.isNotEqualTo(thread3.getName().substring(0, thread.getName().lastIndexOf('-')));
  }

  private static void checkThreadPoolName(Thread thread, int threadId) {
    assertThat(thread.getName()).matches("^pool-\\d+-thread-" + threadId + "$");
  }

  public void testNameFormatWithPercentS_custom() {
    String format = "super-duper-thread-%s";
    ThreadFactory factory = builder.setNameFormat(format).build();

        verifyNoInteractions(mocked);
    }

    // Reflection-based check: ensure serialVersionUID remains the declared constant
    @Test
    @DisplayName("serialVersionUID matches declared constant")
    void serialVersionUID_hasExpectedValue() throws Exception {
        // Arrange
        Field f = SMBSignatureValidationException.class.getDeclaredField("serialVersionUID");
        f.setAccessible(true);

        });

        // Test witness address validation
        assertNotNull(mockWitnessAddress);
        assertTrue(mockWitnessAddress.getHostAddress().matches("\\d+\\.\\d+\\.\\d+\\.\\d+"));

        // Test service endpoint formatting
        String serviceEndpoint = "ncacn_ip_tcp:" + mockWitnessAddress.getHostAddress() + "[135]";
        assertNotNull(serviceEndpoint);

   * @since 14.0
   */
  @GwtIncompatible // regular expressions
  public static @Nullable Float tryParse(String string) {
    if (Doubles.FLOATING_POINT_PATTERN.matcher(string).matches()) {
      // TODO(lowasser): could be potentially optimized, but only with
      // extensive testing
      try {
        return Float.parseFloat(string);
      } catch (NumberFormatException e) {

        .map { it.subjectDN.name }
        .toSet()

    // It's safe to assume all platforms will have a major Internet certificate issuer.
    assertThat(names).matchesPredicate { strings ->
      strings.any { it.matches(Regex("[A-Z]+=Entrust.*")) }
    }
  }

  private fun startTlsServer(): InetSocketAddress {
    val serverSocketFactory = ServerSocketFactory.getDefault()
    serverSocket = serverSocketFactory.createServerSocket()

 * available online).
 * <p>
 * Direct ACEs are evaluated first in order. The SID of the user performing
 * the operation and the desired access bits are compared to the SID
 * and access mask of each ACE. If the SID matches, the allow/deny flags
 * and access mask are considered. If the ACE is a "deny"
 * ACE and <i>any</i> of the desired access bits match bits in the access
 * mask of the ACE, the whole access check fails. If the ACE is an "allow"

            key = encrypt ? getEncryptionKey() : getDecryptionKey();
            keyCopy = Arrays.copyOf(key, key.length);

            // Validate key length matches expected cipher requirements
            if (keyCopy.length != keyLength) {
                throw new IllegalArgumentException("Key length mismatch: expected " + keyLength + ", got " + keyCopy.length);
            }

                return data; // No sensitive patterns detected, skip regex
            }
        }

        // Mask passwords and secrets using cached pattern
        return PASSWORD_PATTERN.matcher(data).replaceAll("$1$2****");
    }

    private Map<String, Object> maskContext(Map<String, Object> context) {
        if (!maskSensitiveData) {
            return context;
        }

            if (field.getType() == int.class) {
                String name = field.getName();
                // Check that constant names follow UPPER_SNAKE_CASE convention
                assertTrue(name.matches("[A-Z_]+"), "Constant " + name + " should follow UPPER_SNAKE_CASE convention");
                // Check that all constants end with _SECURITY_INFO

            t = (SmbTree) e.nextElement();
            if (t.matches(share, service)) {
                return t;
            }
        }
        t = new SmbTree(this, share, service);
        trees.addElement(t);
        return t;
    }

    boolean matches(final NtlmPasswordAuthentication auth) {
        return this.auth == auth || this.auth.equals(auth);
    }