req.URL.RawQuery = query.Encode()

	// Save signature finally.
	req.URL.RawQuery += "&Signature=" + url.QueryEscape(signature)
	return nil
}

// Sign given request using Signature V2.
func signRequestV2(req *http.Request, accessKey, secretKey string) error {
	signer.SignV2(*req, accessKey, secretKey, false)
	return nil
}

// Sign given request using Signature V4.

}

// signatureErr is a signature returned when an error occurs.
var signatureErr = [4]byte{'e', 'r', 'r', 0}

// getSignature will return a signature that is expected to be the same across all disks.
func (j xlMetaV2Version) getSignature() [4]byte {
	switch j.Type {
	case ObjectType:
		return j.ObjectV2.Signature()
	case DeleteType:
		return j.DeleteMarker.Signature()
	case LegacyType:

  ASSERT_EQ(func_->record->fdef().signature().attr().size(), 2);
  EXPECT_EQ(func_->record->fdef().signature().attr(0).name(), "v1");
  EXPECT_EQ(func_->record->fdef().signature().attr(0).type(), "int");
  EXPECT_EQ(func_->record->fdef().signature().attr(1).name(), "v2");
  EXPECT_EQ(func_->record->fdef().signature().attr(1).type(), "int");
}

                        // verify the server signature here, this is not done automatically as we don't set the
                        // request digest
                        // Ignore a missing signature for SMB < 3.0, as
                        // - the specification does not clearly require that (it does for SMB3+)

		HTTPStatusCode: http.StatusBadRequest,
	},
	ErrMissingSignTag: {
		Code:           "AccessDenied",
		Description:    "Signature header missing Signature field.",
		HTTPStatusCode: http.StatusBadRequest,
	},
	ErrMissingSignHeadersTag: {
		Code:           "InvalidArgument",
		Description:    "Signature header missing SignedHeaders field.",
		HTTPStatusCode: http.StatusBadRequest,
	},
	ErrMalformedExpires: {

			return
		}
	}

	// Verify policy signature.
	cred, errCode := doesPolicySignatureMatch(formValues)
	if errCode != ErrNone {
		writeErrorResponse(ctx, w, errorCodes.ToAPIErr(errCode), r.URL)
		return
	}

	if len(fanOutEntries) > 0 {
		// Once signature is validated, check if the user has
		// explicit permissions for the user.

            return collector.hasErrors();
        } else {
            // the default execution path only knows the DefaultModelProblemCollector,
            // only reason it's not in signature is because it's package private
            throw new IllegalStateException();
        }
    }

    protected boolean hasFatalErrors(ModelProblemCollectorExt problems) {

				"application/patch-ops-error+xml",
				"application/pgp-encrypted",
				"application/pgp-keys",
				"application/pgp-signature",
				"application/pics-rules",
				"application/pidf+xml",
				"application/pidf-diff+xml",
				"application/pkcs10",
				"application/pkcs7-mime",
				"application/pkcs7-signature",
				"application/pkix-cert",
				"application/pkix-crl",
				"application/pkix-pkipath",
				"application/pkixcmp",

        final boolean serverRequireSig = resp.getResponse().isSigningRequired();
        final boolean serverEnableSig = resp.getResponse().isSigningEnabled();
        if (log.isDebugEnabled()) {
            log.debug("Signature negotiation enforced " + this.signingEnforced + " (server " + serverRequireSig + ") enabled "
                    + this.getContext().getConfig().isSigningEnabled() + " (server " + serverEnableSig + ")");
        }

     * type. So why even make that error possible by giving callers the choice?
     *
     * On the other hand, the current signature is consistent with the similar allAsList method. And
     * eventually this method may go away entirely in favor of an API like
     * whenAllComplete().collectSuccesses(). That API would have a signature more like the current
     * one.
     */
    return new ListFuture<V>(ImmutableList.copyOf(futures), false);
  }