if filterLifecycle(bucket, version.Name, version) {
					expired++
					stopFn(version.Size, errors.New("ILM expired object/version will be skipped"))
					continue
				}

				// any object with only single DEL marker we don't need
				// to rebalance, just skip it, this also includes
				// any other versions that have already expired.

    }

    @Test
    void testGetTrustedDomains_ExpiredCache() throws IOException, SmbAuthException {
        // Set up an expired cache entry
        Dfs.CacheEntry expiredEntry = new Dfs.CacheEntry(-1); // Expired
        testDfs._domains = expiredEntry;
        testDfs.setDisabled(true); // Set disabled to avoid NullPointerException

        when(auth.getDomain()).thenReturn("domain.com");

        }
    }

    /**
     * Rotate all expired keys based on configured interval
     */
    private void rotateExpiredKeys() {
        if (closed) {
            return;
        }

        long now = System.currentTimeMillis();
        java.util.List<String> sessionsToRotate = new java.util.ArrayList<>();

        // Find expired keys

            return children.containsKey(name);
        } finally {
            lock.readLock().unlock();
        }
    }

    /**
     * Check if cache entry is expired
     *
     * @return true if expired
     */
    public boolean isExpired() {
        return System.currentTimeMillis() - lastUpdateTime > maxAge;
    }

    /**
     * Check if cache needs refresh
     *

  # tlsCert: /etc/dex/tls.crt
  # tlsKey: /etc/dex/tls.key

  # Configuration for telemetry
  telemetry:
    http: 0.0.0.0:5558

# Uncomment this block to enable configuration for the expiration time durations.
expiry:
  signingKeys: "3h"
  idTokens: "3h"

  # Options for controlling the logger.
  logger:
    level: "debug"
    format: "text" # can also be "json"

# Default values shown below
oauth2:

   * Load cookies from the jar for an HTTP request to [url]. This method returns a possibly
   * empty list of cookies for the network request.
   *
   * Simple implementations will return the accepted cookies that have not yet expired and that
   * [match][Cookie.matches] [url].
   */
  fun loadForRequest(url: HttpUrl): List<Cookie>

  companion object {
    /** A cookie jar that never accepts any cookies. */
    @JvmField

    cause: Throwable,
  ): Boolean =
    when (className) {
      "okhttp3.recipes.CheckHandshake" -> true

      // by design
      "okhttp3.recipes.RequestBodyCompression" -> true

      // expired token
      else -> false
    }

      return true;
    }
  },

  /**
   * The entry's expiration timestamp has passed. This can occur when using {@link
   * CacheBuilder#expireAfterWrite} or {@link CacheBuilder#expireAfterAccess}.
   */
  EXPIRED {
    @Override
    boolean wasEvicted() {
      return true;
    }
  },

  /**
   * The entry was evicted due to size constraints. This can occur when using {@link

	ID      string `json:"id"`
	Enabled bool   `json:"enabled"`
}

// Standard errors.
var (
	ErrNotImplemented     = errors.New("function not implemented")
	ErrAccessTokenExpired = errors.New("access_token expired or unauthorized")
)

// Provider implements identity provider specific admin operations, such as
// looking up users, fetching additional attributes etc.
type Provider interface {

				}
				if !oauth2Token.Valid() {
					return nil, errors.New("invalid token")
				}

				return &credentials.WebIdentityToken{
					Token:  oauth2Token.Extra("id_token").(string),
					Expiry: int(oauth2Token.Expiry.Sub(time.Now().UTC()).Seconds()),
				}, nil
			}
		}

		sts, err := credentials.NewSTSWebIdentity(stsEndpoint, getWebTokenExpiry)
		if err != nil {