// Verify if request has valid AWS Signature Version '4'.
func isReqAuthenticated(ctx context.Context, r *http.Request, region string, stype serviceType) (s3Error APIErrorCode) {
	if errCode := reqSignatureV4Verify(r, region, stype); errCode != ErrNone {
		return errCode
	}

	clientETag, err := etag.FromContentMD5(r.Header)
	if err != nil {
		return ErrInvalidDigest
	}

type errorCodeMap map[APIErrorCode]APIError

func (e errorCodeMap) ToAPIErrWithErr(errCode APIErrorCode, err error) APIError {
	apiErr, ok := e[errCode]
	if !ok {
		apiErr = e[ErrInternalError]
	}
	if err != nil {
		apiErr.Description = fmt.Sprintf("%s (%s)", apiErr.Description, err)
	}
	if globalSite.Region != "" {
		if errCode == ErrAuthorizationHeaderMalformed {

	testCases := []struct {
		Request *http.Request
		ErrCode APIErrorCode
	}{
		{Request: mustNewRequest(http.MethodGet, "http://127.0.0.1:9000", 0, nil, t), ErrCode: ErrAccessDenied},
		{Request: mustNewSignedRequest(http.MethodGet, "http://127.0.0.1:9000", 0, nil, t), ErrCode: ErrNone},
		{Request: mustNewSignedV2Request(http.MethodGet, "http://127.0.0.1:9000", 0, nil, t), ErrCode: ErrAccessDenied},

	"github.com/minio/minio/internal/logger"
)

// writeSTSErrorResponse writes error headers
func writeSTSErrorResponse(ctx context.Context, w http.ResponseWriter, errCode STSErrorCode, err error) {
	stsErr := stsErrCodes.ToSTSErr(errCode)

	// Generate error response.
	stsErrorResponse := STSErrorResponse{}
	stsErrorResponse.Error.Code = stsErr.Code
	stsErrorResponse.RequestID = w.Header().Get(xhttp.AmzRequestID)

	// Extract all the signed headers along with its values.
	extractedSignedHeaders, errCode := extractSignedHeaders(signV4Values.SignedHeaders, r)
	if errCode != ErrNone {
		return cred, "", "", time.Time{}, errCode
	}

	cred, _, errCode = checkKeyValid(r, signV4Values.Credential.accessKey)
	if errCode != ErrNone {
		return cred, "", "", time.Time{}, errCode
	}

	// Verify if region is valid.

	// calling the function being tested.
	errCode := checkMetaHeaders(signedHeadersMap, r)
	if errCode != ErrNone {
		t.Fatalf("Expected the APIErrorCode to be %d, but got %d", ErrNone, errCode)
	}

	// Add new metadata in inputHeader
	inputHeader.Set("X-Amz-Meta-Clone", "fail")
	// calling the function being tested.
	errCode = checkMetaHeaders(signedHeadersMap, r)
	if errCode != ErrUnsignedHeaders {

				errs[idx] = err
			} else {
				tagSlc[idx] = tgs.ToMap()
			}
		}(idx, tgt)
	}
	wg.Wait()
	for idx, err := range errs {
		errCode := minio.ToErrorResponse(err).Code
		if err != nil && errCode != "NoSuchKey" && errCode != "NoSuchVersion" {
			return nil, proxyResult{Err: err}
		}
		if err == nil {
			tgs, _ = tags.MapToObjectTags(tagSlc[idx])
		}
	}
	if len(errs) == 1 {

	if s3Err != ErrNone {
		return s3Err
	}

	// Extract all the signed headers along with its values.
	extractedSignedHeaders, errCode := extractSignedHeaders(pSignValues.SignedHeaders, r)
	if errCode != ErrNone {
		return errCode
	}

	// Check if the metadata headers are equal with signedheaders
	errMetaCode := checkMetaHeaders(extractedSignedHeaders, r)
	if errMetaCode != ErrNone {

				if toAPIError(ctx, err).Code == "NoSuchKey" {
					s3Error = ErrNoSuchKey
				}
			}
		}
		errCode := errorCodes.ToAPIErr(s3Error)
		w.Header().Set(xMinIOErrCodeHeader, errCode.Code)
		w.Header().Set(xMinIOErrDescHeader, "\""+errCode.Description+"\"")
		writeErrorResponseHeadersOnly(w, errCode)
		return
	}

	// Validate pre-conditions if any.
	opts.CheckPrecondFn = func(oi ObjectInfo) bool {

	// Extract all the listBucketVersions query params to their native values.
	prefix, marker, delimiter, maxkeys, encodingType, versionIDMarker, errCode := getListBucketObjectVersionsArgs(urlValues)
	if errCode != ErrNone {
		writeErrorResponse(ctx, w, errorCodes.ToAPIErr(errCode), r.URL)
		return
	}

	// Validate the query params before beginning to serve the request.