mora","motala","mullsjö","munkedal","munkfors","mölndal","mönsterås","mörbylånga","nacka","nora","norberg","nordanstig","nordmaling","norrköping","norrtälje","norsjö","nybro","nykvarn","nyköping","nynäshamn","nässjö","ockelbo","olofström","orsa","orust","osby","oskarshamn","ovanåker","oxelösund","pajala","partille","perstorp","piteå","ragunda","robertsfors","ronneby","rättvik","sala","salem","sandviken","sigtuna","simrishamn","sjöbo","skara","skellefteå","skinnskatteberg","skurup","skövde","smed...

## Proxy implementation

In its initial implementations, the ztunnel was actually implemented in 3 different ways: a bespoke Rust implementation, a bespoke Go implementation, and in Envoy.

In the end, [after evaluation](https://docs.google.com/document/d/1c2123cKuYsBDpIon9FFdctWTUIMFweSjgwG7r8l3818/edit), the decision was to move forward with a Rust implementation.

// that they have access to.
//
// It can be optionally associated with a particular assigner, in which case it
// contains one valid set of trust anchors for that signer. Signers may have
// multiple associated ClusterTrustBundles; each is an independent set of trust
// anchors for that signer. Admission control is used to enforce that only users
// with permissions on the signer can create or modify the corresponding bundle.

    /**
     * No trust - no information about status.
     */
    public static final ArtifactStatus NONE = new ArtifactStatus("none", 0);

    /**
     * No trust - information was generated with defaults.
     */
    public static final ArtifactStatus GENERATED = new ArtifactStatus("generated", 1);

    /**
     * Low trust - was converted from the Maven 1.x repository.
     */

import okhttp3.internal.toImmutableList
import okhttp3.tls.internal.TlsUtil.newKeyManager
import okhttp3.tls.internal.TlsUtil.newTrustManager

/**
 * Certificates to identify which peers to trust and also to earn the trust of those peers in kind.
 * Client and server exchange these certificates during the handshake phase of a TLS connection.
 *
 * ### Server Authentication
 *

		ACB_MNS                    = 0x00000020, /* 1 = MNS logon user account */
		ACB_DOMTRUST               = 0x00000040, /* 1 = Interdomain trust account */
		ACB_WSTRUST                = 0x00000080, /* 1 = Workstation trust account */
		ACB_SVRTRUST               = 0x00000100, /* 1 = Server trust account */
		ACB_PWNOEXP                = 0x00000200, /* 1 = User password does not expire */

{{- define "mesh" }}
    # The trust domain corresponds to the trust root of a system.
    # Refer to https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md#21-trust-domain
    trustDomain: "cluster.local"

    # The namespace to treat as the administrative root namespace for Istio configuration.
    # When processing a leaf namespace Istio will search for declarations in that namespace first

    public static final int NT_STATUS_LOGON_TYPE_NOT_GRANTED = 0xC000015b;
    public static final int NT_STATUS_NO_TRUST_SAM_ACCOUNT = 0xC000018b;
    public static final int NT_STATUS_TRUSTED_DOMAIN_FAILURE = 0xC000018c;
    public static final int NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT = 0xC0000199;
    public static final int NT_STATUS_PASSWORD_MUST_CHANGE = 0xC0000224;

 *
 * Supported on OpenJDK 8 via the JettyALPN-boot library or Conscrypt.
 *
 * Supported on OpenJDK 9+ via SSLParameters and SSLSocket features.
 *
 * ### Trust Manager Extraction
 *
 * Supported on Android 2.3+ and OpenJDK 7+. There are no public APIs to recover the trust
 * manager that was used to create an [SSLSocketFactory].
 *
 * Not supported by choice on JDK9+ due to access checks.
 *
 * ### Android Cleartext Permit Detection

    "ghcr.io/devcontainers/features/docker-outside-of-docker:1": {},
    "ghcr.io/mpriscella/features/kind:1": {}
  },
  "customizations": {
    "vscode": {
      "extensions": [
        "golang.go",
        "rust-lang.rust-analyzer",
        "eamodio.gitlens",
        "zxh404.vscode-proto3",
        "ms-azuretools.vscode-docker",
        "redhat.vscode-yaml",
        "IBM.output-colorizer"
      ],
      "settings": {