// BucketSSEConfig - represents default bucket encryption configuration
type BucketSSEConfig struct {
	XMLNS   string   `xml:"xmlns,attr,omitempty"`
	XMLName xml.Name `xml:"ServerSideEncryptionConfiguration"`
	Rules   []Rule   `xml:"Rule"`
}

// ParseBucketSSEConfig - Decodes given XML to a valid default bucket encryption config
func ParseBucketSSEConfig(r io.Reader) (*BucketSSEConfig, error) {

// NewMultipartUploadHandler - New multipart upload.
// Notice: The S3 client can send secret keys in headers for encryption related jobs,
// the handler should ensure to remove these keys before sending them to the object layer.
// Currently these keys are:
//   - X-Amz-Server-Side-Encryption-Customer-Key
//   - X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key
func (api objectAPIHandlers) NewMultipartUploadHandler(w http.ResponseWriter, r *http.Request) {

#RESULT=$({ ./mc put /tmp/data/mpartobj.txt minio1/test-bucket/mpartobj.txt --enc-c "minio1/test-bucket/mpartobj.txt=${TEST_MINIO_ENC_KEY}" --insecure; } 2>&1)
#if [[ ${RESULT} != *"Server side encryption specified with SSE-C with compression not allowed"* ]]; then
#	echo "BUG: Loading an SSE-C object to site with compression should fail. Succeeded though."
#	exit_1
#fi

# Add replication site

    @DisplayName("Message constructor should handle crypto-specific error messages")
    @NullAndEmptySource
    @ValueSource(strings = { "AES encryption not supported", "Missing Bouncy Castle provider", "Invalid key length for AES-128",
            "RC4 cipher not available in this JVM", "DES encryption is deprecated and not supported", "HMAC-SHA256 algorithm not found",
            "RSA key generation failed: key size not supported" })

- **Removing a site** is not allowed from a set of replicated sites once configured.
- All sites must be using the **same** external IDP(s) if any.

        assertFalse(session.isConnected());
        assertTrue(session.isFailed());
    }

    @Test
    @DisplayName("encryption: flags, encryption, and decryption delegation")
    void testEncryptionDelegation() throws Exception {
        SmbSessionImpl session = newSession();

        // No encryption context -> throws
        CIFSException notEnabled = assertThrows(CIFSException.class, () -> session.encryptMessage(new byte[] { 1 }));

         "Principal":"*",
         "Action":"s3:PutObject",
         "Resource":"arn:aws:s3:::multi-key-poc/*",
         "Condition":{
            "StringNotEquals":{
               "s3:x-amz-server-side-encryption-aws-kms-key-id":"minio-default-key"
            }
         }
      }
   ]

		}

		if tc.keyID != "" && tc.keyID != ssec.KeyID() {
			t.Errorf("Test case %d: Expected bucket encryption KeyID %s but got %s", i+1, tc.keyID, ssec.KeyID())
		}

		if expectedXML, err := xml.Marshal(tc.expectedConfig); err != nil || !bytes.Equal(expectedXML, []byte(tc.inputXML)) {
			t.Errorf("Test case %d: Expected bucket encryption XML %s but got %s", i+1, string(expectedXML), tc.inputXML)
		}
	}

            EncryptionNegotiateContext encryption = new EncryptionNegotiateContext();

            assertNotEquals(preauth.getContextType(), encryption.getContextType());
            assertEquals(0x1, preauth.getContextType());
            assertEquals(0x2, encryption.getContextType());
        }

        @Test

    /** Authorization data type: Relevant */
    int AUTH_DATA_RELEVANT = 1;
    /** Authorization data type: PAC */
    int AUTH_DATA_PAC = 128;

    /** DES encryption type identifier */
    int DES_ENC_TYPE = 3;
    /** RC4 encryption type identifier */
    int RC4_ENC_TYPE = 23;
    /** RC4 algorithm name */
    String RC4_ALGORITHM = "ARCFOUR";
    /** HMAC algorithm name */
    String HMAC_ALGORITHM = "HmacMD5";