@SuppressWarnings("unchecked") // reading data stored by writeMultimap
        V value = (V) stream.readObject();
        values.add(value);
      }
    }
  }

  // Secret sauce for setting final fields; don't make it public.
  static <T> FieldSetter<T> getFieldSetter(Class<T> clazz, String fieldName) {
    try {
      Field field = clazz.getDeclaredField(fieldName);

import okhttp3.Request;
import okhttp3.Response;
import okhttp3.mockwebserver.MockResponse;
import okhttp3.mockwebserver.MockWebServer;

/**
 * Create UNIX domain sockets for MockWebServer and OkHttp and connect 'em together. Note that we
 * cannot do TLS over domain sockets.
 */
public class ClientAndServer {
  public void run() throws Exception {
    File socketFile = new File("/tmp/ClientAndServer.sock");

    protected static final String OIC_TOKEN_SERVER_URL = "oic.token.server.url";

    /** Configuration key for OpenID Connect client secret. */
    protected static final String OIC_CLIENT_SECRET = "oic.client.secret";

    /** Session key for OpenID Connect state parameter. */
    protected static final String OIC_STATE = "OIC_STATE";

    /** HTTP transport for OpenID Connect requests. */

  private lateinit var server: MockWebServer
  private lateinit var client: OkHttpClient

  @BeforeEach
  fun setUp() {
    // Sockets on some platforms can have large buffers that mean writes do not block when
    // required. These socket factories explicitly set the buffer sizes on sockets created.
    server = MockWebServer()
    server.serverSocketFactory =
      object : DelegatingServerSocketFactory(getDefault()) {

                case FessConfig.APP_CIPHER_KEY:
                    return "___change__me___";
                case FessConfig.APP_ENCRYPT_PROPERTY_PATTERN:
                    return ".*password|.*key|.*token|.*secret";
                case FessConfig.APP_EXTENSION_NAMES:
                    return "jpg,jpeg,gif,png";

                case FessConfig.JOB_MAX_CRAWLER_PROCESSES:
                    return "3";

        String originalParams = "config.timeout=30\npassword=secret\nclient.host=localhost";

        // First parse
        Map<String, String> parsed = ParameterUtil.parse(originalParams);
        assertEquals(3, parsed.size());
        assertEquals("secret", parsed.get("password"));

        // Then encrypt
        String encrypted = ParameterUtil.encrypt(originalParams);

    private MessageDigest md5;

    private byte[] ipad = new byte[BLOCK_LENGTH];

    private byte[] opad = new byte[BLOCK_LENGTH];

    /**
     * Creates an HMACT64 instance which uses the given secret key material.
     *
     * @param key The key material to use in hashing.
     */
    public HMACT64(final byte[] key) {
        super("HMACT64");
        final int length = Math.min(key.length, BLOCK_LENGTH);

    private final MessageDigest md5;

    private byte[] ipad = new byte[BLOCK_LENGTH];

    private byte[] opad = new byte[BLOCK_LENGTH];

    /**
     * Creates an HMACT64 instance which uses the given secret key material.
     *
     * @param key
     *            The key material to use in hashing.
     */
    public HMACT64(final byte[] key) {
        super("HMACT64");

        @SuppressWarnings("unchecked") // reading data stored by writeMultimap
        V value = (V) stream.readObject();
        values.add(value);
      }
    }
  }

  // Secret sauce for setting final fields; don't make it public.
  static <T> FieldSetter<T> getFieldSetter(Class<T> clazz, String fieldName) {
    try {
      Field field = clazz.getDeclaredField(fieldName);

 *   // If this is preemptive auth, use a preemptive credential.
 *   if (challenge.scheme().equalsIgnoreCase("OkHttp-Preemptive")) {
 *     return response.request().newBuilder()
 *         .header("Proxy-Authorization", "secret")
 *         .build();
 *   }
 * }
 * return null; // Didn't find a preemptive auth scheme.
 * ```
 *
 * ## Reactive Authentication
 *