if payload != req.Header.Get(xhttp.AmzContentSha256) {
		return cred, "", "", time.Time{}, ErrContentSHA256Mismatch
	}

	// Extract all the signed headers along with its values.
	extractedSignedHeaders, errCode := extractSignedHeaders(signV4Values.SignedHeaders, r)
	if errCode != ErrNone {
		return cred, "", "", time.Time{}, errCode
	}

  }

  fun readLong(): Long {
    if (bytesLeft !in 1..8) throw ProtocolException("unexpected length: $bytesLeft at $this")

    var result = source.readByte().toLong() // No "and 0xff" because this is a signed value!
    while (byteCount < limit) {
      result = result shl 8
      result += source.readByte().toInt() and 0xff
    }
    return result
  }

  fun readBitString(): BitString {

certificate authority attacks such as the [2011 DigiNotar attack](https://www.computerworld.com/article/2510951/cybercrime-hacking/hackers-spied-on-300-000-iranians-using-fake-google-certificate.html). It also assumes your HTTPS servers’ certificates are signed by a certificate authority.

Use [CertificatePinner](https://square.github.io/okhttp/4.x/okhttp/okhttp3/-certificate-pinner/) to restrict which certificates and certificate authorities are trusted. Certificate pinning increases security, but...

				"X-Amz-Content-Sha256": payloadSHA256,
			},
			region:   "us-west-1",
			expected: ErrUnsignedHeaders,
		},
		// (3) Should fail to extract headers if the host header is not signed.
		{
			queryParams: map[string]string{
				"X-Amz-Algorithm":      signV4Algorithm,
				"X-Amz-Date":           now.Format(iso8601Format),
				"X-Amz-Expires":        "60",

    }

    @Test
    @DisplayName("Test decode with negative values")
    void testDecodeWithNegativeValues() throws SMBProtocolDecodingException {
        // Prepare test data with negative values (when interpreted as signed)
        byte[] buffer = new byte[16];
        int bufferIndex = 0;

        // Set up negative values
        int namedPipeState = -1;
        int readDataAvailable = -100;
        int numberOfMessages = -200;

        }

        @ParameterizedTest
        @DisplayName("Should format different oplock levels correctly")
        @CsvSource({ "0, 0", "1, 1", "2, 2", "8, 8", "255, -1" // byte 255 is -1 when printed as signed
        })
        void testToStringWithDifferentOplockLevels(int inputValue, String expectedDisplay) throws Exception {
            byte oplockLevel = (byte) inputValue;

            assertFalse(response.isReceived());
        }
    }

    @Nested
    @DisplayName("Signature Tests")
    class SignatureTests {

        @Test
        @DisplayName("Should detect signed packet")
        void testIsSigned() {
            response.setFlagsForTest(ServerMessageBlock2.SMB2_FLAGS_SIGNED);

            assertTrue(response.isSigned());
        }

        @Test

    ```

    Get these strings with `HeldCertificate.certificatePem()` and `privateKeyPkcs8Pem()`.

 *  Fix: Handshake now returns peer certificates in canonical order: each certificate is signed by
    the certificate that follows and the last certificate is signed by a trusted root.

 *  Fix: Don't lose HTTP/2 flow control bytes when incoming data races with a stream close. If this
    happened enough then eventually the connection would stall.

/**
 * Tests for UnsignedLongs
 *
 * @author Brian Milch
 * @author Louis Wasserman
 */
@GwtCompatible
@NullUnmarked
public class UnsignedLongsTest extends TestCase {
  private static final long LEAST = 0L;
  private static final long GREATEST = 0xffffffffffffffffL;

  public void testCompare() {
    // max value
    assertThat(UnsignedLongs.compare(0, 0xffffffffffffffffL)).isLessThan(0);

  }

  private static final class BigIntegerDomain extends DiscreteDomain<BigInteger>
      implements Serializable {
    private static final BigIntegerDomain INSTANCE = new BigIntegerDomain();

    BigIntegerDomain() {
      super(true);
    }

    private static final BigInteger MIN_LONG = BigInteger.valueOf(Long.MIN_VALUE);
    private static final BigInteger MAX_LONG = BigInteger.valueOf(Long.MAX_VALUE);