Code:           "InvalidArgument",
		Description:    "Server Side Encryption with AWS KMS managed key requires HTTP header x-amz-server-side-encryption : aws:kms",
		HTTPStatusCode: http.StatusBadRequest,
	},
	ErrIncompatibleEncryptionMethod: {
		Code:           "InvalidArgument",
		Description:    "Server Side Encryption with Customer provided key is incompatible with the encryption method specified",
		HTTPStatusCode: http.StatusBadRequest,

     * negotiation, SMB encryption is not implemented yet.
     *
     * @return whether SMB encryption is enabled
     * @since 2.1
     */
    boolean isEncryptionEnabled();

    /**
     * Property {@code jcifs.smb.client.preferredCiphers} (string, default "AES_128_GCM,AES_128_CCM,AES_256_GCM,AES_256_CCM")
     *
     * @return preferred encryption cipher list in order of preference for SMB3 encryption

                                  'testbucket',
                                  'hosts',
                                  ExtraArgs={'ServerSideEncryption': 'AES256'})

# Upload with server side encryption, using temporary credentials
s3.meta.client.upload_file('/etc/hosts',
                           'testbucket',
                           'hosts',
                           ExtraArgs={'ServerSideEncryption': 'AES256'})

        }

        logEvent(EventType.FILE_ACCESS, success ? Severity.INFO : Severity.WARNING, message, context);
        returnContextMap(context);
    }

    /**
     * Log an encryption event
     *
     * @param enabled whether encryption was enabled
     * @param cipherSuite cipher suite used
     * @param sessionId session identifier
     */

 */

package jcifs.dcerpc;

import jcifs.dcerpc.ndr.NdrBuffer;

/**
 * Interface for providing security services for DCE/RPC communications.
 * This interface abstracts authentication and encryption mechanisms.
 */
public interface DcerpcSecurityProvider {

    /**
     * Wraps outgoing DCERPC message data for security protection
     * @param outgoing the buffer containing data to be wrapped

type RestoreRequestType string

const (
	// SelectRestoreRequest specifies select request. This is the only valid value
	SelectRestoreRequest RestoreRequestType = "SELECT"
)

// Encryption specifies encryption setting on restored bucket
type Encryption struct {
	EncryptionType sse.Algorithm `xml:"EncryptionType"`
	KMSContext     string        `xml:"KMSContext,omitempty"`
	KMSKeyID       string        `xml:"KMSKeyId,omitempty"`
}

	logger.LogOnceIf(ctx, "ilm", err, id, errKind...)
}

func encLogIf(ctx context.Context, err error, errKind ...any) {
	logger.LogIf(ctx, "encryption", err, errKind...)
}

func encLogOnceIf(ctx context.Context, err error, id string, errKind ...any) {
	logger.LogOnceIf(ctx, "encryption", err, id, errKind...)
}

func storageLogIf(ctx context.Context, err error, errKind ...any) {
	logger.LogIf(ctx, "storage", err, errKind...)

      get() =
        when {
          message == "adding as trusted certificates" -> Type.Setup
          message == "Raw read" || message == "Raw write" -> Type.Encrypted
          message == "Plaintext before ENCRYPTION" || message == "Plaintext after DECRYPTION" -> Type.Plaintext
          message.startsWith("System property ") -> Type.Setup
          message.startsWith("Reload ") -> Type.Setup

    /**
     * Session flag indicating this is a null/anonymous session
     */
    public static final int SMB2_SESSION_FLAGS_IS_NULL = 0x2;

    /**
     * Session flag indicating data encryption is required for this session
     */
    public static final int SMB2_SESSION_FLAG_ENCRYPT_DATA = 0x4;

    private int sessionFlags;
    private byte[] blob;

    /**

    }

    /**
     * Derives the SMB3 encryption key from the session key using the appropriate KDF for the dialect.
     *
     * @param dialect the SMB dialect version
     * @param sessionKey the base session key
     * @param preauthIntegrity the pre-authentication integrity hash (for SMB 3.1.1) or null
     * @return derived encryption key
     */