//
  // +optional
  optional string signerName = 1;

  // trustBundle contains the individual X.509 trust anchors for this
  // bundle, as PEM bundle of PEM-wrapped, DER-formatted X.509 certificates.
  //
  // The data must consist only of PEM certificate blocks that parse as valid
  // X.509 certificates.  Each certificate must include a basic constraints

 * yyaoEufLKVXhrTQhRfodTeigi4RX
 * -----END CERTIFICATE-----
 * ```
 */
fun String.decodeCertificatePem(): X509Certificate {
  try {
    val certificateFactory = CertificateFactory.getInstance("X.509")
    val certificates =
      certificateFactory
        .generateCertificates(
          Buffer().writeUtf8(this).inputStream(),
        )

    return certificates.single() as X509Certificate

    }
  }

  fun toX509Certificate(): X509Certificate {
    val data = CertificateAdapters.certificate.toDer(this)
    try {
      val certificateFactory = CertificateFactory.getInstance("X.509")
      val certificates = certificateFactory.generateCertificates(Buffer().write(data).inputStream())
      return certificates.single() as X509Certificate
    } catch (e: NoSuchElementException) {

            }
            try (final InputStream in = new FileInputStream(authorities)) {
                final Certificate certificate = CertificateFactory.getInstance("X.509").generateCertificate(in);

                final KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                keyStore.load(null, null);
                keyStore.setCertificateEntry("server", certificate);

	"time"

	"github.com/minio/minio/internal/auth"
	"github.com/minio/minio/internal/config"
	"github.com/minio/pkg/v3/env"
)

const (
	// EnvIdentityTLSEnabled is an environment variable that controls whether the X.509
	// TLS STS API is enabled. By default, if not set, it is enabled.
	EnvIdentityTLSEnabled = "MINIO_IDENTITY_TLS_ENABLE"

	// EnvIdentityTLSSkipVerify is an environment variable that controls whether

			return
		}
	}

	// We map the X.509 subject common name to the policy. So, a client
	// with the common name "foo" will be associated with the policy "foo".
	// Other mapping functions - e.g. public-key hash based mapping - are
	// possible but not implemented.
	//
	// Group mapping is not possible with standard X.509 certificates.
	if certificate.Subject.CommonName == "" {

      val length = readInt(source)
      if (length == -1) return emptyList() // OkHttp v1.2 used -1 to indicate null.

      try {
        val certificateFactory = CertificateFactory.getInstance("X.509")
        val result = ArrayList<Certificate>(length)
        for (i in 0 until length) {
          val line = source.readUtf8LineStrict()
          val bytes = Buffer()

        range = VersionRange.createFromVersionSpec("[1.0,1.1-SNAPSHOT]");
        assertTrue(range.containsVersion(new DefaultArtifactVersion("1.1-SNAPSHOT")));

        range = VersionRange.createFromVersionSpec("[5.0.9.0,5.0.10.0)");
        assertTrue(range.containsVersion(new DefaultArtifactVersion("5.0.9.0")));
    }

    @Test
    void testSameUpperAndLowerBoundRoundtrip() throws InvalidVersionSpecificationException {

    assertThat("www.nintendo.co.jp".canParseAsIpAddress()).isFalse()
  }

  private fun certificate(certificate: String): X509Certificate {
    return CertificateFactory.getInstance("X.509")
      .generateCertificate(ByteArrayInputStream(certificate.toByteArray()))
      as X509Certificate
  }

  private fun session(certificate: String): SSLSession = FakeSSLSession(certificate(certificate))

		},
		config.HelpKV{
			Key:         config.IdentityLDAPSubSys,
			Description: "enable LDAP SSO support",
		},
		config.HelpKV{
			Key:         config.IdentityTLSSubSys,
			Description: "enable X.509 TLS certificate SSO support",
		},
		config.HelpKV{
			Key:         config.IdentityPluginSubSys,
			Description: "enable Identity Plugin via external hook",
		},
		config.HelpKV{