// Get signature.
	newSignature := getSignature(signingKey, formValues.Get("Policy"))

	// Verify signature.
	if !compareSignatureV4(newSignature, formValues.Get(xhttp.AmzSignature)) {
		return cred, ErrSignatureDoesNotMatch
	}

	// Success.
	return cred, ErrNone
}

// doesPresignedSignatureMatch - Verify query headers with presigned signature

	signature := calculateSignatureV2(stringToSign, cred.SecretKey)
	return signature
}

// compareSignatureV2 returns true if and only if both signatures
// are equal. The signatures are expected to be base64 encoded strings
// according to the AWS S3 signature V2 spec.
func compareSignatureV2(sig1, sig2 string) bool {
	// Decode signature string to binary byte-sequence representation is required

		{"X-Amz-Content-Sha256", unsignedPayload, "X-Amz-Credential", "", true},

		// Test case - 4.
		// Enabling PreSigned Signature v4, but X-Amz-Content-Sha256 not set has to be skipped.
		{"", "", "X-Amz-Credential", "", true},

		// Test case - 5.
		// Enabling PreSigned Signature v4, but X-Amz-Content-Sha256 set and its not UNSIGNED-PAYLOAD, we shouldn't skip.

			return n, cr.err
		}
	}

	// Now, we read the signature of the following payload and expect:
	//   chunk-signature=" + <signature-as-hex> + "\r\n"
	//
	// The signature is 64 bytes long (hex-encoded SHA256 hash) and
	// starts with a 16 byte header: len("chunk-signature=") + 64 == 80.
	var signature [80]byte
	_, err = io.ReadFull(cr.reader, signature[:])
	if err == io.EOF {
		err = io.ErrUnexpectedEOF
	}

			},
			expected: ErrInvalidAccessKeyID,
		},
		// (2) It should fail with a bad signature.
		{
			form: http.Header{
				"X-Amz-Credential": []string{fmt.Sprintf(credentialTemplate, accessKey, now.Format(yyyymmdd), globalMinioDefaultRegion)},
				"X-Amz-Date":       []string{now.Format(iso8601Format)},
				"X-Amz-Signature":  []string{"invalidsignature"},
				"Policy":           []string{"policy"},
			},

			// validating the extraction/parsing of signature field.
			if !compareSignatureV4(testCase.expectedAuthField.Signature, parsedAuthField.Signature) {
				t.Errorf("Test %d: Parsed Signature field mismatch: Expected \"%s\", got \"%s\"", i+1, testCase.expectedAuthField.Signature, parsedAuthField.Signature)
			}

			// validating the extracted signed headers.

    <example>
      ${fe:label("value")}
    </example>
  </function>

  <function>
    <description>
      Returns Date from a given value.
    </description>
    <name>date</name>
    <function-class>org.codelibs.fess.taglib.FessFunctions</function-class>
    <function-signature>java.util.Date date(java.lang.Long)</function-signature>
    <example>

            // Zero signature field for calculation
            for (int i = 0; i < SIGNATURE_LENGTH; i++) {
                data[SIGNATURE_OFFSET + i] = 0;
            }

            mac.update(data, 0, data.length);
            byte[] signature = mac.doFinal();

            // Place signature in data
            System.arraycopy(signature, 0, data, SIGNATURE_OFFSET, SIGNATURE_LENGTH);

          issuerUniqueID = null,
          subjectUniqueID = null,
          extensions = extensions(),
        )

      // Signature.
      val signature =
        Signature.getInstance(tbsCertificate.signatureAlgorithmName).run {
          initSign(issuerKeyPair.private)
          update(CertificateAdapters.tbsCertificate.toDer(tbsCertificate).toByteArray())
          sign().toByteString()

    @Test
    @DisplayName("Should set and get signature")
    void testSignature() {
        // Given
        byte[] signature = new byte[16];
        new SecureRandom().nextBytes(signature);

        // When
        transformHeader.setSignature(signature);

        // Then
        assertArrayEquals(signature, transformHeader.getSignature());
    }

    @Test