return auth.Credentials{}, s3Err
	}

	r := &http.Request{Header: formValues}
	cred, _, s3Err := checkKeyValid(r, credHeader.accessKey)
	if s3Err != ErrNone {
		return cred, s3Err
	}

	// Get signing key.
	signingKey := getSigningKey(cred.SecretKey, credHeader.scope.date, credHeader.scope.region, serviceS3)

	// Get signature.
	newSignature := getSignature(signingKey, formValues.Get("Policy"))

                if (b != 0) {
                    allZero = false;
                    break;
                }
            }
            assertFalse(allZero, "Signature should not be all zeros after signing");
        }

        @Test
        @DisplayName("Should set SMB2_FLAGS_SIGNED flag")
        void testSignSetsSignedFlag() {
            // Set initial flags without signed flag

        assertTrue(encryptionEnabled, "Should delegate encryption setting");
        assertFalse(signingPreferred, "Should delegate signing preferred setting");
        assertTrue(signingEnforced, "Should delegate signing enforced setting");
        assertTrue(ipcSigningEnforced, "Should delegate IPC signing enforced setting");
        assertTrue(firstExtendedSecurityCall, "First call should return true");

            yield new byte[0];
        }
        };
    }

    /**
     * Get the signing key for this authentication
     *
     * @param tc the CIFS context
     * @param chlng the server challenge
     * @return the signing key
     * @throws SmbException if an SMB error occurs
     * @throws GeneralSecurityException if a security error occurs
     */

    private String[] dialects;

    /**
     * Creates a new SMB1 negotiate request to establish protocol parameters.
     *
     * @param config the CIFS configuration
     * @param signingEnforced whether SMB signing is enforced
     */
    public SmbComNegotiate(final Configuration config, final boolean signingEnforced) {
        super(config, SMB_COM_NEGOTIATE);
        this.signingEnforced = signingEnforced;

    private Smb3KeyDerivation() {
    }

    /**
     * Derives the SMB3 signing key from the session key using the appropriate KDF for the dialect.
     *
     * @param dialect the SMB dialect version
     * @param sessionKey the base session key
     * @param preauthIntegrity the pre-authentication integrity hash (for SMB 3.1.1) or null
     * @return derived signing key
     */

        assertNotNull(contexts);
        assertEquals(0, contexts.length);
        assertNull(request.getPreauthSalt());
    }

    @Test
    @DisplayName("Should enforce signing when required flag is set")
    void testSigningEnforced() {
        // When
        request = new Smb2NegotiateRequest(mockConfig, Smb2Constants.SMB2_NEGOTIATE_SIGNING_REQUIRED);

        // Then

        verify(treeConnection, times(2)).isSame(otherConn);
    }

    @Test
    @DisplayName("Buffer sizes and signing flags from negotiate response")
    void bufferSizesAndSigning() throws Exception {
        // Validate buffer sizes and signing flag are read from negotiate response
        SmbNegotiationResponse nego = mock(SmbNegotiationResponse.class);

time="2020-07-12T20:45:50Z" level=info msg="config response types accepted: [code token id_token]"
time="2020-07-12T20:45:50Z" level=info msg="config using password grant connector: local"
time="2020-07-12T20:45:50Z" level=info msg="config signing keys expire after: 3h0m0s"
time="2020-07-12T20:45:50Z" level=info msg="config id tokens valid for: 3h0m0s"
time="2020-07-12T20:45:50Z" level=info msg="listening (http) on 0.0.0.0:5556"
```

### Configure MinIO server with Dex

    }

    @Test
    @DisplayName("Should fail validation when signing enforced but not enabled")
    void testIsValidSigningEnforcedButNotEnabled() throws Exception {
        // Given
        setResponseAsReceived(response);
        when(mockRequest.isSigningEnforced()).thenReturn(true);
        setPrivateField(response, "securityMode", 0); // No signing

        // When