fun signersMustHaveCaBitSet() {
    val attackerCa =
      HeldCertificate
        .Builder()
        .serialNumber(1L)
        .certificateAuthority(4)
        .commonName("attacker ca")
        .build()
    val attackerIntermediate =
      HeldCertificate
        .Builder()
        .serialNumber(2L)
        .certificateAuthority(3)
        .commonName("attacker")
        .signedBy(attackerCa)

    # Return some error
    ...
```

But by using the `secrets.compare_digest()` it will be secure against a type of attacks called "timing attacks".

### Timing Attacks { #timing-attacks }

But what's a "timing attack"?

Let's imagine some attackers are trying to guess the username and password.

And they send a request with a username `johndoe` and a password `love123`.

  fun headers(name: String): List<String> = headers.values(name)

  /** Returns the tag attached with [T] as a key, or null if no tag is attached with that key. */
  @JvmName("reifiedTag")
  inline fun <reified T : Any> tag(): T? = tag(T::class)

  /** Returns the tag attached with [type] as a key, or null if no tag is attached with that key. */
  fun <T : Any> tag(type: KClass<T>): T? = type.java.cast(tags[type])

  /**

import jcifs.internal.smb2.nego.PreauthIntegrityNegotiateContext;

/**
 * Enhanced Pre-Authentication Integrity Service for SMB 3.1.1.
 *
 * Provides comprehensive pre-authentication integrity protection against
 * downgrade attacks by maintaining cryptographic hash chains of all
 * negotiation and session setup messages.
 */
public class PreauthIntegrityService {

		tracker.resetHealing()
		bugLogIf(ctx, tracker.update(ctx))

		return errRetryHealing
	}

	if tracker.ItemsFailed > 0 {
		healingLogEvent(ctx, "Healing of drive '%s' is incomplete, retried %d times (healed: %d, skipped: %d, failed: %d).", disk,
			tracker.RetryAttempts, tracker.ItemsHealed, tracker.ItemsSkipped, tracker.ItemsFailed)

     * @return session instance with the given type
     */
    <T extends SmbSession> T unwrap(Class<T> type);

    /**
     * Returns the CIFS context that this session is attached to.
     *
     * @return the context this session is attached to
     */
    CIFSContext getContext();

        NameTrackingTransformer tracker = new NameTrackingTransformer();
        ResponseData responseData = new ResponseData();

        // Transform with different names
        tracker.setName("name1");
        tracker.transform(responseData);

        tracker.setName("name2");
        tracker.transform(responseData);

        tracker.setName("name3");
        tracker.transform(responseData);

func diskHealthCheckOK(ctx context.Context, err error) bool {
	// Check if context has a disk health check.
	tracker, ok := ctx.Value(healthDiskCtxKey{}).(*healthDiskCtxValue)
	if !ok {
		// No tracker, return
		return err == nil || errors.Is(err, io.EOF)
	}
	if err == nil || errors.Is(err, io.EOF) {
		tracker.logSuccess()
		return true
	}
	return false
}

func (ahs *allHealState) updateHealStatus(tracker *healingTracker) {
	ahs.Lock()
	defer ahs.Unlock()

	tracker.mu.RLock()
	t := *tracker
	t.QueuedBuckets = append(make([]string, 0, len(tracker.QueuedBuckets)), tracker.QueuedBuckets...)
	t.HealedBuckets = append(make([]string, 0, len(tracker.HealedBuckets)), tracker.HealedBuckets...)
	ahs.healStatus[tracker.ID] = t
	tracker.mu.RUnlock()
}

            "Not enough storage is available to process this command.", "The media is write protected.", "The device is not ready.",
            "A device attached to the system is not functioning.", "A device attached to the system is not functioning.",
            "The process cannot access the file because it is being used by another process.",