}
        final byte[] signature = digest();
        for (int i = 0; i < 8; i++) {
            if (signature[i] != data[offset + SmbConstants.SIGNATURE_OFFSET + i]) {
                if (log.isDebugEnabled()) {
                    log.debug("signature verification failure"); //$NON-NLS-1$
                    log.debug("Expect: " + Hexdump.toHexString(signature, 0, 8));

```

### Verifying signatures

Once you've downloaded a Gradle JAR file or a distribution and its corresponding signature file (with a `.asc` extension), you can verify its authenticity against the public key.

For example, to verify the signature of `plugin-publish-plugin-2.0.0.jar` and its signature file `plugin-publish-plugin-2.0.0.jar.asc`, use this command:

```bash

        }

        @Test
        @DisplayName("Should correctly verify signatures - regression test for inverted logic bug")
        void testVerifySignatureLogicRegression() throws Exception {
            // This test ensures the signature verification logic is not inverted
            // Previously there was a bug where verify returned true for invalid signatures

            // Set signed flag

      androidSignature(rootProject.libs.signature.android.apilevel24) { artifact { type = "signature" } }
    } else {
      // Everything else requires Android API 21+.
      androidSignature(rootProject.libs.signature.android.apilevel21) { artifact { type = "signature" } }
    }

    // OkHttp requires Java 8+.
    jvmSignature(rootProject.libs.codehaus.signature.java18) { artifact { type = "signature" } }
  }

          issuerUniqueID = null,
          subjectUniqueID = null,
          extensions = extensions(),
        )

      // Signature.
      val signature =
        Signature.getInstance(tbsCertificate.signatureAlgorithmName).run {
          initSign(issuerKeyPair.private)
          update(CertificateAdapters.tbsCertificate.toDer(tbsCertificate).toByteArray())
          sign().toByteString()

     */
    @Override
    public boolean verifySignature(final byte[] buffer, final int i, final int size) {
        // observed too that signatures on error responses are sometimes wrong??
        // Looks like the failure case also is just reflecting back the signature we sent

        // with SMB3's negotiation validation it's no longer possible to ignore this (on the validation response)

        }

        return maximals.getFirst();
    }

    /**
     * Determines which method signature (represented by a class array) is more
     * specific. This defines a partial ordering on the method signatures.
     *
     * @param c1 first signature to compare
     * @param c2 second signature to compare
     * @return MORE_SPECIFIC if c1 is more specific than c2, LESS_SPECIFIC if

        assertTrue(result); // Signature mismatch expected
    }

    @Test
    @DisplayName("Test verify method with invalid signature")
    void testVerifyWithInvalidSignature() {
        SMB1SigningDigest digest = new SMB1SigningDigest(testMacSigningKey);
        byte[] data = new byte[100];

        // Set invalid signature
        for (int i = 0; i < 8; i++) {

    SmbResourceLocator other;

    @Mock
    DfsReferralData referral;

    // Reflection-based API checks ensure the interface contract is as expected
    @Test
    @DisplayName("Type hierarchy and method signatures are correct")
    void typeAndSignatures() throws Exception {
        Class<?> clazz = SmbResourceLocatorInternal.class;

        // Assert it's an interface and extends the right superinterface

    /**
     * Extended attributes are supported flag.
     */
    int FLAGS2_EXTENDED_ATTRIBUTES = 0x0002;
    /**
     * Security signatures are supported flag.
     */
    int FLAGS2_SECURITY_SIGNATURES = 0x0004;
    /**
     * Security signatures are required flag.
     */
    int FLAGS2_SECURITY_REQUIRE_SIGNATURES = 0x0010;
    /**
     * Extended security negotiation is supported flag.
     */