*
 * Certificates are signed by other certificates and a sequence of them is called a certificate
 * chain. The chain terminates in a self-signed "root" certificate. Signing certificates in the
 * middle of the chain are called "intermediates". Organizations that offer certificate signing are
 * called certificate authorities (CAs).
 *
 * Browsers and other HTTP clients need a set of trusted root certificates to authenticate their

    /**
    * Indicates datagram authentication.
    */
    int NTLMSSP_NEGOTIATE_DATAGRAM_STYLE = 0x00000040;

    /**
    * Indicates that the LAN Manager session key should be used for
    * signing and sealing authenticated communication.
    */
    int NTLMSSP_NEGOTIATE_LM_KEY = 0x00000080;

    /**
     * Indicates support for NetWare authentication.
     */
    int NTLMSSP_NEGOTIATE_NETWARE = 0x00000100;

            verify(transportPool).getSmbTransport(context, TEST_HOST, DEFAULT_PORT, true, false);
        }

        @Test
        @DisplayName("Should get transport by name with forced signing")
        void testGetSmbTransportByNameForceSigning() throws UnknownHostException, IOException {
            // Given

            if (LogStream.level >= 3) {
                SmbTransport.log.println("""
                        Default credentials (jcifs.smb1.smb1.client.username/password)\
                         not specified. SMB signing may not work propertly.\
                          Skipping DC interrogation.""");
            }
        } else {
            final SmbSession ssn = trans.getSmbSession(NtlmPasswordAuthentication.DEFAULT);

    private Smb3KeyDerivation() {
    }

    /**
     * Derives the SMB3 signing key from the session key using the appropriate KDF for the dialect.
     *
     * @param dialect the SMB dialect version
     * @param sessionKey the base session key
     * @param preauthIntegrity the pre-authentication integrity hash (for SMB 3.1.1) or null
     * @return derived signing key
     */

    }

    @Test
    @DisplayName("Should fail validation when signing enforced but not enabled")
    void testIsValidSigningEnforcedButNotEnabled() throws Exception {
        // Given
        setResponseAsReceived(response);
        when(mockRequest.isSigningEnforced()).thenReturn(true);
        setPrivateField(response, "securityMode", 0); // No signing

        // When

     * @param targetDomain the target domain for authentication
     * @param host the target host
     * @param initialToken initial authentication token, if any
     * @param doSigning whether message signing should be enabled
     * @return a new SSP authentication context
     * @throws SmbException if context creation fails
     */

                 * junk. We need to bump up the wordCount here so that this method returns
                 * the correct number of bytes for signing purposes. Otherwise we get a
                 * signing verification failure.
                 */
                if (command == SMB_COM_NT_CREATE_ANDX && ((SmbComNTCreateAndXResponse) this).isExtended) {
                    wordCount += 8;

		return auth.Credentials{}, s3Err
	}

	r := &http.Request{Header: formValues}
	cred, _, s3Err := checkKeyValid(r, credHeader.accessKey)
	if s3Err != ErrNone {
		return cred, s3Err
	}

	// Get signing key.
	signingKey := getSigningKey(cred.SecretKey, credHeader.scope.date, credHeader.scope.region, serviceS3)

	// Get signature.
	newSignature := getSignature(signingKey, formValues.Get("Policy"))

# Signing key for Gradle artifacts

Below is the public PGP key used to sign all Gradle artifacts.

The key ID is `E2F38302C8075E3D` and its fingerprint is `1BD97A6A154E7810EE0BC832E2F38302C8075E3D`.
You can also find the key in the [Gradle website](https://gradle.org/keys/) and on [public key servers](https://keys.openpgp.org/search?q=maven-publishing%40gradle.com).

## Verification instructions

### Importing the key