// storage specified by the transition ARN, the metadata is left behind on source cluster and original content
// is moved to the transition tier. Note that in the case of encrypted objects, entire encrypted stream is moved
// to the transition tier without decrypting or re-encrypting.
func transitionObject(ctx context.Context, objectAPI ObjectLayer, oi ObjectInfo, lae lcAuditEvent) (err error) {

		UserDefined:                srcInfo.UserDefined,
		Versioned:                  dstOpts.Versioned,
		VersionID:                  dstOpts.VersionID,
		MTime:                      dstOpts.MTime,
		EncryptFn:                  dstOpts.EncryptFn,
		WantChecksum:               dstOpts.WantChecksum,
		WantServerSideChecksumType: dstOpts.WantServerSideChecksumType,
	}

	sseS3 := crypto.S3.IsEncrypted(objInfo.UserDefined)
	if !sseKMS && !sseS3 { // neither sse-s3 nor sse-kms disallowed
		return errInvalidEncryptionParameters
	}
	if sseKMS && r.Encryption.Type == sses3 { // previously encrypted with sse-kms, now sse-s3 disallowed
		return errInvalidEncryptionParameters
	}
	versioned := globalBucketVersioningSys.PrefixEnabled(srcBucket, srcObject)

## **2. Prerequisites**

import jcifs.audit.SecurityAuditLogger.Severity;
import jcifs.spnego.NegTokenInit;
import jcifs.util.Crypto;
import jcifs.util.SecureKeyManager;
import jcifs.util.Strings;

/**
 * This class stores and encrypts NTLM user credentials.
 *
 * Contrary to {@link NtlmPasswordAuthentication} this does not cause guest authentication
 * when the "guest" username is supplied. Use {@link AuthenticationType} instead.
 *
 * @author mbechler

     */
    public void setWorkstation(final String workstation) {
        this.workstation = workstation;
    }

    /**
     * The real session key if the regular session key is actually
     * the encrypted version used for key exchange.
     *
     * @return A <code>byte[]</code> containing the session key.
     */
    public byte[] getMasterKey() {
        return masterKey;
    }

    /**

    public static final int ACB_PWNOEXP = 512;
    /** Account control bit flag: Account is auto-locked */
    public static final int ACB_AUTOLOCK = 1024;
    /** Account control bit flag: Encrypted text password is allowed */
    public static final int ACB_ENC_TXT_PWD_ALLOWED = 2048;
    /** Account control bit flag: Smart card is required for login */
    public static final int ACB_SMARTCARD_REQUIRED = 4096;

    public static final int ACB_PWNOEXP = 512;
    /** Account control bit flag: Account is auto-locked */
    public static final int ACB_AUTOLOCK = 1024;
    /** Account control bit flag: Encrypted text password is allowed */
    public static final int ACB_ENC_TXT_PWD_ALLOWED = 2048;
    /** Account control bit flag: Smart card is required for login */
    public static final int ACB_SMARTCARD_REQUIRED = 4096;

pkg crypto, const SHA512_224 = 14
pkg crypto, const SHA512_224 Hash
pkg crypto, const SHA512_256 = 15
pkg crypto, const SHA512_256 Hash
pkg crypto, type Decrypter interface { Decrypt, Public }
pkg crypto, type Decrypter interface, Decrypt(io.Reader, []uint8, DecrypterOpts) ([]uint8, error)
pkg crypto, type Decrypter interface, Public() PublicKey
pkg crypto, type DecrypterOpts interface {}

				return
			}

			wantSize := int64(-1)
			if actualSize >= 0 {
				info := ObjectInfo{Size: actualSize}
				wantSize = info.EncryptedSize()
			}

			// do not try to verify encrypted content/
			hashReader, err = hash.NewReader(ctx, reader, wantSize, "", "", actualSize)
			if err != nil {
				writeErrorResponse(ctx, w, toAPIError(ctx, err), r.URL)
				return
			}