case sizeGtPred:
		if f.ObjectSizeGreaterThan < 0 {
			err = errXMLNotWellFormed
		}
	}
	return err
}

// TestTags tests if the object tags satisfy the Filter tags requirement,
// it returns true if there is no tags in the underlying Filter.
func (f Filter) TestTags(userTags string) bool {
	if f.cachedTags == nil {
		cache := make(map[string]string)
		for _, t := range append(f.And.Tags, f.Tag) {
			if !t.IsEmpty() {

# Point to the LLVM installation.
# The Bazel Windows guide claims it can find LLVM automatically,
# but it likely only works if it's installed somewhere inside C:\Program Files.
ENV BAZEL_LLVM "C:\tools\LLVM"

# These variables may be useful, but so far haven't been. Keeping for posterity.
# ENV CLANG_COMPILER_PATH "C:\tools\llvm\bin\clang.exe"
# ENV CC "C:\tools\llvm\bin\clang.exe"
# ENV BAZEL_COMPILER "C:\tools\llvm\bin\clang.exe"

// NewMultipartUploadHandler - New multipart upload.
// Notice: The S3 client can send secret keys in headers for encryption related jobs,
// the handler should ensure to remove these keys before sending them to the object layer.
// Currently these keys are:
//   - X-Amz-Server-Side-Encryption-Customer-Key
//   - X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key

- MinIO then checks if there are any policies [explicitly associated](#managing-usergroup-access-policy) with the user or their groups.
- On finding at least one associated policy, MinIO generates temporary credentials for the user storing the list of groups in a cryptographically secure session token. The temporary access key, secret key and session token are returned to the user.
- The user can now use these credentials to make requests to the MinIO server.

/**
 * A certificate and its private key. These are some properties of certificates that are used with
 * TLS:
 *
 *  * **A common name.** This is a string identifier for the certificate. It usually describes the
 *    purpose of the certificate like "Entrust Root Certification Authority - G2" or
 *    "www.squareup.com".
 *
 *  * **A set of hostnames.** These are in the certificate's subject alternative name (SAN)

    }

    /*
     * These methods "should" call checkNotNull. However, I'm wary of accidentally introducing
     * anything that might slow down execution on such a hot path. Given that the methods are only
     * package-private, I feel OK with just not testing them for NPE.
     *
     * Note that testing casValue is particularly dangerous because it uses Unsafe under some

  private static @Nullable Object getJla() {
    try {
      /*
       * We load sun.misc.* classes using reflection since Android doesn't support these classes and
       * would result in compilation failure if we directly refer to these classes.
       */
      Class<?> sharedSecrets = Class.forName(SHARED_SECRETS_CLASSNAME, false, null);
      Method langAccess = sharedSecrets.getMethod("getJavaLangAccess");

   */
  var noNewExchanges = false

  /**
   * If true, this connection may not be used for coalesced requests. These are requests that could
   * share the same connection without sharing the same hostname.
   */
  private var noCoalescedConnections = false

  /**
   * The number of times there was a problem establishing a stream that could be due to route
   * chosen. Guarded by this.
   */

   *
   * If a frame cannot be sent - because there are none enqueued or because the web socket is not
   * connected - this does nothing and returns false. Otherwise, this returns true and the caller
   * should immediately invoke this method again until it returns false.
   *
   * This method may only be invoked by the writer thread. There may be only thread invoking this
   * method at a time.
   */

 *
 * Supported on OpenJDK 9+ via SSLParameters and SSLSocket features.
 *
 * ### Trust Manager Extraction
 *
 * Supported on Android 2.3+ and OpenJDK 7+. There are no public APIs to recover the trust
 * manager that was used to create an [SSLSocketFactory].
 *
 * Not supported by choice on JDK9+ due to access checks.
 *
 * ### Android Cleartext Permit Detection
 *