// Given
        byte[] signature = new byte[16];
        new SecureRandom().nextBytes(signature);

        // When
        transformHeader.setSignature(signature);

        // Then
        assertArrayEquals(signature, transformHeader.getSignature());
    }

    @Test
    @DisplayName("Should set and get nonce")
    void testNonce() {
        // When
        transformHeader.setNonce(testNonce);

     *
     * @return the signature/authentication tag
     */
    public byte[] getSignature() {
        return this.signature;
    }

    /**
     * Sets the signature or authentication tag for the encrypted message
     *
     * @param signature
     *            the signature/authentication tag to set
     */
    public void setSignature(final byte[] signature) {
        if (signature.length != 16) {

        }

        @Override
        MethodVisitor visitMethod(int access, String name, String methodDescriptor, String signature, String[] exceptions) {
            if (behaviorName == name && methodDescriptor == behavior.getSignature()) {
                return new MethodVisitor(AsmConstants.ASM_LEVEL) {

                    @Override
                    AnnotationVisitor visitAnnotation(String descriptor, boolean visible) {

		emptySHA256 + "\n" +
		hashedChunk

	// Get hmac signing key.
	signingKey := getSigningKey(cr.cred.SecretKey, cr.seedDate, cr.region, serviceS3)

	// Calculate signature.
	newSignature := getSignature(signingKey, stringToSign)

	return newSignature
}

// getTrailerChunkSignature - get trailer chunk signature.
func (cr *s3ChunkedReader) getTrailerChunkSignature() string {

            final byte[] associatedData = transformHeader.getAssociatedData();
            byte[] nonce = transformHeader.getNonce();
            final byte[] authTag = transformHeader.getSignature();

            // Extract ciphertext
            final int ciphertextLength = encryptedMessage.length - Smb2TransformHeader.TRANSFORM_HEADER_SIZE;
            final byte[] ciphertext = new byte[ciphertextLength];

	return x.Flags&xlFlagInlineData != 0
}

// signatureErr is a signature returned when an error occurs.
var signatureErr = [4]byte{'e', 'r', 'r', 0}

// getSignature will return a signature that is expected to be the same across all disks.
func (j xlMetaV2Version) getSignature() [4]byte {
	switch j.Type {
	case ObjectType:
		return j.ObjectV2.Signature()
	case DeleteType:
		return j.DeleteMarker.Signature()
	case LegacyType:

	// Get signining key.
	signingkey := getSigningKey(secretAccessKey, t, location, "s3")
	// Calculate signature.
	signature := getSignature(signingkey, policyBase64)
	return signature
}

func newPostRequestV2(endPoint, bucketName, objectName string, secretKey string, formInputData map[string]string) (*http.Request, error) {

		for _, ver := range v2 {
			b, _ := json.Marshal(ver.header)
			t.Log(string(b))
			var x xlMetaV2Version
			_, _ = x.unmarshalV(0, ver.meta)
			b, _ = json.Marshal(x)
			t.Log(string(b), x.getSignature())
		}
	}

	for i := range vers {
		t.Run(fmt.Sprintf("non-strict-q%d", i), func(t *testing.T) {
			merged := mergeXLV2Versions(i, false, 0, vers...)
			if len(merged) == 0 {

	stringToSign := getStringToSign(canonicalRequest, date, scope)
	signingKey := getSigningKey(secretAccessKey, date, region, serviceS3)
	signature := getSignature(signingKey, stringToSign)

	req.URL.RawQuery = query.Encode()

	// Add signature header to RawQuery.
	req.URL.RawQuery += "&X-Amz-Signature=" + url.QueryEscape(signature)

		case xhttp.AmzAccessKeyID:
			accessKey = keyval[1]
		case xhttp.AmzSignatureV2:
			gotSignature = keyval[1]
		case xhttp.Expires:
			expires = keyval[1]
		default:
			filteredQueries = append(filteredQueries, query)
		}
	}

	// Invalid values returns error.
	if accessKey == "" || gotSignature == "" || expires == "" {
		return ErrInvalidQueryParams
	}