peerRESTUserTemp        = "user-temp"
	peerRESTPolicy          = "policy"
	peerRESTUserOrGroup     = "user-or-group"
	peerRESTUserType        = "user-type"
	peerRESTIsGroup         = "is-group"
	peerRESTSignal          = "signal"
	peerRESTSubSys          = "sub-sys"
	peerRESTProfiler        = "profiler"
	peerRESTSize            = "size"
	peerRESTConcurrent      = "concurrent"
	peerRESTDuration        = "duration"

        }

        final int flags = SMBUtil.readInt4(data, offset + 16);
        if ((flags & ServerMessageBlock2.SMB2_FLAGS_SIGNED) == 0) {
            log.error("The server did not sign a message we expected to be signed");
            return true;
        }

        final byte[] sig = new byte[SIGNATURE_LENGTH];
        System.arraycopy(data, offset + SIGNATURE_OFFSET, sig, 0, SIGNATURE_LENGTH);

		const wantString = testPayload + testPayload
		if resp.OrgString != testPayload+testPayload {
			t.Errorf("want %q, got %q", wantString, resp.OrgString)
		}
		if resp.OrgNum != n+1 {
			t.Errorf("want %d, got %d", n+1, resp.OrgNum)
		}
		handler.PutResponse(resp)
		n++
		return nil
	})
	errFatal(err)
	t.Log("EOF.", payloads, " Roundtrips:", time.Since(start))
}

  "token_type": "Bearer",
  "expires_in": 3600
}
```

### 4. JWT Claims

The id_token received is a signed JSON Web Token (JWT). Use a JWT decoder to decode the id_token to access the payload of the token that includes following JWT claims:

	// Add content length condition, only accept content sizes of a given length.
	contentLengthCondStr := `["content-length-range", 1024, 1048576]`
	// Add the algorithm condition, only accept AWS SignV4 Sha256.
	algorithmConditionStr := `["eq", "$x-amz-algorithm", "AWS4-HMAC-SHA256"]`
	// Add the date condition, only accept the current date.
	dateConditionStr := fmt.Sprintf(`["eq", "$x-amz-date", "%s"]`, t.Format(iso8601DateFormat))

  </parent>
  <artifactId>listenablefuture</artifactId>
  <version>9999.0-empty-to-avoid-conflict-with-guava</version>
  <name>Guava ListenableFuture only</name>
  <description>
    An empty artifact that Guava depends on to signal that it is providing
    ListenableFuture -- but is also available in a second "version" that
    contains com.google.common.util.concurrent.ListenableFuture class, without
    any other Guava classes. The idea is:

`TryRead` and `TryWrite` are still available for non-blocking reads and writes.

To signify the end of the stream, close the ring buffer from the writer side with `rb.CloseWriter()`

Either side can use `rb.CloseWithError(err error)` to signal an error and close the ring buffer. 
Any reads or writes will return the error on next call.

 *
 * <p>Its speed is comparable to CityHash64, and its quality of hashing is at least as good.
 *
 * <p>Note to maintainers: This implementation relies on signed arithmetic being bit-wise equivalent
 * to unsigned arithmetic in all cases except:
 *
 * <ul>
 *   <li>comparisons (signed values can be negative)
 *   <li>division (avoided here)
 *   <li>shifting (right shift must be unsigned)
 * </ul>
 *
 * @author Kyle Maddison

     * environments and only to carry test data.
     *
     * The server’s TLS certificate **does not need to be signed** by a trusted certificate
     * authority. Instead, it will trust any well-formed certificate, even if it is self-signed.
     * This is necessary for testing against localhost or in development environments where a
     * certificate authority is not possible.
     *

        @Test
        @DisplayName("Should handle signed/unsigned integer boundaries")
        void shouldHandleSignedUnsignedBoundaries() {
            // Test that GENERIC_READ is the highest bit (0x80000000)
            assertEquals(0x80000000, ACE.GENERIC_READ, "GENERIC_READ should be 0x80000000");
            assertTrue(ACE.GENERIC_READ < 0, "GENERIC_READ should be negative when treated as signed int");