.Builder()
        .serialNumber(1L)
        .certificateAuthority(4)
        .commonName("attacker ca")
        .build()
    val attackerIntermediate =
      HeldCertificate
        .Builder()
        .serialNumber(2L)
        .certificateAuthority(3)
        .commonName("attacker")
        .signedBy(attackerCa)
        .build()
    val pinnedRoot =
      HeldCertificate
        .Builder()

    # Return some error
    ...
```

But by using the `secrets.compare_digest()` it will be secure against a type of attacks called "timing attacks".

### Timing Attacks { #timing-attacks }

But what's a "timing attack"?

Let's imagine some attackers are trying to guess the username and password.

And they send a request with a username `johndoe` and a password `love123`.

import java.util.concurrent.TimeUnit;

import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;

/**
 * Security-focused test cases for NtlmPasswordAuthenticator to verify timing attack resistance.
 */
public class NtlmPasswordAuthenticatorTimingAttackTest {

    private static final int TIMING_ITERATIONS = 1000;

   * saving space.
   */
  @VisibleForTesting static final double MAX_LOAD_FACTOR = 1.2;

  /**
   * Maximum allowed false positive probability of detecting a hash flooding attack given random
   * input.
   */
  @VisibleForTesting static final double HASH_FLOODING_FPP = 0.001;

  /**
   * Maximum allowed length of a hash table bucket before falling back to a j.u.HashMap based

 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 */
package jcifs.smb;

import jcifs.CIFSException;

/**
 * Exception thrown when an SMB protocol downgrade attack is detected.
 * Indicates that the negotiated protocol version is lower than expected or required.
 *
 * @author mbechler
 *
 */
public class SMBProtocolDowngradeException extends CIFSException {

    /**

            context.invalidate();
            if (enforceIntegrity) {
                throw new CIFSException("Preauth integrity validation failed - possible downgrade attack detected");
            }
        }

        return isValid;
    }

    /**
     * Gets the current preauth hash for a session.
     *
     * @param sessionId the session identifier

  /**
   * @throws IllegalArgumentException if another entry in the bucket has the same key
   * @throws BucketOverflowException if this bucket has too many entries, which may indicate a hash
   *     flooding attack
   */
  private static void checkNoConflictInValueBucket(
      Object value, Entry<?, ?> entry, @Nullable ImmutableMapEntry<?, ?> valueBucketHead)
      throws BucketOverflowException {
    int bucketSize = 0;

        .addEqualityGroup(ImmutableSet.of(1, 2, 1), ImmutableSet.of(2, 1, 1))
        .testEquals();
  }

  /**
   * The maximum allowed probability of falsely detecting a hash flooding attack if the input is
   * randomly generated.
   */
  private static final double HASH_FLOODING_FPP = 0.001;

  public void testReuseBuilderReducingHashTableSizeWithPowerOfTwoTotalElements() {

  @VisibleForTesting transient @Nullable Object @Nullable [] elements;

  /**
   * Keeps track of metadata like the number of hash table bits and modifications of this data
   * structure (to make it possible to throw ConcurrentModificationException in the iterator). Note
   * that we choose not to make this volatile, so we do less of a "best effort" to track such
   * errors, for better performance.
   */
  private transient int metadata;

  @VisibleForTesting transient @Nullable Object @Nullable [] values;

  /**
   * Keeps track of metadata like the number of hash table bits and modifications of this data
   * structure (to make it possible to throw ConcurrentModificationException in the iterator). Note
   * that we choose not to make this volatile, so we do less of a "best effort" to track such
   * errors, for better performance.
   *