* See the License for the specific language governing permissions and
 * limitations under the License.
 */
package okhttp3.internal.tls

import java.security.cert.X509Certificate
import javax.security.auth.x500.X500Principal

/** A simple index that of trusted root certificates that have been loaded into memory. */
class BasicTrustRootIndex(
  vararg caCerts: X509Certificate,
) : TrustRootIndex {

import com.google.common.testing.NullPointerTester;
import java.security.Key;
import java.util.Arrays;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import junit.framework.TestCase;
import org.jspecify.annotations.NullUnmarked;
import org.jspecify.annotations.Nullable;
import sun.security.jca.ProviderList;
import sun.security.jca.Providers;

/**
 * Tests for the MacHashFunction.
 *

     * @param securityMode
     *            the security mode flags for the session
     * @param capabilities
     *            the client capabilities
     * @param previousSessionid
     *            the previous session ID for reconnection (or 0 for new session)
     * @param token
     *            the security token for authentication
     */

建立一個權杖有效期的變數。

定義一個用於權杖端點回應的 Pydantic Model。

建立一個工具函式來產生新的 access token。

{* ../../docs_src/security/tutorial004_an_py310.py hl[4,7,13:15,29:31,82:90] *}

## 更新相依項目 { #update-the-dependencies }

更新 `get_current_user`，讓它仍接收相同的權杖，但這次改用 JWT 權杖。

解碼收到的權杖、驗證它，並回傳目前的使用者。

如果權杖無效，立即回傳一個 HTTP 錯誤。

{* ../../docs_src/security/tutorial004_an_py310.py hl[93:110] *}

## 更新 `/token` 路徑操作 { #update-the-token-path-operation }

创建一个变量用于设置令牌的过期时间。

定义一个用于令牌端点响应的 Pydantic 模型。

创建一个生成新访问令牌的工具函数。

{* ../../docs_src/security/tutorial004_an_py310.py hl[4,7,13:15,29:31,82:90] *}

## 更新依赖项 { #update-the-dependencies }

更新 `get_current_user` 以接收与之前相同的令牌，但这次使用的是 JWT 令牌。

解码接收到的令牌，进行校验，并返回当前用户。

如果令牌无效，立即返回一个 HTTP 错误。

{* ../../docs_src/security/tutorial004_an_py310.py hl[93:110] *}

## 更新 `/token` 路径操作 { #update-the-token-path-operation }

        return ("SmbComNegotiateResponse[" + super.toString() + ",wordCount=" + wordCount + ",dialectIndex=" + dialectIndex
                + ",securityMode=0x" + Hexdump.toHexString(server.securityMode, 1) + ",security="
                + (server.security == SECURITY_SHARE ? "share" : "user") + ",encryptedPasswords=" + server.encryptedPasswords

# See the License for the specific language governing permissions and
# limitations under the License.
# ============================================================================

name: Scorecards supply-chain security
on:
  # For Branch-Protection check. Only the default branch is supported. See
  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
  branch_protection_rule:

 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 */
package jcifs.util;

import java.security.GeneralSecurityException;
import java.security.SecureRandom;
import java.security.spec.KeySpec;
import java.util.Arrays;
import java.util.Base64;

import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;

      description: |
        Please provide as much info as possible. Not doing so may result in your bug not being addressed in a timely manner.
        If this matter is security related, please disclose it privately via https://kubernetes.io/security
    validations:
      required: true

  - type: textarea
    id: expected
    attributes:
      label: What did you expect to happen?
    validations:
      required: true

from typing import Annotated

from fastapi import Depends, FastAPI, HTTPException, status
from fastapi.security import OAuth2PasswordBearer, OAuth2PasswordRequestForm
from pydantic import BaseModel

fake_users_db = {
    "johndoe": {
        "username": "johndoe",
        "full_name": "John Doe",
        "email": "******@****.***",
        "hashed_password": "fakehashedsecret",
        "disabled": False,
    },
    "alice": {