if [ "${expected_checksum}" != "${got_checksum}" ]; then
	echo "BUG: decommission failed on encrypted objects: expected ${expected_checksum} got ${got_checksum}"
	exit 1
fi

./s3-check-md5 -versions -access-key minioadmin -secret-key minioadmin -endpoint http://127.0.0.1:9001/ -bucket versioned

  @BeforeEach
  fun setUp() {
    if (connectionType == H2) {
      platform.assumeHttp2Support()
    }

    // Sockets on some platforms can have large buffers that mean writes do not block when
    // required. These socket factories explicitly set the buffer sizes on sockets created.
    server = MockWebServer()
    server.serverSocketFactory =

import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.Socket;
import javax.net.SocketFactory;
import jnr.unixsocket.UnixSocketChannel;

/** Impersonate TCP-style SocketFactory over UNIX domain sockets. */
public final class UnixDomainSocketFactory extends SocketFactory {
  private final File path;

  public UnixDomainSocketFactory(File path) {
    this.path = path;
  }

			// with dead end because tcp-keepalive is not fired when there is data in the socket buffer.
			//    https://blog.cloudflare.com/when-tcp-sockets-refuse-to-die/
			// This is a sensitive configuration, it is better to set it to high values, > 60 secs since it can
			// affect clients reading data with a very slow pace  (disappropriate with socket buffer sizes)

   </ResponseMetadata>
</AssumeRoleWithCertificateResponse>
```

## Authentication Flow

A client can request temp. S3 credentials via the STS API. It can authenticate via a client certificate and obtain a access/secret key pair as well as a session token. These credentials are associated to an S3 policy at the MinIO server.

    /**
     * Access key for cloud storage authentication.
     * Used to authenticate with cloud storage services.
     */
    @Size(max = 1000)
    public String storageAccessKey;

    /**
     * Secret key for cloud storage authentication.
     * Used in conjunction with the access key for cloud storage.
     */
    @Size(max = 1000)
    public String storageSecretKey;

    /**

 *  Fix: Don't leak a connection when a call is canceled immediately preceding the `onFailure()`
    callback.

 *  Fix: Apply call timeouts when connecting duplex calls, web sockets, and server-sent events.
    Once the streams are established no further timeout is enforced.

 *  Fix: Retain the `Route` when a connection is reused on a redirect or other follow-up. This was

	defer store.unlock()

	secret, err := getTokenSigningKey()
	if err != nil {
		return err
	}

	var revoked bool
	for _, ui := range cache.iamSTSAccountsMap {
		if ui.Credentials.ParentUser != parentUser {
			continue
		}
		if tokenRevokeType != "" {
			claims, err := getClaimsFromTokenWithSecret(ui.Credentials.SessionToken, secret)
			if err != nil {

 *
 * <p>This client requires the following initialization parameters:
 * <ul>
 *   <li>endpoint - The URL of the S3-compatible server</li>
 *   <li>accessKey - The access key for authentication</li>
 *   <li>secretKey - The secret key for authentication</li>
 *   <li>region - The AWS region (default: us-east-1)</li>
 *   <li>connectTimeout - Connection timeout in milliseconds (default: 10000)</li>

                                "title": "Age",
                            },
                            "secret_name": {"type": "string", "title": "Secret Name"},
                        },
                        "type": "object",
                        "required": ["name", "secret_name"],
                        "title": "Hero",
                    },