// Auth middleware verifies incoming authorization headers and routes them
	// accordingly. Client receives a HTTP error for invalid/unsupported
	// signatures.
	//
	// Validates all incoming requests to have a valid date header.
	setAuthMiddleware,
	// Redirect some pre-defined browser request paths to a static location
	// prefix.
	setBrowserRedirectMiddleware,
	// Adds 'crossdomain.xml' policy middleware to serve legacy flash clients.

	ActualSize int64             `json:"actualSize"` // Original size of the part without compression or encryption bytes.
	ModTime    time.Time         `json:"modTime"`    // Date and time at which the part was uploaded.
	Index      []byte            `json:"index,omitempty" msg:"index,omitempty"`
	Checksums  map[string]string `json:"crc,omitempty" msg:"crc,omitempty"` // Content Checksums
}

	// Object content should be written to http.ResponseWriter
	return false
}

// returns true if object was modified after givenTime.
func ifModifiedSince(objTime time.Time, givenTime time.Time) bool {
	// The Date-Modified header truncates sub-second precision, so
	// use mtime < t+1s instead of mtime <= t to check for unmodified.
	return objTime.After(givenTime.Add(1 * time.Second))
}

				c.client = client
				c.lock.Unlock()

				prevCertificate = certificate
			}
		}
	}()

	go c.refreshKMSMasterKeyCache(logger)
	return c, nil
}

// Request KES keep an up-to-date copy of the KMS master key to allow minio to start up even if KMS is down. The
// cached key may still be evicted if the period of this function is longer than that of KES .cache.expiry.unused

// along with this program.  If not, see <http://www.gnu.org/licenses/>.

package http

// Standard S3 HTTP response constants
const (
	LastModified       = "Last-Modified"
	Date               = "Date"
	ETag               = "ETag"
	ContentType        = "Content-Type"
	ContentMD5         = "Content-Md5"
	ContentEncoding    = "Content-Encoding"
	Expires            = "Expires"

	"$key":                     true,
	"$success_action_redirect": true,
	"$redirect":                true,
	"$success_action_status":   true,
	"$x-amz-algorithm":         false,
	"$x-amz-credential":        false,
	"$x-amz-date":              false,
}

var postPolicyIgnoreKeys = map[string]bool{
	"Policy":              true,
	xhttp.AmzSignature:    true,
	xhttp.ContentEncoding: true,
	http.CanonicalHeaderKey(xhttp.AmzChecksumAlgo):   true,

	errAuthentication     = errors.New("Authentication failed, check your access credentials")
	errNoAuthToken        = errors.New("JWT token missing")
	errSkewedAuthTime     = errors.New("Skewed authentication date/time")
	errMalformedAuth      = errors.New("Malformed authentication input")
)

type cacheKey struct {
	accessKey, secretKey, audience string
}

			return err
		}

		if p.Version == 0 {
			// This means that policy was in the old version (without any
			// timestamp info). We fetch the mod time of the file and save
			// that as create and update date.
			p.CreateDate = objInfo.ModTime
			p.UpdateDate = objInfo.ModTime
		}

		m[policy] = p
		return nil
	}
}

				fis[i].SuccessorModTime = succModTimes[i]
				fis[i].IsLatest = succModTimes[i].IsZero()
			}
			quorum--
			if quorum == 0 {
				break
			}
		}
		return fis
	}

	commonSuccModTime := time.Date(2023, time.August, 25, 0, 0, 0, 0, time.UTC)
	succModTimesInQuorum := make([]time.Time, 16)
	succModTimesNoQuorum := make([]time.Time, 16)
	for i := 0; i < 16; i++ {
		if i < 4 {
			continue
		}

		return
	}

	// Proxy rebalance-status to first pool first node, so that users see a
	// consistent view of rebalance progress even though different rebalancing
	// pools may temporarily have out of date info on the others.
	if ep := globalEndpoints[0].Endpoints[0]; !ep.IsLocal {
		for nodeIdx, proxyEp := range globalProxyEndpoints {
			if proxyEp.Endpoint.Host == ep.Host {
				if proxyRequestByNodeIndex(ctx, w, r, nodeIdx) {