* @return a decryption cipher
     */
    protected Cipher pollDecryptoCipher() {
        Cipher cipher = decryptoQueue.poll();
        if (cipher == null) {
            try {
                final SecretKeySpec sksSpec = new SecretKeySpec(key.getBytes(charsetName), algorithm);
                cipher = Cipher.getInstance(algorithm);
                cipher.init(Cipher.DECRYPT_MODE, sksSpec);

        SecretKeySpec dataKey = new SecretKeySpec(dataHmac, KerberosConstants.RC4_ALGORITHM);

        cipher = Cipher.getInstance(KerberosConstants.RC4_ALGORITHM);
        cipher.init(Cipher.DECRYPT_MODE, dataKey);

        int plainDataLength = data.length - KerberosConstants.CHECKSUM_SIZE;
        byte[] plainData = cipher.doFinal(data, KerberosConstants.CHECKSUM_SIZE, plainDataLength);

            final Cipher cipher = Cipher.getInstance(transformation);
            final GCMParameterSpec gcmSpec = new GCMParameterSpec(getAuthTagLength() * 8, nonce);

            cipher.init(encrypt ? Cipher.ENCRYPT_MODE : Cipher.DECRYPT_MODE, keySpec, gcmSpec);
            return cipher;
        } finally {
            // Guaranteed cleanup of all key material
            if (key != null) {

            secureRandom.nextBytes(iv);

            // Setup cipher
            Cipher cipher = Cipher.getInstance(ENCRYPTION_ALGORITHM);
            GCMParameterSpec gcmSpec = new GCMParameterSpec(GCM_TAG_SIZE, iv);
            cipher.init(Cipher.ENCRYPT_MODE, masterKey, gcmSpec);

            // Encrypt
            byte[] ciphertext = cipher.doFinal(plaintextBytes);

            // Combine IV and ciphertext

        @DisplayName("Should encode various cipher counts correctly")
        void testEncodeVariousCipherCounts(int cipherCount) {
            int[] ciphers = new int[cipherCount];
            for (int i = 0; i < cipherCount; i++) {
                ciphers[i] = i + 1;
            }
            EncryptionNegotiateContext context = new EncryptionNegotiateContext(mockConfig, ciphers);

        }
        cookieNameMap.put(cookieName, roleName);
    }

    /**
     * Sets the cached cipher.
     * @param cipher The cached cipher.
     */
    public void setCipher(final CachedCipher cipher) {
        this.cipher = cipher;
    }

    /**
     * Sets the value separator.
     * @param valueSeparator The value separator.
     */

    }

    @Test
    @DisplayName("Should handle different cipher IDs")
    void testDifferentCipherIds() {
        // Test cipher ID 1 (AES-CCM)
        Smb2EncryptionContext context1 = new Smb2EncryptionContext(1, DialectVersion.SMB311, testEncryptionKey, testDecryptionKey);
        assertEquals(1, context1.getCipherId(), "Should handle cipher ID 1");

        // Test cipher ID 2 (AES-GCM)

            // Assert
            // Note: size() returns 4 + (2*ciphers.length) but encode only writes 2 + (2*ciphers.length)
            // This appears to be a bug in the implementation, but we test the actual behavior
            assertEquals(6, encodedSize); // actual encoded size: 2 bytes count + 2*2 bytes for ciphers
            assertEquals(2, buffer[0]); // cipher count (little endian)
            assertEquals(0, buffer[1]);

                        /* RC4 was not added to Java until 1.5u7 so let's use our own for a little while longer ...
                        try {
                            Cipher rc4 = Cipher.getInstance("RC4");
                            rc4.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(ntlm2SessionKey, "RC4"));
                            rc4.update(masterKey, 0, 16, exchangedKey, 0);

    
    public void saveEncrypted(HandleInfo handle, Path file) throws Exception {
        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        cipher.init(Cipher.ENCRYPT_MODE, encryptionKey);
        
        ByteArrayOutputStream baos = new ByteArrayOutputStream();
        try (CipherOutputStream cos = new CipherOutputStream(baos, cipher);
             ObjectOutputStream oos = new ObjectOutputStream(cos)) {