{
			queryParams: map[string]string{
				"Expires":        "60",
				"Signature":      "badsignature",
				"AWSAccessKeyId": accessKey,
			},
			expected: ErrExpiredPresignRequest,
		},
		// (4) Should error when the signature does not match.
		{
			queryParams: map[string]string{
				"Expires":        fmt.Sprintf("%d", now.Unix()+60),
				"Signature":      "badsignature",
				"AWSAccessKeyId": accessKey,
			},

	if aec != ErrNone {
		return psv, aec
	}

	// Save signature.
	preSignV4Values.Signature, aec = parseSignature("Signature=" + query.Get(xhttp.AmzSignature))
	if aec != ErrNone {
		return psv, aec
	}

	// Return structured form of signature query string.
	return preSignV4Values, ErrNone
}

// Parses signature version '4' header of the following form.
//

	}
	// List of readers used.
	readers := []io.Reader{
		// Test - 1
		bytes.NewReader([]byte("1000;chunk-signature=111123333333333333334444211\r\n")),
		// Test - 2
		bytes.NewReader([]byte("1000;")),
		// Test - 3
		bytes.NewReader(fmt.Appendf(nil, "%4097d", 1)),
		// Test - 4
		bytes.NewReader([]byte("1000;chunk-signature=111123333333333333334444211\r\n")),
	}
	testCases := []testCase{
		// Test - 1 - small bufio reader.
		{

			extractedSignedHeaders[http.CanonicalHeaderKey(header)] = r.TransferEncoding
		case "content-length":
			// Signature-V4 spec excludes Content-Length from signed headers list for signature calculation.
			// But some clients deviate from this rule. Hence we consider Content-Length for signature
			// calculation to be compatible with such clients.
			extractedSignedHeaders.Set(header, strconv.FormatInt(r.ContentLength, 10))

    }

    /**
     * Gets the signature or authentication tag for the encrypted message
     *
     * @return the signature/authentication tag
     */
    public byte[] getSignature() {
        return this.signature;
    }

    /**
     * Sets the signature or authentication tag for the encrypted message
     *
     * @param signature
     *            the signature/authentication tag to set
     */

    }

    /**
     * Returns the server signature used to validate PAC integrity.
     * @return the server signature
     */
    public PacSignature getServerSignature() {
        return this.serverSignature;
    }

    /**
     * Returns the KDC signature used to validate PAC authenticity.
     * @return the KDC signature
     */
    public PacSignature getKdcSignature() {

        }
        final byte[] signature = digest();
        for (int i = 0; i < 8; i++) {
            if (signature[i] != data[offset + SmbConstants.SIGNATURE_OFFSET + i]) {
                if (LogStream.level >= 2) {
                    log.println("signature verification failure");
                    Hexdump.hexdump(log, signature, 0, 8);

    /**
     * Verifies the signature of this response.
     *
     * @param buffer the buffer containing the signature data
     * @param i the starting index in the buffer
     * @param size the size of the signature data
     * @return whether signature verification is successful
     */
    boolean verifySignature(byte[] buffer, int i, int size);

    /**
     * Checks if signature verification failed.
     *

 */
package jcifs.smb;

/**
 * Exception thrown when SMB message signature validation fails.
 * Indicates that the integrity of an SMB message could not be verified.
 *
 * @author mbechler
 *
 */
public class SMBSignatureValidationException extends SmbException {

    /**
     * Default constructor for SMB signature validation exception.
     */
    public SMBSignatureValidationException() {
    }

 */
package jcifs.pac;

import java.io.ByteArrayInputStream;
import java.io.DataInputStream;
import java.io.IOException;

/**
 * Represents a PAC signature structure containing checksum type and data.
 * This class parses and holds signature information from Kerberos PAC data,
 * supporting various checksum algorithms including HMAC-MD5 and HMAC-SHA1 with AES.
 */
public class PacSignature {

    /**