return restrictions;
    }

    /**
     * @deprecated VersionRange is immutable, cloning is not useful and even more an issue against the cache
     * @return a clone
     */
    @Deprecated
    public VersionRange cloneOf() {
        List<Restriction> copiedRestrictions = null;

        if (restrictions != null) {
            copiedRestrictions = new ArrayList<>();

            orig.refresh();
            // Clone should retain its cached Subject
            assertSame(copySubj, copy.getSubject(), "Clone should retain its cached Subject");
        } else {
            // If JAAS is not configured and getSubject() returns null, verify cloning still works
            assertNull(first, "First call to getSubject() returned null - JAAS not configured");

        Kerb5Authenticator cloned = auth.clone();

        assertNotSame(auth, cloned);
        assertEquals(subj, cloned.getSubject());
        assertEquals("alice", cloned.getUser());
        assertEquals("EXAMPLE.COM", cloned.getRealm());
        assertEquals("cifs", cloned.getService());
        assertEquals(123, cloned.getUserLifeTime());
        assertEquals(456, cloned.getLifeTime());

     */
    protected static void cloneInternal(NtlmPasswordAuthenticator cloned, NtlmPasswordAuthenticator toClone) {
        cloned.domain = toClone.domain;
        cloned.username = toClone.username;
        cloned.password = toClone.password != null ? toClone.password.clone() : null;
        cloned.type = toClone.type;
    }

    /**
     * Returns the domain.
     */
    @Override
    public String getUserDomain() {

        List<ComponentDescriptor<?>> clones = null;
        if (mojos != null) {
            clones = new ArrayList<>(mojos.size());
            for (MojoDescriptor mojo : mojos) {
                MojoDescriptor clone = mojo.clone();
                clone.setPluginDescriptor(pluginDescriptor);
                clones.add(clone);
            }
        }
        return clones;
    }

            when(mockMd5.clone()).thenReturn(clonedMd5);

            HMACT64 clonedHmac = (HMACT64) originalHmac.clone();

            assertNotNull(clonedHmac);
            assertNotSame(originalHmac, clonedHmac);
            verify(mockMd5, times(1)).clone(); // Verify that the internal MD5 was cloned
        }
    }

    @Test
    void testCloneNotSupportedException() throws NoSuchAlgorithmException, CloneNotSupportedException {

        assertEquals(original.getUsername(), cloned.getUsername());
        assertEquals(original.getPassword(), cloned.getPassword());

        // Verify password arrays are independent
        original.secureWipePassword();
        assertNull(original.getPassword());
        assertEquals("ClonePass123!", cloned.getPassword());
    }

    /**
     * Test authentication type guessing with secure password

    @Override
    public MavenSession clone() {
        try {
            MavenSession clone = (MavenSession) super.clone();
            // the default must become the current project of the thread that clones this
            MavenProject current = getCurrentProject();
            // we replace the thread local of the clone to prevent write through and enforce the new default value

	pubKeys          publicKeys
	roleArnPolicyMap map[arn.ARN]string

	transport   http.RoundTripper
	closeRespFn func(io.ReadCloser)
}

// Clone returns a cloned copy of OpenID config.
func (r *Config) Clone() Config {
	if r == nil {
		return Config{}
	}
	cfg := Config{
		Enabled:            r.Enabled,
		arnProviderCfgsMap: make(map[arn.ARN]*providerCfg, len(r.arnProviderCfgsMap)),

		{
			name:    "happy path no errors",
			fv:      defaultFormVals.Clone(),
			wantErr: "",
		},
		{
			name:    "expired policy document",
			fv:      defaultFormVals.Clone(),
			expired: true,
			wantErr: "Invalid according to Policy: Policy expired",
		},
		{
			name:    "different AMZ date",
			fv:      defaultFormVals.Clone().Set(xhttp.AmzDate, "2017T000000Z"),
			wantErr: policyCondFailedErr,
		},