return authTypeAnonymous
	}
	return authTypeUnknown
}

func validateAdminSignature(ctx context.Context, r *http.Request, region string) (auth.Credentials, bool, APIErrorCode) {
	var cred auth.Credentials
	var owner bool
	s3Err := ErrAccessDenied
	if _, ok := r.Header[xhttp.AmzContentSha256]; ok &&
		getRequestAuthType(r) == authTypeSigned {

	"bytes"
	"context"
	"io"
	"net/http"
	"net/url"
	"os"
	"testing"
	"time"

	"github.com/minio/minio/internal/auth"
	"github.com/minio/pkg/v3/policy"
)

type nullReader struct{}

func (r *nullReader) Read(b []byte) (int, error) {
	return len(b), nil
}

// Test get request auth type.
func TestGetRequestAuthType(t *testing.T) {
	type testCase struct {
		req   *http.Request
		authT authType
	}

type LDAPIdentityResult struct {
	Credentials auth.Credentials `xml:",omitempty"`
}

// AssumeRoleWithCertificateResponse contains the result of
// a successful AssumeRoleWithCertificate request.
type AssumeRoleWithCertificateResponse struct {
	XMLName xml.Name `xml:"https://sts.amazonaws.com/doc/2011-06-15/ AssumeRoleWithCertificateResponse" json:"-"`
	Result  struct {
		Credentials auth.Credentials `xml:"Credentials,omitempty"`

## API Request Parameters

### WebIdentityToken

The OAuth 2.0 id_token that is provided by the web identity provider. Application must get this token by authenticating the user who is using your application with a web identity provider before the application makes an AssumeRoleWithWebIdentity call.

 * or implied. See the License for the specific language governing permissions and limitations under
 * the License.
 */

package com.google.common.math;

import static com.google.common.truth.Truth.assertThat;
import static com.google.common.truth.Truth.assertWithMessage;
import static java.math.RoundingMode.CEILING;
import static java.math.RoundingMode.DOWN;
import static java.math.RoundingMode.FLOOR;

        Kerb5Authenticator auth = new Kerb5Authenticator(subj, "DOM", "user", "pass");
        auth.setUser("alice");
        auth.setRealm("EXAMPLE.COM");
        auth.setService("cifs");
        auth.setUserLifeTime(123);
        auth.setLifeTime(456);
        auth.setForceFallback(true);

        Kerb5Authenticator cloned = auth.clone();

        assertNotSame(auth, cloned);

import static com.google.common.math.Quantiles.median;
import static com.google.common.math.Quantiles.percentiles;
import static com.google.common.math.Quantiles.quartiles;
import static com.google.common.truth.Truth.assertThat;
import static com.google.common.truth.Truth.assertWithMessage;
import static java.lang.Double.NEGATIVE_INFINITY;
import static java.lang.Double.NaN;
import static java.lang.Double.POSITIVE_INFINITY;

import static com.google.common.math.Quantiles.median;
import static com.google.common.math.Quantiles.percentiles;
import static com.google.common.math.Quantiles.quartiles;
import static com.google.common.truth.Truth.assertThat;
import static com.google.common.truth.Truth.assertWithMessage;
import static java.lang.Double.NEGATIVE_INFINITY;
import static java.lang.Double.NaN;
import static java.lang.Double.POSITIVE_INFINITY;

        JAASAuthenticator auth = spy(new JAASAuthenticator());
        // Avoid real JAAS by stubbing getSubject
        doReturn(new Subject()).when(auth).getSubject();

        // Act
        CredentialsInternal result = auth.renew();

        // Assert interaction and return value
        assertSame(auth, result);
        verify(auth, times(1)).getSubject();
    }

        assertEquals("user", auth.getUsername());

        // Close the authenticator
        auth.close();

        assertTrue(auth.isClosed());

        // Closing again should not throw exception
        auth.close(); // idempotent

        // All operations should throw IllegalStateException
        assertThrows(IllegalStateException.class, () -> auth.getPassword());