.header("Host", "square.com")
        .header("TE", "gzip")
        .build()
    val expected =
      headerEntries(
        ":method",
        "GET",
        ":path",
        "/",
        ":authority",
        "square.com",
        ":scheme",
        "http",
      )
    assertThat(http2HeadersList(request)).isEqualTo(expected)
  }

  @Test fun http2HeadersListDontDropTeIfTrailersHttp2() {

      "License" shall mean the terms and conditions for use, reproduction,
      and distribution as defined by Sections 1 through 9 of this document.

      "Licensor" shall mean the copyright owner or entity authorized by
      the copyright owner that is granting the License.

      "Legal Entity" shall mean the union of the acting entity and all
      other entities that control, are controlled by, or are under common

        public byte revision;
        /** The number of sub-authorities in the SID */
        public byte sub_authority_count;
        /** The identifier authority value (6 bytes) */
        public byte[] identifier_authority;
        /** The array of sub-authority values */
        public int[] sub_authority;

        @Override
        public void encode(NdrBuffer _dst) throws NdrException {
            _dst.align(4);

specified on CreateVolume/DeleteVolume, ControllerPublishVolume/ControllerUnpublishVolume, and NodePublishVolume/NodeUnpublishVolume operations. Before this change all API calls had to fetch key/value stored in secret and use it to authenticate/authorize these operations. With this change API calls receive key/value as a input parameter so they not need to know where and how credentials were stored and fetched. Main goal was to make these API calls CO (Container Orchestrator) agnostic.  ([#60118...

 */

package jcifs.dcerpc.msrpc;

import java.io.IOException;

import jcifs.dcerpc.DcerpcHandle;
import jcifs.dcerpc.rpc;
import jcifs.smb.SmbException;

/**
 * LSA policy handle for Local Security Authority operations.
 */
public class LsaPolicyHandle extends rpc.policy_handle implements AutoCloseable {

    private final DcerpcHandle handle;
    private boolean opened;

    /**

    0MC2Hb46TpSi125sC8KKfPog88Tk5c0NqMuRkrF8hey1FGlmDoLnzc7ILaZRfyHB
    NVOFBkpdn627G190
    -----END CERTIFICATE-----
    """.trimIndent().decodeCertificatePem()

  // CN=Entrust Root Certification Authority, OU="(c) 2006 Entrust, Inc.", OU=www.entrust.net/CPS is incorporated by reference, O="Entrust, Inc.", C=US
  val entrustRootCertificateAuthority =
    """
    -----BEGIN CERTIFICATE-----

                .stream()
                .collect(Collectors.joining(" "));
    }

    /**
     * Determines whether the current request is authorized to access the API endpoint.
     * This default implementation returns false, requiring subclasses to override
     * and implement proper access control logic.
     *

    version = "HTTP/2",
  )

private fun requestUrl(
  socket: MockWebServerSocket,
  requestLine: RequestLine,
  headers: Headers,
): HttpUrl {
  val hostAndPort =
    headers[":authority"]
      ?: headers["Host"]
      ?: when (val inetAddress = socket.localAddress) {
        is Inet6Address -> "[${inetAddress.hostAddress}]:${socket.localPort}"

      "License" shall mean the terms and conditions for use, reproduction,
      and distribution as defined by Sections 1 through 9 of this document.

      "Licensor" shall mean the copyright owner or entity authorized by
      the copyright owner that is granting the License.

      "Legal Entity" shall mean the union of the acting entity and all
      other entities that control, are controlled by, or are under common

certificate authorities of the host platform. This strategy maximizes connectivity, but it is subject to certificate authority attacks such as the [2011 DigiNotar attack](https://www.computerworld.com/article/2510951/cybercrime-hacking/hackers-spied-on-300-000-iranians-using-fake-google-certificate.html). It also assumes your HTTPS servers’ certificates are signed by a certificate authority.

Use [CertificatePinner](https://square.github.io/okhttp/4.x/okhttp/okhttp3/-certificate-pinner/) to restrict...