// 3. This connection's server certificates must cover the new host.
    if (address.hostnameVerifier !== OkHostnameVerifier) return false
    if (!supportsUrl(address.url)) return false

    // 4. Certificate pinning must match the host.
    try {
      address.certificatePinner!!.check(address.url.host, handshake()!!.peerCertificates)
    } catch (_: SSLPeerUnverifiedException) {
      return false
    }

## `python-jose` installieren.

Wir müssen <abbr title="JOSE: JavaScript Object Signing and Encryption">`python-jose`</abbr> installieren, um die JWT-Tokens in Python zu generieren und zu verifizieren:

<div class="termy">

```console
$ pip install "python-jose[cryptography]"

---> 100%
```

    /** Whether to use NT status codes */
    boolean USE_NTSTATUS = Config.getBoolean("jcifs.smb1.smb.client.useNtStatus", true);
    /** Whether signing is preferred */
    boolean SIGNPREF = Config.getBoolean("jcifs.smb1.smb.client.signingPreferred", false);
    /** Whether to use NT SMBs */
    boolean USE_NTSMBS = Config.getBoolean("jcifs.smb1.smb.client.useNTSmbs", true);

Implementation is identical with "TrustedUserCAKeys" setting in OpenSSH server with exception that only one CA
key can be defined.

If a certificate is presented for authentication and has its signing CA key is in this file, then it may be
used for authentication for any user listed in the certificate's principals list. 

		xioutil.SafeClose(c.done)
		c.done = nil
	}
	return c.rc.Close()
}

// keepHTTPReqResponseAlive can be used to avoid timeouts with long storage
// operations, such as bitrot verification or data usage scanning.
// Every 10 seconds a space character is sent.
// keepHTTPReqResponseAlive will wait for the returned body to be read before starting the ticker.
// The returned function should always be called to release resources.

import org.mockito.ArgumentCaptor;
import org.mockito.Mock;
import org.mockito.MockitoAnnotations;

/**
 * Test class for SMBSigningDigest interface
 * Tests the contract and behavior of signing and verification methods
 */
class SMBSigningDigestTest {

    @Mock
    private SMBSigningDigest signingDigest;

    @Mock
    private CommonServerMessageBlock request;

    @Mock

* Fix init container status reporting when active deadline is exceeded. ([#46305](https://github.com/kubernetes/kubernetes/pull/46305), [@sjenning](https://github.com/sjenning))

* Moved qos to api.helpers. ([#44906](https://github.com/kubernetes/kubernetes/pull/44906), [@k82cn](https://github.com/k82cn))

import org.junit.jupiter.api.Test;

/**
 * JUnit 5 tests for AndXServerMessageBlock in legacy smb1 package.
 *
 * The tests use small stub subclasses to drive encode/decode paths and
 * validate batching, chaining, signing, and NT_CREATE_ANDX extended handling.
 */
class AndXServerMessageBlockTest {

    /**
     * Test stub for AndXServerMessageBlock to control read/write logic.
     */

   * C} will be excluded from automated serialization test performed by this method.
   */
  @Test
  public void testSerializable() throws Exception {
    // TODO: when we use @BeforeClass, we can pay the cost of class path scanning only once.
    for (Class<?> classToTest :
        findClassesToTest(loadClassesInPackage(), SERIALIZABLE_TEST_METHOD_NAMES)) {
      if (Serializable.class.isAssignableFrom(classToTest)) {
        try {

        SMBSigningDigest dg = mock(SMBSigningDigest.class);
        setField(session, "digest", dg);
        assertFalse(session.isSignatureSetupRequired());

        // Case 2: no digest, signing enforced by transport -> true
        setField(session, "digest", null);
        when(transport.isSigningEnforced()).thenReturn(true);
        assertTrue(session.isSignatureSetupRequired());