import java.util.Map;

import javax.security.auth.kerberos.KerberosKey;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import jcifs.util.Hexdump;

/**
 * Privilege Attribute Certificate (PAC) decoder for Kerberos tickets.
 * Parses and validates PAC data structures containing user authorization information
 * from Active Directory Kerberos tickets.
 */
public class Pac {

* [Write good commit messages.](https://cbea.ms/git-commit/#seven-rules)
* [Sign off your commits](https://git-scm.com/docs/git-commit#Documentation/git-commit.txt---signoff) to indicate that you agree to the terms of [Developer Certificate of Origin](https://developercertificate.org/). We can only accept PRs that have all commits signed off.
* Keep commits discrete. Avoid including multiple unrelated changes in a single commit.

 * **Handshake**: cipherSuite, localCertificates, localPrincipal, peerCertificates, peerPrincipal,
   tlsVersion
 * **HandshakeCertificates**: keyManager, trustManager
 * **Headers**: size
 * **HeldCertificate**: certificate, keyPair
 * **HttpLoggingInterceptor**: level
 * **HttpUrl**: encodedFragment, encodedPassword, encodedPath, encodedPathSegments, encodedQuery,
   encodedUsername, fragment, host, password, pathSegments, pathSize, port, query,

		return val
	}

	ldapServer := getCfgVal(ServerAddr)
	if ldapServer == "" {
		return l, nil
	}

	// Set ServerName in TLS config for proper certificate validation
	host, _, err := net.SplitHostPort(ldapServer)
	if err != nil {
		host = ldapServer
	}

	l.LDAP = ldap.Config{
		ServerAddr:    ldapServer,
		SRVRecordName: getCfgVal(SRVRecordName),

如果你很赶时间或不在乎，请继续阅读后续章节，它们会提供逐步的教程，告诉你怎么使用不同技术把一切都配置好。

///

要从用户的视角**了解 HTTPS 的基础知识**，请查看 [https://howhttps.works/](https://howhttps.works/)。

现在，从**开发人员的视角**，在了解 HTTPS 时需要记住以下几点：

* 要使用 HTTPS，**服务器**需要拥有由**第三方**生成的**"证书(certificate)"**。
    * 这些证书实际上是从第三方**获取**的，而不是“生成”的。
* 证书有**生命周期**。
    * 它们会**过期**。
    * 然后它们需要**更新**，**再次从第三方获取**。
* 连接的加密发生在 **TCP 层**。
    * 这是 HTTP 协议**下面的一层**。
    * 因此，**证书和加密**处理是在 **HTTP之前**完成的。

import java.io.IOException
import java.net.InetAddress
import java.net.UnknownHostException
import java.security.KeyStore
import java.security.SecureRandom
import java.security.Security
import java.security.cert.Certificate
import java.security.cert.CertificateException
import java.security.cert.X509Certificate
import java.util.concurrent.atomic.AtomicInteger
import java.util.logging.Handler
import java.util.logging.Level

    public void setDnsResolver(final DnsResolver dnsResolver) {
        this.dnsResolver = dnsResolver;
    }

    /**
     * Sets whether to ignore SSL certificate validation.
     *
     * @param ignoreSslCertificate True to ignore SSL certificate validation, false otherwise
     */
    public void setIgnoreSslCertificate(final boolean ignoreSslCertificate) {
        this.ignoreSslCertificate = ignoreSslCertificate;

        .addSubjectAlternativeName(server.hostName)
        .build()
    val serverHandshakeCertificates =
      HandshakeCertificates
        .Builder()
        .addTrustedCertificate(clientCa.certificate)
        .heldCertificate(serverCertificate)
        .build()
    server.useHttps(serverHandshakeCertificates.sslSocketFactory())
    server.enqueue(
      MockResponse
        .Builder()
        .body("abc")

            .rsa2048()
            .build()
        return@lazy HandshakeCertificates
          .Builder()
          .heldCertificate(heldCertificate)
          .addTrustedCertificate(heldCertificate.certificate)
          .build()
      }

      init {
        val platformSystemProperty = getPlatformSystemProperty()

        if (platformSystemProperty == JDK9_PROPERTY) {

first connect fails. This is necessary for IPv4+IPv6 and services hosted in redundant data
centers. OkHttp supports modern TLS features (TLS 1.3, ALPN, certificate pinning). It can be
configured to fall back for broad connectivity.

Using OkHttp is easy. Its request/response API is designed with fluent builders and immutability. It