},
		{ // Expiration with invalid date
			inputXML: ` <Expiration>
                                    <Date>invalid date</Date>
                                    </Expiration>`,
			expectedErr: errLifecycleInvalidDate,
		},
		{ // Expiration with both number of days nor a date
			inputXML: `<Expiration>
		                    <Date>2019-04-20T00:01:00Z</Date>
		                    </Expiration>`,

	// Object content should be written to http.ResponseWriter
	return false
}

// returns true if object was modified after givenTime.
func ifModifiedSince(objTime time.Time, givenTime time.Time) bool {
	// The Date-Modified header truncates sub-second precision, so
	// use mtime < t+1s instead of mtime <= t to check for unmodified.
	return objTime.After(givenTime.Add(1 * time.Second))
}

				c.client = client
				c.lock.Unlock()

				prevCertificate = certificate
			}
		}
	}()

	go c.refreshKMSMasterKeyCache(logger)
	return c, nil
}

// Request KES keep an up-to-date copy of the KMS master key to allow minio to start up even if KMS is down. The
// cached key may still be evicted if the period of this function is longer than that of KES .cache.expiry.unused

package bandwidth

//go:generate msgp -file=$GOFILE -unexported

import (
	"context"
	"sync"
	"time"

	"golang.org/x/time/rate"
)

//msgp:ignore bucketThrottle Monitor

type bucketThrottle struct {
	*rate.Limiter
	NodeBandwidthPerSec int64
}

// Monitor holds the state of the global bucket monitor
type Monitor struct {
	tlock sync.RWMutex // mutex for bucket throttling

// along with this program.  If not, see <http://www.gnu.org/licenses/>.

package http

// Standard S3 HTTP response constants
const (
	LastModified       = "Last-Modified"
	Date               = "Date"
	ETag               = "ETag"
	ContentType        = "Content-Type"
	ContentMD5         = "Content-Md5"
	ContentEncoding    = "Content-Encoding"
	Expires            = "Expires"

	"$key":                     true,
	"$success_action_redirect": true,
	"$redirect":                true,
	"$success_action_status":   true,
	"$x-amz-algorithm":         false,
	"$x-amz-credential":        false,
	"$x-amz-date":              false,
}

var postPolicyIgnoreKeys = map[string]bool{
	"Policy":              true,
	xhttp.AmzSignature:    true,
	xhttp.ContentEncoding: true,
	http.CanonicalHeaderKey(xhttp.AmzChecksumAlgo):   true,

	BandWidthLimitInBytesPerSecond int64 `json:"limitInBits"`
	// current bandwidth reported
	CurrentBandwidthInBytesPerSecond float64 `json:"currentBandwidth"`
	// transfer rate for large uploads
	XferRateLrg *XferStats `json:"-" msg:"lt"`
	// transfer rate for small uploads
	XferRateSml *XferStats `json:"-" msg:"st"`

	// Deprecated fields
	// Pending size in bytes
	PendingSize int64 `json:"pendingReplicationSize"`

	errAuthentication     = errors.New("Authentication failed, check your access credentials")
	errNoAuthToken        = errors.New("JWT token missing")
	errSkewedAuthTime     = errors.New("Skewed authentication date/time")
	errMalformedAuth      = errors.New("Malformed authentication input")
)

type cacheKey struct {
	accessKey, secretKey, audience string
}

			return err
		}

		if p.Version == 0 {
			// This means that policy was in the old version (without any
			// timestamp info). We fetch the mod time of the file and save
			// that as create and update date.
			p.CreateDate = objInfo.ModTime
			p.UpdateDate = objInfo.ModTime
		}

		m[policy] = p
		return nil
	}
}

				fis[i].SuccessorModTime = succModTimes[i]
				fis[i].IsLatest = succModTimes[i].IsZero()
			}
			quorum--
			if quorum == 0 {
				break
			}
		}
		return fis
	}

	commonSuccModTime := time.Date(2023, time.August, 25, 0, 0, 0, 0, time.UTC)
	succModTimesInQuorum := make([]time.Time, 16)
	succModTimesNoQuorum := make([]time.Time, 16)
	for i := 0; i < 16; i++ {
		if i < 4 {
			continue
		}