### CVE-2023-2728: Bypassing enforce mountable secrets policy imposed by the ServiceAccount admission plugin

### CVE-2023-2728: Bypassing enforce mountable secrets policy imposed by the ServiceAccount admission plugin

  }

  /**
   * Returns `true` if the socket, as currently configured, supports this connection spec. In
   * order for a socket to be compatible the enabled cipher suites and protocols must intersect.
   *
   * For cipher suites, at least one of the [required cipher suites][cipherSuites] must match the
   * socket's enabled cipher suites. If there are no required cipher suites the socket must have at
   * least one cipher suite enabled.

        Http1ExchangeCodec(
          // No client for CONNECT tunnels:
          client = null,
          carrier = this,
          socket = socket,
        )
      socket.source.timeout().timeout(readTimeoutMillis.toLong(), TimeUnit.MILLISECONDS)
      socket.sink.timeout().timeout(writeTimeoutMillis.toLong(), TimeUnit.MILLISECONDS)
      tunnelCodec.writeRequest(nextRequest.headers, requestLine)

### CVE-2023-2728: Bypassing enforce mountable secrets policy imposed by the ServiceAccount admission plugin

      } finally {
        for (socket in openSockets) {
          socket.closeQuietly()
        }
        Thread.currentThread().name = "SocksProxy"
      }
    }
  }

  fun proxy(): Proxy =
    Proxy(
      Proxy.Type.SOCKS,
      InetSocketAddress.createUnresolved("localhost", serverSocket!!.localPort),
    )

  fun connectionCount(): Int = connectionCount.get()

  override fun configureTlsExtensions(
    sslSocket: SSLSocket,
    hostname: String?,
    protocols: List<Protocol>,
  ) {
    // No TLS extensions if the socket class is custom.
    if (matchesSocket(sslSocket)) {
      try {
        // Enable session tickets.
        setUseSessionTickets.invoke(sslSocket, true)

        // Assume platform support on 24+
        if (hostname != null && Build.VERSION.SDK_INT <= 23) {

      else -> null // No TLS extensions if the socket class is custom.
    }

  override fun configureTlsExtensions(
    sslSocket: SSLSocket,
    hostname: String?,
    protocols: List<Protocol>,
  ) {
    // No TLS extensions if the socket class is custom.
    if (matchesSocket(sslSocket)) {
      // Enable session tickets.
      Conscrypt.setUseSessionTickets(sslSocket, true)

      // Enable ALPN.

  fun addProxy(proxy: Proxy): FakeProxySelector {
    proxies.add(proxy)
    return this
  }

  override fun select(uri: URI): List<Proxy> {
    // Don't handle 'socket' schemes, which the RI's Socket class may request (for SOCKS).
    return if (uri.scheme == "http" || uri.scheme == "https") proxies else listOf(Proxy.NO_PROXY)
  }

  override fun connectFailed(
    uri: URI,
    sa: SocketAddress,

            this.closeTimeout = Math.max(this.transportContext.getConfig().getNetbiosSoTimeout(), timeout);
        }
        // If socket is still good, the new closeTimeout will
        // be ignored; see tryClose comment.
        if (this.socket == null) {
            this.socket = new DatagramSocket(this.lport, this.laddr);
            this.thread = new Thread(this, "JCIFS-NameServiceClient");