}

    /**
     * Default provider is BouncyCastleProvider.
     * For registering custom provider
     * @see jcifs.util.Crypto#initProvider(Provider)
     * @return Provider
     */
    public static Provider getProvider() {
        if (provider != null) {
            return provider;
        }
        provider = new BouncyCastleProvider();
        return provider;
    }

    /**

/**
 * Unit tests for TCP RDMA provider
 */
public class TcpRdmaProviderTest {

    private TcpRdmaProvider provider;

    @BeforeEach
    public void setUp() {
        provider = new TcpRdmaProvider();
    }

    @Test
    public void testIsAvailable() {
        assertTrue(provider.isAvailable(), "TCP provider should always be available");
    }

    @Test

   |
   | General example

  <toolchain>
    <type/>
    <provides>
      <version>1.0</version>
    </provides>
    <configuration/>
  </toolchain>

   | JDK examples

  <toolchain>
    <type>jdk</type>
    <provides>
      <version>1.5</version>
      <vendor>sun</vendor>
    </provides>
    <configuration>
      <jdkHome>/path/to/jdk/1.5</jdkHome>
    </configuration>

  }

  @Test
  fun testHttps(
    provider: Provider = Provider.JSSE,
    protocol: Protocol = burstValues(HTTP_1_1, HTTP_2),
    tlsVersion: TlsVersion = burstValues(TLS_1_3, TLS_1_2),
    socketMode: SocketMode = burstValues(Channel, Standard),
    tlsExtensionMode: TlsExtensionMode = TlsExtensionMode.STANDARD,
  ) {
    testConnection(TlsInstance(provider, protocol, tlsVersion, socketMode, tlsExtensionMode))
  }

 *
 * Requires org.bouncycastle:bctls-jdk15on on the classpath.
 */
class BouncyCastlePlatform private constructor() : Platform() {
  private val provider: Provider = BouncyCastleJsseProvider()

  override fun newSSLContext(): SSLContext = SSLContext.getInstance("TLS", provider)

  override fun platformTrustManager(): X509TrustManager {
    val factory =
      TrustManagerFactory.getInstance(
        "PKIX",

        // This should always return at least the TCP fallback provider
        RdmaProvider provider = RdmaProviderFactory.selectBestProvider();
        assertNotNull(provider, "Should always select an RDMA provider (at minimum TCP fallback)");
        assertNotNull(provider.getProviderName(), "Provider name should not be null");
        assertNotNull(provider.getSupportedCapabilities(), "Supported capabilities should not be null");

	if err != nil {
		t.Fatal(err)
	}

	provider := providerCfg{}
	provider.JWKS.URL = u1
	cfg := Config{
		Enabled: true,
		pubKeys: pubKeys,
		arnProviderCfgsMap: map[arn.ARN]*providerCfg{
			DummyRoleARN: &provider,
		},
		ProviderCfgs: map[string]*providerCfg{
			"1": &provider,
		},
	}

	u, err := url.Parse("http://127.0.0.1:8443/?Token=invalid")

import java.security.KeyStore
import java.security.Provider
import javax.net.ssl.SSLContext
import javax.net.ssl.SSLSocket
import javax.net.ssl.SSLSocketFactory
import javax.net.ssl.TrustManagerFactory
import javax.net.ssl.X509TrustManager
import okhttp3.Protocol

/**
 * Platform using OpenJSSE (https://github.com/openjsse/openjsse) if installed as the first
 * Security Provider.
 *

## Security - HTTPS { #security-https }

In the [previous chapter about HTTPS](https.md){.internal-link target=_blank} we learned about how HTTPS provides encryption for your API.

We also saw that HTTPS is normally provided by a component **external** to your application server, a **TLS Termination Proxy**.

**We recommend setting `policy` as a custom claim for the JWT service provider follow [here](https://docs.wso2.com/display/IS550/Configuring+Claims+for+a+Service+Provider) and [here](https://docs.wso2.com/display/IS550/Handling+Custom+Claims+with+the+JWT+Bearer+Grant+Type) for relevant docs on how to configure claims for a service provider.**

### 5. Setup MinIO with OpenID configuration URL