// System.identityHashCode, which means the assignment of keys to segments is nondeterministic,
    // so more than (maximumSize / #segments) keys could get assigned to the same segment, which
    // would cause one to be evicted.
    return new CacheBuilderFactory()
        .withKeyStrengths(ImmutableSet.of(Strength.STRONG, Strength.WEAK))

   * triggering different chains to be discovered by the TLS engine and our chain cleaner. In this
   * attack there's several different chains.
   *
   *
   * The victim's gets a non-CA certificate signed by a CA, and pins the CA root and/or
   * intermediate. This is business as usual.
   *
   * ```
   *   pinnedRoot (trusted by CertificatePinner)
   *     -> pinnedIntermediate (trusted by CertificatePinner)

   * however that is fine since the correctness is based on the atomic state in our base class. The
   * initial write to timer is never definitely visible to Fire.run since it is assigned after
   * SES.schedule is called. Therefore Fire.run has to check for null. However, it should be visible
   * if Fire.run is called by delegate.addListener since addListener is called after the assignment

      // recordSslDebug = true
    }

  // https://tools.ietf.org/html/rfc6066#page-6 specifies a FQDN is required.
  val hostname = "local.host"
  private val handshakeCertificates =
    run {
      // Generate a self-signed cert for the server to serve and the client to trust.
      val heldCertificate =
        HeldCertificate
          .Builder()
          .commonName(hostname)
          .addSubjectAlternativeName(hostname)

            SmbTransport signed = transportPool.getSmbTransport(context, address, DEFAULT_PORT, false, true);

            // Then
            assertEquals(sharedTransport, shared);
            assertEquals(exclusiveTransport, exclusive);
            assertEquals(signedTransport, signed);
            verify(transportPool).getSmbTransport(context, address, DEFAULT_PORT, false);

        bufferIndex += 4;
        this.server.serverTime = SMBUtil.readTime(buffer, bufferIndex);
        bufferIndex += 8;
        int tzOffset = SMBUtil.readInt2(buffer, bufferIndex);
        // tzOffset is signed!
        if (tzOffset > Short.MAX_VALUE) {
            tzOffset = -1 * (65536 - tzOffset);
        }
        this.server.serverTimeZone = tzOffset;
        bufferIndex += 2;

            int bytesRead = response.readBytesWireFormat(buffer, 0);

            assertEquals(16, bytesRead);
            assertEquals(-1, response.getCount()); // -1 as signed int represents max unsigned value
            assertEquals(-2, response.getRemaining());
        }

        private byte[] createValidWriteResponse(int count, int remaining) {
            byte[] buffer = new byte[64];

The following self-signed certificate is issued for `consoleAdmin`. So, MinIO would associate it with the pre-defined `consoleAdmin` policy.

```
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:

     * be output to the latest value referenced by System.out/err variables. By setting this parameter to true,
     * the output stream will be cached, i.e. assigned once at initialization time and re-used independently of
     * the current value referenced by System.out/err.
     *
     * @since 4.0.0
     */
    @Config(type = "java.lang.Boolean", defaultValue = "false")

- Check that `account` client_id has the role 'admin' assigned in the "Service Account Roles" tab.

After that, you will be able to obtain an id_token for the Admin REST API using client_id and client_secret:

```
curl \
  -d "client_id=<YOUR_CLIENT_ID>" \