val request = server.takeRequest()
    assertThat(request.requestLine).isEqualTo("GET /foo HTTP/2")
    assertThat(request.headers[":scheme"]).isEqualTo(scheme)
    assertThat(request.headers[":authority"]).isEqualTo("${server.hostName}:${server.port}")
  }

  @Test
  fun get204Response() {
    val responseWithoutBody =
      MockResponse
        .Builder()
        .status("HTTP/1.1 204")

                 * for the addresses hostname or failed lookups for one type will
                 * be cached and cause other types to fail even though they may
                 * not be the authority for the name. For example, if a WINS lookup
                 * for FOO fails and caches unknownAddress for FOO, a subsequent
                 * lookup for FOO using BCAST should not fail because of that

import jcifs.dcerpc.ndr.NdrException;
import jcifs.dcerpc.ndr.NdrObject;
import jcifs.dcerpc.ndr.NdrSmall;

/**
 * LSA RPC (Local Security Authority Remote Procedure Call) interface definitions.
 * This class provides data structures and constants for interacting with the
 * Windows Local Security Authority service via DCE/RPC protocol.
 */
@SuppressWarnings("all")
public class lsarpc {

    /**

    @Size(max = 1000)
    public String entraidClientSecret;

    /** Entra ID tenant ID. */
    @Size(max = 1000)
    public String entraidTenant;

    /** Entra ID authority URL. */
    @Size(max = 1000)
    public String entraidAuthority;

    /** Entra ID OAuth2 reply URL. */
    @Size(max = 1000)
    public String entraidReplyUrl;

   * signed by the compromised CA's certificate and uses it in a non-CA certificate. They ask the
   * pinned CA above to sign it for non-certificate-authority uses:
   *
   * ```
   *   pinnedRoot (trusted by CertificatePinner)
   *     -> pinnedIntermediate (trusted by CertificatePinner)
   *         -> attackerSwitch
   * ```
   *

<img src="/img/deployment/https/https.drawio.svg">

The **TLS certificates** are **associated with a domain name**, not with an IP address.

So, to renew the certificates, the renewal program needs to **prove** to the authority (Let's Encrypt) that it indeed **"owns" and controls that domain**.

To do that, and to accommodate different application needs, there are several ways it can do it. Some popular ways are:

* **Modify some DNS records**.

        // Share when share set but no path
        assertEquals(SmbConstants.TYPE_SHARE, locator("smb://server/share/").getType());

        // Workgroup when no authority
        assertEquals(SmbConstants.TYPE_WORKGROUP, locator("smb:///").getType());

        // Server vs Workgroup depends on NetBIOS name type
        Address addr = mock(Address.class);

              insertIntoDynamicTable(header)
            }

            name.startsWith(Header.PSEUDO_PREFIX) && TARGET_AUTHORITY != name -> {
              // Follow Chromes lead - only include the :authority pseudo header, but exclude all other
              // pseudo headers. Literal Header Field without Indexing - Indexed Name.
              writeInt(headerNameIndex, PREFIX_4_BITS, 0)
              writeByteString(value)

     * @param streamId client-initiated stream ID.  Must be an odd number.
     * @param promisedStreamId server-initiated stream ID.  Must be an even number.
     * @param requestHeaders minimally includes `:method`, `:scheme`, `:authority`, and `:path`.
     */
    @Throws(IOException::class)
    fun pushPromise(
      streamId: Int,
      promisedStreamId: Int,
      requestHeaders: List<Header>,
    )

    /**

                 * for the addresses hostname or failed lookups for one type will
                 * be cached and cause other types to fail even though they may
                 * not be the authority for the name. For example, if a WINS lookup
                 * for FOO fails and caches unknownAddress for FOO, a subsequent
                 * lookup for FOO using BCAST should not fail because of that