public int hashCode() {
      return standardHashCode();
    }

    @Override
    public Set<K> keySet() {
      /*
       * We can't use StandardKeySet, as NavigableMapTestSuiteBuilder assumes that our keySet is a
       * NavigableSet. We test StandardKeySet in the superclass, so it's still covered.
       */
      return navigableKeySet();
    }

    @Override
    public Collection<V> values() {

minio server /mnt/data
```

### Using WebIdentiy API

On another terminal run `web-identity.go` a sample client application which obtains JWT id_tokens from an identity provider, in our case its Keycloak. Uses the returned id_token response to get new temporary credentials from the MinIO server using the STS API call `AssumeRoleWithWebIdentity`.

```
$ go run docs/sts/web-identity.go -cid account -csec 072e7f00-4289-46

You can either use KES - together with an external KMS - or, much simpler,
set the env. variable `MINIO_KMS_SECRET_KEY` and start/restart the MinIO server. For more details about KES and how
to set it up refer to our [KMS Guide](https://github.com/minio/minio/blob/master/docs/kms/README.md).

Instead of configuring an external KMS you can start with a single key by
setting the env. variable `MINIO_KMS_SECRET_KEY`. It expects the following

    public int hashCode() {
      return standardHashCode();
    }

    @Override
    public Set<K> keySet() {
      /*
       * We can't use StandardKeySet, as NavigableMapTestSuiteBuilder assumes that our keySet is a
       * NavigableSet. We test StandardKeySet in the superclass, so it's still covered.
       */
      return navigableKeySet();
    }

    @Override
    public Collection<V> values() {

        }
        if (elements.length > 0) {
          multiset1.add(elements[0]);
        }
        if (elements.length > 1) {
          /*
           * When a test requests a multiset with duplicates, our plan of
           * "add an extra item 0 to A and an extra item 1 to B" really means
           * "add an extra item 0 to A and B," which isn't what we want.
           */

    rm -rf "libstdc++6_4.8.1-10ubuntu8_arm64.deb" "libstdc++6_4.8.1-10ubuntu8_arm64"

mkdir -p "${TARGET}-src"
cd "${TARGET}-src"

# Build a devtoolset cross-compiler based on our glibc 2.12/glibc 2.17 sysroot setup.
case "${VERSION}" in
devtoolset-9)

    private static final byte[] EMPTY_DATA = new byte[0];

    @Mock
    private MessageDigest mockMd5;

    @BeforeEach
    void setUp() throws NoSuchAlgorithmException {
        // Mock Crypto.getMD5() to return our mockMd5 instance
        // This requires Mockito 3.4.0+ for MockedStatic
        // For simplicity, we'll assume Crypto.getMD5() is static and mock it.

    .build();
```

With a server that holds a certificate and a client that trusts it we have enough for an HTTPS
handshake. The best part of this example is that we don't need to make our test code insecure with a
a fake `HostnameVerifier` or `X509TrustManager`.

Certificate Authorities
-----------------------

The above example uses a self-signed certificate. This is convenient for testing but not

    // Service b startup takes at least 353 millis, but starting the timer is delayed by at least
    // 150 milliseconds. so in a perfect world the timing would be 353-150=203ms, but since either
    // of our sleep calls can be arbitrarily delayed we should just assert that there is a time
    // recorded.
    assertThat(startupTimes.get(b)).isNotNull();
  }

  public void testServiceStartStop() {

      const val OPENJSSE_PROPERTY = "openjsse"
      const val BOUNCYCASTLE_PROPERTY = "bouncycastle"
      const val LOOM_PROPERTY = "loom"

      /**
       * For whatever reason our BouncyCastle provider doesn't work with ECDSA keys. Just configure it
       * to use RSA-2048 instead.
       *
       * (We otherwise prefer ECDSA because it's faster.)
       */