}

// get ObjectOptions for Copy calls with encryption headers provided on the target side and source side metadata
func copyDstOpts(ctx context.Context, r *http.Request, bucket, object string, metadata map[string]string) (opts ObjectOptions, err error) {
	return putOptsFromReq(ctx, r, bucket, object, metadata)
}

// get ObjectOptions for Copy calls with encryption headers provided on the source side

        assertFalse(session.isConnected());
        assertTrue(session.isFailed());
    }

    @Test
    @DisplayName("encryption: flags, encryption, and decryption delegation")
    void testEncryptionDelegation() throws Exception {
        SmbSessionImpl session = newSession();

        // No encryption context -> throws
        CIFSException notEnabled = assertThrows(CIFSException.class, () -> session.encryptMessage(new byte[] { 1 }));

    /** Authorization data type: Relevant */
    int AUTH_DATA_RELEVANT = 1;
    /** Authorization data type: PAC */
    int AUTH_DATA_PAC = 128;

    /** DES encryption type identifier */
    int DES_ENC_TYPE = 3;
    /** RC4 encryption type identifier */
    int RC4_ENC_TYPE = 23;
    /** RC4 algorithm name */
    String RC4_ALGORITHM = "ARCFOUR";
    /** HMAC algorithm name */
    String HMAC_ALGORITHM = "HmacMD5";

    /**
     * @return the selectedDialect
     */
    @Override
    public DialectVersion getSelectedDialect() {
        return this.selectedDialect;
    }

    /**
     * Gets the encryption cipher selected for SMB3 encryption.
     *
     * @return the selectedCipher
     */
    public int getSelectedCipher() {
        return this.selectedCipher;
    }

    /**

         "Principal":"*",
         "Action":"s3:PutObject",
         "Resource":"arn:aws:s3:::multi-key-poc/*",
         "Condition":{
            "StringNotEquals":{
               "s3:x-amz-server-side-encryption-aws-kms-key-id":"minio-default-key"
            }
         }
      }
   ]

    private List<KerberosAuthData> userAuthorizations;

    /**
     * Constructs KerberosEncData from encrypted token bytes.
     *
     * @param token the encrypted Kerberos token
     * @param keys map of encryption keys indexed by key type
     * @throws PACDecodingException if decoding fails
     */
    public KerberosEncData(byte[] token, Map<Integer, KerberosKey> keys) throws PACDecodingException {

    int NTLMSSP_NEGOTIATE_VERSION = 0x2000000;

    /**
     * Indicates that 128-bit encryption is supported.
     */
    int NTLMSSP_NEGOTIATE_128 = 0x20000000;

    /**
     * Request explicit key exchange
     */
    int NTLMSSP_NEGOTIATE_KEY_EXCH = 0x40000000;

    /**
     * Indicates that 56-bit encryption is supported.
     */
    int NTLMSSP_NEGOTIATE_56 = 0x80000000;

		Code:           "InvalidArgument",
		Description:    "Server Side Encryption with AWS KMS managed key requires HTTP header x-amz-server-side-encryption : aws:kms",
		HTTPStatusCode: http.StatusBadRequest,
	},
	ErrIncompatibleEncryptionMethod: {
		Code:           "InvalidArgument",
		Description:    "Server Side Encryption with Customer provided key is incompatible with the encryption method specified",
		HTTPStatusCode: http.StatusBadRequest,

        printStream.accept("");
        // we have no DI here (to discover)
        printStream.accept("Goals:");
        printStream.accept("  diag - display encryption configuration diagnostic");
        printStream.accept("  init - wizard to configure encryption (interactive only)");
        printStream.accept("  encrypt - encrypts input");
        printStream.accept("  decrypt - decrypts encrypted input");
        printStream.accept("");

				continue
			}
			if _, ok := object.UserMetadata["X-Amz-Server-Side-Encryption-Customer-Algorithm"]; ok {
				log.Println("SKIPPED: Objects encrypted with SSE-C do not have md5sum as ETag:", objFullPath(object))
				continue
			}
			if v, ok := object.UserMetadata["X-Amz-Server-Side-Encryption"]; ok && v == "aws:kms" {