return metrics;
    }

    /**
     * Generate a unique nonce for encryption following SMB3 specification.
     * Uses SMB3-compliant nonce generation with guaranteed uniqueness.
     *
     * @return nonce appropriate for the dialect (16 bytes for GCM, 12 bytes for CCM)
     */
    public byte[] generateNonce() {
        final byte[] nonce = new byte[isGCMCipher() ? 16 : 12];

        if (isGCMCipher()) {

            byte[] nonce = context.generateNonce();
            assertNotNull(nonce, "Nonce should not be null");
            assertTrue(nonce.length > 0, "Nonce should have length > 0");

            // Convert to string for uniqueness check
            String nonceStr = Arrays.toString(nonce);
            assertFalse(nonces.contains(nonceStr), "Nonce should be unique");
            nonces.add(nonceStr);

  @Test fun testDigestChallengeWithStrictRfc2617Header() {
    val headers =
      Headers
        .Builder()
        .add(
          "WWW-Authenticate",
          "Digest realm=\"myrealm\", nonce=\"fjalskdflwejrlaskdfjlaskdjflaks" +
            "jdflkasdf\", qop=\"auth\", stale=\"FALSE\"",
        ).build()
    val challenges = headers.parseChallenges("WWW-Authenticate")
    assertThat(challenges.size).isEqualTo(1)

        });
    }

    @Test
    @DisplayName("Should handle null nonce")
    void testNullNonce() {
        // When/Then
        assertThrows(NullPointerException.class, () -> {
            transformHeader.setNonce(null);
        });
    }

    @Test
    @DisplayName("Should handle invalid nonce length")
    void testInvalidNonceLength() {
        // Given

     * @param password
     *            The user's password.
     * @param challenge
     *            The server challenge.
     * @param clientChallenge
     *            The client challenge (nonce).
     * @return the calculated response
     * @throws GeneralSecurityException if a cryptographic error occurs
     */

     * @param user The username.
     * @param password The user's password.
     * @param challenge The server challenge.
     * @param clientChallenge The client challenge (nonce).
     * @return the LMv2 response bytes
     */
    public static byte[] getLMv2Response(final String domain, final String user, final String password, final byte[] challenge,
            final byte[] clientChallenge) {

            HMACT64 hmac = new HMACT64(TEST_KEY);
            hmac.engineReset();
            verify(mockMd5, times(2)).reset(); // Once in constructor, once in reset
            verify(mockMd5, times(2)).update(any(byte[].class)); // Once in constructor, once in reset
        }
    }

    @Test
    void testEngineGetDigestLength() throws NoSuchAlgorithmException {
        // Test engineGetDigestLength()

     * or queued.
     */
    @Nullable ExecutionSequencer sequencer;

    /**
     * Executor the task was set to run on. Set to null when the task has been queued, run, or
     * cancelled.
     */
    @Nullable Executor delegate;

    /**
     * Set before calling delegate.execute(); set to null once run, so that it can be GCed; this

     * or queued.
     */
    @Nullable ExecutionSequencer sequencer;

    /**
     * Executor the task was set to run on. Set to null when the task has been queued, run, or
     * cancelled.
     */
    @Nullable Executor delegate;

    /**
     * Set before calling delegate.execute(); set to null once run, so that it can be GCed; this

   * #notifyFailed(Throwable)} instead.
   *
   * <p>This method should return promptly; prefer to do work on a different thread where it is
   * convenient. It is invoked exactly once on service startup, even when {@link #startAsync} is
   * called multiple times.
   */
  @ForOverride
  protected abstract void doStart();

  /**