### Certificate Pinning ([.kt][CertificatePinningKotlin], [.java][CertificatePinningJava])

    initCollectionWithNullElement();
    expectReturnsTrue(disjoint);
    expectContents();
  }

  // retainAll(null)

  /*
   * AbstractCollection fails the retainAll(null) test when the subject
   * collection is empty, but we'd still like to test retainAll(null) when we
   * can. We split the test into empty and non-empty cases. This allows us to
   * suppress only the former.
   */

   *     expectContents(E...)} and its friends.
   */
  protected abstract Collection<E> actualContents();

  /**
   * Replaces the existing container under test with a new container created by the subject
   * generator.
   *
   * @see #resetContainer(Object) resetContainer(C)
   * @return the new container instance.
   */
  @CanIgnoreReturnValue
  protected C resetContainer() {

 *
 * To perform server authentication:
 *
 *  * The server's handshake certificates must have a [held certificate][HeldCertificate] (a
 *    certificate and its private key). The certificate's subject alternative names must match the
 *    server's hostname. The server must also have is a (possibly-empty) chain of intermediate
 *    certificates to establish trust from a root certificate to the server's certificate. The root

incorporated within the Work. 2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. 3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor...

     *
     * <p><b>Note:</b> in general, code should assume that the string form returned by {@code
     * ToStringHelper} for a given object may change. In particular, the list of types which are
     * checked for emptiness is subject to change. We currently check {@code CharSequence}s, {@code
     * Collection}s, {@code Map}s, optionals (including Guava's), and arrays.
     *
     * @since 33.4.0
     */
    @CanIgnoreReturnValue

import java.security.MessageDigest;
import java.security.Principal;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Map;
import java.util.Objects;
import java.util.Set;

import javax.security.auth.Subject;

import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import jcifs.CIFSContext;
import jcifs.CIFSException;
import jcifs.Credentials;

## `/token` パスオペレーションの更新

トークンの有効期限を表す`timedelta`を作成します。

JWTアクセストークンを作成し、それを返します。

{* ../../docs_src/security/tutorial004.py hl[115:130] *}

### JWTの"subject" `sub` についての技術的な詳細

JWTの仕様では、トークンのsubjectを表すキー`sub`があるとされています。

使用するかどうかは任意ですが、`sub`はユーザーの識別情報を入れるように規定されているので、ここで使用します。

JWTは、ユーザーを識別して、そのユーザーがAPI上で直接操作を実行できるようにする以外にも、他の用途で使用されることがあります。

例えば、「車」や「ブログ記事」を識別することができます。

   *
   * <p>Despite the method name, this method attempts to avoid actually copying the data when it is
   * safe to do so. The exact circumstances under which a copy will or will not be performed are
   * undocumented and subject to change.
   */
  public static <R, C, V> ImmutableTable<R, C, V> copyOf(
      Table<? extends R, ? extends C, ? extends V> table) {
    if (table instanceof ImmutableTable) {
      @SuppressWarnings("unchecked")

   *
   * Writes are subject to the write window of the stream and the connection. Until there is a
   * window sufficient to send [byteCount], the caller will block. For example, a user of
   * `HttpURLConnection` who flushes more bytes to the output stream than the connection's write
   * window will block.
   *
   * Zero [byteCount] writes are not subject to flow control and will not block. The only use case