// with governance bypass headers set in the request.
// Objects under site wide WORM can never be overwritten.
// For objects in "Governance" mode, overwrite is allowed if a) object retention date is past OR
// governance bypass headers are set and user has governance bypass permissions.
// Objects in "Compliance" mode can be overwritten only if retention date is past.

        this(macSigningKey, bypass, 0);
    }

    /**
     * Constructs a signing digest with bypass option and initial sequence number
     *
     * @param macSigningKey
     *            The MAC signing key used for generating signatures
     * @param bypass
     *            Whether to bypass signature verification
     * @param initialSequence
     *            The initial sequence number for signing

    private MessageDigest digest;
    private byte[] macSigningKey;
    private boolean bypass = false;
    private int updates;
    private int signSequence;

    /**
     * Constructs a new signing digest with the specified MAC signing key.
     *
     * @param macSigningKey the MAC signing key for message authentication
     * @param bypass whether to bypass MAC signing
     * @throws SmbException if MD5 algorithm is not available
     */

	os.Setenv("CONSOLE_PBKDF_PASSPHRASE", globalDeploymentID())
	if globalMinioEndpoint != "" {
		os.Setenv("CONSOLE_MINIO_SERVER", globalMinioEndpoint)
	} else {
		// Explicitly set 127.0.0.1 so Console will automatically bypass TLS verification to the local S3 API.
		// This will save users from providing a certificate with IP or FQDN SAN that points to the local host.

```

See <https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.html> for AWS S3 spec on object locking and permissions required for object retention and governance bypass overrides.

### Set legal hold on an object

PutObject API allows setting legal hold using `x-amz-object-lock-legal-hold` header.

```sh

 * tests focus on the contract that implementations should honour and the
 * interaction with {@link SmbFile} instances. The tests make heavy use of
 * Mockito to guarantee that implementation classes do not inadvertently
 * bypass the filter logic.
 */
public class SmbFileFilterTest {

    /**
     * A minimal implementation that accepts every {@link SmbFile}.
     */
    private final SmbFileFilter ALWAYSACTIVE = new SmbFileFilter() {

type EvalMetadataFn func(o *ObjectInfo, gerr error) (ReplicateDecision, error)

// EvalRetentionBypassFn validates input objInfo and GetObjectInfo error and returns an error if retention bypass is not allowed.
type EvalRetentionBypassFn func(o ObjectInfo, gerr error) error

// GetObjectInfoFn is the signature of GetObjectInfo function.

    void testHandleSetsNameAndPasswordHappyPath() throws Exception {
        JAASAuthenticator auth = new JAASAuthenticator("DOM", "user", "pass");
        NameCallback nc = new NameCallback("user:");
        PasswordCallback pc = new PasswordCallback("pass:", false);

        // Exercise callback handler with both callbacks supplied
        Callback[] cbs = new Callback[] { nc, pc };
        auth.handle(cbs);

Whenever you need the client to pass information in the request and you don't know how to, you can search (Google) how to do it in `httpx`, or even how to do it with `requests`, as HTTPX's design is based on Requests' design.

Then you just do the same in your tests.

E.g.:

* To pass a *path* or *query* parameter, add it to the URL itself.
* To pass a JSON body, pass a Python object (e.g. a `dict`) to the parameter `json`.

    @Test
    @DisplayName("Test constructor with MAC signing key and bypass flag")
    void testConstructorWithBypass() {
        SMB1SigningDigest digest = new SMB1SigningDigest(testMacSigningKey, true);
        assertNotNull(digest);
        assertTrue(digest.toString().contains("MacSigningKey="));
    }

    @Test
    @DisplayName("Test constructor with MAC signing key, bypass flag and initial sequence")