protected long getCurrentTime() {
                return System.currentTimeMillis();
            }
        };
        roleQueryHelper.maxAge = 60; // 1 minute

        Set<String> roleSet = new HashSet<>();
        // Create timestamp that's 2 minutes old
        long expiredTimestamp = System.currentTimeMillis() / 1000 - 120;
        String value = expiredTimestamp + "\nrole1,role2";

                .maximumSize(fessConfig.getSuggestPopularWordCacheSizeAsInteger().longValue())
                .expireAfterWrite(fessConfig.getSuggestPopularWordCacheExpireAsInteger().longValue(), TimeUnit.MINUTES)
                .build();
    }

    /**
     * Retrieves a list of popular words based on the specified search parameters.
     * Uses caching to improve performance for repeated requests.
     *

        }

        /**
         * Returns the response.
         * @return The response.
         */
        public RESPONSE getResponse() {
            return getResponse(1, TimeUnit.MINUTES);
        }

        /**
         * Returns the response.
         * @param time The time to wait.
         * @param unit The time unit.
         * @return The response.
         */

Pero haciendo eso, en algunos minutos u horas, los atacantes habrían adivinado el nombre de usuario y la contraseña correctos, con la "ayuda" de nuestra aplicación, solo usando el tiempo tomado para responder.

#### Arréglalo con `secrets.compare_digest()`

     * The cache is configured with a maximum size of 100 entries and expires after 10 minutes.
     */
    @PostConstruct
    public void init() {
        if (logger.isDebugEnabled()) {
            logger.debug("Initialize {}", this.getClass().getSimpleName());
        }
        crawlingConfigCache = CacheBuilder.newBuilder().maximumSize(100).expireAfterWrite(10, TimeUnit.MINUTES).build();
    }

    /**

     */
    protected Class<?> dataClass = null;

    /**
     * The XPathAPI cache.
     */
    protected LoadingCache<String, XPathAPI> xpathAPICache;

    /**
     * The cache duration in minutes.
     */
    protected long cacheDuration = 10; // min

    /**
     * Constructs a new instance of {@code XmlTransformer}.
     * This constructor initializes the transformer with default settings.
     */

      require(hour in 0..23)
      require(minute in 0..59)
      require(second in 0..59)

      GregorianCalendar(UTC).apply {
        isLenient = false
        set(Calendar.YEAR, year)
        set(Calendar.MONTH, month - 1)
        set(Calendar.DAY_OF_MONTH, dayOfMonth)
        set(Calendar.HOUR_OF_DAY, hour)
        set(Calendar.MINUTE, minute)
        set(Calendar.SECOND, second)

        uses: gradle/actions/setup-gradle@v4

      - name: Run native-image tests
        run: ./gradlew -PgraalBuild=true native-image-tests:nativeTest

  testandroid:
    runs-on: ubuntu-latest
    timeout-minutes: 30

    strategy:
      fail-fast: false
      matrix:
        api-level:
          - 21
          - 29
          - 34

    steps:
      - name: Checkout

## Configuring OpenID Identity Provider on MinIO

Of course, the attackers would not try all this by hand, they would write a program to do it, possibly with thousands or millions of tests per second. And they would get just one extra correct letter at a time.

But doing that, in some minutes or hours the attackers would have guessed the correct username and password, with the "help" of our application, just using the time taken to answer.

#### Fix it with `secrets.compare_digest()` { #fix-it-with-secrets-compare-digest }