.Builder()
        .serialNumber(1L)
        .build()
    val cleaner = get(root.certificate)
    assertThat(cleaner.clean(list(root), "hostname")).isEqualTo(list(root))
  }

  @Test
  fun normalizeUnknownSelfSignedCertificate() {
    val root =
      HeldCertificate
        .Builder()
        .serialNumber(1L)
        .build()
    val cleaner = get()
    assertFailsWith<SSLPeerUnverifiedException> {

    assertThat(serverSocket.isClosed()).isTrue();
  }

  @SuppressWarnings("Java8ApiChecker")
  static class MyServerExampleWithCleaner implements AutoCloseable {
    private static final Cleaner cleaner = Cleaner.create();

    private static Runnable closeServerSocketRunnable(
        ServerSocket serverSocket, AtomicBoolean cleanerRan) {
      return () -> {
        try {
          serverSocket.close();

    assertThat(serverSocket.isClosed()).isTrue();
  }

  @SuppressWarnings("Java8ApiChecker")
  static class MyServerExampleWithCleaner implements AutoCloseable {
    private static final Cleaner cleaner = Cleaner.create();

    private static Runnable closeServerSocketRunnable(
        ServerSocket serverSocket, AtomicBoolean cleanerRan) {
      return () -> {
        try {
          serverSocket.close();

 * certificate is signed by the certificate that follows, and the last certificate is a trusted CA
 * certificate.
 *
 * Use of the chain cleaner is necessary to omit unexpected certificates that aren't relevant to
 * the TLS handshake and to extract the trusted CA certificate for the benefit of certificate
 * pinning.
 */
abstract class CertificateChainCleaner {

import java.security.cert.Certificate
import java.security.cert.X509Certificate
import java.util.ArrayDeque
import java.util.Deque
import javax.net.ssl.SSLPeerUnverifiedException

/**
 * A certificate chain cleaner that uses a set of trusted root certificates to build the trusted
 * chain. This class duplicates the clean chain building performed during the TLS handshake. We
 * prefer other mechanisms where they exist, such as with

But for the generated client, we could **modify** the OpenAPI operation IDs right before generating the clients, just to make those method names nicer and **cleaner**.

We could download the OpenAPI JSON to a file `openapi.json` and then we could **remove that prefixed tag** with a script like this:

{* ../../docs_src/generate_clients/tutorial004.py *}

//// tab | Node.js

      }
    }
  }

  /**
   * Not checking the CA bit created a vulnerability in old OkHttp releases. It is exploited by
   * triggering different chains to be discovered by the TLS engine and our chain cleaner. In this
   * attack there's several different chains.
   *
   *
   * The victim's gets a non-CA certificate signed by a CA, and pins the CA root and/or
   * intermediate. This is business as usual.
   *

/// tip

Additionally, a background task is normally an independent set of logic that should be handled separately, with its own resources (e.g. its own database connection).

So, this way you will probably have cleaner code.

///

- Migrated the bootstrap signer controller and the token cleaner controller (within `kube-controller-manager`) to use [contextual logging](https://k8s.io/docs/concepts/cluster-administration/system-logs/#contextual-logging). ([#113464](https://github.com/kubernetes/kubernetes/pull/113464), [@mengjiao-liu](http...

- The helping message of commands which have sub-commands is now clearer and more instructive. It will show the full command instead of `kubectl <command> --help ...`