}

        @ParameterizedTest
        @DisplayName("Should format different oplock levels correctly")
        @CsvSource({ "0, 0", "1, 1", "2, 2", "8, 8", "255, -1" // byte 255 is -1 when printed as signed
        })
        void testToStringWithDifferentOplockLevels(int inputValue, String expectedDisplay) throws Exception {
            byte oplockLevel = (byte) inputValue;

            assertFalse(response.isReceived());
        }
    }

    @Nested
    @DisplayName("Signature Tests")
    class SignatureTests {

        @Test
        @DisplayName("Should detect signed packet")
        void testIsSigned() {
            response.setFlagsForTest(ServerMessageBlock2.SMB2_FLAGS_SIGNED);

            assertTrue(response.isSigned());
        }

        @Test

    ```

    Get these strings with `HeldCertificate.certificatePem()` and `privateKeyPkcs8Pem()`.

 *  Fix: Handshake now returns peer certificates in canonical order: each certificate is signed by
    the certificate that follows and the last certificate is signed by a trusted root.

 *  Fix: Don't lose HTTP/2 flow control bytes when incoming data races with a stream close. If this
    happened enough then eventually the connection would stall.

  }

  fun readLong(): Long {
    if (bytesLeft !in 1..8) throw ProtocolException("unexpected length: $bytesLeft at $this")

    var result = source.readByte().toLong() // No "and 0xff" because this is a signed value!
    while (byteCount < limit) {
      result = result shl 8
      result += source.readByte().toInt() and 0xff
    }
    return result
  }

  fun readBitString(): BitString {

certificate authority attacks such as the [2011 DigiNotar attack](https://www.computerworld.com/article/2510951/cybercrime-hacking/hackers-spied-on-300-000-iranians-using-fake-google-certificate.html). It also assumes your HTTPS servers’ certificates are signed by a certificate authority.

Use [CertificatePinner](https://square.github.io/okhttp/4.x/okhttp/okhttp3/-certificate-pinner/) to restrict which certificates and certificate authorities are trusted. Certificate pinning increases security, but...

	t.objectMaxVersions = cfg.ObjectMaxVersions

	if t.staleUploadsCleanupInterval != cfg.StaleUploadsCleanupInterval {
		t.staleUploadsCleanupInterval = cfg.StaleUploadsCleanupInterval

		// signal that cleanup interval has changed
		select {
		case staleUploadsCleanupIntervalChangedCh <- struct{}{}:
		default: // in case the channel is blocked...
		}
	}
}

func (t *apiConfig) odirectEnabled() bool {

				"X-Amz-Content-Sha256": payloadSHA256,
			},
			region:   "us-west-1",
			expected: ErrUnsignedHeaders,
		},
		// (3) Should fail to extract headers if the host header is not signed.
		{
			queryParams: map[string]string{
				"X-Amz-Algorithm":      signV4Algorithm,
				"X-Amz-Date":           now.Format(iso8601Format),
				"X-Amz-Expires":        "60",

		client := client
		ng.Go(GlobalContext, func() error {
			return client.SignalService(serviceReloadDynamic, subSys, false, nil)
		}, idx, *client.host)
	}
	return ng.Wait()
}

// SignalService - calls signal service RPC call on all peers.
func (sys *NotificationSys) SignalService(sig serviceSignal) []NotificationPeerErr {
	ng := WithNPeers(len(sys.peerClients))
	for idx, client := range sys.peerClients {
		if client == nil {

				t.Errorf("Test %d: Parsed Signature field mismatch: Expected \"%s\", got \"%s\"", i+1, testCase.expectedAuthField.Signature, parsedAuthField.Signature)
			}

			// validating the extracted signed headers.
			if strings.Join(testCase.expectedAuthField.SignedHeaders, ",") != strings.Join(parsedAuthField.SignedHeaders, ",") {

    val now = System.currentTimeMillis()
    val heldCertificate = HeldCertificate.Builder().build()
    val certificate = heldCertificate.certificate
    assertThat(certificate.getSubjectX500Principal().name, "self-signed")
      .isEqualTo(certificate.getIssuerX500Principal().name)
    assertThat(certificate.getIssuerX500Principal().name).matches(Regex("CN=[0-9a-f-]{36}"))
    assertThat(certificate.serialNumber).isEqualTo(BigInteger.ONE)