From 8e3ee6c284060dd4759e8774defd679fe7dffe55 Mon Sep 17 00:00:00 2001
From: Paul Schaub <vanitasvitae@fsfe.org>
Date: Tue, 11 Jan 2022 13:46:05 +0100
Subject: [PATCH] Initial commit

---
 .gitignore                                    |  33 ++
 CHANGELOG.md                                  |   5 +
 README.md                                     |  23 ++
 build.gradle                                  | 252 +++++++++++++
 config/checkstyle/checkstyle.xml              | 232 ++++++++++++
 config/checkstyle/suppressions.xml            |  19 +
 gradle/wrapper/gradle-wrapper.jar             | Bin 0 -> 59536 bytes
 gradle/wrapper/gradle-wrapper.properties      |   5 +
 gradlew                                       | 185 ++++++++++
 gradlew.bat                                   |  89 +++++
 settings.gradle                               |   9 +
 sop-java-picocli/README.md                    |  34 ++
 sop-java-picocli/build.gradle                 |  39 ++
 .../main/java/sop/cli/picocli/DateParser.java |  33 ++
 .../main/java/sop/cli/picocli/FileUtil.java   |  98 +++++
 .../src/main/java/sop/cli/picocli/Print.java  |  26 ++
 .../picocli/SOPExceptionExitCodeMapper.java   |  34 ++
 .../picocli/SOPExecutionExceptionHandler.java |  26 ++
 .../src/main/java/sop/cli/picocli/SopCLI.java |  68 ++++
 .../sop/cli/picocli/commands/ArmorCmd.java    |  54 +++
 .../sop/cli/picocli/commands/DearmorCmd.java  |  42 +++
 .../sop/cli/picocli/commands/DecryptCmd.java  | 240 ++++++++++++
 .../DetachInbandSignatureAndMessageCmd.java   |  59 +++
 .../sop/cli/picocli/commands/EncryptCmd.java  | 123 +++++++
 .../cli/picocli/commands/ExtractCertCmd.java  |  45 +++
 .../cli/picocli/commands/GenerateKeyCmd.java  |  63 ++++
 .../sop/cli/picocli/commands/SignCmd.java     | 121 ++++++
 .../sop/cli/picocli/commands/VerifyCmd.java   | 136 +++++++
 .../sop/cli/picocli/commands/VersionCmd.java  |  52 +++
 .../cli/picocli/commands/package-info.java    |   8 +
 .../java/sop/cli/picocli/package-info.java    |   8 +
 .../java/sop/cli/picocli/DateParserTest.java  |  49 +++
 .../java/sop/cli/picocli/FileUtilTest.java    | 123 +++++++
 .../test/java/sop/cli/picocli/SOPTest.java    | 119 ++++++
 .../cli/picocli/commands/ArmorCmdTest.java    | 101 +++++
 .../cli/picocli/commands/DearmorCmdTest.java  |  61 ++++
 .../cli/picocli/commands/DecryptCmdTest.java  | 344 ++++++++++++++++++
 .../cli/picocli/commands/EncryptCmdTest.java  | 194 ++++++++++
 .../picocli/commands/ExtractCertCmdTest.java  |  76 ++++
 .../picocli/commands/GenerateKeyCmdTest.java  |  98 +++++
 .../sop/cli/picocli/commands/SignCmdTest.java | 128 +++++++
 .../cli/picocli/commands/VerifyCmdTest.java   | 204 +++++++++++
 .../cli/picocli/commands/VersionCmdTest.java  |  46 +++
 sop-java/README.md                            |  80 ++++
 sop-java/build.gradle                         |  22 ++
 .../src/main/java/sop/ByteArrayAndResult.java |  50 +++
 .../src/main/java/sop/DecryptionResult.java   |  29 ++
 sop-java/src/main/java/sop/MicAlg.java        |  55 +++
 sop-java/src/main/java/sop/Ready.java         |  45 +++
 .../src/main/java/sop/ReadyWithResult.java    |  41 +++
 sop-java/src/main/java/sop/SOP.java           |  95 +++++
 sop-java/src/main/java/sop/SessionKey.java    |  79 ++++
 sop-java/src/main/java/sop/Signatures.java    |  21 ++
 sop-java/src/main/java/sop/SigningResult.java |  50 +++
 sop-java/src/main/java/sop/Verification.java  |  58 +++
 .../src/main/java/sop/enums/ArmorLabel.java   |  13 +
 .../src/main/java/sop/enums/EncryptAs.java    |  11 +
 sop-java/src/main/java/sop/enums/SignAs.java  |  10 +
 .../src/main/java/sop/enums/package-info.java |   9 +
 .../java/sop/exception/SOPGPException.java    | 316 ++++++++++++++++
 .../main/java/sop/exception/package-info.java |   9 +
 .../src/main/java/sop/operation/Armor.java    |  41 +++
 .../src/main/java/sop/operation/Dearmor.java  |  33 ++
 .../src/main/java/sop/operation/Decrypt.java  | 118 ++++++
 .../DetachInbandSignatureAndMessage.java      |  44 +++
 .../src/main/java/sop/operation/Encrypt.java  | 109 ++++++
 .../main/java/sop/operation/ExtractCert.java  |  40 ++
 .../main/java/sop/operation/GenerateKey.java  |  36 ++
 .../src/main/java/sop/operation/Sign.java     |  69 ++++
 .../src/main/java/sop/operation/Verify.java   |  67 ++++
 .../java/sop/operation/VerifySignatures.java  |  40 ++
 .../src/main/java/sop/operation/Version.java  |  49 +++
 .../main/java/sop/operation/package-info.java |   9 +
 sop-java/src/main/java/sop/package-info.java  |   8 +
 sop-java/src/main/java/sop/util/HexUtil.java  |  47 +++
 sop-java/src/main/java/sop/util/Optional.java |  50 +++
 .../main/java/sop/util/ProxyOutputStream.java |  80 ++++
 sop-java/src/main/java/sop/util/UTCUtil.java  |  56 +++
 .../src/main/java/sop/util/package-info.java  |   8 +
 .../java/sop/util/ByteArrayAndResultTest.java |  33 ++
 .../src/test/java/sop/util/HexUtilTest.java   |  63 ++++
 .../src/test/java/sop/util/MicAlgTest.java    |  53 +++
 .../src/test/java/sop/util/OptionalTest.java  |  78 ++++
 .../java/sop/util/ProxyOutputStreamTest.java  |  40 ++
 .../src/test/java/sop/util/ReadyTest.java     |  30 ++
 .../java/sop/util/ReadyWithResultTest.java    |  44 +++
 .../test/java/sop/util/SessionKeyTest.java    |  61 ++++
 .../test/java/sop/util/SigningResultTest.java |  23 ++
 .../src/test/java/sop/util/UTCUtilTest.java   |  48 +++
 version.gradle                                |  12 +
 90 files changed, 6086 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 CHANGELOG.md
 create mode 100644 README.md
 create mode 100644 build.gradle
 create mode 100644 config/checkstyle/checkstyle.xml
 create mode 100644 config/checkstyle/suppressions.xml
 create mode 100644 gradle/wrapper/gradle-wrapper.jar
 create mode 100644 gradle/wrapper/gradle-wrapper.properties
 create mode 100755 gradlew
 create mode 100644 gradlew.bat
 create mode 100644 settings.gradle
 create mode 100644 sop-java-picocli/README.md
 create mode 100644 sop-java-picocli/build.gradle
 create mode 100644 sop-java-picocli/src/main/java/sop/cli/picocli/DateParser.java
 create mode 100644 sop-java-picocli/src/main/java/sop/cli/picocli/FileUtil.java
 create mode 100644 sop-java-picocli/src/main/java/sop/cli/picocli/Print.java
 create mode 100644 sop-java-picocli/src/main/java/sop/cli/picocli/SOPExceptionExitCodeMapper.java
 create mode 100644 sop-java-picocli/src/main/java/sop/cli/picocli/SOPExecutionExceptionHandler.java
 create mode 100644 sop-java-picocli/src/main/java/sop/cli/picocli/SopCLI.java
 create mode 100644 sop-java-picocli/src/main/java/sop/cli/picocli/commands/ArmorCmd.java
 create mode 100644 sop-java-picocli/src/main/java/sop/cli/picocli/commands/DearmorCmd.java
 create mode 100644 sop-java-picocli/src/main/java/sop/cli/picocli/commands/DecryptCmd.java
 create mode 100644 sop-java-picocli/src/main/java/sop/cli/picocli/commands/DetachInbandSignatureAndMessageCmd.java
 create mode 100644 sop-java-picocli/src/main/java/sop/cli/picocli/commands/EncryptCmd.java
 create mode 100644 sop-java-picocli/src/main/java/sop/cli/picocli/commands/ExtractCertCmd.java
 create mode 100644 sop-java-picocli/src/main/java/sop/cli/picocli/commands/GenerateKeyCmd.java
 create mode 100644 sop-java-picocli/src/main/java/sop/cli/picocli/commands/SignCmd.java
 create mode 100644 sop-java-picocli/src/main/java/sop/cli/picocli/commands/VerifyCmd.java
 create mode 100644 sop-java-picocli/src/main/java/sop/cli/picocli/commands/VersionCmd.java
 create mode 100644 sop-java-picocli/src/main/java/sop/cli/picocli/commands/package-info.java
 create mode 100644 sop-java-picocli/src/main/java/sop/cli/picocli/package-info.java
 create mode 100644 sop-java-picocli/src/test/java/sop/cli/picocli/DateParserTest.java
 create mode 100644 sop-java-picocli/src/test/java/sop/cli/picocli/FileUtilTest.java
 create mode 100644 sop-java-picocli/src/test/java/sop/cli/picocli/SOPTest.java
 create mode 100644 sop-java-picocli/src/test/java/sop/cli/picocli/commands/ArmorCmdTest.java
 create mode 100644 sop-java-picocli/src/test/java/sop/cli/picocli/commands/DearmorCmdTest.java
 create mode 100644 sop-java-picocli/src/test/java/sop/cli/picocli/commands/DecryptCmdTest.java
 create mode 100644 sop-java-picocli/src/test/java/sop/cli/picocli/commands/EncryptCmdTest.java
 create mode 100644 sop-java-picocli/src/test/java/sop/cli/picocli/commands/ExtractCertCmdTest.java
 create mode 100644 sop-java-picocli/src/test/java/sop/cli/picocli/commands/GenerateKeyCmdTest.java
 create mode 100644 sop-java-picocli/src/test/java/sop/cli/picocli/commands/SignCmdTest.java
 create mode 100644 sop-java-picocli/src/test/java/sop/cli/picocli/commands/VerifyCmdTest.java
 create mode 100644 sop-java-picocli/src/test/java/sop/cli/picocli/commands/VersionCmdTest.java
 create mode 100644 sop-java/README.md
 create mode 100644 sop-java/build.gradle
 create mode 100644 sop-java/src/main/java/sop/ByteArrayAndResult.java
 create mode 100644 sop-java/src/main/java/sop/DecryptionResult.java
 create mode 100644 sop-java/src/main/java/sop/MicAlg.java
 create mode 100644 sop-java/src/main/java/sop/Ready.java
 create mode 100644 sop-java/src/main/java/sop/ReadyWithResult.java
 create mode 100644 sop-java/src/main/java/sop/SOP.java
 create mode 100644 sop-java/src/main/java/sop/SessionKey.java
 create mode 100644 sop-java/src/main/java/sop/Signatures.java
 create mode 100644 sop-java/src/main/java/sop/SigningResult.java
 create mode 100644 sop-java/src/main/java/sop/Verification.java
 create mode 100644 sop-java/src/main/java/sop/enums/ArmorLabel.java
 create mode 100644 sop-java/src/main/java/sop/enums/EncryptAs.java
 create mode 100644 sop-java/src/main/java/sop/enums/SignAs.java
 create mode 100644 sop-java/src/main/java/sop/enums/package-info.java
 create mode 100644 sop-java/src/main/java/sop/exception/SOPGPException.java
 create mode 100644 sop-java/src/main/java/sop/exception/package-info.java
 create mode 100644 sop-java/src/main/java/sop/operation/Armor.java
 create mode 100644 sop-java/src/main/java/sop/operation/Dearmor.java
 create mode 100644 sop-java/src/main/java/sop/operation/Decrypt.java
 create mode 100644 sop-java/src/main/java/sop/operation/DetachInbandSignatureAndMessage.java
 create mode 100644 sop-java/src/main/java/sop/operation/Encrypt.java
 create mode 100644 sop-java/src/main/java/sop/operation/ExtractCert.java
 create mode 100644 sop-java/src/main/java/sop/operation/GenerateKey.java
 create mode 100644 sop-java/src/main/java/sop/operation/Sign.java
 create mode 100644 sop-java/src/main/java/sop/operation/Verify.java
 create mode 100644 sop-java/src/main/java/sop/operation/VerifySignatures.java
 create mode 100644 sop-java/src/main/java/sop/operation/Version.java
 create mode 100644 sop-java/src/main/java/sop/operation/package-info.java
 create mode 100644 sop-java/src/main/java/sop/package-info.java
 create mode 100644 sop-java/src/main/java/sop/util/HexUtil.java
 create mode 100644 sop-java/src/main/java/sop/util/Optional.java
 create mode 100644 sop-java/src/main/java/sop/util/ProxyOutputStream.java
 create mode 100644 sop-java/src/main/java/sop/util/UTCUtil.java
 create mode 100644 sop-java/src/main/java/sop/util/package-info.java
 create mode 100644 sop-java/src/test/java/sop/util/ByteArrayAndResultTest.java
 create mode 100644 sop-java/src/test/java/sop/util/HexUtilTest.java
 create mode 100644 sop-java/src/test/java/sop/util/MicAlgTest.java
 create mode 100644 sop-java/src/test/java/sop/util/OptionalTest.java
 create mode 100644 sop-java/src/test/java/sop/util/ProxyOutputStreamTest.java
 create mode 100644 sop-java/src/test/java/sop/util/ReadyTest.java
 create mode 100644 sop-java/src/test/java/sop/util/ReadyWithResultTest.java
 create mode 100644 sop-java/src/test/java/sop/util/SessionKeyTest.java
 create mode 100644 sop-java/src/test/java/sop/util/SigningResultTest.java
 create mode 100644 sop-java/src/test/java/sop/util/UTCUtilTest.java
 create mode 100644 version.gradle

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..803da04
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,33 @@
+# SPDX-FileCopyrightText: 2021 Paul Schaub <info@pgpainless.org>
+#
+# SPDX-License-Identifier: CC0-1.0
+
+.idea
+.gradle
+
+out/
+build/
+bin/
+libs/
+
+*/build
+
+*.iws
+*.iml
+*.ipr
+*.class
+*.log
+*.jar
+
+gradle.properties
+!gradle-wrapper.jar
+
+.classpath
+.project
+.settings/
+
+pgpainless-core/.classpath
+pgpainless-core/.project
+pgpainless-core/.settings/
+
+push_html.sh
diff --git a/CHANGELOG.md b/CHANGELOG.md
new file mode 100644
index 0000000..926f0f5
--- /dev/null
+++ b/CHANGELOG.md
@@ -0,0 +1,5 @@
+# Changelog
+
+## 1.1.0
+- Initial release from new repository
+- Implement SOP specification version 3
\ No newline at end of file
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..d6ec8a0
--- /dev/null
+++ b/README.md
@@ -0,0 +1,23 @@
+# SOP for Java
+
+The [Stateless OpenPGP Protocol](https://datatracker.ietf.org/doc/html/draft-dkg-openpgp-stateless-cli-03) specification
+defines a generic stateless CLI for dealing with OpenPGP messages.
+Its goal is to provide a minimal, yet powerful API for the most common OpenPGP related operations.
+
+`sop-java` defines a set of Java interfaces describing said API.
+
+`sop-java-picocli` contains a wrapper application that transforms the `sop-java` API into a command line application
+compatible with the SOP-CLI specification.
+
+## Known Implementations
+(Please expand!)
+
+| Project                                                                               | Description                                   |
+|---------------------------------------------------------------------------------------|-----------------------------------------------|
+| [pgpainless-sop](https://github.com/pgpainless/pgpainless/tree/master/pgpainless-sop) | Implementation of `sop-java` using PGPainless |
+
+### Implementations in other languages
+| Project                                         | Language |
+|-------------------------------------------------|----------|
+| [sop-rs](https://sequoia-pgp.gitlab.io/sop-rs/) | Rust     |
+| [SOP for python](https://pypi.org/project/sop/) | Python   |
\ No newline at end of file
diff --git a/build.gradle b/build.gradle
new file mode 100644
index 0000000..b205ae2
--- /dev/null
+++ b/build.gradle
@@ -0,0 +1,252 @@
+// SPDX-FileCopyrightText: 2021 Paul Schaub <info@pgpainless.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+buildscript {
+
+    repositories {
+
+        maven {
+            url "https://plugins.gradle.org/m2/"
+        }
+        mavenLocal()
+        mavenCentral()
+    }
+    dependencies {
+        classpath "gradle.plugin.org.kt3k.gradle.plugin:coveralls-gradle-plugin:2.12.0"
+    }
+}
+
+plugins {
+    id 'ru.vyarus.animalsniffer' version '1.5.3'
+}
+
+apply from: 'version.gradle'
+
+allprojects {
+    apply plugin: 'java'
+    apply plugin: 'idea'
+    apply plugin: 'eclipse'
+    apply plugin: 'jacoco'
+    apply plugin: 'checkstyle'
+
+    // For non-cli modules enable android api compatibility check
+    if (it.name.equals('sop-java')) {
+        // animalsniffer
+        apply plugin: 'ru.vyarus.animalsniffer'
+        dependencies {
+            signature "net.sf.androidscents.signature:android-api-level-${minAndroidSdk}:2.3.3_r2@signature"
+        }
+        animalsniffer {
+            sourceSets = [sourceSets.main]
+        }
+    }
+
+    // checkstyle
+    checkstyle {
+        toolVersion = '8.18'
+    }
+
+    group 'org.pgpainless'
+    description = "Stateless OpenPGP Protocol API for Java"
+    version = shortVersion
+
+    sourceCompatibility = javaSourceCompatibility
+
+    repositories {
+        mavenCentral()
+    }
+
+    // Reproducible Builds
+    tasks.withType(AbstractArchiveTask) {
+        preserveFileTimestamps = false
+        reproducibleFileOrder = true
+    }
+
+    project.ext {
+        slf4jVersion = '1.7.32'
+        logbackVersion = '1.2.9'
+        junitVersion = '5.8.2'
+        picocliVersion = '4.6.2'
+        rootConfigDir = new File(rootDir, 'config')
+        gitCommit = getGitCommit()
+        isContinuousIntegrationEnvironment = Boolean.parseBoolean(System.getenv('CI'))
+        isReleaseVersion = !isSnapshot
+        signingRequired = !(isSnapshot || isContinuousIntegrationEnvironment)
+        sonatypeCredentialsAvailable = project.hasProperty('sonatypeUsername') && project.hasProperty('sonatypePassword')
+        sonatypeSnapshotUrl = 'https://oss.sonatype.org/content/repositories/snapshots'
+        sonatypeStagingUrl = 'https://oss.sonatype.org/service/local/staging/deploy/maven2'
+    }
+
+    if (isSnapshot) {
+        version = version + '-SNAPSHOT'
+    }
+    def projectDirFile = new File("$projectDir")
+    if (!project.ext.isSnapshot && !'git describe --exact-match HEAD'.execute(null, projectDirFile).text.trim().equals(ext.shortVersion)) {
+        throw new InvalidUserDataException('Untagged version detected! Please tag every release.')
+    }
+    if (!version.endsWith('-SNAPSHOT') && version != 'git tag --points-at HEAD'.execute(null, projectDirFile).text.trim()) {
+        throw new InvalidUserDataException(
+                'Tag mismatch detected, version is ' + version + ' but should be ' +
+                        'git tag --points-at HEAD'.execute(null, projectDirFile).text.trim())
+    }
+
+    jacoco {
+        toolVersion = "0.8.7"
+    }
+
+    jacocoTestReport {
+        dependsOn test
+        sourceDirectories.setFrom(project.files(sourceSets.main.allSource.srcDirs))
+        classDirectories.setFrom(project.files(sourceSets.main.output))
+        reports {
+            xml.enabled true
+        }
+    }
+
+    test {
+        useJUnitPlatform()
+        testLogging {
+            events "passed", "skipped", "failed"
+            exceptionFormat "full"
+        }
+    }
+}
+
+subprojects {
+    apply plugin: 'maven-publish'
+    apply plugin: 'signing'
+
+    task sourcesJar(type: Jar, dependsOn: classes) {
+        classifier = 'sources'
+        from sourceSets.main.allSource
+    }
+    task javadocJar(type: Jar, dependsOn: javadoc) {
+        classifier = 'javadoc'
+        from javadoc.destinationDir
+    }
+    task testsJar(type: Jar, dependsOn: testClasses) {
+        classifier = 'tests'
+        from sourceSets.test.output
+    }
+
+    publishing {
+        publications {
+            mavenJava(MavenPublication) {
+                from components.java
+                artifact sourcesJar
+                artifact javadocJar
+                artifact testsJar
+                pom {
+                    name = 'SOP for Java'
+                    description = 'Stateless OpenPGP Protocol API for Java'
+                    url = 'https://github.com/pgpainless/sop-java'
+                    inceptionYear = '2020'
+
+                    scm {
+                        url = 'https://github.com/pgpainless/sop-java'
+                        connection = 'scm:https://github.com/pgpainless/sop-java'
+                        developerConnection = 'scm:git://github.com/pgpainless/sop-java.git'
+                    }
+
+                    licenses {
+                        license {
+                            name = 'The Apache Software License, Version 2.0'
+                            url = 'http://www.apache.org/licenses/LICENSE-2.0.txt'
+                            distribution = 'repo'
+                        }
+                    }
+
+                    developers {
+                        developer {
+                            id = 'vanitasvitae'
+                            name = 'Paul Schaub'
+                            email = 'vanitasvitae@fsfe.org'
+                        }
+                    }
+                }
+            }
+        }
+        repositories {
+            if (sonatypeCredentialsAvailable) {
+                maven {
+                    url isSnapshot ? sonatypeSnapshotUrl : sonatypeStagingUrl
+                    credentials {
+                        username = sonatypeUsername
+                        password = sonatypePassword
+                    }
+                }
+            }
+        }
+    }
+
+    signing {
+        useGpgCmd()
+        required { signingRequired }
+        sign publishing.publications.mavenJava
+    }
+}
+
+def getGitCommit() {
+    def projectDirFile = new File("$projectDir")
+    def dotGit = new File("$projectDir/.git")
+    if (!dotGit.isDirectory()) return 'non-git build'
+
+    def cmd = 'git describe --always --tags --dirty=+'
+    def proc = cmd.execute(null, projectDirFile)
+    def gitCommit = proc.text.trim()
+    assert !gitCommit.isEmpty()
+
+    def srCmd = 'git symbolic-ref --short HEAD'
+    def srProc = srCmd.execute(null, projectDirFile)
+    srProc.waitForOrKill(10 * 1000)
+    if (srProc.exitValue() == 0) {
+        // Only add the information if the git command was
+        // successful. There may be no symbolic reference for HEAD if
+        // e.g. in detached mode.
+        def symbolicReference = srProc.text.trim()
+        assert !symbolicReference.isEmpty()
+        gitCommit += "-$symbolicReference"
+    }
+
+    gitCommit
+}
+
+apply plugin: "com.github.kt3k.coveralls"
+coveralls {
+	sourceDirs = files(subprojects.sourceSets.main.allSource.srcDirs).files.absolutePath
+}
+
+task jacocoRootReport(type: JacocoReport) {
+    dependsOn = subprojects.jacocoTestReport
+    sourceDirectories.setFrom(files(subprojects.sourceSets.main.allSource.srcDirs))
+    classDirectories.setFrom(files(subprojects.sourceSets.main.output))
+    executionData.setFrom(files(subprojects.jacocoTestReport.executionData))
+    reports {
+        xml.enabled true
+        xml.destination file("${buildDir}/reports/jacoco/test/jacocoTestReport.xml")
+    }
+    // We could remove the following setOnlyIf line, but then
+    // jacocoRootReport would silently be SKIPPED if something with
+    // the projectsWithUnitTests is wrong (e.g. a project is missing
+    // in there).
+    setOnlyIf { true }
+}
+
+task javadocAll(type: Javadoc) {
+    def currentJavaVersion = JavaVersion.current()
+    if (currentJavaVersion.compareTo(JavaVersion.VERSION_1_9) >= 0) {
+        options.addStringOption("-release", "8");
+    }
+    source subprojects.collect {project ->
+        project.sourceSets.main.allJava }
+    destinationDir = new File(buildDir, 'javadoc')
+    // Might need a classpath
+    classpath = files(subprojects.collect {project ->
+        project.sourceSets.main.compileClasspath})
+    options.linkSource = true
+    options.use = true
+    options.links = [
+            "https://docs.oracle.com/javase/${sourceCompatibility.getMajorVersion()}/docs/api/",
+    ] as String[]
+}
diff --git a/config/checkstyle/checkstyle.xml b/config/checkstyle/checkstyle.xml
new file mode 100644
index 0000000..06e167f
--- /dev/null
+++ b/config/checkstyle/checkstyle.xml
@@ -0,0 +1,232 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+SPDX-FileCopyrightText: 2021 Paul Schaub <info@pgpainless.org>
+
+SPDX-License-Identifier: CC0-1.0
+-->
+
+<!DOCTYPE module PUBLIC
+        "-//Puppy Crawl//DTD Check Configuration 1.3//EN"
+        "http://www.puppycrawl.com/dtds/configuration_1_3.dtd">
+<module name="Checker">
+
+    <!-- Suppressions -->
+    <module name="SuppressionFilter">
+        <property name="file" value="${config_loc}/suppressions.xml"/>
+    </module>
+
+    <module name="NewlineAtEndOfFile">
+        <property name="lineSeparator" value="lf"/>
+    </module>
+
+    <module name="RegexpSingleline">
+        <!--
+            Matches StringBuilder.append(String) calls where the
+            argument is a String of length one. Those should be replaced
+            with append(char) for performance reasons.
+
+            TODO: This could be more advanced in order to match also
+            - .append("\u1234")
+        -->
+        <property name="format" value="\.append\(&quot;(.|\\.)&quot;\)"/>
+        <property name="message" value="Don&apos;t use StringBuilder.append(String) when you can use StringBuilder.append(char). Solution: Replace double quotes of append&apos;s argument with single quotes."/>
+    </module>
+
+    <!-- Whitespace only lines -->
+    <module name="RegexpSingleline">
+        <property name="format" value="^\s+$"/>
+        <property name="message" value="Line containing only whitespace character(s)"/>
+    </module>
+
+    <!-- Mixed spaces/tabs -->
+    <module name="RegexpSingleline">
+        <!-- We use {2,} instead of + here to address the typical case where a file was written
+           with tabs but javadoc is causing '\t *' -->
+        <property name="format" value="^\t+ {2,}"/>
+        <property name="message" value="Line containing space(s) after tab(s)"/>
+    </module>
+
+    <!-- Trailing whitespaces -->
+    <module name="RegexpSingleline">
+        <!--
+            Explaining the following Regex
+
+                       \s+   $
+                        |    +- End of Line (2)
+                        +- At least one whitespace (1)
+
+            Rationale:
+            Matches trailing whitespace (2) in lines containing at least one (1) non-whitespace character
+        -->
+        <property name="format" value="\s+$"/>
+        <property name="message" value="Line containing trailing whitespace character(s)"/>
+    </module>
+
+    <!-- <module name="RegexpSingleline"> -->
+    <!--   <property name="format" value="fqdn"/> -->
+    <!-- </module> -->
+
+    <!-- Space after // -->
+    <module name="RegexpSingleline">
+        <property name="format" value="^\s*//[^\s]"/>
+        <property name="message" value="Comment start ('//') followed by non-space character. You would not continue after a punctuation without a space, would you?"/>
+    </module>
+
+    <module name="JavadocPackage">
+    </module>
+
+    <module name="TreeWalker">
+        <module name="SuppressionCommentFilter"/>
+        <module name="FinalClass"/>
+        <module name="UnusedImports">
+            <property name="processJavadoc" value="true"/>
+        </module>
+        <module name="AvoidStarImport"/>
+        <module name="IllegalImport"/>
+        <module name="RedundantImport"/>
+        <module name="RedundantModifier"/>
+        <module name="ModifierOrder"/>
+        <module name="UpperEll"/>
+        <module name="ArrayTypeStyle"/>
+        <module name="GenericWhitespace"/>
+        <module name="EmptyStatement"/>
+        <module name="PackageDeclaration"/>
+        <module name="LeftCurly"/>
+
+        <!-- printStackTrace -->
+        <module name="RegexpSinglelineJava">
+            <property name="format" value="printStackTrace"/>
+            <property name="message" value="Usage of printStackTrace. Either rethrow exception, or log using Logger."/>
+            <property name="ignoreComments" value="true"/>
+        </module>
+
+        <!-- println -->
+        <module name="RegexpSinglelineJava">
+            <property name="format" value="println"/>
+            <property name="message" value="Usage of println"/>
+            <property name="ignoreComments" value="true"/>
+        </module>
+
+        <!-- Spaces instead of Tabs -->
+        <module name="RegexpSinglelineJava">
+            <property name="format" value="^\t+"/>
+            <property name="message" value="Indent must not use tab characters. Use space instead."/>
+        </module>
+
+        <module name="JavadocMethod">
+            <!-- TODO stricten those checks -->
+            <property name="scope" value="public"/>
+            <!--<property name="allowUndeclaredRTE" value="true"/>-->
+            <property name="allowMissingParamTags" value="true"/>
+            <property name="allowMissingThrowsTags" value="true"/>
+            <property name="allowMissingReturnTag" value="true"/>
+            <property name="allowMissingJavadoc" value="true"/>
+            <property name="suppressLoadErrors" value="true"/>
+        </module>
+
+        <module name="JavadocStyle">
+            <property name="scope" value="public"/>
+            <property name="checkEmptyJavadoc" value="true"/>
+            <property name="checkHtml" value="false"/>
+        </module>
+
+        <module name="ParenPad">
+        </module>
+
+        <!-- Whitespace after key tokens -->
+        <module name="NoWhitespaceAfter">
+            <property name="tokens" value="INC
+										 , DEC
+										 , UNARY_MINUS
+										 , UNARY_PLUS
+										 , BNOT, LNOT
+										 , DOT
+										 , ARRAY_DECLARATOR
+										 , INDEX_OP
+										 "/>
+        </module>
+
+        <!-- Whitespace after key words -->
+        <module name="WhitespaceAfter">
+            <property name="tokens" value="TYPECAST
+										 , LITERAL_IF
+										 , LITERAL_ELSE
+										 , LITERAL_WHILE
+										 , LITERAL_DO
+										 , LITERAL_FOR
+										 , DO_WHILE
+										 "/>
+        </module>
+
+        <module name="WhitespaceAround">
+            <property
+                    name="ignoreEnhancedForColon"
+                    value="false"
+            />
+            <!-- Currently disabled tokens: LCURLY, RCURLY, WILDCARD_TYPE, GENERIC_START, GENERIC_END -->
+            <property
+                    name="tokens"
+                    value="ASSIGN
+					 , ARRAY_INIT
+					 , BAND
+					 , BAND_ASSIGN
+					 , BOR
+					 , BOR_ASSIGN
+					 , BSR
+					 , BSR_ASSIGN
+					 , BXOR
+					 , BXOR_ASSIGN
+					 , COLON
+					 , DIV
+					 , DIV_ASSIGN
+					 , DO_WHILE
+					 , EQUAL
+					 , GE
+					 , GT
+					 , LAMBDA
+					 , LAND
+					 , LE
+					 , LITERAL_CATCH
+					 , LITERAL_DO
+					 , LITERAL_ELSE
+					 , LITERAL_FINALLY
+					 , LITERAL_FOR
+					 , LITERAL_IF
+					 , LITERAL_RETURN
+					 , LITERAL_SWITCH
+					 , LITERAL_SYNCHRONIZED
+					 , LITERAL_TRY
+					 , LITERAL_WHILE
+					 , LOR
+					 , LT
+					 , MINUS
+					 , MINUS_ASSIGN
+					 , MOD
+					 , MOD_ASSIGN
+					 , NOT_EQUAL
+					 , PLUS
+					 , PLUS_ASSIGN
+					 , QUESTION
+					 , SL
+					 , SLIST
+					 , SL_ASSIGN
+					 , SR
+					 , SR_ASSIGN
+					 , STAR
+					 , STAR_ASSIGN
+					 , LITERAL_ASSERT
+					 , TYPE_EXTENSION_AND
+					 "/>
+        </module>
+
+        <!--
+        <module name="CustomImportOrder">
+            <property name="customImportOrderRules"
+                      value="STATIC###STANDARD_JAVA_PACKAGE###SPECIAL_IMPORTS###THIRD_PARTY_PACKAGE"/>
+            <property name="specialImportsRegExp" value="^org\.org.pgpainless.core\.org.pgpainless.core"/>
+            <property name="sortImportsInGroupAlphabetically" value="true"/>
+            <property name="separateLineBetweenGroups" value="true"/>
+        </module>
+        -->
+    </module>
+</module>
diff --git a/config/checkstyle/suppressions.xml b/config/checkstyle/suppressions.xml
new file mode 100644
index 0000000..1314d44
--- /dev/null
+++ b/config/checkstyle/suppressions.xml
@@ -0,0 +1,19 @@
+<?xml version="1.0"?>
+<!--
+SPDX-FileCopyrightText: 2021 Paul Schaub <info@pgpainless.org>
+
+SPDX-License-Identifier: CC0-1.0
+-->
+
+<!DOCTYPE suppressions PUBLIC
+        "-//Puppy Crawl//DTD Suppressions 1.1//EN"
+        "http://www.puppycrawl.com/dtds/suppressions_1_1.dtd">
+<suppressions>
+    <!-- GenericWhitespace has some problems with false postive, leave
+it disabled until gradle uses a checkstyle version where this is fixed
+-->
+    <suppress checks="GenericWhitespace"
+              files="Protocol.java" />
+    <!-- Suppress JavadocPackage in the test packages -->
+    <suppress checks="JavadocPackage" files="[\\/]test[\\/]"/>
+</suppressions>
diff --git a/gradle/wrapper/gradle-wrapper.jar b/gradle/wrapper/gradle-wrapper.jar
new file mode 100644
index 0000000000000000000000000000000000000000..7454180f2ae8848c63b8b4dea2cb829da983f2fa
GIT binary patch
literal 59536
zcma&NbC71ylI~qywr$(CZQJHswz}-9F59+k+g;UV+cs{`J?GrGXYR~=-ydruB3JCa
zB64N^cILAcWk5iofq)<(fq;O7{th4@;QxID0)qN`mJ?GIqLY#rX8-|G{5M0pdVW5^
zzXk$-2kQTAC?_N@B`&6-N-rmVFE=$QD?>*=4<|!MJu@}isLc4AW#{m2if&A5T5g&~
ziuMQeS*U5sL6J698wOd)K@oK@1{peP5&Esut<#VH^u)gp`9H4)`uE!2$>RTctN+^u
z=ASkePDZA-X8)rp%D<bsI~h4Rm^uAFQ<BLROWJ<`0bzjv0Wtj7Q-tm9U7TJ1&X+T?
z0;sqcIk}iQkuuSn*cv%I$0$z%76noH7Ta8zN`fE6Jd*?sq^xZE*~7uq;sxnxm0bf?
zWG{%)C$J>;p*~P?*a_=*Kwc<^>QSH|^<0>o37lt^+Mj1;4YvJ(JR-Y+?%Nu}JAYj5
z_Qc5%Ao#F?q32i?ZaN2OSNhWL;2oDEw_({7ZbgUjna!Fqn3NzLM@-EWFPZVmc>(fZ
z0&bF-Ch#p9C{YJT9Rcr3+Y_uR^At1^BxZ#eo>$PLJF3=;t_$2|t+_6gg5(j{TmjYU
zK12c&lE?Eh+2u2&6Gf*IdKS&6?rYbSEKBN!rv{YCm|Rt=UlPcW9j`0o6{66#y5t9C
zruFA2iKd=H%jHf%ypOkxLnO8#H}#Zt{8p!oi6)7#NqoF({t6|J^?1e*oxqng9Q2Cc
zg%5Vu!em)}Yuj?kaP!D?b?(C*w!1;>R=j90+RTkyEXz+9CufZ$C^umX^+4|JYaO<5
zmIM3#dv`DGM;@F6;(t!WngZSYzHx?9&$xEF70D1BvfVj<%+b#)vz)2iLCrTeYzUcL
z(OBnNoG6Le%M+@2oo)&jdOg=iCszzv59<zcSBI^y^uc-kP|_dnxBqv~xB5X_NdN`}
zMEZBv(Eb1Sf`9se`nn2=2Ie=O^J*P!I1_b5V7;&u5DG)HdYyU<<s2B@54)x{`f;Kv
zfZM5g;hgn#bvN&GK<gLO6WI!L^J1!7iGSk$15c-vlyO(z)N14Q<Fg*eH~;4+)6c>e
zDRCeaX8l1hC=8LbBt|k5?CXgep=3r9BXx1uR8!p%Z|0+4Xro=xi0G!e{c4U~1j6!)
zH6adq0}#l{%*1U(Cb%4AJ}VLWKBPi0MoKFaQH6x?^hQ!6em@993xdtS%_dmevzeNl
z(o?YlOI=jl<yl^k$7x`{qSba_*VQ%;8j}}@TaTN?f+&raCTvE~rk97kV@}*tTpQw5
z={nQs*R=b0PCHv#8U`*OxF($@;Jc?RJJMZQ*LR;dMe=BCU_m0z&*&~=Q`lJ>(`L9^
z0O+H9k$_@`6L13eTT8ci-V0ljDMD|0ifUw|Q-Hep$xYj0hTO@0%IS^TD4b4n6EKDG
z??uM;MEx`s98KYN(K0>c!C3HZdZ{+_53DO%9k5W%pr6yJusQAv_;IA}925Y%;+!tY
z%2k!YQmLLOr{rF~!s<3-WEUs)`ix_mSU|cNRBIWxOox_Yb7Z=~Q45ZNe*u|m^|)d*
zog=i>`=bTe!|;8F+#H>EjIMcgWcG2ORD`w0WD;YZAy5#s{65~qfI6o$+Ty&-hyMyJ
z3Ra~t>R!p=5ZpxA;QkDAoPi4sYOP6>LT+}{xp}tk+<0k^CKCFdNYG(Es>p0gqD)jP
zWOeX5G;9(m@?GOG7g;e74i_|SmE?<N0Ng}*VO}5)^i`w@P$lv*s!yN-+Qy*o1bwsn
z#CeG-p3MXZ6>`B2i;sLYwRWKLy0RLW!Hx`=!LH3&k=FuCsM=9M4|GqzA)anEHfxkB
z?2iK-u<hM|!0X$eB^PL6wmad01UDpub2QY95B#<MR(CC$aEBLG+2Y!yGAVismJJHz
zIoV4iw~uG)_VY&(TT9{^RRKRu=%(c2w?!KqElWo-&$-nSRdeH2LvB+he)EthAIQ5^
zU)(6)dr6Y&P`KFe{hBbFJ|Z8^tg>(DC_T1};KaUT@3nP~LEcENT^UgP<XbpcE`+`@
zyE0v)t=HTGyW)oJ_|vjt*!jC<)t0!)>vp!QC@Dw&PVAhaEYrPey{nkcn(ro|r7XUz
z%#(=$7D8uP_uU-oPHhd>>^adbCSQetgSG`e$U|7mr!`|bU0aHl_cmL)<w62C55WUy
zZx(_)1wXrXQ70oOIwxQkuFl}J0ZzmPT+bL4iW^M<ND6i_(FnAVRBYk`l=KbaDvp1k
zWmV)m&mE;lcjfvUBp}P4^&PSwPSPJhoJ685G2>na-5x1#OsVE#m*+k84Y^+UMeSAa
zbrVZHU=m<S*p*mB!e!v0(Gt07(r@|86J6rOcXp}lo8h5GB=*f;BuVJ!Q)iyaNs%*y
z&}JC?Lw>FwXEaGHtXQq`2ZtjfS!B2H{5A<3(nb-6ARVV8kEmOkx6D2x7<M0Z?A)|O
z%gj7Nfysd!*#r)!d{^edzFbybaJQOF@+gl~7gK>~-6hl;*-*}2Xz;J#a8Wn;_B5=m
zl3dY;%krf?i-Ok^Pal-}4F`{F@TYPTwTEhxpZK5WCpfD^UmM_iYPe}wpE!Djai6_{
z*pGO=WB47#Xjb7!n2Ma)s^yeR*1rTxp`Mt4sfA+`HwZf%!7ZqGosPkw69`Ix5Ku6G
z@Pa;pjzV&dn{M=QDx89t?p?d9gna*}jBly*<y-JK!Y=$BB>#1!6}5K<*xDPJ{wv4&
zM$17DFd~L*Te3A%yD<d9`~mL{6xb2g^$1)ET|rJrQ1#}(!0!`@pxRr;I)X#!dDg!k
zMd`y90Uu!`B(?B%PT#=LMjp{w$Fvjcp&iykB<D%AI)^EYZRlCcA|jfqQqkp#w;9Kw
zsF3FVnxs<?p6|yzW!Ls#;3KlDY(p2nT`W%0l1uxtk~}7Kxyc4-f@0)j_yzmTaq1#t
zS_iOx{ih{*HtF=S{-v1}h=0)6e?ZMYf#qKm@_&{nYG!WaYU}c^dqpRE3nw#YXIU#}
z7c+pF(?1eSvD&r@jvDG0fITzB3`JRz5>;Dp9UGWTjRxAvMu!j^Tbc}2v~q^59d4bz
zvu#!IJCy(BcWTc`;v$9tH;J%oiSJ_i7s;2`JXZF+qd4C)vY!hyCtl)sJIC{ebI*0>
z@x>;EzyBv>AI-~{D6l<i0ovd~v}7XNc$Qrs7s~OiIZ8qsp$2_MTkt%2w9$s(OrH*U
zfd`M15&oG8aU7HtJx&^{!*Cy}$j~h{+AfO=I&W`6`AgSD_*BJgYHCO>6{ST=em*U(
z(r$nuXY-#CCi^8<Uj3dkZ!`ndO0Z6BNR1GD{ior`%cY8S?_dLDKwsZou>Z2#<qq%Q
z;qM=yIWP_ODMY+y$q_cr{cgj_YYTxl7B7J!G<0CKL)lta>v#UXOt`dbYN1z5jzNF2
z411?w)whZrfA20;<o$GpxaIyLSUs^!IP9p!yvb9?(>nl&C1Gi+gk<`JSm+{|*2o<<
zqM#@z_D`Cn|0H^9$|Tah)0M_X4c37|KQ*PmoT@%xHc3L1ZY6(p(sNXHa&49Frzto&
z<b?XIlBsD|oN=9ayqYn-Bj>R`c~ClHpE~4Z=uKa5S(-?<gnO1?F`%kX?XI!|wy|1(
zwVmJAY>M8EJ$zt0&fJk~p$M#fGN1-y$7!37hld`Uw>Urri(DxLa;=#rK0g4J)pXMC
zxzraOVw1+kNWpi#P=6(qxf`zSdUC?D$i`8ZI@F><JcHvgJMi8H*agw$xFHgG@>k6k
zz21?d+dw7b&i*>Kv<IgnqxoHby(o;ZWbTS3{|84ZU&;Gb?AB4PjV%6h{jjafZE|Fc
zU#u4Mr9~%yL}yoCPIfbIqV%p4go8s-(YV%hh>5L(LH-?J%@WnqT7j#qZ9B>|Zl+=>
z^U-pV@1y_ptHo4hl^cPR<zdb)4d^x`6n&M+<+FLLB%g`&J#>WewbLQ#g6XYQ@EkiP
z;(=SU!yhjHp%1&MsU`FV1Z_#K1&(|5n(7IHbx&gG28HNT)*~-BQi372@|->2Aw5It
z0CBpU<J=>cMA*QvsPy)#lr!lIdCi@1k<V_|^~CggOC$+hgf70;a7yaAHGDEZHw$4N
zF~GE#N`2Ju*JlX*y8+ZWhw?KI(PzMqj|iiW;+5hEmVCQLoPHTeDmRi75_`$%x22vR
z8Rv7zx9Zv@$CdK0QrS-QfRaw{Kl7Lz*~3J9<=cZ&#^~~Axw~ZtS-&|9kuP5&!YrYU
z=(B&HqFxtzihhI7zry?C)sG^ez91qsoiXbRf~@)@l1N|_9+?rr)<cGBVQQ6_WMN59
zU=d@G++iVCkjPv&FM4R9k+;$@l!`L3B^I!fRs2|+BLh)KIW52`sIkdV9X}E6s(Rcy
z?b#=r^Epq1!(9`c#8@wm8?&9-DE)15W(n0*G8f(+>4V2m!NH)%Px(vu-r(Q)HYc!p
zJ^$|)j^E#q#QOgcb^pd74^JUi7fUmMi<OCyi~T>NP_o*lvx*q%_odv49Dsv$NV;6J
z9GOXKomA{2Pb{w}&+yHtH?IkJJu~}Z?{Uk++2mB<fQ37wV2YFf6c%BM^Cvg|i^j_i
z%HZmHQ({pzD$nT^S7)#DQ`R<D=kxr1t{=DqHW`Qn6L#@#QviQg<!=_HuCV9ihkyVC
z$K^iE5!WmhM75uk{E<6d84ND_#N;lzk$H&yMX{6MUJk>8zyvh*xhHKE``99>y#TdD
z&(MH^^JHf;g(Tbb^&8P*;_i*2&fS$7${3WJtV7K&&(MBV2~)2KB3%cWg#1!VE~k#C
z!;A;?p$s{ihyojEZz+$I1)L}&G~ml=udD9qh>Tu(ylv)?YcJT3ihapi!zgPtWb*CP
zlLLJSRCj-^w?@;RU9aL2zDZY1`I3d<&OMuW=c3$o0#STpv_p3b9Wtbql>w^bBi~u4
z3D8KyF?YE?=HcKk!xcp@Cigvzy=lnFgc^9c%(^F22BWYNAYRSho@~*~S)4%AhEttv
zvq>7X!!EWKG?mOd9&n>vvH1p4VzE?HCuxT-u+F&mnsfDI^}*-d00-KAauEaXqg3k@
zy#)MGX!X;&3&0s}F3q40ZmVM$(H3CLfpdL?hB6nVqMxX)q=1b}o_PG%r~hZ4gUfSp
zOH4qlEOW4O<Qu2!V%A3md8KJnot9Ej%W3&hi8UALYGBbGsR8(?gQXkbXoPvNJoRxM
zl}xFdQ=_Q(sLV1%u}jP1L><GdHNxBdrrOT03q(fM-zcL&TQ2sfT&NME3uXPvrpN5~
z#IFoPoCw#6C1K6`VapP`y7VgN`ifPpYM4qbCV_Y_18=5kGr44YudZGc_XS|2=Yf(#
z!G3BaU9189`{6yfQCX6~=-1XRzgMLeZw&xRipcUzS&5=oehq7ZH6vzf4q=X22hvw2
zBlHJ$CnN~(2oCF=AiD#w{XDLE_U6qEgOyQ+O*;3$_U;@<o#a`C2!nY~*b`8ESUA0X
zKW0TCPrp?e$rA~@%?lWx%3!atErDhi8av+|P6x6?2?23EFR$__jm}B8LVu5!fTSdt
zcVrJ`-!<wU%G*!gV*5FktYHGp;oP>MUc)_m)f<IhvZ28GVhmg4m5BNFyLbthtI;H4
z3B*Oql5BF{5_x=K<%JgS&jcR0L%WJW0aDD6R6WchI)?A}9Bna{oN5b<YC&KNkPSj;
zP61~4_QIYBN{1t3@`Vnk4EXssZ;Zb6-(df~<>MR_rl^pCfXc{$fQbI*E&mV77}kRF
z&{<06AJyJ!e863o-V>FA1a9Eemx6>^F$~9ppt()ZbPGfg_NdRXBWoZnDy2;#ODgf!
zgl?iOcF7Meo|{AF>KDwTgYrJLb$L2%%BEtO>T$C?|9bAB&}s;gI?lY#^tttY&hfr#
zKhC+&b-rpg_?~uVK%S@mQleU#_xCsvIPK*<`E0fHE1&!J7!xD#IB|SSPW6-Py<IS2
z4G5JodP+!@;We!jdC1b|o}h<41sOALwM3mSgHH9bg!dlmgXym-*ClVWDA%oV2nj=X
zDh~7IT^Fgn#hsr*vsEidKhB5GsjV~E1;f`KfZ=ob!EiUH;}e^vPn+Sa2JdkK$FHz^
zKl}_lPm46IJWqQ+m)W&3xYQ-g$_D+XLiad-N%xxgwl*-&AB4l}#I;B9Fd1Ke7$ZWg
z63nc50E4D$L_}i&g1UA%l>uqGn3^M^Rz%WT{e?OI^svARX&SAdU77V<bdfrPJ>(C~
zM$H{Kg59op{<|8ry9ecfP%=kFm(-!W&?U0@<<p$&M&X?~!e>%z*+!*<<gYi?D-F*|
zVG6XZquokR!NW`85%`c=C6CgHKNVdvhv%xxYFl(JxTu|BYV4}`%AT5sNXaDB*GitX
znwV-Hs=Jtp=+VQ`raGz$#nGsX?dLH>e0XesMxRFu9QnGqun6R_%T+B%&9Dtk?*d$Q
zb~>84jEAPi@&F@3wAa^Lzc(AJz5gsfZ7J53;@D<;Klpl?sK&u@gie`~vTsbOE~Cd4
z%kr56mI|#b(Jk&;p6plVwmNB0H@0SmgdmjIn5Ne@)}7Vty(yb2t3ev@22AE^s!KaN
zyQ>j+F3w=wnx7w@FVCRe+`vUH)3gW%_72fxzqX!S&!d<b+Y4`ZjT~b`vTqL@_8pWF
zBw|KBrTF3*6JoNRkTa+;-Omfb6Ct{*#hK9}2DQ;5te(mk$d3o7AjZ+kgHGa%!K2MZ
zF}pV!)YhU!aXKGB)1*b>chdkRiHbXW1FMrIIBwj<V9Xn-V#Y{~A?3|pp@lgyO=vpl
zS$4N|M5-}E(N_;A0Fu?x>sai8`CB2r4mAbwp%rrO>3B$Zw;9=%fXI9B{d(UzVap7u
z6piC-FQ)>}VOEuPpuqznpY`hN4dGa_1Xz9rVg(;H$5Te^F0dDv*gz9JS<|>>U0J^#
z6)(4ICh+N_Q`Ft0hF|3fSHs*?a=XC;e`sJaU9&d>X4l?1W=|fr!5S<Y_fcyh`*`oZ
z%lfpmrOMhN5pg47Nft_u*syM5t^12Y?KXb}+6oNAHrDrYSWd<a;c$o+geH}p?AFZ@
zNLBqp8>hD|nv$GK;j46@BV6+{oRbWfqOBRb!ir88XD*SbC(LF}I1h#6@dvK%Toe%@
zhDyG$93H8Eu&gCYddP58iF3oQH*zLbNI;rN@E{T9%A8!=v#JLxKyUe}e}BJpB{~uN
zqgxRgo0*-@-iaHPV8bTOH(rS(huwK1Xg0u+e!`(Irzu@Bld&s5&bWgVc@m7;JgELd
zimVs`>vQ}B_1(2#rv#N9O`fJpVfPc7V2nv34PC);Dzbb;p!6pqHzvy?2pD&1NE)?A
zt(t-ucqy@wn9`^MN5apa7K|L=9>ISC>xoc#>{@e}m#YAAa1*8-RUMKwbm|;5p>T`Z
zNf*ph@tnF{gmDa3uwwN(g=`Rh)4!&)^oOy@VJaK4lMT&<I@>5#YbXkl`q?<*XtsqD
z9PRK6bqb)fJw0g-^a@nu`^?71k|m3RPRjt;pIkCo1{*pdqbVs-<J48;gf9NP5sNR-
zL*ovH87g|Jff92q*!6X7MIO}wdJ{AhrB1Bwyk=;h3m(+DZS-86!~o!+AjniQ8iuZ4
z<@uIglS?h9t`!GB>Yl>4E>3fZx3Sv44grW=*qdSoiZ9?X0wWyO4`yDHh2E!9I!ZFi
zVL8|VtW38}BOJHW(Ax#KL_KQzarbuE{(%TA)AY)@tY4%A%P%SqIU~8~-Lp3qY;U-}
z`h_Gel7;K1h}7$_5ZZT0&%$Lxxr-<89V&&TCsu}LL#!xpQ1O31jaa{U34~^le*Y%L
za?7$>Jk^k^pS^_M&cDs}NgXlR>16AHkSK-4TRaJSh#h&p!-!vQY%f+bmn6x`4fwTp
z$727L^y`~!exvmE^W&#@uY!NxJi`g!i#(++!)?iJ(1)2Wk;R<ee%K2Qwg7EL?cE>N
zFK&O4eTkP$Xn~4bB|q8y(btx$R#D`O@epi4ofcETrx!IM(kWNEe42Qh(8*KqfP(c0
zouBl6>Fc_zM+V;F3znbo{x#%!?mH3`_ANJ?y7ppxS@glg#S9^MXu|FM&ynpz3o&Qh
z2ujAHLF3($pH}0jXQsa#?t--TnF1P73b?4`KeJ9^qK-USHE)4!IYgMn-7<gIVhlrh
zAIi;a5xPRA-3kgTltlkrN%RvJ7$sBOliA03MP1yrJNN1g+SCAhQ`uw0^YzUHVQz+i
zcJ?NW<*^iu>z|=ALF5SNGkrtPG@Y~niUQV<a)%h`^JQ+}q4U57&MX8+?$k_)?28O=
z0SqdF?CIKKD2M~<Xd>2?g$vzJN3nZ{7;HZHzWAeQ;5P|@Tl3YHp<?{|YJofwR|$|<
z$>yznGG<qP&KPu(wi>4-f4=XflwSJY+58-+wf?~Fg@1p1wkzuu-RF3j2JX37SQUc?
zQ4v%`V8z9ZVZVqS8h|@@RpD?n0W<=hk=3Cf8R?d^9YK&e9<yH+X^j7<8u}06ruW;&
zs}iDffRwusBaO1}0$D=D8-n1py7gc2)3D-P%r)J~sS!Cg>ZybFY%jdnA)PeHvtBe-
zhMLD+SSteHBq*q)d6x{)s1UrsO!byyLS$58WK;sqip$Mk{l)Y(_6hEIBsIjCr5t>(
z7CdKUrJTrW%qZ#1z^n*Lb8#VdfzPw~OIL76aC+Rhr<~;4Tl!sw?Rj6hXj4XWa#6Tp
z@)kJ~qOV)^Rh*-?aG>ic2*NlC2M7&LUzc9RT6WM%Cpe78`iAowe!>(T0jo&ivn8-7
zs{Qa@cGy$rE-3AY0V(l8wjI^uB8Lchj@?L}fYal^>T9z;8juH@?rG&g-t+R2dVDBe
zq!K%{e-rT5jX19`(bP23LUN4+_zh2K<ffCSRwd!c6I)GO$MaGRHrZo`XLj)z|Hw@u
z+RdX7Y7*3me;hjSp5W`?z?A}~re~pNO4}djrvl|K>D~EAYzhpEO3MUG8@}uBHH@4J
zd`>_(K4q&>*k82(dDuC)X6JuPrBBubOg7qZ{?x!r@{%0);*`h*^F|%o?&1wX?Wr4b
z1~&cy#PUuES{C#xJ84!z<1tp9sfrR(i%Tu^jnXy;4`Xk;AQCdFC@?V<J=n886<%KH
zoktK&xgnV|_$@)cIYuz!7r*y}iSfQT(R#B$M4R}*9;=WQ%XioaEG%LSiMU?SyoWSz
z)vzgS!TIc2g!y((M(GU(R6+R%8;c21Dphf_^lt0iPB@WuOrW0xubFoDbeX@K0>%|;
zySdC7qS|uQRcH}EFZH%mMB~7gi}a0utE}ZE_}8PQH8f;H%PN41Cb9R%w5Oi5el^fd
z$n{3SqLCnrF##x?4sa^r!O$7NX!}&}V;0ZGQ&K&i%6$3C_dR%I7%gdQ;KT6YZiQrW
zk%q<74oVBV>@}CvJ4Wj!d^?#Zwq(b$E1ze4$99DuNg?6t9H}k_|D7KWD7i0-g*EO7
z;5{hSIYE4DMOK3H%|f5Edx+S0VI0Yw!tsaRS2&Il2)ea^8R5TG72BrJue|f_{2UHa
z@w;^c|K3da#$TB0P3;MPlF7Ru<lwrct1Un5ctcTj3dA)z@DXR;4qFalm=|M>QeXT$
zS<<|C0OF(k)>fr&wOB=gP8!Qm><?)6C=UvZSqZ4uZ1>F41u;3esv7_0l%QHt(~+n;
zf!G6%hp;Gfa9L9=AceiZs~tK+Tf*Wof=4!u{nIO90<Y=vWGH>j<kx9ZhI;(V`;xZu
zDYCY7>H@iS0l+#%8=~%ASzFv7zqSB^?!@N7)kp0t&tCGLmzXSRMRyxCmCYUD2!B`?
zhs$4%KO~m=VFk3Buv9osha{v+mAEq=ik3RdK@;WWTV_g&-$U4IM{1IhGX{pAu%Z&H
zFfwCpUsX%RKg);B@7OUzZ{Hn{q6Vv!3#8fAg!P$IEx<0vAx;GU%}0{VIsmFBPq_mb
zpe^BChDK>sc-WL<U9N|nH@rr2+|rS?enu)UZF(K<l6e9J!EL6HH%c~LxccGVPf7ny
zyFD<g^3W7R4q^j38<}Ad;d`%;&<k2qnN$eo<dQKlYPBl}m(w35KgX2_kxs^Ol_%B|
zUs0|?ZD-dup#G+GdYT}nuh=U$YJ2~fC{jaPJ2|%po84J0j!Df3Whmo-aM6VINyo*B
z8u)_s77Mp`z0j!XsS6lsg7}nmV;RNQRQjm5Lvwddtb78^PR+m1+}L;N@8hJy>Kl<6
zwbW|e&d&dv9Wu0goueyu>(JyPx1mz0v4E?cJjFuKF71Q1)AL8jHO$!fYT3(;U3Re*
zPPOe%*O+@JYt1bW`!W_1!mN&=w3G9ru1XsmwfS~BJ))PhD(+_J_^N6j)sx5VwbWK|
zwRyC?W<`pOCY)b#AS?rluxuuGf-AJ=D!M36l{ua?@SJ5>e!IBr3CXIxWw5xUZ@Xrw
z_R@%?{>d%Ld4p}nEsiA@v*nc6Ah!MUs?GA7e5Q5lPpp0@`%5xY$C;{%rz24$;vR#*
zBP=a{)K<xJfQnB$@{@0_#bhnmPY6Vhfo!rSxRVZS-E}LbOHsiq;G>#CwIY%<caT3p
zke7^)z;+<4(dkHv#H^qO=}oDC0?Gz++%ow-3#lP3XnwX+?<RuxZOQAv{n-=qHz>p}
zXVdxTQ^HS@O&~eIftU+Qt^~(DGxrdi3k}DdT^I7Iy5SMOp$QuD8s;+93YQ!O<SR_4
zuFPyeDQd=$B`zPr!>Y{eB24%<k>xY7ml@|M7I(<O(GUP*ZgNfnNpiv%kq;;6L<^I4
z7v}W+0mMlVqUBFVTaLaEYWpw9RKdMU!6L|L_c5M;=?T;dl`@h1Kd4@M`5dTTD*3IZ
zz|bf>Nb@K_-?F;2?et|CKkuZK_>+>Lvg!>JE~wN`BI|_h6$qi!P)+K-1Hh(1;a`os
z55)4Q{oJiA(lQM#;w#Ta%T0jDNXIPM_bgESMCDEg6rM33anEr}=|Fn6)|jBP6Y}u{
zv9@%7*#RI9;fv;Yii5<S1PDs~()~zZ&rhFs5NWR4B3!{LWrnVKFQ@KNvj~+<W#FDp
z&T9mM8cxq^L*%j6-hix_30sH=&wMm23N3(`R8$1S*Q-~AxYMS7Mu8D3Vs22*;9u;7
zsNVy{0SUTuot>CI+KrRdr0DKh=L>)eO4q$1zmcSmglsV`*N(x=&Wx`*v!!hn6X-l0
zP_m;X??O(skcj+oS$cIdKhfT%ABAzz3w^la-Ucw?yBPEC+=Pe_vU8nd-HV5YX6X8r
zZih&j^eLU=%*;VzhUyoLF;#8QsEfmByk+Y~caBqSvQaaWf2a{JKB9B>V&r?l^rXaC
z8)6AdR@Qy_BxQrE2Fk?ewD!SwLuMj@&d_n5RZFf7=>O>hzVE*seW3U?_p|R^<smC?
zN&@-C*~0;py~VP%VCw_ylgz7IlGQ&Xr*AAit2$1yb1yVPW=-LwHovgWfi79r&^s)c
z3HYRx82m{Vh;IfL3RG%1A(!Y_QxZK{g|kskeKf5qwoWt^ccgLfs$<cG{_aE=N2tun
z4owbA`nL`wH+YwxKW!M%Is5~!@)AtnVw7Zg>CfoY`?|#x9)-*yjv#lo&zP=uI`M?J
zbzC<^3x7Gf<wLN<-n?hqDOF>XA4{FZ72{PE*-mNHyy59Q;kYG@BB~NhTd6pm2Oj=_
zizmD?MKVRkT^KmXuhsk?eRQllPo2Ubk=uCKiZ&u3Xjj~<(!M94c)Tez@9M1Gfs5JV
z->@II)CDJOXTtPrQudNjE}Eltbjq>6KiwAwqvAKd^|g!exgLG3;wP<WK7+bYUFX4z
zZbTRd<h4b<gL68Ci~URd>+#mZYr`cy3#39e653d=jrR-ulW|h#ddHu(m9mFoW~2yE
zz5?dB%6vF}+`-&-W8vy^OCxm3_{02royjvmwjlp+eQDzFVEUiyO#gLv%QdDSI#3W*
z?3!lL8clTaNo-DVJw@ynq?q!%6hTQi35&^>P85G$TqNt78%9_sSJt2RThO|JzM$iL
zg|wjxdMC2|Icc5rX*qPL(coL!u>-xxz-rFiC!6hD1IR%|HSRsV3>Kq~&vJ=s<mnO6
z@_OAm{T6bgd>3M5y8SG%YBQ|{^l#LGlg!D?E>2yR*eV%9m$_J6VGQ~AIh&P$_aFbh
zULr0Z$QE!QpkP=aAeR4ny<#3Fwyw@rZf4?Ewq`;mCVv}xaz+3ni+}a=k~P+yaWt^L
z@w67!DqVf7D%7Xt<h7}J>XX5xBW;Co|HvQ8WR1k?r2cZD%U;2$bsM%u8{JUJ5Z0k=
zZJARv^vFkmWx15CB=rb=D4${+#DVqy5$C%bf`!T0+epLJLnh1jwCdb*zuCL}eEFvE
z{rO1%gxg>1!W(I!owu*mJZ0@6FM(?C+d*CeceZRW_4id*D9p5nzMY&{mWqrJomjIZ
z97ZNnZ3_%Hx8dn;H>p8m7F#^2;T%yZ3H;a&N7tm=Lvs&lgJLW{V1@h&6Vy~!+Ffbb
zv(n3<ThNqSG&qB$8@7O_+wuH*7?Ri9T^JP$3GusGXqQ+6W`<0yb(f<?l^zSO`%mC%
zks6g-xzSvv%L-J>+v)_D$}dqd!2>Y2B)#<+o}LH#%ogGi2-?xRIH)1!SD)u-L6<Q)
z<vP0!r-O29D|xTQqb#~)zE;CEmJ*9{=WNVJ3|i~)*v>5<w=I^amMMBq^LE<qi<{&?
zy=u+W!*H|7eqkYXYLpU_8JW1)k?Eg=jA>B&bsJTC=LiaF+YOCif2dUX6uAA|#+vNR
z>U+KQekVGon)Yi<93(d!(y<IFb(nUBhy`pC6^e9+fGs)}=|RCVMv5g<wr}x}n-^kG
zGdBvey?@0C08dZomlYM(`!3v_q*v-%Kg*V$qzt@>w1h3&X0N(PxN2{%vn}cnV?rYw
z$N^}_o!XUB!mckL`yO1rnUaI4wrOeQ(+&k?2mi47hzxSD`N#-byqd1IhEoh!PGq>t
z_MRy{5B0eKY>;Ao3z$RUU7U+i?iX^&r739F)itdrTpA<s$ecap;a34-{Cdqr_AJTc
zJnVr{h=@bBGWm|EZT2|$;w*>i-NN0=?^m%?{A9Ly2pVv>Lqs6moTP?T2-AHqFD-o_
znVr|7OAS#AEH}h8SRPQ@NGG47dO}l=t07__+iK8nHw^(AHx&Wb<%jPc$$jl6_p(b$
z)!pi(0fQodCHfM)KMEMUR&UID>}m^(!{C^U7<vrVgc&`O>sBDOA)$VThRCI0_+2=(
zV8mMq0R(#z;C|7$m>$>`tX+T|xGt(+Y48@ZYu#z;0pCgYgmMVbFb!$?%yhZqP_nhn
zy4<#3P1oQ#2b51NU1mGnHP$cf0j-YOgAA}A$QoL6JVLcmExs(kU{4z;PBHJD%_=0F
z>+sQV`mzijSIT7xn%PiDKHOujX;n|M&qr1T@rOxTdxtZ!&u&3HHFLYD5$RLQ=heur
zb>+AFokUVQeJy-#LP*^)spt{mb@Mqe=A~-4p0b+Bt|pZ+@CY+%x}9f}izU5;4&QFE
zO1bhg&A4uC1)Zb67kuowWY4xbo&J=%yoXlFB)&$d*-}kjBu|w!^zbD1YPc0-#XTJr
z)pm2RDy%J3jlqSMq|o%xGS$bPwn4AqitC6&e?pqWcjWPt{3I{>CBy;h<q=63AkQY)
zcCE@1JWF}~_Uq6qtyJrdwH(8D7A`zTkAQHY@g0P<8v{}RJzT8a&2cjh9k&mjcPb8@
z5HE6f@kREf7%>g0Umh#c;hU3RhCU<W1B<B%crOA?)B<4{QAfz<37i#>X=8aR>rmd`
z7O<?+-8C(yGLP-1J8E*a`h<>rw(5tcM{|-^J?ZAA9KP|)X6n9$-kvr#j5YDecTM6n
z&07(nD^qb8hpF0B^z^pQ*%5ePYkv&FabrlI61ntiVp!!C8y^}|<2xgAd#FY=8b*y(
zuQOuvy2`Ii^`VBNJB&R!0{hABYX55ooCAJSSevl4RPqEGb)iy_0<X)2u(&r<#&$Nb
zEt_ST3A;7@yLaDYegwBA0{&4{NmSI`fxj&0K=IKFCC<S&X=wsfkW-it*TQb5k(wOF
zfK(&>H}v@vFwFzD%>#I>)3PsouQ+_Kkbqy*kKdHdfkN7NBcq%V{x^fSxgXpg7$bF&
zj!6AQbDY(1u#1_A#1UO9AxiZaCVN2F0wGXdY*g@x$ByvUA?ePdide0dmr#}udE%K|
z3*k}Vv2Ew2u1FXBaVA6aerI36R&rzEZeDDCl5!t0J=ug6kuNZzH>3i_VN`%BsaVB3
zQYw|Xub_SGf{)F{$ZX5`Jc!X!;eybjP+o$<zFx<I*#*Xy3HpVWLy#c+L67b@Ow&2a
z(w9*UjqcJ|P<O$5xr^-xkmBuXHWl8yT(|_IVBW_**GKxw$=qWW<c9+Z%ggo<3D7Me
zmk+*#LQ~t~)e=EH<odjj*KOd_V^8PU&({y`N4seM425JUxOk|ThAvJV57v8ue@}zI
zE`n)2|Eh{Z{|a6H8^xr={}$=0Ih#32+S{4Q+S}W>I{Z^Hsj@D=E{MnnL+TbC@H<Hc
z8daK#v}p)zZ2?BCz)+A_H%YLFSBzW>EU2DjG{3-LDGIbq()U87x4eS;JXnSh;lRlJ
z>EL3D>wHt-+wTjQF$fGyDO$>d+(fq@bPpLBS~xA~R=3JPbS{tzN(u~m#Po!?H;IYv
zE;?8%^vle|%#oux(Lj!YzBKv+Fd}*Ur-dCBoX*t{KeNM*n~ZPYJ4NNKkI^MFbz9!v
z4(Bvm*Kc!-$%VFEewYJKz-CQN{`2}KX4*CeJEs+Q(!kI%hN1!1P6iOq?ovz}X0IOi
z)YfWpwW@pK08^69#wSyCZkX9?uZD?C^@rw^Y?gLS_xmFKkooyx$*^5#cPqntNTtSG
zlP>XLMj2!VF^0k#ole7`-c~*<HrgH?o@2_1QG9>~+_T5<PY5+u>ls?x4)ah(j8vo_
zwb%S8qoaZqY0-$ZI+ViIA_1~~rAH7K_+yFS{0rT@eQtTAdz#8E5VpwnW!zJ_^{Utv
zlW5Iar3V5t&H4D6A=>?mq;G92;1cg9a2sf;gY9pJDVKn$DYdQlvfXq}zz8#LyPGq@
z+`YUMD;^-6w&r-82JL7mA8&M~Pj@aK!m{0+^v<|t%APYf7`}jGEhdYLqsHW-Le9TL
z_hZZ1gbrz7$f9^fAzVIP30^KIz!!#+DRLL+qMszvI_BpOSmjtl$hh;&UeM{ER@INV
zcI}VbiVTPoN|iSna@=7XkP&-4#06C};8ajbxJ4Gcq8(vWv4*&X8bM^T$mBk75Q92j
z1v&%a;OSKc8EIrodmIiw$lOES<jA;6Pv*F(vI@>2hzGDcjjB`kEDfJe{r}yE6`eZL
zEB`9u>Cl0IsQ+t}`-cx}{6jqcANucqIB>Qmga_&<+80E2Q|VHHQ$YlAt{6`Qu`HA3
z03s0-sSlwbvgi&_R8s={6<~M^pG<zwr8Gf260a14!Vy|NE3poENZ#G+dg-(~agX!W
z;@PF6fzbDrpSAV=Xqx8R`+f^Hj{kPf49I4f7;ILx9&A=Qe{a>vBNjKOa>tWenzS8s
zR>L7R5aZ=mSU{f?ib4Grx$AeFvtO5N|D>9#)ChH#Fny2maHWHOf2G=#<9Myot#+4u
zWVa6d^Vseq_0=#AYS(-m$Lp;*8nC_6jXIjEM`omUmtH@QDs3|G)i4j*#_?#UYVZvJ
z?YjT-?!4Q{BNun;dKBWLEw2C-VeAz`%?A>p;)PL}TAZn5j~HK>v1W&anteARlE+~+
zj>c(F;?qO3pXBb|#OZdQnm<4xWmn~;DR5SDMxt0UK_F^&eD|KZ=O;tO3vy4@4h^;2
zUL~-z`-P1aOe?|ZC1BgVsL)2^J-&vIFI%q@40w0{jjEfeVl)i9(~bt2z#2Vm)p`V_
z1;6$Ae7=YXk#=Qkd24Y23t&GvRxaOoad~NbJ+6pxqzJ>FY#Td7@`N5xp!n(c!=RE&
z&<<@^a$_Ys8jqz4|5Nk#FY$~|FPC0`*a5HH!|Gssa9=~66&xG9)|=pOOJ2KE5|YrR
zw!w6K2aC=J$t?L-;}5hn6mHd%hC;p8P|Dgh6D>hGnXPgi;6r+eA=?f72y9(Cf_ho{
zH6#)uD&R=73^$$NE;5piWX2bzR67fQ)`b=85o0eOLGI4c-Tb@-KNi2pz=Ke@SDcPn
za$AxXib84`!Sf;Z3B@TSo`Dz7GM5Kf(@PR>Ghzi=BBxK8wRp>YQoXm+iL>H*Jo9M3
z6w&E?BC8AFTFT&Tv8zf+m9<&S&%dIaZ)Aoqkak_<rze)r(DT^9S|-l7K0$t1QR)Lb
z2SA#W1@m5WKCiZ)ZskIX8BHZDTHR}*tb&y(Ion?7=1OO6qD>$r-2{<aZp`{ydbG&_
zl)2dkppmVD0@-e4$BhMxz_OJVB0PPwWy{|<m4A=4H?S6_3Qi7h3s|L9-e&R9xZEvM
zs&d=m-bcP)NQVxMnSfWcDZO-GNrhmp4q+2J2Utf0I3={uP#m<B8y~wTz#jSgV{zOx
zLmteKa!mWQp;}sbr^4u{F4TT^9lED*xAO(xQyv;MS5_QW$8hu8@r%`mKw$1h<U_JQ
zj_m_9jwy;fu~9?;mL(k9FEW?vr9ISOCl#C6BO??k>$d~0g2oLET<?fI=#h8Z64kjA
z>x9Y`eOAf14QXEQw3tJne;fdzl@wV#TFXSLXM2428F-Q}t+n2g%vPRMUzYPvzQ9f#
zu(liiJem9P*?0%V@RwA7F53r~|I!Ty)<*AsMX3J{_4&}{6pT%Tpw>)^|DJ)<b}t%l
z&8~olaKAqrHz_KU2#VN1X}Gaml0zieA1)zLYi5ckvVAvFb5nFGgBLa>>gpS~1rNEh
z0$D?uO8mG?H;2BwM5a*26^7YO$XjUm40XmBsb63MoR;bJh63J;OngS5sSI+o2HA;W
zdZV#8pDpC9Oez&L8loZO)MClRz!_!WD&<da5V|Oh4r)k^Y)leUX5x{ak!ABkK2o}b
z_d&$gHJ+5kGa*$miQEl&^9=!sV650|3eO`7L!OwO<k-Urik~hWDiP`E9rKN0`VyiV
zCBNl{2T`$>QRtQxnazhT%Vj6Wl4G11nUk8*vSeVab@N#oJ}`KyJv+8Mo@T1-<Q)z3
z@tH3!+?ebO^ibVY$Tly)TI33;Eu@UVtZHU6VW#esNf-#FI>pqZ1t|?cnaVOd;1(h9
z!$DrN=jcGsVYE-0-n?oCJ^4x)F}E;UaD-LZUIzcD?W^ficqJWM%QLy6QikrM1aKZC
zi{?;oKwq^Vsr|&`i{jIphA8S6G4)$KGvpULjH%9u(Dq247;R#l&I0{IhcC|oBF*Al
zvLo7Xte=C{aIt*otJD}BUq)|_pdR><DZCijoH}*5xGt?qO<pd4=&Dz`$R5RBDUo@~
z4|_%)t-x5MKE%JCHoM5HG*&ylJ3x}lbVV1zkOy3zSee9et!+~kl!Q8?OUv>{zBMT<
z(^<wl?Qn`c8##BBiXs2Lq5ll4Woq#b{WOnc@Xw}zEoZCezNvB?a^C9d2f*E?MnDoA
zJuq#iZ*wo;iztpyKR)xaUPF8Dsg{#Pp~dRBZa%4iXz&!conFo(ZCZ9dK$tqFW%{9T
zYFt%n;#wGNDW$CrM$Uy)Aqr~LoZ&4gnRl@<MJ_J!8U{PZFTz`I-R*#PVxYv6m}_8C
z{>1RpZv*l*m*OV^8>9&asGBo8h*_4q*)-eCv*|Pq=XNGrZE)^(SF7^{QE_~4VDB(o
zVcPA_!G+2CAtLbl+`=Q~9iW`4ZRLku!uB?;tWqVjB0lEOf}2RD7dJ=BExy=<9wkb-
z9&7{XFA%n#JsHYN8t5d~=T~5DcW4$B%3M+nNvC2`0!#@sckqlzo5;hhGi(D9=*A4`
z5ynobawSPRtWn&CDLEs3Xf`(8^zDP=NdF~F^s&={l7(aw&EG}KWpMjtmz7j_VLO;@
zM2NV<G5clbB=?l)amM4EDay+Ys3{6wJt#k7C!t)zdzK4vX&5nR>LDxZ@GIv7*gzl1
zjq78tv*8#WSY`}Su0&C;2F$Ze(q>F(@Wm^Gw!)(j;dk9Ad{STaxn)IV9FZhm*n+U}
zi;4y*3v%A`_c7a__DJ8D1b@dl0Std3F||4Wtvi)fCcBRh!X9$1x!_VzUh>*S5s!oq
z;qd{J_r79EL2wIeiGAqFstWtkfIJpjVh%zFo*=55B9Zq~y0=^iqHWfQl<q6eq3x#u
zAJgn{lJ>@O!<XL?rKxukWgD2m9!NiLhjh`xSeR+02f<Sk$0N-r9A(m67Nx0u=-^qx
zR!QxaC{;~kv{J}yY(#VND=+Thll)|PSw~S+(M%n9LuD^=xVL*YGWWpEd{d9!OQBJn
zN41nUy5~!yhzQW}O|2`gEz9?Y)seU@q6w}zByNGyg)E)6#u0l5lW+o4u_OTuyAl79
zZYr{y#3Y_;fX2@Sic@Aou_QuJ4v%o8vD@f3Js|`vJb{PS2EHe74r{Tw=a@%A)!2M+
zPu7OWa=Jg3e^dtA=LW{a6{_~*^~;AytG%Mj@oXHMf+(&dQpy;;Z>Ak;(o*m!pZqe9
z%U2oDOhR)BvW8&F70L;2TpkzIutIvNQaTjjs5V#8mV4!NQ}zN=i`i@WI1z0eN-iCS
z;vL-Wxc^Vc_qK<5RPh(}*8dLT{~GzE{w2o$2kMFaEl&<G!iIiNogSegbwTSt8uy>q
zP{V=>&3kW7tWaK-Exy{~`v4J0U#OZBk{a9{&)&QG18L@6=bsZ1zC_d{{pKZ-Ey>I>
z;8H0t4bwyQqgu4hmO`3|4K{R*5>qnQ&gOfdy?z`XD%e5+pTDzUt3`k^u~SaL&XMe=
z9*h#kT(*Q9jO#w2Hd|Mr-%DV8i_1{J1MU~XJ3!WUplhXDYBpJH><0OU`**nIvPIof
z|N8@I=wA)sf45SAvx||f?Z5uB$kz1qL3Ky_{%RPdP5iN-D2!p5scq}buuC00C@jom
zhfGKm3|f?Z0iQ|K$Z~!`8{nmAS1r+fp6r#YDOS8<D?C5)E@;zjKd)Xb!FNvZq$1{P
zZ_cs0NlV3)JNq@`{<-zu^ZYJ1^Ld;f_M>V*;K&Gs7Lc&f^$RC66O|)28oh`NHy&vq
zJh+hAw8+ybTB0@VhWN^0iiTnLsCWbS_y`^gs!LX!Lw{yE``!UVzrV24tP8o;I6-65
z1MUiHw^{bB15tmrVT*7-#sj6cs~z`wk52YQJ*TG{SE;KTm#Hf#a~|<(|ImHH17nNM
z<X5%i4&O$X#=yI<hd(3%<Zcj=kEA#X{}c{^krf50kLn2b2E!th0Qv4dvb^+5u;4J#
zlBSWS(h}xeBFAYcd0pOqotJ3LiF)uc4%kFGc}Zy&`zE?(Qs(NL;o3Z1;~(~tG}-Bh
z2e(#~MKf9S<|z>`Ub{+J3dMD!)mzC8b(2tZtokKW<wg=;{p}0|>5pAwHa?NFiso~#
z1*iaNh4lQ4TS)|@G)H4dZV@l*Vd;Rw;-;odDhW2&lJ%m@jz+Panv7LQm~2Js6rOW3
z0_&2cW^b^MYW3)@o;neZ<{B4c#m48dAl$GCc=$>ErDe|?y@z`$uq3xd(%aAsX)D%l
z>y*SQ%My`yDP*zof|3@_w#cjaW_YW4BdA;#Glg1RQcJGY*CJ9`H{@|D+*e~*457kd
z73p<%fB^PV!Ybw@)Dr%(ZJbX}xmCStCYv#K3O32ej{$9IzM^I{6FJ8!(=azt7RWf4
z7ib0UOPqN40<wO!kQ$zpsrK5Aa5t5Fo)*OG4}6Ijc=rma)W2{<nw4+^q{U<AB|Tsj
zFzGzwLek-UQ-^N0dGGbmR?cme`P(jA>X!wOnFOoddd8`!_IN~9O)#HRTyjfc#&MCZ
zZAMzOVB=;qwt8gV?{Y2?b=iSZG~RF~uyx18K)IDFLl}<P!5HWk<IF(yCaRSH*zpOC
zVnf_c&=gb=7aeU5<BV!UU<*{<;6~Ix<Tjf979KqyxoS6z<Y+#znX~t67&l^I1_P;R
zK41pPH*8=Aqg-IyeH>)G1v@$(s{O4@RJ%OTJyF+Cpcx4jmy|F3euCnMK!P2WTDu5j
z{{gD$=M*pH!GGzL%P)V2*ROm>!$Y=z|D`!_yY6e7SU$~a5q8?hZGgaYqaiLnkK%?0
zs#oI%;zOxF@g*@(V4p!$7dS1rOr6GVs6uYCTt2h)eB4?(&w8{#o)s#%gN@BBosRUe
z)@P@8_Zm89pr~)b>e{tbPC~&_MR--iB{=)y;INU5#)@Gix-YpgP<-c2Ms{9zuCX|3
z!p(?VaXww&(w&uBHzoT%!A2=3HAP>SDxcljrego7rY|%hxy3XlODWffO_%g|l+7Y_
zqV(xbu)s4lV=l7M;f>vJl{`6qBm>#ZeMA}kXb97Z)?R97EkoI?x6Lp0yu1Z>PS?2{
z0QQ(<aV*^6d~P_wyb#+W;~F}~WX)Ppd{Uq-rJ?3CqoKIVbflQxXq~BLH)v}O!}ZF_
zwWT(t!<|y>8D)|lc9CO3B~e(pQM&5(1y&y=e>C^X$`)_&XuaI!Ig<fHR9_YhFRYwk
z0lw?$NL8fxGl+?v5_QUq?6<<U2J*IAcZ+<hquee?e#?tp63=pmg{$Q$rn}~C8_Y7W
zg9Ss{Y9C%t8DnIy(Qv7p&SZ&QMyJ&!SD0;=WOk;TCM7#tSI3x1NZ&4DFy%AV_Os?g
z1FiI=Pk4>DTVqt31wX#<o9b?5#rXCtnrK0M=x^0jw<PP#ZI{lh9~^Z*Vw{-_^ITr(
z)$qE#{whZ%ycec}|9G{SJ(H~@#J$K+d2)f_X!ehMzhhlS7J#@W(6Y%xsq^a<9i55w
zkaW?M%HZshsV=6<!;JBR(onxpfhzWrtuF?RU7pGvJU!4ld3$lpa}>n+@!a_A0ZQkA
zCJ2@M_4Gb5MfC<TC(f`(cPe4tM|WyrAVv_&U?4^jt8l^|fRs{p&8>rm5UPggeyh)8
zO9?`B0J#rkoCx(R0I!ko_2?iO@|oRf1;3r+i)w-2&j?=;NVIdPFsB)`|IC0zk6r9c
zRrkfxWsiJ(#8QndNJj@{@WP2Ackr|r1VxV{7S&rSU(^)-M8gV>@UzOLXu9K<{6e{T
zXJ6b92r$!|lwjhmgqkdswY&}c)KW4A)-ac%sU;2^fvq7gfUW4Bw$b!i@duy1CAxSn
z(pyh$^Z=&O-q<{bZUP+$U}=*#M9uVc>CQVgD<jh^Dhf>s4swy5&8RAHZ~$)hrTF4W
zPsSa~qYv_0mJnF89RnnJTH`3}w4?~epFl=D(3<Wh({z_J@YvBSrj52l(h-MLmO>5$
zWa07ON$`OMBOHgCmfO(9RFc<)?$x)<W@m9nxqk9?7~^ut3Wo;~6D2$_UAr^6a@06}
zhbaXu1z)oTmo}f|BfR^v;*fTYLT!@--|Yuq^FVD<Ky8;oZN?$@5RgpqNtO9wUm8OJ
z(9a#CRzl(H@$~ix-J(FB5=sC@g%TTae0#WF!z3#dGld4c0Y7e0pQ8NtezyJ8(UT<z
zlzmGz;&?&~R8W?GOmGtzuNl?H29sLwdx*FDA?}L)&bH_HuvpU<-j?cQBXEn4@w@}1
zbuqYDfXvV*l;DI9S91Vl1%g`e`~)CTC~I1PeFc7!f|NS(1BW@<mUQD19@qh+O+idX
z^aigEBV+x9f%uAnR1zX#7l7hctxsN{zbeKf24Dv|aRxn>N}Jd2A(<*Ll7+4jrRt9w
zwGxExUXd9VB#I|DwfxvJ;HZ8Q{37^wDhaZ%O!oO(HpcqfLH%#a#!~;Jl7F5>EX_=8
z{()l2NqPz>La3qJR;_v+wlK>GsHl;uRA8%j`A|yH@k5r%55S9{*Cp%uw6t`qc1!*T
za2OeqtQj7sAp#Q~=5Fs&aCR9v>5V+s&RdNvo&H~6FJOjvaj--2sYYBvMq;55%z8^o
z|BJDA4vzfow#DO#ZQHh;Oq_{r+qP{R9ox2TOgwQiv7Ow!zjN+A@BN;0tA2lUb#+zO
z(^b89eV)D7UVE+h{mcNc6&GtpOqDn_?VAQ)Vob$hlFwW%xh>D#wml{t&Ofmm_d_+;
zKDxzdr}`n2Rw`DtyIjrG)eD0vut$}dJAZ0AohZ+ZQdWXn_Z@dI_y=7t3q8x#pDI-K
z2VVc&EGq445Rq-j0=U=Zx`oBaBjsefY;%)Co>J3v4l8V(T8H?49_@;K6q#r~Wwppc
z4XW0(4k}cP=5ex>-Xt3oATZ~bBWKv)aw|I|Lx=9C1s~&b77idz({&q3T(Y(KbWO?+
zmcZ6<kJq3<!_u@D>?WeUsGk6>km*~234YC+2e6Zxdl~<_g2J|IE`GH%n<%PRv-50;
zH{tnVts*S5*_RxFT9eM0z-pksIb^drUq4>QSww=u;UFCv2AhOuXE*V4z?M<wivYl0
z9t_*90Off@EFt}aRa%;dm7J2oEgwZ{jhr<T_!~ob()h%=pOtb+G1T5RP-+u*Vo?t{
zi!>M`|ABOC4P;OfhS(M{1|c%QZ=!%rQTDFx`+}?Kdx$&FU?Y<$<v%TK<RnoCt7xrD
z#1a6zm=3%oGmw!vZc1_wpdd)~kOOq3P5Fg9;&ePhY2HWEi*|OIc6O1AT+@CSg+~h*
zB^jjyDu8F9J(wEsc+SqawuU1NbR8wUF<>x;j7z=(;Lyz+?EE>ov!8vvMtSzG!nMie
zsBa9t8as#2nH}n8xzN%W%U$#MHNXmDUVr@GX{?(=yI=4vks|V)!-W5jHsU|h_&+kY
zS_8^kd3jlYqOoiI`ZqBVY!(UfnAGny!FowZWY_@YR0z!nG7m{{)4OS$q&YDyw6vC$
zm4!$h>*|!2LbMbxS+VM6&DIrL*X4DeMO!@#EzMVfr)e4Tagn~AQHIU8?e61TuhcKD
zr!F4(kEebk(Wdk-?4oXM(rJwanS>Jc%<>R(siF+>+5*CqJLecP_we33iTFTXr6W^G
z7M?LPC-qFHK;E!fxCP)`8rkxZyFk{EV;G-|kwf4b$c1k0atD?85+|4V%YATWMG|?K
zLyLrws36p%Qz6{}>7b>)$pe>mR+=IWuGrX{3ZPZXF3plvuv5Huax86}KX*lbPVr}L
z{C#lDjdDeHr~?l|)Vp_}T|%$qF&q#U;ClHEPVuS+Jg~NjC1RP=17=aQKGOcJ6B3mp
z8?4*-fAD~}sX*=E6!}^u8)+m2j<&FSW%pYr_d|p_{28DZ#Cz0@NF=gC-o$MY?8Ca8
zr5Y8DSR^*urS~rhpX^05r30Ik#2>*dIOGxRm0#0YX@YQ%Mg5b6dXlS!<?89Ei$T3J
z?z@S9<&As@{Y9#Lyxw-W=kN_<y;^$K5sJJqwb-T$PP6h38M%T=Bx_2$^)l&CDLhvZ
zdhKj0_?g*zw~T$Y_>4{7O_kdaW8PFSdj1=ryI-=5$fiieGK{LZ+SX(1b=MNL!q#lN
zv98?fqqTUH8r8C7v(cx#<Q?IVp@71+x5ZZ7f)?RcYl^)SkLc^*6^1061>BQ5P9W>-
zmW93;eH6T`vuJ~rqtIBg%A6><SYe@>q>gnWb3X!r0wh_q;211+Om&?nvYzL1hhtjB
zK_7G3!n7PL>d!kj){<n(iP5vH{wy@r`5BfWWy8D|npiy&BeE}v;h*CtONw8=%B-XQ
z$nDwPLtcvB>HQ<Am1y3AS@s(_pH6kI+G=XSN=HQ?<&HjqAB-IHGM%$}68+PjQNzR2
z6MEkdKgnwCq(f@LQth~`U%EJ0pp$UfWb!*f)Z3+f|6Za{+?u%NWGv5&TEIqit_)>E
zE8(%J%dWLh1_k%gVX<bdrx}WL_=U8ZZ)DG8QfrZ^WL!bPM`yceWYwU}<DPMGK}pl&
zGF|1jMpDkISXK6~LGCllJDr50uEEs4h>T<ts+ig^EylHk*nut&kXb66@#0N7&v>Zt
zEdT09XSKAx27Ncaq|(vzL3gm83q>6CAw<$fTnMU05*xAe&rDfCiu`u^1)CD<>sx0i
z*hr^N_TeN89G(nunZoLBf^81#pmM}>JgD@Nn1l*lN#a=B=9pN%tmvYFjFIoKe_(GF
z-26x{(KXdfsQL7Uv6UtDuYwV`;8V3w>oT_I<`Ccz3QqK9tYT5ZQzbop{=I=!pMOCb
zCU68`n?^DT%^&m>A%+-~#lvF!7`L7a{z<3JqIlk1$<||_J}vW1U9Y&eX<}l8##6i(
zZcTT@2`9(Mecptm@{3A_Y(X`w9K<ktEsd4Ox>0EwtPq~O!16bq{7c0f7#(3wn-^)h
zxV&M~iiF!{-6A@>o;$RzQ5A50kxXYj!tcgme=Qjrbje~;5X2xryU;vH|6bE(8z^<7
zQ>BG7_c*JG8~K7Oe68i#0~C$v?-t@~@r3t2inUnLT(c=URpA9kA8uq9PKU(Ps(LVH
zqgcqW>Gm?6oV#AldDPKVRc<K2aZ<FK|5AMTa5U$h{11hJ3DKMpf?!FK@|*<DSf-P|
zR5Ux_&B*2GBK~T>EyQIdTT`Qa1j~vS{<;SwyTdr&3*t?J)y=M7q*CzucZ&B0M=joT
zBbj@*SY;o2^_h*>R0<q}ndsA23!z&jV@X<F3)26Ts58#6p210*qO2kgtV-lHjk$52
znksgUL!R8Qn0P6?m@b(}tnV~){A=i@YDFziUORLUgY5_Td?`WtcDI1D7--;hP|D{P
zg6lo7f*&F%uY8Wrnk;ZcuiX}3zVYBag<tZOhgFkrSHK!oq`^x&te7zHkvt={+aX=k
zHo>e({!QHF0=)0hOj^B^d*m>SnRrwq>MolNSgl^~r8GR#mDWGYEIJA8B<|{{j?-7p
zVnV$zancW3&JVDtVpIlI|5djKq0(w$KxEFzEiiL=h5Jw~4Le23@s(mYyXWL9SX6Ot
zmb)sZaly_P%BeX<FxqFKb}^Zk<<^m2J#C7snSUnXzB-Qk`_9y(u@8Fd7&Sw1EPwJY
z`3VL+yDIcXZ16~xV|OSo65<V)K&r{Hqyo@fcwzCzVHW$e)<p~gbv~TEz2NqXy_$O=
z^i%%^vM}Q7HmxvXddu!|yd{o1pKWt`hn^&y)Q`PhOmnUP7#Z~ZdgC}VwG0Dy(n@!O
zIZ!NUu@vWw6WSZ$LxbX71jgty2f+t@;JYJJz<4bvyYxk0b!%abyz2zI$$&FG{{>_9
zw&{yBef8tFm+%=--m*J|o~+Xg3N+$IH)t)=fqD+|fEk4AAZ&!wcN5=mi~Vvo^i`}>
z#_3ahR}Ju)(Px7kev#JGcSwPXJ2id9%Qd2A#Uc@t8~egZ8;iC{e<z+<s+hEq4Io>!
z%=CGJOD1}j!HW_sgbi_8suYnn4#Ou}%9u)dXd3huFIb!ytlX>Denx@pCS-N<r?7&b
zz2}F5P28aK;29p6th6RdoQZ+!sp<&ySIJ}sgMsE5ypYc27tE7`I;zAFZ@*Q!$#U(f
z+rSIeIeV$$0cDkNX(dwoYr)v5-)#Qu-E0OP=3$fSTj<}xXUZX*rozXg&!(tigU{=k
zu^S2L88o`2Cq0phhMaFJ8maRPRO-j0r(!vIe`-(Pi+FwT;EVDkWWY8^Ze(y_f=YjJ
zXIGtL2V9<)2G;^8QU!AkH0rH0X5>j$`VO&j@(z!kKSP0hE4;YIP#w9ta=3DO$7f*x
zc9M4&NK%IrVmZAe=r@skWD`AEWH=g+r|*13Ss$+{c_R!b?>?UaGXlw*8qDmY#xlR=
z<0XFbs2t?8i^G~m?b|!Hal^ZjRjt<@<PliB8|C;B$Ic^{gF7TgU=IQ_+{m-}Y8>a?
z%({Gn14b4-a|#uY^=@iiKH<L5U8=0GiWe*2d2;+1V&6e~6PvHo*CmhD$R0ivHhG<z
zP}t)rK}ruxci*Y%zw(Cg{8mm0?&Wj72Hb!`DC9q7?&KTcg{yONQuW1i+MlO-|1|Qe
z)l7IKS&W={vmNh~_GVA*H&u^H-E;3mqll}rP@aztjY9rBRB4t`+LTgwSR-uq)KE&g
zw}o)(loEp4v{@%<&Qn(9f2B8Br!4H+h@dj5c|zJ%TFW^tWNGK|6v1E;0}QDWC~!T5
z+L;9APi~ECKZL?GC#dq+9B$G`^d`JiRXTkLDz){ULNo4J&DL1>+k?~~wTj5K1A&hU
z2^9-<fnw7;wmVS@4ClmSP@bWBU(_(9S(P|9EY=l24)}v|>HTC)7zpoWK|$JXaBL6C
z<Yktw;8}EVH5|NNR&dZrq6vL}&i&ish1y~wU!UVGFiUBLDV^78Q^DQtYI^|8laL}3
zRfKIMiIdmyN$)~j#!$*M<r>#qSNYtY>65T@Zs&-0cHeu|RX(Pxz6vTITdzJdYippF
zC-EB+n4}#lM7`2Ry~SO>FxhKboIAF#Z{1wqxaCb{#y<JrUL*UZ1Xs-Wwc~kOS|Ls%
zmd2^Rc+;0N4PVZ+!b+a3&|)LmouHXiKzE9tVjp8dcGdIv(~_BxQ#?k(Qm3UQgfB*p
z@b9LQ9=l<bBw|T_IK^I>EFhLuX;Rx(Lz%T`Xo1+a2M}7D+@wol2)OJs$TwtRNJ={(
zD@#zTUEE}#Fz#&(EoD|SV#bayvr&E0vzmb%H?o~46|<et<vLon=3G`b#LSZvU3*Fx
z4P@!ir0-}5Nqmjus}`Kzo(+-nlqFJQi1<b`jRh)B)019WjG^62JW87n|I$(%2d4&!
z(Id9D9{ILUWT{s-XgC#OSZu|=r)`nsjkqAdA(=ngTyjH|WGyY5O!UW}>FAcx?r4$N
z&67W3mdip-T1RIxwSm_&(%U|+WvtGBj*}t69XVd&ebn>KOuL(7Y8cV?THd<gIgGk8
zL%w-Bbfr7PUlcnM-ztP}%ch|$qPf%LKmAJB<oeStK~JdM8&{+7(d>-(+9>G7*Nt%T
zcH;`p={`SOjaf7hNd(=37Lz3-51;58JffzIPgGs_7xIOsB5p2t&@v1mKS$2D$*GQ6
zM(IR*j4{nri7NMK9xlDy-hJW6sW|ZiDRaFiayj%;(%51DN!ZCCCXz+0Vm#};70nOx
zJ#yA0P3p^1DED;jGdPbQWo0WATN=&2(QybbVdhd=Vq*liDk`c7iZ?*AKEYC#SY&2g
z&Q(Ci)MJ{mEat$ZdSwTjf6h~roanYh2?9j<HO1ae0e_H-itm|zuLd=vIkWiSW={L(
z=H<%=TEb5k$?uNKw;DEM&<Mn^J>$CF@4hjj_f35kTKuGHvIs9}Re@iKMxS-OI*`0S
z6s)fOtz}O$T?PLFVSeOjSO26$@u`e<>k(OSP!&YstH3ANh>)mzmKGNOwOawq-MPXe
zy4xbeUAl6tamnx))-`Gi2uV5>9n(73yS)Ukma4*7fI8PaEwa)dWHs6QA6>$}7?(L8
ztN8M}?{Tf!Zu22J5?2@95&rQ|F7=FK-hihT-vDp!5JCcWrVogEnp;CHenAZ)+E+K5
z$Cffk5sNwD_?4+ymgcHR(5xgt20Z8M`2*;MzOM#>yhk{r3x=EyM226wb&!+j`W<%*
zSc&|`8!>dn9D@!pYow~(DsY_naSx7(Z4i>cu#hA5=;IuI88}7f%)bRkuY2B;+9Uep
zpXcvFWkJ!mQai63BgNXG26$5kyhZ2&*3Q_tk)Ii4M>@p~_~q_cE!|^A;_MHB;7s#9
zKzMzK{lIxotjc};k67^Xsl-gS!^*m*m6kn|sbdun`O?dUkJ{0cmI0-_2y=lTAfn*Y
zKg*A-2sJq)CCJgY0LF-VQvl&6HIXZyxo2#!O&6fOhbHXC<H5o#gSaRpVGc^4lwhtb
z7pn9IPj2W9bpOfW@2xh-tQ>?%1cMc6y^*dOS{f$=137Ds1m01qs`>iUQ49JijsaQ(
zksqV9@&?il$|4Ua%4!O15>Zy&%gBY&wgqB>XA3!EldQ%1CRSM(pp#k~-pkcCg4LAT
zXE=puHbgsw)!xtc@P4r~Z}nTF=D2~j(6D%gTBw$(`Fc=OOQ0kiW$_RDd=hcO0t97h
zb86S5r=>(@VGy1&#S$Kg_H@7G^;8Ue)X5Y+IWUi`o;mpvoV)`fcVk4FpcT|;EG!;?
zHG^zrVVZOm>1KFaHlaogcWj(v!S)O(Aa|Vo?<?XTfvV{UDV}w!urD@w`o9oieKAnG
zvr2&bqJVZ)5UcTLaexM@oG|8%(IBuX(-u}wBq@Q$9V2b0IC=e3_KpIxopKVw7>S|P
z5|6<W(^KK1jj(<2{9sY0(eu3=Q6`2H<?=?p%uY0pfBOS}NZpUxTW7oZcZG$O6;(H!
zOb02qMrehW^-O;uvNd@`uJoUY#awe~_x8BN&$!(_LmW69<d=Xp`G&K%z|Di(+-~zq
zWI>b{qkH(USa*Z7-y_Uvty_Z1|B{rTS^qmEMLEYUSk03_Fg&!O3BMo{b^*`3SHvl0
zhnLTe^_vVIdcSHe)SQE}r~2dq)VZJ!aSKR?RS<(9lzkYo&dQ?mubnWmgMM37Nudwo
z3Vz@R{=m2gENUE3V4NbIzAA$H1z0pagz94-PTJyX{b$yndsdKptmlKQKaaHj@3=ED
zc7L?p@%ui|RegVYutK$64q4pe9+5sv34QUpo)u{1ci?)_7gXQd{PL>b0l(LI#rJmN
zGuO+%GO`xneFOOr4EU(Wg}_%bhzUf;d@TU+V*2#}!2OLwg~%D;1FAu=Un>OgjPb3S
z7l(riiCwgghC=Lm5hWGf5NdGp#<cbmW-yHm$M2Gqk!4_xRebASViL@mP7yl-azWda
z<G&)BE%@HQrgG5pKiLWM@B?c5lE5;m7$gFO%AuT)p*0da`p4&%Mu36ezDb#`0vLl2
zI?+<7r_l4ywhuITDxpVrxzM2FRT|Mj6M_y>01xQ59`HJcLXbUR3&n%P(+W2q$h2Qd
z*6+-QXJ*&Kvk9ht0f0*rO_|<FF@35s-%u_Fu<XiMDuk6O&_jk45E@5cb)jBGUqtYc
zq+<bAA%Nap)oNdnpfAHjGGthNyXZoU$P&r0P!agg4>FMBALen{j7T1l%=Q>gf#kma
zQlg#I9+HB+z*5BMxdesMND`_W;q5|FaEURFk|~&{@qY32N$G$2B=&Po{=!)x5b!#n
zxLzblkq{yj05#O7(GRuT39(06FJlalyv<#K4m}+vs>9@q-&31@1(QBv82{}Zkns~K
ze{eHC_RDX0#^A*JQTwF`a=IkE6Ze@j#-8Q`tTT?k9`^ZhA~3eCZJ-Jr{~7Cx;H4A3
zcZ+Zj{mzFZbVvQ6U~n>$U2ZotGsERZ@}VKrgGh0xM;Jzt29%TX6_&CWzg+YYMozrM
z`nutuS)_0dCM8UVaKRj804J4i%z2BA_8A4OJRQ$N(P9Mfn-gF;4#q788C@9XR0O3<
zsoS4wIoyt046d+LnSCJOy@B@Uz*#GGd#+L<qjtS^iYLG0%p6Dg6(dvB&P#PA!!UiS
z8M%H)Uu;En{u;@>n1ek5Dv>(ZtD@tgZlPnZZJGBLr^JK+!$$?A_fA3LOrkoDRH&l7
zcMcD$Hsjko3`-{bn<!ud7m1Z~mZ_DTekgKtoQtXtR*n1nDWhBFo#?lvaRwhSh#kdu
z?xJxn&^^rmXokLOikzs2W_4Ma6TClbap=|rLJ$LL>)jPL6E9Ds{WskMrivsUu5apD
z?grQO@W7i5+%X&E&p|RBaEZ(sGLR@~(y^BI@lDMot^Ll?!`90<uNw#rFR;2Z6GZ17
ze*{w*kU0dO{K%@m{&o;UQ1`vul8w^Xi<|#(egn<>KT!JXUhYS`Z<L<(TN0Pxe}*?@
z?9BepK2u1NmED3q>gX3jnu@Ja^seA<awlpG9geOjCMHs8iR;8V{RX$$iKLpwrYh7J
zy<zzRakD)b0e^xC_gqD+ST^a!#bd{rFE{$rD**vNVDo&epRlclZGjt1%D-X&p&hJl
zMeQ`xEg&lWv4J|FC*!{n=|Oq))!j|iL*KHA6uHVCPZk^A0*SVmXm2ceIZ<c$1z1mw
z+l{O?&mBhNy}lUt@Ucij4M$y_RovWnQ2+i2LkJsC;AyFWDIG^-x5*(=JH@?w(q?Nf
zuGCp&qV1*%m=KH>*M5R@f`=`ynQV4rc$uT1mvE?@tz)TN<=&H1%Z?5yjxcpO+6y_R
z6EPuPKM5uxKpmZfT(WKjRRNHs@ib)F5WAP7QCADvmCSD#hPz$V10wiD&{NXyEwx5S
z6NE`3z!IS^$s7m}P<dtckQ^mZuhlat7I?|z^uHV2nde%BxDauu8tr7{L+u2k^qVVR
z+;&4jjK}ms$0R9OEgumQ2MfkPgtGW^@KM(3g3S!{AkQ`LBUCqrtIuy)nf1R;YLtsR
zh@fnl+a_yruS$hYas~<3nXX=t^Podk0)3XlSCBphI*`)F7)az^Xh>CwQutVQ#~w+V
z=+~->DI*bR2j0^@dMr9`p>q^Ny~NrAVxrJtX2DUveic5vM%#N*XO|?YAWwNI$Q)_)
zvE|L(L1jP@F%gOGtnlX<B}ddt5^1qSPbDW5;7XZAH;t;_VUaK671+5BNJxrXT%f|-
zB||Gz6sbN@HcS3aPJEzpY>tIv2&1i8q<)Xfz8O3G^Ea~e*HJsQgBxWL(yuLY+jqUK
zRE~`-zklrGog(X}$9@ZVUw!8*=l`6mzYLtsg`AvBYz(cxmAhr^j0~(rzXdiOEeu_p
zE$sf2(w(BPAvO5DlaN&uQ$4@p-b?fRs}d7&2UQ4Fh?1Hzu*YVjcndqJLw0#q@fR4u
zJCJ}>_7-|QbvOfylj+e^_L`5Ep9gqd><g_T=4@YoFnbbxiOv*bo64FLy>XI3-O?Wp
z-gt*P29f$Tx(mtS`0d05nHH=gm~Po_^OxxUwV294BDKT>PHVlC5bndncxGR!n(OOm
znsNt@Q&N{TLrmsoKFw0&_M9<J!)y3LiL$NuR?R?7cB%RbaJJ#f0!UjlJN6LhSP#XW
zf>$&+C24`sIXGWgQaz=kY;S{?w`z^Q0JXXBKFLj0w0U6P*+jPKyZHX9F#b0D1$&(-
zrm8PJd?+SrVf^JlfTM^qGDK&-p2Kdfg?f>^%>1n8bu&byH(huaocL>l@f%c*QkX2i
znl}VZ4R1en4S&Bcqw?$=Zi7ohqB$Jw9x`aM#>pHc0x<c)en!N-aFijz;1(OOhmJHF
zfx(s^ynNO{GuDX<b_XbyxG&kp&bV7|JY6(4Pbja4Pel;bLdwfO6jk$gTX?{}r3-1`
zfq=;Wf5iAd$Azk=emKi$d`5I6ll$Pql6Cbc!%+3K<LHu5$(%)^EfHw6JP+bIKr<59
zlSvXRhN(lRa!^(<bZ?4MPpOwBWQvh6-d8(I-|Tl5qj7e}00z5DFQ*;8<6O7nnYX7>
z0$<oaocz%Hn5vpcKNG^18I`r+lUzc=kP%Ffuo=#H%fsDyquHyjBl}aa0*B>!q7iFu
zZ`tryM70qBI6JWWTF<VSI|gB#JvakT1JC@qko(BKeJe@Cw%2#%jITGW2(#htszXjh
zyaXdazL*1XzhA)dbq@puOwTBYb)k1n*!7@xml1Vgc3mF*M250JY_k^b94)lj=tQR1
zQY)-LilR%XM${$QWrtDgzRu4xZptGLL)s(O4#zXjhi*6DtxaF6{Ku9|UMjMw$2FPQ
zegZe`mH9t1>9EjgG@>6SRzsd}3h+4D8d~@CR07P$LJ}MFsYi-*O%XVvD@yT|rJ+Mk
zDllJ7$n0V&A!0flbOf)HE6P_afPWZmbhpliqJuw=-h+r;WGk|ntkWN(8tKlYpq5Ow
z(@%s>IN8nHRaYb*^d;M(D$zGCv5C|uqmsDjwy4g=Lz>*OhO3z=)VD}C<65;`89Ye}
zSCxrv#ILzIpEx1KdLPlM&%Cctf@FqTKvNPXC&`*<n#PELL!V{ZgnnN!mof(!tanu~
zmSTM}=Z!z!$Zo9_Q44L7$xWP6Xcy+1W7&l)I@-Id(o3|JN0ti>H9=l=D3r!GLM?UV
zO<H@%zXUHkhC?<Sndk)bai44>xa(8ZsB`&+76S-_xuj?G#wXBfDY@Z_tMpXJS7^mp
z@YX&u0jYw2A+Z+bD#6sgVK5ZgdPSJV3>{K^4~%HV?rn~4D)*2H!67Y>0aOmzup`{D
zzDp3c9yEbGCY$U<8<N^<Vzk$m2JBrtWbvDp;MzTYC<=$X@H{DreLN_PoABT;COQLT
zg!$H9wyxm3T^%T9$0cxAMad1z@_bBW-x>biJ_gB*<Y2uUYt-J<Yn&F}C^vB2uiKPa
zCb@{`oZy{(J|w^R_~9lXJ=gc(Z~>`jluz1ShUd!QUIQJ$*1;MXCMApJ^m*Fiv88RZ
zFopLViw}{$Tyhh_{MLGIE2~sZ)t0VvoW%=8qKZ>h=adTe3QM$&$PO2lfqH@brt!9j
ziePM8$!CgE9iz6B<6_wyTQj?qYa;eC^{x_0wuwV~W+^fZmFco-o%wsKSnjXFEx02V
zF5C2t)T6Gw$Kf^_c;Ei3G~uC8SM-xyycmXyC2hAVi-IfXqhu<C&;@9a(B3(-D-{e5
zCh4821N+78Ub?x$H#h|xCoWHvv_U*sR!j;m=?<A8Q6*gkbXb+XfTJBJ5d@2~?7h!C
z--E}<=sW2tlmes9(q1bO7zZ_buS@~<Assq%HRuMhU6A@H3psA}>$$-C=*|X?R0~hu
z8`J6TdgflslhrmDZq1f?GXF7*<mL=C__bi3!yU`@_G#4)hE$8#$(S7)@IwbJ`V5}E
zb~IjYX9J9EG2BA0d8Uq-m-(Ph2N00U0u2~s)?T+sZ%iaxXXBr3tMf`lZcFm!U3sR`
z2m1gsvn~jt+_s2R_gixBE1oQQo{e`_{QMh2O(d}&LVhu-g_rES{w)4ROwoVTVV8tm
zv5oMjN+A&$?MZUW2J}P-apYGJvttn`ED_~jIS@7X)T-HnIp$iFgG3u2skw=BSnr=L
z$_gt(H{>ALeMmOEpRDg(s*H`4>_NAr`2uqF;k;JQ+8>A|_6ZNsNLECC%NNEb1Y1dP
zbIEmNpK)#XagtL4R6BC{C5T(+=yA-(Z|Ap}U-AfZM#gwVpus3(gPn}Q$CExObJ5AC
z)ff9Yk?wZ}dZ-^)?cbb9Fw#Ejq<e)pWaR(QgYX^AMRgkdy@$Y~4m4s?C~@N{!S$qj
zpS_0c`uXO5EKzif?%4?DKI)t}_sTxkdqAQ1!;<s2OHt&Brz<F^bi$ys>Q8<LVuHer
zTcXI-_$y%S**P8l7<wrm|9Aux_Pfq3QpiFC7EbwR8`AkzCTTB(B)%{YimU|gHzZol
zbBu9#;jxI|#Q{H~xCfK<akAB%@J)^3`M0-iA;S9H>jxF4G3=L?<TEbrwlGK&=!>Ra
zg_<pwCR^`8A(U|=C=AH)!4HJ>)0QDMV1y^A^>HRI$x?Op@t;oj&H@1xt4SZ9(kifQ
zb59B*`M99Td7@aZ3UWvj1rD0sE)d=BsBuW*KwkCds7ay(7*01_+L}b~7)VHI>F_!{
zyxg-&nCO?v#KOUec0{OOKy+sjWA;8rTE|Lv6I9H?CI?H(mUm8VXGwU$49LGpz&<JQ
z=8c^7({Kmgw6nQ)mBv;P!a1Fr7T*GuvY~tSk|{nQsHXSLKmJkI2m4K*4SX+bdVepy
zG5*i@sFKIG^0>{nQp2}dinE1@lZ1iox6{ghN&v^GZv9J${7WaXj)<0S4g_uiJ&JCZ
zr8-hsu`U%N;+9N^@&Q0^kVPB3)wY(rr}p7{p0qFHb3NUUHJb672+wRZs`gd1UjKPX
z4o6zljKKA+Kkj?H>Ew63o%QjyBk&1!P22;MkD>sM0=z_s-G{mTixJCT9@_|*(p^bz
zJ8?ZZ&;pzV+7#6Mn`_U-)k8Pjg?a;|Oe^us^PoPY$Va~yi8|?+&=y$f+lABT<*pZr
zP}D{~Pq1Qyni+@|aP;ixO~mbEW9#c0OU#YbDZIaw=_&$K%Ep2f%hO^&P67hApZe`x
zv8b`Mz@?M_7-)b!lkQKk)JXXUuT|B8kJlvqRmRpxtQDgvrHMXC1B$M@Y%Me!BSx3P
z#2Eawl$HleZhhTS6Txm>lN_+I`>eV$&v9fOg)%zVn3O5mI*lAl>QcHuW6!Kixmq`X
zBCZ*Ck6OYtDiK!N47>jxI&O2a9x7M|i^IagRr-fmrmikEQGgw%J7bO|)*$2FW95O4
zeBs>KR)izRG1gRV<vv(ssX(TjJ|j2ub^+{fR5+a~`C0`nTl`vU<BHE^H{Q=8K=fku
zl#y=O1d1-_@3Ej%rnSvB0ND!G?vX<Lueu8V373G5wggr-3NseJ`%`U!JI{c&ltvWK
zfTCCmXYXI374E>L;F*sr8A}aRHO0gc$$j&ds8CIO1=Gwq1%_~E)C<fv3Dh6x<~x<1
z{AS!Ep*^!}s_n(nTqNBU8z4Fg8!hKE)5*53C3H3^Ju}^*uDWJ)0BUx9DTDH{KO`FQ
z)x<DAh2)0etSj0gk|XK7Y3JU~pMuP2v~FRkpGAjDpJj%R+lu#Kyvz4!ysP(cylLjt
zJzPCNCa|gUFDb5>WNn9pCtBE}+`Jelk4{>S)M)`Ll=!~<uxe}V6C@-AFp{x-^?a+J
zS(HdUqU#eAYT}n`q^{pG{-h7MjA%Sa<$V|oCyUp<qtxl{MZ!M<MDJD0^(&z1Y(JX4
z8TL9zT6@1@=TNEk*N2~DkUgqRu1AZQ#U(A)us+D=br<m_DrxzIVp7;{8*bKGa?TTX
zuX~!5_Y-U?WY0_$L4G%5GWf8!Cen?x1{<nC-H@8xn0<zwD4O8As{ipuduAc)yMw&d
zgZtB7;2UX#Va8^DEI+0ecneEs5E}@neZn8QqA$v7SYd-eDpZC6y3bED!h4;QM-3X*
zyGDk3Z;8r0^tzULINJR{>gnn1yq^EX(+y*ik@3Ou0qU`IgYi3*doM+5&dU!cho$pZ
zn%lhKeZkS72P?Cf68<#kll_6OAO26bIbueZx**j6o;I0cS^XiL`y+>{cD}gd%lux}
z)3N>MaE24WBZ}s0ApfdM;5J_Ny}rfUyxfkC``Awo2#sgLnGPewK};dORuT?@I6(5~
z?kE)Qh$L&fwJXzK){iYx!l5$Tt|^D~MkGZPA}(o6f7w~O2G6Vvzdo*a;iXzk$B66$
zwF#;wM7A+(;uFG4+UAY(2`*3XXx|V$K8AYu#ECJYSl@S<GsY~$p(oBbHOWtjdOC2u
z;C1jPukkNLS!i(rre?K%OcikckV$CpT0Z};#K70surek48v+?#{gTzKR6WB`2er<B
z;v5xx<p_1(eWSp4Z}I<NBmU>=uZW$ksfC$~qrrbQj4??z-)uz0QL}>k^?fPnJTPw%
zGz)~?B4}u0C<zrAG!by*op`$JLy7jp&PsA$YFSe9o@>zOf@l^um}HZzbaIwPmb<)<
zi_3@E9lc)Qe2_`*Z^HH;1CXOceL=CHpHS{HySy3T%<^NrWQ}G0i4e1xm_K3(+~oi$
zoHl9wzb?Z4j#90DtURtjtgvi7uw8DzHYmtPb;?%8vb9n@bszT=1qr)V_>R%s!92_`
zfnHQPA<Gt0{*7VasX?h?JYh(2!yM9WLa58F;i~zlaoViwM(CP{ezLu~TY-PV)r>Nx
z<#hIjIMm#*(v*!OXtF+w8kLu`o?VZ5k7{`vw{Yc^qYclpUGIM_PBN1+c{#Vxv&E*@
zxg=W2W~JuV{IuRYw3>LSI1)a!thID@R=bU+<RN}=)p-uzX)FT#-CuJ$@qHq$5FHc~
zqy2jk+iKVAd~*3y1%p?*lqnx_6*HO!Kjf(DwZ|uV_IP)>cU@DbR^_SXY`MC7HOsCN
z!dO4OKV7(E_Z8T#8MA1H`99?Z!r0)qKW_#|29X3#Jb+5+>qUidbeP1NJ@)(qi2S-X
zao|f0_tl(O+$R|Qwd$H{_ig|~I1fbp_$N<brOp(~J;!uj-<0(i)zFmnJ8Bc7T(HBf
z7bSt1RxogrN4P=Je*E_goH0~DFy9_gI}GOpOT2Z69Nn`5E?q$I%axy&9t>kI!0E;Y
z6JrnU{1Ra6^on{9gUUB0mwzP3S%B#h0fjo>JvV~#+X0P~JV=IG=yHG$O+p5O3NUgG
zEQ}z6BTp^Fie)Sg<){Z&I8NwPR(=mO4joTLHkJ>|Tnk23E(Bo`FSbPc05lF2-+)X?
z6vV3*m~I&#4BHTy*^E!<0nA(tCOJW<LN*4<CZPziCODmiPY4dojACi}^$*zO=X)6f
z+IJa%`^{pc{GUsK|4e-`cM~I*|8fCPd-6j$#`?;odpX!wXNItbMH=ysw}u6Sq$&EH
zzPBRMY#mNi%_VL2Cb&XXit-0FbAG|Oh{h%}{?d6aBOTouo1*|_-TA8f&Fo<D(PNvZ
zD2bEuL+Hvg_v!8Yn6LZx3PTT~4*V<eCOrD5h`Wps+BWsR4Rj!9so=oI%Yg&d736LX
z^LFtc*zM|kba~43Fem11fIiX8GV-yPhdTkn)o~QTpIylkU&dgBn|IVa?{qc!uxr@a
zV-I)s;JE8|1#-V=H3EcP6kfl?F!_*c+}XUNT^443oPlHY0GO#y4{*1An5sPtj|Vbc
zAFklqy4P8jK^W!|58vEz`LVV#eV(3)gIX$yedHirRmLC<aJB0PMBU`Mx?UbG&bcin
z*56w@9L%h9EQy#W^3HIu@Y0Y^--=F_7g%&W+qq42Bs@J@1MhMyS*^`gJ`$6t&QLKX
zKzMJ7I{3kkhK4(Tgb*A&u$VmTcg9j}Hhw0GbR(zYoytX%{&@S*L5;+h49!Vqmcg~v
z0LRB*P!90yXJ@{M*yAei%^z~<8;k#h!Ic}dKIU^+Dw;Y^XQDR{iL;1ljnmTP2DIii
zG~sSp37k*m1eWSsv>2G4DsH7)BxLV<PHfw$vu3U&2UpKKUT+Y&=By}zcZll;$g#*~
z(w#Fkc<LEADz`#3E3B|>8kICn5lu6@U*R`w)o9;Ro$i8=Q^V%uH8n3q=+Yf;SFRZu
z!+F&PKcH#8cG?aSK_Tl@K9P#8o+jry@gdexz&d(Q=47<7nw@e@FFfIRNL9^)1i@;A
z28+$Z#rjv-wj#heI|<&J_DiJ*s}xd-f!{J8jfqOHE`TiHHZVIA8CjkNQ_u;Ery^^t
zl1I75&u^`1_q)crO+JT4rx|z2ToSC>)Or@-<RpXZ3iG~x8AnvXAjE&~jQq5trxz%)
zrEifLNn0_<WIruE^ki$1ZnWM)c7Qft;ndJNCJ9Pr#Fc=OZAGCp7%xNkq?;H}`yS>D
zy3S>jW*sNIZR-EBsfyaJ+Jq4BQE4?SePtD2+jY8<OIUbKR~_3t(dM~=JPl`19$O%w
z{Z&v}P8ll!nQJV8rAAdtSuZ<z$#&~uNVir=Du&L}+*VXb%-#SAHT~7;ItFc5FBPtO
z&9lMo)>*%FsSLZ9MY>+wk?}}}AFAw)vr{ml)8LUG-y9>^t!{~|sgpxYc0Gnkg`&~R
z-pilJZjr@y5$>B=VMdZ73svct%##v%wdX~9fz6i3Q-zOKJ9wso+h?VME7}Sj<H8pR
zpsv|}BPG3{T85{qt$YU7RY(|>L=!NUG{J?M&i!>ma`eoEa@IX`5G>B1(7;%}M*%-#
zfhJ(W{y;>MRz!Ic8=S}VaBKqh;~7KdnGEHxcL$kA-6E~=!hrN<A#tfUu4P8jKmpF0
zQm>*zw9N+_=odt<$_<b12ma4;h2qIf^H4N$g1itP5{=DR$=Xs5H(sAOv3H?if*T4n
zzatsUQ3WhNg&VbZ*^wQUchIloy4u<3aM8GI=JSX#D4&T4cmC4SXeJT)pV3vdR2+^$
zi3TBR1qaG2D{@}%ipPsdlir-11{tN<PnAO(S3>H_8db<E&pmb~TY;XYF3F?V2~8gL
z#T_*T$Ign4A6_A?o!k)@JFb5}xbem{(`&u;(SJ_raUNAvx`%S!l|=%23jf~vPNg7b
z132!uODAdEqnZVa-svQvx3~=ta2=$!I~^$D+oT=X>o;0=42wcAETPCVGUr~v(`Uai
zb{=D!Qc!dOEU6v)2eHSZq%5iqK?B(JlCq%T6av$Cb4Rko6onlG&?CqaX7Y_C_cOC3
zYZ;_oI(}=>_07}Oep&Ws7x7-R)cc8zfe!SYxJYP``pi$FDS)4Fvw5HH=FiU6xf<v!
z^WND;J@GgASzquA9=<n~rk$%bj>VqIM!hJ;Rx8c0cB7~aPtNH(Nmm5Vh{ibAoU#J6
zImRCr?(iyu_4W_6AWo3*vxTPUw@v<MrSk^bVPG*8PEdA;bIq8PAh9CoO)I})g=Y<4
za4o|IrT&mj;nc*E)e7bezgN=Is?q~A$J7N`5J{prGv|&Hmj7lZpmr&u$lmL73m3ng
z3j52I7&WR3_Q628&zsQ3HtULWqW4C3a9TLw%a3T)>Pwy@E0`(>1Qi=%>5eSIrp^``
zK*Y?fK_6F1W>-7UsB)RPC4>>Ps9)f+^MqM}8AUm@tZ->j%&h1M8s*s!LX5&WxQcAh
z8mciQej@RPm?660%>{_D+7er>%zX_{s|$Z+;G7_sfNfBgY(zLB4Ey}J9F>zX#K0f6
z?dVNIeEh?EIShmP6>M+d|0wMM85Sa4diw1hrg|<RS;Z+*5iFfn_*Vc-QMNxxfo!o?
zH51@GQOg_iT_Q17n%fc`4||OPs#m$}D9z{#Y$0r%8xkDNATAbf6eR|UnR9~M2;QOQ
zWo}VoMMoSTp!eu`{W%hKt7IV;D$P^JFFEGv1xrbWe5%UELHA&Z!FI1pu&jIF$<Vi1
zqv*np?Vsw@ZF7cOCZ_(9p}qe437yPr)m#~vrQw2~0qu9v#+*k^tkvKMzY#VL`gA{{
zWmXsD%fldey5BAf)|6_zjB!{~xOAXgUHprdP|_e#Mc#>ITJ}JDg@o8y>(rF9mXk5M
z2@D|NA)-7>wD&wF;S_$KS=eE84`BGw3g0?6wGxu8ys4rwI?9U=*^VF22t3%mbGeOh
z`!O-OpF7#Vceu~F`${bW0nYVU9ecmk31V{tF%iv&5hWofC>I~cqAt@u6|R+|HLMMX
zVxuSlMFOK_EQ86#E8&KwxIr8S9tj_goWtLv4f@!&h8;Ov41{J~496vp9vX=(LK#j!
zAwi*21RAV-LD>9Cw3bV_9X(X3)Kr0-UaB*7Y>t82EQ%!)(&(X<Ph=0r1{ZL;Vg=bE
zSIZl>uAYtTsYy-dz+w=<h$^Gt<{s|t5K7A#b?Ba+c#2dgaCBoNt&o;lNKaQo-<3%W
z_Gm=1En^0pU<_TMC#F7<p-<<KL+8mNWHHs6DN54Gal+oP3$*$f)1teZHp+)@OZ|7@
z;4kqmUEtU57s&s;9I|8*1@o_|Dc<+%Ulw=&;r&ME_8%fbbpM}kto`>$ir)VJpe!_$
z6SGpX^i(af3{o=VlFPC);|J8#(=_8#vdxDe|Cok+ANhYwbE*FO`Su2m1~w+&9<_9~
z-|tTU_ACGN`~CNW5WYYBn^B#SwZ(t4%3a<RsNwzYmXyAy!v9eE{MXlo4F6@4Yve3q
zXJhjX8p&ALntXRnuHP`y|AvoJly&Tog;4oGVWQ5~iCda|MFf)L6shG)5Rn(mS&6EV
z7KTO*G*)f&(_lpaegiv&46O4*1b^a~xAEeCr8eCg9B*@ZU9~$MZEp$q`F%qC5?>Pp
z;o)|L6Rk569KGxFLUPx@<HGa60}pjye$du13O98sg<VhBsmD^qsWBr!@Uqcra_^Lu
zsMyu&@|p<2Ij6`c7w7~HH5|l{8%OF|Y?fACrCZ(rrD`LKd)JNg%JDxRdz!H!vQaSj
z-8S{m{FPVhjZ$b?sZx%VWgCMOI%vHgop-00<|TKE7Xnt5f^}ZxW2)7V2qRJy0u$C$
zMOT<_m3Y6N+RsNj7W34O`8&|SO1E#Sf2R^NQrCInFYHS4zyoeEofI}!^r{|hCxgxo
z&dG11wq<9$xXFTi8Xon`m@>!6OOa+5OjQLK5w&nAmwxkC5rZ|m&HT8G%GVZxB_@ME
z>>{rnXUqyiJrT(8GMj_ap#yN_!9-lO5e8mR3cJiK3NE{_UM&=*vIU`YkiL$1%kf+1
z4=jk@7EEj`u(jy$HnzE<Ca$JsCo?;tQXzoUOkX+?zYs79$PXT3<8rR1%%;jD6Jw(n
zm^y+3QHQXVHV`HCf@Rzv`e>33ZVW_J4bj}K;vT?T91YlO(|Y0FU4r+VdbmQ97%(J5
zkK*Bed8+C}FcZ@HIgdCMioV%A<*4pw_n}l*{Cr4}a(lq|injK#O?$tyvyE`S%(1`H
z_wwRvk#13ElkZvij2MFGOj`fhy?nC^8`Zyo%yVcUAfEr8x&J#A{|m<ae<x+Ns+QWn
z%oXLB$NLx$k)b3C(CU_gi-x47n<W*b%40&KN&<gl^T>oUBAV_^f$hpaUuyQeY3da^
zS9iRgf87YBwfe}>BO+T&Fl%rfpZh#+AM?Dq-k$Bq`vG6G_b4z%Kbd&v>qFjow*mBl
z-Oy<F@F@fiD&L?No+bK6$L{r^zJ-Q{p$SwwuOmPR_%DQ8egwJqMa(|eksIZl`OzDR
zj9|d_CtGA};|2*J>lnqOpLg}or7_VNwRg2za3VBK6FUfFX{|<DWg0nlj3js2ESj`s
z)aM8n{xN?kOqh!@HS}G4z?FSc#p^WY%(ZBPdECx5J#1eC-&m(8*(Jq-fEL#|u`fQz
zXc=b2j4*X=@}W~$suCtX<0?@hoKHZX?+h)?5F?poTrr(p#%naK*J`b%Yy9O3d8>TD
z`Wt0Vm2H$vdlRWYQJqDmM?JUbVqL*ZQY|5&sY*?!&%P8qhA~5+Af<{MaGo(dl&C5t
zE<cajo+vA%Zvnkf<Iq-uHaW5<G|r^0CJ5bpSE3Dm-XgRa=`TdZMm(Oh&l*^8bihfw
zjB+5}XkLLPMPn8Vt2^eI*&~fT5E~r^W^g0OQIT)LTbOS;9a!u^T(;BGgu^3>%t!J0
zh6jqANt4ABdPxSTrVV}fLsRQal*)l&_*rFq(Ez}ClEH6LHv{J#v?+H-BZ2)Wy{K@9
z+ovXHq~DiDvm>O~r$LJo!cOuwL+Oa--6;UFE2q@g3N8Qkw5E>ytz^(&($!O47+i~$
zKM+tkAd-RbmP{s_rh+ugTD;lriL~`Xwkad#;_aM?nQ7L_<RI*_O_lrvJ84DAH256#
z3eC1MHn`$0#$&-`hFSZh;iBbqR##S0E6UBhDXl3x?ZSR5AY@&R7^+OsqIHi=p?x8f
z=n2(LP-vG(Ae@jSmdB){8{9pO8%p1Z^iV(^;>muEFI}U_4$phjvY<qx5oqqagY80}
zrMk_jzGev7+Ub({^uk=;i(|2TS(oD6X_C8S90!mq-RNoDmEh@N74pLl?H6FiWbnXd
zKu*ceutW(s&Fk|m3PAv{LV&YGGhKI}fwTor`jg)D5FSOW^NyP(df=&9ic6DTl)hNf
zUc>gleK~`Fo`;GiC07&Hq1F<%p;9Q;<Xe3_FCmg*|Aach^kFcFlskYNsa&am9I}k`
zjXroS`w*4Lx;YY3e81m0xhI@%#}sG{yo63Bxo4!+;|ZL&#zVJo2-xNFZY@HhTGA5Q
zu_nZQ#s_sEev4!LGx~~vNj5<MuZ)PDFaUh&0A9P)^7+E`87vnM_IL6?F`lDj429(&
z#BB`WF4!(8o{w1j9by$~5!UcNX3;Y8#7gvT;|RNTLV<A`wP$9R?iJ;fMB3%bX~t!5
z6Hy`IbI3n>tv5b?*QnR%8DYJH3P>Svmv47Y>*LPZJy8_{9H`g6kQpyZU{oJ`m%<E8
zt2}_a<+M^mcDE({`12obY(CX99zVZXD$?Kg=l^hb{@de8$kEKj=G%JlTSVH#{=d-1
zl!R$1P$tw6`BxS|bBm@8&EJ8`CY2wXs?fyH1AhimFBdJ+#Z8gNr^;#%EB*}pxGoqX
zrBi8wG<8Vwa=dbrAA1`;!|`Wfm8R6647R~=!GHrf&W6c-g!~)!$>&p~D=K#KpfoJ@
zn-3cqmHsdtN!f?~w+(t+I`*7GQA#EQC^lUA9(i6=i1PqSAc|ha91I%X&nXz<OPvYM
z5<_c34C*OE@`cJ{f4(B^NcsSrM$&?U;!j7RIo-XBEar5|7vm$X!C`;X2=e7LRm9|1
zW+mXxqY=9^2BXsNYaA&S3N3I(Kv%5pjqQsbg(_}s51H=ZfgwEwlnKSz*=1$XL+(nh
zlLg$P{)vV=wQ7ASg-3n4bfik^%qn#+KiXxQv1%gQ1z>jYaM{8$s&wEx@aVkQ6M{E2
zfzId#&r(XwUNtPcq4Ngze^+XaJA1EK-%&C9j>^9(secqe{}z>hR5CFNveMsVA)m#S
zk)_%SidkY-XmMWlVnQ(mNJ>)ooszQ#vaK;!rPmGKXV7<rJ@yb}8E74K*Q4p4r_hYN
zomxAfCr-CH7kerDL>am^_F!Lz>;~{VrIO$;!#30X<R4_`F1&{kP+iobC%p71pBBa?
zNANR{wxl73<g3~CY81Sb1_|?u5&D=z4u969-7iBj(0k^r6CDL4i@!$hv*pFttVfne
zlP!;DYTV-2pF3Q!2^3Ln^i;yhqzVc^uX5&ahCV88>RhE1QqO_~#+Ux;B_D{Nk=grn
z8Y0oR^4RqtcYM)7a%@B(XdbZCOqnX#fD{BQTeLvRHd(irHKq=4*jq34`6@VAQR8WG
z^%)@5CXnD_T#f%@-l${>y$tfb>2LPmc{~5A82|16mH)R?&r#KKLs7xpN-D`=&Cm^R
zvMA6#Ahr<3X>Q7|-qfTY)}32HkAz$_mibYV!I)u>bmjK`qwBe(>za^0Kt*HnFbSdO
z1>+ryKCNxmm^)*$XfiDOF2|{-v3KKB?&!(S_Y=Ht@|ir^hLd978xuI&N{k>?(*f8H
z=ClxVJK_%_z1TH0eUwm2J+2To7FK4o+n_na)&#VLn1m;!+CX+~WC+qg1?PA~KdOlC
zW)C@pw75_xoe=w7i|r9KGIvQ$+3K?L{7TGHwrQM{dCp=Z*D}3kX7E-@sZnup!BImw
z*T#a=+WcTwL78exTgBn|i<XD(`oSVL$C7XWbynrm2=bmODFAID^^%i>NE3#EsOorO
z*kt)gDzHiPt07fmisA2LWN?AymkdqTgr?=loT7z@d`wnlr6oN}@o|&JX!yPzC*Y8d
zu6kWlTzE1)ckyBn+0Y^HMN+GA$wUO_LN6W>mxCo!0?oiQvT`z$jbSEu&{UHRU0E8#
z%B^wOc@S!yhMT49Y)ww(Xta^8pmPCe@eI5C*ed96)AX9<>))nKx0(sci8gwob_1}4
z0DIL&vsJ1_s%<@y%<g3`xa^3kvJfMBEmGJ~tFndO1Z%vCc8Zgxf=aJF97QE>U*-eX
z5rN&(zef-5G~?@r79oZGW1d!WaTqQn0F6RIOa9tJ=0(kdd{d1{<*tHT#cCvl*i>YY
zH+L7jq8xZNcTUBqj(S)ztTU!TM!RQ}In*n&Gn<>(60G7}4%WQL!o>hbJqNDSGwl#H
z`4k+twp0cj%PsS+NKaxslAEu9!#U3xT1|_KB6`h=PI0SW`P9GTa7caD1}vKEglV8#
zjKZR`pluCW19c2fM&ZG)c3T3Um;ir3y(tSCJ7Agl6|b524dy5El{^EQBG?E61H0XY
z`bqg!;zhGhyMFl&(o=JWEJ8n~z)xI}A@C0d2hQGvw7nGv)?POU@(kS1m=%`|+^ika
zXl8zjS?xqW$WlO?Ewa;vF~XbybHBor$f<%I&*t$F5fynwZlTGj|IjZtVfGa7l&tK}
zW>I<69w(cZLu)QIVG|M2xzW@S+70NinQzk&Y0+3WT*cC)rx~04O-^<{Jo<HJ2(zVM
zdrfuS=(NcS+d)i8*|qCcZ>hU_&HL5XdUKW!uFy|i$FB|EMu0eUyW;gsf`XfIc!Z0V
zeK&*hPL}f_cX=@iv>K%S5kL;cl_$v?n(Q9f_cChk8Lq$glT|=e+T*8O4H2n<=NGmn
z+2*h+v;kBvF>}&0RDS>)B{1!_*XuE8A$Y=G8w^qGMtfudDBsD5>T5SB;Qo}fSkkiV
ze^K^M(UthkwrD!&*tTsu>Dacdj_q`~V%r_twr$(Ct&_dKeeXE?fA&4&yASJWJ*}~-
zel=@W)tusynfC_YqH4ll>4Eg`Xjs5F7Tj>tTLz<0N3)X<1px_d2yUY>X~y>>93*$)
z5PuNMQLf9Bu?AAGO~a_|J2akO1M*@VYN^<sxO5Y)({<KJW0sm-F~qcE*g3#C#zOPO
zBYiC#^m`{=`02@UiZA2R&;jR3r8t1)l|9s>VxvP0F$2>;Zb9;d5Yfd8P%oFCCoZE$
z4#N$^J8rxYjUE_6{T%Y>MmWfHgScpuGv59#4u6fpTF%~KB^Ae`t1TD_^Ud#DhL+Dm
zbY^VAM#MrAmFj{3-BpVSWph2b_Y6gCnCAombVa|1S@DU)<YKT3UI7Fjk$9>2r9W<>
zT5L8BB^er<uILO|7Vl_#M<z3)r`u9+5Nvp_BV6l<^mzpQMIo?B#o;MQV8|s2bR#`<
z`UKNR%7CMs26OfWf@l5AnWyxI63&JZ`Ej`{6?tU#m|>3zxKt1v(y&OYk!^aoQisqU
zH(g@_o)D~BufUXcPt!Ydom)e|aW{XiMnes2z&rE?og>7|G+tp7&^;q?Qz5S5^yd$i
z8lWr4g5nctBHtigX<z4z;FUZs1Rt0BH4BG~ITKEL*uQvkdUTa0Gdp`|7#=OQt*dyu
z7fhPO-g;DpXn%xZ!0N?v9@(e33a})zG5+WkbB4~AAtYO@PBcvIxR^9bA$P2b6-<hj
zWSnYBc`K6l(dd`$_0-tRt=|?8|0kdFei2qx@Lin`zCZsMRsExi$Qw9(tBwCZdUin(
z0^iDg2qItR4GmB(2dyEN0lGO95Mlo0As6ymv!HROJKAnQ@T7&!PCGDn!SGjK|LH6;
z$RUhjC>%0%XzIAB8U|T6&JsC4&^hZBw^*aIcuNO47de?|pGXJ4t}BB`L^d8tD`H`i
zqrP8?#J@8T#;{^B!KO6J=@OWKhAerih(phML`(Rg7N1XWf1TN>=Z3Do{l_<FX;|+Z
z^VFB*^&iv@396~5)VEJ}*Y{-Zf9Pxfw}Sa!KUKi=n_UsLaBy@|ayI<0um83EI-q(c
zi>!d~DND&)O)D>ta20}@Lt77qSnVsA7>)uZAaT9bsB<Q`Lb@j61(w~b)-4<$Y4~1r
zlNw<^Y2#<8)rf)gl`%G+VcW^c&Fty(`FV@lO`uA`LOd%jq$~(cgk*?uZwT?k0pPrZ
zo+t*5VvGXE*+XhiNg&uE93qaQ{2BcsNeh|_vmvoDEaCvjn4pf8){P{&ub|Z!BU6#l
zNQ(3~>>u&aUQl+7GiY2|dAEg@%Al<Yf2v??M)puOFh}$+$gHS0<cXhikE<trh{({3
zhgCTb7i{`FW@rCx9EibOs=%P;Ix8anbF00OQj~}u9STY#lEVQ;xi^QSBh_dON=*q5
zQYgN%BCXb-uu(>3i316y;&IhQL^8fw_nwS>f60M_-m+!5)S_6EPM7Y)(Nq^8gL7(3
zOiot`6Wy6%vw~a_H?1hLVzIT^i1;HedHgW9-P#)}Y6vF%C=P70X0Tk^z9Te@kPILI
z_(gk!k+0%CG)%!<DxMw1l>WnBjjw*kAKs_lf#=5HXC00s-}oM-Q1aXYLj)(1d!_a7
z*Gg4Fe6F$*ujVjI|79Z5+Pr`us%zW@ln++2l+0hsngv<{mJ%?OfSo_3HJXOCys{Ug
z00*YR-(fv<=&%Q!j%b-_ppA$JsTm^_L4x`$k{VpfLI(FMCap%LFAyq;#ns5bR7V+x
zO!o;c5y~DyBPqdVQX)8G^G&jWkBy2|oWTw>)?5u}SAsI$RjT#)lTV&Rf8;>u*qXnb
z8F%Xb=7#$m)83z%`E;49)t3fHInhtc#kx4wSLLms!*~Z$V?bTyUGiS&m>1P(952(H
zuHdv=;o*{;5#X-uAyon`hP}d#U{uDlV?W?_5UjJvf%11hKwe&(&9_~{W)*y1nR5f_
z!N(R74nNK`y8>B!0Bt_Vr!;nc3W>~RiKtGSBkNlsR#-t^&;$W#)f9tTlZz>n*+Fjz
z3zXZ;jf(sTM(oDzJt4FJS*8c&;PLTW(IQDFs_5QPy+7yhi1syPCarvqrH<kQHd~}J
zAD~wybRfTM+UmvVHc2ZQv1aD2<C1U)I83*JbOj6S@{{dn0KVxABZRwI4nuUlVG1``
zz32s=kZ8L9hxSharf^>Fcf&yTy)^O<1EBx;Ir`5W{TIM>{8w&PB>ro4<ja$`!-2NG
zn1D|W)Q{TEH;iad_?nOeRVGH%&7ij4jI-l1^&;mP@tv+SMwoP_AAUQSX;OE}VKxrL
zDD8Z5eDc%O)YazgZm9_$$kcw#H%bA-BEmVIr83W)AXEZGsoF{UEX810x!of({PzeV
zTc7+$JZl-5`$9uS*qORqi`DW%fp<0-U>;YD<5LF^TjTb0!zAP|QijA+1Vg>{Afv^%
zmrkc4o6rvBI;Q<?{}d_lXUu}Z_^RXH`ei@z%1y9jOmNv@<RB6tQ|ip%Kw=sbh!b^L
zRDS3D=`*MM&~l$H3izy<rT$FPqC;o3Tu6>8rj4*=AZacy*<VG&^x#1hI8HG+wj7-(
zu0K|S#l{`RH5@>n8B{&G3VJc)so4$XUoie0)vr;qzPZVbb<#Fc=j+8CGBWe$n|3K&
z_@%?{l|TzKSlUEO{U{{%Fz_pVDxs7i9H#bnbCw7@4DR=}r_qV!Zo~CvD4ZI*+j3kO
zW6_=|S`)(*gM0Z;;}nj`73OigF4p6_NPZQ-Od~e$c_);;4-7sR>+2u$6m$Gf%T{aq
zle>e3(*Rt(TPD}03n5)!Ca8Pu!V}m6v0o1;5<1h$*|7z|^<w!JEN0S;;1e`H0*1-T
zupKOqL;~E|dEpg(`q;y<)_+f;cw~Y7@~b0!il*@ekIYqdHFu4|6N#{w!y$w$8ChyG
z;4lI>(3$Y&;KHKTT}hV056wuF0Xo@mK-52~r=6^SI1<WB97)WIclt^ZdN7u+$j|Sp
z<&S%p=BO^C&5noW|E?bvjn7aE(t~q<8W9_iOC8{?-T=X@6k(EX;Gl#78!F7F#(-nO
zf^^X>NC%c~CC?n>yX6wPTgiWYVz!Sx^atLby9YNn1Rk{g?|pJaxD4|9cUf|V1_I*w
zzxK)hRh9%zOl=*$?XUjly5z8?jPMy%vEN)f%T*|WO|bp5NWv@B(K3D6LMl!-6dQg0
zXNE&O>Oyf%K@`ngCvbGPR>HRg5!1IV$_}m@3dW<jjp35)K11ftRLl8F-P=VGZ`sFP
zww@0NLvS#YtkDf9tP~TVdN?+o&_F{JExGS|AruEcYyxViRKAT&XwW$dn{a)<nRJhh
zFOJdIIjTK^f{g<T#})H6(>B7x3t&KFyOJn9pxRXCAzFr&%37wXG;z^xaO$ekR=LJG
ztIH<c*V1d}IIH*J46D|@k(->pY8<mzZk@T4fMCV)+hn7&D5;Dj^pIAj!lty5@KGj*
zWSa@5;uM}%tIJ^7xoDY!-I|G_Nk*w@sq}Y8W&CO`{ji&w5Q>F5xBP{mtQidqNRoz=
z@){+N3(VO5bD+VrmS^YjG@+JO{EOIW)9=F4v_$Ed8rZtHvjpiEp{r^c4F6Ic#ChlC
zJX^DtSK+v(YdCW)^EFcs=XP7S>Y!4=xgmv>{S$~@h=xW-G4FF9?I@zYN$e5oF9g$#
zb!eVU#J+NjLyX;yb)%SY)xJdvGhsnE*JEkuOVo^k5PyS=o#vq!KD46UTW_%R=Y&0G
zFj6bV{`Y6)YoKgqnir2&+sl+i<T@$SEZ%eR9?l3zWj#g`c-Lw}H7wQ*r%L{XdsDm&
z%d`kqM-m;<j+A8In$Vlqeios90uAT`vDQO7uZmwH8gBC#bT5E<AMsy(8}NZTRA}g5
zTK30aF-Hyup})^AeBroLxIZn6#16A7#mJ(H`l~mUL{1+RMoJ4$9z4FMdw5G;@K^4m
zcMEnAzX4%>6foAn-**Zd1{_;Zb7Ki=u394C5J{l^H@XN`_6XTKY%X1AgQM6KycJ+=
zYO=&t#5oSKB^pYhNd<Hq_&5{uJ|}pm4r<SDecAPoUA})>zPgH~aEGW2=ec1O#s-KG
z71}LOg@4UEFtp3GY1PBemXpNs6UK-ax*)#$J^pC_me;Z$Je(OqLoh|ZrW*mAMBFn<
zHttjwC&fkVfMnQeen8`Rvy^$pNRFVaiEN4Pih*Y3@jo!T0nsClN)pdrr9AYLcZxZ|
zJ5Wlj+4<imnt5VSh{#EH?J85I(D8{GqX*DGBG49y<*RAh@;ZVb$!`%S>q~($hbtuY
zVQ7hl>4-+@6g1i`1a)rvtp-;b0>^`Dloy(#{z~ytgv=j4q^Kl}wD>K_Y!l<x6}uP1
zAy`CA0Bn|?gC?$)o7%Qs19JHqWWaXBCF@4@7RA}nZKgehb4TZC*x(C&xzuvJ+8p>~
zp(_&7sh`vfO(1*MO!B%<6E_bx1)&s+Ae`O)a|X=J9y~XDa@UB`m)`tSG4AUhoM=5&
znWoHlA-(z@<cR(|uZoa?qsg}_q=}8Ah10jYp3?UPpN-i!=>3n0=l{E)R-p8sB9XkV
zZ#D8wietfHL?J5X0%&fGg@MH~(rNS2`GHS4xTo7L$>TPme+Is~!|79=^}QbPF>m%J
zFMkGzSndiPO|E~hrhCeo@&Ea{M(ieIgRWMf)E}qeTxT8Q#g-!Lu*x$v8W^M^>?-g=
zwMJ$dThI|~M06rG$Sv@C@tWR>_YgaG&!BAbkGggVQa#KdtDB)lMLNVLN|51C@F^y8
zCRvMB^{GO<hYvzi_zNjJ_f%lxMg&9p?Ue@Bdh}R->@j=cHfmy}_pCGbP%xb{pNN>?
z?7tBz$1^zVaP|uaatYaIN+#xEN4jBzwZ|YI_)p(4CUAz1ZEbDk>J~Y|63SZaak~#0
zoYKruYsWHoOlC1(MhTnsdUOwQfz5p6-D0}4;DO$B;7#M{3lSE^jn<zuQv}MXkAvmK
z>TT;ns`>!G%i*F?@pR1JO{QTuD0U+~SlZxcc8~>IB{<TCqd(tXkN<qFIG%?R^v;WX
zn@Z<x5J?wa8IzkozW<V%%VzNINoS-teut4!#}JvaS$+?)NB!fdp*~2?$LZz3i8Q2r
z!CUUyUL(KHY8!VCmh65-0wn!+JT@Z8qQ=xI$;jR00W|fZrD=EqH{JU&r7kt4#0uda
z)tyVkud^oypV5-GL|S9Q28-Fgh^g{+au*XvyU+PBRfde~V0YH&@(=OFm+uu5PIyD2
z+;GM173j-eR|o~!g`__Cp<-MxPR0C>)@8p`P&+nDxNj`*gh|u?yrv$phpQcW)U<p_
z<(fJm141A9@ejJ#>s)bi`kT%qLj(fi{dWRZ%Es2!=3mI~UxiW0$-v3vUl?#g{p6eF
zMEUAqo5-L0Ar(s{VlR9g=j7+lt!gP!UN2ICMokAZ5(Agd>})#gkA2w|5+<%-CuEP#
zqgcM}u@3(QIC^Gx<2dbLj?cFSws_f3e%f4jeR?4M^M3cx1f+Qr6ydQ>n)kz1s##2w
zk}UyQc+Z5G-d-1}{WzjkLXgS-2P7auWSJ%pSnD|<OurhKj7AhIP9fa$WiDxZw0O`C
zl$gnInaT+JaxeYOWIX~L<E94!&v5t=YTZBB-Cejh&+7w2k6+i1yjrI>Uivj5u!xk0
z_^-N9r9o;(rFDt~<P@Uu1t^5KOIo3gYd*`+46a`i-I#16i8XEPtky1NUO^ug&iuG=
zvcW04MPuGtIQgs|CBh>q1PvE#iJZ_f>J3gcP$)SOqhE~pD2|$=GvpL<LzN&s2xwaP
z8P|_&72HKdi^keo%R095hI}33g;^60x{bsqED0sYIW|UJo&%49uguwTV<~-C>^d!r
z6u=sp-CrMoF7;)}Zd7XO4XihC4ji?>V&(t^?@3Q&t9Mx=qex6C9d%{FE6dvU6%d94
zIE;hJ1J)cCqjv?F``7I*6bc#X)JW2b4f$L^>j{*$R`%5<AQixtYx1IUP=}l%5^_Vk
zu_~{>VHFi*+Q$2;nyieduE}qdS{L8y8F08yLs?<l+{YY65v<7NSu!rgIjTK|JAKh0
zP(mT3%fX!OeiDy<K|oE?PGArmhz{oS_I0Ffe{Q0yn`EUkI>w}{>8>$3236T-VMh@B
zq-nujsb_1aUv_7g#)*rf9h%sFj*^mIcImRV*k~Vmw;%;YH(&ylYpy!&UjUVqqtfG`
zox3esju?`unJJA_zKXRJP)rA3nXc$m^{S&-p|v|-0x9LHJm;XIww7C#R$?00l&Yyj
z=e}gKUOpsImwW?N)+E(awoF@HyP^EhL+GlNB#k?R<2>95hz!h<XV+-N;tx7Dg{-1n
z4p0EoIaaPlw?t`=Vny0SXwENgYJ(lh(Z0P4l7`dlY4^8VbjP>9sF@U20DHSB3~WMa
zk90+858r@-+vWwkawJ)8ougd(i#1m3GLN{iSTylYz$brAsP%=&m$mQQrH$g%3-^VR
zE%B`Vi&m8f3T~&myTEK28BDWCV<JA}5XF~uqL>zfWir1I?03;pX))|kY5ClO^+bae
z*7E?g=3g7Eiis<nc{>YOrE+lA)2?Ln6q2*HLNpZEWMB|O-JI_oaHZB%CvYB(%=tU=
zE*OY%QY58fW<zr{<(Uw3xq|Z8^Mt>#RG5=gm0NR#iMB=EuNF@)%oZJ}nmm=<le;F=
zNs927DJRmD$0H@82PP1_jl&kHJS}a$d*M^1?FQbZu@dl@L(S19iWIN@PkJieLZ8sp
zWY}fWj;RQBA+ZxXrxN|C>tsJ?eGjia{e{yuU0l3{d^D@)kVDt=1PE)&tf_hHC%0MB
znL|CRCPC}SeuVTdf>-QV70`0(EHizc21s^sU>y%hW0t!0&y<7}Wi-wGy>m%(-jsDj
zP?mF|>p_K>liZ6ZP(w5(|9Ga%>tLgb$|doDDfkdW<npgIKZod@86=L$l@UV-og~+P
zF^Cq!u7D=|VMssPkEa~A#3<M9hgAcQ9`d11wAsH9Sl4?LVQELZovE(0lc~Ohbk)C_
z<Uzj3F8qYsOgDW=8`rDOJHt5aS+k8n^;(uN&7QKLhxLK9vsuOPMltzH#|9W3f5>>Z
z<VqeGR8aAE?l-?A+*Lo-P!QVmbwiKi_?6Zbt!a;7y({Dt7R>`)>V2XC?NJT26mL^@
zf+IKr27TfM!UbZ@?zRddC7#6ss1sw%CXJ4FWC+t3lHZup<vW@-CN-^l*>zM77m^=9
z&(a?-LxIq}*nvv)y?27lZ<w7FkNveuzOo#MDeLbLLG**T2Ocb2*L;5sp+~mbR!o6i
zKxHfT2+fHk9Qx0JhNz-tt5+@9eHK=q`=)`=@vlL!BQyWnYCHMCk+WkP9P&1aa~>{j
zifdl9hyJudyP2LpU$-kXctshbJDKS{WfulP5Dk~xU4Le4c#h^(YjJit4#R8_khheS
z|8(>2ibaHES4+J|DBM7I#QF5u-*EdN{n=Kt@4Zt?@Tv{JZA{<Q4%^#r!5dYcoI>`4
zU#kYOv{#A&gGPwT+$Ud}AXlK<N$OH?L<)1|=t5F9Z~D2jDlAR8LLg=oDRU<zMhGVd
zxlEk}Y|W?2c3`}Yh7uXk`PbaI96C&N@IrUyx&+@fCIYGa>3K7hYzo$(fBSFjrP{QQ
zeaKg--L&jh$9N}`pu{Bs>?eDFPaWY4|9|foN%}i;3%;@4{dc+iw>m}{3rELqH21G!
z`8@;w-zsJ1H(N3%|1B@#ioLOjib)j`EiJqPQVSbPSPVHCj6t5J&(NcWzBrzCiDt{4
zdlPAUKldz%6x5II1H_+jv)(xVL+a;P+-1hv_pM>gMRr%04@k;DTokASSKKhU1Qms|
zrWh3a!b(J3n0>-tipg{a?UaKsP7?+|@A+1WPDiQIW1Sf@qDU~M_P65_s}7(gjTn0X
zu<yJ^W3#GSbIOvgJ#U%B0Ma!=977uBu!NN4nw=AO0Uo1e6rz&Jb-<htqoz3ltJJxR
z&6b%_$(g>cyEm)o;f8UyshMy&>^SC3I|C6jR*R_GFwGranWZe*I>K+0k}pBuET&M~
z;Odo*ZcT?ZpduHyrf8E%IBFtv;JQ!N_m>!sV6ly$_1D{(&nO~w)G~Y`7sD3#hQk%^
zp}ucDF_$!6DAz*PM8yE(&~;%|=+h(Rn-=1Wykas_-@d&z#=S}rDf`4w(rVlcF&lF!
z=1)M3YVz7orwk^BXhslJ8jR);sh^knJW(Qmm(QdSgIAIdlN4Te5KJ<UrT~Lej6O)L
z%<A<Iu-Oj_+m%8nrO_-mEvGKjib6^rfHb|C@$p4s{u36j#BVGTi;!Z-nGpsHIq~r6
zKU7nX2qWk|M6E)<1IGmp6>isifjr?eB{FjAX1a0AB>d?qY4Wx>BZ8&}5K0fA+d{l8
z?^s&l8#j7pR&ijD?0b%;lL9l$P_mi2^*_OL+b}4kuLR$GAf85sOo02?Y#90}CCDiS
zZ%rbCw>=H~CBO=C_JVV=xgDe%b4FaEFtuS7Q1##y686r%F6I)s-~2(}PWK|Z8M+Gu
zl$y~5@#0Ka%$M<&Cv%L`a8X^@tY&T7<0|(6dNT=EsRe0%kp1Qyq!^43VAKYnr*A5~
zsI%lK1ewqO;0TpLrT9v}!@vJK{QoVa_+N4FYT#h<e;~yQl{K5W|5PTi-)$yIVACEY
z&8L*vkXrpk*<nYCDuS9r0473Zi#-H7*I&5^7bLd>?Y8rS1S&-G+m$FNMP?(8N`MZP
zels(*?kK{{^g9DOzkuZXJ2;SrOQsp9T$hwRB1(phw1c7`!Q!b<q^T*2LyS}f6ndNi
zfjcbe>y?Q#YsSM#I12RhU{$Q+{xj83axHcftEc$mNJ8_T7A-BQc*k(sZ+~NsO~xAA
zxnbb%dam_fZlHvW7fKXrB~F&jS<4FD2FqY?VG?ix*r~MDXCE^WQ|W|WM;gsIA4lQP
zJ2hAK@CF*3*VqPr2eeg6GzWFlICi8S>nO>5HvWzyZTE)hlkdC_>pBej*>o0EOHR|)
z$?};&I4+_?wvL*g#PJ9)!bc#9BJu1(*RdNEn>#Oxta(VWeM40ola<0aOe2kSS~{^P
zDJBd}0L-P#O-CzX*%+$#v;(x%<*SPgAje=F{Zh-@ucd2DA(yC|N_|ocs*|-!H%wEw
z@Q!>siv2W;C^^j^59OAX03&}&D*W4EjCvfi(ygcL#~t8XGa#|NPO+*M@Y-)ctFA@I
z-p7npT1#5zOLo>7q?aZpCZ=iecn3QYklP;gF0bq@>oyBq94f6C=;Csw3PkZ|5q=(c
zfs`a<xZMUK<`7~5^<maZ213lG&62zHI6a~gdOM)+$bD)|YlPL&D6{#Kj2VP@S%l4C
zYEFS%WX?k%9)ZEUjfWdcDJy3``ws^Tby5uU+~V@g2xU>w?II0e(h=|7o&T+hq&m$;
zBrE09Twxd9BJ2P+QPN}*OdZ-JZV7%av@OM7v!!NL8R;%WFq*?{9T3{ct@2EKgc8h)
zMxoM$SaF#p<`65BwIDfmXG6+OiK0e)`I=!A3E`+<CUMBq319vPYnVd1J>K@61f}0e
z!2a*FOaDrOe>U`q%K!QN`&=&0C~)CaL3R4VY(NDt{Xz(Xpqru5=r#uQN1L$J<y%Uu
zA^rjI2h#ieAP(KB`x-3Pi#%$Cm1U!()0rCco^-tAJ-YY#czA*K6-gj9W+2YV?s{dQ
zHk9=TQt1W$)<+Yekq~#}jwB~i<?vGJS3<NTTEz5VlU}=L$BY9ri58&X2LIVtQTnY8
zUUAsD(>e1*dkdqQ*=lofQaN%lO!<5z9ZlHgxt|`T<B}%UTJ{z-MxbW3W;d2}>Hd>2
zsWfU$9=p;<AM^JHlS(g}^P6vxdqrE;j;!9nG)BLNzCx~AkR?Q~I4xd|a>yLyJyM^t
zS2w9w?Bpto`@H^xJpZDKR1@~^30Il6oFGfk5%g6w*C+VM)+%R@gfIwNprOV5{F^M2
zO?n3DEzpT+EoSV-%O<y((yvvSF?QMqxdQfG=o*Q6#R-cR=e>dvZvNF+pDd-ZVZ&d8
zKeIyrrfPN=EcFRCPEDCVflX#3-)Ik_HCkL(ejmY8vzcf-MTA{oHk!R2*36`O68$7J
zf}zJC+bbQk--9Xm!u#lgLvx8TXx2J258E5^*IZ(FXMpq$2LUUvhWQPs((z1+2{Op%
z?J}9k5^N=z;7ja~zi8a_-exIqWUBJwohe#4QJ`|FF*$C{lM18z^#hX6!5B8KAkLUX
ziP=oti-gpV(BsLD{0(3*dw}4JxK23Y7M{BeFPucw!sHpY&l%Ws4pSm`+~V7;bZ%Dx
zeI)MK=4vC&5#;2MT7fS?^ch9?2;%<8Jlu-IB&N~gg8t;6S-#C@!NU{`p7M8@2iGc&
zg|JPg%@gCoCQ&s6JvDU&`X2S<57f(k8nJ1wvBu{<Q5<VrXfa>8r?;q3_kpZZ${?|(
z+^)UvR33sjSd)aT!UPkA;ylO6{aE3MQa{g%Mcf$1KONcjO@&g5zPHWtzM1rYC{_K>
zgQNcs<{&X{OA=cEWw5JGqpr0O>x*Tfak2PE9?FuWtz^DDNI}rwAaT0(bdo-<+SJ6A
z&}S%boGMWIS0L}=S>|-#kRX;e^sUsotry(MjE|3_9duvfc|nwF#NHuM-w7ZU!5ei8
z6Mkf<hYq+N+d^*%bt_6*x!{0GmZRKsJJXiLN8wpS(Uv=olQpSC#H7i}3dsj}115`A
zRrOEh*UAQ#31Q<@<FO&t-@6oSx!J?T$;HK~a6bi~bg~t6E->>2)WunY2eU@C-Uj-A
zG(z0Tz2YoBk>zCz_9-)4a>T46$(~kF+Y{#sA9MWH%5z#zNoz)sdXq7ZR_+`RZ%0(q
zC7&GyS_|BGHNFl8Xa%@>iWh%Gr?=J5<(!OEjauj5jyrA-QXBjn0OAhJJ9+v=!LK``
z@g(`^*84Q4jcDL`OA&ZV60djgwG`|bcD*i50O}Q{9_noRg|~?dj%VtKOnyRs$Uzqg
z191a<?QW(%>WoR<Qn_nViJDB$eYA@48M=Vocd~UoI?UjIG{dEPWMb>^rDX#@iSq0n
z?9Sg$WSRPqSeI<}&n1T3!6%Wj@5iw5`*`Btni~G=&;J+4`7g#OQTa>u`{4ZZ(c@s$
zK0y;ySOGD-UTjREKbru{QaS>HjN<2)R%Nn-TZiQ(Twe4p@-saNa3~p{?^V9Nixz@a
zykPv~<@lu6-Ng9i$Lrk(xi2Tri3q=RW`BJYOPC;S0Yly%77c727Yj-d1vF!Fuk{Xh
z)lMbA69y7*5u<i&?VY%Z=W?mMfy3!z6<A1aI%K1}Xd?Hl?dJQf>fET>P*gXQrxsW+
zz)*MbHZv*eJPEXYE<6g6_M7N%#%mR{#awV3i^PafNv(zyI)&bH?F}2s8_rR(<b<$P
zrQKJVs<E1Cpc3eq{3sQ_NehleK9n6)`f-wm%<q^77~-$G<~nFep?9LH|3iED7_8P#
zcw*i>6%!V4SOWlup`TKAb@ee>!9JKPM=&8g#BeYRH9FpFybxBX<l&dvNqpyQo2jw$
zrd@`#K5C%`FsuU@hy`J^e+~XZ3lQXCVeo}vq)&vQ(T_FQ|Fd4iU8&|Q2ohawyv;R;
zfx)TQlL8omDR8_o9e(fA+gNuwe@-|Vw#@Z}KdC$td3&HZG{EU_+@l5Lz{S(H7g0}P
z!wyv;ZOFn|7phLo&)(PwGssTS%gCwaxG2(FB%{(6vQk<H{0)~}{b>QI2|g}FGJfJ+
zY-*2hB?o{TVL;Wt_ek;AP5PBqf<gA?#tcK;3^SZ5-nTDHqG&ERXI>DR4@Z->_182W
z{P@Mc27j6jE*9xG{R$>6_;i=y{qf(c`5w9fa*`rEzX6t!KJ(p1H|>J1pC-2zqWENF
zmm=Z5B4u{cY2XYl(PfrInB*~WGWik3@1oRhiMOS|D;acnf-Bs(QCm#wR;@Vf!hOPJ
zgjhDCfDj$HcyVLJ=AaTbQ{@vIv14LWWF$=i-BDoC11}V;2V8A`S>_x)vIq44-VB-v
z*w-d}$G+Ql?En8j!~ZkCpQ$|cA0|+rrY>tiCeWxkRGPoarxlGU2?7%k#F693RHT24
z-?JsiXlT2PTqZqNb&sSc>$d;O4V@|b6VKSWQb~bUaWn1Cf0+K%`Q&Wc<>mQ>*iEGB
zbZ;aYOotBZ{vH3y<0A*L0QVM|#rf*LIsGx(O*-7)r@yyBIzJnBFSKBUSl1e|8lxU*
zzFL+YDVVkIuzFWeJ8AbgN&w(4-7zbiaMn{5!JQXu)SELk*CNL+Fro|2v|YO)1l15t
zs(0^&EB6DPMyaqvY>=KL>)tEpsn;N5Q#yJj<9}ImL((SqErWN3Q=;tBO~ExTCs9hB
z2E$7eN#5wX4<3m^5pdjm#5o>s#eS_Q^P)tm$@SawTqF*1dj_i#)3};JslbLKHXl_N
z)Fxzf>FN)EK&Rz&*|6&%Hs-^f{V|+_vL1S;-1K-l$5xiC@}%uDuwHYhmsV?YcOUlk
zOYkG5v2+`+UWqpn0aaaqrD3lYdh0*!L`3FAsNKu=Q!vJu?Yc8n|CoYyDo_`r0mPoo
z8>XCo$W4>l(==h?2~PoRR*kEe)&IH{1sM41mO#-36`02m#nTX{r*r`Q5rZ2-sE|nA
zhnn5T#s#v`52T5|?GNS`%HgS2;R(*|^egNPDzzH_z^W)-Q98~$#YAe)<c+_iMEd;(
zGLL=^97>cEZ%vge965AS_am#DK#pjPRr-!^za<I@zZ*$TBru6v#z=6sEocpKgm#@U
z8o7luVux;FoG93HzhvJ}mON7C5%uR;xrayiAZGNC25Gw>8>`kksCAUj(Xr*1NW5~e
zpypt_eJpD&4_bl_y?G%>^L}=>xAaV>KR6;^aBytqpiHe%!j;&MzI_>Sx7O%F%D*8s
zSN}cS^<{iiK)=Ji`FpO#^zY!_|D)qeRNAtgmH)m;qC|mq^j(|hL`7uBz+ULUj37gj
zksdbnU+LSVo35riSX_4z{UX=%n&}7s0{WuZYoSfwAP`8aKN9P@%e=~1`~1ASL-z%#
zw>DO&ixr}c9%4InGc*_y42bdEk)ZdG7-mTu0<FW2(C+;`6@R(&V!T}nZ@BGPI13Hv
z<wqNxyJ4{qEz%XIXh)}VQsGBJBoDvJcT!nGH#oi>bD@_vGAr*NcFoMW;@r?@LUhRI
zCUJgHb`O?M3!w)|CPu~ej%fddw20lod?Ufp8Dmt0PbnA0J%KE^2~AIcnKP()025V>
zG>noSM3$5Btmc$GZoyP^v1@Poz0FD(6YSTH@aD0}BXva?LphAiSz9f&Y(aDAzBnUh
z?d2m``~{z;{}kZJ>a^wYI?ry(V9hIoh;|EFc0*-#*`$T0DRQ1;WsqInG;YPS+I4{g
zJGpKk%%Sdc5xBa$Q^_I~<!_b}V(wPjwRuYPvu?CY74EfG{}|QRE`T_gwr1k;)AuG4
z7le)9kxPOUWtpA~sIkm<L{dH~l*$S@4o(d-tyN{jEBNIBYeG}HF7_8v+HzYED*|%m
zo~*PNdU^)=dYkf6m{DgH^_nDQUSMrL<&_+Cb{%V>(F97eqDO7AN3EN0u)PNBAb+n+
zWBTxQx^;O9o0`=g+Zrt_{lP!sgWZHW?8bLYS$;1a@&7w9rD9|Ge;Gb?sEjFoF9-6v
z#!2)t{DMHZ2@0W*fCx;62d#;jouz`R5Y(t{BT=$<ViJ-e8>N4yr^^o$ON8d{PQ=!O
zX17^CrdM~7D-;ZrC!||<+FEOxI_WI3CA<35<qfV6)x_E#voH;)VbhGP8>va%4v>gc
zEX-@h8esj=a4s<wvJ3e2MtqV4>zW7x{0g$hwoWRQG$yK{@3mqd-jYiVofJE!Wok1*
znV7Gm&Ssq#hFuvj1sRyHg(6PFA5U*Q8Rx>-blOs=lb`qa{zFy&n4xY;sd$fE+<3EI
z##W$P9M{B3c3Si9gw^jlPU-JqD~Cye;wr=XkV7BSv#6}DrsXWFJ3eUNrc%7{=^sP>
zrp)BWKA9<}^R9g!0q7yWlh;g<zBc-?aGM%MCadUqnSv$C^W}sc59-0BreO!U{Mm|0
z3CDAgRc_dM>r_TEOD|#BmGq<@IV;ueg+D2}cjpp+dPf&Q(<RuHtO~&Za=?X_6<nz7
zw(HF9k0ZpKdtPF=yvHVvN@D1{T&=OwIXOy02tRXE<`|>36sFU&K8}hA85U61faW&{
zlB`9HUl-WWCG|<1XANN3JVAkRYvr5U4q6;!G*MTdSUt*Mi=z_y3B1A9j-@aK{lNvx
zK%<ABSV(UXDR}tgQCAbq(aE-w5#QvQ^4cIwYTF>p23>M&=KTCgR!Ee8c?DAO2_R?B
zkaqr6^BSP!8dHXxj%N1l+V$_%vzHjqvu7p@%Nl6;>y*S}M!B=pz=aqUV#`;h%M0rU
zHfcog>kv3UZAEB*g7Er@t6CF8kHDmKTjO@rejA^ULqn!`LwrEwOVmHx^;g|5PHm#B
zZ+jjWgjJ!043F+&#_;D*mz%Q60=L9Ove|$gU&~As5^uz@2-BfQ!bW)Khn}G+Wyjw-
z19qI#oB(RSNydn0t~;tAmK!P-d{b-@@E5|cdgOS#!>%#Rj6ynkMvaW@37E>@hJP^8
z2zk8VXx|>#R^JCcWdBCy{0nPmYFOxN55#^-rlqobe0#L6)bi?E?SPymF*a5oDDeSd
zO0gx?#KMoOd&G(2O@*W)HgX6y_aa6iMCl^~`{@UR`nMQE`>n_{_aY5nA}vqU8mt8H
z`oa=g0SyiLd~BxAj2~l$zRSDHxvDs;I4>+M$W`HbJ|g&P+$!U7-PHX4RAcR0szJ*(
ze-417=bO2q{492SWrqDK+L3#ChUHtz*@MP)e^%@>_&#Yk^1|tv@j4%3T)<fhL{STW
zCKVgP7+L7gGirDH*j4IcU3f+n$%@j+eIwPIz$nGcF%^9^L2-@+?uuB<mmhNS>diEX
zATx4K*hcO`sY$jk#jN5WD<=C3nvuVsRh||qDHnc~;Kf59zr0;c7VkVSUPD%NnnJC_
zl3F^#f_rDu8l}l8qcAz0FFa)EAt32IUy_JLIhU_J<Uo3Dow}b4<sm|~AepFFx<JRQ
z;@C=8w-3XbRxy&{Ri1>^l~FRH&6-ivSpG2PRqzDdMWft>Zc(c)#tb%wgmWN%>IOPm
zZi-noqS!^F<U+etqoP_oqv6A;<$i>tb81pRcQi`X#UhWK70hy4tGW1mz|+vI8c*h@
zfFGJtW3r>qV>1Z0r|L>7I3un^gcep$AAWfZHRvB|E*<aeKQiWTU&n{UPJAOz<P@4J
zLqbvAGWRlxF3rJT%Zs#uS%ba=YGlv6m;ga0Ewku2<S19&D8R64@(L`VAVh(8wD|a2
zr+h;*m)6-DlG$`>kktY$qQP_$YG60C@X~tTQjB3%@`uz!qxtxF+LE!+=nrS^07hn`
zEgAp!h|r03h7B!$#<HdIGQExFhMG!)fkjs5v&9PaH42FGQy5*O@=Mvk-UY_Gjdhg{
zvXsB7u`m7#3R)`#yb_psv&Go{I{71(Pz_@Kp_dr6+OaLI-Jh6nqN`=rKkn2-j4l=~
zYV<9a%WWWoOL5m!gNO<%&fi56IJq$3#9Y||T~aHe+CWEN85g|<-R(`rSx|8q&z5fG
zd75dhW<xu{a>OZW#ACD+M;-5J!W+{h|6I;5cNnE(Y863%1(oH}_FTW})8zYb$7czP
zg~Szk1+_NTm6SJ0MS_|oSz%e(S~P-&SFp;!k?uFayytV$8HPwuyELSXOs^27XvK-D
zOx-Dl!P|28DK6iX>p#Yb%3`A&CG0X2S43FjN%IB}q(!hC$fG}yl1y9W&W&I@KTg6@
zK^kpH8=yFuP+vI^+59|3%Zqnb5lT<C_&&||JwB2A8I(SxBd85_4FP4jGKo^H&e|eh
z{d@VmkE?$Kgi<iX4wyn09aB8Tf;0fMC8){<Qgh<n659r*EfjMjE^|aLlTWs>DAykf
z9S#X`3N(X^SpdMyWQGO<uE=seV_X&nqnW_Lk7sq{{&Q9?zp^a+hc!9kPH%|mucKx2
z@`VUe$H6R>QRjhiwlj!0W-yD<3aEj^&X%<ayxe}$9y@mShqPE>=?`6lCy~?`&WSWt
z?U~EKFcCG_RJ(Qp7j=$I%H8t)Z@6VjA#>1f@EYiS8MRH<GjGM;DtcQ_6CnGGZEFIC
z{oVB-i}}7|r?+TCBn^~xMYR1g0)Sx$EjbHH8xH6*4MzpCVY~oV)XnYWx^M#3>Zphp
zMA_5`znM=pzUpBPO)pXGYpQ6gkine{6u_o!P@Q+NKJ}k!_X7u|qfpAyIJb$_#3@wJ
z<1SE2Edkfk9C!0t%}8Yio09^F`YGzpaJHGk*-ffsn85@)%4@`;Fv^8q(-Wk7r=Q8p
zT&hD`5(f?M{gfzGbbwh8(}G#|#fDuk7v1W)5H9wkorE0ZZjL0Q1=NRGY<o7#$@8F`
z!^QQ~Gv>>zwgfm81DdoaVwNH;or{{eSyybt)m<=<Vv7lN92gNv->zXoA^RALYG-2t
zouH|L*BLvmm9cdMmn+KGopyR@4*=&0&4g|FLoreZOhR<Y)DXC&;d=#e1HGk8LY;(a
zRJpcT4vE?_ZuN@`wVDIg%|R*=%xWzKr4jboKeb0rtwd<hA~78z6+Pa!>mh=)R0bg~
zT2(8V_q7~42-zvb)+y959OAv!V$u(O3)%Es0M@CRFmG{5sovIq4%8Ahjk#*5w{+)+
zMWQoJI_r$HxL5km1#6(e@{lK3Udc~n0@g`g$s?VrnQJ$!oPnb?IHh-1qA`Rz$)Ai<
z6w$-MJW-gKNvOhL+XMbE7&mFt`x1KY>k4(!KbbpZ`>`K@1J<(#vVbjx@Z@(6Q}MF#
zMnbr-f55(cTa^q4+#)=s+ThMaV~E`B8V=|W_fZWDwiso8tNMTNse)RNBGi=gVwgg%
zbOg8>mbRN%7^Um-7<qV!+EeJ_zzmJ+Tgur}U#*6$Xcp8z*Erk}1Kx!T1TSj!Nswev
zz_ql(^DNp0ZbjpmY1w3W5F<##TmeY91I$!r%9zh+l}r0Y03NDni(BSIIE9`<14)`F
z(O%vG+8J>oj4=6`$|(K7!+t^90a{$18Z>}<#!bm%ZEFQ{X(yBZMc>lCz0f1I2w9Sq
zuGh<9<=AO&g6BZte6hn>Qmvv;Rt)*cJfTr2=~EnGD8P$v3R|&1RCl&7)b+`=QGapi
zPbLg_pxm`+HZu<m?!7U-4WAkRIvA?nkvkJk^_16ra(2ol=>rtFZ;wZ=`Vk*do~$wB
zxoW&=j0OTbQ=Q%S8XJ%~qoa3Ea|au5o}_(P<!sMD{S;N+2xm_Iy|A<THmJ(q(zBs9
z{`8hwZw!;sY52Mv{PZHNHdMGpe-l}XgFAc7L((Zh-efNS8&OBK-q*?=k1^yLp9oq?
zXKGDo7f{c}l4LuYSg!=s#O8zm>;=!y-AjFrERh%<NThjqhiN^V&cU^&0-;PJ-F8o{
z_0WafIFBVHmq4f^7G$>8l<Q<3EuAjQ2q!ir*~U)WahySJt}|r+?=qIwHXpDm6o0y4
zzu1;usI_fWkfUF+HsiI?ahJJ9;Zy11^6IY&Kw{T6$^HwGhw+Cf&Eq|(xs<PVL%KQ(
zQ(mvhGN-!4ZWNu3_#zaJTKdHI-8`QWO9D^dPb8JaC}@_xNk?GJ!lvd3ZMmgA6_e+p
z#@uxY5VKmuz<aik42){V43PazPE_}c*!@hylFvpJ9qtcUEd#F;R*Z*5^rX1nTU*fW
zk^}Q55;Q5lk8=t6r#5<g@CoRaOWly*ek@2htiS<GRTz8ghOM`CwfXzHPsayr?@$gd
z?xR|uU$EmVB>a!z6Fn@lR?^E~H12D?8#ht=1F;7@o4$Q8GDj;sSC%Jfn01xgL&%F2
zwG1|5ikb^qHv&9hT8w83+yv&BQXOQyMVJ<h%wEQI?90-3Iwb5Q2a%HTg`X<|!{)4e
zIVme?9=s)>SBL(Ky~p)gU3#%|blG?IR9rP^zUbs7rOA0X52Ao=GRt@C&zlyjNLv-}
z9?*x{y(`509qhCV*B47f2hLrGl^<@SuRGR!KwHei?!CM10Tq*YDIoBNyRuO*>3FU?
zHjipIE#B~y3FSfOsMfj~F9PNr*H?0oHyYB^G(YyNh{SxcE(Y-`x5jFMKb~HO*m+R%
zrq|ic4fzJ#USpTm;X7K+E%xsT_3VHKe?*uc4-FsILUH;kL>_okY(w`VU*8+l>o>Jm
ziU#?2^`>arnsl#)*R&nf_%>A+qwl%o{l(u)M?DK1^mf260_oteV3#E_>6Y4!_hhVD
zM8AI6MM2V*^_M^sQ0dmHu11fy^kOqXqzpr?K$`}BKWG`=<xP|}i?;|Ha4Ho!yWz@5
z!M=V~bc)aJpXa3@dSFq!67b<KyrYoy^rImueW0uZ>Es(9&S@K@)ZjA{lj3ea7_MBP
zk(|hBFRjHVMN!sNUkrB;(cTP)T97M$0Dtc&UXSec<+q?y>5=)}S~{Z@ua;1xt@=T5
zI7{`Z=z_X*no8s>mY;>BvEXK%b<X{{%STg47gt$X*9kutJS&BGvKTvIweD(VYC<nt
zwQMUA5>`a6(DTS6t&b!vf_z#HM{Uoy_5fiB(zpkF{})ruka$iX*~pq1ZxD?q68dIo
zIZSVls9kFGsTwvr4{T_LidcWtt$u{kJlW7moRaH6+A5hW&;;2<oIH0nh^_?~eM}}~
zM7RGy;nU|Q_W|eq@L03*W<UGBkT&I?Zq{4O%6R@g4^9BKqeDs()g%6Z`RPF)ydD2q
z8w2L|?G6ragu-Hm=md;sV(YRKmTS5{_zi+ns1c)&a1_t)h6&9F$1NT+<uEnM6G8{C
z<Lg(8m7?V_PW;n-jq|<XvRcYiZ=8$4=u~^;ePSN}YzFqC(YI$x)`<b55vQhNpTU{E
z3=Lm@BZ{S%qMhHcZ_)Zu0LFnjvj~2Fq^PLetO|gRSn-Sj4cEB&J5tdh4j{U(o~Fs~
z6f!EiUkMIpVkbfns$%>O#$oKyEN8kx`LmG)Wfq4ykh+q{I3|RfVpkR&QH_x;t41Uw
z`P+tft^E2B$domKT@|nNW`EHwyj>&<JatrLQ=_3X%vd%nHh^z@vIk(<5%IRAa&Hjz
zw`TSyVMLV^L$N5Kk_i3ey6byDt)F^UuM+Ub4*8+XZpnnPUSBgu^ijLtQD>}K;eDpe
z1bNOh=fvIfk`&B61+S8ND<(KC%>y&?>opCnY*r5M+!UrWKxv0_QvTlJc>X#AaI^xo
zaRXL}t5Ej_Z$y*|w*$6D+A?Lw-CO-$itm^{2Ct82-<0IW)0KMNvJHgBrdsIR0v~=H
z?n6^}l{D``Me90`^o|q!olsF?UX3YSq^6Vu>Ijm>>PaZI8G@<^NGw{Cx&%|PwYrfw
zR!gX_%AR=L3BFsf8LxI|K^J}deh0ZdV?$3r--FEX`#INxsOG6_=!v)DI>0q|BxT)z
z-G6kzA01M?rba+G_mwNMQD1mbVbNTWmBi*{s_v_Ft9m2Avg!^78(QFu&n6mbRJ2bA
zv!b;%yo{g*9l2)>tsZJOOp}<O4sc<yR1sNBy|5I7n74G=1z0Dr2ehy3iPvLBZ;f-b
zZ-*+w=#CC69w!XBK{CuqVUpHW<6EX=3mlpSo;1W`I<PzL`wVUn4zAc@>U~8VUH`}$
z8p_}t*XIOehezolNa-a2x0BS})Y9}&*TPgua{Ewn-=wVrmJUeU39EKx+%w%=ixQWK
zDLpwaNJs65#6o7Ln7~~X+p_o2BR1g~VCfxLzxA{HlWAI6^H;`juI=&r1jQrUv_q0Z
z1Ja-tjdktrrP>GOC*#p?*xfQU5MqjMsBe!9lh(u8)w$e@Z|>aUHI5o;MGw*|Myiz3
z-f0;pHg~Q#%*Kx8MxH%AluVXjG2C$)WL-K63@Q`#y9_k_+}eR(x4~dp7oV-ek0H>I
zgy8p#i4GN{>#v=pFYUQT(g&b$OeTy-X_#FDgNF8XyfGY6R!>inYn8IR2RDa&O!(6<
znXs{W!bkP|s_YI*Yx%4stI`=ZO45IK6rBs`g7sP40ic}GZ58s?Mc$&i`kq_tfci>N
zIHrC0H+Qpam1bNa=(`SRKjixBTtm&e`j9porEci!zdlg1RI0Jw#b(_Tb@RQK1Zxr_
z%7SUeH6=TrXt<MN?vn1gM{@sUcicXMx<wh*157!ACmet?8y}@k4YruRB)zu6|2SUr
z_SY$8aVT%f+nX!cL>3J@js`4iDD0=IoHhK~I7^W8^Rcp~Yaf>2wVe|Hh1bUpX9A<A
z9eG$he;_xYvTb<C^^O*ri<NP#2zDKa{3y0iUAX-bh($%SEY-zDrc(H;-{|C^MBH%7
zQ<XKr(!C2H!h20PxJ$fAhF>TD#moByY57-f2Ef1TP^lBi&p5_s7WGG9|0T}dlfxOx
zXvScJO1Cnq`c`~{Dp;{;l<-KkCDE+pmexJkd}zCgE{eF=)K``-qC~IT6GcRog_)!X
z?fK^F8UDz$(zFUrwuR$qro5>qqn>+Z%<5>;_*3pZ8QM|yv9CAtrAx;($>4l^_$_-L
z*&?(77!-=zvnCVW&kUcZMb6;2!83si518Y%R*A3JZ8Is|kUCMu`!vxDgaWjs7^0j(
ziTaS4HhQ)ldR=r)_7vYFUr%THE}cPF{0H45FJ5MQW^+W>P+eEX2kLp3zzFe*-pFVA
zdDZRybv?H|>`9f$AKVjFWJ=wegO7hOOIYCtd?Vj{EYLT*^gl35|H<kb|JP0Sf2iU8
z*A!RH!WG*L)kkz~__ja%l+-0&S;j~!=>Q`R=ti+ADm{jyQE7K@kdjuqJhWVSks>b^
zxha88-h3s;%3_5b1TqFCPTxVjvuB5U>v=HyZ$?JSk+&I%)M7KE*wOg<)1-Iy)8-K!
z^XpIt|0ibmk9RtMmlUd7#Ap3Q!q9N4atQy)TmrhrFhfx1DAN`^<YwjQ_+}b9YN{-?
z8$nPR24eGm^0ONvx{_yQUftd?gZA9r1&AhZE`KyH(E&?Dr(T%7y4}wf23_<g_P~Lo
zfl2!Lz3^s|Bt0Y`J=L2;hE6O2^iI|2sy!KlJ6QXd!shmpT`efAiS|rJ#~@;A=ElU4
zf|Atszw~DyBHZz~DYJKdP^YF$CmA;Av_d^2r$xk*Ol3#2AaLE+`4$D>vq@Q_SRl|V
z<K6MCDh!HyhqG~6QZl9vgOu*O*A%hXw@C^N4vl$K%J_Un%Pj8sntS$tL2JL8@fGnz
zKdgwc#)4>#lU<~n67$mT)NvHh`%als+G-)<RP8}Lm1(>x1`Y%4Bp*6Un5Ri9h=_Db
zA-AdP!f>f0m@~>7X#uBM?diI@)<i^0HH{;?N#a0(iBzci_Wf~4Q30>Egjuz@jXKvm
zJo+==juc9_<;CqeRaU9_Mz@;3e=E4=6TK+c`|uu#pIqhSyNm`G(X)&)B`8q0RBv#>
z`gGlw(Q=1Xmf55VHj%C#^1lpc>LY8kfA@|<ymri8HZUvO#j1!=ghZfRc+IFzD}2jz
zF~-YaCK0eJaU|71)hkYhd3gpMX`~acH9p)o*(lH_l$NvVTFyw>rlC1EA<1#`iuyNO
z(=;irt{_&K=i4)<v!an~8M+!RO3Pu5i8ijMT5k?QA!WfgLbPwaNncG**$|bYY&^b|
za#}BovCAZwmv~T_NxDWlgaf%8mm~;hEYyh@LBDEL_Lv;G<6cMw@}C)ae%*fY_bz1E
zYjRbUnF722om(1?(5Od?Fv6U9v}V123!1}%+k=AKAUJ8(RW}Z|JRbT?1IKy6+KdLl
zg4^-+2WQKQ(n#tgf>^x%;U(Xv<)+o=dczC5H3W~+e|f~{*ucxj@{Yi-cw^MqYr3fN
zF5D+~!wd$#al?UfMnz(@K#wn`_5na@rRr8XqN@&M&FGEC@`+OEv}sI1hw>Up0qAWf
z<Dm0m6*5#9z#Or>L#e4~&oM;TVfjRE+10B_gFlLEP9?Q-dARr3xi6nQqnw>k-S;~b
z;!0s2VS4}W8b&pGuK=7im+t(`nz@FnT#VD|!)eQNp-W6)@>aA+j~K*H{$G`y2|QHY
z|Hmy+CR@#jWY4~)lr1qBJB_RfHJFfP<}pK5(#ZZGSqcpyS&}01LnTWk5fzmXMGHkJ
zTP6L^B+uj;lmB_W<~4=${+v0>z31M!-_O@o-O9GyW)j_mjx}!0@br_LE-7SIuPP84
z;5=O(U*g_um0tyG|61N@d9lEuOeiRd+#NY^{nd5;-CVlw&Ap7J?qwM^?E29wvS}2d
zbzar4Fz&RSR(-|s!Z6+za<RMqM6r<a8m4_W4@xudUaL`kYe!J{3$)f)<@qubwM>&Z
zY#D<5q_JUktIzvL0)yq_kLWG6DO{ri=?c!y!f(Dk%G<v0=FK_o4?)_o$On2SwsLA)
zAL=#giAbzu?wj?Q!HMZ88z~dvA0qhj><yLu;FG~#j}T@O&r9^`c*wbrvR+;FAlICf
z>{8)k`Gym%j#!OgXVDD3;$&v@qy#ISJfp=Vm>pls@9-mapVQChAHHd-x+OGx)(*Yr
zC1qDUTZ6mM(b_hi!TuFF2k#8uI2;kD70AQ&di$L*4P*Y-@p`jdm<x=jTo9rTg0-%J
zWNEm*V8c4r7QAx26oZW5UF9cVFc0`g<KL-WgeOmnmRPjT$|lN6TF;HvY7vV(tRLTb
z8uIAJ{`Es>%_c3f)XhYD^6M8&#Y$ZpzQMcR|6nsH>b=*R_Von!$BTRj7yGCXokoAQ
z&ANvx0-Epw`QIEPgI(^cS2f(Y85yV@ygI{ewyv<YASosL#4GF1!A3@keRVH!qKUDe
zs>5Frng)e}KCZF7JbR(&W618_dcEh(#+^zZFY;o<xwCoyd4@^k2~0q8Df75qt{KP;
z3{98Wv)@EV;OO`|NfGH;xuoE9ZDc^|)V9EwIm62D><815<5sOHQdeax9_!PyM&;{P
zkBa5xymca0#)c#tke@3KNEM8a_mT&1gm;p&&JlMGH(cL(b)BckgMQ^9&vRwj!~3@l
zY?L5}=Jzr080OGKb|y`ee(+`flQg|!lo6>=H)X4`$Gz~hLmu2a%kYW_Uu8x09Pa0J
zKZ`E$BKJ=2GPj_3l*TEcZ*uYRr<*J^#5pILTT;k_cgto1ZL-%slyc16J~OH-(RgDA
z%;EjEnoUkZ&acS{Q8`{i6T5^nywgqQI5bDIymoa7CSZG|WWVk>GM9)zy*bNih|QIm
z%0+(Nnc*a_xo;$=!HQYaapLms>J1ToyjtFByY`C2H1wT#178#4+|{H0BBqtCdd$L%
z_3Hc60j@{t9~MjM@LBalR&6@>B;9?r<7J~F+W<RPz6+mY*%d3J)K!a*Ub0W$a5pu1
zpyaIK1a78VM236d(*4sF@@>XyYu*y3?px*=8MAK@E<PuYbQvYYK2!f5b9Cy!e$TNp
zMY7J8HpGh|9Bjf*Idamg2ERm)e{b9LHdb9?YNyojTH<?DjjnUQ>A+jRX8{CG?GI-<
z54?Dc9CAh>QTAvyOEm0^+x;r2BWX|{3$Y7)L5l*<xX3U4nrX>qVE*y0`7J>l2wCmW
zL1?|a`pJ-l{fb_N;R(Z9UMiSj6pQjOvQ^%DvhIJF!+Th7jO2~1f1N+(-TyCFYQZYw
z4)>7caf^Ki_KJ^Zx2JU<ZPR++15&8=g)pSnC#hVMzLaXTIn)IvSecpkHX^1;d_rY?
zWm=trnZ!T)YDNnx<@(zFs`C45VphY}?`!eK+aW8;n<`R!$HEHFhJAb}ZIlv@QNH>b
z&$3zJy!*+rCV4%jqwyuNY3j1ZEiltS0xTzd+=itTb;IPYpaf?8Y+RSdVdpacB(bVQ
zC(JupLfFp8y43%PMj2<jX-4>}T|VS@%LVp>hv4Y!RPMF?pp8U_$xC<zY9x_$+V&y?
z%ggZbvSdVgik5BAbm-Ftp~4HWL&=)5o*T4|NCw7tuov0#3S6)pIFp~1kKbXck>J)S
zQx!69>bphNTIb9yn*_yfj{N%bY)t{L1cs8<8|!f$;UQ*}IN=2<6lA;x^(`8t?;+ST
zh)z4qeYYgZkIy{$4x28O-pugO&gauRh3;lti9)9Pvw+^)0!h~%m&8Q!AKX%urEMnl
z?yEz?g#ODn$UM`+Q#$Q!6|zsq_`dLO5YK-6bJM6ya>}H+vnW^h?o$z;V&wvuM$dR&
zeEq;uUUh$XR`TWeC$$c&Jjau2it3#%J-y}Qm>nW*s?En?R&6w@sDXMEr#8~$=b(gk
z<FxEze9^xvxnESw>wDC3)NtAP;M2BW_lL^5ShpK$D%@|BnD{=!Tq)o(5@z3i7Z){}
zGr}Exom_qDO<O<j9nJ)?Y~gzRH)#Pa9m&xBkERN?emFcV5ufEOJ2@ymi~NADMO#e|
zm3$Y`Qr6eFm@fJzy6{bQyYa!h5_7$!31PwlzM;{PTS(jOqytiFR=Z^G(T6=3zki3Z
zODwSc&;!1$`j^}Chu=p8`l*I`?c%7uCEEWb!B!D}!KqHMqto!(tM<}~69fA2M#rQM
zHL({#Y<tF{W1#`xjsf>{kAVkZ*MbLNHE666Kina#D{&>Jy%~w7yX$oj;cYCd^p9zy
z8*+wgSEcj$4{WxKmCF(5o7U4jqwEvO&dm1H#7<IimT^vc0C7pVQ-47I(-2v`Zz3QM
zH>z}%VXAbW&W24v-tS6N3}qrm1OnE)fUkoE8yMMn9S$?IswS88tQWm4#Oid#ckgr6
zRtHm!mfNl-`d>O*1~d7%;~n+{Rph6BBy^95zqI{K((E!iFQ+h*C3EsbxNo_aRm5gj
zKYug($r*Q#W9`p%Bf{bi6;IY0v`p<Cd?8q@KbSVydTLPOx!FvQL^AvtYyA50`0#iE
z*~tCT1#fR@Pd<y%kQR&FN$Lu72{CyZH^s&)c%`^AhWPp5M`u~n>B^^qu)gbg9QHQ7
zWBj(a1Y<Ascy19=4!Q5eQC}Cr8HZOpnQ?fvLusFy^%nO}+WZ^Q6PUc#b7?-wv8^Lo
zCo^00U@TT;aDw34ybbw`7ygAGV{2A+JoS3Q;ln?y3c-5q`v*;!(lb%b(SwJW($i3K
zYz1ErOBGIXEq>Su)~2RK8Pi#C>{DMlrqFb9e_RehEHyI{n?e3vL_}L>k<aytXNR7m
zdbaDr(Radm6E^VfQ9=(LPZw%GEe@A#*X=d23tcN*8@XP}le-XkXD@l%m$sh|$yGN)
zZq_i?GJ2mC;ffRUMr7{|d&uO?lZ6rqd9YKmjm@p=TY^qSbE8pKm%C7}*~@h?M>YJC
z_ly$$)zFi*SFyNrnOt(B*7E$??s67EO%DgoZL2XNk8i<y3`IAxI(@3{*kt%`K$WVM
zSPYzL`zEXl3>Vx~X_)o++4oaK1M|ou73vA0K^503j@uuVmLcHH4ya-kOIDfM%5%(E
z+Xpt~#7y2!KB&)PoyCA+$~DXqxPxxALy!g-O?<9+9KTk4Pgq4AIdUkl`1<1#j^cJg
zgU3`0hkHj_jxV>`Y~%LAZl^3o0}`Sm@iw7kwff{M%VwtN)|~!p{AsfA6vB5UolF~d
zHWS%*uBDt<9y!9v2Xe|au&1j&iR1HXCdyCjxSgG*L{wmTD4(NQ=mFjpa~xooc6kju
z`~+d{j7$h-;HAB04H!Zscu^hZffL#9!p$)9>sRI|Yovm)g@F>ZnosF2EgkU3ln0bR
zTA}|+E(tt)!SG)-bEJi_0m{l+(cAz^pi}`9=~n?y&;2eG;d9{M6nj>BHGn(KA2n|O
zt}$=FPq!j`p&kQ8>cirSzkU0c08%8{^Qyqi-w2LoO8)^E7;;I1;HQ6B$u0nNaX2CY
zSmfi)F`m94zL8>#zu;8|{aBui@<qa6D<KXBg_4<Uq2!V_1GyE#=XV!Sw1?$fa1P)-
z0k6#qT=1StiUXrh1Fa8C47_m|x8>RzRKBlP1&mfFxEC@%cjl?NBs`cr^nm)<gBX8r
z;(`D;^1J(C2?R5coEz)AkTn3>{>;$g?rhKr$AO&6qV_Wbn^}5tfFBry^e1`%du2~o
zs$~dN;S_#%iwwA_QvmMjh%Qo?0?rR~6liyN5Xmej8(<!Q7sdN|q2!XB#p&W!)*qtk
z$JSJU5UViu`N#q)-a>*V9ym*T`xAhHih-v$7U}8=dfXi2i*aAB!xM(X<b%Mfi~wW2
zcrMz2oi2^;F!aNKoS`<riqQz?gEhn9y!`RBy9Vu7omK=UiNXd32HAy%gZEt0MzExo
zMgPuBMp;L+x!?Nv-dzHmZtxOY#AOF3DH>ekg*ix@r|ymDw*{*s0?dlVys2e)z62u1
z+k3esbJE=-<rwJFjbPjscWJCH?e_iV0s9*YSI-0M>P5S$&KdFp+2H7_2e=}OKDrf(
z9-207?6$@f4m4B+9E*e((Y89!q?zH|mz_vM>kp*HGXldO0Hg#!EtFhRuOm$u8e~a9
z5(roy7m$Kh+zjW6@zw{&20u?1f2uP&boD}$#Zy)4o&T;vyBoqFiF2t;*g=|1=)PxB
z8eM3Mp=l_obbc?I^xyLz?4Y1YDWPa+nm;O<$Cn;@ane616`J9OO2r=rZr{I_Kizyc
zP#^^WCdIEp*()rRT+*YZK>V@^Zs=ht32x>K<s82;aM7oy#NR<HL(|<XRL><DEv>we
zab)@ZEffz;VM4{XA6e421^h~`ji5r%)B{wZu#hD}f3$y@L<CSg)I*<&=O@v_L$?1=
zEYv!liaioa5BukR6(|#GBur)2M$u!=$7d{eEQfmbQmIAJE1)j#;0tX&)OeICv^#F4
zLi648+lCY>0JV9f3g{-RK!A?vBUA}${YF(vO<sZ0ij3f(no##Hs;2ST6=>4)@`6f1
z-A|}e#LN{)(eXloDnX4Vs7eH|<@{r#LodP@Nz--$Dg_Par%DCpu2>2jUnqy~|J?eZ
zBG4FVsz_A+ibdwv>mLp>P!(t}E>$JGaK$R~;fb{O3($y1ssQQo|5M;^JqC?7qe|hg
zu0ZOqeFcp?qVn&Qu7FQJ4hcFi&|nR!*j)MF#b}QO^lN%5)4p*D^H+B){n8%VPUzi!
zDihoGcP71a6!ab`l^hK&*dYrVYzJ0)#}xVrp!e;lI!+x+bfCN0KXwUAPU9@#l7@0&
QuEJmfE|#`Dqx|px0L@K;Y5)KL

literal 0
HcmV?d00001

diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties
new file mode 100644
index 0000000..69a9715
--- /dev/null
+++ b/gradle/wrapper/gradle-wrapper.properties
@@ -0,0 +1,5 @@
+distributionBase=GRADLE_USER_HOME
+distributionPath=wrapper/dists
+distributionUrl=https\://services.gradle.org/distributions/gradle-7.1-bin.zip
+zipStoreBase=GRADLE_USER_HOME
+zipStorePath=wrapper/dists
diff --git a/gradlew b/gradlew
new file mode 100755
index 0000000..744e882
--- /dev/null
+++ b/gradlew
@@ -0,0 +1,185 @@
+#!/usr/bin/env sh
+
+#
+# Copyright 2015 the original author or authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+##############################################################################
+##
+##  Gradle start up script for UN*X
+##
+##############################################################################
+
+# Attempt to set APP_HOME
+# Resolve links: $0 may be a link
+PRG="$0"
+# Need this for relative symlinks.
+while [ -h "$PRG" ] ; do
+    ls=`ls -ld "$PRG"`
+    link=`expr "$ls" : '.*-> \(.*\)$'`
+    if expr "$link" : '/.*' > /dev/null; then
+        PRG="$link"
+    else
+        PRG=`dirname "$PRG"`"/$link"
+    fi
+done
+SAVED="`pwd`"
+cd "`dirname \"$PRG\"`/" >/dev/null
+APP_HOME="`pwd -P`"
+cd "$SAVED" >/dev/null
+
+APP_NAME="Gradle"
+APP_BASE_NAME=`basename "$0"`
+
+# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
+DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
+
+# Use the maximum available, or set MAX_FD != -1 to use that value.
+MAX_FD="maximum"
+
+warn () {
+    echo "$*"
+}
+
+die () {
+    echo
+    echo "$*"
+    echo
+    exit 1
+}
+
+# OS specific support (must be 'true' or 'false').
+cygwin=false
+msys=false
+darwin=false
+nonstop=false
+case "`uname`" in
+  CYGWIN* )
+    cygwin=true
+    ;;
+  Darwin* )
+    darwin=true
+    ;;
+  MSYS* | MINGW* )
+    msys=true
+    ;;
+  NONSTOP* )
+    nonstop=true
+    ;;
+esac
+
+CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
+
+
+# Determine the Java command to use to start the JVM.
+if [ -n "$JAVA_HOME" ] ; then
+    if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
+        # IBM's JDK on AIX uses strange locations for the executables
+        JAVACMD="$JAVA_HOME/jre/sh/java"
+    else
+        JAVACMD="$JAVA_HOME/bin/java"
+    fi
+    if [ ! -x "$JAVACMD" ] ; then
+        die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME
+
+Please set the JAVA_HOME variable in your environment to match the
+location of your Java installation."
+    fi
+else
+    JAVACMD="java"
+    which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
+
+Please set the JAVA_HOME variable in your environment to match the
+location of your Java installation."
+fi
+
+# Increase the maximum file descriptors if we can.
+if [ "$cygwin" = "false" -a "$darwin" = "false" -a "$nonstop" = "false" ] ; then
+    MAX_FD_LIMIT=`ulimit -H -n`
+    if [ $? -eq 0 ] ; then
+        if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then
+            MAX_FD="$MAX_FD_LIMIT"
+        fi
+        ulimit -n $MAX_FD
+        if [ $? -ne 0 ] ; then
+            warn "Could not set maximum file descriptor limit: $MAX_FD"
+        fi
+    else
+        warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT"
+    fi
+fi
+
+# For Darwin, add options to specify how the application appears in the dock
+if $darwin; then
+    GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\""
+fi
+
+# For Cygwin or MSYS, switch paths to Windows format before running java
+if [ "$cygwin" = "true" -o "$msys" = "true" ] ; then
+    APP_HOME=`cygpath --path --mixed "$APP_HOME"`
+    CLASSPATH=`cygpath --path --mixed "$CLASSPATH"`
+
+    JAVACMD=`cygpath --unix "$JAVACMD"`
+
+    # We build the pattern for arguments to be converted via cygpath
+    ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null`
+    SEP=""
+    for dir in $ROOTDIRSRAW ; do
+        ROOTDIRS="$ROOTDIRS$SEP$dir"
+        SEP="|"
+    done
+    OURCYGPATTERN="(^($ROOTDIRS))"
+    # Add a user-defined pattern to the cygpath arguments
+    if [ "$GRADLE_CYGPATTERN" != "" ] ; then
+        OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)"
+    fi
+    # Now convert the arguments - kludge to limit ourselves to /bin/sh
+    i=0
+    for arg in "$@" ; do
+        CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -`
+        CHECK2=`echo "$arg"|egrep -c "^-"`                                 ### Determine if an option
+
+        if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then                    ### Added a condition
+            eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"`
+        else
+            eval `echo args$i`="\"$arg\""
+        fi
+        i=`expr $i + 1`
+    done
+    case $i in
+        0) set -- ;;
+        1) set -- "$args0" ;;
+        2) set -- "$args0" "$args1" ;;
+        3) set -- "$args0" "$args1" "$args2" ;;
+        4) set -- "$args0" "$args1" "$args2" "$args3" ;;
+        5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;;
+        6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;;
+        7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;;
+        8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;;
+        9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;;
+    esac
+fi
+
+# Escape application args
+save () {
+    for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done
+    echo " "
+}
+APP_ARGS=`save "$@"`
+
+# Collect all arguments for the java command, following the shell quoting and substitution rules
+eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS "\"-Dorg.gradle.appname=$APP_BASE_NAME\"" -classpath "\"$CLASSPATH\"" org.gradle.wrapper.GradleWrapperMain "$APP_ARGS"
+
+exec "$JAVACMD" "$@"
diff --git a/gradlew.bat b/gradlew.bat
new file mode 100644
index 0000000..ac1b06f
--- /dev/null
+++ b/gradlew.bat
@@ -0,0 +1,89 @@
+@rem
+@rem Copyright 2015 the original author or authors.
+@rem
+@rem Licensed under the Apache License, Version 2.0 (the "License");
+@rem you may not use this file except in compliance with the License.
+@rem You may obtain a copy of the License at
+@rem
+@rem      https://www.apache.org/licenses/LICENSE-2.0
+@rem
+@rem Unless required by applicable law or agreed to in writing, software
+@rem distributed under the License is distributed on an "AS IS" BASIS,
+@rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+@rem See the License for the specific language governing permissions and
+@rem limitations under the License.
+@rem
+
+@if "%DEBUG%" == "" @echo off
+@rem ##########################################################################
+@rem
+@rem  Gradle startup script for Windows
+@rem
+@rem ##########################################################################
+
+@rem Set local scope for the variables with windows NT shell
+if "%OS%"=="Windows_NT" setlocal
+
+set DIRNAME=%~dp0
+if "%DIRNAME%" == "" set DIRNAME=.
+set APP_BASE_NAME=%~n0
+set APP_HOME=%DIRNAME%
+
+@rem Resolve any "." and ".." in APP_HOME to make it shorter.
+for %%i in ("%APP_HOME%") do set APP_HOME=%%~fi
+
+@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
+set DEFAULT_JVM_OPTS="-Xmx64m" "-Xms64m"
+
+@rem Find java.exe
+if defined JAVA_HOME goto findJavaFromJavaHome
+
+set JAVA_EXE=java.exe
+%JAVA_EXE% -version >NUL 2>&1
+if "%ERRORLEVEL%" == "0" goto execute
+
+echo.
+echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
+echo.
+echo Please set the JAVA_HOME variable in your environment to match the
+echo location of your Java installation.
+
+goto fail
+
+:findJavaFromJavaHome
+set JAVA_HOME=%JAVA_HOME:"=%
+set JAVA_EXE=%JAVA_HOME%/bin/java.exe
+
+if exist "%JAVA_EXE%" goto execute
+
+echo.
+echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
+echo.
+echo Please set the JAVA_HOME variable in your environment to match the
+echo location of your Java installation.
+
+goto fail
+
+:execute
+@rem Setup the command line
+
+set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
+
+
+@rem Execute Gradle
+"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %*
+
+:end
+@rem End local scope for the variables with windows NT shell
+if "%ERRORLEVEL%"=="0" goto mainEnd
+
+:fail
+rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of
+rem the _cmd.exe /c_ return code!
+if  not "" == "%GRADLE_EXIT_CONSOLE%" exit 1
+exit /b 1
+
+:mainEnd
+if "%OS%"=="Windows_NT" endlocal
+
+:omega
diff --git a/settings.gradle b/settings.gradle
new file mode 100644
index 0000000..2f3659d
--- /dev/null
+++ b/settings.gradle
@@ -0,0 +1,9 @@
+// SPDX-FileCopyrightText: 2021 Paul Schaub <info@pgpainless.org>
+//
+// SPDX-License-Identifier: CC0-1.0
+
+rootProject.name = 'PGPainless'
+
+include 'sop-java',
+        'sop-java-picocli'
+
diff --git a/sop-java-picocli/README.md b/sop-java-picocli/README.md
new file mode 100644
index 0000000..f76c929
--- /dev/null
+++ b/sop-java-picocli/README.md
@@ -0,0 +1,34 @@
+<!--
+SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
+
+SPDX-License-Identifier: Apache-2.0
+-->
+# SOP-Java-Picocli
+
+Implementation of the [Stateless OpenPGP Command Line Interface](https://tools.ietf.org/html/draft-dkg-openpgp-stateless-cli-01) specification.
+This terminal application allows generation of OpenPGP keys, extraction of public key certificates,
+armoring and de-armoring of data, as well as - of course - encryption/decryption of messages and creation/verification of signatures.
+
+## Install a SOP backend
+
+This module comes without a SOP backend, so in order to function you need to extend it with an implementation of the interfaces defined in `sop-java`.
+An implementation using PGPainless can be found in the module `pgpainless-sop`, but it is of course possible to provide your
+own implementation.
+
+Just install your SOP backend by calling 
+```java
+// static method call prior to execution of the main method
+SopCLI.setSopInstance(yourSopImpl);
+```
+
+## Usage
+
+To get an overview of available commands of the application, execute
+```shell
+java -jar sop-java-picocli-XXX.jar help
+```
+
+If you just want to get started encrypting messages, see the module `pgpainless-cli` which initializes
+`sop-java-picocli` with `pgpainless-sop`, so you can get started right away without the need to manually wire stuff up.
+
+Enjoy!
\ No newline at end of file
diff --git a/sop-java-picocli/build.gradle b/sop-java-picocli/build.gradle
new file mode 100644
index 0000000..81183a0
--- /dev/null
+++ b/sop-java-picocli/build.gradle
@@ -0,0 +1,39 @@
+// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+plugins {
+    id 'application'
+}
+
+dependencies {
+    testImplementation "org.junit.jupiter:junit-jupiter-api:$junitVersion"
+    testRuntimeOnly "org.junit.jupiter:junit-jupiter-engine:$junitVersion"
+
+    // https://todd.ginsberg.com/post/testing-system-exit/
+    testImplementation 'com.ginsberg:junit5-system-exit:1.1.1'
+    testImplementation 'org.mockito:mockito-core:4.2.0'
+
+    implementation(project(":sop-java"))
+    implementation "info.picocli:picocli:$picocliVersion"
+
+    // https://mvnrepository.com/artifact/com.google.code.findbugs/jsr305
+    implementation group: 'com.google.code.findbugs', name: 'jsr305', version: '3.0.2'
+}
+
+mainClassName = 'sop.cli.picocli.SopCLI'
+
+jar {
+    manifest {
+        attributes 'Main-Class': "$mainClassName"
+    }
+
+    from {
+        configurations.runtimeClasspath.collect { it.isDirectory() ? it : zipTree(it) }
+    } {
+        exclude "META-INF/*.SF"
+        exclude "META-INF/*.DSA"
+        exclude "META-INF/*.RSA"
+    }
+}
+
diff --git a/sop-java-picocli/src/main/java/sop/cli/picocli/DateParser.java b/sop-java-picocli/src/main/java/sop/cli/picocli/DateParser.java
new file mode 100644
index 0000000..d2e2188
--- /dev/null
+++ b/sop-java-picocli/src/main/java/sop/cli/picocli/DateParser.java
@@ -0,0 +1,33 @@
+// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package sop.cli.picocli;
+
+import java.util.Date;
+
+import sop.util.UTCUtil;
+
+public class DateParser {
+
+    public static final Date BEGINNING_OF_TIME = new Date(0);
+    public static final Date END_OF_TIME = new Date(8640000000000000L);
+
+    public static Date parseNotAfter(String notAfter) {
+        Date date = notAfter.equals("now") ? new Date() : notAfter.equals("-") ? END_OF_TIME : UTCUtil.parseUTCDate(notAfter);
+        if (date == null) {
+            Print.errln("Invalid date string supplied as value of --not-after.");
+            System.exit(1);
+        }
+        return date;
+    }
+
+    public static Date parseNotBefore(String notBefore) {
+        Date date = notBefore.equals("now") ? new Date() : notBefore.equals("-") ? BEGINNING_OF_TIME : UTCUtil.parseUTCDate(notBefore);
+        if (date == null) {
+            Print.errln("Invalid date string supplied as value of --not-before.");
+            System.exit(1);
+        }
+        return date;
+    }
+}
diff --git a/sop-java-picocli/src/main/java/sop/cli/picocli/FileUtil.java b/sop-java-picocli/src/main/java/sop/cli/picocli/FileUtil.java
new file mode 100644
index 0000000..cd92e6d
--- /dev/null
+++ b/sop-java-picocli/src/main/java/sop/cli/picocli/FileUtil.java
@@ -0,0 +1,98 @@
+// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package sop.cli.picocli;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+
+import sop.exception.SOPGPException;
+
+public class FileUtil {
+
+    private static final String ERROR_AMBIGUOUS = "File name '%s' is ambiguous. File with the same name exists on the filesystem.";
+    private static final String ERROR_ENV_FOUND = "Environment variable '%s' not set.";
+    private static final String ERROR_OUTPUT_EXISTS = "Output file '%s' already exists.";
+    private static final String ERROR_INPUT_NOT_EXIST = "File '%s' does not exist.";
+    private static final String ERROR_CANNOT_CREATE_FILE = "Output file '%s' cannot be created: %s";
+
+    public static final String PRFX_ENV = "@ENV:";
+    public static final String PRFX_FD = "@FD:";
+
+    private static EnvironmentVariableResolver envResolver = System::getenv;
+
+    public static void setEnvironmentVariableResolver(EnvironmentVariableResolver envResolver) {
+        if (envResolver == null) {
+            throw new NullPointerException("Variable envResolver cannot be null.");
+        }
+        FileUtil.envResolver = envResolver;
+    }
+
+    public interface EnvironmentVariableResolver {
+        /**
+         * Resolve the value of the given environment variable.
+         * Return null if the variable is not present.
+         *
+         * @param name name of the variable
+         * @return variable value or null
+         */
+        String resolveEnvironmentVariable(String name);
+    }
+
+    public static File getFile(String fileName) {
+        if (fileName == null) {
+            throw new NullPointerException("File name cannot be null.");
+        }
+
+        if (fileName.startsWith(PRFX_ENV)) {
+
+            if (new File(fileName).exists()) {
+                throw new SOPGPException.AmbiguousInput(String.format(ERROR_AMBIGUOUS, fileName));
+            }
+
+            String envName = fileName.substring(PRFX_ENV.length());
+            String envValue = envResolver.resolveEnvironmentVariable(envName);
+            if (envValue == null) {
+                throw new IllegalArgumentException(String.format(ERROR_ENV_FOUND, envName));
+            }
+            return new File(envValue);
+        } else if (fileName.startsWith(PRFX_FD)) {
+
+            if (new File(fileName).exists()) {
+                throw new SOPGPException.AmbiguousInput(String.format(ERROR_AMBIGUOUS, fileName));
+            }
+
+            throw new IllegalArgumentException("File descriptors not supported.");
+        }
+
+        return new File(fileName);
+    }
+
+    public static FileInputStream getFileInputStream(String fileName) {
+        File file = getFile(fileName);
+        try {
+            FileInputStream inputStream = new FileInputStream(file);
+            return inputStream;
+        } catch (FileNotFoundException e) {
+            throw new SOPGPException.MissingInput(String.format(ERROR_INPUT_NOT_EXIST, fileName), e);
+        }
+    }
+
+    public static File createNewFileOrThrow(File file) throws IOException {
+        if (file == null) {
+            throw new NullPointerException("File cannot be null.");
+        }
+
+        try {
+            if (!file.createNewFile()) {
+                throw new SOPGPException.OutputExists(String.format(ERROR_OUTPUT_EXISTS, file.getAbsolutePath()));
+            }
+        } catch (IOException e) {
+            throw new IOException(String.format(ERROR_CANNOT_CREATE_FILE, file.getAbsolutePath(), e.getMessage()));
+        }
+        return file;
+    }
+}
diff --git a/sop-java-picocli/src/main/java/sop/cli/picocli/Print.java b/sop-java-picocli/src/main/java/sop/cli/picocli/Print.java
new file mode 100644
index 0000000..d6474e1
--- /dev/null
+++ b/sop-java-picocli/src/main/java/sop/cli/picocli/Print.java
@@ -0,0 +1,26 @@
+// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package sop.cli.picocli;
+
+public class Print {
+
+    public static void errln(String string) {
+        // CHECKSTYLE:OFF
+        System.err.println(string);
+        // CHECKSTYLE:ON
+    }
+
+    public static void trace(Throwable e) {
+        // CHECKSTYLE:OFF
+        e.printStackTrace();
+        // CHECKSTYLE:ON
+    }
+
+    public static void outln(String string) {
+        // CHECKSTYLE:OFF
+        System.out.println(string);
+        // CHECKSTYLE:ON
+    }
+}
diff --git a/sop-java-picocli/src/main/java/sop/cli/picocli/SOPExceptionExitCodeMapper.java b/sop-java-picocli/src/main/java/sop/cli/picocli/SOPExceptionExitCodeMapper.java
new file mode 100644
index 0000000..8b38af3
--- /dev/null
+++ b/sop-java-picocli/src/main/java/sop/cli/picocli/SOPExceptionExitCodeMapper.java
@@ -0,0 +1,34 @@
+// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package sop.cli.picocli;
+
+import picocli.CommandLine;
+import sop.exception.SOPGPException;
+
+public class SOPExceptionExitCodeMapper implements CommandLine.IExitCodeExceptionMapper {
+
+    @Override
+    public int getExitCode(Throwable exception) {
+        if (exception instanceof SOPGPException) {
+            return ((SOPGPException) exception).getExitCode();
+        }
+        if (exception instanceof CommandLine.UnmatchedArgumentException) {
+            CommandLine.UnmatchedArgumentException ex = (CommandLine.UnmatchedArgumentException) exception;
+            // Unmatched option of subcommand (eg. `generate-key -k`)
+            if (ex.isUnknownOption()) {
+                return SOPGPException.UnsupportedOption.EXIT_CODE;
+            }
+            // Unmatched subcommand
+            return SOPGPException.UnsupportedSubcommand.EXIT_CODE;
+        }
+        // Invalid option (eg. `--label Invalid`)
+        if (exception instanceof CommandLine.ParameterException) {
+            return SOPGPException.UnsupportedOption.EXIT_CODE;
+        }
+
+        // Others, like IOException etc.
+        return 1;
+    }
+}
diff --git a/sop-java-picocli/src/main/java/sop/cli/picocli/SOPExecutionExceptionHandler.java b/sop-java-picocli/src/main/java/sop/cli/picocli/SOPExecutionExceptionHandler.java
new file mode 100644
index 0000000..bbd8b97
--- /dev/null
+++ b/sop-java-picocli/src/main/java/sop/cli/picocli/SOPExecutionExceptionHandler.java
@@ -0,0 +1,26 @@
+// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package sop.cli.picocli;
+
+import picocli.CommandLine;
+
+public class SOPExecutionExceptionHandler implements CommandLine.IExecutionExceptionHandler {
+
+    @Override
+    public int handleExecutionException(Exception ex, CommandLine commandLine, CommandLine.ParseResult parseResult) {
+        int exitCode = commandLine.getExitCodeExceptionMapper() != null ?
+                commandLine.getExitCodeExceptionMapper().getExitCode(ex) :
+                commandLine.getCommandSpec().exitCodeOnExecutionException();
+        CommandLine.Help.ColorScheme colorScheme = commandLine.getColorScheme();
+        // CHECKSTYLE:OFF
+        if (ex.getMessage() != null) {
+            commandLine.getErr().println(colorScheme.errorText(ex.getMessage()));
+        }
+        ex.printStackTrace(commandLine.getErr());
+        // CHECKSTYLE:ON
+
+        return exitCode;
+    }
+}
diff --git a/sop-java-picocli/src/main/java/sop/cli/picocli/SopCLI.java b/sop-java-picocli/src/main/java/sop/cli/picocli/SopCLI.java
new file mode 100644
index 0000000..bc0ae3d
--- /dev/null
+++ b/sop-java-picocli/src/main/java/sop/cli/picocli/SopCLI.java
@@ -0,0 +1,68 @@
+// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package sop.cli.picocli;
+
+import picocli.CommandLine;
+import sop.SOP;
+import sop.cli.picocli.commands.ArmorCmd;
+import sop.cli.picocli.commands.DearmorCmd;
+import sop.cli.picocli.commands.DecryptCmd;
+import sop.cli.picocli.commands.DetachInbandSignatureAndMessageCmd;
+import sop.cli.picocli.commands.EncryptCmd;
+import sop.cli.picocli.commands.ExtractCertCmd;
+import sop.cli.picocli.commands.GenerateKeyCmd;
+import sop.cli.picocli.commands.SignCmd;
+import sop.cli.picocli.commands.VerifyCmd;
+import sop.cli.picocli.commands.VersionCmd;
+
+@CommandLine.Command(
+        exitCodeOnInvalidInput = 69,
+        subcommands = {
+                CommandLine.HelpCommand.class,
+                ArmorCmd.class,
+                DearmorCmd.class,
+                DecryptCmd.class,
+                DetachInbandSignatureAndMessageCmd.class,
+                EncryptCmd.class,
+                ExtractCertCmd.class,
+                GenerateKeyCmd.class,
+                SignCmd.class,
+                VerifyCmd.class,
+                VersionCmd.class
+        }
+)
+public class SopCLI {
+    // Singleton
+    static SOP SOP_INSTANCE;
+
+    public static String EXECUTABLE_NAME = "sop";
+
+    public static void main(String[] args) {
+        int exitCode = execute(args);
+        if (exitCode != 0) {
+            System.exit(exitCode);
+        }
+    }
+
+    public static int execute(String[] args) {
+        return new CommandLine(SopCLI.class)
+                .setCommandName(EXECUTABLE_NAME)
+                .setExecutionExceptionHandler(new SOPExecutionExceptionHandler())
+                .setExitCodeExceptionMapper(new SOPExceptionExitCodeMapper())
+                .setCaseInsensitiveEnumValuesAllowed(true)
+                .execute(args);
+    }
+
+    public static SOP getSop() {
+        if (SOP_INSTANCE == null) {
+            throw new IllegalStateException("No SOP backend set.");
+        }
+        return SOP_INSTANCE;
+    }
+
+    public static void setSopInstance(SOP instance) {
+        SOP_INSTANCE = instance;
+    }
+}
diff --git a/sop-java-picocli/src/main/java/sop/cli/picocli/commands/ArmorCmd.java b/sop-java-picocli/src/main/java/sop/cli/picocli/commands/ArmorCmd.java
new file mode 100644
index 0000000..a015a68
--- /dev/null
+++ b/sop-java-picocli/src/main/java/sop/cli/picocli/commands/ArmorCmd.java
@@ -0,0 +1,54 @@
+// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package sop.cli.picocli.commands;
+
+import java.io.IOException;
+
+import picocli.CommandLine;
+import sop.Ready;
+import sop.cli.picocli.Print;
+import sop.cli.picocli.SopCLI;
+import sop.enums.ArmorLabel;
+import sop.exception.SOPGPException;
+import sop.operation.Armor;
+
+@CommandLine.Command(name = "armor",
+        description = "Add ASCII Armor to standard input",
+        exitCodeOnInvalidInput = SOPGPException.UnsupportedOption.EXIT_CODE)
+public class ArmorCmd implements Runnable {
+
+    @CommandLine.Option(names = {"--label"}, description = "Label to be used in the header and tail of the armoring.", paramLabel = "{auto|sig|key|cert|message}")
+    ArmorLabel label;
+
+    @Override
+    public void run() {
+        Armor armor = SopCLI.getSop().armor();
+        if (armor == null) {
+            throw new SOPGPException.UnsupportedSubcommand("Command 'armor' not implemented.");
+        }
+
+        if (label != null) {
+            try {
+                armor.label(label);
+            } catch (SOPGPException.UnsupportedOption unsupportedOption) {
+                Print.errln("Armor labels not supported.");
+                System.exit(unsupportedOption.getExitCode());
+            }
+        }
+
+        try {
+            Ready ready = armor.data(System.in);
+            ready.writeTo(System.out);
+        } catch (SOPGPException.BadData badData) {
+            Print.errln("Bad data.");
+            Print.trace(badData);
+            System.exit(badData.getExitCode());
+        } catch (IOException e) {
+            Print.errln("IO Error.");
+            Print.trace(e);
+            System.exit(1);
+        }
+    }
+}
diff --git a/sop-java-picocli/src/main/java/sop/cli/picocli/commands/DearmorCmd.java b/sop-java-picocli/src/main/java/sop/cli/picocli/commands/DearmorCmd.java
new file mode 100644
index 0000000..343b113
--- /dev/null
+++ b/sop-java-picocli/src/main/java/sop/cli/picocli/commands/DearmorCmd.java
@@ -0,0 +1,42 @@
+// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package sop.cli.picocli.commands;
+
+import java.io.IOException;
+
+import picocli.CommandLine;
+import sop.cli.picocli.Print;
+import sop.cli.picocli.SopCLI;
+import sop.exception.SOPGPException;
+import sop.operation.Dearmor;
+
+@CommandLine.Command(name = "dearmor",
+        description = "Remove ASCII Armor from standard input",
+        exitCodeOnInvalidInput = SOPGPException.UnsupportedOption.EXIT_CODE)
+public class DearmorCmd implements Runnable {
+
+    @Override
+    public void run() {
+        Dearmor dearmor = SopCLI.getSop().dearmor();
+        if (dearmor == null) {
+            throw new SOPGPException.UnsupportedSubcommand("Command 'dearmor' not implemented.");
+        }
+
+        try {
+            SopCLI.getSop()
+                    .dearmor()
+                    .data(System.in)
+                    .writeTo(System.out);
+        } catch (SOPGPException.BadData e) {
+            Print.errln("Bad data.");
+            Print.trace(e);
+            System.exit(e.getExitCode());
+        } catch (IOException e) {
+            Print.errln("IO Error.");
+            Print.trace(e);
+            System.exit(1);
+        }
+    }
+}
diff --git a/sop-java-picocli/src/main/java/sop/cli/picocli/commands/DecryptCmd.java b/sop-java-picocli/src/main/java/sop/cli/picocli/commands/DecryptCmd.java
new file mode 100644
index 0000000..8fc4650
--- /dev/null
+++ b/sop-java-picocli/src/main/java/sop/cli/picocli/commands/DecryptCmd.java
@@ -0,0 +1,240 @@
+// SPDX-FileCopyrightText: 2020 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package sop.cli.picocli.commands;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.List;
+import java.util.regex.Pattern;
+
+import picocli.CommandLine;
+import sop.DecryptionResult;
+import sop.ReadyWithResult;
+import sop.SessionKey;
+import sop.Verification;
+import sop.cli.picocli.DateParser;
+import sop.cli.picocli.FileUtil;
+import sop.cli.picocli.SopCLI;
+import sop.exception.SOPGPException;
+import sop.operation.Decrypt;
+import sop.util.HexUtil;
+
+@CommandLine.Command(name = "decrypt",
+        description = "Decrypt a message from standard input",
+        exitCodeOnInvalidInput = SOPGPException.UnsupportedOption.EXIT_CODE)
+public class DecryptCmd implements Runnable {
+
+    private static final String SESSION_KEY_OUT = "--session-key-out";
+    private static final String VERIFY_OUT = "--verify-out";
+
+    private static final String ERROR_UNSUPPORTED_OPTION = "Option '%s' is not supported.";
+    private static final String ERROR_FILE_NOT_EXIST = "File '%s' does not exist.";
+    private static final String ERROR_OUTPUT_OF_OPTION_EXISTS = "Target %s of option %s already exists.";
+
+    @CommandLine.Option(
+            names = {SESSION_KEY_OUT},
+            description = "Can be used to learn the session key on successful decryption",
+            paramLabel = "SESSIONKEY")
+    File sessionKeyOut;
+
+    @CommandLine.Option(
+            names = {"--with-session-key"},
+            description = "Enables decryption of the \"CIPHERTEXT\" using the session key directly against the \"SEIPD\" packet",
+            paramLabel = "SESSIONKEY")
+    List<String> withSessionKey = new ArrayList<>();
+
+    @CommandLine.Option(
+            names = {"--with-password"},
+            description = "Enables decryption based on any \"SKESK\" packets in the \"CIPHERTEXT\"",
+            paramLabel = "PASSWORD")
+    List<String> withPassword = new ArrayList<>();
+
+    @CommandLine.Option(names = {VERIFY_OUT},
+            description = "Produces signature verification status to the designated file",
+            paramLabel = "VERIFICATIONS")
+    File verifyOut;
+
+    @CommandLine.Option(names = {"--verify-with"},
+            description = "Certificates whose signatures would be acceptable for signatures over this message",
+            paramLabel = "CERT")
+    List<File> certs = new ArrayList<>();
+
+    @CommandLine.Option(names = {"--not-before"},
+            description = "ISO-8601 formatted UTC date (eg. '2020-11-23T16:35Z)\n" +
+                    "Reject signatures with a creation date not in range.\n" +
+                    "Defaults to beginning of time (\"-\").",
+            paramLabel = "DATE")
+    String notBefore = "-";
+
+    @CommandLine.Option(names = {"--not-after"},
+            description = "ISO-8601 formatted UTC date (eg. '2020-11-23T16:35Z)\n" +
+                    "Reject signatures with a creation date not in range.\n" +
+                    "Defaults to current system time (\"now\").\n" +
+                    "Accepts special value \"-\" for end of time.",
+            paramLabel = "DATE")
+    String notAfter = "now";
+
+    @CommandLine.Parameters(index = "0..*",
+            description = "Secret keys to attempt decryption with",
+            paramLabel = "KEY")
+    List<File> keys = new ArrayList<>();
+
+    @Override
+    public void run() {
+        throwIfOutputExists(verifyOut, VERIFY_OUT);
+        throwIfOutputExists(sessionKeyOut, SESSION_KEY_OUT);
+
+        Decrypt decrypt = SopCLI.getSop().decrypt();
+        if (decrypt == null) {
+            throw new SOPGPException.UnsupportedSubcommand("Command 'decrypt' not implemented.");
+        }
+
+        setNotAfter(notAfter, decrypt);
+        setNotBefore(notBefore, decrypt);
+        setWithPasswords(withPassword, decrypt);
+        setWithSessionKeys(withSessionKey, decrypt);
+        setVerifyWith(certs, decrypt);
+        setDecryptWith(keys, decrypt);
+
+        if (verifyOut != null && certs.isEmpty()) {
+            String errorMessage = "Option %s is requested, but no option %s was provided.";
+            throw new SOPGPException.IncompleteVerification(String.format(errorMessage, VERIFY_OUT, "--verify-with"));
+        }
+
+        try {
+            ReadyWithResult<DecryptionResult> ready = decrypt.ciphertext(System.in);
+            DecryptionResult result = ready.writeTo(System.out);
+            writeSessionKeyOut(result);
+            writeVerifyOut(result);
+        } catch (SOPGPException.BadData badData) {
+            throw new SOPGPException.BadData("No valid OpenPGP message found on Standard Input.", badData);
+        } catch (IOException ioException) {
+            throw new RuntimeException(ioException);
+        }
+    }
+
+    private void throwIfOutputExists(File outputFile, String optionName) {
+        if (outputFile == null) {
+            return;
+        }
+
+        if (outputFile.exists()) {
+            throw new SOPGPException.OutputExists(String.format(ERROR_OUTPUT_OF_OPTION_EXISTS, outputFile.getAbsolutePath(), optionName));
+        }
+    }
+
+    private void writeVerifyOut(DecryptionResult result) throws IOException {
+        if (verifyOut != null) {
+            FileUtil.createNewFileOrThrow(verifyOut);
+            try (FileOutputStream outputStream = new FileOutputStream(verifyOut)) {
+                PrintWriter writer = new PrintWriter(outputStream);
+                for (Verification verification : result.getVerifications()) {
+                    // CHECKSTYLE:OFF
+                    writer.println(verification.toString());
+                    // CHECKSTYLE:ON
+                }
+                writer.flush();
+            }
+        }
+    }
+
+    private void writeSessionKeyOut(DecryptionResult result) throws IOException {
+        if (sessionKeyOut != null) {
+            FileUtil.createNewFileOrThrow(sessionKeyOut);
+
+            try (FileOutputStream outputStream = new FileOutputStream(sessionKeyOut)) {
+                if (!result.getSessionKey().isPresent()) {
+                    throw new SOPGPException.UnsupportedOption("Session key not extracted. Possibly the feature --session-key-out is not supported.");
+                } else {
+                    SessionKey sessionKey = result.getSessionKey().get();
+                    outputStream.write(sessionKey.getAlgorithm());
+                    outputStream.write(sessionKey.getKey());
+                }
+            }
+        }
+    }
+
+    private void setDecryptWith(List<File> keys, Decrypt decrypt) {
+        for (File key : keys) {
+            try (FileInputStream keyIn = new FileInputStream(key)) {
+                decrypt.withKey(keyIn);
+            } catch (SOPGPException.KeyIsProtected keyIsProtected) {
+                throw new SOPGPException.KeyIsProtected("Key in file " + key.getAbsolutePath() + " is password protected.", keyIsProtected);
+            } catch (SOPGPException.BadData badData) {
+                throw new SOPGPException.BadData("File " + key.getAbsolutePath() + " does not contain a private key.", badData);
+            } catch (FileNotFoundException e) {
+                throw new SOPGPException.MissingInput(String.format(ERROR_FILE_NOT_EXIST, key.getAbsolutePath()), e);
+            } catch (IOException e) {
+                throw new RuntimeException(e);
+            }
+        }
+    }
+
+    private void setVerifyWith(List<File> certs, Decrypt decrypt) {
+        for (File cert : certs) {
+            try (FileInputStream certIn = new FileInputStream(cert)) {
+                decrypt.verifyWithCert(certIn);
+            } catch (FileNotFoundException e) {
+                throw new SOPGPException.MissingInput(String.format(ERROR_FILE_NOT_EXIST, cert.getAbsolutePath()), e);
+            } catch (SOPGPException.BadData badData) {
+                throw new SOPGPException.BadData("File " + cert.getAbsolutePath() + " does not contain a valid certificate.", badData);
+            } catch (IOException ioException) {
+                throw new RuntimeException(ioException);
+            }
+        }
+    }
+
+    private void setWithSessionKeys(List<String> withSessionKey, Decrypt decrypt) {
+        Pattern sessionKeyPattern = Pattern.compile("^\\d+:[0-9A-F]+$");
+        for (String sessionKey : withSessionKey) {
+            if (!sessionKeyPattern.matcher(sessionKey).matches()) {
+                throw new IllegalArgumentException("Session keys are expected in the format 'ALGONUM:HEXKEY'.");
+            }
+            String[] split = sessionKey.split(":");
+            byte algorithm = (byte) Integer.parseInt(split[0]);
+            byte[] key = HexUtil.hexToBytes(split[1]);
+
+            try {
+                decrypt.withSessionKey(new SessionKey(algorithm, key));
+            } catch (SOPGPException.UnsupportedOption unsupportedOption) {
+                throw new SOPGPException.UnsupportedOption(String.format(ERROR_UNSUPPORTED_OPTION, "--with-session-key"), unsupportedOption);
+            }
+        }
+    }
+
+    private void setWithPasswords(List<String> withPassword, Decrypt decrypt) {
+        for (String password : withPassword) {
+            try {
+                decrypt.withPassword(password);
+            } catch (SOPGPException.UnsupportedOption unsupportedOption) {
+                throw new SOPGPException.UnsupportedOption(String.format(ERROR_UNSUPPORTED_OPTION, "--with-password"), unsupportedOption);
+            }
+        }
+    }
+
+    private void setNotAfter(String notAfter, Decrypt decrypt) {
+        Date notAfterDate = DateParser.parseNotAfter(notAfter);
+        try {
+            decrypt.verifyNotAfter(notAfterDate);
+        } catch (SOPGPException.UnsupportedOption unsupportedOption) {
+            throw new SOPGPException.UnsupportedOption(String.format(ERROR_UNSUPPORTED_OPTION, "--not-after"), unsupportedOption);
+        }
+    }
+
+    private void setNotBefore(String notBefore, Decrypt decrypt) {
+        Date notBeforeDate = DateParser.parseNotBefore(notBefore);
+        try {
+            decrypt.verifyNotBefore(notBeforeDate);
+        } catch (SOPGPException.UnsupportedOption unsupportedOption) {
+            throw new SOPGPException.UnsupportedOption(String.format(ERROR_UNSUPPORTED_OPTION, "--not-before"), unsupportedOption);
+        }
+    }
+}
diff --git a/sop-java-picocli/src/main/java/sop/cli/picocli/commands/DetachInbandSignatureAndMessageCmd.java b/sop-java-picocli/src/main/java/sop/cli/picocli/commands/DetachInbandSignatureAndMessageCmd.java
new file mode 100644
index 0000000..f5c71a2
--- /dev/null
+++ b/sop-java-picocli/src/main/java/sop/cli/picocli/commands/DetachInbandSignatureAndMessageCmd.java
@@ -0,0 +1,59 @@
+// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package sop.cli.picocli.commands;
+
+import java.io.File;
+import java.io.FileOutputStream;
+import java.io.IOException;
+
+import picocli.CommandLine;
+import sop.Signatures;
+import sop.cli.picocli.SopCLI;
+import sop.exception.SOPGPException;
+import sop.operation.DetachInbandSignatureAndMessage;
+
+@CommandLine.Command(name = "detach-inband-signature-and-message",
+        description = "Split a clearsigned message",
+        exitCodeOnInvalidInput = SOPGPException.UnsupportedOption.EXIT_CODE)
+public class DetachInbandSignatureAndMessageCmd implements Runnable {
+
+    @CommandLine.Option(
+            names = {"--signatures-out"},
+            description = "Destination to which a detached signatures block will be written",
+            paramLabel = "SIGNATURES")
+    File signaturesOut;
+
+    @CommandLine.Option(names = "--no-armor",
+            description = "ASCII armor the output",
+            negatable = true)
+    boolean armor = true;
+
+    @Override
+    public void run() {
+        DetachInbandSignatureAndMessage detach = SopCLI.getSop().detachInbandSignatureAndMessage();
+        if (detach == null) {
+            throw new SOPGPException.UnsupportedSubcommand("Command 'detach-inband-signature-and-message' not implemented.");
+        }
+
+        if (signaturesOut == null) {
+            throw new SOPGPException.MissingArg("--signatures-out is required.");
+        }
+
+        if (!armor) {
+            detach.noArmor();
+        }
+
+        try {
+            Signatures signatures = detach
+                    .message(System.in).writeTo(System.out);
+            if (!signaturesOut.createNewFile()) {
+                throw new SOPGPException.OutputExists("Destination of --signatures-out already exists.");
+            }
+            signatures.writeTo(new FileOutputStream(signaturesOut));
+        } catch (IOException e) {
+            throw new RuntimeException(e);
+        }
+    }
+}
diff --git a/sop-java-picocli/src/main/java/sop/cli/picocli/commands/EncryptCmd.java b/sop-java-picocli/src/main/java/sop/cli/picocli/commands/EncryptCmd.java
new file mode 100644
index 0000000..0634240
--- /dev/null
+++ b/sop-java-picocli/src/main/java/sop/cli/picocli/commands/EncryptCmd.java
@@ -0,0 +1,123 @@
+// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package sop.cli.picocli.commands;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
+
+import picocli.CommandLine;
+import sop.Ready;
+import sop.cli.picocli.SopCLI;
+import sop.enums.EncryptAs;
+import sop.exception.SOPGPException;
+import sop.operation.Encrypt;
+
+@CommandLine.Command(name = "encrypt",
+        description = "Encrypt a message from standard input",
+        exitCodeOnInvalidInput = 37)
+public class EncryptCmd implements Runnable {
+
+    @CommandLine.Option(names = "--no-armor",
+            description = "ASCII armor the output",
+            negatable = true)
+    boolean armor = true;
+
+    @CommandLine.Option(names = {"--as"},
+            description = "Type of the input data. Defaults to 'binary'",
+            paramLabel = "{binary|text|mime}")
+    EncryptAs type;
+
+    @CommandLine.Option(names = "--with-password",
+            description = "Encrypt the message with a password",
+            paramLabel = "PASSWORD")
+    List<String> withPassword = new ArrayList<>();
+
+    @CommandLine.Option(names = "--sign-with",
+            description = "Sign the output with a private key",
+            paramLabel = "KEY")
+    List<File> signWith = new ArrayList<>();
+
+    @CommandLine.Parameters(description = "Certificates the message gets encrypted to",
+            index = "0..*",
+            paramLabel = "CERTS")
+    List<File> certs = new ArrayList<>();
+
+    @Override
+    public void run() {
+        Encrypt encrypt = SopCLI.getSop().encrypt();
+        if (encrypt == null) {
+            throw new SOPGPException.UnsupportedSubcommand("Command 'encrypt' not implemented.");
+        }
+
+        if (type != null) {
+            try {
+                encrypt.mode(type);
+            } catch (SOPGPException.UnsupportedOption unsupportedOption) {
+                throw new SOPGPException.UnsupportedOption("Unsupported option '--as'.", unsupportedOption);
+            }
+        }
+
+        if (withPassword.isEmpty() && certs.isEmpty()) {
+            throw new SOPGPException.MissingArg("At least one password or cert file required for encryption.");
+        }
+
+        for (String password : withPassword) {
+            try {
+                encrypt.withPassword(password);
+            } catch (SOPGPException.UnsupportedOption unsupportedOption) {
+                throw new SOPGPException.UnsupportedOption("Unsupported option '--with-password'.", unsupportedOption);
+            }
+        }
+
+        for (File keyFile : signWith) {
+            try (FileInputStream keyIn = new FileInputStream(keyFile)) {
+                encrypt.signWith(keyIn);
+            } catch (FileNotFoundException e) {
+                throw new SOPGPException.MissingInput("Key file " + keyFile.getAbsolutePath() + " not found.", e);
+            } catch (IOException e) {
+                throw new RuntimeException(e);
+            } catch (SOPGPException.KeyIsProtected keyIsProtected) {
+                throw new SOPGPException.KeyIsProtected("Key from " + keyFile.getAbsolutePath() + " is password protected.", keyIsProtected);
+            } catch (SOPGPException.UnsupportedAsymmetricAlgo unsupportedAsymmetricAlgo) {
+                throw new SOPGPException.UnsupportedAsymmetricAlgo("Key from " + keyFile.getAbsolutePath() + " has unsupported asymmetric algorithm.", unsupportedAsymmetricAlgo);
+            } catch (SOPGPException.KeyCannotSign keyCannotSign) {
+                throw new SOPGPException.KeyCannotSign("Key from " + keyFile.getAbsolutePath() + " cannot sign.", keyCannotSign);
+            } catch (SOPGPException.BadData badData) {
+                throw new SOPGPException.BadData("Key file " + keyFile.getAbsolutePath() + " does not contain a valid OpenPGP private key.", badData);
+            }
+        }
+
+        for (File certFile : certs) {
+            try (FileInputStream certIn = new FileInputStream(certFile)) {
+                encrypt.withCert(certIn);
+            } catch (FileNotFoundException e) {
+                throw new SOPGPException.MissingInput("Certificate file " + certFile.getAbsolutePath() + " not found.", e);
+            } catch (IOException e) {
+                throw new RuntimeException(e);
+            } catch (SOPGPException.UnsupportedAsymmetricAlgo unsupportedAsymmetricAlgo) {
+                throw new SOPGPException.UnsupportedAsymmetricAlgo("Certificate from " + certFile.getAbsolutePath() + " has unsupported asymmetric algorithm.", unsupportedAsymmetricAlgo);
+            } catch (SOPGPException.CertCannotEncrypt certCannotEncrypt) {
+                throw new SOPGPException.CertCannotEncrypt("Certificate from " + certFile.getAbsolutePath() + " is not capable of encryption.", certCannotEncrypt);
+            } catch (SOPGPException.BadData badData) {
+                throw new SOPGPException.BadData("Certificate file " + certFile.getAbsolutePath() + " does not contain a valid OpenPGP certificate.", badData);
+            }
+        }
+
+        if (!armor) {
+            encrypt.noArmor();
+        }
+
+        try {
+            Ready ready = encrypt.plaintext(System.in);
+            ready.writeTo(System.out);
+        } catch (IOException e) {
+            throw new RuntimeException(e);
+        }
+    }
+}
diff --git a/sop-java-picocli/src/main/java/sop/cli/picocli/commands/ExtractCertCmd.java b/sop-java-picocli/src/main/java/sop/cli/picocli/commands/ExtractCertCmd.java
new file mode 100644
index 0000000..f455933
--- /dev/null
+++ b/sop-java-picocli/src/main/java/sop/cli/picocli/commands/ExtractCertCmd.java
@@ -0,0 +1,45 @@
+// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package sop.cli.picocli.commands;
+
+import java.io.IOException;
+
+import picocli.CommandLine;
+import sop.Ready;
+import sop.cli.picocli.SopCLI;
+import sop.exception.SOPGPException;
+import sop.operation.ExtractCert;
+
+@CommandLine.Command(name = "extract-cert",
+        description = "Extract a public key certificate from a secret key from standard input",
+        exitCodeOnInvalidInput = 37)
+public class ExtractCertCmd implements Runnable {
+
+    @CommandLine.Option(names = "--no-armor",
+            description = "ASCII armor the output",
+            negatable = true)
+    boolean armor = true;
+
+    @Override
+    public void run() {
+        ExtractCert extractCert = SopCLI.getSop().extractCert();
+        if (extractCert == null) {
+            throw new SOPGPException.UnsupportedSubcommand("Command 'extract-cert' not implemented.");
+        }
+
+        if (!armor) {
+            extractCert.noArmor();
+        }
+
+        try {
+            Ready ready = extractCert.key(System.in);
+            ready.writeTo(System.out);
+        } catch (IOException e) {
+            throw new RuntimeException(e);
+        } catch (SOPGPException.BadData badData) {
+            throw new SOPGPException.BadData("Standard Input does not contain valid OpenPGP private key material.", badData);
+        }
+    }
+}
diff --git a/sop-java-picocli/src/main/java/sop/cli/picocli/commands/GenerateKeyCmd.java b/sop-java-picocli/src/main/java/sop/cli/picocli/commands/GenerateKeyCmd.java
new file mode 100644
index 0000000..28bde27
--- /dev/null
+++ b/sop-java-picocli/src/main/java/sop/cli/picocli/commands/GenerateKeyCmd.java
@@ -0,0 +1,63 @@
+// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package sop.cli.picocli.commands;
+
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
+
+import picocli.CommandLine;
+import sop.Ready;
+import sop.cli.picocli.Print;
+import sop.cli.picocli.SopCLI;
+import sop.exception.SOPGPException;
+import sop.operation.GenerateKey;
+
+@CommandLine.Command(name = "generate-key",
+        description = "Generate a secret key",
+        exitCodeOnInvalidInput = 37)
+public class GenerateKeyCmd implements Runnable {
+
+    @CommandLine.Option(names = "--no-armor",
+            description = "ASCII armor the output",
+            negatable = true)
+    boolean armor = true;
+
+    @CommandLine.Parameters(description = "User-ID, eg. \"Alice <alice@example.com>\"")
+    List<String> userId = new ArrayList<>();
+
+    @Override
+    public void run() {
+        GenerateKey generateKey = SopCLI.getSop().generateKey();
+        if (generateKey == null) {
+            throw new SOPGPException.UnsupportedSubcommand("Command 'generate-key' not implemented.");
+        }
+
+        for (String userId : userId) {
+            generateKey.userId(userId);
+        }
+
+        if (!armor) {
+            generateKey.noArmor();
+        }
+
+        try {
+            Ready ready = generateKey.generate();
+            ready.writeTo(System.out);
+        } catch (SOPGPException.MissingArg missingArg) {
+            Print.errln("Missing argument.");
+            Print.trace(missingArg);
+            System.exit(missingArg.getExitCode());
+        } catch (SOPGPException.UnsupportedAsymmetricAlgo unsupportedAsymmetricAlgo) {
+            Print.errln("Unsupported asymmetric algorithm.");
+            Print.trace(unsupportedAsymmetricAlgo);
+            System.exit(unsupportedAsymmetricAlgo.getExitCode());
+        } catch (IOException e) {
+            Print.errln("IO Error.");
+            Print.trace(e);
+            System.exit(1);
+        }
+    }
+}
diff --git a/sop-java-picocli/src/main/java/sop/cli/picocli/commands/SignCmd.java b/sop-java-picocli/src/main/java/sop/cli/picocli/commands/SignCmd.java
new file mode 100644
index 0000000..7574923
--- /dev/null
+++ b/sop-java-picocli/src/main/java/sop/cli/picocli/commands/SignCmd.java
@@ -0,0 +1,121 @@
+// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package sop.cli.picocli.commands;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
+
+import picocli.CommandLine;
+import sop.MicAlg;
+import sop.ReadyWithResult;
+import sop.SigningResult;
+import sop.cli.picocli.Print;
+import sop.cli.picocli.SopCLI;
+import sop.enums.SignAs;
+import sop.exception.SOPGPException;
+import sop.operation.Sign;
+
+@CommandLine.Command(name = "sign",
+        description = "Create a detached signature on the data from standard input",
+        exitCodeOnInvalidInput = 37)
+public class SignCmd implements Runnable {
+
+    @CommandLine.Option(names = "--no-armor",
+            description = "ASCII armor the output",
+            negatable = true)
+    boolean armor = true;
+
+    @CommandLine.Option(names = "--as", description = "Defaults to 'binary'. If '--as=text' and the input data is not valid UTF-8, sign fails with return code 53.",
+            paramLabel = "{binary|text}")
+    SignAs type;
+
+    @CommandLine.Parameters(description = "Secret keys used for signing",
+            paramLabel = "KEYS")
+    List<File> secretKeyFile = new ArrayList<>();
+
+    @CommandLine.Option(names = "--micalg-out", description = "Emits the digest algorithm used to the specified file in a way that can be used to populate the micalg parameter for the PGP/MIME Content-Type (RFC3156)",
+            paramLabel = "MICALG")
+    File micAlgOut;
+
+    @Override
+    public void run() {
+        Sign sign = SopCLI.getSop().sign();
+        if (sign == null) {
+            throw new SOPGPException.UnsupportedSubcommand("Command 'sign' not implemented.");
+        }
+
+        if (type != null) {
+            try {
+                sign.mode(type);
+            } catch (SOPGPException.UnsupportedOption unsupportedOption) {
+                Print.errln("Unsupported option '--as'");
+                Print.trace(unsupportedOption);
+                System.exit(unsupportedOption.getExitCode());
+            }
+        }
+
+        if (micAlgOut != null && micAlgOut.exists()) {
+            throw new SOPGPException.OutputExists(String.format("Target %s of option %s already exists.", micAlgOut.getAbsolutePath(), "--micalg-out"));
+        }
+
+        if (secretKeyFile.isEmpty()) {
+            Print.errln("Missing required parameter 'KEYS'.");
+            System.exit(19);
+        }
+
+        for (File keyFile : secretKeyFile) {
+            try (FileInputStream keyIn = new FileInputStream(keyFile)) {
+                sign.key(keyIn);
+            } catch (FileNotFoundException e) {
+                Print.errln("File " + keyFile.getAbsolutePath() + " does not exist.");
+                Print.trace(e);
+                System.exit(1);
+            } catch (IOException e) {
+                Print.errln("Cannot access file " + keyFile.getAbsolutePath());
+                Print.trace(e);
+                System.exit(1);
+            } catch (SOPGPException.KeyIsProtected e) {
+                Print.errln("Key " + keyFile.getName() + " is password protected.");
+                Print.trace(e);
+                System.exit(1);
+            } catch (SOPGPException.BadData badData) {
+                Print.errln("Bad data in key file " + keyFile.getAbsolutePath() + ":");
+                Print.trace(badData);
+                System.exit(badData.getExitCode());
+            }
+        }
+
+        if (!armor) {
+            sign.noArmor();
+        }
+
+        try {
+            ReadyWithResult<SigningResult> ready = sign.data(System.in);
+            SigningResult result = ready.writeTo(System.out);
+
+            MicAlg micAlg = result.getMicAlg();
+            if (micAlgOut != null) {
+                // Write micalg out
+                micAlgOut.createNewFile();
+                FileOutputStream micAlgOutStream = new FileOutputStream(micAlgOut);
+                micAlg.writeTo(micAlgOutStream);
+                micAlgOutStream.close();
+            }
+        } catch (IOException e) {
+            Print.errln("IO Error.");
+            Print.trace(e);
+            System.exit(1);
+        } catch (SOPGPException.ExpectedText expectedText) {
+            Print.errln("Expected text input, but got binary data.");
+            Print.trace(expectedText);
+            System.exit(expectedText.getExitCode());
+        }
+    }
+}
diff --git a/sop-java-picocli/src/main/java/sop/cli/picocli/commands/VerifyCmd.java b/sop-java-picocli/src/main/java/sop/cli/picocli/commands/VerifyCmd.java
new file mode 100644
index 0000000..2702b4b
--- /dev/null
+++ b/sop-java-picocli/src/main/java/sop/cli/picocli/commands/VerifyCmd.java
@@ -0,0 +1,136 @@
+// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package sop.cli.picocli.commands;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
+
+import picocli.CommandLine;
+import sop.Verification;
+import sop.cli.picocli.DateParser;
+import sop.cli.picocli.Print;
+import sop.cli.picocli.SopCLI;
+import sop.exception.SOPGPException;
+import sop.operation.Verify;
+
+@CommandLine.Command(name = "verify",
+        description = "Verify a detached signature over the data from standard input",
+        exitCodeOnInvalidInput = 37)
+public class VerifyCmd implements Runnable {
+
+    @CommandLine.Parameters(index = "0",
+            description = "Detached signature",
+            paramLabel = "SIGNATURE")
+    File signature;
+
+    @CommandLine.Parameters(index = "1..*",
+            arity = "1..*",
+            description = "Public key certificates",
+            paramLabel = "CERT")
+    List<File> certificates = new ArrayList<>();
+
+    @CommandLine.Option(names = {"--not-before"},
+            description = "ISO-8601 formatted UTC date (eg. '2020-11-23T16:35Z)\n" +
+                    "Reject signatures with a creation date not in range.\n" +
+                    "Defaults to beginning of time (\"-\").",
+            paramLabel = "DATE")
+    String notBefore = "-";
+
+    @CommandLine.Option(names = {"--not-after"},
+            description = "ISO-8601 formatted UTC date (eg. '2020-11-23T16:35Z)\n" +
+                    "Reject signatures with a creation date not in range.\n" +
+                    "Defaults to current system time (\"now\").\n" +
+                    "Accepts special value \"-\" for end of time.",
+            paramLabel = "DATE")
+    String notAfter = "now";
+
+    @Override
+    public void run() {
+        Verify verify = SopCLI.getSop().verify();
+        if (verify == null) {
+            throw new SOPGPException.UnsupportedSubcommand("Command 'verify' not implemented.");
+        }
+
+        if (notAfter != null) {
+            try {
+                verify.notAfter(DateParser.parseNotAfter(notAfter));
+            } catch (SOPGPException.UnsupportedOption unsupportedOption) {
+                Print.errln("Unsupported option '--not-after'.");
+                Print.trace(unsupportedOption);
+                System.exit(unsupportedOption.getExitCode());
+            }
+        }
+        if (notBefore != null) {
+            try {
+                verify.notBefore(DateParser.parseNotBefore(notBefore));
+            } catch (SOPGPException.UnsupportedOption unsupportedOption) {
+                Print.errln("Unsupported option '--not-before'.");
+                Print.trace(unsupportedOption);
+                System.exit(unsupportedOption.getExitCode());
+            }
+        }
+
+        for (File certFile : certificates) {
+            try (FileInputStream certIn = new FileInputStream(certFile)) {
+                verify.cert(certIn);
+            } catch (FileNotFoundException fileNotFoundException) {
+                Print.errln("Certificate file " + certFile.getAbsolutePath() + " not found.");
+
+                Print.trace(fileNotFoundException);
+                System.exit(1);
+            } catch (IOException ioException) {
+                Print.errln("IO Error.");
+                Print.trace(ioException);
+                System.exit(1);
+            } catch (SOPGPException.BadData badData) {
+                Print.errln("Certificate file " + certFile.getAbsolutePath() + " appears to not contain a valid OpenPGP certificate.");
+                Print.trace(badData);
+                System.exit(badData.getExitCode());
+            }
+        }
+
+        if (signature != null) {
+            try (FileInputStream sigIn = new FileInputStream(signature)) {
+                verify.signatures(sigIn);
+            } catch (FileNotFoundException e) {
+                Print.errln("Signature file " + signature.getAbsolutePath() + " does not exist.");
+                Print.trace(e);
+                System.exit(1);
+            } catch (IOException e) {
+                Print.errln("IO Error.");
+                Print.trace(e);
+                System.exit(1);
+            } catch (SOPGPException.BadData badData) {
+                Print.errln("File " + signature.getAbsolutePath() + " does not contain a valid OpenPGP signature.");
+                Print.trace(badData);
+                System.exit(badData.getExitCode());
+            }
+        }
+
+        List<Verification> verifications = null;
+        try {
+            verifications = verify.data(System.in);
+        } catch (SOPGPException.NoSignature e) {
+            Print.errln("No verifiable signature found.");
+            Print.trace(e);
+            System.exit(e.getExitCode());
+        } catch (IOException ioException) {
+            Print.errln("IO Error.");
+            Print.trace(ioException);
+            System.exit(1);
+        } catch (SOPGPException.BadData badData) {
+            Print.errln("Standard Input appears not to contain a valid OpenPGP message.");
+            Print.trace(badData);
+            System.exit(badData.getExitCode());
+        }
+        for (Verification verification : verifications) {
+            Print.outln(verification.toString());
+        }
+    }
+}
diff --git a/sop-java-picocli/src/main/java/sop/cli/picocli/commands/VersionCmd.java b/sop-java-picocli/src/main/java/sop/cli/picocli/commands/VersionCmd.java
new file mode 100644
index 0000000..4a31919
--- /dev/null
+++ b/sop-java-picocli/src/main/java/sop/cli/picocli/commands/VersionCmd.java
@@ -0,0 +1,52 @@
+// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package sop.cli.picocli.commands;
+
+import picocli.CommandLine;
+import sop.cli.picocli.Print;
+import sop.cli.picocli.SopCLI;
+import sop.exception.SOPGPException;
+import sop.operation.Version;
+
+@CommandLine.Command(name = "version", description = "Display version information about the tool",
+        exitCodeOnInvalidInput = 37)
+public class VersionCmd implements Runnable {
+
+    @CommandLine.ArgGroup()
+    Exclusive exclusive;
+
+    static class Exclusive {
+        @CommandLine.Option(names = "--extended", description = "Print an extended version string.")
+        boolean extended;
+
+        @CommandLine.Option(names = "--backend", description = "Print information about the cryptographic backend.")
+        boolean backend;
+    }
+
+
+
+    @Override
+    public void run() {
+        Version version = SopCLI.getSop().version();
+        if (version == null) {
+            throw new SOPGPException.UnsupportedSubcommand("Command 'version' not implemented.");
+        }
+
+        if (exclusive == null) {
+            Print.outln(version.getName() + " " + version.getVersion());
+            return;
+        }
+
+        if (exclusive.extended) {
+            Print.outln(version.getExtendedVersion());
+            return;
+        }
+
+        if (exclusive.backend) {
+            Print.outln(version.getBackendVersion());
+            return;
+        }
+    }
+}
diff --git a/sop-java-picocli/src/main/java/sop/cli/picocli/commands/package-info.java b/sop-java-picocli/src/main/java/sop/cli/picocli/commands/package-info.java
new file mode 100644
index 0000000..fc6aefd
--- /dev/null
+++ b/sop-java-picocli/src/main/java/sop/cli/picocli/commands/package-info.java
@@ -0,0 +1,8 @@
+// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+/**
+ * Subcommands of the PGPainless SOP.
+ */
+package sop.cli.picocli.commands;
diff --git a/sop-java-picocli/src/main/java/sop/cli/picocli/package-info.java b/sop-java-picocli/src/main/java/sop/cli/picocli/package-info.java
new file mode 100644
index 0000000..83f426d
--- /dev/null
+++ b/sop-java-picocli/src/main/java/sop/cli/picocli/package-info.java
@@ -0,0 +1,8 @@
+// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+/**
+ * Implementation of the Stateless OpenPGP Command Line Interface using Picocli.
+ */
+package sop.cli.picocli;
diff --git a/sop-java-picocli/src/test/java/sop/cli/picocli/DateParserTest.java b/sop-java-picocli/src/test/java/sop/cli/picocli/DateParserTest.java
new file mode 100644
index 0000000..5c7def5
--- /dev/null
+++ b/sop-java-picocli/src/test/java/sop/cli/picocli/DateParserTest.java
@@ -0,0 +1,49 @@
+// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package sop.cli.picocli;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+
+import java.util.Date;
+
+import org.junit.jupiter.api.Test;
+import sop.util.UTCUtil;
+
+public class DateParserTest {
+
+    @Test
+    public void parseNotAfterDashReturnsEndOfTime() {
+        assertEquals(DateParser.END_OF_TIME, DateParser.parseNotAfter("-"));
+    }
+
+    @Test
+    public void parseNotBeforeDashReturnsBeginningOfTime() {
+        assertEquals(DateParser.BEGINNING_OF_TIME, DateParser.parseNotBefore("-"));
+    }
+
+    @Test
+    public void parseNotAfterNowReturnsNow() {
+        assertEquals(new Date().getTime(), DateParser.parseNotAfter("now").getTime(), 1000);
+    }
+
+    @Test
+    public void parseNotBeforeNowReturnsNow() {
+        assertEquals(new Date().getTime(), DateParser.parseNotBefore("now").getTime(), 1000);
+    }
+
+    @Test
+    public void parseNotAfterTimestamp() {
+        String timestamp = "2019-10-24T23:48:29Z";
+        Date date = DateParser.parseNotAfter(timestamp);
+        assertEquals(timestamp, UTCUtil.formatUTCDate(date));
+    }
+
+    @Test
+    public void parseNotBeforeTimestamp() {
+        String timestamp = "2019-10-29T18:36:45Z";
+        Date date = DateParser.parseNotBefore(timestamp);
+        assertEquals(timestamp, UTCUtil.formatUTCDate(date));
+    }
+}
diff --git a/sop-java-picocli/src/test/java/sop/cli/picocli/FileUtilTest.java b/sop-java-picocli/src/test/java/sop/cli/picocli/FileUtilTest.java
new file mode 100644
index 0000000..eeb4589
--- /dev/null
+++ b/sop-java-picocli/src/test/java/sop/cli/picocli/FileUtilTest.java
@@ -0,0 +1,123 @@
+// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package sop.cli.picocli;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.nio.file.Files;
+
+import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.Test;
+import sop.exception.SOPGPException;
+
+public class FileUtilTest {
+
+    @BeforeAll
+    public static void setup() {
+        FileUtil.setEnvironmentVariableResolver(new FileUtil.EnvironmentVariableResolver() {
+            @Override
+            public String resolveEnvironmentVariable(String name) {
+                if (name.equals("test123")) {
+                    return "test321";
+                }
+                return null;
+            }
+        });
+    }
+
+    @Test
+    public void getFile_ThrowsForNull() {
+        assertThrows(NullPointerException.class, () -> FileUtil.getFile(null));
+    }
+
+    @Test
+    public void getFile_prfxEnvAlreadyExists() throws IOException {
+        File tempFile = new File("@ENV:test");
+        tempFile.createNewFile();
+        tempFile.deleteOnExit();
+
+        assertThrows(SOPGPException.AmbiguousInput.class, () -> FileUtil.getFile("@ENV:test"));
+    }
+
+    @Test
+    public void getFile_EnvironmentVariable() {
+        File file = FileUtil.getFile("@ENV:test123");
+        assertEquals("test321", file.getName());
+    }
+
+    @Test
+    public void getFile_nonExistentEnvVariable() {
+        assertThrows(IllegalArgumentException.class, () -> FileUtil.getFile("@ENV:INVALID"));
+    }
+
+    @Test
+    public void getFile_prfxFdAlreadyExists() throws IOException {
+        File tempFile = new File("@FD:1");
+        tempFile.createNewFile();
+        tempFile.deleteOnExit();
+
+        assertThrows(SOPGPException.AmbiguousInput.class, () -> FileUtil.getFile("@FD:1"));
+    }
+
+    @Test
+    public void getFile_prfxFdNotSupported() {
+        assertThrows(IllegalArgumentException.class, () -> FileUtil.getFile("@FD:2"));
+    }
+
+    @Test
+    public void createNewFileOrThrow_throwsForNull() {
+        assertThrows(NullPointerException.class, () -> FileUtil.createNewFileOrThrow(null));
+    }
+
+    @Test
+    public void createNewFileOrThrow_success() throws IOException {
+        File dir = Files.createTempDirectory("test").toFile();
+        dir.deleteOnExit();
+        File file = new File(dir, "file");
+
+        assertFalse(file.exists());
+        FileUtil.createNewFileOrThrow(file);
+        assertTrue(file.exists());
+    }
+
+    @Test
+    public void createNewFileOrThrow_alreadyExists() throws IOException {
+        File dir = Files.createTempDirectory("test").toFile();
+        dir.deleteOnExit();
+        File file = new File(dir, "file");
+
+        FileUtil.createNewFileOrThrow(file);
+        assertTrue(file.exists());
+        assertThrows(SOPGPException.OutputExists.class, () -> FileUtil.createNewFileOrThrow(file));
+    }
+
+    @Test
+    public void getFileInputStream_success() throws IOException {
+        File dir = Files.createTempDirectory("test").toFile();
+        dir.deleteOnExit();
+        File file = new File(dir, "file");
+
+        FileUtil.createNewFileOrThrow(file);
+        FileInputStream inputStream = FileUtil.getFileInputStream(file.getAbsolutePath());
+        assertNotNull(inputStream);
+    }
+
+    @Test
+    public void getFileInputStream_fileNotFound() throws IOException {
+        File dir = Files.createTempDirectory("test").toFile();
+        dir.deleteOnExit();
+        File file = new File(dir, "file");
+
+        assertThrows(SOPGPException.MissingInput.class,
+                () -> FileUtil.getFileInputStream(file.getAbsolutePath()));
+    }
+}
diff --git a/sop-java-picocli/src/test/java/sop/cli/picocli/SOPTest.java b/sop-java-picocli/src/test/java/sop/cli/picocli/SOPTest.java
new file mode 100644
index 0000000..6360a77
--- /dev/null
+++ b/sop-java-picocli/src/test/java/sop/cli/picocli/SOPTest.java
@@ -0,0 +1,119 @@
+// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package sop.cli.picocli;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.mockito.Mockito.mock;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+
+import com.ginsberg.junit.exit.ExpectSystemExitWithStatus;
+import org.junit.jupiter.api.Test;
+import sop.SOP;
+import sop.operation.Armor;
+import sop.operation.Dearmor;
+import sop.operation.Decrypt;
+import sop.operation.DetachInbandSignatureAndMessage;
+import sop.operation.Encrypt;
+import sop.operation.ExtractCert;
+import sop.operation.GenerateKey;
+import sop.operation.Sign;
+import sop.operation.Verify;
+import sop.operation.Version;
+
+public class SOPTest {
+
+    @Test
+    @ExpectSystemExitWithStatus(69)
+    public void assertExitOnInvalidSubcommand() {
+        SOP sop = mock(SOP.class);
+        SopCLI.setSopInstance(sop);
+
+        SopCLI.main(new String[] {"invalid"});
+    }
+
+    @Test
+    @ExpectSystemExitWithStatus(1)
+    public void assertThrowsIfNoSOPBackendSet() {
+        SopCLI.SOP_INSTANCE = null;
+        // At this point, no SOP backend is set, so an InvalidStateException triggers exit(1)
+        SopCLI.main(new String[] {"armor"});
+    }
+
+    @Test
+    public void UnsupportedSubcommandsTest() {
+        SOP nullCommandSOP = new SOP() {
+            @Override
+            public Version version() {
+                return null;
+            }
+
+            @Override
+            public GenerateKey generateKey() {
+                return null;
+            }
+
+            @Override
+            public ExtractCert extractCert() {
+                return null;
+            }
+
+            @Override
+            public Sign sign() {
+                return null;
+            }
+
+            @Override
+            public Verify verify() {
+                return null;
+            }
+
+            @Override
+            public Encrypt encrypt() {
+                return null;
+            }
+
+            @Override
+            public Decrypt decrypt() {
+                return null;
+            }
+
+            @Override
+            public Armor armor() {
+                return null;
+            }
+
+            @Override
+            public Dearmor dearmor() {
+                return null;
+            }
+
+            @Override
+            public DetachInbandSignatureAndMessage detachInbandSignatureAndMessage() {
+                return null;
+            }
+        };
+        SopCLI.setSopInstance(nullCommandSOP);
+
+        List<String[]> commands = new ArrayList<>();
+        commands.add(new String[] {"armor"});
+        commands.add(new String[] {"dearmor"});
+        commands.add(new String[] {"decrypt"});
+        commands.add(new String[] {"detach-inband-signature-and-message"});
+        commands.add(new String[] {"encrypt"});
+        commands.add(new String[] {"extract-cert"});
+        commands.add(new String[] {"generate-key"});
+        commands.add(new String[] {"sign"});
+        commands.add(new String[] {"verify", "signature.asc", "cert.asc"});
+        commands.add(new String[] {"version"});
+
+        for (String[] command : commands) {
+            int exit = SopCLI.execute(command);
+            assertEquals(69, exit, "Unexpected exit code for non-implemented command " + Arrays.toString(command) + ": " + exit);
+        }
+    }
+}
diff --git a/sop-java-picocli/src/test/java/sop/cli/picocli/commands/ArmorCmdTest.java b/sop-java-picocli/src/test/java/sop/cli/picocli/commands/ArmorCmdTest.java
new file mode 100644
index 0000000..01aaa9a
--- /dev/null
+++ b/sop-java-picocli/src/test/java/sop/cli/picocli/commands/ArmorCmdTest.java
@@ -0,0 +1,101 @@
+// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package sop.cli.picocli.commands;
+
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.never;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+
+import com.ginsberg.junit.exit.ExpectSystemExitWithStatus;
+import com.ginsberg.junit.exit.FailOnSystemExit;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import sop.Ready;
+import sop.SOP;
+import sop.cli.picocli.SopCLI;
+import sop.enums.ArmorLabel;
+import sop.exception.SOPGPException;
+import sop.operation.Armor;
+
+public class ArmorCmdTest {
+
+    private Armor armor;
+    private SOP sop;
+
+    @BeforeEach
+    public void mockComponents() throws SOPGPException.BadData {
+        armor = mock(Armor.class);
+        sop = mock(SOP.class);
+        when(sop.armor()).thenReturn(armor);
+        when(armor.data((InputStream) any())).thenReturn(nopReady());
+
+        SopCLI.setSopInstance(sop);
+    }
+
+    @Test
+    public void assertLabelIsNotCalledByDefault() throws SOPGPException.UnsupportedOption {
+        SopCLI.main(new String[] {"armor"});
+        verify(armor, never()).label(any());
+    }
+
+    @Test
+    public void assertLabelIsCalledWhenFlaggedWithArgument() throws SOPGPException.UnsupportedOption {
+        for (ArmorLabel label : ArmorLabel.values()) {
+            SopCLI.main(new String[] {"armor", "--label", label.name()});
+            verify(armor, times(1)).label(label);
+        }
+    }
+
+    @Test
+    public void assertDataIsAlwaysCalled() throws SOPGPException.BadData {
+        SopCLI.main(new String[] {"armor"});
+        verify(armor, times(1)).data((InputStream) any());
+    }
+
+    @Test
+    @ExpectSystemExitWithStatus(37)
+    public void assertThrowsForInvalidLabel() {
+        SopCLI.main(new String[] {"armor", "--label", "Invalid"});
+    }
+
+    @Test
+    @ExpectSystemExitWithStatus(37)
+    public void ifLabelsUnsupportedExit37() throws SOPGPException.UnsupportedOption {
+        when(armor.label(any())).thenThrow(new SOPGPException.UnsupportedOption("Custom Armor labels are not supported."));
+
+        SopCLI.main(new String[] {"armor", "--label", "Sig"});
+    }
+
+    @Test
+    @ExpectSystemExitWithStatus(41)
+    public void ifBadDataExit41() throws SOPGPException.BadData {
+        when(armor.data((InputStream) any())).thenThrow(new SOPGPException.BadData(new IOException()));
+
+        SopCLI.main(new String[] {"armor"});
+    }
+
+    @Test
+    @FailOnSystemExit
+    public void ifNoErrorsNoExit() {
+        when(sop.armor()).thenReturn(armor);
+
+        SopCLI.main(new String[] {"armor"});
+    }
+
+    private static Ready nopReady() {
+        return new Ready() {
+            @Override
+            public void writeTo(OutputStream outputStream) {
+            }
+        };
+    }
+}
diff --git a/sop-java-picocli/src/test/java/sop/cli/picocli/commands/DearmorCmdTest.java b/sop-java-picocli/src/test/java/sop/cli/picocli/commands/DearmorCmdTest.java
new file mode 100644
index 0000000..aaad201
--- /dev/null
+++ b/sop-java-picocli/src/test/java/sop/cli/picocli/commands/DearmorCmdTest.java
@@ -0,0 +1,61 @@
+// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package sop.cli.picocli.commands;
+
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+
+import com.ginsberg.junit.exit.ExpectSystemExitWithStatus;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import sop.Ready;
+import sop.SOP;
+import sop.cli.picocli.SopCLI;
+import sop.exception.SOPGPException;
+import sop.operation.Dearmor;
+
+public class DearmorCmdTest {
+
+    private SOP sop;
+    private Dearmor dearmor;
+
+    @BeforeEach
+    public void mockComponents() throws IOException, SOPGPException.BadData {
+        sop = mock(SOP.class);
+        dearmor = mock(Dearmor.class);
+        when(dearmor.data((InputStream) any())).thenReturn(nopReady());
+        when(sop.dearmor()).thenReturn(dearmor);
+
+        SopCLI.setSopInstance(sop);
+    }
+
+    private static Ready nopReady() {
+        return new Ready() {
+            @Override
+            public void writeTo(OutputStream outputStream) {
+            }
+        };
+    }
+
+    @Test
+    public void assertDataIsCalled() throws IOException, SOPGPException.BadData {
+        SopCLI.main(new String[] {"dearmor"});
+        verify(dearmor, times(1)).data((InputStream) any());
+    }
+
+    @Test
+    @ExpectSystemExitWithStatus(41)
+    public void assertBadDataCausesExit41() throws IOException, SOPGPException.BadData {
+        when(dearmor.data((InputStream) any())).thenThrow(new SOPGPException.BadData(new IOException("invalid armor")));
+        SopCLI.main(new String[] {"dearmor"});
+    }
+}
diff --git a/sop-java-picocli/src/test/java/sop/cli/picocli/commands/DecryptCmdTest.java b/sop-java-picocli/src/test/java/sop/cli/picocli/commands/DecryptCmdTest.java
new file mode 100644
index 0000000..9e1c35b
--- /dev/null
+++ b/sop-java-picocli/src/test/java/sop/cli/picocli/commands/DecryptCmdTest.java
@@ -0,0 +1,344 @@
+// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package sop.cli.picocli.commands;
+
+import static org.junit.jupiter.api.Assertions.assertArrayEquals;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
+import java.io.BufferedReader;
+import java.io.ByteArrayOutputStream;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileReader;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.nio.charset.StandardCharsets;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.util.Collections;
+import java.util.Date;
+
+import com.ginsberg.junit.exit.ExpectSystemExitWithStatus;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.mockito.ArgumentMatcher;
+import org.mockito.ArgumentMatchers;
+import sop.DecryptionResult;
+import sop.ReadyWithResult;
+import sop.SOP;
+import sop.SessionKey;
+import sop.Verification;
+import sop.cli.picocli.DateParser;
+import sop.cli.picocli.SopCLI;
+import sop.exception.SOPGPException;
+import sop.operation.Decrypt;
+import sop.util.HexUtil;
+import sop.util.UTCUtil;
+
+public class DecryptCmdTest {
+
+    private Decrypt decrypt;
+
+    @BeforeEach
+    public void mockComponents() throws SOPGPException.UnsupportedOption, SOPGPException.MissingArg, SOPGPException.BadData, SOPGPException.KeyIsProtected, SOPGPException.UnsupportedAsymmetricAlgo, SOPGPException.PasswordNotHumanReadable, SOPGPException.CannotDecrypt {
+        SOP sop = mock(SOP.class);
+        decrypt = mock(Decrypt.class);
+
+        when(decrypt.verifyNotAfter(any())).thenReturn(decrypt);
+        when(decrypt.verifyNotBefore(any())).thenReturn(decrypt);
+        when(decrypt.withPassword(any())).thenReturn(decrypt);
+        when(decrypt.withSessionKey(any())).thenReturn(decrypt);
+        when(decrypt.withKey((InputStream) any())).thenReturn(decrypt);
+        when(decrypt.ciphertext((InputStream) any())).thenReturn(nopReadyWithResult());
+
+        when(sop.decrypt()).thenReturn(decrypt);
+
+        SopCLI.setSopInstance(sop);
+    }
+
+    private static ReadyWithResult<DecryptionResult> nopReadyWithResult() {
+        return new ReadyWithResult<DecryptionResult>() {
+            @Override
+            public DecryptionResult writeTo(OutputStream outputStream) {
+                return new DecryptionResult(null, Collections.emptyList());
+            }
+        };
+    }
+
+    @Test
+    @ExpectSystemExitWithStatus(19)
+    public void missingArgumentsExceptionCausesExit19() throws SOPGPException.MissingArg, SOPGPException.BadData, SOPGPException.CannotDecrypt {
+        when(decrypt.ciphertext((InputStream) any())).thenThrow(new SOPGPException.MissingArg("Missing arguments."));
+        SopCLI.main(new String[] {"decrypt"});
+    }
+
+    @Test
+    @ExpectSystemExitWithStatus(41)
+    public void badDataExceptionCausesExit41() throws SOPGPException.MissingArg, SOPGPException.BadData, SOPGPException.CannotDecrypt {
+        when(decrypt.ciphertext((InputStream) any())).thenThrow(new SOPGPException.BadData(new IOException()));
+        SopCLI.main(new String[] {"decrypt"});
+    }
+
+    @Test
+    @ExpectSystemExitWithStatus(31)
+    public void assertNotHumanReadablePasswordCausesExit31() throws SOPGPException.PasswordNotHumanReadable,
+            SOPGPException.UnsupportedOption {
+        when(decrypt.withPassword(any())).thenThrow(new SOPGPException.PasswordNotHumanReadable());
+        SopCLI.main(new String[] {"decrypt", "--with-password", "pretendThisIsNotReadable"});
+    }
+
+    @Test
+    public void assertWithPasswordPassesPasswordDown() throws SOPGPException.PasswordNotHumanReadable, SOPGPException.UnsupportedOption {
+        SopCLI.main(new String[] {"decrypt", "--with-password", "orange"});
+        verify(decrypt, times(1)).withPassword("orange");
+    }
+
+    @Test
+    @ExpectSystemExitWithStatus(37)
+    public void assertUnsupportedWithPasswordCausesExit37() throws SOPGPException.PasswordNotHumanReadable, SOPGPException.UnsupportedOption {
+        when(decrypt.withPassword(any())).thenThrow(new SOPGPException.UnsupportedOption("Decrypting with password not supported."));
+        SopCLI.main(new String[] {"decrypt", "--with-password", "swordfish"});
+    }
+
+    @Test
+    public void assertDefaultTimeRangesAreUsedIfNotOverwritten() throws SOPGPException.UnsupportedOption {
+        Date now = new Date();
+        SopCLI.main(new String[] {"decrypt"});
+        verify(decrypt, times(1)).verifyNotBefore(DateParser.BEGINNING_OF_TIME);
+        verify(decrypt, times(1)).verifyNotAfter(
+                ArgumentMatchers.argThat(argument -> {
+                    // allow 1-second difference
+                    return Math.abs(now.getTime() - argument.getTime()) <= 1000;
+                }));
+    }
+
+    @Test
+    public void assertVerifyNotAfterAndBeforeDashResultsInMaxTimeRange() throws SOPGPException.UnsupportedOption {
+        SopCLI.main(new String[] {"decrypt", "--not-before", "-", "--not-after", "-"});
+        verify(decrypt, times(1)).verifyNotBefore(DateParser.BEGINNING_OF_TIME);
+        verify(decrypt, times(1)).verifyNotAfter(DateParser.END_OF_TIME);
+    }
+
+    @Test
+    public void assertVerifyNotAfterAndBeforeNowResultsInMinTimeRange() throws SOPGPException.UnsupportedOption {
+        Date now = new Date();
+        ArgumentMatcher<Date> isMaxOneSecOff = argument -> {
+            // Allow less than 1-second difference
+            return Math.abs(now.getTime() - argument.getTime()) <= 1000;
+        };
+
+        SopCLI.main(new String[] {"decrypt", "--not-before", "now", "--not-after", "now"});
+        verify(decrypt, times(1)).verifyNotAfter(ArgumentMatchers.argThat(isMaxOneSecOff));
+        verify(decrypt, times(1)).verifyNotBefore(ArgumentMatchers.argThat(isMaxOneSecOff));
+    }
+
+    @Test
+    @ExpectSystemExitWithStatus(1)
+    public void assertMalformedDateInNotBeforeCausesExit1() {
+        // ParserException causes exit(1)
+        SopCLI.main(new String[] {"decrypt", "--not-before", "invalid"});
+    }
+
+    @Test
+    @ExpectSystemExitWithStatus(1)
+    public void assertMalformedDateInNotAfterCausesExit1() {
+        // ParserException causes exit(1)
+        SopCLI.main(new String[] {"decrypt", "--not-after", "invalid"});
+    }
+
+    @Test
+    @ExpectSystemExitWithStatus(37)
+    public void assertUnsupportedNotAfterCausesExit37() throws SOPGPException.UnsupportedOption {
+        when(decrypt.verifyNotAfter(any())).thenThrow(new SOPGPException.UnsupportedOption("Setting upper signature date boundary not supported."));
+        SopCLI.main(new String[] {"decrypt", "--not-after", "now"});
+    }
+
+    @Test
+    @ExpectSystemExitWithStatus(37)
+    public void assertUnsupportedNotBeforeCausesExit37() throws SOPGPException.UnsupportedOption {
+        when(decrypt.verifyNotBefore(any())).thenThrow(new SOPGPException.UnsupportedOption("Setting lower signature date boundary not supported."));
+        SopCLI.main(new String[] {"decrypt", "--not-before", "now"});
+    }
+
+    @Test
+    @ExpectSystemExitWithStatus(59)
+    public void assertExistingSessionKeyOutFileCausesExit59() throws IOException {
+        File tempFile = File.createTempFile("existing-session-key-", ".tmp");
+        tempFile.deleteOnExit();
+        SopCLI.main(new String[] {"decrypt", "--session-key-out", tempFile.getAbsolutePath()});
+    }
+
+    @Test
+    @ExpectSystemExitWithStatus(37)
+    public void assertWhenSessionKeyCannotBeExtractedExit37() throws IOException {
+        Path tempDir = Files.createTempDirectory("session-key-out-dir");
+        File tempFile = new File(tempDir.toFile(), "session-key");
+        tempFile.deleteOnExit();
+        SopCLI.main(new String[] {"decrypt", "--session-key-out", tempFile.getAbsolutePath()});
+    }
+
+    @Test
+    public void assertSessionKeyIsProperlyWrittenToSessionKeyFile() throws SOPGPException.CannotDecrypt, SOPGPException.MissingArg, SOPGPException.BadData, IOException {
+        byte[] key = "C7CBDAF42537776F12509B5168793C26B93294E5ABDFA73224FB0177123E9137".getBytes(StandardCharsets.UTF_8);
+        when(decrypt.ciphertext((InputStream) any())).thenReturn(new ReadyWithResult<DecryptionResult>() {
+            @Override
+            public DecryptionResult writeTo(OutputStream outputStream) {
+                return new DecryptionResult(
+                        new SessionKey((byte) 9, key),
+                        Collections.emptyList()
+                );
+            }
+        });
+        Path tempDir = Files.createTempDirectory("session-key-out-dir");
+        File tempFile = new File(tempDir.toFile(), "session-key");
+        tempFile.deleteOnExit();
+        SopCLI.main(new String[] {"decrypt", "--session-key-out", tempFile.getAbsolutePath()});
+
+        ByteArrayOutputStream bytesInFile = new ByteArrayOutputStream();
+        try (FileInputStream fileIn = new FileInputStream(tempFile)) {
+            byte[] buf = new byte[32];
+            int read = fileIn.read(buf);
+            while (read != -1) {
+                bytesInFile.write(buf, 0, read);
+                read = fileIn.read(buf);
+            }
+        }
+
+        byte[] algAndKey = new byte[key.length + 1];
+        algAndKey[0] = (byte) 9;
+        System.arraycopy(key, 0, algAndKey, 1, key.length);
+        assertArrayEquals(algAndKey, bytesInFile.toByteArray());
+    }
+
+    @Test
+    @ExpectSystemExitWithStatus(29)
+    public void assertUnableToDecryptExceptionResultsInExit29() throws SOPGPException.CannotDecrypt, SOPGPException.MissingArg, SOPGPException.BadData {
+        when(decrypt.ciphertext((InputStream) any())).thenThrow(new SOPGPException.CannotDecrypt());
+        SopCLI.main(new String[] {"decrypt"});
+    }
+
+    @Test
+    @ExpectSystemExitWithStatus(3)
+    public void assertNoSignatureExceptionCausesExit3() throws SOPGPException.CannotDecrypt, SOPGPException.MissingArg, SOPGPException.BadData {
+        when(decrypt.ciphertext((InputStream) any())).thenReturn(new ReadyWithResult<DecryptionResult>() {
+            @Override
+            public DecryptionResult writeTo(OutputStream outputStream) throws SOPGPException.NoSignature {
+                throw new SOPGPException.NoSignature();
+            }
+        });
+        SopCLI.main(new String[] {"decrypt"});
+    }
+
+    @Test
+    @ExpectSystemExitWithStatus(41)
+    public void badDataInVerifyWithCausesExit41() throws IOException, SOPGPException.BadData {
+        when(decrypt.verifyWithCert((InputStream) any())).thenThrow(new SOPGPException.BadData(new IOException()));
+        File tempFile = File.createTempFile("verify-with-", ".tmp");
+        SopCLI.main(new String[] {"decrypt", "--verify-with", tempFile.getAbsolutePath()});
+    }
+
+    @Test
+    @ExpectSystemExitWithStatus(61)
+    public void unexistentCertFileCausesExit61() {
+        SopCLI.main(new String[] {"decrypt", "--verify-with", "invalid"});
+    }
+
+    @Test
+    @ExpectSystemExitWithStatus(59)
+    public void existingVerifyOutCausesExit59() throws IOException {
+        File certFile = File.createTempFile("existing-verify-out-cert", ".asc");
+        File existingVerifyOut = File.createTempFile("existing-verify-out", ".tmp");
+
+        SopCLI.main(new String[] {"decrypt", "--verify-out", existingVerifyOut.getAbsolutePath(), "--verify-with", certFile.getAbsolutePath()});
+    }
+
+    @Test
+    public void verifyOutIsProperlyWritten() throws IOException, SOPGPException.CannotDecrypt, SOPGPException.MissingArg, SOPGPException.BadData {
+        File certFile = File.createTempFile("verify-out-cert", ".asc");
+        File verifyOut = new File(certFile.getParent(), "verify-out.txt");
+        if (verifyOut.exists()) {
+            verifyOut.delete();
+        }
+        verifyOut.deleteOnExit();
+        Date date = UTCUtil.parseUTCDate("2021-07-11T20:58:23Z");
+        when(decrypt.ciphertext((InputStream) any())).thenReturn(new ReadyWithResult<DecryptionResult>() {
+            @Override
+            public DecryptionResult writeTo(OutputStream outputStream) {
+                return new DecryptionResult(null, Collections.singletonList(
+                        new Verification(
+                                date,
+                                "1B66A707819A920925BC6777C3E0AFC0B2DFF862",
+                                "C8CD564EBF8D7BBA90611D8D071773658BF6BF86"))
+                );
+            }
+        });
+
+        SopCLI.main(new String[] {"decrypt", "--verify-out", verifyOut.getAbsolutePath(), "--verify-with", certFile.getAbsolutePath()});
+        try (BufferedReader reader = new BufferedReader(new FileReader(verifyOut))) {
+            String line = reader.readLine();
+            assertEquals("2021-07-11T20:58:23Z 1B66A707819A920925BC6777C3E0AFC0B2DFF862 C8CD564EBF8D7BBA90611D8D071773658BF6BF86", line);
+        }
+    }
+
+    @Test
+    public void assertWithSessionKeyIsPassedDown() throws SOPGPException.UnsupportedOption {
+        SessionKey key1 = new SessionKey((byte) 9, HexUtil.hexToBytes("C7CBDAF42537776F12509B5168793C26B93294E5ABDFA73224FB0177123E9137"));
+        SessionKey key2 = new SessionKey((byte) 9, HexUtil.hexToBytes("FCA4BEAF687F48059CACC14FB019125CD57392BAB7037C707835925CBF9F7BCD"));
+        SopCLI.main(new String[] {"decrypt",
+                "--with-session-key", "9:C7CBDAF42537776F12509B5168793C26B93294E5ABDFA73224FB0177123E9137",
+                "--with-session-key", "9:FCA4BEAF687F48059CACC14FB019125CD57392BAB7037C707835925CBF9F7BCD"});
+        verify(decrypt).withSessionKey(key1);
+        verify(decrypt).withSessionKey(key2);
+    }
+
+    @Test
+    @ExpectSystemExitWithStatus(1)
+    public void assertMalformedSessionKeysResultInExit1() {
+        SopCLI.main(new String[] {"decrypt",
+                "--with-session-key", "C7CBDAF42537776F12509B5168793C26B93294E5ABDFA73224FB0177123E9137"});
+    }
+
+    @Test
+    @ExpectSystemExitWithStatus(41)
+    public void assertBadDataInKeysResultsInExit41() throws SOPGPException.KeyIsProtected, SOPGPException.UnsupportedAsymmetricAlgo, SOPGPException.BadData, IOException {
+        when(decrypt.withKey((InputStream) any())).thenThrow(new SOPGPException.BadData(new IOException()));
+        File tempKeyFile = File.createTempFile("key-", ".tmp");
+        SopCLI.main(new String[] {"decrypt", tempKeyFile.getAbsolutePath()});
+    }
+
+    @Test
+    @ExpectSystemExitWithStatus(61)
+    public void assertKeyFileNotFoundCausesExit61() {
+        SopCLI.main(new String[] {"decrypt", "nonexistent-key"});
+    }
+
+    @Test
+    @ExpectSystemExitWithStatus(67)
+    public void assertProtectedKeyCausesExit67() throws IOException, SOPGPException.KeyIsProtected, SOPGPException.UnsupportedAsymmetricAlgo, SOPGPException.BadData {
+        when(decrypt.withKey((InputStream) any())).thenThrow(new SOPGPException.KeyIsProtected());
+        File tempKeyFile = File.createTempFile("key-", ".tmp");
+        SopCLI.main(new String[] {"decrypt", tempKeyFile.getAbsolutePath()});
+    }
+
+    @Test
+    @ExpectSystemExitWithStatus(13)
+    public void assertUnsupportedAlgorithmExceptionCausesExit13() throws SOPGPException.KeyIsProtected, SOPGPException.UnsupportedAsymmetricAlgo, SOPGPException.BadData, IOException {
+        when(decrypt.withKey((InputStream) any())).thenThrow(new SOPGPException.UnsupportedAsymmetricAlgo("Unsupported asymmetric algorithm.", new IOException()));
+        File tempKeyFile = File.createTempFile("key-", ".tmp");
+        SopCLI.main(new String[] {"decrypt", tempKeyFile.getAbsolutePath()});
+    }
+
+    @Test
+    @ExpectSystemExitWithStatus(23)
+    public void verifyOutWithoutVerifyWithCausesExit23() {
+        SopCLI.main(new String[] {"decrypt", "--verify-out", "out.file"});
+    }
+}
diff --git a/sop-java-picocli/src/test/java/sop/cli/picocli/commands/EncryptCmdTest.java b/sop-java-picocli/src/test/java/sop/cli/picocli/commands/EncryptCmdTest.java
new file mode 100644
index 0000000..91f0a1e
--- /dev/null
+++ b/sop-java-picocli/src/test/java/sop/cli/picocli/commands/EncryptCmdTest.java
@@ -0,0 +1,194 @@
+// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package sop.cli.picocli.commands;
+
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.never;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
+import java.io.File;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+
+import com.ginsberg.junit.exit.ExpectSystemExitWithStatus;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import sop.Ready;
+import sop.SOP;
+import sop.cli.picocli.SopCLI;
+import sop.enums.EncryptAs;
+import sop.exception.SOPGPException;
+import sop.operation.Encrypt;
+
+public class EncryptCmdTest {
+
+    Encrypt encrypt;
+
+    @BeforeEach
+    public void mockComponents() throws IOException {
+        encrypt = mock(Encrypt.class);
+        when(encrypt.plaintext((InputStream) any())).thenReturn(new Ready() {
+            @Override
+            public void writeTo(OutputStream outputStream) {
+
+            }
+        });
+
+        SOP sop = mock(SOP.class);
+        when(sop.encrypt()).thenReturn(encrypt);
+
+        SopCLI.setSopInstance(sop);
+    }
+
+    @Test
+    @ExpectSystemExitWithStatus(19)
+    public void missingBothPasswordAndCertFileCauseExit19() {
+        SopCLI.main(new String[] {"encrypt", "--no-armor"});
+    }
+
+    @Test
+    @ExpectSystemExitWithStatus(37)
+    public void as_unsupportedEncryptAsCausesExit37() throws SOPGPException.UnsupportedOption {
+        when(encrypt.mode(any())).thenThrow(new SOPGPException.UnsupportedOption("Setting encryption mode not supported."));
+
+        SopCLI.main(new String[] {"encrypt", "--as", "Binary"});
+    }
+
+    @Test
+    @ExpectSystemExitWithStatus(37)
+    public void as_invalidModeOptionCausesExit37() {
+        SopCLI.main(new String[] {"encrypt", "--as", "invalid"});
+    }
+
+    @Test
+    public void as_modeIsPassedDown() throws SOPGPException.UnsupportedOption {
+        for (EncryptAs mode : EncryptAs.values()) {
+            SopCLI.main(new String[] {"encrypt", "--as", mode.name(), "--with-password", "0rbit"});
+            verify(encrypt, times(1)).mode(mode);
+        }
+    }
+
+    @Test
+    @ExpectSystemExitWithStatus(31)
+    public void withPassword_notHumanReadablePasswordCausesExit31() throws SOPGPException.PasswordNotHumanReadable, SOPGPException.UnsupportedOption {
+        when(encrypt.withPassword("pretendThisIsNotReadable")).thenThrow(new SOPGPException.PasswordNotHumanReadable());
+
+        SopCLI.main(new String[] {"encrypt", "--with-password", "pretendThisIsNotReadable"});
+    }
+
+    @Test
+    @ExpectSystemExitWithStatus(37)
+    public void withPassword_unsupportedWithPasswordCausesExit37() throws SOPGPException.PasswordNotHumanReadable, SOPGPException.UnsupportedOption {
+        when(encrypt.withPassword(any())).thenThrow(new SOPGPException.UnsupportedOption("Encrypting with password not supported."));
+
+        SopCLI.main(new String[] {"encrypt", "--with-password", "orange"});
+    }
+
+    @Test
+    public void signWith_multipleTimesGetPassedDown() throws IOException, SOPGPException.KeyIsProtected, SOPGPException.UnsupportedAsymmetricAlgo, SOPGPException.KeyCannotSign, SOPGPException.BadData {
+        File keyFile1 = File.createTempFile("sign-with-1-", ".asc");
+        File keyFile2 = File.createTempFile("sign-with-2-", ".asc");
+
+        SopCLI.main(new String[] {"encrypt", "--with-password", "password", "--sign-with", keyFile1.getAbsolutePath(), "--sign-with", keyFile2.getAbsolutePath()});
+        verify(encrypt, times(2)).signWith((InputStream) any());
+    }
+
+    @Test
+    @ExpectSystemExitWithStatus(61)
+    public void signWith_nonExistentKeyFileCausesExit61() {
+        SopCLI.main(new String[] {"encrypt", "--with-password", "admin", "--sign-with", "nonExistent.asc"});
+    }
+
+    @Test
+    @ExpectSystemExitWithStatus(67)
+    public void signWith_keyIsProtectedCausesExit67() throws SOPGPException.KeyIsProtected, SOPGPException.UnsupportedAsymmetricAlgo, SOPGPException.KeyCannotSign, SOPGPException.BadData, IOException {
+        when(encrypt.signWith((InputStream) any())).thenThrow(new SOPGPException.KeyIsProtected());
+        File keyFile = File.createTempFile("sign-with", ".asc");
+        SopCLI.main(new String[] {"encrypt", "--sign-with", keyFile.getAbsolutePath(), "--with-password", "starship"});
+    }
+
+    @Test
+    @ExpectSystemExitWithStatus(13)
+    public void signWith_unsupportedAsymmetricAlgoCausesExit13() throws SOPGPException.KeyIsProtected, SOPGPException.UnsupportedAsymmetricAlgo, SOPGPException.KeyCannotSign, SOPGPException.BadData, IOException {
+        when(encrypt.signWith((InputStream) any())).thenThrow(new SOPGPException.UnsupportedAsymmetricAlgo("Unsupported asymmetric algorithm.", new Exception()));
+        File keyFile = File.createTempFile("sign-with", ".asc");
+        SopCLI.main(new String[] {"encrypt", "--with-password", "123456", "--sign-with", keyFile.getAbsolutePath()});
+    }
+
+    @Test
+    @ExpectSystemExitWithStatus(79)
+    public void signWith_certCannotSignCausesExit1() throws IOException, SOPGPException.KeyIsProtected, SOPGPException.UnsupportedAsymmetricAlgo, SOPGPException.KeyCannotSign, SOPGPException.BadData {
+        when(encrypt.signWith((InputStream) any())).thenThrow(new SOPGPException.KeyCannotSign());
+        File keyFile = File.createTempFile("sign-with", ".asc");
+        SopCLI.main(new String[] {"encrypt", "--with-password", "dragon", "--sign-with", keyFile.getAbsolutePath()});
+    }
+
+    @Test
+    @ExpectSystemExitWithStatus(41)
+    public void signWith_badDataCausesExit41() throws SOPGPException.KeyIsProtected, SOPGPException.UnsupportedAsymmetricAlgo, SOPGPException.KeyCannotSign, SOPGPException.BadData, IOException {
+        when(encrypt.signWith((InputStream) any())).thenThrow(new SOPGPException.BadData(new IOException()));
+        File keyFile = File.createTempFile("sign-with", ".asc");
+        SopCLI.main(new String[] {"encrypt", "--with-password", "orange", "--sign-with", keyFile.getAbsolutePath()});
+    }
+
+    @Test
+    @ExpectSystemExitWithStatus(61)
+    public void cert_nonExistentCertFileCausesExit61() {
+        SopCLI.main(new String[] {"encrypt", "invalid.asc"});
+    }
+
+    @Test
+    @ExpectSystemExitWithStatus(13)
+    public void cert_unsupportedAsymmetricAlgorithmCausesExit13() throws IOException, SOPGPException.UnsupportedAsymmetricAlgo, SOPGPException.CertCannotEncrypt, SOPGPException.BadData {
+        when(encrypt.withCert((InputStream) any())).thenThrow(new SOPGPException.UnsupportedAsymmetricAlgo("Unsupported asymmetric algorithm.", new Exception()));
+        File certFile = File.createTempFile("cert", ".asc");
+        SopCLI.main(new String[] {"encrypt", certFile.getAbsolutePath()});
+    }
+
+    @Test
+    @ExpectSystemExitWithStatus(17)
+    public void cert_certCannotEncryptCausesExit17() throws IOException, SOPGPException.UnsupportedAsymmetricAlgo, SOPGPException.CertCannotEncrypt, SOPGPException.BadData {
+        when(encrypt.withCert((InputStream) any())).thenThrow(new SOPGPException.CertCannotEncrypt("Certificate cannot encrypt.", new Exception()));
+        File certFile = File.createTempFile("cert", ".asc");
+        SopCLI.main(new String[] {"encrypt", certFile.getAbsolutePath()});
+    }
+
+    @Test
+    @ExpectSystemExitWithStatus(41)
+    public void cert_badDataCausesExit41() throws IOException, SOPGPException.UnsupportedAsymmetricAlgo, SOPGPException.CertCannotEncrypt, SOPGPException.BadData {
+        when(encrypt.withCert((InputStream) any())).thenThrow(new SOPGPException.BadData(new IOException()));
+        File certFile = File.createTempFile("cert", ".asc");
+        SopCLI.main(new String[] {"encrypt", certFile.getAbsolutePath()});
+    }
+
+    @Test
+    public void noArmor_notCalledByDefault() {
+        SopCLI.main(new String[] {"encrypt", "--with-password", "clownfish"});
+        verify(encrypt, never()).noArmor();
+    }
+
+    @Test
+    public void noArmor_callGetsPassedDown() {
+        SopCLI.main(new String[] {"encrypt", "--with-password", "monkey", "--no-armor"});
+        verify(encrypt, times(1)).noArmor();
+    }
+
+    @Test
+    @ExpectSystemExitWithStatus(1)
+    public void writeTo_ioExceptionCausesExit1() throws IOException {
+        when(encrypt.plaintext((InputStream) any())).thenReturn(new Ready() {
+            @Override
+            public void writeTo(OutputStream outputStream) throws IOException {
+                throw new IOException();
+            }
+        });
+
+        SopCLI.main(new String[] {"encrypt", "--with-password", "wildcat"});
+    }
+}
diff --git a/sop-java-picocli/src/test/java/sop/cli/picocli/commands/ExtractCertCmdTest.java b/sop-java-picocli/src/test/java/sop/cli/picocli/commands/ExtractCertCmdTest.java
new file mode 100644
index 0000000..382fe30
--- /dev/null
+++ b/sop-java-picocli/src/test/java/sop/cli/picocli/commands/ExtractCertCmdTest.java
@@ -0,0 +1,76 @@
+// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package sop.cli.picocli.commands;
+
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.never;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+
+import com.ginsberg.junit.exit.ExpectSystemExitWithStatus;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import sop.Ready;
+import sop.SOP;
+import sop.cli.picocli.SopCLI;
+import sop.exception.SOPGPException;
+import sop.operation.ExtractCert;
+
+public class ExtractCertCmdTest {
+
+    ExtractCert extractCert;
+
+    @BeforeEach
+    public void mockComponents() throws IOException, SOPGPException.BadData {
+        extractCert = mock(ExtractCert.class);
+        when(extractCert.key((InputStream) any())).thenReturn(new Ready() {
+            @Override
+            public void writeTo(OutputStream outputStream) {
+            }
+        });
+
+        SOP sop = mock(SOP.class);
+        when(sop.extractCert()).thenReturn(extractCert);
+
+        SopCLI.setSopInstance(sop);
+    }
+
+    @Test
+    public void noArmor_notCalledByDefault() {
+        SopCLI.main(new String[] {"extract-cert"});
+        verify(extractCert, never()).noArmor();
+    }
+
+    @Test
+    public void noArmor_passedDown() {
+        SopCLI.main(new String[] {"extract-cert", "--no-armor"});
+        verify(extractCert, times(1)).noArmor();
+    }
+
+    @Test
+    @ExpectSystemExitWithStatus(1)
+    public void key_ioExceptionCausesExit1() throws IOException, SOPGPException.BadData {
+        when(extractCert.key((InputStream) any())).thenReturn(new Ready() {
+            @Override
+            public void writeTo(OutputStream outputStream) throws IOException {
+                throw new IOException();
+            }
+        });
+        SopCLI.main(new String[] {"extract-cert"});
+    }
+
+    @Test
+    @ExpectSystemExitWithStatus(41)
+    public void key_badDataCausesExit41() throws IOException, SOPGPException.BadData {
+        when(extractCert.key((InputStream) any())).thenThrow(new SOPGPException.BadData(new IOException()));
+        SopCLI.main(new String[] {"extract-cert"});
+    }
+}
diff --git a/sop-java-picocli/src/test/java/sop/cli/picocli/commands/GenerateKeyCmdTest.java b/sop-java-picocli/src/test/java/sop/cli/picocli/commands/GenerateKeyCmdTest.java
new file mode 100644
index 0000000..643cf36
--- /dev/null
+++ b/sop-java-picocli/src/test/java/sop/cli/picocli/commands/GenerateKeyCmdTest.java
@@ -0,0 +1,98 @@
+// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package sop.cli.picocli.commands;
+
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.never;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
+import java.io.IOException;
+import java.io.OutputStream;
+
+import com.ginsberg.junit.exit.ExpectSystemExitWithStatus;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.mockito.InOrder;
+import org.mockito.Mockito;
+import sop.Ready;
+import sop.SOP;
+import sop.cli.picocli.SopCLI;
+import sop.exception.SOPGPException;
+import sop.operation.GenerateKey;
+
+public class GenerateKeyCmdTest {
+
+    GenerateKey generateKey;
+
+    @BeforeEach
+    public void mockComponents() throws SOPGPException.UnsupportedAsymmetricAlgo, SOPGPException.MissingArg, IOException {
+        generateKey = mock(GenerateKey.class);
+        when(generateKey.generate()).thenReturn(new Ready() {
+            @Override
+            public void writeTo(OutputStream outputStream) {
+
+            }
+        });
+
+        SOP sop = mock(SOP.class);
+        when(sop.generateKey()).thenReturn(generateKey);
+
+        SopCLI.setSopInstance(sop);
+    }
+
+    @Test
+    public void noArmor_notCalledByDefault() {
+        SopCLI.main(new String[] {"generate-key", "Alice"});
+        verify(generateKey, never()).noArmor();
+    }
+
+    @Test
+    public void noArmor_passedDown() {
+        SopCLI.main(new String[] {"generate-key", "--no-armor", "Alice"});
+        verify(generateKey, times(1)).noArmor();
+    }
+
+    @Test
+    public void userId_multipleUserIdsPassedDownInProperOrder() {
+        SopCLI.main(new String[] {"generate-key", "Alice <alice@pgpainless.org>", "Bob <bob@pgpainless.org>"});
+
+        InOrder inOrder = Mockito.inOrder(generateKey);
+        inOrder.verify(generateKey).userId("Alice <alice@pgpainless.org>");
+        inOrder.verify(generateKey).userId("Bob <bob@pgpainless.org>");
+
+        verify(generateKey, times(2)).userId(any());
+    }
+
+    @Test
+    @ExpectSystemExitWithStatus(19)
+    public void missingArgumentCausesExit19() throws SOPGPException.UnsupportedAsymmetricAlgo, SOPGPException.MissingArg, IOException {
+        // TODO: RFC4880-bis and the current Stateless OpenPGP CLI spec allow keys to have no user-ids,
+        //  so we might want to change this test in the future.
+        when(generateKey.generate()).thenThrow(new SOPGPException.MissingArg("Missing user-id."));
+        SopCLI.main(new String[] {"generate-key"});
+    }
+
+    @Test
+    @ExpectSystemExitWithStatus(13)
+    public void unsupportedAsymmetricAlgorithmCausesExit13() throws SOPGPException.UnsupportedAsymmetricAlgo, SOPGPException.MissingArg, IOException {
+        when(generateKey.generate()).thenThrow(new SOPGPException.UnsupportedAsymmetricAlgo("Unsupported asymmetric algorithm.", new Exception()));
+        SopCLI.main(new String[] {"generate-key", "Alice"});
+    }
+
+    @Test
+    @ExpectSystemExitWithStatus(1)
+    public void ioExceptionCausesExit1() throws SOPGPException.UnsupportedAsymmetricAlgo, SOPGPException.MissingArg, IOException {
+        when(generateKey.generate()).thenReturn(new Ready() {
+            @Override
+            public void writeTo(OutputStream outputStream) throws IOException {
+                throw new IOException();
+            }
+        });
+        SopCLI.main(new String[] {"generate-key", "Alice"});
+    }
+}
diff --git a/sop-java-picocli/src/test/java/sop/cli/picocli/commands/SignCmdTest.java b/sop-java-picocli/src/test/java/sop/cli/picocli/commands/SignCmdTest.java
new file mode 100644
index 0000000..ce0ce54
--- /dev/null
+++ b/sop-java-picocli/src/test/java/sop/cli/picocli/commands/SignCmdTest.java
@@ -0,0 +1,128 @@
+// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package sop.cli.picocli.commands;
+
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.never;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
+import java.io.File;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+
+import com.ginsberg.junit.exit.ExpectSystemExitWithStatus;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import sop.ReadyWithResult;
+import sop.SOP;
+import sop.SigningResult;
+import sop.cli.picocli.SopCLI;
+import sop.exception.SOPGPException;
+import sop.operation.Sign;
+
+public class SignCmdTest {
+
+    Sign sign;
+    File keyFile;
+
+    @BeforeEach
+    public void mockComponents() throws IOException, SOPGPException.ExpectedText {
+        sign = mock(Sign.class);
+        when(sign.data((InputStream) any())).thenReturn(new ReadyWithResult<SigningResult>() {
+            @Override
+            public SigningResult writeTo(OutputStream outputStream) {
+                return SigningResult.builder().build();
+            }
+        });
+
+        SOP sop = mock(SOP.class);
+        when(sop.sign()).thenReturn(sign);
+
+        SopCLI.setSopInstance(sop);
+
+        keyFile = File.createTempFile("sign-", ".asc");
+    }
+
+    @Test
+    public void as_optionsAreCaseInsensitive() {
+        SopCLI.main(new String[] {"sign", "--as", "Binary", keyFile.getAbsolutePath()});
+        SopCLI.main(new String[] {"sign", "--as", "binary", keyFile.getAbsolutePath()});
+        SopCLI.main(new String[] {"sign", "--as", "BINARY", keyFile.getAbsolutePath()});
+    }
+
+    @Test
+    @ExpectSystemExitWithStatus(37)
+    public void as_invalidOptionCausesExit37() {
+        SopCLI.main(new String[] {"sign", "--as", "Invalid", keyFile.getAbsolutePath()});
+    }
+
+    @Test
+    @ExpectSystemExitWithStatus(37)
+    public void as_unsupportedOptionCausesExit37() throws SOPGPException.UnsupportedOption {
+        when(sign.mode(any())).thenThrow(new SOPGPException.UnsupportedOption("Setting signing mode not supported."));
+        SopCLI.main(new String[] {"sign", "--as", "binary", keyFile.getAbsolutePath()});
+    }
+
+    @Test
+    @ExpectSystemExitWithStatus(1)
+    public void key_nonExistentKeyFileCausesExit1() {
+        SopCLI.main(new String[] {"sign", "invalid.asc"});
+    }
+
+    @Test
+    @ExpectSystemExitWithStatus(1)
+    public void key_keyIsProtectedCausesExit1() throws SOPGPException.KeyIsProtected, IOException, SOPGPException.BadData {
+        when(sign.key((InputStream) any())).thenThrow(new SOPGPException.KeyIsProtected());
+        SopCLI.main(new String[] {"sign", keyFile.getAbsolutePath()});
+    }
+
+    @Test
+    @ExpectSystemExitWithStatus(41)
+    public void key_badDataCausesExit41() throws SOPGPException.KeyIsProtected, IOException, SOPGPException.BadData {
+        when(sign.key((InputStream) any())).thenThrow(new SOPGPException.BadData(new IOException()));
+        SopCLI.main(new String[] {"sign", keyFile.getAbsolutePath()});
+    }
+
+    @Test
+    @ExpectSystemExitWithStatus(19)
+    public void key_missingKeyFileCausesExit19() {
+        SopCLI.main(new String[] {"sign"});
+    }
+
+    @Test
+    public void noArmor_notCalledByDefault() {
+        SopCLI.main(new String[] {"sign", keyFile.getAbsolutePath()});
+        verify(sign, never()).noArmor();
+    }
+
+    @Test
+    public void noArmor_passedDown() {
+        SopCLI.main(new String[] {"sign", "--no-armor", keyFile.getAbsolutePath()});
+        verify(sign, times(1)).noArmor();
+    }
+
+    @Test
+    @ExpectSystemExitWithStatus(1)
+    public void data_ioExceptionCausesExit1() throws IOException, SOPGPException.ExpectedText {
+        when(sign.data((InputStream) any())).thenReturn(new ReadyWithResult<SigningResult>() {
+            @Override
+            public SigningResult writeTo(OutputStream outputStream) throws IOException {
+                throw new IOException();
+            }
+        });
+        SopCLI.main(new String[] {"sign", keyFile.getAbsolutePath()});
+    }
+
+    @Test
+    @ExpectSystemExitWithStatus(53)
+    public void data_expectedTextExceptionCausesExit53() throws IOException, SOPGPException.ExpectedText {
+        when(sign.data((InputStream) any())).thenThrow(new SOPGPException.ExpectedText());
+        SopCLI.main(new String[] {"sign", keyFile.getAbsolutePath()});
+    }
+}
diff --git a/sop-java-picocli/src/test/java/sop/cli/picocli/commands/VerifyCmdTest.java b/sop-java-picocli/src/test/java/sop/cli/picocli/commands/VerifyCmdTest.java
new file mode 100644
index 0000000..028d245
--- /dev/null
+++ b/sop-java-picocli/src/test/java/sop/cli/picocli/commands/VerifyCmdTest.java
@@ -0,0 +1,204 @@
+// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package sop.cli.picocli.commands;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
+import java.io.ByteArrayOutputStream;
+import java.io.File;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.PrintStream;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.Date;
+
+import com.ginsberg.junit.exit.ExpectSystemExitWithStatus;
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.mockito.ArgumentMatchers;
+import sop.SOP;
+import sop.Verification;
+import sop.cli.picocli.DateParser;
+import sop.cli.picocli.SopCLI;
+import sop.exception.SOPGPException;
+import sop.operation.Verify;
+import sop.util.UTCUtil;
+
+public class VerifyCmdTest {
+
+    Verify verify;
+    File signature;
+    File cert;
+
+    PrintStream originalSout;
+
+    @BeforeEach
+    public void prepare() throws SOPGPException.UnsupportedOption, SOPGPException.BadData, SOPGPException.NoSignature, IOException {
+        originalSout = System.out;
+
+        verify = mock(Verify.class);
+        when(verify.notBefore(any())).thenReturn(verify);
+        when(verify.notAfter(any())).thenReturn(verify);
+        when(verify.cert((InputStream) any())).thenReturn(verify);
+        when(verify.signatures((InputStream) any())).thenReturn(verify);
+        when(verify.data((InputStream) any())).thenReturn(
+                Collections.singletonList(
+                        new Verification(
+                                UTCUtil.parseUTCDate("2019-10-29T18:36:45Z"),
+                                "EB85BB5FA33A75E15E944E63F231550C4F47E38E",
+                                "EB85BB5FA33A75E15E944E63F231550C4F47E38E")
+                )
+        );
+
+        SOP sop = mock(SOP.class);
+        when(sop.verify()).thenReturn(verify);
+
+        SopCLI.setSopInstance(sop);
+
+        signature = File.createTempFile("signature-", ".asc");
+        cert = File.createTempFile("cert-", ".asc");
+    }
+
+    @AfterEach
+    public void restoreSout() {
+        System.setOut(originalSout);
+    }
+
+    @Test
+    public void notAfter_passedDown() throws SOPGPException.UnsupportedOption {
+        Date date = UTCUtil.parseUTCDate("2019-10-29T18:36:45Z");
+        SopCLI.main(new String[] {"verify", "--not-after", "2019-10-29T18:36:45Z", signature.getAbsolutePath(), cert.getAbsolutePath()});
+        verify(verify, times(1)).notAfter(date);
+    }
+
+    @Test
+    public void notAfter_now() throws SOPGPException.UnsupportedOption {
+        Date now = new Date();
+        SopCLI.main(new String[] {"verify", "--not-after", "now", signature.getAbsolutePath(), cert.getAbsolutePath()});
+        verify(verify, times(1)).notAfter(dateMatcher(now));
+    }
+
+    @Test
+    public void notAfter_dashCountsAsEndOfTime() throws SOPGPException.UnsupportedOption {
+        SopCLI.main(new String[] {"verify", "--not-after", "-", signature.getAbsolutePath(), cert.getAbsolutePath()});
+        verify(verify, times(1)).notAfter(DateParser.END_OF_TIME);
+    }
+
+    @Test
+    @ExpectSystemExitWithStatus(37)
+    public void notAfter_unsupportedOptionCausesExit37() throws SOPGPException.UnsupportedOption {
+        when(verify.notAfter(any())).thenThrow(new SOPGPException.UnsupportedOption("Setting upper signature date boundary not supported."));
+        SopCLI.main(new String[] {"verify", "--not-after", "2019-10-29T18:36:45Z", signature.getAbsolutePath(), cert.getAbsolutePath()});
+    }
+
+    @Test
+    public void notBefore_passedDown() throws SOPGPException.UnsupportedOption {
+        Date date = UTCUtil.parseUTCDate("2019-10-29T18:36:45Z");
+        SopCLI.main(new String[] {"verify", "--not-before", "2019-10-29T18:36:45Z", signature.getAbsolutePath(), cert.getAbsolutePath()});
+        verify(verify, times(1)).notBefore(date);
+    }
+
+    @Test
+    public void notBefore_now() throws SOPGPException.UnsupportedOption {
+        Date now = new Date();
+        SopCLI.main(new String[] {"verify", "--not-before", "now", signature.getAbsolutePath(), cert.getAbsolutePath()});
+        verify(verify, times(1)).notBefore(dateMatcher(now));
+    }
+
+    @Test
+    public void notBefore_dashCountsAsBeginningOfTime() throws SOPGPException.UnsupportedOption {
+        SopCLI.main(new String[] {"verify", "--not-before", "-", signature.getAbsolutePath(), cert.getAbsolutePath()});
+        verify(verify, times(1)).notBefore(DateParser.BEGINNING_OF_TIME);
+    }
+
+    @Test
+    @ExpectSystemExitWithStatus(37)
+    public void notBefore_unsupportedOptionCausesExit37() throws SOPGPException.UnsupportedOption {
+        when(verify.notBefore(any())).thenThrow(new SOPGPException.UnsupportedOption("Setting lower signature date boundary not supported."));
+        SopCLI.main(new String[] {"verify", "--not-before", "2019-10-29T18:36:45Z", signature.getAbsolutePath(), cert.getAbsolutePath()});
+    }
+
+    @Test
+    public void notBeforeAndNotAfterAreCalledWithDefaultValues() throws SOPGPException.UnsupportedOption {
+        SopCLI.main(new String[] {"verify", signature.getAbsolutePath(), cert.getAbsolutePath()});
+        verify(verify, times(1)).notAfter(dateMatcher(new Date()));
+        verify(verify, times(1)).notBefore(DateParser.BEGINNING_OF_TIME);
+    }
+
+    private static Date dateMatcher(Date date) {
+        return ArgumentMatchers.argThat(argument -> Math.abs(argument.getTime() - date.getTime()) < 1000);
+    }
+
+    @Test
+    @ExpectSystemExitWithStatus(1)
+    public void cert_fileNotFoundCausesExit1() {
+        SopCLI.main(new String[] {"verify", signature.getAbsolutePath(), "invalid.asc"});
+    }
+
+    @Test
+    @ExpectSystemExitWithStatus(41)
+    public void cert_badDataCausesExit41() throws SOPGPException.BadData {
+        when(verify.cert((InputStream) any())).thenThrow(new SOPGPException.BadData(new IOException()));
+        SopCLI.main(new String[] {"verify", signature.getAbsolutePath(), cert.getAbsolutePath()});
+    }
+
+    @Test
+    @ExpectSystemExitWithStatus(1)
+    public void signature_fileNotFoundCausesExit1() {
+        SopCLI.main(new String[] {"verify", "invalid.sig", cert.getAbsolutePath()});
+    }
+
+    @Test
+    @ExpectSystemExitWithStatus(41)
+    public void signature_badDataCausesExit41() throws SOPGPException.BadData {
+        when(verify.signatures((InputStream) any())).thenThrow(new SOPGPException.BadData(new IOException()));
+        SopCLI.main(new String[] {"verify", signature.getAbsolutePath(), cert.getAbsolutePath()});
+    }
+
+    @Test
+    @ExpectSystemExitWithStatus(3)
+    public void data_noSignaturesCausesExit3() throws SOPGPException.NoSignature, IOException, SOPGPException.BadData {
+        when(verify.data((InputStream) any())).thenThrow(new SOPGPException.NoSignature());
+        SopCLI.main(new String[] {"verify", signature.getAbsolutePath(), cert.getAbsolutePath()});
+    }
+
+    @Test
+    @ExpectSystemExitWithStatus(41)
+    public void data_badDataCausesExit41() throws SOPGPException.NoSignature, IOException, SOPGPException.BadData {
+        when(verify.data((InputStream) any())).thenThrow(new SOPGPException.BadData(new IOException()));
+        SopCLI.main(new String[] {"verify", signature.getAbsolutePath(), cert.getAbsolutePath()});
+    }
+
+    @Test
+    public void resultIsPrintedProperly() throws SOPGPException.NoSignature, IOException, SOPGPException.BadData {
+        when(verify.data((InputStream) any())).thenReturn(Arrays.asList(
+                new Verification(UTCUtil.parseUTCDate("2019-10-29T18:36:45Z"),
+                        "EB85BB5FA33A75E15E944E63F231550C4F47E38E",
+                        "EB85BB5FA33A75E15E944E63F231550C4F47E38E"),
+                new Verification(UTCUtil.parseUTCDate("2019-10-24T23:48:29Z"),
+                        "C90E6D36200A1B922A1509E77618196529AE5FF8",
+                        "C4BC2DDB38CCE96485EBE9C2F20691179038E5C6")
+        ));
+
+        ByteArrayOutputStream out = new ByteArrayOutputStream();
+        System.setOut(new PrintStream(out));
+
+        SopCLI.main(new String[] {"verify", signature.getAbsolutePath(), cert.getAbsolutePath()});
+
+        System.setOut(originalSout);
+
+        String expected = "2019-10-29T18:36:45Z EB85BB5FA33A75E15E944E63F231550C4F47E38E EB85BB5FA33A75E15E944E63F231550C4F47E38E\n" +
+                "2019-10-24T23:48:29Z C90E6D36200A1B922A1509E77618196529AE5FF8 C4BC2DDB38CCE96485EBE9C2F20691179038E5C6\n";
+
+        assertEquals(expected, out.toString());
+    }
+}
diff --git a/sop-java-picocli/src/test/java/sop/cli/picocli/commands/VersionCmdTest.java b/sop-java-picocli/src/test/java/sop/cli/picocli/commands/VersionCmdTest.java
new file mode 100644
index 0000000..98ea58e
--- /dev/null
+++ b/sop-java-picocli/src/test/java/sop/cli/picocli/commands/VersionCmdTest.java
@@ -0,0 +1,46 @@
+// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package sop.cli.picocli.commands;
+
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
+import static org.mockito.Mockito.when;
+
+import com.ginsberg.junit.exit.ExpectSystemExitWithStatus;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import sop.SOP;
+import sop.cli.picocli.SopCLI;
+import sop.operation.Version;
+
+public class VersionCmdTest {
+
+    private Version version;
+
+    @BeforeEach
+    public void mockComponents() {
+        SOP sop = mock(SOP.class);
+        version = mock(Version.class);
+        when(version.getName()).thenReturn("MockSop");
+        when(version.getVersion()).thenReturn("1.0");
+        when(sop.version()).thenReturn(version);
+
+        SopCLI.setSopInstance(sop);
+    }
+
+    @Test
+    public void assertVersionCommandWorks() {
+        SopCLI.main(new String[] {"version"});
+        verify(version, times(1)).getVersion();
+        verify(version, times(1)).getName();
+    }
+
+    @Test
+    @ExpectSystemExitWithStatus(37)
+    public void assertInvalidOptionResultsInExit37() {
+        SopCLI.main(new String[] {"version", "--invalid"});
+    }
+}
diff --git a/sop-java/README.md b/sop-java/README.md
new file mode 100644
index 0000000..452576c
--- /dev/null
+++ b/sop-java/README.md
@@ -0,0 +1,80 @@
+<!--
+SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
+
+SPDX-License-Identifier: Apache-2.0
+-->
+
+# SOP-Java
+
+[![Spec Revision: 3](https://img.shields.io/badge/Spec%20Revision-3-blue)](https://datatracker.ietf.org/doc/html/draft-dkg-openpgp-stateless-cli-03)
+[![Maven Central](https://badgen.net/maven/v/maven-central/org.pgpainless/sop-java)](https://search.maven.org/artifact/org.pgpainless/sop-java)
+[![JavaDoc](https://badgen.net/badge/javadoc/yes/green)](https://pgpainless.org/releases/latest/javadoc/sop/SOP.html)
+[![REUSE status](https://api.reuse.software/badge/github.com/pgpainless/pgpainless)](https://api.reuse.software/info/github.com/pgpainless/pgpainless)
+
+Stateless OpenPGP Protocol for Java.
+
+This module contains interfaces that model the API described by the 
+[Stateless OpenPGP Command Line Interface](https://datatracker.ietf.org/doc/html/draft-dkg-openpgp-stateless-cli-03) specification.
+
+This module is not a command line application! For that, see `sop-java-picocli`.
+
+## Usage Examples
+
+The API defined by `sop-java` is super straight forward:
+```java
+SOP sop = ... // e.g. new org.pgpainless.sop.SOPImpl();
+        
+// Generate an OpenPGP key
+byte[] key = sop.generateKey()
+        .userId("Alice <alice@example.org>")
+        .generate()
+        .getBytes();
+
+// Extract the certificate (public key)
+byte[] cert = sop.extractCert()
+        .key(key)
+        .getBytes();
+
+// Encrypt a message
+byte[] message = ...
+byte[] encrypted = sop.encrypt()
+        .withCert(cert)
+        .signWith(key)
+        .plaintext(message)
+        .getBytes();
+
+// Decrypt a message
+ByteArrayAndResult<DecryptionResult> messageAndVerifications = sop.decrypt()
+        .verifyWith(cert)
+        .withKey(key)
+        .ciphertext(encrypted)
+        .toByteArrayAndResult();
+byte[] decrypted = messageAndVerifications.getBytes();
+// Signature Verifications
+DecryptionResult messageInfo = messageAndVerifications.getResult();
+List<Verification> signatureVerifications = messageInfo.getVerifications();
+```
+
+Furthermore, the API is capable of signing messages and verifying unencrypted signed data, as well as adding and removing ASCII armor.
+
+### Limitations
+As per the spec, sop-java does not (yet) deal with encrypted OpenPGP keys.
+
+## Why should I use this?
+
+If you need to use OpenPGP functionality like encrypting/decrypting messages, or creating/verifying
+signatures inside your application, you probably don't want to start from scratch and instead reuse some library.
+
+Instead of locking yourselves in by depending hard on that one library, you can simply depend on the interfaces from
+`sop-java` and plug in a library (such as `pgpainless-sop`) that implements said interfaces.
+
+That way you don't make yourself dependent from a single OpenPGP library and stay flexible.
+Should another library emerge, that better suits your needs (and implements `sop-java`), you can easily switch
+by swapping out the dependency with minimal changes to your code.
+
+## Why should I *implement* this?
+
+Did you create an [OpenPGP](https://datatracker.ietf.org/doc/html/rfc4880) implementation that can be used in the Java ecosystem?
+By implementing the `sop-java` interface, you can turn your library into a command line interface (see `sop-java-picocli`).
+This allows you to plug your library into the [OpenPGP interoperability test suite](https://tests.sequoia-pgp.org/)
+of the [Sequoia-PGP](https://sequoia-pgp.org/) project.
diff --git a/sop-java/build.gradle b/sop-java/build.gradle
new file mode 100644
index 0000000..c2e2f1f
--- /dev/null
+++ b/sop-java/build.gradle
@@ -0,0 +1,22 @@
+// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+plugins {
+    id 'java'
+}
+
+group 'org.pgpainless'
+
+repositories {
+    mavenCentral()
+}
+
+dependencies {
+    testImplementation "org.junit.jupiter:junit-jupiter-api:$junitVersion"
+    testRuntimeOnly "org.junit.jupiter:junit-jupiter-engine:$junitVersion"
+}
+
+test {
+    useJUnitPlatform()
+}
\ No newline at end of file
diff --git a/sop-java/src/main/java/sop/ByteArrayAndResult.java b/sop-java/src/main/java/sop/ByteArrayAndResult.java
new file mode 100644
index 0000000..fd2b39a
--- /dev/null
+++ b/sop-java/src/main/java/sop/ByteArrayAndResult.java
@@ -0,0 +1,50 @@
+// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package sop;
+
+import java.io.ByteArrayInputStream;
+import java.io.InputStream;
+
+/**
+ * Tuple of a byte array and associated result object.
+ * @param <T> type of result
+ */
+public class ByteArrayAndResult<T> {
+
+    private final byte[] bytes;
+    private final T result;
+
+    public ByteArrayAndResult(byte[] bytes, T result) {
+        this.bytes = bytes;
+        this.result = result;
+    }
+
+    /**
+     * Return the byte array part.
+     *
+     * @return bytes
+     */
+    public byte[] getBytes() {
+        return bytes;
+    }
+
+    /**
+     * Return the result part.
+     *
+     * @return result
+     */
+    public T getResult() {
+        return result;
+    }
+
+    /**
+     * Return the byte array part as an {@link InputStream}.
+     *
+     * @return input stream
+     */
+    public InputStream getInputStream() {
+        return new ByteArrayInputStream(getBytes());
+    }
+}
diff --git a/sop-java/src/main/java/sop/DecryptionResult.java b/sop-java/src/main/java/sop/DecryptionResult.java
new file mode 100644
index 0000000..4f0e1ab
--- /dev/null
+++ b/sop-java/src/main/java/sop/DecryptionResult.java
@@ -0,0 +1,29 @@
+// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package sop;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+import sop.util.Optional;
+
+public class DecryptionResult {
+
+    private final Optional<SessionKey> sessionKey;
+    private final List<Verification> verifications;
+
+    public DecryptionResult(SessionKey sessionKey, List<Verification> verifications) {
+        this.sessionKey = Optional.ofNullable(sessionKey);
+        this.verifications = Collections.unmodifiableList(verifications);
+    }
+
+    public Optional<SessionKey> getSessionKey() {
+        return sessionKey;
+    }
+
+    public List<Verification> getVerifications() {
+        return new ArrayList<>(verifications);
+    }
+}
diff --git a/sop-java/src/main/java/sop/MicAlg.java b/sop-java/src/main/java/sop/MicAlg.java
new file mode 100644
index 0000000..5bee787
--- /dev/null
+++ b/sop-java/src/main/java/sop/MicAlg.java
@@ -0,0 +1,55 @@
+// SPDX-FileCopyrightText: 2022 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package sop;
+
+import java.io.OutputStream;
+import java.io.PrintWriter;
+
+public class MicAlg {
+
+    private final String micAlg;
+
+    public MicAlg(String micAlg) {
+        if (micAlg == null) {
+            throw new IllegalArgumentException("MicAlg String cannot be null.");
+        }
+        this.micAlg = micAlg;
+    }
+
+    public static MicAlg empty() {
+        return new MicAlg("");
+    }
+
+    public static MicAlg fromHashAlgorithmId(int id) {
+        switch (id) {
+            case 1:
+                return new MicAlg("pgp-md5");
+            case 2:
+                return new MicAlg("pgp-sha1");
+            case 3:
+                return new MicAlg("pgp-ripemd160");
+            case 8:
+                return new MicAlg("pgp-sha256");
+            case 9:
+                return new MicAlg("pgp-sha384");
+            case 10:
+                return new MicAlg("pgp-sha512");
+            case 11:
+                return new MicAlg("pgp-sha224");
+            default:
+                throw new IllegalArgumentException("Unsupported hash algorithm ID: " + id);
+        }
+    }
+
+    public String getMicAlg() {
+        return micAlg;
+    }
+
+    public void writeTo(OutputStream outputStream) {
+        PrintWriter pw = new PrintWriter(outputStream);
+        pw.write(getMicAlg());
+        pw.close();
+    }
+}
diff --git a/sop-java/src/main/java/sop/Ready.java b/sop-java/src/main/java/sop/Ready.java
new file mode 100644
index 0000000..71ab26e
--- /dev/null
+++ b/sop-java/src/main/java/sop/Ready.java
@@ -0,0 +1,45 @@
+// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package sop;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+
+public abstract class Ready {
+
+    /**
+     * Write the data to the provided output stream.
+     *
+     * @param outputStream output stream
+     * @throws IOException in case of an IO error
+     */
+    public abstract void writeTo(OutputStream outputStream) throws IOException;
+
+    /**
+     * Return the data as a byte array by writing it to a {@link ByteArrayOutputStream} first and then returning
+     * the array.
+     *
+     * @return data as byte array
+     * @throws IOException in case of an IO error
+     */
+    public byte[] getBytes() throws IOException {
+        ByteArrayOutputStream bytes = new ByteArrayOutputStream();
+        writeTo(bytes);
+        return bytes.toByteArray();
+    }
+
+    /**
+     * Return an input stream containing the data.
+     *
+     * @return input stream
+     * @throws IOException in case of an IO error
+     */
+    public InputStream getInputStream() throws IOException {
+        return new ByteArrayInputStream(getBytes());
+    }
+}
diff --git a/sop-java/src/main/java/sop/ReadyWithResult.java b/sop-java/src/main/java/sop/ReadyWithResult.java
new file mode 100644
index 0000000..9feedda
--- /dev/null
+++ b/sop-java/src/main/java/sop/ReadyWithResult.java
@@ -0,0 +1,41 @@
+// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package sop;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.OutputStream;
+
+import sop.exception.SOPGPException;
+
+public abstract class ReadyWithResult<T> {
+
+    /**
+     * Write the data e.g. decrypted plaintext to the provided output stream and return the result of the
+     * processing operation.
+     *
+     * @param outputStream output stream
+     * @return result, eg. signatures
+     *
+     * @throws IOException in case of an IO error
+     * @throws SOPGPException.NoSignature if there are no valid signatures found
+     */
+    public abstract T writeTo(OutputStream outputStream) throws IOException, SOPGPException.NoSignature;
+
+    /**
+     * Return the data as a {@link ByteArrayAndResult}.
+     * Calling {@link ByteArrayAndResult#getBytes()} will give you access to the data as byte array, while
+     * {@link ByteArrayAndResult#getResult()} will grant access to the appended result.
+     *
+     * @return byte array and result
+     * @throws IOException in case of an IO error
+     * @throws SOPGPException.NoSignature if there are no valid signatures found
+     */
+    public ByteArrayAndResult<T> toByteArrayAndResult() throws IOException, SOPGPException.NoSignature {
+        ByteArrayOutputStream bytes = new ByteArrayOutputStream();
+        T result = writeTo(bytes);
+        return new ByteArrayAndResult<>(bytes.toByteArray(), result);
+    }
+}
diff --git a/sop-java/src/main/java/sop/SOP.java b/sop-java/src/main/java/sop/SOP.java
new file mode 100644
index 0000000..2c2ccf1
--- /dev/null
+++ b/sop-java/src/main/java/sop/SOP.java
@@ -0,0 +1,95 @@
+// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package sop;
+
+import sop.operation.Armor;
+import sop.operation.Dearmor;
+import sop.operation.Decrypt;
+import sop.operation.DetachInbandSignatureAndMessage;
+import sop.operation.Encrypt;
+import sop.operation.ExtractCert;
+import sop.operation.GenerateKey;
+import sop.operation.Sign;
+import sop.operation.Verify;
+import sop.operation.Version;
+
+/**
+ * Stateless OpenPGP Interface.
+ */
+public interface SOP {
+
+    /**
+     * Get information about the implementations name and version.
+     *
+     * @return version
+     */
+    Version version();
+
+    /**
+     * Generate a secret key.
+     * Customize the operation using the builder {@link GenerateKey}.
+     *
+     * @return builder instance
+     */
+    GenerateKey generateKey();
+
+    /**
+     * Extract a certificate (public key) from a secret key.
+     * Customize the operation using the builder {@link ExtractCert}.
+     *
+     * @return builder instance
+     */
+    ExtractCert extractCert();
+
+    /**
+     * Create detached signatures.
+     * Customize the operation using the builder {@link Sign}.
+     *
+     * @return builder instance
+     */
+    Sign sign();
+
+    /**
+     * Verify detached signatures.
+     * Customize the operation using the builder {@link Verify}.
+     *
+     * @return builder instance
+     */
+    Verify verify();
+
+    /**
+     * Encrypt a message.
+     * Customize the operation using the builder {@link Encrypt}.
+     *
+     * @return builder instance
+     */
+    Encrypt encrypt();
+
+    /**
+     * Decrypt a message.
+     * Customize the operation using the builder {@link Decrypt}.
+     *
+     * @return builder instance
+     */
+    Decrypt decrypt();
+
+    /**
+     * Convert binary OpenPGP data to ASCII.
+     * Customize the operation using the builder {@link Armor}.
+     *
+     * @return builder instance
+     */
+    Armor armor();
+
+    /**
+     * Converts ASCII armored OpenPGP data to binary.
+     * Customize the operation using the builder {@link Dearmor}.
+     *
+     * @return builder instance
+     */
+    Dearmor dearmor();
+
+    DetachInbandSignatureAndMessage detachInbandSignatureAndMessage();
+}
diff --git a/sop-java/src/main/java/sop/SessionKey.java b/sop-java/src/main/java/sop/SessionKey.java
new file mode 100644
index 0000000..2adcec4
--- /dev/null
+++ b/sop-java/src/main/java/sop/SessionKey.java
@@ -0,0 +1,79 @@
+// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package sop;
+
+import java.util.Arrays;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+import sop.util.HexUtil;
+
+public class SessionKey {
+
+    private static final Pattern PATTERN = Pattern.compile("^(\\d):([0-9a-fA-F]+)$");
+
+    private final byte algorithm;
+    private final byte[] sessionKey;
+
+    public SessionKey(byte algorithm, byte[] sessionKey) {
+        this.algorithm = algorithm;
+        this.sessionKey = sessionKey;
+    }
+
+    /**
+     * Return the symmetric algorithm octet.
+     *
+     * @return algorithm id
+     */
+    public byte getAlgorithm() {
+        return algorithm;
+    }
+
+    /**
+     * Return the session key.
+     *
+     * @return session key
+     */
+    public byte[] getKey() {
+        return sessionKey;
+    }
+
+    @Override
+    public int hashCode() {
+        return getAlgorithm() * 17 + Arrays.hashCode(getKey());
+    }
+
+    @Override
+    public boolean equals(Object other) {
+        if (other == null) {
+            return false;
+        }
+        if (this == other) {
+            return true;
+        }
+        if (!(other instanceof SessionKey)) {
+            return false;
+        }
+
+        SessionKey otherKey = (SessionKey) other;
+        return getAlgorithm() == otherKey.getAlgorithm() && Arrays.equals(getKey(), otherKey.getKey());
+    }
+
+    public static SessionKey fromString(String string) {
+        Matcher matcher = PATTERN.matcher(string);
+        if (!matcher.matches()) {
+            throw new IllegalArgumentException("Provided session key does not match expected format.");
+        }
+        byte algorithm = Byte.parseByte(matcher.group(1));
+        String key = matcher.group(2);
+
+        return new SessionKey(algorithm, HexUtil.hexToBytes(key));
+    }
+
+    @Override
+    public String toString() {
+        return "" + (int) getAlgorithm() + ':' + HexUtil.bytesToHex(sessionKey);
+    }
+}
diff --git a/sop-java/src/main/java/sop/Signatures.java b/sop-java/src/main/java/sop/Signatures.java
new file mode 100644
index 0000000..dd3f000
--- /dev/null
+++ b/sop-java/src/main/java/sop/Signatures.java
@@ -0,0 +1,21 @@
+// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package sop;
+
+import java.io.IOException;
+import java.io.OutputStream;
+
+public abstract class Signatures extends Ready {
+
+    /**
+     * Write OpenPGP signatures to the provided output stream.
+     *
+     * @param signatureOutputStream output stream
+     * @throws IOException in case of an IO error
+     */
+    @Override
+    public abstract void writeTo(OutputStream signatureOutputStream) throws IOException;
+
+}
diff --git a/sop-java/src/main/java/sop/SigningResult.java b/sop-java/src/main/java/sop/SigningResult.java
new file mode 100644
index 0000000..2cb142d
--- /dev/null
+++ b/sop-java/src/main/java/sop/SigningResult.java
@@ -0,0 +1,50 @@
+// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package sop;
+
+/**
+ * This class contains various information about a signed message.
+ */
+public final class SigningResult {
+
+    private final MicAlg micAlg;
+
+    private SigningResult(MicAlg micAlg) {
+        this.micAlg = micAlg;
+    }
+
+    /**
+     * Return a string identifying the digest mechanism used to create the signed message.
+     * This is useful for setting the micalg= parameter for the multipart/signed
+     * content type of a PGP/MIME object as described in section 5 of [RFC3156].
+     *
+     * If more than one signature was generated and different digest mechanisms were used,
+     * the value of the micalg object is an empty string.
+     *
+     * @return micalg
+     */
+    public MicAlg getMicAlg() {
+        return micAlg;
+    }
+
+    public static Builder builder() {
+        return new Builder();
+    }
+
+    public static class Builder {
+
+        private MicAlg micAlg;
+
+        public Builder setMicAlg(MicAlg micAlg) {
+            this.micAlg = micAlg;
+            return this;
+        }
+
+        public SigningResult build() {
+            SigningResult signingResult = new SigningResult(micAlg);
+            return signingResult;
+        }
+    }
+}
diff --git a/sop-java/src/main/java/sop/Verification.java b/sop-java/src/main/java/sop/Verification.java
new file mode 100644
index 0000000..2047c3d
--- /dev/null
+++ b/sop-java/src/main/java/sop/Verification.java
@@ -0,0 +1,58 @@
+// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package sop;
+
+import java.util.Date;
+
+import sop.util.UTCUtil;
+
+public class Verification {
+
+    private final Date creationTime;
+    private final String signingKeyFingerprint;
+    private final String signingCertFingerprint;
+
+    public Verification(Date creationTime, String signingKeyFingerprint, String signingCertFingerprint) {
+        this.creationTime = creationTime;
+        this.signingKeyFingerprint = signingKeyFingerprint;
+        this.signingCertFingerprint = signingCertFingerprint;
+    }
+
+    /**
+     * Return the signatures' creation time.
+     *
+     * @return signature creation time
+     */
+    public Date getCreationTime() {
+        return creationTime;
+    }
+
+    /**
+     * Return the fingerprint of the signing (sub)key.
+     *
+     * @return signing key fingerprint
+     */
+    public String getSigningKeyFingerprint() {
+        return signingKeyFingerprint;
+    }
+
+    /**
+     * Return the fingerprint fo the signing certificate.
+     *
+     * @return signing certificate fingerprint
+     */
+    public String getSigningCertFingerprint() {
+        return signingCertFingerprint;
+    }
+
+    @Override
+    public String toString() {
+        return UTCUtil.formatUTCDate(getCreationTime()) +
+                ' ' +
+                getSigningKeyFingerprint() +
+                ' ' +
+                getSigningCertFingerprint();
+    }
+}
diff --git a/sop-java/src/main/java/sop/enums/ArmorLabel.java b/sop-java/src/main/java/sop/enums/ArmorLabel.java
new file mode 100644
index 0000000..aeaa6f9
--- /dev/null
+++ b/sop-java/src/main/java/sop/enums/ArmorLabel.java
@@ -0,0 +1,13 @@
+// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package sop.enums;
+
+public enum ArmorLabel {
+    Auto,
+    Sig,
+    Key,
+    Cert,
+    Message
+}
diff --git a/sop-java/src/main/java/sop/enums/EncryptAs.java b/sop-java/src/main/java/sop/enums/EncryptAs.java
new file mode 100644
index 0000000..2de6792
--- /dev/null
+++ b/sop-java/src/main/java/sop/enums/EncryptAs.java
@@ -0,0 +1,11 @@
+// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package sop.enums;
+
+public enum EncryptAs {
+    Binary,
+    Text,
+    MIME
+}
diff --git a/sop-java/src/main/java/sop/enums/SignAs.java b/sop-java/src/main/java/sop/enums/SignAs.java
new file mode 100644
index 0000000..fcd79f4
--- /dev/null
+++ b/sop-java/src/main/java/sop/enums/SignAs.java
@@ -0,0 +1,10 @@
+// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package sop.enums;
+
+public enum SignAs {
+    Binary,
+    Text
+}
diff --git a/sop-java/src/main/java/sop/enums/package-info.java b/sop-java/src/main/java/sop/enums/package-info.java
new file mode 100644
index 0000000..67148d3
--- /dev/null
+++ b/sop-java/src/main/java/sop/enums/package-info.java
@@ -0,0 +1,9 @@
+// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+/**
+ * Stateless OpenPGP Interface for Java.
+ * Enumerations.
+ */
+package sop.enums;
diff --git a/sop-java/src/main/java/sop/exception/SOPGPException.java b/sop-java/src/main/java/sop/exception/SOPGPException.java
new file mode 100644
index 0000000..6b844f5
--- /dev/null
+++ b/sop-java/src/main/java/sop/exception/SOPGPException.java
@@ -0,0 +1,316 @@
+// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package sop.exception;
+
+public abstract class SOPGPException extends RuntimeException {
+
+    public SOPGPException() {
+        super();
+    }
+
+    public SOPGPException(String message) {
+        super(message);
+    }
+
+    public SOPGPException(Throwable e) {
+        super(e);
+    }
+
+    public SOPGPException(String message, Throwable cause) {
+        super(message, cause);
+    }
+
+    public abstract int getExitCode();
+
+    /**
+     * No acceptable signatures found (sop verify).
+     */
+    public static class NoSignature extends SOPGPException {
+
+        public static final int EXIT_CODE = 3;
+
+        public NoSignature() {
+            super("No verifiable signature found.");
+        }
+
+        @Override
+        public int getExitCode() {
+            return EXIT_CODE;
+        }
+    }
+
+    /**
+     * Asymmetric algorithm unsupported (sop encrypt).
+     */
+    public static class UnsupportedAsymmetricAlgo extends SOPGPException {
+
+        public static final int EXIT_CODE = 13;
+
+        public UnsupportedAsymmetricAlgo(String message, Throwable e) {
+            super(message, e);
+        }
+
+        @Override
+        public int getExitCode() {
+            return EXIT_CODE;
+        }
+    }
+
+    /**
+     * Certificate not encryption capable (e,g, expired, revoked, unacceptable usage).
+     */
+    public static class CertCannotEncrypt extends SOPGPException {
+        public static final int EXIT_CODE = 17;
+
+        public CertCannotEncrypt(String message, Throwable cause) {
+            super(message, cause);
+        }
+
+        @Override
+        public int getExitCode() {
+            return EXIT_CODE;
+        }
+    }
+
+    /**
+     * Missing required argument.
+     */
+    public static class MissingArg extends SOPGPException {
+
+        public static final int EXIT_CODE = 19;
+
+        public MissingArg(String s) {
+            super(s);
+        }
+
+        @Override
+        public int getExitCode() {
+            return EXIT_CODE;
+        }
+    }
+
+    /**
+     * Incomplete verification instructions (sop decrypt).
+     */
+    public static class IncompleteVerification extends SOPGPException {
+
+        public static final int EXIT_CODE = 23;
+
+        public IncompleteVerification(String message) {
+            super(message);
+        }
+
+        @Override
+        public int getExitCode() {
+            return EXIT_CODE;
+        }
+    }
+
+    /**
+     * Unable to decrypt (sop decrypt).
+     */
+    public static class CannotDecrypt extends SOPGPException {
+
+        public static final int EXIT_CODE = 29;
+
+        @Override
+        public int getExitCode() {
+            return EXIT_CODE;
+        }
+    }
+
+    /**
+     * Non-UTF-8 or otherwise unreliable password (sop encrypt).
+     */
+    public static class PasswordNotHumanReadable extends SOPGPException {
+
+        public static final int EXIT_CODE = 31;
+
+        @Override
+        public int getExitCode() {
+            return EXIT_CODE;
+        }
+    }
+
+    /**
+     * Unsupported option.
+     */
+    public static class UnsupportedOption extends SOPGPException {
+
+        public static final int EXIT_CODE = 37;
+
+        public UnsupportedOption(String message) {
+            super(message);
+        }
+
+        public UnsupportedOption(String message, Throwable cause) {
+            super(message, cause);
+        }
+
+        @Override
+        public int getExitCode() {
+            return EXIT_CODE;
+        }
+    }
+
+    /**
+     * Invalid data type (no secret key where KEYS expected, etc.).
+     */
+    public static class BadData extends SOPGPException {
+
+        public static final int EXIT_CODE = 41;
+
+        public BadData(Throwable e) {
+            super(e);
+        }
+
+        public BadData(String message, BadData badData) {
+            super(message, badData);
+        }
+
+        @Override
+        public int getExitCode() {
+            return EXIT_CODE;
+        }
+    }
+
+    /**
+     * Non-Text input where text expected.
+     */
+    public static class ExpectedText extends SOPGPException {
+
+        public static final int EXIT_CODE = 53;
+
+        @Override
+        public int getExitCode() {
+            return EXIT_CODE;
+        }
+    }
+
+    /**
+     * Output file already exists.
+     */
+    public static class OutputExists extends SOPGPException {
+
+        public static final int EXIT_CODE = 59;
+
+        public OutputExists(String message) {
+            super(message);
+        }
+
+        @Override
+        public int getExitCode() {
+            return EXIT_CODE;
+        }
+    }
+
+    /**
+     * Input file does not exist.
+     */
+    public static class MissingInput extends SOPGPException {
+
+        public static final int EXIT_CODE = 61;
+
+        public MissingInput(String message, Throwable cause) {
+            super(message, cause);
+        }
+
+        @Override
+        public int getExitCode() {
+            return EXIT_CODE;
+        }
+    }
+
+    /**
+     * A KEYS input is protected (locked) with a password, and sop cannot unlock it.
+     */
+    public static class KeyIsProtected extends SOPGPException {
+
+        public static final int EXIT_CODE = 67;
+
+        public KeyIsProtected() {
+            super();
+        }
+
+        public KeyIsProtected(String message, Throwable cause) {
+            super(message, cause);
+        }
+
+        @Override
+        public int getExitCode() {
+            return EXIT_CODE;
+        }
+    }
+
+    /**
+     * Unsupported subcommand.
+     */
+    public static class UnsupportedSubcommand extends SOPGPException {
+
+        public static final int EXIT_CODE = 69;
+
+        public UnsupportedSubcommand(String message) {
+            super(message);
+        }
+
+        @Override
+        public int getExitCode() {
+            return EXIT_CODE;
+        }
+    }
+
+    /**
+     * An indirect parameter is a special designator (it starts with @), but sop does not know how to handle the prefix.
+     */
+    public static class UnsupportedSpecialPrefix extends SOPGPException {
+
+        public static final int EXIT_CODE = 71;
+
+        @Override
+        public int getExitCode() {
+            return EXIT_CODE;
+        }
+    }
+
+    /**
+     * A indirect input parameter is a special designator (it starts with @),
+     * and a filename matching the designator is actually present.
+     */
+    public static class AmbiguousInput extends SOPGPException {
+
+        public static final int EXIT_CODE = 73;
+
+        public AmbiguousInput(String message) {
+            super(message);
+        }
+
+        @Override
+        public int getExitCode() {
+            return EXIT_CODE;
+        }
+    }
+
+    /**
+     * Key not signature-capable (e.g. expired, revoked, unacceptable usage flags)
+     * (sop sign and sop encrypt with --sign-with).
+     */
+    public static class KeyCannotSign extends SOPGPException {
+
+        public static final int EXIT_CODE = 79;
+
+        public KeyCannotSign() {
+            super();
+        }
+
+        public KeyCannotSign(String s, KeyCannotSign keyCannotSign) {
+            super(s, keyCannotSign);
+        }
+
+        @Override
+        public int getExitCode() {
+            return EXIT_CODE;
+        }
+    }
+}
diff --git a/sop-java/src/main/java/sop/exception/package-info.java b/sop-java/src/main/java/sop/exception/package-info.java
new file mode 100644
index 0000000..4abc562
--- /dev/null
+++ b/sop-java/src/main/java/sop/exception/package-info.java
@@ -0,0 +1,9 @@
+// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+/**
+ * Stateless OpenPGP Interface for Java.
+ * Exception classes.
+ */
+package sop.exception;
diff --git a/sop-java/src/main/java/sop/operation/Armor.java b/sop-java/src/main/java/sop/operation/Armor.java
new file mode 100644
index 0000000..dea3257
--- /dev/null
+++ b/sop-java/src/main/java/sop/operation/Armor.java
@@ -0,0 +1,41 @@
+// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package sop.operation;
+
+import java.io.ByteArrayInputStream;
+import java.io.InputStream;
+
+import sop.Ready;
+import sop.enums.ArmorLabel;
+import sop.exception.SOPGPException;
+
+public interface Armor {
+
+    /**
+     * Overrides automatic detection of label.
+     *
+     * @param label armor label
+     * @return builder instance
+     */
+    Armor label(ArmorLabel label) throws SOPGPException.UnsupportedOption;
+
+    /**
+     * Armor the provided data.
+     *
+     * @param data input stream of unarmored OpenPGP data
+     * @return armored data
+     */
+    Ready data(InputStream data) throws SOPGPException.BadData;
+
+    /**
+     * Armor the provided data.
+     *
+     * @param data unarmored OpenPGP data
+     * @return armored data
+     */
+    default Ready data(byte[] data) throws SOPGPException.BadData {
+        return data(new ByteArrayInputStream(data));
+    }
+}
diff --git a/sop-java/src/main/java/sop/operation/Dearmor.java b/sop-java/src/main/java/sop/operation/Dearmor.java
new file mode 100644
index 0000000..35eceb5
--- /dev/null
+++ b/sop-java/src/main/java/sop/operation/Dearmor.java
@@ -0,0 +1,33 @@
+// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package sop.operation;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+
+import sop.Ready;
+import sop.exception.SOPGPException;
+
+public interface Dearmor {
+
+    /**
+     * Dearmor armored OpenPGP data.
+     *
+     * @param data armored OpenPGP data
+     * @return input stream of unarmored data
+     */
+    Ready data(InputStream data) throws SOPGPException.BadData, IOException;
+
+    /**
+     * Dearmor armored OpenPGP data.
+     *
+     * @param data armored OpenPGP data
+     * @return input stream of unarmored data
+     */
+    default Ready data(byte[] data) throws SOPGPException.BadData, IOException {
+        return data(new ByteArrayInputStream(data));
+    }
+}
diff --git a/sop-java/src/main/java/sop/operation/Decrypt.java b/sop-java/src/main/java/sop/operation/Decrypt.java
new file mode 100644
index 0000000..0811ac2
--- /dev/null
+++ b/sop-java/src/main/java/sop/operation/Decrypt.java
@@ -0,0 +1,118 @@
+// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package sop.operation;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Date;
+
+import sop.DecryptionResult;
+import sop.ReadyWithResult;
+import sop.SessionKey;
+import sop.exception.SOPGPException;
+
+public interface Decrypt {
+
+    /**
+     * Makes the SOP consider signatures before this date invalid.
+     *
+     * @param timestamp timestamp
+     * @return builder instance
+     */
+    Decrypt verifyNotBefore(Date timestamp)
+            throws SOPGPException.UnsupportedOption;
+
+    /**
+     * Makes the SOP consider signatures after this date invalid.
+     *
+     * @param timestamp timestamp
+     * @return builder instance
+     */
+    Decrypt verifyNotAfter(Date timestamp)
+            throws SOPGPException.UnsupportedOption;
+
+    /**
+     * Adds one or more verification cert.
+     *
+     * @param cert input stream containing the cert(s)
+     * @return builder instance
+     */
+    Decrypt verifyWithCert(InputStream cert)
+            throws SOPGPException.BadData,
+            IOException;
+
+    /**
+     * Adds one or more verification cert.
+     *
+     * @param cert byte array containing the cert(s)
+     * @return builder instance
+     */
+    default Decrypt verifyWithCert(byte[] cert)
+            throws SOPGPException.BadData, IOException {
+        return verifyWithCert(new ByteArrayInputStream(cert));
+    }
+
+    /**
+     * Tries to decrypt with the given session key.
+     *
+     * @param sessionKey session key
+     * @return builder instance
+     */
+    Decrypt withSessionKey(SessionKey sessionKey)
+            throws SOPGPException.UnsupportedOption;
+
+    /**
+     * Tries to decrypt with the given password.
+     *
+     * @param password password
+     * @return builder instance
+     */
+    Decrypt withPassword(String password)
+            throws SOPGPException.PasswordNotHumanReadable,
+            SOPGPException.UnsupportedOption;
+
+    /**
+     * Adds one or more decryption key.
+     *
+     * @param key input stream containing the key(s)
+     * @return builder instance
+     */
+    Decrypt withKey(InputStream key)
+            throws SOPGPException.KeyIsProtected,
+            SOPGPException.BadData,
+            SOPGPException.UnsupportedAsymmetricAlgo;
+
+    /**
+     * Adds one or more decryption key.
+     *
+     * @param key byte array containing the key(s)
+     * @return builder instance
+     */
+    default Decrypt withKey(byte[] key)
+            throws SOPGPException.KeyIsProtected,
+            SOPGPException.BadData,
+            SOPGPException.UnsupportedAsymmetricAlgo {
+        return withKey(new ByteArrayInputStream(key));
+    }
+
+    /**
+     * Decrypts the given ciphertext, returning verification results and plaintext.
+     * @param ciphertext ciphertext
+     * @return ready with result
+     */
+    ReadyWithResult<DecryptionResult> ciphertext(InputStream ciphertext)
+            throws SOPGPException.BadData, SOPGPException.MissingArg, SOPGPException.CannotDecrypt;
+
+    /**
+     * Decrypts the given ciphertext, returning verification results and plaintext.
+     * @param ciphertext ciphertext
+     * @return ready with result
+     */
+    default ReadyWithResult<DecryptionResult> ciphertext(byte[] ciphertext)
+        throws SOPGPException.BadData, SOPGPException.MissingArg, SOPGPException.CannotDecrypt {
+        return ciphertext(new ByteArrayInputStream(ciphertext));
+    }
+}
diff --git a/sop-java/src/main/java/sop/operation/DetachInbandSignatureAndMessage.java b/sop-java/src/main/java/sop/operation/DetachInbandSignatureAndMessage.java
new file mode 100644
index 0000000..9e22258
--- /dev/null
+++ b/sop-java/src/main/java/sop/operation/DetachInbandSignatureAndMessage.java
@@ -0,0 +1,44 @@
+// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package sop.operation;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+
+import sop.ReadyWithResult;
+import sop.Signatures;
+
+/**
+ * Split cleartext signed messages up into data and signatures.
+ */
+public interface DetachInbandSignatureAndMessage {
+
+    /**
+     * Do not wrap the signatures in ASCII armor.
+     * @return builder
+     */
+    DetachInbandSignatureAndMessage noArmor();
+
+    /**
+     * Detach the provided cleartext signed message from its signatures.
+     *
+     * @param messageInputStream input stream containing the signed message
+     * @return result containing the detached message
+     * @throws IOException in case of an IO error
+     */
+    ReadyWithResult<Signatures> message(InputStream messageInputStream) throws IOException;
+
+    /**
+     * Detach the provided cleartext signed message from its signatures.
+     *
+     * @param message byte array containing the signed message
+     * @return result containing the detached message
+     * @throws IOException in case of an IO error
+     */
+    default ReadyWithResult<Signatures> message(byte[] message) throws IOException {
+        return message(new ByteArrayInputStream(message));
+    }
+}
diff --git a/sop-java/src/main/java/sop/operation/Encrypt.java b/sop-java/src/main/java/sop/operation/Encrypt.java
new file mode 100644
index 0000000..784c07a
--- /dev/null
+++ b/sop-java/src/main/java/sop/operation/Encrypt.java
@@ -0,0 +1,109 @@
+// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package sop.operation;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+
+import sop.Ready;
+import sop.enums.EncryptAs;
+import sop.exception.SOPGPException;
+
+public interface Encrypt {
+
+    /**
+     * Disable ASCII armor encoding.
+     *
+     * @return builder instance
+     */
+    Encrypt noArmor();
+
+    /**
+     * Sets encryption mode.
+     *
+     * @param mode mode
+     * @return builder instance
+     */
+    Encrypt mode(EncryptAs mode)
+            throws SOPGPException.UnsupportedOption;
+
+    /**
+     * Adds the signer key.
+     *
+     * @param key input stream containing the encoded signer key
+     * @return builder instance
+     */
+    Encrypt signWith(InputStream key)
+            throws SOPGPException.KeyIsProtected,
+            SOPGPException.KeyCannotSign,
+            SOPGPException.UnsupportedAsymmetricAlgo,
+            SOPGPException.BadData;
+
+    /**
+     * Adds the signer key.
+     *
+     * @param key byte array containing the encoded signer key
+     * @return builder instance
+     */
+    default Encrypt signWith(byte[] key)
+            throws SOPGPException.KeyIsProtected,
+            SOPGPException.KeyCannotSign,
+            SOPGPException.UnsupportedAsymmetricAlgo,
+            SOPGPException.BadData {
+        return signWith(new ByteArrayInputStream(key));
+    }
+
+    /**
+     * Encrypt with the given password.
+     *
+     * @param password password
+     * @return builder instance
+     */
+    Encrypt withPassword(String password)
+            throws SOPGPException.PasswordNotHumanReadable,
+            SOPGPException.UnsupportedOption;
+
+    /**
+     * Encrypt with the given cert.
+     *
+     * @param cert input stream containing the encoded cert.
+     * @return builder instance
+     */
+    Encrypt withCert(InputStream cert)
+            throws SOPGPException.CertCannotEncrypt,
+            SOPGPException.UnsupportedAsymmetricAlgo,
+            SOPGPException.BadData;
+
+    /**
+     * Encrypt with the given cert.
+     *
+     * @param cert byte array containing the encoded cert.
+     * @return builder instance
+     */
+    default Encrypt withCert(byte[] cert)
+            throws SOPGPException.CertCannotEncrypt,
+            SOPGPException.UnsupportedAsymmetricAlgo,
+            SOPGPException.BadData {
+        return withCert(new ByteArrayInputStream(cert));
+    }
+
+    /**
+     * Encrypt the given data yielding the ciphertext.
+     * @param plaintext plaintext
+     * @return input stream containing the ciphertext
+     */
+    Ready plaintext(InputStream plaintext)
+        throws IOException;
+
+    /**
+     * Encrypt the given data yielding the ciphertext.
+     * @param plaintext plaintext
+     * @return input stream containing the ciphertext
+     */
+    default Ready plaintext(byte[] plaintext) throws IOException {
+        return plaintext(new ByteArrayInputStream(plaintext));
+    }
+}
diff --git a/sop-java/src/main/java/sop/operation/ExtractCert.java b/sop-java/src/main/java/sop/operation/ExtractCert.java
new file mode 100644
index 0000000..3249111
--- /dev/null
+++ b/sop-java/src/main/java/sop/operation/ExtractCert.java
@@ -0,0 +1,40 @@
+// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package sop.operation;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+
+import sop.Ready;
+import sop.exception.SOPGPException;
+
+public interface ExtractCert {
+
+    /**
+     * Disable ASCII armor encoding.
+     *
+     * @return builder instance
+     */
+    ExtractCert noArmor();
+
+    /**
+     * Extract the cert(s) from the provided key(s).
+     *
+     * @param keyInputStream input stream containing the encoding of one or more OpenPGP keys
+     * @return result containing the encoding of the keys certs
+     */
+    Ready key(InputStream keyInputStream) throws IOException, SOPGPException.BadData;
+
+    /**
+     * Extract the cert(s) from the provided key(s).
+     *
+     * @param key byte array containing the encoding of one or more OpenPGP key
+     * @return result containing the encoding of the keys certs
+     */
+    default Ready key(byte[] key) throws IOException, SOPGPException.BadData {
+        return key(new ByteArrayInputStream(key));
+    }
+}
diff --git a/sop-java/src/main/java/sop/operation/GenerateKey.java b/sop-java/src/main/java/sop/operation/GenerateKey.java
new file mode 100644
index 0000000..c652e84
--- /dev/null
+++ b/sop-java/src/main/java/sop/operation/GenerateKey.java
@@ -0,0 +1,36 @@
+// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package sop.operation;
+
+import java.io.IOException;
+import java.io.InputStream;
+
+import sop.Ready;
+import sop.exception.SOPGPException;
+
+public interface GenerateKey {
+
+    /**
+     * Disable ASCII armor encoding.
+     *
+     * @return builder instance
+     */
+    GenerateKey noArmor();
+
+    /**
+     * Adds a user-id.
+     *
+     * @param userId user-id
+     * @return builder instance
+     */
+    GenerateKey userId(String userId);
+
+    /**
+     * Generate the OpenPGP key and return it encoded as an {@link InputStream}.
+     *
+     * @return key
+     */
+    Ready generate() throws SOPGPException.MissingArg, SOPGPException.UnsupportedAsymmetricAlgo, IOException;
+}
diff --git a/sop-java/src/main/java/sop/operation/Sign.java b/sop-java/src/main/java/sop/operation/Sign.java
new file mode 100644
index 0000000..be518cd
--- /dev/null
+++ b/sop-java/src/main/java/sop/operation/Sign.java
@@ -0,0 +1,69 @@
+// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package sop.operation;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+
+import sop.ReadyWithResult;
+import sop.SigningResult;
+import sop.enums.SignAs;
+import sop.exception.SOPGPException;
+
+public interface Sign {
+
+    /**
+     * Disable ASCII armor encoding.
+     *
+     * @return builder instance
+     */
+    Sign noArmor();
+
+    /**
+     * Sets the signature mode.
+     * Note: This method has to be called before {@link #key(InputStream)} is called.
+     *
+     * @param mode signature mode
+     * @return builder instance
+     */
+    Sign mode(SignAs mode) throws SOPGPException.UnsupportedOption;
+
+    /**
+     * Add one or more signing keys.
+     *
+     * @param key input stream containing encoded keys
+     * @return builder instance
+     */
+    Sign key(InputStream key) throws SOPGPException.KeyIsProtected, SOPGPException.BadData, IOException;
+
+    /**
+     * Add one or more signing keys.
+     *
+     * @param key byte array containing encoded keys
+     * @return builder instance
+     */
+    default Sign key(byte[] key) throws SOPGPException.KeyIsProtected, SOPGPException.BadData, IOException {
+        return key(new ByteArrayInputStream(key));
+    }
+
+    /**
+     * Signs data.
+     *
+     * @param data input stream containing data
+     * @return ready
+     */
+    ReadyWithResult<SigningResult> data(InputStream data) throws IOException, SOPGPException.ExpectedText;
+
+    /**
+     * Signs data.
+     *
+     * @param data byte array containing data
+     * @return ready
+     */
+    default ReadyWithResult<SigningResult> data(byte[] data) throws IOException, SOPGPException.ExpectedText {
+        return data(new ByteArrayInputStream(data));
+    }
+}
diff --git a/sop-java/src/main/java/sop/operation/Verify.java b/sop-java/src/main/java/sop/operation/Verify.java
new file mode 100644
index 0000000..1bf9fe0
--- /dev/null
+++ b/sop-java/src/main/java/sop/operation/Verify.java
@@ -0,0 +1,67 @@
+// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package sop.operation;
+
+import java.io.ByteArrayInputStream;
+import java.io.InputStream;
+import java.util.Date;
+
+import sop.exception.SOPGPException;
+
+public interface Verify extends VerifySignatures {
+
+    /**
+     * Makes the SOP implementation consider signatures before this date invalid.
+     *
+     * @param timestamp timestamp
+     * @return builder instance
+     */
+    Verify notBefore(Date timestamp) throws SOPGPException.UnsupportedOption;
+
+    /**
+     * Makes the SOP implementation consider signatures after this date invalid.
+     *
+     * @param timestamp timestamp
+     * @return builder instance
+     */
+    Verify notAfter(Date timestamp) throws SOPGPException.UnsupportedOption;
+
+    /**
+     * Add one or more verification cert.
+     *
+     * @param cert input stream containing the encoded certs
+     * @return builder instance
+     */
+    Verify cert(InputStream cert) throws SOPGPException.BadData;
+
+    /**
+     * Add one or more verification cert.
+     *
+     * @param cert byte array containing the encoded certs
+     * @return builder instance
+     */
+    default Verify cert(byte[] cert) throws SOPGPException.BadData {
+        return cert(new ByteArrayInputStream(cert));
+    }
+
+    /**
+     * Provides the signatures.
+     * @param signatures input stream containing encoded, detached signatures.
+     *
+     * @return builder instance
+     */
+    VerifySignatures signatures(InputStream signatures) throws SOPGPException.BadData;
+
+    /**
+     * Provides the signatures.
+     * @param signatures byte array containing encoded, detached signatures.
+     *
+     * @return builder instance
+     */
+    default VerifySignatures signatures(byte[] signatures) throws SOPGPException.BadData {
+        return signatures(new ByteArrayInputStream(signatures));
+    }
+
+}
diff --git a/sop-java/src/main/java/sop/operation/VerifySignatures.java b/sop-java/src/main/java/sop/operation/VerifySignatures.java
new file mode 100644
index 0000000..d41a8ed
--- /dev/null
+++ b/sop-java/src/main/java/sop/operation/VerifySignatures.java
@@ -0,0 +1,40 @@
+// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package sop.operation;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.List;
+
+import sop.Verification;
+import sop.exception.SOPGPException;
+
+public interface VerifySignatures {
+
+    /**
+     * Provide the signed data (without signatures).
+     *
+     * @param data signed data
+     * @return list of signature verifications
+     * @throws IOException in case of an IO error
+     * @throws SOPGPException.NoSignature when no signature is found
+     * @throws SOPGPException.BadData when the data is invalid OpenPGP data
+     */
+    List<Verification> data(InputStream data) throws IOException, SOPGPException.NoSignature, SOPGPException.BadData;
+
+    /**
+     * Provide the signed data (without signatures).
+     *
+     * @param data signed data
+     * @return list of signature verifications
+     * @throws IOException in case of an IO error
+     * @throws SOPGPException.NoSignature when no signature is found
+     * @throws SOPGPException.BadData when the data is invalid OpenPGP data
+     */
+    default List<Verification> data(byte[] data) throws IOException, SOPGPException.NoSignature, SOPGPException.BadData {
+        return data(new ByteArrayInputStream(data));
+    }
+}
diff --git a/sop-java/src/main/java/sop/operation/Version.java b/sop-java/src/main/java/sop/operation/Version.java
new file mode 100644
index 0000000..0b50993
--- /dev/null
+++ b/sop-java/src/main/java/sop/operation/Version.java
@@ -0,0 +1,49 @@
+// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package sop.operation;
+
+public interface Version {
+
+    /**
+     * Return the implementations name.
+     * e.g. "SOP",
+     *
+     * @return implementation name
+     */
+    String getName();
+
+    /**
+     * Return the implementations short version string.
+     * e.g. "1.0"
+     *
+     * @return version string
+     */
+    String getVersion();
+
+    /**
+     * Return version information about the used OpenPGP backend.
+     * e.g. "Bouncycastle 1.70"
+     *
+     * @return backend version string
+     */
+    String getBackendVersion();
+
+    /**
+     * Return an extended version string containing multiple lines of version information.
+     * The first line MUST match the information produced by {@link #getName()} and {@link #getVersion()}, but the rest of the text
+     * has no defined structure.
+     * Example:
+     * <pre>
+     *     "SOP 1.0
+     *     Awesome PGP!
+     *     Using Bouncycastle 1.70
+     *     LibFoo 1.2.2
+     *     See https://pgp.example.org/sop/ for more information"
+     * </pre>
+     *
+     * @return extended version string
+     */
+    String getExtendedVersion();
+}
diff --git a/sop-java/src/main/java/sop/operation/package-info.java b/sop-java/src/main/java/sop/operation/package-info.java
new file mode 100644
index 0000000..dde4d5b
--- /dev/null
+++ b/sop-java/src/main/java/sop/operation/package-info.java
@@ -0,0 +1,9 @@
+// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+/**
+ * Stateless OpenPGP Interface for Java.
+ * Different cryptographic operations.
+ */
+package sop.operation;
diff --git a/sop-java/src/main/java/sop/package-info.java b/sop-java/src/main/java/sop/package-info.java
new file mode 100644
index 0000000..5ad4f52
--- /dev/null
+++ b/sop-java/src/main/java/sop/package-info.java
@@ -0,0 +1,8 @@
+// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+/**
+ * Stateless OpenPGP Interface for Java.
+ */
+package sop;
diff --git a/sop-java/src/main/java/sop/util/HexUtil.java b/sop-java/src/main/java/sop/util/HexUtil.java
new file mode 100644
index 0000000..9b88f53
--- /dev/null
+++ b/sop-java/src/main/java/sop/util/HexUtil.java
@@ -0,0 +1,47 @@
+// Copyright 2021 Paul Schaub, @maybeWeCouldStealAVan, @Dave L.
+// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package sop.util;
+
+public class HexUtil {
+
+    private static final char[] HEX_ARRAY = "0123456789ABCDEF".toCharArray();
+
+    /**
+     * Encode a byte array to a hex string.
+     *
+     * @see <a href="https://stackoverflow.com/a/9855338">
+     *     How to convert a byte array to a hex string in Java?</a>
+     * @param bytes bytes
+     * @return hex encoding
+     */
+    public static String bytesToHex(byte[] bytes) {
+        char[] hexChars = new char[bytes.length * 2];
+        for (int j = 0; j < bytes.length; j++) {
+            int v = bytes[j] & 0xFF;
+            hexChars[j * 2] = HEX_ARRAY[v >>> 4];
+            hexChars[j * 2 + 1] = HEX_ARRAY[v & 0x0F];
+        }
+        return new String(hexChars);
+    }
+
+    /**
+     * Decode a hex string into a byte array.
+     *
+     * @see <a href="https://stackoverflow.com/a/140861">
+     *     Convert a string representation of a hex dump to a byte array using Java?</a>
+     * @param s hex string
+     * @return decoded byte array
+     */
+    public static byte[] hexToBytes(String s) {
+        int len = s.length();
+        byte[] data = new byte[len / 2];
+        for (int i = 0; i < len; i += 2) {
+            data[i / 2] = (byte) ((Character.digit(s.charAt(i), 16) << 4)
+                    + Character.digit(s.charAt(i + 1), 16));
+        }
+        return data;
+    }
+}
diff --git a/sop-java/src/main/java/sop/util/Optional.java b/sop-java/src/main/java/sop/util/Optional.java
new file mode 100644
index 0000000..00eb201
--- /dev/null
+++ b/sop-java/src/main/java/sop/util/Optional.java
@@ -0,0 +1,50 @@
+// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package sop.util;
+
+/**
+ * Backport of java.util.Optional for older Android versions.
+ *
+ * @param <T> item type
+ */
+public class Optional<T> {
+
+    private final T item;
+
+    public Optional() {
+        this(null);
+    }
+
+    public Optional(T item) {
+        this.item = item;
+    }
+
+    public static <T> Optional<T> of(T item) {
+        if (item == null) {
+            throw new NullPointerException("Item cannot be null.");
+        }
+        return new Optional<>(item);
+    }
+
+    public static <T> Optional<T> ofNullable(T item) {
+        return new Optional<>(item);
+    }
+
+    public static <T> Optional<T> ofEmpty() {
+        return new Optional<>(null);
+    }
+
+    public T get() {
+        return item;
+    }
+
+    public boolean isPresent() {
+        return item != null;
+    }
+
+    public boolean isEmpty() {
+        return item == null;
+    }
+}
diff --git a/sop-java/src/main/java/sop/util/ProxyOutputStream.java b/sop-java/src/main/java/sop/util/ProxyOutputStream.java
new file mode 100644
index 0000000..0559e8f
--- /dev/null
+++ b/sop-java/src/main/java/sop/util/ProxyOutputStream.java
@@ -0,0 +1,80 @@
+// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package sop.util;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.OutputStream;
+
+/**
+ * {@link OutputStream} that buffers data being written into it, until its underlying output stream is being replaced.
+ * At that point, first all the buffered data is being written to the underlying stream, followed by any successive
+ * data that may get written to the {@link ProxyOutputStream}.
+ *
+ * This class is useful if we need to provide an {@link OutputStream} at one point in time when the final
+ * target output stream is not yet known.
+ */
+public class ProxyOutputStream extends OutputStream {
+
+    private final ByteArrayOutputStream buffer;
+    private OutputStream swapped;
+
+    public ProxyOutputStream() {
+        this.buffer = new ByteArrayOutputStream();
+    }
+
+    public synchronized void replaceOutputStream(OutputStream underlying) throws IOException {
+        if (underlying == null) {
+            throw new NullPointerException("Underlying OutputStream cannot be null.");
+        }
+        this.swapped = underlying;
+
+        byte[] bufferBytes = buffer.toByteArray();
+        swapped.write(bufferBytes);
+    }
+
+    @Override
+    public synchronized void write(byte[] b) throws IOException {
+        if (swapped == null) {
+            buffer.write(b);
+        } else {
+            swapped.write(b);
+        }
+    }
+
+    @Override
+    public synchronized void write(byte[] b, int off, int len) throws IOException {
+        if (swapped == null) {
+            buffer.write(b, off, len);
+        } else {
+            swapped.write(b, off, len);
+        }
+    }
+
+    @Override
+    public synchronized void flush() throws IOException {
+        buffer.flush();
+        if (swapped != null) {
+            swapped.flush();
+        }
+    }
+
+    @Override
+    public synchronized void close() throws IOException {
+        buffer.close();
+        if (swapped != null) {
+            swapped.close();
+        }
+    }
+
+    @Override
+    public synchronized void write(int i) throws IOException {
+        if (swapped == null) {
+            buffer.write(i);
+        } else {
+            swapped.write(i);
+        }
+    }
+}
diff --git a/sop-java/src/main/java/sop/util/UTCUtil.java b/sop-java/src/main/java/sop/util/UTCUtil.java
new file mode 100644
index 0000000..8ef7e77
--- /dev/null
+++ b/sop-java/src/main/java/sop/util/UTCUtil.java
@@ -0,0 +1,56 @@
+// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package sop.util;
+
+import java.text.ParseException;
+import java.text.SimpleDateFormat;
+import java.util.Date;
+import java.util.TimeZone;
+
+/**
+ * Utility class to parse and format dates as ISO-8601 UTC timestamps.
+ */
+public class UTCUtil {
+
+    public static final SimpleDateFormat UTC_FORMATTER = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'");
+    public static final SimpleDateFormat[] UTC_PARSERS = new SimpleDateFormat[] {
+            UTC_FORMATTER,
+            new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ssX"),
+            new SimpleDateFormat("yyyyMMdd'T'HHmmss'Z'"),
+            new SimpleDateFormat("yyyy-MM-dd'T'HH:mm'Z'")
+    };
+
+    static {
+        for (SimpleDateFormat f : UTC_PARSERS) {
+            f.setTimeZone(TimeZone.getTimeZone("UTC"));
+        }
+    }
+    /**
+     * Parse an ISO-8601 UTC timestamp from a string.
+     *
+     * @param dateString string
+     * @return date
+     */
+    public static Date parseUTCDate(String dateString) {
+        for (SimpleDateFormat parser : UTC_PARSERS) {
+            try {
+                return parser.parse(dateString);
+            } catch (ParseException e) {
+                // Try next parser
+            }
+        }
+        return null;
+    }
+
+    /**
+     * Format a date as ISO-8601 UTC timestamp.
+     *
+     * @param date date
+     * @return timestamp string
+     */
+    public static String formatUTCDate(Date date) {
+        return UTC_FORMATTER.format(date);
+    }
+}
diff --git a/sop-java/src/main/java/sop/util/package-info.java b/sop-java/src/main/java/sop/util/package-info.java
new file mode 100644
index 0000000..3dd9fc1
--- /dev/null
+++ b/sop-java/src/main/java/sop/util/package-info.java
@@ -0,0 +1,8 @@
+// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+/**
+ * Utility classes.
+ */
+package sop.util;
diff --git a/sop-java/src/test/java/sop/util/ByteArrayAndResultTest.java b/sop-java/src/test/java/sop/util/ByteArrayAndResultTest.java
new file mode 100644
index 0000000..8ae1859
--- /dev/null
+++ b/sop-java/src/test/java/sop/util/ByteArrayAndResultTest.java
@@ -0,0 +1,33 @@
+// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package sop.util;
+
+import static org.junit.jupiter.api.Assertions.assertArrayEquals;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+
+import java.nio.charset.StandardCharsets;
+import java.util.Collections;
+import java.util.List;
+
+import org.junit.jupiter.api.Test;
+import sop.ByteArrayAndResult;
+import sop.Verification;
+
+public class ByteArrayAndResultTest {
+
+    @Test
+    public void testCreationAndGetters() {
+        byte[] bytes = "Hello, World!\n".getBytes(StandardCharsets.UTF_8);
+        List<Verification> result = Collections.singletonList(
+                new Verification(UTCUtil.parseUTCDate("2019-10-24T23:48:29Z"),
+                        "C90E6D36200A1B922A1509E77618196529AE5FF8",
+                        "C4BC2DDB38CCE96485EBE9C2F20691179038E5C6")
+        );
+        ByteArrayAndResult<List<Verification>> bytesAndResult = new ByteArrayAndResult<>(bytes, result);
+
+        assertArrayEquals(bytes, bytesAndResult.getBytes());
+        assertEquals(result, bytesAndResult.getResult());
+    }
+}
diff --git a/sop-java/src/test/java/sop/util/HexUtilTest.java b/sop-java/src/test/java/sop/util/HexUtilTest.java
new file mode 100644
index 0000000..54fc21d
--- /dev/null
+++ b/sop-java/src/test/java/sop/util/HexUtilTest.java
@@ -0,0 +1,63 @@
+// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package sop.util;
+
+import static org.junit.jupiter.api.Assertions.assertArrayEquals;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+
+import java.nio.charset.Charset;
+
+import org.junit.jupiter.api.Test;
+
+/**
+ * Test using some test vectors from RFC4648.
+ *
+ * @see <a href="https://datatracker.ietf.org/doc/html/rfc4648#section-10">RFC-4648 §10: Test Vectors</a>
+ */
+public class HexUtilTest {
+
+    @SuppressWarnings("CharsetObjectCanBeUsed")
+    private static final Charset ASCII = Charset.forName("US-ASCII");
+
+    @Test
+    public void emptyHexEncodeTest() {
+        assertHexEquals("", "");
+    }
+
+    @Test
+    public void encodeF() {
+        assertHexEquals("66", "f");
+    }
+
+    @Test
+    public void encodeFo() {
+        assertHexEquals("666F", "fo");
+    }
+
+    @Test
+    public void encodeFoo() {
+        assertHexEquals("666F6F", "foo");
+    }
+
+    @Test
+    public void encodeFoob() {
+        assertHexEquals("666F6F62", "foob");
+    }
+
+    @Test
+    public void encodeFooba() {
+        assertHexEquals("666F6F6261", "fooba");
+    }
+
+    @Test
+    public void encodeFoobar() {
+        assertHexEquals("666F6F626172", "foobar");
+    }
+
+    private void assertHexEquals(String hex, String ascii) {
+        assertEquals(hex, HexUtil.bytesToHex(ascii.getBytes(ASCII)));
+        assertArrayEquals(ascii.getBytes(ASCII), HexUtil.hexToBytes(hex));
+    }
+}
diff --git a/sop-java/src/test/java/sop/util/MicAlgTest.java b/sop-java/src/test/java/sop/util/MicAlgTest.java
new file mode 100644
index 0000000..f720c85
--- /dev/null
+++ b/sop-java/src/test/java/sop/util/MicAlgTest.java
@@ -0,0 +1,53 @@
+// SPDX-FileCopyrightText: 2022 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package sop.util;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import org.junit.jupiter.api.Test;
+import sop.MicAlg;
+
+public class MicAlgTest {
+
+    @Test
+    public void constructorNullArgThrows() {
+        assertThrows(IllegalArgumentException.class, () -> new MicAlg(null));
+    }
+
+    @Test
+    public void emptyMicAlgIsEmptyString() {
+        MicAlg empty = MicAlg.empty();
+        assertNotNull(empty.getMicAlg());
+        assertTrue(empty.getMicAlg().isEmpty());
+    }
+
+    @Test
+    public void fromInvalidAlgorithmIdThrows() {
+        assertThrows(IllegalArgumentException.class, () -> MicAlg.fromHashAlgorithmId(-1));
+    }
+
+    @Test
+    public void fromHashAlgorithmIdsKnownAlgsMatch() {
+        Map<Integer, String> knownAlgorithmMicalgs = new HashMap<>();
+        knownAlgorithmMicalgs.put(1, "pgp-md5");
+        knownAlgorithmMicalgs.put(2, "pgp-sha1");
+        knownAlgorithmMicalgs.put(3, "pgp-ripemd160");
+        knownAlgorithmMicalgs.put(8, "pgp-sha256");
+        knownAlgorithmMicalgs.put(9, "pgp-sha384");
+        knownAlgorithmMicalgs.put(10, "pgp-sha512");
+        knownAlgorithmMicalgs.put(11, "pgp-sha224");
+
+        for (Integer id : knownAlgorithmMicalgs.keySet()) {
+            MicAlg micAlg = MicAlg.fromHashAlgorithmId(id);
+            assertEquals(knownAlgorithmMicalgs.get(id), micAlg.getMicAlg());
+        }
+    }
+}
diff --git a/sop-java/src/test/java/sop/util/OptionalTest.java b/sop-java/src/test/java/sop/util/OptionalTest.java
new file mode 100644
index 0000000..45900b7
--- /dev/null
+++ b/sop-java/src/test/java/sop/util/OptionalTest.java
@@ -0,0 +1,78 @@
+// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package sop.util;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertNull;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+import org.junit.jupiter.api.Test;
+
+public class OptionalTest {
+
+    @Test
+    public void testEmpty() {
+        Optional<String> optional = new Optional<>();
+        assertEmpty(optional);
+    }
+
+    @Test
+    public void testArg() {
+        String string = "foo";
+        Optional<String> optional = new Optional<>(string);
+        assertFalse(optional.isEmpty());
+        assertTrue(optional.isPresent());
+        assertEquals(string, optional.get());
+    }
+
+    @Test
+    public void testOfEmpty() {
+        Optional<String> optional = Optional.ofEmpty();
+        assertEmpty(optional);
+    }
+
+    @Test
+    public void testNullArg() {
+        Optional<String> optional = new Optional<>(null);
+        assertEmpty(optional);
+    }
+
+    @Test
+    public void testOfWithNullArgThrows() {
+        assertThrows(NullPointerException.class, () -> Optional.of(null));
+    }
+
+    @Test
+    public void testOf() {
+        String string = "Hello, World!";
+        Optional<String> optional = Optional.of(string);
+        assertFalse(optional.isEmpty());
+        assertTrue(optional.isPresent());
+        assertEquals(string, optional.get());
+    }
+
+    @Test
+    public void testOfNullableWithNull() {
+        Optional<String> optional = Optional.ofNullable(null);
+        assertEmpty(optional);
+    }
+
+    @Test
+    public void testOfNullableWithArg() {
+        Optional<String> optional = Optional.ofNullable("bar");
+        assertEquals("bar", optional.get());
+        assertFalse(optional.isEmpty());
+        assertTrue(optional.isPresent());
+    }
+
+    private <T> void assertEmpty(Optional<T> optional) {
+        assertTrue(optional.isEmpty());
+        assertFalse(optional.isPresent());
+
+        assertNull(optional.get());
+    }
+}
diff --git a/sop-java/src/test/java/sop/util/ProxyOutputStreamTest.java b/sop-java/src/test/java/sop/util/ProxyOutputStreamTest.java
new file mode 100644
index 0000000..9d99fd4
--- /dev/null
+++ b/sop-java/src/test/java/sop/util/ProxyOutputStreamTest.java
@@ -0,0 +1,40 @@
+// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package sop.util;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.nio.charset.StandardCharsets;
+
+import org.junit.jupiter.api.Test;
+
+public class ProxyOutputStreamTest {
+
+    @Test
+    public void replaceOutputStreamThrowsNPEForNull() {
+        ProxyOutputStream proxy = new ProxyOutputStream();
+        assertThrows(NullPointerException.class, () -> proxy.replaceOutputStream(null));
+    }
+
+    @Test
+    public void testSwappingStreamPreservesWrittenBytes() throws IOException {
+        byte[] firstSection = "Foo\nBar\n".getBytes(StandardCharsets.UTF_8);
+        byte[] secondSection = "Baz\n".getBytes(StandardCharsets.UTF_8);
+
+        ProxyOutputStream proxy = new ProxyOutputStream();
+        proxy.write(firstSection);
+
+        ByteArrayOutputStream swappedStream = new ByteArrayOutputStream();
+        proxy.replaceOutputStream(swappedStream);
+
+        proxy.write(secondSection);
+        proxy.close();
+
+        assertEquals("Foo\nBar\nBaz\n", swappedStream.toString());
+    }
+}
diff --git a/sop-java/src/test/java/sop/util/ReadyTest.java b/sop-java/src/test/java/sop/util/ReadyTest.java
new file mode 100644
index 0000000..07fa090
--- /dev/null
+++ b/sop-java/src/test/java/sop/util/ReadyTest.java
@@ -0,0 +1,30 @@
+// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package sop.util;
+
+import static org.junit.jupiter.api.Assertions.assertArrayEquals;
+
+import java.io.IOException;
+import java.io.OutputStream;
+import java.nio.charset.StandardCharsets;
+
+import org.junit.jupiter.api.Test;
+import sop.Ready;
+
+public class ReadyTest {
+
+    @Test
+    public void readyTest() throws IOException {
+        byte[] data = "Hello, World!\n".getBytes(StandardCharsets.UTF_8);
+        Ready ready = new Ready() {
+            @Override
+            public void writeTo(OutputStream outputStream) throws IOException {
+                outputStream.write(data);
+            }
+        };
+
+        assertArrayEquals(data, ready.getBytes());
+    }
+}
diff --git a/sop-java/src/test/java/sop/util/ReadyWithResultTest.java b/sop-java/src/test/java/sop/util/ReadyWithResultTest.java
new file mode 100644
index 0000000..97841fa
--- /dev/null
+++ b/sop-java/src/test/java/sop/util/ReadyWithResultTest.java
@@ -0,0 +1,44 @@
+// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package sop.util;
+
+import static org.junit.jupiter.api.Assertions.assertArrayEquals;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+
+import java.io.IOException;
+import java.io.OutputStream;
+import java.nio.charset.StandardCharsets;
+import java.util.Collections;
+import java.util.List;
+
+import org.junit.jupiter.api.Test;
+import sop.ByteArrayAndResult;
+import sop.ReadyWithResult;
+import sop.Verification;
+import sop.exception.SOPGPException;
+
+public class ReadyWithResultTest {
+
+    @Test
+    public void testReadyWithResult() throws SOPGPException.NoSignature, IOException {
+        byte[] data = "Hello, World!\n".getBytes(StandardCharsets.UTF_8);
+        List<Verification> result = Collections.singletonList(
+                new Verification(UTCUtil.parseUTCDate("2019-10-24T23:48:29Z"),
+                        "C90E6D36200A1B922A1509E77618196529AE5FF8",
+                        "C4BC2DDB38CCE96485EBE9C2F20691179038E5C6")
+        );
+        ReadyWithResult<List<Verification>> readyWithResult = new ReadyWithResult<List<Verification>>() {
+            @Override
+            public List<Verification> writeTo(OutputStream outputStream) throws IOException, SOPGPException.NoSignature {
+                outputStream.write(data);
+                return result;
+            }
+        };
+
+        ByteArrayAndResult<List<Verification>> bytesAndResult = readyWithResult.toByteArrayAndResult();
+        assertArrayEquals(data, bytesAndResult.getBytes());
+        assertEquals(result, bytesAndResult.getResult());
+    }
+}
diff --git a/sop-java/src/test/java/sop/util/SessionKeyTest.java b/sop-java/src/test/java/sop/util/SessionKeyTest.java
new file mode 100644
index 0000000..2891d0d
--- /dev/null
+++ b/sop-java/src/test/java/sop/util/SessionKeyTest.java
@@ -0,0 +1,61 @@
+// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package sop.util;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertNotEquals;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+
+import org.junit.jupiter.api.Test;
+import sop.SessionKey;
+
+public class SessionKeyTest {
+
+    @Test
+    public void fromStringTest() {
+        String string = "9:FCA4BEAF687F48059CACC14FB019125CD57392BAB7037C707835925CBF9F7BCD";
+        SessionKey sessionKey = SessionKey.fromString(string);
+        assertEquals(string, sessionKey.toString());
+    }
+
+    @Test
+    public void toStringTest() {
+        SessionKey sessionKey = new SessionKey((byte) 9, HexUtil.hexToBytes("FCA4BEAF687F48059CACC14FB019125CD57392BAB7037C707835925CBF9F7BCD"));
+        assertEquals("9:FCA4BEAF687F48059CACC14FB019125CD57392BAB7037C707835925CBF9F7BCD", sessionKey.toString());
+    }
+
+    @Test
+    public void equalsTest() {
+        SessionKey s1 = new SessionKey((byte) 9, HexUtil.hexToBytes("FCA4BEAF687F48059CACC14FB019125CD57392BAB7037C707835925CBF9F7BCD"));
+        SessionKey s2 = new SessionKey((byte) 9, HexUtil.hexToBytes("FCA4BEAF687F48059CACC14FB019125CD57392BAB7037C707835925CBF9F7BCD"));
+        SessionKey s3 = new SessionKey((byte) 4, HexUtil.hexToBytes("FCA4BEAF687F48059CACC14FB019125CD57392BAB7037C707835925CBF9F7BCD"));
+        SessionKey s4 = new SessionKey((byte) 9, HexUtil.hexToBytes("19125CD57392BAB7037C7078359FCA4BEAF687F4025CBF9F7BCD8059CACC14FB"));
+        SessionKey s5 = new SessionKey((byte) 4, HexUtil.hexToBytes("19125CD57392BAB7037C7078359FCA4BEAF687F4025CBF9F7BCD8059CACC14FB"));
+
+        assertEquals(s1, s1);
+        assertEquals(s1, s2);
+        assertEquals(s1.hashCode(), s2.hashCode());
+        assertNotEquals(s1, s3);
+        assertNotEquals(s1.hashCode(), s3.hashCode());
+        assertNotEquals(s1, s4);
+        assertNotEquals(s1.hashCode(), s4.hashCode());
+        assertNotEquals(s4, s5);
+        assertNotEquals(s4.hashCode(), s5.hashCode());
+        assertNotEquals(s1, null);
+        assertNotEquals(s1, "FCA4BEAF687F48059CACC14FB019125CD57392BAB7037C707835925CBF9F7BCD");
+    }
+
+    @Test
+    public void fromString_missingAlgorithmIdThrows() {
+        String missingAlgorithId = "FCA4BEAF687F48059CACC14FB019125CD57392BAB7037C707835925CBF9F7BCD";
+        assertThrows(IllegalArgumentException.class, () -> SessionKey.fromString(missingAlgorithId));
+    }
+
+    @Test
+    public void fromString_wrongDivider() {
+        String semicolonDivider = "9;FCA4BEAF687F48059CACC14FB019125CD57392BAB7037C707835925CBF9F7BCD";
+        assertThrows(IllegalArgumentException.class, () -> SessionKey.fromString(semicolonDivider));
+    }
+}
diff --git a/sop-java/src/test/java/sop/util/SigningResultTest.java b/sop-java/src/test/java/sop/util/SigningResultTest.java
new file mode 100644
index 0000000..0d35cdc
--- /dev/null
+++ b/sop-java/src/test/java/sop/util/SigningResultTest.java
@@ -0,0 +1,23 @@
+// SPDX-FileCopyrightText: 2022 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package sop.util;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+
+import org.junit.jupiter.api.Test;
+import sop.MicAlg;
+import sop.SigningResult;
+
+public class SigningResultTest {
+
+    @Test
+    public void basicBuilderTest() {
+        SigningResult result = SigningResult.builder()
+                .setMicAlg(MicAlg.fromHashAlgorithmId(10))
+                .build();
+
+        assertEquals("pgp-sha512", result.getMicAlg().getMicAlg());
+    }
+}
diff --git a/sop-java/src/test/java/sop/util/UTCUtilTest.java b/sop-java/src/test/java/sop/util/UTCUtilTest.java
new file mode 100644
index 0000000..18de817
--- /dev/null
+++ b/sop-java/src/test/java/sop/util/UTCUtilTest.java
@@ -0,0 +1,48 @@
+// SPDX-FileCopyrightText: 2021 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package sop.util;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertNull;
+
+import java.util.Date;
+
+import org.junit.jupiter.api.Test;
+
+/**
+ * Test parsing some date examples from the stateless OpenPGP CLI spec.
+ *
+ * @see <a href="https://datatracker.ietf.org/doc/html/draft-dkg-openpgp-stateless-cli-01#section-4.1">OpenPGP Stateless CLI §4.1. Date</a>
+ */
+public class UTCUtilTest {
+
+    @Test
+    public void parseExample1() {
+        String timestamp = "2019-10-29T12:11:04+00:00";
+        Date date = UTCUtil.parseUTCDate(timestamp);
+        assertEquals("2019-10-29T12:11:04Z", UTCUtil.formatUTCDate(date));
+    }
+
+    @Test
+    public void parseExample2() {
+        String timestamp = "2019-10-24T23:48:29Z";
+        Date date = UTCUtil.parseUTCDate(timestamp);
+        assertEquals("2019-10-24T23:48:29Z", UTCUtil.formatUTCDate(date));
+    }
+
+    @Test
+    public void parseExample3() {
+        String timestamp = "20191029T121104Z";
+        Date date = UTCUtil.parseUTCDate(timestamp);
+        assertEquals("2019-10-29T12:11:04Z", UTCUtil.formatUTCDate(date));
+    }
+
+    @Test
+    public void invalidDateReturnsNull() {
+        String invalidTimestamp = "foobar";
+        Date expectNull = UTCUtil.parseUTCDate(invalidTimestamp);
+        assertNull(expectNull);
+    }
+}
diff --git a/version.gradle b/version.gradle
new file mode 100644
index 0000000..2d93546
--- /dev/null
+++ b/version.gradle
@@ -0,0 +1,12 @@
+// SPDX-FileCopyrightText: 2021 Paul Schaub <info@pgpainless.org>
+//
+// SPDX-License-Identifier: CC0-1.0
+
+allprojects {
+    ext {
+        shortVersion = '1.0.1'
+        isSnapshot = true
+        minAndroidSdk = 10
+        javaSourceCompatibility = 1.8
+    }
+}