eu6FSqdQgPCnXEqULl8FmTxSQeDNtGPPAUO6nIPcj2A781q0tHuu2guQOHXvgR1m
    0vdXcDazv/wor3ElhVsT/h5/WrQ8
    -----END CERTIFICATE-----
    """.trimIndent().decodeCertificatePem()

  // CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
  val letsEncryptCertificateAuthority =
    """
    -----BEGIN CERTIFICATE-----
    MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/

    )
  }

  /**
   * Returns a request that creates a TLS tunnel via an HTTP proxy. Everything in the tunnel request
   * is sent unencrypted to the proxy server, so tunnels include only the minimum set of headers.
   * This avoids sending potentially sensitive data like HTTP cookies to the proxy unencrypted.
   *
   * In order to support preemptive authentication we pass a fake "Auth Failed" response to the

        .toSet()

    // It's safe to assume all platforms will have a major Internet certificate issuer.
    val majorIssuers =
      listOf(
        "DigiCert",
        "Let's Encrypt",
        "ISRG", // Internet Security Research Group (Let's Encrypt parent)
        "GlobalSign",
        "Comodo",
        "Sectigo",
        "GeoTrust",
        "Entrust",
      )
    assertThat(names).matchesPredicate { strings ->

        options.addOption(Option.builder(ENCRYPT_MASTER_PASSWORD)
                .longOpt("encrypt-master-password")
                .hasArg()
                .optionalArg(true)
                .desc("Encrypt master security password")
                .build());
        options.addOption(Option.builder(ENCRYPT_PASSWORD)
                .longOpt("encrypt-password")
                .hasArg()
                .optionalArg(true)

import okhttp3.Request
import okhttp3.tls.HandshakeCertificates
import okhttp3.tls.decodeCertificatePem
import org.junit.jupiter.api.Tag
import org.junit.jupiter.api.Test

/**
 * Test for new Let's Encrypt Root Certificate.
 */
@Tag("Remote")
class LetsEncryptClientTest {
  @Test fun get() {
    // These tests wont actually run before Android 8.0 as per
    // https://github.com/mannodermaus/android-junit5

MINIO=("$PWD/minio" --config-dir "$MINIO_CONFIG_DIR" server)

function start_minio() {
	start_port=$1

	export MINIO_ROOT_USER=minio
	export MINIO_ROOT_PASSWORD=minio123
	unset MINIO_KMS_AUTO_ENCRYPTION # do not auto-encrypt objects
	unset MINIO_CI_CD
	unset CI

	args=()
	for i in $(seq 1 4); do
		args+=("http://localhost:$((start_port + i))${WORK_DIR}/mnt/disk$i/ ")
	done

	for i in $(seq 1 4); do

	}

	for i, test := range encryptDecryptTests {
		ciphertext, err := Encrypt(KMS, bytes.NewReader(test.Data), test.Context)
		if err != nil {
			t.Fatalf("Test %d: failed to encrypt stream: %v", i, err)
		}
		data, err := io.ReadAll(ciphertext)
		if err != nil {
			t.Fatalf("Test %d: failed to encrypt stream: %v", i, err)
		}

		plaintext, err := Decrypt(KMS, bytes.NewReader(data), test.Context)

	start_port=$1

	export MINIO_ROOT_USER=minio
	export MINIO_ROOT_PASSWORD=minio123
	export MC_HOST_minio="http://minio:minio123@127.0.0.1:${start_port}/"
	unset MINIO_KMS_AUTO_ENCRYPTION # do not auto-encrypt objects
	export MINIO_CI_CD=1

	mkdir ${WORK_DIR}
	C_PWD=${PWD}
	if [ ! -x "$PWD/mc" ]; then
		MC_BUILD_DIR="mc-$RANDOM"
		if ! git clone --quiet https://github.com/minio/mc "$MC_BUILD_DIR"; then

OAuth2 не вказує, як саме шифрувати комунікацію — він очікує, що ваш застосунок доступний через HTTPS.

/// tip | Порада

У розділі про **деплой** ви побачите, як налаштувати HTTPS безкоштовно з Traefik та Let's Encrypt.

///

## OpenID Connect { #openid-connect }

OpenID Connect — ще одна специфікація, побудована на основі **OAuth2**.

import org.apache.maven.cling.invoker.mvnenc.EncryptInvoker;
import org.apache.maven.cling.invoker.mvnenc.EncryptParser;
import org.codehaus.plexus.classworlds.ClassWorld;

/**
 * Maven encrypt CLI "new-gen".
 */
public class MavenEncCling extends ClingSupport {
    /**
     * "Normal" Java entry point. Note: Maven uses ClassWorld Launcher and this entry point is NOT used under normal
     * circumstances.