import java.io.IOException;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.List;
import java.util.Map;

          Security.insertProviderAt(BouncyCastleProvider(), 1)
          Security.insertProviderAt(BouncyCastleJsseProvider(), 2)
        } else if (platformSystemProperty == CORRETTO_PROPERTY) {
          AmazonCorrettoCryptoProvider.install()

          AmazonCorrettoCryptoProvider.INSTANCE.assertHealthy()
        }

        Platform.resetForTests()

 * the License.
 */
package okhttp3

import java.security.Principal
import java.security.cert.Certificate
import javax.net.ssl.SSLPeerUnverifiedException
import javax.net.ssl.SSLSession
import javax.net.ssl.SSLSessionContext
import javax.security.cert.X509Certificate

class FakeSSLSession(
  vararg val certificates: Certificate,
) : SSLSession {

///

/// info

In this example we use invented custom headers `X-Key` and `X-Token`.

But in real cases, when implementing security, you would get more benefits from using the integrated [Security utilities (the next chapter)](../security/index.md){.internal-link target=_blank}.

///

## Dependencies errors and return values { #dependencies-errors-and-return-values }

 */
package jcifs.pac.kerberos;

import java.security.Key;
import java.util.ArrayList;
import java.util.List;
import java.util.Set;

import javax.security.auth.Subject;
import javax.security.auth.kerberos.KerberosKey;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;

/**

## About security, APIs, and docs { #about-security-apis-and-docs }

Hiding your documentation user interfaces in production *shouldn't* be the way to protect your API.

That doesn't add any extra security to your API, the *path operations* will still be available where they are.

If there's a security flaw in your code, it will still exist.

/// tip | Dica

As próximas seções **não são necessariamente "avançadas"**.

E é possível que para o seu caso de uso, a solução está em uma delas.

///

## Leia o Tutorial primeiro

As próximas seções pressupõem que você já leu o principal [Tutorial - Guia de Usuário: Segurança](../../tutorial/security/index.md){.internal-link target=_blank}.

    public static final int DELETE = 0x00010000; // 16
    /** Permission to read the security descriptor */
    public static final int READ_CONTROL = 0x00020000; // 17
    /** Permission to write the discretionary access control list */
    public static final int WRITE_DAC = 0x00040000; // 18
    /** Permission to change the owner in the security descriptor */
    public static final int WRITE_OWNER = 0x00080000; // 19

### Security and authentication { #security-and-authentication }

Security and authentication integrated. Without any compromise with databases or data models.

All the security schemes defined in OpenAPI, including:

* HTTP Basic.
* **OAuth2** (also with **JWT tokens**). Check the tutorial on [OAuth2 with JWT](tutorial/security/oauth2-jwt.md){.internal-link target=_blank}.
* API keys in:

* Import `HTTPBasic` and `HTTPBasicCredentials`.
* Create a "`security` scheme" using `HTTPBasic`.
* Use that `security` with a dependency in your *path operation*.
* It returns an object of type `HTTPBasicCredentials`:
    * It contains the `username` and `password` sent.

{* ../../docs_src/security/tutorial006_an_py39.py hl[4,8,12] *}