// X-Amz-Content-Sha256, if not set in presigned requests, checksum
		// will default to 'UNSIGNED-PAYLOAD'.
		defaultSha256Cksum = unsignedPayload
		v, ok = r.Form[xhttp.AmzContentSha256]
		if !ok {
			v, ok = r.Header[xhttp.AmzContentSha256]
		}
	} else {
		// X-Amz-Content-Sha256, if not set in signed requests, checksum
		// will default to sha256([]byte("")).
		defaultSha256Cksum = emptySHA256

          <plugin>
            <groupId>net.nicoulaj.maven.plugins</groupId>
            <artifactId>checksum-maven-plugin</artifactId>
            <version>1.11</version>
            <executions>
              <execution>
                <id>source-release-checksum</id>
                <goals>
                  <goal>artifacts</goal>
                </goals>
                <configuration>

	if _, ok := opts.ObjectAttributes[xhttp.Checksum]; ok {
		chkSums := objInfo.decryptChecksums(0, r.Header)
		// AWS does not appear to append part number on this API call.
		if len(chkSums) > 0 {
			OA.Checksum = &objectAttributesChecksum{
				ChecksumCRC32:  strings.Split(chkSums["CRC32"], "-")[0],
				ChecksumCRC32C: strings.Split(chkSums["CRC32C"], "-")[0],
				ChecksumSHA1:   strings.Split(chkSums["SHA1"], "-")[0],

//
// Each S3 object has an associated ETag that can be
// used to e.g. quickly compare objects or check whether
// the content of an object has changed.
//
// In general, an S3 ETag is an MD5 checksum of the object
// content. However, there are many exceptions to this rule.
//
// # Single-part Upload
//
// In case of a basic single-part PUT operation - without server

constraints.Mod10Check.message              = The check digit for ${value} is invalid, Modulo 10 checksum failed.
constraints.Mod11Check.message              = The check digit for ${value} is invalid, Modulo 11 checksum failed.
constraints.ModCheck.message                = The check digit for ${value} is invalid, ${modType} checksum failed.

constraints.Mod10Check.message              = The check digit for ${value} is invalid, Modulo 10 checksum failed.
constraints.Mod11Check.message              = The check digit for ${value} is invalid, Modulo 11 checksum failed.
constraints.ModCheck.message                = The check digit for ${value} is invalid, ${modType} checksum failed.

	if err != nil {
		return err
	}
	// Verify that CRC is ok.
	want := binary.LittleEndian.Uint32(id)
	got := crc32.ChecksumIEEE(key)
	if want != got {
		return fmt.Errorf("Invalid key checksum, want %x, got %x", want, got)
	}

	stream, err := sio.AES_256_GCM.Stream(key)
	if err != nil {
		return err
	}
	// Zero nonce, we only use each key once, and 32 bytes is plenty.

          {{- toYaml .Values.podLabels | nindent 8 }}
        {{- end }}
      annotations:
        {{- if not .Values.ignoreChartChecksums }}
        checksum/secrets: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }}
        checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
        {{- end }}
        {{- if .Values.podAnnotations }}

	ErrMissingCustomerKey = Errorf("The SSE-C request is missing the customer key")

	// ErrMissingCustomerKeyMD5 indicates that the HTTP headers contains no SSE-C client key
	// MD5 checksum.
	ErrMissingCustomerKeyMD5 = Errorf("The SSE-C request is missing the customer key MD5")

	// ErrInvalidCustomerKey indicates that the SSE-C client key is not valid - e.g. not a
	// base64-encoded string or not 256 bits long.

	}
}

// Tests hash reader checksum verification.
func TestHashReaderVerification(t *testing.T) {
	testCases := []struct {
		desc              string
		src               io.Reader
		size              int64
		actualSize        int64
		md5hex, sha256hex string
		err               error
	}{
		0: {
			desc:       "Success, no checksum verification provided.",