SID domainSid = new SID(rpcSid, SID.SID_TYPE_DOMAIN, "MYDOMAIN", null, true);
        assertThrows(IllegalArgumentException.class, domainSid::getRid);
    }

    /**
     * Test getting the account name.
     */
    @Test
    void testGetAccountName() {
        rpc.sid_t rpcSid = new rpc.sid_t();
        SID sid = new SID(rpcSid, SID.SID_TYPE_USER, "DOMAIN", "user", false);

 * these three certificates are used.
 *
 * ```
 * www.squareup.com certificate:
 *
 * Common Name: www.squareup.com
 * Subject Alternative Names: www.squareup.com, squareup.com, account.squareup.com...
 * Validity: 2018-07-03T20:18:17Z – 2019-08-01T20:48:15Z
 * Public Key: d107beecc17325f55da976bcbab207ba4df68bd3f8fce7c3b5850311128264fd53e1baa342f58d93...

                for (int j = 0; j < 100; j++) {
                    List<DirectoryCacheEntry.FileInfo> children = entry.getChildren();
                    // Just read, don't assert specific counts due to race conditions
                    assertNotNull(children);
                }
            });
            readThreads[i].start();
        }

        // Wait for all threads

    } while (System.nanoTime() - deadline < 0);
    throw formatRuntimeException(
        "Latch failed to count down within %d second timeout", timeoutSeconds);
  }

  /**
   * Creates a garbage object that counts down the latch in its finalizer. Sequestered into a
   * separate method to make it somewhat more likely to be unreachable.
   */
  private static void createUnreachableLatchFinalizer(CountDownLatch latch) {

        when(mockTreeHandle.send(any(Smb2WriteRequest.class), any())).thenReturn(mockWriteResponse);
        when(mockWriteResponse.getCount()).thenReturn(10, 5); // Return proper byte counts

        outputStream = new SmbFileOutputStream(mockFile, mockTreeHandle, mockFileHandle,
                SmbConstants.O_CREAT | SmbConstants.O_WRONLY | SmbConstants.O_TRUNC, SmbConstants.FILE_WRITE_DATA,

            domains.domains[0].name = new UnicodeString("TESTDOM", false);
            domains.domains[0].sid = new jcifs.dcerpc.rpc.sid_t();
            rpc.domains = domains;

            // Names: provide account names and types for each SID
            lsarpc.LsarTransNameArray names = new lsarpc.LsarTransNameArray();
            names.count = in.length;
            names.names = new lsarpc.LsarTranslatedName[in.length];

import org.mockito.junit.jupiter.MockitoExtension;

import jcifs.smb1.dcerpc.rpc;
import jcifs.smb1.dcerpc.ndr.NdrBuffer;
import jcifs.smb1.dcerpc.ndr.NdrException;

/**
 * Comprehensive test suite for SMB1 samr (Security Account Manager Remote) protocol
 * Tests all message types, data structures, and constants
 */
@ExtendWith(MockitoExtension.class)
@DisplayName("SMB1 SAMR Protocol Test Suite")
class samrTest {

    @Mock

            assertArrayEquals(salt, Arrays.copyOfRange(buffer, 4, 7));
        }

        @ParameterizedTest
        @ValueSource(ints = { 1, 3, 5, 10, 20 })
        @DisplayName("Should encode various hash algorithm counts correctly")
        void testEncodeVariousHashAlgoCounts(int algoCount) {
            int[] hashAlgos = new int[algoCount];
            for (int i = 0; i < algoCount; i++) {
                hashAlgos[i] = i + 1;

    } while (System.nanoTime() - deadline < 0);
    throw formatRuntimeException(
        "Latch failed to count down within %d second timeout", timeoutSeconds);
  }

  /**
   * Creates a garbage object that counts down the latch in its finalizer. Sequestered into a
   * separate method to make it somewhat more likely to be unreachable.
   */
  private static void createUnreachableLatchFinalizer(CountDownLatch latch) {

And then, you could give that JWT token to a user (or bot), and they could use it to perform those actions (drive the car, or edit the blog post) without even needing to have an account, just with the JWT token your API generated for that.

Using these ideas, JWT can be used for way more sophisticated scenarios.