.addHeader("Last-Modified: " + formatDate(-1, TimeUnit.HOURS))
        .addHeader("Expires: " + formatDate(1, TimeUnit.HOURS))
        .body("ABC")
        .build(),
    )
    server.enqueue(
      MockResponse
        .Builder()
        .addHeader("Last-Modified: " + formatDate(-5, TimeUnit.MINUTES))
        .addHeader("Expires: " + formatDate(2, TimeUnit.HOURS))
        .body("DEF")
        .build(),
    )

    }

    @Test
    void testConstructorWithNegativeTimezone() {
        // Test constructor with negative timezone offset
        long serverTimeZoneOffset = -7200000L; // -2 hours in milliseconds
        response = new SmbComQueryInformationResponse(mockConfig, serverTimeZoneOffset);

        assertNotNull(response);
        assertEquals(ServerMessageBlock.SMB_COM_QUERY_INFORMATION, getCommand(response));
    }

    @Test

	// Prepare lifecycle expiration workers
	es := newExpiryState(t.Context(), objAPI, 0)
	globalExpiryState = es

	// Prepare object versions
	obj := "obj-1"
	// Simulate objects uploaded 30 hours ago
	modTime := now.Add(-48 * time.Hour)
	uuids := make([]uuid.UUID, 5)
	for i := range uuids {
		uuids[i] = uuid.UUID([16]byte{15: uint8(i + 1)})
	}
	fivs := make([]FileInfo, 5)
	objInfos := make([]ObjectInfo, 5)

        public int elapsedt;
        /**
         * The number of milliseconds from the start of the current second.
         */
        public int msecs;
        /**
         * The current hour (0-23).
         */
        public int hours;
        /**
         * The current minute (0-59).
         */
        public int mins;
        /**
         * The current second (0-59).
         */
        public int secs;

        public int elapsedt;
        /**
         * The number of milliseconds from the start of the current second.
         */
        public int msecs;
        /**
         * The current hour (0-23).
         */
        public int hours;
        /**
         * The current minute (0-59).
         */
        public int mins;
        /**
         * The current second (0-59).
         */
        public int secs;

But doing that, in some minutes or hours the attackers would have guessed the correct username and password, with the "help" of our application, just using the time taken to answer.

#### Fix it with `secrets.compare_digest()` { #fix-it-with-secrets-compare-digest }

    // Configurable key rotation limits with defaults
    private volatile long keyRotationBytesLimit = 1L << 30; // Default: 1GB
    private volatile long keyRotationTimeLimit = 24 * 60 * 60 * 1000L; // Default: 24 hours

    // Rotation metrics
    private final AtomicLong totalKeyRotations = new AtomicLong(0);
    private final AtomicLong lastKeyRotationTime = new AtomicLong(0);

    /**

    private ScheduledFuture<?> cleanupTask;
    private volatile boolean shutdownInProgress = false;

    // Configuration
    private long maxResourceAge = TimeUnit.HOURS.toMillis(1); // 1 hour default
    private long cleanupInterval = TimeUnit.MINUTES.toMillis(5); // 5 minutes default
    private boolean leakDetectionEnabled = true;
    private boolean autoCleanupEnabled = true;

    /**

    private static final long TEST_LAST_ACCESS_TIME = System.currentTimeMillis() - 43200000L; // 12 hours ago
    private static final long TEST_LAST_WRITE_TIME = System.currentTimeMillis() - 3600000L; // 1 hour ago
    private static final long TEST_CHANGE_TIME = System.currentTimeMillis(); // now
    private static final int TEST_ATTRIBUTES = 0x00000020; // FILE_ATTRIBUTE_ARCHIVE

- Temporary credentials are short-term, as the name implies. They can be configured to last for anywhere from a few minutes to several hours. After the credentials expire, MinIO no longer recognizes them or allows any kind of access from API requests made with them.