optional k8s.io.apimachinery.pkg.apis.meta.v1.Time expirationTimestamp = 2;
}

// TokenReview attempts to authenticate a token to a known user.
// Note: TokenReview requests may be cached by the webhook token authenticator
// plugin in the kube-apiserver.
message TokenReview {
  // Standard object's metadata.
  // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
  // +optional

      }

    /**
     * Sets the authenticator used to respond to challenges from origin servers. Use
     * [proxyAuthenticator] to set the authenticator for proxy servers.
     *
     * If unset, the [no authentication will be attempted][Authenticator.NONE].
     */
    fun authenticator(authenticator: Authenticator) =
      apply {
        this.authenticator = authenticator
      }

}

public abstract interface class okhttp3/Authenticator {
	public static final field Companion Lokhttp3/Authenticator$Companion;
	public static final field JAVA_NET_AUTHENTICATOR Lokhttp3/Authenticator;
	public static final field NONE Lokhttp3/Authenticator;
	public abstract fun authenticate (Lokhttp3/Route;Lokhttp3/Response;)Lokhttp3/Request;
}

public final class okhttp3/Authenticator$Companion {
}

    val hostnameVerifier: HostnameVerifier? = address.hostnameVerifier
    val certificatePinner: CertificatePinner? = address.certificatePinner
  }

  @Test
  fun authenticator() {
    var authenticator: Authenticator = Authenticator { route, response -> TODO() }
  }

  @Test
  fun cache() {
    val cache = Cache(File("/cache/"), Integer.MAX_VALUE.toLong())
    cache.initialize()
    cache.delete()

  // +optional
  optional k8s.io.api.authentication.v1.UserInfo userInfo = 1;
}

// TokenReview attempts to authenticate a token to a known user.
// Note: TokenReview requests may be cached by the webhook token authenticator
// plugin in the kube-apiserver.
message TokenReview {
  // Standard object's metadata.
  // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
  // +optional

        .authenticator(authenticator)
        .build()
    executeSynchronously("/")
      .assertCode(401)
    assertThat(authenticator.onlyRoute()).isNotNull()
  }

  @Test
  fun delete() {
    server.enqueue(MockResponse(body = "abc"))
    val request =
      Request.Builder()
        .url(server.url("/"))
        .delete()
        .build()
    executeSynchronously(request)

  var taskRunner: TaskRunner = taskFaker.taskRunner
  var dns: Dns = Dns.SYSTEM
  var proxy: Proxy = Proxy.NO_PROXY
  var proxySelector: ProxySelector = RecordingProxySelector()
  var proxyAuthenticator: Authenticator = RecordingOkAuthenticator("password", null)
  var connectionSpecs: List<ConnectionSpec> =
    listOf(
      ConnectionSpec.MODERN_TLS,
      ConnectionSpec.COMPATIBLE_TLS,
      ConnectionSpec.CLEARTEXT,
    )

      }
    }
    ```

 *  New: `MediaType.parameter()` gets a parameter like `boundary` from a media type like
    `multipart/mixed; boundary="abc"`.

 *  New: `Authenticator.JAVA_NET_AUTHENTICATOR` forwards authentication requests to
    `java.net.Authenticator`. This obsoletes `JavaNetAuthenticator` in the `okhttp-urlconnection`
    module.

 *  New: `CertificatePinner` now offers an API for inspecting the configured pins.

	claims.SetExpiry(UTCNow().Add(defaultJWTExpiry))
	claims.SetAccessKey(accessKey)
	token := jwtgo.NewWithClaims(jwtgo.SigningMethodHS512, claims)
	return token.SignedString([]byte(secretKey))
}

// Tests web request authenticator.
func TestWebRequestAuthenticate(t *testing.T) {
	ctx, cancel := context.WithCancel(context.Background())
	defer cancel()

	obj, fsDir, err := prepareFS(ctx)
	if err != nil {
		t.Fatal(err)
	}

   * This avoids sending potentially sensitive data like HTTP cookies to the proxy unencrypted.
   *
   * In order to support preemptive authentication we pass a fake "Auth Failed" response to the
   * authenticator. This gives the authenticator the option to customize the CONNECT request. It can
   * decline to do so by returning null, in which case OkHttp will use it as-is.
   */
  @Throws(IOException::class)