* limitations under the License.
 */
@file:Suppress("INVISIBLE_MEMBER", "INVISIBLE_REFERENCE")

package okhttp3.tls

import java.security.KeyStoreException
import java.security.SecureRandom
import java.security.cert.X509Certificate
import java.util.Collections
import javax.net.ssl.HostnameVerifier
import javax.net.ssl.KeyManager
import javax.net.ssl.SSLContext

    // Not supported due to access checks on JDK 9+:
    // java.lang.reflect.InaccessibleObjectException: Unable to make member of class
    // sun.security.ssl.SSLSocketFactoryImpl accessible:  module java.base does not export
    // sun.security.ssl to unnamed module @xxx
    throw UnsupportedOperationException(
      "clientBuilder.sslSocketFactory(SSLSocketFactory) not supported on JDK 8 (>= 252) or JDK 9+",
    )
  }

from fastapi.testclient import TestClient

from docs_src.security.tutorial001 import app

client = TestClient(app)


def test_no_token():
    response = client.get("/items")
    assert response.status_code == 401, response.text
    assert response.json() == {"detail": "Not authenticated"}
    assert response.headers["WWW-Authenticate"] == "Bearer"


def test_token():

 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package okhttp3.tls.internal

import java.io.InputStream
import java.security.KeyStore
import java.security.cert.Certificate
import java.security.cert.X509Certificate
import javax.net.ssl.KeyManagerFactory
import javax.net.ssl.TrustManagerFactory
import javax.net.ssl.X509ExtendedTrustManager
import javax.net.ssl.X509KeyManager

  # SECURITY OPTIONS

  # Retrieve syncz debug information directly from the control plane, using token security
  # (This is the usual way to get the debug information with an out-of-cluster control plane.)
  istioctl x internal-debug syncz --xds-address istio.cloudprovider.example.com:15012

  # Retrieve syncz debug information via Kubernetes config, using token security

from dirty_equals import IsDict
from fastapi import Depends, FastAPI, Security
from fastapi.security import OAuth2, OAuth2PasswordRequestFormStrict
from fastapi.testclient import TestClient
from pydantic import BaseModel

app = FastAPI()

reusable_oauth2 = OAuth2(
    flows={
        "password": {
            "tokenUrl": "token",
            "scopes": {"read:users": "Read the users", "write:users": "Create users"},
        }
    }
)

	public final fun check (Ljava/lang/String;[Ljava/security/cert/Certificate;)V
	public fun equals (Ljava/lang/Object;)Z
	public final fun findMatchingPins (Ljava/lang/String;)Ljava/util/List;
	public final fun getPins ()Ljava/util/Set;
	public fun hashCode ()I
	public static final fun pin (Ljava/security/cert/Certificate;)Ljava/lang/String;
	public static final fun sha1Hash (Ljava/security/cert/X509Certificate;)Lokio/ByteString;

 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package okhttp3.survey

import java.security.Security
import okhttp3.Cache
import okhttp3.OkHttpClient
import okhttp3.survey.ssllabs.SslLabsClient
import okhttp3.survey.types.Client
import okhttp3.survey.types.SuiteId
import okio.FileSystem

# 高级安全

## 附加特性

除 [教程 - 用户指南: 安全性](../../tutorial/security/index.md){.internal-link target=_blank} 中涵盖的功能之外，还有一些额外的功能来处理安全性.

/// tip | "小贴士"

接下来的章节 **并不一定是 "高级的"**.

而且对于你的使用场景来说，解决方案很可能就在其中。

///

## 先阅读教程

接下来的部分假设你已经阅读了主要的 [教程 - 用户指南: 安全性](../../tutorial/security/index.md){.internal-link target=_blank}.

from fastapi.testclient import TestClient

from docs_src.security.tutorial001_an import app

client = TestClient(app)


def test_no_token():
    response = client.get("/items")
    assert response.status_code == 401, response.text
    assert response.json() == {"detail": "Not authenticated"}
    assert response.headers["WWW-Authenticate"] == "Bearer"


def test_token():