* @return the server signature
     */
    public PacSignature getServerSignature() {
        return this.serverSignature;
    }

    /**
     * Returns the KDC signature used to validate PAC authenticity.
     * @return the KDC signature
     */
    public PacSignature getKdcSignature() {
        return this.kdcSignature;
    }

      }
    }
    ```

 *  New: `MediaType.parameter()` gets a parameter like `boundary` from a media type like
    `multipart/mixed; boundary="abc"`.

 *  New: `Authenticator.JAVA_NET_AUTHENTICATOR` forwards authentication requests to
    `java.net.Authenticator`. This obsoletes `JavaNetAuthenticator` in the `okhttp-urlconnection`
    module.

 *  New: `CertificatePinner` now offers an API for inspecting the configured pins.

     *
     * This method handles requests for SSO metadata, typically used by SAML or
     * other SSO protocols that require metadata exchange. The actual metadata
     * content is generated by the configured SSO authenticator.
     *
     * @return ActionResponse containing the SSO metadata or error page
     */
    @Execute
    public ActionResponse metadata() {
        final SsoManager ssoManager = ComponentUtil.getSsoManager();

 - Provides a fix to allow a cluster in a private Azure cloud to authenticate to ACR in the same cloud. ([#90425](https://github.com/kubernetes/kubernetes/pull/90425), [@DavidParks8](https://github.com/DavidParks8)) [SIG Cloud Provider]

            return ((DcerpcPipeHandle) this).pipe.getServer();
        }
        return null;
    }

    /**
     * Gets the principal associated with this handle
     * @return the principal or null if not authenticated
     */
    public Principal getPrincipal() {
        if (this instanceof DcerpcPipeHandle) {
            return ((DcerpcPipeHandle) this).pipe.getPrincipal();
        }
        return null;
    }

      ResponseBodyEnd::class,
      ConnectionReleased::class,
      CallEnd::class,
    )
  }

  @Test
  fun sseReauths() {
    client =
      client
        .newBuilder()
        .authenticator { route, response ->
          response.request
            .newBuilder()
            .header("Authorization", "XYZ")
            .build()
        }.build()
    server.enqueue(
      MockResponse(

 *  **HttpResponseCache has been renamed to Cache.** Install it with
    `OkHttpClient.setCache(...)` instead of `OkHttpClient.setResponseCache(...)`.

 *  **OkAuthenticator has been replaced with Authenticator.** This new
    authenticator has access to the full incoming response and can respond with
    whichever followup request is appropriate. The `Challenge` class is now a

}

// Check request auth type verifies the incoming http request
//   - validates the request signature
//   - validates the policy action if anonymous tests bucket policies if any,
//     for authenticated requests validates IAM policies.
//
// returns APIErrorCode if any to be replied to the client.

   *    has since been closed by the server.
   *  * A client timeout (HTTP 408).
   *  * A authorization challenge (HTTP 401 and 407) that is satisfied by the [Authenticator].
   *  * A retryable server failure (HTTP 503 with a `Retry-After: 0` response header).
   *  * A misdirected request (HTTP 421) on a coalesced connection.
   */
  open fun isOneShot(): Boolean = false

  /**

import jcifs.util.Crypto;

/**
 * SMB2/SMB3 message signing digest implementation.
 *
 * This class handles cryptographic signing of SMB2/SMB3 messages to ensure
 * message integrity and authenticity. It supports different signing algorithms
 * used in various SMB2/SMB3 dialect versions.
 *
 * @author mbechler
 */
public class Smb2SigningDigest implements SMBSigningDigest, AutoCloseable {