authenticator: &dummyAuthenticator{response: &authenticator.Response{}, ok: true},
			expectedValue: `
        # HELP apiserver_authentication_jwt_authenticator_latency_seconds [ALPHA] Latency of jwt authentication operations in seconds. This is the time spent authenticating a token for cache miss only (i.e. when the token is not found in the cache).
        # TYPE apiserver_authentication_jwt_authenticator_latency_seconds histogram

	IssuedCredentialIDAuditAnnotationKey = "authentication.kubernetes.io/issued-credential-id"
	// PodNameKey is the key used in a user's "extra" to specify the pod name of
	// the authenticating request.
	PodNameKey = "authentication.kubernetes.io/pod-name"
	// PodUIDKey is the key used in a user's "extra" to specify the pod UID of
	// the authenticating request.
	PodUIDKey = "authentication.kubernetes.io/pod-uid"

          ): Request? {
            if (response.request.header("Authorization") != null) {
              return null // Give up, we've already attempted to authenticate.
            }

            println("Authenticating for response: $response")
            println("Challenges: ${response.challenges()}")
            val credential = Credentials.basic("jesse", "password1")
            return response.request.newBuilder()

			Subsystem:      subsystem,
			Name:           "jwt_authenticator_latency_seconds",
			Help:           "Latency of jwt authentication operations in seconds. This is the time spent authenticating a token for cache miss only (i.e. when the token is not found in the cache).",
			StabilityLevel: metrics.ALPHA,
			// default histogram buckets with a 1ms starting point
			Buckets: []float64{.001, .005, .01, .025, .05, .1, .25, .5, 1, 2.5, 5, 10},
		},

	trustedGatewayCIDR = env.Register(
		"TRUSTED_GATEWAY_CIDR",
		"",
		"If set, any connections from gateway to Istiod with this CIDR range are treated as trusted for using authentication mechanisms like XFCC."+
			" This can only be used when the network where Istiod and the authenticating gateways are running in a trusted/secure network",
	)

	TrustedGatewayCIDR = func() []string {
		cidr := trustedGatewayCIDR.Get()

 *
 * ### Server Authentication
 *
 * This is the most common form of TLS authentication: clients verify that servers are trusted and
 * that they own the hostnames that they represent. Server authentication is required.
 *
 * To perform server authentication:
 *
 *  * The server's handshake certificates must have a [held certificate][HeldCertificate] (a

import org.apache.http.auth.AuthScheme;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.Credentials;

/**
 *
 *
 * @author shinsuke
 *
 */
public interface Authentication {

    AuthScope getAuthScope();

    Credentials getCredentials();

    AuthScheme getAuthScheme();

apiVersion: authentication.k8s.io/v1
kind: TokenRequest
metadata:
  annotations:
    annotationsKey: annotationsValue
  creationTimestamp: "2008-01-01T01:01:01Z"
  deletionGracePeriodSeconds: 10
  deletionTimestamp: "2009-01-01T01:01:01Z"
  finalizers:
  - finalizersValue
  generateName: generateNameValue
  generation: 7
  labels:
    labelsKey: labelsValue
  managedFields:
  - apiVersion: apiVersionValue
    fieldsType: fieldsTypeValue

{
  "kind": "TokenReview",
  "apiVersion": "authentication.k8s.io/v1",
  "metadata": {
    "name": "nameValue",
    "generateName": "generateNameValue",
    "namespace": "namespaceValue",
    "selfLink": "selfLinkValue",
    "uid": "uidValue",
    "resourceVersion": "resourceVersionValue",
    "generation": 7,
    "creationTimestamp": "2008-01-01T01:01:01Z",
    "deletionTimestamp": "2009-01-01T01:01:01Z",
    "deletionGracePeriodSeconds": 10,

{
  "kind": "SelfSubjectReview",
  "apiVersion": "authentication.k8s.io/v1",
  "metadata": {
    "name": "nameValue",
    "generateName": "generateNameValue",
    "namespace": "namespaceValue",
    "selfLink": "selfLinkValue",
    "uid": "uidValue",
    "resourceVersion": "resourceVersionValue",
    "generation": 7,
    "creationTimestamp": "2008-01-01T01:01:01Z",
    "deletionTimestamp": "2009-01-01T01:01:01Z",