}

// Return canonical headers.
func canonicalizedAmzHeadersV2(headers http.Header) string {
	var keys []string
	keyval := make(map[string]string, len(headers))
	for key := range headers {
		lkey := strings.ToLower(key)
		if !strings.HasPrefix(lkey, "x-amz-") {
			continue
		}
		keys = append(keys, lkey)
		keyval[lkey] = strings.Join(headers[key], ",")
	}
	sort.Strings(keys)

        server minio3:9001;
        server minio4:9001;
    }

    server {
        listen       9000;
        listen  [::]:9000;
        server_name  localhost;

        # To allow special characters in headers
        ignore_invalid_headers off;
        # Allow any size file to be uploaded.
        # Set to a value such as 1000m; to restrict file size to a specific value
        client_max_body_size 0;

    assert response.headers["WWW-Authenticate"] == "Basic"


@needs_py39
def test_security_http_basic_invalid_credentials(client: TestClient):
    response = client.get(
        "/users/me", headers={"Authorization": "Basic notabase64token"}
    )
    assert response.status_code == 401, response.text
    assert response.headers["WWW-Authenticate"] == "Basic"

def test_incorrect_token():
    response = client.get("/users/me", headers={"Authorization": "Bearer nonexistent"})
    assert response.status_code == 401, response.text
    assert response.json() == {"detail": "Invalid authentication credentials"}
    assert response.headers["WWW-Authenticate"] == "Bearer"


def test_incorrect_token_type():
    response = client.get(
        "/users/me", headers={"Authorization": "Notexistent testtoken"}
    )

    assert response.status_code == 401, response.text
    assert response.headers["WWW-Authenticate"] == 'Basic realm="simple"'


def test_security_http_basic_invalid_credentials():
    response = client.get(
        "/users/me", headers={"Authorization": "Basic notabase64token"}
    )
    assert response.status_code == 401, response.text
    assert response.headers["WWW-Authenticate"] == 'Basic realm="simple"'

                final Class<?> enclosingType,
                final ClassLoader loader,
                final ExpressionEvaluator evaluator,
                final ConfigurationListener listener)
                throws ComponentConfigurationException {
            final Object result =
                    super.fromConfiguration(lookup, configuration, type, enclosingType, loader, evaluator, listener);

            return result instanceof Path

    server.enqueue(
      MockResponse(
        headers =
          headersOf(
            "Last-Modified",
            formatDate(-1, TimeUnit.HOURS)!!,
            "Expires",
            formatDate(1, TimeUnit.HOURS)!!,
          ),
        body = "ABC.1",
      ),
    )
    server.enqueue(
      MockResponse(
        headers =
          headersOf(
            "Last-Modified",

async def get_current_user(token: Annotated[str, Depends(oauth2_scheme)]):
    credentials_exception = HTTPException(
        status_code=status.HTTP_401_UNAUTHORIZED,
        detail="Could not validate credentials",
        headers={"WWW-Authenticate": "Bearer"},
    )
    try:
        payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
        username: str = payload.get("sub")
        if username is None:

    val connect = server.takeRequest()
    assertThat(connect.headers["Private"]).isNull()
    assertThat(connect.headers["Proxy-Authorization"]).isNull()
    assertThat(connect.headers["User-Agent"]).isEqualTo(USER_AGENT)
    assertThat(connect.headers["Host"]).isEqualTo("android.com:443")
    assertThat(connect.headers["Proxy-Connection"]).isEqualTo("Keep-Alive")
    val get = server.takeRequest()

    This class is in the `logging-interceptor` artifact.
 *  New: `Headers.Builder.addUnsafeNonAscii()` allows non-ASCII values to be added without an
    immediate exception.
 *  New: Headers can be redacted in `HttpLoggingInterceptor`.
 *  New: `Headers.Builder` now accepts dates.
 *  New: OkHttp now accepts `java.time.Duration` for timeouts on Java 8+ and Android 26+.