fun signersMustHaveCaBitSet() {
    val attackerCa =
      HeldCertificate
        .Builder()
        .serialNumber(1L)
        .certificateAuthority(4)
        .commonName("attacker ca")
        .build()
    val attackerIntermediate =
      HeldCertificate
        .Builder()
        .serialNumber(2L)
        .certificateAuthority(3)
        .commonName("attacker")
        .signedBy(attackerCa)

  /** Returns the tag attached with [T] as a key, or null if no tag is attached with that key. */
  @JvmName("reifiedTag")
  inline fun <reified T : Any> tag(): T? = tag(T::class)

  /** Returns the tag attached with [type] as a key, or null if no tag is attached with that key. */
  fun <T : Any> tag(type: KClass<T>): T? = type.java.cast(tags[type])

  /**

import jcifs.internal.smb2.nego.PreauthIntegrityNegotiateContext;

/**
 * Enhanced Pre-Authentication Integrity Service for SMB 3.1.1.
 *
 * Provides comprehensive pre-authentication integrity protection against
 * downgrade attacks by maintaining cryptographic hash chains of all
 * negotiation and session setup messages.
 */
public class PreauthIntegrityService {

By default, OkHttp trusts the certificate authorities of the host platform. This strategy maximizes connectivity, but it is subject to certificate authority attacks such as the [2011 DigiNotar attack](https://www.computerworld.com/article/2510951/cybercrime-hacking/hackers-spied-on-300-000-iranians-using-fake-google-certificate.html). It also assumes your HTTPS servers’ certificates are signed by a certificate authority.

  /**
   * Returns the tag attached with [type] as a key, or null if no tag is attached with that key.
   *
   * The tags on a call are seeded from the [request tags][Request.tag]. This set will grow if new
   * tags are computed.
   */
  fun <T : Any> tag(type: KClass<T>): T?

  /**
   * Returns the tag attached with [type] as a key, or null if no tag is attached with that key.
   *

        NameTrackingTransformer tracker = new NameTrackingTransformer();
        ResponseData responseData = new ResponseData();

        // Transform with different names
        tracker.setName("name1");
        tracker.transform(responseData);

        tracker.setName("name2");
        tracker.transform(responseData);

        tracker.setName("name3");
        tracker.transform(responseData);

   *       directExecutor}, the listener can execute in any of three possible threads:
   *       <ol>
   *         <li>When a thread attaches a listener to a {@code ListenableFuture} that's already
   *             complete, the listener runs immediately in that thread.
   *         <li>When a thread attaches a listener to a {@code ListenableFuture} that's
   *             incomplete and the {@code ListenableFuture} later completes normally, the

     * @return session instance with the given type
     */
    <T extends SmbSession> T unwrap(Class<T> type);

    /**
     * Returns the CIFS context that this session is attached to.
     *
     * @return the context this session is attached to
     */
    CIFSContext getContext();

---
name: Question
about: Use Stack Overflow instead
title: "\U0001F649"
labels: ''
assignees: ''

---

🛑 𝙎𝙏𝙊𝙋

This issue tracker is not the place for questions!

If you want to ask how to do something, or to understand why something isn't working the way you expect it to, use Stack Overflow. https://stackoverflow.com/questions/tagged/okhttp

 *
 * ```java
 * String attack = "http://example.com/static/images/../../../../../etc/passwd";
 * System.out.println(new URL(attack).getPath());
 * System.out.println(new URI(attack).getPath());
 * System.out.println(HttpUrl.parse(attack).encodedPath());
 * ```
 *
 * By canonicalizing the input paths, they are complicit in directory traversal attacks. Code that
 * checks only the path prefix may suffer!
 *