* https://tersesystems.com/blog/2018/09/08/keymanagers-and-keystores/
 *
 * Install OpenSC separately. On a mac `brew cast install opensc`.
 */
@SuppressSignatureCheck
class YubikeyClientAuth {
  fun run() {
    // The typical PKCS11 slot, may vary with different hardware.
    val slot = 0

    val config = "--name=OpenSC\nlibrary=/Library/OpenSC/lib/opensc-pkcs11.so\nslot=$slot\n"

    // May fail with ProviderException with root cause like

            final MsrpcSamrConnect2 rpc2 = new MsrpcSamrConnect2(server, access, this);
            handle.sendrecv(rpc2);
        }
        this.opened = true;
    }

    @Override
    public synchronized void close() throws IOException {
        if (this.opened) {
            this.opened = false;
            final samr.SamrCloseHandle rpc = new MsrpcSamrCloseHandle(this);
            this.handle.sendrecv(rpc);

		if err != nil {
			rsc.Close()
			return err
		}

		s3Select.recordReader, err = csv.NewReader(s3Select.progressReader, &s3Select.Input.CSVArgs)
		if err != nil {
			// Close all reader resources opened so far.
			s3Select.progressReader.Close()

			var stErr bzip2.StructuralError
			if errors.As(err, &stErr) {
				return errInvalidCompression(err, s3Select.Input.CompressionType)
			}

     */
    public Handler() {
        // Default constructor
    }

    /**
     * Opens a connection to the storage URL.
     *
     * @param u The URL to open a connection to
     * @return A new StorageURLConnection instance
     * @throws IOException If the connection cannot be opened
     */
    @Override
    protected URLConnection openConnection(final URL u) throws IOException {

	flag.StringVar(&configEndpoint, "config-ep",
		"http://localhost:8080/auth/realms/minio/.well-known/openid-configuration",
		"OpenID discovery document endpoint")
	flag.StringVar(&clientID, "cid", "", "Client ID")
	flag.StringVar(&clientSec, "csec", "", "Client Secret")
	flag.StringVar(&clientScopes, "cscopes", "openid", "Client Scopes")
	flag.IntVar(&port, "port", 8080, "Port")
}

### 5. Setup MinIO with OpenID configuration URL

MinIO server expects environment variable for OpenID configuration url as `MINIO_IDENTITY_OPENID_CONFIG_URL`, this environment variable takes a single entry.

```
export MINIO_IDENTITY_OPENID_CONFIG_URL=https://localhost:9443/oauth2/oidcdiscovery/.well-known/openid-configuration

///

## OpenID Connect

OpenID Connectは、**OAuth2**をベースにした別の仕様です。

これはOAuth2を拡張したもので、OAuth2ではやや曖昧だった部分を明確にし、より相互運用性を高めようとしたものです。

例として、GoogleのログインはOpenID Connectを使用しています（これはOAuth2がベースになっています）。

しかし、FacebookのログインはOpenID Connectをサポートしていません。OAuth2を独自にアレンジしています。

### OpenID (「OpenID Connect」ではない)

また、「OpenID」という仕様もありました。それは、**OpenID Connect**と同じことを解決しようとしたものですが、OAuth2に基づいているわけではありませんでした。

from flask import Flask, request

boto3.set_stream_logger('boto3.resources', logging.DEBUG)

authorize_url = "http://localhost:8080/auth/realms/minio/protocol/openid-connect/auth"
token_url = "http://localhost:8080/auth/realms/minio/protocol/openid-connect/token"

# callback url specified when the application was defined
callback_uri = "http://localhost:8000/oauth2/callback"

# keycloak id and secret
client_id = 'account'

		chmod +x kes
fi

if ! openssl version &>/dev/null; then
	apt install openssl || sudo apt install opensssl
fi

# Start KES Server
(./kes server --dev 2>&1 >kes-server.log) &
kes_pid=$!
sleep 5s
API_KEY=$(grep "API Key" <kes-server.log | awk -F" " '{print $3}')
(openssl s_client -connect 127.0.0.1:7373 2>/dev/null 1>public.crt)

export CI=true

public interface SmbPipeResource extends SmbResource {

    /**
     * The pipe should be opened read-only.
     */

    int PIPE_TYPE_RDONLY = SmbConstants.O_RDONLY;

    /**
     * The pipe should be opened only for writing.
     */

    int PIPE_TYPE_WRONLY = SmbConstants.O_WRONLY;

    /**
     * The pipe should be opened for both reading and writing.
     */

    int PIPE_TYPE_RDWR = SmbConstants.O_RDWR;