# 2.0 and the Server Side Public License, v 1; you may not use this file except
# in compliance with, at your election, the Elastic License 2.0 or the Server
# Side Public License, v 1.

# For third-party dependencies, please put signatures in third-party.txt instead of here.

@defaultMessage spawns threads with vague names; use a custom thread factory and name threads so that you can tell (by its name) which executor it is associated with

  // For now, we'll keep the standard ones and allow modules to add more
  androidSignature(library("signature-android-apilevel21")) { artifact { type = "signature" } }
  jvmSignature(library("codehaus-signature-java18")) { artifact { type = "signature" } }

  "lintChecks"(library("androidx-lint-gradle"))
}

configure<com.android.build.api.dsl.Lint> {
  xmlReport = true
  checkDependencies = true
}

        }
        final byte[] signature = digest();
        for (int i = 0; i < 8; i++) {
            if (signature[i] != data[offset + SmbConstants.SIGNATURE_OFFSET + i]) {
                if (log.isDebugEnabled()) {
                    log.debug("signature verification failure"); //$NON-NLS-1$
                    log.debug("Expect: " + Hexdump.toHexString(signature, 0, 8));

```

### Verifying signatures

Once you've downloaded a Gradle JAR file or a distribution and its corresponding signature file (with a `.asc` extension), you can verify its authenticity against the public key.

For example, to verify the signature of `plugin-publish-plugin-2.0.0.jar` and its signature file `plugin-publish-plugin-2.0.0.jar.asc`, use this command:

```bash

Rene Groeschke <******@****.***> 1622539170 +0200

        }

        @Test
        @DisplayName("Should correctly verify signatures - regression test for inverted logic bug")
        void testVerifySignatureLogicRegression() throws Exception {
            // This test ensures the signature verification logic is not inverted
            // Previously there was a bug where verify returned true for invalid signatures

            // Set signed flag

Rene Groeschke <******@****.***> 1622539170 +0200

Rene Groeschke <******@****.***> 1622539170 +0200

          issuerUniqueID = null,
          subjectUniqueID = null,
          extensions = extensions(),
        )

      // Signature.
      val signature =
        Signature.getInstance(tbsCertificate.signatureAlgorithmName).run {
          initSign(issuerKeyPair.private)
          update(CertificateAdapters.tbsCertificate.toDer(tbsCertificate).toByteArray())
          sign().toByteString()

     */
    @Override
    public boolean verifySignature(final byte[] buffer, final int i, final int size) {
        // observed too that signatures on error responses are sometimes wrong??
        // Looks like the failure case also is just reflecting back the signature we sent

        // with SMB3's negotiation validation it's no longer possible to ignore this (on the validation response)