} else {
      return new BigInteger(digits, RANDOM_SOURCE).setBit(digits);
    }
  }

  /**
   * Equivalent to calling randomPositiveBigInteger(numBits) and then flipping the sign with 50%
   * probability.
   */
  static BigInteger randomNonZeroBigInteger(int numBits) {
    BigInteger result = randomPositiveBigInteger(numBits);
    return RANDOM_SOURCE.nextBoolean() ? result : result.negate();

  // The mask for the exponent, according to the {@link
  // Double#doubleToRawLongBits(double)} spec.
  static final long EXPONENT_MASK = 0x7ff0000000000000L;

  // The mask for the sign, according to the {@link
  // Double#doubleToRawLongBits(double)} spec.
  static final long SIGN_MASK = 0x8000000000000000L;

  static final int SIGNIFICAND_BITS = 52;

  static final int EXPONENT_BIAS = 1023;

  * If you work for a company that wants to allow you to contribute your work, then you'll need to sign a [corporate CLA](https://code.google.com/legal/corporate-cla-v1.0.html).

    } else {
      return new BigInteger(digits, RANDOM_SOURCE).setBit(digits);
    }
  }

  /**
   * Equivalent to calling randomPositiveBigInteger(numBits) and then flipping the sign with 50%
   * probability.
   */
  static BigInteger randomNonZeroBigInteger(int numBits) {
    BigInteger result = randomPositiveBigInteger(numBits);
    return RANDOM_SOURCE.nextBoolean() ? result : result.negate();

     *
     * @param data The data.
     * @param offset The starting offset at which the SMB header begins.
     * @param length The length of the SMB data starting at offset.
     */
    void sign(final byte[] data, final int offset, final int length, final ServerMessageBlock request, final ServerMessageBlock response) {
        request.signSeq = signSequence;
        if (response != null) {

	// Verify finally if signature is same.

	// Get canonical request.
	presignedCanonicalReq := getCanonicalRequest(extractedSignedHeaders, hashedPayload, encodedQuery, req.URL.Path, req.Method)

	// Get string to sign from canonical request.
	presignedStringToSign := getStringToSign(presignedCanonicalReq, t, pSignValues.Credential.getScope())

	// Get hmac presigned signing key.

// getChunkSignature - get chunk signature.
// Does not update anything in cr.
func (cr *s3ChunkedReader) getChunkSignature() string {
	hashedChunk := hex.EncodeToString(cr.chunkSHA256Writer.Sum(nil))

	// Calculate string to sign.
	alg := signV4ChunkedAlgorithm + "\n"
	stringToSign := alg +
		cr.seedDate.Format(iso8601Format) + "\n" +
		getScope(cr.seedDate, cr.region) + "\n" +
		cr.seedSignature + "\n" +
		emptySHA256 + "\n" +
		hashedChunk

import org.lastaflute.web.login.exception.LoginFailureException;
import org.lastaflute.web.response.ActionResponse;
import org.lastaflute.web.response.HtmlResponse;

/**
 * SSO (Single Sign-On) action controller.
 *
 * This action handles SSO authentication flows including login, logout, and metadata
 * operations. It coordinates with the SsoManager to perform authentication using

						<c:when test="${ pageLoginLink }">
							<li class="nav-item"><la:link href="/login"
									styleClass="nav-link  " role="button" aria-haspopup="true"
									aria-expanded="false">
									<i class="fa fa-fw fa-sign-in" aria-hidden="true"></i>
									<span><la:message key="labels.login" /></span>
								</la:link></li>
						</c:when>
					</c:choose>
					<c:choose>
						<c:when test="${chatPage}">

						<c:when test="${ pageLoginLink }">
							<li class="nav-item"><la:link href="/login"
									styleClass="nav-link  " role="button" aria-haspopup="true"
									aria-expanded="false">
									<i class="fa fa-fw fa-sign-in" aria-hidden="true"></i>
									<span><la:message key="labels.login" /></span>
								</la:link></li>
						</c:when>
					</c:choose>
					<c:choose>
						<c:when test="${chatPage}">