"github.com/minio/sio"
)

const (
	// SealAlgorithm is the encryption/sealing algorithm used to derive & seal
	// the key-encryption-key and to en/decrypt the object data.
	SealAlgorithm = "DAREv2-HMAC-SHA256"

	// InsecureSealAlgorithm is the legacy encryption/sealing algorithm used
	// to derive & seal the key-encryption-key and to en/decrypt the object data.

crypto.policy=unlimited
jdk.xml.dsig.secureValidationPolicy=\
    disallowAlg http://www.w3.org/TR/1999/REC-xslt-19991116,\
    disallowAlg http://www.w3.org/2001/04/xmldsig-more#rsa-md5,\
    disallowAlg http://www.w3.org/2001/04/xmldsig-more#hmac-md5,\
    disallowAlg http://www.w3.org/2001/04/xmldsig-more#md5,\
    maxTransforms 5,\
    maxReferences 30,\
    disallowReferenceUriSchemes file http https,\
    minKeySize RSA 1024,\
    minKeySize DSA 1024,\

import (
	"bytes"
	"crypto"
	"crypto/hmac"
	"encoding/base64"
	"errors"
	"fmt"
	"hash"
	"time"

	"github.com/buger/jsonparser"
	"github.com/dustin/go-humanize"
	jwtgo "github.com/golang-jwt/jwt/v4"
	jsoniter "github.com/json-iterator/go"
	"github.com/minio/minio/internal/bpool"
)

// SigningMethodHMAC - Implements the HMAC-SHA family of signing methods signing methods

//
// You should have received a copy of the GNU Affero General Public License
// along with this program.  If not, see <http://www.gnu.org/licenses/>.

package crypto

import (
	"bytes"
	"context"
	"crypto/hmac"
	"crypto/rand"
	"encoding/binary"
	"errors"
	"io"
	"path"

	"github.com/minio/minio/internal/hash/sha256"
	"github.com/minio/minio/internal/logger"
	"github.com/minio/sio"
)

    @ValueSource(strings = { "AES encryption not supported", "Missing Bouncy Castle provider", "Invalid key length for AES-128",
            "RC4 cipher not available in this JVM", "DES encryption is deprecated and not supported", "HMAC-SHA256 algorithm not found",
            "RSA key generation failed: key size not supported" })
    void testMessageConstructorWithCryptoMessages(String message) {
        // Given & When

import org.mockito.MockedStatic;

class PacTest {

    private Map<Integer, KerberosKey> keys;

    @BeforeEach
    void setUp() {
        keys = new HashMap<>();
        // Use ARCFOUR-HMAC encryption type (23) which matches KERB_CHECKSUM_HMAC_MD5
        KerberosKey serverKey = new KerberosKey(new KerberosPrincipal("******@****.***"), "serverKey1234567".getBytes(),
                PacSignature.ETYPE_ARCFOUR_HMAC, 1);

          && !method.getName().equals("concatenating") // don't test Hashing.concatenating()
          && !method.getName().equals("goodFastHash") // tested in testGoodFastHashEquals
          && !method.getName().startsWith("hmac")) { // skip hmac functions
        Object[] params1 = new Object[method.getParameterTypes().length];
        Object[] params2 = new Object[method.getParameterTypes().length];
        for (int i = 0; i < params1.length; i++) {

                    md4.update(responseKeyNT);
                    final byte[] userSessionKey = md4.digest();

                    final HMACT64 hmac = new HMACT64(userSessionKey);
                    hmac.update(sessionNonce);
                    final byte[] ntlm2SessionKey = hmac.digest();

                    if ((getFlags() & NTLMSSP_NEGOTIATE_KEY_EXCH) != 0) {
                        masterKey = new byte[16];

                }

                MessageDigest hmac = Crypto.getHMACT64(ntHash);
                hmac.update(Strings.getUNIBytes(this.username.toUpperCase()));
                hmac.update(Strings.getUNIBytes(this.domain.toUpperCase()));
                byte[] ntlmv2Hash = hmac.digest();
                hmac = Crypto.getHMACT64(ntlmv2Hash);
                hmac.update(chlng);
                hmac.update(this.clientChallenge);

        keys.put(PacSignature.ETYPE_ARCFOUR_HMAC, hmacKey);
        keys.put(PacSignature.ETYPE_AES128_CTS_HMAC_SHA1_96, aes128Key);
        keys.put(PacSignature.ETYPE_AES256_CTS_HMAC_SHA1_96, aes256Key);

        // Test HMAC-MD5
        byte[] mac1 = PacMac.calculateMac(PacSignature.KERB_CHECKSUM_HMAC_MD5, keys, TEST_DATA);
        assertNotNull(mac1);
        assertEquals(16, mac1.length);

        // Test AES128