private static final SecretKey MD5_KEY =
      new SecretKeySpec("secret key".getBytes(UTF_8), "HmacMD5");
  private static final SecretKey SHA1_KEY =
      new SecretKeySpec("secret key".getBytes(UTF_8), "HmacSHA1");
  private static final SecretKey SHA256_KEY =
      new SecretKeySpec("secret key".getBytes(UTF_8), "HmacSHA256");
  private static final SecretKey SHA512_KEY =

     * @param endpoint the S3 endpoint URL (null for AWS default)
     * @param accessKey the AWS access key
     * @param secretKey the AWS secret key
     * @param bucket the bucket name
     * @param region the AWS region
     */
    public S3StorageClient(final String endpoint, final String accessKey, final String secretKey, final String bucket,
            final String region) {
        this.bucket = bucket;

    public static StorageClient createClient(final FessConfig fessConfig) {
        final String endpoint = fessConfig.getStorageEndpoint();
        final String accessKey = fessConfig.getStorageAccessKey();
        final String secretKey = fessConfig.getStorageSecretKey();
        final String bucket = fessConfig.getStorageBucket();

        // Get explicit type or auto-detect
        final String typeStr = fessConfig.getStorageType();

    }
  }

  companion object {
    private lateinit var logger: Logger

    private val SSLSession.masterSecret: SecretKey?
      get() =
        javaClass
          .getDeclaredField("masterSecret")
          .apply {
            isAccessible = true
          }.get(this) as? SecretKey

    val randomRegex = "\"random\"\\s+:\\s+\"([^\"]+)\"".toRegex()

    fun register() {

    // Test with different cipher types
    @Test
    public void test_withBlowfishCipher() {
        // Test with Blowfish cipher
        InvertibleCryptographer blowfish = InvertibleCryptographer.createBlowfishCipher("secretkey");
        FessSecurityResourceProvider provider = new FessSecurityResourceProvider(blowfish, oneWayCryptographer);

        assertNotNull(provider);

- `ftp:.*`, `ftps:.*` → FtpClient
- `storage:.*` → StorageClient, `s3:.*` → S3Client, `gcs:.*` → GcsClient

### Cloud Storage Clients

- **S3Client**: AWS SDK v2, `s3://bucket/path`, properties: `endpoint`, `accessKey`, `secretKey`, `region`
- **GcsClient**: Google Cloud SDK, `gcs://bucket/path`, properties: `projectId`, `credentialsFile`, `endpoint`
- **StorageClient**: MinIO SDK, `storage://bucket/path`

### Services

        value = "password={cipher}5691346cc398a4450114883140fa84a7\nsecretkey=unencrypted";
        result = ParameterUtil.encrypt(value);
        assertTrue(result.contains("password={cipher}5691346cc398a4450114883140fa84a7"));
        assertTrue(result.contains("secretkey={cipher}"));
        assertFalse(result.contains("secretkey=unencrypted"));

        // Test with keys that don't match pattern

    public static final String STORAGE_ACCESS_KEY = "storage.accesskey";

    /** Storage secret key configuration key. */
    public static final String STORAGE_SECRET_KEY = "storage.secretkey";

    /** Storage bucket configuration key. */
    public static final String STORAGE_BUCKET = "storage.bucket";

    /** Storage type configuration key (s3, gcs, auto). */

Importez les modules installés.

Créez une clé secrète aléatoire qui sera utilisée pour signer les jetons JWT.

Pour générer une clé secrète aléatoire sécurisée, utilisez la commande :

<div class="termy">

```console
$ openssl rand -hex 32

09d25e094faa6ca2556c818166b7a9563b93f7099f6f0f4caa6cf63b88e8d3e7
```

</div>

Et copiez la sortie dans la variable `SECRET_KEY` (n'utilisez pas celle de l'exemple).

    SecurityScopes,
)
from jwt.exceptions import InvalidTokenError
from pwdlib import PasswordHash
from pydantic import BaseModel, ValidationError

# to get a string like this run:
# openssl rand -hex 32
SECRET_KEY = "09d25e094faa6ca2556c818166b7a9563b93f7099f6f0f4caa6cf63b88e8d3e7"
ALGORITHM = "HS256"
ACCESS_TOKEN_EXPIRE_MINUTES = 30


fake_users_db = {
    "johndoe": {
        "username": "johndoe",