//                                                                           =========
    /**
     * Validates document fields according to index field requirements.
     *
     * @param doc the document to validate
     * @param throwError consumer to handle validation errors
     */

            throw new SsoLoginException("unexpected set of artifacts received");
        }
    }

    /**
     * Validates the OAuth2 state parameter.
     * @param session The HTTP session containing stored state data.
     * @param state The state parameter to validate.
     * @return The validated state data.
     */
    protected StateData validateState(final HttpSession session, final String state) {

	}
	return &lc, nil
}

// Validate - validates the lifecycle configuration
func (lc Lifecycle) Validate(lr lock.Retention) error {
	// Lifecycle config can't have more than 1000 rules
	if len(lc.Rules) > 1000 {
		return errLifecycleTooManyRules
	}
	// Lifecycle config should have at least one rule
	if len(lc.Rules) == 0 {
		return errLifecycleNoRule
	}

	// Validate all the rules in the lifecycle config

* Validate **complex structures**:
    * Use of hierarchical Pydantic models, Python `typing`’s `List` and `Dict`, etc.
    * And validators allow complex data schemas to be clearly and easily defined, checked and documented as JSON Schema.
    * You can have deeply **nested JSON** objects and have them all validated and annotated.
* **Extensible**:

		}
	}

	for _, tag := range ef.Tags {
		if err := tag.Validate(); err != nil {
			return err
		}
	}

	for _, meta := range ef.Metadata {
		if err := meta.Validate(); err != nil {
			return err
		}
	}
	if err := ef.Purge.Validate(); err != nil {
		return err
	}
	if err := ef.Size.Validate(); err != nil {
		return err
	}

	if err == nil && !isUnderBaseDN {
		// Not under any configured base DN, so treat as not found.
		return nil, nil
	}
	return validDN, err
}

// GetValidatedUserDN validates the given user DN. Will error out if conn is nil. The returned
// boolean is true iff the user DN is found under one of the LDAP user base DNs.

      DIGIT_MATCHER.or(LETTER_MATCHER).or(DASH_MATCHER);

  /**
   * Helper method for {@link #validateSyntax(List)}. Validates that one part of a domain name is
   * valid.
   *
   * @param part The domain name part to be validated
   * @param isFinalPart Is this the final (rightmost) domain part?
   * @return Whether the part is valid
   */

    }

    @Test
    @DisplayName("close calls release and decrements usage; double release throws")
    void closeAndReleaseBehavior() {
        // Validates usage counting and that an extra release() throws RuntimeCIFSException
        // First close -> usage 1 -> 0, triggers treeConnection.release()
        handle.close();
        verify(treeConnection, times(1)).release();

@ExtendWith(MockitoExtension.class)
class CredentialsInternalTest {

    @Mock
    CIFSContext mockContext;

    /**
     * Simple in-test implementation of CredentialsInternal to exercise the API surface.
     * It validates inputs, records calls, and delegates some behavior to collaborators
     * so we can verify interactions.
     */
    static class TestCredentials implements CredentialsInternal {
        private final String domain;

        copyBeanToBean(entity, body, copyOp -> {
            copyOp.excludeNull();
        });
        return body;
    }

    /**
     * Validates if the given web configuration ID exists.
     *
     * @param webconfigId the web configuration ID to validate
     * @return true if the web configuration exists, false otherwise
     */
    protected Boolean isValidWebConfigId(final String webconfigId) {