* Object#toString}.
   */
  NON_STANDARD_TOSTRING,

  /**
   * Indicates that the constructor or factory method of a collection, usually an immutable set,
   * throws an {@link IllegalArgumentException} when presented with duplicate elements instead of
   * collapsing them to a single element or including duplicate instances in the collection.
   */
  REJECTS_DUPLICATES_AT_CREATION,

  SUPPORTS_ADD,
  SUPPORTS_REMOVE,

	// which means the policy exceeded the allowed space.
	PackedPolicySize int `xml:",omitempty"`

	// The issuing authority of the web identity token presented. For OpenID Connect
	// ID tokens, this contains the value of the iss field. For OAuth 2.0 id_tokens,
	// this contains the value of the ProviderId parameter that was passed in the
	// AssumeRoleWithWebIdentity request.

## REST API call to plugin

To verify the custom token presented in the `AssumeRoleWithCustomToken` API, MinIO makes a POST request to the configured identity management plugin endpoint and expects a response with some details as shown below:

### Request `POST` to plugin endpoint

  SUPPORTS_PUT,
  SUPPORTS_REMOVE,
  FAILS_FAST_ON_CONCURRENT_MODIFICATION,
  /**
   * Indicates that the constructor or factory method of a map, usually an immutable map, throws an
   * {@link IllegalArgumentException} when presented with duplicate keys instead of discarding all
   * but one.
   */
  REJECTS_DUPLICATES_AT_CREATION,

  GENERAL_PURPOSE(SUPPORTS_PUT, SUPPORTS_REMOVE);

  private final Set<Feature<? super Map>> implied;

import java.util.Collections;

/**
 * An {@link ClusterException} is a data structure that allows for some code to "throw multiple
 * exceptions", or something close to it. The prototypical code that calls for this class is
 * presented below:
 *
 * <pre>
 * void runManyThings({@literal List<ThingToRun>} thingsToRun) {
 *   for (ThingToRun thingToRun : thingsToRun) {
 *     thingToRun.run(); // say this may throw an exception, but you want to

 *
 *  * Application Layer Protocol Negotiation (ALPN) enables the HTTPS port (443) to be used to
 *    negotiate HTTP/2.
 *
 * Unfortunately, older HTTPS servers refuse to connect when such options are presented. Rather than
 * avoiding these options entirely, this class allows a connection to be attempted with modern
 * options and then retried without them should the attempt fail.
 *
 * ## Connection Reuse
 *

    // yet absolute. This is needed because server certificates do not normally contain absolute
    // names or patterns, but they should be treated as absolute. At the same time, any hostname
    // presented to this method should also be treated as absolute for the purposes of matching
    // to the server certificate.
    //   www.android.com  matches www.android.com
    //   www.android.com  matches www.android.com.

        #
        # NB: a `for` loop captures its iteration list before it begins, so
        # changing the positional parameters here affects neither the number of
        # iterations, nor the values presented in `arg`.
        shift                   # remove old arg
        set -- "$@" "$arg"      # push replacement arg
    done
fi

to sign user certificates for authentication.

Implementation is identical with "TrustedUserCAKeys" setting in OpenSSH server with exception that only one CA
key can be defined.

If a certificate is presented for authentication and has its signing CA key is in this file, then it may be
used for authentication for any user listed in the certificate's principals list. 

 * intended for use in Internationalized Domain Names (IDNs).
 *
 * This class contains a Kotlin implementation of the pseudocode specified by RFC 3492. It includes
 * direct translation of the pseudocode presented there.
 *
 * Partner this class with [UTS #46] to implement IDNA2008 [RFC 5890] like most browsers do.
 *
 * [RFC 3492]: https://datatracker.ietf.org/doc/html/rfc3492