md4.update(responseKeyNT);
                    final byte[] userSessionKey = md4.digest();

                    final HMACT64 hmac = new HMACT64(userSessionKey);
                    hmac.update(sessionNonce);
                    final byte[] ntlm2SessionKey = hmac.digest();

                    if ((getFlags() & NTLMSSP_NEGOTIATE_KEY_EXCH) != 0) {
                        masterKey = new byte[16];

        final byte[] sk = this.masterKey;
        if (sk == null) {
            return;
        }
        final MessageDigest mac = Crypto.getHMACT64(sk);
        mac.update(type1);
        mac.update(type2);
        final byte[] type3 = toByteArray();
        mac.update(type3);
        setMic(mac.digest());
    }

    /**
     * Creates a Type-3 message with the specified parameters.
     *
     * @param flags

```json
{
  "input": {
    "account": "minio",
    "groups": null,
    "action": "s3:ListBucket",
    "bucket": "test",
    "conditions": {
      "Authorization": [
        "AWS4-HMAC-SHA256 Credential=minio/20220507/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=62012db6c47d697620cf6c68f0f45f6e34894589a53ab1faf6dc94338468c78a"
      ],
      "CurrentTime": [

	}

	if _, ok := claims[policy.SessionPolicyName]; ok {
		owner = false
	}

	return cred, owner, ErrNone
}

// sumHMAC calculate hmac between two input byte array.
func sumHMAC(key []byte, data []byte) []byte {
	hash := hmac.New(sha256.New, key)
	hash.Write(data)
	return hash.Sum(nil)
}

// extractSignedHeaders extract signed headers from Authorization header

//
// You should have received a copy of the GNU Affero General Public License
// along with this program.  If not, see <http://www.gnu.org/licenses/>.

package cmd

import (
	"crypto/hmac"
	"crypto/sha1"
	"crypto/subtle"
	"encoding/base64"
	"fmt"
	"net/http"
	"net/url"
	"sort"
	"strconv"
	"strings"

	xhttp "github.com/minio/minio/internal/http"

import org.bouncycastle.crypto.DerivationParameters;
import org.bouncycastle.crypto.digests.SHA256Digest;
import org.bouncycastle.crypto.generators.KDFCounterBytesGenerator;
import org.bouncycastle.crypto.macs.HMac;
import org.bouncycastle.crypto.params.KDFCounterParameters;

/**
 * SMB3 SP800-108 Counter Mode Key Derivation
 *
 * @author mbechler
 *
 */
public final class Smb3KeyDerivation {

        // Changing domain should change the key (domain is part of MAC input)
        byte[] differentDomain = NtlmUtil.nTOWFv2("DOMAIN", user, password);
        assertFalse(Arrays.equals(viaPassword, differentDomain), "Different domain should produce a different key");
    }

    @Test
    @DisplayName("computeResponse: HMAC(server||clientData) prepended to clientData")
    void testComputeResponse_basic() {

	var partIDbin [4]byte
	binary.LittleEndian.PutUint32(partIDbin[:], uint32(partID)) // marshal part ID

	mac := hmac.New(sha256.New, d.objectEncryptionKey) // derive part encryption key from part ID and object key
	mac.Write(partIDbin[:])
	partEncryptionKey := mac.Sum(nil)

	// Limit the reader, so the decryptor doesn't receive bytes
	// from the next part (different DARE stream)

    /** DES encryption type identifier */
    int DES_ENC_TYPE = 3;
    /** RC4 encryption type identifier */
    int RC4_ENC_TYPE = 23;
    /** RC4 algorithm name */
    String RC4_ALGORITHM = "ARCFOUR";
    /** HMAC algorithm name */
    String HMAC_ALGORITHM = "HmacMD5";
    /** Size of confounder in bytes */
    int CONFOUNDER_SIZE = 8;
    /** Size of checksum in bytes */
    int CHECKSUM_SIZE = 16;

    @ValueSource(strings = { "AES encryption not supported", "Missing Bouncy Castle provider", "Invalid key length for AES-128",
            "RC4 cipher not available in this JVM", "DES encryption is deprecated and not supported", "HMAC-SHA256 algorithm not found",
            "RSA key generation failed: key size not supported" })
    void testMessageConstructorWithCryptoMessages(String message) {
        // Given & When