@Test
    @DisplayName("toString contains class name and message when provided")
    void toString_containsClassName_and_Message() {
        // Arrange
        String msg = "signature invalid";
        SMBSignatureValidationException ex = new SMBSignatureValidationException(msg);

        // Act
        String s = ex.toString();

        // Assert

 *
 * <p>The {@link #get}, {@link #removeAll}, and {@link #replaceValues} methods each return a {@link
 * SortedSet} of values, while {@link Multimap#entries()} returns a {@link Set} of map entries.
 * Though the method signature doesn't say so explicitly, the map returned by {@link #asMap} has
 * {@code SortedSet} values.
 *
 * <p><b>Warning:</b> As in all {@link SetMultimap}s, do not modify either a key <i>or a value</i>

   * instead. For a default value of {@code null}, use {@link #orNull}.
   *
   * <p>Note about generics: The signature {@code public T or(T defaultValue)} is overly
   * restrictive. However, the ideal signature, {@code public <S super T> S or(S)}, is not legal
   * Java. As a result, some sensible operations involving subtypes are compile errors:
   *
   * {@snippet :

    @Override
    public final void setUid(final int uid) {
        this.uid = uid;
    }

    /**
     * Gets the signature sequence number
     * @return the signSeq
     */
    public int getSignSeq() {
        return this.signSeq;
    }

    /**
     * Sets the signature sequence number
     * @param signSeq
     *            the signSeq to set
     */

    "action": "s3:ListBucket",
    "bucket": "test",
    "conditions": {
      "Authorization": [
        "AWS4-HMAC-SHA256 Credential=minio/20220507/us-east-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=62012db6c47d697620cf6c68f0f45f6e34894589a53ab1faf6dc94338468c78a"
      ],
      "CurrentTime": [
        "2022-05-07T18:31:41Z"
      ],
      "Delimiter": [
        "/"
      ],
      "EpochTime": [

		return
	}

	// if Content-Length is unknown/missing, throw away
	size := r.ContentLength

	rAuthType := getRequestAuthType(r)
	// For auth type streaming signature, we need to gather a different content length.
	switch rAuthType {
	// Check signature types that must have content length
	case authTypeStreamingSigned, authTypeStreamingSignedTrailer, authTypeStreamingUnsignedTrailer:

        }

        @Test
        @DisplayName("Constructor with invalid signature should throw IOException")
        void testConstructor_ByteArray_InvalidSignature() {
            // Given
            byte[] invalidSignature = new byte[100];
            Arrays.fill(invalidSignature, (byte) 0xFF); // Fill with non-NTLMSSP signature

            // When & Then

    .heldCertificate(serverCertificate, intermediateCertificate.certificate())
    .build();
```

The client only needs to know the trusted root certificate. It checks the server's certificate by
validating the signatures within the chain.

```java
HandshakeCertificates clientCertificates = new HandshakeCertificates.Builder()
    .addTrustedCertificate(rootCertificate.certificate())
    .build();

// ----------
// Enable server profiling
func (a adminAPIHandlers) StartProfilingHandler(w http.ResponseWriter, r *http.Request) {
	ctx := r.Context()

	// Validate request signature.
	_, adminAPIErr := checkAdminRequestAuth(ctx, r, policy.ProfilingAdminAction, "")
	if adminAPIErr != ErrNone {
		writeErrorResponseJSON(ctx, w, errorCodes.ToAPIErr(adminAPIErr), r.URL)
		return
	}

        // Reserved/Async ID
        SMBUtil.writeInt8(0, buffer, bufferIndex + 32);
        // Session ID
        SMBUtil.writeInt8(0, buffer, bufferIndex + 40);
        // Signature
        System.arraycopy(new byte[16], 0, buffer, bufferIndex + 48, 16);

        // Body starts at bufferIndex + 64
        // Structure size = 2
        SMBUtil.writeInt2(2, buffer, bufferIndex + 64);