k.updateMetrics(err, time.Since(start))

	return plaintext, err
}

// MAC generates the checksum of the given req.Message using the key
// with the req.Name at the KMS.
func (k *KMS) MAC(ctx context.Context, req *MACRequest) ([]byte, error) {
	if req.Name == "" {
		req.Name = k.DefaultKey
	}

	start := time.Now()
	mac, err := k.conn.MAC(ctx, req)

		return nil, errDecryptionFailed(err)
	}
	return plaintext, nil
}

// MAC generates the checksum of the given req.Message using the key
// with the req.Name at the KMS.
func (c *kesConn) MAC(ctx context.Context, req *MACRequest) ([]byte, error) {
	mac, err := c.client.HMAC(context.Background(), req.Name, req.Message)
	if err != nil {
		if errors.Is(err, kes.ErrKeyNotFound) {
			return nil, ErrKeyNotFound
		}

				}
			}()

			userDefined := make(map[string]string, len(req.UserMetadata))
			for k, v := range req.UserMetadata {
				userDefined[k] = v
			}
			userDefined[xhttp.AmzObjectTagging] = s3utils.TagEncode(req.UserTags)

			if opts.Kind != nil {
				encrd, objectEncryptionKey, err := newEncryptReader(ctx, hr, opts.Kind, opts.KeyID, opts.Key, bucket, req.Key, userDefined, opts.KmsCtx)
				if err != nil {
					errs[idx] = err

// The request may be reused, so caller should clear any fields.
func (h *SingleHandler[Req, Resp]) NewRequest() Req {
	return h.newReq()
}

// Register a handler for a Req -> Resp roundtrip.
// Requests are automatically recycled.
func (h *SingleHandler[Req, Resp]) Register(m *Manager, handle func(req Req) (resp Resp, err *RemoteErr), subroute ...string) error {
	if h.newReq == nil {

    }

    public void add(ModelProblemCollectorRequest req) {
        switch (req.getSeverity()) {
            case FATAL:
                if (!fatals.contains(req.getMessage())) {
                    fatals.add(req.getMessage());
                }
                break;
            case ERROR:
                if (!errors.contains(req.getMessage())) {
                    errors.add(req.getMessage());
                }
                break;

		}
	}

	if xfPort := req.Header.Get(xForwardedPort); xfPort == "" {
		req.Header.Set(xForwardedPort, forwardedPort(req))
	}

	if xfHost := req.Header.Get(xForwardedHost); xfHost == "" && req.Host != "" {
		req.Header.Set(xForwardedHost, req.Host)
	}
}

func forwardedPort(req *http.Request) string {
	if req == nil {
		return ""
	}

	if _, port, err := net.SplitHostPort(req.Host); err == nil && port != "" {

	req := mustNewRequest(method, urlStr, contentLength, body, t)
	req.Header.Set("Content-Md5", "invalid-digest")
	cred := globalActiveCred
	if err := signRequestV4(req, cred.AccessKey, cred.SecretKey); err != nil {
		t.Fatalf("Unable to initialized new signed http request %s", err)
	}
	return req
}

    }

    public static void setError(final int statusCode, final Exception e) {
        LaRequestUtil.getOptionalRequest().ifPresent(req -> req.setAttribute(WEB_API_EXCEPTION, new WebApiException(statusCode, e)));
    }

    public static void validate() {

			logKind = ek
		}
	}

	req := GetReqInfo(ctx)
	if req == nil {
		req = &ReqInfo{
			API:       "SYSTEM",
			RequestID: fmt.Sprintf("%X", time.Now().UTC().UnixNano()),
		}
	}
	req.RLock()
	defer req.RUnlock()

	API := "SYSTEM"
	switch {
	case req.API != "":
		API = req.API
	case subsystem != "":
		API += "." + subsystem
	}

        NtlmPasswordAuthentication ntlm;

        if ((ntlm = negotiate( req, resp, false )) == null) {
            return;
        }

        chain.doFilter( new NtlmHttpServletRequest( req, ntlm ), response );
    }

    /**
     * Negotiate password hashes with MSIE clients using NTLM SSP
     * @param req The servlet request
     * @param resp The servlet response