//
// The PHP V3 implementation is missing the following features:
//
// 1. Client Configuration Options:
//    - Legacy algorithm support controls (wrapping algorithms, unauthenticated modes)
//      - Uses V3/V3_AND_LEGACY instead
//    - Delayed authentication mode configuration
//    - Buffer size configuration for memory management
//    - Raw keyring material (RSA, AES)
//    - SDK client configuration inheritance (credentials, KMS client config)
//    - Custom randomness source configuration
//
// 2. Api Operations:
//    - DeleteObject and DeleteObjects (with instruction file cleanup)
//    - Multipart upload operations (UploadPart, CompleteMultipartUpload, AbortMultipartUpload)
//    - ReEncryptInstructionFile for key rotation
//    - Non-encryption related S3 operations

//= ../specification/s3-encryption/client.md#aws-sdk-compatibility
//= type=exception
//# The S3EC SHOULD support invoking operations unrelated to client-side encryption e.g.

//= ../specification/s3-encryption/client.md#cryptographic-materials
//= type=exception
//# If both a CMM and a Keyring are provided, the S3EC MUST throw an exception.

//= ../specification/s3-encryption/client.md#cryptographic-materials
//= type=exception
//# When a Keyring is provided, the S3EC MUST create an instance of the DefaultCMM using the provided Keyring.

//= ../specification/s3-encryption/client.md#enable-legacy-wrapping-algorithms
//= type=exception
//# The option to enable legacy wrapping algorithms MUST be set to false by default.

//= ../specification/s3-encryption/client.md#enable-legacy-unauthenticated-modes
//= type=exception
//# The S3EC MUST support the option to enable or disable legacy unauthenticated modes (content encryption algorithms).

//= ../specification/s3-encryption/client.md#enable-legacy-unauthenticated-modes
//= type=exception
//# The option to enable legacy unauthenticated modes MUST be set to false by default.

//= ../specification/s3-encryption/client.md#enable-legacy-unauthenticated-modes
//= type=exception
//# When enabled, the S3EC MUST be able to decrypt objects encrypted with all content encryption algorithms (both legacy and fully supported).

//= ../specification/s3-encryption/client.md#enable-legacy-unauthenticated-modes
//= type=exception
//# When disabled, the S3EC MUST NOT decrypt objects encrypted using legacy content encryption algorithms;
//# it MUST throw an exception when attempting to decrypt an object encrypted with a legacy content encryption algorithm.

//= ../specification/s3-encryption/client.md#enable-delayed-authentication
//= type=exception
//# The S3EC MUST support the option to enable or disable Delayed Authentication mode.

//= ../specification/s3-encryption/client.md#enable-delayed-authentication
//= type=exception
//# Delayed Authentication mode MUST be set to false by default.

//= ../specification/s3-encryption/client.md#enable-delayed-authentication
//= type=exception
//# When enabled, the S3EC MAY release plaintext from a stream which has not been authenticated.

//= ../specification/s3-encryption/client.md#enable-delayed-authentication
//= type=exception
//# When disabled the S3EC MUST NOT release plaintext from a stream which has not been authenticated.

//= ../specification/s3-encryption/client.md#set-buffer-size
//= type=exception
//# The S3EC SHOULD accept a configurable buffer size which refers to the maximum ciphertext length in bytes to store in memory when Delayed Authentication mode is disabled.

//= ../specification/s3-encryption/client.md#set-buffer-size
//= type=exception
//# If Delayed Authentication mode is enabled, and the buffer size has been set to a value other than its default, the S3EC MUST throw an exception.

//= ../specification/s3-encryption/client.md#set-buffer-size
//= type=exception
//# If Delayed Authentication mode is disabled, and no buffer size is provided, the S3EC MUST set the buffer size to a reasonable default.

//= ../specification/s3-encryption/client.md#cryptographic-materials
//= type=exception
//# The S3EC MAY accept key material directly.

//= ../specification/s3-encryption/client.md#inherited-sdk-configuration
//= type=exception
//# The S3EC MAY support directly configuring the wrapped SDK clients through its initialization.

//= ../specification/s3-encryption/client.md#inherited-sdk-configuration
//= type=exception
//# For example, the S3EC MAY accept a credentials provider instance during its initialization.

//= ../specification/s3-encryption/client.md#inherited-sdk-configuration
//= type=exception
//# If the S3EC accepts SDK client configuration, the configuration MUST be applied to all wrapped S3 clients.

//= ../specification/s3-encryption/client.md#inherited-sdk-configuration
//= type=exception
//# If the S3EC accepts SDK client configuration, the configuration MUST be applied to all wrapped SDK clients including the KMS client.

//= ../specification/s3-encryption/client.md#randomness
//= type=exception
//# The S3EC MAY accept a source of randomness during client initialization.

//= ../specification/s3-encryption/client.md#required-api-operations
//= type=exception
//# - DeleteObject MUST be implemented by the S3EC.

//= ../specification/s3-encryption/client.md#required-api-operations
//= type=exception
//# - DeleteObject MUST delete the given object key.

//= ../specification/s3-encryption/client.md#required-api-operations
//= type=exception
//# - DeleteObject MUST delete the associated instruction file using the default instruction file suffix.

//= ../specification/s3-encryption/client.md#required-api-operations
//= type=exception
//# - DeleteObjects MUST be implemented by the S3EC.

//= ../specification/s3-encryption/client.md#required-api-operations
//= type=exception
//# - DeleteObjects MUST delete each of the given objects.

//= ../specification/s3-encryption/client.md#required-api-operations
//= type=exception
//# - DeleteObjects MUST delete each of the corresponding instruction files using the default instruction file suffix.

//= ../specification/s3-encryption/client.md#optional-api-operations
//= type=exception
//# - UploadPart MAY be implemented by the S3EC.

//= ../specification/s3-encryption/client.md#optional-api-operations
//= type=exception
//# - UploadPart MUST encrypt each part.

//= ../specification/s3-encryption/client.md#optional-api-operations
//= type=exception
//# - Each part MUST be encrypted in sequence.

//= ../specification/s3-encryption/client.md#optional-api-operations
//= type=exception
//# - Each part MUST be encrypted using the same cipher instance for each part.

//= ../specification/s3-encryption/client.md#optional-api-operations
//= type=exception
//# - CompleteMultipartUpload MAY be implemented by the S3EC.

//= ../specification/s3-encryption/client.md#optional-api-operations
//= type=exception
//# - CompleteMultipartUpload MUST complete the multipart upload.

//= ../specification/s3-encryption/client.md#optional-api-operations
//= type=exception
//# - AbortMultipartUpload MAY be implemented by the S3EC.

//= ../specification/s3-encryption/client.md#optional-api-operations
//= type=exception
//# - AbortMultipartUpload MUST abort the multipart upload.

//= ../specification/s3-encryption/client.md#optional-api-operations
//= type=exception
//# - ReEncryptInstructionFile MAY be implemented by the S3EC.

//= ../specification/s3-encryption/client.md#optional-api-operations
//= type=exception
//# - ReEncryptInstructionFile MUST decrypt the instruction file's encrypted data key for the given object using the client's CMM.

//= ../specification/s3-encryption/client.md#optional-api-operations
//= type=exception
//# - ReEncryptInstructionFile MUST re-encrypt the plaintext data key with a provided keyring.
