func ParsePublicCertFile(certFile string) (x509Certs []*x509.Certificate, err error) {
	// Read certificate file.
	var data []byte
	if data, err = os.ReadFile(certFile); err != nil {
		return nil, err
	}

	// Trimming leading and tailing white spaces.
	data = bytes.TrimSpace(data)

	// Parse all certs in the chain.
	current := data
	for len(current) > 0 {
		var pemBlock *pem.Block

    assertEquals("_", CharMatcher.any().collapseFrom("ab", '_'));
    assertEquals("_", CharMatcher.any().collapseFrom("abcd", '_'));
  }

  public void testTrimFrom() {
    // trimming -
    doTestTrimFrom("-", "");
    doTestTrimFrom("x-", "x");
    doTestTrimFrom("-x", "x");
    doTestTrimFrom("--", "");
    doTestTrimFrom("x--", "x");
    doTestTrimFrom("--x", "x");

    //
    // 9) Execute AbstractLifecycleParticipant.afterProjectsRead(session)
    //
    // 10) Create ProjectDependencyGraph without trimming (as trimming was done in 7). A new topological sort is
    // required after the execution of 9) as the AbstractLifecycleParticipants are free to mutate the MavenProject

func (c *muxClient) traceRoundtrip(ctx context.Context, t *tracer, h HandlerID, req []byte) ([]byte, error) {
	if t == nil || t.Publisher.NumSubscribers(t.TraceType) == 0 {
		return c.roundtrip(h, req)
	}

	// Following trimming is needed for consistency between outputs with other internode traces.
	local := strings.TrimPrefix(strings.TrimPrefix(t.Local, httpsScheme), httpScheme)

    assertEquals("_", CharMatcher.any().collapseFrom("ab", '_'));
    assertEquals("_", CharMatcher.any().collapseFrom("abcd", '_'));
  }

  public void testTrimFrom() {
    // trimming -
    doTestTrimFrom("-", "");
    doTestTrimFrom("x-", "x");
    doTestTrimFrom("-x", "x");
    doTestTrimFrom("--", "");
    doTestTrimFrom("x--", "x");
    doTestTrimFrom("--x", "x");

    assertThat(formEncode(255)).isEqualTo("%C3%BF")
  }

  @Throws(IOException::class)
  private fun formEncode(codePoint: Int): String {
    // Wrap the codepoint with regular printable characters to prevent trimming.
    val body =
      FormBody.Builder()
        .add("a", String(intArrayOf('b'.code, codePoint, 'c'.code), 0, 3))
        .build()
    val buffer = Buffer()
    body.writeTo(buffer)

    # Return some error
    ...
```

But by using the `secrets.compare_digest()` it will be secure against a type of attacks called "timing attacks".

### Timing Attacks

But what's a "timing attack"?

Let's imagine some attackers are trying to guess the username and password.

And they send a request with a username `johndoe` and a password `love123`.

    /**
     * Attaches [tag] to the request using [T] as a key. Tags can be read from a request using
     * [Request.tag]. Use null to remove any existing tag assigned for [T].
     *
     * Use this API to attach timing, debugging, or other application data to a request so that
     * you may read it in interceptors, event listeners, or callbacks.
     */
    @JvmName("reifiedTag")

    # Einen Error zurückgeben
    ...
```

Aber durch die Verwendung von `secrets.compare_digest()` ist dieser Code sicher vor einer Art von Angriffen, die „Timing-Angriffe“ genannt werden.

### Timing-Angriffe

Aber was ist ein „Timing-Angriff“?

Stellen wir uns vor, dass einige Angreifer versuchen, den Benutzernamen und das Passwort zu erraten.

import okio.Buffer
import org.junit.jupiter.api.Assumptions.assumeFalse
import org.junit.jupiter.params.ParameterizedTest
import org.junit.jupiter.params.provider.ArgumentsSource

/**
 * Tests for round-tripping headers through hpack.
 *
 * TODO: update hpack-test-case with the output of our encoder.
 * This test will hide complementary bugs in the encoder and decoder,
 * We should test that the encoder is producing responses that are