storageRESTDstVolume        = "dvol"
	storageRESTDstPath          = "dpath"
	storageRESTOffset           = "offset"
	storageRESTLength           = "length"
	storageRESTCount            = "count"
	storageRESTBitrotAlgo       = "balg"
	storageRESTBitrotHash       = "bhash"
	storageRESTDiskID           = "did"
	storageRESTForceDelete      = "fdel"
	storageRESTGlob             = "glob"
	storageRESTMetrics          = "metrics"

	if err != nil {
		return nil, &jwtgo.ValidationError{Inner: err, Errors: jwtgo.ValidationErrorMalformed}
	}
	headerDec := buf[:n]
	buf = buf[n:]

	alg, _, _, err := jsonparser.Get(headerDec, "alg")
	if err != nil {
		return nil, &jwtgo.ValidationError{Inner: err, Errors: jwtgo.ValidationErrorMalformed}
	}

	n, err = base64DecodeBytes(token[i+1:j], buf)
	if err != nil {

	jwt.RegisterSigningMethod(SigningMethodES3256.Alg(), func() jwt.SigningMethod {
		return SigningMethodES3256
	})

	// ES384
	SigningMethodES3384 = &jwt.SigningMethodECDSA{Name: "ES3384", Hash: crypto.SHA3_384, KeySize: 48, CurveBits: 384}
	jwt.RegisterSigningMethod(SigningMethodES3384.Alg(), func() jwt.SigningMethod {
		return SigningMethodES3384
	})

	// ES512

	jwt.RegisterSigningMethod(SigningMethodRS3256.Alg(), func() jwt.SigningMethod {
		return SigningMethodRS3256
	})

	// RS3384
	SigningMethodRS3384 = &jwt.SigningMethodRSA{Name: "RS3384", Hash: crypto.SHA3_384}
	jwt.RegisterSigningMethod(SigningMethodRS3384.Alg(), func() jwt.SigningMethod {
		return SigningMethodRS3384
	})

	// RS3512

type Algorithm string

// UnmarshalXML - Unmarshals XML tag to valid SSE algorithm
func (alg *Algorithm) UnmarshalXML(d *xml.Decoder, start xml.StartElement) error {
	var s string
	if err := d.DecodeElement(&s, &start); err != nil {
		return err
	}

	switch s {
	case string(AES256):
		*alg = AES256
	case string(AWSKms):
		*alg = AWSKms
	default:
		return errors.New("Unknown SSE algorithm")
	}

	return nil
}

func NewChecksumWithType(alg ChecksumType, value string) *Checksum {
	if !alg.IsSet() {
		return nil
	}
	wantParts := 0
	if strings.ContainsRune(value, '-') {
		valSplit := strings.Split(value, "-")
		if len(valSplit) != 2 {
			return nil
		}
		value = valSplit[0]
		nParts, err := strconv.Atoi(valSplit[1])
		if err != nil {
			return nil
		}
		alg |= ChecksumMultipart
		wantParts = nParts

)

// JWKS - https://tools.ietf.org/html/rfc7517
type JWKS struct {
	Keys []*JWKS `json:"keys,omitempty"`

	Kty string `json:"kty"`
	Use string `json:"use,omitempty"`
	Kid string `json:"kid,omitempty"`
	Alg string `json:"alg,omitempty"`

	Crv string `json:"crv,omitempty"`
	X   string `json:"x,omitempty"`
	Y   string `json:"y,omitempty"`
	D   string `json:"d,omitempty"`
	N   string `json:"n,omitempty"`

		Claims: jwtgo.StandardClaims{
			ExpiresAt: 253428928061,
			Audience:  "76b95ae5-33ef-4283-97b7-d2a85dc2d8f4",
		},
		Header: map[string]any{
			"typ": "JWT",
			"alg": jwtgo.SigningMethodHS256.Alg(),
			"kid": "76b95ae5-33ef-4283-97b7-d2a85dc2d8f4",
		},
	}

	token, err := jwt.SignedString([]byte("WNGvKVyyNmXq0TraSvjaDN9CtpFgx35IXtGEffMCPR0"))
	if err != nil {
		t.Fatal(err)
	}

Bag Attributes
    friendlyName: test-client
    localKeyID: 54 69 6D 65 20 31 36 31 30 35 34 37 32 31 38 33 33 39 
Key Attributes: <No Attributes>
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIV/BaQuOROI8CAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECDimqPUDaqRVBIIEyBNPeVp351IS
v8s0Jscjmh/PkXe6Zb4etlvhOMbTrLdsUiXYaPaX+pwNDo61D3LR3UTz1Yt9MaIM
hgbClVQo2WhEIywJcaloEccxZ2mkP0ZWGVvm3NqfGD5ruevRxra9fvrQcpr81Sro

Bag Attributes
    friendlyName: test-node
    localKeyID: 54 69 6D 65 20 31 36 31 30 35 34 37 34 31 31 36 37 37 
Key Attributes: <No Attributes>
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIjQ0GSNxFPlcCAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECEhMiHamDL3EBIIEyDhQlJjJhfPN
Tve2KwhJsADvo6POTXw0tJzTKCHek7iYLcsMK7EQhH3fLRkYDCOufBIZEgqxxCiH
l3q89eg5qd4lqne4yTW5SYLVW+L6xnE5FpacpfLCWWm4LmZlg3BynDZykG/cDHS8