if typ&os.ModeSymlink == os.ModeSymlink && fi.IsDir() {
				continue
			}

			typ = fi.Mode() & os.ModeType
		}
		if err = fn(string(name), typ); err == errDoneForNow {
			// fn() requested to return by caller.
			return nil
		}
	}

	return err
}

// Return count entries at the directory dirPath and all entries
// if count is set to -1

  private static final class StateSnapshot {
    /**
     * The internal state, which equals external state unless shutdownWhenStartupFinishes is true.
     */
    final State state;

    /** If true, the user requested a shutdown while the service was still starting up. */
    final boolean shutdownWhenStartupFinishes;

    /**
     * The exception that caused this service to fail. This will be {@code null} unless the service

    * So, the **certificate and encryption** handling is done **before HTTP**.
* **TCP doesn't know about "domains"**. Only about IP addresses.
    * The information about the **specific domain** requested goes in the **HTTP data**.
* The **HTTPS certificates** "certify" a **certain domain**, but the protocol and encryption happen at the TCP level, **before knowing** which domain is being dealt with.

        this.execTime = execTime;
    }

    /**
     * Gets the facet response containing aggregated search facets and their counts.
     *
     * @return the facet response, or null if no facets were requested
     */
    public FacetResponse getFacetResponse() {
        return facetResponse;
    }

    /**
     * Checks whether the search results are partial (not complete).
     *

        sourcePos += bytesToRead
        return bytesToRead
      }

      // Read from upstream. This always reads a full buffer: that might be more than what the
      // current call to Source.read() has requested.
      try {
        val upstreamBytesRead = upstream!!.read(upstreamBuffer, bufferMaxSize)

        // If we've exhausted upstream, we're done.
        if (upstreamBytesRead == -1L) {
          commit(upstreamPos)

	errKMSDefaultKeyAlreadyConfigured = errors.New("A default encryption already exists on KMS")
	// Additional MinIO errors for SSE-C requests.
	errObjectTampered = errors.New("The requested object was modified and may be compromised")
	// error returned when invalid encryption parameters are specified
	errInvalidEncryptionParameters     = errors.New("The encryption parameters are not applicable to this object")

	for i := range vers {
		vers[i] = xl.versions
	}

	b.Run("requested-none", func(b *testing.B) {
		b.ReportAllocs()
		b.ResetTimer()
		b.SetBytes(855) // number of versions...
		for b.Loop() {
			mergeXLV2Versions(8, false, 0, vers...)
		}
	})

	b.Run("requested-v1", func(b *testing.B) {
		b.ReportAllocs()
		b.ResetTimer()
		b.SetBytes(855) // number of versions...

func excludeForCompression(header http.Header, object string, cfg compress.Config) bool {
	objStr := object
	contentType := header.Get(xhttp.ContentType)
	if !cfg.Enabled {
		return true
	}

	if crypto.Requested(header) && !cfg.AllowEncrypted {
		return true
	}

	// We strictly disable compression for standard extensions/content-types (`compressed`).

		}
		meta.BucketTargetsConfigUpdatedAt = updatedAt
		meta.BucketTargetsConfigMetaUpdatedAt = updatedAt
	default:
		return updatedAt, fmt.Errorf("Unknown bucket %s metadata update requested %s", bucket, configFile)
	}

	return updatedAt, sys.save(ctx, meta)
}

func (sys *BucketMetadataSys) save(ctx context.Context, meta BucketMetadata) error {
	objAPI := newObjectLayerFn()

	return c.resync(oi, rdsc, tgtStatuses)
}

// wrapper function for testability. Returns true if a new reset is requested on
// already replicated objects OR object qualifies for existing object replication
// and no reset requested.
func (c replicationConfig) resync(oi ObjectInfo, dsc ReplicateDecision, tgtStatuses map[string]replication.StatusType) (r ResyncDecision) {
	r = ResyncDecision{