## Server-Side Encryption

MinIO supports two different types of server-side encryption ([SSE](#sse)):

- **SSE-C**: The MinIO server en/decrypts an object with a secret key provided by the S3 client as part of the HTTP request headers. Therefore, [SSE-C](#ssec) requires TLS/HTTPS.
- **SSE-S3**: The MinIO server en/decrypts an object with a secret key managed by a KMS. Therefore, MinIO requires a valid KMS configuration for [SSE-S3](#sses3).

        when(mockInfo.encode(any(byte[].class), anyInt())).thenReturn(20);
        when(mockInfo.size()).thenReturn(20);
        request.setInfo(mockInfo);

        // Set up header start for offset calculation
        try {
            Method getHeaderStartMethod = ServerMessageBlock2.class.getDeclaredMethod("getHeaderStart");
            getHeaderStartMethod.setAccessible(true);

   * leaking resources callers must [close the response body][ResponseBody] or the response.
   *
   * Note that transport-layer success (receiving a HTTP response code, headers and body) does not
   * necessarily indicate application-layer success: `response` may still indicate an unhappy HTTP
   * response code like 404 or 500.
   *

But you can return a `JSONResponse` directly from your *path operations*.

It might be useful, for example, to return custom headers or cookies.

## Return a `Response` { #return-a-response }

In fact, you can return any `Response` or any sub-class of it.

/// tip

`JSONResponse` itself is a sub-class of `Response`.

///

    assertThat(response.body.string()).isEqualTo("a")
    assertThat(listener.recordedEventTypes())
      .containsExactly("CallStart", "CallEnd")
  }

  /** Response headers start, then the entire request body, then response headers end.  */
  @Test
  fun expectContinueStartsResponseHeadersEarly() {
    server.enqueue(
      MockResponse
        .Builder()
        .add100Continue()
        .build(),

	data := url.Values{}
	data.Set("grant_type", "client_credentials")
	req, err := http.NewRequest(http.MethodPost, idpEndpoint, strings.NewReader(data.Encode()))
	if err != nil {
		return nil, err
	}
	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
	req.SetBasicAuth(clientID, clientSecret)
	t := &http.Transport{
		TLSClientConfig: &tls.Config{
			InsecureSkipVerify: true,
		},
	}
	hclient := http.Client{

        } else {
            off = in.readDirect(buf, 0, buf.length);
        }

        if (buf[0] != 5 && buf[1] != 0) {
            throw new IOException("Unexpected DCERPC PDU header");
        }

        flags = buf[3] & 0xFF;
        // next read is start of new frag
        isStart = (flags & DCERPC_LAST_FRAG) == DCERPC_LAST_FRAG;

        length = Encdec.dec_uint16le(buf, 8);

/// note | Nota

Esto es compatible desde la versión `0.115.0` de FastAPI. 🤓

///

/// tip | Consejo

Esta misma técnica se aplica a `Query`, `Cookie`, y `Header`. 😎

///

## Cookies con un Modelo de Pydantic

Declara los parámetros de **cookie** que necesites en un **modelo de Pydantic**, y luego declara el parámetro como `Cookie`:

    // Helper to create a fresh request under test
    private Smb2LogoffRequest newRequest() {
        return new Smb2LogoffRequest(configuration);
    }

    @Test
    @DisplayName("size() returns 8-byte aligned value (header + 4)")
    void size_returnsAlignedValue() {
        // Arrange
        Smb2LogoffRequest req = newRequest();
        int base = Smb2Constants.SMB2_HEADER_LENGTH + 4; // structure size

        int bufferIndex = 100; // Start at non-zero index

        // Set structure size to 9 (valid)
        SMBUtil.writeInt2(9, buffer, bufferIndex);
        // Set buffer offset (relative to header start)
        SMBUtil.writeInt2(50, buffer, bufferIndex + 2);
        // Set buffer length
        SMBUtil.writeInt4(8, buffer, bufferIndex + 4);

        // Mock getHeaderStart
        response = spy(response);