return decode(certificatePem, pkcs8Base64)
    }

    private fun decode(
      certificatePem: String,
      pkcs8Base64Text: String,
    ): HeldCertificate {
      val certificate = certificatePem.decodeCertificatePem()

      val pkcs8Bytes =
        pkcs8Base64Text.decodeBase64()
          ?: throw IllegalArgumentException("failed to decode private key")

            final PermissionHelper permissionHelper = ComponentUtil.getPermissionHelper();
            entity.setPermissions(split(form.permissions, "\n").get(stream -> stream.map(s -> permissionHelper.encode(s))
                    .filter(StringUtil::isNotBlank).distinct().toArray(n -> new String[n])));
            return entity;
        });
    }

            final PermissionHelper permissionHelper = ComponentUtil.getPermissionHelper();
            entity.setPermissions(split(form.permissions, "\n").get(stream -> stream.map(s -> permissionHelper.encode(s))
                    .filter(StringUtil::isNotBlank).distinct().toArray(n -> new String[n])));
            return entity;
        });
    }

    protected void registerRoleTypeItems(final RenderData data) {

You can also sponsor:

* <a href="https://github.com/sponsors/samuelcolvin" class="external-link" target="_blank">Samuel Colvin (Pydantic)</a>
* <a href="https://github.com/sponsors/encode" class="external-link" target="_blank">Encode (Starlette, Uvicorn)</a>

---

   * <p>These heuristics do not always match the behavior of the filesystem. In particular, consider
   * the path {@code a/../b}, which {@code simplifyPath} will change to {@code b}. If {@code a} is a
   * symlink to {@code x}, {@code a/../b} may refer to a sibling of {@code x}, rather than the
   * sibling of {@code a} referred to by {@code b}.
   *
   * @since 11.0
   */
  public static String simplifyPath(String pathname) {

        final PermissionHelper permissionHelper = ComponentUtil.getPermissionHelper();
        return split(getRoleSearchDefaultPermissions(), ",").get(stream -> stream.map(p -> permissionHelper.encode(p))
                .filter(StringUtil::isNotBlank).distinct().toArray(n -> new String[n]));
    }

    String getRoleSearchDefaultDisplayPermissions();

import org.codelibs.fess.unit.UnitFessTestCase;

public class FessFileTransformerTest extends UnitFessTestCase {

    private String encodeUrl(final String url) {
        try {
            return URLEncoder.encode(url, Constants.UTF_8);
        } catch (final UnsupportedEncodingException e) {
            throw new FessSystemException("Unsupported encoding.", e);
        }
    }

	}

	err = json.NewDecoder(resp.Body).Decode(&scopeInfos)
	if err != nil {
		return nil, fmt.Errorf("cannot deserialize response %s", err)
	}
	return scopeInfos, nil
}

func (c *ControlzClient) PutScope(scope *ScopeInfo) error {
	var jsonScopeInfo bytes.Buffer
	err := json.NewEncoder(&jsonScopeInfo).Encode(scope)
	if err != nil {
		return fmt.Errorf("cannot serialize scope %+v", *scope)

					return
				}
			case <-ctx.Done():
				return
			}

			if !tickered {
				h.totalMessages.Add(1)
				if !isDirQueue {
					if err := enc.Encode(&entry); err != nil {
						h.config.LogOnceIf(
							ctx,
							fmt.Errorf("unable to encode webhook log entry, err  '%w' entry: %v\n", err, entry),
							h.Name(),
						)
						h.failedMessages.Add(1)
						continue
					}
				} else {

Because Ztunnel can have Istio semantics baked in, we do not need to encode all this information on the wire.
Instead, an Istio specific field like `ExpectedTLSIdentity: spiffe://foo.bar` can encode the same information, at a fraction of the cost.