test-decom: install-race
	@echo "Running minio decom tests"
	@env bash $(PWD)/docs/distributed/decom.sh
	@env bash $(PWD)/docs/distributed/decom-encrypted.sh
	@env bash $(PWD)/docs/distributed/decom-encrypted-sse-s3.sh
	@env bash $(PWD)/docs/distributed/decom-compressed-sse-s3.sh
	@env bash $(PWD)/docs/distributed/decom-encrypted-kes.sh

test-versioning: install-race
	@echo "Running minio versioning tests"

			if _, ok := object.UserMetadata["X-Amz-Server-Side-Encryption-Customer-Algorithm"]; ok {
				log.Println("SKIPPED: Objects encrypted with SSE-C do not have md5sum as ETag:", objFullPath(object))
				continue
			}
			if v, ok := object.UserMetadata["X-Amz-Server-Side-Encryption"]; ok && v == "aws:kms" {
				log.Println("SKIPPED: encrypted with SSE-KMS do not have md5sum as ETag:", objFullPath(object))
				continue
			}
			parts := 1

        ByteBuffer buffer = ByteBuffer.allocate(34);
        buffer.order(ByteOrder.LITTLE_ENDIAN);
        buffer.putShort((short) 0); // dialectIndex
        buffer.put((byte) 0x0F); // securityMode (user, encrypted, sigs enabled, sigs required)
        buffer.putShort((short) 50); // maxMpxCount
        buffer.putShort((short) 10); // maxNumberVcs
        buffer.putInt(8192); // maxBufferSize
        buffer.putInt(65536); // maxRawSize

import java.util.List;

import org.apache.maven.settings.Proxy;
import org.apache.maven.settings.Server;
import org.apache.maven.settings.building.SettingsProblem;

/**
 * Collects the output of the settings decrypter.
 *
 * @deprecated since 4.0.0
 */
@Deprecated(since = "4.0.0")
class DefaultSettingsDecryptionResult implements SettingsDecryptionResult {

    private List<Server> servers;

    private List<Proxy> proxies;

s3.meta.client.upload_file('/etc/hosts',
                           'testbucket',
                           'hosts',
                           ExtraArgs={'ServerSideEncryption': 'AES256'})

# Download encrypted object using temporary credentials

		writeErrorResponse(ctx, w, toAPIError(ctx, err), r.URL)
		return
	}

	// We have to adjust the size of encrypted parts since encrypted parts
	// are slightly larger due to encryption overhead.
	// Further, we have to adjust the ETags of parts when using SSE-S3.
	// Due to AWS S3, SSE-S3 encrypted parts return the plaintext ETag
	// being the content MD5 of that particular part. This is not the

		}, MakeBucketOptions{
			VersioningEnabled: true,
		})
	})

	t.Run("encrypted", func(t *testing.T) {
		fn(t, func() {
			resetCompressEncryption()
			enableEncryption(t)
		}, MakeBucketOptions{})
	})
	t.Run("encrypted+versioned", func(t *testing.T) {
		fn(t, func() {
			resetCompressEncryption()
			enableEncryption(t)
		}, MakeBucketOptions{

		return ErrNotSupported
	}
	return ErrKeyExists
}

// GenerateKey decrypts req.Ciphertext. The key name req.Name must match the key
// name of the secretKey.
//
// The returned DEK is encrypted using AES-GCM and the ciphertext format is compatible
// with KES and MinKMS.
func (s secretKey) GenerateKey(_ context.Context, req *GenerateKeyRequest) (DEK, error) {
	if req.Name != s.keyID {
		return DEK{}, ErrKeyNotFound

kQyKGUTpDbKLuyYMFsoH73YLjBqNe+UEhPwE+FWpcky1Sp9RTx/oMLpiZaPR
-----END CERTIFICATE-----`,
		shouldFail: true,
	},
	{
		password: "foobar",
		privateKey: `-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,CC483BF11678C35F9F02A1AD85DAE285

nMDFd+Qxk1f+S7LwMitmMofNXYNbCY4L1QEqPOOx5wnjNF1wSxmEkL7+h8W4Y/vb
AQt/7TCcUSuSqEMl45nUIcCbhBos5wz+ShvFiez3qKwmR5HSURvqyN6PIJeAbU+h

        }
    }

    /**
     * Finds a login user by username and encrypted password.
     *
     * @param username the username to search for
     * @param cipheredPassword the encrypted password to match
     * @return an optional entity containing the found user, or empty if not found
     */