* @param tf the CIFS context to use
     * @param name the server name or address
     * @param port the port number
     * @param exclusive whether to acquire an unshared connection
     * @param forceSigning whether to enforce SMB signing
     * @return a connected transport
     * @throws UnknownHostException if the host cannot be resolved
     * @throws IOException if an I/O error occurs
     */

 *
 * @author mbechler
 */
public interface SmbResourceLocatorInternal extends SmbResourceLocator {

    /**
     * Determines whether SMB signing should be enforced for connections to this resource.
     *
     * @return whether to enforce the use of signing on connection to this resource
     */
    boolean shouldForceSigning();

    /**

    /**
     * Enforce secure negotiation
     *
     * Property {@code jcifs.smb.client.requireSecureNegotiate} (boolean, default true)
     *
     * This does not provide any actual downgrade protection if SMB1 is allowed.
     *
     * It will also break connections with SMB2 servers that do not properly sign error responses.
     *
     * @return whether to enforce the use of secure negotiation.
     */

confidentiality with regard to the reporter of an incident.
Further details of specific enforcement policies may be posted separately.

Project maintainers who do not follow or enforce the Code of Conduct in good
faith may face temporary or permanent repercussions as determined by other
members of the project's leadership.

## Attribution

+ If referring to a repo other than `golang/go` you can use the
  `owner/repo#issue_number` syntax: `Fixes golang/tools#1234`
+ We do not use Signed-off-by lines in Go. Please don't add them.
  Our Gerrit server & GitHub bots enforce CLA compliance instead.

* An optional `grant_type`.

/// tip

The OAuth2 spec actually *requires* a field `grant_type` with a fixed value of `password`, but `OAuth2PasswordRequestForm` doesn't enforce it.

If you need to enforce it, use `OAuth2PasswordRequestFormStrict` instead of `OAuth2PasswordRequestForm`.

///

* An optional `client_id` (we don't need it for our example).

 * serialization of funnels. When possible, it is recommended that funnels be implemented as a
 * single-element enum to maintain serialization guarantees. See Effective Java (2nd Edition), Item
 * 3: "Enforce the singleton property with a private constructor or an enum type". For example:
 *
 * {@snippet :
 * public enum PersonFunnel implements Funnel<Person> {
 *   INSTANCE;

        assertNotNull(contexts);
        assertEquals(0, contexts.length);
        assertNull(request.getPreauthSalt());
    }

    @Test
    @DisplayName("Should enforce signing when required flag is set")
    void testSigningEnforced() {
        // When
        request = new Smb2NegotiateRequest(mockConfig, Smb2Constants.SMB2_NEGOTIATE_SIGNING_REQUIRED);

        // Then

   *
   * HTTP/2 requires deployments of HTTP/2 that use TLS 1.2 support
   * [CipherSuite.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256], present in Java 8+ and Android 5+.
   * Servers that enforce this may send an exception message including the string
   * `INADEQUATE_SECURITY`.
   */
  HTTP_2("h2"),

  /**
   * Cleartext HTTP/2 with no "upgrade" round trip. This option requires the client to have prior

    private static final MonotonicClock CLOCK = new MonotonicClock();

    private final long startNanos;
    private final Instant startInstant;

    /**
     * Private constructor to enforce singleton pattern.
     * Initializes the clock with the current system time and nanoTime.
     */
    private MonotonicClock() {
        this.startNanos = System.nanoTime();