# Learn more...
        # https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection

    steps:
    - name: Checkout repository
      uses: actions/checkout@v4

    # Initializes the CodeQL tools for scanning.
    - name: Initialize CodeQL
      uses: github/codeql-action/init@v3
      with:
        languages: ${{ matrix.language }}

    private static final String S2C_SIGN_CONSTANT = "session key to server-to-client signing key magic constant";
    private static final String S2C_SEAL_CONSTANT = "session key to server-to-client sealing key magic constant";

    private static final String C2S_SIGN_CONSTANT = "session key to client-to-server signing key magic constant";

          "instrumentation-reporting",
          "model-groovy",
          "plugins-jvm-test-fixtures",
          "plugins-jvm-test-suite",
          "reporting",
          "resources-s3",
          "signing",
          "testing-base"
        ],
        "parallelizationMethod": {
          "name": "TestDistribution"
        }
      },
      {
        "subprojects": [
          "antlr",

 * certificate.
 *
 * Use of the chain cleaner is necessary to omit unexpected certificates that aren't relevant to
 * the TLS handshake and to extract the trusted CA certificate for the benefit of certificate
 * pinning.
 */
abstract class CertificateChainCleaner {
  @Throws(SSLPeerUnverifiedException::class)
  abstract fun clean(
    chain: List<Certificate>,
    hostname: String,
  ): List<Certificate>

  companion object {

tasks.withType<Sign>().configureEach { isEnabled = signArtifacts }

signing {
    useInMemoryPgpKeys(
        project.providers.environmentVariable("PGP_SIGNING_KEY").orNull,
        project.providers.environmentVariable("PGP_SIGNING_KEY_PASSPHRASE").orNull
    )
    publishing.publications.configureEach {
        if (signArtifacts) {
            signing.sign(this)
        }
    }
}

fun configureJavadocVariant() {

    // If the problem was a CertificateException from the X509TrustManager, do not retry.
    e is SSLHandshakeException && e.cause is CertificateException -> false

    // e.g. a certificate pinning error.
    e is SSLPeerUnverifiedException -> false

    // Retry for all other SSL failures.
    e is SSLException -> true

    else -> false

 *
 * @author mbechler
 */
public interface SmbResourceLocatorInternal extends SmbResourceLocator {

    /**
     * Determines whether SMB signing should be enforced for connections to this resource.
     *
     * @return whether to enforce the use of signing on connection to this resource
     */
    boolean shouldForceSigning();

    /**

 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

allprojects {
    tasks.withType(JavaCompile).configureEach {
        outputs.doNotCacheIf("CodeQL scanning", { true })
    }

        // only A, C, and E are whitelisted duplicates will occur. When scanning projects A, C, and E, those will be
        // added to 'filtered' as they are whitelisted. When scanning B and D, they are not whitelisted, and since
        // transitive is false, their downstream dependencies will be added to 'filtered'. E is a downstream dependency
        // of A, B, C, and D, so when scanning B and D, E will be added again 'filtered'.
        //

    }

    @Test
    @DisplayName("Test constructor with MAC signing key and bypass flag")
    void testConstructorWithBypass() {
        SMB1SigningDigest digest = new SMB1SigningDigest(testMacSigningKey, true);
        assertNotNull(digest);
        assertTrue(digest.toString().contains("MacSigningKey="));
    }

    @Test
    @DisplayName("Test constructor with MAC signing key, bypass flag and initial sequence")