defer logger.AuditLog(ctx, w, r, mustGetClaimsFromToken(r))

	// This only checks if the action (kms:ListKeys) is allowed, it does not check
	// each key name against the policy's Resources. We check that below, once
	// we have the list of key names from the KMS.
	objectAPI, _ := validateAdminReq(ctx, w, r, policy.KMSListKeysAction)
	if objectAPI == nil {
		return
	}

	if GlobalKMS == nil {

)

// Parses location constraint from the incoming reader.
func parseLocationConstraint(r *http.Request) (location string, s3Error APIErrorCode) {
	// If the request has no body with content-length set to 0,
	// we do not have to validate location constraint. Bucket will
	// be created at default region.
	locationConstraint := createBucketLocationConfiguration{}
	err := xmlDecoder(r.Body, &locationConstraint, r.ContentLength)

// https://cs.opensource.google/go/x/crypto/+/refs/tags/v0.22.0:ssh/common.go;l=44
var supportedKexAlgos = []string{
	kexAlgoCurve25519SHA256, kexAlgoCurve25519SHA256LibSSH,
	// P384 and P521 are not constant-time yet, but since we don't
	// reuse ephemeral keys, using them for ECDH should be OK.
	kexAlgoECDH256, kexAlgoECDH384, kexAlgoECDH521,
	kexAlgoDH14SHA256, kexAlgoDH16SHA512, kexAlgoDH14SHA1,
	kexAlgoDH1SHA1,
}

func removeEmptyPort(host string) string {
	if hasPort(host) {
		return strings.TrimSuffix(host, ":")
	}
	return host
}

// Copied from http.NewRequest but implemented to ensure we reuse `url.URL` instance.
func (c *Client) newRequest(ctx context.Context, method string, u url.URL, body io.Reader) (*http.Request, error) {
	rc, ok := body.(io.ReadCloser)
	if !ok && body != nil {
		rc = io.NopCloser(body)

	return r.bytesRead
}

// Data returns the bytes that were recorded.
func (r *RequestRecorder) Data() []byte {
	// If body logging is enabled then we return the actual body
	if r.LogBody {
		return r.buf.Bytes()
	}
	// ... otherwise we return <BLOB> placeholder
	return blobBody

## Date

2025-08-06

## Context

Our codebase uses `null` extensively to represent an absence of value or optionality of the argument.
We utilize nullness annotations in Java code and somewhat rely on IDE warnings to guide us.
However, the Java code we have is not fully annotated, which causes several consequences:
* IDE warnings can be misleading

 * classes and the classes they depend on. The classes are not relocated, they all
 * remain in their original namespace. This reduces the final Gradle distribution
 * size and makes us more conscious of which parts of a library we really need.
 *
 * WARNING: if you decide to do the minification by hand, make sure that you cover all paths of loading classes:
 * reflection, dynamic loading, etc. and understand how the library works internally.

		return false, ctx.Err()
	}
	if len(args.UID) == 0 {
		for _, resource := range args.Resources {
			lris, ok := l.lockMap[resource]
			if !ok {
				continue
			}
			// Collect uids, so we don't mutate while we delete
			uids := make([]string, 0, len(lris))
			for _, lri := range lris {
				uids = append(uids, lri.UID)
			}

			// Delete collected uids:
			for _, uid := range uids {

 *
 * @author Kevin Bourrillion
 * @author Jesse Wilson
 * @author Austin Appleby
 */
@GwtCompatible
final class Hashing {
  private Hashing() {}

  /*
   * These should be ints, but we need to use longs to force GWT to do the multiplications with
   * enough precision.
   */
  private static final long C1 = 0xcc9e2d51;
  private static final long C2 = 0x1b873593;

  /*

import org.junit.jupiter.api.Test;

import static org.junit.jupiter.api.Assertions.assertEquals;

/**
 * A test which demonstrates maven's recursive inheritance where
 * we are testing to make sure that elements stated in a model are
 * not clobbered by the same elements elsewhere in the lineage.
 *
 */
@Deprecated
class ProjectInheritanceTest extends AbstractProjectInheritanceTestCase {