buf.append(encodeToString(prefix)).append("-,");
            }
            buf.append(encodeToString(textStart));
            if (StringUtil.isNotBlank(textEnd)) {
                buf.append(',').append(encodeToString(textEnd));
            }
            if (StringUtil.isNotBlank(suffix)) {
                buf.append(",-").append(encodeToString(suffix));
            }

                                groupList.add(Base64.getUrlEncoder().encodeToString(name.getBytes(Constants.CHARSET_UTF_8)));
                            } else if (lowerEntryDn.indexOf(lowerRoleDn) != -1) {
                                roleList.add(Base64.getUrlEncoder().encodeToString(name.getBytes(Constants.CHARSET_UTF_8)));
                            }
                        });

		md5Bytes := md5.Sum([]byte(object.content))
		_, err = obj.PutObject(context.Background(), object.parentBucket, object.name, mustGetPutObjReader(t, bytes.NewBufferString(object.content),
			int64(len(object.content)), hex.EncodeToString(md5Bytes[:]), ""), ObjectOptions{
			Versioned:   globalBucketVersioningSys.PrefixEnabled(object.parentBucket, object.name),
			UserDefined: object.meta,
		})
		if err != nil {

		if err != nil {
			writeErrorResponse(ctx, w, toAPIError(ctx, err), r.URL)
			return
		}

		// Set the correct hex md5sum for the fan-out stream.
		fanOutOpts.MD5Hex = hex.EncodeToString(md5w.Sum(nil))

		concurrentSize := min(runtime.GOMAXPROCS(0), 100)

		fanOutResp := make([]minio.PutObjectFanOutResponse, 0, len(fanOutEntries))
		eventArgsList := make([]eventArgs, 0, len(fanOutEntries))

	region := sumHMAC(date, []byte(globalMinioDefaultRegion))
	service := sumHMAC(region, []byte(string(serviceS3)))
	signingKey := sumHMAC(service, []byte("aws4_request"))

	signature := hex.EncodeToString(sumHMAC(signingKey, []byte(stringToSign)))

	// final Authorization header
	parts := []string{
		"AWS4-HMAC-SHA256" + " Credential=" + accessKey + SlashSeparator + scope,
		"SignedHeaders=" + signedHeaders,

}

func (x xlMetaV2VersionHeader) String() string {
	return fmt.Sprintf("Type: %s, VersionID: %s, Signature: %s, ModTime: %s, Flags: %s, N: %d, M: %d",
		x.Type.String(),
		hex.EncodeToString(x.VersionID[:]),
		hex.EncodeToString(x.Signature[:]),
		time.Unix(0, x.ModTime),
		x.Flags.String(),
		x.EcN, x.EcM,
	)
}

// matchesNotStrict returns whether x and o have both have non-zero version,

		return auth.Credentials{}, time.Time{}, errIAMActionNotAllowed
	}
	m := make(map[string]any)
	m[parentClaim] = parentUser

	if len(policyBuf) > 0 {
		m[policy.SessionPolicyName] = base64.StdEncoding.EncodeToString(policyBuf)
		m[iamPolicyClaimNameSA()] = embeddedPolicyType
	} else {
		m[iamPolicyClaimNameSA()] = inheritedPolicyType
	}

	// Add all the necessary claims for the service account.

	if err != nil {
		c.Fatalf("unexpected encryption err: %v", err)
	}

	req.ContentLength = int64(len(buf))
	sum := sha256.Sum256(buf)
	req.Header.Set("X-Amz-Content-Sha256", hex.EncodeToString(sum[:]))
	req.Body = io.NopCloser(bytes.NewReader(buf))
	req = signer.SignV4(*req, accessKey, secretKey, "", "")

	// 3.1 Execute the request.
	resp, err := s.TestSuiteCommon.client.Do(req)
	if err != nil {

			}

			if len(policyBuf) > maxSVCSessionPolicySize {
				return updatedAt, errSessionPolicyTooLarge
			}

			// Overwrite session policy claims.
			m.Set(policy.SessionPolicyName, base64.StdEncoding.EncodeToString(policyBuf))
			m.Set(iamPolicyClaimNameSA(), embeddedPolicyType)
		}
	}

	cr.SessionToken, err = auth.JWTSignWithAccessKey(accessKey, m.Map(), cr.SecretKey)
	if err != nil {
		return updatedAt, err