fun signersMustHaveCaBitSet() {
    val attackerCa =
      HeldCertificate
        .Builder()
        .serialNumber(1L)
        .certificateAuthority(4)
        .commonName("attacker ca")
        .build()
    val attackerIntermediate =
      HeldCertificate
        .Builder()
        .serialNumber(2L)
        .certificateAuthority(3)
        .commonName("attacker")
        .signedBy(attackerCa)

  /** Returns the tag attached with [T] as a key, or null if no tag is attached with that key. */
  @JvmName("reifiedTag")
  inline fun <reified T : Any> tag(): T? = tag(T::class)

  /** Returns the tag attached with [type] as a key, or null if no tag is attached with that key. */
  fun <T : Any> tag(type: KClass<T>): T? = type.java.cast(tags[type])

  /**

import jcifs.internal.smb2.nego.PreauthIntegrityNegotiateContext;

/**
 * Enhanced Pre-Authentication Integrity Service for SMB 3.1.1.
 *
 * Provides comprehensive pre-authentication integrity protection against
 * downgrade attacks by maintaining cryptographic hash chains of all
 * negotiation and session setup messages.
 */
public class PreauthIntegrityService {

  /**
   * Returns the tag attached with [type] as a key, or null if no tag is attached with that key.
   *
   * The tags on a call are seeded from the [request tags][Request.tag]. This set will grow if new
   * tags are computed.
   */
  fun <T : Any> tag(type: KClass<T>): T?

  /**
   * Returns the tag attached with [type] as a key, or null if no tag is attached with that key.
   *

        NameTrackingTransformer tracker = new NameTrackingTransformer();
        ResponseData responseData = new ResponseData();

        // Transform with different names
        tracker.setName("name1");
        tracker.transform(responseData);

        tracker.setName("name2");
        tracker.transform(responseData);

        tracker.setName("name3");
        tracker.transform(responseData);

   *       directExecutor}, the listener can execute in any of three possible threads:
   *       <ol>
   *         <li>When a thread attaches a listener to a {@code ListenableFuture} that's already
   *             complete, the listener runs immediately in that thread.
   *         <li>When a thread attaches a listener to a {@code ListenableFuture} that's
   *             incomplete and the {@code ListenableFuture} later completes normally, the

     * @return session instance with the given type
     */
    <T extends SmbSession> T unwrap(Class<T> type);

    /**
     * Returns the CIFS context that this session is attached to.
     *
     * @return the context this session is attached to
     */
    CIFSContext getContext();

 *
 * ```java
 * String attack = "http://example.com/static/images/../../../../../etc/passwd";
 * System.out.println(new URL(attack).getPath());
 * System.out.println(new URI(attack).getPath());
 * System.out.println(HttpUrl.parse(attack).encodedPath());
 * ```
 *
 * By canonicalizing the input paths, they are complicit in directory traversal attacks. Code that
 * checks only the path prefix may suffer!
 *

 */
public interface SmbTransport extends AutoCloseable {

    /**
     * Gets the CIFS context associated with this transport.
     *
     * @return the context this transport is attached to
     */
    CIFSContext getContext();

    /**
     * Unwraps the transport to the specified type.
     *
     * @param <T> the type to unwrap to
     * @param type the class of the transport type to unwrap

            "Not enough storage is available to process this command.", "The media is write protected.", "The device is not ready.",
            "A device attached to the system is not functioning.", "A device attached to the system is not functioning.",
            "The process cannot access the file because it is being used by another process.",