import java.io.File;
import java.io.IOException;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.Socket;
import javax.net.SocketFactory;
import jnr.unixsocket.UnixSocketChannel;

/** Impersonate TCP-style SocketFactory over UNIX domain sockets. */
public final class UnixDomainSocketFactory extends SocketFactory {
  private final File path;

  public UnixDomainSocketFactory(File path) {
    this.path = path;
  }

     * <p>
     * Allowing communication with untrusted servers keeps data encrypted during transmission,
     * but makes it easier for a man-in-the-middle to impersonate the intended server and capture data.
     * <p>
     * This value has no effect if a server is specified using the HTTP protocol (i.e. has SSL disabled).
     *
     * @since 4.2
     */

					"foo.com": {
						Token:                "foo",
						Impersonate:          "user-a",
						ImpersonateUID:       "user-a-uid-1111",
						ImpersonateGroups:    []string{"user-a-group1", "user-a-group2"},
						ImpersonateUserExtra: map[string][]string{"foo": {"bar", "baz", "etc"}},
					},
				},
			},
			expected: rest.Config{
				BearerToken: "foo",
				Impersonate: rest.ImpersonationConfig{
					UserName: "user-a",

     * Gradle intentionally does not offer a global system/gradle property that allows a universal disable of this check.
     * <p>
     * <b>Allowing communication over insecure protocols allows for a man-in-the-middle to impersonate the intended server,
     * and gives an attacker the ability to
     * <a href="https://max.computer/blog/how-to-take-over-the-computer-of-any-java-or-clojure-or-scala-developer/">serve malicious executable code onto the system.</a>

import java.nio.channels.ClosedChannelException;
import javax.net.ServerSocketFactory;
import jnr.unixsocket.UnixServerSocketChannel;
import jnr.unixsocket.UnixSocketAddress;
import jnr.unixsocket.UnixSocketChannel;

/** Impersonate TCP-style ServerSocketFactory over UNIX domain sockets. */
public final class UnixDomainServerSocketFactory extends ServerSocketFactory {
  private final File path;

  public UnixDomainServerSocketFactory(File path) {

			impersonatePod:      podOtherNode,
			callerClusterID:     cluster.ID("fake"),
			trustedNodeAccounts: allowZtunnel,
			code:                codes.Unauthenticated,
		},
		{
			name: "Successful signing with impersonate identity",
			authenticators: []security.Authenticator{&mockAuthenticator{
				identities:     []string{"test-identity"},
				kubernetesInfo: ztunnelCaller,
			}},
			ca: &mockca.FakeCA{

			return nil, status.Error(codes.Unauthenticated, "request impersonation authentication failure")
		}
		// Node is authorized to impersonate; overwrite the SAN to the impersonated identity.
		sans = []string{impersonatedIdentity}
	}
	serverCaLog.Debugf("generating a certificate, sans: %v, requested ttl: %s", sans, time.Duration(request.ValidityDuration*int64(time.Second)))

			// since it is normally only used for building the toolchain in the first
			// place. However, 'go tool dist list' is useful for listing all supported
			// platforms.
			//
			// If the dist tool does not exist, impersonate this command.
			if impersonateDistList(args[2:]) {
				// If it becomes necessary, we could increment an additional counter to indicate
				// that we're impersonating dist list if knowing that becomes important?

		requestedIdentityString string
		trustedAccounts         map[types.NamespacedName]struct{}
		wantErr                 string
	}{
		{
			name:    "empty allowed identities",
			wantErr: "not allowed to impersonate",
		},
		{
			name:                    "allowed identities, but not on node",
			caller:                  ztunnelCaller,
			trustedAccounts:         allowZtunnel,
			requestedIdentityString: podSameNode.Identity(),

			log.Warnf("skipping workload entry %s/%s; DNS Address resolution is not yet implemented", wle.Namespace, wle.Name)
		}

		w.WorkloadName, w.WorkloadType = wle.Name, workloadapi.WorkloadType_POD // XXX(shashankram): HACK to impersonate pod
		w.CanonicalName, w.CanonicalRevision = kubelabels.CanonicalService(wle.Labels, w.WorkloadName)

		setTunnelProtocol(wle.Labels, wle.Annotations, w)