class CertificateChainCleanerTest {
  @Test
  fun equalsFromCertificate() {
    val rootA =
      HeldCertificate.Builder()
        .serialNumber(1L)
        .build()
    val rootB =
      HeldCertificate.Builder()
        .serialNumber(2L)
        .build()
    assertThat(get(rootB.certificate, rootA.certificate))
      .isEqualTo(get(rootA.certificate, rootB.certificate))
  }

  @Test
  fun equalsFromTrustManager() {

    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-go@v5
        with:
          go-version: ${{ matrix.go-version }}
          check-latest: true
      - name: Start root lockdown tests
        run: |

if [ $? -ne 0 ]; then
	echo "listing failed, 'minioadmin' should be enabled"
	exit 1
fi

killall -9 minio

rm -rf /tmp/multisitea/
rm -rf /tmp/multisiteb/

echo "Setup site-replication and then disable root credentials"

minio server --address 127.0.0.1:9001 "http://127.0.0.1:9001/tmp/multisitea/data/disterasure/xl{1...4}" \
	"http://127.0.0.1:9002/tmp/multisitea/data/disterasure/xl{5...8}" >/tmp/sitea_1.log 2>&1 &

	# /tmp/xxx/mnt/disk4 will be the same as '/' and it
	# will be detected as root disk
	while [ "$u" != "0" ]; do
		sudo umount ${WORK_DIR}/mnt/disk4/
		u=$?
		sleep 1
	done

	# Wait until MinIO self heal kicks in
	sleep 60

	if [ -f ${WORK_DIR}/mnt/disk4/.minio.sys/format.json ]; then
		echo "A root disk is formatted unexpectedely"
		cat "${WORK_DIR}/server4.log"
		exit -1
	fi
}

org.apache.maven.model.root.DefaultRootLocator...

                }

                root = root.toLowerCase();
                /*
                 * domain-based DFS root shares to links for each
                 */
                Map<String, CacheEntry<DfsReferralDataInternal>> roots = domains.get(domain);
                if ( roots != null ) {
                    dr = getLinkReferral(tf, domain, root, path, now, roots);
                }

Guillaume Nodet <******@****.***> 1729859506 +0200

 *    certificates to establish trust from a root certificate to the server's certificate. The root
 *    certificate is not included in this chain.
 *  * The client's handshake certificates must include a set of trusted root certificates. They will
 *    be used to authenticate the server's certificate chain. Typically this is a set of well-known
 *    root certificates that is distributed with the HTTP client or its platform. It may be

starting with its own and including everything up-to but not including the root. We don't need to
include root certificates because the client already has them.

```java
HandshakeCertificates serverHandshakeCertificates = new HandshakeCertificates.Builder()
    .heldCertificate(serverCertificate, intermediateCertificate.certificate())
    .build();
```

The client only needs to know the trusted root certificate. It checks the server's certificate by

        List<String> roots;
        if (nonNull(scope, "scope") == ProjectScope.MAIN) {
            roots = prj.getCompileSourceRoots();
        } else if (scope == ProjectScope.TEST) {
            roots = prj.getTestCompileSourceRoots();
        } else {
            throw new IllegalArgumentException("Unsupported scope " + scope);
        }
        return roots.stream()
                .map(Paths::get)