)
from jwt.exceptions import InvalidTokenError
from passlib.context import CryptContext
from pydantic import BaseModel, ValidationError
from typing_extensions import Annotated

# to get a string like this run:
# openssl rand -hex 32
SECRET_KEY = "09d25e094faa6ca2556c818166b7a9563b93f7099f6f0f4caa6cf63b88e8d3e7"
ALGORITHM = "HS256"
ACCESS_TOKEN_EXPIRE_MINUTES = 30


fake_users_db = {
    "johndoe": {
        "username": "johndoe",

  - AFL-2.1
  - AFL-3.0
  - Artistic-1.0
  - Artistic-2.0
  - Apache-1.1
  - BSD-1-Clause
  - BSD-2-Clause
  - BSD-3-Clause
  - 0BSD
  - FTL
  - LPL-1.02
  - MS-PL
  - MIT
  - NCSA
  - OpenSSL
  - PHP-3.0
  - TCP-wrappers
  - W3C
  - Xnet
  - Zlib

reciprocal_licenses:
  - CC0-1.0
  - APSL-2.0
  - CDDL-1.0
  - CDDL-1.1
  - CPL-1.0
  - EPL-1.0
  - IPL-1.0
  - MPL-1.0

    SecurityScopes,
)
from jwt.exceptions import InvalidTokenError
from passlib.context import CryptContext
from pydantic import BaseModel, ValidationError

# to get a string like this run:
# openssl rand -hex 32
SECRET_KEY = "09d25e094faa6ca2556c818166b7a9563b93f7099f6f0f4caa6cf63b88e8d3e7"
ALGORITHM = "HS256"
ACCESS_TOKEN_EXPIRE_MINUTES = 30


fake_users_db = {
    "johndoe": {
        "username": "johndoe",

// # ====================================================================
// # Written by Andy Polyakov <appro@openssl.org> for the OpenSSL
// # project. The module is, however, dual licensed under OpenSSL and
// # CRYPTOGAMS licenses depending on where you obtain it. For further
// # details see http://www.openssl.org/~appro/cryptogams/.
// # ====================================================================

WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

// This file was generated using openssl by the gencerts.sh script
// and holds raw certificates for the webhook tests.

package testcerts

// CACert is a test cert for dynamic admission controller.
var CACert = []byte(`-----BEGIN CERTIFICATE-----

      .isEqualTo("CN=cash.app,OU=engineering")
  }

  @Test
  fun decodeRsa512() {
    // The certificate + private key below was generated with OpenSSL. Never generate certificates
    // with MD5 or 512-bit RSA; that's insecure!
    //
    // openssl req \
    //   -x509 \
    //   -md5 \
    //   -nodes \
    //   -days 1 \
    //   -newkey rsa:512 \
    //   -keyout privateKey.key \

// rather than specific structures. Since we only care about x509.Certificates,
// certCache is implemented as a specific cache, rather than a generic one.
//
// See https://boringssl.googlesource.com/boringssl/+/master/include/openssl/pool.h
// and https://boringssl.googlesource.com/boringssl/+/master/crypto/pool/pool.c
// for the BoringSSL reference.
type certCache struct {
	sync.Map
}

var globalCertCache = new(certCache)

  '.dynamicActiveSecrets[0].secret.tlsCertificate.certificateChain.inlineBytes' | base64 --decode > chain.pem
  ```

1. Inspect the certificate content and verify that SPIRE was the issuer:

  ```bash
  $ openssl x509 -in chain.pem -text | grep SPIRE
      Subject: C = US, O = SPIRE, CN = sleep-5d6df95bbf-kt2tt
  ```

## Tear down

1.  Delete all deployments and configurations for the SPIRE Agent, Server, and namespace:

		}
		privKey.PrivateKey = privKey.PrivateKey[1:]
	}

	// Some private keys remove all leading zeros, this is also invalid
	// according to [SEC1] but since OpenSSL used to do this, we ignore
	// this too.
	copy(privateKey[len(privateKey)-len(privKey.PrivateKey):], privKey.PrivateKey)
	priv.X, priv.Y = curve.ScalarBaseMult(privateKey)

	return priv, nil

WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

// This file was generated using openssl by the gencerts.sh script
// and holds raw certificates for the webhook tests.

package testcerts

var CAKey = []byte(`-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEArqnW4K+UsmPzbSB7JYhN0HNsJNItjw/87SJxIjGqUttC+2ts