.Builder()
      .addPlatformTrustedCertificates()
      .addInsecureHost(server.hostName)
      .build()

  val client =
    OkHttpClient
      .Builder()
      .sslSocketFactory(clientCertificates.sslSocketFactory(), clientCertificates.trustManager)
      .build()

  fun run() {
    try {
      val request = Request(server.url("/"))

      client.newCall(request).execute().use { response ->

  private val nullHostnameVerifier = HostnameVerifier { _: String?, _: SSLSession? -> true }
  private val cookieManager = CookieManager()

  @StartStop
  private val server = MockWebServer()

  @BeforeEach
  fun setUp() {
    platform.assumeNotOpenJSSE()
    server.protocolNegotiationEnabled = false
    val loggingFileSystem = LoggingFilesystem(fileSystem)
    cache = buildCache("/cache/".toPath(), Int.MAX_VALUE.toLong(), loggingFileSystem)

     * Creates a new request to connect to the SAM service.
     *
     * @param server the server name to connect to
     * @param access the desired access rights
     * @param policyHandle the policy handle to be populated
     */
    public MsrpcSamrConnect4(final String server, final int access, final SamrPolicyHandle policyHandle) {
        super(server, 2, access, policyHandle);
        this.ptype = 0;

     * Creates a new request to connect to the SAM service.
     *
     * @param server the server name to connect to
     * @param access the desired access rights
     * @param policyHandle the policy handle to be populated
     */
    public MsrpcSamrConnect2(final String server, final int access, final SamrPolicyHandle policyHandle) {
        super(server, access, policyHandle);
        ptype = 0;

    private final String proto;
    private Map<String, Object> options = null;
    private final String server;
    private String endpoint = null;
    private UUID uuid = null;
    private int major;
    private int minor;

    DcerpcBinding(final String proto, final String server) {
        this.proto = proto;
        this.server = server;
    }

    /**
     * Get the protocol for this binding.
     * @return the proto

 * future frames won't arrive on the stream ID.
 */
interface PushObserver {
  /**
   * Describes the request that the server intends to push a response for.
   *
   * @param streamId server-initiated stream ID: an even number.
   * @param requestHeaders minimally includes `:method`, `:scheme`, `:authority`,
   * and `:path`.
   */
  fun onRequest(
    streamId: Int,

var validSSEReplicationHeaders = map[string]string{
	"X-Minio-Internal-Server-Side-Encryption-Sealed-Key":     "X-Minio-Replication-Server-Side-Encryption-Sealed-Key",
	"X-Minio-Internal-Server-Side-Encryption-Seal-Algorithm": "X-Minio-Replication-Server-Side-Encryption-Seal-Algorithm",
	"X-Minio-Internal-Server-Side-Encryption-Iv":             "X-Minio-Replication-Server-Side-Encryption-Iv",

- `X-Amz-Server-Side-Encryption-Customer-Key`: Base64 encoded new key.
- `X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key`: Base64 encoded current key.

Such a special COPY request is also known as S3 SSE-C key rotation.

### Server-Side Encryption with a KMS

SSE-S3 allows an S3 client to en/decrypt an object at the MinIO server using a KMS. The MinIO
server only assumes that the KMS provides two services:

/**
 * Performs either **preemptive** authentication before connecting to a proxy server, or
 * **reactive** authentication after receiving a challenge from either an origin web server or proxy
 * server.
 *
 * ## Preemptive Authentication
 *
 * To make HTTPS calls using an HTTP proxy server OkHttp must first negotiate a connection with
 * the proxy. This proxy connection is called a "TLS Tunnel" and is specified by

### Server Binaries

filename | sha512 hash
-------- | -----------
[kubernetes-server-linux-amd64.tar.gz](https://dl.k8s.io/v1.34.0/kubernetes-server-linux-amd64.tar.gz) | `a9ec9abe6a803d55d56753e1be8549223cd34ebcbec26536cbdc277c5f17a28c4942329e1df01a2bd067b60a0c1c2901e240d5014e9ce445400239bd488582af`