return etag
	}
	var buffer bytes.Buffer
	mac := hmac.New(sha256.New, key[:])
	mac.Write([]byte("SSE-etag"))
	if _, err := sio.Encrypt(&buffer, bytes.NewReader(etag), sio.Config{Key: mac.Sum(nil)}); err != nil {
		logger.CriticalIf(context.Background(), errors.New("Unable to encrypt ETag using object key"))
	}
	return buffer.Bytes()
}

// UnsealETag unseals the etag using the provided object key.

        };
    }

    /**
     * Encodes a String as UTF-8 bytes.
     *
     * @param str the String to encode
     * @param dst the destination byte array
     * @param di the starting index in the destination array
     * @param dlim the maximum index in the destination array
     * @return the number of bytes written
     */

        return NtlmUtil.computeResponse(responseKeyNT, serverChallenge, temp, 0, temp.length);
    }

    /**
     * Creates the LMv2 response for the supplied keys and challenges.
     *
     * @param responseKeyLM the LM response key
     * @param serverChallenge the server challenge bytes
     * @param clientChallenge the client challenge bytes
     * @return the calculated response

var ErrOverread = errors.New("input provided more bytes than specified")

// HardLimitReader returns a Reader that reads from r
// but returns an error if the source provides more data than allowed.
// This means the source *will* be overread unless EOF is returned prior.
// The underlying implementation is a *HardLimitedReader.
// This will ensure that at most n bytes are returned and EOF is reached.

  private val readCompleteLatch = CountDownLatch(1)

  // The lists are held as a large array of UTF-8 bytes. This is to avoid allocating lots of strings
  // that will likely never be used. Each rule is separated by '\n'. Please see the
  // PublicSuffixListGenerator class for how these lists are generated.
  // Guarded by this.
  override lateinit var bytes: ByteString
  override lateinit var exceptionBytes: ByteString

	var buf bytes.Buffer
	buf.WriteString(xxml.Header)
	if err := xxml.NewEncoder(&buf).Encode(response); err != nil {
		bugLogIf(GlobalContext, err)
		return nil
	}
	return buf.Bytes()
}

// Encodes the response headers into JSON format.
func encodeResponseJSON(response any) []byte {
	var bytesBuffer bytes.Buffer
	e := json.NewEncoder(&bytesBuffer)
	e.Encode(response)
	return bytesBuffer.Bytes()
}

			return b, kms.AES256
		}

		b = b[:0]
		b = append(b, c.Bytes...)
		b = append(b, c.IV...)
		b = append(b, c.Nonce...)
		return b, c.Algorithm
	}
	return b, kms.AES256
}

// ciphertext is a structure that contains the encrypted
// bytes and all relevant information to decrypt these
// bytes again with a cryptographic key.
type ciphertext struct {
	Algorithm kms.SecretKeyType

		switch msgp.UnsafeString(field) {
		case "Count":
			z.Count, err = dc.ReadInt64()
			if err != nil {
				err = msgp.WrapError(err, "Count")
				return
			}
		case "Bytes":
			z.Bytes, err = dc.ReadInt64()
			if err != nil {
				err = msgp.WrapError(err, "Bytes")
				return
			}
		default:
			err = dc.Skip()
			if err != nil {
				err = msgp.WrapError(err)
				return
			}
		}
	}
	return
}

	},
	{
		KeyID:      "my-key",
		Plaintext:  "UnPWsZgVI+T4L9WGNzFlP1PsP1Z6hn2Fx8ISeZfDGnA=",
		Ciphertext: `{"aead":"ChaCha20Poly1305","iv":"r4+yfiVbVIYR0Z2I9Fq+6g==","nonce":"2YpwGwE59GcVraI3","bytes":"k/svMglOU7/Kgwv73heG38NWW575XLcFp3SaxQHDMjJGYyRI3Fiygu2OeutGPXNL"}`,

func newBucketMeasurement(initTime time.Time) *bucketMeasurement {
	return &bucketMeasurement{
		startTime: initTime,
	}
}

// incrementBytes add bytes reported for a bucket.
func (m *bucketMeasurement) incrementBytes(bytes uint64) {
	atomic.AddUint64(&m.bytesSinceLastWindow, bytes)
}

// updateExponentialMovingAverage processes the measurements captured so far.