status_code=status.HTTP_401_UNAUTHORIZED,
        detail="Could not validate credentials",
        headers={"WWW-Authenticate": authenticate_value},
    )
    try:
        payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
        username = payload.get("sub")
        if username is None:
            raise credentials_exception
        scope: str = payload.get("scope", "")

        }

        return new PacUnicodeString(length, maxLength, pointer);
    }

    /**
     * Reads a string with length prefix from the stream.
     * @return the decoded string
     * @throws IOException if an I/O error occurs
     * @throws PACDecodingException if the string structure is malformed
     */
    public String readString() throws IOException, PACDecodingException {

        if (this.getErrorCode() != 0) {
            return 4;
        }

        try {
            this.securityDescriptor = new SecurityDescriptor();
            bufferIndex += this.securityDescriptor.decode(buffer, bufferIndex, len);
        } catch (final IOException ioe) {
            throw new RuntimeCIFSException(ioe.getMessage());
        }

        return bufferIndex - start;
    }

    @Override

        status_code=status.HTTP_401_UNAUTHORIZED,
        detail="Could not validate credentials",
        headers={"WWW-Authenticate": "Bearer"},
    )
    try:
        payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
        username = payload.get("sub")
        if username is None:
            raise credentials_exception
        token_data = TokenData(username=username)

        status_code=status.HTTP_401_UNAUTHORIZED,
        detail="Could not validate credentials",
        headers={"WWW-Authenticate": "Bearer"},
    )
    try:
        payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
        username = payload.get("sub")
        if username is None:
            raise credentials_exception
        token_data = TokenData(username=username)

     */
    @Execute
    @Secured({ ROLE, ROLE + VIEW })
    public ActionResponse download(final String id) {
        final String filename = new String(Base64.getDecoder().decode(id), StandardCharsets.UTF_8).replace("..", "").replaceAll("\\s", "");
        final String logFilePath = systemHelper.getLogFilePath();
        if (StringUtil.isNotBlank(logFilePath) && isLogFilename(filename)) {

        String msg = req.getHeader("Authorization");
        if (msg != null && msg.startsWith("NTLM ")) {
            final byte[] src = Base64.decode(msg.substring(5));
            if (src[8] == 1) {
                final Type1Message type1 = new Type1Message(src);
                final Type2Message type2 = new Type2Message(tc, type1, challenge, null);

import okio.ByteString

/**
 * ASN.1 adapters adapted from the specifications in [RFC 5280][rfc_5280].
 *
 * [rfc_5280]: https://tools.ietf.org/html/rfc5280
 */
@Suppress("UNCHECKED_CAST") // This needs to cast decoded collections.
internal object CertificateAdapters {
  /**
   * ```
   * Time ::= CHOICE {
   *   utcTime        UTCTime,
   *   generalTime    GeneralizedTime
   * }
   * ```
   *

   * @param length the length of the new array
   */
  /*
   * The new array contains nulls, even if the old array did not. If we wanted to be accurate, we
   * would declare a return type of `@Nullable T[]`. However, we've decided not to think too hard
   * about arrays for now, as they're a mess. (We previously discussed this in the review of
   * ObjectArrays, which is the main caller of this method.)
   */

      When doing so, still annotate nullable parameters and the return type as `@Nullable`.
  * Do not use `@Contract` for public APIs.
  * For polynull public APIs, the solution has to be decided on a case-by-case basis.

Do not remove `null` checks on public API boundaries, even if the annotations (or rather lack of them) suggest this.
Not all client code is compiled with NullAway.