 0 goto mainEnd
 
 :fail
 rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of
 rem the _cmd.exe /c_ return code!
-if  not "" == "%GRADLE_EXIT_CONSOLE%" exit 1
-exit /b 1
+set EXIT_CODE=%ERRORLEVEL%
+if %EXIT_CODE% equ 0 set EXIT_CODE=1
+if not ""=="%GRADLE_EXIT_CONSOLE%" exit %EXIT_CODE%
+exit /b %EXIT_CODE%
 
 :mainEnd
 if "%OS%"=="Windows_NT" endlocal
diff --git a/scripts/check_version.sh b/scripts/check_version.sh
deleted file mode 100644
index 4417fc0..0000000
--- a/scripts/check_version.sh
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/bin/sh
-
-version=$1
-echo "Input version : '$version'"
-
-echo "Fetch tags..."
-git fetch --tags
-
-if [ $(git tag -l "$version") ]; then
-  echo "ERROR: version '$version' has already been released"
-  exit 1
-fi
diff --git a/scripts/prepare_javadoc.sh b/scripts/prepare_javadoc.sh
deleted file mode 100644
index 12f479b..0000000
--- a/scripts/prepare_javadoc.sh
+++ /dev/null
@@ -1,52 +0,0 @@
-#!/bin/sh
-
-echo "Compute the current API version..."
-
-repository_name=$1
-version=$2
-is_snapshot=$3
-
-if [ "$is_snapshot" = true ]
-then
-  version="$version-SNAPSHOT"
-fi
-
-echo "Computed current API version: $version"
-
-echo "Clone $repository_name..."
-git clone https://github.com/eclipse-keypop/$repository_name.git
-
-cd $repository_name
-
-echo "Checkout gh-pages branch..."
-git checkout -f gh-pages
-
-echo "Delete existing SNAPSHOT directory..."
-rm -rf *-SNAPSHOT
-
-echo "Delete existing RC directories in case of final release..."
-rm -rf $version-rc*
-
-echo "Create target directory $version..."
-mkdir $version
-
-echo "Copy javadoc files..."
-cp -rf ../build/docs/javadoc/* $version/
-
-echo "Update versions list..."
-echo "| Version | Documents |" > list_versions.md
-echo "|:---:|---|" >> list_versions.md
-for directory in `ls -rd [0-9]*/ | cut -f1 -d'/'`
-do
-  echo "| $directory | [API documentation]($directory) |" >> list_versions.md
-done
-
-echo "Computed all versions:"
-cat list_versions.md
-
-cd ..
-
-echo "Local docs update finished."
-
-
-
diff --git a/settings.gradle.kts b/settings.gradle.kts
index 631416c..7f1d415 100644
--- a/settings.gradle.kts
+++ b/settings.gradle.kts
@@ -1 +1,16 @@
-rootProject.name = "keypop-calypso-certificate-java-api"
\ No newline at end of file
+rootProject.name = "keypop-calypso-certificate-java-api"
+
+pluginManagement {
+  repositories {
+    gradlePluginPortal()
+    mavenCentral()
+  }
+}
+
+dependencyResolutionManagement {
+  repositoriesMode.set(RepositoriesMode.FAIL_ON_PROJECT_REPOS)
+  repositories {
+    mavenLocal()
+    mavenCentral()
+  }
+}
diff --git a/src/main/java/org/eclipse/keypop/calypso/certificate/CalypsoCaCertificateV1Generator.java b/src/main/java/org/eclipse/keypop/calypso/certificate/CalypsoCaCertificateV1Generator.java
index 15afd2f..8adba0f 100644
--- a/src/main/java/org/eclipse/keypop/calypso/certificate/CalypsoCaCertificateV1Generator.java
+++ b/src/main/java/org/eclipse/keypop/calypso/certificate/CalypsoCaCertificateV1Generator.java
@@ -1,12 +1,14 @@
-/* ******************************************************************************
+/* **************************************************************************************
  * Copyright (c) 2024 Calypso Networks Association https://calypsonet.org/
  *
- * This program and the accompanying materials are made available under the
- * terms of the MIT License which is available at
- * https://opensource.org/licenses/MIT.
+ * See the NOTICE file(s) distributed with this work for additional information
+ * regarding copyright ownership.
+ *
+ * This program and the accompanying materials are made available under the terms of the
+ * MIT License which is available at https://opensource.org/licenses/MIT
  *
  * SPDX-License-Identifier: MIT
- ****************************************************************************** */
+ ************************************************************************************** */
 package org.eclipse.keypop.calypso.certificate;
 
 import java.security.interfaces.RSAPublicKey;
diff --git a/src/main/java/org/eclipse/keypop/calypso/certificate/CalypsoCardCertificateV1Generator.java b/src/main/java/org/eclipse/keypop/calypso/certificate/CalypsoCardCertificateV1Generator.java
index e194ddc..d999933 100644
--- a/src/main/java/org/eclipse/keypop/calypso/certificate/CalypsoCardCertificateV1Generator.java
+++ b/src/main/java/org/eclipse/keypop/calypso/certificate/CalypsoCardCertificateV1Generator.java
@@ -1,12 +1,14 @@
-/* ******************************************************************************
+/* **************************************************************************************
  * Copyright (c) 2024 Calypso Networks Association https://calypsonet.org/
  *
- * This program and the accompanying materials are made available under the
- * terms of the MIT License which is available at
- * https://opensource.org/licenses/MIT.
+ * See the NOTICE file(s) distributed with this work for additional information
+ * regarding copyright ownership.
+ *
+ * This program and the accompanying materials are made available under the terms of the
+ * MIT License which is available at https://opensource.org/licenses/MIT
  *
  * SPDX-License-Identifier: MIT
- ****************************************************************************** */
+ ************************************************************************************** */
 package org.eclipse.keypop.calypso.certificate;
 
 /**
diff --git a/src/main/java/org/eclipse/keypop/calypso/certificate/CalypsoCertificateApiFactory.java b/src/main/java/org/eclipse/keypop/calypso/certificate/CalypsoCertificateApiFactory.java
index a591519..b41c779 100644
--- a/src/main/java/org/eclipse/keypop/calypso/certificate/CalypsoCertificateApiFactory.java
+++ b/src/main/java/org/eclipse/keypop/calypso/certificate/CalypsoCertificateApiFactory.java
@@ -1,12 +1,14 @@
-/* ******************************************************************************
+/* **************************************************************************************
  * Copyright (c) 2024 Calypso Networks Association https://calypsonet.org/
  *
- * This program and the accompanying materials are made available under the
- * terms of the MIT License which is available at
- * https://opensource.org/licenses/MIT.
+ * See the NOTICE file(s) distributed with this work for additional information
+ * regarding copyright ownership.
+ *
+ * This program and the accompanying materials are made available under the terms of the
+ * MIT License which is available at https://opensource.org/licenses/MIT
  *
  * SPDX-License-Identifier: MIT
- ****************************************************************************** */
+ ************************************************************************************** */
 package org.eclipse.keypop.calypso.certificate;
 
 import org.eclipse.keypop.calypso.certificate.spi.CalypsoCertificateSignerSpi;
diff --git a/src/main/java/org/eclipse/keypop/calypso/certificate/CalypsoCertificateApiProperties.java b/src/main/java/org/eclipse/keypop/calypso/certificate/CalypsoCertificateApiProperties.java
index 52bf030..44d67ce 100644
--- a/src/main/java/org/eclipse/keypop/calypso/certificate/CalypsoCertificateApiProperties.java
+++ b/src/main/java/org/eclipse/keypop/calypso/certificate/CalypsoCertificateApiProperties.java
@@ -1,12 +1,14 @@
-/* ******************************************************************************
+/* **************************************************************************************
  * Copyright (c) 2024 Calypso Networks Association https://calypsonet.org/
  *
- * This program and the accompanying materials are made available under the
- * terms of the MIT License which is available at
- * https://opensource.org/licenses/MIT.
+ * See the NOTICE file(s) distributed with this work for additional information
+ * regarding copyright ownership.
+ *
+ * This program and the accompanying materials are made available under the terms of the
+ * MIT License which is available at https://opensource.org/licenses/MIT
  *
  * SPDX-License-Identifier: MIT
- ****************************************************************************** */
+ ************************************************************************************** */
 package org.eclipse.keypop.calypso.certificate;
 
 /**
diff --git a/src/main/java/org/eclipse/keypop/calypso/certificate/CalypsoCertificateStore.java b/src/main/java/org/eclipse/keypop/calypso/certificate/CalypsoCertificateStore.java
index 56592b3..2662cee 100644
--- a/src/main/java/org/eclipse/keypop/calypso/certificate/CalypsoCertificateStore.java
+++ b/src/main/java/org/eclipse/keypop/calypso/certificate/CalypsoCertificateStore.java
@@ -1,12 +1,14 @@
-/* ******************************************************************************
+/* **************************************************************************************
  * Copyright (c) 2024 Calypso Networks Association https://calypsonet.org/
  *
- * This program and the accompanying materials are made available under the
- * terms of the MIT License which is available at
- * https://opensource.org/licenses/MIT.
+ * See the NOTICE file(s) distributed with this work for additional information
+ * regarding copyright ownership.
+ *
+ * This program and the accompanying materials are made available under the terms of the
+ * MIT License which is available at https://opensource.org/licenses/MIT
  *
  * SPDX-License-Identifier: MIT
- ****************************************************************************** */
+ ************************************************************************************** */
 package org.eclipse.keypop.calypso.certificate;
 
 import java.security.interfaces.RSAPublicKey;
diff --git a/src/main/java/org/eclipse/keypop/calypso/certificate/CertificateConsistencyException.java b/src/main/java/org/eclipse/keypop/calypso/certificate/CertificateConsistencyException.java
index 4fdeaf9..7ed8d8b 100644
--- a/src/main/java/org/eclipse/keypop/calypso/certificate/CertificateConsistencyException.java
+++ b/src/main/java/org/eclipse/keypop/calypso/certificate/CertificateConsistencyException.java
@@ -1,12 +1,14 @@
-/* ******************************************************************************
+/* **************************************************************************************
  * Copyright (c) 2024 Calypso Networks Association https://calypsonet.org/
  *
- * This program and the accompanying materials are made available under the
- * terms of the MIT License which is available at
- * https://opensource.org/licenses/MIT.
+ * See the NOTICE file(s) distributed with this work for additional information
+ * regarding copyright ownership.
+ *
+ * This program and the accompanying materials are made available under the terms of the
+ * MIT License which is available at https://opensource.org/licenses/MIT
  *
  * SPDX-License-Identifier: MIT
- ****************************************************************************** */
+ ************************************************************************************** */
 package org.eclipse.keypop.calypso.certificate;
 
 /**
diff --git a/src/main/java/org/eclipse/keypop/calypso/certificate/CertificateSigningException.java b/src/main/java/org/eclipse/keypop/calypso/certificate/CertificateSigningException.java
index ee92184..5b89143 100644
--- a/src/main/java/org/eclipse/keypop/calypso/certificate/CertificateSigningException.java
+++ b/src/main/java/org/eclipse/keypop/calypso/certificate/CertificateSigningException.java
@@ -1,12 +1,14 @@
-/* ******************************************************************************
+/* **************************************************************************************
  * Copyright (c) 2024 Calypso Networks Association https://calypsonet.org/
  *
- * This program and the accompanying materials are made available under the
- * terms of the MIT License which is available at
- * https://opensource.org/licenses/MIT.
+ * See the NOTICE file(s) distributed with this work for additional information
+ * regarding copyright ownership.
+ *
+ * This program and the accompanying materials are made available under the terms of the
+ * MIT License which is available at https://opensource.org/licenses/MIT
  *
  * SPDX-License-Identifier: MIT
- ****************************************************************************** */
+ ************************************************************************************** */
 package org.eclipse.keypop.calypso.certificate;
 
 /**
diff --git a/src/main/java/org/eclipse/keypop/calypso/certificate/spi/CalypsoCertificateSignerSpi.java b/src/main/java/org/eclipse/keypop/calypso/certificate/spi/CalypsoCertificateSignerSpi.java
index b6233da..c3dea4a 100644
--- a/src/main/java/org/eclipse/keypop/calypso/certificate/spi/CalypsoCertificateSignerSpi.java
+++ b/src/main/java/org/eclipse/keypop/calypso/certificate/spi/CalypsoCertificateSignerSpi.java
@@ -1,12 +1,14 @@
-/* ******************************************************************************
+/* **************************************************************************************
  * Copyright (c) 2024 Calypso Networks Association https://calypsonet.org/
  *
- * This program and the accompanying materials are made available under the
- * terms of the MIT License which is available at
- * https://opensource.org/licenses/MIT.
+ * See the NOTICE file(s) distributed with this work for additional information
+ * regarding copyright ownership.
+ *
+ * This program and the accompanying materials are made available under the terms of the
+ * MIT License which is available at https://opensource.org/licenses/MIT
  *
  * SPDX-License-Identifier: MIT
- ****************************************************************************** */
+ ************************************************************************************** */
 package org.eclipse.keypop.calypso.certificate.spi;
 
 /**
diff --git a/src/test/java/org/eclipse/keypop/calypso/certificate/CalypsoCertificateApiPropertiesTest.java b/src/test/java/org/eclipse/keypop/calypso/certificate/CalypsoCertificateApiPropertiesTest.java
index bb339d2..7c49cec 100644
--- a/src/test/java/org/eclipse/keypop/calypso/certificate/CalypsoCertificateApiPropertiesTest.java
+++ b/src/test/java/org/eclipse/keypop/calypso/certificate/CalypsoCertificateApiPropertiesTest.java
@@ -1,12 +1,14 @@
-/* ******************************************************************************
+/* **************************************************************************************
  * Copyright (c) 2024 Calypso Networks Association https://calypsonet.org/
  *
- * This program and the accompanying materials are made available under the
- * terms of the MIT License which is available at
- * https://opensource.org/licenses/MIT.
+ * See the NOTICE file(s) distributed with this work for additional information
+ * regarding copyright ownership.
+ *
+ * This program and the accompanying materials are made available under the terms of the
+ * MIT License which is available at https://opensource.org/licenses/MIT
  *
  * SPDX-License-Identifier: MIT
- ****************************************************************************** */
+ ************************************************************************************** */
 package org.eclipse.keypop.calypso.certificate;
 
 import static org.assertj.core.api.Assertions.assertThat;
@@ -14,14 +16,14 @@
 import java.io.FileInputStream;
 import java.io.InputStream;
 import java.util.Properties;
-import org.junit.BeforeClass;
-import org.junit.Test;
+import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.Test;
 
 public class CalypsoCertificateApiPropertiesTest {
 
   private static String libVersion;
 
-  @BeforeClass
+  @BeforeAll
   public static void beforeClass() throws Exception {
     InputStream inputStream = new FileInputStream("gradle.properties");
     try {

From 5c9486e39a8e6ef1f432569dc88b7fa329f88eed Mon Sep 17 00:00:00 2001
From: Andrei Cristea <andrei.cristea019@gmail.com>
Date: Wed, 11 Mar 2026 15:21:24 +0100
Subject: [PATCH 13/13] docs: fix URLs typo

---
 README.md                      | 4 ++--
 src/main/javadoc/overview.html | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index b0c7e5e..2d4e7a6 100644
--- a/README.md
+++ b/README.md
@@ -13,9 +13,9 @@ on the Keypop website [keypop.org](https://keypop.org/).
 
 ## API documentation
 
-API Javadoc is available [here](https://eclipse-keypop.github.io/keypop-calypso-certificate-java-api).
+API Javadoc is available [here](https://docs.keypop.org/keypop-calypso-certificate-java-api).
 
-API documentation and class diagram is available
+UML class diagram is available
 [here](https://terminal-api.calypsonet.org/apis/calypsonet-terminal-calypso-certificate-api/).
 
 ## About the source code
diff --git a/src/main/javadoc/overview.html b/src/main/javadoc/overview.html
index bc50404..7fc8efe 100644
--- a/src/main/javadoc/overview.html
+++ b/src/main/javadoc/overview.html
@@ -8,7 +8,7 @@
 <p>
     Aligned with the <strong>Terminal Calypso Certificate</strong> UML specifications proposed by
     the <a href="https://www.calypsonet.org">Calypso Networks Association</a> (available
-    <a href="https://calypsonet.github.io/calypsonet-terminal-calypso-certificate-uml-api/">here</a>),
+    <a href="https://docs.terminal-api.calypsonet.org/calypsonet-terminal-calypso-certificate-uml-api/">here</a>),
     it defines the generic interfaces required to create Calypso certificates.
 </p>
 </body>