assertTrue(encrypted.length > plaintext.length, "Encrypted message should be larger than plaintext");

        // Verify transform header is present (first 52 bytes)
        assertTrue(encrypted.length >= 52, "Encrypted message should include transform header");

        // When - Decrypt
        byte[] decrypted = context.decryptMessage(encrypted);

        // Then - Verify decryption

                    logger.debug("principal: {}", principal);
                }
            } catch (final Exception e) {
                final String msg = "Failed to process Authorization Header: " + request.getHeader(Constants.AUTHZ_HEADER);
                if (logger.isDebugEnabled()) {
                    logger.debug(msg);
                }

// has been used.
// The returned reader contains the payload.
func waitForHTTPResponse(respBody io.Reader) (io.Reader, error) {
	reader := bufio.NewReader(respBody)
	for {
		b, err := reader.ReadByte()
		if err != nil {
			return nil, err
		}
		// Check if we have a response ready or a filler byte.
		switch b {
		case 0:
			return reader, nil
		case 1:
			errorText, err := io.ReadAll(reader)

In this exception, we include the scopes required (if any) as a string separated by spaces (using `scope_str`). We put that string containing the scopes in the `WWW-Authenticate` header (this is part of the spec).

{* ../../docs_src/security/tutorial005_an_py310.py hl[106,108:116] *}

## Verify the `username` and data shape { #verify-the-username-and-data-shape }

        int bodyOffset = Smb2Constants.SMB2_HEADER_LENGTH;
        int securityBufferOffset = SMBUtil.readInt2(buffer, bodyOffset + 12);

        // The offset should point to the location after the fixed structure (relative to header start)
        int expectedOffset = Smb2Constants.SMB2_HEADER_LENGTH + 24;
        while ((expectedOffset % 8) != 0) {
            expectedOffset++; // Account for pad8
        }

		writeErrorResponseJSON(ctx, w, toAdminAPIErr(ctx, err), r.URL)
		return
	}
	globalNotificationSys.SignalConfigReload(subSys)
	// Tell the client that dynamic config was applied.
	w.Header().Set(madmin.ConfigAppliedHeader, madmin.ConfigAppliedTrue)
}

type badConfigErr struct {
	Err error
}

// Error - return the error message
func (bce badConfigErr) Error() string {

En esta excepción, incluimos los scopes requeridos (si los hay) como un string separado por espacios (usando `scope_str`). Ponemos ese string que contiene los scopes en el header `WWW-Authenticate` (esto es parte de la especificación).

{* ../../docs_src/security/tutorial005_an_py310.py hl[106,108:116] *}

## Verificar el `username` y la forma de los datos

	if r.NotificationCfg.Endpoint == "" {
		return nil
	}

	ctx, cancel := context.WithTimeout(ctx, 10*time.Second)
	defer cancel()

	req, err := http.NewRequestWithContext(ctx, http.MethodPost, r.NotificationCfg.Endpoint, body)
	if err != nil {
		return err
	}

	if r.NotificationCfg.Token != "" {
		req.Header.Set("Authorization", r.NotificationCfg.Token)

pkg archive/zip, method (*File) DataOffset() (int64, error)
pkg archive/zip, type Compressor func(io.Writer) (io.WriteCloser, error)
pkg archive/zip, type Decompressor func(io.Reader) io.ReadCloser
pkg bufio, method (*Reader) Reset(io.Reader)
pkg bufio, method (*Writer) Reset(io.Writer)
pkg compress/flate, method (*Writer) Reset(io.Writer)
pkg compress/gzip, method (*Writer) Reset(io.Writer)

}

// Set of s3 handler options as bit flags.
type s3HFlag uint8

const (
	// when provided, disables Gzip compression.
	noGZS3HFlag = 1 << iota

	// when provided, enables only tracing of headers. Otherwise, both headers
	// and body are traced.
	traceHdrsS3HFlag

	// when provided, disables throttling via the `maxClients` middleware.
	noThrottleS3HFlag
)

func (h s3HFlag) has(flag s3HFlag) bool {