if s3Err != ErrNone {
			writeErrorResponse(ctx, w, errorCodes.ToAPIErr(s3Err), r.URL)
			return
		}
	case authTypeSignedV2, authTypePresignedV2:
		s3Err = isReqAuthenticatedV2(r)
		if s3Err != ErrNone {
			writeErrorResponse(ctx, w, errorCodes.ToAPIErr(s3Err), r.URL)
			return
		}

	case authTypePresigned, authTypeSigned:
		if s3Err = reqSignatureV4Verify(r, globalSite.Region(), serviceS3); s3Err != ErrNone {

				if serr == errDiskNotFound {
					beforeState[index] = madmin.DriveStateOffline
					afterState[index] = madmin.DriveStateOffline
					return serr
				}
				if serr != errVolumeNotFound {
					beforeState[index] = madmin.DriveStateCorrupt
					afterState[index] = madmin.DriveStateCorrupt
					return serr
				}

				beforeState[index] = madmin.DriveStateMissing
				afterState[index] = madmin.DriveStateMissing

	if len(p) == 0 {
		return 0, r.setErr(nil, false)
	}
	r.mu.Lock()
	defer r.mu.Unlock()
	if err := r.err; err != nil {
		if err == io.EOF {
			err = ErrWriteOnClosed
		}
		return 0, err
	}
	wrote := 0
	for len(p) > 0 {
		n, err = r.write(p)
		wrote += n
		if !r.block || err == nil {
			break
		}
		err = r.setErr(err, true)

	signV4Values := signValues{}

	var s3Err APIErrorCode
	// Save credential values.
	signV4Values.Credential, s3Err = parseCredentialHeader(strings.TrimSpace(credElement), region, stype)
	if s3Err != ErrNone {
		return sv, s3Err
	}

	// Save signed headers.
	signV4Values.SignedHeaders, s3Err = parseSignedHeader(authFields[1])
	if s3Err != ErrNone {
		return sv, s3Err
	}

	// Save signature.

		return
	}

	keyID := r.Form.Get("key-id")

	// Ensure policy allows the user to create this key name
	cred, owner, s3Err := validateAdminSignature(ctx, r, "")
	if s3Err != ErrNone {
		writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(s3Err), r.URL)
		return
	}
	if !checkKMSActionAllowed(r, owner, cred, policy.KMSCreateKeyAction, keyID) {

            System.setErr(new PrintStream(errContent));

            String[] args = { "--help" };
            // Note: main calls System.exit, so we can't test it directly
            // Instead, we test the parsing logic separately

            System.setErr(originalErr);
        } catch (Exception e) {
            System.setErr(originalErr);
        }
    }

    @Test

		t.Fatal(err)
	}

	_, owner, s3Err := checkKeyValid(req, globalActiveCred.AccessKey)
	if s3Err != ErrNone {
		t.Fatalf("Unexpected failure with %v", errorCodes.ToAPIErr(s3Err))
	}

	if !owner {
		t.Fatalf("Expected owner to be 'true', found %t", owner)
	}

	_, _, s3Err = checkKeyValid(req, "does-not-exist")
	if s3Err != ErrInvalidAccessKeyID {

Daz DeBoer <******@****.***> <******@****.***>
Derek Eskens <******@****.***> <******@****.***>
Etienne Studer <******@****.***> <etienne.studer@gradleware.com>
Etienne Studer <******@****.***> <etienne@studer.nu>
Etienne Studer <******@****.***> <log>
Gary Hale <******@****.***> <******@****.***>
Hans Dockter <******@****.***>

		cred, owner, s3Err = getReqAccessKeyV4(r, region, serviceS3)
	case authTypeStreamingUnsignedTrailer:
		cred, owner, s3Err = getReqAccessKeyV4(r, region, serviceS3)
		if s3Err == ErrMissingFields {
			// Could be anonymous. cred + owner is zero value.
			s3Err = ErrNone
		}
	}
	if s3Err != ErrNone {
		return s3Err
	}

	logger.GetReqInfo(ctx).Cred = cred
	logger.GetReqInfo(ctx).Owner = owner

	// Parse credential tag.
	credHeader, s3Err := parseCredentialHeader("Credential="+formValues.Get(xhttp.AmzCredential), region, serviceS3)
	if s3Err != ErrNone {
		return auth.Credentials{}, s3Err
	}

	r := &http.Request{Header: formValues}
	cred, _, s3Err := checkKeyValid(r, credHeader.accessKey)
	if s3Err != ErrNone {
		return cred, s3Err
	}

	// Get signing key.