}

// Equal returns true if and only if the two ETags are
// identical.
func Equal(a, b ETag) bool { return bytes.Equal(a, b) }

// Decrypt decrypts the ETag with the given key.
//
// If the ETag is not encrypted, Decrypt returns
// the ETag unmodified.
func Decrypt(key []byte, etag ETag) (ETag, error) {
	const HMACContext = "SSE-etag"

	if !etag.IsEncrypted() {
		return etag, nil
	}

	if err != nil {
		return encryptedETag
	}
	return hex.EncodeToString(etagBytes)
}

// GetDecryptedRange - To decrypt the range (off, length) of the
// decrypted object stream, we need to read the range (encOff,
// encLength) of the encrypted object stream to decrypt it, and
// compute skipLen, the number of bytes to skip in the beginning of
// the encrypted range.
//

* Nginx
* HAProxy

## Let's Encrypt { #lets-encrypt }

Before Let's Encrypt, these **HTTPS certificates** were sold by trusted third parties.

The process to acquire one of these certificates used to be cumbersome, require quite some paperwork and the certificates were quite expensive.

But then **<a href="https://letsencrypt.org/" class="external-link" target="_blank">Let's Encrypt</a>** was created.

	// ErrDecrypt is an error returned by the KMS when the decryption
	// of a ciphertext failed.
	ErrDecrypt = Error{
		Code:    http.StatusBadRequest,
		APICode: "kms:InvalidCiphertextException",
		Err:     "failed to decrypt ciphertext",
	}

	// ErrNotSupported is an error returned by the KMS when the requested
	// functionality is not supported by the KMS service.
	ErrNotSupported = Error{
		Code:    http.StatusNotImplemented,

            byte[] decryptedData = createDecryptedDataBytes(USER_PRINCIPAL_NAME, USER_REALM);
            mockedEncData.when(() -> KerberosEncData.decrypt(ENCRYPTED_DATA, kerberosKey, ENCRYPTION_TYPE)).thenReturn(decryptedData);
            when(kerberosKey.getKeyType()).thenReturn(ENCRYPTION_TYPE);

            KerberosTicket ticket = new KerberosTicket(validToken, (byte) 0, keys);

                        if (id.equalsIgnoreCase(server.getId())) {
                            SettingsDecryptionResult result =
                                    settingsDecrypter.decrypt(new DefaultSettingsDecryptionRequest(server));
                            server = result.getServer();

                            AuthenticationInfo authInfo = new AuthenticationInfo();

                "Should throw IllegalArgumentException for null message");
    }

    @Test
    @DisplayName("Should successfully encrypt and decrypt with refactored methods")
    void testRefactoredEncryptionDecryption() throws Exception {
        // Given - Use same key for both encryption and decryption in test

		KeyID:      req.Name,
		Version:    0,
		Plaintext:  []byte("stubplaincharswhichare32bytelong"),
		Ciphertext: []byte("stubplaincharswhichare32bytelong"),
	}, nil
}

// Decrypt is a non-functional stub.
func (s StubKMS) Decrypt(_ context.Context, req *DecryptRequest) ([]byte, error) {
	return req.Ciphertext, nil
}

// MAC is a non-functional stub.

 * under the License.
 */
package org.apache.maven.settings.crypto;

/**
 * Decrypts passwords in the settings.
 *
 * @deprecated since 4.0.0
 */
@Deprecated(since = "4.0.0")
public interface SettingsDecrypter {

    /**
     * Decrypts passwords in the settings.
     *
     * @param request The settings decryption request that holds the parameters, must not be {@code null}.

	)

	ErrInvalidConfigDecryptionKey = newErrFn(
		"Incorrect encryption key to decrypt internal data",
		"Please set the correct default KMS key value or the correct root credentials for older MinIO versions.",
		`Revert MINIO_KMS_KES_KEY_NAME or MINIO_ROOT_USER/MINIO_ROOT_PASSWORD (for older MinIO versions) to be able to decrypt the internal data again.`,
	)

	ErrInvalidCredentials = newErrFn(
		"Invalid credentials",