}

  /**
   * Returns a hash function implementing the SHA-1 algorithm (160 hash bits).
   *
   * @deprecated If you must interoperate with a system that requires SHA-1, then use this method,
   *     despite its deprecation. But if you can choose your hash function, avoid SHA-1, which is
   *     neither fast nor secure. As of January 2017, we suggest:
   *     <ul>

    // Default configuration
    private static final int DEFAULT_HASH_ALGORITHM = HASH_ALGO_SHA512;
    private static final int SALT_SIZE = 32; // 32 bytes as per SMB 3.1.1 spec
    private static final int HASH_SIZE_SHA512 = 64; // SHA-512 produces 64-byte hashes

    // Session-specific preauth integrity contexts
    private final ConcurrentMap<String, PreauthIntegrityContext> sessionContexts = new ConcurrentHashMap<>();

    // Security configuration

    @JvmStatic
    fun X509Certificate.sha256Hash(): ByteString = publicKey.encoded.toByteString().sha256()

    /**
     * Returns the SHA-256 of `certificate`'s public key.
     *
     * In OkHttp 3.1.2 and earlier, this returned a SHA-1 hash of the public key. Both types are
     * supported, but SHA-256 is preferred.
     */
    @JvmStatic
    fun pin(certificate: Certificate): String {

  verbose " - Running Downloader.java ..."
  "$(native_path "$JAVACMD")" -cp "$(native_path "$TMP_DOWNLOAD_DIR")" Downloader "$distributionUrl" "$(native_path "$targetZip")"
fi

# If specified, validate the SHA-256 sum of the Maven distribution zip file
if [ -n "${distributionSha256Sum-}" ]; then
  distributionSha256Result=false
  if [ "$MVN_CMD" = mvnd.sh ]; then
    echo "Checksum validation is not supported for maven-mvnd." >&2

        // Setup SMB3.1.1 negotiation
        when(negotiateResponse.getSelectedDialect()).thenReturn(DialectVersion.SMB311);
        when(negotiateResponse.getSelectedPreauthHash()).thenReturn(1); // SHA-512
        setPrivateField(transport, "smb2", true);
        setPrivateField(transport, "negotiated", negotiateResponse);

        int threadCount = 10;
        CountDownLatch startLatch = new CountDownLatch(1);

        @DisplayName("calculatePreauthHash computes SHA-512 chain for SMB 3.1.1")
        void preauthHash_happyPath() throws Exception {
            setField(transport, "smb2", true);
            Smb2NegotiateResponse nego = new Smb2NegotiateResponse(cfg);
            setField(nego, "selectedDialect", DialectVersion.SMB311);
            setField(nego, "selectedPreauthHash", 1); // 1 => SHA-512
            setField(transport, "negotiated", nego);

    private static final String[] CHECKSUM_IDS = {"md5", "sha1"};

    /**
     * have to match the CHECKSUM_IDS
     */
    private static final String[] CHECKSUM_ALGORITHMS = {"MD5", "SHA-1"};

    @Inject
    private Logger logger;

    @Inject
    private PlexusContainer container;

    @Inject
    private UpdateCheckManager updateCheckManager;

    @Inject

##########################################################################################
# End of extension
##########################################################################################

# If specified, validate the SHA-256 sum of the Maven wrapper jar file
wrapperSha256Sum=""
while IFS="=" read -r key value; do
  case "$key" in wrapperSha256Sum)
    wrapperSha256Sum=$value
    break
    ;;
  esac

`updatemaxprocs=0` will disable periodic updates.

Go 1.25 disabled SHA-1 signature algorithms in TLS 1.2 according to RFC 9155.
The default can be reverted using the `tlssha1=1` setting.

Go 1.25 switched to SHA-256 to fill in missing SubjectKeyId in
crypto/x509.CreateCertificate. The setting `x509sha256skid=0` reverts to SHA-1.

Go 1.25 corrected the semantics of contention reports for runtime-internal locks,

    private byte[] calculateBindingHash(byte[] bindingInfo) throws IOException {
        try {
            MessageDigest digest = MessageDigest.getInstance("SHA-256");
            return digest.digest(bindingInfo);
        } catch (NoSuchAlgorithmException e) {
            throw new IOException("SHA-256 not available", e);
        }
    }

    private void performHealthCheck() {
        for (ChannelInfo channel : channels.values()) {