}

    @Test
    public void test_FactoryMethodsWithDifferentUrls() {
        // ## Test factory methods with various URL formats ##

        // ## Act & Assert ##
        assertNotNull(Curl.get("https://secure.example.com/path?param=value"));
        assertNotNull(Curl.post("http://api.example.com/v1/resource"));
        assertNotNull(Curl.put("ftp://files.example.com/upload"));

package kms

import (
	"context"
	"crypto/aes"
	"crypto/cipher"
	"crypto/hmac"
	"encoding/base64"
	"encoding/json"
	"errors"
	"strconv"
	"strings"
	"sync/atomic"

	"github.com/secure-io/sio-go/sioutil"
	"golang.org/x/crypto/chacha20"
	"golang.org/x/crypto/chacha20poly1305"

	"github.com/minio/kms-go/kms"
	"github.com/minio/madmin-go/v3"
	"github.com/minio/minio/internal/hash/sha256"
)

}

// Type - returns type of endpoint.
func (endpoint Endpoint) Type() EndpointType {
	if endpoint.Host == "" {
		return PathEndpointType
	}

	return URLEndpointType
}

// HTTPS - returns true if secure for URLEndpointType.
func (endpoint Endpoint) HTTPS() bool {
	return endpoint.Scheme == "https"
}

// GridHost returns the host to be used for grid connections.
func (endpoint Endpoint) GridHost() string {

# How to secure access to MinIO server with TLS [![Slack](https://slack.min.io/slack?type=svg)](https://slack.min.io)

This guide explains how to configure MinIO Server with TLS certificates on Linux and Windows platforms.

1. [Install MinIO Server](#install-minio-server)
2. [Use an Existing Key and Certificate with MinIO](#use-an-existing-key-and-certificate-with-minio)

- **Crypto & Security** (`org.codelibs.core.crypto`, `org.codelibs.core.security`) - Basic cryptographic utilities, message digest operations, and secure random generation
- **XML Processing** (`org.codelibs.core.xml`) - XML DOM utilities, SAX parser helpers, and schema validation support

 * Peer certificate chain:
 *     sha256/afwiKY3RxoMmLkuRW1l7QsPZTJPwDS2pdDROQjXw8ig=: CN=publicobject.com, OU=PositiveSSL
 *     sha256/klO23nT2ehFDXCfx3eHTDRESMz3asj1muO+4aIdjiuY=: CN=COMODO RSA Secure Server CA
 *     sha256/grX4Ta9HpZx6tSHkmCrvpApTQGo67CYDnvprLg5yRME=: CN=COMODO RSA Certification Authority
 *     sha256/lCppFqbkrlJ3EcVFAkeip0+44VaoJUymbnOaEUk7tEU=: CN=AddTrust External CA Root

                    this.auth.getUsername(), this.workstation, this.ntlmsspFlags);
        }

        // Use secure password handling
        String passwordString = null;
        if (this.auth.isGuest()) {
            passwordString = this.transportContext.getConfig().getGuestPassword();
        } else {

that here. Ref: https://github.com/minio/minio/tree/master/docs/tls/kubernetes#2-create-kubernetes-secret certSecret: "" publicCrt: public.crt privateKey: private.key ## Trusted Certificates Settings for MinIO. Ref: https://docs.minio.io/docs/how-to-secure-access-to-minio-server-with-tls#install-certificates-from-third-party-cas ## Bundle multiple trusted certificates into one secret and pass that here. Ref: https://github.com/minio/minio/tree/master/docs/tls/kubernetes#2-create-kubernetes-secret ##...

            boolean result = response.verifySignature(buffer, 0, 100);

            assertTrue(result);
        }

        @Test
        @DisplayName("Should verify signature on error when secure negotiate required")
        void testVerifySignatureErrorWithSecureNegotiate() {
            byte[] buffer = new byte[100];
            response.setDigest(mockDigest);

	if f.remoteIP != "" {
		tr = forwardForTransport{tr: tr, fwd: f.remoteIP}
	}
	return minio.New(f.endpoint, &minio.Options{
		TrailingHeaders: true,
		Creds:           mcreds,
		Secure:          globalIsTLS,
		Transport:       tr,
	})
}

func (f *sftpDriver) AccessKey() string {
	return f.permissions.CriticalOptions["AccessKey"]
}