{
			queryParams: map[string]string{
				"Expires":        "60",
				"Signature":      "badsignature",
				"AWSAccessKeyId": "Z7IXGOO6BZ0REAN1Q26I",
			},
			expected: ErrInvalidAccessKeyID,
		},
		// (2) Should error with malformed expires.
		{
			queryParams: map[string]string{
				"Expires":        "60s",
				"Signature":      "badsignature",
				"AWSAccessKeyId": accessKey,
			},
			expected: ErrMalformedExpires,
		},

		{
			queryParams: map[string]string{
				"X-Amz-Algorithm":     signV4Algorithm,
				"X-Amz-Date":          now.Format(iso8601Format),
				"X-Amz-Expires":       "60",
				"X-Amz-Signature":     "badsignature",
				"X-Amz-SignedHeaders": "host;x-amz-content-sha256;x-amz-date",
				"X-Amz-Credential":    fmt.Sprintf(credentialTemplate, "Z7IXGOO6BZ0REAN1Q26I", now.Format(yyyymmdd), "us-west-1"),
			},
			region:   "us-west-1",

)

// Type to capture different modifications to API request to simulate failure cases.
type Fault int

const (
	None Fault = iota
	MissingContentLength
	TooBigObject
	TooBigDecodedLength
	BadSignature
	BadMD5
	MissingUploadID
)

// Wrapper for calling HeadObject API handler tests for both Erasure multiple disks and FS single drive setup.
func TestAPIHeadObjectHandler(t *testing.T) {

    private int type;
    private byte[] checksum;

    /**
     * Constructs a PacSignature by parsing the provided data.
     *
     * @param data the raw signature data to parse
     * @throws PACDecodingException if the data is malformed or cannot be parsed
     */
    public PacSignature(final byte[] data) throws PACDecodingException {
        try {

        }
        baos.write(checksum);
        byte[] data = baos.toByteArray();

        // Create PacSignature
        PacSignature pacSignature = new PacSignature(data);

        // Verify
        assertEquals(defaultType, pacSignature.getType());
        assertArrayEquals(checksum, pacSignature.getChecksum());
    }

    /**
     * Test constructor with malformed data (too short).
     */
    @Test

        KerberosKey hmacKey = new KerberosKey(TEST_PRINCIPAL, new byte[16], PacSignature.ETYPE_ARCFOUR_HMAC, 0);
        KerberosKey aes128Key = new KerberosKey(TEST_PRINCIPAL, new byte[16], PacSignature.ETYPE_AES128_CTS_HMAC_SHA1_96, 0);
        KerberosKey aes256Key = new KerberosKey(TEST_PRINCIPAL, new byte[32], PacSignature.ETYPE_AES256_CTS_HMAC_SHA1_96, 0);

        keys.put(PacSignature.ETYPE_ARCFOUR_HMAC, hmacKey);

            // Setup mock behavior
            PacLogonInfo mockLogonInfo = Mockito.mock(PacLogonInfo.class);
            PacSignature mockServerSig = Mockito.mock(PacSignature.class);
            PacSignature mockKdcSig = Mockito.mock(PacSignature.class);

            Mockito.when(mock.getLogonInfo()).thenReturn(mockLogonInfo);
            Mockito.when(mock.getServerSignature()).thenReturn(mockServerSig);

            } else {
                if ((type != PacSignature.HMAC_SHA1_96_AES128) && (type != PacSignature.HMAC_SHA1_96_AES256)) {
                    throw new PACDecodingException("Invalid MAC algorithm");
                }
                KerberosKey key = type == PacSignature.HMAC_SHA1_96_AES128 ? keys.get(PacSignature.ETYPE_AES128_CTS_HMAC_SHA1_96)
                        : keys.get(PacSignature.ETYPE_AES256_CTS_HMAC_SHA1_96);

 */
public class Pac {

    private static final Logger log = LoggerFactory.getLogger(Pac.class);

    private PacLogonInfo logonInfo;
    private PacCredentialType credentialType;
    private PacSignature serverSignature;
    private PacSignature kdcSignature;

    /**
     * Constructs and validates a PAC from raw data using provided Kerberos keys.
     * @param data the raw PAC data bytes

        KerberosKey serverKey = new KerberosKey(new KerberosPrincipal("******@****.***"), "serverKey1234567".getBytes(),
                PacSignature.ETYPE_ARCFOUR_HMAC, 1);
        keys.put(PacSignature.ETYPE_ARCFOUR_HMAC, serverKey);
    }

    private void writeLittleEndianInt(ByteArrayOutputStream baos, int value) {
        baos.write(value & 0xFF);
        baos.write((value >> 8) & 0xFF);