/**
 * SMB1 NT Transaction subcommand for querying security descriptors.
 *
 * This transaction allows retrieval of Windows security descriptors
 * which contain access control information for files and directories.
 */
public class NtTransQuerySecurityDesc extends SmbComNtTransaction {

    int fid;
    int securityInformation;

    /**
     * Constructs an NT transaction to query security descriptor information.

        assertNull(response.getSecurityDescriptor());
    }

    @Test
    @DisplayName("Test readDataWireFormat with valid security descriptor")
    void testReadDataWireFormatWithValidSecurityDescriptor() throws Exception {
        // Create a minimal valid security descriptor buffer
        byte[] buffer = createValidSecurityDescriptorBuffer();

        // Set error code to 0
        setErrorCode(response, 0);

        byte[] testGuid = new byte[16];
        for (int i = 0; i < 16; i++) {
            testGuid[i] = (byte) (i + 1);
        }
        System.arraycopy(testGuid, 0, buffer, bufferIndex + 4, 16);

        // Set security mode (2 bytes)
        int testSecurityMode = 0x0003;
        SMBUtil.writeInt2(testSecurityMode, buffer, bufferIndex + 20);

        // Set dialect (2 bytes)
        int testDialect = 0x0311;

If the token is invalid, return an HTTP error right away.

{* ../../docs_src/security/tutorial004_an_py310.py hl[90:107] *}

## Update the `/token` *path operation* { #update-the-token-path-operation }

Create a `timedelta` with the expiration time of the token.

Create a real JWT access token and return it.

{* ../../docs_src/security/tutorial004_an_py310.py hl[118:133] *}

{* ../../docs_src/security/tutorial001_an_py39.py hl[12] *}

Pero eso aún no es tan útil. Vamos a hacer que nos dé el usuario actual.

## Crear un modelo de usuario

Primero, vamos a crear un modelo de usuario con Pydantic.

De la misma manera que usamos Pydantic para declarar cuerpos, podemos usarlo en cualquier otra parte:

{* ../../docs_src/security/tutorial002_an_py310.py hl[5,12:6] *}

        ptype = 0;
        flags = DCERPC_FIRST_FRAG | DCERPC_LAST_FRAG;
    }

    /**
     * Returns the security descriptor of the share as an array of ACEs.
     *
     * @return an array of ACE objects representing the share's security descriptor
     * @throws IOException if there is an error retrieving the security information
     */
    public ACE[] getSecurity() throws IOException {

    }

    @Test
    void testGetSecurityWithValidSecurityDescriptor() throws Exception {
        // Setup mock ShareInfo502 with a minimal valid security descriptor
        srvsvc.ShareInfo502 info502 = new srvsvc.ShareInfo502();
        // Create a minimal valid security descriptor binary
        // Format: revision(1) + sbz1(1) + control(2) + ownerOffset(4) + groupOffset(4) + saclOffset(4) + daclOffset(4) = 20 bytes minimum

    /**
     * Constructs a new PacSidAttributes instance.
     *
     * @param id the Security Identifier
     * @param attributes the attribute flags associated with the SID
     */
    public PacSidAttributes(final SID id, final int attributes) {
        this.id = id;
        this.attributes = attributes;
    }

    /**
     * Gets the Security Identifier.
     *
     * @return the SID associated with this instance
     */

{* ../../docs_src/security/tutorial005_an_py310.py hl[5,9,13,47,65,106,108:116,122:126,130:136,141,157] *}

Now let's review those changes step by step.

## OAuth2 Security scheme { #oauth2-security-scheme }

The first change is that now we are declaring the OAuth2 security scheme with two available scopes, `me` and `items`.

{* ../../docs_src/security/tutorial004_an_py310.py hl[89:106] *}

## Die *Pfadoperation* `/token` aktualisieren

Erstellen Sie ein <abbr title="Zeitdifferenz">`timedelta`</abbr> mit der Ablaufzeit des Tokens.

Erstellen Sie einen echten JWT-Zugriffstoken und geben Sie ihn zurück.

{* ../../docs_src/security/tutorial004_an_py310.py hl[117:132] *}