init.setContextFlag(NegTokenInit.CONFIDENTIALITY, true);
        assertTrue(init.getContextFlag(NegTokenInit.CONFIDENTIALITY));
        assertEquals(NegTokenInit.CONFIDENTIALITY, init.getContextFlags());

        init.setContextFlag(NegTokenInit.INTEGRITY, true);
        assertTrue(init.getContextFlag(NegTokenInit.INTEGRITY));
        assertEquals(NegTokenInit.CONFIDENTIALITY | NegTokenInit.INTEGRITY, init.getContextFlags());

    /**
     * Context flag for anonymity capability
     */
    public static final int ANONYMITY = 0x08;
    /**
     * Context flag for confidentiality (encryption) capability
     */
    public static final int CONFIDENTIALITY = 0x04;
    /**
     * Context flag for integrity (signing) capability
     */
    public static final int INTEGRITY = 0x02;

reported by contacting the project team at ******@****.***. The project team
will review and investigate all complaints, and will respond in a way that it deems
appropriate to the circumstances. The project team is obligated to maintain
confidentiality with regard to the reporter of an incident.
Further details of specific enforcement policies may be posted separately.

Project maintainers who do not follow or enforce the Code of Conduct in good

    */
    int NTLMSSP_NEGOTIATE_SIGN = 0x00000010;

    /**
    * Specifies that communication across the authenticated channel
    * should be encrypted (message confidentiality).
    */
    int NTLMSSP_NEGOTIATE_SEAL = 0x00000020;

    /**
    * Indicates datagram authentication.
    */
    int NTLMSSP_NEGOTIATE_DATAGRAM_STYLE = 0x00000040;

    /**

     */
    int NTLMSSP_NEGOTIATE_SIGN = 0x00000010;

    /**
     * Specifies that communication across the authenticated channel
     * should be encrypted (message confidentiality).
     */
    int NTLMSSP_NEGOTIATE_SEAL = 0x00000020;

    /**
     * Indicates datagram authentication.
     */
    int NTLMSSP_NEGOTIATE_DATAGRAM_STYLE = 0x00000040;

    /**

        }
        if (this.gssContext.getAnonymityState()) {
            contextFlags |= NegTokenInit.ANONYMITY;
        }
        if (this.gssContext.getConfState()) {
            contextFlags |= NegTokenInit.CONFIDENTIALITY;
        }
        if (this.gssContext.getIntegState()) {
            contextFlags |= NegTokenInit.INTEGRITY;
        }
        return contextFlags;
    }

    @Override

        int expected = NegTokenInit.DELEGATION | NegTokenInit.MUTUAL_AUTHENTICATION | NegTokenInit.REPLAY_DETECTION
                | NegTokenInit.SEQUENCE_CHECKING | NegTokenInit.ANONYMITY | NegTokenInit.CONFIDENTIALITY | NegTokenInit.INTEGRITY;
        assertEquals(expected, flags);
    }

    @Test
    @DisplayName("isEstablished reflects underlying context state")
    void isEstablished_behavior() throws Exception {

server uses an authenticated encryption scheme ([AEAD](#aead)) to en/decrypt and authenticate the object content. The AEAD is combined with some state to build a *Secure Channel*. A *Secure Channel* is a cryptographic construction that ensures confidentiality and integrity of the processed data. In particular the *Secure Channel* splits the plaintext content into fixed size chunks and en/decrypts each chunk separately using a unique key-nonce combination.

##### Figure 1 - Secure Channel construction...

  
  This release adds a feature to hash the `KeyID` values in the logs. The `KeyID` values are sensitive information that should not be exposed in plain text in the logs. By hashing the `KeyID` values, we can protect the confidentiality of the data while still being able to log the necessary information. ([#118988](https://github.com/kubernetes/kubernetes/pull/118988), [@nilekhc](https://github.com/nilekhc)) [SIG API Machinery, Auth and Testing]