* ⬜️ [Moshi](https://github.com/square/moshi): A modern JSON library for Android and Java.
 * [Ok2Curl](https://github.com/mrmike/Ok2Curl): Convert OkHttp requests into curl logs.
 * [OkHttp AWS Signer](https://github.com/babbel/okhttp-aws-signer): AWS V4 signing algorithm for OkHttp requests
 * [okhttp-digest](https://github.com/rburgst/okhttp-digest): A digest authenticator for OkHttp.

- kube-apiserver: `--service-account-max-token-expiration` can now be used in combination with an external token signer `--service-account-signing-endpoint`, as long as the `--service-account-max-token-expiration` is not longer than the external token signer's max expiration. ([#129816](https://github.com/kubernetes/kubernetes/pull/129816), [@sambdavidson](https://github.com/sambdavidson)) [SIG API Machinery and Auth]

- Updated the control plane's trust anchor publisher to create and manage a new ClusterTrustBundle object, associated with the `kubernetes.io/kube-apiserver-serving` X.509 certificate signer. This ClusterTrustBundle contains a PEM bundle in its payload that you can use to verify kube-apiserver serving certificates. ([#127326](https://github.com/kubernetes/kubernetes/pull/127326), [@stlaz](https://github.com/stlaz)) [SIG API Machinery,...

     * deal with the cases where rounding towards 0 is wrong, which typically depends on the sign of
     * p / q.
     *
     * signum is 1 if p and q are both nonnegative or both negative, and -1 otherwise.
     */
    int signum = 1 | (int) ((p ^ q) >> (Long.SIZE - 1));
    boolean increment;
    switch (mode) {
      case UNNECESSARY:

Certificate Authorities
-----------------------

The above example uses a self-signed certificate. This is convenient for testing but not
representative of real-world HTTPS deployment. To get closer to that we can use `HeldCertificate`
to generate a trusted root certificate, an intermediate certificate, and a server certificate.
We use `certificateAuthority(int)` to create certificates that can sign other certificates. The

         * Longer patterns (higher priority length) come first.
         * @param other the other pattern to compare with
         * @return negative if this has higher priority, positive if other has higher priority
         */
        @Override
        public int compareTo(final PathPattern other) {
            // Higher priority length comes first (descending order)

    Interner<MyInt> pool = Interners.newWeakInterner();
    assertSame(canonical, pool.intern(canonical));

    WeakReference<MyInt> signal = new WeakReference<>(canonical);
    canonical = null; // Hint to the JIT that canonical is unreachable

    GcFinalization.awaitClear(signal);
    assertSame(not, pool.intern(not));
  }

  private static final class MyInt {
    private final int i;

    MyInt(int i) {

      assertThat(BloomFilter.optimalNumOfBits(random.nextInt(1 << 16), random.nextDouble()))
          .isAtLeast(0);
    }

    // and some crazy values (this used to be capped to Integer.MAX_VALUE, now it can go bigger
    assertEquals(3327428144502L, BloomFilter.optimalNumOfBits(Integer.MAX_VALUE, Double.MIN_VALUE));
    IllegalArgumentException expected =
        assertThrows(
            IllegalArgumentException.class,

      // recordSslDebug = true
    }

  // https://tools.ietf.org/html/rfc6066#page-6 specifies a FQDN is required.
  val hostname = "local.host"
  private val handshakeCertificates =
    run {
      // Generate a self-signed cert for the server to serve and the client to trust.
      val heldCertificate =
        HeldCertificate
          .Builder()
          .commonName(hostname)
          .addSubjectAlternativeName(hostname)

            urlQueue.setMethod("GET");
            urlQueue.setSessionId(sessionId);
            urlQueue.setUrl("http://www.example.com/page" + i);
            urlQueue.setWeight(i); // Higher number = higher weight
            urlQueueList.add(urlQueue);
        }

        urlQueueService.offerAll(sessionId, urlQueueList);

        // Poll - items should be ordered by weight (descending)