/**
     * Determines whether this session is currently in use.
     *
     * @return whether the session is in use
     */
    boolean isInUse();

    /**
     * Returns the current session key used for signing and encryption.
     *
     * @return the current session key
     * @throws CIFSException if the session key cannot be retrieved
     */
    byte[] getSessionKey() throws CIFSException;

    /**

                 * junk. We need to bump up the wordCount here so that this method returns
                 * the correct number of bytes for signing purposes. Otherwise we get a
                 * signing verification failure.
                 */
                if (this.getCommand() == SMB_COM_NT_CREATE_ANDX && ((SmbComNTCreateAndXResponse) this).isExtended()

- To be able to reliably use S3 multipart APIs feature of the SDKs without re-inventing the wheel of pre-signing the each URL in multipart API. This is very tedious to implement with all the scenarios of fault tolerance that's already implemented by the client SDK. The general client SDKs don't support multipart with presigned URLs.

    protected boolean forceUnicode = false;
    /** Whether SMB signing is preferred but not required */
    protected boolean signingPreferred = false;
    /** Whether SMB signing is enforced (required) */
    protected boolean signingEnforced = false;
    /** Whether to enforce signing for IPC connections */
    protected boolean ipcSigningEnforced = true;
    /** Whether SMB3 encryption is enabled */

                && !sess.getCredentials().isAnonymous() && sess.getDigest() == null) {
            throw new SmbException("IPC signing is enforced, but no signing is available");
        }

        this.service = rsvc;
        this.inDfs = response.isShareDfs();
        this.treeNum = TREE_CONN_COUNTER.incrementAndGet();

     *
     * @return whether to enable SMB signing (for everything), if available
     */
    boolean isSigningEnabled();

    /**
     *
     * Property {@code jcifs.smb.client.ipcSigningEnforced} (boolean, default true)
     *
     * @return whether to enforce SMB signing for IPC connections
     */
    boolean isIpcSigningEnforced();

    /**
     *

	stringToSign := alg +
		cr.seedDate.Format(iso8601Format) + "\n" +
		getScope(cr.seedDate, cr.region) + "\n" +
		cr.seedSignature + "\n" +
		emptySHA256 + "\n" +
		hashedChunk

	// Get hmac signing key.
	signingKey := getSigningKey(cr.cred.SecretKey, cr.seedDate, cr.region, serviceS3)

	// Calculate signature.
	newSignature := getSignature(signingKey, stringToSign)

	return newSignature
}

  }

  /**
   * Returns true if [toVerify] was signed by [signingCert]'s public key.
   *
   * @param minIntermediates the minimum number of intermediate certificates in [signingCert]. This
   *     is -1 if signing cert is a lone self-signed certificate.
   */
  private fun verifySignature(
    toVerify: X509Certificate,
    signingCert: X509Certificate,
    minIntermediates: Int,
  ): Boolean {

2.  Pull requests are great for small fixes for bugs, documentation, etc.
3.  Pull requests are not merged directly into the master branch.
4.  Code contributions require signing a Google CLA.

API changes
-----------

We make changes to Guava's public [APIs][], including adding new APIs, very
carefully. Because of this, if you're interested in seeing a new feature in

    public static final int ANONYMITY = 0x08;
    /**
     * Context flag for confidentiality (encryption) capability
     */
    public static final int CONFIDENTIALITY = 0x04;
    /**
     * Context flag for integrity (signing) capability
     */
    public static final int INTEGRITY = 0x02;

    private static final ASN1ObjectIdentifier SPNEGO_OID = new ASN1ObjectIdentifier(SpnegoConstants.SPNEGO_MECHANISM);