- Secure File Transfer Protocol (SFTP) – Defined by the Internet Engineering Task Force (IETF) as an
  extended version of SSH 2.0, allowing file transfer over SSH and for use with Transport Layer
  Security (TLS) and VPN applications.

- File Transfer Protocol over SSL/TLS (FTPS) – Encrypted FTP communication via TLS certificates.

- File Transfer Protocol (FTP) – Defined by RFC114 originally, and replaced by RFC765 and RFC959

		},
		{
			// restore completed but expired
			meta: map[string]string{
				xhttp.AmzRestore: completedRestoreObj(time.Now().Add(-time.Hour)).String(),
			},
			remote: true,
		},
		{
			// restore never initiated
			meta:   map[string]string{},
			remote: true,
		},
	}
	for i, tc := range testCases {
		// Set transition status to complete
		fi.TransitionStatus = lifecycle.TransitionComplete

	}
	if cap(b) != capWidth {
		t.Fatalf("bytepool length invalid: got %v want %v", cap(b), capWidth)
	}

	bufPool.Put(b)

	// Close the channel so we can iterate over it.
	close(bufPool.c)

	// Check the size of the pool.
	if uint64(len(bufPool.c)) != size {
		t.Fatalf("bytepool size invalid: got %v want %v", len(bufPool.c), size)
	}

		if format == nil {
			continue
		}
		// NOTE: This code is specifically needed when migrating version
		// V1 to V2 to V3, in a scenario such as this we only need to handle
		// single sets since we never used to support multiple sets in releases
		// with V1 format version.
		if len(format.Erasure.Sets) > 1 {
			continue
		}
		if format.Erasure.This == "" {
			return true
		}
	}
	return false
}

Further, the temp. S3 credentials will never out-live the client certificate. For example, if the `MINIO_IDENTITY_TLS_STS_EXPIRY` is 7 days but the certificate itself is only valid for the next 3 days, then MinIO will return S3 credentials that are valid for 3 days only.

		HTTPStatusCode: http.StatusBadRequest,
	},
	ErrSTSInsecureConnection: {
		Code:           "InsecureConnection",
		Description:    "The request was made over a plain HTTP connection. A TLS connection is required.",
		HTTPStatusCode: http.StatusBadRequest,
	},
	ErrSTSInvalidClientCertificate: {
		Code:           "InvalidClientCertificate",

package kms

import (
	"context"
	"encoding"
	"encoding/json"

	jsoniter "github.com/json-iterator/go"
	"github.com/minio/kms-go/kes"
)

// KMS is the generic interface that abstracts over
// different KMS implementations.
type KMS interface {
	// Stat returns the current KMS status.
	Stat(cxt context.Context) (Status, error)

	// IsLocal returns true if the KMS is a local implementation
	IsLocal() bool

	claims.Subject = "test"
	j := jwt.NewWithClaims(jwt.SigningMethodHS512, claims)
	tk, _ := j.SignedString([]byte("HelloSecret"))
	return tk
}

func TestParserParse(t *testing.T) {
	// Iterate over test data set and run tests
	for _, data := range jwtTestData {
		data := data
		t.Run(data.name, func(t *testing.T) {
			// Parse the token
			var err error

			// Figure out correct claims type

		}
	}
	return false
}

// enforceRetentionBypassForDelete enforces whether an existing object under governance can be deleted
// with governance bypass headers set in the request.
// Objects under site wide WORM can never be overwritten.
// For objects in "Governance" mode, overwrite is allowed if a) object retention date is past OR
// governance bypass headers are set and user has governance bypass permissions.

			bucketName      string
			objName         string
			uploadID        string
			expectedErrType error
		}{bucket, "\\", uploadID, InvalidUploadID{}})
	}

	// Iterating over creatPartCases to generate multipart chunks.
	for i, testCase := range abortTestCases {
		err = obj.AbortMultipartUpload(context.Background(), testCase.bucketName, testCase.objName, testCase.uploadID, opts)