* Initialize secure credential storage with a master password
     *
     * @param masterPassword the master password for encryption
     * @throws GeneralSecurityException if encryption setup fails
     */
    public SecureCredentialStorage(char[] masterPassword) throws GeneralSecurityException {
        if (masterPassword == null || masterPassword.length == 0) {
            throw new IllegalArgumentException("Master password cannot be null or empty");

     *            the pre-authentication integrity hash (for SMB 3.1.1)
     * @throws GeneralSecurityException
     *             if the signing algorithm cannot be initialized
     *
     */
    public Smb2SigningDigest(final byte[] sessionKey, final int dialect, final byte[] preauthIntegrityHash)
            throws GeneralSecurityException {
        switch (dialect) {
        case Smb2Constants.SMB2_DIALECT_0202:

     * @return the Type 3 message to send to the server
     * @throws GeneralSecurityException if a cryptographic error occurs
     * @throws CIFSException if a CIFS protocol error occurs
     */
    protected Type3Message createType3Message(final Type2Message msg2) throws GeneralSecurityException, CIFSException {
        if (this.auth instanceof NtlmNtHashAuthenticator) {

     * @param clientChallenge the client challenge bytes
     * @return the calculated response
     * @throws GeneralSecurityException if a cryptographic error occurs
     */
    public static byte[] getNTLM2Response(final byte[] passwordHash, final byte[] serverChallenge, final byte[] clientChallenge)
            throws GeneralSecurityException {
        final byte[] sessionHash = new byte[8];

        final MessageDigest md5 = Crypto.getMD5();

     * Perform automatic key rotation using the stored session key following SMB3 key derivation
     *
     * @throws GeneralSecurityException if key rotation fails
     */
    private void performAutomaticKeyRotation() throws GeneralSecurityException {
        if (sessionKey == null) {
            throw new GeneralSecurityException("Session key not available for automatic rotation");
        }

     * @param key the decryption key
     * @param type the encryption type
     * @return the decrypted data
     * @throws GeneralSecurityException if decryption fails
     */
    public static byte[] decrypt(byte[] data, Key key, int type) throws GeneralSecurityException {
        Cipher cipher = null;
        byte[] decrypt = null;

        decrypt = switch (type) {

     * @throws GeneralSecurityException if a cryptographic error occurs
     * @throws CIFSException if a CIFS protocol error occurs
     */
    public Type3Message(final CIFSContext tc, final Type2Message type2, final String targetName, final String password, final String domain,
            final String user, final String workstation, final int flags) throws GeneralSecurityException, CIFSException {

     * @param context key derivation context
     * @param length desired key length in bytes
     * @return derived key
     * @throws GeneralSecurityException if key derivation fails
     */
    public byte[] deriveKey(byte[] baseKey, String label, byte[] context, int length) throws GeneralSecurityException {
        checkNotClosed();

        // Simple KDF implementation (should be replaced with proper KDF like HKDF)

import static org.mockito.Mockito.atLeastOnce;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.verifyNoMoreInteractions;
import static org.mockito.Mockito.when;

import java.security.GeneralSecurityException;
import java.util.Arrays;

import javax.crypto.ShortBufferException;

import org.junit.jupiter.api.DisplayName;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;

     * @return the hash for the given challenge
     * @throws GeneralSecurityException if a security error occurs
     * @deprecated NTLMv1 is insecure. Use NTLMv2 (LM compatibility level 3 or higher)
     */
    @Deprecated
    public byte[] getAnsiHash(CIFSContext tc, byte[] chlng) throws GeneralSecurityException {
        int compatibility = tc.getConfig().getLanManCompatibility();